2008-02-28 02:34:43 +01:00
|
|
|
/*
|
|
|
|
* hostapd - WPA/RSN IE and KDE definitions
|
2018-06-04 14:16:54 +02:00
|
|
|
* Copyright (c) 2004-2018, Jouni Malinen <j@w1.fi>
|
2008-02-28 02:34:43 +01:00
|
|
|
*
|
2012-02-11 15:46:35 +01:00
|
|
|
* This software may be distributed under the terms of the BSD license.
|
|
|
|
* See README for more details.
|
2008-02-28 02:34:43 +01:00
|
|
|
*/
|
|
|
|
|
2009-12-25 23:05:40 +01:00
|
|
|
#include "utils/includes.h"
|
2008-02-28 02:34:43 +01:00
|
|
|
|
2009-12-25 23:05:40 +01:00
|
|
|
#include "utils/common.h"
|
2009-12-25 23:31:51 +01:00
|
|
|
#include "common/ieee802_11_defs.h"
|
2009-11-29 19:03:28 +01:00
|
|
|
#include "eapol_auth/eapol_auth_sm.h"
|
2009-12-25 23:05:40 +01:00
|
|
|
#include "ap_config.h"
|
|
|
|
#include "ieee802_11.h"
|
|
|
|
#include "wpa_auth.h"
|
|
|
|
#include "pmksa_cache_auth.h"
|
2008-02-28 02:34:43 +01:00
|
|
|
#include "wpa_auth_ie.h"
|
|
|
|
#include "wpa_auth_i.h"
|
|
|
|
|
|
|
|
|
2011-03-21 12:59:05 +01:00
|
|
|
#ifdef CONFIG_RSN_TESTING
|
|
|
|
int rsn_testing = 0;
|
|
|
|
#endif /* CONFIG_RSN_TESTING */
|
|
|
|
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
static int wpa_write_wpa_ie(struct wpa_auth_config *conf, u8 *buf, size_t len)
|
|
|
|
{
|
|
|
|
struct wpa_ie_hdr *hdr;
|
|
|
|
int num_suites;
|
|
|
|
u8 *pos, *count;
|
2012-08-30 10:53:54 +02:00
|
|
|
u32 suite;
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
hdr = (struct wpa_ie_hdr *) buf;
|
|
|
|
hdr->elem_id = WLAN_EID_VENDOR_SPECIFIC;
|
|
|
|
RSN_SELECTOR_PUT(hdr->oui, WPA_OUI_TYPE);
|
|
|
|
WPA_PUT_LE16(hdr->version, WPA_VERSION);
|
|
|
|
pos = (u8 *) (hdr + 1);
|
|
|
|
|
2012-08-30 10:53:54 +02:00
|
|
|
suite = wpa_cipher_to_suite(WPA_PROTO_WPA, conf->wpa_group);
|
|
|
|
if (suite == 0) {
|
2008-02-28 02:34:43 +01:00
|
|
|
wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).",
|
|
|
|
conf->wpa_group);
|
|
|
|
return -1;
|
|
|
|
}
|
2012-08-30 10:53:54 +02:00
|
|
|
RSN_SELECTOR_PUT(pos, suite);
|
2008-02-28 02:34:43 +01:00
|
|
|
pos += WPA_SELECTOR_LEN;
|
|
|
|
|
|
|
|
count = pos;
|
|
|
|
pos += 2;
|
|
|
|
|
2012-08-30 10:53:54 +02:00
|
|
|
num_suites = wpa_cipher_put_suites(pos, conf->wpa_pairwise);
|
2008-02-28 02:34:43 +01:00
|
|
|
if (num_suites == 0) {
|
|
|
|
wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).",
|
|
|
|
conf->wpa_pairwise);
|
|
|
|
return -1;
|
|
|
|
}
|
2012-08-30 10:53:54 +02:00
|
|
|
pos += num_suites * WPA_SELECTOR_LEN;
|
2008-02-28 02:34:43 +01:00
|
|
|
WPA_PUT_LE16(count, num_suites);
|
|
|
|
|
|
|
|
num_suites = 0;
|
|
|
|
count = pos;
|
|
|
|
pos += 2;
|
|
|
|
|
|
|
|
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
|
|
|
|
RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X);
|
|
|
|
pos += WPA_SELECTOR_LEN;
|
|
|
|
num_suites++;
|
|
|
|
}
|
|
|
|
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
|
|
|
|
RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X);
|
|
|
|
pos += WPA_SELECTOR_LEN;
|
|
|
|
num_suites++;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (num_suites == 0) {
|
|
|
|
wpa_printf(MSG_DEBUG, "Invalid key management type (%d).",
|
|
|
|
conf->wpa_key_mgmt);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
WPA_PUT_LE16(count, num_suites);
|
|
|
|
|
|
|
|
/* WPA Capabilities; use defaults, so no need to include it */
|
|
|
|
|
|
|
|
hdr->len = (pos - buf) - 2;
|
|
|
|
|
|
|
|
return pos - buf;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
|
|
|
|
const u8 *pmkid)
|
|
|
|
{
|
|
|
|
struct rsn_ie_hdr *hdr;
|
2012-08-30 10:53:54 +02:00
|
|
|
int num_suites, res;
|
2008-02-28 02:34:43 +01:00
|
|
|
u8 *pos, *count;
|
|
|
|
u16 capab;
|
2012-08-30 10:53:54 +02:00
|
|
|
u32 suite;
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
hdr = (struct rsn_ie_hdr *) buf;
|
|
|
|
hdr->elem_id = WLAN_EID_RSN;
|
|
|
|
WPA_PUT_LE16(hdr->version, RSN_VERSION);
|
|
|
|
pos = (u8 *) (hdr + 1);
|
|
|
|
|
2012-08-30 10:53:54 +02:00
|
|
|
suite = wpa_cipher_to_suite(WPA_PROTO_RSN, conf->wpa_group);
|
|
|
|
if (suite == 0) {
|
2008-02-28 02:34:43 +01:00
|
|
|
wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).",
|
|
|
|
conf->wpa_group);
|
|
|
|
return -1;
|
|
|
|
}
|
2012-08-30 10:53:54 +02:00
|
|
|
RSN_SELECTOR_PUT(pos, suite);
|
2008-02-28 02:34:43 +01:00
|
|
|
pos += RSN_SELECTOR_LEN;
|
|
|
|
|
|
|
|
num_suites = 0;
|
|
|
|
count = pos;
|
|
|
|
pos += 2;
|
|
|
|
|
2011-03-21 12:59:05 +01:00
|
|
|
#ifdef CONFIG_RSN_TESTING
|
|
|
|
if (rsn_testing) {
|
|
|
|
RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 1));
|
|
|
|
pos += RSN_SELECTOR_LEN;
|
|
|
|
num_suites++;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_RSN_TESTING */
|
|
|
|
|
2012-08-30 10:53:54 +02:00
|
|
|
res = rsn_cipher_put_suites(pos, conf->rsn_pairwise);
|
|
|
|
num_suites += res;
|
|
|
|
pos += res * RSN_SELECTOR_LEN;
|
2008-02-28 02:34:43 +01:00
|
|
|
|
2011-03-21 12:59:05 +01:00
|
|
|
#ifdef CONFIG_RSN_TESTING
|
|
|
|
if (rsn_testing) {
|
|
|
|
RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 2));
|
|
|
|
pos += RSN_SELECTOR_LEN;
|
|
|
|
num_suites++;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_RSN_TESTING */
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
if (num_suites == 0) {
|
|
|
|
wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).",
|
|
|
|
conf->rsn_pairwise);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
WPA_PUT_LE16(count, num_suites);
|
|
|
|
|
|
|
|
num_suites = 0;
|
|
|
|
count = pos;
|
|
|
|
pos += 2;
|
|
|
|
|
2011-03-21 12:59:05 +01:00
|
|
|
#ifdef CONFIG_RSN_TESTING
|
|
|
|
if (rsn_testing) {
|
|
|
|
RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 1));
|
|
|
|
pos += RSN_SELECTOR_LEN;
|
|
|
|
num_suites++;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_RSN_TESTING */
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
|
|
|
|
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X);
|
|
|
|
pos += RSN_SELECTOR_LEN;
|
|
|
|
num_suites++;
|
|
|
|
}
|
|
|
|
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
|
|
|
|
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X);
|
|
|
|
pos += RSN_SELECTOR_LEN;
|
|
|
|
num_suites++;
|
|
|
|
}
|
2016-10-27 14:18:32 +02:00
|
|
|
#ifdef CONFIG_IEEE80211R_AP
|
2008-02-28 02:34:43 +01:00
|
|
|
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) {
|
|
|
|
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X);
|
|
|
|
pos += RSN_SELECTOR_LEN;
|
|
|
|
num_suites++;
|
|
|
|
}
|
2018-06-04 14:16:54 +02:00
|
|
|
#ifdef CONFIG_SHA384
|
|
|
|
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384) {
|
|
|
|
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X_SHA384);
|
|
|
|
pos += RSN_SELECTOR_LEN;
|
|
|
|
num_suites++;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_SHA384 */
|
2008-02-28 02:34:43 +01:00
|
|
|
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_PSK) {
|
|
|
|
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_PSK);
|
|
|
|
pos += RSN_SELECTOR_LEN;
|
|
|
|
num_suites++;
|
|
|
|
}
|
2016-10-27 14:18:32 +02:00
|
|
|
#endif /* CONFIG_IEEE80211R_AP */
|
2008-08-31 21:57:28 +02:00
|
|
|
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256) {
|
|
|
|
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SHA256);
|
|
|
|
pos += RSN_SELECTOR_LEN;
|
|
|
|
num_suites++;
|
|
|
|
}
|
|
|
|
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK_SHA256) {
|
|
|
|
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_SHA256);
|
|
|
|
pos += RSN_SELECTOR_LEN;
|
|
|
|
num_suites++;
|
|
|
|
}
|
2012-09-30 18:51:07 +02:00
|
|
|
#ifdef CONFIG_SAE
|
|
|
|
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_SAE) {
|
|
|
|
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_SAE);
|
|
|
|
pos += RSN_SELECTOR_LEN;
|
|
|
|
num_suites++;
|
|
|
|
}
|
|
|
|
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_SAE) {
|
|
|
|
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_SAE);
|
|
|
|
pos += RSN_SELECTOR_LEN;
|
|
|
|
num_suites++;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_SAE */
|
2014-11-16 12:20:51 +01:00
|
|
|
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B) {
|
|
|
|
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SUITE_B);
|
|
|
|
pos += RSN_SELECTOR_LEN;
|
|
|
|
num_suites++;
|
|
|
|
}
|
2015-01-25 22:32:01 +01:00
|
|
|
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
|
|
|
|
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192);
|
|
|
|
pos += RSN_SELECTOR_LEN;
|
|
|
|
num_suites++;
|
|
|
|
}
|
2015-09-01 16:50:04 +02:00
|
|
|
#ifdef CONFIG_FILS
|
|
|
|
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FILS_SHA256) {
|
|
|
|
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FILS_SHA256);
|
|
|
|
pos += RSN_SELECTOR_LEN;
|
|
|
|
num_suites++;
|
|
|
|
}
|
|
|
|
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FILS_SHA384) {
|
|
|
|
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FILS_SHA384);
|
|
|
|
pos += RSN_SELECTOR_LEN;
|
|
|
|
num_suites++;
|
|
|
|
}
|
2016-10-27 14:18:32 +02:00
|
|
|
#ifdef CONFIG_IEEE80211R_AP
|
2015-09-01 16:50:04 +02:00
|
|
|
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256) {
|
|
|
|
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_FILS_SHA256);
|
|
|
|
pos += RSN_SELECTOR_LEN;
|
|
|
|
num_suites++;
|
|
|
|
}
|
|
|
|
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384) {
|
|
|
|
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_FILS_SHA384);
|
|
|
|
pos += RSN_SELECTOR_LEN;
|
|
|
|
num_suites++;
|
|
|
|
}
|
2016-10-27 14:18:32 +02:00
|
|
|
#endif /* CONFIG_IEEE80211R_AP */
|
2015-09-01 16:50:04 +02:00
|
|
|
#endif /* CONFIG_FILS */
|
2017-03-11 23:32:23 +01:00
|
|
|
#ifdef CONFIG_OWE
|
|
|
|
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) {
|
|
|
|
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_OWE);
|
|
|
|
pos += RSN_SELECTOR_LEN;
|
|
|
|
num_suites++;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_OWE */
|
2017-06-17 22:48:52 +02:00
|
|
|
#ifdef CONFIG_DPP
|
|
|
|
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_DPP) {
|
|
|
|
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_DPP);
|
|
|
|
pos += RSN_SELECTOR_LEN;
|
|
|
|
num_suites++;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_DPP */
|
2018-05-29 19:09:53 +02:00
|
|
|
#ifdef CONFIG_HS20
|
|
|
|
if (conf->wpa_key_mgmt & WPA_KEY_MGMT_OSEN) {
|
|
|
|
RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_OSEN);
|
|
|
|
pos += RSN_SELECTOR_LEN;
|
|
|
|
num_suites++;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_HS20 */
|
2008-02-28 02:34:43 +01:00
|
|
|
|
2011-03-21 12:59:05 +01:00
|
|
|
#ifdef CONFIG_RSN_TESTING
|
|
|
|
if (rsn_testing) {
|
|
|
|
RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 2));
|
|
|
|
pos += RSN_SELECTOR_LEN;
|
|
|
|
num_suites++;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_RSN_TESTING */
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
if (num_suites == 0) {
|
|
|
|
wpa_printf(MSG_DEBUG, "Invalid key management type (%d).",
|
|
|
|
conf->wpa_key_mgmt);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
WPA_PUT_LE16(count, num_suites);
|
|
|
|
|
|
|
|
/* RSN Capabilities */
|
|
|
|
capab = 0;
|
|
|
|
if (conf->rsn_preauth)
|
|
|
|
capab |= WPA_CAPABILITY_PREAUTH;
|
2009-03-04 11:33:24 +01:00
|
|
|
if (conf->wmm_enabled) {
|
|
|
|
/* 4 PTKSA replay counters when using WMM */
|
2008-02-28 02:34:43 +01:00
|
|
|
capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
|
|
|
|
}
|
2010-01-03 20:02:51 +01:00
|
|
|
if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
|
2008-08-30 13:59:39 +02:00
|
|
|
capab |= WPA_CAPABILITY_MFPC;
|
2010-01-03 20:02:51 +01:00
|
|
|
if (conf->ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED)
|
2008-08-30 13:59:39 +02:00
|
|
|
capab |= WPA_CAPABILITY_MFPR;
|
|
|
|
}
|
2018-08-06 21:46:25 +02:00
|
|
|
#ifdef CONFIG_OCV
|
|
|
|
if (conf->ocv)
|
|
|
|
capab |= WPA_CAPABILITY_OCVC;
|
|
|
|
#endif /* CONFIG_OCV */
|
2011-03-21 12:59:05 +01:00
|
|
|
#ifdef CONFIG_RSN_TESTING
|
|
|
|
if (rsn_testing)
|
2018-08-06 21:46:25 +02:00
|
|
|
capab |= BIT(8) | BIT(15);
|
2011-03-21 12:59:05 +01:00
|
|
|
#endif /* CONFIG_RSN_TESTING */
|
2020-03-20 20:04:31 +01:00
|
|
|
if (conf->extended_key_id)
|
|
|
|
capab |= WPA_CAPABILITY_EXT_KEY_ID_FOR_UNICAST;
|
2008-02-28 02:34:43 +01:00
|
|
|
WPA_PUT_LE16(pos, capab);
|
|
|
|
pos += 2;
|
|
|
|
|
|
|
|
if (pmkid) {
|
2015-10-18 17:43:44 +02:00
|
|
|
if (2 + PMKID_LEN > buf + len - pos)
|
2008-02-28 02:34:43 +01:00
|
|
|
return -1;
|
|
|
|
/* PMKID Count */
|
|
|
|
WPA_PUT_LE16(pos, 1);
|
|
|
|
pos += 2;
|
|
|
|
os_memcpy(pos, pmkid, PMKID_LEN);
|
|
|
|
pos += PMKID_LEN;
|
|
|
|
}
|
|
|
|
|
2015-08-06 15:41:38 +02:00
|
|
|
if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION &&
|
|
|
|
conf->group_mgmt_cipher != WPA_CIPHER_AES_128_CMAC) {
|
2015-10-18 17:43:44 +02:00
|
|
|
if (2 + 4 > buf + len - pos)
|
2008-02-28 02:34:43 +01:00
|
|
|
return -1;
|
|
|
|
if (pmkid == NULL) {
|
|
|
|
/* PMKID Count */
|
|
|
|
WPA_PUT_LE16(pos, 0);
|
|
|
|
pos += 2;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Management Group Cipher Suite */
|
2014-03-12 19:26:37 +01:00
|
|
|
switch (conf->group_mgmt_cipher) {
|
|
|
|
case WPA_CIPHER_AES_128_CMAC:
|
|
|
|
RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
|
|
|
|
break;
|
|
|
|
case WPA_CIPHER_BIP_GMAC_128:
|
|
|
|
RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_BIP_GMAC_128);
|
|
|
|
break;
|
|
|
|
case WPA_CIPHER_BIP_GMAC_256:
|
|
|
|
RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_BIP_GMAC_256);
|
|
|
|
break;
|
|
|
|
case WPA_CIPHER_BIP_CMAC_256:
|
|
|
|
RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_BIP_CMAC_256);
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"Invalid group management cipher (0x%x)",
|
|
|
|
conf->group_mgmt_cipher);
|
|
|
|
return -1;
|
|
|
|
}
|
2008-02-28 02:34:43 +01:00
|
|
|
pos += RSN_SELECTOR_LEN;
|
|
|
|
}
|
|
|
|
|
2011-03-21 12:59:05 +01:00
|
|
|
#ifdef CONFIG_RSN_TESTING
|
|
|
|
if (rsn_testing) {
|
|
|
|
/*
|
|
|
|
* Fill in any defined fields and add extra data to the end of
|
|
|
|
* the element.
|
|
|
|
*/
|
|
|
|
int pmkid_count_set = pmkid != NULL;
|
|
|
|
if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION)
|
|
|
|
pmkid_count_set = 1;
|
|
|
|
/* PMKID Count */
|
|
|
|
WPA_PUT_LE16(pos, 0);
|
|
|
|
pos += 2;
|
|
|
|
if (conf->ieee80211w == NO_MGMT_FRAME_PROTECTION) {
|
|
|
|
/* Management Group Cipher Suite */
|
|
|
|
RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
|
|
|
|
pos += RSN_SELECTOR_LEN;
|
|
|
|
}
|
|
|
|
|
|
|
|
os_memset(pos, 0x12, 17);
|
|
|
|
pos += 17;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_RSN_TESTING */
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
hdr->len = (pos - buf) - 2;
|
|
|
|
|
|
|
|
return pos - buf;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2019-09-05 11:05:58 +02:00
|
|
|
int wpa_write_rsnxe(struct wpa_auth_config *conf, u8 *buf, size_t len)
|
|
|
|
{
|
|
|
|
u8 *pos = buf;
|
|
|
|
|
|
|
|
if (conf->sae_pwe != 1 && conf->sae_pwe != 2)
|
|
|
|
return 0; /* no supported extended RSN capabilities */
|
|
|
|
|
|
|
|
if (len < 3)
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
*pos++ = WLAN_EID_RSNX;
|
|
|
|
*pos++ = 1;
|
|
|
|
/* bits 0-3 = 0 since only one octet of Extended RSN Capabilities is
|
|
|
|
* used for now */
|
|
|
|
*pos++ = BIT(WLAN_RSNX_CAPAB_SAE_H2E);
|
|
|
|
|
|
|
|
return pos - buf;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2013-07-23 20:25:21 +02:00
|
|
|
static u8 * wpa_write_osen(struct wpa_auth_config *conf, u8 *eid)
|
|
|
|
{
|
|
|
|
u8 *len;
|
|
|
|
u16 capab;
|
|
|
|
|
|
|
|
*eid++ = WLAN_EID_VENDOR_SPECIFIC;
|
|
|
|
len = eid++; /* to be filled */
|
|
|
|
WPA_PUT_BE24(eid, OUI_WFA);
|
|
|
|
eid += 3;
|
|
|
|
*eid++ = HS20_OSEN_OUI_TYPE;
|
|
|
|
|
|
|
|
/* Group Data Cipher Suite */
|
|
|
|
RSN_SELECTOR_PUT(eid, RSN_CIPHER_SUITE_NO_GROUP_ADDRESSED);
|
|
|
|
eid += RSN_SELECTOR_LEN;
|
|
|
|
|
|
|
|
/* Pairwise Cipher Suite Count and List */
|
|
|
|
WPA_PUT_LE16(eid, 1);
|
|
|
|
eid += 2;
|
|
|
|
RSN_SELECTOR_PUT(eid, RSN_CIPHER_SUITE_CCMP);
|
|
|
|
eid += RSN_SELECTOR_LEN;
|
|
|
|
|
|
|
|
/* AKM Suite Count and List */
|
|
|
|
WPA_PUT_LE16(eid, 1);
|
|
|
|
eid += 2;
|
|
|
|
RSN_SELECTOR_PUT(eid, RSN_AUTH_KEY_MGMT_OSEN);
|
|
|
|
eid += RSN_SELECTOR_LEN;
|
|
|
|
|
|
|
|
/* RSN Capabilities */
|
|
|
|
capab = 0;
|
|
|
|
if (conf->wmm_enabled) {
|
|
|
|
/* 4 PTKSA replay counters when using WMM */
|
|
|
|
capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
|
|
|
|
}
|
|
|
|
if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
|
|
|
|
capab |= WPA_CAPABILITY_MFPC;
|
|
|
|
if (conf->ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED)
|
|
|
|
capab |= WPA_CAPABILITY_MFPR;
|
|
|
|
}
|
2018-08-06 21:46:25 +02:00
|
|
|
#ifdef CONFIG_OCV
|
|
|
|
if (conf->ocv)
|
|
|
|
capab |= WPA_CAPABILITY_OCVC;
|
|
|
|
#endif /* CONFIG_OCV */
|
2013-07-23 20:25:21 +02:00
|
|
|
WPA_PUT_LE16(eid, capab);
|
|
|
|
eid += 2;
|
|
|
|
|
|
|
|
*len = eid - len - 1;
|
|
|
|
|
|
|
|
return eid;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
int wpa_auth_gen_wpa_ie(struct wpa_authenticator *wpa_auth)
|
|
|
|
{
|
|
|
|
u8 *pos, buf[128];
|
|
|
|
int res;
|
|
|
|
|
2015-08-08 17:18:03 +02:00
|
|
|
#ifdef CONFIG_TESTING_OPTIONS
|
|
|
|
if (wpa_auth->conf.own_ie_override_len) {
|
|
|
|
wpa_hexdump(MSG_DEBUG, "WPA: Forced own IE(s) for testing",
|
|
|
|
wpa_auth->conf.own_ie_override,
|
|
|
|
wpa_auth->conf.own_ie_override_len);
|
|
|
|
os_free(wpa_auth->wpa_ie);
|
|
|
|
wpa_auth->wpa_ie =
|
|
|
|
os_malloc(wpa_auth->conf.own_ie_override_len);
|
|
|
|
if (wpa_auth->wpa_ie == NULL)
|
|
|
|
return -1;
|
|
|
|
os_memcpy(wpa_auth->wpa_ie, wpa_auth->conf.own_ie_override,
|
|
|
|
wpa_auth->conf.own_ie_override_len);
|
|
|
|
wpa_auth->wpa_ie_len = wpa_auth->conf.own_ie_override_len;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_TESTING_OPTIONS */
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
pos = buf;
|
|
|
|
|
2013-07-23 20:25:21 +02:00
|
|
|
if (wpa_auth->conf.wpa == WPA_PROTO_OSEN) {
|
|
|
|
pos = wpa_write_osen(&wpa_auth->conf, pos);
|
|
|
|
}
|
2008-02-28 02:34:43 +01:00
|
|
|
if (wpa_auth->conf.wpa & WPA_PROTO_RSN) {
|
|
|
|
res = wpa_write_rsn_ie(&wpa_auth->conf,
|
|
|
|
pos, buf + sizeof(buf) - pos, NULL);
|
|
|
|
if (res < 0)
|
|
|
|
return res;
|
|
|
|
pos += res;
|
2019-09-05 11:05:58 +02:00
|
|
|
res = wpa_write_rsnxe(&wpa_auth->conf, pos,
|
|
|
|
buf + sizeof(buf) - pos);
|
|
|
|
if (res < 0)
|
|
|
|
return res;
|
|
|
|
pos += res;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
2016-10-27 14:18:32 +02:00
|
|
|
#ifdef CONFIG_IEEE80211R_AP
|
2011-11-24 21:46:14 +01:00
|
|
|
if (wpa_key_mgmt_ft(wpa_auth->conf.wpa_key_mgmt)) {
|
2008-02-28 02:34:43 +01:00
|
|
|
res = wpa_write_mdie(&wpa_auth->conf, pos,
|
|
|
|
buf + sizeof(buf) - pos);
|
|
|
|
if (res < 0)
|
|
|
|
return res;
|
|
|
|
pos += res;
|
|
|
|
}
|
2016-10-27 14:18:32 +02:00
|
|
|
#endif /* CONFIG_IEEE80211R_AP */
|
2008-02-28 02:34:43 +01:00
|
|
|
if (wpa_auth->conf.wpa & WPA_PROTO_WPA) {
|
|
|
|
res = wpa_write_wpa_ie(&wpa_auth->conf,
|
|
|
|
pos, buf + sizeof(buf) - pos);
|
|
|
|
if (res < 0)
|
|
|
|
return res;
|
|
|
|
pos += res;
|
|
|
|
}
|
|
|
|
|
|
|
|
os_free(wpa_auth->wpa_ie);
|
|
|
|
wpa_auth->wpa_ie = os_malloc(pos - buf);
|
|
|
|
if (wpa_auth->wpa_ie == NULL)
|
|
|
|
return -1;
|
|
|
|
os_memcpy(wpa_auth->wpa_ie, buf, pos - buf);
|
|
|
|
wpa_auth->wpa_ie_len = pos - buf;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
u8 * wpa_add_kde(u8 *pos, u32 kde, const u8 *data, size_t data_len,
|
|
|
|
const u8 *data2, size_t data2_len)
|
|
|
|
{
|
|
|
|
*pos++ = WLAN_EID_VENDOR_SPECIFIC;
|
|
|
|
*pos++ = RSN_SELECTOR_LEN + data_len + data2_len;
|
|
|
|
RSN_SELECTOR_PUT(pos, kde);
|
|
|
|
pos += RSN_SELECTOR_LEN;
|
|
|
|
os_memcpy(pos, data, data_len);
|
|
|
|
pos += data_len;
|
|
|
|
if (data2) {
|
|
|
|
os_memcpy(pos, data2, data2_len);
|
|
|
|
pos += data2_len;
|
|
|
|
}
|
|
|
|
return pos;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2008-08-03 19:17:58 +02:00
|
|
|
struct wpa_auth_okc_iter_data {
|
|
|
|
struct rsn_pmksa_cache_entry *pmksa;
|
|
|
|
const u8 *aa;
|
|
|
|
const u8 *spa;
|
|
|
|
const u8 *pmkid;
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
static int wpa_auth_okc_iter(struct wpa_authenticator *a, void *ctx)
|
|
|
|
{
|
|
|
|
struct wpa_auth_okc_iter_data *data = ctx;
|
|
|
|
data->pmksa = pmksa_cache_get_okc(a->pmksa, data->aa, data->spa,
|
|
|
|
data->pmkid);
|
|
|
|
if (data->pmksa)
|
|
|
|
return 1;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2020-03-28 11:22:28 +01:00
|
|
|
enum wpa_validate_result
|
|
|
|
wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
|
|
|
|
struct wpa_state_machine *sm, int freq,
|
|
|
|
const u8 *wpa_ie, size_t wpa_ie_len,
|
|
|
|
const u8 *rsnxe, size_t rsnxe_len,
|
|
|
|
const u8 *mdie, size_t mdie_len,
|
|
|
|
const u8 *owe_dh, size_t owe_dh_len)
|
2008-02-28 02:34:43 +01:00
|
|
|
{
|
2020-03-20 20:04:31 +01:00
|
|
|
struct wpa_auth_config *conf = &wpa_auth->conf;
|
2008-02-28 02:34:43 +01:00
|
|
|
struct wpa_ie_data data;
|
|
|
|
int ciphers, key_mgmt, res, version;
|
|
|
|
u32 selector;
|
|
|
|
size_t i;
|
2008-08-03 19:17:58 +02:00
|
|
|
const u8 *pmkid = NULL;
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
if (wpa_auth == NULL || sm == NULL)
|
|
|
|
return WPA_NOT_ENABLED;
|
|
|
|
|
|
|
|
if (wpa_ie == NULL || wpa_ie_len < 1)
|
|
|
|
return WPA_INVALID_IE;
|
|
|
|
|
|
|
|
if (wpa_ie[0] == WLAN_EID_RSN)
|
|
|
|
version = WPA_PROTO_RSN;
|
|
|
|
else
|
|
|
|
version = WPA_PROTO_WPA;
|
|
|
|
|
2008-10-15 05:34:39 +02:00
|
|
|
if (!(wpa_auth->conf.wpa & version)) {
|
|
|
|
wpa_printf(MSG_DEBUG, "Invalid WPA proto (%d) from " MACSTR,
|
|
|
|
version, MAC2STR(sm->addr));
|
|
|
|
return WPA_INVALID_PROTO;
|
|
|
|
}
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
if (version == WPA_PROTO_RSN) {
|
|
|
|
res = wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, &data);
|
2019-02-06 11:33:35 +01:00
|
|
|
if (!data.has_pairwise)
|
|
|
|
data.pairwise_cipher = wpa_default_rsn_cipher(freq);
|
|
|
|
if (!data.has_group)
|
|
|
|
data.group_cipher = wpa_default_rsn_cipher(freq);
|
2008-02-28 02:34:43 +01:00
|
|
|
|
2018-03-05 15:37:10 +01:00
|
|
|
if (wpa_key_mgmt_ft(data.key_mgmt) && !mdie &&
|
|
|
|
!wpa_key_mgmt_only_ft(data.key_mgmt)) {
|
|
|
|
/* Workaround for some HP and Epson printers that seem
|
|
|
|
* to incorrectly copy the FT-PSK + WPA-PSK AKMs from AP
|
|
|
|
* advertised RSNE to Association Request frame. */
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"RSN: FT set in RSNE AKM but MDE is missing from "
|
|
|
|
MACSTR
|
|
|
|
" - ignore FT AKM(s) because there's also a non-FT AKM",
|
|
|
|
MAC2STR(sm->addr));
|
|
|
|
data.key_mgmt &= ~WPA_KEY_MGMT_FT;
|
|
|
|
}
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
|
|
|
|
if (0) {
|
|
|
|
}
|
2015-01-25 22:32:01 +01:00
|
|
|
else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
|
|
|
|
selector = RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192;
|
2014-11-16 12:20:51 +01:00
|
|
|
else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B)
|
|
|
|
selector = RSN_AUTH_KEY_MGMT_802_1X_SUITE_B;
|
2015-09-02 14:58:23 +02:00
|
|
|
#ifdef CONFIG_FILS
|
2016-10-27 14:18:32 +02:00
|
|
|
#ifdef CONFIG_IEEE80211R_AP
|
2015-09-02 14:58:23 +02:00
|
|
|
else if (data.key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384)
|
|
|
|
selector = RSN_AUTH_KEY_MGMT_FT_FILS_SHA384;
|
|
|
|
else if (data.key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256)
|
|
|
|
selector = RSN_AUTH_KEY_MGMT_FT_FILS_SHA256;
|
2016-10-27 14:18:32 +02:00
|
|
|
#endif /* CONFIG_IEEE80211R_AP */
|
2015-09-02 14:58:23 +02:00
|
|
|
else if (data.key_mgmt & WPA_KEY_MGMT_FILS_SHA384)
|
|
|
|
selector = RSN_AUTH_KEY_MGMT_FILS_SHA384;
|
|
|
|
else if (data.key_mgmt & WPA_KEY_MGMT_FILS_SHA256)
|
|
|
|
selector = RSN_AUTH_KEY_MGMT_FILS_SHA256;
|
|
|
|
#endif /* CONFIG_FILS */
|
2016-10-27 14:18:32 +02:00
|
|
|
#ifdef CONFIG_IEEE80211R_AP
|
2018-06-04 14:16:54 +02:00
|
|
|
#ifdef CONFIG_SHA384
|
|
|
|
else if (data.key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384)
|
|
|
|
selector = RSN_AUTH_KEY_MGMT_FT_802_1X_SHA384;
|
|
|
|
#endif /* CONFIG_SHA384 */
|
2008-02-28 02:34:43 +01:00
|
|
|
else if (data.key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
|
|
|
|
selector = RSN_AUTH_KEY_MGMT_FT_802_1X;
|
|
|
|
else if (data.key_mgmt & WPA_KEY_MGMT_FT_PSK)
|
|
|
|
selector = RSN_AUTH_KEY_MGMT_FT_PSK;
|
2016-10-27 14:18:32 +02:00
|
|
|
#endif /* CONFIG_IEEE80211R_AP */
|
2008-08-31 21:57:28 +02:00
|
|
|
else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256)
|
|
|
|
selector = RSN_AUTH_KEY_MGMT_802_1X_SHA256;
|
|
|
|
else if (data.key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
|
|
|
|
selector = RSN_AUTH_KEY_MGMT_PSK_SHA256;
|
2012-09-30 18:51:07 +02:00
|
|
|
#ifdef CONFIG_SAE
|
|
|
|
else if (data.key_mgmt & WPA_KEY_MGMT_SAE)
|
|
|
|
selector = RSN_AUTH_KEY_MGMT_SAE;
|
|
|
|
else if (data.key_mgmt & WPA_KEY_MGMT_FT_SAE)
|
|
|
|
selector = RSN_AUTH_KEY_MGMT_FT_SAE;
|
|
|
|
#endif /* CONFIG_SAE */
|
2008-02-28 02:34:43 +01:00
|
|
|
else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
|
|
|
|
selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
|
|
|
|
else if (data.key_mgmt & WPA_KEY_MGMT_PSK)
|
|
|
|
selector = RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X;
|
2017-03-11 23:32:23 +01:00
|
|
|
#ifdef CONFIG_OWE
|
|
|
|
else if (data.key_mgmt & WPA_KEY_MGMT_OWE)
|
|
|
|
selector = RSN_AUTH_KEY_MGMT_OWE;
|
|
|
|
#endif /* CONFIG_OWE */
|
2017-06-17 22:48:52 +02:00
|
|
|
#ifdef CONFIG_DPP
|
|
|
|
else if (data.key_mgmt & WPA_KEY_MGMT_DPP)
|
|
|
|
selector = RSN_AUTH_KEY_MGMT_DPP;
|
|
|
|
#endif /* CONFIG_DPP */
|
2018-05-29 19:09:53 +02:00
|
|
|
#ifdef CONFIG_HS20
|
|
|
|
else if (data.key_mgmt & WPA_KEY_MGMT_OSEN)
|
|
|
|
selector = RSN_AUTH_KEY_MGMT_OSEN;
|
|
|
|
#endif /* CONFIG_HS20 */
|
2008-02-28 02:34:43 +01:00
|
|
|
wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector;
|
|
|
|
|
2012-08-30 10:53:54 +02:00
|
|
|
selector = wpa_cipher_to_suite(WPA_PROTO_RSN,
|
|
|
|
data.pairwise_cipher);
|
|
|
|
if (!selector)
|
2008-02-28 02:34:43 +01:00
|
|
|
selector = RSN_CIPHER_SUITE_CCMP;
|
|
|
|
wpa_auth->dot11RSNAPairwiseCipherSelected = selector;
|
|
|
|
|
2012-08-30 10:53:54 +02:00
|
|
|
selector = wpa_cipher_to_suite(WPA_PROTO_RSN,
|
|
|
|
data.group_cipher);
|
|
|
|
if (!selector)
|
2008-02-28 02:34:43 +01:00
|
|
|
selector = RSN_CIPHER_SUITE_CCMP;
|
|
|
|
wpa_auth->dot11RSNAGroupCipherSelected = selector;
|
|
|
|
} else {
|
|
|
|
res = wpa_parse_wpa_ie_wpa(wpa_ie, wpa_ie_len, &data);
|
|
|
|
|
|
|
|
selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
|
|
|
|
if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
|
|
|
|
selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
|
|
|
|
else if (data.key_mgmt & WPA_KEY_MGMT_PSK)
|
|
|
|
selector = WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X;
|
|
|
|
wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector;
|
|
|
|
|
2012-08-30 10:53:54 +02:00
|
|
|
selector = wpa_cipher_to_suite(WPA_PROTO_WPA,
|
|
|
|
data.pairwise_cipher);
|
|
|
|
if (!selector)
|
|
|
|
selector = RSN_CIPHER_SUITE_TKIP;
|
2008-02-28 02:34:43 +01:00
|
|
|
wpa_auth->dot11RSNAPairwiseCipherSelected = selector;
|
|
|
|
|
2012-08-30 10:53:54 +02:00
|
|
|
selector = wpa_cipher_to_suite(WPA_PROTO_WPA,
|
|
|
|
data.group_cipher);
|
|
|
|
if (!selector)
|
2008-02-28 02:34:43 +01:00
|
|
|
selector = WPA_CIPHER_SUITE_TKIP;
|
|
|
|
wpa_auth->dot11RSNAGroupCipherSelected = selector;
|
|
|
|
}
|
|
|
|
if (res) {
|
|
|
|
wpa_printf(MSG_DEBUG, "Failed to parse WPA/RSN IE from "
|
|
|
|
MACSTR " (res=%d)", MAC2STR(sm->addr), res);
|
|
|
|
wpa_hexdump(MSG_DEBUG, "WPA/RSN IE", wpa_ie, wpa_ie_len);
|
|
|
|
return WPA_INVALID_IE;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (data.group_cipher != wpa_auth->conf.wpa_group) {
|
|
|
|
wpa_printf(MSG_DEBUG, "Invalid WPA group cipher (0x%x) from "
|
|
|
|
MACSTR, data.group_cipher, MAC2STR(sm->addr));
|
|
|
|
return WPA_INVALID_GROUP;
|
|
|
|
}
|
|
|
|
|
|
|
|
key_mgmt = data.key_mgmt & wpa_auth->conf.wpa_key_mgmt;
|
|
|
|
if (!key_mgmt) {
|
|
|
|
wpa_printf(MSG_DEBUG, "Invalid WPA key mgmt (0x%x) from "
|
|
|
|
MACSTR, data.key_mgmt, MAC2STR(sm->addr));
|
|
|
|
return WPA_INVALID_AKMP;
|
|
|
|
}
|
|
|
|
if (0) {
|
|
|
|
}
|
2015-01-25 22:32:01 +01:00
|
|
|
else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
|
|
|
|
sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B_192;
|
2014-11-16 12:20:51 +01:00
|
|
|
else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B)
|
|
|
|
sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B;
|
2015-09-02 14:58:23 +02:00
|
|
|
#ifdef CONFIG_FILS
|
2016-10-27 14:18:32 +02:00
|
|
|
#ifdef CONFIG_IEEE80211R_AP
|
2015-09-02 14:58:23 +02:00
|
|
|
else if (key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384)
|
|
|
|
sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384;
|
|
|
|
else if (data.key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256)
|
|
|
|
sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256;
|
2016-10-27 14:18:32 +02:00
|
|
|
#endif /* CONFIG_IEEE80211R_AP */
|
2015-09-02 14:58:23 +02:00
|
|
|
else if (key_mgmt & WPA_KEY_MGMT_FILS_SHA384)
|
|
|
|
sm->wpa_key_mgmt = WPA_KEY_MGMT_FILS_SHA384;
|
|
|
|
else if (key_mgmt & WPA_KEY_MGMT_FILS_SHA256)
|
|
|
|
sm->wpa_key_mgmt = WPA_KEY_MGMT_FILS_SHA256;
|
|
|
|
#endif /* CONFIG_FILS */
|
2016-10-27 14:18:32 +02:00
|
|
|
#ifdef CONFIG_IEEE80211R_AP
|
2018-06-04 14:16:54 +02:00
|
|
|
#ifdef CONFIG_SHA384
|
|
|
|
else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384)
|
|
|
|
sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
|
|
|
|
#endif /* CONFIG_SHA384 */
|
2008-02-28 02:34:43 +01:00
|
|
|
else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
|
|
|
|
sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
|
|
|
|
else if (key_mgmt & WPA_KEY_MGMT_FT_PSK)
|
|
|
|
sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_PSK;
|
2016-10-27 14:18:32 +02:00
|
|
|
#endif /* CONFIG_IEEE80211R_AP */
|
2008-08-31 21:57:28 +02:00
|
|
|
else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256)
|
|
|
|
sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
|
|
|
|
else if (key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
|
|
|
|
sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
|
2012-09-30 18:51:07 +02:00
|
|
|
#ifdef CONFIG_SAE
|
|
|
|
else if (key_mgmt & WPA_KEY_MGMT_SAE)
|
|
|
|
sm->wpa_key_mgmt = WPA_KEY_MGMT_SAE;
|
|
|
|
else if (key_mgmt & WPA_KEY_MGMT_FT_SAE)
|
|
|
|
sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_SAE;
|
|
|
|
#endif /* CONFIG_SAE */
|
2008-02-28 02:34:43 +01:00
|
|
|
else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X)
|
|
|
|
sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X;
|
2017-03-11 23:32:23 +01:00
|
|
|
#ifdef CONFIG_OWE
|
|
|
|
else if (key_mgmt & WPA_KEY_MGMT_OWE)
|
|
|
|
sm->wpa_key_mgmt = WPA_KEY_MGMT_OWE;
|
|
|
|
#endif /* CONFIG_OWE */
|
2017-06-17 22:48:52 +02:00
|
|
|
#ifdef CONFIG_DPP
|
|
|
|
else if (key_mgmt & WPA_KEY_MGMT_DPP)
|
|
|
|
sm->wpa_key_mgmt = WPA_KEY_MGMT_DPP;
|
|
|
|
#endif /* CONFIG_DPP */
|
2018-05-29 19:09:53 +02:00
|
|
|
#ifdef CONFIG_HS20
|
|
|
|
else if (key_mgmt & WPA_KEY_MGMT_OSEN)
|
|
|
|
sm->wpa_key_mgmt = WPA_KEY_MGMT_OSEN;
|
|
|
|
#endif /* CONFIG_HS20 */
|
2008-02-28 02:34:43 +01:00
|
|
|
else
|
|
|
|
sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
|
|
|
|
|
|
|
|
if (version == WPA_PROTO_RSN)
|
|
|
|
ciphers = data.pairwise_cipher & wpa_auth->conf.rsn_pairwise;
|
|
|
|
else
|
|
|
|
ciphers = data.pairwise_cipher & wpa_auth->conf.wpa_pairwise;
|
|
|
|
if (!ciphers) {
|
|
|
|
wpa_printf(MSG_DEBUG, "Invalid %s pairwise cipher (0x%x) "
|
|
|
|
"from " MACSTR,
|
|
|
|
version == WPA_PROTO_RSN ? "RSN" : "WPA",
|
|
|
|
data.pairwise_cipher, MAC2STR(sm->addr));
|
|
|
|
return WPA_INVALID_PAIRWISE;
|
|
|
|
}
|
|
|
|
|
2010-01-03 20:02:51 +01:00
|
|
|
if (wpa_auth->conf.ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED) {
|
2008-08-30 13:59:39 +02:00
|
|
|
if (!(data.capabilities & WPA_CAPABILITY_MFPC)) {
|
2008-02-28 02:34:43 +01:00
|
|
|
wpa_printf(MSG_DEBUG, "Management frame protection "
|
|
|
|
"required, but client did not enable it");
|
|
|
|
return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
|
|
|
|
}
|
|
|
|
|
2014-03-12 19:26:37 +01:00
|
|
|
if (data.mgmt_group_cipher != wpa_auth->conf.group_mgmt_cipher)
|
|
|
|
{
|
2008-02-28 02:34:43 +01:00
|
|
|
wpa_printf(MSG_DEBUG, "Unsupported management group "
|
|
|
|
"cipher %d", data.mgmt_group_cipher);
|
|
|
|
return WPA_INVALID_MGMT_GROUP_CIPHER;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-12-27 17:26:31 +01:00
|
|
|
#ifdef CONFIG_SAE
|
|
|
|
if (wpa_auth->conf.ieee80211w == MGMT_FRAME_PROTECTION_OPTIONAL &&
|
2018-10-10 23:43:07 +02:00
|
|
|
wpa_auth->conf.sae_require_mfp &&
|
2017-12-27 17:26:31 +01:00
|
|
|
wpa_key_mgmt_sae(sm->wpa_key_mgmt) &&
|
|
|
|
!(data.capabilities & WPA_CAPABILITY_MFPC)) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"Management frame protection required with SAE, but client did not enable it");
|
|
|
|
return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_SAE */
|
|
|
|
|
2018-08-06 21:46:25 +02:00
|
|
|
#ifdef CONFIG_OCV
|
|
|
|
if ((data.capabilities & WPA_CAPABILITY_OCVC) &&
|
|
|
|
!(data.capabilities & WPA_CAPABILITY_MFPC)) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"Management frame protection required with OCV, but client did not enable it");
|
|
|
|
return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
|
|
|
|
}
|
|
|
|
wpa_auth_set_ocv(sm, wpa_auth->conf.ocv &&
|
|
|
|
(data.capabilities & WPA_CAPABILITY_OCVC));
|
|
|
|
#endif /* CONFIG_OCV */
|
|
|
|
|
2010-01-03 20:02:51 +01:00
|
|
|
if (wpa_auth->conf.ieee80211w == NO_MGMT_FRAME_PROTECTION ||
|
2008-08-30 13:59:39 +02:00
|
|
|
!(data.capabilities & WPA_CAPABILITY_MFPC))
|
2008-02-28 02:34:43 +01:00
|
|
|
sm->mgmt_frame_prot = 0;
|
|
|
|
else
|
|
|
|
sm->mgmt_frame_prot = 1;
|
2017-12-27 17:38:12 +01:00
|
|
|
|
|
|
|
if (sm->mgmt_frame_prot && (ciphers & WPA_CIPHER_TKIP)) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"Management frame protection cannot use TKIP");
|
|
|
|
return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
|
|
|
|
}
|
2008-02-28 02:34:43 +01:00
|
|
|
|
2016-10-27 14:18:32 +02:00
|
|
|
#ifdef CONFIG_IEEE80211R_AP
|
2008-08-31 21:57:28 +02:00
|
|
|
if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
|
2008-02-28 02:34:43 +01:00
|
|
|
if (mdie == NULL || mdie_len < MOBILITY_DOMAIN_ID_LEN + 1) {
|
|
|
|
wpa_printf(MSG_DEBUG, "RSN: Trying to use FT, but "
|
|
|
|
"MDIE not included");
|
|
|
|
return WPA_INVALID_MDIE;
|
|
|
|
}
|
|
|
|
if (os_memcmp(mdie, wpa_auth->conf.mobility_domain,
|
|
|
|
MOBILITY_DOMAIN_ID_LEN) != 0) {
|
|
|
|
wpa_hexdump(MSG_DEBUG, "RSN: Attempted to use unknown "
|
|
|
|
"MDIE", mdie, MOBILITY_DOMAIN_ID_LEN);
|
|
|
|
return WPA_INVALID_MDIE;
|
|
|
|
}
|
2016-11-26 03:39:12 +01:00
|
|
|
} else if (mdie != NULL) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"RSN: Trying to use non-FT AKM suite, but MDIE included");
|
|
|
|
return WPA_INVALID_AKMP;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
2016-10-27 14:18:32 +02:00
|
|
|
#endif /* CONFIG_IEEE80211R_AP */
|
2008-02-28 02:34:43 +01:00
|
|
|
|
2017-03-12 00:26:43 +01:00
|
|
|
#ifdef CONFIG_OWE
|
|
|
|
if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE && !owe_dh) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"OWE: No Diffie-Hellman Parameter element");
|
|
|
|
return WPA_INVALID_AKMP;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_OWE */
|
|
|
|
|
2020-03-28 11:33:48 +01:00
|
|
|
#ifdef CONFIG_DPP2
|
|
|
|
if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP &&
|
|
|
|
((conf->dpp_pfs == 1 && !owe_dh) ||
|
|
|
|
(conf->dpp_pfs == 2 && owe_dh))) {
|
|
|
|
wpa_printf(MSG_DEBUG, "DPP: PFS %s",
|
|
|
|
conf->dpp_pfs == 1 ? "required" : "not allowed");
|
|
|
|
return WPA_DENIED_OTHER_REASON;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_DPP2 */
|
|
|
|
|
2013-01-13 15:58:54 +01:00
|
|
|
sm->pairwise = wpa_pick_pairwise_cipher(ciphers, 0);
|
|
|
|
if (sm->pairwise < 0)
|
|
|
|
return WPA_INVALID_PAIRWISE;
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
/* TODO: clear WPA/WPA2 state if STA changes from one to another */
|
|
|
|
if (wpa_ie[0] == WLAN_EID_RSN)
|
|
|
|
sm->wpa = WPA_VERSION_WPA2;
|
|
|
|
else
|
|
|
|
sm->wpa = WPA_VERSION_WPA;
|
|
|
|
|
2019-03-13 16:24:29 +01:00
|
|
|
#if defined(CONFIG_IEEE80211R_AP) && defined(CONFIG_FILS)
|
|
|
|
if ((sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA256 ||
|
|
|
|
sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA384) &&
|
|
|
|
(sm->auth_alg == WLAN_AUTH_FILS_SK ||
|
|
|
|
sm->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
|
|
|
|
sm->auth_alg == WLAN_AUTH_FILS_PK) &&
|
|
|
|
(data.num_pmkid != 1 || !data.pmkid || !sm->pmk_r1_name_valid ||
|
|
|
|
os_memcmp_const(data.pmkid, sm->pmk_r1_name,
|
|
|
|
WPA_PMK_NAME_LEN) != 0)) {
|
|
|
|
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
|
|
|
|
"No PMKR1Name match for FILS+FT");
|
|
|
|
return WPA_INVALID_PMKID;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_IEEE80211R_AP && CONFIG_FILS */
|
|
|
|
|
2008-08-03 19:17:58 +02:00
|
|
|
sm->pmksa = NULL;
|
2008-02-28 02:34:43 +01:00
|
|
|
for (i = 0; i < data.num_pmkid; i++) {
|
|
|
|
wpa_hexdump(MSG_DEBUG, "RSN IE: STA PMKID",
|
|
|
|
&data.pmkid[i * PMKID_LEN], PMKID_LEN);
|
2009-01-14 21:01:26 +01:00
|
|
|
sm->pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sm->addr,
|
|
|
|
&data.pmkid[i * PMKID_LEN]);
|
2008-02-28 02:34:43 +01:00
|
|
|
if (sm->pmksa) {
|
2008-08-03 19:17:58 +02:00
|
|
|
pmkid = sm->pmksa->pmkid;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
for (i = 0; sm->pmksa == NULL && wpa_auth->conf.okc &&
|
|
|
|
i < data.num_pmkid; i++) {
|
|
|
|
struct wpa_auth_okc_iter_data idata;
|
|
|
|
idata.pmksa = NULL;
|
|
|
|
idata.aa = wpa_auth->addr;
|
|
|
|
idata.spa = sm->addr;
|
|
|
|
idata.pmkid = &data.pmkid[i * PMKID_LEN];
|
|
|
|
wpa_auth_for_each_auth(wpa_auth, wpa_auth_okc_iter, &idata);
|
|
|
|
if (idata.pmksa) {
|
2008-02-28 02:34:43 +01:00
|
|
|
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
|
2008-08-03 19:17:58 +02:00
|
|
|
"OKC match for PMKID");
|
|
|
|
sm->pmksa = pmksa_cache_add_okc(wpa_auth->pmksa,
|
|
|
|
idata.pmksa,
|
|
|
|
wpa_auth->addr,
|
|
|
|
idata.pmkid);
|
|
|
|
pmkid = idata.pmkid;
|
2008-02-28 02:34:43 +01:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
2014-04-26 10:20:37 +02:00
|
|
|
if (sm->pmksa && pmkid) {
|
2016-01-21 14:51:57 +01:00
|
|
|
struct vlan_description *vlan;
|
2016-01-21 14:51:56 +01:00
|
|
|
|
2016-01-21 14:51:57 +01:00
|
|
|
vlan = sm->pmksa->vlan_desc;
|
2008-08-03 19:17:58 +02:00
|
|
|
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
|
2016-01-21 14:51:57 +01:00
|
|
|
"PMKID found from PMKSA cache eap_type=%d vlan=%d%s",
|
2008-08-03 19:17:58 +02:00
|
|
|
sm->pmksa->eap_type_authsrv,
|
2016-01-21 14:51:57 +01:00
|
|
|
vlan ? vlan->untagged : 0,
|
|
|
|
(vlan && vlan->tagged[0]) ? "+" : "");
|
2008-08-03 19:17:58 +02:00
|
|
|
os_memcpy(wpa_auth->dot11RSNAPMKIDUsed, pmkid, PMKID_LEN);
|
|
|
|
}
|
2008-02-28 02:34:43 +01:00
|
|
|
|
2018-02-07 11:16:20 +01:00
|
|
|
#ifdef CONFIG_SAE
|
|
|
|
if (sm->wpa_key_mgmt == WPA_KEY_MGMT_SAE && data.num_pmkid &&
|
|
|
|
!sm->pmksa) {
|
|
|
|
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
|
|
|
|
"No PMKSA cache entry found for SAE");
|
|
|
|
return WPA_INVALID_PMKID;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_SAE */
|
|
|
|
|
2017-06-17 22:48:52 +02:00
|
|
|
#ifdef CONFIG_DPP
|
|
|
|
if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP && !sm->pmksa) {
|
|
|
|
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
|
|
|
|
"No PMKSA cache entry found for DPP");
|
|
|
|
return WPA_INVALID_PMKID;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_DPP */
|
|
|
|
|
2020-03-20 20:04:31 +01:00
|
|
|
if (conf->extended_key_id && sm->wpa == WPA_VERSION_WPA2 &&
|
|
|
|
sm->pairwise != WPA_CIPHER_TKIP &&
|
|
|
|
(data.capabilities & WPA_CAPABILITY_EXT_KEY_ID_FOR_UNICAST)) {
|
2020-04-23 22:52:12 +02:00
|
|
|
sm->use_ext_key_id = true;
|
2020-03-20 20:04:31 +01:00
|
|
|
if (conf->extended_key_id == 2 &&
|
|
|
|
!wpa_key_mgmt_ft(sm->wpa_key_mgmt) &&
|
|
|
|
!wpa_key_mgmt_fils(sm->wpa_key_mgmt))
|
|
|
|
sm->keyidx_active = 1;
|
|
|
|
else
|
|
|
|
sm->keyidx_active = 0;
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"RSN: Extended Key ID supported (start with %d)",
|
|
|
|
sm->keyidx_active);
|
|
|
|
} else {
|
2020-04-23 22:52:12 +02:00
|
|
|
sm->use_ext_key_id = false;
|
2020-03-20 20:04:31 +01:00
|
|
|
}
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
if (sm->wpa_ie == NULL || sm->wpa_ie_len < wpa_ie_len) {
|
|
|
|
os_free(sm->wpa_ie);
|
|
|
|
sm->wpa_ie = os_malloc(wpa_ie_len);
|
|
|
|
if (sm->wpa_ie == NULL)
|
|
|
|
return WPA_ALLOC_FAIL;
|
|
|
|
}
|
|
|
|
os_memcpy(sm->wpa_ie, wpa_ie, wpa_ie_len);
|
|
|
|
sm->wpa_ie_len = wpa_ie_len;
|
|
|
|
|
2019-10-17 23:11:24 +02:00
|
|
|
if (rsnxe && rsnxe_len) {
|
|
|
|
if (!sm->rsnxe || sm->rsnxe_len < rsnxe_len) {
|
|
|
|
os_free(sm->rsnxe);
|
|
|
|
sm->rsnxe = os_malloc(rsnxe_len);
|
|
|
|
if (!sm->rsnxe)
|
|
|
|
return WPA_ALLOC_FAIL;
|
|
|
|
}
|
|
|
|
os_memcpy(sm->rsnxe, rsnxe, rsnxe_len);
|
|
|
|
sm->rsnxe_len = rsnxe_len;
|
|
|
|
} else {
|
|
|
|
os_free(sm->rsnxe);
|
|
|
|
sm->rsnxe = NULL;
|
|
|
|
sm->rsnxe_len = 0;
|
|
|
|
}
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
return WPA_IE_OK;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2013-07-23 20:25:21 +02:00
|
|
|
#ifdef CONFIG_HS20
|
|
|
|
int wpa_validate_osen(struct wpa_authenticator *wpa_auth,
|
|
|
|
struct wpa_state_machine *sm,
|
|
|
|
const u8 *osen_ie, size_t osen_ie_len)
|
|
|
|
{
|
|
|
|
if (wpa_auth == NULL || sm == NULL)
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
/* TODO: parse OSEN element */
|
|
|
|
sm->wpa_key_mgmt = WPA_KEY_MGMT_OSEN;
|
|
|
|
sm->mgmt_frame_prot = 1;
|
|
|
|
sm->pairwise = WPA_CIPHER_CCMP;
|
|
|
|
sm->wpa = WPA_VERSION_WPA2;
|
|
|
|
|
|
|
|
if (sm->wpa_ie == NULL || sm->wpa_ie_len < osen_ie_len) {
|
|
|
|
os_free(sm->wpa_ie);
|
|
|
|
sm->wpa_ie = os_malloc(osen_ie_len);
|
|
|
|
if (sm->wpa_ie == NULL)
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
os_memcpy(sm->wpa_ie, osen_ie, osen_ie_len);
|
|
|
|
sm->wpa_ie_len = osen_ie_len;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
#endif /* CONFIG_HS20 */
|
|
|
|
|
|
|
|
|
2008-06-17 10:21:11 +02:00
|
|
|
int wpa_auth_uses_mfp(struct wpa_state_machine *sm)
|
|
|
|
{
|
|
|
|
return sm ? sm->mgmt_frame_prot : 0;
|
|
|
|
}
|
2017-10-08 12:49:45 +02:00
|
|
|
|
|
|
|
|
2018-08-06 21:46:25 +02:00
|
|
|
#ifdef CONFIG_OCV
|
|
|
|
|
|
|
|
void wpa_auth_set_ocv(struct wpa_state_machine *sm, int ocv)
|
|
|
|
{
|
|
|
|
if (sm)
|
|
|
|
sm->ocv_enabled = ocv;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int wpa_auth_uses_ocv(struct wpa_state_machine *sm)
|
|
|
|
{
|
|
|
|
return sm ? sm->ocv_enabled : 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
#endif /* CONFIG_OCV */
|
|
|
|
|
|
|
|
|
2017-10-08 12:49:45 +02:00
|
|
|
#ifdef CONFIG_OWE
|
|
|
|
u8 * wpa_auth_write_assoc_resp_owe(struct wpa_state_machine *sm,
|
|
|
|
u8 *pos, size_t max_len,
|
|
|
|
const u8 *req_ies, size_t req_ies_len)
|
|
|
|
{
|
|
|
|
int res;
|
2018-12-02 19:21:21 +01:00
|
|
|
struct wpa_auth_config *conf;
|
|
|
|
|
|
|
|
if (!sm)
|
|
|
|
return pos;
|
|
|
|
conf = &sm->wpa_auth->conf;
|
2018-02-12 12:57:12 +01:00
|
|
|
|
|
|
|
#ifdef CONFIG_TESTING_OPTIONS
|
|
|
|
if (conf->own_ie_override_len) {
|
|
|
|
if (max_len < conf->own_ie_override_len)
|
2018-03-05 06:29:18 +01:00
|
|
|
return NULL;
|
2018-02-12 12:57:12 +01:00
|
|
|
wpa_hexdump(MSG_DEBUG, "WPA: Forced own IE(s) for testing",
|
|
|
|
conf->own_ie_override, conf->own_ie_override_len);
|
|
|
|
os_memcpy(pos, conf->own_ie_override,
|
|
|
|
conf->own_ie_override_len);
|
|
|
|
return pos + conf->own_ie_override_len;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_TESTING_OPTIONS */
|
2017-10-08 12:49:45 +02:00
|
|
|
|
2018-11-27 19:49:53 +01:00
|
|
|
res = wpa_write_rsn_ie(conf, pos, max_len,
|
2017-10-09 11:08:12 +02:00
|
|
|
sm->pmksa ? sm->pmksa->pmkid : NULL);
|
2017-10-08 12:49:45 +02:00
|
|
|
if (res < 0)
|
|
|
|
return pos;
|
|
|
|
return pos + res;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_OWE */
|
2019-05-22 16:26:55 +02:00
|
|
|
|
|
|
|
|
|
|
|
#ifdef CONFIG_FILS
|
|
|
|
u8 * wpa_auth_write_assoc_resp_fils(struct wpa_state_machine *sm,
|
|
|
|
u8 *pos, size_t max_len,
|
|
|
|
const u8 *req_ies, size_t req_ies_len)
|
|
|
|
{
|
|
|
|
int res;
|
|
|
|
|
|
|
|
if (!sm ||
|
|
|
|
sm->wpa_key_mgmt & (WPA_KEY_MGMT_FT_FILS_SHA256 |
|
|
|
|
WPA_KEY_MGMT_FT_FILS_SHA384))
|
|
|
|
return pos;
|
|
|
|
|
|
|
|
res = wpa_write_rsn_ie(&sm->wpa_auth->conf, pos, max_len, NULL);
|
|
|
|
if (res < 0)
|
|
|
|
return pos;
|
|
|
|
return pos + res;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_FILS */
|