2 * hostapd - WPA/RSN IE and KDE definitions
3 * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
9 #include "utils/includes.h"
11 #include "utils/common.h"
12 #include "common/ieee802_11_defs.h"
13 #include "eapol_auth/eapol_auth_sm.h"
14 #include "ap_config.h"
15 #include "ieee802_11.h"
17 #include "pmksa_cache_auth.h"
18 #include "wpa_auth_ie.h"
19 #include "wpa_auth_i.h"
22 #ifdef CONFIG_RSN_TESTING
24 #endif /* CONFIG_RSN_TESTING */
27 static int wpa_write_wpa_ie(struct wpa_auth_config *conf, u8 *buf, size_t len)
29 struct wpa_ie_hdr *hdr;
34 hdr = (struct wpa_ie_hdr *) buf;
35 hdr->elem_id = WLAN_EID_VENDOR_SPECIFIC;
36 RSN_SELECTOR_PUT(hdr->oui, WPA_OUI_TYPE);
37 WPA_PUT_LE16(hdr->version, WPA_VERSION);
38 pos = (u8 *) (hdr + 1);
40 suite = wpa_cipher_to_suite(WPA_PROTO_WPA, conf->wpa_group);
42 wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).",
46 RSN_SELECTOR_PUT(pos, suite);
47 pos += WPA_SELECTOR_LEN;
52 num_suites = wpa_cipher_put_suites(pos, conf->wpa_pairwise);
53 if (num_suites == 0) {
54 wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).",
58 pos += num_suites * WPA_SELECTOR_LEN;
59 WPA_PUT_LE16(count, num_suites);
65 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
66 RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X);
67 pos += WPA_SELECTOR_LEN;
70 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
71 RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X);
72 pos += WPA_SELECTOR_LEN;
76 if (num_suites == 0) {
77 wpa_printf(MSG_DEBUG, "Invalid key management type (%d).",
81 WPA_PUT_LE16(count, num_suites);
83 /* WPA Capabilities; use defaults, so no need to include it */
85 hdr->len = (pos - buf) - 2;
91 int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
94 struct rsn_ie_hdr *hdr;
100 hdr = (struct rsn_ie_hdr *) buf;
101 hdr->elem_id = WLAN_EID_RSN;
102 WPA_PUT_LE16(hdr->version, RSN_VERSION);
103 pos = (u8 *) (hdr + 1);
105 suite = wpa_cipher_to_suite(WPA_PROTO_RSN, conf->wpa_group);
107 wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).",
111 RSN_SELECTOR_PUT(pos, suite);
112 pos += RSN_SELECTOR_LEN;
118 #ifdef CONFIG_RSN_TESTING
120 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 1));
121 pos += RSN_SELECTOR_LEN;
124 #endif /* CONFIG_RSN_TESTING */
126 res = rsn_cipher_put_suites(pos, conf->rsn_pairwise);
128 pos += res * RSN_SELECTOR_LEN;
130 #ifdef CONFIG_RSN_TESTING
132 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 2));
133 pos += RSN_SELECTOR_LEN;
136 #endif /* CONFIG_RSN_TESTING */
138 if (num_suites == 0) {
139 wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).",
143 WPA_PUT_LE16(count, num_suites);
149 #ifdef CONFIG_RSN_TESTING
151 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 1));
152 pos += RSN_SELECTOR_LEN;
155 #endif /* CONFIG_RSN_TESTING */
157 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
158 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X);
159 pos += RSN_SELECTOR_LEN;
162 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
163 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X);
164 pos += RSN_SELECTOR_LEN;
167 #ifdef CONFIG_IEEE80211R
168 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) {
169 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X);
170 pos += RSN_SELECTOR_LEN;
173 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_PSK) {
174 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_PSK);
175 pos += RSN_SELECTOR_LEN;
178 #endif /* CONFIG_IEEE80211R */
179 #ifdef CONFIG_IEEE80211W
180 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256) {
181 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SHA256);
182 pos += RSN_SELECTOR_LEN;
185 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK_SHA256) {
186 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_SHA256);
187 pos += RSN_SELECTOR_LEN;
190 #endif /* CONFIG_IEEE80211W */
192 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_SAE) {
193 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_SAE);
194 pos += RSN_SELECTOR_LEN;
197 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_SAE) {
198 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_SAE);
199 pos += RSN_SELECTOR_LEN;
202 #endif /* CONFIG_SAE */
204 #ifdef CONFIG_RSN_TESTING
206 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 2));
207 pos += RSN_SELECTOR_LEN;
210 #endif /* CONFIG_RSN_TESTING */
212 if (num_suites == 0) {
213 wpa_printf(MSG_DEBUG, "Invalid key management type (%d).",
217 WPA_PUT_LE16(count, num_suites);
219 /* RSN Capabilities */
221 if (conf->rsn_preauth)
222 capab |= WPA_CAPABILITY_PREAUTH;
224 capab |= WPA_CAPABILITY_PEERKEY_ENABLED;
225 if (conf->wmm_enabled) {
226 /* 4 PTKSA replay counters when using WMM */
227 capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
229 #ifdef CONFIG_IEEE80211W
230 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
231 capab |= WPA_CAPABILITY_MFPC;
232 if (conf->ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED)
233 capab |= WPA_CAPABILITY_MFPR;
235 #endif /* CONFIG_IEEE80211W */
236 #ifdef CONFIG_RSN_TESTING
238 capab |= BIT(8) | BIT(14) | BIT(15);
239 #endif /* CONFIG_RSN_TESTING */
240 WPA_PUT_LE16(pos, capab);
244 if (pos + 2 + PMKID_LEN > buf + len)
247 WPA_PUT_LE16(pos, 1);
249 os_memcpy(pos, pmkid, PMKID_LEN);
253 #ifdef CONFIG_IEEE80211W
254 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
255 if (pos + 2 + 4 > buf + len)
259 WPA_PUT_LE16(pos, 0);
263 /* Management Group Cipher Suite */
264 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
265 pos += RSN_SELECTOR_LEN;
267 #endif /* CONFIG_IEEE80211W */
269 #ifdef CONFIG_RSN_TESTING
272 * Fill in any defined fields and add extra data to the end of
275 int pmkid_count_set = pmkid != NULL;
276 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION)
279 WPA_PUT_LE16(pos, 0);
281 if (conf->ieee80211w == NO_MGMT_FRAME_PROTECTION) {
282 /* Management Group Cipher Suite */
283 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
284 pos += RSN_SELECTOR_LEN;
287 os_memset(pos, 0x12, 17);
290 #endif /* CONFIG_RSN_TESTING */
292 hdr->len = (pos - buf) - 2;
298 int wpa_auth_gen_wpa_ie(struct wpa_authenticator *wpa_auth)
305 if (wpa_auth->conf.wpa & WPA_PROTO_RSN) {
306 res = wpa_write_rsn_ie(&wpa_auth->conf,
307 pos, buf + sizeof(buf) - pos, NULL);
312 #ifdef CONFIG_IEEE80211R
313 if (wpa_key_mgmt_ft(wpa_auth->conf.wpa_key_mgmt)) {
314 res = wpa_write_mdie(&wpa_auth->conf, pos,
315 buf + sizeof(buf) - pos);
320 #endif /* CONFIG_IEEE80211R */
321 if (wpa_auth->conf.wpa & WPA_PROTO_WPA) {
322 res = wpa_write_wpa_ie(&wpa_auth->conf,
323 pos, buf + sizeof(buf) - pos);
329 os_free(wpa_auth->wpa_ie);
330 wpa_auth->wpa_ie = os_malloc(pos - buf);
331 if (wpa_auth->wpa_ie == NULL)
333 os_memcpy(wpa_auth->wpa_ie, buf, pos - buf);
334 wpa_auth->wpa_ie_len = pos - buf;
340 u8 * wpa_add_kde(u8 *pos, u32 kde, const u8 *data, size_t data_len,
341 const u8 *data2, size_t data2_len)
343 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
344 *pos++ = RSN_SELECTOR_LEN + data_len + data2_len;
345 RSN_SELECTOR_PUT(pos, kde);
346 pos += RSN_SELECTOR_LEN;
347 os_memcpy(pos, data, data_len);
350 os_memcpy(pos, data2, data2_len);
357 struct wpa_auth_okc_iter_data {
358 struct rsn_pmksa_cache_entry *pmksa;
365 static int wpa_auth_okc_iter(struct wpa_authenticator *a, void *ctx)
367 struct wpa_auth_okc_iter_data *data = ctx;
368 data->pmksa = pmksa_cache_get_okc(a->pmksa, data->aa, data->spa,
376 int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
377 struct wpa_state_machine *sm,
378 const u8 *wpa_ie, size_t wpa_ie_len,
379 const u8 *mdie, size_t mdie_len)
381 struct wpa_ie_data data;
382 int ciphers, key_mgmt, res, version;
385 const u8 *pmkid = NULL;
387 if (wpa_auth == NULL || sm == NULL)
388 return WPA_NOT_ENABLED;
390 if (wpa_ie == NULL || wpa_ie_len < 1)
391 return WPA_INVALID_IE;
393 if (wpa_ie[0] == WLAN_EID_RSN)
394 version = WPA_PROTO_RSN;
396 version = WPA_PROTO_WPA;
398 if (!(wpa_auth->conf.wpa & version)) {
399 wpa_printf(MSG_DEBUG, "Invalid WPA proto (%d) from " MACSTR,
400 version, MAC2STR(sm->addr));
401 return WPA_INVALID_PROTO;
404 if (version == WPA_PROTO_RSN) {
405 res = wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, &data);
407 selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
410 #ifdef CONFIG_IEEE80211R
411 else if (data.key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
412 selector = RSN_AUTH_KEY_MGMT_FT_802_1X;
413 else if (data.key_mgmt & WPA_KEY_MGMT_FT_PSK)
414 selector = RSN_AUTH_KEY_MGMT_FT_PSK;
415 #endif /* CONFIG_IEEE80211R */
416 #ifdef CONFIG_IEEE80211W
417 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256)
418 selector = RSN_AUTH_KEY_MGMT_802_1X_SHA256;
419 else if (data.key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
420 selector = RSN_AUTH_KEY_MGMT_PSK_SHA256;
421 #endif /* CONFIG_IEEE80211W */
423 else if (data.key_mgmt & WPA_KEY_MGMT_SAE)
424 selector = RSN_AUTH_KEY_MGMT_SAE;
425 else if (data.key_mgmt & WPA_KEY_MGMT_FT_SAE)
426 selector = RSN_AUTH_KEY_MGMT_FT_SAE;
427 #endif /* CONFIG_SAE */
428 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
429 selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
430 else if (data.key_mgmt & WPA_KEY_MGMT_PSK)
431 selector = RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X;
432 wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector;
434 selector = wpa_cipher_to_suite(WPA_PROTO_RSN,
435 data.pairwise_cipher);
437 selector = RSN_CIPHER_SUITE_CCMP;
438 wpa_auth->dot11RSNAPairwiseCipherSelected = selector;
440 selector = wpa_cipher_to_suite(WPA_PROTO_RSN,
443 selector = RSN_CIPHER_SUITE_CCMP;
444 wpa_auth->dot11RSNAGroupCipherSelected = selector;
446 res = wpa_parse_wpa_ie_wpa(wpa_ie, wpa_ie_len, &data);
448 selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
449 if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
450 selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
451 else if (data.key_mgmt & WPA_KEY_MGMT_PSK)
452 selector = WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X;
453 wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector;
455 selector = wpa_cipher_to_suite(WPA_PROTO_WPA,
456 data.pairwise_cipher);
458 selector = RSN_CIPHER_SUITE_TKIP;
459 wpa_auth->dot11RSNAPairwiseCipherSelected = selector;
461 selector = wpa_cipher_to_suite(WPA_PROTO_WPA,
464 selector = WPA_CIPHER_SUITE_TKIP;
465 wpa_auth->dot11RSNAGroupCipherSelected = selector;
468 wpa_printf(MSG_DEBUG, "Failed to parse WPA/RSN IE from "
469 MACSTR " (res=%d)", MAC2STR(sm->addr), res);
470 wpa_hexdump(MSG_DEBUG, "WPA/RSN IE", wpa_ie, wpa_ie_len);
471 return WPA_INVALID_IE;
474 if (data.group_cipher != wpa_auth->conf.wpa_group) {
475 wpa_printf(MSG_DEBUG, "Invalid WPA group cipher (0x%x) from "
476 MACSTR, data.group_cipher, MAC2STR(sm->addr));
477 return WPA_INVALID_GROUP;
480 key_mgmt = data.key_mgmt & wpa_auth->conf.wpa_key_mgmt;
482 wpa_printf(MSG_DEBUG, "Invalid WPA key mgmt (0x%x) from "
483 MACSTR, data.key_mgmt, MAC2STR(sm->addr));
484 return WPA_INVALID_AKMP;
488 #ifdef CONFIG_IEEE80211R
489 else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
490 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
491 else if (key_mgmt & WPA_KEY_MGMT_FT_PSK)
492 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_PSK;
493 #endif /* CONFIG_IEEE80211R */
494 #ifdef CONFIG_IEEE80211W
495 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256)
496 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
497 else if (key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
498 sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
499 #endif /* CONFIG_IEEE80211W */
501 else if (key_mgmt & WPA_KEY_MGMT_SAE)
502 sm->wpa_key_mgmt = WPA_KEY_MGMT_SAE;
503 else if (key_mgmt & WPA_KEY_MGMT_FT_SAE)
504 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_SAE;
505 #endif /* CONFIG_SAE */
506 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X)
507 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X;
509 sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
511 if (version == WPA_PROTO_RSN)
512 ciphers = data.pairwise_cipher & wpa_auth->conf.rsn_pairwise;
514 ciphers = data.pairwise_cipher & wpa_auth->conf.wpa_pairwise;
516 wpa_printf(MSG_DEBUG, "Invalid %s pairwise cipher (0x%x) "
518 version == WPA_PROTO_RSN ? "RSN" : "WPA",
519 data.pairwise_cipher, MAC2STR(sm->addr));
520 return WPA_INVALID_PAIRWISE;
523 #ifdef CONFIG_IEEE80211W
524 if (wpa_auth->conf.ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED) {
525 if (!(data.capabilities & WPA_CAPABILITY_MFPC)) {
526 wpa_printf(MSG_DEBUG, "Management frame protection "
527 "required, but client did not enable it");
528 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
531 if (ciphers & WPA_CIPHER_TKIP) {
532 wpa_printf(MSG_DEBUG, "Management frame protection "
534 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
537 if (data.mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC) {
538 wpa_printf(MSG_DEBUG, "Unsupported management group "
539 "cipher %d", data.mgmt_group_cipher);
540 return WPA_INVALID_MGMT_GROUP_CIPHER;
544 if (wpa_auth->conf.ieee80211w == NO_MGMT_FRAME_PROTECTION ||
545 !(data.capabilities & WPA_CAPABILITY_MFPC))
546 sm->mgmt_frame_prot = 0;
548 sm->mgmt_frame_prot = 1;
549 #endif /* CONFIG_IEEE80211W */
551 #ifdef CONFIG_IEEE80211R
552 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
553 if (mdie == NULL || mdie_len < MOBILITY_DOMAIN_ID_LEN + 1) {
554 wpa_printf(MSG_DEBUG, "RSN: Trying to use FT, but "
555 "MDIE not included");
556 return WPA_INVALID_MDIE;
558 if (os_memcmp(mdie, wpa_auth->conf.mobility_domain,
559 MOBILITY_DOMAIN_ID_LEN) != 0) {
560 wpa_hexdump(MSG_DEBUG, "RSN: Attempted to use unknown "
561 "MDIE", mdie, MOBILITY_DOMAIN_ID_LEN);
562 return WPA_INVALID_MDIE;
565 #endif /* CONFIG_IEEE80211R */
567 sm->pairwise = wpa_pick_pairwise_cipher(ciphers, 0);
568 if (sm->pairwise < 0)
569 return WPA_INVALID_PAIRWISE;
571 /* TODO: clear WPA/WPA2 state if STA changes from one to another */
572 if (wpa_ie[0] == WLAN_EID_RSN)
573 sm->wpa = WPA_VERSION_WPA2;
575 sm->wpa = WPA_VERSION_WPA;
578 for (i = 0; i < data.num_pmkid; i++) {
579 wpa_hexdump(MSG_DEBUG, "RSN IE: STA PMKID",
580 &data.pmkid[i * PMKID_LEN], PMKID_LEN);
581 sm->pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sm->addr,
582 &data.pmkid[i * PMKID_LEN]);
584 pmkid = sm->pmksa->pmkid;
588 for (i = 0; sm->pmksa == NULL && wpa_auth->conf.okc &&
589 i < data.num_pmkid; i++) {
590 struct wpa_auth_okc_iter_data idata;
592 idata.aa = wpa_auth->addr;
593 idata.spa = sm->addr;
594 idata.pmkid = &data.pmkid[i * PMKID_LEN];
595 wpa_auth_for_each_auth(wpa_auth, wpa_auth_okc_iter, &idata);
597 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
598 "OKC match for PMKID");
599 sm->pmksa = pmksa_cache_add_okc(wpa_auth->pmksa,
608 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
609 "PMKID found from PMKSA cache "
610 "eap_type=%d vlan_id=%d",
611 sm->pmksa->eap_type_authsrv,
613 os_memcpy(wpa_auth->dot11RSNAPMKIDUsed, pmkid, PMKID_LEN);
616 if (sm->wpa_ie == NULL || sm->wpa_ie_len < wpa_ie_len) {
618 sm->wpa_ie = os_malloc(wpa_ie_len);
619 if (sm->wpa_ie == NULL)
620 return WPA_ALLOC_FAIL;
622 os_memcpy(sm->wpa_ie, wpa_ie, wpa_ie_len);
623 sm->wpa_ie_len = wpa_ie_len;
630 * wpa_parse_generic - Parse EAPOL-Key Key Data Generic IEs
631 * @pos: Pointer to the IE header
632 * @end: Pointer to the end of the Key Data buffer
633 * @ie: Pointer to parsed IE data
634 * Returns: 0 on success, 1 if end mark is found, -1 on failure
636 static int wpa_parse_generic(const u8 *pos, const u8 *end,
637 struct wpa_eapol_ie_parse *ie)
643 RSN_SELECTOR_GET(pos + 2) == WPA_OUI_TYPE &&
644 pos[2 + WPA_SELECTOR_LEN] == 1 &&
645 pos[2 + WPA_SELECTOR_LEN + 1] == 0) {
647 ie->wpa_ie_len = pos[1] + 2;
651 if (pos + 1 + RSN_SELECTOR_LEN < end &&
652 pos[1] >= RSN_SELECTOR_LEN + PMKID_LEN &&
653 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_PMKID) {
654 ie->pmkid = pos + 2 + RSN_SELECTOR_LEN;
658 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
659 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_GROUPKEY) {
660 ie->gtk = pos + 2 + RSN_SELECTOR_LEN;
661 ie->gtk_len = pos[1] - RSN_SELECTOR_LEN;
665 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
666 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_MAC_ADDR) {
667 ie->mac_addr = pos + 2 + RSN_SELECTOR_LEN;
668 ie->mac_addr_len = pos[1] - RSN_SELECTOR_LEN;
672 #ifdef CONFIG_PEERKEY
673 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
674 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_SMK) {
675 ie->smk = pos + 2 + RSN_SELECTOR_LEN;
676 ie->smk_len = pos[1] - RSN_SELECTOR_LEN;
680 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
681 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_NONCE) {
682 ie->nonce = pos + 2 + RSN_SELECTOR_LEN;
683 ie->nonce_len = pos[1] - RSN_SELECTOR_LEN;
687 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
688 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_LIFETIME) {
689 ie->lifetime = pos + 2 + RSN_SELECTOR_LEN;
690 ie->lifetime_len = pos[1] - RSN_SELECTOR_LEN;
694 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
695 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_ERROR) {
696 ie->error = pos + 2 + RSN_SELECTOR_LEN;
697 ie->error_len = pos[1] - RSN_SELECTOR_LEN;
700 #endif /* CONFIG_PEERKEY */
702 #ifdef CONFIG_IEEE80211W
703 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
704 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_IGTK) {
705 ie->igtk = pos + 2 + RSN_SELECTOR_LEN;
706 ie->igtk_len = pos[1] - RSN_SELECTOR_LEN;
709 #endif /* CONFIG_IEEE80211W */
712 if (pos[1] >= RSN_SELECTOR_LEN + 1 &&
713 RSN_SELECTOR_GET(pos + 2) == WFA_KEY_DATA_IP_ADDR_REQ) {
714 ie->ip_addr_req = pos + 2 + RSN_SELECTOR_LEN;
715 wpa_hexdump(MSG_DEBUG, "WPA: IP Address Request in EAPOL-Key",
716 ie->ip_addr_req, pos[1] - RSN_SELECTOR_LEN);
720 if (pos[1] >= RSN_SELECTOR_LEN + 3 * 4 &&
721 RSN_SELECTOR_GET(pos + 2) == WFA_KEY_DATA_IP_ADDR_ALLOC) {
722 ie->ip_addr_alloc = pos + 2 + RSN_SELECTOR_LEN;
723 wpa_hexdump(MSG_DEBUG,
724 "WPA: IP Address Allocation in EAPOL-Key",
725 ie->ip_addr_alloc, pos[1] - RSN_SELECTOR_LEN);
728 #endif /* CONFIG_P2P */
735 * wpa_parse_kde_ies - Parse EAPOL-Key Key Data IEs
736 * @buf: Pointer to the Key Data buffer
737 * @len: Key Data Length
738 * @ie: Pointer to parsed IE data
739 * Returns: 0 on success, -1 on failure
741 int wpa_parse_kde_ies(const u8 *buf, size_t len, struct wpa_eapol_ie_parse *ie)
746 os_memset(ie, 0, sizeof(*ie));
747 for (pos = buf, end = pos + len; pos + 1 < end; pos += 2 + pos[1]) {
748 if (pos[0] == 0xdd &&
749 ((pos == buf + len - 1) || pos[1] == 0)) {
753 if (pos + 2 + pos[1] > end) {
754 wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key Key Data "
755 "underflow (ie=%d len=%d pos=%d)",
756 pos[0], pos[1], (int) (pos - buf));
757 wpa_hexdump_key(MSG_DEBUG, "WPA: Key Data",
762 if (*pos == WLAN_EID_RSN) {
764 ie->rsn_ie_len = pos[1] + 2;
765 #ifdef CONFIG_IEEE80211R
766 } else if (*pos == WLAN_EID_MOBILITY_DOMAIN) {
768 ie->mdie_len = pos[1] + 2;
769 } else if (*pos == WLAN_EID_FAST_BSS_TRANSITION) {
771 ie->ftie_len = pos[1] + 2;
772 #endif /* CONFIG_IEEE80211R */
773 } else if (*pos == WLAN_EID_VENDOR_SPECIFIC) {
774 ret = wpa_parse_generic(pos, end, ie);
782 wpa_hexdump(MSG_DEBUG, "WPA: Unrecognized EAPOL-Key "
783 "Key Data IE", pos, 2 + pos[1]);
791 int wpa_auth_uses_mfp(struct wpa_state_machine *sm)
793 return sm ? sm->mgmt_frame_prot : 0;