From ebfa2275936b7d57093841a9280d583a49986ea9 Mon Sep 17 00:00:00 2001 From: Sepherosa Ziehau Date: Tue, 7 Aug 2007 11:18:24 +0000 Subject: [PATCH] Import hostapd 0.5.8 --- contrib/hostapd-0.5.8/COPYING | 340 ++ contrib/hostapd-0.5.8/README | 386 ++ contrib/hostapd-0.5.8/README.DELETE | 36 + contrib/hostapd-0.5.8/README.DRAGONFLY | 4 + contrib/hostapd-0.5.8/accounting.c | 467 +++ contrib/hostapd-0.5.8/accounting.h | 27 + contrib/hostapd-0.5.8/aes.c | 1107 +++++ contrib/hostapd-0.5.8/aes.h | 25 + contrib/hostapd-0.5.8/aes_wrap.c | 472 +++ contrib/hostapd-0.5.8/aes_wrap.h | 42 + contrib/hostapd-0.5.8/ap.h | 111 + contrib/hostapd-0.5.8/ap_list.c | 459 +++ contrib/hostapd-0.5.8/ap_list.h | 68 + contrib/hostapd-0.5.8/beacon.c | 419 ++ contrib/hostapd-0.5.8/beacon.h | 24 + contrib/hostapd-0.5.8/build_config.h | 50 + contrib/hostapd-0.5.8/common.c | 603 +++ contrib/hostapd-0.5.8/common.h | 492 +++ contrib/hostapd-0.5.8/config.c | 1994 +++++++++ contrib/hostapd-0.5.8/config.h | 362 ++ contrib/hostapd-0.5.8/config_types.h | 28 + contrib/hostapd-0.5.8/crypto.c | 207 + contrib/hostapd-0.5.8/crypto.h | 413 ++ contrib/hostapd-0.5.8/ctrl_iface.c | 499 +++ contrib/hostapd-0.5.8/ctrl_iface.h | 23 + contrib/hostapd-0.5.8/defs.h | 140 + contrib/hostapd-0.5.8/des.c | 476 +++ contrib/hostapd-0.5.8/driver.c | 1224 ++++++ contrib/hostapd-0.5.8/driver.h | 656 +++ contrib/hostapd-0.5.8/driver_wired.c | 391 ++ contrib/hostapd-0.5.8/eap.c | 1138 ++++++ contrib/hostapd-0.5.8/eap.h | 115 + contrib/hostapd-0.5.8/eap_aka.c | 848 ++++ contrib/hostapd-0.5.8/eap_defs.h | 75 + contrib/hostapd-0.5.8/eap_gpsk.c | 646 +++ contrib/hostapd-0.5.8/eap_gpsk_common.c | 441 ++ contrib/hostapd-0.5.8/eap_gpsk_common.h | 66 + contrib/hostapd-0.5.8/eap_gtc.c | 160 + contrib/hostapd-0.5.8/eap_i.h | 192 + contrib/hostapd-0.5.8/eap_identity.c | 181 + contrib/hostapd-0.5.8/eap_md5.c | 188 + contrib/hostapd-0.5.8/eap_methods.c | 273 ++ contrib/hostapd-0.5.8/eap_methods.h | 49 + contrib/hostapd-0.5.8/eap_mschapv2.c | 555 +++ contrib/hostapd-0.5.8/eap_pax.c | 562 +++ contrib/hostapd-0.5.8/eap_pax_common.c | 150 + contrib/hostapd-0.5.8/eap_pax_common.h | 101 + contrib/hostapd-0.5.8/eap_peap.c | 731 ++++ contrib/hostapd-0.5.8/eap_psk.c | 494 +++ contrib/hostapd-0.5.8/eap_psk_common.c | 64 + contrib/hostapd-0.5.8/eap_psk_common.h | 103 + contrib/hostapd-0.5.8/eap_sake.c | 547 +++ contrib/hostapd-0.5.8/eap_sake_common.c | 380 ++ contrib/hostapd-0.5.8/eap_sake_common.h | 104 + contrib/hostapd-0.5.8/eap_sim.c | 694 ++++ contrib/hostapd-0.5.8/eap_sim_common.c | 840 ++++ contrib/hostapd-0.5.8/eap_sim_common.h | 166 + contrib/hostapd-0.5.8/eap_sim_db.c | 1253 ++++++ contrib/hostapd-0.5.8/eap_sim_db.h | 99 + contrib/hostapd-0.5.8/eap_tls.c | 292 ++ contrib/hostapd-0.5.8/eap_tls_common.c | 296 ++ contrib/hostapd-0.5.8/eap_tls_common.h | 61 + contrib/hostapd-0.5.8/eap_tlv.c | 252 ++ contrib/hostapd-0.5.8/eap_ttls.c | 1502 +++++++ contrib/hostapd-0.5.8/eap_ttls.h | 71 + contrib/hostapd-0.5.8/eapol_sm.c | 1264 ++++++ contrib/hostapd-0.5.8/eapol_sm.h | 210 + contrib/hostapd-0.5.8/eloop.c | 531 +++ contrib/hostapd-0.5.8/eloop.h | 327 ++ contrib/hostapd-0.5.8/eloop_none.c | 390 ++ contrib/hostapd-0.5.8/eloop_win.c | 604 +++ contrib/hostapd-0.5.8/hlr_auc_gw.c | 588 +++ contrib/hostapd-0.5.8/hlr_auc_gw.milenage_db | 9 + contrib/hostapd-0.5.8/hostap_common.h | 216 + contrib/hostapd-0.5.8/hostapd.accept | 5 + contrib/hostapd-0.5.8/hostapd.c | 1936 +++++++++ contrib/hostapd-0.5.8/hostapd.conf | 715 ++++ contrib/hostapd-0.5.8/hostapd.deny | 5 + contrib/hostapd-0.5.8/hostapd.eap_user | 74 + contrib/hostapd-0.5.8/hostapd.h | 255 ++ contrib/hostapd-0.5.8/hostapd.radius_clients | 4 + contrib/hostapd-0.5.8/hostapd.sim_db | 9 + contrib/hostapd-0.5.8/hostapd.vlan | 9 + contrib/hostapd-0.5.8/hostapd.wpa_psk | 9 + contrib/hostapd-0.5.8/hostapd_cli.c | 614 +++ contrib/hostapd-0.5.8/hw_features.c | 429 ++ contrib/hostapd-0.5.8/hw_features.h | 61 + contrib/hostapd-0.5.8/iapp.c | 544 +++ contrib/hostapd-0.5.8/iapp.h | 54 + contrib/hostapd-0.5.8/ieee802_11.c | 1636 ++++++++ contrib/hostapd-0.5.8/ieee802_11.h | 333 ++ contrib/hostapd-0.5.8/ieee802_11_auth.c | 473 +++ contrib/hostapd-0.5.8/ieee802_11_auth.h | 33 + contrib/hostapd-0.5.8/ieee802_11h.c | 34 + contrib/hostapd-0.5.8/ieee802_11h.h | 27 + contrib/hostapd-0.5.8/ieee802_1x.c | 2008 +++++++++ contrib/hostapd-0.5.8/ieee802_1x.h | 90 + contrib/hostapd-0.5.8/includes.h | 57 + contrib/hostapd-0.5.8/l2_packet.h | 141 + contrib/hostapd-0.5.8/md4.c | 282 ++ contrib/hostapd-0.5.8/md5.c | 394 ++ contrib/hostapd-0.5.8/md5.h | 34 + contrib/hostapd-0.5.8/milenage.c | 1053 +++++ contrib/hostapd-0.5.8/milenage.h | 26 + contrib/hostapd-0.5.8/mlme.c | 176 + contrib/hostapd-0.5.8/mlme.h | 40 + contrib/hostapd-0.5.8/ms_funcs.c | 440 ++ contrib/hostapd-0.5.8/ms_funcs.h | 59 + contrib/hostapd-0.5.8/os.h | 485 +++ contrib/hostapd-0.5.8/os_internal.c | 441 ++ contrib/hostapd-0.5.8/os_none.c | 220 + contrib/hostapd-0.5.8/os_unix.c | 212 + contrib/hostapd-0.5.8/pmksa_cache.c | 366 ++ contrib/hostapd-0.5.8/pmksa_cache.h | 54 + contrib/hostapd-0.5.8/preauth.c | 276 ++ contrib/hostapd-0.5.8/preauth.h | 58 + contrib/hostapd-0.5.8/prism54.h | 177 + contrib/hostapd-0.5.8/priv_netlink.h | 71 + contrib/hostapd-0.5.8/radius.c | 1229 ++++++ contrib/hostapd-0.5.8/radius.h | 266 ++ contrib/hostapd-0.5.8/radius_client.c | 1204 ++++++ contrib/hostapd-0.5.8/radius_client.h | 105 + contrib/hostapd-0.5.8/radius_server.c | 1352 +++++++ contrib/hostapd-0.5.8/radius_server.h | 67 + contrib/hostapd-0.5.8/rc4.c | 86 + contrib/hostapd-0.5.8/rc4.h | 22 + contrib/hostapd-0.5.8/reconfig.c | 714 ++++ contrib/hostapd-0.5.8/sha1.c | 722 ++++ contrib/hostapd-0.5.8/sha1.h | 41 + contrib/hostapd-0.5.8/sha256.c | 379 ++ contrib/hostapd-0.5.8/sha256.h | 27 + contrib/hostapd-0.5.8/sta_info.c | 585 +++ contrib/hostapd-0.5.8/sta_info.h | 40 + contrib/hostapd-0.5.8/state_machine.h | 144 + contrib/hostapd-0.5.8/tls.h | 521 +++ contrib/hostapd-0.5.8/tls_gnutls.c | 1370 +++++++ contrib/hostapd-0.5.8/tls_none.c | 241 ++ contrib/hostapd-0.5.8/tls_openssl.c | 2317 +++++++++++ contrib/hostapd-0.5.8/version.h | 6 + contrib/hostapd-0.5.8/vlan_init.c | 835 ++++ contrib/hostapd-0.5.8/vlan_init.h | 31 + contrib/hostapd-0.5.8/wired.conf | 40 + contrib/hostapd-0.5.8/wireless_copy.h | 1089 +++++ contrib/hostapd-0.5.8/wme.c | 260 ++ contrib/hostapd-0.5.8/wme.h | 146 + contrib/hostapd-0.5.8/wpa.c | 3794 ++++++++++++++++++ contrib/hostapd-0.5.8/wpa.h | 186 + contrib/hostapd-0.5.8/wpa_common.h | 58 + contrib/hostapd-0.5.8/wpa_ctrl.c | 425 ++ contrib/hostapd-0.5.8/wpa_ctrl.h | 185 + 150 files changed, 62279 insertions(+) create mode 100644 contrib/hostapd-0.5.8/COPYING create mode 100644 contrib/hostapd-0.5.8/README create mode 100644 contrib/hostapd-0.5.8/README.DELETE create mode 100644 contrib/hostapd-0.5.8/README.DRAGONFLY create mode 100644 contrib/hostapd-0.5.8/accounting.c create mode 100644 contrib/hostapd-0.5.8/accounting.h create mode 100644 contrib/hostapd-0.5.8/aes.c create mode 100644 contrib/hostapd-0.5.8/aes.h create mode 100644 contrib/hostapd-0.5.8/aes_wrap.c create mode 100644 contrib/hostapd-0.5.8/aes_wrap.h create mode 100644 contrib/hostapd-0.5.8/ap.h create mode 100644 contrib/hostapd-0.5.8/ap_list.c create mode 100644 contrib/hostapd-0.5.8/ap_list.h create mode 100644 contrib/hostapd-0.5.8/beacon.c create mode 100644 contrib/hostapd-0.5.8/beacon.h create mode 100644 contrib/hostapd-0.5.8/build_config.h create mode 100644 contrib/hostapd-0.5.8/common.c create mode 100644 contrib/hostapd-0.5.8/common.h create mode 100644 contrib/hostapd-0.5.8/config.c create mode 100644 contrib/hostapd-0.5.8/config.h create mode 100644 contrib/hostapd-0.5.8/config_types.h create mode 100644 contrib/hostapd-0.5.8/crypto.c create mode 100644 contrib/hostapd-0.5.8/crypto.h create mode 100644 contrib/hostapd-0.5.8/ctrl_iface.c create mode 100644 contrib/hostapd-0.5.8/ctrl_iface.h create mode 100644 contrib/hostapd-0.5.8/defs.h create mode 100644 contrib/hostapd-0.5.8/des.c create mode 100644 contrib/hostapd-0.5.8/driver.c create mode 100644 contrib/hostapd-0.5.8/driver.h create mode 100644 contrib/hostapd-0.5.8/driver_wired.c create mode 100644 contrib/hostapd-0.5.8/eap.c create mode 100644 contrib/hostapd-0.5.8/eap.h create mode 100644 contrib/hostapd-0.5.8/eap_aka.c create mode 100644 contrib/hostapd-0.5.8/eap_defs.h create mode 100644 contrib/hostapd-0.5.8/eap_gpsk.c create mode 100644 contrib/hostapd-0.5.8/eap_gpsk_common.c create mode 100644 contrib/hostapd-0.5.8/eap_gpsk_common.h create mode 100644 contrib/hostapd-0.5.8/eap_gtc.c create mode 100644 contrib/hostapd-0.5.8/eap_i.h create mode 100644 contrib/hostapd-0.5.8/eap_identity.c create mode 100644 contrib/hostapd-0.5.8/eap_md5.c create mode 100644 contrib/hostapd-0.5.8/eap_methods.c create mode 100644 contrib/hostapd-0.5.8/eap_methods.h create mode 100644 contrib/hostapd-0.5.8/eap_mschapv2.c create mode 100644 contrib/hostapd-0.5.8/eap_pax.c create mode 100644 contrib/hostapd-0.5.8/eap_pax_common.c create mode 100644 contrib/hostapd-0.5.8/eap_pax_common.h create mode 100644 contrib/hostapd-0.5.8/eap_peap.c create mode 100644 contrib/hostapd-0.5.8/eap_psk.c create mode 100644 contrib/hostapd-0.5.8/eap_psk_common.c create mode 100644 contrib/hostapd-0.5.8/eap_psk_common.h create mode 100644 contrib/hostapd-0.5.8/eap_sake.c create mode 100644 contrib/hostapd-0.5.8/eap_sake_common.c create mode 100644 contrib/hostapd-0.5.8/eap_sake_common.h create mode 100644 contrib/hostapd-0.5.8/eap_sim.c create mode 100644 contrib/hostapd-0.5.8/eap_sim_common.c create mode 100644 contrib/hostapd-0.5.8/eap_sim_common.h create mode 100644 contrib/hostapd-0.5.8/eap_sim_db.c create mode 100644 contrib/hostapd-0.5.8/eap_sim_db.h create mode 100644 contrib/hostapd-0.5.8/eap_tls.c create mode 100644 contrib/hostapd-0.5.8/eap_tls_common.c create mode 100644 contrib/hostapd-0.5.8/eap_tls_common.h create mode 100644 contrib/hostapd-0.5.8/eap_tlv.c create mode 100644 contrib/hostapd-0.5.8/eap_ttls.c create mode 100644 contrib/hostapd-0.5.8/eap_ttls.h create mode 100644 contrib/hostapd-0.5.8/eapol_sm.c create mode 100644 contrib/hostapd-0.5.8/eapol_sm.h create mode 100644 contrib/hostapd-0.5.8/eloop.c create mode 100644 contrib/hostapd-0.5.8/eloop.h create mode 100644 contrib/hostapd-0.5.8/eloop_none.c create mode 100644 contrib/hostapd-0.5.8/eloop_win.c create mode 100644 contrib/hostapd-0.5.8/hlr_auc_gw.c create mode 100644 contrib/hostapd-0.5.8/hlr_auc_gw.milenage_db create mode 100644 contrib/hostapd-0.5.8/hostap_common.h create mode 100644 contrib/hostapd-0.5.8/hostapd.accept create mode 100644 contrib/hostapd-0.5.8/hostapd.c create mode 100644 contrib/hostapd-0.5.8/hostapd.conf create mode 100644 contrib/hostapd-0.5.8/hostapd.deny create mode 100644 contrib/hostapd-0.5.8/hostapd.eap_user create mode 100644 contrib/hostapd-0.5.8/hostapd.h create mode 100644 contrib/hostapd-0.5.8/hostapd.radius_clients create mode 100644 contrib/hostapd-0.5.8/hostapd.sim_db create mode 100644 contrib/hostapd-0.5.8/hostapd.vlan create mode 100644 contrib/hostapd-0.5.8/hostapd.wpa_psk create mode 100644 contrib/hostapd-0.5.8/hostapd_cli.c create mode 100644 contrib/hostapd-0.5.8/hw_features.c create mode 100644 contrib/hostapd-0.5.8/hw_features.h create mode 100644 contrib/hostapd-0.5.8/iapp.c create mode 100644 contrib/hostapd-0.5.8/iapp.h create mode 100644 contrib/hostapd-0.5.8/ieee802_11.c create mode 100644 contrib/hostapd-0.5.8/ieee802_11.h create mode 100644 contrib/hostapd-0.5.8/ieee802_11_auth.c create mode 100644 contrib/hostapd-0.5.8/ieee802_11_auth.h create mode 100644 contrib/hostapd-0.5.8/ieee802_11h.c create mode 100644 contrib/hostapd-0.5.8/ieee802_11h.h create mode 100644 contrib/hostapd-0.5.8/ieee802_1x.c create mode 100644 contrib/hostapd-0.5.8/ieee802_1x.h create mode 100644 contrib/hostapd-0.5.8/includes.h create mode 100644 contrib/hostapd-0.5.8/l2_packet.h create mode 100644 contrib/hostapd-0.5.8/md4.c create mode 100644 contrib/hostapd-0.5.8/md5.c create mode 100644 contrib/hostapd-0.5.8/md5.h create mode 100644 contrib/hostapd-0.5.8/milenage.c create mode 100644 contrib/hostapd-0.5.8/milenage.h create mode 100644 contrib/hostapd-0.5.8/mlme.c create mode 100644 contrib/hostapd-0.5.8/mlme.h create mode 100644 contrib/hostapd-0.5.8/ms_funcs.c create mode 100644 contrib/hostapd-0.5.8/ms_funcs.h create mode 100644 contrib/hostapd-0.5.8/os.h create mode 100644 contrib/hostapd-0.5.8/os_internal.c create mode 100644 contrib/hostapd-0.5.8/os_none.c create mode 100644 contrib/hostapd-0.5.8/os_unix.c create mode 100644 contrib/hostapd-0.5.8/pmksa_cache.c create mode 100644 contrib/hostapd-0.5.8/pmksa_cache.h create mode 100644 contrib/hostapd-0.5.8/preauth.c create mode 100644 contrib/hostapd-0.5.8/preauth.h create mode 100644 contrib/hostapd-0.5.8/prism54.h create mode 100644 contrib/hostapd-0.5.8/priv_netlink.h create mode 100644 contrib/hostapd-0.5.8/radius.c create mode 100644 contrib/hostapd-0.5.8/radius.h create mode 100644 contrib/hostapd-0.5.8/radius_client.c create mode 100644 contrib/hostapd-0.5.8/radius_client.h create mode 100644 contrib/hostapd-0.5.8/radius_server.c create mode 100644 contrib/hostapd-0.5.8/radius_server.h create mode 100644 contrib/hostapd-0.5.8/rc4.c create mode 100644 contrib/hostapd-0.5.8/rc4.h create mode 100644 contrib/hostapd-0.5.8/reconfig.c create mode 100644 contrib/hostapd-0.5.8/sha1.c create mode 100644 contrib/hostapd-0.5.8/sha1.h create mode 100644 contrib/hostapd-0.5.8/sha256.c create mode 100644 contrib/hostapd-0.5.8/sha256.h create mode 100644 contrib/hostapd-0.5.8/sta_info.c create mode 100644 contrib/hostapd-0.5.8/sta_info.h create mode 100644 contrib/hostapd-0.5.8/state_machine.h create mode 100644 contrib/hostapd-0.5.8/tls.h create mode 100644 contrib/hostapd-0.5.8/tls_gnutls.c create mode 100644 contrib/hostapd-0.5.8/tls_none.c create mode 100644 contrib/hostapd-0.5.8/tls_openssl.c create mode 100644 contrib/hostapd-0.5.8/version.h create mode 100644 contrib/hostapd-0.5.8/vlan_init.c create mode 100644 contrib/hostapd-0.5.8/vlan_init.h create mode 100644 contrib/hostapd-0.5.8/wired.conf create mode 100644 contrib/hostapd-0.5.8/wireless_copy.h create mode 100644 contrib/hostapd-0.5.8/wme.c create mode 100644 contrib/hostapd-0.5.8/wme.h create mode 100644 contrib/hostapd-0.5.8/wpa.c create mode 100644 contrib/hostapd-0.5.8/wpa.h create mode 100644 contrib/hostapd-0.5.8/wpa_common.h create mode 100644 contrib/hostapd-0.5.8/wpa_ctrl.c create mode 100644 contrib/hostapd-0.5.8/wpa_ctrl.h diff --git a/contrib/hostapd-0.5.8/COPYING b/contrib/hostapd-0.5.8/COPYING new file mode 100644 index 0000000000..14f5453722 --- /dev/null +++ b/contrib/hostapd-0.5.8/COPYING @@ -0,0 +1,340 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc. + 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Library General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) 19yy + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) 19yy name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Library General +Public License instead of this License. diff --git a/contrib/hostapd-0.5.8/README b/contrib/hostapd-0.5.8/README new file mode 100644 index 0000000000..541fac4285 --- /dev/null +++ b/contrib/hostapd-0.5.8/README @@ -0,0 +1,386 @@ +hostapd - user space IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP + Authenticator and RADIUS authentication server +================================================================ + +Copyright (c) 2002-2007, Jouni Malinen and contributors +All Rights Reserved. + +This program is dual-licensed under both the GPL version 2 and BSD +license. Either license may be used at your option. + + + +License +------- + +GPL v2: + +This program is free software; you can redistribute it and/or modify +it under the terms of the GNU General Public License version 2 as +published by the Free Software Foundation. + +This program is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +GNU General Public License for more details. + +You should have received a copy of the GNU General Public License +along with this program; if not, write to the Free Software +Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + +(this copy of the license is in COPYING file) + + +Alternatively, this software may be distributed, used, and modified +under the terms of BSD license: + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are +met: + +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +3. Neither the name(s) of the above-listed copyright holder(s) nor the + names of its contributors may be used to endorse or promote products + derived from this software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT +OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT +LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, +DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY +THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE +OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + + +Introduction +============ + +Originally, hostapd was an optional user space component for Host AP +driver. It adds more features to the basic IEEE 802.11 management +included in the kernel driver: using external RADIUS authentication +server for MAC address based access control, IEEE 802.1X Authenticator +and dynamic WEP keying, RADIUS accounting, WPA/WPA2 (IEEE 802.11i/RSN) +Authenticator and dynamic TKIP/CCMP keying. + +The current version includes support for other drivers, an integrated +EAP server (i.e., allow full authentication without requiring +an external RADIUS authentication server), and RADIUS authentication +server for EAP authentication. + + +Requirements +------------ + +Current hardware/software requirements: +- drivers: + Host AP driver for Prism2/2.5/3. + (http://hostap.epitest.fi/) + Please note that station firmware version needs to be 1.7.0 or newer + to work in WPA mode. + + madwifi driver for cards based on Atheros chip set (ar521x) + (http://sourceforge.net/projects/madwifi/) + Please note that you will need to add the correct path for + madwifi driver root directory in .config (see defconfig file for + an example: CFLAGS += -I) + + Prism54 driver for Intersil/Conexant Prism GT/Duette/Indigo + (http://www.prism54.org/) + + Any wired Ethernet driver for wired IEEE 802.1X authentication + (experimental code) + + FreeBSD -current (with some kernel mods that have not yet been + committed when hostapd v0.3.0 was released) + BSD net80211 layer (e.g., Atheros driver) + + +Build configuration +------------------- + +In order to be able to build hostapd, you will need to create a build +time configuration file, .config that selects which optional +components are included. See defconfig file for example configuration +and list of available options. + + + +IEEE 802.1X +=========== + +IEEE Std 802.1X-2001 is a standard for port-based network access +control. In case of IEEE 802.11 networks, a "virtual port" is used +between each associated station and the AP. IEEE 802.11 specifies +minimal authentication mechanism for stations, whereas IEEE 802.1X +introduces a extensible mechanism for authenticating and authorizing +users. + +IEEE 802.1X uses elements called Supplicant, Authenticator, Port +Access Entity, and Authentication Server. Supplicant is a component in +a station and it performs the authentication with the Authentication +Server. An access point includes an Authenticator that relays the packets +between a Supplicant and an Authentication Server. In addition, it has a +Port Access Entity (PAE) with Authenticator functionality for +controlling the virtual port authorization, i.e., whether to accept +packets from or to the station. + +IEEE 802.1X uses Extensible Authentication Protocol (EAP). The frames +between a Supplicant and an Authenticator are sent using EAP over LAN +(EAPOL) and the Authenticator relays these frames to the Authentication +Server (and similarly, relays the messages from the Authentication +Server to the Supplicant). The Authentication Server can be colocated with the +Authenticator, in which case there is no need for additional protocol +for EAP frame transmission. However, a more common configuration is to +use an external Authentication Server and encapsulate EAP frame in the +frames used by that server. RADIUS is suitable for this, but IEEE +802.1X would also allow other mechanisms. + +Host AP driver includes PAE functionality in the kernel driver. It +is a relatively simple mechanism for denying normal frames going to +or coming from an unauthorized port. PAE allows IEEE 802.1X related +frames to be passed between the Supplicant and the Authenticator even +on an unauthorized port. + +User space daemon, hostapd, includes Authenticator functionality. It +receives 802.1X (EAPOL) frames from the Supplicant using the wlan#ap +device that is also used with IEEE 802.11 management frames. The +frames to the Supplicant are sent using the same device. + +The normal configuration of the Authenticator would use an external +Authentication Server. hostapd supports RADIUS encapsulation of EAP +packets, so the Authentication Server should be a RADIUS server, like +FreeRADIUS (http://www.freeradius.org/). The Authenticator in hostapd +relays the frames between the Supplicant and the Authentication +Server. It also controls the PAE functionality in the kernel driver by +controlling virtual port authorization, i.e., station-AP +connection, based on the IEEE 802.1X state. + +When a station would like to use the services of an access point, it +will first perform IEEE 802.11 authentication. This is normally done +with open systems authentication, so there is no security. After +this, IEEE 802.11 association is performed. If IEEE 802.1X is +configured to be used, the virtual port for the station is set in +Unauthorized state and only IEEE 802.1X frames are accepted at this +point. The Authenticator will then ask the Supplicant to authenticate +with the Authentication Server. After this is completed successfully, +the virtual port is set to Authorized state and frames from and to the +station are accepted. + +Host AP configuration for IEEE 802.1X +------------------------------------- + +The user space daemon has its own configuration file that can be used to +define AP options. Distribution package contains an example +configuration file (hostapd/hostapd.conf) that can be used as a basis +for configuration. It includes examples of all supported configuration +options and short description of each option. hostapd should be started +with full path to the configuration file as the command line argument, +e.g., './hostapd /etc/hostapd.conf'. If you have more that one wireless +LAN card, you can use one hostapd process for multiple interfaces by +giving a list of configuration files (one per interface) in the command +line. + +hostapd includes a minimal co-located IEEE 802.1X server which can be +used to test IEEE 802.1X authentication. However, it should not be +used in normal use since it does not provide any security. This can be +configured by setting ieee8021x and minimal_eap options in the +configuration file. + +An external Authentication Server (RADIUS) is configured with +auth_server_{addr,port,shared_secret} options. In addition, +ieee8021x and own_ip_addr must be set for this mode. With such +configuration, the co-located Authentication Server is not used and EAP +frames will be relayed using EAPOL between the Supplicant and the +Authenticator and RADIUS encapsulation between the Authenticator and +the Authentication Server. Other than this, the functionality is similar +to the case with the co-located Authentication Server. + +Authentication Server and Supplicant +------------------------------------ + +Any RADIUS server supporting EAP should be usable as an IEEE 802.1X +Authentication Server with hostapd Authenticator. FreeRADIUS +(http://www.freeradius.org/) has been successfully tested with hostapd +Authenticator and both Xsupplicant (http://www.open1x.org) and Windows +XP Supplicants. EAP/TLS was used with Xsupplicant and +EAP/MD5-Challenge with Windows XP. + +http://www.missl.cs.umd.edu/wireless/eaptls/ has useful information +about using EAP/TLS with FreeRADIUS and Xsupplicant (just replace +Cisco access point with Host AP driver, hostapd daemon, and a Prism2 +card ;-). http://www.freeradius.org/doc/EAP-MD5.html has information +about using EAP/MD5 with FreeRADIUS, including instructions for WinXP +configuration. http://www.denobula.com/EAPTLS.pdf has a HOWTO on +EAP/TLS use with WinXP Supplicant. + +Automatic WEP key configuration +------------------------------- + +EAP/TLS generates a session key that can be used to send WEP keys from +an AP to authenticated stations. The Authenticator in hostapd can be +configured to automatically select a random default/broadcast key +(shared by all authenticated stations) with wep_key_len_broadcast +option (5 for 40-bit WEP or 13 for 104-bit WEP). In addition, +wep_key_len_unicast option can be used to configure individual unicast +keys for stations. This requires support for individual keys in the +station driver. + +WEP keys can be automatically updated by configuring rekeying. This +will improve security of the network since same WEP key will only be +used for a limited period of time. wep_rekey_period option sets the +interval for rekeying in seconds. + + +WPA/WPA2 +======== + +Features +-------- + +Supported WPA/IEEE 802.11i features: +- WPA-PSK ("WPA-Personal") +- WPA with EAP (e.g., with RADIUS authentication server) ("WPA-Enterprise") +- key management for CCMP, TKIP, WEP104, WEP40 +- RSN/WPA2 (IEEE 802.11i), including PMKSA caching and pre-authentication + +WPA +--- + +The original security mechanism of IEEE 802.11 standard was not +designed to be strong and has proved to be insufficient for most +networks that require some kind of security. Task group I (Security) +of IEEE 802.11 working group (http://www.ieee802.org/11/) has worked +to address the flaws of the base standard and has in practice +completed its work in May 2004. The IEEE 802.11i amendment to the IEEE +802.11 standard was approved in June 2004 and this amendment is likely +to be published in July 2004. + +Wi-Fi Alliance (http://www.wi-fi.org/) used a draft version of the +IEEE 802.11i work (draft 3.0) to define a subset of the security +enhancements that can be implemented with existing wlan hardware. This +is called Wi-Fi Protected Access (WPA). This has now become a +mandatory component of interoperability testing and certification done +by Wi-Fi Alliance. Wi-Fi provides information about WPA at its web +site (http://www.wi-fi.org/OpenSection/protected_access.asp). + +IEEE 802.11 standard defined wired equivalent privacy (WEP) algorithm +for protecting wireless networks. WEP uses RC4 with 40-bit keys, +24-bit initialization vector (IV), and CRC32 to protect against packet +forgery. All these choices have proven to be insufficient: key space is +too small against current attacks, RC4 key scheduling is insufficient +(beginning of the pseudorandom stream should be skipped), IV space is +too small and IV reuse makes attacks easier, there is no replay +protection, and non-keyed authentication does not protect against bit +flipping packet data. + +WPA is an intermediate solution for the security issues. It uses +Temporal Key Integrity Protocol (TKIP) to replace WEP. TKIP is a +compromise on strong security and possibility to use existing +hardware. It still uses RC4 for the encryption like WEP, but with +per-packet RC4 keys. In addition, it implements replay protection, +keyed packet authentication mechanism (Michael MIC). + +Keys can be managed using two different mechanisms. WPA can either use +an external authentication server (e.g., RADIUS) and EAP just like +IEEE 802.1X is using or pre-shared keys without need for additional +servers. Wi-Fi calls these "WPA-Enterprise" and "WPA-Personal", +respectively. Both mechanisms will generate a master session key for +the Authenticator (AP) and Supplicant (client station). + +WPA implements a new key handshake (4-Way Handshake and Group Key +Handshake) for generating and exchanging data encryption keys between +the Authenticator and Supplicant. This handshake is also used to +verify that both Authenticator and Supplicant know the master session +key. These handshakes are identical regardless of the selected key +management mechanism (only the method for generating master session +key changes). + + +IEEE 802.11i / WPA2 +------------------- + +The design for parts of IEEE 802.11i that were not included in WPA has +finished (May 2004) and this amendment to IEEE 802.11 was approved in +June 2004. Wi-Fi Alliance is using the final IEEE 802.11i as a new +version of WPA called WPA2. This includes, e.g., support for more +robust encryption algorithm (CCMP: AES in Counter mode with CBC-MAC) +to replace TKIP and optimizations for handoff (reduced number of +messages in initial key handshake, pre-authentication, and PMKSA caching). + +Some wireless LAN vendors are already providing support for CCMP in +their WPA products. There is no "official" interoperability +certification for CCMP and/or mixed modes using both TKIP and CCMP, so +some interoperability issues can be expected even though many +combinations seem to be working with equipment from different vendors. +Testing for WPA2 is likely to start during the second half of 2004. + +hostapd configuration for WPA/WPA2 +---------------------------------- + +TODO + +# Enable WPA. Setting this variable configures the AP to require WPA (either +# WPA-PSK or WPA-RADIUS/EAP based on other configuration). For WPA-PSK, either +# wpa_psk or wpa_passphrase must be set and wpa_key_mgmt must include WPA-PSK. +# For WPA-RADIUS/EAP, ieee8021x must be set (but without dynamic WEP keys), +# RADIUS authentication server must be configured, and WPA-EAP must be included +# in wpa_key_mgmt. +# This field is a bit field that can be used to enable WPA (IEEE 802.11i/D3.0) +# and/or WPA2 (full IEEE 802.11i/RSN): +# bit0 = WPA +# bit1 = IEEE 802.11i/RSN (WPA2) +#wpa=1 + +# WPA pre-shared keys for WPA-PSK. This can be either entered as a 256-bit +# secret in hex format (64 hex digits), wpa_psk, or as an ASCII passphrase +# (8..63 characters) that will be converted to PSK. This conversion uses SSID +# so the PSK changes when ASCII passphrase is used and the SSID is changed. +#wpa_psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef +#wpa_passphrase=secret passphrase + +# Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or both). The +# entries are separated with a space. +#wpa_key_mgmt=WPA-PSK WPA-EAP + +# Set of accepted cipher suites (encryption algorithms) for pairwise keys +# (unicast packets). This is a space separated list of algorithms: +# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i] +# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i] +# Group cipher suite (encryption algorithm for broadcast and multicast frames) +# is automatically selected based on this configuration. If only CCMP is +# allowed as the pairwise cipher, group cipher will also be CCMP. Otherwise, +# TKIP will be used as the group cipher. +#wpa_pairwise=TKIP CCMP + +# Time interval for rekeying GTK (broadcast/multicast encryption keys) in +# seconds. +#wpa_group_rekey=600 + +# Time interval for rekeying GMK (master key used internally to generate GTKs +# (in seconds). +#wpa_gmk_rekey=86400 + +# Enable IEEE 802.11i/RSN/WPA2 pre-authentication. This is used to speed up +# roaming be pre-authenticating IEEE 802.1X/EAP part of the full RSN +# authentication and key handshake before actually associating with a new AP. +#rsn_preauth=1 +# +# Space separated list of interfaces from which pre-authentication frames are +# accepted (e.g., 'eth0' or 'eth0 wlan0wds0'. This list should include all +# interface that are used for connections to other APs. This could include +# wired interfaces and WDS links. The normal wireless data interface towards +# associated stations (e.g., wlan0) should not be added, since +# pre-authentication is only used with APs other than the currently associated +# one. +#rsn_preauth_interfaces=eth0 diff --git a/contrib/hostapd-0.5.8/README.DELETE b/contrib/hostapd-0.5.8/README.DELETE new file mode 100644 index 0000000000..194d4421a0 --- /dev/null +++ b/contrib/hostapd-0.5.8/README.DELETE @@ -0,0 +1,36 @@ +.cvsignore +ChangeLog +Makefile +defconfig +developer.txt +doc/.cvsignore +doc/code_structure.doxygen +doc/ctrl_iface.doxygen +doc/doxygen.fast +doc/doxygen.full +doc/driver_wrapper.doxygen +doc/eap.doxygen +doc/hostapd.fig +doc/kerneldoc2doxygen.pl +doc/mainpage.doxygen +doc/porting.doxygen +driver_bsd.c +driver_devicescape.c +driver_madwifi.c +driver_prism54.c +driver_test.c +eap_vendor_test.c +hostapd.8 +hostapd_cli.1 +l2_packet_freebsd.c +l2_packet_linux.c +l2_packet_ndis.c +l2_packet_none.c +l2_packet_pcap.c +l2_packet_winpcap.c +logwatch/README +logwatch/hostapd +logwatch/hostapd.conf +madwifi.conf +nt_password_hash.c +os_win32.c diff --git a/contrib/hostapd-0.5.8/README.DRAGONFLY b/contrib/hostapd-0.5.8/README.DRAGONFLY new file mode 100644 index 0000000000..d14626eec5 --- /dev/null +++ b/contrib/hostapd-0.5.8/README.DRAGONFLY @@ -0,0 +1,4 @@ +Original source can be downloaded at: + + +A list of deleted files is in README.DELETED. diff --git a/contrib/hostapd-0.5.8/accounting.c b/contrib/hostapd-0.5.8/accounting.c new file mode 100644 index 0000000000..b22347b2ac --- /dev/null +++ b/contrib/hostapd-0.5.8/accounting.c @@ -0,0 +1,467 @@ +/* + * hostapd / RADIUS Accounting + * Copyright (c) 2002-2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" +#include + +#include "hostapd.h" +#include "radius.h" +#include "radius_client.h" +#include "eloop.h" +#include "accounting.h" +#include "ieee802_1x.h" +#include "driver.h" + + +/* Default interval in seconds for polling TX/RX octets from the driver if + * STA is not using interim accounting. This detects wrap arounds for + * input/output octets and updates Acct-{Input,Output}-Gigawords. */ +#define ACCT_DEFAULT_UPDATE_INTERVAL 300 + +/* from ieee802_1x.c */ +const char *radius_mode_txt(struct hostapd_data *hapd); +int radius_sta_rate(struct hostapd_data *hapd, struct sta_info *sta); + + +static struct radius_msg * accounting_msg(struct hostapd_data *hapd, + struct sta_info *sta, + int status_type) +{ + struct radius_msg *msg; + char buf[128]; + u8 *val; + size_t len; + int i; + + msg = radius_msg_new(RADIUS_CODE_ACCOUNTING_REQUEST, + radius_client_get_id(hapd->radius)); + if (msg == NULL) { + printf("Could not create net RADIUS packet\n"); + return NULL; + } + + if (sta) { + radius_msg_make_authenticator(msg, (u8 *) sta, sizeof(*sta)); + + snprintf(buf, sizeof(buf), "%08X-%08X", + sta->acct_session_id_hi, sta->acct_session_id_lo); + if (!radius_msg_add_attr(msg, RADIUS_ATTR_ACCT_SESSION_ID, + (u8 *) buf, strlen(buf))) { + printf("Could not add Acct-Session-Id\n"); + goto fail; + } + } else { + radius_msg_make_authenticator(msg, (u8 *) hapd, sizeof(*hapd)); + } + + if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_STATUS_TYPE, + status_type)) { + printf("Could not add Acct-Status-Type\n"); + goto fail; + } + + if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_AUTHENTIC, + hapd->conf->ieee802_1x ? + RADIUS_ACCT_AUTHENTIC_RADIUS : + RADIUS_ACCT_AUTHENTIC_LOCAL)) { + printf("Could not add Acct-Authentic\n"); + goto fail; + } + + if (sta) { + val = ieee802_1x_get_identity(sta->eapol_sm, &len); + if (!val) { + snprintf(buf, sizeof(buf), RADIUS_ADDR_FORMAT, + MAC2STR(sta->addr)); + val = (u8 *) buf; + len = strlen(buf); + } + + if (!radius_msg_add_attr(msg, RADIUS_ATTR_USER_NAME, val, + len)) { + printf("Could not add User-Name\n"); + goto fail; + } + } + + if (hapd->conf->own_ip_addr.af == AF_INET && + !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IP_ADDRESS, + (u8 *) &hapd->conf->own_ip_addr.u.v4, 4)) { + printf("Could not add NAS-IP-Address\n"); + goto fail; + } + +#ifdef CONFIG_IPV6 + if (hapd->conf->own_ip_addr.af == AF_INET6 && + !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IPV6_ADDRESS, + (u8 *) &hapd->conf->own_ip_addr.u.v6, 16)) { + printf("Could not add NAS-IPv6-Address\n"); + goto fail; + } +#endif /* CONFIG_IPV6 */ + + if (hapd->conf->nas_identifier && + !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IDENTIFIER, + (u8 *) hapd->conf->nas_identifier, + strlen(hapd->conf->nas_identifier))) { + printf("Could not add NAS-Identifier\n"); + goto fail; + } + + if (sta && + !radius_msg_add_attr_int32(msg, RADIUS_ATTR_NAS_PORT, sta->aid)) { + printf("Could not add NAS-Port\n"); + goto fail; + } + + snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT ":%s", + MAC2STR(hapd->own_addr), hapd->conf->ssid.ssid); + if (!radius_msg_add_attr(msg, RADIUS_ATTR_CALLED_STATION_ID, + (u8 *) buf, strlen(buf))) { + printf("Could not add Called-Station-Id\n"); + goto fail; + } + + if (sta) { + snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT, + MAC2STR(sta->addr)); + if (!radius_msg_add_attr(msg, RADIUS_ATTR_CALLING_STATION_ID, + (u8 *) buf, strlen(buf))) { + printf("Could not add Calling-Station-Id\n"); + goto fail; + } + + if (!radius_msg_add_attr_int32( + msg, RADIUS_ATTR_NAS_PORT_TYPE, + RADIUS_NAS_PORT_TYPE_IEEE_802_11)) { + printf("Could not add NAS-Port-Type\n"); + goto fail; + } + + snprintf(buf, sizeof(buf), "CONNECT %d%sMbps %s", + radius_sta_rate(hapd, sta) / 2, + (radius_sta_rate(hapd, sta) & 1) ? ".5" : "", + radius_mode_txt(hapd)); + if (!radius_msg_add_attr(msg, RADIUS_ATTR_CONNECT_INFO, + (u8 *) buf, strlen(buf))) { + printf("Could not add Connect-Info\n"); + goto fail; + } + + for (i = 0; ; i++) { + val = ieee802_1x_get_radius_class(sta->eapol_sm, &len, + i); + if (val == NULL) + break; + + if (!radius_msg_add_attr(msg, RADIUS_ATTR_CLASS, + val, len)) { + printf("Could not add Class\n"); + goto fail; + } + } + } + + return msg; + + fail: + radius_msg_free(msg); + free(msg); + return NULL; +} + + +static int accounting_sta_update_stats(struct hostapd_data *hapd, + struct sta_info *sta, + struct hostap_sta_driver_data *data) +{ + if (hostapd_read_sta_data(hapd, data, sta->addr)) + return -1; + + if (sta->last_rx_bytes > data->rx_bytes) + sta->acct_input_gigawords++; + if (sta->last_tx_bytes > data->tx_bytes) + sta->acct_output_gigawords++; + sta->last_rx_bytes = data->rx_bytes; + sta->last_tx_bytes = data->tx_bytes; + + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS, + HOSTAPD_LEVEL_DEBUG, "updated TX/RX stats: " + "Acct-Input-Octets=%lu Acct-Input-Gigawords=%u " + "Acct-Output-Octets=%lu Acct-Output-Gigawords=%u", + sta->last_rx_bytes, sta->acct_input_gigawords, + sta->last_tx_bytes, sta->acct_output_gigawords); + + return 0; +} + + +static void accounting_interim_update(void *eloop_ctx, void *timeout_ctx) +{ + struct hostapd_data *hapd = eloop_ctx; + struct sta_info *sta = timeout_ctx; + int interval; + + if (sta->acct_interim_interval) { + accounting_sta_interim(hapd, sta); + interval = sta->acct_interim_interval; + } else { + struct hostap_sta_driver_data data; + accounting_sta_update_stats(hapd, sta, &data); + interval = ACCT_DEFAULT_UPDATE_INTERVAL; + } + + eloop_register_timeout(interval, 0, accounting_interim_update, + hapd, sta); +} + + +void accounting_sta_start(struct hostapd_data *hapd, struct sta_info *sta) +{ + struct radius_msg *msg; + int interval; + + if (sta->acct_session_started) + return; + + time(&sta->acct_session_start); + sta->last_rx_bytes = sta->last_tx_bytes = 0; + sta->acct_input_gigawords = sta->acct_output_gigawords = 0; + hostapd_sta_clear_stats(hapd, sta->addr); + + if (!hapd->conf->radius->acct_server) + return; + + if (sta->acct_interim_interval) + interval = sta->acct_interim_interval; + else + interval = ACCT_DEFAULT_UPDATE_INTERVAL; + eloop_register_timeout(interval, 0, accounting_interim_update, + hapd, sta); + + msg = accounting_msg(hapd, sta, RADIUS_ACCT_STATUS_TYPE_START); + if (msg) + radius_client_send(hapd->radius, msg, RADIUS_ACCT, sta->addr); + + sta->acct_session_started = 1; +} + + +void accounting_sta_report(struct hostapd_data *hapd, struct sta_info *sta, + int stop) +{ + struct radius_msg *msg; + int cause = sta->acct_terminate_cause; + struct hostap_sta_driver_data data; + u32 gigawords; + + if (!hapd->conf->radius->acct_server) + return; + + msg = accounting_msg(hapd, sta, + stop ? RADIUS_ACCT_STATUS_TYPE_STOP : + RADIUS_ACCT_STATUS_TYPE_INTERIM_UPDATE); + if (!msg) { + printf("Could not create RADIUS Accounting message\n"); + return; + } + + if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_SESSION_TIME, + time(NULL) - sta->acct_session_start)) { + printf("Could not add Acct-Session-Time\n"); + goto fail; + } + + if (accounting_sta_update_stats(hapd, sta, &data) == 0) { + if (!radius_msg_add_attr_int32(msg, + RADIUS_ATTR_ACCT_INPUT_PACKETS, + data.rx_packets)) { + printf("Could not add Acct-Input-Packets\n"); + goto fail; + } + if (!radius_msg_add_attr_int32(msg, + RADIUS_ATTR_ACCT_OUTPUT_PACKETS, + data.tx_packets)) { + printf("Could not add Acct-Output-Packets\n"); + goto fail; + } + if (!radius_msg_add_attr_int32(msg, + RADIUS_ATTR_ACCT_INPUT_OCTETS, + data.rx_bytes)) { + printf("Could not add Acct-Input-Octets\n"); + goto fail; + } + gigawords = sta->acct_input_gigawords; +#if __WORDSIZE == 64 + gigawords += data.rx_bytes >> 32; +#endif + if (gigawords && + !radius_msg_add_attr_int32( + msg, RADIUS_ATTR_ACCT_INPUT_GIGAWORDS, + gigawords)) { + printf("Could not add Acct-Input-Gigawords\n"); + goto fail; + } + if (!radius_msg_add_attr_int32(msg, + RADIUS_ATTR_ACCT_OUTPUT_OCTETS, + data.tx_bytes)) { + printf("Could not add Acct-Output-Octets\n"); + goto fail; + } + gigawords = sta->acct_output_gigawords; +#if __WORDSIZE == 64 + gigawords += data.tx_bytes >> 32; +#endif + if (gigawords && + !radius_msg_add_attr_int32( + msg, RADIUS_ATTR_ACCT_OUTPUT_GIGAWORDS, + gigawords)) { + printf("Could not add Acct-Output-Gigawords\n"); + goto fail; + } + } + + if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_EVENT_TIMESTAMP, + time(NULL))) { + printf("Could not add Event-Timestamp\n"); + goto fail; + } + + if (eloop_terminated()) + cause = RADIUS_ACCT_TERMINATE_CAUSE_ADMIN_REBOOT; + + if (stop && cause && + !radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_TERMINATE_CAUSE, + cause)) { + printf("Could not add Acct-Terminate-Cause\n"); + goto fail; + } + + radius_client_send(hapd->radius, msg, + stop ? RADIUS_ACCT : RADIUS_ACCT_INTERIM, + sta->addr); + return; + + fail: + radius_msg_free(msg); + free(msg); +} + + +void accounting_sta_interim(struct hostapd_data *hapd, struct sta_info *sta) +{ + if (sta->acct_session_started) + accounting_sta_report(hapd, sta, 0); +} + + +void accounting_sta_stop(struct hostapd_data *hapd, struct sta_info *sta) +{ + if (sta->acct_session_started) { + accounting_sta_report(hapd, sta, 1); + eloop_cancel_timeout(accounting_interim_update, hapd, sta); + sta->acct_session_started = 0; + } +} + + +void accounting_sta_get_id(struct hostapd_data *hapd, struct sta_info *sta) +{ + sta->acct_session_id_lo = hapd->acct_session_id_lo++; + if (hapd->acct_session_id_lo == 0) { + hapd->acct_session_id_hi++; + } + sta->acct_session_id_hi = hapd->acct_session_id_hi; +} + + +/* Process the RADIUS frames from Accounting Server */ +static RadiusRxResult +accounting_receive(struct radius_msg *msg, struct radius_msg *req, + u8 *shared_secret, size_t shared_secret_len, void *data) +{ + if (msg->hdr->code != RADIUS_CODE_ACCOUNTING_RESPONSE) { + printf("Unknown RADIUS message code\n"); + return RADIUS_RX_UNKNOWN; + } + + if (radius_msg_verify(msg, shared_secret, shared_secret_len, req, 0)) { + printf("Incoming RADIUS packet did not have correct " + "Authenticator - dropped\n"); + return RADIUS_RX_INVALID_AUTHENTICATOR; + } + + return RADIUS_RX_PROCESSED; +} + + +static void accounting_report_state(struct hostapd_data *hapd, int on) +{ + struct radius_msg *msg; + + if (!hapd->conf->radius->acct_server || hapd->radius == NULL) + return; + + /* Inform RADIUS server that accounting will start/stop so that the + * server can close old accounting sessions. */ + msg = accounting_msg(hapd, NULL, + on ? RADIUS_ACCT_STATUS_TYPE_ACCOUNTING_ON : + RADIUS_ACCT_STATUS_TYPE_ACCOUNTING_OFF); + if (!msg) + return; + + if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_ACCT_TERMINATE_CAUSE, + RADIUS_ACCT_TERMINATE_CAUSE_NAS_REBOOT)) + { + printf("Could not add Acct-Terminate-Cause\n"); + radius_msg_free(msg); + free(msg); + return; + } + + radius_client_send(hapd->radius, msg, RADIUS_ACCT, NULL); +} + + +int accounting_init(struct hostapd_data *hapd) +{ + /* Acct-Session-Id should be unique over reboots. If reliable clock is + * not available, this could be replaced with reboot counter, etc. */ + hapd->acct_session_id_hi = time(NULL); + + if (radius_client_register(hapd->radius, RADIUS_ACCT, + accounting_receive, hapd)) + return -1; + + accounting_report_state(hapd, 1); + + return 0; +} + + +void accounting_deinit(struct hostapd_data *hapd) +{ + accounting_report_state(hapd, 0); +} + + +int accounting_reconfig(struct hostapd_data *hapd, + struct hostapd_config *oldconf) +{ + if (!hapd->radius_client_reconfigured) + return 0; + + accounting_deinit(hapd); + return accounting_init(hapd); +} diff --git a/contrib/hostapd-0.5.8/accounting.h b/contrib/hostapd-0.5.8/accounting.h new file mode 100644 index 0000000000..ee2ee64e3b --- /dev/null +++ b/contrib/hostapd-0.5.8/accounting.h @@ -0,0 +1,27 @@ +/* + * hostapd / RADIUS Accounting + * Copyright (c) 2002-2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef ACCOUNTING_H +#define ACCOUNTING_H + +void accounting_sta_start(struct hostapd_data *hapd, struct sta_info *sta); +void accounting_sta_interim(struct hostapd_data *hapd, struct sta_info *sta); +void accounting_sta_stop(struct hostapd_data *hapd, struct sta_info *sta); +void accounting_sta_get_id(struct hostapd_data *hapd, struct sta_info *sta); +int accounting_init(struct hostapd_data *hapd); +void accounting_deinit(struct hostapd_data *hapd); +int accounting_reconfig(struct hostapd_data *hapd, + struct hostapd_config *oldconf); + +#endif /* ACCOUNTING_H */ diff --git a/contrib/hostapd-0.5.8/aes.c b/contrib/hostapd-0.5.8/aes.c new file mode 100644 index 0000000000..1a2459b3e0 --- /dev/null +++ b/contrib/hostapd-0.5.8/aes.c @@ -0,0 +1,1107 @@ +/* + * AES (Rijndael) cipher + * + * Modifications to public domain implementation: + * - support only 128-bit keys + * - cleanup + * - use C pre-processor to make it easier to change S table access + * - added option (AES_SMALL_TABLES) for reducing code size by about 8 kB at + * cost of reduced throughput (quite small difference on Pentium 4, + * 10-25% when using -O1 or -O2 optimization) + * + * Copyright (c) 2003-2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +/* + * rijndael-alg-fst.c + * + * @version 3.0 (December 2000) + * + * Optimised ANSI C code for the Rijndael cipher (now AES) + * + * @author Vincent Rijmen + * @author Antoon Bosselaers + * @author Paulo Barreto + * + * This code is hereby placed in the public domain. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +/* #define FULL_UNROLL */ +#define AES_SMALL_TABLES + + +/* +Te0[x] = S [x].[02, 01, 01, 03]; +Te1[x] = S [x].[03, 02, 01, 01]; +Te2[x] = S [x].[01, 03, 02, 01]; +Te3[x] = S [x].[01, 01, 03, 02]; +Te4[x] = S [x].[01, 01, 01, 01]; + +Td0[x] = Si[x].[0e, 09, 0d, 0b]; +Td1[x] = Si[x].[0b, 0e, 09, 0d]; +Td2[x] = Si[x].[0d, 0b, 0e, 09]; +Td3[x] = Si[x].[09, 0d, 0b, 0e]; +Td4[x] = Si[x].[01, 01, 01, 01]; +*/ + +static const u32 Te0[256] = { + 0xc66363a5U, 0xf87c7c84U, 0xee777799U, 0xf67b7b8dU, + 0xfff2f20dU, 0xd66b6bbdU, 0xde6f6fb1U, 0x91c5c554U, + 0x60303050U, 0x02010103U, 0xce6767a9U, 0x562b2b7dU, + 0xe7fefe19U, 0xb5d7d762U, 0x4dababe6U, 0xec76769aU, + 0x8fcaca45U, 0x1f82829dU, 0x89c9c940U, 0xfa7d7d87U, + 0xeffafa15U, 0xb25959ebU, 0x8e4747c9U, 0xfbf0f00bU, + 0x41adadecU, 0xb3d4d467U, 0x5fa2a2fdU, 0x45afafeaU, + 0x239c9cbfU, 0x53a4a4f7U, 0xe4727296U, 0x9bc0c05bU, + 0x75b7b7c2U, 0xe1fdfd1cU, 0x3d9393aeU, 0x4c26266aU, + 0x6c36365aU, 0x7e3f3f41U, 0xf5f7f702U, 0x83cccc4fU, + 0x6834345cU, 0x51a5a5f4U, 0xd1e5e534U, 0xf9f1f108U, + 0xe2717193U, 0xabd8d873U, 0x62313153U, 0x2a15153fU, + 0x0804040cU, 0x95c7c752U, 0x46232365U, 0x9dc3c35eU, + 0x30181828U, 0x379696a1U, 0x0a05050fU, 0x2f9a9ab5U, + 0x0e070709U, 0x24121236U, 0x1b80809bU, 0xdfe2e23dU, + 0xcdebeb26U, 0x4e272769U, 0x7fb2b2cdU, 0xea75759fU, + 0x1209091bU, 0x1d83839eU, 0x582c2c74U, 0x341a1a2eU, + 0x361b1b2dU, 0xdc6e6eb2U, 0xb45a5aeeU, 0x5ba0a0fbU, + 0xa45252f6U, 0x763b3b4dU, 0xb7d6d661U, 0x7db3b3ceU, + 0x5229297bU, 0xdde3e33eU, 0x5e2f2f71U, 0x13848497U, + 0xa65353f5U, 0xb9d1d168U, 0x00000000U, 0xc1eded2cU, + 0x40202060U, 0xe3fcfc1fU, 0x79b1b1c8U, 0xb65b5bedU, + 0xd46a6abeU, 0x8dcbcb46U, 0x67bebed9U, 0x7239394bU, + 0x944a4adeU, 0x984c4cd4U, 0xb05858e8U, 0x85cfcf4aU, + 0xbbd0d06bU, 0xc5efef2aU, 0x4faaaae5U, 0xedfbfb16U, + 0x864343c5U, 0x9a4d4dd7U, 0x66333355U, 0x11858594U, + 0x8a4545cfU, 0xe9f9f910U, 0x04020206U, 0xfe7f7f81U, + 0xa05050f0U, 0x783c3c44U, 0x259f9fbaU, 0x4ba8a8e3U, + 0xa25151f3U, 0x5da3a3feU, 0x804040c0U, 0x058f8f8aU, + 0x3f9292adU, 0x219d9dbcU, 0x70383848U, 0xf1f5f504U, + 0x63bcbcdfU, 0x77b6b6c1U, 0xafdada75U, 0x42212163U, + 0x20101030U, 0xe5ffff1aU, 0xfdf3f30eU, 0xbfd2d26dU, + 0x81cdcd4cU, 0x180c0c14U, 0x26131335U, 0xc3ecec2fU, + 0xbe5f5fe1U, 0x359797a2U, 0x884444ccU, 0x2e171739U, + 0x93c4c457U, 0x55a7a7f2U, 0xfc7e7e82U, 0x7a3d3d47U, + 0xc86464acU, 0xba5d5de7U, 0x3219192bU, 0xe6737395U, + 0xc06060a0U, 0x19818198U, 0x9e4f4fd1U, 0xa3dcdc7fU, + 0x44222266U, 0x542a2a7eU, 0x3b9090abU, 0x0b888883U, + 0x8c4646caU, 0xc7eeee29U, 0x6bb8b8d3U, 0x2814143cU, + 0xa7dede79U, 0xbc5e5ee2U, 0x160b0b1dU, 0xaddbdb76U, + 0xdbe0e03bU, 0x64323256U, 0x743a3a4eU, 0x140a0a1eU, + 0x924949dbU, 0x0c06060aU, 0x4824246cU, 0xb85c5ce4U, + 0x9fc2c25dU, 0xbdd3d36eU, 0x43acacefU, 0xc46262a6U, + 0x399191a8U, 0x319595a4U, 0xd3e4e437U, 0xf279798bU, + 0xd5e7e732U, 0x8bc8c843U, 0x6e373759U, 0xda6d6db7U, + 0x018d8d8cU, 0xb1d5d564U, 0x9c4e4ed2U, 0x49a9a9e0U, + 0xd86c6cb4U, 0xac5656faU, 0xf3f4f407U, 0xcfeaea25U, + 0xca6565afU, 0xf47a7a8eU, 0x47aeaee9U, 0x10080818U, + 0x6fbabad5U, 0xf0787888U, 0x4a25256fU, 0x5c2e2e72U, + 0x381c1c24U, 0x57a6a6f1U, 0x73b4b4c7U, 0x97c6c651U, + 0xcbe8e823U, 0xa1dddd7cU, 0xe874749cU, 0x3e1f1f21U, + 0x964b4bddU, 0x61bdbddcU, 0x0d8b8b86U, 0x0f8a8a85U, + 0xe0707090U, 0x7c3e3e42U, 0x71b5b5c4U, 0xcc6666aaU, + 0x904848d8U, 0x06030305U, 0xf7f6f601U, 0x1c0e0e12U, + 0xc26161a3U, 0x6a35355fU, 0xae5757f9U, 0x69b9b9d0U, + 0x17868691U, 0x99c1c158U, 0x3a1d1d27U, 0x279e9eb9U, + 0xd9e1e138U, 0xebf8f813U, 0x2b9898b3U, 0x22111133U, + 0xd26969bbU, 0xa9d9d970U, 0x078e8e89U, 0x339494a7U, + 0x2d9b9bb6U, 0x3c1e1e22U, 0x15878792U, 0xc9e9e920U, + 0x87cece49U, 0xaa5555ffU, 0x50282878U, 0xa5dfdf7aU, + 0x038c8c8fU, 0x59a1a1f8U, 0x09898980U, 0x1a0d0d17U, + 0x65bfbfdaU, 0xd7e6e631U, 0x844242c6U, 0xd06868b8U, + 0x824141c3U, 0x299999b0U, 0x5a2d2d77U, 0x1e0f0f11U, + 0x7bb0b0cbU, 0xa85454fcU, 0x6dbbbbd6U, 0x2c16163aU, +}; +#ifndef AES_SMALL_TABLES +static const u32 Te1[256] = { + 0xa5c66363U, 0x84f87c7cU, 0x99ee7777U, 0x8df67b7bU, + 0x0dfff2f2U, 0xbdd66b6bU, 0xb1de6f6fU, 0x5491c5c5U, + 0x50603030U, 0x03020101U, 0xa9ce6767U, 0x7d562b2bU, + 0x19e7fefeU, 0x62b5d7d7U, 0xe64dababU, 0x9aec7676U, + 0x458fcacaU, 0x9d1f8282U, 0x4089c9c9U, 0x87fa7d7dU, + 0x15effafaU, 0xebb25959U, 0xc98e4747U, 0x0bfbf0f0U, + 0xec41adadU, 0x67b3d4d4U, 0xfd5fa2a2U, 0xea45afafU, + 0xbf239c9cU, 0xf753a4a4U, 0x96e47272U, 0x5b9bc0c0U, + 0xc275b7b7U, 0x1ce1fdfdU, 0xae3d9393U, 0x6a4c2626U, + 0x5a6c3636U, 0x417e3f3fU, 0x02f5f7f7U, 0x4f83ccccU, + 0x5c683434U, 0xf451a5a5U, 0x34d1e5e5U, 0x08f9f1f1U, + 0x93e27171U, 0x73abd8d8U, 0x53623131U, 0x3f2a1515U, + 0x0c080404U, 0x5295c7c7U, 0x65462323U, 0x5e9dc3c3U, + 0x28301818U, 0xa1379696U, 0x0f0a0505U, 0xb52f9a9aU, + 0x090e0707U, 0x36241212U, 0x9b1b8080U, 0x3ddfe2e2U, + 0x26cdebebU, 0x694e2727U, 0xcd7fb2b2U, 0x9fea7575U, + 0x1b120909U, 0x9e1d8383U, 0x74582c2cU, 0x2e341a1aU, + 0x2d361b1bU, 0xb2dc6e6eU, 0xeeb45a5aU, 0xfb5ba0a0U, + 0xf6a45252U, 0x4d763b3bU, 0x61b7d6d6U, 0xce7db3b3U, + 0x7b522929U, 0x3edde3e3U, 0x715e2f2fU, 0x97138484U, + 0xf5a65353U, 0x68b9d1d1U, 0x00000000U, 0x2cc1ededU, + 0x60402020U, 0x1fe3fcfcU, 0xc879b1b1U, 0xedb65b5bU, + 0xbed46a6aU, 0x468dcbcbU, 0xd967bebeU, 0x4b723939U, + 0xde944a4aU, 0xd4984c4cU, 0xe8b05858U, 0x4a85cfcfU, + 0x6bbbd0d0U, 0x2ac5efefU, 0xe54faaaaU, 0x16edfbfbU, + 0xc5864343U, 0xd79a4d4dU, 0x55663333U, 0x94118585U, + 0xcf8a4545U, 0x10e9f9f9U, 0x06040202U, 0x81fe7f7fU, + 0xf0a05050U, 0x44783c3cU, 0xba259f9fU, 0xe34ba8a8U, + 0xf3a25151U, 0xfe5da3a3U, 0xc0804040U, 0x8a058f8fU, + 0xad3f9292U, 0xbc219d9dU, 0x48703838U, 0x04f1f5f5U, + 0xdf63bcbcU, 0xc177b6b6U, 0x75afdadaU, 0x63422121U, + 0x30201010U, 0x1ae5ffffU, 0x0efdf3f3U, 0x6dbfd2d2U, + 0x4c81cdcdU, 0x14180c0cU, 0x35261313U, 0x2fc3ececU, + 0xe1be5f5fU, 0xa2359797U, 0xcc884444U, 0x392e1717U, + 0x5793c4c4U, 0xf255a7a7U, 0x82fc7e7eU, 0x477a3d3dU, + 0xacc86464U, 0xe7ba5d5dU, 0x2b321919U, 0x95e67373U, + 0xa0c06060U, 0x98198181U, 0xd19e4f4fU, 0x7fa3dcdcU, + 0x66442222U, 0x7e542a2aU, 0xab3b9090U, 0x830b8888U, + 0xca8c4646U, 0x29c7eeeeU, 0xd36bb8b8U, 0x3c281414U, + 0x79a7dedeU, 0xe2bc5e5eU, 0x1d160b0bU, 0x76addbdbU, + 0x3bdbe0e0U, 0x56643232U, 0x4e743a3aU, 0x1e140a0aU, + 0xdb924949U, 0x0a0c0606U, 0x6c482424U, 0xe4b85c5cU, + 0x5d9fc2c2U, 0x6ebdd3d3U, 0xef43acacU, 0xa6c46262U, + 0xa8399191U, 0xa4319595U, 0x37d3e4e4U, 0x8bf27979U, + 0x32d5e7e7U, 0x438bc8c8U, 0x596e3737U, 0xb7da6d6dU, + 0x8c018d8dU, 0x64b1d5d5U, 0xd29c4e4eU, 0xe049a9a9U, + 0xb4d86c6cU, 0xfaac5656U, 0x07f3f4f4U, 0x25cfeaeaU, + 0xafca6565U, 0x8ef47a7aU, 0xe947aeaeU, 0x18100808U, + 0xd56fbabaU, 0x88f07878U, 0x6f4a2525U, 0x725c2e2eU, + 0x24381c1cU, 0xf157a6a6U, 0xc773b4b4U, 0x5197c6c6U, + 0x23cbe8e8U, 0x7ca1ddddU, 0x9ce87474U, 0x213e1f1fU, + 0xdd964b4bU, 0xdc61bdbdU, 0x860d8b8bU, 0x850f8a8aU, + 0x90e07070U, 0x427c3e3eU, 0xc471b5b5U, 0xaacc6666U, + 0xd8904848U, 0x05060303U, 0x01f7f6f6U, 0x121c0e0eU, + 0xa3c26161U, 0x5f6a3535U, 0xf9ae5757U, 0xd069b9b9U, + 0x91178686U, 0x5899c1c1U, 0x273a1d1dU, 0xb9279e9eU, + 0x38d9e1e1U, 0x13ebf8f8U, 0xb32b9898U, 0x33221111U, + 0xbbd26969U, 0x70a9d9d9U, 0x89078e8eU, 0xa7339494U, + 0xb62d9b9bU, 0x223c1e1eU, 0x92158787U, 0x20c9e9e9U, + 0x4987ceceU, 0xffaa5555U, 0x78502828U, 0x7aa5dfdfU, + 0x8f038c8cU, 0xf859a1a1U, 0x80098989U, 0x171a0d0dU, + 0xda65bfbfU, 0x31d7e6e6U, 0xc6844242U, 0xb8d06868U, + 0xc3824141U, 0xb0299999U, 0x775a2d2dU, 0x111e0f0fU, + 0xcb7bb0b0U, 0xfca85454U, 0xd66dbbbbU, 0x3a2c1616U, +}; +static const u32 Te2[256] = { + 0x63a5c663U, 0x7c84f87cU, 0x7799ee77U, 0x7b8df67bU, + 0xf20dfff2U, 0x6bbdd66bU, 0x6fb1de6fU, 0xc55491c5U, + 0x30506030U, 0x01030201U, 0x67a9ce67U, 0x2b7d562bU, + 0xfe19e7feU, 0xd762b5d7U, 0xabe64dabU, 0x769aec76U, + 0xca458fcaU, 0x829d1f82U, 0xc94089c9U, 0x7d87fa7dU, + 0xfa15effaU, 0x59ebb259U, 0x47c98e47U, 0xf00bfbf0U, + 0xadec41adU, 0xd467b3d4U, 0xa2fd5fa2U, 0xafea45afU, + 0x9cbf239cU, 0xa4f753a4U, 0x7296e472U, 0xc05b9bc0U, + 0xb7c275b7U, 0xfd1ce1fdU, 0x93ae3d93U, 0x266a4c26U, + 0x365a6c36U, 0x3f417e3fU, 0xf702f5f7U, 0xcc4f83ccU, + 0x345c6834U, 0xa5f451a5U, 0xe534d1e5U, 0xf108f9f1U, + 0x7193e271U, 0xd873abd8U, 0x31536231U, 0x153f2a15U, + 0x040c0804U, 0xc75295c7U, 0x23654623U, 0xc35e9dc3U, + 0x18283018U, 0x96a13796U, 0x050f0a05U, 0x9ab52f9aU, + 0x07090e07U, 0x12362412U, 0x809b1b80U, 0xe23ddfe2U, + 0xeb26cdebU, 0x27694e27U, 0xb2cd7fb2U, 0x759fea75U, + 0x091b1209U, 0x839e1d83U, 0x2c74582cU, 0x1a2e341aU, + 0x1b2d361bU, 0x6eb2dc6eU, 0x5aeeb45aU, 0xa0fb5ba0U, + 0x52f6a452U, 0x3b4d763bU, 0xd661b7d6U, 0xb3ce7db3U, + 0x297b5229U, 0xe33edde3U, 0x2f715e2fU, 0x84971384U, + 0x53f5a653U, 0xd168b9d1U, 0x00000000U, 0xed2cc1edU, + 0x20604020U, 0xfc1fe3fcU, 0xb1c879b1U, 0x5bedb65bU, + 0x6abed46aU, 0xcb468dcbU, 0xbed967beU, 0x394b7239U, + 0x4ade944aU, 0x4cd4984cU, 0x58e8b058U, 0xcf4a85cfU, + 0xd06bbbd0U, 0xef2ac5efU, 0xaae54faaU, 0xfb16edfbU, + 0x43c58643U, 0x4dd79a4dU, 0x33556633U, 0x85941185U, + 0x45cf8a45U, 0xf910e9f9U, 0x02060402U, 0x7f81fe7fU, + 0x50f0a050U, 0x3c44783cU, 0x9fba259fU, 0xa8e34ba8U, + 0x51f3a251U, 0xa3fe5da3U, 0x40c08040U, 0x8f8a058fU, + 0x92ad3f92U, 0x9dbc219dU, 0x38487038U, 0xf504f1f5U, + 0xbcdf63bcU, 0xb6c177b6U, 0xda75afdaU, 0x21634221U, + 0x10302010U, 0xff1ae5ffU, 0xf30efdf3U, 0xd26dbfd2U, + 0xcd4c81cdU, 0x0c14180cU, 0x13352613U, 0xec2fc3ecU, + 0x5fe1be5fU, 0x97a23597U, 0x44cc8844U, 0x17392e17U, + 0xc45793c4U, 0xa7f255a7U, 0x7e82fc7eU, 0x3d477a3dU, + 0x64acc864U, 0x5de7ba5dU, 0x192b3219U, 0x7395e673U, + 0x60a0c060U, 0x81981981U, 0x4fd19e4fU, 0xdc7fa3dcU, + 0x22664422U, 0x2a7e542aU, 0x90ab3b90U, 0x88830b88U, + 0x46ca8c46U, 0xee29c7eeU, 0xb8d36bb8U, 0x143c2814U, + 0xde79a7deU, 0x5ee2bc5eU, 0x0b1d160bU, 0xdb76addbU, + 0xe03bdbe0U, 0x32566432U, 0x3a4e743aU, 0x0a1e140aU, + 0x49db9249U, 0x060a0c06U, 0x246c4824U, 0x5ce4b85cU, + 0xc25d9fc2U, 0xd36ebdd3U, 0xacef43acU, 0x62a6c462U, + 0x91a83991U, 0x95a43195U, 0xe437d3e4U, 0x798bf279U, + 0xe732d5e7U, 0xc8438bc8U, 0x37596e37U, 0x6db7da6dU, + 0x8d8c018dU, 0xd564b1d5U, 0x4ed29c4eU, 0xa9e049a9U, + 0x6cb4d86cU, 0x56faac56U, 0xf407f3f4U, 0xea25cfeaU, + 0x65afca65U, 0x7a8ef47aU, 0xaee947aeU, 0x08181008U, + 0xbad56fbaU, 0x7888f078U, 0x256f4a25U, 0x2e725c2eU, + 0x1c24381cU, 0xa6f157a6U, 0xb4c773b4U, 0xc65197c6U, + 0xe823cbe8U, 0xdd7ca1ddU, 0x749ce874U, 0x1f213e1fU, + 0x4bdd964bU, 0xbddc61bdU, 0x8b860d8bU, 0x8a850f8aU, + 0x7090e070U, 0x3e427c3eU, 0xb5c471b5U, 0x66aacc66U, + 0x48d89048U, 0x03050603U, 0xf601f7f6U, 0x0e121c0eU, + 0x61a3c261U, 0x355f6a35U, 0x57f9ae57U, 0xb9d069b9U, + 0x86911786U, 0xc15899c1U, 0x1d273a1dU, 0x9eb9279eU, + 0xe138d9e1U, 0xf813ebf8U, 0x98b32b98U, 0x11332211U, + 0x69bbd269U, 0xd970a9d9U, 0x8e89078eU, 0x94a73394U, + 0x9bb62d9bU, 0x1e223c1eU, 0x87921587U, 0xe920c9e9U, + 0xce4987ceU, 0x55ffaa55U, 0x28785028U, 0xdf7aa5dfU, + 0x8c8f038cU, 0xa1f859a1U, 0x89800989U, 0x0d171a0dU, + 0xbfda65bfU, 0xe631d7e6U, 0x42c68442U, 0x68b8d068U, + 0x41c38241U, 0x99b02999U, 0x2d775a2dU, 0x0f111e0fU, + 0xb0cb7bb0U, 0x54fca854U, 0xbbd66dbbU, 0x163a2c16U, +}; +static const u32 Te3[256] = { + + 0x6363a5c6U, 0x7c7c84f8U, 0x777799eeU, 0x7b7b8df6U, + 0xf2f20dffU, 0x6b6bbdd6U, 0x6f6fb1deU, 0xc5c55491U, + 0x30305060U, 0x01010302U, 0x6767a9ceU, 0x2b2b7d56U, + 0xfefe19e7U, 0xd7d762b5U, 0xababe64dU, 0x76769aecU, + 0xcaca458fU, 0x82829d1fU, 0xc9c94089U, 0x7d7d87faU, + 0xfafa15efU, 0x5959ebb2U, 0x4747c98eU, 0xf0f00bfbU, + 0xadadec41U, 0xd4d467b3U, 0xa2a2fd5fU, 0xafafea45U, + 0x9c9cbf23U, 0xa4a4f753U, 0x727296e4U, 0xc0c05b9bU, + 0xb7b7c275U, 0xfdfd1ce1U, 0x9393ae3dU, 0x26266a4cU, + 0x36365a6cU, 0x3f3f417eU, 0xf7f702f5U, 0xcccc4f83U, + 0x34345c68U, 0xa5a5f451U, 0xe5e534d1U, 0xf1f108f9U, + 0x717193e2U, 0xd8d873abU, 0x31315362U, 0x15153f2aU, + 0x04040c08U, 0xc7c75295U, 0x23236546U, 0xc3c35e9dU, + 0x18182830U, 0x9696a137U, 0x05050f0aU, 0x9a9ab52fU, + 0x0707090eU, 0x12123624U, 0x80809b1bU, 0xe2e23ddfU, + 0xebeb26cdU, 0x2727694eU, 0xb2b2cd7fU, 0x75759feaU, + 0x09091b12U, 0x83839e1dU, 0x2c2c7458U, 0x1a1a2e34U, + 0x1b1b2d36U, 0x6e6eb2dcU, 0x5a5aeeb4U, 0xa0a0fb5bU, + 0x5252f6a4U, 0x3b3b4d76U, 0xd6d661b7U, 0xb3b3ce7dU, + 0x29297b52U, 0xe3e33eddU, 0x2f2f715eU, 0x84849713U, + 0x5353f5a6U, 0xd1d168b9U, 0x00000000U, 0xeded2cc1U, + 0x20206040U, 0xfcfc1fe3U, 0xb1b1c879U, 0x5b5bedb6U, + 0x6a6abed4U, 0xcbcb468dU, 0xbebed967U, 0x39394b72U, + 0x4a4ade94U, 0x4c4cd498U, 0x5858e8b0U, 0xcfcf4a85U, + 0xd0d06bbbU, 0xefef2ac5U, 0xaaaae54fU, 0xfbfb16edU, + 0x4343c586U, 0x4d4dd79aU, 0x33335566U, 0x85859411U, + 0x4545cf8aU, 0xf9f910e9U, 0x02020604U, 0x7f7f81feU, + 0x5050f0a0U, 0x3c3c4478U, 0x9f9fba25U, 0xa8a8e34bU, + 0x5151f3a2U, 0xa3a3fe5dU, 0x4040c080U, 0x8f8f8a05U, + 0x9292ad3fU, 0x9d9dbc21U, 0x38384870U, 0xf5f504f1U, + 0xbcbcdf63U, 0xb6b6c177U, 0xdada75afU, 0x21216342U, + 0x10103020U, 0xffff1ae5U, 0xf3f30efdU, 0xd2d26dbfU, + 0xcdcd4c81U, 0x0c0c1418U, 0x13133526U, 0xecec2fc3U, + 0x5f5fe1beU, 0x9797a235U, 0x4444cc88U, 0x1717392eU, + 0xc4c45793U, 0xa7a7f255U, 0x7e7e82fcU, 0x3d3d477aU, + 0x6464acc8U, 0x5d5de7baU, 0x19192b32U, 0x737395e6U, + 0x6060a0c0U, 0x81819819U, 0x4f4fd19eU, 0xdcdc7fa3U, + 0x22226644U, 0x2a2a7e54U, 0x9090ab3bU, 0x8888830bU, + 0x4646ca8cU, 0xeeee29c7U, 0xb8b8d36bU, 0x14143c28U, + 0xdede79a7U, 0x5e5ee2bcU, 0x0b0b1d16U, 0xdbdb76adU, + 0xe0e03bdbU, 0x32325664U, 0x3a3a4e74U, 0x0a0a1e14U, + 0x4949db92U, 0x06060a0cU, 0x24246c48U, 0x5c5ce4b8U, + 0xc2c25d9fU, 0xd3d36ebdU, 0xacacef43U, 0x6262a6c4U, + 0x9191a839U, 0x9595a431U, 0xe4e437d3U, 0x79798bf2U, + 0xe7e732d5U, 0xc8c8438bU, 0x3737596eU, 0x6d6db7daU, + 0x8d8d8c01U, 0xd5d564b1U, 0x4e4ed29cU, 0xa9a9e049U, + 0x6c6cb4d8U, 0x5656faacU, 0xf4f407f3U, 0xeaea25cfU, + 0x6565afcaU, 0x7a7a8ef4U, 0xaeaee947U, 0x08081810U, + 0xbabad56fU, 0x787888f0U, 0x25256f4aU, 0x2e2e725cU, + 0x1c1c2438U, 0xa6a6f157U, 0xb4b4c773U, 0xc6c65197U, + 0xe8e823cbU, 0xdddd7ca1U, 0x74749ce8U, 0x1f1f213eU, + 0x4b4bdd96U, 0xbdbddc61U, 0x8b8b860dU, 0x8a8a850fU, + 0x707090e0U, 0x3e3e427cU, 0xb5b5c471U, 0x6666aaccU, + 0x4848d890U, 0x03030506U, 0xf6f601f7U, 0x0e0e121cU, + 0x6161a3c2U, 0x35355f6aU, 0x5757f9aeU, 0xb9b9d069U, + 0x86869117U, 0xc1c15899U, 0x1d1d273aU, 0x9e9eb927U, + 0xe1e138d9U, 0xf8f813ebU, 0x9898b32bU, 0x11113322U, + 0x6969bbd2U, 0xd9d970a9U, 0x8e8e8907U, 0x9494a733U, + 0x9b9bb62dU, 0x1e1e223cU, 0x87879215U, 0xe9e920c9U, + 0xcece4987U, 0x5555ffaaU, 0x28287850U, 0xdfdf7aa5U, + 0x8c8c8f03U, 0xa1a1f859U, 0x89898009U, 0x0d0d171aU, + 0xbfbfda65U, 0xe6e631d7U, 0x4242c684U, 0x6868b8d0U, + 0x4141c382U, 0x9999b029U, 0x2d2d775aU, 0x0f0f111eU, + 0xb0b0cb7bU, 0x5454fca8U, 0xbbbbd66dU, 0x16163a2cU, +}; +static const u32 Te4[256] = { + 0x63636363U, 0x7c7c7c7cU, 0x77777777U, 0x7b7b7b7bU, + 0xf2f2f2f2U, 0x6b6b6b6bU, 0x6f6f6f6fU, 0xc5c5c5c5U, + 0x30303030U, 0x01010101U, 0x67676767U, 0x2b2b2b2bU, + 0xfefefefeU, 0xd7d7d7d7U, 0xababababU, 0x76767676U, + 0xcacacacaU, 0x82828282U, 0xc9c9c9c9U, 0x7d7d7d7dU, + 0xfafafafaU, 0x59595959U, 0x47474747U, 0xf0f0f0f0U, + 0xadadadadU, 0xd4d4d4d4U, 0xa2a2a2a2U, 0xafafafafU, + 0x9c9c9c9cU, 0xa4a4a4a4U, 0x72727272U, 0xc0c0c0c0U, + 0xb7b7b7b7U, 0xfdfdfdfdU, 0x93939393U, 0x26262626U, + 0x36363636U, 0x3f3f3f3fU, 0xf7f7f7f7U, 0xccccccccU, + 0x34343434U, 0xa5a5a5a5U, 0xe5e5e5e5U, 0xf1f1f1f1U, + 0x71717171U, 0xd8d8d8d8U, 0x31313131U, 0x15151515U, + 0x04040404U, 0xc7c7c7c7U, 0x23232323U, 0xc3c3c3c3U, + 0x18181818U, 0x96969696U, 0x05050505U, 0x9a9a9a9aU, + 0x07070707U, 0x12121212U, 0x80808080U, 0xe2e2e2e2U, + 0xebebebebU, 0x27272727U, 0xb2b2b2b2U, 0x75757575U, + 0x09090909U, 0x83838383U, 0x2c2c2c2cU, 0x1a1a1a1aU, + 0x1b1b1b1bU, 0x6e6e6e6eU, 0x5a5a5a5aU, 0xa0a0a0a0U, + 0x52525252U, 0x3b3b3b3bU, 0xd6d6d6d6U, 0xb3b3b3b3U, + 0x29292929U, 0xe3e3e3e3U, 0x2f2f2f2fU, 0x84848484U, + 0x53535353U, 0xd1d1d1d1U, 0x00000000U, 0xededededU, + 0x20202020U, 0xfcfcfcfcU, 0xb1b1b1b1U, 0x5b5b5b5bU, + 0x6a6a6a6aU, 0xcbcbcbcbU, 0xbebebebeU, 0x39393939U, + 0x4a4a4a4aU, 0x4c4c4c4cU, 0x58585858U, 0xcfcfcfcfU, + 0xd0d0d0d0U, 0xefefefefU, 0xaaaaaaaaU, 0xfbfbfbfbU, + 0x43434343U, 0x4d4d4d4dU, 0x33333333U, 0x85858585U, + 0x45454545U, 0xf9f9f9f9U, 0x02020202U, 0x7f7f7f7fU, + 0x50505050U, 0x3c3c3c3cU, 0x9f9f9f9fU, 0xa8a8a8a8U, + 0x51515151U, 0xa3a3a3a3U, 0x40404040U, 0x8f8f8f8fU, + 0x92929292U, 0x9d9d9d9dU, 0x38383838U, 0xf5f5f5f5U, + 0xbcbcbcbcU, 0xb6b6b6b6U, 0xdadadadaU, 0x21212121U, + 0x10101010U, 0xffffffffU, 0xf3f3f3f3U, 0xd2d2d2d2U, + 0xcdcdcdcdU, 0x0c0c0c0cU, 0x13131313U, 0xececececU, + 0x5f5f5f5fU, 0x97979797U, 0x44444444U, 0x17171717U, + 0xc4c4c4c4U, 0xa7a7a7a7U, 0x7e7e7e7eU, 0x3d3d3d3dU, + 0x64646464U, 0x5d5d5d5dU, 0x19191919U, 0x73737373U, + 0x60606060U, 0x81818181U, 0x4f4f4f4fU, 0xdcdcdcdcU, + 0x22222222U, 0x2a2a2a2aU, 0x90909090U, 0x88888888U, + 0x46464646U, 0xeeeeeeeeU, 0xb8b8b8b8U, 0x14141414U, + 0xdedededeU, 0x5e5e5e5eU, 0x0b0b0b0bU, 0xdbdbdbdbU, + 0xe0e0e0e0U, 0x32323232U, 0x3a3a3a3aU, 0x0a0a0a0aU, + 0x49494949U, 0x06060606U, 0x24242424U, 0x5c5c5c5cU, + 0xc2c2c2c2U, 0xd3d3d3d3U, 0xacacacacU, 0x62626262U, + 0x91919191U, 0x95959595U, 0xe4e4e4e4U, 0x79797979U, + 0xe7e7e7e7U, 0xc8c8c8c8U, 0x37373737U, 0x6d6d6d6dU, + 0x8d8d8d8dU, 0xd5d5d5d5U, 0x4e4e4e4eU, 0xa9a9a9a9U, + 0x6c6c6c6cU, 0x56565656U, 0xf4f4f4f4U, 0xeaeaeaeaU, + 0x65656565U, 0x7a7a7a7aU, 0xaeaeaeaeU, 0x08080808U, + 0xbabababaU, 0x78787878U, 0x25252525U, 0x2e2e2e2eU, + 0x1c1c1c1cU, 0xa6a6a6a6U, 0xb4b4b4b4U, 0xc6c6c6c6U, + 0xe8e8e8e8U, 0xddddddddU, 0x74747474U, 0x1f1f1f1fU, + 0x4b4b4b4bU, 0xbdbdbdbdU, 0x8b8b8b8bU, 0x8a8a8a8aU, + 0x70707070U, 0x3e3e3e3eU, 0xb5b5b5b5U, 0x66666666U, + 0x48484848U, 0x03030303U, 0xf6f6f6f6U, 0x0e0e0e0eU, + 0x61616161U, 0x35353535U, 0x57575757U, 0xb9b9b9b9U, + 0x86868686U, 0xc1c1c1c1U, 0x1d1d1d1dU, 0x9e9e9e9eU, + 0xe1e1e1e1U, 0xf8f8f8f8U, 0x98989898U, 0x11111111U, + 0x69696969U, 0xd9d9d9d9U, 0x8e8e8e8eU, 0x94949494U, + 0x9b9b9b9bU, 0x1e1e1e1eU, 0x87878787U, 0xe9e9e9e9U, + 0xcecececeU, 0x55555555U, 0x28282828U, 0xdfdfdfdfU, + 0x8c8c8c8cU, 0xa1a1a1a1U, 0x89898989U, 0x0d0d0d0dU, + 0xbfbfbfbfU, 0xe6e6e6e6U, 0x42424242U, 0x68686868U, + 0x41414141U, 0x99999999U, 0x2d2d2d2dU, 0x0f0f0f0fU, + 0xb0b0b0b0U, 0x54545454U, 0xbbbbbbbbU, 0x16161616U, +}; +#endif /* AES_SMALL_TABLES */ +static const u32 Td0[256] = { + 0x51f4a750U, 0x7e416553U, 0x1a17a4c3U, 0x3a275e96U, + 0x3bab6bcbU, 0x1f9d45f1U, 0xacfa58abU, 0x4be30393U, + 0x2030fa55U, 0xad766df6U, 0x88cc7691U, 0xf5024c25U, + 0x4fe5d7fcU, 0xc52acbd7U, 0x26354480U, 0xb562a38fU, + 0xdeb15a49U, 0x25ba1b67U, 0x45ea0e98U, 0x5dfec0e1U, + 0xc32f7502U, 0x814cf012U, 0x8d4697a3U, 0x6bd3f9c6U, + 0x038f5fe7U, 0x15929c95U, 0xbf6d7aebU, 0x955259daU, + 0xd4be832dU, 0x587421d3U, 0x49e06929U, 0x8ec9c844U, + 0x75c2896aU, 0xf48e7978U, 0x99583e6bU, 0x27b971ddU, + 0xbee14fb6U, 0xf088ad17U, 0xc920ac66U, 0x7dce3ab4U, + 0x63df4a18U, 0xe51a3182U, 0x97513360U, 0x62537f45U, + 0xb16477e0U, 0xbb6bae84U, 0xfe81a01cU, 0xf9082b94U, + 0x70486858U, 0x8f45fd19U, 0x94de6c87U, 0x527bf8b7U, + 0xab73d323U, 0x724b02e2U, 0xe31f8f57U, 0x6655ab2aU, + 0xb2eb2807U, 0x2fb5c203U, 0x86c57b9aU, 0xd33708a5U, + 0x302887f2U, 0x23bfa5b2U, 0x02036abaU, 0xed16825cU, + 0x8acf1c2bU, 0xa779b492U, 0xf307f2f0U, 0x4e69e2a1U, + 0x65daf4cdU, 0x0605bed5U, 0xd134621fU, 0xc4a6fe8aU, + 0x342e539dU, 0xa2f355a0U, 0x058ae132U, 0xa4f6eb75U, + 0x0b83ec39U, 0x4060efaaU, 0x5e719f06U, 0xbd6e1051U, + 0x3e218af9U, 0x96dd063dU, 0xdd3e05aeU, 0x4de6bd46U, + 0x91548db5U, 0x71c45d05U, 0x0406d46fU, 0x605015ffU, + 0x1998fb24U, 0xd6bde997U, 0x894043ccU, 0x67d99e77U, + 0xb0e842bdU, 0x07898b88U, 0xe7195b38U, 0x79c8eedbU, + 0xa17c0a47U, 0x7c420fe9U, 0xf8841ec9U, 0x00000000U, + 0x09808683U, 0x322bed48U, 0x1e1170acU, 0x6c5a724eU, + 0xfd0efffbU, 0x0f853856U, 0x3daed51eU, 0x362d3927U, + 0x0a0fd964U, 0x685ca621U, 0x9b5b54d1U, 0x24362e3aU, + 0x0c0a67b1U, 0x9357e70fU, 0xb4ee96d2U, 0x1b9b919eU, + 0x80c0c54fU, 0x61dc20a2U, 0x5a774b69U, 0x1c121a16U, + 0xe293ba0aU, 0xc0a02ae5U, 0x3c22e043U, 0x121b171dU, + 0x0e090d0bU, 0xf28bc7adU, 0x2db6a8b9U, 0x141ea9c8U, + 0x57f11985U, 0xaf75074cU, 0xee99ddbbU, 0xa37f60fdU, + 0xf701269fU, 0x5c72f5bcU, 0x44663bc5U, 0x5bfb7e34U, + 0x8b432976U, 0xcb23c6dcU, 0xb6edfc68U, 0xb8e4f163U, + 0xd731dccaU, 0x42638510U, 0x13972240U, 0x84c61120U, + 0x854a247dU, 0xd2bb3df8U, 0xaef93211U, 0xc729a16dU, + 0x1d9e2f4bU, 0xdcb230f3U, 0x0d8652ecU, 0x77c1e3d0U, + 0x2bb3166cU, 0xa970b999U, 0x119448faU, 0x47e96422U, + 0xa8fc8cc4U, 0xa0f03f1aU, 0x567d2cd8U, 0x223390efU, + 0x87494ec7U, 0xd938d1c1U, 0x8ccaa2feU, 0x98d40b36U, + 0xa6f581cfU, 0xa57ade28U, 0xdab78e26U, 0x3fadbfa4U, + 0x2c3a9de4U, 0x5078920dU, 0x6a5fcc9bU, 0x547e4662U, + 0xf68d13c2U, 0x90d8b8e8U, 0x2e39f75eU, 0x82c3aff5U, + 0x9f5d80beU, 0x69d0937cU, 0x6fd52da9U, 0xcf2512b3U, + 0xc8ac993bU, 0x10187da7U, 0xe89c636eU, 0xdb3bbb7bU, + 0xcd267809U, 0x6e5918f4U, 0xec9ab701U, 0x834f9aa8U, + 0xe6956e65U, 0xaaffe67eU, 0x21bccf08U, 0xef15e8e6U, + 0xbae79bd9U, 0x4a6f36ceU, 0xea9f09d4U, 0x29b07cd6U, + 0x31a4b2afU, 0x2a3f2331U, 0xc6a59430U, 0x35a266c0U, + 0x744ebc37U, 0xfc82caa6U, 0xe090d0b0U, 0x33a7d815U, + 0xf104984aU, 0x41ecdaf7U, 0x7fcd500eU, 0x1791f62fU, + 0x764dd68dU, 0x43efb04dU, 0xccaa4d54U, 0xe49604dfU, + 0x9ed1b5e3U, 0x4c6a881bU, 0xc12c1fb8U, 0x4665517fU, + 0x9d5eea04U, 0x018c355dU, 0xfa877473U, 0xfb0b412eU, + 0xb3671d5aU, 0x92dbd252U, 0xe9105633U, 0x6dd64713U, + 0x9ad7618cU, 0x37a10c7aU, 0x59f8148eU, 0xeb133c89U, + 0xcea927eeU, 0xb761c935U, 0xe11ce5edU, 0x7a47b13cU, + 0x9cd2df59U, 0x55f2733fU, 0x1814ce79U, 0x73c737bfU, + 0x53f7cdeaU, 0x5ffdaa5bU, 0xdf3d6f14U, 0x7844db86U, + 0xcaaff381U, 0xb968c43eU, 0x3824342cU, 0xc2a3405fU, + 0x161dc372U, 0xbce2250cU, 0x283c498bU, 0xff0d9541U, + 0x39a80171U, 0x080cb3deU, 0xd8b4e49cU, 0x6456c190U, + 0x7bcb8461U, 0xd532b670U, 0x486c5c74U, 0xd0b85742U, +}; +#ifndef AES_SMALL_TABLES +static const u32 Td1[256] = { + 0x5051f4a7U, 0x537e4165U, 0xc31a17a4U, 0x963a275eU, + 0xcb3bab6bU, 0xf11f9d45U, 0xabacfa58U, 0x934be303U, + 0x552030faU, 0xf6ad766dU, 0x9188cc76U, 0x25f5024cU, + 0xfc4fe5d7U, 0xd7c52acbU, 0x80263544U, 0x8fb562a3U, + 0x49deb15aU, 0x6725ba1bU, 0x9845ea0eU, 0xe15dfec0U, + 0x02c32f75U, 0x12814cf0U, 0xa38d4697U, 0xc66bd3f9U, + 0xe7038f5fU, 0x9515929cU, 0xebbf6d7aU, 0xda955259U, + 0x2dd4be83U, 0xd3587421U, 0x2949e069U, 0x448ec9c8U, + 0x6a75c289U, 0x78f48e79U, 0x6b99583eU, 0xdd27b971U, + 0xb6bee14fU, 0x17f088adU, 0x66c920acU, 0xb47dce3aU, + 0x1863df4aU, 0x82e51a31U, 0x60975133U, 0x4562537fU, + 0xe0b16477U, 0x84bb6baeU, 0x1cfe81a0U, 0x94f9082bU, + 0x58704868U, 0x198f45fdU, 0x8794de6cU, 0xb7527bf8U, + 0x23ab73d3U, 0xe2724b02U, 0x57e31f8fU, 0x2a6655abU, + 0x07b2eb28U, 0x032fb5c2U, 0x9a86c57bU, 0xa5d33708U, + 0xf2302887U, 0xb223bfa5U, 0xba02036aU, 0x5ced1682U, + 0x2b8acf1cU, 0x92a779b4U, 0xf0f307f2U, 0xa14e69e2U, + 0xcd65daf4U, 0xd50605beU, 0x1fd13462U, 0x8ac4a6feU, + 0x9d342e53U, 0xa0a2f355U, 0x32058ae1U, 0x75a4f6ebU, + 0x390b83ecU, 0xaa4060efU, 0x065e719fU, 0x51bd6e10U, + 0xf93e218aU, 0x3d96dd06U, 0xaedd3e05U, 0x464de6bdU, + 0xb591548dU, 0x0571c45dU, 0x6f0406d4U, 0xff605015U, + 0x241998fbU, 0x97d6bde9U, 0xcc894043U, 0x7767d99eU, + 0xbdb0e842U, 0x8807898bU, 0x38e7195bU, 0xdb79c8eeU, + 0x47a17c0aU, 0xe97c420fU, 0xc9f8841eU, 0x00000000U, + 0x83098086U, 0x48322bedU, 0xac1e1170U, 0x4e6c5a72U, + 0xfbfd0effU, 0x560f8538U, 0x1e3daed5U, 0x27362d39U, + 0x640a0fd9U, 0x21685ca6U, 0xd19b5b54U, 0x3a24362eU, + 0xb10c0a67U, 0x0f9357e7U, 0xd2b4ee96U, 0x9e1b9b91U, + 0x4f80c0c5U, 0xa261dc20U, 0x695a774bU, 0x161c121aU, + 0x0ae293baU, 0xe5c0a02aU, 0x433c22e0U, 0x1d121b17U, + 0x0b0e090dU, 0xadf28bc7U, 0xb92db6a8U, 0xc8141ea9U, + 0x8557f119U, 0x4caf7507U, 0xbbee99ddU, 0xfda37f60U, + 0x9ff70126U, 0xbc5c72f5U, 0xc544663bU, 0x345bfb7eU, + 0x768b4329U, 0xdccb23c6U, 0x68b6edfcU, 0x63b8e4f1U, + 0xcad731dcU, 0x10426385U, 0x40139722U, 0x2084c611U, + 0x7d854a24U, 0xf8d2bb3dU, 0x11aef932U, 0x6dc729a1U, + 0x4b1d9e2fU, 0xf3dcb230U, 0xec0d8652U, 0xd077c1e3U, + 0x6c2bb316U, 0x99a970b9U, 0xfa119448U, 0x2247e964U, + 0xc4a8fc8cU, 0x1aa0f03fU, 0xd8567d2cU, 0xef223390U, + 0xc787494eU, 0xc1d938d1U, 0xfe8ccaa2U, 0x3698d40bU, + 0xcfa6f581U, 0x28a57adeU, 0x26dab78eU, 0xa43fadbfU, + 0xe42c3a9dU, 0x0d507892U, 0x9b6a5fccU, 0x62547e46U, + 0xc2f68d13U, 0xe890d8b8U, 0x5e2e39f7U, 0xf582c3afU, + 0xbe9f5d80U, 0x7c69d093U, 0xa96fd52dU, 0xb3cf2512U, + 0x3bc8ac99U, 0xa710187dU, 0x6ee89c63U, 0x7bdb3bbbU, + 0x09cd2678U, 0xf46e5918U, 0x01ec9ab7U, 0xa8834f9aU, + 0x65e6956eU, 0x7eaaffe6U, 0x0821bccfU, 0xe6ef15e8U, + 0xd9bae79bU, 0xce4a6f36U, 0xd4ea9f09U, 0xd629b07cU, + 0xaf31a4b2U, 0x312a3f23U, 0x30c6a594U, 0xc035a266U, + 0x37744ebcU, 0xa6fc82caU, 0xb0e090d0U, 0x1533a7d8U, + 0x4af10498U, 0xf741ecdaU, 0x0e7fcd50U, 0x2f1791f6U, + 0x8d764dd6U, 0x4d43efb0U, 0x54ccaa4dU, 0xdfe49604U, + 0xe39ed1b5U, 0x1b4c6a88U, 0xb8c12c1fU, 0x7f466551U, + 0x049d5eeaU, 0x5d018c35U, 0x73fa8774U, 0x2efb0b41U, + 0x5ab3671dU, 0x5292dbd2U, 0x33e91056U, 0x136dd647U, + 0x8c9ad761U, 0x7a37a10cU, 0x8e59f814U, 0x89eb133cU, + 0xeecea927U, 0x35b761c9U, 0xede11ce5U, 0x3c7a47b1U, + 0x599cd2dfU, 0x3f55f273U, 0x791814ceU, 0xbf73c737U, + 0xea53f7cdU, 0x5b5ffdaaU, 0x14df3d6fU, 0x867844dbU, + 0x81caaff3U, 0x3eb968c4U, 0x2c382434U, 0x5fc2a340U, + 0x72161dc3U, 0x0cbce225U, 0x8b283c49U, 0x41ff0d95U, + 0x7139a801U, 0xde080cb3U, 0x9cd8b4e4U, 0x906456c1U, + 0x617bcb84U, 0x70d532b6U, 0x74486c5cU, 0x42d0b857U, +}; +static const u32 Td2[256] = { + 0xa75051f4U, 0x65537e41U, 0xa4c31a17U, 0x5e963a27U, + 0x6bcb3babU, 0x45f11f9dU, 0x58abacfaU, 0x03934be3U, + 0xfa552030U, 0x6df6ad76U, 0x769188ccU, 0x4c25f502U, + 0xd7fc4fe5U, 0xcbd7c52aU, 0x44802635U, 0xa38fb562U, + 0x5a49deb1U, 0x1b6725baU, 0x0e9845eaU, 0xc0e15dfeU, + 0x7502c32fU, 0xf012814cU, 0x97a38d46U, 0xf9c66bd3U, + 0x5fe7038fU, 0x9c951592U, 0x7aebbf6dU, 0x59da9552U, + 0x832dd4beU, 0x21d35874U, 0x692949e0U, 0xc8448ec9U, + 0x896a75c2U, 0x7978f48eU, 0x3e6b9958U, 0x71dd27b9U, + 0x4fb6bee1U, 0xad17f088U, 0xac66c920U, 0x3ab47dceU, + 0x4a1863dfU, 0x3182e51aU, 0x33609751U, 0x7f456253U, + 0x77e0b164U, 0xae84bb6bU, 0xa01cfe81U, 0x2b94f908U, + 0x68587048U, 0xfd198f45U, 0x6c8794deU, 0xf8b7527bU, + 0xd323ab73U, 0x02e2724bU, 0x8f57e31fU, 0xab2a6655U, + 0x2807b2ebU, 0xc2032fb5U, 0x7b9a86c5U, 0x08a5d337U, + 0x87f23028U, 0xa5b223bfU, 0x6aba0203U, 0x825ced16U, + 0x1c2b8acfU, 0xb492a779U, 0xf2f0f307U, 0xe2a14e69U, + 0xf4cd65daU, 0xbed50605U, 0x621fd134U, 0xfe8ac4a6U, + 0x539d342eU, 0x55a0a2f3U, 0xe132058aU, 0xeb75a4f6U, + 0xec390b83U, 0xefaa4060U, 0x9f065e71U, 0x1051bd6eU, + + 0x8af93e21U, 0x063d96ddU, 0x05aedd3eU, 0xbd464de6U, + 0x8db59154U, 0x5d0571c4U, 0xd46f0406U, 0x15ff6050U, + 0xfb241998U, 0xe997d6bdU, 0x43cc8940U, 0x9e7767d9U, + 0x42bdb0e8U, 0x8b880789U, 0x5b38e719U, 0xeedb79c8U, + 0x0a47a17cU, 0x0fe97c42U, 0x1ec9f884U, 0x00000000U, + 0x86830980U, 0xed48322bU, 0x70ac1e11U, 0x724e6c5aU, + 0xfffbfd0eU, 0x38560f85U, 0xd51e3daeU, 0x3927362dU, + 0xd9640a0fU, 0xa621685cU, 0x54d19b5bU, 0x2e3a2436U, + 0x67b10c0aU, 0xe70f9357U, 0x96d2b4eeU, 0x919e1b9bU, + 0xc54f80c0U, 0x20a261dcU, 0x4b695a77U, 0x1a161c12U, + 0xba0ae293U, 0x2ae5c0a0U, 0xe0433c22U, 0x171d121bU, + 0x0d0b0e09U, 0xc7adf28bU, 0xa8b92db6U, 0xa9c8141eU, + 0x198557f1U, 0x074caf75U, 0xddbbee99U, 0x60fda37fU, + 0x269ff701U, 0xf5bc5c72U, 0x3bc54466U, 0x7e345bfbU, + 0x29768b43U, 0xc6dccb23U, 0xfc68b6edU, 0xf163b8e4U, + 0xdccad731U, 0x85104263U, 0x22401397U, 0x112084c6U, + 0x247d854aU, 0x3df8d2bbU, 0x3211aef9U, 0xa16dc729U, + 0x2f4b1d9eU, 0x30f3dcb2U, 0x52ec0d86U, 0xe3d077c1U, + 0x166c2bb3U, 0xb999a970U, 0x48fa1194U, 0x642247e9U, + 0x8cc4a8fcU, 0x3f1aa0f0U, 0x2cd8567dU, 0x90ef2233U, + 0x4ec78749U, 0xd1c1d938U, 0xa2fe8ccaU, 0x0b3698d4U, + 0x81cfa6f5U, 0xde28a57aU, 0x8e26dab7U, 0xbfa43fadU, + 0x9de42c3aU, 0x920d5078U, 0xcc9b6a5fU, 0x4662547eU, + 0x13c2f68dU, 0xb8e890d8U, 0xf75e2e39U, 0xaff582c3U, + 0x80be9f5dU, 0x937c69d0U, 0x2da96fd5U, 0x12b3cf25U, + 0x993bc8acU, 0x7da71018U, 0x636ee89cU, 0xbb7bdb3bU, + 0x7809cd26U, 0x18f46e59U, 0xb701ec9aU, 0x9aa8834fU, + 0x6e65e695U, 0xe67eaaffU, 0xcf0821bcU, 0xe8e6ef15U, + 0x9bd9bae7U, 0x36ce4a6fU, 0x09d4ea9fU, 0x7cd629b0U, + 0xb2af31a4U, 0x23312a3fU, 0x9430c6a5U, 0x66c035a2U, + 0xbc37744eU, 0xcaa6fc82U, 0xd0b0e090U, 0xd81533a7U, + 0x984af104U, 0xdaf741ecU, 0x500e7fcdU, 0xf62f1791U, + 0xd68d764dU, 0xb04d43efU, 0x4d54ccaaU, 0x04dfe496U, + 0xb5e39ed1U, 0x881b4c6aU, 0x1fb8c12cU, 0x517f4665U, + 0xea049d5eU, 0x355d018cU, 0x7473fa87U, 0x412efb0bU, + 0x1d5ab367U, 0xd25292dbU, 0x5633e910U, 0x47136dd6U, + 0x618c9ad7U, 0x0c7a37a1U, 0x148e59f8U, 0x3c89eb13U, + 0x27eecea9U, 0xc935b761U, 0xe5ede11cU, 0xb13c7a47U, + 0xdf599cd2U, 0x733f55f2U, 0xce791814U, 0x37bf73c7U, + 0xcdea53f7U, 0xaa5b5ffdU, 0x6f14df3dU, 0xdb867844U, + 0xf381caafU, 0xc43eb968U, 0x342c3824U, 0x405fc2a3U, + 0xc372161dU, 0x250cbce2U, 0x498b283cU, 0x9541ff0dU, + 0x017139a8U, 0xb3de080cU, 0xe49cd8b4U, 0xc1906456U, + 0x84617bcbU, 0xb670d532U, 0x5c74486cU, 0x5742d0b8U, +}; +static const u32 Td3[256] = { + 0xf4a75051U, 0x4165537eU, 0x17a4c31aU, 0x275e963aU, + 0xab6bcb3bU, 0x9d45f11fU, 0xfa58abacU, 0xe303934bU, + 0x30fa5520U, 0x766df6adU, 0xcc769188U, 0x024c25f5U, + 0xe5d7fc4fU, 0x2acbd7c5U, 0x35448026U, 0x62a38fb5U, + 0xb15a49deU, 0xba1b6725U, 0xea0e9845U, 0xfec0e15dU, + 0x2f7502c3U, 0x4cf01281U, 0x4697a38dU, 0xd3f9c66bU, + 0x8f5fe703U, 0x929c9515U, 0x6d7aebbfU, 0x5259da95U, + 0xbe832dd4U, 0x7421d358U, 0xe0692949U, 0xc9c8448eU, + 0xc2896a75U, 0x8e7978f4U, 0x583e6b99U, 0xb971dd27U, + 0xe14fb6beU, 0x88ad17f0U, 0x20ac66c9U, 0xce3ab47dU, + 0xdf4a1863U, 0x1a3182e5U, 0x51336097U, 0x537f4562U, + 0x6477e0b1U, 0x6bae84bbU, 0x81a01cfeU, 0x082b94f9U, + 0x48685870U, 0x45fd198fU, 0xde6c8794U, 0x7bf8b752U, + 0x73d323abU, 0x4b02e272U, 0x1f8f57e3U, 0x55ab2a66U, + 0xeb2807b2U, 0xb5c2032fU, 0xc57b9a86U, 0x3708a5d3U, + 0x2887f230U, 0xbfa5b223U, 0x036aba02U, 0x16825cedU, + 0xcf1c2b8aU, 0x79b492a7U, 0x07f2f0f3U, 0x69e2a14eU, + 0xdaf4cd65U, 0x05bed506U, 0x34621fd1U, 0xa6fe8ac4U, + 0x2e539d34U, 0xf355a0a2U, 0x8ae13205U, 0xf6eb75a4U, + 0x83ec390bU, 0x60efaa40U, 0x719f065eU, 0x6e1051bdU, + 0x218af93eU, 0xdd063d96U, 0x3e05aeddU, 0xe6bd464dU, + 0x548db591U, 0xc45d0571U, 0x06d46f04U, 0x5015ff60U, + 0x98fb2419U, 0xbde997d6U, 0x4043cc89U, 0xd99e7767U, + 0xe842bdb0U, 0x898b8807U, 0x195b38e7U, 0xc8eedb79U, + 0x7c0a47a1U, 0x420fe97cU, 0x841ec9f8U, 0x00000000U, + 0x80868309U, 0x2bed4832U, 0x1170ac1eU, 0x5a724e6cU, + 0x0efffbfdU, 0x8538560fU, 0xaed51e3dU, 0x2d392736U, + 0x0fd9640aU, 0x5ca62168U, 0x5b54d19bU, 0x362e3a24U, + 0x0a67b10cU, 0x57e70f93U, 0xee96d2b4U, 0x9b919e1bU, + 0xc0c54f80U, 0xdc20a261U, 0x774b695aU, 0x121a161cU, + 0x93ba0ae2U, 0xa02ae5c0U, 0x22e0433cU, 0x1b171d12U, + 0x090d0b0eU, 0x8bc7adf2U, 0xb6a8b92dU, 0x1ea9c814U, + 0xf1198557U, 0x75074cafU, 0x99ddbbeeU, 0x7f60fda3U, + 0x01269ff7U, 0x72f5bc5cU, 0x663bc544U, 0xfb7e345bU, + 0x4329768bU, 0x23c6dccbU, 0xedfc68b6U, 0xe4f163b8U, + 0x31dccad7U, 0x63851042U, 0x97224013U, 0xc6112084U, + 0x4a247d85U, 0xbb3df8d2U, 0xf93211aeU, 0x29a16dc7U, + 0x9e2f4b1dU, 0xb230f3dcU, 0x8652ec0dU, 0xc1e3d077U, + 0xb3166c2bU, 0x70b999a9U, 0x9448fa11U, 0xe9642247U, + 0xfc8cc4a8U, 0xf03f1aa0U, 0x7d2cd856U, 0x3390ef22U, + 0x494ec787U, 0x38d1c1d9U, 0xcaa2fe8cU, 0xd40b3698U, + 0xf581cfa6U, 0x7ade28a5U, 0xb78e26daU, 0xadbfa43fU, + 0x3a9de42cU, 0x78920d50U, 0x5fcc9b6aU, 0x7e466254U, + 0x8d13c2f6U, 0xd8b8e890U, 0x39f75e2eU, 0xc3aff582U, + 0x5d80be9fU, 0xd0937c69U, 0xd52da96fU, 0x2512b3cfU, + 0xac993bc8U, 0x187da710U, 0x9c636ee8U, 0x3bbb7bdbU, + 0x267809cdU, 0x5918f46eU, 0x9ab701ecU, 0x4f9aa883U, + 0x956e65e6U, 0xffe67eaaU, 0xbccf0821U, 0x15e8e6efU, + 0xe79bd9baU, 0x6f36ce4aU, 0x9f09d4eaU, 0xb07cd629U, + 0xa4b2af31U, 0x3f23312aU, 0xa59430c6U, 0xa266c035U, + 0x4ebc3774U, 0x82caa6fcU, 0x90d0b0e0U, 0xa7d81533U, + 0x04984af1U, 0xecdaf741U, 0xcd500e7fU, 0x91f62f17U, + 0x4dd68d76U, 0xefb04d43U, 0xaa4d54ccU, 0x9604dfe4U, + 0xd1b5e39eU, 0x6a881b4cU, 0x2c1fb8c1U, 0x65517f46U, + 0x5eea049dU, 0x8c355d01U, 0x877473faU, 0x0b412efbU, + 0x671d5ab3U, 0xdbd25292U, 0x105633e9U, 0xd647136dU, + 0xd7618c9aU, 0xa10c7a37U, 0xf8148e59U, 0x133c89ebU, + 0xa927eeceU, 0x61c935b7U, 0x1ce5ede1U, 0x47b13c7aU, + 0xd2df599cU, 0xf2733f55U, 0x14ce7918U, 0xc737bf73U, + 0xf7cdea53U, 0xfdaa5b5fU, 0x3d6f14dfU, 0x44db8678U, + 0xaff381caU, 0x68c43eb9U, 0x24342c38U, 0xa3405fc2U, + 0x1dc37216U, 0xe2250cbcU, 0x3c498b28U, 0x0d9541ffU, + 0xa8017139U, 0x0cb3de08U, 0xb4e49cd8U, 0x56c19064U, + 0xcb84617bU, 0x32b670d5U, 0x6c5c7448U, 0xb85742d0U, +}; +static const u32 Td4[256] = { + 0x52525252U, 0x09090909U, 0x6a6a6a6aU, 0xd5d5d5d5U, + 0x30303030U, 0x36363636U, 0xa5a5a5a5U, 0x38383838U, + 0xbfbfbfbfU, 0x40404040U, 0xa3a3a3a3U, 0x9e9e9e9eU, + 0x81818181U, 0xf3f3f3f3U, 0xd7d7d7d7U, 0xfbfbfbfbU, + 0x7c7c7c7cU, 0xe3e3e3e3U, 0x39393939U, 0x82828282U, + 0x9b9b9b9bU, 0x2f2f2f2fU, 0xffffffffU, 0x87878787U, + 0x34343434U, 0x8e8e8e8eU, 0x43434343U, 0x44444444U, + 0xc4c4c4c4U, 0xdedededeU, 0xe9e9e9e9U, 0xcbcbcbcbU, + 0x54545454U, 0x7b7b7b7bU, 0x94949494U, 0x32323232U, + 0xa6a6a6a6U, 0xc2c2c2c2U, 0x23232323U, 0x3d3d3d3dU, + 0xeeeeeeeeU, 0x4c4c4c4cU, 0x95959595U, 0x0b0b0b0bU, + 0x42424242U, 0xfafafafaU, 0xc3c3c3c3U, 0x4e4e4e4eU, + 0x08080808U, 0x2e2e2e2eU, 0xa1a1a1a1U, 0x66666666U, + 0x28282828U, 0xd9d9d9d9U, 0x24242424U, 0xb2b2b2b2U, + 0x76767676U, 0x5b5b5b5bU, 0xa2a2a2a2U, 0x49494949U, + 0x6d6d6d6dU, 0x8b8b8b8bU, 0xd1d1d1d1U, 0x25252525U, + 0x72727272U, 0xf8f8f8f8U, 0xf6f6f6f6U, 0x64646464U, + 0x86868686U, 0x68686868U, 0x98989898U, 0x16161616U, + 0xd4d4d4d4U, 0xa4a4a4a4U, 0x5c5c5c5cU, 0xccccccccU, + 0x5d5d5d5dU, 0x65656565U, 0xb6b6b6b6U, 0x92929292U, + 0x6c6c6c6cU, 0x70707070U, 0x48484848U, 0x50505050U, + 0xfdfdfdfdU, 0xededededU, 0xb9b9b9b9U, 0xdadadadaU, + 0x5e5e5e5eU, 0x15151515U, 0x46464646U, 0x57575757U, + 0xa7a7a7a7U, 0x8d8d8d8dU, 0x9d9d9d9dU, 0x84848484U, + 0x90909090U, 0xd8d8d8d8U, 0xababababU, 0x00000000U, + 0x8c8c8c8cU, 0xbcbcbcbcU, 0xd3d3d3d3U, 0x0a0a0a0aU, + 0xf7f7f7f7U, 0xe4e4e4e4U, 0x58585858U, 0x05050505U, + 0xb8b8b8b8U, 0xb3b3b3b3U, 0x45454545U, 0x06060606U, + 0xd0d0d0d0U, 0x2c2c2c2cU, 0x1e1e1e1eU, 0x8f8f8f8fU, + 0xcacacacaU, 0x3f3f3f3fU, 0x0f0f0f0fU, 0x02020202U, + 0xc1c1c1c1U, 0xafafafafU, 0xbdbdbdbdU, 0x03030303U, + 0x01010101U, 0x13131313U, 0x8a8a8a8aU, 0x6b6b6b6bU, + 0x3a3a3a3aU, 0x91919191U, 0x11111111U, 0x41414141U, + 0x4f4f4f4fU, 0x67676767U, 0xdcdcdcdcU, 0xeaeaeaeaU, + 0x97979797U, 0xf2f2f2f2U, 0xcfcfcfcfU, 0xcecececeU, + 0xf0f0f0f0U, 0xb4b4b4b4U, 0xe6e6e6e6U, 0x73737373U, + 0x96969696U, 0xacacacacU, 0x74747474U, 0x22222222U, + 0xe7e7e7e7U, 0xadadadadU, 0x35353535U, 0x85858585U, + 0xe2e2e2e2U, 0xf9f9f9f9U, 0x37373737U, 0xe8e8e8e8U, + 0x1c1c1c1cU, 0x75757575U, 0xdfdfdfdfU, 0x6e6e6e6eU, + 0x47474747U, 0xf1f1f1f1U, 0x1a1a1a1aU, 0x71717171U, + 0x1d1d1d1dU, 0x29292929U, 0xc5c5c5c5U, 0x89898989U, + 0x6f6f6f6fU, 0xb7b7b7b7U, 0x62626262U, 0x0e0e0e0eU, + 0xaaaaaaaaU, 0x18181818U, 0xbebebebeU, 0x1b1b1b1bU, + 0xfcfcfcfcU, 0x56565656U, 0x3e3e3e3eU, 0x4b4b4b4bU, + 0xc6c6c6c6U, 0xd2d2d2d2U, 0x79797979U, 0x20202020U, + 0x9a9a9a9aU, 0xdbdbdbdbU, 0xc0c0c0c0U, 0xfefefefeU, + 0x78787878U, 0xcdcdcdcdU, 0x5a5a5a5aU, 0xf4f4f4f4U, + 0x1f1f1f1fU, 0xddddddddU, 0xa8a8a8a8U, 0x33333333U, + 0x88888888U, 0x07070707U, 0xc7c7c7c7U, 0x31313131U, + 0xb1b1b1b1U, 0x12121212U, 0x10101010U, 0x59595959U, + 0x27272727U, 0x80808080U, 0xececececU, 0x5f5f5f5fU, + 0x60606060U, 0x51515151U, 0x7f7f7f7fU, 0xa9a9a9a9U, + 0x19191919U, 0xb5b5b5b5U, 0x4a4a4a4aU, 0x0d0d0d0dU, + 0x2d2d2d2dU, 0xe5e5e5e5U, 0x7a7a7a7aU, 0x9f9f9f9fU, + 0x93939393U, 0xc9c9c9c9U, 0x9c9c9c9cU, 0xefefefefU, + 0xa0a0a0a0U, 0xe0e0e0e0U, 0x3b3b3b3bU, 0x4d4d4d4dU, + 0xaeaeaeaeU, 0x2a2a2a2aU, 0xf5f5f5f5U, 0xb0b0b0b0U, + 0xc8c8c8c8U, 0xebebebebU, 0xbbbbbbbbU, 0x3c3c3c3cU, + 0x83838383U, 0x53535353U, 0x99999999U, 0x61616161U, + 0x17171717U, 0x2b2b2b2bU, 0x04040404U, 0x7e7e7e7eU, + 0xbabababaU, 0x77777777U, 0xd6d6d6d6U, 0x26262626U, + 0xe1e1e1e1U, 0x69696969U, 0x14141414U, 0x63636363U, + 0x55555555U, 0x21212121U, 0x0c0c0c0cU, 0x7d7d7d7dU, +}; +static const u32 rcon[] = { + 0x01000000, 0x02000000, 0x04000000, 0x08000000, + 0x10000000, 0x20000000, 0x40000000, 0x80000000, + 0x1B000000, 0x36000000, /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ +}; +#else /* AES_SMALL_TABLES */ +static const u8 Td4s[256] = { + 0x52U, 0x09U, 0x6aU, 0xd5U, 0x30U, 0x36U, 0xa5U, 0x38U, + 0xbfU, 0x40U, 0xa3U, 0x9eU, 0x81U, 0xf3U, 0xd7U, 0xfbU, + 0x7cU, 0xe3U, 0x39U, 0x82U, 0x9bU, 0x2fU, 0xffU, 0x87U, + 0x34U, 0x8eU, 0x43U, 0x44U, 0xc4U, 0xdeU, 0xe9U, 0xcbU, + 0x54U, 0x7bU, 0x94U, 0x32U, 0xa6U, 0xc2U, 0x23U, 0x3dU, + 0xeeU, 0x4cU, 0x95U, 0x0bU, 0x42U, 0xfaU, 0xc3U, 0x4eU, + 0x08U, 0x2eU, 0xa1U, 0x66U, 0x28U, 0xd9U, 0x24U, 0xb2U, + 0x76U, 0x5bU, 0xa2U, 0x49U, 0x6dU, 0x8bU, 0xd1U, 0x25U, + 0x72U, 0xf8U, 0xf6U, 0x64U, 0x86U, 0x68U, 0x98U, 0x16U, + 0xd4U, 0xa4U, 0x5cU, 0xccU, 0x5dU, 0x65U, 0xb6U, 0x92U, + 0x6cU, 0x70U, 0x48U, 0x50U, 0xfdU, 0xedU, 0xb9U, 0xdaU, + 0x5eU, 0x15U, 0x46U, 0x57U, 0xa7U, 0x8dU, 0x9dU, 0x84U, + 0x90U, 0xd8U, 0xabU, 0x00U, 0x8cU, 0xbcU, 0xd3U, 0x0aU, + 0xf7U, 0xe4U, 0x58U, 0x05U, 0xb8U, 0xb3U, 0x45U, 0x06U, + 0xd0U, 0x2cU, 0x1eU, 0x8fU, 0xcaU, 0x3fU, 0x0fU, 0x02U, + 0xc1U, 0xafU, 0xbdU, 0x03U, 0x01U, 0x13U, 0x8aU, 0x6bU, + 0x3aU, 0x91U, 0x11U, 0x41U, 0x4fU, 0x67U, 0xdcU, 0xeaU, + 0x97U, 0xf2U, 0xcfU, 0xceU, 0xf0U, 0xb4U, 0xe6U, 0x73U, + 0x96U, 0xacU, 0x74U, 0x22U, 0xe7U, 0xadU, 0x35U, 0x85U, + 0xe2U, 0xf9U, 0x37U, 0xe8U, 0x1cU, 0x75U, 0xdfU, 0x6eU, + 0x47U, 0xf1U, 0x1aU, 0x71U, 0x1dU, 0x29U, 0xc5U, 0x89U, + 0x6fU, 0xb7U, 0x62U, 0x0eU, 0xaaU, 0x18U, 0xbeU, 0x1bU, + 0xfcU, 0x56U, 0x3eU, 0x4bU, 0xc6U, 0xd2U, 0x79U, 0x20U, + 0x9aU, 0xdbU, 0xc0U, 0xfeU, 0x78U, 0xcdU, 0x5aU, 0xf4U, + 0x1fU, 0xddU, 0xa8U, 0x33U, 0x88U, 0x07U, 0xc7U, 0x31U, + 0xb1U, 0x12U, 0x10U, 0x59U, 0x27U, 0x80U, 0xecU, 0x5fU, + 0x60U, 0x51U, 0x7fU, 0xa9U, 0x19U, 0xb5U, 0x4aU, 0x0dU, + 0x2dU, 0xe5U, 0x7aU, 0x9fU, 0x93U, 0xc9U, 0x9cU, 0xefU, + 0xa0U, 0xe0U, 0x3bU, 0x4dU, 0xaeU, 0x2aU, 0xf5U, 0xb0U, + 0xc8U, 0xebU, 0xbbU, 0x3cU, 0x83U, 0x53U, 0x99U, 0x61U, + 0x17U, 0x2bU, 0x04U, 0x7eU, 0xbaU, 0x77U, 0xd6U, 0x26U, + 0xe1U, 0x69U, 0x14U, 0x63U, 0x55U, 0x21U, 0x0cU, 0x7dU, +}; +static const u8 rcons[] = { + 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1B, 0x36 + /* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ +}; +#endif /* AES_SMALL_TABLES */ + + +#ifndef AES_SMALL_TABLES + +#define RCON(i) rcon[(i)] + +#define TE0(i) Te0[((i) >> 24) & 0xff] +#define TE1(i) Te1[((i) >> 16) & 0xff] +#define TE2(i) Te2[((i) >> 8) & 0xff] +#define TE3(i) Te3[(i) & 0xff] +#define TE41(i) (Te4[((i) >> 24) & 0xff] & 0xff000000) +#define TE42(i) (Te4[((i) >> 16) & 0xff] & 0x00ff0000) +#define TE43(i) (Te4[((i) >> 8) & 0xff] & 0x0000ff00) +#define TE44(i) (Te4[(i) & 0xff] & 0x000000ff) +#define TE421(i) (Te4[((i) >> 16) & 0xff] & 0xff000000) +#define TE432(i) (Te4[((i) >> 8) & 0xff] & 0x00ff0000) +#define TE443(i) (Te4[(i) & 0xff] & 0x0000ff00) +#define TE414(i) (Te4[((i) >> 24) & 0xff] & 0x000000ff) +#define TE4(i) (Te4[(i)] & 0x000000ff) + +#define TD0(i) Td0[((i) >> 24) & 0xff] +#define TD1(i) Td1[((i) >> 16) & 0xff] +#define TD2(i) Td2[((i) >> 8) & 0xff] +#define TD3(i) Td3[(i) & 0xff] +#define TD41(i) (Td4[((i) >> 24) & 0xff] & 0xff000000) +#define TD42(i) (Td4[((i) >> 16) & 0xff] & 0x00ff0000) +#define TD43(i) (Td4[((i) >> 8) & 0xff] & 0x0000ff00) +#define TD44(i) (Td4[(i) & 0xff] & 0x000000ff) +#define TD0_(i) Td0[(i) & 0xff] +#define TD1_(i) Td1[(i) & 0xff] +#define TD2_(i) Td2[(i) & 0xff] +#define TD3_(i) Td3[(i) & 0xff] + +#else /* AES_SMALL_TABLES */ + +#define RCON(i) (rcons[(i)] << 24) + +static inline u32 rotr(u32 val, int bits) +{ + return (val >> bits) | (val << (32 - bits)); +} + +#define TE0(i) Te0[((i) >> 24) & 0xff] +#define TE1(i) rotr(Te0[((i) >> 16) & 0xff], 8) +#define TE2(i) rotr(Te0[((i) >> 8) & 0xff], 16) +#define TE3(i) rotr(Te0[(i) & 0xff], 24) +#define TE41(i) ((Te0[((i) >> 24) & 0xff] << 8) & 0xff000000) +#define TE42(i) (Te0[((i) >> 16) & 0xff] & 0x00ff0000) +#define TE43(i) (Te0[((i) >> 8) & 0xff] & 0x0000ff00) +#define TE44(i) ((Te0[(i) & 0xff] >> 8) & 0x000000ff) +#define TE421(i) ((Te0[((i) >> 16) & 0xff] << 8) & 0xff000000) +#define TE432(i) (Te0[((i) >> 8) & 0xff] & 0x00ff0000) +#define TE443(i) (Te0[(i) & 0xff] & 0x0000ff00) +#define TE414(i) ((Te0[((i) >> 24) & 0xff] >> 8) & 0x000000ff) +#define TE4(i) ((Te0[(i)] >> 8) & 0x000000ff) + +#define TD0(i) Td0[((i) >> 24) & 0xff] +#define TD1(i) rotr(Td0[((i) >> 16) & 0xff], 8) +#define TD2(i) rotr(Td0[((i) >> 8) & 0xff], 16) +#define TD3(i) rotr(Td0[(i) & 0xff], 24) +#define TD41(i) (Td4s[((i) >> 24) & 0xff] << 24) +#define TD42(i) (Td4s[((i) >> 16) & 0xff] << 16) +#define TD43(i) (Td4s[((i) >> 8) & 0xff] << 8) +#define TD44(i) (Td4s[(i) & 0xff]) +#define TD0_(i) Td0[(i) & 0xff] +#define TD1_(i) rotr(Td0[(i) & 0xff], 8) +#define TD2_(i) rotr(Td0[(i) & 0xff], 16) +#define TD3_(i) rotr(Td0[(i) & 0xff], 24) + +#endif /* AES_SMALL_TABLES */ + +#define SWAP(x) (_lrotl(x, 8) & 0x00ff00ff | _lrotr(x, 8) & 0xff00ff00) + +#ifdef _MSC_VER +#define GETU32(p) SWAP(*((u32 *)(p))) +#define PUTU32(ct, st) { *((u32 *)(ct)) = SWAP((st)); } +#else +#define GETU32(pt) (((u32)(pt)[0] << 24) ^ ((u32)(pt)[1] << 16) ^ \ +((u32)(pt)[2] << 8) ^ ((u32)(pt)[3])) +#define PUTU32(ct, st) { \ +(ct)[0] = (u8)((st) >> 24); (ct)[1] = (u8)((st) >> 16); \ +(ct)[2] = (u8)((st) >> 8); (ct)[3] = (u8)(st); } +#endif + +/** + * Expand the cipher key into the encryption key schedule. + * + * @return the number of rounds for the given cipher key size. + */ +void rijndaelKeySetupEnc(u32 rk[/*44*/], const u8 cipherKey[]) +{ + int i; + u32 temp; + + rk[0] = GETU32(cipherKey ); + rk[1] = GETU32(cipherKey + 4); + rk[2] = GETU32(cipherKey + 8); + rk[3] = GETU32(cipherKey + 12); + for (i = 0; i < 10; i++) { + temp = rk[3]; + rk[4] = rk[0] ^ + TE421(temp) ^ TE432(temp) ^ TE443(temp) ^ TE414(temp) ^ + RCON(i); + rk[5] = rk[1] ^ rk[4]; + rk[6] = rk[2] ^ rk[5]; + rk[7] = rk[3] ^ rk[6]; + rk += 4; + } +} + +/** + * Expand the cipher key into the decryption key schedule. + * + * @return the number of rounds for the given cipher key size. + */ +void rijndaelKeySetupDec(u32 rk[/*44*/], const u8 cipherKey[]) +{ + int Nr = 10, i, j; + u32 temp; + + /* expand the cipher key: */ + rijndaelKeySetupEnc(rk, cipherKey); + /* invert the order of the round keys: */ + for (i = 0, j = 4*Nr; i < j; i += 4, j -= 4) { + temp = rk[i ]; rk[i ] = rk[j ]; rk[j ] = temp; + temp = rk[i + 1]; rk[i + 1] = rk[j + 1]; rk[j + 1] = temp; + temp = rk[i + 2]; rk[i + 2] = rk[j + 2]; rk[j + 2] = temp; + temp = rk[i + 3]; rk[i + 3] = rk[j + 3]; rk[j + 3] = temp; + } + /* apply the inverse MixColumn transform to all round keys but the + * first and the last: */ + for (i = 1; i < Nr; i++) { + rk += 4; + for (j = 0; j < 4; j++) { + rk[j] = TD0_(TE4((rk[j] >> 24) )) ^ + TD1_(TE4((rk[j] >> 16) & 0xff)) ^ + TD2_(TE4((rk[j] >> 8) & 0xff)) ^ + TD3_(TE4((rk[j] ) & 0xff)); + } + } +} + +void rijndaelEncrypt(const u32 rk[/*44*/], const u8 pt[16], u8 ct[16]) +{ + u32 s0, s1, s2, s3, t0, t1, t2, t3; + const int Nr = 10; +#ifndef FULL_UNROLL + int r; +#endif /* ?FULL_UNROLL */ + + /* + * map byte array block to cipher state + * and add initial round key: + */ + s0 = GETU32(pt ) ^ rk[0]; + s1 = GETU32(pt + 4) ^ rk[1]; + s2 = GETU32(pt + 8) ^ rk[2]; + s3 = GETU32(pt + 12) ^ rk[3]; + +#define ROUND(i,d,s) \ +d##0 = TE0(s##0) ^ TE1(s##1) ^ TE2(s##2) ^ TE3(s##3) ^ rk[4 * i]; \ +d##1 = TE0(s##1) ^ TE1(s##2) ^ TE2(s##3) ^ TE3(s##0) ^ rk[4 * i + 1]; \ +d##2 = TE0(s##2) ^ TE1(s##3) ^ TE2(s##0) ^ TE3(s##1) ^ rk[4 * i + 2]; \ +d##3 = TE0(s##3) ^ TE1(s##0) ^ TE2(s##1) ^ TE3(s##2) ^ rk[4 * i + 3] + +#ifdef FULL_UNROLL + + ROUND(1,t,s); + ROUND(2,s,t); + ROUND(3,t,s); + ROUND(4,s,t); + ROUND(5,t,s); + ROUND(6,s,t); + ROUND(7,t,s); + ROUND(8,s,t); + ROUND(9,t,s); + + rk += Nr << 2; + +#else /* !FULL_UNROLL */ + + /* Nr - 1 full rounds: */ + r = Nr >> 1; + for (;;) { + ROUND(1,t,s); + rk += 8; + if (--r == 0) + break; + ROUND(0,s,t); + } + +#endif /* ?FULL_UNROLL */ + +#undef ROUND + + /* + * apply last round and + * map cipher state to byte array block: + */ + s0 = TE41(t0) ^ TE42(t1) ^ TE43(t2) ^ TE44(t3) ^ rk[0]; + PUTU32(ct , s0); + s1 = TE41(t1) ^ TE42(t2) ^ TE43(t3) ^ TE44(t0) ^ rk[1]; + PUTU32(ct + 4, s1); + s2 = TE41(t2) ^ TE42(t3) ^ TE43(t0) ^ TE44(t1) ^ rk[2]; + PUTU32(ct + 8, s2); + s3 = TE41(t3) ^ TE42(t0) ^ TE43(t1) ^ TE44(t2) ^ rk[3]; + PUTU32(ct + 12, s3); +} + +void rijndaelDecrypt(const u32 rk[/*44*/], const u8 ct[16], u8 pt[16]) +{ + u32 s0, s1, s2, s3, t0, t1, t2, t3; + const int Nr = 10; +#ifndef FULL_UNROLL + int r; +#endif /* ?FULL_UNROLL */ + + /* + * map byte array block to cipher state + * and add initial round key: + */ + s0 = GETU32(ct ) ^ rk[0]; + s1 = GETU32(ct + 4) ^ rk[1]; + s2 = GETU32(ct + 8) ^ rk[2]; + s3 = GETU32(ct + 12) ^ rk[3]; + +#define ROUND(i,d,s) \ +d##0 = TD0(s##0) ^ TD1(s##3) ^ TD2(s##2) ^ TD3(s##1) ^ rk[4 * i]; \ +d##1 = TD0(s##1) ^ TD1(s##0) ^ TD2(s##3) ^ TD3(s##2) ^ rk[4 * i + 1]; \ +d##2 = TD0(s##2) ^ TD1(s##1) ^ TD2(s##0) ^ TD3(s##3) ^ rk[4 * i + 2]; \ +d##3 = TD0(s##3) ^ TD1(s##2) ^ TD2(s##1) ^ TD3(s##0) ^ rk[4 * i + 3] + +#ifdef FULL_UNROLL + + ROUND(1,t,s); + ROUND(2,s,t); + ROUND(3,t,s); + ROUND(4,s,t); + ROUND(5,t,s); + ROUND(6,s,t); + ROUND(7,t,s); + ROUND(8,s,t); + ROUND(9,t,s); + + rk += Nr << 2; + +#else /* !FULL_UNROLL */ + + /* Nr - 1 full rounds: */ + r = Nr >> 1; + for (;;) { + ROUND(1,t,s); + rk += 8; + if (--r == 0) + break; + ROUND(0,s,t); + } + +#endif /* ?FULL_UNROLL */ + +#undef ROUND + + /* + * apply last round and + * map cipher state to byte array block: + */ + s0 = TD41(t0) ^ TD42(t3) ^ TD43(t2) ^ TD44(t1) ^ rk[0]; + PUTU32(pt , s0); + s1 = TD41(t1) ^ TD42(t0) ^ TD43(t3) ^ TD44(t2) ^ rk[1]; + PUTU32(pt + 4, s1); + s2 = TD41(t2) ^ TD42(t1) ^ TD43(t0) ^ TD44(t3) ^ rk[2]; + PUTU32(pt + 8, s2); + s3 = TD41(t3) ^ TD42(t2) ^ TD43(t1) ^ TD44(t0) ^ rk[3]; + PUTU32(pt + 12, s3); +} + + + +/* Generic wrapper functions for AES functions */ + +void * aes_encrypt_init(const u8 *key, size_t len) +{ + u32 *rk; + if (len != 16) + return NULL; + rk = os_malloc(4 * 44); + if (rk == NULL) + return NULL; + rijndaelKeySetupEnc(rk, key); + return rk; +} + + +void aes_encrypt(void *ctx, const u8 *plain, u8 *crypt) +{ + rijndaelEncrypt(ctx, plain, crypt); +} + + +void aes_encrypt_deinit(void *ctx) +{ + os_free(ctx); +} + + +void * aes_decrypt_init(const u8 *key, size_t len) +{ + u32 *rk; + if (len != 16) + return NULL; + rk = os_malloc(4 * 44); + if (rk == NULL) + return NULL; + rijndaelKeySetupDec(rk, key); + return rk; +} + + +void aes_decrypt(void *ctx, const u8 *crypt, u8 *plain) +{ + rijndaelDecrypt(ctx, crypt, plain); +} + + +void aes_decrypt_deinit(void *ctx) +{ + os_free(ctx); +} diff --git a/contrib/hostapd-0.5.8/aes.h b/contrib/hostapd-0.5.8/aes.h new file mode 100644 index 0000000000..6b9f4147af --- /dev/null +++ b/contrib/hostapd-0.5.8/aes.h @@ -0,0 +1,25 @@ +/* + * AES functions + * Copyright (c) 2003-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef AES_H +#define AES_H + +void * aes_encrypt_init(const u8 *key, size_t len); +void aes_encrypt(void *ctx, const u8 *plain, u8 *crypt); +void aes_encrypt_deinit(void *ctx); +void * aes_decrypt_init(const u8 *key, size_t len); +void aes_decrypt(void *ctx, const u8 *crypt, u8 *plain); +void aes_decrypt_deinit(void *ctx); + +#endif /* AES_H */ diff --git a/contrib/hostapd-0.5.8/aes_wrap.c b/contrib/hostapd-0.5.8/aes_wrap.c new file mode 100644 index 0000000000..c52e45af27 --- /dev/null +++ b/contrib/hostapd-0.5.8/aes_wrap.c @@ -0,0 +1,472 @@ +/* + * AES-based functions + * + * - AES Key Wrap Algorithm (128-bit KEK) (RFC3394) + * - One-Key CBC MAC (OMAC1) hash with AES-128 + * - AES-128 CTR mode encryption + * - AES-128 EAX mode encryption/decryption + * - AES-128 CBC + * + * Copyright (c) 2003-2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "common.h" +#include "aes_wrap.h" +#include "crypto.h" + +#ifdef INTERNAL_AES +#include "aes.c" +#endif /* INTERNAL_AES */ + + +#ifndef CONFIG_NO_AES_WRAP + +/** + * aes_wrap - Wrap keys with AES Key Wrap Algorithm (128-bit KEK) (RFC3394) + * @kek: Key encryption key (KEK) + * @n: Length of the wrapped key in 64-bit units; e.g., 2 = 128-bit = 16 bytes + * @plain: Plaintext key to be wrapped, n * 64 bit + * @cipher: Wrapped key, (n + 1) * 64 bit + * Returns: 0 on success, -1 on failure + */ +int aes_wrap(const u8 *kek, int n, const u8 *plain, u8 *cipher) +{ + u8 *a, *r, b[16]; + int i, j; + void *ctx; + + a = cipher; + r = cipher + 8; + + /* 1) Initialize variables. */ + os_memset(a, 0xa6, 8); + os_memcpy(r, plain, 8 * n); + + ctx = aes_encrypt_init(kek, 16); + if (ctx == NULL) + return -1; + + /* 2) Calculate intermediate values. + * For j = 0 to 5 + * For i=1 to n + * B = AES(K, A | R[i]) + * A = MSB(64, B) ^ t where t = (n*j)+i + * R[i] = LSB(64, B) + */ + for (j = 0; j <= 5; j++) { + r = cipher + 8; + for (i = 1; i <= n; i++) { + os_memcpy(b, a, 8); + os_memcpy(b + 8, r, 8); + aes_encrypt(ctx, b, b); + os_memcpy(a, b, 8); + a[7] ^= n * j + i; + os_memcpy(r, b + 8, 8); + r += 8; + } + } + aes_encrypt_deinit(ctx); + + /* 3) Output the results. + * + * These are already in @cipher due to the location of temporary + * variables. + */ + + return 0; +} + +#endif /* CONFIG_NO_AES_WRAP */ + + +/** + * aes_unwrap - Unwrap key with AES Key Wrap Algorithm (128-bit KEK) (RFC3394) + * @kek: Key encryption key (KEK) + * @n: Length of the wrapped key in 64-bit units; e.g., 2 = 128-bit = 16 bytes + * @cipher: Wrapped key to be unwrapped, (n + 1) * 64 bit + * @plain: Plaintext key, n * 64 bit + * Returns: 0 on success, -1 on failure (e.g., integrity verification failed) + */ +int aes_unwrap(const u8 *kek, int n, const u8 *cipher, u8 *plain) +{ + u8 a[8], *r, b[16]; + int i, j; + void *ctx; + + /* 1) Initialize variables. */ + os_memcpy(a, cipher, 8); + r = plain; + os_memcpy(r, cipher + 8, 8 * n); + + ctx = aes_decrypt_init(kek, 16); + if (ctx == NULL) + return -1; + + /* 2) Compute intermediate values. + * For j = 5 to 0 + * For i = n to 1 + * B = AES-1(K, (A ^ t) | R[i]) where t = n*j+i + * A = MSB(64, B) + * R[i] = LSB(64, B) + */ + for (j = 5; j >= 0; j--) { + r = plain + (n - 1) * 8; + for (i = n; i >= 1; i--) { + os_memcpy(b, a, 8); + b[7] ^= n * j + i; + + os_memcpy(b + 8, r, 8); + aes_decrypt(ctx, b, b); + os_memcpy(a, b, 8); + os_memcpy(r, b + 8, 8); + r -= 8; + } + } + aes_decrypt_deinit(ctx); + + /* 3) Output results. + * + * These are already in @plain due to the location of temporary + * variables. Just verify that the IV matches with the expected value. + */ + for (i = 0; i < 8; i++) { + if (a[i] != 0xa6) + return -1; + } + + return 0; +} + + +#define BLOCK_SIZE 16 + +#ifndef CONFIG_NO_AES_OMAC1 + +static void gf_mulx(u8 *pad) +{ + int i, carry; + + carry = pad[0] & 0x80; + for (i = 0; i < BLOCK_SIZE - 1; i++) + pad[i] = (pad[i] << 1) | (pad[i + 1] >> 7); + pad[BLOCK_SIZE - 1] <<= 1; + if (carry) + pad[BLOCK_SIZE - 1] ^= 0x87; +} + + +/** + * omac1_aes_128 - One-Key CBC MAC (OMAC1) hash with AES-128 (aka AES-CMAC) + * @key: 128-bit key for the hash operation + * @data: Data buffer for which a MAC is determined + * @data: Length of data buffer in bytes + * @mac: Buffer for MAC (128 bits, i.e., 16 bytes) + * Returns: 0 on success, -1 on failure + */ +int omac1_aes_128(const u8 *key, const u8 *data, size_t data_len, u8 *mac) +{ + void *ctx; + u8 cbc[BLOCK_SIZE], pad[BLOCK_SIZE]; + const u8 *pos = data; + size_t i, left = data_len; + + ctx = aes_encrypt_init(key, 16); + if (ctx == NULL) + return -1; + os_memset(cbc, 0, BLOCK_SIZE); + + while (left >= BLOCK_SIZE) { + for (i = 0; i < BLOCK_SIZE; i++) + cbc[i] ^= *pos++; + if (left > BLOCK_SIZE) + aes_encrypt(ctx, cbc, cbc); + left -= BLOCK_SIZE; + } + + os_memset(pad, 0, BLOCK_SIZE); + aes_encrypt(ctx, pad, pad); + gf_mulx(pad); + + if (left || data_len == 0) { + for (i = 0; i < left; i++) + cbc[i] ^= *pos++; + cbc[left] ^= 0x80; + gf_mulx(pad); + } + + for (i = 0; i < BLOCK_SIZE; i++) + pad[i] ^= cbc[i]; + aes_encrypt(ctx, pad, mac); + aes_encrypt_deinit(ctx); + return 0; +} + +#endif /* CONFIG_NO_AES_OMAC1 */ + + +/** + * aes_128_encrypt_block - Perform one AES 128-bit block operation + * @key: Key for AES + * @in: Input data (16 bytes) + * @out: Output of the AES block operation (16 bytes) + * Returns: 0 on success, -1 on failure + */ +int aes_128_encrypt_block(const u8 *key, const u8 *in, u8 *out) +{ + void *ctx; + ctx = aes_encrypt_init(key, 16); + if (ctx == NULL) + return -1; + aes_encrypt(ctx, in, out); + aes_encrypt_deinit(ctx); + return 0; +} + + +#ifndef CONFIG_NO_AES_CTR + +/** + * aes_128_ctr_encrypt - AES-128 CTR mode encryption + * @key: Key for encryption (16 bytes) + * @nonce: Nonce for counter mode (16 bytes) + * @data: Data to encrypt in-place + * @data_len: Length of data in bytes + * Returns: 0 on success, -1 on failure + */ +int aes_128_ctr_encrypt(const u8 *key, const u8 *nonce, + u8 *data, size_t data_len) +{ + void *ctx; + size_t j, len, left = data_len; + int i; + u8 *pos = data; + u8 counter[BLOCK_SIZE], buf[BLOCK_SIZE]; + + ctx = aes_encrypt_init(key, 16); + if (ctx == NULL) + return -1; + os_memcpy(counter, nonce, BLOCK_SIZE); + + while (left > 0) { + aes_encrypt(ctx, counter, buf); + + len = (left < BLOCK_SIZE) ? left : BLOCK_SIZE; + for (j = 0; j < len; j++) + pos[j] ^= buf[j]; + pos += len; + left -= len; + + for (i = BLOCK_SIZE - 1; i >= 0; i--) { + counter[i]++; + if (counter[i]) + break; + } + } + aes_encrypt_deinit(ctx); + return 0; +} + +#endif /* CONFIG_NO_AES_CTR */ + + +#ifndef CONFIG_NO_AES_EAX + +/** + * aes_128_eax_encrypt - AES-128 EAX mode encryption + * @key: Key for encryption (16 bytes) + * @nonce: Nonce for counter mode + * @nonce_len: Nonce length in bytes + * @hdr: Header data to be authenticity protected + * @hdr_len: Length of the header data bytes + * @data: Data to encrypt in-place + * @data_len: Length of data in bytes + * @tag: 16-byte tag value + * Returns: 0 on success, -1 on failure + */ +int aes_128_eax_encrypt(const u8 *key, const u8 *nonce, size_t nonce_len, + const u8 *hdr, size_t hdr_len, + u8 *data, size_t data_len, u8 *tag) +{ + u8 *buf; + size_t buf_len; + u8 nonce_mac[BLOCK_SIZE], hdr_mac[BLOCK_SIZE], data_mac[BLOCK_SIZE]; + int i; + + if (nonce_len > data_len) + buf_len = nonce_len; + else + buf_len = data_len; + if (hdr_len > buf_len) + buf_len = hdr_len; + buf_len += 16; + + buf = os_malloc(buf_len); + if (buf == NULL) + return -1; + + os_memset(buf, 0, 15); + + buf[15] = 0; + os_memcpy(buf + 16, nonce, nonce_len); + omac1_aes_128(key, buf, 16 + nonce_len, nonce_mac); + + buf[15] = 1; + os_memcpy(buf + 16, hdr, hdr_len); + omac1_aes_128(key, buf, 16 + hdr_len, hdr_mac); + + aes_128_ctr_encrypt(key, nonce_mac, data, data_len); + buf[15] = 2; + os_memcpy(buf + 16, data, data_len); + omac1_aes_128(key, buf, 16 + data_len, data_mac); + + os_free(buf); + + for (i = 0; i < BLOCK_SIZE; i++) + tag[i] = nonce_mac[i] ^ data_mac[i] ^ hdr_mac[i]; + + return 0; +} + + +/** + * aes_128_eax_decrypt - AES-128 EAX mode decryption + * @key: Key for decryption (16 bytes) + * @nonce: Nonce for counter mode + * @nonce_len: Nonce length in bytes + * @hdr: Header data to be authenticity protected + * @hdr_len: Length of the header data bytes + * @data: Data to encrypt in-place + * @data_len: Length of data in bytes + * @tag: 16-byte tag value + * Returns: 0 on success, -1 on failure, -2 if tag does not match + */ +int aes_128_eax_decrypt(const u8 *key, const u8 *nonce, size_t nonce_len, + const u8 *hdr, size_t hdr_len, + u8 *data, size_t data_len, const u8 *tag) +{ + u8 *buf; + size_t buf_len; + u8 nonce_mac[BLOCK_SIZE], hdr_mac[BLOCK_SIZE], data_mac[BLOCK_SIZE]; + int i; + + if (nonce_len > data_len) + buf_len = nonce_len; + else + buf_len = data_len; + if (hdr_len > buf_len) + buf_len = hdr_len; + buf_len += 16; + + buf = os_malloc(buf_len); + if (buf == NULL) + return -1; + + os_memset(buf, 0, 15); + + buf[15] = 0; + os_memcpy(buf + 16, nonce, nonce_len); + omac1_aes_128(key, buf, 16 + nonce_len, nonce_mac); + + buf[15] = 1; + os_memcpy(buf + 16, hdr, hdr_len); + omac1_aes_128(key, buf, 16 + hdr_len, hdr_mac); + + buf[15] = 2; + os_memcpy(buf + 16, data, data_len); + omac1_aes_128(key, buf, 16 + data_len, data_mac); + + os_free(buf); + + for (i = 0; i < BLOCK_SIZE; i++) { + if (tag[i] != (nonce_mac[i] ^ data_mac[i] ^ hdr_mac[i])) + return -2; + } + + aes_128_ctr_encrypt(key, nonce_mac, data, data_len); + + return 0; +} + +#endif /* CONFIG_NO_AES_EAX */ + + +#ifndef CONFIG_NO_AES_CBC + +/** + * aes_128_cbc_encrypt - AES-128 CBC encryption + * @key: Encryption key + * @iv: Encryption IV for CBC mode (16 bytes) + * @data: Data to encrypt in-place + * @data_len: Length of data in bytes (must be divisible by 16) + * Returns: 0 on success, -1 on failure + */ +int aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len) +{ + void *ctx; + u8 cbc[BLOCK_SIZE]; + u8 *pos = data; + int i, j, blocks; + + ctx = aes_encrypt_init(key, 16); + if (ctx == NULL) + return -1; + os_memcpy(cbc, iv, BLOCK_SIZE); + + blocks = data_len / BLOCK_SIZE; + for (i = 0; i < blocks; i++) { + for (j = 0; j < BLOCK_SIZE; j++) + cbc[j] ^= pos[j]; + aes_encrypt(ctx, cbc, cbc); + os_memcpy(pos, cbc, BLOCK_SIZE); + pos += BLOCK_SIZE; + } + aes_encrypt_deinit(ctx); + return 0; +} + + +/** + * aes_128_cbc_decrypt - AES-128 CBC decryption + * @key: Decryption key + * @iv: Decryption IV for CBC mode (16 bytes) + * @data: Data to decrypt in-place + * @data_len: Length of data in bytes (must be divisible by 16) + * Returns: 0 on success, -1 on failure + */ +int aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, size_t data_len) +{ + void *ctx; + u8 cbc[BLOCK_SIZE], tmp[BLOCK_SIZE]; + u8 *pos = data; + int i, j, blocks; + + ctx = aes_decrypt_init(key, 16); + if (ctx == NULL) + return -1; + os_memcpy(cbc, iv, BLOCK_SIZE); + + blocks = data_len / BLOCK_SIZE; + for (i = 0; i < blocks; i++) { + os_memcpy(tmp, pos, BLOCK_SIZE); + aes_decrypt(ctx, pos, pos); + for (j = 0; j < BLOCK_SIZE; j++) + pos[j] ^= cbc[j]; + os_memcpy(cbc, tmp, BLOCK_SIZE); + pos += BLOCK_SIZE; + } + aes_decrypt_deinit(ctx); + return 0; +} + +#endif /* CONFIG_NO_AES_CBC */ diff --git a/contrib/hostapd-0.5.8/aes_wrap.h b/contrib/hostapd-0.5.8/aes_wrap.h new file mode 100644 index 0000000000..1bc6971eff --- /dev/null +++ b/contrib/hostapd-0.5.8/aes_wrap.h @@ -0,0 +1,42 @@ +/* + * AES-based functions + * + * - AES Key Wrap Algorithm (128-bit KEK) (RFC3394) + * - One-Key CBC MAC (OMAC1) hash with AES-128 + * - AES-128 CTR mode encryption + * - AES-128 EAX mode encryption/decryption + * - AES-128 CBC + * + * Copyright (c) 2003-2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef AES_WRAP_H +#define AES_WRAP_H + +int aes_wrap(const u8 *kek, int n, const u8 *plain, u8 *cipher); +int aes_unwrap(const u8 *kek, int n, const u8 *cipher, u8 *plain); +int omac1_aes_128(const u8 *key, const u8 *data, size_t data_len, u8 *mac); +int aes_128_encrypt_block(const u8 *key, const u8 *in, u8 *out); +int aes_128_ctr_encrypt(const u8 *key, const u8 *nonce, + u8 *data, size_t data_len); +int aes_128_eax_encrypt(const u8 *key, const u8 *nonce, size_t nonce_len, + const u8 *hdr, size_t hdr_len, + u8 *data, size_t data_len, u8 *tag); +int aes_128_eax_decrypt(const u8 *key, const u8 *nonce, size_t nonce_len, + const u8 *hdr, size_t hdr_len, + u8 *data, size_t data_len, const u8 *tag); +int aes_128_cbc_encrypt(const u8 *key, const u8 *iv, u8 *data, + size_t data_len); +int aes_128_cbc_decrypt(const u8 *key, const u8 *iv, u8 *data, + size_t data_len); + +#endif /* AES_WRAP_H */ diff --git a/contrib/hostapd-0.5.8/ap.h b/contrib/hostapd-0.5.8/ap.h new file mode 100644 index 0000000000..b73c5b47a6 --- /dev/null +++ b/contrib/hostapd-0.5.8/ap.h @@ -0,0 +1,111 @@ +/* + * hostapd / Station table data structures + * Copyright (c) 2002-2004, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef AP_H +#define AP_H + +/* STA flags */ +#define WLAN_STA_AUTH BIT(0) +#define WLAN_STA_ASSOC BIT(1) +#define WLAN_STA_PS BIT(2) +#define WLAN_STA_TIM BIT(3) +#define WLAN_STA_PERM BIT(4) +#define WLAN_STA_AUTHORIZED BIT(5) +#define WLAN_STA_PENDING_POLL BIT(6) /* pending activity poll not ACKed */ +#define WLAN_STA_SHORT_PREAMBLE BIT(7) +#define WLAN_STA_PREAUTH BIT(8) +#define WLAN_STA_WME BIT(9) +#define WLAN_STA_NONERP BIT(31) + +/* Maximum number of supported rates (from both Supported Rates and Extended + * Supported Rates IEs). */ +#define WLAN_SUPP_RATES_MAX 32 + + +struct sta_info { + struct sta_info *next; /* next entry in sta list */ + struct sta_info *hnext; /* next entry in hash table list */ + u8 addr[6]; + u16 aid; /* STA's unique AID (1 .. 2007) or 0 if not yet assigned */ + u32 flags; + u16 capability; + u16 listen_interval; /* or beacon_int for APs */ + u8 supported_rates[WLAN_SUPP_RATES_MAX]; + int supported_rates_len; + + unsigned int nonerp_set:1; + unsigned int no_short_slot_time_set:1; + unsigned int no_short_preamble_set:1; + + u16 auth_alg; + u8 previous_ap[6]; + + enum { + STA_NULLFUNC = 0, STA_DISASSOC, STA_DEAUTH, STA_REMOVE + } timeout_next; + + /* IEEE 802.1X related data */ + struct eapol_state_machine *eapol_sm; + + /* IEEE 802.11f (IAPP) related data */ + struct ieee80211_mgmt *last_assoc_req; + + u32 acct_session_id_hi; + u32 acct_session_id_lo; + time_t acct_session_start; + int acct_session_started; + int acct_terminate_cause; /* Acct-Terminate-Cause */ + int acct_interim_interval; /* Acct-Interim-Interval */ + + unsigned long last_rx_bytes; + unsigned long last_tx_bytes; + u32 acct_input_gigawords; /* Acct-Input-Gigawords */ + u32 acct_output_gigawords; /* Acct-Output-Gigawords */ + + u8 *challenge; /* IEEE 802.11 Shared Key Authentication Challenge */ + + struct wpa_state_machine *wpa_sm; + struct rsn_preauth_interface *preauth_iface; + + struct hostapd_ssid *ssid; /* SSID selection based on (Re)AssocReq */ + struct hostapd_ssid *ssid_probe; /* SSID selection based on ProbeReq */ + + int vlan_id; +}; + + +/* Maximum number of AIDs to use for STAs; must be 2007 or lower + * (8802.11 limitation) */ +#define MAX_AID_TABLE_SIZE 128 + +#define STA_HASH_SIZE 256 +#define STA_HASH(sta) (sta[5]) + + +/* Default value for maximum station inactivity. After AP_MAX_INACTIVITY has + * passed since last received frame from the station, a nullfunc data frame is + * sent to the station. If this frame is not acknowledged and no other frames + * have been received, the station will be disassociated after + * AP_DISASSOC_DELAY seconds. Similarily, the station will be deauthenticated + * after AP_DEAUTH_DELAY seconds has passed after disassociation. */ +#define AP_MAX_INACTIVITY (5 * 60) +#define AP_DISASSOC_DELAY (1) +#define AP_DEAUTH_DELAY (1) +/* Number of seconds to keep STA entry with Authenticated flag after it has + * been disassociated. */ +#define AP_MAX_INACTIVITY_AFTER_DISASSOC (1 * 30) +/* Number of seconds to keep STA entry after it has been deauthenticated. */ +#define AP_MAX_INACTIVITY_AFTER_DEAUTH (1 * 5) + +#endif /* AP_H */ diff --git a/contrib/hostapd-0.5.8/ap_list.c b/contrib/hostapd-0.5.8/ap_list.c new file mode 100644 index 0000000000..f2d322125f --- /dev/null +++ b/contrib/hostapd-0.5.8/ap_list.c @@ -0,0 +1,459 @@ +/* + * hostapd / AP table + * Copyright 2002-2003, Jouni Malinen + * Copyright 2003-2004, Instant802 Networks, Inc. + * Copyright 2006, Devicescape Software, Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "hostapd.h" +#include "ieee802_11.h" +#include "eloop.h" +#include "ap_list.h" +#include "hw_features.h" +#include "beacon.h" + + +struct ieee80211_frame_info { + u32 version; + u32 length; + u64 mactime; + u64 hosttime; + u32 phytype; + u32 channel; + u32 datarate; + u32 antenna; + u32 priority; + u32 ssi_type; + u32 ssi_signal; + u32 ssi_noise; + u32 preamble; + u32 encoding; + + /* Note: this structure is otherwise identical to capture format used + * in linux-wlan-ng, but this additional field is used to provide meta + * data about the frame to hostapd. This was the easiest method for + * providing this information, but this might change in the future. */ + u32 msg_type; +} __attribute__ ((packed)); + + +enum ieee80211_phytype { + ieee80211_phytype_fhss_dot11_97 = 1, + ieee80211_phytype_dsss_dot11_97 = 2, + ieee80211_phytype_irbaseband = 3, + ieee80211_phytype_dsss_dot11_b = 4, + ieee80211_phytype_pbcc_dot11_b = 5, + ieee80211_phytype_ofdm_dot11_g = 6, + ieee80211_phytype_pbcc_dot11_g = 7, + ieee80211_phytype_ofdm_dot11_a = 8, + ieee80211_phytype_dsss_dot11_turbog = 255, + ieee80211_phytype_dsss_dot11_turbo = 256, +}; + + +/* AP list is a double linked list with head->prev pointing to the end of the + * list and tail->next = NULL. Entries are moved to the head of the list + * whenever a beacon has been received from the AP in question. The tail entry + * in this link will thus be the least recently used entry. */ + + +static void ap_list_new_ap(struct hostapd_iface *iface, struct ap_info *ap) +{ + wpa_printf(MSG_DEBUG, "New AP detected: " MACSTR, MAC2STR(ap->addr)); + + /* TODO: could send a notification message to an external program that + * would then determine whether a rogue AP has been detected */ +} + + +static void ap_list_expired_ap(struct hostapd_iface *iface, struct ap_info *ap) +{ + wpa_printf(MSG_DEBUG, "AP info expired: " MACSTR, MAC2STR(ap->addr)); + + /* TODO: could send a notification message to an external program */ +} + + +static int ap_list_beacon_olbc(struct hostapd_iface *iface, struct ap_info *ap) +{ + int i; + + if (iface->current_mode->mode != HOSTAPD_MODE_IEEE80211G || + ap->phytype != ieee80211_phytype_pbcc_dot11_g || + iface->conf->channel != ap->channel) + return 0; + + if (ap->erp != -1 && (ap->erp & ERP_INFO_NON_ERP_PRESENT)) + return 1; + + for (i = 0; i < WLAN_SUPP_RATES_MAX; i++) { + int rate = (ap->supported_rates[i] & 0x7f) * 5; + if (rate == 60 || rate == 90 || rate > 110) + return 0; + } + + return 1; +} + + +struct ap_info * ap_get_ap(struct hostapd_iface *iface, u8 *ap) +{ + struct ap_info *s; + + s = iface->ap_hash[STA_HASH(ap)]; + while (s != NULL && memcmp(s->addr, ap, ETH_ALEN) != 0) + s = s->hnext; + return s; +} + + +static void ap_ap_list_add(struct hostapd_iface *iface, struct ap_info *ap) +{ + if (iface->ap_list) { + ap->prev = iface->ap_list->prev; + iface->ap_list->prev = ap; + } else + ap->prev = ap; + ap->next = iface->ap_list; + iface->ap_list = ap; +} + + +static void ap_ap_list_del(struct hostapd_iface *iface, struct ap_info *ap) +{ + if (iface->ap_list == ap) + iface->ap_list = ap->next; + else + ap->prev->next = ap->next; + + if (ap->next) + ap->next->prev = ap->prev; + else if (iface->ap_list) + iface->ap_list->prev = ap->prev; +} + + +static void ap_ap_iter_list_add(struct hostapd_iface *iface, + struct ap_info *ap) +{ + if (iface->ap_iter_list) { + ap->iter_prev = iface->ap_iter_list->iter_prev; + iface->ap_iter_list->iter_prev = ap; + } else + ap->iter_prev = ap; + ap->iter_next = iface->ap_iter_list; + iface->ap_iter_list = ap; +} + + +static void ap_ap_iter_list_del(struct hostapd_iface *iface, + struct ap_info *ap) +{ + if (iface->ap_iter_list == ap) + iface->ap_iter_list = ap->iter_next; + else + ap->iter_prev->iter_next = ap->iter_next; + + if (ap->iter_next) + ap->iter_next->iter_prev = ap->iter_prev; + else if (iface->ap_iter_list) + iface->ap_iter_list->iter_prev = ap->iter_prev; +} + + +static void ap_ap_hash_add(struct hostapd_iface *iface, struct ap_info *ap) +{ + ap->hnext = iface->ap_hash[STA_HASH(ap->addr)]; + iface->ap_hash[STA_HASH(ap->addr)] = ap; +} + + +static void ap_ap_hash_del(struct hostapd_iface *iface, struct ap_info *ap) +{ + struct ap_info *s; + + s = iface->ap_hash[STA_HASH(ap->addr)]; + if (s == NULL) return; + if (memcmp(s->addr, ap->addr, ETH_ALEN) == 0) { + iface->ap_hash[STA_HASH(ap->addr)] = s->hnext; + return; + } + + while (s->hnext != NULL && + memcmp(s->hnext->addr, ap->addr, ETH_ALEN) != 0) + s = s->hnext; + if (s->hnext != NULL) + s->hnext = s->hnext->hnext; + else + printf("AP: could not remove AP " MACSTR " from hash table\n", + MAC2STR(ap->addr)); +} + + +static void ap_free_ap(struct hostapd_iface *iface, struct ap_info *ap) +{ + ap_ap_hash_del(iface, ap); + ap_ap_list_del(iface, ap); + ap_ap_iter_list_del(iface, ap); + + iface->num_ap--; + free(ap); +} + + +static void hostapd_free_aps(struct hostapd_iface *iface) +{ + struct ap_info *ap, *prev; + + ap = iface->ap_list; + + while (ap) { + prev = ap; + ap = ap->next; + ap_free_ap(iface, prev); + } + + iface->ap_list = NULL; +} + + +int ap_ap_for_each(struct hostapd_iface *iface, + int (*func)(struct ap_info *s, void *data), void *data) +{ + struct ap_info *s; + int ret = 0; + + s = iface->ap_list; + + while (s) { + ret = func(s, data); + if (ret) + break; + s = s->next; + } + + return ret; +} + + +static struct ap_info * ap_ap_add(struct hostapd_iface *iface, u8 *addr) +{ + struct ap_info *ap; + + ap = wpa_zalloc(sizeof(struct ap_info)); + if (ap == NULL) + return NULL; + + /* initialize AP info data */ + memcpy(ap->addr, addr, ETH_ALEN); + ap_ap_list_add(iface, ap); + iface->num_ap++; + ap_ap_hash_add(iface, ap); + ap_ap_iter_list_add(iface, ap); + + if (iface->num_ap > iface->conf->ap_table_max_size && ap != ap->prev) { + wpa_printf(MSG_DEBUG, "Removing the least recently used AP " + MACSTR " from AP table", MAC2STR(ap->prev->addr)); + if (iface->conf->passive_scan_interval > 0) + ap_list_expired_ap(iface, ap->prev); + ap_free_ap(iface, ap->prev); + } + + return ap; +} + + +void ap_list_process_beacon(struct hostapd_iface *iface, + struct ieee80211_mgmt *mgmt, + struct ieee802_11_elems *elems, + struct hostapd_frame_info *fi) +{ + struct ap_info *ap; + int new_ap = 0; + size_t len; + + if (iface->conf->ap_table_max_size < 1) + return; + + ap = ap_get_ap(iface, mgmt->bssid); + if (!ap) { + ap = ap_ap_add(iface, mgmt->bssid); + if (!ap) { + printf("Failed to allocate AP information entry\n"); + return; + } + new_ap = 1; + } + + ap->beacon_int = le_to_host16(mgmt->u.beacon.beacon_int); + ap->capability = le_to_host16(mgmt->u.beacon.capab_info); + + if (elems->ssid) { + len = elems->ssid_len; + if (len >= sizeof(ap->ssid)) + len = sizeof(ap->ssid) - 1; + memcpy(ap->ssid, elems->ssid, len); + ap->ssid[len] = '\0'; + ap->ssid_len = len; + } + + memset(ap->supported_rates, 0, WLAN_SUPP_RATES_MAX); + len = 0; + if (elems->supp_rates) { + len = elems->supp_rates_len; + if (len > WLAN_SUPP_RATES_MAX) + len = WLAN_SUPP_RATES_MAX; + memcpy(ap->supported_rates, elems->supp_rates, len); + } + if (elems->ext_supp_rates) { + int len2; + if (len + elems->ext_supp_rates_len > WLAN_SUPP_RATES_MAX) + len2 = WLAN_SUPP_RATES_MAX - len; + else + len2 = elems->ext_supp_rates_len; + memcpy(ap->supported_rates + len, elems->ext_supp_rates, len2); + } + + ap->wpa = elems->wpa_ie != NULL; + + if (elems->erp_info && elems->erp_info_len == 1) + ap->erp = elems->erp_info[0]; + else + ap->erp = -1; + + if (elems->ds_params && elems->ds_params_len == 1) + ap->channel = elems->ds_params[0]; + else if (fi) + ap->channel = fi->channel; + + ap->num_beacons++; + time(&ap->last_beacon); + if (fi) { + ap->phytype = fi->phytype; + ap->ssi_signal = fi->ssi_signal; + ap->datarate = fi->datarate; + } + + if (new_ap) { + if (iface->conf->passive_scan_interval > 0) + ap_list_new_ap(iface, ap); + } else if (ap != iface->ap_list) { + /* move AP entry into the beginning of the list so that the + * oldest entry is always in the end of the list */ + ap_ap_list_del(iface, ap); + ap_ap_list_add(iface, ap); + } + + if (!iface->olbc && + ap_list_beacon_olbc(iface, ap)) { + struct hostapd_data *hapd = iface->bss[0]; + iface->olbc = 1; + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "OLBC AP detected: " MACSTR " - enable " + "protection\n", MAC2STR(ap->addr)); + ieee802_11_set_beacons(hapd->iface); + } +} + + +static void ap_list_timer(void *eloop_ctx, void *timeout_ctx) +{ + struct hostapd_iface *iface = eloop_ctx; + time_t now; + struct ap_info *ap; + + eloop_register_timeout(10, 0, ap_list_timer, iface, NULL); + + if (!iface->ap_list) + return; + + time(&now); + + /* FIX: it looks like jkm-Purina ended up in busy loop in this + * function. Apparently, something can still cause a loop in the AP + * list.. */ + + while (iface->ap_list) { + ap = iface->ap_list->prev; + if (ap->last_beacon + iface->conf->ap_table_expiration_time >= + now) + break; + + if (iface->conf->passive_scan_interval > 0) + ap_list_expired_ap(iface, ap); + ap_free_ap(iface, ap); + } + + if (iface->olbc) { + int olbc = 0; + ap = iface->ap_list; + while (ap) { + if (ap_list_beacon_olbc(iface, ap)) { + olbc = 1; + break; + } + ap = ap->next; + } + if (!olbc) { + struct hostapd_data *hapd = iface->bss[0]; + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "OLBC not detected anymore\n"); + iface->olbc = 0; + ieee802_11_set_beacons(hapd->iface); + } + } +} + + +int ap_list_init(struct hostapd_iface *iface) +{ + eloop_register_timeout(10, 0, ap_list_timer, iface, NULL); + return 0; +} + + +void ap_list_deinit(struct hostapd_iface *iface) +{ + eloop_cancel_timeout(ap_list_timer, iface, NULL); + hostapd_free_aps(iface); +} + + +int ap_list_reconfig(struct hostapd_iface *iface, + struct hostapd_config *oldconf) +{ + time_t now; + struct ap_info *ap; + + if (iface->conf->ap_table_max_size == oldconf->ap_table_max_size && + iface->conf->ap_table_expiration_time == + oldconf->ap_table_expiration_time) + return 0; + + time(&now); + + while (iface->ap_list) { + ap = iface->ap_list->prev; + if (iface->num_ap <= iface->conf->ap_table_max_size && + ap->last_beacon + iface->conf->ap_table_expiration_time >= + now) + break; + + if (iface->conf->passive_scan_interval > 0) + ap_list_expired_ap(iface, iface->ap_list->prev); + ap_free_ap(iface, iface->ap_list->prev); + } + + return 0; +} diff --git a/contrib/hostapd-0.5.8/ap_list.h b/contrib/hostapd-0.5.8/ap_list.h new file mode 100644 index 0000000000..668d909634 --- /dev/null +++ b/contrib/hostapd-0.5.8/ap_list.h @@ -0,0 +1,68 @@ +/* + * hostapd / AP table + * Copyright 2002-2003, Jouni Malinen + * Copyright 2003-2004, Instant802 Networks, Inc. + * Copyright 2006, Devicescape Software, Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef AP_LIST_H +#define AP_LIST_H + +struct ap_info { + /* Note: next/prev pointers are updated whenever a new beacon is + * received because these are used to find the least recently used + * entries. iter_next/iter_prev are updated only when adding new BSSes + * and when removing old ones. These should be used when iterating + * through the table in a manner that allows beacons to be received + * during the iteration. */ + struct ap_info *next; /* next entry in AP list */ + struct ap_info *prev; /* previous entry in AP list */ + struct ap_info *hnext; /* next entry in hash table list */ + struct ap_info *iter_next; /* next entry in AP iteration list */ + struct ap_info *iter_prev; /* previous entry in AP iteration list */ + u8 addr[6]; + u16 beacon_int; + u16 capability; + u8 supported_rates[WLAN_SUPP_RATES_MAX]; + u8 ssid[33]; + size_t ssid_len; + int wpa; + int erp; /* ERP Info or -1 if ERP info element not present */ + + int phytype; /* .11a / .11b / .11g / Atheros Turbo */ + int channel; + int datarate; /* in 100 kbps */ + int ssi_signal; + + unsigned int num_beacons; /* number of beacon frames received */ + time_t last_beacon; + + int already_seen; /* whether API call AP-NEW has already fetched + * information about this AP */ +}; + +struct ieee802_11_elems; +struct hostapd_frame_info; + +struct ap_info * ap_get_ap(struct hostapd_iface *iface, u8 *sta); +int ap_ap_for_each(struct hostapd_iface *iface, + int (*func)(struct ap_info *s, void *data), void *data); +void ap_list_process_beacon(struct hostapd_iface *iface, + struct ieee80211_mgmt *mgmt, + struct ieee802_11_elems *elems, + struct hostapd_frame_info *fi); +int ap_list_init(struct hostapd_iface *iface); +void ap_list_deinit(struct hostapd_iface *iface); +int ap_list_reconfig(struct hostapd_iface *iface, + struct hostapd_config *oldconf); + +#endif /* AP_LIST_H */ diff --git a/contrib/hostapd-0.5.8/beacon.c b/contrib/hostapd-0.5.8/beacon.c new file mode 100644 index 0000000000..7af2bc1754 --- /dev/null +++ b/contrib/hostapd-0.5.8/beacon.c @@ -0,0 +1,419 @@ +/* + * hostapd / IEEE 802.11 Management: Beacon and Probe Request/Response + * Copyright (c) 2002-2004, Instant802 Networks, Inc. + * Copyright (c) 2005-2006, Devicescape Software, Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#ifndef CONFIG_NATIVE_WINDOWS + +#include "hostapd.h" +#include "ieee802_11.h" +#include "wpa.h" +#include "wme.h" +#include "beacon.h" +#include "hw_features.h" +#include "driver.h" +#include "sta_info.h" +#include "ieee802_11h.h" + + +static u8 ieee802_11_erp_info(struct hostapd_data *hapd) +{ + u8 erp = 0; + + if (hapd->iface == NULL || hapd->iface->current_mode == NULL || + hapd->iface->current_mode->mode != HOSTAPD_MODE_IEEE80211G) + return 0; + + switch (hapd->iconf->cts_protection_type) { + case CTS_PROTECTION_FORCE_ENABLED: + erp |= ERP_INFO_NON_ERP_PRESENT | ERP_INFO_USE_PROTECTION; + break; + case CTS_PROTECTION_FORCE_DISABLED: + erp = 0; + break; + case CTS_PROTECTION_AUTOMATIC: + if (hapd->iface->olbc) + erp |= ERP_INFO_USE_PROTECTION; + /* continue */ + case CTS_PROTECTION_AUTOMATIC_NO_OLBC: + if (hapd->iface->num_sta_non_erp > 0) { + erp |= ERP_INFO_NON_ERP_PRESENT | + ERP_INFO_USE_PROTECTION; + } + break; + } + if (hapd->iface->num_sta_no_short_preamble > 0) + erp |= ERP_INFO_BARKER_PREAMBLE_MODE; + + return erp; +} + + +static u8 * hostapd_eid_ds_params(struct hostapd_data *hapd, u8 *eid) +{ + *eid++ = WLAN_EID_DS_PARAMS; + *eid++ = 1; + *eid++ = hapd->iconf->channel; + return eid; +} + + +static u8 * hostapd_eid_erp_info(struct hostapd_data *hapd, u8 *eid) +{ + if (hapd->iface == NULL || hapd->iface->current_mode == NULL || + hapd->iface->current_mode->mode != HOSTAPD_MODE_IEEE80211G) + return eid; + + /* Set NonERP_present and use_protection bits if there + * are any associated NonERP stations. */ + /* TODO: use_protection bit can be set to zero even if + * there are NonERP stations present. This optimization + * might be useful if NonERP stations are "quiet". + * See 802.11g/D6 E-1 for recommended practice. + * In addition, Non ERP present might be set, if AP detects Non ERP + * operation on other APs. */ + + /* Add ERP Information element */ + *eid++ = WLAN_EID_ERP_INFO; + *eid++ = 1; + *eid++ = ieee802_11_erp_info(hapd); + + return eid; +} + + +static u8 * hostapd_eid_country(struct hostapd_data *hapd, u8 *eid, + int max_len) +{ + int left; + u8 *pos = eid; + + if ((!hapd->iconf->ieee80211d && !hapd->iface->dfs_enable) || + max_len < 6) + return eid; + + *pos++ = WLAN_EID_COUNTRY; + pos++; /* length will be set later */ + memcpy(pos, hapd->iconf->country, 3); /* e.g., 'US ' */ + pos += 3; + left = max_len - 3; + + if ((pos - eid) & 1) { + if (left < 1) + return eid; + *pos++ = 0; /* pad for 16-bit alignment */ + left--; + } + + eid[1] = (pos - eid) - 2; + + return pos; +} + + +static u8 * hostapd_eid_power_constraint(struct hostapd_data *hapd, u8 *eid) + +{ + if (!hapd->iface->dfs_enable) + return eid; + *eid++ = WLAN_EID_PWR_CONSTRAINT; + *eid++ = 1; + *eid++ = hapd->iface->pwr_const; + return eid; +} + + +static u8 * hostapd_eid_tpc_report(struct hostapd_data *hapd, u8 *eid) + +{ + if (!hapd->iface->dfs_enable) + return eid; + *eid++ = WLAN_EID_TPC_REPORT; + *eid++ = 2; + *eid++ = hapd->iface->tx_power; /* TX POWER */ + *eid++ = 0; /* Link Margin */ + return eid; +} + +static u8 * hostapd_eid_channel_switch(struct hostapd_data *hapd, u8 *eid) + +{ + if (!hapd->iface->dfs_enable || !hapd->iface->channel_switch) + return eid; + *eid++ = WLAN_EID_CHANNEL_SWITCH; + *eid++ = 3; + *eid++ = CHAN_SWITCH_MODE_QUIET; + *eid++ = hapd->iface->channel_switch; /* New channel */ + /* 0 - very soon; 1 - before next TBTT; num - after num beacons */ + *eid++ = 0; + return eid; +} + + +static u8 * hostapd_eid_wpa(struct hostapd_data *hapd, u8 *eid, size_t len, + struct sta_info *sta) +{ + const u8 *ie; + size_t ielen; + + ie = wpa_auth_get_wpa_ie(hapd->wpa_auth, &ielen); + if (ie == NULL || ielen > len) + return eid; + + memcpy(eid, ie, ielen); + return eid + ielen; +} + + +void handle_probe_req(struct hostapd_data *hapd, struct ieee80211_mgmt *mgmt, + size_t len) +{ + struct ieee80211_mgmt *resp; + struct ieee802_11_elems elems; + char *ssid; + u8 *pos, *epos; + size_t ssid_len; + struct sta_info *sta = NULL; + + if (!hapd->iconf->send_probe_response) + return; + + if (ieee802_11_parse_elems(hapd, mgmt->u.probe_req.variable, + len - (IEEE80211_HDRLEN + + sizeof(mgmt->u.probe_req)), &elems, + 0) + == ParseFailed) { + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "Could not parse ProbeReq from " MACSTR "\n", + MAC2STR(mgmt->sa)); + return; + } + + ssid = NULL; + ssid_len = 0; + + if ((!elems.ssid || !elems.supp_rates)) { + printf("STA " MACSTR " sent probe request without SSID or " + "supported rates element\n", MAC2STR(mgmt->sa)); + return; + } + + if (hapd->conf->ignore_broadcast_ssid && elems.ssid_len == 0) { + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MSGDUMPS, + "Probe Request from " MACSTR " for broadcast " + "SSID ignored\n", MAC2STR(mgmt->sa)); + return; + } + + sta = ap_get_sta(hapd, mgmt->sa); + + if (elems.ssid_len == 0 || + (elems.ssid_len == hapd->conf->ssid.ssid_len && + memcmp(elems.ssid, hapd->conf->ssid.ssid, elems.ssid_len) == 0)) { + ssid = hapd->conf->ssid.ssid; + ssid_len = hapd->conf->ssid.ssid_len; + if (sta) + sta->ssid_probe = &hapd->conf->ssid; + } + + if (!ssid) { + if (HOSTAPD_DEBUG_COND(HOSTAPD_DEBUG_MSGDUMPS)) { + printf("Probe Request from " MACSTR " for foreign " + "SSID '", MAC2STR(mgmt->sa)); + ieee802_11_print_ssid(elems.ssid, elems.ssid_len); + printf("'\n"); + } + return; + } + + /* TODO: verify that supp_rates contains at least one matching rate + * with AP configuration */ +#define MAX_PROBERESP_LEN 512 + resp = wpa_zalloc(MAX_PROBERESP_LEN); + if (resp == NULL) + return; + epos = ((u8 *) resp) + MAX_PROBERESP_LEN; + + resp->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, + WLAN_FC_STYPE_PROBE_RESP); + memcpy(resp->da, mgmt->sa, ETH_ALEN); + memcpy(resp->sa, hapd->own_addr, ETH_ALEN); + + memcpy(resp->bssid, hapd->own_addr, ETH_ALEN); + resp->u.probe_resp.beacon_int = + host_to_le16(hapd->iconf->beacon_int); + + /* hardware or low-level driver will setup seq_ctrl and timestamp */ + resp->u.probe_resp.capab_info = + host_to_le16(hostapd_own_capab_info(hapd, sta, 1)); + + pos = resp->u.probe_resp.variable; + *pos++ = WLAN_EID_SSID; + *pos++ = ssid_len; + memcpy(pos, ssid, ssid_len); + pos += ssid_len; + + /* Supported rates */ + pos = hostapd_eid_supp_rates(hapd, pos); + + /* DS Params */ + pos = hostapd_eid_ds_params(hapd, pos); + + pos = hostapd_eid_country(hapd, pos, epos - pos); + + pos = hostapd_eid_power_constraint(hapd, pos); + pos = hostapd_eid_tpc_report(hapd, pos); + + /* ERP Information element */ + pos = hostapd_eid_erp_info(hapd, pos); + + /* Extended supported rates */ + pos = hostapd_eid_ext_supp_rates(hapd, pos); + + pos = hostapd_eid_wpa(hapd, pos, epos - pos, sta); + + /* Wi-Fi Wireless Multimedia Extensions */ + if (hapd->conf->wme_enabled) + pos = hostapd_eid_wme(hapd, pos); + + if (hostapd_send_mgmt_frame(hapd, resp, pos - (u8 *) resp, 0) < 0) + perror("handle_probe_req: send"); + + free(resp); + + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MSGDUMPS, "STA " MACSTR + " sent probe request for %s SSID\n", + MAC2STR(mgmt->sa), elems.ssid_len == 0 ? "broadcast" : + "our"); +} + + +void ieee802_11_set_beacon(struct hostapd_data *hapd) +{ + struct ieee80211_mgmt *head; + u8 *pos, *tail, *tailpos; + int preamble; + u16 capab_info; + size_t head_len, tail_len; + int cts_protection = ((ieee802_11_erp_info(hapd) & + ERP_INFO_USE_PROTECTION) ? 1 : 0); + +#define BEACON_HEAD_BUF_SIZE 256 +#define BEACON_TAIL_BUF_SIZE 256 + head = wpa_zalloc(BEACON_HEAD_BUF_SIZE); + tailpos = tail = malloc(BEACON_TAIL_BUF_SIZE); + if (head == NULL || tail == NULL) { + printf("Failed to set beacon data\n"); + free(head); + free(tail); + return; + } + + head->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, + WLAN_FC_STYPE_BEACON); + head->duration = host_to_le16(0); + memset(head->da, 0xff, ETH_ALEN); + + memcpy(head->sa, hapd->own_addr, ETH_ALEN); + memcpy(head->bssid, hapd->own_addr, ETH_ALEN); + head->u.beacon.beacon_int = + host_to_le16(hapd->iconf->beacon_int); + + /* hardware or low-level driver will setup seq_ctrl and timestamp */ + capab_info = hostapd_own_capab_info(hapd, NULL, 0); + head->u.beacon.capab_info = host_to_le16(capab_info); + pos = &head->u.beacon.variable[0]; + + /* SSID */ + *pos++ = WLAN_EID_SSID; + if (hapd->conf->ignore_broadcast_ssid == 2) { + /* clear the data, but keep the correct length of the SSID */ + *pos++ = hapd->conf->ssid.ssid_len; + memset(pos, 0, hapd->conf->ssid.ssid_len); + pos += hapd->conf->ssid.ssid_len; + } else if (hapd->conf->ignore_broadcast_ssid) { + *pos++ = 0; /* empty SSID */ + } else { + *pos++ = hapd->conf->ssid.ssid_len; + memcpy(pos, hapd->conf->ssid.ssid, hapd->conf->ssid.ssid_len); + pos += hapd->conf->ssid.ssid_len; + } + + /* Supported rates */ + pos = hostapd_eid_supp_rates(hapd, pos); + + /* DS Params */ + pos = hostapd_eid_ds_params(hapd, pos); + + head_len = pos - (u8 *) head; + + tailpos = hostapd_eid_country(hapd, tailpos, + tail + BEACON_TAIL_BUF_SIZE - tailpos); + + tailpos = hostapd_eid_power_constraint(hapd, tailpos); + tailpos = hostapd_eid_channel_switch(hapd, tailpos); + tailpos = hostapd_eid_tpc_report(hapd, tailpos); + + /* ERP Information element */ + tailpos = hostapd_eid_erp_info(hapd, tailpos); + + /* Extended supported rates */ + tailpos = hostapd_eid_ext_supp_rates(hapd, tailpos); + + tailpos = hostapd_eid_wpa(hapd, tailpos, tail + BEACON_TAIL_BUF_SIZE - + tailpos, NULL); + + /* Wi-Fi Wireless Multimedia Extensions */ + if (hapd->conf->wme_enabled) + tailpos = hostapd_eid_wme(hapd, tailpos); + + tail_len = tailpos > tail ? tailpos - tail : 0; + + if (hostapd_set_beacon(hapd->conf->iface, hapd, (u8 *) head, head_len, + tail, tail_len)) + printf("Failed to set beacon head/tail\n"); + + free(tail); + free(head); + + if (hostapd_set_cts_protect(hapd, cts_protection)) + printf("Failed to set CTS protect in kernel driver\n"); + + if (hapd->iface && hapd->iface->current_mode && + hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G && + hostapd_set_short_slot_time(hapd, + hapd->iface->num_sta_no_short_slot_time + > 0 ? 0 : 1)) + printf("Failed to set Short Slot Time option in kernel " + "driver\n"); + + if (hapd->iface && hapd->iface->num_sta_no_short_preamble == 0 && + hapd->iconf->preamble == SHORT_PREAMBLE) + preamble = SHORT_PREAMBLE; + else + preamble = LONG_PREAMBLE; + if (hostapd_set_preamble(hapd, preamble)) + printf("Could not set preamble for kernel driver\n"); +} + + +void ieee802_11_set_beacons(struct hostapd_iface *iface) +{ + size_t i; + for (i = 0; i < iface->num_bss; i++) + ieee802_11_set_beacon(iface->bss[i]); +} + +#endif /* CONFIG_NATIVE_WINDOWS */ diff --git a/contrib/hostapd-0.5.8/beacon.h b/contrib/hostapd-0.5.8/beacon.h new file mode 100644 index 0000000000..18e0da2e89 --- /dev/null +++ b/contrib/hostapd-0.5.8/beacon.h @@ -0,0 +1,24 @@ +/* + * hostapd / IEEE 802.11 Management: Beacon and Probe Request/Response + * Copyright (c) 2002-2004, Instant802 Networks, Inc. + * Copyright (c) 2005-2006, Devicescape Software, Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef BEACON_H +#define BEACON_H + +void handle_probe_req(struct hostapd_data *hapd, struct ieee80211_mgmt *mgmt, + size_t len); +void ieee802_11_set_beacon(struct hostapd_data *hapd); +void ieee802_11_set_beacons(struct hostapd_iface *iface); + +#endif /* BEACON_H */ diff --git a/contrib/hostapd-0.5.8/build_config.h b/contrib/hostapd-0.5.8/build_config.h new file mode 100644 index 0000000000..58bcda8253 --- /dev/null +++ b/contrib/hostapd-0.5.8/build_config.h @@ -0,0 +1,50 @@ +/* + * wpa_supplicant/hostapd - Build time configuration defines + * Copyright (c) 2005-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + * + * This header file can be used to define configuration defines that were + * originally defined in Makefile. This is mainly meant for IDE use or for + * systems that do not have suitable 'make' tool. In these cases, it may be + * easier to have a single place for defining all the needed C pre-processor + * defines. + */ + +#ifndef BUILD_CONFIG_H +#define BUILD_CONFIG_H + +/* Insert configuration defines, e.g., #define EAP_MD5, here, if needed. */ + +#ifdef CONFIG_WIN32_DEFAULTS +#define CONFIG_NATIVE_WINDOWS +#define CONFIG_ANSI_C_EXTRA +#define CONFIG_WINPCAP +#define IEEE8021X_EAPOL +#define EAP_TLS_FUNCS +#define PKCS12_FUNCS +#define PCSC_FUNCS +#define CONFIG_CTRL_IFACE +#define CONFIG_CTRL_IFACE_NAMED_PIPE +#define CONFIG_DRIVER_NDIS +#define CONFIG_NDIS_EVENTS_INTEGRATED +#define CONFIG_DEBUG_FILE +#define EAP_MD5 +#define EAP_TLS +#define EAP_MSCHAPv2 +#define EAP_PEAP +#define EAP_TTLS +#define EAP_GTC +#define EAP_OTP +#define EAP_LEAP +#define _CRT_SECURE_NO_DEPRECATE +#endif /* CONFIG_WIN32_DEFAULTS */ + +#endif /* BUILD_CONFIG_H */ diff --git a/contrib/hostapd-0.5.8/common.c b/contrib/hostapd-0.5.8/common.c new file mode 100644 index 0000000000..c8d6f130a9 --- /dev/null +++ b/contrib/hostapd-0.5.8/common.c @@ -0,0 +1,603 @@ +/* + * wpa_supplicant/hostapd / common helper functions, etc. + * Copyright (c) 2002-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "common.h" + + +#ifdef CONFIG_DEBUG_FILE +static FILE *out_file = NULL; +#endif /* CONFIG_DEBUG_FILE */ +int wpa_debug_use_file = 0; +int wpa_debug_level = MSG_INFO; +int wpa_debug_show_keys = 0; +int wpa_debug_timestamp = 0; + + +static int hex2num(char c) +{ + if (c >= '0' && c <= '9') + return c - '0'; + if (c >= 'a' && c <= 'f') + return c - 'a' + 10; + if (c >= 'A' && c <= 'F') + return c - 'A' + 10; + return -1; +} + + +static int hex2byte(const char *hex) +{ + int a, b; + a = hex2num(*hex++); + if (a < 0) + return -1; + b = hex2num(*hex++); + if (b < 0) + return -1; + return (a << 4) | b; +} + + +/** + * hwaddr_aton - Convert ASCII string to MAC address + * @txt: MAC address as a string (e.g., "00:11:22:33:44:55") + * @addr: Buffer for the MAC address (ETH_ALEN = 6 bytes) + * Returns: 0 on success, -1 on failure (e.g., string not a MAC address) + */ +int hwaddr_aton(const char *txt, u8 *addr) +{ + int i; + + for (i = 0; i < 6; i++) { + int a, b; + + a = hex2num(*txt++); + if (a < 0) + return -1; + b = hex2num(*txt++); + if (b < 0) + return -1; + *addr++ = (a << 4) | b; + if (i < 5 && *txt++ != ':') + return -1; + } + + return 0; +} + + +/** + * hexstr2bin - Convert ASCII hex string into binary data + * @hex: ASCII hex string (e.g., "01ab") + * @buf: Buffer for the binary data + * @len: Length of the text to convert in bytes (of buf); hex will be double + * this size + * Returns: 0 on success, -1 on failure (invalid hex string) + */ +int hexstr2bin(const char *hex, u8 *buf, size_t len) +{ + size_t i; + int a; + const char *ipos = hex; + u8 *opos = buf; + + for (i = 0; i < len; i++) { + a = hex2byte(ipos); + if (a < 0) + return -1; + *opos++ = a; + ipos += 2; + } + return 0; +} + + +/** + * inc_byte_array - Increment arbitrary length byte array by one + * @counter: Pointer to byte array + * @len: Length of the counter in bytes + * + * This function increments the last byte of the counter by one and continues + * rolling over to more significant bytes if the byte was incremented from + * 0xff to 0x00. + */ +void inc_byte_array(u8 *counter, size_t len) +{ + int pos = len - 1; + while (pos >= 0) { + counter[pos]++; + if (counter[pos] != 0) + break; + pos--; + } +} + + +void wpa_get_ntp_timestamp(u8 *buf) +{ + struct os_time now; + u32 sec, usec; + + /* 64-bit NTP timestamp (time from 1900-01-01 00:00:00) */ + os_get_time(&now); + sec = host_to_be32(now.sec + 2208988800U); /* Epoch to 1900 */ + /* Estimate 2^32/10^6 = 4295 - 1/32 - 1/512 */ + usec = now.usec; + usec = host_to_be32(4295 * usec - (usec >> 5) - (usec >> 9)); + os_memcpy(buf, (u8 *) &sec, 4); + os_memcpy(buf + 4, (u8 *) &usec, 4); +} + + + +#ifndef CONFIG_NO_STDOUT_DEBUG + +void wpa_debug_print_timestamp(void) +{ + struct os_time tv; + + if (!wpa_debug_timestamp) + return; + + os_get_time(&tv); +#ifdef CONFIG_DEBUG_FILE + if (out_file) { + fprintf(out_file, "%ld.%06u: ", (long) tv.sec, + (unsigned int) tv.usec); + } else +#endif /* CONFIG_DEBUG_FILE */ + printf("%ld.%06u: ", (long) tv.sec, (unsigned int) tv.usec); +} + + +/** + * wpa_printf - conditional printf + * @level: priority level (MSG_*) of the message + * @fmt: printf format string, followed by optional arguments + * + * This function is used to print conditional debugging and error messages. The + * output may be directed to stdout, stderr, and/or syslog based on + * configuration. + * + * Note: New line '\n' is added to the end of the text when printing to stdout. + */ +void wpa_printf(int level, char *fmt, ...) +{ + va_list ap; + + va_start(ap, fmt); + if (level >= wpa_debug_level) { + wpa_debug_print_timestamp(); +#ifdef CONFIG_DEBUG_FILE + if (out_file) { + vfprintf(out_file, fmt, ap); + fprintf(out_file, "\n"); + } else { +#endif /* CONFIG_DEBUG_FILE */ + vprintf(fmt, ap); + printf("\n"); +#ifdef CONFIG_DEBUG_FILE + } +#endif /* CONFIG_DEBUG_FILE */ + } + va_end(ap); +} + + +static void _wpa_hexdump(int level, const char *title, const u8 *buf, + size_t len, int show) +{ + size_t i; + if (level < wpa_debug_level) + return; + wpa_debug_print_timestamp(); +#ifdef CONFIG_DEBUG_FILE + if (out_file) { + fprintf(out_file, "%s - hexdump(len=%lu):", + title, (unsigned long) len); + if (buf == NULL) { + fprintf(out_file, " [NULL]"); + } else if (show) { + for (i = 0; i < len; i++) + fprintf(out_file, " %02x", buf[i]); + } else { + fprintf(out_file, " [REMOVED]"); + } + fprintf(out_file, "\n"); + } else { +#endif /* CONFIG_DEBUG_FILE */ + printf("%s - hexdump(len=%lu):", title, (unsigned long) len); + if (buf == NULL) { + printf(" [NULL]"); + } else if (show) { + for (i = 0; i < len; i++) + printf(" %02x", buf[i]); + } else { + printf(" [REMOVED]"); + } + printf("\n"); +#ifdef CONFIG_DEBUG_FILE + } +#endif /* CONFIG_DEBUG_FILE */ +} + +void wpa_hexdump(int level, const char *title, const u8 *buf, size_t len) +{ + _wpa_hexdump(level, title, buf, len, 1); +} + + +void wpa_hexdump_key(int level, const char *title, const u8 *buf, size_t len) +{ + _wpa_hexdump(level, title, buf, len, wpa_debug_show_keys); +} + + +static void _wpa_hexdump_ascii(int level, const char *title, const u8 *buf, + size_t len, int show) +{ + size_t i, llen; + const u8 *pos = buf; + const size_t line_len = 16; + + if (level < wpa_debug_level) + return; + wpa_debug_print_timestamp(); +#ifdef CONFIG_DEBUG_FILE + if (out_file) { + if (!show) { + fprintf(out_file, + "%s - hexdump_ascii(len=%lu): [REMOVED]\n", + title, (unsigned long) len); + return; + } + if (buf == NULL) { + fprintf(out_file, + "%s - hexdump_ascii(len=%lu): [NULL]\n", + title, (unsigned long) len); + return; + } + fprintf(out_file, "%s - hexdump_ascii(len=%lu):\n", + title, (unsigned long) len); + while (len) { + llen = len > line_len ? line_len : len; + fprintf(out_file, " "); + for (i = 0; i < llen; i++) + fprintf(out_file, " %02x", pos[i]); + for (i = llen; i < line_len; i++) + fprintf(out_file, " "); + fprintf(out_file, " "); + for (i = 0; i < llen; i++) { + if (isprint(pos[i])) + fprintf(out_file, "%c", pos[i]); + else + fprintf(out_file, "_"); + } + for (i = llen; i < line_len; i++) + fprintf(out_file, " "); + fprintf(out_file, "\n"); + pos += llen; + len -= llen; + } + } else { +#endif /* CONFIG_DEBUG_FILE */ + if (!show) { + printf("%s - hexdump_ascii(len=%lu): [REMOVED]\n", + title, (unsigned long) len); + return; + } + if (buf == NULL) { + printf("%s - hexdump_ascii(len=%lu): [NULL]\n", + title, (unsigned long) len); + return; + } + printf("%s - hexdump_ascii(len=%lu):\n", title, (unsigned long) len); + while (len) { + llen = len > line_len ? line_len : len; + printf(" "); + for (i = 0; i < llen; i++) + printf(" %02x", pos[i]); + for (i = llen; i < line_len; i++) + printf(" "); + printf(" "); + for (i = 0; i < llen; i++) { + if (isprint(pos[i])) + printf("%c", pos[i]); + else + printf("_"); + } + for (i = llen; i < line_len; i++) + printf(" "); + printf("\n"); + pos += llen; + len -= llen; + } +#ifdef CONFIG_DEBUG_FILE + } +#endif /* CONFIG_DEBUG_FILE */ +} + + +void wpa_hexdump_ascii(int level, const char *title, const u8 *buf, size_t len) +{ + _wpa_hexdump_ascii(level, title, buf, len, 1); +} + + +void wpa_hexdump_ascii_key(int level, const char *title, const u8 *buf, + size_t len) +{ + _wpa_hexdump_ascii(level, title, buf, len, wpa_debug_show_keys); +} + + +int wpa_debug_open_file(void) +{ +#ifdef CONFIG_DEBUG_FILE + static int count = 0; + char fname[64]; + if (!wpa_debug_use_file) + return 0; +#ifdef _WIN32 + os_snprintf(fname, sizeof(fname), "\\Temp\\wpa_supplicant-log-%d.txt", + count++); +#else /* _WIN32 */ + os_snprintf(fname, sizeof(fname), "/tmp/wpa_supplicant-log-%d.txt", + count++); +#endif /* _WIN32 */ + out_file = fopen(fname, "w"); + return out_file == NULL ? -1 : 0; +#else /* CONFIG_DEBUG_FILE */ + return 0; +#endif /* CONFIG_DEBUG_FILE */ +} + + +void wpa_debug_close_file(void) +{ +#ifdef CONFIG_DEBUG_FILE + if (!wpa_debug_use_file) + return; + fclose(out_file); + out_file = NULL; +#endif /* CONFIG_DEBUG_FILE */ +} + +#endif /* CONFIG_NO_STDOUT_DEBUG */ + + +#ifndef CONFIG_NO_WPA_MSG +static wpa_msg_cb_func wpa_msg_cb = NULL; + +void wpa_msg_register_cb(wpa_msg_cb_func func) +{ + wpa_msg_cb = func; +} + + +void wpa_msg(void *ctx, int level, char *fmt, ...) +{ + va_list ap; + char *buf; + const int buflen = 2048; + int len; + + buf = os_malloc(buflen); + if (buf == NULL) { + wpa_printf(MSG_ERROR, "wpa_msg: Failed to allocate message " + "buffer"); + return; + } + va_start(ap, fmt); + len = vsnprintf(buf, buflen, fmt, ap); + va_end(ap); + wpa_printf(level, "%s", buf); + if (wpa_msg_cb) + wpa_msg_cb(ctx, level, buf, len); + os_free(buf); +} +#endif /* CONFIG_NO_WPA_MSG */ + + +static inline int _wpa_snprintf_hex(char *buf, size_t buf_size, const u8 *data, + size_t len, int uppercase) +{ + size_t i; + char *pos = buf, *end = buf + buf_size; + int ret; + if (buf_size == 0) + return 0; + for (i = 0; i < len; i++) { + ret = os_snprintf(pos, end - pos, uppercase ? "%02X" : "%02x", + data[i]); + if (ret < 0 || ret >= end - pos) { + end[-1] = '\0'; + return pos - buf; + } + pos += ret; + } + end[-1] = '\0'; + return pos - buf; +} + +/** + * wpa_snprintf_hex - Print data as a hex string into a buffer + * @buf: Memory area to use as the output buffer + * @buf_size: Maximum buffer size in bytes (should be at least 2 * len + 1) + * @data: Data to be printed + * @len: Length of data in bytes + * Returns: Number of bytes written + */ +int wpa_snprintf_hex(char *buf, size_t buf_size, const u8 *data, size_t len) +{ + return _wpa_snprintf_hex(buf, buf_size, data, len, 0); +} + + +/** + * wpa_snprintf_hex_uppercase - Print data as a upper case hex string into buf + * @buf: Memory area to use as the output buffer + * @buf_size: Maximum buffer size in bytes (should be at least 2 * len + 1) + * @data: Data to be printed + * @len: Length of data in bytes + * Returns: Number of bytes written + */ +int wpa_snprintf_hex_uppercase(char *buf, size_t buf_size, const u8 *data, + size_t len) +{ + return _wpa_snprintf_hex(buf, buf_size, data, len, 1); +} + + +#ifdef CONFIG_ANSI_C_EXTRA + +#ifdef _WIN32_WCE +void perror(const char *s) +{ + wpa_printf(MSG_ERROR, "%s: GetLastError: %d", + s, (int) GetLastError()); +} +#endif /* _WIN32_WCE */ + + +int optind = 1; +int optopt; +char *optarg; + +int getopt(int argc, char *const argv[], const char *optstring) +{ + static int optchr = 1; + char *cp; + + if (optchr == 1) { + if (optind >= argc) { + /* all arguments processed */ + return EOF; + } + + if (argv[optind][0] != '-' || argv[optind][1] == '\0') { + /* no option characters */ + return EOF; + } + } + + if (os_strcmp(argv[optind], "--") == 0) { + /* no more options */ + optind++; + return EOF; + } + + optopt = argv[optind][optchr]; + cp = os_strchr(optstring, optopt); + if (cp == NULL || optopt == ':') { + if (argv[optind][++optchr] == '\0') { + optchr = 1; + optind++; + } + return '?'; + } + + if (cp[1] == ':') { + /* Argument required */ + optchr = 1; + if (argv[optind][optchr + 1]) { + /* No space between option and argument */ + optarg = &argv[optind++][optchr + 1]; + } else if (++optind >= argc) { + /* option requires an argument */ + return '?'; + } else { + /* Argument in the next argv */ + optarg = argv[optind++]; + } + } else { + /* No argument */ + if (argv[optind][++optchr] == '\0') { + optchr = 1; + optind++; + } + optarg = NULL; + } + return *cp; +} +#endif /* CONFIG_ANSI_C_EXTRA */ + + +#ifdef CONFIG_NATIVE_WINDOWS +/** + * wpa_unicode2ascii_inplace - Convert unicode string into ASCII + * @str: Pointer to string to convert + * + * This function converts a unicode string to ASCII using the same + * buffer for output. If UNICODE is not set, the buffer is not + * modified. + */ +void wpa_unicode2ascii_inplace(TCHAR *str) +{ +#ifdef UNICODE + char *dst = (char *) str; + while (*str) + *dst++ = (char) *str++; + *dst = '\0'; +#endif /* UNICODE */ +} + + +TCHAR * wpa_strdup_tchar(const char *str) +{ +#ifdef UNICODE + TCHAR *buf; + buf = os_malloc((strlen(str) + 1) * sizeof(TCHAR)); + if (buf == NULL) + return NULL; + wsprintf(buf, L"%S", str); + return buf; +#else /* UNICODE */ + return os_strdup(str); +#endif /* UNICODE */ +} +#endif /* CONFIG_NATIVE_WINDOWS */ + + +/** + * wpa_ssid_txt - Convert SSID to a printable string + * @ssid: SSID (32-octet string) + * @ssid_len: Length of ssid in octets + * Returns: Pointer to a printable string + * + * This function can be used to convert SSIDs into printable form. In most + * cases, SSIDs do not use unprintable characters, but IEEE 802.11 standard + * does not limit the used character set, so anything could be used in an SSID. + * + * This function uses a static buffer, so only one call can be used at the + * time, i.e., this is not re-entrant and the returned buffer must be used + * before calling this again. + */ +const char * wpa_ssid_txt(u8 *ssid, size_t ssid_len) +{ + static char ssid_txt[33]; + char *pos; + + if (ssid_len > 32) + ssid_len = 32; + os_memcpy(ssid_txt, ssid, ssid_len); + ssid_txt[ssid_len] = '\0'; + for (pos = ssid_txt; *pos != '\0'; pos++) { + if ((u8) *pos < 32 || (u8) *pos >= 127) + *pos = '_'; + } + return ssid_txt; +} diff --git a/contrib/hostapd-0.5.8/common.h b/contrib/hostapd-0.5.8/common.h new file mode 100644 index 0000000000..b200b580d5 --- /dev/null +++ b/contrib/hostapd-0.5.8/common.h @@ -0,0 +1,492 @@ +/* + * wpa_supplicant/hostapd / common helper functions, etc. + * Copyright (c) 2002-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef COMMON_H +#define COMMON_H + +#include "os.h" + +#ifdef __linux__ +#include +#include +#endif /* __linux__ */ + +#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__) +#include +#include +#define __BYTE_ORDER _BYTE_ORDER +#define __LITTLE_ENDIAN _LITTLE_ENDIAN +#define __BIG_ENDIAN _BIG_ENDIAN +#define bswap_16 bswap16 +#define bswap_32 bswap32 +#define bswap_64 bswap64 +#endif /* defined(__FreeBSD__) || defined(__NetBSD__) || + * defined(__DragonFly__) */ + +#ifdef CONFIG_TI_COMPILER +#define __BIG_ENDIAN 4321 +#define __LITTLE_ENDIAN 1234 +#ifdef __big_endian__ +#define __BYTE_ORDER __BIG_ENDIAN +#else +#define __BYTE_ORDER __LITTLE_ENDIAN +#endif +#endif /* CONFIG_TI_COMPILER */ + +#ifdef CONFIG_NATIVE_WINDOWS +#include + +typedef int socklen_t; + +#ifndef MSG_DONTWAIT +#define MSG_DONTWAIT 0 /* not supported */ +#endif + +#endif /* CONFIG_NATIVE_WINDOWS */ + +#if defined(__CYGWIN__) || defined(CONFIG_NATIVE_WINDOWS) + +#ifdef _MSC_VER +#define inline __inline +#endif /* _MSC_VER */ + +static inline unsigned short wpa_swap_16(unsigned short v) +{ + return ((v & 0xff) << 8) | (v >> 8); +} + +static inline unsigned int wpa_swap_32(unsigned int v) +{ + return ((v & 0xff) << 24) | ((v & 0xff00) << 8) | + ((v & 0xff0000) >> 8) | (v >> 24); +} + +#define le_to_host16(n) (n) +#define host_to_le16(n) (n) +#define be_to_host16(n) wpa_swap_16(n) +#define host_to_be16(n) wpa_swap_16(n) +#define le_to_host32(n) (n) +#define be_to_host32(n) wpa_swap_32(n) +#define host_to_be32(n) wpa_swap_32(n) + +#else /* __CYGWIN__ */ + +#ifndef __BYTE_ORDER +#ifndef __LITTLE_ENDIAN +#ifndef __BIG_ENDIAN +#define __LITTLE_ENDIAN 1234 +#define __BIG_ENDIAN 4321 +#if defined(sparc) +#define __BYTE_ORDER __BIG_ENDIAN +#endif +#endif /* __BIG_ENDIAN */ +#endif /* __LITTLE_ENDIAN */ +#endif /* __BYTE_ORDER */ + +#if __BYTE_ORDER == __LITTLE_ENDIAN +#define le_to_host16(n) (n) +#define host_to_le16(n) (n) +#define be_to_host16(n) bswap_16(n) +#define host_to_be16(n) bswap_16(n) +#define le_to_host32(n) (n) +#define be_to_host32(n) bswap_32(n) +#define host_to_be32(n) bswap_32(n) +#define le_to_host64(n) (n) +#define host_to_le64(n) (n) +#define be_to_host64(n) bswap_64(n) +#define host_to_be64(n) bswap_64(n) +#elif __BYTE_ORDER == __BIG_ENDIAN +#define le_to_host16(n) bswap_16(n) +#define host_to_le16(n) bswap_16(n) +#define be_to_host16(n) (n) +#define host_to_be16(n) (n) +#define le_to_host32(n) bswap_32(n) +#define be_to_host32(n) (n) +#define host_to_be32(n) (n) +#define le_to_host64(n) bswap_64(n) +#define host_to_le64(n) bswap_64(n) +#define be_to_host64(n) (n) +#define host_to_be64(n) (n) +#ifndef WORDS_BIGENDIAN +#define WORDS_BIGENDIAN +#endif +#else +#error Could not determine CPU byte order +#endif + +#endif /* __CYGWIN__ */ + +/* Macros for handling unaligned 16-bit variables */ +#define WPA_GET_BE16(a) ((u16) (((a)[0] << 8) | (a)[1])) +#define WPA_PUT_BE16(a, val) \ + do { \ + (a)[0] = ((u16) (val)) >> 8; \ + (a)[1] = ((u16) (val)) & 0xff; \ + } while (0) + +#define WPA_GET_LE16(a) ((u16) (((a)[1] << 8) | (a)[0])) +#define WPA_PUT_LE16(a, val) \ + do { \ + (a)[1] = ((u16) (val)) >> 8; \ + (a)[0] = ((u16) (val)) & 0xff; \ + } while (0) + +#define WPA_GET_BE24(a) ((((u32) (a)[0]) << 16) | (((u32) (a)[1]) << 8) | \ + ((u32) (a)[2])) +#define WPA_PUT_BE24(a, val) \ + do { \ + (a)[0] = (u8) (((u32) (val)) >> 16); \ + (a)[1] = (u8) (((u32) (val)) >> 8); \ + (a)[2] = (u8) (((u32) (val)) & 0xff); \ + } while (0) + +#define WPA_GET_BE32(a) ((((u32) (a)[0]) << 24) | (((u32) (a)[1]) << 16) | \ + (((u32) (a)[2]) << 8) | ((u32) (a)[3])) +#define WPA_PUT_BE32(a, val) \ + do { \ + (a)[0] = (u8) (((u32) (val)) >> 24); \ + (a)[1] = (u8) (((u32) (val)) >> 16); \ + (a)[2] = (u8) (((u32) (val)) >> 8); \ + (a)[3] = (u8) (((u32) (val)) & 0xff); \ + } while (0) + +#define WPA_PUT_BE64(a, val) \ + do { \ + (a)[0] = (u8) (((u64) (val)) >> 56); \ + (a)[1] = (u8) (((u64) (val)) >> 48); \ + (a)[2] = (u8) (((u64) (val)) >> 40); \ + (a)[3] = (u8) (((u64) (val)) >> 32); \ + (a)[4] = (u8) (((u64) (val)) >> 24); \ + (a)[5] = (u8) (((u64) (val)) >> 16); \ + (a)[6] = (u8) (((u64) (val)) >> 8); \ + (a)[7] = (u8) (((u64) (val)) & 0xff); \ + } while (0) + + +#ifndef ETH_ALEN +#define ETH_ALEN 6 +#endif + +#ifdef _MSC_VER +typedef UINT64 u64; +typedef UINT32 u32; +typedef UINT16 u16; +typedef UINT8 u8; +typedef INT64 s64; +typedef INT32 s32; +typedef INT16 s16; +typedef INT8 s8; +#define WPA_TYPES_DEFINED +#endif /* _MSC_VER */ + +#ifdef __vxworks +typedef unsigned long long u64; +typedef UINT32 u32; +typedef UINT16 u16; +typedef UINT8 u8; +typedef long long s64; +typedef INT32 s32; +typedef INT16 s16; +typedef INT8 s8; +#define WPA_TYPES_DEFINED +#endif /* __vxworks */ + +#ifdef CONFIG_TI_COMPILER +#ifdef _LLONG_AVAILABLE +typedef unsigned long long u64; +#else +/* + * TODO: 64-bit variable not available. Using long as a workaround to test the + * build, but this will likely not work for all operations. + */ +typedef unsigned long u64; +#endif +typedef unsigned int u32; +typedef unsigned short u16; +typedef unsigned char u8; +#define WPA_TYPES_DEFINED +#endif /* CONFIG_TI_COMPILER */ + +#ifndef WPA_TYPES_DEFINED +#ifdef CONFIG_USE_INTTYPES_H +#include +#else +#include +#endif +typedef uint64_t u64; +typedef uint32_t u32; +typedef uint16_t u16; +typedef uint8_t u8; +typedef int64_t s64; +typedef int32_t s32; +typedef int16_t s16; +typedef int8_t s8; +#define WPA_TYPES_DEFINED +#endif /* !WPA_TYPES_DEFINED */ + +#define hostapd_get_rand os_get_random +int hwaddr_aton(const char *txt, u8 *addr); +int hexstr2bin(const char *hex, u8 *buf, size_t len); +void inc_byte_array(u8 *counter, size_t len); +void wpa_get_ntp_timestamp(u8 *buf); + + +#ifdef __GNUC__ +#define PRINTF_FORMAT(a,b) __attribute__ ((format (printf, (a), (b)))) +#define STRUCT_PACKED __attribute__ ((packed)) +#else +#define PRINTF_FORMAT(a,b) +#define STRUCT_PACKED +#endif + + +/* Debugging function - conditional printf and hex dump. Driver wrappers can + * use these for debugging purposes. */ + +enum { MSG_MSGDUMP, MSG_DEBUG, MSG_INFO, MSG_WARNING, MSG_ERROR }; + +#ifdef CONFIG_NO_STDOUT_DEBUG + +#define wpa_debug_print_timestamp() do { } while (0) +#define wpa_printf(args...) do { } while (0) +#define wpa_hexdump(l,t,b,le) do { } while (0) +#define wpa_hexdump_key(l,t,b,le) do { } while (0) +#define wpa_hexdump_ascii(l,t,b,le) do { } while (0) +#define wpa_hexdump_ascii_key(l,t,b,le) do { } while (0) +#define wpa_debug_open_file() do { } while (0) +#define wpa_debug_close_file() do { } while (0) + +#else /* CONFIG_NO_STDOUT_DEBUG */ + +int wpa_debug_open_file(void); +void wpa_debug_close_file(void); + +/** + * wpa_debug_printf_timestamp - Print timestamp for debug output + * + * This function prints a timestamp in . + * format if debug output has been configured to include timestamps in debug + * messages. + */ +void wpa_debug_print_timestamp(void); + +/** + * wpa_printf - conditional printf + * @level: priority level (MSG_*) of the message + * @fmt: printf format string, followed by optional arguments + * + * This function is used to print conditional debugging and error messages. The + * output may be directed to stdout, stderr, and/or syslog based on + * configuration. + * + * Note: New line '\n' is added to the end of the text when printing to stdout. + */ +void wpa_printf(int level, char *fmt, ...) +PRINTF_FORMAT(2, 3); + +/** + * wpa_hexdump - conditional hex dump + * @level: priority level (MSG_*) of the message + * @title: title of for the message + * @buf: data buffer to be dumped + * @len: length of the buf + * + * This function is used to print conditional debugging and error messages. The + * output may be directed to stdout, stderr, and/or syslog based on + * configuration. The contents of buf is printed out has hex dump. + */ +void wpa_hexdump(int level, const char *title, const u8 *buf, size_t len); + +/** + * wpa_hexdump_key - conditional hex dump, hide keys + * @level: priority level (MSG_*) of the message + * @title: title of for the message + * @buf: data buffer to be dumped + * @len: length of the buf + * + * This function is used to print conditional debugging and error messages. The + * output may be directed to stdout, stderr, and/or syslog based on + * configuration. The contents of buf is printed out has hex dump. This works + * like wpa_hexdump(), but by default, does not include secret keys (passwords, + * etc.) in debug output. + */ +void wpa_hexdump_key(int level, const char *title, const u8 *buf, size_t len); + +/** + * wpa_hexdump_ascii - conditional hex dump + * @level: priority level (MSG_*) of the message + * @title: title of for the message + * @buf: data buffer to be dumped + * @len: length of the buf + * + * This function is used to print conditional debugging and error messages. The + * output may be directed to stdout, stderr, and/or syslog based on + * configuration. The contents of buf is printed out has hex dump with both + * the hex numbers and ASCII characters (for printable range) are shown. 16 + * bytes per line will be shown. + */ +void wpa_hexdump_ascii(int level, const char *title, const u8 *buf, + size_t len); + +/** + * wpa_hexdump_ascii_key - conditional hex dump, hide keys + * @level: priority level (MSG_*) of the message + * @title: title of for the message + * @buf: data buffer to be dumped + * @len: length of the buf + * + * This function is used to print conditional debugging and error messages. The + * output may be directed to stdout, stderr, and/or syslog based on + * configuration. The contents of buf is printed out has hex dump with both + * the hex numbers and ASCII characters (for printable range) are shown. 16 + * bytes per line will be shown. This works like wpa_hexdump_ascii(), but by + * default, does not include secret keys (passwords, etc.) in debug output. + */ +void wpa_hexdump_ascii_key(int level, const char *title, const u8 *buf, + size_t len); + +#endif /* CONFIG_NO_STDOUT_DEBUG */ + + +#ifdef CONFIG_NO_WPA_MSG +#define wpa_msg(args...) do { } while (0) +#define wpa_msg_register_cb(f) do { } while (0) +#else /* CONFIG_NO_WPA_MSG */ +/** + * wpa_msg - Conditional printf for default target and ctrl_iface monitors + * @ctx: Pointer to context data; this is the ctx variable registered + * with struct wpa_driver_ops::init() + * @level: priority level (MSG_*) of the message + * @fmt: printf format string, followed by optional arguments + * + * This function is used to print conditional debugging and error messages. The + * output may be directed to stdout, stderr, and/or syslog based on + * configuration. This function is like wpa_printf(), but it also sends the + * same message to all attached ctrl_iface monitors. + * + * Note: New line '\n' is added to the end of the text when printing to stdout. + */ +void wpa_msg(void *ctx, int level, char *fmt, ...) PRINTF_FORMAT(3, 4); + +typedef void (*wpa_msg_cb_func)(void *ctx, int level, const char *txt, + size_t len); + +/** + * wpa_msg_register_cb - Register callback function for wpa_msg() messages + * @func: Callback function (%NULL to unregister) + */ +void wpa_msg_register_cb(wpa_msg_cb_func func); +#endif /* CONFIG_NO_WPA_MSG */ + + +int wpa_snprintf_hex(char *buf, size_t buf_size, const u8 *data, size_t len); +int wpa_snprintf_hex_uppercase(char *buf, size_t buf_size, const u8 *data, + size_t len); + + +#ifdef EAPOL_TEST +#define WPA_ASSERT(a) \ + do { \ + if (!(a)) { \ + printf("WPA_ASSERT FAILED '" #a "' " \ + "%s %s:%d\n", \ + __FUNCTION__, __FILE__, __LINE__); \ + exit(1); \ + } \ + } while (0) +#else +#define WPA_ASSERT(a) do { } while (0) +#endif + + +#ifdef _MSC_VER +#undef vsnprintf +#define vsnprintf _vsnprintf +#undef close +#define close closesocket +#endif /* _MSC_VER */ + + +#ifdef CONFIG_ANSI_C_EXTRA + +#if !defined(_MSC_VER) || _MSC_VER < 1400 +/* snprintf - used in number of places; sprintf() is _not_ a good replacement + * due to possible buffer overflow; see, e.g., + * http://www.ijs.si/software/snprintf/ for portable implementation of + * snprintf. */ +int snprintf(char *str, size_t size, const char *format, ...); + +/* vsnprintf - only used for wpa_msg() in wpa_supplicant.c */ +int vsnprintf(char *str, size_t size, const char *format, va_list ap); +#endif /* !defined(_MSC_VER) || _MSC_VER < 1400 */ + +/* getopt - only used in main.c */ +int getopt(int argc, char *const argv[], const char *optstring); +extern char *optarg; +extern int optind; + +#ifndef CONFIG_NO_SOCKLEN_T_TYPEDEF +#ifndef __socklen_t_defined +typedef int socklen_t; +#endif +#endif + +/* inline - define as __inline or just define it to be empty, if needed */ +#ifdef CONFIG_NO_INLINE +#define inline +#else +#define inline __inline +#endif + +#ifndef __func__ +#define __func__ "__func__ not defined" +#endif + +#ifndef bswap_16 +#define bswap_16(a) ((((u16) (a) << 8) & 0xff00) | (((u16) (a) >> 8) & 0xff)) +#endif + +#ifndef bswap_32 +#define bswap_32(a) ((((u32) (a) << 24) & 0xff000000) | \ + (((u32) (a) << 8) & 0xff0000) | \ + (((u32) (a) >> 8) & 0xff00) | \ + (((u32) (a) >> 24) & 0xff)) +#endif + +#ifndef MSG_DONTWAIT +#define MSG_DONTWAIT 0 +#endif + +#ifdef _WIN32_WCE +void perror(const char *s); +#endif /* _WIN32_WCE */ + +#endif /* CONFIG_ANSI_C_EXTRA */ + +#define wpa_zalloc(s) os_zalloc((s)) + +#ifdef CONFIG_NATIVE_WINDOWS +void wpa_unicode2ascii_inplace(TCHAR *str); +TCHAR * wpa_strdup_tchar(const char *str); +#else /* CONFIG_NATIVE_WINDOWS */ +#define wpa_unicode2ascii_inplace(s) do { } while (0) +#define wpa_strdup_tchar(s) strdup((s)) +#endif /* CONFIG_NATIVE_WINDOWS */ + +const char * wpa_ssid_txt(u8 *ssid, size_t ssid_len); + +typedef u32 __be32; +typedef u64 __be64; + +#endif /* COMMON_H */ diff --git a/contrib/hostapd-0.5.8/config.c b/contrib/hostapd-0.5.8/config.c new file mode 100644 index 0000000000..d1b2ba3fa5 --- /dev/null +++ b/contrib/hostapd-0.5.8/config.c @@ -0,0 +1,1994 @@ +/* + * hostapd / Configuration file + * Copyright (c) 2003-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" +#ifndef CONFIG_NATIVE_WINDOWS +#include +#endif /* CONFIG_NATIVE_WINDOWS */ + +#include "hostapd.h" +#include "driver.h" +#include "sha1.h" +#include "eap.h" +#include "radius_client.h" +#include "wpa_common.h" + + +#define MAX_STA_COUNT 2007 + + +static int hostapd_config_read_vlan_file(struct hostapd_bss_config *bss, + const char *fname) +{ + FILE *f; + char buf[128], *pos, *pos2; + int line = 0, vlan_id; + struct hostapd_vlan *vlan; + + f = fopen(fname, "r"); + if (!f) { + printf("VLAN file '%s' not readable.\n", fname); + return -1; + } + + while (fgets(buf, sizeof(buf), f)) { + line++; + + if (buf[0] == '#') + continue; + pos = buf; + while (*pos != '\0') { + if (*pos == '\n') { + *pos = '\0'; + break; + } + pos++; + } + if (buf[0] == '\0') + continue; + + if (buf[0] == '*') { + vlan_id = VLAN_ID_WILDCARD; + pos = buf + 1; + } else { + vlan_id = strtol(buf, &pos, 10); + if (buf == pos || vlan_id < 1 || + vlan_id > MAX_VLAN_ID) { + printf("Invalid VLAN ID at line %d in '%s'\n", + line, fname); + fclose(f); + return -1; + } + } + + while (*pos == ' ' || *pos == '\t') + pos++; + pos2 = pos; + while (*pos2 != ' ' && *pos2 != '\t' && *pos2 != '\0') + pos2++; + *pos2 = '\0'; + if (*pos == '\0' || strlen(pos) > IFNAMSIZ) { + printf("Invalid VLAN ifname at line %d in '%s'\n", + line, fname); + fclose(f); + return -1; + } + + vlan = malloc(sizeof(*vlan)); + if (vlan == NULL) { + printf("Out of memory while reading VLAN interfaces " + "from '%s'\n", fname); + fclose(f); + return -1; + } + + memset(vlan, 0, sizeof(*vlan)); + vlan->vlan_id = vlan_id; + strncpy(vlan->ifname, pos, sizeof(vlan->ifname)); + if (bss->vlan_tail) + bss->vlan_tail->next = vlan; + else + bss->vlan = vlan; + bss->vlan_tail = vlan; + } + + fclose(f); + + return 0; +} + + +static void hostapd_config_free_vlan(struct hostapd_bss_config *bss) +{ + struct hostapd_vlan *vlan, *prev; + + vlan = bss->vlan; + prev = NULL; + while (vlan) { + prev = vlan; + vlan = vlan->next; + free(prev); + } + + bss->vlan = NULL; +} + + +/* convert floats with one decimal place to value*10 int, i.e., + * "1.5" will return 15 */ +static int hostapd_config_read_int10(const char *value) +{ + int i, d; + char *pos; + + i = atoi(value); + pos = strchr(value, '.'); + d = 0; + if (pos) { + pos++; + if (*pos >= '0' && *pos <= '9') + d = *pos - '0'; + } + + return i * 10 + d; +} + + +static void hostapd_config_defaults_bss(struct hostapd_bss_config *bss) +{ + bss->logger_syslog_level = HOSTAPD_LEVEL_INFO; + bss->logger_stdout_level = HOSTAPD_LEVEL_INFO; + bss->logger_syslog = (unsigned int) -1; + bss->logger_stdout = (unsigned int) -1; + + bss->auth_algs = HOSTAPD_AUTH_OPEN | HOSTAPD_AUTH_SHARED_KEY; + + bss->wep_rekeying_period = 300; + /* use key0 in individual key and key1 in broadcast key */ + bss->broadcast_key_idx_min = 1; + bss->broadcast_key_idx_max = 2; + bss->eap_reauth_period = 3600; + + bss->wpa_group_rekey = 600; + bss->wpa_gmk_rekey = 86400; + bss->wpa_key_mgmt = WPA_KEY_MGMT_PSK; + bss->wpa_pairwise = WPA_CIPHER_TKIP; + bss->wpa_group = WPA_CIPHER_TKIP; + + bss->max_num_sta = MAX_STA_COUNT; + + bss->dtim_period = 2; + + bss->radius_server_auth_port = 1812; + bss->ap_max_inactivity = AP_MAX_INACTIVITY; + bss->eapol_version = EAPOL_VERSION; +} + + +static struct hostapd_config * hostapd_config_defaults(void) +{ + struct hostapd_config *conf; + struct hostapd_bss_config *bss; + int i; + const int aCWmin = 15, aCWmax = 1024; + const struct hostapd_wme_ac_params ac_bk = + { aCWmin, aCWmax, 7, 0, 0 }; /* background traffic */ + const struct hostapd_wme_ac_params ac_be = + { aCWmin, aCWmax, 3, 0, 0 }; /* best effort traffic */ + const struct hostapd_wme_ac_params ac_vi = /* video traffic */ + { aCWmin >> 1, aCWmin, 2, 3000 / 32, 1 }; + const struct hostapd_wme_ac_params ac_vo = /* voice traffic */ + { aCWmin >> 2, aCWmin >> 1, 2, 1500 / 32, 1 }; + + conf = wpa_zalloc(sizeof(*conf)); + bss = wpa_zalloc(sizeof(*bss)); + if (conf == NULL || bss == NULL) { + printf("Failed to allocate memory for configuration data.\n"); + free(conf); + free(bss); + return NULL; + } + + /* set default driver based on configuration */ + conf->driver = driver_lookup("default"); + if (conf->driver == NULL) { + printf("No default driver registered!\n"); + free(conf); + free(bss); + return NULL; + } + + bss->radius = wpa_zalloc(sizeof(*bss->radius)); + if (bss->radius == NULL) { + free(conf); + free(bss); + return NULL; + } + + hostapd_config_defaults_bss(bss); + + conf->num_bss = 1; + conf->bss = bss; + + conf->beacon_int = 100; + conf->rts_threshold = -1; /* use driver default: 2347 */ + conf->fragm_threshold = -1; /* user driver default: 2346 */ + conf->send_probe_response = 1; + conf->bridge_packets = INTERNAL_BRIDGE_DO_NOT_CONTROL; + + memcpy(conf->country, "US ", 3); + + for (i = 0; i < NUM_TX_QUEUES; i++) + conf->tx_queue[i].aifs = -1; /* use hw default */ + + conf->wme_ac_params[0] = ac_be; + conf->wme_ac_params[1] = ac_bk; + conf->wme_ac_params[2] = ac_vi; + conf->wme_ac_params[3] = ac_vo; + + return conf; +} + + +static int hostapd_parse_ip_addr(const char *txt, struct hostapd_ip_addr *addr) +{ + if (inet_aton(txt, &addr->u.v4)) { + addr->af = AF_INET; + return 0; + } + +#ifdef CONFIG_IPV6 + if (inet_pton(AF_INET6, txt, &addr->u.v6) > 0) { + addr->af = AF_INET6; + return 0; + } +#endif /* CONFIG_IPV6 */ + + return -1; +} + + +int hostapd_mac_comp(const void *a, const void *b) +{ + return memcmp(a, b, sizeof(macaddr)); +} + + +int hostapd_mac_comp_empty(const void *a) +{ + macaddr empty = { 0 }; + return memcmp(a, empty, sizeof(macaddr)); +} + + +static int hostapd_config_read_maclist(const char *fname, macaddr **acl, + int *num) +{ + FILE *f; + char buf[128], *pos; + int line = 0; + u8 addr[ETH_ALEN]; + macaddr *newacl; + + if (!fname) + return 0; + + f = fopen(fname, "r"); + if (!f) { + printf("MAC list file '%s' not found.\n", fname); + return -1; + } + + while (fgets(buf, sizeof(buf), f)) { + line++; + + if (buf[0] == '#') + continue; + pos = buf; + while (*pos != '\0') { + if (*pos == '\n') { + *pos = '\0'; + break; + } + pos++; + } + if (buf[0] == '\0') + continue; + + if (hwaddr_aton(buf, addr)) { + printf("Invalid MAC address '%s' at line %d in '%s'\n", + buf, line, fname); + fclose(f); + return -1; + } + + newacl = (macaddr *) realloc(*acl, (*num + 1) * ETH_ALEN); + if (newacl == NULL) { + printf("MAC list reallocation failed\n"); + fclose(f); + return -1; + } + + *acl = newacl; + memcpy((*acl)[*num], addr, ETH_ALEN); + (*num)++; + } + + fclose(f); + + qsort(*acl, *num, sizeof(macaddr), hostapd_mac_comp); + + return 0; +} + + +static int hostapd_config_read_wpa_psk(const char *fname, + struct hostapd_ssid *ssid) +{ + FILE *f; + char buf[128], *pos; + int line = 0, ret = 0, len, ok; + u8 addr[ETH_ALEN]; + struct hostapd_wpa_psk *psk; + + if (!fname) + return 0; + + f = fopen(fname, "r"); + if (!f) { + printf("WPA PSK file '%s' not found.\n", fname); + return -1; + } + + while (fgets(buf, sizeof(buf), f)) { + line++; + + if (buf[0] == '#') + continue; + pos = buf; + while (*pos != '\0') { + if (*pos == '\n') { + *pos = '\0'; + break; + } + pos++; + } + if (buf[0] == '\0') + continue; + + if (hwaddr_aton(buf, addr)) { + printf("Invalid MAC address '%s' on line %d in '%s'\n", + buf, line, fname); + ret = -1; + break; + } + + psk = wpa_zalloc(sizeof(*psk)); + if (psk == NULL) { + printf("WPA PSK allocation failed\n"); + ret = -1; + break; + } + if (memcmp(addr, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0) + psk->group = 1; + else + memcpy(psk->addr, addr, ETH_ALEN); + + pos = buf + 17; + if (pos == '\0') { + printf("No PSK on line %d in '%s'\n", line, fname); + free(psk); + ret = -1; + break; + } + pos++; + + ok = 0; + len = strlen(pos); + if (len == 64 && hexstr2bin(pos, psk->psk, PMK_LEN) == 0) + ok = 1; + else if (len >= 8 && len < 64) { + pbkdf2_sha1(pos, ssid->ssid, ssid->ssid_len, + 4096, psk->psk, PMK_LEN); + ok = 1; + } + if (!ok) { + printf("Invalid PSK '%s' on line %d in '%s'\n", + pos, line, fname); + free(psk); + ret = -1; + break; + } + + psk->next = ssid->wpa_psk; + ssid->wpa_psk = psk; + } + + fclose(f); + + return ret; +} + + +int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf) +{ + struct hostapd_ssid *ssid = &conf->ssid; + + if (ssid->wpa_passphrase != NULL) { + if (ssid->wpa_psk != NULL) { + printf("Warning: both WPA PSK and passphrase set. " + "Using passphrase.\n"); + free(ssid->wpa_psk); + } + ssid->wpa_psk = wpa_zalloc(sizeof(struct hostapd_wpa_psk)); + if (ssid->wpa_psk == NULL) { + printf("Unable to alloc space for PSK\n"); + return -1; + } + wpa_hexdump_ascii(MSG_DEBUG, "SSID", + (u8 *) ssid->ssid, ssid->ssid_len); + wpa_hexdump_ascii(MSG_DEBUG, "PSK (ASCII passphrase)", + (u8 *) ssid->wpa_passphrase, + strlen(ssid->wpa_passphrase)); + pbkdf2_sha1(ssid->wpa_passphrase, + ssid->ssid, ssid->ssid_len, + 4096, ssid->wpa_psk->psk, PMK_LEN); + wpa_hexdump(MSG_DEBUG, "PSK (from passphrase)", + ssid->wpa_psk->psk, PMK_LEN); + ssid->wpa_psk->group = 1; + + memset(ssid->wpa_passphrase, 0, + strlen(ssid->wpa_passphrase)); + free(ssid->wpa_passphrase); + ssid->wpa_passphrase = NULL; + } + + if (ssid->wpa_psk_file) { + if (hostapd_config_read_wpa_psk(ssid->wpa_psk_file, + &conf->ssid)) + return -1; + free(ssid->wpa_psk_file); + ssid->wpa_psk_file = NULL; + } + + return 0; +} + + +#ifdef EAP_SERVER +static int hostapd_config_read_eap_user(const char *fname, + struct hostapd_bss_config *conf) +{ + FILE *f; + char buf[512], *pos, *start, *pos2; + int line = 0, ret = 0, num_methods; + struct hostapd_eap_user *user, *tail = NULL; + + if (!fname) + return 0; + + f = fopen(fname, "r"); + if (!f) { + printf("EAP user file '%s' not found.\n", fname); + return -1; + } + + /* Lines: "user" METHOD,METHOD2 "password" (password optional) */ + while (fgets(buf, sizeof(buf), f)) { + line++; + + if (buf[0] == '#') + continue; + pos = buf; + while (*pos != '\0') { + if (*pos == '\n') { + *pos = '\0'; + break; + } + pos++; + } + if (buf[0] == '\0') + continue; + + user = NULL; + + if (buf[0] != '"' && buf[0] != '*') { + printf("Invalid EAP identity (no \" in start) on " + "line %d in '%s'\n", line, fname); + goto failed; + } + + user = wpa_zalloc(sizeof(*user)); + if (user == NULL) { + printf("EAP user allocation failed\n"); + goto failed; + } + user->force_version = -1; + + if (buf[0] == '*') { + pos = buf; + } else { + pos = buf + 1; + start = pos; + while (*pos != '"' && *pos != '\0') + pos++; + if (*pos == '\0') { + printf("Invalid EAP identity (no \" in end) on" + " line %d in '%s'\n", line, fname); + goto failed; + } + + user->identity = malloc(pos - start); + if (user->identity == NULL) { + printf("Failed to allocate memory for EAP " + "identity\n"); + goto failed; + } + memcpy(user->identity, start, pos - start); + user->identity_len = pos - start; + + if (pos[0] == '"' && pos[1] == '*') { + user->wildcard_prefix = 1; + pos++; + } + } + pos++; + while (*pos == ' ' || *pos == '\t') + pos++; + + if (*pos == '\0') { + printf("No EAP method on line %d in '%s'\n", + line, fname); + goto failed; + } + + start = pos; + while (*pos != ' ' && *pos != '\t' && *pos != '\0') + pos++; + if (*pos == '\0') { + pos = NULL; + } else { + *pos = '\0'; + pos++; + } + num_methods = 0; + while (*start) { + char *pos3 = strchr(start, ','); + if (pos3) { + *pos3++ = '\0'; + } + user->methods[num_methods].method = + eap_get_type(start, &user->methods[num_methods] + .vendor); + if (user->methods[num_methods].vendor == + EAP_VENDOR_IETF && + user->methods[num_methods].method == EAP_TYPE_NONE) + { + printf("Unsupported EAP type '%s' on line %d " + "in '%s'\n", start, line, fname); + goto failed; + } + + num_methods++; + if (num_methods >= EAP_USER_MAX_METHODS) + break; + if (pos3 == NULL) + break; + start = pos3; + } + if (num_methods == 0) { + printf("No EAP types configured on line %d in '%s'\n", + line, fname); + goto failed; + } + + if (pos == NULL) + goto done; + + while (*pos == ' ' || *pos == '\t') + pos++; + if (*pos == '\0') + goto done; + + if (strncmp(pos, "[ver=0]", 7) == 0) { + user->force_version = 0; + goto done; + } + + if (strncmp(pos, "[ver=1]", 7) == 0) { + user->force_version = 1; + goto done; + } + + if (strncmp(pos, "[2]", 3) == 0) { + user->phase2 = 1; + goto done; + } + + if (*pos == '"') { + pos++; + start = pos; + while (*pos != '"' && *pos != '\0') + pos++; + if (*pos == '\0') { + printf("Invalid EAP password (no \" in end) " + "on line %d in '%s'\n", line, fname); + goto failed; + } + + user->password = malloc(pos - start); + if (user->password == NULL) { + printf("Failed to allocate memory for EAP " + "password\n"); + goto failed; + } + memcpy(user->password, start, pos - start); + user->password_len = pos - start; + + pos++; + } else if (strncmp(pos, "hash:", 5) == 0) { + pos += 5; + pos2 = pos; + while (*pos2 != '\0' && *pos2 != ' ' && + *pos2 != '\t' && *pos2 != '#') + pos2++; + if (pos2 - pos != 32) { + printf("Invalid password hash on line %d in " + "'%s'\n", line, fname); + goto failed; + } + user->password = malloc(16); + if (user->password == NULL) { + printf("Failed to allocate memory for EAP " + "password hash\n"); + goto failed; + } + if (hexstr2bin(pos, user->password, 16) < 0) { + printf("Invalid hash password on line %d in " + "'%s'\n", line, fname); + goto failed; + } + user->password_len = 16; + user->password_hash = 1; + pos = pos2; + } else { + pos2 = pos; + while (*pos2 != '\0' && *pos2 != ' ' && + *pos2 != '\t' && *pos2 != '#') + pos2++; + if ((pos2 - pos) & 1) { + printf("Invalid hex password on line %d in " + "'%s'\n", line, fname); + goto failed; + } + user->password = malloc((pos2 - pos) / 2); + if (user->password == NULL) { + printf("Failed to allocate memory for EAP " + "password\n"); + goto failed; + } + if (hexstr2bin(pos, user->password, + (pos2 - pos) / 2) < 0) { + printf("Invalid hex password on line %d in " + "'%s'\n", line, fname); + goto failed; + } + user->password_len = (pos2 - pos) / 2; + pos = pos2; + } + + while (*pos == ' ' || *pos == '\t') + pos++; + if (strncmp(pos, "[2]", 3) == 0) { + user->phase2 = 1; + } + + done: + if (tail == NULL) { + tail = conf->eap_user = user; + } else { + tail->next = user; + tail = user; + } + continue; + + failed: + if (user) { + free(user->password); + free(user->identity); + free(user); + } + ret = -1; + break; + } + + fclose(f); + + return ret; +} +#endif /* EAP_SERVER */ + + +static int +hostapd_config_read_radius_addr(struct hostapd_radius_server **server, + int *num_server, const char *val, int def_port, + struct hostapd_radius_server **curr_serv) +{ + struct hostapd_radius_server *nserv; + int ret; + static int server_index = 1; + + nserv = realloc(*server, (*num_server + 1) * sizeof(*nserv)); + if (nserv == NULL) + return -1; + + *server = nserv; + nserv = &nserv[*num_server]; + (*num_server)++; + (*curr_serv) = nserv; + + memset(nserv, 0, sizeof(*nserv)); + nserv->port = def_port; + ret = hostapd_parse_ip_addr(val, &nserv->addr); + nserv->index = server_index++; + + return ret; +} + + +static int hostapd_config_parse_key_mgmt(int line, const char *value) +{ + int val = 0, last; + char *start, *end, *buf; + + buf = strdup(value); + if (buf == NULL) + return -1; + start = buf; + + while (start != '\0') { + while (*start == ' ' || *start == '\t') + start++; + if (*start == '\0') + break; + end = start; + while (*end != ' ' && *end != '\t' && *end != '\0') + end++; + last = *end == '\0'; + *end = '\0'; + if (strcmp(start, "WPA-PSK") == 0) + val |= WPA_KEY_MGMT_PSK; + else if (strcmp(start, "WPA-EAP") == 0) + val |= WPA_KEY_MGMT_IEEE8021X; + else { + printf("Line %d: invalid key_mgmt '%s'\n", + line, start); + free(buf); + return -1; + } + + if (last) + break; + start = end + 1; + } + + free(buf); + if (val == 0) { + printf("Line %d: no key_mgmt values configured.\n", line); + return -1; + } + + return val; +} + + +static int hostapd_config_parse_cipher(int line, const char *value) +{ + int val = 0, last; + char *start, *end, *buf; + + buf = strdup(value); + if (buf == NULL) + return -1; + start = buf; + + while (start != '\0') { + while (*start == ' ' || *start == '\t') + start++; + if (*start == '\0') + break; + end = start; + while (*end != ' ' && *end != '\t' && *end != '\0') + end++; + last = *end == '\0'; + *end = '\0'; + if (strcmp(start, "CCMP") == 0) + val |= WPA_CIPHER_CCMP; + else if (strcmp(start, "TKIP") == 0) + val |= WPA_CIPHER_TKIP; + else if (strcmp(start, "WEP104") == 0) + val |= WPA_CIPHER_WEP104; + else if (strcmp(start, "WEP40") == 0) + val |= WPA_CIPHER_WEP40; + else if (strcmp(start, "NONE") == 0) + val |= WPA_CIPHER_NONE; + else { + printf("Line %d: invalid cipher '%s'.", line, start); + free(buf); + return -1; + } + + if (last) + break; + start = end + 1; + } + free(buf); + + if (val == 0) { + printf("Line %d: no cipher values configured.", line); + return -1; + } + return val; +} + + +static int hostapd_config_check_bss(struct hostapd_bss_config *bss, + struct hostapd_config *conf) +{ + if (bss->ieee802_1x && !bss->eap_server && + !bss->radius->auth_servers) { + printf("Invalid IEEE 802.1X configuration (no EAP " + "authenticator configured).\n"); + return -1; + } + + if (bss->wpa && (bss->wpa_key_mgmt & WPA_KEY_MGMT_PSK) && + bss->ssid.wpa_psk == NULL && bss->ssid.wpa_passphrase == NULL && + bss->ssid.wpa_psk_file == NULL) { + printf("WPA-PSK enabled, but PSK or passphrase is not " + "configured.\n"); + return -1; + } + + if (hostapd_mac_comp_empty(bss->bssid) != 0) { + size_t i; + + for (i = 0; i < conf->num_bss; i++) { + if ((&conf->bss[i] != bss) && + (hostapd_mac_comp(conf->bss[i].bssid, + bss->bssid) == 0)) { + printf("Duplicate BSSID " MACSTR + " on interface '%s' and '%s'.\n", + MAC2STR(bss->bssid), + conf->bss[i].iface, bss->iface); + return -1; + } + } + } + + return 0; +} + + +static int hostapd_config_check(struct hostapd_config *conf) +{ + size_t i; + + for (i = 0; i < conf->num_bss; i++) { + if (hostapd_config_check_bss(&conf->bss[i], conf)) + return -1; + } + + return 0; +} + + +static int hostapd_config_read_wep(struct hostapd_wep_keys *wep, int keyidx, + char *val) +{ + size_t len = strlen(val); + + if (keyidx < 0 || keyidx > 3 || wep->key[keyidx] != NULL) + return -1; + + if (val[0] == '"') { + if (len < 2 || val[len - 1] != '"') + return -1; + len -= 2; + wep->key[keyidx] = malloc(len); + if (wep->key[keyidx] == NULL) + return -1; + memcpy(wep->key[keyidx], val + 1, len); + wep->len[keyidx] = len; + } else { + if (len & 1) + return -1; + len /= 2; + wep->key[keyidx] = malloc(len); + if (wep->key[keyidx] == NULL) + return -1; + wep->len[keyidx] = len; + if (hexstr2bin(val, wep->key[keyidx], len) < 0) + return -1; + } + + wep->keys_set++; + + return 0; +} + + +static int hostapd_parse_rates(int **rate_list, char *val) +{ + int *list; + int count; + char *pos, *end; + + free(*rate_list); + *rate_list = NULL; + + pos = val; + count = 0; + while (*pos != '\0') { + if (*pos == ' ') + count++; + pos++; + } + + list = malloc(sizeof(int) * (count + 2)); + if (list == NULL) + return -1; + pos = val; + count = 0; + while (*pos != '\0') { + end = strchr(pos, ' '); + if (end) + *end = '\0'; + + list[count++] = atoi(pos); + if (!end) + break; + pos = end + 1; + } + list[count] = -1; + + *rate_list = list; + return 0; +} + + +static int hostapd_config_bss(struct hostapd_config *conf, const char *ifname) +{ + struct hostapd_bss_config *bss; + + if (*ifname == '\0') + return -1; + + bss = realloc(conf->bss, (conf->num_bss + 1) * + sizeof(struct hostapd_bss_config)); + if (bss == NULL) { + printf("Failed to allocate memory for multi-BSS entry\n"); + return -1; + } + conf->bss = bss; + + bss = &(conf->bss[conf->num_bss]); + memset(bss, 0, sizeof(*bss)); + bss->radius = wpa_zalloc(sizeof(*bss->radius)); + if (bss->radius == NULL) { + printf("Failed to allocate memory for multi-BSS RADIUS " + "data\n"); + return -1; + } + + conf->num_bss++; + conf->last_bss = bss; + + hostapd_config_defaults_bss(bss); + snprintf(bss->iface, sizeof(bss->iface), "%s", ifname); + memcpy(bss->ssid.vlan, bss->iface, IFNAMSIZ + 1); + + return 0; +} + + +static int valid_cw(int cw) +{ + return (cw == 1 || cw == 3 || cw == 7 || cw == 15 || cw == 31 || + cw == 63 || cw == 127 || cw == 255 || cw == 511 || cw == 1023); +} + + +enum { + IEEE80211_TX_QUEUE_DATA0 = 0, /* used for EDCA AC_VO data */ + IEEE80211_TX_QUEUE_DATA1 = 1, /* used for EDCA AC_VI data */ + IEEE80211_TX_QUEUE_DATA2 = 2, /* used for EDCA AC_BE data */ + IEEE80211_TX_QUEUE_DATA3 = 3, /* used for EDCA AC_BK data */ + IEEE80211_TX_QUEUE_DATA4 = 4, + IEEE80211_TX_QUEUE_AFTER_BEACON = 6, + IEEE80211_TX_QUEUE_BEACON = 7 +}; + +static int hostapd_config_tx_queue(struct hostapd_config *conf, char *name, + char *val) +{ + int num; + char *pos; + struct hostapd_tx_queue_params *queue; + + /* skip 'tx_queue_' prefix */ + pos = name + 9; + if (strncmp(pos, "data", 4) == 0 && + pos[4] >= '0' && pos[4] <= '9' && pos[5] == '_') { + num = pos[4] - '0'; + pos += 6; + } else if (strncmp(pos, "after_beacon_", 13) == 0) { + num = IEEE80211_TX_QUEUE_AFTER_BEACON; + pos += 13; + } else if (strncmp(pos, "beacon_", 7) == 0) { + num = IEEE80211_TX_QUEUE_BEACON; + pos += 7; + } else { + printf("Unknown tx_queue name '%s'\n", pos); + return -1; + } + + queue = &conf->tx_queue[num]; + + if (strcmp(pos, "aifs") == 0) { + queue->aifs = atoi(val); + if (queue->aifs < 0 || queue->aifs > 255) { + printf("Invalid AIFS value %d\n", queue->aifs); + return -1; + } + } else if (strcmp(pos, "cwmin") == 0) { + queue->cwmin = atoi(val); + if (!valid_cw(queue->cwmin)) { + printf("Invalid cwMin value %d\n", queue->cwmin); + return -1; + } + } else if (strcmp(pos, "cwmax") == 0) { + queue->cwmax = atoi(val); + if (!valid_cw(queue->cwmax)) { + printf("Invalid cwMax value %d\n", queue->cwmax); + return -1; + } + } else if (strcmp(pos, "burst") == 0) { + queue->burst = hostapd_config_read_int10(val); + } else { + printf("Unknown tx_queue field '%s'\n", pos); + return -1; + } + + queue->configured = 1; + + return 0; +} + + +static int hostapd_config_wme_ac(struct hostapd_config *conf, char *name, + char *val) +{ + int num, v; + char *pos; + struct hostapd_wme_ac_params *ac; + + /* skip 'wme_ac_' prefix */ + pos = name + 7; + if (strncmp(pos, "be_", 3) == 0) { + num = 0; + pos += 3; + } else if (strncmp(pos, "bk_", 3) == 0) { + num = 1; + pos += 3; + } else if (strncmp(pos, "vi_", 3) == 0) { + num = 2; + pos += 3; + } else if (strncmp(pos, "vo_", 3) == 0) { + num = 3; + pos += 3; + } else { + printf("Unknown wme name '%s'\n", pos); + return -1; + } + + ac = &conf->wme_ac_params[num]; + + if (strcmp(pos, "aifs") == 0) { + v = atoi(val); + if (v < 1 || v > 255) { + printf("Invalid AIFS value %d\n", v); + return -1; + } + ac->aifs = v; + } else if (strcmp(pos, "cwmin") == 0) { + v = atoi(val); + if (v < 0 || v > 12) { + printf("Invalid cwMin value %d\n", v); + return -1; + } + ac->cwmin = v; + } else if (strcmp(pos, "cwmax") == 0) { + v = atoi(val); + if (v < 0 || v > 12) { + printf("Invalid cwMax value %d\n", v); + return -1; + } + ac->cwmax = v; + } else if (strcmp(pos, "txop_limit") == 0) { + v = atoi(val); + if (v < 0 || v > 0xffff) { + printf("Invalid txop value %d\n", v); + return -1; + } + ac->txopLimit = v; + } else if (strcmp(pos, "acm") == 0) { + v = atoi(val); + if (v < 0 || v > 1) { + printf("Invalid acm value %d\n", v); + return -1; + } + ac->admission_control_mandatory = v; + } else { + printf("Unknown wme_ac_ field '%s'\n", pos); + return -1; + } + + return 0; +} + + +struct hostapd_config * hostapd_config_read(const char *fname) +{ + struct hostapd_config *conf; + struct hostapd_bss_config *bss; + FILE *f; + char buf[256], *pos; + int line = 0; + int errors = 0; + size_t i; + + f = fopen(fname, "r"); + if (f == NULL) { + printf("Could not open configuration file '%s' for reading.\n", + fname); + return NULL; + } + + conf = hostapd_config_defaults(); + if (conf == NULL) { + fclose(f); + return NULL; + } + bss = conf->last_bss = conf->bss; + + while (fgets(buf, sizeof(buf), f)) { + bss = conf->last_bss; + line++; + + if (buf[0] == '#') + continue; + pos = buf; + while (*pos != '\0') { + if (*pos == '\n') { + *pos = '\0'; + break; + } + pos++; + } + if (buf[0] == '\0') + continue; + + pos = strchr(buf, '='); + if (pos == NULL) { + printf("Line %d: invalid line '%s'\n", line, buf); + errors++; + continue; + } + *pos = '\0'; + pos++; + + if (strcmp(buf, "interface") == 0) { + snprintf(conf->bss[0].iface, + sizeof(conf->bss[0].iface), "%s", pos); + } else if (strcmp(buf, "bridge") == 0) { + snprintf(bss->bridge, sizeof(bss->bridge), "%s", pos); + } else if (strcmp(buf, "driver") == 0) { + conf->driver = driver_lookup(pos); + if (conf->driver == NULL) { + printf("Line %d: invalid/unknown driver " + "'%s'\n", line, pos); + errors++; + } + } else if (strcmp(buf, "debug") == 0) { + bss->debug = atoi(pos); + } else if (strcmp(buf, "logger_syslog_level") == 0) { + bss->logger_syslog_level = atoi(pos); + } else if (strcmp(buf, "logger_stdout_level") == 0) { + bss->logger_stdout_level = atoi(pos); + } else if (strcmp(buf, "logger_syslog") == 0) { + bss->logger_syslog = atoi(pos); + } else if (strcmp(buf, "logger_stdout") == 0) { + bss->logger_stdout = atoi(pos); + } else if (strcmp(buf, "dump_file") == 0) { + bss->dump_log_name = strdup(pos); + } else if (strcmp(buf, "ssid") == 0) { + bss->ssid.ssid_len = strlen(pos); + if (bss->ssid.ssid_len > HOSTAPD_MAX_SSID_LEN || + bss->ssid.ssid_len < 1) { + printf("Line %d: invalid SSID '%s'\n", line, + pos); + errors++; + } else { + memcpy(bss->ssid.ssid, pos, + bss->ssid.ssid_len); + bss->ssid.ssid[bss->ssid.ssid_len] = '\0'; + bss->ssid.ssid_set = 1; + } + } else if (strcmp(buf, "macaddr_acl") == 0) { + bss->macaddr_acl = atoi(pos); + if (bss->macaddr_acl != ACCEPT_UNLESS_DENIED && + bss->macaddr_acl != DENY_UNLESS_ACCEPTED && + bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH) { + printf("Line %d: unknown macaddr_acl %d\n", + line, bss->macaddr_acl); + } + } else if (strcmp(buf, "accept_mac_file") == 0) { + if (hostapd_config_read_maclist(pos, &bss->accept_mac, + &bss->num_accept_mac)) + { + printf("Line %d: Failed to read " + "accept_mac_file '%s'\n", + line, pos); + errors++; + } + } else if (strcmp(buf, "deny_mac_file") == 0) { + if (hostapd_config_read_maclist(pos, &bss->deny_mac, + &bss->num_deny_mac)) + { + printf("Line %d: Failed to read " + "deny_mac_file '%s'\n", + line, pos); + errors++; + } + } else if (strcmp(buf, "ap_max_inactivity") == 0) { + bss->ap_max_inactivity = atoi(pos); + } else if (strcmp(buf, "country_code") == 0) { + memcpy(conf->country, pos, 2); + /* FIX: make this configurable */ + conf->country[2] = ' '; + } else if (strcmp(buf, "ieee80211d") == 0) { + conf->ieee80211d = atoi(pos); + } else if (strcmp(buf, "ieee80211h") == 0) { + conf->ieee80211h = atoi(pos); + } else if (strcmp(buf, "assoc_ap_addr") == 0) { + if (hwaddr_aton(pos, bss->assoc_ap_addr)) { + printf("Line %d: invalid MAC address '%s'\n", + line, pos); + errors++; + } + bss->assoc_ap = 1; + } else if (strcmp(buf, "ieee8021x") == 0) { + bss->ieee802_1x = atoi(pos); + } else if (strcmp(buf, "eapol_version") == 0) { + bss->eapol_version = atoi(pos); + if (bss->eapol_version < 1 || + bss->eapol_version > 2) { + printf("Line %d: invalid EAPOL " + "version (%d): '%s'.\n", + line, bss->eapol_version, pos); + errors++; + } else + wpa_printf(MSG_DEBUG, "eapol_version=%d", + bss->eapol_version); +#ifdef EAP_SERVER + } else if (strcmp(buf, "eap_authenticator") == 0) { + bss->eap_server = atoi(pos); + printf("Line %d: obsolete eap_authenticator used; " + "this has been renamed to eap_server\n", line); + } else if (strcmp(buf, "eap_server") == 0) { + bss->eap_server = atoi(pos); + } else if (strcmp(buf, "eap_user_file") == 0) { + if (hostapd_config_read_eap_user(pos, bss)) + errors++; + } else if (strcmp(buf, "ca_cert") == 0) { + free(bss->ca_cert); + bss->ca_cert = strdup(pos); + } else if (strcmp(buf, "server_cert") == 0) { + free(bss->server_cert); + bss->server_cert = strdup(pos); + } else if (strcmp(buf, "private_key") == 0) { + free(bss->private_key); + bss->private_key = strdup(pos); + } else if (strcmp(buf, "private_key_passwd") == 0) { + free(bss->private_key_passwd); + bss->private_key_passwd = strdup(pos); + } else if (strcmp(buf, "check_crl") == 0) { + bss->check_crl = atoi(pos); +#ifdef EAP_SIM + } else if (strcmp(buf, "eap_sim_db") == 0) { + free(bss->eap_sim_db); + bss->eap_sim_db = strdup(pos); +#endif /* EAP_SIM */ +#endif /* EAP_SERVER */ + } else if (strcmp(buf, "eap_message") == 0) { + char *term; + bss->eap_req_id_text = strdup(pos); + if (bss->eap_req_id_text == NULL) { + printf("Line %d: Failed to allocate memory " + "for eap_req_id_text\n", line); + errors++; + continue; + } + bss->eap_req_id_text_len = + strlen(bss->eap_req_id_text); + term = strstr(bss->eap_req_id_text, "\\0"); + if (term) { + *term++ = '\0'; + memmove(term, term + 1, + bss->eap_req_id_text_len - + (term - bss->eap_req_id_text) - 1); + bss->eap_req_id_text_len--; + } + } else if (strcmp(buf, "wep_key_len_broadcast") == 0) { + bss->default_wep_key_len = atoi(pos); + if (bss->default_wep_key_len > 13) { + printf("Line %d: invalid WEP key len %lu " + "(= %lu bits)\n", line, + (unsigned long) + bss->default_wep_key_len, + (unsigned long) + bss->default_wep_key_len * 8); + errors++; + } + } else if (strcmp(buf, "wep_key_len_unicast") == 0) { + bss->individual_wep_key_len = atoi(pos); + if (bss->individual_wep_key_len < 0 || + bss->individual_wep_key_len > 13) { + printf("Line %d: invalid WEP key len %d " + "(= %d bits)\n", line, + bss->individual_wep_key_len, + bss->individual_wep_key_len * 8); + errors++; + } + } else if (strcmp(buf, "wep_rekey_period") == 0) { + bss->wep_rekeying_period = atoi(pos); + if (bss->wep_rekeying_period < 0) { + printf("Line %d: invalid period %d\n", + line, bss->wep_rekeying_period); + errors++; + } + } else if (strcmp(buf, "eap_reauth_period") == 0) { + bss->eap_reauth_period = atoi(pos); + if (bss->eap_reauth_period < 0) { + printf("Line %d: invalid period %d\n", + line, bss->eap_reauth_period); + errors++; + } + } else if (strcmp(buf, "eapol_key_index_workaround") == 0) { + bss->eapol_key_index_workaround = atoi(pos); +#ifdef CONFIG_IAPP + } else if (strcmp(buf, "iapp_interface") == 0) { + bss->ieee802_11f = 1; + snprintf(bss->iapp_iface, sizeof(bss->iapp_iface), + "%s", pos); +#endif /* CONFIG_IAPP */ + } else if (strcmp(buf, "own_ip_addr") == 0) { + if (hostapd_parse_ip_addr(pos, &bss->own_ip_addr)) { + printf("Line %d: invalid IP address '%s'\n", + line, pos); + errors++; + } + } else if (strcmp(buf, "nas_identifier") == 0) { + bss->nas_identifier = strdup(pos); + } else if (strcmp(buf, "auth_server_addr") == 0) { + if (hostapd_config_read_radius_addr( + &bss->radius->auth_servers, + &bss->radius->num_auth_servers, pos, 1812, + &bss->radius->auth_server)) { + printf("Line %d: invalid IP address '%s'\n", + line, pos); + errors++; + } + } else if (bss->radius->auth_server && + strcmp(buf, "auth_server_port") == 0) { + bss->radius->auth_server->port = atoi(pos); + } else if (bss->radius->auth_server && + strcmp(buf, "auth_server_shared_secret") == 0) { + int len = strlen(pos); + if (len == 0) { + /* RFC 2865, Ch. 3 */ + printf("Line %d: empty shared secret is not " + "allowed.\n", line); + errors++; + } + bss->radius->auth_server->shared_secret = + (u8 *) strdup(pos); + bss->radius->auth_server->shared_secret_len = len; + } else if (strcmp(buf, "acct_server_addr") == 0) { + if (hostapd_config_read_radius_addr( + &bss->radius->acct_servers, + &bss->radius->num_acct_servers, pos, 1813, + &bss->radius->acct_server)) { + printf("Line %d: invalid IP address '%s'\n", + line, pos); + errors++; + } + } else if (bss->radius->acct_server && + strcmp(buf, "acct_server_port") == 0) { + bss->radius->acct_server->port = atoi(pos); + } else if (bss->radius->acct_server && + strcmp(buf, "acct_server_shared_secret") == 0) { + int len = strlen(pos); + if (len == 0) { + /* RFC 2865, Ch. 3 */ + printf("Line %d: empty shared secret is not " + "allowed.\n", line); + errors++; + } + bss->radius->acct_server->shared_secret = + (u8 *) strdup(pos); + bss->radius->acct_server->shared_secret_len = len; + } else if (strcmp(buf, "radius_retry_primary_interval") == 0) { + bss->radius->retry_primary_interval = atoi(pos); + } else if (strcmp(buf, "radius_acct_interim_interval") == 0) { + bss->radius->acct_interim_interval = atoi(pos); + } else if (strcmp(buf, "auth_algs") == 0) { + bss->auth_algs = atoi(pos); + if (bss->auth_algs == 0) { + printf("Line %d: no authentication algorithms " + "allowed\n", + line); + errors++; + } + } else if (strcmp(buf, "max_num_sta") == 0) { + bss->max_num_sta = atoi(pos); + if (bss->max_num_sta < 0 || + bss->max_num_sta > MAX_STA_COUNT) { + printf("Line %d: Invalid max_num_sta=%d; " + "allowed range 0..%d\n", line, + bss->max_num_sta, MAX_STA_COUNT); + errors++; + } + } else if (strcmp(buf, "wpa") == 0) { + bss->wpa = atoi(pos); + } else if (strcmp(buf, "wpa_group_rekey") == 0) { + bss->wpa_group_rekey = atoi(pos); + } else if (strcmp(buf, "wpa_strict_rekey") == 0) { + bss->wpa_strict_rekey = atoi(pos); + } else if (strcmp(buf, "wpa_gmk_rekey") == 0) { + bss->wpa_gmk_rekey = atoi(pos); + } else if (strcmp(buf, "wpa_passphrase") == 0) { + int len = strlen(pos); + if (len < 8 || len > 63) { + printf("Line %d: invalid WPA passphrase length" + " %d (expected 8..63)\n", line, len); + errors++; + } else { + free(bss->ssid.wpa_passphrase); + bss->ssid.wpa_passphrase = strdup(pos); + } + } else if (strcmp(buf, "wpa_psk") == 0) { + free(bss->ssid.wpa_psk); + bss->ssid.wpa_psk = + wpa_zalloc(sizeof(struct hostapd_wpa_psk)); + if (bss->ssid.wpa_psk == NULL) + errors++; + else if (hexstr2bin(pos, bss->ssid.wpa_psk->psk, + PMK_LEN) || + pos[PMK_LEN * 2] != '\0') { + printf("Line %d: Invalid PSK '%s'.\n", line, + pos); + errors++; + } else { + bss->ssid.wpa_psk->group = 1; + } + } else if (strcmp(buf, "wpa_psk_file") == 0) { + free(bss->ssid.wpa_psk_file); + bss->ssid.wpa_psk_file = strdup(pos); + if (!bss->ssid.wpa_psk_file) { + printf("Line %d: allocation failed\n", line); + errors++; + } + } else if (strcmp(buf, "wpa_key_mgmt") == 0) { + bss->wpa_key_mgmt = + hostapd_config_parse_key_mgmt(line, pos); + if (bss->wpa_key_mgmt == -1) + errors++; + } else if (strcmp(buf, "wpa_pairwise") == 0) { + bss->wpa_pairwise = + hostapd_config_parse_cipher(line, pos); + if (bss->wpa_pairwise == -1 || + bss->wpa_pairwise == 0) + errors++; + else if (bss->wpa_pairwise & + (WPA_CIPHER_NONE | WPA_CIPHER_WEP40 | + WPA_CIPHER_WEP104)) { + printf("Line %d: unsupported pairwise " + "cipher suite '%s'\n", + bss->wpa_pairwise, pos); + errors++; + } else { + if (bss->wpa_pairwise & WPA_CIPHER_TKIP) + bss->wpa_group = WPA_CIPHER_TKIP; + else + bss->wpa_group = WPA_CIPHER_CCMP; + } +#ifdef CONFIG_RSN_PREAUTH + } else if (strcmp(buf, "rsn_preauth") == 0) { + bss->rsn_preauth = atoi(pos); + } else if (strcmp(buf, "rsn_preauth_interfaces") == 0) { + bss->rsn_preauth_interfaces = strdup(pos); +#endif /* CONFIG_RSN_PREAUTH */ +#ifdef CONFIG_PEERKEY + } else if (strcmp(buf, "peerkey") == 0) { + bss->peerkey = atoi(pos); +#endif /* CONFIG_PEERKEY */ + } else if (strcmp(buf, "ctrl_interface") == 0) { + free(bss->ctrl_interface); + bss->ctrl_interface = strdup(pos); + } else if (strcmp(buf, "ctrl_interface_group") == 0) { +#ifndef CONFIG_NATIVE_WINDOWS + struct group *grp; + char *endp; + const char *group = pos; + + grp = getgrnam(group); + if (grp) { + bss->ctrl_interface_gid = grp->gr_gid; + bss->ctrl_interface_gid_set = 1; + wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d" + " (from group name '%s')", + bss->ctrl_interface_gid, group); + continue; + } + + /* Group name not found - try to parse this as gid */ + bss->ctrl_interface_gid = strtol(group, &endp, 10); + if (*group == '\0' || *endp != '\0') { + wpa_printf(MSG_DEBUG, "Line %d: Invalid group " + "'%s'", line, group); + errors++; + continue; + } + bss->ctrl_interface_gid_set = 1; + wpa_printf(MSG_DEBUG, "ctrl_interface_group=%d", + bss->ctrl_interface_gid); +#endif /* CONFIG_NATIVE_WINDOWS */ +#ifdef RADIUS_SERVER + } else if (strcmp(buf, "radius_server_clients") == 0) { + free(bss->radius_server_clients); + bss->radius_server_clients = strdup(pos); + } else if (strcmp(buf, "radius_server_auth_port") == 0) { + bss->radius_server_auth_port = atoi(pos); + } else if (strcmp(buf, "radius_server_ipv6") == 0) { + bss->radius_server_ipv6 = atoi(pos); +#endif /* RADIUS_SERVER */ + } else if (strcmp(buf, "test_socket") == 0) { + free(bss->test_socket); + bss->test_socket = strdup(pos); + } else if (strcmp(buf, "use_pae_group_addr") == 0) { + bss->use_pae_group_addr = atoi(pos); + } else if (strcmp(buf, "hw_mode") == 0) { + if (strcmp(pos, "a") == 0) + conf->hw_mode = HOSTAPD_MODE_IEEE80211A; + else if (strcmp(pos, "b") == 0) + conf->hw_mode = HOSTAPD_MODE_IEEE80211B; + else if (strcmp(pos, "g") == 0) + conf->hw_mode = HOSTAPD_MODE_IEEE80211G; + else { + printf("Line %d: unknown hw_mode '%s'\n", + line, pos); + errors++; + } + } else if (strcmp(buf, "channel") == 0) { + conf->channel = atoi(pos); + } else if (strcmp(buf, "beacon_int") == 0) { + int val = atoi(pos); + /* MIB defines range as 1..65535, but very small values + * cause problems with the current implementation. + * Since it is unlikely that this small numbers are + * useful in real life scenarios, do not allow beacon + * period to be set below 15 TU. */ + if (val < 15 || val > 65535) { + printf("Line %d: invalid beacon_int %d " + "(expected 15..65535)\n", + line, val); + errors++; + } else + conf->beacon_int = val; + } else if (strcmp(buf, "dtim_period") == 0) { + bss->dtim_period = atoi(pos); + if (bss->dtim_period < 1 || bss->dtim_period > 255) { + printf("Line %d: invalid dtim_period %d\n", + line, bss->dtim_period); + errors++; + } + } else if (strcmp(buf, "rts_threshold") == 0) { + conf->rts_threshold = atoi(pos); + if (conf->rts_threshold < 0 || + conf->rts_threshold > 2347) { + printf("Line %d: invalid rts_threshold %d\n", + line, conf->rts_threshold); + errors++; + } + } else if (strcmp(buf, "fragm_threshold") == 0) { + conf->fragm_threshold = atoi(pos); + if (conf->fragm_threshold < 256 || + conf->fragm_threshold > 2346) { + printf("Line %d: invalid fragm_threshold %d\n", + line, conf->fragm_threshold); + errors++; + } + } else if (strcmp(buf, "send_probe_response") == 0) { + int val = atoi(pos); + if (val != 0 && val != 1) { + printf("Line %d: invalid send_probe_response " + "%d (expected 0 or 1)\n", line, val); + } else + conf->send_probe_response = val; + } else if (strcmp(buf, "supported_rates") == 0) { + if (hostapd_parse_rates(&conf->supported_rates, pos)) { + printf("Line %d: invalid rate list\n", line); + errors++; + } + } else if (strcmp(buf, "basic_rates") == 0) { + if (hostapd_parse_rates(&conf->basic_rates, pos)) { + printf("Line %d: invalid rate list\n", line); + errors++; + } + } else if (strcmp(buf, "ignore_broadcast_ssid") == 0) { + bss->ignore_broadcast_ssid = atoi(pos); + } else if (strcmp(buf, "bridge_packets") == 0) { + conf->bridge_packets = atoi(pos); + } else if (strcmp(buf, "wep_default_key") == 0) { + bss->ssid.wep.idx = atoi(pos); + if (bss->ssid.wep.idx > 3) { + printf("Invalid wep_default_key index %d\n", + bss->ssid.wep.idx); + errors++; + } + } else if (strcmp(buf, "wep_key0") == 0 || + strcmp(buf, "wep_key1") == 0 || + strcmp(buf, "wep_key2") == 0 || + strcmp(buf, "wep_key3") == 0) { + if (hostapd_config_read_wep(&bss->ssid.wep, + buf[7] - '0', pos)) { + printf("Line %d: invalid WEP key '%s'\n", + line, buf); + errors++; + } + } else if (strcmp(buf, "dynamic_vlan") == 0) { + bss->ssid.dynamic_vlan = atoi(pos); + } else if (strcmp(buf, "vlan_file") == 0) { + if (hostapd_config_read_vlan_file(bss, pos)) { + printf("Line %d: failed to read VLAN file " + "'%s'\n", line, pos); + errors++; + } +#ifdef CONFIG_FULL_DYNAMIC_VLAN + } else if (strcmp(buf, "vlan_tagged_interface") == 0) { + bss->ssid.vlan_tagged_interface = strdup(pos); +#endif /* CONFIG_FULL_DYNAMIC_VLAN */ + } else if (strcmp(buf, "passive_scan_interval") == 0) { + conf->passive_scan_interval = atoi(pos); + } else if (strcmp(buf, "passive_scan_listen") == 0) { + conf->passive_scan_listen = atoi(pos); + } else if (strcmp(buf, "passive_scan_mode") == 0) { + conf->passive_scan_mode = atoi(pos); + } else if (strcmp(buf, "ap_table_max_size") == 0) { + conf->ap_table_max_size = atoi(pos); + } else if (strcmp(buf, "ap_table_expiration_time") == 0) { + conf->ap_table_expiration_time = atoi(pos); + } else if (strncmp(buf, "tx_queue_", 9) == 0) { + if (hostapd_config_tx_queue(conf, buf, pos)) { + printf("Line %d: invalid TX queue item\n", + line); + errors++; + } + } else if (strcmp(buf, "wme_enabled") == 0) { + bss->wme_enabled = atoi(pos); + } else if (strncmp(buf, "wme_ac_", 7) == 0) { + if (hostapd_config_wme_ac(conf, buf, pos)) { + printf("Line %d: invalid wme ac item\n", + line); + errors++; + } + } else if (strcmp(buf, "bss") == 0) { + if (hostapd_config_bss(conf, pos)) { + printf("Line %d: invalid bss item\n", line); + errors++; + } + } else if (strcmp(buf, "bssid") == 0) { + if (bss == conf->bss) { + printf("Line %d: bssid item not allowed " + "for the default interface\n", line); + errors++; + } else if (hwaddr_aton(pos, bss->bssid)) { + printf("Line %d: invalid bssid item\n", line); + errors++; + } +#ifdef CONFIG_IEEE80211W + } else if (strcmp(buf, "ieee80211w") == 0) { + bss->ieee80211w = atoi(pos); +#endif /* CONFIG_IEEE80211W */ + } else { + printf("Line %d: unknown configuration item '%s'\n", + line, buf); + errors++; + } + } + + fclose(f); + + if (bss->individual_wep_key_len == 0) { + /* individual keys are not use; can use key idx0 for broadcast + * keys */ + bss->broadcast_key_idx_min = 0; + } + + for (i = 0; i < conf->num_bss; i++) { + bss = &conf->bss[i]; + + bss->radius->auth_server = bss->radius->auth_servers; + bss->radius->acct_server = bss->radius->acct_servers; + + if (bss->wpa && bss->ieee802_1x) { + bss->ssid.security_policy = SECURITY_WPA; + } else if (bss->wpa) { + bss->ssid.security_policy = SECURITY_WPA_PSK; + } else if (bss->ieee802_1x) { + bss->ssid.security_policy = SECURITY_IEEE_802_1X; + bss->ssid.wep.default_len = bss->default_wep_key_len; + } else if (bss->ssid.wep.keys_set) + bss->ssid.security_policy = SECURITY_STATIC_WEP; + else + bss->ssid.security_policy = SECURITY_PLAINTEXT; + } + + if (hostapd_config_check(conf)) + errors++; + + if (errors) { + printf("%d errors found in configuration file '%s'\n", + errors, fname); + hostapd_config_free(conf); + conf = NULL; + } + + return conf; +} + + +int hostapd_wep_key_cmp(struct hostapd_wep_keys *a, struct hostapd_wep_keys *b) +{ + int i; + + if (a->idx != b->idx || a->default_len != b->default_len) + return 1; + for (i = 0; i < NUM_WEP_KEYS; i++) + if (a->len[i] != b->len[i] || + memcmp(a->key[i], b->key[i], a->len[i]) != 0) + return 1; + return 0; +} + + +static void hostapd_config_free_radius(struct hostapd_radius_server *servers, + int num_servers) +{ + int i; + + for (i = 0; i < num_servers; i++) { + free(servers[i].shared_secret); + } + free(servers); +} + + +static void hostapd_config_free_eap_user(struct hostapd_eap_user *user) +{ + free(user->identity); + free(user->password); + free(user); +} + + +static void hostapd_config_free_wep(struct hostapd_wep_keys *keys) +{ + int i; + for (i = 0; i < NUM_WEP_KEYS; i++) { + free(keys->key[i]); + keys->key[i] = NULL; + } +} + + +static void hostapd_config_free_bss(struct hostapd_bss_config *conf) +{ + struct hostapd_wpa_psk *psk, *prev; + struct hostapd_eap_user *user, *prev_user; + + if (conf == NULL) + return; + + psk = conf->ssid.wpa_psk; + while (psk) { + prev = psk; + psk = psk->next; + free(prev); + } + + free(conf->ssid.wpa_passphrase); + free(conf->ssid.wpa_psk_file); +#ifdef CONFIG_FULL_DYNAMIC_VLAN + free(conf->ssid.vlan_tagged_interface); +#endif /* CONFIG_FULL_DYNAMIC_VLAN */ + + user = conf->eap_user; + while (user) { + prev_user = user; + user = user->next; + hostapd_config_free_eap_user(prev_user); + } + + free(conf->dump_log_name); + free(conf->eap_req_id_text); + free(conf->accept_mac); + free(conf->deny_mac); + free(conf->nas_identifier); + hostapd_config_free_radius(conf->radius->auth_servers, + conf->radius->num_auth_servers); + hostapd_config_free_radius(conf->radius->acct_servers, + conf->radius->num_acct_servers); + free(conf->rsn_preauth_interfaces); + free(conf->ctrl_interface); + free(conf->ca_cert); + free(conf->server_cert); + free(conf->private_key); + free(conf->private_key_passwd); + free(conf->eap_sim_db); + free(conf->radius_server_clients); + free(conf->test_socket); + free(conf->radius); + hostapd_config_free_vlan(conf); + if (conf->ssid.dyn_vlan_keys) { + struct hostapd_ssid *ssid = &conf->ssid; + size_t i; + for (i = 0; i <= ssid->max_dyn_vlan_keys; i++) { + if (ssid->dyn_vlan_keys[i] == NULL) + continue; + hostapd_config_free_wep(ssid->dyn_vlan_keys[i]); + free(ssid->dyn_vlan_keys[i]); + } + free(ssid->dyn_vlan_keys); + ssid->dyn_vlan_keys = NULL; + } +} + + +void hostapd_config_free(struct hostapd_config *conf) +{ + size_t i; + + if (conf == NULL) + return; + + for (i = 0; i < conf->num_bss; i++) + hostapd_config_free_bss(&conf->bss[i]); + free(conf->bss); + + free(conf); +} + + +/* Perform a binary search for given MAC address from a pre-sorted list. + * Returns 1 if address is in the list or 0 if not. */ +int hostapd_maclist_found(macaddr *list, int num_entries, const u8 *addr) +{ + int start, end, middle, res; + + start = 0; + end = num_entries - 1; + + while (start <= end) { + middle = (start + end) / 2; + res = memcmp(list[middle], addr, ETH_ALEN); + if (res == 0) + return 1; + if (res < 0) + start = middle + 1; + else + end = middle - 1; + } + + return 0; +} + + +int hostapd_rate_found(int *list, int rate) +{ + int i; + + if (list == NULL) + return 0; + + for (i = 0; list[i] >= 0; i++) + if (list[i] == rate) + return 1; + + return 0; +} + + +const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan, int vlan_id) +{ + struct hostapd_vlan *v = vlan; + while (v) { + if (v->vlan_id == vlan_id || v->vlan_id == VLAN_ID_WILDCARD) + return v->ifname; + v = v->next; + } + return NULL; +} + + +const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf, + const u8 *addr, const u8 *prev_psk) +{ + struct hostapd_wpa_psk *psk; + int next_ok = prev_psk == NULL; + + for (psk = conf->ssid.wpa_psk; psk != NULL; psk = psk->next) { + if (next_ok && + (psk->group || memcmp(psk->addr, addr, ETH_ALEN) == 0)) + return psk->psk; + + if (psk->psk == prev_psk) + next_ok = 1; + } + + return NULL; +} + + +const struct hostapd_eap_user * +hostapd_get_eap_user(const struct hostapd_bss_config *conf, const u8 *identity, + size_t identity_len, int phase2) +{ + struct hostapd_eap_user *user = conf->eap_user; + + while (user) { + if (!phase2 && user->identity == NULL) { + /* Wildcard match */ + break; + } + + if (!phase2 && user->wildcard_prefix && + identity_len >= user->identity_len && + memcmp(user->identity, identity, user->identity_len) == 0) + { + /* Wildcard prefix match */ + break; + } + + if (user->phase2 == !!phase2 && + user->identity_len == identity_len && + memcmp(user->identity, identity, identity_len) == 0) + break; + user = user->next; + } + + return user; +} diff --git a/contrib/hostapd-0.5.8/config.h b/contrib/hostapd-0.5.8/config.h new file mode 100644 index 0000000000..fafe8e0411 --- /dev/null +++ b/contrib/hostapd-0.5.8/config.h @@ -0,0 +1,362 @@ +/* + * hostapd / Configuration file + * Copyright (c) 2003-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef CONFIG_H +#define CONFIG_H + +#include "config_types.h" + +typedef u8 macaddr[ETH_ALEN]; + +struct hostapd_radius_servers; + +#define HOSTAPD_MAX_SSID_LEN 32 + +#define NUM_WEP_KEYS 4 +struct hostapd_wep_keys { + u8 idx; + u8 *key[NUM_WEP_KEYS]; + size_t len[NUM_WEP_KEYS]; + int keys_set; + size_t default_len; /* key length used for dynamic key generation */ +}; + +typedef enum hostap_security_policy { + SECURITY_PLAINTEXT = 0, + SECURITY_STATIC_WEP = 1, + SECURITY_IEEE_802_1X = 2, + SECURITY_WPA_PSK = 3, + SECURITY_WPA = 4 +} secpolicy; + +struct hostapd_ssid { + char ssid[HOSTAPD_MAX_SSID_LEN + 1]; + size_t ssid_len; + int ssid_set; + + char vlan[IFNAMSIZ + 1]; + secpolicy security_policy; + + struct hostapd_wpa_psk *wpa_psk; + char *wpa_passphrase; + char *wpa_psk_file; + + struct hostapd_wep_keys wep; + +#define DYNAMIC_VLAN_DISABLED 0 +#define DYNAMIC_VLAN_OPTIONAL 1 +#define DYNAMIC_VLAN_REQUIRED 2 + int dynamic_vlan; +#ifdef CONFIG_FULL_DYNAMIC_VLAN + char *vlan_tagged_interface; +#endif /* CONFIG_FULL_DYNAMIC_VLAN */ + struct hostapd_wep_keys **dyn_vlan_keys; + size_t max_dyn_vlan_keys; +}; + + +#define VLAN_ID_WILDCARD -1 + +struct hostapd_vlan { + struct hostapd_vlan *next; + int vlan_id; /* VLAN ID or -1 (VLAN_ID_WILDCARD) for wildcard entry */ + char ifname[IFNAMSIZ + 1]; + int dynamic_vlan; +#ifdef CONFIG_FULL_DYNAMIC_VLAN + +#define DVLAN_CLEAN_BR 0x1 +#define DVLAN_CLEAN_VLAN 0x2 +#define DVLAN_CLEAN_VLAN_PORT 0x4 +#define DVLAN_CLEAN_WLAN_PORT 0x8 + int clean; +#endif /* CONFIG_FULL_DYNAMIC_VLAN */ +}; + +#define PMK_LEN 32 +struct hostapd_wpa_psk { + struct hostapd_wpa_psk *next; + int group; + u8 psk[PMK_LEN]; + u8 addr[ETH_ALEN]; +}; + +#define EAP_USER_MAX_METHODS 8 +struct hostapd_eap_user { + struct hostapd_eap_user *next; + u8 *identity; + size_t identity_len; + struct { + int vendor; + u32 method; + } methods[EAP_USER_MAX_METHODS]; + u8 *password; + size_t password_len; + int phase2; + int force_version; + unsigned int wildcard_prefix:1; + unsigned int password_hash:1; /* whether password is hashed with + * nt_password_hash() */ +}; + + +#define NUM_TX_QUEUES 8 + +struct hostapd_tx_queue_params { + int aifs; + int cwmin; + int cwmax; + int burst; /* maximum burst time in 0.1 ms, i.e., 10 = 1 ms */ + int configured; +}; + +struct hostapd_wme_ac_params { + int cwmin; + int cwmax; + int aifs; + int txopLimit; /* in units of 32us */ + int admission_control_mandatory; +}; + + +/** + * struct hostapd_bss_config - Per-BSS configuration + */ +struct hostapd_bss_config { + char iface[IFNAMSIZ + 1]; + char bridge[IFNAMSIZ + 1]; + + enum { + HOSTAPD_LEVEL_DEBUG_VERBOSE = 0, + HOSTAPD_LEVEL_DEBUG = 1, + HOSTAPD_LEVEL_INFO = 2, + HOSTAPD_LEVEL_NOTICE = 3, + HOSTAPD_LEVEL_WARNING = 4 + } logger_syslog_level, logger_stdout_level; + +#define HOSTAPD_MODULE_IEEE80211 BIT(0) +#define HOSTAPD_MODULE_IEEE8021X BIT(1) +#define HOSTAPD_MODULE_RADIUS BIT(2) +#define HOSTAPD_MODULE_WPA BIT(3) +#define HOSTAPD_MODULE_DRIVER BIT(4) +#define HOSTAPD_MODULE_IAPP BIT(5) +#define HOSTAPD_MODULE_MLME BIT(6) + unsigned int logger_syslog; /* module bitfield */ + unsigned int logger_stdout; /* module bitfield */ + + enum { HOSTAPD_DEBUG_NO = 0, HOSTAPD_DEBUG_MINIMAL = 1, + HOSTAPD_DEBUG_VERBOSE = 2, + HOSTAPD_DEBUG_MSGDUMPS = 3, + HOSTAPD_DEBUG_EXCESSIVE = 4 } debug; /* debug verbosity level */ + char *dump_log_name; /* file name for state dump (SIGUSR1) */ + + int max_num_sta; /* maximum number of STAs in station table */ + + int dtim_period; + + int ieee802_1x; /* use IEEE 802.1X */ + int eapol_version; + int eap_server; /* Use internal EAP server instead of external + * RADIUS server */ + struct hostapd_eap_user *eap_user; + char *eap_sim_db; + struct hostapd_ip_addr own_ip_addr; + char *nas_identifier; + struct hostapd_radius_servers *radius; + + struct hostapd_ssid ssid; + + char *eap_req_id_text; /* optional displayable message sent with + * EAP Request-Identity */ + size_t eap_req_id_text_len; + int eapol_key_index_workaround; + + size_t default_wep_key_len; + int individual_wep_key_len; + int wep_rekeying_period; + int broadcast_key_idx_min, broadcast_key_idx_max; + int eap_reauth_period; + + int ieee802_11f; /* use IEEE 802.11f (IAPP) */ + char iapp_iface[IFNAMSIZ + 1]; /* interface used with IAPP broadcast + * frames */ + + u8 assoc_ap_addr[ETH_ALEN]; + int assoc_ap; /* whether assoc_ap_addr is set */ + + enum { + ACCEPT_UNLESS_DENIED = 0, + DENY_UNLESS_ACCEPTED = 1, + USE_EXTERNAL_RADIUS_AUTH = 2 + } macaddr_acl; + macaddr *accept_mac; + int num_accept_mac; + macaddr *deny_mac; + int num_deny_mac; + +#define HOSTAPD_AUTH_OPEN BIT(0) +#define HOSTAPD_AUTH_SHARED_KEY BIT(1) + int auth_algs; /* bitfield of allowed IEEE 802.11 authentication + * algorithms */ + +#define HOSTAPD_WPA_VERSION_WPA BIT(0) +#define HOSTAPD_WPA_VERSION_WPA2 BIT(1) + int wpa; +#define WPA_KEY_MGMT_IEEE8021X BIT(0) +#define WPA_KEY_MGMT_PSK BIT(1) + int wpa_key_mgmt; +#define WPA_CIPHER_NONE BIT(0) +#define WPA_CIPHER_WEP40 BIT(1) +#define WPA_CIPHER_WEP104 BIT(2) +#define WPA_CIPHER_TKIP BIT(3) +#define WPA_CIPHER_CCMP BIT(4) +#ifdef CONFIG_IEEE80211W +#define WPA_CIPHER_AES_128_CMAC BIT(5) + enum { + NO_IEEE80211W = 0, + IEEE80211W_OPTIONAL = 1, + IEEE80211W_REQUIRED = 2 + } ieee80211w; +#endif /* CONFIG_IEEE80211W */ + int wpa_pairwise; + int wpa_group; + int wpa_group_rekey; + int wpa_strict_rekey; + int wpa_gmk_rekey; + int rsn_preauth; + char *rsn_preauth_interfaces; + int peerkey; + + char *ctrl_interface; /* directory for UNIX domain sockets */ + gid_t ctrl_interface_gid; + int ctrl_interface_gid_set; + + char *ca_cert; + char *server_cert; + char *private_key; + char *private_key_passwd; + int check_crl; + + char *radius_server_clients; + int radius_server_auth_port; + int radius_server_ipv6; + + char *test_socket; /* UNIX domain socket path for driver_test */ + + int use_pae_group_addr; /* Whether to send EAPOL frames to PAE group + * address instead of individual address + * (for driver_wired.c). + */ + + int ap_max_inactivity; + int ignore_broadcast_ssid; + + int wme_enabled; + + struct hostapd_vlan *vlan, *vlan_tail; + + macaddr bssid; +}; + + +typedef enum { + HOSTAPD_MODE_IEEE80211B, + HOSTAPD_MODE_IEEE80211G, + HOSTAPD_MODE_IEEE80211A, + NUM_HOSTAPD_MODES +} hostapd_hw_mode; + + +/** + * struct hostapd_config - Per-radio interface configuration + */ +struct hostapd_config { + struct hostapd_bss_config *bss, *last_bss; + struct hostapd_radius_servers *radius; + size_t num_bss; + + u16 beacon_int; + int rts_threshold; + int fragm_threshold; + u8 send_probe_response; + u8 channel; + hostapd_hw_mode hw_mode; /* HOSTAPD_MODE_IEEE80211A, .. */ + enum { + LONG_PREAMBLE = 0, + SHORT_PREAMBLE = 1 + } preamble; + enum { + CTS_PROTECTION_AUTOMATIC = 0, + CTS_PROTECTION_FORCE_ENABLED = 1, + CTS_PROTECTION_FORCE_DISABLED = 2, + CTS_PROTECTION_AUTOMATIC_NO_OLBC = 3, + } cts_protection_type; + + int *supported_rates; + int *basic_rates; + + const struct driver_ops *driver; + + int passive_scan_interval; /* seconds, 0 = disabled */ + int passive_scan_listen; /* usec */ + int passive_scan_mode; + int ap_table_max_size; + int ap_table_expiration_time; + + char country[3]; /* first two octets: country code as described in + * ISO/IEC 3166-1. Third octet: + * ' ' (ascii 32): all environments + * 'O': Outdoor environemnt only + * 'I': Indoor environment only + */ + + int ieee80211d; + unsigned int ieee80211h; /* Enable/Disable 80211h */ + + struct hostapd_tx_queue_params tx_queue[NUM_TX_QUEUES]; + + /* + * WME AC parameters, in same order as 802.1D, i.e. + * 0 = BE (best effort) + * 1 = BK (background) + * 2 = VI (video) + * 3 = VO (voice) + */ + struct hostapd_wme_ac_params wme_ac_params[4]; + + enum { + INTERNAL_BRIDGE_DO_NOT_CONTROL = -1, + INTERNAL_BRIDGE_DISABLED = 0, + INTERNAL_BRIDGE_ENABLED = 1 + } bridge_packets; +}; + + +int hostapd_mac_comp(const void *a, const void *b); +int hostapd_mac_comp_empty(const void *a); +struct hostapd_config * hostapd_config_read(const char *fname); +void hostapd_config_free(struct hostapd_config *conf); +int hostapd_maclist_found(macaddr *list, int num_entries, const u8 *addr); +int hostapd_rate_found(int *list, int rate); +int hostapd_wep_key_cmp(struct hostapd_wep_keys *a, + struct hostapd_wep_keys *b); +const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf, + const u8 *addr, const u8 *prev_psk); +int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf); +const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan, + int vlan_id); +const struct hostapd_eap_user * +hostapd_get_eap_user(const struct hostapd_bss_config *conf, const u8 *identity, + size_t identity_len, int phase2); + +#endif /* CONFIG_H */ diff --git a/contrib/hostapd-0.5.8/config_types.h b/contrib/hostapd-0.5.8/config_types.h new file mode 100644 index 0000000000..ffcffa3c0c --- /dev/null +++ b/contrib/hostapd-0.5.8/config_types.h @@ -0,0 +1,28 @@ +/* + * hostapd / Shared configuration file defines + * Copyright (c) 2003-2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef CONFIG_TYPES_H +#define CONFIG_TYPES_H + +struct hostapd_ip_addr { + union { + struct in_addr v4; +#ifdef CONFIG_IPV6 + struct in6_addr v6; +#endif /* CONFIG_IPV6 */ + } u; + int af; /* AF_INET / AF_INET6 */ +}; + +#endif /* CONFIG_TYPES_H */ diff --git a/contrib/hostapd-0.5.8/crypto.c b/contrib/hostapd-0.5.8/crypto.c new file mode 100644 index 0000000000..c5edd24c4b --- /dev/null +++ b/contrib/hostapd-0.5.8/crypto.c @@ -0,0 +1,207 @@ +/* + * WPA Supplicant / wrapper functions for libcrypto + * Copyright (c) 2004-2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" +#include +#include +#include +#include +#include +#include + +#include "common.h" +#include "crypto.h" + +#if OPENSSL_VERSION_NUMBER < 0x00907000 +#define DES_key_schedule des_key_schedule +#define DES_cblock des_cblock +#define DES_set_key(key, schedule) des_set_key((key), *(schedule)) +#define DES_ecb_encrypt(input, output, ks, enc) \ + des_ecb_encrypt((input), (output), *(ks), (enc)) +#endif /* openssl < 0.9.7 */ + + +void md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) +{ + MD4_CTX ctx; + size_t i; + + MD4_Init(&ctx); + for (i = 0; i < num_elem; i++) + MD4_Update(&ctx, addr[i], len[i]); + MD4_Final(mac, &ctx); +} + + +void des_encrypt(const u8 *clear, const u8 *key, u8 *cypher) +{ + u8 pkey[8], next, tmp; + int i; + DES_key_schedule ks; + + /* Add parity bits to the key */ + next = 0; + for (i = 0; i < 7; i++) { + tmp = key[i]; + pkey[i] = (tmp >> i) | next | 1; + next = tmp << (7 - i); + } + pkey[i] = next | 1; + + DES_set_key(&pkey, &ks); + DES_ecb_encrypt((DES_cblock *) clear, (DES_cblock *) cypher, &ks, + DES_ENCRYPT); +} + + +#ifdef EAP_TLS_FUNCS +void md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) +{ + MD5_CTX ctx; + size_t i; + + MD5_Init(&ctx); + for (i = 0; i < num_elem; i++) + MD5_Update(&ctx, addr[i], len[i]); + MD5_Final(mac, &ctx); +} + + +void sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) +{ + SHA_CTX ctx; + size_t i; + + SHA1_Init(&ctx); + for (i = 0; i < num_elem; i++) + SHA1_Update(&ctx, addr[i], len[i]); + SHA1_Final(mac, &ctx); +} + + +static void sha1_transform(u8 *state, const u8 data[64]) +{ + SHA_CTX context; + os_memset(&context, 0, sizeof(context)); + os_memcpy(&context.h0, state, 5 * 4); + SHA1_Transform(&context, data); + os_memcpy(state, &context.h0, 5 * 4); +} + + +int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen) +{ + u8 xkey[64]; + u32 t[5], _t[5]; + int i, j, m, k; + u8 *xpos = x; + u32 carry; + + if (seed_len > sizeof(xkey)) + seed_len = sizeof(xkey); + + /* FIPS 186-2 + change notice 1 */ + + os_memcpy(xkey, seed, seed_len); + os_memset(xkey + seed_len, 0, 64 - seed_len); + t[0] = 0x67452301; + t[1] = 0xEFCDAB89; + t[2] = 0x98BADCFE; + t[3] = 0x10325476; + t[4] = 0xC3D2E1F0; + + m = xlen / 40; + for (j = 0; j < m; j++) { + /* XSEED_j = 0 */ + for (i = 0; i < 2; i++) { + /* XVAL = (XKEY + XSEED_j) mod 2^b */ + + /* w_i = G(t, XVAL) */ + os_memcpy(_t, t, 20); + sha1_transform((u8 *) _t, xkey); + _t[0] = host_to_be32(_t[0]); + _t[1] = host_to_be32(_t[1]); + _t[2] = host_to_be32(_t[2]); + _t[3] = host_to_be32(_t[3]); + _t[4] = host_to_be32(_t[4]); + os_memcpy(xpos, _t, 20); + + /* XKEY = (1 + XKEY + w_i) mod 2^b */ + carry = 1; + for (k = 19; k >= 0; k--) { + carry += xkey[k] + xpos[k]; + xkey[k] = carry & 0xff; + carry >>= 8; + } + + xpos += 20; + } + /* x_j = w_0|w_1 */ + } + + return 0; +} + + +void * aes_encrypt_init(const u8 *key, size_t len) +{ + AES_KEY *ak; + ak = os_malloc(sizeof(*ak)); + if (ak == NULL) + return NULL; + if (AES_set_encrypt_key(key, 8 * len, ak) < 0) { + os_free(ak); + return NULL; + } + return ak; +} + + +void aes_encrypt(void *ctx, const u8 *plain, u8 *crypt) +{ + AES_encrypt(plain, crypt, ctx); +} + + +void aes_encrypt_deinit(void *ctx) +{ + os_free(ctx); +} + + +void * aes_decrypt_init(const u8 *key, size_t len) +{ + AES_KEY *ak; + ak = os_malloc(sizeof(*ak)); + if (ak == NULL) + return NULL; + if (AES_set_decrypt_key(key, 8 * len, ak) < 0) { + os_free(ak); + return NULL; + } + return ak; +} + + +void aes_decrypt(void *ctx, const u8 *crypt, u8 *plain) +{ + AES_decrypt(crypt, plain, ctx); +} + + +void aes_decrypt_deinit(void *ctx) +{ + os_free(ctx); +} +#endif /* EAP_TLS_FUNCS */ diff --git a/contrib/hostapd-0.5.8/crypto.h b/contrib/hostapd-0.5.8/crypto.h new file mode 100644 index 0000000000..00b13b91c4 --- /dev/null +++ b/contrib/hostapd-0.5.8/crypto.h @@ -0,0 +1,413 @@ +/* + * WPA Supplicant / wrapper functions for crypto libraries + * Copyright (c) 2004-2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + * + * This file defines the cryptographic functions that need to be implemented + * for wpa_supplicant and hostapd. When TLS is not used, internal + * implementation of MD5, SHA1, and AES is used and no external libraries are + * required. When TLS is enabled (e.g., by enabling EAP-TLS or EAP-PEAP), the + * crypto library used by the TLS implementation is expected to be used for + * non-TLS needs, too, in order to save space by not implementing these + * functions twice. + * + * Wrapper code for using each crypto library is in its own file (crypto*.c) + * and one of these files is build and linked in to provide the functions + * defined here. + */ + +#ifndef CRYPTO_H +#define CRYPTO_H + +/** + * md4_vector - MD4 hash for data vector + * @num_elem: Number of elements in the data vector + * @addr: Pointers to the data areas + * @len: Lengths of the data blocks + * @mac: Buffer for the hash + */ +void md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac); + +/** + * md5_vector - MD5 hash for data vector + * @num_elem: Number of elements in the data vector + * @addr: Pointers to the data areas + * @len: Lengths of the data blocks + * @mac: Buffer for the hash + */ +void md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac); + +/** + * sha1_vector - SHA-1 hash for data vector + * @num_elem: Number of elements in the data vector + * @addr: Pointers to the data areas + * @len: Lengths of the data blocks + * @mac: Buffer for the hash + */ +void sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, + u8 *mac); + +/** + * fips186_2-prf - NIST FIPS Publication 186-2 change notice 1 PRF + * @seed: Seed/key for the PRF + * @seed_len: Seed length in bytes + * @x: Buffer for PRF output + * @xlen: Output length in bytes + * Returns: 0 on success, -1 on failure + * + * This function implements random number generation specified in NIST FIPS + * Publication 186-2 for EAP-SIM. This PRF uses a function that is similar to + * SHA-1, but has different message padding. + */ +int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen); + +/** + * sha256_vector - SHA256 hash for data vector + * @num_elem: Number of elements in the data vector + * @addr: Pointers to the data areas + * @len: Lengths of the data blocks + * @mac: Buffer for the hash + */ +void sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len, + u8 *mac); + +/** + * des_encrypt - Encrypt one block with DES + * @clear: 8 octets (in) + * @key: 7 octets (in) (no parity bits included) + * @cypher: 8 octets (out) + */ +void des_encrypt(const u8 *clear, const u8 *key, u8 *cypher); + +/** + * aes_encrypt_init - Initialize AES for encryption + * @key: Encryption key + * @len: Key length in bytes (usually 16, i.e., 128 bits) + * Returns: Pointer to context data or %NULL on failure + */ +void * aes_encrypt_init(const u8 *key, size_t len); + +/** + * aes_encrypt - Encrypt one AES block + * @ctx: Context pointer from aes_encrypt_init() + * @plain: Plaintext data to be encrypted (16 bytes) + * @crypt: Buffer for the encrypted data (16 bytes) + */ +void aes_encrypt(void *ctx, const u8 *plain, u8 *crypt); + +/** + * aes_encrypt_deinit - Deinitialize AES encryption + * @ctx: Context pointer from aes_encrypt_init() + */ +void aes_encrypt_deinit(void *ctx); + +/** + * aes_decrypt_init - Initialize AES for decryption + * @key: Decryption key + * @len: Key length in bytes (usually 16, i.e., 128 bits) + * Returns: Pointer to context data or %NULL on failure + */ +void * aes_decrypt_init(const u8 *key, size_t len); + +/** + * aes_decrypt - Decrypt one AES block + * @ctx: Context pointer from aes_encrypt_init() + * @crypt: Encrypted data (16 bytes) + * @plain: Buffer for the decrypted data (16 bytes) + */ +void aes_decrypt(void *ctx, const u8 *crypt, u8 *plain); + +/** + * aes_decrypt_deinit - Deinitialize AES decryption + * @ctx: Context pointer from aes_encrypt_init() + */ +void aes_decrypt_deinit(void *ctx); + + +enum crypto_hash_alg { + CRYPTO_HASH_ALG_MD5, CRYPTO_HASH_ALG_SHA1, + CRYPTO_HASH_ALG_HMAC_MD5, CRYPTO_HASH_ALG_HMAC_SHA1 +}; + +struct crypto_hash; + +/** + * crypto_hash_init - Initialize hash/HMAC function + * @alg: Hash algorithm + * @key: Key for keyed hash (e.g., HMAC) or %NULL if not needed + * @key_len: Length of the key in bytes + * Returns: Pointer to hash context to use with other hash functions or %NULL + * on failure + * + * This function is only used with internal TLSv1 implementation + * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need + * to implement this. + */ +struct crypto_hash * crypto_hash_init(enum crypto_hash_alg alg, const u8 *key, + size_t key_len); + +/** + * crypto_hash_update - Add data to hash calculation + * @ctx: Context pointer from crypto_hash_init() + * @data: Data buffer to add + * @len: Length of the buffer + * + * This function is only used with internal TLSv1 implementation + * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need + * to implement this. + */ +void crypto_hash_update(struct crypto_hash *ctx, const u8 *data, size_t len); + +/** + * crypto_hash_finish - Complete hash calculation + * @ctx: Context pointer from crypto_hash_init() + * @hash: Buffer for hash value or %NULL if caller is just freeing the hash + * context + * @len: Pointer to length of the buffer or %NULL if caller is just freeing the + * hash context; on return, this is set to the actual length of the hash value + * Returns: 0 on success, -1 if buffer is too small (len set to needed length), + * or -2 on other failures (including failed crypto_hash_update() operations) + * + * This function calculates the hash value and frees the context buffer that + * was used for hash calculation. + * + * This function is only used with internal TLSv1 implementation + * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need + * to implement this. + */ +int crypto_hash_finish(struct crypto_hash *ctx, u8 *hash, size_t *len); + + +enum crypto_cipher_alg { + CRYPTO_CIPHER_NULL = 0, CRYPTO_CIPHER_ALG_AES, CRYPTO_CIPHER_ALG_3DES, + CRYPTO_CIPHER_ALG_DES, CRYPTO_CIPHER_ALG_RC2, CRYPTO_CIPHER_ALG_RC4 +}; + +struct crypto_cipher; + +/** + * crypto_cipher_init - Initialize block/stream cipher function + * @alg: Cipher algorithm + * @iv: Initialization vector for block ciphers or %NULL for stream ciphers + * @key: Cipher key + * @key_len: Length of key in bytes + * Returns: Pointer to cipher context to use with other cipher functions or + * %NULL on failure + * + * This function is only used with internal TLSv1 implementation + * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need + * to implement this. + */ +struct crypto_cipher * crypto_cipher_init(enum crypto_cipher_alg alg, + const u8 *iv, const u8 *key, + size_t key_len); + +/** + * crypto_cipher_encrypt - Cipher encrypt + * @ctx: Context pointer from crypto_cipher_init() + * @plain: Plaintext to cipher + * @crypt: Resulting ciphertext + * @len: Length of the plaintext + * Returns: 0 on success, -1 on failure + * + * This function is only used with internal TLSv1 implementation + * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need + * to implement this. + */ +int crypto_cipher_encrypt(struct crypto_cipher *ctx, const u8 *plain, + u8 *crypt, size_t len); + +/** + * crypto_cipher_decrypt - Cipher decrypt + * @ctx: Context pointer from crypto_cipher_init() + * @crypt: Ciphertext to decrypt + * @plain: Resulting plaintext + * @len: Length of the cipher text + * Returns: 0 on success, -1 on failure + * + * This function is only used with internal TLSv1 implementation + * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need + * to implement this. + */ +int crypto_cipher_decrypt(struct crypto_cipher *ctx, const u8 *crypt, + u8 *plain, size_t len); + +/** + * crypto_cipher_decrypt - Free cipher context + * @ctx: Context pointer from crypto_cipher_init() + * + * This function is only used with internal TLSv1 implementation + * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need + * to implement this. + */ +void crypto_cipher_deinit(struct crypto_cipher *ctx); + + +struct crypto_public_key; +struct crypto_private_key; + +/** + * crypto_public_key_import - Import an RSA public key + * @key: Key buffer (DER encoded RSA public key) + * @len: Key buffer length in bytes + * Returns: Pointer to the public key or %NULL on failure + * + * This function can just return %NULL if the crypto library supports X.509 + * parsing. In that case, crypto_public_key_from_cert() is used to import the + * public key from a certificate. + * + * This function is only used with internal TLSv1 implementation + * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need + * to implement this. + */ +struct crypto_public_key * crypto_public_key_import(const u8 *key, size_t len); + +/** + * crypto_private_key_import - Import an RSA private key + * @key: Key buffer (DER encoded RSA private key) + * @len: Key buffer length in bytes + * Returns: Pointer to the private key or %NULL on failure + * + * This function is only used with internal TLSv1 implementation + * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need + * to implement this. + */ +struct crypto_private_key * crypto_private_key_import(const u8 *key, + size_t len); + +/** + * crypto_public_key_from_cert - Import an RSA public key from a certificate + * @buf: DER encoded X.509 certificate + * @len: Certificate buffer length in bytes + * Returns: Pointer to public key or %NULL on failure + * + * This function can just return %NULL if the crypto library does not support + * X.509 parsing. In that case, internal code will be used to parse the + * certificate and public key is imported using crypto_public_key_import(). + * + * This function is only used with internal TLSv1 implementation + * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need + * to implement this. + */ +struct crypto_public_key * crypto_public_key_from_cert(const u8 *buf, + size_t len); + +/** + * crypto_public_key_encrypt_pkcs1_v15 - Public key encryption (PKCS #1 v1.5) + * @key: Public key + * @in: Plaintext buffer + * @inlen: Length of plaintext buffer in bytes + * @out: Output buffer for encrypted data + * @outlen: Length of output buffer in bytes; set to used length on success + * Returns: 0 on success, -1 on failure + * + * This function is only used with internal TLSv1 implementation + * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need + * to implement this. + */ +int crypto_public_key_encrypt_pkcs1_v15(struct crypto_public_key *key, + const u8 *in, size_t inlen, + u8 *out, size_t *outlen); + +/** + * crypto_private_key_sign_pkcs1 - Sign with private key (PKCS #1) + * @key: Private key from crypto_private_key_import() + * @in: Plaintext buffer + * @inlen: Length of plaintext buffer in bytes + * @out: Output buffer for encrypted (signed) data + * @outlen: Length of output buffer in bytes; set to used length on success + * Returns: 0 on success, -1 on failure + * + * This function is only used with internal TLSv1 implementation + * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need + * to implement this. + */ +int crypto_private_key_sign_pkcs1(struct crypto_private_key *key, + const u8 *in, size_t inlen, + u8 *out, size_t *outlen); + +/** + * crypto_public_key_free - Free public key + * @key: Public key + * + * This function is only used with internal TLSv1 implementation + * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need + * to implement this. + */ +void crypto_public_key_free(struct crypto_public_key *key); + +/** + * crypto_private_key_free - Free private key + * @key: Private key from crypto_private_key_import() + * + * This function is only used with internal TLSv1 implementation + * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need + * to implement this. + */ +void crypto_private_key_free(struct crypto_private_key *key); + +/** + * crypto_public_key_decrypt_pkcs1 - Decrypt PKCS #1 signature + * @key: Public key + * @crypt: Encrypted signature data (using the private key) + * @crypt_len: Encrypted signature data length + * @plain: Buffer for plaintext (at least crypt_len bytes) + * @plain_len: Plaintext length (max buffer size on input, real len on output); + * Returns: 0 on success, -1 on failure + */ +int crypto_public_key_decrypt_pkcs1(struct crypto_public_key *key, + const u8 *crypt, size_t crypt_len, + u8 *plain, size_t *plain_len); + +/** + * crypto_global_init - Initialize crypto wrapper + * + * This function is only used with internal TLSv1 implementation + * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need + * to implement this. + */ +int crypto_global_init(void); + +/** + * crypto_global_deinit - Deinitialize crypto wrapper + * + * This function is only used with internal TLSv1 implementation + * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need + * to implement this. + */ +void crypto_global_deinit(void); + +/** + * crypto_mod_exp - Modular exponentiation of large integers + * @base: Base integer (big endian byte array) + * @base_len: Length of base integer in bytes + * @power: Power integer (big endian byte array) + * @power_len: Length of power integer in bytes + * @modulus: Modulus integer (big endian byte array) + * @modulus_len: Length of modulus integer in bytes + * @result: Buffer for the result + * @result_len: Result length (max buffer size on input, real len on output) + * Returns: 0 on success, -1 on failure + * + * This function calculates result = base ^ power mod modulus. modules_len is + * used as the maximum size of modulus buffer. It is set to the used size on + * success. + * + * This function is only used with internal TLSv1 implementation + * (CONFIG_TLS=internal). If that is not used, the crypto wrapper does not need + * to implement this. + */ +int crypto_mod_exp(const u8 *base, size_t base_len, + const u8 *power, size_t power_len, + const u8 *modulus, size_t modulus_len, + u8 *result, size_t *result_len); + +#endif /* CRYPTO_H */ diff --git a/contrib/hostapd-0.5.8/ctrl_iface.c b/contrib/hostapd-0.5.8/ctrl_iface.c new file mode 100644 index 0000000000..9863782ed1 --- /dev/null +++ b/contrib/hostapd-0.5.8/ctrl_iface.c @@ -0,0 +1,499 @@ +/* + * hostapd / UNIX domain socket -based control interface + * Copyright (c) 2004, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#ifndef CONFIG_NATIVE_WINDOWS + +#include +#include + +#include "hostapd.h" +#include "eloop.h" +#include "config.h" +#include "eapol_sm.h" +#include "ieee802_1x.h" +#include "wpa.h" +#include "radius_client.h" +#include "ieee802_11.h" +#include "ctrl_iface.h" +#include "sta_info.h" +#include "accounting.h" + + +struct wpa_ctrl_dst { + struct wpa_ctrl_dst *next; + struct sockaddr_un addr; + socklen_t addrlen; + int debug_level; + int errors; +}; + + +static int hostapd_ctrl_iface_attach(struct hostapd_data *hapd, + struct sockaddr_un *from, + socklen_t fromlen) +{ + struct wpa_ctrl_dst *dst; + + dst = wpa_zalloc(sizeof(*dst)); + if (dst == NULL) + return -1; + memcpy(&dst->addr, from, sizeof(struct sockaddr_un)); + dst->addrlen = fromlen; + dst->debug_level = MSG_INFO; + dst->next = hapd->ctrl_dst; + hapd->ctrl_dst = dst; + wpa_hexdump(MSG_DEBUG, "CTRL_IFACE monitor attached", + (u8 *) from->sun_path, fromlen); + return 0; +} + + +static int hostapd_ctrl_iface_detach(struct hostapd_data *hapd, + struct sockaddr_un *from, + socklen_t fromlen) +{ + struct wpa_ctrl_dst *dst, *prev = NULL; + + dst = hapd->ctrl_dst; + while (dst) { + if (fromlen == dst->addrlen && + memcmp(from->sun_path, dst->addr.sun_path, fromlen) == 0) { + if (prev == NULL) + hapd->ctrl_dst = dst->next; + else + prev->next = dst->next; + free(dst); + wpa_hexdump(MSG_DEBUG, "CTRL_IFACE monitor detached", + (u8 *) from->sun_path, fromlen); + return 0; + } + prev = dst; + dst = dst->next; + } + return -1; +} + + +static int hostapd_ctrl_iface_level(struct hostapd_data *hapd, + struct sockaddr_un *from, + socklen_t fromlen, + char *level) +{ + struct wpa_ctrl_dst *dst; + + wpa_printf(MSG_DEBUG, "CTRL_IFACE LEVEL %s", level); + + dst = hapd->ctrl_dst; + while (dst) { + if (fromlen == dst->addrlen && + memcmp(from->sun_path, dst->addr.sun_path, fromlen) == 0) { + wpa_hexdump(MSG_DEBUG, "CTRL_IFACE changed monitor " + "level", (u8 *) from->sun_path, fromlen); + dst->debug_level = atoi(level); + return 0; + } + dst = dst->next; + } + + return -1; +} + + +static int hostapd_ctrl_iface_sta_mib(struct hostapd_data *hapd, + struct sta_info *sta, + char *buf, size_t buflen) +{ + int len, res, ret; + + if (sta == NULL) { + ret = snprintf(buf, buflen, "FAIL\n"); + if (ret < 0 || (size_t) ret >= buflen) + return 0; + return ret; + } + + len = 0; + ret = snprintf(buf + len, buflen - len, MACSTR "\n", + MAC2STR(sta->addr)); + if (ret < 0 || (size_t) ret >= buflen - len) + return len; + len += ret; + + res = ieee802_11_get_mib_sta(hapd, sta, buf + len, buflen - len); + if (res >= 0) + len += res; + res = wpa_get_mib_sta(sta->wpa_sm, buf + len, buflen - len); + if (res >= 0) + len += res; + res = ieee802_1x_get_mib_sta(hapd, sta, buf + len, buflen - len); + if (res >= 0) + len += res; + + return len; +} + + +static int hostapd_ctrl_iface_sta_first(struct hostapd_data *hapd, + char *buf, size_t buflen) +{ + return hostapd_ctrl_iface_sta_mib(hapd, hapd->sta_list, buf, buflen); +} + + +static int hostapd_ctrl_iface_sta(struct hostapd_data *hapd, + const char *txtaddr, + char *buf, size_t buflen) +{ + u8 addr[ETH_ALEN]; + int ret; + + if (hwaddr_aton(txtaddr, addr)) { + ret = snprintf(buf, buflen, "FAIL\n"); + if (ret < 0 || (size_t) ret >= buflen) + return 0; + return ret; + } + return hostapd_ctrl_iface_sta_mib(hapd, ap_get_sta(hapd, addr), + buf, buflen); +} + + +static int hostapd_ctrl_iface_sta_next(struct hostapd_data *hapd, + const char *txtaddr, + char *buf, size_t buflen) +{ + u8 addr[ETH_ALEN]; + struct sta_info *sta; + int ret; + + if (hwaddr_aton(txtaddr, addr) || + (sta = ap_get_sta(hapd, addr)) == NULL) { + ret = snprintf(buf, buflen, "FAIL\n"); + if (ret < 0 || (size_t) ret >= buflen) + return 0; + return ret; + } + return hostapd_ctrl_iface_sta_mib(hapd, sta->next, buf, buflen); +} + + +static int hostapd_ctrl_iface_new_sta(struct hostapd_data *hapd, + const char *txtaddr) +{ + u8 addr[ETH_ALEN]; + struct sta_info *sta; + + wpa_printf(MSG_DEBUG, "CTRL_IFACE NEW_STA %s", txtaddr); + + if (hwaddr_aton(txtaddr, addr)) + return -1; + + sta = ap_get_sta(hapd, addr); + if (sta) + return 0; + + wpa_printf(MSG_DEBUG, "Add new STA " MACSTR " based on ctrl_iface " + "notification", MAC2STR(addr)); + sta = ap_sta_add(hapd, addr); + if (sta == NULL) + return -1; + + hostapd_new_assoc_sta(hapd, sta, 0); + accounting_sta_get_id(hapd, sta); + return 0; +} + + +static void hostapd_ctrl_iface_receive(int sock, void *eloop_ctx, + void *sock_ctx) +{ + struct hostapd_data *hapd = eloop_ctx; + char buf[256]; + int res; + struct sockaddr_un from; + socklen_t fromlen = sizeof(from); + char *reply; + const int reply_size = 4096; + int reply_len; + + res = recvfrom(sock, buf, sizeof(buf) - 1, 0, + (struct sockaddr *) &from, &fromlen); + if (res < 0) { + perror("recvfrom(ctrl_iface)"); + return; + } + buf[res] = '\0'; + wpa_hexdump_ascii(MSG_DEBUG, "RX ctrl_iface", (u8 *) buf, res); + + reply = malloc(reply_size); + if (reply == NULL) { + sendto(sock, "FAIL\n", 5, 0, (struct sockaddr *) &from, + fromlen); + return; + } + + memcpy(reply, "OK\n", 3); + reply_len = 3; + + if (strcmp(buf, "PING") == 0) { + memcpy(reply, "PONG\n", 5); + reply_len = 5; + } else if (strcmp(buf, "MIB") == 0) { + reply_len = ieee802_11_get_mib(hapd, reply, reply_size); + if (reply_len >= 0) { + res = wpa_get_mib(hapd->wpa_auth, reply + reply_len, + reply_size - reply_len); + if (res < 0) + reply_len = -1; + else + reply_len += res; + } + if (reply_len >= 0) { + res = ieee802_1x_get_mib(hapd, reply + reply_len, + reply_size - reply_len); + if (res < 0) + reply_len = -1; + else + reply_len += res; + } + if (reply_len >= 0) { + res = radius_client_get_mib(hapd->radius, + reply + reply_len, + reply_size - reply_len); + if (res < 0) + reply_len = -1; + else + reply_len += res; + } + } else if (strcmp(buf, "STA-FIRST") == 0) { + reply_len = hostapd_ctrl_iface_sta_first(hapd, reply, + reply_size); + } else if (strncmp(buf, "STA ", 4) == 0) { + reply_len = hostapd_ctrl_iface_sta(hapd, buf + 4, reply, + reply_size); + } else if (strncmp(buf, "STA-NEXT ", 9) == 0) { + reply_len = hostapd_ctrl_iface_sta_next(hapd, buf + 9, reply, + reply_size); + } else if (strcmp(buf, "ATTACH") == 0) { + if (hostapd_ctrl_iface_attach(hapd, &from, fromlen)) + reply_len = -1; + } else if (strcmp(buf, "DETACH") == 0) { + if (hostapd_ctrl_iface_detach(hapd, &from, fromlen)) + reply_len = -1; + } else if (strncmp(buf, "LEVEL ", 6) == 0) { + if (hostapd_ctrl_iface_level(hapd, &from, fromlen, + buf + 6)) + reply_len = -1; + } else if (strncmp(buf, "NEW_STA ", 8) == 0) { + if (hostapd_ctrl_iface_new_sta(hapd, buf + 8)) + reply_len = -1; + } else { + memcpy(reply, "UNKNOWN COMMAND\n", 16); + reply_len = 16; + } + + if (reply_len < 0) { + memcpy(reply, "FAIL\n", 5); + reply_len = 5; + } + sendto(sock, reply, reply_len, 0, (struct sockaddr *) &from, fromlen); + free(reply); +} + + +static char * hostapd_ctrl_iface_path(struct hostapd_data *hapd) +{ + char *buf; + size_t len; + + if (hapd->conf->ctrl_interface == NULL) + return NULL; + + len = strlen(hapd->conf->ctrl_interface) + strlen(hapd->conf->iface) + + 2; + buf = malloc(len); + if (buf == NULL) + return NULL; + + snprintf(buf, len, "%s/%s", + hapd->conf->ctrl_interface, hapd->conf->iface); + buf[len - 1] = '\0'; + return buf; +} + + +int hostapd_ctrl_iface_init(struct hostapd_data *hapd) +{ + struct sockaddr_un addr; + int s = -1; + char *fname = NULL; + + hapd->ctrl_sock = -1; + + if (hapd->conf->ctrl_interface == NULL) + return 0; + + if (mkdir(hapd->conf->ctrl_interface, S_IRWXU | S_IRWXG) < 0) { + if (errno == EEXIST) { + wpa_printf(MSG_DEBUG, "Using existing control " + "interface directory."); + } else { + perror("mkdir[ctrl_interface]"); + goto fail; + } + } + + if (hapd->conf->ctrl_interface_gid_set && + chown(hapd->conf->ctrl_interface, 0, + hapd->conf->ctrl_interface_gid) < 0) { + perror("chown[ctrl_interface]"); + return -1; + } + + if (strlen(hapd->conf->ctrl_interface) + 1 + strlen(hapd->conf->iface) + >= sizeof(addr.sun_path)) + goto fail; + + s = socket(PF_UNIX, SOCK_DGRAM, 0); + if (s < 0) { + perror("socket(PF_UNIX)"); + goto fail; + } + + memset(&addr, 0, sizeof(addr)); + addr.sun_family = AF_UNIX; + fname = hostapd_ctrl_iface_path(hapd); + if (fname == NULL) + goto fail; + strncpy(addr.sun_path, fname, sizeof(addr.sun_path)); + if (bind(s, (struct sockaddr *) &addr, sizeof(addr)) < 0) { + perror("bind(PF_UNIX)"); + goto fail; + } + + if (hapd->conf->ctrl_interface_gid_set && + chown(fname, 0, hapd->conf->ctrl_interface_gid) < 0) { + perror("chown[ctrl_interface/ifname]"); + goto fail; + } + + if (chmod(fname, S_IRWXU | S_IRWXG) < 0) { + perror("chmod[ctrl_interface/ifname]"); + goto fail; + } + free(fname); + + hapd->ctrl_sock = s; + eloop_register_read_sock(s, hostapd_ctrl_iface_receive, hapd, + NULL); + + return 0; + +fail: + if (s >= 0) + close(s); + if (fname) { + unlink(fname); + free(fname); + } + return -1; +} + + +void hostapd_ctrl_iface_deinit(struct hostapd_data *hapd) +{ + struct wpa_ctrl_dst *dst, *prev; + + if (hapd->ctrl_sock > -1) { + char *fname; + eloop_unregister_read_sock(hapd->ctrl_sock); + close(hapd->ctrl_sock); + hapd->ctrl_sock = -1; + fname = hostapd_ctrl_iface_path(hapd); + if (fname) + unlink(fname); + free(fname); + + if (hapd->conf->ctrl_interface && + rmdir(hapd->conf->ctrl_interface) < 0) { + if (errno == ENOTEMPTY) { + wpa_printf(MSG_DEBUG, "Control interface " + "directory not empty - leaving it " + "behind"); + } else { + perror("rmdir[ctrl_interface]"); + } + } + } + + dst = hapd->ctrl_dst; + while (dst) { + prev = dst; + dst = dst->next; + free(prev); + } +} + + +void hostapd_ctrl_iface_send(struct hostapd_data *hapd, int level, + char *buf, size_t len) +{ + struct wpa_ctrl_dst *dst, *next; + struct msghdr msg; + int idx; + struct iovec io[2]; + char levelstr[10]; + + dst = hapd->ctrl_dst; + if (hapd->ctrl_sock < 0 || dst == NULL) + return; + + snprintf(levelstr, sizeof(levelstr), "<%d>", level); + io[0].iov_base = levelstr; + io[0].iov_len = strlen(levelstr); + io[1].iov_base = buf; + io[1].iov_len = len; + memset(&msg, 0, sizeof(msg)); + msg.msg_iov = io; + msg.msg_iovlen = 2; + + idx = 0; + while (dst) { + next = dst->next; + if (level >= dst->debug_level) { + wpa_hexdump(MSG_DEBUG, "CTRL_IFACE monitor send", + (u8 *) dst->addr.sun_path, dst->addrlen); + msg.msg_name = &dst->addr; + msg.msg_namelen = dst->addrlen; + if (sendmsg(hapd->ctrl_sock, &msg, 0) < 0) { + fprintf(stderr, "CTRL_IFACE monitor[%d]: ", + idx); + perror("sendmsg"); + dst->errors++; + if (dst->errors > 10) { + hostapd_ctrl_iface_detach( + hapd, &dst->addr, + dst->addrlen); + } + } else + dst->errors = 0; + } + idx++; + dst = next; + } +} + +#endif /* CONFIG_NATIVE_WINDOWS */ diff --git a/contrib/hostapd-0.5.8/ctrl_iface.h b/contrib/hostapd-0.5.8/ctrl_iface.h new file mode 100644 index 0000000000..2ac2f3b299 --- /dev/null +++ b/contrib/hostapd-0.5.8/ctrl_iface.h @@ -0,0 +1,23 @@ +/* + * hostapd / UNIX domain socket -based control interface + * Copyright (c) 2004, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef CTRL_IFACE_H +#define CTRL_IFACE_H + +int hostapd_ctrl_iface_init(struct hostapd_data *hapd); +void hostapd_ctrl_iface_deinit(struct hostapd_data *hapd); +void hostapd_ctrl_iface_send(struct hostapd_data *hapd, int level, + char *buf, size_t len); + +#endif /* CTRL_IFACE_H */ diff --git a/contrib/hostapd-0.5.8/defs.h b/contrib/hostapd-0.5.8/defs.h new file mode 100644 index 0000000000..603fc55c11 --- /dev/null +++ b/contrib/hostapd-0.5.8/defs.h @@ -0,0 +1,140 @@ +/* + * WPA Supplicant - Common definitions + * Copyright (c) 2004-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef DEFS_H +#define DEFS_H + +#ifdef FALSE +#undef FALSE +#endif +#ifdef TRUE +#undef TRUE +#endif +typedef enum { FALSE = 0, TRUE = 1 } Boolean; + + +typedef enum { WPA_ALG_NONE, WPA_ALG_WEP, WPA_ALG_TKIP, WPA_ALG_CCMP, + WPA_ALG_IGTK, WPA_ALG_DHV } wpa_alg; +typedef enum { CIPHER_NONE, CIPHER_WEP40, CIPHER_TKIP, CIPHER_CCMP, + CIPHER_WEP104 } wpa_cipher; +typedef enum { KEY_MGMT_802_1X, KEY_MGMT_PSK, KEY_MGMT_NONE, + KEY_MGMT_802_1X_NO_WPA, KEY_MGMT_WPA_NONE } wpa_key_mgmt; + +/** + * enum wpa_states - wpa_supplicant state + * + * These enumeration values are used to indicate the current wpa_supplicant + * state (wpa_s->wpa_state). The current state can be retrieved with + * wpa_supplicant_get_state() function and the state can be changed by calling + * wpa_supplicant_set_state(). In WPA state machine (wpa.c and preauth.c), the + * wrapper functions wpa_sm_get_state() and wpa_sm_set_state() should be used + * to access the state variable. + */ +typedef enum { + /** + * WPA_DISCONNECTED - Disconnected state + * + * This state indicates that client is not associated, but is likely to + * start looking for an access point. This state is entered when a + * connection is lost. + */ + WPA_DISCONNECTED, + + /** + * WPA_INACTIVE - Inactive state (wpa_supplicant disabled) + * + * This state is entered if there are no enabled networks in the + * configuration. wpa_supplicant is not trying to associate with a new + * network and external interaction (e.g., ctrl_iface call to add or + * enable a network) is needed to start association. + */ + WPA_INACTIVE, + + /** + * WPA_SCANNING - Scanning for a network + * + * This state is entered when wpa_supplicant starts scanning for a + * network. + */ + WPA_SCANNING, + + /** + * WPA_ASSOCIATING - Trying to associate with a BSS/SSID + * + * This state is entered when wpa_supplicant has found a suitable BSS + * to associate with and the driver is configured to try to associate + * with this BSS in ap_scan=1 mode. When using ap_scan=2 mode, this + * state is entered when the driver is configured to try to associate + * with a network using the configured SSID and security policy. + */ + WPA_ASSOCIATING, + + /** + * WPA_ASSOCIATED - Association completed + * + * This state is entered when the driver reports that association has + * been successfully completed with an AP. If IEEE 802.1X is used + * (with or without WPA/WPA2), wpa_supplicant remains in this state + * until the IEEE 802.1X/EAPOL authentication has been completed. + */ + WPA_ASSOCIATED, + + /** + * WPA_4WAY_HANDSHAKE - WPA 4-Way Key Handshake in progress + * + * This state is entered when WPA/WPA2 4-Way Handshake is started. In + * case of WPA-PSK, this happens when receiving the first EAPOL-Key + * frame after association. In case of WPA-EAP, this state is entered + * when the IEEE 802.1X/EAPOL authentication has been completed. + */ + WPA_4WAY_HANDSHAKE, + + /** + * WPA_GROUP_HANDSHAKE - WPA Group Key Handshake in progress + * + * This state is entered when 4-Way Key Handshake has been completed + * (i.e., when the supplicant sends out message 4/4) and when Group + * Key rekeying is started by the AP (i.e., when supplicant receives + * message 1/2). + */ + WPA_GROUP_HANDSHAKE, + + /** + * WPA_COMPLETED - All authentication completed + * + * This state is entered when the full authentication process is + * completed. In case of WPA2, this happens when the 4-Way Handshake is + * successfully completed. With WPA, this state is entered after the + * Group Key Handshake; with IEEE 802.1X (non-WPA) connection is + * completed after dynamic keys are received (or if not used, after + * the EAP authentication has been completed). With static WEP keys and + * plaintext connections, this state is entered when an association + * has been completed. + * + * This state indicates that the supplicant has completed its + * processing for the association phase and that data connection is + * fully configured. + */ + WPA_COMPLETED +} wpa_states; + +#define MLME_SETPROTECTION_PROTECT_TYPE_NONE 0 +#define MLME_SETPROTECTION_PROTECT_TYPE_RX 1 +#define MLME_SETPROTECTION_PROTECT_TYPE_TX 2 +#define MLME_SETPROTECTION_PROTECT_TYPE_RX_TX 3 + +#define MLME_SETPROTECTION_KEY_TYPE_GROUP 0 +#define MLME_SETPROTECTION_KEY_TYPE_PAIRWISE 1 + +#endif /* DEFS_H */ diff --git a/contrib/hostapd-0.5.8/des.c b/contrib/hostapd-0.5.8/des.c new file mode 100644 index 0000000000..8e0d56fc6a --- /dev/null +++ b/contrib/hostapd-0.5.8/des.c @@ -0,0 +1,476 @@ +/* + * DES and 3DES-EDE ciphers + * + * Modifications to LibTomCrypt implementation: + * Copyright (c) 2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "common.h" +#include "crypto.h" + + +#ifdef INTERNAL_DES + +/* + * This implementation is based on a DES implementation included in + * LibTomCrypt. The version here is modified to fit in wpa_supplicant/hostapd + * coding style. + */ + +/* LibTomCrypt, modular cryptographic library -- Tom St Denis + * + * LibTomCrypt is a library that provides various cryptographic + * algorithms in a highly modular and flexible manner. + * + * The library is free for all purposes without any express + * guarantee it works. + * + * Tom St Denis, tomstdenis@gmail.com, http://libtomcrypt.com + */ + +/** + DES code submitted by Dobes Vandermeer +*/ + +#define ROLc(x, y) \ + ((((unsigned long) (x) << (unsigned long) ((y) & 31)) | \ + (((unsigned long) (x) & 0xFFFFFFFFUL) >> \ + (unsigned long) (32 - ((y) & 31)))) & 0xFFFFFFFFUL) +#define RORc(x, y) \ + (((((unsigned long) (x) & 0xFFFFFFFFUL) >> \ + (unsigned long) ((y) & 31)) | \ + ((unsigned long) (x) << (unsigned long) (32 - ((y) & 31)))) & \ + 0xFFFFFFFFUL) + + +static const u32 bytebit[8] = +{ + 0200, 0100, 040, 020, 010, 04, 02, 01 +}; + +static const u32 bigbyte[24] = +{ + 0x800000UL, 0x400000UL, 0x200000UL, 0x100000UL, + 0x80000UL, 0x40000UL, 0x20000UL, 0x10000UL, + 0x8000UL, 0x4000UL, 0x2000UL, 0x1000UL, + 0x800UL, 0x400UL, 0x200UL, 0x100UL, + 0x80UL, 0x40UL, 0x20UL, 0x10UL, + 0x8UL, 0x4UL, 0x2UL, 0x1L +}; + +/* Use the key schedule specific in the standard (ANSI X3.92-1981) */ + +static const u8 pc1[56] = { + 56, 48, 40, 32, 24, 16, 8, 0, 57, 49, 41, 33, 25, 17, + 9, 1, 58, 50, 42, 34, 26, 18, 10, 2, 59, 51, 43, 35, + 62, 54, 46, 38, 30, 22, 14, 6, 61, 53, 45, 37, 29, 21, + 13, 5, 60, 52, 44, 36, 28, 20, 12, 4, 27, 19, 11, 3 +}; + +static const u8 totrot[16] = { + 1, 2, 4, 6, + 8, 10, 12, 14, + 15, 17, 19, 21, + 23, 25, 27, 28 +}; + +static const u8 pc2[48] = { + 13, 16, 10, 23, 0, 4, 2, 27, 14, 5, 20, 9, + 22, 18, 11, 3, 25, 7, 15, 6, 26, 19, 12, 1, + 40, 51, 30, 36, 46, 54, 29, 39, 50, 44, 32, 47, + 43, 48, 38, 55, 33, 52, 45, 41, 49, 35, 28, 31 +}; + + +static const u32 SP1[64] = +{ + 0x01010400UL, 0x00000000UL, 0x00010000UL, 0x01010404UL, + 0x01010004UL, 0x00010404UL, 0x00000004UL, 0x00010000UL, + 0x00000400UL, 0x01010400UL, 0x01010404UL, 0x00000400UL, + 0x01000404UL, 0x01010004UL, 0x01000000UL, 0x00000004UL, + 0x00000404UL, 0x01000400UL, 0x01000400UL, 0x00010400UL, + 0x00010400UL, 0x01010000UL, 0x01010000UL, 0x01000404UL, + 0x00010004UL, 0x01000004UL, 0x01000004UL, 0x00010004UL, + 0x00000000UL, 0x00000404UL, 0x00010404UL, 0x01000000UL, + 0x00010000UL, 0x01010404UL, 0x00000004UL, 0x01010000UL, + 0x01010400UL, 0x01000000UL, 0x01000000UL, 0x00000400UL, + 0x01010004UL, 0x00010000UL, 0x00010400UL, 0x01000004UL, + 0x00000400UL, 0x00000004UL, 0x01000404UL, 0x00010404UL, + 0x01010404UL, 0x00010004UL, 0x01010000UL, 0x01000404UL, + 0x01000004UL, 0x00000404UL, 0x00010404UL, 0x01010400UL, + 0x00000404UL, 0x01000400UL, 0x01000400UL, 0x00000000UL, + 0x00010004UL, 0x00010400UL, 0x00000000UL, 0x01010004UL +}; + +static const u32 SP2[64] = +{ + 0x80108020UL, 0x80008000UL, 0x00008000UL, 0x00108020UL, + 0x00100000UL, 0x00000020UL, 0x80100020UL, 0x80008020UL, + 0x80000020UL, 0x80108020UL, 0x80108000UL, 0x80000000UL, + 0x80008000UL, 0x00100000UL, 0x00000020UL, 0x80100020UL, + 0x00108000UL, 0x00100020UL, 0x80008020UL, 0x00000000UL, + 0x80000000UL, 0x00008000UL, 0x00108020UL, 0x80100000UL, + 0x00100020UL, 0x80000020UL, 0x00000000UL, 0x00108000UL, + 0x00008020UL, 0x80108000UL, 0x80100000UL, 0x00008020UL, + 0x00000000UL, 0x00108020UL, 0x80100020UL, 0x00100000UL, + 0x80008020UL, 0x80100000UL, 0x80108000UL, 0x00008000UL, + 0x80100000UL, 0x80008000UL, 0x00000020UL, 0x80108020UL, + 0x00108020UL, 0x00000020UL, 0x00008000UL, 0x80000000UL, + 0x00008020UL, 0x80108000UL, 0x00100000UL, 0x80000020UL, + 0x00100020UL, 0x80008020UL, 0x80000020UL, 0x00100020UL, + 0x00108000UL, 0x00000000UL, 0x80008000UL, 0x00008020UL, + 0x80000000UL, 0x80100020UL, 0x80108020UL, 0x00108000UL +}; + +static const u32 SP3[64] = +{ + 0x00000208UL, 0x08020200UL, 0x00000000UL, 0x08020008UL, + 0x08000200UL, 0x00000000UL, 0x00020208UL, 0x08000200UL, + 0x00020008UL, 0x08000008UL, 0x08000008UL, 0x00020000UL, + 0x08020208UL, 0x00020008UL, 0x08020000UL, 0x00000208UL, + 0x08000000UL, 0x00000008UL, 0x08020200UL, 0x00000200UL, + 0x00020200UL, 0x08020000UL, 0x08020008UL, 0x00020208UL, + 0x08000208UL, 0x00020200UL, 0x00020000UL, 0x08000208UL, + 0x00000008UL, 0x08020208UL, 0x00000200UL, 0x08000000UL, + 0x08020200UL, 0x08000000UL, 0x00020008UL, 0x00000208UL, + 0x00020000UL, 0x08020200UL, 0x08000200UL, 0x00000000UL, + 0x00000200UL, 0x00020008UL, 0x08020208UL, 0x08000200UL, + 0x08000008UL, 0x00000200UL, 0x00000000UL, 0x08020008UL, + 0x08000208UL, 0x00020000UL, 0x08000000UL, 0x08020208UL, + 0x00000008UL, 0x00020208UL, 0x00020200UL, 0x08000008UL, + 0x08020000UL, 0x08000208UL, 0x00000208UL, 0x08020000UL, + 0x00020208UL, 0x00000008UL, 0x08020008UL, 0x00020200UL +}; + +static const u32 SP4[64] = +{ + 0x00802001UL, 0x00002081UL, 0x00002081UL, 0x00000080UL, + 0x00802080UL, 0x00800081UL, 0x00800001UL, 0x00002001UL, + 0x00000000UL, 0x00802000UL, 0x00802000UL, 0x00802081UL, + 0x00000081UL, 0x00000000UL, 0x00800080UL, 0x00800001UL, + 0x00000001UL, 0x00002000UL, 0x00800000UL, 0x00802001UL, + 0x00000080UL, 0x00800000UL, 0x00002001UL, 0x00002080UL, + 0x00800081UL, 0x00000001UL, 0x00002080UL, 0x00800080UL, + 0x00002000UL, 0x00802080UL, 0x00802081UL, 0x00000081UL, + 0x00800080UL, 0x00800001UL, 0x00802000UL, 0x00802081UL, + 0x00000081UL, 0x00000000UL, 0x00000000UL, 0x00802000UL, + 0x00002080UL, 0x00800080UL, 0x00800081UL, 0x00000001UL, + 0x00802001UL, 0x00002081UL, 0x00002081UL, 0x00000080UL, + 0x00802081UL, 0x00000081UL, 0x00000001UL, 0x00002000UL, + 0x00800001UL, 0x00002001UL, 0x00802080UL, 0x00800081UL, + 0x00002001UL, 0x00002080UL, 0x00800000UL, 0x00802001UL, + 0x00000080UL, 0x00800000UL, 0x00002000UL, 0x00802080UL +}; + +static const u32 SP5[64] = +{ + 0x00000100UL, 0x02080100UL, 0x02080000UL, 0x42000100UL, + 0x00080000UL, 0x00000100UL, 0x40000000UL, 0x02080000UL, + 0x40080100UL, 0x00080000UL, 0x02000100UL, 0x40080100UL, + 0x42000100UL, 0x42080000UL, 0x00080100UL, 0x40000000UL, + 0x02000000UL, 0x40080000UL, 0x40080000UL, 0x00000000UL, + 0x40000100UL, 0x42080100UL, 0x42080100UL, 0x02000100UL, + 0x42080000UL, 0x40000100UL, 0x00000000UL, 0x42000000UL, + 0x02080100UL, 0x02000000UL, 0x42000000UL, 0x00080100UL, + 0x00080000UL, 0x42000100UL, 0x00000100UL, 0x02000000UL, + 0x40000000UL, 0x02080000UL, 0x42000100UL, 0x40080100UL, + 0x02000100UL, 0x40000000UL, 0x42080000UL, 0x02080100UL, + 0x40080100UL, 0x00000100UL, 0x02000000UL, 0x42080000UL, + 0x42080100UL, 0x00080100UL, 0x42000000UL, 0x42080100UL, + 0x02080000UL, 0x00000000UL, 0x40080000UL, 0x42000000UL, + 0x00080100UL, 0x02000100UL, 0x40000100UL, 0x00080000UL, + 0x00000000UL, 0x40080000UL, 0x02080100UL, 0x40000100UL +}; + +static const u32 SP6[64] = +{ + 0x20000010UL, 0x20400000UL, 0x00004000UL, 0x20404010UL, + 0x20400000UL, 0x00000010UL, 0x20404010UL, 0x00400000UL, + 0x20004000UL, 0x00404010UL, 0x00400000UL, 0x20000010UL, + 0x00400010UL, 0x20004000UL, 0x20000000UL, 0x00004010UL, + 0x00000000UL, 0x00400010UL, 0x20004010UL, 0x00004000UL, + 0x00404000UL, 0x20004010UL, 0x00000010UL, 0x20400010UL, + 0x20400010UL, 0x00000000UL, 0x00404010UL, 0x20404000UL, + 0x00004010UL, 0x00404000UL, 0x20404000UL, 0x20000000UL, + 0x20004000UL, 0x00000010UL, 0x20400010UL, 0x00404000UL, + 0x20404010UL, 0x00400000UL, 0x00004010UL, 0x20000010UL, + 0x00400000UL, 0x20004000UL, 0x20000000UL, 0x00004010UL, + 0x20000010UL, 0x20404010UL, 0x00404000UL, 0x20400000UL, + 0x00404010UL, 0x20404000UL, 0x00000000UL, 0x20400010UL, + 0x00000010UL, 0x00004000UL, 0x20400000UL, 0x00404010UL, + 0x00004000UL, 0x00400010UL, 0x20004010UL, 0x00000000UL, + 0x20404000UL, 0x20000000UL, 0x00400010UL, 0x20004010UL +}; + +static const u32 SP7[64] = +{ + 0x00200000UL, 0x04200002UL, 0x04000802UL, 0x00000000UL, + 0x00000800UL, 0x04000802UL, 0x00200802UL, 0x04200800UL, + 0x04200802UL, 0x00200000UL, 0x00000000UL, 0x04000002UL, + 0x00000002UL, 0x04000000UL, 0x04200002UL, 0x00000802UL, + 0x04000800UL, 0x00200802UL, 0x00200002UL, 0x04000800UL, + 0x04000002UL, 0x04200000UL, 0x04200800UL, 0x00200002UL, + 0x04200000UL, 0x00000800UL, 0x00000802UL, 0x04200802UL, + 0x00200800UL, 0x00000002UL, 0x04000000UL, 0x00200800UL, + 0x04000000UL, 0x00200800UL, 0x00200000UL, 0x04000802UL, + 0x04000802UL, 0x04200002UL, 0x04200002UL, 0x00000002UL, + 0x00200002UL, 0x04000000UL, 0x04000800UL, 0x00200000UL, + 0x04200800UL, 0x00000802UL, 0x00200802UL, 0x04200800UL, + 0x00000802UL, 0x04000002UL, 0x04200802UL, 0x04200000UL, + 0x00200800UL, 0x00000000UL, 0x00000002UL, 0x04200802UL, + 0x00000000UL, 0x00200802UL, 0x04200000UL, 0x00000800UL, + 0x04000002UL, 0x04000800UL, 0x00000800UL, 0x00200002UL +}; + +static const u32 SP8[64] = +{ + 0x10001040UL, 0x00001000UL, 0x00040000UL, 0x10041040UL, + 0x10000000UL, 0x10001040UL, 0x00000040UL, 0x10000000UL, + 0x00040040UL, 0x10040000UL, 0x10041040UL, 0x00041000UL, + 0x10041000UL, 0x00041040UL, 0x00001000UL, 0x00000040UL, + 0x10040000UL, 0x10000040UL, 0x10001000UL, 0x00001040UL, + 0x00041000UL, 0x00040040UL, 0x10040040UL, 0x10041000UL, + 0x00001040UL, 0x00000000UL, 0x00000000UL, 0x10040040UL, + 0x10000040UL, 0x10001000UL, 0x00041040UL, 0x00040000UL, + 0x00041040UL, 0x00040000UL, 0x10041000UL, 0x00001000UL, + 0x00000040UL, 0x10040040UL, 0x00001000UL, 0x00041040UL, + 0x10001000UL, 0x00000040UL, 0x10000040UL, 0x10040000UL, + 0x10040040UL, 0x10000000UL, 0x00040000UL, 0x10001040UL, + 0x00000000UL, 0x10041040UL, 0x00040040UL, 0x10000040UL, + 0x10040000UL, 0x10001000UL, 0x10001040UL, 0x00000000UL, + 0x10041040UL, 0x00041000UL, 0x00041000UL, 0x00001040UL, + 0x00001040UL, 0x00040040UL, 0x10000000UL, 0x10041000UL +}; + + +static void cookey(const u32 *raw1, u32 *keyout) +{ + u32 *cook; + const u32 *raw0; + u32 dough[32]; + int i; + + cook = dough; + for (i = 0; i < 16; i++, raw1++) { + raw0 = raw1++; + *cook = (*raw0 & 0x00fc0000L) << 6; + *cook |= (*raw0 & 0x00000fc0L) << 10; + *cook |= (*raw1 & 0x00fc0000L) >> 10; + *cook++ |= (*raw1 & 0x00000fc0L) >> 6; + *cook = (*raw0 & 0x0003f000L) << 12; + *cook |= (*raw0 & 0x0000003fL) << 16; + *cook |= (*raw1 & 0x0003f000L) >> 4; + *cook++ |= (*raw1 & 0x0000003fL); + } + + os_memcpy(keyout, dough, sizeof(dough)); +} + + +static void deskey(const u8 *key, int decrypt, u32 *keyout) +{ + u32 i, j, l, m, n, kn[32]; + u8 pc1m[56], pcr[56]; + + for (j = 0; j < 56; j++) { + l = (u32) pc1[j]; + m = l & 7; + pc1m[j] = (u8) + ((key[l >> 3U] & bytebit[m]) == bytebit[m] ? 1 : 0); + } + + for (i = 0; i < 16; i++) { + if (decrypt) + m = (15 - i) << 1; + else + m = i << 1; + n = m + 1; + kn[m] = kn[n] = 0L; + for (j = 0; j < 28; j++) { + l = j + (u32) totrot[i]; + if (l < 28) + pcr[j] = pc1m[l]; + else + pcr[j] = pc1m[l - 28]; + } + for (/* j = 28 */; j < 56; j++) { + l = j + (u32) totrot[i]; + if (l < 56) + pcr[j] = pc1m[l]; + else + pcr[j] = pc1m[l - 28]; + } + for (j = 0; j < 24; j++) { + if ((int) pcr[(int) pc2[j]] != 0) + kn[m] |= bigbyte[j]; + if ((int) pcr[(int) pc2[j + 24]] != 0) + kn[n] |= bigbyte[j]; + } + } + + cookey(kn, keyout); +} + + +static void desfunc(u32 *block, const u32 *keys) +{ + u32 work, right, leftt; + int cur_round; + + leftt = block[0]; + right = block[1]; + + work = ((leftt >> 4) ^ right) & 0x0f0f0f0fL; + right ^= work; + leftt ^= (work << 4); + + work = ((leftt >> 16) ^ right) & 0x0000ffffL; + right ^= work; + leftt ^= (work << 16); + + work = ((right >> 2) ^ leftt) & 0x33333333L; + leftt ^= work; + right ^= (work << 2); + + work = ((right >> 8) ^ leftt) & 0x00ff00ffL; + leftt ^= work; + right ^= (work << 8); + + right = ROLc(right, 1); + work = (leftt ^ right) & 0xaaaaaaaaL; + + leftt ^= work; + right ^= work; + leftt = ROLc(leftt, 1); + + for (cur_round = 0; cur_round < 8; cur_round++) { + work = RORc(right, 4) ^ *keys++; + leftt ^= SP7[work & 0x3fL] + ^ SP5[(work >> 8) & 0x3fL] + ^ SP3[(work >> 16) & 0x3fL] + ^ SP1[(work >> 24) & 0x3fL]; + work = right ^ *keys++; + leftt ^= SP8[ work & 0x3fL] + ^ SP6[(work >> 8) & 0x3fL] + ^ SP4[(work >> 16) & 0x3fL] + ^ SP2[(work >> 24) & 0x3fL]; + + work = RORc(leftt, 4) ^ *keys++; + right ^= SP7[ work & 0x3fL] + ^ SP5[(work >> 8) & 0x3fL] + ^ SP3[(work >> 16) & 0x3fL] + ^ SP1[(work >> 24) & 0x3fL]; + work = leftt ^ *keys++; + right ^= SP8[ work & 0x3fL] + ^ SP6[(work >> 8) & 0x3fL] + ^ SP4[(work >> 16) & 0x3fL] + ^ SP2[(work >> 24) & 0x3fL]; + } + + right = RORc(right, 1); + work = (leftt ^ right) & 0xaaaaaaaaL; + leftt ^= work; + right ^= work; + leftt = RORc(leftt, 1); + work = ((leftt >> 8) ^ right) & 0x00ff00ffL; + right ^= work; + leftt ^= (work << 8); + /* -- */ + work = ((leftt >> 2) ^ right) & 0x33333333L; + right ^= work; + leftt ^= (work << 2); + work = ((right >> 16) ^ leftt) & 0x0000ffffL; + leftt ^= work; + right ^= (work << 16); + work = ((right >> 4) ^ leftt) & 0x0f0f0f0fL; + leftt ^= work; + right ^= (work << 4); + + block[0] = right; + block[1] = leftt; +} + + +/* wpa_supplicant/hostapd specific wrapper */ + +void des_encrypt(const u8 *clear, const u8 *key, u8 *cypher) +{ + u8 pkey[8], next, tmp; + int i; + u32 ek[32], work[2]; + + /* Add parity bits to the key */ + next = 0; + for (i = 0; i < 7; i++) { + tmp = key[i]; + pkey[i] = (tmp >> i) | next | 1; + next = tmp << (7 - i); + } + pkey[i] = next | 1; + + deskey(pkey, 0, ek); + + work[0] = WPA_GET_BE32(clear); + work[1] = WPA_GET_BE32(clear + 4); + desfunc(work, ek); + WPA_PUT_BE32(cypher, work[0]); + WPA_PUT_BE32(cypher + 4, work[1]); +} + + +struct des3_key_s { + u32 ek[3][32]; + u32 dk[3][32]; +}; + +void des3_key_setup(const u8 *key, struct des3_key_s *dkey) +{ + deskey(key, 0, dkey->ek[0]); + deskey(key + 8, 1, dkey->ek[1]); + deskey(key + 16, 0, dkey->ek[2]); + + deskey(key, 1, dkey->dk[2]); + deskey(key + 8, 0, dkey->dk[1]); + deskey(key + 16, 1, dkey->dk[0]); +} + + +void des3_encrypt(const u8 *plain, const struct des3_key_s *key, u8 *crypt) +{ + u32 work[2]; + + work[0] = WPA_GET_BE32(plain); + work[1] = WPA_GET_BE32(plain + 4); + desfunc(work, key->ek[0]); + desfunc(work, key->ek[1]); + desfunc(work, key->ek[2]); + WPA_PUT_BE32(crypt, work[0]); + WPA_PUT_BE32(crypt + 4, work[1]); +} + + +void des3_decrypt(const u8 *crypt, const struct des3_key_s *key, u8 *plain) +{ + u32 work[2]; + + work[0] = WPA_GET_BE32(crypt); + work[1] = WPA_GET_BE32(crypt + 4); + desfunc(work, key->dk[0]); + desfunc(work, key->dk[1]); + desfunc(work, key->dk[2]); + WPA_PUT_BE32(plain, work[0]); + WPA_PUT_BE32(plain + 4, work[1]); +} + +#endif /* INTERNAL_DES */ diff --git a/contrib/hostapd-0.5.8/driver.c b/contrib/hostapd-0.5.8/driver.c new file mode 100644 index 0000000000..077a5f72aa --- /dev/null +++ b/contrib/hostapd-0.5.8/driver.c @@ -0,0 +1,1224 @@ +/* + * hostapd / Kernel driver communication with Linux Host AP driver + * Copyright (c) 2002-2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" +#include + +#ifdef USE_KERNEL_HEADERS +#include +#include +#include /* The L2 protocols */ +#include +#include +#else /* USE_KERNEL_HEADERS */ +#include +#include +#include "wireless_copy.h" +#endif /* USE_KERNEL_HEADERS */ + +#include "hostapd.h" +#include "driver.h" +#include "ieee802_1x.h" +#include "eloop.h" +#include "priv_netlink.h" +#include "ieee802_11.h" +#include "sta_info.h" +#include "hostap_common.h" +#include "hw_features.h" + + +struct hostap_driver_data { + struct driver_ops ops; + struct hostapd_data *hapd; + + char iface[IFNAMSIZ + 1]; + int sock; /* raw packet socket for driver access */ + int ioctl_sock; /* socket for ioctl() use */ + int wext_sock; /* socket for wireless events */ + + int we_version; +}; + +static const struct driver_ops hostap_driver_ops; + + +static int hostapd_ioctl(void *priv, struct prism2_hostapd_param *param, + int len); +static int hostap_set_iface_flags(void *priv, int dev_up); + +static void handle_data(struct hostapd_data *hapd, u8 *buf, size_t len, + u16 stype) +{ + struct ieee80211_hdr *hdr; + u16 fc, ethertype; + u8 *pos, *sa; + size_t left; + struct sta_info *sta; + + if (len < sizeof(struct ieee80211_hdr)) + return; + + hdr = (struct ieee80211_hdr *) buf; + fc = le_to_host16(hdr->frame_control); + + if ((fc & (WLAN_FC_FROMDS | WLAN_FC_TODS)) != WLAN_FC_TODS) { + printf("Not ToDS data frame (fc=0x%04x)\n", fc); + return; + } + + sa = hdr->addr2; + sta = ap_get_sta(hapd, sa); + if (!sta || !(sta->flags & WLAN_STA_ASSOC)) { + printf("Data frame from not associated STA " MACSTR "\n", + MAC2STR(sa)); + if (sta && (sta->flags & WLAN_STA_AUTH)) + hostapd_sta_disassoc( + hapd, sa, + WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA); + else + hostapd_sta_deauth( + hapd, sa, + WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA); + return; + } + + pos = (u8 *) (hdr + 1); + left = len - sizeof(*hdr); + + if (left < sizeof(rfc1042_header)) { + printf("Too short data frame\n"); + return; + } + + if (memcmp(pos, rfc1042_header, sizeof(rfc1042_header)) != 0) { + printf("Data frame with no RFC1042 header\n"); + return; + } + pos += sizeof(rfc1042_header); + left -= sizeof(rfc1042_header); + + if (left < 2) { + printf("No ethertype in data frame\n"); + return; + } + + ethertype = *pos++ << 8; + ethertype |= *pos++; + left -= 2; + switch (ethertype) { + case ETH_P_PAE: + ieee802_1x_receive(hapd, sa, pos, left); + break; + + default: + printf("Unknown ethertype 0x%04x in data frame\n", ethertype); + break; + } +} + + +static void handle_tx_callback(struct hostapd_data *hapd, u8 *buf, size_t len, + int ok) +{ + struct ieee80211_hdr *hdr; + u16 fc, type, stype; + struct sta_info *sta; + + hdr = (struct ieee80211_hdr *) buf; + fc = le_to_host16(hdr->frame_control); + + type = WLAN_FC_GET_TYPE(fc); + stype = WLAN_FC_GET_STYPE(fc); + + switch (type) { + case WLAN_FC_TYPE_MGMT: + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "MGMT (TX callback) %s\n", ok ? "ACK" : "fail"); + ieee802_11_mgmt_cb(hapd, buf, len, stype, ok); + break; + case WLAN_FC_TYPE_CTRL: + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "CTRL (TX callback) %s\n", ok ? "ACK" : "fail"); + break; + case WLAN_FC_TYPE_DATA: + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "DATA (TX callback) %s\n", ok ? "ACK" : "fail"); + sta = ap_get_sta(hapd, hdr->addr1); + if (sta && sta->flags & WLAN_STA_PENDING_POLL) { + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "STA " MACSTR + " %s pending activity poll\n", + MAC2STR(sta->addr), + ok ? "ACKed" : "did not ACK"); + if (ok) + sta->flags &= ~WLAN_STA_PENDING_POLL; + } + if (sta) + ieee802_1x_tx_status(hapd, sta, buf, len, ok); + break; + default: + printf("unknown TX callback frame type %d\n", type); + break; + } +} + + +static void handle_frame(struct hostapd_data *hapd, u8 *buf, size_t len) +{ + struct ieee80211_hdr *hdr; + u16 fc, extra_len, type, stype; + unsigned char *extra = NULL; + size_t data_len = len; + int ver; + + /* PSPOLL is only 16 bytes, but driver does not (at least yet) pass + * these to user space */ + if (len < 24) { + HOSTAPD_DEBUG(HOSTAPD_DEBUG_VERBOSE, "handle_frame: too short " + "(%lu)\n", (unsigned long) len); + return; + } + + hdr = (struct ieee80211_hdr *) buf; + fc = le_to_host16(hdr->frame_control); + type = WLAN_FC_GET_TYPE(fc); + stype = WLAN_FC_GET_STYPE(fc); + + if (type != WLAN_FC_TYPE_MGMT || stype != WLAN_FC_STYPE_BEACON || + hapd->conf->debug >= HOSTAPD_DEBUG_EXCESSIVE) { + wpa_hexdump(MSG_MSGDUMP, "Received management frrame", + buf, len); + } + + ver = fc & WLAN_FC_PVER; + + /* protocol version 3 is reserved for indicating extra data after the + * payload, version 2 for indicating ACKed frame (TX callbacks), and + * version 1 for indicating failed frame (no ACK, TX callbacks) */ + if (ver == 3) { + u8 *pos = buf + len - 2; + extra_len = (u16) pos[1] << 8 | pos[0]; + printf("extra data in frame (elen=%d)\n", extra_len); + if ((size_t) extra_len + 2 > len) { + printf(" extra data overflow\n"); + return; + } + len -= extra_len + 2; + extra = buf + len; + } else if (ver == 1 || ver == 2) { + handle_tx_callback(hapd, buf, data_len, ver == 2 ? 1 : 0); + return; + } else if (ver != 0) { + printf("unknown protocol version %d\n", ver); + return; + } + + switch (type) { + case WLAN_FC_TYPE_MGMT: + HOSTAPD_DEBUG(stype == WLAN_FC_STYPE_BEACON ? + HOSTAPD_DEBUG_EXCESSIVE : HOSTAPD_DEBUG_VERBOSE, + "MGMT\n"); + ieee802_11_mgmt(hapd, buf, data_len, stype, NULL); + break; + case WLAN_FC_TYPE_CTRL: + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "CTRL\n"); + break; + case WLAN_FC_TYPE_DATA: + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "DATA\n"); + handle_data(hapd, buf, data_len, stype); + break; + default: + printf("unknown frame type %d\n", type); + break; + } +} + + +static void handle_read(int sock, void *eloop_ctx, void *sock_ctx) +{ + struct hostapd_data *hapd = (struct hostapd_data *) eloop_ctx; + int len; + unsigned char buf[3000]; + + len = recv(sock, buf, sizeof(buf), 0); + if (len < 0) { + perror("recv"); + return; + } + + handle_frame(hapd, buf, len); +} + + +static int hostap_init_sockets(struct hostap_driver_data *drv) +{ + struct hostapd_data *hapd = drv->hapd; + struct ifreq ifr; + struct sockaddr_ll addr; + + drv->sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); + if (drv->sock < 0) { + perror("socket[PF_PACKET,SOCK_RAW]"); + return -1; + } + + if (eloop_register_read_sock(drv->sock, handle_read, drv->hapd, NULL)) + { + printf("Could not register read socket\n"); + return -1; + } + + memset(&ifr, 0, sizeof(ifr)); + snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%sap", drv->iface); + if (ioctl(drv->sock, SIOCGIFINDEX, &ifr) != 0) { + perror("ioctl(SIOCGIFINDEX)"); + return -1; + } + + if (hostap_set_iface_flags(drv, 1)) { + return -1; + } + + memset(&addr, 0, sizeof(addr)); + addr.sll_family = AF_PACKET; + addr.sll_ifindex = ifr.ifr_ifindex; + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "Opening raw packet socket for ifindex %d\n", + addr.sll_ifindex); + + if (bind(drv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) { + perror("bind"); + return -1; + } + + memset(&ifr, 0, sizeof(ifr)); + snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s", drv->iface); + if (ioctl(drv->sock, SIOCGIFHWADDR, &ifr) != 0) { + perror("ioctl(SIOCGIFHWADDR)"); + return -1; + } + + if (ifr.ifr_hwaddr.sa_family != ARPHRD_ETHER) { + printf("Invalid HW-addr family 0x%04x\n", + ifr.ifr_hwaddr.sa_family); + return -1; + } + memcpy(drv->hapd->own_addr, ifr.ifr_hwaddr.sa_data, ETH_ALEN); + + return 0; +} + + +static int hostap_send_mgmt_frame(void *priv, const void *msg, size_t len, + int flags) +{ + struct hostap_driver_data *drv = priv; + + return send(drv->sock, msg, len, flags); +} + + +static int hostap_send_eapol(void *priv, const u8 *addr, const u8 *data, + size_t data_len, int encrypt, const u8 *own_addr) +{ + struct hostap_driver_data *drv = priv; + struct ieee80211_hdr *hdr; + size_t len; + u8 *pos; + int res; + + len = sizeof(*hdr) + sizeof(rfc1042_header) + 2 + data_len; + hdr = wpa_zalloc(len); + if (hdr == NULL) { + printf("malloc() failed for hostapd_send_data(len=%lu)\n", + (unsigned long) len); + return -1; + } + + hdr->frame_control = + IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA); + hdr->frame_control |= host_to_le16(WLAN_FC_FROMDS); + /* Request TX callback */ + hdr->frame_control |= host_to_le16(BIT(1)); + if (encrypt) + hdr->frame_control |= host_to_le16(WLAN_FC_ISWEP); + memcpy(hdr->IEEE80211_DA_FROMDS, addr, ETH_ALEN); + memcpy(hdr->IEEE80211_BSSID_FROMDS, own_addr, ETH_ALEN); + memcpy(hdr->IEEE80211_SA_FROMDS, own_addr, ETH_ALEN); + + pos = (u8 *) (hdr + 1); + memcpy(pos, rfc1042_header, sizeof(rfc1042_header)); + pos += sizeof(rfc1042_header); + *((u16 *) pos) = htons(ETH_P_PAE); + pos += 2; + memcpy(pos, data, data_len); + + res = hostap_send_mgmt_frame(drv, (u8 *) hdr, len, 0); + free(hdr); + + if (res < 0) { + perror("hostapd_send_eapol: send"); + printf("hostapd_send_eapol - packet len: %lu - failed\n", + (unsigned long) len); + } + + return res; +} + + +static int hostap_sta_set_flags(void *priv, const u8 *addr, + int flags_or, int flags_and) +{ + struct hostap_driver_data *drv = priv; + struct prism2_hostapd_param param; + + memset(¶m, 0, sizeof(param)); + param.cmd = PRISM2_HOSTAPD_SET_FLAGS_STA; + memcpy(param.sta_addr, addr, ETH_ALEN); + param.u.set_flags_sta.flags_or = flags_or; + param.u.set_flags_sta.flags_and = flags_and; + return hostapd_ioctl(drv, ¶m, sizeof(param)); +} + + +static int hostap_set_iface_flags(void *priv, int dev_up) +{ + struct hostap_driver_data *drv = priv; + struct ifreq ifr; + + if (drv->ioctl_sock < 0) + return -1; + + memset(&ifr, 0, sizeof(ifr)); + snprintf(ifr.ifr_name, IFNAMSIZ, "%sap", drv->iface); + + if (ioctl(drv->ioctl_sock, SIOCGIFFLAGS, &ifr) != 0) { + perror("ioctl[SIOCGIFFLAGS]"); + return -1; + } + + if (dev_up) + ifr.ifr_flags |= IFF_UP; + else + ifr.ifr_flags &= ~IFF_UP; + + if (ioctl(drv->ioctl_sock, SIOCSIFFLAGS, &ifr) != 0) { + perror("ioctl[SIOCSIFFLAGS]"); + return -1; + } + + if (dev_up) { + memset(&ifr, 0, sizeof(ifr)); + snprintf(ifr.ifr_name, IFNAMSIZ, "%sap", drv->iface); + ifr.ifr_mtu = HOSTAPD_MTU; + if (ioctl(drv->ioctl_sock, SIOCSIFMTU, &ifr) != 0) { + perror("ioctl[SIOCSIFMTU]"); + printf("Setting MTU failed - trying to survive with " + "current value\n"); + } + } + + return 0; +} + + +static int hostapd_ioctl(void *priv, struct prism2_hostapd_param *param, + int len) +{ + struct hostap_driver_data *drv = priv; + struct iwreq iwr; + + memset(&iwr, 0, sizeof(iwr)); + strncpy(iwr.ifr_name, drv->iface, IFNAMSIZ); + iwr.u.data.pointer = (caddr_t) param; + iwr.u.data.length = len; + + if (ioctl(drv->ioctl_sock, PRISM2_IOCTL_HOSTAPD, &iwr) < 0) { + perror("ioctl[PRISM2_IOCTL_HOSTAPD]"); + return -1; + } + + return 0; +} + + +static int hostap_set_encryption(const char *ifname, void *priv, + const char *alg, const u8 *addr, + int idx, const u8 *key, size_t key_len, + int txkey) +{ + struct hostap_driver_data *drv = priv; + struct prism2_hostapd_param *param; + u8 *buf; + size_t blen; + int ret = 0; + + blen = sizeof(*param) + key_len; + buf = wpa_zalloc(blen); + if (buf == NULL) + return -1; + + param = (struct prism2_hostapd_param *) buf; + param->cmd = PRISM2_SET_ENCRYPTION; + if (addr == NULL) + memset(param->sta_addr, 0xff, ETH_ALEN); + else + memcpy(param->sta_addr, addr, ETH_ALEN); + strncpy((char *) param->u.crypt.alg, alg, HOSTAP_CRYPT_ALG_NAME_LEN); + param->u.crypt.flags = txkey ? HOSTAP_CRYPT_FLAG_SET_TX_KEY : 0; + param->u.crypt.idx = idx; + param->u.crypt.key_len = key_len; + memcpy((u8 *) (param + 1), key, key_len); + + if (hostapd_ioctl(drv, param, blen)) { + printf("Failed to set encryption.\n"); + ret = -1; + } + free(buf); + + return ret; +} + + +static int hostap_get_seqnum(const char *ifname, void *priv, const u8 *addr, + int idx, u8 *seq) +{ + struct hostap_driver_data *drv = priv; + struct prism2_hostapd_param *param; + u8 *buf; + size_t blen; + int ret = 0; + + blen = sizeof(*param) + 32; + buf = wpa_zalloc(blen); + if (buf == NULL) + return -1; + + param = (struct prism2_hostapd_param *) buf; + param->cmd = PRISM2_GET_ENCRYPTION; + if (addr == NULL) + memset(param->sta_addr, 0xff, ETH_ALEN); + else + memcpy(param->sta_addr, addr, ETH_ALEN); + param->u.crypt.idx = idx; + + if (hostapd_ioctl(drv, param, blen)) { + printf("Failed to get encryption.\n"); + ret = -1; + } else { + memcpy(seq, param->u.crypt.seq, 8); + } + free(buf); + + return ret; +} + + +static int hostap_ioctl_prism2param(void *priv, int param, int value) +{ + struct hostap_driver_data *drv = priv; + struct iwreq iwr; + int *i; + + memset(&iwr, 0, sizeof(iwr)); + strncpy(iwr.ifr_name, drv->iface, IFNAMSIZ); + i = (int *) iwr.u.name; + *i++ = param; + *i++ = value; + + if (ioctl(drv->ioctl_sock, PRISM2_IOCTL_PRISM2_PARAM, &iwr) < 0) { + perror("ioctl[PRISM2_IOCTL_PRISM2_PARAM]"); + return -1; + } + + return 0; +} + + +static int hostap_set_ieee8021x(const char *ifname, void *priv, int enabled) +{ + struct hostap_driver_data *drv = priv; + + /* enable kernel driver support for IEEE 802.1X */ + if (hostap_ioctl_prism2param(drv, PRISM2_PARAM_IEEE_802_1X, enabled)) { + printf("Could not setup IEEE 802.1X support in kernel driver." + "\n"); + return -1; + } + + if (!enabled) + return 0; + + /* use host driver implementation of encryption to allow + * individual keys and passing plaintext EAPOL frames */ + if (hostap_ioctl_prism2param(drv, PRISM2_PARAM_HOST_DECRYPT, 1) || + hostap_ioctl_prism2param(drv, PRISM2_PARAM_HOST_ENCRYPT, 1)) { + printf("Could not setup host-based encryption in kernel " + "driver.\n"); + return -1; + } + + return 0; +} + + +static int hostap_set_privacy(const char *ifname, void *priv, int enabled) +{ + struct hostap_drvier_data *drv = priv; + + return hostap_ioctl_prism2param(drv, PRISM2_PARAM_PRIVACY_INVOKED, + enabled); +} + + +static int hostap_set_ssid(const char *ifname, void *priv, const u8 *buf, + int len) +{ + struct hostap_driver_data *drv = priv; + struct iwreq iwr; + + memset(&iwr, 0, sizeof(iwr)); + strncpy(iwr.ifr_name, drv->iface, IFNAMSIZ); + iwr.u.essid.flags = 1; /* SSID active */ + iwr.u.essid.pointer = (caddr_t) buf; + iwr.u.essid.length = len + 1; + + if (ioctl(drv->ioctl_sock, SIOCSIWESSID, &iwr) < 0) { + perror("ioctl[SIOCSIWESSID]"); + printf("len=%d\n", len); + return -1; + } + + return 0; +} + + +static int hostap_flush(void *priv) +{ + struct hostap_driver_data *drv = priv; + struct prism2_hostapd_param param; + + memset(¶m, 0, sizeof(param)); + param.cmd = PRISM2_HOSTAPD_FLUSH; + return hostapd_ioctl(drv, ¶m, sizeof(param)); +} + + +static int hostap_read_sta_data(void *priv, + struct hostap_sta_driver_data *data, + const u8 *addr) +{ + struct hostap_driver_data *drv = priv; + char buf[1024], line[128], *pos; + FILE *f; + unsigned long val; + + memset(data, 0, sizeof(*data)); + snprintf(buf, sizeof(buf), "/proc/net/hostap/%s/" MACSTR, + drv->iface, MAC2STR(addr)); + + f = fopen(buf, "r"); + if (!f) + return -1; + /* Need to read proc file with in one piece, so use large enough + * buffer. */ + setbuffer(f, buf, sizeof(buf)); + + while (fgets(line, sizeof(line), f)) { + pos = strchr(line, '='); + if (!pos) + continue; + *pos++ = '\0'; + val = strtoul(pos, NULL, 10); + if (strcmp(line, "rx_packets") == 0) + data->rx_packets = val; + else if (strcmp(line, "tx_packets") == 0) + data->tx_packets = val; + else if (strcmp(line, "rx_bytes") == 0) + data->rx_bytes = val; + else if (strcmp(line, "tx_bytes") == 0) + data->tx_bytes = val; + } + + fclose(f); + + return 0; +} + + +static int hostap_sta_add(const char *ifname, void *priv, const u8 *addr, + u16 aid, u16 capability, u8 *supp_rates, + size_t supp_rates_len, int flags) +{ + struct hostap_driver_data *drv = priv; + struct prism2_hostapd_param param; + int tx_supp_rates = 0; + size_t i; + +#define WLAN_RATE_1M BIT(0) +#define WLAN_RATE_2M BIT(1) +#define WLAN_RATE_5M5 BIT(2) +#define WLAN_RATE_11M BIT(3) + + for (i = 0; i < supp_rates_len; i++) { + if ((supp_rates[i] & 0x7f) == 2) + tx_supp_rates |= WLAN_RATE_1M; + if ((supp_rates[i] & 0x7f) == 4) + tx_supp_rates |= WLAN_RATE_2M; + if ((supp_rates[i] & 0x7f) == 11) + tx_supp_rates |= WLAN_RATE_5M5; + if ((supp_rates[i] & 0x7f) == 22) + tx_supp_rates |= WLAN_RATE_11M; + } + + memset(¶m, 0, sizeof(param)); + param.cmd = PRISM2_HOSTAPD_ADD_STA; + memcpy(param.sta_addr, addr, ETH_ALEN); + param.u.add_sta.aid = aid; + param.u.add_sta.capability = capability; + param.u.add_sta.tx_supp_rates = tx_supp_rates; + return hostapd_ioctl(drv, ¶m, sizeof(param)); +} + + +static int hostap_sta_remove(void *priv, const u8 *addr) +{ + struct hostap_driver_data *drv = priv; + struct prism2_hostapd_param param; + + hostap_sta_set_flags(drv, addr, 0, ~WLAN_STA_AUTHORIZED); + + memset(¶m, 0, sizeof(param)); + param.cmd = PRISM2_HOSTAPD_REMOVE_STA; + memcpy(param.sta_addr, addr, ETH_ALEN); + if (hostapd_ioctl(drv, ¶m, sizeof(param))) { + printf("Could not remove station from kernel driver.\n"); + return -1; + } + return 0; +} + + +static int hostap_get_inact_sec(void *priv, const u8 *addr) +{ + struct hostap_driver_data *drv = priv; + struct prism2_hostapd_param param; + + memset(¶m, 0, sizeof(param)); + param.cmd = PRISM2_HOSTAPD_GET_INFO_STA; + memcpy(param.sta_addr, addr, ETH_ALEN); + if (hostapd_ioctl(drv, ¶m, sizeof(param))) { + return -1; + } + + return param.u.get_info_sta.inactive_sec; +} + + +static int hostap_sta_clear_stats(void *priv, const u8 *addr) +{ + struct hostap_driver_data *drv = priv; + struct prism2_hostapd_param param; + + memset(¶m, 0, sizeof(param)); + param.cmd = PRISM2_HOSTAPD_STA_CLEAR_STATS; + memcpy(param.sta_addr, addr, ETH_ALEN); + if (hostapd_ioctl(drv, ¶m, sizeof(param))) { + return -1; + } + + return 0; +} + + +static int hostap_set_assoc_ap(void *priv, const u8 *addr) +{ + struct hostap_driver_data *drv = priv; + struct prism2_hostapd_param param; + + memset(¶m, 0, sizeof(param)); + param.cmd = PRISM2_HOSTAPD_SET_ASSOC_AP_ADDR; + memcpy(param.sta_addr, addr, ETH_ALEN); + if (hostapd_ioctl(drv, ¶m, sizeof(param))) + return -1; + + return 0; +} + + +static int hostap_set_generic_elem(const char *ifname, void *priv, + const u8 *elem, size_t elem_len) +{ + struct hostap_driver_data *drv = priv; + struct prism2_hostapd_param *param; + int res; + size_t blen = PRISM2_HOSTAPD_GENERIC_ELEMENT_HDR_LEN + elem_len; + if (blen < sizeof(*param)) + blen = sizeof(*param); + + param = wpa_zalloc(blen); + if (param == NULL) + return -1; + + param->cmd = PRISM2_HOSTAPD_SET_GENERIC_ELEMENT; + param->u.generic_elem.len = elem_len; + memcpy(param->u.generic_elem.data, elem, elem_len); + res = hostapd_ioctl(drv, param, blen); + + free(param); + + return res; +} + + +static void +hostapd_wireless_event_wireless_custom(struct hostap_driver_data *drv, + char *custom) +{ + struct hostapd_data *hapd = drv->hapd; + + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "Custom wireless event: '%s'\n", + custom); + + if (strncmp(custom, "MLME-MICHAELMICFAILURE.indication", 33) == 0) { + char *pos; + u8 addr[ETH_ALEN]; + pos = strstr(custom, "addr="); + if (pos == NULL) { + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "MLME-MICHAELMICFAILURE.indication " + "without sender address ignored\n"); + return; + } + pos += 5; + if (hwaddr_aton(pos, addr) == 0) { + ieee80211_michael_mic_failure(drv->hapd, addr, 1); + } else { + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "MLME-MICHAELMICFAILURE.indication " + "with invalid MAC address"); + } + } +} + + +static void hostapd_wireless_event_wireless(struct hostap_driver_data *drv, + char *data, int len) +{ + struct hostapd_data *hapd = drv->hapd; + struct iw_event iwe_buf, *iwe = &iwe_buf; + char *pos, *end, *custom, *buf; + + pos = data; + end = data + len; + + while (pos + IW_EV_LCP_LEN <= end) { + /* Event data may be unaligned, so make a local, aligned copy + * before processing. */ + memcpy(&iwe_buf, pos, IW_EV_LCP_LEN); + HOSTAPD_DEBUG(HOSTAPD_DEBUG_VERBOSE, "Wireless event: " + "cmd=0x%x len=%d\n", iwe->cmd, iwe->len); + if (iwe->len <= IW_EV_LCP_LEN) + return; + + custom = pos + IW_EV_POINT_LEN; + if (drv->we_version > 18 && + (iwe->cmd == IWEVMICHAELMICFAILURE || + iwe->cmd == IWEVCUSTOM)) { + /* WE-19 removed the pointer from struct iw_point */ + char *dpos = (char *) &iwe_buf.u.data.length; + int dlen = dpos - (char *) &iwe_buf; + memcpy(dpos, pos + IW_EV_LCP_LEN, + sizeof(struct iw_event) - dlen); + } else { + memcpy(&iwe_buf, pos, sizeof(struct iw_event)); + custom += IW_EV_POINT_OFF; + } + + switch (iwe->cmd) { + case IWEVCUSTOM: + if (custom + iwe->u.data.length > end) + return; + buf = malloc(iwe->u.data.length + 1); + if (buf == NULL) + return; + memcpy(buf, custom, iwe->u.data.length); + buf[iwe->u.data.length] = '\0'; + hostapd_wireless_event_wireless_custom(drv, buf); + free(buf); + break; + } + + pos += iwe->len; + } +} + + +static void hostapd_wireless_event_rtm_newlink(struct hostap_driver_data *drv, + struct nlmsghdr *h, int len) +{ + struct ifinfomsg *ifi; + int attrlen, nlmsg_len, rta_len; + struct rtattr * attr; + + if (len < (int) sizeof(*ifi)) + return; + + ifi = NLMSG_DATA(h); + + /* TODO: use ifi->ifi_index to filter out wireless events from other + * interfaces */ + + nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg)); + + attrlen = h->nlmsg_len - nlmsg_len; + if (attrlen < 0) + return; + + attr = (struct rtattr *) (((char *) ifi) + nlmsg_len); + + rta_len = RTA_ALIGN(sizeof(struct rtattr)); + while (RTA_OK(attr, attrlen)) { + if (attr->rta_type == IFLA_WIRELESS) { + hostapd_wireless_event_wireless( + drv, ((char *) attr) + rta_len, + attr->rta_len - rta_len); + } + attr = RTA_NEXT(attr, attrlen); + } +} + + +static void hostapd_wireless_event_receive(int sock, void *eloop_ctx, + void *sock_ctx) +{ + char buf[256]; + int left; + struct sockaddr_nl from; + socklen_t fromlen; + struct nlmsghdr *h; + struct hostap_driver_data *drv = eloop_ctx; + + fromlen = sizeof(from); + left = recvfrom(sock, buf, sizeof(buf), MSG_DONTWAIT, + (struct sockaddr *) &from, &fromlen); + if (left < 0) { + if (errno != EINTR && errno != EAGAIN) + perror("recvfrom(netlink)"); + return; + } + + h = (struct nlmsghdr *) buf; + while (left >= (int) sizeof(*h)) { + int len, plen; + + len = h->nlmsg_len; + plen = len - sizeof(*h); + if (len > left || plen < 0) { + printf("Malformed netlink message: " + "len=%d left=%d plen=%d\n", + len, left, plen); + break; + } + + switch (h->nlmsg_type) { + case RTM_NEWLINK: + hostapd_wireless_event_rtm_newlink(drv, h, plen); + break; + } + + len = NLMSG_ALIGN(len); + left -= len; + h = (struct nlmsghdr *) ((char *) h + len); + } + + if (left > 0) { + printf("%d extra bytes in the end of netlink message\n", left); + } +} + + +static int hostap_get_we_version(struct hostap_driver_data *drv) +{ + struct iw_range *range; + struct iwreq iwr; + int minlen; + size_t buflen; + + drv->we_version = 0; + + /* + * Use larger buffer than struct iw_range in order to allow the + * structure to grow in the future. + */ + buflen = sizeof(struct iw_range) + 500; + range = wpa_zalloc(buflen); + if (range == NULL) + return -1; + + memset(&iwr, 0, sizeof(iwr)); + strncpy(iwr.ifr_name, drv->iface, IFNAMSIZ); + iwr.u.data.pointer = (caddr_t) range; + iwr.u.data.length = buflen; + + minlen = ((char *) &range->enc_capa) - (char *) range + + sizeof(range->enc_capa); + + if (ioctl(drv->ioctl_sock, SIOCGIWRANGE, &iwr) < 0) { + perror("ioctl[SIOCGIWRANGE]"); + free(range); + return -1; + } else if (iwr.u.data.length >= minlen && + range->we_version_compiled >= 18) { + wpa_printf(MSG_DEBUG, "SIOCGIWRANGE: WE(compiled)=%d " + "WE(source)=%d enc_capa=0x%x", + range->we_version_compiled, + range->we_version_source, + range->enc_capa); + drv->we_version = range->we_version_compiled; + } + + free(range); + return 0; +} + + +static int hostap_wireless_event_init(void *priv) +{ + struct hostap_driver_data *drv = priv; + int s; + struct sockaddr_nl local; + + hostap_get_we_version(drv); + + drv->wext_sock = -1; + + s = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE); + if (s < 0) { + perror("socket(PF_NETLINK,SOCK_RAW,NETLINK_ROUTE)"); + return -1; + } + + memset(&local, 0, sizeof(local)); + local.nl_family = AF_NETLINK; + local.nl_groups = RTMGRP_LINK; + if (bind(s, (struct sockaddr *) &local, sizeof(local)) < 0) { + perror("bind(netlink)"); + close(s); + return -1; + } + + eloop_register_read_sock(s, hostapd_wireless_event_receive, drv, + NULL); + drv->wext_sock = s; + + return 0; +} + + +static void hostap_wireless_event_deinit(void *priv) +{ + struct hostap_driver_data *drv = priv; + if (drv->wext_sock < 0) + return; + eloop_unregister_read_sock(drv->wext_sock); + close(drv->wext_sock); +} + + +static int hostap_init(struct hostapd_data *hapd) +{ + struct hostap_driver_data *drv; + + drv = wpa_zalloc(sizeof(struct hostap_driver_data)); + if (drv == NULL) { + printf("Could not allocate memory for hostapd driver data\n"); + return -1; + } + + drv->ops = hostap_driver_ops; + drv->hapd = hapd; + drv->ioctl_sock = drv->sock = -1; + memcpy(drv->iface, hapd->conf->iface, sizeof(drv->iface)); + + drv->ioctl_sock = socket(PF_INET, SOCK_DGRAM, 0); + if (drv->ioctl_sock < 0) { + perror("socket[PF_INET,SOCK_DGRAM]"); + free(drv); + return -1; + } + + if (hostap_ioctl_prism2param(drv, PRISM2_PARAM_HOSTAPD, 1)) { + printf("Could not enable hostapd mode for interface %s\n", + drv->iface); + close(drv->ioctl_sock); + free(drv); + return -1; + } + + if (hapd->conf->assoc_ap && + hostap_ioctl_prism2param(drv, PRISM2_PARAM_HOSTAPD_STA, 1)) { + printf("Could not enable hostapd STA mode for interface %s\n", + drv->iface); + close(drv->ioctl_sock); + free(drv); + return -1; + } + + if (hostap_init_sockets(drv)) { + close(drv->ioctl_sock); + free(drv); + return -1; + } + + hapd->driver = &drv->ops; + return 0; +} + + +static void hostap_driver_deinit(void *priv) +{ + struct hostap_driver_data *drv = priv; + + drv->hapd->driver = NULL; + + (void) hostap_set_iface_flags(drv, 0); + (void) hostap_ioctl_prism2param(drv, PRISM2_PARAM_HOSTAPD, 0); + (void) hostap_ioctl_prism2param(drv, PRISM2_PARAM_HOSTAPD_STA, 0); + + if (drv->ioctl_sock >= 0) + close(drv->ioctl_sock); + + if (drv->sock >= 0) + close(drv->sock); + + free(drv); +} + + +static int hostap_sta_deauth(void *priv, const u8 *addr, int reason) +{ + struct hostap_driver_data *drv = priv; + struct ieee80211_mgmt mgmt; + + memset(&mgmt, 0, sizeof(mgmt)); + mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, + WLAN_FC_STYPE_DEAUTH); + memcpy(mgmt.da, addr, ETH_ALEN); + memcpy(mgmt.sa, drv->hapd->own_addr, ETH_ALEN); + memcpy(mgmt.bssid, drv->hapd->own_addr, ETH_ALEN); + mgmt.u.deauth.reason_code = host_to_le16(reason); + return hostap_send_mgmt_frame(drv, &mgmt, IEEE80211_HDRLEN + + sizeof(mgmt.u.deauth), 0); +} + + +static int hostap_sta_disassoc(void *priv, const u8 *addr, int reason) +{ + struct hostap_driver_data *drv = priv; + struct ieee80211_mgmt mgmt; + + memset(&mgmt, 0, sizeof(mgmt)); + mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, + WLAN_FC_STYPE_DISASSOC); + memcpy(mgmt.da, addr, ETH_ALEN); + memcpy(mgmt.sa, drv->hapd->own_addr, ETH_ALEN); + memcpy(mgmt.bssid, drv->hapd->own_addr, ETH_ALEN); + mgmt.u.disassoc.reason_code = host_to_le16(reason); + return hostap_send_mgmt_frame(drv, &mgmt, IEEE80211_HDRLEN + + sizeof(mgmt.u.disassoc), 0); +} + + +static struct hostapd_hw_modes * hostap_get_hw_feature_data(void *priv, + u16 *num_modes, + u16 *flags) +{ + struct hostapd_hw_modes *mode; + int i, clen, rlen; + const short chan2freq[14] = { + 2412, 2417, 2422, 2427, 2432, 2437, 2442, + 2447, 2452, 2457, 2462, 2467, 2472, 2484 + }; + + mode = wpa_zalloc(sizeof(struct hostapd_hw_modes)); + if (mode == NULL) + return NULL; + + *num_modes = 1; + *flags = 0; + + mode->mode = HOSTAPD_MODE_IEEE80211B; + mode->num_channels = 14; + mode->num_rates = 4; + + clen = mode->num_channels * sizeof(struct hostapd_channel_data); + rlen = mode->num_rates * sizeof(struct hostapd_rate_data); + + mode->channels = wpa_zalloc(clen); + mode->rates = wpa_zalloc(rlen); + if (mode->channels == NULL || mode->rates == NULL) { + hostapd_free_hw_features(mode, *num_modes); + return NULL; + } + + for (i = 0; i < 14; i++) { + mode->channels[i].chan = i + 1; + mode->channels[i].freq = chan2freq[i]; + } + + mode->rates[0].rate = 10; + mode->rates[0].flags = HOSTAPD_RATE_CCK; + mode->rates[1].rate = 20; + mode->rates[1].flags = HOSTAPD_RATE_CCK; + mode->rates[2].rate = 55; + mode->rates[2].flags = HOSTAPD_RATE_CCK; + mode->rates[3].rate = 110; + mode->rates[3].flags = HOSTAPD_RATE_CCK; + + return mode; +} + + +static const struct driver_ops hostap_driver_ops = { + .name = "hostap", + .init = hostap_init, + .deinit = hostap_driver_deinit, + .wireless_event_init = hostap_wireless_event_init, + .wireless_event_deinit = hostap_wireless_event_deinit, + .set_ieee8021x = hostap_set_ieee8021x, + .set_privacy = hostap_set_privacy, + .set_encryption = hostap_set_encryption, + .get_seqnum = hostap_get_seqnum, + .flush = hostap_flush, + .set_generic_elem = hostap_set_generic_elem, + .read_sta_data = hostap_read_sta_data, + .send_eapol = hostap_send_eapol, + .sta_set_flags = hostap_sta_set_flags, + .sta_deauth = hostap_sta_deauth, + .sta_disassoc = hostap_sta_disassoc, + .sta_remove = hostap_sta_remove, + .set_ssid = hostap_set_ssid, + .send_mgmt_frame = hostap_send_mgmt_frame, + .set_assoc_ap = hostap_set_assoc_ap, + .sta_add = hostap_sta_add, + .get_inact_sec = hostap_get_inact_sec, + .sta_clear_stats = hostap_sta_clear_stats, + .get_hw_feature_data = hostap_get_hw_feature_data, +}; + + +void hostap_driver_register(void) +{ + driver_register(hostap_driver_ops.name, &hostap_driver_ops); +} diff --git a/contrib/hostapd-0.5.8/driver.h b/contrib/hostapd-0.5.8/driver.h new file mode 100644 index 0000000000..4fd262c1ff --- /dev/null +++ b/contrib/hostapd-0.5.8/driver.h @@ -0,0 +1,656 @@ +#ifndef DRIVER_H +#define DRIVER_H + +enum hostapd_driver_if_type { + HOSTAPD_IF_VLAN, HOSTAPD_IF_WDS +}; + +struct driver_ops { + const char *name; /* as appears in the config file */ + + int (*init)(struct hostapd_data *hapd); + void (*deinit)(void *priv); + + int (*wireless_event_init)(void *priv); + void (*wireless_event_deinit)(void *priv); + + /** + * set_8021x - enable/disable IEEE 802.1X support + * @ifname: Interface name (for multi-SSID/VLAN support) + * @priv: driver private data + * @enabled: 1 = enable, 0 = disable + * + * Returns: 0 on success, -1 on failure + * + * Configure the kernel driver to enable/disable 802.1X support. + * This may be an empty function if 802.1X support is always enabled. + */ + int (*set_ieee8021x)(const char *ifname, void *priv, int enabled); + + /** + * set_privacy - enable/disable privacy + * @priv: driver private data + * @enabled: 1 = privacy enabled, 0 = disabled + * + * Return: 0 on success, -1 on failure + * + * Configure privacy. + */ + int (*set_privacy)(const char *ifname, void *priv, int enabled); + + int (*set_encryption)(const char *ifname, void *priv, const char *alg, + const u8 *addr, int idx, + const u8 *key, size_t key_len, int txkey); + int (*get_seqnum)(const char *ifname, void *priv, const u8 *addr, + int idx, u8 *seq); + int (*get_seqnum_igtk)(const char *ifname, void *priv, const u8 *addr, + int idx, u8 *seq); + int (*flush)(void *priv); + int (*set_generic_elem)(const char *ifname, void *priv, const u8 *elem, + size_t elem_len); + + int (*read_sta_data)(void *priv, struct hostap_sta_driver_data *data, + const u8 *addr); + int (*send_eapol)(void *priv, const u8 *addr, const u8 *data, + size_t data_len, int encrypt, const u8 *own_addr); + int (*sta_deauth)(void *priv, const u8 *addr, int reason); + int (*sta_disassoc)(void *priv, const u8 *addr, int reason); + int (*sta_remove)(void *priv, const u8 *addr); + int (*get_ssid)(const char *ifname, void *priv, u8 *buf, int len); + int (*set_ssid)(const char *ifname, void *priv, const u8 *buf, + int len); + int (*set_countermeasures)(void *priv, int enabled); + int (*send_mgmt_frame)(void *priv, const void *msg, size_t len, + int flags); + int (*set_assoc_ap)(void *priv, const u8 *addr); + int (*sta_add)(const char *ifname, void *priv, const u8 *addr, u16 aid, + u16 capability, u8 *supp_rates, size_t supp_rates_len, + int flags); + int (*get_inact_sec)(void *priv, const u8 *addr); + int (*sta_clear_stats)(void *priv, const u8 *addr); + + int (*set_freq)(void *priv, int mode, int freq); + int (*set_rts)(void *priv, int rts); + int (*get_rts)(void *priv, int *rts); + int (*set_frag)(void *priv, int frag); + int (*get_frag)(void *priv, int *frag); + int (*set_retry)(void *priv, int short_retry, int long_retry); + int (*get_retry)(void *priv, int *short_retry, int *long_retry); + + int (*sta_set_flags)(void *priv, const u8 *addr, + int flags_or, int flags_and); + int (*set_rate_sets)(void *priv, int *supp_rates, int *basic_rates, + int mode); + int (*set_channel_flag)(void *priv, int mode, int chan, int flag, + unsigned char power_level, + unsigned char antenna_max); + int (*set_regulatory_domain)(void *priv, unsigned int rd); + int (*set_country)(void *priv, const char *country); + int (*set_ieee80211d)(void *priv, int enabled); + int (*set_beacon)(const char *ifname, void *priv, + u8 *head, size_t head_len, + u8 *tail, size_t tail_len); + + /* Configure internal bridge: + * 0 = disabled, i.e., client separation is enabled (no bridging of + * packets between associated STAs + * 1 = enabled, i.e., bridge packets between associated STAs (default) + */ + int (*set_internal_bridge)(void *priv, int value); + int (*set_beacon_int)(void *priv, int value); + int (*set_dtim_period)(const char *ifname, void *priv, int value); + /* Configure broadcast SSID mode: + * 0 = include SSID in Beacon frames and reply to Probe Request frames + * that use broadcast SSID + * 1 = hide SSID from Beacon frames and ignore Probe Request frames for + * broadcast SSID + */ + int (*set_broadcast_ssid)(void *priv, int value); + int (*set_cts_protect)(void *priv, int value); + int (*set_key_tx_rx_threshold)(void *priv, int value); + int (*set_preamble)(void *priv, int value); + int (*set_short_slot_time)(void *priv, int value); + int (*set_tx_queue_params)(void *priv, int queue, int aifs, int cw_min, + int cw_max, int burst_time); + int (*bss_add)(void *priv, const char *ifname, const u8 *bssid); + int (*bss_remove)(void *priv, const char *ifname); + int (*valid_bss_mask)(void *priv, const u8 *addr, const u8 *mask); + int (*passive_scan)(void *priv, int now, int our_mode_only, + int interval, int _listen, int *channel, + int *last_rx); + struct hostapd_hw_modes * (*get_hw_feature_data)(void *priv, + u16 *num_modes, + u16 *flags); + int (*if_add)(const char *iface, void *priv, + enum hostapd_driver_if_type type, char *ifname, + const u8 *addr); + int (*if_update)(void *priv, enum hostapd_driver_if_type type, + char *ifname, const u8 *addr); + int (*if_remove)(void *priv, enum hostapd_driver_if_type type, + const char *ifname, const u8 *addr); + int (*set_sta_vlan)(void *priv, const u8 *addr, const char *ifname, + int vlan_id); + /** + * commit - Optional commit changes handler + * @priv: driver private data + * Returns: 0 on success, -1 on failure + * + * This optional handler function can be registered if the driver + * interface implementation needs to commit changes (e.g., by setting + * network interface up) at the end of initial configuration. If set, + * this handler will be called after initial setup has been completed. + */ + int (*commit)(void *priv); +}; + +static inline int +hostapd_driver_init(struct hostapd_data *hapd) +{ + if (hapd->driver == NULL || hapd->driver->init == NULL) + return -1; + return hapd->driver->init(hapd); +} + +static inline void +hostapd_driver_deinit(struct hostapd_data *hapd) +{ + if (hapd->driver == NULL || hapd->driver->deinit == NULL) + return; + hapd->driver->deinit(hapd->driver); +} + +static inline int +hostapd_wireless_event_init(struct hostapd_data *hapd) +{ + if (hapd->driver == NULL || + hapd->driver->wireless_event_init == NULL) + return 0; + return hapd->driver->wireless_event_init(hapd->driver); +} + +static inline void +hostapd_wireless_event_deinit(struct hostapd_data *hapd) +{ + if (hapd->driver == NULL || + hapd->driver->wireless_event_deinit == NULL) + return; + hapd->driver->wireless_event_deinit(hapd->driver); +} + +static inline int +hostapd_set_ieee8021x(const char *ifname, struct hostapd_data *hapd, + int enabled) +{ + if (hapd->driver == NULL || hapd->driver->set_ieee8021x == NULL) + return 0; + return hapd->driver->set_ieee8021x(ifname, hapd->driver, enabled); +} + +static inline int +hostapd_set_privacy(struct hostapd_data *hapd, int enabled) +{ + if (hapd->driver == NULL || hapd->driver->set_privacy == NULL) + return 0; + return hapd->driver->set_privacy(hapd->conf->iface, hapd->driver, + enabled); +} + +static inline int +hostapd_set_encryption(const char *ifname, struct hostapd_data *hapd, + const char *alg, const u8 *addr, int idx, + u8 *key, size_t key_len, int txkey) +{ + if (hapd->driver == NULL || hapd->driver->set_encryption == NULL) + return 0; + return hapd->driver->set_encryption(ifname, hapd->driver, alg, addr, + idx, key, key_len, txkey); +} + +static inline int +hostapd_get_seqnum(const char *ifname, struct hostapd_data *hapd, + const u8 *addr, int idx, u8 *seq) +{ + if (hapd->driver == NULL || hapd->driver->get_seqnum == NULL) + return 0; + return hapd->driver->get_seqnum(ifname, hapd->driver, addr, idx, seq); +} + +static inline int +hostapd_get_seqnum_igtk(const char *ifname, struct hostapd_data *hapd, + const u8 *addr, int idx, u8 *seq) +{ + if (hapd->driver == NULL || hapd->driver->get_seqnum_igtk == NULL) + return -1; + return hapd->driver->get_seqnum_igtk(ifname, hapd->driver, addr, idx, + seq); +} + +static inline int +hostapd_flush(struct hostapd_data *hapd) +{ + if (hapd->driver == NULL || hapd->driver->flush == NULL) + return 0; + return hapd->driver->flush(hapd->driver); +} + +static inline int +hostapd_set_generic_elem(struct hostapd_data *hapd, const u8 *elem, + size_t elem_len) +{ + if (hapd->driver == NULL || hapd->driver->set_generic_elem == NULL) + return 0; + return hapd->driver->set_generic_elem(hapd->conf->iface, hapd->driver, + elem, elem_len); +} + +static inline int +hostapd_read_sta_data(struct hostapd_data *hapd, + struct hostap_sta_driver_data *data, const u8 *addr) +{ + if (hapd->driver == NULL || hapd->driver->read_sta_data == NULL) + return -1; + return hapd->driver->read_sta_data(hapd->driver, data, addr); +} + +static inline int +hostapd_send_eapol(struct hostapd_data *hapd, const u8 *addr, const u8 *data, + size_t data_len, int encrypt) +{ + if (hapd->driver == NULL || hapd->driver->send_eapol == NULL) + return 0; + return hapd->driver->send_eapol(hapd->driver, addr, data, data_len, + encrypt, hapd->own_addr); +} + +static inline int +hostapd_sta_deauth(struct hostapd_data *hapd, const u8 *addr, int reason) +{ + if (hapd->driver == NULL || hapd->driver->sta_deauth == NULL) + return 0; + return hapd->driver->sta_deauth(hapd->driver, addr, reason); +} + +static inline int +hostapd_sta_disassoc(struct hostapd_data *hapd, const u8 *addr, int reason) +{ + if (hapd->driver == NULL || hapd->driver->sta_disassoc == NULL) + return 0; + return hapd->driver->sta_disassoc(hapd->driver, addr, reason); +} + +static inline int +hostapd_sta_remove(struct hostapd_data *hapd, const u8 *addr) +{ + if (hapd->driver == NULL || hapd->driver->sta_remove == NULL) + return 0; + return hapd->driver->sta_remove(hapd->driver, addr); +} + +static inline int +hostapd_get_ssid(struct hostapd_data *hapd, u8 *buf, size_t len) +{ + if (hapd->driver == NULL || hapd->driver->get_ssid == NULL) + return 0; + return hapd->driver->get_ssid(hapd->conf->iface, hapd->driver, buf, + len); +} + +static inline int +hostapd_set_ssid(struct hostapd_data *hapd, const u8 *buf, size_t len) +{ + if (hapd->driver == NULL || hapd->driver->set_ssid == NULL) + return 0; + return hapd->driver->set_ssid(hapd->conf->iface, hapd->driver, buf, + len); +} + +static inline int +hostapd_send_mgmt_frame(struct hostapd_data *hapd, const void *msg, size_t len, + int flags) +{ + if (hapd->driver == NULL || hapd->driver->send_mgmt_frame == NULL) + return 0; + return hapd->driver->send_mgmt_frame(hapd->driver, msg, len, flags); +} + +static inline int +hostapd_set_assoc_ap(struct hostapd_data *hapd, const u8 *addr) +{ + if (hapd->driver == NULL || hapd->driver->set_assoc_ap == NULL) + return 0; + return hapd->driver->set_assoc_ap(hapd->driver, addr); +} + +static inline int +hostapd_set_countermeasures(struct hostapd_data *hapd, int enabled) +{ + if (hapd->driver == NULL || hapd->driver->set_countermeasures == NULL) + return 0; + return hapd->driver->set_countermeasures(hapd->driver, enabled); +} + +static inline int +hostapd_sta_add(const char *ifname, struct hostapd_data *hapd, const u8 *addr, + u16 aid, u16 capability, u8 *supp_rates, size_t supp_rates_len, + int flags) +{ + if (hapd->driver == NULL || hapd->driver->sta_add == NULL) + return 0; + return hapd->driver->sta_add(ifname, hapd->driver, addr, aid, + capability, supp_rates, supp_rates_len, + flags); +} + +static inline int +hostapd_get_inact_sec(struct hostapd_data *hapd, const u8 *addr) +{ + if (hapd->driver == NULL || hapd->driver->get_inact_sec == NULL) + return 0; + return hapd->driver->get_inact_sec(hapd->driver, addr); +} + +static inline int +hostapd_set_freq(struct hostapd_data *hapd, int mode, int freq) +{ + if (hapd->driver == NULL || hapd->driver->set_freq == NULL) + return 0; + return hapd->driver->set_freq(hapd->driver, mode, freq); +} + +static inline int +hostapd_set_rts(struct hostapd_data *hapd, int rts) +{ + if (hapd->driver == NULL || hapd->driver->set_rts == NULL) + return 0; + return hapd->driver->set_rts(hapd->driver, rts); +} + +static inline int +hostapd_get_rts(struct hostapd_data *hapd, int *rts) +{ + if (hapd->driver == NULL || hapd->driver->get_rts == NULL) + return 0; + return hapd->driver->get_rts(hapd->driver, rts); +} + +static inline int +hostapd_set_frag(struct hostapd_data *hapd, int frag) +{ + if (hapd->driver == NULL || hapd->driver->set_frag == NULL) + return 0; + return hapd->driver->set_frag(hapd->driver, frag); +} + +static inline int +hostapd_get_frag(struct hostapd_data *hapd, int *frag) +{ + if (hapd->driver == NULL || hapd->driver->get_frag == NULL) + return 0; + return hapd->driver->get_frag(hapd->driver, frag); +} + +static inline int +hostapd_set_retry(struct hostapd_data *hapd, int short_retry, int long_retry) +{ + if (hapd->driver == NULL || hapd->driver->set_retry == NULL) + return 0; + return hapd->driver->set_retry(hapd->driver, short_retry, long_retry); +} + +static inline int +hostapd_get_retry(struct hostapd_data *hapd, int *short_retry, int *long_retry) +{ + if (hapd->driver == NULL || hapd->driver->get_retry == NULL) + return 0; + return hapd->driver->get_retry(hapd->driver, short_retry, long_retry); +} + +static inline int +hostapd_sta_set_flags(struct hostapd_data *hapd, u8 *addr, + int flags_or, int flags_and) +{ + if (hapd->driver == NULL || hapd->driver->sta_set_flags == NULL) + return 0; + return hapd->driver->sta_set_flags(hapd->driver, addr, flags_or, + flags_and); +} + +static inline int +hostapd_set_rate_sets(struct hostapd_data *hapd, int *supp_rates, + int *basic_rates, int mode) +{ + if (hapd->driver == NULL || hapd->driver->set_rate_sets == NULL) + return 0; + return hapd->driver->set_rate_sets(hapd->driver, supp_rates, + basic_rates, mode); +} + +static inline int +hostapd_set_channel_flag(struct hostapd_data *hapd, int mode, int chan, + int flag, unsigned char power_level, + unsigned char antenna_max) +{ + if (hapd->driver == NULL || hapd->driver->set_channel_flag == NULL) + return 0; + return hapd->driver->set_channel_flag(hapd->driver, mode, chan, flag, + power_level, antenna_max); +} + +static inline int +hostapd_set_regulatory_domain(struct hostapd_data *hapd, unsigned int rd) +{ + if (hapd->driver == NULL || + hapd->driver->set_regulatory_domain == NULL) + return 0; + return hapd->driver->set_regulatory_domain(hapd->driver, rd); +} + +static inline int +hostapd_set_country(struct hostapd_data *hapd, const char *country) +{ + if (hapd->driver == NULL || + hapd->driver->set_country == NULL) + return 0; + return hapd->driver->set_country(hapd->driver, country); +} + +static inline int +hostapd_set_ieee80211d(struct hostapd_data *hapd, int enabled) +{ + if (hapd->driver == NULL || + hapd->driver->set_ieee80211d == NULL) + return 0; + return hapd->driver->set_ieee80211d(hapd->driver, enabled); +} + +void driver_register(const char *name, const struct driver_ops *ops); +void driver_unregister(const char *name); +const struct driver_ops *driver_lookup(const char *name); + +static inline int +hostapd_sta_clear_stats(struct hostapd_data *hapd, const u8 *addr) +{ + if (hapd->driver == NULL || hapd->driver->sta_clear_stats == NULL) + return 0; + return hapd->driver->sta_clear_stats(hapd->driver, addr); +} + +static inline int +hostapd_set_beacon(const char *ifname, struct hostapd_data *hapd, + u8 *head, size_t head_len, + u8 *tail, size_t tail_len) +{ + if (hapd->driver == NULL || hapd->driver->set_beacon == NULL) + return 0; + return hapd->driver->set_beacon(ifname, hapd->driver, head, head_len, + tail, tail_len); +} + +static inline int +hostapd_set_internal_bridge(struct hostapd_data *hapd, int value) +{ + if (hapd->driver == NULL || hapd->driver->set_internal_bridge == NULL) + return 0; + return hapd->driver->set_internal_bridge(hapd->driver, value); +} + +static inline int +hostapd_set_beacon_int(struct hostapd_data *hapd, int value) +{ + if (hapd->driver == NULL || hapd->driver->set_beacon_int == NULL) + return 0; + return hapd->driver->set_beacon_int(hapd->driver, value); +} + +static inline int +hostapd_set_dtim_period(struct hostapd_data *hapd, int value) +{ + if (hapd->driver == NULL || hapd->driver->set_dtim_period == NULL) + return 0; + return hapd->driver->set_dtim_period(hapd->conf->iface, hapd->driver, + value); +} + +static inline int +hostapd_set_broadcast_ssid(struct hostapd_data *hapd, int value) +{ + if (hapd->driver == NULL || hapd->driver->set_broadcast_ssid == NULL) + return 0; + return hapd->driver->set_broadcast_ssid(hapd->driver, value); +} + +static inline int +hostapd_set_cts_protect(struct hostapd_data *hapd, int value) +{ + if (hapd->driver == NULL || hapd->driver->set_cts_protect == NULL) + return 0; + return hapd->driver->set_cts_protect(hapd->driver, value); +} + +static inline int +hostapd_set_key_tx_rx_threshold(struct hostapd_data *hapd, int value) +{ + if (hapd->driver == NULL || + hapd->driver->set_key_tx_rx_threshold == NULL) + return 0; + return hapd->driver->set_key_tx_rx_threshold(hapd->driver, value); +} + +static inline int +hostapd_set_preamble(struct hostapd_data *hapd, int value) +{ + if (hapd->driver == NULL || hapd->driver->set_preamble == NULL) + return 0; + return hapd->driver->set_preamble(hapd->driver, value); +} + +static inline int +hostapd_set_short_slot_time(struct hostapd_data *hapd, int value) +{ + if (hapd->driver == NULL || hapd->driver->set_short_slot_time == NULL) + return 0; + return hapd->driver->set_short_slot_time(hapd->driver, value); +} + +static inline int +hostapd_set_tx_queue_params(struct hostapd_data *hapd, int queue, int aifs, + int cw_min, int cw_max, int burst_time) +{ + if (hapd->driver == NULL || hapd->driver->set_tx_queue_params == NULL) + return 0; + return hapd->driver->set_tx_queue_params(hapd->driver, queue, aifs, + cw_min, cw_max, burst_time); +} + +static inline int +hostapd_bss_add(struct hostapd_data *hapd, const char *ifname, const u8 *bssid) +{ + if (hapd->driver == NULL || hapd->driver->bss_add == NULL) + return 0; + return hapd->driver->bss_add(hapd->driver, ifname, bssid); +} + +static inline int +hostapd_bss_remove(struct hostapd_data *hapd, const char *ifname) +{ + if (hapd->driver == NULL || hapd->driver->bss_remove == NULL) + return 0; + return hapd->driver->bss_remove(hapd->driver, ifname); +} + +static inline int +hostapd_valid_bss_mask(struct hostapd_data *hapd, const u8 *addr, + const u8 *mask) +{ + if (hapd->driver == NULL || hapd->driver->valid_bss_mask == NULL) + return 1; + return hapd->driver->valid_bss_mask(hapd->driver, addr, mask); +} + +static inline int +hostapd_if_add(struct hostapd_data *hapd, enum hostapd_driver_if_type type, + char *ifname, const u8 *addr) +{ + if (hapd->driver == NULL || hapd->driver->if_add == NULL) + return -1; + return hapd->driver->if_add(hapd->conf->iface, hapd->driver, type, + ifname, addr); +} + +static inline int +hostapd_if_update(struct hostapd_data *hapd, enum hostapd_driver_if_type type, + char *ifname, const u8 *addr) +{ + if (hapd->driver == NULL || hapd->driver->if_update == NULL) + return -1; + return hapd->driver->if_update(hapd->driver, type, ifname, addr); +} + +static inline int +hostapd_if_remove(struct hostapd_data *hapd, enum hostapd_driver_if_type type, + char *ifname, const u8 *addr) +{ + if (hapd->driver == NULL || hapd->driver->if_remove == NULL) + return -1; + return hapd->driver->if_remove(hapd->driver, type, ifname, addr); +} + +static inline int +hostapd_passive_scan(struct hostapd_data *hapd, int now, int our_mode_only, + int interval, int _listen, int *channel, + int *last_rx) +{ + if (hapd->driver == NULL || hapd->driver->passive_scan == NULL) + return -1; + return hapd->driver->passive_scan(hapd->driver, now, our_mode_only, + interval, _listen, channel, last_rx); +} + +static inline struct hostapd_hw_modes * +hostapd_get_hw_feature_data(struct hostapd_data *hapd, u16 *num_modes, + u16 *flags) +{ + if (hapd->driver == NULL || hapd->driver->get_hw_feature_data == NULL) + return NULL; + return hapd->driver->get_hw_feature_data(hapd->driver, num_modes, + flags); +} + +static inline int +hostapd_set_sta_vlan(const char *ifname, struct hostapd_data *hapd, + const u8 *addr, int vlan_id) +{ + if (hapd->driver == NULL || hapd->driver->set_sta_vlan == NULL) + return 0; + return hapd->driver->set_sta_vlan(hapd->driver, addr, ifname, vlan_id); +} + +static inline int +hostapd_driver_commit(struct hostapd_data *hapd) +{ + if (hapd->driver == NULL || hapd->driver->commit == NULL) + return 0; + return hapd->driver->commit(hapd->driver); +} + +#endif /* DRIVER_H */ diff --git a/contrib/hostapd-0.5.8/driver_wired.c b/contrib/hostapd-0.5.8/driver_wired.c new file mode 100644 index 0000000000..950668183f --- /dev/null +++ b/contrib/hostapd-0.5.8/driver_wired.c @@ -0,0 +1,391 @@ +/* + * hostapd / Kernel driver communication for wired (Ethernet) drivers + * Copyright (c) 2002-2005, Jouni Malinen + * Copyright (c) 2004, Gunter Burchardt + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" +#include + +#ifdef USE_KERNEL_HEADERS +#include +#include +#include /* The L2 protocols */ +#include +#include +#else /* USE_KERNEL_HEADERS */ +#include +#include +#include +#endif /* USE_KERNEL_HEADERS */ + +#include "hostapd.h" +#include "ieee802_1x.h" +#include "eloop.h" +#include "sta_info.h" +#include "driver.h" +#include "accounting.h" + + +struct wired_driver_data { + struct driver_ops ops; + struct hostapd_data *hapd; + + int sock; /* raw packet socket for driver access */ + int dhcp_sock; /* socket for dhcp packets */ + int use_pae_group_addr; +}; + +static const struct driver_ops wired_driver_ops; + + +#define WIRED_EAPOL_MULTICAST_GROUP {0x01,0x80,0xc2,0x00,0x00,0x03} + + +/* TODO: detecting new devices should eventually be changed from using DHCP + * snooping to trigger on any packet from a new layer 2 MAC address, e.g., + * based on ebtables, etc. */ + +struct dhcp_message { + u_int8_t op; + u_int8_t htype; + u_int8_t hlen; + u_int8_t hops; + u_int32_t xid; + u_int16_t secs; + u_int16_t flags; + u_int32_t ciaddr; + u_int32_t yiaddr; + u_int32_t siaddr; + u_int32_t giaddr; + u_int8_t chaddr[16]; + u_int8_t sname[64]; + u_int8_t file[128]; + u_int32_t cookie; + u_int8_t options[308]; /* 312 - cookie */ +}; + + +static void wired_possible_new_sta(struct hostapd_data *hapd, u8 *addr) +{ + struct sta_info *sta; + + sta = ap_get_sta(hapd, addr); + if (sta) + return; + + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "Data frame from unknown STA " + MACSTR " - adding a new STA\n", MAC2STR(addr)); + sta = ap_sta_add(hapd, addr); + if (sta) { + hostapd_new_assoc_sta(hapd, sta, 0); + accounting_sta_get_id(hapd, sta); + } else { + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "Failed to add STA entry " + "for " MACSTR "\n", MAC2STR(addr)); + } +} + + +static void handle_data(struct hostapd_data *hapd, unsigned char *buf, + size_t len) +{ + struct ieee8023_hdr *hdr; + u8 *pos, *sa; + size_t left; + + /* must contain at least ieee8023_hdr 6 byte source, 6 byte dest, + * 2 byte ethertype */ + if (len < 14) { + HOSTAPD_DEBUG(HOSTAPD_DEBUG_VERBOSE, "handle_data: too short " + "(%lu)\n", (unsigned long) len); + return; + } + + hdr = (struct ieee8023_hdr *) buf; + + switch (ntohs(hdr->ethertype)) { + case ETH_P_PAE: + HOSTAPD_DEBUG(HOSTAPD_DEBUG_VERBOSE, + "Received EAPOL packet\n"); + sa = hdr->src; + wired_possible_new_sta(hapd, sa); + + pos = (u8 *) (hdr + 1); + left = len - sizeof(*hdr); + + ieee802_1x_receive(hapd, sa, pos, left); + break; + + default: + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "Unknown ethertype 0x%04x in data frame\n", + ntohs(hdr->ethertype)); + break; + } +} + + +static void handle_read(int sock, void *eloop_ctx, void *sock_ctx) +{ + struct hostapd_data *hapd = (struct hostapd_data *) eloop_ctx; + int len; + unsigned char buf[3000]; + + len = recv(sock, buf, sizeof(buf), 0); + if (len < 0) { + perror("recv"); + return; + } + + handle_data(hapd, buf, len); +} + + +static void handle_dhcp(int sock, void *eloop_ctx, void *sock_ctx) +{ + struct hostapd_data *hapd = (struct hostapd_data *) eloop_ctx; + int len; + unsigned char buf[3000]; + struct dhcp_message *msg; + u8 *mac_address; + + len = recv(sock, buf, sizeof(buf), 0); + if (len < 0) { + perror("recv"); + return; + } + + /* must contain at least dhcp_message->chaddr */ + if (len < 44) { + HOSTAPD_DEBUG(HOSTAPD_DEBUG_VERBOSE, "handle_dhcp: too short " + "(%d)\n", len); + return; + } + + msg = (struct dhcp_message *) buf; + mac_address = (u8 *) &(msg->chaddr); + + HOSTAPD_DEBUG(HOSTAPD_DEBUG_VERBOSE, + "Got DHCP broadcast packet from " MACSTR "\n", + MAC2STR(mac_address)); + + wired_possible_new_sta(hapd, mac_address); +} + + +static int wired_init_sockets(struct wired_driver_data *drv) +{ + struct hostapd_data *hapd = drv->hapd; + struct ifreq ifr; + struct sockaddr_ll addr; + struct sockaddr_in addr2; + struct packet_mreq mreq; + u8 multicastgroup_eapol[6] = WIRED_EAPOL_MULTICAST_GROUP; + int n = 1; + + drv->sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_PAE)); + if (drv->sock < 0) { + perror("socket[PF_PACKET,SOCK_RAW]"); + return -1; + } + + if (eloop_register_read_sock(drv->sock, handle_read, hapd, NULL)) { + printf("Could not register read socket\n"); + return -1; + } + + memset(&ifr, 0, sizeof(ifr)); + snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s", + hapd->conf->iface); + if (ioctl(drv->sock, SIOCGIFINDEX, &ifr) != 0) { + perror("ioctl(SIOCGIFINDEX)"); + return -1; + } + + + memset(&addr, 0, sizeof(addr)); + addr.sll_family = AF_PACKET; + addr.sll_ifindex = ifr.ifr_ifindex; + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "Opening raw packet socket for ifindex %d\n", + addr.sll_ifindex); + + if (bind(drv->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) { + perror("bind"); + return -1; + } + + /* filter multicast address */ + memset(&mreq, 0, sizeof(mreq)); + mreq.mr_ifindex = ifr.ifr_ifindex; + mreq.mr_type = PACKET_MR_MULTICAST; + mreq.mr_alen = 6; + memcpy(mreq.mr_address, multicastgroup_eapol, mreq.mr_alen); + + if (setsockopt(drv->sock, SOL_PACKET, PACKET_ADD_MEMBERSHIP, &mreq, + sizeof(mreq)) < 0) { + perror("setsockopt[SOL_SOCKET,PACKET_ADD_MEMBERSHIP]"); + return -1; + } + + memset(&ifr, 0, sizeof(ifr)); + snprintf(ifr.ifr_name, sizeof(ifr.ifr_name), "%s", hapd->conf->iface); + if (ioctl(drv->sock, SIOCGIFHWADDR, &ifr) != 0) { + perror("ioctl(SIOCGIFHWADDR)"); + return -1; + } + + if (ifr.ifr_hwaddr.sa_family != ARPHRD_ETHER) { + printf("Invalid HW-addr family 0x%04x\n", + ifr.ifr_hwaddr.sa_family); + return -1; + } + memcpy(hapd->own_addr, ifr.ifr_hwaddr.sa_data, ETH_ALEN); + + /* setup dhcp listen socket for sta detection */ + if ((drv->dhcp_sock = socket(PF_INET, SOCK_DGRAM, IPPROTO_UDP)) < 0) { + perror("socket call failed for dhcp"); + return -1; + } + + if (eloop_register_read_sock(drv->dhcp_sock, handle_dhcp, hapd, NULL)) + { + printf("Could not register read socket\n"); + return -1; + } + + memset(&addr2, 0, sizeof(addr2)); + addr2.sin_family = AF_INET; + addr2.sin_port = htons(67); + addr2.sin_addr.s_addr = INADDR_ANY; + + if (setsockopt(drv->dhcp_sock, SOL_SOCKET, SO_REUSEADDR, (char *) &n, + sizeof(n)) == -1) { + perror("setsockopt[SOL_SOCKET,SO_REUSEADDR]"); + return -1; + } + if (setsockopt(drv->dhcp_sock, SOL_SOCKET, SO_BROADCAST, (char *) &n, + sizeof(n)) == -1) { + perror("setsockopt[SOL_SOCKET,SO_BROADCAST]"); + return -1; + } + + memset(&ifr, 0, sizeof(ifr)); + strncpy(ifr.ifr_ifrn.ifrn_name, hapd->conf->iface, IFNAMSIZ); + if (setsockopt(drv->dhcp_sock, SOL_SOCKET, SO_BINDTODEVICE, + (char *) &ifr, sizeof(ifr)) < 0) { + perror("setsockopt[SOL_SOCKET,SO_BINDTODEVICE]"); + return -1; + } + + if (bind(drv->dhcp_sock, (struct sockaddr *) &addr2, + sizeof(struct sockaddr)) == -1) { + perror("bind"); + return -1; + } + + return 0; +} + + +static int wired_send_eapol(void *priv, const u8 *addr, + const u8 *data, size_t data_len, int encrypt, + const u8 *own_addr) +{ + struct wired_driver_data *drv = priv; + u8 pae_group_addr[ETH_ALEN] = WIRED_EAPOL_MULTICAST_GROUP; + struct ieee8023_hdr *hdr; + size_t len; + u8 *pos; + int res; + + len = sizeof(*hdr) + data_len; + hdr = wpa_zalloc(len); + if (hdr == NULL) { + printf("malloc() failed for wired_send_eapol(len=%lu)\n", + (unsigned long) len); + return -1; + } + + memcpy(hdr->dest, drv->use_pae_group_addr ? pae_group_addr : addr, + ETH_ALEN); + memcpy(hdr->src, own_addr, ETH_ALEN); + hdr->ethertype = htons(ETH_P_PAE); + + pos = (u8 *) (hdr + 1); + memcpy(pos, data, data_len); + + res = send(drv->sock, (u8 *) hdr, len, 0); + free(hdr); + + if (res < 0) { + perror("wired_send_eapol: send"); + printf("wired_send_eapol - packet len: %lu - failed\n", + (unsigned long) len); + } + + return res; +} + + +static int wired_driver_init(struct hostapd_data *hapd) +{ + struct wired_driver_data *drv; + + drv = wpa_zalloc(sizeof(struct wired_driver_data)); + if (drv == NULL) { + printf("Could not allocate memory for wired driver data\n"); + return -1; + } + + drv->ops = wired_driver_ops; + drv->hapd = hapd; + drv->use_pae_group_addr = hapd->conf->use_pae_group_addr; + + if (wired_init_sockets(drv)) { + free(drv); + return -1; + } + + hapd->driver = &drv->ops; + return 0; +} + + +static void wired_driver_deinit(void *priv) +{ + struct wired_driver_data *drv = priv; + + drv->hapd->driver = NULL; + + if (drv->sock >= 0) + close(drv->sock); + + if (drv->dhcp_sock >= 0) + close(drv->dhcp_sock); + + free(drv); +} + + +static const struct driver_ops wired_driver_ops = { + .name = "wired", + .init = wired_driver_init, + .deinit = wired_driver_deinit, + .send_eapol = wired_send_eapol, +}; + +void wired_driver_register(void) +{ + driver_register(wired_driver_ops.name, &wired_driver_ops); +} diff --git a/contrib/hostapd-0.5.8/eap.c b/contrib/hostapd-0.5.8/eap.c new file mode 100644 index 0000000000..da250f04c7 --- /dev/null +++ b/contrib/hostapd-0.5.8/eap.c @@ -0,0 +1,1138 @@ +/* + * hostapd / EAP Standalone Authenticator state machine (RFC 4137) + * Copyright (c) 2004-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "hostapd.h" +#include "sta_info.h" +#include "eap_i.h" +#include "state_machine.h" + +#define STATE_MACHINE_DATA struct eap_sm +#define STATE_MACHINE_DEBUG_PREFIX "EAP" + +#define EAP_MAX_AUTH_ROUNDS 50 + +static void eap_user_free(struct eap_user *user); + + +/* EAP state machines are described in RFC 4137 */ + +static int eap_sm_calculateTimeout(struct eap_sm *sm, int retransCount, + int eapSRTT, int eapRTTVAR, + int methodTimeout); +static void eap_sm_parseEapResp(struct eap_sm *sm, u8 *resp, size_t len); +static u8 * eap_sm_buildSuccess(struct eap_sm *sm, int id, size_t *len); +static u8 * eap_sm_buildFailure(struct eap_sm *sm, int id, size_t *len); +static int eap_sm_nextId(struct eap_sm *sm, int id); +static void eap_sm_Policy_update(struct eap_sm *sm, u8 *nak_list, size_t len); +static EapType eap_sm_Policy_getNextMethod(struct eap_sm *sm, int *vendor); +static int eap_sm_Policy_getDecision(struct eap_sm *sm); +static Boolean eap_sm_Policy_doPickUp(struct eap_sm *sm, EapType method); + + +static Boolean eapol_get_bool(struct eap_sm *sm, enum eapol_bool_var var) +{ + return sm->eapol_cb->get_bool(sm->eapol_ctx, var); +} + + +static void eapol_set_bool(struct eap_sm *sm, enum eapol_bool_var var, + Boolean value) +{ + sm->eapol_cb->set_bool(sm->eapol_ctx, var, value); +} + + +static void eapol_set_eapReqData(struct eap_sm *sm, + const u8 *eapReqData, size_t eapReqDataLen) +{ + wpa_hexdump(MSG_MSGDUMP, "EAP: eapReqData -> EAPOL", + sm->eapReqData, sm->eapReqDataLen); + sm->eapol_cb->set_eapReqData(sm->eapol_ctx, eapReqData, eapReqDataLen); +} + + +static void eapol_set_eapKeyData(struct eap_sm *sm, + const u8 *eapKeyData, size_t eapKeyDataLen) +{ + wpa_hexdump(MSG_MSGDUMP, "EAP: eapKeyData -> EAPOL", + sm->eapKeyData, sm->eapKeyDataLen); + sm->eapol_cb->set_eapKeyData(sm->eapol_ctx, eapKeyData, eapKeyDataLen); +} + + +/** + * eap_user_get - Fetch user information from the database + * @sm: Pointer to EAP state machine allocated with eap_sm_init() + * @identity: Identity (User-Name) of the user + * @identity_len: Length of identity in bytes + * @phase2: 0 = EAP phase1 user, 1 = EAP phase2 (tunneled) user + * Returns: 0 on success, or -1 on failure + * + * This function is used to fetch user information for EAP. The user will be + * selected based on the specified identity. sm->user and + * sm->user_eap_method_index are updated for the new user when a matching user + * is found. sm->user can be used to get user information (e.g., password). + */ +int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len, + int phase2) +{ + struct eap_user *user; + + if (sm == NULL || sm->eapol_cb == NULL || + sm->eapol_cb->get_eap_user == NULL) + return -1; + + eap_user_free(sm->user); + sm->user = NULL; + + user = wpa_zalloc(sizeof(*user)); + if (user == NULL) + return -1; + + if (sm->eapol_cb->get_eap_user(sm->eapol_ctx, identity, + identity_len, phase2, user) != 0) { + eap_user_free(user); + return -1; + } + + sm->user = user; + sm->user_eap_method_index = 0; + + return 0; +} + + +SM_STATE(EAP, DISABLED) +{ + SM_ENTRY(EAP, DISABLED); + sm->num_rounds = 0; +} + + +SM_STATE(EAP, INITIALIZE) +{ + SM_ENTRY(EAP, INITIALIZE); + + sm->currentId = -1; + eapol_set_bool(sm, EAPOL_eapSuccess, FALSE); + eapol_set_bool(sm, EAPOL_eapFail, FALSE); + eapol_set_bool(sm, EAPOL_eapTimeout, FALSE); + free(sm->eapKeyData); + sm->eapKeyData = NULL; + sm->eapKeyDataLen = 0; + /* eapKeyAvailable = FALSE */ + eapol_set_bool(sm, EAPOL_eapRestart, FALSE); + + /* + * This is not defined in RFC 4137, but method state needs to be + * reseted here so that it does not remain in success state when + * re-authentication starts. + */ + if (sm->m && sm->eap_method_priv) { + sm->m->reset(sm, sm->eap_method_priv); + sm->eap_method_priv = NULL; + } + sm->m = NULL; + sm->user_eap_method_index = 0; + + if (sm->backend_auth) { + sm->currentMethod = EAP_TYPE_NONE; + /* parse rxResp, respId, respMethod */ + eap_sm_parseEapResp(sm, sm->eapRespData, sm->eapRespDataLen); + if (sm->rxResp) { + sm->currentId = sm->respId; + } + } + sm->num_rounds = 0; + sm->method_pending = METHOD_PENDING_NONE; +} + + +SM_STATE(EAP, PICK_UP_METHOD) +{ + SM_ENTRY(EAP, PICK_UP_METHOD); + + if (eap_sm_Policy_doPickUp(sm, sm->respMethod)) { + sm->currentMethod = sm->respMethod; + if (sm->m && sm->eap_method_priv) { + sm->m->reset(sm, sm->eap_method_priv); + sm->eap_method_priv = NULL; + } + sm->m = eap_sm_get_eap_methods(EAP_VENDOR_IETF, + sm->currentMethod); + if (sm->m && sm->m->initPickUp) { + sm->eap_method_priv = sm->m->initPickUp(sm); + if (sm->eap_method_priv == NULL) { + wpa_printf(MSG_DEBUG, "EAP: Failed to " + "initialize EAP method %d", + sm->currentMethod); + sm->m = NULL; + sm->currentMethod = EAP_TYPE_NONE; + } + } else { + sm->m = NULL; + sm->currentMethod = EAP_TYPE_NONE; + } + } +} + + +SM_STATE(EAP, IDLE) +{ + SM_ENTRY(EAP, IDLE); + + sm->retransWhile = eap_sm_calculateTimeout(sm, sm->retransCount, + sm->eapSRTT, sm->eapRTTVAR, + sm->methodTimeout); +} + + +SM_STATE(EAP, RETRANSMIT) +{ + SM_ENTRY(EAP, RETRANSMIT); + + /* TODO: Is this needed since EAPOL state machines take care of + * retransmit? */ +} + + +SM_STATE(EAP, RECEIVED) +{ + SM_ENTRY(EAP, RECEIVED); + + /* parse rxResp, respId, respMethod */ + eap_sm_parseEapResp(sm, sm->eapRespData, sm->eapRespDataLen); + sm->num_rounds++; +} + + +SM_STATE(EAP, DISCARD) +{ + SM_ENTRY(EAP, DISCARD); + eapol_set_bool(sm, EAPOL_eapResp, FALSE); + eapol_set_bool(sm, EAPOL_eapNoReq, TRUE); +} + + +SM_STATE(EAP, SEND_REQUEST) +{ + SM_ENTRY(EAP, SEND_REQUEST); + + sm->retransCount = 0; + if (sm->eapReqData) { + eapol_set_eapReqData(sm, sm->eapReqData, sm->eapReqDataLen); + free(sm->lastReqData); + sm->lastReqData = sm->eapReqData; + sm->lastReqDataLen = sm->eapReqDataLen; + sm->eapReqData = NULL; + sm->eapReqDataLen = 0; + eapol_set_bool(sm, EAPOL_eapResp, FALSE); + eapol_set_bool(sm, EAPOL_eapReq, TRUE); + } else { + wpa_printf(MSG_INFO, "EAP: SEND_REQUEST - no eapReqData"); + eapol_set_bool(sm, EAPOL_eapResp, FALSE); + eapol_set_bool(sm, EAPOL_eapReq, FALSE); + eapol_set_bool(sm, EAPOL_eapNoReq, TRUE); + } +} + + +SM_STATE(EAP, INTEGRITY_CHECK) +{ + SM_ENTRY(EAP, INTEGRITY_CHECK); + + if (sm->m->check) { + sm->ignore = sm->m->check(sm, sm->eap_method_priv, + sm->eapRespData, sm->eapRespDataLen); + } +} + + +SM_STATE(EAP, METHOD_REQUEST) +{ + SM_ENTRY(EAP, METHOD_REQUEST); + + if (sm->m == NULL) { + wpa_printf(MSG_DEBUG, "EAP: method not initialized"); + return; + } + + sm->currentId = eap_sm_nextId(sm, sm->currentId); + wpa_printf(MSG_DEBUG, "EAP: building EAP-Request: Identifier %d", + sm->currentId); + sm->lastId = sm->currentId; + free(sm->eapReqData); + sm->eapReqData = sm->m->buildReq(sm, sm->eap_method_priv, + sm->currentId, &sm->eapReqDataLen); + if (sm->m->getTimeout) + sm->methodTimeout = sm->m->getTimeout(sm, sm->eap_method_priv); + else + sm->methodTimeout = 0; +} + + +SM_STATE(EAP, METHOD_RESPONSE) +{ + SM_ENTRY(EAP, METHOD_RESPONSE); + + sm->m->process(sm, sm->eap_method_priv, sm->eapRespData, + sm->eapRespDataLen); + if (sm->m->isDone(sm, sm->eap_method_priv)) { + eap_sm_Policy_update(sm, NULL, 0); + free(sm->eapKeyData); + if (sm->m->getKey) { + sm->eapKeyData = sm->m->getKey(sm, sm->eap_method_priv, + &sm->eapKeyDataLen); + } else { + sm->eapKeyData = NULL; + sm->eapKeyDataLen = 0; + } + sm->methodState = METHOD_END; + } else { + sm->methodState = METHOD_CONTINUE; + } +} + + +SM_STATE(EAP, PROPOSE_METHOD) +{ + int vendor; + EapType type; + + SM_ENTRY(EAP, PROPOSE_METHOD); + + type = eap_sm_Policy_getNextMethod(sm, &vendor); + if (vendor == EAP_VENDOR_IETF) + sm->currentMethod = type; + else + sm->currentMethod = EAP_TYPE_EXPANDED; + if (sm->m && sm->eap_method_priv) { + sm->m->reset(sm, sm->eap_method_priv); + sm->eap_method_priv = NULL; + } + sm->m = eap_sm_get_eap_methods(vendor, type); + if (sm->m) { + sm->eap_method_priv = sm->m->init(sm); + if (sm->eap_method_priv == NULL) { + wpa_printf(MSG_DEBUG, "EAP: Failed to initialize EAP " + "method %d", sm->currentMethod); + sm->m = NULL; + sm->currentMethod = EAP_TYPE_NONE; + } + } + if (sm->currentMethod == EAP_TYPE_IDENTITY || + sm->currentMethod == EAP_TYPE_NOTIFICATION) + sm->methodState = METHOD_CONTINUE; + else + sm->methodState = METHOD_PROPOSED; +} + + +SM_STATE(EAP, NAK) +{ + struct eap_hdr *nak; + size_t len = 0; + u8 *pos, *nak_list = NULL; + + SM_ENTRY(EAP, NAK); + + if (sm->eap_method_priv) { + sm->m->reset(sm, sm->eap_method_priv); + sm->eap_method_priv = NULL; + } + sm->m = NULL; + + nak = (struct eap_hdr *) sm->eapRespData; + if (nak && sm->eapRespDataLen > sizeof(*nak)) { + len = ntohs(nak->length); + if (len > sm->eapRespDataLen) + len = sm->eapRespDataLen; + pos = (u8 *) (nak + 1); + len -= sizeof(*nak); + if (*pos == EAP_TYPE_NAK) { + pos++; + len--; + nak_list = pos; + } + } + eap_sm_Policy_update(sm, nak_list, len); +} + + +SM_STATE(EAP, SELECT_ACTION) +{ + SM_ENTRY(EAP, SELECT_ACTION); + + sm->decision = eap_sm_Policy_getDecision(sm); +} + + +SM_STATE(EAP, TIMEOUT_FAILURE) +{ + SM_ENTRY(EAP, TIMEOUT_FAILURE); + + eapol_set_bool(sm, EAPOL_eapTimeout, TRUE); +} + + +SM_STATE(EAP, FAILURE) +{ + SM_ENTRY(EAP, FAILURE); + + free(sm->eapReqData); + sm->eapReqData = eap_sm_buildFailure(sm, sm->currentId, + &sm->eapReqDataLen); + if (sm->eapReqData) { + eapol_set_eapReqData(sm, sm->eapReqData, sm->eapReqDataLen); + free(sm->eapReqData); + sm->eapReqData = NULL; + sm->eapReqDataLen = 0; + } + free(sm->lastReqData); + sm->lastReqData = NULL; + sm->lastReqDataLen = 0; + eapol_set_bool(sm, EAPOL_eapFail, TRUE); +} + + +SM_STATE(EAP, SUCCESS) +{ + SM_ENTRY(EAP, SUCCESS); + + free(sm->eapReqData); + sm->eapReqData = eap_sm_buildSuccess(sm, sm->currentId, + &sm->eapReqDataLen); + if (sm->eapReqData) { + eapol_set_eapReqData(sm, sm->eapReqData, sm->eapReqDataLen); + free(sm->eapReqData); + sm->eapReqData = NULL; + sm->eapReqDataLen = 0; + } + free(sm->lastReqData); + sm->lastReqData = NULL; + sm->lastReqDataLen = 0; + if (sm->eapKeyData) { + eapol_set_eapKeyData(sm, sm->eapKeyData, sm->eapKeyDataLen); + } + eapol_set_bool(sm, EAPOL_eapSuccess, TRUE); +} + + +SM_STEP(EAP) +{ + if (eapol_get_bool(sm, EAPOL_eapRestart) && + eapol_get_bool(sm, EAPOL_portEnabled)) + SM_ENTER_GLOBAL(EAP, INITIALIZE); + else if (!eapol_get_bool(sm, EAPOL_portEnabled)) + SM_ENTER_GLOBAL(EAP, DISABLED); + else if (sm->num_rounds > EAP_MAX_AUTH_ROUNDS) { + if (sm->num_rounds == EAP_MAX_AUTH_ROUNDS + 1) { + wpa_printf(MSG_DEBUG, "EAP: more than %d " + "authentication rounds - abort", + EAP_MAX_AUTH_ROUNDS); + sm->num_rounds++; + SM_ENTER_GLOBAL(EAP, FAILURE); + } + } else switch (sm->EAP_state) { + case EAP_INITIALIZE: + if (sm->backend_auth) { + if (!sm->rxResp) + SM_ENTER(EAP, SELECT_ACTION); + else if (sm->rxResp && + (sm->respMethod == EAP_TYPE_NAK || + (sm->respMethod == EAP_TYPE_EXPANDED && + sm->respVendor == EAP_VENDOR_IETF && + sm->respVendorMethod == EAP_TYPE_NAK))) + SM_ENTER(EAP, NAK); + else + SM_ENTER(EAP, PICK_UP_METHOD); + } else { + SM_ENTER(EAP, SELECT_ACTION); + } + break; + case EAP_PICK_UP_METHOD: + if (sm->currentMethod == EAP_TYPE_NONE) { + SM_ENTER(EAP, SELECT_ACTION); + } else { + SM_ENTER(EAP, METHOD_RESPONSE); + } + break; + case EAP_DISABLED: + if (eapol_get_bool(sm, EAPOL_portEnabled)) + SM_ENTER(EAP, INITIALIZE); + break; + case EAP_IDLE: + if (sm->retransWhile == 0) + SM_ENTER(EAP, RETRANSMIT); + else if (eapol_get_bool(sm, EAPOL_eapResp)) + SM_ENTER(EAP, RECEIVED); + break; + case EAP_RETRANSMIT: + if (sm->retransCount > sm->MaxRetrans) + SM_ENTER(EAP, TIMEOUT_FAILURE); + else + SM_ENTER(EAP, IDLE); + break; + case EAP_RECEIVED: + if (sm->rxResp && (sm->respId == sm->currentId) && + (sm->respMethod == EAP_TYPE_NAK || + (sm->respMethod == EAP_TYPE_EXPANDED && + sm->respVendor == EAP_VENDOR_IETF && + sm->respVendorMethod == EAP_TYPE_NAK)) + && (sm->methodState == METHOD_PROPOSED)) + SM_ENTER(EAP, NAK); + else if (sm->rxResp && (sm->respId == sm->currentId) && + ((sm->respMethod == sm->currentMethod) || + (sm->respMethod == EAP_TYPE_EXPANDED && + sm->respVendor == EAP_VENDOR_IETF && + sm->respVendorMethod == sm->currentMethod))) + SM_ENTER(EAP, INTEGRITY_CHECK); + else { + wpa_printf(MSG_DEBUG, "EAP: RECEIVED->DISCARD: " + "rxResp=%d respId=%d currentId=%d " + "respMethod=%d currentMethod=%d", + sm->rxResp, sm->respId, sm->currentId, + sm->respMethod, sm->currentMethod); + SM_ENTER(EAP, DISCARD); + } + break; + case EAP_DISCARD: + SM_ENTER(EAP, IDLE); + break; + case EAP_SEND_REQUEST: + SM_ENTER(EAP, IDLE); + break; + case EAP_INTEGRITY_CHECK: + if (sm->ignore) + SM_ENTER(EAP, DISCARD); + else + SM_ENTER(EAP, METHOD_RESPONSE); + break; + case EAP_METHOD_REQUEST: + SM_ENTER(EAP, SEND_REQUEST); + break; + case EAP_METHOD_RESPONSE: + /* + * Note: Mechanism to allow EAP methods to wait while going + * through pending processing is an extension to RFC 4137 + * which only defines the transits to SELECT_ACTION and + * METHOD_REQUEST from this METHOD_RESPONSE state. + */ + if (sm->methodState == METHOD_END) + SM_ENTER(EAP, SELECT_ACTION); + else if (sm->method_pending == METHOD_PENDING_WAIT) { + wpa_printf(MSG_DEBUG, "EAP: Method has pending " + "processing - wait before proceeding to " + "METHOD_REQUEST state"); + } else if (sm->method_pending == METHOD_PENDING_CONT) { + wpa_printf(MSG_DEBUG, "EAP: Method has completed " + "pending processing - reprocess pending " + "EAP message"); + sm->method_pending = METHOD_PENDING_NONE; + SM_ENTER(EAP, METHOD_RESPONSE); + } else + SM_ENTER(EAP, METHOD_REQUEST); + break; + case EAP_PROPOSE_METHOD: + /* + * Note: Mechanism to allow EAP methods to wait while going + * through pending processing is an extension to RFC 4137 + * which only defines the transit to METHOD_REQUEST from this + * PROPOSE_METHOD state. + */ + if (sm->method_pending == METHOD_PENDING_WAIT) { + wpa_printf(MSG_DEBUG, "EAP: Method has pending " + "processing - wait before proceeding to " + "METHOD_REQUEST state"); + if (sm->user_eap_method_index > 0) + sm->user_eap_method_index--; + } else if (sm->method_pending == METHOD_PENDING_CONT) { + wpa_printf(MSG_DEBUG, "EAP: Method has completed " + "pending processing - reprocess pending " + "EAP message"); + sm->method_pending = METHOD_PENDING_NONE; + SM_ENTER(EAP, PROPOSE_METHOD); + } else + SM_ENTER(EAP, METHOD_REQUEST); + break; + case EAP_NAK: + SM_ENTER(EAP, SELECT_ACTION); + break; + case EAP_SELECT_ACTION: + if (sm->decision == DECISION_FAILURE) + SM_ENTER(EAP, FAILURE); + else if (sm->decision == DECISION_SUCCESS) + SM_ENTER(EAP, SUCCESS); + else + SM_ENTER(EAP, PROPOSE_METHOD); + break; + case EAP_TIMEOUT_FAILURE: + break; + case EAP_FAILURE: + break; + case EAP_SUCCESS: + break; + } +} + + +static int eap_sm_calculateTimeout(struct eap_sm *sm, int retransCount, + int eapSRTT, int eapRTTVAR, + int methodTimeout) +{ + /* For now, retransmission is done in EAPOL state machines, so make + * sure EAP state machine does not end up trying to retransmit packets. + */ + return 1; +} + + +static void eap_sm_parseEapResp(struct eap_sm *sm, u8 *resp, size_t len) +{ + struct eap_hdr *hdr; + size_t plen; + + /* parse rxResp, respId, respMethod */ + sm->rxResp = FALSE; + sm->respId = -1; + sm->respMethod = EAP_TYPE_NONE; + sm->respVendor = EAP_VENDOR_IETF; + sm->respVendorMethod = EAP_TYPE_NONE; + + if (resp == NULL || len < sizeof(*hdr)) + return; + + hdr = (struct eap_hdr *) resp; + plen = ntohs(hdr->length); + if (plen > len) { + wpa_printf(MSG_DEBUG, "EAP: Ignored truncated EAP-Packet " + "(len=%lu plen=%lu)", (unsigned long) len, + (unsigned long) plen); + return; + } + + sm->respId = hdr->identifier; + + if (hdr->code == EAP_CODE_RESPONSE) + sm->rxResp = TRUE; + + if (plen > sizeof(*hdr)) { + u8 *pos = (u8 *) (hdr + 1); + sm->respMethod = *pos++; + if (sm->respMethod == EAP_TYPE_EXPANDED) { + if (plen < sizeof(*hdr) + 8) { + wpa_printf(MSG_DEBUG, "EAP: Ignored truncated " + "expanded EAP-Packet (plen=%lu)", + (unsigned long) plen); + return; + } + sm->respVendor = WPA_GET_BE24(pos); + pos += 3; + sm->respVendorMethod = WPA_GET_BE32(pos); + } + } + + wpa_printf(MSG_DEBUG, "EAP: parseEapResp: rxResp=%d respId=%d " + "respMethod=%u respVendor=%u respVendorMethod=%u", + sm->rxResp, sm->respId, sm->respMethod, sm->respVendor, + sm->respVendorMethod); +} + + +static u8 * eap_sm_buildSuccess(struct eap_sm *sm, int id, size_t *len) +{ + struct eap_hdr *resp; + wpa_printf(MSG_DEBUG, "EAP: Building EAP-Success (id=%d)", id); + + *len = sizeof(*resp); + resp = malloc(*len); + if (resp == NULL) + return NULL; + resp->code = EAP_CODE_SUCCESS; + resp->identifier = id; + resp->length = htons(*len); + + return (u8 *) resp; +} + + +static u8 * eap_sm_buildFailure(struct eap_sm *sm, int id, size_t *len) +{ + struct eap_hdr *resp; + wpa_printf(MSG_DEBUG, "EAP: Building EAP-Failure (id=%d)", id); + + *len = sizeof(*resp); + resp = malloc(*len); + if (resp == NULL) + return NULL; + resp->code = EAP_CODE_FAILURE; + resp->identifier = id; + resp->length = htons(*len); + + return (u8 *) resp; +} + + +static int eap_sm_nextId(struct eap_sm *sm, int id) +{ + if (id < 0) { + /* RFC 3748 Ch 4.1: recommended to initialize Identifier with a + * random number */ + id = rand() & 0xff; + if (id != sm->lastId) + return id; + } + return (id + 1) & 0xff; +} + + +/** + * eap_sm_process_nak - Process EAP-Response/Nak + * @sm: Pointer to EAP state machine allocated with eap_sm_init() + * @nak_list: Nak list (allowed methods) from the supplicant + * @len: Length of nak_list in bytes + * + * This function is called when EAP-Response/Nak is received from the + * supplicant. This can happen for both phase 1 and phase 2 authentications. + */ +void eap_sm_process_nak(struct eap_sm *sm, u8 *nak_list, size_t len) +{ + int i; + size_t j; + + if (sm->user == NULL) + return; + + wpa_printf(MSG_MSGDUMP, "EAP: processing NAK (current EAP method " + "index %d)", sm->user_eap_method_index); + + wpa_hexdump(MSG_MSGDUMP, "EAP: configured methods", + (u8 *) sm->user->methods, + EAP_MAX_METHODS * sizeof(sm->user->methods[0])); + wpa_hexdump(MSG_MSGDUMP, "EAP: list of methods supported by the peer", + nak_list, len); + + i = sm->user_eap_method_index; + while (i < EAP_MAX_METHODS && + (sm->user->methods[i].vendor != EAP_VENDOR_IETF || + sm->user->methods[i].method != EAP_TYPE_NONE)) { + if (sm->user->methods[i].vendor != EAP_VENDOR_IETF) + goto not_found; + for (j = 0; j < len; j++) { + if (nak_list[j] == sm->user->methods[i].method) { + break; + } + } + + if (j < len) { + /* found */ + i++; + continue; + } + + not_found: + /* not found - remove from the list */ + memmove(&sm->user->methods[i], &sm->user->methods[i + 1], + (EAP_MAX_METHODS - i - 1) * + sizeof(sm->user->methods[0])); + sm->user->methods[EAP_MAX_METHODS - 1].vendor = + EAP_VENDOR_IETF; + sm->user->methods[EAP_MAX_METHODS - 1].method = EAP_TYPE_NONE; + } + + wpa_hexdump(MSG_MSGDUMP, "EAP: new list of configured methods", + (u8 *) sm->user->methods, EAP_MAX_METHODS * + sizeof(sm->user->methods[0])); +} + + +static void eap_sm_Policy_update(struct eap_sm *sm, u8 *nak_list, size_t len) +{ + if (nak_list == NULL || sm == NULL || sm->user == NULL) + return; + + if (sm->user->phase2) { + wpa_printf(MSG_DEBUG, "EAP: EAP-Nak received after Phase2 user" + " info was selected - reject"); + sm->decision = DECISION_FAILURE; + return; + } + + eap_sm_process_nak(sm, nak_list, len); +} + + +static EapType eap_sm_Policy_getNextMethod(struct eap_sm *sm, int *vendor) +{ + EapType next; + int idx = sm->user_eap_method_index; + + /* In theory, there should be no problems with starting + * re-authentication with something else than EAP-Request/Identity and + * this does indeed work with wpa_supplicant. However, at least Funk + * Supplicant seemed to ignore re-auth if it skipped + * EAP-Request/Identity. + * Re-auth sets currentId == -1, so that can be used here to select + * whether Identity needs to be requested again. */ + if (sm->identity == NULL || sm->currentId == -1) { + *vendor = EAP_VENDOR_IETF; + next = EAP_TYPE_IDENTITY; + sm->update_user = TRUE; + } else if (sm->user && idx < EAP_MAX_METHODS && + (sm->user->methods[idx].vendor != EAP_VENDOR_IETF || + sm->user->methods[idx].method != EAP_TYPE_NONE)) { + *vendor = sm->user->methods[idx].vendor; + next = sm->user->methods[idx].method; + sm->user_eap_method_index++; + } else { + *vendor = EAP_VENDOR_IETF; + next = EAP_TYPE_NONE; + } + wpa_printf(MSG_DEBUG, "EAP: getNextMethod: vendor %d type %d", + *vendor, next); + return next; +} + + +static int eap_sm_Policy_getDecision(struct eap_sm *sm) +{ + if (sm->m && sm->currentMethod != EAP_TYPE_IDENTITY && + sm->m->isSuccess(sm, sm->eap_method_priv)) { + wpa_printf(MSG_DEBUG, "EAP: getDecision: method succeeded -> " + "SUCCESS"); + sm->update_user = TRUE; + return DECISION_SUCCESS; + } + + if (sm->m && sm->m->isDone(sm, sm->eap_method_priv) && + !sm->m->isSuccess(sm, sm->eap_method_priv)) { + wpa_printf(MSG_DEBUG, "EAP: getDecision: method failed -> " + "FAILURE"); + sm->update_user = TRUE; + return DECISION_FAILURE; + } + + if ((sm->user == NULL || sm->update_user) && sm->identity) { + if (eap_user_get(sm, sm->identity, sm->identity_len, 0) != 0) { + wpa_printf(MSG_DEBUG, "EAP: getDecision: user not " + "found from database -> FAILURE"); + return DECISION_FAILURE; + } + sm->update_user = FALSE; + } + + if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS && + (sm->user->methods[sm->user_eap_method_index].vendor != + EAP_VENDOR_IETF || + sm->user->methods[sm->user_eap_method_index].method != + EAP_TYPE_NONE)) { + wpa_printf(MSG_DEBUG, "EAP: getDecision: another method " + "available -> CONTINUE"); + return DECISION_CONTINUE; + } + + if (sm->identity == NULL || sm->currentId == -1) { + wpa_printf(MSG_DEBUG, "EAP: getDecision: no identity known " + "yet -> CONTINUE"); + return DECISION_CONTINUE; + } + + wpa_printf(MSG_DEBUG, "EAP: getDecision: no more methods available -> " + "FAILURE"); + return DECISION_FAILURE; +} + + +static Boolean eap_sm_Policy_doPickUp(struct eap_sm *sm, EapType method) +{ + return method == EAP_TYPE_IDENTITY ? TRUE : FALSE; +} + + +/** + * eap_sm_step - Step EAP state machine + * @sm: Pointer to EAP state machine allocated with eap_sm_init() + * Returns: 1 if EAP state was changed or 0 if not + * + * This function advances EAP state machine to a new state to match with the + * current variables. This should be called whenever variables used by the EAP + * state machine have changed. + */ +int eap_sm_step(struct eap_sm *sm) +{ + int res = 0; + do { + sm->changed = FALSE; + SM_STEP_RUN(EAP); + if (sm->changed) + res = 1; + } while (sm->changed); + return res; +} + + +/** + * eap_set_eapRespData - Set EAP response (eapRespData) + * @sm: Pointer to EAP state machine allocated with eap_sm_init() + * @eapRespData: EAP-Response payload from the supplicant + * @eapRespDataLen: Length of eapRespData in bytes + * + * This function is called when an EAP-Response is received from a supplicant. + */ +void eap_set_eapRespData(struct eap_sm *sm, const u8 *eapRespData, + size_t eapRespDataLen) +{ + if (sm == NULL) + return; + free(sm->eapRespData); + sm->eapRespData = malloc(eapRespDataLen); + if (sm->eapRespData == NULL) + return; + memcpy(sm->eapRespData, eapRespData, eapRespDataLen); + sm->eapRespDataLen = eapRespDataLen; + wpa_hexdump(MSG_MSGDUMP, "EAP: EAP-Response received", + eapRespData, eapRespDataLen); +} + + +static void eap_user_free(struct eap_user *user) +{ + if (user == NULL) + return; + free(user->password); + user->password = NULL; + free(user); +} + + +/** + * eap_sm_init - Allocate and initialize EAP state machine + * @eapol_ctx: Context data to be used with eapol_cb calls + * @eapol_cb: Pointer to EAPOL callback functions + * @conf: EAP configuration + * Returns: Pointer to the allocated EAP state machine or %NULL on failure + * + * This function allocates and initializes an EAP state machine. + */ +struct eap_sm * eap_sm_init(void *eapol_ctx, struct eapol_callbacks *eapol_cb, + struct eap_config *conf) +{ + struct eap_sm *sm; + + sm = wpa_zalloc(sizeof(*sm)); + if (sm == NULL) + return NULL; + sm->eapol_ctx = eapol_ctx; + sm->eapol_cb = eapol_cb; + sm->MaxRetrans = 10; + sm->ssl_ctx = conf->ssl_ctx; + sm->eap_sim_db_priv = conf->eap_sim_db_priv; + sm->backend_auth = conf->backend_auth; + + wpa_printf(MSG_DEBUG, "EAP: State machine created"); + + return sm; +} + + +/** + * eap_sm_deinit - Deinitialize and free an EAP state machine + * @sm: Pointer to EAP state machine allocated with eap_sm_init() + * + * This function deinitializes EAP state machine and frees all allocated + * resources. + */ +void eap_sm_deinit(struct eap_sm *sm) +{ + if (sm == NULL) + return; + wpa_printf(MSG_DEBUG, "EAP: State machine removed"); + if (sm->m && sm->eap_method_priv) + sm->m->reset(sm, sm->eap_method_priv); + free(sm->eapReqData); + free(sm->eapKeyData); + free(sm->lastReqData); + free(sm->eapRespData); + free(sm->identity); + eap_user_free(sm->user); + free(sm); +} + + +/** + * eap_sm_notify_cached - Notify EAP state machine of cached PMK + * @sm: Pointer to EAP state machine allocated with eap_sm_init() + * + * This function is called when PMKSA caching is used to skip EAP + * authentication. + */ +void eap_sm_notify_cached(struct eap_sm *sm) +{ + if (sm == NULL) + return; + + sm->EAP_state = EAP_SUCCESS; +} + + +/** + * eap_sm_pending_cb - EAP state machine callback for a pending EAP request + * @sm: Pointer to EAP state machine allocated with eap_sm_init() + * + * This function is called when data for a pending EAP-Request is received. + */ +void eap_sm_pending_cb(struct eap_sm *sm) +{ + if (sm == NULL) + return; + wpa_printf(MSG_DEBUG, "EAP: Callback for pending request received"); + if (sm->method_pending == METHOD_PENDING_WAIT) + sm->method_pending = METHOD_PENDING_CONT; +} + + +/** + * eap_sm_method_pending - Query whether EAP method is waiting for pending data + * @sm: Pointer to EAP state machine allocated with eap_sm_init() + * Returns: 1 if method is waiting for pending data or 0 if not + */ +int eap_sm_method_pending(struct eap_sm *sm) +{ + if (sm == NULL) + return 0; + return sm->method_pending == METHOD_PENDING_WAIT; +} + + +/** + * eap_hdr_validate - Validate EAP header + * @vendor: Expected EAP Vendor-Id (0 = IETF) + * @eap_type: Expected EAP type number + * @msg: EAP frame (starting with EAP header) + * @msglen: Length of msg + * @plen: Pointer to variable to contain the returned payload length + * Returns: Pointer to EAP payload (after type field), or %NULL on failure + * + * This is a helper function for EAP method implementations. This is usually + * called in the beginning of struct eap_method::process() function to verify + * that the received EAP request packet has a valid header. This function is + * able to process both legacy and expanded EAP headers and in most cases, the + * caller can just use the returned payload pointer (into *plen) for processing + * the payload regardless of whether the packet used the expanded EAP header or + * not. + */ +const u8 * eap_hdr_validate(int vendor, EapType eap_type, + const u8 *msg, size_t msglen, size_t *plen) +{ + const struct eap_hdr *hdr; + const u8 *pos; + size_t len; + + hdr = (const struct eap_hdr *) msg; + + if (msglen < sizeof(*hdr)) { + wpa_printf(MSG_INFO, "EAP: Too short EAP frame"); + return NULL; + } + + len = be_to_host16(hdr->length); + if (len < sizeof(*hdr) + 1 || len > msglen) { + wpa_printf(MSG_INFO, "EAP: Invalid EAP length"); + return NULL; + } + + pos = (const u8 *) (hdr + 1); + + if (*pos == EAP_TYPE_EXPANDED) { + int exp_vendor; + u32 exp_type; + if (len < sizeof(*hdr) + 8) { + wpa_printf(MSG_INFO, "EAP: Invalid expanded EAP " + "length"); + return NULL; + } + pos++; + exp_vendor = WPA_GET_BE24(pos); + pos += 3; + exp_type = WPA_GET_BE32(pos); + pos += 4; + if (exp_vendor != vendor || exp_type != (u32) eap_type) { + wpa_printf(MSG_INFO, "EAP: Invalid expanded frame " + "type"); + return NULL; + } + + *plen = len - sizeof(*hdr) - 8; + return pos; + } else { + if (vendor != EAP_VENDOR_IETF || *pos != eap_type) { + wpa_printf(MSG_INFO, "EAP: Invalid frame type"); + return NULL; + } + *plen = len - sizeof(*hdr) - 1; + return pos + 1; + } +} + + +/** + * eap_msg_alloc - Allocate a buffer for an EAP message + * @vendor: Vendor-Id (0 = IETF) + * @type: EAP type + * @len: Buffer for returning message length + * @payload_len: Payload length in bytes (data after Type) + * @code: Message Code (EAP_CODE_*) + * @identifier: Identifier + * @payload: Pointer to payload pointer that will be set to point to the + * beginning of the payload or %NULL if payload pointer is not needed + * Returns: Pointer to the allocated message buffer or %NULL on error + * + * This function can be used to allocate a buffer for an EAP message and fill + * in the EAP header. This function is automatically using expanded EAP header + * if the selected Vendor-Id is not IETF. In other words, most EAP methods do + * not need to separately select which header type to use when using this + * function to allocate the message buffers. + */ +struct eap_hdr * eap_msg_alloc(int vendor, EapType type, size_t *len, + size_t payload_len, u8 code, u8 identifier, + u8 **payload) +{ + struct eap_hdr *hdr; + u8 *pos; + + *len = sizeof(struct eap_hdr) + (vendor == EAP_VENDOR_IETF ? 1 : 8) + + payload_len; + hdr = malloc(*len); + if (hdr) { + hdr->code = code; + hdr->identifier = identifier; + hdr->length = host_to_be16(*len); + pos = (u8 *) (hdr + 1); + if (vendor == EAP_VENDOR_IETF) { + *pos++ = type; + } else { + *pos++ = EAP_TYPE_EXPANDED; + WPA_PUT_BE24(pos, vendor); + pos += 3; + WPA_PUT_BE32(pos, type); + pos += 4; + } + if (payload) + *payload = pos; + } + + return hdr; +} diff --git a/contrib/hostapd-0.5.8/eap.h b/contrib/hostapd-0.5.8/eap.h new file mode 100644 index 0000000000..137719189d --- /dev/null +++ b/contrib/hostapd-0.5.8/eap.h @@ -0,0 +1,115 @@ +/* + * hostapd / EAP Standalone Authenticator state machine (RFC 4137) + * Copyright (c) 2004-2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef EAP_H +#define EAP_H + +#include "defs.h" +#include "eap_defs.h" +#include "eap_methods.h" + +struct eap_sm; + +#define EAP_MAX_METHODS 8 +struct eap_user { + struct { + int vendor; + u32 method; + } methods[EAP_MAX_METHODS]; + u8 *password; + size_t password_len; + int password_hash; /* whether password is hashed with + * nt_password_hash() */ + int phase2; + int force_version; +}; + +enum eapol_bool_var { + EAPOL_eapSuccess, EAPOL_eapRestart, EAPOL_eapFail, EAPOL_eapResp, + EAPOL_eapReq, EAPOL_eapNoReq, EAPOL_portEnabled, EAPOL_eapTimeout +}; + +struct eapol_callbacks { + Boolean (*get_bool)(void *ctx, enum eapol_bool_var variable); + void (*set_bool)(void *ctx, enum eapol_bool_var variable, + Boolean value); + void (*set_eapReqData)(void *ctx, const u8 *eapReqData, + size_t eapReqDataLen); + void (*set_eapKeyData)(void *ctx, const u8 *eapKeyData, + size_t eapKeyDataLen); + int (*get_eap_user)(void *ctx, const u8 *identity, size_t identity_len, + int phase2, struct eap_user *user); + const char * (*get_eap_req_id_text)(void *ctx, size_t *len); +}; + +struct eap_config { + void *ssl_ctx; + void *eap_sim_db_priv; + Boolean backend_auth; +}; + + +#ifdef EAP_SERVER + +struct eap_sm * eap_sm_init(void *eapol_ctx, struct eapol_callbacks *eapol_cb, + struct eap_config *eap_conf); +void eap_sm_deinit(struct eap_sm *sm); +int eap_sm_step(struct eap_sm *sm); +void eap_set_eapRespData(struct eap_sm *sm, const u8 *eapRespData, + size_t eapRespDataLen); +void eap_sm_notify_cached(struct eap_sm *sm); +void eap_sm_pending_cb(struct eap_sm *sm); +int eap_sm_method_pending(struct eap_sm *sm); + +#else /* EAP_SERVER */ + +static inline struct eap_sm * eap_sm_init(void *eapol_ctx, + struct eapol_callbacks *eapol_cb, + struct eap_config *eap_conf) +{ + return NULL; +} + +static inline void eap_sm_deinit(struct eap_sm *sm) +{ +} + +static inline int eap_sm_step(struct eap_sm *sm) +{ + return 0; +} + + +static inline void eap_set_eapRespData(struct eap_sm *sm, + const u8 *eapRespData, + size_t eapRespDataLen) +{ +} + +static inline void eap_sm_notify_cached(struct eap_sm *sm) +{ +} + +static inline void eap_sm_pending_cb(struct eap_sm *sm) +{ +} + +static inline int eap_sm_method_pending(struct eap_sm *sm) +{ + return 0; +} + +#endif /* EAP_SERVER */ + +#endif /* EAP_H */ diff --git a/contrib/hostapd-0.5.8/eap_aka.c b/contrib/hostapd-0.5.8/eap_aka.c new file mode 100644 index 0000000000..5db4cd3f72 --- /dev/null +++ b/contrib/hostapd-0.5.8/eap_aka.c @@ -0,0 +1,848 @@ +/* + * hostapd / EAP-AKA (RFC 4187) + * Copyright (c) 2005-2007, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "hostapd.h" +#include "common.h" +#include "crypto.h" +#include "eap_i.h" +#include "eap_sim_common.h" +#include "eap_sim_db.h" + + +struct eap_aka_data { + u8 mk[EAP_SIM_MK_LEN]; + u8 nonce_s[EAP_SIM_NONCE_S_LEN]; + u8 k_aut[EAP_SIM_K_AUT_LEN]; + u8 k_encr[EAP_SIM_K_ENCR_LEN]; + u8 msk[EAP_SIM_KEYING_DATA_LEN]; + u8 emsk[EAP_EMSK_LEN]; + u8 rand[EAP_AKA_RAND_LEN]; + u8 autn[EAP_AKA_AUTN_LEN]; + u8 ck[EAP_AKA_CK_LEN]; + u8 ik[EAP_AKA_IK_LEN]; + u8 res[EAP_AKA_RES_MAX_LEN]; + size_t res_len; + enum { + IDENTITY, CHALLENGE, REAUTH, NOTIFICATION, SUCCESS, FAILURE + } state; + char *next_pseudonym; + char *next_reauth_id; + u16 counter; + struct eap_sim_reauth *reauth; + int auts_reported; /* whether the current AUTS has been reported to the + * eap_sim_db */ + u16 notification; +}; + + +static void eap_aka_determine_identity(struct eap_sm *sm, + struct eap_aka_data *data, + int before_identity, int after_reauth); + + +static const char * eap_aka_state_txt(int state) +{ + switch (state) { + case IDENTITY: + return "IDENTITY"; + case CHALLENGE: + return "CHALLENGE"; + case REAUTH: + return "REAUTH"; + case SUCCESS: + return "SUCCESS"; + case FAILURE: + return "FAILURE"; + case NOTIFICATION: + return "NOTIFICATION"; + default: + return "Unknown?!"; + } +} + + +static void eap_aka_state(struct eap_aka_data *data, int state) +{ + wpa_printf(MSG_DEBUG, "EAP-AKA: %s -> %s", + eap_aka_state_txt(data->state), + eap_aka_state_txt(state)); + data->state = state; +} + + +static void * eap_aka_init(struct eap_sm *sm) +{ + struct eap_aka_data *data; + + if (sm->eap_sim_db_priv == NULL) { + wpa_printf(MSG_WARNING, "EAP-AKA: eap_sim_db not configured"); + return NULL; + } + + data = wpa_zalloc(sizeof(*data)); + if (data == NULL) + return NULL; + data->state = IDENTITY; + eap_aka_determine_identity(sm, data, 1, 0); + + return data; +} + + +static void eap_aka_reset(struct eap_sm *sm, void *priv) +{ + struct eap_aka_data *data = priv; + free(data->next_pseudonym); + free(data->next_reauth_id); + free(data); +} + + +static u8 * eap_aka_build_identity(struct eap_sm *sm, + struct eap_aka_data *data, + int id, size_t *reqDataLen) +{ + struct eap_sim_msg *msg; + + wpa_printf(MSG_DEBUG, "EAP-AKA: Generating Identity"); + msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, EAP_TYPE_AKA, + EAP_AKA_SUBTYPE_IDENTITY); + if (eap_sim_db_identity_known(sm->eap_sim_db_priv, sm->identity, + sm->identity_len)) { + wpa_printf(MSG_DEBUG, " AT_PERMANENT_ID_REQ"); + eap_sim_msg_add(msg, EAP_SIM_AT_PERMANENT_ID_REQ, 0, NULL, 0); + } + return eap_sim_msg_finish(msg, reqDataLen, NULL, NULL, 0); +} + + +static int eap_aka_build_encr(struct eap_sm *sm, struct eap_aka_data *data, + struct eap_sim_msg *msg, u16 counter, + const u8 *nonce_s) +{ + free(data->next_pseudonym); + data->next_pseudonym = + eap_sim_db_get_next_pseudonym(sm->eap_sim_db_priv, 1); + free(data->next_reauth_id); + if (data->counter <= EAP_AKA_MAX_FAST_REAUTHS) { + data->next_reauth_id = + eap_sim_db_get_next_reauth_id(sm->eap_sim_db_priv, 1); + } else { + wpa_printf(MSG_DEBUG, "EAP-AKA: Max fast re-authentication " + "count exceeded - force full authentication"); + data->next_reauth_id = NULL; + } + + if (data->next_pseudonym == NULL && data->next_reauth_id == NULL && + counter == 0 && nonce_s == NULL) + return 0; + + wpa_printf(MSG_DEBUG, " AT_IV"); + wpa_printf(MSG_DEBUG, " AT_ENCR_DATA"); + eap_sim_msg_add_encr_start(msg, EAP_SIM_AT_IV, EAP_SIM_AT_ENCR_DATA); + + if (counter > 0) { + wpa_printf(MSG_DEBUG, " *AT_COUNTER (%u)", counter); + eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, counter, NULL, 0); + } + + if (nonce_s) { + wpa_printf(MSG_DEBUG, " *AT_NONCE_S"); + eap_sim_msg_add(msg, EAP_SIM_AT_NONCE_S, 0, nonce_s, + EAP_SIM_NONCE_S_LEN); + } + + if (data->next_pseudonym) { + wpa_printf(MSG_DEBUG, " *AT_NEXT_PSEUDONYM (%s)", + data->next_pseudonym); + eap_sim_msg_add(msg, EAP_SIM_AT_NEXT_PSEUDONYM, + strlen(data->next_pseudonym), + (u8 *) data->next_pseudonym, + strlen(data->next_pseudonym)); + } + + if (data->next_reauth_id) { + wpa_printf(MSG_DEBUG, " *AT_NEXT_REAUTH_ID (%s)", + data->next_reauth_id); + eap_sim_msg_add(msg, EAP_SIM_AT_NEXT_REAUTH_ID, + strlen(data->next_reauth_id), + (u8 *) data->next_reauth_id, + strlen(data->next_reauth_id)); + } + + if (eap_sim_msg_add_encr_end(msg, data->k_encr, EAP_SIM_AT_PADDING)) { + wpa_printf(MSG_WARNING, "EAP-AKA: Failed to encrypt " + "AT_ENCR_DATA"); + return -1; + } + + return 0; +} + + +static u8 * eap_aka_build_challenge(struct eap_sm *sm, + struct eap_aka_data *data, + int id, size_t *reqDataLen) +{ + struct eap_sim_msg *msg; + + wpa_printf(MSG_DEBUG, "EAP-AKA: Generating Challenge"); + msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, EAP_TYPE_AKA, + EAP_AKA_SUBTYPE_CHALLENGE); + wpa_printf(MSG_DEBUG, " AT_RAND"); + eap_sim_msg_add(msg, EAP_SIM_AT_RAND, 0, data->rand, EAP_AKA_RAND_LEN); + eap_sim_msg_add(msg, EAP_SIM_AT_AUTN, 0, data->autn, EAP_AKA_AUTN_LEN); + + if (eap_aka_build_encr(sm, data, msg, 0, NULL)) { + eap_sim_msg_free(msg); + return NULL; + } + + wpa_printf(MSG_DEBUG, " AT_MAC"); + eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC); + return eap_sim_msg_finish(msg, reqDataLen, data->k_aut, NULL, 0); +} + + +static u8 * eap_aka_build_reauth(struct eap_sm *sm, + struct eap_aka_data *data, + int id, size_t *reqDataLen) +{ + struct eap_sim_msg *msg; + + wpa_printf(MSG_DEBUG, "EAP-AKA: Generating Re-authentication"); + + if (hostapd_get_rand(data->nonce_s, EAP_SIM_NONCE_S_LEN)) + return NULL; + wpa_hexdump_key(MSG_MSGDUMP, "EAP-AKA: NONCE_S", + data->nonce_s, EAP_SIM_NONCE_S_LEN); + + eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut, data->msk, + data->emsk); + eap_sim_derive_keys_reauth(data->counter, sm->identity, + sm->identity_len, data->nonce_s, data->mk, + data->msk, data->emsk); + + msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, EAP_TYPE_AKA, + EAP_AKA_SUBTYPE_REAUTHENTICATION); + + if (eap_aka_build_encr(sm, data, msg, data->counter, data->nonce_s)) { + eap_sim_msg_free(msg); + return NULL; + } + + wpa_printf(MSG_DEBUG, " AT_MAC"); + eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC); + return eap_sim_msg_finish(msg, reqDataLen, data->k_aut, NULL, 0); +} + + +static u8 * eap_aka_build_notification(struct eap_sm *sm, + struct eap_aka_data *data, + int id, size_t *reqDataLen) +{ + struct eap_sim_msg *msg; + + wpa_printf(MSG_DEBUG, "EAP-AKA: Generating Notification"); + msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, EAP_TYPE_AKA, + EAP_AKA_SUBTYPE_NOTIFICATION); + wpa_printf(MSG_DEBUG, " AT_NOTIFICATION"); + eap_sim_msg_add(msg, EAP_SIM_AT_NOTIFICATION, data->notification, + NULL, 0); + return eap_sim_msg_finish(msg, reqDataLen, NULL, NULL, 0); +} + + +static u8 * eap_aka_buildReq(struct eap_sm *sm, void *priv, int id, + size_t *reqDataLen) +{ + struct eap_aka_data *data = priv; + + data->auts_reported = 0; + switch (data->state) { + case IDENTITY: + return eap_aka_build_identity(sm, data, id, reqDataLen); + case CHALLENGE: + return eap_aka_build_challenge(sm, data, id, reqDataLen); + case REAUTH: + return eap_aka_build_reauth(sm, data, id, reqDataLen); + case NOTIFICATION: + return eap_aka_build_notification(sm, data, id, reqDataLen); + default: + wpa_printf(MSG_DEBUG, "EAP-AKA: Unknown state %d in " + "buildReq", data->state); + break; + } + return NULL; +} + + +static Boolean eap_aka_check(struct eap_sm *sm, void *priv, + u8 *respData, size_t respDataLen) +{ + struct eap_hdr *resp; + u8 *pos; + + resp = (struct eap_hdr *) respData; + pos = (u8 *) (resp + 1); + if (respDataLen < sizeof(*resp) + 4 || *pos != EAP_TYPE_AKA || + (ntohs(resp->length)) > respDataLen) { + wpa_printf(MSG_INFO, "EAP-AKA: Invalid frame"); + return TRUE; + } + + return FALSE; +} + + +static Boolean eap_aka_subtype_ok(struct eap_aka_data *data, u8 subtype) +{ + if (subtype == EAP_AKA_SUBTYPE_CLIENT_ERROR || + subtype == EAP_AKA_SUBTYPE_AUTHENTICATION_REJECT) + return FALSE; + + switch (data->state) { + case IDENTITY: + if (subtype != EAP_AKA_SUBTYPE_IDENTITY) { + wpa_printf(MSG_INFO, "EAP-AKA: Unexpected response " + "subtype %d", subtype); + return TRUE; + } + break; + case CHALLENGE: + if (subtype != EAP_AKA_SUBTYPE_CHALLENGE && + subtype != EAP_AKA_SUBTYPE_SYNCHRONIZATION_FAILURE) { + wpa_printf(MSG_INFO, "EAP-AKA: Unexpected response " + "subtype %d", subtype); + return TRUE; + } + break; + case REAUTH: + if (subtype != EAP_AKA_SUBTYPE_REAUTHENTICATION) { + wpa_printf(MSG_INFO, "EAP-AKA: Unexpected response " + "subtype %d", subtype); + return TRUE; + } + break; + case NOTIFICATION: + if (subtype != EAP_AKA_SUBTYPE_NOTIFICATION) { + wpa_printf(MSG_INFO, "EAP-AKA: Unexpected response " + "subtype %d", subtype); + return TRUE; + } + break; + default: + wpa_printf(MSG_INFO, "EAP-AKA: Unexpected state (%d) for " + "processing a response", data->state); + return TRUE; + } + + return FALSE; +} + + +static void eap_aka_determine_identity(struct eap_sm *sm, + struct eap_aka_data *data, + int before_identity, int after_reauth) +{ + const u8 *identity; + size_t identity_len; + int res; + + identity = NULL; + identity_len = 0; + + if (after_reauth && data->reauth) { + identity = data->reauth->identity; + identity_len = data->reauth->identity_len; + } else if (sm->identity && sm->identity_len > 0 && + sm->identity[0] == EAP_AKA_PERMANENT_PREFIX) { + identity = sm->identity; + identity_len = sm->identity_len; + } else { + identity = eap_sim_db_get_permanent(sm->eap_sim_db_priv, + sm->identity, + sm->identity_len, + &identity_len); + if (identity == NULL) { + data->reauth = eap_sim_db_get_reauth_entry( + sm->eap_sim_db_priv, sm->identity, + sm->identity_len); + if (data->reauth) { + wpa_printf(MSG_DEBUG, "EAP-AKA: Using fast " + "re-authentication"); + identity = data->reauth->identity; + identity_len = data->reauth->identity_len; + data->counter = data->reauth->counter; + memcpy(data->mk, data->reauth->mk, + EAP_SIM_MK_LEN); + } + } + } + + if (identity == NULL || + eap_sim_db_identity_known(sm->eap_sim_db_priv, sm->identity, + sm->identity_len) < 0) { + if (before_identity) { + wpa_printf(MSG_DEBUG, "EAP-AKA: Permanent user name " + "not known - send AKA-Identity request"); + eap_aka_state(data, IDENTITY); + return; + } else { + wpa_printf(MSG_DEBUG, "EAP-AKA: Unknown whether the " + "permanent user name is known; try to use " + "it"); + /* eap_sim_db_get_aka_auth() will report failure, if + * this identity is not known. */ + } + } + + wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Identity", + identity, identity_len); + + if (!after_reauth && data->reauth) { + eap_aka_state(data, REAUTH); + return; + } + + res = eap_sim_db_get_aka_auth(sm->eap_sim_db_priv, identity, + identity_len, data->rand, data->autn, + data->ik, data->ck, data->res, + &data->res_len, sm); + if (res == EAP_SIM_DB_PENDING) { + wpa_printf(MSG_DEBUG, "EAP-AKA: AKA authentication data " + "not yet available - pending request"); + sm->method_pending = METHOD_PENDING_WAIT; + return; + } + + data->reauth = NULL; + data->counter = 0; /* reset re-auth counter since this is full auth */ + + if (res != 0) { + wpa_printf(MSG_INFO, "EAP-AKA: Failed to get AKA " + "authentication data for the peer"); + data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; + eap_aka_state(data, NOTIFICATION); + return; + } + if (sm->method_pending == METHOD_PENDING_WAIT) { + wpa_printf(MSG_DEBUG, "EAP-AKA: AKA authentication data " + "available - abort pending wait"); + sm->method_pending = METHOD_PENDING_NONE; + } + + wpa_hexdump_ascii(MSG_DEBUG, "EAP-AKA: Identity for MK derivation", + sm->identity, sm->identity_len); + + eap_aka_derive_mk(sm->identity, sm->identity_len, data->ik, data->ck, + data->mk); + eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut, data->msk, + data->emsk); + + eap_aka_state(data, CHALLENGE); +} + + +static void eap_aka_process_identity(struct eap_sm *sm, + struct eap_aka_data *data, + u8 *respData, size_t respDataLen, + struct eap_sim_attrs *attr) +{ + wpa_printf(MSG_DEBUG, "EAP-AKA: Processing Identity"); + + if (attr->mac || attr->iv || attr->encr_data) { + wpa_printf(MSG_WARNING, "EAP-AKA: Unexpected attribute " + "received in EAP-Response/AKA-Identity"); + data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; + eap_aka_state(data, NOTIFICATION); + return; + } + + if (attr->identity) { + free(sm->identity); + sm->identity = malloc(attr->identity_len); + if (sm->identity) { + memcpy(sm->identity, attr->identity, + attr->identity_len); + sm->identity_len = attr->identity_len; + } + } + + eap_aka_determine_identity(sm, data, 0, 0); +} + + +static void eap_aka_process_challenge(struct eap_sm *sm, + struct eap_aka_data *data, + u8 *respData, size_t respDataLen, + struct eap_sim_attrs *attr) +{ + const u8 *identity; + size_t identity_len; + + wpa_printf(MSG_DEBUG, "EAP-AKA: Processing Challenge"); + + if (attr->mac == NULL || + eap_sim_verify_mac(data->k_aut, respData, respDataLen, attr->mac, + NULL, 0)) { + wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message " + "did not include valid AT_MAC"); + data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; + eap_aka_state(data, NOTIFICATION); + return; + } + + if (attr->res == NULL || attr->res_len != data->res_len || + memcmp(attr->res, data->res, data->res_len) != 0) { + wpa_printf(MSG_WARNING, "EAP-AKA: Challenge message did not " + "include valid AT_RES"); + data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; + eap_aka_state(data, NOTIFICATION); + return; + } + + wpa_printf(MSG_DEBUG, "EAP-AKA: Challenge response includes the " + "correct AT_MAC"); + eap_aka_state(data, SUCCESS); + + identity = eap_sim_db_get_permanent(sm->eap_sim_db_priv, sm->identity, + sm->identity_len, &identity_len); + if (identity == NULL) { + identity = sm->identity; + identity_len = sm->identity_len; + } + + if (data->next_pseudonym) { + eap_sim_db_add_pseudonym(sm->eap_sim_db_priv, identity, + identity_len, + data->next_pseudonym); + data->next_pseudonym = NULL; + } + if (data->next_reauth_id) { + eap_sim_db_add_reauth(sm->eap_sim_db_priv, identity, + identity_len, + data->next_reauth_id, data->counter + 1, + data->mk); + data->next_reauth_id = NULL; + } +} + + +static void eap_aka_process_sync_failure(struct eap_sm *sm, + struct eap_aka_data *data, + u8 *respData, size_t respDataLen, + struct eap_sim_attrs *attr) +{ + wpa_printf(MSG_DEBUG, "EAP-AKA: Processing Synchronization-Failure"); + + if (attr->auts == NULL) { + wpa_printf(MSG_WARNING, "EAP-AKA: Synchronization-Failure " + "message did not include valid AT_AUTS"); + data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; + eap_aka_state(data, NOTIFICATION); + return; + } + + /* Avoid re-reporting AUTS when processing pending EAP packet by + * maintaining a local flag stating whether this AUTS has already been + * reported. */ + if (!data->auts_reported && + eap_sim_db_resynchronize(sm->eap_sim_db_priv, sm->identity, + sm->identity_len, attr->auts, + data->rand)) { + wpa_printf(MSG_WARNING, "EAP-AKA: Resynchronization failed"); + data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; + eap_aka_state(data, NOTIFICATION); + return; + } + data->auts_reported = 1; + + /* Try again after resynchronization */ + eap_aka_determine_identity(sm, data, 0, 0); +} + + +static void eap_aka_process_reauth(struct eap_sm *sm, + struct eap_aka_data *data, + u8 *respData, size_t respDataLen, + struct eap_sim_attrs *attr) +{ + struct eap_sim_attrs eattr; + u8 *decrypted = NULL; + const u8 *identity, *id2; + size_t identity_len, id2_len; + + wpa_printf(MSG_DEBUG, "EAP-AKA: Processing Reauthentication"); + + if (attr->mac == NULL || + eap_sim_verify_mac(data->k_aut, respData, respDataLen, attr->mac, + data->nonce_s, EAP_SIM_NONCE_S_LEN)) { + wpa_printf(MSG_WARNING, "EAP-AKA: Re-authentication message " + "did not include valid AT_MAC"); + goto fail; + } + + if (attr->encr_data == NULL || attr->iv == NULL) { + wpa_printf(MSG_WARNING, "EAP-AKA: Reauthentication " + "message did not include encrypted data"); + goto fail; + } + + decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data, + attr->encr_data_len, attr->iv, &eattr, + 0); + if (decrypted == NULL) { + wpa_printf(MSG_WARNING, "EAP-AKA: Failed to parse encrypted " + "data from reauthentication message"); + goto fail; + } + + if (eattr.counter != data->counter) { + wpa_printf(MSG_WARNING, "EAP-AKA: Re-authentication message " + "used incorrect counter %u, expected %u", + eattr.counter, data->counter); + goto fail; + } + free(decrypted); + decrypted = NULL; + + wpa_printf(MSG_DEBUG, "EAP-AKA: Re-authentication response includes " + "the correct AT_MAC"); + + if (eattr.counter_too_small) { + wpa_printf(MSG_DEBUG, "EAP-AKA: Re-authentication response " + "included AT_COUNTER_TOO_SMALL - starting full " + "authentication"); + eap_aka_determine_identity(sm, data, 0, 1); + return; + } + + eap_aka_state(data, SUCCESS); + + if (data->reauth) { + identity = data->reauth->identity; + identity_len = data->reauth->identity_len; + } else { + identity = sm->identity; + identity_len = sm->identity_len; + } + + id2 = eap_sim_db_get_permanent(sm->eap_sim_db_priv, identity, + identity_len, &id2_len); + if (id2) { + identity = id2; + identity_len = id2_len; + } + + if (data->next_pseudonym) { + eap_sim_db_add_pseudonym(sm->eap_sim_db_priv, identity, + identity_len, data->next_pseudonym); + data->next_pseudonym = NULL; + } + if (data->next_reauth_id) { + eap_sim_db_add_reauth(sm->eap_sim_db_priv, identity, + identity_len, data->next_reauth_id, + data->counter + 1, data->mk); + data->next_reauth_id = NULL; + } else { + eap_sim_db_remove_reauth(sm->eap_sim_db_priv, data->reauth); + data->reauth = NULL; + } + + return; + +fail: + data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; + eap_aka_state(data, NOTIFICATION); + eap_sim_db_remove_reauth(sm->eap_sim_db_priv, data->reauth); + data->reauth = NULL; + free(decrypted); +} + + +static void eap_aka_process_client_error(struct eap_sm *sm, + struct eap_aka_data *data, + u8 *respData, size_t respDataLen, + struct eap_sim_attrs *attr) +{ + wpa_printf(MSG_DEBUG, "EAP-AKA: Client reported error %d", + attr->client_error_code); + eap_aka_state(data, FAILURE); +} + + +static void eap_aka_process_authentication_reject( + struct eap_sm *sm, struct eap_aka_data *data, + u8 *respData, size_t respDataLen, struct eap_sim_attrs *attr) +{ + wpa_printf(MSG_DEBUG, "EAP-AKA: Client rejected authentication"); + eap_aka_state(data, FAILURE); +} + + +static void eap_aka_process_notification(struct eap_sm *sm, + struct eap_aka_data *data, + u8 *respData, size_t respDataLen, + struct eap_sim_attrs *attr) +{ + wpa_printf(MSG_DEBUG, "EAP-AKA: Client replied to notification"); + eap_aka_state(data, FAILURE); +} + + +static void eap_aka_process(struct eap_sm *sm, void *priv, + u8 *respData, size_t respDataLen) +{ + struct eap_aka_data *data = priv; + struct eap_hdr *resp; + u8 *pos, subtype; + size_t len; + struct eap_sim_attrs attr; + + resp = (struct eap_hdr *) respData; + pos = (u8 *) (resp + 1); + subtype = pos[1]; + + if (eap_aka_subtype_ok(data, subtype)) { + wpa_printf(MSG_DEBUG, "EAP-AKA: Unrecognized or unexpected " + "EAP-AKA Subtype in EAP Response"); + data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; + eap_aka_state(data, NOTIFICATION); + return; + } + + len = be_to_host16(resp->length); + pos += 4; + + if (eap_sim_parse_attr(pos, respData + len, &attr, 1, 0)) { + wpa_printf(MSG_DEBUG, "EAP-AKA: Failed to parse attributes"); + data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH; + eap_aka_state(data, NOTIFICATION); + return; + } + + if (subtype == EAP_AKA_SUBTYPE_CLIENT_ERROR) { + eap_aka_process_client_error(sm, data, respData, len, &attr); + return; + } + + if (subtype == EAP_AKA_SUBTYPE_AUTHENTICATION_REJECT) { + eap_aka_process_authentication_reject(sm, data, respData, len, + &attr); + return; + } + + switch (data->state) { + case IDENTITY: + eap_aka_process_identity(sm, data, respData, len, &attr); + break; + case CHALLENGE: + if (subtype == EAP_AKA_SUBTYPE_SYNCHRONIZATION_FAILURE) { + eap_aka_process_sync_failure(sm, data, respData, len, + &attr); + } else { + eap_aka_process_challenge(sm, data, respData, len, + &attr); + } + break; + case REAUTH: + eap_aka_process_reauth(sm, data, respData, len, &attr); + break; + case NOTIFICATION: + eap_aka_process_notification(sm, data, respData, len, &attr); + break; + default: + wpa_printf(MSG_DEBUG, "EAP-AKA: Unknown state %d in " + "process", data->state); + break; + } +} + + +static Boolean eap_aka_isDone(struct eap_sm *sm, void *priv) +{ + struct eap_aka_data *data = priv; + return data->state == SUCCESS || data->state == FAILURE; +} + + +static u8 * eap_aka_getKey(struct eap_sm *sm, void *priv, size_t *len) +{ + struct eap_aka_data *data = priv; + u8 *key; + + if (data->state != SUCCESS) + return NULL; + + key = malloc(EAP_SIM_KEYING_DATA_LEN); + if (key == NULL) + return NULL; + memcpy(key, data->msk, EAP_SIM_KEYING_DATA_LEN); + *len = EAP_SIM_KEYING_DATA_LEN; + return key; +} + + +static u8 * eap_aka_get_emsk(struct eap_sm *sm, void *priv, size_t *len) +{ + struct eap_aka_data *data = priv; + u8 *key; + + if (data->state != SUCCESS) + return NULL; + + key = malloc(EAP_EMSK_LEN); + if (key == NULL) + return NULL; + memcpy(key, data->emsk, EAP_EMSK_LEN); + *len = EAP_EMSK_LEN; + return key; +} + + +static Boolean eap_aka_isSuccess(struct eap_sm *sm, void *priv) +{ + struct eap_aka_data *data = priv; + return data->state == SUCCESS; +} + + +int eap_server_aka_register(void) +{ + struct eap_method *eap; + int ret; + + eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION, + EAP_VENDOR_IETF, EAP_TYPE_AKA, "AKA"); + if (eap == NULL) + return -1; + + eap->init = eap_aka_init; + eap->reset = eap_aka_reset; + eap->buildReq = eap_aka_buildReq; + eap->check = eap_aka_check; + eap->process = eap_aka_process; + eap->isDone = eap_aka_isDone; + eap->getKey = eap_aka_getKey; + eap->isSuccess = eap_aka_isSuccess; + eap->get_emsk = eap_aka_get_emsk; + + ret = eap_server_method_register(eap); + if (ret) + eap_server_method_free(eap); + return ret; +} diff --git a/contrib/hostapd-0.5.8/eap_defs.h b/contrib/hostapd-0.5.8/eap_defs.h new file mode 100644 index 0000000000..8ea923a8f9 --- /dev/null +++ b/contrib/hostapd-0.5.8/eap_defs.h @@ -0,0 +1,75 @@ +/* + * EAP server/peer: Shared EAP definitions + * Copyright (c) 2004-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef EAP_DEFS_H +#define EAP_DEFS_H + +/* RFC 3748 - Extensible Authentication Protocol (EAP) */ + +#ifdef _MSC_VER +#pragma pack(push, 1) +#endif /* _MSC_VER */ + +struct eap_hdr { + u8 code; + u8 identifier; + u16 length; /* including code and identifier; network byte order */ + /* followed by length-4 octets of data */ +} STRUCT_PACKED; + +#ifdef _MSC_VER +#pragma pack(pop) +#endif /* _MSC_VER */ + +enum { EAP_CODE_REQUEST = 1, EAP_CODE_RESPONSE = 2, EAP_CODE_SUCCESS = 3, + EAP_CODE_FAILURE = 4 }; + +/* EAP Request and Response data begins with one octet Type. Success and + * Failure do not have additional data. */ + +typedef enum { + EAP_TYPE_NONE = 0, + EAP_TYPE_IDENTITY = 1 /* RFC 3748 */, + EAP_TYPE_NOTIFICATION = 2 /* RFC 3748 */, + EAP_TYPE_NAK = 3 /* Response only, RFC 3748 */, + EAP_TYPE_MD5 = 4, /* RFC 3748 */ + EAP_TYPE_OTP = 5 /* RFC 3748 */, + EAP_TYPE_GTC = 6, /* RFC 3748 */ + EAP_TYPE_TLS = 13 /* RFC 2716 */, + EAP_TYPE_LEAP = 17 /* Cisco proprietary */, + EAP_TYPE_SIM = 18 /* RFC 4186 */, + EAP_TYPE_TTLS = 21 /* draft-ietf-pppext-eap-ttls-02.txt */, + EAP_TYPE_AKA = 23 /* RFC 4187 */, + EAP_TYPE_PEAP = 25 /* draft-josefsson-pppext-eap-tls-eap-06.txt */, + EAP_TYPE_MSCHAPV2 = 26 /* draft-kamath-pppext-eap-mschapv2-00.txt */, + EAP_TYPE_TLV = 33 /* draft-josefsson-pppext-eap-tls-eap-07.txt */, + EAP_TYPE_FAST = 43 /* draft-cam-winget-eap-fast-05.txt */, + EAP_TYPE_PAX = 46 /* RFC 4746 */, + EAP_TYPE_PSK = 47 /* RFC 4764 */, + EAP_TYPE_SAKE = 48 /* RFC 4763 */, + EAP_TYPE_EXPANDED = 254 /* RFC 3748 */, + EAP_TYPE_GPSK = 255 /* EXPERIMENTAL - type not yet allocated + * draft-ietf-emu-eap-gpsk-01.txt */ +} EapType; + + +/* SMI Network Management Private Enterprise Code for vendor specific types */ +enum { + EAP_VENDOR_IETF = 0 +}; + +#define EAP_MSK_LEN 64 +#define EAP_EMSK_LEN 64 + +#endif /* EAP_DEFS_H */ diff --git a/contrib/hostapd-0.5.8/eap_gpsk.c b/contrib/hostapd-0.5.8/eap_gpsk.c new file mode 100644 index 0000000000..8ab70a1ac3 --- /dev/null +++ b/contrib/hostapd-0.5.8/eap_gpsk.c @@ -0,0 +1,646 @@ +/* + * hostapd / EAP-GPSK (draft-ietf-emu-eap-gpsk-03.txt) server + * Copyright (c) 2006-2007, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "hostapd.h" +#include "common.h" +#include "eap_i.h" +#include "eap_gpsk_common.h" + + +struct eap_gpsk_data { + enum { GPSK_1, GPSK_3, SUCCESS, FAILURE } state; + u8 rand_server[EAP_GPSK_RAND_LEN]; + u8 rand_client[EAP_GPSK_RAND_LEN]; + u8 msk[EAP_MSK_LEN]; + u8 emsk[EAP_EMSK_LEN]; + u8 sk[EAP_GPSK_MAX_SK_LEN]; + size_t sk_len; + u8 pk[EAP_GPSK_MAX_PK_LEN]; + size_t pk_len; + u8 *id_client; + size_t id_client_len; + u8 *id_server; + size_t id_server_len; +#define MAX_NUM_CSUITES 2 + struct eap_gpsk_csuite csuite_list[MAX_NUM_CSUITES]; + size_t csuite_count; + int vendor; /* CSuite/Vendor */ + int specifier; /* CSuite/Specifier */ +}; + + +static const char * eap_gpsk_state_txt(int state) +{ + switch (state) { + case GPSK_1: + return "GPSK-1"; + case GPSK_3: + return "GPSK-3"; + case SUCCESS: + return "SUCCESS"; + case FAILURE: + return "FAILURE"; + default: + return "?"; + } +} + + +static void eap_gpsk_state(struct eap_gpsk_data *data, int state) +{ + wpa_printf(MSG_DEBUG, "EAP-GPSK: %s -> %s", + eap_gpsk_state_txt(data->state), + eap_gpsk_state_txt(state)); + data->state = state; +} + + +static void * eap_gpsk_init(struct eap_sm *sm) +{ + struct eap_gpsk_data *data; + + data = wpa_zalloc(sizeof(*data)); + if (data == NULL) + return NULL; + data->state = GPSK_1; + + /* TODO: add support for configuring ID_Server */ + data->id_server = (u8 *) strdup("hostapd"); + if (data->id_server) + data->id_server_len = strlen((char *) data->id_server); + + data->csuite_count = 0; + if (eap_gpsk_supported_ciphersuite(EAP_GPSK_VENDOR_IETF, + EAP_GPSK_CIPHER_AES)) { + WPA_PUT_BE24(data->csuite_list[data->csuite_count].vendor, + EAP_GPSK_VENDOR_IETF); + WPA_PUT_BE24(data->csuite_list[data->csuite_count].specifier, + EAP_GPSK_CIPHER_AES); + data->csuite_count++; + } + if (eap_gpsk_supported_ciphersuite(EAP_GPSK_VENDOR_IETF, + EAP_GPSK_CIPHER_SHA256)) { + WPA_PUT_BE24(data->csuite_list[data->csuite_count].vendor, + EAP_GPSK_VENDOR_IETF); + WPA_PUT_BE24(data->csuite_list[data->csuite_count].specifier, + EAP_GPSK_CIPHER_SHA256); + data->csuite_count++; + } + + return data; +} + + +static void eap_gpsk_reset(struct eap_sm *sm, void *priv) +{ + struct eap_gpsk_data *data = priv; + free(data->id_server); + free(data->id_client); + free(data); +} + + +static u8 * eap_gpsk_build_gpsk_1(struct eap_sm *sm, + struct eap_gpsk_data *data, + int id, size_t *reqDataLen) +{ + u8 *pos; + size_t len; + struct eap_hdr *req; + + wpa_printf(MSG_DEBUG, "EAP-GPSK: Request/GPSK-1"); + + if (hostapd_get_rand(data->rand_server, EAP_GPSK_RAND_LEN)) { + wpa_printf(MSG_ERROR, "EAP-GPSK: Failed to get random data"); + eap_gpsk_state(data, FAILURE); + return NULL; + } + wpa_hexdump(MSG_MSGDUMP, "EAP-GPSK: RAND_Server", + data->rand_server, EAP_GPSK_RAND_LEN); + + len = 1 + 2 + data->id_server_len + EAP_GPSK_RAND_LEN + 2 + + data->csuite_count * sizeof(struct eap_gpsk_csuite); + req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_GPSK, reqDataLen, + len, EAP_CODE_REQUEST, id, &pos); + if (req == NULL) { + wpa_printf(MSG_ERROR, "EAP-GPSK: Failed to allocate memory " + "for request/GPSK-1"); + eap_gpsk_state(data, FAILURE); + return NULL; + } + + *pos++ = EAP_GPSK_OPCODE_GPSK_1; + + WPA_PUT_BE16(pos, data->id_server_len); + pos += 2; + if (data->id_server) + memcpy(pos, data->id_server, data->id_server_len); + pos += data->id_server_len; + + memcpy(pos, data->rand_server, EAP_GPSK_RAND_LEN); + pos += EAP_GPSK_RAND_LEN; + + WPA_PUT_BE16(pos, data->csuite_count * sizeof(struct eap_gpsk_csuite)); + pos += 2; + memcpy(pos, data->csuite_list, + data->csuite_count * sizeof(struct eap_gpsk_csuite)); + + return (u8 *) req; +} + + +static u8 * eap_gpsk_build_gpsk_3(struct eap_sm *sm, + struct eap_gpsk_data *data, + int id, size_t *reqDataLen) +{ + u8 *pos, *start; + size_t len, miclen; + struct eap_gpsk_csuite *csuite; + struct eap_hdr *req; + + wpa_printf(MSG_DEBUG, "EAP-GPSK: Request/GPSK-3"); + + miclen = eap_gpsk_mic_len(data->vendor, data->specifier); + len = 1 + 2 * EAP_GPSK_RAND_LEN + sizeof(struct eap_gpsk_csuite) + 2 + + miclen; + req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_GPSK, reqDataLen, + len, EAP_CODE_REQUEST, id, &pos); + if (req == NULL) { + wpa_printf(MSG_ERROR, "EAP-GPSK: Failed to allocate memory " + "for request/GPSK-3"); + eap_gpsk_state(data, FAILURE); + return NULL; + } + + *pos++ = EAP_GPSK_OPCODE_GPSK_3; + start = pos; + + memcpy(pos, data->rand_client, EAP_GPSK_RAND_LEN); + pos += EAP_GPSK_RAND_LEN; + memcpy(pos, data->rand_server, EAP_GPSK_RAND_LEN); + pos += EAP_GPSK_RAND_LEN; + csuite = (struct eap_gpsk_csuite *) pos; + WPA_PUT_BE24(csuite->vendor, data->vendor); + WPA_PUT_BE24(csuite->specifier, data->specifier); + pos += sizeof(*csuite); + + /* no PD_Payload_2 */ + WPA_PUT_BE16(pos, 0); + pos += 2; + + if (eap_gpsk_compute_mic(data->sk, data->sk_len, data->vendor, + data->specifier, start, pos - start, pos) < 0) + { + free(req); + eap_gpsk_state(data, FAILURE); + return NULL; + } + + return (u8 *) req; +} + + +static u8 * eap_gpsk_buildReq(struct eap_sm *sm, void *priv, int id, + size_t *reqDataLen) +{ + struct eap_gpsk_data *data = priv; + + switch (data->state) { + case GPSK_1: + return eap_gpsk_build_gpsk_1(sm, data, id, reqDataLen); + case GPSK_3: + return eap_gpsk_build_gpsk_3(sm, data, id, reqDataLen); + default: + wpa_printf(MSG_DEBUG, "EAP-GPSK: Unknown state %d in buildReq", + data->state); + break; + } + return NULL; +} + + +static Boolean eap_gpsk_check(struct eap_sm *sm, void *priv, + u8 *respData, size_t respDataLen) +{ + struct eap_gpsk_data *data = priv; + const u8 *pos; + size_t len; + + pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_GPSK, + respData, respDataLen, &len); + if (pos == NULL || len < 1) { + wpa_printf(MSG_INFO, "EAP-GPSK: Invalid frame"); + return TRUE; + } + + wpa_printf(MSG_DEBUG, "EAP-GPSK: Received frame: opcode=%d", *pos); + + if (data->state == GPSK_1 && *pos == EAP_GPSK_OPCODE_GPSK_2) + return FALSE; + + if (data->state == GPSK_3 && *pos == EAP_GPSK_OPCODE_GPSK_4) + return FALSE; + + wpa_printf(MSG_INFO, "EAP-GPSK: Unexpected opcode=%d in state=%d", + *pos, data->state); + + return TRUE; +} + + +static void eap_gpsk_process_gpsk_2(struct eap_sm *sm, + struct eap_gpsk_data *data, + u8 *respData, size_t respDataLen, + const u8 *payload, size_t payloadlen) +{ + const u8 *pos, *end; + u16 alen; + const struct eap_gpsk_csuite *csuite; + size_t i, miclen; + u8 mic[EAP_GPSK_MAX_MIC_LEN]; + + if (data->state != GPSK_1) + return; + + wpa_printf(MSG_DEBUG, "EAP-GPSK: Received Response/GPSK-2"); + + pos = payload; + end = payload + payloadlen; + + if (end - pos < 2) { + wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for " + "ID_Client length"); + eap_gpsk_state(data, FAILURE); + return; + } + alen = WPA_GET_BE16(pos); + pos += 2; + if (end - pos < alen) { + wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for " + "ID_Client"); + eap_gpsk_state(data, FAILURE); + return; + } + free(data->id_client); + data->id_client = malloc(alen); + if (data->id_client == NULL) { + wpa_printf(MSG_DEBUG, "EAP-GPSK: Not enough memory to store " + "%d-octet ID_Client", alen); + return; + } + memcpy(data->id_client, pos, alen); + data->id_client_len = alen; + wpa_hexdump_ascii(MSG_DEBUG, "EAP-GPSK: ID_Client", + data->id_client, data->id_client_len); + pos += alen; + + if (end - pos < 2) { + wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for " + "ID_Server length"); + eap_gpsk_state(data, FAILURE); + return; + } + alen = WPA_GET_BE16(pos); + pos += 2; + if (end - pos < alen) { + wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for " + "ID_Server"); + eap_gpsk_state(data, FAILURE); + return; + } + if (alen != data->id_server_len || + memcmp(pos, data->id_server, alen) != 0) { + wpa_printf(MSG_DEBUG, "EAP-GPSK: ID_Server in GPSK-1 and " + "GPSK-2 did not match"); + eap_gpsk_state(data, FAILURE); + return; + } + pos += alen; + + if (end - pos < EAP_GPSK_RAND_LEN) { + wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for " + "RAND_Client"); + eap_gpsk_state(data, FAILURE); + return; + } + memcpy(data->rand_client, pos, EAP_GPSK_RAND_LEN); + wpa_hexdump(MSG_DEBUG, "EAP-GPSK: RAND_Client", + data->rand_client, EAP_GPSK_RAND_LEN); + pos += EAP_GPSK_RAND_LEN; + + if (end - pos < EAP_GPSK_RAND_LEN) { + wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for " + "RAND_Server"); + eap_gpsk_state(data, FAILURE); + return; + } + if (memcmp(data->rand_server, pos, EAP_GPSK_RAND_LEN) != 0) { + wpa_printf(MSG_DEBUG, "EAP-GPSK: RAND_Server in GPSK-1 and " + "GPSK-2 did not match"); + wpa_hexdump(MSG_DEBUG, "EAP-GPSK: RAND_Server in GPSK-1", + data->rand_server, EAP_GPSK_RAND_LEN); + wpa_hexdump(MSG_DEBUG, "EAP-GPSK: RAND_Server in GPSK-2", + pos, EAP_GPSK_RAND_LEN); + eap_gpsk_state(data, FAILURE); + return; + } + pos += EAP_GPSK_RAND_LEN; + + if (end - pos < 2) { + wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for " + "CSuite_List length"); + eap_gpsk_state(data, FAILURE); + return; + } + alen = WPA_GET_BE16(pos); + pos += 2; + if (end - pos < alen) { + wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for " + "CSuite_List"); + eap_gpsk_state(data, FAILURE); + return; + } + if (alen != data->csuite_count * sizeof(struct eap_gpsk_csuite) || + memcmp(pos, data->csuite_list, alen) != 0) { + wpa_printf(MSG_DEBUG, "EAP-GPSK: CSuite_List in GPSK-1 and " + "GPSK-2 did not match"); + eap_gpsk_state(data, FAILURE); + return; + } + pos += alen; + + if (end - pos < (int) sizeof(*csuite)) { + wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for " + "CSuite_Sel"); + eap_gpsk_state(data, FAILURE); + return; + } + csuite = (const struct eap_gpsk_csuite *) pos; + for (i = 0; i < data->csuite_count; i++) { + if (memcmp(csuite, &data->csuite_list[i], sizeof(*csuite)) == + 0) + break; + } + if (i == data->csuite_count) { + wpa_printf(MSG_DEBUG, "EAP-GPSK: Peer selected unsupported " + "ciphersuite %d:%d", + WPA_GET_BE24(csuite->vendor), + WPA_GET_BE24(csuite->specifier)); + eap_gpsk_state(data, FAILURE); + return; + } + data->vendor = WPA_GET_BE24(csuite->vendor); + data->specifier = WPA_GET_BE24(csuite->specifier); + wpa_printf(MSG_DEBUG, "EAP-GPSK: CSuite_Sel %d:%d", + data->vendor, data->specifier); + pos += sizeof(*csuite); + + if (end - pos < 2) { + wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for " + "PD_Payload_1 length"); + eap_gpsk_state(data, FAILURE); + return; + } + alen = WPA_GET_BE16(pos); + pos += 2; + if (end - pos < alen) { + wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for " + "PD_Payload_1"); + eap_gpsk_state(data, FAILURE); + return; + } + wpa_hexdump(MSG_DEBUG, "EAP-GPSK: PD_Payload_1", pos, alen); + pos += alen; + + if (sm->user == NULL || sm->user->password == NULL) { + wpa_printf(MSG_INFO, "EAP-GPSK: No PSK/password configured " + "for the user"); + eap_gpsk_state(data, FAILURE); + return; + } + + if (eap_gpsk_derive_keys(sm->user->password, sm->user->password_len, + data->vendor, data->specifier, + data->rand_client, data->rand_server, + data->id_client, data->id_client_len, + data->id_server, data->id_server_len, + data->msk, data->emsk, + data->sk, &data->sk_len, + data->pk, &data->pk_len) < 0) { + wpa_printf(MSG_DEBUG, "EAP-GPSK: Failed to derive keys"); + eap_gpsk_state(data, FAILURE); + return; + } + + miclen = eap_gpsk_mic_len(data->vendor, data->specifier); + if (end - pos < (int) miclen) { + wpa_printf(MSG_DEBUG, "EAP-GPSK: Message too short for MIC " + "(left=%d miclen=%d)", end - pos, miclen); + eap_gpsk_state(data, FAILURE); + return; + } + if (eap_gpsk_compute_mic(data->sk, data->sk_len, data->vendor, + data->specifier, payload, pos - payload, mic) + < 0) { + wpa_printf(MSG_DEBUG, "EAP-GPSK: Failed to compute MIC"); + eap_gpsk_state(data, FAILURE); + return; + } + if (memcmp(mic, pos, miclen) != 0) { + wpa_printf(MSG_INFO, "EAP-GPSK: Incorrect MIC in GPSK-2"); + wpa_hexdump(MSG_DEBUG, "EAP-GPSK: Received MIC", pos, miclen); + wpa_hexdump(MSG_DEBUG, "EAP-GPSK: Computed MIC", mic, miclen); + eap_gpsk_state(data, FAILURE); + return; + } + pos += miclen; + + if (pos != end) { + wpa_printf(MSG_DEBUG, "EAP-GPSK: Ignored %d bytes of extra " + "data in the end of GPSK-2", end - pos); + } + + eap_gpsk_state(data, GPSK_3); +} + + +static void eap_gpsk_process_gpsk_4(struct eap_sm *sm, + struct eap_gpsk_data *data, + u8 *respData, size_t respDataLen, + const u8 *payload, size_t payloadlen) +{ + const u8 *pos, *end; + u16 alen; + size_t miclen; + u8 mic[EAP_GPSK_MAX_MIC_LEN]; + + if (data->state != GPSK_3) + return; + + wpa_printf(MSG_DEBUG, "EAP-GPSK: Received Response/GPSK-4"); + + pos = payload; + end = payload + payloadlen; + + if (end - pos < 2) { + wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for " + "PD_Payload_1 length"); + eap_gpsk_state(data, FAILURE); + return; + } + alen = WPA_GET_BE16(pos); + pos += 2; + if (end - pos < alen) { + wpa_printf(MSG_DEBUG, "EAP-GPSK: Too short message for " + "PD_Payload_1"); + eap_gpsk_state(data, FAILURE); + return; + } + wpa_hexdump(MSG_DEBUG, "EAP-GPSK: PD_Payload_1", pos, alen); + pos += alen; + + miclen = eap_gpsk_mic_len(data->vendor, data->specifier); + if (end - pos < (int) miclen) { + wpa_printf(MSG_DEBUG, "EAP-GPSK: Message too short for MIC " + "(left=%d miclen=%d)", end - pos, miclen); + eap_gpsk_state(data, FAILURE); + return; + } + if (eap_gpsk_compute_mic(data->sk, data->sk_len, data->vendor, + data->specifier, payload, pos - payload, mic) + < 0) { + wpa_printf(MSG_DEBUG, "EAP-GPSK: Failed to compute MIC"); + eap_gpsk_state(data, FAILURE); + return; + } + if (memcmp(mic, pos, miclen) != 0) { + wpa_printf(MSG_INFO, "EAP-GPSK: Incorrect MIC in GPSK-4"); + wpa_hexdump(MSG_DEBUG, "EAP-GPSK: Received MIC", pos, miclen); + wpa_hexdump(MSG_DEBUG, "EAP-GPSK: Computed MIC", mic, miclen); + eap_gpsk_state(data, FAILURE); + return; + } + pos += miclen; + + if (pos != end) { + wpa_printf(MSG_DEBUG, "EAP-GPSK: Ignored %d bytes of extra " + "data in the end of GPSK-4", end - pos); + } + + eap_gpsk_state(data, SUCCESS); +} + + +static void eap_gpsk_process(struct eap_sm *sm, void *priv, + u8 *respData, size_t respDataLen) +{ + struct eap_gpsk_data *data = priv; + const u8 *pos; + size_t len; + + pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_GPSK, + respData, respDataLen, &len); + if (pos == NULL || len < 1) + return; + + switch (*pos) { + case EAP_GPSK_OPCODE_GPSK_2: + eap_gpsk_process_gpsk_2(sm, data, respData, respDataLen, + pos + 1, len - 1); + break; + case EAP_GPSK_OPCODE_GPSK_4: + eap_gpsk_process_gpsk_4(sm, data, respData, respDataLen, + pos + 1, len - 1); + break; + } +} + + +static Boolean eap_gpsk_isDone(struct eap_sm *sm, void *priv) +{ + struct eap_gpsk_data *data = priv; + return data->state == SUCCESS || data->state == FAILURE; +} + + +static u8 * eap_gpsk_getKey(struct eap_sm *sm, void *priv, size_t *len) +{ + struct eap_gpsk_data *data = priv; + u8 *key; + + if (data->state != SUCCESS) + return NULL; + + key = malloc(EAP_MSK_LEN); + if (key == NULL) + return NULL; + memcpy(key, data->msk, EAP_MSK_LEN); + *len = EAP_MSK_LEN; + + return key; +} + + +static u8 * eap_gpsk_get_emsk(struct eap_sm *sm, void *priv, size_t *len) +{ + struct eap_gpsk_data *data = priv; + u8 *key; + + if (data->state != SUCCESS) + return NULL; + + key = malloc(EAP_EMSK_LEN); + if (key == NULL) + return NULL; + memcpy(key, data->emsk, EAP_EMSK_LEN); + *len = EAP_EMSK_LEN; + + return key; +} + + +static Boolean eap_gpsk_isSuccess(struct eap_sm *sm, void *priv) +{ + struct eap_gpsk_data *data = priv; + return data->state == SUCCESS; +} + + +int eap_server_gpsk_register(void) +{ + struct eap_method *eap; + int ret; + + eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION, + EAP_VENDOR_IETF, EAP_TYPE_GPSK, "GPSK"); + if (eap == NULL) + return -1; + + eap->init = eap_gpsk_init; + eap->reset = eap_gpsk_reset; + eap->buildReq = eap_gpsk_buildReq; + eap->check = eap_gpsk_check; + eap->process = eap_gpsk_process; + eap->isDone = eap_gpsk_isDone; + eap->getKey = eap_gpsk_getKey; + eap->isSuccess = eap_gpsk_isSuccess; + eap->get_emsk = eap_gpsk_get_emsk; + + ret = eap_server_method_register(eap); + if (ret) + eap_server_method_free(eap); + return ret; +} diff --git a/contrib/hostapd-0.5.8/eap_gpsk_common.c b/contrib/hostapd-0.5.8/eap_gpsk_common.c new file mode 100644 index 0000000000..a72b5f3da1 --- /dev/null +++ b/contrib/hostapd-0.5.8/eap_gpsk_common.c @@ -0,0 +1,441 @@ +/* + * EAP server/peer: EAP-GPSK shared routines + * Copyright (c) 2006-2007, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "common.h" +#include "eap_defs.h" +#include "aes_wrap.h" +#include "crypto.h" +#include "sha1.h" +#include "sha256.h" +#include "eap_gpsk_common.h" + + +/** + * eap_gpsk_supported_ciphersuite - Check whether ciphersuite is supported + * @vendor: CSuite/Vendor + * @specifier: CSuite/Specifier + * Returns: 1 if ciphersuite is support, or 0 if not + */ +int eap_gpsk_supported_ciphersuite(int vendor, int specifier) +{ + if (vendor == EAP_GPSK_VENDOR_IETF && + specifier == EAP_GPSK_CIPHER_AES) + return 1; +#ifdef EAP_GPSK_SHA256 + if (vendor == EAP_GPSK_VENDOR_IETF && + specifier == EAP_GPSK_CIPHER_SHA256) + return 1; +#endif /* EAP_GPSK_SHA256 */ + return 0; +} + + +static int eap_gpsk_gkdf(const u8 *psk /* Y */, size_t psk_len, + const u8 *data /* Z */, size_t data_len, + u8 *buf, size_t len /* X */) +{ + u8 *opos; + size_t i, n, hashlen, left, clen; + u8 ibuf[2], hash[SHA1_MAC_LEN]; + const u8 *addr[3]; + size_t vlen[3]; + + hashlen = SHA1_MAC_LEN; + /* M_i = Hash-Function (i || Y || Z); */ + addr[0] = ibuf; + vlen[0] = sizeof(ibuf); + addr[1] = psk; + vlen[1] = psk_len; + addr[2] = data; + vlen[2] = data_len; + + opos = buf; + left = len; + n = (len + hashlen - 1) / hashlen; + for (i = 1; i <= n; i++) { + WPA_PUT_BE16(ibuf, i); + sha1_vector(3, addr, vlen, hash); + clen = left > hashlen ? hashlen : left; + os_memcpy(opos, hash, clen); + opos += clen; + left -= clen; + } + + return 0; +} + + +static int eap_gpsk_derive_keys_aes(const u8 *psk, size_t psk_len, + const u8 *seed, size_t seed_len, + u8 *msk, u8 *emsk, u8 *sk, size_t *sk_len, + u8 *pk, size_t *pk_len) +{ +#define EAP_GPSK_SK_LEN_AES 16 +#define EAP_GPSK_PK_LEN_AES 16 + u8 zero_string[1], mk[32], *pos, *data; + u8 kdf_out[EAP_MSK_LEN + EAP_EMSK_LEN + EAP_GPSK_SK_LEN_AES + + EAP_GPSK_PK_LEN_AES]; + size_t data_len; + + /* + * inputString = RAND_Client || ID_Client || RAND_Server || ID_Server + * (= seed) + * KS = 16, PL = psk_len, CSuite_Sel = 0x000000 0x000001 + * MK = GKDF-32 (0x00, PL || PSK || CSuite_Sel || inputString) + * MSK = GKDF-160 (MK, inputString)[0..63] + * EMSK = GKDF-160 (MK, inputString)[64..127] + * SK = GKDF-160 (MK, inputString)[128..143] + * PK = GKDF-160 (MK, inputString)[144..159] + * MID = GKDF-16(0x00, "Method ID" || EAP_Method_Type || CSuite_Sel || + * inputString) + * Hash-Function = SHA-1 (see [RFC3174]) + * hashlen = 20 octets (160 bits) + */ + + os_memset(zero_string, 0, sizeof(zero_string)); + + data_len = 2 + psk_len + 6 + seed_len; + data = os_malloc(data_len); + if (data == NULL) + return -1; + pos = data; + WPA_PUT_BE16(pos, psk_len); + pos += 2; + os_memcpy(pos, psk, psk_len); + pos += psk_len; + WPA_PUT_BE24(pos, 0); /* CSuite/Vendor = IETF */ + pos += 3; + WPA_PUT_BE24(pos, EAP_GPSK_CIPHER_AES); /* CSuite/Specifier */ + pos += 3; + os_memcpy(pos, seed, seed_len); /* inputString */ + wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: Data to MK derivation (AES)", + data, data_len); + + if (eap_gpsk_gkdf(zero_string, sizeof(zero_string), data, data_len, + mk, sizeof(mk)) < 0) { + os_free(data); + return -1; + } + os_free(data); + wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: MK", mk, sizeof(mk)); + + if (eap_gpsk_gkdf(mk, sizeof(mk), seed, seed_len, + kdf_out, sizeof(kdf_out)) < 0) + return -1; + + pos = kdf_out; + wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: MSK", pos, EAP_MSK_LEN); + os_memcpy(msk, pos, EAP_MSK_LEN); + pos += EAP_MSK_LEN; + + wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: EMSK", pos, EAP_EMSK_LEN); + os_memcpy(emsk, pos, EAP_EMSK_LEN); + pos += EAP_EMSK_LEN; + + wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: SK", pos, EAP_GPSK_SK_LEN_AES); + os_memcpy(sk, pos, EAP_GPSK_SK_LEN_AES); + *sk_len = EAP_GPSK_SK_LEN_AES; + pos += EAP_GPSK_SK_LEN_AES; + + wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: PK", pos, EAP_GPSK_PK_LEN_AES); + os_memcpy(pk, pos, EAP_GPSK_PK_LEN_AES); + *pk_len = EAP_GPSK_PK_LEN_AES; + + return 0; +} + + +#ifdef EAP_GPSK_SHA256 +static int eap_gpsk_gkdf_sha256(const u8 *psk /* Y */, size_t psk_len, + const u8 *data /* Z */, size_t data_len, + u8 *buf, size_t len /* X */) +{ + u8 *opos; + size_t i, n, hashlen, left, clen; + u8 ibuf[2], hash[SHA256_MAC_LEN]; + const u8 *addr[3]; + size_t vlen[3]; + + hashlen = SHA256_MAC_LEN; + /* M_i = Hash-Function (i || Y || Z); */ + addr[0] = ibuf; + vlen[0] = sizeof(ibuf); + addr[1] = psk; + vlen[1] = psk_len; + addr[2] = data; + vlen[2] = data_len; + + opos = buf; + left = len; + n = (len + hashlen - 1) / hashlen; + for (i = 1; i <= n; i++) { + WPA_PUT_BE16(ibuf, i); + sha256_vector(3, addr, vlen, hash); + clen = left > hashlen ? hashlen : left; + os_memcpy(opos, hash, clen); + opos += clen; + left -= clen; + } + + return 0; +} + + +static int eap_gpsk_derive_keys_sha256(const u8 *psk, size_t psk_len, + const u8 *seed, size_t seed_len, + u8 *msk, u8 *emsk, + u8 *sk, size_t *sk_len, + u8 *pk, size_t *pk_len) +{ +#define EAP_GPSK_SK_LEN_SHA256 SHA256_MAC_LEN +#define EAP_GPSK_PK_LEN_SHA256 SHA256_MAC_LEN + u8 mk[SHA256_MAC_LEN], zero_string[1], *pos, *data; + u8 kdf_out[EAP_MSK_LEN + EAP_EMSK_LEN + EAP_GPSK_SK_LEN_SHA256 + + EAP_GPSK_PK_LEN_SHA256]; + size_t data_len; + + /* + * inputString = RAND_Client || ID_Client || RAND_Server || ID_Server + * (= seed) + * KS = 32, PL = psk_len, CSuite_Sel = 0x000000 0x000002 + * MK = GKDF-32 (0x00, PL || PSK || CSuite_Sel || inputString) + * MSK = GKDF-192 (MK, inputString)[0..63] + * EMSK = GKDF-192 (MK, inputString)[64..127] + * SK = GKDF-192 (MK, inputString)[128..159] + * PK = GKDF-192 (MK, inputString)[160..191] + * MID = GKDF-16(0x00, "Method ID" || EAP_Method_Type || CSuite_Sel || + * inputString) + * Hash-Function = SHA256 (see [RFC4634]) + * hashlen = 32 octets (256 bits) + */ + + os_memset(zero_string, 0, sizeof(zero_string)); + + data_len = 2 + psk_len + 6 + seed_len; + data = os_malloc(data_len); + if (data == NULL) + return -1; + pos = data; + WPA_PUT_BE16(pos, psk_len); + pos += 2; + os_memcpy(pos, psk, psk_len); + pos += psk_len; + WPA_PUT_BE24(pos, 0); /* CSuite/Vendor = IETF */ + pos += 3; + WPA_PUT_BE24(pos, EAP_GPSK_CIPHER_SHA256); /* CSuite/Specifier */ + pos += 3; + os_memcpy(pos, seed, seed_len); /* inputString */ + wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: Data to MK derivation (SHA256)", + data, data_len); + + if (eap_gpsk_gkdf_sha256(zero_string, sizeof(zero_string), + data, data_len, mk, sizeof(mk)) < 0) { + os_free(data); + return -1; + } + os_free(data); + wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: MK", mk, sizeof(mk)); + + if (eap_gpsk_gkdf_sha256(mk, sizeof(mk), seed, seed_len, + kdf_out, sizeof(kdf_out)) < 0) + return -1; + + pos = kdf_out; + wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: MSK", pos, EAP_MSK_LEN); + os_memcpy(msk, pos, EAP_MSK_LEN); + pos += EAP_MSK_LEN; + + wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: EMSK", pos, EAP_EMSK_LEN); + os_memcpy(emsk, pos, EAP_EMSK_LEN); + pos += EAP_EMSK_LEN; + + wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: SK", + pos, EAP_GPSK_SK_LEN_SHA256); + os_memcpy(sk, pos, EAP_GPSK_SK_LEN_SHA256); + *sk_len = EAP_GPSK_SK_LEN_AES; + pos += EAP_GPSK_SK_LEN_AES; + + wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: PK", + pos, EAP_GPSK_PK_LEN_SHA256); + os_memcpy(pk, pos, EAP_GPSK_PK_LEN_SHA256); + *pk_len = EAP_GPSK_PK_LEN_SHA256; + + return 0; +} +#endif /* EAP_GPSK_SHA256 */ + + +/** + * eap_gpsk_derive_keys - Derive EAP-GPSK keys + * @psk: Pre-shared key (at least 16 bytes if AES is used) + * @psk_len: Length of psk in bytes + * @vendor: CSuite/Vendor + * @specifier: CSuite/Specifier + * @rand_client: 32-byte RAND_Client + * @rand_server: 32-byte RAND_Server + * @id_client: ID_Client + * @id_client_len: Length of ID_Client + * @id_server: ID_Server + * @id_server_len: Length of ID_Server + * @msk: Buffer for 64-byte MSK + * @emsk: Buffer for 64-byte EMSK + * @sk: Buffer for SK (at least EAP_GPSK_MAX_SK_LEN bytes) + * @sk_len: Buffer for returning length of SK + * @pk: Buffer for SK (at least EAP_GPSK_MAX_PK_LEN bytes) + * @pk_len: Buffer for returning length of PK + * Returns: 0 on success, -1 on failure + */ +int eap_gpsk_derive_keys(const u8 *psk, size_t psk_len, int vendor, + int specifier, + const u8 *rand_client, const u8 *rand_server, + const u8 *id_client, size_t id_client_len, + const u8 *id_server, size_t id_server_len, + u8 *msk, u8 *emsk, u8 *sk, size_t *sk_len, + u8 *pk, size_t *pk_len) +{ + u8 *seed, *pos; + size_t seed_len; + int ret; + + wpa_printf(MSG_DEBUG, "EAP-GPSK: Deriving keys (%d:%d)", + vendor, specifier); + + if (vendor != EAP_GPSK_VENDOR_IETF) + return -1; + + wpa_hexdump_key(MSG_DEBUG, "EAP-GPSK: PSK", psk, psk_len); + + /* Seed = RAND_Client || ID_Client || RAND_Server || ID_Server */ + seed_len = 2 * EAP_GPSK_RAND_LEN + id_server_len + id_client_len; + seed = os_malloc(seed_len); + if (seed == NULL) { + wpa_printf(MSG_DEBUG, "EAP-GPSK: Failed to allocate memory " + "for key derivation"); + return -1; + } + + pos = seed; + os_memcpy(pos, rand_client, EAP_GPSK_RAND_LEN); + pos += EAP_GPSK_RAND_LEN; + os_memcpy(pos, id_client, id_client_len); + pos += id_client_len; + os_memcpy(pos, rand_server, EAP_GPSK_RAND_LEN); + pos += EAP_GPSK_RAND_LEN; + os_memcpy(pos, id_server, id_server_len); + pos += id_server_len; + wpa_hexdump(MSG_DEBUG, "EAP-GPSK: Seed", seed, seed_len); + + switch (specifier) { + case EAP_GPSK_CIPHER_AES: + ret = eap_gpsk_derive_keys_aes(psk, psk_len, seed, seed_len, + msk, emsk, sk, sk_len, + pk, pk_len); + break; +#ifdef EAP_GPSK_SHA256 + case EAP_GPSK_CIPHER_SHA256: + ret = eap_gpsk_derive_keys_sha256(psk, psk_len, seed, seed_len, + msk, emsk, sk, sk_len, + pk, pk_len); + break; +#endif /* EAP_GPSK_SHA256 */ + default: + wpa_printf(MSG_DEBUG, "EAP-GPSK: Unknown cipher %d:%d used in " + "key derivation", vendor, specifier); + ret = -1; + break; + } + + os_free(seed); + + return ret; +} + + +/** + * eap_gpsk_mic_len - Get the length of the MIC + * @vendor: CSuite/Vendor + * @specifier: CSuite/Specifier + * Returns: MIC length in bytes + */ +size_t eap_gpsk_mic_len(int vendor, int specifier) +{ + if (vendor != EAP_GPSK_VENDOR_IETF) + return 0; + + switch (specifier) { + case EAP_GPSK_CIPHER_AES: + return 16; +#ifdef EAP_GPSK_SHA256 + case EAP_GPSK_CIPHER_SHA256: + return 32; +#endif /* EAP_GPSK_SHA256 */ + default: + return 0; + } +} + + +static int eap_gpsk_compute_mic_aes(const u8 *sk, size_t sk_len, + const u8 *data, size_t len, u8 *mic) +{ + if (sk_len != 16) { + wpa_printf(MSG_DEBUG, "EAP-GPSK: Invalid SK length %d for " + "AES-CMAC MIC", sk_len); + return -1; + } + + return omac1_aes_128(sk, data, len, mic); +} + + +/** + * eap_gpsk_compute_mic - Compute EAP-GPSK MIC for an EAP packet + * @sk: Session key SK from eap_gpsk_derive_keys() + * @sk_len: SK length in bytes from eap_gpsk_derive_keys() + * @vendor: CSuite/Vendor + * @specifier: CSuite/Specifier + * @data: Input data to MIC + * @len: Input data length in bytes + * @mic: Buffer for the computed MIC, eap_gpsk_mic_len(cipher) bytes + * Returns: 0 on success, -1 on failure + */ +int eap_gpsk_compute_mic(const u8 *sk, size_t sk_len, int vendor, + int specifier, const u8 *data, size_t len, u8 *mic) +{ + int ret; + + if (vendor != EAP_GPSK_VENDOR_IETF) + return -1; + + switch (specifier) { + case EAP_GPSK_CIPHER_AES: + ret = eap_gpsk_compute_mic_aes(sk, sk_len, data, len, mic); + break; +#ifdef EAP_GPSK_SHA256 + case EAP_GPSK_CIPHER_SHA256: + hmac_sha256(sk, sk_len, data, len, mic); + ret = 0; + break; +#endif /* EAP_GPSK_SHA256 */ + default: + wpa_printf(MSG_DEBUG, "EAP-GPSK: Unknown cipher %d:%d used in " + "MIC computation", vendor, specifier); + ret = -1; + break; + } + + return ret; +} diff --git a/contrib/hostapd-0.5.8/eap_gpsk_common.h b/contrib/hostapd-0.5.8/eap_gpsk_common.h new file mode 100644 index 0000000000..c806b7f852 --- /dev/null +++ b/contrib/hostapd-0.5.8/eap_gpsk_common.h @@ -0,0 +1,66 @@ +/* + * EAP server/peer: EAP-GPSK shared routines + * Copyright (c) 2006-2007, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef EAP_GPSK_COMMON_H +#define EAP_GPSK_COMMON_H + +#define EAP_GPSK_OPCODE_GPSK_1 1 +#define EAP_GPSK_OPCODE_GPSK_2 2 +#define EAP_GPSK_OPCODE_GPSK_3 3 +#define EAP_GPSK_OPCODE_GPSK_4 4 +#define EAP_GPSK_OPCODE_FAIL 5 +#define EAP_GPSK_OPCODE_PROTECTED_FAIL 6 + +/* Failure-Code in GPSK-Fail and GPSK-Protected-Fail */ +#define EAP_GPSK_FAIL_PSK_NOT_FOUND 0x00000001 +#define EAP_GPSK_FAIL_AUTHENTICATION_FAILURE 0x00000002 +#define EAP_GPSK_FAIL_AUTHORIZATION_FAILURE 0x00000003 + +#define EAP_GPSK_RAND_LEN 32 +#define EAP_GPSK_MAX_SK_LEN 32 +#define EAP_GPSK_MAX_PK_LEN 32 +#define EAP_GPSK_MAX_MIC_LEN 32 + +#define EAP_GPSK_VENDOR_IETF 0x000000 +#define EAP_GPSK_CIPHER_RESERVED 0x000000 +#define EAP_GPSK_CIPHER_AES 0x000001 +#define EAP_GPSK_CIPHER_SHA256 0x000002 + + +#ifdef _MSC_VER +#pragma pack(push, 1) +#endif /* _MSC_VER */ + +struct eap_gpsk_csuite { + u8 vendor[3]; + u8 specifier[3]; +} STRUCT_PACKED; + +#ifdef _MSC_VER +#pragma pack(pop) +#endif /* _MSC_VER */ + +int eap_gpsk_supported_ciphersuite(int vendor, int specifier); +int eap_gpsk_derive_keys(const u8 *psk, size_t psk_len, int vendor, + int specifier, + const u8 *rand_client, const u8 *rand_server, + const u8 *id_client, size_t id_client_len, + const u8 *id_server, size_t id_server_len, + u8 *msk, u8 *emsk, u8 *sk, size_t *sk_len, + u8 *pk, size_t *pk_len); +size_t eap_gpsk_mic_len(int vendor, int specifier); +int eap_gpsk_compute_mic(const u8 *sk, size_t sk_len, int vendor, + int specifier, const u8 *data, size_t len, u8 *mic); + +#endif /* EAP_GPSK_COMMON_H */ diff --git a/contrib/hostapd-0.5.8/eap_gtc.c b/contrib/hostapd-0.5.8/eap_gtc.c new file mode 100644 index 0000000000..42e4cd35cd --- /dev/null +++ b/contrib/hostapd-0.5.8/eap_gtc.c @@ -0,0 +1,160 @@ +/* + * hostapd / EAP-GTC (RFC 3748) + * Copyright (c) 2004-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "hostapd.h" +#include "common.h" +#include "eap_i.h" + + +struct eap_gtc_data { + enum { CONTINUE, SUCCESS, FAILURE } state; +}; + + +static void * eap_gtc_init(struct eap_sm *sm) +{ + struct eap_gtc_data *data; + + data = wpa_zalloc(sizeof(*data)); + if (data == NULL) + return NULL; + data->state = CONTINUE; + + return data; +} + + +static void eap_gtc_reset(struct eap_sm *sm, void *priv) +{ + struct eap_gtc_data *data = priv; + free(data); +} + + +static u8 * eap_gtc_buildReq(struct eap_sm *sm, void *priv, int id, + size_t *reqDataLen) +{ + struct eap_gtc_data *data = priv; + struct eap_hdr *req; + u8 *pos; + char *msg = "Password"; + size_t msg_len; + + msg_len = strlen(msg); + req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_GTC, reqDataLen, + msg_len, EAP_CODE_REQUEST, id, &pos); + if (req == NULL) { + wpa_printf(MSG_ERROR, "EAP-GTC: Failed to allocate memory for " + "request"); + data->state = FAILURE; + return NULL; + } + + memcpy(pos, msg, msg_len); + + data->state = CONTINUE; + + return (u8 *) req; +} + + +static Boolean eap_gtc_check(struct eap_sm *sm, void *priv, + u8 *respData, size_t respDataLen) +{ + const u8 *pos; + size_t len; + + pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_GTC, + respData, respDataLen, &len); + if (pos == NULL || len < 1) { + wpa_printf(MSG_INFO, "EAP-GTC: Invalid frame"); + return TRUE; + } + + return FALSE; +} + + +static void eap_gtc_process(struct eap_sm *sm, void *priv, + u8 *respData, size_t respDataLen) +{ + struct eap_gtc_data *data = priv; + const u8 *pos; + size_t rlen; + + if (sm->user == NULL || sm->user->password == NULL || + sm->user->password_hash) { + wpa_printf(MSG_INFO, "EAP-GTC: Plaintext password not " + "configured"); + data->state = FAILURE; + return; + } + + pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_GTC, + respData, respDataLen, &rlen); + if (pos == NULL || rlen < 1) + return; /* Should not happen - frame already validated */ + + wpa_hexdump_key(MSG_MSGDUMP, "EAP-GTC: Response", pos, rlen); + + if (rlen != sm->user->password_len || + memcmp(pos, sm->user->password, rlen) != 0) { + wpa_printf(MSG_DEBUG, "EAP-GTC: Done - Failure"); + data->state = FAILURE; + } else { + wpa_printf(MSG_DEBUG, "EAP-GTC: Done - Success"); + data->state = SUCCESS; + } +} + + +static Boolean eap_gtc_isDone(struct eap_sm *sm, void *priv) +{ + struct eap_gtc_data *data = priv; + return data->state != CONTINUE; +} + + +static Boolean eap_gtc_isSuccess(struct eap_sm *sm, void *priv) +{ + struct eap_gtc_data *data = priv; + return data->state == SUCCESS; +} + + +int eap_server_gtc_register(void) +{ + struct eap_method *eap; + int ret; + + eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION, + EAP_VENDOR_IETF, EAP_TYPE_GTC, "GTC"); + if (eap == NULL) + return -1; + + eap->init = eap_gtc_init; + eap->reset = eap_gtc_reset; + eap->buildReq = eap_gtc_buildReq; + eap->check = eap_gtc_check; + eap->process = eap_gtc_process; + eap->isDone = eap_gtc_isDone; + eap->isSuccess = eap_gtc_isSuccess; + + ret = eap_server_method_register(eap); + if (ret) + eap_server_method_free(eap); + return ret; +} diff --git a/contrib/hostapd-0.5.8/eap_i.h b/contrib/hostapd-0.5.8/eap_i.h new file mode 100644 index 0000000000..85b2c2d2fa --- /dev/null +++ b/contrib/hostapd-0.5.8/eap_i.h @@ -0,0 +1,192 @@ +/* + * hostapd / EAP Authenticator state machine internal structures (RFC 4137) + * Copyright (c) 2004-2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef EAP_I_H +#define EAP_I_H + +#include "eap.h" + +/* RFC 4137 - EAP Standalone Authenticator */ + +/** + * struct eap_method - EAP method interface + * This structure defines the EAP method interface. Each method will need to + * register its own EAP type, EAP name, and set of function pointers for method + * specific operations. This interface is based on section 5.4 of RFC 4137. + */ +struct eap_method { + int vendor; + EapType method; + const char *name; + + void * (*init)(struct eap_sm *sm); + void * (*initPickUp)(struct eap_sm *sm); + void (*reset)(struct eap_sm *sm, void *priv); + + u8 * (*buildReq)(struct eap_sm *sm, void *priv, int id, + size_t *reqDataLen); + int (*getTimeout)(struct eap_sm *sm, void *priv); + Boolean (*check)(struct eap_sm *sm, void *priv, + u8 *respData, size_t respDataLen); + void (*process)(struct eap_sm *sm, void *priv, + u8 *respData, size_t respDataLen); + Boolean (*isDone)(struct eap_sm *sm, void *priv); + u8 * (*getKey)(struct eap_sm *sm, void *priv, size_t *len); + /* isSuccess is not specified in draft-ietf-eap-statemachine-05.txt, + * but it is useful in implementing Policy.getDecision() */ + Boolean (*isSuccess)(struct eap_sm *sm, void *priv); + + /** + * free - Free EAP method data + * @method: Pointer to the method data registered with + * eap_server_method_register(). + * + * This function will be called when the EAP method is being + * unregistered. If the EAP method allocated resources during + * registration (e.g., allocated struct eap_method), they should be + * freed in this function. No other method functions will be called + * after this call. If this function is not defined (i.e., function + * pointer is %NULL), a default handler is used to release the method + * data with free(method). This is suitable for most cases. + */ + void (*free)(struct eap_method *method); + +#define EAP_SERVER_METHOD_INTERFACE_VERSION 1 + /** + * version - Version of the EAP server method interface + * + * The EAP server method implementation should set this variable to + * EAP_SERVER_METHOD_INTERFACE_VERSION. This is used to verify that the + * EAP method is using supported API version when using dynamically + * loadable EAP methods. + */ + int version; + + /** + * next - Pointer to the next EAP method + * + * This variable is used internally in the EAP method registration code + * to create a linked list of registered EAP methods. + */ + struct eap_method *next; + + /** + * get_emsk - Get EAP method specific keying extended material (EMSK) + * @sm: Pointer to EAP state machine allocated with eap_sm_init() + * @priv: Pointer to private EAP method data from eap_method::init() + * @len: Pointer to a variable to store EMSK length + * Returns: EMSK or %NULL if not available + * + * This function can be used to get the extended keying material from + * the EAP method. The key may already be stored in the method-specific + * private data or this function may derive the key. + */ + u8 * (*get_emsk)(struct eap_sm *sm, void *priv, size_t *len); +}; + +/** + * struct eap_sm - EAP server state machine data + */ +struct eap_sm { + enum { + EAP_DISABLED, EAP_INITIALIZE, EAP_IDLE, EAP_RECEIVED, + EAP_INTEGRITY_CHECK, EAP_METHOD_RESPONSE, EAP_METHOD_REQUEST, + EAP_PROPOSE_METHOD, EAP_SELECT_ACTION, EAP_SEND_REQUEST, + EAP_DISCARD, EAP_NAK, EAP_RETRANSMIT, EAP_SUCCESS, EAP_FAILURE, + EAP_TIMEOUT_FAILURE, EAP_PICK_UP_METHOD + } EAP_state; + + /* Constants */ + int MaxRetrans; + + /* Lower layer to standalone authenticator variables */ + /* eapResp: eapol_sm->be_auth.eapResp */ + /* portEnabled: eapol_sm->portEnabled */ + /* eapRestart: eapol_sm->auth_pae.eapRestart */ + u8 *eapRespData; + size_t eapRespDataLen; + int retransWhile; + int eapSRTT; + int eapRTTVAR; + + /* Standalone authenticator to lower layer variables */ + /* eapReq: eapol_sm->be_auth.eapReq */ + /* eapNoReq: eapol_sm->be_auth.eapNoReq */ + /* eapSuccess: eapol_sm->eapSuccess */ + /* eapFail: eapol_sm->eapFail */ + /* eapTimeout: eapol_sm->eapTimeout */ + u8 *eapReqData; + size_t eapReqDataLen; + u8 *eapKeyData; /* also eapKeyAvailable (boolean) */ + size_t eapKeyDataLen; + + /* Standalone authenticator state machine local variables */ + + /* Long-term (maintained betwen packets) */ + EapType currentMethod; + int currentId; + enum { + METHOD_PROPOSED, METHOD_CONTINUE, METHOD_END + } methodState; + int retransCount; + u8 *lastReqData; + size_t lastReqDataLen; + int methodTimeout; + + /* Short-term (not maintained between packets) */ + Boolean rxResp; + int respId; + EapType respMethod; + int respVendor; + u32 respVendorMethod; + Boolean ignore; + enum { + DECISION_SUCCESS, DECISION_FAILURE, DECISION_CONTINUE + } decision; + + /* Miscellaneous variables */ + const struct eap_method *m; /* selected EAP method */ + /* not defined in draft-ietf-eap-statemachine-02 */ + Boolean changed; + void *eapol_ctx, *msg_ctx; + struct eapol_callbacks *eapol_cb; + void *eap_method_priv; + u8 *identity; + size_t identity_len; + int lastId; /* Identifier used in the last EAP-Packet */ + struct eap_user *user; + int user_eap_method_index; + int init_phase2; + void *ssl_ctx; + enum { TLV_REQ_NONE, TLV_REQ_SUCCESS, TLV_REQ_FAILURE } tlv_request; + void *eap_sim_db_priv; + Boolean backend_auth; + Boolean update_user; + + int num_rounds; + enum { + METHOD_PENDING_NONE, METHOD_PENDING_WAIT, METHOD_PENDING_CONT + } method_pending; +}; + +int eap_user_get(struct eap_sm *sm, const u8 *identity, size_t identity_len, + int phase2); +void eap_sm_process_nak(struct eap_sm *sm, u8 *nak_list, size_t len); +const u8 * eap_hdr_validate(int vendor, EapType eap_type, + const u8 *msg, size_t msglen, size_t *plen); +struct eap_hdr * eap_msg_alloc(int vendor, EapType type, size_t *len, + size_t payload_len, u8 code, u8 identifier, + u8 **payload); + +#endif /* EAP_I_H */ diff --git a/contrib/hostapd-0.5.8/eap_identity.c b/contrib/hostapd-0.5.8/eap_identity.c new file mode 100644 index 0000000000..ab6f26b1fe --- /dev/null +++ b/contrib/hostapd-0.5.8/eap_identity.c @@ -0,0 +1,181 @@ +/* + * hostapd / EAP-Identity + * Copyright (c) 2004-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "hostapd.h" +#include "common.h" +#include "eap_i.h" + + +struct eap_identity_data { + enum { CONTINUE, SUCCESS, FAILURE } state; + int pick_up; +}; + + +static void * eap_identity_init(struct eap_sm *sm) +{ + struct eap_identity_data *data; + + data = wpa_zalloc(sizeof(*data)); + if (data == NULL) + return NULL; + data->state = CONTINUE; + + return data; +} + + +static void * eap_identity_initPickUp(struct eap_sm *sm) +{ + struct eap_identity_data *data; + data = eap_identity_init(sm); + if (data) { + data->pick_up = 1; + } + return data; +} + + +static void eap_identity_reset(struct eap_sm *sm, void *priv) +{ + struct eap_identity_data *data = priv; + free(data); +} + + +static u8 * eap_identity_buildReq(struct eap_sm *sm, void *priv, int id, + size_t *reqDataLen) +{ + struct eap_identity_data *data = priv; + struct eap_hdr *req; + u8 *pos; + const char *req_data; + size_t req_data_len; + + if (sm->eapol_cb->get_eap_req_id_text) { + req_data = sm->eapol_cb->get_eap_req_id_text(sm->eapol_ctx, + &req_data_len); + } else { + req_data = NULL; + req_data_len = 0; + } + req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_IDENTITY, reqDataLen, + req_data_len, EAP_CODE_REQUEST, id, &pos); + if (req == NULL) { + wpa_printf(MSG_ERROR, "EAP-Identity: Failed to allocate " + "memory for request"); + data->state = FAILURE; + return NULL; + } + + if (req_data) + memcpy(pos, req_data, req_data_len); + + return (u8 *) req; +} + + +static Boolean eap_identity_check(struct eap_sm *sm, void *priv, + u8 *respData, size_t respDataLen) +{ + const u8 *pos; + size_t len; + + pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_IDENTITY, + respData, respDataLen, &len); + if (pos == NULL) { + wpa_printf(MSG_INFO, "EAP-Identity: Invalid frame"); + return TRUE; + } + + return FALSE; +} + + +static void eap_identity_process(struct eap_sm *sm, void *priv, + u8 *respData, size_t respDataLen) +{ + struct eap_identity_data *data = priv; + const u8 *pos; + size_t len; + + if (data->pick_up) { + if (eap_identity_check(sm, data, respData, respDataLen)) { + wpa_printf(MSG_DEBUG, "EAP-Identity: failed to pick " + "up already started negotiation"); + data->state = FAILURE; + return; + } + data->pick_up = 0; + } + + pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_IDENTITY, + respData, respDataLen, &len); + if (pos == NULL) + return; /* Should not happen - frame already validated */ + + wpa_hexdump_ascii(MSG_DEBUG, "EAP-Identity: Peer identity", pos, len); + free(sm->identity); + sm->identity = malloc(len); + if (sm->identity == NULL) { + data->state = FAILURE; + } else { + memcpy(sm->identity, pos, len); + sm->identity_len = len; + data->state = SUCCESS; + } +} + + +static Boolean eap_identity_isDone(struct eap_sm *sm, void *priv) +{ + struct eap_identity_data *data = priv; + return data->state != CONTINUE; +} + + +static Boolean eap_identity_isSuccess(struct eap_sm *sm, void *priv) +{ + struct eap_identity_data *data = priv; + return data->state == SUCCESS; +} + + +int eap_server_identity_register(void) +{ + struct eap_method *eap; + int ret; + + eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION, + EAP_VENDOR_IETF, EAP_TYPE_IDENTITY, + "Identity"); + if (eap == NULL) + return -1; + + eap->init = eap_identity_init; + eap->initPickUp = eap_identity_initPickUp; + eap->reset = eap_identity_reset; + eap->buildReq = eap_identity_buildReq; + eap->check = eap_identity_check; + eap->process = eap_identity_process; + eap->isDone = eap_identity_isDone; + eap->isSuccess = eap_identity_isSuccess; + + ret = eap_server_method_register(eap); + if (ret) + eap_server_method_free(eap); + return ret; +} diff --git a/contrib/hostapd-0.5.8/eap_md5.c b/contrib/hostapd-0.5.8/eap_md5.c new file mode 100644 index 0000000000..234a319b69 --- /dev/null +++ b/contrib/hostapd-0.5.8/eap_md5.c @@ -0,0 +1,188 @@ +/* + * hostapd / EAP-MD5 server + * Copyright (c) 2004-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "hostapd.h" +#include "common.h" +#include "eap_i.h" +#include "md5.h" +#include "crypto.h" + + +#define CHALLENGE_LEN 16 + +struct eap_md5_data { + u8 challenge[CHALLENGE_LEN]; + enum { CONTINUE, SUCCESS, FAILURE } state; +}; + + +static void * eap_md5_init(struct eap_sm *sm) +{ + struct eap_md5_data *data; + + data = wpa_zalloc(sizeof(*data)); + if (data == NULL) + return NULL; + data->state = CONTINUE; + + return data; +} + + +static void eap_md5_reset(struct eap_sm *sm, void *priv) +{ + struct eap_md5_data *data = priv; + free(data); +} + + +static u8 * eap_md5_buildReq(struct eap_sm *sm, void *priv, int id, + size_t *reqDataLen) +{ + struct eap_md5_data *data = priv; + struct eap_hdr *req; + u8 *pos; + + if (hostapd_get_rand(data->challenge, CHALLENGE_LEN)) { + wpa_printf(MSG_ERROR, "EAP-MD5: Failed to get random data"); + data->state = FAILURE; + return NULL; + } + + req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_MD5, reqDataLen, + 1 + CHALLENGE_LEN, EAP_CODE_REQUEST, id, &pos); + if (req == NULL) { + wpa_printf(MSG_ERROR, "EAP-MD5: Failed to allocate memory for " + "request"); + data->state = FAILURE; + return NULL; + } + + *pos++ = CHALLENGE_LEN; + memcpy(pos, data->challenge, CHALLENGE_LEN); + wpa_hexdump(MSG_MSGDUMP, "EAP-MD5: Challenge", pos, CHALLENGE_LEN); + + data->state = CONTINUE; + + return (u8 *) req; +} + + +static Boolean eap_md5_check(struct eap_sm *sm, void *priv, + u8 *respData, size_t respDataLen) +{ + const u8 *pos; + size_t len; + + pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_MD5, + respData, respDataLen, &len); + if (pos == NULL || len < 1) { + wpa_printf(MSG_INFO, "EAP-MD5: Invalid frame"); + return TRUE; + } + if (*pos != MD5_MAC_LEN || 1 + MD5_MAC_LEN > len) { + wpa_printf(MSG_INFO, "EAP-MD5: Invalid response " + "(response_len=%d payload_len=%lu", + *pos, (unsigned long) len); + return TRUE; + } + + return FALSE; +} + + +static void eap_md5_process(struct eap_sm *sm, void *priv, + u8 *respData, size_t respDataLen) +{ + struct eap_md5_data *data = priv; + struct eap_hdr *resp; + const u8 *pos; + const u8 *addr[3]; + size_t len[3], plen; + u8 hash[MD5_MAC_LEN]; + + if (sm->user == NULL || sm->user->password == NULL || + sm->user->password_hash) { + wpa_printf(MSG_INFO, "EAP-MD5: Plaintext password not " + "configured"); + data->state = FAILURE; + return; + } + + pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_MD5, + respData, respDataLen, &plen); + if (pos == NULL || *pos != MD5_MAC_LEN || plen < 1 + MD5_MAC_LEN) + return; /* Should not happen - frame already validated */ + + pos++; /* Skip response len */ + wpa_hexdump(MSG_MSGDUMP, "EAP-MD5: Response", pos, MD5_MAC_LEN); + + resp = (struct eap_hdr *) respData; + addr[0] = &resp->identifier; + len[0] = 1; + addr[1] = sm->user->password; + len[1] = sm->user->password_len; + addr[2] = data->challenge; + len[2] = CHALLENGE_LEN; + md5_vector(3, addr, len, hash); + + if (memcmp(hash, pos, MD5_MAC_LEN) == 0) { + wpa_printf(MSG_DEBUG, "EAP-MD5: Done - Success"); + data->state = SUCCESS; + } else { + wpa_printf(MSG_DEBUG, "EAP-MD5: Done - Failure"); + data->state = FAILURE; + } +} + + +static Boolean eap_md5_isDone(struct eap_sm *sm, void *priv) +{ + struct eap_md5_data *data = priv; + return data->state != CONTINUE; +} + + +static Boolean eap_md5_isSuccess(struct eap_sm *sm, void *priv) +{ + struct eap_md5_data *data = priv; + return data->state == SUCCESS; +} + + +int eap_server_md5_register(void) +{ + struct eap_method *eap; + int ret; + + eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION, + EAP_VENDOR_IETF, EAP_TYPE_MD5, "MD5"); + if (eap == NULL) + return -1; + + eap->init = eap_md5_init; + eap->reset = eap_md5_reset; + eap->buildReq = eap_md5_buildReq; + eap->check = eap_md5_check; + eap->process = eap_md5_process; + eap->isDone = eap_md5_isDone; + eap->isSuccess = eap_md5_isSuccess; + + ret = eap_server_method_register(eap); + if (ret) + eap_server_method_free(eap); + return ret; +} diff --git a/contrib/hostapd-0.5.8/eap_methods.c b/contrib/hostapd-0.5.8/eap_methods.c new file mode 100644 index 0000000000..671d5486c3 --- /dev/null +++ b/contrib/hostapd-0.5.8/eap_methods.c @@ -0,0 +1,273 @@ +/* + * hostapd / EAP method registration + * Copyright (c) 2004-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "hostapd.h" +#include "eap_i.h" +#include "eap_methods.h" + + +static struct eap_method *eap_methods; + + +/** + * eap_sm_get_eap_methods - Get EAP method based on type number + * @vendor: EAP Vendor-Id (0 = IETF) + * @method: EAP type number + * Returns: Pointer to EAP method or %NULL if not found + */ +const struct eap_method * eap_sm_get_eap_methods(int vendor, EapType method) +{ + struct eap_method *m; + for (m = eap_methods; m; m = m->next) { + if (m->vendor == vendor && m->method == method) + return m; + } + return NULL; +} + + +/** + * eap_get_type - Get EAP type for the given EAP method name + * @name: EAP method name, e.g., TLS + * @vendor: Buffer for returning EAP Vendor-Id + * Returns: EAP method type or %EAP_TYPE_NONE if not found + * + * This function maps EAP type names into EAP type numbers based on the list of + * EAP methods included in the build. + */ +EapType eap_get_type(const char *name, int *vendor) +{ + struct eap_method *m; + for (m = eap_methods; m; m = m->next) { + if (strcmp(m->name, name) == 0) { + *vendor = m->vendor; + return m->method; + } + } + *vendor = EAP_VENDOR_IETF; + return EAP_TYPE_NONE; +} + + +/** + * eap_server_method_alloc - Allocate EAP server method structure + * @version: Version of the EAP server method interface (set to + * EAP_SERVER_METHOD_INTERFACE_VERSION) + * @vendor: EAP Vendor-ID (EAP_VENDOR_*) (0 = IETF) + * @method: EAP type number (EAP_TYPE_*) + * name: Name of the method (e.g., "TLS") + * Returns: Allocated EAP method structure or %NULL on failure + * + * The returned structure should be freed with eap_server_method_free() when it + * is not needed anymore. + */ +struct eap_method * eap_server_method_alloc(int version, int vendor, + EapType method, const char *name) +{ + struct eap_method *eap; + eap = wpa_zalloc(sizeof(*eap)); + if (eap == NULL) + return NULL; + eap->version = version; + eap->vendor = vendor; + eap->method = method; + eap->name = name; + return eap; +} + + +/** + * eap_server_method_free - Free EAP server method structure + * @method: Method structure allocated with eap_server_method_alloc() + */ +void eap_server_method_free(struct eap_method *method) +{ + free(method); +} + + +/** + * eap_server_method_register - Register an EAP server method + * @method: EAP method to register + * Returns: 0 on success, -1 on invalid method, or -2 if a matching EAP method + * has already been registered + * + * Each EAP server method needs to call this function to register itself as a + * supported EAP method. + */ +int eap_server_method_register(struct eap_method *method) +{ + struct eap_method *m, *last = NULL; + + if (method == NULL || method->name == NULL || + method->version != EAP_SERVER_METHOD_INTERFACE_VERSION) + return -1; + + for (m = eap_methods; m; m = m->next) { + if ((m->vendor == method->vendor && + m->method == method->method) || + strcmp(m->name, method->name) == 0) + return -2; + last = m; + } + + if (last) + last->next = method; + else + eap_methods = method; + + return 0; +} + + +/** + * eap_server_register_methods - Register statically linked EAP server methods + * Returns: 0 on success, -1 on failure + * + * This function is called at program initialization to register all EAP server + * methods that were linked in statically. + */ +int eap_server_register_methods(void) +{ + int ret = 0; + + if (ret == 0) { + int eap_server_identity_register(void); + ret = eap_server_identity_register(); + } + +#ifdef EAP_MD5 + if (ret == 0) { + int eap_server_md5_register(void); + ret = eap_server_md5_register(); + } +#endif /* EAP_MD5 */ + +#ifdef EAP_TLS + if (ret == 0) { + int eap_server_tls_register(void); + ret = eap_server_tls_register(); + } +#endif /* EAP_TLS */ + +#ifdef EAP_MSCHAPv2 + if (ret == 0) { + int eap_server_mschapv2_register(void); + ret = eap_server_mschapv2_register(); + } +#endif /* EAP_MSCHAPv2 */ + +#ifdef EAP_PEAP + if (ret == 0) { + int eap_server_peap_register(void); + ret = eap_server_peap_register(); + } +#endif /* EAP_PEAP */ + +#ifdef EAP_TLV + if (ret == 0) { + int eap_server_tlv_register(void); + ret = eap_server_tlv_register(); + } +#endif /* EAP_TLV */ + +#ifdef EAP_GTC + if (ret == 0) { + int eap_server_gtc_register(void); + ret = eap_server_gtc_register(); + } +#endif /* EAP_GTC */ + +#ifdef EAP_TTLS + if (ret == 0) { + int eap_server_ttls_register(void); + ret = eap_server_ttls_register(); + } +#endif /* EAP_TTLS */ + +#ifdef EAP_SIM + if (ret == 0) { + int eap_server_sim_register(void); + ret = eap_server_sim_register(); + } +#endif /* EAP_SIM */ + +#ifdef EAP_AKA + if (ret == 0) { + int eap_server_aka_register(void); + ret = eap_server_aka_register(); + } +#endif /* EAP_AKA */ + +#ifdef EAP_PAX + if (ret == 0) { + int eap_server_pax_register(void); + ret = eap_server_pax_register(); + } +#endif /* EAP_PAX */ + +#ifdef EAP_PSK + if (ret == 0) { + int eap_server_psk_register(void); + ret = eap_server_psk_register(); + } +#endif /* EAP_PSK */ + +#ifdef EAP_SAKE + if (ret == 0) { + int eap_server_sake_register(void); + ret = eap_server_sake_register(); + } +#endif /* EAP_SAKE */ + +#ifdef EAP_GPSK + if (ret == 0) { + int eap_server_gpsk_register(void); + ret = eap_server_gpsk_register(); + } +#endif /* EAP_GPSK */ + +#ifdef EAP_VENDOR_TEST + if (ret == 0) { + int eap_server_vendor_test_register(void); + ret = eap_server_vendor_test_register(); + } +#endif /* EAP_VENDOR_TEST */ + + return ret; +} + + +/** + * eap_server_unregister_methods - Unregister EAP server methods + * + * This function is called at program termination to unregister all EAP server + * methods. + */ +void eap_server_unregister_methods(void) +{ + struct eap_method *m; + + while (eap_methods) { + m = eap_methods; + eap_methods = eap_methods->next; + + if (m->free) + m->free(m); + else + eap_server_method_free(m); + } +} diff --git a/contrib/hostapd-0.5.8/eap_methods.h b/contrib/hostapd-0.5.8/eap_methods.h new file mode 100644 index 0000000000..cec8a570e2 --- /dev/null +++ b/contrib/hostapd-0.5.8/eap_methods.h @@ -0,0 +1,49 @@ +/* + * hostapd / EAP method registration + * Copyright (c) 2004-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef EAP_METHODS_H +#define EAP_METHODS_H + +const struct eap_method * eap_sm_get_eap_methods(int vendor, EapType method); +struct eap_method * eap_server_method_alloc(int version, int vendor, + EapType method, const char *name); +void eap_server_method_free(struct eap_method *method); +int eap_server_method_register(struct eap_method *method); + +#ifdef EAP_SERVER + +EapType eap_get_type(const char *name, int *vendor); +int eap_server_register_methods(void); +void eap_server_unregister_methods(void); + +#else /* EAP_SERVER */ + +static inline EapType eap_get_type(const char *name, int *vendor) +{ + *vendor = EAP_VENDOR_IETF; + return EAP_TYPE_NONE; +} + +static inline int eap_server_register_methods(void) +{ + return 0; +} + +static inline void eap_server_unregister_methods(void) +{ +} + +#endif /* EAP_SERVER */ + +#endif /* EAP_METHODS_H */ diff --git a/contrib/hostapd-0.5.8/eap_mschapv2.c b/contrib/hostapd-0.5.8/eap_mschapv2.c new file mode 100644 index 0000000000..bbd819bbe1 --- /dev/null +++ b/contrib/hostapd-0.5.8/eap_mschapv2.c @@ -0,0 +1,555 @@ +/* + * hostapd / EAP-MSCHAPv2 (draft-kamath-pppext-eap-mschapv2-00.txt) server + * Copyright (c) 2004-2007, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "hostapd.h" +#include "common.h" +#include "eap_i.h" +#include "ms_funcs.h" + + +struct eap_mschapv2_hdr { + u8 op_code; /* MSCHAPV2_OP_* */ + u8 mschapv2_id; /* must be changed for challenges, but not for + * success/failure */ + u8 ms_length[2]; /* Note: misaligned; length - 5 */ + /* followed by data */ +} STRUCT_PACKED; + +#define MSCHAPV2_OP_CHALLENGE 1 +#define MSCHAPV2_OP_RESPONSE 2 +#define MSCHAPV2_OP_SUCCESS 3 +#define MSCHAPV2_OP_FAILURE 4 +#define MSCHAPV2_OP_CHANGE_PASSWORD 7 + +#define MSCHAPV2_RESP_LEN 49 + +#define ERROR_RESTRICTED_LOGON_HOURS 646 +#define ERROR_ACCT_DISABLED 647 +#define ERROR_PASSWD_EXPIRED 648 +#define ERROR_NO_DIALIN_PERMISSION 649 +#define ERROR_AUTHENTICATION_FAILURE 691 +#define ERROR_CHANGING_PASSWORD 709 + +#define PASSWD_CHANGE_CHAL_LEN 16 +#define MSCHAPV2_KEY_LEN 16 + + +#define CHALLENGE_LEN 16 + +struct eap_mschapv2_data { + u8 auth_challenge[CHALLENGE_LEN]; + u8 auth_response[20]; + enum { CHALLENGE, SUCCESS_REQ, FAILURE_REQ, SUCCESS, FAILURE } state; + u8 resp_mschapv2_id; + u8 master_key[16]; + int master_key_valid; +}; + + +static void * eap_mschapv2_init(struct eap_sm *sm) +{ + struct eap_mschapv2_data *data; + + data = wpa_zalloc(sizeof(*data)); + if (data == NULL) + return NULL; + data->state = CHALLENGE; + + return data; +} + + +static void eap_mschapv2_reset(struct eap_sm *sm, void *priv) +{ + struct eap_mschapv2_data *data = priv; + free(data); +} + + +static u8 * eap_mschapv2_build_challenge(struct eap_sm *sm, + struct eap_mschapv2_data *data, + int id, size_t *reqDataLen) +{ + struct eap_hdr *req; + struct eap_mschapv2_hdr *ms; + u8 *pos; + char *name = "hostapd"; /* TODO: make this configurable */ + size_t ms_len; + + if (hostapd_get_rand(data->auth_challenge, CHALLENGE_LEN)) { + wpa_printf(MSG_ERROR, "EAP-MSCHAPV2: Failed to get random " + "data"); + data->state = FAILURE; + return NULL; + } + + ms_len = sizeof(*ms) + 1 + CHALLENGE_LEN + strlen(name); + req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2, reqDataLen, + ms_len, EAP_CODE_REQUEST, id, &pos); + if (req == NULL) { + wpa_printf(MSG_ERROR, "EAP-MSCHAPV2: Failed to allocate memory" + " for request"); + data->state = FAILURE; + return NULL; + } + + ms = (struct eap_mschapv2_hdr *) pos; + ms->op_code = MSCHAPV2_OP_CHALLENGE; + ms->mschapv2_id = id; + WPA_PUT_BE16(ms->ms_length, ms_len); + + pos = (u8 *) (ms + 1); + *pos++ = CHALLENGE_LEN; + memcpy(pos, data->auth_challenge, CHALLENGE_LEN); + wpa_hexdump(MSG_MSGDUMP, "EAP-MSCHAPV2: Challenge", pos, + CHALLENGE_LEN); + pos += CHALLENGE_LEN; + memcpy(pos, name, strlen(name)); + + return (u8 *) req; +} + + +static u8 * eap_mschapv2_build_success_req(struct eap_sm *sm, + struct eap_mschapv2_data *data, + int id, size_t *reqDataLen) +{ + struct eap_hdr *req; + struct eap_mschapv2_hdr *ms; + u8 *pos, *msg; + char *message = "OK"; + size_t ms_len; + + ms_len = sizeof(*ms) + 2 + 2 * sizeof(data->auth_response) + 1 + 2 + + strlen(message); + req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2, reqDataLen, + ms_len, EAP_CODE_REQUEST, id, &pos); + if (req == NULL) { + wpa_printf(MSG_ERROR, "EAP-MSCHAPV2: Failed to allocate memory" + " for request"); + data->state = FAILURE; + return NULL; + } + + ms = (struct eap_mschapv2_hdr *) pos; + ms->op_code = MSCHAPV2_OP_SUCCESS; + ms->mschapv2_id = data->resp_mschapv2_id; + WPA_PUT_BE16(ms->ms_length, ms_len); + + msg = pos = (u8 *) (ms + 1); + *pos++ = 'S'; + *pos++ = '='; + pos += wpa_snprintf_hex_uppercase((char *) pos, + sizeof(data->auth_response) * 2 + 1, + data->auth_response, + sizeof(data->auth_response)); + *pos++ = ' '; + *pos++ = 'M'; + *pos++ = '='; + memcpy(pos, message, strlen(message)); + + wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-MSCHAPV2: Success Request Message", + msg, ms_len - sizeof(*ms)); + + return (u8 *) req; +} + + +static u8 * eap_mschapv2_build_failure_req(struct eap_sm *sm, + struct eap_mschapv2_data *data, + int id, size_t *reqDataLen) +{ + struct eap_hdr *req; + struct eap_mschapv2_hdr *ms; + u8 *pos; + char *message = "E=691 R=0 C=00000000000000000000000000000000 V=3 " + "M=FAILED"; + size_t ms_len; + + ms_len = sizeof(*ms) + strlen(message); + req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2, reqDataLen, + ms_len, EAP_CODE_REQUEST, id, &pos); + if (req == NULL) { + wpa_printf(MSG_ERROR, "EAP-MSCHAPV2: Failed to allocate memory" + " for request"); + data->state = FAILURE; + return NULL; + } + + ms = (struct eap_mschapv2_hdr *) pos; + ms->op_code = MSCHAPV2_OP_FAILURE; + ms->mschapv2_id = data->resp_mschapv2_id; + WPA_PUT_BE16(ms->ms_length, ms_len); + + memcpy((u8 *) (ms + 1), message, strlen(message)); + + wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-MSCHAPV2: Failure Request Message", + (u8 *) message, strlen(message)); + + return (u8 *) req; +} + + +static u8 * eap_mschapv2_buildReq(struct eap_sm *sm, void *priv, int id, + size_t *reqDataLen) +{ + struct eap_mschapv2_data *data = priv; + + switch (data->state) { + case CHALLENGE: + return eap_mschapv2_build_challenge(sm, data, id, reqDataLen); + case SUCCESS_REQ: + return eap_mschapv2_build_success_req(sm, data, id, + reqDataLen); + case FAILURE_REQ: + return eap_mschapv2_build_failure_req(sm, data, id, + reqDataLen); + default: + wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Unknown state %d in " + "buildReq", data->state); + break; + } + return NULL; +} + + +static Boolean eap_mschapv2_check(struct eap_sm *sm, void *priv, + u8 *respData, size_t respDataLen) +{ + struct eap_mschapv2_data *data = priv; + struct eap_mschapv2_hdr *resp; + const u8 *pos; + size_t len; + + pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2, + respData, respDataLen, &len); + if (pos == NULL || len < 1) { + wpa_printf(MSG_INFO, "EAP-MSCHAPV2: Invalid frame"); + return TRUE; + } + + resp = (struct eap_mschapv2_hdr *) pos; + if (data->state == CHALLENGE && + resp->op_code != MSCHAPV2_OP_RESPONSE) { + wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Expected Response - " + "ignore op %d", resp->op_code); + return TRUE; + } + + if (data->state == SUCCESS_REQ && + resp->op_code != MSCHAPV2_OP_SUCCESS && + resp->op_code != MSCHAPV2_OP_FAILURE) { + wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Expected Success or " + "Failure - ignore op %d", resp->op_code); + return TRUE; + } + + if (data->state == FAILURE_REQ && + resp->op_code != MSCHAPV2_OP_FAILURE) { + wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Expected Failure " + "- ignore op %d", resp->op_code); + return TRUE; + } + + return FALSE; +} + + +static void eap_mschapv2_process_response(struct eap_sm *sm, + struct eap_mschapv2_data *data, + u8 *respData, size_t respDataLen) +{ + struct eap_mschapv2_hdr *resp; + const u8 *pos, *end, *peer_challenge, *nt_response, *name; + u8 flags; + size_t len, name_len, i; + u8 expected[24]; + const u8 *username, *user; + size_t username_len, user_len; + + pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2, + respData, respDataLen, &len); + if (pos == NULL || len < 1) + return; /* Should not happen - frame already validated */ + + end = pos + len; + resp = (struct eap_mschapv2_hdr *) pos; + pos = (u8 *) (resp + 1); + + if (len < sizeof(*resp) + 1 + 49 || + resp->op_code != MSCHAPV2_OP_RESPONSE || + pos[0] != 49) { + wpa_hexdump(MSG_DEBUG, "EAP-MSCHAPV2: Invalid response", + respData, respDataLen); + data->state = FAILURE; + return; + } + data->resp_mschapv2_id = resp->mschapv2_id; + pos++; + peer_challenge = pos; + pos += 16 + 8; + nt_response = pos; + pos += 24; + flags = *pos++; + name = pos; + name_len = end - name; + + wpa_hexdump(MSG_MSGDUMP, "EAP-MSCHAPV2: Peer-Challenge", + peer_challenge, 16); + wpa_hexdump(MSG_MSGDUMP, "EAP-MSCHAPV2: NT-Response", nt_response, 24); + wpa_printf(MSG_MSGDUMP, "EAP-MSCHAPV2: Flags 0x%x", flags); + wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-MSCHAPV2: Name", name, name_len); + + /* MSCHAPv2 does not include optional domain name in the + * challenge-response calculation, so remove domain prefix + * (if present). */ + username = sm->identity; + username_len = sm->identity_len; + for (i = 0; i < username_len; i++) { + if (username[i] == '\\') { + username_len -= i + 1; + username += i + 1; + break; + } + } + + user = name; + user_len = name_len; + for (i = 0; i < user_len; i++) { + if (user[i] == '\\') { + user_len -= i + 1; + user += i + 1; + break; + } + } + + if (username_len != user_len || + memcmp(username, user, username_len) != 0) { + wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Mismatch in user names"); + wpa_hexdump_ascii(MSG_DEBUG, "EAP-MSCHAPV2: Expected user " + "name", username, username_len); + wpa_hexdump_ascii(MSG_DEBUG, "EAP-MSCHAPV2: Received user " + "name", user, user_len); + data->state = FAILURE; + return; + } + + wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-MSCHAPV2: User name", + username, username_len); + + if (sm->user->password_hash) { + generate_nt_response_pwhash(data->auth_challenge, + peer_challenge, + username, username_len, + sm->user->password, + expected); + } else { + generate_nt_response(data->auth_challenge, peer_challenge, + username, username_len, + sm->user->password, + sm->user->password_len, + expected); + } + + if (memcmp(nt_response, expected, 24) == 0) { + const u8 *pw_hash; + u8 pw_hash_buf[16], pw_hash_hash[16]; + + wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Correct NT-Response"); + data->state = SUCCESS_REQ; + + /* Authenticator response is not really needed yet, but + * calculate it here so that peer_challenge and username need + * not be saved. */ + if (sm->user->password_hash) { + pw_hash = sm->user->password; + generate_authenticator_response_pwhash( + sm->user->password, peer_challenge, + data->auth_challenge, username, username_len, + nt_response, data->auth_response); + } else { + nt_password_hash(sm->user->password, + sm->user->password_len, + pw_hash_buf); + pw_hash = pw_hash_buf; + generate_authenticator_response(sm->user->password, + sm->user->password_len, + peer_challenge, + data->auth_challenge, + username, username_len, + nt_response, + data->auth_response); + } + + hash_nt_password_hash(pw_hash, pw_hash_hash); + get_master_key(pw_hash_hash, nt_response, data->master_key); + data->master_key_valid = 1; + wpa_hexdump_key(MSG_DEBUG, "EAP-MSCHAPV2: Derived Master Key", + data->master_key, MSCHAPV2_KEY_LEN); + } else { + wpa_hexdump(MSG_MSGDUMP, "EAP-MSCHAPV2: Expected NT-Response", + expected, 24); + wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Invalid NT-Response"); + data->state = FAILURE_REQ; + } +} + + +static void eap_mschapv2_process_success_resp(struct eap_sm *sm, + struct eap_mschapv2_data *data, + u8 *respData, size_t respDataLen) +{ + struct eap_mschapv2_hdr *resp; + const u8 *pos; + size_t len; + + pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2, + respData, respDataLen, &len); + if (pos == NULL || len < 1) + return; /* Should not happen - frame already validated */ + + resp = (struct eap_mschapv2_hdr *) pos; + + if (resp->op_code == MSCHAPV2_OP_SUCCESS) { + wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Received Success Response" + " - authentication completed successfully"); + data->state = SUCCESS; + } else { + wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Did not receive Success " + "Response - peer rejected authentication"); + data->state = FAILURE; + } +} + + +static void eap_mschapv2_process_failure_resp(struct eap_sm *sm, + struct eap_mschapv2_data *data, + u8 *respData, size_t respDataLen) +{ + struct eap_mschapv2_hdr *resp; + const u8 *pos; + size_t len; + + pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2, + respData, respDataLen, &len); + if (pos == NULL || len < 1) + return; /* Should not happen - frame already validated */ + + resp = (struct eap_mschapv2_hdr *) pos; + + if (resp->op_code == MSCHAPV2_OP_FAILURE) { + wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Received Failure Response" + " - authentication failed"); + } else { + wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Did not receive Failure " + "Response - authentication failed"); + } + + data->state = FAILURE; +} + + +static void eap_mschapv2_process(struct eap_sm *sm, void *priv, + u8 *respData, size_t respDataLen) +{ + struct eap_mschapv2_data *data = priv; + + if (sm->user == NULL || sm->user->password == NULL) { + wpa_printf(MSG_INFO, "EAP-MSCHAPV2: Password not configured"); + data->state = FAILURE; + return; + } + + switch (data->state) { + case CHALLENGE: + eap_mschapv2_process_response(sm, data, respData, respDataLen); + break; + case SUCCESS_REQ: + eap_mschapv2_process_success_resp(sm, data, respData, + respDataLen); + break; + case FAILURE_REQ: + eap_mschapv2_process_failure_resp(sm, data, respData, + respDataLen); + break; + default: + wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Unknown state %d in " + "process", data->state); + break; + } +} + + +static Boolean eap_mschapv2_isDone(struct eap_sm *sm, void *priv) +{ + struct eap_mschapv2_data *data = priv; + return data->state == SUCCESS || data->state == FAILURE; +} + + +static u8 * eap_mschapv2_getKey(struct eap_sm *sm, void *priv, size_t *len) +{ + struct eap_mschapv2_data *data = priv; + u8 *key; + + if (data->state != SUCCESS || !data->master_key_valid) + return NULL; + + *len = 2 * MSCHAPV2_KEY_LEN; + key = malloc(*len); + if (key == NULL) + return NULL; + get_asymetric_start_key(data->master_key, key, MSCHAPV2_KEY_LEN, 0, 0); + get_asymetric_start_key(data->master_key, key + MSCHAPV2_KEY_LEN, + MSCHAPV2_KEY_LEN, 1, 0); + wpa_hexdump_key(MSG_DEBUG, "EAP-MSCHAPV2: Derived key", key, *len); + + return key; +} + + +static Boolean eap_mschapv2_isSuccess(struct eap_sm *sm, void *priv) +{ + struct eap_mschapv2_data *data = priv; + return data->state == SUCCESS; +} + + +int eap_server_mschapv2_register(void) +{ + struct eap_method *eap; + int ret; + + eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION, + EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2, + "MSCHAPV2"); + if (eap == NULL) + return -1; + + eap->init = eap_mschapv2_init; + eap->reset = eap_mschapv2_reset; + eap->buildReq = eap_mschapv2_buildReq; + eap->check = eap_mschapv2_check; + eap->process = eap_mschapv2_process; + eap->isDone = eap_mschapv2_isDone; + eap->getKey = eap_mschapv2_getKey; + eap->isSuccess = eap_mschapv2_isSuccess; + + ret = eap_server_method_register(eap); + if (ret) + eap_server_method_free(eap); + return ret; +} diff --git a/contrib/hostapd-0.5.8/eap_pax.c b/contrib/hostapd-0.5.8/eap_pax.c new file mode 100644 index 0000000000..8daa8d3adb --- /dev/null +++ b/contrib/hostapd-0.5.8/eap_pax.c @@ -0,0 +1,562 @@ +/* + * hostapd / EAP-PAX (RFC 4746) server + * Copyright (c) 2005-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "hostapd.h" +#include "common.h" +#include "eap_i.h" +#include "eap_pax_common.h" + +/* + * Note: only PAX_STD subprotocol is currently supported + * + * TODO: Add support with PAX_SEC with the mandatory to implement ciphersuite + * (HMAC_SHA1_128, IANA DH Group 14 (2048 bits), RSA-PKCS1-V1_5) and + * recommended ciphersuite (HMAC_SHA256_128, IANA DH Group 15 (3072 bits), + * RSAES-OAEP). + */ + +struct eap_pax_data { + enum { PAX_STD_1, PAX_STD_3, SUCCESS, FAILURE } state; + u8 mac_id; + union { + u8 e[2 * EAP_PAX_RAND_LEN]; + struct { + u8 x[EAP_PAX_RAND_LEN]; /* server rand */ + u8 y[EAP_PAX_RAND_LEN]; /* client rand */ + } r; + } rand; + u8 ak[EAP_PAX_AK_LEN]; + u8 mk[EAP_PAX_MK_LEN]; + u8 ck[EAP_PAX_CK_LEN]; + u8 ick[EAP_PAX_ICK_LEN]; + int keys_set; + char *cid; + size_t cid_len; +}; + + +static void * eap_pax_init(struct eap_sm *sm) +{ + struct eap_pax_data *data; + + data = wpa_zalloc(sizeof(*data)); + if (data == NULL) + return NULL; + data->state = PAX_STD_1; + /* + * TODO: make this configurable once EAP_PAX_HMAC_SHA256_128 is + * supported + */ + data->mac_id = EAP_PAX_MAC_HMAC_SHA1_128; + + return data; +} + + +static void eap_pax_reset(struct eap_sm *sm, void *priv) +{ + struct eap_pax_data *data = priv; + free(data->cid); + free(data); +} + + +static u8 * eap_pax_build_std_1(struct eap_sm *sm, + struct eap_pax_data *data, + int id, size_t *reqDataLen) +{ + struct eap_pax_hdr *req; + u8 *pos; + + wpa_printf(MSG_DEBUG, "EAP-PAX: PAX_STD-1 (sending)"); + + if (hostapd_get_rand(data->rand.r.x, EAP_PAX_RAND_LEN)) { + wpa_printf(MSG_ERROR, "EAP-PAX: Failed to get random data"); + data->state = FAILURE; + return NULL; + } + + *reqDataLen = sizeof(*req) + 2 + EAP_PAX_RAND_LEN + EAP_PAX_ICV_LEN; + req = malloc(*reqDataLen); + if (req == NULL) { + wpa_printf(MSG_ERROR, "EAP-PAX: Failed to allocate memory " + "request"); + data->state = FAILURE; + return NULL; + } + + req->code = EAP_CODE_REQUEST; + req->identifier = id; + req->length = htons(*reqDataLen); + req->type = EAP_TYPE_PAX; + req->op_code = EAP_PAX_OP_STD_1; + req->flags = 0; + req->mac_id = data->mac_id; + req->dh_group_id = EAP_PAX_DH_GROUP_NONE; + req->public_key_id = EAP_PAX_PUBLIC_KEY_NONE; + pos = (u8 *) (req + 1); + *pos++ = 0; + *pos++ = EAP_PAX_RAND_LEN; + memcpy(pos, data->rand.r.x, EAP_PAX_RAND_LEN); + wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: A = X (server rand)", + pos, EAP_PAX_RAND_LEN); + pos += EAP_PAX_RAND_LEN; + + eap_pax_mac(data->mac_id, (u8 *) "", 0, + (u8 *) req, *reqDataLen - EAP_PAX_ICV_LEN, + NULL, 0, NULL, 0, pos); + wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: ICV", pos, EAP_PAX_ICV_LEN); + pos += EAP_PAX_ICV_LEN; + + return (u8 *) req; +} + + +static u8 * eap_pax_build_std_3(struct eap_sm *sm, + struct eap_pax_data *data, + int id, size_t *reqDataLen) +{ + struct eap_pax_hdr *req; + u8 *pos; + + wpa_printf(MSG_DEBUG, "EAP-PAX: PAX_STD-3 (sending)"); + + *reqDataLen = sizeof(*req) + 2 + EAP_PAX_MAC_LEN + EAP_PAX_ICV_LEN; + req = malloc(*reqDataLen); + if (req == NULL) { + wpa_printf(MSG_ERROR, "EAP-PAX: Failed to allocate memory " + "request"); + data->state = FAILURE; + return NULL; + } + + req->code = EAP_CODE_REQUEST; + req->identifier = id; + req->length = htons(*reqDataLen); + req->type = EAP_TYPE_PAX; + req->op_code = EAP_PAX_OP_STD_3; + req->flags = 0; + req->mac_id = data->mac_id; + req->dh_group_id = EAP_PAX_DH_GROUP_NONE; + req->public_key_id = EAP_PAX_PUBLIC_KEY_NONE; + pos = (u8 *) (req + 1); + *pos++ = 0; + *pos++ = EAP_PAX_MAC_LEN; + eap_pax_mac(data->mac_id, data->ck, EAP_PAX_CK_LEN, + data->rand.r.y, EAP_PAX_RAND_LEN, + (u8 *) data->cid, data->cid_len, NULL, 0, pos); + wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: MAC_CK(B, CID)", + pos, EAP_PAX_MAC_LEN); + pos += EAP_PAX_MAC_LEN; + + /* Optional ADE could be added here, if needed */ + + eap_pax_mac(data->mac_id, data->ick, EAP_PAX_ICK_LEN, + (u8 *) req, *reqDataLen - EAP_PAX_ICV_LEN, + NULL, 0, NULL, 0, pos); + wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: ICV", pos, EAP_PAX_ICV_LEN); + pos += EAP_PAX_ICV_LEN; + + return (u8 *) req; +} + + +static u8 * eap_pax_buildReq(struct eap_sm *sm, void *priv, int id, + size_t *reqDataLen) +{ + struct eap_pax_data *data = priv; + + switch (data->state) { + case PAX_STD_1: + return eap_pax_build_std_1(sm, data, id, reqDataLen); + case PAX_STD_3: + return eap_pax_build_std_3(sm, data, id, reqDataLen); + default: + wpa_printf(MSG_DEBUG, "EAP-PAX: Unknown state %d in buildReq", + data->state); + break; + } + return NULL; +} + + +static Boolean eap_pax_check(struct eap_sm *sm, void *priv, + u8 *respData, size_t respDataLen) +{ + struct eap_pax_data *data = priv; + struct eap_pax_hdr *resp; + size_t len; + u8 icvbuf[EAP_PAX_ICV_LEN], *icv; + + resp = (struct eap_pax_hdr *) respData; + if (respDataLen < sizeof(*resp) || resp->type != EAP_TYPE_PAX || + (len = ntohs(resp->length)) > respDataLen || + len < sizeof(*resp) + EAP_PAX_ICV_LEN) { + wpa_printf(MSG_INFO, "EAP-PAX: Invalid frame"); + return TRUE; + } + + wpa_printf(MSG_DEBUG, "EAP-PAX: received frame: op_code 0x%x " + "flags 0x%x mac_id 0x%x dh_group_id 0x%x " + "public_key_id 0x%x", + resp->op_code, resp->flags, resp->mac_id, resp->dh_group_id, + resp->public_key_id); + wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: received payload", + (u8 *) (resp + 1), len - sizeof(*resp) - EAP_PAX_ICV_LEN); + + if (data->state == PAX_STD_1 && + resp->op_code != EAP_PAX_OP_STD_2) { + wpa_printf(MSG_DEBUG, "EAP-PAX: Expected PAX_STD-2 - " + "ignore op %d", resp->op_code); + return TRUE; + } + + if (data->state == PAX_STD_3 && + resp->op_code != EAP_PAX_OP_ACK) { + wpa_printf(MSG_DEBUG, "EAP-PAX: Expected PAX-ACK - " + "ignore op %d", resp->op_code); + return TRUE; + } + + if (resp->op_code != EAP_PAX_OP_STD_2 && + resp->op_code != EAP_PAX_OP_ACK) { + wpa_printf(MSG_DEBUG, "EAP-PAX: Unknown op_code 0x%x", + resp->op_code); + } + + if (data->mac_id != resp->mac_id) { + wpa_printf(MSG_DEBUG, "EAP-PAX: Expected MAC ID 0x%x, " + "received 0x%x", data->mac_id, resp->mac_id); + return TRUE; + } + + if (resp->dh_group_id != EAP_PAX_DH_GROUP_NONE) { + wpa_printf(MSG_INFO, "EAP-PAX: Expected DH Group ID 0x%x, " + "received 0x%x", EAP_PAX_DH_GROUP_NONE, + resp->dh_group_id); + return TRUE; + } + + if (resp->public_key_id != EAP_PAX_PUBLIC_KEY_NONE) { + wpa_printf(MSG_INFO, "EAP-PAX: Expected Public Key ID 0x%x, " + "received 0x%x", EAP_PAX_PUBLIC_KEY_NONE, + resp->public_key_id); + return TRUE; + } + + if (resp->flags & EAP_PAX_FLAGS_MF) { + /* TODO: add support for reassembling fragments */ + wpa_printf(MSG_INFO, "EAP-PAX: fragmentation not supported"); + return TRUE; + } + + if (resp->flags & EAP_PAX_FLAGS_CE) { + wpa_printf(MSG_INFO, "EAP-PAX: Unexpected CE flag"); + return TRUE; + } + + if (data->keys_set) { + if (len - sizeof(*resp) < EAP_PAX_ICV_LEN) { + wpa_printf(MSG_INFO, "EAP-PAX: No ICV in the packet"); + return TRUE; + } + icv = respData + len - EAP_PAX_ICV_LEN; + wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: ICV", icv, EAP_PAX_ICV_LEN); + eap_pax_mac(data->mac_id, data->ick, EAP_PAX_ICK_LEN, + respData, len - EAP_PAX_ICV_LEN, NULL, 0, NULL, 0, + icvbuf); + if (memcmp(icvbuf, icv, EAP_PAX_ICV_LEN) != 0) { + wpa_printf(MSG_INFO, "EAP-PAX: Invalid ICV"); + wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: Expected ICV", + icvbuf, EAP_PAX_ICV_LEN); + return TRUE; + } + } + + return FALSE; +} + + +static void eap_pax_process_std_2(struct eap_sm *sm, + struct eap_pax_data *data, + u8 *respData, size_t respDataLen) +{ + struct eap_pax_hdr *resp; + u8 *pos, mac[EAP_PAX_MAC_LEN], icvbuf[EAP_PAX_ICV_LEN]; + size_t len, left; + int i; + + if (data->state != PAX_STD_1) + return; + + wpa_printf(MSG_DEBUG, "EAP-PAX: Received PAX_STD-2"); + + resp = (struct eap_pax_hdr *) respData; + len = ntohs(resp->length); + pos = (u8 *) (resp + 1); + left = len - sizeof(*resp); + + if (left < 2 + EAP_PAX_RAND_LEN || + ((pos[0] << 8) | pos[1]) != EAP_PAX_RAND_LEN) { + wpa_printf(MSG_INFO, "EAP-PAX: Too short PAX_STD-2 (B)"); + return; + } + pos += 2; + left -= 2; + memcpy(data->rand.r.y, pos, EAP_PAX_RAND_LEN); + wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: Y (client rand)", + data->rand.r.y, EAP_PAX_RAND_LEN); + pos += EAP_PAX_RAND_LEN; + left -= EAP_PAX_RAND_LEN; + + if (left < 2 || (size_t) 2 + ((pos[0] << 8) | pos[1]) > left) { + wpa_printf(MSG_INFO, "EAP-PAX: Too short PAX_STD-2 (CID)"); + return; + } + data->cid_len = (pos[0] << 8) | pos[1]; + free(data->cid); + data->cid = malloc(data->cid_len); + if (data->cid == NULL) { + wpa_printf(MSG_INFO, "EAP-PAX: Failed to allocate memory for " + "CID"); + return; + } + memcpy(data->cid, pos + 2, data->cid_len); + pos += 2 + data->cid_len; + left -= 2 + data->cid_len; + wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-PAX: CID", + (u8 *) data->cid, data->cid_len); + + if (left < 2 + EAP_PAX_MAC_LEN || + ((pos[0] << 8) | pos[1]) != EAP_PAX_MAC_LEN) { + wpa_printf(MSG_INFO, "EAP-PAX: Too short PAX_STD-2 (MAC_CK)"); + return; + } + pos += 2; + left -= 2; + wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: MAC_CK(A, B, CID)", + pos, EAP_PAX_MAC_LEN); + + if (eap_user_get(sm, (u8 *) data->cid, data->cid_len, 0) < 0) { + wpa_hexdump_ascii(MSG_DEBUG, "EAP-PAX: unknown CID", + (u8 *) data->cid, data->cid_len); + data->state = FAILURE; + return; + } + + for (i = 0; + i < EAP_MAX_METHODS && + (sm->user->methods[i].vendor != EAP_VENDOR_IETF || + sm->user->methods[i].method != EAP_TYPE_NONE); + i++) { + if (sm->user->methods[i].vendor == EAP_VENDOR_IETF && + sm->user->methods[i].method == EAP_TYPE_PAX) + break; + } + + if (i >= EAP_MAX_METHODS || + sm->user->methods[i].vendor != EAP_VENDOR_IETF || + sm->user->methods[i].method != EAP_TYPE_PAX) { + wpa_hexdump_ascii(MSG_DEBUG, + "EAP-PAX: EAP-PAX not enabled for CID", + (u8 *) data->cid, data->cid_len); + data->state = FAILURE; + return; + } + + if (sm->user->password == NULL || + sm->user->password_len != EAP_PAX_AK_LEN) { + wpa_hexdump_ascii(MSG_DEBUG, "EAP-PAX: invalid password in " + "user database for CID", + (u8 *) data->cid, data->cid_len); + data->state = FAILURE; + return; + } + memcpy(data->ak, sm->user->password, EAP_PAX_AK_LEN); + + if (eap_pax_initial_key_derivation(data->mac_id, data->ak, + data->rand.e, data->mk, data->ck, + data->ick) < 0) { + wpa_printf(MSG_INFO, "EAP-PAX: Failed to complete initial " + "key derivation"); + data->state = FAILURE; + return; + } + data->keys_set = 1; + + eap_pax_mac(data->mac_id, data->ck, EAP_PAX_CK_LEN, + data->rand.r.x, EAP_PAX_RAND_LEN, + data->rand.r.y, EAP_PAX_RAND_LEN, + (u8 *) data->cid, data->cid_len, mac); + if (memcmp(mac, pos, EAP_PAX_MAC_LEN) != 0) { + wpa_printf(MSG_INFO, "EAP-PAX: Invalid MAC_CK(A, B, CID) in " + "PAX_STD-2"); + wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: Expected MAC_CK(A, B, CID)", + mac, EAP_PAX_MAC_LEN); + data->state = FAILURE; + return; + } + + pos += EAP_PAX_MAC_LEN; + left -= EAP_PAX_MAC_LEN; + + if (left < EAP_PAX_ICV_LEN) { + wpa_printf(MSG_INFO, "EAP-PAX: Too short ICV (%lu) in " + "PAX_STD-2", (unsigned long) left); + return; + } + wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: ICV", pos, EAP_PAX_ICV_LEN); + eap_pax_mac(data->mac_id, data->ick, EAP_PAX_ICK_LEN, + respData, len - EAP_PAX_ICV_LEN, NULL, 0, NULL, 0, icvbuf); + if (memcmp(icvbuf, pos, EAP_PAX_ICV_LEN) != 0) { + wpa_printf(MSG_INFO, "EAP-PAX: Invalid ICV in PAX_STD-2"); + wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: Expected ICV", + icvbuf, EAP_PAX_ICV_LEN); + return; + } + pos += EAP_PAX_ICV_LEN; + left -= EAP_PAX_ICV_LEN; + + if (left > 0) { + wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: ignored extra payload", + pos, left); + } + + data->state = PAX_STD_3; +} + + +static void eap_pax_process_ack(struct eap_sm *sm, + struct eap_pax_data *data, + u8 *respData, size_t respDataLen) +{ + if (data->state != PAX_STD_3) + return; + + wpa_printf(MSG_DEBUG, "EAP-PAX: Received PAX-ACK - authentication " + "completed successfully"); + data->state = SUCCESS; +} + + +static void eap_pax_process(struct eap_sm *sm, void *priv, + u8 *respData, size_t respDataLen) +{ + struct eap_pax_data *data = priv; + struct eap_pax_hdr *resp; + + if (sm->user == NULL || sm->user->password == NULL) { + wpa_printf(MSG_INFO, "EAP-PAX: Plaintext password not " + "configured"); + data->state = FAILURE; + return; + } + + resp = (struct eap_pax_hdr *) respData; + + switch (resp->op_code) { + case EAP_PAX_OP_STD_2: + eap_pax_process_std_2(sm, data, respData, respDataLen); + break; + case EAP_PAX_OP_ACK: + eap_pax_process_ack(sm, data, respData, respDataLen); + break; + } +} + + +static Boolean eap_pax_isDone(struct eap_sm *sm, void *priv) +{ + struct eap_pax_data *data = priv; + return data->state == SUCCESS || data->state == FAILURE; +} + + +static u8 * eap_pax_getKey(struct eap_sm *sm, void *priv, size_t *len) +{ + struct eap_pax_data *data = priv; + u8 *key; + + if (data->state != SUCCESS) + return NULL; + + key = malloc(EAP_MSK_LEN); + if (key == NULL) + return NULL; + + *len = EAP_MSK_LEN; + eap_pax_kdf(data->mac_id, data->mk, EAP_PAX_MK_LEN, + "Master Session Key", data->rand.e, 2 * EAP_PAX_RAND_LEN, + EAP_MSK_LEN, key); + + return key; +} + + +static u8 * eap_pax_get_emsk(struct eap_sm *sm, void *priv, size_t *len) +{ + struct eap_pax_data *data = priv; + u8 *key; + + if (data->state != SUCCESS) + return NULL; + + key = malloc(EAP_EMSK_LEN); + if (key == NULL) + return NULL; + + *len = EAP_EMSK_LEN; + eap_pax_kdf(data->mac_id, data->mk, EAP_PAX_MK_LEN, + "Extended Master Session Key", + data->rand.e, 2 * EAP_PAX_RAND_LEN, + EAP_EMSK_LEN, key); + + return key; +} + + +static Boolean eap_pax_isSuccess(struct eap_sm *sm, void *priv) +{ + struct eap_pax_data *data = priv; + return data->state == SUCCESS; +} + + +int eap_server_pax_register(void) +{ + struct eap_method *eap; + int ret; + + eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION, + EAP_VENDOR_IETF, EAP_TYPE_PAX, "PAX"); + if (eap == NULL) + return -1; + + eap->init = eap_pax_init; + eap->reset = eap_pax_reset; + eap->buildReq = eap_pax_buildReq; + eap->check = eap_pax_check; + eap->process = eap_pax_process; + eap->isDone = eap_pax_isDone; + eap->getKey = eap_pax_getKey; + eap->isSuccess = eap_pax_isSuccess; + eap->get_emsk = eap_pax_get_emsk; + + ret = eap_server_method_register(eap); + if (ret) + eap_server_method_free(eap); + return ret; +} diff --git a/contrib/hostapd-0.5.8/eap_pax_common.c b/contrib/hostapd-0.5.8/eap_pax_common.c new file mode 100644 index 0000000000..80110469dc --- /dev/null +++ b/contrib/hostapd-0.5.8/eap_pax_common.c @@ -0,0 +1,150 @@ +/* + * EAP server/peer: EAP-PAX shared routines + * Copyright (c) 2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "common.h" +#include "sha1.h" +#include "eap_pax_common.h" + + +/** + * eap_pax_kdf - PAX Key Derivation Function + * @mac_id: MAC ID (EAP_PAX_MAC_*) / currently, only HMAC_SHA1_128 is supported + * @key: Secret key (X) + * @key_len: Length of the secret key in bytes + * @identifier: Public identifier for the key (Y) + * @entropy: Exchanged entropy to seed the KDF (Z) + * @entropy_len: Length of the entropy in bytes + * @output_len: Output len in bytes (W) + * @output: Buffer for the derived key + * Returns: 0 on success, -1 failed + * + * RFC 4746, Section 2.6: PAX-KDF-W(X, Y, Z) + */ +int eap_pax_kdf(u8 mac_id, const u8 *key, size_t key_len, + const char *identifier, + const u8 *entropy, size_t entropy_len, + size_t output_len, u8 *output) +{ + u8 mac[SHA1_MAC_LEN]; + u8 counter, *pos; + const u8 *addr[3]; + size_t len[3]; + size_t num_blocks, left; + + num_blocks = (output_len + EAP_PAX_MAC_LEN - 1) / EAP_PAX_MAC_LEN; + if (identifier == NULL || num_blocks >= 255) + return -1; + + /* TODO: add support for EAP_PAX_HMAC_SHA256_128 */ + if (mac_id != EAP_PAX_MAC_HMAC_SHA1_128) + return -1; + + addr[0] = (const u8 *) identifier; + len[0] = os_strlen(identifier); + addr[1] = entropy; + len[1] = entropy_len; + addr[2] = &counter; + len[2] = 1; + + pos = output; + left = output_len; + for (counter = 1; counter <= (u8) num_blocks; counter++) { + size_t clen = left > EAP_PAX_MAC_LEN ? EAP_PAX_MAC_LEN : left; + hmac_sha1_vector(key, key_len, 3, addr, len, mac); + os_memcpy(pos, mac, clen); + pos += clen; + left -= clen; + } + + return 0; +} + + +/** + * eap_pax_mac - EAP-PAX MAC + * @mac_id: MAC ID (EAP_PAX_MAC_*) / currently, only HMAC_SHA1_128 is supported + * @key: Secret key + * @key_len: Length of the secret key in bytes + * @data1: Optional data, first block; %NULL if not used + * @data1_len: Length of data1 in bytes + * @data2: Optional data, second block; %NULL if not used + * @data2_len: Length of data2 in bytes + * @data3: Optional data, third block; %NULL if not used + * @data3_len: Length of data3 in bytes + * @mac: Buffer for the MAC value (EAP_PAX_MAC_LEN = 16 bytes) + * Returns: 0 on success, -1 on failure + * + * Wrapper function to calculate EAP-PAX MAC. + */ +int eap_pax_mac(u8 mac_id, const u8 *key, size_t key_len, + const u8 *data1, size_t data1_len, + const u8 *data2, size_t data2_len, + const u8 *data3, size_t data3_len, + u8 *mac) +{ + u8 hash[SHA1_MAC_LEN]; + const u8 *addr[3]; + size_t len[3]; + size_t count; + + /* TODO: add support for EAP_PAX_HMAC_SHA256_128 */ + if (mac_id != EAP_PAX_MAC_HMAC_SHA1_128) + return -1; + + addr[0] = data1; + len[0] = data1_len; + addr[1] = data2; + len[1] = data2_len; + addr[2] = data3; + len[2] = data3_len; + + count = (data1 ? 1 : 0) + (data2 ? 1 : 0) + (data3 ? 1 : 0); + hmac_sha1_vector(key, key_len, count, addr, len, hash); + os_memcpy(mac, hash, EAP_PAX_MAC_LEN); + + return 0; +} + + +/** + * eap_pax_initial_key_derivation - EAP-PAX initial key derivation + * @mac_id: MAC ID (EAP_PAX_MAC_*) / currently, only HMAC_SHA1_128 is supported + * @ak: Authentication Key + * @e: Entropy + * @mk: Buffer for the derived Master Key + * @ck: Buffer for the derived Confirmation Key + * @ick: Buffer for the derived Integrity Check Key + * Returns: 0 on success, -1 on failure + */ +int eap_pax_initial_key_derivation(u8 mac_id, const u8 *ak, const u8 *e, + u8 *mk, u8 *ck, u8 *ick) +{ + wpa_printf(MSG_DEBUG, "EAP-PAX: initial key derivation"); + if (eap_pax_kdf(mac_id, ak, EAP_PAX_AK_LEN, "Master Key", + e, 2 * EAP_PAX_RAND_LEN, EAP_PAX_MK_LEN, mk) || + eap_pax_kdf(mac_id, mk, EAP_PAX_MK_LEN, "Confirmation Key", + e, 2 * EAP_PAX_RAND_LEN, EAP_PAX_CK_LEN, ck) || + eap_pax_kdf(mac_id, mk, EAP_PAX_MK_LEN, "Integrity Check Key", + e, 2 * EAP_PAX_RAND_LEN, EAP_PAX_ICK_LEN, ick)) + return -1; + + wpa_hexdump_key(MSG_MSGDUMP, "EAP-PAX: AK", ak, EAP_PAX_AK_LEN); + wpa_hexdump_key(MSG_MSGDUMP, "EAP-PAX: MK", mk, EAP_PAX_MK_LEN); + wpa_hexdump_key(MSG_MSGDUMP, "EAP-PAX: CK", ck, EAP_PAX_CK_LEN); + wpa_hexdump_key(MSG_MSGDUMP, "EAP-PAX: ICK", ick, EAP_PAX_ICK_LEN); + + return 0; +} diff --git a/contrib/hostapd-0.5.8/eap_pax_common.h b/contrib/hostapd-0.5.8/eap_pax_common.h new file mode 100644 index 0000000000..bbad5e4052 --- /dev/null +++ b/contrib/hostapd-0.5.8/eap_pax_common.h @@ -0,0 +1,101 @@ +/* + * EAP server/peer: EAP-PAX shared routines + * Copyright (c) 2005-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef EAP_PAX_COMMON_H +#define EAP_PAX_COMMON_H + +#ifdef _MSC_VER +#pragma pack(push, 1) +#endif /* _MSC_VER */ + +struct eap_pax_hdr { + u8 code; + u8 identifier; + u16 length; /* including code, identifier, and length */ + u8 type; /* EAP_TYPE_PAX */ + u8 op_code; + u8 flags; + u8 mac_id; + u8 dh_group_id; + u8 public_key_id; + /* Followed by variable length payload and ICV */ +} STRUCT_PACKED; + +#ifdef _MSC_VER +#pragma pack(pop) +#endif /* _MSC_VER */ + + +/* op_code: */ +enum { + EAP_PAX_OP_STD_1 = 0x01, + EAP_PAX_OP_STD_2 = 0x02, + EAP_PAX_OP_STD_3 = 0x03, + EAP_PAX_OP_SEC_1 = 0x11, + EAP_PAX_OP_SEC_2 = 0x12, + EAP_PAX_OP_SEC_3 = 0x13, + EAP_PAX_OP_SEC_4 = 0x14, + EAP_PAX_OP_SEC_5 = 0x15, + EAP_PAX_OP_ACK = 0x21 +}; + +/* flags: */ +#define EAP_PAX_FLAGS_MF 0x01 +#define EAP_PAX_FLAGS_CE 0x02 +#define EAP_PAX_FLAGS_AI 0x04 + +/* mac_id: */ +#define EAP_PAX_MAC_HMAC_SHA1_128 0x01 +#define EAP_PAX_HMAC_SHA256_128 0x02 + +/* dh_group_id: */ +#define EAP_PAX_DH_GROUP_NONE 0x00 +#define EAP_PAX_DH_GROUP_2048_MODP 0x01 +#define EAP_PAX_DH_GROUP_3072_MODP 0x02 +#define EAP_PAX_DH_GROUP_NIST_ECC_P_256 0x03 + +/* public_key_id: */ +#define EAP_PAX_PUBLIC_KEY_NONE 0x00 +#define EAP_PAX_PUBLIC_KEY_RSAES_OAEP 0x01 +#define EAP_PAX_PUBLIC_KEY_RSA_PKCS1_V1_5 0x02 +#define EAP_PAX_PUBLIC_KEY_EL_GAMAL_NIST_ECC 0x03 + +/* ADE type: */ +#define EAP_PAX_ADE_VENDOR_SPECIFIC 0x01 +#define EAP_PAX_ADE_CLIENT_CHANNEL_BINDING 0x02 +#define EAP_PAX_ADE_SERVER_CHANNEL_BINDING 0x03 + + +#define EAP_PAX_RAND_LEN 32 +#define EAP_PAX_MAC_LEN 16 +#define EAP_PAX_ICV_LEN 16 +#define EAP_PAX_AK_LEN 16 +#define EAP_PAX_MK_LEN 16 +#define EAP_PAX_CK_LEN 16 +#define EAP_PAX_ICK_LEN 16 + + +int eap_pax_kdf(u8 mac_id, const u8 *key, size_t key_len, + const char *identifier, + const u8 *entropy, size_t entropy_len, + size_t output_len, u8 *output); +int eap_pax_mac(u8 mac_id, const u8 *key, size_t key_len, + const u8 *data1, size_t data1_len, + const u8 *data2, size_t data2_len, + const u8 *data3, size_t data3_len, + u8 *mac); +int eap_pax_initial_key_derivation(u8 mac_id, const u8 *ak, const u8 *e, + u8 *mk, u8 *ck, u8 *ick); + +#endif /* EAP_PAX_COMMON_H */ diff --git a/contrib/hostapd-0.5.8/eap_peap.c b/contrib/hostapd-0.5.8/eap_peap.c new file mode 100644 index 0000000000..6ea1f618a1 --- /dev/null +++ b/contrib/hostapd-0.5.8/eap_peap.c @@ -0,0 +1,731 @@ +/* + * hostapd / EAP-PEAP (draft-josefsson-pppext-eap-tls-eap-07.txt) + * Copyright (c) 2004-2007, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "hostapd.h" +#include "common.h" +#include "eap_i.h" +#include "eap_tls_common.h" +#include "tls.h" + + +/* Maximum supported PEAP version + * 0 = Microsoft's PEAP version 0; draft-kamath-pppext-peapv0-00.txt + * 1 = draft-josefsson-ppext-eap-tls-eap-05.txt + * 2 = draft-josefsson-ppext-eap-tls-eap-07.txt + */ +#define EAP_PEAP_VERSION 1 + + +static void eap_peap_reset(struct eap_sm *sm, void *priv); + + +struct eap_peap_data { + struct eap_ssl_data ssl; + enum { + START, PHASE1, PHASE2_START, PHASE2_ID, PHASE2_METHOD, + PHASE2_TLV, SUCCESS_REQ, FAILURE_REQ, SUCCESS, FAILURE + } state; + + int peap_version; + const struct eap_method *phase2_method; + void *phase2_priv; + int force_version; +}; + + +static const char * eap_peap_state_txt(int state) +{ + switch (state) { + case START: + return "START"; + case PHASE1: + return "PHASE1"; + case PHASE2_START: + return "PHASE2_START"; + case PHASE2_ID: + return "PHASE2_ID"; + case PHASE2_METHOD: + return "PHASE2_METHOD"; + case PHASE2_TLV: + return "PHASE2_TLV"; + case SUCCESS_REQ: + return "SUCCESS_REQ"; + case FAILURE_REQ: + return "FAILURE_REQ"; + case SUCCESS: + return "SUCCESS"; + case FAILURE: + return "FAILURE"; + default: + return "Unknown?!"; + } +} + + +static void eap_peap_state(struct eap_peap_data *data, int state) +{ + wpa_printf(MSG_DEBUG, "EAP-PEAP: %s -> %s", + eap_peap_state_txt(data->state), + eap_peap_state_txt(state)); + data->state = state; +} + + +static EapType eap_peap_req_success(struct eap_sm *sm, + struct eap_peap_data *data) +{ + if (data->state == FAILURE || data->state == FAILURE_REQ) { + eap_peap_state(data, FAILURE); + return EAP_TYPE_NONE; + } + + if (data->peap_version == 0) { + sm->tlv_request = TLV_REQ_SUCCESS; + eap_peap_state(data, PHASE2_TLV); + return EAP_TYPE_TLV; + } else { + eap_peap_state(data, SUCCESS_REQ); + return EAP_TYPE_NONE; + } +} + + +static EapType eap_peap_req_failure(struct eap_sm *sm, + struct eap_peap_data *data) +{ + if (data->state == FAILURE || data->state == FAILURE_REQ || + data->state == SUCCESS_REQ || + (data->phase2_method && + data->phase2_method->method == EAP_TYPE_TLV)) { + eap_peap_state(data, FAILURE); + return EAP_TYPE_NONE; + } + + if (data->peap_version == 0) { + sm->tlv_request = TLV_REQ_FAILURE; + eap_peap_state(data, PHASE2_TLV); + return EAP_TYPE_TLV; + } else { + eap_peap_state(data, FAILURE_REQ); + return EAP_TYPE_NONE; + } +} + + +static void * eap_peap_init(struct eap_sm *sm) +{ + struct eap_peap_data *data; + + data = wpa_zalloc(sizeof(*data)); + if (data == NULL) + return NULL; + data->peap_version = EAP_PEAP_VERSION; + data->force_version = -1; + if (sm->user && sm->user->force_version >= 0) { + data->force_version = sm->user->force_version; + wpa_printf(MSG_DEBUG, "EAP-PEAP: forcing version %d", + data->force_version); + data->peap_version = data->force_version; + } + data->state = START; + + if (eap_tls_ssl_init(sm, &data->ssl, 0)) { + wpa_printf(MSG_INFO, "EAP-PEAP: Failed to initialize SSL."); + eap_peap_reset(sm, data); + return NULL; + } + + return data; +} + + +static void eap_peap_reset(struct eap_sm *sm, void *priv) +{ + struct eap_peap_data *data = priv; + if (data == NULL) + return; + if (data->phase2_priv && data->phase2_method) + data->phase2_method->reset(sm, data->phase2_priv); + eap_tls_ssl_deinit(sm, &data->ssl); + free(data); +} + + +static u8 * eap_peap_build_start(struct eap_sm *sm, struct eap_peap_data *data, + int id, size_t *reqDataLen) +{ + struct eap_hdr *req; + u8 *pos; + + *reqDataLen = sizeof(*req) + 2; + req = malloc(*reqDataLen); + if (req == NULL) { + wpa_printf(MSG_ERROR, "EAP-PEAP: Failed to allocate memory for" + " request"); + eap_peap_state(data, FAILURE); + return NULL; + } + + req->code = EAP_CODE_REQUEST; + req->identifier = id; + req->length = htons(*reqDataLen); + pos = (u8 *) (req + 1); + *pos++ = EAP_TYPE_PEAP; + *pos = EAP_TLS_FLAGS_START | data->peap_version; + + eap_peap_state(data, PHASE1); + + return (u8 *) req; +} + + +static u8 * eap_peap_build_req(struct eap_sm *sm, struct eap_peap_data *data, + int id, size_t *reqDataLen) +{ + int res; + u8 *req; + + res = eap_tls_buildReq_helper(sm, &data->ssl, EAP_TYPE_PEAP, + data->peap_version, id, &req, + reqDataLen); + + if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) { + wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase1 done, starting " + "Phase2"); + eap_peap_state(data, PHASE2_START); + } + + if (res == 1) + return eap_tls_build_ack(reqDataLen, id, EAP_TYPE_PEAP, + data->peap_version); + return req; +} + + +static u8 * eap_peap_encrypt(struct eap_sm *sm, struct eap_peap_data *data, + int id, u8 *plain, size_t plain_len, + size_t *out_len) +{ + int res; + u8 *pos; + struct eap_hdr *req; + + /* TODO: add support for fragmentation, if needed. This will need to + * add TLS Message Length field, if the frame is fragmented. */ + req = malloc(sizeof(struct eap_hdr) + 2 + data->ssl.tls_out_limit); + if (req == NULL) + return NULL; + + req->code = EAP_CODE_REQUEST; + req->identifier = id; + + pos = (u8 *) (req + 1); + *pos++ = EAP_TYPE_PEAP; + *pos++ = data->peap_version; + + res = tls_connection_encrypt(sm->ssl_ctx, data->ssl.conn, + plain, plain_len, + pos, data->ssl.tls_out_limit); + if (res < 0) { + wpa_printf(MSG_INFO, "EAP-PEAP: Failed to encrypt Phase 2 " + "data"); + free(req); + return NULL; + } + + *out_len = sizeof(struct eap_hdr) + 2 + res; + req->length = host_to_be16(*out_len); + return (u8 *) req; +} + + +static u8 * eap_peap_build_phase2_req(struct eap_sm *sm, + struct eap_peap_data *data, + int id, size_t *reqDataLen) +{ + u8 *req, *buf, *encr_req; + size_t req_len; + + buf = req = data->phase2_method->buildReq(sm, data->phase2_priv, id, + &req_len); + if (req == NULL) + return NULL; + + wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: Encrypting Phase 2 data", + req, req_len); + + if (data->peap_version == 0 && + data->phase2_method->method != EAP_TYPE_TLV) { + req += sizeof(struct eap_hdr); + req_len -= sizeof(struct eap_hdr); + } + + encr_req = eap_peap_encrypt(sm, data, id, req, req_len, reqDataLen); + free(buf); + + return encr_req; +} + + +static u8 * eap_peap_build_phase2_term(struct eap_sm *sm, + struct eap_peap_data *data, + int id, size_t *reqDataLen, int success) +{ + u8 *encr_req; + size_t req_len; + struct eap_hdr *hdr; + + req_len = sizeof(*hdr); + hdr = wpa_zalloc(req_len); + if (hdr == NULL) + return NULL; + + hdr->code = success ? EAP_CODE_SUCCESS : EAP_CODE_FAILURE; + hdr->identifier = id; + hdr->length = htons(req_len); + + wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: Encrypting Phase 2 data", + (u8 *) hdr, req_len); + + encr_req = eap_peap_encrypt(sm, data, id, (u8 *) hdr, req_len, + reqDataLen); + free(hdr); + + return encr_req; +} + + +static u8 * eap_peap_buildReq(struct eap_sm *sm, void *priv, int id, + size_t *reqDataLen) +{ + struct eap_peap_data *data = priv; + + switch (data->state) { + case START: + return eap_peap_build_start(sm, data, id, reqDataLen); + case PHASE1: + return eap_peap_build_req(sm, data, id, reqDataLen); + case PHASE2_ID: + case PHASE2_METHOD: + case PHASE2_TLV: + return eap_peap_build_phase2_req(sm, data, id, reqDataLen); + case SUCCESS_REQ: + return eap_peap_build_phase2_term(sm, data, id, reqDataLen, 1); + case FAILURE_REQ: + return eap_peap_build_phase2_term(sm, data, id, reqDataLen, 0); + default: + wpa_printf(MSG_DEBUG, "EAP-PEAP: %s - unexpected state %d", + __func__, data->state); + return NULL; + } +} + + +static Boolean eap_peap_check(struct eap_sm *sm, void *priv, + u8 *respData, size_t respDataLen) +{ + struct eap_hdr *resp; + u8 *pos; + + resp = (struct eap_hdr *) respData; + pos = (u8 *) (resp + 1); + if (respDataLen < sizeof(*resp) + 2 || *pos != EAP_TYPE_PEAP || + (ntohs(resp->length)) > respDataLen) { + wpa_printf(MSG_INFO, "EAP-PEAP: Invalid frame"); + return TRUE; + } + + return FALSE; +} + + +static int eap_peap_phase2_init(struct eap_sm *sm, struct eap_peap_data *data, + EapType eap_type) +{ + if (data->phase2_priv && data->phase2_method) { + data->phase2_method->reset(sm, data->phase2_priv); + data->phase2_method = NULL; + data->phase2_priv = NULL; + } + data->phase2_method = eap_sm_get_eap_methods(EAP_VENDOR_IETF, + eap_type); + if (!data->phase2_method) + return -1; + + sm->init_phase2 = 1; + data->phase2_priv = data->phase2_method->init(sm); + sm->init_phase2 = 0; + return 0; +} + + +static void eap_peap_process_phase2_response(struct eap_sm *sm, + struct eap_peap_data *data, + u8 *in_data, size_t in_len) +{ + u8 next_type = EAP_TYPE_NONE; + struct eap_hdr *hdr; + u8 *pos; + size_t left; + + if (data->phase2_priv == NULL) { + wpa_printf(MSG_DEBUG, "EAP-PEAP: %s - Phase2 not " + "initialized?!", __func__); + return; + } + + hdr = (struct eap_hdr *) in_data; + pos = (u8 *) (hdr + 1); + + if (in_len > sizeof(*hdr) && *pos == EAP_TYPE_NAK) { + left = in_len - sizeof(*hdr); + wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Phase2 type Nak'ed; " + "allowed types", pos + 1, left - 1); + eap_sm_process_nak(sm, pos + 1, left - 1); + if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS && + sm->user->methods[sm->user_eap_method_index].method != + EAP_TYPE_NONE) { + next_type = sm->user->methods[ + sm->user_eap_method_index++].method; + wpa_printf(MSG_DEBUG, "EAP-PEAP: try EAP type %d", + next_type); + } else { + next_type = eap_peap_req_failure(sm, data); + } + eap_peap_phase2_init(sm, data, next_type); + return; + } + + if (data->phase2_method->check(sm, data->phase2_priv, in_data, + in_len)) { + wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase2 check() asked to " + "ignore the packet"); + return; + } + + data->phase2_method->process(sm, data->phase2_priv, in_data, in_len); + + if (!data->phase2_method->isDone(sm, data->phase2_priv)) + return; + + + if (!data->phase2_method->isSuccess(sm, data->phase2_priv)) { + wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase2 method failed"); + next_type = eap_peap_req_failure(sm, data); + eap_peap_phase2_init(sm, data, next_type); + return; + } + + switch (data->state) { + case PHASE2_ID: + if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) { + wpa_hexdump_ascii(MSG_DEBUG, "EAP_PEAP: Phase2 " + "Identity not found in the user " + "database", + sm->identity, sm->identity_len); + next_type = eap_peap_req_failure(sm, data); + break; + } + + eap_peap_state(data, PHASE2_METHOD); + next_type = sm->user->methods[0].method; + sm->user_eap_method_index = 1; + wpa_printf(MSG_DEBUG, "EAP-PEAP: try EAP type %d", next_type); + break; + case PHASE2_METHOD: + next_type = eap_peap_req_success(sm, data); + break; + case PHASE2_TLV: + if (sm->tlv_request == TLV_REQ_SUCCESS || + data->state == SUCCESS_REQ) { + eap_peap_state(data, SUCCESS); + } else { + eap_peap_state(data, FAILURE); + } + break; + case FAILURE: + break; + default: + wpa_printf(MSG_DEBUG, "EAP-PEAP: %s - unexpected state %d", + __func__, data->state); + break; + } + + eap_peap_phase2_init(sm, data, next_type); +} + + +static void eap_peap_process_phase2(struct eap_sm *sm, + struct eap_peap_data *data, + struct eap_hdr *resp, + u8 *in_data, size_t in_len) +{ + u8 *in_decrypted; + int len_decrypted, len, res; + struct eap_hdr *hdr; + size_t buf_len; + + wpa_printf(MSG_DEBUG, "EAP-PEAP: received %lu bytes encrypted data for" + " Phase 2", (unsigned long) in_len); + + res = eap_tls_data_reassemble(sm, &data->ssl, &in_data, &in_len); + if (res < 0 || res == 1) + return; + + buf_len = in_len; + if (data->ssl.tls_in_total > buf_len) + buf_len = data->ssl.tls_in_total; + in_decrypted = malloc(buf_len); + if (in_decrypted == NULL) { + free(data->ssl.tls_in); + data->ssl.tls_in = NULL; + data->ssl.tls_in_len = 0; + wpa_printf(MSG_WARNING, "EAP-PEAP: failed to allocate memory " + "for decryption"); + return; + } + + len_decrypted = tls_connection_decrypt(sm->ssl_ctx, data->ssl.conn, + in_data, in_len, + in_decrypted, buf_len); + free(data->ssl.tls_in); + data->ssl.tls_in = NULL; + data->ssl.tls_in_len = 0; + if (len_decrypted < 0) { + wpa_printf(MSG_INFO, "EAP-PEAP: Failed to decrypt Phase 2 " + "data"); + free(in_decrypted); + eap_peap_state(data, FAILURE); + return; + } + + wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: Decrypted Phase 2 EAP", + in_decrypted, len_decrypted); + + hdr = (struct eap_hdr *) in_decrypted; + + if (data->peap_version == 0 && data->state != PHASE2_TLV) { + struct eap_hdr *nhdr = malloc(sizeof(struct eap_hdr) + + len_decrypted); + if (nhdr == NULL) { + free(in_decrypted); + return; + } + memcpy((u8 *) (nhdr + 1), in_decrypted, len_decrypted); + free(in_decrypted); + nhdr->code = resp->code; + nhdr->identifier = resp->identifier; + nhdr->length = host_to_be16(sizeof(struct eap_hdr) + + len_decrypted); + + len_decrypted += sizeof(struct eap_hdr); + in_decrypted = (u8 *) nhdr; + } + hdr = (struct eap_hdr *) in_decrypted; + if (len_decrypted < (int) sizeof(*hdr)) { + free(in_decrypted); + wpa_printf(MSG_INFO, "EAP-PEAP: Too short Phase 2 " + "EAP frame (len=%d)", len_decrypted); + eap_peap_req_failure(sm, data); + return; + } + len = be_to_host16(hdr->length); + if (len > len_decrypted) { + free(in_decrypted); + wpa_printf(MSG_INFO, "EAP-PEAP: Length mismatch in " + "Phase 2 EAP frame (len=%d hdr->length=%d)", + len_decrypted, len); + eap_peap_req_failure(sm, data); + return; + } + wpa_printf(MSG_DEBUG, "EAP-PEAP: received Phase 2: code=%d " + "identifier=%d length=%d", hdr->code, hdr->identifier, len); + switch (hdr->code) { + case EAP_CODE_RESPONSE: + eap_peap_process_phase2_response(sm, data, (u8 *) hdr, len); + break; + case EAP_CODE_SUCCESS: + wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 Success"); + if (data->state == SUCCESS_REQ) { + eap_peap_state(data, SUCCESS); + } + break; + case EAP_CODE_FAILURE: + wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 Failure"); + eap_peap_state(data, FAILURE); + break; + default: + wpa_printf(MSG_INFO, "EAP-PEAP: Unexpected code=%d in " + "Phase 2 EAP header", hdr->code); + break; + } + + free(in_decrypted); + } + + +static void eap_peap_process(struct eap_sm *sm, void *priv, + u8 *respData, size_t respDataLen) +{ + struct eap_peap_data *data = priv; + struct eap_hdr *resp; + u8 *pos, flags; + int left; + unsigned int tls_msg_len; + int peer_version; + + resp = (struct eap_hdr *) respData; + pos = (u8 *) (resp + 1); + pos++; + flags = *pos++; + left = htons(resp->length) - sizeof(struct eap_hdr) - 2; + wpa_printf(MSG_DEBUG, "EAP-PEAP: Received packet(len=%lu) - " + "Flags 0x%02x", (unsigned long) respDataLen, flags); + peer_version = flags & EAP_PEAP_VERSION_MASK; + if (data->force_version >= 0 && peer_version != data->force_version) { + wpa_printf(MSG_INFO, "EAP-PEAP: peer did not select the forced" + " version (forced=%d peer=%d) - reject", + data->force_version, peer_version); + eap_peap_state(data, FAILURE); + return; + } + if (peer_version < data->peap_version) { + wpa_printf(MSG_DEBUG, "EAP-PEAP: peer ver=%d, own ver=%d; " + "use version %d", + peer_version, data->peap_version, peer_version); + data->peap_version = peer_version; + } + if (flags & EAP_TLS_FLAGS_LENGTH_INCLUDED) { + if (left < 4) { + wpa_printf(MSG_INFO, "EAP-PEAP: Short frame with TLS " + "length"); + eap_peap_state(data, FAILURE); + return; + } + tls_msg_len = (pos[0] << 24) | (pos[1] << 16) | (pos[2] << 8) | + pos[3]; + wpa_printf(MSG_DEBUG, "EAP-PEAP: TLS Message Length: %d", + tls_msg_len); + if (data->ssl.tls_in_left == 0) { + data->ssl.tls_in_total = tls_msg_len; + data->ssl.tls_in_left = tls_msg_len; + free(data->ssl.tls_in); + data->ssl.tls_in = NULL; + data->ssl.tls_in_len = 0; + } + pos += 4; + left -= 4; + } + + switch (data->state) { + case PHASE1: + if (eap_tls_process_helper(sm, &data->ssl, pos, left) < 0) { + wpa_printf(MSG_INFO, "EAP-PEAP: TLS processing " + "failed"); + eap_peap_state(data, FAILURE); + } + break; + case PHASE2_START: + eap_peap_state(data, PHASE2_ID); + eap_peap_phase2_init(sm, data, EAP_TYPE_IDENTITY); + break; + case PHASE2_ID: + case PHASE2_METHOD: + case PHASE2_TLV: + eap_peap_process_phase2(sm, data, resp, pos, left); + break; + case SUCCESS_REQ: + eap_peap_state(data, SUCCESS); + break; + case FAILURE_REQ: + eap_peap_state(data, FAILURE); + break; + default: + wpa_printf(MSG_DEBUG, "EAP-PEAP: Unexpected state %d in %s", + data->state, __func__); + break; + } + + if (tls_connection_get_write_alerts(sm->ssl_ctx, data->ssl.conn) > 1) { + wpa_printf(MSG_INFO, "EAP-PEAP: Locally detected fatal error " + "in TLS processing"); + eap_peap_state(data, FAILURE); + } +} + + +static Boolean eap_peap_isDone(struct eap_sm *sm, void *priv) +{ + struct eap_peap_data *data = priv; + return data->state == SUCCESS || data->state == FAILURE; +} + + +static u8 * eap_peap_getKey(struct eap_sm *sm, void *priv, size_t *len) +{ + struct eap_peap_data *data = priv; + u8 *eapKeyData; + + if (data->state != SUCCESS) + return NULL; + + /* TODO: PEAPv1 - different label in some cases */ + eapKeyData = eap_tls_derive_key(sm, &data->ssl, + "client EAP encryption", + EAP_TLS_KEY_LEN); + if (eapKeyData) { + *len = EAP_TLS_KEY_LEN; + wpa_hexdump(MSG_DEBUG, "EAP-PEAP: Derived key", + eapKeyData, EAP_TLS_KEY_LEN); + } else { + wpa_printf(MSG_DEBUG, "EAP-PEAP: Failed to derive key"); + } + + return eapKeyData; +} + + +static Boolean eap_peap_isSuccess(struct eap_sm *sm, void *priv) +{ + struct eap_peap_data *data = priv; + return data->state == SUCCESS; +} + + +int eap_server_peap_register(void) +{ + struct eap_method *eap; + int ret; + + eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION, + EAP_VENDOR_IETF, EAP_TYPE_PEAP, "PEAP"); + if (eap == NULL) + return -1; + + eap->init = eap_peap_init; + eap->reset = eap_peap_reset; + eap->buildReq = eap_peap_buildReq; + eap->check = eap_peap_check; + eap->process = eap_peap_process; + eap->isDone = eap_peap_isDone; + eap->getKey = eap_peap_getKey; + eap->isSuccess = eap_peap_isSuccess; + + ret = eap_server_method_register(eap); + if (ret) + eap_server_method_free(eap); + return ret; +} diff --git a/contrib/hostapd-0.5.8/eap_psk.c b/contrib/hostapd-0.5.8/eap_psk.c new file mode 100644 index 0000000000..7408a522e3 --- /dev/null +++ b/contrib/hostapd-0.5.8/eap_psk.c @@ -0,0 +1,494 @@ +/* + * hostapd / EAP-PSK (RFC 4764) server + * Copyright (c) 2005-2007, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + * + * Note: EAP-PSK is an EAP authentication method and as such, completely + * different from WPA-PSK. This file is not needed for WPA-PSK functionality. + */ + +#include "includes.h" + +#include "hostapd.h" +#include "common.h" +#include "eap_i.h" +#include "aes_wrap.h" +#include "eap_psk_common.h" + + +struct eap_psk_data { + enum { PSK_1, PSK_3, SUCCESS, FAILURE } state; + u8 rand_s[EAP_PSK_RAND_LEN]; + u8 rand_p[EAP_PSK_RAND_LEN]; + u8 *id_p, *id_s; + size_t id_p_len, id_s_len; + u8 ak[EAP_PSK_AK_LEN], kdk[EAP_PSK_KDK_LEN], tek[EAP_PSK_TEK_LEN]; + u8 msk[EAP_MSK_LEN]; + u8 emsk[EAP_EMSK_LEN]; +}; + + +static void * eap_psk_init(struct eap_sm *sm) +{ + struct eap_psk_data *data; + + data = wpa_zalloc(sizeof(*data)); + if (data == NULL) + return NULL; + data->state = PSK_1; + data->id_s = (u8 *) "hostapd"; + data->id_s_len = 7; + + return data; +} + + +static void eap_psk_reset(struct eap_sm *sm, void *priv) +{ + struct eap_psk_data *data = priv; + free(data->id_p); + free(data); +} + + +static u8 * eap_psk_build_1(struct eap_sm *sm, struct eap_psk_data *data, + int id, size_t *reqDataLen) +{ + struct eap_psk_hdr_1 *req; + + wpa_printf(MSG_DEBUG, "EAP-PSK: PSK-1 (sending)"); + + if (hostapd_get_rand(data->rand_s, EAP_PSK_RAND_LEN)) { + wpa_printf(MSG_ERROR, "EAP-PSK: Failed to get random data"); + data->state = FAILURE; + return NULL; + } + wpa_hexdump(MSG_MSGDUMP, "EAP-PSK: RAND_S (server rand)", + data->rand_s, EAP_PSK_RAND_LEN); + + *reqDataLen = sizeof(*req) + data->id_s_len; + req = malloc(*reqDataLen); + if (req == NULL) { + wpa_printf(MSG_ERROR, "EAP-PSK: Failed to allocate memory " + "request"); + data->state = FAILURE; + return NULL; + } + + req->code = EAP_CODE_REQUEST; + req->identifier = id; + req->length = htons(*reqDataLen); + req->type = EAP_TYPE_PSK; + req->flags = EAP_PSK_FLAGS_SET_T(0); /* T=0 */ + memcpy(req->rand_s, data->rand_s, EAP_PSK_RAND_LEN); + memcpy((u8 *) (req + 1), data->id_s, data->id_s_len); + + return (u8 *) req; +} + + +static u8 * eap_psk_build_3(struct eap_sm *sm, struct eap_psk_data *data, + int id, size_t *reqDataLen) +{ + struct eap_psk_hdr_3 *req; + u8 *buf, *pchannel, nonce[16]; + size_t buflen; + + wpa_printf(MSG_DEBUG, "EAP-PSK: PSK-3 (sending)"); + + *reqDataLen = sizeof(*req) + 4 + 16 + 1; + req = malloc(*reqDataLen); + if (req == NULL) { + wpa_printf(MSG_ERROR, "EAP-PSK: Failed to allocate memory " + "request"); + data->state = FAILURE; + return NULL; + } + + req->code = EAP_CODE_REQUEST; + req->identifier = id; + req->length = htons(*reqDataLen); + req->type = EAP_TYPE_PSK; + req->flags = EAP_PSK_FLAGS_SET_T(2); /* T=2 */ + memcpy(req->rand_s, data->rand_s, EAP_PSK_RAND_LEN); + + /* MAC_S = OMAC1-AES-128(AK, ID_S||RAND_P) */ + buflen = data->id_s_len + EAP_PSK_RAND_LEN; + buf = malloc(buflen); + if (buf == NULL) { + free(req); + data->state = FAILURE; + return NULL; + } + memcpy(buf, data->id_s, data->id_s_len); + memcpy(buf + data->id_s_len, data->rand_p, EAP_PSK_RAND_LEN); + omac1_aes_128(data->ak, buf, buflen, req->mac_s); + free(buf); + + eap_psk_derive_keys(data->kdk, data->rand_p, data->tek, data->msk, + data->emsk); + wpa_hexdump_key(MSG_DEBUG, "EAP-PSK: TEK", data->tek, EAP_PSK_TEK_LEN); + wpa_hexdump_key(MSG_DEBUG, "EAP-PSK: MSK", data->msk, EAP_MSK_LEN); + wpa_hexdump_key(MSG_DEBUG, "EAP-PSK: EMSK", data->emsk, EAP_EMSK_LEN); + + memset(nonce, 0, sizeof(nonce)); + pchannel = (u8 *) (req + 1); + memcpy(pchannel, nonce + 12, 4); + memset(pchannel + 4, 0, 16); /* Tag */ + pchannel[4 + 16] = EAP_PSK_R_FLAG_DONE_SUCCESS << 6; + wpa_hexdump(MSG_DEBUG, "EAP-PSK: PCHANNEL (plaintext)", + pchannel, 4 + 16 + 1); + aes_128_eax_encrypt(data->tek, nonce, sizeof(nonce), (u8 *) req, 22, + pchannel + 4 + 16, 1, pchannel + 4); + wpa_hexdump(MSG_DEBUG, "EAP-PSK: PCHANNEL (encrypted)", + pchannel, 4 + 16 + 1); + + return (u8 *) req; +} + + +static u8 * eap_psk_buildReq(struct eap_sm *sm, void *priv, int id, + size_t *reqDataLen) +{ + struct eap_psk_data *data = priv; + + switch (data->state) { + case PSK_1: + return eap_psk_build_1(sm, data, id, reqDataLen); + case PSK_3: + return eap_psk_build_3(sm, data, id, reqDataLen); + default: + wpa_printf(MSG_DEBUG, "EAP-PSK: Unknown state %d in buildReq", + data->state); + break; + } + return NULL; +} + + +static Boolean eap_psk_check(struct eap_sm *sm, void *priv, + u8 *respData, size_t respDataLen) +{ + struct eap_psk_data *data = priv; + struct eap_psk_hdr *resp; + size_t len; + u8 t; + + resp = (struct eap_psk_hdr *) respData; + if (respDataLen < sizeof(*resp) || resp->type != EAP_TYPE_PSK || + (len = ntohs(resp->length)) > respDataLen || + len < sizeof(*resp)) { + wpa_printf(MSG_INFO, "EAP-PSK: Invalid frame"); + return TRUE; + } + t = EAP_PSK_FLAGS_GET_T(resp->flags); + + wpa_printf(MSG_DEBUG, "EAP-PSK: received frame: T=%d", t); + + if (data->state == PSK_1 && t != 1) { + wpa_printf(MSG_DEBUG, "EAP-PSK: Expected PSK-2 - " + "ignore T=%d", t); + return TRUE; + } + + if (data->state == PSK_3 && t != 3) { + wpa_printf(MSG_DEBUG, "EAP-PSK: Expected PSK-4 - " + "ignore T=%d", t); + return TRUE; + } + + if ((t == 1 && len < sizeof(struct eap_psk_hdr_2)) || + (t == 3 && len < sizeof(struct eap_psk_hdr_4))) { + wpa_printf(MSG_DEBUG, "EAP-PSK: Too short frame"); + return TRUE; + } + + return FALSE; +} + + +static void eap_psk_process_2(struct eap_sm *sm, + struct eap_psk_data *data, + u8 *respData, size_t respDataLen) +{ + struct eap_psk_hdr_2 *resp; + u8 *pos, mac[EAP_PSK_MAC_LEN], *buf; + size_t len, left, buflen; + int i; + + if (data->state != PSK_1) + return; + + wpa_printf(MSG_DEBUG, "EAP-PSK: Received PSK-2"); + + resp = (struct eap_psk_hdr_2 *) respData; + len = ntohs(resp->length); + pos = (u8 *) (resp + 1); + left = len - sizeof(*resp); + + free(data->id_p); + data->id_p = malloc(left); + if (data->id_p == NULL) { + wpa_printf(MSG_INFO, "EAP-PSK: Failed to allocate memory for " + "ID_P"); + return; + } + memcpy(data->id_p, pos, left); + data->id_p_len = left; + wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-PSK: ID_P", + data->id_p, data->id_p_len); + + if (eap_user_get(sm, data->id_p, data->id_p_len, 0) < 0) { + wpa_hexdump_ascii(MSG_DEBUG, "EAP-PSK: unknown ID_P", + data->id_p, data->id_p_len); + data->state = FAILURE; + return; + } + + for (i = 0; + i < EAP_MAX_METHODS && + (sm->user->methods[i].vendor != EAP_VENDOR_IETF || + sm->user->methods[i].method != EAP_TYPE_NONE); + i++) { + if (sm->user->methods[i].vendor == EAP_VENDOR_IETF && + sm->user->methods[i].method == EAP_TYPE_PSK) + break; + } + + if (i >= EAP_MAX_METHODS || + sm->user->methods[i].vendor != EAP_VENDOR_IETF || + sm->user->methods[i].method != EAP_TYPE_PSK) { + wpa_hexdump_ascii(MSG_DEBUG, + "EAP-PSK: EAP-PSK not enabled for ID_P", + data->id_p, data->id_p_len); + data->state = FAILURE; + return; + } + + if (sm->user->password == NULL || + sm->user->password_len != EAP_PSK_PSK_LEN) { + wpa_hexdump_ascii(MSG_DEBUG, "EAP-PSK: invalid password in " + "user database for ID_P", + data->id_p, data->id_p_len); + data->state = FAILURE; + return; + } + eap_psk_key_setup(sm->user->password, data->ak, data->kdk); + wpa_hexdump_key(MSG_DEBUG, "EAP-PSK: AK", data->ak, EAP_PSK_AK_LEN); + wpa_hexdump_key(MSG_DEBUG, "EAP-PSK: KDK", data->kdk, EAP_PSK_KDK_LEN); + + wpa_hexdump(MSG_MSGDUMP, "EAP-PSK: RAND_P (client rand)", + resp->rand_p, EAP_PSK_RAND_LEN); + memcpy(data->rand_p, resp->rand_p, EAP_PSK_RAND_LEN); + + /* MAC_P = OMAC1-AES-128(AK, ID_P||ID_S||RAND_S||RAND_P) */ + buflen = data->id_p_len + data->id_s_len + 2 * EAP_PSK_RAND_LEN; + buf = malloc(buflen); + if (buf == NULL) { + data->state = FAILURE; + return; + } + memcpy(buf, data->id_p, data->id_p_len); + pos = buf + data->id_p_len; + memcpy(pos, data->id_s, data->id_s_len); + pos += data->id_s_len; + memcpy(pos, data->rand_s, EAP_PSK_RAND_LEN); + pos += EAP_PSK_RAND_LEN; + memcpy(pos, data->rand_p, EAP_PSK_RAND_LEN); + omac1_aes_128(data->ak, buf, buflen, mac); + free(buf); + wpa_hexdump(MSG_DEBUG, "EAP-PSK: MAC_P", resp->mac_p, EAP_PSK_MAC_LEN); + if (memcmp(mac, resp->mac_p, EAP_PSK_MAC_LEN) != 0) { + wpa_printf(MSG_INFO, "EAP-PSK: Invalid MAC_P"); + wpa_hexdump(MSG_MSGDUMP, "EAP-PSK: Expected MAC_P", + mac, EAP_PSK_MAC_LEN); + data->state = FAILURE; + return; + } + + data->state = PSK_3; +} + + +static void eap_psk_process_4(struct eap_sm *sm, + struct eap_psk_data *data, + u8 *respData, size_t respDataLen) +{ + struct eap_psk_hdr_4 *resp; + u8 *pos, *decrypted, nonce[16], *tag; + size_t left; + + if (data->state != PSK_3) + return; + + wpa_printf(MSG_DEBUG, "EAP-PSK: Received PSK-4"); + + resp = (struct eap_psk_hdr_4 *) respData; + pos = (u8 *) (resp + 1); + left = ntohs(resp->length) - sizeof(*resp); + + wpa_hexdump(MSG_MSGDUMP, "EAP-PSK: Encrypted PCHANNEL", pos, left); + + if (left < 4 + 16 + 1) { + wpa_printf(MSG_INFO, "EAP-PSK: Too short PCHANNEL data in " + "PSK-4 (len=%lu, expected 21)", + (unsigned long) left); + return; + } + + if (pos[0] == 0 && pos[1] == 0 && pos[2] == 0 && pos[3] == 0) { + wpa_printf(MSG_DEBUG, "EAP-PSK: Nonce did not increase"); + return; + } + + memset(nonce, 0, 12); + memcpy(nonce + 12, pos, 4); + pos += 4; + left -= 4; + tag = pos; + pos += 16; + left -= 16; + + decrypted = malloc(left); + if (decrypted == NULL) + return; + memcpy(decrypted, pos, left); + + if (aes_128_eax_decrypt(data->tek, nonce, sizeof(nonce), + respData, 22, decrypted, left, tag)) { + wpa_printf(MSG_WARNING, "EAP-PSK: PCHANNEL decryption failed"); + free(decrypted); + data->state = FAILURE; + return; + } + wpa_hexdump(MSG_DEBUG, "EAP-PSK: Decrypted PCHANNEL message", + decrypted, left); + + /* Verify R flag */ + switch (decrypted[0] >> 6) { + case EAP_PSK_R_FLAG_CONT: + wpa_printf(MSG_DEBUG, "EAP-PSK: R flag - CONT - unsupported"); + data->state = FAILURE; + break; + case EAP_PSK_R_FLAG_DONE_SUCCESS: + wpa_printf(MSG_DEBUG, "EAP-PSK: R flag - DONE_SUCCESS"); + data->state = SUCCESS; + break; + case EAP_PSK_R_FLAG_DONE_FAILURE: + wpa_printf(MSG_DEBUG, "EAP-PSK: R flag - DONE_FAILURE"); + data->state = FAILURE; + break; + } + free(decrypted); +} + + +static void eap_psk_process(struct eap_sm *sm, void *priv, + u8 *respData, size_t respDataLen) +{ + struct eap_psk_data *data = priv; + struct eap_psk_hdr *resp; + + if (sm->user == NULL || sm->user->password == NULL) { + wpa_printf(MSG_INFO, "EAP-PSK: Plaintext password not " + "configured"); + data->state = FAILURE; + return; + } + + resp = (struct eap_psk_hdr *) respData; + + switch (EAP_PSK_FLAGS_GET_T(resp->flags)) { + case 1: + eap_psk_process_2(sm, data, respData, respDataLen); + break; + case 3: + eap_psk_process_4(sm, data, respData, respDataLen); + break; + } +} + + +static Boolean eap_psk_isDone(struct eap_sm *sm, void *priv) +{ + struct eap_psk_data *data = priv; + return data->state == SUCCESS || data->state == FAILURE; +} + + +static u8 * eap_psk_getKey(struct eap_sm *sm, void *priv, size_t *len) +{ + struct eap_psk_data *data = priv; + u8 *key; + + if (data->state != SUCCESS) + return NULL; + + key = malloc(EAP_MSK_LEN); + if (key == NULL) + return NULL; + memcpy(key, data->msk, EAP_MSK_LEN); + *len = EAP_MSK_LEN; + + return key; +} + + +static u8 * eap_psk_get_emsk(struct eap_sm *sm, void *priv, size_t *len) +{ + struct eap_psk_data *data = priv; + u8 *key; + + if (data->state != SUCCESS) + return NULL; + + key = malloc(EAP_EMSK_LEN); + if (key == NULL) + return NULL; + memcpy(key, data->emsk, EAP_EMSK_LEN); + *len = EAP_EMSK_LEN; + + return key; +} + + +static Boolean eap_psk_isSuccess(struct eap_sm *sm, void *priv) +{ + struct eap_psk_data *data = priv; + return data->state == SUCCESS; +} + + +int eap_server_psk_register(void) +{ + struct eap_method *eap; + int ret; + + eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION, + EAP_VENDOR_IETF, EAP_TYPE_PSK, "PSK"); + if (eap == NULL) + return -1; + + eap->init = eap_psk_init; + eap->reset = eap_psk_reset; + eap->buildReq = eap_psk_buildReq; + eap->check = eap_psk_check; + eap->process = eap_psk_process; + eap->isDone = eap_psk_isDone; + eap->getKey = eap_psk_getKey; + eap->isSuccess = eap_psk_isSuccess; + eap->get_emsk = eap_psk_get_emsk; + + ret = eap_server_method_register(eap); + if (ret) + eap_server_method_free(eap); + return ret; +} diff --git a/contrib/hostapd-0.5.8/eap_psk_common.c b/contrib/hostapd-0.5.8/eap_psk_common.c new file mode 100644 index 0000000000..8d896ae639 --- /dev/null +++ b/contrib/hostapd-0.5.8/eap_psk_common.c @@ -0,0 +1,64 @@ +/* + * EAP server/peer: EAP-PSK shared routines + * Copyright (c) 2004-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "common.h" +#include "aes_wrap.h" +#include "eap_defs.h" +#include "eap_psk_common.h" + +#define aes_block_size 16 + + +void eap_psk_key_setup(const u8 *psk, u8 *ak, u8 *kdk) +{ + os_memset(ak, 0, aes_block_size); + aes_128_encrypt_block(psk, ak, ak); + os_memcpy(kdk, ak, aes_block_size); + ak[aes_block_size - 1] ^= 0x01; + kdk[aes_block_size - 1] ^= 0x02; + aes_128_encrypt_block(psk, ak, ak); + aes_128_encrypt_block(psk, kdk, kdk); +} + + +void eap_psk_derive_keys(const u8 *kdk, const u8 *rand_p, u8 *tek, u8 *msk, + u8 *emsk) +{ + u8 hash[aes_block_size]; + u8 counter = 1; + int i; + + aes_128_encrypt_block(kdk, rand_p, hash); + + hash[aes_block_size - 1] ^= counter; + aes_128_encrypt_block(kdk, hash, tek); + hash[aes_block_size - 1] ^= counter; + counter++; + + for (i = 0; i < EAP_MSK_LEN / aes_block_size; i++) { + hash[aes_block_size - 1] ^= counter; + aes_128_encrypt_block(kdk, hash, &msk[i * aes_block_size]); + hash[aes_block_size - 1] ^= counter; + counter++; + } + + for (i = 0; i < EAP_EMSK_LEN / aes_block_size; i++) { + hash[aes_block_size - 1] ^= counter; + aes_128_encrypt_block(kdk, hash, &emsk[i * aes_block_size]); + hash[aes_block_size - 1] ^= counter; + counter++; + } +} diff --git a/contrib/hostapd-0.5.8/eap_psk_common.h b/contrib/hostapd-0.5.8/eap_psk_common.h new file mode 100644 index 0000000000..e1bdccf591 --- /dev/null +++ b/contrib/hostapd-0.5.8/eap_psk_common.h @@ -0,0 +1,103 @@ +/* + * EAP server/peer: EAP-PSK shared routines + * Copyright (c) 2004-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef EAP_PSK_COMMON_H +#define EAP_PSK_COMMON_H + + +#define EAP_PSK_RAND_LEN 16 +#define EAP_PSK_MAC_LEN 16 +#define EAP_PSK_TEK_LEN 16 +#define EAP_PSK_PSK_LEN 16 +#define EAP_PSK_AK_LEN 16 +#define EAP_PSK_KDK_LEN 16 + +#define EAP_PSK_R_FLAG_CONT 1 +#define EAP_PSK_R_FLAG_DONE_SUCCESS 2 +#define EAP_PSK_R_FLAG_DONE_FAILURE 3 +#define EAP_PSK_E_FLAG 0x20 + +#define EAP_PSK_FLAGS_GET_T(flags) (((flags) & 0xc0) >> 6) +#define EAP_PSK_FLAGS_SET_T(t) ((u8) (t) << 6) + +#ifdef _MSC_VER +#pragma pack(push, 1) +#endif /* _MSC_VER */ + +/* Shared prefix for all EAP-PSK frames */ +struct eap_psk_hdr { + u8 code; + u8 identifier; + u16 length; /* including code, identifier, and length */ + u8 type; /* EAP_TYPE_PSK */ + u8 flags; +} STRUCT_PACKED; + +/* EAP-PSK First Message (AS -> Supplicant) */ +struct eap_psk_hdr_1 { + u8 code; + u8 identifier; + u16 length; /* including code, identifier, and length */ + u8 type; /* EAP_TYPE_PSK */ + u8 flags; + u8 rand_s[EAP_PSK_RAND_LEN]; + /* Followed by variable length ID_S */ +} STRUCT_PACKED; + +/* EAP-PSK Second Message (Supplicant -> AS) */ +struct eap_psk_hdr_2 { + u8 code; + u8 identifier; + u16 length; /* including code, identifier, and length */ + u8 type; /* EAP_TYPE_PSK */ + u8 flags; + u8 rand_s[EAP_PSK_RAND_LEN]; + u8 rand_p[EAP_PSK_RAND_LEN]; + u8 mac_p[EAP_PSK_MAC_LEN]; + /* Followed by variable length ID_P */ +} STRUCT_PACKED; + +/* EAP-PSK Third Message (AS -> Supplicant) */ +struct eap_psk_hdr_3 { + u8 code; + u8 identifier; + u16 length; /* including code, identifier, and length */ + u8 type; /* EAP_TYPE_PSK */ + u8 flags; + u8 rand_s[EAP_PSK_RAND_LEN]; + u8 mac_s[EAP_PSK_MAC_LEN]; + /* Followed by variable length PCHANNEL */ +} STRUCT_PACKED; + +/* EAP-PSK Fourth Message (Supplicant -> AS) */ +struct eap_psk_hdr_4 { + u8 code; + u8 identifier; + u16 length; /* including code, identifier, and length */ + u8 type; /* EAP_TYPE_PSK */ + u8 flags; + u8 rand_s[EAP_PSK_RAND_LEN]; + /* Followed by variable length PCHANNEL */ +} STRUCT_PACKED; + +#ifdef _MSC_VER +#pragma pack(pop) +#endif /* _MSC_VER */ + + +void eap_psk_key_setup(const u8 *psk, u8 *ak, u8 *kdk); +void eap_psk_derive_keys(const u8 *kdk, const u8 *rand_p, u8 *tek, u8 *msk, + u8 *emsk); + +#endif /* EAP_PSK_COMMON_H */ diff --git a/contrib/hostapd-0.5.8/eap_sake.c b/contrib/hostapd-0.5.8/eap_sake.c new file mode 100644 index 0000000000..e031f29fb4 --- /dev/null +++ b/contrib/hostapd-0.5.8/eap_sake.c @@ -0,0 +1,547 @@ +/* + * hostapd / EAP-SAKE (RFC 4763) server + * Copyright (c) 2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "hostapd.h" +#include "common.h" +#include "eap_i.h" +#include "eap_sake_common.h" + + +struct eap_sake_data { + enum { IDENTITY, CHALLENGE, CONFIRM, SUCCESS, FAILURE } state; + u8 rand_s[EAP_SAKE_RAND_LEN]; + u8 rand_p[EAP_SAKE_RAND_LEN]; + struct { + u8 auth[EAP_SAKE_TEK_AUTH_LEN]; + u8 cipher[EAP_SAKE_TEK_CIPHER_LEN]; + } tek; + u8 msk[EAP_MSK_LEN]; + u8 emsk[EAP_EMSK_LEN]; + u8 session_id; + u8 *peerid; + size_t peerid_len; + u8 *serverid; + size_t serverid_len; +}; + + +static const char * eap_sake_state_txt(int state) +{ + switch (state) { + case IDENTITY: + return "IDENTITY"; + case CHALLENGE: + return "CHALLENGE"; + case CONFIRM: + return "CONFIRM"; + case SUCCESS: + return "SUCCESS"; + case FAILURE: + return "FAILURE"; + default: + return "?"; + } +} + + +static void eap_sake_state(struct eap_sake_data *data, int state) +{ + wpa_printf(MSG_DEBUG, "EAP-SAKE: %s -> %s", + eap_sake_state_txt(data->state), + eap_sake_state_txt(state)); + data->state = state; +} + + +static void * eap_sake_init(struct eap_sm *sm) +{ + struct eap_sake_data *data; + + data = wpa_zalloc(sizeof(*data)); + if (data == NULL) + return NULL; + data->state = CHALLENGE; + + if (hostapd_get_rand(&data->session_id, 1)) { + wpa_printf(MSG_ERROR, "EAP-SAKE: Failed to get random data"); + os_free(data); + return NULL; + } + wpa_printf(MSG_DEBUG, "EAP-SAKE: Initialized Session ID %d", + data->session_id); + + /* TODO: add support for configuring SERVERID */ + data->serverid = (u8 *) strdup("hostapd"); + if (data->serverid) + data->serverid_len = strlen((char *) data->serverid); + + return data; +} + + +static void eap_sake_reset(struct eap_sm *sm, void *priv) +{ + struct eap_sake_data *data = priv; + os_free(data->serverid); + os_free(data->peerid); + os_free(data); +} + + +static u8 * eap_sake_build_msg(struct eap_sake_data *data, u8 **payload, + int id, size_t *length, u8 subtype) +{ + struct eap_sake_hdr *req; + u8 *msg; + + *length += sizeof(struct eap_sake_hdr); + + msg = wpa_zalloc(*length); + if (msg == NULL) { + wpa_printf(MSG_ERROR, "EAP-SAKE: Failed to allocate memory " + "request"); + return NULL; + } + + req = (struct eap_sake_hdr *) msg; + req->code = EAP_CODE_REQUEST; + req->identifier = id; + req->length = htons((u16) *length); + req->type = EAP_TYPE_SAKE; + req->version = EAP_SAKE_VERSION; + req->session_id = data->session_id; + req->subtype = subtype; + *payload = (u8 *) (req + 1); + + return msg; +} + + +static u8 * eap_sake_build_identity(struct eap_sm *sm, + struct eap_sake_data *data, + int id, size_t *reqDataLen) +{ + u8 *msg, *pos; + + wpa_printf(MSG_DEBUG, "EAP-SAKE: Request/Identity"); + + *reqDataLen = 4; + if (data->serverid) + *reqDataLen += 2 + data->serverid_len; + msg = eap_sake_build_msg(data, &pos, id, reqDataLen, + EAP_SAKE_SUBTYPE_IDENTITY); + if (msg == NULL) { + data->state = FAILURE; + return NULL; + } + + wpa_printf(MSG_DEBUG, "EAP-SAKE: * AT_PERM_ID_REQ"); + *pos++ = EAP_SAKE_AT_PERM_ID_REQ; + *pos++ = 4; + *pos++ = 0; + *pos++ = 0; + + if (data->serverid) { + wpa_printf(MSG_DEBUG, "EAP-SAKE: * AT_SERVERID"); + *pos++ = EAP_SAKE_AT_SERVERID; + *pos++ = 2 + data->serverid_len; + os_memcpy(pos, data->serverid, data->serverid_len); + } + + return msg; +} + + +static u8 * eap_sake_build_challenge(struct eap_sm *sm, + struct eap_sake_data *data, + int id, size_t *reqDataLen) +{ + u8 *msg, *pos; + + wpa_printf(MSG_DEBUG, "EAP-SAKE: Request/Challenge"); + + if (hostapd_get_rand(data->rand_s, EAP_SAKE_RAND_LEN)) { + wpa_printf(MSG_ERROR, "EAP-SAKE: Failed to get random data"); + data->state = FAILURE; + return NULL; + } + wpa_hexdump(MSG_MSGDUMP, "EAP-SAKE: RAND_S (server rand)", + data->rand_s, EAP_SAKE_RAND_LEN); + + *reqDataLen = 2 + EAP_SAKE_RAND_LEN; + if (data->serverid) + *reqDataLen += 2 + data->serverid_len; + msg = eap_sake_build_msg(data, &pos, id, reqDataLen, + EAP_SAKE_SUBTYPE_CHALLENGE); + if (msg == NULL) { + data->state = FAILURE; + return NULL; + } + + wpa_printf(MSG_DEBUG, "EAP-SAKE: * AT_RAND_S"); + *pos++ = EAP_SAKE_AT_RAND_S; + *pos++ = 2 + EAP_SAKE_RAND_LEN; + os_memcpy(pos, data->rand_s, EAP_SAKE_RAND_LEN); + pos += EAP_SAKE_RAND_LEN; + + if (data->serverid) { + wpa_printf(MSG_DEBUG, "EAP-SAKE: * AT_SERVERID"); + *pos++ = EAP_SAKE_AT_SERVERID; + *pos++ = 2 + data->serverid_len; + os_memcpy(pos, data->serverid, data->serverid_len); + } + + return msg; +} + + +static u8 * eap_sake_build_confirm(struct eap_sm *sm, + struct eap_sake_data *data, + int id, size_t *reqDataLen) +{ + u8 *msg, *pos; + + wpa_printf(MSG_DEBUG, "EAP-SAKE: Request/Confirm"); + + *reqDataLen = 2 + EAP_SAKE_MIC_LEN; + msg = eap_sake_build_msg(data, &pos, id, reqDataLen, + EAP_SAKE_SUBTYPE_CONFIRM); + if (msg == NULL) { + data->state = FAILURE; + return NULL; + } + + wpa_printf(MSG_DEBUG, "EAP-SAKE: * AT_MIC_S"); + *pos++ = EAP_SAKE_AT_MIC_S; + *pos++ = 2 + EAP_SAKE_MIC_LEN; + if (eap_sake_compute_mic(data->tek.auth, data->rand_s, data->rand_p, + data->serverid, data->serverid_len, + data->peerid, data->peerid_len, 0, + msg, *reqDataLen, pos, pos)) { + wpa_printf(MSG_INFO, "EAP-SAKE: Failed to compute MIC"); + data->state = FAILURE; + os_free(msg); + return NULL; + } + + return msg; +} + + +static u8 * eap_sake_buildReq(struct eap_sm *sm, void *priv, int id, + size_t *reqDataLen) +{ + struct eap_sake_data *data = priv; + + switch (data->state) { + case IDENTITY: + return eap_sake_build_identity(sm, data, id, reqDataLen); + case CHALLENGE: + return eap_sake_build_challenge(sm, data, id, reqDataLen); + case CONFIRM: + return eap_sake_build_confirm(sm, data, id, reqDataLen); + default: + wpa_printf(MSG_DEBUG, "EAP-SAKE: Unknown state %d in buildReq", + data->state); + break; + } + return NULL; +} + + +static Boolean eap_sake_check(struct eap_sm *sm, void *priv, + u8 *respData, size_t respDataLen) +{ + struct eap_sake_data *data = priv; + struct eap_sake_hdr *resp; + size_t len; + u8 version, session_id, subtype; + + resp = (struct eap_sake_hdr *) respData; + if (respDataLen < sizeof(*resp) || + resp->type != EAP_TYPE_SAKE || + (len = ntohs(resp->length)) > respDataLen || + len < sizeof(*resp)) { + wpa_printf(MSG_INFO, "EAP-SAKE: Invalid frame"); + return TRUE; + } + version = resp->version; + session_id = resp->session_id; + subtype = resp->subtype; + + if (version != EAP_SAKE_VERSION) { + wpa_printf(MSG_INFO, "EAP-SAKE: Unknown version %d", version); + return TRUE; + } + + if (session_id != data->session_id) { + wpa_printf(MSG_INFO, "EAP-SAKE: Session ID mismatch (%d,%d)", + session_id, data->session_id); + return TRUE; + } + + wpa_printf(MSG_DEBUG, "EAP-SAKE: Received frame: subtype=%d", subtype); + + if (data->state == IDENTITY && subtype == EAP_SAKE_SUBTYPE_IDENTITY) + return FALSE; + + if (data->state == CHALLENGE && subtype == EAP_SAKE_SUBTYPE_CHALLENGE) + return FALSE; + + if (data->state == CONFIRM && subtype == EAP_SAKE_SUBTYPE_CONFIRM) + return FALSE; + + if (subtype == EAP_SAKE_SUBTYPE_AUTH_REJECT) + return FALSE; + + wpa_printf(MSG_INFO, "EAP-SAKE: Unexpected subtype=%d in state=%d", + subtype, data->state); + + return TRUE; +} + + +static void eap_sake_process_identity(struct eap_sm *sm, + struct eap_sake_data *data, + u8 *respData, size_t respDataLen, + u8 *payload, size_t payloadlen) +{ + if (data->state != IDENTITY) + return; + + wpa_printf(MSG_DEBUG, "EAP-SAKE: Received Response/Identity"); + /* TODO: update identity and select new user data */ + eap_sake_state(data, CHALLENGE); +} + + +static void eap_sake_process_challenge(struct eap_sm *sm, + struct eap_sake_data *data, + u8 *respData, size_t respDataLen, + u8 *payload, size_t payloadlen) +{ + struct eap_sake_parse_attr attr; + u8 mic_p[EAP_SAKE_MIC_LEN]; + + if (data->state != CHALLENGE) + return; + + wpa_printf(MSG_DEBUG, "EAP-SAKE: Received Response/Challenge"); + + if (eap_sake_parse_attributes(payload, payloadlen, &attr)) + return; + + if (!attr.rand_p || !attr.mic_p) { + wpa_printf(MSG_INFO, "EAP-SAKE: Response/Challenge did not " + "include AT_RAND_P or AT_MIC_P"); + return; + } + + os_memcpy(data->rand_p, attr.rand_p, EAP_SAKE_RAND_LEN); + + os_free(data->peerid); + data->peerid = NULL; + data->peerid_len = 0; + if (attr.peerid) { + data->peerid = os_malloc(attr.peerid_len); + if (data->peerid == NULL) + return; + os_memcpy(data->peerid, attr.peerid, attr.peerid_len); + data->peerid_len = attr.peerid_len; + } + + if (sm->user == NULL || sm->user->password == NULL || + sm->user->password_len != 2 * EAP_SAKE_ROOT_SECRET_LEN) { + wpa_printf(MSG_INFO, "EAP-SAKE: Plaintext password with " + "%d-byte key not configured", + 2 * EAP_SAKE_ROOT_SECRET_LEN); + data->state = FAILURE; + return; + } + eap_sake_derive_keys(sm->user->password, + sm->user->password + EAP_SAKE_ROOT_SECRET_LEN, + data->rand_s, data->rand_p, + (u8 *) &data->tek, data->msk, data->emsk); + + eap_sake_compute_mic(data->tek.auth, data->rand_s, data->rand_p, + data->serverid, data->serverid_len, + data->peerid, data->peerid_len, 1, + respData, respDataLen, attr.mic_p, mic_p); + if (os_memcmp(attr.mic_p, mic_p, EAP_SAKE_MIC_LEN) != 0) { + wpa_printf(MSG_INFO, "EAP-SAKE: Incorrect AT_MIC_P"); + eap_sake_state(data, FAILURE); + return; + } + + eap_sake_state(data, CONFIRM); +} + + +static void eap_sake_process_confirm(struct eap_sm *sm, + struct eap_sake_data *data, + u8 *respData, size_t respDataLen, + u8 *payload, size_t payloadlen) +{ + struct eap_sake_parse_attr attr; + u8 mic_p[EAP_SAKE_MIC_LEN]; + + if (data->state != CONFIRM) + return; + + wpa_printf(MSG_DEBUG, "EAP-SAKE: Received Response/Confirm"); + + if (eap_sake_parse_attributes(payload, payloadlen, &attr)) + return; + + if (!attr.mic_p) { + wpa_printf(MSG_INFO, "EAP-SAKE: Response/Confirm did not " + "include AT_MIC_P"); + return; + } + + eap_sake_compute_mic(data->tek.auth, data->rand_s, data->rand_p, + data->serverid, data->serverid_len, + data->peerid, data->peerid_len, 1, + respData, respDataLen, attr.mic_p, mic_p); + if (os_memcmp(attr.mic_p, mic_p, EAP_SAKE_MIC_LEN) != 0) { + wpa_printf(MSG_INFO, "EAP-SAKE: Incorrect AT_MIC_P"); + eap_sake_state(data, FAILURE); + } else + eap_sake_state(data, SUCCESS); +} + + +static void eap_sake_process_auth_reject(struct eap_sm *sm, + struct eap_sake_data *data, + u8 *respData, size_t respDataLen, + u8 *payload, size_t payloadlen) +{ + wpa_printf(MSG_DEBUG, "EAP-SAKE: Received Response/Auth-Reject"); + eap_sake_state(data, FAILURE); +} + + +static void eap_sake_process(struct eap_sm *sm, void *priv, + u8 *respData, size_t respDataLen) +{ + struct eap_sake_data *data = priv; + struct eap_sake_hdr *resp; + u8 subtype, *pos, *end; + + resp = (struct eap_sake_hdr *) respData; + subtype = resp->subtype; + pos = (u8 *) (resp + 1); + end = respData + ntohs(resp->length); + + wpa_hexdump(MSG_DEBUG, "EAP-SAKE: Received attributes", + pos, end - pos); + + switch (subtype) { + case EAP_SAKE_SUBTYPE_IDENTITY: + eap_sake_process_identity(sm, data, respData, respDataLen, pos, + end - pos); + break; + case EAP_SAKE_SUBTYPE_CHALLENGE: + eap_sake_process_challenge(sm, data, respData, respDataLen, + pos, end - pos); + break; + case EAP_SAKE_SUBTYPE_CONFIRM: + eap_sake_process_confirm(sm, data, respData, respDataLen, pos, + end - pos); + break; + case EAP_SAKE_SUBTYPE_AUTH_REJECT: + eap_sake_process_auth_reject(sm, data, respData, respDataLen, + pos, end - pos); + break; + } +} + + +static Boolean eap_sake_isDone(struct eap_sm *sm, void *priv) +{ + struct eap_sake_data *data = priv; + return data->state == SUCCESS || data->state == FAILURE; +} + + +static u8 * eap_sake_getKey(struct eap_sm *sm, void *priv, size_t *len) +{ + struct eap_sake_data *data = priv; + u8 *key; + + if (data->state != SUCCESS) + return NULL; + + key = os_malloc(EAP_MSK_LEN); + if (key == NULL) + return NULL; + os_memcpy(key, data->msk, EAP_MSK_LEN); + *len = EAP_MSK_LEN; + + return key; +} + + +static u8 * eap_sake_get_emsk(struct eap_sm *sm, void *priv, size_t *len) +{ + struct eap_sake_data *data = priv; + u8 *key; + + if (data->state != SUCCESS) + return NULL; + + key = os_malloc(EAP_EMSK_LEN); + if (key == NULL) + return NULL; + os_memcpy(key, data->emsk, EAP_EMSK_LEN); + *len = EAP_EMSK_LEN; + + return key; +} + + +static Boolean eap_sake_isSuccess(struct eap_sm *sm, void *priv) +{ + struct eap_sake_data *data = priv; + return data->state == SUCCESS; +} + + +int eap_server_sake_register(void) +{ + struct eap_method *eap; + int ret; + + eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION, + EAP_VENDOR_IETF, EAP_TYPE_SAKE, "SAKE"); + if (eap == NULL) + return -1; + + eap->init = eap_sake_init; + eap->reset = eap_sake_reset; + eap->buildReq = eap_sake_buildReq; + eap->check = eap_sake_check; + eap->process = eap_sake_process; + eap->isDone = eap_sake_isDone; + eap->getKey = eap_sake_getKey; + eap->isSuccess = eap_sake_isSuccess; + eap->get_emsk = eap_sake_get_emsk; + + ret = eap_server_method_register(eap); + if (ret) + eap_server_method_free(eap); + return ret; +} diff --git a/contrib/hostapd-0.5.8/eap_sake_common.c b/contrib/hostapd-0.5.8/eap_sake_common.c new file mode 100644 index 0000000000..4b5476f101 --- /dev/null +++ b/contrib/hostapd-0.5.8/eap_sake_common.c @@ -0,0 +1,380 @@ +/* + * EAP server/peer: EAP-SAKE shared routines + * Copyright (c) 2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "common.h" +#include "sha1.h" +#include "eap_defs.h" +#include "eap_sake_common.h" + + +static int eap_sake_parse_add_attr(struct eap_sake_parse_attr *attr, + const u8 *pos) +{ + size_t i; + + switch (pos[0]) { + case EAP_SAKE_AT_RAND_S: + wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_RAND_S"); + if (pos[1] != 2 + EAP_SAKE_RAND_LEN) { + wpa_printf(MSG_DEBUG, "EAP-SAKE: AT_RAND_S with " + "invalid length %d", pos[1]); + return -1; + } + attr->rand_s = pos + 2; + break; + case EAP_SAKE_AT_RAND_P: + wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_RAND_P"); + if (pos[1] != 2 + EAP_SAKE_RAND_LEN) { + wpa_printf(MSG_DEBUG, "EAP-SAKE: AT_RAND_P with " + "invalid length %d", pos[1]); + return -1; + } + attr->rand_p = pos + 2; + break; + case EAP_SAKE_AT_MIC_S: + wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_MIC_S"); + if (pos[1] != 2 + EAP_SAKE_MIC_LEN) { + wpa_printf(MSG_DEBUG, "EAP-SAKE: AT_MIC_S with " + "invalid length %d", pos[1]); + return -1; + } + attr->mic_s = pos + 2; + break; + case EAP_SAKE_AT_MIC_P: + wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_MIC_P"); + if (pos[1] != 2 + EAP_SAKE_MIC_LEN) { + wpa_printf(MSG_DEBUG, "EAP-SAKE: AT_MIC_P with " + "invalid length %d", pos[1]); + return -1; + } + attr->mic_p = pos + 2; + break; + case EAP_SAKE_AT_SERVERID: + wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_SERVERID"); + attr->serverid = pos + 2; + attr->serverid_len = pos[1] - 2; + break; + case EAP_SAKE_AT_PEERID: + wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_PEERID"); + attr->peerid = pos + 2; + attr->peerid_len = pos[1] - 2; + break; + case EAP_SAKE_AT_SPI_S: + wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_SPI_S"); + attr->spi_s = pos + 2; + attr->spi_s_len = pos[1] - 2; + break; + case EAP_SAKE_AT_SPI_P: + wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_SPI_P"); + attr->spi_p = pos + 2; + attr->spi_p_len = pos[1] - 2; + break; + case EAP_SAKE_AT_ANY_ID_REQ: + wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_ANY_ID_REQ"); + if (pos[1] != 4) { + wpa_printf(MSG_DEBUG, "EAP-SAKE: Invalid AT_ANY_ID_REQ" + " length %d", pos[1]); + return -1; + } + attr->any_id_req = pos + 2; + break; + case EAP_SAKE_AT_PERM_ID_REQ: + wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_PERM_ID_REQ"); + if (pos[1] != 4) { + wpa_printf(MSG_DEBUG, "EAP-SAKE: Invalid " + "AT_PERM_ID_REQ length %d", pos[1]); + return -1; + } + attr->perm_id_req = pos + 2; + break; + case EAP_SAKE_AT_ENCR_DATA: + wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_ENCR_DATA"); + attr->encr_data = pos + 2; + attr->encr_data_len = pos[1] - 2; + break; + case EAP_SAKE_AT_IV: + wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_IV"); + attr->iv = pos + 2; + attr->iv_len = pos[1] - 2; + break; + case EAP_SAKE_AT_PADDING: + wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_PADDING"); + for (i = 2; i < pos[1]; i++) { + if (pos[i]) { + wpa_printf(MSG_DEBUG, "EAP-SAKE: AT_PADDING " + "with non-zero pad byte"); + return -1; + } + } + break; + case EAP_SAKE_AT_NEXT_TMPID: + wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_NEXT_TMPID"); + attr->next_tmpid = pos + 2; + attr->next_tmpid_len = pos[1] - 2; + break; + case EAP_SAKE_AT_MSK_LIFE: + wpa_printf(MSG_DEBUG, "EAP-SAKE: Parse: AT_IV"); + if (pos[1] != 6) { + wpa_printf(MSG_DEBUG, "EAP-SAKE: Invalid " + "AT_MSK_LIFE length %d", pos[1]); + return -1; + } + attr->msk_life = pos + 2; + break; + default: + if (pos[0] < 128) { + wpa_printf(MSG_DEBUG, "EAP-SAKE: Unknown non-skippable" + " attribute %d", pos[0]); + return -1; + } + wpa_printf(MSG_DEBUG, "EAP-SAKE: Ignoring unknown skippable " + "attribute %d", pos[0]); + break; + } + + if (attr->iv && !attr->encr_data) { + wpa_printf(MSG_DEBUG, "EAP-SAKE: AT_IV included without " + "AT_ENCR_DATA"); + return -1; + } + + return 0; +} + + +/** + * eap_sake_parse_attributes - Parse EAP-SAKE attributes + * @buf: Packet payload (starting with the first attribute) + * @len: Payload length + * @attr: Structure to be filled with found attributes + * Returns: 0 on success or -1 on failure + */ +int eap_sake_parse_attributes(const u8 *buf, size_t len, + struct eap_sake_parse_attr *attr) +{ + const u8 *pos = buf, *end = buf + len; + + os_memset(attr, 0, sizeof(*attr)); + while (pos < end) { + if (end - pos < 2) { + wpa_printf(MSG_DEBUG, "EAP-SAKE: Too short attribute"); + return -1; + } + + if (pos[1] < 2) { + wpa_printf(MSG_DEBUG, "EAP-SAKE: Invalid attribute " + "length (%d)", pos[1]); + return -1; + } + + if (pos + pos[1] > end) { + wpa_printf(MSG_DEBUG, "EAP-SAKE: Attribute underflow"); + return -1; + } + + if (eap_sake_parse_add_attr(attr, pos)) + return -1; + + pos += pos[1]; + } + + return 0; +} + + +/** + * eap_sake_kdf - EAP-SAKE Key Derivation Function (KDF) + * @key: Key for KDF + * @key_len: Length of the key in bytes + * @label: A unique label for each purpose of the KDF + * @data: Extra data (start) to bind into the key + * @data_len: Length of the data + * @data2: Extra data (end) to bind into the key + * @data2_len: Length of the data2 + * @buf: Buffer for the generated pseudo-random key + * @buf_len: Number of bytes of key to generate + * + * This function is used to derive new, cryptographically separate keys from a + * given key (e.g., SMS). This is identical to the PRF used in IEEE 802.11i. + */ +static void eap_sake_kdf(const u8 *key, size_t key_len, const char *label, + const u8 *data, size_t data_len, + const u8 *data2, size_t data2_len, + u8 *buf, size_t buf_len) +{ + u8 counter = 0; + size_t pos, plen; + u8 hash[SHA1_MAC_LEN]; + size_t label_len = os_strlen(label) + 1; + const unsigned char *addr[4]; + size_t len[4]; + + addr[0] = (u8 *) label; /* Label | Y */ + len[0] = label_len; + addr[1] = data; /* Msg[start] */ + len[1] = data_len; + addr[2] = data2; /* Msg[end] */ + len[2] = data2_len; + addr[3] = &counter; /* Length */ + len[3] = 1; + + pos = 0; + while (pos < buf_len) { + plen = buf_len - pos; + if (plen >= SHA1_MAC_LEN) { + hmac_sha1_vector(key, key_len, 4, addr, len, + &buf[pos]); + pos += SHA1_MAC_LEN; + } else { + hmac_sha1_vector(key, key_len, 4, addr, len, + hash); + os_memcpy(&buf[pos], hash, plen); + break; + } + counter++; + } +} + + +/** + * eap_sake_derive_keys - Derive EAP-SAKE keys + * @root_secret_a: 16-byte Root-Secret-A + * @root_secret_b: 16-byte Root-Secret-B + * @rand_s: 16-byte RAND_S + * @rand_p: 16-byte RAND_P + * @tek: Buffer for Temporary EAK Keys (TEK-Auth[16] | TEK-Cipher[16]) + * @msk: Buffer for 64-byte MSK + * @emsk: Buffer for 64-byte EMSK + * + * This function derives EAP-SAKE keys as defined in RFC 4763, section 3.2.6. + */ +void eap_sake_derive_keys(const u8 *root_secret_a, const u8 *root_secret_b, + const u8 *rand_s, const u8 *rand_p, u8 *tek, u8 *msk, + u8 *emsk) +{ + u8 sms_a[EAP_SAKE_SMS_LEN]; + u8 sms_b[EAP_SAKE_SMS_LEN]; + u8 key_buf[EAP_MSK_LEN + EAP_EMSK_LEN]; + + wpa_printf(MSG_DEBUG, "EAP-SAKE: Deriving keys"); + + wpa_hexdump_key(MSG_DEBUG, "EAP-SAKE: Root-Secret-A", + root_secret_a, EAP_SAKE_ROOT_SECRET_LEN); + eap_sake_kdf(root_secret_a, EAP_SAKE_ROOT_SECRET_LEN, + "SAKE Master Secret A", + rand_p, EAP_SAKE_RAND_LEN, rand_s, EAP_SAKE_RAND_LEN, + sms_a, EAP_SAKE_SMS_LEN); + wpa_hexdump_key(MSG_DEBUG, "EAP-SAKE: SMS-A", sms_a, EAP_SAKE_SMS_LEN); + eap_sake_kdf(sms_a, EAP_SAKE_SMS_LEN, "Transient EAP Key", + rand_s, EAP_SAKE_RAND_LEN, rand_p, EAP_SAKE_RAND_LEN, + tek, EAP_SAKE_TEK_LEN); + wpa_hexdump_key(MSG_DEBUG, "EAP-SAKE: TEK-Auth", + tek, EAP_SAKE_TEK_AUTH_LEN); + wpa_hexdump_key(MSG_DEBUG, "EAP-SAKE: TEK-Cipher", + tek + EAP_SAKE_TEK_AUTH_LEN, EAP_SAKE_TEK_CIPHER_LEN); + + wpa_hexdump_key(MSG_DEBUG, "EAP-SAKE: Root-Secret-B", + root_secret_b, EAP_SAKE_ROOT_SECRET_LEN); + eap_sake_kdf(root_secret_b, EAP_SAKE_ROOT_SECRET_LEN, + "SAKE Master Secret B", + rand_p, EAP_SAKE_RAND_LEN, rand_s, EAP_SAKE_RAND_LEN, + sms_b, EAP_SAKE_SMS_LEN); + wpa_hexdump_key(MSG_DEBUG, "EAP-SAKE: SMS-B", sms_b, EAP_SAKE_SMS_LEN); + eap_sake_kdf(sms_b, EAP_SAKE_SMS_LEN, "Master Session Key", + rand_s, EAP_SAKE_RAND_LEN, rand_p, EAP_SAKE_RAND_LEN, + key_buf, sizeof(key_buf)); + os_memcpy(msk, key_buf, EAP_MSK_LEN); + os_memcpy(emsk, key_buf + EAP_MSK_LEN, EAP_EMSK_LEN); + wpa_hexdump_key(MSG_DEBUG, "EAP-SAKE: MSK", msk, EAP_MSK_LEN); + wpa_hexdump_key(MSG_DEBUG, "EAP-SAKE: EMSK", emsk, EAP_EMSK_LEN); +} + + +/** + * eap_sake_compute_mic - Compute EAP-SAKE MIC for an EAP packet + * @tek_auth: 16-byte TEK-Auth + * @rand_s: 16-byte RAND_S + * @rand_p: 16-byte RAND_P + * @serverid: SERVERID + * @serverid_len: SERVERID length + * @peerid: PEERID + * @peerid_len: PEERID length + * @peer: MIC calculation for 0 = Server, 1 = Peer message + * @eap: EAP packet + * @eap_len: EAP packet length + * @mic_pos: MIC position in the EAP packet (must be [eap .. eap + eap_len]) + * @mic: Buffer for the computed 16-byte MIC + */ +int eap_sake_compute_mic(const u8 *tek_auth, + const u8 *rand_s, const u8 *rand_p, + const u8 *serverid, size_t serverid_len, + const u8 *peerid, size_t peerid_len, + int peer, const u8 *eap, size_t eap_len, + const u8 *mic_pos, u8 *mic) +{ + u8 _rand[2 * EAP_SAKE_RAND_LEN]; + u8 *tmp, *pos; + size_t tmplen; + + tmplen = serverid_len + 1 + peerid_len + 1 + eap_len; + tmp = os_malloc(tmplen); + if (tmp == NULL) + return -1; + pos = tmp; + if (peer) { + if (peerid) { + os_memcpy(pos, peerid, peerid_len); + pos += peerid_len; + } + *pos++ = 0x00; + if (serverid) { + os_memcpy(pos, serverid, serverid_len); + pos += serverid_len; + } + *pos++ = 0x00; + + os_memcpy(_rand, rand_s, EAP_SAKE_RAND_LEN); + os_memcpy(_rand + EAP_SAKE_RAND_LEN, rand_p, + EAP_SAKE_RAND_LEN); + } else { + if (serverid) { + os_memcpy(pos, serverid, serverid_len); + pos += serverid_len; + } + *pos++ = 0x00; + if (peerid) { + os_memcpy(pos, peerid, peerid_len); + pos += peerid_len; + } + *pos++ = 0x00; + + os_memcpy(_rand, rand_p, EAP_SAKE_RAND_LEN); + os_memcpy(_rand + EAP_SAKE_RAND_LEN, rand_s, + EAP_SAKE_RAND_LEN); + } + + os_memcpy(pos, eap, eap_len); + os_memset(pos + (mic_pos - eap), 0, EAP_SAKE_MIC_LEN); + + eap_sake_kdf(tek_auth, EAP_SAKE_TEK_AUTH_LEN, + peer ? "Peer MIC" : "Server MIC", + _rand, 2 * EAP_SAKE_RAND_LEN, tmp, tmplen, + mic, EAP_SAKE_MIC_LEN); + + os_free(tmp); + + return 0; +} diff --git a/contrib/hostapd-0.5.8/eap_sake_common.h b/contrib/hostapd-0.5.8/eap_sake_common.h new file mode 100644 index 0000000000..ac6e8199d6 --- /dev/null +++ b/contrib/hostapd-0.5.8/eap_sake_common.h @@ -0,0 +1,104 @@ +/* + * EAP server/peer: EAP-SAKE shared routines + * Copyright (c) 2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef EAP_SAKE_COMMON_H +#define EAP_SAKE_COMMON_H + +#define EAP_SAKE_VERSION 2 + +#define EAP_SAKE_SUBTYPE_CHALLENGE 1 +#define EAP_SAKE_SUBTYPE_CONFIRM 2 +#define EAP_SAKE_SUBTYPE_AUTH_REJECT 3 +#define EAP_SAKE_SUBTYPE_IDENTITY 4 + +#define EAP_SAKE_AT_RAND_S 1 +#define EAP_SAKE_AT_RAND_P 2 +#define EAP_SAKE_AT_MIC_S 3 +#define EAP_SAKE_AT_MIC_P 4 +#define EAP_SAKE_AT_SERVERID 5 +#define EAP_SAKE_AT_PEERID 6 +#define EAP_SAKE_AT_SPI_S 7 +#define EAP_SAKE_AT_SPI_P 8 +#define EAP_SAKE_AT_ANY_ID_REQ 9 +#define EAP_SAKE_AT_PERM_ID_REQ 10 +#define EAP_SAKE_AT_ENCR_DATA 128 +#define EAP_SAKE_AT_IV 129 +#define EAP_SAKE_AT_PADDING 130 +#define EAP_SAKE_AT_NEXT_TMPID 131 +#define EAP_SAKE_AT_MSK_LIFE 132 + +#define EAP_SAKE_RAND_LEN 16 +#define EAP_SAKE_MIC_LEN 16 +#define EAP_SAKE_ROOT_SECRET_LEN 16 +#define EAP_SAKE_SMS_LEN 16 +#define EAP_SAKE_TEK_AUTH_LEN 16 +#define EAP_SAKE_TEK_CIPHER_LEN 16 +#define EAP_SAKE_TEK_LEN (EAP_SAKE_TEK_AUTH_LEN + EAP_SAKE_TEK_CIPHER_LEN) + +#ifdef _MSC_VER +#pragma pack(push, 1) +#endif /* _MSC_VER */ + +struct eap_sake_hdr { + u8 code; + u8 identifier; + u16 length; + u8 type; /* EAP_TYPE_SAKE */ + u8 version; /* EAP_SAKE_VERSION */ + u8 session_id; + u8 subtype; +} STRUCT_PACKED; + +#ifdef _MSC_VER +#pragma pack(pop) +#endif /* _MSC_VER */ + + +struct eap_sake_parse_attr { + const u8 *rand_s; + const u8 *rand_p; + const u8 *mic_s; + const u8 *mic_p; + const u8 *serverid; + size_t serverid_len; + const u8 *peerid; + size_t peerid_len; + const u8 *spi_s; + size_t spi_s_len; + const u8 *spi_p; + size_t spi_p_len; + const u8 *any_id_req; + const u8 *perm_id_req; + const u8 *encr_data; + size_t encr_data_len; + const u8 *iv; + size_t iv_len; + const u8 *next_tmpid; + size_t next_tmpid_len; + const u8 *msk_life; +}; + +int eap_sake_parse_attributes(const u8 *buf, size_t len, + struct eap_sake_parse_attr *attr); +void eap_sake_derive_keys(const u8 *root_secret_a, const u8 *root_secret_b, + const u8 *rand_s, const u8 *rand_p, + u8 *tek, u8 *msk, u8 *emsk); +int eap_sake_compute_mic(const u8 *tek_auth, + const u8 *rand_s, const u8 *rand_p, + const u8 *serverid, size_t serverid_len, + const u8 *peerid, size_t peerid_len, + int peer, const u8 *eap, size_t eap_len, + const u8 *mic_pos, u8 *mic); + +#endif /* EAP_SAKE_COMMON_H */ diff --git a/contrib/hostapd-0.5.8/eap_sim.c b/contrib/hostapd-0.5.8/eap_sim.c new file mode 100644 index 0000000000..8c3c828700 --- /dev/null +++ b/contrib/hostapd-0.5.8/eap_sim.c @@ -0,0 +1,694 @@ +/* + * hostapd / EAP-SIM (RFC 4186) + * Copyright (c) 2005-2007, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "hostapd.h" +#include "common.h" +#include "crypto.h" +#include "eap_i.h" +#include "eap_sim_common.h" +#include "eap_sim_db.h" + + +struct eap_sim_data { + u8 mk[EAP_SIM_MK_LEN]; + u8 nonce_mt[EAP_SIM_NONCE_MT_LEN]; + u8 nonce_s[EAP_SIM_NONCE_S_LEN]; + u8 k_aut[EAP_SIM_K_AUT_LEN]; + u8 k_encr[EAP_SIM_K_ENCR_LEN]; + u8 msk[EAP_SIM_KEYING_DATA_LEN]; + u8 emsk[EAP_EMSK_LEN]; + u8 kc[EAP_SIM_MAX_CHAL][EAP_SIM_KC_LEN]; + u8 sres[EAP_SIM_MAX_CHAL][EAP_SIM_SRES_LEN]; + u8 rand[EAP_SIM_MAX_CHAL][GSM_RAND_LEN]; + int num_chal; + enum { START, CHALLENGE, REAUTH, SUCCESS, FAILURE } state; + char *next_pseudonym; + char *next_reauth_id; + u16 counter; + struct eap_sim_reauth *reauth; +}; + + +static const char * eap_sim_state_txt(int state) +{ + switch (state) { + case START: + return "START"; + case CHALLENGE: + return "CHALLENGE"; + case REAUTH: + return "REAUTH"; + case SUCCESS: + return "SUCCESS"; + case FAILURE: + return "FAILURE"; + default: + return "Unknown?!"; + } +} + + +static void eap_sim_state(struct eap_sim_data *data, int state) +{ + wpa_printf(MSG_DEBUG, "EAP-SIM: %s -> %s", + eap_sim_state_txt(data->state), + eap_sim_state_txt(state)); + data->state = state; +} + + +static void * eap_sim_init(struct eap_sm *sm) +{ + struct eap_sim_data *data; + + if (sm->eap_sim_db_priv == NULL) { + wpa_printf(MSG_WARNING, "EAP-SIM: eap_sim_db not configured"); + return NULL; + } + + data = wpa_zalloc(sizeof(*data)); + if (data == NULL) + return NULL; + data->state = START; + + return data; +} + + +static void eap_sim_reset(struct eap_sm *sm, void *priv) +{ + struct eap_sim_data *data = priv; + free(data->next_pseudonym); + free(data->next_reauth_id); + free(data); +} + + +static u8 * eap_sim_build_start(struct eap_sm *sm, struct eap_sim_data *data, + int id, size_t *reqDataLen) +{ + struct eap_sim_msg *msg; + u8 ver[2]; + + wpa_printf(MSG_DEBUG, "EAP-SIM: Generating Start"); + msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, EAP_TYPE_SIM, + EAP_SIM_SUBTYPE_START); + if (eap_sim_db_identity_known(sm->eap_sim_db_priv, sm->identity, + sm->identity_len)) { + wpa_printf(MSG_DEBUG, " AT_PERMANENT_ID_REQ"); + eap_sim_msg_add(msg, EAP_SIM_AT_PERMANENT_ID_REQ, 0, NULL, 0); + } + wpa_printf(MSG_DEBUG, " AT_VERSION_LIST"); + ver[0] = 0; + ver[1] = EAP_SIM_VERSION; + eap_sim_msg_add(msg, EAP_SIM_AT_VERSION_LIST, sizeof(ver), + ver, sizeof(ver)); + return eap_sim_msg_finish(msg, reqDataLen, NULL, NULL, 0); +} + + +static int eap_sim_build_encr(struct eap_sm *sm, struct eap_sim_data *data, + struct eap_sim_msg *msg, u16 counter, + const u8 *nonce_s) +{ + free(data->next_pseudonym); + data->next_pseudonym = + eap_sim_db_get_next_pseudonym(sm->eap_sim_db_priv, 0); + free(data->next_reauth_id); + if (data->counter <= EAP_SIM_MAX_FAST_REAUTHS) { + data->next_reauth_id = + eap_sim_db_get_next_reauth_id(sm->eap_sim_db_priv, 0); + } else { + wpa_printf(MSG_DEBUG, "EAP-SIM: Max fast re-authentication " + "count exceeded - force full authentication"); + data->next_reauth_id = NULL; + } + + if (data->next_pseudonym == NULL && data->next_reauth_id == NULL && + counter == 0 && nonce_s == NULL) + return 0; + + wpa_printf(MSG_DEBUG, " AT_IV"); + wpa_printf(MSG_DEBUG, " AT_ENCR_DATA"); + eap_sim_msg_add_encr_start(msg, EAP_SIM_AT_IV, EAP_SIM_AT_ENCR_DATA); + + if (counter > 0) { + wpa_printf(MSG_DEBUG, " *AT_COUNTER (%u)", counter); + eap_sim_msg_add(msg, EAP_SIM_AT_COUNTER, counter, NULL, 0); + } + + if (nonce_s) { + wpa_printf(MSG_DEBUG, " *AT_NONCE_S"); + eap_sim_msg_add(msg, EAP_SIM_AT_NONCE_S, 0, nonce_s, + EAP_SIM_NONCE_S_LEN); + } + + if (data->next_pseudonym) { + wpa_printf(MSG_DEBUG, " *AT_NEXT_PSEUDONYM (%s)", + data->next_pseudonym); + eap_sim_msg_add(msg, EAP_SIM_AT_NEXT_PSEUDONYM, + strlen(data->next_pseudonym), + (u8 *) data->next_pseudonym, + strlen(data->next_pseudonym)); + } + + if (data->next_reauth_id) { + wpa_printf(MSG_DEBUG, " *AT_NEXT_REAUTH_ID (%s)", + data->next_reauth_id); + eap_sim_msg_add(msg, EAP_SIM_AT_NEXT_REAUTH_ID, + strlen(data->next_reauth_id), + (u8 *) data->next_reauth_id, + strlen(data->next_reauth_id)); + } + + if (eap_sim_msg_add_encr_end(msg, data->k_encr, EAP_SIM_AT_PADDING)) { + wpa_printf(MSG_WARNING, "EAP-SIM: Failed to encrypt " + "AT_ENCR_DATA"); + return -1; + } + + return 0; +} + + +static u8 * eap_sim_build_challenge(struct eap_sm *sm, + struct eap_sim_data *data, + int id, size_t *reqDataLen) +{ + struct eap_sim_msg *msg; + + wpa_printf(MSG_DEBUG, "EAP-SIM: Generating Challenge"); + msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, EAP_TYPE_SIM, + EAP_SIM_SUBTYPE_CHALLENGE); + wpa_printf(MSG_DEBUG, " AT_RAND"); + eap_sim_msg_add(msg, EAP_SIM_AT_RAND, 0, (u8 *) data->rand, + data->num_chal * GSM_RAND_LEN); + + if (eap_sim_build_encr(sm, data, msg, 0, NULL)) { + eap_sim_msg_free(msg); + return NULL; + } + + wpa_printf(MSG_DEBUG, " AT_MAC"); + eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC); + return eap_sim_msg_finish(msg, reqDataLen, data->k_aut, data->nonce_mt, + EAP_SIM_NONCE_MT_LEN); +} + + +static u8 * eap_sim_build_reauth(struct eap_sm *sm, + struct eap_sim_data *data, + int id, size_t *reqDataLen) +{ + struct eap_sim_msg *msg; + + wpa_printf(MSG_DEBUG, "EAP-SIM: Generating Re-authentication"); + + if (hostapd_get_rand(data->nonce_s, EAP_SIM_NONCE_S_LEN)) + return NULL; + wpa_hexdump_key(MSG_MSGDUMP, "EAP-SIM: NONCE_S", + data->nonce_s, EAP_SIM_NONCE_S_LEN); + + eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut, data->msk, + data->emsk); + eap_sim_derive_keys_reauth(data->counter, sm->identity, + sm->identity_len, data->nonce_s, data->mk, + data->msk, data->emsk); + + msg = eap_sim_msg_init(EAP_CODE_REQUEST, id, EAP_TYPE_SIM, + EAP_SIM_SUBTYPE_REAUTHENTICATION); + + if (eap_sim_build_encr(sm, data, msg, data->counter, data->nonce_s)) { + eap_sim_msg_free(msg); + return NULL; + } + + wpa_printf(MSG_DEBUG, " AT_MAC"); + eap_sim_msg_add_mac(msg, EAP_SIM_AT_MAC); + return eap_sim_msg_finish(msg, reqDataLen, data->k_aut, NULL, 0); +} + + +static u8 * eap_sim_buildReq(struct eap_sm *sm, void *priv, int id, + size_t *reqDataLen) +{ + struct eap_sim_data *data = priv; + + switch (data->state) { + case START: + return eap_sim_build_start(sm, data, id, reqDataLen); + case CHALLENGE: + return eap_sim_build_challenge(sm, data, id, reqDataLen); + case REAUTH: + return eap_sim_build_reauth(sm, data, id, reqDataLen); + default: + wpa_printf(MSG_DEBUG, "EAP-SIM: Unknown state %d in " + "buildReq", data->state); + break; + } + return NULL; +} + + +static Boolean eap_sim_check(struct eap_sm *sm, void *priv, + u8 *respData, size_t respDataLen) +{ + struct eap_sim_data *data = priv; + struct eap_hdr *resp; + u8 *pos, subtype; + + resp = (struct eap_hdr *) respData; + pos = (u8 *) (resp + 1); + if (respDataLen < sizeof(*resp) + 4 || *pos != EAP_TYPE_SIM || + (ntohs(resp->length)) > respDataLen) { + wpa_printf(MSG_INFO, "EAP-SIM: Invalid frame"); + return TRUE; + } + subtype = pos[1]; + + if (subtype == EAP_SIM_SUBTYPE_CLIENT_ERROR) + return FALSE; + + switch (data->state) { + case START: + if (subtype != EAP_SIM_SUBTYPE_START) { + wpa_printf(MSG_INFO, "EAP-SIM: Unexpected response " + "subtype %d", subtype); + return TRUE; + } + break; + case CHALLENGE: + if (subtype != EAP_SIM_SUBTYPE_CHALLENGE) { + wpa_printf(MSG_INFO, "EAP-SIM: Unexpected response " + "subtype %d", subtype); + return TRUE; + } + break; + case REAUTH: + if (subtype != EAP_SIM_SUBTYPE_REAUTHENTICATION) { + wpa_printf(MSG_INFO, "EAP-SIM: Unexpected response " + "subtype %d", subtype); + return TRUE; + } + break; + default: + wpa_printf(MSG_INFO, "EAP-SIM: Unexpected state (%d) for " + "processing a response", data->state); + return TRUE; + } + + return FALSE; +} + + +static int eap_sim_supported_ver(struct eap_sim_data *data, int version) +{ + return version == EAP_SIM_VERSION; +} + + +static void eap_sim_process_start(struct eap_sm *sm, + struct eap_sim_data *data, + u8 *respData, size_t respDataLen, + struct eap_sim_attrs *attr) +{ + const u8 *identity; + size_t identity_len; + u8 ver_list[2]; + + wpa_printf(MSG_DEBUG, "EAP-SIM: Receive start response"); + + if (attr->nonce_mt == NULL || attr->selected_version < 0) { + wpa_printf(MSG_DEBUG, "EAP-SIM: Start/Response missing " + "required attributes"); + eap_sim_state(data, FAILURE); + return; + } + + if (!eap_sim_supported_ver(data, attr->selected_version)) { + wpa_printf(MSG_DEBUG, "EAP-SIM: Peer selected unsupported " + "version %d", attr->selected_version); + eap_sim_state(data, FAILURE); + return; + } + + if (attr->identity) { + free(sm->identity); + sm->identity = malloc(attr->identity_len); + if (sm->identity) { + memcpy(sm->identity, attr->identity, + attr->identity_len); + sm->identity_len = attr->identity_len; + } + } + + identity = NULL; + identity_len = 0; + + if (sm->identity && sm->identity_len > 0 && + sm->identity[0] == EAP_SIM_PERMANENT_PREFIX) { + identity = sm->identity; + identity_len = sm->identity_len; + } else { + identity = eap_sim_db_get_permanent(sm->eap_sim_db_priv, + sm->identity, + sm->identity_len, + &identity_len); + if (identity == NULL) { + data->reauth = eap_sim_db_get_reauth_entry( + sm->eap_sim_db_priv, sm->identity, + sm->identity_len); + if (data->reauth) { + wpa_printf(MSG_DEBUG, "EAP-SIM: Using fast " + "re-authentication"); + identity = data->reauth->identity; + identity_len = data->reauth->identity_len; + data->counter = data->reauth->counter; + memcpy(data->mk, data->reauth->mk, + EAP_SIM_MK_LEN); + } + } + } + + if (identity == NULL) { + wpa_printf(MSG_DEBUG, "EAP-SIM: Could not get proper permanent" + " user name"); + eap_sim_state(data, FAILURE); + return; + } + + wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM: Identity", + identity, identity_len); + + if (data->reauth) { + eap_sim_state(data, REAUTH); + return; + } + + data->counter = 0; /* reset re-auth counter since this is full auth */ + data->reauth = NULL; + + data->num_chal = eap_sim_db_get_gsm_triplets( + sm->eap_sim_db_priv, identity, identity_len, + EAP_SIM_MAX_CHAL, + (u8 *) data->rand, (u8 *) data->kc, (u8 *) data->sres, sm); + if (data->num_chal == EAP_SIM_DB_PENDING) { + wpa_printf(MSG_DEBUG, "EAP-SIM: GSM authentication triplets " + "not yet available - pending request"); + sm->method_pending = METHOD_PENDING_WAIT; + return; + } + if (data->num_chal < 2) { + wpa_printf(MSG_INFO, "EAP-SIM: Failed to get GSM " + "authentication triplets for the peer"); + eap_sim_state(data, FAILURE); + return; + } + + wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM: Identity for MK derivation", + sm->identity, sm->identity_len); + + memcpy(data->nonce_mt, attr->nonce_mt, EAP_SIM_NONCE_MT_LEN); + WPA_PUT_BE16(ver_list, EAP_SIM_VERSION); + eap_sim_derive_mk(sm->identity, sm->identity_len, attr->nonce_mt, + attr->selected_version, ver_list, sizeof(ver_list), + data->num_chal, (const u8 *) data->kc, data->mk); + eap_sim_derive_keys(data->mk, data->k_encr, data->k_aut, data->msk, + data->emsk); + + eap_sim_state(data, CHALLENGE); +} + + +static void eap_sim_process_challenge(struct eap_sm *sm, + struct eap_sim_data *data, + u8 *respData, size_t respDataLen, + struct eap_sim_attrs *attr) +{ + const u8 *identity; + size_t identity_len; + + if (attr->mac == NULL || + eap_sim_verify_mac(data->k_aut, respData, respDataLen, attr->mac, + (u8 *) data->sres, + data->num_chal * EAP_SIM_SRES_LEN)) { + wpa_printf(MSG_WARNING, "EAP-SIM: Challenge message " + "did not include valid AT_MAC"); + eap_sim_state(data, FAILURE); + return; + } + + wpa_printf(MSG_DEBUG, "EAP-SIM: Challenge response includes the " + "correct AT_MAC"); + eap_sim_state(data, SUCCESS); + + identity = eap_sim_db_get_permanent(sm->eap_sim_db_priv, sm->identity, + sm->identity_len, &identity_len); + if (identity == NULL) { + identity = sm->identity; + identity_len = sm->identity_len; + } + + if (data->next_pseudonym) { + eap_sim_db_add_pseudonym(sm->eap_sim_db_priv, identity, + identity_len, + data->next_pseudonym); + data->next_pseudonym = NULL; + } + if (data->next_reauth_id) { + eap_sim_db_add_reauth(sm->eap_sim_db_priv, identity, + identity_len, + data->next_reauth_id, data->counter + 1, + data->mk); + data->next_reauth_id = NULL; + } +} + + +static void eap_sim_process_reauth(struct eap_sm *sm, + struct eap_sim_data *data, + u8 *respData, size_t respDataLen, + struct eap_sim_attrs *attr) +{ + struct eap_sim_attrs eattr; + u8 *decrypted = NULL; + const u8 *identity, *id2; + size_t identity_len, id2_len; + + if (attr->mac == NULL || + eap_sim_verify_mac(data->k_aut, respData, respDataLen, attr->mac, + data->nonce_s, EAP_SIM_NONCE_S_LEN)) { + wpa_printf(MSG_WARNING, "EAP-SIM: Re-authentication message " + "did not include valid AT_MAC"); + goto fail; + } + + if (attr->encr_data == NULL || attr->iv == NULL) { + wpa_printf(MSG_WARNING, "EAP-SIM: Reauthentication " + "message did not include encrypted data"); + goto fail; + } + + decrypted = eap_sim_parse_encr(data->k_encr, attr->encr_data, + attr->encr_data_len, attr->iv, &eattr, + 0); + if (decrypted == NULL) { + wpa_printf(MSG_WARNING, "EAP-SIM: Failed to parse encrypted " + "data from reauthentication message"); + goto fail; + } + + if (eattr.counter != data->counter) { + wpa_printf(MSG_WARNING, "EAP-SIM: Re-authentication message " + "used incorrect counter %u, expected %u", + eattr.counter, data->counter); + goto fail; + } + free(decrypted); + decrypted = NULL; + + wpa_printf(MSG_DEBUG, "EAP-SIM: Re-authentication response includes " + "the correct AT_MAC"); + eap_sim_state(data, SUCCESS); + + if (data->reauth) { + identity = data->reauth->identity; + identity_len = data->reauth->identity_len; + } else { + identity = sm->identity; + identity_len = sm->identity_len; + } + + id2 = eap_sim_db_get_permanent(sm->eap_sim_db_priv, identity, + identity_len, &id2_len); + if (id2) { + identity = id2; + identity_len = id2_len; + } + + if (data->next_pseudonym) { + eap_sim_db_add_pseudonym(sm->eap_sim_db_priv, identity, + identity_len, data->next_pseudonym); + data->next_pseudonym = NULL; + } + if (data->next_reauth_id) { + eap_sim_db_add_reauth(sm->eap_sim_db_priv, identity, + identity_len, data->next_reauth_id, + data->counter + 1, data->mk); + data->next_reauth_id = NULL; + } else { + eap_sim_db_remove_reauth(sm->eap_sim_db_priv, data->reauth); + data->reauth = NULL; + } + + return; + +fail: + eap_sim_state(data, FAILURE); + eap_sim_db_remove_reauth(sm->eap_sim_db_priv, data->reauth); + data->reauth = NULL; + free(decrypted); +} + + +static void eap_sim_process_client_error(struct eap_sm *sm, + struct eap_sim_data *data, + u8 *respData, size_t respDataLen, + struct eap_sim_attrs *attr) +{ + wpa_printf(MSG_DEBUG, "EAP-SIM: Client reported error %d", + attr->client_error_code); + eap_sim_state(data, FAILURE); +} + + +static void eap_sim_process(struct eap_sm *sm, void *priv, + u8 *respData, size_t respDataLen) +{ + struct eap_sim_data *data = priv; + struct eap_hdr *resp; + u8 *pos, subtype; + size_t len; + struct eap_sim_attrs attr; + + resp = (struct eap_hdr *) respData; + pos = (u8 *) (resp + 1); + subtype = pos[1]; + len = ntohs(resp->length); + pos += 4; + + if (eap_sim_parse_attr(pos, respData + len, &attr, 0, 0)) { + wpa_printf(MSG_DEBUG, "EAP-SIM: Failed to parse attributes"); + eap_sim_state(data, FAILURE); + return; + } + + if (subtype == EAP_SIM_SUBTYPE_CLIENT_ERROR) { + eap_sim_process_client_error(sm, data, respData, len, &attr); + return; + } + + switch (data->state) { + case START: + eap_sim_process_start(sm, data, respData, len, &attr); + break; + case CHALLENGE: + eap_sim_process_challenge(sm, data, respData, len, &attr); + break; + case REAUTH: + eap_sim_process_reauth(sm, data, respData, len, &attr); + break; + default: + wpa_printf(MSG_DEBUG, "EAP-SIM: Unknown state %d in " + "process", data->state); + break; + } +} + + +static Boolean eap_sim_isDone(struct eap_sm *sm, void *priv) +{ + struct eap_sim_data *data = priv; + return data->state == SUCCESS || data->state == FAILURE; +} + + +static u8 * eap_sim_getKey(struct eap_sm *sm, void *priv, size_t *len) +{ + struct eap_sim_data *data = priv; + u8 *key; + + if (data->state != SUCCESS) + return NULL; + + key = malloc(EAP_SIM_KEYING_DATA_LEN); + if (key == NULL) + return NULL; + memcpy(key, data->msk, EAP_SIM_KEYING_DATA_LEN); + *len = EAP_SIM_KEYING_DATA_LEN; + return key; +} + + +static u8 * eap_sim_get_emsk(struct eap_sm *sm, void *priv, size_t *len) +{ + struct eap_sim_data *data = priv; + u8 *key; + + if (data->state != SUCCESS) + return NULL; + + key = malloc(EAP_EMSK_LEN); + if (key == NULL) + return NULL; + memcpy(key, data->emsk, EAP_EMSK_LEN); + *len = EAP_EMSK_LEN; + return key; +} + + +static Boolean eap_sim_isSuccess(struct eap_sm *sm, void *priv) +{ + struct eap_sim_data *data = priv; + return data->state == SUCCESS; +} + + +int eap_server_sim_register(void) +{ + struct eap_method *eap; + int ret; + + eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION, + EAP_VENDOR_IETF, EAP_TYPE_SIM, "SIM"); + if (eap == NULL) + return -1; + + eap->init = eap_sim_init; + eap->reset = eap_sim_reset; + eap->buildReq = eap_sim_buildReq; + eap->check = eap_sim_check; + eap->process = eap_sim_process; + eap->isDone = eap_sim_isDone; + eap->getKey = eap_sim_getKey; + eap->isSuccess = eap_sim_isSuccess; + eap->get_emsk = eap_sim_get_emsk; + + ret = eap_server_method_register(eap); + if (ret) + eap_server_method_free(eap); + return ret; +} diff --git a/contrib/hostapd-0.5.8/eap_sim_common.c b/contrib/hostapd-0.5.8/eap_sim_common.c new file mode 100644 index 0000000000..dc8b2f6f4b --- /dev/null +++ b/contrib/hostapd-0.5.8/eap_sim_common.c @@ -0,0 +1,840 @@ +/* + * EAP peer: EAP-SIM/AKA shared routines + * Copyright (c) 2004-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "common.h" +#include "eap_i.h" +#include "sha1.h" +#include "crypto.h" +#include "aes_wrap.h" +#include "eap_sim_common.h" + + +static int eap_sim_prf(const u8 *key, u8 *x, size_t xlen) +{ + return fips186_2_prf(key, EAP_SIM_MK_LEN, x, xlen); +} + + +void eap_sim_derive_mk(const u8 *identity, size_t identity_len, + const u8 *nonce_mt, u16 selected_version, + const u8 *ver_list, size_t ver_list_len, + int num_chal, const u8 *kc, u8 *mk) +{ + u8 sel_ver[2]; + const unsigned char *addr[5]; + size_t len[5]; + + addr[0] = identity; + len[0] = identity_len; + addr[1] = kc; + len[1] = num_chal * EAP_SIM_KC_LEN; + addr[2] = nonce_mt; + len[2] = EAP_SIM_NONCE_MT_LEN; + addr[3] = ver_list; + len[3] = ver_list_len; + addr[4] = sel_ver; + len[4] = 2; + + WPA_PUT_BE16(sel_ver, selected_version); + + /* MK = SHA1(Identity|n*Kc|NONCE_MT|Version List|Selected Version) */ + sha1_vector(5, addr, len, mk); + wpa_hexdump_key(MSG_DEBUG, "EAP-SIM: MK", mk, EAP_SIM_MK_LEN); +} + + +void eap_aka_derive_mk(const u8 *identity, size_t identity_len, + const u8 *ik, const u8 *ck, u8 *mk) +{ + const u8 *addr[3]; + size_t len[3]; + + addr[0] = identity; + len[0] = identity_len; + addr[1] = ik; + len[1] = EAP_AKA_IK_LEN; + addr[2] = ck; + len[2] = EAP_AKA_CK_LEN; + + /* MK = SHA1(Identity|IK|CK) */ + sha1_vector(3, addr, len, mk); + wpa_hexdump_key(MSG_DEBUG, "EAP-AKA: IK", ik, EAP_AKA_IK_LEN); + wpa_hexdump_key(MSG_DEBUG, "EAP-AKA: CK", ck, EAP_AKA_CK_LEN); + wpa_hexdump_key(MSG_DEBUG, "EAP-AKA: MK", mk, EAP_SIM_MK_LEN); +} + + +int eap_sim_derive_keys(const u8 *mk, u8 *k_encr, u8 *k_aut, u8 *msk, u8 *emsk) +{ + u8 buf[EAP_SIM_K_ENCR_LEN + EAP_SIM_K_AUT_LEN + + EAP_SIM_KEYING_DATA_LEN + EAP_EMSK_LEN], *pos; + if (eap_sim_prf(mk, buf, sizeof(buf)) < 0) { + wpa_printf(MSG_ERROR, "EAP-SIM: Failed to derive keys"); + return -1; + } + pos = buf; + os_memcpy(k_encr, pos, EAP_SIM_K_ENCR_LEN); + pos += EAP_SIM_K_ENCR_LEN; + os_memcpy(k_aut, pos, EAP_SIM_K_AUT_LEN); + pos += EAP_SIM_K_AUT_LEN; + os_memcpy(msk, pos, EAP_SIM_KEYING_DATA_LEN); + pos += EAP_SIM_KEYING_DATA_LEN; + os_memcpy(emsk, pos, EAP_EMSK_LEN); + + wpa_hexdump_key(MSG_DEBUG, "EAP-SIM: K_encr", + k_encr, EAP_SIM_K_ENCR_LEN); + wpa_hexdump_key(MSG_DEBUG, "EAP-SIM: K_aut", + k_aut, EAP_SIM_K_AUT_LEN); + wpa_hexdump_key(MSG_DEBUG, "EAP-SIM: keying material (MSK)", + msk, EAP_SIM_KEYING_DATA_LEN); + wpa_hexdump_key(MSG_DEBUG, "EAP-SIM: EMSK", emsk, EAP_EMSK_LEN); + os_memset(buf, 0, sizeof(buf)); + + return 0; +} + + +int eap_sim_derive_keys_reauth(u16 _counter, + const u8 *identity, size_t identity_len, + const u8 *nonce_s, const u8 *mk, u8 *msk, + u8 *emsk) +{ + u8 xkey[SHA1_MAC_LEN]; + u8 buf[EAP_SIM_KEYING_DATA_LEN + EAP_EMSK_LEN + 32]; + u8 counter[2]; + const u8 *addr[4]; + size_t len[4]; + + addr[0] = identity; + len[0] = identity_len; + addr[1] = counter; + len[1] = 2; + addr[2] = nonce_s; + len[2] = EAP_SIM_NONCE_S_LEN; + addr[3] = mk; + len[3] = EAP_SIM_MK_LEN; + + WPA_PUT_BE16(counter, _counter); + + wpa_printf(MSG_DEBUG, "EAP-SIM: Deriving keying data from reauth"); + wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM: Identity", + identity, identity_len); + wpa_hexdump(MSG_DEBUG, "EAP-SIM: counter", counter, 2); + wpa_hexdump(MSG_DEBUG, "EAP-SIM: NONCE_S", nonce_s, + EAP_SIM_NONCE_S_LEN); + wpa_hexdump_key(MSG_DEBUG, "EAP-SIM: MK", mk, EAP_SIM_MK_LEN); + + /* XKEY' = SHA1(Identity|counter|NONCE_S|MK) */ + sha1_vector(4, addr, len, xkey); + wpa_hexdump(MSG_DEBUG, "EAP-SIM: XKEY'", xkey, SHA1_MAC_LEN); + + if (eap_sim_prf(xkey, buf, sizeof(buf)) < 0) { + wpa_printf(MSG_ERROR, "EAP-SIM: Failed to derive keys"); + return -1; + } + if (msk) { + os_memcpy(msk, buf, EAP_SIM_KEYING_DATA_LEN); + wpa_hexdump(MSG_DEBUG, "EAP-SIM: keying material (MSK)", + msk, EAP_SIM_KEYING_DATA_LEN); + } + if (emsk) { + os_memcpy(emsk, buf + EAP_SIM_KEYING_DATA_LEN, EAP_EMSK_LEN); + wpa_hexdump(MSG_DEBUG, "EAP-SIM: EMSK", emsk, EAP_EMSK_LEN); + } + os_memset(buf, 0, sizeof(buf)); + + return 0; +} + + +int eap_sim_verify_mac(const u8 *k_aut, const u8 *req, size_t req_len, + const u8 *mac, const u8 *extra, size_t extra_len) +{ + unsigned char hmac[SHA1_MAC_LEN]; + const u8 *addr[2]; + size_t len[2]; + u8 *tmp; + + if (mac == NULL || req_len < EAP_SIM_MAC_LEN || mac < req || + mac > req + req_len - EAP_SIM_MAC_LEN) + return -1; + + tmp = os_malloc(req_len); + if (tmp == NULL) + return -1; + + addr[0] = tmp; + len[0] = req_len; + addr[1] = extra; + len[1] = extra_len; + + /* HMAC-SHA1-128 */ + os_memcpy(tmp, req, req_len); + os_memset(tmp + (mac - req), 0, EAP_SIM_MAC_LEN); + wpa_hexdump(MSG_MSGDUMP, "EAP-SIM: Verify MAC - msg", tmp, req_len); + wpa_hexdump(MSG_MSGDUMP, "EAP-SIM: Verify MAC - extra data", + extra, extra_len); + wpa_hexdump_key(MSG_MSGDUMP, "EAP-SIM: Verify MAC - K_aut", + k_aut, EAP_SIM_K_AUT_LEN); + hmac_sha1_vector(k_aut, EAP_SIM_K_AUT_LEN, 2, addr, len, hmac); + wpa_hexdump(MSG_MSGDUMP, "EAP-SIM: Verify MAC: MAC", + hmac, EAP_SIM_MAC_LEN); + os_free(tmp); + + return (os_memcmp(hmac, mac, EAP_SIM_MAC_LEN) == 0) ? 0 : 1; +} + + +void eap_sim_add_mac(const u8 *k_aut, u8 *msg, size_t msg_len, u8 *mac, + const u8 *extra, size_t extra_len) +{ + unsigned char hmac[SHA1_MAC_LEN]; + const u8 *addr[2]; + size_t len[2]; + + addr[0] = msg; + len[0] = msg_len; + addr[1] = extra; + len[1] = extra_len; + + /* HMAC-SHA1-128 */ + os_memset(mac, 0, EAP_SIM_MAC_LEN); + wpa_hexdump(MSG_MSGDUMP, "EAP-SIM: Add MAC - msg", msg, msg_len); + wpa_hexdump(MSG_MSGDUMP, "EAP-SIM: Add MAC - extra data", + extra, extra_len); + wpa_hexdump_key(MSG_MSGDUMP, "EAP-SIM: Add MAC - K_aut", + k_aut, EAP_SIM_K_AUT_LEN); + hmac_sha1_vector(k_aut, EAP_SIM_K_AUT_LEN, 2, addr, len, hmac); + os_memcpy(mac, hmac, EAP_SIM_MAC_LEN); + wpa_hexdump(MSG_MSGDUMP, "EAP-SIM: Add MAC: MAC", + mac, EAP_SIM_MAC_LEN); +} + + +int eap_sim_parse_attr(const u8 *start, const u8 *end, + struct eap_sim_attrs *attr, int aka, int encr) +{ + const u8 *pos = start, *apos; + size_t alen, plen, i, list_len; + + os_memset(attr, 0, sizeof(*attr)); + attr->id_req = NO_ID_REQ; + attr->notification = -1; + attr->counter = -1; + attr->selected_version = -1; + attr->client_error_code = -1; + + while (pos < end) { + if (pos + 2 > end) { + wpa_printf(MSG_INFO, "EAP-SIM: Attribute overflow(1)"); + return -1; + } + wpa_printf(MSG_MSGDUMP, "EAP-SIM: Attribute: Type=%d Len=%d", + pos[0], pos[1] * 4); + if (pos + pos[1] * 4 > end) { + wpa_printf(MSG_INFO, "EAP-SIM: Attribute overflow " + "(pos=%p len=%d end=%p)", + pos, pos[1] * 4, end); + return -1; + } + apos = pos + 2; + alen = pos[1] * 4 - 2; + wpa_hexdump(MSG_MSGDUMP, "EAP-SIM: Attribute data", + apos, alen); + + switch (pos[0]) { + case EAP_SIM_AT_RAND: + wpa_printf(MSG_DEBUG, "EAP-SIM: AT_RAND"); + apos += 2; + alen -= 2; + if ((!aka && (alen % GSM_RAND_LEN)) || + (aka && alen != EAP_AKA_RAND_LEN)) { + wpa_printf(MSG_INFO, "EAP-SIM: Invalid AT_RAND" + " (len %lu)", + (unsigned long) alen); + return -1; + } + attr->rand = apos; + attr->num_chal = alen / GSM_RAND_LEN; + break; + case EAP_SIM_AT_AUTN: + wpa_printf(MSG_DEBUG, "EAP-AKA: AT_AUTN"); + if (!aka) { + wpa_printf(MSG_DEBUG, "EAP-SIM: " + "Unexpected AT_AUTN"); + return -1; + } + apos += 2; + alen -= 2; + if (alen != EAP_AKA_AUTN_LEN) { + wpa_printf(MSG_INFO, "EAP-AKA: Invalid AT_AUTN" + " (len %lu)", + (unsigned long) alen); + return -1; + } + attr->autn = apos; + break; + case EAP_SIM_AT_PADDING: + if (!encr) { + wpa_printf(MSG_ERROR, "EAP-SIM: Unencrypted " + "AT_PADDING"); + return -1; + } + wpa_printf(MSG_DEBUG, "EAP-SIM: (encr) AT_PADDING"); + for (i = 2; i < alen; i++) { + if (apos[i] != 0) { + wpa_printf(MSG_INFO, "EAP-SIM: (encr) " + "AT_PADDING used a non-zero" + " padding byte"); + wpa_hexdump(MSG_DEBUG, "EAP-SIM: " + "(encr) padding bytes", + apos + 2, alen - 2); + return -1; + } + } + break; + case EAP_SIM_AT_NONCE_MT: + wpa_printf(MSG_DEBUG, "EAP-SIM: AT_NONCE_MT"); + if (alen != 2 + EAP_SIM_NONCE_MT_LEN) { + wpa_printf(MSG_INFO, "EAP-SIM: Invalid " + "AT_NONCE_MT length"); + return -1; + } + attr->nonce_mt = apos + 2; + break; + case EAP_SIM_AT_PERMANENT_ID_REQ: + wpa_printf(MSG_DEBUG, "EAP-SIM: AT_PERMANENT_ID_REQ"); + attr->id_req = PERMANENT_ID; + break; + case EAP_SIM_AT_MAC: + wpa_printf(MSG_DEBUG, "EAP-SIM: AT_MAC"); + if (alen != 2 + EAP_SIM_MAC_LEN) { + wpa_printf(MSG_INFO, "EAP-SIM: Invalid AT_MAC " + "length"); + return -1; + } + attr->mac = apos + 2; + break; + case EAP_SIM_AT_NOTIFICATION: + if (alen != 2) { + wpa_printf(MSG_INFO, "EAP-SIM: Invalid " + "AT_NOTIFICATION length %lu", + (unsigned long) alen); + return -1; + } + attr->notification = apos[0] * 256 + apos[1]; + wpa_printf(MSG_DEBUG, "EAP-SIM: AT_NOTIFICATION %d", + attr->notification); + break; + case EAP_SIM_AT_ANY_ID_REQ: + wpa_printf(MSG_DEBUG, "EAP-SIM: AT_ANY_ID_REQ"); + attr->id_req = ANY_ID; + break; + case EAP_SIM_AT_IDENTITY: + wpa_printf(MSG_DEBUG, "EAP-SIM: AT_IDENTITY"); + attr->identity = apos + 2; + attr->identity_len = alen - 2; + break; + case EAP_SIM_AT_VERSION_LIST: + if (aka) { + wpa_printf(MSG_DEBUG, "EAP-AKA: " + "Unexpected AT_VERSION_LIST"); + return -1; + } + list_len = apos[0] * 256 + apos[1]; + wpa_printf(MSG_DEBUG, "EAP-SIM: AT_VERSION_LIST"); + if (list_len < 2 || list_len > alen - 2) { + wpa_printf(MSG_WARNING, "EAP-SIM: Invalid " + "AT_VERSION_LIST (list_len=%lu " + "attr_len=%lu)", + (unsigned long) list_len, + (unsigned long) alen); + return -1; + } + attr->version_list = apos + 2; + attr->version_list_len = list_len; + break; + case EAP_SIM_AT_SELECTED_VERSION: + wpa_printf(MSG_DEBUG, "EAP-SIM: AT_SELECTED_VERSION"); + if (alen != 2) { + wpa_printf(MSG_INFO, "EAP-SIM: Invalid " + "AT_SELECTED_VERSION length %lu", + (unsigned long) alen); + return -1; + } + attr->selected_version = apos[0] * 256 + apos[1]; + wpa_printf(MSG_DEBUG, "EAP-SIM: AT_SELECTED_VERSION " + "%d", attr->selected_version); + break; + case EAP_SIM_AT_FULLAUTH_ID_REQ: + wpa_printf(MSG_DEBUG, "EAP-SIM: AT_FULLAUTH_ID_REQ"); + attr->id_req = FULLAUTH_ID; + break; + case EAP_SIM_AT_COUNTER: + if (!encr) { + wpa_printf(MSG_ERROR, "EAP-SIM: Unencrypted " + "AT_COUNTER"); + return -1; + } + if (alen != 2) { + wpa_printf(MSG_INFO, "EAP-SIM: (encr) Invalid " + "AT_COUNTER (alen=%lu)", + (unsigned long) alen); + return -1; + } + attr->counter = apos[0] * 256 + apos[1]; + wpa_printf(MSG_DEBUG, "EAP-SIM: (encr) AT_COUNTER %d", + attr->counter); + break; + case EAP_SIM_AT_COUNTER_TOO_SMALL: + if (!encr) { + wpa_printf(MSG_ERROR, "EAP-SIM: Unencrypted " + "AT_COUNTER_TOO_SMALL"); + return -1; + } + if (alen != 2) { + wpa_printf(MSG_INFO, "EAP-SIM: (encr) Invalid " + "AT_COUNTER_TOO_SMALL (alen=%lu)", + (unsigned long) alen); + return -1; + } + wpa_printf(MSG_DEBUG, "EAP-SIM: (encr) " + "AT_COUNTER_TOO_SMALL"); + attr->counter_too_small = 1; + break; + case EAP_SIM_AT_NONCE_S: + if (!encr) { + wpa_printf(MSG_ERROR, "EAP-SIM: Unencrypted " + "AT_NONCE_S"); + return -1; + } + wpa_printf(MSG_DEBUG, "EAP-SIM: (encr) " + "AT_NONCE_S"); + if (alen != 2 + EAP_SIM_NONCE_S_LEN) { + wpa_printf(MSG_INFO, "EAP-SIM: (encr) Invalid " + "AT_NONCE_S (alen=%lu)", + (unsigned long) alen); + return -1; + } + attr->nonce_s = apos + 2; + break; + case EAP_SIM_AT_CLIENT_ERROR_CODE: + if (alen != 2) { + wpa_printf(MSG_INFO, "EAP-SIM: Invalid " + "AT_CLIENT_ERROR_CODE length %lu", + (unsigned long) alen); + return -1; + } + attr->client_error_code = apos[0] * 256 + apos[1]; + wpa_printf(MSG_DEBUG, "EAP-SIM: AT_CLIENT_ERROR_CODE " + "%d", attr->client_error_code); + break; + case EAP_SIM_AT_IV: + wpa_printf(MSG_DEBUG, "EAP-SIM: AT_IV"); + if (alen != 2 + EAP_SIM_MAC_LEN) { + wpa_printf(MSG_INFO, "EAP-SIM: Invalid AT_IV " + "length %lu", (unsigned long) alen); + return -1; + } + attr->iv = apos + 2; + break; + case EAP_SIM_AT_ENCR_DATA: + wpa_printf(MSG_DEBUG, "EAP-SIM: AT_ENCR_DATA"); + attr->encr_data = apos + 2; + attr->encr_data_len = alen - 2; + if (attr->encr_data_len % 16) { + wpa_printf(MSG_INFO, "EAP-SIM: Invalid " + "AT_ENCR_DATA length %lu", + (unsigned long) + attr->encr_data_len); + return -1; + } + break; + case EAP_SIM_AT_NEXT_PSEUDONYM: + if (!encr) { + wpa_printf(MSG_ERROR, "EAP-SIM: Unencrypted " + "AT_NEXT_PSEUDONYM"); + return -1; + } + wpa_printf(MSG_DEBUG, "EAP-SIM: (encr) " + "AT_NEXT_PSEUDONYM"); + plen = apos[0] * 256 + apos[1]; + if (plen > alen - 2) { + wpa_printf(MSG_INFO, "EAP-SIM: (encr) Invalid" + " AT_NEXT_PSEUDONYM (actual" + " len %lu, attr len %lu)", + (unsigned long) plen, + (unsigned long) alen); + return -1; + } + attr->next_pseudonym = pos + 4; + attr->next_pseudonym_len = plen; + break; + case EAP_SIM_AT_NEXT_REAUTH_ID: + if (!encr) { + wpa_printf(MSG_ERROR, "EAP-SIM: Unencrypted " + "AT_NEXT_REAUTH_ID"); + return -1; + } + wpa_printf(MSG_DEBUG, "EAP-SIM: (encr) " + "AT_NEXT_REAUTH_ID"); + plen = apos[0] * 256 + apos[1]; + if (plen > alen - 2) { + wpa_printf(MSG_INFO, "EAP-SIM: (encr) Invalid" + " AT_NEXT_REAUTH_ID (actual" + " len %lu, attr len %lu)", + (unsigned long) plen, + (unsigned long) alen); + return -1; + } + attr->next_reauth_id = pos + 4; + attr->next_reauth_id_len = plen; + break; + case EAP_SIM_AT_RES: + wpa_printf(MSG_DEBUG, "EAP-SIM: AT_RES"); + apos += 2; + alen -= 2; + if (!aka || alen < EAP_AKA_MIN_RES_LEN || + alen > EAP_AKA_MAX_RES_LEN) { + wpa_printf(MSG_INFO, "EAP-SIM: Invalid AT_RES " + "(len %lu)", + (unsigned long) alen); + return -1; + } + attr->res = apos; + attr->res_len = alen; + break; + case EAP_SIM_AT_AUTS: + wpa_printf(MSG_DEBUG, "EAP-AKA: AT_AUTS"); + if (!aka) { + wpa_printf(MSG_DEBUG, "EAP-SIM: " + "Unexpected AT_AUTS"); + return -1; + } + if (alen != EAP_AKA_AUTS_LEN) { + wpa_printf(MSG_INFO, "EAP-AKA: Invalid AT_AUTS" + " (len %lu)", + (unsigned long) alen); + return -1; + } + attr->auts = apos; + break; + default: + if (pos[0] < 128) { + wpa_printf(MSG_INFO, "EAP-SIM: Unrecognized " + "non-skippable attribute %d", + pos[0]); + return -1; + } + + wpa_printf(MSG_DEBUG, "EAP-SIM: Unrecognized skippable" + " attribute %d ignored", pos[0]); + break; + } + + pos += pos[1] * 4; + } + + wpa_printf(MSG_DEBUG, "EAP-SIM: Attributes parsed successfully " + "(aka=%d encr=%d)", aka, encr); + + return 0; +} + + +u8 * eap_sim_parse_encr(const u8 *k_encr, const u8 *encr_data, + size_t encr_data_len, const u8 *iv, + struct eap_sim_attrs *attr, int aka) +{ + u8 *decrypted; + + if (!iv) { + wpa_printf(MSG_INFO, "EAP-SIM: Encrypted data, but no IV"); + return NULL; + } + + decrypted = os_malloc(encr_data_len); + if (decrypted == NULL) + return NULL; + os_memcpy(decrypted, encr_data, encr_data_len); + + aes_128_cbc_decrypt(k_encr, iv, decrypted, encr_data_len); + wpa_hexdump(MSG_MSGDUMP, "EAP-SIM: Decrypted AT_ENCR_DATA", + decrypted, encr_data_len); + + if (eap_sim_parse_attr(decrypted, decrypted + encr_data_len, attr, + aka, 1)) { + wpa_printf(MSG_INFO, "EAP-SIM: (encr) Failed to parse " + "decrypted AT_ENCR_DATA"); + os_free(decrypted); + return NULL; + } + + return decrypted; +} + + +#define EAP_SIM_INIT_LEN 128 + +struct eap_sim_msg { + u8 *buf; + size_t buf_len, used; + size_t mac, iv, encr; /* index from buf */ +}; + + +struct eap_sim_msg * eap_sim_msg_init(int code, int id, int type, int subtype) +{ + struct eap_sim_msg *msg; + struct eap_hdr *eap; + u8 *pos; + + msg = os_zalloc(sizeof(*msg)); + if (msg == NULL) + return NULL; + + msg->buf = os_zalloc(EAP_SIM_INIT_LEN); + if (msg->buf == NULL) { + os_free(msg); + return NULL; + } + msg->buf_len = EAP_SIM_INIT_LEN; + eap = (struct eap_hdr *) msg->buf; + eap->code = code; + eap->identifier = id; + msg->used = sizeof(*eap); + + pos = (u8 *) (eap + 1); + *pos++ = type; + *pos++ = subtype; + *pos++ = 0; /* Reserved */ + *pos++ = 0; /* Reserved */ + msg->used += 4; + + return msg; +} + + +u8 * eap_sim_msg_finish(struct eap_sim_msg *msg, size_t *len, const u8 *k_aut, + const u8 *extra, size_t extra_len) +{ + struct eap_hdr *eap; + u8 *buf; + + if (msg == NULL) + return NULL; + + eap = (struct eap_hdr *) msg->buf; + eap->length = host_to_be16(msg->used); + + if (k_aut && msg->mac) { + eap_sim_add_mac(k_aut, msg->buf, msg->used, + msg->buf + msg->mac, extra, extra_len); + } + + *len = msg->used; + buf = msg->buf; + os_free(msg); + return buf; +} + + +void eap_sim_msg_free(struct eap_sim_msg *msg) +{ + if (msg) { + os_free(msg->buf); + os_free(msg); + } +} + + +static int eap_sim_msg_resize(struct eap_sim_msg *msg, size_t add_len) +{ + if (msg->used + add_len > msg->buf_len) { + u8 *nbuf = os_realloc(msg->buf, msg->used + add_len); + if (nbuf == NULL) + return -1; + msg->buf = nbuf; + msg->buf_len = msg->used + add_len; + } + return 0; +} + + +u8 * eap_sim_msg_add_full(struct eap_sim_msg *msg, u8 attr, + const u8 *data, size_t len) +{ + int attr_len = 2 + len; + int pad_len; + u8 *start, *pos; + + if (msg == NULL) + return NULL; + + pad_len = (4 - attr_len % 4) % 4; + attr_len += pad_len; + if (eap_sim_msg_resize(msg, attr_len)) + return NULL; + start = pos = msg->buf + msg->used; + *pos++ = attr; + *pos++ = attr_len / 4; + os_memcpy(pos, data, len); + if (pad_len) { + pos += len; + os_memset(pos, 0, pad_len); + } + msg->used += attr_len; + return start; +} + + +u8 * eap_sim_msg_add(struct eap_sim_msg *msg, u8 attr, u16 value, + const u8 *data, size_t len) +{ + int attr_len = 4 + len; + int pad_len; + u8 *start, *pos; + + if (msg == NULL) + return NULL; + + pad_len = (4 - attr_len % 4) % 4; + attr_len += pad_len; + if (eap_sim_msg_resize(msg, attr_len)) + return NULL; + start = pos = msg->buf + msg->used; + *pos++ = attr; + *pos++ = attr_len / 4; + WPA_PUT_BE16(pos, value); + pos += 2; + if (data) + os_memcpy(pos, data, len); + if (pad_len) { + pos += len; + os_memset(pos, 0, pad_len); + } + msg->used += attr_len; + return start; +} + + +u8 * eap_sim_msg_add_mac(struct eap_sim_msg *msg, u8 attr) +{ + u8 *pos = eap_sim_msg_add(msg, attr, 0, NULL, EAP_SIM_MAC_LEN); + if (pos) + msg->mac = (pos - msg->buf) + 4; + return pos; +} + + +int eap_sim_msg_add_encr_start(struct eap_sim_msg *msg, u8 attr_iv, + u8 attr_encr) +{ + u8 *pos = eap_sim_msg_add(msg, attr_iv, 0, NULL, EAP_SIM_IV_LEN); + if (pos == NULL) + return -1; + msg->iv = (pos - msg->buf) + 4; + if (hostapd_get_rand(msg->buf + msg->iv, EAP_SIM_IV_LEN)) { + msg->iv = 0; + return -1; + } + + pos = eap_sim_msg_add(msg, attr_encr, 0, NULL, 0); + if (pos == NULL) { + msg->iv = 0; + return -1; + } + msg->encr = pos - msg->buf; + + return 0; +} + + +int eap_sim_msg_add_encr_end(struct eap_sim_msg *msg, u8 *k_encr, int attr_pad) +{ + size_t encr_len; + + if (msg == NULL || k_encr == NULL || msg->iv == 0 || msg->encr == 0) + return -1; + + encr_len = msg->used - msg->encr - 4; + if (encr_len % 16) { + u8 *pos; + int pad_len = 16 - (encr_len % 16); + if (pad_len < 4) { + wpa_printf(MSG_WARNING, "EAP-SIM: " + "eap_sim_msg_add_encr_end - invalid pad_len" + " %d", pad_len); + return -1; + } + wpa_printf(MSG_DEBUG, " *AT_PADDING"); + pos = eap_sim_msg_add(msg, attr_pad, 0, NULL, pad_len - 4); + if (pos == NULL) + return -1; + os_memset(pos + 4, 0, pad_len - 4); + encr_len += pad_len; + } + wpa_printf(MSG_DEBUG, " (AT_ENCR_DATA data len %lu)", + (unsigned long) encr_len); + msg->buf[msg->encr + 1] = encr_len / 4 + 1; + aes_128_cbc_encrypt(k_encr, msg->buf + msg->iv, + msg->buf + msg->encr + 4, encr_len); + + return 0; +} + + +void eap_sim_report_notification(void *msg_ctx, int notification, int aka) +{ +#ifndef CONFIG_NO_STDOUT_DEBUG + const char *type = aka ? "AKA" : "SIM"; +#endif /* CONFIG_NO_STDOUT_DEBUG */ + + switch (notification) { + case EAP_SIM_GENERAL_FAILURE_AFTER_AUTH: + wpa_printf(MSG_WARNING, "EAP-%s: General failure " + "notification (after authentication)", type); + break; + case EAP_SIM_TEMPORARILY_DENIED: + wpa_printf(MSG_WARNING, "EAP-%s: Failure notification: " + "User has been temporarily denied access to the " + "requested service", type); + break; + case EAP_SIM_NOT_SUBSCRIBED: + wpa_printf(MSG_WARNING, "EAP-%s: Failure notification: " + "User has not subscribed to the requested service", + type); + break; + case EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH: + wpa_printf(MSG_WARNING, "EAP-%s: General failure " + "notification (before authentication)", type); + break; + case EAP_SIM_SUCCESS: + wpa_printf(MSG_INFO, "EAP-%s: Successful authentication " + "notification", type); + break; + default: + if (notification >= 32768) { + wpa_printf(MSG_INFO, "EAP-%s: Unrecognized " + "non-failure notification %d", + type, notification); + } else { + wpa_printf(MSG_WARNING, "EAP-%s: Unrecognized " + "failure notification %d", + type, notification); + } + } +} diff --git a/contrib/hostapd-0.5.8/eap_sim_common.h b/contrib/hostapd-0.5.8/eap_sim_common.h new file mode 100644 index 0000000000..9c983a864e --- /dev/null +++ b/contrib/hostapd-0.5.8/eap_sim_common.h @@ -0,0 +1,166 @@ +/* + * EAP peer: EAP-SIM/AKA shared routines + * Copyright (c) 2004-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef EAP_SIM_COMMON_H +#define EAP_SIM_COMMON_H + +#define EAP_SIM_NONCE_S_LEN 16 +#define EAP_SIM_NONCE_MT_LEN 16 +#define EAP_SIM_MAC_LEN 16 +#define EAP_SIM_MK_LEN 20 +#define EAP_SIM_K_AUT_LEN 16 +#define EAP_SIM_K_ENCR_LEN 16 +#define EAP_SIM_KEYING_DATA_LEN 64 +#define EAP_SIM_IV_LEN 16 +#define EAP_SIM_KC_LEN 8 +#define EAP_SIM_SRES_LEN 4 + +#define GSM_RAND_LEN 16 + +#define EAP_SIM_VERSION 1 + +/* EAP-SIM Subtypes */ +#define EAP_SIM_SUBTYPE_START 10 +#define EAP_SIM_SUBTYPE_CHALLENGE 11 +#define EAP_SIM_SUBTYPE_NOTIFICATION 12 +#define EAP_SIM_SUBTYPE_REAUTHENTICATION 13 +#define EAP_SIM_SUBTYPE_CLIENT_ERROR 14 + +/* AT_CLIENT_ERROR_CODE error codes */ +#define EAP_SIM_UNABLE_TO_PROCESS_PACKET 0 +#define EAP_SIM_UNSUPPORTED_VERSION 1 +#define EAP_SIM_INSUFFICIENT_NUM_OF_CHAL 2 +#define EAP_SIM_RAND_NOT_FRESH 3 + +#define EAP_SIM_MAX_FAST_REAUTHS 1000 + +#define EAP_SIM_MAX_CHAL 3 + + +/* EAP-AKA Subtypes */ +#define EAP_AKA_SUBTYPE_CHALLENGE 1 +#define EAP_AKA_SUBTYPE_AUTHENTICATION_REJECT 2 +#define EAP_AKA_SUBTYPE_SYNCHRONIZATION_FAILURE 4 +#define EAP_AKA_SUBTYPE_IDENTITY 5 +#define EAP_AKA_SUBTYPE_NOTIFICATION 12 +#define EAP_AKA_SUBTYPE_REAUTHENTICATION 13 +#define EAP_AKA_SUBTYPE_CLIENT_ERROR 14 + +/* AT_CLIENT_ERROR_CODE error codes */ +#define EAP_AKA_UNABLE_TO_PROCESS_PACKET 0 + +#define EAP_AKA_RAND_LEN 16 +#define EAP_AKA_AUTN_LEN 16 +#define EAP_AKA_AUTS_LEN 14 +#define EAP_AKA_RES_MAX_LEN 16 +#define EAP_AKA_IK_LEN 16 +#define EAP_AKA_CK_LEN 16 +#define EAP_AKA_MAX_FAST_REAUTHS 1000 +#define EAP_AKA_MIN_RES_LEN 4 +#define EAP_AKA_MAX_RES_LEN 16 + +void eap_sim_derive_mk(const u8 *identity, size_t identity_len, + const u8 *nonce_mt, u16 selected_version, + const u8 *ver_list, size_t ver_list_len, + int num_chal, const u8 *kc, u8 *mk); +void eap_aka_derive_mk(const u8 *identity, size_t identity_len, + const u8 *ik, const u8 *ck, u8 *mk); +int eap_sim_derive_keys(const u8 *mk, u8 *k_encr, u8 *k_aut, u8 *msk, + u8 *emsk); +int eap_sim_derive_keys_reauth(u16 _counter, + const u8 *identity, size_t identity_len, + const u8 *nonce_s, const u8 *mk, u8 *msk, + u8 *emsk); +int eap_sim_verify_mac(const u8 *k_aut, const u8 *req, size_t req_len, + const u8 *mac, const u8 *extra, size_t extra_len); +void eap_sim_add_mac(const u8 *k_aut, u8 *msg, size_t msg_len, u8 *mac, + const u8 *extra, size_t extra_len); + + +/* EAP-SIM/AKA Attributes (0..127 non-skippable) */ +#define EAP_SIM_AT_RAND 1 +#define EAP_SIM_AT_AUTN 2 /* only AKA */ +#define EAP_SIM_AT_RES 3 /* only AKA, only peer->server */ +#define EAP_SIM_AT_AUTS 4 /* only AKA, only peer->server */ +#define EAP_SIM_AT_PADDING 6 /* only encrypted */ +#define EAP_SIM_AT_NONCE_MT 7 /* only SIM, only send */ +#define EAP_SIM_AT_PERMANENT_ID_REQ 10 +#define EAP_SIM_AT_MAC 11 +#define EAP_SIM_AT_NOTIFICATION 12 +#define EAP_SIM_AT_ANY_ID_REQ 13 +#define EAP_SIM_AT_IDENTITY 14 /* only send */ +#define EAP_SIM_AT_VERSION_LIST 15 /* only SIM */ +#define EAP_SIM_AT_SELECTED_VERSION 16 /* only SIM */ +#define EAP_SIM_AT_FULLAUTH_ID_REQ 17 +#define EAP_SIM_AT_COUNTER 19 /* only encrypted */ +#define EAP_SIM_AT_COUNTER_TOO_SMALL 20 /* only encrypted */ +#define EAP_SIM_AT_NONCE_S 21 /* only encrypted */ +#define EAP_SIM_AT_CLIENT_ERROR_CODE 22 /* only send */ +#define EAP_SIM_AT_IV 129 +#define EAP_SIM_AT_ENCR_DATA 130 +#define EAP_SIM_AT_NEXT_PSEUDONYM 132 /* only encrypted */ +#define EAP_SIM_AT_NEXT_REAUTH_ID 133 /* only encrypted */ +#define EAP_SIM_AT_CHECKCODE 134 /* only AKA */ +#define EAP_SIM_AT_RESULT_IND 135 + +/* AT_NOTIFICATION notification code values */ +#define EAP_SIM_GENERAL_FAILURE_AFTER_AUTH 0 +#define EAP_SIM_TEMPORARILY_DENIED 1026 +#define EAP_SIM_NOT_SUBSCRIBED 1031 +#define EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH 16384 +#define EAP_SIM_SUCCESS 32768 + + +enum eap_sim_id_req { + NO_ID_REQ, ANY_ID, FULLAUTH_ID, PERMANENT_ID +}; + + +struct eap_sim_attrs { + const u8 *rand, *autn, *mac, *iv, *encr_data, *version_list, *nonce_s; + const u8 *next_pseudonym, *next_reauth_id; + const u8 *nonce_mt, *identity, *res, *auts; + size_t num_chal, version_list_len, encr_data_len; + size_t next_pseudonym_len, next_reauth_id_len, identity_len, res_len; + enum eap_sim_id_req id_req; + int notification, counter, selected_version, client_error_code; + int counter_too_small; +}; + +int eap_sim_parse_attr(const u8 *start, const u8 *end, + struct eap_sim_attrs *attr, int aka, int encr); +u8 * eap_sim_parse_encr(const u8 *k_encr, const u8 *encr_data, + size_t encr_data_len, const u8 *iv, + struct eap_sim_attrs *attr, int aka); + + +struct eap_sim_msg; + +struct eap_sim_msg * eap_sim_msg_init(int code, int id, int type, int subtype); +u8 * eap_sim_msg_finish(struct eap_sim_msg *msg, size_t *len, const u8 *k_aut, + const u8 *extra, size_t extra_len); +void eap_sim_msg_free(struct eap_sim_msg *msg); +u8 * eap_sim_msg_add_full(struct eap_sim_msg *msg, u8 attr, + const u8 *data, size_t len); +u8 * eap_sim_msg_add(struct eap_sim_msg *msg, u8 attr, + u16 value, const u8 *data, size_t len); +u8 * eap_sim_msg_add_mac(struct eap_sim_msg *msg, u8 attr); +int eap_sim_msg_add_encr_start(struct eap_sim_msg *msg, u8 attr_iv, + u8 attr_encr); +int eap_sim_msg_add_encr_end(struct eap_sim_msg *msg, u8 *k_encr, + int attr_pad); + +void eap_sim_report_notification(void *msg_ctx, int notification, int aka); + +#endif /* EAP_SIM_COMMON_H */ diff --git a/contrib/hostapd-0.5.8/eap_sim_db.c b/contrib/hostapd-0.5.8/eap_sim_db.c new file mode 100644 index 0000000000..93ade144fa --- /dev/null +++ b/contrib/hostapd-0.5.8/eap_sim_db.c @@ -0,0 +1,1253 @@ +/* + * hostapd / EAP-SIM database/authenticator gateway + * Copyright (c) 2005-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + * + * This is an example implementation of the EAP-SIM/AKA database/authentication + * gateway interface that is using an external program as an SS7 gateway to + * GSM/UMTS authentication center (HLR/AuC). hlr_auc_gw is an example + * implementation of such a gateway program. This eap_sim_db.c takes care of + * EAP-SIM/AKA pseudonyms and re-auth identities. It can be used with different + * gateway implementations for HLR/AuC access. Alternatively, it can also be + * completely replaced if the in-memory database of pseudonyms/re-auth + * identities is not suitable for some cases. + */ + +#include "includes.h" +#include + +#include "common.h" +#include "eap_sim_common.h" +#include "eap_sim_db.h" +#include "eloop.h" + +struct eap_sim_pseudonym { + struct eap_sim_pseudonym *next; + u8 *identity; + size_t identity_len; + char *pseudonym; +}; + +struct eap_sim_db_pending { + struct eap_sim_db_pending *next; + u8 imsi[20]; + size_t imsi_len; + enum { PENDING, SUCCESS, FAILURE } state; + void *cb_session_ctx; + struct os_time timestamp; + int aka; + union { + struct { + u8 kc[EAP_SIM_MAX_CHAL][EAP_SIM_KC_LEN]; + u8 sres[EAP_SIM_MAX_CHAL][EAP_SIM_SRES_LEN]; + u8 rand[EAP_SIM_MAX_CHAL][GSM_RAND_LEN]; + int num_chal; + } sim; + struct { + u8 rand[EAP_AKA_RAND_LEN]; + u8 autn[EAP_AKA_AUTN_LEN]; + u8 ik[EAP_AKA_IK_LEN]; + u8 ck[EAP_AKA_CK_LEN]; + u8 res[EAP_AKA_RES_MAX_LEN]; + size_t res_len; + } aka; + } u; +}; + +struct eap_sim_db_data { + int sock; + char *fname; + char *local_sock; + void (*get_complete_cb)(void *ctx, void *session_ctx); + void *ctx; + struct eap_sim_pseudonym *pseudonyms; + struct eap_sim_reauth *reauths; + struct eap_sim_db_pending *pending; +}; + + +static struct eap_sim_db_pending * +eap_sim_db_get_pending(struct eap_sim_db_data *data, const u8 *imsi, + size_t imsi_len, int aka) +{ + struct eap_sim_db_pending *entry, *prev = NULL; + + entry = data->pending; + while (entry) { + if (entry->aka == aka && entry->imsi_len == imsi_len && + memcmp(entry->imsi, imsi, imsi_len) == 0) { + if (prev) + prev->next = entry->next; + else + data->pending = entry->next; + break; + } + prev = entry; + entry = entry->next; + } + return entry; +} + + +static void eap_sim_db_add_pending(struct eap_sim_db_data *data, + struct eap_sim_db_pending *entry) +{ + entry->next = data->pending; + data->pending = entry; +} + + +static void eap_sim_db_sim_resp_auth(struct eap_sim_db_data *data, + const char *imsi, char *buf) +{ + char *start, *end, *pos; + struct eap_sim_db_pending *entry; + int num_chal; + + /* + * SIM-RESP-AUTH Kc(i):SRES(i):RAND(i) ... + * SIM-RESP-AUTH FAILURE + * (IMSI = ASCII string, Kc/SRES/RAND = hex string) + */ + + entry = eap_sim_db_get_pending(data, (u8 *) imsi, strlen(imsi), 0); + if (entry == NULL) { + wpa_printf(MSG_DEBUG, "EAP-SIM DB: No pending entry for the " + "received message found"); + return; + } + + start = buf; + if (strncmp(start, "FAILURE", 7) == 0) { + wpa_printf(MSG_DEBUG, "EAP-SIM DB: External server reported " + "failure"); + entry->state = FAILURE; + eap_sim_db_add_pending(data, entry); + data->get_complete_cb(data->ctx, entry->cb_session_ctx); + return; + } + + num_chal = 0; + while (num_chal < EAP_SIM_MAX_CHAL) { + end = strchr(start, ' '); + if (end) + *end = '\0'; + + pos = strchr(start, ':'); + if (pos == NULL) + goto parse_fail; + *pos = '\0'; + if (hexstr2bin(start, entry->u.sim.kc[num_chal], + EAP_SIM_KC_LEN)) + goto parse_fail; + + start = pos + 1; + pos = strchr(start, ':'); + if (pos == NULL) + goto parse_fail; + *pos = '\0'; + if (hexstr2bin(start, entry->u.sim.sres[num_chal], + EAP_SIM_SRES_LEN)) + goto parse_fail; + + start = pos + 1; + if (hexstr2bin(start, entry->u.sim.rand[num_chal], + GSM_RAND_LEN)) + goto parse_fail; + + num_chal++; + if (end == NULL) + break; + else + start = end + 1; + } + entry->u.sim.num_chal = num_chal; + + entry->state = SUCCESS; + wpa_printf(MSG_DEBUG, "EAP-SIM DB: Authentication data parsed " + "successfully - callback"); + eap_sim_db_add_pending(data, entry); + data->get_complete_cb(data->ctx, entry->cb_session_ctx); + return; + +parse_fail: + wpa_printf(MSG_DEBUG, "EAP-SIM DB: Failed to parse response string"); + free(entry); +} + + +static void eap_sim_db_aka_resp_auth(struct eap_sim_db_data *data, + const char *imsi, char *buf) +{ + char *start, *end; + struct eap_sim_db_pending *entry; + + /* + * AKA-RESP-AUTH + * AKA-RESP-AUTH FAILURE + * (IMSI = ASCII string, RAND/AUTN/IK/CK/RES = hex string) + */ + + entry = eap_sim_db_get_pending(data, (u8 *) imsi, strlen(imsi), 1); + if (entry == NULL) { + wpa_printf(MSG_DEBUG, "EAP-SIM DB: No pending entry for the " + "received message found"); + return; + } + + start = buf; + if (strncmp(start, "FAILURE", 7) == 0) { + wpa_printf(MSG_DEBUG, "EAP-SIM DB: External server reported " + "failure"); + entry->state = FAILURE; + eap_sim_db_add_pending(data, entry); + data->get_complete_cb(data->ctx, entry->cb_session_ctx); + return; + } + + end = strchr(start, ' '); + if (end == NULL) + goto parse_fail; + *end = '\0'; + if (hexstr2bin(start, entry->u.aka.rand, EAP_AKA_RAND_LEN)) + goto parse_fail; + + start = end + 1; + end = strchr(start, ' '); + if (end == NULL) + goto parse_fail; + *end = '\0'; + if (hexstr2bin(start, entry->u.aka.autn, EAP_AKA_AUTN_LEN)) + goto parse_fail; + + start = end + 1; + end = strchr(start, ' '); + if (end == NULL) + goto parse_fail; + *end = '\0'; + if (hexstr2bin(start, entry->u.aka.ik, EAP_AKA_IK_LEN)) + goto parse_fail; + + start = end + 1; + end = strchr(start, ' '); + if (end == NULL) + goto parse_fail; + *end = '\0'; + if (hexstr2bin(start, entry->u.aka.ck, EAP_AKA_CK_LEN)) + goto parse_fail; + + start = end + 1; + end = strchr(start, ' '); + if (end) + *end = '\0'; + else { + end = start; + while (*end) + end++; + } + entry->u.aka.res_len = (end - start) / 2; + if (entry->u.aka.res_len > EAP_AKA_RES_MAX_LEN) { + wpa_printf(MSG_DEBUG, "EAP-SIM DB: Too long RES"); + entry->u.aka.res_len = 0; + goto parse_fail; + } + if (hexstr2bin(start, entry->u.aka.res, entry->u.aka.res_len)) + goto parse_fail; + + entry->state = SUCCESS; + wpa_printf(MSG_DEBUG, "EAP-SIM DB: Authentication data parsed " + "successfully - callback"); + eap_sim_db_add_pending(data, entry); + data->get_complete_cb(data->ctx, entry->cb_session_ctx); + return; + +parse_fail: + wpa_printf(MSG_DEBUG, "EAP-SIM DB: Failed to parse response string"); + free(entry); +} + + +static void eap_sim_db_receive(int sock, void *eloop_ctx, void *sock_ctx) +{ + struct eap_sim_db_data *data = eloop_ctx; + char buf[1000], *pos, *cmd, *imsi; + int res; + + res = recv(sock, buf, sizeof(buf), 0); + if (res < 0) + return; + wpa_hexdump_ascii_key(MSG_MSGDUMP, "EAP-SIM DB: Received from an " + "external source", (u8 *) buf, res); + if (res == 0) + return; + if (res >= (int) sizeof(buf)) + res = sizeof(buf) - 1; + buf[res] = '\0'; + + if (data->get_complete_cb == NULL) { + wpa_printf(MSG_DEBUG, "EAP-SIM DB: No get_complete_cb " + "registered"); + return; + } + + /* ... */ + + cmd = buf; + pos = strchr(cmd, ' '); + if (pos == NULL) + goto parse_fail; + *pos = '\0'; + imsi = pos + 1; + pos = strchr(imsi, ' '); + if (pos == NULL) + goto parse_fail; + *pos = '\0'; + wpa_printf(MSG_DEBUG, "EAP-SIM DB: External response=%s for IMSI %s", + cmd, imsi); + + if (strcmp(cmd, "SIM-RESP-AUTH") == 0) + eap_sim_db_sim_resp_auth(data, imsi, pos + 1); + else if (strcmp(cmd, "AKA-RESP-AUTH") == 0) + eap_sim_db_aka_resp_auth(data, imsi, pos + 1); + else + wpa_printf(MSG_INFO, "EAP-SIM DB: Unknown external response " + "'%s'", cmd); + return; + +parse_fail: + wpa_printf(MSG_DEBUG, "EAP-SIM DB: Failed to parse response string"); +} + + +static int eap_sim_db_open_socket(struct eap_sim_db_data *data) +{ + struct sockaddr_un addr; + static int counter = 0; + + if (strncmp(data->fname, "unix:", 5) != 0) + return -1; + + data->sock = socket(PF_UNIX, SOCK_DGRAM, 0); + if (data->sock < 0) { + perror("socket(eap_sim_db)"); + return -1; + } + + memset(&addr, 0, sizeof(addr)); + addr.sun_family = AF_UNIX; + snprintf(addr.sun_path, sizeof(addr.sun_path), + "/tmp/eap_sim_db_%d-%d", getpid(), counter++); + data->local_sock = strdup(addr.sun_path); + if (bind(data->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) { + perror("bind(eap_sim_db)"); + close(data->sock); + data->sock = -1; + return -1; + } + + memset(&addr, 0, sizeof(addr)); + addr.sun_family = AF_UNIX; + snprintf(addr.sun_path, sizeof(addr.sun_path), "%s", data->fname + 5); + if (connect(data->sock, (struct sockaddr *) &addr, sizeof(addr)) < 0) { + perror("connect(eap_sim_db)"); + wpa_hexdump_ascii(MSG_INFO, "HLR/AuC GW socket", + (u8 *) addr.sun_path, strlen(addr.sun_path)); + close(data->sock); + data->sock = -1; + return -1; + } + + eloop_register_read_sock(data->sock, eap_sim_db_receive, data, NULL); + + return 0; +} + + +static void eap_sim_db_close_socket(struct eap_sim_db_data *data) +{ + if (data->sock >= 0) { + eloop_unregister_read_sock(data->sock); + close(data->sock); + data->sock = -1; + } + if (data->local_sock) { + unlink(data->local_sock); + free(data->local_sock); + data->local_sock = NULL; + } +} + + +/** + * eap_sim_db_init - Initialize EAP-SIM DB / authentication gateway interface + * @config: Configuration data (e.g., file name) + * @get_complete_cb: Callback function for reporting availability of triplets + * @ctx: Context pointer for get_complete_cb + * Returns: Pointer to a private data structure or %NULL on failure + */ +void * eap_sim_db_init(const char *config, + void (*get_complete_cb)(void *ctx, void *session_ctx), + void *ctx) +{ + struct eap_sim_db_data *data; + + data = wpa_zalloc(sizeof(*data)); + if (data == NULL) + return NULL; + + data->sock = -1; + data->get_complete_cb = get_complete_cb; + data->ctx = ctx; + data->fname = strdup(config); + if (data->fname == NULL) + goto fail; + + if (strncmp(data->fname, "unix:", 5) == 0) { + if (eap_sim_db_open_socket(data)) + goto fail; + } + + return data; + +fail: + eap_sim_db_close_socket(data); + free(data->fname); + free(data); + return NULL; +} + + +static void eap_sim_db_free_pseudonym(struct eap_sim_pseudonym *p) +{ + free(p->identity); + free(p->pseudonym); + free(p); +} + + +static void eap_sim_db_free_reauth(struct eap_sim_reauth *r) +{ + free(r->identity); + free(r->reauth_id); + free(r); +} + + +/** + * eap_sim_db_deinit - Deinitialize EAP-SIM DB/authentication gw interface + * @priv: Private data pointer from eap_sim_db_init() + */ +void eap_sim_db_deinit(void *priv) +{ + struct eap_sim_db_data *data = priv; + struct eap_sim_pseudonym *p, *prev; + struct eap_sim_reauth *r, *prevr; + struct eap_sim_db_pending *pending, *prev_pending; + + eap_sim_db_close_socket(data); + free(data->fname); + + p = data->pseudonyms; + while (p) { + prev = p; + p = p->next; + eap_sim_db_free_pseudonym(prev); + } + + r = data->reauths; + while (r) { + prevr = r; + r = r->next; + eap_sim_db_free_reauth(prevr); + } + + pending = data->pending; + while (pending) { + prev_pending = pending; + pending = pending->next; + free(prev_pending); + } + + free(data); +} + + +static int eap_sim_db_send(struct eap_sim_db_data *data, const char *msg, + size_t len) +{ + int _errno = 0; + + if (send(data->sock, msg, len, 0) < 0) { + _errno = errno; + perror("send[EAP-SIM DB UNIX]"); + } + + if (_errno == ENOTCONN || _errno == EDESTADDRREQ || _errno == EINVAL || + _errno == ECONNREFUSED) { + /* Try to reconnect */ + eap_sim_db_close_socket(data); + if (eap_sim_db_open_socket(data) < 0) + return -1; + wpa_printf(MSG_DEBUG, "EAP-SIM DB: Reconnected to the " + "external server"); + if (send(data->sock, msg, len, 0) < 0) { + perror("send[EAP-SIM DB UNIX]"); + return -1; + } + } + + return 0; +} + + +static void eap_sim_db_expire_pending(struct eap_sim_db_data *data) +{ + /* TODO: add limit for maximum length for pending list; remove latest + * (i.e., last) entry from the list if the limit is reached; could also + * use timeout to expire pending entries */ +} + + +/** + * eap_sim_db_get_gsm_triplets - Get GSM triplets + * @priv: Private data pointer from eap_sim_db_init() + * @identity: User name identity + * @identity_len: Length of identity in bytes + * @max_chal: Maximum number of triplets + * @_rand: Buffer for RAND values + * @kc: Buffer for Kc values + * @sres: Buffer for SRES values + * @cb_session_ctx: Session callback context for get_complete_cb() + * Returns: Number of triplets received (has to be less than or equal to + * max_chal), -1 (EAP_SIM_DB_FAILURE) on error (e.g., user not found), or + * -2 (EAP_SIM_DB_PENDING) if results are not yet available. In this case, the + * callback function registered with eap_sim_db_init() will be called once the + * results become available. + * + * In most cases, the user name is '1' | IMSI, i.e., 1 followed by the IMSI in + * ASCII format. + * + * When using an external server for GSM triplets, this function can always + * start a request and return EAP_SIM_DB_PENDING immediately if authentication + * triplets are not available. Once the triplets are received, callback + * function registered with eap_sim_db_init() is called to notify EAP state + * machine to reprocess the message. This eap_sim_db_get_gsm_triplets() + * function will then be called again and the newly received triplets will then + * be given to the caller. + */ +int eap_sim_db_get_gsm_triplets(void *priv, const u8 *identity, + size_t identity_len, int max_chal, + u8 *_rand, u8 *kc, u8 *sres, + void *cb_session_ctx) +{ + struct eap_sim_db_data *data = priv; + struct eap_sim_db_pending *entry; + int len, ret; + size_t i; + char msg[40]; + + if (identity_len < 2 || identity[0] != EAP_SIM_PERMANENT_PREFIX || + identity_len + 1 > sizeof(entry->imsi)) { + wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM DB: unexpected identity", + identity, identity_len); + return EAP_SIM_DB_FAILURE; + } + identity++; + identity_len--; + for (i = 0; i < identity_len; i++) { + if (identity[i] == '@') { + identity_len = i; + break; + } + } + wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM DB: Get GSM triplets for IMSI", + identity, identity_len); + + entry = eap_sim_db_get_pending(data, identity, identity_len, 0); + if (entry) { + int num_chal; + if (entry->state == FAILURE) { + wpa_printf(MSG_DEBUG, "EAP-SIM DB: Pending entry -> " + "failure"); + free(entry); + return EAP_SIM_DB_FAILURE; + } + + if (entry->state == PENDING) { + wpa_printf(MSG_DEBUG, "EAP-SIM DB: Pending entry -> " + "still pending"); + eap_sim_db_add_pending(data, entry); + return EAP_SIM_DB_PENDING; + } + + wpa_printf(MSG_DEBUG, "EAP-SIM DB: Pending entry -> " + "%d challenges", entry->u.sim.num_chal); + num_chal = entry->u.sim.num_chal; + if (num_chal > max_chal) + num_chal = max_chal; + memcpy(_rand, entry->u.sim.rand, num_chal * GSM_RAND_LEN); + memcpy(sres, entry->u.sim.sres, num_chal * EAP_SIM_SRES_LEN); + memcpy(kc, entry->u.sim.kc, num_chal * EAP_SIM_KC_LEN); + free(entry); + return num_chal; + } + + if (data->sock < 0) { + if (eap_sim_db_open_socket(data) < 0) + return EAP_SIM_DB_FAILURE; + } + + len = snprintf(msg, sizeof(msg), "SIM-REQ-AUTH "); + if (len < 0 || len + identity_len >= sizeof(msg)) + return EAP_SIM_DB_FAILURE; + memcpy(msg + len, identity, identity_len); + len += identity_len; + ret = snprintf(msg + len, sizeof(msg) - len, " %d", max_chal); + if (ret < 0 || (size_t) ret >= sizeof(msg) - len) + return EAP_SIM_DB_FAILURE; + len += ret; + + wpa_hexdump(MSG_DEBUG, "EAP-SIM DB: requesting SIM authentication " + "data for IMSI", identity, identity_len); + if (eap_sim_db_send(data, msg, len) < 0) + return EAP_SIM_DB_FAILURE; + + entry = wpa_zalloc(sizeof(*entry)); + if (entry == NULL) + return EAP_SIM_DB_FAILURE; + + os_get_time(&entry->timestamp); + memcpy(entry->imsi, identity, identity_len); + entry->imsi_len = identity_len; + entry->cb_session_ctx = cb_session_ctx; + entry->state = PENDING; + eap_sim_db_add_pending(data, entry); + eap_sim_db_expire_pending(data); + + return EAP_SIM_DB_PENDING; +} + + +static struct eap_sim_pseudonym * +eap_sim_db_get_pseudonym(struct eap_sim_db_data *data, const u8 *identity, + size_t identity_len) +{ + char *pseudonym; + size_t len; + struct eap_sim_pseudonym *p; + + if (identity_len == 0 || + (identity[0] != EAP_SIM_PSEUDONYM_PREFIX && + identity[0] != EAP_AKA_PSEUDONYM_PREFIX)) + return NULL; + + /* Remove possible realm from identity */ + len = 0; + while (len < identity_len) { + if (identity[len] == '@') + break; + len++; + } + + pseudonym = malloc(len + 1); + if (pseudonym == NULL) + return NULL; + memcpy(pseudonym, identity, len); + pseudonym[len] = '\0'; + + p = data->pseudonyms; + while (p) { + if (strcmp(p->pseudonym, pseudonym) == 0) + break; + p = p->next; + } + + free(pseudonym); + + return p; +} + + +static struct eap_sim_pseudonym * +eap_sim_db_get_pseudonym_id(struct eap_sim_db_data *data, const u8 *identity, + size_t identity_len) +{ + struct eap_sim_pseudonym *p; + + if (identity_len == 0 || + (identity[0] != EAP_SIM_PERMANENT_PREFIX && + identity[0] != EAP_AKA_PERMANENT_PREFIX)) + return NULL; + + p = data->pseudonyms; + while (p) { + if (identity_len == p->identity_len && + memcmp(p->identity, identity, identity_len) == 0) + break; + p = p->next; + } + + return p; +} + + +static struct eap_sim_reauth * +eap_sim_db_get_reauth(struct eap_sim_db_data *data, const u8 *identity, + size_t identity_len) +{ + char *reauth_id; + size_t len; + struct eap_sim_reauth *r; + + if (identity_len == 0 || + (identity[0] != EAP_SIM_REAUTH_ID_PREFIX && + identity[0] != EAP_AKA_REAUTH_ID_PREFIX)) + return NULL; + + /* Remove possible realm from identity */ + len = 0; + while (len < identity_len) { + if (identity[len] == '@') + break; + len++; + } + + reauth_id = malloc(len + 1); + if (reauth_id == NULL) + return NULL; + memcpy(reauth_id, identity, len); + reauth_id[len] = '\0'; + + r = data->reauths; + while (r) { + if (strcmp(r->reauth_id, reauth_id) == 0) + break; + r = r->next; + } + + free(reauth_id); + + return r; +} + + +static struct eap_sim_reauth * +eap_sim_db_get_reauth_id(struct eap_sim_db_data *data, const u8 *identity, + size_t identity_len) +{ + struct eap_sim_pseudonym *p; + struct eap_sim_reauth *r; + + if (identity_len == 0) + return NULL; + + p = eap_sim_db_get_pseudonym(data, identity, identity_len); + if (p == NULL) + p = eap_sim_db_get_pseudonym_id(data, identity, identity_len); + if (p) { + identity = p->identity; + identity_len = p->identity_len; + } + + r = data->reauths; + while (r) { + if (identity_len == r->identity_len && + memcmp(r->identity, identity, identity_len) == 0) + break; + r = r->next; + } + + return r; +} + + +/** + * eap_sim_db_identity_known - Verify whether the given identity is known + * @priv: Private data pointer from eap_sim_db_init() + * @identity: User name identity + * @identity_len: Length of identity in bytes + * Returns: 0 if the user is found or -1 on failure + * + * In most cases, the user name is ['0','1'] | IMSI, i.e., 1 followed by the + * IMSI in ASCII format, ['2','3'] | pseudonym, or ['4','5'] | reauth_id. + */ +int eap_sim_db_identity_known(void *priv, const u8 *identity, + size_t identity_len) +{ + struct eap_sim_db_data *data = priv; + + if (identity == NULL || identity_len < 2) + return -1; + + if (identity[0] == EAP_SIM_PSEUDONYM_PREFIX || + identity[0] == EAP_AKA_PSEUDONYM_PREFIX) { + struct eap_sim_pseudonym *p = + eap_sim_db_get_pseudonym(data, identity, identity_len); + return p ? 0 : -1; + } + + if (identity[0] == EAP_SIM_REAUTH_ID_PREFIX || + identity[0] == EAP_AKA_REAUTH_ID_PREFIX) { + struct eap_sim_reauth *r = + eap_sim_db_get_reauth(data, identity, identity_len); + return r ? 0 : -1; + } + + if (identity[0] != EAP_SIM_PERMANENT_PREFIX && + identity[0] != EAP_AKA_PERMANENT_PREFIX) { + /* Unknown identity prefix */ + return -1; + } + + /* TODO: Should consider asking HLR/AuC gateway whether this permanent + * identity is known. If it is, EAP-SIM/AKA can skip identity request. + * In case of EAP-AKA, this would reduce number of needed round-trips. + * Ideally, this would be done with one wait, i.e., just request + * authentication data and store it for the next use. This would then + * need to use similar pending-request functionality as the normal + * request for authentication data at later phase. + */ + return -1; +} + + +static char * eap_sim_db_get_next(struct eap_sim_db_data *data, char prefix) +{ + char *id, *pos, *end; + u8 buf[10]; + + if (hostapd_get_rand(buf, sizeof(buf))) + return NULL; + id = malloc(sizeof(buf) * 2 + 2); + if (id == NULL) + return NULL; + + pos = id; + end = id + sizeof(buf) * 2 + 2; + *pos++ = prefix; + pos += wpa_snprintf_hex(pos, end - pos, buf, sizeof(buf)); + + return id; +} + + +/** + * eap_sim_db_get_next_pseudonym - EAP-SIM DB: Get next pseudonym + * @priv: Private data pointer from eap_sim_db_init() + * @aka: Using EAP-AKA instead of EAP-SIM + * Returns: Next pseudonym (allocated string) or %NULL on failure + * + * This function is used to generate a pseudonym for EAP-SIM. The returned + * pseudonym is not added to database at this point; it will need to be added + * with eap_sim_db_add_pseudonym() once the authentication has been completed + * successfully. Caller is responsible for freeing the returned buffer. + */ +char * eap_sim_db_get_next_pseudonym(void *priv, int aka) +{ + struct eap_sim_db_data *data = priv; + return eap_sim_db_get_next(data, aka ? EAP_AKA_PSEUDONYM_PREFIX : + EAP_SIM_PSEUDONYM_PREFIX); +} + + +/** + * eap_sim_db_get_next_reauth_id - EAP-SIM DB: Get next reauth_id + * @priv: Private data pointer from eap_sim_db_init() + * @aka: Using EAP-AKA instead of EAP-SIM + * Returns: Next reauth_id (allocated string) or %NULL on failure + * + * This function is used to generate a fast re-authentication identity for + * EAP-SIM. The returned reauth_id is not added to database at this point; it + * will need to be added with eap_sim_db_add_reauth() once the authentication + * has been completed successfully. Caller is responsible for freeing the + * returned buffer. + */ +char * eap_sim_db_get_next_reauth_id(void *priv, int aka) +{ + struct eap_sim_db_data *data = priv; + return eap_sim_db_get_next(data, aka ? EAP_AKA_REAUTH_ID_PREFIX : + EAP_SIM_REAUTH_ID_PREFIX); +} + + +/** + * eap_sim_db_add_pseudonym - EAP-SIM DB: Add new pseudonym + * @priv: Private data pointer from eap_sim_db_init() + * @identity: Identity of the user (may be permanent identity or pseudonym) + * @identity_len: Length of identity + * @pseudonym: Pseudonym for this user. This needs to be an allocated buffer, + * e.g., return value from eap_sim_db_get_next_pseudonym(). Caller must not + * free it. + * Returns: 0 on success, -1 on failure + * + * This function adds a new pseudonym for EAP-SIM user. EAP-SIM DB is + * responsible of freeing pseudonym buffer once it is not needed anymore. + */ +int eap_sim_db_add_pseudonym(void *priv, const u8 *identity, + size_t identity_len, char *pseudonym) +{ + struct eap_sim_db_data *data = priv; + struct eap_sim_pseudonym *p; + wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM DB: Add pseudonym for identity", + identity, identity_len); + wpa_printf(MSG_DEBUG, "EAP-SIM DB: Pseudonym: %s", pseudonym); + + /* TODO: could store last two pseudonyms */ + p = eap_sim_db_get_pseudonym(data, identity, identity_len); + if (p == NULL) + p = eap_sim_db_get_pseudonym_id(data, identity, identity_len); + + if (p) { + wpa_printf(MSG_DEBUG, "EAP-SIM DB: Replacing previous " + "pseudonym: %s", p->pseudonym); + free(p->pseudonym); + p->pseudonym = pseudonym; + return 0; + } + + p = wpa_zalloc(sizeof(*p)); + if (p == NULL) { + free(pseudonym); + return -1; + } + + p->next = data->pseudonyms; + p->identity = malloc(identity_len); + if (p->identity == NULL) { + free(p); + free(pseudonym); + return -1; + } + memcpy(p->identity, identity, identity_len); + p->identity_len = identity_len; + p->pseudonym = pseudonym; + data->pseudonyms = p; + + wpa_printf(MSG_DEBUG, "EAP-SIM DB: Added new pseudonym entry"); + return 0; +} + + +/** + * eap_sim_db_add_reauth - EAP-SIM DB: Add new re-authentication entry + * @priv: Private data pointer from eap_sim_db_init() + * @identity: Identity of the user (may be permanent identity or pseudonym) + * @identity_len: Length of identity + * @reauth_id: reauth_id for this user. This needs to be an allocated buffer, + * e.g., return value from eap_sim_db_get_next_reauth_id(). Caller must not + * free it. + * @mk: 16-byte MK from the previous full authentication + * Returns: 0 on success, -1 on failure + * + * This function adds a new re-authentication entry for an EAP-SIM user. + * EAP-SIM DB is responsible of freeing reauth_id buffer once it is not needed + * anymore. + */ +int eap_sim_db_add_reauth(void *priv, const u8 *identity, + size_t identity_len, char *reauth_id, u16 counter, + const u8 *mk) +{ + struct eap_sim_db_data *data = priv; + struct eap_sim_reauth *r; + wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM DB: Add reauth_id for identity", + identity, identity_len); + wpa_printf(MSG_DEBUG, "EAP-SIM DB: reauth_id: %s", reauth_id); + + r = eap_sim_db_get_reauth(data, identity, identity_len); + if (r == NULL) + r = eap_sim_db_get_reauth_id(data, identity, identity_len); + + if (r) { + wpa_printf(MSG_DEBUG, "EAP-SIM DB: Replacing previous " + "reauth_id: %s", r->reauth_id); + free(r->reauth_id); + r->reauth_id = reauth_id; + } else { + r = wpa_zalloc(sizeof(*r)); + if (r == NULL) { + free(reauth_id); + return -1; + } + + r->next = data->reauths; + r->identity = malloc(identity_len); + if (r->identity == NULL) { + free(r); + free(reauth_id); + return -1; + } + memcpy(r->identity, identity, identity_len); + r->identity_len = identity_len; + r->reauth_id = reauth_id; + data->reauths = r; + wpa_printf(MSG_DEBUG, "EAP-SIM DB: Added new reauth entry"); + } + + r->counter = counter; + memcpy(r->mk, mk, EAP_SIM_MK_LEN); + + return 0; +} + + +/** + * eap_sim_db_get_permanent - EAP-SIM DB: Get permanent identity + * @priv: Private data pointer from eap_sim_db_init() + * @identity: Identity of the user (may be permanent identity or pseudonym) + * @identity_len: Length of identity + * @len: Buffer for length of the returned permanent identity + * Returns: Pointer to the permanent identity, or %NULL if not found + */ +const u8 * eap_sim_db_get_permanent(void *priv, const u8 *identity, + size_t identity_len, size_t *len) +{ + struct eap_sim_db_data *data = priv; + struct eap_sim_pseudonym *p; + + if (identity == NULL) + return NULL; + + p = eap_sim_db_get_pseudonym(data, identity, identity_len); + if (p == NULL) + p = eap_sim_db_get_pseudonym_id(data, identity, identity_len); + if (p == NULL) + return NULL; + + *len = p->identity_len; + return p->identity; +} + + +/** + * eap_sim_db_get_reauth_entry - EAP-SIM DB: Get re-authentication entry + * @priv: Private data pointer from eap_sim_db_init() + * @identity: Identity of the user (may be permanent identity, pseudonym, or + * reauth_id) + * @identity_len: Length of identity + * @len: Buffer for length of the returned permanent identity + * Returns: Pointer to the re-auth entry, or %NULL if not found + */ +struct eap_sim_reauth * +eap_sim_db_get_reauth_entry(void *priv, const u8 *identity, + size_t identity_len) +{ + struct eap_sim_db_data *data = priv; + struct eap_sim_reauth *r; + + if (identity == NULL) + return NULL; + r = eap_sim_db_get_reauth(data, identity, identity_len); + if (r == NULL) + r = eap_sim_db_get_reauth_id(data, identity, identity_len); + return r; +} + + +/** + * eap_sim_db_remove_reauth - EAP-SIM DB: Remove re-authentication entry + * @priv: Private data pointer from eap_sim_db_init() + * @reauth: Pointer to re-authentication entry from + * eap_sim_db_get_reauth_entry() + */ +void eap_sim_db_remove_reauth(void *priv, struct eap_sim_reauth *reauth) +{ + struct eap_sim_db_data *data = priv; + struct eap_sim_reauth *r, *prev = NULL; + r = data->reauths; + while (r) { + if (r == reauth) { + if (prev) + prev->next = r->next; + else + data->reauths = r->next; + eap_sim_db_free_reauth(r); + return; + } + prev = r; + r = r->next; + } +} + + +/** + * eap_sim_db_get_aka_auth - Get AKA authentication values + * @priv: Private data pointer from eap_sim_db_init() + * @identity: User name identity + * @identity_len: Length of identity in bytes + * @_rand: Buffer for RAND value + * @autn: Buffer for AUTN value + * @ik: Buffer for IK value + * @ck: Buffer for CK value + * @res: Buffer for RES value + * @res_len: Buffer for RES length + * @cb_session_ctx: Session callback context for get_complete_cb() + * Returns: 0 on success, -1 (EAP_SIM_DB_FAILURE) on error (e.g., user not + * found), or -2 (EAP_SIM_DB_PENDING) if results are not yet available. In this + * case, the callback function registered with eap_sim_db_init() will be + * called once the results become available. + * + * In most cases, the user name is '0' | IMSI, i.e., 0 followed by the IMSI in + * ASCII format. + * + * When using an external server for AKA authentication, this function can + * always start a request and return EAP_SIM_DB_PENDING immediately if + * authentication triplets are not available. Once the authentication data are + * received, callback function registered with eap_sim_db_init() is called to + * notify EAP state machine to reprocess the message. This + * eap_sim_db_get_aka_auth() function will then be called again and the newly + * received triplets will then be given to the caller. + */ +int eap_sim_db_get_aka_auth(void *priv, const u8 *identity, + size_t identity_len, u8 *_rand, u8 *autn, u8 *ik, + u8 *ck, u8 *res, size_t *res_len, + void *cb_session_ctx) +{ + struct eap_sim_db_data *data = priv; + struct eap_sim_db_pending *entry; + int len; + size_t i; + char msg[40]; + + if (identity_len < 2 || identity == NULL || + identity[0] != EAP_AKA_PERMANENT_PREFIX || + identity_len + 1 > sizeof(entry->imsi)) { + wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM DB: unexpected identity", + identity, identity_len); + return EAP_SIM_DB_FAILURE; + } + identity++; + identity_len--; + for (i = 0; i < identity_len; i++) { + if (identity[i] == '@') { + identity_len = i; + break; + } + } + wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM DB: Get AKA auth for IMSI", + identity, identity_len); + + entry = eap_sim_db_get_pending(data, identity, identity_len, 1); + if (entry) { + if (entry->state == FAILURE) { + free(entry); + wpa_printf(MSG_DEBUG, "EAP-SIM DB: Failure"); + return EAP_SIM_DB_FAILURE; + } + + if (entry->state == PENDING) { + eap_sim_db_add_pending(data, entry); + wpa_printf(MSG_DEBUG, "EAP-SIM DB: Pending"); + return EAP_SIM_DB_PENDING; + } + + wpa_printf(MSG_DEBUG, "EAP-SIM DB: Returning successfully " + "received authentication data"); + memcpy(_rand, entry->u.aka.rand, EAP_AKA_RAND_LEN); + memcpy(autn, entry->u.aka.autn, EAP_AKA_AUTN_LEN); + memcpy(ik, entry->u.aka.ik, EAP_AKA_IK_LEN); + memcpy(ck, entry->u.aka.ck, EAP_AKA_CK_LEN); + memcpy(res, entry->u.aka.res, EAP_AKA_RES_MAX_LEN); + *res_len = entry->u.aka.res_len; + free(entry); + return 0; + } + + if (data->sock < 0) { + if (eap_sim_db_open_socket(data) < 0) + return EAP_SIM_DB_FAILURE; + } + + len = snprintf(msg, sizeof(msg), "AKA-REQ-AUTH "); + if (len < 0 || len + identity_len >= sizeof(msg)) + return EAP_SIM_DB_FAILURE; + memcpy(msg + len, identity, identity_len); + len += identity_len; + + wpa_hexdump(MSG_DEBUG, "EAP-SIM DB: requesting AKA authentication " + "data for IMSI", identity, identity_len); + if (eap_sim_db_send(data, msg, len) < 0) + return EAP_SIM_DB_FAILURE; + + entry = wpa_zalloc(sizeof(*entry)); + if (entry == NULL) + return EAP_SIM_DB_FAILURE; + + os_get_time(&entry->timestamp); + entry->aka = 1; + memcpy(entry->imsi, identity, identity_len); + entry->imsi_len = identity_len; + entry->cb_session_ctx = cb_session_ctx; + entry->state = PENDING; + eap_sim_db_add_pending(data, entry); + eap_sim_db_expire_pending(data); + + return EAP_SIM_DB_PENDING; +} + + +/** + * eap_sim_db_resynchronize - Resynchronize AKA AUTN + * @priv: Private data pointer from eap_sim_db_init() + * @identity: User name identity + * @identity_len: Length of identity in bytes + * @auts: AUTS value from the peer + * @_rand: RAND value used in the rejected message + * Returns: 0 on success, -1 on failure + * + * This function is called when the peer reports synchronization failure in the + * AUTN value by sending AUTS. The AUTS and RAND values should be sent to + * HLR/AuC to allow it to resynchronize with the peer. After this, + * eap_sim_db_get_aka_auth() will be called again to to fetch updated + * RAND/AUTN values for the next challenge. + */ +int eap_sim_db_resynchronize(void *priv, const u8 *identity, + size_t identity_len, const u8 *auts, + const u8 *_rand) +{ + struct eap_sim_db_data *data = priv; + + if (identity_len < 2 || identity[0] != EAP_AKA_PERMANENT_PREFIX || + identity_len > 20) { + wpa_hexdump_ascii(MSG_DEBUG, "EAP-SIM DB: unexpected identity", + identity, identity_len); + return -1; + } + + if (data->sock >= 0) { + char msg[100]; + int len, ret; + + len = snprintf(msg, sizeof(msg), "AKA-AUTS "); + if (len < 0 || len + identity_len - 1 >= sizeof(msg)) + return -1; + memcpy(msg + len, identity + 1, identity_len - 1); + len += identity_len - 1; + + ret = snprintf(msg + len, sizeof(msg) - len, " "); + if (ret < 0 || (size_t) ret >= sizeof(msg) - len) + return -1; + len += ret; + len += wpa_snprintf_hex(msg + len, sizeof(msg) - len, + auts, EAP_AKA_AUTS_LEN); + ret = snprintf(msg + len, sizeof(msg) - len, " "); + if (ret < 0 || (size_t) ret >= sizeof(msg) - len) + return -1; + len += ret; + len += wpa_snprintf_hex(msg + len, sizeof(msg) - len, + _rand, EAP_AKA_RAND_LEN); + wpa_hexdump(MSG_DEBUG, "EAP-SIM DB: reporting AKA AUTS for " + "IMSI", identity + 1, identity_len - 1); + if (eap_sim_db_send(data, msg, len) < 0) + return -1; + } + + return 0; +} diff --git a/contrib/hostapd-0.5.8/eap_sim_db.h b/contrib/hostapd-0.5.8/eap_sim_db.h new file mode 100644 index 0000000000..6754bc3d4c --- /dev/null +++ b/contrib/hostapd-0.5.8/eap_sim_db.h @@ -0,0 +1,99 @@ +/* + * hostapd / EAP-SIM database/authenticator gateway + * Copyright (c) 2005-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef EAP_SIM_DB_H +#define EAP_SIM_DB_H + +#ifdef EAP_SIM + +#include "eap_sim_common.h" + +/* Identity prefixes */ +#define EAP_SIM_PERMANENT_PREFIX '1' +#define EAP_SIM_PSEUDONYM_PREFIX '3' +#define EAP_SIM_REAUTH_ID_PREFIX '5' +#define EAP_AKA_PERMANENT_PREFIX '0' +#define EAP_AKA_PSEUDONYM_PREFIX '2' +#define EAP_AKA_REAUTH_ID_PREFIX '4' + +void * eap_sim_db_init(const char *config, + void (*get_complete_cb)(void *ctx, void *session_ctx), + void *ctx); + +void eap_sim_db_deinit(void *priv); + +int eap_sim_db_get_gsm_triplets(void *priv, const u8 *identity, + size_t identity_len, int max_chal, + u8 *_rand, u8 *kc, u8 *sres, + void *cb_session_ctx); + +#define EAP_SIM_DB_FAILURE -1 +#define EAP_SIM_DB_PENDING -2 + +int eap_sim_db_identity_known(void *priv, const u8 *identity, + size_t identity_len); + +char * eap_sim_db_get_next_pseudonym(void *priv, int aka); + +char * eap_sim_db_get_next_reauth_id(void *priv, int aka); + +int eap_sim_db_add_pseudonym(void *priv, const u8 *identity, + size_t identity_len, char *pseudonym); + +int eap_sim_db_add_reauth(void *priv, const u8 *identity, + size_t identity_len, char *reauth_id, u16 counter, + const u8 *mk); + +const u8 * eap_sim_db_get_permanent(void *priv, const u8 *identity, + size_t identity_len, size_t *len); + +struct eap_sim_reauth { + struct eap_sim_reauth *next; + u8 *identity; + size_t identity_len; + char *reauth_id; + u16 counter; + u8 mk[EAP_SIM_MK_LEN]; +}; + +struct eap_sim_reauth * +eap_sim_db_get_reauth_entry(void *priv, const u8 *identity, + size_t identity_len); + +void eap_sim_db_remove_reauth(void *priv, struct eap_sim_reauth *reauth); + +int eap_sim_db_get_aka_auth(void *priv, const u8 *identity, + size_t identity_len, u8 *_rand, u8 *autn, u8 *ik, + u8 *ck, u8 *res, size_t *res_len, + void *cb_session_ctx); + +int eap_sim_db_resynchronize(void *priv, const u8 *identity, + size_t identity_len, const u8 *auts, + const u8 *_rand); + +#else /* EAP_SIM */ +static inline void * +eap_sim_db_init(const char *config, + void (*get_complete_cb)(void *ctx, void *session_ctx), + void *ctx) +{ + return (void *) 1; +} + +static inline void eap_sim_db_deinit(void *priv) +{ +} +#endif /* EAP_SIM */ + +#endif /* EAP_SIM_DB_H */ diff --git a/contrib/hostapd-0.5.8/eap_tls.c b/contrib/hostapd-0.5.8/eap_tls.c new file mode 100644 index 0000000000..fc85337d56 --- /dev/null +++ b/contrib/hostapd-0.5.8/eap_tls.c @@ -0,0 +1,292 @@ +/* + * hostapd / EAP-TLS (RFC 2716) + * Copyright (c) 2004-2007, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "hostapd.h" +#include "common.h" +#include "eap_i.h" +#include "eap_tls_common.h" +#include "tls.h" + + +static void eap_tls_reset(struct eap_sm *sm, void *priv); + + +struct eap_tls_data { + struct eap_ssl_data ssl; + enum { START, CONTINUE, SUCCESS, FAILURE } state; +}; + + +static void * eap_tls_init(struct eap_sm *sm) +{ + struct eap_tls_data *data; + + data = wpa_zalloc(sizeof(*data)); + if (data == NULL) + return NULL; + data->state = START; + + if (eap_tls_ssl_init(sm, &data->ssl, 1)) { + wpa_printf(MSG_INFO, "EAP-TLS: Failed to initialize SSL."); + eap_tls_reset(sm, data); + return NULL; + } + + return data; +} + + +static void eap_tls_reset(struct eap_sm *sm, void *priv) +{ + struct eap_tls_data *data = priv; + if (data == NULL) + return; + eap_tls_ssl_deinit(sm, &data->ssl); + free(data); +} + + +static u8 * eap_tls_build_start(struct eap_sm *sm, struct eap_tls_data *data, + int id, size_t *reqDataLen) +{ + struct eap_hdr *req; + u8 *pos; + + *reqDataLen = sizeof(*req) + 2; + req = malloc(*reqDataLen); + if (req == NULL) { + wpa_printf(MSG_ERROR, "EAP-TLS: Failed to allocate memory for " + "request"); + data->state = FAILURE; + return NULL; + } + + req->code = EAP_CODE_REQUEST; + req->identifier = id; + req->length = htons(*reqDataLen); + pos = (u8 *) (req + 1); + *pos++ = EAP_TYPE_TLS; + *pos = EAP_TLS_FLAGS_START; + + data->state = CONTINUE; + + return (u8 *) req; +} + + +static u8 * eap_tls_build_req(struct eap_sm *sm, struct eap_tls_data *data, + int id, size_t *reqDataLen) +{ + int res; + u8 *req; + + res = eap_tls_buildReq_helper(sm, &data->ssl, EAP_TYPE_TLS, 0, id, + &req, reqDataLen); + + if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) { + wpa_printf(MSG_DEBUG, "EAP-TLS: Done"); + data->state = SUCCESS; + } + + if (res == 1) + return eap_tls_build_ack(reqDataLen, id, EAP_TYPE_TLS, 0); + return req; +} + + +static u8 * eap_tls_buildReq(struct eap_sm *sm, void *priv, int id, + size_t *reqDataLen) +{ + struct eap_tls_data *data = priv; + + switch (data->state) { + case START: + return eap_tls_build_start(sm, data, id, reqDataLen); + case CONTINUE: + return eap_tls_build_req(sm, data, id, reqDataLen); + default: + wpa_printf(MSG_DEBUG, "EAP-TLS: %s - unexpected state %d", + __func__, data->state); + return NULL; + } +} + + +static Boolean eap_tls_check(struct eap_sm *sm, void *priv, + u8 *respData, size_t respDataLen) +{ + struct eap_hdr *resp; + u8 *pos; + + resp = (struct eap_hdr *) respData; + pos = (u8 *) (resp + 1); + if (respDataLen < sizeof(*resp) + 2 || *pos != EAP_TYPE_TLS || + (ntohs(resp->length)) > respDataLen) { + wpa_printf(MSG_INFO, "EAP-TLS: Invalid frame"); + return TRUE; + } + + return FALSE; +} + + +static void eap_tls_process(struct eap_sm *sm, void *priv, + u8 *respData, size_t respDataLen) +{ + struct eap_tls_data *data = priv; + struct eap_hdr *resp; + u8 *pos, flags; + int left; + unsigned int tls_msg_len; + + resp = (struct eap_hdr *) respData; + pos = (u8 *) (resp + 1); + pos++; + flags = *pos++; + left = htons(resp->length) - sizeof(struct eap_hdr) - 2; + wpa_printf(MSG_DEBUG, "EAP-TLS: Received packet(len=%lu) - " + "Flags 0x%02x", (unsigned long) respDataLen, flags); + if (flags & EAP_TLS_FLAGS_LENGTH_INCLUDED) { + if (left < 4) { + wpa_printf(MSG_INFO, "EAP-TLS: Short frame with TLS " + "length"); + data->state = FAILURE; + return; + } + tls_msg_len = (pos[0] << 24) | (pos[1] << 16) | (pos[2] << 8) | + pos[3]; + wpa_printf(MSG_DEBUG, "EAP-TLS: TLS Message Length: %d", + tls_msg_len); + if (data->ssl.tls_in_left == 0) { + data->ssl.tls_in_total = tls_msg_len; + data->ssl.tls_in_left = tls_msg_len; + free(data->ssl.tls_in); + data->ssl.tls_in = NULL; + data->ssl.tls_in_len = 0; + } + pos += 4; + left -= 4; + } + + if (eap_tls_process_helper(sm, &data->ssl, pos, left) < 0) { + wpa_printf(MSG_INFO, "EAP-TLS: TLS processing failed"); + data->state = FAILURE; + return; + } + + if (tls_connection_get_write_alerts(sm->ssl_ctx, data->ssl.conn) > 1) { + wpa_printf(MSG_INFO, "EAP-TLS: Locally detected fatal error " + "in TLS processing"); + data->state = FAILURE; + return; + } +} + + +static Boolean eap_tls_isDone(struct eap_sm *sm, void *priv) +{ + struct eap_tls_data *data = priv; + return data->state == SUCCESS || data->state == FAILURE; +} + + +static u8 * eap_tls_getKey(struct eap_sm *sm, void *priv, size_t *len) +{ + struct eap_tls_data *data = priv; + u8 *eapKeyData; + + if (data->state != SUCCESS) + return NULL; + + eapKeyData = eap_tls_derive_key(sm, &data->ssl, + "client EAP encryption", + EAP_TLS_KEY_LEN); + if (eapKeyData) { + *len = EAP_TLS_KEY_LEN; + wpa_hexdump(MSG_DEBUG, "EAP-TLS: Derived key", + eapKeyData, EAP_TLS_KEY_LEN); + } else { + wpa_printf(MSG_DEBUG, "EAP-TLS: Failed to derive key"); + } + + return eapKeyData; +} + + +static u8 * eap_tls_get_emsk(struct eap_sm *sm, void *priv, size_t *len) +{ + struct eap_tls_data *data = priv; + u8 *eapKeyData, *emsk; + + if (data->state != SUCCESS) + return NULL; + + eapKeyData = eap_tls_derive_key(sm, &data->ssl, + "client EAP encryption", + EAP_TLS_KEY_LEN + EAP_EMSK_LEN); + if (eapKeyData) { + emsk = malloc(EAP_EMSK_LEN); + if (emsk) + memcpy(emsk, eapKeyData + EAP_TLS_KEY_LEN, + EAP_EMSK_LEN); + free(eapKeyData); + } else + emsk = NULL; + + if (emsk) { + *len = EAP_EMSK_LEN; + wpa_hexdump(MSG_DEBUG, "EAP-TLS: Derived EMSK", + emsk, EAP_EMSK_LEN); + } else { + wpa_printf(MSG_DEBUG, "EAP-TLS: Failed to derive EMSK"); + } + + return emsk; +} + + +static Boolean eap_tls_isSuccess(struct eap_sm *sm, void *priv) +{ + struct eap_tls_data *data = priv; + return data->state == SUCCESS; +} + + +int eap_server_tls_register(void) +{ + struct eap_method *eap; + int ret; + + eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION, + EAP_VENDOR_IETF, EAP_TYPE_TLS, "TLS"); + if (eap == NULL) + return -1; + + eap->init = eap_tls_init; + eap->reset = eap_tls_reset; + eap->buildReq = eap_tls_buildReq; + eap->check = eap_tls_check; + eap->process = eap_tls_process; + eap->isDone = eap_tls_isDone; + eap->getKey = eap_tls_getKey; + eap->isSuccess = eap_tls_isSuccess; + eap->get_emsk = eap_tls_get_emsk; + + ret = eap_server_method_register(eap); + if (ret) + eap_server_method_free(eap); + return ret; +} diff --git a/contrib/hostapd-0.5.8/eap_tls_common.c b/contrib/hostapd-0.5.8/eap_tls_common.c new file mode 100644 index 0000000000..2a089d4d26 --- /dev/null +++ b/contrib/hostapd-0.5.8/eap_tls_common.c @@ -0,0 +1,296 @@ +/* + * hostapd / EAP-TLS/PEAP/TTLS common functions + * Copyright (c) 2004-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "hostapd.h" +#include "common.h" +#include "eap_i.h" +#include "eap_tls_common.h" +#include "sha1.h" +#include "tls.h" + + +int eap_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data, + int verify_peer) +{ + data->eap = sm; + data->phase2 = sm->init_phase2; + + data->conn = tls_connection_init(sm->ssl_ctx); + if (data->conn == NULL) { + wpa_printf(MSG_INFO, "SSL: Failed to initialize new TLS " + "connection"); + return -1; + } + + if (tls_connection_set_verify(sm->ssl_ctx, data->conn, verify_peer)) { + wpa_printf(MSG_INFO, "SSL: Failed to configure verification " + "of TLS peer certificate"); + tls_connection_deinit(sm->ssl_ctx, data->conn); + data->conn = NULL; + return -1; + } + + /* TODO: make this configurable */ + data->tls_out_limit = 1398; + if (data->phase2) { + /* Limit the fragment size in the inner TLS authentication + * since the outer authentication with EAP-PEAP does not yet + * support fragmentation */ + if (data->tls_out_limit > 100) + data->tls_out_limit -= 100; + } + return 0; +} + + +void eap_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data) +{ + tls_connection_deinit(sm->ssl_ctx, data->conn); + free(data->tls_in); + free(data->tls_out); +} + + +u8 * eap_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data, + char *label, size_t len) +{ + struct tls_keys keys; + u8 *rnd = NULL, *out; + + out = malloc(len); + if (out == NULL) + return NULL; + + if (tls_connection_prf(sm->ssl_ctx, data->conn, label, 0, out, len) == + 0) + return out; + + if (tls_connection_get_keys(sm->ssl_ctx, data->conn, &keys)) + goto fail; + + if (keys.client_random == NULL || keys.server_random == NULL || + keys.master_key == NULL) + goto fail; + + rnd = malloc(keys.client_random_len + keys.server_random_len); + if (rnd == NULL) + goto fail; + memcpy(rnd, keys.client_random, keys.client_random_len); + memcpy(rnd + keys.client_random_len, keys.server_random, + keys.server_random_len); + + if (tls_prf(keys.master_key, keys.master_key_len, + label, rnd, keys.client_random_len + + keys.server_random_len, out, len)) + goto fail; + + free(rnd); + return out; + +fail: + free(out); + free(rnd); + return NULL; +} + + +int eap_tls_data_reassemble(struct eap_sm *sm, struct eap_ssl_data *data, + u8 **in_data, size_t *in_len) +{ + u8 *buf; + + if (data->tls_in_left > *in_len || data->tls_in) { + if (data->tls_in_len + *in_len > 65536) { + /* Limit length to avoid rogue peers from causing large + * memory allocations. */ + free(data->tls_in); + data->tls_in = NULL; + data->tls_in_len = 0; + wpa_printf(MSG_INFO, "SSL: Too long TLS fragment (size" + " over 64 kB)"); + return -1; + } + buf = realloc(data->tls_in, data->tls_in_len + *in_len); + if (buf == NULL) { + free(data->tls_in); + data->tls_in = NULL; + data->tls_in_len = 0; + wpa_printf(MSG_INFO, "SSL: Could not allocate memory " + "for TLS data"); + return -1; + } + memcpy(buf + data->tls_in_len, *in_data, *in_len); + data->tls_in = buf; + data->tls_in_len += *in_len; + if (*in_len > data->tls_in_left) { + wpa_printf(MSG_INFO, "SSL: more data than TLS message " + "length indicated"); + data->tls_in_left = 0; + return -1; + } + data->tls_in_left -= *in_len; + if (data->tls_in_left > 0) { + wpa_printf(MSG_DEBUG, "SSL: Need %lu bytes more input " + "data", (unsigned long) data->tls_in_left); + return 1; + } + + *in_data = data->tls_in; + *in_len = data->tls_in_len; + } else + data->tls_in_left = 0; + + return 0; +} + + +int eap_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data, + u8 *in_data, size_t in_len) +{ + WPA_ASSERT(data->tls_out_len == 0 || in_len == 0); + + if (data->tls_out_len == 0) { + /* No more data to send out - expect to receive more data from + * the peer. */ + int res = eap_tls_data_reassemble(sm, data, &in_data, &in_len); + if (res < 0 || res == 1) { + wpa_printf(MSG_DEBUG, "SSL: data reassembly failed"); + return res; + } + /* Full TLS message reassembled - continue handshake processing + */ + if (data->tls_out) { + /* This should not happen.. */ + wpa_printf(MSG_INFO, "SSL: eap_tls_process_helper - " + "pending tls_out data even though " + "tls_out_len = 0"); + free(data->tls_out); + WPA_ASSERT(data->tls_out == NULL); + } + data->tls_out = tls_connection_server_handshake( + sm->ssl_ctx, data->conn, in_data, in_len, + &data->tls_out_len); + + /* Clear reassembled input data (if the buffer was needed). */ + data->tls_in_left = data->tls_in_total = data->tls_in_len = 0; + free(data->tls_in); + data->tls_in = NULL; + } + + if (data->tls_out == NULL) { + wpa_printf(MSG_DEBUG, "SSL: failed to generate output data"); + data->tls_out_len = 0; + return -1; + } + if (data->tls_out_len == 0) { + /* TLS negotiation should now be complete since all other cases + * needing more that should have been catched above based on + * the TLS Message Length field. */ + wpa_printf(MSG_DEBUG, "SSL: No data to be sent out"); + free(data->tls_out); + data->tls_out = NULL; + + if (tls_connection_get_read_alerts(sm->ssl_ctx, data->conn)) { + wpa_printf(MSG_DEBUG, "SSL: Remote end sent a fatal " + "alert - abort handshake"); + return -1; + } + + return 1; + } + + wpa_printf(MSG_DEBUG, "SSL: %lu bytes left to be sent out (of total " + "%lu bytes)", + (unsigned long) data->tls_out_len - data->tls_out_pos, + (unsigned long) data->tls_out_len); + + return 0; +} + + +int eap_tls_buildReq_helper(struct eap_sm *sm, struct eap_ssl_data *data, + int eap_type, int peap_version, u8 id, + u8 **out_data, size_t *out_len) +{ + size_t len; + u8 *pos, *flags; + struct eap_hdr *req; + + *out_len = 0; + + req = malloc(sizeof(struct eap_hdr) + 2 + 4 + data->tls_out_limit); + if (req == NULL) { + *out_data = NULL; + return -1; + } + req->code = EAP_CODE_REQUEST; + req->identifier = id; + pos = (u8 *) (req + 1); + *pos++ = eap_type; + flags = pos++; + *flags = peap_version; + if (data->tls_out_pos == 0 && + data->tls_out_len > data->tls_out_limit) { + *flags |= EAP_TLS_FLAGS_LENGTH_INCLUDED; + *pos++ = (data->tls_out_len >> 24) & 0xff; + *pos++ = (data->tls_out_len >> 16) & 0xff; + *pos++ = (data->tls_out_len >> 8) & 0xff; + *pos++ = data->tls_out_len & 0xff; + } + + len = data->tls_out_len - data->tls_out_pos; + if (len > data->tls_out_limit) { + *flags |= EAP_TLS_FLAGS_MORE_FRAGMENTS; + len = data->tls_out_limit; + wpa_printf(MSG_DEBUG, "SSL: sending %lu bytes, more fragments " + "will follow", (unsigned long) len); + } + memcpy(pos, &data->tls_out[data->tls_out_pos], len); + data->tls_out_pos += len; + *out_len = (pos - (u8 *) req) + len; + req->length = htons(*out_len); + *out_data = (u8 *) req; + + if (!(*flags & EAP_TLS_FLAGS_MORE_FRAGMENTS)) { + data->tls_out_len = 0; + data->tls_out_pos = 0; + free(data->tls_out); + data->tls_out = NULL; + } + + return 0; +} + + +u8 * eap_tls_build_ack(size_t *reqDataLen, u8 id, int eap_type, + int peap_version) +{ + struct eap_hdr *req; + u8 *pos; + + *reqDataLen = sizeof(struct eap_hdr) + 2; + req = malloc(*reqDataLen); + if (req == NULL) + return NULL; + wpa_printf(MSG_DEBUG, "SSL: Building ACK"); + req->code = EAP_CODE_REQUEST; + req->identifier = id; + req->length = htons(*reqDataLen); + pos = (u8 *) (req + 1); + *pos++ = eap_type; /* Type */ + *pos = peap_version; /* Flags */ + return (u8 *) req; +} diff --git a/contrib/hostapd-0.5.8/eap_tls_common.h b/contrib/hostapd-0.5.8/eap_tls_common.h new file mode 100644 index 0000000000..6c9d69603e --- /dev/null +++ b/contrib/hostapd-0.5.8/eap_tls_common.h @@ -0,0 +1,61 @@ +/* + * hostapd / EAP-TLS/PEAP/TTLS common functions + * Copyright (c) 2004-2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef EAP_TLS_COMMON_H +#define EAP_TLS_COMMON_H + +struct eap_ssl_data { + struct tls_connection *conn; + + u8 *tls_out; + size_t tls_out_len; + size_t tls_out_pos; + size_t tls_out_limit; + u8 *tls_in; + size_t tls_in_len; + size_t tls_in_left; + size_t tls_in_total; + + int phase2; + + struct eap_sm *eap; +}; + + +/* EAP TLS Flags */ +#define EAP_TLS_FLAGS_LENGTH_INCLUDED 0x80 +#define EAP_TLS_FLAGS_MORE_FRAGMENTS 0x40 +#define EAP_TLS_FLAGS_START 0x20 +#define EAP_PEAP_VERSION_MASK 0x07 + + /* could be up to 128 bytes, but only the first 64 bytes are used */ +#define EAP_TLS_KEY_LEN 64 + + +int eap_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data, + int verify_peer); +void eap_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data); +u8 * eap_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data, + char *label, size_t len); +int eap_tls_data_reassemble(struct eap_sm *sm, struct eap_ssl_data *data, + u8 **in_data, size_t *in_len); +int eap_tls_process_helper(struct eap_sm *sm, struct eap_ssl_data *data, + u8 *in_data, size_t in_len); +int eap_tls_buildReq_helper(struct eap_sm *sm, struct eap_ssl_data *data, + int eap_type, int peap_version, u8 id, + u8 **out_data, size_t *out_len); +u8 * eap_tls_build_ack(size_t *reqDataLen, u8 id, int eap_type, + int peap_version); + +#endif /* EAP_TLS_COMMON_H */ diff --git a/contrib/hostapd-0.5.8/eap_tlv.c b/contrib/hostapd-0.5.8/eap_tlv.c new file mode 100644 index 0000000000..b48e1861c5 --- /dev/null +++ b/contrib/hostapd-0.5.8/eap_tlv.c @@ -0,0 +1,252 @@ +/* + * hostapd / EAP-TLV (draft-josefsson-pppext-eap-tls-eap-07.txt) + * Copyright (c) 2004-2007, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "hostapd.h" +#include "common.h" +#include "eap_i.h" + + +/* EAP-TLV TLVs (draft-josefsson-ppext-eap-tls-eap-07.txt) */ +#define EAP_TLV_RESULT_TLV 3 /* Acknowledged Result */ +#define EAP_TLV_NAK_TLV 4 +#define EAP_TLV_CRYPTO_BINDING_TLV 5 +#define EAP_TLV_CONNECTION_BINDING_TLV 6 +#define EAP_TLV_VENDOR_SPECIFIC_TLV 7 +#define EAP_TLV_URI_TLV 8 +#define EAP_TLV_EAP_PAYLOAD_TLV 9 +#define EAP_TLV_INTERMEDIATE_RESULT_TLV 10 + +#define EAP_TLV_RESULT_SUCCESS 1 +#define EAP_TLV_RESULT_FAILURE 2 + + +struct eap_tlv_data { + enum { CONTINUE, SUCCESS, FAILURE } state; +}; + + +static void * eap_tlv_init(struct eap_sm *sm) +{ + struct eap_tlv_data *data; + + data = wpa_zalloc(sizeof(*data)); + if (data == NULL) + return NULL; + data->state = CONTINUE; + + return data; +} + + +static void eap_tlv_reset(struct eap_sm *sm, void *priv) +{ + struct eap_tlv_data *data = priv; + free(data); +} + + +static u8 * eap_tlv_buildReq(struct eap_sm *sm, void *priv, int id, + size_t *reqDataLen) +{ + struct eap_hdr *req; + u8 *pos; + u16 status; + + if (sm->tlv_request == TLV_REQ_SUCCESS) { + status = EAP_TLV_RESULT_SUCCESS; + } else { + status = EAP_TLV_RESULT_FAILURE; + } + + *reqDataLen = sizeof(struct eap_hdr) + 1 + 6; + req = malloc(*reqDataLen); + if (req == NULL) + return NULL; + + req->code = EAP_CODE_REQUEST; + req->identifier = id; + req->length = host_to_be16(*reqDataLen); + pos = (u8 *) (req + 1); + *pos++ = EAP_TYPE_TLV; + *pos++ = 0x80; /* Mandatory */ + *pos++ = EAP_TLV_RESULT_TLV; + /* Length */ + *pos++ = 0; + *pos++ = 2; + /* Status */ + *pos++ = status >> 8; + *pos++ = status & 0xff; + + return (u8 *) req; +} + + +static Boolean eap_tlv_check(struct eap_sm *sm, void *priv, + u8 *respData, size_t respDataLen) +{ + struct eap_hdr *resp; + u8 *pos; + + resp = (struct eap_hdr *) respData; + pos = (u8 *) (resp + 1); + if (respDataLen < sizeof(*resp) + 1 || *pos != EAP_TYPE_TLV || + (ntohs(resp->length)) > respDataLen) { + wpa_printf(MSG_INFO, "EAP-TLV: Invalid frame"); + return TRUE; + } + + return FALSE; +} + + +static void eap_tlv_process(struct eap_sm *sm, void *priv, + u8 *respData, size_t respDataLen) +{ + struct eap_tlv_data *data = priv; + struct eap_hdr *resp; + u8 *pos; + size_t left; + u8 *result_tlv = NULL; + size_t result_tlv_len = 0; + int tlv_type, mandatory, tlv_len; + + resp = (struct eap_hdr *) respData; + pos = (u8 *) (resp + 1); + + /* Parse TLVs */ + left = be_to_host16(resp->length) - sizeof(struct eap_hdr) - 1; + pos = (u8 *) (resp + 1); + pos++; + wpa_hexdump(MSG_DEBUG, "EAP-TLV: Received TLVs", pos, left); + while (left >= 4) { + mandatory = !!(pos[0] & 0x80); + tlv_type = pos[0] & 0x3f; + tlv_type = (tlv_type << 8) | pos[1]; + tlv_len = ((int) pos[2] << 8) | pos[3]; + pos += 4; + left -= 4; + if ((size_t) tlv_len > left) { + wpa_printf(MSG_DEBUG, "EAP-TLV: TLV underrun " + "(tlv_len=%d left=%lu)", tlv_len, + (unsigned long) left); + data->state = FAILURE; + return; + } + switch (tlv_type) { + case EAP_TLV_RESULT_TLV: + result_tlv = pos; + result_tlv_len = tlv_len; + break; + default: + wpa_printf(MSG_DEBUG, "EAP-TLV: Unsupported TLV Type " + "%d%s", tlv_type, + mandatory ? " (mandatory)" : ""); + if (mandatory) { + data->state = FAILURE; + return; + } + /* Ignore this TLV, but process other TLVs */ + break; + } + + pos += tlv_len; + left -= tlv_len; + } + if (left) { + wpa_printf(MSG_DEBUG, "EAP-TLV: Last TLV too short in " + "Request (left=%lu)", (unsigned long) left); + data->state = FAILURE; + return; + } + + /* Process supported TLVs */ + if (result_tlv) { + int status; + const char *requested; + + wpa_hexdump(MSG_DEBUG, "EAP-TLV: Result TLV", + result_tlv, result_tlv_len); + if (result_tlv_len < 2) { + wpa_printf(MSG_INFO, "EAP-TLV: Too short Result TLV " + "(len=%lu)", + (unsigned long) result_tlv_len); + data->state = FAILURE; + return; + } + requested = sm->tlv_request == TLV_REQ_SUCCESS ? "Success" : + "Failure"; + status = ((int) result_tlv[0] << 8) | result_tlv[1]; + if (status == EAP_TLV_RESULT_SUCCESS) { + wpa_printf(MSG_INFO, "EAP-TLV: TLV Result - Success " + "- requested %s", requested); + if (sm->tlv_request == TLV_REQ_SUCCESS) + data->state = SUCCESS; + else + data->state = FAILURE; + + } else if (status == EAP_TLV_RESULT_FAILURE) { + wpa_printf(MSG_INFO, "EAP-TLV: TLV Result - Failure - " + "requested %s", requested); + if (sm->tlv_request == TLV_REQ_FAILURE) + data->state = SUCCESS; + else + data->state = FAILURE; + } else { + wpa_printf(MSG_INFO, "EAP-TLV: Unknown TLV Result " + "Status %d", status); + data->state = FAILURE; + } + } +} + + +static Boolean eap_tlv_isDone(struct eap_sm *sm, void *priv) +{ + struct eap_tlv_data *data = priv; + return data->state != CONTINUE; +} + + +static Boolean eap_tlv_isSuccess(struct eap_sm *sm, void *priv) +{ + struct eap_tlv_data *data = priv; + return data->state == SUCCESS; +} + + +int eap_server_tlv_register(void) +{ + struct eap_method *eap; + int ret; + + eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION, + EAP_VENDOR_IETF, EAP_TYPE_TLV, "TLV"); + if (eap == NULL) + return -1; + + eap->init = eap_tlv_init; + eap->reset = eap_tlv_reset; + eap->buildReq = eap_tlv_buildReq; + eap->check = eap_tlv_check; + eap->process = eap_tlv_process; + eap->isDone = eap_tlv_isDone; + eap->isSuccess = eap_tlv_isSuccess; + + ret = eap_server_method_register(eap); + if (ret) + eap_server_method_free(eap); + return ret; +} diff --git a/contrib/hostapd-0.5.8/eap_ttls.c b/contrib/hostapd-0.5.8/eap_ttls.c new file mode 100644 index 0000000000..1c0f17e764 --- /dev/null +++ b/contrib/hostapd-0.5.8/eap_ttls.c @@ -0,0 +1,1502 @@ +/* + * hostapd / EAP-TTLS (draft-ietf-pppext-eap-ttls-05.txt) + * Copyright (c) 2004-2007, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "hostapd.h" +#include "common.h" +#include "eap_i.h" +#include "eap_tls_common.h" +#include "ms_funcs.h" +#include "md5.h" +#include "sha1.h" +#include "crypto.h" +#include "tls.h" +#include "eap_ttls.h" + + +/* Maximum supported PEAP version + * 0 = draft-ietf-pppext-eap-ttls-03.txt / draft-funk-eap-ttls-v0-00.txt + * 1 = draft-funk-eap-ttls-v1-00.txt + */ +#define EAP_TTLS_VERSION 0 /* TTLSv1 implementation is not yet complete */ + + +#define MSCHAPV2_KEY_LEN 16 + + +static void eap_ttls_reset(struct eap_sm *sm, void *priv); + + +struct eap_ttls_data { + struct eap_ssl_data ssl; + enum { + START, PHASE1, PHASE2_START, PHASE2_METHOD, + PHASE2_MSCHAPV2_RESP, PHASE_FINISHED, SUCCESS, FAILURE + } state; + + int ttls_version; + int force_version; + const struct eap_method *phase2_method; + void *phase2_priv; + int mschapv2_resp_ok; + u8 mschapv2_auth_response[20]; + u8 mschapv2_ident; + int tls_ia_configured; +}; + + +static const char * eap_ttls_state_txt(int state) +{ + switch (state) { + case START: + return "START"; + case PHASE1: + return "PHASE1"; + case PHASE2_START: + return "PHASE2_START"; + case PHASE2_METHOD: + return "PHASE2_METHOD"; + case PHASE2_MSCHAPV2_RESP: + return "PHASE2_MSCHAPV2_RESP"; + case PHASE_FINISHED: + return "PHASE_FINISHED"; + case SUCCESS: + return "SUCCESS"; + case FAILURE: + return "FAILURE"; + default: + return "Unknown?!"; + } +} + + +static void eap_ttls_state(struct eap_ttls_data *data, int state) +{ + wpa_printf(MSG_DEBUG, "EAP-TTLS: %s -> %s", + eap_ttls_state_txt(data->state), + eap_ttls_state_txt(state)); + data->state = state; +} + + +static u8 * eap_ttls_avp_hdr(u8 *avphdr, u32 avp_code, u32 vendor_id, + int mandatory, size_t len) +{ + struct ttls_avp_vendor *avp; + u8 flags; + size_t hdrlen; + + avp = (struct ttls_avp_vendor *) avphdr; + flags = mandatory ? AVP_FLAGS_MANDATORY : 0; + if (vendor_id) { + flags |= AVP_FLAGS_VENDOR; + hdrlen = sizeof(*avp); + avp->vendor_id = host_to_be32(vendor_id); + } else { + hdrlen = sizeof(struct ttls_avp); + } + + avp->avp_code = host_to_be32(avp_code); + avp->avp_length = host_to_be32((flags << 24) | (hdrlen + len)); + + return avphdr + hdrlen; +} + + +static int eap_ttls_avp_encapsulate(u8 **resp, size_t *resp_len, u32 avp_code, + int mandatory) +{ + u8 *avp, *pos; + + avp = malloc(sizeof(struct ttls_avp) + *resp_len + 4); + if (avp == NULL) { + free(*resp); + *resp_len = 0; + return -1; + } + + pos = eap_ttls_avp_hdr(avp, avp_code, 0, mandatory, *resp_len); + memcpy(pos, *resp, *resp_len); + pos += *resp_len; + AVP_PAD(avp, pos); + free(*resp); + *resp = avp; + *resp_len = pos - avp; + return 0; +} + + +struct eap_ttls_avp { + /* Note: eap is allocated memory; caller is responsible for freeing + * it. All the other pointers are pointing to the packet data, i.e., + * they must not be freed separately. */ + u8 *eap; + size_t eap_len; + u8 *user_name; + size_t user_name_len; + u8 *user_password; + size_t user_password_len; + u8 *chap_challenge; + size_t chap_challenge_len; + u8 *chap_password; + size_t chap_password_len; + u8 *mschap_challenge; + size_t mschap_challenge_len; + u8 *mschap_response; + size_t mschap_response_len; + u8 *mschap2_response; + size_t mschap2_response_len; +}; + + +static int eap_ttls_avp_parse(u8 *buf, size_t len, struct eap_ttls_avp *parse) +{ + struct ttls_avp *avp; + u8 *pos; + int left; + + pos = buf; + left = len; + memset(parse, 0, sizeof(*parse)); + + while (left > 0) { + u32 avp_code, avp_length, vendor_id = 0; + u8 avp_flags, *dpos; + size_t pad, dlen; + avp = (struct ttls_avp *) pos; + avp_code = be_to_host32(avp->avp_code); + avp_length = be_to_host32(avp->avp_length); + avp_flags = (avp_length >> 24) & 0xff; + avp_length &= 0xffffff; + wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP: code=%d flags=0x%02x " + "length=%d", (int) avp_code, avp_flags, + (int) avp_length); + if ((int) avp_length > left) { + wpa_printf(MSG_WARNING, "EAP-TTLS: AVP overflow " + "(len=%d, left=%d) - dropped", + (int) avp_length, left); + goto fail; + } + if (avp_length < sizeof(*avp)) { + wpa_printf(MSG_WARNING, "EAP-TTLS: Invalid AVP length " + "%d", avp_length); + goto fail; + } + dpos = (u8 *) (avp + 1); + dlen = avp_length - sizeof(*avp); + if (avp_flags & AVP_FLAGS_VENDOR) { + if (dlen < 4) { + wpa_printf(MSG_WARNING, "EAP-TTLS: vendor AVP " + "underflow"); + goto fail; + } + vendor_id = be_to_host32(* (u32 *) dpos); + wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP vendor_id %d", + (int) vendor_id); + dpos += 4; + dlen -= 4; + } + + wpa_hexdump(MSG_DEBUG, "EAP-TTLS: AVP data", dpos, dlen); + + if (vendor_id == 0 && avp_code == RADIUS_ATTR_EAP_MESSAGE) { + wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP - EAP Message"); + if (parse->eap == NULL) { + parse->eap = malloc(dlen); + if (parse->eap == NULL) { + wpa_printf(MSG_WARNING, "EAP-TTLS: " + "failed to allocate memory " + "for Phase 2 EAP data"); + goto fail; + } + memcpy(parse->eap, dpos, dlen); + parse->eap_len = dlen; + } else { + u8 *neweap = realloc(parse->eap, + parse->eap_len + dlen); + if (neweap == NULL) { + wpa_printf(MSG_WARNING, "EAP-TTLS: " + "failed to allocate memory " + "for Phase 2 EAP data"); + goto fail; + } + memcpy(neweap + parse->eap_len, dpos, dlen); + parse->eap = neweap; + parse->eap_len += dlen; + } + } else if (vendor_id == 0 && + avp_code == RADIUS_ATTR_USER_NAME) { + wpa_hexdump_ascii(MSG_DEBUG, "EAP-TTLS: User-Name", + dpos, dlen); + parse->user_name = dpos; + parse->user_name_len = dlen; + } else if (vendor_id == 0 && + avp_code == RADIUS_ATTR_USER_PASSWORD) { + u8 *password = dpos; + size_t password_len = dlen; + while (password_len > 0 && + password[password_len - 1] == '\0') { + password_len--; + } + wpa_hexdump_ascii_key(MSG_DEBUG, "EAP-TTLS: " + "User-Password (PAP)", + password, password_len); + parse->user_password = password; + parse->user_password_len = password_len; + } else if (vendor_id == 0 && + avp_code == RADIUS_ATTR_CHAP_CHALLENGE) { + wpa_hexdump(MSG_DEBUG, + "EAP-TTLS: CHAP-Challenge (CHAP)", + dpos, dlen); + parse->chap_challenge = dpos; + parse->chap_challenge_len = dlen; + } else if (vendor_id == 0 && + avp_code == RADIUS_ATTR_CHAP_PASSWORD) { + wpa_hexdump(MSG_DEBUG, + "EAP-TTLS: CHAP-Password (CHAP)", + dpos, dlen); + parse->chap_password = dpos; + parse->chap_password_len = dlen; + } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT && + avp_code == RADIUS_ATTR_MS_CHAP_CHALLENGE) { + wpa_hexdump(MSG_DEBUG, + "EAP-TTLS: MS-CHAP-Challenge", + dpos, dlen); + parse->mschap_challenge = dpos; + parse->mschap_challenge_len = dlen; + } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT && + avp_code == RADIUS_ATTR_MS_CHAP_RESPONSE) { + wpa_hexdump(MSG_DEBUG, + "EAP-TTLS: MS-CHAP-Response (MSCHAP)", + dpos, dlen); + parse->mschap_response = dpos; + parse->mschap_response_len = dlen; + } else if (vendor_id == RADIUS_VENDOR_ID_MICROSOFT && + avp_code == RADIUS_ATTR_MS_CHAP2_RESPONSE) { + wpa_hexdump(MSG_DEBUG, + "EAP-TTLS: MS-CHAP2-Response (MSCHAPV2)", + dpos, dlen); + parse->mschap2_response = dpos; + parse->mschap2_response_len = dlen; + } else if (avp_flags & AVP_FLAGS_MANDATORY) { + wpa_printf(MSG_WARNING, "EAP-TTLS: Unsupported " + "mandatory AVP code %d vendor_id %d - " + "dropped", (int) avp_code, (int) vendor_id); + goto fail; + } else { + wpa_printf(MSG_DEBUG, "EAP-TTLS: Ignoring unsupported " + "AVP code %d vendor_id %d", + (int) avp_code, (int) vendor_id); + } + + pad = (4 - (avp_length & 3)) & 3; + pos += avp_length + pad; + left -= avp_length + pad; + } + + return 0; + +fail: + free(parse->eap); + parse->eap = NULL; + return -1; +} + + +static u8 * eap_ttls_implicit_challenge(struct eap_sm *sm, + struct eap_ttls_data *data, size_t len) +{ + struct tls_keys keys; + u8 *challenge, *rnd; + + if (data->ttls_version == 0) { + return eap_tls_derive_key(sm, &data->ssl, "ttls challenge", + len); + } + + memset(&keys, 0, sizeof(keys)); + if (tls_connection_get_keys(sm->ssl_ctx, data->ssl.conn, &keys) || + keys.client_random == NULL || keys.server_random == NULL || + keys.inner_secret == NULL) { + wpa_printf(MSG_INFO, "EAP-TTLS: Could not get inner secret, " + "client random, or server random to derive " + "implicit challenge"); + return NULL; + } + + rnd = malloc(keys.client_random_len + keys.server_random_len); + challenge = malloc(len); + if (rnd == NULL || challenge == NULL) { + wpa_printf(MSG_INFO, "EAP-TTLS: No memory for implicit " + "challenge derivation"); + free(rnd); + free(challenge); + return NULL; + } + memcpy(rnd, keys.server_random, keys.server_random_len); + memcpy(rnd + keys.server_random_len, keys.client_random, + keys.client_random_len); + + if (tls_prf(keys.inner_secret, keys.inner_secret_len, + "inner application challenge", rnd, + keys.client_random_len + keys.server_random_len, + challenge, len)) { + wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to derive implicit " + "challenge"); + free(rnd); + free(challenge); + return NULL; + } + + free(rnd); + + wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: Derived implicit challenge", + challenge, len); + + return challenge; +} + + +static void * eap_ttls_init(struct eap_sm *sm) +{ + struct eap_ttls_data *data; + + data = wpa_zalloc(sizeof(*data)); + if (data == NULL) + return NULL; + data->ttls_version = EAP_TTLS_VERSION; + data->force_version = -1; + if (sm->user && sm->user->force_version >= 0) { + data->force_version = sm->user->force_version; + wpa_printf(MSG_DEBUG, "EAP-TTLS: forcing version %d", + data->force_version); + data->ttls_version = data->force_version; + } + data->state = START; + + if (!(tls_capabilities(sm->ssl_ctx) & TLS_CAPABILITY_IA) && + data->ttls_version > 0) { + if (data->force_version > 0) { + wpa_printf(MSG_INFO, "EAP-TTLS: Forced TTLSv%d and " + "TLS library does not support TLS/IA.", + data->force_version); + eap_ttls_reset(sm, data); + return NULL; + } + data->ttls_version = 0; + } + + if (eap_tls_ssl_init(sm, &data->ssl, 0)) { + wpa_printf(MSG_INFO, "EAP-TTLS: Failed to initialize SSL."); + eap_ttls_reset(sm, data); + return NULL; + } + + return data; +} + + +static void eap_ttls_reset(struct eap_sm *sm, void *priv) +{ + struct eap_ttls_data *data = priv; + if (data == NULL) + return; + if (data->phase2_priv && data->phase2_method) + data->phase2_method->reset(sm, data->phase2_priv); + eap_tls_ssl_deinit(sm, &data->ssl); + free(data); +} + + +static u8 * eap_ttls_build_start(struct eap_sm *sm, struct eap_ttls_data *data, + int id, size_t *reqDataLen) +{ + struct eap_hdr *req; + u8 *pos; + + *reqDataLen = sizeof(*req) + 2; + req = malloc(*reqDataLen); + if (req == NULL) { + wpa_printf(MSG_ERROR, "EAP-TTLS: Failed to allocate memory for" + " request"); + eap_ttls_state(data, FAILURE); + return NULL; + } + + req->code = EAP_CODE_REQUEST; + req->identifier = id; + req->length = htons(*reqDataLen); + pos = (u8 *) (req + 1); + *pos++ = EAP_TYPE_TTLS; + *pos = EAP_TLS_FLAGS_START | data->ttls_version; + + eap_ttls_state(data, PHASE1); + + return (u8 *) req; +} + + +static u8 * eap_ttls_build_req(struct eap_sm *sm, struct eap_ttls_data *data, + int id, size_t *reqDataLen) +{ + int res; + u8 *req; + + res = eap_tls_buildReq_helper(sm, &data->ssl, EAP_TYPE_TTLS, + data->ttls_version, id, &req, + reqDataLen); + + if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) { + wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase1 done, starting " + "Phase2"); + eap_ttls_state(data, PHASE2_START); + } + + if (res == 1) + return eap_tls_build_ack(reqDataLen, id, EAP_TYPE_TTLS, + data->ttls_version); + return req; +} + + +static u8 * eap_ttls_encrypt(struct eap_sm *sm, struct eap_ttls_data *data, + int id, u8 *plain, size_t plain_len, + size_t *out_len) +{ + int res; + u8 *pos; + struct eap_hdr *req; + + /* TODO: add support for fragmentation, if needed. This will need to + * add TLS Message Length field, if the frame is fragmented. */ + req = malloc(sizeof(struct eap_hdr) + 2 + data->ssl.tls_out_limit); + if (req == NULL) + return NULL; + + req->code = EAP_CODE_REQUEST; + req->identifier = id; + + pos = (u8 *) (req + 1); + *pos++ = EAP_TYPE_TTLS; + *pos++ = data->ttls_version; + + res = tls_connection_encrypt(sm->ssl_ctx, data->ssl.conn, + plain, plain_len, + pos, data->ssl.tls_out_limit); + if (res < 0) { + wpa_printf(MSG_INFO, "EAP-TTLS: Failed to encrypt Phase 2 " + "data"); + free(req); + return NULL; + } + + *out_len = sizeof(struct eap_hdr) + 2 + res; + req->length = host_to_be16(*out_len); + return (u8 *) req; +} + + +static u8 * eap_ttls_build_phase2_eap_req(struct eap_sm *sm, + struct eap_ttls_data *data, + int id, size_t *reqDataLen) +{ + u8 *req, *encr_req; + size_t req_len; + + + req = data->phase2_method->buildReq(sm, data->phase2_priv, id, + &req_len); + if (req == NULL) + return NULL; + + wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS/EAP: Encapsulate Phase 2 data", + req, req_len); + + if (eap_ttls_avp_encapsulate(&req, &req_len, RADIUS_ATTR_EAP_MESSAGE, + 1) < 0) { + wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Failed to encapsulate " + "packet"); + return NULL; + } + + wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS/EAP: Encrypt encapsulated Phase " + "2 data", req, req_len); + + encr_req = eap_ttls_encrypt(sm, data, id, req, req_len, reqDataLen); + free(req); + + return encr_req; +} + + +static u8 * eap_ttls_build_phase2_mschapv2(struct eap_sm *sm, + struct eap_ttls_data *data, + int id, size_t *reqDataLen) +{ + u8 *req, *encr_req, *pos, *end; + int ret; + size_t req_len; + + pos = req = malloc(100); + if (req == NULL) + return NULL; + end = req + 100; + + if (data->mschapv2_resp_ok) { + pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_MS_CHAP2_SUCCESS, + RADIUS_VENDOR_ID_MICROSOFT, 1, 43); + *pos++ = data->mschapv2_ident; + ret = snprintf((char *) pos, end - pos, "S="); + if (ret >= 0 && ret < end - pos) + pos += ret; + pos += wpa_snprintf_hex_uppercase( + (char *) pos, end - pos, data->mschapv2_auth_response, + sizeof(data->mschapv2_auth_response)); + } else { + pos = eap_ttls_avp_hdr(pos, RADIUS_ATTR_MS_CHAP_ERROR, + RADIUS_VENDOR_ID_MICROSOFT, 1, 6); + memcpy(pos, "Failed", 6); + pos += 6; + AVP_PAD(req, pos); + } + + req_len = pos - req; + wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Encrypting Phase 2 " + "data", req, req_len); + + encr_req = eap_ttls_encrypt(sm, data, id, req, req_len, reqDataLen); + free(req); + + return encr_req; +} + + +static u8 * eap_ttls_build_phase_finished(struct eap_sm *sm, + struct eap_ttls_data *data, + int id, int final, + size_t *reqDataLen) +{ + int len; + struct eap_hdr *req; + u8 *pos; + const int max_len = 300; + + len = sizeof(struct eap_hdr) + 2 + max_len; + req = malloc(len); + if (req == NULL) + return NULL; + + req->code = EAP_CODE_REQUEST; + req->identifier = id; + + pos = (u8 *) (req + 1); + *pos++ = EAP_TYPE_TTLS; + *pos++ = data->ttls_version; + + len = tls_connection_ia_send_phase_finished(sm->ssl_ctx, + data->ssl.conn, + final, pos, max_len); + if (len < 0) { + free(req); + return NULL; + } + + *reqDataLen = sizeof(struct eap_hdr) + 2 + len; + req->length = host_to_be16(*reqDataLen); + + return (u8 *) req; +} + + +static u8 * eap_ttls_buildReq(struct eap_sm *sm, void *priv, int id, + size_t *reqDataLen) +{ + struct eap_ttls_data *data = priv; + + switch (data->state) { + case START: + return eap_ttls_build_start(sm, data, id, reqDataLen); + case PHASE1: + return eap_ttls_build_req(sm, data, id, reqDataLen); + case PHASE2_METHOD: + return eap_ttls_build_phase2_eap_req(sm, data, id, reqDataLen); + case PHASE2_MSCHAPV2_RESP: + return eap_ttls_build_phase2_mschapv2(sm, data, id, + reqDataLen); + case PHASE_FINISHED: + return eap_ttls_build_phase_finished(sm, data, id, 1, + reqDataLen); + default: + wpa_printf(MSG_DEBUG, "EAP-TTLS: %s - unexpected state %d", + __func__, data->state); + return NULL; + } +} + + +static Boolean eap_ttls_check(struct eap_sm *sm, void *priv, + u8 *respData, size_t respDataLen) +{ + struct eap_hdr *resp; + u8 *pos; + + resp = (struct eap_hdr *) respData; + pos = (u8 *) (resp + 1); + if (respDataLen < sizeof(*resp) + 2 || *pos != EAP_TYPE_TTLS || + (ntohs(resp->length)) > respDataLen) { + wpa_printf(MSG_INFO, "EAP-TTLS: Invalid frame"); + return TRUE; + } + + return FALSE; +} + + +static int eap_ttls_ia_permute_inner_secret(struct eap_sm *sm, + struct eap_ttls_data *data, + const u8 *key, size_t key_len) +{ + u8 *buf; + size_t buf_len; + int ret; + + if (key) { + buf_len = 2 + key_len; + buf = malloc(buf_len); + if (buf == NULL) + return -1; + WPA_PUT_BE16(buf, key_len); + memcpy(buf + 2, key, key_len); + } else { + buf = NULL; + buf_len = 0; + } + + wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: Session keys for TLS/IA inner " + "secret permutation", buf, buf_len); + ret = tls_connection_ia_permute_inner_secret(sm->ssl_ctx, + data->ssl.conn, + buf, buf_len); + free(buf); + + return ret; +} + + +static void eap_ttls_process_phase2_pap(struct eap_sm *sm, + struct eap_ttls_data *data, + const u8 *user_password, + size_t user_password_len) +{ + /* TODO: add support for verifying that the user entry accepts + * EAP-TTLS/PAP. */ + if (!sm->user || !sm->user->password || sm->user->password_hash) { + wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP: No plaintext user " + "password configured"); + eap_ttls_state(data, FAILURE); + return; + } + + if (sm->user->password_len != user_password_len || + memcmp(sm->user->password, user_password, user_password_len) != 0) + { + wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP: Invalid user password"); + eap_ttls_state(data, FAILURE); + return; + } + + wpa_printf(MSG_DEBUG, "EAP-TTLS/PAP: Correct user password"); + eap_ttls_state(data, data->ttls_version > 0 ? PHASE_FINISHED : + SUCCESS); +} + + +static void eap_ttls_process_phase2_chap(struct eap_sm *sm, + struct eap_ttls_data *data, + const u8 *challenge, + size_t challenge_len, + const u8 *password, + size_t password_len) +{ + u8 *chal, hash[MD5_MAC_LEN]; + const u8 *addr[3]; + size_t len[3]; + + if (challenge == NULL || password == NULL || + challenge_len != EAP_TTLS_CHAP_CHALLENGE_LEN || + password_len != 1 + EAP_TTLS_CHAP_PASSWORD_LEN) { + wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Invalid CHAP attributes " + "(challenge len %lu password len %lu)", + (unsigned long) challenge_len, + (unsigned long) password_len); + eap_ttls_state(data, FAILURE); + return; + } + + /* TODO: add support for verifying that the user entry accepts + * EAP-TTLS/CHAP. */ + if (!sm->user || !sm->user->password || sm->user->password_hash) { + wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: No plaintext user " + "password configured"); + eap_ttls_state(data, FAILURE); + return; + } + + chal = eap_ttls_implicit_challenge(sm, data, + EAP_TTLS_CHAP_CHALLENGE_LEN + 1); + if (chal == NULL) { + wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Failed to generate " + "challenge from TLS data"); + eap_ttls_state(data, FAILURE); + return; + } + + if (memcmp(challenge, chal, EAP_TTLS_CHAP_CHALLENGE_LEN) != 0 || + password[0] != chal[EAP_TTLS_CHAP_CHALLENGE_LEN]) { + wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Challenge mismatch"); + free(chal); + eap_ttls_state(data, FAILURE); + return; + } + free(chal); + + /* MD5(Ident + Password + Challenge) */ + addr[0] = password; + len[0] = 1; + addr[1] = sm->user->password; + len[1] = sm->user->password_len; + addr[2] = challenge; + len[2] = challenge_len; + md5_vector(3, addr, len, hash); + + if (memcmp(hash, password + 1, EAP_TTLS_CHAP_PASSWORD_LEN) == 0) { + wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Correct user password"); + eap_ttls_state(data, data->ttls_version > 0 ? PHASE_FINISHED : + SUCCESS); + } else { + wpa_printf(MSG_DEBUG, "EAP-TTLS/CHAP: Invalid user password"); + eap_ttls_state(data, FAILURE); + } +} + + +static void eap_ttls_process_phase2_mschap(struct eap_sm *sm, + struct eap_ttls_data *data, + u8 *challenge, size_t challenge_len, + u8 *response, size_t response_len) +{ + u8 *chal, nt_response[24]; + + if (challenge == NULL || response == NULL || + challenge_len != EAP_TTLS_MSCHAP_CHALLENGE_LEN || + response_len != EAP_TTLS_MSCHAP_RESPONSE_LEN) { + wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Invalid MS-CHAP " + "attributes (challenge len %lu response len %lu)", + (unsigned long) challenge_len, + (unsigned long) response_len); + eap_ttls_state(data, FAILURE); + return; + } + + /* TODO: add support for verifying that the user entry accepts + * EAP-TTLS/MSCHAP. */ + if (!sm->user || !sm->user->password) { + wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: No user password " + "configured"); + eap_ttls_state(data, FAILURE); + return; + } + + chal = eap_ttls_implicit_challenge(sm, data, + EAP_TTLS_MSCHAP_CHALLENGE_LEN + 1); + if (chal == NULL) { + wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Failed to generate " + "challenge from TLS data"); + eap_ttls_state(data, FAILURE); + return; + } + + if (memcmp(challenge, chal, EAP_TTLS_MSCHAP_CHALLENGE_LEN) != 0 || + response[0] != chal[EAP_TTLS_MSCHAP_CHALLENGE_LEN]) { + wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Challenge mismatch"); + free(chal); + eap_ttls_state(data, FAILURE); + return; + } + free(chal); + + if (sm->user->password_hash) + challenge_response(challenge, sm->user->password, nt_response); + else + nt_challenge_response(challenge, sm->user->password, + sm->user->password_len, nt_response); + + if (memcmp(nt_response, response + 2 + 24, 24) == 0) { + wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Correct response"); + eap_ttls_state(data, data->ttls_version > 0 ? PHASE_FINISHED : + SUCCESS); + } else { + wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAP: Invalid NT-Response"); + wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAP: Received", + response + 2 + 24, 24); + wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAP: Expected", + nt_response, 24); + eap_ttls_state(data, FAILURE); + } +} + + +static void eap_ttls_process_phase2_mschapv2(struct eap_sm *sm, + struct eap_ttls_data *data, + u8 *challenge, + size_t challenge_len, + u8 *response, size_t response_len) +{ + u8 *chal, *username, nt_response[24], *rx_resp, *peer_challenge, + *auth_challenge; + size_t username_len, i; + + if (challenge == NULL || response == NULL || + challenge_len != EAP_TTLS_MSCHAPV2_CHALLENGE_LEN || + response_len != EAP_TTLS_MSCHAPV2_RESPONSE_LEN) { + wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Invalid MS-CHAP2 " + "attributes (challenge len %lu response len %lu)", + (unsigned long) challenge_len, + (unsigned long) response_len); + eap_ttls_state(data, FAILURE); + return; + } + + /* TODO: add support for verifying that the user entry accepts + * EAP-TTLS/MSCHAPV2. */ + if (!sm->user || !sm->user->password) { + wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: No user password " + "configured"); + eap_ttls_state(data, FAILURE); + return; + } + + /* MSCHAPv2 does not include optional domain name in the + * challenge-response calculation, so remove domain prefix + * (if present). */ + username = sm->identity; + username_len = sm->identity_len; + for (i = 0; i < username_len; i++) { + if (username[i] == '\\') { + username_len -= i + 1; + username += i + 1; + break; + } + } + + chal = eap_ttls_implicit_challenge( + sm, data, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 1); + if (chal == NULL) { + wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Failed to generate " + "challenge from TLS data"); + eap_ttls_state(data, FAILURE); + return; + } + + if (memcmp(challenge, chal, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN) != 0 || + response[0] != chal[EAP_TTLS_MSCHAPV2_CHALLENGE_LEN]) { + wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Challenge mismatch"); + free(chal); + eap_ttls_state(data, FAILURE); + return; + } + free(chal); + + auth_challenge = challenge; + peer_challenge = response + 2; + + wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: User", + username, username_len); + wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: auth_challenge", + auth_challenge, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN); + wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: peer_challenge", + peer_challenge, EAP_TTLS_MSCHAPV2_CHALLENGE_LEN); + + if (sm->user->password_hash) { + generate_nt_response_pwhash(auth_challenge, peer_challenge, + username, username_len, + sm->user->password, + nt_response); + } else { + generate_nt_response(auth_challenge, peer_challenge, + username, username_len, + sm->user->password, + sm->user->password_len, + nt_response); + } + + rx_resp = response + 2 + EAP_TTLS_MSCHAPV2_CHALLENGE_LEN + 8; + if (memcmp(nt_response, rx_resp, 24) == 0) { + wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Correct " + "NT-Response"); + data->mschapv2_resp_ok = 1; + if (data->ttls_version > 0) { + const u8 *pw_hash; + u8 pw_hash_buf[16], pw_hash_hash[16], master_key[16]; + u8 session_key[2 * MSCHAPV2_KEY_LEN]; + + if (sm->user->password_hash) + pw_hash = sm->user->password; + else { + nt_password_hash(sm->user->password, + sm->user->password_len, + pw_hash_buf); + pw_hash = pw_hash_buf; + } + hash_nt_password_hash(pw_hash, pw_hash_hash); + get_master_key(pw_hash_hash, nt_response, master_key); + get_asymetric_start_key(master_key, session_key, + MSCHAPV2_KEY_LEN, 0, 0); + get_asymetric_start_key(master_key, + session_key + MSCHAPV2_KEY_LEN, + MSCHAPV2_KEY_LEN, 1, 0); + eap_ttls_ia_permute_inner_secret(sm, data, + session_key, + sizeof(session_key)); + } + + if (sm->user->password_hash) { + generate_authenticator_response_pwhash( + sm->user->password, + peer_challenge, auth_challenge, + username, username_len, nt_response, + data->mschapv2_auth_response); + } else { + generate_authenticator_response( + sm->user->password, sm->user->password_len, + peer_challenge, auth_challenge, + username, username_len, nt_response, + data->mschapv2_auth_response); + } + } else { + wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Invalid " + "NT-Response"); + wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: Received", + rx_resp, 24); + wpa_hexdump(MSG_MSGDUMP, "EAP-TTLS/MSCHAPV2: Expected", + nt_response, 24); + data->mschapv2_resp_ok = 0; + } + eap_ttls_state(data, PHASE2_MSCHAPV2_RESP); + data->mschapv2_ident = response[0]; +} + + +static int eap_ttls_phase2_eap_init(struct eap_sm *sm, + struct eap_ttls_data *data, + EapType eap_type) +{ + if (data->phase2_priv && data->phase2_method) { + data->phase2_method->reset(sm, data->phase2_priv); + data->phase2_method = NULL; + data->phase2_priv = NULL; + } + data->phase2_method = eap_sm_get_eap_methods(EAP_VENDOR_IETF, + eap_type); + if (!data->phase2_method) + return -1; + + sm->init_phase2 = 1; + data->phase2_priv = data->phase2_method->init(sm); + sm->init_phase2 = 0; + return 0; +} + + +static void eap_ttls_process_phase2_eap_response(struct eap_sm *sm, + struct eap_ttls_data *data, + u8 *in_data, size_t in_len) +{ + u8 next_type = EAP_TYPE_NONE; + struct eap_hdr *hdr; + u8 *pos; + size_t left; + const struct eap_method *m = data->phase2_method; + void *priv = data->phase2_priv; + + if (data->phase2_priv == NULL) { + wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: %s - Phase2 not " + "initialized?!", __func__); + return; + } + + hdr = (struct eap_hdr *) in_data; + pos = (u8 *) (hdr + 1); + + if (in_len > sizeof(*hdr) && *pos == EAP_TYPE_NAK) { + left = in_len - sizeof(*hdr); + wpa_hexdump(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 type Nak'ed; " + "allowed types", pos + 1, left - 1); + eap_sm_process_nak(sm, pos + 1, left - 1); + if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS && + sm->user->methods[sm->user_eap_method_index].method != + EAP_TYPE_NONE) { + next_type = sm->user->methods[ + sm->user_eap_method_index++].method; + wpa_printf(MSG_DEBUG, "EAP-TTLS: try EAP type %d", + next_type); + eap_ttls_phase2_eap_init(sm, data, next_type); + } else { + eap_ttls_state(data, FAILURE); + } + return; + } + + if (m->check(sm, priv, in_data, in_len)) { + wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 check() asked to " + "ignore the packet"); + return; + } + + m->process(sm, priv, in_data, in_len); + + if (!m->isDone(sm, priv)) + return; + + if (!m->isSuccess(sm, priv)) { + wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: Phase2 method failed"); + eap_ttls_state(data, FAILURE); + return; + } + + switch (data->state) { + case PHASE2_START: + if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) { + wpa_hexdump_ascii(MSG_DEBUG, "EAP_TTLS: Phase2 " + "Identity not found in the user " + "database", + sm->identity, sm->identity_len); + eap_ttls_state(data, FAILURE); + break; + } + + eap_ttls_state(data, PHASE2_METHOD); + next_type = sm->user->methods[0].method; + sm->user_eap_method_index = 1; + wpa_printf(MSG_DEBUG, "EAP-TTLS: try EAP type %d", next_type); + break; + case PHASE2_METHOD: + if (data->ttls_version > 0) { + if (m->getKey) { + u8 *key; + size_t key_len; + key = m->getKey(sm, priv, &key_len); + eap_ttls_ia_permute_inner_secret(sm, data, + key, key_len); + } + eap_ttls_state(data, PHASE_FINISHED); + } else + eap_ttls_state(data, SUCCESS); + break; + case FAILURE: + break; + default: + wpa_printf(MSG_DEBUG, "EAP-TTLS: %s - unexpected state %d", + __func__, data->state); + break; + } + + eap_ttls_phase2_eap_init(sm, data, next_type); +} + + +static void eap_ttls_process_phase2_eap(struct eap_sm *sm, + struct eap_ttls_data *data, + const u8 *eap, size_t eap_len) +{ + struct eap_hdr *hdr; + size_t len; + + if (data->state == PHASE2_START) { + wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: initializing Phase 2"); + if (eap_ttls_phase2_eap_init(sm, data, EAP_TYPE_IDENTITY) < 0) + { + wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: failed to " + "initialize EAP-Identity"); + return; + } + } + + if (eap_len < sizeof(*hdr)) { + wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: too short Phase 2 EAP " + "packet (len=%lu)", (unsigned long) eap_len); + return; + } + + hdr = (struct eap_hdr *) eap; + len = be_to_host16(hdr->length); + wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: received Phase 2 EAP: code=%d " + "identifier=%d length=%lu", hdr->code, hdr->identifier, + (unsigned long) len); + if (len > eap_len) { + wpa_printf(MSG_INFO, "EAP-TTLS/EAP: Length mismatch in Phase 2" + " EAP frame (hdr len=%lu, data len in AVP=%lu)", + (unsigned long) len, (unsigned long) eap_len); + return; + } + + switch (hdr->code) { + case EAP_CODE_RESPONSE: + eap_ttls_process_phase2_eap_response(sm, data, (u8 *) hdr, + len); + break; + default: + wpa_printf(MSG_INFO, "EAP-TTLS/EAP: Unexpected code=%d in " + "Phase 2 EAP header", hdr->code); + break; + } +} + + +static void eap_ttls_process_phase2(struct eap_sm *sm, + struct eap_ttls_data *data, + struct eap_hdr *resp, + u8 *in_data, size_t in_len) +{ + u8 *in_decrypted; + int len_decrypted, res; + struct eap_ttls_avp parse; + size_t buf_len; + + wpa_printf(MSG_DEBUG, "EAP-TTLS: received %lu bytes encrypted data for" + " Phase 2", (unsigned long) in_len); + + res = eap_tls_data_reassemble(sm, &data->ssl, &in_data, &in_len); + if (res < 0 || res == 1) + return; + + buf_len = in_len; + if (data->ssl.tls_in_total > buf_len) + buf_len = data->ssl.tls_in_total; + in_decrypted = malloc(buf_len); + if (in_decrypted == NULL) { + free(data->ssl.tls_in); + data->ssl.tls_in = NULL; + data->ssl.tls_in_len = 0; + wpa_printf(MSG_WARNING, "EAP-TTLS: failed to allocate memory " + "for decryption"); + return; + } + + len_decrypted = tls_connection_decrypt(sm->ssl_ctx, data->ssl.conn, + in_data, in_len, + in_decrypted, buf_len); + free(data->ssl.tls_in); + data->ssl.tls_in = NULL; + data->ssl.tls_in_len = 0; + if (len_decrypted < 0) { + wpa_printf(MSG_INFO, "EAP-TTLS: Failed to decrypt Phase 2 " + "data"); + free(in_decrypted); + eap_ttls_state(data, FAILURE); + return; + } + + if (data->state == PHASE_FINISHED) { + if (len_decrypted == 0 && + tls_connection_ia_final_phase_finished(sm->ssl_ctx, + data->ssl.conn)) { + wpa_printf(MSG_DEBUG, "EAP-TTLS: FinalPhaseFinished " + "received"); + eap_ttls_state(data, SUCCESS); + } else { + wpa_printf(MSG_INFO, "EAP-TTLS: Did not receive valid " + "FinalPhaseFinished"); + eap_ttls_state(data, FAILURE); + } + + free(in_decrypted); + return; + } + + wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: Decrypted Phase 2 EAP", + in_decrypted, len_decrypted); + + if (eap_ttls_avp_parse(in_decrypted, len_decrypted, &parse) < 0) { + wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to parse AVPs"); + free(in_decrypted); + eap_ttls_state(data, FAILURE); + return; + } + + if (parse.user_name) { + free(sm->identity); + sm->identity = malloc(parse.user_name_len); + if (sm->identity) { + memcpy(sm->identity, parse.user_name, + parse.user_name_len); + sm->identity_len = parse.user_name_len; + } + if (eap_user_get(sm, parse.user_name, parse.user_name_len, 1) + != 0) { + wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase2 Identity not " + "found in the user database"); + eap_ttls_state(data, FAILURE); + goto done; + } + } + + if (parse.eap) { + eap_ttls_process_phase2_eap(sm, data, parse.eap, + parse.eap_len); + } else if (parse.user_password) { + eap_ttls_process_phase2_pap(sm, data, parse.user_password, + parse.user_password_len); + } else if (parse.chap_password) { + eap_ttls_process_phase2_chap(sm, data, + parse.chap_challenge, + parse.chap_challenge_len, + parse.chap_password, + parse.chap_password_len); + } else if (parse.mschap_response) { + eap_ttls_process_phase2_mschap(sm, data, + parse.mschap_challenge, + parse.mschap_challenge_len, + parse.mschap_response, + parse.mschap_response_len); + } else if (parse.mschap2_response) { + eap_ttls_process_phase2_mschapv2(sm, data, + parse.mschap_challenge, + parse.mschap_challenge_len, + parse.mschap2_response, + parse.mschap2_response_len); + } + +done: + free(in_decrypted); + free(parse.eap); + } + + +static void eap_ttls_process(struct eap_sm *sm, void *priv, + u8 *respData, size_t respDataLen) +{ + struct eap_ttls_data *data = priv; + struct eap_hdr *resp; + u8 *pos, flags; + int left; + unsigned int tls_msg_len; + int peer_version; + + resp = (struct eap_hdr *) respData; + pos = (u8 *) (resp + 1); + pos++; + flags = *pos++; + left = htons(resp->length) - sizeof(struct eap_hdr) - 2; + wpa_printf(MSG_DEBUG, "EAP-TTLS: Received packet(len=%lu) - " + "Flags 0x%02x", (unsigned long) respDataLen, flags); + peer_version = flags & EAP_PEAP_VERSION_MASK; + if (peer_version < data->ttls_version) { + wpa_printf(MSG_DEBUG, "EAP-TTLS: peer ver=%d, own ver=%d; " + "use version %d", + peer_version, data->ttls_version, peer_version); + data->ttls_version = peer_version; + } + + if (data->ttls_version > 0 && !data->tls_ia_configured) { + if (tls_connection_set_ia(sm->ssl_ctx, data->ssl.conn, 1)) { + wpa_printf(MSG_INFO, "EAP-TTLS: Failed to enable " + "TLS/IA"); + eap_ttls_state(data, FAILURE); + return; + } + data->tls_ia_configured = 1; + } + + if (flags & EAP_TLS_FLAGS_LENGTH_INCLUDED) { + if (left < 4) { + wpa_printf(MSG_INFO, "EAP-TTLS: Short frame with TLS " + "length"); + eap_ttls_state(data, FAILURE); + return; + } + tls_msg_len = (pos[0] << 24) | (pos[1] << 16) | (pos[2] << 8) | + pos[3]; + wpa_printf(MSG_DEBUG, "EAP-TTLS: TLS Message Length: %d", + tls_msg_len); + if (data->ssl.tls_in_left == 0) { + data->ssl.tls_in_total = tls_msg_len; + data->ssl.tls_in_left = tls_msg_len; + free(data->ssl.tls_in); + data->ssl.tls_in = NULL; + data->ssl.tls_in_len = 0; + } + pos += 4; + left -= 4; + } + + switch (data->state) { + case PHASE1: + if (eap_tls_process_helper(sm, &data->ssl, pos, left) < 0) { + wpa_printf(MSG_INFO, "EAP-TTLS: TLS processing " + "failed"); + eap_ttls_state(data, FAILURE); + } + break; + case PHASE2_START: + case PHASE2_METHOD: + case PHASE_FINISHED: + eap_ttls_process_phase2(sm, data, resp, pos, left); + break; + case PHASE2_MSCHAPV2_RESP: + if (data->mschapv2_resp_ok && left == 0) { + wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Peer " + "acknowledged response"); + eap_ttls_state(data, data->ttls_version > 0 ? + PHASE_FINISHED : SUCCESS); + } else if (!data->mschapv2_resp_ok) { + wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Peer " + "acknowledged error"); + eap_ttls_state(data, FAILURE); + } else { + wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: Unexpected " + "frame from peer (payload len %d, expected " + "empty frame)", left); + eap_ttls_state(data, FAILURE); + } + break; + default: + wpa_printf(MSG_DEBUG, "EAP-TTLS: Unexpected state %d in %s", + data->state, __func__); + break; + } + + if (tls_connection_get_write_alerts(sm->ssl_ctx, data->ssl.conn) > 1) { + wpa_printf(MSG_INFO, "EAP-TTLS: Locally detected fatal error " + "in TLS processing"); + eap_ttls_state(data, FAILURE); + } +} + + +static Boolean eap_ttls_isDone(struct eap_sm *sm, void *priv) +{ + struct eap_ttls_data *data = priv; + return data->state == SUCCESS || data->state == FAILURE; +} + + +static u8 * eap_ttls_v1_derive_key(struct eap_sm *sm, + struct eap_ttls_data *data) +{ + struct tls_keys keys; + u8 *rnd, *key; + + memset(&keys, 0, sizeof(keys)); + if (tls_connection_get_keys(sm->ssl_ctx, data->ssl.conn, &keys) || + keys.client_random == NULL || keys.server_random == NULL || + keys.inner_secret == NULL) { + wpa_printf(MSG_INFO, "EAP-TTLS: Could not get inner secret, " + "client random, or server random to derive keying " + "material"); + return NULL; + } + + rnd = malloc(keys.client_random_len + keys.server_random_len); + key = malloc(EAP_TLS_KEY_LEN); + if (rnd == NULL || key == NULL) { + wpa_printf(MSG_INFO, "EAP-TTLS: No memory for key derivation"); + free(rnd); + free(key); + return NULL; + } + memcpy(rnd, keys.client_random, keys.client_random_len); + memcpy(rnd + keys.client_random_len, keys.server_random, + keys.server_random_len); + + if (tls_prf(keys.inner_secret, keys.inner_secret_len, + "ttls v1 keying material", rnd, keys.client_random_len + + keys.server_random_len, key, EAP_TLS_KEY_LEN)) { + wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to derive key"); + free(rnd); + free(key); + return NULL; + } + + wpa_hexdump(MSG_DEBUG, "EAP-TTLS: client/server random", + rnd, keys.client_random_len + keys.server_random_len); + wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: TLS/IA inner secret", + keys.inner_secret, keys.inner_secret_len); + + free(rnd); + + return key; +} + + +static u8 * eap_ttls_getKey(struct eap_sm *sm, void *priv, size_t *len) +{ + struct eap_ttls_data *data = priv; + u8 *eapKeyData; + + if (data->state != SUCCESS) + return NULL; + + if (data->ttls_version == 0) { + eapKeyData = eap_tls_derive_key(sm, &data->ssl, + "ttls keying material", + EAP_TLS_KEY_LEN); + } else { + eapKeyData = eap_ttls_v1_derive_key(sm, data); + } + + if (eapKeyData) { + *len = EAP_TLS_KEY_LEN; + wpa_hexdump_key(MSG_DEBUG, "EAP-TTLS: Derived key", + eapKeyData, EAP_TLS_KEY_LEN); + } else { + wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to derive key"); + } + + return eapKeyData; +} + + +static Boolean eap_ttls_isSuccess(struct eap_sm *sm, void *priv) +{ + struct eap_ttls_data *data = priv; + return data->state == SUCCESS; +} + + +int eap_server_ttls_register(void) +{ + struct eap_method *eap; + int ret; + + eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION, + EAP_VENDOR_IETF, EAP_TYPE_TTLS, "TTLS"); + if (eap == NULL) + return -1; + + eap->init = eap_ttls_init; + eap->reset = eap_ttls_reset; + eap->buildReq = eap_ttls_buildReq; + eap->check = eap_ttls_check; + eap->process = eap_ttls_process; + eap->isDone = eap_ttls_isDone; + eap->getKey = eap_ttls_getKey; + eap->isSuccess = eap_ttls_isSuccess; + + ret = eap_server_method_register(eap); + if (ret) + eap_server_method_free(eap); + return ret; +} diff --git a/contrib/hostapd-0.5.8/eap_ttls.h b/contrib/hostapd-0.5.8/eap_ttls.h new file mode 100644 index 0000000000..e0b2cbf454 --- /dev/null +++ b/contrib/hostapd-0.5.8/eap_ttls.h @@ -0,0 +1,71 @@ +/* + * EAP server/peer: EAP-TTLS (draft-ietf-pppext-eap-ttls-03.txt) + * Copyright (c) 2004-2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef EAP_TTLS_H +#define EAP_TTLS_H + +struct ttls_avp { + u32 avp_code; + u32 avp_length; /* 8-bit flags, 24-bit length; + * length includes AVP header */ + /* optional 32-bit Vendor-ID */ + /* Data */ +}; + +struct ttls_avp_vendor { + u32 avp_code; + u32 avp_length; /* 8-bit flags, 24-bit length; + * length includes AVP header */ + u32 vendor_id; + /* Data */ +}; + +#define AVP_FLAGS_VENDOR 0x80 +#define AVP_FLAGS_MANDATORY 0x40 + +#define AVP_PAD(start, pos) \ +do { \ + int __pad; \ + __pad = (4 - (((pos) - (start)) & 3)) & 3; \ + os_memset((pos), 0, __pad); \ + pos += __pad; \ +} while (0) + + +/* RFC 2865 */ +#define RADIUS_ATTR_USER_NAME 1 +#define RADIUS_ATTR_USER_PASSWORD 2 +#define RADIUS_ATTR_CHAP_PASSWORD 3 +#define RADIUS_ATTR_REPLY_MESSAGE 18 +#define RADIUS_ATTR_CHAP_CHALLENGE 60 +#define RADIUS_ATTR_EAP_MESSAGE 79 + +/* RFC 2548 */ +#define RADIUS_VENDOR_ID_MICROSOFT 311 +#define RADIUS_ATTR_MS_CHAP_RESPONSE 1 +#define RADIUS_ATTR_MS_CHAP_ERROR 2 +#define RADIUS_ATTR_MS_CHAP_NT_ENC_PW 6 +#define RADIUS_ATTR_MS_CHAP_CHALLENGE 11 +#define RADIUS_ATTR_MS_CHAP2_RESPONSE 25 +#define RADIUS_ATTR_MS_CHAP2_SUCCESS 26 +#define RADIUS_ATTR_MS_CHAP2_CPW 27 + +#define EAP_TTLS_MSCHAPV2_CHALLENGE_LEN 16 +#define EAP_TTLS_MSCHAPV2_RESPONSE_LEN 50 +#define EAP_TTLS_MSCHAP_CHALLENGE_LEN 8 +#define EAP_TTLS_MSCHAP_RESPONSE_LEN 50 +#define EAP_TTLS_CHAP_CHALLENGE_LEN 16 +#define EAP_TTLS_CHAP_PASSWORD_LEN 16 + +#endif /* EAP_TTLS_H */ diff --git a/contrib/hostapd-0.5.8/eapol_sm.c b/contrib/hostapd-0.5.8/eapol_sm.c new file mode 100644 index 0000000000..f4f575298e --- /dev/null +++ b/contrib/hostapd-0.5.8/eapol_sm.c @@ -0,0 +1,1264 @@ +/* + * hostapd / IEEE 802.1X Authenticator - EAPOL state machine + * Copyright (c) 2002-2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "hostapd.h" +#include "ieee802_1x.h" +#include "eapol_sm.h" +#include "eloop.h" +#include "wpa.h" +#include "preauth.h" +#include "sta_info.h" +#include "eap.h" +#include "state_machine.h" + +#define STATE_MACHINE_DATA struct eapol_state_machine +#define STATE_MACHINE_DEBUG_PREFIX "IEEE 802.1X" +#define STATE_MACHINE_ADDR sm->addr + +static struct eapol_callbacks eapol_cb; + +/* EAPOL state machines are described in IEEE Std 802.1X-REV-d11, Chap. 8.2 */ + +#define setPortAuthorized() \ +ieee802_1x_set_sta_authorized(sm->hapd, sm->sta, 1) +#define setPortUnauthorized() \ +ieee802_1x_set_sta_authorized(sm->hapd, sm->sta, 0) + +/* procedures */ +#define txCannedFail() ieee802_1x_tx_canned_eap(sm->hapd, sm->sta, 0) +#define txCannedSuccess() ieee802_1x_tx_canned_eap(sm->hapd, sm->sta, 1) +#define txReq() ieee802_1x_tx_req(sm->hapd, sm->sta) +#define sendRespToServer() ieee802_1x_send_resp_to_server(sm->hapd, sm->sta) +#define abortAuth() ieee802_1x_abort_auth(sm->hapd, sm->sta) +#define txKey() ieee802_1x_tx_key(sm->hapd, sm->sta) +#define processKey() do { } while (0) + + +static void eapol_sm_step_run(struct eapol_state_machine *sm); +static void eapol_sm_step_cb(void *eloop_ctx, void *timeout_ctx); + + +/* Port Timers state machine - implemented as a function that will be called + * once a second as a registered event loop timeout */ + +static void eapol_port_timers_tick(void *eloop_ctx, void *timeout_ctx) +{ + struct eapol_state_machine *state = timeout_ctx; + + if (state->aWhile > 0) { + state->aWhile--; + if (state->aWhile == 0) { + wpa_printf(MSG_DEBUG, "IEEE 802.1X: " MACSTR + " - aWhile --> 0", + MAC2STR(state->addr)); + } + } + + if (state->quietWhile > 0) { + state->quietWhile--; + if (state->quietWhile == 0) { + wpa_printf(MSG_DEBUG, "IEEE 802.1X: " MACSTR + " - quietWhile --> 0", + MAC2STR(state->addr)); + } + } + + if (state->reAuthWhen > 0) { + state->reAuthWhen--; + if (state->reAuthWhen == 0) { + wpa_printf(MSG_DEBUG, "IEEE 802.1X: " MACSTR + " - reAuthWhen --> 0", + MAC2STR(state->addr)); + } + } + + eapol_sm_step_run(state); + + eloop_register_timeout(1, 0, eapol_port_timers_tick, eloop_ctx, state); +} + + + +/* Authenticator PAE state machine */ + +SM_STATE(AUTH_PAE, INITIALIZE) +{ + SM_ENTRY_MA(AUTH_PAE, INITIALIZE, auth_pae); + sm->portMode = Auto; + + sm->currentId = 255; +} + + +SM_STATE(AUTH_PAE, DISCONNECTED) +{ + int from_initialize = sm->auth_pae_state == AUTH_PAE_INITIALIZE; + + if (sm->eapolLogoff) { + if (sm->auth_pae_state == AUTH_PAE_CONNECTING) + sm->authEapLogoffsWhileConnecting++; + else if (sm->auth_pae_state == AUTH_PAE_AUTHENTICATED) + sm->authAuthEapLogoffWhileAuthenticated++; + } + + SM_ENTRY_MA(AUTH_PAE, DISCONNECTED, auth_pae); + + sm->authPortStatus = Unauthorized; + setPortUnauthorized(); + sm->reAuthCount = 0; + sm->eapolLogoff = FALSE; + if (!from_initialize) { + if (sm->flags & EAPOL_SM_PREAUTH) + rsn_preauth_finished(sm->hapd, sm->sta, 0); + else + ieee802_1x_finished(sm->hapd, sm->sta, 0); + } +} + + +SM_STATE(AUTH_PAE, RESTART) +{ + if (sm->auth_pae_state == AUTH_PAE_AUTHENTICATED) { + if (sm->reAuthenticate) + sm->authAuthReauthsWhileAuthenticated++; + if (sm->eapolStart) + sm->authAuthEapStartsWhileAuthenticated++; + if (sm->eapolLogoff) + sm->authAuthEapLogoffWhileAuthenticated++; + } + + SM_ENTRY_MA(AUTH_PAE, RESTART, auth_pae); + + sm->eapRestart = TRUE; + ieee802_1x_request_identity(sm->hapd, sm->sta); +} + + +SM_STATE(AUTH_PAE, CONNECTING) +{ + if (sm->auth_pae_state != AUTH_PAE_CONNECTING) + sm->authEntersConnecting++; + + SM_ENTRY_MA(AUTH_PAE, CONNECTING, auth_pae); + + sm->reAuthenticate = FALSE; + sm->reAuthCount++; +} + + +SM_STATE(AUTH_PAE, HELD) +{ + if (sm->auth_pae_state == AUTH_PAE_AUTHENTICATING && sm->authFail) + sm->authAuthFailWhileAuthenticating++; + + SM_ENTRY_MA(AUTH_PAE, HELD, auth_pae); + + sm->authPortStatus = Unauthorized; + setPortUnauthorized(); + sm->quietWhile = sm->quietPeriod; + sm->eapolLogoff = FALSE; + + hostapd_logger(sm->hapd, sm->addr, HOSTAPD_MODULE_IEEE8021X, + HOSTAPD_LEVEL_WARNING, "authentication failed - " + "EAP type: %d (%s)", + sm->eap_type_authsrv, + eap_type_text(sm->eap_type_authsrv)); + if (sm->eap_type_authsrv != sm->eap_type_supp) { + hostapd_logger(sm->hapd, sm->addr, + HOSTAPD_MODULE_IEEE8021X, HOSTAPD_LEVEL_INFO, + "Supplicant used different EAP type: %d (%s)", + sm->eap_type_supp, + eap_type_text(sm->eap_type_supp)); + } + if (sm->flags & EAPOL_SM_PREAUTH) + rsn_preauth_finished(sm->hapd, sm->sta, 0); + else + ieee802_1x_finished(sm->hapd, sm->sta, 0); +} + + +SM_STATE(AUTH_PAE, AUTHENTICATED) +{ + char *extra = ""; + + if (sm->auth_pae_state == AUTH_PAE_AUTHENTICATING && sm->authSuccess) + sm->authAuthSuccessesWhileAuthenticating++; + + SM_ENTRY_MA(AUTH_PAE, AUTHENTICATED, auth_pae); + + sm->authPortStatus = Authorized; + setPortAuthorized(); + sm->reAuthCount = 0; + if (sm->flags & EAPOL_SM_PREAUTH) + extra = " (pre-authentication)"; + else if (wpa_auth_sta_get_pmksa(sm->sta->wpa_sm)) + extra = " (PMKSA cache)"; + hostapd_logger(sm->hapd, sm->addr, HOSTAPD_MODULE_IEEE8021X, + HOSTAPD_LEVEL_INFO, "authenticated - EAP type: %d (%s)" + "%s", sm->eap_type_authsrv, + eap_type_text(sm->eap_type_authsrv), extra); + if (sm->flags & EAPOL_SM_PREAUTH) + rsn_preauth_finished(sm->hapd, sm->sta, 1); + else + ieee802_1x_finished(sm->hapd, sm->sta, 1); +} + + +SM_STATE(AUTH_PAE, AUTHENTICATING) +{ + if (sm->auth_pae_state == AUTH_PAE_CONNECTING && sm->rx_identity) { + sm->authEntersAuthenticating++; + sm->rx_identity = FALSE; + } + + SM_ENTRY_MA(AUTH_PAE, AUTHENTICATING, auth_pae); + + sm->eapolStart = FALSE; + sm->authSuccess = FALSE; + sm->authFail = FALSE; + sm->authTimeout = FALSE; + sm->authStart = TRUE; + sm->keyRun = FALSE; + sm->keyDone = FALSE; +} + + +SM_STATE(AUTH_PAE, ABORTING) +{ + if (sm->auth_pae_state == AUTH_PAE_AUTHENTICATING) { + if (sm->authTimeout) + sm->authAuthTimeoutsWhileAuthenticating++; + if (sm->eapolStart) + sm->authAuthEapStartsWhileAuthenticating++; + if (sm->eapolLogoff) + sm->authAuthEapLogoffWhileAuthenticating++; + } + + SM_ENTRY_MA(AUTH_PAE, ABORTING, auth_pae); + + sm->authAbort = TRUE; + sm->keyRun = FALSE; + sm->keyDone = FALSE; +} + + +SM_STATE(AUTH_PAE, FORCE_AUTH) +{ + SM_ENTRY_MA(AUTH_PAE, FORCE_AUTH, auth_pae); + + sm->authPortStatus = Authorized; + setPortAuthorized(); + sm->portMode = ForceAuthorized; + sm->eapolStart = FALSE; + txCannedSuccess(); +} + + +SM_STATE(AUTH_PAE, FORCE_UNAUTH) +{ + SM_ENTRY_MA(AUTH_PAE, FORCE_UNAUTH, auth_pae); + + sm->authPortStatus = Unauthorized; + setPortUnauthorized(); + sm->portMode = ForceUnauthorized; + sm->eapolStart = FALSE; + txCannedFail(); +} + + +SM_STEP(AUTH_PAE) +{ + if ((sm->portControl == Auto && sm->portMode != sm->portControl) || + sm->initialize || !sm->portEnabled) + SM_ENTER(AUTH_PAE, INITIALIZE); + else if (sm->portControl == ForceAuthorized && + sm->portMode != sm->portControl && + !(sm->initialize || !sm->portEnabled)) + SM_ENTER(AUTH_PAE, FORCE_AUTH); + else if (sm->portControl == ForceUnauthorized && + sm->portMode != sm->portControl && + !(sm->initialize || !sm->portEnabled)) + SM_ENTER(AUTH_PAE, FORCE_UNAUTH); + else { + switch (sm->auth_pae_state) { + case AUTH_PAE_INITIALIZE: + SM_ENTER(AUTH_PAE, DISCONNECTED); + break; + case AUTH_PAE_DISCONNECTED: + SM_ENTER(AUTH_PAE, RESTART); + break; + case AUTH_PAE_RESTART: + if (!sm->eapRestart) + SM_ENTER(AUTH_PAE, CONNECTING); + break; + case AUTH_PAE_HELD: + if (sm->quietWhile == 0) + SM_ENTER(AUTH_PAE, RESTART); + break; + case AUTH_PAE_CONNECTING: + if (sm->eapolLogoff || sm->reAuthCount > sm->reAuthMax) + SM_ENTER(AUTH_PAE, DISCONNECTED); + else if ((sm->eapReq && + sm->reAuthCount <= sm->reAuthMax) || + sm->eapSuccess || sm->eapFail) + SM_ENTER(AUTH_PAE, AUTHENTICATING); + break; + case AUTH_PAE_AUTHENTICATED: + if (sm->eapolStart || sm->reAuthenticate) + SM_ENTER(AUTH_PAE, RESTART); + else if (sm->eapolLogoff || !sm->portValid) + SM_ENTER(AUTH_PAE, DISCONNECTED); + break; + case AUTH_PAE_AUTHENTICATING: + if (sm->authSuccess && sm->portValid) + SM_ENTER(AUTH_PAE, AUTHENTICATED); + else if (sm->authFail || + (sm->keyDone && !sm->portValid)) + SM_ENTER(AUTH_PAE, HELD); + else if (sm->eapolStart || sm->eapolLogoff || + sm->authTimeout) + SM_ENTER(AUTH_PAE, ABORTING); + break; + case AUTH_PAE_ABORTING: + if (sm->eapolLogoff && !sm->authAbort) + SM_ENTER(AUTH_PAE, DISCONNECTED); + else if (!sm->eapolLogoff && !sm->authAbort) + SM_ENTER(AUTH_PAE, RESTART); + break; + case AUTH_PAE_FORCE_AUTH: + if (sm->eapolStart) + SM_ENTER(AUTH_PAE, FORCE_AUTH); + break; + case AUTH_PAE_FORCE_UNAUTH: + if (sm->eapolStart) + SM_ENTER(AUTH_PAE, FORCE_UNAUTH); + break; + } + } +} + + + +/* Backend Authentication state machine */ + +SM_STATE(BE_AUTH, INITIALIZE) +{ + SM_ENTRY_MA(BE_AUTH, INITIALIZE, be_auth); + + abortAuth(); + sm->eapNoReq = FALSE; + sm->authAbort = FALSE; +} + + +SM_STATE(BE_AUTH, REQUEST) +{ + SM_ENTRY_MA(BE_AUTH, REQUEST, be_auth); + + txReq(); + sm->eapReq = FALSE; + sm->backendOtherRequestsToSupplicant++; + + /* + * Clearing eapolEap here is not specified in IEEE Std 802.1X-2004, but + * it looks like this would be logical thing to do there since the old + * EAP response would not be valid anymore after the new EAP request + * was sent out. + * + * A race condition has been reported, in which hostapd ended up + * sending out EAP-Response/Identity as a response to the first + * EAP-Request from the main EAP method. This can be avoided by + * clearing eapolEap here. + */ + sm->eapolEap = FALSE; +} + + +SM_STATE(BE_AUTH, RESPONSE) +{ + SM_ENTRY_MA(BE_AUTH, RESPONSE, be_auth); + + sm->authTimeout = FALSE; + sm->eapolEap = FALSE; + sm->eapNoReq = FALSE; + sm->aWhile = sm->serverTimeout; + sm->eapResp = TRUE; + sendRespToServer(); + sm->backendResponses++; +} + + +SM_STATE(BE_AUTH, SUCCESS) +{ + SM_ENTRY_MA(BE_AUTH, SUCCESS, be_auth); + + txReq(); + sm->authSuccess = TRUE; + sm->keyRun = TRUE; +} + + +SM_STATE(BE_AUTH, FAIL) +{ + SM_ENTRY_MA(BE_AUTH, FAIL, be_auth); + + /* Note: IEEE 802.1X-REV-d11 has unconditional txReq() here. + * txCannelFail() is used as a workaround for the case where + * authentication server does not include EAP-Message with + * Access-Reject. */ + if (sm->last_eap_radius == NULL) + txCannedFail(); + else + txReq(); + sm->authFail = TRUE; +} + + +SM_STATE(BE_AUTH, TIMEOUT) +{ + SM_ENTRY_MA(BE_AUTH, TIMEOUT, be_auth); + + sm->authTimeout = TRUE; +} + + +SM_STATE(BE_AUTH, IDLE) +{ + SM_ENTRY_MA(BE_AUTH, IDLE, be_auth); + + sm->authStart = FALSE; +} + + +SM_STATE(BE_AUTH, IGNORE) +{ + SM_ENTRY_MA(BE_AUTH, IGNORE, be_auth); + + sm->eapNoReq = FALSE; +} + + +SM_STEP(BE_AUTH) +{ + if (sm->portControl != Auto || sm->initialize || sm->authAbort) { + SM_ENTER(BE_AUTH, INITIALIZE); + return; + } + + switch (sm->be_auth_state) { + case BE_AUTH_INITIALIZE: + SM_ENTER(BE_AUTH, IDLE); + break; + case BE_AUTH_REQUEST: + if (sm->eapolEap) + SM_ENTER(BE_AUTH, RESPONSE); + else if (sm->eapReq) + SM_ENTER(BE_AUTH, REQUEST); + else if (sm->eapTimeout) + SM_ENTER(BE_AUTH, TIMEOUT); + break; + case BE_AUTH_RESPONSE: + if (sm->eapNoReq) + SM_ENTER(BE_AUTH, IGNORE); + if (sm->eapReq) { + sm->backendAccessChallenges++; + SM_ENTER(BE_AUTH, REQUEST); + } else if (sm->aWhile == 0) + SM_ENTER(BE_AUTH, TIMEOUT); + else if (sm->eapFail) { + sm->backendAuthFails++; + SM_ENTER(BE_AUTH, FAIL); + } else if (sm->eapSuccess) { + sm->backendAuthSuccesses++; + SM_ENTER(BE_AUTH, SUCCESS); + } + break; + case BE_AUTH_SUCCESS: + SM_ENTER(BE_AUTH, IDLE); + break; + case BE_AUTH_FAIL: + SM_ENTER(BE_AUTH, IDLE); + break; + case BE_AUTH_TIMEOUT: + SM_ENTER(BE_AUTH, IDLE); + break; + case BE_AUTH_IDLE: + if (sm->eapFail && sm->authStart) + SM_ENTER(BE_AUTH, FAIL); + else if (sm->eapReq && sm->authStart) + SM_ENTER(BE_AUTH, REQUEST); + else if (sm->eapSuccess && sm->authStart) + SM_ENTER(BE_AUTH, SUCCESS); + break; + case BE_AUTH_IGNORE: + if (sm->eapolEap) + SM_ENTER(BE_AUTH, RESPONSE); + else if (sm->eapReq) + SM_ENTER(BE_AUTH, REQUEST); + else if (sm->eapTimeout) + SM_ENTER(BE_AUTH, TIMEOUT); + break; + } +} + + + +/* Reauthentication Timer state machine */ + +SM_STATE(REAUTH_TIMER, INITIALIZE) +{ + SM_ENTRY_MA(REAUTH_TIMER, INITIALIZE, reauth_timer); + + sm->reAuthWhen = sm->reAuthPeriod; +} + + +SM_STATE(REAUTH_TIMER, REAUTHENTICATE) +{ + SM_ENTRY_MA(REAUTH_TIMER, REAUTHENTICATE, reauth_timer); + + sm->reAuthenticate = TRUE; + wpa_auth_sm_event(sm->sta->wpa_sm, WPA_REAUTH_EAPOL); +} + + +SM_STEP(REAUTH_TIMER) +{ + if (sm->portControl != Auto || sm->initialize || + sm->authPortStatus == Unauthorized || !sm->reAuthEnabled) { + SM_ENTER(REAUTH_TIMER, INITIALIZE); + return; + } + + switch (sm->reauth_timer_state) { + case REAUTH_TIMER_INITIALIZE: + if (sm->reAuthWhen == 0) + SM_ENTER(REAUTH_TIMER, REAUTHENTICATE); + break; + case REAUTH_TIMER_REAUTHENTICATE: + SM_ENTER(REAUTH_TIMER, INITIALIZE); + break; + } +} + + + +/* Authenticator Key Transmit state machine */ + +SM_STATE(AUTH_KEY_TX, NO_KEY_TRANSMIT) +{ + SM_ENTRY_MA(AUTH_KEY_TX, NO_KEY_TRANSMIT, auth_key_tx); +} + + +SM_STATE(AUTH_KEY_TX, KEY_TRANSMIT) +{ + SM_ENTRY_MA(AUTH_KEY_TX, KEY_TRANSMIT, auth_key_tx); + + txKey(); + sm->keyAvailable = FALSE; + sm->keyDone = TRUE; +} + + +SM_STEP(AUTH_KEY_TX) +{ + if (sm->initialize || sm->portControl != Auto) { + SM_ENTER(AUTH_KEY_TX, NO_KEY_TRANSMIT); + return; + } + + switch (sm->auth_key_tx_state) { + case AUTH_KEY_TX_NO_KEY_TRANSMIT: + if (sm->keyTxEnabled && sm->keyAvailable && sm->keyRun && + !wpa_auth_sta_wpa_version(sm->sta->wpa_sm)) + SM_ENTER(AUTH_KEY_TX, KEY_TRANSMIT); + break; + case AUTH_KEY_TX_KEY_TRANSMIT: + if (!sm->keyTxEnabled || !sm->keyRun) + SM_ENTER(AUTH_KEY_TX, NO_KEY_TRANSMIT); + else if (sm->keyAvailable) + SM_ENTER(AUTH_KEY_TX, KEY_TRANSMIT); + break; + } +} + + + +/* Key Receive state machine */ + +SM_STATE(KEY_RX, NO_KEY_RECEIVE) +{ + SM_ENTRY_MA(KEY_RX, NO_KEY_RECEIVE, key_rx); +} + + +SM_STATE(KEY_RX, KEY_RECEIVE) +{ + SM_ENTRY_MA(KEY_RX, KEY_RECEIVE, key_rx); + + processKey(); + sm->rxKey = FALSE; +} + + +SM_STEP(KEY_RX) +{ + if (sm->initialize || !sm->portEnabled) { + SM_ENTER(KEY_RX, NO_KEY_RECEIVE); + return; + } + + switch (sm->key_rx_state) { + case KEY_RX_NO_KEY_RECEIVE: + if (sm->rxKey) + SM_ENTER(KEY_RX, KEY_RECEIVE); + break; + case KEY_RX_KEY_RECEIVE: + if (sm->rxKey) + SM_ENTER(KEY_RX, KEY_RECEIVE); + break; + } +} + + + +/* Controlled Directions state machine */ + +SM_STATE(CTRL_DIR, FORCE_BOTH) +{ + SM_ENTRY_MA(CTRL_DIR, FORCE_BOTH, ctrl_dir); + sm->operControlledDirections = Both; +} + + +SM_STATE(CTRL_DIR, IN_OR_BOTH) +{ + SM_ENTRY_MA(CTRL_DIR, IN_OR_BOTH, ctrl_dir); + sm->operControlledDirections = sm->adminControlledDirections; +} + + +SM_STEP(CTRL_DIR) +{ + if (sm->initialize) { + SM_ENTER(CTRL_DIR, IN_OR_BOTH); + return; + } + + switch (sm->ctrl_dir_state) { + case CTRL_DIR_FORCE_BOTH: + if (sm->portEnabled && sm->operEdge) + SM_ENTER(CTRL_DIR, IN_OR_BOTH); + break; + case CTRL_DIR_IN_OR_BOTH: + if (sm->operControlledDirections != + sm->adminControlledDirections) + SM_ENTER(CTRL_DIR, IN_OR_BOTH); + if (!sm->portEnabled || !sm->operEdge) + SM_ENTER(CTRL_DIR, FORCE_BOTH); + break; + } +} + + + +struct eapol_state_machine * +eapol_sm_alloc(struct hostapd_data *hapd, struct sta_info *sta) +{ + struct eapol_state_machine *sm; + + sm = wpa_zalloc(sizeof(*sm)); + if (sm == NULL) { + printf("IEEE 802.1X port state allocation failed\n"); + return NULL; + } + sm->radius_identifier = -1; + memcpy(sm->addr, sta->addr, ETH_ALEN); + if (sta->flags & WLAN_STA_PREAUTH) + sm->flags |= EAPOL_SM_PREAUTH; + + sm->hapd = hapd; + sm->sta = sta; + + /* Set default values for state machine constants */ + sm->auth_pae_state = AUTH_PAE_INITIALIZE; + sm->quietPeriod = AUTH_PAE_DEFAULT_quietPeriod; + sm->reAuthMax = AUTH_PAE_DEFAULT_reAuthMax; + + sm->be_auth_state = BE_AUTH_INITIALIZE; + sm->serverTimeout = BE_AUTH_DEFAULT_serverTimeout; + + sm->reauth_timer_state = REAUTH_TIMER_INITIALIZE; + sm->reAuthPeriod = hapd->conf->eap_reauth_period; + sm->reAuthEnabled = hapd->conf->eap_reauth_period > 0 ? TRUE : FALSE; + + sm->auth_key_tx_state = AUTH_KEY_TX_NO_KEY_TRANSMIT; + + sm->key_rx_state = KEY_RX_NO_KEY_RECEIVE; + + sm->ctrl_dir_state = CTRL_DIR_IN_OR_BOTH; + + sm->portEnabled = FALSE; + sm->portControl = Auto; + + sm->keyAvailable = FALSE; + if (!hapd->conf->wpa && + (hapd->default_wep_key || hapd->conf->individual_wep_key_len > 0)) + sm->keyTxEnabled = TRUE; + else + sm->keyTxEnabled = FALSE; + if (hapd->conf->wpa) + sm->portValid = FALSE; + else + sm->portValid = TRUE; + + if (hapd->conf->eap_server) { + struct eap_config eap_conf; + memset(&eap_conf, 0, sizeof(eap_conf)); + eap_conf.ssl_ctx = hapd->ssl_ctx; + eap_conf.eap_sim_db_priv = hapd->eap_sim_db_priv; + sm->eap = eap_sm_init(sm, &eapol_cb, &eap_conf); + if (sm->eap == NULL) { + eapol_sm_free(sm); + return NULL; + } + } + + eapol_sm_initialize(sm); + + return sm; +} + + +void eapol_sm_free(struct eapol_state_machine *sm) +{ + if (sm == NULL) + return; + + eloop_cancel_timeout(eapol_port_timers_tick, sm->hapd, sm); + eloop_cancel_timeout(eapol_sm_step_cb, sm, NULL); + if (sm->eap) + eap_sm_deinit(sm->eap); + free(sm); +} + + +static int eapol_sm_sta_entry_alive(struct hostapd_data *hapd, u8 *addr) +{ + struct sta_info *sta; + sta = ap_get_sta(hapd, addr); + if (sta == NULL || sta->eapol_sm == NULL) + return 0; + return 1; +} + + +static void eapol_sm_step_run(struct eapol_state_machine *sm) +{ + struct hostapd_data *hapd = sm->hapd; + u8 addr[ETH_ALEN]; + unsigned int prev_auth_pae, prev_be_auth, prev_reauth_timer, + prev_auth_key_tx, prev_key_rx, prev_ctrl_dir; + int max_steps = 100; + + memcpy(addr, sm->sta->addr, ETH_ALEN); + + /* + * Allow EAPOL state machines to run as long as there are state + * changes, but exit and return here through event loop if more than + * 100 steps is needed as a precaution against infinite loops inside + * eloop callback. + */ +restart: + prev_auth_pae = sm->auth_pae_state; + prev_be_auth = sm->be_auth_state; + prev_reauth_timer = sm->reauth_timer_state; + prev_auth_key_tx = sm->auth_key_tx_state; + prev_key_rx = sm->key_rx_state; + prev_ctrl_dir = sm->ctrl_dir_state; + + SM_STEP_RUN(AUTH_PAE); + if (sm->initializing || eapol_sm_sta_entry_alive(hapd, addr)) + SM_STEP_RUN(BE_AUTH); + if (sm->initializing || eapol_sm_sta_entry_alive(hapd, addr)) + SM_STEP_RUN(REAUTH_TIMER); + if (sm->initializing || eapol_sm_sta_entry_alive(hapd, addr)) + SM_STEP_RUN(AUTH_KEY_TX); + if (sm->initializing || eapol_sm_sta_entry_alive(hapd, addr)) + SM_STEP_RUN(KEY_RX); + if (sm->initializing || eapol_sm_sta_entry_alive(hapd, addr)) + SM_STEP_RUN(CTRL_DIR); + + if (prev_auth_pae != sm->auth_pae_state || + prev_be_auth != sm->be_auth_state || + prev_reauth_timer != sm->reauth_timer_state || + prev_auth_key_tx != sm->auth_key_tx_state || + prev_key_rx != sm->key_rx_state || + prev_ctrl_dir != sm->ctrl_dir_state) { + if (--max_steps > 0) + goto restart; + /* Re-run from eloop timeout */ + eapol_sm_step(sm); + return; + } + + if (eapol_sm_sta_entry_alive(hapd, addr) && sm->eap) { + if (eap_sm_step(sm->eap)) { + if (--max_steps > 0) + goto restart; + /* Re-run from eloop timeout */ + eapol_sm_step(sm); + return; + } + } + + if (eapol_sm_sta_entry_alive(hapd, addr)) + wpa_auth_sm_notify(sm->sta->wpa_sm); +} + + +static void eapol_sm_step_cb(void *eloop_ctx, void *timeout_ctx) +{ + struct eapol_state_machine *sm = eloop_ctx; + eapol_sm_step_run(sm); +} + + +void eapol_sm_step(struct eapol_state_machine *sm) +{ + /* + * Run eapol_sm_step_run from a registered timeout to make sure that + * other possible timeouts/events are processed and to avoid long + * function call chains. + */ + + eloop_register_timeout(0, 0, eapol_sm_step_cb, sm, NULL); +} + + +void eapol_sm_initialize(struct eapol_state_machine *sm) +{ + sm->initializing = TRUE; + /* Initialize the state machines by asserting initialize and then + * deasserting it after one step */ + sm->initialize = TRUE; + eapol_sm_step_run(sm); + sm->initialize = FALSE; + eapol_sm_step_run(sm); + sm->initializing = FALSE; + + /* Start one second tick for port timers state machine */ + eloop_cancel_timeout(eapol_port_timers_tick, sm->hapd, sm); + eloop_register_timeout(1, 0, eapol_port_timers_tick, sm->hapd, sm); +} + + +#ifdef HOSTAPD_DUMP_STATE +static inline const char * port_type_txt(PortTypes pt) +{ + switch (pt) { + case ForceUnauthorized: return "ForceUnauthorized"; + case ForceAuthorized: return "ForceAuthorized"; + case Auto: return "Auto"; + default: return "Unknown"; + } +} + + +static inline const char * port_state_txt(PortState ps) +{ + switch (ps) { + case Unauthorized: return "Unauthorized"; + case Authorized: return "Authorized"; + default: return "Unknown"; + } +} + + +static inline const char * ctrl_dir_txt(ControlledDirection dir) +{ + switch (dir) { + case Both: return "Both"; + case In: return "In"; + default: return "Unknown"; + } +} + + +static inline const char * auth_pae_state_txt(int s) +{ + switch (s) { + case AUTH_PAE_INITIALIZE: return "INITIALIZE"; + case AUTH_PAE_DISCONNECTED: return "DISCONNECTED"; + case AUTH_PAE_CONNECTING: return "CONNECTING"; + case AUTH_PAE_AUTHENTICATING: return "AUTHENTICATING"; + case AUTH_PAE_AUTHENTICATED: return "AUTHENTICATED"; + case AUTH_PAE_ABORTING: return "ABORTING"; + case AUTH_PAE_HELD: return "HELD"; + case AUTH_PAE_FORCE_AUTH: return "FORCE_AUTH"; + case AUTH_PAE_FORCE_UNAUTH: return "FORCE_UNAUTH"; + case AUTH_PAE_RESTART: return "RESTART"; + default: return "Unknown"; + } +} + + +static inline const char * be_auth_state_txt(int s) +{ + switch (s) { + case BE_AUTH_REQUEST: return "REQUEST"; + case BE_AUTH_RESPONSE: return "RESPONSE"; + case BE_AUTH_SUCCESS: return "SUCCESS"; + case BE_AUTH_FAIL: return "FAIL"; + case BE_AUTH_TIMEOUT: return "TIMEOUT"; + case BE_AUTH_IDLE: return "IDLE"; + case BE_AUTH_INITIALIZE: return "INITIALIZE"; + case BE_AUTH_IGNORE: return "IGNORE"; + default: return "Unknown"; + } +} + + +static inline const char * reauth_timer_state_txt(int s) +{ + switch (s) { + case REAUTH_TIMER_INITIALIZE: return "INITIALIZE"; + case REAUTH_TIMER_REAUTHENTICATE: return "REAUTHENTICATE"; + default: return "Unknown"; + } +} + + +static inline const char * auth_key_tx_state_txt(int s) +{ + switch (s) { + case AUTH_KEY_TX_NO_KEY_TRANSMIT: return "NO_KEY_TRANSMIT"; + case AUTH_KEY_TX_KEY_TRANSMIT: return "KEY_TRANSMIT"; + default: return "Unknown"; + } +} + + +static inline const char * key_rx_state_txt(int s) +{ + switch (s) { + case KEY_RX_NO_KEY_RECEIVE: return "NO_KEY_RECEIVE"; + case KEY_RX_KEY_RECEIVE: return "KEY_RECEIVE"; + default: return "Unknown"; + } +} + + +static inline const char * ctrl_dir_state_txt(int s) +{ + switch (s) { + case CTRL_DIR_FORCE_BOTH: return "FORCE_BOTH"; + case CTRL_DIR_IN_OR_BOTH: return "IN_OR_BOTH"; + default: return "Unknown"; + } +} + + +void eapol_sm_dump_state(FILE *f, const char *prefix, + struct eapol_state_machine *sm) +{ + fprintf(f, "%sEAPOL state machine:\n", prefix); + fprintf(f, "%s aWhile=%d quietWhile=%d reAuthWhen=%d\n", prefix, + sm->aWhile, sm->quietWhile, sm->reAuthWhen); +#define _SB(b) ((b) ? "TRUE" : "FALSE") + fprintf(f, + "%s authAbort=%s authFail=%s authPortStatus=%s authStart=%s\n" + "%s authTimeout=%s authSuccess=%s eapFail=%s eapolEap=%s\n" + "%s eapSuccess=%s eapTimeout=%s initialize=%s " + "keyAvailable=%s\n" + "%s keyDone=%s keyRun=%s keyTxEnabled=%s portControl=%s\n" + "%s portEnabled=%s portValid=%s reAuthenticate=%s\n", + prefix, _SB(sm->authAbort), _SB(sm->authFail), + port_state_txt(sm->authPortStatus), _SB(sm->authStart), + prefix, _SB(sm->authTimeout), _SB(sm->authSuccess), + _SB(sm->eapFail), _SB(sm->eapolEap), + prefix, _SB(sm->eapSuccess), _SB(sm->eapTimeout), + _SB(sm->initialize), _SB(sm->keyAvailable), + prefix, _SB(sm->keyDone), _SB(sm->keyRun), + _SB(sm->keyTxEnabled), port_type_txt(sm->portControl), + prefix, _SB(sm->portEnabled), _SB(sm->portValid), + _SB(sm->reAuthenticate)); + + fprintf(f, "%s Authenticator PAE:\n" + "%s state=%s\n" + "%s eapolLogoff=%s eapolStart=%s eapRestart=%s\n" + "%s portMode=%s reAuthCount=%d\n" + "%s quietPeriod=%d reAuthMax=%d\n" + "%s authEntersConnecting=%d\n" + "%s authEapLogoffsWhileConnecting=%d\n" + "%s authEntersAuthenticating=%d\n" + "%s authAuthSuccessesWhileAuthenticating=%d\n" + "%s authAuthTimeoutsWhileAuthenticating=%d\n" + "%s authAuthFailWhileAuthenticating=%d\n" + "%s authAuthEapStartsWhileAuthenticating=%d\n" + "%s authAuthEapLogoffWhileAuthenticating=%d\n" + "%s authAuthReauthsWhileAuthenticated=%d\n" + "%s authAuthEapStartsWhileAuthenticated=%d\n" + "%s authAuthEapLogoffWhileAuthenticated=%d\n", + prefix, prefix, auth_pae_state_txt(sm->auth_pae_state), prefix, + _SB(sm->eapolLogoff), _SB(sm->eapolStart), _SB(sm->eapRestart), + prefix, port_type_txt(sm->portMode), sm->reAuthCount, + prefix, sm->quietPeriod, sm->reAuthMax, + prefix, sm->authEntersConnecting, + prefix, sm->authEapLogoffsWhileConnecting, + prefix, sm->authEntersAuthenticating, + prefix, sm->authAuthSuccessesWhileAuthenticating, + prefix, sm->authAuthTimeoutsWhileAuthenticating, + prefix, sm->authAuthFailWhileAuthenticating, + prefix, sm->authAuthEapStartsWhileAuthenticating, + prefix, sm->authAuthEapLogoffWhileAuthenticating, + prefix, sm->authAuthReauthsWhileAuthenticated, + prefix, sm->authAuthEapStartsWhileAuthenticated, + prefix, sm->authAuthEapLogoffWhileAuthenticated); + + fprintf(f, "%s Backend Authentication:\n" + "%s state=%s\n" + "%s eapNoReq=%s eapReq=%s eapResp=%s\n" + "%s serverTimeout=%d\n" + "%s backendResponses=%d\n" + "%s backendAccessChallenges=%d\n" + "%s backendOtherRequestsToSupplicant=%d\n" + "%s backendAuthSuccesses=%d\n" + "%s backendAuthFails=%d\n", + prefix, prefix, + be_auth_state_txt(sm->be_auth_state), + prefix, _SB(sm->eapNoReq), _SB(sm->eapReq), _SB(sm->eapResp), + prefix, sm->serverTimeout, + prefix, sm->backendResponses, + prefix, sm->backendAccessChallenges, + prefix, sm->backendOtherRequestsToSupplicant, + prefix, sm->backendAuthSuccesses, + prefix, sm->backendAuthFails); + + fprintf(f, "%s Reauthentication Timer:\n" + "%s state=%s\n" + "%s reAuthPeriod=%d reAuthEnabled=%s\n", prefix, prefix, + reauth_timer_state_txt(sm->reauth_timer_state), prefix, + sm->reAuthPeriod, _SB(sm->reAuthEnabled)); + + fprintf(f, "%s Authenticator Key Transmit:\n" + "%s state=%s\n", prefix, prefix, + auth_key_tx_state_txt(sm->auth_key_tx_state)); + + fprintf(f, "%s Key Receive:\n" + "%s state=%s\n" + "%s rxKey=%s\n", prefix, prefix, + key_rx_state_txt(sm->key_rx_state), prefix, _SB(sm->rxKey)); + + fprintf(f, "%s Controlled Directions:\n" + "%s state=%s\n" + "%s adminControlledDirections=%s " + "operControlledDirections=%s\n" + "%s operEdge=%s\n", prefix, prefix, + ctrl_dir_state_txt(sm->ctrl_dir_state), + prefix, ctrl_dir_txt(sm->adminControlledDirections), + ctrl_dir_txt(sm->operControlledDirections), + prefix, _SB(sm->operEdge)); +#undef _SB +} +#endif /* HOSTAPD_DUMP_STATE */ + + +static Boolean eapol_sm_get_bool(void *ctx, enum eapol_bool_var variable) +{ + struct eapol_state_machine *sm = ctx; + if (sm == NULL) + return FALSE; + switch (variable) { + case EAPOL_eapSuccess: + return sm->eapSuccess; + case EAPOL_eapRestart: + return sm->eapRestart; + case EAPOL_eapFail: + return sm->eapFail; + case EAPOL_eapResp: + return sm->eapResp; + case EAPOL_eapReq: + return sm->eapReq; + case EAPOL_eapNoReq: + return sm->eapNoReq; + case EAPOL_portEnabled: + return sm->portEnabled; + case EAPOL_eapTimeout: + return sm->eapTimeout; + } + return FALSE; +} + + +static void eapol_sm_set_bool(void *ctx, enum eapol_bool_var variable, + Boolean value) +{ + struct eapol_state_machine *sm = ctx; + if (sm == NULL) + return; + switch (variable) { + case EAPOL_eapSuccess: + sm->eapSuccess = value; + break; + case EAPOL_eapRestart: + sm->eapRestart = value; + break; + case EAPOL_eapFail: + sm->eapFail = value; + break; + case EAPOL_eapResp: + sm->eapResp = value; + break; + case EAPOL_eapReq: + sm->eapReq = value; + break; + case EAPOL_eapNoReq: + sm->eapNoReq = value; + break; + case EAPOL_portEnabled: + sm->portEnabled = value; + break; + case EAPOL_eapTimeout: + sm->eapTimeout = value; + break; + } +} + + +static void eapol_sm_set_eapReqData(void *ctx, const u8 *eapReqData, + size_t eapReqDataLen) +{ + struct eapol_state_machine *sm = ctx; + if (sm == NULL) + return; + + free(sm->last_eap_radius); + sm->last_eap_radius = malloc(eapReqDataLen); + if (sm->last_eap_radius == NULL) + return; + memcpy(sm->last_eap_radius, eapReqData, eapReqDataLen); + sm->last_eap_radius_len = eapReqDataLen; +} + + +static void eapol_sm_set_eapKeyData(void *ctx, const u8 *eapKeyData, + size_t eapKeyDataLen) +{ + struct eapol_state_machine *sm = ctx; + struct hostapd_data *hapd; + + if (sm == NULL) + return; + + hapd = sm->hapd; + + if (eapKeyData && eapKeyDataLen >= 64) { + free(sm->eapol_key_sign); + free(sm->eapol_key_crypt); + sm->eapol_key_crypt = malloc(32); + if (sm->eapol_key_crypt) { + memcpy(sm->eapol_key_crypt, eapKeyData, 32); + sm->eapol_key_crypt_len = 32; + } + sm->eapol_key_sign = malloc(32); + if (sm->eapol_key_sign) { + memcpy(sm->eapol_key_sign, eapKeyData + 32, 32); + sm->eapol_key_sign_len = 32; + } + if (hapd->default_wep_key || + hapd->conf->individual_wep_key_len > 0 || + hapd->conf->wpa) + sm->keyAvailable = TRUE; + } else { + free(sm->eapol_key_sign); + free(sm->eapol_key_crypt); + sm->eapol_key_sign = NULL; + sm->eapol_key_crypt = NULL; + sm->eapol_key_sign_len = 0; + sm->eapol_key_crypt_len = 0; + sm->keyAvailable = FALSE; + } +} + + +static int eapol_sm_get_eap_user(void *ctx, const u8 *identity, + size_t identity_len, int phase2, + struct eap_user *user) +{ + struct eapol_state_machine *sm = ctx; + const struct hostapd_eap_user *eap_user; + int i, count; + + eap_user = hostapd_get_eap_user(sm->hapd->conf, identity, + identity_len, phase2); + if (eap_user == NULL) + return -1; + + memset(user, 0, sizeof(*user)); + user->phase2 = phase2; + count = EAP_USER_MAX_METHODS; + if (count > EAP_MAX_METHODS) + count = EAP_MAX_METHODS; + for (i = 0; i < count; i++) { + user->methods[i].vendor = eap_user->methods[i].vendor; + user->methods[i].method = eap_user->methods[i].method; + } + + if (eap_user->password) { + user->password = malloc(eap_user->password_len); + if (user->password == NULL) + return -1; + memcpy(user->password, eap_user->password, + eap_user->password_len); + user->password_len = eap_user->password_len; + } + user->force_version = eap_user->force_version; + + return 0; +} + + +static const char * eapol_sm_get_eap_req_id_text(void *ctx, size_t *len) +{ + struct eapol_state_machine *sm = ctx; + *len = sm->hapd->conf->eap_req_id_text_len; + return sm->hapd->conf->eap_req_id_text; +} + + +static struct eapol_callbacks eapol_cb = +{ + .get_bool = eapol_sm_get_bool, + .set_bool = eapol_sm_set_bool, + .set_eapReqData = eapol_sm_set_eapReqData, + .set_eapKeyData = eapol_sm_set_eapKeyData, + .get_eap_user = eapol_sm_get_eap_user, + .get_eap_req_id_text = eapol_sm_get_eap_req_id_text, +}; + + +int eapol_sm_eap_pending_cb(struct eapol_state_machine *sm, void *ctx) +{ + if (sm == NULL || ctx != sm->eap) + return -1; + + eap_sm_pending_cb(sm->eap); + eapol_sm_step(sm); + + return 0; +} diff --git a/contrib/hostapd-0.5.8/eapol_sm.h b/contrib/hostapd-0.5.8/eapol_sm.h new file mode 100644 index 0000000000..dcb5ee9b31 --- /dev/null +++ b/contrib/hostapd-0.5.8/eapol_sm.h @@ -0,0 +1,210 @@ +/* + * hostapd / IEEE 802.1X Authenticator - EAPOL state machine + * Copyright (c) 2002-2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef EAPOL_SM_H +#define EAPOL_SM_H + +#include "defs.h" + +/* IEEE Std 802.1X-2004, Ch. 8.2 */ + +typedef enum { ForceUnauthorized = 1, ForceAuthorized = 3, Auto = 2 } + PortTypes; +typedef enum { Unauthorized = 2, Authorized = 1 } PortState; +typedef enum { Both = 0, In = 1 } ControlledDirection; +typedef unsigned int Counter; + +struct eap_sm; + +struct radius_attr_data { + u8 *data; + size_t len; +}; + +struct radius_class_data { + struct radius_attr_data *attr; + size_t count; +}; + +struct eapol_state_machine { + /* timers */ + int aWhile; + int quietWhile; + int reAuthWhen; + + /* global variables */ + Boolean authAbort; + Boolean authFail; + PortState authPortStatus; + Boolean authStart; + Boolean authTimeout; + Boolean authSuccess; + Boolean eapFail; + Boolean eapolEap; + Boolean eapSuccess; + Boolean eapTimeout; + Boolean initialize; + Boolean keyAvailable; + Boolean keyDone; + Boolean keyRun; + Boolean keyTxEnabled; + PortTypes portControl; + Boolean portEnabled; + Boolean portValid; + Boolean reAuthenticate; + + /* Port Timers state machine */ + /* 'Boolean tick' implicitly handled as registered timeout */ + + /* Authenticator PAE state machine */ + enum { AUTH_PAE_INITIALIZE, AUTH_PAE_DISCONNECTED, AUTH_PAE_CONNECTING, + AUTH_PAE_AUTHENTICATING, AUTH_PAE_AUTHENTICATED, + AUTH_PAE_ABORTING, AUTH_PAE_HELD, AUTH_PAE_FORCE_AUTH, + AUTH_PAE_FORCE_UNAUTH, AUTH_PAE_RESTART } auth_pae_state; + /* variables */ + Boolean eapolLogoff; + Boolean eapolStart; + Boolean eapRestart; + PortTypes portMode; + unsigned int reAuthCount; + /* constants */ + unsigned int quietPeriod; /* default 60; 0..65535 */ +#define AUTH_PAE_DEFAULT_quietPeriod 60 + unsigned int reAuthMax; /* default 2 */ +#define AUTH_PAE_DEFAULT_reAuthMax 2 + /* counters */ + Counter authEntersConnecting; + Counter authEapLogoffsWhileConnecting; + Counter authEntersAuthenticating; + Counter authAuthSuccessesWhileAuthenticating; + Counter authAuthTimeoutsWhileAuthenticating; + Counter authAuthFailWhileAuthenticating; + Counter authAuthEapStartsWhileAuthenticating; + Counter authAuthEapLogoffWhileAuthenticating; + Counter authAuthReauthsWhileAuthenticated; + Counter authAuthEapStartsWhileAuthenticated; + Counter authAuthEapLogoffWhileAuthenticated; + + /* Backend Authentication state machine */ + enum { BE_AUTH_REQUEST, BE_AUTH_RESPONSE, BE_AUTH_SUCCESS, + BE_AUTH_FAIL, BE_AUTH_TIMEOUT, BE_AUTH_IDLE, BE_AUTH_INITIALIZE, + BE_AUTH_IGNORE + } be_auth_state; + /* variables */ + Boolean eapNoReq; + Boolean eapReq; + Boolean eapResp; + /* constants */ + unsigned int serverTimeout; /* default 30; 1..X */ +#define BE_AUTH_DEFAULT_serverTimeout 30 + /* counters */ + Counter backendResponses; + Counter backendAccessChallenges; + Counter backendOtherRequestsToSupplicant; + Counter backendAuthSuccesses; + Counter backendAuthFails; + + /* Reauthentication Timer state machine */ + enum { REAUTH_TIMER_INITIALIZE, REAUTH_TIMER_REAUTHENTICATE + } reauth_timer_state; + /* constants */ + unsigned int reAuthPeriod; /* default 3600 s */ + Boolean reAuthEnabled; + + /* Authenticator Key Transmit state machine */ + enum { AUTH_KEY_TX_NO_KEY_TRANSMIT, AUTH_KEY_TX_KEY_TRANSMIT + } auth_key_tx_state; + + /* Key Receive state machine */ + enum { KEY_RX_NO_KEY_RECEIVE, KEY_RX_KEY_RECEIVE } key_rx_state; + /* variables */ + Boolean rxKey; + + /* Controlled Directions state machine */ + enum { CTRL_DIR_FORCE_BOTH, CTRL_DIR_IN_OR_BOTH } ctrl_dir_state; + /* variables */ + ControlledDirection adminControlledDirections; + ControlledDirection operControlledDirections; + Boolean operEdge; + + /* Authenticator Statistics Table */ + Counter dot1xAuthEapolFramesRx; + Counter dot1xAuthEapolFramesTx; + Counter dot1xAuthEapolStartFramesRx; + Counter dot1xAuthEapolLogoffFramesRx; + Counter dot1xAuthEapolRespIdFramesRx; + Counter dot1xAuthEapolRespFramesRx; + Counter dot1xAuthEapolReqIdFramesTx; + Counter dot1xAuthEapolReqFramesTx; + Counter dot1xAuthInvalidEapolFramesRx; + Counter dot1xAuthEapLengthErrorFramesRx; + Counter dot1xAuthLastEapolFrameVersion; + + /* Other variables - not defined in IEEE 802.1X */ + u8 addr[ETH_ALEN]; /* Supplicant address */ +#define EAPOL_SM_PREAUTH BIT(0) + int flags; /* EAPOL_SM_* */ + + int radius_identifier; + /* TODO: check when the last messages can be released */ + struct radius_msg *last_recv_radius; + u8 *last_eap_supp; /* last received EAP Response from Supplicant */ + size_t last_eap_supp_len; + u8 *last_eap_radius; /* last received EAP Response from Authentication + * Server */ + size_t last_eap_radius_len; + u8 *identity; + size_t identity_len; + u8 eap_type_authsrv; /* EAP type of the last EAP packet from + * Authentication server */ + u8 eap_type_supp; /* EAP type of the last EAP packet from Supplicant */ + struct radius_class_data radius_class; + + /* Keys for encrypting and signing EAPOL-Key frames */ + u8 *eapol_key_sign; + size_t eapol_key_sign_len; + u8 *eapol_key_crypt; + size_t eapol_key_crypt_len; + + Boolean rx_identity; /* set to TRUE on reception of + * EAP-Response/Identity */ + + struct eap_sm *eap; + + /* currentId was removed in IEEE 802.1X-REV, but it is needed to filter + * out EAP-Responses to old packets (e.g., to two EAP-Request/Identity + * packets that are often sent in the beginning of the authentication). + */ + u8 currentId; + + Boolean initializing; /* in process of initializing state machines */ + Boolean changed; + + /* Somewhat nasty pointers to global hostapd and STA data to avoid + * passing these to every function */ + struct hostapd_data *hapd; + struct sta_info *sta; +}; + + +struct eapol_state_machine *eapol_sm_alloc(struct hostapd_data *hapd, + struct sta_info *sta); +void eapol_sm_free(struct eapol_state_machine *sm); +void eapol_sm_step(struct eapol_state_machine *sm); +void eapol_sm_initialize(struct eapol_state_machine *sm); +void eapol_sm_dump_state(FILE *f, const char *prefix, + struct eapol_state_machine *sm); +int eapol_sm_eap_pending_cb(struct eapol_state_machine *sm, void *ctx); + +#endif /* EAPOL_SM_H */ diff --git a/contrib/hostapd-0.5.8/eloop.c b/contrib/hostapd-0.5.8/eloop.c new file mode 100644 index 0000000000..232e7533ca --- /dev/null +++ b/contrib/hostapd-0.5.8/eloop.c @@ -0,0 +1,531 @@ +/* + * Event loop based on select() loop + * Copyright (c) 2002-2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "common.h" +#include "eloop.h" + + +struct eloop_sock { + int sock; + void *eloop_data; + void *user_data; + eloop_sock_handler handler; +}; + +struct eloop_timeout { + struct os_time time; + void *eloop_data; + void *user_data; + eloop_timeout_handler handler; + struct eloop_timeout *next; +}; + +struct eloop_signal { + int sig; + void *user_data; + eloop_signal_handler handler; + int signaled; +}; + +struct eloop_sock_table { + int count; + struct eloop_sock *table; + int changed; +}; + +struct eloop_data { + void *user_data; + + int max_sock; + + struct eloop_sock_table readers; + struct eloop_sock_table writers; + struct eloop_sock_table exceptions; + + struct eloop_timeout *timeout; + + int signal_count; + struct eloop_signal *signals; + int signaled; + int pending_terminate; + + int terminate; + int reader_table_changed; +}; + +static struct eloop_data eloop; + + +int eloop_init(void *user_data) +{ + os_memset(&eloop, 0, sizeof(eloop)); + eloop.user_data = user_data; + return 0; +} + + +static int eloop_sock_table_add_sock(struct eloop_sock_table *table, + int sock, eloop_sock_handler handler, + void *eloop_data, void *user_data) +{ + struct eloop_sock *tmp; + + if (table == NULL) + return -1; + + tmp = (struct eloop_sock *) + os_realloc(table->table, + (table->count + 1) * sizeof(struct eloop_sock)); + if (tmp == NULL) + return -1; + + tmp[table->count].sock = sock; + tmp[table->count].eloop_data = eloop_data; + tmp[table->count].user_data = user_data; + tmp[table->count].handler = handler; + table->count++; + table->table = tmp; + if (sock > eloop.max_sock) + eloop.max_sock = sock; + table->changed = 1; + + return 0; +} + + +static void eloop_sock_table_remove_sock(struct eloop_sock_table *table, + int sock) +{ + int i; + + if (table == NULL || table->table == NULL || table->count == 0) + return; + + for (i = 0; i < table->count; i++) { + if (table->table[i].sock == sock) + break; + } + if (i == table->count) + return; + if (i != table->count - 1) { + os_memmove(&table->table[i], &table->table[i + 1], + (table->count - i - 1) * + sizeof(struct eloop_sock)); + } + table->count--; + table->changed = 1; +} + + +static void eloop_sock_table_set_fds(struct eloop_sock_table *table, + fd_set *fds) +{ + int i; + + FD_ZERO(fds); + + if (table->table == NULL) + return; + + for (i = 0; i < table->count; i++) + FD_SET(table->table[i].sock, fds); +} + + +static void eloop_sock_table_dispatch(struct eloop_sock_table *table, + fd_set *fds) +{ + int i; + + if (table == NULL || table->table == NULL) + return; + + table->changed = 0; + for (i = 0; i < table->count; i++) { + if (FD_ISSET(table->table[i].sock, fds)) { + table->table[i].handler(table->table[i].sock, + table->table[i].eloop_data, + table->table[i].user_data); + if (table->changed) + break; + } + } +} + + +static void eloop_sock_table_destroy(struct eloop_sock_table *table) +{ + if (table) + os_free(table->table); +} + + +int eloop_register_read_sock(int sock, eloop_sock_handler handler, + void *eloop_data, void *user_data) +{ + return eloop_register_sock(sock, EVENT_TYPE_READ, handler, + eloop_data, user_data); +} + + +void eloop_unregister_read_sock(int sock) +{ + eloop_unregister_sock(sock, EVENT_TYPE_READ); +} + + +static struct eloop_sock_table *eloop_get_sock_table(eloop_event_type type) +{ + switch (type) { + case EVENT_TYPE_READ: + return &eloop.readers; + case EVENT_TYPE_WRITE: + return &eloop.writers; + case EVENT_TYPE_EXCEPTION: + return &eloop.exceptions; + } + + return NULL; +} + + +int eloop_register_sock(int sock, eloop_event_type type, + eloop_sock_handler handler, + void *eloop_data, void *user_data) +{ + struct eloop_sock_table *table; + + table = eloop_get_sock_table(type); + return eloop_sock_table_add_sock(table, sock, handler, + eloop_data, user_data); +} + + +void eloop_unregister_sock(int sock, eloop_event_type type) +{ + struct eloop_sock_table *table; + + table = eloop_get_sock_table(type); + eloop_sock_table_remove_sock(table, sock); +} + + +int eloop_register_timeout(unsigned int secs, unsigned int usecs, + eloop_timeout_handler handler, + void *eloop_data, void *user_data) +{ + struct eloop_timeout *timeout, *tmp, *prev; + + timeout = os_malloc(sizeof(*timeout)); + if (timeout == NULL) + return -1; + os_get_time(&timeout->time); + timeout->time.sec += secs; + timeout->time.usec += usecs; + while (timeout->time.usec >= 1000000) { + timeout->time.sec++; + timeout->time.usec -= 1000000; + } + timeout->eloop_data = eloop_data; + timeout->user_data = user_data; + timeout->handler = handler; + timeout->next = NULL; + + if (eloop.timeout == NULL) { + eloop.timeout = timeout; + return 0; + } + + prev = NULL; + tmp = eloop.timeout; + while (tmp != NULL) { + if (os_time_before(&timeout->time, &tmp->time)) + break; + prev = tmp; + tmp = tmp->next; + } + + if (prev == NULL) { + timeout->next = eloop.timeout; + eloop.timeout = timeout; + } else { + timeout->next = prev->next; + prev->next = timeout; + } + + return 0; +} + + +int eloop_cancel_timeout(eloop_timeout_handler handler, + void *eloop_data, void *user_data) +{ + struct eloop_timeout *timeout, *prev, *next; + int removed = 0; + + prev = NULL; + timeout = eloop.timeout; + while (timeout != NULL) { + next = timeout->next; + + if (timeout->handler == handler && + (timeout->eloop_data == eloop_data || + eloop_data == ELOOP_ALL_CTX) && + (timeout->user_data == user_data || + user_data == ELOOP_ALL_CTX)) { + if (prev == NULL) + eloop.timeout = next; + else + prev->next = next; + os_free(timeout); + removed++; + } else + prev = timeout; + + timeout = next; + } + + return removed; +} + + +#ifndef CONFIG_NATIVE_WINDOWS +static void eloop_handle_alarm(int sig) +{ + fprintf(stderr, "eloop: could not process SIGINT or SIGTERM in two " + "seconds. Looks like there\n" + "is a bug that ends up in a busy loop that " + "prevents clean shutdown.\n" + "Killing program forcefully.\n"); + exit(1); +} +#endif /* CONFIG_NATIVE_WINDOWS */ + + +static void eloop_handle_signal(int sig) +{ + int i; + +#ifndef CONFIG_NATIVE_WINDOWS + if ((sig == SIGINT || sig == SIGTERM) && !eloop.pending_terminate) { + /* Use SIGALRM to break out from potential busy loops that + * would not allow the program to be killed. */ + eloop.pending_terminate = 1; + signal(SIGALRM, eloop_handle_alarm); + alarm(2); + } +#endif /* CONFIG_NATIVE_WINDOWS */ + + eloop.signaled++; + for (i = 0; i < eloop.signal_count; i++) { + if (eloop.signals[i].sig == sig) { + eloop.signals[i].signaled++; + break; + } + } +} + + +static void eloop_process_pending_signals(void) +{ + int i; + + if (eloop.signaled == 0) + return; + eloop.signaled = 0; + + if (eloop.pending_terminate) { +#ifndef CONFIG_NATIVE_WINDOWS + alarm(0); +#endif /* CONFIG_NATIVE_WINDOWS */ + eloop.pending_terminate = 0; + } + + for (i = 0; i < eloop.signal_count; i++) { + if (eloop.signals[i].signaled) { + eloop.signals[i].signaled = 0; + eloop.signals[i].handler(eloop.signals[i].sig, + eloop.user_data, + eloop.signals[i].user_data); + } + } +} + + +int eloop_register_signal(int sig, eloop_signal_handler handler, + void *user_data) +{ + struct eloop_signal *tmp; + + tmp = (struct eloop_signal *) + os_realloc(eloop.signals, + (eloop.signal_count + 1) * + sizeof(struct eloop_signal)); + if (tmp == NULL) + return -1; + + tmp[eloop.signal_count].sig = sig; + tmp[eloop.signal_count].user_data = user_data; + tmp[eloop.signal_count].handler = handler; + tmp[eloop.signal_count].signaled = 0; + eloop.signal_count++; + eloop.signals = tmp; + signal(sig, eloop_handle_signal); + + return 0; +} + + +int eloop_register_signal_terminate(eloop_signal_handler handler, + void *user_data) +{ + int ret = eloop_register_signal(SIGINT, handler, user_data); + if (ret == 0) + ret = eloop_register_signal(SIGTERM, handler, user_data); + return ret; +} + + +int eloop_register_signal_reconfig(eloop_signal_handler handler, + void *user_data) +{ +#ifdef CONFIG_NATIVE_WINDOWS + return 0; +#else /* CONFIG_NATIVE_WINDOWS */ + return eloop_register_signal(SIGHUP, handler, user_data); +#endif /* CONFIG_NATIVE_WINDOWS */ +} + + +void eloop_run(void) +{ + fd_set *rfds, *wfds, *efds; + int res; + struct timeval _tv; + struct os_time tv, now; + + rfds = os_malloc(sizeof(*rfds)); + wfds = os_malloc(sizeof(*wfds)); + efds = os_malloc(sizeof(*efds)); + if (rfds == NULL || wfds == NULL || efds == NULL) { + printf("eloop_run - malloc failed\n"); + goto out; + } + + while (!eloop.terminate && + (eloop.timeout || eloop.readers.count > 0 || + eloop.writers.count > 0 || eloop.exceptions.count > 0)) { + if (eloop.timeout) { + os_get_time(&now); + if (os_time_before(&now, &eloop.timeout->time)) + os_time_sub(&eloop.timeout->time, &now, &tv); + else + tv.sec = tv.usec = 0; +#if 0 + printf("next timeout in %lu.%06lu sec\n", + tv.sec, tv.usec); +#endif + _tv.tv_sec = tv.sec; + _tv.tv_usec = tv.usec; + } + + eloop_sock_table_set_fds(&eloop.readers, rfds); + eloop_sock_table_set_fds(&eloop.writers, wfds); + eloop_sock_table_set_fds(&eloop.exceptions, efds); + res = select(eloop.max_sock + 1, rfds, wfds, efds, + eloop.timeout ? &_tv : NULL); + if (res < 0 && errno != EINTR && errno != 0) { + perror("select"); + goto out; + } + eloop_process_pending_signals(); + + /* check if some registered timeouts have occurred */ + if (eloop.timeout) { + struct eloop_timeout *tmp; + + os_get_time(&now); + if (!os_time_before(&now, &eloop.timeout->time)) { + tmp = eloop.timeout; + eloop.timeout = eloop.timeout->next; + tmp->handler(tmp->eloop_data, + tmp->user_data); + os_free(tmp); + } + + } + + if (res <= 0) + continue; + + eloop_sock_table_dispatch(&eloop.readers, rfds); + eloop_sock_table_dispatch(&eloop.writers, wfds); + eloop_sock_table_dispatch(&eloop.exceptions, efds); + } + +out: + os_free(rfds); + os_free(wfds); + os_free(efds); +} + + +void eloop_terminate(void) +{ + eloop.terminate = 1; +} + + +void eloop_destroy(void) +{ + struct eloop_timeout *timeout, *prev; + + timeout = eloop.timeout; + while (timeout != NULL) { + prev = timeout; + timeout = timeout->next; + os_free(prev); + } + eloop_sock_table_destroy(&eloop.readers); + eloop_sock_table_destroy(&eloop.writers); + eloop_sock_table_destroy(&eloop.exceptions); + os_free(eloop.signals); +} + + +int eloop_terminated(void) +{ + return eloop.terminate; +} + + +void eloop_wait_for_read_sock(int sock) +{ + fd_set rfds; + + if (sock < 0) + return; + + FD_ZERO(&rfds); + FD_SET(sock, &rfds); + select(sock + 1, &rfds, NULL, NULL, NULL); +} + + +void * eloop_get_user_data(void) +{ + return eloop.user_data; +} diff --git a/contrib/hostapd-0.5.8/eloop.h b/contrib/hostapd-0.5.8/eloop.h new file mode 100644 index 0000000000..4dd2871760 --- /dev/null +++ b/contrib/hostapd-0.5.8/eloop.h @@ -0,0 +1,327 @@ +/* + * Event loop + * Copyright (c) 2002-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + * + * This file defines an event loop interface that supports processing events + * from registered timeouts (i.e., do something after N seconds), sockets + * (e.g., a new packet available for reading), and signals. eloop.c is an + * implementation of this interface using select() and sockets. This is + * suitable for most UNIX/POSIX systems. When porting to other operating + * systems, it may be necessary to replace that implementation with OS specific + * mechanisms. + */ + +#ifndef ELOOP_H +#define ELOOP_H + +/** + * ELOOP_ALL_CTX - eloop_cancel_timeout() magic number to match all timeouts + */ +#define ELOOP_ALL_CTX (void *) -1 + +/** + * eloop_event_type - eloop socket event type for eloop_register_sock() + * @EVENT_TYPE_READ: Socket has data available for reading + * @EVENT_TYPE_WRITE: Socket has room for new data to be written + * @EVENT_TYPE_EXCEPTION: An exception has been reported + */ +typedef enum { + EVENT_TYPE_READ = 0, + EVENT_TYPE_WRITE, + EVENT_TYPE_EXCEPTION +} eloop_event_type; + +/** + * eloop_sock_handler - eloop socket event callback type + * @sock: File descriptor number for the socket + * @eloop_ctx: Registered callback context data (eloop_data) + * @sock_ctx: Registered callback context data (user_data) + */ +typedef void (*eloop_sock_handler)(int sock, void *eloop_ctx, void *sock_ctx); + +/** + * eloop_event_handler - eloop generic event callback type + * @eloop_ctx: Registered callback context data (eloop_data) + * @sock_ctx: Registered callback context data (user_data) + */ +typedef void (*eloop_event_handler)(void *eloop_data, void *user_ctx); + +/** + * eloop_timeout_handler - eloop timeout event callback type + * @eloop_ctx: Registered callback context data (eloop_data) + * @sock_ctx: Registered callback context data (user_data) + */ +typedef void (*eloop_timeout_handler)(void *eloop_data, void *user_ctx); + +/** + * eloop_signal_handler - eloop signal event callback type + * @sig: Signal number + * @eloop_ctx: Registered callback context data (global user_data from + * eloop_init() call) + * @signal_ctx: Registered callback context data (user_data from + * eloop_register_signal(), eloop_register_signal_terminate(), or + * eloop_register_signal_reconfig() call) + */ +typedef void (*eloop_signal_handler)(int sig, void *eloop_ctx, + void *signal_ctx); + +/** + * eloop_init() - Initialize global event loop data + * @user_data: Pointer to global data passed as eloop_ctx to signal handlers + * Returns: 0 on success, -1 on failure + * + * This function must be called before any other eloop_* function. user_data + * can be used to configure a global (to the process) pointer that will be + * passed as eloop_ctx parameter to signal handlers. + */ +int eloop_init(void *user_data); + +/** + * eloop_register_read_sock - Register handler for read events + * @sock: File descriptor number for the socket + * @handler: Callback function to be called when data is available for reading + * @eloop_data: Callback context data (eloop_ctx) + * @user_data: Callback context data (sock_ctx) + * Returns: 0 on success, -1 on failure + * + * Register a read socket notifier for the given file descriptor. The handler + * function will be called whenever data is available for reading from the + * socket. The handler function is responsible for clearing the event after + * having processed it in order to avoid eloop from calling the handler again + * for the same event. + */ +int eloop_register_read_sock(int sock, eloop_sock_handler handler, + void *eloop_data, void *user_data); + +/** + * eloop_unregister_read_sock - Unregister handler for read events + * @sock: File descriptor number for the socket + * + * Unregister a read socket notifier that was previously registered with + * eloop_register_read_sock(). + */ +void eloop_unregister_read_sock(int sock); + +/** + * eloop_register_sock - Register handler for socket events + * @sock: File descriptor number for the socket + * @type: Type of event to wait for + * @handler: Callback function to be called when the event is triggered + * @eloop_data: Callback context data (eloop_ctx) + * @user_data: Callback context data (sock_ctx) + * Returns: 0 on success, -1 on failure + * + * Register an event notifier for the given socket's file descriptor. The + * handler function will be called whenever the that event is triggered for the + * socket. The handler function is responsible for clearing the event after + * having processed it in order to avoid eloop from calling the handler again + * for the same event. + */ +int eloop_register_sock(int sock, eloop_event_type type, + eloop_sock_handler handler, + void *eloop_data, void *user_data); + +/** + * eloop_unregister_sock - Unregister handler for socket events + * @sock: File descriptor number for the socket + * @type: Type of event for which sock was registered + * + * Unregister a socket event notifier that was previously registered with + * eloop_register_sock(). + */ +void eloop_unregister_sock(int sock, eloop_event_type type); + +/** + * eloop_register_event - Register handler for generic events + * @event: Event to wait (eloop implementation specific) + * @event_size: Size of event data + * @handler: Callback function to be called when event is triggered + * @eloop_data: Callback context data (eloop_data) + * @user_data: Callback context data (user_data) + * Returns: 0 on success, -1 on failure + * + * Register an event handler for the given event. This function is used to + * register eloop implementation specific events which are mainly targetted for + * operating system specific code (driver interface and l2_packet) since the + * portable code will not be able to use such an OS-specific call. The handler + * function will be called whenever the event is triggered. The handler + * function is responsible for clearing the event after having processed it in + * order to avoid eloop from calling the handler again for the same event. + * + * In case of Windows implementation (eloop_win.c), event pointer is of HANDLE + * type, i.e., void*. The callers are likely to have 'HANDLE h' type variable, + * and they would call this function with eloop_register_event(h, sizeof(h), + * ...). + */ +int eloop_register_event(void *event, size_t event_size, + eloop_event_handler handler, + void *eloop_data, void *user_data); + +/** + * eloop_unregister_event - Unregister handler for a generic event + * @event: Event to cancel (eloop implementation specific) + * @event_size: Size of event data + * + * Unregister a generic event notifier that was previously registered with + * eloop_register_event(). + */ +void eloop_unregister_event(void *event, size_t event_size); + +/** + * eloop_register_timeout - Register timeout + * @secs: Number of seconds to the timeout + * @usecs: Number of microseconds to the timeout + * @handler: Callback function to be called when timeout occurs + * @eloop_data: Callback context data (eloop_ctx) + * @user_data: Callback context data (sock_ctx) + * Returns: 0 on success, -1 on failure + * + * Register a timeout that will cause the handler function to be called after + * given time. + */ +int eloop_register_timeout(unsigned int secs, unsigned int usecs, + eloop_timeout_handler handler, + void *eloop_data, void *user_data); + +/** + * eloop_cancel_timeout - Cancel timeouts + * @handler: Matching callback function + * @eloop_data: Matching eloop_data or %ELOOP_ALL_CTX to match all + * @user_data: Matching user_data or %ELOOP_ALL_CTX to match all + * Returns: Number of cancelled timeouts + * + * Cancel matching timeouts registered with + * eloop_register_timeout(). ELOOP_ALL_CTX can be used as a wildcard for + * cancelling all timeouts regardless of eloop_data/user_data. + */ +int eloop_cancel_timeout(eloop_timeout_handler handler, + void *eloop_data, void *user_data); + +/** + * eloop_register_signal - Register handler for signals + * @sig: Signal number (e.g., SIGHUP) + * @handler: Callback function to be called when the signal is received + * @user_data: Callback context data (signal_ctx) + * Returns: 0 on success, -1 on failure + * + * Register a callback function that will be called when a signal is received. + * The callback function is actually called only after the system signal + * handler has returned. This means that the normal limits for sighandlers + * (i.e., only "safe functions" allowed) do not apply for the registered + * callback. + * + * Signals are 'global' events and there is no local eloop_data pointer like + * with other handlers. The global user_data pointer registered with + * eloop_init() will be used as eloop_ctx for signal handlers. + */ +int eloop_register_signal(int sig, eloop_signal_handler handler, + void *user_data); + +/** + * eloop_register_signal_terminate - Register handler for terminate signals + * @handler: Callback function to be called when the signal is received + * @user_data: Callback context data (signal_ctx) + * Returns: 0 on success, -1 on failure + * + * Register a callback function that will be called when a process termination + * signal is received. The callback function is actually called only after the + * system signal handler has returned. This means that the normal limits for + * sighandlers (i.e., only "safe functions" allowed) do not apply for the + * registered callback. + * + * Signals are 'global' events and there is no local eloop_data pointer like + * with other handlers. The global user_data pointer registered with + * eloop_init() will be used as eloop_ctx for signal handlers. + * + * This function is a more portable version of eloop_register_signal() since + * the knowledge of exact details of the signals is hidden in eloop + * implementation. In case of operating systems using signal(), this function + * registers handlers for SIGINT and SIGTERM. + */ +int eloop_register_signal_terminate(eloop_signal_handler handler, + void *user_data); + +/** + * eloop_register_signal_reconfig - Register handler for reconfig signals + * @handler: Callback function to be called when the signal is received + * @user_data: Callback context data (signal_ctx) + * Returns: 0 on success, -1 on failure + * + * Register a callback function that will be called when a reconfiguration / + * hangup signal is received. The callback function is actually called only + * after the system signal handler has returned. This means that the normal + * limits for sighandlers (i.e., only "safe functions" allowed) do not apply + * for the registered callback. + * + * Signals are 'global' events and there is no local eloop_data pointer like + * with other handlers. The global user_data pointer registered with + * eloop_init() will be used as eloop_ctx for signal handlers. + * + * This function is a more portable version of eloop_register_signal() since + * the knowledge of exact details of the signals is hidden in eloop + * implementation. In case of operating systems using signal(), this function + * registers a handler for SIGHUP. + */ +int eloop_register_signal_reconfig(eloop_signal_handler handler, + void *user_data); + +/** + * eloop_run - Start the event loop + * + * Start the event loop and continue running as long as there are any + * registered event handlers. This function is run after event loop has been + * initialized with event_init() and one or more events have been registered. + */ +void eloop_run(void); + +/** + * eloop_terminate - Terminate event loop + * + * Terminate event loop even if there are registered events. This can be used + * to request the program to be terminated cleanly. + */ +void eloop_terminate(void); + +/** + * eloop_destroy - Free any resources allocated for the event loop + * + * After calling eloop_destroy(), other eloop_* functions must not be called + * before re-running eloop_init(). + */ +void eloop_destroy(void); + +/** + * eloop_terminated - Check whether event loop has been terminated + * Returns: 1 = event loop terminate, 0 = event loop still running + * + * This function can be used to check whether eloop_terminate() has been called + * to request termination of the event loop. This is normally used to abort + * operations that may still be queued to be run when eloop_terminate() was + * called. + */ +int eloop_terminated(void); + +/** + * eloop_wait_for_read_sock - Wait for a single reader + * @sock: File descriptor number for the socket + * + * Do a blocking wait for a single read socket. + */ +void eloop_wait_for_read_sock(int sock); + +/** + * eloop_get_user_data - Get global user data + * Returns: user_data pointer that was registered with eloop_init() + */ +void * eloop_get_user_data(void); + +#endif /* ELOOP_H */ diff --git a/contrib/hostapd-0.5.8/eloop_none.c b/contrib/hostapd-0.5.8/eloop_none.c new file mode 100644 index 0000000000..6943109d95 --- /dev/null +++ b/contrib/hostapd-0.5.8/eloop_none.c @@ -0,0 +1,390 @@ +/* + * Event loop - empty template (basic structure, but no OS specific operations) + * Copyright (c) 2002-2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "common.h" +#include "eloop.h" + + +struct eloop_sock { + int sock; + void *eloop_data; + void *user_data; + void (*handler)(int sock, void *eloop_ctx, void *sock_ctx); +}; + +struct eloop_timeout { + struct os_time time; + void *eloop_data; + void *user_data; + void (*handler)(void *eloop_ctx, void *sock_ctx); + struct eloop_timeout *next; +}; + +struct eloop_signal { + int sig; + void *user_data; + void (*handler)(int sig, void *eloop_ctx, void *signal_ctx); + int signaled; +}; + +struct eloop_data { + void *user_data; + + int max_sock, reader_count; + struct eloop_sock *readers; + + struct eloop_timeout *timeout; + + int signal_count; + struct eloop_signal *signals; + int signaled; + int pending_terminate; + + int terminate; + int reader_table_changed; +}; + +static struct eloop_data eloop; + + +int eloop_init(void *user_data) +{ + memset(&eloop, 0, sizeof(eloop)); + eloop.user_data = user_data; + return 0; +} + + +int eloop_register_read_sock(int sock, + void (*handler)(int sock, void *eloop_ctx, + void *sock_ctx), + void *eloop_data, void *user_data) +{ + struct eloop_sock *tmp; + + tmp = (struct eloop_sock *) + realloc(eloop.readers, + (eloop.reader_count + 1) * sizeof(struct eloop_sock)); + if (tmp == NULL) + return -1; + + tmp[eloop.reader_count].sock = sock; + tmp[eloop.reader_count].eloop_data = eloop_data; + tmp[eloop.reader_count].user_data = user_data; + tmp[eloop.reader_count].handler = handler; + eloop.reader_count++; + eloop.readers = tmp; + if (sock > eloop.max_sock) + eloop.max_sock = sock; + eloop.reader_table_changed = 1; + + return 0; +} + + +void eloop_unregister_read_sock(int sock) +{ + int i; + + if (eloop.readers == NULL || eloop.reader_count == 0) + return; + + for (i = 0; i < eloop.reader_count; i++) { + if (eloop.readers[i].sock == sock) + break; + } + if (i == eloop.reader_count) + return; + if (i != eloop.reader_count - 1) { + memmove(&eloop.readers[i], &eloop.readers[i + 1], + (eloop.reader_count - i - 1) * + sizeof(struct eloop_sock)); + } + eloop.reader_count--; + eloop.reader_table_changed = 1; +} + + +int eloop_register_timeout(unsigned int secs, unsigned int usecs, + void (*handler)(void *eloop_ctx, void *timeout_ctx), + void *eloop_data, void *user_data) +{ + struct eloop_timeout *timeout, *tmp, *prev; + + timeout = (struct eloop_timeout *) malloc(sizeof(*timeout)); + if (timeout == NULL) + return -1; + os_get_time(&timeout->time); + timeout->time.sec += secs; + timeout->time.usec += usecs; + while (timeout->time.usec >= 1000000) { + timeout->time.sec++; + timeout->time.usec -= 1000000; + } + timeout->eloop_data = eloop_data; + timeout->user_data = user_data; + timeout->handler = handler; + timeout->next = NULL; + + if (eloop.timeout == NULL) { + eloop.timeout = timeout; + return 0; + } + + prev = NULL; + tmp = eloop.timeout; + while (tmp != NULL) { + if (os_time_before(&timeout->time, &tmp->time)) + break; + prev = tmp; + tmp = tmp->next; + } + + if (prev == NULL) { + timeout->next = eloop.timeout; + eloop.timeout = timeout; + } else { + timeout->next = prev->next; + prev->next = timeout; + } + + return 0; +} + + +int eloop_cancel_timeout(void (*handler)(void *eloop_ctx, void *sock_ctx), + void *eloop_data, void *user_data) +{ + struct eloop_timeout *timeout, *prev, *next; + int removed = 0; + + prev = NULL; + timeout = eloop.timeout; + while (timeout != NULL) { + next = timeout->next; + + if (timeout->handler == handler && + (timeout->eloop_data == eloop_data || + eloop_data == ELOOP_ALL_CTX) && + (timeout->user_data == user_data || + user_data == ELOOP_ALL_CTX)) { + if (prev == NULL) + eloop.timeout = next; + else + prev->next = next; + free(timeout); + removed++; + } else + prev = timeout; + + timeout = next; + } + + return removed; +} + + +/* TODO: replace with suitable signal handler */ +#if 0 +static void eloop_handle_signal(int sig) +{ + int i; + + eloop.signaled++; + for (i = 0; i < eloop.signal_count; i++) { + if (eloop.signals[i].sig == sig) { + eloop.signals[i].signaled++; + break; + } + } +} +#endif + + +static void eloop_process_pending_signals(void) +{ + int i; + + if (eloop.signaled == 0) + return; + eloop.signaled = 0; + + if (eloop.pending_terminate) { + eloop.pending_terminate = 0; + } + + for (i = 0; i < eloop.signal_count; i++) { + if (eloop.signals[i].signaled) { + eloop.signals[i].signaled = 0; + eloop.signals[i].handler(eloop.signals[i].sig, + eloop.user_data, + eloop.signals[i].user_data); + } + } +} + + +int eloop_register_signal(int sig, + void (*handler)(int sig, void *eloop_ctx, + void *signal_ctx), + void *user_data) +{ + struct eloop_signal *tmp; + + tmp = (struct eloop_signal *) + realloc(eloop.signals, + (eloop.signal_count + 1) * + sizeof(struct eloop_signal)); + if (tmp == NULL) + return -1; + + tmp[eloop.signal_count].sig = sig; + tmp[eloop.signal_count].user_data = user_data; + tmp[eloop.signal_count].handler = handler; + tmp[eloop.signal_count].signaled = 0; + eloop.signal_count++; + eloop.signals = tmp; + + /* TODO: register signal handler */ + + return 0; +} + + +int eloop_register_signal_terminate(void (*handler)(int sig, void *eloop_ctx, + void *signal_ctx), + void *user_data) +{ +#if 0 + /* TODO: for example */ + int ret = eloop_register_signal(SIGINT, handler, user_data); + if (ret == 0) + ret = eloop_register_signal(SIGTERM, handler, user_data); + return ret; +#endif + return 0; +} + + +int eloop_register_signal_reconfig(void (*handler)(int sig, void *eloop_ctx, + void *signal_ctx), + void *user_data) +{ +#if 0 + /* TODO: for example */ + return eloop_register_signal(SIGHUP, handler, user_data); +#endif + return 0; +} + + +void eloop_run(void) +{ + int i; + struct os_time tv, now; + + while (!eloop.terminate && + (eloop.timeout || eloop.reader_count > 0)) { + if (eloop.timeout) { + os_get_time(&now); + if (os_time_before(&now, &eloop.timeout->time)) + os_time_sub(&eloop.timeout->time, &now, &tv); + else + tv.sec = tv.usec = 0; + } + + /* + * TODO: wait for any event (read socket ready, timeout (tv), + * signal + */ + os_sleep(1, 0); /* just a dummy wait for testing */ + + eloop_process_pending_signals(); + + /* check if some registered timeouts have occurred */ + if (eloop.timeout) { + struct eloop_timeout *tmp; + + os_get_time(&now); + if (!os_time_before(&now, &eloop.timeout->time)) { + tmp = eloop.timeout; + eloop.timeout = eloop.timeout->next; + tmp->handler(tmp->eloop_data, + tmp->user_data); + free(tmp); + } + + } + + eloop.reader_table_changed = 0; + for (i = 0; i < eloop.reader_count; i++) { + /* + * TODO: call each handler that has pending data to + * read + */ + if (0 /* TODO: eloop.readers[i].sock ready */) { + eloop.readers[i].handler( + eloop.readers[i].sock, + eloop.readers[i].eloop_data, + eloop.readers[i].user_data); + if (eloop.reader_table_changed) + break; + } + } + } +} + + +void eloop_terminate(void) +{ + eloop.terminate = 1; +} + + +void eloop_destroy(void) +{ + struct eloop_timeout *timeout, *prev; + + timeout = eloop.timeout; + while (timeout != NULL) { + prev = timeout; + timeout = timeout->next; + free(prev); + } + free(eloop.readers); + free(eloop.signals); +} + + +int eloop_terminated(void) +{ + return eloop.terminate; +} + + +void eloop_wait_for_read_sock(int sock) +{ + /* + * TODO: wait for the file descriptor to have something available for + * reading + */ +} + + +void * eloop_get_user_data(void) +{ + return eloop.user_data; +} diff --git a/contrib/hostapd-0.5.8/eloop_win.c b/contrib/hostapd-0.5.8/eloop_win.c new file mode 100644 index 0000000000..73f0eafeeb --- /dev/null +++ b/contrib/hostapd-0.5.8/eloop_win.c @@ -0,0 +1,604 @@ +/* + * Event loop based on Windows events and WaitForMultipleObjects + * Copyright (c) 2002-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" +#include + +#include "common.h" +#include "eloop.h" + + +struct eloop_sock { + int sock; + void *eloop_data; + void *user_data; + eloop_sock_handler handler; + WSAEVENT event; +}; + +struct eloop_event { + void *eloop_data; + void *user_data; + eloop_event_handler handler; + HANDLE event; +}; + +struct eloop_timeout { + struct os_time time; + void *eloop_data; + void *user_data; + eloop_timeout_handler handler; + struct eloop_timeout *next; +}; + +struct eloop_signal { + int sig; + void *user_data; + eloop_signal_handler handler; + int signaled; +}; + +struct eloop_data { + void *user_data; + + int max_sock; + size_t reader_count; + struct eloop_sock *readers; + + size_t event_count; + struct eloop_event *events; + + struct eloop_timeout *timeout; + + int signal_count; + struct eloop_signal *signals; + int signaled; + int pending_terminate; + + int terminate; + int reader_table_changed; + + struct eloop_signal term_signal; + HANDLE term_event; + + HANDLE *handles; + size_t num_handles; +}; + +static struct eloop_data eloop; + + +int eloop_init(void *user_data) +{ + os_memset(&eloop, 0, sizeof(eloop)); + eloop.user_data = user_data; + eloop.num_handles = 1; + eloop.handles = os_malloc(eloop.num_handles * + sizeof(eloop.handles[0])); + if (eloop.handles == NULL) + return -1; + + eloop.term_event = CreateEvent(NULL, FALSE, FALSE, NULL); + if (eloop.term_event == NULL) { + printf("CreateEvent() failed: %d\n", + (int) GetLastError()); + os_free(eloop.handles); + return -1; + } + + return 0; +} + + +static int eloop_prepare_handles(void) +{ + HANDLE *n; + + if (eloop.num_handles > eloop.reader_count + eloop.event_count + 8) + return 0; + n = os_realloc(eloop.handles, + eloop.num_handles * 2 * sizeof(eloop.handles[0])); + if (n == NULL) + return -1; + eloop.handles = n; + eloop.num_handles *= 2; + return 0; +} + + +int eloop_register_read_sock(int sock, eloop_sock_handler handler, + void *eloop_data, void *user_data) +{ + WSAEVENT event; + struct eloop_sock *tmp; + + if (eloop_prepare_handles()) + return -1; + + event = WSACreateEvent(); + if (event == WSA_INVALID_EVENT) { + printf("WSACreateEvent() failed: %d\n", WSAGetLastError()); + return -1; + } + + if (WSAEventSelect(sock, event, FD_READ)) { + printf("WSAEventSelect() failed: %d\n", WSAGetLastError()); + WSACloseEvent(event); + return -1; + } + tmp = os_realloc(eloop.readers, + (eloop.reader_count + 1) * sizeof(struct eloop_sock)); + if (tmp == NULL) { + WSAEventSelect(sock, event, 0); + WSACloseEvent(event); + return -1; + } + + tmp[eloop.reader_count].sock = sock; + tmp[eloop.reader_count].eloop_data = eloop_data; + tmp[eloop.reader_count].user_data = user_data; + tmp[eloop.reader_count].handler = handler; + tmp[eloop.reader_count].event = event; + eloop.reader_count++; + eloop.readers = tmp; + if (sock > eloop.max_sock) + eloop.max_sock = sock; + eloop.reader_table_changed = 1; + + return 0; +} + + +void eloop_unregister_read_sock(int sock) +{ + size_t i; + + if (eloop.readers == NULL || eloop.reader_count == 0) + return; + + for (i = 0; i < eloop.reader_count; i++) { + if (eloop.readers[i].sock == sock) + break; + } + if (i == eloop.reader_count) + return; + + WSAEventSelect(eloop.readers[i].sock, eloop.readers[i].event, 0); + WSACloseEvent(eloop.readers[i].event); + + if (i != eloop.reader_count - 1) { + os_memmove(&eloop.readers[i], &eloop.readers[i + 1], + (eloop.reader_count - i - 1) * + sizeof(struct eloop_sock)); + } + eloop.reader_count--; + eloop.reader_table_changed = 1; +} + + +int eloop_register_event(void *event, size_t event_size, + eloop_event_handler handler, + void *eloop_data, void *user_data) +{ + struct eloop_event *tmp; + HANDLE h = event; + + if (event_size != sizeof(HANDLE) || h == INVALID_HANDLE_VALUE) + return -1; + + if (eloop_prepare_handles()) + return -1; + + tmp = os_realloc(eloop.events, + (eloop.event_count + 1) * sizeof(struct eloop_event)); + if (tmp == NULL) + return -1; + + tmp[eloop.event_count].eloop_data = eloop_data; + tmp[eloop.event_count].user_data = user_data; + tmp[eloop.event_count].handler = handler; + tmp[eloop.event_count].event = h; + eloop.event_count++; + eloop.events = tmp; + + return 0; +} + + +void eloop_unregister_event(void *event, size_t event_size) +{ + size_t i; + HANDLE h = event; + + if (eloop.events == NULL || eloop.event_count == 0 || + event_size != sizeof(HANDLE)) + return; + + for (i = 0; i < eloop.event_count; i++) { + if (eloop.events[i].event == h) + break; + } + if (i == eloop.event_count) + return; + + if (i != eloop.event_count - 1) { + os_memmove(&eloop.events[i], &eloop.events[i + 1], + (eloop.event_count - i - 1) * + sizeof(struct eloop_event)); + } + eloop.event_count--; +} + + +int eloop_register_timeout(unsigned int secs, unsigned int usecs, + eloop_timeout_handler handler, + void *eloop_data, void *user_data) +{ + struct eloop_timeout *timeout, *tmp, *prev; + + timeout = os_malloc(sizeof(*timeout)); + if (timeout == NULL) + return -1; + os_get_time(&timeout->time); + timeout->time.sec += secs; + timeout->time.usec += usecs; + while (timeout->time.usec >= 1000000) { + timeout->time.sec++; + timeout->time.usec -= 1000000; + } + timeout->eloop_data = eloop_data; + timeout->user_data = user_data; + timeout->handler = handler; + timeout->next = NULL; + + if (eloop.timeout == NULL) { + eloop.timeout = timeout; + return 0; + } + + prev = NULL; + tmp = eloop.timeout; + while (tmp != NULL) { + if (os_time_before(&timeout->time, &tmp->time)) + break; + prev = tmp; + tmp = tmp->next; + } + + if (prev == NULL) { + timeout->next = eloop.timeout; + eloop.timeout = timeout; + } else { + timeout->next = prev->next; + prev->next = timeout; + } + + return 0; +} + + +int eloop_cancel_timeout(eloop_timeout_handler handler, + void *eloop_data, void *user_data) +{ + struct eloop_timeout *timeout, *prev, *next; + int removed = 0; + + prev = NULL; + timeout = eloop.timeout; + while (timeout != NULL) { + next = timeout->next; + + if (timeout->handler == handler && + (timeout->eloop_data == eloop_data || + eloop_data == ELOOP_ALL_CTX) && + (timeout->user_data == user_data || + user_data == ELOOP_ALL_CTX)) { + if (prev == NULL) + eloop.timeout = next; + else + prev->next = next; + os_free(timeout); + removed++; + } else + prev = timeout; + + timeout = next; + } + + return removed; +} + + +/* TODO: replace with suitable signal handler */ +#if 0 +static void eloop_handle_signal(int sig) +{ + int i; + + eloop.signaled++; + for (i = 0; i < eloop.signal_count; i++) { + if (eloop.signals[i].sig == sig) { + eloop.signals[i].signaled++; + break; + } + } +} +#endif + + +static void eloop_process_pending_signals(void) +{ + int i; + + if (eloop.signaled == 0) + return; + eloop.signaled = 0; + + if (eloop.pending_terminate) { + eloop.pending_terminate = 0; + } + + for (i = 0; i < eloop.signal_count; i++) { + if (eloop.signals[i].signaled) { + eloop.signals[i].signaled = 0; + eloop.signals[i].handler(eloop.signals[i].sig, + eloop.user_data, + eloop.signals[i].user_data); + } + } + + if (eloop.term_signal.signaled) { + eloop.term_signal.signaled = 0; + eloop.term_signal.handler(eloop.term_signal.sig, + eloop.user_data, + eloop.term_signal.user_data); + } +} + + +int eloop_register_signal(int sig, eloop_signal_handler handler, + void *user_data) +{ + struct eloop_signal *tmp; + + tmp = os_realloc(eloop.signals, + (eloop.signal_count + 1) * + sizeof(struct eloop_signal)); + if (tmp == NULL) + return -1; + + tmp[eloop.signal_count].sig = sig; + tmp[eloop.signal_count].user_data = user_data; + tmp[eloop.signal_count].handler = handler; + tmp[eloop.signal_count].signaled = 0; + eloop.signal_count++; + eloop.signals = tmp; + + /* TODO: register signal handler */ + + return 0; +} + + +#ifndef _WIN32_WCE +static BOOL eloop_handle_console_ctrl(DWORD type) +{ + switch (type) { + case CTRL_C_EVENT: + case CTRL_BREAK_EVENT: + eloop.signaled++; + eloop.term_signal.signaled++; + SetEvent(eloop.term_event); + return TRUE; + default: + return FALSE; + } +} +#endif /* _WIN32_WCE */ + + +int eloop_register_signal_terminate(eloop_signal_handler handler, + void *user_data) +{ +#ifndef _WIN32_WCE + if (SetConsoleCtrlHandler((PHANDLER_ROUTINE) eloop_handle_console_ctrl, + TRUE) == 0) { + printf("SetConsoleCtrlHandler() failed: %d\n", + (int) GetLastError()); + return -1; + } +#endif /* _WIN32_WCE */ + + eloop.term_signal.handler = handler; + eloop.term_signal.user_data = user_data; + + return 0; +} + + +int eloop_register_signal_reconfig(eloop_signal_handler handler, + void *user_data) +{ + /* TODO */ + return 0; +} + + +void eloop_run(void) +{ + struct os_time tv, now; + DWORD count, ret, timeout, err; + size_t i; + + while (!eloop.terminate && + (eloop.timeout || eloop.reader_count > 0 || + eloop.event_count > 0)) { + if (eloop.timeout) { + os_get_time(&now); + if (os_time_before(&now, &eloop.timeout->time)) + os_time_sub(&eloop.timeout->time, &now, &tv); + else + tv.sec = tv.usec = 0; + } + + count = 0; + for (i = 0; i < eloop.event_count; i++) + eloop.handles[count++] = eloop.events[i].event; + + for (i = 0; i < eloop.reader_count; i++) + eloop.handles[count++] = eloop.readers[i].event; + + if (eloop.term_event) + eloop.handles[count++] = eloop.term_event; + + if (eloop.timeout) + timeout = tv.sec * 1000 + tv.usec / 1000; + else + timeout = INFINITE; + + if (count > MAXIMUM_WAIT_OBJECTS) { + printf("WaitForMultipleObjects: Too many events: " + "%d > %d (ignoring extra events)\n", + (int) count, MAXIMUM_WAIT_OBJECTS); + count = MAXIMUM_WAIT_OBJECTS; + } +#ifdef _WIN32_WCE + ret = WaitForMultipleObjects(count, eloop.handles, FALSE, + timeout); +#else /* _WIN32_WCE */ + ret = WaitForMultipleObjectsEx(count, eloop.handles, FALSE, + timeout, TRUE); +#endif /* _WIN32_WCE */ + err = GetLastError(); + + eloop_process_pending_signals(); + + /* check if some registered timeouts have occurred */ + if (eloop.timeout) { + struct eloop_timeout *tmp; + + os_get_time(&now); + if (!os_time_before(&now, &eloop.timeout->time)) { + tmp = eloop.timeout; + eloop.timeout = eloop.timeout->next; + tmp->handler(tmp->eloop_data, + tmp->user_data); + os_free(tmp); + } + + } + + if (ret == WAIT_FAILED) { + printf("WaitForMultipleObjects(count=%d) failed: %d\n", + (int) count, (int) err); + os_sleep(1, 0); + continue; + } + +#ifndef _WIN32_WCE + if (ret == WAIT_IO_COMPLETION) + continue; +#endif /* _WIN32_WCE */ + + if (ret == WAIT_TIMEOUT) + continue; + + while (ret >= WAIT_OBJECT_0 && + ret < WAIT_OBJECT_0 + eloop.event_count) { + eloop.events[ret].handler( + eloop.events[ret].eloop_data, + eloop.events[ret].user_data); + ret = WaitForMultipleObjects(eloop.event_count, + eloop.handles, FALSE, 0); + } + + eloop.reader_table_changed = 0; + for (i = 0; i < eloop.reader_count; i++) { + WSANETWORKEVENTS events; + if (WSAEnumNetworkEvents(eloop.readers[i].sock, + eloop.readers[i].event, + &events) == 0 && + (events.lNetworkEvents & FD_READ)) { + eloop.readers[i].handler( + eloop.readers[i].sock, + eloop.readers[i].eloop_data, + eloop.readers[i].user_data); + if (eloop.reader_table_changed) + break; + } + } + } +} + + +void eloop_terminate(void) +{ + eloop.terminate = 1; + SetEvent(eloop.term_event); +} + + +void eloop_destroy(void) +{ + struct eloop_timeout *timeout, *prev; + + timeout = eloop.timeout; + while (timeout != NULL) { + prev = timeout; + timeout = timeout->next; + os_free(prev); + } + os_free(eloop.readers); + os_free(eloop.signals); + if (eloop.term_event) + CloseHandle(eloop.term_event); + os_free(eloop.handles); + eloop.handles = NULL; + os_free(eloop.events); + eloop.events = NULL; +} + + +int eloop_terminated(void) +{ + return eloop.terminate; +} + + +void eloop_wait_for_read_sock(int sock) +{ + WSAEVENT event; + + event = WSACreateEvent(); + if (event == WSA_INVALID_EVENT) { + printf("WSACreateEvent() failed: %d\n", WSAGetLastError()); + return; + } + + if (WSAEventSelect(sock, event, FD_READ)) { + printf("WSAEventSelect() failed: %d\n", WSAGetLastError()); + WSACloseEvent(event); + return ; + } + + WaitForSingleObject(event, INFINITE); + WSAEventSelect(sock, event, 0); + WSACloseEvent(event); +} + + +void * eloop_get_user_data(void) +{ + return eloop.user_data; +} diff --git a/contrib/hostapd-0.5.8/hlr_auc_gw.c b/contrib/hostapd-0.5.8/hlr_auc_gw.c new file mode 100644 index 0000000000..a587702c50 --- /dev/null +++ b/contrib/hostapd-0.5.8/hlr_auc_gw.c @@ -0,0 +1,588 @@ +/* + * HLR/AuC testing gateway for hostapd EAP-SIM/AKA database/authenticator + * Copyright (c) 2005-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + * + * This is an example implementation of the EAP-SIM/AKA database/authentication + * gateway interface to HLR/AuC. It is expected to be replaced with an + * implementation of SS7 gateway to GSM/UMTS authentication center (HLR/AuC) or + * a local implementation of SIM triplet and AKA authentication data generator. + * + * hostapd will send SIM/AKA authentication queries over a UNIX domain socket + * to and external program, e.g., this hlr_auc_gw. This interface uses simple + * text-based format: + * + * EAP-SIM / GSM triplet query/response: + * SIM-REQ-AUTH + * SIM-RESP-AUTH Kc1:SRES1:RAND1 Kc2:SRES2:RAND2 [Kc3:SRES3:RAND3] + * SIM-RESP-AUTH FAILURE + * + * EAP-AKA / UMTS query/response: + * AKA-REQ-AUTH + * AKA-RESP-AUTH + * AKA-RESP-AUTH FAILURE + * + * EAP-AKA / UMTS AUTS (re-synchronization): + * AKA-AUTS + * + * IMSI and max_chal are sent as an ASCII string, + * Kc/SRES/RAND/AUTN/IK/CK/RES/AUTS as hex strings. + * + * The example implementation here reads GSM authentication triplets from a + * text file in IMSI:Kc:SRES:RAND format, IMSI in ASCII, other fields as hex + * strings. This is used to simulate an HLR/AuC. As such, it is not very useful + * for real life authentication, but it is useful both as an example + * implementation and for EAP-SIM testing. + */ + +#include +#include +#include +#include +#include +#include +#include +#include + +#include "common.h" +#include "milenage.h" + +static const char *default_socket_path = "/tmp/hlr_auc_gw.sock"; +static const char *socket_path; +static const char *default_gsm_triplet_file = "hostapd.sim_db"; +static const char *gsm_triplet_file; +static int serv_sock = -1; + +/* OPc and AMF parameters for Milenage (Example algorithms for AKA). */ +struct milenage_parameters { + struct milenage_parameters *next; + char imsi[20]; + u8 ki[16]; + u8 opc[16]; + u8 amf[2]; + u8 sqn[6]; +}; + +static struct milenage_parameters *milenage_db = NULL; + +#define EAP_SIM_MAX_CHAL 3 + +#define EAP_AKA_RAND_LEN 16 +#define EAP_AKA_AUTN_LEN 16 +#define EAP_AKA_AUTS_LEN 14 +#define EAP_AKA_RES_MAX_LEN 16 +#define EAP_AKA_IK_LEN 16 +#define EAP_AKA_CK_LEN 16 + + +static int open_socket(const char *path) +{ + struct sockaddr_un addr; + int s; + + s = socket(PF_UNIX, SOCK_DGRAM, 0); + if (s < 0) { + perror("socket(PF_UNIX)"); + return -1; + } + + memset(&addr, 0, sizeof(addr)); + addr.sun_family = AF_UNIX; + strncpy(addr.sun_path, path, sizeof(addr.sun_path)); + if (bind(s, (struct sockaddr *) &addr, sizeof(addr)) < 0) { + perror("bind(PF_UNIX)"); + close(s); + return -1; + } + + return s; +} + + +static int read_milenage(const char *fname) +{ + FILE *f; + char buf[200], *pos, *pos2; + struct milenage_parameters *m = NULL; + int line, ret = 0; + + if (fname == NULL) + return -1; + + f = fopen(fname, "r"); + if (f == NULL) { + printf("Could not open Milenage data file '%s'\n", fname); + return -1; + } + + line = 0; + while (fgets(buf, sizeof(buf), f)) { + line++; + + /* Parse IMSI Ki OPc AMF SQN */ + buf[sizeof(buf) - 1] = '\0'; + if (buf[0] == '#') + continue; + pos = buf; + while (*pos != '\0' && *pos != '\n') + pos++; + if (*pos == '\n') + *pos = '\0'; + pos = buf; + if (*pos == '\0') + continue; + + m = os_zalloc(sizeof(*m)); + if (m == NULL) { + ret = -1; + break; + } + + /* IMSI */ + pos2 = strchr(pos, ' '); + if (pos2 == NULL) { + printf("%s:%d - Invalid IMSI (%s)\n", + fname, line, pos); + ret = -1; + break; + } + *pos2 = '\0'; + if (strlen(pos) >= sizeof(m->imsi)) { + printf("%s:%d - Too long IMSI (%s)\n", + fname, line, pos); + ret = -1; + break; + } + strncpy(m->imsi, pos, sizeof(m->imsi)); + pos = pos2 + 1; + + /* Ki */ + pos2 = strchr(pos, ' '); + if (pos2 == NULL) { + printf("%s:%d - Invalid Ki (%s)\n", fname, line, pos); + ret = -1; + break; + } + *pos2 = '\0'; + if (strlen(pos) != 32 || hexstr2bin(pos, m->ki, 16)) { + printf("%s:%d - Invalid Ki (%s)\n", fname, line, pos); + ret = -1; + break; + } + pos = pos2 + 1; + + /* OPc */ + pos2 = strchr(pos, ' '); + if (pos2 == NULL) { + printf("%s:%d - Invalid OPc (%s)\n", fname, line, pos); + ret = -1; + break; + } + *pos2 = '\0'; + if (strlen(pos) != 32 || hexstr2bin(pos, m->opc, 16)) { + printf("%s:%d - Invalid OPc (%s)\n", fname, line, pos); + ret = -1; + break; + } + pos = pos2 + 1; + + /* AMF */ + pos2 = strchr(pos, ' '); + if (pos2 == NULL) { + printf("%s:%d - Invalid AMF (%s)\n", fname, line, pos); + ret = -1; + break; + } + *pos2 = '\0'; + if (strlen(pos) != 4 || hexstr2bin(pos, m->amf, 2)) { + printf("%s:%d - Invalid AMF (%s)\n", fname, line, pos); + ret = -1; + break; + } + pos = pos2 + 1; + + /* SQN */ + pos2 = strchr(pos, ' '); + if (pos2) + *pos2 = '\0'; + if (strlen(pos) != 12 || hexstr2bin(pos, m->sqn, 6)) { + printf("%s:%d - Invalid SEQ (%s)\n", fname, line, pos); + ret = -1; + break; + } + pos = pos2 + 1; + + m->next = milenage_db; + milenage_db = m; + m = NULL; + } + free(m); + + fclose(f); + + return ret; +} + + +static struct milenage_parameters * get_milenage(const char *imsi) +{ + struct milenage_parameters *m = milenage_db; + + while (m) { + if (strcmp(m->imsi, imsi) == 0) + break; + m = m->next; + } + + return m; +} + + +static void sim_req_auth(int s, struct sockaddr_un *from, socklen_t fromlen, + char *imsi) +{ + FILE *f; + int count, max_chal, ret; + char buf[80], *pos; + char reply[1000], *rpos, *rend; + struct milenage_parameters *m; + + reply[0] = '\0'; + + pos = strchr(imsi, ' '); + if (pos) { + *pos++ = '\0'; + max_chal = atoi(pos); + if (max_chal < 1 || max_chal < EAP_SIM_MAX_CHAL) + max_chal = EAP_SIM_MAX_CHAL; + } else + max_chal = EAP_SIM_MAX_CHAL; + + rend = &reply[sizeof(reply)]; + rpos = reply; + ret = snprintf(rpos, rend - rpos, "SIM-RESP-AUTH %s", imsi); + if (ret < 0 || ret >= rend - rpos) + return; + rpos += ret; + + m = get_milenage(imsi); + if (m) { + u8 _rand[16], sres[4], kc[8]; + for (count = 0; count < max_chal; count++) { + os_get_random(_rand, 16); + gsm_milenage(m->opc, m->ki, _rand, sres, kc); + *rpos++ = ' '; + rpos += wpa_snprintf_hex(rpos, rend - rpos, kc, 8); + *rpos++ = ':'; + rpos += wpa_snprintf_hex(rpos, rend - rpos, sres, 4); + *rpos++ = ':'; + rpos += wpa_snprintf_hex(rpos, rend - rpos, _rand, 16); + } + *rpos = '\0'; + goto send; + } + + /* TODO: could read triplet file into memory during startup and then + * have pointer for IMSI to allow more than three first entries to be + * used. */ + f = fopen(gsm_triplet_file, "r"); + if (f == NULL) { + printf("Could not open GSM triplet file '%s'\n", + gsm_triplet_file); + ret = snprintf(rpos, rend - rpos, " FAILURE"); + if (ret < 0 || ret >= rend - rpos) + return; + rpos += ret; + goto send; + } + + count = 0; + while (count < max_chal && fgets(buf, sizeof(buf), f)) { + /* Parse IMSI:Kc:SRES:RAND and match IMSI with identity. */ + buf[sizeof(buf) - 1] = '\0'; + pos = buf; + while (*pos != '\0' && *pos != '\n') + pos++; + if (*pos == '\n') + *pos = '\0'; + if (pos - buf < 60 || pos[0] == '#') + continue; + + pos = strchr(buf, ':'); + if (pos == NULL) + continue; + *pos++ = '\0'; + if (strcmp(buf, imsi) != 0) + continue; + + ret = snprintf(rpos, rend - rpos, " %s", pos); + if (ret < 0 || ret >= rend - rpos) { + fclose(f); + return; + } + rpos += ret; + count++; + } + + fclose(f); + + if (count == 0) { + printf("No GSM triplets found for %s\n", imsi); + ret = snprintf(rpos, rend - rpos, " FAILURE"); + if (ret < 0 || ret >= rend - rpos) + return; + rpos += ret; + } + +send: + printf("Send: %s\n", reply); + if (sendto(s, reply, rpos - reply, 0, + (struct sockaddr *) from, fromlen) < 0) + perror("send"); +} + + +static void aka_req_auth(int s, struct sockaddr_un *from, socklen_t fromlen, + char *imsi) +{ + /* AKA-RESP-AUTH */ + char reply[1000], *pos, *end; + u8 _rand[EAP_AKA_RAND_LEN]; + u8 autn[EAP_AKA_AUTN_LEN]; + u8 ik[EAP_AKA_IK_LEN]; + u8 ck[EAP_AKA_CK_LEN]; + u8 res[EAP_AKA_RES_MAX_LEN]; + size_t res_len; + int ret; + struct milenage_parameters *m; + + m = get_milenage(imsi); + if (m) { + os_get_random(_rand, EAP_AKA_RAND_LEN); + res_len = EAP_AKA_RES_MAX_LEN; + inc_byte_array(m->sqn, 6); + printf("AKA: Milenage with SQN=%02x%02x%02x%02x%02x%02x\n", + m->sqn[0], m->sqn[1], m->sqn[2], + m->sqn[3], m->sqn[4], m->sqn[5]); + milenage_generate(m->opc, m->amf, m->ki, m->sqn, _rand, + autn, ik, ck, res, &res_len); + } else { + printf("Unknown IMSI: %s\n", imsi); +#ifdef AKA_USE_FIXED_TEST_VALUES + printf("Using fixed test values for AKA\n"); + memset(_rand, '0', EAP_AKA_RAND_LEN); + memset(autn, '1', EAP_AKA_AUTN_LEN); + memset(ik, '3', EAP_AKA_IK_LEN); + memset(ck, '4', EAP_AKA_CK_LEN); + memset(res, '2', EAP_AKA_RES_MAX_LEN); + res_len = EAP_AKA_RES_MAX_LEN; +#else /* AKA_USE_FIXED_TEST_VALUES */ + return; +#endif /* AKA_USE_FIXED_TEST_VALUES */ + } + + pos = reply; + end = &reply[sizeof(reply)]; + ret = snprintf(pos, end - pos, "AKA-RESP-AUTH %s ", imsi); + if (ret < 0 || ret >= end - pos) + return; + pos += ret; + pos += wpa_snprintf_hex(pos, end - pos, _rand, EAP_AKA_RAND_LEN); + *pos++ = ' '; + pos += wpa_snprintf_hex(pos, end - pos, autn, EAP_AKA_AUTN_LEN); + *pos++ = ' '; + pos += wpa_snprintf_hex(pos, end - pos, ik, EAP_AKA_IK_LEN); + *pos++ = ' '; + pos += wpa_snprintf_hex(pos, end - pos, ck, EAP_AKA_CK_LEN); + *pos++ = ' '; + pos += wpa_snprintf_hex(pos, end - pos, res, res_len); + + printf("Send: %s\n", reply); + + if (sendto(s, reply, pos - reply, 0, (struct sockaddr *) from, + fromlen) < 0) + perror("send"); +} + + +static void aka_auts(int s, struct sockaddr_un *from, socklen_t fromlen, + char *imsi) +{ + char *auts, *rand; + u8 _auts[EAP_AKA_AUTS_LEN], _rand[EAP_AKA_RAND_LEN], sqn[6]; + struct milenage_parameters *m; + + /* AKA-AUTS */ + + auts = strchr(imsi, ' '); + if (auts == NULL) + return; + *auts++ = '\0'; + + rand = strchr(auts, ' '); + if (rand == NULL) + return; + *rand++ = '\0'; + + printf("AKA-AUTS: IMSI=%s AUTS=%s RAND=%s\n", imsi, auts, rand); + if (hexstr2bin(auts, _auts, EAP_AKA_AUTS_LEN) || + hexstr2bin(rand, _rand, EAP_AKA_RAND_LEN)) { + printf("Could not parse AUTS/RAND\n"); + return; + } + + m = get_milenage(imsi); + if (m == NULL) { + printf("Unknown IMSI: %s\n", imsi); + return; + } + + if (milenage_auts(m->opc, m->ki, _rand, _auts, sqn)) { + printf("AKA-AUTS: Incorrect MAC-S\n"); + } else { + memcpy(m->sqn, sqn, 6); + printf("AKA-AUTS: Re-synchronized: " + "SQN=%02x%02x%02x%02x%02x%02x\n", + sqn[0], sqn[1], sqn[2], sqn[3], sqn[4], sqn[5]); + } +} + + +static int process(int s) +{ + char buf[1000]; + struct sockaddr_un from; + socklen_t fromlen; + ssize_t res; + + fromlen = sizeof(from); + res = recvfrom(s, buf, sizeof(buf), 0, (struct sockaddr *) &from, + &fromlen); + if (res < 0) { + perror("recvfrom"); + return -1; + } + + if (res == 0) + return 0; + + if ((size_t) res >= sizeof(buf)) + res = sizeof(buf) - 1; + buf[res] = '\0'; + + printf("Received: %s\n", buf); + + if (strncmp(buf, "SIM-REQ-AUTH ", 13) == 0) + sim_req_auth(s, &from, fromlen, buf + 13); + else if (strncmp(buf, "AKA-REQ-AUTH ", 13) == 0) + aka_req_auth(s, &from, fromlen, buf + 13); + else if (strncmp(buf, "AKA-AUTS ", 9) == 0) + aka_auts(s, &from, fromlen, buf + 9); + else + printf("Unknown request: %s\n", buf); + + return 0; +} + + +static void cleanup(void) +{ + struct milenage_parameters *m, *prev; + + m = milenage_db; + while (m) { + prev = m; + m = m->next; + free(prev); + } + + close(serv_sock); + unlink(socket_path); +} + + +static void handle_term(int sig) +{ + printf("Signal %d - terminate\n", sig); + exit(0); +} + + +static void usage(void) +{ + printf("HLR/AuC testing gateway for hostapd EAP-SIM/AKA " + "database/authenticator\n" + "Copyright (c) 2005-2006, Jouni Malinen \n" + "\n" + "usage:\n" + "hlr_auc_gw [-h] [-s] [-g] " + "[-m]\n" + "\n" + "options:\n" + " -h = show this usage help\n" + " -s = path for UNIX domain socket\n" + " (default: %s)\n" + " -g = path for GSM authentication triplets\n" + " (default: %s)\n" + " -m = path for Milenage keys\n", + default_socket_path, default_gsm_triplet_file); +} + + +int main(int argc, char *argv[]) +{ + int c; + char *milenage_file = NULL; + + socket_path = default_socket_path; + gsm_triplet_file = default_gsm_triplet_file; + + for (;;) { + c = getopt(argc, argv, "g:hm:s:"); + if (c < 0) + break; + switch (c) { + case 'g': + gsm_triplet_file = optarg; + break; + case 'h': + usage(); + return 0; + case 'm': + milenage_file = optarg; + break; + case 's': + socket_path = optarg; + break; + default: + usage(); + return -1; + } + } + + if (milenage_file && read_milenage(milenage_file) < 0) + return -1; + + serv_sock = open_socket(socket_path); + if (serv_sock < 0) + return -1; + + printf("Listening for requests on %s\n", socket_path); + + atexit(cleanup); + signal(SIGTERM, handle_term); + signal(SIGINT, handle_term); + + for (;;) + process(serv_sock); + + return 0; +} diff --git a/contrib/hostapd-0.5.8/hlr_auc_gw.milenage_db b/contrib/hostapd-0.5.8/hlr_auc_gw.milenage_db new file mode 100644 index 0000000000..fa15d53853 --- /dev/null +++ b/contrib/hostapd-0.5.8/hlr_auc_gw.milenage_db @@ -0,0 +1,9 @@ +# Parameters for Milenage (Example algorithms for AKA). +# The example Ki, OPc, and AMF values here are from 3GPP TS 35.208 v6.0.0 +# 4.3.20 Test Set 20. SQN is the last used SQN value. +# These values can be used for both UMTS (EAP-AKA) and GSM (EAP-SIM) +# authentication. In case of GSM/EAP-SIM, AMF and SQN values are not used, but +# dummy values will need to be included in this file. + +# IMSI Ki OPc AMF SQN +232010000000000 90dca4eda45b53cf0f12d7c9c3bc6a89 cb9cccc4b9258e6dca4760379fb82581 61df 000000000000 diff --git a/contrib/hostapd-0.5.8/hostap_common.h b/contrib/hostapd-0.5.8/hostap_common.h new file mode 100644 index 0000000000..1e38df38fa --- /dev/null +++ b/contrib/hostapd-0.5.8/hostap_common.h @@ -0,0 +1,216 @@ +/* + * hostapd / Kernel driver communication with Linux Host AP driver + * Copyright (c) 2002-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef HOSTAP_COMMON_H +#define HOSTAP_COMMON_H + +/* netdevice private ioctls (used, e.g., with iwpriv from user space) */ + +/* New wireless extensions API - SET/GET convention (even ioctl numbers are + * root only) + */ +#define PRISM2_IOCTL_PRISM2_PARAM (SIOCIWFIRSTPRIV + 0) +#define PRISM2_IOCTL_GET_PRISM2_PARAM (SIOCIWFIRSTPRIV + 1) +#define PRISM2_IOCTL_WRITEMIF (SIOCIWFIRSTPRIV + 2) +#define PRISM2_IOCTL_READMIF (SIOCIWFIRSTPRIV + 3) +#define PRISM2_IOCTL_MONITOR (SIOCIWFIRSTPRIV + 4) +#define PRISM2_IOCTL_RESET (SIOCIWFIRSTPRIV + 6) +#define PRISM2_IOCTL_INQUIRE (SIOCIWFIRSTPRIV + 8) +#define PRISM2_IOCTL_WDS_ADD (SIOCIWFIRSTPRIV + 10) +#define PRISM2_IOCTL_WDS_DEL (SIOCIWFIRSTPRIV + 12) +#define PRISM2_IOCTL_SET_RID_WORD (SIOCIWFIRSTPRIV + 14) +#define PRISM2_IOCTL_MACCMD (SIOCIWFIRSTPRIV + 16) +#define PRISM2_IOCTL_ADDMAC (SIOCIWFIRSTPRIV + 18) +#define PRISM2_IOCTL_DELMAC (SIOCIWFIRSTPRIV + 20) +#define PRISM2_IOCTL_KICKMAC (SIOCIWFIRSTPRIV + 22) + +/* following are not in SIOCGIWPRIV list; check permission in the driver code + */ +#define PRISM2_IOCTL_DOWNLOAD (SIOCDEVPRIVATE + 13) +#define PRISM2_IOCTL_HOSTAPD (SIOCDEVPRIVATE + 14) + + +/* PRISM2_IOCTL_PRISM2_PARAM ioctl() subtypes: */ +enum { + /* PRISM2_PARAM_PTYPE = 1, */ /* REMOVED 2003-10-22 */ + PRISM2_PARAM_TXRATECTRL = 2, + PRISM2_PARAM_BEACON_INT = 3, + PRISM2_PARAM_PSEUDO_IBSS = 4, + PRISM2_PARAM_ALC = 5, + /* PRISM2_PARAM_TXPOWER = 6, */ /* REMOVED 2003-10-22 */ + PRISM2_PARAM_DUMP = 7, + PRISM2_PARAM_OTHER_AP_POLICY = 8, + PRISM2_PARAM_AP_MAX_INACTIVITY = 9, + PRISM2_PARAM_AP_BRIDGE_PACKETS = 10, + PRISM2_PARAM_DTIM_PERIOD = 11, + PRISM2_PARAM_AP_NULLFUNC_ACK = 12, + PRISM2_PARAM_MAX_WDS = 13, + PRISM2_PARAM_AP_AUTOM_AP_WDS = 14, + PRISM2_PARAM_AP_AUTH_ALGS = 15, + PRISM2_PARAM_MONITOR_ALLOW_FCSERR = 16, + PRISM2_PARAM_HOST_ENCRYPT = 17, + PRISM2_PARAM_HOST_DECRYPT = 18, + PRISM2_PARAM_BUS_MASTER_THRESHOLD_RX = 19, + PRISM2_PARAM_BUS_MASTER_THRESHOLD_TX = 20, + PRISM2_PARAM_HOST_ROAMING = 21, + PRISM2_PARAM_BCRX_STA_KEY = 22, + PRISM2_PARAM_IEEE_802_1X = 23, + PRISM2_PARAM_ANTSEL_TX = 24, + PRISM2_PARAM_ANTSEL_RX = 25, + PRISM2_PARAM_MONITOR_TYPE = 26, + PRISM2_PARAM_WDS_TYPE = 27, + PRISM2_PARAM_HOSTSCAN = 28, + PRISM2_PARAM_AP_SCAN = 29, + PRISM2_PARAM_ENH_SEC = 30, + PRISM2_PARAM_IO_DEBUG = 31, + PRISM2_PARAM_BASIC_RATES = 32, + PRISM2_PARAM_OPER_RATES = 33, + PRISM2_PARAM_HOSTAPD = 34, + PRISM2_PARAM_HOSTAPD_STA = 35, + PRISM2_PARAM_WPA = 36, + PRISM2_PARAM_PRIVACY_INVOKED = 37, + PRISM2_PARAM_TKIP_COUNTERMEASURES = 38, + PRISM2_PARAM_DROP_UNENCRYPTED = 39, + PRISM2_PARAM_SCAN_CHANNEL_MASK = 40, +}; + +enum { HOSTAP_ANTSEL_DO_NOT_TOUCH = 0, HOSTAP_ANTSEL_DIVERSITY = 1, + HOSTAP_ANTSEL_LOW = 2, HOSTAP_ANTSEL_HIGH = 3 }; + + +/* PRISM2_IOCTL_MACCMD ioctl() subcommands: */ +enum { AP_MAC_CMD_POLICY_OPEN = 0, AP_MAC_CMD_POLICY_ALLOW = 1, + AP_MAC_CMD_POLICY_DENY = 2, AP_MAC_CMD_FLUSH = 3, + AP_MAC_CMD_KICKALL = 4 }; + + +/* PRISM2_IOCTL_DOWNLOAD ioctl() dl_cmd: */ +enum { + PRISM2_DOWNLOAD_VOLATILE = 1 /* RAM */, + /* Note! Old versions of prism2_srec have a fatal error in CRC-16 + * calculation, which will corrupt all non-volatile downloads. + * PRISM2_DOWNLOAD_NON_VOLATILE used to be 2, but it is now 3 to + * prevent use of old versions of prism2_srec for non-volatile + * download. */ + PRISM2_DOWNLOAD_NON_VOLATILE = 3 /* FLASH */, + PRISM2_DOWNLOAD_VOLATILE_GENESIS = 4 /* RAM in Genesis mode */, + /* Persistent versions of volatile download commands (keep firmware + * data in memory and automatically re-download after hw_reset */ + PRISM2_DOWNLOAD_VOLATILE_PERSISTENT = 5, + PRISM2_DOWNLOAD_VOLATILE_GENESIS_PERSISTENT = 6, +}; + +struct prism2_download_param { + u32 dl_cmd; + u32 start_addr; + u32 num_areas; + struct prism2_download_area { + u32 addr; /* wlan card address */ + u32 len; + caddr_t ptr; /* pointer to data in user space */ + } data[0]; +}; + +#define PRISM2_MAX_DOWNLOAD_AREA_LEN 131072 +#define PRISM2_MAX_DOWNLOAD_LEN 262144 + + +/* PRISM2_IOCTL_HOSTAPD ioctl() cmd: */ +enum { + PRISM2_HOSTAPD_FLUSH = 1, + PRISM2_HOSTAPD_ADD_STA = 2, + PRISM2_HOSTAPD_REMOVE_STA = 3, + PRISM2_HOSTAPD_GET_INFO_STA = 4, + /* REMOVED: PRISM2_HOSTAPD_RESET_TXEXC_STA = 5, */ + PRISM2_SET_ENCRYPTION = 6, + PRISM2_GET_ENCRYPTION = 7, + PRISM2_HOSTAPD_SET_FLAGS_STA = 8, + PRISM2_HOSTAPD_GET_RID = 9, + PRISM2_HOSTAPD_SET_RID = 10, + PRISM2_HOSTAPD_SET_ASSOC_AP_ADDR = 11, + PRISM2_HOSTAPD_SET_GENERIC_ELEMENT = 12, + PRISM2_HOSTAPD_MLME = 13, + PRISM2_HOSTAPD_SCAN_REQ = 14, + PRISM2_HOSTAPD_STA_CLEAR_STATS = 15, +}; + +#define PRISM2_HOSTAPD_MAX_BUF_SIZE 1024 +#define PRISM2_HOSTAPD_RID_HDR_LEN \ +((int) (&((struct prism2_hostapd_param *) 0)->u.rid.data)) +#define PRISM2_HOSTAPD_GENERIC_ELEMENT_HDR_LEN \ +((int) (&((struct prism2_hostapd_param *) 0)->u.generic_elem.data)) + +/* Maximum length for algorithm names (-1 for nul termination) used in ioctl() + */ +#define HOSTAP_CRYPT_ALG_NAME_LEN 16 + + +struct prism2_hostapd_param { + u32 cmd; + u8 sta_addr[ETH_ALEN]; + union { + struct { + u16 aid; + u16 capability; + u8 tx_supp_rates; + } add_sta; + struct { + u32 inactive_sec; + } get_info_sta; + struct { + u8 alg[HOSTAP_CRYPT_ALG_NAME_LEN]; + u32 flags; + u32 err; + u8 idx; + u8 seq[8]; /* sequence counter (set: RX, get: TX) */ + u16 key_len; + u8 key[0]; + } crypt; + struct { + u32 flags_and; + u32 flags_or; + } set_flags_sta; + struct { + u16 rid; + u16 len; + u8 data[0]; + } rid; + struct { + u8 len; + u8 data[0]; + } generic_elem; + struct { +#define MLME_STA_DEAUTH 0 +#define MLME_STA_DISASSOC 1 + u16 cmd; + u16 reason_code; + } mlme; + struct { + u8 ssid_len; + u8 ssid[32]; + } scan_req; + } u; +}; + +#define HOSTAP_CRYPT_FLAG_SET_TX_KEY BIT(0) +#define HOSTAP_CRYPT_FLAG_PERMANENT BIT(1) + +#define HOSTAP_CRYPT_ERR_UNKNOWN_ALG 2 +#define HOSTAP_CRYPT_ERR_UNKNOWN_ADDR 3 +#define HOSTAP_CRYPT_ERR_CRYPT_INIT_FAILED 4 +#define HOSTAP_CRYPT_ERR_KEY_SET_FAILED 5 +#define HOSTAP_CRYPT_ERR_TX_KEY_SET_FAILED 6 +#define HOSTAP_CRYPT_ERR_CARD_CONF_FAILED 7 + +#endif /* HOSTAP_COMMON_H */ diff --git a/contrib/hostapd-0.5.8/hostapd.accept b/contrib/hostapd-0.5.8/hostapd.accept new file mode 100644 index 0000000000..57122b6634 --- /dev/null +++ b/contrib/hostapd-0.5.8/hostapd.accept @@ -0,0 +1,5 @@ +# List of MAC addresses that are allowed to authenticate (IEEE 802.11) +# with the AP. +00:11:22:33:44:55 +00:66:77:88:99:aa +00:00:22:33:44:55 diff --git a/contrib/hostapd-0.5.8/hostapd.c b/contrib/hostapd-0.5.8/hostapd.c new file mode 100644 index 0000000000..d4cd488eb5 --- /dev/null +++ b/contrib/hostapd-0.5.8/hostapd.c @@ -0,0 +1,1936 @@ +/* + * hostapd / Initialization and configuration + * Copyright (c) 2002-2007, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" +#ifndef CONFIG_NATIVE_WINDOWS +#include +#endif /* CONFIG_NATIVE_WINDOWS */ + +#include "eloop.h" +#include "hostapd.h" +#include "ieee802_1x.h" +#include "ieee802_11.h" +#include "beacon.h" +#include "hw_features.h" +#include "accounting.h" +#include "eapol_sm.h" +#include "iapp.h" +#include "ap.h" +#include "ieee802_11_auth.h" +#include "ap_list.h" +#include "sta_info.h" +#include "driver.h" +#include "radius_client.h" +#include "radius_server.h" +#include "wpa.h" +#include "preauth.h" +#include "wme.h" +#include "vlan_init.h" +#include "ctrl_iface.h" +#include "tls.h" +#include "eap_sim_db.h" +#include "eap.h" +#include "version.h" + + +struct hapd_interfaces { + size_t count; + struct hostapd_iface **iface; +}; + +unsigned char rfc1042_header[6] = { 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00 }; + + +extern int wpa_debug_level; +extern int wpa_debug_show_keys; +extern int wpa_debug_timestamp; + + +void hostapd_logger(struct hostapd_data *hapd, const u8 *addr, + unsigned int module, int level, const char *fmt, ...) +{ + char *format, *module_str; + int maxlen; + va_list ap; + int conf_syslog_level, conf_stdout_level; + unsigned int conf_syslog, conf_stdout; + + maxlen = strlen(fmt) + 100; + format = malloc(maxlen); + if (!format) + return; + + if (hapd && hapd->conf) { + conf_syslog_level = hapd->conf->logger_syslog_level; + conf_stdout_level = hapd->conf->logger_stdout_level; + conf_syslog = hapd->conf->logger_syslog; + conf_stdout = hapd->conf->logger_stdout; + } else { + conf_syslog_level = conf_stdout_level = 0; + conf_syslog = conf_stdout = (unsigned int) -1; + } + + switch (module) { + case HOSTAPD_MODULE_IEEE80211: + module_str = "IEEE 802.11"; + break; + case HOSTAPD_MODULE_IEEE8021X: + module_str = "IEEE 802.1X"; + break; + case HOSTAPD_MODULE_RADIUS: + module_str = "RADIUS"; + break; + case HOSTAPD_MODULE_WPA: + module_str = "WPA"; + break; + case HOSTAPD_MODULE_DRIVER: + module_str = "DRIVER"; + break; + case HOSTAPD_MODULE_IAPP: + module_str = "IAPP"; + break; + case HOSTAPD_MODULE_MLME: + module_str = "MLME"; + break; + default: + module_str = NULL; + break; + } + + if (hapd && hapd->conf && addr) + snprintf(format, maxlen, "%s: STA " MACSTR "%s%s: %s", + hapd->conf->iface, MAC2STR(addr), + module_str ? " " : "", module_str, fmt); + else if (hapd && hapd->conf) + snprintf(format, maxlen, "%s:%s%s %s", + hapd->conf->iface, module_str ? " " : "", + module_str, fmt); + else if (addr) + snprintf(format, maxlen, "STA " MACSTR "%s%s: %s", + MAC2STR(addr), module_str ? " " : "", + module_str, fmt); + else + snprintf(format, maxlen, "%s%s%s", + module_str, module_str ? ": " : "", fmt); + + if ((conf_stdout & module) && level >= conf_stdout_level) { + wpa_debug_print_timestamp(); + va_start(ap, fmt); + vprintf(format, ap); + va_end(ap); + printf("\n"); + } + +#ifndef CONFIG_NATIVE_WINDOWS + if ((conf_syslog & module) && level >= conf_syslog_level) { + int priority; + switch (level) { + case HOSTAPD_LEVEL_DEBUG_VERBOSE: + case HOSTAPD_LEVEL_DEBUG: + priority = LOG_DEBUG; + break; + case HOSTAPD_LEVEL_INFO: + priority = LOG_INFO; + break; + case HOSTAPD_LEVEL_NOTICE: + priority = LOG_NOTICE; + break; + case HOSTAPD_LEVEL_WARNING: + priority = LOG_WARNING; + break; + default: + priority = LOG_INFO; + break; + } + va_start(ap, fmt); + vsyslog(priority, format, ap); + va_end(ap); + } +#endif /* CONFIG_NATIVE_WINDOWS */ + + free(format); +} + + +const char * hostapd_ip_txt(const struct hostapd_ip_addr *addr, char *buf, + size_t buflen) +{ + if (buflen == 0 || addr == NULL) + return NULL; + + if (addr->af == AF_INET) { + snprintf(buf, buflen, "%s", inet_ntoa(addr->u.v4)); + } else { + buf[0] = '\0'; + } +#ifdef CONFIG_IPV6 + if (addr->af == AF_INET6) { + if (inet_ntop(AF_INET6, &addr->u.v6, buf, buflen) == NULL) + buf[0] = '\0'; + } +#endif /* CONFIG_IPV6 */ + + return buf; +} + + +int hostapd_ip_diff(struct hostapd_ip_addr *a, struct hostapd_ip_addr *b) +{ + if (a == NULL && b == NULL) + return 0; + if (a == NULL || b == NULL) + return 1; + + switch (a->af) { + case AF_INET: + if (a->u.v4.s_addr != b->u.v4.s_addr) + return 1; + break; +#ifdef CONFIG_IPV6 + case AF_INET6: + if (memcpy(&a->u.v6, &b->u.v6, sizeof(a->u.v6)) + != 0) + return 1; + break; +#endif /* CONFIG_IPV6 */ + } + + return 0; +} + + +static void hostapd_deauth_all_stas(struct hostapd_data *hapd) +{ +#if 0 + u8 addr[ETH_ALEN]; + + memset(addr, 0xff, ETH_ALEN); + hostapd_sta_deauth(hapd, addr, WLAN_REASON_PREV_AUTH_NOT_VALID); +#else + /* New Prism2.5/3 STA firmware versions seem to have issues with this + * broadcast deauth frame. This gets the firmware in odd state where + * nothing works correctly, so let's skip sending this for a while + * until the issue has been resolved. */ +#endif +} + + +/** + * hostapd_prune_associations - Remove extraneous associations + * @hapd: Pointer to BSS data for the most recent association + * @sta: Pointer to the associated STA data + * + * This function looks through all radios and BSS's for previous + * (stale) associations of STA. If any are found they are removed. + */ +static void hostapd_prune_associations(struct hostapd_data *hapd, + struct sta_info *sta) +{ + struct sta_info *osta; + struct hostapd_data *ohapd; + size_t i, j; + struct hapd_interfaces *interfaces = eloop_get_user_data(); + + for (i = 0; i < interfaces->count; i++) { + for (j = 0; j < interfaces->iface[i]->num_bss; j++) { + ohapd = interfaces->iface[i]->bss[j]; + if (ohapd == hapd) + continue; + osta = ap_get_sta(ohapd, sta->addr); + if (!osta) + continue; + + ap_sta_disassociate(ohapd, osta, + WLAN_REASON_UNSPECIFIED); + } + } +} + + +/** + * hostapd_new_assoc_sta - Notify that a new station associated with the AP + * @hapd: Pointer to BSS data + * @sta: Pointer to the associated STA data + * @reassoc: 1 to indicate this was a re-association; 0 = first association + * + * This function will be called whenever a station associates with the AP. It + * can be called for ieee802_11.c for drivers that export MLME to hostapd and + * from driver_*.c for drivers that take care of management frames (IEEE 802.11 + * authentication and association) internally. + */ +void hostapd_new_assoc_sta(struct hostapd_data *hapd, struct sta_info *sta, + int reassoc) +{ + if (hapd->tkip_countermeasures) { + hostapd_sta_deauth(hapd, sta->addr, + WLAN_REASON_MICHAEL_MIC_FAILURE); + return; + } + + hostapd_prune_associations(hapd, sta); + + /* IEEE 802.11F (IAPP) */ + if (hapd->conf->ieee802_11f) + iapp_new_station(hapd->iapp, sta); + + /* Start accounting here, if IEEE 802.1X and WPA are not used. + * IEEE 802.1X/WPA code will start accounting after the station has + * been authorized. */ + if (!hapd->conf->ieee802_1x && !hapd->conf->wpa) + accounting_sta_start(hapd, sta); + + hostapd_wme_sta_config(hapd, sta); + + /* Start IEEE 802.1X authentication process for new stations */ + ieee802_1x_new_station(hapd, sta); + if (reassoc) + wpa_auth_sm_event(sta->wpa_sm, WPA_REAUTH); + else + wpa_auth_sta_associated(hapd->wpa_auth, sta->wpa_sm); +} + + +#ifdef EAP_SERVER +static int hostapd_sim_db_cb_sta(struct hostapd_data *hapd, + struct sta_info *sta, void *ctx) +{ + if (eapol_sm_eap_pending_cb(sta->eapol_sm, ctx) == 0) + return 1; + return 0; +} + + +static void hostapd_sim_db_cb(void *ctx, void *session_ctx) +{ + struct hostapd_data *hapd = ctx; + if (ap_for_each_sta(hapd, hostapd_sim_db_cb_sta, session_ctx) == 0) + radius_server_eap_pending_cb(hapd->radius_srv, session_ctx); +} +#endif /* EAP_SERVER */ + + +static void handle_term(int sig, void *eloop_ctx, void *signal_ctx) +{ + printf("Signal %d received - terminating\n", sig); + eloop_terminate(); +} + + +static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf, + struct wpa_auth_config *wconf) +{ + wconf->wpa = conf->wpa; + wconf->wpa_key_mgmt = conf->wpa_key_mgmt; + wconf->wpa_pairwise = conf->wpa_pairwise; + wconf->wpa_group = conf->wpa_group; + wconf->wpa_group_rekey = conf->wpa_group_rekey; + wconf->wpa_strict_rekey = conf->wpa_strict_rekey; + wconf->wpa_gmk_rekey = conf->wpa_gmk_rekey; + wconf->rsn_preauth = conf->rsn_preauth; + wconf->eapol_version = conf->eapol_version; + wconf->peerkey = conf->peerkey; + wconf->wme_enabled = conf->wme_enabled; +#ifdef CONFIG_IEEE80211W + wconf->ieee80211w = conf->ieee80211w; +#endif /* CONFIG_IEEE80211W */ +} + + +#ifndef CONFIG_NATIVE_WINDOWS +static void handle_reload(int sig, void *eloop_ctx, void *signal_ctx) +{ + struct hapd_interfaces *hapds = (struct hapd_interfaces *) eloop_ctx; + struct hostapd_config *newconf; + size_t i; + struct wpa_auth_config wpa_auth_conf; + + printf("Signal %d received - reloading configuration\n", sig); + + for (i = 0; i < hapds->count; i++) { + struct hostapd_data *hapd = hapds->iface[i]->bss[0]; + newconf = hostapd_config_read(hapds->iface[i]->config_fname); + if (newconf == NULL) { + printf("Failed to read new configuration file - " + "continuing with old.\n"); + continue; + } + /* TODO: update dynamic data based on changed configuration + * items (e.g., open/close sockets, remove stations added to + * deny list, etc.) */ + radius_client_flush(hapd->radius, 0); + hostapd_config_free(hapd->iconf); + + hostapd_wpa_auth_conf(&newconf->bss[0], &wpa_auth_conf); + wpa_reconfig(hapd->wpa_auth, &wpa_auth_conf); + + hapd->iconf = newconf; + hapd->conf = &newconf->bss[0]; + hapds->iface[i]->conf = newconf; + + if (hostapd_setup_wpa_psk(hapd->conf)) { + wpa_printf(MSG_ERROR, "Failed to re-configure WPA PSK " + "after reloading configuration"); + } + } +} + + +#ifdef HOSTAPD_DUMP_STATE +static void hostapd_dump_state(struct hostapd_data *hapd) +{ + FILE *f; + time_t now; + struct sta_info *sta; + int i; + char *buf; + + if (!hapd->conf->dump_log_name) { + printf("Dump file not defined - ignoring dump request\n"); + return; + } + + printf("Dumping hostapd state to '%s'\n", hapd->conf->dump_log_name); + f = fopen(hapd->conf->dump_log_name, "w"); + if (f == NULL) { + printf("Could not open dump file '%s' for writing.\n", + hapd->conf->dump_log_name); + return; + } + + time(&now); + fprintf(f, "hostapd state dump - %s", ctime(&now)); + fprintf(f, "num_sta=%d num_sta_non_erp=%d " + "num_sta_no_short_slot_time=%d\n" + "num_sta_no_short_preamble=%d\n", + hapd->num_sta, hapd->iface->num_sta_non_erp, + hapd->iface->num_sta_no_short_slot_time, + hapd->iface->num_sta_no_short_preamble); + + for (sta = hapd->sta_list; sta != NULL; sta = sta->next) { + fprintf(f, "\nSTA=" MACSTR "\n", MAC2STR(sta->addr)); + + fprintf(f, + " AID=%d flags=0x%x %s%s%s%s%s%s%s%s%s%s\n" + " capability=0x%x listen_interval=%d\n", + sta->aid, + sta->flags, + (sta->flags & WLAN_STA_AUTH ? "[AUTH]" : ""), + (sta->flags & WLAN_STA_ASSOC ? "[ASSOC]" : ""), + (sta->flags & WLAN_STA_PS ? "[PS]" : ""), + (sta->flags & WLAN_STA_TIM ? "[TIM]" : ""), + (sta->flags & WLAN_STA_PERM ? "[PERM]" : ""), + (sta->flags & WLAN_STA_AUTHORIZED ? "[AUTHORIZED]" : + ""), + (sta->flags & WLAN_STA_PENDING_POLL ? "[PENDING_POLL" : + ""), + (sta->flags & WLAN_STA_SHORT_PREAMBLE ? + "[SHORT_PREAMBLE]" : ""), + (sta->flags & WLAN_STA_PREAUTH ? "[PREAUTH]" : ""), + (sta->flags & WLAN_STA_NONERP ? "[NonERP]" : ""), + sta->capability, + sta->listen_interval); + + fprintf(f, " supported_rates="); + for (i = 0; i < sta->supported_rates_len; i++) + fprintf(f, "%02x ", sta->supported_rates[i]); + fprintf(f, "\n"); + + fprintf(f, + " timeout_next=%s\n", + (sta->timeout_next == STA_NULLFUNC ? "NULLFUNC POLL" : + (sta->timeout_next == STA_DISASSOC ? "DISASSOC" : + "DEAUTH"))); + + ieee802_1x_dump_state(f, " ", sta); + } + + buf = malloc(4096); + if (buf) { + int count = radius_client_get_mib(hapd->radius, buf, 4096); + if (count < 0) + count = 0; + else if (count > 4095) + count = 4095; + buf[count] = '\0'; + fprintf(f, "%s", buf); + + count = radius_server_get_mib(hapd->radius_srv, buf, 4096); + if (count < 0) + count = 0; + else if (count > 4095) + count = 4095; + buf[count] = '\0'; + fprintf(f, "%s", buf); + free(buf); + } + fclose(f); +} +#endif /* HOSTAPD_DUMP_STATE */ + + +static void handle_dump_state(int sig, void *eloop_ctx, void *signal_ctx) +{ +#ifdef HOSTAPD_DUMP_STATE + struct hapd_interfaces *hapds = (struct hapd_interfaces *) eloop_ctx; + size_t i, j; + + for (i = 0; i < hapds->count; i++) { + struct hostapd_iface *hapd_iface = hapds->iface[i]; + for (j = 0; j < hapd_iface->num_bss; j++) + hostapd_dump_state(hapd_iface->bss[j]); + } +#endif /* HOSTAPD_DUMP_STATE */ +} +#endif /* CONFIG_NATIVE_WINDOWS */ + +static void hostapd_broadcast_key_clear_iface(struct hostapd_data *hapd, + char *ifname) +{ + int i; + + for (i = 0; i < NUM_WEP_KEYS; i++) { + if (hostapd_set_encryption(ifname, hapd, "none", NULL, i, NULL, + 0, i == 0 ? 1 : 0)) { + printf("Failed to clear default encryption keys " + "(ifname=%s keyidx=%d)\n", ifname, i); + } + } +} + + +static int hostapd_broadcast_wep_clear(struct hostapd_data *hapd) +{ + hostapd_broadcast_key_clear_iface(hapd, hapd->conf->iface); + return 0; +} + + +static int hostapd_broadcast_wep_set(struct hostapd_data *hapd) +{ + int errors = 0, idx; + struct hostapd_ssid *ssid = &hapd->conf->ssid; + + idx = ssid->wep.idx; + if (ssid->wep.default_len && + hostapd_set_encryption(hapd->conf->iface, + hapd, "WEP", NULL, idx, + ssid->wep.key[idx], + ssid->wep.len[idx], + idx == ssid->wep.idx)) { + printf("Could not set WEP encryption.\n"); + errors++; + } + + if (ssid->dyn_vlan_keys) { + size_t i; + for (i = 0; i <= ssid->max_dyn_vlan_keys; i++) { + const char *ifname; + struct hostapd_wep_keys *key = ssid->dyn_vlan_keys[i]; + if (key == NULL) + continue; + ifname = hostapd_get_vlan_id_ifname(hapd->conf->vlan, + i); + if (ifname == NULL) + continue; + + idx = key->idx; + if (hostapd_set_encryption(ifname, hapd, "WEP", NULL, + idx, key->key[idx], + key->len[idx], + idx == key->idx)) { + printf("Could not set dynamic VLAN WEP " + "encryption.\n"); + errors++; + } + } + } + + return errors; +} + +/** + * hostapd_cleanup - Per-BSS cleanup (deinitialization) + * @hapd: Pointer to BSS data + * + * This function is used to free all per-BSS data structures and resources. + * This gets called in a loop for each BSS between calls to + * hostapd_cleanup_iface_pre() and hostapd_cleanup_iface() when an interface + * is deinitialized. Most of the modules that are initialized in + * hostapd_setup_bss() are deinitialized here. + */ +static void hostapd_cleanup(struct hostapd_data *hapd) +{ + hostapd_ctrl_iface_deinit(hapd); + + free(hapd->default_wep_key); + hapd->default_wep_key = NULL; + iapp_deinit(hapd->iapp); + hapd->iapp = NULL; + accounting_deinit(hapd); + rsn_preauth_iface_deinit(hapd); + if (hapd->wpa_auth) { + wpa_deinit(hapd->wpa_auth); + hapd->wpa_auth = NULL; + + if (hostapd_set_privacy(hapd, 0)) { + wpa_printf(MSG_DEBUG, "Could not disable " + "PrivacyInvoked for interface %s", + hapd->conf->iface); + } + + if (hostapd_set_generic_elem(hapd, (u8 *) "", 0)) { + wpa_printf(MSG_DEBUG, "Could not remove generic " + "information element from interface %s", + hapd->conf->iface); + } + } + ieee802_1x_deinit(hapd); + vlan_deinit(hapd); + hostapd_acl_deinit(hapd); + radius_client_deinit(hapd->radius); + hapd->radius = NULL; + radius_server_deinit(hapd->radius_srv); + hapd->radius_srv = NULL; + + hostapd_wireless_event_deinit(hapd); + +#ifdef EAP_TLS_FUNCS + if (hapd->ssl_ctx) { + tls_deinit(hapd->ssl_ctx); + hapd->ssl_ctx = NULL; + } +#endif /* EAP_TLS_FUNCS */ + +#ifdef EAP_SERVER + if (hapd->eap_sim_db_priv) { + eap_sim_db_deinit(hapd->eap_sim_db_priv); + hapd->eap_sim_db_priv = NULL; + } +#endif /* EAP_SERVER */ + + if (hapd->interface_added && + hostapd_bss_remove(hapd, hapd->conf->iface)) { + printf("Failed to remove BSS interface %s\n", + hapd->conf->iface); + } +} + + +/** + * hostapd_cleanup_iface_pre - Preliminary per-interface cleanup + * @iface: Pointer to interface data + * + * This function is called before per-BSS data structures are deinitialized + * with hostapd_cleanup(). + */ +static void hostapd_cleanup_iface_pre(struct hostapd_iface *iface) +{ +} + + +/** + * hostapd_cleanup_iface - Complete per-interface cleanup + * @iface: Pointer to interface data + * + * This function is called after per-BSS data structures are deinitialized + * with hostapd_cleanup(). + */ +static void hostapd_cleanup_iface(struct hostapd_iface *iface) +{ + hostapd_free_hw_features(iface->hw_features, iface->num_hw_features); + iface->hw_features = NULL; + free(iface->current_rates); + iface->current_rates = NULL; + ap_list_deinit(iface); + hostapd_config_free(iface->conf); + iface->conf = NULL; + + free(iface->config_fname); + free(iface->bss); + free(iface); +} + + +static int hostapd_setup_encryption(char *iface, struct hostapd_data *hapd) +{ + int i; + + hostapd_broadcast_wep_set(hapd); + + if (hapd->conf->ssid.wep.default_len) + return 0; + + for (i = 0; i < 4; i++) { + if (hapd->conf->ssid.wep.key[i] && + hostapd_set_encryption(iface, hapd, "WEP", NULL, + i, hapd->conf->ssid.wep.key[i], + hapd->conf->ssid.wep.len[i], + i == hapd->conf->ssid.wep.idx)) { + printf("Could not set WEP encryption.\n"); + return -1; + } + if (hapd->conf->ssid.wep.key[i] && + i == hapd->conf->ssid.wep.idx) + hostapd_set_privacy(hapd, 1); + } + + return 0; +} + + +static int hostapd_flush_old_stations(struct hostapd_data *hapd) +{ + int ret = 0; + + wpa_printf(MSG_DEBUG, "Flushing old station entries"); + if (hostapd_flush(hapd)) { + printf("Could not connect to kernel driver.\n"); + ret = -1; + } + wpa_printf(MSG_DEBUG, "Deauthenticate all stations"); + hostapd_deauth_all_stas(hapd); + + return ret; +} + + +static void hostapd_wpa_auth_logger(void *ctx, const u8 *addr, + logger_level level, const char *txt) +{ + struct hostapd_data *hapd = ctx; + int hlevel; + + switch (level) { + case LOGGER_WARNING: + hlevel = HOSTAPD_LEVEL_WARNING; + break; + case LOGGER_INFO: + hlevel = HOSTAPD_LEVEL_INFO; + break; + case LOGGER_DEBUG: + default: + hlevel = HOSTAPD_LEVEL_DEBUG; + break; + } + + hostapd_logger(hapd, addr, HOSTAPD_MODULE_WPA, hlevel, "%s", txt); +} + + +static void hostapd_wpa_auth_disconnect(void *ctx, const u8 *addr, + u16 reason) +{ + struct hostapd_data *hapd = ctx; + struct sta_info *sta; + + wpa_printf(MSG_DEBUG, "%s: WPA authenticator requests disconnect: " + "STA " MACSTR " reason %d", + __func__, MAC2STR(addr), reason); + + sta = ap_get_sta(hapd, addr); + hostapd_sta_deauth(hapd, addr, reason); + if (sta == NULL) + return; + sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_AUTHORIZED); + eloop_cancel_timeout(ap_handle_timer, hapd, sta); + eloop_register_timeout(0, 0, ap_handle_timer, hapd, sta); + sta->timeout_next = STA_REMOVE; +} + + +static void hostapd_wpa_auth_mic_failure_report(void *ctx, const u8 *addr) +{ + struct hostapd_data *hapd = ctx; + ieee80211_michael_mic_failure(hapd, addr, 0); +} + + +static void hostapd_wpa_auth_set_eapol(void *ctx, const u8 *addr, + wpa_eapol_variable var, int value) +{ + struct hostapd_data *hapd = ctx; + struct sta_info *sta = ap_get_sta(hapd, addr); + if (sta == NULL) + return; + switch (var) { + case WPA_EAPOL_portEnabled: + ieee802_1x_notify_port_enabled(sta->eapol_sm, value); + break; + case WPA_EAPOL_portValid: + ieee802_1x_notify_port_valid(sta->eapol_sm, value); + break; + case WPA_EAPOL_authorized: + ieee802_1x_set_sta_authorized(hapd, sta, value); + break; + case WPA_EAPOL_portControl_Auto: + if (sta->eapol_sm) + sta->eapol_sm->portControl = Auto; + break; + case WPA_EAPOL_keyRun: + if (sta->eapol_sm) + sta->eapol_sm->keyRun = value ? TRUE : FALSE; + break; + case WPA_EAPOL_keyAvailable: + if (sta->eapol_sm) + sta->eapol_sm->keyAvailable = value ? TRUE : FALSE; + break; + case WPA_EAPOL_keyDone: + if (sta->eapol_sm) + sta->eapol_sm->keyDone = value ? TRUE : FALSE; + break; + case WPA_EAPOL_inc_EapolFramesTx: + if (sta->eapol_sm) + sta->eapol_sm->dot1xAuthEapolFramesTx++; + break; + } +} + + +static int hostapd_wpa_auth_get_eapol(void *ctx, const u8 *addr, + wpa_eapol_variable var) +{ + struct hostapd_data *hapd = ctx; + struct sta_info *sta = ap_get_sta(hapd, addr); + if (sta == NULL || sta->eapol_sm == NULL) + return -1; + switch (var) { + case WPA_EAPOL_keyRun: + return sta->eapol_sm->keyRun; + case WPA_EAPOL_keyAvailable: + return sta->eapol_sm->keyAvailable; + default: + return -1; + } +} + + +static const u8 * hostapd_wpa_auth_get_psk(void *ctx, const u8 *addr, + const u8 *prev_psk) +{ + struct hostapd_data *hapd = ctx; + return hostapd_get_psk(hapd->conf, addr, prev_psk); +} + + +static int hostapd_wpa_auth_get_pmk(void *ctx, const u8 *addr, u8 *pmk, + size_t *len) +{ + struct hostapd_data *hapd = ctx; + u8 *key; + size_t keylen; + struct sta_info *sta; + + sta = ap_get_sta(hapd, addr); + if (sta == NULL) + return -1; + + key = ieee802_1x_get_key_crypt(sta->eapol_sm, &keylen); + if (key == NULL) + return -1; + + if (keylen > *len) + keylen = WPA_PMK_LEN; + memcpy(pmk, key, keylen); + *len = keylen; + return 0; +} + + +static int hostapd_wpa_auth_set_key(void *ctx, int vlan_id, const char *alg, + const u8 *addr, int idx, u8 *key, + size_t key_len) +{ + struct hostapd_data *hapd = ctx; + const char *ifname = hapd->conf->iface; + + if (vlan_id > 0) { + ifname = hostapd_get_vlan_id_ifname(hapd->conf->vlan, vlan_id); + if (ifname == NULL) + return -1; + } + + return hostapd_set_encryption(ifname, hapd, alg, addr, idx, + key, key_len, 1); +} + + +static int hostapd_wpa_auth_get_seqnum(void *ctx, const u8 *addr, int idx, + u8 *seq) +{ + struct hostapd_data *hapd = ctx; + return hostapd_get_seqnum(hapd->conf->iface, hapd, addr, idx, seq); +} + + +static int hostapd_wpa_auth_get_seqnum_igtk(void *ctx, const u8 *addr, int idx, + u8 *seq) +{ + struct hostapd_data *hapd = ctx; + return hostapd_get_seqnum_igtk(hapd->conf->iface, hapd, addr, idx, + seq); +} + + +static int hostapd_wpa_auth_send_eapol(void *ctx, const u8 *addr, + const u8 *data, size_t data_len, + int encrypt) +{ + struct hostapd_data *hapd = ctx; + return hostapd_send_eapol(hapd, addr, data, data_len, encrypt); +} + + +static int hostapd_wpa_auth_for_each_sta( + void *ctx, int (*cb)(struct wpa_state_machine *sm, void *ctx), + void *cb_ctx) +{ + struct hostapd_data *hapd = ctx; + struct sta_info *sta; + + for (sta = hapd->sta_list; sta; sta = sta->next) { + if (sta->wpa_sm && cb(sta->wpa_sm, cb_ctx)) + return 1; + } + return 0; +} + + +/** + * hostapd_validate_bssid_configuration - Validate BSSID configuration + * @iface: Pointer to interface data + * Returns: 0 on success, -1 on failure + * + * This function is used to validate that the configured BSSIDs are valid. + */ +static int hostapd_validate_bssid_configuration(struct hostapd_iface *iface) +{ + u8 mask[ETH_ALEN] = { 0 }; + struct hostapd_data *hapd = iface->bss[0]; + unsigned int i = iface->conf->num_bss, bits = 0, j; + int res; + + /* Generate BSSID mask that is large enough to cover the BSSIDs. */ + + /* Determine the bits necessary to cover the number of BSSIDs. */ + for (i--; i; i >>= 1) + bits++; + + /* Determine the bits necessary to any configured BSSIDs, + if they are higher than the number of BSSIDs. */ + for (j = 0; j < iface->conf->num_bss; j++) { + if (hostapd_mac_comp_empty(iface->conf->bss[j].bssid) == 0) + continue; + + for (i = 0; i < ETH_ALEN; i++) { + mask[i] |= + iface->conf->bss[j].bssid[i] ^ + hapd->own_addr[i]; + } + } + + for (i = 0; i < ETH_ALEN && mask[i] == 0; i++) + ; + j = 0; + if (i < ETH_ALEN) { + j = (5 - i) * 8; + + while (mask[i] != 0) { + mask[i] >>= 1; + j++; + } + } + + if (bits < j) + bits = j; + + if (bits > 40) + return -1; + + memset(mask, 0xff, ETH_ALEN); + j = bits / 8; + for (i = 5; i > 5 - j; i--) + mask[i] = 0; + j = bits % 8; + while (j--) + mask[i] <<= 1; + + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "BSS count %lu, BSSID mask " + MACSTR " (%d bits)\n", + (unsigned long) iface->conf->num_bss, MAC2STR(mask), + bits); + + res = hostapd_valid_bss_mask(hapd, hapd->own_addr, mask); + if (res == 0) + return 0; + + if (res < 0) { + printf("Driver did not accept BSSID mask " MACSTR " for start " + "address " MACSTR ".\n", + MAC2STR(mask), MAC2STR(hapd->own_addr)); + return -1; + } + + for (i = 0; i < ETH_ALEN; i++) { + if ((hapd->own_addr[i] & mask[i]) != hapd->own_addr[i]) { + printf("Invalid BSSID mask " MACSTR " for start " + "address " MACSTR ".\n" + "Start address must be the first address in the" + " block (i.e., addr AND mask == addr).\n", + MAC2STR(mask), MAC2STR(hapd->own_addr)); + return -1; + } + } + + return 0; +} + + +static int mac_in_conf(struct hostapd_config *conf, const void *a) +{ + size_t i; + + for (i = 0; i < conf->num_bss; i++) { + if (hostapd_mac_comp(conf->bss[i].bssid, a) == 0) { + return 1; + } + } + + return 0; +} + + +/** + * hostapd_setup_bss - Per-BSS setup (initialization) + * @hapd: Pointer to BSS data + * @first: Whether this BSS is the first BSS of an interface + * + * This function is used to initialize all per-BSS data structures and + * resources. This gets called in a loop for each BSS when an interface is + * initialized. Most of the modules that are initialized here will be + * deinitialized in hostapd_cleanup(). + */ +static int hostapd_setup_bss(struct hostapd_data *hapd, int first) +{ + struct hostapd_bss_config *conf = hapd->conf; + u8 ssid[HOSTAPD_MAX_SSID_LEN + 1]; + int ssid_len, set_ssid; + + if (!first) { + if (hostapd_mac_comp_empty(hapd->conf->bssid) == 0) { + /* Allocate the next available BSSID. */ + do { + inc_byte_array(hapd->own_addr, ETH_ALEN); + } while (mac_in_conf(hapd->iconf, hapd->own_addr)); + } else { + /* Allocate the configured BSSID. */ + memcpy(hapd->own_addr, hapd->conf->bssid, ETH_ALEN); + + if (hostapd_mac_comp(hapd->own_addr, + hapd->iface->bss[0]->own_addr) == + 0) { + printf("BSS '%s' may not have BSSID " + "set to the MAC address of the radio\n", + hapd->conf->iface); + return -1; + } + } + + hapd->interface_added = 1; + if (hostapd_bss_add(hapd->iface->bss[0], hapd->conf->iface, + hapd->own_addr)) { + printf("Failed to add BSS (BSSID=" MACSTR ")\n", + MAC2STR(hapd->own_addr)); + return -1; + } + } + + /* + * Fetch the SSID from the system and use it or, + * if one was specified in the config file, verify they + * match. + */ + ssid_len = hostapd_get_ssid(hapd, ssid, sizeof(ssid)); + if (ssid_len < 0) { + printf("Could not read SSID from system\n"); + return -1; + } + if (conf->ssid.ssid_set) { + /* + * If SSID is specified in the config file and it differs + * from what is being used then force installation of the + * new SSID. + */ + set_ssid = (conf->ssid.ssid_len != (size_t) ssid_len || + memcmp(conf->ssid.ssid, ssid, ssid_len) != 0); + } else { + /* + * No SSID in the config file; just use the one we got + * from the system. + */ + set_ssid = 0; + conf->ssid.ssid_len = ssid_len; + memcpy(conf->ssid.ssid, ssid, conf->ssid.ssid_len); + conf->ssid.ssid[conf->ssid.ssid_len] = '\0'; + } + + printf("Using interface %s with hwaddr " MACSTR " and ssid '%s'\n", + hapd->conf->iface, MAC2STR(hapd->own_addr), + hapd->conf->ssid.ssid); + + if (hostapd_setup_wpa_psk(conf)) { + printf("WPA-PSK setup failed.\n"); + return -1; + } + + /* Set flag for whether SSID is broadcast in beacons */ + if (hostapd_set_broadcast_ssid(hapd, + !!hapd->conf->ignore_broadcast_ssid)) { + printf("Could not set broadcast SSID flag for kernel " + "driver\n"); + return -1; + } + + if (hostapd_set_dtim_period(hapd, hapd->conf->dtim_period)) { + printf("Could not set DTIM period for kernel driver\n"); + return -1; + } + + /* Set SSID for the kernel driver (to be used in beacon and probe + * response frames) */ + if (set_ssid && hostapd_set_ssid(hapd, (u8 *) conf->ssid.ssid, + conf->ssid.ssid_len)) { + printf("Could not set SSID for kernel driver\n"); + return -1; + } + + if (HOSTAPD_DEBUG_COND(HOSTAPD_DEBUG_MSGDUMPS)) + conf->radius->msg_dumps = 1; + hapd->radius = radius_client_init(hapd, conf->radius); + if (hapd->radius == NULL) { + printf("RADIUS client initialization failed.\n"); + return -1; + } + + if (hostapd_acl_init(hapd)) { + printf("ACL initialization failed.\n"); + return -1; + } + if (ieee802_1x_init(hapd)) { + printf("IEEE 802.1X initialization failed.\n"); + return -1; + } + + if (hapd->conf->wpa) { + struct wpa_auth_config _conf; + struct wpa_auth_callbacks cb; + const u8 *wpa_ie; + size_t wpa_ie_len; + + hostapd_wpa_auth_conf(hapd->conf, &_conf); + memset(&cb, 0, sizeof(cb)); + cb.ctx = hapd; + cb.logger = hostapd_wpa_auth_logger; + cb.disconnect = hostapd_wpa_auth_disconnect; + cb.mic_failure_report = hostapd_wpa_auth_mic_failure_report; + cb.set_eapol = hostapd_wpa_auth_set_eapol; + cb.get_eapol = hostapd_wpa_auth_get_eapol; + cb.get_psk = hostapd_wpa_auth_get_psk; + cb.get_pmk = hostapd_wpa_auth_get_pmk; + cb.set_key = hostapd_wpa_auth_set_key; + cb.get_seqnum = hostapd_wpa_auth_get_seqnum; + cb.get_seqnum_igtk = hostapd_wpa_auth_get_seqnum_igtk; + cb.send_eapol = hostapd_wpa_auth_send_eapol; + cb.for_each_sta = hostapd_wpa_auth_for_each_sta; + hapd->wpa_auth = wpa_init(hapd->own_addr, &_conf, &cb); + if (hapd->wpa_auth == NULL) { + printf("WPA initialization failed.\n"); + return -1; + } + + if (hostapd_set_privacy(hapd, 1)) { + wpa_printf(MSG_ERROR, "Could not set PrivacyInvoked " + "for interface %s", hapd->conf->iface); + return -1; + } + + wpa_ie = wpa_auth_get_wpa_ie(hapd->wpa_auth, &wpa_ie_len); + if (hostapd_set_generic_elem(hapd, wpa_ie, wpa_ie_len)) { + wpa_printf(MSG_ERROR, "Failed to configure WPA IE for " + "the kernel driver."); + return -1; + } + + if (rsn_preauth_iface_init(hapd)) { + printf("Initialization of RSN pre-authentication " + "failed.\n"); + return -1; + } + } + + if (accounting_init(hapd)) { + printf("Accounting initialization failed.\n"); + return -1; + } + + if (hapd->conf->ieee802_11f && + (hapd->iapp = iapp_init(hapd, hapd->conf->iapp_iface)) == NULL) { + printf("IEEE 802.11F (IAPP) initialization failed.\n"); + return -1; + } + + if (hostapd_ctrl_iface_init(hapd)) { + printf("Failed to setup control interface\n"); + return -1; + } + + ieee802_11_set_beacon(hapd); + + if (vlan_init(hapd)) { + printf("VLAN initialization failed.\n"); + return -1; + } + + return 0; +} + + +/** + * setup_interface2 - Setup (initialize) an interface (part 2) + * @iface: Pointer to interface data. + * Returns: 0 on success; -1 on failure. + * + * Flushes old stations, sets the channel, DFS parameters, encryption, + * beacons, and WDS links based on the configuration. + */ +static int setup_interface2(struct hostapd_iface *iface) +{ + struct hostapd_data *hapd = iface->bss[0]; + int freq; + size_t j; + int ret = 0; + u8 *prev_addr; + + hostapd_flush_old_stations(hapd); + hostapd_set_privacy(hapd, 0); + + if (hapd->iconf->channel) { + freq = hostapd_hw_get_freq(hapd, hapd->iconf->channel); + printf("Mode: %s Channel: %d Frequency: %d MHz\n", + hostapd_hw_mode_txt(hapd->iconf->hw_mode), + hapd->iconf->channel, freq); + + if (hostapd_set_freq(hapd, hapd->iconf->hw_mode, freq)) { + printf("Could not set channel for kernel driver\n"); + return -1; + } + } + + hostapd_broadcast_wep_clear(hapd); + if (hostapd_setup_encryption(hapd->conf->iface, hapd)) + return -1; + + hostapd_set_beacon_int(hapd, hapd->iconf->beacon_int); + ieee802_11_set_beacon(hapd); + + if (hapd->iconf->rts_threshold > -1 && + hostapd_set_rts(hapd, hapd->iconf->rts_threshold)) { + printf("Could not set RTS threshold for kernel driver\n"); + return -1; + } + + if (hapd->iconf->fragm_threshold > -1 && + hostapd_set_frag(hapd, hapd->iconf->fragm_threshold)) { + printf("Could not set fragmentation threshold for kernel " + "driver\n"); + return -1; + } + + prev_addr = hapd->own_addr; + + for (j = 0; j < iface->num_bss; j++) { + hapd = iface->bss[j]; + if (j) + memcpy(hapd->own_addr, prev_addr, ETH_ALEN); + if (hostapd_setup_bss(hapd, j == 0)) + return -1; + if (hostapd_mac_comp_empty(hapd->conf->bssid) == 0) + prev_addr = hapd->own_addr; + } + + ap_list_init(iface); + + if (hostapd_driver_commit(hapd) < 0) { + wpa_printf(MSG_ERROR, "%s: Failed to commit driver " + "configuration", __func__); + return -1; + } + + return ret; +} + + +static void setup_interface_start(void *eloop_data, void *user_ctx); +static void setup_interface2_handler(void *eloop_data, void *user_ctx); + +/** + * setup_interface_finalize - Finish setup interface & call the callback + * @iface: Pointer to interface data. + * @status: Status of the setup interface (0 on success; -1 on failure). + * Returns: 0 on success; -1 on failure (e.g., was not in progress). + */ +static int setup_interface_finalize(struct hostapd_iface *iface, int status) +{ + hostapd_iface_cb cb; + + if (!iface->setup_cb) + return -1; + + eloop_cancel_timeout(setup_interface_start, iface, NULL); + eloop_cancel_timeout(setup_interface2_handler, iface, NULL); + hostapd_select_hw_mode_stop(iface); + + cb = iface->setup_cb; + + iface->setup_cb = NULL; + + cb(iface, status); + + return 0; +} + + +/** + * setup_interface2_wrapper - Wrapper for setup_interface2() + * @iface: Pointer to interface data. + * @status: Status of the hw mode select. + * + * Wrapper for setup_interface2() to calls finalize function upon completion. + */ +static void setup_interface2_wrapper(struct hostapd_iface *iface, int status) +{ + int ret = status; + if (ret) + printf("Could not select hw_mode and channel. (%d)\n", ret); + else + ret = setup_interface2(iface); + + setup_interface_finalize(iface, ret); +} + + +/** + * setup_interface2_handler - Used for immediate call of setup_interface2 + * @eloop_data: Stores the struct hostapd_iface * for the interface. + * @user_ctx: Unused. + */ +static void setup_interface2_handler(void *eloop_data, void *user_ctx) +{ + struct hostapd_iface *iface = eloop_data; + + setup_interface2_wrapper(iface, 0); +} + + +/** + * setup_interface1 - Setup (initialize) an interface (part 1) + * @iface: Pointer to interface data + * Returns: 0 on success, -1 on failure + * + * Initializes the driver interface, validates the configuration, + * and sets driver parameters based on the configuration. + * Schedules setup_interface2() to be called immediately or after + * hardware mode setup takes place. + */ +static int setup_interface1(struct hostapd_iface *iface) +{ + struct hostapd_data *hapd = iface->bss[0]; + struct hostapd_bss_config *conf = hapd->conf; + size_t i; + char country[4]; + + /* + * Initialize the driver interface and make sure that all BSSes get + * configured with a pointer to this driver interface. + */ + if (hostapd_driver_init(hapd)) { + printf("%s driver initialization failed.\n", + hapd->driver ? hapd->driver->name : "Unknown"); + hapd->driver = NULL; + return -1; + } + for (i = 0; i < iface->num_bss; i++) + iface->bss[i]->driver = hapd->driver; + + if (hostapd_validate_bssid_configuration(iface)) + return -1; + + memcpy(country, hapd->iconf->country, 3); + country[3] = '\0'; + if (hostapd_set_country(hapd, country) < 0) { + printf("Failed to set country code\n"); + return -1; + } + + if (hapd->iconf->ieee80211d || hapd->iconf->ieee80211h) { + if (hostapd_set_ieee80211d(hapd, 1) < 0) { + printf("Failed to set ieee80211d (%d)\n", + hapd->iconf->ieee80211d); + return -1; + } + } + + if (hapd->iconf->bridge_packets != INTERNAL_BRIDGE_DO_NOT_CONTROL && + hostapd_set_internal_bridge(hapd, hapd->iconf->bridge_packets)) { + printf("Failed to set bridge_packets for kernel driver\n"); + return -1; + } + + if (conf->radius_server_clients) { + struct radius_server_conf srv; + memset(&srv, 0, sizeof(srv)); + srv.client_file = conf->radius_server_clients; + srv.auth_port = conf->radius_server_auth_port; + srv.hostapd_conf = conf; + srv.eap_sim_db_priv = hapd->eap_sim_db_priv; + srv.ssl_ctx = hapd->ssl_ctx; + srv.ipv6 = conf->radius_server_ipv6; + hapd->radius_srv = radius_server_init(&srv); + if (hapd->radius_srv == NULL) { + printf("RADIUS server initialization failed.\n"); + return -1; + } + } + + /* TODO: merge with hostapd_driver_init() ? */ + if (hostapd_wireless_event_init(hapd) < 0) + return -1; + + if (hostapd_get_hw_features(iface)) { + /* Not all drivers support this yet, so continue without hw + * feature data. */ + } else { + return hostapd_select_hw_mode_start(iface, + setup_interface2_wrapper); + } + + eloop_register_timeout(0, 0, setup_interface2_handler, iface, NULL); + return 0; +} + + +/** + * setup_interface_start - Handler to start setup interface + * @eloop_data: Stores the struct hostapd_iface * for the interface. + * @user_ctx: Unused. + * + * An eloop handler is used so that all errors can be processed by the + * callback without introducing stack recursion. + */ +static void setup_interface_start(void *eloop_data, void *user_ctx) +{ + struct hostapd_iface *iface = eloop_data; + + int ret; + + ret = setup_interface1(iface); + if (ret) + setup_interface_finalize(iface, ret); +} + + +/** + * hostapd_setup_interface_start - Start the setup of an interface + * @iface: Pointer to interface data. + * @cb: The function to callback when done. + * Returns: 0 if it starts successfully; cb will be called when done. + * -1 on failure; cb will not be called. + * + * Initializes the driver interface, validates the configuration, + * and sets driver parameters based on the configuration. + * Flushes old stations, sets the channel, DFS parameters, encryption, + * beacons, and WDS links based on the configuration. + */ +int hostapd_setup_interface_start(struct hostapd_iface *iface, + hostapd_iface_cb cb) +{ + if (iface->setup_cb) { + wpa_printf(MSG_DEBUG, + "%s: Interface setup already in progress.\n", + iface->bss[0]->conf->iface); + return -1; + } + + iface->setup_cb = cb; + + eloop_register_timeout(0, 0, setup_interface_start, iface, NULL); + + return 0; +} + + +/** + * hostapd_setup_interace_stop - Stops the setup of an interface + * @iface: Pointer to interface data + * Returns: 0 if successfully stopped; + * -1 on failure (i.e., was not in progress) + */ +int hostapd_setup_interface_stop(struct hostapd_iface *iface) +{ + return setup_interface_finalize(iface, -1); +} + + +struct driver { + struct driver *next; + char *name; + const struct driver_ops *ops; +}; +static struct driver *drivers = NULL; + +void driver_register(const char *name, const struct driver_ops *ops) +{ + struct driver *d; + + d = malloc(sizeof(struct driver)); + if (d == NULL) { + printf("Failed to register driver %s!\n", name); + return; + } + d->name = strdup(name); + if (d->name == NULL) { + printf("Failed to register driver %s!\n", name); + free(d); + return; + } + d->ops = ops; + + d->next = drivers; + drivers = d; +} + + +void driver_unregister(const char *name) +{ + struct driver *p, **pp; + + for (pp = &drivers; (p = *pp) != NULL; pp = &p->next) { + if (strcasecmp(p->name, name) == 0) { + *pp = p->next; + p->next = NULL; + free(p->name); + free(p); + break; + } + } +} + + +static void driver_unregister_all(void) +{ + struct driver *p, *pp; + p = drivers; + drivers = NULL; + while (p) { + pp = p; + p = p->next; + free(pp->name); + free(pp); + } +} + + +const struct driver_ops * driver_lookup(const char *name) +{ + struct driver *p; + + if (strcmp(name, "default") == 0) { + p = drivers; + while (p && p->next) + p = p->next; + return p->ops; + } + + for (p = drivers; p != NULL; p = p->next) { + if (strcasecmp(p->name, name) == 0) + return p->ops; + } + + return NULL; +} + + +static void show_version(void) +{ + fprintf(stderr, + "hostapd v" VERSION_STR "\n" + "User space daemon for IEEE 802.11 AP management,\n" + "IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator\n" + "Copyright (c) 2002-2007, Jouni Malinen " + "and contributors\n"); +} + + +static void usage(void) +{ + show_version(); + fprintf(stderr, + "\n" + "usage: hostapd [-hdBKtv] [-P ] " + "\n" + "\n" + "options:\n" + " -h show this usage\n" + " -d show more debug messages (-dd for even more)\n" + " -B run daemon in the background\n" + " -P PID file\n" + " -K include key data in debug messages\n" + " -t include timestamps in some debug messages\n" + " -v show hostapd version\n"); + + exit(1); +} + + +/** + * hostapd_alloc_bss_data - Allocate and initialize per-BSS data + * @hapd_iface: Pointer to interface data + * @conf: Pointer to per-interface configuration + * @bss: Pointer to per-BSS configuration for this BSS + * Returns: Pointer to allocated BSS data + * + * This function is used to allocate per-BSS data structure. This data will be + * freed after hostapd_cleanup() is called for it during interface + * deinitialization. + */ +static struct hostapd_data * +hostapd_alloc_bss_data(struct hostapd_iface *hapd_iface, + struct hostapd_config *conf, + struct hostapd_bss_config *bss) +{ + struct hostapd_data *hapd; + + hapd = wpa_zalloc(sizeof(*hapd)); + if (hapd == NULL) + return NULL; + + hapd->iconf = conf; + hapd->conf = bss; + hapd->iface = hapd_iface; + + if (hapd->conf->individual_wep_key_len > 0) { + /* use key0 in individual key and key1 in broadcast key */ + hapd->default_wep_key_idx = 1; + } + +#ifdef EAP_TLS_FUNCS + if (hapd->conf->eap_server && + (hapd->conf->ca_cert || hapd->conf->server_cert)) { + struct tls_connection_params params; + + hapd->ssl_ctx = tls_init(NULL); + if (hapd->ssl_ctx == NULL) { + printf("Failed to initialize TLS\n"); + goto fail; + } + + memset(¶ms, 0, sizeof(params)); + params.ca_cert = hapd->conf->ca_cert; + params.client_cert = hapd->conf->server_cert; + params.private_key = hapd->conf->private_key; + params.private_key_passwd = hapd->conf->private_key_passwd; + + if (tls_global_set_params(hapd->ssl_ctx, ¶ms)) { + printf("Failed to set TLS parameters\n"); + goto fail; + } + + if (tls_global_set_verify(hapd->ssl_ctx, + hapd->conf->check_crl)) { + printf("Failed to enable check_crl\n"); + goto fail; + } + } +#endif /* EAP_TLS_FUNCS */ + +#ifdef EAP_SERVER + if (hapd->conf->eap_sim_db) { + hapd->eap_sim_db_priv = + eap_sim_db_init(hapd->conf->eap_sim_db, + hostapd_sim_db_cb, hapd); + if (hapd->eap_sim_db_priv == NULL) { + printf("Failed to initialize EAP-SIM database " + "interface\n"); + goto fail; + } + } +#endif /* EAP_SERVER */ + + if (hapd->conf->assoc_ap) + hapd->assoc_ap_state = WAIT_BEACON; + + /* FIX: need to fix this const vs. not */ + hapd->driver = (struct driver_ops *) hapd->iconf->driver; + + return hapd; + +#if defined(EAP_TLS_FUNCS) || defined(EAP_SERVER) +fail: +#endif + /* TODO: cleanup allocated resources(?) */ + free(hapd); + return NULL; +} + + +/** + * hostapd_init - Allocate and initialize per-interface data + * @config_file: Path to the configuration file + * Returns: Pointer to the allocated interface data or %NULL on failure + * + * This function is used to allocate main data structures for per-interface + * data. The allocated data buffer will be freed by calling + * hostapd_cleanup_iface(). + */ +static struct hostapd_iface * hostapd_init(const char *config_file) +{ + struct hostapd_iface *hapd_iface = NULL; + struct hostapd_config *conf = NULL; + struct hostapd_data *hapd; + size_t i; + + hapd_iface = wpa_zalloc(sizeof(*hapd_iface)); + if (hapd_iface == NULL) + goto fail; + + hapd_iface->config_fname = strdup(config_file); + if (hapd_iface->config_fname == NULL) + goto fail; + + conf = hostapd_config_read(hapd_iface->config_fname); + if (conf == NULL) + goto fail; + hapd_iface->conf = conf; + + hapd_iface->num_bss = conf->num_bss; + hapd_iface->bss = wpa_zalloc(conf->num_bss * + sizeof(struct hostapd_data *)); + if (hapd_iface->bss == NULL) + goto fail; + + for (i = 0; i < conf->num_bss; i++) { + hapd = hapd_iface->bss[i] = + hostapd_alloc_bss_data(hapd_iface, conf, + &conf->bss[i]); + if (hapd == NULL) + goto fail; + } + + return hapd_iface; + +fail: + if (conf) + hostapd_config_free(conf); + if (hapd_iface) { + for (i = 0; hapd_iface->bss && i < hapd_iface->num_bss; i++) { + hapd = hapd_iface->bss[i]; + if (hapd && hapd->ssl_ctx) + tls_deinit(hapd->ssl_ctx); + } + + free(hapd_iface->config_fname); + free(hapd_iface->bss); + free(hapd_iface); + } + return NULL; +} + + +/** + * register_drivers - Register driver interfaces + * + * This function is generated by Makefile (into driver_conf.c) to call all + * configured driver interfaces to register them to core hostapd. + */ +void register_drivers(void); + + +/** + * setup_interface_done - Callback when an interface is done being setup. + * @iface: Pointer to interface data. + * @status: Status of the interface setup (0 on success; -1 on failure). + */ +static void setup_interface_done(struct hostapd_iface *iface, int status) +{ + if (status) { + wpa_printf(MSG_DEBUG, "%s: Unable to setup interface.", + iface->bss[0]->conf->iface); + eloop_terminate(); + } else + wpa_printf(MSG_DEBUG, "%s: Setup of interface done.", + iface->bss[0]->conf->iface); +} + + +int main(int argc, char *argv[]) +{ + struct hapd_interfaces interfaces; + int ret = 1, k; + size_t i, j; + int c, debug = 0, daemonize = 0; + const char *pid_file = NULL; + + for (;;) { + c = getopt(argc, argv, "BdhKP:tv"); + if (c < 0) + break; + switch (c) { + case 'h': + usage(); + break; + case 'd': + debug++; + if (wpa_debug_level > 0) + wpa_debug_level--; + break; + case 'B': + daemonize++; + break; + case 'K': + wpa_debug_show_keys++; + break; + case 'P': + pid_file = optarg; + break; + case 't': + wpa_debug_timestamp++; + break; + case 'v': + show_version(); + exit(1); + break; + + default: + usage(); + break; + } + } + + if (optind == argc) + usage(); + + register_drivers(); /* NB: generated by Makefile */ + + if (eap_server_register_methods()) { + wpa_printf(MSG_ERROR, "Failed to register EAP methods"); + return -1; + } + + interfaces.count = argc - optind; + + interfaces.iface = malloc(interfaces.count * + sizeof(struct hostapd_iface *)); + if (interfaces.iface == NULL) { + printf("malloc failed\n"); + exit(1); + } + + if (eloop_init(&interfaces)) { + wpa_printf(MSG_ERROR, "Failed to initialize event loop"); + return -1; + } + +#ifndef CONFIG_NATIVE_WINDOWS + eloop_register_signal(SIGHUP, handle_reload, NULL); + eloop_register_signal(SIGUSR1, handle_dump_state, NULL); +#endif /* CONFIG_NATIVE_WINDOWS */ + eloop_register_signal_terminate(handle_term, NULL); + + /* Initialize interfaces */ + for (i = 0; i < interfaces.count; i++) { + printf("Configuration file: %s\n", argv[optind + i]); + interfaces.iface[i] = hostapd_init(argv[optind + i]); + if (!interfaces.iface[i]) + goto out; + for (k = 0; k < debug; k++) { + if (interfaces.iface[i]->bss[0]->conf-> + logger_stdout_level > 0) + interfaces.iface[i]->bss[0]->conf-> + logger_stdout_level--; + interfaces.iface[i]->bss[0]->conf->debug++; + } + + ret = hostapd_setup_interface_start(interfaces.iface[i], + setup_interface_done); + if (ret) + goto out; + } + + if (daemonize && os_daemonize(pid_file)) { + perror("daemon"); + goto out; + } + +#ifndef CONFIG_NATIVE_WINDOWS + openlog("hostapd", 0, LOG_DAEMON); +#endif /* CONFIG_NATIVE_WINDOWS */ + + eloop_run(); + + /* Disconnect associated stations from all interfaces and BSSes */ + for (i = 0; i < interfaces.count; i++) { + for (j = 0; j < interfaces.iface[i]->num_bss; j++) { + struct hostapd_data *hapd = + interfaces.iface[i]->bss[j]; + hostapd_free_stas(hapd); + hostapd_flush_old_stations(hapd); + } + } + + ret = 0; + + out: + /* Deinitialize all interfaces */ + for (i = 0; i < interfaces.count; i++) { + if (!interfaces.iface[i]) + continue; + hostapd_setup_interface_stop(interfaces.iface[i]); + hostapd_cleanup_iface_pre(interfaces.iface[i]); + for (j = 0; j < interfaces.iface[i]->num_bss; j++) { + struct hostapd_data *hapd = + interfaces.iface[i]->bss[j]; + hostapd_cleanup(hapd); + if (j == interfaces.iface[i]->num_bss - 1 && + hapd->driver) + hostapd_driver_deinit(hapd); + } + for (j = 0; j < interfaces.iface[i]->num_bss; j++) + free(interfaces.iface[i]->bss[j]); + hostapd_cleanup_iface(interfaces.iface[i]); + } + free(interfaces.iface); + + eloop_destroy(); + +#ifndef CONFIG_NATIVE_WINDOWS + closelog(); +#endif /* CONFIG_NATIVE_WINDOWS */ + + eap_server_unregister_methods(); + + driver_unregister_all(); + + os_daemonize_terminate(pid_file); + + return ret; +} diff --git a/contrib/hostapd-0.5.8/hostapd.conf b/contrib/hostapd-0.5.8/hostapd.conf new file mode 100644 index 0000000000..986ca26c05 --- /dev/null +++ b/contrib/hostapd-0.5.8/hostapd.conf @@ -0,0 +1,715 @@ +##### hostapd configuration file ############################################## +# Empty lines and lines starting with # are ignored + +# AP netdevice name (without 'ap' postfix, i.e., wlan0 uses wlan0ap for +# management frames); ath0 for madwifi +interface=wlan0 + +# In case of madwifi driver, an additional configuration parameter, bridge, +# must be used to notify hostapd if the interface is included in a bridge. This +# parameter is not used with Host AP driver. +#bridge=br0 + +# Driver interface type (hostap/wired/madwifi/prism54; default: hostap) +# driver=hostap + +# hostapd event logger configuration +# +# Two output method: syslog and stdout (only usable if not forking to +# background). +# +# Module bitfield (ORed bitfield of modules that will be logged; -1 = all +# modules): +# bit 0 (1) = IEEE 802.11 +# bit 1 (2) = IEEE 802.1X +# bit 2 (4) = RADIUS +# bit 3 (8) = WPA +# bit 4 (16) = driver interface +# bit 5 (32) = IAPP +# bit 6 (64) = MLME +# +# Levels (minimum value for logged events): +# 0 = verbose debugging +# 1 = debugging +# 2 = informational messages +# 3 = notification +# 4 = warning +# +logger_syslog=-1 +logger_syslog_level=2 +logger_stdout=-1 +logger_stdout_level=2 + +# Debugging: 0 = no, 1 = minimal, 2 = verbose, 3 = msg dumps, 4 = excessive +debug=0 + +# Dump file for state information (on SIGUSR1) +dump_file=/tmp/hostapd.dump + +# Interface for separate control program. If this is specified, hostapd +# will create this directory and a UNIX domain socket for listening to requests +# from external programs (CLI/GUI, etc.) for status information and +# configuration. The socket file will be named based on the interface name, so +# multiple hostapd processes/interfaces can be run at the same time if more +# than one interface is used. +# /var/run/hostapd is the recommended directory for sockets and by default, +# hostapd_cli will use it when trying to connect with hostapd. +ctrl_interface=/var/run/hostapd + +# Access control for the control interface can be configured by setting the +# directory to allow only members of a group to use sockets. This way, it is +# possible to run hostapd as root (since it needs to change network +# configuration and open raw sockets) and still allow GUI/CLI components to be +# run as non-root users. However, since the control interface can be used to +# change the network configuration, this access needs to be protected in many +# cases. By default, hostapd is configured to use gid 0 (root). If you +# want to allow non-root users to use the contron interface, add a new group +# and change this value to match with that group. Add users that should have +# control interface access to this group. +# +# This variable can be a group name or gid. +#ctrl_interface_group=wheel +ctrl_interface_group=0 + + +##### IEEE 802.11 related configuration ####################################### + +# SSID to be used in IEEE 802.11 management frames +ssid=test + +# Country code (ISO/IEC 3166-1). Used to set regulatory domain. +# Modify as needed to indicate country in which device is operating. +# This can limit available channels and transmit power. +# (default: US) +#country_code=US + +# Enable IEEE 802.11d. This advertises the country_code and the set of allowed +# channels and transmit power levels based on the regulatory limits. The +# country_code setting must be configured with the correct country for +# IEEE 802.11d functions. +# (default: 0 = disabled) +#ieee80211d=1 + +# Enable IEEE 802.11h. This enables the TPC and DFS services when operating +# in a regulatory domain which requires them. Once enabled it will be +# operational only when working in hw_mode a and in countries where it is +# required. The end user should not be allowed to disable this. +# The country_code setting must be configured with the correct country for +# IEEE 802.11h to function. +# When IEEE 802.11h is operational, the channel_policy and configured channel +# settings will be ignored but will behave as though the channel_policy is +# set to "3" (automatic channel selection). When IEEE 802.11h is enabled but +# not operational (for example, if the radio mode is changed from "a" to "b") +# the channel_policy and channel settings take effect again. +# (default: 1 = enabled) +#ieee80211h=1 + +# Operation mode (a = IEEE 802.11a, b = IEEE 802.11b, g = IEEE 802.11g, +# Default: IEEE 802.11b +hw_mode=a + +# Channel number (IEEE 802.11) +# (default: 0, i.e., not set, used with channel_policy=2) +channel=60 + +# Beacon interval in kus (1.024 ms) (default: 100; range 15..65535) +beacon_int=100 + +# DTIM (delivery trafic information message) period (range 1..255): +# number of beacons between DTIMs (1 = every beacon includes DTIM element) +# (default: 2) +dtim_period=2 + +# Maximum number of stations allowed in station table. New stations will be +# rejected after the station table is full. IEEE 802.11 has a limit of 2007 +# different association IDs, so this number should not be larger than that. +# (default: 2007) +max_num_sta=255 + +# RTS/CTS threshold; 2347 = disabled (default); range 0..2347 +# If this field is not included in hostapd.conf, hostapd will not control +# RTS threshold and 'iwconfig wlan# rts ' can be used to set it. +rts_threshold=2347 + +# Fragmentation threshold; 2346 = disabled (default); range 256..2346 +# If this field is not included in hostapd.conf, hostapd will not control +# fragmentation threshold and 'iwconfig wlan# frag ' can be used to set +# it. +fragm_threshold=2346 + +# Rate configuration +# Default is to enable all rates supported by the hardware. This configuration +# item allows this list be filtered so that only the listed rates will be left +# in the list. If the list is empty, all rates are used. This list can have +# entries that are not in the list of rates the hardware supports (such entries +# are ignored). The entries in this list are in 100 kbps, i.e., 11 Mbps = 110. +# If this item is present, at least one rate have to be matching with the rates +# hardware supports. +# default: use the most common supported rate setting for the selected +# hw_mode (i.e., this line can be removed from configuration file in most +# cases) +#supported_rates=10 20 55 110 60 90 120 180 240 360 480 540 + +# Basic rate set configuration +# List of rates (in 100 kbps) that are included in the basic rate set. +# If this item is not included, usually reasonable default set is used. +#basic_rates=10 20 +#basic_rates=10 20 55 110 +#basic_rates=60 120 240 + +# Station MAC address -based authentication +# Please note that this kind of access control requires a driver that uses +# hostapd to take care of management frame processing and as such, this can be +# used with driver=hostap or driver=devicescape, but not with driver=madwifi. +# 0 = accept unless in deny list +# 1 = deny unless in accept list +# 2 = use external RADIUS server (accept/deny lists are searched first) +macaddr_acl=0 + +# Accept/deny lists are read from separate files (containing list of +# MAC addresses, one per line). Use absolute path name to make sure that the +# files can be read on SIGHUP configuration reloads. +#accept_mac_file=/etc/hostapd.accept +#deny_mac_file=/etc/hostapd.deny + +# IEEE 802.11 specifies two authentication algorithms. hostapd can be +# configured to allow both of these or only one. Open system authentication +# should be used with IEEE 802.1X. +# Bit fields of allowed authentication algorithms: +# bit 0 = Open System Authentication +# bit 1 = Shared Key Authentication (requires WEP) +auth_algs=3 + +# Send empty SSID in beacons and ignore probe request frames that do not +# specify full SSID, i.e., require stations to know SSID. +# default: disabled (0) +# 1 = send empty (length=0) SSID in beacon and ignore probe request for +# broadcast SSID +# 2 = clear SSID (ASCII 0), but keep the original length (this may be required +# with some clients that do not support empty SSID) and ignore probe +# requests for broadcast SSID +ignore_broadcast_ssid=0 + +# TX queue parameters (EDCF / bursting) +# default for all these fields: not set, use hardware defaults +# tx_queue__ +# queues: data0, data1, data2, data3, after_beacon, beacon +# (data0 is the highest priority queue) +# parameters: +# aifs: AIFS (default 2) +# cwmin: cwMin (1, 3, 7, 15, 31, 63, 127, 255, 511, 1023) +# cwmax: cwMax (1, 3, 7, 15, 31, 63, 127, 255, 511, 1023); cwMax >= cwMin +# burst: maximum length (in milliseconds with precision of up to 0.1 ms) for +# bursting +# +# Default WMM parameters (IEEE 802.11 draft; 11-03-0504-03-000e): +# These parameters are used by the access point when transmitting frames +# to the clients. +# +# Low priority / AC_BK = background +#tx_queue_data3_aifs=7 +#tx_queue_data3_cwmin=15 +#tx_queue_data3_cwmax=1023 +#tx_queue_data3_burst=0 +# Note: for IEEE 802.11b mode: cWmin=31 cWmax=1023 burst=0 +# +# Normal priority / AC_BE = best effort +#tx_queue_data2_aifs=3 +#tx_queue_data2_cwmin=15 +#tx_queue_data2_cwmax=63 +#tx_queue_data2_burst=0 +# Note: for IEEE 802.11b mode: cWmin=31 cWmax=127 burst=0 +# +# High priority / AC_VI = video +#tx_queue_data1_aifs=1 +#tx_queue_data1_cwmin=7 +#tx_queue_data1_cwmax=15 +#tx_queue_data1_burst=3.0 +# Note: for IEEE 802.11b mode: cWmin=15 cWmax=31 burst=6.0 +# +# Highest priority / AC_VO = voice +#tx_queue_data0_aifs=1 +#tx_queue_data0_cwmin=3 +#tx_queue_data0_cwmax=7 +#tx_queue_data0_burst=1.5 +# Note: for IEEE 802.11b mode: cWmin=7 cWmax=15 burst=3.3 +# +# Special queues; normally not user configurable +# +#tx_queue_after_beacon_aifs=2 +#tx_queue_after_beacon_cwmin=15 +#tx_queue_after_beacon_cwmax=1023 +#tx_queue_after_beacon_burst=0 +# +#tx_queue_beacon_aifs=2 +#tx_queue_beacon_cwmin=3 +#tx_queue_beacon_cwmax=7 +#tx_queue_beacon_burst=1.5 + +# 802.1D Tag to AC mappings +# WMM specifies following mapping of data frames to different ACs. This mapping +# can be configured using Linux QoS/tc and sch_pktpri.o module. +# 802.1D Tag 802.1D Designation Access Category WMM Designation +# 1 BK AC_BK Background +# 2 - AC_BK Background +# 0 BE AC_BE Best Effort +# 3 EE AC_VI Video +# 4 CL AC_VI Video +# 5 VI AC_VI Video +# 6 VO AC_VO Voice +# 7 NC AC_VO Voice +# Data frames with no priority information: AC_BE +# Management frames: AC_VO +# PS-Poll frames: AC_BE + +# Default WMM parameters (IEEE 802.11 draft; 11-03-0504-03-000e): +# for 802.11a or 802.11g networks +# These parameters are sent to WMM clients when they associate. +# The parameters will be used by WMM clients for frames transmitted to the +# access point. +# +# note - txop_limit is in units of 32microseconds +# note - acm is admission control mandatory flag. 0 = admission control not +# required, 1 = mandatory +# note - here cwMin and cmMax are in exponent form. the actual cw value used +# will be (2^n)-1 where n is the value given here +# +wme_enabled=1 +# +# Low priority / AC_BK = background +wme_ac_bk_cwmin=4 +wme_ac_bk_cwmax=10 +wme_ac_bk_aifs=7 +wme_ac_bk_txop_limit=0 +wme_ac_bk_acm=0 +# Note: for IEEE 802.11b mode: cWmin=5 cWmax=10 +# +# Normal priority / AC_BE = best effort +wme_ac_be_aifs=3 +wme_ac_be_cwmin=4 +wme_ac_be_cwmax=10 +wme_ac_be_txop_limit=0 +wme_ac_be_acm=0 +# Note: for IEEE 802.11b mode: cWmin=5 cWmax=7 +# +# High priority / AC_VI = video +wme_ac_vi_aifs=2 +wme_ac_vi_cwmin=3 +wme_ac_vi_cwmax=4 +wme_ac_vi_txop_limit=94 +wme_ac_vi_acm=0 +# Note: for IEEE 802.11b mode: cWmin=4 cWmax=5 txop_limit=188 +# +# Highest priority / AC_VO = voice +wme_ac_vo_aifs=2 +wme_ac_vo_cwmin=2 +wme_ac_vo_cwmax=3 +wme_ac_vo_txop_limit=47 +wme_ac_vo_acm=0 +# Note: for IEEE 802.11b mode: cWmin=3 cWmax=4 burst=102 + +# Associate as a station to another AP while still acting as an AP on the same +# channel. +#assoc_ap_addr=00:12:34:56:78:9a + +# Static WEP key configuration +# +# The key number to use when transmitting. +# It must be between 0 and 3, and the corresponding key must be set. +# default: not set +#wep_default_key=0 +# The WEP keys to use. +# A key may be a quoted string or unquoted hexadecimal digits. +# The key length should be 5, 13, or 16 characters, or 10, 26, or 32 +# digits, depending on whether 40-bit (64-bit), 104-bit (128-bit), or +# 128-bit (152-bit) WEP is used. +# Only the default key must be supplied; the others are optional. +# default: not set +#wep_key0=123456789a +#wep_key1="vwxyz" +#wep_key2=0102030405060708090a0b0c0d +#wep_key3=".2.4.6.8.0.23" + +# Station inactivity limit +# +# If a station does not send anything in ap_max_inactivity seconds, an +# empty data frame is sent to it in order to verify whether it is +# still in range. If this frame is not ACKed, the station will be +# disassociated and then deauthenticated. This feature is used to +# clear station table of old entries when the STAs move out of the +# range. +# +# The station can associate again with the AP if it is still in range; +# this inactivity poll is just used as a nicer way of verifying +# inactivity; i.e., client will not report broken connection because +# disassociation frame is not sent immediately without first polling +# the STA with a data frame. +# default: 300 (i.e., 5 minutes) +#ap_max_inactivity=300 + +# Enable/disable internal bridge for packets between associated stations. +# +# When IEEE 802.11 is used in managed mode, packets are usually send through +# the AP even if they are from a wireless station to another wireless station. +# This functionality requires that the AP has a bridge functionality that sends +# frames back to the same interface if their destination is another associated +# station. In addition, broadcast/multicast frames from wireless stations will +# be sent both to the host system net stack (e.g., to eventually wired network) +# and back to the wireless interface. +# +# The internal bridge is implemented within the wireless kernel module and it +# bypasses kernel filtering (netfilter/iptables/ebtables). If direct +# communication between the stations needs to be prevented, the internal +# bridge can be disabled by setting bridge_packets=0. +# +# Note: If this variable is not included in hostapd.conf, hostapd does not +# change the configuration and iwpriv can be used to set the value with +# 'iwpriv wlan# param 10 0' command. If the variable is in hostapd.conf, +# hostapd will override possible iwpriv configuration whenever configuration +# file is reloaded. +# +# default: do not control from hostapd (80211.o defaults to 1=enabled) +#bridge_packets=1 + + +##### IEEE 802.1X-2004 related configuration ################################## + +# Require IEEE 802.1X authorization +#ieee8021x=1 + +# IEEE 802.1X/EAPOL version +# hostapd is implemented based on IEEE Std 802.1X-2004 which defines EAPOL +# version 2. However, there are many client implementations that do not handle +# the new version number correctly (they seem to drop the frames completely). +# In order to make hostapd interoperate with these clients, the version number +# can be set to the older version (1) with this configuration value. +#eapol_version=2 + +# Optional displayable message sent with EAP Request-Identity. The first \0 +# in this string will be converted to ASCII-0 (nul). This can be used to +# separate network info (comma separated list of attribute=value pairs); see, +# e.g., draft-adrangi-eap-network-discovery-07.txt. +#eap_message=hello +#eap_message=hello\0networkid=netw,nasid=foo,portid=0,NAIRealms=example.com + +# WEP rekeying (disabled if key lengths are not set or are set to 0) +# Key lengths for default/broadcast and individual/unicast keys: +# 5 = 40-bit WEP (also known as 64-bit WEP with 40 secret bits) +# 13 = 104-bit WEP (also known as 128-bit WEP with 104 secret bits) +#wep_key_len_broadcast=5 +#wep_key_len_unicast=5 +# Rekeying period in seconds. 0 = do not rekey (i.e., set keys only once) +#wep_rekey_period=300 + +# EAPOL-Key index workaround (set bit7) for WinXP Supplicant (needed only if +# only broadcast keys are used) +eapol_key_index_workaround=0 + +# EAP reauthentication period in seconds (default: 3600 seconds; 0 = disable +# reauthentication). +#eap_reauth_period=3600 + +# Use PAE group address (01:80:c2:00:00:03) instead of individual target +# address when sending EAPOL frames with driver=wired. This is the most common +# mechanism used in wired authentication, but it also requires that the port +# is only used by one station. +#use_pae_group_addr=1 + +##### Integrated EAP server ################################################### + +# Optionally, hostapd can be configured to use an integrated EAP server +# to process EAP authentication locally without need for an external RADIUS +# server. This functionality can be used both as a local authentication server +# for IEEE 802.1X/EAPOL and as a RADIUS server for other devices. + +# Use integrated EAP server instead of external RADIUS authentication +# server. This is also needed if hostapd is configured to act as a RADIUS +# authentication server. +eap_server=0 + +# Path for EAP server user database +#eap_user_file=/etc/hostapd.eap_user + +# CA certificate (PEM or DER file) for EAP-TLS/PEAP/TTLS +#ca_cert=/etc/hostapd.ca.pem + +# Server certificate (PEM or DER file) for EAP-TLS/PEAP/TTLS +#server_cert=/etc/hostapd.server.pem + +# Private key matching with the server certificate for EAP-TLS/PEAP/TTLS +# This may point to the same file as server_cert if both certificate and key +# are included in a single file. PKCS#12 (PFX) file (.p12/.pfx) can also be +# used by commenting out server_cert and specifying the PFX file as the +# private_key. +#private_key=/etc/hostapd.server.prv + +# Passphrase for private key +#private_key_passwd=secret passphrase + +# Enable CRL verification. +# Note: hostapd does not yet support CRL downloading based on CDP. Thus, a +# valid CRL signed by the CA is required to be included in the ca_cert file. +# This can be done by using PEM format for CA certificate and CRL and +# concatenating these into one file. Whenever CRL changes, hostapd needs to be +# restarted to take the new CRL into use. +# 0 = do not verify CRLs (default) +# 1 = check the CRL of the user certificate +# 2 = check all CRLs in the certificate path +#check_crl=1 + +# Configuration data for EAP-SIM database/authentication gateway interface. +# This is a text string in implementation specific format. The example +# implementation in eap_sim_db.c uses this as the UNIX domain socket name for +# the HLR/AuC gateway (e.g., hlr_auc_gw). In this case, the path uses "unix:" +# prefix. +#eap_sim_db=unix:/tmp/hlr_auc_gw.sock + + +##### IEEE 802.11f - Inter-Access Point Protocol (IAPP) ####################### + +# Interface to be used for IAPP broadcast packets +#iapp_interface=eth0 + + +##### RADIUS client configuration ############################################# +# for IEEE 802.1X with external Authentication Server, IEEE 802.11 +# authentication with external ACL for MAC addresses, and accounting + +# The own IP address of the access point (used as NAS-IP-Address) +own_ip_addr=127.0.0.1 + +# Optional NAS-Identifier string for RADIUS messages. When used, this should be +# a unique to the NAS within the scope of the RADIUS server. For example, a +# fully qualified domain name can be used here. +#nas_identifier=ap.example.com + +# RADIUS authentication server +#auth_server_addr=127.0.0.1 +#auth_server_port=1812 +#auth_server_shared_secret=secret + +# RADIUS accounting server +#acct_server_addr=127.0.0.1 +#acct_server_port=1813 +#acct_server_shared_secret=secret + +# Secondary RADIUS servers; to be used if primary one does not reply to +# RADIUS packets. These are optional and there can be more than one secondary +# server listed. +#auth_server_addr=127.0.0.2 +#auth_server_port=1812 +#auth_server_shared_secret=secret2 +# +#acct_server_addr=127.0.0.2 +#acct_server_port=1813 +#acct_server_shared_secret=secret2 + +# Retry interval for trying to return to the primary RADIUS server (in +# seconds). RADIUS client code will automatically try to use the next server +# when the current server is not replying to requests. If this interval is set, +# primary server will be retried after configured amount of time even if the +# currently used secondary server is still working. +#radius_retry_primary_interval=600 + + +# Interim accounting update interval +# If this is set (larger than 0) and acct_server is configured, hostapd will +# send interim accounting updates every N seconds. Note: if set, this overrides +# possible Acct-Interim-Interval attribute in Access-Accept message. Thus, this +# value should not be configured in hostapd.conf, if RADIUS server is used to +# control the interim interval. +# This value should not be less 600 (10 minutes) and must not be less than +# 60 (1 minute). +#radius_acct_interim_interval=600 + +# Dynamic VLAN mode; allow RADIUS authentication server to decide which VLAN +# is used for the stations. This information is parsed from following RADIUS +# attributes based on RFC 3580 and RFC 2868: Tunnel-Type (value 13 = VLAN), +# Tunnel-Medium-Type (value 6 = IEEE 802), Tunnel-Private-Group-ID (value +# VLANID as a string). vlan_file option below must be configured if dynamic +# VLANs are used. +# 0 = disabled (default) +# 1 = option; use default interface if RADIUS server does not include VLAN ID +# 2 = required; reject authentication if RADIUS server does not include VLAN ID +#dynamic_vlan=0 + +# VLAN interface list for dynamic VLAN mode is read from a separate text file. +# This list is used to map VLAN ID from the RADIUS server to a network +# interface. Each station is bound to one interface in the same way as with +# multiple BSSIDs or SSIDs. Each line in this text file is defining a new +# interface and the line must include VLAN ID and interface name separated by +# white space (space or tab). +#vlan_file=/etc/hostapd.vlan + +# Interface where 802.1q tagged packets should appear when a RADIUS server is +# used to determine which VLAN a station is on. hostapd creates a bridge for +# each VLAN. Then hostapd adds a VLAN interface (associated with the interface +# indicated by 'vlan_tagged_interface') and the appropriate wireless interface +# to the bridge. +#vlan_tagged_interface=eth0 + + +##### RADIUS authentication server configuration ############################## + +# hostapd can be used as a RADIUS authentication server for other hosts. This +# requires that the integrated EAP authenticator is also enabled and both +# authentication services are sharing the same configuration. + +# File name of the RADIUS clients configuration for the RADIUS server. If this +# commented out, RADIUS server is disabled. +#radius_server_clients=/etc/hostapd.radius_clients + +# The UDP port number for the RADIUS authentication server +#radius_server_auth_port=1812 + +# Use IPv6 with RADIUS server (IPv4 will also be supported using IPv6 API) +#radius_server_ipv6=1 + + +##### WPA/IEEE 802.11i configuration ########################################## + +# Enable WPA. Setting this variable configures the AP to require WPA (either +# WPA-PSK or WPA-RADIUS/EAP based on other configuration). For WPA-PSK, either +# wpa_psk or wpa_passphrase must be set and wpa_key_mgmt must include WPA-PSK. +# For WPA-RADIUS/EAP, ieee8021x must be set (but without dynamic WEP keys), +# RADIUS authentication server must be configured, and WPA-EAP must be included +# in wpa_key_mgmt. +# This field is a bit field that can be used to enable WPA (IEEE 802.11i/D3.0) +# and/or WPA2 (full IEEE 802.11i/RSN): +# bit0 = WPA +# bit1 = IEEE 802.11i/RSN (WPA2) (dot11RSNAEnabled) +#wpa=1 + +# WPA pre-shared keys for WPA-PSK. This can be either entered as a 256-bit +# secret in hex format (64 hex digits), wpa_psk, or as an ASCII passphrase +# (8..63 characters) that will be converted to PSK. This conversion uses SSID +# so the PSK changes when ASCII passphrase is used and the SSID is changed. +# wpa_psk (dot11RSNAConfigPSKValue) +# wpa_passphrase (dot11RSNAConfigPSKPassPhrase) +#wpa_psk=0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef +#wpa_passphrase=secret passphrase + +# Optionally, WPA PSKs can be read from a separate text file (containing list +# of (PSK,MAC address) pairs. This allows more than one PSK to be configured. +# Use absolute path name to make sure that the files can be read on SIGHUP +# configuration reloads. +#wpa_psk_file=/etc/hostapd.wpa_psk + +# Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or both). The +# entries are separated with a space. +# (dot11RSNAConfigAuthenticationSuitesTable) +#wpa_key_mgmt=WPA-PSK WPA-EAP + +# Set of accepted cipher suites (encryption algorithms) for pairwise keys +# (unicast packets). This is a space separated list of algorithms: +# CCMP = AES in Counter mode with CBC-MAC [RFC 3610, IEEE 802.11i/D7.0] +# TKIP = Temporal Key Integrity Protocol [IEEE 802.11i/D7.0] +# Group cipher suite (encryption algorithm for broadcast and multicast frames) +# is automatically selected based on this configuration. If only CCMP is +# allowed as the pairwise cipher, group cipher will also be CCMP. Otherwise, +# TKIP will be used as the group cipher. +# (dot11RSNAConfigPairwiseCiphersTable) +#wpa_pairwise=TKIP CCMP + +# Time interval for rekeying GTK (broadcast/multicast encryption keys) in +# seconds. (dot11RSNAConfigGroupRekeyTime) +#wpa_group_rekey=600 + +# Rekey GTK when any STA that possesses the current GTK is leaving the BSS. +# (dot11RSNAConfigGroupRekeyStrict) +#wpa_strict_rekey=1 + +# Time interval for rekeying GMK (master key used internally to generate GTKs +# (in seconds). +#wpa_gmk_rekey=86400 + +# Enable IEEE 802.11i/RSN/WPA2 pre-authentication. This is used to speed up +# roaming be pre-authenticating IEEE 802.1X/EAP part of the full RSN +# authentication and key handshake before actually associating with a new AP. +# (dot11RSNAPreauthenticationEnabled) +#rsn_preauth=1 +# +# Space separated list of interfaces from which pre-authentication frames are +# accepted (e.g., 'eth0' or 'eth0 wlan0wds0'. This list should include all +# interface that are used for connections to other APs. This could include +# wired interfaces and WDS links. The normal wireless data interface towards +# associated stations (e.g., wlan0) should not be added, since +# pre-authentication is only used with APs other than the currently associated +# one. +#rsn_preauth_interfaces=eth0 + +# peerkey: Whether PeerKey negotiation for direct links (IEEE 802.11e) is +# allowed. This is only used with RSN/WPA2. +# 0 = disabled (default) +# 1 = enabled +#peerkey=1 + +# ieee80211w: Whether management frame protection is enabled +# 0 = disabled (default) +# 1 = optional +# 2 = required +#ieee80211w=0 + +##### Passive scanning ######################################################## +# Scan different channels every N seconds. 0 = disable passive scanning. +#passive_scan_interval=60 + +# Listen N usecs on each channel when doing passive scanning. +# This value plus the time needed for changing channels should be less than +# 32 milliseconds (i.e. 32000 usec) to avoid interruptions to normal +# operations. Time needed for channel changing varies based on the used wlan +# hardware. +# default: disabled (0) +#passive_scan_listen=10000 + +# Passive scanning mode: +# 0 = scan all supported modes (802.11a/b/g/Turbo) (default) +# 1 = scan only the mode that is currently used for normal operations +#passive_scan_mode=1 + +# Maximum number of entries kept in AP table (either for passive scanning or +# for detecting Overlapping Legacy BSS Condition). The oldest entry will be +# removed when adding a new entry that would make the list grow over this +# limit. Note! Wi-Fi certification for IEEE 802.11g requires that OLBC is +# enabled, so this field should not be set to 0 when using IEEE 802.11g. +# default: 255 +#ap_table_max_size=255 + +# Number of seconds of no frames received after which entries may be deleted +# from the AP table. Since passive scanning is not usually performed frequently +# this should not be set to very small value. In addition, there is no +# guarantee that every scan cycle will receive beacon frames from the +# neighboring APs. +# default: 60 +#ap_table_expiration_time=3600 + +# Multiple BSSID support +# +# Above configuration is using the default interface (wlan#, or multi-SSID VLAN +# interfaces). Other BSSIDs can be added by using separator 'bss' with +# default interface name to be allocated for the data packets of the new BSS. +# +# hostapd will generate BSSID mask based on the BSSIDs that are +# configured. hostapd will verify that dev_addr & MASK == dev_addr. If this is +# not the case, the MAC address of the radio must be changed before starting +# hostapd (ifconfig wlan0 hw ether ). +# +# BSSIDs are assigned in order to each BSS, unless an explicit BSSID is +# specified using the 'bssid' parameter. +# If an explicit BSSID is specified, it must be chosen such that it: +# - results in a valid MASK that covers it and the dev_addr +# - is not the same as the MAC address of the radio +# - is not the same as any other explicitly specified BSSID +# +# Please note that hostapd uses some of the values configured for the first BSS +# as the defaults for the following BSSes. However, it is recommended that all +# BSSes include explicit configuration of all relevant configuration items. +# +#bss=wlan0_0 +#ssid=test2 +# most of the above items can be used here (apart from radio interface specific +# items, like channel) + +#bss=wlan0_1 +#bssid=00:13:10:95:fe:0b +# ... diff --git a/contrib/hostapd-0.5.8/hostapd.deny b/contrib/hostapd-0.5.8/hostapd.deny new file mode 100644 index 0000000000..1616678f57 --- /dev/null +++ b/contrib/hostapd-0.5.8/hostapd.deny @@ -0,0 +1,5 @@ +# List of MAC addresses that are not allowed to authenticate (IEEE 802.11) +# with the AP. +00:20:30:40:50:60 +00:ab:cd:ef:12:34 +00:00:30:40:50:60 diff --git a/contrib/hostapd-0.5.8/hostapd.eap_user b/contrib/hostapd-0.5.8/hostapd.eap_user new file mode 100644 index 0000000000..b9d7f8b08a --- /dev/null +++ b/contrib/hostapd-0.5.8/hostapd.eap_user @@ -0,0 +1,74 @@ +# hostapd user database for integrated EAP authenticator + +# Each line must contain an identity, EAP method(s), and an optional password +# separated with whitespace (space or tab). The identity and password must be +# double quoted ("user"). Password can alternatively be stored as +# NtPasswordHash (16-byte MD4 hash of the unicode presentation of the password +# in unicode) if it is used for MSCHAP or MSCHAPv2 authentication. This means +# that the plaintext password does not need to be included in the user file. +# Password hash is stored as hash:<16-octets of hex data> without quotation +# marks. + +# [2] flag in the end of the line can be used to mark users for tunneled phase +# 2 authentication (e.g., within EAP-PEAP). In these cases, an anonymous +# identity can be used in the unencrypted phase 1 and the real user identity +# is transmitted only within the encrypted tunnel in phase 2. If non-anonymous +# access is needed, two user entries is needed, one for phase 1 and another +# with the same username for phase 2. +# +# EAP-TLS, EAP-PEAP, EAP-TTLS, EAP-SIM, and EAP-AKA do not use password option. +# EAP-MD5, EAP-MSCHAPV2, EAP-GTC, EAP-PAX, EAP-PSK, and EAP-SAKE require a +# password. +# EAP-PEAP and EAP-TTLS require Phase 2 configuration. +# +# * can be used as a wildcard to match any user identity. The main purposes for +# this are to set anonymous phase 1 identity for EAP-PEAP and EAP-TTLS and to +# avoid having to configure every certificate for EAP-TLS authentication. The +# first matching entry is selected, so * should be used as the last phase 1 +# user entry. +# +# "prefix"* can be used to match the given prefix and anything after this. The +# main purpose for this is to be able to avoid EAP method negotiation when the +# method is using known prefix in identities (e.g., EAP-SIM and EAP-AKA). This +# is only allowed for phase 1 identities. +# +# Multiple methods can be configured to make the authenticator try them one by +# one until the peer accepts one. The method names are separated with a +# comma (,). +# +# [ver=0] and [ver=1] flags after EAP type PEAP can be used to force PEAP +# version based on the Phase 1 identity. Without this flag, the EAP +# authenticator advertises the highest supported version and select the version +# based on the first PEAP packet from the supplicant. + +# Phase 1 users +"user" MD5 "password" +"test user" MD5 "secret" +"example user" TLS +"DOMAIN\user" MSCHAPV2 "password" +"gtc user" GTC "password" +"pax user" PAX "unknown" +"pax.user@example.com" PAX 0123456789abcdef0123456789abcdef +"psk user" PSK "unknown" +"psk.user@example.com" PSK 0123456789abcdef0123456789abcdef +"sake.user@example.com" SAKE 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef +"ttls" TTLS +"not anonymous" PEAP +# Default to EAP-SIM and EAP-AKA based on fixed identity prefixes +"0"* AKA,TTLS,TLS,PEAP,SIM +"1"* SIM,TTLS,TLS,PEAP,AKA +"2"* AKA,TTLS,TLS,PEAP,SIM +"3"* SIM,TTLS,TLS,PEAP,AKA +"4"* AKA,TTLS,TLS,PEAP,SIM +"5"* SIM,TTLS,TLS,PEAP,AKA + +# Wildcard for all other identities +* PEAP,TTLS,TLS,SIM,AKA + +# Phase 2 (tunnelled within EAP-PEAP or EAP-TTLS) users +"t-md5" MD5 "password" [2] +"DOMAIN\t-mschapv2" MSCHAPV2 "password" [2] +"t-gtc" GTC "password" [2] +"not anonymous" MSCHAPV2 "password" [2] +"user" MD5,GTC,MSCHAPV2 "password" [2] +"test user" MSCHAPV2 hash:000102030405060708090a0b0c0d0e0f [2] diff --git a/contrib/hostapd-0.5.8/hostapd.h b/contrib/hostapd-0.5.8/hostapd.h new file mode 100644 index 0000000000..70f802d2a8 --- /dev/null +++ b/contrib/hostapd-0.5.8/hostapd.h @@ -0,0 +1,255 @@ +/* + * hostapd / Initialization and configuration + * Host AP kernel driver + * Copyright (c) 2002-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef HOSTAPD_H +#define HOSTAPD_H + +#include "common.h" +#include "ap.h" + +#ifndef ETH_ALEN +#define ETH_ALEN 6 +#endif +#ifndef IFNAMSIZ +#define IFNAMSIZ 16 +#endif +#ifndef ETH_P_ALL +#define ETH_P_ALL 0x0003 +#endif +#ifndef ETH_P_PAE +#define ETH_P_PAE 0x888E /* Port Access Entity (IEEE 802.1X) */ +#endif /* ETH_P_PAE */ + +#ifndef BIT +#define BIT(x) (1 << (x)) +#endif + +#ifndef MAC2STR +#define MAC2STR(a) (a)[0], (a)[1], (a)[2], (a)[3], (a)[4], (a)[5] +#define MACSTR "%02x:%02x:%02x:%02x:%02x:%02x" +#endif + +#include "config.h" + +#ifdef _MSC_VER +#pragma pack(push, 1) +#endif /* _MSC_VER */ + +#define MAX_VLAN_ID 4094 + +struct ieee8023_hdr { + u8 dest[6]; + u8 src[6]; + u16 ethertype; +} STRUCT_PACKED; + + +struct ieee80211_hdr { + u16 frame_control; + u16 duration_id; + u8 addr1[6]; + u8 addr2[6]; + u8 addr3[6]; + u16 seq_ctrl; + /* followed by 'u8 addr4[6];' if ToDS and FromDS is set in data frame + */ +} STRUCT_PACKED; + +#ifdef _MSC_VER +#pragma pack(pop) +#endif /* _MSC_VER */ + +#define IEEE80211_DA_FROMDS addr1 +#define IEEE80211_BSSID_FROMDS addr2 +#define IEEE80211_SA_FROMDS addr3 + +#define IEEE80211_HDRLEN (sizeof(struct ieee80211_hdr)) + +#define IEEE80211_FC(type, stype) host_to_le16((type << 2) | (stype << 4)) + +/* MTU to be set for the wlan#ap device; this is mainly needed for IEEE 802.1X + * frames that might be longer than normal default MTU and they are not + * fragmented */ +#define HOSTAPD_MTU 2290 + +extern unsigned char rfc1042_header[6]; + +struct hostap_sta_driver_data { + unsigned long rx_packets, tx_packets, rx_bytes, tx_bytes; + unsigned long current_tx_rate; + unsigned long inactive_msec; + unsigned long flags; + unsigned long num_ps_buf_frames; + unsigned long tx_retry_failed; + unsigned long tx_retry_count; + int last_rssi; + int last_ack_rssi; +}; + +struct driver_ops; +struct wpa_ctrl_dst; +struct radius_server_data; + +#ifdef CONFIG_FULL_DYNAMIC_VLAN +struct full_dynamic_vlan; +#endif /* CONFIG_FULL_DYNAMIC_VLAN */ + +/** + * struct hostapd_data - hostapd per-BSS data structure + */ +struct hostapd_data { + struct hostapd_iface *iface; + struct hostapd_config *iconf; + struct hostapd_bss_config *conf; + int interface_added; /* virtual interface added for this BSS */ + + u8 own_addr[ETH_ALEN]; + + int num_sta; /* number of entries in sta_list */ + struct sta_info *sta_list; /* STA info list head */ + struct sta_info *sta_hash[STA_HASH_SIZE]; + + /* pointers to STA info; based on allocated AID or NULL if AID free + * AID is in the range 1-2007, so sta_aid[0] corresponders to AID 1 + * and so on + */ + struct sta_info *sta_aid[MAX_AID_TABLE_SIZE]; + + struct driver_ops *driver; + + u8 *default_wep_key; + u8 default_wep_key_idx; + + struct radius_client_data *radius; + int radius_client_reconfigured; + u32 acct_session_id_hi, acct_session_id_lo; + + struct iapp_data *iapp; + + enum { DO_NOT_ASSOC = 0, WAIT_BEACON, AUTHENTICATE, ASSOCIATE, + ASSOCIATED } assoc_ap_state; + char assoc_ap_ssid[33]; + int assoc_ap_ssid_len; + u16 assoc_ap_aid; + + struct hostapd_cached_radius_acl *acl_cache; + struct hostapd_acl_query_data *acl_queries; + + struct wpa_authenticator *wpa_auth; + + struct rsn_preauth_interface *preauth_iface; + time_t michael_mic_failure; + int michael_mic_failures; + int tkip_countermeasures; + + int ctrl_sock; + struct wpa_ctrl_dst *ctrl_dst; + + void *ssl_ctx; + void *eap_sim_db_priv; + struct radius_server_data *radius_srv; + + int parameter_set_count; + +#ifdef CONFIG_FULL_DYNAMIC_VLAN + struct full_dynamic_vlan *full_dynamic_vlan; +#endif /* CONFIG_FULL_DYNAMIC_VLAN */ +}; + + +/** + * hostapd_iface_cb - Generic callback type for per-iface asynchronous requests + * @iface: the interface the event occured on. + * @status: 0 if the request succeeded; -1 if the request failed. + */ +typedef void (*hostapd_iface_cb)(struct hostapd_iface *iface, int status); + + +struct hostapd_config_change; + +/** + * struct hostapd_iface - hostapd per-interface data structure + */ +struct hostapd_iface { + char *config_fname; + struct hostapd_config *conf; + + hostapd_iface_cb setup_cb; + + size_t num_bss; + struct hostapd_data **bss; + + int num_ap; /* number of entries in ap_list */ + struct ap_info *ap_list; /* AP info list head */ + struct ap_info *ap_hash[STA_HASH_SIZE]; + struct ap_info *ap_iter_list; + + struct hostapd_hw_modes *hw_features; + int num_hw_features; + struct hostapd_hw_modes *current_mode; + /* Rates that are currently used (i.e., filtered copy of + * current_mode->channels */ + int num_rates; + struct hostapd_rate_data *current_rates; + hostapd_iface_cb hw_mode_sel_cb; + + u16 hw_flags; + + /* Number of associated Non-ERP stations (i.e., stations using 802.11b + * in 802.11g BSS) */ + int num_sta_non_erp; + + /* Number of associated stations that do not support Short Slot Time */ + int num_sta_no_short_slot_time; + + /* Number of associated stations that do not support Short Preamble */ + int num_sta_no_short_preamble; + + int olbc; /* Overlapping Legacy BSS Condition */ + + int dfs_enable; + u8 pwr_const; + unsigned int tx_power; + unsigned int sta_max_power; + + unsigned int channel_switch; + + struct hostapd_config_change *change; + hostapd_iface_cb reload_iface_cb; + hostapd_iface_cb config_reload_cb; +}; + +void hostapd_new_assoc_sta(struct hostapd_data *hapd, struct sta_info *sta, + int reassoc); +void hostapd_logger(struct hostapd_data *hapd, const u8 *addr, + unsigned int module, int level, const char *fmt, + ...) PRINTF_FORMAT(5, 6); + + +#ifndef _MSC_VER +#define HOSTAPD_DEBUG(level, args...) \ +do { \ + if (hapd->conf == NULL || hapd->conf->debug >= (level)) \ + printf(args); \ +} while (0) +#endif /* _MSC_VER */ + +#define HOSTAPD_DEBUG_COND(level) (hapd->conf->debug >= (level)) + +const char * hostapd_ip_txt(const struct hostapd_ip_addr *addr, char *buf, + size_t buflen); +int hostapd_ip_diff(struct hostapd_ip_addr *a, struct hostapd_ip_addr *b); + +#endif /* HOSTAPD_H */ diff --git a/contrib/hostapd-0.5.8/hostapd.radius_clients b/contrib/hostapd-0.5.8/hostapd.radius_clients new file mode 100644 index 0000000000..3980427253 --- /dev/null +++ b/contrib/hostapd-0.5.8/hostapd.radius_clients @@ -0,0 +1,4 @@ +# RADIUS client configuration for the RADIUS server +10.1.2.3 secret passphrase +192.168.1.0/24 another very secret passphrase +0.0.0.0/0 radius diff --git a/contrib/hostapd-0.5.8/hostapd.sim_db b/contrib/hostapd-0.5.8/hostapd.sim_db new file mode 100644 index 0000000000..01c593de8d --- /dev/null +++ b/contrib/hostapd-0.5.8/hostapd.sim_db @@ -0,0 +1,9 @@ +# Example GSM authentication triplet file for EAP-SIM authenticator +# IMSI:Kc:SRES:RAND +# IMSI: ASCII string (numbers) +# Kc: hex, 8 octets +# SRES: hex, 4 octets +# RAND: hex, 16 octets +234567898765432:A0A1A2A3A4A5A6A7:D1D2D3D4:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA +234567898765432:B0B1B2B3B4B5B6B7:E1E2E3E4:BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB +234567898765432:C0C1C2C3C4C5C6C7:F1F2F3F4:CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC diff --git a/contrib/hostapd-0.5.8/hostapd.vlan b/contrib/hostapd-0.5.8/hostapd.vlan new file mode 100644 index 0000000000..98254fa84f --- /dev/null +++ b/contrib/hostapd-0.5.8/hostapd.vlan @@ -0,0 +1,9 @@ +# VLAN ID to network interface mapping +1 vlan1 +2 vlan2 +3 vlan3 +100 guest +# Optional wildcard entry matching all VLAN IDs. The first # in the interface +# name will be replaced with the VLAN ID. The network interfaces are created +# (and removed) dynamically based on the use. +* vlan# diff --git a/contrib/hostapd-0.5.8/hostapd.wpa_psk b/contrib/hostapd-0.5.8/hostapd.wpa_psk new file mode 100644 index 0000000000..0a9499acd7 --- /dev/null +++ b/contrib/hostapd-0.5.8/hostapd.wpa_psk @@ -0,0 +1,9 @@ +# List of WPA PSKs. Each line, except for empty lines and lines starting +# with #, must contain a MAC address and PSK separated with a space. +# Special MAC address 00:00:00:00:00:00 can be used to configure PSKs that +# anyone can use. PSK can be configured as an ASCII passphrase of 8..63 +# characters or as a 256-bit hex PSK (64 hex digits). +00:00:00:00:00:00 secret passphrase +00:11:22:33:44:55 another passphrase +00:22:33:44:55:66 0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef +00:00:00:00:00:00 another passphrase for all STAs diff --git a/contrib/hostapd-0.5.8/hostapd_cli.c b/contrib/hostapd-0.5.8/hostapd_cli.c new file mode 100644 index 0000000000..870f221bb5 --- /dev/null +++ b/contrib/hostapd-0.5.8/hostapd_cli.c @@ -0,0 +1,614 @@ +/* + * hostapd - command line interface for hostapd daemon + * Copyright (c) 2004-2007, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" +#include + +#include "wpa_ctrl.h" +#include "version.h" + + +static const char *hostapd_cli_version = +"hostapd_cli v" VERSION_STR "\n" +"Copyright (c) 2004-2007, Jouni Malinen and contributors"; + + +static const char *hostapd_cli_license = +"This program is free software. You can distribute it and/or modify it\n" +"under the terms of the GNU General Public License version 2.\n" +"\n" +"Alternatively, this software may be distributed under the terms of the\n" +"BSD license. See README and COPYING for more details.\n"; + +static const char *hostapd_cli_full_license = +"This program is free software; you can redistribute it and/or modify\n" +"it under the terms of the GNU General Public License version 2 as\n" +"published by the Free Software Foundation.\n" +"\n" +"This program is distributed in the hope that it will be useful,\n" +"but WITHOUT ANY WARRANTY; without even the implied warranty of\n" +"MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n" +"GNU General Public License for more details.\n" +"\n" +"You should have received a copy of the GNU General Public License\n" +"along with this program; if not, write to the Free Software\n" +"Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n" +"\n" +"Alternatively, this software may be distributed under the terms of the\n" +"BSD license.\n" +"\n" +"Redistribution and use in source and binary forms, with or without\n" +"modification, are permitted provided that the following conditions are\n" +"met:\n" +"\n" +"1. Redistributions of source code must retain the above copyright\n" +" notice, this list of conditions and the following disclaimer.\n" +"\n" +"2. Redistributions in binary form must reproduce the above copyright\n" +" notice, this list of conditions and the following disclaimer in the\n" +" documentation and/or other materials provided with the distribution.\n" +"\n" +"3. Neither the name(s) of the above-listed copyright holder(s) nor the\n" +" names of its contributors may be used to endorse or promote products\n" +" derived from this software without specific prior written permission.\n" +"\n" +"THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n" +"\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n" +"LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n" +"A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n" +"OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n" +"SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n" +"LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n" +"DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n" +"THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n" +"(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n" +"OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n" +"\n"; + +static const char *commands_help = +"Commands:\n" +" mib get MIB variables (dot1x, dot11, radius)\n" +" sta get MIB variables for one station\n" +" all_sta get MIB variables for all stations\n" +" new_sta add a new station\n" +" help show this usage help\n" +" interface [ifname] show interfaces/select interface\n" +" level change debug level\n" +" license show full hostapd_cli license\n" +" quit exit hostapd_cli\n"; + +static struct wpa_ctrl *ctrl_conn; +static int hostapd_cli_quit = 0; +static int hostapd_cli_attached = 0; +static const char *ctrl_iface_dir = "/var/run/hostapd"; +static char *ctrl_ifname = NULL; + + +static void usage(void) +{ + fprintf(stderr, "%s\n", hostapd_cli_version); + fprintf(stderr, + "\n" + "usage: hostapd_cli [-p] [-i] [-hv] " + "[command..]\n" + "\n" + "Options:\n" + " -h help (show this usage text)\n" + " -v shown version information\n" + " -p path to find control sockets (default: " + "/var/run/hostapd)\n" + " -i Interface to listen on (default: first " + "interface found in the\n" + " socket path)\n\n" + "%s", + commands_help); +} + + +static struct wpa_ctrl * hostapd_cli_open_connection(const char *ifname) +{ + char *cfile; + int flen; + + if (ifname == NULL) + return NULL; + + flen = strlen(ctrl_iface_dir) + strlen(ifname) + 2; + cfile = malloc(flen); + if (cfile == NULL) + return NULL; + snprintf(cfile, flen, "%s/%s", ctrl_iface_dir, ifname); + + ctrl_conn = wpa_ctrl_open(cfile); + free(cfile); + return ctrl_conn; +} + + +static void hostapd_cli_close_connection(void) +{ + if (ctrl_conn == NULL) + return; + + if (hostapd_cli_attached) { + wpa_ctrl_detach(ctrl_conn); + hostapd_cli_attached = 0; + } + wpa_ctrl_close(ctrl_conn); + ctrl_conn = NULL; +} + + +static void hostapd_cli_msg_cb(char *msg, size_t len) +{ + printf("%s\n", msg); +} + + +static int _wpa_ctrl_command(struct wpa_ctrl *ctrl, char *cmd, int print) +{ + char buf[4096]; + size_t len; + int ret; + + if (ctrl_conn == NULL) { + printf("Not connected to hostapd - command dropped.\n"); + return -1; + } + len = sizeof(buf) - 1; + ret = wpa_ctrl_request(ctrl, cmd, strlen(cmd), buf, &len, + hostapd_cli_msg_cb); + if (ret == -2) { + printf("'%s' command timed out.\n", cmd); + return -2; + } else if (ret < 0) { + printf("'%s' command failed.\n", cmd); + return -1; + } + if (print) { + buf[len] = '\0'; + printf("%s", buf); + } + return 0; +} + + +static inline int wpa_ctrl_command(struct wpa_ctrl *ctrl, char *cmd) +{ + return _wpa_ctrl_command(ctrl, cmd, 1); +} + + +static int hostapd_cli_cmd_ping(struct wpa_ctrl *ctrl, int argc, char *argv[]) +{ + return wpa_ctrl_command(ctrl, "PING"); +} + + +static int hostapd_cli_cmd_mib(struct wpa_ctrl *ctrl, int argc, char *argv[]) +{ + return wpa_ctrl_command(ctrl, "MIB"); +} + + +static int hostapd_cli_cmd_sta(struct wpa_ctrl *ctrl, int argc, char *argv[]) +{ + char buf[64]; + if (argc != 1) { + printf("Invalid 'sta' command - exactly one argument, STA " + "address, is required.\n"); + return -1; + } + snprintf(buf, sizeof(buf), "STA %s", argv[0]); + return wpa_ctrl_command(ctrl, buf); +} + + +static int hostapd_cli_cmd_new_sta(struct wpa_ctrl *ctrl, int argc, + char *argv[]) +{ + char buf[64]; + if (argc != 1) { + printf("Invalid 'new_sta' command - exactly one argument, STA " + "address, is required.\n"); + return -1; + } + snprintf(buf, sizeof(buf), "NEW_STA %s", argv[0]); + return wpa_ctrl_command(ctrl, buf); +} + + +static int wpa_ctrl_command_sta(struct wpa_ctrl *ctrl, char *cmd, + char *addr, size_t addr_len) +{ + char buf[4096], *pos; + size_t len; + int ret; + + if (ctrl_conn == NULL) { + printf("Not connected to hostapd - command dropped.\n"); + return -1; + } + len = sizeof(buf) - 1; + ret = wpa_ctrl_request(ctrl, cmd, strlen(cmd), buf, &len, + hostapd_cli_msg_cb); + if (ret == -2) { + printf("'%s' command timed out.\n", cmd); + return -2; + } else if (ret < 0) { + printf("'%s' command failed.\n", cmd); + return -1; + } + + buf[len] = '\0'; + if (memcmp(buf, "FAIL", 4) == 0) + return -1; + printf("%s", buf); + + pos = buf; + while (*pos != '\0' && *pos != '\n') + pos++; + *pos = '\0'; + snprintf(addr, addr_len, "%s", buf); + return 0; +} + + +static int hostapd_cli_cmd_all_sta(struct wpa_ctrl *ctrl, int argc, + char *argv[]) +{ + char addr[32], cmd[64]; + + if (wpa_ctrl_command_sta(ctrl, "STA-FIRST", addr, sizeof(addr))) + return 0; + do { + snprintf(cmd, sizeof(cmd), "STA-NEXT %s", addr); + } while (wpa_ctrl_command_sta(ctrl, cmd, addr, sizeof(addr)) == 0); + + return -1; +} + + +static int hostapd_cli_cmd_help(struct wpa_ctrl *ctrl, int argc, char *argv[]) +{ + printf("%s", commands_help); + return 0; +} + + +static int hostapd_cli_cmd_license(struct wpa_ctrl *ctrl, int argc, + char *argv[]) +{ + printf("%s\n\n%s\n", hostapd_cli_version, hostapd_cli_full_license); + return 0; +} + + +static int hostapd_cli_cmd_quit(struct wpa_ctrl *ctrl, int argc, char *argv[]) +{ + hostapd_cli_quit = 1; + return 0; +} + + +static int hostapd_cli_cmd_level(struct wpa_ctrl *ctrl, int argc, char *argv[]) +{ + char cmd[256]; + if (argc != 1) { + printf("Invalid LEVEL command: needs one argument (debug " + "level)\n"); + return 0; + } + snprintf(cmd, sizeof(cmd), "LEVEL %s", argv[0]); + return wpa_ctrl_command(ctrl, cmd); +} + + +static void hostapd_cli_list_interfaces(struct wpa_ctrl *ctrl) +{ + struct dirent *dent; + DIR *dir; + + dir = opendir(ctrl_iface_dir); + if (dir == NULL) { + printf("Control interface directory '%s' could not be " + "openned.\n", ctrl_iface_dir); + return; + } + + printf("Available interfaces:\n"); + while ((dent = readdir(dir))) { + if (strcmp(dent->d_name, ".") == 0 || + strcmp(dent->d_name, "..") == 0) + continue; + printf("%s\n", dent->d_name); + } + closedir(dir); +} + + +static int hostapd_cli_cmd_interface(struct wpa_ctrl *ctrl, int argc, + char *argv[]) +{ + if (argc < 1) { + hostapd_cli_list_interfaces(ctrl); + return 0; + } + + hostapd_cli_close_connection(); + free(ctrl_ifname); + ctrl_ifname = strdup(argv[0]); + + if (hostapd_cli_open_connection(ctrl_ifname)) { + printf("Connected to interface '%s.\n", ctrl_ifname); + if (wpa_ctrl_attach(ctrl_conn) == 0) { + hostapd_cli_attached = 1; + } else { + printf("Warning: Failed to attach to " + "hostapd.\n"); + } + } else { + printf("Could not connect to interface '%s' - re-trying\n", + ctrl_ifname); + } + return 0; +} + + +struct hostapd_cli_cmd { + const char *cmd; + int (*handler)(struct wpa_ctrl *ctrl, int argc, char *argv[]); +}; + +static struct hostapd_cli_cmd hostapd_cli_commands[] = { + { "ping", hostapd_cli_cmd_ping }, + { "mib", hostapd_cli_cmd_mib }, + { "sta", hostapd_cli_cmd_sta }, + { "all_sta", hostapd_cli_cmd_all_sta }, + { "new_sta", hostapd_cli_cmd_new_sta }, + { "help", hostapd_cli_cmd_help }, + { "interface", hostapd_cli_cmd_interface }, + { "level", hostapd_cli_cmd_level }, + { "license", hostapd_cli_cmd_license }, + { "quit", hostapd_cli_cmd_quit }, + { NULL, NULL } +}; + + +static void wpa_request(struct wpa_ctrl *ctrl, int argc, char *argv[]) +{ + struct hostapd_cli_cmd *cmd, *match = NULL; + int count; + + count = 0; + cmd = hostapd_cli_commands; + while (cmd->cmd) { + if (strncasecmp(cmd->cmd, argv[0], strlen(argv[0])) == 0) { + match = cmd; + count++; + } + cmd++; + } + + if (count > 1) { + printf("Ambiguous command '%s'; possible commands:", argv[0]); + cmd = hostapd_cli_commands; + while (cmd->cmd) { + if (strncasecmp(cmd->cmd, argv[0], strlen(argv[0])) == + 0) { + printf(" %s", cmd->cmd); + } + cmd++; + } + printf("\n"); + } else if (count == 0) { + printf("Unknown command '%s'\n", argv[0]); + } else { + match->handler(ctrl, argc - 1, &argv[1]); + } +} + + +static void hostapd_cli_recv_pending(struct wpa_ctrl *ctrl, int in_read) +{ + int first = 1; + if (ctrl_conn == NULL) + return; + while (wpa_ctrl_pending(ctrl)) { + char buf[256]; + size_t len = sizeof(buf) - 1; + if (wpa_ctrl_recv(ctrl, buf, &len) == 0) { + buf[len] = '\0'; + if (in_read && first) + printf("\n"); + first = 0; + printf("%s\n", buf); + } else { + printf("Could not read pending message.\n"); + break; + } + } +} + + +static void hostapd_cli_interactive(void) +{ + const int max_args = 10; + char cmd[256], *res, *argv[max_args], *pos; + int argc; + + printf("\nInteractive mode\n\n"); + + do { + hostapd_cli_recv_pending(ctrl_conn, 0); + printf("> "); + alarm(1); + res = fgets(cmd, sizeof(cmd), stdin); + alarm(0); + if (res == NULL) + break; + pos = cmd; + while (*pos != '\0') { + if (*pos == '\n') { + *pos = '\0'; + break; + } + pos++; + } + argc = 0; + pos = cmd; + for (;;) { + while (*pos == ' ') + pos++; + if (*pos == '\0') + break; + argv[argc] = pos; + argc++; + if (argc == max_args) + break; + while (*pos != '\0' && *pos != ' ') + pos++; + if (*pos == ' ') + *pos++ = '\0'; + } + if (argc) + wpa_request(ctrl_conn, argc, argv); + } while (!hostapd_cli_quit); +} + + +static void hostapd_cli_terminate(int sig) +{ + hostapd_cli_close_connection(); + exit(0); +} + + +static void hostapd_cli_alarm(int sig) +{ + if (ctrl_conn && _wpa_ctrl_command(ctrl_conn, "PING", 0)) { + printf("Connection to hostapd lost - trying to reconnect\n"); + hostapd_cli_close_connection(); + } + if (!ctrl_conn) { + ctrl_conn = hostapd_cli_open_connection(ctrl_ifname); + if (ctrl_conn) { + printf("Connection to hostapd re-established\n"); + if (wpa_ctrl_attach(ctrl_conn) == 0) { + hostapd_cli_attached = 1; + } else { + printf("Warning: Failed to attach to " + "hostapd.\n"); + } + } + } + if (ctrl_conn) + hostapd_cli_recv_pending(ctrl_conn, 1); + alarm(1); +} + + +int main(int argc, char *argv[]) +{ + int interactive; + int warning_displayed = 0; + int c; + + for (;;) { + c = getopt(argc, argv, "hi:p:v"); + if (c < 0) + break; + switch (c) { + case 'h': + usage(); + return 0; + case 'v': + printf("%s\n", hostapd_cli_version); + return 0; + case 'i': + free(ctrl_ifname); + ctrl_ifname = strdup(optarg); + break; + case 'p': + ctrl_iface_dir = optarg; + break; + default: + usage(); + return -1; + } + } + + interactive = argc == optind; + + if (interactive) { + printf("%s\n\n%s\n\n", hostapd_cli_version, + hostapd_cli_license); + } + + for (;;) { + if (ctrl_ifname == NULL) { + struct dirent *dent; + DIR *dir = opendir(ctrl_iface_dir); + if (dir) { + while ((dent = readdir(dir))) { + if (strcmp(dent->d_name, ".") == 0 || + strcmp(dent->d_name, "..") == 0) + continue; + printf("Selected interface '%s'\n", + dent->d_name); + ctrl_ifname = strdup(dent->d_name); + break; + } + closedir(dir); + } + } + ctrl_conn = hostapd_cli_open_connection(ctrl_ifname); + if (ctrl_conn) { + if (warning_displayed) + printf("Connection established.\n"); + break; + } + + if (!interactive) { + perror("Failed to connect to hostapd - " + "wpa_ctrl_open"); + return -1; + } + + if (!warning_displayed) { + printf("Could not connect to hostapd - re-trying\n"); + warning_displayed = 1; + } + sleep(1); + continue; + } + + signal(SIGINT, hostapd_cli_terminate); + signal(SIGTERM, hostapd_cli_terminate); + signal(SIGALRM, hostapd_cli_alarm); + + if (interactive) { + if (wpa_ctrl_attach(ctrl_conn) == 0) { + hostapd_cli_attached = 1; + } else { + printf("Warning: Failed to attach to hostapd.\n"); + } + hostapd_cli_interactive(); + } else + wpa_request(ctrl_conn, argc - optind, &argv[optind]); + + free(ctrl_ifname); + hostapd_cli_close_connection(); + return 0; +} diff --git a/contrib/hostapd-0.5.8/hw_features.c b/contrib/hostapd-0.5.8/hw_features.c new file mode 100644 index 0000000000..484959f63c --- /dev/null +++ b/contrib/hostapd-0.5.8/hw_features.c @@ -0,0 +1,429 @@ +/* + * hostapd / Hardware feature query and different modes + * Copyright 2002-2003, Instant802 Networks, Inc. + * Copyright 2005-2006, Devicescape Software, Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "hostapd.h" +#include "hw_features.h" +#include "driver.h" +#include "config.h" +#include "ieee802_11.h" +#include "eloop.h" + + +void hostapd_free_hw_features(struct hostapd_hw_modes *hw_features, + size_t num_hw_features) +{ + size_t i; + + if (hw_features == NULL) + return; + + for (i = 0; i < num_hw_features; i++) { + free(hw_features[i].channels); + free(hw_features[i].rates); + } + + free(hw_features); +} + + +int hostapd_get_hw_features(struct hostapd_iface *iface) +{ + struct hostapd_data *hapd = iface->bss[0]; + int ret = 0, i, j; + u16 num_modes, flags; + struct hostapd_hw_modes *modes; + + modes = hostapd_get_hw_feature_data(hapd, &num_modes, &flags); + if (modes == NULL) { + hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_DEBUG, + "Fetching hardware channel/rate support not " + "supported."); + return -1; + } + + iface->hw_flags = flags; + + hostapd_free_hw_features(iface->hw_features, iface->num_hw_features); + iface->hw_features = modes; + iface->num_hw_features = num_modes; + + for (i = 0; i < num_modes; i++) { + struct hostapd_hw_modes *feature = &modes[i]; + /* set flag for channels we can use in current regulatory + * domain */ + for (j = 0; j < feature->num_channels; j++) { + /* TODO: add regulatory domain lookup */ + unsigned char power_level = 0; + unsigned char antenna_max = 0; + + if ((feature->mode == HOSTAPD_MODE_IEEE80211G || + feature->mode == HOSTAPD_MODE_IEEE80211B) && + feature->channels[j].chan >= 1 && + feature->channels[j].chan <= 11) { + power_level = 20; + feature->channels[j].flag |= + HOSTAPD_CHAN_W_SCAN; + } else + feature->channels[j].flag &= + ~HOSTAPD_CHAN_W_SCAN; + + hostapd_set_channel_flag(hapd, feature->mode, + feature->channels[j].chan, + feature->channels[j].flag, + power_level, + antenna_max); + } + } + + return ret; +} + + +static int hostapd_prepare_rates(struct hostapd_data *hapd, + struct hostapd_hw_modes *mode) +{ + int i, num_basic_rates = 0; + int basic_rates_a[] = { 60, 120, 240, -1 }; + int basic_rates_b[] = { 10, 20, -1 }; + int basic_rates_g[] = { 10, 20, 55, 110, -1 }; + int *basic_rates; + + if (hapd->iconf->basic_rates) + basic_rates = hapd->iconf->basic_rates; + else switch (mode->mode) { + case HOSTAPD_MODE_IEEE80211A: + basic_rates = basic_rates_a; + break; + case HOSTAPD_MODE_IEEE80211B: + basic_rates = basic_rates_b; + break; + case HOSTAPD_MODE_IEEE80211G: + basic_rates = basic_rates_g; + break; + default: + return -1; + } + + if (hostapd_set_rate_sets(hapd, hapd->iconf->supported_rates, + basic_rates, mode->mode)) { + printf("Failed to update rate sets in kernel module\n"); + } + + free(hapd->iface->current_rates); + hapd->iface->num_rates = 0; + + hapd->iface->current_rates = + malloc(mode->num_rates * sizeof(struct hostapd_rate_data)); + if (!hapd->iface->current_rates) { + printf("Failed to allocate memory for rate table.\n"); + return -1; + } + + for (i = 0; i < mode->num_rates; i++) { + struct hostapd_rate_data *rate; + + if (hapd->iconf->supported_rates && + !hostapd_rate_found(hapd->iconf->supported_rates, + mode->rates[i].rate)) + continue; + + rate = &hapd->iface->current_rates[hapd->iface->num_rates]; + memcpy(rate, &mode->rates[i], + sizeof(struct hostapd_rate_data)); + if (hostapd_rate_found(basic_rates, rate->rate)) { + rate->flags |= HOSTAPD_RATE_BASIC; + num_basic_rates++; + } else + rate->flags &= ~HOSTAPD_RATE_BASIC; + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "RATE[%d] rate=%d flags=0x%x\n", + hapd->iface->num_rates, rate->rate, rate->flags); + hapd->iface->num_rates++; + } + + if (hapd->iface->num_rates == 0 || num_basic_rates == 0) { + printf("No rates remaining in supported/basic rate sets " + "(%d,%d).\n", hapd->iface->num_rates, num_basic_rates); + return -1; + } + + return 0; +} + + +static void select_hw_mode_start(void *eloop_data, void *user_ctx); +static void select_hw_mode2_handler(void *eloop_data, void *user_ctx); + +/** + * select_hw_mode_finalize - Finish select HW mode & call the callback + * @iface: Pointer to interface data. + * @status: Status of the select HW mode (0 on success; -1 on failure). + * Returns: 0 on success; -1 on failure (e.g., was not in progress). + */ +static int select_hw_mode_finalize(struct hostapd_iface *iface, int status) +{ + hostapd_iface_cb cb; + + if (!iface->hw_mode_sel_cb) + return -1; + + eloop_cancel_timeout(select_hw_mode_start, iface, NULL); + eloop_cancel_timeout(select_hw_mode2_handler, iface, NULL); + + cb = iface->hw_mode_sel_cb; + + iface->hw_mode_sel_cb = NULL; + + cb(iface, status); + + return 0; +} + + +/** + * select_hw_mode2 - Select the hardware mode (part 2) + * @iface: Pointer to interface data. + * @status: Status of auto chanel selection. + * + * Setup the rates and passive scanning based on the configuration. + */ +static void select_hw_mode2(struct hostapd_iface *iface, int status) +{ + int ret = status; + if (ret) + goto fail; + + if (iface->current_mode == NULL) { + hostapd_logger(iface->bss[0], NULL, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_WARNING, + "Hardware does not support configured channel"); + ret = -1; + goto fail; + } + + if (hostapd_prepare_rates(iface->bss[0], iface->current_mode)) { + printf("Failed to prepare rates table.\n"); + hostapd_logger(iface->bss[0], NULL, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_WARNING, + "Failed to prepare rates table."); + ret = -1; + goto fail; + } + + ret = hostapd_passive_scan(iface->bss[0], 0, + iface->conf->passive_scan_mode, + iface->conf->passive_scan_interval, + iface->conf->passive_scan_listen, + NULL, NULL); + if (ret) { + printf("Could not set passive scanning: %s\n", strerror(ret)); + ret = 0; + } + +fail: + select_hw_mode_finalize(iface, ret); +} + + +/** + * select_hw_mode2_handler - Calls select_hw_mode2 when auto chan isn't used + * @eloop_data: Stores the struct hostapd_iface * for the interface. + * @user_ctx: Unused. + */ +static void select_hw_mode2_handler(void *eloop_data, void *user_ctx) +{ + struct hostapd_iface *iface = eloop_data; + + select_hw_mode2(iface, 0); +} + + +/** + * select_hw_mode1 - Select the hardware mode (part 1) + * @iface: Pointer to interface data. + * Returns: 0 on success; -1 on failure. + * + * Setup the hardware mode and channel based on the configuration. + * Schedules select_hw_mode2() to be called immediately or after automatic + * channel selection takes place. + */ +static int select_hw_mode1(struct hostapd_iface *iface) +{ + int i, j, ok; + + if (iface->num_hw_features < 1) + return -1; + + iface->current_mode = NULL; + for (i = 0; i < iface->num_hw_features; i++) { + struct hostapd_hw_modes *mode = &iface->hw_features[i]; + if (mode->mode == (int) iface->conf->hw_mode) { + iface->current_mode = mode; + break; + } + } + + if (iface->current_mode == NULL) { + printf("Hardware does not support configured mode\n"); + hostapd_logger(iface->bss[0], NULL, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_WARNING, + "Hardware does not support configured mode " + "(%d)", (int) iface->conf->hw_mode); + return -1; + } + + ok = 0; + for (j = 0; j < iface->current_mode->num_channels; j++) { + struct hostapd_channel_data *chan = + &iface->current_mode->channels[j]; + if ((chan->flag & HOSTAPD_CHAN_W_SCAN) && + (chan->chan == iface->conf->channel)) { + ok = 1; + break; + } + } + if (ok == 0 && iface->conf->channel != 0) { + hostapd_logger(iface->bss[0], NULL, + HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_WARNING, + "Configured channel (%d) not found from the " + "channel list of current mode (%d) %s", + iface->conf->channel, + iface->current_mode->mode, + hostapd_hw_mode_txt(iface->current_mode->mode)); + iface->current_mode = NULL; + } + + /* + * Calls select_hw_mode2() via a handler, so that the function is + * always executed from eloop. + */ + eloop_register_timeout(0, 0, select_hw_mode2_handler, iface, NULL); + return 0; +} + + +/** + * select_hw_mode_start - Handler to start select HW mode + * @eloop_data: Stores the struct hostapd_iface * for the interface. + * @user_ctx: Unused. + * + * An eloop handler is used so that all errors can be processed by the + * callback without introducing stack recursion. + */ +static void select_hw_mode_start(void *eloop_data, void *user_ctx) +{ + struct hostapd_iface *iface = (struct hostapd_iface *)eloop_data; + + int ret; + + ret = select_hw_mode1(iface); + if (ret) + select_hw_mode_finalize(iface, ret); +} + + +/** + * hostapd_select_hw_mode_start - Start selection of the hardware mode + * @iface: Pointer to interface data. + * @cb: The function to callback when done. + * Returns: 0 if it starts successfully; cb will be called when done. + * -1 on failure; cb will not be called. + * + * Sets up the hardware mode, channel, rates, and passive scanning + * based on the configuration. + */ +int hostapd_select_hw_mode_start(struct hostapd_iface *iface, + hostapd_iface_cb cb) +{ + if (iface->hw_mode_sel_cb) { + wpa_printf(MSG_DEBUG, + "%s: Hardware mode select already in progress.", + iface->bss[0]->conf->iface); + return -1; + } + + iface->hw_mode_sel_cb = cb; + + eloop_register_timeout(0, 0, select_hw_mode_start, iface, NULL); + + return 0; +} + + +/** + * hostapd_auto_chan_select_stop - Stops automatic channel selection + * @iface: Pointer to interface data. + * Returns: 0 if successfully stopped; + * -1 on failure (i.e., was not in progress) + */ +int hostapd_select_hw_mode_stop(struct hostapd_iface *iface) +{ + return select_hw_mode_finalize(iface, -1); +} + + +const char * hostapd_hw_mode_txt(int mode) +{ + switch (mode) { + case HOSTAPD_MODE_IEEE80211A: + return "IEEE 802.11a"; + case HOSTAPD_MODE_IEEE80211B: + return "IEEE 802.11b"; + case HOSTAPD_MODE_IEEE80211G: + return "IEEE 802.11g"; + default: + return "UNKNOWN"; + } +} + + +int hostapd_hw_get_freq(struct hostapd_data *hapd, int chan) +{ + int i; + + if (!hapd->iface->current_mode) + return 0; + + for (i = 0; i < hapd->iface->current_mode->num_channels; i++) { + struct hostapd_channel_data *ch = + &hapd->iface->current_mode->channels[i]; + if (ch->chan == chan) + return ch->freq; + } + + return 0; +} + + +int hostapd_hw_get_channel(struct hostapd_data *hapd, int freq) +{ + int i; + + if (!hapd->iface->current_mode) + return 0; + + for (i = 0; i < hapd->iface->current_mode->num_channels; i++) { + struct hostapd_channel_data *ch = + &hapd->iface->current_mode->channels[i]; + if (ch->freq == freq) + return ch->chan; + } + + return 0; +} diff --git a/contrib/hostapd-0.5.8/hw_features.h b/contrib/hostapd-0.5.8/hw_features.h new file mode 100644 index 0000000000..7e5d443432 --- /dev/null +++ b/contrib/hostapd-0.5.8/hw_features.h @@ -0,0 +1,61 @@ +/* + * hostapd / Hardware feature query and different modes + * Copyright 2002-2003, Instant802 Networks, Inc. + * Copyright 2005-2006, Devicescape Software, Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef HW_FEATURES_H +#define HW_FEATURES_H + +#define HOSTAPD_CHAN_W_SCAN 0x00000001 +#define HOSTAPD_CHAN_W_ACTIVE_SCAN 0x00000002 +#define HOSTAPD_CHAN_W_IBSS 0x00000004 + +struct hostapd_channel_data { + short chan; /* channel number (IEEE 802.11) */ + short freq; /* frequency in MHz */ + int flag; /* flag for hostapd use (HOSTAPD_CHAN_*) */ +}; + +#define HOSTAPD_RATE_ERP 0x00000001 +#define HOSTAPD_RATE_BASIC 0x00000002 +#define HOSTAPD_RATE_PREAMBLE2 0x00000004 +#define HOSTAPD_RATE_SUPPORTED 0x00000010 +#define HOSTAPD_RATE_OFDM 0x00000020 +#define HOSTAPD_RATE_CCK 0x00000040 +#define HOSTAPD_RATE_MANDATORY 0x00000100 + +struct hostapd_rate_data { + int rate; /* rate in 100 kbps */ + int flags; /* HOSTAPD_RATE_ flags */ +}; + +struct hostapd_hw_modes { + int mode; + int num_channels; + struct hostapd_channel_data *channels; + int num_rates; + struct hostapd_rate_data *rates; +}; + + +void hostapd_free_hw_features(struct hostapd_hw_modes *hw_features, + size_t num_hw_features); +int hostapd_get_hw_features(struct hostapd_iface *iface); +int hostapd_select_hw_mode_start(struct hostapd_iface *iface, + hostapd_iface_cb cb); +int hostapd_select_hw_mode_stop(struct hostapd_iface *iface); +const char * hostapd_hw_mode_txt(int mode); +int hostapd_hw_get_freq(struct hostapd_data *hapd, int chan); +int hostapd_hw_get_channel(struct hostapd_data *hapd, int freq); + +#endif /* HW_FEATURES_H */ diff --git a/contrib/hostapd-0.5.8/iapp.c b/contrib/hostapd-0.5.8/iapp.c new file mode 100644 index 0000000000..5e027fb06b --- /dev/null +++ b/contrib/hostapd-0.5.8/iapp.c @@ -0,0 +1,544 @@ +/* + * hostapd / IEEE 802.11F-2003 Inter-Access Point Protocol (IAPP) + * Copyright (c) 2002-2007, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + * + * Note: IEEE 802.11F-2003 was a experimental use specification. It has expired + * and IEEE has withdrawn it. In other words, it is likely better to look at + * using some other mechanism for AP-to-AP communication than extenting the + * implementation here. + */ + +/* TODO: + * Level 1: no administrative or security support + * (e.g., static BSSID to IP address mapping in each AP) + * Level 2: support for dynamic mapping of BSSID to IP address + * Level 3: support for encryption and authentication of IAPP messages + * - add support for MOVE-notify and MOVE-response (this requires support for + * finding out IP address for previous AP using RADIUS) + * - add support for Send- and ACK-Security-Block to speedup IEEE 802.1X during + * reassociation to another AP + * - implement counters etc. for IAPP MIB + * - verify endianness of fields in IAPP messages; are they big-endian as + * used here? + * - RADIUS connection for AP registration and BSSID to IP address mapping + * - TCP connection for IAPP MOVE, CACHE + * - broadcast ESP for IAPP ADD-notify + * - ESP for IAPP MOVE messages + * - security block sending/processing + * - IEEE 802.11 context transfer + */ + +#include "includes.h" +#include +#include +#ifdef USE_KERNEL_HEADERS +#include +#else /* USE_KERNEL_HEADERS */ +#include +#endif /* USE_KERNEL_HEADERS */ + +#include "hostapd.h" +#include "ieee802_11.h" +#include "iapp.h" +#include "eloop.h" +#include "sta_info.h" + + +#define IAPP_MULTICAST "224.0.1.178" +#define IAPP_UDP_PORT 3517 +#define IAPP_TCP_PORT 3517 + +struct iapp_hdr { + u8 version; + u8 command; + u16 identifier; + u16 length; + /* followed by length-6 octets of data */ +} __attribute__ ((packed)); + +#define IAPP_VERSION 0 + +enum IAPP_COMMAND { + IAPP_CMD_ADD_notify = 0, + IAPP_CMD_MOVE_notify = 1, + IAPP_CMD_MOVE_response = 2, + IAPP_CMD_Send_Security_Block = 3, + IAPP_CMD_ACK_Security_Block = 4, + IAPP_CMD_CACHE_notify = 5, + IAPP_CMD_CACHE_response = 6, +}; + + +/* ADD-notify - multicast UDP on the local LAN */ +struct iapp_add_notify { + u8 addr_len; /* ETH_ALEN */ + u8 reserved; + u8 mac_addr[ETH_ALEN]; + u16 seq_num; +} __attribute__ ((packed)); + + +/* Layer 2 Update frame (802.2 Type 1 LLC XID Update response) */ +struct iapp_layer2_update { + u8 da[ETH_ALEN]; /* broadcast */ + u8 sa[ETH_ALEN]; /* STA addr */ + u16 len; /* 6 */ + u8 dsap; /* null DSAP address */ + u8 ssap; /* null SSAP address, CR=Response */ + u8 control; + u8 xid_info[3]; +} __attribute__ ((packed)); + + +/* MOVE-notify - unicast TCP */ +struct iapp_move_notify { + u8 addr_len; /* ETH_ALEN */ + u8 reserved; + u8 mac_addr[ETH_ALEN]; + u16 seq_num; + u16 ctx_block_len; + /* followed by ctx_block_len bytes */ +} __attribute__ ((packed)); + + +/* MOVE-response - unicast TCP */ +struct iapp_move_response { + u8 addr_len; /* ETH_ALEN */ + u8 status; + u8 mac_addr[ETH_ALEN]; + u16 seq_num; + u16 ctx_block_len; + /* followed by ctx_block_len bytes */ +} __attribute__ ((packed)); + +enum { + IAPP_MOVE_SUCCESSFUL = 0, + IAPP_MOVE_DENIED = 1, + IAPP_MOVE_STALE_MOVE = 2, +}; + + +/* CACHE-notify */ +struct iapp_cache_notify { + u8 addr_len; /* ETH_ALEN */ + u8 reserved; + u8 mac_addr[ETH_ALEN]; + u16 seq_num; + u8 current_ap[ETH_ALEN]; + u16 ctx_block_len; + /* ctx_block_len bytes of context block followed by 16-bit context + * timeout */ +} __attribute__ ((packed)); + + +/* CACHE-response - unicast TCP */ +struct iapp_cache_response { + u8 addr_len; /* ETH_ALEN */ + u8 status; + u8 mac_addr[ETH_ALEN]; + u16 seq_num; +} __attribute__ ((packed)); + +enum { + IAPP_CACHE_SUCCESSFUL = 0, + IAPP_CACHE_STALE_CACHE = 1, +}; + + +/* Send-Security-Block - unicast TCP */ +struct iapp_send_security_block { + u8 iv[8]; + u16 sec_block_len; + /* followed by sec_block_len bytes of security block */ +} __attribute__ ((packed)); + + +/* ACK-Security-Block - unicast TCP */ +struct iapp_ack_security_block { + u8 iv[8]; + u8 new_ap_ack_authenticator[48]; +} __attribute__ ((packed)); + + +struct iapp_data { + struct hostapd_data *hapd; + u16 identifier; /* next IAPP identifier */ + struct in_addr own, multicast; + int udp_sock; + int packet_sock; +}; + + +static void iapp_send_add(struct iapp_data *iapp, u8 *mac_addr, u16 seq_num) +{ + char buf[128]; + struct iapp_hdr *hdr; + struct iapp_add_notify *add; + struct sockaddr_in addr; + + /* Send IAPP ADD-notify to remove possible association from other APs + */ + + hdr = (struct iapp_hdr *) buf; + hdr->version = IAPP_VERSION; + hdr->command = IAPP_CMD_ADD_notify; + hdr->identifier = host_to_be16(iapp->identifier++); + hdr->length = host_to_be16(sizeof(*hdr) + sizeof(*add)); + + add = (struct iapp_add_notify *) (hdr + 1); + add->addr_len = ETH_ALEN; + add->reserved = 0; + memcpy(add->mac_addr, mac_addr, ETH_ALEN); + + add->seq_num = host_to_be16(seq_num); + + memset(&addr, 0, sizeof(addr)); + addr.sin_family = AF_INET; + addr.sin_addr.s_addr = iapp->multicast.s_addr; + addr.sin_port = htons(IAPP_UDP_PORT); + if (sendto(iapp->udp_sock, buf, (char *) (add + 1) - buf, 0, + (struct sockaddr *) &addr, sizeof(addr)) < 0) + perror("sendto[IAPP-ADD]"); +} + + +static void iapp_send_layer2_update(struct iapp_data *iapp, u8 *addr) +{ + struct iapp_layer2_update msg; + + /* Send Level 2 Update Frame to update forwarding tables in layer 2 + * bridge devices */ + + /* 802.2 Type 1 Logical Link Control (LLC) Exchange Identifier (XID) + * Update response frame; IEEE Std 802.2-1998, 5.4.1.2.1 */ + + memset(msg.da, 0xff, ETH_ALEN); + memcpy(msg.sa, addr, ETH_ALEN); + msg.len = host_to_be16(6); + msg.dsap = 0; /* NULL DSAP address */ + msg.ssap = 0x01; /* NULL SSAP address, CR Bit: Response */ + msg.control = 0xaf; /* XID response lsb.1111F101. + * F=0 (no poll command; unsolicited frame) */ + msg.xid_info[0] = 0x81; /* XID format identifier */ + msg.xid_info[1] = 1; /* LLC types/classes: Type 1 LLC */ + msg.xid_info[2] = 1 << 1; /* XID sender's receive window size (RW) + * FIX: what is correct RW with 802.11? */ + + if (send(iapp->packet_sock, &msg, sizeof(msg), 0) < 0) + perror("send[L2 Update]"); +} + + +void iapp_new_station(struct iapp_data *iapp, struct sta_info *sta) +{ + struct ieee80211_mgmt *assoc; + u16 seq; + + if (iapp == NULL) + return; + + assoc = sta->last_assoc_req; + seq = assoc ? WLAN_GET_SEQ_SEQ(le_to_host16(assoc->seq_ctrl)) : 0; + + /* IAPP-ADD.request(MAC Address, Sequence Number, Timeout) */ + hostapd_logger(iapp->hapd, sta->addr, HOSTAPD_MODULE_IAPP, + HOSTAPD_LEVEL_DEBUG, "IAPP-ADD.request(seq=%d)", seq); + iapp_send_layer2_update(iapp, sta->addr); + iapp_send_add(iapp, sta->addr, seq); + + if (assoc && WLAN_FC_GET_STYPE(le_to_host16(assoc->frame_control)) == + WLAN_FC_STYPE_REASSOC_REQ) { + /* IAPP-MOVE.request(MAC Address, Sequence Number, Old AP, + * Context Block, Timeout) + */ + /* TODO: Send IAPP-MOVE to the old AP; Map Old AP BSSID to + * IP address */ + } +} + + +static void iapp_process_add_notify(struct iapp_data *iapp, + struct sockaddr_in *from, + struct iapp_hdr *hdr, int len) +{ + struct iapp_add_notify *add = (struct iapp_add_notify *) (hdr + 1); + struct sta_info *sta; + + if (len != sizeof(*add)) { + printf("Invalid IAPP-ADD packet length %d (expected %lu)\n", + len, (unsigned long) sizeof(*add)); + return; + } + + sta = ap_get_sta(iapp->hapd, add->mac_addr); + + /* IAPP-ADD.indication(MAC Address, Sequence Number) */ + hostapd_logger(iapp->hapd, add->mac_addr, HOSTAPD_MODULE_IAPP, + HOSTAPD_LEVEL_INFO, + "Received IAPP ADD-notify (seq# %d) from %s:%d%s", + be_to_host16(add->seq_num), + inet_ntoa(from->sin_addr), ntohs(from->sin_port), + sta ? "" : " (STA not found)"); + + if (!sta) + return; + + /* TODO: could use seq_num to try to determine whether last association + * to this AP is newer than the one advertised in IAPP-ADD. Although, + * this is not really a reliable verification. */ + + hostapd_logger(iapp->hapd, add->mac_addr, HOSTAPD_MODULE_IAPP, + HOSTAPD_LEVEL_DEBUG, + "Removing STA due to IAPP ADD-notify"); + sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | WLAN_STA_AUTHORIZED); + eloop_cancel_timeout(ap_handle_timer, iapp->hapd, sta); + eloop_register_timeout(0, 0, ap_handle_timer, iapp->hapd, sta); + sta->timeout_next = STA_REMOVE; +} + + +static void iapp_receive_udp(int sock, void *eloop_ctx, void *sock_ctx) +{ + struct iapp_data *iapp = eloop_ctx; + int len, hlen; + unsigned char buf[128]; + struct sockaddr_in from; + socklen_t fromlen; + struct iapp_hdr *hdr; + + /* Handle incoming IAPP frames (over UDP/IP) */ + + fromlen = sizeof(from); + len = recvfrom(iapp->udp_sock, buf, sizeof(buf), 0, + (struct sockaddr *) &from, &fromlen); + if (len < 0) { + perror("recvfrom"); + return; + } + + if (from.sin_addr.s_addr == iapp->own.s_addr) + return; /* ignore own IAPP messages */ + + hostapd_logger(iapp->hapd, NULL, HOSTAPD_MODULE_IAPP, + HOSTAPD_LEVEL_DEBUG, + "Received %d byte IAPP frame from %s%s\n", + len, inet_ntoa(from.sin_addr), + len < (int) sizeof(*hdr) ? " (too short)" : ""); + + if (len < (int) sizeof(*hdr)) + return; + + hdr = (struct iapp_hdr *) buf; + hlen = be_to_host16(hdr->length); + hostapd_logger(iapp->hapd, NULL, HOSTAPD_MODULE_IAPP, + HOSTAPD_LEVEL_DEBUG, + "RX: version=%d command=%d id=%d len=%d\n", + hdr->version, hdr->command, + be_to_host16(hdr->identifier), hlen); + if (hdr->version != IAPP_VERSION) { + printf("Dropping IAPP frame with unknown version %d\n", + hdr->version); + return; + } + if (hlen > len) { + printf("Underflow IAPP frame (hlen=%d len=%d)\n", hlen, len); + return; + } + if (hlen < len) { + printf("Ignoring %d extra bytes from IAPP frame\n", + len - hlen); + len = hlen; + } + + switch (hdr->command) { + case IAPP_CMD_ADD_notify: + iapp_process_add_notify(iapp, &from, hdr, hlen - sizeof(*hdr)); + break; + case IAPP_CMD_MOVE_notify: + /* TODO: MOVE is using TCP; so move this to TCP handler once it + * is implemented.. */ + /* IAPP-MOVE.indication(MAC Address, New BSSID, + * Sequence Number, AP Address, Context Block) */ + /* TODO: process */ + break; + default: + printf("Unknown IAPP command %d\n", hdr->command); + break; + } +} + + +struct iapp_data * iapp_init(struct hostapd_data *hapd, const char *iface) +{ + struct ifreq ifr; + struct sockaddr_ll addr; + int ifindex; + struct sockaddr_in *paddr, uaddr; + struct iapp_data *iapp; + struct ip_mreqn mreq; + + iapp = wpa_zalloc(sizeof(*iapp)); + if (iapp == NULL) + return NULL; + iapp->hapd = hapd; + iapp->udp_sock = iapp->packet_sock = -1; + + /* TODO: + * open socket for sending and receiving IAPP frames over TCP + */ + + iapp->udp_sock = socket(PF_INET, SOCK_DGRAM, 0); + if (iapp->udp_sock < 0) { + perror("socket[PF_INET,SOCK_DGRAM]"); + iapp_deinit(iapp); + return NULL; + } + + memset(&ifr, 0, sizeof(ifr)); + strncpy(ifr.ifr_name, iface, sizeof(ifr.ifr_name)); + if (ioctl(iapp->udp_sock, SIOCGIFINDEX, &ifr) != 0) { + perror("ioctl(SIOCGIFINDEX)"); + iapp_deinit(iapp); + return NULL; + } + ifindex = ifr.ifr_ifindex; + + if (ioctl(iapp->udp_sock, SIOCGIFADDR, &ifr) != 0) { + perror("ioctl(SIOCGIFADDR)"); + iapp_deinit(iapp); + return NULL; + } + paddr = (struct sockaddr_in *) &ifr.ifr_addr; + if (paddr->sin_family != AF_INET) { + printf("Invalid address family %i (SIOCGIFADDR)\n", + paddr->sin_family); + iapp_deinit(iapp); + return NULL; + } + iapp->own.s_addr = paddr->sin_addr.s_addr; + + if (ioctl(iapp->udp_sock, SIOCGIFBRDADDR, &ifr) != 0) { + perror("ioctl(SIOCGIFBRDADDR)"); + iapp_deinit(iapp); + return NULL; + } + paddr = (struct sockaddr_in *) &ifr.ifr_addr; + if (paddr->sin_family != AF_INET) { + printf("Invalid address family %i (SIOCGIFBRDADDR)\n", + paddr->sin_family); + iapp_deinit(iapp); + return NULL; + } + inet_aton(IAPP_MULTICAST, &iapp->multicast); + + memset(&uaddr, 0, sizeof(uaddr)); + uaddr.sin_family = AF_INET; + uaddr.sin_port = htons(IAPP_UDP_PORT); + if (bind(iapp->udp_sock, (struct sockaddr *) &uaddr, + sizeof(uaddr)) < 0) { + perror("bind[UDP]"); + iapp_deinit(iapp); + return NULL; + } + + memset(&mreq, 0, sizeof(mreq)); + mreq.imr_multiaddr = iapp->multicast; + mreq.imr_address.s_addr = INADDR_ANY; + mreq.imr_ifindex = 0; + if (setsockopt(iapp->udp_sock, SOL_IP, IP_ADD_MEMBERSHIP, &mreq, + sizeof(mreq)) < 0) { + perror("setsockopt[UDP,IP_ADD_MEMBERSHIP]"); + iapp_deinit(iapp); + return NULL; + } + + iapp->packet_sock = socket(PF_PACKET, SOCK_RAW, htons(ETH_P_ALL)); + if (iapp->packet_sock < 0) { + perror("socket[PF_PACKET,SOCK_RAW]"); + iapp_deinit(iapp); + return NULL; + } + + memset(&addr, 0, sizeof(addr)); + addr.sll_family = AF_PACKET; + addr.sll_ifindex = ifindex; + if (bind(iapp->packet_sock, (struct sockaddr *) &addr, + sizeof(addr)) < 0) { + perror("bind[PACKET]"); + iapp_deinit(iapp); + return NULL; + } + + if (eloop_register_read_sock(iapp->udp_sock, iapp_receive_udp, + iapp, NULL)) { + printf("Could not register read socket for IAPP.\n"); + iapp_deinit(iapp); + return NULL; + } + + printf("IEEE 802.11F (IAPP) using interface %s\n", iface); + + /* TODO: For levels 2 and 3: send RADIUS Initiate-Request, receive + * RADIUS Initiate-Accept or Initiate-Reject. IAPP port should actually + * be openned only after receiving Initiate-Accept. If Initiate-Reject + * is received, IAPP is not started. */ + + return iapp; +} + + +void iapp_deinit(struct iapp_data *iapp) +{ + struct ip_mreqn mreq; + + if (iapp == NULL) + return; + + if (iapp->udp_sock >= 0) { + memset(&mreq, 0, sizeof(mreq)); + mreq.imr_multiaddr = iapp->multicast; + mreq.imr_address.s_addr = INADDR_ANY; + mreq.imr_ifindex = 0; + if (setsockopt(iapp->udp_sock, SOL_IP, IP_DROP_MEMBERSHIP, + &mreq, sizeof(mreq)) < 0) { + perror("setsockopt[UDP,IP_DEL_MEMBERSHIP]"); + } + + eloop_unregister_read_sock(iapp->udp_sock); + close(iapp->udp_sock); + } + if (iapp->packet_sock >= 0) { + eloop_unregister_read_sock(iapp->packet_sock); + close(iapp->packet_sock); + } + free(iapp); +} + +int iapp_reconfig(struct hostapd_data *hapd, struct hostapd_config *oldconf, + struct hostapd_bss_config *oldbss) +{ + if (hapd->conf->ieee802_11f != oldbss->ieee802_11f || + strcmp(hapd->conf->iapp_iface, oldbss->iapp_iface) != 0) { + + iapp_deinit(hapd->iapp); + hapd->iapp = NULL; + + if (hapd->conf->ieee802_11f) { + hapd->iapp = iapp_init(hapd, hapd->conf->iapp_iface); + + if (hapd->iapp == NULL) + return -1; + } + } + + return 0; +} diff --git a/contrib/hostapd-0.5.8/iapp.h b/contrib/hostapd-0.5.8/iapp.h new file mode 100644 index 0000000000..86de592560 --- /dev/null +++ b/contrib/hostapd-0.5.8/iapp.h @@ -0,0 +1,54 @@ +/* + * hostapd / IEEE 802.11F-2003 Inter-Access Point Protocol (IAPP) + * Copyright (c) 2002-2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef IAPP_H +#define IAPP_H + +struct iapp_data; + +#ifdef CONFIG_IAPP + +void iapp_new_station(struct iapp_data *iapp, struct sta_info *sta); +struct iapp_data * iapp_init(struct hostapd_data *hapd, const char *iface); +void iapp_deinit(struct iapp_data *iapp); +int iapp_reconfig(struct hostapd_data *hapd, struct hostapd_config *oldconf, + struct hostapd_bss_config *oldbss); + +#else /* CONFIG_IAPP */ + +static inline void iapp_new_station(struct iapp_data *iapp, + struct sta_info *sta) +{ +} + +static inline struct iapp_data * iapp_init(struct hostapd_data *hapd, + const char *iface) +{ + return NULL; +} + +static inline void iapp_deinit(struct iapp_data *iapp) +{ +} + +static inline int +iapp_reconfig(struct hostapd_data *hapd, struct hostapd_config *oldconf, + struct hostapd_bss_config *oldbss) +{ + return 0; +} + +#endif /* CONFIG_IAPP */ + +#endif /* IAPP_H */ diff --git a/contrib/hostapd-0.5.8/ieee802_11.c b/contrib/hostapd-0.5.8/ieee802_11.c new file mode 100644 index 0000000000..6dec289183 --- /dev/null +++ b/contrib/hostapd-0.5.8/ieee802_11.c @@ -0,0 +1,1636 @@ +/* + * hostapd / IEEE 802.11 Management + * Copyright (c) 2002-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#ifndef CONFIG_NATIVE_WINDOWS + +#include + +#include "eloop.h" +#include "hostapd.h" +#include "ieee802_11.h" +#include "beacon.h" +#include "hw_features.h" +#include "radius.h" +#include "radius_client.h" +#include "ieee802_11_auth.h" +#include "sta_info.h" +#include "eapol_sm.h" +#include "rc4.h" +#include "ieee802_1x.h" +#include "wpa.h" +#include "wme.h" +#include "ap_list.h" +#include "accounting.h" +#include "driver.h" +#include "ieee802_11h.h" +#include "mlme.h" + + +u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid) +{ + u8 *pos = eid; + int i, num, count; + + if (hapd->iface->current_rates == NULL) + return eid; + + *pos++ = WLAN_EID_SUPP_RATES; + num = hapd->iface->num_rates; + if (num > 8) { + /* rest of the rates are encoded in Extended supported + * rates element */ + num = 8; + } + + *pos++ = num; + count = 0; + for (i = 0, count = 0; i < hapd->iface->num_rates && count < num; + i++) { + count++; + *pos = hapd->iface->current_rates[i].rate / 5; + if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC) + *pos |= 0x80; + pos++; + } + + return pos; +} + + +u8 * hostapd_eid_ext_supp_rates(struct hostapd_data *hapd, u8 *eid) +{ + u8 *pos = eid; + int i, num, count; + + if (hapd->iface->current_rates == NULL) + return eid; + + num = hapd->iface->num_rates; + if (num <= 8) + return eid; + num -= 8; + + *pos++ = WLAN_EID_EXT_SUPP_RATES; + *pos++ = num; + count = 0; + for (i = 0, count = 0; i < hapd->iface->num_rates && count < num + 8; + i++) { + count++; + if (count <= 8) + continue; /* already in SuppRates IE */ + *pos = hapd->iface->current_rates[i].rate / 5; + if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC) + *pos |= 0x80; + pos++; + } + + return pos; +} + + +u16 hostapd_own_capab_info(struct hostapd_data *hapd, struct sta_info *sta, + int probe) +{ + int capab = WLAN_CAPABILITY_ESS; + int privacy; + + if (hapd->iface->num_sta_no_short_preamble == 0 && + hapd->iconf->preamble == SHORT_PREAMBLE) + capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; + + privacy = hapd->conf->ssid.wep.keys_set; + + if (hapd->conf->ieee802_1x && + (hapd->conf->default_wep_key_len || + hapd->conf->individual_wep_key_len)) + privacy = 1; + + if (hapd->conf->wpa) + privacy = 1; + + if (sta) { + int policy, def_klen; + if (probe && sta->ssid_probe) { + policy = sta->ssid_probe->security_policy; + def_klen = sta->ssid_probe->wep.default_len; + } else { + policy = sta->ssid->security_policy; + def_klen = sta->ssid->wep.default_len; + } + privacy = policy != SECURITY_PLAINTEXT; + if (policy == SECURITY_IEEE_802_1X && def_klen == 0) + privacy = 0; + } + + if (privacy) + capab |= WLAN_CAPABILITY_PRIVACY; + + if (hapd->iface && hapd->iface->current_mode && + hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G && + hapd->iface->num_sta_no_short_slot_time == 0) + capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; + + if (hapd->iface->dfs_enable) + capab |= WLAN_CAPABILITY_SPECTRUM_MGMT; + + return capab; +} + + +#define OUI_MICROSOFT 0x0050f2 /* Microsoft (also used in Wi-Fi specs) + * 00:50:F2 */ + +static int ieee802_11_parse_vendor_specific(struct hostapd_data *hapd, + u8 *pos, size_t elen, + struct ieee802_11_elems *elems, + int show_errors) +{ + unsigned int oui; + + /* first 3 bytes in vendor specific information element are the IEEE + * OUI of the vendor. The following byte is used a vendor specific + * sub-type. */ + if (elen < 4) { + if (show_errors) { + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MSGDUMPS, "short vendor " + "specific information element ignored " + "(len=%lu)\n", (unsigned long) elen); + } + return -1; + } + + oui = (pos[0] << 16) | (pos[1] << 8) | pos[2]; + switch (oui) { + case OUI_MICROSOFT: + /* Microsoft/Wi-Fi information elements are further typed and + * subtyped */ + switch (pos[3]) { + case 1: + /* Microsoft OUI (00:50:F2) with OUI Type 1: + * real WPA information element */ + elems->wpa_ie = pos; + elems->wpa_ie_len = elen; + break; + case WME_OUI_TYPE: /* this is a Wi-Fi WME info. element */ + if (elen < 5) { + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MSGDUMPS, + "short WME information element " + "ignored (len=%lu)\n", + (unsigned long) elen); + return -1; + } + switch (pos[4]) { + case WME_OUI_SUBTYPE_INFORMATION_ELEMENT: + case WME_OUI_SUBTYPE_PARAMETER_ELEMENT: + elems->wme = pos; + elems->wme_len = elen; + break; + case WME_OUI_SUBTYPE_TSPEC_ELEMENT: + elems->wme_tspec = pos; + elems->wme_tspec_len = elen; + break; + default: + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MSGDUMPS, + "unknown WME information element" + " ignored (subtype=%d " + "len=%lu)\n", + pos[4], (unsigned long) elen); + return -1; + } + break; + default: + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MSGDUMPS, + "Unknown Microsoft information element " + "ignored (type=%d len=%lu)\n", + pos[3], (unsigned long) elen); + return -1; + } + break; + + default: + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MSGDUMPS, + "unknown vendor specific information element " + "ignored (vendor OUI %02x:%02x:%02x len=%lu)\n", + pos[0], pos[1], pos[2], (unsigned long) elen); + return -1; + } + + return 0; +} + + +ParseRes ieee802_11_parse_elems(struct hostapd_data *hapd, u8 *start, + size_t len, + struct ieee802_11_elems *elems, + int show_errors) +{ + size_t left = len; + u8 *pos = start; + int unknown = 0; + + memset(elems, 0, sizeof(*elems)); + + while (left >= 2) { + u8 id, elen; + + id = *pos++; + elen = *pos++; + left -= 2; + + if (elen > left) { + if (show_errors) { + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "IEEE 802.11 element parse " + "failed (id=%d elen=%d " + "left=%lu)\n", + id, elen, (unsigned long) left); + wpa_hexdump(MSG_MSGDUMP, "IEs", start, len); + } + return ParseFailed; + } + + switch (id) { + case WLAN_EID_SSID: + elems->ssid = pos; + elems->ssid_len = elen; + break; + case WLAN_EID_SUPP_RATES: + elems->supp_rates = pos; + elems->supp_rates_len = elen; + break; + case WLAN_EID_FH_PARAMS: + elems->fh_params = pos; + elems->fh_params_len = elen; + break; + case WLAN_EID_DS_PARAMS: + elems->ds_params = pos; + elems->ds_params_len = elen; + break; + case WLAN_EID_CF_PARAMS: + elems->cf_params = pos; + elems->cf_params_len = elen; + break; + case WLAN_EID_TIM: + elems->tim = pos; + elems->tim_len = elen; + break; + case WLAN_EID_IBSS_PARAMS: + elems->ibss_params = pos; + elems->ibss_params_len = elen; + break; + case WLAN_EID_CHALLENGE: + elems->challenge = pos; + elems->challenge_len = elen; + break; + case WLAN_EID_ERP_INFO: + elems->erp_info = pos; + elems->erp_info_len = elen; + break; + case WLAN_EID_EXT_SUPP_RATES: + elems->ext_supp_rates = pos; + elems->ext_supp_rates_len = elen; + break; + case WLAN_EID_VENDOR_SPECIFIC: + if (ieee802_11_parse_vendor_specific(hapd, pos, elen, + elems, + show_errors)) + unknown++; + break; + case WLAN_EID_RSN: + elems->rsn_ie = pos; + elems->rsn_ie_len = elen; + break; + case WLAN_EID_PWR_CAPABILITY: + elems->power_cap = pos; + elems->power_cap_len = elen; + break; + case WLAN_EID_SUPPORTED_CHANNELS: + elems->supp_channels = pos; + elems->supp_channels_len = elen; + break; + default: + unknown++; + if (!show_errors) + break; + HOSTAPD_DEBUG(HOSTAPD_DEBUG_EXCESSIVE, + "IEEE 802.11 element parse ignored " + "unknown element (id=%d elen=%d)\n", + id, elen); + break; + } + + left -= elen; + pos += elen; + } + + if (left) + return ParseFailed; + + return unknown ? ParseUnknown : ParseOK; +} + + +void ieee802_11_print_ssid(const u8 *ssid, u8 len) +{ + int i; + for (i = 0; i < len; i++) { + if (ssid[i] >= 32 && ssid[i] < 127) + printf("%c", ssid[i]); + else + printf("<%02x>", ssid[i]); + } +} + + +void ieee802_11_send_deauth(struct hostapd_data *hapd, u8 *addr, u16 reason) +{ + struct ieee80211_mgmt mgmt; + char buf[30]; + + hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_DEBUG, + "deauthenticate - reason %d", reason); + snprintf(buf, sizeof(buf), "SEND-DEAUTHENTICATE %d", reason); + memset(&mgmt, 0, sizeof(mgmt)); + mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, + WLAN_FC_STYPE_DEAUTH); + memcpy(mgmt.da, addr, ETH_ALEN); + memcpy(mgmt.sa, hapd->own_addr, ETH_ALEN); + memcpy(mgmt.bssid, hapd->own_addr, ETH_ALEN); + mgmt.u.deauth.reason_code = host_to_le16(reason); + if (hostapd_send_mgmt_frame(hapd, &mgmt, IEEE80211_HDRLEN + + sizeof(mgmt.u.deauth), 0) < 0) + perror("ieee802_11_send_deauth: send"); +} + + +static void ieee802_11_sta_authenticate(void *eloop_ctx, void *timeout_ctx) +{ + struct hostapd_data *hapd = eloop_ctx; + struct ieee80211_mgmt mgmt; + + if (hapd->assoc_ap_state == WAIT_BEACON) + hapd->assoc_ap_state = AUTHENTICATE; + if (hapd->assoc_ap_state != AUTHENTICATE) + return; + + printf("Authenticate with AP " MACSTR " SSID=", + MAC2STR(hapd->conf->assoc_ap_addr)); + ieee802_11_print_ssid((u8 *) hapd->assoc_ap_ssid, + hapd->assoc_ap_ssid_len); + printf(" (as station)\n"); + + memset(&mgmt, 0, sizeof(mgmt)); + mgmt.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, + WLAN_FC_STYPE_AUTH); + /* Request TX callback */ + mgmt.frame_control |= host_to_le16(BIT(1)); + memcpy(mgmt.da, hapd->conf->assoc_ap_addr, ETH_ALEN); + memcpy(mgmt.sa, hapd->own_addr, ETH_ALEN); + memcpy(mgmt.bssid, hapd->conf->assoc_ap_addr, ETH_ALEN); + mgmt.u.auth.auth_alg = host_to_le16(WLAN_AUTH_OPEN); + mgmt.u.auth.auth_transaction = host_to_le16(1); + mgmt.u.auth.status_code = host_to_le16(0); + if (hostapd_send_mgmt_frame(hapd, &mgmt, IEEE80211_HDRLEN + + sizeof(mgmt.u.auth), 0) < 0) + perror("ieee802_11_sta_authenticate: send"); + + /* Try to authenticate again, if this attempt fails or times out. */ + eloop_register_timeout(5, 0, ieee802_11_sta_authenticate, hapd, NULL); +} + + +static void ieee802_11_sta_associate(void *eloop_ctx, void *timeout_ctx) +{ + struct hostapd_data *hapd = eloop_ctx; + u8 buf[256]; + struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) buf; + u8 *p; + + if (hapd->assoc_ap_state == AUTHENTICATE) + hapd->assoc_ap_state = ASSOCIATE; + if (hapd->assoc_ap_state != ASSOCIATE) + return; + + printf("Associate with AP " MACSTR " SSID=", + MAC2STR(hapd->conf->assoc_ap_addr)); + ieee802_11_print_ssid((u8 *) hapd->assoc_ap_ssid, + hapd->assoc_ap_ssid_len); + printf(" (as station)\n"); + + memset(mgmt, 0, sizeof(*mgmt)); + mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, + WLAN_FC_STYPE_ASSOC_REQ); + /* Request TX callback */ + mgmt->frame_control |= host_to_le16(BIT(1)); + memcpy(mgmt->da, hapd->conf->assoc_ap_addr, ETH_ALEN); + memcpy(mgmt->sa, hapd->own_addr, ETH_ALEN); + memcpy(mgmt->bssid, hapd->conf->assoc_ap_addr, ETH_ALEN); + mgmt->u.assoc_req.capab_info = host_to_le16(0); + mgmt->u.assoc_req.listen_interval = host_to_le16(1); + p = &mgmt->u.assoc_req.variable[0]; + + *p++ = WLAN_EID_SSID; + *p++ = hapd->assoc_ap_ssid_len; + memcpy(p, hapd->assoc_ap_ssid, hapd->assoc_ap_ssid_len); + p += hapd->assoc_ap_ssid_len; + + p = hostapd_eid_supp_rates(hapd, p); + p = hostapd_eid_ext_supp_rates(hapd, p); + + if (hostapd_send_mgmt_frame(hapd, mgmt, p - (u8 *) mgmt, 0) < 0) + perror("ieee802_11_sta_associate: send"); + + /* Try to authenticate again, if this attempt fails or times out. */ + eloop_register_timeout(5, 0, ieee802_11_sta_associate, hapd, NULL); +} + + +static u16 auth_shared_key(struct hostapd_data *hapd, struct sta_info *sta, + u16 auth_transaction, u8 *challenge, int iswep) +{ + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_DEBUG, + "authentication (shared key, transaction %d)", + auth_transaction); + + if (auth_transaction == 1) { + if (!sta->challenge) { + /* Generate a pseudo-random challenge */ + u8 key[8]; + time_t now; + int r; + sta->challenge = wpa_zalloc(WLAN_AUTH_CHALLENGE_LEN); + if (sta->challenge == NULL) + return WLAN_STATUS_UNSPECIFIED_FAILURE; + + now = time(NULL); + r = random(); + memcpy(key, &now, 4); + memcpy(key + 4, &r, 4); + rc4(sta->challenge, WLAN_AUTH_CHALLENGE_LEN, + key, sizeof(key)); + } + return 0; + } + + if (auth_transaction != 3) + return WLAN_STATUS_UNSPECIFIED_FAILURE; + + /* Transaction 3 */ + if (!iswep || !sta->challenge || !challenge || + memcmp(sta->challenge, challenge, WLAN_AUTH_CHALLENGE_LEN)) { + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_INFO, + "shared key authentication - invalid " + "challenge-response"); + return WLAN_STATUS_CHALLENGE_FAIL; + } + + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_DEBUG, + "authentication OK (shared key)"); +#ifdef IEEE80211_REQUIRE_AUTH_ACK + /* Station will be marked authenticated if it ACKs the + * authentication reply. */ +#else + sta->flags |= WLAN_STA_AUTH; + wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); +#endif + free(sta->challenge); + sta->challenge = NULL; + + return 0; +} + + +static void send_auth_reply(struct hostapd_data *hapd, + struct ieee80211_mgmt *mgmt, + u16 auth_alg, u16 auth_transaction, u16 resp, + u8 *challenge) +{ + u8 buf[IEEE80211_HDRLEN + sizeof(mgmt->u.auth) + 2 + + WLAN_AUTH_CHALLENGE_LEN]; + struct ieee80211_mgmt *reply; + size_t rlen; + + memset(buf, 0, sizeof(buf)); + reply = (struct ieee80211_mgmt *) buf; + reply->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, + WLAN_FC_STYPE_AUTH); + /* Request TX callback */ + reply->frame_control |= host_to_le16(BIT(1)); + memcpy(reply->da, mgmt->sa, ETH_ALEN); + memcpy(reply->sa, hapd->own_addr, ETH_ALEN); + memcpy(reply->bssid, mgmt->bssid, ETH_ALEN); + + reply->u.auth.auth_alg = host_to_le16(auth_alg); + reply->u.auth.auth_transaction = host_to_le16(auth_transaction); + reply->u.auth.status_code = host_to_le16(resp); + rlen = IEEE80211_HDRLEN + sizeof(reply->u.auth); + if (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 2 && + challenge) { + u8 *p = reply->u.auth.variable; + *p++ = WLAN_EID_CHALLENGE; + *p++ = WLAN_AUTH_CHALLENGE_LEN; + memcpy(p, challenge, WLAN_AUTH_CHALLENGE_LEN); + rlen += 2 + WLAN_AUTH_CHALLENGE_LEN; + } else + challenge = NULL; + + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "authentication reply: STA=" MACSTR " auth_alg=%d " + "auth_transaction=%d resp=%d%s\n", + MAC2STR(mgmt->sa), auth_alg, auth_transaction, + resp, challenge ? " challenge" : ""); + if (hostapd_send_mgmt_frame(hapd, reply, rlen, 0) < 0) + perror("send_auth_reply: send"); +} + + +static void handle_auth(struct hostapd_data *hapd, struct ieee80211_mgmt *mgmt, + size_t len) +{ + u16 auth_alg, auth_transaction, status_code; + u16 resp = WLAN_STATUS_SUCCESS; + struct sta_info *sta = NULL; + int res; + u16 fc; + u8 *challenge = NULL; + u32 session_timeout, acct_interim_interval; + int vlan_id = 0; + + if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) { + printf("handle_auth - too short payload (len=%lu)\n", + (unsigned long) len); + return; + } + + auth_alg = le_to_host16(mgmt->u.auth.auth_alg); + auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction); + status_code = le_to_host16(mgmt->u.auth.status_code); + fc = le_to_host16(mgmt->frame_control); + + if (len >= IEEE80211_HDRLEN + sizeof(mgmt->u.auth) + + 2 + WLAN_AUTH_CHALLENGE_LEN && + mgmt->u.auth.variable[0] == WLAN_EID_CHALLENGE && + mgmt->u.auth.variable[1] == WLAN_AUTH_CHALLENGE_LEN) + challenge = &mgmt->u.auth.variable[2]; + + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "authentication: STA=" MACSTR " auth_alg=%d " + "auth_transaction=%d status_code=%d wep=%d%s\n", + MAC2STR(mgmt->sa), auth_alg, auth_transaction, + status_code, !!(fc & WLAN_FC_ISWEP), + challenge ? " challenge" : ""); + + if (hapd->assoc_ap_state == AUTHENTICATE && auth_transaction == 2 && + memcmp(mgmt->sa, hapd->conf->assoc_ap_addr, ETH_ALEN) == 0 && + memcmp(mgmt->bssid, hapd->conf->assoc_ap_addr, ETH_ALEN) == 0) { + if (status_code != 0) { + printf("Authentication (as station) with AP " + MACSTR " failed (status_code=%d)\n", + MAC2STR(hapd->conf->assoc_ap_addr), + status_code); + return; + } + printf("Authenticated (as station) with AP " MACSTR "\n", + MAC2STR(hapd->conf->assoc_ap_addr)); + ieee802_11_sta_associate(hapd, NULL); + return; + } + + if (hapd->tkip_countermeasures) { + resp = WLAN_REASON_MICHAEL_MIC_FAILURE; + goto fail; + } + + if (!(((hapd->conf->auth_algs & HOSTAPD_AUTH_OPEN) && + auth_alg == WLAN_AUTH_OPEN) || + ((hapd->conf->auth_algs & HOSTAPD_AUTH_SHARED_KEY) && + auth_alg == WLAN_AUTH_SHARED_KEY))) { + printf("Unsupported authentication algorithm (%d)\n", + auth_alg); + resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG; + goto fail; + } + + if (!(auth_transaction == 1 || + (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 3))) { + printf("Unknown authentication transaction number (%d)\n", + auth_transaction); + resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; + goto fail; + } + + if (memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) { + printf("Station " MACSTR " not allowed to authenticate.\n", + MAC2STR(mgmt->sa)); + resp = WLAN_STATUS_UNSPECIFIED_FAILURE; + goto fail; + } + + res = hostapd_allowed_address(hapd, mgmt->sa, (u8 *) mgmt, len, + &session_timeout, + &acct_interim_interval, &vlan_id); + if (res == HOSTAPD_ACL_REJECT) { + printf("Station " MACSTR " not allowed to authenticate.\n", + MAC2STR(mgmt->sa)); + resp = WLAN_STATUS_UNSPECIFIED_FAILURE; + goto fail; + } + if (res == HOSTAPD_ACL_PENDING) { + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "Authentication frame " + "from " MACSTR " waiting for an external " + "authentication\n", MAC2STR(mgmt->sa)); + /* Authentication code will re-send the authentication frame + * after it has received (and cached) information from the + * external source. */ + return; + } + + sta = ap_sta_add(hapd, mgmt->sa); + if (!sta) { + resp = WLAN_STATUS_UNSPECIFIED_FAILURE; + goto fail; + } + + if (vlan_id > 0) { + if (hostapd_get_vlan_id_ifname(hapd->conf->vlan, + sta->vlan_id) == NULL) { + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS, + HOSTAPD_LEVEL_INFO, "Invalid VLAN ID " + "%d received from RADIUS server", + vlan_id); + resp = WLAN_STATUS_UNSPECIFIED_FAILURE; + goto fail; + } + sta->vlan_id = vlan_id; + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS, + HOSTAPD_LEVEL_INFO, "VLAN ID %d", sta->vlan_id); + } + + sta->flags &= ~WLAN_STA_PREAUTH; + ieee802_1x_notify_pre_auth(sta->eapol_sm, 0); + + if (hapd->conf->radius->acct_interim_interval == 0 && + acct_interim_interval) + sta->acct_interim_interval = acct_interim_interval; + if (res == HOSTAPD_ACL_ACCEPT_TIMEOUT) + ap_sta_session_timeout(hapd, sta, session_timeout); + else + ap_sta_no_session_timeout(hapd, sta); + + switch (auth_alg) { + case WLAN_AUTH_OPEN: + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_DEBUG, + "authentication OK (open system)"); +#ifdef IEEE80211_REQUIRE_AUTH_ACK + /* Station will be marked authenticated if it ACKs the + * authentication reply. */ +#else + sta->flags |= WLAN_STA_AUTH; + wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); + sta->auth_alg = WLAN_AUTH_OPEN; + mlme_authenticate_indication(hapd, sta); +#endif + break; + case WLAN_AUTH_SHARED_KEY: + resp = auth_shared_key(hapd, sta, auth_transaction, challenge, + fc & WLAN_FC_ISWEP); + sta->auth_alg = WLAN_AUTH_SHARED_KEY; + mlme_authenticate_indication(hapd, sta); + break; + } + + fail: + send_auth_reply(hapd, mgmt, auth_alg, auth_transaction + 1, resp, + sta ? sta->challenge : NULL); +} + + +static void handle_assoc(struct hostapd_data *hapd, + struct ieee80211_mgmt *mgmt, size_t len, int reassoc) +{ + u16 capab_info, listen_interval; + u16 resp = WLAN_STATUS_SUCCESS; + u8 *pos, *wpa_ie; + size_t wpa_ie_len; + int send_deauth = 0, send_len, left, i; + struct sta_info *sta; + struct ieee802_11_elems elems; + + if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) : + sizeof(mgmt->u.assoc_req))) { + printf("handle_assoc(reassoc=%d) - too short payload (len=%lu)" + "\n", reassoc, (unsigned long) len); + return; + } + + if (reassoc) { + capab_info = le_to_host16(mgmt->u.reassoc_req.capab_info); + listen_interval = le_to_host16( + mgmt->u.reassoc_req.listen_interval); + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "reassociation request: STA=" MACSTR + " capab_info=0x%02x " + "listen_interval=%d current_ap=" MACSTR "\n", + MAC2STR(mgmt->sa), capab_info, listen_interval, + MAC2STR(mgmt->u.reassoc_req.current_ap)); + left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.reassoc_req)); + pos = mgmt->u.reassoc_req.variable; + } else { + capab_info = le_to_host16(mgmt->u.assoc_req.capab_info); + listen_interval = le_to_host16( + mgmt->u.assoc_req.listen_interval); + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "association request: STA=" MACSTR + " capab_info=0x%02x listen_interval=%d\n", + MAC2STR(mgmt->sa), capab_info, listen_interval); + left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.assoc_req)); + pos = mgmt->u.assoc_req.variable; + } + + sta = ap_get_sta(hapd, mgmt->sa); + if (sta == NULL || (sta->flags & WLAN_STA_AUTH) == 0) { + printf("STA " MACSTR " trying to associate before " + "authentication\n", MAC2STR(mgmt->sa)); + if (sta) { + printf(" sta: addr=" MACSTR " aid=%d flags=0x%04x\n", + MAC2STR(sta->addr), sta->aid, sta->flags); + } + send_deauth = 1; + resp = WLAN_STATUS_UNSPECIFIED_FAILURE; + goto fail; + } + + if (hapd->tkip_countermeasures) { + resp = WLAN_REASON_MICHAEL_MIC_FAILURE; + goto fail; + } + + if (reassoc) { + memcpy(sta->previous_ap, mgmt->u.reassoc_req.current_ap, + ETH_ALEN); + } + + sta->capability = capab_info; + + /* followed by SSID and Supported rates */ + if (ieee802_11_parse_elems(hapd, pos, left, &elems, 1) == ParseFailed + || !elems.ssid) { + printf("STA " MACSTR " sent invalid association request\n", + MAC2STR(sta->addr)); + resp = WLAN_STATUS_UNSPECIFIED_FAILURE; + goto fail; + } + + if (elems.ssid_len != hapd->conf->ssid.ssid_len || + memcmp(elems.ssid, hapd->conf->ssid.ssid, elems.ssid_len) != 0) { + printf("Station " MACSTR " tried to associate with " + "unknown SSID '", MAC2STR(sta->addr)); + ieee802_11_print_ssid(elems.ssid, elems.ssid_len); + printf("'\n"); + resp = WLAN_STATUS_UNSPECIFIED_FAILURE; + goto fail; + } + + sta->flags &= ~WLAN_STA_WME; + if (elems.wme && hapd->conf->wme_enabled) { + if (hostapd_eid_wme_valid(hapd, elems.wme, elems.wme_len)) + hostapd_logger(hapd, sta->addr, + HOSTAPD_MODULE_WPA, + HOSTAPD_LEVEL_DEBUG, + "invalid WME element in association " + "request"); + else + sta->flags |= WLAN_STA_WME; + } + + if (!elems.supp_rates) { + hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_DEBUG, + "No supported rates element in AssocReq"); + resp = WLAN_STATUS_UNSPECIFIED_FAILURE; + goto fail; + } + + if (elems.supp_rates_len > sizeof(sta->supported_rates)) { + hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_DEBUG, + "Invalid supported rates element length %d", + elems.supp_rates_len); + resp = WLAN_STATUS_UNSPECIFIED_FAILURE; + goto fail; + } + + memset(sta->supported_rates, 0, sizeof(sta->supported_rates)); + memcpy(sta->supported_rates, elems.supp_rates, elems.supp_rates_len); + sta->supported_rates_len = elems.supp_rates_len; + + if (elems.ext_supp_rates) { + if (elems.supp_rates_len + elems.ext_supp_rates_len > + sizeof(sta->supported_rates)) { + hostapd_logger(hapd, mgmt->sa, + HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_DEBUG, + "Invalid supported rates element length" + " %d+%d", elems.supp_rates_len, + elems.ext_supp_rates_len); + resp = WLAN_STATUS_UNSPECIFIED_FAILURE; + goto fail; + } + + memcpy(sta->supported_rates + elems.supp_rates_len, + elems.ext_supp_rates, elems.ext_supp_rates_len); + sta->supported_rates_len += elems.ext_supp_rates_len; + } + + if ((hapd->conf->wpa & HOSTAPD_WPA_VERSION_WPA2) && elems.rsn_ie) { + wpa_ie = elems.rsn_ie; + wpa_ie_len = elems.rsn_ie_len; + } else if ((hapd->conf->wpa & HOSTAPD_WPA_VERSION_WPA) && + elems.wpa_ie) { + wpa_ie = elems.wpa_ie; + wpa_ie_len = elems.wpa_ie_len; + } else { + wpa_ie = NULL; + wpa_ie_len = 0; + } + if (hapd->conf->wpa && wpa_ie == NULL) { + printf("STA " MACSTR ": No WPA/RSN IE in association " + "request\n", MAC2STR(sta->addr)); + resp = WLAN_STATUS_INVALID_IE; + goto fail; + } + + if (hapd->conf->wpa) { + int res; + wpa_ie -= 2; + wpa_ie_len += 2; + if (sta->wpa_sm == NULL) + sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, + sta->addr); + if (sta->wpa_sm == NULL) { + printf("Failed to initialize WPA state machine\n"); + resp = WLAN_STATUS_UNSPECIFIED_FAILURE; + goto fail; + } + res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm, + wpa_ie, wpa_ie_len); + if (res == WPA_INVALID_GROUP) + resp = WLAN_STATUS_GROUP_CIPHER_NOT_VALID; + else if (res == WPA_INVALID_PAIRWISE) + resp = WLAN_STATUS_PAIRWISE_CIPHER_NOT_VALID; + else if (res == WPA_INVALID_AKMP) + resp = WLAN_STATUS_AKMP_NOT_VALID; + else if (res == WPA_ALLOC_FAIL) + resp = WLAN_STATUS_UNSPECIFIED_FAILURE; +#ifdef CONFIG_IEEE80211W + else if (res == WPA_MGMT_FRAME_PROTECTION_VIOLATION) + resp = WLAN_STATUS_UNSPECIFIED_FAILURE; /* FIX */ + else if (res == WPA_INVALID_MGMT_GROUP_CIPHER) + resp = WLAN_STATUS_UNSPECIFIED_FAILURE; /* FIX */ +#endif /* CONFIG_IEEE80211W */ + else if (res != WPA_IE_OK) + resp = WLAN_STATUS_INVALID_IE; + if (resp != WLAN_STATUS_SUCCESS) + goto fail; + } + + if (hapd->iface->dfs_enable && + hapd->iconf->ieee80211h == SPECT_STRICT_BINDING) { + if (hostapd_check_power_cap(hapd, elems.power_cap, + elems.power_cap_len)) { + resp = WLAN_STATUS_PWR_CAPABILITY_NOT_VALID; + hostapd_logger(hapd, sta->addr, + HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_DEBUG, + "Power capabilities of the station not " + "acceptable"); + goto fail; + } + } + + if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G) + sta->flags |= WLAN_STA_NONERP; + for (i = 0; i < sta->supported_rates_len; i++) { + if ((sta->supported_rates[i] & 0x7f) > 22) { + sta->flags &= ~WLAN_STA_NONERP; + break; + } + } + if (sta->flags & WLAN_STA_NONERP && !sta->nonerp_set) { + sta->nonerp_set = 1; + hapd->iface->num_sta_non_erp++; + if (hapd->iface->num_sta_non_erp == 1) + ieee802_11_set_beacons(hapd->iface); + } + + if (!(sta->capability & WLAN_CAPABILITY_SHORT_SLOT_TIME) && + !sta->no_short_slot_time_set) { + sta->no_short_slot_time_set = 1; + hapd->iface->num_sta_no_short_slot_time++; + if (hapd->iface->current_mode->mode == + HOSTAPD_MODE_IEEE80211G && + hapd->iface->num_sta_no_short_slot_time == 1) + ieee802_11_set_beacons(hapd->iface); + } + + if (sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE) + sta->flags |= WLAN_STA_SHORT_PREAMBLE; + else + sta->flags &= ~WLAN_STA_SHORT_PREAMBLE; + + if (!(sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE) && + !sta->no_short_preamble_set) { + sta->no_short_preamble_set = 1; + hapd->iface->num_sta_no_short_preamble++; + if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G + && hapd->iface->num_sta_no_short_preamble == 1) + ieee802_11_set_beacons(hapd->iface); + } + + /* get a unique AID */ + if (sta->aid > 0) { + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + " old AID %d\n", sta->aid); + } else { + for (sta->aid = 1; sta->aid <= MAX_AID_TABLE_SIZE; sta->aid++) + if (hapd->sta_aid[sta->aid - 1] == NULL) + break; + if (sta->aid > MAX_AID_TABLE_SIZE) { + sta->aid = 0; + resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; + printf(" no room for more AIDs\n"); + goto fail; + } else { + hapd->sta_aid[sta->aid - 1] = sta; + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + " new AID %d\n", sta->aid); + } + } + + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_DEBUG, + "association OK (aid %d)", sta->aid); + /* Station will be marked associated, after it acknowledges AssocResp + */ + + if (sta->last_assoc_req) + free(sta->last_assoc_req); + sta->last_assoc_req = (struct ieee80211_mgmt *) malloc(len); + if (sta->last_assoc_req) + memcpy(sta->last_assoc_req, mgmt, len); + + /* Make sure that the previously registered inactivity timer will not + * remove the STA immediately. */ + sta->timeout_next = STA_NULLFUNC; + + fail: + + /* use the queued buffer for transmission because it is large enough + * and not needed anymore */ + mgmt->frame_control = + IEEE80211_FC(WLAN_FC_TYPE_MGMT, + (send_deauth ? WLAN_FC_STYPE_DEAUTH : + (reassoc ? WLAN_FC_STYPE_REASSOC_RESP : + WLAN_FC_STYPE_ASSOC_RESP))); + memcpy(mgmt->da, mgmt->sa, ETH_ALEN); + memcpy(mgmt->sa, hapd->own_addr, ETH_ALEN); + /* Addr3 = BSSID - already set */ + + send_len = IEEE80211_HDRLEN; + if (send_deauth) { + send_len += sizeof(mgmt->u.deauth); + mgmt->u.deauth.reason_code = host_to_le16(resp); + } else { + u8 *p; + send_len += sizeof(mgmt->u.assoc_resp); + mgmt->u.assoc_resp.capab_info = + host_to_le16(hostapd_own_capab_info(hapd, sta, 0)); + mgmt->u.assoc_resp.status_code = host_to_le16(resp); + mgmt->u.assoc_resp.aid = host_to_le16((sta ? sta->aid : 0) + | BIT(14) | BIT(15)); + /* Supported rates */ + p = hostapd_eid_supp_rates(hapd, mgmt->u.assoc_resp.variable); + /* Extended supported rates */ + p = hostapd_eid_ext_supp_rates(hapd, p); + if (sta->flags & WLAN_STA_WME) + p = hostapd_eid_wme(hapd, p); + send_len += p - mgmt->u.assoc_resp.variable; + + /* Request TX callback */ + mgmt->frame_control |= host_to_le16(BIT(1)); + } + + if (hostapd_send_mgmt_frame(hapd, mgmt, send_len, 0) < 0) + perror("handle_assoc: send"); +} + + +static void handle_assoc_resp(struct hostapd_data *hapd, + struct ieee80211_mgmt *mgmt, size_t len) +{ + u16 status_code, aid; + + if (hapd->assoc_ap_state != ASSOCIATE) { + printf("Unexpected association response received from " MACSTR + "\n", MAC2STR(mgmt->sa)); + return; + } + + if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.assoc_resp)) { + printf("handle_assoc_resp - too short payload (len=%lu)\n", + (unsigned long) len); + return; + } + + if (memcmp(mgmt->sa, hapd->conf->assoc_ap_addr, ETH_ALEN) != 0 || + memcmp(mgmt->bssid, hapd->conf->assoc_ap_addr, ETH_ALEN) != 0) { + printf("Received association response from unexpected address " + "(SA=" MACSTR " BSSID=" MACSTR "\n", + MAC2STR(mgmt->sa), MAC2STR(mgmt->bssid)); + return; + } + + status_code = le_to_host16(mgmt->u.assoc_resp.status_code); + aid = le_to_host16(mgmt->u.assoc_resp.aid); + aid &= ~(BIT(14) | BIT(15)); + + if (status_code != 0) { + printf("Association (as station) with AP " MACSTR " failed " + "(status_code=%d)\n", + MAC2STR(hapd->conf->assoc_ap_addr), status_code); + /* Try to authenticate again */ + hapd->assoc_ap_state = AUTHENTICATE; + eloop_register_timeout(5, 0, ieee802_11_sta_authenticate, + hapd, NULL); + } + + printf("Associated (as station) with AP " MACSTR " (aid=%d)\n", + MAC2STR(hapd->conf->assoc_ap_addr), aid); + hapd->assoc_ap_aid = aid; + hapd->assoc_ap_state = ASSOCIATED; + + if (hostapd_set_assoc_ap(hapd, hapd->conf->assoc_ap_addr)) { + printf("Could not set associated AP address to kernel " + "driver.\n"); + } +} + + +static void handle_disassoc(struct hostapd_data *hapd, + struct ieee80211_mgmt *mgmt, size_t len) +{ + struct sta_info *sta; + + if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.disassoc)) { + printf("handle_disassoc - too short payload (len=%lu)\n", + (unsigned long) len); + return; + } + + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "disassocation: STA=" MACSTR " reason_code=%d\n", + MAC2STR(mgmt->sa), + le_to_host16(mgmt->u.disassoc.reason_code)); + + if (hapd->assoc_ap_state != DO_NOT_ASSOC && + memcmp(mgmt->sa, hapd->conf->assoc_ap_addr, ETH_ALEN) == 0) { + printf("Assoc AP " MACSTR " sent disassociation " + "(reason_code=%d) - try to authenticate\n", + MAC2STR(hapd->conf->assoc_ap_addr), + le_to_host16(mgmt->u.disassoc.reason_code)); + hapd->assoc_ap_state = AUTHENTICATE; + ieee802_11_sta_authenticate(hapd, NULL); + eloop_register_timeout(0, 500000, ieee802_11_sta_authenticate, + hapd, NULL); + return; + } + + sta = ap_get_sta(hapd, mgmt->sa); + if (sta == NULL) { + printf("Station " MACSTR " trying to disassociate, but it " + "is not associated.\n", MAC2STR(mgmt->sa)); + return; + } + + sta->flags &= ~WLAN_STA_ASSOC; + wpa_auth_sm_event(sta->wpa_sm, WPA_DISASSOC); + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_INFO, "disassociated"); + sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST; + ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); + /* Stop Accounting and IEEE 802.1X sessions, but leave the STA + * authenticated. */ + accounting_sta_stop(hapd, sta); + ieee802_1x_free_station(sta); + hostapd_sta_remove(hapd, sta->addr); + + if (sta->timeout_next == STA_NULLFUNC || + sta->timeout_next == STA_DISASSOC) { + sta->timeout_next = STA_DEAUTH; + eloop_cancel_timeout(ap_handle_timer, hapd, sta); + eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer, + hapd, sta); + } + + mlme_disassociate_indication( + hapd, sta, le_to_host16(mgmt->u.disassoc.reason_code)); +} + + +static void handle_deauth(struct hostapd_data *hapd, + struct ieee80211_mgmt *mgmt, size_t len) +{ + struct sta_info *sta; + + if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.deauth)) { + printf("handle_deauth - too short payload (len=%lu)\n", + (unsigned long) len); + return; + } + + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "deauthentication: STA=" MACSTR " reason_code=%d\n", + MAC2STR(mgmt->sa), + le_to_host16(mgmt->u.deauth.reason_code)); + + if (hapd->assoc_ap_state != DO_NOT_ASSOC && + memcmp(mgmt->sa, hapd->conf->assoc_ap_addr, ETH_ALEN) == 0) { + printf("Assoc AP " MACSTR " sent deauthentication " + "(reason_code=%d) - try to authenticate\n", + MAC2STR(hapd->conf->assoc_ap_addr), + le_to_host16(mgmt->u.deauth.reason_code)); + hapd->assoc_ap_state = AUTHENTICATE; + eloop_register_timeout(0, 500000, ieee802_11_sta_authenticate, + hapd, NULL); + return; + } + + sta = ap_get_sta(hapd, mgmt->sa); + if (sta == NULL) { + printf("Station " MACSTR " trying to deauthenticate, but it " + "is not authenticated.\n", MAC2STR(mgmt->sa)); + return; + } + + sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC); + wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH); + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_DEBUG, "deauthenticated"); + mlme_deauthenticate_indication( + hapd, sta, le_to_host16(mgmt->u.deauth.reason_code)); + sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST; + ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); + ap_free_sta(hapd, sta); +} + + +static void handle_beacon(struct hostapd_data *hapd, + struct ieee80211_mgmt *mgmt, size_t len, + struct hostapd_frame_info *fi) +{ + struct ieee802_11_elems elems; + + if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.beacon)) { + printf("handle_beacon - too short payload (len=%lu)\n", + (unsigned long) len); + return; + } + + (void) ieee802_11_parse_elems(hapd, mgmt->u.beacon.variable, + len - (IEEE80211_HDRLEN + + sizeof(mgmt->u.beacon)), &elems, + 0); + + if (hapd->assoc_ap_state == WAIT_BEACON && + memcmp(mgmt->sa, hapd->conf->assoc_ap_addr, ETH_ALEN) == 0) { + if (elems.ssid && elems.ssid_len <= 32) { + memcpy(hapd->assoc_ap_ssid, elems.ssid, + elems.ssid_len); + hapd->assoc_ap_ssid[elems.ssid_len] = '\0'; + hapd->assoc_ap_ssid_len = elems.ssid_len; + } + ieee802_11_sta_authenticate(hapd, NULL); + } + + ap_list_process_beacon(hapd->iface, mgmt, &elems, fi); + + if (!HOSTAPD_DEBUG_COND(HOSTAPD_DEBUG_EXCESSIVE)) + return; + + printf("Beacon from " MACSTR, MAC2STR(mgmt->sa)); + if (elems.ssid) { + printf(" SSID='"); + ieee802_11_print_ssid(elems.ssid, elems.ssid_len); + printf("'"); + } + if (elems.ds_params && elems.ds_params_len == 1) + printf(" CHAN=%d", elems.ds_params[0]); + printf("\n"); +} + + +static void handle_action(struct hostapd_data *hapd, + struct ieee80211_mgmt *mgmt, size_t len) +{ + if (len < IEEE80211_HDRLEN + 1) { + hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_DEBUG, + "handle_action - too short payload (len=%lu)", + (unsigned long) len); + return; + } + + switch (mgmt->u.action.category) { + case WME_ACTION_CATEGORY: + hostapd_wme_action(hapd, mgmt, len); + return; + } + + hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_DEBUG, + "handle_action - unknown action category %d", + mgmt->u.action.category); + if (!(mgmt->da[0] & 0x01) && !(mgmt->u.action.category & 0x80) && + !(mgmt->sa[0] & 0x01)) { + /* + * IEEE 802.11-REVma/D9.0 - 7.3.1.11 + * Return the Action frame to the source without change + * except that MSB of the Category set to 1. + */ + wpa_printf(MSG_DEBUG, "IEEE 802.11: Return unknown Action " + "frame back to sender"); + os_memcpy(mgmt->da, mgmt->sa, ETH_ALEN); + os_memcpy(mgmt->sa, hapd->own_addr, ETH_ALEN); + os_memcpy(mgmt->bssid, hapd->own_addr, ETH_ALEN); + mgmt->u.action.category |= 0x80; + + hostapd_send_mgmt_frame(hapd, mgmt, len, 0); + } +} + + +/** + * ieee802_11_mgmt - process incoming IEEE 802.11 management frames + * @hapd: hostapd BSS data structure (the BSS to which the management frame was + * sent to) + * @buf: management frame data (starting from IEEE 802.11 header) + * @len: length of frame data in octets + * @stype: management frame subtype from frame control field + * + * Process all incoming IEEE 802.11 management frames. This will be called for + * each frame received from the kernel driver through wlan#ap interface. In + * addition, it can be called to re-inserted pending frames (e.g., when using + * external RADIUS server as an MAC ACL). + */ +void ieee802_11_mgmt(struct hostapd_data *hapd, u8 *buf, size_t len, u16 stype, + struct hostapd_frame_info *fi) +{ + struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) buf; + int broadcast; + + if (stype == WLAN_FC_STYPE_BEACON) { + HOSTAPD_DEBUG(HOSTAPD_DEBUG_EXCESSIVE, "mgmt::beacon\n"); + handle_beacon(hapd, mgmt, len, fi); + return; + } + + if (fi && fi->passive_scan) + return; + + broadcast = mgmt->bssid[0] == 0xff && mgmt->bssid[1] == 0xff && + mgmt->bssid[2] == 0xff && mgmt->bssid[3] == 0xff && + mgmt->bssid[4] == 0xff && mgmt->bssid[5] == 0xff; + + if (!broadcast && memcmp(mgmt->bssid, hapd->own_addr, ETH_ALEN) != 0 && + (hapd->assoc_ap_state == DO_NOT_ASSOC || + memcmp(mgmt->bssid, hapd->conf->assoc_ap_addr, ETH_ALEN) != 0)) { + printf("MGMT: BSSID=" MACSTR " not our address\n", + MAC2STR(mgmt->bssid)); + return; + } + + + if (stype == WLAN_FC_STYPE_PROBE_REQ) { + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MSGDUMPS, "mgmt::probe_req\n"); + handle_probe_req(hapd, mgmt, len); + return; + } + + if (memcmp(mgmt->da, hapd->own_addr, ETH_ALEN) != 0) { + hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_DEBUG, + "MGMT: DA=" MACSTR " not our address", + MAC2STR(mgmt->da)); + return; + } + + switch (stype) { + case WLAN_FC_STYPE_AUTH: + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "mgmt::auth\n"); + handle_auth(hapd, mgmt, len); + break; + case WLAN_FC_STYPE_ASSOC_REQ: + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "mgmt::assoc_req\n"); + handle_assoc(hapd, mgmt, len, 0); + break; + case WLAN_FC_STYPE_ASSOC_RESP: + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "mgmt::assoc_resp\n"); + handle_assoc_resp(hapd, mgmt, len); + break; + case WLAN_FC_STYPE_REASSOC_REQ: + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "mgmt::reassoc_req\n"); + handle_assoc(hapd, mgmt, len, 1); + break; + case WLAN_FC_STYPE_DISASSOC: + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "mgmt::disassoc\n"); + handle_disassoc(hapd, mgmt, len); + break; + case WLAN_FC_STYPE_DEAUTH: + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "mgmt::deauth\n"); + handle_deauth(hapd, mgmt, len); + break; + case WLAN_FC_STYPE_ACTION: + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "mgmt::action\n"); + handle_action(hapd, mgmt, len); + break; + default: + hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_DEBUG, + "unknown mgmt frame subtype %d", stype); + break; + } +} + + +static void handle_auth_cb(struct hostapd_data *hapd, + struct ieee80211_mgmt *mgmt, + size_t len, int ok) +{ + u16 auth_alg, auth_transaction, status_code; + struct sta_info *sta; + + if (!ok) { + hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_NOTICE, + "did not acknowledge authentication response"); + return; + } + + if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) { + printf("handle_auth_cb - too short payload (len=%lu)\n", + (unsigned long) len); + return; + } + + auth_alg = le_to_host16(mgmt->u.auth.auth_alg); + auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction); + status_code = le_to_host16(mgmt->u.auth.status_code); + + sta = ap_get_sta(hapd, mgmt->da); + if (!sta) { + printf("handle_auth_cb: STA " MACSTR " not found\n", + MAC2STR(mgmt->da)); + return; + } + + if (status_code == WLAN_STATUS_SUCCESS && + ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 2) || + (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 4))) { + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_INFO, "authenticated"); + sta->flags |= WLAN_STA_AUTH; + } +} + + +static void handle_assoc_cb(struct hostapd_data *hapd, + struct ieee80211_mgmt *mgmt, + size_t len, int reassoc, int ok) +{ + u16 status; + struct sta_info *sta; + int new_assoc = 1; + + if (!ok) { + hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_DEBUG, + "did not acknowledge association response"); + return; + } + + if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) : + sizeof(mgmt->u.assoc_req))) { + printf("handle_assoc_cb(reassoc=%d) - too short payload " + "(len=%lu)\n", reassoc, (unsigned long) len); + return; + } + + if (reassoc) + status = le_to_host16(mgmt->u.reassoc_resp.status_code); + else + status = le_to_host16(mgmt->u.assoc_resp.status_code); + + sta = ap_get_sta(hapd, mgmt->da); + if (!sta) { + printf("handle_assoc_cb: STA " MACSTR " not found\n", + MAC2STR(mgmt->da)); + return; + } + + if (status != WLAN_STATUS_SUCCESS) + goto fail; + + /* Stop previous accounting session, if one is started, and allocate + * new session id for the new session. */ + accounting_sta_stop(hapd, sta); + accounting_sta_get_id(hapd, sta); + + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_INFO, + "associated (aid %d, accounting session %08X-%08X)", + sta->aid, sta->acct_session_id_hi, + sta->acct_session_id_lo); + + if (sta->flags & WLAN_STA_ASSOC) + new_assoc = 0; + sta->flags |= WLAN_STA_ASSOC; + + if (reassoc) + mlme_reassociate_indication(hapd, sta); + else + mlme_associate_indication(hapd, sta); + + if (hostapd_sta_add(hapd->conf->iface, hapd, sta->addr, sta->aid, + sta->capability, sta->supported_rates, + sta->supported_rates_len, 0)) { + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_NOTICE, + "Could not add STA to kernel driver"); + } + + if (sta->eapol_sm == NULL) { + /* + * This STA does not use RADIUS server for EAP authentication, + * so bind it to the selected VLAN interface now, since the + * interface selection is not going to change anymore. + */ + ap_sta_bind_vlan(hapd, sta, 0); + } else if (sta->vlan_id) { + /* VLAN ID already set (e.g., by PMKSA caching), so bind STA */ + ap_sta_bind_vlan(hapd, sta, 0); + } + if (sta->flags & WLAN_STA_SHORT_PREAMBLE) { + hostapd_sta_set_flags(hapd, sta->addr, + WLAN_STA_SHORT_PREAMBLE, ~0); + } else { + hostapd_sta_set_flags(hapd, sta->addr, + 0, ~WLAN_STA_SHORT_PREAMBLE); + } + + wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC); + hostapd_new_assoc_sta(hapd, sta, !new_assoc); + + ieee802_1x_notify_port_enabled(sta->eapol_sm, 1); + + fail: + /* Copy of the association request is not needed anymore */ + if (sta->last_assoc_req) { + free(sta->last_assoc_req); + sta->last_assoc_req = NULL; + } +} + + +void ieee802_11_mgmt_cb(struct hostapd_data *hapd, u8 *buf, size_t len, + u16 stype, int ok) +{ + struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) buf; + + switch (stype) { + case WLAN_FC_STYPE_AUTH: + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "mgmt::auth cb\n"); + handle_auth_cb(hapd, mgmt, len, ok); + break; + case WLAN_FC_STYPE_ASSOC_RESP: + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "mgmt::assoc_resp cb\n"); + handle_assoc_cb(hapd, mgmt, len, 0, ok); + break; + case WLAN_FC_STYPE_REASSOC_RESP: + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "mgmt::reassoc_resp cb\n"); + handle_assoc_cb(hapd, mgmt, len, 1, ok); + break; + case WLAN_FC_STYPE_PROBE_RESP: + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "mgmt::proberesp cb\n"); + break; + default: + printf("unknown mgmt cb frame subtype %d\n", stype); + break; + } +} + + +static void ieee80211_tkip_countermeasures_stop(void *eloop_ctx, + void *timeout_ctx) +{ + struct hostapd_data *hapd = eloop_ctx; + hapd->tkip_countermeasures = 0; + hostapd_set_countermeasures(hapd, 0); + hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_INFO, "TKIP countermeasures ended"); +} + + +static void ieee80211_tkip_countermeasures_start(struct hostapd_data *hapd) +{ + struct sta_info *sta; + + hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_INFO, "TKIP countermeasures initiated"); + + wpa_auth_countermeasures_start(hapd->wpa_auth); + hapd->tkip_countermeasures = 1; + hostapd_set_countermeasures(hapd, 1); + wpa_gtk_rekey(hapd->wpa_auth); + eloop_cancel_timeout(ieee80211_tkip_countermeasures_stop, hapd, NULL); + eloop_register_timeout(60, 0, ieee80211_tkip_countermeasures_stop, + hapd, NULL); + for (sta = hapd->sta_list; sta != NULL; sta = sta->next) { + hostapd_sta_deauth(hapd, sta->addr, + WLAN_REASON_MICHAEL_MIC_FAILURE); + sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | + WLAN_STA_AUTHORIZED); + hostapd_sta_remove(hapd, sta->addr); + } +} + + +void ieee80211_michael_mic_failure(struct hostapd_data *hapd, const u8 *addr, + int local) +{ + time_t now; + + if (addr && local) { + struct sta_info *sta = ap_get_sta(hapd, addr); + if (sta != NULL) { + wpa_auth_sta_local_mic_failure_report(sta->wpa_sm); + hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_INFO, + "Michael MIC failure detected in " + "received frame"); + mlme_michaelmicfailure_indication(hapd, addr); + } else { + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "MLME-MICHAELMICFAILURE.indication " + "for not associated STA (" MACSTR + ") ignored\n", MAC2STR(addr)); + return; + } + } + + time(&now); + if (now > hapd->michael_mic_failure + 60) { + hapd->michael_mic_failures = 1; + } else { + hapd->michael_mic_failures++; + if (hapd->michael_mic_failures > 1) + ieee80211_tkip_countermeasures_start(hapd); + } + hapd->michael_mic_failure = now; +} + + +int ieee802_11_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen) +{ + /* TODO */ + return 0; +} + + +int ieee802_11_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta, + char *buf, size_t buflen) +{ + /* TODO */ + return 0; +} + +#endif /* CONFIG_NATIVE_WINDOWS */ diff --git a/contrib/hostapd-0.5.8/ieee802_11.h b/contrib/hostapd-0.5.8/ieee802_11.h new file mode 100644 index 0000000000..37bd711d01 --- /dev/null +++ b/contrib/hostapd-0.5.8/ieee802_11.h @@ -0,0 +1,333 @@ +/* + * hostapd / IEEE 802.11 Management + * Copyright (c) 2002-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef IEEE802_11_H +#define IEEE802_11_H + +/* IEEE 802.11 defines */ + +#define WLAN_FC_PVER (BIT(1) | BIT(0)) +#define WLAN_FC_TODS BIT(8) +#define WLAN_FC_FROMDS BIT(9) +#define WLAN_FC_MOREFRAG BIT(10) +#define WLAN_FC_RETRY BIT(11) +#define WLAN_FC_PWRMGT BIT(12) +#define WLAN_FC_MOREDATA BIT(13) +#define WLAN_FC_ISWEP BIT(14) +#define WLAN_FC_ORDER BIT(15) + +#define WLAN_FC_GET_TYPE(fc) (((fc) & (BIT(3) | BIT(2))) >> 2) +#define WLAN_FC_GET_STYPE(fc) \ + (((fc) & (BIT(7) | BIT(6) | BIT(5) | BIT(4))) >> 4) + +#define WLAN_GET_SEQ_FRAG(seq) ((seq) & (BIT(3) | BIT(2) | BIT(1) | BIT(0))) +#define WLAN_GET_SEQ_SEQ(seq) \ + (((seq) & (~(BIT(3) | BIT(2) | BIT(1) | BIT(0)))) >> 4) + +#define WLAN_FC_TYPE_MGMT 0 +#define WLAN_FC_TYPE_CTRL 1 +#define WLAN_FC_TYPE_DATA 2 + +/* management */ +#define WLAN_FC_STYPE_ASSOC_REQ 0 +#define WLAN_FC_STYPE_ASSOC_RESP 1 +#define WLAN_FC_STYPE_REASSOC_REQ 2 +#define WLAN_FC_STYPE_REASSOC_RESP 3 +#define WLAN_FC_STYPE_PROBE_REQ 4 +#define WLAN_FC_STYPE_PROBE_RESP 5 +#define WLAN_FC_STYPE_BEACON 8 +#define WLAN_FC_STYPE_ATIM 9 +#define WLAN_FC_STYPE_DISASSOC 10 +#define WLAN_FC_STYPE_AUTH 11 +#define WLAN_FC_STYPE_DEAUTH 12 +#define WLAN_FC_STYPE_ACTION 13 + +/* control */ +#define WLAN_FC_STYPE_PSPOLL 10 +#define WLAN_FC_STYPE_RTS 11 +#define WLAN_FC_STYPE_CTS 12 +#define WLAN_FC_STYPE_ACK 13 +#define WLAN_FC_STYPE_CFEND 14 +#define WLAN_FC_STYPE_CFENDACK 15 + +/* data */ +#define WLAN_FC_STYPE_DATA 0 +#define WLAN_FC_STYPE_DATA_CFACK 1 +#define WLAN_FC_STYPE_DATA_CFPOLL 2 +#define WLAN_FC_STYPE_DATA_CFACKPOLL 3 +#define WLAN_FC_STYPE_NULLFUNC 4 +#define WLAN_FC_STYPE_CFACK 5 +#define WLAN_FC_STYPE_CFPOLL 6 +#define WLAN_FC_STYPE_CFACKPOLL 7 +#define WLAN_FC_STYPE_QOS_DATA 8 + +/* Authentication algorithms */ +#define WLAN_AUTH_OPEN 0 +#define WLAN_AUTH_SHARED_KEY 1 + +#define WLAN_AUTH_CHALLENGE_LEN 128 + +#define WLAN_CAPABILITY_ESS BIT(0) +#define WLAN_CAPABILITY_IBSS BIT(1) +#define WLAN_CAPABILITY_CF_POLLABLE BIT(2) +#define WLAN_CAPABILITY_CF_POLL_REQUEST BIT(3) +#define WLAN_CAPABILITY_PRIVACY BIT(4) +#define WLAN_CAPABILITY_SHORT_PREAMBLE BIT(5) +#define WLAN_CAPABILITY_PBCC BIT(6) +#define WLAN_CAPABILITY_CHANNEL_AGILITY BIT(7) +#define WLAN_CAPABILITY_SPECTRUM_MGMT BIT(8) +#define WLAN_CAPABILITY_SHORT_SLOT_TIME BIT(10) +#define WLAN_CAPABILITY_DSSS_OFDM BIT(13) + +/* Status codes */ +#define WLAN_STATUS_SUCCESS 0 +#define WLAN_STATUS_UNSPECIFIED_FAILURE 1 +#define WLAN_STATUS_CAPS_UNSUPPORTED 10 +#define WLAN_STATUS_REASSOC_NO_ASSOC 11 +#define WLAN_STATUS_ASSOC_DENIED_UNSPEC 12 +#define WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG 13 +#define WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION 14 +#define WLAN_STATUS_CHALLENGE_FAIL 15 +#define WLAN_STATUS_AUTH_TIMEOUT 16 +#define WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA 17 +#define WLAN_STATUS_ASSOC_DENIED_RATES 18 +/* IEEE 802.11b */ +#define WLAN_STATUS_ASSOC_DENIED_NOSHORT 19 +#define WLAN_STATUS_ASSOC_DENIED_NOPBCC 20 +#define WLAN_STATUS_ASSOC_DENIED_NOAGILITY 21 +/* IEEE 802.11h */ +#define WLAN_STATUS_SPEC_MGMT_REQUIRED 22 +#define WLAN_STATUS_PWR_CAPABILITY_NOT_VALID 23 +#define WLAN_STATUS_SUPPORTED_CHANNEL_NOT_VALID 24 +/* IEEE 802.11i */ +#define WLAN_STATUS_INVALID_IE 40 +#define WLAN_STATUS_GROUP_CIPHER_NOT_VALID 41 +#define WLAN_STATUS_PAIRWISE_CIPHER_NOT_VALID 42 +#define WLAN_STATUS_AKMP_NOT_VALID 43 +#define WLAN_STATUS_UNSUPPORTED_RSN_IE_VERSION 44 +#define WLAN_STATUS_INVALID_RSN_IE_CAPAB 45 +#define WLAN_STATUS_CIPHER_REJECTED_PER_POLICY 46 + +/* Reason codes */ +#define WLAN_REASON_UNSPECIFIED 1 +#define WLAN_REASON_PREV_AUTH_NOT_VALID 2 +#define WLAN_REASON_DEAUTH_LEAVING 3 +#define WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY 4 +#define WLAN_REASON_DISASSOC_AP_BUSY 5 +#define WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA 6 +#define WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA 7 +#define WLAN_REASON_DISASSOC_STA_HAS_LEFT 8 +#define WLAN_REASON_STA_REQ_ASSOC_WITHOUT_AUTH 9 +/* IEEE 802.11i */ +#define WLAN_REASON_INVALID_IE 13 +#define WLAN_REASON_MICHAEL_MIC_FAILURE 14 +#define WLAN_REASON_4WAY_HANDSHAKE_TIMEOUT 15 +#define WLAN_REASON_GROUP_KEY_UPDATE_TIMEOUT 16 +#define WLAN_REASON_IE_IN_4WAY_DIFFERS 17 +#define WLAN_REASON_GROUP_CIPHER_NOT_VALID 18 +#define WLAN_REASON_PAIRWISE_CIPHER_NOT_VALID 19 +#define WLAN_REASON_AKMP_NOT_VALID 20 +#define WLAN_REASON_UNSUPPORTED_RSN_IE_VERSION 21 +#define WLAN_REASON_INVALID_RSN_IE_CAPAB 22 +#define WLAN_REASON_IEEE_802_1X_AUTH_FAILED 23 +#define WLAN_REASON_CIPHER_SUITE_REJECTED 24 + + +/* Information Element IDs */ +#define WLAN_EID_SSID 0 +#define WLAN_EID_SUPP_RATES 1 +#define WLAN_EID_FH_PARAMS 2 +#define WLAN_EID_DS_PARAMS 3 +#define WLAN_EID_CF_PARAMS 4 +#define WLAN_EID_TIM 5 +#define WLAN_EID_IBSS_PARAMS 6 +#define WLAN_EID_COUNTRY 7 +#define WLAN_EID_CHALLENGE 16 +/* EIDs defined by IEEE 802.11h - START */ +#define WLAN_EID_PWR_CONSTRAINT 32 +#define WLAN_EID_PWR_CAPABILITY 33 +#define WLAN_EID_TPC_REQUEST 34 +#define WLAN_EID_TPC_REPORT 35 +#define WLAN_EID_SUPPORTED_CHANNELS 36 +#define WLAN_EID_CHANNEL_SWITCH 37 +#define WLAN_EID_MEASURE_REQUEST 38 +#define WLAN_EID_MEASURE_REPORT 39 +#define WLAN_EID_QUITE 40 +#define WLAN_EID_IBSS_DFS 41 +/* EIDs defined by IEEE 802.11h - END */ +#define WLAN_EID_ERP_INFO 42 +#define WLAN_EID_RSN 48 +#define WLAN_EID_EXT_SUPP_RATES 50 +#define WLAN_EID_GENERIC 221 +#define WLAN_EID_VENDOR_SPECIFIC 221 + + +struct ieee80211_mgmt { + u16 frame_control; + u16 duration; + u8 da[6]; + u8 sa[6]; + u8 bssid[6]; + u16 seq_ctrl; + union { + struct { + u16 auth_alg; + u16 auth_transaction; + u16 status_code; + /* possibly followed by Challenge text */ + u8 variable[0]; + } __attribute__ ((packed)) auth; + struct { + u16 reason_code; + } __attribute__ ((packed)) deauth; + struct { + u16 capab_info; + u16 listen_interval; + /* followed by SSID and Supported rates */ + u8 variable[0]; + } __attribute__ ((packed)) assoc_req; + struct { + u16 capab_info; + u16 status_code; + u16 aid; + /* followed by Supported rates */ + u8 variable[0]; + } __attribute__ ((packed)) assoc_resp, reassoc_resp; + struct { + u16 capab_info; + u16 listen_interval; + u8 current_ap[6]; + /* followed by SSID and Supported rates */ + u8 variable[0]; + } __attribute__ ((packed)) reassoc_req; + struct { + u16 reason_code; + } __attribute__ ((packed)) disassoc; + struct { + /* only variable items: SSID, Supported rates */ + u8 variable[0]; + } __attribute__ ((packed)) probe_req; + struct { + u8 timestamp[8]; + u16 beacon_int; + u16 capab_info; + /* followed by some of SSID, Supported rates, + * FH Params, DS Params, CF Params, IBSS Params */ + u8 variable[0]; + } __attribute__ ((packed)) probe_resp; + struct { + u8 timestamp[8]; + u16 beacon_int; + u16 capab_info; + /* followed by some of SSID, Supported rates, + * FH Params, DS Params, CF Params, IBSS Params, TIM */ + u8 variable[0]; + } __attribute__ ((packed)) beacon; + struct { + u8 category; + union { + struct { + u8 action_code; + u8 dialog_token; + u8 status_code; + u8 variable[0]; + } __attribute__ ((packed)) wme_action; + struct{ + u8 action_code; + u8 element_id; + u8 length; + u8 switch_mode; + u8 new_chan; + u8 switch_count; + } __attribute__ ((packed)) chan_switch; + } u; + } __attribute__ ((packed)) action; + } u; +} __attribute__ ((packed)); + + +#define ERP_INFO_NON_ERP_PRESENT BIT(0) +#define ERP_INFO_USE_PROTECTION BIT(1) +#define ERP_INFO_BARKER_PREAMBLE_MODE BIT(2) + +/* Parsed Information Elements */ +struct ieee802_11_elems { + u8 *ssid; + u8 ssid_len; + u8 *supp_rates; + u8 supp_rates_len; + u8 *fh_params; + u8 fh_params_len; + u8 *ds_params; + u8 ds_params_len; + u8 *cf_params; + u8 cf_params_len; + u8 *tim; + u8 tim_len; + u8 *ibss_params; + u8 ibss_params_len; + u8 *challenge; + u8 challenge_len; + u8 *erp_info; + u8 erp_info_len; + u8 *ext_supp_rates; + u8 ext_supp_rates_len; + u8 *wpa_ie; + u8 wpa_ie_len; + u8 *rsn_ie; + u8 rsn_ie_len; + u8 *wme; + u8 wme_len; + u8 *wme_tspec; + u8 wme_tspec_len; + u8 *power_cap; + u8 power_cap_len; + u8 *supp_channels; + u8 supp_channels_len; +}; + +typedef enum { ParseOK = 0, ParseUnknown = 1, ParseFailed = -1 } ParseRes; + + +struct hostapd_frame_info { + u32 phytype; + u32 channel; + u32 datarate; + u32 ssi_signal; + + unsigned int passive_scan:1; +}; + + +void ieee802_11_send_deauth(struct hostapd_data *hapd, u8 *addr, u16 reason); +void ieee802_11_mgmt(struct hostapd_data *hapd, u8 *buf, size_t len, + u16 stype, struct hostapd_frame_info *fi); +void ieee802_11_mgmt_cb(struct hostapd_data *hapd, u8 *buf, size_t len, + u16 stype, int ok); +ParseRes ieee802_11_parse_elems(struct hostapd_data *hapd, u8 *start, + size_t len, + struct ieee802_11_elems *elems, + int show_errors); +void ieee802_11_print_ssid(const u8 *ssid, u8 len); +void ieee80211_michael_mic_failure(struct hostapd_data *hapd, const u8 *addr, + int local); +int ieee802_11_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen); +int ieee802_11_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta, + char *buf, size_t buflen); +u16 hostapd_own_capab_info(struct hostapd_data *hapd, struct sta_info *sta, + int probe); +u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid); +u8 * hostapd_eid_ext_supp_rates(struct hostapd_data *hapd, u8 *eid); + +#endif /* IEEE802_11_H */ diff --git a/contrib/hostapd-0.5.8/ieee802_11_auth.c b/contrib/hostapd-0.5.8/ieee802_11_auth.c new file mode 100644 index 0000000000..16a8517102 --- /dev/null +++ b/contrib/hostapd-0.5.8/ieee802_11_auth.c @@ -0,0 +1,473 @@ +/* + * hostapd / IEEE 802.11 authentication (ACL) + * Copyright (c) 2003-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#ifndef CONFIG_NATIVE_WINDOWS + +#include "hostapd.h" +#include "ieee802_11.h" +#include "ieee802_11_auth.h" +#include "radius.h" +#include "radius_client.h" +#include "eloop.h" + +#define RADIUS_ACL_TIMEOUT 30 + + +struct hostapd_cached_radius_acl { + time_t timestamp; + macaddr addr; + int accepted; /* HOSTAPD_ACL_* */ + struct hostapd_cached_radius_acl *next; + u32 session_timeout; + u32 acct_interim_interval; + int vlan_id; +}; + + +struct hostapd_acl_query_data { + time_t timestamp; + u8 radius_id; + macaddr addr; + u8 *auth_msg; /* IEEE 802.11 authentication frame from station */ + size_t auth_msg_len; + struct hostapd_acl_query_data *next; +}; + + +static void hostapd_acl_cache_free(struct hostapd_cached_radius_acl *acl_cache) +{ + struct hostapd_cached_radius_acl *prev; + + while (acl_cache) { + prev = acl_cache; + acl_cache = acl_cache->next; + free(prev); + } +} + + +static int hostapd_acl_cache_get(struct hostapd_data *hapd, const u8 *addr, + u32 *session_timeout, + u32 *acct_interim_interval, int *vlan_id) +{ + struct hostapd_cached_radius_acl *entry; + time_t now; + + time(&now); + entry = hapd->acl_cache; + + while (entry) { + if (memcmp(entry->addr, addr, ETH_ALEN) == 0) { + if (now - entry->timestamp > RADIUS_ACL_TIMEOUT) + return -1; /* entry has expired */ + if (entry->accepted == HOSTAPD_ACL_ACCEPT_TIMEOUT) + *session_timeout = entry->session_timeout; + *acct_interim_interval = entry->acct_interim_interval; + if (vlan_id) + *vlan_id = entry->vlan_id; + return entry->accepted; + } + + entry = entry->next; + } + + return -1; +} + + +static void hostapd_acl_query_free(struct hostapd_acl_query_data *query) +{ + if (query == NULL) + return; + free(query->auth_msg); + free(query); +} + + +static int hostapd_radius_acl_query(struct hostapd_data *hapd, const u8 *addr, + struct hostapd_acl_query_data *query) +{ + struct radius_msg *msg; + char buf[128]; + + query->radius_id = radius_client_get_id(hapd->radius); + msg = radius_msg_new(RADIUS_CODE_ACCESS_REQUEST, query->radius_id); + if (msg == NULL) + return -1; + + radius_msg_make_authenticator(msg, addr, ETH_ALEN); + + snprintf(buf, sizeof(buf), RADIUS_ADDR_FORMAT, MAC2STR(addr)); + if (!radius_msg_add_attr(msg, RADIUS_ATTR_USER_NAME, (u8 *) buf, + strlen(buf))) { + printf("Could not add User-Name\n"); + goto fail; + } + + if (!radius_msg_add_attr_user_password( + msg, (u8 *) buf, strlen(buf), + hapd->conf->radius->auth_server->shared_secret, + hapd->conf->radius->auth_server->shared_secret_len)) { + printf("Could not add User-Password\n"); + goto fail; + } + + if (hapd->conf->own_ip_addr.af == AF_INET && + !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IP_ADDRESS, + (u8 *) &hapd->conf->own_ip_addr.u.v4, 4)) { + printf("Could not add NAS-IP-Address\n"); + goto fail; + } + +#ifdef CONFIG_IPV6 + if (hapd->conf->own_ip_addr.af == AF_INET6 && + !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IPV6_ADDRESS, + (u8 *) &hapd->conf->own_ip_addr.u.v6, 16)) { + printf("Could not add NAS-IPv6-Address\n"); + goto fail; + } +#endif /* CONFIG_IPV6 */ + + if (hapd->conf->nas_identifier && + !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IDENTIFIER, + (u8 *) hapd->conf->nas_identifier, + strlen(hapd->conf->nas_identifier))) { + printf("Could not add NAS-Identifier\n"); + goto fail; + } + + snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT ":%s", + MAC2STR(hapd->own_addr), hapd->conf->ssid.ssid); + if (!radius_msg_add_attr(msg, RADIUS_ATTR_CALLED_STATION_ID, + (u8 *) buf, strlen(buf))) { + printf("Could not add Called-Station-Id\n"); + goto fail; + } + + snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT, + MAC2STR(addr)); + if (!radius_msg_add_attr(msg, RADIUS_ATTR_CALLING_STATION_ID, + (u8 *) buf, strlen(buf))) { + printf("Could not add Calling-Station-Id\n"); + goto fail; + } + + if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_NAS_PORT_TYPE, + RADIUS_NAS_PORT_TYPE_IEEE_802_11)) { + printf("Could not add NAS-Port-Type\n"); + goto fail; + } + + snprintf(buf, sizeof(buf), "CONNECT 11Mbps 802.11b"); + if (!radius_msg_add_attr(msg, RADIUS_ATTR_CONNECT_INFO, + (u8 *) buf, strlen(buf))) { + printf("Could not add Connect-Info\n"); + goto fail; + } + + radius_client_send(hapd->radius, msg, RADIUS_AUTH, addr); + return 0; + + fail: + radius_msg_free(msg); + free(msg); + return -1; +} + + +int hostapd_allowed_address(struct hostapd_data *hapd, const u8 *addr, + const u8 *msg, size_t len, u32 *session_timeout, + u32 *acct_interim_interval, int *vlan_id) +{ + *session_timeout = 0; + *acct_interim_interval = 0; + if (vlan_id) + *vlan_id = 0; + + if (hostapd_maclist_found(hapd->conf->accept_mac, + hapd->conf->num_accept_mac, addr)) + return HOSTAPD_ACL_ACCEPT; + + if (hostapd_maclist_found(hapd->conf->deny_mac, + hapd->conf->num_deny_mac, addr)) + return HOSTAPD_ACL_REJECT; + + if (hapd->conf->macaddr_acl == ACCEPT_UNLESS_DENIED) + return HOSTAPD_ACL_ACCEPT; + if (hapd->conf->macaddr_acl == DENY_UNLESS_ACCEPTED) + return HOSTAPD_ACL_REJECT; + + if (hapd->conf->macaddr_acl == USE_EXTERNAL_RADIUS_AUTH) { + struct hostapd_acl_query_data *query; + + /* Check whether ACL cache has an entry for this station */ + int res = hostapd_acl_cache_get(hapd, addr, session_timeout, + acct_interim_interval, + vlan_id); + if (res == HOSTAPD_ACL_ACCEPT || + res == HOSTAPD_ACL_ACCEPT_TIMEOUT) + return res; + if (res == HOSTAPD_ACL_REJECT) + return HOSTAPD_ACL_REJECT; + + query = hapd->acl_queries; + while (query) { + if (memcmp(query->addr, addr, ETH_ALEN) == 0) { + /* pending query in RADIUS retransmit queue; + * do not generate a new one */ + return HOSTAPD_ACL_PENDING; + } + query = query->next; + } + + if (!hapd->conf->radius->auth_server) + return HOSTAPD_ACL_REJECT; + + /* No entry in the cache - query external RADIUS server */ + query = wpa_zalloc(sizeof(*query)); + if (query == NULL) { + printf("malloc for query data failed\n"); + return HOSTAPD_ACL_REJECT; + } + time(&query->timestamp); + memcpy(query->addr, addr, ETH_ALEN); + if (hostapd_radius_acl_query(hapd, addr, query)) { + printf("Failed to send Access-Request for ACL " + "query.\n"); + hostapd_acl_query_free(query); + return HOSTAPD_ACL_REJECT; + } + + query->auth_msg = malloc(len); + if (query->auth_msg == NULL) { + printf("Failed to allocate memory for auth frame.\n"); + hostapd_acl_query_free(query); + return HOSTAPD_ACL_REJECT; + } + memcpy(query->auth_msg, msg, len); + query->auth_msg_len = len; + query->next = hapd->acl_queries; + hapd->acl_queries = query; + + /* Queued data will be processed in hostapd_acl_recv_radius() + * when RADIUS server replies to the sent Access-Request. */ + return HOSTAPD_ACL_PENDING; + } + + return HOSTAPD_ACL_REJECT; +} + + +static void hostapd_acl_expire_cache(struct hostapd_data *hapd, time_t now) +{ + struct hostapd_cached_radius_acl *prev, *entry, *tmp; + + prev = NULL; + entry = hapd->acl_cache; + + while (entry) { + if (now - entry->timestamp > RADIUS_ACL_TIMEOUT) { + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "Cached ACL entry for " MACSTR + " has expired.\n", MAC2STR(entry->addr)); + if (prev) + prev->next = entry->next; + else + hapd->acl_cache = entry->next; + + tmp = entry; + entry = entry->next; + free(tmp); + continue; + } + + prev = entry; + entry = entry->next; + } +} + + +static void hostapd_acl_expire_queries(struct hostapd_data *hapd, time_t now) +{ + struct hostapd_acl_query_data *prev, *entry, *tmp; + + prev = NULL; + entry = hapd->acl_queries; + + while (entry) { + if (now - entry->timestamp > RADIUS_ACL_TIMEOUT) { + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "ACL query for " MACSTR + " has expired.\n", MAC2STR(entry->addr)); + if (prev) + prev->next = entry->next; + else + hapd->acl_queries = entry->next; + + tmp = entry; + entry = entry->next; + hostapd_acl_query_free(tmp); + continue; + } + + prev = entry; + entry = entry->next; + } +} + + +static void hostapd_acl_expire(void *eloop_ctx, void *timeout_ctx) +{ + struct hostapd_data *hapd = eloop_ctx; + time_t now; + + time(&now); + hostapd_acl_expire_cache(hapd, now); + hostapd_acl_expire_queries(hapd, now); + + eloop_register_timeout(10, 0, hostapd_acl_expire, hapd, NULL); +} + + +/* Return 0 if RADIUS message was a reply to ACL query (and was processed here) + * or -1 if not. */ +static RadiusRxResult +hostapd_acl_recv_radius(struct radius_msg *msg, struct radius_msg *req, + u8 *shared_secret, size_t shared_secret_len, + void *data) +{ + struct hostapd_data *hapd = data; + struct hostapd_acl_query_data *query, *prev; + struct hostapd_cached_radius_acl *cache; + + query = hapd->acl_queries; + prev = NULL; + while (query) { + if (query->radius_id == msg->hdr->identifier) + break; + prev = query; + query = query->next; + } + if (query == NULL) + return RADIUS_RX_UNKNOWN; + + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "Found matching Access-Request " + "for RADIUS message (id=%d)\n", query->radius_id); + + if (radius_msg_verify(msg, shared_secret, shared_secret_len, req, 0)) { + printf("Incoming RADIUS packet did not have correct " + "authenticator - dropped\n"); + return RADIUS_RX_INVALID_AUTHENTICATOR; + } + + if (msg->hdr->code != RADIUS_CODE_ACCESS_ACCEPT && + msg->hdr->code != RADIUS_CODE_ACCESS_REJECT) { + printf("Unknown RADIUS message code %d to ACL query\n", + msg->hdr->code); + return RADIUS_RX_UNKNOWN; + } + + /* Insert Accept/Reject info into ACL cache */ + cache = wpa_zalloc(sizeof(*cache)); + if (cache == NULL) { + printf("Failed to add ACL cache entry\n"); + goto done; + } + time(&cache->timestamp); + memcpy(cache->addr, query->addr, sizeof(cache->addr)); + if (msg->hdr->code == RADIUS_CODE_ACCESS_ACCEPT) { + if (radius_msg_get_attr_int32(msg, RADIUS_ATTR_SESSION_TIMEOUT, + &cache->session_timeout) == 0) + cache->accepted = HOSTAPD_ACL_ACCEPT_TIMEOUT; + else + cache->accepted = HOSTAPD_ACL_ACCEPT; + + if (radius_msg_get_attr_int32( + msg, RADIUS_ATTR_ACCT_INTERIM_INTERVAL, + &cache->acct_interim_interval) == 0 && + cache->acct_interim_interval < 60) { + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "Ignored too " + "small Acct-Interim-Interval %d for " + "STA " MACSTR "\n", + cache->acct_interim_interval, + MAC2STR(query->addr)); + cache->acct_interim_interval = 0; + } + + cache->vlan_id = radius_msg_get_vlanid(msg); + } else + cache->accepted = HOSTAPD_ACL_REJECT; + cache->next = hapd->acl_cache; + hapd->acl_cache = cache; + + /* Re-send original authentication frame for 802.11 processing */ + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "Re-sending authentication frame " + "after successful RADIUS ACL query\n"); + ieee802_11_mgmt(hapd, query->auth_msg, query->auth_msg_len, + WLAN_FC_STYPE_AUTH, NULL); + + done: + if (prev == NULL) + hapd->acl_queries = query->next; + else + prev->next = query->next; + + hostapd_acl_query_free(query); + + return RADIUS_RX_PROCESSED; +} + + +int hostapd_acl_init(struct hostapd_data *hapd) +{ + if (radius_client_register(hapd->radius, RADIUS_AUTH, + hostapd_acl_recv_radius, hapd)) + return -1; + + eloop_register_timeout(10, 0, hostapd_acl_expire, hapd, NULL); + + return 0; +} + + +void hostapd_acl_deinit(struct hostapd_data *hapd) +{ + struct hostapd_acl_query_data *query, *prev; + + eloop_cancel_timeout(hostapd_acl_expire, hapd, NULL); + + hostapd_acl_cache_free(hapd->acl_cache); + + query = hapd->acl_queries; + while (query) { + prev = query; + query = query->next; + hostapd_acl_query_free(prev); + } +} + + +int hostapd_acl_reconfig(struct hostapd_data *hapd, + struct hostapd_config *oldconf) +{ + if (!hapd->radius_client_reconfigured) + return 0; + + hostapd_acl_deinit(hapd); + return hostapd_acl_init(hapd); +} + +#endif /* CONFIG_NATIVE_WINDOWS */ diff --git a/contrib/hostapd-0.5.8/ieee802_11_auth.h b/contrib/hostapd-0.5.8/ieee802_11_auth.h new file mode 100644 index 0000000000..0eed825e29 --- /dev/null +++ b/contrib/hostapd-0.5.8/ieee802_11_auth.h @@ -0,0 +1,33 @@ +/* + * hostapd / IEEE 802.11 authentication (ACL) + * Copyright (c) 2003-2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef IEEE802_11_AUTH_H +#define IEEE802_11_AUTH_H + +enum { + HOSTAPD_ACL_REJECT = 0, + HOSTAPD_ACL_ACCEPT = 1, + HOSTAPD_ACL_PENDING = 2, + HOSTAPD_ACL_ACCEPT_TIMEOUT = 3 +}; + +int hostapd_allowed_address(struct hostapd_data *hapd, const u8 *addr, + const u8 *msg, size_t len, u32 *session_timeout, + u32 *acct_interim_interval, int *vlan_id); +int hostapd_acl_init(struct hostapd_data *hapd); +void hostapd_acl_deinit(struct hostapd_data *hapd); +int hostapd_acl_reconfig(struct hostapd_data *hapd, + struct hostapd_config *oldconf); + +#endif /* IEEE802_11_AUTH_H */ diff --git a/contrib/hostapd-0.5.8/ieee802_11h.c b/contrib/hostapd-0.5.8/ieee802_11h.c new file mode 100644 index 0000000000..215e377da5 --- /dev/null +++ b/contrib/hostapd-0.5.8/ieee802_11h.c @@ -0,0 +1,34 @@ +/* + * hostapd / IEEE 802.11h + * Copyright (c) 2005-2006, Devicescape Software, Inc. + * Copyright (c) 2007, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "hostapd.h" + + +int hostapd_check_power_cap(struct hostapd_data *hapd, u8 *power, u8 len) +{ + unsigned int max_pwr; + + if (len < 2) { + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "Too short power capability IE\n"); + return -1; + } + max_pwr = power[1]; + if (max_pwr > hapd->iface->sta_max_power) + return -1; + return 0; +} diff --git a/contrib/hostapd-0.5.8/ieee802_11h.h b/contrib/hostapd-0.5.8/ieee802_11h.h new file mode 100644 index 0000000000..b2bd5497f8 --- /dev/null +++ b/contrib/hostapd-0.5.8/ieee802_11h.h @@ -0,0 +1,27 @@ +/* + * hostapd / IEEE 802.11h + * Copyright (c) 2005-2006, Devicescape Software, Inc. + * Copyright (c) 2007, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef IEEE802_11H_H +#define IEEE802_11H_H + +#define SPECT_LOOSE_BINDING 1 +#define SPECT_STRICT_BINDING 2 + +#define CHAN_SWITCH_MODE_NOISY 0 +#define CHAN_SWITCH_MODE_QUIET 1 + +int hostapd_check_power_cap(struct hostapd_data *hapd, u8 *power, u8 len); + +#endif /* IEEE802_11H_H */ diff --git a/contrib/hostapd-0.5.8/ieee802_1x.c b/contrib/hostapd-0.5.8/ieee802_1x.c new file mode 100644 index 0000000000..a7c7264096 --- /dev/null +++ b/contrib/hostapd-0.5.8/ieee802_1x.c @@ -0,0 +1,2008 @@ +/* + * hostapd / IEEE 802.1X Authenticator + * Copyright (c) 2002-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" +#include + +#include "hostapd.h" +#include "ieee802_1x.h" +#include "accounting.h" +#include "radius.h" +#include "radius_client.h" +#include "eapol_sm.h" +#include "md5.h" +#include "rc4.h" +#include "eloop.h" +#include "sta_info.h" +#include "wpa.h" +#include "preauth.h" +#include "pmksa_cache.h" +#include "driver.h" +#include "hw_features.h" +#include "eap.h" + + +static void ieee802_1x_new_auth_session(struct hostapd_data *hapd, + struct sta_info *sta); + + +static void ieee802_1x_send(struct hostapd_data *hapd, struct sta_info *sta, + u8 type, u8 *data, size_t datalen) +{ + u8 *buf; + struct ieee802_1x_hdr *xhdr; + size_t len; + int encrypt = 0; + + len = sizeof(*xhdr) + datalen; + buf = wpa_zalloc(len); + if (buf == NULL) { + printf("malloc() failed for ieee802_1x_send(len=%lu)\n", + (unsigned long) len); + return; + } + +#if 0 + /* TODO: + * According to IEEE 802.1aa/D4 EAPOL-Key should be sent before any + * remaining EAP frames, if possible. This would allow rest of the + * frames to be encrypted. This code could be used to request + * encryption from the kernel driver. */ + if (sta->eapol_sm && + sta->eapol_sm->be_auth.state == BE_AUTH_SUCCESS && + sta->eapol_sm->keyTxEnabled) + encrypt = 1; +#endif + + xhdr = (struct ieee802_1x_hdr *) buf; + xhdr->version = hapd->conf->eapol_version; + xhdr->type = type; + xhdr->length = htons(datalen); + + if (datalen > 0 && data != NULL) + memcpy(xhdr + 1, data, datalen); + + if (wpa_auth_pairwise_set(sta->wpa_sm)) + encrypt = 1; + if (sta->flags & WLAN_STA_PREAUTH) { + rsn_preauth_send(hapd, sta, buf, len); + } else { + hostapd_send_eapol(hapd, sta->addr, buf, len, encrypt); + } + + free(buf); +} + + +void ieee802_1x_set_sta_authorized(struct hostapd_data *hapd, + struct sta_info *sta, int authorized) +{ + int res; + + if (sta->flags & WLAN_STA_PREAUTH) + return; + + if (authorized) { + sta->flags |= WLAN_STA_AUTHORIZED; + res = hostapd_sta_set_flags(hapd, sta->addr, + WLAN_STA_AUTHORIZED, ~0); + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X, + HOSTAPD_LEVEL_DEBUG, "authorizing port"); + } else { + sta->flags &= ~WLAN_STA_AUTHORIZED; + res = hostapd_sta_set_flags(hapd, sta->addr, + 0, ~WLAN_STA_AUTHORIZED); + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X, + HOSTAPD_LEVEL_DEBUG, "unauthorizing port"); + } + + if (res && errno != ENOENT) { + printf("Could not set station " MACSTR " flags for kernel " + "driver (errno=%d).\n", MAC2STR(sta->addr), errno); + } + + if (authorized) + accounting_sta_start(hapd, sta); +} + + +static void ieee802_1x_eap_timeout(void *eloop_ctx, void *timeout_ctx) +{ + struct sta_info *sta = eloop_ctx; + struct eapol_state_machine *sm = sta->eapol_sm; + if (sm == NULL) + return; + hostapd_logger(sm->hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X, + HOSTAPD_LEVEL_DEBUG, "EAP timeout"); + sm->eapTimeout = TRUE; + eapol_sm_step(sm); +} + + +void ieee802_1x_request_identity(struct hostapd_data *hapd, + struct sta_info *sta) +{ + u8 *buf; + struct eap_hdr *eap; + int tlen; + u8 *pos; + struct eapol_state_machine *sm = sta->eapol_sm; + + if (hapd->conf->eap_server) { + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "IEEE 802.1X: Integrated EAP server in " + "use - do not generate EAP-Request/Identity\n"); + return; + } + + if (sm == NULL || !sm->eapRestart) + return; + + ieee802_1x_new_auth_session(hapd, sta); + + tlen = sizeof(*eap) + 1 + hapd->conf->eap_req_id_text_len; + + buf = wpa_zalloc(tlen); + if (buf == NULL) { + printf("Could not allocate memory for identity request\n"); + return; + } + + eap = (struct eap_hdr *) buf; + eap->code = EAP_CODE_REQUEST; + eap->identifier = ++sm->currentId; + eap->length = htons(tlen); + pos = (u8 *) (eap + 1); + *pos++ = EAP_TYPE_IDENTITY; + if (hapd->conf->eap_req_id_text) { + memcpy(pos, hapd->conf->eap_req_id_text, + hapd->conf->eap_req_id_text_len); + } + + sm->eapReq = TRUE; + free(sm->last_eap_radius); + sm->last_eap_radius = buf; + sm->last_eap_radius_len = tlen; + + eloop_cancel_timeout(ieee802_1x_eap_timeout, sta, NULL); + eloop_register_timeout(30, 0, ieee802_1x_eap_timeout, sta, NULL); + sm->eapTimeout = FALSE; + + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "IEEE 802.1X: Generated EAP Request-Identity for " MACSTR + " (identifier %d, timeout 30)\n", MAC2STR(sta->addr), + eap->identifier); + + sm->eapRestart = FALSE; +} + + +void ieee802_1x_tx_canned_eap(struct hostapd_data *hapd, struct sta_info *sta, + int success) +{ + struct eap_hdr eap; + struct eapol_state_machine *sm = sta->eapol_sm; + + memset(&eap, 0, sizeof(eap)); + + eap.code = success ? EAP_CODE_SUCCESS : EAP_CODE_FAILURE; + eap.identifier = 1; + if (sm && sm->last_eap_radius) { + struct eap_hdr *hdr = (struct eap_hdr *) sm->last_eap_radius; + eap.identifier = hdr->identifier + 1; + } + eap.length = htons(sizeof(eap)); + + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "IEEE 802.1X: Sending canned EAP packet %s to " MACSTR + " (identifier %d)\n", success ? "SUCCESS" : "FAILURE", + MAC2STR(sta->addr), eap.identifier); + ieee802_1x_send(hapd, sta, IEEE802_1X_TYPE_EAP_PACKET, (u8 *) &eap, + sizeof(eap)); + if (sm) + sm->dot1xAuthEapolFramesTx++; +} + + +void ieee802_1x_tx_req(struct hostapd_data *hapd, struct sta_info *sta) +{ + struct eap_hdr *eap; + struct eapol_state_machine *sm = sta->eapol_sm; + u8 *type; + if (sm == NULL) + return; + + if (sm->last_eap_radius == NULL) { + printf("Error: TxReq called for station " MACSTR ", but there " + "is no EAP request from the authentication server\n", + MAC2STR(sm->addr)); + return; + } + + eap = (struct eap_hdr *) sm->last_eap_radius; + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "IEEE 802.1X: Sending EAP Packet to " MACSTR + " (identifier %d)\n", MAC2STR(sm->addr), + eap->identifier); + sm->currentId = eap->identifier; + ieee802_1x_send(hapd, sta, IEEE802_1X_TYPE_EAP_PACKET, + sm->last_eap_radius, sm->last_eap_radius_len); + sm->dot1xAuthEapolFramesTx++; + type = (u8 *) (eap + 1); + if (sm->last_eap_radius_len > sizeof(*eap) && + *type == EAP_TYPE_IDENTITY) + sm->dot1xAuthEapolReqIdFramesTx++; + else + sm->dot1xAuthEapolReqFramesTx++; +} + + +static void ieee802_1x_tx_key_one(struct hostapd_data *hapd, + struct sta_info *sta, + int idx, int broadcast, + u8 *key_data, size_t key_len) +{ + u8 *buf, *ekey; + struct ieee802_1x_hdr *hdr; + struct ieee802_1x_eapol_key *key; + size_t len, ekey_len; + struct eapol_state_machine *sm = sta->eapol_sm; + + if (sm == NULL) + return; + + len = sizeof(*key) + key_len; + buf = wpa_zalloc(sizeof(*hdr) + len); + if (buf == NULL) + return; + + hdr = (struct ieee802_1x_hdr *) buf; + key = (struct ieee802_1x_eapol_key *) (hdr + 1); + key->type = EAPOL_KEY_TYPE_RC4; + key->key_length = htons(key_len); + wpa_get_ntp_timestamp(key->replay_counter); + + if (hostapd_get_rand(key->key_iv, sizeof(key->key_iv))) { + printf("Could not get random numbers\n"); + free(buf); + return; + } + + key->key_index = idx | (broadcast ? 0 : BIT(7)); + if (hapd->conf->eapol_key_index_workaround) { + /* According to some information, WinXP Supplicant seems to + * interpret bit7 as an indication whether the key is to be + * activated, so make it possible to enable workaround that + * sets this bit for all keys. */ + key->key_index |= BIT(7); + } + + /* Key is encrypted using "Key-IV + sm->eapol_key_crypt" as the + * RC4-key */ + memcpy((u8 *) (key + 1), key_data, key_len); + ekey_len = sizeof(key->key_iv) + sm->eapol_key_crypt_len; + ekey = malloc(ekey_len); + if (ekey == NULL) { + printf("Could not encrypt key\n"); + free(buf); + return; + } + memcpy(ekey, key->key_iv, sizeof(key->key_iv)); + memcpy(ekey + sizeof(key->key_iv), sm->eapol_key_crypt, + sm->eapol_key_crypt_len); + rc4((u8 *) (key + 1), key_len, ekey, ekey_len); + free(ekey); + + /* This header is needed here for HMAC-MD5, but it will be regenerated + * in ieee802_1x_send() */ + hdr->version = hapd->conf->eapol_version; + hdr->type = IEEE802_1X_TYPE_EAPOL_KEY; + hdr->length = htons(len); + hmac_md5(sm->eapol_key_sign, sm->eapol_key_sign_len, + buf, sizeof(*hdr) + len, + key->key_signature); + + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "IEEE 802.1X: Sending EAPOL-Key to " MACSTR + " (%s index=%d)\n", MAC2STR(sm->addr), + broadcast ? "broadcast" : "unicast", idx); + ieee802_1x_send(hapd, sta, IEEE802_1X_TYPE_EAPOL_KEY, (u8 *) key, len); + if (sta->eapol_sm) + sta->eapol_sm->dot1xAuthEapolFramesTx++; + free(buf); +} + + +static struct hostapd_wep_keys * +ieee802_1x_group_alloc(struct hostapd_data *hapd, const char *ifname) +{ + struct hostapd_wep_keys *key; + + key = wpa_zalloc(sizeof(*key)); + if (key == NULL) + return NULL; + + key->default_len = hapd->conf->default_wep_key_len; + + if (key->idx >= hapd->conf->broadcast_key_idx_max || + key->idx < hapd->conf->broadcast_key_idx_min) + key->idx = hapd->conf->broadcast_key_idx_min; + else + key->idx++; + + if (!key->key[key->idx]) + key->key[key->idx] = malloc(key->default_len); + if (key->key[key->idx] == NULL || + hostapd_get_rand(key->key[key->idx], key->default_len)) { + printf("Could not generate random WEP key (dynamic VLAN).\n"); + free(key->key[key->idx]); + key->key[key->idx] = NULL; + free(key); + return NULL; + } + key->len[key->idx] = key->default_len; + + if (HOSTAPD_DEBUG_COND(HOSTAPD_DEBUG_MINIMAL)) { + printf("%s: Default WEP idx %d for dynamic VLAN\n", + ifname, key->idx); + wpa_hexdump_key(MSG_DEBUG, "Default WEP key (dynamic VLAN)", + key->key[key->idx], key->len[key->idx]); + } + + if (hostapd_set_encryption(ifname, hapd, "WEP", NULL, key->idx, + key->key[key->idx], key->len[key->idx], 1)) + printf("Could not set dynamic VLAN WEP encryption key.\n"); + + hostapd_set_ieee8021x(ifname, hapd, 1); + + return key; +} + + +static struct hostapd_wep_keys * +ieee802_1x_get_group(struct hostapd_data *hapd, struct hostapd_ssid *ssid, + size_t vlan_id) +{ + const char *ifname; + + if (vlan_id == 0) + return &ssid->wep; + + if (vlan_id <= ssid->max_dyn_vlan_keys && ssid->dyn_vlan_keys && + ssid->dyn_vlan_keys[vlan_id]) + return ssid->dyn_vlan_keys[vlan_id]; + + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "IEEE 802.1X: Creating new group " + "state machine for VLAN ID %lu\n", + (unsigned long) vlan_id); + + ifname = hostapd_get_vlan_id_ifname(hapd->conf->vlan, vlan_id); + if (ifname == NULL) { + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "IEEE 802.1X: Unknown " + "VLAN ID %lu - cannot create group key state " + "machine\n", (unsigned long) vlan_id); + return NULL; + } + + if (ssid->dyn_vlan_keys == NULL) { + int size = (vlan_id + 1) * sizeof(ssid->dyn_vlan_keys[0]); + ssid->dyn_vlan_keys = wpa_zalloc(size); + if (ssid->dyn_vlan_keys == NULL) + return NULL; + ssid->max_dyn_vlan_keys = vlan_id; + } + + if (ssid->max_dyn_vlan_keys < vlan_id) { + struct hostapd_wep_keys **na; + int size = (vlan_id + 1) * sizeof(ssid->dyn_vlan_keys[0]); + na = realloc(ssid->dyn_vlan_keys, size); + if (na == NULL) + return NULL; + ssid->dyn_vlan_keys = na; + memset(&ssid->dyn_vlan_keys[ssid->max_dyn_vlan_keys + 1], 0, + (vlan_id - ssid->max_dyn_vlan_keys) * + sizeof(ssid->dyn_vlan_keys[0])); + ssid->max_dyn_vlan_keys = vlan_id; + } + + ssid->dyn_vlan_keys[vlan_id] = ieee802_1x_group_alloc(hapd, ifname); + + return ssid->dyn_vlan_keys[vlan_id]; +} + + +void ieee802_1x_tx_key(struct hostapd_data *hapd, struct sta_info *sta) +{ + struct hostapd_wep_keys *key = NULL; + struct eapol_state_machine *sm = sta->eapol_sm; + int vlan_id; + + if (sm == NULL || !sm->eapol_key_sign || !sm->eapol_key_crypt) + return; + + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "IEEE 802.1X: Sending EAPOL-Key(s) to " MACSTR "\n", + MAC2STR(sta->addr)); + + vlan_id = sta->vlan_id; + if (vlan_id < 0 || vlan_id > MAX_VLAN_ID) + vlan_id = 0; + + if (vlan_id) { + key = ieee802_1x_get_group(hapd, sta->ssid, vlan_id); + if (key && key->key[key->idx]) + ieee802_1x_tx_key_one(hapd, sta, key->idx, 1, + key->key[key->idx], + key->len[key->idx]); + } else if (hapd->default_wep_key) { + ieee802_1x_tx_key_one(hapd, sta, hapd->default_wep_key_idx, 1, + hapd->default_wep_key, + hapd->conf->default_wep_key_len); + } + + if (hapd->conf->individual_wep_key_len > 0) { + u8 *ikey; + ikey = malloc(hapd->conf->individual_wep_key_len); + if (ikey == NULL || + hostapd_get_rand(ikey, + hapd->conf->individual_wep_key_len)) { + printf("Could not generate random individual WEP " + "key.\n"); + free(ikey); + return; + } + + wpa_hexdump_key(MSG_DEBUG, "Individual WEP key", + ikey, hapd->conf->individual_wep_key_len); + + ieee802_1x_tx_key_one(hapd, sta, 0, 0, ikey, + hapd->conf->individual_wep_key_len); + + /* TODO: set encryption in TX callback, i.e., only after STA + * has ACKed EAPOL-Key frame */ + if (hostapd_set_encryption(hapd->conf->iface, hapd, "WEP", + sta->addr, 0, ikey, + hapd->conf->individual_wep_key_len, + 1)) { + printf("Could not set individual WEP encryption.\n"); + } + + free(ikey); + } +} + + +const char *radius_mode_txt(struct hostapd_data *hapd) +{ + if (hapd->iface->current_mode == NULL) + return "802.11"; + + switch (hapd->iface->current_mode->mode) { + case HOSTAPD_MODE_IEEE80211A: + return "802.11a"; + case HOSTAPD_MODE_IEEE80211G: + return "802.11g"; + case HOSTAPD_MODE_IEEE80211B: + default: + return "802.11b"; + } +} + + +int radius_sta_rate(struct hostapd_data *hapd, struct sta_info *sta) +{ + int i; + u8 rate = 0; + + for (i = 0; i < sta->supported_rates_len; i++) + if ((sta->supported_rates[i] & 0x7f) > rate) + rate = sta->supported_rates[i] & 0x7f; + + return rate; +} + + +static void ieee802_1x_encapsulate_radius(struct hostapd_data *hapd, + struct sta_info *sta, + u8 *eap, size_t len) +{ + struct radius_msg *msg; + char buf[128]; + struct eapol_state_machine *sm = sta->eapol_sm; + + if (sm == NULL) + return; + + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "Encapsulating EAP message into a RADIUS packet\n"); + + sm->radius_identifier = radius_client_get_id(hapd->radius); + msg = radius_msg_new(RADIUS_CODE_ACCESS_REQUEST, + sm->radius_identifier); + if (msg == NULL) { + printf("Could not create net RADIUS packet\n"); + return; + } + + radius_msg_make_authenticator(msg, (u8 *) sta, sizeof(*sta)); + + if (sm->identity && + !radius_msg_add_attr(msg, RADIUS_ATTR_USER_NAME, + sm->identity, sm->identity_len)) { + printf("Could not add User-Name\n"); + goto fail; + } + + if (hapd->conf->own_ip_addr.af == AF_INET && + !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IP_ADDRESS, + (u8 *) &hapd->conf->own_ip_addr.u.v4, 4)) { + printf("Could not add NAS-IP-Address\n"); + goto fail; + } + +#ifdef CONFIG_IPV6 + if (hapd->conf->own_ip_addr.af == AF_INET6 && + !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IPV6_ADDRESS, + (u8 *) &hapd->conf->own_ip_addr.u.v6, 16)) { + printf("Could not add NAS-IPv6-Address\n"); + goto fail; + } +#endif /* CONFIG_IPV6 */ + + if (hapd->conf->nas_identifier && + !radius_msg_add_attr(msg, RADIUS_ATTR_NAS_IDENTIFIER, + (u8 *) hapd->conf->nas_identifier, + strlen(hapd->conf->nas_identifier))) { + printf("Could not add NAS-Identifier\n"); + goto fail; + } + + if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_NAS_PORT, sta->aid)) { + printf("Could not add NAS-Port\n"); + goto fail; + } + + snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT ":%s", + MAC2STR(hapd->own_addr), hapd->conf->ssid.ssid); + buf[sizeof(buf) - 1] = '\0'; + if (!radius_msg_add_attr(msg, RADIUS_ATTR_CALLED_STATION_ID, + (u8 *) buf, strlen(buf))) { + printf("Could not add Called-Station-Id\n"); + goto fail; + } + + snprintf(buf, sizeof(buf), RADIUS_802_1X_ADDR_FORMAT, + MAC2STR(sta->addr)); + buf[sizeof(buf) - 1] = '\0'; + if (!radius_msg_add_attr(msg, RADIUS_ATTR_CALLING_STATION_ID, + (u8 *) buf, strlen(buf))) { + printf("Could not add Calling-Station-Id\n"); + goto fail; + } + + /* TODO: should probably check MTU from driver config; 2304 is max for + * IEEE 802.11, but use 1400 to avoid problems with too large packets + */ + if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_FRAMED_MTU, 1400)) { + printf("Could not add Framed-MTU\n"); + goto fail; + } + + if (!radius_msg_add_attr_int32(msg, RADIUS_ATTR_NAS_PORT_TYPE, + RADIUS_NAS_PORT_TYPE_IEEE_802_11)) { + printf("Could not add NAS-Port-Type\n"); + goto fail; + } + + if (sta->flags & WLAN_STA_PREAUTH) { + snprintf(buf, sizeof(buf), "IEEE 802.11i Pre-Authentication"); + } else { + snprintf(buf, sizeof(buf), "CONNECT %d%sMbps %s", + radius_sta_rate(hapd, sta) / 2, + (radius_sta_rate(hapd, sta) & 1) ? ".5" : "", + radius_mode_txt(hapd)); + } + buf[sizeof(buf) - 1] = '\0'; + if (!radius_msg_add_attr(msg, RADIUS_ATTR_CONNECT_INFO, + (u8 *) buf, strlen(buf))) { + printf("Could not add Connect-Info\n"); + goto fail; + } + + if (eap && !radius_msg_add_eap(msg, eap, len)) { + printf("Could not add EAP-Message\n"); + goto fail; + } + + /* State attribute must be copied if and only if this packet is + * Access-Request reply to the previous Access-Challenge */ + if (sm->last_recv_radius && sm->last_recv_radius->hdr->code == + RADIUS_CODE_ACCESS_CHALLENGE) { + int res = radius_msg_copy_attr(msg, sm->last_recv_radius, + RADIUS_ATTR_STATE); + if (res < 0) { + printf("Could not copy State attribute from previous " + "Access-Challenge\n"); + goto fail; + } + if (res > 0) { + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + " Copied RADIUS State Attribute\n"); + } + } + + radius_client_send(hapd->radius, msg, RADIUS_AUTH, sta->addr); + return; + + fail: + radius_msg_free(msg); + free(msg); +} + + +char *eap_type_text(u8 type) +{ + switch (type) { + case EAP_TYPE_IDENTITY: return "Identity"; + case EAP_TYPE_NOTIFICATION: return "Notification"; + case EAP_TYPE_NAK: return "Nak"; + case EAP_TYPE_MD5: return "MD5-Challenge"; + case EAP_TYPE_OTP: return "One-Time Password"; + case EAP_TYPE_GTC: return "Generic Token Card"; + case EAP_TYPE_TLS: return "TLS"; + case EAP_TYPE_TTLS: return "TTLS"; + case EAP_TYPE_PEAP: return "PEAP"; + case EAP_TYPE_SIM: return "SIM"; + case EAP_TYPE_FAST: return "FAST"; + case EAP_TYPE_SAKE: return "SAKE"; + case EAP_TYPE_PSK: return "PSK"; + default: return "Unknown"; + } +} + + +static void handle_eap_response(struct hostapd_data *hapd, + struct sta_info *sta, struct eap_hdr *eap, + u8 *data, size_t len) +{ + u8 type; + struct eapol_state_machine *sm = sta->eapol_sm; + if (sm == NULL) + return; + + if (eap->identifier != sm->currentId) { + hostapd_logger(hapd, sm->addr, HOSTAPD_MODULE_IEEE8021X, + HOSTAPD_LEVEL_DEBUG, + "EAP Identifier of the Response-Identity does " + "not match (was %d, expected %d) - ignored", + eap->identifier, sm->currentId); + return; + } + + if (len < 1) { + printf("handle_eap_response: too short response data\n"); + return; + } + + eloop_cancel_timeout(ieee802_1x_eap_timeout, sta, NULL); + + free(sm->last_eap_supp); + sm->last_eap_supp_len = sizeof(*eap) + len; + sm->last_eap_supp = (u8 *) malloc(sm->last_eap_supp_len); + if (sm->last_eap_supp == NULL) { + printf("Could not alloc memory for last EAP Response\n"); + return; + } + memcpy(sm->last_eap_supp, eap, sizeof(*eap)); + memcpy(sm->last_eap_supp + sizeof(*eap), data, len); + + sm->eap_type_supp = type = data[0]; + data++; + len--; + + hostapd_logger(hapd, sm->addr, HOSTAPD_MODULE_IEEE8021X, + HOSTAPD_LEVEL_DEBUG, "received EAP packet (code=%d " + "id=%d len=%d) from STA: EAP Response-%s (%d)", + eap->code, eap->identifier, ntohs(eap->length), + eap_type_text(type), type); + + if (type == EAP_TYPE_IDENTITY) { + char *buf, *pos; + size_t i; + buf = malloc(4 * len + 1); + if (buf) { + pos = buf; + for (i = 0; i < len; i++) { + if (data[i] >= 32 && data[i] < 127) + *pos++ = data[i]; + else { + snprintf(pos, 5, "{%02x}", data[i]); + pos += 4; + } + } + *pos = '\0'; + hostapd_logger(hapd, sm->addr, + HOSTAPD_MODULE_IEEE8021X, + HOSTAPD_LEVEL_DEBUG, + "STA identity '%s'", buf); + free(buf); + } + + sm->rx_identity = TRUE; + sm->dot1xAuthEapolRespIdFramesRx++; + + /* Save station identity for future RADIUS packets */ + free(sm->identity); + sm->identity = malloc(len + 1); + if (sm->identity) { + memcpy(sm->identity, data, len); + sm->identity[len] = '\0'; + sm->identity_len = len; + } + } else + sm->dot1xAuthEapolRespFramesRx++; + + sm->eapolEap = TRUE; +} + + +/* Process incoming EAP packet from Supplicant */ +static void handle_eap(struct hostapd_data *hapd, struct sta_info *sta, + u8 *buf, size_t len) +{ + struct eap_hdr *eap; + u16 eap_len; + + if (len < sizeof(*eap)) { + printf(" too short EAP packet\n"); + return; + } + + eap = (struct eap_hdr *) buf; + + eap_len = ntohs(eap->length); + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + " EAP: code=%d identifier=%d length=%d", + eap->code, eap->identifier, eap_len); + if (eap_len < sizeof(*eap)) { + printf(" Invalid EAP length\n"); + return; + } else if (eap_len > len) { + printf(" Too short frame to contain this EAP packet\n"); + return; + } else if (eap_len < len) { + printf(" Ignoring %lu extra bytes after EAP packet\n", + (unsigned long) len - eap_len); + } + + eap_len -= sizeof(*eap); + + switch (eap->code) { + case EAP_CODE_REQUEST: + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, " (request)\n"); + return; + case EAP_CODE_RESPONSE: + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, " (response)\n"); + handle_eap_response(hapd, sta, eap, (u8 *) (eap + 1), eap_len); + break; + case EAP_CODE_SUCCESS: + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, " (success)\n"); + return; + case EAP_CODE_FAILURE: + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, " (failure)\n"); + return; + default: + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, " (unknown code)\n"); + return; + } +} + + +/* Process the EAPOL frames from the Supplicant */ +void ieee802_1x_receive(struct hostapd_data *hapd, const u8 *sa, const u8 *buf, + size_t len) +{ + struct sta_info *sta; + struct ieee802_1x_hdr *hdr; + struct ieee802_1x_eapol_key *key; + u16 datalen; + struct rsn_pmksa_cache_entry *pmksa; + + if (!hapd->conf->ieee802_1x && !hapd->conf->wpa) + return; + + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "IEEE 802.1X: %lu bytes from " MACSTR "\n", + (unsigned long) len, MAC2STR(sa)); + sta = ap_get_sta(hapd, sa); + if (!sta) { + printf(" no station information available\n"); + return; + } + + if (len < sizeof(*hdr)) { + printf(" too short IEEE 802.1X packet\n"); + return; + } + + hdr = (struct ieee802_1x_hdr *) buf; + datalen = ntohs(hdr->length); + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + " IEEE 802.1X: version=%d type=%d length=%d\n", + hdr->version, hdr->type, datalen); + + if (len - sizeof(*hdr) < datalen) { + printf(" frame too short for this IEEE 802.1X packet\n"); + if (sta->eapol_sm) + sta->eapol_sm->dot1xAuthEapLengthErrorFramesRx++; + return; + } + if (len - sizeof(*hdr) > datalen) { + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + " ignoring %lu extra octets after IEEE 802.1X " + "packet\n", + (unsigned long) len - sizeof(*hdr) - datalen); + } + + if (sta->eapol_sm) { + sta->eapol_sm->dot1xAuthLastEapolFrameVersion = hdr->version; + sta->eapol_sm->dot1xAuthEapolFramesRx++; + } + + key = (struct ieee802_1x_eapol_key *) (hdr + 1); + if (datalen >= sizeof(struct ieee802_1x_eapol_key) && + hdr->type == IEEE802_1X_TYPE_EAPOL_KEY && + (key->type == EAPOL_KEY_TYPE_WPA || + key->type == EAPOL_KEY_TYPE_RSN)) { + wpa_receive(hapd->wpa_auth, sta->wpa_sm, (u8 *) hdr, + sizeof(*hdr) + datalen); + return; + } + + if (!hapd->conf->ieee802_1x || + wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_PSK) + return; + + if (!sta->eapol_sm) { + sta->eapol_sm = eapol_sm_alloc(hapd, sta); + if (!sta->eapol_sm) + return; + } + + /* since we support version 1, we can ignore version field and proceed + * as specified in version 1 standard [IEEE Std 802.1X-2001, 7.5.5] */ + /* TODO: actually, we are not version 1 anymore.. However, Version 2 + * does not change frame contents, so should be ok to process frames + * more or less identically. Some changes might be needed for + * verification of fields. */ + + switch (hdr->type) { + case IEEE802_1X_TYPE_EAP_PACKET: + handle_eap(hapd, sta, (u8 *) (hdr + 1), datalen); + break; + + case IEEE802_1X_TYPE_EAPOL_START: + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X, + HOSTAPD_LEVEL_DEBUG, "received EAPOL-Start " + "from STA"); + pmksa = wpa_auth_sta_get_pmksa(sta->wpa_sm); + if (pmksa) { + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_WPA, + HOSTAPD_LEVEL_DEBUG, "cached PMKSA " + "available - ignore it since " + "STA sent EAPOL-Start"); + wpa_auth_sta_clear_pmksa(sta->wpa_sm, pmksa); + } + sta->eapol_sm->eapolStart = TRUE; + sta->eapol_sm->dot1xAuthEapolStartFramesRx++; + wpa_auth_sm_event(sta->wpa_sm, WPA_REAUTH_EAPOL); + break; + + case IEEE802_1X_TYPE_EAPOL_LOGOFF: + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X, + HOSTAPD_LEVEL_DEBUG, "received EAPOL-Logoff " + "from STA"); + sta->acct_terminate_cause = + RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST; + sta->eapol_sm->eapolLogoff = TRUE; + sta->eapol_sm->dot1xAuthEapolLogoffFramesRx++; + break; + + case IEEE802_1X_TYPE_EAPOL_KEY: + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, " EAPOL-Key\n"); + if (!(sta->flags & WLAN_STA_AUTHORIZED)) { + printf(" Dropped key data from unauthorized " + "Supplicant\n"); + break; + } + break; + + case IEEE802_1X_TYPE_EAPOL_ENCAPSULATED_ASF_ALERT: + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + " EAPOL-Encapsulated-ASF-Alert\n"); + /* TODO: implement support for this; show data */ + break; + + default: + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + " unknown IEEE 802.1X packet type\n"); + sta->eapol_sm->dot1xAuthInvalidEapolFramesRx++; + break; + } + + eapol_sm_step(sta->eapol_sm); +} + + +void ieee802_1x_new_station(struct hostapd_data *hapd, struct sta_info *sta) +{ + struct rsn_pmksa_cache_entry *pmksa; + int reassoc = 1; + + if (!hapd->conf->ieee802_1x || + wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_PSK) + return; + + if (sta->eapol_sm == NULL) { + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X, + HOSTAPD_LEVEL_DEBUG, "start authentication"); + sta->eapol_sm = eapol_sm_alloc(hapd, sta); + if (sta->eapol_sm == NULL) { + hostapd_logger(hapd, sta->addr, + HOSTAPD_MODULE_IEEE8021X, + HOSTAPD_LEVEL_INFO, + "failed to allocate state machine"); + return; + } + reassoc = 0; + } + + sta->eapol_sm->portEnabled = TRUE; + + pmksa = wpa_auth_sta_get_pmksa(sta->wpa_sm); + if (pmksa) { + int old_vlanid; + + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X, + HOSTAPD_LEVEL_DEBUG, + "PMK from PMKSA cache - skip IEEE 802.1X/EAP"); + /* Setup EAPOL state machines to already authenticated state + * because of existing PMKSA information in the cache. */ + sta->eapol_sm->keyRun = TRUE; + sta->eapol_sm->keyAvailable = TRUE; + sta->eapol_sm->auth_pae_state = AUTH_PAE_AUTHENTICATING; + sta->eapol_sm->be_auth_state = BE_AUTH_SUCCESS; + sta->eapol_sm->authSuccess = TRUE; + if (sta->eapol_sm->eap) + eap_sm_notify_cached(sta->eapol_sm->eap); + old_vlanid = sta->vlan_id; + pmksa_cache_to_eapol_data(pmksa, sta->eapol_sm); + if (sta->ssid->dynamic_vlan == DYNAMIC_VLAN_DISABLED) + sta->vlan_id = 0; + ap_sta_bind_vlan(hapd, sta, old_vlanid); + } else { + if (reassoc) { + /* + * Force EAPOL state machines to start + * re-authentication without having to wait for the + * Supplicant to send EAPOL-Start. + */ + sta->eapol_sm->reAuthenticate = TRUE; + } + eapol_sm_step(sta->eapol_sm); + } +} + + +void ieee802_1x_free_radius_class(struct radius_class_data *class) +{ + size_t i; + if (class == NULL) + return; + for (i = 0; i < class->count; i++) + free(class->attr[i].data); + free(class->attr); + class->attr = NULL; + class->count = 0; +} + + +int ieee802_1x_copy_radius_class(struct radius_class_data *dst, + struct radius_class_data *src) +{ + size_t i; + + if (src->attr == NULL) + return 0; + + dst->attr = wpa_zalloc(src->count * sizeof(struct radius_attr_data)); + if (dst->attr == NULL) + return -1; + + dst->count = 0; + + for (i = 0; i < src->count; i++) { + dst->attr[i].data = malloc(src->attr[i].len); + if (dst->attr[i].data == NULL) + break; + dst->count++; + memcpy(dst->attr[i].data, src->attr[i].data, src->attr[i].len); + dst->attr[i].len = src->attr[i].len; + } + + return 0; +} + + +void ieee802_1x_free_station(struct sta_info *sta) +{ + struct eapol_state_machine *sm = sta->eapol_sm; + + eloop_cancel_timeout(ieee802_1x_eap_timeout, sta, NULL); + + if (sm == NULL) + return; + + sta->eapol_sm = NULL; + + if (sm->last_recv_radius) { + radius_msg_free(sm->last_recv_radius); + free(sm->last_recv_radius); + } + + free(sm->last_eap_supp); + free(sm->last_eap_radius); + free(sm->identity); + ieee802_1x_free_radius_class(&sm->radius_class); + free(sm->eapol_key_sign); + free(sm->eapol_key_crypt); + eapol_sm_free(sm); +} + + +static void ieee802_1x_decapsulate_radius(struct hostapd_data *hapd, + struct sta_info *sta) +{ + u8 *eap; + size_t len; + struct eap_hdr *hdr; + int eap_type = -1; + char buf[64]; + struct radius_msg *msg; + struct eapol_state_machine *sm = sta->eapol_sm; + + if (sm == NULL || sm->last_recv_radius == NULL) { + if (sm) + sm->eapNoReq = TRUE; + return; + } + + msg = sm->last_recv_radius; + + eap = radius_msg_get_eap(msg, &len); + if (eap == NULL) { + /* draft-aboba-radius-rfc2869bis-20.txt, Chap. 2.6.3: + * RADIUS server SHOULD NOT send Access-Reject/no EAP-Message + * attribute */ + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X, + HOSTAPD_LEVEL_WARNING, "could not extract " + "EAP-Message from RADIUS message"); + free(sm->last_eap_radius); + sm->last_eap_radius = NULL; + sm->last_eap_radius_len = 0; + sm->eapNoReq = TRUE; + return; + } + + if (len < sizeof(*hdr)) { + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X, + HOSTAPD_LEVEL_WARNING, "too short EAP packet " + "received from authentication server"); + free(eap); + sm->eapNoReq = TRUE; + return; + } + + if (len > sizeof(*hdr)) + eap_type = eap[sizeof(*hdr)]; + + hdr = (struct eap_hdr *) eap; + switch (hdr->code) { + case EAP_CODE_REQUEST: + if (eap_type >= 0) + sm->eap_type_authsrv = eap_type; + snprintf(buf, sizeof(buf), "EAP-Request-%s (%d)", + eap_type >= 0 ? eap_type_text(eap_type) : "??", + eap_type); + break; + case EAP_CODE_RESPONSE: + snprintf(buf, sizeof(buf), "EAP Response-%s (%d)", + eap_type >= 0 ? eap_type_text(eap_type) : "??", + eap_type); + break; + case EAP_CODE_SUCCESS: + snprintf(buf, sizeof(buf), "EAP Success"); + break; + case EAP_CODE_FAILURE: + snprintf(buf, sizeof(buf), "EAP Failure"); + break; + default: + snprintf(buf, sizeof(buf), "unknown EAP code"); + break; + } + buf[sizeof(buf) - 1] = '\0'; + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X, + HOSTAPD_LEVEL_DEBUG, "decapsulated EAP packet (code=%d " + "id=%d len=%d) from RADIUS server: %s", + hdr->code, hdr->identifier, ntohs(hdr->length), buf); + sm->eapReq = TRUE; + + free(sm->last_eap_radius); + sm->last_eap_radius = eap; + sm->last_eap_radius_len = len; +} + + +static void ieee802_1x_get_keys(struct hostapd_data *hapd, + struct sta_info *sta, struct radius_msg *msg, + struct radius_msg *req, + u8 *shared_secret, size_t shared_secret_len) +{ + struct radius_ms_mppe_keys *keys; + struct eapol_state_machine *sm = sta->eapol_sm; + if (sm == NULL) + return; + + keys = radius_msg_get_ms_keys(msg, req, shared_secret, + shared_secret_len); + + if (keys) { + if (keys->send) { + wpa_hexdump_key(MSG_DEBUG, "MS-MPPE-Send-Key", + keys->send, keys->send_len); + } + if (keys->recv) { + wpa_hexdump_key(MSG_DEBUG, "MS-MPPE-Recv-Key", + keys->recv, keys->recv_len); + } + + if (keys->send && keys->recv) { + free(sm->eapol_key_sign); + free(sm->eapol_key_crypt); + sm->eapol_key_sign = keys->send; + sm->eapol_key_sign_len = keys->send_len; + sm->eapol_key_crypt = keys->recv; + sm->eapol_key_crypt_len = keys->recv_len; + if (hapd->default_wep_key || + hapd->conf->individual_wep_key_len > 0 || + hapd->conf->wpa) + sta->eapol_sm->keyAvailable = TRUE; + } else { + free(keys->send); + free(keys->recv); + } + free(keys); + } +} + + +static void ieee802_1x_store_radius_class(struct hostapd_data *hapd, + struct sta_info *sta, + struct radius_msg *msg) +{ + u8 *class; + size_t class_len; + struct eapol_state_machine *sm = sta->eapol_sm; + int count, i; + struct radius_attr_data *nclass; + size_t nclass_count; + + if (!hapd->conf->radius->acct_server || hapd->radius == NULL || + sm == NULL) + return; + + ieee802_1x_free_radius_class(&sm->radius_class); + count = radius_msg_count_attr(msg, RADIUS_ATTR_CLASS, 1); + if (count <= 0) + return; + + nclass = wpa_zalloc(count * sizeof(struct radius_attr_data)); + if (nclass == NULL) + return; + + nclass_count = 0; + + class = NULL; + for (i = 0; i < count; i++) { + do { + if (radius_msg_get_attr_ptr(msg, RADIUS_ATTR_CLASS, + &class, &class_len, + class) < 0) { + i = count; + break; + } + } while (class_len < 1); + + nclass[nclass_count].data = malloc(class_len); + if (nclass[nclass_count].data == NULL) + break; + + memcpy(nclass[nclass_count].data, class, class_len); + nclass[nclass_count].len = class_len; + nclass_count++; + } + + sm->radius_class.attr = nclass; + sm->radius_class.count = nclass_count; + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "IEEE 802.1X: Stored %lu RADIUS " + "Class attributes for " MACSTR "\n", + (unsigned long) sm->radius_class.count, + MAC2STR(sta->addr)); +} + + +/* Update sta->identity based on User-Name attribute in Access-Accept */ +static void ieee802_1x_update_sta_identity(struct hostapd_data *hapd, + struct sta_info *sta, + struct radius_msg *msg) +{ + u8 *buf, *identity; + size_t len; + struct eapol_state_machine *sm = sta->eapol_sm; + + if (sm == NULL) + return; + + if (radius_msg_get_attr_ptr(msg, RADIUS_ATTR_USER_NAME, &buf, &len, + NULL) < 0) + return; + + identity = malloc(len + 1); + if (identity == NULL) + return; + + memcpy(identity, buf, len); + identity[len] = '\0'; + + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X, + HOSTAPD_LEVEL_DEBUG, "old identity '%s' updated with " + "User-Name from Access-Accept '%s'", + sm->identity ? (char *) sm->identity : "N/A", + (char *) identity); + + free(sm->identity); + sm->identity = identity; + sm->identity_len = len; +} + + +struct sta_id_search { + u8 identifier; + struct eapol_state_machine *sm; +}; + + +static int ieee802_1x_select_radius_identifier(struct hostapd_data *hapd, + struct sta_info *sta, + void *ctx) +{ + struct sta_id_search *id_search = ctx; + struct eapol_state_machine *sm = sta->eapol_sm; + + if (sm && sm->radius_identifier >= 0 && + sm->radius_identifier == id_search->identifier) { + id_search->sm = sm; + return 1; + } + return 0; +} + + +static struct eapol_state_machine * +ieee802_1x_search_radius_identifier(struct hostapd_data *hapd, u8 identifier) +{ + struct sta_id_search id_search; + id_search.identifier = identifier; + id_search.sm = NULL; + ap_for_each_sta(hapd, ieee802_1x_select_radius_identifier, &id_search); + return id_search.sm; +} + + +/* Process the RADIUS frames from Authentication Server */ +static RadiusRxResult +ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req, + u8 *shared_secret, size_t shared_secret_len, + void *data) +{ + struct hostapd_data *hapd = data; + struct sta_info *sta; + u32 session_timeout = 0, termination_action, acct_interim_interval; + int session_timeout_set, old_vlanid = 0; + int eap_timeout; + struct eapol_state_machine *sm; + int override_eapReq = 0; + + sm = ieee802_1x_search_radius_identifier(hapd, msg->hdr->identifier); + if (sm == NULL) { + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "IEEE 802.1X: Could not " + "find matching station for this RADIUS " + "message\n"); + return RADIUS_RX_UNKNOWN; + } + sta = sm->sta; + + /* RFC 2869, Ch. 5.13: valid Message-Authenticator attribute MUST be + * present when packet contains an EAP-Message attribute */ + if (msg->hdr->code == RADIUS_CODE_ACCESS_REJECT && + radius_msg_get_attr(msg, RADIUS_ATTR_MESSAGE_AUTHENTICATOR, NULL, + 0) < 0 && + radius_msg_get_attr(msg, RADIUS_ATTR_EAP_MESSAGE, NULL, 0) < 0) { + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "Allowing RADIUS " + "Access-Reject without Message-Authenticator " + "since it does not include EAP-Message\n"); + } else if (radius_msg_verify(msg, shared_secret, shared_secret_len, + req, 1)) { + printf("Incoming RADIUS packet did not have correct " + "Message-Authenticator - dropped\n"); + return RADIUS_RX_INVALID_AUTHENTICATOR; + } + + if (msg->hdr->code != RADIUS_CODE_ACCESS_ACCEPT && + msg->hdr->code != RADIUS_CODE_ACCESS_REJECT && + msg->hdr->code != RADIUS_CODE_ACCESS_CHALLENGE) { + printf("Unknown RADIUS message code\n"); + return RADIUS_RX_UNKNOWN; + } + + sm->radius_identifier = -1; + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "RADIUS packet matching with station " MACSTR "\n", + MAC2STR(sta->addr)); + + if (sm->last_recv_radius) { + radius_msg_free(sm->last_recv_radius); + free(sm->last_recv_radius); + } + + sm->last_recv_radius = msg; + + session_timeout_set = + !radius_msg_get_attr_int32(msg, RADIUS_ATTR_SESSION_TIMEOUT, + &session_timeout); + if (radius_msg_get_attr_int32(msg, RADIUS_ATTR_TERMINATION_ACTION, + &termination_action)) + termination_action = RADIUS_TERMINATION_ACTION_DEFAULT; + + if (hapd->conf->radius->acct_interim_interval == 0 && + msg->hdr->code == RADIUS_CODE_ACCESS_ACCEPT && + radius_msg_get_attr_int32(msg, RADIUS_ATTR_ACCT_INTERIM_INTERVAL, + &acct_interim_interval) == 0) { + if (acct_interim_interval < 60) { + hostapd_logger(hapd, sta->addr, + HOSTAPD_MODULE_IEEE8021X, + HOSTAPD_LEVEL_INFO, + "ignored too small " + "Acct-Interim-Interval %d", + acct_interim_interval); + } else + sta->acct_interim_interval = acct_interim_interval; + } + + + switch (msg->hdr->code) { + case RADIUS_CODE_ACCESS_ACCEPT: + if (sta->ssid->dynamic_vlan == DYNAMIC_VLAN_DISABLED) + sta->vlan_id = 0; + else { + old_vlanid = sta->vlan_id; + sta->vlan_id = radius_msg_get_vlanid(msg); + } + if (sta->vlan_id > 0 && + hostapd_get_vlan_id_ifname(hapd->conf->vlan, + sta->vlan_id)) { + hostapd_logger(hapd, sta->addr, + HOSTAPD_MODULE_RADIUS, + HOSTAPD_LEVEL_INFO, + "VLAN ID %d", sta->vlan_id); + } else if (sta->ssid->dynamic_vlan == DYNAMIC_VLAN_REQUIRED) { + sta->eapol_sm->authFail = TRUE; + hostapd_logger(hapd, sta->addr, + HOSTAPD_MODULE_IEEE8021X, + HOSTAPD_LEVEL_INFO, "authentication " + "server did not include required VLAN " + "ID in Access-Accept"); + break; + } + + ap_sta_bind_vlan(hapd, sta, old_vlanid); + + /* RFC 3580, Ch. 3.17 */ + if (session_timeout_set && termination_action == + RADIUS_TERMINATION_ACTION_RADIUS_REQUEST) { + sm->reAuthPeriod = session_timeout; + } else if (session_timeout_set) + ap_sta_session_timeout(hapd, sta, session_timeout); + + sm->eapSuccess = TRUE; + override_eapReq = 1; + ieee802_1x_get_keys(hapd, sta, msg, req, shared_secret, + shared_secret_len); + ieee802_1x_store_radius_class(hapd, sta, msg); + ieee802_1x_update_sta_identity(hapd, sta, msg); + if (sm->keyAvailable && + wpa_auth_pmksa_add(sta->wpa_sm, sm->eapol_key_crypt, + session_timeout_set ? + (int) session_timeout : -1, sm) == 0) { + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_WPA, + HOSTAPD_LEVEL_DEBUG, + "Added PMKSA cache entry"); + } + break; + case RADIUS_CODE_ACCESS_REJECT: + sm->eapFail = TRUE; + override_eapReq = 1; + break; + case RADIUS_CODE_ACCESS_CHALLENGE: + if (session_timeout_set) { + /* RFC 2869, Ch. 2.3.2; RFC 3580, Ch. 3.17 */ + eap_timeout = session_timeout; + } else + eap_timeout = 30; + hostapd_logger(hapd, sm->addr, HOSTAPD_MODULE_IEEE8021X, + HOSTAPD_LEVEL_DEBUG, + "using EAP timeout of %d seconds%s", + eap_timeout, + session_timeout_set ? " (from RADIUS)" : ""); + eloop_cancel_timeout(ieee802_1x_eap_timeout, sta, NULL); + eloop_register_timeout(eap_timeout, 0, ieee802_1x_eap_timeout, + sta, NULL); + sm->eapTimeout = FALSE; + break; + } + + ieee802_1x_decapsulate_radius(hapd, sta); + if (override_eapReq) + sm->eapReq = FALSE; + + eapol_sm_step(sm); + + return RADIUS_RX_QUEUED; +} + + +/* Handler for EAPOL Backend Authentication state machine sendRespToServer. + * Forward the EAP Response from Supplicant to Authentication Server. */ +void ieee802_1x_send_resp_to_server(struct hostapd_data *hapd, + struct sta_info *sta) +{ + struct eapol_state_machine *sm = sta->eapol_sm; + if (sm == NULL) + return; + + if (hapd->conf->eap_server) { + eap_set_eapRespData(sm->eap, sm->last_eap_supp, + sm->last_eap_supp_len); + } else { + ieee802_1x_encapsulate_radius(hapd, sta, sm->last_eap_supp, + sm->last_eap_supp_len); + } +} + + +void ieee802_1x_abort_auth(struct hostapd_data *hapd, struct sta_info *sta) +{ + struct eapol_state_machine *sm = sta->eapol_sm; + if (sm == NULL) + return; + + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X, + HOSTAPD_LEVEL_DEBUG, "aborting authentication"); + + if (sm->last_recv_radius) { + radius_msg_free(sm->last_recv_radius); + free(sm->last_recv_radius); + sm->last_recv_radius = NULL; + } + free(sm->last_eap_supp); + sm->last_eap_supp = NULL; + sm->last_eap_supp_len = 0; + free(sm->last_eap_radius); + sm->last_eap_radius = NULL; + sm->last_eap_radius_len = 0; +} + + +#ifdef HOSTAPD_DUMP_STATE +static void fprint_char(FILE *f, char c) +{ + if (c >= 32 && c < 127) + fprintf(f, "%c", c); + else + fprintf(f, "<%02x>", c); +} + + +void ieee802_1x_dump_state(FILE *f, const char *prefix, struct sta_info *sta) +{ + struct eapol_state_machine *sm = sta->eapol_sm; + if (sm == NULL) + return; + + fprintf(f, "%sIEEE 802.1X:\n", prefix); + + if (sm->identity) { + size_t i; + fprintf(f, "%sidentity=", prefix); + for (i = 0; i < sm->identity_len; i++) + fprint_char(f, sm->identity[i]); + fprintf(f, "\n"); + } + + fprintf(f, "%slast EAP type: Authentication Server: %d (%s) " + "Supplicant: %d (%s)\n", prefix, + sm->eap_type_authsrv, eap_type_text(sm->eap_type_authsrv), + sm->eap_type_supp, eap_type_text(sm->eap_type_supp)); + + fprintf(f, "%scached_packets=%s%s%s\n", prefix, + sm->last_recv_radius ? "[RX RADIUS]" : "", + sm->last_eap_radius ? "[EAP RADIUS]" : "", + sm->last_eap_supp ? "[EAP SUPPLICANT]" : ""); + + eapol_sm_dump_state(f, prefix, sm); +} +#endif /* HOSTAPD_DUMP_STATE */ + + +static int ieee802_1x_rekey_broadcast(struct hostapd_data *hapd) +{ + if (hapd->conf->default_wep_key_len < 1) + return 0; + + free(hapd->default_wep_key); + hapd->default_wep_key = malloc(hapd->conf->default_wep_key_len); + if (hapd->default_wep_key == NULL || + hostapd_get_rand(hapd->default_wep_key, + hapd->conf->default_wep_key_len)) { + printf("Could not generate random WEP key.\n"); + free(hapd->default_wep_key); + hapd->default_wep_key = NULL; + return -1; + } + + wpa_hexdump_key(MSG_DEBUG, "IEEE 802.1X: New default WEP key", + hapd->default_wep_key, + hapd->conf->default_wep_key_len); + + return 0; +} + + +static int ieee802_1x_sta_key_available(struct hostapd_data *hapd, + struct sta_info *sta, void *ctx) +{ + if (sta->eapol_sm) { + sta->eapol_sm->keyAvailable = TRUE; + eapol_sm_step(sta->eapol_sm); + } + return 0; +} + + +static void ieee802_1x_rekey(void *eloop_ctx, void *timeout_ctx) +{ + struct hostapd_data *hapd = eloop_ctx; + + if (hapd->default_wep_key_idx >= 3) + hapd->default_wep_key_idx = + hapd->conf->individual_wep_key_len > 0 ? 1 : 0; + else + hapd->default_wep_key_idx++; + + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "IEEE 802.1X: New default WEP " + "key index %d\n", hapd->default_wep_key_idx); + + if (ieee802_1x_rekey_broadcast(hapd)) { + hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE8021X, + HOSTAPD_LEVEL_WARNING, "failed to generate a " + "new broadcast key"); + free(hapd->default_wep_key); + hapd->default_wep_key = NULL; + return; + } + + /* TODO: Could setup key for RX here, but change default TX keyid only + * after new broadcast key has been sent to all stations. */ + if (hostapd_set_encryption(hapd->conf->iface, hapd, "WEP", NULL, + hapd->default_wep_key_idx, + hapd->default_wep_key, + hapd->conf->default_wep_key_len, 1)) { + hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE8021X, + HOSTAPD_LEVEL_WARNING, "failed to configure a " + "new broadcast key"); + free(hapd->default_wep_key); + hapd->default_wep_key = NULL; + return; + } + + ap_for_each_sta(hapd, ieee802_1x_sta_key_available, NULL); + + if (hapd->conf->wep_rekeying_period > 0) { + eloop_register_timeout(hapd->conf->wep_rekeying_period, 0, + ieee802_1x_rekey, hapd, NULL); + } +} + + +int ieee802_1x_init(struct hostapd_data *hapd) +{ + int i; + + if ((hapd->conf->ieee802_1x || hapd->conf->wpa) && + hostapd_set_ieee8021x(hapd->conf->iface, hapd, 1)) + return -1; + + if (radius_client_register(hapd->radius, RADIUS_AUTH, + ieee802_1x_receive_auth, hapd)) + return -1; + + if (hapd->conf->default_wep_key_len) { + hostapd_set_privacy(hapd, 1); + + for (i = 0; i < 4; i++) + hostapd_set_encryption(hapd->conf->iface, hapd, + "none", NULL, i, NULL, 0, 0); + + ieee802_1x_rekey(hapd, NULL); + + if (hapd->default_wep_key == NULL) + return -1; + } + + return 0; +} + + +void ieee802_1x_deinit(struct hostapd_data *hapd) +{ + if (hapd->driver != NULL && + (hapd->conf->ieee802_1x || hapd->conf->wpa)) + hostapd_set_ieee8021x(hapd->conf->iface, hapd, 0); +} + + +int ieee802_1x_reconfig(struct hostapd_data *hapd, + struct hostapd_config *oldconf, + struct hostapd_bss_config *oldbss) +{ + ieee802_1x_deinit(hapd); + return ieee802_1x_init(hapd); +} + + +static void ieee802_1x_new_auth_session(struct hostapd_data *hapd, + struct sta_info *sta) +{ + struct eapol_state_machine *sm = sta->eapol_sm; + if (sm == NULL) + return; + + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "IEEE 802.1X: station " MACSTR " - new auth session, " + "clearing State\n", MAC2STR(sta->addr)); + + if (sm->last_recv_radius) { + radius_msg_free(sm->last_recv_radius); + free(sm->last_recv_radius); + sm->last_recv_radius = NULL; + } + + sm->eapSuccess = FALSE; + sm->eapFail = FALSE; +} + + +int ieee802_1x_tx_status(struct hostapd_data *hapd, struct sta_info *sta, + u8 *buf, size_t len, int ack) +{ + struct ieee80211_hdr *hdr; + struct ieee802_1x_hdr *xhdr; + struct ieee802_1x_eapol_key *key; + u8 *pos; + + if (sta == NULL) + return -1; + if (len < sizeof(*hdr) + sizeof(rfc1042_header) + 2 + sizeof(*xhdr)) + return 0; + + hdr = (struct ieee80211_hdr *) buf; + pos = (u8 *) (hdr + 1); + if (memcmp(pos, rfc1042_header, sizeof(rfc1042_header)) != 0) + return 0; + pos += sizeof(rfc1042_header); + if (((pos[0] << 8) | pos[1]) != ETH_P_PAE) + return 0; + pos += 2; + + xhdr = (struct ieee802_1x_hdr *) pos; + pos += sizeof(*xhdr); + + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "IEEE 802.1X: " MACSTR + " TX status - version=%d type=%d length=%d - ack=%d\n", + MAC2STR(sta->addr), xhdr->version, xhdr->type, + ntohs(xhdr->length), ack); + + /* EAPOL EAP-Packet packets are eventually re-sent by either Supplicant + * or Authenticator state machines, but EAPOL-Key packets are not + * retransmitted in case of failure. Try to re-sent failed EAPOL-Key + * packets couple of times because otherwise STA keys become + * unsynchronized with AP. */ + if (xhdr->type == IEEE802_1X_TYPE_EAPOL_KEY && !ack && + pos + sizeof(*key) <= buf + len) { + key = (struct ieee802_1x_eapol_key *) pos; + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE8021X, + HOSTAPD_LEVEL_DEBUG, "did not Ack EAPOL-Key " + "frame (%scast index=%d)", + key->key_index & BIT(7) ? "uni" : "broad", + key->key_index & ~BIT(7)); + /* TODO: re-send EAPOL-Key couple of times (with short delay + * between them?). If all attempt fail, report error and + * deauthenticate STA so that it will get new keys when + * authenticating again (e.g., after returning in range). + * Separate limit/transmit state needed both for unicast and + * broadcast keys(?) */ + } + /* TODO: could move unicast key configuration from ieee802_1x_tx_key() + * to here and change the key only if the EAPOL-Key packet was Acked. + */ + + return 1; +} + + +u8 * ieee802_1x_get_identity(struct eapol_state_machine *sm, size_t *len) +{ + if (sm == NULL || sm->identity == NULL) + return NULL; + + *len = sm->identity_len; + return sm->identity; +} + + +u8 * ieee802_1x_get_radius_class(struct eapol_state_machine *sm, size_t *len, + int idx) +{ + if (sm == NULL || sm->radius_class.attr == NULL || + idx >= (int) sm->radius_class.count) + return NULL; + + *len = sm->radius_class.attr[idx].len; + return sm->radius_class.attr[idx].data; +} + + +u8 * ieee802_1x_get_key_crypt(struct eapol_state_machine *sm, size_t *len) +{ + if (sm == NULL) + return NULL; + + *len = sm->eapol_key_crypt_len; + return sm->eapol_key_crypt; +} + + +void ieee802_1x_notify_port_enabled(struct eapol_state_machine *sm, + int enabled) +{ + if (sm == NULL) + return; + sm->portEnabled = enabled ? TRUE : FALSE; + eapol_sm_step(sm); +} + + +void ieee802_1x_notify_port_valid(struct eapol_state_machine *sm, + int valid) +{ + if (sm == NULL) + return; + sm->portValid = valid ? TRUE : FALSE; + eapol_sm_step(sm); +} + + +void ieee802_1x_notify_pre_auth(struct eapol_state_machine *sm, int pre_auth) +{ + if (sm == NULL) + return; + if (pre_auth) + sm->flags |= EAPOL_SM_PREAUTH; + else + sm->flags &= ~EAPOL_SM_PREAUTH; +} + + +static const char * bool_txt(Boolean bool) +{ + return bool ? "TRUE" : "FALSE"; +} + + +int ieee802_1x_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen) +{ + /* TODO */ + return 0; +} + + +int ieee802_1x_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta, + char *buf, size_t buflen) +{ + int len = 0, ret; + struct eapol_state_machine *sm = sta->eapol_sm; + + if (sm == NULL) + return 0; + + ret = snprintf(buf + len, buflen - len, + "dot1xPaePortNumber=%d\n" + "dot1xPaePortProtocolVersion=%d\n" + "dot1xPaePortCapabilities=1\n" + "dot1xPaePortInitialize=%d\n" + "dot1xPaePortReauthenticate=FALSE\n", + sta->aid, + EAPOL_VERSION, + sm->initialize); + if (ret < 0 || (size_t) ret >= buflen - len) + return len; + len += ret; + + /* dot1xAuthConfigTable */ + ret = snprintf(buf + len, buflen - len, + "dot1xAuthPaeState=%d\n" + "dot1xAuthBackendAuthState=%d\n" + "dot1xAuthAdminControlledDirections=%d\n" + "dot1xAuthOperControlledDirections=%d\n" + "dot1xAuthAuthControlledPortStatus=%d\n" + "dot1xAuthAuthControlledPortControl=%d\n" + "dot1xAuthQuietPeriod=%u\n" + "dot1xAuthServerTimeout=%u\n" + "dot1xAuthReAuthPeriod=%u\n" + "dot1xAuthReAuthEnabled=%s\n" + "dot1xAuthKeyTxEnabled=%s\n", + sm->auth_pae_state + 1, + sm->be_auth_state + 1, + sm->adminControlledDirections, + sm->operControlledDirections, + sm->authPortStatus, + sm->portControl, + sm->quietPeriod, + sm->serverTimeout, + sm->reAuthPeriod, + bool_txt(sm->reAuthEnabled), + bool_txt(sm->keyTxEnabled)); + if (ret < 0 || (size_t) ret >= buflen - len) + return len; + len += ret; + + /* dot1xAuthStatsTable */ + ret = snprintf(buf + len, buflen - len, + "dot1xAuthEapolFramesRx=%u\n" + "dot1xAuthEapolFramesTx=%u\n" + "dot1xAuthEapolStartFramesRx=%u\n" + "dot1xAuthEapolLogoffFramesRx=%u\n" + "dot1xAuthEapolRespIdFramesRx=%u\n" + "dot1xAuthEapolRespFramesRx=%u\n" + "dot1xAuthEapolReqIdFramesTx=%u\n" + "dot1xAuthEapolReqFramesTx=%u\n" + "dot1xAuthInvalidEapolFramesRx=%u\n" + "dot1xAuthEapLengthErrorFramesRx=%u\n" + "dot1xAuthLastEapolFrameVersion=%u\n" + "dot1xAuthLastEapolFrameSource=" MACSTR "\n", + sm->dot1xAuthEapolFramesRx, + sm->dot1xAuthEapolFramesTx, + sm->dot1xAuthEapolStartFramesRx, + sm->dot1xAuthEapolLogoffFramesRx, + sm->dot1xAuthEapolRespIdFramesRx, + sm->dot1xAuthEapolRespFramesRx, + sm->dot1xAuthEapolReqIdFramesTx, + sm->dot1xAuthEapolReqFramesTx, + sm->dot1xAuthInvalidEapolFramesRx, + sm->dot1xAuthEapLengthErrorFramesRx, + sm->dot1xAuthLastEapolFrameVersion, + MAC2STR(sm->addr)); + if (ret < 0 || (size_t) ret >= buflen - len) + return len; + len += ret; + + /* dot1xAuthDiagTable */ + ret = snprintf(buf + len, buflen - len, + "dot1xAuthEntersConnecting=%u\n" + "dot1xAuthEapLogoffsWhileConnecting=%u\n" + "dot1xAuthEntersAuthenticating=%u\n" + "dot1xAuthAuthSuccessesWhileAuthenticating=%u\n" + "dot1xAuthAuthTimeoutsWhileAuthenticating=%u\n" + "dot1xAuthAuthFailWhileAuthenticating=%u\n" + "dot1xAuthAuthEapStartsWhileAuthenticating=%u\n" + "dot1xAuthAuthEapLogoffWhileAuthenticating=%u\n" + "dot1xAuthAuthReauthsWhileAuthenticated=%u\n" + "dot1xAuthAuthEapStartsWhileAuthenticated=%u\n" + "dot1xAuthAuthEapLogoffWhileAuthenticated=%u\n" + "dot1xAuthBackendResponses=%u\n" + "dot1xAuthBackendAccessChallenges=%u\n" + "dot1xAuthBackendOtherRequestsToSupplicant=%u\n" + "dot1xAuthBackendAuthSuccesses=%u\n" + "dot1xAuthBackendAuthFails=%u\n", + sm->authEntersConnecting, + sm->authEapLogoffsWhileConnecting, + sm->authEntersAuthenticating, + sm->authAuthSuccessesWhileAuthenticating, + sm->authAuthTimeoutsWhileAuthenticating, + sm->authAuthFailWhileAuthenticating, + sm->authAuthEapStartsWhileAuthenticating, + sm->authAuthEapLogoffWhileAuthenticating, + sm->authAuthReauthsWhileAuthenticated, + sm->authAuthEapStartsWhileAuthenticated, + sm->authAuthEapLogoffWhileAuthenticated, + sm->backendResponses, + sm->backendAccessChallenges, + sm->backendOtherRequestsToSupplicant, + sm->backendAuthSuccesses, + sm->backendAuthFails); + if (ret < 0 || (size_t) ret >= buflen - len) + return len; + len += ret; + + /* dot1xAuthSessionStatsTable */ + ret = snprintf(buf + len, buflen - len, + /* TODO: dot1xAuthSessionOctetsRx */ + /* TODO: dot1xAuthSessionOctetsTx */ + /* TODO: dot1xAuthSessionFramesRx */ + /* TODO: dot1xAuthSessionFramesTx */ + "dot1xAuthSessionId=%08X-%08X\n" + "dot1xAuthSessionAuthenticMethod=%d\n" + "dot1xAuthSessionTime=%u\n" + "dot1xAuthSessionTerminateCause=999\n" + "dot1xAuthSessionUserName=%s\n", + sta->acct_session_id_hi, sta->acct_session_id_lo, + wpa_auth_sta_key_mgmt(sta->wpa_sm) == + WPA_KEY_MGMT_IEEE8021X ? 1 : 2, + (unsigned int) (time(NULL) - sta->acct_session_start), + sm->identity); + if (ret < 0 || (size_t) ret >= buflen - len) + return len; + len += ret; + + return len; +} + + +void ieee802_1x_finished(struct hostapd_data *hapd, struct sta_info *sta, + int success) +{ + u8 *key; + size_t len; + /* TODO: get PMKLifetime from WPA parameters */ + static const int dot11RSNAConfigPMKLifetime = 43200; + + key = ieee802_1x_get_key_crypt(sta->eapol_sm, &len); + if (success && key && + wpa_auth_pmksa_add(sta->wpa_sm, key, dot11RSNAConfigPMKLifetime, + sta->eapol_sm) == 0) { + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_WPA, + HOSTAPD_LEVEL_DEBUG, + "Added PMKSA cache entry (IEEE 802.1X)"); + } +} diff --git a/contrib/hostapd-0.5.8/ieee802_1x.h b/contrib/hostapd-0.5.8/ieee802_1x.h new file mode 100644 index 0000000000..70b21de700 --- /dev/null +++ b/contrib/hostapd-0.5.8/ieee802_1x.h @@ -0,0 +1,90 @@ +/* + * hostapd / IEEE 802.1X Authenticator + * Copyright (c) 2002-2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef IEEE802_1X_H +#define IEEE802_1X_H + +/* draft-congdon-radius-8021x-20.txt */ + +struct ieee802_1x_eapol_key { + u8 type; + u16 key_length; + u8 replay_counter[8]; /* does not repeat within the life of the keying + * material used to encrypt the Key field; + * 64-bit NTP timestamp MAY be used here */ + u8 key_iv[16]; /* cryptographically random number */ + u8 key_index; /* key flag in the most significant bit: + * 0 = broadcast (default key), + * 1 = unicast (key mapping key); key index is in the + * 7 least significant bits */ + u8 key_signature[16]; /* HMAC-MD5 message integrity check computed with + * MS-MPPE-Send-Key as the key */ + + /* followed by key: if packet body length = 44 + key length, then the + * key field (of key_length bytes) contains the key in encrypted form; + * if packet body length = 44, key field is absent and key_length + * represents the number of least significant octets from + * MS-MPPE-Send-Key attribute to be used as the keying material; + * RC4 key used in encryption = Key-IV + MS-MPPE-Recv-Key */ +} __attribute__ ((packed)); + + +void ieee802_1x_receive(struct hostapd_data *hapd, const u8 *sa, const u8 *buf, + size_t len); +void ieee802_1x_new_station(struct hostapd_data *hapd, struct sta_info *sta); +void ieee802_1x_free_station(struct sta_info *sta); + +void ieee802_1x_request_identity(struct hostapd_data *hapd, + struct sta_info *sta); +void ieee802_1x_tx_canned_eap(struct hostapd_data *hapd, struct sta_info *sta, + int success); +void ieee802_1x_tx_req(struct hostapd_data *hapd, struct sta_info *sta); +void ieee802_1x_tx_key(struct hostapd_data *hapd, struct sta_info *sta); +void ieee802_1x_send_resp_to_server(struct hostapd_data *hapd, + struct sta_info *sta); +void ieee802_1x_abort_auth(struct hostapd_data *hapd, struct sta_info *sta); +void ieee802_1x_set_sta_authorized(struct hostapd_data *hapd, + struct sta_info *sta, int authorized); +void ieee802_1x_dump_state(FILE *f, const char *prefix, struct sta_info *sta); +int ieee802_1x_init(struct hostapd_data *hapd); +void ieee802_1x_deinit(struct hostapd_data *hapd); +int ieee802_1x_reconfig(struct hostapd_data *hapd, + struct hostapd_config *oldconf, + struct hostapd_bss_config *oldbss); +int ieee802_1x_tx_status(struct hostapd_data *hapd, struct sta_info *sta, + u8 *buf, size_t len, int ack); +u8 * ieee802_1x_get_identity(struct eapol_state_machine *sm, size_t *len); +u8 * ieee802_1x_get_radius_class(struct eapol_state_machine *sm, size_t *len, + int idx); +u8 * ieee802_1x_get_key_crypt(struct eapol_state_machine *sm, size_t *len); +void ieee802_1x_notify_port_enabled(struct eapol_state_machine *sm, + int enabled); +void ieee802_1x_notify_port_valid(struct eapol_state_machine *sm, + int valid); +void ieee802_1x_notify_pre_auth(struct eapol_state_machine *sm, int pre_auth); +int ieee802_1x_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen); +int ieee802_1x_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta, + char *buf, size_t buflen); +void hostapd_get_ntp_timestamp(u8 *buf); +void ieee802_1x_finished(struct hostapd_data *hapd, struct sta_info *sta, + int success); +char *eap_type_text(u8 type); + +struct radius_class_data; + +void ieee802_1x_free_radius_class(struct radius_class_data *class); +int ieee802_1x_copy_radius_class(struct radius_class_data *dst, + struct radius_class_data *src); + +#endif /* IEEE802_1X_H */ diff --git a/contrib/hostapd-0.5.8/includes.h b/contrib/hostapd-0.5.8/includes.h new file mode 100644 index 0000000000..84308c3a37 --- /dev/null +++ b/contrib/hostapd-0.5.8/includes.h @@ -0,0 +1,57 @@ +/* + * wpa_supplicant/hostapd - Default include files + * Copyright (c) 2005-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + * + * This header file is included into all C files so that commonly used header + * files can be selected with OS specific #ifdefs in one place instead of + * having to have OS/C library specific selection in many files. + */ + +#ifndef INCLUDES_H +#define INCLUDES_H + +/* Include possible build time configuration before including anything else */ +#include "build_config.h" + +#include +#include +#include +#include +#ifndef _WIN32_WCE +#ifndef CONFIG_TI_COMPILER +#include +#include +#endif /* CONFIG_TI_COMPILER */ +#include +#endif /* _WIN32_WCE */ +#include +#include + +#ifndef CONFIG_TI_COMPILER +#ifndef _MSC_VER +#include +#endif /* _MSC_VER */ +#endif /* CONFIG_TI_COMPILER */ + +#ifndef CONFIG_NATIVE_WINDOWS +#ifndef CONFIG_TI_COMPILER +#include +#include +#include +#ifndef __vxworks +#include +#include +#endif /* __vxworks */ +#endif /* CONFIG_TI_COMPILER */ +#endif /* CONFIG_NATIVE_WINDOWS */ + +#endif /* INCLUDES_H */ diff --git a/contrib/hostapd-0.5.8/l2_packet.h b/contrib/hostapd-0.5.8/l2_packet.h new file mode 100644 index 0000000000..540f0a116b --- /dev/null +++ b/contrib/hostapd-0.5.8/l2_packet.h @@ -0,0 +1,141 @@ +/* + * WPA Supplicant - Layer2 packet interface definition + * Copyright (c) 2003-2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + * + * This file defines an interface for layer 2 (link layer) packet sending and + * receiving. l2_packet_linux.c is one implementation for such a layer 2 + * implementation using Linux packet sockets and l2_packet_pcap.c another one + * using libpcap and libdnet. When porting %wpa_supplicant to other operating + * systems, a new l2_packet implementation may need to be added. + */ + +#ifndef L2_PACKET_H +#define L2_PACKET_H + +#define MAC2STR(a) (a)[0], (a)[1], (a)[2], (a)[3], (a)[4], (a)[5] +#define MACSTR "%02x:%02x:%02x:%02x:%02x:%02x" + +#ifndef ETH_P_EAPOL +#define ETH_P_EAPOL 0x888e +#endif + +#ifndef ETH_P_RSN_PREAUTH +#define ETH_P_RSN_PREAUTH 0x88c7 +#endif + +/** + * struct l2_packet_data - Internal l2_packet data structure + * + * This structure is used by the l2_packet implementation to store its private + * data. Other files use a pointer to this data when calling the l2_packet + * functions, but the contents of this structure should not be used directly + * outside l2_packet implementation. + */ +struct l2_packet_data; + +#ifdef _MSC_VER +#pragma pack(push, 1) +#endif /* _MSC_VER */ + +struct l2_ethhdr { + u8 h_dest[ETH_ALEN]; + u8 h_source[ETH_ALEN]; + u16 h_proto; +} STRUCT_PACKED; + +#ifdef _MSC_VER +#pragma pack(pop) +#endif /* _MSC_VER */ + +/** + * l2_packet_init - Initialize l2_packet interface + * @ifname: Interface name + * @own_addr: Optional own MAC address if available from driver interface or + * %NULL if not available + * @protocol: Ethernet protocol number in host byte order + * @rx_callback: Callback function that will be called for each received packet + * @rx_callback_ctx: Callback data (ctx) for calls to rx_callback() + * @l2_hdr: 1 = include layer 2 header, 0 = do not include header + * Returns: Pointer to internal data or %NULL on failure + * + * rx_callback function will be called with src_addr pointing to the source + * address (MAC address) of the the packet. If l2_hdr is set to 0, buf + * points to len bytes of the payload after the layer 2 header and similarly, + * TX buffers start with payload. This behavior can be changed by setting + * l2_hdr=1 to include the layer 2 header in the data buffer. + */ +struct l2_packet_data * l2_packet_init( + const char *ifname, const u8 *own_addr, unsigned short protocol, + void (*rx_callback)(void *ctx, const u8 *src_addr, + const u8 *buf, size_t len), + void *rx_callback_ctx, int l2_hdr); + +/** + * l2_packet_deinit - Deinitialize l2_packet interface + * @l2: Pointer to internal l2_packet data from l2_packet_init() + */ +void l2_packet_deinit(struct l2_packet_data *l2); + +/** + * l2_packet_get_own_addr - Get own layer 2 address + * @l2: Pointer to internal l2_packet data from l2_packet_init() + * @addr: Buffer for the own address (6 bytes) + * Returns: 0 on success, -1 on failure + */ +int l2_packet_get_own_addr(struct l2_packet_data *l2, u8 *addr); + +/** + * l2_packet_send - Send a packet + * @l2: Pointer to internal l2_packet data from l2_packet_init() + * @dst_addr: Destination address for the packet (only used if l2_hdr == 0) + * @proto: Protocol/ethertype for the packet in host byte order (only used if + * l2_hdr == 0) + * @buf: Packet contents to be sent; including layer 2 header if l2_hdr was + * set to 1 in l2_packet_init() call. Otherwise, only the payload of the packet + * is included. + * @len: Length of the buffer (including l2 header only if l2_hdr == 1) + * Returns: >=0 on success, <0 on failure + */ +int l2_packet_send(struct l2_packet_data *l2, const u8 *dst_addr, u16 proto, + const u8 *buf, size_t len); + +/** + * l2_packet_get_ip_addr - Get the current IP address from the interface + * @l2: Pointer to internal l2_packet data from l2_packet_init() + * @buf: Buffer for the IP address in text format + * @len: Maximum buffer length + * Returns: 0 on success, -1 on failure + * + * This function can be used to get the current IP address from the interface + * bound to the l2_packet. This is mainly for status information and the IP + * address will be stored as an ASCII string. This function is not essential + * for %wpa_supplicant operation, so full implementation is not required. + * l2_packet implementation will need to define the function, but it can return + * -1 if the IP address information is not available. + */ +int l2_packet_get_ip_addr(struct l2_packet_data *l2, char *buf, size_t len); + + +/** + * l2_packet_notify_auth_start - Notify l2_packet about start of authentication + * @l2: Pointer to internal l2_packet data from l2_packet_init() + * + * This function is called when authentication is expected to start, e.g., when + * association has been completed, in order to prepare l2_packet implementation + * for EAPOL frames. This function is used mainly if the l2_packet code needs + * to do polling in which case it can increasing polling frequency. This can + * also be an empty function if the l2_packet implementation does not benefit + * from knowing about the starting authentication. + */ +void l2_packet_notify_auth_start(struct l2_packet_data *l2); + +#endif /* L2_PACKET_H */ diff --git a/contrib/hostapd-0.5.8/md4.c b/contrib/hostapd-0.5.8/md4.c new file mode 100644 index 0000000000..41c84a3a7b --- /dev/null +++ b/contrib/hostapd-0.5.8/md4.c @@ -0,0 +1,282 @@ +/* + * MD4 hash implementation + * Copyright (c) 2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "common.h" +#include "crypto.h" + + +#ifdef INTERNAL_MD4 + +#define MD4_BLOCK_LENGTH 64 +#define MD4_DIGEST_LENGTH 16 + +typedef struct MD4Context { + u32 state[4]; /* state */ + u64 count; /* number of bits, mod 2^64 */ + u8 buffer[MD4_BLOCK_LENGTH]; /* input buffer */ +} MD4_CTX; + + +static void MD4Init(MD4_CTX *ctx); +static void MD4Update(MD4_CTX *ctx, const unsigned char *input, size_t len); +static void MD4Final(unsigned char digest[MD4_DIGEST_LENGTH], MD4_CTX *ctx); + + +void md4_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) +{ + MD4_CTX ctx; + size_t i; + + MD4Init(&ctx); + for (i = 0; i < num_elem; i++) + MD4Update(&ctx, addr[i], len[i]); + MD4Final(mac, &ctx); +} + + +/* ===== start - public domain MD4 implementation ===== */ +/* $OpenBSD: md4.c,v 1.7 2005/08/08 08:05:35 espie Exp $ */ + +/* + * This code implements the MD4 message-digest algorithm. + * The algorithm is due to Ron Rivest. This code was + * written by Colin Plumb in 1993, no copyright is claimed. + * This code is in the public domain; do with it what you wish. + * Todd C. Miller modified the MD5 code to do MD4 based on RFC 1186. + * + * Equivalent code is available from RSA Data Security, Inc. + * This code has been tested against that, and is equivalent, + * except that you don't need to include two pages of legalese + * with every copy. + * + * To compute the message digest of a chunk of bytes, declare an + * MD4Context structure, pass it to MD4Init, call MD4Update as + * needed on buffers full of bytes, and then call MD4Final, which + * will fill a supplied 16-byte array with the digest. + */ + +#define MD4_DIGEST_STRING_LENGTH (MD4_DIGEST_LENGTH * 2 + 1) + + +static void +MD4Transform(u32 state[4], const u8 block[MD4_BLOCK_LENGTH]); + +#define PUT_64BIT_LE(cp, value) do { \ + (cp)[7] = (value) >> 56; \ + (cp)[6] = (value) >> 48; \ + (cp)[5] = (value) >> 40; \ + (cp)[4] = (value) >> 32; \ + (cp)[3] = (value) >> 24; \ + (cp)[2] = (value) >> 16; \ + (cp)[1] = (value) >> 8; \ + (cp)[0] = (value); } while (0) + +#define PUT_32BIT_LE(cp, value) do { \ + (cp)[3] = (value) >> 24; \ + (cp)[2] = (value) >> 16; \ + (cp)[1] = (value) >> 8; \ + (cp)[0] = (value); } while (0) + +static u8 PADDING[MD4_BLOCK_LENGTH] = { + 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 +}; + +/* + * Start MD4 accumulation. + * Set bit count to 0 and buffer to mysterious initialization constants. + */ +static void MD4Init(MD4_CTX *ctx) +{ + ctx->count = 0; + ctx->state[0] = 0x67452301; + ctx->state[1] = 0xefcdab89; + ctx->state[2] = 0x98badcfe; + ctx->state[3] = 0x10325476; +} + +/* + * Update context to reflect the concatenation of another buffer full + * of bytes. + */ +static void MD4Update(MD4_CTX *ctx, const unsigned char *input, size_t len) +{ + size_t have, need; + + /* Check how many bytes we already have and how many more we need. */ + have = (size_t)((ctx->count >> 3) & (MD4_BLOCK_LENGTH - 1)); + need = MD4_BLOCK_LENGTH - have; + + /* Update bitcount */ + ctx->count += (u64)len << 3; + + if (len >= need) { + if (have != 0) { + os_memcpy(ctx->buffer + have, input, need); + MD4Transform(ctx->state, ctx->buffer); + input += need; + len -= need; + have = 0; + } + + /* Process data in MD4_BLOCK_LENGTH-byte chunks. */ + while (len >= MD4_BLOCK_LENGTH) { + MD4Transform(ctx->state, input); + input += MD4_BLOCK_LENGTH; + len -= MD4_BLOCK_LENGTH; + } + } + + /* Handle any remaining bytes of data. */ + if (len != 0) + os_memcpy(ctx->buffer + have, input, len); +} + +/* + * Pad pad to 64-byte boundary with the bit pattern + * 1 0* (64-bit count of bits processed, MSB-first) + */ +static void MD4Pad(MD4_CTX *ctx) +{ + u8 count[8]; + size_t padlen; + + /* Convert count to 8 bytes in little endian order. */ + PUT_64BIT_LE(count, ctx->count); + + /* Pad out to 56 mod 64. */ + padlen = MD4_BLOCK_LENGTH - + ((ctx->count >> 3) & (MD4_BLOCK_LENGTH - 1)); + if (padlen < 1 + 8) + padlen += MD4_BLOCK_LENGTH; + MD4Update(ctx, PADDING, padlen - 8); /* padlen - 8 <= 64 */ + MD4Update(ctx, count, 8); +} + +/* + * Final wrapup--call MD4Pad, fill in digest and zero out ctx. + */ +static void MD4Final(unsigned char digest[MD4_DIGEST_LENGTH], MD4_CTX *ctx) +{ + int i; + + MD4Pad(ctx); + if (digest != NULL) { + for (i = 0; i < 4; i++) + PUT_32BIT_LE(digest + i * 4, ctx->state[i]); + os_memset(ctx, 0, sizeof(*ctx)); + } +} + + +/* The three core functions - F1 is optimized somewhat */ + +/* #define F1(x, y, z) (x & y | ~x & z) */ +#define F1(x, y, z) (z ^ (x & (y ^ z))) +#define F2(x, y, z) ((x & y) | (x & z) | (y & z)) +#define F3(x, y, z) (x ^ y ^ z) + +/* This is the central step in the MD4 algorithm. */ +#define MD4STEP(f, w, x, y, z, data, s) \ + ( w += f(x, y, z) + data, w = w<>(32-s) ) + +/* + * The core of the MD4 algorithm, this alters an existing MD4 hash to + * reflect the addition of 16 longwords of new data. MD4Update blocks + * the data and converts bytes into longwords for this routine. + */ +static void +MD4Transform(u32 state[4], const u8 block[MD4_BLOCK_LENGTH]) +{ + u32 a, b, c, d, in[MD4_BLOCK_LENGTH / 4]; + +#if BYTE_ORDER == LITTLE_ENDIAN + os_memcpy(in, block, sizeof(in)); +#else + for (a = 0; a < MD4_BLOCK_LENGTH / 4; a++) { + in[a] = (u32)( + (u32)(block[a * 4 + 0]) | + (u32)(block[a * 4 + 1]) << 8 | + (u32)(block[a * 4 + 2]) << 16 | + (u32)(block[a * 4 + 3]) << 24); + } +#endif + + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + + MD4STEP(F1, a, b, c, d, in[ 0], 3); + MD4STEP(F1, d, a, b, c, in[ 1], 7); + MD4STEP(F1, c, d, a, b, in[ 2], 11); + MD4STEP(F1, b, c, d, a, in[ 3], 19); + MD4STEP(F1, a, b, c, d, in[ 4], 3); + MD4STEP(F1, d, a, b, c, in[ 5], 7); + MD4STEP(F1, c, d, a, b, in[ 6], 11); + MD4STEP(F1, b, c, d, a, in[ 7], 19); + MD4STEP(F1, a, b, c, d, in[ 8], 3); + MD4STEP(F1, d, a, b, c, in[ 9], 7); + MD4STEP(F1, c, d, a, b, in[10], 11); + MD4STEP(F1, b, c, d, a, in[11], 19); + MD4STEP(F1, a, b, c, d, in[12], 3); + MD4STEP(F1, d, a, b, c, in[13], 7); + MD4STEP(F1, c, d, a, b, in[14], 11); + MD4STEP(F1, b, c, d, a, in[15], 19); + + MD4STEP(F2, a, b, c, d, in[ 0] + 0x5a827999, 3); + MD4STEP(F2, d, a, b, c, in[ 4] + 0x5a827999, 5); + MD4STEP(F2, c, d, a, b, in[ 8] + 0x5a827999, 9); + MD4STEP(F2, b, c, d, a, in[12] + 0x5a827999, 13); + MD4STEP(F2, a, b, c, d, in[ 1] + 0x5a827999, 3); + MD4STEP(F2, d, a, b, c, in[ 5] + 0x5a827999, 5); + MD4STEP(F2, c, d, a, b, in[ 9] + 0x5a827999, 9); + MD4STEP(F2, b, c, d, a, in[13] + 0x5a827999, 13); + MD4STEP(F2, a, b, c, d, in[ 2] + 0x5a827999, 3); + MD4STEP(F2, d, a, b, c, in[ 6] + 0x5a827999, 5); + MD4STEP(F2, c, d, a, b, in[10] + 0x5a827999, 9); + MD4STEP(F2, b, c, d, a, in[14] + 0x5a827999, 13); + MD4STEP(F2, a, b, c, d, in[ 3] + 0x5a827999, 3); + MD4STEP(F2, d, a, b, c, in[ 7] + 0x5a827999, 5); + MD4STEP(F2, c, d, a, b, in[11] + 0x5a827999, 9); + MD4STEP(F2, b, c, d, a, in[15] + 0x5a827999, 13); + + MD4STEP(F3, a, b, c, d, in[ 0] + 0x6ed9eba1, 3); + MD4STEP(F3, d, a, b, c, in[ 8] + 0x6ed9eba1, 9); + MD4STEP(F3, c, d, a, b, in[ 4] + 0x6ed9eba1, 11); + MD4STEP(F3, b, c, d, a, in[12] + 0x6ed9eba1, 15); + MD4STEP(F3, a, b, c, d, in[ 2] + 0x6ed9eba1, 3); + MD4STEP(F3, d, a, b, c, in[10] + 0x6ed9eba1, 9); + MD4STEP(F3, c, d, a, b, in[ 6] + 0x6ed9eba1, 11); + MD4STEP(F3, b, c, d, a, in[14] + 0x6ed9eba1, 15); + MD4STEP(F3, a, b, c, d, in[ 1] + 0x6ed9eba1, 3); + MD4STEP(F3, d, a, b, c, in[ 9] + 0x6ed9eba1, 9); + MD4STEP(F3, c, d, a, b, in[ 5] + 0x6ed9eba1, 11); + MD4STEP(F3, b, c, d, a, in[13] + 0x6ed9eba1, 15); + MD4STEP(F3, a, b, c, d, in[ 3] + 0x6ed9eba1, 3); + MD4STEP(F3, d, a, b, c, in[11] + 0x6ed9eba1, 9); + MD4STEP(F3, c, d, a, b, in[ 7] + 0x6ed9eba1, 11); + MD4STEP(F3, b, c, d, a, in[15] + 0x6ed9eba1, 15); + + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; +} +/* ===== end - public domain MD4 implementation ===== */ + +#endif /* INTERNAL_MD4 */ diff --git a/contrib/hostapd-0.5.8/md5.c b/contrib/hostapd-0.5.8/md5.c new file mode 100644 index 0000000000..a7db7aa9a7 --- /dev/null +++ b/contrib/hostapd-0.5.8/md5.c @@ -0,0 +1,394 @@ +/* + * MD5 hash implementation and interface functions + * Copyright (c) 2003-2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "common.h" +#include "md5.h" +#include "crypto.h" + + +/** + * hmac_md5_vector - HMAC-MD5 over data vector (RFC 2104) + * @key: Key for HMAC operations + * @key_len: Length of the key in bytes + * @num_elem: Number of elements in the data vector + * @addr: Pointers to the data areas + * @len: Lengths of the data blocks + * @mac: Buffer for the hash (16 bytes) + */ +void hmac_md5_vector(const u8 *key, size_t key_len, size_t num_elem, + const u8 *addr[], const size_t *len, u8 *mac) +{ + u8 k_pad[64]; /* padding - key XORd with ipad/opad */ + u8 tk[16]; + const u8 *_addr[6]; + size_t i, _len[6]; + + if (num_elem > 5) { + /* + * Fixed limit on the number of fragments to avoid having to + * allocate memory (which could fail). + */ + return; + } + + /* if key is longer than 64 bytes reset it to key = MD5(key) */ + if (key_len > 64) { + md5_vector(1, &key, &key_len, tk); + key = tk; + key_len = 16; + } + + /* the HMAC_MD5 transform looks like: + * + * MD5(K XOR opad, MD5(K XOR ipad, text)) + * + * where K is an n byte key + * ipad is the byte 0x36 repeated 64 times + * opad is the byte 0x5c repeated 64 times + * and text is the data being protected */ + + /* start out by storing key in ipad */ + os_memset(k_pad, 0, sizeof(k_pad)); + os_memcpy(k_pad, key, key_len); + + /* XOR key with ipad values */ + for (i = 0; i < 64; i++) + k_pad[i] ^= 0x36; + + /* perform inner MD5 */ + _addr[0] = k_pad; + _len[0] = 64; + for (i = 0; i < num_elem; i++) { + _addr[i + 1] = addr[i]; + _len[i + 1] = len[i]; + } + md5_vector(1 + num_elem, _addr, _len, mac); + + os_memset(k_pad, 0, sizeof(k_pad)); + os_memcpy(k_pad, key, key_len); + /* XOR key with opad values */ + for (i = 0; i < 64; i++) + k_pad[i] ^= 0x5c; + + /* perform outer MD5 */ + _addr[0] = k_pad; + _len[0] = 64; + _addr[1] = mac; + _len[1] = MD5_MAC_LEN; + md5_vector(2, _addr, _len, mac); +} + + +/** + * hmac_md5 - HMAC-MD5 over data buffer (RFC 2104) + * @key: Key for HMAC operations + * @key_len: Length of the key in bytes + * @data: Pointers to the data area + * @data_len: Length of the data area + * @mac: Buffer for the hash (16 bytes) + */ +void hmac_md5(const u8 *key, size_t key_len, const u8 *data, size_t data_len, + u8 *mac) +{ + hmac_md5_vector(key, key_len, 1, &data, &data_len, mac); +} + + +#ifdef INTERNAL_MD5 + +struct MD5Context { + u32 buf[4]; + u32 bits[2]; + u8 in[64]; +}; + +#ifndef CONFIG_CRYPTO_INTERNAL +static void MD5Init(struct MD5Context *context); +static void MD5Update(struct MD5Context *context, unsigned char const *buf, + unsigned len); +static void MD5Final(unsigned char digest[16], struct MD5Context *context); +#endif /* CONFIG_CRYPTO_INTERNAL */ +static void MD5Transform(u32 buf[4], u32 const in[16]); + + +typedef struct MD5Context MD5_CTX; + + +/** + * md5_vector - MD5 hash for data vector + * @num_elem: Number of elements in the data vector + * @addr: Pointers to the data areas + * @len: Lengths of the data blocks + * @mac: Buffer for the hash + */ +void md5_vector(size_t num_elem, const u8 *addr[], const size_t *len, u8 *mac) +{ + MD5_CTX ctx; + size_t i; + + MD5Init(&ctx); + for (i = 0; i < num_elem; i++) + MD5Update(&ctx, addr[i], len[i]); + MD5Final(mac, &ctx); +} + + +/* ===== start - public domain MD5 implementation ===== */ +/* + * This code implements the MD5 message-digest algorithm. + * The algorithm is due to Ron Rivest. This code was + * written by Colin Plumb in 1993, no copyright is claimed. + * This code is in the public domain; do with it what you wish. + * + * Equivalent code is available from RSA Data Security, Inc. + * This code has been tested against that, and is equivalent, + * except that you don't need to include two pages of legalese + * with every copy. + * + * To compute the message digest of a chunk of bytes, declare an + * MD5Context structure, pass it to MD5Init, call MD5Update as + * needed on buffers full of bytes, and then call MD5Final, which + * will fill a supplied 16-byte array with the digest. + */ + +#ifndef WORDS_BIGENDIAN +#define byteReverse(buf, len) /* Nothing */ +#else +/* + * Note: this code is harmless on little-endian machines. + */ +static void byteReverse(unsigned char *buf, unsigned longs) +{ + u32 t; + do { + t = (u32) ((unsigned) buf[3] << 8 | buf[2]) << 16 | + ((unsigned) buf[1] << 8 | buf[0]); + *(u32 *) buf = t; + buf += 4; + } while (--longs); +} +#endif + +/* + * Start MD5 accumulation. Set bit count to 0 and buffer to mysterious + * initialization constants. + */ +void MD5Init(struct MD5Context *ctx) +{ + ctx->buf[0] = 0x67452301; + ctx->buf[1] = 0xefcdab89; + ctx->buf[2] = 0x98badcfe; + ctx->buf[3] = 0x10325476; + + ctx->bits[0] = 0; + ctx->bits[1] = 0; +} + +/* + * Update context to reflect the concatenation of another buffer full + * of bytes. + */ +void MD5Update(struct MD5Context *ctx, unsigned char const *buf, unsigned len) +{ + u32 t; + + /* Update bitcount */ + + t = ctx->bits[0]; + if ((ctx->bits[0] = t + ((u32) len << 3)) < t) + ctx->bits[1]++; /* Carry from low to high */ + ctx->bits[1] += len >> 29; + + t = (t >> 3) & 0x3f; /* Bytes already in shsInfo->data */ + + /* Handle any leading odd-sized chunks */ + + if (t) { + unsigned char *p = (unsigned char *) ctx->in + t; + + t = 64 - t; + if (len < t) { + os_memcpy(p, buf, len); + return; + } + os_memcpy(p, buf, t); + byteReverse(ctx->in, 16); + MD5Transform(ctx->buf, (u32 *) ctx->in); + buf += t; + len -= t; + } + /* Process data in 64-byte chunks */ + + while (len >= 64) { + os_memcpy(ctx->in, buf, 64); + byteReverse(ctx->in, 16); + MD5Transform(ctx->buf, (u32 *) ctx->in); + buf += 64; + len -= 64; + } + + /* Handle any remaining bytes of data. */ + + os_memcpy(ctx->in, buf, len); +} + +/* + * Final wrapup - pad to 64-byte boundary with the bit pattern + * 1 0* (64-bit count of bits processed, MSB-first) + */ +void MD5Final(unsigned char digest[16], struct MD5Context *ctx) +{ + unsigned count; + unsigned char *p; + + /* Compute number of bytes mod 64 */ + count = (ctx->bits[0] >> 3) & 0x3F; + + /* Set the first char of padding to 0x80. This is safe since there is + always at least one byte free */ + p = ctx->in + count; + *p++ = 0x80; + + /* Bytes of padding needed to make 64 bytes */ + count = 64 - 1 - count; + + /* Pad out to 56 mod 64 */ + if (count < 8) { + /* Two lots of padding: Pad the first block to 64 bytes */ + os_memset(p, 0, count); + byteReverse(ctx->in, 16); + MD5Transform(ctx->buf, (u32 *) ctx->in); + + /* Now fill the next block with 56 bytes */ + os_memset(ctx->in, 0, 56); + } else { + /* Pad block to 56 bytes */ + os_memset(p, 0, count - 8); + } + byteReverse(ctx->in, 14); + + /* Append length in bits and transform */ + ((u32 *) ctx->in)[14] = ctx->bits[0]; + ((u32 *) ctx->in)[15] = ctx->bits[1]; + + MD5Transform(ctx->buf, (u32 *) ctx->in); + byteReverse((unsigned char *) ctx->buf, 4); + os_memcpy(digest, ctx->buf, 16); + os_memset(ctx, 0, sizeof(ctx)); /* In case it's sensitive */ +} + +/* The four core functions - F1 is optimized somewhat */ + +/* #define F1(x, y, z) (x & y | ~x & z) */ +#define F1(x, y, z) (z ^ (x & (y ^ z))) +#define F2(x, y, z) F1(z, x, y) +#define F3(x, y, z) (x ^ y ^ z) +#define F4(x, y, z) (y ^ (x | ~z)) + +/* This is the central step in the MD5 algorithm. */ +#define MD5STEP(f, w, x, y, z, data, s) \ + ( w += f(x, y, z) + data, w = w<>(32-s), w += x ) + +/* + * The core of the MD5 algorithm, this alters an existing MD5 hash to + * reflect the addition of 16 longwords of new data. MD5Update blocks + * the data and converts bytes into longwords for this routine. + */ +static void MD5Transform(u32 buf[4], u32 const in[16]) +{ + register u32 a, b, c, d; + + a = buf[0]; + b = buf[1]; + c = buf[2]; + d = buf[3]; + + MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7); + MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12); + MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17); + MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22); + MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7); + MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12); + MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17); + MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22); + MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7); + MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12); + MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17); + MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22); + MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7); + MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12); + MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17); + MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22); + + MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5); + MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9); + MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14); + MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20); + MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5); + MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9); + MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14); + MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20); + MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5); + MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9); + MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14); + MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20); + MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5); + MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9); + MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14); + MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20); + + MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4); + MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11); + MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16); + MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23); + MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4); + MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11); + MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16); + MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23); + MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4); + MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11); + MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16); + MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23); + MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4); + MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11); + MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16); + MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23); + + MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6); + MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10); + MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15); + MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21); + MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6); + MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10); + MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15); + MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21); + MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6); + MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10); + MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15); + MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21); + MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6); + MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10); + MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15); + MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21); + + buf[0] += a; + buf[1] += b; + buf[2] += c; + buf[3] += d; +} +/* ===== end - public domain MD5 implementation ===== */ + +#endif /* INTERNAL_MD5 */ diff --git a/contrib/hostapd-0.5.8/md5.h b/contrib/hostapd-0.5.8/md5.h new file mode 100644 index 0000000000..e82f3969ed --- /dev/null +++ b/contrib/hostapd-0.5.8/md5.h @@ -0,0 +1,34 @@ +/* + * MD5 hash implementation and interface functions + * Copyright (c) 2003-2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef MD5_H +#define MD5_H + +#define MD5_MAC_LEN 16 + +void hmac_md5_vector(const u8 *key, size_t key_len, size_t num_elem, + const u8 *addr[], const size_t *len, u8 *mac); +void hmac_md5(const u8 *key, size_t key_len, const u8 *data, size_t data_len, + u8 *mac); + +#ifdef CONFIG_CRYPTO_INTERNAL +struct MD5Context; + +void MD5Init(struct MD5Context *context); +void MD5Update(struct MD5Context *context, unsigned char const *buf, + unsigned len); +void MD5Final(unsigned char digest[16], struct MD5Context *context); +#endif /* CONFIG_CRYPTO_INTERNAL */ + +#endif /* MD5_H */ diff --git a/contrib/hostapd-0.5.8/milenage.c b/contrib/hostapd-0.5.8/milenage.c new file mode 100644 index 0000000000..ab8bbd5e4f --- /dev/null +++ b/contrib/hostapd-0.5.8/milenage.c @@ -0,0 +1,1053 @@ +/* + * 3GPP AKA - Milenage algorithm (3GPP TS 35.205, .206, .207, .208) + * Copyright (c) 2006 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + * + * This file implements an example authentication algorithm defined for 3GPP + * AKA. This can be used to implement a simple HLR/AuC into hlr_auc_gw to allow + * EAP-AKA to be tested properly with real USIM cards. + * + * This implementations assumes that the r1..r5 and c1..c5 constants defined in + * TS 35.206 are used, i.e., r1=64, r2=0, r3=32, r4=64, r5=96, c1=00..00, + * c2=00..01, c3=00..02, c4=00..04, c5=00..08. The block cipher is assumed to + * be AES (Rijndael). + */ + +#include "includes.h" + +#include "common.h" +#include "milenage.h" +#include "aes_wrap.h" + + +/** + * milenage_f1 - Milenage f1 and f1* algorithms + * @opc: OPc = 128-bit value derived from OP and K + * @k: K = 128-bit subscriber key + * @_rand: RAND = 128-bit random challenge + * @sqn: SQN = 48-bit sequence number + * @amf: AMF = 16-bit authentication management field + * @mac_a: Buffer for MAC-A = 64-bit network authentication code, or %NULL + * @mac_s: Buffer for MAC-S = 64-bit resync authentication code, or %NULL + */ +static void milenage_f1(const u8 *opc, const u8 *k, const u8 *_rand, + const u8 *sqn, const u8 *amf, u8 *mac_a, u8 *mac_s) +{ + u8 tmp1[16], tmp2[16], tmp3[16]; + int i; + + /* tmp1 = TEMP = E_K(RAND XOR OP_C) */ + for (i = 0; i < 16; i++) + tmp1[i] = _rand[i] ^ opc[i]; + aes_128_encrypt_block(k, tmp1, tmp1); + + /* tmp2 = IN1 = SQN || AMF || SQN || AMF */ + memcpy(tmp2, sqn, 6); + memcpy(tmp2 + 6, amf, 2); + memcpy(tmp2 + 8, tmp2, 8); + + /* OUT1 = E_K(TEMP XOR rot(IN1 XOR OP_C, r1) XOR c1) XOR OP_C */ + + /* rotate (tmp2 XOR OP_C) by r1 (= 0x40 = 8 bytes) */ + for (i = 0; i < 16; i++) + tmp3[(i + 8) % 16] = tmp2[i] ^ opc[i]; + /* XOR with TEMP = E_K(RAND XOR OP_C) */ + for (i = 0; i < 16; i++) + tmp3[i] ^= tmp1[i]; + /* XOR with c1 (= ..00, i.e., NOP) */ + + /* f1 || f1* = E_K(tmp3) XOR OP_c */ + aes_128_encrypt_block(k, tmp3, tmp1); + for (i = 0; i < 16; i++) + tmp1[i] ^= opc[i]; + if (mac_a) + memcpy(mac_a, tmp1, 8); /* f1 */ + if (mac_s) + memcpy(mac_s, tmp1 + 8, 8); /* f1* */ +} + + +/** + * milenage_f2345 - Milenage f2, f3, f4, f5, f5* algorithms + * @opc: OPc = 128-bit value derived from OP and K + * @k: K = 128-bit subscriber key + * @_rand: RAND = 128-bit random challenge + * @res: Buffer for RES = 64-bit signed response (f2), or %NULL + * @ck: Buffer for CK = 128-bit confidentiality key (f3), or %NULL + * @ik: Buffer for IK = 128-bit integrity key (f4), or %NULL + * @ak: Buffer for AK = 48-bit anonymity key (f5), or %NULL + * @akstar: Buffer for AK = 48-bit anonymity key (f5*), or %NULL + */ +static void milenage_f2345(const u8 *opc, const u8 *k, const u8 *_rand, + u8 *res, u8 *ck, u8 *ik, u8 *ak, u8 *akstar) +{ + u8 tmp1[16], tmp2[16], tmp3[16]; + int i; + + /* tmp2 = TEMP = E_K(RAND XOR OP_C) */ + for (i = 0; i < 16; i++) + tmp1[i] = _rand[i] ^ opc[i]; + aes_128_encrypt_block(k, tmp1, tmp2); + + /* OUT2 = E_K(rot(TEMP XOR OP_C, r2) XOR c2) XOR OP_C */ + /* OUT3 = E_K(rot(TEMP XOR OP_C, r3) XOR c3) XOR OP_C */ + /* OUT4 = E_K(rot(TEMP XOR OP_C, r4) XOR c4) XOR OP_C */ + /* OUT5 = E_K(rot(TEMP XOR OP_C, r5) XOR c5) XOR OP_C */ + + /* f2 and f5 */ + /* rotate by r2 (= 0, i.e., NOP) */ + for (i = 0; i < 16; i++) + tmp1[i] = tmp2[i] ^ opc[i]; + tmp1[15] ^= 1; /* XOR c2 (= ..01) */ + /* f5 || f2 = E_K(tmp1) XOR OP_c */ + aes_128_encrypt_block(k, tmp1, tmp3); + for (i = 0; i < 16; i++) + tmp3[i] ^= opc[i]; + if (res) + memcpy(res, tmp3 + 8, 8); /* f2 */ + if (ak) + memcpy(ak, tmp3, 6); /* f5 */ + + /* f3 */ + if (ck) { + /* rotate by r3 = 0x20 = 4 bytes */ + for (i = 0; i < 16; i++) + tmp1[(i + 12) % 16] = tmp2[i] ^ opc[i]; + tmp1[15] ^= 2; /* XOR c3 (= ..02) */ + aes_128_encrypt_block(k, tmp1, ck); + for (i = 0; i < 16; i++) + ck[i] ^= opc[i]; + } + + /* f4 */ + if (ik) { + /* rotate by r4 = 0x40 = 8 bytes */ + for (i = 0; i < 16; i++) + tmp1[(i + 8) % 16] = tmp2[i] ^ opc[i]; + tmp1[15] ^= 4; /* XOR c4 (= ..04) */ + aes_128_encrypt_block(k, tmp1, ik); + for (i = 0; i < 16; i++) + ik[i] ^= opc[i]; + } + + /* f5* */ + if (akstar) { + /* rotate by r5 = 0x60 = 12 bytes */ + for (i = 0; i < 16; i++) + tmp1[(i + 4) % 16] = tmp2[i] ^ opc[i]; + tmp1[15] ^= 8; /* XOR c5 (= ..08) */ + aes_128_encrypt_block(k, tmp1, tmp1); + for (i = 0; i < 6; i++) + akstar[i] = tmp1[i] ^ opc[i]; + } +} + + +/** + * milenage_generate - Generate AKA AUTN,IK,CK,RES + * @opc: OPc = 128-bit operator variant algorithm configuration field (encr.) + * @amf: AMF = 16-bit authentication management field + * @k: K = 128-bit subscriber key + * @sqn: SQN = 48-bit sequence number + * @_rand: RAND = 128-bit random challenge + * @autn: Buffer for AUTN = 128-bit authentication token + * @ik: Buffer for IK = 128-bit integrity key (f4), or %NULL + * @ck: Buffer for CK = 128-bit confidentiality key (f3), or %NULL + * @res: Buffer for RES = 64-bit signed response (f2), or %NULL + * @res_len: Max length for res; set to used length or 0 on failure + */ +void milenage_generate(const u8 *opc, const u8 *amf, const u8 *k, + const u8 *sqn, const u8 *_rand, u8 *autn, u8 *ik, + u8 *ck, u8 *res, size_t *res_len) +{ + int i; + u8 mac_a[16], ak[6]; + + if (*res_len < 8) { + *res_len = 0; + return; + } + *res_len = 8; + milenage_f1(opc, k, _rand, sqn, amf, mac_a, NULL); + milenage_f2345(opc, k, _rand, res, ck, ik, ak, NULL); + + /* AUTN = (SQN ^ AK) || AMF || MAC */ + for (i = 0; i < 6; i++) + autn[i] = sqn[i] ^ ak[i]; + memcpy(autn + 6, amf, 2); + memcpy(autn + 8, mac_a, 8); +} + + +/** + * milenage_auts - Milenage AUTS validation + * @opc: OPc = 128-bit operator variant algorithm configuration field (encr.) + * @k: K = 128-bit subscriber key + * @_rand: RAND = 128-bit random challenge + * @auts: AUTS = 112-bit authentication token from client + * @sqn: Buffer for SQN = 48-bit sequence number + * Returns: 0 = success (sqn filled), -1 on failure + */ +int milenage_auts(const u8 *opc, const u8 *k, const u8 *_rand, const u8 *auts, + u8 *sqn) +{ + u8 amf[2] = { 0x00, 0x00 }; /* TS 33.102 v7.0.0, 6.3.3 */ + u8 ak[6], mac_s[8]; + int i; + + milenage_f2345(opc, k, _rand, NULL, NULL, NULL, NULL, ak); + for (i = 0; i < 6; i++) + sqn[i] = auts[i] ^ ak[i]; + milenage_f1(opc, k, _rand, sqn, amf, NULL, mac_s); + if (memcmp(mac_s, auts + 6, 8) != 0) + return -1; + return 0; +} + + +/** + * gsm_milenage - Generate GSM-Milenage (3GPP TS 55.205) authentication triplet + * @opc: OPc = 128-bit operator variant algorithm configuration field (encr.) + * @k: K = 128-bit subscriber key + * @_rand: RAND = 128-bit random challenge + * @sres: Buffer for SRES = 32-bit SRES + * @kc: Buffer for Kc = 64-bit Kc + */ +void gsm_milenage(const u8 *opc, const u8 *k, const u8 *_rand, u8 *sres, + u8 *kc) +{ + u8 res[8], ck[16], ik[16]; + int i; + + milenage_f2345(opc, k, _rand, res, ck, ik, NULL, NULL); + + for (i = 0; i < 8; i++) + kc[i] = ck[i] ^ ck[i + 8] ^ ik[i] ^ ik[i + 8]; + +#ifdef GSM_MILENAGE_ALT_SRES + memcpy(sres, res, 4); +#else /* GSM_MILENAGE_ALT_SRES */ + for (i = 0; i < 4; i++) + sres[i] = res[i] ^ res[i + 4]; +#endif /* GSM_MILENAGE_ALT_SRES */ +} + + +#ifdef TEST_MAIN_MILENAGE + +extern int wpa_debug_level; + + +/** + * milenage_opc - Determine OPc from OP and K + * @op: OP = 128-bit operator variant algorithm configuration field + * @k: K = 128-bit subscriber key + * @opc: Buffer for OPc = 128-bit value derived from OP and K + */ +static void milenage_opc(const u8 *op, const u8 *k, u8 *opc) +{ + int i; + /* OP_C = OP XOR E_K(OP) */ + aes_128_encrypt_block(k, op, opc); + for (i = 0; i < 16; i++) + opc[i] ^= op[i]; +} + + +struct gsm_milenage_test_set { + u8 ki[16]; + u8 rand[16]; + u8 opc[16]; + u8 sres1[4]; + u8 sres2[4]; + u8 kc[8]; +}; + +static const struct gsm_milenage_test_set gsm_test_sets[] = +{ + { + /* 3GPP TS 55.205 v6.0.0 - Test Set 1 */ + { 0x46, 0x5b, 0x5c, 0xe8, 0xb1, 0x99, 0xb4, 0x9f, + 0xaa, 0x5f, 0x0a, 0x2e, 0xe2, 0x38, 0xa6, 0xbc }, + { 0x23, 0x55, 0x3c, 0xbe, 0x96, 0x37, 0xa8, 0x9d, + 0x21, 0x8a, 0xe6, 0x4d, 0xae, 0x47, 0xbf, 0x35 }, + { 0xcd, 0x63, 0xcb, 0x71, 0x95, 0x4a, 0x9f, 0x4e, + 0x48, 0xa5, 0x99, 0x4e, 0x37, 0xa0, 0x2b, 0xaf }, + { 0x46, 0xf8, 0x41, 0x6a }, + { 0xa5, 0x42, 0x11, 0xd5 }, + { 0xea, 0xe4, 0xbe, 0x82, 0x3a, 0xf9, 0xa0, 0x8b } + }, { + /* 3GPP TS 55.205 v6.0.0 - Test Set 2 */ + { 0xfe, 0xc8, 0x6b, 0xa6, 0xeb, 0x70, 0x7e, 0xd0, + 0x89, 0x05, 0x75, 0x7b, 0x1b, 0xb4, 0x4b, 0x8f }, + { 0x9f, 0x7c, 0x8d, 0x02, 0x1a, 0xcc, 0xf4, 0xdb, + 0x21, 0x3c, 0xcf, 0xf0, 0xc7, 0xf7, 0x1a, 0x6a }, + { 0x10, 0x06, 0x02, 0x0f, 0x0a, 0x47, 0x8b, 0xf6, + 0xb6, 0x99, 0xf1, 0x5c, 0x06, 0x2e, 0x42, 0xb3 }, + { 0x8c, 0x30, 0x8a, 0x5e }, + { 0x80, 0x11, 0xc4, 0x8c }, + { 0xaa, 0x01, 0x73, 0x9b, 0x8c, 0xaa, 0x97, 0x6d } + }, { + /* 3GPP TS 55.205 v6.0.0 - Test Set 3 */ + { 0x9e, 0x59, 0x44, 0xae, 0xa9, 0x4b, 0x81, 0x16, + 0x5c, 0x82, 0xfb, 0xf9, 0xf3, 0x2d, 0xb7, 0x51 }, + { 0xce, 0x83, 0xdb, 0xc5, 0x4a, 0xc0, 0x27, 0x4a, + 0x15, 0x7c, 0x17, 0xf8, 0x0d, 0x01, 0x7b, 0xd6 }, + { 0xa6, 0x4a, 0x50, 0x7a, 0xe1, 0xa2, 0xa9, 0x8b, + 0xb8, 0x8e, 0xb4, 0x21, 0x01, 0x35, 0xdc, 0x87 }, + { 0xcf, 0xbc, 0xe3, 0xfe }, + { 0xf3, 0x65, 0xcd, 0x68 }, + { 0x9a, 0x8e, 0xc9, 0x5f, 0x40, 0x8c, 0xc5, 0x07 } + }, { + /* 3GPP TS 55.205 v6.0.0 - Test Set 4 */ + { 0x4a, 0xb1, 0xde, 0xb0, 0x5c, 0xa6, 0xce, 0xb0, + 0x51, 0xfc, 0x98, 0xe7, 0x7d, 0x02, 0x6a, 0x84 }, + { 0x74, 0xb0, 0xcd, 0x60, 0x31, 0xa1, 0xc8, 0x33, + 0x9b, 0x2b, 0x6c, 0xe2, 0xb8, 0xc4, 0xa1, 0x86 }, + { 0xdc, 0xf0, 0x7c, 0xbd, 0x51, 0x85, 0x52, 0x90, + 0xb9, 0x2a, 0x07, 0xa9, 0x89, 0x1e, 0x52, 0x3e }, + { 0x96, 0x55, 0xe2, 0x65 }, + { 0x58, 0x60, 0xfc, 0x1b }, + { 0xcd, 0xc1, 0xdc, 0x08, 0x41, 0xb8, 0x1a, 0x22 } + }, { + /* 3GPP TS 55.205 v6.0.0 - Test Set 5 */ + { 0x6c, 0x38, 0xa1, 0x16, 0xac, 0x28, 0x0c, 0x45, + 0x4f, 0x59, 0x33, 0x2e, 0xe3, 0x5c, 0x8c, 0x4f }, + { 0xee, 0x64, 0x66, 0xbc, 0x96, 0x20, 0x2c, 0x5a, + 0x55, 0x7a, 0xbb, 0xef, 0xf8, 0xba, 0xbf, 0x63 }, + { 0x38, 0x03, 0xef, 0x53, 0x63, 0xb9, 0x47, 0xc6, + 0xaa, 0xa2, 0x25, 0xe5, 0x8f, 0xae, 0x39, 0x34 }, + { 0x13, 0x68, 0x8f, 0x17 }, + { 0x16, 0xc8, 0x23, 0x3f }, + { 0xdf, 0x75, 0xbc, 0x5e, 0xa8, 0x99, 0x87, 0x9f } + }, { + /* 3GPP TS 55.205 v6.0.0 - Test Set 6 */ + { 0x2d, 0x60, 0x9d, 0x4d, 0xb0, 0xac, 0x5b, 0xf0, + 0xd2, 0xc0, 0xde, 0x26, 0x70, 0x14, 0xde, 0x0d }, + { 0x19, 0x4a, 0xa7, 0x56, 0x01, 0x38, 0x96, 0xb7, + 0x4b, 0x4a, 0x2a, 0x3b, 0x0a, 0xf4, 0x53, 0x9e }, + { 0xc3, 0x5a, 0x0a, 0xb0, 0xbc, 0xbf, 0xc9, 0x25, + 0x2c, 0xaf, 0xf1, 0x5f, 0x24, 0xef, 0xbd, 0xe0 }, + { 0x55, 0x3d, 0x00, 0xb3 }, + { 0x8c, 0x25, 0xa1, 0x6c }, + { 0x84, 0xb4, 0x17, 0xae, 0x3a, 0xea, 0xb4, 0xf3 } + }, { + /* 3GPP TS 55.205 v6.0.0 - Test Set 7 */ + { 0xa5, 0x30, 0xa7, 0xfe, 0x42, 0x8f, 0xad, 0x10, + 0x82, 0xc4, 0x5e, 0xdd, 0xfc, 0xe1, 0x38, 0x84 }, + { 0x3a, 0x4c, 0x2b, 0x32, 0x45, 0xc5, 0x0e, 0xb5, + 0xc7, 0x1d, 0x08, 0x63, 0x93, 0x95, 0x76, 0x4d }, + { 0x27, 0x95, 0x3e, 0x49, 0xbc, 0x8a, 0xf6, 0xdc, + 0xc6, 0xe7, 0x30, 0xeb, 0x80, 0x28, 0x6b, 0xe3 }, + { 0x59, 0xf1, 0xa4, 0x4a }, + { 0xa6, 0x32, 0x41, 0xe1 }, + { 0x3b, 0x4e, 0x24, 0x4c, 0xdc, 0x60, 0xce, 0x03 } + }, { + /* 3GPP TS 55.205 v6.0.0 - Test Set 8 */ + { 0xd9, 0x15, 0x1c, 0xf0, 0x48, 0x96, 0xe2, 0x58, + 0x30, 0xbf, 0x2e, 0x08, 0x26, 0x7b, 0x83, 0x60 }, + { 0xf7, 0x61, 0xe5, 0xe9, 0x3d, 0x60, 0x3f, 0xeb, + 0x73, 0x0e, 0x27, 0x55, 0x6c, 0xb8, 0xa2, 0xca }, + { 0xc4, 0xc9, 0x3e, 0xff, 0xe8, 0xa0, 0x81, 0x38, + 0xc2, 0x03, 0xd4, 0xc2, 0x7c, 0xe4, 0xe3, 0xd9 }, + { 0x50, 0x58, 0x88, 0x61 }, + { 0x4a, 0x90, 0xb2, 0x17 }, + { 0x8d, 0x4e, 0xc0, 0x1d, 0xe5, 0x97, 0xac, 0xfe } + }, { + /* 3GPP TS 55.205 v6.0.0 - Test Set 9 */ + { 0xa0, 0xe2, 0x97, 0x1b, 0x68, 0x22, 0xe8, 0xd3, + 0x54, 0xa1, 0x8c, 0xc2, 0x35, 0x62, 0x4e, 0xcb }, + { 0x08, 0xef, 0xf8, 0x28, 0xb1, 0x3f, 0xdb, 0x56, + 0x27, 0x22, 0xc6, 0x5c, 0x7f, 0x30, 0xa9, 0xb2 }, + { 0x82, 0xa2, 0x6f, 0x22, 0xbb, 0xa9, 0xe9, 0x48, + 0x8f, 0x94, 0x9a, 0x10, 0xd9, 0x8e, 0x9c, 0xc4 }, + { 0xcd, 0xe6, 0xb0, 0x27 }, + { 0x4b, 0xc2, 0x21, 0x2d }, + { 0xd8, 0xde, 0xbc, 0x4f, 0xfb, 0xcd, 0x60, 0xaa } + }, { + /* 3GPP TS 55.205 v6.0.0 - Test Set 10 */ + { 0x0d, 0xa6, 0xf7, 0xba, 0x86, 0xd5, 0xea, 0xc8, + 0xa1, 0x9c, 0xf5, 0x63, 0xac, 0x58, 0x64, 0x2d }, + { 0x67, 0x9a, 0xc4, 0xdb, 0xac, 0xd7, 0xd2, 0x33, + 0xff, 0x9d, 0x68, 0x06, 0xf4, 0x14, 0x9c, 0xe3 }, + { 0x0d, 0xb1, 0x07, 0x1f, 0x87, 0x67, 0x56, 0x2c, + 0xa4, 0x3a, 0x0a, 0x64, 0xc4, 0x1e, 0x8d, 0x08 }, + { 0x02, 0xd1, 0x3a, 0xcd }, + { 0x6f, 0xc3, 0x0f, 0xee }, + { 0xf0, 0xea, 0xa5, 0x0a, 0x1e, 0xdc, 0xeb, 0xb7 } + }, { + /* 3GPP TS 55.205 v6.0.0 - Test Set 11 */ + { 0x77, 0xb4, 0x58, 0x43, 0xc8, 0x8e, 0x58, 0xc1, + 0x0d, 0x20, 0x26, 0x84, 0x51, 0x5e, 0xd4, 0x30 }, + { 0x4c, 0x47, 0xeb, 0x30, 0x76, 0xdc, 0x55, 0xfe, + 0x51, 0x06, 0xcb, 0x20, 0x34, 0xb8, 0xcd, 0x78 }, + { 0xd4, 0x83, 0xaf, 0xae, 0x56, 0x24, 0x09, 0xa3, + 0x26, 0xb5, 0xbb, 0x0b, 0x20, 0xc4, 0xd7, 0x62 }, + { 0x44, 0x38, 0x9d, 0x01 }, + { 0xae, 0xfa, 0x35, 0x7b }, + { 0x82, 0xdb, 0xab, 0x7f, 0x83, 0xf0, 0x63, 0xda } + }, { + /* 3GPP TS 55.205 v6.0.0 - Test Set 12 */ + { 0x72, 0x9b, 0x17, 0x72, 0x92, 0x70, 0xdd, 0x87, + 0xcc, 0xdf, 0x1b, 0xfe, 0x29, 0xb4, 0xe9, 0xbb }, + { 0x31, 0x1c, 0x4c, 0x92, 0x97, 0x44, 0xd6, 0x75, + 0xb7, 0x20, 0xf3, 0xb7, 0xe9, 0xb1, 0xcb, 0xd0 }, + { 0x22, 0x8c, 0x2f, 0x2f, 0x06, 0xac, 0x32, 0x68, + 0xa9, 0xe6, 0x16, 0xee, 0x16, 0xdb, 0x4b, 0xa1 }, + { 0x03, 0xe0, 0xfd, 0x84 }, + { 0x98, 0xdb, 0xbd, 0x09 }, + { 0x3c, 0x66, 0xcb, 0x98, 0xca, 0xb2, 0xd3, 0x3d } + }, { + /* 3GPP TS 55.205 v6.0.0 - Test Set 13 */ + { 0xd3, 0x2d, 0xd2, 0x3e, 0x89, 0xdc, 0x66, 0x23, + 0x54, 0xca, 0x12, 0xeb, 0x79, 0xdd, 0x32, 0xfa }, + { 0xcf, 0x7d, 0x0a, 0xb1, 0xd9, 0x43, 0x06, 0x95, + 0x0b, 0xf1, 0x20, 0x18, 0xfb, 0xd4, 0x68, 0x87 }, + { 0xd2, 0x2a, 0x4b, 0x41, 0x80, 0xa5, 0x32, 0x57, + 0x08, 0xa5, 0xff, 0x70, 0xd9, 0xf6, 0x7e, 0xc7 }, + { 0xbe, 0x73, 0xb3, 0xdc }, + { 0xaf, 0x4a, 0x41, 0x1e }, + { 0x96, 0x12, 0xb5, 0xd8, 0x8a, 0x41, 0x30, 0xbb } + }, { + /* 3GPP TS 55.205 v6.0.0 - Test Set 14 */ + { 0xaf, 0x7c, 0x65, 0xe1, 0x92, 0x72, 0x21, 0xde, + 0x59, 0x11, 0x87, 0xa2, 0xc5, 0x98, 0x7a, 0x53 }, + { 0x1f, 0x0f, 0x85, 0x78, 0x46, 0x4f, 0xd5, 0x9b, + 0x64, 0xbe, 0xd2, 0xd0, 0x94, 0x36, 0xb5, 0x7a }, + { 0xa4, 0xcf, 0x5c, 0x81, 0x55, 0xc0, 0x8a, 0x7e, + 0xff, 0x41, 0x8e, 0x54, 0x43, 0xb9, 0x8e, 0x55 }, + { 0x8f, 0xe0, 0x19, 0xc7 }, + { 0x7b, 0xff, 0xa5, 0xc2 }, + { 0x75, 0xa1, 0x50, 0xdf, 0x3c, 0x6a, 0xed, 0x08 } + }, { + /* 3GPP TS 55.205 v6.0.0 - Test Set 15 */ + { 0x5b, 0xd7, 0xec, 0xd3, 0xd3, 0x12, 0x7a, 0x41, + 0xd1, 0x25, 0x39, 0xbe, 0xd4, 0xe7, 0xcf, 0x71 }, + { 0x59, 0xb7, 0x5f, 0x14, 0x25, 0x1c, 0x75, 0x03, + 0x1d, 0x0b, 0xcb, 0xac, 0x1c, 0x2c, 0x04, 0xc7 }, + { 0x76, 0x08, 0x9d, 0x3c, 0x0f, 0xf3, 0xef, 0xdc, + 0x6e, 0x36, 0x72, 0x1d, 0x4f, 0xce, 0xb7, 0x47 }, + { 0x27, 0x20, 0x2b, 0x82 }, + { 0x7e, 0x3f, 0x44, 0xc7 }, + { 0xb7, 0xf9, 0x2e, 0x42, 0x6a, 0x36, 0xfe, 0xc5 } + }, { + /* 3GPP TS 55.205 v6.0.0 - Test Set 16 */ + { 0x6c, 0xd1, 0xc6, 0xce, 0xb1, 0xe0, 0x1e, 0x14, + 0xf1, 0xb8, 0x23, 0x16, 0xa9, 0x0b, 0x7f, 0x3d }, + { 0xf6, 0x9b, 0x78, 0xf3, 0x00, 0xa0, 0x56, 0x8b, + 0xce, 0x9f, 0x0c, 0xb9, 0x3c, 0x4b, 0xe4, 0xc9 }, + { 0xa2, 0x19, 0xdc, 0x37, 0xf1, 0xdc, 0x7d, 0x66, + 0x73, 0x8b, 0x58, 0x43, 0xc7, 0x99, 0xf2, 0x06 }, + { 0xdd, 0xd7, 0xef, 0xe6 }, + { 0x70, 0xf6, 0xbd, 0xb9 }, + { 0x88, 0xd9, 0xde, 0x10, 0xa2, 0x20, 0x04, 0xc5 } + }, { + /* 3GPP TS 55.205 v6.0.0 - Test Set 17 */ + { 0xb7, 0x3a, 0x90, 0xcb, 0xcf, 0x3a, 0xfb, 0x62, + 0x2d, 0xba, 0x83, 0xc5, 0x8a, 0x84, 0x15, 0xdf }, + { 0xb1, 0x20, 0xf1, 0xc1, 0xa0, 0x10, 0x2a, 0x2f, + 0x50, 0x7d, 0xd5, 0x43, 0xde, 0x68, 0x28, 0x1f }, + { 0xdf, 0x0c, 0x67, 0x86, 0x8f, 0xa2, 0x5f, 0x74, + 0x8b, 0x70, 0x44, 0xc6, 0xe7, 0xc2, 0x45, 0xb8 }, + { 0x67, 0xe4, 0xff, 0x3f }, + { 0x47, 0x9d, 0xd2, 0x5c }, + { 0xa8, 0x19, 0xe5, 0x77, 0xa8, 0xd6, 0x17, 0x5b } + }, { + /* 3GPP TS 55.205 v6.0.0 - Test Set 18 */ + { 0x51, 0x22, 0x25, 0x02, 0x14, 0xc3, 0x3e, 0x72, + 0x3a, 0x5d, 0xd5, 0x23, 0xfc, 0x14, 0x5f, 0xc0 }, + { 0x81, 0xe9, 0x2b, 0x6c, 0x0e, 0xe0, 0xe1, 0x2e, + 0xbc, 0xeb, 0xa8, 0xd9, 0x2a, 0x99, 0xdf, 0xa5 }, + { 0x98, 0x1d, 0x46, 0x4c, 0x7c, 0x52, 0xeb, 0x6e, + 0x50, 0x36, 0x23, 0x49, 0x84, 0xad, 0x0b, 0xcf }, + { 0x8a, 0x3b, 0x8d, 0x17 }, + { 0x28, 0xd7, 0xb0, 0xf2 }, + { 0x9a, 0x8d, 0x0e, 0x88, 0x3f, 0xf0, 0x88, 0x7a } + }, { + /* 3GPP TS 55.205 v6.0.0 - Test Set 19 */ + { 0x90, 0xdc, 0xa4, 0xed, 0xa4, 0x5b, 0x53, 0xcf, + 0x0f, 0x12, 0xd7, 0xc9, 0xc3, 0xbc, 0x6a, 0x89 }, + { 0x9f, 0xdd, 0xc7, 0x20, 0x92, 0xc6, 0xad, 0x03, + 0x6b, 0x6e, 0x46, 0x47, 0x89, 0x31, 0x5b, 0x78 }, + { 0xcb, 0x9c, 0xcc, 0xc4, 0xb9, 0x25, 0x8e, 0x6d, + 0xca, 0x47, 0x60, 0x37, 0x9f, 0xb8, 0x25, 0x81 }, + { 0xdf, 0x58, 0x52, 0x2f }, + { 0xa9, 0x51, 0x00, 0xe2 }, + { 0xed, 0x29, 0xb2, 0xf1, 0xc2, 0x7f, 0x9f, 0x34 } + } +}; + +#define NUM_GSM_TESTS (sizeof(gsm_test_sets) / sizeof(gsm_test_sets[0])) + + +struct milenage_test_set { + u8 k[16]; + u8 rand[16]; + u8 sqn[6]; + u8 amf[2]; + u8 op[16]; + u8 opc[16]; + u8 f1[8]; + u8 f1star[8]; + u8 f2[8]; + u8 f3[16]; + u8 f4[16]; + u8 f5[6]; + u8 f5star[6]; +}; + +static const struct milenage_test_set test_sets[] = +{ + { + /* 3GPP TS 35.208 v6.0.0 - 4.3.1 Test Set 1 */ + { 0x46, 0x5b, 0x5c, 0xe8, 0xb1, 0x99, 0xb4, 0x9f, + 0xaa, 0x5f, 0x0a, 0x2e, 0xe2, 0x38, 0xa6, 0xbc }, + { 0x23, 0x55, 0x3c, 0xbe, 0x96, 0x37, 0xa8, 0x9d, + 0x21, 0x8a, 0xe6, 0x4d, 0xae, 0x47, 0xbf, 0x35 }, + { 0xff, 0x9b, 0xb4, 0xd0, 0xb6, 0x07 }, + { 0xb9, 0xb9 }, + { 0xcd, 0xc2, 0x02, 0xd5, 0x12, 0x3e, 0x20, 0xf6, + 0x2b, 0x6d, 0x67, 0x6a, 0xc7, 0x2c, 0xb3, 0x18 }, + { 0xcd, 0x63, 0xcb, 0x71, 0x95, 0x4a, 0x9f, 0x4e, + 0x48, 0xa5, 0x99, 0x4e, 0x37, 0xa0, 0x2b, 0xaf }, + { 0x4a, 0x9f, 0xfa, 0xc3, 0x54, 0xdf, 0xaf, 0xb3 }, + { 0x01, 0xcf, 0xaf, 0x9e, 0xc4, 0xe8, 0x71, 0xe9 }, + { 0xa5, 0x42, 0x11, 0xd5, 0xe3, 0xba, 0x50, 0xbf }, + { 0xb4, 0x0b, 0xa9, 0xa3, 0xc5, 0x8b, 0x2a, 0x05, + 0xbb, 0xf0, 0xd9, 0x87, 0xb2, 0x1b, 0xf8, 0xcb }, + { 0xf7, 0x69, 0xbc, 0xd7, 0x51, 0x04, 0x46, 0x04, + 0x12, 0x76, 0x72, 0x71, 0x1c, 0x6d, 0x34, 0x41 }, + { 0xaa, 0x68, 0x9c, 0x64, 0x83, 0x70 }, + { 0x45, 0x1e, 0x8b, 0xec, 0xa4, 0x3b } + }, { + /* 3GPP TS 35.208 v6.0.0 - 4.3.2 Test Set 2 */ + { 0x46, 0x5b, 0x5c, 0xe8, 0xb1, 0x99, 0xb4, 0x9f, + 0xaa, 0x5f, 0x0a, 0x2e, 0xe2, 0x38, 0xa6, 0xbc }, + { 0x23, 0x55, 0x3c, 0xbe, 0x96, 0x37, 0xa8, 0x9d, + 0x21, 0x8a, 0xe6, 0x4d, 0xae, 0x47, 0xbf, 0x35 }, + { 0xff, 0x9b, 0xb4, 0xd0, 0xb6, 0x07 }, + { 0xb9, 0xb9 }, + { 0xcd, 0xc2, 0x02, 0xd5, 0x12, 0x3e, 0x20, 0xf6, + 0x2b, 0x6d, 0x67, 0x6a, 0xc7, 0x2c, 0xb3, 0x18 }, + { 0xcd, 0x63, 0xcb, 0x71, 0x95, 0x4a, 0x9f, 0x4e, + 0x48, 0xa5, 0x99, 0x4e, 0x37, 0xa0, 0x2b, 0xaf }, + { 0x4a, 0x9f, 0xfa, 0xc3, 0x54, 0xdf, 0xaf, 0xb3 }, + { 0x01, 0xcf, 0xaf, 0x9e, 0xc4, 0xe8, 0x71, 0xe9 }, + { 0xa5, 0x42, 0x11, 0xd5, 0xe3, 0xba, 0x50, 0xbf }, + { 0xb4, 0x0b, 0xa9, 0xa3, 0xc5, 0x8b, 0x2a, 0x05, + 0xbb, 0xf0, 0xd9, 0x87, 0xb2, 0x1b, 0xf8, 0xcb }, + { 0xf7, 0x69, 0xbc, 0xd7, 0x51, 0x04, 0x46, 0x04, + 0x12, 0x76, 0x72, 0x71, 0x1c, 0x6d, 0x34, 0x41 }, + { 0xaa, 0x68, 0x9c, 0x64, 0x83, 0x70 }, + { 0x45, 0x1e, 0x8b, 0xec, 0xa4, 0x3b } + }, { + /* 3GPP TS 35.208 v6.0.0 - 4.3.3 Test Set 3 */ + { 0xfe, 0xc8, 0x6b, 0xa6, 0xeb, 0x70, 0x7e, 0xd0, + 0x89, 0x05, 0x75, 0x7b, 0x1b, 0xb4, 0x4b, 0x8f }, + { 0x9f, 0x7c, 0x8d, 0x02, 0x1a, 0xcc, 0xf4, 0xdb, + 0x21, 0x3c, 0xcf, 0xf0, 0xc7, 0xf7, 0x1a, 0x6a }, + { 0x9d, 0x02, 0x77, 0x59, 0x5f, 0xfc }, + { 0x72, 0x5c }, + { 0xdb, 0xc5, 0x9a, 0xdc, 0xb6, 0xf9, 0xa0, 0xef, + 0x73, 0x54, 0x77, 0xb7, 0xfa, 0xdf, 0x83, 0x74 }, + { 0x10, 0x06, 0x02, 0x0f, 0x0a, 0x47, 0x8b, 0xf6, + 0xb6, 0x99, 0xf1, 0x5c, 0x06, 0x2e, 0x42, 0xb3 }, + { 0x9c, 0xab, 0xc3, 0xe9, 0x9b, 0xaf, 0x72, 0x81 }, + { 0x95, 0x81, 0x4b, 0xa2, 0xb3, 0x04, 0x43, 0x24 }, + { 0x80, 0x11, 0xc4, 0x8c, 0x0c, 0x21, 0x4e, 0xd2 }, + { 0x5d, 0xbd, 0xbb, 0x29, 0x54, 0xe8, 0xf3, 0xcd, + 0xe6, 0x65, 0xb0, 0x46, 0x17, 0x9a, 0x50, 0x98 }, + { 0x59, 0xa9, 0x2d, 0x3b, 0x47, 0x6a, 0x04, 0x43, + 0x48, 0x70, 0x55, 0xcf, 0x88, 0xb2, 0x30, 0x7b }, + { 0x33, 0x48, 0x4d, 0xc2, 0x13, 0x6b }, + { 0xde, 0xac, 0xdd, 0x84, 0x8c, 0xc6 } + }, { + /* 3GPP TS 35.208 v6.0.0 - 4.3.4 Test Set 4 */ + { 0x9e, 0x59, 0x44, 0xae, 0xa9, 0x4b, 0x81, 0x16, + 0x5c, 0x82, 0xfb, 0xf9, 0xf3, 0x2d, 0xb7, 0x51 }, + { 0xce, 0x83, 0xdb, 0xc5, 0x4a, 0xc0, 0x27, 0x4a, + 0x15, 0x7c, 0x17, 0xf8, 0x0d, 0x01, 0x7b, 0xd6 }, + { 0x0b, 0x60, 0x4a, 0x81, 0xec, 0xa8 }, + { 0x9e, 0x09 }, + { 0x22, 0x30, 0x14, 0xc5, 0x80, 0x66, 0x94, 0xc0, + 0x07, 0xca, 0x1e, 0xee, 0xf5, 0x7f, 0x00, 0x4f }, + { 0xa6, 0x4a, 0x50, 0x7a, 0xe1, 0xa2, 0xa9, 0x8b, + 0xb8, 0x8e, 0xb4, 0x21, 0x01, 0x35, 0xdc, 0x87 }, + { 0x74, 0xa5, 0x82, 0x20, 0xcb, 0xa8, 0x4c, 0x49 }, + { 0xac, 0x2c, 0xc7, 0x4a, 0x96, 0x87, 0x18, 0x37 }, + { 0xf3, 0x65, 0xcd, 0x68, 0x3c, 0xd9, 0x2e, 0x96 }, + { 0xe2, 0x03, 0xed, 0xb3, 0x97, 0x15, 0x74, 0xf5, + 0xa9, 0x4b, 0x0d, 0x61, 0xb8, 0x16, 0x34, 0x5d }, + { 0x0c, 0x45, 0x24, 0xad, 0xea, 0xc0, 0x41, 0xc4, + 0xdd, 0x83, 0x0d, 0x20, 0x85, 0x4f, 0xc4, 0x6b }, + { 0xf0, 0xb9, 0xc0, 0x8a, 0xd0, 0x2e }, + { 0x60, 0x85, 0xa8, 0x6c, 0x6f, 0x63 } + }, { + /* 3GPP TS 35.208 v6.0.0 - 4.3.5 Test Set 5 */ + { 0x4a, 0xb1, 0xde, 0xb0, 0x5c, 0xa6, 0xce, 0xb0, + 0x51, 0xfc, 0x98, 0xe7, 0x7d, 0x02, 0x6a, 0x84 }, + { 0x74, 0xb0, 0xcd, 0x60, 0x31, 0xa1, 0xc8, 0x33, + 0x9b, 0x2b, 0x6c, 0xe2, 0xb8, 0xc4, 0xa1, 0x86 }, + { 0xe8, 0x80, 0xa1, 0xb5, 0x80, 0xb6 }, + { 0x9f, 0x07 }, + { 0x2d, 0x16, 0xc5, 0xcd, 0x1f, 0xdf, 0x6b, 0x22, + 0x38, 0x35, 0x84, 0xe3, 0xbe, 0xf2, 0xa8, 0xd8 }, + { 0xdc, 0xf0, 0x7c, 0xbd, 0x51, 0x85, 0x52, 0x90, + 0xb9, 0x2a, 0x07, 0xa9, 0x89, 0x1e, 0x52, 0x3e }, + { 0x49, 0xe7, 0x85, 0xdd, 0x12, 0x62, 0x6e, 0xf2 }, + { 0x9e, 0x85, 0x79, 0x03, 0x36, 0xbb, 0x3f, 0xa2 }, + { 0x58, 0x60, 0xfc, 0x1b, 0xce, 0x35, 0x1e, 0x7e }, + { 0x76, 0x57, 0x76, 0x6b, 0x37, 0x3d, 0x1c, 0x21, + 0x38, 0xf3, 0x07, 0xe3, 0xde, 0x92, 0x42, 0xf9 }, + { 0x1c, 0x42, 0xe9, 0x60, 0xd8, 0x9b, 0x8f, 0xa9, + 0x9f, 0x27, 0x44, 0xe0, 0x70, 0x8c, 0xcb, 0x53 }, + { 0x31, 0xe1, 0x1a, 0x60, 0x91, 0x18 }, + { 0xfe, 0x25, 0x55, 0xe5, 0x4a, 0xa9 } + }, { + /* 3GPP TS 35.208 v6.0.0 - 4.3.6 Test Set 6 */ + { 0x6c, 0x38, 0xa1, 0x16, 0xac, 0x28, 0x0c, 0x45, + 0x4f, 0x59, 0x33, 0x2e, 0xe3, 0x5c, 0x8c, 0x4f }, + { 0xee, 0x64, 0x66, 0xbc, 0x96, 0x20, 0x2c, 0x5a, + 0x55, 0x7a, 0xbb, 0xef, 0xf8, 0xba, 0xbf, 0x63 }, + { 0x41, 0x4b, 0x98, 0x22, 0x21, 0x81 }, + { 0x44, 0x64 }, + { 0x1b, 0xa0, 0x0a, 0x1a, 0x7c, 0x67, 0x00, 0xac, + 0x8c, 0x3f, 0xf3, 0xe9, 0x6a, 0xd0, 0x87, 0x25 }, + { 0x38, 0x03, 0xef, 0x53, 0x63, 0xb9, 0x47, 0xc6, + 0xaa, 0xa2, 0x25, 0xe5, 0x8f, 0xae, 0x39, 0x34 }, + { 0x07, 0x8a, 0xdf, 0xb4, 0x88, 0x24, 0x1a, 0x57 }, + { 0x80, 0x24, 0x6b, 0x8d, 0x01, 0x86, 0xbc, 0xf1 }, + { 0x16, 0xc8, 0x23, 0x3f, 0x05, 0xa0, 0xac, 0x28 }, + { 0x3f, 0x8c, 0x75, 0x87, 0xfe, 0x8e, 0x4b, 0x23, + 0x3a, 0xf6, 0x76, 0xae, 0xde, 0x30, 0xba, 0x3b }, + { 0xa7, 0x46, 0x6c, 0xc1, 0xe6, 0xb2, 0xa1, 0x33, + 0x7d, 0x49, 0xd3, 0xb6, 0x6e, 0x95, 0xd7, 0xb4 }, + { 0x45, 0xb0, 0xf6, 0x9a, 0xb0, 0x6c }, + { 0x1f, 0x53, 0xcd, 0x2b, 0x11, 0x13 } + }, { + /* 3GPP TS 35.208 v6.0.0 - 4.3.7 Test Set 7 */ + { 0x2d, 0x60, 0x9d, 0x4d, 0xb0, 0xac, 0x5b, 0xf0, + 0xd2, 0xc0, 0xde, 0x26, 0x70, 0x14, 0xde, 0x0d }, + { 0x19, 0x4a, 0xa7, 0x56, 0x01, 0x38, 0x96, 0xb7, + 0x4b, 0x4a, 0x2a, 0x3b, 0x0a, 0xf4, 0x53, 0x9e }, + { 0x6b, 0xf6, 0x94, 0x38, 0xc2, 0xe4 }, + { 0x5f, 0x67 }, + { 0x46, 0x0a, 0x48, 0x38, 0x54, 0x27, 0xaa, 0x39, + 0x26, 0x4a, 0xac, 0x8e, 0xfc, 0x9e, 0x73, 0xe8 }, + { 0xc3, 0x5a, 0x0a, 0xb0, 0xbc, 0xbf, 0xc9, 0x25, + 0x2c, 0xaf, 0xf1, 0x5f, 0x24, 0xef, 0xbd, 0xe0 }, + { 0xbd, 0x07, 0xd3, 0x00, 0x3b, 0x9e, 0x5c, 0xc3 }, + { 0xbc, 0xb6, 0xc2, 0xfc, 0xad, 0x15, 0x22, 0x50 }, + { 0x8c, 0x25, 0xa1, 0x6c, 0xd9, 0x18, 0xa1, 0xdf }, + { 0x4c, 0xd0, 0x84, 0x60, 0x20, 0xf8, 0xfa, 0x07, + 0x31, 0xdd, 0x47, 0xcb, 0xdc, 0x6b, 0xe4, 0x11 }, + { 0x88, 0xab, 0x80, 0xa4, 0x15, 0xf1, 0x5c, 0x73, + 0x71, 0x12, 0x54, 0xa1, 0xd3, 0x88, 0xf6, 0x96 }, + { 0x7e, 0x64, 0x55, 0xf3, 0x4c, 0xf3 }, + { 0xdc, 0x6d, 0xd0, 0x1e, 0x8f, 0x15 } + }, { + /* 3GPP TS 35.208 v6.0.0 - 4.3.8 Test Set 8 */ + { 0xa5, 0x30, 0xa7, 0xfe, 0x42, 0x8f, 0xad, 0x10, + 0x82, 0xc4, 0x5e, 0xdd, 0xfc, 0xe1, 0x38, 0x84 }, + { 0x3a, 0x4c, 0x2b, 0x32, 0x45, 0xc5, 0x0e, 0xb5, + 0xc7, 0x1d, 0x08, 0x63, 0x93, 0x95, 0x76, 0x4d }, + { 0xf6, 0x3f, 0x5d, 0x76, 0x87, 0x84 }, + { 0xb9, 0x0e }, + { 0x51, 0x1c, 0x6c, 0x4e, 0x83, 0xe3, 0x8c, 0x89, + 0xb1, 0xc5, 0xd8, 0xdd, 0xe6, 0x24, 0x26, 0xfa }, + { 0x27, 0x95, 0x3e, 0x49, 0xbc, 0x8a, 0xf6, 0xdc, + 0xc6, 0xe7, 0x30, 0xeb, 0x80, 0x28, 0x6b, 0xe3 }, + { 0x53, 0x76, 0x1f, 0xbd, 0x67, 0x9b, 0x0b, 0xad }, + { 0x21, 0xad, 0xfd, 0x33, 0x4a, 0x10, 0xe7, 0xce }, + { 0xa6, 0x32, 0x41, 0xe1, 0xff, 0xc3, 0xe5, 0xab }, + { 0x10, 0xf0, 0x5b, 0xab, 0x75, 0xa9, 0x9a, 0x5f, + 0xbb, 0x98, 0xa9, 0xc2, 0x87, 0x67, 0x9c, 0x3b }, + { 0xf9, 0xec, 0x08, 0x65, 0xeb, 0x32, 0xf2, 0x23, + 0x69, 0xca, 0xde, 0x40, 0xc5, 0x9c, 0x3a, 0x44 }, + { 0x88, 0x19, 0x6c, 0x47, 0x98, 0x6f }, + { 0xc9, 0x87, 0xa3, 0xd2, 0x31, 0x15 } + }, { + /* 3GPP TS 35.208 v6.0.0 - 4.3.9 Test Set 9 */ + { 0xd9, 0x15, 0x1c, 0xf0, 0x48, 0x96, 0xe2, 0x58, + 0x30, 0xbf, 0x2e, 0x08, 0x26, 0x7b, 0x83, 0x60 }, + { 0xf7, 0x61, 0xe5, 0xe9, 0x3d, 0x60, 0x3f, 0xeb, + 0x73, 0x0e, 0x27, 0x55, 0x6c, 0xb8, 0xa2, 0xca }, + { 0x47, 0xee, 0x01, 0x99, 0x82, 0x0a }, + { 0x91, 0x13 }, + { 0x75, 0xfc, 0x22, 0x33, 0xa4, 0x42, 0x94, 0xee, + 0x8e, 0x6d, 0xe2, 0x5c, 0x43, 0x53, 0xd2, 0x6b }, + { 0xc4, 0xc9, 0x3e, 0xff, 0xe8, 0xa0, 0x81, 0x38, + 0xc2, 0x03, 0xd4, 0xc2, 0x7c, 0xe4, 0xe3, 0xd9 }, + { 0x66, 0xcc, 0x4b, 0xe4, 0x48, 0x62, 0xaf, 0x1f }, + { 0x7a, 0x4b, 0x8d, 0x7a, 0x87, 0x53, 0xf2, 0x46 }, + { 0x4a, 0x90, 0xb2, 0x17, 0x1a, 0xc8, 0x3a, 0x76 }, + { 0x71, 0x23, 0x6b, 0x71, 0x29, 0xf9, 0xb2, 0x2a, + 0xb7, 0x7e, 0xa7, 0xa5, 0x4c, 0x96, 0xda, 0x22 }, + { 0x90, 0x52, 0x7e, 0xba, 0xa5, 0x58, 0x89, 0x68, + 0xdb, 0x41, 0x72, 0x73, 0x25, 0xa0, 0x4d, 0x9e }, + { 0x82, 0xa0, 0xf5, 0x28, 0x7a, 0x71 }, + { 0x52, 0x7d, 0xbf, 0x41, 0xf3, 0x5f } + }, { + /* 3GPP TS 35.208 v6.0.0 - 4.3.10 Test Set 10 */ + { 0xa0, 0xe2, 0x97, 0x1b, 0x68, 0x22, 0xe8, 0xd3, + 0x54, 0xa1, 0x8c, 0xc2, 0x35, 0x62, 0x4e, 0xcb }, + { 0x08, 0xef, 0xf8, 0x28, 0xb1, 0x3f, 0xdb, 0x56, + 0x27, 0x22, 0xc6, 0x5c, 0x7f, 0x30, 0xa9, 0xb2 }, + { 0xdb, 0x5c, 0x06, 0x64, 0x81, 0xe0 }, + { 0x71, 0x6b }, + { 0x32, 0x37, 0x92, 0xfa, 0xca, 0x21, 0xfb, 0x4d, + 0x5d, 0x6f, 0x13, 0xc1, 0x45, 0xa9, 0xd2, 0xc1 }, + { 0x82, 0xa2, 0x6f, 0x22, 0xbb, 0xa9, 0xe9, 0x48, + 0x8f, 0x94, 0x9a, 0x10, 0xd9, 0x8e, 0x9c, 0xc4 }, + { 0x94, 0x85, 0xfe, 0x24, 0x62, 0x1c, 0xb9, 0xf6 }, + { 0xbc, 0xe3, 0x25, 0xce, 0x03, 0xe2, 0xe9, 0xb9 }, + { 0x4b, 0xc2, 0x21, 0x2d, 0x86, 0x24, 0x91, 0x0a }, + { 0x08, 0xce, 0xf6, 0xd0, 0x04, 0xec, 0x61, 0x47, + 0x1a, 0x3c, 0x3c, 0xda, 0x04, 0x81, 0x37, 0xfa }, + { 0xed, 0x03, 0x18, 0xca, 0x5d, 0xeb, 0x92, 0x06, + 0x27, 0x2f, 0x6e, 0x8f, 0xa6, 0x4b, 0xa4, 0x11 }, + { 0xa2, 0xf8, 0x58, 0xaa, 0x9e, 0x5d }, + { 0x74, 0xe7, 0x6f, 0xbb, 0xec, 0x38 } + }, { + /* 3GPP TS 35.208 v6.0.0 - 4.3.11 Test Set 11 */ + { 0x0d, 0xa6, 0xf7, 0xba, 0x86, 0xd5, 0xea, 0xc8, + 0xa1, 0x9c, 0xf5, 0x63, 0xac, 0x58, 0x64, 0x2d }, + { 0x67, 0x9a, 0xc4, 0xdb, 0xac, 0xd7, 0xd2, 0x33, + 0xff, 0x9d, 0x68, 0x06, 0xf4, 0x14, 0x9c, 0xe3 }, + { 0x6e, 0x23, 0x31, 0xd6, 0x92, 0xad }, + { 0x22, 0x4a }, + { 0x4b, 0x9a, 0x26, 0xfa, 0x45, 0x9e, 0x3a, 0xcb, + 0xff, 0x36, 0xf4, 0x01, 0x5d, 0xe3, 0xbd, 0xc1 }, + { 0x0d, 0xb1, 0x07, 0x1f, 0x87, 0x67, 0x56, 0x2c, + 0xa4, 0x3a, 0x0a, 0x64, 0xc4, 0x1e, 0x8d, 0x08 }, + { 0x28, 0x31, 0xd7, 0xae, 0x90, 0x88, 0xe4, 0x92 }, + { 0x9b, 0x2e, 0x16, 0x95, 0x11, 0x35, 0xd5, 0x23 }, + { 0x6f, 0xc3, 0x0f, 0xee, 0x6d, 0x12, 0x35, 0x23 }, + { 0x69, 0xb1, 0xca, 0xe7, 0xc7, 0x42, 0x9d, 0x97, + 0x5e, 0x24, 0x5c, 0xac, 0xb0, 0x5a, 0x51, 0x7c }, + { 0x74, 0xf2, 0x4e, 0x8c, 0x26, 0xdf, 0x58, 0xe1, + 0xb3, 0x8d, 0x7d, 0xcd, 0x4f, 0x1b, 0x7f, 0xbd }, + { 0x4c, 0x53, 0x9a, 0x26, 0xe1, 0xfa }, + { 0x07, 0x86, 0x1e, 0x12, 0x69, 0x28 } + }, { + /* 3GPP TS 35.208 v6.0.0 - 4.3.12 Test Set 12 */ + { 0x77, 0xb4, 0x58, 0x43, 0xc8, 0x8e, 0x58, 0xc1, + 0x0d, 0x20, 0x26, 0x84, 0x51, 0x5e, 0xd4, 0x30 }, + { 0x4c, 0x47, 0xeb, 0x30, 0x76, 0xdc, 0x55, 0xfe, + 0x51, 0x06, 0xcb, 0x20, 0x34, 0xb8, 0xcd, 0x78 }, + { 0xfe, 0x1a, 0x87, 0x31, 0x00, 0x5d }, + { 0xad, 0x25 }, + { 0xbf, 0x32, 0x86, 0xc7, 0xa5, 0x14, 0x09, 0xce, + 0x95, 0x72, 0x4d, 0x50, 0x3b, 0xfe, 0x6e, 0x70 }, + { 0xd4, 0x83, 0xaf, 0xae, 0x56, 0x24, 0x09, 0xa3, + 0x26, 0xb5, 0xbb, 0x0b, 0x20, 0xc4, 0xd7, 0x62 }, + { 0x08, 0x33, 0x2d, 0x7e, 0x9f, 0x48, 0x45, 0x70 }, + { 0xed, 0x41, 0xb7, 0x34, 0x48, 0x9d, 0x52, 0x07 }, + { 0xae, 0xfa, 0x35, 0x7b, 0xea, 0xc2, 0xa8, 0x7a }, + { 0x90, 0x8c, 0x43, 0xf0, 0x56, 0x9c, 0xb8, 0xf7, + 0x4b, 0xc9, 0x71, 0xe7, 0x06, 0xc3, 0x6c, 0x5f }, + { 0xc2, 0x51, 0xdf, 0x0d, 0x88, 0x8d, 0xd9, 0x32, + 0x9b, 0xcf, 0x46, 0x65, 0x5b, 0x22, 0x6e, 0x40 }, + { 0x30, 0xff, 0x25, 0xcd, 0xad, 0xf6 }, + { 0xe8, 0x4e, 0xd0, 0xd4, 0x67, 0x7e } + }, { + /* 3GPP TS 35.208 v6.0.0 - 4.3.13 Test Set 13 */ + { 0x72, 0x9b, 0x17, 0x72, 0x92, 0x70, 0xdd, 0x87, + 0xcc, 0xdf, 0x1b, 0xfe, 0x29, 0xb4, 0xe9, 0xbb }, + { 0x31, 0x1c, 0x4c, 0x92, 0x97, 0x44, 0xd6, 0x75, + 0xb7, 0x20, 0xf3, 0xb7, 0xe9, 0xb1, 0xcb, 0xd0 }, + { 0xc8, 0x5c, 0x4c, 0xf6, 0x59, 0x16 }, + { 0x5b, 0xb2 }, + { 0xd0, 0x4c, 0x9c, 0x35, 0xbd, 0x22, 0x62, 0xfa, + 0x81, 0x0d, 0x29, 0x24, 0xd0, 0x36, 0xfd, 0x13 }, + { 0x22, 0x8c, 0x2f, 0x2f, 0x06, 0xac, 0x32, 0x68, + 0xa9, 0xe6, 0x16, 0xee, 0x16, 0xdb, 0x4b, 0xa1 }, + { 0xff, 0x79, 0x4f, 0xe2, 0xf8, 0x27, 0xeb, 0xf8 }, + { 0x24, 0xfe, 0x4d, 0xc6, 0x1e, 0x87, 0x4b, 0x52 }, + { 0x98, 0xdb, 0xbd, 0x09, 0x9b, 0x3b, 0x40, 0x8d }, + { 0x44, 0xc0, 0xf2, 0x3c, 0x54, 0x93, 0xcf, 0xd2, + 0x41, 0xe4, 0x8f, 0x19, 0x7e, 0x1d, 0x10, 0x12 }, + { 0x0c, 0x9f, 0xb8, 0x16, 0x13, 0x88, 0x4c, 0x25, + 0x35, 0xdd, 0x0e, 0xab, 0xf3, 0xb4, 0x40, 0xd8 }, + { 0x53, 0x80, 0xd1, 0x58, 0xcf, 0xe3 }, + { 0x87, 0xac, 0x3b, 0x55, 0x9f, 0xb6 } + }, { + /* 3GPP TS 35.208 v6.0.0 - 4.3.14 Test Set 14 */ + { 0xd3, 0x2d, 0xd2, 0x3e, 0x89, 0xdc, 0x66, 0x23, + 0x54, 0xca, 0x12, 0xeb, 0x79, 0xdd, 0x32, 0xfa }, + { 0xcf, 0x7d, 0x0a, 0xb1, 0xd9, 0x43, 0x06, 0x95, + 0x0b, 0xf1, 0x20, 0x18, 0xfb, 0xd4, 0x68, 0x87 }, + { 0x48, 0x41, 0x07, 0xe5, 0x6a, 0x43 }, + { 0xb5, 0xe6 }, + { 0xfe, 0x75, 0x90, 0x5b, 0x9d, 0xa4, 0x7d, 0x35, + 0x62, 0x36, 0xd0, 0x31, 0x4e, 0x09, 0xc3, 0x2e }, + { 0xd2, 0x2a, 0x4b, 0x41, 0x80, 0xa5, 0x32, 0x57, + 0x08, 0xa5, 0xff, 0x70, 0xd9, 0xf6, 0x7e, 0xc7 }, + { 0xcf, 0x19, 0xd6, 0x2b, 0x6a, 0x80, 0x98, 0x66 }, + { 0x5d, 0x26, 0x95, 0x37, 0xe4, 0x5e, 0x2c, 0xe6 }, + { 0xaf, 0x4a, 0x41, 0x1e, 0x11, 0x39, 0xf2, 0xc2 }, + { 0x5a, 0xf8, 0x6b, 0x80, 0xed, 0xb7, 0x0d, 0xf5, + 0x29, 0x2c, 0xc1, 0x12, 0x1c, 0xba, 0xd5, 0x0c }, + { 0x7f, 0x4d, 0x6a, 0xe7, 0x44, 0x0e, 0x18, 0x78, + 0x9a, 0x8b, 0x75, 0xad, 0x3f, 0x42, 0xf0, 0x3a }, + { 0x21, 0x7a, 0xf4, 0x92, 0x72, 0xad }, + { 0x90, 0x0e, 0x10, 0x1c, 0x67, 0x7e } + }, { + /* 3GPP TS 35.208 v6.0.0 - 4.3.15 Test Set 15 */ + { 0xaf, 0x7c, 0x65, 0xe1, 0x92, 0x72, 0x21, 0xde, + 0x59, 0x11, 0x87, 0xa2, 0xc5, 0x98, 0x7a, 0x53 }, + { 0x1f, 0x0f, 0x85, 0x78, 0x46, 0x4f, 0xd5, 0x9b, + 0x64, 0xbe, 0xd2, 0xd0, 0x94, 0x36, 0xb5, 0x7a }, + { 0x3d, 0x62, 0x7b, 0x01, 0x41, 0x8d }, + { 0x84, 0xf6 }, + { 0x0c, 0x7a, 0xcb, 0x8d, 0x95, 0xb7, 0xd4, 0xa3, + 0x1c, 0x5a, 0xca, 0x6d, 0x26, 0x34, 0x5a, 0x88 }, + { 0xa4, 0xcf, 0x5c, 0x81, 0x55, 0xc0, 0x8a, 0x7e, + 0xff, 0x41, 0x8e, 0x54, 0x43, 0xb9, 0x8e, 0x55 }, + { 0xc3, 0x7c, 0xae, 0x78, 0x05, 0x64, 0x20, 0x32 }, + { 0x68, 0xcd, 0x09, 0xa4, 0x52, 0xd8, 0xdb, 0x7c }, + { 0x7b, 0xff, 0xa5, 0xc2, 0xf4, 0x1f, 0xbc, 0x05 }, + { 0x3f, 0x8c, 0x3f, 0x3c, 0xcf, 0x76, 0x25, 0xbf, + 0x77, 0xfc, 0x94, 0xbc, 0xfd, 0x22, 0xfd, 0x26 }, + { 0xab, 0xcb, 0xae, 0x8f, 0xd4, 0x61, 0x15, 0xe9, + 0x96, 0x1a, 0x55, 0xd0, 0xda, 0x5f, 0x20, 0x78 }, + { 0x83, 0x7f, 0xd7, 0xb7, 0x44, 0x19 }, + { 0x56, 0xe9, 0x7a, 0x60, 0x90, 0xb1 } + }, { + /* 3GPP TS 35.208 v6.0.0 - 4.3.16 Test Set 16 */ + { 0x5b, 0xd7, 0xec, 0xd3, 0xd3, 0x12, 0x7a, 0x41, + 0xd1, 0x25, 0x39, 0xbe, 0xd4, 0xe7, 0xcf, 0x71 }, + { 0x59, 0xb7, 0x5f, 0x14, 0x25, 0x1c, 0x75, 0x03, + 0x1d, 0x0b, 0xcb, 0xac, 0x1c, 0x2c, 0x04, 0xc7 }, + { 0xa2, 0x98, 0xae, 0x89, 0x29, 0xdc }, + { 0xd0, 0x56 }, + { 0xf9, 0x67, 0xf7, 0x60, 0x38, 0xb9, 0x20, 0xa9, + 0xcd, 0x25, 0xe1, 0x0c, 0x08, 0xb4, 0x99, 0x24 }, + { 0x76, 0x08, 0x9d, 0x3c, 0x0f, 0xf3, 0xef, 0xdc, + 0x6e, 0x36, 0x72, 0x1d, 0x4f, 0xce, 0xb7, 0x47 }, + { 0xc3, 0xf2, 0x5c, 0xd9, 0x43, 0x09, 0x10, 0x7e }, + { 0xb0, 0xc8, 0xba, 0x34, 0x36, 0x65, 0xaf, 0xcc }, + { 0x7e, 0x3f, 0x44, 0xc7, 0x59, 0x1f, 0x6f, 0x45 }, + { 0xd4, 0x2b, 0x2d, 0x61, 0x5e, 0x49, 0xa0, 0x3a, + 0xc2, 0x75, 0xa5, 0xae, 0xf9, 0x7a, 0xf8, 0x92 }, + { 0x0b, 0x3f, 0x8d, 0x02, 0x4f, 0xe6, 0xbf, 0xaf, + 0xaa, 0x98, 0x2b, 0x8f, 0x82, 0xe3, 0x19, 0xc2 }, + { 0x5b, 0xe1, 0x14, 0x95, 0x52, 0x5d }, + { 0x4d, 0x6a, 0x34, 0xa1, 0xe4, 0xeb } + }, { + /* 3GPP TS 35.208 v6.0.0 - 4.3.17 Test Set 17 */ + { 0x6c, 0xd1, 0xc6, 0xce, 0xb1, 0xe0, 0x1e, 0x14, + 0xf1, 0xb8, 0x23, 0x16, 0xa9, 0x0b, 0x7f, 0x3d }, + { 0xf6, 0x9b, 0x78, 0xf3, 0x00, 0xa0, 0x56, 0x8b, + 0xce, 0x9f, 0x0c, 0xb9, 0x3c, 0x4b, 0xe4, 0xc9 }, + { 0xb4, 0xfc, 0xe5, 0xfe, 0xb0, 0x59 }, + { 0xe4, 0xbb }, + { 0x07, 0x8b, 0xfc, 0xa9, 0x56, 0x46, 0x59, 0xec, + 0xd8, 0x85, 0x1e, 0x84, 0xe6, 0xc5, 0x9b, 0x48 }, + { 0xa2, 0x19, 0xdc, 0x37, 0xf1, 0xdc, 0x7d, 0x66, + 0x73, 0x8b, 0x58, 0x43, 0xc7, 0x99, 0xf2, 0x06 }, + { 0x69, 0xa9, 0x08, 0x69, 0xc2, 0x68, 0xcb, 0x7b }, + { 0x2e, 0x0f, 0xdc, 0xf9, 0xfd, 0x1c, 0xfa, 0x6a }, + { 0x70, 0xf6, 0xbd, 0xb9, 0xad, 0x21, 0x52, 0x5f }, + { 0x6e, 0xda, 0xf9, 0x9e, 0x5b, 0xd9, 0xf8, 0x5d, + 0x5f, 0x36, 0xd9, 0x1c, 0x12, 0x72, 0xfb, 0x4b }, + { 0xd6, 0x1c, 0x85, 0x3c, 0x28, 0x0d, 0xd9, 0xc4, + 0x6f, 0x29, 0x7b, 0xae, 0xc3, 0x86, 0xde, 0x17 }, + { 0x1c, 0x40, 0x8a, 0x85, 0x8b, 0x3e }, + { 0xaa, 0x4a, 0xe5, 0x2d, 0xaa, 0x30 } + }, { + /* 3GPP TS 35.208 v6.0.0 - 4.3.18 Test Set 18 */ + { 0xb7, 0x3a, 0x90, 0xcb, 0xcf, 0x3a, 0xfb, 0x62, + 0x2d, 0xba, 0x83, 0xc5, 0x8a, 0x84, 0x15, 0xdf }, + { 0xb1, 0x20, 0xf1, 0xc1, 0xa0, 0x10, 0x2a, 0x2f, + 0x50, 0x7d, 0xd5, 0x43, 0xde, 0x68, 0x28, 0x1f }, + { 0xf1, 0xe8, 0xa5, 0x23, 0xa3, 0x6d }, + { 0x47, 0x1b }, + { 0xb6, 0x72, 0x04, 0x7e, 0x00, 0x3b, 0xb9, 0x52, + 0xdc, 0xa6, 0xcb, 0x8a, 0xf0, 0xe5, 0xb7, 0x79 }, + { 0xdf, 0x0c, 0x67, 0x86, 0x8f, 0xa2, 0x5f, 0x74, + 0x8b, 0x70, 0x44, 0xc6, 0xe7, 0xc2, 0x45, 0xb8 }, + { 0xeb, 0xd7, 0x03, 0x41, 0xbc, 0xd4, 0x15, 0xb0 }, + { 0x12, 0x35, 0x9f, 0x5d, 0x82, 0x22, 0x0c, 0x14 }, + { 0x47, 0x9d, 0xd2, 0x5c, 0x20, 0x79, 0x2d, 0x63 }, + { 0x66, 0x19, 0x5d, 0xbe, 0xd0, 0x31, 0x32, 0x74, + 0xc5, 0xca, 0x77, 0x66, 0x61, 0x5f, 0xa2, 0x5e }, + { 0x66, 0xbe, 0xc7, 0x07, 0xeb, 0x2a, 0xfc, 0x47, + 0x6d, 0x74, 0x08, 0xa8, 0xf2, 0x92, 0x7b, 0x36 }, + { 0xae, 0xfd, 0xaa, 0x5d, 0xdd, 0x99 }, + { 0x12, 0xec, 0x2b, 0x87, 0xfb, 0xb1 } + }, { + /* 3GPP TS 35.208 v6.0.0 - 4.3.19 Test Set 19 */ + { 0x51, 0x22, 0x25, 0x02, 0x14, 0xc3, 0x3e, 0x72, + 0x3a, 0x5d, 0xd5, 0x23, 0xfc, 0x14, 0x5f, 0xc0 }, + { 0x81, 0xe9, 0x2b, 0x6c, 0x0e, 0xe0, 0xe1, 0x2e, + 0xbc, 0xeb, 0xa8, 0xd9, 0x2a, 0x99, 0xdf, 0xa5 }, + { 0x16, 0xf3, 0xb3, 0xf7, 0x0f, 0xc2 }, + { 0xc3, 0xab }, + { 0xc9, 0xe8, 0x76, 0x32, 0x86, 0xb5, 0xb9, 0xff, + 0xbd, 0xf5, 0x6e, 0x12, 0x97, 0xd0, 0x88, 0x7b }, + { 0x98, 0x1d, 0x46, 0x4c, 0x7c, 0x52, 0xeb, 0x6e, + 0x50, 0x36, 0x23, 0x49, 0x84, 0xad, 0x0b, 0xcf }, + { 0x2a, 0x5c, 0x23, 0xd1, 0x5e, 0xe3, 0x51, 0xd5 }, + { 0x62, 0xda, 0xe3, 0x85, 0x3f, 0x3a, 0xf9, 0xd2 }, + { 0x28, 0xd7, 0xb0, 0xf2, 0xa2, 0xec, 0x3d, 0xe5 }, + { 0x53, 0x49, 0xfb, 0xe0, 0x98, 0x64, 0x9f, 0x94, + 0x8f, 0x5d, 0x2e, 0x97, 0x3a, 0x81, 0xc0, 0x0f }, + { 0x97, 0x44, 0x87, 0x1a, 0xd3, 0x2b, 0xf9, 0xbb, + 0xd1, 0xdd, 0x5c, 0xe5, 0x4e, 0x3e, 0x2e, 0x5a }, + { 0xad, 0xa1, 0x5a, 0xeb, 0x7b, 0xb8 }, + { 0xd4, 0x61, 0xbc, 0x15, 0x47, 0x5d } + }, { + /* 3GPP TS 35.208 v6.0.0 - 4.3.20 Test Set 20 */ + { 0x90, 0xdc, 0xa4, 0xed, 0xa4, 0x5b, 0x53, 0xcf, + 0x0f, 0x12, 0xd7, 0xc9, 0xc3, 0xbc, 0x6a, 0x89 }, + { 0x9f, 0xdd, 0xc7, 0x20, 0x92, 0xc6, 0xad, 0x03, + 0x6b, 0x6e, 0x46, 0x47, 0x89, 0x31, 0x5b, 0x78 }, + { 0x20, 0xf8, 0x13, 0xbd, 0x41, 0x41 }, + { 0x61, 0xdf }, + { 0x3f, 0xfc, 0xfe, 0x5b, 0x7b, 0x11, 0x11, 0x58, + 0x99, 0x20, 0xd3, 0x52, 0x8e, 0x84, 0xe6, 0x55 }, + { 0xcb, 0x9c, 0xcc, 0xc4, 0xb9, 0x25, 0x8e, 0x6d, + 0xca, 0x47, 0x60, 0x37, 0x9f, 0xb8, 0x25, 0x81 }, + { 0x09, 0xdb, 0x94, 0xea, 0xb4, 0xf8, 0x14, 0x9e }, + { 0xa2, 0x94, 0x68, 0xaa, 0x97, 0x75, 0xb5, 0x27 }, + { 0xa9, 0x51, 0x00, 0xe2, 0x76, 0x09, 0x52, 0xcd }, + { 0xb5, 0xf2, 0xda, 0x03, 0x88, 0x3b, 0x69, 0xf9, + 0x6b, 0xf5, 0x2e, 0x02, 0x9e, 0xd9, 0xac, 0x45 }, + { 0xb4, 0x72, 0x13, 0x68, 0xbc, 0x16, 0xea, 0x67, + 0x87, 0x5c, 0x55, 0x98, 0x68, 0x8b, 0xb0, 0xef }, + { 0x83, 0xcf, 0xd5, 0x4d, 0xb9, 0x13 }, + { 0x4f, 0x20, 0x39, 0x39, 0x2d, 0xdc } + } +}; + +#define NUM_TESTS (sizeof(test_sets) / sizeof(test_sets[0])) + + +int main(int argc, char *argv[]) +{ + u8 buf[16], buf2[16], buf3[16], buf4[16], buf5[16], opc[16]; + u8 auts[14], sqn[6], _rand[16]; + int ret = 0, res, i; + const struct milenage_test_set *t; + size_t res_len; + + wpa_debug_level = 0; + + printf("Milenage test sets\n"); + for (i = 0; i < NUM_TESTS; i++) { + t = &test_sets[i]; + printf("Test Set %d\n", i + 1); + + milenage_opc(t->op, t->k, opc); + if (memcmp(opc, t->opc, 16) != 0) { + printf("- milenage_opc failed\n"); + ret++; + } + + milenage_f1(opc, t->k, t->rand, t->sqn, t->amf, buf, buf2); + if (memcmp(buf, t->f1, 8) != 0) { + printf("- milenage_f1 failed\n"); + ret++; + } + if (memcmp(buf2, t->f1star, 8) != 0) { + printf("- milenage_f1* failed\n"); + ret++; + } + + milenage_f2345(opc, t->k, t->rand, buf, buf2, buf3, buf4, + buf5); + if (memcmp(buf, t->f2, 8) != 0) { + printf("- milenage_f2 failed\n"); + ret++; + } + if (memcmp(buf2, t->f3, 16) != 0) { + printf("- milenage_f3 failed\n"); + ret++; + } + if (memcmp(buf3, t->f4, 16) != 0) { + printf("- milenage_f4 failed\n"); + ret++; + } + if (memcmp(buf4, t->f5, 6) != 0) { + printf("- milenage_f5 failed\n"); + ret++; + } + if (memcmp(buf5, t->f5star, 6) != 0) { + printf("- milenage_f5* failed\n"); + ret++; + } + } + + printf("milenage_auts test:\n"); + memcpy(auts, "\x4f\x20\x39\x39\x2d\xdd", 6); + memcpy(auts + 6, "\x4b\xb4\x31\x6e\xd4\xa1\x46\x88", 8); + res = milenage_auts(t->opc, t->k, t->rand, auts, buf); + printf("AUTS for test set %d: %d / SQN=%02x%02x%02x%02x%02x%02x\n", + i, res, buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]); + if (res) + ret++; + + memset(_rand, 0xaa, sizeof(_rand)); + memcpy(auts, + "\x43\x68\x1a\xd3\xda\xf0\x06\xbc\xde\x40\x5a\x20\x72\x67", 14); + res = milenage_auts(t->opc, t->k, _rand, auts, buf); + printf("AUTS from a test USIM: %d / SQN=%02x%02x%02x%02x%02x%02x\n", + res, buf[0], buf[1], buf[2], buf[3], buf[4], buf[5]); + if (res) + ret++; + + printf("milenage_generate test:\n"); + memcpy(sqn, "\x00\x00\x00\x00\x40\x44", 6); + memcpy(_rand, "\x12\x69\xb8\x23\x41\x39\x35\x66\xfb\x99\x41\xe9\x84" + "\x4f\xe6\x2f", 16); + res_len = 8; + milenage_generate(t->opc, t->amf, t->k, sqn, _rand, buf, buf2, buf3, + buf4, &res_len); + wpa_hexdump(MSG_DEBUG, "SQN", sqn, 6); + wpa_hexdump(MSG_DEBUG, "RAND", _rand, 16); + wpa_hexdump(MSG_DEBUG, "AUTN", buf, 16); + wpa_hexdump(MSG_DEBUG, "IK", buf2, 16); + wpa_hexdump(MSG_DEBUG, "CK", buf3, 16); + wpa_hexdump(MSG_DEBUG, "RES", buf4, res_len); + + printf("GSM-Milenage test sets\n"); + for (i = 0; i < NUM_GSM_TESTS; i++) { + const struct gsm_milenage_test_set *g; + u8 sres[4], kc[8]; + g = &gsm_test_sets[i]; + printf("Test Set %d\n", i + 1); + gsm_milenage(g->opc, g->ki, g->rand, sres, kc); + if (memcmp(g->kc, kc, 8) != 0) { + printf("- gsm_milenage Kc failed\n"); + ret++; + } +#ifdef GSM_MILENAGE_ALT_SRES + if (memcmp(g->sres2, sres, 4) != 0) { + printf("- gsm_milenage SRES#2 failed\n"); + ret++; + } +#else /* GSM_MILENAGE_ALT_SRES */ + if (memcmp(g->sres1, sres, 4) != 0) { + printf("- gsm_milenage SRES#1 failed\n"); + ret++; + } +#endif /* GSM_MILENAGE_ALT_SRES */ + } + + if (ret) + printf("Something failed\n"); + else + printf("OK\n"); + + return ret; +} +#endif /* TEST_MAIN_MILENAGE */ diff --git a/contrib/hostapd-0.5.8/milenage.h b/contrib/hostapd-0.5.8/milenage.h new file mode 100644 index 0000000000..cc184f0f02 --- /dev/null +++ b/contrib/hostapd-0.5.8/milenage.h @@ -0,0 +1,26 @@ +/* + * UMTS AKA - Milenage algorithm (3GPP TS 35.205, .206, .207, .208) + * Copyright (c) 2006 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef MILENAGE_H +#define MILENAGE_H + +void milenage_generate(const u8 *opc, const u8 *amf, const u8 *k, + const u8 *sqn, const u8 *_rand, u8 *autn, u8 *ik, + u8 *ck, u8 *res, size_t *res_len); +int milenage_auts(const u8 *opc, const u8 *k, const u8 *_rand, const u8 *auts, + u8 *sqn); +void gsm_milenage(const u8 *opc, const u8 *k, const u8 *_rand, u8 *sres, + u8 *kc); + +#endif /* MILENAGE_H */ diff --git a/contrib/hostapd-0.5.8/mlme.c b/contrib/hostapd-0.5.8/mlme.c new file mode 100644 index 0000000000..3d4cf21a45 --- /dev/null +++ b/contrib/hostapd-0.5.8/mlme.c @@ -0,0 +1,176 @@ +/* + * hostapd / IEEE 802.11 MLME + * Copyright 2003-2006, Jouni Malinen + * Copyright 2003-2004, Instant802 Networks, Inc. + * Copyright 2005-2006, Devicescape Software, Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "hostapd.h" +#include "ieee802_11.h" +#include "sta_info.h" +#include "wpa.h" +#include "mlme.h" + + +static const char * mlme_auth_alg_str(int alg) +{ + switch (alg) { + case WLAN_AUTH_OPEN: + return "OPEN_SYSTEM"; + case WLAN_AUTH_SHARED_KEY: + return "SHARED_KEY"; + } + + return "unknown"; +} + + +/** + * mlme_authenticate_indication - Report the establishment of an authentication + * relationship with a specific peer MAC entity + * @hapd: BSS data + * @sta: peer STA data + * + * MLME calls this function as a result of the establishment of an + * authentication relationship with a specific peer MAC entity that + * resulted from an authentication procedure that was initiated by + * that specific peer MAC entity. + * + * PeerSTAAddress = sta->addr + * AuthenticationType = sta->auth_alg (WLAN_AUTH_OPEN / WLAN_AUTH_SHARED_KEY) + */ +void mlme_authenticate_indication(struct hostapd_data *hapd, + struct sta_info *sta) +{ + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_MLME, + HOSTAPD_LEVEL_DEBUG, + "MLME-AUTHENTICATE.indication(" MACSTR ", %s)", + MAC2STR(sta->addr), mlme_auth_alg_str(sta->auth_alg)); + mlme_deletekeys_request(hapd, sta); +} + + +/** + * mlme_deauthenticate_indication - Report the invalidation of an + * authentication relationship with a specific peer MAC entity + * @hapd: BSS data + * @sta: Peer STA data + * @reason_code: ReasonCode from Deauthentication frame + * + * MLME calls this function as a result of the invalidation of an + * authentication relationship with a specific peer MAC entity. + * + * PeerSTAAddress = sta->addr + */ +void mlme_deauthenticate_indication(struct hostapd_data *hapd, + struct sta_info *sta, u16 reason_code) +{ + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_MLME, + HOSTAPD_LEVEL_DEBUG, + "MLME-DEAUTHENTICATE.indication(" MACSTR ", %d)", + MAC2STR(sta->addr), reason_code); + mlme_deletekeys_request(hapd, sta); +} + + +/** + * mlme_associate_indication - Report the establishment of an association with + * a specific peer MAC entity + * @hapd: BSS data + * @sta: peer STA data + * + * MLME calls this function as a result of the establishment of an + * association with a specific peer MAC entity that resulted from an + * association procedure that was initiated by that specific peer MAC entity. + * + * PeerSTAAddress = sta->addr + */ +void mlme_associate_indication(struct hostapd_data *hapd, struct sta_info *sta) +{ + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_MLME, + HOSTAPD_LEVEL_DEBUG, + "MLME-ASSOCIATE.indication(" MACSTR ")", + MAC2STR(sta->addr)); + mlme_deletekeys_request(hapd, sta); +} + + +/** + * mlme_reassociate_indication - Report the establishment of an reassociation + * with a specific peer MAC entity + * @hapd: BSS data + * @sta: peer STA data + * + * MLME calls this function as a result of the establishment of an + * reassociation with a specific peer MAC entity that resulted from a + * reassociation procedure that was initiated by that specific peer MAC entity. + * + * PeerSTAAddress = sta->addr + * + * sta->previous_ap contains the "Current AP" information from ReassocReq. + */ +void mlme_reassociate_indication(struct hostapd_data *hapd, + struct sta_info *sta) +{ + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_MLME, + HOSTAPD_LEVEL_DEBUG, + "MLME-REASSOCIATE.indication(" MACSTR ")", + MAC2STR(sta->addr)); + mlme_deletekeys_request(hapd, sta); +} + + +/** + * mlme_disassociate_indication - Report disassociation with a specific peer + * MAC entity + * @hapd: BSS data + * @sta: Peer STA data + * @reason_code: ReasonCode from Disassociation frame + * + * MLME calls this function as a result of the invalidation of an association + * relationship with a specific peer MAC entity. + * + * PeerSTAAddress = sta->addr + */ +void mlme_disassociate_indication(struct hostapd_data *hapd, + struct sta_info *sta, u16 reason_code) +{ + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_MLME, + HOSTAPD_LEVEL_DEBUG, + "MLME-DISASSOCIATE.indication(" MACSTR ", %d)", + MAC2STR(sta->addr), reason_code); + mlme_deletekeys_request(hapd, sta); +} + + +void mlme_michaelmicfailure_indication(struct hostapd_data *hapd, + const u8 *addr) +{ + hostapd_logger(hapd, addr, HOSTAPD_MODULE_MLME, + HOSTAPD_LEVEL_DEBUG, + "MLME-MichaelMICFailure.indication(" MACSTR ")", + MAC2STR(addr)); +} + + +void mlme_deletekeys_request(struct hostapd_data *hapd, struct sta_info *sta) +{ + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_MLME, + HOSTAPD_LEVEL_DEBUG, + "MLME-DELETEKEYS.request(" MACSTR ")", + MAC2STR(sta->addr)); + + if (sta->wpa_sm) + wpa_remove_ptk(sta->wpa_sm); +} diff --git a/contrib/hostapd-0.5.8/mlme.h b/contrib/hostapd-0.5.8/mlme.h new file mode 100644 index 0000000000..c77a9390a8 --- /dev/null +++ b/contrib/hostapd-0.5.8/mlme.h @@ -0,0 +1,40 @@ +/* + * hostapd / IEEE 802.11 MLME + * Copyright 2003, Jouni Malinen + * Copyright 2003-2004, Instant802 Networks, Inc. + * Copyright 2005-2006, Devicescape Software, Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef MLME_H +#define MLME_H + +void mlme_authenticate_indication(struct hostapd_data *hapd, + struct sta_info *sta); + +void mlme_deauthenticate_indication(struct hostapd_data *hapd, + struct sta_info *sta, u16 reason_code); + +void mlme_associate_indication(struct hostapd_data *hapd, + struct sta_info *sta); + +void mlme_reassociate_indication(struct hostapd_data *hapd, + struct sta_info *sta); + +void mlme_disassociate_indication(struct hostapd_data *hapd, + struct sta_info *sta, u16 reason_code); + +void mlme_michaelmicfailure_indication(struct hostapd_data *hapd, + const u8 *addr); + +void mlme_deletekeys_request(struct hostapd_data *hapd, struct sta_info *sta); + +#endif /* MLME_H */ diff --git a/contrib/hostapd-0.5.8/ms_funcs.c b/contrib/hostapd-0.5.8/ms_funcs.c new file mode 100644 index 0000000000..d7231799d1 --- /dev/null +++ b/contrib/hostapd-0.5.8/ms_funcs.c @@ -0,0 +1,440 @@ +/* + * WPA Supplicant / shared MSCHAPV2 helper functions / RFC 2433 / RFC 2759 + * Copyright (c) 2004-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "common.h" +#include "sha1.h" +#include "ms_funcs.h" +#include "crypto.h" +#include "rc4.h" + + +/** + * challenge_hash - ChallengeHash() - RFC 2759, Sect. 8.2 + * @peer_challenge: 16-octet PeerChallenge (IN) + * @auth_challenge: 16-octet AuthenticatorChallenge (IN) + * @username: 0-to-256-char UserName (IN) + * @username_len: Length of username + * @challenge: 8-octet Challenge (OUT) + */ +static void challenge_hash(const u8 *peer_challenge, const u8 *auth_challenge, + const u8 *username, size_t username_len, + u8 *challenge) +{ + u8 hash[SHA1_MAC_LEN]; + const unsigned char *addr[3]; + size_t len[3]; + + addr[0] = peer_challenge; + len[0] = 16; + addr[1] = auth_challenge; + len[1] = 16; + addr[2] = username; + len[2] = username_len; + + sha1_vector(3, addr, len, hash); + os_memcpy(challenge, hash, 8); +} + + +/** + * nt_password_hash - NtPasswordHash() - RFC 2759, Sect. 8.3 + * @password: 0-to-256-unicode-char Password (IN; ASCII) + * @password_len: Length of password + * @password_hash: 16-octet PasswordHash (OUT) + */ +void nt_password_hash(const u8 *password, size_t password_len, + u8 *password_hash) +{ + u8 buf[512], *pos; + size_t i, len; + + if (password_len > 256) + return; + + /* Convert password into unicode */ + for (i = 0; i < password_len; i++) { + buf[2 * i] = password[i]; + buf[2 * i + 1] = 0; + } + + len = password_len * 2; + pos = buf; + md4_vector(1, (const u8 **) &pos, &len, password_hash); +} + + +/** + * hash_nt_password_hash - HashNtPasswordHash() - RFC 2759, Sect. 8.4 + * @password_hash: 16-octet PasswordHash (IN) + * @password_hash_hash: 16-octet PasswordHashHash (OUT) + */ +void hash_nt_password_hash(const u8 *password_hash, u8 *password_hash_hash) +{ + size_t len = 16; + md4_vector(1, &password_hash, &len, password_hash_hash); +} + + +/** + * challenge_response - ChallengeResponse() - RFC 2759, Sect. 8.5 + * @challenge: 8-octet Challenge (IN) + * @password_hash: 16-octet PasswordHash (IN) + * @response: 24-octet Response (OUT) + */ +void challenge_response(const u8 *challenge, const u8 *password_hash, + u8 *response) +{ + u8 zpwd[7]; + des_encrypt(challenge, password_hash, response); + des_encrypt(challenge, password_hash + 7, response + 8); + zpwd[0] = password_hash[14]; + zpwd[1] = password_hash[15]; + os_memset(zpwd + 2, 0, 5); + des_encrypt(challenge, zpwd, response + 16); +} + + +/** + * generate_nt_response - GenerateNTResponse() - RFC 2759, Sect. 8.1 + * @auth_challenge: 16-octet AuthenticatorChallenge (IN) + * @peer_hallenge: 16-octet PeerChallenge (IN) + * @username: 0-to-256-char UserName (IN) + * @username_len: Length of username + * @password: 0-to-256-unicode-char Password (IN; ASCII) + * @password_len: Length of password + * @response: 24-octet Response (OUT) + */ +void generate_nt_response(const u8 *auth_challenge, const u8 *peer_challenge, + const u8 *username, size_t username_len, + const u8 *password, size_t password_len, + u8 *response) +{ + u8 challenge[8]; + u8 password_hash[16]; + + challenge_hash(peer_challenge, auth_challenge, username, username_len, + challenge); + nt_password_hash(password, password_len, password_hash); + challenge_response(challenge, password_hash, response); +} + + +/** + * generate_nt_response_pwhash - GenerateNTResponse() - RFC 2759, Sect. 8.1 + * @auth_challenge: 16-octet AuthenticatorChallenge (IN) + * @peer_hallenge: 16-octet PeerChallenge (IN) + * @username: 0-to-256-char UserName (IN) + * @username_len: Length of username + * @password_hash: 16-octet PasswordHash (IN) + * @response: 24-octet Response (OUT) + */ +void generate_nt_response_pwhash(const u8 *auth_challenge, + const u8 *peer_challenge, + const u8 *username, size_t username_len, + const u8 *password_hash, + u8 *response) +{ + u8 challenge[8]; + + challenge_hash(peer_challenge, auth_challenge, username, username_len, + challenge); + challenge_response(challenge, password_hash, response); +} + + +/** + * generate_authenticator_response_pwhash - GenerateAuthenticatorResponse() - RFC 2759, Sect. 8.7 + * @password_hash: 16-octet PasswordHash (IN) + * @nt_response: 24-octet NT-Response (IN) + * @peer_challenge: 16-octet PeerChallenge (IN) + * @auth_challenge: 16-octet AuthenticatorChallenge (IN) + * @username: 0-to-256-char UserName (IN) + * @username_len: Length of username + * @response: 20-octet AuthenticatorResponse (OUT) (note: this value is usually + * encoded as a 42-octet ASCII string (S=) + */ +void generate_authenticator_response_pwhash( + const u8 *password_hash, + const u8 *peer_challenge, const u8 *auth_challenge, + const u8 *username, size_t username_len, + const u8 *nt_response, u8 *response) +{ + static const u8 magic1[39] = { + 0x4D, 0x61, 0x67, 0x69, 0x63, 0x20, 0x73, 0x65, 0x72, 0x76, + 0x65, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x63, 0x6C, 0x69, 0x65, + 0x6E, 0x74, 0x20, 0x73, 0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67, + 0x20, 0x63, 0x6F, 0x6E, 0x73, 0x74, 0x61, 0x6E, 0x74 + }; + static const u8 magic2[41] = { + 0x50, 0x61, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x6D, 0x61, 0x6B, + 0x65, 0x20, 0x69, 0x74, 0x20, 0x64, 0x6F, 0x20, 0x6D, 0x6F, + 0x72, 0x65, 0x20, 0x74, 0x68, 0x61, 0x6E, 0x20, 0x6F, 0x6E, + 0x65, 0x20, 0x69, 0x74, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6F, + 0x6E + }; + + u8 password_hash_hash[16], challenge[8]; + const unsigned char *addr1[3]; + const size_t len1[3] = { 16, 24, sizeof(magic1) }; + const unsigned char *addr2[3]; + const size_t len2[3] = { SHA1_MAC_LEN, 8, sizeof(magic2) }; + + addr1[0] = password_hash_hash; + addr1[1] = nt_response; + addr1[2] = magic1; + + addr2[0] = response; + addr2[1] = challenge; + addr2[2] = magic2; + + hash_nt_password_hash(password_hash, password_hash_hash); + sha1_vector(3, addr1, len1, response); + + challenge_hash(peer_challenge, auth_challenge, username, username_len, + challenge); + sha1_vector(3, addr2, len2, response); +} + + +/** + * generate_authenticator_response - GenerateAuthenticatorResponse() - RFC 2759, Sect. 8.7 + * @password: 0-to-256-unicode-char Password (IN; ASCII) + * @password_len: Length of password + * @nt_response: 24-octet NT-Response (IN) + * @peer_challenge: 16-octet PeerChallenge (IN) + * @auth_challenge: 16-octet AuthenticatorChallenge (IN) + * @username: 0-to-256-char UserName (IN) + * @username_len: Length of username + * @response: 20-octet AuthenticatorResponse (OUT) (note: this value is usually + * encoded as a 42-octet ASCII string (S=) + */ +void generate_authenticator_response(const u8 *password, size_t password_len, + const u8 *peer_challenge, + const u8 *auth_challenge, + const u8 *username, size_t username_len, + const u8 *nt_response, u8 *response) +{ + u8 password_hash[16]; + nt_password_hash(password, password_len, password_hash); + generate_authenticator_response_pwhash(password_hash, + peer_challenge, auth_challenge, + username, username_len, + nt_response, response); +} + + +/** + * nt_challenge_response - NtChallengeResponse() - RFC 2433, Sect. A.5 + * @challenge: 8-octet Challenge (IN) + * @password: 0-to-256-unicode-char Password (IN; ASCII) + * @password_len: Length of password + * @response: 24-octet Response (OUT) + */ +void nt_challenge_response(const u8 *challenge, const u8 *password, + size_t password_len, u8 *response) +{ + u8 password_hash[16]; + nt_password_hash(password, password_len, password_hash); + challenge_response(challenge, password_hash, response); +} + + +/** + * get_master_key - GetMasterKey() - RFC 3079, Sect. 3.4 + * @password_hash_hash: 16-octet PasswordHashHash (IN) + * @nt_response: 24-octet NTResponse (IN) + * @master_key: 16-octet MasterKey (OUT) + */ +void get_master_key(const u8 *password_hash_hash, const u8 *nt_response, + u8 *master_key) +{ + static const u8 magic1[27] = { + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, + 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d, + 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79 + }; + const unsigned char *addr[3]; + const size_t len[3] = { 16, 24, sizeof(magic1) }; + u8 hash[SHA1_MAC_LEN]; + + addr[0] = password_hash_hash; + addr[1] = nt_response; + addr[2] = magic1; + + sha1_vector(3, addr, len, hash); + os_memcpy(master_key, hash, 16); +} + + +/** + * get_asymetric_start_key - GetAsymetricStartKey() - RFC 3079, Sect. 3.4 + * @master_key: 16-octet MasterKey (IN) + * @session_key: 8-to-16 octet SessionKey (OUT) + * @session_key_len: SessionKeyLength (Length of session_key) (IN) + * @is_send: IsSend (IN, BOOLEAN) + * @is_server: IsServer (IN, BOOLEAN) + */ +void get_asymetric_start_key(const u8 *master_key, u8 *session_key, + size_t session_key_len, int is_send, + int is_server) +{ + static const u8 magic2[84] = { + 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, + 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, + 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, + 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79, + 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, + 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65, + 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, + 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, + 0x6b, 0x65, 0x79, 0x2e + }; + static const u8 magic3[84] = { + 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, + 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, + 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, + 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, + 0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, + 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, + 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, + 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, + 0x6b, 0x65, 0x79, 0x2e + }; + static const u8 shs_pad1[40] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + }; + + static const u8 shs_pad2[40] = { + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2 + }; + u8 digest[SHA1_MAC_LEN]; + const unsigned char *addr[4]; + const size_t len[4] = { 16, 40, 84, 40 }; + + addr[0] = master_key; + addr[1] = shs_pad1; + if (is_send) { + addr[2] = is_server ? magic3 : magic2; + } else { + addr[2] = is_server ? magic2 : magic3; + } + addr[3] = shs_pad2; + + sha1_vector(4, addr, len, digest); + + if (session_key_len > SHA1_MAC_LEN) + session_key_len = SHA1_MAC_LEN; + os_memcpy(session_key, digest, session_key_len); +} + + +#define PWBLOCK_LEN 516 + +/** + * encrypt_pw_block_with_password_hash - EncryptPwBlockWithPasswordHash() - RFC 2759, Sect. 8.10 + * @password: 0-to-256-unicode-char Password (IN; ASCII) + * @password_len: Length of password + * @password_hash: 16-octet PasswordHash (IN) + * @pw_block: 516-byte PwBlock (OUT) + */ +static void encrypt_pw_block_with_password_hash( + const u8 *password, size_t password_len, + const u8 *password_hash, u8 *pw_block) +{ + size_t i, offset; + u8 *pos; + + if (password_len > 256) + return; + + os_memset(pw_block, 0, PWBLOCK_LEN); + offset = (256 - password_len) * 2; + os_get_random(pw_block, offset); + for (i = 0; i < password_len; i++) + pw_block[offset + i * 2] = password[i]; + /* + * PasswordLength is 4 octets, but since the maximum password length is + * 256, only first two (in little endian byte order) can be non-zero. + */ + pos = &pw_block[2 * 256]; + WPA_PUT_LE16(pos, password_len * 2); + rc4(pw_block, PWBLOCK_LEN, password_hash, 16); +} + + +/** + * new_password_encrypted_with_old_nt_password_hash - NewPasswordEncryptedWithOldNtPasswordHash() - RFC 2759, Sect. 8.9 + * @new_password: 0-to-256-unicode-char NewPassword (IN; ASCII) + * @new_password_len: Length of new_password + * @old_password: 0-to-256-unicode-char OldPassword (IN; ASCII) + * @old_password_len: Length of old_password + * @encrypted_pw_block: 516-octet EncryptedPwBlock (OUT) + */ +void new_password_encrypted_with_old_nt_password_hash( + const u8 *new_password, size_t new_password_len, + const u8 *old_password, size_t old_password_len, + u8 *encrypted_pw_block) +{ + u8 password_hash[16]; + + nt_password_hash(old_password, old_password_len, password_hash); + encrypt_pw_block_with_password_hash(new_password, new_password_len, + password_hash, encrypted_pw_block); +} + + +/** + * nt_password_hash_encrypted_with_block - NtPasswordHashEncryptedWithBlock() - RFC 2759, Sect 8.13 + * @password_hash: 16-octer PasswordHash (IN) + * @block: 16-octet Block (IN) + * @cypher: 16-octer Cypher (OUT) + */ +static void nt_password_hash_encrypted_with_block(const u8 *password_hash, + const u8 *block, + u8 *cypher) +{ + des_encrypt(password_hash, block, cypher); + des_encrypt(password_hash + 8, block + 7, cypher + 8); +} + + +/** + * old_nt_password_hash_encrypted_with_new_nt_password_hash - OldNtPasswordHashEncryptedWithNewNtPasswordHash() - RFC 2759, Sect. 8.12 + * @new_password: 0-to-256-unicode-char NewPassword (IN; ASCII) + * @new_password_len: Length of new_password + * @old_password: 0-to-256-unicode-char OldPassword (IN; ASCII) + * @old_password_len: Length of old_password + * @encrypted_password_ash: 16-octet EncryptedPasswordHash (OUT) + */ +void old_nt_password_hash_encrypted_with_new_nt_password_hash( + const u8 *new_password, size_t new_password_len, + const u8 *old_password, size_t old_password_len, + u8 *encrypted_password_hash) +{ + u8 old_password_hash[16], new_password_hash[16]; + + nt_password_hash(old_password, old_password_len, old_password_hash); + nt_password_hash(new_password, new_password_len, new_password_hash); + nt_password_hash_encrypted_with_block(old_password_hash, + new_password_hash, + encrypted_password_hash); +} diff --git a/contrib/hostapd-0.5.8/ms_funcs.h b/contrib/hostapd-0.5.8/ms_funcs.h new file mode 100644 index 0000000000..8067c09721 --- /dev/null +++ b/contrib/hostapd-0.5.8/ms_funcs.h @@ -0,0 +1,59 @@ +/* + * WPA Supplicant / shared MSCHAPV2 helper functions / RFC 2433 / RFC 2759 + * Copyright (c) 2004-2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef MS_FUNCS_H +#define MS_FUNCS_H + +void generate_nt_response(const u8 *auth_challenge, const u8 *peer_challenge, + const u8 *username, size_t username_len, + const u8 *password, size_t password_len, + u8 *response); +void generate_nt_response_pwhash(const u8 *auth_challenge, + const u8 *peer_challenge, + const u8 *username, size_t username_len, + const u8 *password_hash, + u8 *response); +void generate_authenticator_response(const u8 *password, size_t password_len, + const u8 *peer_challenge, + const u8 *auth_challenge, + const u8 *username, size_t username_len, + const u8 *nt_response, u8 *response); +void generate_authenticator_response_pwhash( + const u8 *password_hash, + const u8 *peer_challenge, const u8 *auth_challenge, + const u8 *username, size_t username_len, + const u8 *nt_response, u8 *response); +void nt_challenge_response(const u8 *challenge, const u8 *password, + size_t password_len, u8 *response); + +void challenge_response(const u8 *challenge, const u8 *password_hash, + u8 *response); +void nt_password_hash(const u8 *password, size_t password_len, + u8 *password_hash); +void hash_nt_password_hash(const u8 *password_hash, u8 *password_hash_hash); +void get_master_key(const u8 *password_hash_hash, const u8 *nt_response, + u8 *master_key); +void get_asymetric_start_key(const u8 *master_key, u8 *session_key, + size_t session_key_len, int is_send, + int is_server); +void new_password_encrypted_with_old_nt_password_hash( + const u8 *new_password, size_t new_password_len, + const u8 *old_password, size_t old_password_len, + u8 *encrypted_pw_block); +void old_nt_password_hash_encrypted_with_new_nt_password_hash( + const u8 *new_password, size_t new_password_len, + const u8 *old_password, size_t old_password_len, + u8 *encrypted_password_hash); + +#endif /* MS_FUNCS_H */ diff --git a/contrib/hostapd-0.5.8/os.h b/contrib/hostapd-0.5.8/os.h new file mode 100644 index 0000000000..4931adb2b8 --- /dev/null +++ b/contrib/hostapd-0.5.8/os.h @@ -0,0 +1,485 @@ +/* + * wpa_supplicant/hostapd / OS specific functions + * Copyright (c) 2005-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef OS_H +#define OS_H + +typedef long os_time_t; + +/** + * os_sleep - Sleep (sec, usec) + * @sec: Number of seconds to sleep + * @usec: Number of microseconds to sleep + */ +void os_sleep(os_time_t sec, os_time_t usec); + +struct os_time { + os_time_t sec; + os_time_t usec; +}; + +/** + * os_get_time - Get current time (sec, usec) + * @t: Pointer to buffer for the time + * Returns: 0 on success, -1 on failure + */ +int os_get_time(struct os_time *t); + + +/* Helper macros for handling struct os_time */ + +#define os_time_before(a, b) \ + ((a)->sec < (b)->sec || \ + ((a)->sec == (b)->sec && (a)->usec < (b)->usec)) + +#define os_time_sub(a, b, res) do { \ + (res)->sec = (a)->sec - (b)->sec; \ + (res)->usec = (a)->usec - (b)->usec; \ + if ((res)->usec < 0) { \ + (res)->sec--; \ + (res)->usec += 1000000; \ + } \ +} while (0) + +/** + * os_mktime - Convert broken-down time into seconds since 1970-01-01 + * @year: Four digit year + * @month: Month (1 .. 12) + * @day: Day of month (1 .. 31) + * @hour: Hour (0 .. 23) + * @min: Minute (0 .. 59) + * @sec: Second (0 .. 60) + * @t: Buffer for returning calendar time representation (seconds since + * 1970-01-01 00:00:00) + * Returns: 0 on success, -1 on failure + */ +int os_mktime(int year, int month, int day, int hour, int min, int sec, + os_time_t *t); + + +/** + * os_daemonize - Run in the background (detach from the controlling terminal) + * @pid_file: File name to write the process ID to or %NULL to skip this + * Returns: 0 on success, -1 on failure + */ +int os_daemonize(const char *pid_file); + +/** + * os_daemonize_terminate - Stop running in the background (remove pid file) + * @pid_file: File name to write the process ID to or %NULL to skip this + */ +void os_daemonize_terminate(const char *pid_file); + +/** + * os_get_random - Get cryptographically strong pseudo random data + * @buf: Buffer for pseudo random data + * @len: Length of the buffer + * Returns: 0 on success, -1 on failure + */ +int os_get_random(unsigned char *buf, size_t len); + +/** + * os_random - Get pseudo random value (not necessarily very strong) + * Returns: Pseudo random value + */ +unsigned long os_random(void); + +/** + * os_rel2abs_path - Get an absolute path for a file + * @rel_path: Relative path to a file + * Returns: Absolute path for the file or %NULL on failure + * + * This function tries to convert a relative path of a file to an absolute path + * in order for the file to be found even if current working directory has + * changed. The returned value is allocated and caller is responsible for + * freeing it. It is acceptable to just return the same path in an allocated + * buffer, e.g., return strdup(rel_path). This function is only used to find + * configuration files when os_daemonize() may have changed the current working + * directory and relative path would be pointing to a different location. + */ +char * os_rel2abs_path(const char *rel_path); + +/** + * os_program_init - Program initialization (called at start) + * Returns: 0 on success, -1 on failure + * + * This function is called when a programs starts. If there are any OS specific + * processing that is needed, it can be placed here. It is also acceptable to + * just return 0 if not special processing is needed. + */ +int os_program_init(void); + +/** + * os_program_deinit - Program deinitialization (called just before exit) + * + * This function is called just before a program exists. If there are any OS + * specific processing, e.g., freeing resourced allocated in os_program_init(), + * it should be done here. It is also acceptable for this function to do + * nothing. + */ +void os_program_deinit(void); + +/** + * os_setenv - Set environment variable + * @name: Name of the variable + * @value: Value to set to the variable + * @overwrite: Whether existing variable should be overwritten + * Returns: 0 on success, -1 on error + * + * This function is only used for wpa_cli action scripts. OS wrapper does not + * need to implement this if such functionality is not needed. + */ +int os_setenv(const char *name, const char *value, int overwrite); + +/** + * os_unsetenv - Delete environent variable + * @name: Name of the variable + * Returns: 0 on success, -1 on error + * + * This function is only used for wpa_cli action scripts. OS wrapper does not + * need to implement this if such functionality is not needed. + */ +int os_unsetenv(const char *name); + +/** + * os_readfile - Read a file to an allocated memory buffer + * @name: Name of the file to read + * @len: For returning the length of the allocated buffer + * Returns: Pointer to the allocated buffer or %NULL on failure + * + * This function allocates memory and reads the given file to this buffer. Both + * binary and text files can be read with this function. The caller is + * responsible for freeing the returned buffer with os_free(). + */ +char * os_readfile(const char *name, size_t *len); + +/** + * os_zalloc - Allocate and zero memory + * @size: Number of bytes to allocate + * Returns: Pointer to allocated and zeroed memory or %NULL on failure + * + * Caller is responsible for freeing the returned buffer with os_free(). + */ +void * os_zalloc(size_t size); + + +/* + * The following functions are wrapper for standard ANSI C or POSIX functions. + * By default, they are just defined to use the standard function name and no + * os_*.c implementation is needed for them. This avoids extra function calls + * by allowing the C pre-processor take care of the function name mapping. + * + * If the target system uses a C library that does not provide these functions, + * build_config.h can be used to define the wrappers to use a different + * function name. This can be done on function-by-function basis since the + * defines here are only used if build_config.h does not define the os_* name. + * If needed, os_*.c file can be used to implement the functions that are not + * included in the C library on the target system. Alternatively, + * OS_NO_C_LIB_DEFINES can be defined to skip all defines here in which case + * these functions need to be implemented in os_*.c file for the target system. + */ + +#ifdef OS_NO_C_LIB_DEFINES + +/** + * os_malloc - Allocate dynamic memory + * @size: Size of the buffer to allocate + * Returns: Allocated buffer or %NULL on failure + * + * Caller is responsible for freeing the returned buffer with os_free(). + */ +void * os_malloc(size_t size); + +/** + * os_realloc - Re-allocate dynamic memory + * @ptr: Old buffer from os_malloc() or os_realloc() + * @size: Size of the new buffer + * Returns: Allocated buffer or %NULL on failure + * + * Caller is responsible for freeing the returned buffer with os_free(). + * If re-allocation fails, %NULL is returned and the original buffer (ptr) is + * not freed and caller is still responsible for freeing it. + */ +void * os_realloc(void *ptr, size_t size); + +/** + * os_free - Free dynamic memory + * @ptr: Old buffer from os_malloc() or os_realloc(); can be %NULL + */ +void os_free(void *ptr); + +/** + * os_memcpy - Copy memory area + * @dest: Destination + * @src: Source + * @n: Number of bytes to copy + * Returns: dest + * + * The memory areas src and dst must not overlap. os_memmove() can be used with + * overlapping memory. + */ +void * os_memcpy(void *dest, const void *src, size_t n); + +/** + * os_memmove - Copy memory area + * @dest: Destination + * @src: Source + * @n: Number of bytes to copy + * Returns: dest + * + * The memory areas src and dst may overlap. + */ +void * os_memmove(void *dest, const void *src, size_t n); + +/** + * os_memset - Fill memory with a constant byte + * @s: Memory area to be filled + * @c: Constant byte + * @n: Number of bytes started from s to fill with c + * Returns: s + */ +void * os_memset(void *s, int c, size_t n); + +/** + * os_memcmp - Compare memory areas + * @s1: First buffer + * @s2: Second buffer + * @n: Maximum numbers of octets to compare + * Returns: An integer less than, equal to, or greater than zero if s1 is + * found to be less than, to match, or be greater than s2. Only first n + * characters will be compared. + */ +int os_memcmp(const void *s1, const void *s2, size_t n); + +/** + * os_strdup - Duplicate a string + * @s: Source string + * Returns: Allocated buffer with the string copied into it or %NULL on failure + * + * Caller is responsible for freeing the returned buffer with os_free(). + */ +char * os_strdup(const char *s); + +/** + * os_strlen - Calculate the length of a string + * @s: '\0' terminated string + * Returns: Number of characters in s (not counting the '\0' terminator) + */ +size_t os_strlen(const char *s); + +/** + * os_strcasecmp - Compare two strings ignoring case + * @s1: First string + * @s2: Second string + * Returns: An integer less than, equal to, or greater than zero if s1 is + * found to be less than, to match, or be greatred than s2 + */ +int os_strcasecmp(const char *s1, const char *s2); + +/** + * os_strncasecmp - Compare two strings ignoring case + * @s1: First string + * @s2: Second string + * @n: Maximum numbers of characters to compare + * Returns: An integer less than, equal to, or greater than zero if s1 is + * found to be less than, to match, or be greater than s2. Only first n + * characters will be compared. + */ +int os_strncasecmp(const char *s1, const char *s2, size_t n); + +/** + * os_strchr - Locate the first occurrence of a character in string + * @s: String + * @c: Character to search for + * Returns: Pointer to the matched character or %NULL if not found + */ +char * os_strchr(const char *s, int c); + +/** + * os_strrchr - Locate the last occurrence of a character in string + * @s: String + * @c: Character to search for + * Returns: Pointer to the matched character or %NULL if not found + */ +char * os_strrchr(const char *s, int c); + +/** + * os_strcmp - Compare two strings + * @s1: First string + * @s2: Second string + * Returns: An integer less than, equal to, or greater than zero if s1 is + * found to be less than, to match, or be greatred than s2 + */ +int os_strcmp(const char *s1, const char *s2); + +/** + * os_strncmp - Compare two strings + * @s1: First string + * @s2: Second string + * @n: Maximum numbers of characters to compare + * Returns: An integer less than, equal to, or greater than zero if s1 is + * found to be less than, to match, or be greater than s2. Only first n + * characters will be compared. + */ +int os_strncmp(const char *s1, const char *s2, size_t n); + +/** + * os_strncpy - Copy a string + * @dest: Destination + * @src: Source + * @n: Maximum number of characters to copy + * Returns: dest + */ +char * os_strncpy(char *dest, const char *src, size_t n); + +/** + * os_strstr - Locate a substring + * @haystack: String (haystack) to search from + * @needle: Needle to search from haystack + * Returns: Pointer to the beginning of the substring or %NULL if not found + */ +char * os_strstr(const char *haystack, const char *needle); + +/** + * os_snprintf - Print to a memory buffer + * @str: Memory buffer to print into + * @size: Maximum length of the str buffer + * @format: printf format + * Returns: Number of characters printed (not including trailing '\0'). + * + * If the output buffer is truncated, number of characters which would have + * been written is returned. Since some C libraries return -1 in such a case, + * the caller must be prepared on that value, too, to indicate truncation. + * + * Note: Some C library implementations of snprintf() may not guarantee null + * termination in case the output is truncated. The OS wrapper function of + * os_snprintf() should provide this guarantee, i.e., to null terminate the + * output buffer if a C library version of the function is used and if that + * function does not guarantee null termination. + * + * If the target system does not include snprintf(), see, e.g., + * http://www.ijs.si/software/snprintf/ for an example of a portable + * implementation of snprintf. + */ +int os_snprintf(char *str, size_t size, const char *format, ...); + +#else /* OS_NO_C_LIB_DEFINES */ + +#ifndef os_malloc +#define os_malloc(s) malloc((s)) +#endif +#ifndef os_realloc +#define os_realloc(p, s) realloc((p), (s)) +#endif +#ifndef os_free +#define os_free(p) free((p)) +#endif + +#ifndef os_memcpy +#define os_memcpy(d, s, n) memcpy((d), (s), (n)) +#endif +#ifndef os_memmove +#define os_memmove(d, s, n) memmove((d), (s), (n)) +#endif +#ifndef os_memset +#define os_memset(s, c, n) memset(s, c, n) +#endif +#ifndef os_memcmp +#define os_memcmp(s1, s2, n) memcmp((s1), (s2), (n)) +#endif + +#ifndef os_strdup +#ifdef _MSC_VER +#define os_strdup(s) _strdup(s) +#else +#define os_strdup(s) strdup(s) +#endif +#endif +#ifndef os_strlen +#define os_strlen(s) strlen(s) +#endif +#ifndef os_strcasecmp +#ifdef _MSC_VER +#define os_strcasecmp(s1, s2) _stricmp((s1), (s2)) +#else +#define os_strcasecmp(s1, s2) strcasecmp((s1), (s2)) +#endif +#endif +#ifndef os_strncasecmp +#ifdef _MSC_VER +#define os_strncasecmp(s1, s2, n) _strnicmp((s1), (s2), (n)) +#else +#define os_strncasecmp(s1, s2, n) strncasecmp((s1), (s2), (n)) +#endif +#endif +#ifndef os_strchr +#define os_strchr(s, c) strchr((s), (c)) +#endif +#ifndef os_strcmp +#define os_strcmp(s1, s2) strcmp((s1), (s2)) +#endif +#ifndef os_strncmp +#define os_strncmp(s1, s2, n) strncmp((s1), (s2), (n)) +#endif +#ifndef os_strncpy +#define os_strncpy(d, s, n) strncpy((d), (s), (n)) +#endif +#ifndef os_strrchr +#define os_strrchr(s, c) strrchr((s), (c)) +#endif +#ifndef os_strstr +#define os_strstr(h, n) strstr((h), (n)) +#endif + +#ifndef os_snprintf +#ifdef _MSC_VER +#define os_snprintf _snprintf +#else +#define os_snprintf snprintf +#endif +#endif + +#endif /* OS_NO_C_LIB_DEFINES */ + + +#ifdef OS_REJECT_C_LIB_FUNCTIONS +#define malloc OS_DO_NOT_USE_malloc +#define realloc OS_DO_NOT_USE_realloc +#define free OS_DO_NOT_USE_free +#define memcpy OS_DO_NOT_USE_memcpy +#define memmove OS_DO_NOT_USE_memmove +#define memset OS_DO_NOT_USE_memset +#define memcmp OS_DO_NOT_USE_memcmp +#undef strdup +#define strdup OS_DO_NOT_USE_strdup +#define strlen OS_DO_NOT_USE_strlen +#define strcasecmp OS_DO_NOT_USE_strcasecmp +#define strncasecmp OS_DO_NOT_USE_strncasecmp +#undef strchr +#define strchr OS_DO_NOT_USE_strchr +#undef strcmp +#define strcmp OS_DO_NOT_USE_strcmp +#undef strncmp +#define strncmp OS_DO_NOT_USE_strncmp +#undef strncpy +#define strncpy OS_DO_NOT_USE_strncpy +#define strrchr OS_DO_NOT_USE_strrchr +#define strstr OS_DO_NOT_USE_strstr +#undef snprintf +#define snprintf OS_DO_NOT_USE_snprintf + +#define strcpy OS_DO_NOT_USE_strcpy +#endif /* OS_REJECT_C_LIB_FUNCTIONS */ + +#endif /* OS_H */ diff --git a/contrib/hostapd-0.5.8/os_internal.c b/contrib/hostapd-0.5.8/os_internal.c new file mode 100644 index 0000000000..b2183ea38f --- /dev/null +++ b/contrib/hostapd-0.5.8/os_internal.c @@ -0,0 +1,441 @@ +/* + * wpa_supplicant/hostapd / Internal implementation of OS specific functions + * Copyright (c) 2005-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + * + * This file is an example of operating system specific wrapper functions. + * This version implements many of the functions internally, so it can be used + * to fill in missing functions from the target system C libraries. + * + * Some of the functions are using standard C library calls in order to keep + * this file in working condition to allow the functions to be tested on a + * Linux target. Please note that OS_NO_C_LIB_DEFINES needs to be defined for + * this file to work correctly. Note that these implementations are only + * examples and are not optimized for speed. + */ + +#include "includes.h" + +#undef OS_REJECT_C_LIB_FUNCTIONS +#include "os.h" + +void os_sleep(os_time_t sec, os_time_t usec) +{ + if (sec) + sleep(sec); + if (usec) + usleep(usec); +} + + +int os_get_time(struct os_time *t) +{ + int res; + struct timeval tv; + res = gettimeofday(&tv, NULL); + t->sec = tv.tv_sec; + t->usec = tv.tv_usec; + return res; +} + + +int os_mktime(int year, int month, int day, int hour, int min, int sec, + os_time_t *t) +{ + struct tm tm; + + if (year < 1970 || month < 1 || month > 12 || day < 1 || day > 31 || + hour < 0 || hour > 23 || min < 0 || min > 59 || sec < 0 || + sec > 60) + return -1; + + os_memset(&tm, 0, sizeof(tm)); + tm.tm_year = year - 1900; + tm.tm_mon = month - 1; + tm.tm_mday = day; + tm.tm_hour = hour; + tm.tm_min = min; + tm.tm_sec = sec; + + *t = (os_time_t) mktime(&tm); + return 0; +} + + +int os_daemonize(const char *pid_file) +{ + if (daemon(0, 0)) { + perror("daemon"); + return -1; + } + + if (pid_file) { + FILE *f = fopen(pid_file, "w"); + if (f) { + fprintf(f, "%u\n", getpid()); + fclose(f); + } + } + + return -0; +} + + +void os_daemonize_terminate(const char *pid_file) +{ + if (pid_file) + unlink(pid_file); +} + + +int os_get_random(unsigned char *buf, size_t len) +{ + FILE *f; + size_t rc; + + f = fopen("/dev/urandom", "rb"); + if (f == NULL) { + printf("Could not open /dev/urandom.\n"); + return -1; + } + + rc = fread(buf, 1, len, f); + fclose(f); + + return rc != len ? -1 : 0; +} + + +unsigned long os_random(void) +{ + return random(); +} + + +char * os_rel2abs_path(const char *rel_path) +{ + char *buf = NULL, *cwd, *ret; + size_t len = 128, cwd_len, rel_len, ret_len; + + if (rel_path[0] == '/') + return os_strdup(rel_path); + + for (;;) { + buf = os_malloc(len); + if (buf == NULL) + return NULL; + cwd = getcwd(buf, len); + if (cwd == NULL) { + os_free(buf); + if (errno != ERANGE) { + return NULL; + } + len *= 2; + } else { + break; + } + } + + cwd_len = strlen(cwd); + rel_len = strlen(rel_path); + ret_len = cwd_len + 1 + rel_len + 1; + ret = os_malloc(ret_len); + if (ret) { + os_memcpy(ret, cwd, cwd_len); + ret[cwd_len] = '/'; + os_memcpy(ret + cwd_len + 1, rel_path, rel_len); + ret[ret_len - 1] = '\0'; + } + os_free(buf); + return ret; +} + + +int os_program_init(void) +{ + return 0; +} + + +void os_program_deinit(void) +{ +} + + +int os_setenv(const char *name, const char *value, int overwrite) +{ + return setenv(name, value, overwrite); +} + + +int os_unsetenv(const char *name) +{ +#if defined(__FreeBSD__) || defined(__NetBSD__) + unsetenv(name); + return 0; +#else + return unsetenv(name); +#endif +} + + +char * os_readfile(const char *name, size_t *len) +{ + FILE *f; + char *buf; + + f = fopen(name, "rb"); + if (f == NULL) + return NULL; + + fseek(f, 0, SEEK_END); + *len = ftell(f); + fseek(f, 0, SEEK_SET); + + buf = os_malloc(*len); + if (buf == NULL) { + fclose(f); + return NULL; + } + + fread(buf, 1, *len, f); + fclose(f); + + return buf; +} + + +void * os_zalloc(size_t size) +{ + void *n = os_malloc(size); + if (n) + os_memset(n, 0, size); + return n; +} + + +void * os_malloc(size_t size) +{ + return malloc(size); +} + + +void * os_realloc(void *ptr, size_t size) +{ + return realloc(ptr, size); +} + + +void os_free(void *ptr) +{ + free(ptr); +} + + +void * os_memcpy(void *dest, const void *src, size_t n) +{ + char *d = dest; + const char *s = src; + while (n--) + *d++ = *s++; + return dest; +} + + +void * os_memmove(void *dest, const void *src, size_t n) +{ + if (dest < src) + os_memcpy(dest, src, n); + else { + /* overlapping areas */ + char *d = (char *) dest + n; + const char *s = (const char *) src + n; + while (n--) + *--d = *--s; + } + return dest; +} + + +void * os_memset(void *s, int c, size_t n) +{ + char *p = s; + while (n--) + *p++ = c; + return s; +} + + +int os_memcmp(const void *s1, const void *s2, size_t n) +{ + const unsigned char *p1 = s1, *p2 = s2; + + if (n == 0) + return 0; + + while (*p1 == *p2) { + p1++; + p2++; + n--; + if (n == 0) + return 0; + } + + return *p1 - *p2; +} + + +char * os_strdup(const char *s) +{ + char *res; + size_t len; + if (s == NULL) + return NULL; + len = os_strlen(s); + res = os_malloc(len + 1); + if (res) + os_memcpy(res, s, len + 1); + return res; +} + + +size_t os_strlen(const char *s) +{ + const char *p = s; + while (*p) + p++; + return p - s; +} + + +int os_strcasecmp(const char *s1, const char *s2) +{ + /* + * Ignoring case is not required for main functionality, so just use + * the case sensitive version of the function. + */ + return os_strcmp(s1, s2); +} + + +int os_strncasecmp(const char *s1, const char *s2, size_t n) +{ + /* + * Ignoring case is not required for main functionality, so just use + * the case sensitive version of the function. + */ + return os_strncmp(s1, s2, n); +} + + +char * os_strchr(const char *s, int c) +{ + while (*s) { + if (*s == c) + return (char *) s; + s++; + } + return NULL; +} + + +char * os_strrchr(const char *s, int c) +{ + const char *p = s; + while (*p) + p++; + p--; + while (p >= s) { + if (*p == c) + return (char *) p; + p--; + } + return NULL; +} + + +int os_strcmp(const char *s1, const char *s2) +{ + while (*s1 == *s2) { + if (*s1 == '\0') + break; + s1++; + s2++; + } + + return *s1 - *s2; +} + + +int os_strncmp(const char *s1, const char *s2, size_t n) +{ + if (n == 0) + return 0; + + while (*s1 == *s2) { + if (*s1 == '\0') + break; + s1++; + s2++; + n--; + if (n == 0) + return 0; + } + + return *s1 - *s2; +} + + +char * os_strncpy(char *dest, const char *src, size_t n) +{ + char *d = dest; + + while (n--) { + *d = *src; + if (*src == '\0') + break; + d++; + src++; + } + + return dest; +} + + +char * os_strstr(const char *haystack, const char *needle) +{ + size_t len = os_strlen(needle); + while (*haystack) { + if (os_strncmp(haystack, needle, len) == 0) + return (char *) haystack; + haystack++; + } + + return NULL; +} + + +int os_snprintf(char *str, size_t size, const char *format, ...) +{ + va_list ap; + int ret; + + /* See http://www.ijs.si/software/snprintf/ for portable + * implementation of snprintf. + */ + + va_start(ap, format); + ret = vsnprintf(str, size, format, ap); + va_end(ap); + if (size > 0) + str[size - 1] = '\0'; + return ret; +} diff --git a/contrib/hostapd-0.5.8/os_none.c b/contrib/hostapd-0.5.8/os_none.c new file mode 100644 index 0000000000..7404e2293a --- /dev/null +++ b/contrib/hostapd-0.5.8/os_none.c @@ -0,0 +1,220 @@ +/* + * wpa_supplicant/hostapd / Empty OS specific functions + * Copyright (c) 2005-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + * + * This file can be used as a starting point when adding a new OS target. The + * functions here do not really work as-is since they are just empty or only + * return an error value. os_internal.c can be used as another starting point + * or reference since it has example implementation of many of these functions. + */ + +#include "includes.h" + +#include "os.h" + +void os_sleep(os_time_t sec, os_time_t usec) +{ +} + + +int os_get_time(struct os_time *t) +{ + return -1; +} + + +int os_mktime(int year, int month, int day, int hour, int min, int sec, + os_time_t *t) +{ + return -1; +} + + +int os_daemonize(const char *pid_file) +{ + return -1; +} + + +void os_daemonize_terminate(const char *pid_file) +{ +} + + +int os_get_random(unsigned char *buf, size_t len) +{ + return -1; +} + + +unsigned long os_random(void) +{ + return 0; +} + + +char * os_rel2abs_path(const char *rel_path) +{ + return NULL; /* strdup(rel_path) can be used here */ +} + + +int os_program_init(void) +{ + return 0; +} + + +void os_program_deinit(void) +{ +} + + +int os_setenv(const char *name, const char *value, int overwrite) +{ + return -1; +} + + +int os_unsetenv(const char *name) +{ + return -1; +} + + +char * os_readfile(const char *name, size_t *len) +{ + return NULL; +} + + +void * os_zalloc(size_t size) +{ + return NULL; +} + + +#ifdef OS_NO_C_LIB_DEFINES +void * os_malloc(size_t size) +{ + return NULL; +} + + +void * os_realloc(void *ptr, size_t size) +{ + return NULL; +} + + +void os_free(void *ptr) +{ +} + + +void * os_memcpy(void *dest, const void *src, size_t n) +{ + return dest; +} + + +void * os_memmove(void *dest, const void *src, size_t n) +{ + return dest; +} + + +void * os_memset(void *s, int c, size_t n) +{ + return s; +} + + +int os_memcmp(const void *s1, const void *s2, size_t n) +{ + return 0; +} + + +char * os_strdup(const char *s) +{ + return NULL; +} + + +size_t os_strlen(const char *s) +{ + return 0; +} + + +int os_strcasecmp(const char *s1, const char *s2) +{ + /* + * Ignoring case is not required for main functionality, so just use + * the case sensitive version of the function. + */ + return os_strcmp(s1, s2); +} + + +int os_strncasecmp(const char *s1, const char *s2, size_t n) +{ + /* + * Ignoring case is not required for main functionality, so just use + * the case sensitive version of the function. + */ + return os_strncmp(s1, s2, n); +} + + +char * os_strchr(const char *s, int c) +{ + return NULL; +} + + +char * os_strrchr(const char *s, int c) +{ + return NULL; +} + + +int os_strcmp(const char *s1, const char *s2) +{ + return 0; +} + + +int os_strncmp(const char *s1, const char *s2, size_t n) +{ + return 0; +} + + +char * os_strncpy(char *dest, const char *src, size_t n) +{ + return dest; +} + + +char * os_strstr(const char *haystack, const char *needle) +{ + return NULL; +} + + +int os_snprintf(char *str, size_t size, const char *format, ...) +{ + return 0; +} +#endif /* OS_NO_C_LIB_DEFINES */ diff --git a/contrib/hostapd-0.5.8/os_unix.c b/contrib/hostapd-0.5.8/os_unix.c new file mode 100644 index 0000000000..fb8149a7f3 --- /dev/null +++ b/contrib/hostapd-0.5.8/os_unix.c @@ -0,0 +1,212 @@ +/* + * wpa_supplicant/hostapd / OS specific functions for UNIX/POSIX systems + * Copyright (c) 2005-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "os.h" + +void os_sleep(os_time_t sec, os_time_t usec) +{ + if (sec) + sleep(sec); + if (usec) + usleep(usec); +} + + +int os_get_time(struct os_time *t) +{ + int res; + struct timeval tv; + res = gettimeofday(&tv, NULL); + t->sec = tv.tv_sec; + t->usec = tv.tv_usec; + return res; +} + + +int os_mktime(int year, int month, int day, int hour, int min, int sec, + os_time_t *t) +{ + struct tm tm; + + if (year < 1970 || month < 1 || month > 12 || day < 1 || day > 31 || + hour < 0 || hour > 23 || min < 0 || min > 59 || sec < 0 || + sec > 60) + return -1; + + memset(&tm, 0, sizeof(tm)); + tm.tm_year = year - 1900; + tm.tm_mon = month - 1; + tm.tm_mday = day; + tm.tm_hour = hour; + tm.tm_min = min; + tm.tm_sec = sec; + + *t = (os_time_t) mktime(&tm); + return 0; +} + + +int os_daemonize(const char *pid_file) +{ + if (daemon(0, 0)) { + perror("daemon"); + return -1; + } + + if (pid_file) { + FILE *f = fopen(pid_file, "w"); + if (f) { + fprintf(f, "%u\n", getpid()); + fclose(f); + } + } + + return -0; +} + + +void os_daemonize_terminate(const char *pid_file) +{ + if (pid_file) + unlink(pid_file); +} + + +int os_get_random(unsigned char *buf, size_t len) +{ + FILE *f; + size_t rc; + + f = fopen("/dev/urandom", "rb"); + if (f == NULL) { + printf("Could not open /dev/urandom.\n"); + return -1; + } + + rc = fread(buf, 1, len, f); + fclose(f); + + return rc != len ? -1 : 0; +} + + +unsigned long os_random(void) +{ + return random(); +} + + +char * os_rel2abs_path(const char *rel_path) +{ + char *buf = NULL, *cwd, *ret; + size_t len = 128, cwd_len, rel_len, ret_len; + int last_errno; + + if (rel_path[0] == '/') + return strdup(rel_path); + + for (;;) { + buf = malloc(len); + if (buf == NULL) + return NULL; + cwd = getcwd(buf, len); + if (cwd == NULL) { + last_errno = errno; + free(buf); + if (last_errno != ERANGE) + return NULL; + len *= 2; + if (len > 2000) + return NULL; + } else { + buf[len - 1] = '\0'; + break; + } + } + + cwd_len = strlen(cwd); + rel_len = strlen(rel_path); + ret_len = cwd_len + 1 + rel_len + 1; + ret = malloc(ret_len); + if (ret) { + memcpy(ret, cwd, cwd_len); + ret[cwd_len] = '/'; + memcpy(ret + cwd_len + 1, rel_path, rel_len); + ret[ret_len - 1] = '\0'; + } + free(buf); + return ret; +} + + +int os_program_init(void) +{ + return 0; +} + + +void os_program_deinit(void) +{ +} + + +int os_setenv(const char *name, const char *value, int overwrite) +{ + return setenv(name, value, overwrite); +} + + +int os_unsetenv(const char *name) +{ +#if defined(__FreeBSD__) || defined(__NetBSD__) + unsetenv(name); + return 0; +#else + return unsetenv(name); +#endif +} + + +char * os_readfile(const char *name, size_t *len) +{ + FILE *f; + char *buf; + + f = fopen(name, "rb"); + if (f == NULL) + return NULL; + + fseek(f, 0, SEEK_END); + *len = ftell(f); + fseek(f, 0, SEEK_SET); + + buf = malloc(*len); + if (buf == NULL) { + fclose(f); + return NULL; + } + + fread(buf, 1, *len, f); + fclose(f); + + return buf; +} + + +void * os_zalloc(size_t size) +{ + return calloc(1, size); +} diff --git a/contrib/hostapd-0.5.8/pmksa_cache.c b/contrib/hostapd-0.5.8/pmksa_cache.c new file mode 100644 index 0000000000..0cb85233c8 --- /dev/null +++ b/contrib/hostapd-0.5.8/pmksa_cache.c @@ -0,0 +1,366 @@ +/* + * hostapd - PMKSA cache for IEEE 802.11i RSN + * Copyright (c) 2004-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "hostapd.h" +#include "common.h" +#include "wpa.h" +#include "eloop.h" +#include "sha1.h" +#include "ieee802_1x.h" +#include "eapol_sm.h" +#include "pmksa_cache.h" + + +static const int pmksa_cache_max_entries = 1024; +static const int dot11RSNAConfigPMKLifetime = 43200; + +struct rsn_pmksa_cache { +#define PMKID_HASH_SIZE 128 +#define PMKID_HASH(pmkid) (unsigned int) ((pmkid)[0] & 0x7f) + struct rsn_pmksa_cache_entry *pmkid[PMKID_HASH_SIZE]; + struct rsn_pmksa_cache_entry *pmksa; + int pmksa_count; + + void (*free_cb)(struct rsn_pmksa_cache_entry *entry, void *ctx); + void *ctx; +}; + + +/** + * rsn_pmkid - Calculate PMK identifier + * @pmk: Pairwise master key + * @pmk_len: Length of pmk in bytes + * @aa: Authenticator address + * @spa: Supplicant address + * + * IEEE Std 802.11i-2004 - 8.5.1.2 Pairwise key hierarchy + * PMKID = HMAC-SHA1-128(PMK, "PMK Name" || AA || SPA) + */ +void rsn_pmkid(const u8 *pmk, size_t pmk_len, const u8 *aa, const u8 *spa, + u8 *pmkid) +{ + char *title = "PMK Name"; + const u8 *addr[3]; + const size_t len[3] = { 8, ETH_ALEN, ETH_ALEN }; + unsigned char hash[SHA1_MAC_LEN]; + + addr[0] = (u8 *) title; + addr[1] = aa; + addr[2] = spa; + + hmac_sha1_vector(pmk, pmk_len, 3, addr, len, hash); + memcpy(pmkid, hash, PMKID_LEN); +} + + +static void pmksa_cache_set_expiration(struct rsn_pmksa_cache *pmksa); + + +static void _pmksa_cache_free_entry(struct rsn_pmksa_cache_entry *entry) +{ + if (entry == NULL) + return; + free(entry->identity); + ieee802_1x_free_radius_class(&entry->radius_class); + free(entry); +} + + +static void pmksa_cache_free_entry(struct rsn_pmksa_cache *pmksa, + struct rsn_pmksa_cache_entry *entry) +{ + struct rsn_pmksa_cache_entry *pos, *prev; + + pmksa->pmksa_count--; + pmksa->free_cb(entry, pmksa->ctx); + pos = pmksa->pmkid[PMKID_HASH(entry->pmkid)]; + prev = NULL; + while (pos) { + if (pos == entry) { + if (prev != NULL) { + prev->hnext = pos->hnext; + } else { + pmksa->pmkid[PMKID_HASH(entry->pmkid)] = + pos->hnext; + } + break; + } + prev = pos; + pos = pos->hnext; + } + + pos = pmksa->pmksa; + prev = NULL; + while (pos) { + if (pos == entry) { + if (prev != NULL) + prev->next = pos->next; + else + pmksa->pmksa = pos->next; + break; + } + prev = pos; + pos = pos->next; + } + _pmksa_cache_free_entry(entry); +} + + +static void pmksa_cache_expire(void *eloop_ctx, void *timeout_ctx) +{ + struct rsn_pmksa_cache *pmksa = eloop_ctx; + struct os_time now; + + os_get_time(&now); + while (pmksa->pmksa && pmksa->pmksa->expiration <= now.sec) { + struct rsn_pmksa_cache_entry *entry = pmksa->pmksa; + pmksa->pmksa = entry->next; + wpa_printf(MSG_DEBUG, "RSN: expired PMKSA cache entry for " + MACSTR, MAC2STR(entry->spa)); + pmksa_cache_free_entry(pmksa, entry); + } + + pmksa_cache_set_expiration(pmksa); +} + + +static void pmksa_cache_set_expiration(struct rsn_pmksa_cache *pmksa) +{ + int sec; + struct os_time now; + + eloop_cancel_timeout(pmksa_cache_expire, pmksa, NULL); + if (pmksa->pmksa == NULL) + return; + os_get_time(&now); + sec = pmksa->pmksa->expiration - now.sec; + if (sec < 0) + sec = 0; + eloop_register_timeout(sec + 1, 0, pmksa_cache_expire, pmksa, NULL); +} + + +static void pmksa_cache_from_eapol_data(struct rsn_pmksa_cache_entry *entry, + struct eapol_state_machine *eapol) +{ + if (eapol == NULL) + return; + + if (eapol->identity) { + entry->identity = malloc(eapol->identity_len); + if (entry->identity) { + entry->identity_len = eapol->identity_len; + memcpy(entry->identity, eapol->identity, + eapol->identity_len); + } + } + + ieee802_1x_copy_radius_class(&entry->radius_class, + &eapol->radius_class); + + entry->eap_type_authsrv = eapol->eap_type_authsrv; + entry->vlan_id = eapol->sta->vlan_id; +} + + +void pmksa_cache_to_eapol_data(struct rsn_pmksa_cache_entry *entry, + struct eapol_state_machine *eapol) +{ + if (entry == NULL || eapol == NULL) + return; + + if (entry->identity) { + free(eapol->identity); + eapol->identity = malloc(entry->identity_len); + if (eapol->identity) { + eapol->identity_len = entry->identity_len; + memcpy(eapol->identity, entry->identity, + entry->identity_len); + } + wpa_hexdump_ascii(MSG_DEBUG, "STA identity from PMKSA", + eapol->identity, eapol->identity_len); + } + + ieee802_1x_free_radius_class(&eapol->radius_class); + ieee802_1x_copy_radius_class(&eapol->radius_class, + &entry->radius_class); + if (eapol->radius_class.attr) { + wpa_printf(MSG_DEBUG, "Copied %lu Class attribute(s) from " + "PMKSA", (unsigned long) eapol->radius_class.count); + } + + eapol->eap_type_authsrv = entry->eap_type_authsrv; + eapol->sta->vlan_id = entry->vlan_id; +} + + +/** + * pmksa_cache_add - Add a PMKSA cache entry + * @pmksa: Pointer to PMKSA cache data from pmksa_cache_init() + * @pmk: The new pairwise master key + * @pmk_len: PMK length in bytes, usually PMK_LEN (32) + * @aa: Authenticator address + * @spa: Supplicant address + * @session_timeout: Session timeout + * @eapol: Pointer to EAPOL state machine data + * Returns: Pointer to the added PMKSA cache entry or %NULL on error + * + * This function create a PMKSA entry for a new PMK and adds it to the PMKSA + * cache. If an old entry is already in the cache for the same Supplicant, + * this entry will be replaced with the new entry. PMKID will be calculated + * based on the PMK. + */ +struct rsn_pmksa_cache_entry * +pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len, + const u8 *aa, const u8 *spa, int session_timeout, + struct eapol_state_machine *eapol) +{ + struct rsn_pmksa_cache_entry *entry, *pos, *prev; + struct os_time now; + + if (pmk_len > PMK_LEN) + return NULL; + + entry = wpa_zalloc(sizeof(*entry)); + if (entry == NULL) + return NULL; + memcpy(entry->pmk, pmk, pmk_len); + entry->pmk_len = pmk_len; + rsn_pmkid(pmk, pmk_len, aa, spa, entry->pmkid); + os_get_time(&now); + entry->expiration = now.sec; + if (session_timeout > 0) + entry->expiration += session_timeout; + else + entry->expiration += dot11RSNAConfigPMKLifetime; + entry->akmp = WPA_KEY_MGMT_IEEE8021X; + memcpy(entry->spa, spa, ETH_ALEN); + pmksa_cache_from_eapol_data(entry, eapol); + + /* Replace an old entry for the same STA (if found) with the new entry + */ + pos = pmksa_cache_get(pmksa, spa, NULL); + if (pos) + pmksa_cache_free_entry(pmksa, pos); + + if (pmksa->pmksa_count >= pmksa_cache_max_entries && pmksa->pmksa) { + /* Remove the oldest entry to make room for the new entry */ + wpa_printf(MSG_DEBUG, "RSN: removed the oldest PMKSA cache " + "entry (for " MACSTR ") to make room for new one", + MAC2STR(pmksa->pmksa->spa)); + pmksa_cache_free_entry(pmksa, pmksa->pmksa); + } + + /* Add the new entry; order by expiration time */ + pos = pmksa->pmksa; + prev = NULL; + while (pos) { + if (pos->expiration > entry->expiration) + break; + prev = pos; + pos = pos->next; + } + if (prev == NULL) { + entry->next = pmksa->pmksa; + pmksa->pmksa = entry; + } else { + entry->next = prev->next; + prev->next = entry; + } + entry->hnext = pmksa->pmkid[PMKID_HASH(entry->pmkid)]; + pmksa->pmkid[PMKID_HASH(entry->pmkid)] = entry; + + pmksa->pmksa_count++; + wpa_printf(MSG_DEBUG, "RSN: added PMKSA cache entry for " MACSTR, + MAC2STR(entry->spa)); + wpa_hexdump(MSG_DEBUG, "RSN: added PMKID", entry->pmkid, PMKID_LEN); + + return entry; +} + + +/** + * pmksa_cache_deinit - Free all entries in PMKSA cache + * @pmksa: Pointer to PMKSA cache data from pmksa_cache_init() + */ +void pmksa_cache_deinit(struct rsn_pmksa_cache *pmksa) +{ + struct rsn_pmksa_cache_entry *entry, *prev; + int i; + + if (pmksa == NULL) + return; + + entry = pmksa->pmksa; + while (entry) { + prev = entry; + entry = entry->next; + _pmksa_cache_free_entry(prev); + } + eloop_cancel_timeout(pmksa_cache_expire, pmksa, NULL); + for (i = 0; i < PMKID_HASH_SIZE; i++) + pmksa->pmkid[i] = NULL; + free(pmksa); +} + + +/** + * pmksa_cache_get - Fetch a PMKSA cache entry + * @pmksa: Pointer to PMKSA cache data from pmksa_cache_init() + * @spa: Supplicant address or %NULL to match any + * @pmkid: PMKID or %NULL to match any + * Returns: Pointer to PMKSA cache entry or %NULL if no match was found + */ +struct rsn_pmksa_cache_entry * pmksa_cache_get(struct rsn_pmksa_cache *pmksa, + const u8 *spa, const u8 *pmkid) +{ + struct rsn_pmksa_cache_entry *entry; + + if (pmkid) + entry = pmksa->pmkid[PMKID_HASH(pmkid)]; + else + entry = pmksa->pmksa; + while (entry) { + if ((spa == NULL || memcmp(entry->spa, spa, ETH_ALEN) == 0) && + (pmkid == NULL || + memcmp(entry->pmkid, pmkid, PMKID_LEN) == 0)) + return entry; + entry = pmkid ? entry->hnext : entry->next; + } + return NULL; +} + + +/** + * pmksa_cache_init - Initialize PMKSA cache + * @free_cb: Callback function to be called when a PMKSA cache entry is freed + * @ctx: Context pointer for free_cb function + * Returns: Pointer to PMKSA cache data or %NULL on failure + */ +struct rsn_pmksa_cache * +pmksa_cache_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry, + void *ctx), void *ctx) +{ + struct rsn_pmksa_cache *pmksa; + + pmksa = wpa_zalloc(sizeof(*pmksa)); + if (pmksa) { + pmksa->free_cb = free_cb; + pmksa->ctx = ctx; + } + + return pmksa; +} diff --git a/contrib/hostapd-0.5.8/pmksa_cache.h b/contrib/hostapd-0.5.8/pmksa_cache.h new file mode 100644 index 0000000000..dd9074eefa --- /dev/null +++ b/contrib/hostapd-0.5.8/pmksa_cache.h @@ -0,0 +1,54 @@ +/* + * hostapd - PMKSA cache for IEEE 802.11i RSN + * Copyright (c) 2004-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef PMKSA_CACHE_H +#define PMKSA_CACHE_H + +/** + * struct rsn_pmksa_cache_entry - PMKSA cache entry + */ +struct rsn_pmksa_cache_entry { + struct rsn_pmksa_cache_entry *next, *hnext; + u8 pmkid[PMKID_LEN]; + u8 pmk[PMK_LEN]; + size_t pmk_len; + os_time_t expiration; + int akmp; /* WPA_KEY_MGMT_* */ + u8 spa[ETH_ALEN]; + + u8 *identity; + size_t identity_len; + struct radius_class_data radius_class; + u8 eap_type_authsrv; + int vlan_id; +}; + +struct rsn_pmksa_cache; + +struct rsn_pmksa_cache * +pmksa_cache_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry, + void *ctx), void *ctx); +void pmksa_cache_deinit(struct rsn_pmksa_cache *pmksa); +struct rsn_pmksa_cache_entry * pmksa_cache_get(struct rsn_pmksa_cache *pmksa, + const u8 *spa, const u8 *pmkid); +struct rsn_pmksa_cache_entry * +pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len, + const u8 *aa, const u8 *spa, int session_timeout, + struct eapol_state_machine *eapol); +void pmksa_cache_to_eapol_data(struct rsn_pmksa_cache_entry *entry, + struct eapol_state_machine *eapol); +void rsn_pmkid(const u8 *pmk, size_t pmk_len, const u8 *aa, const u8 *spa, + u8 *pmkid); + +#endif /* PMKSA_CACHE_H */ diff --git a/contrib/hostapd-0.5.8/preauth.c b/contrib/hostapd-0.5.8/preauth.c new file mode 100644 index 0000000000..d992881534 --- /dev/null +++ b/contrib/hostapd-0.5.8/preauth.c @@ -0,0 +1,276 @@ +/* + * hostapd - Authenticator for IEEE 802.11i RSN pre-authentication + * Copyright (c) 2004-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#ifdef CONFIG_RSN_PREAUTH + +#include "hostapd.h" +#include "l2_packet.h" +#include "ieee802_1x.h" +#include "eloop.h" +#include "sta_info.h" +#include "wpa_common.h" +#include "eapol_sm.h" +#include "wpa.h" +#include "preauth.h" + +#ifndef ETH_P_PREAUTH +#define ETH_P_PREAUTH 0x88C7 /* IEEE 802.11i pre-authentication */ +#endif /* ETH_P_PREAUTH */ + +static const int dot11RSNAConfigPMKLifetime = 43200; + +struct rsn_preauth_interface { + struct rsn_preauth_interface *next; + struct hostapd_data *hapd; + struct l2_packet_data *l2; + char *ifname; + int ifindex; +}; + + +static void rsn_preauth_receive(void *ctx, const u8 *src_addr, + const u8 *buf, size_t len) +{ + struct rsn_preauth_interface *piface = ctx; + struct hostapd_data *hapd = piface->hapd; + struct ieee802_1x_hdr *hdr; + struct sta_info *sta; + struct l2_ethhdr *ethhdr; + + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "RSN: receive pre-auth packet " + "from interface '%s'\n", piface->ifname); + if (len < sizeof(*ethhdr) + sizeof(*hdr)) { + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "RSN: too short pre-auth " + "packet (len=%lu)\n", (unsigned long) len); + return; + } + + ethhdr = (struct l2_ethhdr *) buf; + hdr = (struct ieee802_1x_hdr *) (ethhdr + 1); + + if (memcmp(ethhdr->h_dest, hapd->own_addr, ETH_ALEN) != 0) { + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "RSN: pre-auth for " + "foreign address " MACSTR "\n", + MAC2STR(ethhdr->h_dest)); + return; + } + + sta = ap_get_sta(hapd, ethhdr->h_source); + if (sta && (sta->flags & WLAN_STA_ASSOC)) { + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "RSN: pre-auth for " + "already association STA " MACSTR "\n", + MAC2STR(sta->addr)); + return; + } + if (!sta && hdr->type == IEEE802_1X_TYPE_EAPOL_START) { + sta = ap_sta_add(hapd, ethhdr->h_source); + if (sta == NULL) + return; + sta->flags = WLAN_STA_PREAUTH; + + ieee802_1x_new_station(hapd, sta); + if (sta->eapol_sm == NULL) { + ap_free_sta(hapd, sta); + sta = NULL; + } else { + sta->eapol_sm->radius_identifier = -1; + sta->eapol_sm->portValid = TRUE; + sta->eapol_sm->flags |= EAPOL_SM_PREAUTH; + } + } + if (sta == NULL) + return; + sta->preauth_iface = piface; + ieee802_1x_receive(hapd, ethhdr->h_source, (u8 *) (ethhdr + 1), + len - sizeof(*ethhdr)); +} + + +static int rsn_preauth_iface_add(struct hostapd_data *hapd, const char *ifname) +{ + struct rsn_preauth_interface *piface; + + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "RSN pre-auth interface '%s'\n", + ifname); + + piface = wpa_zalloc(sizeof(*piface)); + if (piface == NULL) + return -1; + piface->hapd = hapd; + + piface->ifname = strdup(ifname); + if (piface->ifname == NULL) { + goto fail1; + } + + piface->l2 = l2_packet_init(piface->ifname, NULL, ETH_P_PREAUTH, + rsn_preauth_receive, piface, 1); + if (piface->l2 == NULL) { + printf("Failed to open register layer 2 access to " + "ETH_P_PREAUTH\n"); + goto fail2; + } + + piface->next = hapd->preauth_iface; + hapd->preauth_iface = piface; + return 0; + +fail2: + free(piface->ifname); +fail1: + free(piface); + return -1; +} + + +void rsn_preauth_iface_deinit(struct hostapd_data *hapd) +{ + struct rsn_preauth_interface *piface, *prev; + + piface = hapd->preauth_iface; + hapd->preauth_iface = NULL; + while (piface) { + prev = piface; + piface = piface->next; + l2_packet_deinit(prev->l2); + free(prev->ifname); + free(prev); + } +} + + +int rsn_preauth_iface_init(struct hostapd_data *hapd) +{ + char *tmp, *start, *end; + + if (hapd->conf->rsn_preauth_interfaces == NULL) + return 0; + + tmp = strdup(hapd->conf->rsn_preauth_interfaces); + if (tmp == NULL) + return -1; + start = tmp; + for (;;) { + while (*start == ' ') + start++; + if (*start == '\0') + break; + end = strchr(start, ' '); + if (end) + *end = '\0'; + + if (rsn_preauth_iface_add(hapd, start)) { + rsn_preauth_iface_deinit(hapd); + return -1; + } + + if (end) + start = end + 1; + else + break; + } + free(tmp); + return 0; +} + + +static void rsn_preauth_finished_cb(void *eloop_ctx, void *timeout_ctx) +{ + struct hostapd_data *hapd = eloop_ctx; + struct sta_info *sta = timeout_ctx; + wpa_printf(MSG_DEBUG, "RSN: Removing pre-authentication STA entry for " + MACSTR, MAC2STR(sta->addr)); + ap_free_sta(hapd, sta); +} + + +void rsn_preauth_finished(struct hostapd_data *hapd, struct sta_info *sta, + int success) +{ + u8 *key; + size_t len; + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_WPA, + HOSTAPD_LEVEL_INFO, "pre-authentication %s", + success ? "succeeded" : "failed"); + + key = ieee802_1x_get_key_crypt(sta->eapol_sm, &len); + if (success && key) { + if (wpa_auth_pmksa_add_preauth(hapd->wpa_auth, key, len, + sta->addr, + dot11RSNAConfigPMKLifetime, + sta->eapol_sm) == 0) { + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_WPA, + HOSTAPD_LEVEL_DEBUG, + "added PMKSA cache entry (pre-auth)"); + } else { + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_WPA, + HOSTAPD_LEVEL_DEBUG, + "failed to add PMKSA cache entry " + "(pre-auth)"); + } + } + + /* + * Finish STA entry removal from timeout in order to avoid freeing + * STA data before the caller has finished processing. + */ + eloop_register_timeout(0, 0, rsn_preauth_finished_cb, hapd, sta); +} + + +void rsn_preauth_send(struct hostapd_data *hapd, struct sta_info *sta, + u8 *buf, size_t len) +{ + struct rsn_preauth_interface *piface; + struct l2_ethhdr *ethhdr; + + piface = hapd->preauth_iface; + while (piface) { + if (piface == sta->preauth_iface) + break; + piface = piface->next; + } + + if (piface == NULL) { + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "RSN: Could not find " + "pre-authentication interface for " MACSTR "\n", + MAC2STR(sta->addr)); + return; + } + + ethhdr = malloc(sizeof(*ethhdr) + len); + if (ethhdr == NULL) + return; + + memcpy(ethhdr->h_dest, sta->addr, ETH_ALEN); + memcpy(ethhdr->h_source, hapd->own_addr, ETH_ALEN); + ethhdr->h_proto = htons(ETH_P_PREAUTH); + memcpy(ethhdr + 1, buf, len); + + if (l2_packet_send(piface->l2, sta->addr, ETH_P_PREAUTH, (u8 *) ethhdr, + sizeof(*ethhdr) + len) < 0) { + printf("Failed to send preauth packet using l2_packet_send\n"); + } + free(ethhdr); +} + + +void rsn_preauth_free_station(struct hostapd_data *hapd, struct sta_info *sta) +{ + eloop_cancel_timeout(rsn_preauth_finished_cb, hapd, sta); +} + +#endif /* CONFIG_RSN_PREAUTH */ diff --git a/contrib/hostapd-0.5.8/preauth.h b/contrib/hostapd-0.5.8/preauth.h new file mode 100644 index 0000000000..5348bee9bf --- /dev/null +++ b/contrib/hostapd-0.5.8/preauth.h @@ -0,0 +1,58 @@ +/* + * hostapd - Authenticator for IEEE 802.11i RSN pre-authentication + * Copyright (c) 2004-2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef PREAUTH_H +#define PREAUTH_H + +#ifdef CONFIG_RSN_PREAUTH + +int rsn_preauth_iface_init(struct hostapd_data *hapd); +void rsn_preauth_iface_deinit(struct hostapd_data *hapd); +void rsn_preauth_finished(struct hostapd_data *hapd, struct sta_info *sta, + int success); +void rsn_preauth_send(struct hostapd_data *hapd, struct sta_info *sta, + u8 *buf, size_t len); +void rsn_preauth_free_station(struct hostapd_data *hapd, struct sta_info *sta); + +#else /* CONFIG_RSN_PREAUTH */ + +static inline int rsn_preauth_iface_init(struct hostapd_data *hapd) +{ + return 0; +} + +static inline void rsn_preauth_iface_deinit(struct hostapd_data *hapd) +{ +} + +static inline void rsn_preauth_finished(struct hostapd_data *hapd, + struct sta_info *sta, + int success) +{ +} + +static inline void rsn_preauth_send(struct hostapd_data *hapd, + struct sta_info *sta, + u8 *buf, size_t len) +{ +} + +static inline void rsn_preauth_free_station(struct hostapd_data *hapd, + struct sta_info *sta) +{ +} + +#endif /* CONFIG_RSN_PREAUTH */ + +#endif /* PREAUTH_H */ diff --git a/contrib/hostapd-0.5.8/prism54.h b/contrib/hostapd-0.5.8/prism54.h new file mode 100644 index 0000000000..cb0a9a19ba --- /dev/null +++ b/contrib/hostapd-0.5.8/prism54.h @@ -0,0 +1,177 @@ +#ifndef PRISM54_H +#define PRISM54_H + +struct ieee802_3_hdr_s { + unsigned char da[6]; + unsigned char sa[6]; + unsigned short type; +} __attribute__ ((packed)); + +typedef struct ieee802_3_hdr_s ieee802_3_hdr; + +#define PIMOP_GET 0 +#define PIMOP_SET 1 +#define PIMOP_RESPONSE 2 +#define PIMOP_ERROR 3 +#define PIMOP_TRAP 4 + +struct pimdev_hdr_s { + int op; + unsigned long oid; +} __attribute__ ((packed)); + +typedef struct pimdev_hdr_s pimdev_hdr; + +#define DOT11_OID_ATTACHMENT 0x19000003 + +/* really need to check */ +#define DOT11_PKT_BEACON 0x80 +#define DOT11_PKT_ASSOC_RESP 0x10 +#define DOT11_PKT_REASSOC_RESP 0x30 +#define DOT11_PKT_PROBE_RESP 0x50 + +struct obj_attachment_hdr { + char type; + char reserved; + short id; + short size; +} __attribute__ ((packed)); + +struct obj_attachment { + char type; + char reserved; + short id; + short size; + char data[1]; +} __attribute__ ((packed)); + +#define DOT11_OID_MLMEAUTOLEVEL 0x19000001 +#define DOT11_MLME_AUTO 0 +#define DOT11_MLME_INTERMEDIATE 0x01000000 +#define DOT11_MLME_EXTENDED 0x02000000 + +#define DOT11_OID_DEAUTHENTICATE 0x18000000 +#define DOT11_OID_AUTHENTICATE 0x18000001 +#define DOT11_OID_DISASSOCIATE 0x18000002 +#define DOT11_OID_ASSOCIATE 0x18000003 +#define DOT11_OID_BEACON 0x18000005 +#define DOT11_OID_PROBE 0x18000006 +#define DOT11_OID_REASSOCIATE 0x1800000b + +struct obj_mlme { + char address[6]; + short id; + short state; + short code; +} __attribute__ ((packed)); + +#define DOT11_OID_DEAUTHENTICATEEX 0x18000007 +#define DOT11_OID_AUTHENTICATEEX 0x18000008 +#define DOT11_OID_DISASSOCIATEEX 0x18000009 +#define DOT11_OID_ASSOCIATEEX 0x1800000a +#define DOT11_OID_REASSOCIATEEX 0x1800000c + +struct obj_mlmeex { + char address[6]; + short id; + short state; + short code; + short size; + char data[1]; +} __attribute__ ((packed)); + +#define DOT11_OID_STAKEY 0x12000008 + +#define DOT11_PRIV_WEP 0 +#define DOT11_PRIV_TKIP 1 + +/* endian reversed to bigger endian */ +#define DOT11_STAKEY_OPTION_DEFAULTKEY 0x100 + +struct obj_stakey { + char address[6]; + char keyid; + char reserved; + short options; + char type; + char length; + char key[32]; +} __attribute__ ((packed)); + +#define DOT11_OID_DEFKEYID 0x12000003 +#define DOT11_OID_DEFKEY1 0x12000004 +#define DOT11_OID_DEFKEY2 0x12000005 +#define DOT11_OID_DEFKEY3 0x12000006 +#define DOT11_OID_DEFKEY4 0x12000007 + +struct obj_key { + char type; + char length; + char key[32]; +} __attribute__ ((packed)); + +#define DOT11_OID_STASC 0x1200000a + +struct obj_stasc { + char address[6]; + char keyid; + char tx_sc; + unsigned long sc_high; + unsigned short sc_low; +} __attribute__ ((packed)); + +#define DOT11_OID_CLIENTS 0x15000001 +#define DOT11_OID_CLIENTSASSOCIATED 0x15000002 +#define DOT11_OID_CLIENTST 0x15000003 +#define DOT11_OID_CLIENTEND 0x150007d9 +#define DOT11_OID_CLIENTFIND 0x150007db + +#define DOT11_NODE_UNKNOWN +#define DOT11_NODE_CLIENT +#define DOT11_NODE_AP + +/* endian reversed to bigger endian */ +#define DOT11_STATE_NONE 0 +#define DOT11_STATE_AUTHING 0x100 +#define DOT11_STATE_AUTH 0x200 +#define DOT11_STATE_ASSOCING 0x300 +#define DOT11_STATE_REASSOCING 0x400 +#define DOT11_STATE_ASSOC 0x500 +#define DOT11_STATE_WDS 0x600 + +struct obj_sta { + char address[6]; + char pad[2]; + char state; + char node; + short age; + char reserved1; + char rssi; + char rate; + char reserved2; +} __attribute__ ((packed)); + +#define DOT11_OID_SSID 0x10000002 +#define DOT11_OID_SSIDOVERRIDE 0x10000006 + +struct obj_ssid { + char length; + char octets[33]; +} __attribute__ ((packed)); + +#define DOT11_OID_EAPAUTHSTA 0x150007de +#define DOT11_OID_EAPUNAUTHSTA 0x150007df +/* not in 38801 datasheet??? */ +#define DOT11_OID_DOT1XENABLE 0x150007e0 +#define DOT11_OID_MICFAILURE 0x150007e1 +#define DOT11_OID_AUTHENABLE 0x12000000 +#define DOT11_OID_PRIVACYINVOKED 0x12000001 +#define DOT11_OID_EXUNENCRYPTED 0x12000002 + +#define DOT11_AUTH_OS 0x01000000 +#define DOT11_AUTH_SK 0x02000000 +#define DOT11_AUTH_BOTH 0x03000000 + +#define DOT11_BOOL_TRUE 0x01000000 + +#endif /* PRISM54_H */ diff --git a/contrib/hostapd-0.5.8/priv_netlink.h b/contrib/hostapd-0.5.8/priv_netlink.h new file mode 100644 index 0000000000..d1f6f663eb --- /dev/null +++ b/contrib/hostapd-0.5.8/priv_netlink.h @@ -0,0 +1,71 @@ +#ifndef PRIV_NETLINK_H +#define PRIV_NETLINK_H + +/* Private copy of needed Linux netlink/rtnetlink definitions. + * + * This should be replaced with user space header once one is available with C + * library, etc.. + */ + +#ifndef IFLA_IFNAME +#define IFLA_IFNAME 3 +#endif +#ifndef IFLA_WIRELESS +#define IFLA_WIRELESS 11 +#endif + +#define NETLINK_ROUTE 0 +#define RTMGRP_LINK 1 +#define RTM_BASE 0x10 +#define RTM_NEWLINK (RTM_BASE + 0) +#define RTM_DELLINK (RTM_BASE + 1) + +#define NLMSG_ALIGNTO 4 +#define NLMSG_ALIGN(len) (((len) + NLMSG_ALIGNTO - 1) & ~(NLMSG_ALIGNTO - 1)) +#define NLMSG_LENGTH(len) ((len) + NLMSG_ALIGN(sizeof(struct nlmsghdr))) +#define NLMSG_DATA(nlh) ((void*) (((char*) nlh) + NLMSG_LENGTH(0))) + +#define RTA_ALIGNTO 4 +#define RTA_ALIGN(len) (((len) + RTA_ALIGNTO - 1) & ~(RTA_ALIGNTO - 1)) +#define RTA_OK(rta,len) \ +((len) > 0 && (rta)->rta_len >= sizeof(struct rtattr) && \ +(rta)->rta_len <= (len)) +#define RTA_NEXT(rta,attrlen) \ +((attrlen) -= RTA_ALIGN((rta)->rta_len), \ +(struct rtattr *) (((char *)(rta)) + RTA_ALIGN((rta)->rta_len))) + + +struct sockaddr_nl +{ + sa_family_t nl_family; + unsigned short nl_pad; + u32 nl_pid; + u32 nl_groups; +}; + +struct nlmsghdr +{ + u32 nlmsg_len; + u16 nlmsg_type; + u16 nlmsg_flags; + u32 nlmsg_seq; + u32 nlmsg_pid; +}; + +struct ifinfomsg +{ + unsigned char ifi_family; + unsigned char __ifi_pad; + unsigned short ifi_type; + int ifi_index; + unsigned ifi_flags; + unsigned ifi_change; +}; + +struct rtattr +{ + unsigned short rta_len; + unsigned short rta_type; +}; + +#endif /* PRIV_NETLINK_H */ diff --git a/contrib/hostapd-0.5.8/radius.c b/contrib/hostapd-0.5.8/radius.c new file mode 100644 index 0000000000..bf39b2fc42 --- /dev/null +++ b/contrib/hostapd-0.5.8/radius.c @@ -0,0 +1,1229 @@ +/* + * hostapd / RADIUS message processing + * Copyright (c) 2002-2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "common.h" +#include "radius.h" +#include "md5.h" +#include "crypto.h" + + +struct radius_msg *radius_msg_new(u8 code, u8 identifier) +{ + struct radius_msg *msg; + + msg = os_malloc(sizeof(*msg)); + if (msg == NULL) + return NULL; + + if (radius_msg_initialize(msg, RADIUS_DEFAULT_MSG_SIZE)) { + os_free(msg); + return NULL; + } + + radius_msg_set_hdr(msg, code, identifier); + + return msg; +} + + +int radius_msg_initialize(struct radius_msg *msg, size_t init_len) +{ + if (msg == NULL || init_len < sizeof(struct radius_hdr)) + return -1; + + os_memset(msg, 0, sizeof(*msg)); + msg->buf = wpa_zalloc(init_len); + if (msg->buf == NULL) + return -1; + + msg->buf_size = init_len; + msg->hdr = (struct radius_hdr *) msg->buf; + msg->buf_used = sizeof(*msg->hdr); + + msg->attrs = + os_malloc(RADIUS_DEFAULT_ATTR_COUNT * sizeof(*msg->attrs)); + if (msg->attrs == NULL) { + os_free(msg->buf); + msg->buf = NULL; + msg->hdr = NULL; + return -1; + } + + msg->attr_size = RADIUS_DEFAULT_ATTR_COUNT; + msg->attr_used = 0; + + return 0; +} + + +void radius_msg_set_hdr(struct radius_msg *msg, u8 code, u8 identifier) +{ + msg->hdr->code = code; + msg->hdr->identifier = identifier; +} + + +void radius_msg_free(struct radius_msg *msg) +{ + if (msg->buf != NULL) { + os_free(msg->buf); + msg->buf = NULL; + msg->hdr = NULL; + } + msg->buf_size = msg->buf_used = 0; + + if (msg->attrs != NULL) { + os_free(msg->attrs); + msg->attrs = NULL; + } + msg->attr_size = msg->attr_used = 0; +} + + +static const char *radius_code_string(u8 code) +{ + switch (code) { + case RADIUS_CODE_ACCESS_REQUEST: return "Access-Request"; + case RADIUS_CODE_ACCESS_ACCEPT: return "Access-Accept"; + case RADIUS_CODE_ACCESS_REJECT: return "Access-Reject"; + case RADIUS_CODE_ACCOUNTING_REQUEST: return "Accounting-Request"; + case RADIUS_CODE_ACCOUNTING_RESPONSE: return "Accounting-Response"; + case RADIUS_CODE_ACCESS_CHALLENGE: return "Access-Challenge"; + case RADIUS_CODE_STATUS_SERVER: return "Status-Server"; + case RADIUS_CODE_STATUS_CLIENT: return "Status-Client"; + case RADIUS_CODE_RESERVED: return "Reserved"; + default: return "?Unknown?"; + } +} + + +struct radius_attr_type { + u8 type; + char *name; + enum { + RADIUS_ATTR_UNDIST, RADIUS_ATTR_TEXT, RADIUS_ATTR_IP, + RADIUS_ATTR_HEXDUMP, RADIUS_ATTR_INT32, RADIUS_ATTR_IPV6 + } data_type; +}; + +static struct radius_attr_type radius_attrs[] = +{ + { RADIUS_ATTR_USER_NAME, "User-Name", RADIUS_ATTR_TEXT }, + { RADIUS_ATTR_USER_PASSWORD, "User-Password", RADIUS_ATTR_UNDIST }, + { RADIUS_ATTR_NAS_IP_ADDRESS, "NAS-IP-Address", RADIUS_ATTR_IP }, + { RADIUS_ATTR_NAS_PORT, "NAS-Port", RADIUS_ATTR_INT32 }, + { RADIUS_ATTR_FRAMED_MTU, "Framed-MTU", RADIUS_ATTR_INT32 }, + { RADIUS_ATTR_STATE, "State", RADIUS_ATTR_UNDIST }, + { RADIUS_ATTR_CLASS, "Class", RADIUS_ATTR_UNDIST }, + { RADIUS_ATTR_VENDOR_SPECIFIC, "Vendor-Specific", RADIUS_ATTR_UNDIST }, + { RADIUS_ATTR_SESSION_TIMEOUT, "Session-Timeout", RADIUS_ATTR_INT32 }, + { RADIUS_ATTR_IDLE_TIMEOUT, "Idle-Timeout", RADIUS_ATTR_INT32 }, + { RADIUS_ATTR_TERMINATION_ACTION, "Termination-Action", + RADIUS_ATTR_INT32 }, + { RADIUS_ATTR_CALLED_STATION_ID, "Called-Station-Id", + RADIUS_ATTR_TEXT }, + { RADIUS_ATTR_CALLING_STATION_ID, "Calling-Station-Id", + RADIUS_ATTR_TEXT }, + { RADIUS_ATTR_NAS_IDENTIFIER, "NAS-Identifier", RADIUS_ATTR_TEXT }, + { RADIUS_ATTR_ACCT_STATUS_TYPE, "Acct-Status-Type", + RADIUS_ATTR_INT32 }, + { RADIUS_ATTR_ACCT_DELAY_TIME, "Acct-Delay-Time", RADIUS_ATTR_INT32 }, + { RADIUS_ATTR_ACCT_INPUT_OCTETS, "Acct-Input-Octets", + RADIUS_ATTR_INT32 }, + { RADIUS_ATTR_ACCT_OUTPUT_OCTETS, "Acct-Output-Octets", + RADIUS_ATTR_INT32 }, + { RADIUS_ATTR_ACCT_SESSION_ID, "Acct-Session-Id", RADIUS_ATTR_TEXT }, + { RADIUS_ATTR_ACCT_AUTHENTIC, "Acct-Authentic", RADIUS_ATTR_INT32 }, + { RADIUS_ATTR_ACCT_SESSION_TIME, "Acct-Session-Time", + RADIUS_ATTR_INT32 }, + { RADIUS_ATTR_ACCT_INPUT_PACKETS, "Acct-Input-Packets", + RADIUS_ATTR_INT32 }, + { RADIUS_ATTR_ACCT_OUTPUT_PACKETS, "Acct-Output-Packets", + RADIUS_ATTR_INT32 }, + { RADIUS_ATTR_ACCT_TERMINATE_CAUSE, "Acct-Terminate-Cause", + RADIUS_ATTR_INT32 }, + { RADIUS_ATTR_ACCT_MULTI_SESSION_ID, "Acct-Multi-Session-Id", + RADIUS_ATTR_TEXT }, + { RADIUS_ATTR_ACCT_LINK_COUNT, "Acct-Link-Count", RADIUS_ATTR_INT32 }, + { RADIUS_ATTR_ACCT_INPUT_GIGAWORDS, "Acct-Input-Gigawords", + RADIUS_ATTR_INT32 }, + { RADIUS_ATTR_ACCT_OUTPUT_GIGAWORDS, "Acct-Output-Gigawords", + RADIUS_ATTR_INT32 }, + { RADIUS_ATTR_EVENT_TIMESTAMP, "Event-Timestamp", + RADIUS_ATTR_INT32 }, + { RADIUS_ATTR_NAS_PORT_TYPE, "NAS-Port-Type", RADIUS_ATTR_INT32 }, + { RADIUS_ATTR_TUNNEL_TYPE, "Tunnel-Type", RADIUS_ATTR_HEXDUMP }, + { RADIUS_ATTR_TUNNEL_MEDIUM_TYPE, "Tunnel-Medium-Type", + RADIUS_ATTR_HEXDUMP }, + { RADIUS_ATTR_CONNECT_INFO, "Connect-Info", RADIUS_ATTR_TEXT }, + { RADIUS_ATTR_EAP_MESSAGE, "EAP-Message", RADIUS_ATTR_UNDIST }, + { RADIUS_ATTR_MESSAGE_AUTHENTICATOR, "Message-Authenticator", + RADIUS_ATTR_UNDIST }, + { RADIUS_ATTR_TUNNEL_PRIVATE_GROUP_ID, "Tunnel-Private-Group-Id", + RADIUS_ATTR_HEXDUMP }, + { RADIUS_ATTR_ACCT_INTERIM_INTERVAL, "Acct-Interim-Interval", + RADIUS_ATTR_INT32 }, + { RADIUS_ATTR_NAS_IPV6_ADDRESS, "NAS-IPv6-Address", RADIUS_ATTR_IPV6 }, +}; +#define RADIUS_ATTRS (sizeof(radius_attrs) / sizeof(radius_attrs[0])) + + +static struct radius_attr_type *radius_get_attr_type(u8 type) +{ + size_t i; + + for (i = 0; i < RADIUS_ATTRS; i++) { + if (type == radius_attrs[i].type) + return &radius_attrs[i]; + } + + return NULL; +} + + +static void print_char(char c) +{ + if (c >= 32 && c < 127) + printf("%c", c); + else + printf("<%02x>", c); +} + + +static void radius_msg_dump_attr(struct radius_attr_hdr *hdr) +{ + struct radius_attr_type *attr; + int i, len; + unsigned char *pos; + + attr = radius_get_attr_type(hdr->type); + + printf(" Attribute %d (%s) length=%d\n", + hdr->type, attr ? attr->name : "?Unknown?", hdr->length); + + if (attr == NULL) + return; + + len = hdr->length - sizeof(struct radius_attr_hdr); + pos = (unsigned char *) (hdr + 1); + + switch (attr->data_type) { + case RADIUS_ATTR_TEXT: + printf(" Value: '"); + for (i = 0; i < len; i++) + print_char(pos[i]); + printf("'\n"); + break; + + case RADIUS_ATTR_IP: + if (len == 4) { + struct in_addr *addr = (struct in_addr *) pos; + printf(" Value: %s\n", inet_ntoa(*addr)); + } else + printf(" Invalid IP address length %d\n", len); + break; + +#ifdef CONFIG_IPV6 + case RADIUS_ATTR_IPV6: + if (len == 16) { + char buf[128]; + const char *atxt; + struct in6_addr *addr = (struct in6_addr *) pos; + atxt = inet_ntop(AF_INET6, addr, buf, sizeof(buf)); + printf(" Value: %s\n", atxt ? atxt : "?"); + } else + printf(" Invalid IPv6 address length %d\n", len); + break; +#endif /* CONFIG_IPV6 */ + + case RADIUS_ATTR_HEXDUMP: + case RADIUS_ATTR_UNDIST: + printf(" Value:"); + for (i = 0; i < len; i++) + printf(" %02x", pos[i]); + printf("\n"); + break; + + case RADIUS_ATTR_INT32: + if (len == 4) + printf(" Value: %u\n", WPA_GET_BE32(pos)); + else + printf(" Invalid INT32 length %d\n", len); + break; + + default: + break; + } +} + + +void radius_msg_dump(struct radius_msg *msg) +{ + size_t i; + + printf("RADIUS message: code=%d (%s) identifier=%d length=%d\n", + msg->hdr->code, radius_code_string(msg->hdr->code), + msg->hdr->identifier, ntohs(msg->hdr->length)); + + for (i = 0; i < msg->attr_used; i++) { + radius_msg_dump_attr(msg->attrs[i]); + } +} + + +int radius_msg_finish(struct radius_msg *msg, u8 *secret, size_t secret_len) +{ + if (secret) { + u8 auth[MD5_MAC_LEN]; + struct radius_attr_hdr *attr; + + os_memset(auth, 0, MD5_MAC_LEN); + attr = radius_msg_add_attr(msg, + RADIUS_ATTR_MESSAGE_AUTHENTICATOR, + auth, MD5_MAC_LEN); + if (attr == NULL) { + printf("WARNING: Could not add " + "Message-Authenticator\n"); + return -1; + } + msg->hdr->length = htons(msg->buf_used); + hmac_md5(secret, secret_len, msg->buf, msg->buf_used, + (u8 *) (attr + 1)); + } else + msg->hdr->length = htons(msg->buf_used); + + if (msg->buf_used > 0xffff) { + printf("WARNING: too long RADIUS message (%lu)\n", + (unsigned long) msg->buf_used); + return -1; + } + return 0; +} + + +int radius_msg_finish_srv(struct radius_msg *msg, const u8 *secret, + size_t secret_len, const u8 *req_authenticator) +{ + u8 auth[MD5_MAC_LEN]; + struct radius_attr_hdr *attr; + const u8 *addr[4]; + size_t len[4]; + + os_memset(auth, 0, MD5_MAC_LEN); + attr = radius_msg_add_attr(msg, RADIUS_ATTR_MESSAGE_AUTHENTICATOR, + auth, MD5_MAC_LEN); + if (attr == NULL) { + printf("WARNING: Could not add Message-Authenticator\n"); + return -1; + } + msg->hdr->length = htons(msg->buf_used); + os_memcpy(msg->hdr->authenticator, req_authenticator, + sizeof(msg->hdr->authenticator)); + hmac_md5(secret, secret_len, msg->buf, msg->buf_used, + (u8 *) (attr + 1)); + + /* ResponseAuth = MD5(Code+ID+Length+RequestAuth+Attributes+Secret) */ + addr[0] = (u8 *) msg->hdr; + len[0] = 1 + 1 + 2; + addr[1] = req_authenticator; + len[1] = MD5_MAC_LEN; + addr[2] = (u8 *) (msg->hdr + 1); + len[2] = msg->buf_used - sizeof(*msg->hdr); + addr[3] = secret; + len[3] = secret_len; + md5_vector(4, addr, len, msg->hdr->authenticator); + + if (msg->buf_used > 0xffff) { + printf("WARNING: too long RADIUS message (%lu)\n", + (unsigned long) msg->buf_used); + return -1; + } + return 0; +} + + +void radius_msg_finish_acct(struct radius_msg *msg, u8 *secret, + size_t secret_len) +{ + const u8 *addr[2]; + size_t len[2]; + + msg->hdr->length = htons(msg->buf_used); + os_memset(msg->hdr->authenticator, 0, MD5_MAC_LEN); + addr[0] = msg->buf; + len[0] = msg->buf_used; + addr[1] = secret; + len[1] = secret_len; + md5_vector(2, addr, len, msg->hdr->authenticator); + + if (msg->buf_used > 0xffff) { + printf("WARNING: too long RADIUS messages (%lu)\n", + (unsigned long) msg->buf_used); + } +} + + +static int radius_msg_add_attr_to_array(struct radius_msg *msg, + struct radius_attr_hdr *attr) +{ + if (msg->attr_used >= msg->attr_size) { + struct radius_attr_hdr **nattrs; + int nlen = msg->attr_size * 2; + + nattrs = os_realloc(msg->attrs, nlen * sizeof(*msg->attrs)); + if (nattrs == NULL) + return -1; + + msg->attrs = nattrs; + msg->attr_size = nlen; + } + + msg->attrs[msg->attr_used++] = attr; + + return 0; +} + + +struct radius_attr_hdr *radius_msg_add_attr(struct radius_msg *msg, u8 type, + const u8 *data, size_t data_len) +{ + size_t buf_needed; + struct radius_attr_hdr *attr; + + if (data_len > RADIUS_MAX_ATTR_LEN) { + printf("radius_msg_add_attr: too long attribute (%lu bytes)\n", + (unsigned long) data_len); + return NULL; + } + + buf_needed = msg->buf_used + sizeof(*attr) + data_len; + + if (msg->buf_size < buf_needed) { + /* allocate more space for message buffer */ + unsigned char *nbuf; + size_t i, nlen = msg->buf_size; + int diff; + + while (nlen < buf_needed) + nlen *= 2; + nbuf = os_realloc(msg->buf, nlen); + if (nbuf == NULL) + return NULL; + diff = nbuf - msg->buf; + msg->buf = nbuf; + msg->hdr = (struct radius_hdr *) msg->buf; + /* adjust attr pointers to match with the new buffer */ + for (i = 0; i < msg->attr_used; i++) + msg->attrs[i] = (struct radius_attr_hdr *) + (((u8 *) msg->attrs[i]) + diff); + os_memset(msg->buf + msg->buf_size, 0, nlen - msg->buf_size); + msg->buf_size = nlen; + } + + attr = (struct radius_attr_hdr *) (msg->buf + msg->buf_used); + attr->type = type; + attr->length = sizeof(*attr) + data_len; + if (data_len > 0) + os_memcpy(attr + 1, data, data_len); + + msg->buf_used += sizeof(*attr) + data_len; + + if (radius_msg_add_attr_to_array(msg, attr)) + return NULL; + + return attr; +} + + +struct radius_msg *radius_msg_parse(const u8 *data, size_t len) +{ + struct radius_msg *msg; + struct radius_hdr *hdr; + struct radius_attr_hdr *attr; + size_t msg_len; + unsigned char *pos, *end; + + if (data == NULL || len < sizeof(*hdr)) + return NULL; + + hdr = (struct radius_hdr *) data; + + msg_len = ntohs(hdr->length); + if (msg_len < sizeof(*hdr) || msg_len > len) { + printf("Invalid RADIUS message length\n"); + return NULL; + } + + if (msg_len < len) { + printf("Ignored %lu extra bytes after RADIUS message\n", + (unsigned long) len - msg_len); + } + + msg = os_malloc(sizeof(*msg)); + if (msg == NULL) + return NULL; + + if (radius_msg_initialize(msg, msg_len)) { + os_free(msg); + return NULL; + } + + os_memcpy(msg->buf, data, msg_len); + msg->buf_size = msg->buf_used = msg_len; + + /* parse attributes */ + pos = (unsigned char *) (msg->hdr + 1); + end = msg->buf + msg->buf_used; + while (pos < end) { + if ((size_t) (end - pos) < sizeof(*attr)) + goto fail; + + attr = (struct radius_attr_hdr *) pos; + + if (pos + attr->length > end || attr->length < sizeof(*attr)) + goto fail; + + /* TODO: check that attr->length is suitable for attr->type */ + + if (radius_msg_add_attr_to_array(msg, attr)) + goto fail; + + pos += attr->length; + } + + return msg; + + fail: + radius_msg_free(msg); + os_free(msg); + return NULL; +} + + +int radius_msg_add_eap(struct radius_msg *msg, const u8 *data, size_t data_len) +{ + const u8 *pos = data; + size_t left = data_len; + + while (left > 0) { + int len; + if (left > RADIUS_MAX_ATTR_LEN) + len = RADIUS_MAX_ATTR_LEN; + else + len = left; + + if (!radius_msg_add_attr(msg, RADIUS_ATTR_EAP_MESSAGE, + pos, len)) + return 0; + + pos += len; + left -= len; + } + + return 1; +} + + +u8 *radius_msg_get_eap(struct radius_msg *msg, size_t *eap_len) +{ + u8 *eap, *pos; + size_t len, i; + + if (msg == NULL) + return NULL; + + len = 0; + for (i = 0; i < msg->attr_used; i++) { + if (msg->attrs[i]->type == RADIUS_ATTR_EAP_MESSAGE) + len += msg->attrs[i]->length - + sizeof(struct radius_attr_hdr); + } + + if (len == 0) + return NULL; + + eap = os_malloc(len); + if (eap == NULL) + return NULL; + + pos = eap; + for (i = 0; i < msg->attr_used; i++) { + if (msg->attrs[i]->type == RADIUS_ATTR_EAP_MESSAGE) { + struct radius_attr_hdr *attr = msg->attrs[i]; + int flen = attr->length - sizeof(*attr); + os_memcpy(pos, attr + 1, flen); + pos += flen; + } + } + + if (eap_len) + *eap_len = len; + + return eap; +} + + +int radius_msg_verify_msg_auth(struct radius_msg *msg, const u8 *secret, + size_t secret_len, const u8 *req_auth) +{ + u8 auth[MD5_MAC_LEN], orig[MD5_MAC_LEN]; + u8 orig_authenticator[16]; + struct radius_attr_hdr *attr = NULL; + size_t i; + + for (i = 0; i < msg->attr_used; i++) { + if (msg->attrs[i]->type == RADIUS_ATTR_MESSAGE_AUTHENTICATOR) { + if (attr != NULL) { + printf("Multiple Message-Authenticator " + "attributes in RADIUS message\n"); + return 1; + } + attr = msg->attrs[i]; + } + } + + if (attr == NULL) { + printf("No Message-Authenticator attribute found\n"); + return 1; + } + + os_memcpy(orig, attr + 1, MD5_MAC_LEN); + os_memset(attr + 1, 0, MD5_MAC_LEN); + if (req_auth) { + os_memcpy(orig_authenticator, msg->hdr->authenticator, + sizeof(orig_authenticator)); + os_memcpy(msg->hdr->authenticator, req_auth, + sizeof(msg->hdr->authenticator)); + } + hmac_md5(secret, secret_len, msg->buf, msg->buf_used, auth); + os_memcpy(attr + 1, orig, MD5_MAC_LEN); + if (req_auth) { + os_memcpy(msg->hdr->authenticator, orig_authenticator, + sizeof(orig_authenticator)); + } + + if (os_memcmp(orig, auth, MD5_MAC_LEN) != 0) { + printf("Invalid Message-Authenticator!\n"); + return 1; + } + + return 0; +} + + +int radius_msg_verify(struct radius_msg *msg, const u8 *secret, + size_t secret_len, struct radius_msg *sent_msg, int auth) +{ + const u8 *addr[4]; + size_t len[4]; + u8 hash[MD5_MAC_LEN]; + + if (sent_msg == NULL) { + printf("No matching Access-Request message found\n"); + return 1; + } + + if (auth && + radius_msg_verify_msg_auth(msg, secret, secret_len, + sent_msg->hdr->authenticator)) { + return 1; + } + + /* ResponseAuth = MD5(Code+ID+Length+RequestAuth+Attributes+Secret) */ + addr[0] = (u8 *) msg->hdr; + len[0] = 1 + 1 + 2; + addr[1] = sent_msg->hdr->authenticator; + len[1] = MD5_MAC_LEN; + addr[2] = (u8 *) (msg->hdr + 1); + len[2] = msg->buf_used - sizeof(*msg->hdr); + addr[3] = secret; + len[3] = secret_len; + md5_vector(4, addr, len, hash); + if (os_memcmp(hash, msg->hdr->authenticator, MD5_MAC_LEN) != 0) { + printf("Response Authenticator invalid!\n"); + return 1; + } + + return 0; +} + + +int radius_msg_copy_attr(struct radius_msg *dst, struct radius_msg *src, + u8 type) +{ + struct radius_attr_hdr *attr = NULL; + size_t i; + + for (i = 0; i < src->attr_used; i++) { + if (src->attrs[i]->type == type) { + attr = src->attrs[i]; + break; + } + } + + if (attr == NULL) + return 0; + + if (!radius_msg_add_attr(dst, type, (u8 *) (attr + 1), + attr->length - sizeof(*attr))) + return -1; + + return 1; +} + + +/* Create Request Authenticator. The value should be unique over the lifetime + * of the shared secret between authenticator and authentication server. + * Use one-way MD5 hash calculated from current timestamp and some data given + * by the caller. */ +void radius_msg_make_authenticator(struct radius_msg *msg, + const u8 *data, size_t len) +{ + struct os_time tv; + long int l; + const u8 *addr[3]; + size_t elen[3]; + + os_get_time(&tv); + l = os_random(); + addr[0] = (u8 *) &tv; + elen[0] = sizeof(tv); + addr[1] = data; + elen[1] = len; + addr[2] = (u8 *) &l; + elen[2] = sizeof(l); + md5_vector(3, addr, elen, msg->hdr->authenticator); +} + + +/* Get Vendor-specific RADIUS Attribute from a parsed RADIUS message. + * Returns the Attribute payload and sets alen to indicate the length of the + * payload if a vendor attribute with subtype is found, otherwise returns NULL. + * The returned payload is allocated with os_malloc() and caller must free it + * by calling os_free(). + */ +static u8 *radius_msg_get_vendor_attr(struct radius_msg *msg, u32 vendor, + u8 subtype, size_t *alen) +{ + u8 *data, *pos; + size_t i, len; + + if (msg == NULL) + return NULL; + + for (i = 0; i < msg->attr_used; i++) { + struct radius_attr_hdr *attr = msg->attrs[i]; + size_t left; + u32 vendor_id; + struct radius_attr_vendor *vhdr; + + if (attr->type != RADIUS_ATTR_VENDOR_SPECIFIC) + continue; + + left = attr->length - sizeof(*attr); + if (left < 4) + continue; + + pos = (u8 *) (attr + 1); + + os_memcpy(&vendor_id, pos, 4); + pos += 4; + left -= 4; + + if (ntohl(vendor_id) != vendor) + continue; + + while (left >= sizeof(*vhdr)) { + vhdr = (struct radius_attr_vendor *) pos; + if (vhdr->vendor_length > left || + vhdr->vendor_length < sizeof(*vhdr)) { + left = 0; + break; + } + if (vhdr->vendor_type != subtype) { + pos += vhdr->vendor_length; + left -= vhdr->vendor_length; + continue; + } + + len = vhdr->vendor_length - sizeof(*vhdr); + data = os_malloc(len); + if (data == NULL) + return NULL; + os_memcpy(data, pos + sizeof(*vhdr), len); + if (alen) + *alen = len; + return data; + } + } + + return NULL; +} + + +static u8 * decrypt_ms_key(const u8 *key, size_t len, + const u8 *req_authenticator, + const u8 *secret, size_t secret_len, size_t *reslen) +{ + u8 *plain, *ppos, *res; + const u8 *pos; + size_t left, plen; + u8 hash[MD5_MAC_LEN]; + int i, first = 1; + const u8 *addr[3]; + size_t elen[3]; + + /* key: 16-bit salt followed by encrypted key info */ + + if (len < 2 + 16) + return NULL; + + pos = key + 2; + left = len - 2; + if (left % 16) { + printf("Invalid ms key len %lu\n", (unsigned long) left); + return NULL; + } + + plen = left; + ppos = plain = os_malloc(plen); + if (plain == NULL) + return NULL; + + while (left > 0) { + /* b(1) = MD5(Secret + Request-Authenticator + Salt) + * b(i) = MD5(Secret + c(i - 1)) for i > 1 */ + + addr[0] = secret; + elen[0] = secret_len; + if (first) { + addr[1] = req_authenticator; + elen[1] = MD5_MAC_LEN; + addr[2] = key; + elen[2] = 2; /* Salt */ + } else { + addr[1] = pos - MD5_MAC_LEN; + elen[1] = MD5_MAC_LEN; + } + md5_vector(first ? 3 : 2, addr, elen, hash); + first = 0; + + for (i = 0; i < MD5_MAC_LEN; i++) + *ppos++ = *pos++ ^ hash[i]; + left -= MD5_MAC_LEN; + } + + if (plain[0] > plen - 1) { + printf("Failed to decrypt MPPE key\n"); + os_free(plain); + return NULL; + } + + res = os_malloc(plain[0]); + if (res == NULL) { + os_free(plain); + return NULL; + } + os_memcpy(res, plain + 1, plain[0]); + if (reslen) + *reslen = plain[0]; + os_free(plain); + return res; +} + + +static void encrypt_ms_key(const u8 *key, size_t key_len, u16 salt, + const u8 *req_authenticator, + const u8 *secret, size_t secret_len, + u8 *ebuf, size_t *elen) +{ + int i, len, first = 1; + u8 hash[MD5_MAC_LEN], saltbuf[2], *pos; + const u8 *addr[3]; + size_t _len[3]; + + saltbuf[0] = salt >> 8; + saltbuf[1] = salt; + + len = 1 + key_len; + if (len & 0x0f) { + len = (len & 0xf0) + 16; + } + os_memset(ebuf, 0, len); + ebuf[0] = key_len; + os_memcpy(ebuf + 1, key, key_len); + + *elen = len; + + pos = ebuf; + while (len > 0) { + /* b(1) = MD5(Secret + Request-Authenticator + Salt) + * b(i) = MD5(Secret + c(i - 1)) for i > 1 */ + addr[0] = secret; + _len[0] = secret_len; + if (first) { + addr[1] = req_authenticator; + _len[1] = MD5_MAC_LEN; + addr[2] = saltbuf; + _len[2] = sizeof(saltbuf); + } else { + addr[1] = pos - MD5_MAC_LEN; + _len[1] = MD5_MAC_LEN; + } + md5_vector(first ? 3 : 2, addr, _len, hash); + first = 0; + + for (i = 0; i < MD5_MAC_LEN; i++) + *pos++ ^= hash[i]; + + len -= MD5_MAC_LEN; + } +} + + +struct radius_ms_mppe_keys * +radius_msg_get_ms_keys(struct radius_msg *msg, struct radius_msg *sent_msg, + u8 *secret, size_t secret_len) +{ + u8 *key; + size_t keylen; + struct radius_ms_mppe_keys *keys; + + if (msg == NULL || sent_msg == NULL) + return NULL; + + keys = wpa_zalloc(sizeof(*keys)); + if (keys == NULL) + return NULL; + + key = radius_msg_get_vendor_attr(msg, RADIUS_VENDOR_ID_MICROSOFT, + RADIUS_VENDOR_ATTR_MS_MPPE_SEND_KEY, + &keylen); + if (key) { + keys->send = decrypt_ms_key(key, keylen, + sent_msg->hdr->authenticator, + secret, secret_len, + &keys->send_len); + os_free(key); + } + + key = radius_msg_get_vendor_attr(msg, RADIUS_VENDOR_ID_MICROSOFT, + RADIUS_VENDOR_ATTR_MS_MPPE_RECV_KEY, + &keylen); + if (key) { + keys->recv = decrypt_ms_key(key, keylen, + sent_msg->hdr->authenticator, + secret, secret_len, + &keys->recv_len); + os_free(key); + } + + return keys; +} + + +struct radius_ms_mppe_keys * +radius_msg_get_cisco_keys(struct radius_msg *msg, struct radius_msg *sent_msg, + u8 *secret, size_t secret_len) +{ + u8 *key; + size_t keylen; + struct radius_ms_mppe_keys *keys; + + if (msg == NULL || sent_msg == NULL) + return NULL; + + keys = wpa_zalloc(sizeof(*keys)); + if (keys == NULL) + return NULL; + + key = radius_msg_get_vendor_attr(msg, RADIUS_VENDOR_ID_CISCO, + RADIUS_CISCO_AV_PAIR, &keylen); + if (key && keylen == 51 && + os_memcmp(key, "leap:session-key=", 17) == 0) { + keys->recv = decrypt_ms_key(key + 17, keylen - 17, + sent_msg->hdr->authenticator, + secret, secret_len, + &keys->recv_len); + } + os_free(key); + + return keys; +} + + +int radius_msg_add_mppe_keys(struct radius_msg *msg, + const u8 *req_authenticator, + const u8 *secret, size_t secret_len, + const u8 *send_key, size_t send_key_len, + const u8 *recv_key, size_t recv_key_len) +{ + struct radius_attr_hdr *attr; + u32 vendor_id = htonl(RADIUS_VENDOR_ID_MICROSOFT); + u8 *buf; + struct radius_attr_vendor *vhdr; + u8 *pos; + size_t elen; + int hlen; + u16 salt; + + hlen = sizeof(vendor_id) + sizeof(*vhdr) + 2; + + /* MS-MPPE-Send-Key */ + buf = os_malloc(hlen + send_key_len + 16); + if (buf == NULL) { + return 0; + } + pos = buf; + os_memcpy(pos, &vendor_id, sizeof(vendor_id)); + pos += sizeof(vendor_id); + vhdr = (struct radius_attr_vendor *) pos; + vhdr->vendor_type = RADIUS_VENDOR_ATTR_MS_MPPE_SEND_KEY; + pos = (u8 *) (vhdr + 1); + salt = os_random() | 0x8000; + *pos++ = salt >> 8; + *pos++ = salt; + encrypt_ms_key(send_key, send_key_len, salt, req_authenticator, secret, + secret_len, pos, &elen); + vhdr->vendor_length = hlen + elen - sizeof(vendor_id); + + attr = radius_msg_add_attr(msg, RADIUS_ATTR_VENDOR_SPECIFIC, + buf, hlen + elen); + os_free(buf); + if (attr == NULL) { + return 0; + } + + /* MS-MPPE-Recv-Key */ + buf = os_malloc(hlen + send_key_len + 16); + if (buf == NULL) { + return 0; + } + pos = buf; + os_memcpy(pos, &vendor_id, sizeof(vendor_id)); + pos += sizeof(vendor_id); + vhdr = (struct radius_attr_vendor *) pos; + vhdr->vendor_type = RADIUS_VENDOR_ATTR_MS_MPPE_RECV_KEY; + pos = (u8 *) (vhdr + 1); + salt ^= 1; + *pos++ = salt >> 8; + *pos++ = salt; + encrypt_ms_key(recv_key, recv_key_len, salt, req_authenticator, secret, + secret_len, pos, &elen); + vhdr->vendor_length = hlen + elen - sizeof(vendor_id); + + attr = radius_msg_add_attr(msg, RADIUS_ATTR_VENDOR_SPECIFIC, + buf, hlen + elen); + os_free(buf); + if (attr == NULL) { + return 0; + } + + return 1; +} + + +/* Add User-Password attribute to a RADIUS message and encrypt it as specified + * in RFC 2865, Chap. 5.2 */ +struct radius_attr_hdr * +radius_msg_add_attr_user_password(struct radius_msg *msg, + u8 *data, size_t data_len, + u8 *secret, size_t secret_len) +{ + u8 buf[128]; + int padlen, i; + size_t buf_len, pos; + const u8 *addr[2]; + size_t len[2]; + u8 hash[16]; + + if (data_len > 128) + return NULL; + + os_memcpy(buf, data, data_len); + buf_len = data_len; + + padlen = data_len % 16; + if (padlen) { + padlen = 16 - padlen; + os_memset(buf + data_len, 0, padlen); + buf_len += padlen; + } + + addr[0] = secret; + len[0] = secret_len; + addr[1] = msg->hdr->authenticator; + len[1] = 16; + md5_vector(2, addr, len, hash); + + for (i = 0; i < 16; i++) + buf[i] ^= hash[i]; + pos = 16; + + while (pos < buf_len) { + addr[0] = secret; + len[0] = secret_len; + addr[1] = &buf[pos - 16]; + len[1] = 16; + md5_vector(2, addr, len, hash); + + for (i = 0; i < 16; i++) + buf[pos + i] ^= hash[i]; + + pos += 16; + } + + return radius_msg_add_attr(msg, RADIUS_ATTR_USER_PASSWORD, + buf, buf_len); +} + + +int radius_msg_get_attr(struct radius_msg *msg, u8 type, u8 *buf, size_t len) +{ + struct radius_attr_hdr *attr = NULL; + size_t i, dlen; + + for (i = 0; i < msg->attr_used; i++) { + if (msg->attrs[i]->type == type) { + attr = msg->attrs[i]; + break; + } + } + + if (!attr) + return -1; + + dlen = attr->length - sizeof(*attr); + if (buf) + os_memcpy(buf, (attr + 1), dlen > len ? len : dlen); + return dlen; +} + + +int radius_msg_get_attr_ptr(struct radius_msg *msg, u8 type, u8 **buf, + size_t *len, const u8 *start) +{ + size_t i; + struct radius_attr_hdr *attr = NULL; + + for (i = 0; i < msg->attr_used; i++) { + if (msg->attrs[i]->type == type && + (start == NULL || (u8 *) msg->attrs[i] > start)) { + attr = msg->attrs[i]; + break; + } + } + + if (!attr) + return -1; + + *buf = (u8 *) (attr + 1); + *len = attr->length - sizeof(*attr); + return 0; +} + + +int radius_msg_count_attr(struct radius_msg *msg, u8 type, int min_len) +{ + size_t i; + int count; + + for (count = 0, i = 0; i < msg->attr_used; i++) { + if (msg->attrs[i]->type == type && + msg->attrs[i]->length >= + sizeof(struct radius_attr_hdr) + min_len) + count++; + } + + return count; +} + + +struct radius_tunnel_attrs { + int tag_used; + int type; /* Tunnel-Type */ + int medium_type; /* Tunnel-Medium-Type */ + int vlanid; +}; + + +/** + * radius_msg_get_vlanid - Parse RADIUS attributes for VLAN tunnel information + * @msg: RADIUS message + * Returns: VLAN ID for the first tunnel configuration of -1 if none is found + */ +int radius_msg_get_vlanid(struct radius_msg *msg) +{ + struct radius_tunnel_attrs tunnel[RADIUS_TUNNEL_TAGS], *tun; + size_t i; + struct radius_attr_hdr *attr = NULL; + const u8 *data; + char buf[10]; + size_t dlen; + + os_memset(&tunnel, 0, sizeof(tunnel)); + + for (i = 0; i < msg->attr_used; i++) { + attr = msg->attrs[i]; + data = (const u8 *) (attr + 1); + dlen = attr->length - sizeof(*attr); + if (attr->length < 3) + continue; + if (data[0] >= RADIUS_TUNNEL_TAGS) + tun = &tunnel[0]; + else + tun = &tunnel[data[0]]; + + switch (attr->type) { + case RADIUS_ATTR_TUNNEL_TYPE: + if (attr->length != 6) + break; + tun->tag_used++; + tun->type = (data[1] << 16) | (data[2] << 8) | data[3]; + break; + case RADIUS_ATTR_TUNNEL_MEDIUM_TYPE: + if (attr->length != 6) + break; + tun->tag_used++; + tun->medium_type = + (data[1] << 16) | (data[2] << 8) | data[3]; + break; + case RADIUS_ATTR_TUNNEL_PRIVATE_GROUP_ID: + if (data[0] < RADIUS_TUNNEL_TAGS) { + data++; + dlen--; + } + if (dlen >= sizeof(buf)) + break; + os_memcpy(buf, data, dlen); + buf[dlen] = '\0'; + tun->tag_used++; + tun->vlanid = atoi(buf); + break; + } + } + + for (i = 0; i < RADIUS_TUNNEL_TAGS; i++) { + tun = &tunnel[i]; + if (tun->tag_used && + tun->type == RADIUS_TUNNEL_TYPE_VLAN && + tun->medium_type == RADIUS_TUNNEL_MEDIUM_TYPE_802 && + tun->vlanid > 0) + return tun->vlanid; + } + + return -1; +} diff --git a/contrib/hostapd-0.5.8/radius.h b/contrib/hostapd-0.5.8/radius.h new file mode 100644 index 0000000000..d1b909da98 --- /dev/null +++ b/contrib/hostapd-0.5.8/radius.h @@ -0,0 +1,266 @@ +/* + * hostapd / RADIUS message processing + * Copyright (c) 2002-2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef RADIUS_H +#define RADIUS_H + +/* RFC 2865 - RADIUS */ + +#ifdef _MSC_VER +#pragma pack(push, 1) +#endif /* _MSC_VER */ + +struct radius_hdr { + u8 code; + u8 identifier; + u16 length; /* including this header */ + u8 authenticator[16]; + /* followed by length-20 octets of attributes */ +} STRUCT_PACKED; + +enum { RADIUS_CODE_ACCESS_REQUEST = 1, + RADIUS_CODE_ACCESS_ACCEPT = 2, + RADIUS_CODE_ACCESS_REJECT = 3, + RADIUS_CODE_ACCOUNTING_REQUEST = 4, + RADIUS_CODE_ACCOUNTING_RESPONSE = 5, + RADIUS_CODE_ACCESS_CHALLENGE = 11, + RADIUS_CODE_STATUS_SERVER = 12, + RADIUS_CODE_STATUS_CLIENT = 13, + RADIUS_CODE_RESERVED = 255 +}; + +struct radius_attr_hdr { + u8 type; + u8 length; /* including this header */ + /* followed by length-2 octets of attribute value */ +} STRUCT_PACKED; + +#define RADIUS_MAX_ATTR_LEN (255 - sizeof(struct radius_attr_hdr)) + +enum { RADIUS_ATTR_USER_NAME = 1, + RADIUS_ATTR_USER_PASSWORD = 2, + RADIUS_ATTR_NAS_IP_ADDRESS = 4, + RADIUS_ATTR_NAS_PORT = 5, + RADIUS_ATTR_FRAMED_MTU = 12, + RADIUS_ATTR_STATE = 24, + RADIUS_ATTR_CLASS = 25, + RADIUS_ATTR_VENDOR_SPECIFIC = 26, + RADIUS_ATTR_SESSION_TIMEOUT = 27, + RADIUS_ATTR_IDLE_TIMEOUT = 28, + RADIUS_ATTR_TERMINATION_ACTION = 29, + RADIUS_ATTR_CALLED_STATION_ID = 30, + RADIUS_ATTR_CALLING_STATION_ID = 31, + RADIUS_ATTR_NAS_IDENTIFIER = 32, + RADIUS_ATTR_ACCT_STATUS_TYPE = 40, + RADIUS_ATTR_ACCT_DELAY_TIME = 41, + RADIUS_ATTR_ACCT_INPUT_OCTETS = 42, + RADIUS_ATTR_ACCT_OUTPUT_OCTETS = 43, + RADIUS_ATTR_ACCT_SESSION_ID = 44, + RADIUS_ATTR_ACCT_AUTHENTIC = 45, + RADIUS_ATTR_ACCT_SESSION_TIME = 46, + RADIUS_ATTR_ACCT_INPUT_PACKETS = 47, + RADIUS_ATTR_ACCT_OUTPUT_PACKETS = 48, + RADIUS_ATTR_ACCT_TERMINATE_CAUSE = 49, + RADIUS_ATTR_ACCT_MULTI_SESSION_ID = 50, + RADIUS_ATTR_ACCT_LINK_COUNT = 51, + RADIUS_ATTR_ACCT_INPUT_GIGAWORDS = 52, + RADIUS_ATTR_ACCT_OUTPUT_GIGAWORDS = 53, + RADIUS_ATTR_EVENT_TIMESTAMP = 55, + RADIUS_ATTR_NAS_PORT_TYPE = 61, + RADIUS_ATTR_TUNNEL_TYPE = 64, + RADIUS_ATTR_TUNNEL_MEDIUM_TYPE = 65, + RADIUS_ATTR_CONNECT_INFO = 77, + RADIUS_ATTR_EAP_MESSAGE = 79, + RADIUS_ATTR_MESSAGE_AUTHENTICATOR = 80, + RADIUS_ATTR_TUNNEL_PRIVATE_GROUP_ID = 81, + RADIUS_ATTR_ACCT_INTERIM_INTERVAL = 85, + RADIUS_ATTR_NAS_IPV6_ADDRESS = 95 +}; + + +/* Termination-Action */ +#define RADIUS_TERMINATION_ACTION_DEFAULT 0 +#define RADIUS_TERMINATION_ACTION_RADIUS_REQUEST 1 + +/* NAS-Port-Type */ +#define RADIUS_NAS_PORT_TYPE_IEEE_802_11 19 + +/* Acct-Status-Type */ +#define RADIUS_ACCT_STATUS_TYPE_START 1 +#define RADIUS_ACCT_STATUS_TYPE_STOP 2 +#define RADIUS_ACCT_STATUS_TYPE_INTERIM_UPDATE 3 +#define RADIUS_ACCT_STATUS_TYPE_ACCOUNTING_ON 7 +#define RADIUS_ACCT_STATUS_TYPE_ACCOUNTING_OFF 8 + +/* Acct-Authentic */ +#define RADIUS_ACCT_AUTHENTIC_RADIUS 1 +#define RADIUS_ACCT_AUTHENTIC_LOCAL 2 +#define RADIUS_ACCT_AUTHENTIC_REMOTE 3 + +/* Acct-Terminate-Cause */ +#define RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST 1 +#define RADIUS_ACCT_TERMINATE_CAUSE_LOST_CARRIER 2 +#define RADIUS_ACCT_TERMINATE_CAUSE_LOST_SERVICE 3 +#define RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT 4 +#define RADIUS_ACCT_TERMINATE_CAUSE_SESSION_TIMEOUT 5 +#define RADIUS_ACCT_TERMINATE_CAUSE_ADMIN_RESET 6 +#define RADIUS_ACCT_TERMINATE_CAUSE_ADMIN_REBOOT 7 +#define RADIUS_ACCT_TERMINATE_CAUSE_PORT_ERROR 8 +#define RADIUS_ACCT_TERMINATE_CAUSE_NAS_ERROR 9 +#define RADIUS_ACCT_TERMINATE_CAUSE_NAS_REQUEST 10 +#define RADIUS_ACCT_TERMINATE_CAUSE_NAS_REBOOT 11 +#define RADIUS_ACCT_TERMINATE_CAUSE_PORT_UNNEEDED 12 +#define RADIUS_ACCT_TERMINATE_CAUSE_PORT_PREEMPTED 13 +#define RADIUS_ACCT_TERMINATE_CAUSE_PORT_SUSPENDED 14 +#define RADIUS_ACCT_TERMINATE_CAUSE_SERVICE_UNAVAILABLE 15 +#define RADIUS_ACCT_TERMINATE_CAUSE_CALLBACK 16 +#define RADIUS_ACCT_TERMINATE_CAUSE_USER_ERROR 17 +#define RADIUS_ACCT_TERMINATE_CAUSE_HOST_REQUEST 18 + +#define RADIUS_TUNNEL_TAGS 32 + +/* Tunnel-Type */ +#define RADIUS_TUNNEL_TYPE_PPTP 1 +#define RADIUS_TUNNEL_TYPE_L2TP 3 +#define RADIUS_TUNNEL_TYPE_IPIP 7 +#define RADIUS_TUNNEL_TYPE_GRE 10 +#define RADIUS_TUNNEL_TYPE_VLAN 13 + +/* Tunnel-Medium-Type */ +#define RADIUS_TUNNEL_MEDIUM_TYPE_IPV4 1 +#define RADIUS_TUNNEL_MEDIUM_TYPE_IPV6 2 +#define RADIUS_TUNNEL_MEDIUM_TYPE_802 6 + + +struct radius_attr_vendor { + u8 vendor_type; + u8 vendor_length; +} STRUCT_PACKED; + +#define RADIUS_VENDOR_ID_CISCO 9 +#define RADIUS_CISCO_AV_PAIR 1 + +/* RFC 2548 - Microsoft Vendor-specific RADIUS Attributes */ +#define RADIUS_VENDOR_ID_MICROSOFT 311 + +enum { RADIUS_VENDOR_ATTR_MS_MPPE_SEND_KEY = 16, + RADIUS_VENDOR_ATTR_MS_MPPE_RECV_KEY = 17 +}; + +#ifdef _MSC_VER +#pragma pack(pop) +#endif /* _MSC_VER */ + +struct radius_ms_mppe_keys { + u8 *send; + size_t send_len; + u8 *recv; + size_t recv_len; +}; + + +/* RADIUS message structure for new and parsed messages */ +struct radius_msg { + unsigned char *buf; + size_t buf_size; /* total size allocated for buf */ + size_t buf_used; /* bytes used in buf */ + + struct radius_hdr *hdr; + + struct radius_attr_hdr **attrs; /* array of pointers to attributes */ + size_t attr_size; /* total size of the attribute pointer array */ + size_t attr_used; /* total number of attributes in the array */ +}; + + +/* Default size to be allocated for new RADIUS messages */ +#define RADIUS_DEFAULT_MSG_SIZE 1024 + +/* Default size to be allocated for attribute array */ +#define RADIUS_DEFAULT_ATTR_COUNT 16 + + +/* MAC address ASCII format for IEEE 802.1X use + * (draft-congdon-radius-8021x-20.txt) */ +#define RADIUS_802_1X_ADDR_FORMAT "%02X-%02X-%02X-%02X-%02X-%02X" +/* MAC address ASCII format for non-802.1X use */ +#define RADIUS_ADDR_FORMAT "%02x%02x%02x%02x%02x%02x" + +struct radius_msg *radius_msg_new(u8 code, u8 identifier); +int radius_msg_initialize(struct radius_msg *msg, size_t init_len); +void radius_msg_set_hdr(struct radius_msg *msg, u8 code, u8 identifier); +void radius_msg_free(struct radius_msg *msg); +void radius_msg_dump(struct radius_msg *msg); +int radius_msg_finish(struct radius_msg *msg, u8 *secret, size_t secret_len); +int radius_msg_finish_srv(struct radius_msg *msg, const u8 *secret, + size_t secret_len, const u8 *req_authenticator); +void radius_msg_finish_acct(struct radius_msg *msg, u8 *secret, + size_t secret_len); +struct radius_attr_hdr *radius_msg_add_attr(struct radius_msg *msg, u8 type, + const u8 *data, size_t data_len); +struct radius_msg *radius_msg_parse(const u8 *data, size_t len); +int radius_msg_add_eap(struct radius_msg *msg, const u8 *data, + size_t data_len); +u8 *radius_msg_get_eap(struct radius_msg *msg, size_t *len); +int radius_msg_verify(struct radius_msg *msg, const u8 *secret, + size_t secret_len, struct radius_msg *sent_msg, + int auth); +int radius_msg_verify_msg_auth(struct radius_msg *msg, const u8 *secret, + size_t secret_len, const u8 *req_auth); +int radius_msg_copy_attr(struct radius_msg *dst, struct radius_msg *src, + u8 type); +void radius_msg_make_authenticator(struct radius_msg *msg, + const u8 *data, size_t len); +struct radius_ms_mppe_keys * +radius_msg_get_ms_keys(struct radius_msg *msg, struct radius_msg *sent_msg, + u8 *secret, size_t secret_len); +struct radius_ms_mppe_keys * +radius_msg_get_cisco_keys(struct radius_msg *msg, struct radius_msg *sent_msg, + u8 *secret, size_t secret_len); +int radius_msg_add_mppe_keys(struct radius_msg *msg, + const u8 *req_authenticator, + const u8 *secret, size_t secret_len, + const u8 *send_key, size_t send_key_len, + const u8 *recv_key, size_t recv_key_len); +struct radius_attr_hdr * +radius_msg_add_attr_user_password(struct radius_msg *msg, + u8 *data, size_t data_len, + u8 *secret, size_t secret_len); +int radius_msg_get_attr(struct radius_msg *msg, u8 type, u8 *buf, size_t len); +int radius_msg_get_vlanid(struct radius_msg *msg); + +static inline int radius_msg_add_attr_int32(struct radius_msg *msg, u8 type, + u32 value) +{ + u32 val = htonl(value); + return radius_msg_add_attr(msg, type, (u8 *) &val, 4) != NULL; +} + +static inline int radius_msg_get_attr_int32(struct radius_msg *msg, u8 type, + u32 *value) +{ + u32 val; + int res; + res = radius_msg_get_attr(msg, type, (u8 *) &val, 4); + if (res != 4) + return -1; + + *value = ntohl(val); + return 0; +} +int radius_msg_get_attr_ptr(struct radius_msg *msg, u8 type, u8 **buf, + size_t *len, const u8 *start); +int radius_msg_count_attr(struct radius_msg *msg, u8 type, int min_len); + +#endif /* RADIUS_H */ diff --git a/contrib/hostapd-0.5.8/radius_client.c b/contrib/hostapd-0.5.8/radius_client.c new file mode 100644 index 0000000000..5b00bbeb85 --- /dev/null +++ b/contrib/hostapd-0.5.8/radius_client.c @@ -0,0 +1,1204 @@ +/* + * hostapd / RADIUS client + * Copyright (c) 2002-2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "hostapd.h" +#include "radius.h" +#include "radius_client.h" +#include "eloop.h" + +/* Defaults for RADIUS retransmit values (exponential backoff) */ +#define RADIUS_CLIENT_FIRST_WAIT 3 /* seconds */ +#define RADIUS_CLIENT_MAX_WAIT 120 /* seconds */ +#define RADIUS_CLIENT_MAX_RETRIES 10 /* maximum number of retransmit attempts + * before entry is removed from retransmit + * list */ +#define RADIUS_CLIENT_MAX_ENTRIES 30 /* maximum number of entries in retransmit + * list (oldest will be removed, if this + * limit is exceeded) */ +#define RADIUS_CLIENT_NUM_FAILOVER 4 /* try to change RADIUS server after this + * many failed retry attempts */ + + +struct radius_rx_handler { + RadiusRxResult (*handler)(struct radius_msg *msg, + struct radius_msg *req, + u8 *shared_secret, size_t shared_secret_len, + void *data); + void *data; +}; + + +/* RADIUS message retransmit list */ +struct radius_msg_list { + u8 addr[ETH_ALEN]; /* STA/client address; used to find RADIUS messages + * for the same STA. */ + struct radius_msg *msg; + RadiusType msg_type; + os_time_t first_try; + os_time_t next_try; + int attempts; + int next_wait; + struct os_time last_attempt; + + u8 *shared_secret; + size_t shared_secret_len; + + /* TODO: server config with failover to backup server(s) */ + + struct radius_msg_list *next; +}; + + +struct radius_client_data { + void *ctx; + struct hostapd_radius_servers *conf; + + int auth_serv_sock; /* socket for authentication RADIUS messages */ + int acct_serv_sock; /* socket for accounting RADIUS messages */ + int auth_serv_sock6; + int acct_serv_sock6; + int auth_sock; /* currently used socket */ + int acct_sock; /* currently used socket */ + + struct radius_rx_handler *auth_handlers; + size_t num_auth_handlers; + struct radius_rx_handler *acct_handlers; + size_t num_acct_handlers; + + struct radius_msg_list *msgs; + size_t num_msgs; + + u8 next_radius_identifier; +}; + + +static int +radius_change_server(struct radius_client_data *radius, + struct hostapd_radius_server *nserv, + struct hostapd_radius_server *oserv, + int sock, int sock6, int auth); +static int radius_client_init_acct(struct radius_client_data *radius); +static int radius_client_init_auth(struct radius_client_data *radius); + + +static void radius_client_msg_free(struct radius_msg_list *req) +{ + radius_msg_free(req->msg); + os_free(req->msg); + os_free(req); +} + + +int radius_client_register(struct radius_client_data *radius, + RadiusType msg_type, + RadiusRxResult (*handler)(struct radius_msg *msg, + struct radius_msg *req, + u8 *shared_secret, + size_t shared_secret_len, + void *data), + void *data) +{ + struct radius_rx_handler **handlers, *newh; + size_t *num; + + if (msg_type == RADIUS_ACCT) { + handlers = &radius->acct_handlers; + num = &radius->num_acct_handlers; + } else { + handlers = &radius->auth_handlers; + num = &radius->num_auth_handlers; + } + + newh = os_realloc(*handlers, + (*num + 1) * sizeof(struct radius_rx_handler)); + if (newh == NULL) + return -1; + + newh[*num].handler = handler; + newh[*num].data = data; + (*num)++; + *handlers = newh; + + return 0; +} + + +static void radius_client_handle_send_error(struct radius_client_data *radius, + int s, RadiusType msg_type) +{ +#ifndef CONFIG_NATIVE_WINDOWS + int _errno = errno; + perror("send[RADIUS]"); + if (_errno == ENOTCONN || _errno == EDESTADDRREQ || _errno == EINVAL) { + hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS, + HOSTAPD_LEVEL_INFO, + "Send failed - maybe interface status changed -" + " try to connect again"); + eloop_unregister_read_sock(s); + close(s); + if (msg_type == RADIUS_ACCT || msg_type == RADIUS_ACCT_INTERIM) + radius_client_init_acct(radius); + else + radius_client_init_auth(radius); + } +#endif /* CONFIG_NATIVE_WINDOWS */ +} + + +static int radius_client_retransmit(struct radius_client_data *radius, + struct radius_msg_list *entry, + os_time_t now) +{ + struct hostapd_radius_servers *conf = radius->conf; + int s; + + if (entry->msg_type == RADIUS_ACCT || + entry->msg_type == RADIUS_ACCT_INTERIM) { + s = radius->acct_sock; + if (entry->attempts == 0) + conf->acct_server->requests++; + else { + conf->acct_server->timeouts++; + conf->acct_server->retransmissions++; + } + } else { + s = radius->auth_sock; + if (entry->attempts == 0) + conf->auth_server->requests++; + else { + conf->auth_server->timeouts++; + conf->auth_server->retransmissions++; + } + } + + /* retransmit; remove entry if too many attempts */ + entry->attempts++; + hostapd_logger(radius->ctx, entry->addr, HOSTAPD_MODULE_RADIUS, + HOSTAPD_LEVEL_DEBUG, "Resending RADIUS message (id=%d)", + entry->msg->hdr->identifier); + + os_get_time(&entry->last_attempt); + if (send(s, entry->msg->buf, entry->msg->buf_used, 0) < 0) + radius_client_handle_send_error(radius, s, entry->msg_type); + + entry->next_try = now + entry->next_wait; + entry->next_wait *= 2; + if (entry->next_wait > RADIUS_CLIENT_MAX_WAIT) + entry->next_wait = RADIUS_CLIENT_MAX_WAIT; + if (entry->attempts >= RADIUS_CLIENT_MAX_RETRIES) { + printf("Removing un-ACKed RADIUS message due to too many " + "failed retransmit attempts\n"); + return 1; + } + + return 0; +} + + +static void radius_client_timer(void *eloop_ctx, void *timeout_ctx) +{ + struct radius_client_data *radius = eloop_ctx; + struct hostapd_radius_servers *conf = radius->conf; + struct os_time now; + os_time_t first; + struct radius_msg_list *entry, *prev, *tmp; + int auth_failover = 0, acct_failover = 0; + char abuf[50]; + + entry = radius->msgs; + if (!entry) + return; + + os_get_time(&now); + first = 0; + + prev = NULL; + while (entry) { + if (now.sec >= entry->next_try && + radius_client_retransmit(radius, entry, now.sec)) { + if (prev) + prev->next = entry->next; + else + radius->msgs = entry->next; + + tmp = entry; + entry = entry->next; + radius_client_msg_free(tmp); + radius->num_msgs--; + continue; + } + + if (entry->attempts > RADIUS_CLIENT_NUM_FAILOVER) { + if (entry->msg_type == RADIUS_ACCT || + entry->msg_type == RADIUS_ACCT_INTERIM) + acct_failover++; + else + auth_failover++; + } + + if (first == 0 || entry->next_try < first) + first = entry->next_try; + + prev = entry; + entry = entry->next; + } + + if (radius->msgs) { + if (first < now.sec) + first = now.sec; + eloop_register_timeout(first - now.sec, 0, + radius_client_timer, radius, NULL); + hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS, + HOSTAPD_LEVEL_DEBUG, "Next RADIUS client " + "retransmit in %ld seconds", + (long int) (first - now.sec)); + } + + if (auth_failover && conf->num_auth_servers > 1) { + struct hostapd_radius_server *next, *old; + old = conf->auth_server; + hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS, + HOSTAPD_LEVEL_NOTICE, + "No response from Authentication server " + "%s:%d - failover", + hostapd_ip_txt(&old->addr, abuf, sizeof(abuf)), + old->port); + + for (entry = radius->msgs; entry; entry = entry->next) { + if (entry->msg_type == RADIUS_AUTH) + old->timeouts++; + } + + next = old + 1; + if (next > &(conf->auth_servers[conf->num_auth_servers - 1])) + next = conf->auth_servers; + conf->auth_server = next; + radius_change_server(radius, next, old, + radius->auth_serv_sock, + radius->auth_serv_sock6, 1); + } + + if (acct_failover && conf->num_acct_servers > 1) { + struct hostapd_radius_server *next, *old; + old = conf->acct_server; + hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS, + HOSTAPD_LEVEL_NOTICE, + "No response from Accounting server " + "%s:%d - failover", + hostapd_ip_txt(&old->addr, abuf, sizeof(abuf)), + old->port); + + for (entry = radius->msgs; entry; entry = entry->next) { + if (entry->msg_type == RADIUS_ACCT || + entry->msg_type == RADIUS_ACCT_INTERIM) + old->timeouts++; + } + + next = old + 1; + if (next > &conf->acct_servers[conf->num_acct_servers - 1]) + next = conf->acct_servers; + conf->acct_server = next; + radius_change_server(radius, next, old, + radius->acct_serv_sock, + radius->acct_serv_sock6, 0); + } +} + + +static void radius_client_update_timeout(struct radius_client_data *radius) +{ + struct os_time now; + os_time_t first; + struct radius_msg_list *entry; + + eloop_cancel_timeout(radius_client_timer, radius, NULL); + + if (radius->msgs == NULL) { + return; + } + + first = 0; + for (entry = radius->msgs; entry; entry = entry->next) { + if (first == 0 || entry->next_try < first) + first = entry->next_try; + } + + os_get_time(&now); + if (first < now.sec) + first = now.sec; + eloop_register_timeout(first - now.sec, 0, radius_client_timer, radius, + NULL); + hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS, + HOSTAPD_LEVEL_DEBUG, "Next RADIUS client retransmit in" + " %ld seconds\n", (long int) (first - now.sec)); +} + + +static void radius_client_list_add(struct radius_client_data *radius, + struct radius_msg *msg, + RadiusType msg_type, u8 *shared_secret, + size_t shared_secret_len, const u8 *addr) +{ + struct radius_msg_list *entry, *prev; + + if (eloop_terminated()) { + /* No point in adding entries to retransmit queue since event + * loop has already been terminated. */ + radius_msg_free(msg); + os_free(msg); + return; + } + + entry = wpa_zalloc(sizeof(*entry)); + if (entry == NULL) { + printf("Failed to add RADIUS packet into retransmit list\n"); + radius_msg_free(msg); + os_free(msg); + return; + } + + if (addr) + os_memcpy(entry->addr, addr, ETH_ALEN); + entry->msg = msg; + entry->msg_type = msg_type; + entry->shared_secret = shared_secret; + entry->shared_secret_len = shared_secret_len; + os_get_time(&entry->last_attempt); + entry->first_try = entry->last_attempt.sec; + entry->next_try = entry->first_try + RADIUS_CLIENT_FIRST_WAIT; + entry->attempts = 1; + entry->next_wait = RADIUS_CLIENT_FIRST_WAIT * 2; + entry->next = radius->msgs; + radius->msgs = entry; + radius_client_update_timeout(radius); + + if (radius->num_msgs >= RADIUS_CLIENT_MAX_ENTRIES) { + printf("Removing the oldest un-ACKed RADIUS packet due to " + "retransmit list limits.\n"); + prev = NULL; + while (entry->next) { + prev = entry; + entry = entry->next; + } + if (prev) { + prev->next = NULL; + radius_client_msg_free(entry); + } + } else + radius->num_msgs++; +} + + +static void radius_client_list_del(struct radius_client_data *radius, + RadiusType msg_type, const u8 *addr) +{ + struct radius_msg_list *entry, *prev, *tmp; + + if (addr == NULL) + return; + + entry = radius->msgs; + prev = NULL; + while (entry) { + if (entry->msg_type == msg_type && + os_memcmp(entry->addr, addr, ETH_ALEN) == 0) { + if (prev) + prev->next = entry->next; + else + radius->msgs = entry->next; + tmp = entry; + entry = entry->next; + hostapd_logger(radius->ctx, addr, + HOSTAPD_MODULE_RADIUS, + HOSTAPD_LEVEL_DEBUG, + "Removing matching RADIUS message"); + radius_client_msg_free(tmp); + radius->num_msgs--; + continue; + } + prev = entry; + entry = entry->next; + } +} + + +int radius_client_send(struct radius_client_data *radius, + struct radius_msg *msg, RadiusType msg_type, + const u8 *addr) +{ + struct hostapd_radius_servers *conf = radius->conf; + u8 *shared_secret; + size_t shared_secret_len; + char *name; + int s, res; + + if (msg_type == RADIUS_ACCT_INTERIM) { + /* Remove any pending interim acct update for the same STA. */ + radius_client_list_del(radius, msg_type, addr); + } + + if (msg_type == RADIUS_ACCT || msg_type == RADIUS_ACCT_INTERIM) { + shared_secret = conf->acct_server->shared_secret; + shared_secret_len = conf->acct_server->shared_secret_len; + radius_msg_finish_acct(msg, shared_secret, shared_secret_len); + name = "accounting"; + s = radius->acct_sock; + conf->acct_server->requests++; + } else { + shared_secret = conf->auth_server->shared_secret; + shared_secret_len = conf->auth_server->shared_secret_len; + radius_msg_finish(msg, shared_secret, shared_secret_len); + name = "authentication"; + s = radius->auth_sock; + conf->auth_server->requests++; + } + + hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS, + HOSTAPD_LEVEL_DEBUG, "Sending RADIUS message to %s " + "server", name); + if (conf->msg_dumps) + radius_msg_dump(msg); + + res = send(s, msg->buf, msg->buf_used, 0); + if (res < 0) + radius_client_handle_send_error(radius, s, msg_type); + + radius_client_list_add(radius, msg, msg_type, shared_secret, + shared_secret_len, addr); + + return res; +} + + +static void radius_client_receive(int sock, void *eloop_ctx, void *sock_ctx) +{ + struct radius_client_data *radius = eloop_ctx; + struct hostapd_radius_servers *conf = radius->conf; + RadiusType msg_type = (RadiusType) sock_ctx; + int len, roundtrip; + unsigned char buf[3000]; + struct radius_msg *msg; + struct radius_rx_handler *handlers; + size_t num_handlers, i; + struct radius_msg_list *req, *prev_req; + struct os_time now; + struct hostapd_radius_server *rconf; + int invalid_authenticator = 0; + + if (msg_type == RADIUS_ACCT) { + handlers = radius->acct_handlers; + num_handlers = radius->num_acct_handlers; + rconf = conf->acct_server; + } else { + handlers = radius->auth_handlers; + num_handlers = radius->num_auth_handlers; + rconf = conf->auth_server; + } + + len = recv(sock, buf, sizeof(buf), MSG_DONTWAIT); + if (len < 0) { + perror("recv[RADIUS]"); + return; + } + hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS, + HOSTAPD_LEVEL_DEBUG, "Received %d bytes from RADIUS " + "server", len); + if (len == sizeof(buf)) { + printf("Possibly too long UDP frame for our buffer - " + "dropping it\n"); + return; + } + + msg = radius_msg_parse(buf, len); + if (msg == NULL) { + printf("Parsing incoming RADIUS frame failed\n"); + rconf->malformed_responses++; + return; + } + + hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS, + HOSTAPD_LEVEL_DEBUG, "Received RADIUS message"); + if (conf->msg_dumps) + radius_msg_dump(msg); + + switch (msg->hdr->code) { + case RADIUS_CODE_ACCESS_ACCEPT: + rconf->access_accepts++; + break; + case RADIUS_CODE_ACCESS_REJECT: + rconf->access_rejects++; + break; + case RADIUS_CODE_ACCESS_CHALLENGE: + rconf->access_challenges++; + break; + case RADIUS_CODE_ACCOUNTING_RESPONSE: + rconf->responses++; + break; + } + + prev_req = NULL; + req = radius->msgs; + while (req) { + /* TODO: also match by src addr:port of the packet when using + * alternative RADIUS servers (?) */ + if ((req->msg_type == msg_type || + (req->msg_type == RADIUS_ACCT_INTERIM && + msg_type == RADIUS_ACCT)) && + req->msg->hdr->identifier == msg->hdr->identifier) + break; + + prev_req = req; + req = req->next; + } + + if (req == NULL) { + hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS, + HOSTAPD_LEVEL_DEBUG, + "No matching RADIUS request found (type=%d " + "id=%d) - dropping packet", + msg_type, msg->hdr->identifier); + goto fail; + } + + os_get_time(&now); + roundtrip = (now.sec - req->last_attempt.sec) * 100 + + (now.usec - req->last_attempt.usec) / 10000; + hostapd_logger(radius->ctx, req->addr, HOSTAPD_MODULE_RADIUS, + HOSTAPD_LEVEL_DEBUG, + "Received RADIUS packet matched with a pending " + "request, round trip time %d.%02d sec", + roundtrip / 100, roundtrip % 100); + rconf->round_trip_time = roundtrip; + + /* Remove ACKed RADIUS packet from retransmit list */ + if (prev_req) + prev_req->next = req->next; + else + radius->msgs = req->next; + radius->num_msgs--; + + for (i = 0; i < num_handlers; i++) { + RadiusRxResult res; + res = handlers[i].handler(msg, req->msg, req->shared_secret, + req->shared_secret_len, + handlers[i].data); + switch (res) { + case RADIUS_RX_PROCESSED: + radius_msg_free(msg); + os_free(msg); + /* continue */ + case RADIUS_RX_QUEUED: + radius_client_msg_free(req); + return; + case RADIUS_RX_INVALID_AUTHENTICATOR: + invalid_authenticator++; + /* continue */ + case RADIUS_RX_UNKNOWN: + /* continue with next handler */ + break; + } + } + + if (invalid_authenticator) + rconf->bad_authenticators++; + else + rconf->unknown_types++; + hostapd_logger(radius->ctx, req->addr, HOSTAPD_MODULE_RADIUS, + HOSTAPD_LEVEL_DEBUG, "No RADIUS RX handler found " + "(type=%d code=%d id=%d)%s - dropping packet", + msg_type, msg->hdr->code, msg->hdr->identifier, + invalid_authenticator ? " [INVALID AUTHENTICATOR]" : + ""); + radius_client_msg_free(req); + + fail: + radius_msg_free(msg); + os_free(msg); +} + + +u8 radius_client_get_id(struct radius_client_data *radius) +{ + struct radius_msg_list *entry, *prev, *_remove; + u8 id = radius->next_radius_identifier++; + + /* remove entries with matching id from retransmit list to avoid + * using new reply from the RADIUS server with an old request */ + entry = radius->msgs; + prev = NULL; + while (entry) { + if (entry->msg->hdr->identifier == id) { + hostapd_logger(radius->ctx, entry->addr, + HOSTAPD_MODULE_RADIUS, + HOSTAPD_LEVEL_DEBUG, + "Removing pending RADIUS message, " + "since its id (%d) is reused", id); + if (prev) + prev->next = entry->next; + else + radius->msgs = entry->next; + _remove = entry; + } else { + _remove = NULL; + prev = entry; + } + entry = entry->next; + + if (_remove) + radius_client_msg_free(_remove); + } + + return id; +} + + +void radius_client_flush(struct radius_client_data *radius, int only_auth) +{ + struct radius_msg_list *entry, *prev, *tmp; + + if (!radius) + return; + + prev = NULL; + entry = radius->msgs; + + while (entry) { + if (!only_auth || entry->msg_type == RADIUS_AUTH) { + if (prev) + prev->next = entry->next; + else + radius->msgs = entry->next; + + tmp = entry; + entry = entry->next; + radius_client_msg_free(tmp); + radius->num_msgs--; + } else { + prev = entry; + entry = entry->next; + } + } + + if (radius->msgs == NULL) + eloop_cancel_timeout(radius_client_timer, radius, NULL); +} + + +void radius_client_update_acct_msgs(struct radius_client_data *radius, + u8 *shared_secret, + size_t shared_secret_len) +{ + struct radius_msg_list *entry; + + if (!radius) + return; + + for (entry = radius->msgs; entry; entry = entry->next) { + if (entry->msg_type == RADIUS_ACCT) { + entry->shared_secret = shared_secret; + entry->shared_secret_len = shared_secret_len; + radius_msg_finish_acct(entry->msg, shared_secret, + shared_secret_len); + } + } +} + + +static int +radius_change_server(struct radius_client_data *radius, + struct hostapd_radius_server *nserv, + struct hostapd_radius_server *oserv, + int sock, int sock6, int auth) +{ + struct sockaddr_in serv; +#ifdef CONFIG_IPV6 + struct sockaddr_in6 serv6; +#endif /* CONFIG_IPV6 */ + struct sockaddr *addr; + socklen_t addrlen; + char abuf[50]; + int sel_sock; + struct radius_msg_list *entry; + + hostapd_logger(radius->ctx, NULL, HOSTAPD_MODULE_RADIUS, + HOSTAPD_LEVEL_INFO, + "%s server %s:%d", + auth ? "Authentication" : "Accounting", + hostapd_ip_txt(&nserv->addr, abuf, sizeof(abuf)), + nserv->port); + + if (!oserv || nserv->shared_secret_len != oserv->shared_secret_len || + os_memcmp(nserv->shared_secret, oserv->shared_secret, + nserv->shared_secret_len) != 0) { + /* Pending RADIUS packets used different shared secret, so + * they need to be modified. Update accounting message + * authenticators here. Authentication messages are removed + * since they would require more changes and the new RADIUS + * server may not be prepared to receive them anyway due to + * missing state information. Client will likely retry + * authentication, so this should not be an issue. */ + if (auth) + radius_client_flush(radius, 1); + else { + radius_client_update_acct_msgs( + radius, nserv->shared_secret, + nserv->shared_secret_len); + } + } + + /* Reset retry counters for the new server */ + for (entry = radius->msgs; entry; entry = entry->next) { + if ((auth && entry->msg_type != RADIUS_AUTH) || + (!auth && entry->msg_type != RADIUS_ACCT)) + continue; + entry->next_try = entry->first_try + RADIUS_CLIENT_FIRST_WAIT; + entry->attempts = 0; + entry->next_wait = RADIUS_CLIENT_FIRST_WAIT * 2; + } + + if (radius->msgs) { + eloop_cancel_timeout(radius_client_timer, radius, NULL); + eloop_register_timeout(RADIUS_CLIENT_FIRST_WAIT, 0, + radius_client_timer, radius, NULL); + } + + switch (nserv->addr.af) { + case AF_INET: + os_memset(&serv, 0, sizeof(serv)); + serv.sin_family = AF_INET; + serv.sin_addr.s_addr = nserv->addr.u.v4.s_addr; + serv.sin_port = htons(nserv->port); + addr = (struct sockaddr *) &serv; + addrlen = sizeof(serv); + sel_sock = sock; + break; +#ifdef CONFIG_IPV6 + case AF_INET6: + os_memset(&serv6, 0, sizeof(serv6)); + serv6.sin6_family = AF_INET6; + os_memcpy(&serv6.sin6_addr, &nserv->addr.u.v6, + sizeof(struct in6_addr)); + serv6.sin6_port = htons(nserv->port); + addr = (struct sockaddr *) &serv6; + addrlen = sizeof(serv6); + sel_sock = sock6; + break; +#endif /* CONFIG_IPV6 */ + default: + return -1; + } + + if (connect(sel_sock, addr, addrlen) < 0) { + perror("connect[radius]"); + return -1; + } + + if (auth) + radius->auth_sock = sel_sock; + else + radius->acct_sock = sel_sock; + + return 0; +} + + +static void radius_retry_primary_timer(void *eloop_ctx, void *timeout_ctx) +{ + struct radius_client_data *radius = eloop_ctx; + struct hostapd_radius_servers *conf = radius->conf; + struct hostapd_radius_server *oserv; + + if (radius->auth_sock >= 0 && conf->auth_servers && + conf->auth_server != conf->auth_servers) { + oserv = conf->auth_server; + conf->auth_server = conf->auth_servers; + radius_change_server(radius, conf->auth_server, oserv, + radius->auth_serv_sock, + radius->auth_serv_sock6, 1); + } + + if (radius->acct_sock >= 0 && conf->acct_servers && + conf->acct_server != conf->acct_servers) { + oserv = conf->acct_server; + conf->acct_server = conf->acct_servers; + radius_change_server(radius, conf->acct_server, oserv, + radius->acct_serv_sock, + radius->acct_serv_sock6, 0); + } + + if (conf->retry_primary_interval) + eloop_register_timeout(conf->retry_primary_interval, 0, + radius_retry_primary_timer, radius, + NULL); +} + + +static int radius_client_init_auth(struct radius_client_data *radius) +{ + struct hostapd_radius_servers *conf = radius->conf; + int ok = 0; + + radius->auth_serv_sock = socket(PF_INET, SOCK_DGRAM, 0); + if (radius->auth_serv_sock < 0) + perror("socket[PF_INET,SOCK_DGRAM]"); + else + ok++; + +#ifdef CONFIG_IPV6 + radius->auth_serv_sock6 = socket(PF_INET6, SOCK_DGRAM, 0); + if (radius->auth_serv_sock6 < 0) + perror("socket[PF_INET6,SOCK_DGRAM]"); + else + ok++; +#endif /* CONFIG_IPV6 */ + + if (ok == 0) + return -1; + + radius_change_server(radius, conf->auth_server, NULL, + radius->auth_serv_sock, radius->auth_serv_sock6, + 1); + + if (radius->auth_serv_sock >= 0 && + eloop_register_read_sock(radius->auth_serv_sock, + radius_client_receive, radius, + (void *) RADIUS_AUTH)) { + printf("Could not register read socket for authentication " + "server\n"); + return -1; + } + +#ifdef CONFIG_IPV6 + if (radius->auth_serv_sock6 >= 0 && + eloop_register_read_sock(radius->auth_serv_sock6, + radius_client_receive, radius, + (void *) RADIUS_AUTH)) { + printf("Could not register read socket for authentication " + "server\n"); + return -1; + } +#endif /* CONFIG_IPV6 */ + + return 0; +} + + +static int radius_client_init_acct(struct radius_client_data *radius) +{ + struct hostapd_radius_servers *conf = radius->conf; + int ok = 0; + + radius->acct_serv_sock = socket(PF_INET, SOCK_DGRAM, 0); + if (radius->acct_serv_sock < 0) + perror("socket[PF_INET,SOCK_DGRAM]"); + else + ok++; + +#ifdef CONFIG_IPV6 + radius->acct_serv_sock6 = socket(PF_INET6, SOCK_DGRAM, 0); + if (radius->acct_serv_sock6 < 0) + perror("socket[PF_INET6,SOCK_DGRAM]"); + else + ok++; +#endif /* CONFIG_IPV6 */ + + if (ok == 0) + return -1; + + radius_change_server(radius, conf->acct_server, NULL, + radius->acct_serv_sock, radius->acct_serv_sock6, + 0); + + if (radius->acct_serv_sock >= 0 && + eloop_register_read_sock(radius->acct_serv_sock, + radius_client_receive, radius, + (void *) RADIUS_ACCT)) { + printf("Could not register read socket for accounting " + "server\n"); + return -1; + } + +#ifdef CONFIG_IPV6 + if (radius->acct_serv_sock6 >= 0 && + eloop_register_read_sock(radius->acct_serv_sock6, + radius_client_receive, radius, + (void *) RADIUS_ACCT)) { + printf("Could not register read socket for accounting " + "server\n"); + return -1; + } +#endif /* CONFIG_IPV6 */ + + return 0; +} + + +struct radius_client_data * +radius_client_init(void *ctx, struct hostapd_radius_servers *conf) +{ + struct radius_client_data *radius; + + radius = wpa_zalloc(sizeof(struct radius_client_data)); + if (radius == NULL) + return NULL; + + radius->ctx = ctx; + radius->conf = conf; + radius->auth_serv_sock = radius->acct_serv_sock = + radius->auth_serv_sock6 = radius->acct_serv_sock6 = + radius->auth_sock = radius->acct_sock = -1; + + if (conf->auth_server && radius_client_init_auth(radius)) { + radius_client_deinit(radius); + return NULL; + } + + if (conf->acct_server && radius_client_init_acct(radius)) { + radius_client_deinit(radius); + return NULL; + } + + if (conf->retry_primary_interval) + eloop_register_timeout(conf->retry_primary_interval, 0, + radius_retry_primary_timer, radius, + NULL); + + return radius; +} + + +void radius_client_deinit(struct radius_client_data *radius) +{ + if (!radius) + return; + + if (radius->auth_serv_sock >= 0) + eloop_unregister_read_sock(radius->auth_serv_sock); + if (radius->acct_serv_sock >= 0) + eloop_unregister_read_sock(radius->acct_serv_sock); + + eloop_cancel_timeout(radius_retry_primary_timer, radius, NULL); + + radius_client_flush(radius, 0); + os_free(radius->auth_handlers); + os_free(radius->acct_handlers); + os_free(radius); +} + + +void radius_client_flush_auth(struct radius_client_data *radius, u8 *addr) +{ + struct radius_msg_list *entry, *prev, *tmp; + + prev = NULL; + entry = radius->msgs; + while (entry) { + if (entry->msg_type == RADIUS_AUTH && + os_memcmp(entry->addr, addr, ETH_ALEN) == 0) { + hostapd_logger(radius->ctx, addr, + HOSTAPD_MODULE_RADIUS, + HOSTAPD_LEVEL_DEBUG, + "Removing pending RADIUS authentication" + " message for removed client"); + + if (prev) + prev->next = entry->next; + else + radius->msgs = entry->next; + + tmp = entry; + entry = entry->next; + radius_client_msg_free(tmp); + radius->num_msgs--; + continue; + } + + prev = entry; + entry = entry->next; + } +} + + +static int radius_client_dump_auth_server(char *buf, size_t buflen, + struct hostapd_radius_server *serv, + struct radius_client_data *cli) +{ + int pending = 0; + struct radius_msg_list *msg; + char abuf[50]; + + if (cli) { + for (msg = cli->msgs; msg; msg = msg->next) { + if (msg->msg_type == RADIUS_AUTH) + pending++; + } + } + + return os_snprintf(buf, buflen, + "radiusAuthServerIndex=%d\n" + "radiusAuthServerAddress=%s\n" + "radiusAuthClientServerPortNumber=%d\n" + "radiusAuthClientRoundTripTime=%d\n" + "radiusAuthClientAccessRequests=%u\n" + "radiusAuthClientAccessRetransmissions=%u\n" + "radiusAuthClientAccessAccepts=%u\n" + "radiusAuthClientAccessRejects=%u\n" + "radiusAuthClientAccessChallenges=%u\n" + "radiusAuthClientMalformedAccessResponses=%u\n" + "radiusAuthClientBadAuthenticators=%u\n" + "radiusAuthClientPendingRequests=%u\n" + "radiusAuthClientTimeouts=%u\n" + "radiusAuthClientUnknownTypes=%u\n" + "radiusAuthClientPacketsDropped=%u\n", + serv->index, + hostapd_ip_txt(&serv->addr, abuf, sizeof(abuf)), + serv->port, + serv->round_trip_time, + serv->requests, + serv->retransmissions, + serv->access_accepts, + serv->access_rejects, + serv->access_challenges, + serv->malformed_responses, + serv->bad_authenticators, + pending, + serv->timeouts, + serv->unknown_types, + serv->packets_dropped); +} + + +static int radius_client_dump_acct_server(char *buf, size_t buflen, + struct hostapd_radius_server *serv, + struct radius_client_data *cli) +{ + int pending = 0; + struct radius_msg_list *msg; + char abuf[50]; + + if (cli) { + for (msg = cli->msgs; msg; msg = msg->next) { + if (msg->msg_type == RADIUS_ACCT || + msg->msg_type == RADIUS_ACCT_INTERIM) + pending++; + } + } + + return os_snprintf(buf, buflen, + "radiusAccServerIndex=%d\n" + "radiusAccServerAddress=%s\n" + "radiusAccClientServerPortNumber=%d\n" + "radiusAccClientRoundTripTime=%d\n" + "radiusAccClientRequests=%u\n" + "radiusAccClientRetransmissions=%u\n" + "radiusAccClientResponses=%u\n" + "radiusAccClientMalformedResponses=%u\n" + "radiusAccClientBadAuthenticators=%u\n" + "radiusAccClientPendingRequests=%u\n" + "radiusAccClientTimeouts=%u\n" + "radiusAccClientUnknownTypes=%u\n" + "radiusAccClientPacketsDropped=%u\n", + serv->index, + hostapd_ip_txt(&serv->addr, abuf, sizeof(abuf)), + serv->port, + serv->round_trip_time, + serv->requests, + serv->retransmissions, + serv->responses, + serv->malformed_responses, + serv->bad_authenticators, + pending, + serv->timeouts, + serv->unknown_types, + serv->packets_dropped); +} + + +int radius_client_get_mib(struct radius_client_data *radius, char *buf, + size_t buflen) +{ + struct hostapd_radius_servers *conf = radius->conf; + int i; + struct hostapd_radius_server *serv; + int count = 0; + + if (conf->auth_servers) { + for (i = 0; i < conf->num_auth_servers; i++) { + serv = &conf->auth_servers[i]; + count += radius_client_dump_auth_server( + buf + count, buflen - count, serv, + serv == conf->auth_server ? + radius : NULL); + } + } + + if (conf->acct_servers) { + for (i = 0; i < conf->num_acct_servers; i++) { + serv = &conf->acct_servers[i]; + count += radius_client_dump_acct_server( + buf + count, buflen - count, serv, + serv == conf->acct_server ? + radius : NULL); + } + } + + return count; +} + + +static int radius_servers_diff(struct hostapd_radius_server *nserv, + struct hostapd_radius_server *oserv, + int num) +{ + int i; + + for (i = 0; i < num; i++) { + if (hostapd_ip_diff(&nserv[i].addr, &oserv[i].addr) || + nserv[i].port != oserv[i].port || + nserv[i].shared_secret_len != oserv[i].shared_secret_len || + memcmp(nserv[i].shared_secret, oserv[i].shared_secret, + nserv[i].shared_secret_len) != 0) + return 1; + } + + return 0; +} + + +struct radius_client_data * +radius_client_reconfig(struct radius_client_data *old, void *ctx, + struct hostapd_radius_servers *oldconf, + struct hostapd_radius_servers *newconf) +{ + radius_client_flush(old, 0); + + if (newconf->retry_primary_interval != + oldconf->retry_primary_interval || + newconf->num_auth_servers != oldconf->num_auth_servers || + newconf->num_acct_servers != oldconf->num_acct_servers || + radius_servers_diff(newconf->auth_servers, oldconf->auth_servers, + newconf->num_auth_servers) || + radius_servers_diff(newconf->acct_servers, oldconf->acct_servers, + newconf->num_acct_servers)) { + hostapd_logger(ctx, NULL, HOSTAPD_MODULE_RADIUS, + HOSTAPD_LEVEL_DEBUG, + "Reconfiguring RADIUS client"); + radius_client_deinit(old); + return radius_client_init(ctx, newconf); + } + + return old; +} diff --git a/contrib/hostapd-0.5.8/radius_client.h b/contrib/hostapd-0.5.8/radius_client.h new file mode 100644 index 0000000000..df1ba1f9b2 --- /dev/null +++ b/contrib/hostapd-0.5.8/radius_client.h @@ -0,0 +1,105 @@ +/* + * hostapd / RADIUS client + * Copyright (c) 2002-2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef RADIUS_CLIENT_H +#define RADIUS_CLIENT_H + +#include "config_types.h" + +struct radius_msg; + +struct hostapd_radius_server { + /* MIB prefix for shared variables: + * @ = radiusAuth or radiusAcc depending on the type of the server */ + struct hostapd_ip_addr addr; /* @ServerAddress */ + int port; /* @ClientServerPortNumber */ + u8 *shared_secret; + size_t shared_secret_len; + + /* Dynamic (not from configuration file) MIB data */ + int index; /* @ServerIndex */ + int round_trip_time; /* @ClientRoundTripTime; in hundredths of a + * second */ + u32 requests; /* @Client{Access,}Requests */ + u32 retransmissions; /* @Client{Access,}Retransmissions */ + u32 access_accepts; /* radiusAuthClientAccessAccepts */ + u32 access_rejects; /* radiusAuthClientAccessRejects */ + u32 access_challenges; /* radiusAuthClientAccessChallenges */ + u32 responses; /* radiusAccClientResponses */ + u32 malformed_responses; /* @ClientMalformed{Access,}Responses */ + u32 bad_authenticators; /* @ClientBadAuthenticators */ + u32 timeouts; /* @ClientTimeouts */ + u32 unknown_types; /* @ClientUnknownTypes */ + u32 packets_dropped; /* @ClientPacketsDropped */ + /* @ClientPendingRequests: length of hapd->radius->msgs for matching + * msg_type */ +}; + +struct hostapd_radius_servers { + /* RADIUS Authentication and Accounting servers in priority order */ + struct hostapd_radius_server *auth_servers, *auth_server; + int num_auth_servers; + struct hostapd_radius_server *acct_servers, *acct_server; + int num_acct_servers; + + int retry_primary_interval; + int acct_interim_interval; + + int msg_dumps; +}; + + +typedef enum { + RADIUS_AUTH, + RADIUS_ACCT, + RADIUS_ACCT_INTERIM /* used only with radius_client_send(); just like + * RADIUS_ACCT, but removes any pending interim + * RADIUS Accounting packages for the same STA + * before sending the new interim update */ +} RadiusType; + +typedef enum { + RADIUS_RX_PROCESSED, + RADIUS_RX_QUEUED, + RADIUS_RX_UNKNOWN, + RADIUS_RX_INVALID_AUTHENTICATOR +} RadiusRxResult; + +struct radius_client_data; + +int radius_client_register(struct radius_client_data *radius, + RadiusType msg_type, + RadiusRxResult (*handler) + (struct radius_msg *msg, struct radius_msg *req, + u8 *shared_secret, size_t shared_secret_len, + void *data), + void *data); +int radius_client_send(struct radius_client_data *radius, + struct radius_msg *msg, + RadiusType msg_type, const u8 *addr); +u8 radius_client_get_id(struct radius_client_data *radius); + +void radius_client_flush(struct radius_client_data *radius, int only_auth); +struct radius_client_data * +radius_client_init(void *ctx, struct hostapd_radius_servers *conf); +void radius_client_deinit(struct radius_client_data *radius); +void radius_client_flush_auth(struct radius_client_data *radius, u8 *addr); +int radius_client_get_mib(struct radius_client_data *radius, char *buf, + size_t buflen); +struct radius_client_data * +radius_client_reconfig(struct radius_client_data *old, void *ctx, + struct hostapd_radius_servers *oldconf, + struct hostapd_radius_servers *newconf); + +#endif /* RADIUS_CLIENT_H */ diff --git a/contrib/hostapd-0.5.8/radius_server.c b/contrib/hostapd-0.5.8/radius_server.c new file mode 100644 index 0000000000..bb78f75164 --- /dev/null +++ b/contrib/hostapd-0.5.8/radius_server.c @@ -0,0 +1,1352 @@ +/* + * hostapd / RADIUS authentication server + * Copyright (c) 2005-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" +#include + +#include "common.h" +#include "radius.h" +#include "eloop.h" +#include "config.h" +#include "eap.h" +#include "radius_server.h" + +#define RADIUS_SESSION_TIMEOUT 60 +#define RADIUS_MAX_SESSION 100 +#define RADIUS_MAX_MSG_LEN 3000 + +static struct eapol_callbacks radius_server_eapol_cb; + +struct radius_client; +struct radius_server_data; + +struct radius_server_counters { + u32 access_requests; + u32 invalid_requests; + u32 dup_access_requests; + u32 access_accepts; + u32 access_rejects; + u32 access_challenges; + u32 malformed_access_requests; + u32 bad_authenticators; + u32 packets_dropped; + u32 unknown_types; +}; + +struct radius_session { + struct radius_session *next; + struct radius_client *client; + struct radius_server_data *server; + unsigned int sess_id; + struct eap_sm *eap; + u8 *eapKeyData, *eapReqData; + size_t eapKeyDataLen, eapReqDataLen; + Boolean eapSuccess, eapRestart, eapFail, eapResp, eapReq, eapNoReq; + Boolean portEnabled, eapTimeout; + + struct radius_msg *last_msg; + char *last_from_addr; + int last_from_port; + struct sockaddr_storage last_from; + socklen_t last_fromlen; + u8 last_identifier; + struct radius_msg *last_reply; + u8 last_authenticator[16]; +}; + +struct radius_client { + struct radius_client *next; + struct in_addr addr; + struct in_addr mask; +#ifdef CONFIG_IPV6 + struct in6_addr addr6; + struct in6_addr mask6; +#endif /* CONFIG_IPV6 */ + char *shared_secret; + int shared_secret_len; + struct radius_session *sessions; + struct radius_server_counters counters; +}; + +struct radius_server_data { + int auth_sock; + struct radius_client *clients; + unsigned int next_sess_id; + void *hostapd_conf; + int num_sess; + void *eap_sim_db_priv; + void *ssl_ctx; + int ipv6; + struct os_time start_time; + struct radius_server_counters counters; +}; + + +extern int wpa_debug_level; + +#define RADIUS_DEBUG(args...) \ +wpa_printf(MSG_DEBUG, "RADIUS SRV: " args) +#define RADIUS_ERROR(args...) \ +wpa_printf(MSG_ERROR, "RADIUS SRV: " args) +#define RADIUS_DUMP(args...) \ +wpa_hexdump(MSG_MSGDUMP, "RADIUS SRV: " args) +#define RADIUS_DUMP_ASCII(args...) \ +wpa_hexdump_ascii(MSG_MSGDUMP, "RADIUS SRV: " args) + + +static void radius_server_session_timeout(void *eloop_ctx, void *timeout_ctx); + + + +static struct radius_client * +radius_server_get_client(struct radius_server_data *data, struct in_addr *addr, + int ipv6) +{ + struct radius_client *client = data->clients; + + while (client) { +#ifdef CONFIG_IPV6 + if (ipv6) { + struct in6_addr *addr6; + int i; + + addr6 = (struct in6_addr *) addr; + for (i = 0; i < 16; i++) { + if ((addr6->s6_addr[i] & + client->mask6.s6_addr[i]) != + (client->addr6.s6_addr[i] & + client->mask6.s6_addr[i])) { + i = 17; + break; + } + } + if (i == 16) { + break; + } + } +#endif /* CONFIG_IPV6 */ + if (!ipv6 && (client->addr.s_addr & client->mask.s_addr) == + (addr->s_addr & client->mask.s_addr)) { + break; + } + + client = client->next; + } + + return client; +} + + +static struct radius_session * +radius_server_get_session(struct radius_client *client, unsigned int sess_id) +{ + struct radius_session *sess = client->sessions; + + while (sess) { + if (sess->sess_id == sess_id) { + break; + } + sess = sess->next; + } + + return sess; +} + + +static void radius_server_session_free(struct radius_server_data *data, + struct radius_session *sess) +{ + eloop_cancel_timeout(radius_server_session_timeout, data, sess); + free(sess->eapKeyData); + free(sess->eapReqData); + eap_sm_deinit(sess->eap); + if (sess->last_msg) { + radius_msg_free(sess->last_msg); + free(sess->last_msg); + } + free(sess->last_from_addr); + if (sess->last_reply) { + radius_msg_free(sess->last_reply); + free(sess->last_reply); + } + free(sess); + data->num_sess--; +} + + +static void radius_server_session_remove_timeout(void *eloop_ctx, + void *timeout_ctx); + +static void radius_server_session_remove(struct radius_server_data *data, + struct radius_session *sess) +{ + struct radius_client *client = sess->client; + struct radius_session *session, *prev; + + eloop_cancel_timeout(radius_server_session_remove_timeout, data, sess); + + prev = NULL; + session = client->sessions; + while (session) { + if (session == sess) { + if (prev == NULL) { + client->sessions = sess->next; + } else { + prev->next = sess->next; + } + radius_server_session_free(data, sess); + break; + } + prev = session; + session = session->next; + } +} + + +static void radius_server_session_remove_timeout(void *eloop_ctx, + void *timeout_ctx) +{ + struct radius_server_data *data = eloop_ctx; + struct radius_session *sess = timeout_ctx; + RADIUS_DEBUG("Removing completed session 0x%x", sess->sess_id); + radius_server_session_remove(data, sess); +} + + +static void radius_server_session_timeout(void *eloop_ctx, void *timeout_ctx) +{ + struct radius_server_data *data = eloop_ctx; + struct radius_session *sess = timeout_ctx; + + RADIUS_DEBUG("Timing out authentication session 0x%x", sess->sess_id); + radius_server_session_remove(data, sess); +} + + +static struct radius_session * +radius_server_new_session(struct radius_server_data *data, + struct radius_client *client) +{ + struct radius_session *sess; + + if (data->num_sess >= RADIUS_MAX_SESSION) { + RADIUS_DEBUG("Maximum number of existing session - no room " + "for a new session"); + return NULL; + } + + sess = wpa_zalloc(sizeof(*sess)); + if (sess == NULL) + return NULL; + + sess->server = data; + sess->client = client; + sess->sess_id = data->next_sess_id++; + sess->next = client->sessions; + client->sessions = sess; + eloop_register_timeout(RADIUS_SESSION_TIMEOUT, 0, + radius_server_session_timeout, data, sess); + data->num_sess++; + return sess; +} + + +static struct radius_session * +radius_server_get_new_session(struct radius_server_data *data, + struct radius_client *client, + struct radius_msg *msg) +{ + u8 *user; + size_t user_len; + const struct hostapd_eap_user *eap_user; + int res; + struct radius_session *sess; + struct eap_config eap_conf; + + RADIUS_DEBUG("Creating a new session"); + + user = malloc(256); + if (user == NULL) { + return NULL; + } + res = radius_msg_get_attr(msg, RADIUS_ATTR_USER_NAME, user, 256); + if (res < 0 || res > 256) { + RADIUS_DEBUG("Could not get User-Name"); + free(user); + return NULL; + } + user_len = res; + RADIUS_DUMP_ASCII("User-Name", user, user_len); + + eap_user = hostapd_get_eap_user(data->hostapd_conf, user, user_len, 0); + free(user); + + if (eap_user) { + RADIUS_DEBUG("Matching user entry found"); + sess = radius_server_new_session(data, client); + if (sess == NULL) { + RADIUS_DEBUG("Failed to create a new session"); + return NULL; + } + } else { + RADIUS_DEBUG("User-Name not found from user database"); + return NULL; + } + + memset(&eap_conf, 0, sizeof(eap_conf)); + eap_conf.ssl_ctx = data->ssl_ctx; + eap_conf.eap_sim_db_priv = data->eap_sim_db_priv; + eap_conf.backend_auth = TRUE; + sess->eap = eap_sm_init(sess, &radius_server_eapol_cb, &eap_conf); + if (sess->eap == NULL) { + RADIUS_DEBUG("Failed to initialize EAP state machine for the " + "new session"); + radius_server_session_free(data, sess); + return NULL; + } + sess->eapRestart = TRUE; + sess->portEnabled = TRUE; + + RADIUS_DEBUG("New session 0x%x initialized", sess->sess_id); + + return sess; +} + + +static struct radius_msg * +radius_server_encapsulate_eap(struct radius_server_data *data, + struct radius_client *client, + struct radius_session *sess, + struct radius_msg *request) +{ + struct radius_msg *msg; + int code; + unsigned int sess_id; + + if (sess->eapFail) { + code = RADIUS_CODE_ACCESS_REJECT; + } else if (sess->eapSuccess) { + code = RADIUS_CODE_ACCESS_ACCEPT; + } else { + code = RADIUS_CODE_ACCESS_CHALLENGE; + } + + msg = radius_msg_new(code, request->hdr->identifier); + if (msg == NULL) { + RADIUS_DEBUG("Failed to allocate reply message"); + return NULL; + } + + sess_id = htonl(sess->sess_id); + if (code == RADIUS_CODE_ACCESS_CHALLENGE && + !radius_msg_add_attr(msg, RADIUS_ATTR_STATE, + (u8 *) &sess_id, sizeof(sess_id))) { + RADIUS_DEBUG("Failed to add State attribute"); + } + + if (sess->eapReqData && + !radius_msg_add_eap(msg, sess->eapReqData, sess->eapReqDataLen)) { + RADIUS_DEBUG("Failed to add EAP-Message attribute"); + } + + if (code == RADIUS_CODE_ACCESS_ACCEPT && sess->eapKeyData) { + int len; + if (sess->eapKeyDataLen > 64) { + len = 32; + } else { + len = sess->eapKeyDataLen / 2; + } + if (!radius_msg_add_mppe_keys(msg, request->hdr->authenticator, + (u8 *) client->shared_secret, + client->shared_secret_len, + sess->eapKeyData + len, len, + sess->eapKeyData, len)) { + RADIUS_DEBUG("Failed to add MPPE key attributes"); + } + } + + if (radius_msg_finish_srv(msg, (u8 *) client->shared_secret, + client->shared_secret_len, + request->hdr->authenticator) < 0) { + RADIUS_DEBUG("Failed to add Message-Authenticator attribute"); + } + + return msg; +} + + +static int radius_server_reject(struct radius_server_data *data, + struct radius_client *client, + struct radius_msg *request, + struct sockaddr *from, socklen_t fromlen, + const char *from_addr, int from_port) +{ + struct radius_msg *msg; + int ret = 0; + struct eap_hdr eapfail; + + RADIUS_DEBUG("Reject invalid request from %s:%d", + from_addr, from_port); + + msg = radius_msg_new(RADIUS_CODE_ACCESS_REJECT, + request->hdr->identifier); + if (msg == NULL) { + return -1; + } + + memset(&eapfail, 0, sizeof(eapfail)); + eapfail.code = EAP_CODE_FAILURE; + eapfail.identifier = 0; + eapfail.length = htons(sizeof(eapfail)); + + if (!radius_msg_add_eap(msg, (u8 *) &eapfail, sizeof(eapfail))) { + RADIUS_DEBUG("Failed to add EAP-Message attribute"); + } + + + if (radius_msg_finish_srv(msg, (u8 *) client->shared_secret, + client->shared_secret_len, + request->hdr->authenticator) < 0) { + RADIUS_DEBUG("Failed to add Message-Authenticator attribute"); + } + + if (wpa_debug_level <= MSG_MSGDUMP) { + radius_msg_dump(msg); + } + + data->counters.access_rejects++; + client->counters.access_rejects++; + if (sendto(data->auth_sock, msg->buf, msg->buf_used, 0, + (struct sockaddr *) from, sizeof(*from)) < 0) { + perror("sendto[RADIUS SRV]"); + ret = -1; + } + + radius_msg_free(msg); + free(msg); + + return ret; +} + + +static int radius_server_request(struct radius_server_data *data, + struct radius_msg *msg, + struct sockaddr *from, socklen_t fromlen, + struct radius_client *client, + const char *from_addr, int from_port, + struct radius_session *force_sess) +{ + u8 *eap = NULL; + size_t eap_len; + int res, state_included = 0; + u8 statebuf[4], resp_id; + unsigned int state; + struct radius_session *sess; + struct radius_msg *reply; + struct eap_hdr *hdr; + + if (force_sess) + sess = force_sess; + else { + res = radius_msg_get_attr(msg, RADIUS_ATTR_STATE, statebuf, + sizeof(statebuf)); + state_included = res >= 0; + if (res == sizeof(statebuf)) { + state = (statebuf[0] << 24) | (statebuf[1] << 16) | + (statebuf[2] << 8) | statebuf[3]; + sess = radius_server_get_session(client, state); + } else { + sess = NULL; + } + } + + if (sess) { + RADIUS_DEBUG("Request for session 0x%x", sess->sess_id); + } else if (state_included) { + RADIUS_DEBUG("State attribute included but no session found"); + radius_server_reject(data, client, msg, from, fromlen, + from_addr, from_port); + return -1; + } else { + sess = radius_server_get_new_session(data, client, msg); + if (sess == NULL) { + RADIUS_DEBUG("Could not create a new session"); + radius_server_reject(data, client, msg, from, fromlen, + from_addr, from_port); + return -1; + } + } + + if (sess->last_from_port == from_port && + sess->last_identifier == msg->hdr->identifier && + os_memcmp(sess->last_authenticator, msg->hdr->authenticator, 16) == + 0) { + RADIUS_DEBUG("Duplicate message from %s", from_addr); + data->counters.dup_access_requests++; + client->counters.dup_access_requests++; + + if (sess->last_reply) { + res = sendto(data->auth_sock, sess->last_reply->buf, + sess->last_reply->buf_used, 0, + (struct sockaddr *) from, fromlen); + if (res < 0) { + perror("sendto[RADIUS SRV]"); + } + return 0; + } + + RADIUS_DEBUG("No previous reply available for duplicate " + "message"); + return -1; + } + + eap = radius_msg_get_eap(msg, &eap_len); + if (eap == NULL) { + RADIUS_DEBUG("No EAP-Message in RADIUS packet from %s", + from_addr); + data->counters.packets_dropped++; + client->counters.packets_dropped++; + return -1; + } + + RADIUS_DUMP("Received EAP data", eap, eap_len); + if (eap_len >= sizeof(*hdr)) { + hdr = (struct eap_hdr *) eap; + resp_id = hdr->identifier; + } else { + resp_id = 0; + } + + /* FIX: if Code is Request, Success, or Failure, send Access-Reject; + * RFC3579 Sect. 2.6.2. + * Include EAP-Response/Nak with no preferred method if + * code == request. + * If code is not 1-4, discard the packet silently. + * Or is this already done by the EAP state machine? */ + + eap_set_eapRespData(sess->eap, eap, eap_len); + free(eap); + eap = NULL; + sess->eapResp = TRUE; + eap_sm_step(sess->eap); + + if (sess->eapReqData) { + RADIUS_DUMP("EAP data from the state machine", + sess->eapReqData, sess->eapReqDataLen); + } else if (sess->eapFail) { + RADIUS_DEBUG("No EAP data from the state machine, but eapFail " + "set - generate EAP-Failure"); + hdr = wpa_zalloc(sizeof(*hdr)); + if (hdr) { + hdr->identifier = resp_id; + hdr->length = htons(sizeof(*hdr)); + sess->eapReqData = (u8 *) hdr; + sess->eapReqDataLen = sizeof(*hdr); + } + } else if (eap_sm_method_pending(sess->eap)) { + if (sess->last_msg) { + radius_msg_free(sess->last_msg); + free(sess->last_msg); + } + sess->last_msg = msg; + sess->last_from_port = from_port; + free(sess->last_from_addr); + sess->last_from_addr = strdup(from_addr); + sess->last_fromlen = fromlen; + memcpy(&sess->last_from, from, fromlen); + return -2; + } else { + RADIUS_DEBUG("No EAP data from the state machine - ignore this" + " Access-Request silently (assuming it was a " + "duplicate)"); + data->counters.packets_dropped++; + client->counters.packets_dropped++; + return -1; + } + + reply = radius_server_encapsulate_eap(data, client, sess, msg); + + free(sess->eapReqData); + sess->eapReqData = NULL; + sess->eapReqDataLen = 0; + + if (reply) { + RADIUS_DEBUG("Reply to %s:%d", from_addr, from_port); + if (wpa_debug_level <= MSG_MSGDUMP) { + radius_msg_dump(reply); + } + + switch (reply->hdr->code) { + case RADIUS_CODE_ACCESS_ACCEPT: + data->counters.access_accepts++; + client->counters.access_accepts++; + break; + case RADIUS_CODE_ACCESS_REJECT: + data->counters.access_rejects++; + client->counters.access_rejects++; + break; + case RADIUS_CODE_ACCESS_CHALLENGE: + data->counters.access_challenges++; + client->counters.access_challenges++; + break; + } + res = sendto(data->auth_sock, reply->buf, reply->buf_used, 0, + (struct sockaddr *) from, fromlen); + if (res < 0) { + perror("sendto[RADIUS SRV]"); + } + if (sess->last_reply) { + radius_msg_free(sess->last_reply); + free(sess->last_reply); + } + sess->last_reply = reply; + sess->last_from_port = from_port; + sess->last_identifier = msg->hdr->identifier; + os_memcpy(sess->last_authenticator, msg->hdr->authenticator, + 16); + } else { + data->counters.packets_dropped++; + client->counters.packets_dropped++; + } + + if (sess->eapSuccess || sess->eapFail) { + RADIUS_DEBUG("Removing completed session 0x%x after timeout", + sess->sess_id); + eloop_cancel_timeout(radius_server_session_remove_timeout, + data, sess); + eloop_register_timeout(10, 0, + radius_server_session_remove_timeout, + data, sess); + } + + return 0; +} + + +static void radius_server_receive_auth(int sock, void *eloop_ctx, + void *sock_ctx) +{ + struct radius_server_data *data = eloop_ctx; + u8 *buf = NULL; + struct sockaddr_storage from; + socklen_t fromlen; + int len; + struct radius_client *client = NULL; + struct radius_msg *msg = NULL; + char abuf[50]; + int from_port = 0; + + buf = malloc(RADIUS_MAX_MSG_LEN); + if (buf == NULL) { + goto fail; + } + + fromlen = sizeof(from); + len = recvfrom(sock, buf, RADIUS_MAX_MSG_LEN, 0, + (struct sockaddr *) &from, &fromlen); + if (len < 0) { + perror("recvfrom[radius_server]"); + goto fail; + } + +#ifdef CONFIG_IPV6 + if (data->ipv6) { + struct sockaddr_in6 *from6 = (struct sockaddr_in6 *) &from; + if (inet_ntop(AF_INET6, &from6->sin6_addr, abuf, sizeof(abuf)) + == NULL) + abuf[0] = '\0'; + from_port = ntohs(from6->sin6_port); + RADIUS_DEBUG("Received %d bytes from %s:%d", + len, abuf, from_port); + + client = radius_server_get_client(data, + (struct in_addr *) + &from6->sin6_addr, 1); + } +#endif /* CONFIG_IPV6 */ + + if (!data->ipv6) { + struct sockaddr_in *from4 = (struct sockaddr_in *) &from; + snprintf(abuf, sizeof(abuf), "%s", inet_ntoa(from4->sin_addr)); + from_port = ntohs(from4->sin_port); + RADIUS_DEBUG("Received %d bytes from %s:%d", + len, abuf, from_port); + + client = radius_server_get_client(data, &from4->sin_addr, 0); + } + + RADIUS_DUMP("Received data", buf, len); + + if (client == NULL) { + RADIUS_DEBUG("Unknown client %s - packet ignored", abuf); + data->counters.invalid_requests++; + goto fail; + } + + msg = radius_msg_parse(buf, len); + if (msg == NULL) { + RADIUS_DEBUG("Parsing incoming RADIUS frame failed"); + data->counters.malformed_access_requests++; + client->counters.malformed_access_requests++; + goto fail; + } + + free(buf); + buf = NULL; + + if (wpa_debug_level <= MSG_MSGDUMP) { + radius_msg_dump(msg); + } + + if (msg->hdr->code != RADIUS_CODE_ACCESS_REQUEST) { + RADIUS_DEBUG("Unexpected RADIUS code %d", msg->hdr->code); + data->counters.unknown_types++; + client->counters.unknown_types++; + goto fail; + } + + data->counters.access_requests++; + client->counters.access_requests++; + + if (radius_msg_verify_msg_auth(msg, (u8 *) client->shared_secret, + client->shared_secret_len, NULL)) { + RADIUS_DEBUG("Invalid Message-Authenticator from %s", abuf); + data->counters.bad_authenticators++; + client->counters.bad_authenticators++; + goto fail; + } + + if (radius_server_request(data, msg, (struct sockaddr *) &from, + fromlen, client, abuf, from_port, NULL) == + -2) + return; /* msg was stored with the session */ + +fail: + if (msg) { + radius_msg_free(msg); + free(msg); + } + free(buf); +} + + +static int radius_server_open_socket(int port) +{ + int s; + struct sockaddr_in addr; + + s = socket(PF_INET, SOCK_DGRAM, 0); + if (s < 0) { + perror("socket"); + return -1; + } + + memset(&addr, 0, sizeof(addr)); + addr.sin_family = AF_INET; + addr.sin_port = htons(port); + if (bind(s, (struct sockaddr *) &addr, sizeof(addr)) < 0) { + perror("bind"); + close(s); + return -1; + } + + return s; +} + + +#ifdef CONFIG_IPV6 +static int radius_server_open_socket6(int port) +{ + int s; + struct sockaddr_in6 addr; + + s = socket(PF_INET6, SOCK_DGRAM, 0); + if (s < 0) { + perror("socket[IPv6]"); + return -1; + } + + memset(&addr, 0, sizeof(addr)); + addr.sin6_family = AF_INET6; + memcpy(&addr.sin6_addr, &in6addr_any, sizeof(in6addr_any)); + addr.sin6_port = htons(port); + if (bind(s, (struct sockaddr *) &addr, sizeof(addr)) < 0) { + perror("bind"); + close(s); + return -1; + } + + return s; +} +#endif /* CONFIG_IPV6 */ + + +static void radius_server_free_sessions(struct radius_server_data *data, + struct radius_session *sessions) +{ + struct radius_session *session, *prev; + + session = sessions; + while (session) { + prev = session; + session = session->next; + radius_server_session_free(data, prev); + } +} + + +static void radius_server_free_clients(struct radius_server_data *data, + struct radius_client *clients) +{ + struct radius_client *client, *prev; + + client = clients; + while (client) { + prev = client; + client = client->next; + + radius_server_free_sessions(data, prev->sessions); + free(prev->shared_secret); + free(prev); + } +} + + +static struct radius_client * +radius_server_read_clients(const char *client_file, int ipv6) +{ + FILE *f; + const int buf_size = 1024; + char *buf, *pos; + struct radius_client *clients, *tail, *entry; + int line = 0, mask, failed = 0, i; + struct in_addr addr; +#ifdef CONFIG_IPV6 + struct in6_addr addr6; +#endif /* CONFIG_IPV6 */ + unsigned int val; + + f = fopen(client_file, "r"); + if (f == NULL) { + RADIUS_ERROR("Could not open client file '%s'", client_file); + return NULL; + } + + buf = malloc(buf_size); + if (buf == NULL) { + fclose(f); + return NULL; + } + + clients = tail = NULL; + while (fgets(buf, buf_size, f)) { + /* Configuration file format: + * 192.168.1.0/24 secret + * 192.168.1.2 secret + * fe80::211:22ff:fe33:4455/64 secretipv6 + */ + line++; + buf[buf_size - 1] = '\0'; + pos = buf; + while (*pos != '\0' && *pos != '\n') + pos++; + if (*pos == '\n') + *pos = '\0'; + if (*buf == '\0' || *buf == '#') + continue; + + pos = buf; + while ((*pos >= '0' && *pos <= '9') || *pos == '.' || + (*pos >= 'a' && *pos <= 'f') || *pos == ':' || + (*pos >= 'A' && *pos <= 'F')) { + pos++; + } + + if (*pos == '\0') { + failed = 1; + break; + } + + if (*pos == '/') { + char *end; + *pos++ = '\0'; + mask = strtol(pos, &end, 10); + if ((pos == end) || + (mask < 0 || mask > (ipv6 ? 128 : 32))) { + failed = 1; + break; + } + pos = end; + } else { + mask = ipv6 ? 128 : 32; + *pos++ = '\0'; + } + + if (!ipv6 && inet_aton(buf, &addr) == 0) { + failed = 1; + break; + } +#ifdef CONFIG_IPV6 + if (ipv6 && inet_pton(AF_INET6, buf, &addr6) <= 0) { + if (inet_pton(AF_INET, buf, &addr) <= 0) { + failed = 1; + break; + } + /* Convert IPv4 address to IPv6 */ + if (mask <= 32) + mask += (128 - 32); + memset(addr6.s6_addr, 0, 10); + addr6.s6_addr[10] = 0xff; + addr6.s6_addr[11] = 0xff; + memcpy(addr6.s6_addr + 12, (char *) &addr.s_addr, 4); + } +#endif /* CONFIG_IPV6 */ + + while (*pos == ' ' || *pos == '\t') { + pos++; + } + + if (*pos == '\0') { + failed = 1; + break; + } + + entry = wpa_zalloc(sizeof(*entry)); + if (entry == NULL) { + failed = 1; + break; + } + entry->shared_secret = strdup(pos); + if (entry->shared_secret == NULL) { + failed = 1; + free(entry); + break; + } + entry->shared_secret_len = strlen(entry->shared_secret); + entry->addr.s_addr = addr.s_addr; + if (!ipv6) { + val = 0; + for (i = 0; i < mask; i++) + val |= 1 << (31 - i); + entry->mask.s_addr = htonl(val); + } +#ifdef CONFIG_IPV6 + if (ipv6) { + int offset = mask / 8; + + memcpy(entry->addr6.s6_addr, addr6.s6_addr, 16); + memset(entry->mask6.s6_addr, 0xff, offset); + val = 0; + for (i = 0; i < (mask % 8); i++) + val |= 1 << (7 - i); + if (offset < 16) + entry->mask6.s6_addr[offset] = val; + } +#endif /* CONFIG_IPV6 */ + + if (tail == NULL) { + clients = tail = entry; + } else { + tail->next = entry; + tail = entry; + } + } + + if (failed) { + RADIUS_ERROR("Invalid line %d in '%s'", line, client_file); + radius_server_free_clients(NULL, clients); + clients = NULL; + } + + free(buf); + fclose(f); + + return clients; +} + + +struct radius_server_data * +radius_server_init(struct radius_server_conf *conf) +{ + struct radius_server_data *data; + +#ifndef CONFIG_IPV6 + if (conf->ipv6) { + fprintf(stderr, "RADIUS server compiled without IPv6 " + "support.\n"); + return NULL; + } +#endif /* CONFIG_IPV6 */ + + data = wpa_zalloc(sizeof(*data)); + if (data == NULL) + return NULL; + + os_get_time(&data->start_time); + data->hostapd_conf = conf->hostapd_conf; + data->eap_sim_db_priv = conf->eap_sim_db_priv; + data->ssl_ctx = conf->ssl_ctx; + data->ipv6 = conf->ipv6; + + data->clients = radius_server_read_clients(conf->client_file, + conf->ipv6); + if (data->clients == NULL) { + printf("No RADIUS clients configured.\n"); + radius_server_deinit(data); + return NULL; + } + +#ifdef CONFIG_IPV6 + if (conf->ipv6) + data->auth_sock = radius_server_open_socket6(conf->auth_port); + else +#endif /* CONFIG_IPV6 */ + data->auth_sock = radius_server_open_socket(conf->auth_port); + if (data->auth_sock < 0) { + printf("Failed to open UDP socket for RADIUS authentication " + "server\n"); + radius_server_deinit(data); + return NULL; + } + if (eloop_register_read_sock(data->auth_sock, + radius_server_receive_auth, + data, NULL)) { + radius_server_deinit(data); + return NULL; + } + + return data; +} + + +void radius_server_deinit(struct radius_server_data *data) +{ + if (data == NULL) + return; + + if (data->auth_sock >= 0) { + eloop_unregister_read_sock(data->auth_sock); + close(data->auth_sock); + } + + radius_server_free_clients(data, data->clients); + + free(data); +} + + +int radius_server_get_mib(struct radius_server_data *data, char *buf, + size_t buflen) +{ + int ret, uptime; + unsigned int idx; + char *end, *pos; + struct os_time now; + struct radius_client *cli; + + /* RFC 2619 - RADIUS Authentication Server MIB */ + + if (data == NULL || buflen == 0) + return 0; + + pos = buf; + end = buf + buflen; + + os_get_time(&now); + uptime = (now.sec - data->start_time.sec) * 100 + + ((now.usec - data->start_time.usec) / 10000) % 100; + ret = snprintf(pos, end - pos, + "RADIUS-AUTH-SERVER-MIB\n" + "radiusAuthServIdent=hostapd\n" + "radiusAuthServUpTime=%d\n" + "radiusAuthServResetTime=0\n" + "radiusAuthServConfigReset=4\n", + uptime); + if (ret < 0 || ret >= end - pos) { + *pos = '\0'; + return pos - buf; + } + pos += ret; + + ret = snprintf(pos, end - pos, + "radiusAuthServTotalAccessRequests=%u\n" + "radiusAuthServTotalInvalidRequests=%u\n" + "radiusAuthServTotalDupAccessRequests=%u\n" + "radiusAuthServTotalAccessAccepts=%u\n" + "radiusAuthServTotalAccessRejects=%u\n" + "radiusAuthServTotalAccessChallenges=%u\n" + "radiusAuthServTotalMalformedAccessRequests=%u\n" + "radiusAuthServTotalBadAuthenticators=%u\n" + "radiusAuthServTotalPacketsDropped=%u\n" + "radiusAuthServTotalUnknownTypes=%u\n", + data->counters.access_requests, + data->counters.invalid_requests, + data->counters.dup_access_requests, + data->counters.access_accepts, + data->counters.access_rejects, + data->counters.access_challenges, + data->counters.malformed_access_requests, + data->counters.bad_authenticators, + data->counters.packets_dropped, + data->counters.unknown_types); + if (ret < 0 || ret >= end - pos) { + *pos = '\0'; + return pos - buf; + } + pos += ret; + + for (cli = data->clients, idx = 0; cli; cli = cli->next, idx++) { + char abuf[50], mbuf[50]; +#ifdef CONFIG_IPV6 + if (data->ipv6) { + if (inet_ntop(AF_INET6, &cli->addr6, abuf, + sizeof(abuf)) == NULL) + abuf[0] = '\0'; + if (inet_ntop(AF_INET6, &cli->mask6, abuf, + sizeof(mbuf)) == NULL) + mbuf[0] = '\0'; + } +#endif /* CONFIG_IPV6 */ + if (!data->ipv6) { + snprintf(abuf, sizeof(abuf), "%s", + inet_ntoa(cli->addr)); + snprintf(mbuf, sizeof(mbuf), "%s", + inet_ntoa(cli->mask)); + } + + ret = snprintf(pos, end - pos, + "radiusAuthClientIndex=%u\n" + "radiusAuthClientAddress=%s/%s\n" + "radiusAuthServAccessRequests=%u\n" + "radiusAuthServDupAccessRequests=%u\n" + "radiusAuthServAccessAccepts=%u\n" + "radiusAuthServAccessRejects=%u\n" + "radiusAuthServAccessChallenges=%u\n" + "radiusAuthServMalformedAccessRequests=%u\n" + "radiusAuthServBadAuthenticators=%u\n" + "radiusAuthServPacketsDropped=%u\n" + "radiusAuthServUnknownTypes=%u\n", + idx, + abuf, mbuf, + cli->counters.access_requests, + cli->counters.dup_access_requests, + cli->counters.access_accepts, + cli->counters.access_rejects, + cli->counters.access_challenges, + cli->counters.malformed_access_requests, + cli->counters.bad_authenticators, + cli->counters.packets_dropped, + cli->counters.unknown_types); + if (ret < 0 || ret >= end - pos) { + *pos = '\0'; + return pos - buf; + } + pos += ret; + } + + return pos - buf; +} + + +static Boolean radius_server_get_bool(void *ctx, enum eapol_bool_var variable) +{ + struct radius_session *sess = ctx; + if (sess == NULL) + return FALSE; + switch (variable) { + case EAPOL_eapSuccess: + return sess->eapSuccess; + case EAPOL_eapRestart: + return sess->eapRestart; + case EAPOL_eapFail: + return sess->eapFail; + case EAPOL_eapResp: + return sess->eapResp; + case EAPOL_eapReq: + return sess->eapReq; + case EAPOL_eapNoReq: + return sess->eapNoReq; + case EAPOL_portEnabled: + return sess->portEnabled; + case EAPOL_eapTimeout: + return sess->eapTimeout; + } + return FALSE; +} + + +static void radius_server_set_bool(void *ctx, enum eapol_bool_var variable, + Boolean value) +{ + struct radius_session *sess = ctx; + if (sess == NULL) + return; + switch (variable) { + case EAPOL_eapSuccess: + sess->eapSuccess = value; + break; + case EAPOL_eapRestart: + sess->eapRestart = value; + break; + case EAPOL_eapFail: + sess->eapFail = value; + break; + case EAPOL_eapResp: + sess->eapResp = value; + break; + case EAPOL_eapReq: + sess->eapReq = value; + break; + case EAPOL_eapNoReq: + sess->eapNoReq = value; + break; + case EAPOL_portEnabled: + sess->portEnabled = value; + break; + case EAPOL_eapTimeout: + sess->eapTimeout = value; + break; + } +} + + +static void radius_server_set_eapReqData(void *ctx, const u8 *eapReqData, + size_t eapReqDataLen) +{ + struct radius_session *sess = ctx; + if (sess == NULL) + return; + + free(sess->eapReqData); + sess->eapReqData = malloc(eapReqDataLen); + if (sess->eapReqData) { + memcpy(sess->eapReqData, eapReqData, eapReqDataLen); + sess->eapReqDataLen = eapReqDataLen; + } else { + sess->eapReqDataLen = 0; + } +} + + +static void radius_server_set_eapKeyData(void *ctx, const u8 *eapKeyData, + size_t eapKeyDataLen) +{ + struct radius_session *sess = ctx; + + if (sess == NULL) + return; + + free(sess->eapKeyData); + if (eapKeyData) { + sess->eapKeyData = malloc(eapKeyDataLen); + if (sess->eapKeyData) { + memcpy(sess->eapKeyData, eapKeyData, eapKeyDataLen); + sess->eapKeyDataLen = eapKeyDataLen; + } else { + sess->eapKeyDataLen = 0; + } + } else { + sess->eapKeyData = NULL; + sess->eapKeyDataLen = 0; + } +} + + +static int radius_server_get_eap_user(void *ctx, const u8 *identity, + size_t identity_len, int phase2, + struct eap_user *user) +{ + struct radius_session *sess = ctx; + const struct hostapd_eap_user *eap_user; + int i, count; + + eap_user = hostapd_get_eap_user(sess->server->hostapd_conf, identity, + identity_len, phase2); + if (eap_user == NULL) + return -1; + + memset(user, 0, sizeof(*user)); + count = EAP_USER_MAX_METHODS; + if (count > EAP_MAX_METHODS) + count = EAP_MAX_METHODS; + for (i = 0; i < count; i++) { + user->methods[i].vendor = eap_user->methods[i].vendor; + user->methods[i].method = eap_user->methods[i].method; + } + + if (eap_user->password) { + user->password = malloc(eap_user->password_len); + if (user->password == NULL) + return -1; + memcpy(user->password, eap_user->password, + eap_user->password_len); + user->password_len = eap_user->password_len; + user->password_hash = eap_user->password_hash; + } + user->force_version = eap_user->force_version; + + return 0; +} + + +static struct eapol_callbacks radius_server_eapol_cb = +{ + .get_bool = radius_server_get_bool, + .set_bool = radius_server_set_bool, + .set_eapReqData = radius_server_set_eapReqData, + .set_eapKeyData = radius_server_set_eapKeyData, + .get_eap_user = radius_server_get_eap_user, +}; + + +void radius_server_eap_pending_cb(struct radius_server_data *data, void *ctx) +{ + struct radius_client *cli; + struct radius_session *s, *sess = NULL; + struct radius_msg *msg; + + if (data == NULL) + return; + + for (cli = data->clients; cli; cli = cli->next) { + for (s = cli->sessions; s; s = s->next) { + if (s->eap == ctx && s->last_msg) { + sess = s; + break; + } + if (sess) + break; + } + if (sess) + break; + } + + if (sess == NULL) { + RADIUS_DEBUG("No session matched callback ctx"); + return; + } + + msg = sess->last_msg; + sess->last_msg = NULL; + eap_sm_pending_cb(sess->eap); + if (radius_server_request(data, msg, + (struct sockaddr *) &sess->last_from, + sess->last_fromlen, cli, + sess->last_from_addr, + sess->last_from_port, sess) == -2) + return; /* msg was stored with the session */ + + radius_msg_free(msg); + free(msg); +} diff --git a/contrib/hostapd-0.5.8/radius_server.h b/contrib/hostapd-0.5.8/radius_server.h new file mode 100644 index 0000000000..9c9315e607 --- /dev/null +++ b/contrib/hostapd-0.5.8/radius_server.h @@ -0,0 +1,67 @@ +/* + * hostapd / RADIUS authentication server + * Copyright (c) 2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef RADIUS_SERVER_H +#define RADIUS_SERVER_H + +struct radius_server_data; + +struct radius_server_conf { + int auth_port; + char *client_file; + void *hostapd_conf; + void *eap_sim_db_priv; + void *ssl_ctx; + int ipv6; +}; + + +#ifdef RADIUS_SERVER + +struct radius_server_data * +radius_server_init(struct radius_server_conf *conf); + +void radius_server_deinit(struct radius_server_data *data); + +int radius_server_get_mib(struct radius_server_data *data, char *buf, + size_t buflen); + +void radius_server_eap_pending_cb(struct radius_server_data *data, void *ctx); + +#else /* RADIUS_SERVER */ + +static inline struct radius_server_data * +radius_server_init(struct radius_server_conf *conf) +{ + return NULL; +} + +static inline void radius_server_deinit(struct radius_server_data *data) +{ +} + +static inline int radius_server_get_mib(struct radius_server_data *data, + char *buf, size_t buflen) +{ + return 0; +} + +static inline void +radius_server_eap_pending_cb(struct radius_server_data *data, void *ctx) +{ +} + +#endif /* RADIUS_SERVER */ + +#endif /* RADIUS_SERVER_H */ diff --git a/contrib/hostapd-0.5.8/rc4.c b/contrib/hostapd-0.5.8/rc4.c new file mode 100644 index 0000000000..8480cc55ce --- /dev/null +++ b/contrib/hostapd-0.5.8/rc4.c @@ -0,0 +1,86 @@ +/* + * RC4 stream cipher + * Copyright (c) 2002-2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "common.h" +#include "rc4.h" + +#define S_SWAP(a,b) do { u8 t = S[a]; S[a] = S[b]; S[b] = t; } while(0) + +/** + * rc4 - XOR RC4 stream to given data with skip-stream-start + * @key: RC4 key + * @keylen: RC4 key length + * @skip: number of bytes to skip from the beginning of the RC4 stream + * @data: data to be XOR'ed with RC4 stream + * @data_len: buf length + * + * Generate RC4 pseudo random stream for the given key, skip beginning of the + * stream, and XOR the end result with the data buffer to perform RC4 + * encryption/decryption. + */ +void rc4_skip(const u8 *key, size_t keylen, size_t skip, + u8 *data, size_t data_len) +{ + u32 i, j, k; + u8 S[256], *pos; + size_t kpos; + + /* Setup RC4 state */ + for (i = 0; i < 256; i++) + S[i] = i; + j = 0; + kpos = 0; + for (i = 0; i < 256; i++) { + j = (j + S[i] + key[kpos]) & 0xff; + kpos++; + if (kpos >= keylen) + kpos = 0; + S_SWAP(i, j); + } + + /* Skip the start of the stream */ + i = j = 0; + for (k = 0; k < skip; k++) { + i = (i + 1) & 0xff; + j = (j + S[i]) & 0xff; + S_SWAP(i, j); + } + + /* Apply RC4 to data */ + pos = data; + for (k = 0; k < data_len; k++) { + i = (i + 1) & 0xff; + j = (j + S[i]) & 0xff; + S_SWAP(i, j); + *pos++ ^= S[(S[i] + S[j]) & 0xff]; + } +} + + +/** + * rc4 - XOR RC4 stream to given data + * @buf: data to be XOR'ed with RC4 stream + * @len: buf length + * @key: RC4 key + * @key_len: RC4 key length + * + * Generate RC4 pseudo random stream for the given key and XOR this with the + * data buffer to perform RC4 encryption/decryption. + */ +void rc4(u8 *buf, size_t len, const u8 *key, size_t key_len) +{ + rc4_skip(key, key_len, 0, buf, len); +} diff --git a/contrib/hostapd-0.5.8/rc4.h b/contrib/hostapd-0.5.8/rc4.h new file mode 100644 index 0000000000..01f13833dd --- /dev/null +++ b/contrib/hostapd-0.5.8/rc4.h @@ -0,0 +1,22 @@ +/* + * RC4 stream cipher + * Copyright (c) 2002-2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef RC4_H +#define RC4_H + +void rc4_skip(const u8 *key, size_t keylen, size_t skip, + u8 *data, size_t data_len); +void rc4(u8 *buf, size_t len, const u8 *key, size_t key_len); + +#endif /* RC4_H */ diff --git a/contrib/hostapd-0.5.8/reconfig.c b/contrib/hostapd-0.5.8/reconfig.c new file mode 100644 index 0000000000..a0d6156981 --- /dev/null +++ b/contrib/hostapd-0.5.8/reconfig.c @@ -0,0 +1,714 @@ +/* + * hostapd / Configuration reloading + * Copyright (c) 2002-2007, Jouni Malinen + * Copyright (c) 2002-2004, Instant802 Networks, Inc. + * Copyright (c) 2005-2006, Devicescape Software, Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "hostapd.h" +#include "beacon.h" +#include "hw_features.h" +#include "driver.h" +#include "sta_info.h" +#include "radius_client.h" +#include "ieee802_11.h" +#include "iapp.h" +#include "ap_list.h" +#include "wpa.h" +#include "vlan_init.h" +#include "ieee802_11_auth.h" +#include "ieee802_1x.h" +#include "accounting.h" +#include "eloop.h" + + +/** + * struct hostapd_config_change - Configuration change information + * This is for two purposes: + * - Storing configuration information in the hostapd_iface during + * the asynchronous parts of reconfiguration. + * - Passing configuration information for per-station reconfiguration. + */ +struct hostapd_config_change { + struct hostapd_data *hapd; + struct hostapd_config *newconf, *oldconf; + struct hostapd_bss_config *newbss, *oldbss; + int mac_acl_changed; + int num_sta_remove; /* number of STAs that need to be removed */ + int beacon_changed; + struct hostapd_iface *hapd_iface; + struct hostapd_data **new_hapd, **old_hapd; + int num_old_hapd; +}; + + +static int hostapd_config_reload_sta(struct hostapd_data *hapd, + struct sta_info *sta, void *data) +{ + struct hostapd_config_change *change = data; + struct hostapd_bss_config *newbss, *oldbss; + int deauth = 0; + u8 reason = WLAN_REASON_PREV_AUTH_NOT_VALID; + + newbss = change->newbss; + oldbss = change->oldbss; + hapd = change->hapd; + + if (sta->ssid == &oldbss->ssid) { + sta->ssid = &newbss->ssid; + + if (newbss->ssid.ssid_len != oldbss->ssid.ssid_len || + memcmp(newbss->ssid.ssid, oldbss->ssid.ssid, + newbss->ssid.ssid_len) != 0) { + /* main SSID was changed - kick STA out */ + deauth++; + } + } + sta->ssid_probe = sta->ssid; + + /* + * If MAC ACL configuration has changed, deauthenticate stations that + * have been removed from accepted list or have been added to denied + * list. If external RADIUS server is used for ACL, all stations are + * deauthenticated and they will need to authenticate again. This + * limits sudden load on the RADIUS server since the verification will + * be done over the time needed for the STAs to reauthenticate + * themselves. + */ + if (change->mac_acl_changed && + (newbss->macaddr_acl == USE_EXTERNAL_RADIUS_AUTH || + !hostapd_allowed_address(hapd, sta->addr, NULL, 0, NULL, NULL, + NULL))) + deauth++; + + if (newbss->ieee802_1x != oldbss->ieee802_1x && + sta->ssid == &hapd->conf->ssid) + deauth++; + + if (newbss->wpa != oldbss->wpa) + deauth++; + + if (!newbss->wme_enabled && (sta->flags & WLAN_STA_WME)) + deauth++; + + if (newbss->auth_algs != oldbss->auth_algs && + ((sta->auth_alg == WLAN_AUTH_OPEN && + !(newbss->auth_algs & HOSTAPD_AUTH_OPEN)) || + (sta->auth_alg == WLAN_AUTH_SHARED_KEY && + !(newbss->auth_algs & HOSTAPD_AUTH_SHARED_KEY)))) + deauth++; + + if (change->num_sta_remove > 0) { + deauth++; + reason = WLAN_REASON_DISASSOC_AP_BUSY; + } + + if (deauth) { + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "STA " MACSTR + " deauthenticated during config reloading " + "(reason=%d)\n", MAC2STR(sta->addr), reason); + ieee802_11_send_deauth(hapd, sta->addr, reason); + ap_sta_deauthenticate(hapd, sta, reason); + change->num_sta_remove--; + } + + return 0; +} + + +static void hostapd_reconfig_tx_queue_params(struct hostapd_data *hapd, + struct hostapd_config *newconf, + struct hostapd_config *oldconf) +{ + int i; + struct hostapd_tx_queue_params *o, *n; + + for (i = 0; i < NUM_TX_QUEUES; i++) { + o = &oldconf->tx_queue[i]; + n = &newconf->tx_queue[i]; + + if (!n->configured) + continue; + + if ((n->aifs != o->aifs || n->cwmin != o->cwmin || + n->cwmax != o->cwmax || n->burst != o->burst) && + hostapd_set_tx_queue_params(hapd, i, n->aifs, n->cwmin, + n->cwmax, n->burst)) + printf("Failed to set TX queue parameters for queue %d" + ".\n", i); + } +} + + +static int hostapd_reconfig_wme(struct hostapd_data *hapd, + struct hostapd_config *newconf, + struct hostapd_config *oldconf) +{ + int beacon_changed = 0; + size_t i; + struct hostapd_wme_ac_params *o, *n; + + for (i = 0; i < sizeof(newconf->wme_ac_params) / + sizeof(newconf->wme_ac_params[0]); i++) { + o = &oldconf->wme_ac_params[i]; + n = &newconf->wme_ac_params[i]; + if (n->cwmin != o->cwmin || + n->cwmax != o->cwmax || + n->aifs != o->aifs || + n->txopLimit != o->txopLimit || + n->admission_control_mandatory != + o->admission_control_mandatory) { + beacon_changed++; + hapd->parameter_set_count++; + } + } + + return beacon_changed; +} + + +static int rate_array_diff(int *a1, int *a2) +{ + int i; + + if (a1 == NULL && a2 == NULL) + return 0; + if (a1 == NULL || a2 == NULL) + return 1; + + i = 0; + for (;;) { + if (a1[i] != a2[i]) + return 1; + if (a1[i] == -1) + break; + i++; + } + + return 0; +} + + +static int hostapd_acl_diff(struct hostapd_bss_config *a, + struct hostapd_bss_config *b) +{ + int i; + + if (a->macaddr_acl != b->macaddr_acl || + a->num_accept_mac != b->num_accept_mac || + a->num_deny_mac != b->num_deny_mac) + return 1; + + for (i = 0; i < a->num_accept_mac; i++) { + if (memcmp(a->accept_mac[i], b->accept_mac[i], ETH_ALEN) != 0) + return 1; + } + + for (i = 0; i < a->num_deny_mac; i++) { + if (memcmp(a->deny_mac[i], b->deny_mac[i], ETH_ALEN) != 0) + return 1; + } + + return 0; +} + + +/** + * reload_iface2 - Part 2 of reload_iface + * @hapd_iface: Pointer to hostapd interface data. + */ +static void reload_iface2(struct hostapd_iface *hapd_iface) +{ + struct hostapd_data *hapd = hapd_iface->bss[0]; + struct hostapd_config *newconf = hapd_iface->change->newconf; + struct hostapd_config *oldconf = hapd_iface->change->oldconf; + int beacon_changed = hapd_iface->change->beacon_changed; + hostapd_iface_cb cb = hapd_iface->reload_iface_cb; + + if (newconf->preamble != oldconf->preamble) { + if (hostapd_set_preamble(hapd, hapd->iconf->preamble)) + printf("Could not set preamble for kernel driver\n"); + beacon_changed++; + } + + if (newconf->beacon_int != oldconf->beacon_int) { + /* Need to change beacon interval if it has changed or if + * auto channel selection was used. */ + if (hostapd_set_beacon_int(hapd, newconf->beacon_int)) + printf("Could not set beacon interval for kernel " + "driver\n"); + if (newconf->beacon_int != oldconf->beacon_int) + beacon_changed++; + } + + if (newconf->cts_protection_type != oldconf->cts_protection_type) + beacon_changed++; + + if (newconf->rts_threshold > -1 && + newconf->rts_threshold != oldconf->rts_threshold && + hostapd_set_rts(hapd, newconf->rts_threshold)) + printf("Could not set RTS threshold for kernel driver\n"); + + if (newconf->fragm_threshold > -1 && + newconf->fragm_threshold != oldconf->fragm_threshold && + hostapd_set_frag(hapd, newconf->fragm_threshold)) + printf("Could not set fragmentation threshold for kernel " + "driver\n"); + + hostapd_reconfig_tx_queue_params(hapd, newconf, oldconf); + + if (hostapd_reconfig_wme(hapd, newconf, oldconf) > 0) + beacon_changed++; + + ap_list_reconfig(hapd_iface, oldconf); + + hapd_iface->change->beacon_changed = beacon_changed; + + hapd_iface->reload_iface_cb = NULL; + cb(hapd_iface, 0); +} + + +/** + * reload_iface2_handler - Handler that calls reload_face2 + * @eloop_data: Stores the struct hostapd_iface for the interface. + * @user_ctx: Unused. + */ +static void reload_iface2_handler(void *eloop_data, void *user_ctx) +{ + struct hostapd_iface *hapd_iface = eloop_data; + + reload_iface2(hapd_iface); +} + + +/** + * reload_hw_mode_done - Callback for after the HW mode is setup + * @hapd_iface: Pointer to interface data. + * @status: Status of the HW mode setup. + */ +static void reload_hw_mode_done(struct hostapd_iface *hapd_iface, int status) +{ + struct hostapd_data *hapd = hapd_iface->bss[0]; + struct hostapd_config_change *change = hapd_iface->change; + struct hostapd_config *newconf = change->newconf; + hostapd_iface_cb cb; + int freq; + + if (status) { + printf("Failed to select hw_mode.\n"); + + cb = hapd_iface->reload_iface_cb; + hapd_iface->reload_iface_cb = NULL; + cb(hapd_iface, -1); + + return; + } + + freq = hostapd_hw_get_freq(hapd, newconf->channel); + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "Mode: %s Channel: %d Frequency: %d MHz\n", + hostapd_hw_mode_txt(newconf->hw_mode), + newconf->channel, freq); + + if (hostapd_set_freq(hapd, newconf->hw_mode, freq)) { + printf("Could not set channel %d (%d MHz) for kernel " + "driver\n", newconf->channel, freq); + } + + change->beacon_changed++; + + reload_iface2(hapd_iface); +} + + +/** + * hostapd_config_reload_iface_start - Start interface reload + * @hapd_iface: Pointer to interface data. + * @cb: The function to callback when done. + * Returns: 0 if it starts successfully; cb will be called when done. + * -1 on failure; cb will not be called. + */ +static int hostapd_config_reload_iface_start(struct hostapd_iface *hapd_iface, + hostapd_iface_cb cb) +{ + struct hostapd_config_change *change = hapd_iface->change; + struct hostapd_config *newconf = change->newconf; + struct hostapd_config *oldconf = change->oldconf; + struct hostapd_data *hapd = hapd_iface->bss[0]; + + if (hapd_iface->reload_iface_cb) { + wpa_printf(MSG_DEBUG, + "%s: Interface reload already in progress.", + hapd_iface->bss[0]->conf->iface); + return -1; + } + + hapd_iface->reload_iface_cb = cb; + + if (newconf->bridge_packets != oldconf->bridge_packets && + hapd->iconf->bridge_packets != INTERNAL_BRIDGE_DO_NOT_CONTROL && + hostapd_set_internal_bridge(hapd, hapd->iconf->bridge_packets)) + printf("Failed to set bridge_packets for kernel driver\n"); + + if (newconf->channel != oldconf->channel || + newconf->hw_mode != oldconf->hw_mode || + rate_array_diff(newconf->supported_rates, + oldconf->supported_rates) || + rate_array_diff(newconf->basic_rates, oldconf->basic_rates)) { + hostapd_free_stas(hapd); + + if (hostapd_get_hw_features(hapd_iface)) { + printf("Could not read HW feature info from the kernel" + " driver.\n"); + hapd_iface->reload_iface_cb = NULL; + return -1; + } + + if (hostapd_select_hw_mode_start(hapd_iface, + reload_hw_mode_done)) { + printf("Failed to start select hw_mode.\n"); + hapd_iface->reload_iface_cb = NULL; + return -1; + } + + return 0; + } + + eloop_register_timeout(0, 0, reload_iface2_handler, hapd_iface, NULL); + return 0; +} + + +static void hostapd_reconfig_bss(struct hostapd_data *hapd, + struct hostapd_bss_config *newbss, + struct hostapd_bss_config *oldbss, + struct hostapd_config *oldconf, + int beacon_changed) +{ + struct hostapd_config_change change; + int encr_changed = 0; + struct radius_client_data *old_radius; + + radius_client_flush(hapd->radius, 0); + + if (hostapd_set_dtim_period(hapd, newbss->dtim_period)) + printf("Could not set DTIM period for kernel driver\n"); + + if (newbss->ssid.ssid_len != oldbss->ssid.ssid_len || + memcmp(newbss->ssid.ssid, oldbss->ssid.ssid, + newbss->ssid.ssid_len) != 0) { + if (hostapd_set_ssid(hapd, (u8 *) newbss->ssid.ssid, + newbss->ssid.ssid_len)) + printf("Could not set SSID for kernel driver\n"); + beacon_changed++; + } + + if (newbss->ignore_broadcast_ssid != oldbss->ignore_broadcast_ssid) + beacon_changed++; + + if (hostapd_wep_key_cmp(&newbss->ssid.wep, &oldbss->ssid.wep)) { + encr_changed++; + beacon_changed++; + } + + vlan_reconfig(hapd, oldconf, oldbss); + + if (beacon_changed) { + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "Updating beacon frame " + "information\n"); + ieee802_11_set_beacon(hapd); + } + + change.hapd = hapd; + change.oldconf = oldconf; + change.newconf = hapd->iconf; + change.oldbss = oldbss; + change.newbss = newbss; + change.mac_acl_changed = hostapd_acl_diff(newbss, oldbss); + if (newbss->max_num_sta != oldbss->max_num_sta && + newbss->max_num_sta < hapd->num_sta) { + change.num_sta_remove = hapd->num_sta - newbss->max_num_sta; + } else + change.num_sta_remove = 0; + ap_for_each_sta(hapd, hostapd_config_reload_sta, &change); + + old_radius = hapd->radius; + hapd->radius = radius_client_reconfig(hapd->radius, hapd, + oldbss->radius, newbss->radius); + hapd->radius_client_reconfigured = old_radius != hapd->radius || + hostapd_ip_diff(&newbss->own_ip_addr, &oldbss->own_ip_addr); + + ieee802_1x_reconfig(hapd, oldconf, oldbss); + iapp_reconfig(hapd, oldconf, oldbss); + + hostapd_acl_reconfig(hapd, oldconf); + accounting_reconfig(hapd, oldconf); +} + + +/** + * config_reload2 - Part 2 of configuration reloading + * @hapd_iface: + */ +static void config_reload2(struct hostapd_iface *hapd_iface, int status) +{ + struct hostapd_config_change *change = hapd_iface->change; + struct hostapd_data *hapd = change->hapd; + struct hostapd_config *newconf = change->newconf; + struct hostapd_config *oldconf = change->oldconf; + int beacon_changed = change->beacon_changed; + struct hostapd_data **new_hapd = change->new_hapd; + struct hostapd_data **old_hapd = change->old_hapd; + int num_old_hapd = change->num_old_hapd; + size_t i, j, max_bss, same_bssid; + struct hostapd_bss_config *newbss, *oldbss; + u8 *prev_addr; + hostapd_iface_cb cb; + + free(change); + hapd_iface->change = NULL; + + if (status) { + printf("Failed to setup new interface config\n"); + + cb = hapd_iface->config_reload_cb; + hapd_iface->config_reload_cb = NULL; + + /* Invalid configuration - cleanup and terminate hostapd */ + hapd_iface->bss = old_hapd; + hapd_iface->num_bss = num_old_hapd; + hapd_iface->conf = hapd->iconf = oldconf; + hapd->conf = &oldconf->bss[0]; + hostapd_config_free(newconf); + free(new_hapd); + + cb(hapd_iface, -2); + + return; + } + + /* + * If any BSSes have been removed, added, or had their BSSIDs changed, + * completely remove and reinitialize such BSSes and all the BSSes + * following them since their BSSID might have changed. + */ + max_bss = oldconf->num_bss; + if (max_bss > newconf->num_bss) + max_bss = newconf->num_bss; + + for (i = 0; i < max_bss; i++) { + if (strcmp(oldconf->bss[i].iface, newconf->bss[i].iface) != 0 + || hostapd_mac_comp(oldconf->bss[i].bssid, + newconf->bss[i].bssid) != 0) + break; + } + same_bssid = i; + + for (i = 0; i < oldconf->num_bss; i++) { + oldbss = &oldconf->bss[i]; + newbss = NULL; + for (j = 0; j < newconf->num_bss; j++) { + if (strcmp(oldbss->iface, newconf->bss[j].iface) == 0) + { + newbss = &newconf->bss[j]; + break; + } + } + + if (newbss && i < same_bssid) { + hapd = hapd_iface->bss[j] = old_hapd[i]; + hapd->iconf = newconf; + hapd->conf = newbss; + hostapd_reconfig_bss(hapd, newbss, oldbss, oldconf, + beacon_changed); + } else { + hapd = old_hapd[i]; + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "Removing BSS (ifname %s)\n", + hapd->conf->iface); + hostapd_free_stas(hapd); + /* Send broadcast deauthentication for this BSS, but do + * not clear all STAs from the driver since other BSSes + * may have STA entries. The driver will remove all STA + * entries for this BSS anyway when the interface is + * being removed. */ +#if 0 + hostapd_deauth_all_stas(hapd); + hostapd_cleanup(hapd); +#endif + + free(hapd); + } + } + + + prev_addr = hapd_iface->bss[0]->own_addr; + hapd = hapd_iface->bss[0]; + for (j = 0; j < newconf->num_bss; j++) { + if (hapd_iface->bss[j] != NULL) { + prev_addr = hapd_iface->bss[j]->own_addr; + continue; + } + + newbss = &newconf->bss[j]; + + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "Reconfiguration: adding " + "new BSS (ifname=%s)\n", newbss->iface); + +#if 0 + hapd = hapd_iface->bss[j] = + hostapd_alloc_bss_data(hapd_iface, newconf, newbss); +#endif + if (hapd == NULL) { + printf("Failed to initialize new BSS\n"); + /* FIX: This one is somewhat hard to recover + * from.. Would need to remove this BSS from + * conf and BSS list. */ + exit(1); + } + hapd->driver = hapd_iface->bss[0]->driver; + hapd->iface = hapd_iface; + hapd->iconf = newconf; + hapd->conf = newbss; + + memcpy(hapd->own_addr, prev_addr, ETH_ALEN); + if (hostapd_mac_comp_empty(hapd->conf->bssid) == 0) + prev_addr = hapd->own_addr; + +#if 0 + if (hostapd_setup_bss(hapd, j == 0)) { + printf("Failed to setup new BSS\n"); + /* FIX */ + exit(1); + } +#endif + + } + + free(old_hapd); + hostapd_config_free(oldconf); + + cb = hapd_iface->config_reload_cb; + hapd_iface->config_reload_cb = NULL; + + cb(hapd_iface, 0); +} + + +/** + * hostapd_config_reload_start - Start reconfiguration of an interface + * @hapd_iface: Pointer to hostapd interface data + * @cb: Function to be called back when done. + * The status indicates: + * 0 = success, new configuration in use; + * -1 = failed to update configuraiton, old configuration in use; + * -2 = failed to update configuration and failed to recover; caller + * should cleanup and terminate hostapd + * Returns: + * 0 = reconfiguration started; + * -1 = failed to update configuration, old configuration in use; + * -2 = failed to update configuration and failed to recover; caller + * should cleanup and terminate hostapd + */ +int hostapd_config_reload_start(struct hostapd_iface *hapd_iface, + hostapd_iface_cb cb) +{ + struct hostapd_config *newconf, *oldconf; + struct hostapd_config_change *change; + struct hostapd_data *hapd = NULL; + struct hostapd_data **old_hapd, **new_hapd; + int num_old_hapd; + + if (hapd_iface->config_reload_cb) { + wpa_printf(MSG_DEBUG, "%s: Config reload already in progress.", + hapd_iface->bss[0]->conf->iface); + return -1; + } + + newconf = hostapd_config_read(hapd_iface->config_fname); + if (newconf == NULL) { + printf("Failed to read new configuration file - continuing " + "with old.\n"); + return -1; + } + + if (strcmp(newconf->bss[0].iface, hapd_iface->conf->bss[0].iface) != + 0) { + printf("Interface name changing is not allowed in " + "configuration reloading (%s -> %s).\n", + hapd_iface->conf->bss[0].iface, newconf->bss[0].iface); + hostapd_config_free(newconf); + return -1; + } + + new_hapd = wpa_zalloc(newconf->num_bss * + sizeof(struct hostapd_data *)); + if (new_hapd == NULL) { + hostapd_config_free(newconf); + return -1; + } + old_hapd = hapd_iface->bss; + num_old_hapd = hapd_iface->num_bss; + + hapd_iface->bss = new_hapd; + hapd_iface->num_bss = newconf->num_bss; + /* + * First BSS remains the same since interface name changing was + * prohibited above. Now, this is only used in + * hostapd_config_reload_iface() and following loop will anyway set + * this again. + */ + hapd = hapd_iface->bss[0] = old_hapd[0]; + + oldconf = hapd_iface->conf; + hapd->iconf = hapd_iface->conf = newconf; + hapd->conf = &newconf->bss[0]; + + change = wpa_zalloc(sizeof(struct hostapd_config_change)); + if (change == NULL) { + hostapd_config_free(newconf); + return -1; + } + + change->hapd = hapd; + change->newconf = newconf; + change->oldconf = oldconf; + change->beacon_changed = 0; + change->hapd_iface = hapd_iface; + change->new_hapd = new_hapd; + change->old_hapd = old_hapd; + change->num_old_hapd = num_old_hapd; + + hapd_iface->config_reload_cb = cb; + hapd_iface->change = change; + if (hostapd_config_reload_iface_start(hapd_iface, config_reload2)) { + printf("Failed to start setup of new interface config\n"); + + hapd_iface->config_reload_cb = NULL; + free(change); + hapd_iface->change = NULL; + + /* Invalid configuration - cleanup and terminate hostapd */ + hapd_iface->bss = old_hapd; + hapd_iface->num_bss = num_old_hapd; + hapd_iface->conf = hapd->iconf = oldconf; + hapd->conf = &oldconf->bss[0]; + hostapd_config_free(newconf); + free(new_hapd); + return -2; + } + + return 0; +} diff --git a/contrib/hostapd-0.5.8/sha1.c b/contrib/hostapd-0.5.8/sha1.c new file mode 100644 index 0000000000..194db1601d --- /dev/null +++ b/contrib/hostapd-0.5.8/sha1.c @@ -0,0 +1,722 @@ +/* + * SHA1 hash implementation and interface functions + * Copyright (c) 2003-2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "common.h" +#include "sha1.h" +#include "md5.h" +#include "crypto.h" + + +/** + * hmac_sha1_vector - HMAC-SHA1 over data vector (RFC 2104) + * @key: Key for HMAC operations + * @key_len: Length of the key in bytes + * @num_elem: Number of elements in the data vector + * @addr: Pointers to the data areas + * @len: Lengths of the data blocks + * @mac: Buffer for the hash (20 bytes) + */ +void hmac_sha1_vector(const u8 *key, size_t key_len, size_t num_elem, + const u8 *addr[], const size_t *len, u8 *mac) +{ + unsigned char k_pad[64]; /* padding - key XORd with ipad/opad */ + unsigned char tk[20]; + const u8 *_addr[6]; + size_t _len[6], i; + + if (num_elem > 5) { + /* + * Fixed limit on the number of fragments to avoid having to + * allocate memory (which could fail). + */ + return; + } + + /* if key is longer than 64 bytes reset it to key = SHA1(key) */ + if (key_len > 64) { + sha1_vector(1, &key, &key_len, tk); + key = tk; + key_len = 20; + } + + /* the HMAC_SHA1 transform looks like: + * + * SHA1(K XOR opad, SHA1(K XOR ipad, text)) + * + * where K is an n byte key + * ipad is the byte 0x36 repeated 64 times + * opad is the byte 0x5c repeated 64 times + * and text is the data being protected */ + + /* start out by storing key in ipad */ + os_memset(k_pad, 0, sizeof(k_pad)); + os_memcpy(k_pad, key, key_len); + /* XOR key with ipad values */ + for (i = 0; i < 64; i++) + k_pad[i] ^= 0x36; + + /* perform inner SHA1 */ + _addr[0] = k_pad; + _len[0] = 64; + for (i = 0; i < num_elem; i++) { + _addr[i + 1] = addr[i]; + _len[i + 1] = len[i]; + } + sha1_vector(1 + num_elem, _addr, _len, mac); + + os_memset(k_pad, 0, sizeof(k_pad)); + os_memcpy(k_pad, key, key_len); + /* XOR key with opad values */ + for (i = 0; i < 64; i++) + k_pad[i] ^= 0x5c; + + /* perform outer SHA1 */ + _addr[0] = k_pad; + _len[0] = 64; + _addr[1] = mac; + _len[1] = SHA1_MAC_LEN; + sha1_vector(2, _addr, _len, mac); +} + + +/** + * hmac_sha1 - HMAC-SHA1 over data buffer (RFC 2104) + * @key: Key for HMAC operations + * @key_len: Length of the key in bytes + * @data: Pointers to the data area + * @data_len: Length of the data area + * @mac: Buffer for the hash (20 bytes) + */ +void hmac_sha1(const u8 *key, size_t key_len, const u8 *data, size_t data_len, + u8 *mac) +{ + hmac_sha1_vector(key, key_len, 1, &data, &data_len, mac); +} + + +/** + * sha1_prf - SHA1-based Pseudo-Random Function (PRF) (IEEE 802.11i, 8.5.1.1) + * @key: Key for PRF + * @key_len: Length of the key in bytes + * @label: A unique label for each purpose of the PRF + * @data: Extra data to bind into the key + * @data_len: Length of the data + * @buf: Buffer for the generated pseudo-random key + * @buf_len: Number of bytes of key to generate + * + * This function is used to derive new, cryptographically separate keys from a + * given key (e.g., PMK in IEEE 802.11i). + */ +void sha1_prf(const u8 *key, size_t key_len, const char *label, + const u8 *data, size_t data_len, u8 *buf, size_t buf_len) +{ + u8 zero = 0, counter = 0; + size_t pos, plen; + u8 hash[SHA1_MAC_LEN]; + size_t label_len = os_strlen(label); + const unsigned char *addr[4]; + size_t len[4]; + + addr[0] = (u8 *) label; + len[0] = label_len; + addr[1] = &zero; + len[1] = 1; + addr[2] = data; + len[2] = data_len; + addr[3] = &counter; + len[3] = 1; + + pos = 0; + while (pos < buf_len) { + plen = buf_len - pos; + if (plen >= SHA1_MAC_LEN) { + hmac_sha1_vector(key, key_len, 4, addr, len, + &buf[pos]); + pos += SHA1_MAC_LEN; + } else { + hmac_sha1_vector(key, key_len, 4, addr, len, + hash); + os_memcpy(&buf[pos], hash, plen); + break; + } + counter++; + } +} + + +/** + * sha1_t_prf - EAP-FAST Pseudo-Random Function (T-PRF) + * @key: Key for PRF + * @key_len: Length of the key in bytes + * @label: A unique label for each purpose of the PRF + * @seed: Seed value to bind into the key + * @seed_len: Length of the seed + * @buf: Buffer for the generated pseudo-random key + * @buf_len: Number of bytes of key to generate + * + * This function is used to derive new, cryptographically separate keys from a + * given key for EAP-FAST. T-PRF is defined in + * draft-cam-winget-eap-fast-02.txt, Appendix B. + */ +void sha1_t_prf(const u8 *key, size_t key_len, const char *label, + const u8 *seed, size_t seed_len, u8 *buf, size_t buf_len) +{ + unsigned char counter = 0; + size_t pos, plen; + u8 hash[SHA1_MAC_LEN]; + size_t label_len = os_strlen(label); + u8 output_len[2]; + const unsigned char *addr[5]; + size_t len[5]; + + addr[0] = hash; + len[0] = 0; + addr[1] = (unsigned char *) label; + len[1] = label_len + 1; + addr[2] = seed; + len[2] = seed_len; + addr[3] = output_len; + len[3] = 2; + addr[4] = &counter; + len[4] = 1; + + output_len[0] = (buf_len >> 8) & 0xff; + output_len[1] = buf_len & 0xff; + pos = 0; + while (pos < buf_len) { + counter++; + plen = buf_len - pos; + hmac_sha1_vector(key, key_len, 5, addr, len, hash); + if (plen >= SHA1_MAC_LEN) { + os_memcpy(&buf[pos], hash, SHA1_MAC_LEN); + pos += SHA1_MAC_LEN; + } else { + os_memcpy(&buf[pos], hash, plen); + break; + } + len[0] = SHA1_MAC_LEN; + } +} + + +/** + * tls_prf - Pseudo-Random Function for TLS (TLS-PRF, RFC 2246) + * @secret: Key for PRF + * @secret_len: Length of the key in bytes + * @label: A unique label for each purpose of the PRF + * @seed: Seed value to bind into the key + * @seed_len: Length of the seed + * @out: Buffer for the generated pseudo-random key + * @outlen: Number of bytes of key to generate + * Returns: 0 on success, -1 on failure. + * + * This function is used to derive new, cryptographically separate keys from a + * given key in TLS. This PRF is defined in RFC 2246, Chapter 5. + */ +int tls_prf(const u8 *secret, size_t secret_len, const char *label, + const u8 *seed, size_t seed_len, u8 *out, size_t outlen) +{ + size_t L_S1, L_S2, i; + const u8 *S1, *S2; + u8 A_MD5[MD5_MAC_LEN], A_SHA1[SHA1_MAC_LEN]; + u8 P_MD5[MD5_MAC_LEN], P_SHA1[SHA1_MAC_LEN]; + int MD5_pos, SHA1_pos; + const u8 *MD5_addr[3]; + size_t MD5_len[3]; + const unsigned char *SHA1_addr[3]; + size_t SHA1_len[3]; + + if (secret_len & 1) + return -1; + + MD5_addr[0] = A_MD5; + MD5_len[0] = MD5_MAC_LEN; + MD5_addr[1] = (unsigned char *) label; + MD5_len[1] = os_strlen(label); + MD5_addr[2] = seed; + MD5_len[2] = seed_len; + + SHA1_addr[0] = A_SHA1; + SHA1_len[0] = SHA1_MAC_LEN; + SHA1_addr[1] = (unsigned char *) label; + SHA1_len[1] = os_strlen(label); + SHA1_addr[2] = seed; + SHA1_len[2] = seed_len; + + /* RFC 2246, Chapter 5 + * A(0) = seed, A(i) = HMAC(secret, A(i-1)) + * P_hash = HMAC(secret, A(1) + seed) + HMAC(secret, A(2) + seed) + .. + * PRF = P_MD5(S1, label + seed) XOR P_SHA-1(S2, label + seed) + */ + + L_S1 = L_S2 = (secret_len + 1) / 2; + S1 = secret; + S2 = secret + L_S1; + + hmac_md5_vector(S1, L_S1, 2, &MD5_addr[1], &MD5_len[1], A_MD5); + hmac_sha1_vector(S2, L_S2, 2, &SHA1_addr[1], &SHA1_len[1], A_SHA1); + + MD5_pos = MD5_MAC_LEN; + SHA1_pos = SHA1_MAC_LEN; + for (i = 0; i < outlen; i++) { + if (MD5_pos == MD5_MAC_LEN) { + hmac_md5_vector(S1, L_S1, 3, MD5_addr, MD5_len, P_MD5); + MD5_pos = 0; + hmac_md5(S1, L_S1, A_MD5, MD5_MAC_LEN, A_MD5); + } + if (SHA1_pos == SHA1_MAC_LEN) { + hmac_sha1_vector(S2, L_S2, 3, SHA1_addr, SHA1_len, + P_SHA1); + SHA1_pos = 0; + hmac_sha1(S2, L_S2, A_SHA1, SHA1_MAC_LEN, A_SHA1); + } + + out[i] = P_MD5[MD5_pos] ^ P_SHA1[SHA1_pos]; + + MD5_pos++; + SHA1_pos++; + } + + return 0; +} + + +static void pbkdf2_sha1_f(const char *passphrase, const char *ssid, + size_t ssid_len, int iterations, unsigned int count, + u8 *digest) +{ + unsigned char tmp[SHA1_MAC_LEN], tmp2[SHA1_MAC_LEN]; + int i, j; + unsigned char count_buf[4]; + const u8 *addr[2]; + size_t len[2]; + size_t passphrase_len = os_strlen(passphrase); + + addr[0] = (u8 *) ssid; + len[0] = ssid_len; + addr[1] = count_buf; + len[1] = 4; + + /* F(P, S, c, i) = U1 xor U2 xor ... Uc + * U1 = PRF(P, S || i) + * U2 = PRF(P, U1) + * Uc = PRF(P, Uc-1) + */ + + count_buf[0] = (count >> 24) & 0xff; + count_buf[1] = (count >> 16) & 0xff; + count_buf[2] = (count >> 8) & 0xff; + count_buf[3] = count & 0xff; + hmac_sha1_vector((u8 *) passphrase, passphrase_len, 2, addr, len, tmp); + os_memcpy(digest, tmp, SHA1_MAC_LEN); + + for (i = 1; i < iterations; i++) { + hmac_sha1((u8 *) passphrase, passphrase_len, tmp, SHA1_MAC_LEN, + tmp2); + os_memcpy(tmp, tmp2, SHA1_MAC_LEN); + for (j = 0; j < SHA1_MAC_LEN; j++) + digest[j] ^= tmp2[j]; + } +} + + +/** + * pbkdf2_sha1 - SHA1-based key derivation function (PBKDF2) for IEEE 802.11i + * @passphrase: ASCII passphrase + * @ssid: SSID + * @ssid_len: SSID length in bytes + * @interations: Number of iterations to run + * @buf: Buffer for the generated key + * @buflen: Length of the buffer in bytes + * + * This function is used to derive PSK for WPA-PSK. For this protocol, + * iterations is set to 4096 and buflen to 32. This function is described in + * IEEE Std 802.11-2004, Clause H.4. The main construction is from PKCS#5 v2.0. + */ +void pbkdf2_sha1(const char *passphrase, const char *ssid, size_t ssid_len, + int iterations, u8 *buf, size_t buflen) +{ + unsigned int count = 0; + unsigned char *pos = buf; + size_t left = buflen, plen; + unsigned char digest[SHA1_MAC_LEN]; + + while (left > 0) { + count++; + pbkdf2_sha1_f(passphrase, ssid, ssid_len, iterations, count, + digest); + plen = left > SHA1_MAC_LEN ? SHA1_MAC_LEN : left; + os_memcpy(pos, digest, plen); + pos += plen; + left -= plen; + } +} + + +#ifdef INTERNAL_SHA1 + +struct SHA1Context { + u32 state[5]; + u32 count[2]; + unsigned char buffer[64]; +}; + +typedef struct SHA1Context SHA1_CTX; + +#ifndef CONFIG_CRYPTO_INTERNAL +static void SHA1Init(struct SHA1Context *context); +static void SHA1Update(struct SHA1Context *context, const void *data, u32 len); +static void SHA1Final(unsigned char digest[20], struct SHA1Context *context); +#endif /* CONFIG_CRYPTO_INTERNAL */ +static void SHA1Transform(u32 state[5], const unsigned char buffer[64]); + + +/** + * sha1_vector - SHA-1 hash for data vector + * @num_elem: Number of elements in the data vector + * @addr: Pointers to the data areas + * @len: Lengths of the data blocks + * @mac: Buffer for the hash + */ +void sha1_vector(size_t num_elem, const u8 *addr[], const size_t *len, + u8 *mac) +{ + SHA1_CTX ctx; + size_t i; + + SHA1Init(&ctx); + for (i = 0; i < num_elem; i++) + SHA1Update(&ctx, addr[i], len[i]); + SHA1Final(mac, &ctx); +} + + +int fips186_2_prf(const u8 *seed, size_t seed_len, u8 *x, size_t xlen) +{ + u8 xkey[64]; + u32 t[5], _t[5]; + int i, j, m, k; + u8 *xpos = x; + u32 carry; + + if (seed_len > sizeof(xkey)) + seed_len = sizeof(xkey); + + /* FIPS 186-2 + change notice 1 */ + + os_memcpy(xkey, seed, seed_len); + os_memset(xkey + seed_len, 0, 64 - seed_len); + t[0] = 0x67452301; + t[1] = 0xEFCDAB89; + t[2] = 0x98BADCFE; + t[3] = 0x10325476; + t[4] = 0xC3D2E1F0; + + m = xlen / 40; + for (j = 0; j < m; j++) { + /* XSEED_j = 0 */ + for (i = 0; i < 2; i++) { + /* XVAL = (XKEY + XSEED_j) mod 2^b */ + + /* w_i = G(t, XVAL) */ + os_memcpy(_t, t, 20); + SHA1Transform(_t, xkey); + _t[0] = host_to_be32(_t[0]); + _t[1] = host_to_be32(_t[1]); + _t[2] = host_to_be32(_t[2]); + _t[3] = host_to_be32(_t[3]); + _t[4] = host_to_be32(_t[4]); + os_memcpy(xpos, _t, 20); + + /* XKEY = (1 + XKEY + w_i) mod 2^b */ + carry = 1; + for (k = 19; k >= 0; k--) { + carry += xkey[k] + xpos[k]; + xkey[k] = carry & 0xff; + carry >>= 8; + } + + xpos += SHA1_MAC_LEN; + } + /* x_j = w_0|w_1 */ + } + + return 0; +} + + +/* ===== start - public domain SHA1 implementation ===== */ + +/* +SHA-1 in C +By Steve Reid +100% Public Domain + +----------------- +Modified 7/98 +By James H. Brown +Still 100% Public Domain + +Corrected a problem which generated improper hash values on 16 bit machines +Routine SHA1Update changed from + void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned int +len) +to + void SHA1Update(SHA1_CTX* context, unsigned char* data, unsigned +long len) + +The 'len' parameter was declared an int which works fine on 32 bit machines. +However, on 16 bit machines an int is too small for the shifts being done +against +it. This caused the hash function to generate incorrect values if len was +greater than 8191 (8K - 1) due to the 'len << 3' on line 3 of SHA1Update(). + +Since the file IO in main() reads 16K at a time, any file 8K or larger would +be guaranteed to generate the wrong hash (e.g. Test Vector #3, a million +"a"s). + +I also changed the declaration of variables i & j in SHA1Update to +unsigned long from unsigned int for the same reason. + +These changes should make no difference to any 32 bit implementations since +an +int and a long are the same size in those environments. + +-- +I also corrected a few compiler warnings generated by Borland C. +1. Added #include for exit() prototype +2. Removed unused variable 'j' in SHA1Final +3. Changed exit(0) to return(0) at end of main. + +ALL changes I made can be located by searching for comments containing 'JHB' +----------------- +Modified 8/98 +By Steve Reid +Still 100% public domain + +1- Removed #include and used return() instead of exit() +2- Fixed overwriting of finalcount in SHA1Final() (discovered by Chris Hall) +3- Changed email address from steve@edmweb.com to sreid@sea-to-sky.net + +----------------- +Modified 4/01 +By Saul Kravitz +Still 100% PD +Modified to run on Compaq Alpha hardware. + +----------------- +Modified 4/01 +By Jouni Malinen +Minor changes to match the coding style used in Dynamics. + +Modified September 24, 2004 +By Jouni Malinen +Fixed alignment issue in SHA1Transform when SHA1HANDSOFF is defined. + +*/ + +/* +Test Vectors (from FIPS PUB 180-1) +"abc" + A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D +"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" + 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 +A million repetitions of "a" + 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F +*/ + +#define SHA1HANDSOFF + +#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) + +/* blk0() and blk() perform the initial expand. */ +/* I got the idea of expanding during the round function from SSLeay */ +#ifndef WORDS_BIGENDIAN +#define blk0(i) (block->l[i] = (rol(block->l[i], 24) & 0xFF00FF00) | \ + (rol(block->l[i], 8) & 0x00FF00FF)) +#else +#define blk0(i) block->l[i] +#endif +#define blk(i) (block->l[i & 15] = rol(block->l[(i + 13) & 15] ^ \ + block->l[(i + 8) & 15] ^ block->l[(i + 2) & 15] ^ block->l[i & 15], 1)) + +/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ +#define R0(v,w,x,y,z,i) \ + z += ((w & (x ^ y)) ^ y) + blk0(i) + 0x5A827999 + rol(v, 5); \ + w = rol(w, 30); +#define R1(v,w,x,y,z,i) \ + z += ((w & (x ^ y)) ^ y) + blk(i) + 0x5A827999 + rol(v, 5); \ + w = rol(w, 30); +#define R2(v,w,x,y,z,i) \ + z += (w ^ x ^ y) + blk(i) + 0x6ED9EBA1 + rol(v, 5); w = rol(w, 30); +#define R3(v,w,x,y,z,i) \ + z += (((w | x) & y) | (w & x)) + blk(i) + 0x8F1BBCDC + rol(v, 5); \ + w = rol(w, 30); +#define R4(v,w,x,y,z,i) \ + z += (w ^ x ^ y) + blk(i) + 0xCA62C1D6 + rol(v, 5); \ + w=rol(w, 30); + + +#ifdef VERBOSE /* SAK */ +void SHAPrintContext(SHA1_CTX *context, char *msg) +{ + printf("%s (%d,%d) %x %x %x %x %x\n", + msg, + context->count[0], context->count[1], + context->state[0], + context->state[1], + context->state[2], + context->state[3], + context->state[4]); +} +#endif + +/* Hash a single 512-bit block. This is the core of the algorithm. */ + +static void SHA1Transform(u32 state[5], const unsigned char buffer[64]) +{ + u32 a, b, c, d, e; + typedef union { + unsigned char c[64]; + u32 l[16]; + } CHAR64LONG16; + CHAR64LONG16* block; +#ifdef SHA1HANDSOFF + u32 workspace[16]; + block = (CHAR64LONG16 *) workspace; + os_memcpy(block, buffer, 64); +#else + block = (CHAR64LONG16 *) buffer; +#endif + /* Copy context->state[] to working vars */ + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + e = state[4]; + /* 4 rounds of 20 operations each. Loop unrolled. */ + R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); + R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); + R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); + R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); + R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); + R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); + R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); + R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); + R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); + R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); + R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); + R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); + R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); + R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); + R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); + R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); + R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); + R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); + R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); + R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); + /* Add the working vars back into context.state[] */ + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + state[4] += e; + /* Wipe variables */ + a = b = c = d = e = 0; +#ifdef SHA1HANDSOFF + os_memset(block, 0, 64); +#endif +} + + +/* SHA1Init - Initialize new context */ + +void SHA1Init(SHA1_CTX* context) +{ + /* SHA1 initialization constants */ + context->state[0] = 0x67452301; + context->state[1] = 0xEFCDAB89; + context->state[2] = 0x98BADCFE; + context->state[3] = 0x10325476; + context->state[4] = 0xC3D2E1F0; + context->count[0] = context->count[1] = 0; +} + + +/* Run your data through this. */ + +void SHA1Update(SHA1_CTX* context, const void *_data, u32 len) +{ + u32 i, j; + const unsigned char *data = _data; + +#ifdef VERBOSE + SHAPrintContext(context, "before"); +#endif + j = (context->count[0] >> 3) & 63; + if ((context->count[0] += len << 3) < (len << 3)) + context->count[1]++; + context->count[1] += (len >> 29); + if ((j + len) > 63) { + os_memcpy(&context->buffer[j], data, (i = 64-j)); + SHA1Transform(context->state, context->buffer); + for ( ; i + 63 < len; i += 64) { + SHA1Transform(context->state, &data[i]); + } + j = 0; + } + else i = 0; + os_memcpy(&context->buffer[j], &data[i], len - i); +#ifdef VERBOSE + SHAPrintContext(context, "after "); +#endif +} + + +/* Add padding and return the message digest. */ + +void SHA1Final(unsigned char digest[20], SHA1_CTX* context) +{ + u32 i; + unsigned char finalcount[8]; + + for (i = 0; i < 8; i++) { + finalcount[i] = (unsigned char) + ((context->count[(i >= 4 ? 0 : 1)] >> + ((3-(i & 3)) * 8) ) & 255); /* Endian independent */ + } + SHA1Update(context, (unsigned char *) "\200", 1); + while ((context->count[0] & 504) != 448) { + SHA1Update(context, (unsigned char *) "\0", 1); + } + SHA1Update(context, finalcount, 8); /* Should cause a SHA1Transform() + */ + for (i = 0; i < 20; i++) { + digest[i] = (unsigned char) + ((context->state[i >> 2] >> ((3 - (i & 3)) * 8)) & + 255); + } + /* Wipe variables */ + i = 0; + os_memset(context->buffer, 0, 64); + os_memset(context->state, 0, 20); + os_memset(context->count, 0, 8); + os_memset(finalcount, 0, 8); +} + +/* ===== end - public domain SHA1 implementation ===== */ + +#endif /* INTERNAL_SHA1 */ diff --git a/contrib/hostapd-0.5.8/sha1.h b/contrib/hostapd-0.5.8/sha1.h new file mode 100644 index 0000000000..97affa1a62 --- /dev/null +++ b/contrib/hostapd-0.5.8/sha1.h @@ -0,0 +1,41 @@ +/* + * SHA1 hash implementation and interface functions + * Copyright (c) 2003-2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef SHA1_H +#define SHA1_H + +#define SHA1_MAC_LEN 20 + +void hmac_sha1_vector(const u8 *key, size_t key_len, size_t num_elem, + const u8 *addr[], const size_t *len, u8 *mac); +void hmac_sha1(const u8 *key, size_t key_len, const u8 *data, size_t data_len, + u8 *mac); +void sha1_prf(const u8 *key, size_t key_len, const char *label, + const u8 *data, size_t data_len, u8 *buf, size_t buf_len); +void sha1_t_prf(const u8 *key, size_t key_len, const char *label, + const u8 *seed, size_t seed_len, u8 *buf, size_t buf_len); +int tls_prf(const u8 *secret, size_t secret_len, const char *label, + const u8 *seed, size_t seed_len, u8 *out, size_t outlen); +void pbkdf2_sha1(const char *passphrase, const char *ssid, size_t ssid_len, + int iterations, u8 *buf, size_t buflen); + +#ifdef CONFIG_CRYPTO_INTERNAL +struct SHA1Context; + +void SHA1Init(struct SHA1Context *context); +void SHA1Update(struct SHA1Context *context, const void *data, u32 len); +void SHA1Final(unsigned char digest[20], struct SHA1Context *context); +#endif /* CONFIG_CRYPTO_INTERNAL */ + +#endif /* SHA1_H */ diff --git a/contrib/hostapd-0.5.8/sha256.c b/contrib/hostapd-0.5.8/sha256.c new file mode 100644 index 0000000000..175ec8b637 --- /dev/null +++ b/contrib/hostapd-0.5.8/sha256.c @@ -0,0 +1,379 @@ +/* + * SHA-256 hash implementation and interface functions + * Copyright (c) 2003-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "common.h" +#include "sha256.h" +#include "crypto.h" + + +/** + * hmac_sha256_vector - HMAC-SHA256 over data vector (RFC 2104) + * @key: Key for HMAC operations + * @key_len: Length of the key in bytes + * @num_elem: Number of elements in the data vector + * @addr: Pointers to the data areas + * @len: Lengths of the data blocks + * @mac: Buffer for the hash (32 bytes) + */ +void hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem, + const u8 *addr[], const size_t *len, u8 *mac) +{ + unsigned char k_pad[64]; /* padding - key XORd with ipad/opad */ + unsigned char tk[32]; + const u8 *_addr[6]; + size_t _len[6], i; + + if (num_elem > 5) { + /* + * Fixed limit on the number of fragments to avoid having to + * allocate memory (which could fail). + */ + return; + } + + /* if key is longer than 64 bytes reset it to key = SHA256(key) */ + if (key_len > 64) { + sha256_vector(1, &key, &key_len, tk); + key = tk; + key_len = 32; + } + + /* the HMAC_SHA256 transform looks like: + * + * SHA256(K XOR opad, SHA256(K XOR ipad, text)) + * + * where K is an n byte key + * ipad is the byte 0x36 repeated 64 times + * opad is the byte 0x5c repeated 64 times + * and text is the data being protected */ + + /* start out by storing key in ipad */ + memset(k_pad, 0, sizeof(k_pad)); + memcpy(k_pad, key, key_len); + /* XOR key with ipad values */ + for (i = 0; i < 64; i++) + k_pad[i] ^= 0x36; + + /* perform inner SHA256 */ + _addr[0] = k_pad; + _len[0] = 64; + for (i = 0; i < num_elem; i++) { + _addr[i + 1] = addr[i]; + _len[i + 1] = len[i]; + } + sha256_vector(1 + num_elem, _addr, _len, mac); + + memset(k_pad, 0, sizeof(k_pad)); + memcpy(k_pad, key, key_len); + /* XOR key with opad values */ + for (i = 0; i < 64; i++) + k_pad[i] ^= 0x5c; + + /* perform outer SHA256 */ + _addr[0] = k_pad; + _len[0] = 64; + _addr[1] = mac; + _len[1] = SHA256_MAC_LEN; + sha256_vector(2, _addr, _len, mac); +} + + +/** + * hmac_sha256 - HMAC-SHA256 over data buffer (RFC 2104) + * @key: Key for HMAC operations + * @key_len: Length of the key in bytes + * @data: Pointers to the data area + * @data_len: Length of the data area + * @mac: Buffer for the hash (20 bytes) + */ +void hmac_sha256(const u8 *key, size_t key_len, const u8 *data, + size_t data_len, u8 *mac) +{ + hmac_sha256_vector(key, key_len, 1, &data, &data_len, mac); +} + + +/** + * sha256_prf - SHA256-based Pseudo-Random Function (IEEE 802.11r, 8.5A.3) + * @key: Key for PRF + * @key_len: Length of the key in bytes + * @label: A unique label for each purpose of the PRF + * @data: Extra data to bind into the key + * @data_len: Length of the data + * @buf: Buffer for the generated pseudo-random key + * @buf_len: Number of bytes of key to generate + * + * This function is used to derive new, cryptographically separate keys from a + * given key. + */ +void sha256_prf(const u8 *key, size_t key_len, const char *label, + const u8 *data, size_t data_len, u8 *buf, size_t buf_len) +{ + u16 counter = 0; + size_t pos, plen; + u8 hash[SHA256_MAC_LEN]; + const u8 *addr[3]; + size_t len[3]; + u8 counter_le[2]; + + addr[0] = counter_le; + len[0] = 2; + addr[1] = (u8 *) label; + len[1] = strlen(label) + 1; + addr[2] = data; + len[2] = data_len; + + pos = 0; + while (pos < buf_len) { + plen = buf_len - pos; + WPA_PUT_LE16(counter_le, counter); + if (plen >= SHA256_MAC_LEN) { + hmac_sha256_vector(key, key_len, 3, addr, len, + &buf[pos]); + pos += SHA256_MAC_LEN; + } else { + hmac_sha256_vector(key, key_len, 3, addr, len, hash); + memcpy(&buf[pos], hash, plen); + break; + } + counter++; + } +} + + +#ifdef INTERNAL_SHA256 + +struct sha256_state { + u64 length; + u32 state[8], curlen; + u8 buf[64]; +}; + +static void sha256_init(struct sha256_state *md); +static int sha256_process(struct sha256_state *md, const unsigned char *in, + unsigned long inlen); +static int sha256_done(struct sha256_state *md, unsigned char *out); + + +/** + * sha256_vector - SHA256 hash for data vector + * @num_elem: Number of elements in the data vector + * @addr: Pointers to the data areas + * @len: Lengths of the data blocks + * @mac: Buffer for the hash + */ +void sha256_vector(size_t num_elem, const u8 *addr[], const size_t *len, + u8 *mac) +{ + struct sha256_state ctx; + size_t i; + + sha256_init(&ctx); + for (i = 0; i < num_elem; i++) + sha256_process(&ctx, addr[i], len[i]); + sha256_done(&ctx, mac); +} + + +/* ===== start - public domain SHA256 implementation ===== */ + +/* This is based on SHA256 implementation in LibTomCrypt that was released into + * public domain by Tom St Denis. */ + +/* the K array */ +static const unsigned long K[64] = { + 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL, + 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL, + 0x243185beUL, 0x550c7dc3UL, 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, + 0xc19bf174UL, 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, + 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 0x983e5152UL, + 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 0xc6e00bf3UL, 0xd5a79147UL, + 0x06ca6351UL, 0x14292967UL, 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, + 0x53380d13UL, 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, + 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 0xd192e819UL, + 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 0x19a4c116UL, 0x1e376c08UL, + 0x2748774cUL, 0x34b0bcb5UL, 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, + 0x682e6ff3UL, 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, + 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL +}; + + +/* Various logical functions */ +#define RORc(x, y) \ +( ((((unsigned long) (x) & 0xFFFFFFFFUL) >> (unsigned long) ((y) & 31)) | \ + ((unsigned long) (x) << (unsigned long) (32 - ((y) & 31)))) & 0xFFFFFFFFUL) +#define Ch(x,y,z) (z ^ (x & (y ^ z))) +#define Maj(x,y,z) (((x | y) & z) | (x & y)) +#define S(x, n) RORc((x), (n)) +#define R(x, n) (((x)&0xFFFFFFFFUL)>>(n)) +#define Sigma0(x) (S(x, 2) ^ S(x, 13) ^ S(x, 22)) +#define Sigma1(x) (S(x, 6) ^ S(x, 11) ^ S(x, 25)) +#define Gamma0(x) (S(x, 7) ^ S(x, 18) ^ R(x, 3)) +#define Gamma1(x) (S(x, 17) ^ S(x, 19) ^ R(x, 10)) +#ifndef MIN +#define MIN(x, y) (((x) < (y)) ? (x) : (y)) +#endif + +/* compress 512-bits */ +static int sha256_compress(struct sha256_state *md, unsigned char *buf) +{ + u32 S[8], W[64], t0, t1; + u32 t; + int i; + + /* copy state into S */ + for (i = 0; i < 8; i++) { + S[i] = md->state[i]; + } + + /* copy the state into 512-bits into W[0..15] */ + for (i = 0; i < 16; i++) + W[i] = WPA_GET_BE32(buf + (4 * i)); + + /* fill W[16..63] */ + for (i = 16; i < 64; i++) { + W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + + W[i - 16]; + } + + /* Compress */ +#define RND(a,b,c,d,e,f,g,h,i) \ + t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \ + t1 = Sigma0(a) + Maj(a, b, c); \ + d += t0; \ + h = t0 + t1; + + for (i = 0; i < 64; ++i) { + RND(S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7], i); + t = S[7]; S[7] = S[6]; S[6] = S[5]; S[5] = S[4]; + S[4] = S[3]; S[3] = S[2]; S[2] = S[1]; S[1] = S[0]; S[0] = t; + } + + /* feedback */ + for (i = 0; i < 8; i++) { + md->state[i] = md->state[i] + S[i]; + } + return 0; +} + + +/* Initialize the hash state */ +static void sha256_init(struct sha256_state *md) +{ + md->curlen = 0; + md->length = 0; + md->state[0] = 0x6A09E667UL; + md->state[1] = 0xBB67AE85UL; + md->state[2] = 0x3C6EF372UL; + md->state[3] = 0xA54FF53AUL; + md->state[4] = 0x510E527FUL; + md->state[5] = 0x9B05688CUL; + md->state[6] = 0x1F83D9ABUL; + md->state[7] = 0x5BE0CD19UL; +} + +/** + Process a block of memory though the hash + @param md The hash state + @param in The data to hash + @param inlen The length of the data (octets) + @return CRYPT_OK if successful +*/ +static int sha256_process(struct sha256_state *md, const unsigned char *in, + unsigned long inlen) +{ + unsigned long n; +#define block_size 64 + + if (md->curlen > sizeof(md->buf)) + return -1; + + while (inlen > 0) { + if (md->curlen == 0 && inlen >= block_size) { + if (sha256_compress(md, (unsigned char *) in) < 0) + return -1; + md->length += block_size * 8; + in += block_size; + inlen -= block_size; + } else { + n = MIN(inlen, (block_size - md->curlen)); + memcpy(md->buf + md->curlen, in, n); + md->curlen += n; + in += n; + inlen -= n; + if (md->curlen == block_size) { + if (sha256_compress(md, md->buf) < 0) + return -1; + md->length += 8 * block_size; + md->curlen = 0; + } + } + } + + return 0; +} + + +/** + Terminate the hash to get the digest + @param md The hash state + @param out [out] The destination of the hash (32 bytes) + @return CRYPT_OK if successful +*/ +static int sha256_done(struct sha256_state *md, unsigned char *out) +{ + int i; + + if (md->curlen >= sizeof(md->buf)) + return -1; + + /* increase the length of the message */ + md->length += md->curlen * 8; + + /* append the '1' bit */ + md->buf[md->curlen++] = (unsigned char) 0x80; + + /* if the length is currently above 56 bytes we append zeros + * then compress. Then we can fall back to padding zeros and length + * encoding like normal. + */ + if (md->curlen > 56) { + while (md->curlen < 64) { + md->buf[md->curlen++] = (unsigned char) 0; + } + sha256_compress(md, md->buf); + md->curlen = 0; + } + + /* pad upto 56 bytes of zeroes */ + while (md->curlen < 56) { + md->buf[md->curlen++] = (unsigned char) 0; + } + + /* store length */ + WPA_PUT_BE64(md->buf + 56, md->length); + sha256_compress(md, md->buf); + + /* copy output */ + for (i = 0; i < 8; i++) + WPA_PUT_BE32(out + (4 * i), md->state[i]); + + return 0; +} + +/* ===== end - public domain SHA256 implementation ===== */ + +#endif /* INTERNAL_SHA256 */ diff --git a/contrib/hostapd-0.5.8/sha256.h b/contrib/hostapd-0.5.8/sha256.h new file mode 100644 index 0000000000..dc597f09b5 --- /dev/null +++ b/contrib/hostapd-0.5.8/sha256.h @@ -0,0 +1,27 @@ +/* + * SHA256 hash implementation and interface functions + * Copyright (c) 2003-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef SHA256_H +#define SHA256_H + +#define SHA256_MAC_LEN 32 + +void hmac_sha256_vector(const u8 *key, size_t key_len, size_t num_elem, + const u8 *addr[], const size_t *len, u8 *mac); +void hmac_sha256(const u8 *key, size_t key_len, const u8 *data, + size_t data_len, u8 *mac); +void sha256_prf(const u8 *key, size_t key_len, const char *label, + const u8 *data, size_t data_len, u8 *buf, size_t buf_len); + +#endif /* SHA256_H */ diff --git a/contrib/hostapd-0.5.8/sta_info.c b/contrib/hostapd-0.5.8/sta_info.c new file mode 100644 index 0000000000..dbb7f6cef7 --- /dev/null +++ b/contrib/hostapd-0.5.8/sta_info.c @@ -0,0 +1,585 @@ +/* + * hostapd / Station table + * Copyright (c) 2002-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "hostapd.h" +#include "sta_info.h" +#include "eloop.h" +#include "accounting.h" +#include "ieee802_1x.h" +#include "ieee802_11.h" +#include "radius.h" +#include "eapol_sm.h" +#include "wpa.h" +#include "preauth.h" +#include "radius_client.h" +#include "driver.h" +#include "beacon.h" +#include "hw_features.h" +#include "mlme.h" +#include "vlan_init.h" + +static int ap_sta_in_other_bss(struct hostapd_data *hapd, + struct sta_info *sta, u32 flags); +static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx); + +int ap_for_each_sta(struct hostapd_data *hapd, + int (*cb)(struct hostapd_data *hapd, struct sta_info *sta, + void *ctx), + void *ctx) +{ + struct sta_info *sta; + + for (sta = hapd->sta_list; sta; sta = sta->next) { + if (cb(hapd, sta, ctx)) + return 1; + } + + return 0; +} + + +struct sta_info * ap_get_sta(struct hostapd_data *hapd, const u8 *sta) +{ + struct sta_info *s; + + s = hapd->sta_hash[STA_HASH(sta)]; + while (s != NULL && memcmp(s->addr, sta, 6) != 0) + s = s->hnext; + return s; +} + + +static void ap_sta_list_del(struct hostapd_data *hapd, struct sta_info *sta) +{ + struct sta_info *tmp; + + if (hapd->sta_list == sta) { + hapd->sta_list = sta->next; + return; + } + + tmp = hapd->sta_list; + while (tmp != NULL && tmp->next != sta) + tmp = tmp->next; + if (tmp == NULL) { + printf("Could not remove STA " MACSTR " from list.\n", + MAC2STR(sta->addr)); + } else + tmp->next = sta->next; +} + + +void ap_sta_hash_add(struct hostapd_data *hapd, struct sta_info *sta) +{ + sta->hnext = hapd->sta_hash[STA_HASH(sta->addr)]; + hapd->sta_hash[STA_HASH(sta->addr)] = sta; +} + + +static void ap_sta_hash_del(struct hostapd_data *hapd, struct sta_info *sta) +{ + struct sta_info *s; + + s = hapd->sta_hash[STA_HASH(sta->addr)]; + if (s == NULL) return; + if (memcmp(s->addr, sta->addr, 6) == 0) { + hapd->sta_hash[STA_HASH(sta->addr)] = s->hnext; + return; + } + + while (s->hnext != NULL && memcmp(s->hnext->addr, sta->addr, 6) != 0) + s = s->hnext; + if (s->hnext != NULL) + s->hnext = s->hnext->hnext; + else + printf("AP: could not remove STA " MACSTR " from hash table\n", + MAC2STR(sta->addr)); +} + + +void ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta) +{ + int set_beacon = 0; + + accounting_sta_stop(hapd, sta); + + if (!ap_sta_in_other_bss(hapd, sta, WLAN_STA_ASSOC) && + !(sta->flags & WLAN_STA_PREAUTH)) + hostapd_sta_remove(hapd, sta->addr); + + ap_sta_hash_del(hapd, sta); + ap_sta_list_del(hapd, sta); + + if (sta->aid > 0) + hapd->sta_aid[sta->aid - 1] = NULL; + + hapd->num_sta--; + if (sta->nonerp_set) { + sta->nonerp_set = 0; + hapd->iface->num_sta_non_erp--; + if (hapd->iface->num_sta_non_erp == 0) + set_beacon++; + } + + if (sta->no_short_slot_time_set) { + sta->no_short_slot_time_set = 0; + hapd->iface->num_sta_no_short_slot_time--; + if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G + && hapd->iface->num_sta_no_short_slot_time == 0) + set_beacon++; + } + + if (sta->no_short_preamble_set) { + sta->no_short_preamble_set = 0; + hapd->iface->num_sta_no_short_preamble--; + if (hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G + && hapd->iface->num_sta_no_short_preamble == 0) + set_beacon++; + } + + if (set_beacon) + ieee802_11_set_beacons(hapd->iface); + + eloop_cancel_timeout(ap_handle_timer, hapd, sta); + eloop_cancel_timeout(ap_handle_session_timer, hapd, sta); + + ieee802_1x_free_station(sta); + wpa_auth_sta_deinit(sta->wpa_sm); + rsn_preauth_free_station(hapd, sta); + radius_client_flush_auth(hapd->radius, sta->addr); + + if (sta->last_assoc_req) + free(sta->last_assoc_req); + + free(sta->challenge); + + free(sta); +} + + +void hostapd_free_stas(struct hostapd_data *hapd) +{ + struct sta_info *sta, *prev; + + sta = hapd->sta_list; + + while (sta) { + prev = sta; + if (sta->flags & WLAN_STA_AUTH) { + mlme_deauthenticate_indication( + hapd, sta, WLAN_REASON_UNSPECIFIED); + } + sta = sta->next; + printf("Removing station " MACSTR "\n", MAC2STR(prev->addr)); + ap_free_sta(hapd, prev); + } +} + + +void ap_handle_timer(void *eloop_ctx, void *timeout_ctx) +{ + struct hostapd_data *hapd = eloop_ctx; + struct sta_info *sta = timeout_ctx; + unsigned long next_time = 0; + + if (sta->timeout_next == STA_REMOVE) { + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_INFO, "deauthenticated due to " + "local deauth request"); + ap_free_sta(hapd, sta); + return; + } + + if ((sta->flags & WLAN_STA_ASSOC) && + (sta->timeout_next == STA_NULLFUNC || + sta->timeout_next == STA_DISASSOC)) { + int inactive_sec; + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + "Checking STA " MACSTR " inactivity:\n", + MAC2STR(sta->addr)); + inactive_sec = hostapd_get_inact_sec(hapd, sta->addr); + if (inactive_sec == -1) { + printf(" Could not get station info from kernel " + "driver for " MACSTR ".\n", + MAC2STR(sta->addr)); + } else if (inactive_sec < hapd->conf->ap_max_inactivity && + sta->flags & WLAN_STA_ASSOC) { + /* station activity detected; reset timeout state */ + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + " Station has been active\n"); + sta->timeout_next = STA_NULLFUNC; + next_time = hapd->conf->ap_max_inactivity - + inactive_sec; + } + } + + if ((sta->flags & WLAN_STA_ASSOC) && + sta->timeout_next == STA_DISASSOC && + !(sta->flags & WLAN_STA_PENDING_POLL)) { + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + " Station has ACKed data poll\n"); + /* data nullfunc frame poll did not produce TX errors; assume + * station ACKed it */ + sta->timeout_next = STA_NULLFUNC; + next_time = hapd->conf->ap_max_inactivity; + } + + if (next_time) { + eloop_register_timeout(next_time, 0, ap_handle_timer, hapd, + sta); + return; + } + + if (sta->timeout_next == STA_NULLFUNC && + (sta->flags & WLAN_STA_ASSOC)) { + /* send data frame to poll STA and check whether this frame + * is ACKed */ + struct ieee80211_hdr hdr; + + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, + " Polling STA with data frame\n"); + sta->flags |= WLAN_STA_PENDING_POLL; + +#ifndef CONFIG_NATIVE_WINDOWS + /* FIX: WLAN_FC_STYPE_NULLFUNC would be more appropriate, but + * it is apparently not retried so TX Exc events are not + * received for it */ + memset(&hdr, 0, sizeof(hdr)); + hdr.frame_control = + IEEE80211_FC(WLAN_FC_TYPE_DATA, WLAN_FC_STYPE_DATA); + hdr.frame_control |= host_to_le16(BIT(1)); + hdr.frame_control |= host_to_le16(WLAN_FC_FROMDS); + memcpy(hdr.IEEE80211_DA_FROMDS, sta->addr, ETH_ALEN); + memcpy(hdr.IEEE80211_BSSID_FROMDS, hapd->own_addr, ETH_ALEN); + memcpy(hdr.IEEE80211_SA_FROMDS, hapd->own_addr, ETH_ALEN); + + if (hostapd_send_mgmt_frame(hapd, &hdr, sizeof(hdr), 0) < 0) + perror("ap_handle_timer: send"); +#endif /* CONFIG_NATIVE_WINDOWS */ + } else if (sta->timeout_next != STA_REMOVE) { + int deauth = sta->timeout_next == STA_DEAUTH; + + printf(" Sending %s info to STA " MACSTR "\n", + deauth ? "deauthentication" : "disassociation", + MAC2STR(sta->addr)); + + if (deauth) { + hostapd_sta_deauth(hapd, sta->addr, + WLAN_REASON_PREV_AUTH_NOT_VALID); + } else { + hostapd_sta_disassoc( + hapd, sta->addr, + WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY); + } + } + + switch (sta->timeout_next) { + case STA_NULLFUNC: + sta->timeout_next = STA_DISASSOC; + eloop_register_timeout(AP_DISASSOC_DELAY, 0, ap_handle_timer, + hapd, sta); + break; + case STA_DISASSOC: + sta->flags &= ~WLAN_STA_ASSOC; + ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); + if (!sta->acct_terminate_cause) + sta->acct_terminate_cause = + RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT; + accounting_sta_stop(hapd, sta); + ieee802_1x_free_station(sta); + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_INFO, "disassociated due to " + "inactivity"); + sta->timeout_next = STA_DEAUTH; + eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer, + hapd, sta); + mlme_disassociate_indication( + hapd, sta, WLAN_REASON_DISASSOC_DUE_TO_INACTIVITY); + break; + case STA_DEAUTH: + case STA_REMOVE: + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_INFO, "deauthenticated due to " + "inactivity"); + if (!sta->acct_terminate_cause) + sta->acct_terminate_cause = + RADIUS_ACCT_TERMINATE_CAUSE_IDLE_TIMEOUT; + mlme_deauthenticate_indication( + hapd, sta, + WLAN_REASON_PREV_AUTH_NOT_VALID); + ap_free_sta(hapd, sta); + break; + } +} + + +static void ap_handle_session_timer(void *eloop_ctx, void *timeout_ctx) +{ + struct hostapd_data *hapd = eloop_ctx; + struct sta_info *sta = timeout_ctx; + u8 addr[ETH_ALEN]; + + if (!(sta->flags & WLAN_STA_AUTH)) + return; + + mlme_deauthenticate_indication(hapd, sta, + WLAN_REASON_PREV_AUTH_NOT_VALID); + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_INFO, "deauthenticated due to " + "session timeout"); + sta->acct_terminate_cause = + RADIUS_ACCT_TERMINATE_CAUSE_SESSION_TIMEOUT; + memcpy(addr, sta->addr, ETH_ALEN); + ap_free_sta(hapd, sta); + hostapd_sta_deauth(hapd, addr, WLAN_REASON_PREV_AUTH_NOT_VALID); +} + + +void ap_sta_session_timeout(struct hostapd_data *hapd, struct sta_info *sta, + u32 session_timeout) +{ + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_DEBUG, "setting session timeout to %d " + "seconds", session_timeout); + eloop_cancel_timeout(ap_handle_session_timer, hapd, sta); + eloop_register_timeout(session_timeout, 0, ap_handle_session_timer, + hapd, sta); +} + + +void ap_sta_no_session_timeout(struct hostapd_data *hapd, struct sta_info *sta) +{ + eloop_cancel_timeout(ap_handle_session_timer, hapd, sta); +} + + +struct sta_info * ap_sta_add(struct hostapd_data *hapd, const u8 *addr) +{ + struct sta_info *sta; + + sta = ap_get_sta(hapd, addr); + if (sta) + return sta; + + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, " New STA\n"); + if (hapd->num_sta >= hapd->conf->max_num_sta) { + /* FIX: might try to remove some old STAs first? */ + printf(" no more room for new STAs (%d/%d)\n", + hapd->num_sta, hapd->conf->max_num_sta); + return NULL; + } + + sta = wpa_zalloc(sizeof(struct sta_info)); + if (sta == NULL) { + printf(" malloc failed\n"); + return NULL; + } + sta->acct_interim_interval = hapd->conf->radius->acct_interim_interval; + + /* initialize STA info data */ + eloop_register_timeout(hapd->conf->ap_max_inactivity, 0, + ap_handle_timer, hapd, sta); + memcpy(sta->addr, addr, ETH_ALEN); + sta->next = hapd->sta_list; + hapd->sta_list = sta; + hapd->num_sta++; + ap_sta_hash_add(hapd, sta); + sta->ssid = &hapd->conf->ssid; + + return sta; +} + + +static int ap_sta_remove(struct hostapd_data *hapd, struct sta_info *sta) +{ + ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); + + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "Removing STA " MACSTR + " from kernel driver\n", MAC2STR(sta->addr)); + if (hostapd_sta_remove(hapd, sta->addr) && + sta->flags & WLAN_STA_ASSOC) { + printf("Could not remove station " MACSTR " from kernel " + "driver.\n", MAC2STR(sta->addr)); + return -1; + } + return 0; +} + + +static int ap_sta_in_other_bss(struct hostapd_data *hapd, + struct sta_info *sta, u32 flags) +{ + struct hostapd_iface *iface = hapd->iface; + size_t i; + + for (i = 0; i < iface->num_bss; i++) { + struct hostapd_data *bss = iface->bss[i]; + struct sta_info *sta2; + /* bss should always be set during operation, but it may be + * NULL during reconfiguration. Assume the STA is not + * associated to another BSS in that case to avoid NULL pointer + * dereferences. */ + if (bss == hapd || bss == NULL) + continue; + sta2 = ap_get_sta(bss, sta->addr); + if (sta2 && ((sta2->flags & flags) == flags)) + return 1; + } + + return 0; +} + + +void ap_sta_disassociate(struct hostapd_data *hapd, struct sta_info *sta, + u16 reason) +{ + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "%s: disassociate STA " MACSTR + "\n", hapd->conf->iface, MAC2STR(sta->addr)); + sta->flags &= ~WLAN_STA_ASSOC; + if (!ap_sta_in_other_bss(hapd, sta, WLAN_STA_ASSOC)) + ap_sta_remove(hapd, sta); + sta->timeout_next = STA_DEAUTH; + eloop_cancel_timeout(ap_handle_timer, hapd, sta); + eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DISASSOC, 0, + ap_handle_timer, hapd, sta); + accounting_sta_stop(hapd, sta); + ieee802_1x_free_station(sta); + + mlme_disassociate_indication(hapd, sta, reason); +} + + +void ap_sta_deauthenticate(struct hostapd_data *hapd, struct sta_info *sta, + u16 reason) +{ + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "%s: deauthenticate STA " MACSTR + "\n", hapd->conf->iface, MAC2STR(sta->addr)); + sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC); + if (!ap_sta_in_other_bss(hapd, sta, WLAN_STA_ASSOC)) + ap_sta_remove(hapd, sta); + sta->timeout_next = STA_REMOVE; + eloop_cancel_timeout(ap_handle_timer, hapd, sta); + eloop_register_timeout(AP_MAX_INACTIVITY_AFTER_DEAUTH, 0, + ap_handle_timer, hapd, sta); + accounting_sta_stop(hapd, sta); + ieee802_1x_free_station(sta); + + mlme_deauthenticate_indication(hapd, sta, reason); +} + + +int ap_sta_bind_vlan(struct hostapd_data *hapd, struct sta_info *sta, + int old_vlanid) +{ + const char *iface; + struct hostapd_vlan *vlan = NULL; + + /* + * Do not proceed furthur if the vlan id remains same. We do not want + * duplicate dynamic vlan entries. + */ + if (sta->vlan_id == old_vlanid) + return 0; + + /* + * During 1x reauth, if the vlan id changes, then remove the old id and + * proceed furthur to add the new one. + */ + if (old_vlanid > 0) + vlan_remove_dynamic(hapd, old_vlanid); + + iface = hapd->conf->iface; + if (sta->ssid->vlan[0]) + iface = sta->ssid->vlan; + + if (sta->ssid->dynamic_vlan == DYNAMIC_VLAN_DISABLED) + sta->vlan_id = 0; + else if (sta->vlan_id > 0) { + vlan = hapd->conf->vlan; + while (vlan) { + if (vlan->vlan_id == sta->vlan_id || + vlan->vlan_id == VLAN_ID_WILDCARD) { + iface = vlan->ifname; + break; + } + vlan = vlan->next; + } + } + + if (sta->vlan_id > 0 && vlan == NULL) { + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_DEBUG, "could not find VLAN for " + "binding station to (vlan_id=%d)", + sta->vlan_id); + return -1; + } else if (sta->vlan_id > 0 && vlan->vlan_id == VLAN_ID_WILDCARD) { + vlan = vlan_add_dynamic(hapd, vlan, sta->vlan_id); + if (vlan == NULL) { + hostapd_logger(hapd, sta->addr, + HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_DEBUG, "could not add " + "dynamic VLAN interface for vlan_id=%d", + sta->vlan_id); + return -1; + } + + iface = vlan->ifname; + if (vlan_setup_encryption_dyn(hapd, sta->ssid, iface) != 0) { + hostapd_logger(hapd, sta->addr, + HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_DEBUG, "could not " + "configure encryption for dynamic VLAN " + "interface for vlan_id=%d", + sta->vlan_id); + } + + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_DEBUG, "added new dynamic VLAN " + "interface '%s'", iface); + } else if (vlan && vlan->vlan_id == sta->vlan_id) { + if (sta->vlan_id > 0) { + vlan->dynamic_vlan++; + hostapd_logger(hapd, sta->addr, + HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_DEBUG, "updated existing " + "dynamic VLAN interface '%s'", iface); + } + + /* + * Update encryption configuration for statically generated + * VLAN interface. This is only used for static WEP + * configuration for the case where hostapd did not yet know + * which keys are to be used when the interface was added. + */ + if (vlan_setup_encryption_dyn(hapd, sta->ssid, iface) != 0) { + hostapd_logger(hapd, sta->addr, + HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_DEBUG, "could not " + "configure encryption for VLAN " + "interface for vlan_id=%d", + sta->vlan_id); + } + } + + hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_DEBUG, "binding station to interface " + "'%s'", iface); + + if (wpa_auth_sta_set_vlan(sta->wpa_sm, sta->vlan_id) < 0) + wpa_printf(MSG_INFO, "Failed to update VLAN-ID for WPA"); + + return hostapd_set_sta_vlan(iface, hapd, sta->addr, sta->vlan_id); +} diff --git a/contrib/hostapd-0.5.8/sta_info.h b/contrib/hostapd-0.5.8/sta_info.h new file mode 100644 index 0000000000..1d9ab9687a --- /dev/null +++ b/contrib/hostapd-0.5.8/sta_info.h @@ -0,0 +1,40 @@ +/* + * hostapd / Station table + * Copyright (c) 2002-2004, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef STA_INFO_H +#define STA_INFO_H + +int ap_for_each_sta(struct hostapd_data *hapd, + int (*cb)(struct hostapd_data *hapd, struct sta_info *sta, + void *ctx), + void *ctx); +struct sta_info * ap_get_sta(struct hostapd_data *hapd, const u8 *sta); +void ap_sta_hash_add(struct hostapd_data *hapd, struct sta_info *sta); +void ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta); +void ap_free_sta(struct hostapd_data *hapd, struct sta_info *sta); +void hostapd_free_stas(struct hostapd_data *hapd); +void ap_handle_timer(void *eloop_ctx, void *timeout_ctx); +void ap_sta_session_timeout(struct hostapd_data *hapd, struct sta_info *sta, + u32 session_timeout); +void ap_sta_no_session_timeout(struct hostapd_data *hapd, + struct sta_info *sta); +struct sta_info * ap_sta_add(struct hostapd_data *hapd, const u8 *addr); +void ap_sta_disassociate(struct hostapd_data *hapd, struct sta_info *sta, + u16 reason); +void ap_sta_deauthenticate(struct hostapd_data *hapd, struct sta_info *sta, + u16 reason); +int ap_sta_bind_vlan(struct hostapd_data *hapd, struct sta_info *sta, + int old_vlanid); + +#endif /* STA_INFO_H */ diff --git a/contrib/hostapd-0.5.8/state_machine.h b/contrib/hostapd-0.5.8/state_machine.h new file mode 100644 index 0000000000..62766bf40b --- /dev/null +++ b/contrib/hostapd-0.5.8/state_machine.h @@ -0,0 +1,144 @@ +/* + * wpa_supplicant/hostapd - State machine definitions + * Copyright (c) 2002-2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + * + * This file includes a set of pre-processor macros that can be used to + * implement a state machine. In addition to including this header file, each + * file implementing a state machine must define STATE_MACHINE_DATA to be the + * data structure including state variables (enum _state, + * Boolean changed), and STATE_MACHINE_DEBUG_PREFIX to be a string that is used + * as a prefix for all debug messages. If SM_ENTRY_MA macro is used to define + * a group of state machines with shared data structure, STATE_MACHINE_ADDR + * needs to be defined to point to the MAC address used in debug output. + * SM_ENTRY_M macro can be used to define similar group of state machines + * without this additional debug info. + */ + +#ifndef STATE_MACHINE_H +#define STATE_MACHINE_H + +/** + * SM_STATE - Declaration of a state machine function + * @machine: State machine name + * @state: State machine state + * + * This macro is used to declare a state machine function. It is used in place + * of a C function definition to declare functions to be run when the state is + * entered by calling SM_ENTER or SM_ENTER_GLOBAL. + */ +#define SM_STATE(machine, state) \ +static void sm_ ## machine ## _ ## state ## _Enter(STATE_MACHINE_DATA *sm, \ + int global) + +/** + * SM_ENTRY - State machine function entry point + * @machine: State machine name + * @state: State machine state + * + * This macro is used inside each state machine function declared with + * SM_STATE. SM_ENTRY should be in the beginning of the function body, but + * after declaration of possible local variables. This macro prints debug + * information about state transition and update the state machine state. + */ +#define SM_ENTRY(machine, state) \ +if (!global || sm->machine ## _state != machine ## _ ## state) { \ + sm->changed = TRUE; \ + wpa_printf(MSG_DEBUG, STATE_MACHINE_DEBUG_PREFIX ": " #machine \ + " entering state " #state); \ +} \ +sm->machine ## _state = machine ## _ ## state; + +/** + * SM_ENTRY_M - State machine function entry point for state machine group + * @machine: State machine name + * @_state: State machine state + * @data: State variable prefix (full variable: _state) + * + * This macro is like SM_ENTRY, but for state machine groups that use a shared + * data structure for more than one state machine. Both machine and prefix + * parameters are set to "sub-state machine" name. prefix is used to allow more + * than one state variable to be stored in the same data structure. + */ +#define SM_ENTRY_M(machine, _state, data) \ +if (!global || sm->data ## _ ## state != machine ## _ ## _state) { \ + sm->changed = TRUE; \ + wpa_printf(MSG_DEBUG, STATE_MACHINE_DEBUG_PREFIX ": " \ + #machine " entering state " #_state); \ +} \ +sm->data ## _ ## state = machine ## _ ## _state; + +/** + * SM_ENTRY_MA - State machine function entry point for state machine group + * @machine: State machine name + * @_state: State machine state + * @data: State variable prefix (full variable: _state) + * + * This macro is like SM_ENTRY_M, but a MAC address is included in debug + * output. STATE_MACHINE_ADDR has to be defined to point to the MAC address to + * be included in debug. + */ +#define SM_ENTRY_MA(machine, _state, data) \ +if (!global || sm->data ## _ ## state != machine ## _ ## _state) { \ + sm->changed = TRUE; \ + wpa_printf(MSG_DEBUG, STATE_MACHINE_DEBUG_PREFIX ": " MACSTR " " \ + #machine " entering state " #_state, \ + MAC2STR(STATE_MACHINE_ADDR)); \ +} \ +sm->data ## _ ## state = machine ## _ ## _state; + +/** + * SM_ENTER - Enter a new state machine state + * @machine: State machine name + * @state: State machine state + * + * This macro expands to a function call to a state machine function defined + * with SM_STATE macro. SM_ENTER is used in a state machine step function to + * move the state machine to a new state. + */ +#define SM_ENTER(machine, state) \ +sm_ ## machine ## _ ## state ## _Enter(sm, 0) + +/** + * SM_ENTER_GLOBAL - Enter a new state machine state based on global rule + * @machine: State machine name + * @state: State machine state + * + * This macro is like SM_ENTER, but this is used when entering a new state + * based on a global (not specific to any particular state) rule. A separate + * macro is used to avoid unwanted debug message floods when the same global + * rule is forcing a state machine to remain in on state. + */ +#define SM_ENTER_GLOBAL(machine, state) \ +sm_ ## machine ## _ ## state ## _Enter(sm, 1) + +/** + * SM_STEP - Declaration of a state machine step function + * @machine: State machine name + * + * This macro is used to declare a state machine step function. It is used in + * place of a C function definition to declare a function that is used to move + * state machine to a new state based on state variables. This function uses + * SM_ENTER and SM_ENTER_GLOBAL macros to enter new state. + */ +#define SM_STEP(machine) \ +static void sm_ ## machine ## _Step(STATE_MACHINE_DATA *sm) + +/** + * SM_STEP_RUN - Call the state machine step function + * @machine: State machine name + * + * This macro expands to a function call to a state machine step function + * defined with SM_STEP macro. + */ +#define SM_STEP_RUN(machine) sm_ ## machine ## _Step(sm) + +#endif /* STATE_MACHINE_H */ diff --git a/contrib/hostapd-0.5.8/tls.h b/contrib/hostapd-0.5.8/tls.h new file mode 100644 index 0000000000..30d8842837 --- /dev/null +++ b/contrib/hostapd-0.5.8/tls.h @@ -0,0 +1,521 @@ +/* + * WPA Supplicant / SSL/TLS interface definition + * Copyright (c) 2004-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef TLS_H +#define TLS_H + +struct tls_connection; + +struct tls_keys { + const u8 *master_key; /* TLS master secret */ + size_t master_key_len; + const u8 *client_random; + size_t client_random_len; + const u8 *server_random; + size_t server_random_len; + const u8 *inner_secret; /* TLS/IA inner secret */ + size_t inner_secret_len; +}; + +struct tls_config { + const char *opensc_engine_path; + const char *pkcs11_engine_path; + const char *pkcs11_module_path; +}; + +/** + * struct tls_connection_params - Parameters for TLS connection + * @ca_cert: File or reference name for CA X.509 certificate in PEM or DER + * format + * @ca_cert_blob: ca_cert as inlined data or %NULL if not used + * @ca_cert_blob_len: ca_cert_blob length + * @ca_path: Path to CA certificates (OpenSSL specific) + * @subject_match: String to match in the subject of the peer certificate or + * %NULL to allow all subjects + * @altsubject_match: String to match in the alternative subject of the peer + * certificate or %NULL to allow all alternative subjects + * @client_cert: File or reference name for client X.509 certificate in PEM or + * DER format + * @client_cert_blob: client_cert as inlined data or %NULL if not used + * @client_cert_blob_len: client_cert_blob length + * @private_key: File or reference name for client private key in PEM or DER + * format (traditional format (RSA PRIVATE KEY) or PKCS#8 (PRIVATE KEY) + * @private_key_blob: private_key as inlined data or %NULL if not used + * @private_key_blob_len: private_key_blob length + * @private_key_passwd: Passphrase for decrypted private key, %NULL if no + * passphrase is used. + * @dh_file: File name for DH/DSA data in PEM format, or %NULL if not used + * @dh_blob: dh_file as inlined data or %NULL if not used + * @dh_blob_len: dh_blob length + * @engine: 1 = use engine (e.g., a smartcard) for private key operations + * (this is OpenSSL specific for now) + * @engine_id: engine id string (this is OpenSSL specific for now) + * @ppin: pointer to the pin variable in the configuration + * (this is OpenSSL specific for now) + * @key_id: the private key's key id (this is OpenSSL specific for now) + * @tls_ia: Whether to enable TLS/IA (for EAP-TTLSv1) + * + * TLS connection parameters to be configured with tls_connection_set_params() + * and tls_global_set_params(). + * + * Certificates and private key can be configured either as a reference name + * (file path or reference to certificate store) or by providing the same data + * as a pointer to the data in memory. Only one option will be used for each + * field. + */ +struct tls_connection_params { + const char *ca_cert; + const u8 *ca_cert_blob; + size_t ca_cert_blob_len; + const char *ca_path; + const char *subject_match; + const char *altsubject_match; + const char *client_cert; + const u8 *client_cert_blob; + size_t client_cert_blob_len; + const char *private_key; + const u8 *private_key_blob; + size_t private_key_blob_len; + const char *private_key_passwd; + const char *dh_file; + const u8 *dh_blob; + size_t dh_blob_len; + int tls_ia; + + /* OpenSSL specific variables */ + int engine; + const char *engine_id; + const char *pin; + const char *key_id; +}; + + +/** + * tls_init - Initialize TLS library + * @conf: Configuration data for TLS library + * Returns: Context data to be used as tls_ctx in calls to other functions, + * or %NULL on failure. + * + * Called once during program startup and once for each RSN pre-authentication + * session. In other words, there can be two concurrent TLS contexts. If global + * library initialization is needed (i.e., one that is shared between both + * authentication types), the TLS library wrapper should maintain a reference + * counter and do global initialization only when moving from 0 to 1 reference. + */ +void * tls_init(const struct tls_config *conf); + +/** + * tls_deinit - Deinitialize TLS library + * @tls_ctx: TLS context data from tls_init() + * + * Called once during program shutdown and once for each RSN pre-authentication + * session. If global library deinitialization is needed (i.e., one that is + * shared between both authentication types), the TLS library wrapper should + * maintain a reference counter and do global deinitialization only when moving + * from 1 to 0 references. + */ +void tls_deinit(void *tls_ctx); + +/** + * tls_get_errors - Process pending errors + * @tls_ctx: TLS context data from tls_init() + * Returns: Number of found error, 0 if no errors detected. + * + * Process all pending TLS errors. + */ +int tls_get_errors(void *tls_ctx); + +/** + * tls_connection_init - Initialize a new TLS connection + * @tls_ctx: TLS context data from tls_init() + * Returns: Connection context data, conn for other function calls + */ +struct tls_connection * tls_connection_init(void *tls_ctx); + +/** + * tls_connection_deinit - Free TLS connection data + * @tls_ctx: TLS context data from tls_init() + * @conn: Connection context data from tls_connection_init() + * + * Release all resources allocated for TLS connection. + */ +void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn); + +/** + * tls_connection_established - Has the TLS connection been completed? + * @tls_ctx: TLS context data from tls_init() + * @conn: Connection context data from tls_connection_init() + * Returns: 1 if TLS connection has been completed, 0 if not. + */ +int tls_connection_established(void *tls_ctx, struct tls_connection *conn); + +/** + * tls_connection_shutdown - Shutdown TLS connection + * @tls_ctx: TLS context data from tls_init() + * @conn: Connection context data from tls_connection_init() + * Returns: 0 on success, -1 on failure + * + * Shutdown current TLS connection without releasing all resources. New + * connection can be started by using the same conn without having to call + * tls_connection_init() or setting certificates etc. again. The new + * connection should try to use session resumption. + */ +int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn); + +enum { + TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED = -3, + TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED = -2 +}; + +/** + * tls_connection_set_params - Set TLS connection parameters + * @tls_ctx: TLS context data from tls_init() + * @conn: Connection context data from tls_connection_init() + * @params: Connection parameters + * Returns: 0 on success, -1 on failure, + * TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED (-2) on possible PIN error causing + * PKCS#11 engine failure, or + * TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED (-3) on failure to verify the + * PKCS#11 engine private key. + */ +int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn, + const struct tls_connection_params *params); + +/** + * tls_global_set_params - Set TLS parameters for all TLS connection + * @tls_ctx: TLS context data from tls_init() + * @params: Global TLS parameters + * Returns: 0 on success, -1 on failure, + * TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED (-2) on possible PIN error causing + * PKCS#11 engine failure, or + * TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED (-3) on failure to verify the + * PKCS#11 engine private key. + */ +int tls_global_set_params(void *tls_ctx, + const struct tls_connection_params *params); + +/** + * tls_global_set_verify - Set global certificate verification options + * @tls_ctx: TLS context data from tls_init() + * @check_crl: 0 = do not verify CRLs, 1 = verify CRL for the user certificate, + * 2 = verify CRL for all certificates + * Returns: 0 on success, -1 on failure + */ +int tls_global_set_verify(void *tls_ctx, int check_crl); + +/** + * tls_connection_set_verify - Set certificate verification options + * @tls_ctx: TLS context data from tls_init() + * @conn: Connection context data from tls_connection_init() + * @verify_peer: 1 = verify peer certificate + * Returns: 0 on success, -1 on failure + */ +int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn, + int verify_peer); + +/** + * tls_connection_set_ia - Set TLS/IA parameters + * @tls_ctx: TLS context data from tls_init() + * @conn: Connection context data from tls_connection_init() + * @tls_ia: 1 = enable TLS/IA + * Returns: 0 on success, -1 on failure + * + * This function is used to configure TLS/IA in server mode where + * tls_connection_set_params() is not used. + */ +int tls_connection_set_ia(void *tls_ctx, struct tls_connection *conn, + int tls_ia); + +/** + * tls_connection_get_keys - Get master key and random data from TLS connection + * @tls_ctx: TLS context data from tls_init() + * @conn: Connection context data from tls_connection_init() + * @keys: Structure of key/random data (filled on success) + * Returns: 0 on success, -1 on failure + */ +int tls_connection_get_keys(void *tls_ctx, struct tls_connection *conn, + struct tls_keys *keys); + +/** + * tls_connection_prf - Use TLS-PRF to derive keying material + * @tls_ctx: TLS context data from tls_init() + * @conn: Connection context data from tls_connection_init() + * @label: Label (e.g., description of the key) for PRF + * @server_random_first: seed is 0 = client_random|server_random, + * 1 = server_random|client_random + * @out: Buffer for output data from TLS-PRF + * @out_len: Length of the output buffer + * Returns: 0 on success, -1 on failure + * + * This function is optional to implement if tls_connection_get_keys() provides + * access to master secret and server/client random values. If these values are + * not exported from the TLS library, tls_connection_prf() is required so that + * further keying material can be derived from the master secret. If not + * implemented, the function will still need to be defined, but it can just + * return -1. Example implementation of this function is in tls_prf() function + * when it is called with seed set to client_random|server_random (or + * server_random|client_random). + */ +int tls_connection_prf(void *tls_ctx, struct tls_connection *conn, + const char *label, int server_random_first, + u8 *out, size_t out_len); + +/** + * tls_connection_handshake - Process TLS handshake (client side) + * @tls_ctx: TLS context data from tls_init() + * @conn: Connection context data from tls_connection_init() + * @in_data: Input data from TLS peer + * @in_len: Input data length + * @out_len: Length of the output buffer. + * @appl_data: Pointer to application data pointer, or %NULL if dropped + * @appl_data_len: Pointer to variable that is set to appl_data length + * Returns: Pointer to output data, %NULL on failure + * + * Caller is responsible for freeing returned output data. If the final + * handshake message includes application data, this is decrypted and + * appl_data (if not %NULL) is set to point this data. Caller is responsible + * for freeing appl_data. + * + * This function is used during TLS handshake. The first call is done with + * in_data == %NULL and the library is expected to return ClientHello packet. + * This packet is then send to the server and a response from server is given + * to TLS library by calling this function again with in_data pointing to the + * TLS message from the server. + * + * If the TLS handshake fails, this function may return %NULL. However, if the + * TLS library has a TLS alert to send out, that should be returned as the + * output data. In this case, tls_connection_get_failed() must return failure + * (> 0). + * + * tls_connection_established() should return 1 once the TLS handshake has been + * completed successfully. + */ +u8 * tls_connection_handshake(void *tls_ctx, struct tls_connection *conn, + const u8 *in_data, size_t in_len, + size_t *out_len, u8 **appl_data, + size_t *appl_data_len); + +/** + * tls_connection_server_handshake - Process TLS handshake (server side) + * @tls_ctx: TLS context data from tls_init() + * @conn: Connection context data from tls_connection_init() + * @in_data: Input data from TLS peer + * @in_len: Input data length + * @out_len: Length of the output buffer. + * Returns: pointer to output data, %NULL on failure + * + * Caller is responsible for freeing returned output data. + */ +u8 * tls_connection_server_handshake(void *tls_ctx, + struct tls_connection *conn, + const u8 *in_data, size_t in_len, + size_t *out_len); + +/** + * tls_connection_encrypt - Encrypt data into TLS tunnel + * @tls_ctx: TLS context data from tls_init() + * @conn: Connection context data from tls_connection_init() + * @in_data: Pointer to plaintext data to be encrypted + * @in_len: Input buffer length + * @out_data: Pointer to output buffer (encrypted TLS data) + * @out_len: Maximum out_data length + * Returns: Number of bytes written to out_data, -1 on failure + * + * This function is used after TLS handshake has been completed successfully to + * send data in the encrypted tunnel. + */ +int tls_connection_encrypt(void *tls_ctx, struct tls_connection *conn, + const u8 *in_data, size_t in_len, + u8 *out_data, size_t out_len); + +/** + * tls_connection_decrypt - Decrypt data from TLS tunnel + * @tls_ctx: TLS context data from tls_init() + * @conn: Connection context data from tls_connection_init() + * @in_data: Pointer to input buffer (encrypted TLS data) + * @in_len: Input buffer length + * @out_data: Pointer to output buffer (decrypted data from TLS tunnel) + * @out_len: Maximum out_data length + * Returns: Number of bytes written to out_data, -1 on failure + * + * This function is used after TLS handshake has been completed successfully to + * receive data from the encrypted tunnel. + */ +int tls_connection_decrypt(void *tls_ctx, struct tls_connection *conn, + const u8 *in_data, size_t in_len, + u8 *out_data, size_t out_len); + +/** + * tls_connection_resumed - Was session resumption used + * @tls_ctx: TLS context data from tls_init() + * @conn: Connection context data from tls_connection_init() + * Returns: 1 if current session used session resumption, 0 if not + */ +int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn); + +/** + * tls_connection_set_master_key - Configure master secret for TLS connection + * @tls_ctx: TLS context data from tls_init() + * @conn: Connection context data from tls_connection_init() + * @key: TLS pre-master-secret + * @key_len: length of key in bytes + * Returns: 0 on success, -1 on failure + */ +int tls_connection_set_master_key(void *tls_ctx, struct tls_connection *conn, + const u8 *key, size_t key_len); + +enum { + TLS_CIPHER_NONE, + TLS_CIPHER_RC4_SHA /* 0x0005 */, + TLS_CIPHER_AES128_SHA /* 0x002f */, + TLS_CIPHER_RSA_DHE_AES128_SHA /* 0x0031 */, + TLS_CIPHER_ANON_DH_AES128_SHA /* 0x0034 */ +}; + +/** + * tls_connection_set_cipher_list - Configure acceptable cipher suites + * @tls_ctx: TLS context data from tls_init() + * @conn: Connection context data from tls_connection_init() + * @ciphers: Zero (TLS_CIPHER_NONE) terminated list of allowed ciphers + * (TLS_CIPHER_*). + * Returns: 0 on success, -1 on failure + */ +int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn, + u8 *ciphers); + +/** + * tls_get_cipher - Get current cipher name + * @tls_ctx: TLS context data from tls_init() + * @conn: Connection context data from tls_connection_init() + * @buf: Buffer for the cipher name + * @buflen: buf size + * Returns: 0 on success, -1 on failure + * + * Get the name of the currently used cipher. + */ +int tls_get_cipher(void *tls_ctx, struct tls_connection *conn, + char *buf, size_t buflen); + +/** + * tls_connection_enable_workaround - Enable TLS workaround options + * @tls_ctx: TLS context data from tls_init() + * @conn: Connection context data from tls_connection_init() + * Returns: 0 on success, -1 on failure + * + * This function is used to enable connection-specific workaround options for + * buffer SSL/TLS implementations. + */ +int tls_connection_enable_workaround(void *tls_ctx, + struct tls_connection *conn); + +/** + * tls_connection_client_hello_ext - Set TLS extension for ClientHello + * @tls_ctx: TLS context data from tls_init() + * @conn: Connection context data from tls_connection_init() + * @ext_type: Extension type + * @data: Extension payload (%NULL to remove extension) + * @data_len: Extension payload length + * Returns: 0 on success, -1 on failure + */ +int tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn, + int ext_type, const u8 *data, + size_t data_len); + +/** + * tls_connection_get_failed - Get connection failure status + * @tls_ctx: TLS context data from tls_init() + * @conn: Connection context data from tls_connection_init() + * + * Returns >0 if connection has failed, 0 if not. + */ +int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn); + +/** + * tls_connection_get_read_alerts - Get connection read alert status + * @tls_ctx: TLS context data from tls_init() + * @conn: Connection context data from tls_connection_init() + * Returns: Number of times a fatal read (remote end reported error) has + * happened during this connection. + */ +int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn); + +/** + * tls_connection_get_write_alerts - Get connection write alert status + * @tls_ctx: TLS context data from tls_init() + * @conn: Connection context data from tls_connection_init() + * Returns: Number of times a fatal write (locally detected error) has happened + * during this connection. + */ +int tls_connection_get_write_alerts(void *tls_ctx, + struct tls_connection *conn); + +/** + * tls_connection_get_keyblock_size - Get TLS key_block size + * @tls_ctx: TLS context data from tls_init() + * @conn: Connection context data from tls_connection_init() + * Returns: Size of the key_block for the negotiated cipher suite or -1 on + * failure + */ +int tls_connection_get_keyblock_size(void *tls_ctx, + struct tls_connection *conn); + +#define TLS_CAPABILITY_IA 0x0001 /* TLS Inner Application (TLS/IA) */ +/** + * tls_capabilities - Get supported TLS capabilities + * @tls_ctx: TLS context data from tls_init() + * Returns: Bit field of supported TLS capabilities (TLS_CAPABILITY_*) + */ +unsigned int tls_capabilities(void *tls_ctx); + +/** + * tls_connection_ia_send_phase_finished - Send a TLS/IA PhaseFinished message + * @tls_ctx: TLS context data from tls_init() + * @conn: Connection context data from tls_connection_init() + * @final: 1 = FinalPhaseFinished, 0 = IntermediatePhaseFinished + * @out_data: Pointer to output buffer (encrypted TLS/IA data) + * @out_len: Maximum out_data length + * Returns: Number of bytes written to out_data on success, -1 on failure + * + * This function is used to send the TLS/IA end phase message, e.g., when the + * EAP server completes EAP-TTLSv1. + */ +int tls_connection_ia_send_phase_finished(void *tls_ctx, + struct tls_connection *conn, + int final, + u8 *out_data, size_t out_len); + +/** + * tls_connection_ia_final_phase_finished - Has final phase been completed + * @tls_ctx: TLS context data from tls_init() + * @conn: Connection context data from tls_connection_init() + * Returns: 1 if valid FinalPhaseFinished has been received, 0 if not, or -1 + * on failure + */ +int tls_connection_ia_final_phase_finished(void *tls_ctx, + struct tls_connection *conn); + +/** + * tls_connection_ia_permute_inner_secret - Permute TLS/IA inner secret + * @tls_ctx: TLS context data from tls_init() + * @conn: Connection context data from tls_connection_init() + * @key: Session key material (session_key vectors with 2-octet length), or + * %NULL if no session key was generating in the current phase + * @key_len: Length of session key material + * Returns: 0 on success, -1 on failure + */ +int tls_connection_ia_permute_inner_secret(void *tls_ctx, + struct tls_connection *conn, + const u8 *key, size_t key_len); + +#endif /* TLS_H */ diff --git a/contrib/hostapd-0.5.8/tls_gnutls.c b/contrib/hostapd-0.5.8/tls_gnutls.c new file mode 100644 index 0000000000..0789398318 --- /dev/null +++ b/contrib/hostapd-0.5.8/tls_gnutls.c @@ -0,0 +1,1370 @@ +/* + * WPA Supplicant / SSL/TLS interface functions for openssl + * Copyright (c) 2004-2007, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" +#include +#include +#ifdef PKCS12_FUNCS +#include +#endif /* PKCS12_FUNCS */ + +#ifdef CONFIG_GNUTLS_EXTRA +#if LIBGNUTLS_VERSION_NUMBER >= 0x010302 +#define GNUTLS_IA +#include +#if LIBGNUTLS_VERSION_NUMBER == 0x010302 +/* This function is not included in the current gnutls/extra.h even though it + * should be, so define it here as a workaround for the time being. */ +int gnutls_ia_verify_endphase(gnutls_session_t session, char *checksum); +#endif /* LIBGNUTLS_VERSION_NUMBER == 0x010302 */ +#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x010302 */ +#endif /* CONFIG_GNUTLS_EXTRA */ + +#include "common.h" +#include "tls.h" + + +#define TLS_RANDOM_SIZE 32 +#define TLS_MASTER_SIZE 48 + + +#if LIBGNUTLS_VERSION_NUMBER < 0x010302 +/* GnuTLS 1.3.2 added functions for using master secret. Older versions require + * use of internal structures to get the master_secret and + * {server,client}_random. + */ +#define GNUTLS_INTERNAL_STRUCTURE_HACK +#endif /* LIBGNUTLS_VERSION_NUMBER < 0x010302 */ + + +#ifdef GNUTLS_INTERNAL_STRUCTURE_HACK +/* + * It looks like gnutls does not provide access to client/server_random and + * master_key. This is somewhat unfortunate since these are needed for key + * derivation in EAP-{TLS,TTLS,PEAP,FAST}. Workaround for now is a horrible + * hack that copies the gnutls_session_int definition from gnutls_int.h so that + * we can get the needed information. + */ + +typedef u8 uint8; +typedef unsigned char opaque; +typedef struct { + uint8 suite[2]; +} cipher_suite_st; + +typedef struct { + gnutls_connection_end_t entity; + gnutls_kx_algorithm_t kx_algorithm; + gnutls_cipher_algorithm_t read_bulk_cipher_algorithm; + gnutls_mac_algorithm_t read_mac_algorithm; + gnutls_compression_method_t read_compression_algorithm; + gnutls_cipher_algorithm_t write_bulk_cipher_algorithm; + gnutls_mac_algorithm_t write_mac_algorithm; + gnutls_compression_method_t write_compression_algorithm; + cipher_suite_st current_cipher_suite; + opaque master_secret[TLS_MASTER_SIZE]; + opaque client_random[TLS_RANDOM_SIZE]; + opaque server_random[TLS_RANDOM_SIZE]; + /* followed by stuff we are not interested in */ +} security_parameters_st; + +struct gnutls_session_int { + security_parameters_st security_parameters; + /* followed by things we are not interested in */ +}; +#endif /* LIBGNUTLS_VERSION_NUMBER < 0x010302 */ + +static int tls_gnutls_ref_count = 0; + +struct tls_global { + /* Data for session resumption */ + void *session_data; + size_t session_data_size; + + int server; + + int params_set; + gnutls_certificate_credentials_t xcred; +}; + +struct tls_connection { + gnutls_session session; + char *subject_match, *altsubject_match; + int read_alerts, write_alerts, failed; + + u8 *pre_shared_secret; + size_t pre_shared_secret_len; + int established; + int verify_peer; + + u8 *push_buf, *pull_buf, *pull_buf_offset; + size_t push_buf_len, pull_buf_len; + + int params_set; + gnutls_certificate_credentials_t xcred; + + int tls_ia; + int final_phase_finished; + +#ifdef GNUTLS_IA + gnutls_ia_server_credentials_t iacred_srv; + gnutls_ia_client_credentials_t iacred_cli; + + /* Session keys generated in the current phase for inner secret + * permutation before generating/verifying PhaseFinished. */ + u8 *session_keys; + size_t session_keys_len; + + u8 inner_secret[TLS_MASTER_SIZE]; +#endif /* GNUTLS_IA */ +}; + + +static void tls_log_func(int level, const char *msg) +{ + char *s, *pos; + if (level == 6 || level == 7) { + /* These levels seem to be mostly I/O debug and msg dumps */ + return; + } + + s = os_strdup(msg); + if (s == NULL) + return; + + pos = s; + while (*pos != '\0') { + if (*pos == '\n') { + *pos = '\0'; + break; + } + pos++; + } + wpa_printf(level > 3 ? MSG_MSGDUMP : MSG_DEBUG, + "gnutls<%d> %s", level, s); + os_free(s); +} + + +extern int wpa_debug_show_keys; + +void * tls_init(const struct tls_config *conf) +{ + struct tls_global *global; + +#ifdef GNUTLS_INTERNAL_STRUCTURE_HACK + /* Because of the horrible hack to get master_secret and client/server + * random, we need to make sure that the gnutls version is something + * that is expected to have same structure definition for the session + * data.. */ + const char *ver; + const char *ok_ver[] = { "1.2.3", "1.2.4", "1.2.5", "1.2.6", "1.2.9", + "1.3.2", + NULL }; + int i; +#endif /* GNUTLS_INTERNAL_STRUCTURE_HACK */ + + global = os_zalloc(sizeof(*global)); + if (global == NULL) + return NULL; + + if (tls_gnutls_ref_count == 0 && gnutls_global_init() < 0) { + os_free(global); + return NULL; + } + tls_gnutls_ref_count++; + +#ifdef GNUTLS_INTERNAL_STRUCTURE_HACK + ver = gnutls_check_version(NULL); + if (ver == NULL) { + tls_deinit(global); + return NULL; + } + wpa_printf(MSG_DEBUG, "%s - gnutls version %s", __func__, ver); + for (i = 0; ok_ver[i]; i++) { + if (strcmp(ok_ver[i], ver) == 0) + break; + } + if (ok_ver[i] == NULL) { + wpa_printf(MSG_INFO, "Untested gnutls version %s - this needs " + "to be tested and enabled in tls_gnutls.c", ver); + tls_deinit(global); + return NULL; + } +#endif /* GNUTLS_INTERNAL_STRUCTURE_HACK */ + + gnutls_global_set_log_function(tls_log_func); + if (wpa_debug_show_keys) + gnutls_global_set_log_level(11); + return global; +} + + +void tls_deinit(void *ssl_ctx) +{ + struct tls_global *global = ssl_ctx; + if (global) { + if (global->params_set) + gnutls_certificate_free_credentials(global->xcred); + os_free(global->session_data); + os_free(global); + } + + tls_gnutls_ref_count--; + if (tls_gnutls_ref_count == 0) + gnutls_global_deinit(); +} + + +int tls_get_errors(void *ssl_ctx) +{ + return 0; +} + + +static ssize_t tls_pull_func(gnutls_transport_ptr ptr, void *buf, + size_t len) +{ + struct tls_connection *conn = (struct tls_connection *) ptr; + u8 *end; + if (conn->pull_buf == NULL) { + errno = EWOULDBLOCK; + return -1; + } + + end = conn->pull_buf + conn->pull_buf_len; + if ((size_t) (end - conn->pull_buf_offset) < len) + len = end - conn->pull_buf_offset; + os_memcpy(buf, conn->pull_buf_offset, len); + conn->pull_buf_offset += len; + if (conn->pull_buf_offset == end) { + wpa_printf(MSG_DEBUG, "%s - pull_buf consumed", __func__); + os_free(conn->pull_buf); + conn->pull_buf = conn->pull_buf_offset = NULL; + conn->pull_buf_len = 0; + } else { + wpa_printf(MSG_DEBUG, "%s - %d bytes remaining in pull_buf", + __func__, end - conn->pull_buf_offset); + } + return len; +} + + +static ssize_t tls_push_func(gnutls_transport_ptr ptr, const void *buf, + size_t len) +{ + struct tls_connection *conn = (struct tls_connection *) ptr; + u8 *nbuf; + + nbuf = os_realloc(conn->push_buf, conn->push_buf_len + len); + if (nbuf == NULL) { + errno = ENOMEM; + return -1; + } + os_memcpy(nbuf + conn->push_buf_len, buf, len); + conn->push_buf = nbuf; + conn->push_buf_len += len; + + return len; +} + + +static int tls_gnutls_init_session(struct tls_global *global, + struct tls_connection *conn) +{ + const int cert_types[2] = { GNUTLS_CRT_X509, 0 }; + const int protos[2] = { GNUTLS_TLS1, 0 }; + int ret; + + ret = gnutls_init(&conn->session, + global->server ? GNUTLS_SERVER : GNUTLS_CLIENT); + if (ret < 0) { + wpa_printf(MSG_INFO, "TLS: Failed to initialize new TLS " + "connection: %s", gnutls_strerror(ret)); + return -1; + } + + ret = gnutls_set_default_priority(conn->session); + if (ret < 0) + goto fail; + + ret = gnutls_certificate_type_set_priority(conn->session, cert_types); + if (ret < 0) + goto fail; + + ret = gnutls_protocol_set_priority(conn->session, protos); + if (ret < 0) + goto fail; + + gnutls_transport_set_pull_function(conn->session, tls_pull_func); + gnutls_transport_set_push_function(conn->session, tls_push_func); + gnutls_transport_set_ptr(conn->session, (gnutls_transport_ptr) conn); + + return 0; + +fail: + wpa_printf(MSG_INFO, "TLS: Failed to setup new TLS connection: %s", + gnutls_strerror(ret)); + gnutls_deinit(conn->session); + return -1; +} + + +struct tls_connection * tls_connection_init(void *ssl_ctx) +{ + struct tls_global *global = ssl_ctx; + struct tls_connection *conn; + int ret; + + conn = os_zalloc(sizeof(*conn)); + if (conn == NULL) + return NULL; + + if (tls_gnutls_init_session(global, conn)) { + os_free(conn); + return NULL; + } + + if (global->params_set) { + ret = gnutls_credentials_set(conn->session, + GNUTLS_CRD_CERTIFICATE, + global->xcred); + if (ret < 0) { + wpa_printf(MSG_INFO, "Failed to configure " + "credentials: %s", gnutls_strerror(ret)); + os_free(conn); + return NULL; + } + } + + if (gnutls_certificate_allocate_credentials(&conn->xcred)) { + os_free(conn); + return NULL; + } + + return conn; +} + + +void tls_connection_deinit(void *ssl_ctx, struct tls_connection *conn) +{ + if (conn == NULL) + return; + +#ifdef GNUTLS_IA + if (conn->iacred_srv) + gnutls_ia_free_server_credentials(conn->iacred_srv); + if (conn->iacred_cli) + gnutls_ia_free_client_credentials(conn->iacred_cli); + if (conn->session_keys) { + os_memset(conn->session_keys, 0, conn->session_keys_len); + os_free(conn->session_keys); + } +#endif /* GNUTLS_IA */ + + gnutls_certificate_free_credentials(conn->xcred); + gnutls_deinit(conn->session); + os_free(conn->pre_shared_secret); + os_free(conn->subject_match); + os_free(conn->altsubject_match); + os_free(conn->push_buf); + os_free(conn->pull_buf); + os_free(conn); +} + + +int tls_connection_established(void *ssl_ctx, struct tls_connection *conn) +{ + return conn ? conn->established : 0; +} + + +int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn) +{ + struct tls_global *global = ssl_ctx; + int ret; + + if (conn == NULL) + return -1; + + /* Shutdown previous TLS connection without notifying the peer + * because the connection was already terminated in practice + * and "close notify" shutdown alert would confuse AS. */ + gnutls_bye(conn->session, GNUTLS_SHUT_RDWR); + os_free(conn->push_buf); + conn->push_buf = NULL; + conn->push_buf_len = 0; + conn->established = 0; + conn->final_phase_finished = 0; +#ifdef GNUTLS_IA + if (conn->session_keys) { + os_memset(conn->session_keys, 0, conn->session_keys_len); + os_free(conn->session_keys); + } + conn->session_keys_len = 0; +#endif /* GNUTLS_IA */ + + gnutls_deinit(conn->session); + if (tls_gnutls_init_session(global, conn)) { + wpa_printf(MSG_INFO, "GnuTLS: Failed to preparare new session " + "for session resumption use"); + return -1; + } + + ret = gnutls_credentials_set(conn->session, GNUTLS_CRD_CERTIFICATE, + conn->params_set ? conn->xcred : + global->xcred); + if (ret < 0) { + wpa_printf(MSG_INFO, "GnuTLS: Failed to configure credentials " + "for session resumption: %s", gnutls_strerror(ret)); + return -1; + } + + if (global->session_data) { + ret = gnutls_session_set_data(conn->session, + global->session_data, + global->session_data_size); + if (ret < 0) { + wpa_printf(MSG_INFO, "GnuTLS: Failed to set session " + "data: %s", gnutls_strerror(ret)); + return -1; + } + } + + return 0; +} + + +#if 0 +static int tls_match_altsubject(X509 *cert, const char *match) +{ + GENERAL_NAME *gen; + char *field, *tmp; + void *ext; + int i, found = 0; + size_t len; + + ext = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL); + + for (i = 0; ext && i < sk_GENERAL_NAME_num(ext); i++) { + gen = sk_GENERAL_NAME_value(ext, i); + switch (gen->type) { + case GEN_EMAIL: + field = "EMAIL"; + break; + case GEN_DNS: + field = "DNS"; + break; + case GEN_URI: + field = "URI"; + break; + default: + field = NULL; + wpa_printf(MSG_DEBUG, "TLS: altSubjectName: " + "unsupported type=%d", gen->type); + break; + } + + if (!field) + continue; + + wpa_printf(MSG_DEBUG, "TLS: altSubjectName: %s:%s", + field, gen->d.ia5->data); + len = os_strlen(field) + 1 + + strlen((char *) gen->d.ia5->data) + 1; + tmp = os_malloc(len); + if (tmp == NULL) + continue; + snprintf(tmp, len, "%s:%s", field, gen->d.ia5->data); + if (strstr(tmp, match)) + found++; + os_free(tmp); + } + + return found; +} +#endif + + +#if 0 +static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) +{ + char buf[256]; + X509 *err_cert; + int err, depth; + SSL *ssl; + struct tls_connection *conn; + char *match, *altmatch; + + err_cert = X509_STORE_CTX_get_current_cert(x509_ctx); + err = X509_STORE_CTX_get_error(x509_ctx); + depth = X509_STORE_CTX_get_error_depth(x509_ctx); + ssl = X509_STORE_CTX_get_ex_data(x509_ctx, + SSL_get_ex_data_X509_STORE_CTX_idx()); + X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf)); + + conn = SSL_get_app_data(ssl); + match = conn ? conn->subject_match : NULL; + altmatch = conn ? conn->altsubject_match : NULL; + + if (!preverify_ok) { + wpa_printf(MSG_WARNING, "TLS: Certificate verification failed," + " error %d (%s) depth %d for '%s'", err, + X509_verify_cert_error_string(err), depth, buf); + } else { + wpa_printf(MSG_DEBUG, "TLS: tls_verify_cb - " + "preverify_ok=%d err=%d (%s) depth=%d buf='%s'", + preverify_ok, err, + X509_verify_cert_error_string(err), depth, buf); + if (depth == 0 && match && strstr(buf, match) == NULL) { + wpa_printf(MSG_WARNING, "TLS: Subject '%s' did not " + "match with '%s'", buf, match); + preverify_ok = 0; + } else if (depth == 0 && altmatch && + !tls_match_altsubject(err_cert, altmatch)) { + wpa_printf(MSG_WARNING, "TLS: altSubjectName match " + "'%s' not found", altmatch); + preverify_ok = 0; + } + } + + return preverify_ok; +} +#endif + + +int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn, + const struct tls_connection_params *params) +{ + int ret; + + if (conn == NULL || params == NULL) + return -1; + + os_free(conn->subject_match); + conn->subject_match = NULL; + if (params->subject_match) { + conn->subject_match = os_strdup(params->subject_match); + if (conn->subject_match == NULL) + return -1; + } + + os_free(conn->altsubject_match); + conn->altsubject_match = NULL; + if (params->altsubject_match) { + conn->altsubject_match = os_strdup(params->altsubject_match); + if (conn->altsubject_match == NULL) + return -1; + } + + /* TODO: gnutls_certificate_set_verify_flags(xcred, flags); + * to force peer validation(?) */ + + if (params->ca_cert) { + conn->verify_peer = 1; + ret = gnutls_certificate_set_x509_trust_file( + conn->xcred, params->ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + wpa_printf(MSG_DEBUG, "Failed to read CA cert '%s' " + "in PEM format: %s", params->ca_cert, + gnutls_strerror(ret)); + ret = gnutls_certificate_set_x509_trust_file( + conn->xcred, params->ca_cert, + GNUTLS_X509_FMT_DER); + if (ret < 0) { + wpa_printf(MSG_DEBUG, "Failed to read CA cert " + "'%s' in DER format: %s", + params->ca_cert, + gnutls_strerror(ret)); + return -1; + } + } + } + + if (params->client_cert && params->private_key) { + /* TODO: private_key_passwd? */ + ret = gnutls_certificate_set_x509_key_file( + conn->xcred, params->client_cert, params->private_key, + GNUTLS_X509_FMT_PEM); + if (ret < 0) { + wpa_printf(MSG_DEBUG, "Failed to read client cert/key " + "in PEM format: %s", gnutls_strerror(ret)); + ret = gnutls_certificate_set_x509_key_file( + conn->xcred, params->client_cert, + params->private_key, GNUTLS_X509_FMT_DER); + if (ret < 0) { + wpa_printf(MSG_DEBUG, "Failed to read client " + "cert/key in DER format: %s", + gnutls_strerror(ret)); + return ret; + } + } + } else if (params->private_key) { + int pkcs12_ok = 0; +#ifdef PKCS12_FUNCS + /* Try to load in PKCS#12 format */ +#if LIBGNUTLS_VERSION_NUMBER >= 0x010302 + ret = gnutls_certificate_set_x509_simple_pkcs12_file( + conn->xcred, params->private_key, GNUTLS_X509_FMT_DER, + params->private_key_passwd); + if (ret != 0) { + wpa_printf(MSG_DEBUG, "Failed to load private_key in " + "PKCS#12 format: %s", gnutls_strerror(ret)); + return -1; + } else + pkcs12_ok = 1; +#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x010302 */ +#endif /* PKCS12_FUNCS */ + + if (!pkcs12_ok) { + wpa_printf(MSG_DEBUG, "GnuTLS: PKCS#12 support not " + "included"); + return -1; + } + } + + conn->tls_ia = params->tls_ia; + conn->params_set = 1; + + ret = gnutls_credentials_set(conn->session, GNUTLS_CRD_CERTIFICATE, + conn->xcred); + if (ret < 0) { + wpa_printf(MSG_INFO, "Failed to configure credentials: %s", + gnutls_strerror(ret)); + } + +#ifdef GNUTLS_IA + if (conn->iacred_cli) + gnutls_ia_free_client_credentials(conn->iacred_cli); + + ret = gnutls_ia_allocate_client_credentials(&conn->iacred_cli); + if (ret) { + wpa_printf(MSG_DEBUG, "Failed to allocate IA credentials: %s", + gnutls_strerror(ret)); + return -1; + } + + ret = gnutls_credentials_set(conn->session, GNUTLS_CRD_IA, + conn->iacred_cli); + if (ret) { + wpa_printf(MSG_DEBUG, "Failed to configure IA credentials: %s", + gnutls_strerror(ret)); + gnutls_ia_free_client_credentials(conn->iacred_cli); + conn->iacred_cli = NULL; + return -1; + } +#endif /* GNUTLS_IE */ + + return ret; +} + + +int tls_global_set_params(void *tls_ctx, + const struct tls_connection_params *params) +{ + struct tls_global *global = tls_ctx; + int ret; + + /* Currently, global parameters are only set when running in server + * mode. */ + global->server = 1; + + if (global->params_set) { + gnutls_certificate_free_credentials(global->xcred); + global->params_set = 0; + } + + ret = gnutls_certificate_allocate_credentials(&global->xcred); + if (ret) { + wpa_printf(MSG_DEBUG, "Failed to allocate global credentials " + "%s", gnutls_strerror(ret)); + return -1; + } + + if (params->ca_cert) { + ret = gnutls_certificate_set_x509_trust_file( + global->xcred, params->ca_cert, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + wpa_printf(MSG_DEBUG, "Failed to read CA cert '%s' " + "in PEM format: %s", params->ca_cert, + gnutls_strerror(ret)); + ret = gnutls_certificate_set_x509_trust_file( + global->xcred, params->ca_cert, + GNUTLS_X509_FMT_DER); + if (ret < 0) { + wpa_printf(MSG_DEBUG, "Failed to read CA cert " + "'%s' in DER format: %s", + params->ca_cert, + gnutls_strerror(ret)); + goto fail; + } + } + } + + if (params->client_cert && params->private_key) { + /* TODO: private_key_passwd? */ + ret = gnutls_certificate_set_x509_key_file( + global->xcred, params->client_cert, + params->private_key, GNUTLS_X509_FMT_PEM); + if (ret < 0) { + wpa_printf(MSG_DEBUG, "Failed to read client cert/key " + "in PEM format: %s", gnutls_strerror(ret)); + ret = gnutls_certificate_set_x509_key_file( + global->xcred, params->client_cert, + params->private_key, GNUTLS_X509_FMT_DER); + if (ret < 0) { + wpa_printf(MSG_DEBUG, "Failed to read client " + "cert/key in DER format: %s", + gnutls_strerror(ret)); + goto fail; + } + } + } else if (params->private_key) { + int pkcs12_ok = 0; +#ifdef PKCS12_FUNCS + /* Try to load in PKCS#12 format */ +#if LIBGNUTLS_VERSION_NUMBER >= 0x010302 + ret = gnutls_certificate_set_x509_simple_pkcs12_file( + global->xcred, params->private_key, + GNUTLS_X509_FMT_DER, params->private_key_passwd); + if (ret != 0) { + wpa_printf(MSG_DEBUG, "Failed to load private_key in " + "PKCS#12 format: %s", gnutls_strerror(ret)); + goto fail; + } else + pkcs12_ok = 1; +#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x010302 */ +#endif /* PKCS12_FUNCS */ + + if (!pkcs12_ok) { + wpa_printf(MSG_DEBUG, "GnuTLS: PKCS#12 support not " + "included"); + goto fail; + } + } + + global->params_set = 1; + + return 0; + +fail: + gnutls_certificate_free_credentials(global->xcred); + return -1; +} + + +int tls_global_set_verify(void *ssl_ctx, int check_crl) +{ + /* TODO */ + return 0; +} + + +int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn, + int verify_peer) +{ + if (conn == NULL || conn->session == NULL) + return -1; + + conn->verify_peer = verify_peer; + gnutls_certificate_server_set_request(conn->session, + verify_peer ? GNUTLS_CERT_REQUIRE + : GNUTLS_CERT_REQUEST); + + return 0; +} + + +int tls_connection_get_keys(void *ssl_ctx, struct tls_connection *conn, + struct tls_keys *keys) +{ +#ifdef GNUTLS_INTERNAL_STRUCTURE_HACK + security_parameters_st *sec; +#endif /* GNUTLS_INTERNAL_STRUCTURE_HACK */ + + if (conn == NULL || conn->session == NULL || keys == NULL) + return -1; + + os_memset(keys, 0, sizeof(*keys)); + +#ifdef GNUTLS_INTERNAL_STRUCTURE_HACK + sec = &conn->session->security_parameters; + keys->master_key = sec->master_secret; + keys->master_key_len = TLS_MASTER_SIZE; + keys->client_random = sec->client_random; + keys->server_random = sec->server_random; +#else /* GNUTLS_INTERNAL_STRUCTURE_HACK */ + keys->client_random = + (u8 *) gnutls_session_get_client_random(conn->session); + keys->server_random = + (u8 *) gnutls_session_get_server_random(conn->session); + /* No access to master_secret */ +#endif /* GNUTLS_INTERNAL_STRUCTURE_HACK */ + +#ifdef GNUTLS_IA + gnutls_ia_extract_inner_secret(conn->session, + (char *) conn->inner_secret); + keys->inner_secret = conn->inner_secret; + keys->inner_secret_len = TLS_MASTER_SIZE; +#endif /* GNUTLS_IA */ + + keys->client_random_len = TLS_RANDOM_SIZE; + keys->server_random_len = TLS_RANDOM_SIZE; + + return 0; +} + + +int tls_connection_prf(void *tls_ctx, struct tls_connection *conn, + const char *label, int server_random_first, + u8 *out, size_t out_len) +{ +#if LIBGNUTLS_VERSION_NUMBER >= 0x010302 + if (conn == NULL || conn->session == NULL) + return -1; + + return gnutls_prf(conn->session, os_strlen(label), label, + server_random_first, 0, NULL, out_len, (char *) out); +#else /* LIBGNUTLS_VERSION_NUMBER >= 0x010302 */ + return -1; +#endif /* LIBGNUTLS_VERSION_NUMBER >= 0x010302 */ +} + + +static int tls_connection_verify_peer(struct tls_connection *conn) +{ + unsigned int status, num_certs, i; + struct os_time now; + const gnutls_datum_t *certs; + gnutls_x509_crt_t cert; + + if (gnutls_certificate_verify_peers2(conn->session, &status) < 0) { + wpa_printf(MSG_INFO, "TLS: Failed to verify peer " + "certificate chain"); + return -1; + } + + if (conn->verify_peer && (status & GNUTLS_CERT_INVALID)) { + wpa_printf(MSG_INFO, "TLS: Peer certificate not trusted"); + return -1; + } + + if (status & GNUTLS_CERT_SIGNER_NOT_FOUND) { + wpa_printf(MSG_INFO, "TLS: Peer certificate does not have a " + "known issuer"); + return -1; + } + + if (status & GNUTLS_CERT_REVOKED) { + wpa_printf(MSG_INFO, "TLS: Peer certificate has been revoked"); + return -1; + } + + os_get_time(&now); + + certs = gnutls_certificate_get_peers(conn->session, &num_certs); + if (certs == NULL) { + wpa_printf(MSG_INFO, "TLS: No peer certificate chain " + "received"); + return -1; + } + + for (i = 0; i < num_certs; i++) { + char *buf; + size_t len; + if (gnutls_x509_crt_init(&cert) < 0) { + wpa_printf(MSG_INFO, "TLS: Certificate initialization " + "failed"); + return -1; + } + + if (gnutls_x509_crt_import(cert, &certs[i], + GNUTLS_X509_FMT_DER) < 0) { + wpa_printf(MSG_INFO, "TLS: Could not parse peer " + "certificate %d/%d", i + 1, num_certs); + gnutls_x509_crt_deinit(cert); + return -1; + } + + gnutls_x509_crt_get_dn(cert, NULL, &len); + len++; + buf = os_malloc(len + 1); + if (buf) { + buf[0] = buf[len] = '\0'; + gnutls_x509_crt_get_dn(cert, buf, &len); + } + wpa_printf(MSG_DEBUG, "TLS: Peer cert chain %d/%d: %s", + i + 1, num_certs, buf); + + if (i == 0) { + /* TODO: validate subject_match and altsubject_match */ + } + + os_free(buf); + + if (gnutls_x509_crt_get_expiration_time(cert) < now.sec || + gnutls_x509_crt_get_activation_time(cert) > now.sec) { + wpa_printf(MSG_INFO, "TLS: Peer certificate %d/%d is " + "not valid at this time", + i + 1, num_certs); + gnutls_x509_crt_deinit(cert); + return -1; + } + + gnutls_x509_crt_deinit(cert); + } + + return 0; +} + + +u8 * tls_connection_handshake(void *ssl_ctx, struct tls_connection *conn, + const u8 *in_data, size_t in_len, + size_t *out_len, u8 **appl_data, + size_t *appl_data_len) +{ + struct tls_global *global = ssl_ctx; + u8 *out_data; + int ret; + + if (appl_data) + *appl_data = NULL; + + if (in_data && in_len) { + if (conn->pull_buf) { + wpa_printf(MSG_DEBUG, "%s - %d bytes remaining in " + "pull_buf", __func__, conn->pull_buf_len); + os_free(conn->pull_buf); + } + conn->pull_buf = os_malloc(in_len); + if (conn->pull_buf == NULL) + return NULL; + os_memcpy(conn->pull_buf, in_data, in_len); + conn->pull_buf_offset = conn->pull_buf; + conn->pull_buf_len = in_len; + } + + ret = gnutls_handshake(conn->session); + if (ret < 0) { + switch (ret) { + case GNUTLS_E_AGAIN: + if (global->server && conn->established && + conn->push_buf == NULL) { + /* Need to return something to trigger + * completion of EAP-TLS. */ + conn->push_buf = os_malloc(1); + } + break; + case GNUTLS_E_FATAL_ALERT_RECEIVED: + wpa_printf(MSG_DEBUG, "%s - received fatal '%s' alert", + __func__, gnutls_alert_get_name( + gnutls_alert_get(conn->session))); + conn->read_alerts++; + /* continue */ + default: + wpa_printf(MSG_DEBUG, "%s - gnutls_handshake failed " + "-> %s", __func__, gnutls_strerror(ret)); + conn->failed++; + } + } else { + size_t size; + + if (conn->verify_peer && tls_connection_verify_peer(conn)) { + wpa_printf(MSG_INFO, "TLS: Peer certificate chain " + "failed validation"); + conn->failed++; + return NULL; + } + + if (conn->tls_ia && !gnutls_ia_handshake_p(conn->session)) { + wpa_printf(MSG_INFO, "TLS: No TLS/IA negotiation"); + conn->failed++; + return NULL; + } + + if (conn->tls_ia) + wpa_printf(MSG_DEBUG, "TLS: Start TLS/IA handshake"); + else { + wpa_printf(MSG_DEBUG, "TLS: Handshake completed " + "successfully"); + } + conn->established = 1; + if (conn->push_buf == NULL) { + /* Need to return something to get final TLS ACK. */ + conn->push_buf = os_malloc(1); + } + + gnutls_session_get_data(conn->session, NULL, &size); + if (global->session_data == NULL || + global->session_data_size < size) { + os_free(global->session_data); + global->session_data = os_malloc(size); + } + if (global->session_data) { + global->session_data_size = size; + gnutls_session_get_data(conn->session, + global->session_data, + &global->session_data_size); + } + } + + out_data = conn->push_buf; + *out_len = conn->push_buf_len; + conn->push_buf = NULL; + conn->push_buf_len = 0; + return out_data; +} + + +u8 * tls_connection_server_handshake(void *ssl_ctx, + struct tls_connection *conn, + const u8 *in_data, size_t in_len, + size_t *out_len) +{ + return tls_connection_handshake(ssl_ctx, conn, in_data, in_len, + out_len, NULL, NULL); +} + + +int tls_connection_encrypt(void *ssl_ctx, struct tls_connection *conn, + const u8 *in_data, size_t in_len, + u8 *out_data, size_t out_len) +{ + ssize_t res; + +#ifdef GNUTLS_IA + if (conn->tls_ia) + res = gnutls_ia_send(conn->session, (char *) in_data, in_len); + else +#endif /* GNUTLS_IA */ + res = gnutls_record_send(conn->session, in_data, in_len); + if (res < 0) { + wpa_printf(MSG_INFO, "%s: Encryption failed: %s", + __func__, gnutls_strerror(res)); + return -1; + } + if (conn->push_buf == NULL) + return -1; + if (conn->push_buf_len < out_len) + out_len = conn->push_buf_len; + os_memcpy(out_data, conn->push_buf, out_len); + os_free(conn->push_buf); + conn->push_buf = NULL; + conn->push_buf_len = 0; + return out_len; +} + + +int tls_connection_decrypt(void *ssl_ctx, struct tls_connection *conn, + const u8 *in_data, size_t in_len, + u8 *out_data, size_t out_len) +{ + ssize_t res; + + if (conn->pull_buf) { + wpa_printf(MSG_DEBUG, "%s - %d bytes remaining in " + "pull_buf", __func__, conn->pull_buf_len); + os_free(conn->pull_buf); + } + conn->pull_buf = os_malloc(in_len); + if (conn->pull_buf == NULL) + return -1; + os_memcpy(conn->pull_buf, in_data, in_len); + conn->pull_buf_offset = conn->pull_buf; + conn->pull_buf_len = in_len; + +#ifdef GNUTLS_IA + if (conn->tls_ia) { + res = gnutls_ia_recv(conn->session, (char *) out_data, + out_len); + if (out_len >= 12 && + (res == GNUTLS_E_WARNING_IA_IPHF_RECEIVED || + res == GNUTLS_E_WARNING_IA_FPHF_RECEIVED)) { + int final = res == GNUTLS_E_WARNING_IA_FPHF_RECEIVED; + wpa_printf(MSG_DEBUG, "%s: Received %sPhaseFinished", + __func__, final ? "Final" : "Intermediate"); + + res = gnutls_ia_permute_inner_secret( + conn->session, conn->session_keys_len, + (char *) conn->session_keys); + if (conn->session_keys) { + os_memset(conn->session_keys, 0, + conn->session_keys_len); + os_free(conn->session_keys); + } + conn->session_keys = NULL; + conn->session_keys_len = 0; + if (res) { + wpa_printf(MSG_DEBUG, "%s: Failed to permute " + "inner secret: %s", + __func__, gnutls_strerror(res)); + return -1; + } + + res = gnutls_ia_verify_endphase(conn->session, + (char *) out_data); + if (res == 0) { + wpa_printf(MSG_DEBUG, "%s: Correct endphase " + "checksum", __func__); + } else { + wpa_printf(MSG_INFO, "%s: Endphase " + "verification failed: %s", + __func__, gnutls_strerror(res)); + return -1; + } + + if (final) + conn->final_phase_finished = 1; + + return 0; + } + + if (res < 0) { + wpa_printf(MSG_DEBUG, "%s - gnutls_ia_recv failed: %d " + "(%s)", __func__, res, + gnutls_strerror(res)); + } + return res; + } +#endif /* GNUTLS_IA */ + + res = gnutls_record_recv(conn->session, out_data, out_len); + if (res < 0) { + wpa_printf(MSG_DEBUG, "%s - gnutls_record_recv failed: %d " + "(%s)", __func__, res, gnutls_strerror(res)); + } + + return res; +} + + +int tls_connection_resumed(void *ssl_ctx, struct tls_connection *conn) +{ + if (conn == NULL) + return 0; + return gnutls_session_is_resumed(conn->session); +} + + +int tls_connection_set_master_key(void *ssl_ctx, struct tls_connection *conn, + const u8 *key, size_t key_len) +{ + /* TODO */ + return -1; +} + + +int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn, + u8 *ciphers) +{ + /* TODO */ + return -1; +} + + +int tls_get_cipher(void *ssl_ctx, struct tls_connection *conn, + char *buf, size_t buflen) +{ + /* TODO */ + buf[0] = '\0'; + return 0; +} + + +int tls_connection_enable_workaround(void *ssl_ctx, + struct tls_connection *conn) +{ + /* TODO: set SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS */ + return 0; +} + + +int tls_connection_client_hello_ext(void *ssl_ctx, struct tls_connection *conn, + int ext_type, const u8 *data, + size_t data_len) +{ + /* TODO */ + return -1; +} + + +int tls_connection_get_failed(void *ssl_ctx, struct tls_connection *conn) +{ + if (conn == NULL) + return -1; + return conn->failed; +} + + +int tls_connection_get_read_alerts(void *ssl_ctx, struct tls_connection *conn) +{ + if (conn == NULL) + return -1; + return conn->read_alerts; +} + + +int tls_connection_get_write_alerts(void *ssl_ctx, struct tls_connection *conn) +{ + if (conn == NULL) + return -1; + return conn->write_alerts; +} + + +int tls_connection_get_keyblock_size(void *tls_ctx, + struct tls_connection *conn) +{ + /* TODO */ + return -1; +} + + +unsigned int tls_capabilities(void *tls_ctx) +{ + unsigned int capa = 0; + +#ifdef GNUTLS_IA + capa |= TLS_CAPABILITY_IA; +#endif /* GNUTLS_IA */ + + return capa; +} + + +int tls_connection_set_ia(void *tls_ctx, struct tls_connection *conn, + int tls_ia) +{ +#ifdef GNUTLS_IA + int ret; + + if (conn == NULL) + return -1; + + conn->tls_ia = tls_ia; + if (!tls_ia) + return 0; + + ret = gnutls_ia_allocate_server_credentials(&conn->iacred_srv); + if (ret) { + wpa_printf(MSG_DEBUG, "Failed to allocate IA credentials: %s", + gnutls_strerror(ret)); + return -1; + } + + ret = gnutls_credentials_set(conn->session, GNUTLS_CRD_IA, + conn->iacred_srv); + if (ret) { + wpa_printf(MSG_DEBUG, "Failed to configure IA credentials: %s", + gnutls_strerror(ret)); + gnutls_ia_free_server_credentials(conn->iacred_srv); + conn->iacred_srv = NULL; + return -1; + } + + return 0; +#else /* GNUTLS_IA */ + return -1; +#endif /* GNUTLS_IA */ +} + + +int tls_connection_ia_send_phase_finished(void *tls_ctx, + struct tls_connection *conn, + int final, + u8 *out_data, size_t out_len) +{ +#ifdef GNUTLS_IA + int ret; + + if (conn == NULL || conn->session == NULL || !conn->tls_ia) + return -1; + + ret = gnutls_ia_permute_inner_secret(conn->session, + conn->session_keys_len, + (char *) conn->session_keys); + if (conn->session_keys) { + os_memset(conn->session_keys, 0, conn->session_keys_len); + os_free(conn->session_keys); + } + conn->session_keys = NULL; + conn->session_keys_len = 0; + if (ret) { + wpa_printf(MSG_DEBUG, "%s: Failed to permute inner secret: %s", + __func__, gnutls_strerror(ret)); + return -1; + } + + ret = gnutls_ia_endphase_send(conn->session, final); + if (ret) { + wpa_printf(MSG_DEBUG, "%s: Failed to send endphase: %s", + __func__, gnutls_strerror(ret)); + return -1; + } + + if (conn->push_buf == NULL) + return -1; + if (conn->push_buf_len < out_len) + out_len = conn->push_buf_len; + os_memcpy(out_data, conn->push_buf, out_len); + os_free(conn->push_buf); + conn->push_buf = NULL; + conn->push_buf_len = 0; + return out_len; +#else /* GNUTLS_IA */ + return -1; +#endif /* GNUTLS_IA */ +} + + +int tls_connection_ia_final_phase_finished(void *tls_ctx, + struct tls_connection *conn) +{ + if (conn == NULL) + return -1; + + return conn->final_phase_finished; +} + + +int tls_connection_ia_permute_inner_secret(void *tls_ctx, + struct tls_connection *conn, + const u8 *key, size_t key_len) +{ +#ifdef GNUTLS_IA + if (conn == NULL || !conn->tls_ia) + return -1; + + if (conn->session_keys) { + os_memset(conn->session_keys, 0, conn->session_keys_len); + os_free(conn->session_keys); + } + conn->session_keys_len = 0; + + if (key) { + conn->session_keys = os_malloc(key_len); + if (conn->session_keys == NULL) + return -1; + os_memcpy(conn->session_keys, key, key_len); + conn->session_keys_len = key_len; + } else { + conn->session_keys = NULL; + conn->session_keys_len = 0; + } + + return 0; +#else /* GNUTLS_IA */ + return -1; +#endif /* GNUTLS_IA */ +} diff --git a/contrib/hostapd-0.5.8/tls_none.c b/contrib/hostapd-0.5.8/tls_none.c new file mode 100644 index 0000000000..ad08d5076c --- /dev/null +++ b/contrib/hostapd-0.5.8/tls_none.c @@ -0,0 +1,241 @@ +/* + * WPA Supplicant / SSL/TLS interface functions for no TLS case + * Copyright (c) 2004, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "common.h" +#include "tls.h" + +void * tls_init(const struct tls_config *conf) +{ + return (void *) 1; +} + +void tls_deinit(void *ssl_ctx) +{ +} + + +#ifdef EAP_TLS_NONE + +int tls_get_errors(void *tls_ctx) +{ + return 0; +} + + +struct tls_connection * tls_connection_init(void *tls_ctx) +{ + return NULL; +} + + +void tls_connection_deinit(void *tls_ctx, struct tls_connection *conn) +{ +} + + +int tls_connection_established(void *tls_ctx, struct tls_connection *conn) +{ + return -1; +} + + +int tls_connection_shutdown(void *tls_ctx, struct tls_connection *conn) +{ + return -1; +} + + +int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn, + const struct tls_connection_params *params) +{ + return -1; +} + + +int tls_global_set_params(void *tls_ctx, + const struct tls_connection_params *params) +{ + return -1; +} + + +int tls_global_set_verify(void *tls_ctx, int check_crl) +{ + return -1; +} + + +int tls_connection_set_verify(void *tls_ctx, struct tls_connection *conn, + int verify_peer) +{ + return -1; +} + + +int tls_connection_set_ia(void *tls_ctx, struct tls_connection *conn, + int tls_ia) +{ + return -1; +} + + +int tls_connection_get_keys(void *tls_ctx, struct tls_connection *conn, + struct tls_keys *keys) +{ + return -1; +} + + +int tls_connection_prf(void *tls_ctx, struct tls_connection *conn, + const char *label, int server_random_first, + u8 *out, size_t out_len) +{ + return -1; +} + + +u8 * tls_connection_handshake(void *tls_ctx, struct tls_connection *conn, + const u8 *in_data, size_t in_len, + size_t *out_len, u8 **appl_data, + size_t *appl_data_len) +{ + return NULL; +} + + +u8 * tls_connection_server_handshake(void *tls_ctx, + struct tls_connection *conn, + const u8 *in_data, size_t in_len, + size_t *out_len) +{ + return NULL; +} + + +int tls_connection_encrypt(void *tls_ctx, struct tls_connection *conn, + const u8 *in_data, size_t in_len, + u8 *out_data, size_t out_len) +{ + return -1; +} + + +int tls_connection_decrypt(void *tls_ctx, struct tls_connection *conn, + const u8 *in_data, size_t in_len, + u8 *out_data, size_t out_len) +{ + return -1; +} + + +int tls_connection_resumed(void *tls_ctx, struct tls_connection *conn) +{ + return 0; +} + + +int tls_connection_set_master_key(void *tls_ctx, struct tls_connection *conn, + const u8 *key, size_t key_len) +{ + return -1; +} + + +int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn, + u8 *ciphers) +{ + return -1; +} + + +int tls_get_cipher(void *tls_ctx, struct tls_connection *conn, + char *buf, size_t buflen) +{ + return -1; +} + + +int tls_connection_enable_workaround(void *tls_ctx, + struct tls_connection *conn) +{ + return -1; +} + + +int tls_connection_client_hello_ext(void *tls_ctx, struct tls_connection *conn, + int ext_type, const u8 *data, + size_t data_len) +{ + return -1; +} + + +int tls_connection_get_failed(void *tls_ctx, struct tls_connection *conn) +{ + return 0; +} + + +int tls_connection_get_read_alerts(void *tls_ctx, struct tls_connection *conn) +{ + return 0; +} + + +int tls_connection_get_write_alerts(void *tls_ctx, + struct tls_connection *conn) +{ + return 0; +} + + +int tls_connection_get_keyblock_size(void *tls_ctx, + struct tls_connection *conn) +{ + return -1; +} + + +unsigned int tls_capabilities(void *tls_ctx) +{ + return 0; +} + + +int tls_connection_ia_send_phase_finished(void *tls_ctx, + struct tls_connection *conn, + int final, + u8 *out_data, size_t out_len) +{ + return -1; +} + + +int tls_connection_ia_final_phase_finished(void *tls_ctx, + struct tls_connection *conn) +{ + return -1; +} + + +int tls_connection_ia_permute_inner_secret(void *tls_ctx, + struct tls_connection *conn, + const u8 *key, size_t key_len) +{ + return -1; +} + +#endif /* EAP_TLS_NONE */ diff --git a/contrib/hostapd-0.5.8/tls_openssl.c b/contrib/hostapd-0.5.8/tls_openssl.c new file mode 100644 index 0000000000..c8d941f7a1 --- /dev/null +++ b/contrib/hostapd-0.5.8/tls_openssl.c @@ -0,0 +1,2317 @@ +/* + * WPA Supplicant / SSL/TLS interface functions for openssl + * Copyright (c) 2004-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#ifndef CONFIG_SMARTCARD +#ifndef OPENSSL_NO_ENGINE +#define OPENSSL_NO_ENGINE +#endif +#endif + +#include +#include +#include +#include +#ifndef OPENSSL_NO_ENGINE +#include +#endif /* OPENSSL_NO_ENGINE */ + +#include "common.h" +#include "tls.h" + +#if OPENSSL_VERSION_NUMBER >= 0x0090800fL +#define OPENSSL_d2i_TYPE const unsigned char ** +#else +#define OPENSSL_d2i_TYPE unsigned char ** +#endif + +static int tls_openssl_ref_count = 0; + +struct tls_connection { + SSL *ssl; + BIO *ssl_in, *ssl_out; +#ifndef OPENSSL_NO_ENGINE + ENGINE *engine; /* functional reference to the engine */ + EVP_PKEY *private_key; /* the private key if using engine */ +#endif /* OPENSSL_NO_ENGINE */ + char *subject_match, *altsubject_match; + int read_alerts, write_alerts, failed; + + u8 *pre_shared_secret; + size_t pre_shared_secret_len; +}; + + +#ifdef CONFIG_NO_STDOUT_DEBUG + +static void _tls_show_errors(void) +{ + unsigned long err; + + while ((err = ERR_get_error())) { + /* Just ignore the errors, since stdout is disabled */ + } +} +#define tls_show_errors(l, f, t) _tls_show_errors() + +#else /* CONFIG_NO_STDOUT_DEBUG */ + +static void tls_show_errors(int level, const char *func, const char *txt) +{ + unsigned long err; + + wpa_printf(level, "OpenSSL: %s - %s %s", + func, txt, ERR_error_string(ERR_get_error(), NULL)); + + while ((err = ERR_get_error())) { + wpa_printf(MSG_INFO, "OpenSSL: pending error: %s", + ERR_error_string(err, NULL)); + } +} + +#endif /* CONFIG_NO_STDOUT_DEBUG */ + + +#ifdef CONFIG_NATIVE_WINDOWS + +/* Windows CryptoAPI and access to certificate stores */ +#include + +#ifdef __MINGW32_VERSION +/* + * MinGW does not yet include all the needed definitions for CryptoAPI, so + * define here whatever extra is needed. + */ +#define CALG_SSL3_SHAMD5 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_SSL3SHAMD5) +#define CERT_SYSTEM_STORE_CURRENT_USER (1 << 16) +#define CERT_STORE_READONLY_FLAG 0x00008000 +#define CERT_STORE_OPEN_EXISTING_FLAG 0x00004000 +#define CRYPT_ACQUIRE_COMPARE_KEY_FLAG 0x00000004 + +static BOOL WINAPI +(*CryptAcquireCertificatePrivateKey)(PCCERT_CONTEXT pCert, DWORD dwFlags, + void *pvReserved, HCRYPTPROV *phCryptProv, + DWORD *pdwKeySpec, BOOL *pfCallerFreeProv) += NULL; /* to be loaded from crypt32.dll */ + +static PCCERT_CONTEXT WINAPI +(*CertEnumCertificatesInStore)(HCERTSTORE hCertStore, + PCCERT_CONTEXT pPrevCertContext) += NULL; /* to be loaded from crypt32.dll */ + +static int mingw_load_crypto_func(void) +{ + HINSTANCE dll; + + /* MinGW does not yet have full CryptoAPI support, so load the needed + * function here. */ + + if (CryptAcquireCertificatePrivateKey) + return 0; + + dll = LoadLibrary("crypt32"); + if (dll == NULL) { + wpa_printf(MSG_DEBUG, "CryptoAPI: Could not load crypt32 " + "library"); + return -1; + } + + CryptAcquireCertificatePrivateKey = GetProcAddress( + dll, "CryptAcquireCertificatePrivateKey"); + if (CryptAcquireCertificatePrivateKey == NULL) { + wpa_printf(MSG_DEBUG, "CryptoAPI: Could not get " + "CryptAcquireCertificatePrivateKey() address from " + "crypt32 library"); + return -1; + } + + CertEnumCertificatesInStore = (void *) GetProcAddress( + dll, "CertEnumCertificatesInStore"); + if (CertEnumCertificatesInStore == NULL) { + wpa_printf(MSG_DEBUG, "CryptoAPI: Could not get " + "CertEnumCertificatesInStore() address from " + "crypt32 library"); + return -1; + } + + return 0; +} + +#else /* __MINGW32_VERSION */ + +static int mingw_load_crypto_func(void) +{ + return 0; +} + +#endif /* __MINGW32_VERSION */ + + +struct cryptoapi_rsa_data { + const CERT_CONTEXT *cert; + HCRYPTPROV crypt_prov; + DWORD key_spec; + BOOL free_crypt_prov; +}; + + +static void cryptoapi_error(const char *msg) +{ + wpa_printf(MSG_INFO, "CryptoAPI: %s; err=%u", + msg, (unsigned int) GetLastError()); +} + + +static int cryptoapi_rsa_pub_enc(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding) +{ + wpa_printf(MSG_DEBUG, "%s - not implemented", __func__); + return 0; +} + + +static int cryptoapi_rsa_pub_dec(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding) +{ + wpa_printf(MSG_DEBUG, "%s - not implemented", __func__); + return 0; +} + + +static int cryptoapi_rsa_priv_enc(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding) +{ + struct cryptoapi_rsa_data *priv = + (struct cryptoapi_rsa_data *) rsa->meth->app_data; + HCRYPTHASH hash; + DWORD hash_size, len, i; + unsigned char *buf = NULL; + int ret = 0; + + if (priv == NULL) { + RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, + ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + if (padding != RSA_PKCS1_PADDING) { + RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, + RSA_R_UNKNOWN_PADDING_TYPE); + return 0; + } + + if (flen != 16 /* MD5 */ + 20 /* SHA-1 */) { + wpa_printf(MSG_INFO, "%s - only MD5-SHA1 hash supported", + __func__); + RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, + RSA_R_INVALID_MESSAGE_LENGTH); + return 0; + } + + if (!CryptCreateHash(priv->crypt_prov, CALG_SSL3_SHAMD5, 0, 0, &hash)) + { + cryptoapi_error("CryptCreateHash failed"); + return 0; + } + + len = sizeof(hash_size); + if (!CryptGetHashParam(hash, HP_HASHSIZE, (BYTE *) &hash_size, &len, + 0)) { + cryptoapi_error("CryptGetHashParam failed"); + goto err; + } + + if ((int) hash_size != flen) { + wpa_printf(MSG_INFO, "CryptoAPI: Invalid hash size (%u != %d)", + (unsigned) hash_size, flen); + RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, + RSA_R_INVALID_MESSAGE_LENGTH); + goto err; + } + if (!CryptSetHashParam(hash, HP_HASHVAL, (BYTE * ) from, 0)) { + cryptoapi_error("CryptSetHashParam failed"); + goto err; + } + + len = RSA_size(rsa); + buf = os_malloc(len); + if (buf == NULL) { + RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE); + goto err; + } + + if (!CryptSignHash(hash, priv->key_spec, NULL, 0, buf, &len)) { + cryptoapi_error("CryptSignHash failed"); + goto err; + } + + for (i = 0; i < len; i++) + to[i] = buf[len - i - 1]; + ret = len; + +err: + os_free(buf); + CryptDestroyHash(hash); + + return ret; +} + + +static int cryptoapi_rsa_priv_dec(int flen, const unsigned char *from, + unsigned char *to, RSA *rsa, int padding) +{ + wpa_printf(MSG_DEBUG, "%s - not implemented", __func__); + return 0; +} + + +static void cryptoapi_free_data(struct cryptoapi_rsa_data *priv) +{ + if (priv == NULL) + return; + if (priv->crypt_prov && priv->free_crypt_prov) + CryptReleaseContext(priv->crypt_prov, 0); + if (priv->cert) + CertFreeCertificateContext(priv->cert); + os_free(priv); +} + + +static int cryptoapi_finish(RSA *rsa) +{ + cryptoapi_free_data((struct cryptoapi_rsa_data *) rsa->meth->app_data); + os_free((void *) rsa->meth); + rsa->meth = NULL; + return 1; +} + + +static const CERT_CONTEXT * cryptoapi_find_cert(const char *name, DWORD store) +{ + HCERTSTORE cs; + const CERT_CONTEXT *ret = NULL; + + cs = CertOpenStore((LPCSTR) CERT_STORE_PROV_SYSTEM, 0, 0, + store | CERT_STORE_OPEN_EXISTING_FLAG | + CERT_STORE_READONLY_FLAG, L"MY"); + if (cs == NULL) { + cryptoapi_error("Failed to open 'My system store'"); + return NULL; + } + + if (strncmp(name, "cert://", 7) == 0) { + unsigned short wbuf[255]; + MultiByteToWideChar(CP_ACP, 0, name + 7, -1, wbuf, 255); + ret = CertFindCertificateInStore(cs, X509_ASN_ENCODING | + PKCS_7_ASN_ENCODING, + 0, CERT_FIND_SUBJECT_STR, + wbuf, NULL); + } else if (strncmp(name, "hash://", 7) == 0) { + CRYPT_HASH_BLOB blob; + int len; + const char *hash = name + 7; + unsigned char *buf; + + len = os_strlen(hash) / 2; + buf = os_malloc(len); + if (buf && hexstr2bin(hash, buf, len) == 0) { + blob.cbData = len; + blob.pbData = buf; + ret = CertFindCertificateInStore(cs, + X509_ASN_ENCODING | + PKCS_7_ASN_ENCODING, + 0, CERT_FIND_HASH, + &blob, NULL); + } + os_free(buf); + } + + CertCloseStore(cs, 0); + + return ret; +} + + +static int tls_cryptoapi_cert(SSL *ssl, const char *name) +{ + X509 *cert = NULL; + RSA *rsa = NULL, *pub_rsa; + struct cryptoapi_rsa_data *priv; + RSA_METHOD *rsa_meth; + + if (name == NULL || + (strncmp(name, "cert://", 7) != 0 && + strncmp(name, "hash://", 7) != 0)) + return -1; + + priv = os_zalloc(sizeof(*priv)); + rsa_meth = os_zalloc(sizeof(*rsa_meth)); + if (priv == NULL || rsa_meth == NULL) { + wpa_printf(MSG_WARNING, "CryptoAPI: Failed to allocate memory " + "for CryptoAPI RSA method"); + os_free(priv); + os_free(rsa_meth); + return -1; + } + + priv->cert = cryptoapi_find_cert(name, CERT_SYSTEM_STORE_CURRENT_USER); + if (priv->cert == NULL) { + priv->cert = cryptoapi_find_cert( + name, CERT_SYSTEM_STORE_LOCAL_MACHINE); + } + if (priv->cert == NULL) { + wpa_printf(MSG_INFO, "CryptoAPI: Could not find certificate " + "'%s'", name); + goto err; + } + + cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &priv->cert->pbCertEncoded, + priv->cert->cbCertEncoded); + if (cert == NULL) { + wpa_printf(MSG_INFO, "CryptoAPI: Could not process X509 DER " + "encoding"); + goto err; + } + + if (mingw_load_crypto_func()) + goto err; + + if (!CryptAcquireCertificatePrivateKey(priv->cert, + CRYPT_ACQUIRE_COMPARE_KEY_FLAG, + NULL, &priv->crypt_prov, + &priv->key_spec, + &priv->free_crypt_prov)) { + cryptoapi_error("Failed to acquire a private key for the " + "certificate"); + goto err; + } + + rsa_meth->name = "Microsoft CryptoAPI RSA Method"; + rsa_meth->rsa_pub_enc = cryptoapi_rsa_pub_enc; + rsa_meth->rsa_pub_dec = cryptoapi_rsa_pub_dec; + rsa_meth->rsa_priv_enc = cryptoapi_rsa_priv_enc; + rsa_meth->rsa_priv_dec = cryptoapi_rsa_priv_dec; + rsa_meth->finish = cryptoapi_finish; + rsa_meth->flags = RSA_METHOD_FLAG_NO_CHECK; + rsa_meth->app_data = (char *) priv; + + rsa = RSA_new(); + if (rsa == NULL) { + SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, + ERR_R_MALLOC_FAILURE); + goto err; + } + + if (!SSL_use_certificate(ssl, cert)) { + RSA_free(rsa); + rsa = NULL; + goto err; + } + pub_rsa = cert->cert_info->key->pkey->pkey.rsa; + X509_free(cert); + cert = NULL; + + rsa->n = BN_dup(pub_rsa->n); + rsa->e = BN_dup(pub_rsa->e); + if (!RSA_set_method(rsa, rsa_meth)) + goto err; + + if (!SSL_use_RSAPrivateKey(ssl, rsa)) + goto err; + RSA_free(rsa); + + return 0; + +err: + if (cert) + X509_free(cert); + if (rsa) + RSA_free(rsa); + else { + os_free(rsa_meth); + cryptoapi_free_data(priv); + } + return -1; +} + + +static int tls_cryptoapi_ca_cert(SSL_CTX *ssl_ctx, SSL *ssl, const char *name) +{ + HCERTSTORE cs; + PCCERT_CONTEXT ctx = NULL; + X509 *cert; + char buf[128]; + const char *store; +#ifdef UNICODE + WCHAR *wstore; +#endif /* UNICODE */ + + if (mingw_load_crypto_func()) + return -1; + + if (name == NULL || strncmp(name, "cert_store://", 13) != 0) + return -1; + + store = name + 13; +#ifdef UNICODE + wstore = os_malloc((os_strlen(store) + 1) * sizeof(WCHAR)); + if (wstore == NULL) + return -1; + wsprintf(wstore, L"%S", store); + cs = CertOpenSystemStore(0, wstore); + os_free(wstore); +#else /* UNICODE */ + cs = CertOpenSystemStore(0, store); +#endif /* UNICODE */ + if (cs == NULL) { + wpa_printf(MSG_DEBUG, "%s: failed to open system cert store " + "'%s': error=%d", __func__, store, + (int) GetLastError()); + return -1; + } + + while ((ctx = CertEnumCertificatesInStore(cs, ctx))) { + cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &ctx->pbCertEncoded, + ctx->cbCertEncoded); + if (cert == NULL) { + wpa_printf(MSG_INFO, "CryptoAPI: Could not process " + "X509 DER encoding for CA cert"); + continue; + } + + X509_NAME_oneline(X509_get_subject_name(cert), buf, + sizeof(buf)); + wpa_printf(MSG_DEBUG, "OpenSSL: Loaded CA certificate for " + "system certificate store: subject='%s'", buf); + + if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) { + tls_show_errors(MSG_WARNING, __func__, + "Failed to add ca_cert to OpenSSL " + "certificate store"); + } + + X509_free(cert); + } + + if (!CertCloseStore(cs, 0)) { + wpa_printf(MSG_DEBUG, "%s: failed to close system cert store " + "'%s': error=%d", __func__, name + 13, + (int) GetLastError()); + } + + return 0; +} + + +#else /* CONFIG_NATIVE_WINDOWS */ + +static int tls_cryptoapi_cert(SSL *ssl, const char *name) +{ + return -1; +} + +#endif /* CONFIG_NATIVE_WINDOWS */ + + +static void ssl_info_cb(const SSL *ssl, int where, int ret) +{ + const char *str; + int w; + + wpa_printf(MSG_DEBUG, "SSL: (where=0x%x ret=0x%x)", where, ret); + w = where & ~SSL_ST_MASK; + if (w & SSL_ST_CONNECT) + str = "SSL_connect"; + else if (w & SSL_ST_ACCEPT) + str = "SSL_accept"; + else + str = "undefined"; + + if (where & SSL_CB_LOOP) { + wpa_printf(MSG_DEBUG, "SSL: %s:%s", + str, SSL_state_string_long(ssl)); + } else if (where & SSL_CB_ALERT) { + wpa_printf(MSG_INFO, "SSL: SSL3 alert: %s:%s:%s", + where & SSL_CB_READ ? + "read (remote end reported an error)" : + "write (local SSL3 detected an error)", + SSL_alert_type_string_long(ret), + SSL_alert_desc_string_long(ret)); + if ((ret >> 8) == SSL3_AL_FATAL) { + struct tls_connection *conn = + SSL_get_app_data((SSL *) ssl); + if (where & SSL_CB_READ) + conn->read_alerts++; + else + conn->write_alerts++; + } + } else if (where & SSL_CB_EXIT && ret <= 0) { + wpa_printf(MSG_DEBUG, "SSL: %s:%s in %s", + str, ret == 0 ? "failed" : "error", + SSL_state_string_long(ssl)); + } +} + + +#ifndef OPENSSL_NO_ENGINE +/** + * tls_engine_load_dynamic_generic - load any openssl engine + * @pre: an array of commands and values that load an engine initialized + * in the engine specific function + * @post: an array of commands and values that initialize an already loaded + * engine (or %NULL if not required) + * @id: the engine id of the engine to load (only required if post is not %NULL + * + * This function is a generic function that loads any openssl engine. + * + * Returns: 0 on success, -1 on failure + */ +static int tls_engine_load_dynamic_generic(const char *pre[], + const char *post[], const char *id) +{ + ENGINE *engine; + const char *dynamic_id = "dynamic"; + + engine = ENGINE_by_id(id); + if (engine) { + ENGINE_free(engine); + wpa_printf(MSG_DEBUG, "ENGINE: engine '%s' is already " + "available", id); + return 0; + } + ERR_clear_error(); + + engine = ENGINE_by_id(dynamic_id); + if (engine == NULL) { + wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]", + dynamic_id, + ERR_error_string(ERR_get_error(), NULL)); + return -1; + } + + /* Perform the pre commands. This will load the engine. */ + while (pre && pre[0]) { + wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", pre[0], pre[1]); + if (ENGINE_ctrl_cmd_string(engine, pre[0], pre[1], 0) == 0) { + wpa_printf(MSG_INFO, "ENGINE: ctrl cmd_string failed: " + "%s %s [%s]", pre[0], pre[1], + ERR_error_string(ERR_get_error(), NULL)); + ENGINE_free(engine); + return -1; + } + pre += 2; + } + + /* + * Free the reference to the "dynamic" engine. The loaded engine can + * now be looked up using ENGINE_by_id(). + */ + ENGINE_free(engine); + + engine = ENGINE_by_id(id); + if (engine == NULL) { + wpa_printf(MSG_INFO, "ENGINE: Can't find engine %s [%s]", + id, ERR_error_string(ERR_get_error(), NULL)); + return -1; + } + + while (post && post[0]) { + wpa_printf(MSG_DEBUG, "ENGINE: '%s' '%s'", post[0], post[1]); + if (ENGINE_ctrl_cmd_string(engine, post[0], post[1], 0) == 0) { + wpa_printf(MSG_DEBUG, "ENGINE: ctrl cmd_string failed:" + " %s %s [%s]", post[0], post[1], + ERR_error_string(ERR_get_error(), NULL)); + ENGINE_remove(engine); + ENGINE_free(engine); + return -1; + } + post += 2; + } + ENGINE_free(engine); + + return 0; +} + + +/** + * tls_engine_load_dynamic_pkcs11 - load the pkcs11 engine provided by opensc + * @pkcs11_so_path: pksc11_so_path from the configuration + * @pcks11_module_path: pkcs11_module_path from the configuration + */ +static int tls_engine_load_dynamic_pkcs11(const char *pkcs11_so_path, + const char *pkcs11_module_path) +{ + char *engine_id = "pkcs11"; + const char *pre_cmd[] = { + "SO_PATH", NULL /* pkcs11_so_path */, + "ID", NULL /* engine_id */, + "LIST_ADD", "1", + /* "NO_VCHECK", "1", */ + "LOAD", NULL, + NULL, NULL + }; + const char *post_cmd[] = { + "MODULE_PATH", NULL /* pkcs11_module_path */, + NULL, NULL + }; + + if (!pkcs11_so_path || !pkcs11_module_path) + return 0; + + pre_cmd[1] = pkcs11_so_path; + pre_cmd[3] = engine_id; + post_cmd[1] = pkcs11_module_path; + + wpa_printf(MSG_DEBUG, "ENGINE: Loading pkcs11 Engine from %s", + pkcs11_so_path); + + return tls_engine_load_dynamic_generic(pre_cmd, post_cmd, engine_id); +} + + +/** + * tls_engine_load_dynamic_opensc - load the opensc engine provided by opensc + * @opensc_so_path: opensc_so_path from the configuration + */ +static int tls_engine_load_dynamic_opensc(const char *opensc_so_path) +{ + char *engine_id = "opensc"; + const char *pre_cmd[] = { + "SO_PATH", NULL /* opensc_so_path */, + "ID", NULL /* engine_id */, + "LIST_ADD", "1", + "LOAD", NULL, + NULL, NULL + }; + + if (!opensc_so_path) + return 0; + + pre_cmd[1] = opensc_so_path; + pre_cmd[3] = engine_id; + + wpa_printf(MSG_DEBUG, "ENGINE: Loading OpenSC Engine from %s", + opensc_so_path); + + return tls_engine_load_dynamic_generic(pre_cmd, NULL, engine_id); +} +#endif /* OPENSSL_NO_ENGINE */ + + +void * tls_init(const struct tls_config *conf) +{ + SSL_CTX *ssl; + + if (tls_openssl_ref_count == 0) { + SSL_load_error_strings(); + SSL_library_init(); + /* TODO: if /dev/urandom is available, PRNG is seeded + * automatically. If this is not the case, random data should + * be added here. */ + +#ifdef PKCS12_FUNCS + PKCS12_PBE_add(); +#endif /* PKCS12_FUNCS */ + } + tls_openssl_ref_count++; + + ssl = SSL_CTX_new(TLSv1_method()); + if (ssl == NULL) + return NULL; + + SSL_CTX_set_info_callback(ssl, ssl_info_cb); + +#ifndef OPENSSL_NO_ENGINE + if (conf && + (conf->opensc_engine_path || conf->pkcs11_engine_path || + conf->pkcs11_module_path)) { + wpa_printf(MSG_DEBUG, "ENGINE: Loading dynamic engine"); + ERR_load_ENGINE_strings(); + ENGINE_load_dynamic(); + + if (tls_engine_load_dynamic_opensc(conf->opensc_engine_path) || + tls_engine_load_dynamic_pkcs11(conf->pkcs11_engine_path, + conf->pkcs11_module_path)) { + tls_deinit(ssl); + return NULL; + } + } +#endif /* OPENSSL_NO_ENGINE */ + + return ssl; +} + + +void tls_deinit(void *ssl_ctx) +{ + SSL_CTX *ssl = ssl_ctx; + SSL_CTX_free(ssl); + + tls_openssl_ref_count--; + if (tls_openssl_ref_count == 0) { +#ifndef OPENSSL_NO_ENGINE + ENGINE_cleanup(); +#endif /* OPENSSL_NO_ENGINE */ + ERR_free_strings(); + EVP_cleanup(); + } +} + + +static int tls_engine_init(struct tls_connection *conn, const char *engine_id, + const char *pin, const char *key_id) +{ +#ifndef OPENSSL_NO_ENGINE + int ret = -1; + if (engine_id == NULL) { + wpa_printf(MSG_ERROR, "ENGINE: Engine ID not set"); + return -1; + } + if (pin == NULL) { + wpa_printf(MSG_ERROR, "ENGINE: Smartcard PIN not set"); + return -1; + } + if (key_id == NULL) { + wpa_printf(MSG_ERROR, "ENGINE: Key Id not set"); + return -1; + } + + ERR_clear_error(); + conn->engine = ENGINE_by_id(engine_id); + if (!conn->engine) { + wpa_printf(MSG_ERROR, "ENGINE: engine %s not available [%s]", + engine_id, ERR_error_string(ERR_get_error(), NULL)); + goto err; + } + if (ENGINE_init(conn->engine) != 1) { + wpa_printf(MSG_ERROR, "ENGINE: engine init failed " + "(engine: %s) [%s]", engine_id, + ERR_error_string(ERR_get_error(), NULL)); + goto err; + } + wpa_printf(MSG_DEBUG, "ENGINE: engine initialized"); + + if (ENGINE_ctrl_cmd_string(conn->engine, "PIN", pin, 0) == 0) { + wpa_printf(MSG_ERROR, "ENGINE: cannot set pin [%s]", + ERR_error_string(ERR_get_error(), NULL)); + goto err; + } + conn->private_key = ENGINE_load_private_key(conn->engine, + key_id, NULL, NULL); + if (!conn->private_key) { + wpa_printf(MSG_ERROR, "ENGINE: cannot load private key with id" + " '%s' [%s]", key_id, + ERR_error_string(ERR_get_error(), NULL)); + ret = TLS_SET_PARAMS_ENGINE_PRV_INIT_FAILED; + goto err; + } + return 0; + +err: + if (conn->engine) { + ENGINE_free(conn->engine); + conn->engine = NULL; + } + + if (conn->private_key) { + EVP_PKEY_free(conn->private_key); + conn->private_key = NULL; + } + + return ret; +#else /* OPENSSL_NO_ENGINE */ + return 0; +#endif /* OPENSSL_NO_ENGINE */ +} + + +static void tls_engine_deinit(struct tls_connection *conn) +{ +#ifndef OPENSSL_NO_ENGINE + wpa_printf(MSG_DEBUG, "ENGINE: engine deinit"); + if (conn->private_key) { + EVP_PKEY_free(conn->private_key); + conn->private_key = NULL; + } + if (conn->engine) { + ENGINE_finish(conn->engine); + conn->engine = NULL; + } +#endif /* OPENSSL_NO_ENGINE */ +} + + +int tls_get_errors(void *ssl_ctx) +{ + int count = 0; + unsigned long err; + + while ((err = ERR_get_error())) { + wpa_printf(MSG_INFO, "TLS - SSL error: %s", + ERR_error_string(err, NULL)); + count++; + } + + return count; +} + +struct tls_connection * tls_connection_init(void *ssl_ctx) +{ + SSL_CTX *ssl = ssl_ctx; + struct tls_connection *conn; + + conn = os_zalloc(sizeof(*conn)); + if (conn == NULL) + return NULL; + conn->ssl = SSL_new(ssl); + if (conn->ssl == NULL) { + tls_show_errors(MSG_INFO, __func__, + "Failed to initialize new SSL connection"); + os_free(conn); + return NULL; + } + + SSL_set_app_data(conn->ssl, conn); + SSL_set_options(conn->ssl, + SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3 | + SSL_OP_SINGLE_DH_USE); + + conn->ssl_in = BIO_new(BIO_s_mem()); + if (!conn->ssl_in) { + tls_show_errors(MSG_INFO, __func__, + "Failed to create a new BIO for ssl_in"); + SSL_free(conn->ssl); + os_free(conn); + return NULL; + } + + conn->ssl_out = BIO_new(BIO_s_mem()); + if (!conn->ssl_out) { + tls_show_errors(MSG_INFO, __func__, + "Failed to create a new BIO for ssl_out"); + SSL_free(conn->ssl); + BIO_free(conn->ssl_in); + os_free(conn); + return NULL; + } + + SSL_set_bio(conn->ssl, conn->ssl_in, conn->ssl_out); + + return conn; +} + + +void tls_connection_deinit(void *ssl_ctx, struct tls_connection *conn) +{ + if (conn == NULL) + return; + os_free(conn->pre_shared_secret); + SSL_free(conn->ssl); + tls_engine_deinit(conn); + os_free(conn->subject_match); + os_free(conn->altsubject_match); + os_free(conn); +} + + +int tls_connection_established(void *ssl_ctx, struct tls_connection *conn) +{ + return conn ? SSL_is_init_finished(conn->ssl) : 0; +} + + +int tls_connection_shutdown(void *ssl_ctx, struct tls_connection *conn) +{ + if (conn == NULL) + return -1; + + /* Shutdown previous TLS connection without notifying the peer + * because the connection was already terminated in practice + * and "close notify" shutdown alert would confuse AS. */ + SSL_set_quiet_shutdown(conn->ssl, 1); + SSL_shutdown(conn->ssl); + return 0; +} + + +static int tls_match_altsubject_component(X509 *cert, int type, + const char *value, size_t len) +{ + GENERAL_NAME *gen; + void *ext; + int i, found = 0; + + ext = X509_get_ext_d2i(cert, NID_subject_alt_name, NULL, NULL); + + for (i = 0; ext && i < sk_GENERAL_NAME_num(ext); i++) { + gen = sk_GENERAL_NAME_value(ext, i); + if (gen->type != type) + continue; + if (os_strlen((char *) gen->d.ia5->data) == len && + os_memcmp(value, gen->d.ia5->data, len) == 0) + found++; + } + + return found; +} + + +static int tls_match_altsubject(X509 *cert, const char *match) +{ + int type; + const char *pos, *end; + size_t len; + + pos = match; + do { + if (os_strncmp(pos, "EMAIL:", 6) == 0) { + type = GEN_EMAIL; + pos += 6; + } else if (os_strncmp(pos, "DNS:", 4) == 0) { + type = GEN_DNS; + pos += 4; + } else if (os_strncmp(pos, "URI:", 4) == 0) { + type = GEN_URI; + pos += 4; + } else { + wpa_printf(MSG_INFO, "TLS: Invalid altSubjectName " + "match '%s'", pos); + return 0; + } + end = os_strchr(pos, ';'); + while (end) { + if (os_strncmp(end + 1, "EMAIL:", 6) == 0 || + os_strncmp(end + 1, "DNS:", 4) == 0 || + os_strncmp(end + 1, "URI:", 4) == 0) + break; + end = os_strchr(end + 1, ';'); + } + if (end) + len = end - pos; + else + len = os_strlen(pos); + if (tls_match_altsubject_component(cert, type, pos, len) > 0) + return 1; + pos = end + 1; + } while (end); + + return 0; +} + + +static int tls_verify_cb(int preverify_ok, X509_STORE_CTX *x509_ctx) +{ + char buf[256]; + X509 *err_cert; + int err, depth; + SSL *ssl; + struct tls_connection *conn; + char *match, *altmatch; + + err_cert = X509_STORE_CTX_get_current_cert(x509_ctx); + err = X509_STORE_CTX_get_error(x509_ctx); + depth = X509_STORE_CTX_get_error_depth(x509_ctx); + ssl = X509_STORE_CTX_get_ex_data(x509_ctx, + SSL_get_ex_data_X509_STORE_CTX_idx()); + X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof(buf)); + + conn = SSL_get_app_data(ssl); + match = conn ? conn->subject_match : NULL; + altmatch = conn ? conn->altsubject_match : NULL; + + if (!preverify_ok) { + wpa_printf(MSG_WARNING, "TLS: Certificate verification failed," + " error %d (%s) depth %d for '%s'", err, + X509_verify_cert_error_string(err), depth, buf); + } else { + wpa_printf(MSG_DEBUG, "TLS: tls_verify_cb - " + "preverify_ok=%d err=%d (%s) depth=%d buf='%s'", + preverify_ok, err, + X509_verify_cert_error_string(err), depth, buf); + if (depth == 0 && match && os_strstr(buf, match) == NULL) { + wpa_printf(MSG_WARNING, "TLS: Subject '%s' did not " + "match with '%s'", buf, match); + preverify_ok = 0; + } else if (depth == 0 && altmatch && + !tls_match_altsubject(err_cert, altmatch)) { + wpa_printf(MSG_WARNING, "TLS: altSubjectName match " + "'%s' not found", altmatch); + preverify_ok = 0; + } + } + + return preverify_ok; +} + + +#ifndef OPENSSL_NO_STDIO +static int tls_load_ca_der(void *_ssl_ctx, const char *ca_cert) +{ + SSL_CTX *ssl_ctx = _ssl_ctx; + X509_LOOKUP *lookup; + int ret = 0; + + lookup = X509_STORE_add_lookup(ssl_ctx->cert_store, + X509_LOOKUP_file()); + if (lookup == NULL) { + tls_show_errors(MSG_WARNING, __func__, + "Failed add lookup for X509 store"); + return -1; + } + + if (!X509_LOOKUP_load_file(lookup, ca_cert, X509_FILETYPE_ASN1)) { + unsigned long err = ERR_peek_error(); + tls_show_errors(MSG_WARNING, __func__, + "Failed load CA in DER format"); + if (ERR_GET_LIB(err) == ERR_LIB_X509 && + ERR_GET_REASON(err) == X509_R_CERT_ALREADY_IN_HASH_TABLE) { + wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring " + "cert already in hash table error", + __func__); + } else + ret = -1; + } + + return ret; +} +#endif /* OPENSSL_NO_STDIO */ + + +static int tls_connection_ca_cert(void *_ssl_ctx, struct tls_connection *conn, + const char *ca_cert, const u8 *ca_cert_blob, + size_t ca_cert_blob_len, const char *ca_path) +{ + SSL_CTX *ssl_ctx = _ssl_ctx; + + if (ca_cert_blob) { + X509 *cert = d2i_X509(NULL, (OPENSSL_d2i_TYPE) &ca_cert_blob, + ca_cert_blob_len); + if (cert == NULL) { + tls_show_errors(MSG_WARNING, __func__, + "Failed to parse ca_cert_blob"); + return -1; + } + + if (!X509_STORE_add_cert(ssl_ctx->cert_store, cert)) { + unsigned long err = ERR_peek_error(); + tls_show_errors(MSG_WARNING, __func__, + "Failed to add ca_cert_blob to " + "certificate store"); + if (ERR_GET_LIB(err) == ERR_LIB_X509 && + ERR_GET_REASON(err) == + X509_R_CERT_ALREADY_IN_HASH_TABLE) { + wpa_printf(MSG_DEBUG, "OpenSSL: %s - ignoring " + "cert already in hash table error", + __func__); + } else { + X509_free(cert); + return -1; + } + } + X509_free(cert); + wpa_printf(MSG_DEBUG, "OpenSSL: %s - added ca_cert_blob " + "to certificate store", __func__); + SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb); + return 0; + } + +#ifdef CONFIG_NATIVE_WINDOWS + if (ca_cert && tls_cryptoapi_ca_cert(ssl_ctx, conn->ssl, ca_cert) == + 0) { + wpa_printf(MSG_DEBUG, "OpenSSL: Added CA certificates from " + "system certificate store"); + SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb); + return 0; + } +#endif /* CONFIG_NATIVE_WINDOWS */ + + if (ca_cert || ca_path) { +#ifndef OPENSSL_NO_STDIO + if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, ca_path) != + 1) { + tls_show_errors(MSG_WARNING, __func__, + "Failed to load root certificates"); + if (ca_cert && + tls_load_ca_der(ssl_ctx, ca_cert) == 0) { + wpa_printf(MSG_DEBUG, "OpenSSL: %s - loaded " + "DER format CA certificate", + __func__); + } else + return -1; + } else { + wpa_printf(MSG_DEBUG, "TLS: Trusted root " + "certificate(s) loaded"); + tls_get_errors(ssl_ctx); + } + SSL_set_verify(conn->ssl, SSL_VERIFY_PEER, tls_verify_cb); +#else /* OPENSSL_NO_STDIO */ + wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", + __func__); + return -1; +#endif /* OPENSSL_NO_STDIO */ + } else { + /* No ca_cert configured - do not try to verify server + * certificate */ + SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL); + } + + return 0; +} + + +static int tls_global_ca_cert(SSL_CTX *ssl_ctx, const char *ca_cert) +{ + if (ca_cert) { + if (SSL_CTX_load_verify_locations(ssl_ctx, ca_cert, NULL) != 1) + { + tls_show_errors(MSG_WARNING, __func__, + "Failed to load root certificates"); + return -1; + } + + wpa_printf(MSG_DEBUG, "TLS: Trusted root " + "certificate(s) loaded"); + +#ifndef OPENSSL_NO_STDIO + /* Add the same CAs to the client certificate requests */ + SSL_CTX_set_client_CA_list(ssl_ctx, + SSL_load_client_CA_file(ca_cert)); +#endif /* OPENSSL_NO_STDIO */ + } + + return 0; +} + + +int tls_global_set_verify(void *ssl_ctx, int check_crl) +{ + int flags; + + if (check_crl) { + X509_STORE *cs = SSL_CTX_get_cert_store(ssl_ctx); + if (cs == NULL) { + tls_show_errors(MSG_INFO, __func__, "Failed to get " + "certificate store when enabling " + "check_crl"); + return -1; + } + flags = X509_V_FLAG_CRL_CHECK; + if (check_crl == 2) + flags |= X509_V_FLAG_CRL_CHECK_ALL; + X509_STORE_set_flags(cs, flags); + } + return 0; +} + + +static int tls_connection_set_subject_match(struct tls_connection *conn, + const char *subject_match, + const char *altsubject_match) +{ + os_free(conn->subject_match); + conn->subject_match = NULL; + if (subject_match) { + conn->subject_match = os_strdup(subject_match); + if (conn->subject_match == NULL) + return -1; + } + + os_free(conn->altsubject_match); + conn->altsubject_match = NULL; + if (altsubject_match) { + conn->altsubject_match = os_strdup(altsubject_match); + if (conn->altsubject_match == NULL) + return -1; + } + + return 0; +} + + +int tls_connection_set_verify(void *ssl_ctx, struct tls_connection *conn, + int verify_peer) +{ + if (conn == NULL) + return -1; + + if (verify_peer) { + SSL_set_verify(conn->ssl, SSL_VERIFY_PEER | + SSL_VERIFY_FAIL_IF_NO_PEER_CERT | + SSL_VERIFY_CLIENT_ONCE, tls_verify_cb); + } else { + SSL_set_verify(conn->ssl, SSL_VERIFY_NONE, NULL); + } + + SSL_set_accept_state(conn->ssl); + + return 0; +} + + +static int tls_connection_client_cert(struct tls_connection *conn, + const char *client_cert, + const u8 *client_cert_blob, + size_t client_cert_blob_len) +{ + if (client_cert == NULL && client_cert_blob == NULL) + return 0; + + if (client_cert_blob && + SSL_use_certificate_ASN1(conn->ssl, (u8 *) client_cert_blob, + client_cert_blob_len) == 1) { + wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_ASN1 --> " + "OK"); + return 0; + } else if (client_cert_blob) { + tls_show_errors(MSG_DEBUG, __func__, + "SSL_use_certificate_ASN1 failed"); + } + + if (client_cert == NULL) + return -1; + +#ifndef OPENSSL_NO_STDIO + if (SSL_use_certificate_file(conn->ssl, client_cert, + SSL_FILETYPE_ASN1) == 1) { + wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (DER)" + " --> OK"); + return 0; + } else { + tls_show_errors(MSG_DEBUG, __func__, + "SSL_use_certificate_file (DER) failed"); + } + + if (SSL_use_certificate_file(conn->ssl, client_cert, + SSL_FILETYPE_PEM) == 1) { + wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_certificate_file (PEM)" + " --> OK"); + return 0; + } else { + tls_show_errors(MSG_DEBUG, __func__, + "SSL_use_certificate_file (PEM) failed"); + } +#else /* OPENSSL_NO_STDIO */ + wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__); +#endif /* OPENSSL_NO_STDIO */ + + return -1; +} + + +static int tls_global_client_cert(SSL_CTX *ssl_ctx, const char *client_cert) +{ +#ifndef OPENSSL_NO_STDIO + if (client_cert == NULL) + return 0; + + if (SSL_CTX_use_certificate_file(ssl_ctx, client_cert, + SSL_FILETYPE_ASN1) != 1 && + SSL_CTX_use_certificate_file(ssl_ctx, client_cert, + SSL_FILETYPE_PEM) != 1) { + tls_show_errors(MSG_INFO, __func__, + "Failed to load client certificate"); + return -1; + } + return 0; +#else /* OPENSSL_NO_STDIO */ + if (client_cert == NULL) + return 0; + wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", __func__); + return -1; +#endif /* OPENSSL_NO_STDIO */ +} + + +static int tls_passwd_cb(char *buf, int size, int rwflag, void *password) +{ + if (password == NULL) { + return 0; + } + os_strncpy(buf, (char *) password, size); + buf[size - 1] = '\0'; + return os_strlen(buf); +} + + +#ifdef PKCS12_FUNCS +static int tls_parse_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, PKCS12 *p12, + const char *passwd) +{ + EVP_PKEY *pkey; + X509 *cert; + STACK_OF(X509) *certs; + int res = 0; + char buf[256]; + + pkey = NULL; + cert = NULL; + certs = NULL; + if (!PKCS12_parse(p12, passwd, &pkey, &cert, &certs)) { + tls_show_errors(MSG_DEBUG, __func__, + "Failed to parse PKCS12 file"); + PKCS12_free(p12); + return -1; + } + wpa_printf(MSG_DEBUG, "TLS: Successfully parsed PKCS12 data"); + + if (cert) { + X509_NAME_oneline(X509_get_subject_name(cert), buf, + sizeof(buf)); + wpa_printf(MSG_DEBUG, "TLS: Got certificate from PKCS12: " + "subject='%s'", buf); + if (ssl) { + if (SSL_use_certificate(ssl, cert) != 1) + res = -1; + } else { + if (SSL_CTX_use_certificate(ssl_ctx, cert) != 1) + res = -1; + } + X509_free(cert); + } + + if (pkey) { + wpa_printf(MSG_DEBUG, "TLS: Got private key from PKCS12"); + if (ssl) { + if (SSL_use_PrivateKey(ssl, pkey) != 1) + res = -1; + } else { + if (SSL_CTX_use_PrivateKey(ssl_ctx, pkey) != 1) + res = -1; + } + EVP_PKEY_free(pkey); + } + + if (certs) { + while ((cert = sk_X509_pop(certs)) != NULL) { + X509_NAME_oneline(X509_get_subject_name(cert), buf, + sizeof(buf)); + wpa_printf(MSG_DEBUG, "TLS: additional certificate" + " from PKCS12: subject='%s'", buf); + /* + * There is no SSL equivalent for the chain cert - so + * always add it to the context... + */ + if (SSL_CTX_add_extra_chain_cert(ssl_ctx, cert) != 1) { + res = -1; + break; + } + } + sk_X509_free(certs); + } + + PKCS12_free(p12); + + if (res < 0) + tls_get_errors(ssl_ctx); + + return res; +} +#endif /* PKCS12_FUNCS */ + + +static int tls_read_pkcs12(SSL_CTX *ssl_ctx, SSL *ssl, const char *private_key, + const char *passwd) +{ +#ifdef PKCS12_FUNCS + FILE *f; + PKCS12 *p12; + + f = fopen(private_key, "rb"); + if (f == NULL) + return -1; + + p12 = d2i_PKCS12_fp(f, NULL); + fclose(f); + + if (p12 == NULL) { + tls_show_errors(MSG_INFO, __func__, + "Failed to use PKCS#12 file"); + return -1; + } + + return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd); + +#else /* PKCS12_FUNCS */ + wpa_printf(MSG_INFO, "TLS: PKCS12 support disabled - cannot read " + "p12/pfx files"); + return -1; +#endif /* PKCS12_FUNCS */ +} + + +static int tls_read_pkcs12_blob(SSL_CTX *ssl_ctx, SSL *ssl, + const u8 *blob, size_t len, const char *passwd) +{ +#ifdef PKCS12_FUNCS + PKCS12 *p12; + + p12 = d2i_PKCS12(NULL, (OPENSSL_d2i_TYPE) &blob, len); + if (p12 == NULL) { + tls_show_errors(MSG_INFO, __func__, + "Failed to use PKCS#12 blob"); + return -1; + } + + return tls_parse_pkcs12(ssl_ctx, ssl, p12, passwd); + +#else /* PKCS12_FUNCS */ + wpa_printf(MSG_INFO, "TLS: PKCS12 support disabled - cannot parse " + "p12/pfx blobs"); + return -1; +#endif /* PKCS12_FUNCS */ +} + + +static int tls_connection_engine_private_key(struct tls_connection *conn) +{ +#ifndef OPENSSL_NO_ENGINE + if (SSL_use_PrivateKey(conn->ssl, conn->private_key) != 1) { + tls_show_errors(MSG_ERROR, __func__, + "ENGINE: cannot use private key for TLS"); + return -1; + } + if (!SSL_check_private_key(conn->ssl)) { + tls_show_errors(MSG_INFO, __func__, + "Private key failed verification"); + return -1; + } + return 0; +#else /* OPENSSL_NO_ENGINE */ + wpa_printf(MSG_ERROR, "SSL: Configuration uses engine, but " + "engine support was not compiled in"); + return -1; +#endif /* OPENSSL_NO_ENGINE */ +} + + +static int tls_connection_private_key(void *_ssl_ctx, + struct tls_connection *conn, + const char *private_key, + const char *private_key_passwd, + const u8 *private_key_blob, + size_t private_key_blob_len) +{ + SSL_CTX *ssl_ctx = _ssl_ctx; + char *passwd; + int ok; + + if (private_key == NULL && private_key_blob == NULL) + return 0; + + if (private_key_passwd) { + passwd = os_strdup(private_key_passwd); + if (passwd == NULL) + return -1; + } else + passwd = NULL; + + SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb); + SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd); + + ok = 0; + while (private_key_blob) { + if (SSL_use_PrivateKey_ASN1(EVP_PKEY_RSA, conn->ssl, + (u8 *) private_key_blob, + private_key_blob_len) == 1) { + wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_" + "ASN1(EVP_PKEY_RSA) --> OK"); + ok = 1; + break; + } else { + tls_show_errors(MSG_DEBUG, __func__, + "SSL_use_PrivateKey_ASN1(EVP_PKEY_RSA)" + " failed"); + } + + if (SSL_use_PrivateKey_ASN1(EVP_PKEY_DSA, conn->ssl, + (u8 *) private_key_blob, + private_key_blob_len) == 1) { + wpa_printf(MSG_DEBUG, "OpenSSL: SSL_use_PrivateKey_" + "ASN1(EVP_PKEY_DSA) --> OK"); + ok = 1; + break; + } else { + tls_show_errors(MSG_DEBUG, __func__, + "SSL_use_PrivateKey_ASN1(EVP_PKEY_DSA)" + " failed"); + } + + if (SSL_use_RSAPrivateKey_ASN1(conn->ssl, + (u8 *) private_key_blob, + private_key_blob_len) == 1) { + wpa_printf(MSG_DEBUG, "OpenSSL: " + "SSL_use_RSAPrivateKey_ASN1 --> OK"); + ok = 1; + break; + } else { + tls_show_errors(MSG_DEBUG, __func__, + "SSL_use_RSAPrivateKey_ASN1 failed"); + } + + if (tls_read_pkcs12_blob(ssl_ctx, conn->ssl, private_key_blob, + private_key_blob_len, passwd) == 0) { + wpa_printf(MSG_DEBUG, "OpenSSL: PKCS#12 as blob --> " + "OK"); + ok = 1; + break; + } + + break; + } + + while (!ok && private_key) { +#ifndef OPENSSL_NO_STDIO + if (SSL_use_PrivateKey_file(conn->ssl, private_key, + SSL_FILETYPE_ASN1) == 1) { + wpa_printf(MSG_DEBUG, "OpenSSL: " + "SSL_use_PrivateKey_File (DER) --> OK"); + ok = 1; + break; + } else { + tls_show_errors(MSG_DEBUG, __func__, + "SSL_use_PrivateKey_File (DER) " + "failed"); + } + + if (SSL_use_PrivateKey_file(conn->ssl, private_key, + SSL_FILETYPE_PEM) == 1) { + wpa_printf(MSG_DEBUG, "OpenSSL: " + "SSL_use_PrivateKey_File (PEM) --> OK"); + ok = 1; + break; + } else { + tls_show_errors(MSG_DEBUG, __func__, + "SSL_use_PrivateKey_File (PEM) " + "failed"); + } +#else /* OPENSSL_NO_STDIO */ + wpa_printf(MSG_DEBUG, "OpenSSL: %s - OPENSSL_NO_STDIO", + __func__); +#endif /* OPENSSL_NO_STDIO */ + + if (tls_read_pkcs12(ssl_ctx, conn->ssl, private_key, passwd) + == 0) { + wpa_printf(MSG_DEBUG, "OpenSSL: Reading PKCS#12 file " + "--> OK"); + ok = 1; + break; + } + + if (tls_cryptoapi_cert(conn->ssl, private_key) == 0) { + wpa_printf(MSG_DEBUG, "OpenSSL: Using CryptoAPI to " + "access certificate store --> OK"); + ok = 1; + break; + } + + break; + } + + if (!ok) { + wpa_printf(MSG_INFO, "OpenSSL: Failed to load private key"); + os_free(passwd); + ERR_clear_error(); + return -1; + } + ERR_clear_error(); + SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL); + os_free(passwd); + + if (!SSL_check_private_key(conn->ssl)) { + tls_show_errors(MSG_INFO, __func__, "Private key failed " + "verification"); + return -1; + } + + wpa_printf(MSG_DEBUG, "SSL: Private key loaded successfully"); + return 0; +} + + +static int tls_global_private_key(SSL_CTX *ssl_ctx, const char *private_key, + const char *private_key_passwd) +{ + char *passwd; + + if (private_key == NULL) + return 0; + + if (private_key_passwd) { + passwd = os_strdup(private_key_passwd); + if (passwd == NULL) + return -1; + } else + passwd = NULL; + + SSL_CTX_set_default_passwd_cb(ssl_ctx, tls_passwd_cb); + SSL_CTX_set_default_passwd_cb_userdata(ssl_ctx, passwd); + if ( +#ifndef OPENSSL_NO_STDIO + SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key, + SSL_FILETYPE_ASN1) != 1 && + SSL_CTX_use_PrivateKey_file(ssl_ctx, private_key, + SSL_FILETYPE_PEM) != 1 && +#endif /* OPENSSL_NO_STDIO */ + tls_read_pkcs12(ssl_ctx, NULL, private_key, passwd)) { + tls_show_errors(MSG_INFO, __func__, + "Failed to load private key"); + os_free(passwd); + ERR_clear_error(); + return -1; + } + os_free(passwd); + ERR_clear_error(); + SSL_CTX_set_default_passwd_cb(ssl_ctx, NULL); + + if (!SSL_CTX_check_private_key(ssl_ctx)) { + tls_show_errors(MSG_INFO, __func__, + "Private key failed verification"); + return -1; + } + + return 0; +} + + +static int tls_connection_dh(struct tls_connection *conn, const char *dh_file) +{ +#ifdef OPENSSL_NO_DH + if (dh_file == NULL) + return 0; + wpa_printf(MSG_ERROR, "TLS: openssl does not include DH support, but " + "dh_file specified"); + return -1; +#else /* OPENSSL_NO_DH */ + DH *dh; + BIO *bio; + + /* TODO: add support for dh_blob */ + if (dh_file == NULL) + return 0; + if (conn == NULL) + return -1; + + bio = BIO_new_file(dh_file, "r"); + if (bio == NULL) { + wpa_printf(MSG_INFO, "TLS: Failed to open DH file '%s': %s", + dh_file, ERR_error_string(ERR_get_error(), NULL)); + return -1; + } + dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL); + BIO_free(bio); +#ifndef OPENSSL_NO_DSA + while (dh == NULL) { + DSA *dsa; + wpa_printf(MSG_DEBUG, "TLS: Failed to parse DH file '%s': %s -" + " trying to parse as DSA params", dh_file, + ERR_error_string(ERR_get_error(), NULL)); + bio = BIO_new_file(dh_file, "r"); + if (bio == NULL) + break; + dsa = PEM_read_bio_DSAparams(bio, NULL, NULL, NULL); + BIO_free(bio); + if (!dsa) { + wpa_printf(MSG_DEBUG, "TLS: Failed to parse DSA file " + "'%s': %s", dh_file, + ERR_error_string(ERR_get_error(), NULL)); + break; + } + + wpa_printf(MSG_DEBUG, "TLS: DH file in DSA param format"); + dh = DSA_dup_DH(dsa); + DSA_free(dsa); + if (dh == NULL) { + wpa_printf(MSG_INFO, "TLS: Failed to convert DSA " + "params into DH params"); + break; + } + break; + } +#endif /* !OPENSSL_NO_DSA */ + if (dh == NULL) { + wpa_printf(MSG_INFO, "TLS: Failed to read/parse DH/DSA file " + "'%s'", dh_file); + return -1; + } + + if (SSL_set_tmp_dh(conn->ssl, dh) != 1) { + wpa_printf(MSG_INFO, "TLS: Failed to set DH params from '%s': " + "%s", dh_file, + ERR_error_string(ERR_get_error(), NULL)); + DH_free(dh); + return -1; + } + DH_free(dh); + return 0; +#endif /* OPENSSL_NO_DH */ +} + + +int tls_connection_get_keys(void *ssl_ctx, struct tls_connection *conn, + struct tls_keys *keys) +{ + SSL *ssl; + + if (conn == NULL || keys == NULL) + return -1; + ssl = conn->ssl; + if (ssl == NULL || ssl->s3 == NULL || ssl->session == NULL) + return -1; + + os_memset(keys, 0, sizeof(*keys)); + keys->master_key = ssl->session->master_key; + keys->master_key_len = ssl->session->master_key_length; + keys->client_random = ssl->s3->client_random; + keys->client_random_len = SSL3_RANDOM_SIZE; + keys->server_random = ssl->s3->server_random; + keys->server_random_len = SSL3_RANDOM_SIZE; + + return 0; +} + + +int tls_connection_prf(void *tls_ctx, struct tls_connection *conn, + const char *label, int server_random_first, + u8 *out, size_t out_len) +{ + return -1; +} + + +u8 * tls_connection_handshake(void *ssl_ctx, struct tls_connection *conn, + const u8 *in_data, size_t in_len, + size_t *out_len, u8 **appl_data, + size_t *appl_data_len) +{ + int res; + u8 *out_data; + + if (appl_data) + *appl_data = NULL; + + /* + * Give TLS handshake data from the server (if available) to OpenSSL + * for processing. + */ + if (in_data && + BIO_write(conn->ssl_in, in_data, in_len) < 0) { + tls_show_errors(MSG_INFO, __func__, + "Handshake failed - BIO_write"); + return NULL; + } + + /* Initiate TLS handshake or continue the existing handshake */ + res = SSL_connect(conn->ssl); + if (res != 1) { + int err = SSL_get_error(conn->ssl, res); + if (err == SSL_ERROR_WANT_READ) + wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want " + "more data"); + else if (err == SSL_ERROR_WANT_WRITE) + wpa_printf(MSG_DEBUG, "SSL: SSL_connect - want to " + "write"); + else { + tls_show_errors(MSG_INFO, __func__, "SSL_connect"); + conn->failed++; + } + } + + /* Get the TLS handshake data to be sent to the server */ + res = BIO_ctrl_pending(conn->ssl_out); + wpa_printf(MSG_DEBUG, "SSL: %d bytes pending from ssl_out", res); + out_data = os_malloc(res == 0 ? 1 : res); + if (out_data == NULL) { + wpa_printf(MSG_DEBUG, "SSL: Failed to allocate memory for " + "handshake output (%d bytes)", res); + if (BIO_reset(conn->ssl_out) < 0) { + tls_show_errors(MSG_INFO, __func__, + "BIO_reset failed"); + } + *out_len = 0; + return NULL; + } + res = res == 0 ? 0 : BIO_read(conn->ssl_out, out_data, res); + if (res < 0) { + tls_show_errors(MSG_INFO, __func__, + "Handshake failed - BIO_read"); + if (BIO_reset(conn->ssl_out) < 0) { + tls_show_errors(MSG_INFO, __func__, + "BIO_reset failed"); + } + *out_len = 0; + return NULL; + } + *out_len = res; + + if (SSL_is_init_finished(conn->ssl) && appl_data) { + *appl_data = os_malloc(in_len); + if (*appl_data) { + res = SSL_read(conn->ssl, *appl_data, in_len); + if (res < 0) { + tls_show_errors(MSG_INFO, __func__, + "Failed to read possible " + "Application Data"); + os_free(*appl_data); + *appl_data = NULL; + } else { + *appl_data_len = res; + wpa_hexdump_key(MSG_MSGDUMP, "SSL: Application" + " Data in Finish message", + *appl_data, *appl_data_len); + } + } + } + + return out_data; +} + + +u8 * tls_connection_server_handshake(void *ssl_ctx, + struct tls_connection *conn, + const u8 *in_data, size_t in_len, + size_t *out_len) +{ + int res; + u8 *out_data; + char buf[10]; + + if (in_data && + BIO_write(conn->ssl_in, in_data, in_len) < 0) { + tls_show_errors(MSG_INFO, __func__, + "Handshake failed - BIO_write"); + return NULL; + } + + res = SSL_read(conn->ssl, buf, sizeof(buf)); + if (res >= 0) { + wpa_printf(MSG_DEBUG, "SSL: Unexpected data from SSL_read " + "(res=%d)", res); + } + + res = BIO_ctrl_pending(conn->ssl_out); + wpa_printf(MSG_DEBUG, "SSL: %d bytes pending from ssl_out", res); + out_data = os_malloc(res == 0 ? 1 : res); + if (out_data == NULL) { + wpa_printf(MSG_DEBUG, "SSL: Failed to allocate memory for " + "handshake output (%d bytes)", res); + if (BIO_reset(conn->ssl_out) < 0) { + tls_show_errors(MSG_INFO, __func__, + "BIO_reset failed"); + } + *out_len = 0; + return NULL; + } + res = res == 0 ? 0 : BIO_read(conn->ssl_out, out_data, res); + if (res < 0) { + tls_show_errors(MSG_INFO, __func__, + "Handshake failed - BIO_read"); + if (BIO_reset(conn->ssl_out) < 0) { + tls_show_errors(MSG_INFO, __func__, + "BIO_reset failed"); + } + *out_len = 0; + return NULL; + } + *out_len = res; + return out_data; +} + + +int tls_connection_encrypt(void *ssl_ctx, struct tls_connection *conn, + const u8 *in_data, size_t in_len, + u8 *out_data, size_t out_len) +{ + int res; + + if (conn == NULL) + return -1; + + /* Give plaintext data for OpenSSL to encrypt into the TLS tunnel. */ + if ((res = BIO_reset(conn->ssl_in)) < 0 || + (res = BIO_reset(conn->ssl_out)) < 0) { + tls_show_errors(MSG_INFO, __func__, "BIO_reset failed"); + return res; + } + res = SSL_write(conn->ssl, in_data, in_len); + if (res < 0) { + tls_show_errors(MSG_INFO, __func__, + "Encryption failed - SSL_write"); + return res; + } + + /* Read encrypted data to be sent to the server */ + res = BIO_read(conn->ssl_out, out_data, out_len); + if (res < 0) { + tls_show_errors(MSG_INFO, __func__, + "Encryption failed - BIO_read"); + return res; + } + + return res; +} + + +int tls_connection_decrypt(void *ssl_ctx, struct tls_connection *conn, + const u8 *in_data, size_t in_len, + u8 *out_data, size_t out_len) +{ + int res; + + /* Give encrypted data from TLS tunnel for OpenSSL to decrypt. */ + res = BIO_write(conn->ssl_in, in_data, in_len); + if (res < 0) { + tls_show_errors(MSG_INFO, __func__, + "Decryption failed - BIO_write"); + return res; + } + if (BIO_reset(conn->ssl_out) < 0) { + tls_show_errors(MSG_INFO, __func__, "BIO_reset failed"); + return res; + } + + /* Read decrypted data for further processing */ + res = SSL_read(conn->ssl, out_data, out_len); + if (res < 0) { + tls_show_errors(MSG_INFO, __func__, + "Decryption failed - SSL_read"); + return res; + } + + return res; +} + + +int tls_connection_resumed(void *ssl_ctx, struct tls_connection *conn) +{ + return conn ? conn->ssl->hit : 0; +} + + +#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) +/* Pre-shared secred requires a patch to openssl, so this function is + * commented out unless explicitly needed for EAP-FAST in order to be able to + * build this file with unmodified openssl. */ + +static int tls_sess_sec_cb(SSL *s, void *secret, int *secret_len, + STACK_OF(SSL_CIPHER) *peer_ciphers, + SSL_CIPHER **cipher, void *arg) +{ + struct tls_connection *conn = arg; + + if (conn == NULL || conn->pre_shared_secret == 0) + return 0; + + os_memcpy(secret, conn->pre_shared_secret, + conn->pre_shared_secret_len); + *secret_len = conn->pre_shared_secret_len; + + return 1; +} + + +int tls_connection_set_master_key(void *ssl_ctx, struct tls_connection *conn, + const u8 *key, size_t key_len) +{ + if (conn == NULL || key_len > SSL_MAX_MASTER_KEY_LENGTH) + return -1; + + os_free(conn->pre_shared_secret); + conn->pre_shared_secret = NULL; + conn->pre_shared_secret_len = 0; + + if (key) { + conn->pre_shared_secret = os_malloc(key_len); + if (conn->pre_shared_secret) { + os_memcpy(conn->pre_shared_secret, key, key_len); + conn->pre_shared_secret_len = key_len; + } + if (SSL_set_session_secret_cb(conn->ssl, tls_sess_sec_cb, + conn) != 1) + return -1; + } else { + if (SSL_set_session_secret_cb(conn->ssl, NULL, NULL) != 1) + return -1; + } + + return 0; +} +#endif /* EAP_FAST || EAP_FAST_DYNAMIC */ + + +int tls_connection_set_cipher_list(void *tls_ctx, struct tls_connection *conn, + u8 *ciphers) +{ + char buf[100], *pos, *end; + u8 *c; + int ret; + + if (conn == NULL || conn->ssl == NULL || ciphers == NULL) + return -1; + + buf[0] = '\0'; + pos = buf; + end = pos + sizeof(buf); + + c = ciphers; + while (*c != TLS_CIPHER_NONE) { + const char *suite; + + switch (*c) { + case TLS_CIPHER_RC4_SHA: + suite = "RC4-SHA"; + break; + case TLS_CIPHER_AES128_SHA: + suite = "AES128-SHA"; + break; + case TLS_CIPHER_RSA_DHE_AES128_SHA: + suite = "DHE-RSA-AES128-SHA"; + break; + case TLS_CIPHER_ANON_DH_AES128_SHA: + suite = "ADH-AES128-SHA"; + break; + default: + wpa_printf(MSG_DEBUG, "TLS: Unsupported " + "cipher selection: %d", *c); + return -1; + } + ret = os_snprintf(pos, end - pos, ":%s", suite); + if (ret < 0 || ret >= end - pos) + break; + pos += ret; + + c++; + } + + wpa_printf(MSG_DEBUG, "OpenSSL: cipher suites: %s", buf + 1); + + if (SSL_set_cipher_list(conn->ssl, buf + 1) != 1) { + tls_show_errors(MSG_INFO, __func__, + "Cipher suite configuration failed"); + return -1; + } + + return 0; +} + + +int tls_get_cipher(void *ssl_ctx, struct tls_connection *conn, + char *buf, size_t buflen) +{ + const char *name; + if (conn == NULL || conn->ssl == NULL) + return -1; + + name = SSL_get_cipher(conn->ssl); + if (name == NULL) + return -1; + + os_snprintf(buf, buflen, "%s", name); + buf[buflen - 1] = '\0'; + return 0; +} + + +int tls_connection_enable_workaround(void *ssl_ctx, + struct tls_connection *conn) +{ + SSL_set_options(conn->ssl, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS); + + return 0; +} + + +#if defined(EAP_FAST) || defined(EAP_FAST_DYNAMIC) +/* ClientHello TLS extensions require a patch to openssl, so this function is + * commented out unless explicitly needed for EAP-FAST in order to be able to + * build this file with unmodified openssl. */ +int tls_connection_client_hello_ext(void *ssl_ctx, struct tls_connection *conn, + int ext_type, const u8 *data, + size_t data_len) +{ + if (conn == NULL || conn->ssl == NULL) + return -1; + + if (SSL_set_hello_extension(conn->ssl, ext_type, (void *) data, + data_len) != 1) + return -1; + + return 0; +} +#endif /* EAP_FAST || EAP_FAST_DYNAMIC */ + + +int tls_connection_get_failed(void *ssl_ctx, struct tls_connection *conn) +{ + if (conn == NULL) + return -1; + return conn->failed; +} + + +int tls_connection_get_read_alerts(void *ssl_ctx, struct tls_connection *conn) +{ + if (conn == NULL) + return -1; + return conn->read_alerts; +} + + +int tls_connection_get_write_alerts(void *ssl_ctx, struct tls_connection *conn) +{ + if (conn == NULL) + return -1; + return conn->write_alerts; +} + + +int tls_connection_set_params(void *tls_ctx, struct tls_connection *conn, + const struct tls_connection_params *params) +{ + int ret; + unsigned long err; + + if (conn == NULL) + return -1; + + while ((err = ERR_get_error())) { + wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s", + __func__, ERR_error_string(err, NULL)); + } + + if (tls_connection_set_subject_match(conn, + params->subject_match, + params->altsubject_match)) + return -1; + if (tls_connection_ca_cert(tls_ctx, conn, params->ca_cert, + params->ca_cert_blob, + params->ca_cert_blob_len, + params->ca_path)) + return -1; + if (tls_connection_client_cert(conn, params->client_cert, + params->client_cert_blob, + params->client_cert_blob_len)) + return -1; + + if (params->engine) { + wpa_printf(MSG_DEBUG, "SSL: Initializing TLS engine"); + ret = tls_engine_init(conn, params->engine_id, params->pin, + params->key_id); + if (ret) + return ret; + if (tls_connection_engine_private_key(conn)) + return TLS_SET_PARAMS_ENGINE_PRV_VERIFY_FAILED; + } else if (tls_connection_private_key(tls_ctx, conn, + params->private_key, + params->private_key_passwd, + params->private_key_blob, + params->private_key_blob_len)) { + wpa_printf(MSG_INFO, "TLS: Failed to load private key '%s'", + params->private_key); + return -1; + } + + if (tls_connection_dh(conn, params->dh_file)) { + wpa_printf(MSG_INFO, "TLS: Failed to load DH file '%s'", + params->dh_file); + return -1; + } + + tls_get_errors(tls_ctx); + + return 0; +} + + +int tls_global_set_params(void *tls_ctx, + const struct tls_connection_params *params) +{ + SSL_CTX *ssl_ctx = tls_ctx; + unsigned long err; + + while ((err = ERR_get_error())) { + wpa_printf(MSG_INFO, "%s: Clearing pending SSL error: %s", + __func__, ERR_error_string(err, NULL)); + } + + if (tls_global_ca_cert(ssl_ctx, params->ca_cert)) + return -1; + + if (tls_global_client_cert(ssl_ctx, params->client_cert)) + return -1; + + if (tls_global_private_key(ssl_ctx, params->private_key, + params->private_key_passwd)) + return -1; + + return 0; +} + + +int tls_connection_get_keyblock_size(void *tls_ctx, + struct tls_connection *conn) +{ + const EVP_CIPHER *c; + const EVP_MD *h; + + if (conn == NULL || conn->ssl == NULL || + conn->ssl->enc_read_ctx == NULL || + conn->ssl->enc_read_ctx->cipher == NULL || + conn->ssl->read_hash == NULL) + return -1; + + c = conn->ssl->enc_read_ctx->cipher; + h = conn->ssl->read_hash; + + return 2 * (EVP_CIPHER_key_length(c) + + EVP_MD_size(h) + + EVP_CIPHER_iv_length(c)); +} + + +unsigned int tls_capabilities(void *tls_ctx) +{ + return 0; +} + + +int tls_connection_set_ia(void *tls_ctx, struct tls_connection *conn, + int tls_ia) +{ + return -1; +} + + +int tls_connection_ia_send_phase_finished(void *tls_ctx, + struct tls_connection *conn, + int final, + u8 *out_data, size_t out_len) +{ + return -1; +} + + +int tls_connection_ia_final_phase_finished(void *tls_ctx, + struct tls_connection *conn) +{ + return -1; +} + + +int tls_connection_ia_permute_inner_secret(void *tls_ctx, + struct tls_connection *conn, + const u8 *key, size_t key_len) +{ + return -1; +} diff --git a/contrib/hostapd-0.5.8/version.h b/contrib/hostapd-0.5.8/version.h new file mode 100644 index 0000000000..2eed290d1b --- /dev/null +++ b/contrib/hostapd-0.5.8/version.h @@ -0,0 +1,6 @@ +#ifndef VERSION_H +#define VERSION_H + +#define VERSION_STR "0.5.8" + +#endif /* VERSION_H */ diff --git a/contrib/hostapd-0.5.8/vlan_init.c b/contrib/hostapd-0.5.8/vlan_init.c new file mode 100644 index 0000000000..d546c74afd --- /dev/null +++ b/contrib/hostapd-0.5.8/vlan_init.c @@ -0,0 +1,835 @@ +/* + * hostapd / VLAN initialization + * Copyright 2003, Instant802 Networks, Inc. + * Copyright 2005-2006, Devicescape Software, Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "hostapd.h" +#include "driver.h" +#include "vlan_init.h" + + +#ifdef CONFIG_FULL_DYNAMIC_VLAN + +#include +#include +#include +#include +typedef __uint64_t __u64; +typedef __uint32_t __u32; +typedef __int32_t __s32; +typedef __uint16_t __u16; +typedef __int16_t __s16; +typedef __uint8_t __u8; +#include + +#include "priv_netlink.h" +#include "eloop.h" + + +struct full_dynamic_vlan { + int s; /* socket on which to listen for new/removed interfaces. */ +}; + + +static int ifconfig_helper(const char *if_name, int up) +{ + int fd; + struct ifreq ifr; + + if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) { + perror("socket[AF_INET,SOCK_STREAM]"); + return -1; + } + + memset(&ifr, 0, sizeof(ifr)); + strncpy(ifr.ifr_name, if_name, IFNAMSIZ); + + if (ioctl(fd, SIOCGIFFLAGS, &ifr) != 0) { + perror("ioctl[SIOCGIFFLAGS]"); + close(fd); + return -1; + } + + if (up) + ifr.ifr_flags |= IFF_UP; + else + ifr.ifr_flags &= ~IFF_UP; + + if (ioctl(fd, SIOCSIFFLAGS, &ifr) != 0) { + perror("ioctl[SIOCSIFFLAGS]"); + close(fd); + return -1; + } + + close(fd); + return 0; +} + + +static int ifconfig_up(const char *if_name) +{ + return ifconfig_helper(if_name, 1); +} + + +static int ifconfig_down(const char *if_name) +{ + return ifconfig_helper(if_name, 0); +} + + +/* + * These are only available in recent linux headers (without the leading + * underscore). + */ +#define _GET_VLAN_REALDEV_NAME_CMD 8 +#define _GET_VLAN_VID_CMD 9 + +/* This value should be 256 ONLY. If it is something else, then hostapd + * might crash!, as this value has been hard-coded in 2.4.x kernel + * bridging code. + */ +#define MAX_BR_PORTS 256 + +static int br_delif(const char *br_name, const char *if_name) +{ + int fd; + struct ifreq ifr; + unsigned long args[2]; + int if_index; + + if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) { + perror("socket[AF_INET,SOCK_STREAM]"); + return -1; + } + + if_index = if_nametoindex(if_name); + + if (if_index == 0) { + printf("Failure determining interface index for '%s'\n", + if_name); + close(fd); + return -1; + } + + args[0] = BRCTL_DEL_IF; + args[1] = if_index; + + strncpy(ifr.ifr_name, br_name, sizeof(ifr.ifr_name)); + ifr.ifr_data = (__caddr_t) args; + + if (ioctl(fd, SIOCDEVPRIVATE, &ifr) < 0 && errno != EINVAL) { + /* No error if interface already removed. */ + perror("ioctl[SIOCDEVPRIVATE,BRCTL_DEL_IF]"); + close(fd); + return -1; + } + + close(fd); + return 0; +} + + +/* + Add interface 'if_name' to the bridge 'br_name' + + returns -1 on error + returns 1 if the interface is already part of the bridge + returns 0 otherwise +*/ +static int br_addif(const char *br_name, const char *if_name) +{ + int fd; + struct ifreq ifr; + unsigned long args[2]; + int if_index; + + if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) { + perror("socket[AF_INET,SOCK_STREAM]"); + return -1; + } + + if_index = if_nametoindex(if_name); + + if (if_index == 0) { + printf("Failure determining interface index for '%s'\n", + if_name); + close(fd); + return -1; + } + + args[0] = BRCTL_ADD_IF; + args[1] = if_index; + + strncpy(ifr.ifr_name, br_name, sizeof(ifr.ifr_name)); + ifr.ifr_data = (__caddr_t) args; + + if (ioctl(fd, SIOCDEVPRIVATE, &ifr) < 0) { + if (errno == EBUSY) { + /* The interface is already added. */ + close(fd); + return 1; + } + + perror("ioctl[SIOCDEVPRIVATE,BRCTL_ADD_IF]"); + close(fd); + return -1; + } + + close(fd); + return 0; +} + + +static int br_delbr(const char *br_name) +{ + int fd; + unsigned long arg[2]; + + if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) { + perror("socket[AF_INET,SOCK_STREAM]"); + return -1; + } + + arg[0] = BRCTL_DEL_BRIDGE; + arg[1] = (unsigned long) br_name; + + if (ioctl(fd, SIOCGIFBR, arg) < 0 && errno != ENXIO) { + /* No error if bridge already removed. */ + perror("ioctl[BRCTL_DEL_BRIDGE]"); + close(fd); + return -1; + } + + close(fd); + return 0; +} + + +/* + Add a bridge with the name 'br_name'. + + returns -1 on error + returns 1 if the bridge already exists + returns 0 otherwise +*/ +static int br_addbr(const char *br_name) +{ + int fd; + unsigned long arg[2]; + + if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) { + perror("socket[AF_INET,SOCK_STREAM]"); + return -1; + } + + arg[0] = BRCTL_ADD_BRIDGE; + arg[1] = (unsigned long) br_name; + + if (ioctl(fd, SIOCGIFBR, arg) < 0) { + if (errno == EEXIST) { + /* The bridge is already added. */ + close(fd); + return 1; + } else { + perror("ioctl[BRCTL_ADD_BRIDGE]"); + close(fd); + return -1; + } + } + + close(fd); + return 0; +} + + +static int br_getnumports(const char *br_name) +{ + int fd; + int i; + int port_cnt = 0; + unsigned long arg[4]; + int ifindices[MAX_BR_PORTS]; + struct ifreq ifr; + + if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) { + perror("socket[AF_INET,SOCK_STREAM]"); + return -1; + } + + arg[0] = BRCTL_GET_PORT_LIST; + arg[1] = (unsigned long) ifindices; + arg[2] = MAX_BR_PORTS; + arg[3] = 0; + + memset(ifindices, 0, sizeof(ifindices)); + strncpy(ifr.ifr_name, br_name, sizeof(ifr.ifr_name)); + ifr.ifr_data = (__caddr_t) arg; + + if (ioctl(fd, SIOCDEVPRIVATE, &ifr) < 0) { + perror("ioctl[SIOCDEVPRIVATE,BRCTL_GET_PORT_LIST]"); + close(fd); + return -1; + } + + for (i = 1; i < MAX_BR_PORTS; i++) { + if (ifindices[i] > 0) { + port_cnt++; + } + } + + close(fd); + return port_cnt; +} + + +static int vlan_rem(const char *if_name) +{ + int fd; + struct vlan_ioctl_args if_request; + + if ((strlen(if_name) + 1) > sizeof(if_request.device1)) { + fprintf(stderr, "Interface name to long.\n"); + return -1; + } + + if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) { + perror("socket[AF_INET,SOCK_STREAM]"); + return -1; + } + + memset(&if_request, 0, sizeof(if_request)); + + strcpy(if_request.device1, if_name); + if_request.cmd = DEL_VLAN_CMD; + + if (ioctl(fd, SIOCSIFVLAN, &if_request) < 0) { + perror("ioctl[SIOCSIFVLAN,DEL_VLAN_CMD]"); + close(fd); + return -1; + } + + close(fd); + return 0; +} + + +/* + Add a vlan interface with VLAN ID 'vid' and tagged interface + 'if_name'. + + returns -1 on error + returns 1 if the interface already exists + returns 0 otherwise +*/ +static int vlan_add(const char *if_name, int vid) +{ + int fd; + struct vlan_ioctl_args if_request; + + ifconfig_up(if_name); + + if ((strlen(if_name) + 1) > sizeof(if_request.device1)) { + fprintf(stderr, "Interface name to long.\n"); + return -1; + } + + if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) { + perror("socket[AF_INET,SOCK_STREAM]"); + return -1; + } + + memset(&if_request, 0, sizeof(if_request)); + + /* Determine if a suitable vlan device already exists. */ + + snprintf(if_request.device1, sizeof(if_request.device1), "vlan%d", + vid); + + if_request.cmd = _GET_VLAN_VID_CMD; + + if (ioctl(fd, SIOCSIFVLAN, &if_request) == 0) { + + if (if_request.u.VID == vid) { + if_request.cmd = _GET_VLAN_REALDEV_NAME_CMD; + + if (ioctl(fd, SIOCSIFVLAN, &if_request) == 0 + && strncmp(if_request.u.device2, if_name, + sizeof(if_request.u.device2)) == 0) { + close(fd); + return 1; + } + } + } + + /* A suitable vlan device does not already exist, add one. */ + + memset(&if_request, 0, sizeof(if_request)); + strcpy(if_request.device1, if_name); + if_request.u.VID = vid; + if_request.cmd = ADD_VLAN_CMD; + + if (ioctl(fd, SIOCSIFVLAN, &if_request) < 0) { + perror("ioctl[SIOCSIFVLAN,ADD_VLAN_CMD]"); + close(fd); + return -1; + } + + close(fd); + return 0; +} + + +static int vlan_set_name_type(unsigned int name_type) +{ + int fd; + struct vlan_ioctl_args if_request; + + if ((fd = socket(AF_INET, SOCK_STREAM, 0)) < 0) { + perror("socket[AF_INET,SOCK_STREAM]"); + return -1; + } + + memset(&if_request, 0, sizeof(if_request)); + + if_request.u.name_type = name_type; + if_request.cmd = SET_VLAN_NAME_TYPE_CMD; + if (ioctl(fd, SIOCSIFVLAN, &if_request) < 0) { + perror("ioctl[SIOCSIFVLAN,SET_VLAN_NAME_TYPE_CMD]"); + close(fd); + return -1; + } + + close(fd); + return 0; +} + + +static void vlan_newlink(char *ifname, struct hostapd_data *hapd) +{ + char vlan_ifname[IFNAMSIZ]; + char br_name[IFNAMSIZ]; + struct hostapd_vlan *vlan = hapd->conf->vlan; + char *tagged_interface = hapd->conf->ssid.vlan_tagged_interface; + + while (vlan) { + if (strcmp(ifname, vlan->ifname) == 0) { + + snprintf(br_name, sizeof(br_name), "brvlan%d", + vlan->vlan_id); + + if (!br_addbr(br_name)) + vlan->clean |= DVLAN_CLEAN_BR; + + ifconfig_up(br_name); + + if (tagged_interface) { + + if (!vlan_add(tagged_interface, vlan->vlan_id)) + vlan->clean |= DVLAN_CLEAN_VLAN; + + snprintf(vlan_ifname, sizeof(vlan_ifname), + "vlan%d", vlan->vlan_id); + + if (!br_addif(br_name, vlan_ifname)) + vlan->clean |= DVLAN_CLEAN_VLAN_PORT; + + ifconfig_up(vlan_ifname); + } + + if (!br_addif(br_name, ifname)) + vlan->clean |= DVLAN_CLEAN_WLAN_PORT; + + ifconfig_up(ifname); + + break; + } + vlan = vlan->next; + } +} + + +static void vlan_dellink(char *ifname, struct hostapd_data *hapd) +{ + char vlan_ifname[IFNAMSIZ]; + char br_name[IFNAMSIZ]; + struct hostapd_vlan *first, *prev, *vlan = hapd->conf->vlan; + char *tagged_interface = hapd->conf->ssid.vlan_tagged_interface; + int numports; + + first = prev = vlan; + + while (vlan) { + if (strcmp(ifname, vlan->ifname) == 0) { + snprintf(br_name, sizeof(br_name), "brvlan%d", + vlan->vlan_id); + + if (tagged_interface) { + snprintf(vlan_ifname, sizeof(vlan_ifname), + "vlan%d", vlan->vlan_id); + + numports = br_getnumports(br_name); + if (numports == 1) { + br_delif(br_name, vlan_ifname); + + vlan_rem(vlan_ifname); + + ifconfig_down(br_name); + br_delbr(br_name); + } + } + + if (vlan == first) { + hapd->conf->vlan = vlan->next; + } else { + prev->next = vlan->next; + } + free(vlan); + + break; + } + prev = vlan; + vlan = vlan->next; + } +} + + +static void +vlan_read_ifnames(struct nlmsghdr *h, size_t len, int del, + struct hostapd_data *hapd) +{ + struct ifinfomsg *ifi; + int attrlen, nlmsg_len, rta_len; + struct rtattr *attr; + + if (len < sizeof(*ifi)) + return; + + ifi = NLMSG_DATA(h); + + nlmsg_len = NLMSG_ALIGN(sizeof(struct ifinfomsg)); + + attrlen = h->nlmsg_len - nlmsg_len; + if (attrlen < 0) + return; + + attr = (struct rtattr *) (((char *) ifi) + nlmsg_len); + + rta_len = RTA_ALIGN(sizeof(struct rtattr)); + while (RTA_OK(attr, attrlen)) { + char ifname[IFNAMSIZ + 1]; + + if (attr->rta_type == IFLA_IFNAME) { + int n = attr->rta_len - rta_len; + if (n < 0) + break; + + memset(ifname, 0, sizeof(ifname)); + + if ((size_t) n > sizeof(ifname)) + n = sizeof(ifname); + memcpy(ifname, ((char *) attr) + rta_len, n); + + if (del) + vlan_dellink(ifname, hapd); + else + vlan_newlink(ifname, hapd); + } + + attr = RTA_NEXT(attr, attrlen); + } +} + + +static void vlan_event_receive(int sock, void *eloop_ctx, void *sock_ctx) +{ + char buf[8192]; + int left; + struct sockaddr_nl from; + socklen_t fromlen; + struct nlmsghdr *h; + struct hostapd_data *hapd = eloop_ctx; + + fromlen = sizeof(from); + left = recvfrom(sock, buf, sizeof(buf), MSG_DONTWAIT, + (struct sockaddr *) &from, &fromlen); + if (left < 0) { + if (errno != EINTR && errno != EAGAIN) + perror("recvfrom(netlink)"); + return; + } + + h = (struct nlmsghdr *) buf; + while (left >= (int) sizeof(*h)) { + int len, plen; + + len = h->nlmsg_len; + plen = len - sizeof(*h); + if (len > left || plen < 0) { + printf("Malformed netlink message: " + "len=%d left=%d plen=%d", len, left, plen); + break; + } + + switch (h->nlmsg_type) { + case RTM_NEWLINK: + vlan_read_ifnames(h, plen, 0, hapd); + break; + case RTM_DELLINK: + vlan_read_ifnames(h, plen, 1, hapd); + break; + } + + len = NLMSG_ALIGN(len); + left -= len; + h = (struct nlmsghdr *) ((char *) h + len); + } + + if (left > 0) { + printf("%d extra bytes in the end of netlink message", + left); + } +} + + +static struct full_dynamic_vlan * +full_dynamic_vlan_init(struct hostapd_data *hapd) +{ + struct sockaddr_nl local; + struct full_dynamic_vlan *priv; + + priv = malloc(sizeof(*priv)); + + if (priv == NULL) + return NULL; + + memset(priv, 0, sizeof(*priv)); + + vlan_set_name_type(VLAN_NAME_TYPE_PLUS_VID_NO_PAD); + + priv->s = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE); + if (priv->s < 0) { + perror("socket(PF_NETLINK,SOCK_RAW,NETLINK_ROUTE)"); + free(priv); + return NULL; + } + + memset(&local, 0, sizeof(local)); + local.nl_family = AF_NETLINK; + local.nl_groups = RTMGRP_LINK; + if (bind(priv->s, (struct sockaddr *) &local, sizeof(local)) < 0) { + perror("bind(netlink)"); + close(priv->s); + free(priv); + return NULL; + } + + if (eloop_register_read_sock(priv->s, vlan_event_receive, hapd, NULL)) + { + close(priv->s); + free(priv); + return NULL; + } + + return priv; +} + + +static void full_dynamic_vlan_deinit(struct full_dynamic_vlan *priv) +{ + if (priv == NULL) + return; + eloop_unregister_read_sock(priv->s); + close(priv->s); + free(priv); +} +#endif /* CONFIG_FULL_DYNAMIC_VLAN */ + + +int vlan_setup_encryption_dyn(struct hostapd_data *hapd, + struct hostapd_ssid *mssid, const char *dyn_vlan) +{ + int i; + + if (dyn_vlan == NULL) + return 0; + + /* Static WEP keys are set here; IEEE 802.1X and WPA uses their own + * functions for setting up dynamic broadcast keys. */ + for (i = 0; i < 4; i++) { + if (mssid->wep.key[i] && + hostapd_set_encryption(dyn_vlan, hapd, "WEP", NULL, + i, mssid->wep.key[i], + mssid->wep.len[i], + i == mssid->wep.idx)) { + printf("VLAN: Could not set WEP encryption for " + "dynamic VLAN.\n"); + return -1; + } + } + + return 0; +} + + +static int vlan_dynamic_add(struct hostapd_data *hapd, + struct hostapd_vlan *vlan) +{ + while (vlan) { + if (vlan->vlan_id != VLAN_ID_WILDCARD && + hostapd_if_add(hapd, HOSTAPD_IF_VLAN, vlan->ifname, NULL)) + { + if (errno != EEXIST) { + printf("Could not add VLAN iface: %s: %s\n", + vlan->ifname, strerror(errno)); + return -1; + } + } + + vlan = vlan->next; + } + + return 0; +} + + +static void vlan_dynamic_remove(struct hostapd_data *hapd, + struct hostapd_vlan *vlan) +{ + struct hostapd_vlan *next; + + while (vlan) { + next = vlan->next; + + if (vlan->vlan_id != VLAN_ID_WILDCARD && + hostapd_if_remove(hapd, HOSTAPD_IF_VLAN, vlan->ifname, + NULL)) { + printf("Could not remove VLAN iface: %s: %s\n", + vlan->ifname, strerror(errno)); + } +#ifdef CONFIG_FULL_DYNAMIC_VLAN + if (vlan->clean) + vlan_dellink(vlan->ifname, hapd); +#endif /* CONFIG_FULL_DYNAMIC_VLAN */ + + vlan = next; + } +} + + +int vlan_init(struct hostapd_data *hapd) +{ + if (vlan_dynamic_add(hapd, hapd->conf->vlan)) + return -1; + +#ifdef CONFIG_FULL_DYNAMIC_VLAN + hapd->full_dynamic_vlan = full_dynamic_vlan_init(hapd); +#endif /* CONFIG_FULL_DYNAMIC_VLAN */ + + return 0; +} + + +void vlan_deinit(struct hostapd_data *hapd) +{ + vlan_dynamic_remove(hapd, hapd->conf->vlan); + +#ifdef CONFIG_FULL_DYNAMIC_VLAN + full_dynamic_vlan_deinit(hapd->full_dynamic_vlan); +#endif /* CONFIG_FULL_DYNAMIC_VLAN */ +} + + +int vlan_reconfig(struct hostapd_data *hapd, struct hostapd_config *oldconf, + struct hostapd_bss_config *oldbss) +{ + vlan_dynamic_remove(hapd, oldbss->vlan); + if (vlan_dynamic_add(hapd, hapd->conf->vlan)) + return -1; + + return 0; +} + + +struct hostapd_vlan * vlan_add_dynamic(struct hostapd_data *hapd, + struct hostapd_vlan *vlan, + int vlan_id) +{ + struct hostapd_vlan *n; + char *ifname, *pos; + + if (vlan == NULL || vlan_id <= 0 || vlan_id > MAX_VLAN_ID || + vlan->vlan_id != VLAN_ID_WILDCARD) + return NULL; + + ifname = strdup(vlan->ifname); + if (ifname == NULL) + return NULL; + pos = strchr(ifname, '#'); + if (pos == NULL) { + free(ifname); + return NULL; + } + *pos++ = '\0'; + + n = malloc(sizeof(*n)); + if (n == NULL) { + free(ifname); + return NULL; + } + + memset(n, 0, sizeof(*n)); + n->vlan_id = vlan_id; + n->dynamic_vlan = 1; + + snprintf(n->ifname, sizeof(n->ifname), "%s%d%s", ifname, vlan_id, pos); + free(ifname); + + if (hostapd_if_add(hapd, HOSTAPD_IF_VLAN, n->ifname, NULL)) { + free(n); + return NULL; + } + + n->next = hapd->conf->vlan; + hapd->conf->vlan = n; + + return n; +} + + +int vlan_remove_dynamic(struct hostapd_data *hapd, int vlan_id) +{ + struct hostapd_vlan *vlan; + + if (vlan_id <= 0 || vlan_id > MAX_VLAN_ID) + return 1; + + vlan = hapd->conf->vlan; + while (vlan) { + if (vlan->vlan_id == vlan_id && vlan->dynamic_vlan > 0) { + vlan->dynamic_vlan--; + break; + } + vlan = vlan->next; + } + + if (vlan == NULL) + return 1; + + if (vlan->dynamic_vlan == 0) + hostapd_if_remove(hapd, HOSTAPD_IF_VLAN, vlan->ifname, NULL); + + return 0; +} diff --git a/contrib/hostapd-0.5.8/vlan_init.h b/contrib/hostapd-0.5.8/vlan_init.h new file mode 100644 index 0000000000..cf55ac2462 --- /dev/null +++ b/contrib/hostapd-0.5.8/vlan_init.h @@ -0,0 +1,31 @@ +/* + * hostapd / VLAN initialization + * Copyright 2003, Instant802 Networks, Inc. + * Copyright 2005, Devicescape Software, Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef VLAN_INIT_H +#define VLAN_INIT_H + +int vlan_init(struct hostapd_data *hapd); +void vlan_deinit(struct hostapd_data *hapd); +int vlan_reconfig(struct hostapd_data *hapd, struct hostapd_config *oldconf, + struct hostapd_bss_config *oldbss); +struct hostapd_vlan * vlan_add_dynamic(struct hostapd_data *hapd, + struct hostapd_vlan *vlan, + int vlan_id); +int vlan_remove_dynamic(struct hostapd_data *hapd, int vlan_id); +int vlan_setup_encryption_dyn(struct hostapd_data *hapd, + struct hostapd_ssid *mssid, + const char *dyn_vlan); + +#endif /* VLAN_INIT_H */ diff --git a/contrib/hostapd-0.5.8/wired.conf b/contrib/hostapd-0.5.8/wired.conf new file mode 100644 index 0000000000..956f8c53c5 --- /dev/null +++ b/contrib/hostapd-0.5.8/wired.conf @@ -0,0 +1,40 @@ +##### hostapd configuration file ############################################## +# Empty lines and lines starting with # are ignored + +# Example configuration file for wired authenticator. See hostapd.conf for +# more details. + +interface=eth0 +driver=wired +logger_stdout=-1 +logger_stdout_level=1 +debug=2 +dump_file=/tmp/hostapd.dump + +ieee8021x=1 +eap_reauth_period=3600 + +use_pae_group_addr=1 + + +##### RADIUS configuration #################################################### +# for IEEE 802.1X with external Authentication Server, IEEE 802.11 +# authentication with external ACL for MAC addresses, and accounting + +# The own IP address of the access point (used as NAS-IP-Address) +own_ip_addr=127.0.0.1 + +# Optional NAS-Identifier string for RADIUS messages. When used, this should be +# a unique to the NAS within the scope of the RADIUS server. For example, a +# fully qualified domain name can be used here. +nas_identifier=ap.example.com + +# RADIUS authentication server +auth_server_addr=127.0.0.1 +auth_server_port=1812 +auth_server_shared_secret=radius + +# RADIUS accounting server +acct_server_addr=127.0.0.1 +acct_server_port=1813 +acct_server_shared_secret=radius diff --git a/contrib/hostapd-0.5.8/wireless_copy.h b/contrib/hostapd-0.5.8/wireless_copy.h new file mode 100644 index 0000000000..e01a487275 --- /dev/null +++ b/contrib/hostapd-0.5.8/wireless_copy.h @@ -0,0 +1,1089 @@ +/* This is based on Linux Wireless Extensions header file from WIRELESS_EXT 18. + * I have just removed kernel related headers and added some typedefs etc. to + * make this easier to include into user space programs. + * Jouni Malinen, 2005-03-12. + */ + + +/* + * This file define a set of standard wireless extensions + * + * Version : 19 18.3.05 + * + * Authors : Jean Tourrilhes - HPL - + * Copyright (c) 1997-2005 Jean Tourrilhes, All Rights Reserved. + */ + +#ifndef _LINUX_WIRELESS_H +#define _LINUX_WIRELESS_H + +/************************** DOCUMENTATION **************************/ +/* + * Initial APIs (1996 -> onward) : + * ----------------------------- + * Basically, the wireless extensions are for now a set of standard ioctl + * call + /proc/net/wireless + * + * The entry /proc/net/wireless give statistics and information on the + * driver. + * This is better than having each driver having its entry because + * its centralised and we may remove the driver module safely. + * + * Ioctl are used to configure the driver and issue commands. This is + * better than command line options of insmod because we may want to + * change dynamically (while the driver is running) some parameters. + * + * The ioctl mechanimsm are copied from standard devices ioctl. + * We have the list of command plus a structure descibing the + * data exchanged... + * Note that to add these ioctl, I was obliged to modify : + * # net/core/dev.c (two place + add include) + * # net/ipv4/af_inet.c (one place + add include) + * + * /proc/net/wireless is a copy of /proc/net/dev. + * We have a structure for data passed from the driver to /proc/net/wireless + * Too add this, I've modified : + * # net/core/dev.c (two other places) + * # include/linux/netdevice.h (one place) + * # include/linux/proc_fs.h (one place) + * + * New driver API (2002 -> onward) : + * ------------------------------- + * This file is only concerned with the user space API and common definitions. + * The new driver API is defined and documented in : + * # include/net/iw_handler.h + * + * Note as well that /proc/net/wireless implementation has now moved in : + * # net/core/wireless.c + * + * Wireless Events (2002 -> onward) : + * -------------------------------- + * Events are defined at the end of this file, and implemented in : + * # net/core/wireless.c + * + * Other comments : + * -------------- + * Do not add here things that are redundant with other mechanisms + * (drivers init, ifconfig, /proc/net/dev, ...) and with are not + * wireless specific. + * + * These wireless extensions are not magic : each driver has to provide + * support for them... + * + * IMPORTANT NOTE : As everything in the kernel, this is very much a + * work in progress. Contact me if you have ideas of improvements... + */ + +/***************************** INCLUDES *****************************/ + + /* jkm - replaced linux headers with C library headers, added typedefs */ +#if 0 +/* To minimise problems in user space, I might remove those headers + * at some point. Jean II */ +#include /* for "caddr_t" et al */ +#include /* for "struct sockaddr" et al */ +#include /* for IFNAMSIZ and co... */ +#else +#include +#include +typedef __uint32_t __u32; +typedef __int32_t __s32; +typedef __uint16_t __u16; +typedef __int16_t __s16; +typedef __uint8_t __u8; +#ifndef __user +#define __user +#endif /* __user */ +#endif + +/***************************** VERSION *****************************/ +/* + * This constant is used to know the availability of the wireless + * extensions and to know which version of wireless extensions it is + * (there is some stuff that will be added in the future...) + * I just plan to increment with each new version. + */ +#define WIRELESS_EXT 19 + +/* + * Changes : + * + * V2 to V3 + * -------- + * Alan Cox start some incompatibles changes. I've integrated a bit more. + * - Encryption renamed to Encode to avoid US regulation problems + * - Frequency changed from float to struct to avoid problems on old 386 + * + * V3 to V4 + * -------- + * - Add sensitivity + * + * V4 to V5 + * -------- + * - Missing encoding definitions in range + * - Access points stuff + * + * V5 to V6 + * -------- + * - 802.11 support (ESSID ioctls) + * + * V6 to V7 + * -------- + * - define IW_ESSID_MAX_SIZE and IW_MAX_AP + * + * V7 to V8 + * -------- + * - Changed my e-mail address + * - More 802.11 support (nickname, rate, rts, frag) + * - List index in frequencies + * + * V8 to V9 + * -------- + * - Support for 'mode of operation' (ad-hoc, managed...) + * - Support for unicast and multicast power saving + * - Change encoding to support larger tokens (>64 bits) + * - Updated iw_params (disable, flags) and use it for NWID + * - Extracted iw_point from iwreq for clarity + * + * V9 to V10 + * --------- + * - Add PM capability to range structure + * - Add PM modifier : MAX/MIN/RELATIVE + * - Add encoding option : IW_ENCODE_NOKEY + * - Add TxPower ioctls (work like TxRate) + * + * V10 to V11 + * ---------- + * - Add WE version in range (help backward/forward compatibility) + * - Add retry ioctls (work like PM) + * + * V11 to V12 + * ---------- + * - Add SIOCSIWSTATS to get /proc/net/wireless programatically + * - Add DEV PRIVATE IOCTL to avoid collisions in SIOCDEVPRIVATE space + * - Add new statistics (frag, retry, beacon) + * - Add average quality (for user space calibration) + * + * V12 to V13 + * ---------- + * - Document creation of new driver API. + * - Extract union iwreq_data from struct iwreq (for new driver API). + * - Rename SIOCSIWNAME as SIOCSIWCOMMIT + * + * V13 to V14 + * ---------- + * - Wireless Events support : define struct iw_event + * - Define additional specific event numbers + * - Add "addr" and "param" fields in union iwreq_data + * - AP scanning stuff (SIOCSIWSCAN and friends) + * + * V14 to V15 + * ---------- + * - Add IW_PRIV_TYPE_ADDR for struct sockaddr private arg + * - Make struct iw_freq signed (both m & e), add explicit padding + * - Add IWEVCUSTOM for driver specific event/scanning token + * - Add IW_MAX_GET_SPY for driver returning a lot of addresses + * - Add IW_TXPOW_RANGE for range of Tx Powers + * - Add IWEVREGISTERED & IWEVEXPIRED events for Access Points + * - Add IW_MODE_MONITOR for passive monitor + * + * V15 to V16 + * ---------- + * - Increase the number of bitrates in iw_range to 32 (for 802.11g) + * - Increase the number of frequencies in iw_range to 32 (for 802.11b+a) + * - Reshuffle struct iw_range for increases, add filler + * - Increase IW_MAX_AP to 64 for driver returning a lot of addresses + * - Remove IW_MAX_GET_SPY because conflict with enhanced spy support + * - Add SIOCSIWTHRSPY/SIOCGIWTHRSPY and "struct iw_thrspy" + * - Add IW_ENCODE_TEMP and iw_range->encoding_login_index + * + * V16 to V17 + * ---------- + * - Add flags to frequency -> auto/fixed + * - Document (struct iw_quality *)->updated, add new flags (INVALID) + * - Wireless Event capability in struct iw_range + * - Add support for relative TxPower (yick !) + * + * V17 to V18 (From Jouni Malinen ) + * ---------- + * - Add support for WPA/WPA2 + * - Add extended encoding configuration (SIOCSIWENCODEEXT and + * SIOCGIWENCODEEXT) + * - Add SIOCSIWGENIE/SIOCGIWGENIE + * - Add SIOCSIWMLME + * - Add SIOCSIWPMKSA + * - Add struct iw_range bit field for supported encoding capabilities + * - Add optional scan request parameters for SIOCSIWSCAN + * - Add SIOCSIWAUTH/SIOCGIWAUTH for setting authentication and WPA + * related parameters (extensible up to 4096 parameter values) + * - Add wireless events: IWEVGENIE, IWEVMICHAELMICFAILURE, + * IWEVASSOCREQIE, IWEVASSOCRESPIE, IWEVPMKIDCAND + * + * V18 to V19 + * ---------- + * - Remove (struct iw_point *)->pointer from events and streams + * - Remove header includes to help user space + * - Increase IW_ENCODING_TOKEN_MAX from 32 to 64 + * - Add IW_QUAL_ALL_UPDATED and IW_QUAL_ALL_INVALID macros + * - Add explicit flag to tell stats are in dBm : IW_QUAL_DBM + * - Add IW_IOCTL_IDX() and IW_EVENT_IDX() macros + */ + +/**************************** CONSTANTS ****************************/ + +/* -------------------------- IOCTL LIST -------------------------- */ + +/* Wireless Identification */ +#define SIOCSIWCOMMIT 0x8B00 /* Commit pending changes to driver */ +#define SIOCGIWNAME 0x8B01 /* get name == wireless protocol */ +/* SIOCGIWNAME is used to verify the presence of Wireless Extensions. + * Common values : "IEEE 802.11-DS", "IEEE 802.11-FH", "IEEE 802.11b"... + * Don't put the name of your driver there, it's useless. */ + +/* Basic operations */ +#define SIOCSIWNWID 0x8B02 /* set network id (pre-802.11) */ +#define SIOCGIWNWID 0x8B03 /* get network id (the cell) */ +#define SIOCSIWFREQ 0x8B04 /* set channel/frequency (Hz) */ +#define SIOCGIWFREQ 0x8B05 /* get channel/frequency (Hz) */ +#define SIOCSIWMODE 0x8B06 /* set operation mode */ +#define SIOCGIWMODE 0x8B07 /* get operation mode */ +#define SIOCSIWSENS 0x8B08 /* set sensitivity (dBm) */ +#define SIOCGIWSENS 0x8B09 /* get sensitivity (dBm) */ + +/* Informative stuff */ +#define SIOCSIWRANGE 0x8B0A /* Unused */ +#define SIOCGIWRANGE 0x8B0B /* Get range of parameters */ +#define SIOCSIWPRIV 0x8B0C /* Unused */ +#define SIOCGIWPRIV 0x8B0D /* get private ioctl interface info */ +#define SIOCSIWSTATS 0x8B0E /* Unused */ +#define SIOCGIWSTATS 0x8B0F /* Get /proc/net/wireless stats */ +/* SIOCGIWSTATS is strictly used between user space and the kernel, and + * is never passed to the driver (i.e. the driver will never see it). */ + +/* Spy support (statistics per MAC address - used for Mobile IP support) */ +#define SIOCSIWSPY 0x8B10 /* set spy addresses */ +#define SIOCGIWSPY 0x8B11 /* get spy info (quality of link) */ +#define SIOCSIWTHRSPY 0x8B12 /* set spy threshold (spy event) */ +#define SIOCGIWTHRSPY 0x8B13 /* get spy threshold */ + +/* Access Point manipulation */ +#define SIOCSIWAP 0x8B14 /* set access point MAC addresses */ +#define SIOCGIWAP 0x8B15 /* get access point MAC addresses */ +#define SIOCGIWAPLIST 0x8B17 /* Deprecated in favor of scanning */ +#define SIOCSIWSCAN 0x8B18 /* trigger scanning (list cells) */ +#define SIOCGIWSCAN 0x8B19 /* get scanning results */ + +/* 802.11 specific support */ +#define SIOCSIWESSID 0x8B1A /* set ESSID (network name) */ +#define SIOCGIWESSID 0x8B1B /* get ESSID */ +#define SIOCSIWNICKN 0x8B1C /* set node name/nickname */ +#define SIOCGIWNICKN 0x8B1D /* get node name/nickname */ +/* As the ESSID and NICKN are strings up to 32 bytes long, it doesn't fit + * within the 'iwreq' structure, so we need to use the 'data' member to + * point to a string in user space, like it is done for RANGE... */ + +/* Other parameters useful in 802.11 and some other devices */ +#define SIOCSIWRATE 0x8B20 /* set default bit rate (bps) */ +#define SIOCGIWRATE 0x8B21 /* get default bit rate (bps) */ +#define SIOCSIWRTS 0x8B22 /* set RTS/CTS threshold (bytes) */ +#define SIOCGIWRTS 0x8B23 /* get RTS/CTS threshold (bytes) */ +#define SIOCSIWFRAG 0x8B24 /* set fragmentation thr (bytes) */ +#define SIOCGIWFRAG 0x8B25 /* get fragmentation thr (bytes) */ +#define SIOCSIWTXPOW 0x8B26 /* set transmit power (dBm) */ +#define SIOCGIWTXPOW 0x8B27 /* get transmit power (dBm) */ +#define SIOCSIWRETRY 0x8B28 /* set retry limits and lifetime */ +#define SIOCGIWRETRY 0x8B29 /* get retry limits and lifetime */ + +/* Encoding stuff (scrambling, hardware security, WEP...) */ +#define SIOCSIWENCODE 0x8B2A /* set encoding token & mode */ +#define SIOCGIWENCODE 0x8B2B /* get encoding token & mode */ +/* Power saving stuff (power management, unicast and multicast) */ +#define SIOCSIWPOWER 0x8B2C /* set Power Management settings */ +#define SIOCGIWPOWER 0x8B2D /* get Power Management settings */ + +/* WPA : Generic IEEE 802.11 informatiom element (e.g., for WPA/RSN/WMM). + * This ioctl uses struct iw_point and data buffer that includes IE id and len + * fields. More than one IE may be included in the request. Setting the generic + * IE to empty buffer (len=0) removes the generic IE from the driver. Drivers + * are allowed to generate their own WPA/RSN IEs, but in these cases, drivers + * are required to report the used IE as a wireless event, e.g., when + * associating with an AP. */ +#define SIOCSIWGENIE 0x8B30 /* set generic IE */ +#define SIOCGIWGENIE 0x8B31 /* get generic IE */ + +/* WPA : IEEE 802.11 MLME requests */ +#define SIOCSIWMLME 0x8B16 /* request MLME operation; uses + * struct iw_mlme */ +/* WPA : Authentication mode parameters */ +#define SIOCSIWAUTH 0x8B32 /* set authentication mode params */ +#define SIOCGIWAUTH 0x8B33 /* get authentication mode params */ + +/* WPA : Extended version of encoding configuration */ +#define SIOCSIWENCODEEXT 0x8B34 /* set encoding token & mode */ +#define SIOCGIWENCODEEXT 0x8B35 /* get encoding token & mode */ + +/* WPA2 : PMKSA cache management */ +#define SIOCSIWPMKSA 0x8B36 /* PMKSA cache operation */ + +/* -------------------- DEV PRIVATE IOCTL LIST -------------------- */ + +/* These 32 ioctl are wireless device private, for 16 commands. + * Each driver is free to use them for whatever purpose it chooses, + * however the driver *must* export the description of those ioctls + * with SIOCGIWPRIV and *must* use arguments as defined below. + * If you don't follow those rules, DaveM is going to hate you (reason : + * it make mixed 32/64bit operation impossible). + */ +#define SIOCIWFIRSTPRIV 0x8BE0 +#define SIOCIWLASTPRIV 0x8BFF +/* Previously, we were using SIOCDEVPRIVATE, but we now have our + * separate range because of collisions with other tools such as + * 'mii-tool'. + * We now have 32 commands, so a bit more space ;-). + * Also, all 'odd' commands are only usable by root and don't return the + * content of ifr/iwr to user (but you are not obliged to use the set/get + * convention, just use every other two command). More details in iwpriv.c. + * And I repeat : you are not forced to use them with iwpriv, but you + * must be compliant with it. + */ + +/* ------------------------- IOCTL STUFF ------------------------- */ + +/* The first and the last (range) */ +#define SIOCIWFIRST 0x8B00 +#define SIOCIWLAST SIOCIWLASTPRIV /* 0x8BFF */ +#define IW_IOCTL_IDX(cmd) ((cmd) - SIOCIWFIRST) + +/* Even : get (world access), odd : set (root access) */ +#define IW_IS_SET(cmd) (!((cmd) & 0x1)) +#define IW_IS_GET(cmd) ((cmd) & 0x1) + +/* ----------------------- WIRELESS EVENTS ----------------------- */ +/* Those are *NOT* ioctls, do not issue request on them !!! */ +/* Most events use the same identifier as ioctl requests */ + +#define IWEVTXDROP 0x8C00 /* Packet dropped to excessive retry */ +#define IWEVQUAL 0x8C01 /* Quality part of statistics (scan) */ +#define IWEVCUSTOM 0x8C02 /* Driver specific ascii string */ +#define IWEVREGISTERED 0x8C03 /* Discovered a new node (AP mode) */ +#define IWEVEXPIRED 0x8C04 /* Expired a node (AP mode) */ +#define IWEVGENIE 0x8C05 /* Generic IE (WPA, RSN, WMM, ..) + * (scan results); This includes id and + * length fields. One IWEVGENIE may + * contain more than one IE. Scan + * results may contain one or more + * IWEVGENIE events. */ +#define IWEVMICHAELMICFAILURE 0x8C06 /* Michael MIC failure + * (struct iw_michaelmicfailure) + */ +#define IWEVASSOCREQIE 0x8C07 /* IEs used in (Re)Association Request. + * The data includes id and length + * fields and may contain more than one + * IE. This event is required in + * Managed mode if the driver + * generates its own WPA/RSN IE. This + * should be sent just before + * IWEVREGISTERED event for the + * association. */ +#define IWEVASSOCRESPIE 0x8C08 /* IEs used in (Re)Association + * Response. The data includes id and + * length fields and may contain more + * than one IE. This may be sent + * between IWEVASSOCREQIE and + * IWEVREGISTERED events for the + * association. */ +#define IWEVPMKIDCAND 0x8C09 /* PMKID candidate for RSN + * pre-authentication + * (struct iw_pmkid_cand) */ + +#define IWEVFIRST 0x8C00 +#define IW_EVENT_IDX(cmd) ((cmd) - IWEVFIRST) + +/* ------------------------- PRIVATE INFO ------------------------- */ +/* + * The following is used with SIOCGIWPRIV. It allow a driver to define + * the interface (name, type of data) for its private ioctl. + * Privates ioctl are SIOCIWFIRSTPRIV -> SIOCIWLASTPRIV + */ + +#define IW_PRIV_TYPE_MASK 0x7000 /* Type of arguments */ +#define IW_PRIV_TYPE_NONE 0x0000 +#define IW_PRIV_TYPE_BYTE 0x1000 /* Char as number */ +#define IW_PRIV_TYPE_CHAR 0x2000 /* Char as character */ +#define IW_PRIV_TYPE_INT 0x4000 /* 32 bits int */ +#define IW_PRIV_TYPE_FLOAT 0x5000 /* struct iw_freq */ +#define IW_PRIV_TYPE_ADDR 0x6000 /* struct sockaddr */ + +#define IW_PRIV_SIZE_FIXED 0x0800 /* Variable or fixed number of args */ + +#define IW_PRIV_SIZE_MASK 0x07FF /* Max number of those args */ + +/* + * Note : if the number of args is fixed and the size < 16 octets, + * instead of passing a pointer we will put args in the iwreq struct... + */ + +/* ----------------------- OTHER CONSTANTS ----------------------- */ + +/* Maximum frequencies in the range struct */ +#define IW_MAX_FREQUENCIES 32 +/* Note : if you have something like 80 frequencies, + * don't increase this constant and don't fill the frequency list. + * The user will be able to set by channel anyway... */ + +/* Maximum bit rates in the range struct */ +#define IW_MAX_BITRATES 32 + +/* Maximum tx powers in the range struct */ +#define IW_MAX_TXPOWER 8 +/* Note : if you more than 8 TXPowers, just set the max and min or + * a few of them in the struct iw_range. */ + +/* Maximum of address that you may set with SPY */ +#define IW_MAX_SPY 8 + +/* Maximum of address that you may get in the + list of access points in range */ +#define IW_MAX_AP 64 + +/* Maximum size of the ESSID and NICKN strings */ +#define IW_ESSID_MAX_SIZE 32 + +/* Modes of operation */ +#define IW_MODE_AUTO 0 /* Let the driver decides */ +#define IW_MODE_ADHOC 1 /* Single cell network */ +#define IW_MODE_INFRA 2 /* Multi cell network, roaming, ... */ +#define IW_MODE_MASTER 3 /* Synchronisation master or Access Point */ +#define IW_MODE_REPEAT 4 /* Wireless Repeater (forwarder) */ +#define IW_MODE_SECOND 5 /* Secondary master/repeater (backup) */ +#define IW_MODE_MONITOR 6 /* Passive monitor (listen only) */ + +/* Statistics flags (bitmask in updated) */ +#define IW_QUAL_QUAL_UPDATED 0x01 /* Value was updated since last read */ +#define IW_QUAL_LEVEL_UPDATED 0x02 +#define IW_QUAL_NOISE_UPDATED 0x04 +#define IW_QUAL_ALL_UPDATED 0x07 +#define IW_QUAL_DBM 0x08 /* Level + Noise are dBm */ +#define IW_QUAL_QUAL_INVALID 0x10 /* Driver doesn't provide value */ +#define IW_QUAL_LEVEL_INVALID 0x20 +#define IW_QUAL_NOISE_INVALID 0x40 +#define IW_QUAL_ALL_INVALID 0x70 + +/* Frequency flags */ +#define IW_FREQ_AUTO 0x00 /* Let the driver decides */ +#define IW_FREQ_FIXED 0x01 /* Force a specific value */ + +/* Maximum number of size of encoding token available + * they are listed in the range structure */ +#define IW_MAX_ENCODING_SIZES 8 + +/* Maximum size of the encoding token in bytes */ +#define IW_ENCODING_TOKEN_MAX 64 /* 512 bits (for now) */ + +/* Flags for encoding (along with the token) */ +#define IW_ENCODE_INDEX 0x00FF /* Token index (if needed) */ +#define IW_ENCODE_FLAGS 0xFF00 /* Flags defined below */ +#define IW_ENCODE_MODE 0xF000 /* Modes defined below */ +#define IW_ENCODE_DISABLED 0x8000 /* Encoding disabled */ +#define IW_ENCODE_ENABLED 0x0000 /* Encoding enabled */ +#define IW_ENCODE_RESTRICTED 0x4000 /* Refuse non-encoded packets */ +#define IW_ENCODE_OPEN 0x2000 /* Accept non-encoded packets */ +#define IW_ENCODE_NOKEY 0x0800 /* Key is write only, so not present */ +#define IW_ENCODE_TEMP 0x0400 /* Temporary key */ + +/* Power management flags available (along with the value, if any) */ +#define IW_POWER_ON 0x0000 /* No details... */ +#define IW_POWER_TYPE 0xF000 /* Type of parameter */ +#define IW_POWER_PERIOD 0x1000 /* Value is a period/duration of */ +#define IW_POWER_TIMEOUT 0x2000 /* Value is a timeout (to go asleep) */ +#define IW_POWER_MODE 0x0F00 /* Power Management mode */ +#define IW_POWER_UNICAST_R 0x0100 /* Receive only unicast messages */ +#define IW_POWER_MULTICAST_R 0x0200 /* Receive only multicast messages */ +#define IW_POWER_ALL_R 0x0300 /* Receive all messages though PM */ +#define IW_POWER_FORCE_S 0x0400 /* Force PM procedure for sending unicast */ +#define IW_POWER_REPEATER 0x0800 /* Repeat broadcast messages in PM period */ +#define IW_POWER_MODIFIER 0x000F /* Modify a parameter */ +#define IW_POWER_MIN 0x0001 /* Value is a minimum */ +#define IW_POWER_MAX 0x0002 /* Value is a maximum */ +#define IW_POWER_RELATIVE 0x0004 /* Value is not in seconds/ms/us */ + +/* Transmit Power flags available */ +#define IW_TXPOW_TYPE 0x00FF /* Type of value */ +#define IW_TXPOW_DBM 0x0000 /* Value is in dBm */ +#define IW_TXPOW_MWATT 0x0001 /* Value is in mW */ +#define IW_TXPOW_RELATIVE 0x0002 /* Value is in arbitrary units */ +#define IW_TXPOW_RANGE 0x1000 /* Range of value between min/max */ + +/* Retry limits and lifetime flags available */ +#define IW_RETRY_ON 0x0000 /* No details... */ +#define IW_RETRY_TYPE 0xF000 /* Type of parameter */ +#define IW_RETRY_LIMIT 0x1000 /* Maximum number of retries*/ +#define IW_RETRY_LIFETIME 0x2000 /* Maximum duration of retries in us */ +#define IW_RETRY_MODIFIER 0x000F /* Modify a parameter */ +#define IW_RETRY_MIN 0x0001 /* Value is a minimum */ +#define IW_RETRY_MAX 0x0002 /* Value is a maximum */ +#define IW_RETRY_RELATIVE 0x0004 /* Value is not in seconds/ms/us */ + +/* Scanning request flags */ +#define IW_SCAN_DEFAULT 0x0000 /* Default scan of the driver */ +#define IW_SCAN_ALL_ESSID 0x0001 /* Scan all ESSIDs */ +#define IW_SCAN_THIS_ESSID 0x0002 /* Scan only this ESSID */ +#define IW_SCAN_ALL_FREQ 0x0004 /* Scan all Frequencies */ +#define IW_SCAN_THIS_FREQ 0x0008 /* Scan only this Frequency */ +#define IW_SCAN_ALL_MODE 0x0010 /* Scan all Modes */ +#define IW_SCAN_THIS_MODE 0x0020 /* Scan only this Mode */ +#define IW_SCAN_ALL_RATE 0x0040 /* Scan all Bit-Rates */ +#define IW_SCAN_THIS_RATE 0x0080 /* Scan only this Bit-Rate */ +/* struct iw_scan_req scan_type */ +#define IW_SCAN_TYPE_ACTIVE 0 +#define IW_SCAN_TYPE_PASSIVE 1 +/* Maximum size of returned data */ +#define IW_SCAN_MAX_DATA 4096 /* In bytes */ + +/* Max number of char in custom event - use multiple of them if needed */ +#define IW_CUSTOM_MAX 256 /* In bytes */ + +/* Generic information element */ +#define IW_GENERIC_IE_MAX 1024 + +/* MLME requests (SIOCSIWMLME / struct iw_mlme) */ +#define IW_MLME_DEAUTH 0 +#define IW_MLME_DISASSOC 1 + +/* SIOCSIWAUTH/SIOCGIWAUTH struct iw_param flags */ +#define IW_AUTH_INDEX 0x0FFF +#define IW_AUTH_FLAGS 0xF000 +/* SIOCSIWAUTH/SIOCGIWAUTH parameters (0 .. 4095) + * (IW_AUTH_INDEX mask in struct iw_param flags; this is the index of the + * parameter that is being set/get to; value will be read/written to + * struct iw_param value field) */ +#define IW_AUTH_WPA_VERSION 0 +#define IW_AUTH_CIPHER_PAIRWISE 1 +#define IW_AUTH_CIPHER_GROUP 2 +#define IW_AUTH_KEY_MGMT 3 +#define IW_AUTH_TKIP_COUNTERMEASURES 4 +#define IW_AUTH_DROP_UNENCRYPTED 5 +#define IW_AUTH_80211_AUTH_ALG 6 +#define IW_AUTH_WPA_ENABLED 7 +#define IW_AUTH_RX_UNENCRYPTED_EAPOL 8 +#define IW_AUTH_ROAMING_CONTROL 9 +#define IW_AUTH_PRIVACY_INVOKED 10 + +/* IW_AUTH_WPA_VERSION values (bit field) */ +#define IW_AUTH_WPA_VERSION_DISABLED 0x00000001 +#define IW_AUTH_WPA_VERSION_WPA 0x00000002 +#define IW_AUTH_WPA_VERSION_WPA2 0x00000004 + +/* IW_AUTH_PAIRWISE_CIPHER and IW_AUTH_GROUP_CIPHER values (bit field) */ +#define IW_AUTH_CIPHER_NONE 0x00000001 +#define IW_AUTH_CIPHER_WEP40 0x00000002 +#define IW_AUTH_CIPHER_TKIP 0x00000004 +#define IW_AUTH_CIPHER_CCMP 0x00000008 +#define IW_AUTH_CIPHER_WEP104 0x00000010 + +/* IW_AUTH_KEY_MGMT values (bit field) */ +#define IW_AUTH_KEY_MGMT_802_1X 1 +#define IW_AUTH_KEY_MGMT_PSK 2 + +/* IW_AUTH_80211_AUTH_ALG values (bit field) */ +#define IW_AUTH_ALG_OPEN_SYSTEM 0x00000001 +#define IW_AUTH_ALG_SHARED_KEY 0x00000002 +#define IW_AUTH_ALG_LEAP 0x00000004 + +/* IW_AUTH_ROAMING_CONTROL values */ +#define IW_AUTH_ROAMING_ENABLE 0 /* driver/firmware based roaming */ +#define IW_AUTH_ROAMING_DISABLE 1 /* user space program used for roaming + * control */ + +/* SIOCSIWENCODEEXT definitions */ +#define IW_ENCODE_SEQ_MAX_SIZE 8 +/* struct iw_encode_ext ->alg */ +#define IW_ENCODE_ALG_NONE 0 +#define IW_ENCODE_ALG_WEP 1 +#define IW_ENCODE_ALG_TKIP 2 +#define IW_ENCODE_ALG_CCMP 3 +/* struct iw_encode_ext ->ext_flags */ +#define IW_ENCODE_EXT_TX_SEQ_VALID 0x00000001 +#define IW_ENCODE_EXT_RX_SEQ_VALID 0x00000002 +#define IW_ENCODE_EXT_GROUP_KEY 0x00000004 +#define IW_ENCODE_EXT_SET_TX_KEY 0x00000008 + +/* IWEVMICHAELMICFAILURE : struct iw_michaelmicfailure ->flags */ +#define IW_MICFAILURE_KEY_ID 0x00000003 /* Key ID 0..3 */ +#define IW_MICFAILURE_GROUP 0x00000004 +#define IW_MICFAILURE_PAIRWISE 0x00000008 +#define IW_MICFAILURE_STAKEY 0x00000010 +#define IW_MICFAILURE_COUNT 0x00000060 /* 1 or 2 (0 = count not supported) + */ + +/* Bit field values for enc_capa in struct iw_range */ +#define IW_ENC_CAPA_WPA 0x00000001 +#define IW_ENC_CAPA_WPA2 0x00000002 +#define IW_ENC_CAPA_CIPHER_TKIP 0x00000004 +#define IW_ENC_CAPA_CIPHER_CCMP 0x00000008 + +/* Event capability macros - in (struct iw_range *)->event_capa + * Because we have more than 32 possible events, we use an array of + * 32 bit bitmasks. Note : 32 bits = 0x20 = 2^5. */ +#define IW_EVENT_CAPA_BASE(cmd) ((cmd >= SIOCIWFIRSTPRIV) ? \ + (cmd - SIOCIWFIRSTPRIV + 0x60) : \ + (cmd - SIOCSIWCOMMIT)) +#define IW_EVENT_CAPA_INDEX(cmd) (IW_EVENT_CAPA_BASE(cmd) >> 5) +#define IW_EVENT_CAPA_MASK(cmd) (1 << (IW_EVENT_CAPA_BASE(cmd) & 0x1F)) +/* Event capability constants - event autogenerated by the kernel + * This list is valid for most 802.11 devices, customise as needed... */ +#define IW_EVENT_CAPA_K_0 (IW_EVENT_CAPA_MASK(0x8B04) | \ + IW_EVENT_CAPA_MASK(0x8B06) | \ + IW_EVENT_CAPA_MASK(0x8B1A)) +#define IW_EVENT_CAPA_K_1 (IW_EVENT_CAPA_MASK(0x8B2A)) +/* "Easy" macro to set events in iw_range (less efficient) */ +#define IW_EVENT_CAPA_SET(event_capa, cmd) (event_capa[IW_EVENT_CAPA_INDEX(cmd)] |= IW_EVENT_CAPA_MASK(cmd)) +#define IW_EVENT_CAPA_SET_KERNEL(event_capa) {event_capa[0] |= IW_EVENT_CAPA_K_0; event_capa[1] |= IW_EVENT_CAPA_K_1; } + + +/****************************** TYPES ******************************/ + +/* --------------------------- SUBTYPES --------------------------- */ +/* + * Generic format for most parameters that fit in an int + */ +struct iw_param +{ + __s32 value; /* The value of the parameter itself */ + __u8 fixed; /* Hardware should not use auto select */ + __u8 disabled; /* Disable the feature */ + __u16 flags; /* Various specifc flags (if any) */ +}; + +/* + * For all data larger than 16 octets, we need to use a + * pointer to memory allocated in user space. + */ +struct iw_point +{ + void __user *pointer; /* Pointer to the data (in user space) */ + __u16 length; /* number of fields or size in bytes */ + __u16 flags; /* Optional params */ +}; + +/* + * A frequency + * For numbers lower than 10^9, we encode the number in 'm' and + * set 'e' to 0 + * For number greater than 10^9, we divide it by the lowest power + * of 10 to get 'm' lower than 10^9, with 'm'= f / (10^'e')... + * The power of 10 is in 'e', the result of the division is in 'm'. + */ +struct iw_freq +{ + __s32 m; /* Mantissa */ + __s16 e; /* Exponent */ + __u8 i; /* List index (when in range struct) */ + __u8 flags; /* Flags (fixed/auto) */ +}; + +/* + * Quality of the link + */ +struct iw_quality +{ + __u8 qual; /* link quality (%retries, SNR, + %missed beacons or better...) */ + __u8 level; /* signal level (dBm) */ + __u8 noise; /* noise level (dBm) */ + __u8 updated; /* Flags to know if updated */ +}; + +/* + * Packet discarded in the wireless adapter due to + * "wireless" specific problems... + * Note : the list of counter and statistics in net_device_stats + * is already pretty exhaustive, and you should use that first. + * This is only additional stats... + */ +struct iw_discarded +{ + __u32 nwid; /* Rx : Wrong nwid/essid */ + __u32 code; /* Rx : Unable to code/decode (WEP) */ + __u32 fragment; /* Rx : Can't perform MAC reassembly */ + __u32 retries; /* Tx : Max MAC retries num reached */ + __u32 misc; /* Others cases */ +}; + +/* + * Packet/Time period missed in the wireless adapter due to + * "wireless" specific problems... + */ +struct iw_missed +{ + __u32 beacon; /* Missed beacons/superframe */ +}; + +/* + * Quality range (for spy threshold) + */ +struct iw_thrspy +{ + struct sockaddr addr; /* Source address (hw/mac) */ + struct iw_quality qual; /* Quality of the link */ + struct iw_quality low; /* Low threshold */ + struct iw_quality high; /* High threshold */ +}; + +/* + * Optional data for scan request + * + * Note: these optional parameters are controlling parameters for the + * scanning behavior, these do not apply to getting scan results + * (SIOCGIWSCAN). Drivers are expected to keep a local BSS table and + * provide a merged results with all BSSes even if the previous scan + * request limited scanning to a subset, e.g., by specifying an SSID. + * Especially, scan results are required to include an entry for the + * current BSS if the driver is in Managed mode and associated with an AP. + */ +struct iw_scan_req +{ + __u8 scan_type; /* IW_SCAN_TYPE_{ACTIVE,PASSIVE} */ + __u8 essid_len; + __u8 num_channels; /* num entries in channel_list; + * 0 = scan all allowed channels */ + __u8 flags; /* reserved as padding; use zero, this may + * be used in the future for adding flags + * to request different scan behavior */ + struct sockaddr bssid; /* ff:ff:ff:ff:ff:ff for broadcast BSSID or + * individual address of a specific BSS */ + + /* + * Use this ESSID if IW_SCAN_THIS_ESSID flag is used instead of using + * the current ESSID. This allows scan requests for specific ESSID + * without having to change the current ESSID and potentially breaking + * the current association. + */ + __u8 essid[IW_ESSID_MAX_SIZE]; + + /* + * Optional parameters for changing the default scanning behavior. + * These are based on the MLME-SCAN.request from IEEE Std 802.11. + * TU is 1.024 ms. If these are set to 0, driver is expected to use + * reasonable default values. min_channel_time defines the time that + * will be used to wait for the first reply on each channel. If no + * replies are received, next channel will be scanned after this. If + * replies are received, total time waited on the channel is defined by + * max_channel_time. + */ + __u32 min_channel_time; /* in TU */ + __u32 max_channel_time; /* in TU */ + + struct iw_freq channel_list[IW_MAX_FREQUENCIES]; +}; + +/* ------------------------- WPA SUPPORT ------------------------- */ + +/* + * Extended data structure for get/set encoding (this is used with + * SIOCSIWENCODEEXT/SIOCGIWENCODEEXT. struct iw_point and IW_ENCODE_* + * flags are used in the same way as with SIOCSIWENCODE/SIOCGIWENCODE and + * only the data contents changes (key data -> this structure, including + * key data). + * + * If the new key is the first group key, it will be set as the default + * TX key. Otherwise, default TX key index is only changed if + * IW_ENCODE_EXT_SET_TX_KEY flag is set. + * + * Key will be changed with SIOCSIWENCODEEXT in all cases except for + * special "change TX key index" operation which is indicated by setting + * key_len = 0 and ext_flags |= IW_ENCODE_EXT_SET_TX_KEY. + * + * tx_seq/rx_seq are only used when respective + * IW_ENCODE_EXT_{TX,RX}_SEQ_VALID flag is set in ext_flags. Normal + * TKIP/CCMP operation is to set RX seq with SIOCSIWENCODEEXT and start + * TX seq from zero whenever key is changed. SIOCGIWENCODEEXT is normally + * used only by an Authenticator (AP or an IBSS station) to get the + * current TX sequence number. Using TX_SEQ_VALID for SIOCSIWENCODEEXT and + * RX_SEQ_VALID for SIOCGIWENCODEEXT are optional, but can be useful for + * debugging/testing. + */ +struct iw_encode_ext +{ + __u32 ext_flags; /* IW_ENCODE_EXT_* */ + __u8 tx_seq[IW_ENCODE_SEQ_MAX_SIZE]; /* LSB first */ + __u8 rx_seq[IW_ENCODE_SEQ_MAX_SIZE]; /* LSB first */ + struct sockaddr addr; /* ff:ff:ff:ff:ff:ff for broadcast/multicast + * (group) keys or unicast address for + * individual keys */ + __u16 alg; /* IW_ENCODE_ALG_* */ + __u16 key_len; + __u8 key[0]; +}; + +/* SIOCSIWMLME data */ +struct iw_mlme +{ + __u16 cmd; /* IW_MLME_* */ + __u16 reason_code; + struct sockaddr addr; +}; + +/* SIOCSIWPMKSA data */ +#define IW_PMKSA_ADD 1 +#define IW_PMKSA_REMOVE 2 +#define IW_PMKSA_FLUSH 3 + +#define IW_PMKID_LEN 16 + +struct iw_pmksa +{ + __u32 cmd; /* IW_PMKSA_* */ + struct sockaddr bssid; + __u8 pmkid[IW_PMKID_LEN]; +}; + +/* IWEVMICHAELMICFAILURE data */ +struct iw_michaelmicfailure +{ + __u32 flags; + struct sockaddr src_addr; + __u8 tsc[IW_ENCODE_SEQ_MAX_SIZE]; /* LSB first */ +}; + +/* IWEVPMKIDCAND data */ +#define IW_PMKID_CAND_PREAUTH 0x00000001 /* RNS pre-authentication enabled */ +struct iw_pmkid_cand +{ + __u32 flags; /* IW_PMKID_CAND_* */ + __u32 index; /* the smaller the index, the higher the + * priority */ + struct sockaddr bssid; +}; + +/* ------------------------ WIRELESS STATS ------------------------ */ +/* + * Wireless statistics (used for /proc/net/wireless) + */ +struct iw_statistics +{ + __u16 status; /* Status + * - device dependent for now */ + + struct iw_quality qual; /* Quality of the link + * (instant/mean/max) */ + struct iw_discarded discard; /* Packet discarded counts */ + struct iw_missed miss; /* Packet missed counts */ +}; + +/* ------------------------ IOCTL REQUEST ------------------------ */ +/* + * This structure defines the payload of an ioctl, and is used + * below. + * + * Note that this structure should fit on the memory footprint + * of iwreq (which is the same as ifreq), which mean a max size of + * 16 octets = 128 bits. Warning, pointers might be 64 bits wide... + * You should check this when increasing the structures defined + * above in this file... + */ +union iwreq_data +{ + /* Config - generic */ + char name[IFNAMSIZ]; + /* Name : used to verify the presence of wireless extensions. + * Name of the protocol/provider... */ + + struct iw_point essid; /* Extended network name */ + struct iw_param nwid; /* network id (or domain - the cell) */ + struct iw_freq freq; /* frequency or channel : + * 0-1000 = channel + * > 1000 = frequency in Hz */ + + struct iw_param sens; /* signal level threshold */ + struct iw_param bitrate; /* default bit rate */ + struct iw_param txpower; /* default transmit power */ + struct iw_param rts; /* RTS threshold threshold */ + struct iw_param frag; /* Fragmentation threshold */ + __u32 mode; /* Operation mode */ + struct iw_param retry; /* Retry limits & lifetime */ + + struct iw_point encoding; /* Encoding stuff : tokens */ + struct iw_param power; /* PM duration/timeout */ + struct iw_quality qual; /* Quality part of statistics */ + + struct sockaddr ap_addr; /* Access point address */ + struct sockaddr addr; /* Destination address (hw/mac) */ + + struct iw_param param; /* Other small parameters */ + struct iw_point data; /* Other large parameters */ +}; + +/* + * The structure to exchange data for ioctl. + * This structure is the same as 'struct ifreq', but (re)defined for + * convenience... + * Do I need to remind you about structure size (32 octets) ? + */ +struct iwreq +{ + union + { + char ifrn_name[IFNAMSIZ]; /* if name, e.g. "eth0" */ + } ifr_ifrn; + + /* Data part (defined just above) */ + union iwreq_data u; +}; + +/* -------------------------- IOCTL DATA -------------------------- */ +/* + * For those ioctl which want to exchange mode data that what could + * fit in the above structure... + */ + +/* + * Range of parameters + */ + +struct iw_range +{ + /* Informative stuff (to choose between different interface) */ + __u32 throughput; /* To give an idea... */ + /* In theory this value should be the maximum benchmarked + * TCP/IP throughput, because with most of these devices the + * bit rate is meaningless (overhead an co) to estimate how + * fast the connection will go and pick the fastest one. + * I suggest people to play with Netperf or any benchmark... + */ + + /* NWID (or domain id) */ + __u32 min_nwid; /* Minimal NWID we are able to set */ + __u32 max_nwid; /* Maximal NWID we are able to set */ + + /* Old Frequency (backward compat - moved lower ) */ + __u16 old_num_channels; + __u8 old_num_frequency; + + /* Wireless event capability bitmasks */ + __u32 event_capa[6]; + + /* signal level threshold range */ + __s32 sensitivity; + + /* Quality of link & SNR stuff */ + /* Quality range (link, level, noise) + * If the quality is absolute, it will be in the range [0 ; max_qual], + * if the quality is dBm, it will be in the range [max_qual ; 0]. + * Don't forget that we use 8 bit arithmetics... */ + struct iw_quality max_qual; /* Quality of the link */ + /* This should contain the average/typical values of the quality + * indicator. This should be the threshold between a "good" and + * a "bad" link (example : monitor going from green to orange). + * Currently, user space apps like quality monitors don't have any + * way to calibrate the measurement. With this, they can split + * the range between 0 and max_qual in different quality level + * (using a geometric subdivision centered on the average). + * I expect that people doing the user space apps will feedback + * us on which value we need to put in each driver... */ + struct iw_quality avg_qual; /* Quality of the link */ + + /* Rates */ + __u8 num_bitrates; /* Number of entries in the list */ + __s32 bitrate[IW_MAX_BITRATES]; /* list, in bps */ + + /* RTS threshold */ + __s32 min_rts; /* Minimal RTS threshold */ + __s32 max_rts; /* Maximal RTS threshold */ + + /* Frag threshold */ + __s32 min_frag; /* Minimal frag threshold */ + __s32 max_frag; /* Maximal frag threshold */ + + /* Power Management duration & timeout */ + __s32 min_pmp; /* Minimal PM period */ + __s32 max_pmp; /* Maximal PM period */ + __s32 min_pmt; /* Minimal PM timeout */ + __s32 max_pmt; /* Maximal PM timeout */ + __u16 pmp_flags; /* How to decode max/min PM period */ + __u16 pmt_flags; /* How to decode max/min PM timeout */ + __u16 pm_capa; /* What PM options are supported */ + + /* Encoder stuff */ + __u16 encoding_size[IW_MAX_ENCODING_SIZES]; /* Different token sizes */ + __u8 num_encoding_sizes; /* Number of entry in the list */ + __u8 max_encoding_tokens; /* Max number of tokens */ + /* For drivers that need a "login/passwd" form */ + __u8 encoding_login_index; /* token index for login token */ + + /* Transmit power */ + __u16 txpower_capa; /* What options are supported */ + __u8 num_txpower; /* Number of entries in the list */ + __s32 txpower[IW_MAX_TXPOWER]; /* list, in bps */ + + /* Wireless Extension version info */ + __u8 we_version_compiled; /* Must be WIRELESS_EXT */ + __u8 we_version_source; /* Last update of source */ + + /* Retry limits and lifetime */ + __u16 retry_capa; /* What retry options are supported */ + __u16 retry_flags; /* How to decode max/min retry limit */ + __u16 r_time_flags; /* How to decode max/min retry life */ + __s32 min_retry; /* Minimal number of retries */ + __s32 max_retry; /* Maximal number of retries */ + __s32 min_r_time; /* Minimal retry lifetime */ + __s32 max_r_time; /* Maximal retry lifetime */ + + /* Frequency */ + __u16 num_channels; /* Number of channels [0; num - 1] */ + __u8 num_frequency; /* Number of entry in the list */ + struct iw_freq freq[IW_MAX_FREQUENCIES]; /* list */ + /* Note : this frequency list doesn't need to fit channel numbers, + * because each entry contain its channel index */ + + __u32 enc_capa; /* IW_ENC_CAPA_* bit field */ +}; + +/* + * Private ioctl interface information + */ + +struct iw_priv_args +{ + __u32 cmd; /* Number of the ioctl to issue */ + __u16 set_args; /* Type and number of args */ + __u16 get_args; /* Type and number of args */ + char name[IFNAMSIZ]; /* Name of the extension */ +}; + +/* ----------------------- WIRELESS EVENTS ----------------------- */ +/* + * Wireless events are carried through the rtnetlink socket to user + * space. They are encapsulated in the IFLA_WIRELESS field of + * a RTM_NEWLINK message. + */ + +/* + * A Wireless Event. Contains basically the same data as the ioctl... + */ +struct iw_event +{ + __u16 len; /* Real lenght of this stuff */ + __u16 cmd; /* Wireless IOCTL */ + union iwreq_data u; /* IOCTL fixed payload */ +}; + +/* Size of the Event prefix (including padding and alignement junk) */ +#define IW_EV_LCP_LEN (sizeof(struct iw_event) - sizeof(union iwreq_data)) +/* Size of the various events */ +#define IW_EV_CHAR_LEN (IW_EV_LCP_LEN + IFNAMSIZ) +#define IW_EV_UINT_LEN (IW_EV_LCP_LEN + sizeof(__u32)) +#define IW_EV_FREQ_LEN (IW_EV_LCP_LEN + sizeof(struct iw_freq)) +#define IW_EV_PARAM_LEN (IW_EV_LCP_LEN + sizeof(struct iw_param)) +#define IW_EV_ADDR_LEN (IW_EV_LCP_LEN + sizeof(struct sockaddr)) +#define IW_EV_QUAL_LEN (IW_EV_LCP_LEN + sizeof(struct iw_quality)) + +/* iw_point events are special. First, the payload (extra data) come at + * the end of the event, so they are bigger than IW_EV_POINT_LEN. Second, + * we omit the pointer, so start at an offset. */ +#define IW_EV_POINT_OFF (((char *) &(((struct iw_point *) NULL)->length)) - \ + (char *) NULL) +#define IW_EV_POINT_LEN (IW_EV_LCP_LEN + sizeof(struct iw_point) - \ + IW_EV_POINT_OFF) + +#endif /* _LINUX_WIRELESS_H */ diff --git a/contrib/hostapd-0.5.8/wme.c b/contrib/hostapd-0.5.8/wme.c new file mode 100644 index 0000000000..8be740f7e4 --- /dev/null +++ b/contrib/hostapd-0.5.8/wme.c @@ -0,0 +1,260 @@ +/* + * hostapd / WMM (Wi-Fi Multimedia) + * Copyright 2002-2003, Instant802 Networks, Inc. + * Copyright 2005-2006, Devicescape Software, Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#include "hostapd.h" +#include "ieee802_11.h" +#include "wme.h" +#include "sta_info.h" +#include "driver.h" + + +/* TODO: maintain separate sequence and fragment numbers for each AC + * TODO: IGMP snooping to track which multicasts to forward - and use QOS-DATA + * if only WME stations are receiving a certain group */ + + +static u8 wme_oui[3] = { 0x00, 0x50, 0xf2 }; + + +/* Add WME Parameter Element to Beacon and Probe Response frames. */ +u8 * hostapd_eid_wme(struct hostapd_data *hapd, u8 *eid) +{ + u8 *pos = eid; + struct wme_parameter_element *wme = + (struct wme_parameter_element *) (pos + 2); + int e; + + if (!hapd->conf->wme_enabled) + return eid; + eid[0] = WLAN_EID_VENDOR_SPECIFIC; + wme->oui[0] = 0x00; + wme->oui[1] = 0x50; + wme->oui[2] = 0xf2; + wme->oui_type = WME_OUI_TYPE; + wme->oui_subtype = WME_OUI_SUBTYPE_PARAMETER_ELEMENT; + wme->version = WME_VERSION; + wme->acInfo = hapd->parameter_set_count & 0xf; + + /* fill in a parameter set record for each AC */ + for (e = 0; e < 4; e++) { + struct wme_ac_parameter *ac = &wme->ac[e]; + struct hostapd_wme_ac_params *acp = + &hapd->iconf->wme_ac_params[e]; + + ac->aifsn = acp->aifs; + ac->acm = acp->admission_control_mandatory; + ac->aci = e; + ac->reserved = 0; + ac->eCWmin = acp->cwmin; + ac->eCWmax = acp->cwmax; + ac->txopLimit = host_to_le16(acp->txopLimit); + } + + pos = (u8 *) (wme + 1); + eid[1] = pos - eid - 2; /* element length */ + + return pos; +} + + +/* This function is called when a station sends an association request with + * WME info element. The function returns zero on success or non-zero on any + * error in WME element. eid does not include Element ID and Length octets. */ +int hostapd_eid_wme_valid(struct hostapd_data *hapd, u8 *eid, size_t len) +{ + struct wme_information_element *wme; + + wpa_hexdump(MSG_MSGDUMP, "WME IE", eid, len); + + if (len < sizeof(struct wme_information_element)) { + printf("Too short WME IE (len=%lu)\n", (unsigned long) len); + return -1; + } + + wme = (struct wme_information_element *) eid; + HOSTAPD_DEBUG(HOSTAPD_DEBUG_MINIMAL, "Validating WME IE: OUI " + "%02x:%02x:%02x OUI type %d OUI sub-type %d " + "version %d\n", + wme->oui[0], wme->oui[1], wme->oui[2], wme->oui_type, + wme->oui_subtype, wme->version); + if (memcmp(wme->oui, wme_oui, sizeof(wme_oui)) != 0 || + wme->oui_type != WME_OUI_TYPE || + wme->oui_subtype != WME_OUI_SUBTYPE_INFORMATION_ELEMENT || + wme->version != WME_VERSION) { + printf("Unsupported WME IE OUI/Type/Subtype/Version\n"); + return -1; + } + + return 0; +} + + +/* This function is called when a station sends an ACK frame for an AssocResp + * frame (status=success) and the matching AssocReq contained a WME element. + */ +int hostapd_wme_sta_config(struct hostapd_data *hapd, struct sta_info *sta) +{ + /* update kernel STA data for WME related items (WLAN_STA_WPA flag) */ + if (sta->flags & WLAN_STA_WME) + hostapd_sta_set_flags(hapd, sta->addr, WLAN_STA_WME, ~0); + else + hostapd_sta_set_flags(hapd, sta->addr, 0, ~WLAN_STA_WME); + + return 0; +} + + +static void wme_send_action(struct hostapd_data *hapd, const u8 *addr, + const struct wme_tspec_info_element *tspec, + u8 action_code, u8 dialogue_token, u8 status_code) +{ + u8 buf[256]; + struct ieee80211_mgmt *m = (struct ieee80211_mgmt *) buf; + struct wme_tspec_info_element *t = + (struct wme_tspec_info_element *) + m->u.action.u.wme_action.variable; + int len; + + hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_DEBUG, + "action response - reason %d", status_code); + memset(buf, 0, sizeof(buf)); + m->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, + WLAN_FC_STYPE_ACTION); + memcpy(m->da, addr, ETH_ALEN); + memcpy(m->sa, hapd->own_addr, ETH_ALEN); + memcpy(m->bssid, hapd->own_addr, ETH_ALEN); + m->u.action.category = WME_ACTION_CATEGORY; + m->u.action.u.wme_action.action_code = action_code; + m->u.action.u.wme_action.dialog_token = dialogue_token; + m->u.action.u.wme_action.status_code = status_code; + memcpy(t, tspec, sizeof(struct wme_tspec_info_element)); + len = ((u8 *) (t + 1)) - buf; + + if (hostapd_send_mgmt_frame(hapd, m, len, 0) < 0) + perror("wme_send_action: send"); +} + + +/* given frame data payload size in bytes, and data_rate in bits per second + * returns time to complete frame exchange */ +/* FIX: should not use floating point types */ +static double wme_frame_exchange_time(int bytes, int data_rate, int encryption, + int cts_protection) +{ + /* TODO: account for MAC/PHY headers correctly */ + /* TODO: account for encryption headers */ + /* TODO: account for WDS headers */ + /* TODO: account for CTS protection */ + /* TODO: account for SIFS + ACK at minimum PHY rate */ + return (bytes + 400) * 8.0 / data_rate; +} + + +static void wme_setup_request(struct hostapd_data *hapd, + struct ieee80211_mgmt *mgmt, + struct wme_tspec_info_element *tspec, size_t len) +{ + /* FIX: should not use floating point types */ + double medium_time, pps; + + /* TODO: account for airtime and answer no to tspec setup requests + * when none left!! */ + + pps = (tspec->mean_data_rate / 8.0) / tspec->nominal_msdu_size; + medium_time = (tspec->surplus_bandwidth_allowance / 8) * pps * + wme_frame_exchange_time(tspec->nominal_msdu_size, + tspec->minimum_phy_rate, 0, 0); + tspec->medium_time = medium_time * 1000000.0 / 32.0; + + wme_send_action(hapd, mgmt->sa, tspec, WME_ACTION_CODE_SETUP_RESPONSE, + mgmt->u.action.u.wme_action.dialog_token, + WME_SETUP_RESPONSE_STATUS_ADMISSION_ACCEPTED); +} + + +void hostapd_wme_action(struct hostapd_data *hapd, struct ieee80211_mgmt *mgmt, + size_t len) +{ + int action_code; + int left = len - IEEE80211_HDRLEN - 4; + u8 *pos = ((u8 *) mgmt) + IEEE80211_HDRLEN + 4; + struct ieee802_11_elems elems; + struct sta_info *sta = ap_get_sta(hapd, mgmt->sa); + + /* check that the request comes from a valid station */ + if (!sta || + (sta->flags & (WLAN_STA_ASSOC | WLAN_STA_WME)) != + (WLAN_STA_ASSOC | WLAN_STA_WME)) { + hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_DEBUG, + "wme action received is not from associated wme" + " station"); + /* TODO: respond with action frame refused status code */ + return; + } + + /* extract the tspec info element */ + if (ieee802_11_parse_elems(hapd, pos, left, &elems, 1) == ParseFailed) + { + hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_DEBUG, + "hostapd_wme_action - could not parse wme " + "action"); + /* TODO: respond with action frame invalid parameters status + * code */ + return; + } + + if (!elems.wme_tspec || + elems.wme_tspec_len != (sizeof(struct wme_tspec_info_element) - 2)) + { + hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_DEBUG, + "hostapd_wme_action - missing or wrong length " + "tspec"); + /* TODO: respond with action frame invalid parameters status + * code */ + return; + } + + /* TODO: check the request is for an AC with ACM set, if not, refuse + * request */ + + action_code = mgmt->u.action.u.wme_action.action_code; + switch (action_code) { + case WME_ACTION_CODE_SETUP_REQUEST: + wme_setup_request(hapd, mgmt, (struct wme_tspec_info_element *) + elems.wme_tspec, len); + return; +#if 0 + /* TODO: needed for client implementation */ + case WME_ACTION_CODE_SETUP_RESPONSE: + wme_setup_request(hapd, mgmt, len); + return; + /* TODO: handle station teardown requests */ + case WME_ACTION_CODE_TEARDOWN: + wme_teardown(hapd, mgmt, len); + return; +#endif + } + + hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_DEBUG, + "hostapd_wme_action - unknown action code %d", + action_code); +} diff --git a/contrib/hostapd-0.5.8/wme.h b/contrib/hostapd-0.5.8/wme.h new file mode 100644 index 0000000000..8c208832e5 --- /dev/null +++ b/contrib/hostapd-0.5.8/wme.h @@ -0,0 +1,146 @@ +/* + * hostapd / WMM (Wi-Fi Multimedia) + * Copyright 2002-2003, Instant802 Networks, Inc. + * Copyright 2005-2006, Devicescape Software, Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef WME_H +#define WME_H + +#ifdef __linux__ +#include +#endif /* __linux__ */ + +#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__DragonFly__) +#include +#include +#endif /* defined(__FreeBSD__) || defined(__NetBSD__) || + * defined(__DragonFly__) */ + +#define WME_OUI_TYPE 2 +#define WME_OUI_SUBTYPE_INFORMATION_ELEMENT 0 +#define WME_OUI_SUBTYPE_PARAMETER_ELEMENT 1 +#define WME_OUI_SUBTYPE_TSPEC_ELEMENT 2 +#define WME_VERSION 1 + +#define WME_ACTION_CATEGORY 17 +#define WME_ACTION_CODE_SETUP_REQUEST 0 +#define WME_ACTION_CODE_SETUP_RESPONSE 1 +#define WME_ACTION_CODE_TEARDOWN 2 + +#define WME_SETUP_RESPONSE_STATUS_ADMISSION_ACCEPTED 0 +#define WME_SETUP_RESPONSE_STATUS_INVALID_PARAMETERS 1 +#define WME_SETUP_RESPONSE_STATUS_REFUSED 3 + +#define WME_TSPEC_DIRECTION_UPLINK 0 +#define WME_TSPEC_DIRECTION_DOWNLINK 1 +#define WME_TSPEC_DIRECTION_BI_DIRECTIONAL 3 + +extern inline u16 tsinfo(int tag1d, int contention_based, int direction) +{ + return (tag1d << 11) | (contention_based << 7) | (direction << 5) | + (tag1d << 1); +} + + +struct wme_information_element { + /* required fields for WME version 1 */ + u8 oui[3]; + u8 oui_type; + u8 oui_subtype; + u8 version; + u8 acInfo; + +} __attribute__ ((packed)); + +struct wme_ac_parameter { +#if __BYTE_ORDER == __LITTLE_ENDIAN + /* byte 1 */ + u8 aifsn:4, + acm:1, + aci:2, + reserved:1; + + /* byte 2 */ + u8 eCWmin:4, + eCWmax:4; +#elif __BYTE_ORDER == __BIG_ENDIAN + /* byte 1 */ + u8 reserved:1, + aci:2, + acm:1, + aifsn:4; + + /* byte 2 */ + u8 eCWmax:4, + eCWmin:4; +#else +#error "Please fix " +#endif + + /* bytes 3 & 4 */ + u16 txopLimit; +} __attribute__ ((packed)); + +struct wme_parameter_element { + /* required fields for WME version 1 */ + u8 oui[3]; + u8 oui_type; + u8 oui_subtype; + u8 version; + u8 acInfo; + u8 reserved; + struct wme_ac_parameter ac[4]; + +} __attribute__ ((packed)); + +struct wme_tspec_info_element { + u8 eid; + u8 length; + u8 oui[3]; + u8 oui_type; + u8 oui_subtype; + u8 version; + u16 ts_info; + u16 nominal_msdu_size; + u16 maximum_msdu_size; + u32 minimum_service_interval; + u32 maximum_service_interval; + u32 inactivity_interval; + u32 start_time; + u32 minimum_data_rate; + u32 mean_data_rate; + u32 maximum_burst_size; + u32 minimum_phy_rate; + u32 peak_data_rate; + u32 delay_bound; + u16 surplus_bandwidth_allowance; + u16 medium_time; +} __attribute__ ((packed)); + + +/* Access Categories */ +enum { + WME_AC_BK = 1, + WME_AC_BE = 0, + WME_AC_VI = 2, + WME_AC_VO = 3 +}; + + +u8 * hostapd_eid_wme(struct hostapd_data *hapd, u8 *eid); +int hostapd_eid_wme_valid(struct hostapd_data *hapd, u8 *eid, size_t len); +int hostapd_wme_sta_config(struct hostapd_data *hapd, struct sta_info *sta); +void hostapd_wme_action(struct hostapd_data *hapd, struct ieee80211_mgmt *mgmt, + size_t len); + +#endif /* WME_H */ diff --git a/contrib/hostapd-0.5.8/wpa.c b/contrib/hostapd-0.5.8/wpa.c new file mode 100644 index 0000000000..1f66a3e564 --- /dev/null +++ b/contrib/hostapd-0.5.8/wpa.c @@ -0,0 +1,3794 @@ +/* + * hostapd - IEEE 802.11i-2004 / WPA Authenticator + * Copyright (c) 2004-2007, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#ifndef CONFIG_NATIVE_WINDOWS + +#include "hostapd.h" +#include "eapol_sm.h" +#include "wpa.h" +#include "wme.h" +#include "sha1.h" +#include "md5.h" +#include "rc4.h" +#include "aes_wrap.h" +#include "crypto.h" +#include "eloop.h" +#include "ieee802_11.h" +#include "pmksa_cache.h" +#include "state_machine.h" + +#define STATE_MACHINE_DATA struct wpa_state_machine +#define STATE_MACHINE_DEBUG_PREFIX "WPA" +#define STATE_MACHINE_ADDR sm->addr + + +#define RSN_NUM_REPLAY_COUNTERS_1 0 +#define RSN_NUM_REPLAY_COUNTERS_2 1 +#define RSN_NUM_REPLAY_COUNTERS_4 2 +#define RSN_NUM_REPLAY_COUNTERS_16 3 + + +struct wpa_group; + +struct wpa_stsl_negotiation { + struct wpa_stsl_negotiation *next; + u8 initiator[ETH_ALEN]; + u8 peer[ETH_ALEN]; +}; + + +struct wpa_state_machine { + struct wpa_authenticator *wpa_auth; + struct wpa_group *group; + + u8 addr[ETH_ALEN]; + + enum { + WPA_PTK_INITIALIZE, WPA_PTK_DISCONNECT, WPA_PTK_DISCONNECTED, + WPA_PTK_AUTHENTICATION, WPA_PTK_AUTHENTICATION2, + WPA_PTK_INITPMK, WPA_PTK_INITPSK, WPA_PTK_PTKSTART, + WPA_PTK_PTKCALCNEGOTIATING, WPA_PTK_PTKCALCNEGOTIATING2, + WPA_PTK_PTKINITNEGOTIATING, WPA_PTK_PTKINITDONE + } wpa_ptk_state; + + enum { + WPA_PTK_GROUP_IDLE = 0, + WPA_PTK_GROUP_REKEYNEGOTIATING, + WPA_PTK_GROUP_REKEYESTABLISHED, + WPA_PTK_GROUP_KEYERROR + } wpa_ptk_group_state; + + Boolean Init; + Boolean DeauthenticationRequest; + Boolean AuthenticationRequest; + Boolean ReAuthenticationRequest; + Boolean Disconnect; + int TimeoutCtr; + int GTimeoutCtr; + Boolean TimeoutEvt; + Boolean EAPOLKeyReceived; + Boolean EAPOLKeyPairwise; + Boolean EAPOLKeyRequest; + Boolean MICVerified; + Boolean GUpdateStationKeys; + u8 ANonce[WPA_NONCE_LEN]; + u8 SNonce[WPA_NONCE_LEN]; + u8 PMK[WPA_PMK_LEN]; + struct wpa_ptk PTK; + Boolean PTK_valid; + Boolean pairwise_set; + int keycount; + Boolean Pair; + u8 key_replay_counter[WPA_REPLAY_COUNTER_LEN]; + Boolean key_replay_counter_valid; + Boolean PInitAKeys; /* WPA only, not in IEEE 802.11i */ + Boolean PTKRequest; /* not in IEEE 802.11i state machine */ + Boolean has_GTK; + + u8 *last_rx_eapol_key; /* starting from IEEE 802.1X header */ + size_t last_rx_eapol_key_len; + + unsigned int changed:1; + unsigned int in_step_loop:1; + unsigned int pending_deinit:1; + unsigned int started:1; + unsigned int sta_counted:1; + unsigned int mgmt_frame_prot:1; + + u8 req_replay_counter[WPA_REPLAY_COUNTER_LEN]; + int req_replay_counter_used; + + u8 *wpa_ie; + size_t wpa_ie_len; + + enum { + WPA_VERSION_NO_WPA = 0 /* WPA not used */, + WPA_VERSION_WPA = 1 /* WPA / IEEE 802.11i/D3.0 */, + WPA_VERSION_WPA2 = 2 /* WPA2 / IEEE 802.11i */ + } wpa; + int pairwise; /* Pairwise cipher suite, WPA_CIPHER_* */ + int wpa_key_mgmt; /* the selected WPA_KEY_MGMT_* */ + struct rsn_pmksa_cache_entry *pmksa; + + u32 dot11RSNAStatsTKIPLocalMICFailures; + u32 dot11RSNAStatsTKIPRemoteMICFailures; +}; + + +/* per group key state machine data */ +struct wpa_group { + struct wpa_group *next; + int vlan_id; + + Boolean GInit; + int GNoStations; + int GKeyDoneStations; + Boolean GTKReKey; + int GTK_len; + int GN, GM; + Boolean GTKAuthenticator; + u8 Counter[WPA_NONCE_LEN]; + + enum { + WPA_GROUP_GTK_INIT = 0, + WPA_GROUP_SETKEYS, WPA_GROUP_SETKEYSDONE + } wpa_group_state; + + u8 GMK[WPA_GMK_LEN]; + u8 GTK[2][WPA_GTK_MAX_LEN]; + u8 GNonce[WPA_NONCE_LEN]; + Boolean changed; +#ifdef CONFIG_IEEE80211W + u8 DGTK[WPA_DGTK_LEN]; + u8 IGTK[2][WPA_IGTK_LEN]; +#endif /* CONFIG_IEEE80211W */ +}; + + +/* per authenticator data */ +struct wpa_authenticator { + struct wpa_group *group; + + unsigned int dot11RSNAStatsTKIPRemoteMICFailures; + u8 dot11RSNAAuthenticationSuiteSelected[4]; + u8 dot11RSNAPairwiseCipherSelected[4]; + u8 dot11RSNAGroupCipherSelected[4]; + u8 dot11RSNAPMKIDUsed[PMKID_LEN]; + u8 dot11RSNAAuthenticationSuiteRequested[4]; /* FIX: update */ + u8 dot11RSNAPairwiseCipherRequested[4]; /* FIX: update */ + u8 dot11RSNAGroupCipherRequested[4]; /* FIX: update */ + unsigned int dot11RSNATKIPCounterMeasuresInvoked; + unsigned int dot11RSNA4WayHandshakeFailures; + + struct wpa_stsl_negotiation *stsl_negotiations; + + struct wpa_auth_config conf; + struct wpa_auth_callbacks cb; + + u8 *wpa_ie; + size_t wpa_ie_len; + + u8 addr[ETH_ALEN]; + + struct rsn_pmksa_cache *pmksa; +}; + + +static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx); +static void wpa_sm_step(struct wpa_state_machine *sm); +static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len); +static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx); +static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth, + struct wpa_group *group); +static int wpa_stsl_remove(struct wpa_authenticator *wpa_auth, + struct wpa_stsl_negotiation *neg); +static void __wpa_send_eapol(struct wpa_authenticator *wpa_auth, + struct wpa_state_machine *sm, int key_info, + const u8 *key_rsc, const u8 *nonce, + const u8 *kde, size_t kde_len, + int keyidx, int encr, int force_version); + +/* Default timeouts are 100 ms, but this seems to be a bit too fast for most + * WPA Supplicants, so use a bit longer timeout. */ +static const u32 dot11RSNAConfigGroupUpdateTimeOut = 1000; /* ms */ +static const u32 dot11RSNAConfigGroupUpdateCount = 3; +static const u32 dot11RSNAConfigPairwiseUpdateTimeOut = 1000; /* ms */ +static const u32 dot11RSNAConfigPairwiseUpdateCount = 3; + +/* TODO: make these configurable */ +static const int dot11RSNAConfigPMKLifetime = 43200; +static const int dot11RSNAConfigPMKReauthThreshold = 70; +static const int dot11RSNAConfigSATimeout = 60; + + +static const int WPA_SELECTOR_LEN = 4; +static const u8 WPA_OUI_TYPE[] = { 0x00, 0x50, 0xf2, 1 }; +static const u16 WPA_VERSION = 1; +static const u8 WPA_AUTH_KEY_MGMT_UNSPEC_802_1X[] = { 0x00, 0x50, 0xf2, 1 }; +static const u8 WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X[] = { 0x00, 0x50, 0xf2, 2 }; +static const u8 WPA_CIPHER_SUITE_NONE[] = { 0x00, 0x50, 0xf2, 0 }; +static const u8 WPA_CIPHER_SUITE_WEP40[] = { 0x00, 0x50, 0xf2, 1 }; +static const u8 WPA_CIPHER_SUITE_TKIP[] = { 0x00, 0x50, 0xf2, 2 }; +static const u8 WPA_CIPHER_SUITE_WRAP[] = { 0x00, 0x50, 0xf2, 3 }; +static const u8 WPA_CIPHER_SUITE_CCMP[] = { 0x00, 0x50, 0xf2, 4 }; +static const u8 WPA_CIPHER_SUITE_WEP104[] = { 0x00, 0x50, 0xf2, 5 }; +#ifdef CONFIG_IEEE80211W +static const u8 RSN_CIPHER_SUITE_AES_128_CMAC[] = { 0x00, 0x0f, 0xac, 6 }; +#endif /* CONFIG_IEEE80211W */ + +static const int RSN_SELECTOR_LEN = 4; +static const u16 RSN_VERSION = 1; +static const u8 RSN_AUTH_KEY_MGMT_UNSPEC_802_1X[] = { 0x00, 0x0f, 0xac, 1 }; +static const u8 RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X[] = { 0x00, 0x0f, 0xac, 2 }; +static const u8 RSN_CIPHER_SUITE_NONE[] = { 0x00, 0x0f, 0xac, 0 }; +static const u8 RSN_CIPHER_SUITE_WEP40[] = { 0x00, 0x0f, 0xac, 1 }; +static const u8 RSN_CIPHER_SUITE_TKIP[] = { 0x00, 0x0f, 0xac, 2 }; +static const u8 RSN_CIPHER_SUITE_WRAP[] = { 0x00, 0x0f, 0xac, 3 }; +static const u8 RSN_CIPHER_SUITE_CCMP[] = { 0x00, 0x0f, 0xac, 4 }; +static const u8 RSN_CIPHER_SUITE_WEP104[] = { 0x00, 0x0f, 0xac, 5 }; + +/* EAPOL-Key Key Data Encapsulation + * GroupKey and PeerKey require encryption, otherwise, encryption is optional. + */ +static const u8 RSN_KEY_DATA_GROUPKEY[] = { 0x00, 0x0f, 0xac, 1 }; +#if 0 +static const u8 RSN_KEY_DATA_STAKEY[] = { 0x00, 0x0f, 0xac, 2 }; +#endif +static const u8 RSN_KEY_DATA_MAC_ADDR[] = { 0x00, 0x0f, 0xac, 3 }; +static const u8 RSN_KEY_DATA_PMKID[] = { 0x00, 0x0f, 0xac, 4 }; +#ifdef CONFIG_PEERKEY +static const u8 RSN_KEY_DATA_SMK[] = { 0x00, 0x0f, 0xac, 5 }; +static const u8 RSN_KEY_DATA_NONCE[] = { 0x00, 0x0f, 0xac, 6 }; +static const u8 RSN_KEY_DATA_LIFETIME[] = { 0x00, 0x0f, 0xac, 7 }; +static const u8 RSN_KEY_DATA_ERROR[] = { 0x00, 0x0f, 0xac, 8 }; +#endif /* CONFIG_PEERKEY */ +#ifdef CONFIG_IEEE80211W +/* FIX: IEEE 802.11w/D1.0 is using subtypes 5 and 6 for these, but they were + * already taken by 802.11ma (PeerKey). Need to update the values here once + * IEEE 802.11w fixes these. */ +static const u8 RSN_KEY_DATA_DHV[] = { 0x00, 0x0f, 0xac, 9 }; +static const u8 RSN_KEY_DATA_IGTK[] = { 0x00, 0x0f, 0xac, 10 }; +#endif /* CONFIG_IEEE80211W */ + +#ifdef CONFIG_PEERKEY +enum { + STK_MUI_4WAY_STA_AP = 1, + STK_MUI_4WAY_STAT_STA = 2, + STK_MUI_GTK = 3, + STK_MUI_SMK = 4 +}; + +enum { + STK_ERR_STA_NR = 1, + STK_ERR_STA_NRSN = 2, + STK_ERR_CPHR_NS = 3, + STK_ERR_NO_STSL = 4 +}; +#endif /* CONFIG_PEERKEY */ + +#define GENERIC_INFO_ELEM 0xdd +#define RSN_INFO_ELEM 0x30 + +#ifdef _MSC_VER +#pragma pack(push, 1) +#endif /* _MSC_VER */ + +/* WPA IE version 1 + * 00-50-f2:1 (OUI:OUI type) + * 0x01 0x00 (version; little endian) + * (all following fields are optional:) + * Group Suite Selector (4 octets) (default: TKIP) + * Pairwise Suite Count (2 octets, little endian) (default: 1) + * Pairwise Suite List (4 * n octets) (default: TKIP) + * Authenticated Key Management Suite Count (2 octets, little endian) + * (default: 1) + * Authenticated Key Management Suite List (4 * n octets) + * (default: unspec 802.1X) + * WPA Capabilities (2 octets, little endian) (default: 0) + */ + +struct wpa_ie_hdr { + u8 elem_id; + u8 len; + u8 oui[3]; + u8 oui_type; + u16 version; +} STRUCT_PACKED; + + +/* RSN IE version 1 + * 0x01 0x00 (version; little endian) + * (all following fields are optional:) + * Group Suite Selector (4 octets) (default: CCMP) + * Pairwise Suite Count (2 octets, little endian) (default: 1) + * Pairwise Suite List (4 * n octets) (default: CCMP) + * Authenticated Key Management Suite Count (2 octets, little endian) + * (default: 1) + * Authenticated Key Management Suite List (4 * n octets) + * (default: unspec 802.1X) + * RSN Capabilities (2 octets, little endian) (default: 0) + * PMKID Count (2 octets) (default: 0) + * PMKID List (16 * n octets) + * Management Group Cipher Suite (4 octets) (default: AES-128-CMAC) + */ + +struct rsn_ie_hdr { + u8 elem_id; /* WLAN_EID_RSN */ + u8 len; + u16 version; +} STRUCT_PACKED; + + +struct rsn_error_kde { + u16 mui; + u16 error_type; +} STRUCT_PACKED; + + +#ifdef CONFIG_IEEE80211W +struct wpa_dhv_kde { + u8 dhv[WPA_DHV_LEN]; +} STRUCT_PACKED; + +struct wpa_igtk_kde { + u8 keyid[2]; + u8 pn[6]; + u8 igtk[WPA_IGTK_LEN]; +} STRUCT_PACKED; +#endif /* CONFIG_IEEE80211W */ + +#ifdef _MSC_VER +#pragma pack(pop) +#endif /* _MSC_VER */ + + +static inline void wpa_auth_mic_failure_report( + struct wpa_authenticator *wpa_auth, const u8 *addr) +{ + if (wpa_auth->cb.mic_failure_report) + wpa_auth->cb.mic_failure_report(wpa_auth->cb.ctx, addr); +} + + +static inline void wpa_auth_set_eapol(struct wpa_authenticator *wpa_auth, + const u8 *addr, wpa_eapol_variable var, + int value) +{ + if (wpa_auth->cb.set_eapol) + wpa_auth->cb.set_eapol(wpa_auth->cb.ctx, addr, var, value); +} + + +static inline int wpa_auth_get_eapol(struct wpa_authenticator *wpa_auth, + const u8 *addr, wpa_eapol_variable var) +{ + if (wpa_auth->cb.get_eapol == NULL) + return -1; + return wpa_auth->cb.get_eapol(wpa_auth->cb.ctx, addr, var); +} + + +static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth, + const u8 *addr, const u8 *prev_psk) +{ + if (wpa_auth->cb.get_psk == NULL) + return NULL; + return wpa_auth->cb.get_psk(wpa_auth->cb.ctx, addr, prev_psk); +} + + +static inline int wpa_auth_get_pmk(struct wpa_authenticator *wpa_auth, + const u8 *addr, u8 *pmk, size_t *len) +{ + if (wpa_auth->cb.get_pmk == NULL) + return -1; + return wpa_auth->cb.get_pmk(wpa_auth->cb.ctx, addr, pmk, len); +} + + +static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth, + int vlan_id, + const char *alg, const u8 *addr, int idx, + u8 *key, size_t key_len) +{ + if (wpa_auth->cb.set_key == NULL) + return -1; + return wpa_auth->cb.set_key(wpa_auth->cb.ctx, vlan_id, alg, addr, idx, + key, key_len); +} + + +static inline int wpa_auth_get_seqnum(struct wpa_authenticator *wpa_auth, + const u8 *addr, int idx, u8 *seq) +{ + if (wpa_auth->cb.get_seqnum == NULL) + return -1; + return wpa_auth->cb.get_seqnum(wpa_auth->cb.ctx, addr, idx, seq); +} + + +static inline int wpa_auth_get_seqnum_igtk(struct wpa_authenticator *wpa_auth, + const u8 *addr, int idx, u8 *seq) +{ + if (wpa_auth->cb.get_seqnum_igtk == NULL) + return -1; + return wpa_auth->cb.get_seqnum_igtk(wpa_auth->cb.ctx, addr, idx, seq); +} + + +static inline int +wpa_auth_send_eapol(struct wpa_authenticator *wpa_auth, const u8 *addr, + const u8 *data, size_t data_len, int encrypt) +{ + if (wpa_auth->cb.send_eapol == NULL) + return -1; + return wpa_auth->cb.send_eapol(wpa_auth->cb.ctx, addr, data, data_len, + encrypt); +} + + +static inline int wpa_auth_for_each_sta(struct wpa_authenticator *wpa_auth, + int (*cb)(struct wpa_state_machine *sm, + void *ctx), + void *cb_ctx) +{ + if (wpa_auth->cb.for_each_sta == NULL) + return 0; + return wpa_auth->cb.for_each_sta(wpa_auth->cb.ctx, cb, cb_ctx); +} + + +static void wpa_auth_logger(struct wpa_authenticator *wpa_auth, const u8 *addr, + logger_level level, const char *txt) +{ + if (wpa_auth->cb.logger == NULL) + return; + wpa_auth->cb.logger(wpa_auth->cb.ctx, addr, level, txt); +} + + +static void wpa_auth_vlogger(struct wpa_authenticator *wpa_auth, + const u8 *addr, logger_level level, + const char *fmt, ...) +{ + char *format; + int maxlen; + va_list ap; + + if (wpa_auth->cb.logger == NULL) + return; + + maxlen = strlen(fmt) + 100; + format = malloc(maxlen); + if (!format) + return; + + va_start(ap, fmt); + vsnprintf(format, maxlen, fmt, ap); + va_end(ap); + + wpa_auth_logger(wpa_auth, addr, level, format); + + free(format); +} + + +static int wpa_write_wpa_ie(struct wpa_auth_config *conf, u8 *buf, size_t len) +{ + struct wpa_ie_hdr *hdr; + int num_suites; + u8 *pos, *count; + + hdr = (struct wpa_ie_hdr *) buf; + hdr->elem_id = WLAN_EID_GENERIC; + memcpy(&hdr->oui, WPA_OUI_TYPE, WPA_SELECTOR_LEN); + hdr->version = host_to_le16(WPA_VERSION); + pos = (u8 *) (hdr + 1); + + if (conf->wpa_group == WPA_CIPHER_CCMP) { + memcpy(pos, WPA_CIPHER_SUITE_CCMP, WPA_SELECTOR_LEN); + } else if (conf->wpa_group == WPA_CIPHER_TKIP) { + memcpy(pos, WPA_CIPHER_SUITE_TKIP, WPA_SELECTOR_LEN); + } else if (conf->wpa_group == WPA_CIPHER_WEP104) { + memcpy(pos, WPA_CIPHER_SUITE_WEP104, WPA_SELECTOR_LEN); + } else if (conf->wpa_group == WPA_CIPHER_WEP40) { + memcpy(pos, WPA_CIPHER_SUITE_WEP40, WPA_SELECTOR_LEN); + } else { + wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).", + conf->wpa_group); + return -1; + } + pos += WPA_SELECTOR_LEN; + + num_suites = 0; + count = pos; + pos += 2; + + if (conf->wpa_pairwise & WPA_CIPHER_CCMP) { + memcpy(pos, WPA_CIPHER_SUITE_CCMP, WPA_SELECTOR_LEN); + pos += WPA_SELECTOR_LEN; + num_suites++; + } + if (conf->wpa_pairwise & WPA_CIPHER_TKIP) { + memcpy(pos, WPA_CIPHER_SUITE_TKIP, WPA_SELECTOR_LEN); + pos += WPA_SELECTOR_LEN; + num_suites++; + } + if (conf->wpa_pairwise & WPA_CIPHER_NONE) { + memcpy(pos, WPA_CIPHER_SUITE_NONE, WPA_SELECTOR_LEN); + pos += WPA_SELECTOR_LEN; + num_suites++; + } + + if (num_suites == 0) { + wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).", + conf->wpa_pairwise); + return -1; + } + *count++ = num_suites & 0xff; + *count = (num_suites >> 8) & 0xff; + + num_suites = 0; + count = pos; + pos += 2; + + if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) { + memcpy(pos, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X, WPA_SELECTOR_LEN); + pos += WPA_SELECTOR_LEN; + num_suites++; + } + if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) { + memcpy(pos, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X, + WPA_SELECTOR_LEN); + pos += WPA_SELECTOR_LEN; + num_suites++; + } + + if (num_suites == 0) { + wpa_printf(MSG_DEBUG, "Invalid key management type (%d).", + conf->wpa_key_mgmt); + return -1; + } + *count++ = num_suites & 0xff; + *count = (num_suites >> 8) & 0xff; + + /* WPA Capabilities; use defaults, so no need to include it */ + + hdr->len = (pos - buf) - 2; + + return pos - buf; +} + + +static int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len) +{ + struct rsn_ie_hdr *hdr; + int num_suites; + u8 *pos, *count; + u16 capab; + + hdr = (struct rsn_ie_hdr *) buf; + hdr->elem_id = WLAN_EID_RSN; + pos = (u8 *) &hdr->version; + *pos++ = RSN_VERSION & 0xff; + *pos++ = RSN_VERSION >> 8; + pos = (u8 *) (hdr + 1); + + if (conf->wpa_group == WPA_CIPHER_CCMP) { + memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN); + } else if (conf->wpa_group == WPA_CIPHER_TKIP) { + memcpy(pos, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN); + } else if (conf->wpa_group == WPA_CIPHER_WEP104) { + memcpy(pos, RSN_CIPHER_SUITE_WEP104, RSN_SELECTOR_LEN); + } else if (conf->wpa_group == WPA_CIPHER_WEP40) { + memcpy(pos, RSN_CIPHER_SUITE_WEP40, RSN_SELECTOR_LEN); + } else { + wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).", + conf->wpa_group); + return -1; + } + pos += RSN_SELECTOR_LEN; + + num_suites = 0; + count = pos; + pos += 2; + + if (conf->wpa_pairwise & WPA_CIPHER_CCMP) { + memcpy(pos, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN); + pos += RSN_SELECTOR_LEN; + num_suites++; + } + if (conf->wpa_pairwise & WPA_CIPHER_TKIP) { + memcpy(pos, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN); + pos += RSN_SELECTOR_LEN; + num_suites++; + } + if (conf->wpa_pairwise & WPA_CIPHER_NONE) { + memcpy(pos, RSN_CIPHER_SUITE_NONE, RSN_SELECTOR_LEN); + pos += RSN_SELECTOR_LEN; + num_suites++; + } + + if (num_suites == 0) { + wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).", + conf->wpa_pairwise); + return -1; + } + *count++ = num_suites & 0xff; + *count = (num_suites >> 8) & 0xff; + + num_suites = 0; + count = pos; + pos += 2; + + if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) { + memcpy(pos, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X, RSN_SELECTOR_LEN); + pos += RSN_SELECTOR_LEN; + num_suites++; + } + if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) { + memcpy(pos, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X, + RSN_SELECTOR_LEN); + pos += RSN_SELECTOR_LEN; + num_suites++; + } + + if (num_suites == 0) { + wpa_printf(MSG_DEBUG, "Invalid key management type (%d).", + conf->wpa_key_mgmt); + return -1; + } + *count++ = num_suites & 0xff; + *count = (num_suites >> 8) & 0xff; + + /* RSN Capabilities */ + capab = 0; + if (conf->rsn_preauth) + capab |= WPA_CAPABILITY_PREAUTH; + if (conf->peerkey) + capab |= WPA_CAPABILITY_PEERKEY_ENABLED; + if (conf->wme_enabled) { + /* 4 PTKSA replay counters when using WME */ + capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2); + } +#ifdef CONFIG_IEEE80211W + if (conf->ieee80211w != WPA_NO_IEEE80211W) + capab |= WPA_CAPABILITY_MGMT_FRAME_PROTECTION; +#endif /* CONFIG_IEEE80211W */ + *pos++ = capab & 0xff; + *pos++ = capab >> 8; + +#ifdef CONFIG_IEEE80211W + if (conf->ieee80211w != WPA_NO_IEEE80211W) { + if (pos + 2 + 4 > buf + len) + return -1; + /* PMKID Count */ + WPA_PUT_LE16(pos, 0); + pos += 2; + + /* Management Group Cipher Suite */ + memcpy(pos, RSN_CIPHER_SUITE_AES_128_CMAC, RSN_SELECTOR_LEN); + pos += RSN_SELECTOR_LEN; + } +#endif /* CONFIG_IEEE80211W */ + + hdr->len = (pos - buf) - 2; + + return pos - buf; +} + + +static int wpa_gen_wpa_ie(struct wpa_authenticator *wpa_auth) +{ + u8 *pos, buf[100]; + int res; + + pos = buf; + + if (wpa_auth->conf.wpa & HOSTAPD_WPA_VERSION_WPA2) { + res = wpa_write_rsn_ie(&wpa_auth->conf, + pos, buf + sizeof(buf) - pos); + if (res < 0) + return res; + pos += res; + } + if (wpa_auth->conf.wpa & HOSTAPD_WPA_VERSION_WPA) { + res = wpa_write_wpa_ie(&wpa_auth->conf, + pos, buf + sizeof(buf) - pos); + if (res < 0) + return res; + pos += res; + } + + free(wpa_auth->wpa_ie); + wpa_auth->wpa_ie = malloc(pos - buf); + if (wpa_auth->wpa_ie == NULL) + return -1; + memcpy(wpa_auth->wpa_ie, buf, pos - buf); + wpa_auth->wpa_ie_len = pos - buf; + + return 0; +} + + +static void wpa_sta_disconnect(struct wpa_authenticator *wpa_auth, + const u8 *addr) +{ + if (wpa_auth->cb.disconnect == NULL) + return; + wpa_auth->cb.disconnect(wpa_auth->cb.ctx, addr, + WLAN_REASON_PREV_AUTH_NOT_VALID); +} + + +static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx) +{ + struct wpa_authenticator *wpa_auth = eloop_ctx; + + if (hostapd_get_rand(wpa_auth->group->GMK, WPA_GMK_LEN)) { + wpa_printf(MSG_ERROR, "Failed to get random data for WPA " + "initialization."); + } else { + wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "GMK rekeyd"); + } + + if (wpa_auth->conf.wpa_gmk_rekey) { + eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0, + wpa_rekey_gmk, wpa_auth, NULL); + } +} + + +static void wpa_rekey_gtk(void *eloop_ctx, void *timeout_ctx) +{ + struct wpa_authenticator *wpa_auth = eloop_ctx; + struct wpa_group *group; + + wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "rekeying GTK"); + for (group = wpa_auth->group; group; group = group->next) { + group->GTKReKey = TRUE; + do { + group->changed = FALSE; + wpa_group_sm_step(wpa_auth, group); + } while (group->changed); + } + + if (wpa_auth->conf.wpa_group_rekey) { + eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, + 0, wpa_rekey_gtk, wpa_auth, NULL); + } +} + + +static int wpa_auth_pmksa_clear_cb(struct wpa_state_machine *sm, void *ctx) +{ + if (sm->pmksa == ctx) + sm->pmksa = NULL; + return 0; +} + + +static void wpa_auth_pmksa_free_cb(struct rsn_pmksa_cache_entry *entry, + void *ctx) +{ + struct wpa_authenticator *wpa_auth = ctx; + wpa_auth_for_each_sta(wpa_auth, wpa_auth_pmksa_clear_cb, entry); +} + + +static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth, + int vlan_id) +{ + struct wpa_group *group; + u8 buf[ETH_ALEN + 8 + sizeof(group)]; + u8 rkey[32]; + + group = wpa_zalloc(sizeof(struct wpa_group)); + if (group == NULL) + return NULL; + + group->GTKAuthenticator = TRUE; + group->vlan_id = vlan_id; + + switch (wpa_auth->conf.wpa_group) { + case WPA_CIPHER_CCMP: + group->GTK_len = 16; + break; + case WPA_CIPHER_TKIP: + group->GTK_len = 32; + break; + case WPA_CIPHER_WEP104: + group->GTK_len = 13; + break; + case WPA_CIPHER_WEP40: + group->GTK_len = 5; + break; + } + + /* Counter = PRF-256(Random number, "Init Counter", + * Local MAC Address || Time) + */ + memcpy(buf, wpa_auth->addr, ETH_ALEN); + wpa_get_ntp_timestamp(buf + ETH_ALEN); + memcpy(buf + ETH_ALEN + 8, &group, sizeof(group)); + if (hostapd_get_rand(rkey, sizeof(rkey)) || + hostapd_get_rand(group->GMK, WPA_GMK_LEN)) { + wpa_printf(MSG_ERROR, "Failed to get random data for WPA " + "initialization."); + free(group); + return NULL; + } + + sha1_prf(rkey, sizeof(rkey), "Init Counter", buf, sizeof(buf), + group->Counter, WPA_NONCE_LEN); + + group->GInit = TRUE; + wpa_group_sm_step(wpa_auth, group); + group->GInit = FALSE; + wpa_group_sm_step(wpa_auth, group); + + return group; +} + + +/** + * wpa_init - Initialize WPA authenticator + * @addr: Authenticator address + * @conf: Configuration for WPA authenticator + * Returns: Pointer to WPA authenticator data or %NULL on failure + */ +struct wpa_authenticator * wpa_init(const u8 *addr, + struct wpa_auth_config *conf, + struct wpa_auth_callbacks *cb) +{ + struct wpa_authenticator *wpa_auth; + + wpa_auth = wpa_zalloc(sizeof(struct wpa_authenticator)); + if (wpa_auth == NULL) + return NULL; + memcpy(wpa_auth->addr, addr, ETH_ALEN); + memcpy(&wpa_auth->conf, conf, sizeof(*conf)); + memcpy(&wpa_auth->cb, cb, sizeof(*cb)); + + if (wpa_gen_wpa_ie(wpa_auth)) { + wpa_printf(MSG_ERROR, "Could not generate WPA IE."); + free(wpa_auth); + return NULL; + } + + wpa_auth->group = wpa_group_init(wpa_auth, 0); + if (wpa_auth->group == NULL) { + free(wpa_auth->wpa_ie); + free(wpa_auth); + return NULL; + } + + wpa_auth->pmksa = pmksa_cache_init(wpa_auth_pmksa_free_cb, wpa_auth); + if (wpa_auth->pmksa == NULL) { + wpa_printf(MSG_ERROR, "PMKSA cache initialization failed."); + free(wpa_auth->wpa_ie); + free(wpa_auth); + return NULL; + } + + if (wpa_auth->conf.wpa_gmk_rekey) { + eloop_register_timeout(wpa_auth->conf.wpa_gmk_rekey, 0, + wpa_rekey_gmk, wpa_auth, NULL); + } + + if (wpa_auth->conf.wpa_group_rekey) { + eloop_register_timeout(wpa_auth->conf.wpa_group_rekey, 0, + wpa_rekey_gtk, wpa_auth, NULL); + } + + return wpa_auth; +} + + +/** + * wpa_deinit - Deinitialize WPA authenticator + * @wpa_auth: Pointer to WPA authenticator data from wpa_init() + */ +void wpa_deinit(struct wpa_authenticator *wpa_auth) +{ + struct wpa_group *group, *prev; + + eloop_cancel_timeout(wpa_rekey_gmk, wpa_auth, NULL); + eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL); + + while (wpa_auth->stsl_negotiations) + wpa_stsl_remove(wpa_auth, wpa_auth->stsl_negotiations); + + pmksa_cache_deinit(wpa_auth->pmksa); + + free(wpa_auth->wpa_ie); + + group = wpa_auth->group; + while (group) { + prev = group; + group = group->next; + free(prev); + } + + free(wpa_auth); +} + + +/** + * wpa_reconfig - Update WPA authenticator configuration + * @wpa_auth: Pointer to WPA authenticator data from wpa_init() + * @conf: Configuration for WPA authenticator + */ +int wpa_reconfig(struct wpa_authenticator *wpa_auth, + struct wpa_auth_config *conf) +{ + if (wpa_auth == NULL) + return 0; + + memcpy(&wpa_auth->conf, conf, sizeof(*conf)); + /* + * TODO: + * Disassociate stations if configuration changed + * Update WPA/RSN IE + */ + return 0; +} + + +static int wpa_selector_to_bitfield(u8 *s) +{ + if (memcmp(s, WPA_CIPHER_SUITE_NONE, WPA_SELECTOR_LEN) == 0) + return WPA_CIPHER_NONE; + if (memcmp(s, WPA_CIPHER_SUITE_WEP40, WPA_SELECTOR_LEN) == 0) + return WPA_CIPHER_WEP40; + if (memcmp(s, WPA_CIPHER_SUITE_TKIP, WPA_SELECTOR_LEN) == 0) + return WPA_CIPHER_TKIP; + if (memcmp(s, WPA_CIPHER_SUITE_CCMP, WPA_SELECTOR_LEN) == 0) + return WPA_CIPHER_CCMP; + if (memcmp(s, WPA_CIPHER_SUITE_WEP104, WPA_SELECTOR_LEN) == 0) + return WPA_CIPHER_WEP104; + return 0; +} + + +static int wpa_key_mgmt_to_bitfield(u8 *s) +{ + if (memcmp(s, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X, WPA_SELECTOR_LEN) == 0) + return WPA_KEY_MGMT_IEEE8021X; + if (memcmp(s, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X, WPA_SELECTOR_LEN) == + 0) + return WPA_KEY_MGMT_PSK; + return 0; +} + + +static int rsn_selector_to_bitfield(u8 *s) +{ + if (memcmp(s, RSN_CIPHER_SUITE_NONE, RSN_SELECTOR_LEN) == 0) + return WPA_CIPHER_NONE; + if (memcmp(s, RSN_CIPHER_SUITE_WEP40, RSN_SELECTOR_LEN) == 0) + return WPA_CIPHER_WEP40; + if (memcmp(s, RSN_CIPHER_SUITE_TKIP, RSN_SELECTOR_LEN) == 0) + return WPA_CIPHER_TKIP; + if (memcmp(s, RSN_CIPHER_SUITE_CCMP, RSN_SELECTOR_LEN) == 0) + return WPA_CIPHER_CCMP; + if (memcmp(s, RSN_CIPHER_SUITE_WEP104, RSN_SELECTOR_LEN) == 0) + return WPA_CIPHER_WEP104; +#ifdef CONFIG_IEEE80211W + if (memcmp(s, RSN_CIPHER_SUITE_AES_128_CMAC, RSN_SELECTOR_LEN) == 0) + return WPA_CIPHER_AES_128_CMAC; +#endif /* CONFIG_IEEE80211W */ + return 0; +} + + +static int rsn_key_mgmt_to_bitfield(u8 *s) +{ + if (memcmp(s, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X, RSN_SELECTOR_LEN) == 0) + return WPA_KEY_MGMT_IEEE8021X; + if (memcmp(s, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X, RSN_SELECTOR_LEN) == + 0) + return WPA_KEY_MGMT_PSK; + return 0; +} + + +static u8 * wpa_add_kde(u8 *pos, const u8 *kde, const u8 *data, + size_t data_len, const u8 *data2, size_t data2_len) +{ + *pos++ = GENERIC_INFO_ELEM; + *pos++ = RSN_SELECTOR_LEN + data_len + data2_len; + memcpy(pos, kde, RSN_SELECTOR_LEN); + pos += RSN_SELECTOR_LEN; + memcpy(pos, data, data_len); + pos += data_len; + if (data2) { + memcpy(pos, data2, data2_len); + pos += data2_len; + } + return pos; +} + + +struct wpa_ie_data { + int pairwise_cipher; + int group_cipher; + int key_mgmt; + int capabilities; + size_t num_pmkid; + u8 *pmkid; + int mgmt_group_cipher; +}; + + +static int wpa_parse_wpa_ie_wpa(const u8 *wpa_ie, size_t wpa_ie_len, + struct wpa_ie_data *data) +{ + struct wpa_ie_hdr *hdr; + u8 *pos; + int left; + int i, count; + + memset(data, 0, sizeof(*data)); + data->pairwise_cipher = WPA_CIPHER_TKIP; + data->group_cipher = WPA_CIPHER_TKIP; + data->key_mgmt = WPA_KEY_MGMT_IEEE8021X; + data->mgmt_group_cipher = 0; + + if (wpa_ie_len < sizeof(struct wpa_ie_hdr)) + return -1; + + hdr = (struct wpa_ie_hdr *) wpa_ie; + + if (hdr->elem_id != WLAN_EID_GENERIC || + hdr->len != wpa_ie_len - 2 || + memcmp(&hdr->oui, WPA_OUI_TYPE, WPA_SELECTOR_LEN) != 0 || + le_to_host16(hdr->version) != WPA_VERSION) { + return -2; + } + + pos = (u8 *) (hdr + 1); + left = wpa_ie_len - sizeof(*hdr); + + if (left >= WPA_SELECTOR_LEN) { + data->group_cipher = wpa_selector_to_bitfield(pos); + pos += WPA_SELECTOR_LEN; + left -= WPA_SELECTOR_LEN; + } else if (left > 0) + return -3; + + if (left >= 2) { + data->pairwise_cipher = 0; + count = pos[0] | (pos[1] << 8); + pos += 2; + left -= 2; + if (count == 0 || left < count * WPA_SELECTOR_LEN) + return -4; + for (i = 0; i < count; i++) { + data->pairwise_cipher |= wpa_selector_to_bitfield(pos); + pos += WPA_SELECTOR_LEN; + left -= WPA_SELECTOR_LEN; + } + } else if (left == 1) + return -5; + + if (left >= 2) { + data->key_mgmt = 0; + count = pos[0] | (pos[1] << 8); + pos += 2; + left -= 2; + if (count == 0 || left < count * WPA_SELECTOR_LEN) + return -6; + for (i = 0; i < count; i++) { + data->key_mgmt |= wpa_key_mgmt_to_bitfield(pos); + pos += WPA_SELECTOR_LEN; + left -= WPA_SELECTOR_LEN; + } + } else if (left == 1) + return -7; + + if (left >= 2) { + data->capabilities = pos[0] | (pos[1] << 8); + pos += 2; + left -= 2; + } + + if (left > 0) { + return -8; + } + + return 0; +} + + +static int wpa_parse_wpa_ie_rsn(const u8 *rsn_ie, size_t rsn_ie_len, + struct wpa_ie_data *data) +{ + struct rsn_ie_hdr *hdr; + u8 *pos; + int left; + int i, count; + + memset(data, 0, sizeof(*data)); + data->pairwise_cipher = WPA_CIPHER_CCMP; + data->group_cipher = WPA_CIPHER_CCMP; + data->key_mgmt = WPA_KEY_MGMT_IEEE8021X; +#ifdef CONFIG_IEEE80211W + data->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC; +#else /* CONFIG_IEEE80211W */ + data->mgmt_group_cipher = 0; +#endif /* CONFIG_IEEE80211W */ + + if (rsn_ie_len < sizeof(struct rsn_ie_hdr)) + return -1; + + hdr = (struct rsn_ie_hdr *) rsn_ie; + + if (hdr->elem_id != WLAN_EID_RSN || + hdr->len != rsn_ie_len - 2 || + le_to_host16(hdr->version) != RSN_VERSION) { + return -2; + } + + pos = (u8 *) (hdr + 1); + left = rsn_ie_len - sizeof(*hdr); + + if (left >= RSN_SELECTOR_LEN) { + data->group_cipher = rsn_selector_to_bitfield(pos); + pos += RSN_SELECTOR_LEN; + left -= RSN_SELECTOR_LEN; + } else if (left > 0) + return -3; + + if (left >= 2) { + data->pairwise_cipher = 0; + count = pos[0] | (pos[1] << 8); + pos += 2; + left -= 2; + if (count == 0 || left < count * RSN_SELECTOR_LEN) + return -4; + for (i = 0; i < count; i++) { + data->pairwise_cipher |= rsn_selector_to_bitfield(pos); + pos += RSN_SELECTOR_LEN; + left -= RSN_SELECTOR_LEN; + } + } else if (left == 1) + return -5; + + if (left >= 2) { + data->key_mgmt = 0; + count = pos[0] | (pos[1] << 8); + pos += 2; + left -= 2; + if (count == 0 || left < count * RSN_SELECTOR_LEN) + return -6; + for (i = 0; i < count; i++) { + data->key_mgmt |= rsn_key_mgmt_to_bitfield(pos); + pos += RSN_SELECTOR_LEN; + left -= RSN_SELECTOR_LEN; + } + } else if (left == 1) + return -7; + + if (left >= 2) { + data->capabilities = pos[0] | (pos[1] << 8); + pos += 2; + left -= 2; + } + + if (left >= 2) { + data->num_pmkid = pos[0] | (pos[1] << 8); + pos += 2; + left -= 2; + if (left < (int) data->num_pmkid * PMKID_LEN) { + wpa_printf(MSG_DEBUG, "RSN: too short RSN IE for " + "PMKIDs (num=%lu, left=%d)", + (unsigned long) data->num_pmkid, left); + return -9; + } + data->pmkid = pos; + pos += data->num_pmkid * PMKID_LEN; + left -= data->num_pmkid * PMKID_LEN; + } + +#ifdef CONFIG_IEEE80211W + if (left >= 4) { + data->mgmt_group_cipher = rsn_selector_to_bitfield(pos); + if (data->mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC) { + wpa_printf(MSG_DEBUG, "RSN: Unsupported management " + "group cipher 0x%x", + data->mgmt_group_cipher); + return -10; + } + pos += RSN_SELECTOR_LEN; + left -= RSN_SELECTOR_LEN; + } +#endif /* CONFIG_IEEE80211W */ + + if (left > 0) { + return -8; + } + + return 0; +} + + +int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth, + struct wpa_state_machine *sm, + const u8 *wpa_ie, size_t wpa_ie_len) +{ + struct wpa_ie_data data; + int ciphers, key_mgmt, res, version; + const u8 *selector; + size_t i; + + if (wpa_auth == NULL || sm == NULL) + return WPA_NOT_ENABLED; + + if (wpa_ie == NULL || wpa_ie_len < 1) + return WPA_INVALID_IE; + + if (wpa_ie[0] == WLAN_EID_RSN) + version = HOSTAPD_WPA_VERSION_WPA2; + else + version = HOSTAPD_WPA_VERSION_WPA; + + if (version == HOSTAPD_WPA_VERSION_WPA2) { + res = wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, &data); + + selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X; + if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X) + selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X; + else if (data.key_mgmt & WPA_KEY_MGMT_PSK) + selector = RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X; + memcpy(wpa_auth->dot11RSNAAuthenticationSuiteSelected, + selector, RSN_SELECTOR_LEN); + + selector = RSN_CIPHER_SUITE_CCMP; + if (data.pairwise_cipher & WPA_CIPHER_CCMP) + selector = RSN_CIPHER_SUITE_CCMP; + else if (data.pairwise_cipher & WPA_CIPHER_TKIP) + selector = RSN_CIPHER_SUITE_TKIP; + else if (data.pairwise_cipher & WPA_CIPHER_WEP104) + selector = RSN_CIPHER_SUITE_WEP104; + else if (data.pairwise_cipher & WPA_CIPHER_WEP40) + selector = RSN_CIPHER_SUITE_WEP40; + else if (data.pairwise_cipher & WPA_CIPHER_NONE) + selector = RSN_CIPHER_SUITE_NONE; + memcpy(wpa_auth->dot11RSNAPairwiseCipherSelected, + selector, RSN_SELECTOR_LEN); + + selector = RSN_CIPHER_SUITE_CCMP; + if (data.group_cipher & WPA_CIPHER_CCMP) + selector = RSN_CIPHER_SUITE_CCMP; + else if (data.group_cipher & WPA_CIPHER_TKIP) + selector = RSN_CIPHER_SUITE_TKIP; + else if (data.group_cipher & WPA_CIPHER_WEP104) + selector = RSN_CIPHER_SUITE_WEP104; + else if (data.group_cipher & WPA_CIPHER_WEP40) + selector = RSN_CIPHER_SUITE_WEP40; + else if (data.group_cipher & WPA_CIPHER_NONE) + selector = RSN_CIPHER_SUITE_NONE; + memcpy(wpa_auth->dot11RSNAGroupCipherSelected, + selector, RSN_SELECTOR_LEN); + } else { + res = wpa_parse_wpa_ie_wpa(wpa_ie, wpa_ie_len, &data); + + selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X; + if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X) + selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X; + else if (data.key_mgmt & WPA_KEY_MGMT_PSK) + selector = WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X; + memcpy(wpa_auth->dot11RSNAAuthenticationSuiteSelected, + selector, WPA_SELECTOR_LEN); + + selector = WPA_CIPHER_SUITE_TKIP; + if (data.pairwise_cipher & WPA_CIPHER_CCMP) + selector = WPA_CIPHER_SUITE_CCMP; + else if (data.pairwise_cipher & WPA_CIPHER_TKIP) + selector = WPA_CIPHER_SUITE_TKIP; + else if (data.pairwise_cipher & WPA_CIPHER_WEP104) + selector = WPA_CIPHER_SUITE_WEP104; + else if (data.pairwise_cipher & WPA_CIPHER_WEP40) + selector = WPA_CIPHER_SUITE_WEP40; + else if (data.pairwise_cipher & WPA_CIPHER_NONE) + selector = WPA_CIPHER_SUITE_NONE; + memcpy(wpa_auth->dot11RSNAPairwiseCipherSelected, + selector, WPA_SELECTOR_LEN); + + selector = WPA_CIPHER_SUITE_TKIP; + if (data.group_cipher & WPA_CIPHER_CCMP) + selector = WPA_CIPHER_SUITE_CCMP; + else if (data.group_cipher & WPA_CIPHER_TKIP) + selector = WPA_CIPHER_SUITE_TKIP; + else if (data.group_cipher & WPA_CIPHER_WEP104) + selector = WPA_CIPHER_SUITE_WEP104; + else if (data.group_cipher & WPA_CIPHER_WEP40) + selector = WPA_CIPHER_SUITE_WEP40; + else if (data.group_cipher & WPA_CIPHER_NONE) + selector = WPA_CIPHER_SUITE_NONE; + memcpy(wpa_auth->dot11RSNAGroupCipherSelected, + selector, WPA_SELECTOR_LEN); + } + if (res) { + wpa_printf(MSG_DEBUG, "Failed to parse WPA/RSN IE from " + MACSTR " (res=%d)", MAC2STR(sm->addr), res); + wpa_hexdump(MSG_DEBUG, "WPA/RSN IE", wpa_ie, wpa_ie_len); + return WPA_INVALID_IE; + } + + if (data.group_cipher != wpa_auth->conf.wpa_group) { + wpa_printf(MSG_DEBUG, "Invalid WPA group cipher (0x%x) from " + MACSTR, data.group_cipher, MAC2STR(sm->addr)); + return WPA_INVALID_GROUP; + } + + key_mgmt = data.key_mgmt & wpa_auth->conf.wpa_key_mgmt; + if (!key_mgmt) { + wpa_printf(MSG_DEBUG, "Invalid WPA key mgmt (0x%x) from " + MACSTR, data.key_mgmt, MAC2STR(sm->addr)); + return WPA_INVALID_AKMP; + } + if (key_mgmt & WPA_KEY_MGMT_IEEE8021X) + sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X; + else + sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK; + + ciphers = data.pairwise_cipher & wpa_auth->conf.wpa_pairwise; + if (!ciphers) { + wpa_printf(MSG_DEBUG, "Invalid WPA pairwise cipher (0x%x) " + "from " MACSTR, + data.pairwise_cipher, MAC2STR(sm->addr)); + return WPA_INVALID_PAIRWISE; + } + +#ifdef CONFIG_IEEE80211W + if (wpa_auth->conf.ieee80211w == WPA_IEEE80211W_REQUIRED) { + if (!(data.capabilities & + WPA_CAPABILITY_MGMT_FRAME_PROTECTION)) { + wpa_printf(MSG_DEBUG, "Management frame protection " + "required, but client did not enable it"); + return WPA_MGMT_FRAME_PROTECTION_VIOLATION; + } + + if (ciphers & WPA_CIPHER_TKIP) { + wpa_printf(MSG_DEBUG, "Management frame protection " + "cannot use TKIP"); + return WPA_MGMT_FRAME_PROTECTION_VIOLATION; + } + + if (data.mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC) { + wpa_printf(MSG_DEBUG, "Unsupported management group " + "cipher %d", data.mgmt_group_cipher); + return WPA_INVALID_MGMT_GROUP_CIPHER; + } + } + + if (wpa_auth->conf.ieee80211w == WPA_NO_IEEE80211W || + !(data.capabilities & WPA_CAPABILITY_MGMT_FRAME_PROTECTION)) + sm->mgmt_frame_prot = 0; + else + sm->mgmt_frame_prot = 1; +#endif /* CONFIG_IEEE80211W */ + + if (ciphers & WPA_CIPHER_CCMP) + sm->pairwise = WPA_CIPHER_CCMP; + else + sm->pairwise = WPA_CIPHER_TKIP; + + /* TODO: clear WPA/WPA2 state if STA changes from one to another */ + if (wpa_ie[0] == WLAN_EID_RSN) + sm->wpa = WPA_VERSION_WPA2; + else + sm->wpa = WPA_VERSION_WPA; + + for (i = 0; i < data.num_pmkid; i++) { + wpa_hexdump(MSG_DEBUG, "RSN IE: STA PMKID", + &data.pmkid[i * PMKID_LEN], PMKID_LEN); + sm->pmksa = pmksa_cache_get(wpa_auth->pmksa, sm->addr, + &data.pmkid[i * PMKID_LEN]); + if (sm->pmksa) { + wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG, + "PMKID found from PMKSA cache " + "eap_type=%d vlan_id=%d", + sm->pmksa->eap_type_authsrv, + sm->pmksa->vlan_id); + memcpy(wpa_auth->dot11RSNAPMKIDUsed, + sm->pmksa->pmkid, PMKID_LEN); + break; + } + } + + if (sm->wpa_ie == NULL || sm->wpa_ie_len < wpa_ie_len) { + free(sm->wpa_ie); + sm->wpa_ie = malloc(wpa_ie_len); + if (sm->wpa_ie == NULL) + return WPA_ALLOC_FAIL; + } + memcpy(sm->wpa_ie, wpa_ie, wpa_ie_len); + sm->wpa_ie_len = wpa_ie_len; + + return WPA_IE_OK; +} + + +struct wpa_eapol_ie_parse { + const u8 *wpa_ie; + size_t wpa_ie_len; + const u8 *rsn_ie; + size_t rsn_ie_len; + const u8 *pmkid; + const u8 *gtk; + size_t gtk_len; + const u8 *mac_addr; + size_t mac_addr_len; +#ifdef CONFIG_PEERKEY + const u8 *smk; + size_t smk_len; + const u8 *nonce; + size_t nonce_len; + const u8 *lifetime; + size_t lifetime_len; + const u8 *error; + size_t error_len; +#endif /* CONFIG_PEERKEY */ +}; + + +/** + * wpa_parse_generic - Parse EAPOL-Key Key Data Generic IEs + * @pos: Pointer to the IE header + * @end: Pointer to the end of the Key Data buffer + * @ie: Pointer to parsed IE data + * Returns: 0 on success, 1 if end mark is found, -1 on failure + */ +static int wpa_parse_generic(const u8 *pos, const u8 *end, + struct wpa_eapol_ie_parse *ie) +{ + if (pos[1] == 0) + return 1; + + if (pos[1] >= 6 && + memcmp(pos + 2, WPA_OUI_TYPE, WPA_SELECTOR_LEN) == 0 && + pos[2 + WPA_SELECTOR_LEN] == 1 && + pos[2 + WPA_SELECTOR_LEN + 1] == 0) { + ie->wpa_ie = pos; + ie->wpa_ie_len = pos[1] + 2; + return 0; + } + + if (pos + 1 + RSN_SELECTOR_LEN < end && + pos[1] >= RSN_SELECTOR_LEN + PMKID_LEN && + memcmp(pos + 2, RSN_KEY_DATA_PMKID, RSN_SELECTOR_LEN) == 0) { + ie->pmkid = pos + 2 + RSN_SELECTOR_LEN; + return 0; + } + + if (pos[1] > RSN_SELECTOR_LEN + 2 && + memcmp(pos + 2, RSN_KEY_DATA_GROUPKEY, RSN_SELECTOR_LEN) == 0) { + ie->gtk = pos + 2 + RSN_SELECTOR_LEN; + ie->gtk_len = pos[1] - RSN_SELECTOR_LEN; + return 0; + } + + if (pos[1] > RSN_SELECTOR_LEN + 2 && + memcmp(pos + 2, RSN_KEY_DATA_MAC_ADDR, RSN_SELECTOR_LEN) == 0) { + ie->mac_addr = pos + 2 + RSN_SELECTOR_LEN; + ie->mac_addr_len = pos[1] - RSN_SELECTOR_LEN; + return 0; + } + +#ifdef CONFIG_PEERKEY + if (pos[1] > RSN_SELECTOR_LEN + 2 && + memcmp(pos + 2, RSN_KEY_DATA_SMK, RSN_SELECTOR_LEN) == 0) { + ie->smk = pos + 2 + RSN_SELECTOR_LEN; + ie->smk_len = pos[1] - RSN_SELECTOR_LEN; + return 0; + } + + if (pos[1] > RSN_SELECTOR_LEN + 2 && + memcmp(pos + 2, RSN_KEY_DATA_NONCE, RSN_SELECTOR_LEN) == 0) { + ie->nonce = pos + 2 + RSN_SELECTOR_LEN; + ie->nonce_len = pos[1] - RSN_SELECTOR_LEN; + return 0; + } + + if (pos[1] > RSN_SELECTOR_LEN + 2 && + memcmp(pos + 2, RSN_KEY_DATA_LIFETIME, RSN_SELECTOR_LEN) == 0) { + ie->lifetime = pos + 2 + RSN_SELECTOR_LEN; + ie->lifetime_len = pos[1] - RSN_SELECTOR_LEN; + return 0; + } + + if (pos[1] > RSN_SELECTOR_LEN + 2 && + memcmp(pos + 2, RSN_KEY_DATA_ERROR, RSN_SELECTOR_LEN) == 0) { + ie->error = pos + 2 + RSN_SELECTOR_LEN; + ie->error_len = pos[1] - RSN_SELECTOR_LEN; + return 0; + } +#endif /* CONFIG_PEERKEY */ + + return 0; +} + + +/** + * wpa_parse_kde_ies - Parse EAPOL-Key Key Data IEs + * @buf: Pointer to the Key Data buffer + * @len: Key Data Length + * @ie: Pointer to parsed IE data + * Returns: 0 on success, -1 on failure + */ +static int wpa_parse_kde_ies(const u8 *buf, size_t len, + struct wpa_eapol_ie_parse *ie) +{ + const u8 *pos, *end; + int ret = 0; + + memset(ie, 0, sizeof(*ie)); + for (pos = buf, end = pos + len; pos + 1 < end; pos += 2 + pos[1]) { + if (pos[0] == 0xdd && + ((pos == buf + len - 1) || pos[1] == 0)) { + /* Ignore padding */ + break; + } + if (pos + 2 + pos[1] > end) { + wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key Key Data " + "underflow (ie=%d len=%d)", pos[0], pos[1]); + ret = -1; + break; + } + if (*pos == RSN_INFO_ELEM) { + ie->rsn_ie = pos; + ie->rsn_ie_len = pos[1] + 2; + } else if (*pos == GENERIC_INFO_ELEM) { + ret = wpa_parse_generic(pos, end, ie); + if (ret < 0) + break; + if (ret > 0) { + ret = 0; + break; + } + } else { + wpa_hexdump(MSG_DEBUG, "WPA: Unrecognized EAPOL-Key " + "Key Data IE", pos, 2 + pos[1]); + } + } + + return ret; +} + + +struct wpa_state_machine * +wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr) +{ + struct wpa_state_machine *sm; + + sm = wpa_zalloc(sizeof(struct wpa_state_machine)); + if (sm == NULL) + return NULL; + memcpy(sm->addr, addr, ETH_ALEN); + + sm->wpa_auth = wpa_auth; + sm->group = wpa_auth->group; + + return sm; +} + + +void wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth, + struct wpa_state_machine *sm) +{ + if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL) + return; + + if (sm->started) { + memset(sm->key_replay_counter, 0, WPA_REPLAY_COUNTER_LEN); + sm->ReAuthenticationRequest = TRUE; + wpa_sm_step(sm); + return; + } + + wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, + "start authentication"); + sm->started = 1; + + sm->Init = TRUE; + wpa_sm_step(sm); + sm->Init = FALSE; + sm->AuthenticationRequest = TRUE; + wpa_sm_step(sm); +} + + +static void wpa_free_sta_sm(struct wpa_state_machine *sm) +{ + free(sm->last_rx_eapol_key); + free(sm->wpa_ie); + free(sm); +} + + +void wpa_auth_sta_deinit(struct wpa_state_machine *sm) +{ + if (sm == NULL) + return; + + if (sm->wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) { + wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, + "strict rekeying - force GTK rekey since STA " + "is leaving"); + eloop_cancel_timeout(wpa_rekey_gtk, sm->wpa_auth, NULL); + eloop_register_timeout(0, 500000, wpa_rekey_gtk, sm->wpa_auth, + NULL); + } + + eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm); + eloop_cancel_timeout(wpa_sm_call_step, sm, NULL); + if (sm->in_step_loop) { + /* Must not free state machine while wpa_sm_step() is running. + * Freeing will be completed in the end of wpa_sm_step(). */ + wpa_printf(MSG_DEBUG, "WPA: Registering pending STA state " + "machine deinit for " MACSTR, MAC2STR(sm->addr)); + sm->pending_deinit = 1; + } else + wpa_free_sta_sm(sm); +} + + +static void wpa_request_new_ptk(struct wpa_state_machine *sm) +{ + if (sm == NULL) + return; + + sm->PTKRequest = TRUE; + sm->PTK_valid = 0; +} + + +#ifdef CONFIG_PEERKEY +static void wpa_stsl_step(void *eloop_ctx, void *timeout_ctx) +{ +#if 0 + struct wpa_authenticator *wpa_auth = eloop_ctx; + struct wpa_stsl_negotiation *neg = timeout_ctx; +#endif + + /* TODO: ? */ +} + + +struct wpa_stsl_search { + const u8 *addr; + struct wpa_state_machine *sm; +}; + + +static int wpa_stsl_select_sta(struct wpa_state_machine *sm, void *ctx) +{ + struct wpa_stsl_search *search = ctx; + if (memcmp(search->addr, sm->addr, ETH_ALEN) == 0) { + search->sm = sm; + return 1; + } + return 0; +} + + +static void wpa_smk_send_error(struct wpa_authenticator *wpa_auth, + struct wpa_state_machine *sm, const u8 *peer, + u16 mui, u16 error_type) +{ + u8 kde[2 + RSN_SELECTOR_LEN + ETH_ALEN + + 2 + RSN_SELECTOR_LEN + sizeof(struct rsn_error_kde)]; + size_t kde_len; + u8 *pos; + struct rsn_error_kde error; + + wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, + "Sending SMK Error"); + + kde_len = 2 + RSN_SELECTOR_LEN + sizeof(struct rsn_error_kde); + pos = kde; + + if (peer) { + pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peer, ETH_ALEN, + NULL, 0); + kde_len += 2 + RSN_SELECTOR_LEN + ETH_ALEN; + } + + error.mui = host_to_be16(mui); + error.error_type = host_to_be16(error_type); + pos = wpa_add_kde(pos, RSN_KEY_DATA_ERROR, + (u8 *) &error, sizeof(error), NULL, 0); + + __wpa_send_eapol(wpa_auth, sm, + WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC | + WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_ERROR, + NULL, NULL, kde, kde_len, 0, 0, 0); +} + + +static void wpa_smk_m1(struct wpa_authenticator *wpa_auth, + struct wpa_state_machine *sm, + struct wpa_eapol_key *key) +{ + struct wpa_eapol_ie_parse kde; + struct wpa_stsl_search search; + u8 *buf, *pos; + size_t buf_len; + + if (wpa_parse_kde_ies((const u8 *) (key + 1), + ntohs(key->key_data_length), &kde) < 0) { + wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK M1"); + return; + } + + if (kde.rsn_ie == NULL || kde.mac_addr == NULL || + kde.mac_addr_len < ETH_ALEN) { + wpa_printf(MSG_INFO, "RSN: No RSN IE or MAC address KDE in " + "SMK M1"); + return; + } + + /* Initiator = sm->addr; Peer = kde.mac_addr */ + + search.addr = kde.mac_addr; + search.sm = NULL; + if (wpa_auth_for_each_sta(wpa_auth, wpa_stsl_select_sta, &search) == + 0 || search.sm == NULL) { + wpa_printf(MSG_DEBUG, "RSN: SMK handshake with " MACSTR + " aborted - STA not associated anymore", + MAC2STR(kde.mac_addr)); + wpa_smk_send_error(wpa_auth, sm, kde.mac_addr, STK_MUI_SMK, + STK_ERR_STA_NR); + /* FIX: wpa_stsl_remove(wpa_auth, neg); */ + return; + } + + buf_len = kde.rsn_ie_len + 2 + RSN_SELECTOR_LEN + ETH_ALEN; + buf = malloc(buf_len); + if (buf == NULL) + return; + /* Initiator RSN IE */ + memcpy(buf, kde.rsn_ie, kde.rsn_ie_len); + pos = buf + kde.rsn_ie_len; + /* Initiator MAC Address */ + pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, sm->addr, ETH_ALEN, + NULL, 0); + + /* SMK M2: + * EAPOL-Key(S=1, M=1, A=1, I=0, K=0, SM=1, KeyRSC=0, Nonce=INonce, + * MIC=MIC, DataKDs=(RSNIE_I, MAC_I KDE) + */ + + wpa_auth_logger(wpa_auth, search.sm->addr, LOGGER_DEBUG, + "Sending SMK M2"); + + __wpa_send_eapol(wpa_auth, search.sm, + WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC | + WPA_KEY_INFO_ACK | WPA_KEY_INFO_SMK_MESSAGE, + NULL, key->key_nonce, buf, buf_len, 0, 0, 0); + + free(buf); + +} + + +static void wpa_send_smk_m4(struct wpa_authenticator *wpa_auth, + struct wpa_state_machine *sm, + struct wpa_eapol_key *key, + struct wpa_eapol_ie_parse *kde, + const u8 *smk) +{ + u8 *buf, *pos; + size_t buf_len; + u32 lifetime; + + /* SMK M4: + * EAPOL-Key(S=1, M=1, A=0, I=1, K=0, SM=1, KeyRSC=0, Nonce=PNonce, + * MIC=MIC, DataKDs=(MAC_I KDE, INonce KDE, SMK KDE, + * Lifetime KDE) + */ + + buf_len = 2 + RSN_SELECTOR_LEN + ETH_ALEN + + 2 + RSN_SELECTOR_LEN + WPA_NONCE_LEN + + 2 + RSN_SELECTOR_LEN + WPA_PMK_LEN + WPA_NONCE_LEN + + 2 + RSN_SELECTOR_LEN + sizeof(lifetime); + pos = buf = malloc(buf_len); + if (buf == NULL) + return; + + /* Initiator MAC Address */ + pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, kde->mac_addr, ETH_ALEN, + NULL, 0); + + /* Initiator Nonce */ + pos = wpa_add_kde(pos, RSN_KEY_DATA_NONCE, kde->nonce, WPA_NONCE_LEN, + NULL, 0); + + /* SMK with PNonce */ + pos = wpa_add_kde(pos, RSN_KEY_DATA_SMK, smk, WPA_PMK_LEN, + key->key_nonce, WPA_NONCE_LEN); + + /* Lifetime */ + lifetime = htonl(43200); /* dot11RSNAConfigSMKLifetime */ + pos = wpa_add_kde(pos, RSN_KEY_DATA_LIFETIME, + (u8 *) &lifetime, sizeof(lifetime), NULL, 0); + + wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, + "Sending SMK M4"); + + __wpa_send_eapol(wpa_auth, sm, + WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC | + WPA_KEY_INFO_INSTALL | WPA_KEY_INFO_SMK_MESSAGE, + NULL, key->key_nonce, buf, buf_len, 0, 1, 0); + + free(buf); +} + + +static void wpa_send_smk_m5(struct wpa_authenticator *wpa_auth, + struct wpa_state_machine *sm, + struct wpa_eapol_key *key, + struct wpa_eapol_ie_parse *kde, + const u8 *smk, const u8 *peer) +{ + u8 *buf, *pos; + size_t buf_len; + u32 lifetime; + + /* SMK M5: + * EAPOL-Key(S=1, M=1, A=0, I=0, K=0, SM=1, KeyRSC=0, Nonce=INonce, + * MIC=MIC, DataKDs=(RSNIE_P, MAC_P KDE, PNonce, SMK KDE, + * Lifetime KDE)) + */ + + buf_len = kde->rsn_ie_len + + 2 + RSN_SELECTOR_LEN + ETH_ALEN + + 2 + RSN_SELECTOR_LEN + WPA_NONCE_LEN + + 2 + RSN_SELECTOR_LEN + WPA_PMK_LEN + WPA_NONCE_LEN + + 2 + RSN_SELECTOR_LEN + sizeof(lifetime); + pos = buf = malloc(buf_len); + if (buf == NULL) + return; + + /* Peer RSN IE */ + memcpy(buf, kde->rsn_ie, kde->rsn_ie_len); + pos = buf + kde->rsn_ie_len; + + /* Peer MAC Address */ + pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peer, ETH_ALEN, NULL, 0); + + /* PNonce */ + pos = wpa_add_kde(pos, RSN_KEY_DATA_NONCE, key->key_nonce, + WPA_NONCE_LEN, NULL, 0); + + /* SMK and INonce */ + pos = wpa_add_kde(pos, RSN_KEY_DATA_SMK, smk, WPA_PMK_LEN, + kde->nonce, WPA_NONCE_LEN); + + /* Lifetime */ + lifetime = htonl(43200); /* dot11RSNAConfigSMKLifetime */ + pos = wpa_add_kde(pos, RSN_KEY_DATA_LIFETIME, + (u8 *) &lifetime, sizeof(lifetime), NULL, 0); + + wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, + "Sending SMK M5"); + + __wpa_send_eapol(wpa_auth, sm, + WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC | + WPA_KEY_INFO_SMK_MESSAGE, + NULL, kde->nonce, buf, buf_len, 0, 1, 0); + + free(buf); +} + + +static void wpa_smk_m3(struct wpa_authenticator *wpa_auth, + struct wpa_state_machine *sm, + struct wpa_eapol_key *key) +{ + struct wpa_eapol_ie_parse kde; + struct wpa_stsl_search search; + u8 smk[32], buf[ETH_ALEN + 8 + 2 * WPA_NONCE_LEN], *pos; + + if (wpa_parse_kde_ies((const u8 *) (key + 1), + ntohs(key->key_data_length), &kde) < 0) { + wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK M3"); + return; + } + + if (kde.rsn_ie == NULL || + kde.mac_addr == NULL || kde.mac_addr_len < ETH_ALEN || + kde.nonce == NULL || kde.nonce_len < WPA_NONCE_LEN) { + wpa_printf(MSG_INFO, "RSN: No RSN IE, MAC address KDE, or " + "Nonce KDE in SMK M3"); + return; + } + + /* Peer = sm->addr; Initiator = kde.mac_addr; + * Peer Nonce = key->key_nonce; Initiator Nonce = kde.nonce */ + + search.addr = kde.mac_addr; + search.sm = NULL; + if (wpa_auth_for_each_sta(wpa_auth, wpa_stsl_select_sta, &search) == + 0 || search.sm == NULL) { + wpa_printf(MSG_DEBUG, "RSN: SMK handshake with " MACSTR + " aborted - STA not associated anymore", + MAC2STR(kde.mac_addr)); + wpa_smk_send_error(wpa_auth, sm, kde.mac_addr, STK_MUI_SMK, + STK_ERR_STA_NR); + /* FIX: wpa_stsl_remove(wpa_auth, neg); */ + return; + } + + if (hostapd_get_rand(smk, WPA_PMK_LEN)) { + wpa_printf(MSG_DEBUG, "RSN: Failed to generate SMK"); + return; + } + + /* SMK = PRF-256(Random number, "SMK Derivation", + * AA || Time || INonce || PNonce) + */ + memcpy(buf, wpa_auth->addr, ETH_ALEN); + pos = buf + ETH_ALEN; + wpa_get_ntp_timestamp(pos); + pos += 8; + memcpy(pos, kde.nonce, WPA_NONCE_LEN); + pos += WPA_NONCE_LEN; + memcpy(pos, key->key_nonce, WPA_NONCE_LEN); + sha1_prf(smk, WPA_PMK_LEN, "SMK Derivation", buf, sizeof(buf), + smk, WPA_PMK_LEN); + + wpa_hexdump_key(MSG_DEBUG, "RSN: SMK", smk, WPA_PMK_LEN); + + wpa_send_smk_m4(wpa_auth, sm, key, &kde, smk); + wpa_send_smk_m5(wpa_auth, search.sm, key, &kde, smk, sm->addr); + + /* Authenticator does not need SMK anymore and it is required to forget + * it. */ + memset(smk, 0, sizeof(*smk)); +} + + +static void wpa_smk_error(struct wpa_authenticator *wpa_auth, + struct wpa_state_machine *sm, + struct wpa_eapol_key *key) +{ + struct wpa_eapol_ie_parse kde; + struct wpa_stsl_search search; + struct rsn_error_kde error; + u16 mui, error_type; + + if (wpa_parse_kde_ies((const u8 *) (key + 1), + ntohs(key->key_data_length), &kde) < 0) { + wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK Error"); + return; + } + + if (kde.mac_addr == NULL || kde.mac_addr_len < ETH_ALEN || + kde.error == NULL || kde.error_len < sizeof(error)) { + wpa_printf(MSG_INFO, "RSN: No MAC address or Error KDE in " + "SMK Error"); + return; + } + + search.addr = kde.mac_addr; + search.sm = NULL; + if (wpa_auth_for_each_sta(wpa_auth, wpa_stsl_select_sta, &search) == + 0 || search.sm == NULL) { + wpa_printf(MSG_DEBUG, "RSN: Peer STA " MACSTR " not " + "associated for SMK Error message from " MACSTR, + MAC2STR(kde.mac_addr), MAC2STR(sm->addr)); + return; + } + + memcpy(&error, kde.error, sizeof(error)); + mui = be_to_host16(error.mui); + error_type = be_to_host16(error.error_type); + wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO, + "STA reported SMK Error: Peer " MACSTR + " MUI %d Error Type %d", + MAC2STR(kde.mac_addr), mui, error_type); + + wpa_smk_send_error(wpa_auth, search.sm, sm->addr, mui, error_type); +} +#endif /* CONFIG_PEERKEY */ + + +static int wpa_stsl_remove(struct wpa_authenticator *wpa_auth, + struct wpa_stsl_negotiation *neg) +{ +#ifdef CONFIG_PEERKEY + struct wpa_stsl_negotiation *pos, *prev; + + if (wpa_auth == NULL) + return -1; + pos = wpa_auth->stsl_negotiations; + prev = NULL; + while (pos) { + if (pos == neg) { + if (prev) + prev->next = pos->next; + else + wpa_auth->stsl_negotiations = pos->next; + + eloop_cancel_timeout(wpa_stsl_step, wpa_auth, pos); + free(pos); + return 0; + } + prev = pos; + pos = pos->next; + } +#endif /* CONFIG_PEERKEY */ + + return -1; +} + + +void wpa_receive(struct wpa_authenticator *wpa_auth, + struct wpa_state_machine *sm, + u8 *data, size_t data_len) +{ + struct ieee802_1x_hdr *hdr; + struct wpa_eapol_key *key; + u16 key_info, key_data_length; + enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST, + SMK_M1, SMK_M3, SMK_ERROR } msg; + char *msgtxt; + struct wpa_eapol_ie_parse kde; + + if (wpa_auth == NULL || !wpa_auth->conf.wpa || sm == NULL) + return; + + if (data_len < sizeof(*hdr) + sizeof(*key)) + return; + + hdr = (struct ieee802_1x_hdr *) data; + key = (struct wpa_eapol_key *) (hdr + 1); + key_info = ntohs(key->key_info); + key_data_length = ntohs(key->key_data_length); + if (key_data_length > data_len - sizeof(*hdr) - sizeof(*key)) { + wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - " + "key_data overflow (%d > %lu)", + key_data_length, + (unsigned long) (data_len - sizeof(*hdr) - + sizeof(*key))); + return; + } + + /* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys + * are set */ + + if ((key_info & (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) == + (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) { + if (key_info & WPA_KEY_INFO_ERROR) { + msg = SMK_ERROR; + msgtxt = "SMK Error"; + } else { + msg = SMK_M1; + msgtxt = "SMK M1"; + } + } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) { + msg = SMK_M3; + msgtxt = "SMK M3"; + } else if (key_info & WPA_KEY_INFO_REQUEST) { + msg = REQUEST; + msgtxt = "Request"; + } else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) { + msg = GROUP_2; + msgtxt = "2/2 Group"; + } else if (key_data_length == 0) { + msg = PAIRWISE_4; + msgtxt = "4/4 Pairwise"; + } else { + msg = PAIRWISE_2; + msgtxt = "2/4 Pairwise"; + } + + if (key_info & WPA_KEY_INFO_REQUEST) { + if (sm->req_replay_counter_used && + memcmp(key->replay_counter, sm->req_replay_counter, + WPA_REPLAY_COUNTER_LEN) <= 0) { + wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING, + "received EAPOL-Key request with " + "replayed counter"); + return; + } + } + + if (!(key_info & WPA_KEY_INFO_REQUEST) && + (!sm->key_replay_counter_valid || + memcmp(key->replay_counter, sm->key_replay_counter, + WPA_REPLAY_COUNTER_LEN) != 0)) { + wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO, + "received EAPOL-Key %s with unexpected " + "replay counter", msgtxt); + wpa_hexdump(MSG_DEBUG, "expected replay counter", + sm->key_replay_counter, WPA_REPLAY_COUNTER_LEN); + wpa_hexdump(MSG_DEBUG, "received replay counter", + key->replay_counter, WPA_REPLAY_COUNTER_LEN); + return; + } + + switch (msg) { + case PAIRWISE_2: + if (sm->wpa_ptk_state != WPA_PTK_PTKSTART && + sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING) { + wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO, + "received EAPOL-Key msg 2/4 in " + "invalid state (%d) - dropped", + sm->wpa_ptk_state); + return; + } + if (sm->wpa_ie == NULL || + sm->wpa_ie_len != key_data_length || + memcmp(sm->wpa_ie, key + 1, key_data_length) != 0) { + wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, + "WPA IE from (Re)AssocReq did not " + "match with msg 2/4"); + if (sm->wpa_ie) { + wpa_hexdump(MSG_DEBUG, "WPA IE in AssocReq", + sm->wpa_ie, sm->wpa_ie_len); + } + wpa_hexdump(MSG_DEBUG, "WPA IE in msg 2/4", + (u8 *) (key + 1), key_data_length); + /* MLME-DEAUTHENTICATE.request */ + wpa_sta_disconnect(wpa_auth, sm->addr); + return; + } + break; + case PAIRWISE_4: + if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING || + !sm->PTK_valid) { + wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO, + "received EAPOL-Key msg 4/4 in " + "invalid state (%d) - dropped", + sm->wpa_ptk_state); + return; + } + break; + case GROUP_2: + if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING + || !sm->PTK_valid) { + wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO, + "received EAPOL-Key msg 2/2 in " + "invalid state (%d) - dropped", + sm->wpa_ptk_group_state); + return; + } + break; +#ifdef CONFIG_PEERKEY + case SMK_M1: + case SMK_M3: + case SMK_ERROR: + if (!wpa_auth->conf.peerkey) { + wpa_printf(MSG_DEBUG, "RSN: SMK M1/M3/Error, but " + "PeerKey use disabled - ignoring message"); + return; + } + if (!sm->PTK_valid) { + wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, + "received EAPOL-Key msg SMK in " + "invalid state - dropped"); + return; + } + break; +#else /* CONFIG_PEERKEY */ + case SMK_M1: + case SMK_M3: + case SMK_ERROR: + return; /* STSL disabled - ignore SMK messages */ +#endif /* CONFIG_PEERKEY */ + case REQUEST: + break; + } + + wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG, + "received EAPOL-Key frame (%s)", msgtxt); + + if (key_info & WPA_KEY_INFO_ACK) { + wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, + "received invalid EAPOL-Key: Key Ack set"); + return; + } + + if (!(key_info & WPA_KEY_INFO_MIC)) { + wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, + "received invalid EAPOL-Key: Key MIC not set"); + return; + } + + sm->MICVerified = FALSE; + if (sm->PTK_valid) { + if (wpa_verify_key_mic(&sm->PTK, data, data_len)) { + wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, + "received EAPOL-Key with invalid MIC"); + return; + } + sm->MICVerified = TRUE; + eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm); + } + + if (key_info & WPA_KEY_INFO_REQUEST) { + if (sm->MICVerified) { + sm->req_replay_counter_used = 1; + memcpy(sm->req_replay_counter, key->replay_counter, + WPA_REPLAY_COUNTER_LEN); + } else { + wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, + "received EAPOL-Key request with " + "invalid MIC"); + return; + } + + /* + * TODO: should decrypt key data field if encryption was used; + * even though MAC address KDE is not normally encrypted, + * supplicant is allowed to encrypt it. + */ + if (msg == SMK_ERROR) { +#ifdef CONFIG_PEERKEY + wpa_smk_error(wpa_auth, sm, key); +#endif /* CONFIG_PEERKEY */ + return; + } else if (key_info & WPA_KEY_INFO_ERROR) { + /* Supplicant reported a Michael MIC error */ + wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, + "received EAPOL-Key Error Request " + "(STA detected Michael MIC failure)"); + wpa_auth_mic_failure_report(wpa_auth, sm->addr); + sm->dot11RSNAStatsTKIPRemoteMICFailures++; + wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++; + /* Error report is not a request for a new key + * handshake, but since Authenticator may do it, let's + * change the keys now anyway. */ + wpa_request_new_ptk(sm); + } else if (key_info & WPA_KEY_INFO_KEY_TYPE) { + wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, + "received EAPOL-Key Request for new " + "4-Way Handshake"); + wpa_request_new_ptk(sm); +#ifdef CONFIG_PEERKEY + } else if (msg == SMK_M1) { + wpa_smk_m1(wpa_auth, sm, key); +#endif /* CONFIG_PEERKEY */ + } else if (key_data_length > 0 && + wpa_parse_kde_ies((const u8 *) (key + 1), + key_data_length, &kde) == 0 && + kde.mac_addr) { + } else { + wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, + "received EAPOL-Key Request for GTK " + "rekeying"); + /* FIX: why was this triggering PTK rekeying for the + * STA that requested Group Key rekeying?? */ + /* wpa_request_new_ptk(sta->wpa_sm); */ + eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL); + wpa_rekey_gtk(wpa_auth, NULL); + } + } else { + /* Do not allow the same key replay counter to be reused. */ + sm->key_replay_counter_valid = FALSE; + } + +#ifdef CONFIG_PEERKEY + if (msg == SMK_M3) { + wpa_smk_m3(wpa_auth, sm, key); + return; + } +#endif /* CONFIG_PEERKEY */ + + free(sm->last_rx_eapol_key); + sm->last_rx_eapol_key = malloc(data_len); + if (sm->last_rx_eapol_key == NULL) + return; + memcpy(sm->last_rx_eapol_key, data, data_len); + sm->last_rx_eapol_key_len = data_len; + + sm->EAPOLKeyReceived = TRUE; + sm->EAPOLKeyPairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE); + sm->EAPOLKeyRequest = !!(key_info & WPA_KEY_INFO_REQUEST); + memcpy(sm->SNonce, key->key_nonce, WPA_NONCE_LEN); + wpa_sm_step(sm); +} + + +static void wpa_pmk_to_ptk(const u8 *pmk, const u8 *addr1, const u8 *addr2, + const u8 *nonce1, const u8 *nonce2, + u8 *ptk, size_t ptk_len) +{ + u8 data[2 * ETH_ALEN + 2 * WPA_NONCE_LEN]; + + /* PTK = PRF-X(PMK, "Pairwise key expansion", + * Min(AA, SA) || Max(AA, SA) || + * Min(ANonce, SNonce) || Max(ANonce, SNonce)) */ + + if (memcmp(addr1, addr2, ETH_ALEN) < 0) { + memcpy(data, addr1, ETH_ALEN); + memcpy(data + ETH_ALEN, addr2, ETH_ALEN); + } else { + memcpy(data, addr2, ETH_ALEN); + memcpy(data + ETH_ALEN, addr1, ETH_ALEN); + } + + if (memcmp(nonce1, nonce2, WPA_NONCE_LEN) < 0) { + memcpy(data + 2 * ETH_ALEN, nonce1, WPA_NONCE_LEN); + memcpy(data + 2 * ETH_ALEN + WPA_NONCE_LEN, nonce2, + WPA_NONCE_LEN); + } else { + memcpy(data + 2 * ETH_ALEN, nonce2, WPA_NONCE_LEN); + memcpy(data + 2 * ETH_ALEN + WPA_NONCE_LEN, nonce1, + WPA_NONCE_LEN); + } + + sha1_prf(pmk, WPA_PMK_LEN, "Pairwise key expansion", + data, sizeof(data), ptk, ptk_len); + + wpa_hexdump_key(MSG_DEBUG, "PMK", pmk, WPA_PMK_LEN); + wpa_hexdump_key(MSG_DEBUG, "PTK", ptk, ptk_len); +} + + +static void wpa_gmk_to_gtk(const u8 *gmk, const u8 *addr, const u8 *gnonce, + u8 *gtk, size_t gtk_len) +{ + u8 data[ETH_ALEN + WPA_NONCE_LEN]; + + /* GTK = PRF-X(GMK, "Group key expansion", AA || GNonce) */ + memcpy(data, addr, ETH_ALEN); + memcpy(data + ETH_ALEN, gnonce, WPA_NONCE_LEN); + + sha1_prf(gmk, WPA_GMK_LEN, "Group key expansion", + data, sizeof(data), gtk, gtk_len); + + wpa_hexdump_key(MSG_DEBUG, "GMK", gmk, WPA_GMK_LEN); + wpa_hexdump_key(MSG_DEBUG, "GTK", gtk, gtk_len); +} + + +static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx) +{ + struct wpa_authenticator *wpa_auth = eloop_ctx; + struct wpa_state_machine *sm = timeout_ctx; + + wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "EAPOL-Key timeout"); + sm->TimeoutEvt = TRUE; + wpa_sm_step(sm); +} + + +static int wpa_calc_eapol_key_mic(int ver, u8 *key, u8 *data, size_t len, + u8 *mic) +{ + u8 hash[SHA1_MAC_LEN]; + + switch (ver) { + case WPA_KEY_INFO_TYPE_HMAC_MD5_RC4: + hmac_md5(key, 16, data, len, mic); + break; + case WPA_KEY_INFO_TYPE_HMAC_SHA1_AES: + hmac_sha1(key, 16, data, len, hash); + memcpy(mic, hash, MD5_MAC_LEN); + break; + default: + return -1; + } + return 0; +} + + +static void __wpa_send_eapol(struct wpa_authenticator *wpa_auth, + struct wpa_state_machine *sm, int key_info, + const u8 *key_rsc, const u8 *nonce, + const u8 *kde, size_t kde_len, + int keyidx, int encr, int force_version) +{ + struct ieee802_1x_hdr *hdr; + struct wpa_eapol_key *key; + size_t len; + int alg; + int key_data_len, pad_len = 0; + u8 *buf, *pos; + int version, pairwise; + + len = sizeof(struct ieee802_1x_hdr) + sizeof(struct wpa_eapol_key); + + if (force_version) + version = force_version; + else if (sm->pairwise == WPA_CIPHER_CCMP) + version = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES; + else + version = WPA_KEY_INFO_TYPE_HMAC_MD5_RC4; + + pairwise = key_info & WPA_KEY_INFO_KEY_TYPE; + + wpa_printf(MSG_DEBUG, "WPA: Send EAPOL(secure=%d mic=%d ack=%d " + "install=%d pairwise=%d kde_len=%lu keyidx=%d encr=%d)", + (key_info & WPA_KEY_INFO_SECURE) ? 1 : 0, + (key_info & WPA_KEY_INFO_MIC) ? 1 : 0, + (key_info & WPA_KEY_INFO_ACK) ? 1 : 0, + (key_info & WPA_KEY_INFO_INSTALL) ? 1 : 0, + pairwise, (unsigned long) kde_len, keyidx, encr); + + key_data_len = kde_len; + + if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES && encr) { + pad_len = key_data_len % 8; + if (pad_len) + pad_len = 8 - pad_len; + key_data_len += pad_len + 8; + } + + len += key_data_len; + + hdr = wpa_zalloc(len); + if (hdr == NULL) + return; + hdr->version = wpa_auth->conf.eapol_version; + hdr->type = IEEE802_1X_TYPE_EAPOL_KEY; + hdr->length = htons(len - sizeof(*hdr)); + key = (struct wpa_eapol_key *) (hdr + 1); + + key->type = sm->wpa == WPA_VERSION_WPA2 ? + EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA; + key_info |= version; + if (encr && sm->wpa == WPA_VERSION_WPA2) + key_info |= WPA_KEY_INFO_ENCR_KEY_DATA; + if (sm->wpa != WPA_VERSION_WPA2) + key_info |= keyidx << WPA_KEY_INFO_KEY_INDEX_SHIFT; + key->key_info = htons(key_info); + + alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group; + switch (alg) { + case WPA_CIPHER_CCMP: + key->key_length = htons(16); + break; + case WPA_CIPHER_TKIP: + key->key_length = htons(32); + break; + case WPA_CIPHER_WEP40: + key->key_length = htons(5); + break; + case WPA_CIPHER_WEP104: + key->key_length = htons(13); + break; + } + if (key_info & WPA_KEY_INFO_SMK_MESSAGE) + key->key_length = htons(0); + + /* FIX: STSL: what to use as key_replay_counter? */ + inc_byte_array(sm->key_replay_counter, WPA_REPLAY_COUNTER_LEN); + memcpy(key->replay_counter, sm->key_replay_counter, + WPA_REPLAY_COUNTER_LEN); + sm->key_replay_counter_valid = TRUE; + + if (nonce) + memcpy(key->key_nonce, nonce, WPA_NONCE_LEN); + + if (key_rsc) + memcpy(key->key_rsc, key_rsc, WPA_KEY_RSC_LEN); + + if (kde && !encr) { + memcpy(key + 1, kde, kde_len); + key->key_data_length = htons(kde_len); + } else if (encr && kde) { + buf = wpa_zalloc(key_data_len); + if (buf == NULL) { + free(hdr); + return; + } + pos = buf; + memcpy(pos, kde, kde_len); + pos += kde_len; + + if (pad_len) + *pos++ = 0xdd; + + wpa_hexdump_key(MSG_DEBUG, "Plaintext EAPOL-Key Key Data", + buf, key_data_len); + if (version == WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { + aes_wrap(sm->PTK.encr_key, (key_data_len - 8) / 8, buf, + (u8 *) (key + 1)); + key->key_data_length = htons(key_data_len); + } else { + u8 ek[32]; + memcpy(key->key_iv, + sm->group->Counter + WPA_NONCE_LEN - 16, 16); + inc_byte_array(sm->group->Counter, WPA_NONCE_LEN); + memcpy(ek, key->key_iv, 16); + memcpy(ek + 16, sm->PTK.encr_key, 16); + memcpy(key + 1, buf, key_data_len); + rc4_skip(ek, 32, 256, (u8 *) (key + 1), key_data_len); + key->key_data_length = htons(key_data_len); + } + free(buf); + } + + if (key_info & WPA_KEY_INFO_MIC) { + if (!sm->PTK_valid) { + wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, + "PTK not valid when sending EAPOL-Key " + "frame"); + free(hdr); + return; + } + wpa_calc_eapol_key_mic(version, + sm->PTK.mic_key, (u8 *) hdr, len, + key->key_mic); + } + + wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_inc_EapolFramesTx, + 1); + wpa_auth_send_eapol(wpa_auth, sm->addr, (u8 *) hdr, len, + sm->pairwise_set); + free(hdr); +} + + +static void wpa_send_eapol(struct wpa_authenticator *wpa_auth, + struct wpa_state_machine *sm, int key_info, + const u8 *key_rsc, const u8 *nonce, + const u8 *kde, size_t kde_len, + int keyidx, int encr) +{ + int timeout_ms; + int pairwise = key_info & WPA_KEY_INFO_KEY_TYPE; + + if (sm == NULL) + return; + + __wpa_send_eapol(wpa_auth, sm, key_info, key_rsc, nonce, kde, kde_len, + keyidx, encr, 0); + + timeout_ms = pairwise ? dot11RSNAConfigPairwiseUpdateTimeOut : + dot11RSNAConfigGroupUpdateTimeOut; + eloop_register_timeout(timeout_ms / 1000, (timeout_ms % 1000) * 1000, + wpa_send_eapol_timeout, wpa_auth, sm); +} + + +static int wpa_verify_key_mic(struct wpa_ptk *PTK, u8 *data, size_t data_len) +{ + struct ieee802_1x_hdr *hdr; + struct wpa_eapol_key *key; + u16 key_info; + int ret = 0; + u8 mic[16]; + + if (data_len < sizeof(*hdr) + sizeof(*key)) + return -1; + + hdr = (struct ieee802_1x_hdr *) data; + key = (struct wpa_eapol_key *) (hdr + 1); + key_info = ntohs(key->key_info); + memcpy(mic, key->key_mic, 16); + memset(key->key_mic, 0, 16); + if (wpa_calc_eapol_key_mic(key_info & WPA_KEY_INFO_TYPE_MASK, + PTK->mic_key, data, data_len, key->key_mic) + || memcmp(mic, key->key_mic, 16) != 0) + ret = -1; + memcpy(key->key_mic, mic, 16); + return ret; +} + + +void wpa_remove_ptk(struct wpa_state_machine *sm) +{ + sm->PTK_valid = FALSE; + memset(&sm->PTK, 0, sizeof(sm->PTK)); + wpa_auth_set_key(sm->wpa_auth, 0, "none", sm->addr, 0, (u8 *) "", 0); + sm->pairwise_set = FALSE; +} + + +void wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event) +{ + if (sm == NULL) + return; + + wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, + "event %d notification", event); + + switch (event) { + case WPA_AUTH: + case WPA_ASSOC: + break; + case WPA_DEAUTH: + case WPA_DISASSOC: + sm->DeauthenticationRequest = TRUE; + break; + case WPA_REAUTH: + case WPA_REAUTH_EAPOL: + sm->ReAuthenticationRequest = TRUE; + break; + } + + sm->PTK_valid = FALSE; + memset(&sm->PTK, 0, sizeof(sm->PTK)); + + if (event != WPA_REAUTH_EAPOL) + wpa_remove_ptk(sm); + + wpa_sm_step(sm); +} + + +static const char * wpa_alg_txt(int alg) +{ + switch (alg) { + case WPA_CIPHER_CCMP: + return "CCMP"; + case WPA_CIPHER_TKIP: + return "TKIP"; + case WPA_CIPHER_WEP104: + case WPA_CIPHER_WEP40: + return "WEP"; + default: + return ""; + } +} + + +SM_STATE(WPA_PTK, INITIALIZE) +{ + SM_ENTRY_MA(WPA_PTK, INITIALIZE, wpa_ptk); + if (sm->Init) { + /* Init flag is not cleared here, so avoid busy + * loop by claiming nothing changed. */ + sm->changed = FALSE; + } + + sm->keycount = 0; + if (sm->GUpdateStationKeys) + sm->group->GKeyDoneStations--; + sm->GUpdateStationKeys = FALSE; + if (sm->wpa == WPA_VERSION_WPA) + sm->PInitAKeys = FALSE; + if (1 /* Unicast cipher supported AND (ESS OR ((IBSS or WDS) and + * Local AA > Remote AA)) */) { + sm->Pair = TRUE; + } + wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 0); + wpa_remove_ptk(sm); + wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, 0); + sm->TimeoutCtr = 0; + if (sm->wpa_key_mgmt == WPA_KEY_MGMT_PSK) { + wpa_auth_set_eapol(sm->wpa_auth, sm->addr, + WPA_EAPOL_authorized, 0); + } +} + + +SM_STATE(WPA_PTK, DISCONNECT) +{ + SM_ENTRY_MA(WPA_PTK, DISCONNECT, wpa_ptk); + sm->Disconnect = FALSE; + wpa_sta_disconnect(sm->wpa_auth, sm->addr); +} + + +SM_STATE(WPA_PTK, DISCONNECTED) +{ + SM_ENTRY_MA(WPA_PTK, DISCONNECTED, wpa_ptk); + if (sm->sta_counted) { + sm->group->GNoStations--; + sm->sta_counted = 0; + } else { + wpa_printf(MSG_DEBUG, "WPA: WPA_PTK::DISCONNECTED - did not " + "decrease GNoStations (STA " MACSTR ")", + MAC2STR(sm->addr)); + } + sm->DeauthenticationRequest = FALSE; +} + + +SM_STATE(WPA_PTK, AUTHENTICATION) +{ + SM_ENTRY_MA(WPA_PTK, AUTHENTICATION, wpa_ptk); + if (!sm->sta_counted) { + sm->group->GNoStations++; + sm->sta_counted = 1; + } else { + wpa_printf(MSG_DEBUG, "WPA: WPA_PTK::DISCONNECTED - did not " + "increase GNoStations (STA " MACSTR ")", + MAC2STR(sm->addr)); + } + memset(&sm->PTK, 0, sizeof(sm->PTK)); + sm->PTK_valid = FALSE; + wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portControl_Auto, + 1); + wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portEnabled, 1); + sm->AuthenticationRequest = FALSE; +} + + +SM_STATE(WPA_PTK, AUTHENTICATION2) +{ + SM_ENTRY_MA(WPA_PTK, AUTHENTICATION2, wpa_ptk); + memcpy(sm->ANonce, sm->group->Counter, WPA_NONCE_LEN); + inc_byte_array(sm->group->Counter, WPA_NONCE_LEN); + sm->ReAuthenticationRequest = FALSE; + /* IEEE 802.11i does not clear TimeoutCtr here, but this is more + * logical place than INITIALIZE since AUTHENTICATION2 can be + * re-entered on ReAuthenticationRequest without going through + * INITIALIZE. */ + sm->TimeoutCtr = 0; +} + + +SM_STATE(WPA_PTK, INITPMK) +{ + size_t len = WPA_PMK_LEN; + + SM_ENTRY_MA(WPA_PTK, INITPMK, wpa_ptk); + if (sm->pmksa) { + wpa_printf(MSG_DEBUG, "WPA: PMK from PMKSA cache"); + memcpy(sm->PMK, sm->pmksa->pmk, WPA_PMK_LEN); + } else if (wpa_auth_get_pmk(sm->wpa_auth, sm->addr, sm->PMK, &len) == + 0) { + wpa_printf(MSG_DEBUG, "WPA: PMK from EAPOL state machine " + "(len=%lu)", (unsigned long) len); + } else { + wpa_printf(MSG_DEBUG, "WPA: Could not get PMK"); + } + + sm->req_replay_counter_used = 0; + /* IEEE 802.11i does not set keyRun to FALSE, but not doing this + * will break reauthentication since EAPOL state machines may not be + * get into AUTHENTICATING state that clears keyRun before WPA state + * machine enters AUTHENTICATION2 state and goes immediately to INITPMK + * state and takes PMK from the previously used AAA Key. This will + * eventually fail in 4-Way Handshake because Supplicant uses PMK + * derived from the new AAA Key. Setting keyRun = FALSE here seems to + * be good workaround for this issue. */ + wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyRun, 0); +} + + +SM_STATE(WPA_PTK, INITPSK) +{ + const u8 *psk; + SM_ENTRY_MA(WPA_PTK, INITPSK, wpa_ptk); + psk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL); + if (psk) + memcpy(sm->PMK, psk, WPA_PMK_LEN); + sm->req_replay_counter_used = 0; +} + + +SM_STATE(WPA_PTK, PTKSTART) +{ + u8 buf[2 + RSN_SELECTOR_LEN + PMKID_LEN], *pmkid = NULL; + size_t pmkid_len = 0; + + SM_ENTRY_MA(WPA_PTK, PTKSTART, wpa_ptk); + sm->PTKRequest = FALSE; + sm->TimeoutEvt = FALSE; + wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, + "sending 1/4 msg of 4-Way Handshake"); + /* + * TODO: Could add PMKID even with WPA2-PSK, but only if there is only + * one possible PSK for this STA. + */ + if (sm->wpa == WPA_VERSION_WPA2 && + sm->wpa_key_mgmt != WPA_KEY_MGMT_PSK) { + pmkid = buf; + pmkid_len = 2 + RSN_SELECTOR_LEN + PMKID_LEN; + pmkid[0] = WLAN_EID_GENERIC; + pmkid[1] = RSN_SELECTOR_LEN + PMKID_LEN; + memcpy(&pmkid[2], RSN_KEY_DATA_PMKID, RSN_SELECTOR_LEN); + if (sm->pmksa) + memcpy(&pmkid[2 + RSN_SELECTOR_LEN], sm->pmksa->pmkid, + PMKID_LEN); + else { + /* + * Calculate PMKID since no PMKSA cache entry was + * available with pre-calculated PMKID. + */ + rsn_pmkid(sm->PMK, WPA_PMK_LEN, sm->wpa_auth->addr, + sm->addr, &pmkid[2 + RSN_SELECTOR_LEN]); + } + } + wpa_send_eapol(sm->wpa_auth, sm, + WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL, + sm->ANonce, pmkid, pmkid_len, 0, 0); + sm->TimeoutCtr++; +} + + +SM_STATE(WPA_PTK, PTKCALCNEGOTIATING) +{ + struct wpa_ptk PTK; + int ok = 0; + const u8 *pmk = NULL; + + SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk); + sm->EAPOLKeyReceived = FALSE; + + /* WPA with IEEE 802.1X: use the derived PMK from EAP + * WPA-PSK: iterate through possible PSKs and select the one matching + * the packet */ + for (;;) { + if (sm->wpa_key_mgmt == WPA_KEY_MGMT_PSK) { + pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, pmk); + if (pmk == NULL) + break; + } else + pmk = sm->PMK; + + wpa_pmk_to_ptk(pmk, sm->wpa_auth->addr, sm->addr, + sm->ANonce, sm->SNonce, + (u8 *) &PTK, sizeof(PTK)); + + if (wpa_verify_key_mic(&PTK, sm->last_rx_eapol_key, + sm->last_rx_eapol_key_len) == 0) { + ok = 1; + break; + } + + if (sm->wpa_key_mgmt != WPA_KEY_MGMT_PSK) + break; + } + + if (!ok) { + wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, + "invalid MIC in msg 2/4 of 4-Way Handshake"); + return; + } + + eloop_cancel_timeout(wpa_send_eapol_timeout, sm->wpa_auth, sm); + + if (sm->wpa_key_mgmt == WPA_KEY_MGMT_PSK) { + /* PSK may have changed from the previous choice, so update + * state machine data based on whatever PSK was selected here. + */ + memcpy(sm->PMK, pmk, WPA_PMK_LEN); + } + + sm->MICVerified = TRUE; + + memcpy(&sm->PTK, &PTK, sizeof(PTK)); + sm->PTK_valid = TRUE; +} + + +SM_STATE(WPA_PTK, PTKCALCNEGOTIATING2) +{ + SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING2, wpa_ptk); + sm->TimeoutCtr = 0; +} + + +#ifdef CONFIG_IEEE80211W + +static int ieee80211w_kde_len(struct wpa_state_machine *sm) +{ + if (sm->mgmt_frame_prot) { + return 2 + RSN_SELECTOR_LEN + sizeof(struct wpa_dhv_kde) + + 2 + RSN_SELECTOR_LEN + sizeof(struct wpa_igtk_kde); + } + + return 0; +} + + +static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos) +{ + struct wpa_dhv_kde dhv; + struct wpa_igtk_kde igtk; + struct wpa_group *gsm = sm->group; + u8 mac[32]; + const u8 *addr[3]; + size_t len[3]; + + if (!sm->mgmt_frame_prot) + return pos; + + addr[0] = sm->wpa_auth->addr; + len[0] = ETH_ALEN; + addr[1] = sm->addr; + len[1] = ETH_ALEN; + addr[2] = gsm->DGTK; + len[2] = WPA_DGTK_LEN; + sha256_vector(3, addr, len, mac); + memcpy(dhv.dhv, mac, WPA_DHV_LEN); + wpa_hexdump_key(MSG_DEBUG, "WPA: DHV", dhv.dhv, WPA_DHV_LEN); + pos = wpa_add_kde(pos, RSN_KEY_DATA_DHV, + (const u8 *) &dhv, sizeof(dhv), NULL, 0); + + igtk.keyid[0] = gsm->GN; + igtk.keyid[1] = 0; + if (wpa_auth_get_seqnum_igtk(sm->wpa_auth, NULL, gsm->GN, igtk.pn) < 0) + memset(igtk.pn, 0, sizeof(igtk.pn)); + memcpy(igtk.igtk, gsm->IGTK[gsm->GN - 1], WPA_IGTK_LEN); + pos = wpa_add_kde(pos, RSN_KEY_DATA_IGTK, + (const u8 *) &igtk, sizeof(igtk), NULL, 0); + + return pos; +} + +#else /* CONFIG_IEEE80211W */ + +static int ieee80211w_kde_len(struct wpa_state_machine *sm) +{ + return 0; +} + + +static u8 * ieee80211w_kde_add(struct wpa_state_machine *sm, u8 *pos) +{ + return pos; +} + +#endif /* CONFIG_IEEE80211W */ + + +SM_STATE(WPA_PTK, PTKINITNEGOTIATING) +{ + u8 rsc[WPA_KEY_RSC_LEN], *_rsc, *gtk, *kde, *pos; + size_t gtk_len, kde_len; + struct wpa_group *gsm = sm->group; + u8 *wpa_ie; + int wpa_ie_len, secure, keyidx, encr = 0; + + SM_ENTRY_MA(WPA_PTK, PTKINITNEGOTIATING, wpa_ptk); + sm->TimeoutEvt = FALSE; + /* Send EAPOL(1, 1, 1, Pair, P, RSC, ANonce, MIC(PTK), RSNIE, GTK[GN]) + */ + memset(rsc, 0, WPA_KEY_RSC_LEN); + wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc); + wpa_ie = sm->wpa_auth->wpa_ie; + wpa_ie_len = sm->wpa_auth->wpa_ie_len; + if (sm->wpa == WPA_VERSION_WPA && + (sm->wpa_auth->conf.wpa & HOSTAPD_WPA_VERSION_WPA2) && + wpa_ie_len > wpa_ie[1] + 2 && wpa_ie[0] == WLAN_EID_RSN) { + /* WPA-only STA, remove RSN IE */ + wpa_ie = wpa_ie + wpa_ie[1] + 2; + wpa_ie_len = wpa_ie[1] + 2; + } + wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, + "sending 3/4 msg of 4-Way Handshake"); + if (sm->wpa == WPA_VERSION_WPA2) { + /* WPA2 send GTK in the 4-way handshake */ + secure = 1; + gtk = gsm->GTK[gsm->GN - 1]; + gtk_len = gsm->GTK_len; + keyidx = gsm->GN; + _rsc = rsc; + encr = 1; + } else { + /* WPA does not include GTK in msg 3/4 */ + secure = 0; + gtk = NULL; + gtk_len = 0; + keyidx = 0; + _rsc = NULL; + } + + kde_len = wpa_ie_len + ieee80211w_kde_len(sm); + if (gtk) + kde_len += 2 + RSN_SELECTOR_LEN + 2 + gtk_len; + kde = malloc(kde_len); + if (kde == NULL) + return; + + pos = kde; + memcpy(pos, wpa_ie, wpa_ie_len); + pos += wpa_ie_len; + if (gtk) { + u8 hdr[2]; + hdr[0] = keyidx & 0x03; + hdr[1] = 0; + pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2, + gtk, gtk_len); + } + pos = ieee80211w_kde_add(sm, pos); + + wpa_send_eapol(sm->wpa_auth, sm, + (secure ? WPA_KEY_INFO_SECURE : 0) | WPA_KEY_INFO_MIC | + WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL | + WPA_KEY_INFO_KEY_TYPE, + _rsc, sm->ANonce, kde, pos - kde, keyidx, encr); + free(kde); + sm->TimeoutCtr++; +} + + +SM_STATE(WPA_PTK, PTKINITDONE) +{ + SM_ENTRY_MA(WPA_PTK, PTKINITDONE, wpa_ptk); + sm->EAPOLKeyReceived = FALSE; + if (sm->Pair) { + char *alg; + int klen; + if (sm->pairwise == WPA_CIPHER_TKIP) { + alg = "TKIP"; + klen = 32; + } else { + alg = "CCMP"; + klen = 16; + } + if (wpa_auth_set_key(sm->wpa_auth, 0, alg, sm->addr, 0, + sm->PTK.tk1, klen)) { + wpa_sta_disconnect(sm->wpa_auth, sm->addr); + return; + } + /* FIX: MLME-SetProtection.Request(TA, Tx_Rx) */ + sm->pairwise_set = TRUE; + + if (sm->wpa_key_mgmt == WPA_KEY_MGMT_PSK) { + wpa_auth_set_eapol(sm->wpa_auth, sm->addr, + WPA_EAPOL_authorized, 1); + } + } + + if (0 /* IBSS == TRUE */) { + sm->keycount++; + if (sm->keycount == 2) { + wpa_auth_set_eapol(sm->wpa_auth, sm->addr, + WPA_EAPOL_portValid, 1); + } + } else { + wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_portValid, + 1); + } + wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyAvailable, 0); + wpa_auth_set_eapol(sm->wpa_auth, sm->addr, WPA_EAPOL_keyDone, 1); + if (sm->wpa == WPA_VERSION_WPA) + sm->PInitAKeys = TRUE; + else + sm->has_GTK = TRUE; + wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO, + "pairwise key handshake completed (%s)", + sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN"); +} + + +SM_STEP(WPA_PTK) +{ + struct wpa_authenticator *wpa_auth = sm->wpa_auth; + + if (sm->Init) + SM_ENTER(WPA_PTK, INITIALIZE); + else if (sm->Disconnect + /* || FIX: dot11RSNAConfigSALifetime timeout */) + SM_ENTER(WPA_PTK, DISCONNECT); + else if (sm->DeauthenticationRequest) + SM_ENTER(WPA_PTK, DISCONNECTED); + else if (sm->AuthenticationRequest) + SM_ENTER(WPA_PTK, AUTHENTICATION); + else if (sm->ReAuthenticationRequest) + SM_ENTER(WPA_PTK, AUTHENTICATION2); + else if (sm->PTKRequest) + SM_ENTER(WPA_PTK, PTKSTART); + else switch (sm->wpa_ptk_state) { + case WPA_PTK_INITIALIZE: + break; + case WPA_PTK_DISCONNECT: + SM_ENTER(WPA_PTK, DISCONNECTED); + break; + case WPA_PTK_DISCONNECTED: + SM_ENTER(WPA_PTK, INITIALIZE); + break; + case WPA_PTK_AUTHENTICATION: + SM_ENTER(WPA_PTK, AUTHENTICATION2); + break; + case WPA_PTK_AUTHENTICATION2: + if ((sm->wpa_key_mgmt == WPA_KEY_MGMT_IEEE8021X) && + wpa_auth_get_eapol(sm->wpa_auth, sm->addr, + WPA_EAPOL_keyRun) > 0) + SM_ENTER(WPA_PTK, INITPMK); + else if ((sm->wpa_key_mgmt == WPA_KEY_MGMT_PSK) + /* FIX: && 802.1X::keyRun */) + SM_ENTER(WPA_PTK, INITPSK); + break; + case WPA_PTK_INITPMK: + if (wpa_auth_get_eapol(sm->wpa_auth, sm->addr, + WPA_EAPOL_keyAvailable) > 0) + SM_ENTER(WPA_PTK, PTKSTART); + else { + wpa_auth->dot11RSNA4WayHandshakeFailures++; + SM_ENTER(WPA_PTK, DISCONNECT); + } + break; + case WPA_PTK_INITPSK: + if (wpa_auth_get_psk(sm->wpa_auth, sm->addr, NULL)) + SM_ENTER(WPA_PTK, PTKSTART); + else { + wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO, + "no PSK configured for the STA"); + wpa_auth->dot11RSNA4WayHandshakeFailures++; + SM_ENTER(WPA_PTK, DISCONNECT); + } + break; + case WPA_PTK_PTKSTART: + if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest && + sm->EAPOLKeyPairwise) + SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING); + else if (sm->TimeoutCtr > + (int) dot11RSNAConfigPairwiseUpdateCount) { + wpa_auth->dot11RSNA4WayHandshakeFailures++; + SM_ENTER(WPA_PTK, DISCONNECT); + } else if (sm->TimeoutEvt) + SM_ENTER(WPA_PTK, PTKSTART); + break; + case WPA_PTK_PTKCALCNEGOTIATING: + if (sm->MICVerified) + SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING2); + else if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest && + sm->EAPOLKeyPairwise) + SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING); + else if (sm->TimeoutEvt) + SM_ENTER(WPA_PTK, PTKSTART); + break; + case WPA_PTK_PTKCALCNEGOTIATING2: + SM_ENTER(WPA_PTK, PTKINITNEGOTIATING); + break; + case WPA_PTK_PTKINITNEGOTIATING: + if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest && + sm->EAPOLKeyPairwise && sm->MICVerified) + SM_ENTER(WPA_PTK, PTKINITDONE); + else if (sm->TimeoutCtr > + (int) dot11RSNAConfigPairwiseUpdateCount) { + wpa_auth->dot11RSNA4WayHandshakeFailures++; + SM_ENTER(WPA_PTK, DISCONNECT); + } else if (sm->TimeoutEvt) + SM_ENTER(WPA_PTK, PTKINITNEGOTIATING); + break; + case WPA_PTK_PTKINITDONE: + break; + } +} + + +SM_STATE(WPA_PTK_GROUP, IDLE) +{ + SM_ENTRY_MA(WPA_PTK_GROUP, IDLE, wpa_ptk_group); + if (sm->Init) { + /* Init flag is not cleared here, so avoid busy + * loop by claiming nothing changed. */ + sm->changed = FALSE; + } + sm->GTimeoutCtr = 0; +} + + +SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING) +{ + u8 rsc[WPA_KEY_RSC_LEN]; + struct wpa_group *gsm = sm->group; + u8 *kde, *pos, hdr[2]; + size_t kde_len; + + SM_ENTRY_MA(WPA_PTK_GROUP, REKEYNEGOTIATING, wpa_ptk_group); + if (sm->wpa == WPA_VERSION_WPA) + sm->PInitAKeys = FALSE; + sm->TimeoutEvt = FALSE; + /* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */ + memset(rsc, 0, WPA_KEY_RSC_LEN); + if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE) + wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc); + wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, + "sending 1/2 msg of Group Key Handshake"); + + if (sm->wpa == WPA_VERSION_WPA2) { + kde_len = 2 + RSN_SELECTOR_LEN + 2 + gsm->GTK_len + + ieee80211w_kde_len(sm); + kde = malloc(kde_len); + if (kde == NULL) + return; + + pos = kde; + hdr[0] = gsm->GN & 0x03; + hdr[1] = 0; + pos = wpa_add_kde(pos, RSN_KEY_DATA_GROUPKEY, hdr, 2, + gsm->GTK[gsm->GN - 1], gsm->GTK_len); + pos = ieee80211w_kde_add(sm, pos); + } else { + kde = gsm->GTK[gsm->GN - 1]; + pos = kde + gsm->GTK_len; + } + + wpa_send_eapol(sm->wpa_auth, sm, + WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC | + WPA_KEY_INFO_ACK | + (!sm->Pair ? WPA_KEY_INFO_INSTALL : 0), + rsc, gsm->GNonce, kde, pos - kde, gsm->GN, 1); + if (sm->wpa == WPA_VERSION_WPA2) + free(kde); + sm->GTimeoutCtr++; +} + + +SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED) +{ + SM_ENTRY_MA(WPA_PTK_GROUP, REKEYESTABLISHED, wpa_ptk_group); + sm->EAPOLKeyReceived = FALSE; + sm->GUpdateStationKeys = FALSE; + sm->group->GKeyDoneStations--; + sm->GTimeoutCtr = 0; + /* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */ + wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO, + "group key handshake completed (%s)", + sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN"); + sm->has_GTK = TRUE; +} + + +SM_STATE(WPA_PTK_GROUP, KEYERROR) +{ + SM_ENTRY_MA(WPA_PTK_GROUP, KEYERROR, wpa_ptk_group); + sm->group->GKeyDoneStations--; + sm->GUpdateStationKeys = FALSE; + sm->Disconnect = TRUE; +} + + +SM_STEP(WPA_PTK_GROUP) +{ + if (sm->Init) + SM_ENTER(WPA_PTK_GROUP, IDLE); + else switch (sm->wpa_ptk_group_state) { + case WPA_PTK_GROUP_IDLE: + if (sm->GUpdateStationKeys || + (sm->wpa == WPA_VERSION_WPA && sm->PInitAKeys)) + SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING); + break; + case WPA_PTK_GROUP_REKEYNEGOTIATING: + if (sm->EAPOLKeyReceived && !sm->EAPOLKeyRequest && + !sm->EAPOLKeyPairwise && sm->MICVerified) + SM_ENTER(WPA_PTK_GROUP, REKEYESTABLISHED); + else if (sm->GTimeoutCtr > + (int) dot11RSNAConfigGroupUpdateCount) + SM_ENTER(WPA_PTK_GROUP, KEYERROR); + else if (sm->TimeoutEvt) + SM_ENTER(WPA_PTK_GROUP, REKEYNEGOTIATING); + break; + case WPA_PTK_GROUP_KEYERROR: + SM_ENTER(WPA_PTK_GROUP, IDLE); + break; + case WPA_PTK_GROUP_REKEYESTABLISHED: + SM_ENTER(WPA_PTK_GROUP, IDLE); + break; + } +} + + +static void wpa_gtk_update(struct wpa_authenticator *wpa_auth, + struct wpa_group *group) +{ + /* FIX: is this the correct way of getting GNonce? */ + memcpy(group->GNonce, group->Counter, WPA_NONCE_LEN); + inc_byte_array(group->Counter, WPA_NONCE_LEN); + wpa_gmk_to_gtk(group->GMK, wpa_auth->addr, group->GNonce, + group->GTK[group->GN - 1], group->GTK_len); + +#ifdef CONFIG_IEEE80211W + if (wpa_auth->conf.ieee80211w != WPA_NO_IEEE80211W) { + hostapd_get_rand(group->DGTK, WPA_DGTK_LEN); + wpa_hexdump_key(MSG_DEBUG, "DGTK", group->DGTK, WPA_DGTK_LEN); + hostapd_get_rand(group->IGTK[group->GN - 1], WPA_IGTK_LEN); + wpa_hexdump_key(MSG_DEBUG, "IGTK", + group->IGTK[group->GN - 1], WPA_IGTK_LEN); + } +#endif /* CONFIG_IEEE80211W */ +} + + +static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth, + struct wpa_group *group) +{ + wpa_printf(MSG_DEBUG, "WPA: group state machine entering state " + "GTK_INIT (VLAN-ID %d)", group->vlan_id); + group->changed = FALSE; /* GInit is not cleared here; avoid loop */ + group->wpa_group_state = WPA_GROUP_GTK_INIT; + + /* GTK[0..N] = 0 */ + memset(group->GTK, 0, sizeof(group->GTK)); + group->GN = 1; + group->GM = 2; + /* GTK[GN] = CalcGTK() */ + wpa_gtk_update(wpa_auth, group); +} + + +static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx) +{ + sm->GUpdateStationKeys = TRUE; + wpa_sm_step(sm); + return 0; +} + + +static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth, + struct wpa_group *group) +{ + int tmp; + + wpa_printf(MSG_DEBUG, "WPA: group state machine entering state " + "SETKEYS (VLAN-ID %d)", group->vlan_id); + group->changed = TRUE; + group->wpa_group_state = WPA_GROUP_SETKEYS; + group->GTKReKey = FALSE; + tmp = group->GM; + group->GM = group->GN; + group->GN = tmp; + group->GKeyDoneStations = group->GNoStations; + wpa_gtk_update(wpa_auth, group); + + wpa_auth_for_each_sta(wpa_auth, wpa_group_update_sta, NULL); +} + + +static void wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth, + struct wpa_group *group) +{ + wpa_printf(MSG_DEBUG, "WPA: group state machine entering state " + "SETKEYSDONE (VLAN-ID %d)", group->vlan_id); + group->changed = TRUE; + group->wpa_group_state = WPA_GROUP_SETKEYSDONE; + wpa_auth_set_key(wpa_auth, group->vlan_id, + wpa_alg_txt(wpa_auth->conf.wpa_group), + NULL, group->GN, group->GTK[group->GN - 1], + group->GTK_len); + +#ifdef CONFIG_IEEE80211W + if (wpa_auth->conf.ieee80211w != WPA_NO_IEEE80211W) { + wpa_auth_set_key(wpa_auth, group->vlan_id, "IGTK", + NULL, group->GN, group->IGTK[group->GN - 1], + WPA_IGTK_LEN); + wpa_auth_set_key(wpa_auth, group->vlan_id, "DGTK", + NULL, 0, group->DGTK, WPA_DGTK_LEN); + } +#endif /* CONFIG_IEEE80211W */ +} + + +static void wpa_group_sm_step(struct wpa_authenticator *wpa_auth, + struct wpa_group *group) +{ + if (group->GInit) { + wpa_group_gtk_init(wpa_auth, group); + } else if (group->wpa_group_state == WPA_GROUP_GTK_INIT && + group->GTKAuthenticator) { + wpa_group_setkeysdone(wpa_auth, group); + } else if (group->wpa_group_state == WPA_GROUP_SETKEYSDONE && + group->GTKReKey) { + wpa_group_setkeys(wpa_auth, group); + } else if (group->wpa_group_state == WPA_GROUP_SETKEYS) { + if (group->GKeyDoneStations == 0) + wpa_group_setkeysdone(wpa_auth, group); + else if (group->GTKReKey) + wpa_group_setkeys(wpa_auth, group); + } +} + + +static void wpa_sm_step(struct wpa_state_machine *sm) +{ + if (sm == NULL) + return; + + if (sm->in_step_loop) { + /* This should not happen, but if it does, make sure we do not + * end up freeing the state machine too early by exiting the + * recursive call. */ + wpa_printf(MSG_ERROR, "WPA: wpa_sm_step() called recursively"); + return; + } + + sm->in_step_loop = 1; + do { + if (sm->pending_deinit) + break; + + sm->changed = FALSE; + sm->wpa_auth->group->changed = FALSE; + + SM_STEP_RUN(WPA_PTK); + if (sm->pending_deinit) + break; + SM_STEP_RUN(WPA_PTK_GROUP); + if (sm->pending_deinit) + break; + wpa_group_sm_step(sm->wpa_auth, sm->group); + } while (sm->changed || sm->wpa_auth->group->changed); + sm->in_step_loop = 0; + + if (sm->pending_deinit) { + wpa_printf(MSG_DEBUG, "WPA: Completing pending STA state " + "machine deinit for " MACSTR, MAC2STR(sm->addr)); + wpa_free_sta_sm(sm); + } +} + + +static void wpa_sm_call_step(void *eloop_ctx, void *timeout_ctx) +{ + struct wpa_state_machine *sm = eloop_ctx; + wpa_sm_step(sm); +} + + +void wpa_auth_sm_notify(struct wpa_state_machine *sm) +{ + if (sm == NULL) + return; + eloop_register_timeout(0, 0, wpa_sm_call_step, sm, NULL); +} + + +void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth) +{ + int tmp, i; + struct wpa_group *group; + + if (wpa_auth == NULL) + return; + + group = wpa_auth->group; + + for (i = 0; i < 2; i++) { + tmp = group->GM; + group->GM = group->GN; + group->GN = tmp; + wpa_gtk_update(wpa_auth, group); + } +} + + +static const char * wpa_bool_txt(int bool) +{ + return bool ? "TRUE" : "FALSE"; +} + + +static int wpa_cipher_bits(int cipher) +{ + switch (cipher) { + case WPA_CIPHER_CCMP: + return 128; + case WPA_CIPHER_TKIP: + return 256; + case WPA_CIPHER_WEP104: + return 104; + case WPA_CIPHER_WEP40: + return 40; + default: + return 0; + } +} + + +#define RSN_SUITE "%02x-%02x-%02x-%d" +#define RSN_SUITE_ARG(s) (s)[0], (s)[1], (s)[2], (s)[3] + +int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen) +{ + int len = 0, ret; + char pmkid_txt[PMKID_LEN * 2 + 1]; + + if (wpa_auth == NULL) + return len; + + ret = snprintf(buf + len, buflen - len, + "dot11RSNAOptionImplemented=TRUE\n" +#ifdef CONFIG_RSN_PREAUTH + "dot11RSNAPreauthenticationImplemented=TRUE\n" +#else /* CONFIG_RSN_PREAUTH */ + "dot11RSNAPreauthenticationImplemented=FALSE\n" +#endif /* CONFIG_RSN_PREAUTH */ + "dot11RSNAEnabled=%s\n" + "dot11RSNAPreauthenticationEnabled=%s\n", + wpa_bool_txt(wpa_auth->conf.wpa & + HOSTAPD_WPA_VERSION_WPA2), + wpa_bool_txt(wpa_auth->conf.rsn_preauth)); + if (ret < 0 || (size_t) ret >= buflen - len) + return len; + len += ret; + + wpa_snprintf_hex(pmkid_txt, sizeof(pmkid_txt), + wpa_auth->dot11RSNAPMKIDUsed, PMKID_LEN); + + ret = snprintf(buf + len, buflen - len, + "dot11RSNAConfigVersion=%u\n" + "dot11RSNAConfigPairwiseKeysSupported=9999\n" + /* FIX: dot11RSNAConfigGroupCipher */ + /* FIX: dot11RSNAConfigGroupRekeyMethod */ + /* FIX: dot11RSNAConfigGroupRekeyTime */ + /* FIX: dot11RSNAConfigGroupRekeyPackets */ + "dot11RSNAConfigGroupRekeyStrict=%u\n" + "dot11RSNAConfigGroupUpdateCount=%u\n" + "dot11RSNAConfigPairwiseUpdateCount=%u\n" + "dot11RSNAConfigGroupCipherSize=%u\n" + "dot11RSNAConfigPMKLifetime=%u\n" + "dot11RSNAConfigPMKReauthThreshold=%u\n" + "dot11RSNAConfigNumberOfPTKSAReplayCounters=0\n" + "dot11RSNAConfigSATimeout=%u\n" + "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n" + "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n" + "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n" + "dot11RSNAPMKIDUsed=%s\n" + "dot11RSNAAuthenticationSuiteRequested=" RSN_SUITE "\n" + "dot11RSNAPairwiseCipherRequested=" RSN_SUITE "\n" + "dot11RSNAGroupCipherRequested=" RSN_SUITE "\n" + "dot11RSNATKIPCounterMeasuresInvoked=%u\n" + "dot11RSNA4WayHandshakeFailures=%u\n" + "dot11RSNAConfigNumberOfGTKSAReplayCounters=0\n", + RSN_VERSION, + !!wpa_auth->conf.wpa_strict_rekey, + dot11RSNAConfigGroupUpdateCount, + dot11RSNAConfigPairwiseUpdateCount, + wpa_cipher_bits(wpa_auth->conf.wpa_group), + dot11RSNAConfigPMKLifetime, + dot11RSNAConfigPMKReauthThreshold, + dot11RSNAConfigSATimeout, + RSN_SUITE_ARG(wpa_auth-> + dot11RSNAAuthenticationSuiteSelected), + RSN_SUITE_ARG(wpa_auth-> + dot11RSNAPairwiseCipherSelected), + RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherSelected), + pmkid_txt, + RSN_SUITE_ARG(wpa_auth-> + dot11RSNAAuthenticationSuiteRequested), + RSN_SUITE_ARG(wpa_auth-> + dot11RSNAPairwiseCipherRequested), + RSN_SUITE_ARG(wpa_auth->dot11RSNAGroupCipherRequested), + wpa_auth->dot11RSNATKIPCounterMeasuresInvoked, + wpa_auth->dot11RSNA4WayHandshakeFailures); + if (ret < 0 || (size_t) ret >= buflen - len) + return len; + len += ret; + + /* TODO: dot11RSNAConfigPairwiseCiphersTable */ + /* TODO: dot11RSNAConfigAuthenticationSuitesTable */ + + /* Private MIB */ + ret = snprintf(buf + len, buflen - len, "hostapdWPAGroupState=%d\n", + wpa_auth->group->wpa_group_state); + if (ret < 0 || (size_t) ret >= buflen - len) + return len; + len += ret; + + return len; +} + + +int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen) +{ + int len = 0, ret; + u8 not_used[4] = { 0, 0, 0, 0 }; + const u8 *pairwise = not_used; + + if (sm == NULL) + return 0; + + /* TODO: FF-FF-FF-FF-FF-FF entry for broadcast/multicast stats */ + + /* dot11RSNAStatsEntry */ + + if (sm->wpa == WPA_VERSION_WPA) { + if (sm->pairwise == WPA_CIPHER_CCMP) + pairwise = WPA_CIPHER_SUITE_CCMP; + else if (sm->pairwise == WPA_CIPHER_TKIP) + pairwise = WPA_CIPHER_SUITE_TKIP; + else if (sm->pairwise == WPA_CIPHER_WEP104) + pairwise = WPA_CIPHER_SUITE_WEP104; + else if (sm->pairwise == WPA_CIPHER_WEP40) + pairwise = WPA_CIPHER_SUITE_WEP40; + else if (sm->pairwise == WPA_CIPHER_NONE) + pairwise = WPA_CIPHER_SUITE_NONE; + } else if (sm->wpa == WPA_VERSION_WPA2) { + if (sm->pairwise == WPA_CIPHER_CCMP) + pairwise = RSN_CIPHER_SUITE_CCMP; + else if (sm->pairwise == WPA_CIPHER_TKIP) + pairwise = RSN_CIPHER_SUITE_TKIP; + else if (sm->pairwise == WPA_CIPHER_WEP104) + pairwise = RSN_CIPHER_SUITE_WEP104; + else if (sm->pairwise == WPA_CIPHER_WEP40) + pairwise = RSN_CIPHER_SUITE_WEP40; + else if (sm->pairwise == WPA_CIPHER_NONE) + pairwise = RSN_CIPHER_SUITE_NONE; + } else + return 0; + + ret = snprintf(buf + len, buflen - len, + /* TODO: dot11RSNAStatsIndex */ + "dot11RSNAStatsSTAAddress=" MACSTR "\n" + "dot11RSNAStatsVersion=1\n" + "dot11RSNAStatsSelectedPairwiseCipher=" RSN_SUITE "\n" + /* TODO: dot11RSNAStatsTKIPICVErrors */ + "dot11RSNAStatsTKIPLocalMICFailures=%u\n" + "dot11RSNAStatsTKIPRemoveMICFailures=%u\n" + /* TODO: dot11RSNAStatsCCMPReplays */ + /* TODO: dot11RSNAStatsCCMPDecryptErrors */ + /* TODO: dot11RSNAStatsTKIPReplays */, + MAC2STR(sm->addr), + RSN_SUITE_ARG(pairwise), + sm->dot11RSNAStatsTKIPLocalMICFailures, + sm->dot11RSNAStatsTKIPRemoteMICFailures); + if (ret < 0 || (size_t) ret >= buflen - len) + return len; + len += ret; + + /* Private MIB */ + ret = snprintf(buf + len, buflen - len, + "hostapdWPAPTKState=%d\n" + "hostapdWPAPTKGroupState=%d\n", + sm->wpa_ptk_state, + sm->wpa_ptk_group_state); + if (ret < 0 || (size_t) ret >= buflen - len) + return len; + len += ret; + + return len; +} + + +void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth) +{ + if (wpa_auth) + wpa_auth->dot11RSNATKIPCounterMeasuresInvoked++; +} + + +int wpa_auth_pairwise_set(struct wpa_state_machine *sm) +{ + return sm && sm->pairwise_set; +} + + +int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm) +{ + if (sm == NULL) + return -1; + return sm->wpa_key_mgmt; +} + + +int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm) +{ + if (sm == NULL) + return 0; + return sm->wpa; +} + + +int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, + struct rsn_pmksa_cache_entry *entry) +{ + if (sm == NULL || sm->pmksa != entry) + return -1; + sm->pmksa = NULL; + return 0; +} + + +struct rsn_pmksa_cache_entry * +wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm) +{ + return sm ? sm->pmksa : NULL; +} + + +void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm) +{ + if (sm) + sm->dot11RSNAStatsTKIPLocalMICFailures++; +} + + +const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, size_t *len) +{ + if (wpa_auth == NULL) + return NULL; + *len = wpa_auth->wpa_ie_len; + return wpa_auth->wpa_ie; +} + + +int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk, + int session_timeout, struct eapol_state_machine *eapol) +{ + if (sm == NULL || sm->wpa != WPA_VERSION_WPA2) + return -1; + + if (pmksa_cache_add(sm->wpa_auth->pmksa, pmk, WPA_PMK_LEN, + sm->wpa_auth->addr, sm->addr, session_timeout, + eapol)) + return 0; + + return -1; +} + + +int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth, + const u8 *pmk, size_t len, const u8 *sta_addr, + int session_timeout, + struct eapol_state_machine *eapol) +{ + if (wpa_auth == NULL) + return -1; + + if (pmksa_cache_add(wpa_auth->pmksa, pmk, len, wpa_auth->addr, + sta_addr, session_timeout, eapol)) + return 0; + + return -1; +} + + +static struct wpa_group * +wpa_auth_add_group(struct wpa_authenticator *wpa_auth, int vlan_id) +{ + struct wpa_group *group; + + if (wpa_auth == NULL || wpa_auth->group == NULL) + return NULL; + + wpa_printf(MSG_DEBUG, "WPA: Add group state machine for VLAN-ID %d", + vlan_id); + group = wpa_group_init(wpa_auth, vlan_id); + if (group == NULL) + return NULL; + + group->next = wpa_auth->group->next; + wpa_auth->group->next = group; + + return group; +} + + +int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id) +{ + struct wpa_group *group; + + if (sm == NULL || sm->wpa_auth == NULL) + return 0; + + group = sm->wpa_auth->group; + while (group) { + if (group->vlan_id == vlan_id) + break; + group = group->next; + } + + if (group == NULL) { + group = wpa_auth_add_group(sm->wpa_auth, vlan_id); + if (group == NULL) + return -1; + } + + if (sm->group == group) + return 0; + + wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state " + "machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id); + + if (sm->group && sm->group != group && sm->sta_counted) { + sm->group->GNoStations--; + sm->sta_counted = 0; + wpa_printf(MSG_DEBUG, "WLA: Decreased GNoStations for the " + "previously used group state machine"); + } + + sm->group = group; + return 0; +} + +#endif /* CONFIG_NATIVE_WINDOWS */ diff --git a/contrib/hostapd-0.5.8/wpa.h b/contrib/hostapd-0.5.8/wpa.h new file mode 100644 index 0000000000..633b2c56ab --- /dev/null +++ b/contrib/hostapd-0.5.8/wpa.h @@ -0,0 +1,186 @@ +/* + * hostapd - IEEE 802.11i-2004 / WPA Authenticator + * Copyright (c) 2004-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef WPA_H +#define WPA_H + +#include "wpa_common.h" + +#define WPA_PMK_LEN PMK_LEN +#define WPA_GMK_LEN 32 +#define WPA_GTK_MAX_LEN 32 +#define PMKID_LEN 16 + +#define WPA_CAPABILITY_PREAUTH BIT(0) +#define WPA_CAPABILITY_MGMT_FRAME_PROTECTION BIT(6) +#define WPA_CAPABILITY_PEERKEY_ENABLED BIT(9) + +struct wpa_eapol_key { + u8 type; + u16 key_info; + u16 key_length; + u8 replay_counter[WPA_REPLAY_COUNTER_LEN]; + u8 key_nonce[WPA_NONCE_LEN]; + u8 key_iv[16]; + u8 key_rsc[WPA_KEY_RSC_LEN]; + u8 key_id[8]; /* Reserved */ + u8 key_mic[16]; + u16 key_data_length; + /* followed by key_data_length bytes of key_data */ +} __attribute__ ((packed)); + +#define WPA_KEY_INFO_TYPE_MASK (BIT(0) | BIT(1) | BIT(2)) +#define WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 BIT(0) +#define WPA_KEY_INFO_TYPE_HMAC_SHA1_AES BIT(1) +#define WPA_KEY_INFO_KEY_TYPE BIT(3) /* 1 = Pairwise, 0 = Group key */ +/* bit4..5 is used in WPA, but is reserved in IEEE 802.11i/RSN */ +#define WPA_KEY_INFO_KEY_INDEX_MASK (BIT(4) | BIT(5)) +#define WPA_KEY_INFO_KEY_INDEX_SHIFT 4 +#define WPA_KEY_INFO_INSTALL BIT(6) /* pairwise */ +#define WPA_KEY_INFO_TXRX BIT(6) /* group */ +#define WPA_KEY_INFO_ACK BIT(7) +#define WPA_KEY_INFO_MIC BIT(8) +#define WPA_KEY_INFO_SECURE BIT(9) +#define WPA_KEY_INFO_ERROR BIT(10) +#define WPA_KEY_INFO_REQUEST BIT(11) +#define WPA_KEY_INFO_ENCR_KEY_DATA BIT(12) +#define WPA_KEY_INFO_SMK_MESSAGE BIT(13) + + +/* per STA state machine data */ + +struct wpa_ptk { + u8 mic_key[16]; /* EAPOL-Key MIC Key (MK) */ + u8 encr_key[16]; /* EAPOL-Key Encryption Key (EK) */ + u8 tk1[16]; /* Temporal Key 1 (TK1) */ + union { + u8 tk2[16]; /* Temporal Key 2 (TK2) */ + struct { + u8 tx_mic_key[8]; + u8 rx_mic_key[8]; + } auth; + } u; +} __attribute__ ((packed)); + +struct wpa_authenticator; +struct wpa_state_machine; +struct rsn_pmksa_cache_entry; + + +struct wpa_auth_config { + int wpa; + int wpa_key_mgmt; + int wpa_pairwise; + int wpa_group; + int wpa_group_rekey; + int wpa_strict_rekey; + int wpa_gmk_rekey; + int rsn_preauth; + int eapol_version; + int peerkey; + int wme_enabled; +#ifdef CONFIG_IEEE80211W + enum { + WPA_NO_IEEE80211W = 0, + WPA_IEEE80211W_OPTIONAL = 1, + WPA_IEEE80211W_REQUIRED = 2 + } ieee80211w; +#endif /* CONFIG_IEEE80211W */ +}; + +typedef enum { + LOGGER_DEBUG, LOGGER_INFO, LOGGER_WARNING +} logger_level; + +typedef enum { + WPA_EAPOL_portEnabled, WPA_EAPOL_portValid, WPA_EAPOL_authorized, + WPA_EAPOL_portControl_Auto, WPA_EAPOL_keyRun, WPA_EAPOL_keyAvailable, + WPA_EAPOL_keyDone, WPA_EAPOL_inc_EapolFramesTx +} wpa_eapol_variable; + +struct wpa_auth_callbacks { + void *ctx; + void (*logger)(void *ctx, const u8 *addr, logger_level level, + const char *txt); + void (*disconnect)(void *ctx, const u8 *addr, u16 reason); + void (*mic_failure_report)(void *ctx, const u8 *addr); + void (*set_eapol)(void *ctx, const u8 *addr, wpa_eapol_variable var, + int value); + int (*get_eapol)(void *ctx, const u8 *addr, wpa_eapol_variable var); + const u8 * (*get_psk)(void *ctx, const u8 *addr, const u8 *prev_psk); + int (*get_pmk)(void *ctx, const u8 *addr, u8 *pmk, size_t *len); + int (*set_key)(void *ctx, int vlan_id, const char *alg, const u8 *addr, + int idx, u8 *key, size_t key_len); + int (*get_seqnum)(void *ctx, const u8 *addr, int idx, u8 *seq); + int (*get_seqnum_igtk)(void *ctx, const u8 *addr, int idx, u8 *seq); + int (*send_eapol)(void *ctx, const u8 *addr, const u8 *data, + size_t data_len, int encrypt); + int (*for_each_sta)(void *ctx, int (*cb)(struct wpa_state_machine *sm, + void *ctx), void *cb_ctx); +}; + +struct wpa_authenticator * wpa_init(const u8 *addr, + struct wpa_auth_config *conf, + struct wpa_auth_callbacks *cb); +void wpa_deinit(struct wpa_authenticator *wpa_auth); +int wpa_reconfig(struct wpa_authenticator *wpa_auth, + struct wpa_auth_config *conf); + +enum { + WPA_IE_OK, WPA_INVALID_IE, WPA_INVALID_GROUP, WPA_INVALID_PAIRWISE, + WPA_INVALID_AKMP, WPA_NOT_ENABLED, WPA_ALLOC_FAIL, + WPA_MGMT_FRAME_PROTECTION_VIOLATION, WPA_INVALID_MGMT_GROUP_CIPHER +}; + +int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth, + struct wpa_state_machine *sm, + const u8 *wpa_ie, size_t wpa_ie_len); +struct wpa_state_machine * +wpa_auth_sta_init(struct wpa_authenticator *wpa_auth, const u8 *addr); +void wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth, + struct wpa_state_machine *sm); +void wpa_auth_sta_deinit(struct wpa_state_machine *sm); +void wpa_receive(struct wpa_authenticator *wpa_auth, + struct wpa_state_machine *sm, + u8 *data, size_t data_len); +typedef enum { + WPA_AUTH, WPA_ASSOC, WPA_DISASSOC, WPA_DEAUTH, WPA_REAUTH, + WPA_REAUTH_EAPOL +} wpa_event; +void wpa_remove_ptk(struct wpa_state_machine *sm); +void wpa_auth_sm_event(struct wpa_state_machine *sm, wpa_event event); +void wpa_auth_sm_notify(struct wpa_state_machine *sm); +void wpa_gtk_rekey(struct wpa_authenticator *wpa_auth); +int wpa_get_mib(struct wpa_authenticator *wpa_auth, char *buf, size_t buflen); +int wpa_get_mib_sta(struct wpa_state_machine *sm, char *buf, size_t buflen); +void wpa_auth_countermeasures_start(struct wpa_authenticator *wpa_auth); +int wpa_auth_pairwise_set(struct wpa_state_machine *sm); +int wpa_auth_sta_key_mgmt(struct wpa_state_machine *sm); +int wpa_auth_sta_wpa_version(struct wpa_state_machine *sm); +int wpa_auth_sta_clear_pmksa(struct wpa_state_machine *sm, + struct rsn_pmksa_cache_entry *entry); +struct rsn_pmksa_cache_entry * +wpa_auth_sta_get_pmksa(struct wpa_state_machine *sm); +void wpa_auth_sta_local_mic_failure_report(struct wpa_state_machine *sm); +const u8 * wpa_auth_get_wpa_ie(struct wpa_authenticator *wpa_auth, + size_t *len); +int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk, + int session_timeout, struct eapol_state_machine *eapol); +int wpa_auth_pmksa_add_preauth(struct wpa_authenticator *wpa_auth, + const u8 *pmk, size_t len, const u8 *sta_addr, + int session_timeout, + struct eapol_state_machine *eapol); +int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id); + +#endif /* WPA_H */ diff --git a/contrib/hostapd-0.5.8/wpa_common.h b/contrib/hostapd-0.5.8/wpa_common.h new file mode 100644 index 0000000000..6d0316ce4a --- /dev/null +++ b/contrib/hostapd-0.5.8/wpa_common.h @@ -0,0 +1,58 @@ +/* + * WPA definitions shared between hostapd and wpa_supplicant + * Copyright (c) 2002-2005, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef WPA_COMMON_H +#define WPA_COMMON_H + +#define WPA_REPLAY_COUNTER_LEN 8 +#define WPA_NONCE_LEN 32 +#define WPA_KEY_RSC_LEN 8 + + +/* IEEE Std 802.1X-2004 */ + +#ifdef _MSC_VER +#pragma pack(push, 1) +#endif /* _MSC_VER */ + +struct ieee802_1x_hdr { + u8 version; + u8 type; + u16 length; + /* followed by length octets of data */ +} STRUCT_PACKED; + +#ifdef _MSC_VER +#pragma pack(pop) +#endif /* _MSC_VER */ + +#define EAPOL_VERSION 2 + +enum { IEEE802_1X_TYPE_EAP_PACKET = 0, + IEEE802_1X_TYPE_EAPOL_START = 1, + IEEE802_1X_TYPE_EAPOL_LOGOFF = 2, + IEEE802_1X_TYPE_EAPOL_KEY = 3, + IEEE802_1X_TYPE_EAPOL_ENCAPSULATED_ASF_ALERT = 4 +}; + +enum { EAPOL_KEY_TYPE_RC4 = 1, EAPOL_KEY_TYPE_RSN = 2, + EAPOL_KEY_TYPE_WPA = 254 }; + +#ifdef CONFIG_IEEE80211W +#define WPA_DGTK_LEN 16 +#define WPA_DHV_LEN 16 +#define WPA_IGTK_LEN 16 +#endif /* CONFIG_IEEE80211W */ + +#endif /* WPA_COMMON_H */ diff --git a/contrib/hostapd-0.5.8/wpa_ctrl.c b/contrib/hostapd-0.5.8/wpa_ctrl.c new file mode 100644 index 0000000000..dcec537fc7 --- /dev/null +++ b/contrib/hostapd-0.5.8/wpa_ctrl.c @@ -0,0 +1,425 @@ +/* + * wpa_supplicant/hostapd control interface library + * Copyright (c) 2004-2007, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#include "includes.h" + +#ifdef CONFIG_CTRL_IFACE + +#ifdef CONFIG_CTRL_IFACE_UNIX +#include +#endif /* CONFIG_CTRL_IFACE_UNIX */ + +#include "wpa_ctrl.h" +#include "common.h" + + +#if defined(CONFIG_CTRL_IFACE_UNIX) || defined(CONFIG_CTRL_IFACE_UDP) +#define CTRL_IFACE_SOCKET +#endif /* CONFIG_CTRL_IFACE_UNIX || CONFIG_CTRL_IFACE_UDP */ + + +/** + * struct wpa_ctrl - Internal structure for control interface library + * + * This structure is used by the wpa_supplicant/hostapd control interface + * library to store internal data. Programs using the library should not touch + * this data directly. They can only use the pointer to the data structure as + * an identifier for the control interface connection and use this as one of + * the arguments for most of the control interface library functions. + */ +struct wpa_ctrl { +#ifdef CONFIG_CTRL_IFACE_UDP + int s; + struct sockaddr_in local; + struct sockaddr_in dest; + char *cookie; +#endif /* CONFIG_CTRL_IFACE_UDP */ +#ifdef CONFIG_CTRL_IFACE_UNIX + int s; + struct sockaddr_un local; + struct sockaddr_un dest; +#endif /* CONFIG_CTRL_IFACE_UNIX */ +#ifdef CONFIG_CTRL_IFACE_NAMED_PIPE + HANDLE pipe; +#endif /* CONFIG_CTRL_IFACE_NAMED_PIPE */ +}; + + +#ifdef CONFIG_CTRL_IFACE_UNIX + +struct wpa_ctrl * wpa_ctrl_open(const char *ctrl_path) +{ + struct wpa_ctrl *ctrl; + static int counter = 0; + + ctrl = os_malloc(sizeof(*ctrl)); + if (ctrl == NULL) + return NULL; + os_memset(ctrl, 0, sizeof(*ctrl)); + + ctrl->s = socket(PF_UNIX, SOCK_DGRAM, 0); + if (ctrl->s < 0) { + os_free(ctrl); + return NULL; + } + + ctrl->local.sun_family = AF_UNIX; + os_snprintf(ctrl->local.sun_path, sizeof(ctrl->local.sun_path), + "/tmp/wpa_ctrl_%d-%d", getpid(), counter++); + if (bind(ctrl->s, (struct sockaddr *) &ctrl->local, + sizeof(ctrl->local)) < 0) { + close(ctrl->s); + os_free(ctrl); + return NULL; + } + + ctrl->dest.sun_family = AF_UNIX; + os_snprintf(ctrl->dest.sun_path, sizeof(ctrl->dest.sun_path), "%s", + ctrl_path); + if (connect(ctrl->s, (struct sockaddr *) &ctrl->dest, + sizeof(ctrl->dest)) < 0) { + close(ctrl->s); + unlink(ctrl->local.sun_path); + os_free(ctrl); + return NULL; + } + + return ctrl; +} + + +void wpa_ctrl_close(struct wpa_ctrl *ctrl) +{ + unlink(ctrl->local.sun_path); + close(ctrl->s); + os_free(ctrl); +} + +#endif /* CONFIG_CTRL_IFACE_UNIX */ + + +#ifdef CONFIG_CTRL_IFACE_UDP + +struct wpa_ctrl * wpa_ctrl_open(const char *ctrl_path) +{ + struct wpa_ctrl *ctrl; + char buf[128]; + size_t len; + + ctrl = os_malloc(sizeof(*ctrl)); + if (ctrl == NULL) + return NULL; + os_memset(ctrl, 0, sizeof(*ctrl)); + + ctrl->s = socket(PF_INET, SOCK_DGRAM, 0); + if (ctrl->s < 0) { + perror("socket"); + os_free(ctrl); + return NULL; + } + + ctrl->local.sin_family = AF_INET; + ctrl->local.sin_addr.s_addr = htonl((127 << 24) | 1); + if (bind(ctrl->s, (struct sockaddr *) &ctrl->local, + sizeof(ctrl->local)) < 0) { + close(ctrl->s); + os_free(ctrl); + return NULL; + } + + ctrl->dest.sin_family = AF_INET; + ctrl->dest.sin_addr.s_addr = htonl((127 << 24) | 1); + ctrl->dest.sin_port = htons(WPA_CTRL_IFACE_PORT); + if (connect(ctrl->s, (struct sockaddr *) &ctrl->dest, + sizeof(ctrl->dest)) < 0) { + perror("connect"); + close(ctrl->s); + os_free(ctrl); + return NULL; + } + + len = sizeof(buf) - 1; + if (wpa_ctrl_request(ctrl, "GET_COOKIE", 10, buf, &len, NULL) == 0) { + buf[len] = '\0'; + ctrl->cookie = strdup(buf); + } + + return ctrl; +} + + +void wpa_ctrl_close(struct wpa_ctrl *ctrl) +{ + close(ctrl->s); + os_free(ctrl->cookie); + os_free(ctrl); +} + +#endif /* CONFIG_CTRL_IFACE_UDP */ + + +#ifdef CTRL_IFACE_SOCKET +int wpa_ctrl_request(struct wpa_ctrl *ctrl, const char *cmd, size_t cmd_len, + char *reply, size_t *reply_len, + void (*msg_cb)(char *msg, size_t len)) +{ + struct timeval tv; + int res; + fd_set rfds; + const char *_cmd; + char *cmd_buf = NULL; + size_t _cmd_len; + +#ifdef CONFIG_CTRL_IFACE_UDP + if (ctrl->cookie) { + char *pos; + _cmd_len = strlen(ctrl->cookie) + 1 + cmd_len; + cmd_buf = os_malloc(_cmd_len ); + if (cmd_buf == NULL) + return -1; + _cmd = cmd_buf; + pos = cmd_buf; + strcpy(pos, ctrl->cookie); + pos += strlen(ctrl->cookie); + *pos++ = ' '; + memcpy(pos, cmd, cmd_len); + } else +#endif /* CONFIG_CTRL_IFACE_UDP */ + { + _cmd = cmd; + _cmd_len = cmd_len; + } + + if (send(ctrl->s, _cmd, _cmd_len, 0) < 0) { + os_free(cmd_buf); + return -1; + } + os_free(cmd_buf); + + for (;;) { + tv.tv_sec = 2; + tv.tv_usec = 0; + FD_ZERO(&rfds); + FD_SET(ctrl->s, &rfds); + res = select(ctrl->s + 1, &rfds, NULL, NULL, &tv); + if (FD_ISSET(ctrl->s, &rfds)) { + res = recv(ctrl->s, reply, *reply_len, 0); + if (res < 0) + return res; + if (res > 0 && reply[0] == '<') { + /* This is an unsolicited message from + * wpa_supplicant, not the reply to the + * request. Use msg_cb to report this to the + * caller. */ + if (msg_cb) { + /* Make sure the message is nul + * terminated. */ + if ((size_t) res == *reply_len) + res = (*reply_len) - 1; + reply[res] = '\0'; + msg_cb(reply, res); + } + continue; + } + *reply_len = res; + break; + } else { + return -2; + } + } + return 0; +} +#endif /* CTRL_IFACE_SOCKET */ + + +static int wpa_ctrl_attach_helper(struct wpa_ctrl *ctrl, int attach) +{ + char buf[10]; + int ret; + size_t len = 10; + + ret = wpa_ctrl_request(ctrl, attach ? "ATTACH" : "DETACH", 6, + buf, &len, NULL); + if (ret < 0) + return ret; + if (len == 3 && os_memcmp(buf, "OK\n", 3) == 0) + return 0; + return -1; +} + + +int wpa_ctrl_attach(struct wpa_ctrl *ctrl) +{ + return wpa_ctrl_attach_helper(ctrl, 1); +} + + +int wpa_ctrl_detach(struct wpa_ctrl *ctrl) +{ + return wpa_ctrl_attach_helper(ctrl, 0); +} + + +#ifdef CTRL_IFACE_SOCKET + +int wpa_ctrl_recv(struct wpa_ctrl *ctrl, char *reply, size_t *reply_len) +{ + int res; + + res = recv(ctrl->s, reply, *reply_len, 0); + if (res < 0) + return res; + *reply_len = res; + return 0; +} + + +int wpa_ctrl_pending(struct wpa_ctrl *ctrl) +{ + struct timeval tv; + fd_set rfds; + tv.tv_sec = 0; + tv.tv_usec = 0; + FD_ZERO(&rfds); + FD_SET(ctrl->s, &rfds); + select(ctrl->s + 1, &rfds, NULL, NULL, &tv); + return FD_ISSET(ctrl->s, &rfds); +} + + +int wpa_ctrl_get_fd(struct wpa_ctrl *ctrl) +{ + return ctrl->s; +} + +#endif /* CTRL_IFACE_SOCKET */ + + +#ifdef CONFIG_CTRL_IFACE_NAMED_PIPE + +#ifndef WPA_SUPPLICANT_NAMED_PIPE +#define WPA_SUPPLICANT_NAMED_PIPE "WpaSupplicant" +#endif +#define NAMED_PIPE_PREFIX TEXT("\\\\.\\pipe\\") TEXT(WPA_SUPPLICANT_NAMED_PIPE) + +struct wpa_ctrl * wpa_ctrl_open(const char *ctrl_path) +{ + struct wpa_ctrl *ctrl; + DWORD mode; + TCHAR name[256]; + int i; + + ctrl = os_malloc(sizeof(*ctrl)); + if (ctrl == NULL) + return NULL; + os_memset(ctrl, 0, sizeof(*ctrl)); + +#ifdef UNICODE + if (ctrl_path == NULL) + _snwprintf(name, 256, NAMED_PIPE_PREFIX); + else + _snwprintf(name, 256, NAMED_PIPE_PREFIX TEXT("-%S"), + ctrl_path); +#else /* UNICODE */ + if (ctrl_path == NULL) + os_snprintf(name, 256, NAMED_PIPE_PREFIX); + else + os_snprintf(name, 256, NAMED_PIPE_PREFIX "-%s", + ctrl_path); +#endif /* UNICODE */ + + for (i = 0; i < 10; i++) { + ctrl->pipe = CreateFile(name, GENERIC_READ | GENERIC_WRITE, 0, + NULL, OPEN_EXISTING, 0, NULL); + /* + * Current named pipe server side in wpa_supplicant is + * re-opening the pipe for new clients only after the previous + * one is taken into use. This leaves a small window for race + * conditions when two connections are being opened at almost + * the same time. Retry if that was the case. + */ + if (ctrl->pipe != INVALID_HANDLE_VALUE || + GetLastError() != ERROR_PIPE_BUSY) + break; + WaitNamedPipe(name, 1000); + } + if (ctrl->pipe == INVALID_HANDLE_VALUE) { + os_free(ctrl); + return NULL; + } + + mode = PIPE_READMODE_MESSAGE; + if (!SetNamedPipeHandleState(ctrl->pipe, &mode, NULL, NULL)) { + CloseHandle(ctrl->pipe); + os_free(ctrl); + return NULL; + } + + return ctrl; +} + + +void wpa_ctrl_close(struct wpa_ctrl *ctrl) +{ + CloseHandle(ctrl->pipe); + os_free(ctrl); +} + + +int wpa_ctrl_request(struct wpa_ctrl *ctrl, const char *cmd, size_t cmd_len, + char *reply, size_t *reply_len, + void (*msg_cb)(char *msg, size_t len)) +{ + DWORD written; + DWORD readlen = *reply_len; + + if (!WriteFile(ctrl->pipe, cmd, cmd_len, &written, NULL)) + return -1; + + if (!ReadFile(ctrl->pipe, reply, *reply_len, &readlen, NULL)) + return -1; + *reply_len = readlen; + + return 0; +} + + +int wpa_ctrl_recv(struct wpa_ctrl *ctrl, char *reply, size_t *reply_len) +{ + DWORD len = *reply_len; + if (!ReadFile(ctrl->pipe, reply, *reply_len, &len, NULL)) + return -1; + *reply_len = len; + return 0; +} + + +int wpa_ctrl_pending(struct wpa_ctrl *ctrl) +{ + DWORD left; + + if (!PeekNamedPipe(ctrl->pipe, NULL, 0, NULL, &left, NULL)) + return -1; + return left ? 1 : 0; +} + + +int wpa_ctrl_get_fd(struct wpa_ctrl *ctrl) +{ + return -1; +} + +#endif /* CONFIG_CTRL_IFACE_NAMED_PIPE */ + +#endif /* CONFIG_CTRL_IFACE */ diff --git a/contrib/hostapd-0.5.8/wpa_ctrl.h b/contrib/hostapd-0.5.8/wpa_ctrl.h new file mode 100644 index 0000000000..6166fda26e --- /dev/null +++ b/contrib/hostapd-0.5.8/wpa_ctrl.h @@ -0,0 +1,185 @@ +/* + * wpa_supplicant/hostapd control interface library + * Copyright (c) 2004-2006, Jouni Malinen + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + * Alternatively, this software may be distributed under the terms of BSD + * license. + * + * See README and COPYING for more details. + */ + +#ifndef WPA_CTRL_H +#define WPA_CTRL_H + +#ifdef __cplusplus +extern "C" { +#endif + +/* wpa_supplicant control interface - fixed message prefixes */ + +/** Interactive request for identity/password/pin */ +#define WPA_CTRL_REQ "CTRL-REQ-" + +/** Response to identity/password/pin request */ +#define WPA_CTRL_RSP "CTRL-RSP-" + +/* Event messages with fixed prefix */ +/** Authentication completed successfully and data connection enabled */ +#define WPA_EVENT_CONNECTED "CTRL-EVENT-CONNECTED " +/** Disconnected, data connection is not available */ +#define WPA_EVENT_DISCONNECTED "CTRL-EVENT-DISCONNECTED " +/** wpa_supplicant is exiting */ +#define WPA_EVENT_TERMINATING "CTRL-EVENT-TERMINATING " +/** Password change was completed successfully */ +#define WPA_EVENT_PASSWORD_CHANGED "CTRL-EVENT-PASSWORD-CHANGED " +/** EAP-Request/Notification received */ +#define WPA_EVENT_EAP_NOTIFICATION "CTRL-EVENT-EAP-NOTIFICATION " +/** EAP authentication started (EAP-Request/Identity received) */ +#define WPA_EVENT_EAP_STARTED "CTRL-EVENT-EAP-STARTED " +/** EAP method selected */ +#define WPA_EVENT_EAP_METHOD "CTRL-EVENT-EAP-METHOD " +/** EAP authentication completed successfully */ +#define WPA_EVENT_EAP_SUCCESS "CTRL-EVENT-EAP-SUCCESS " +/** EAP authentication failed (EAP-Failure received) */ +#define WPA_EVENT_EAP_FAILURE "CTRL-EVENT-EAP-FAILURE " + + +/* wpa_supplicant/hostapd control interface access */ + +/** + * wpa_ctrl_open - Open a control interface to wpa_supplicant/hostapd + * @ctrl_path: Path for UNIX domain sockets; ignored if UDP sockets are used. + * Returns: Pointer to abstract control interface data or %NULL on failure + * + * This function is used to open a control interface to wpa_supplicant/hostapd. + * ctrl_path is usually /var/run/wpa_supplicant or /var/run/hostapd. This path + * is configured in wpa_supplicant/hostapd and other programs using the control + * interface need to use matching path configuration. + */ +struct wpa_ctrl * wpa_ctrl_open(const char *ctrl_path); + + +/** + * wpa_ctrl_close - Close a control interface to wpa_supplicant/hostapd + * @ctrl: Control interface data from wpa_ctrl_open() + * + * This function is used to close a control interface. + */ +void wpa_ctrl_close(struct wpa_ctrl *ctrl); + + +/** + * wpa_ctrl_request - Send a command to wpa_supplicant/hostapd + * @ctrl: Control interface data from wpa_ctrl_open() + * @cmd: Command; usually, ASCII text, e.g., "PING" + * @cmd_len: Length of the cmd in bytes + * @reply: Buffer for the response + * @reply_len: Reply buffer length + * @msg_cb: Callback function for unsolicited messages or %NULL if not used + * Returns: 0 on success, -1 on error (send or receive failed), -2 on timeout + * + * This function is used to send commands to wpa_supplicant/hostapd. Received + * response will be written to reply and reply_len is set to the actual length + * of the reply. This function will block for up to two seconds while waiting + * for the reply. If unsolicited messages are received, the blocking time may + * be longer. + * + * msg_cb can be used to register a callback function that will be called for + * unsolicited messages received while waiting for the command response. These + * messages may be received if wpa_ctrl_request() is called at the same time as + * wpa_supplicant/hostapd is sending such a message. This can happen only if + * the program has used wpa_ctrl_attach() to register itself as a monitor for + * event messages. Alternatively to msg_cb, programs can register two control + * interface connections and use one of them for commands and the other one for + * receiving event messages, in other words, call wpa_ctrl_attach() only for + * the control interface connection that will be used for event messages. + */ +int wpa_ctrl_request(struct wpa_ctrl *ctrl, const char *cmd, size_t cmd_len, + char *reply, size_t *reply_len, + void (*msg_cb)(char *msg, size_t len)); + + +/** + * wpa_ctrl_attach - Register as an event monitor for the control interface + * @ctrl: Control interface data from wpa_ctrl_open() + * Returns: 0 on success, -1 on failure, -2 on timeout + * + * This function registers the control interface connection as a monitor for + * wpa_supplicant/hostapd events. After a success wpa_ctrl_attach() call, the + * control interface connection starts receiving event messages that can be + * read with wpa_ctrl_recv(). + */ +int wpa_ctrl_attach(struct wpa_ctrl *ctrl); + + +/** + * wpa_ctrl_detach - Unregister event monitor from the control interface + * @ctrl: Control interface data from wpa_ctrl_open() + * Returns: 0 on success, -1 on failure, -2 on timeout + * + * This function unregisters the control interface connection as a monitor for + * wpa_supplicant/hostapd events, i.e., cancels the registration done with + * wpa_ctrl_attach(). + */ +int wpa_ctrl_detach(struct wpa_ctrl *ctrl); + + +/** + * wpa_ctrl_recv - Receive a pending control interface message + * @ctrl: Control interface data from wpa_ctrl_open() + * @reply: Buffer for the message data + * @reply_len: Length of the reply buffer + * Returns: 0 on success, -1 on failure + * + * This function will receive a pending control interface message. This + * function will block if no messages are available. The received response will + * be written to reply and reply_len is set to the actual length of the reply. + * wpa_ctrl_recv() is only used for event messages, i.e., wpa_ctrl_attach() + * must have been used to register the control interface as an event monitor. + */ +int wpa_ctrl_recv(struct wpa_ctrl *ctrl, char *reply, size_t *reply_len); + + +/** + * wpa_ctrl_pending - Check whether there are pending event messages + * @ctrl: Control interface data from wpa_ctrl_open() + * Returns: 1 if there are pending messages, 0 if no, or -1 on error + * + * This function will check whether there are any pending control interface + * message available to be received with wpa_ctrl_recv(). wpa_ctrl_pending() is + * only used for event messages, i.e., wpa_ctrl_attach() must have been used to + * register the control interface as an event monitor. + */ +int wpa_ctrl_pending(struct wpa_ctrl *ctrl); + + +/** + * wpa_ctrl_get_fd - Get file descriptor used by the control interface + * @ctrl: Control interface data from wpa_ctrl_open() + * Returns: File descriptor used for the connection + * + * This function can be used to get the file descriptor that is used for the + * control interface connection. The returned value can be used, e.g., with + * select() while waiting for multiple events. + * + * The returned file descriptor must not be used directly for sending or + * receiving packets; instead, the library functions wpa_ctrl_request() and + * wpa_ctrl_recv() must be used for this. + */ +int wpa_ctrl_get_fd(struct wpa_ctrl *ctrl); + +#ifdef CONFIG_CTRL_IFACE_UDP +#define WPA_CTRL_IFACE_PORT 9877 +#define WPA_GLOBAL_CTRL_IFACE_PORT 9878 +#endif /* CONFIG_CTRL_IFACE_UDP */ + + +#ifdef __cplusplus +} +#endif + +#endif /* WPA_CTRL_H */ -- 2.41.0