1* /*
2* * wpa_supplicant - PASN processing
3* *
4* * Copyright (C) 2019 Intel Corporation
5* *
6* * This software may be distributed under the terms of the BSD license.
7* * See README for more details.
8* */
9*
10* #include "includes.h"
11*
12* #include "common/ieee802_11_defs.h"
13* #include "common/ieee802_11_common.h"
14* #include "common/dragonfly.h"
15* #include "common/ptksa_cache.h"
16* #include "utils/eloop.h"
17* #include "drivers/driver.h"
18* #include "crypto/crypto.h"
19* #include "crypto/random.h"
20* #include "eap_common/eap_defs.h"
21* #include "rsn_supp/wpa.h"
22* #include "rsn_supp/pmksa_cache.h"
23* #include "wpa_supplicant_i.h"
24* #include "driver_i.h"
25* #include "bss.h"
26* #include "config.h"
27*
28* static const int dot11RSNAConfigPMKLifetime = 43200;
29*
30* struct wpa_pasn_auth_work {
31* u8 bssid[ETH_ALEN];
32* int akmp;
33* int cipher;
34* u16 group;
35* int network_id;
36* struct wpabuf *comeback;
37* };
38*
39*
wpas_pasn_free_auth_work(struct wpa_pasn_auth_work * awork)40* static void wpas_pasn_free_auth_work(struct wpa_pasn_auth_work *awork)
41* {
42* wpabuf_free(awork->comeback);
43* awork->comeback = NULL;
44* os_free(awork);
45* }
46*
47*
wpas_pasn_auth_work_timeout(void * eloop_ctx,void * timeout_ctx)48* static void wpas_pasn_auth_work_timeout(void *eloop_ctx, void *timeout_ctx)
49* {
50* struct wpa_supplicant *wpa_s = eloop_ctx;
51*
52* wpa_printf(MSG_DEBUG, "PASN: Auth work timeout - stopping auth");
53*
54* wpas_pasn_auth_stop(wpa_s);
55* }
56*
57*
wpas_pasn_cancel_auth_work(struct wpa_supplicant * wpa_s)58* static void wpas_pasn_cancel_auth_work(struct wpa_supplicant *wpa_s)
59* {
60* wpa_printf(MSG_DEBUG, "PASN: Cancel pasn-start-auth work");
61*
62* /* Remove pending/started work */
63* radio_remove_works(wpa_s, "pasn-start-auth", 0);
64* }
65*
66*
wpas_pasn_auth_status(struct wpa_supplicant * wpa_s,const u8 * bssid,int akmp,int cipher,u8 status,struct wpabuf * comeback,u16 comeback_after)67* static void wpas_pasn_auth_status(struct wpa_supplicant *wpa_s, const u8 *bssid,
68* int akmp, int cipher, u8 status,
69* struct wpabuf *comeback,
70* u16 comeback_after)
71* {
72* if (comeback) {
73* size_t comeback_len = wpabuf_len(comeback);
74* size_t buflen = comeback_len * 2 + 1;
75* char *comeback_txt = os_malloc(buflen);
76*
77* if (comeback_txt) {
78* wpa_snprintf_hex(comeback_txt, buflen,
79* wpabuf_head(comeback), comeback_len);
80*
81* wpa_msg(wpa_s, MSG_INFO, PASN_AUTH_STATUS MACSTR
82* " akmp=%s, status=%u comeback_after=%u comeback=%s",
83* MAC2STR(bssid),
84* wpa_key_mgmt_txt(akmp, WPA_PROTO_RSN),
85* status, comeback_after, comeback_txt);
86*
87* os_free(comeback_txt);
88* return;
89* }
90* }
91*
92* wpa_msg(wpa_s, MSG_INFO,
93* PASN_AUTH_STATUS MACSTR " akmp=%s, status=%u",
94* MAC2STR(bssid), wpa_key_mgmt_txt(akmp, WPA_PROTO_RSN),
95* status);
96* }
97*
98*
99* #ifdef CONFIG_SAE
100*
wpas_pasn_wd_sae_commit(struct wpa_supplicant * wpa_s)101* static struct wpabuf * wpas_pasn_wd_sae_commit(struct wpa_supplicant *wpa_s)
102* {
103* struct wpas_pasn *pasn = &wpa_s->pasn;
104* struct wpabuf *buf = NULL;
105* int ret;
106*
107* ret = sae_set_group(&pasn->sae, pasn->group);
108* if (ret) {
109* wpa_printf(MSG_DEBUG, "PASN: Failed to set SAE group");
110* return NULL;
111* }
112*
113* ret = sae_prepare_commit_pt(&pasn->sae, pasn->ssid->pt,
114* wpa_s->own_addr, pasn->bssid,
115* NULL, NULL);
116* if (ret) {
117* wpa_printf(MSG_DEBUG, "PASN: Failed to prepare SAE commit");
118* return NULL;
119* }
120*
121* /* Need to add the entire Authentication frame body */
122* buf = wpabuf_alloc(6 + SAE_COMMIT_MAX_LEN);
123* if (!buf) {
124* wpa_printf(MSG_DEBUG, "PASN: Failed to allocate SAE buffer");
125* return NULL;
126* }
127*
128* wpabuf_put_le16(buf, WLAN_AUTH_SAE);
129* wpabuf_put_le16(buf, 1);
130* wpabuf_put_le16(buf, WLAN_STATUS_SAE_HASH_TO_ELEMENT);
131*
132* sae_write_commit(&pasn->sae, buf, NULL, 0);
133* pasn->sae.state = SAE_COMMITTED;
134*
135* return buf;
136* }
137*
138*
wpas_pasn_wd_sae_rx(struct wpa_supplicant * wpa_s,struct wpabuf * wd)139* static int wpas_pasn_wd_sae_rx(struct wpa_supplicant *wpa_s, struct wpabuf *wd)
140* {
141* struct wpas_pasn *pasn = &wpa_s->pasn;
142* const u8 *data;
143* size_t buf_len;
144* u16 len, res, alg, seq, status;
145* int groups[] = { pasn->group, 0 };
146* int ret;
147*
148* if (!wd)
149* return -1;
150*
151* data = wpabuf_head_u8(wd);
152* buf_len = wpabuf_len(wd);
153*
154* /* first handle the commit message */
155* if (buf_len < 2) {
156* wpa_printf(MSG_DEBUG, "PASN: SAE buffer too short (commit)");
157* return -1;
158* }
159*
160* len = WPA_GET_LE16(data);
161* if (len < 6 || buf_len - 2 < len) {
162* wpa_printf(MSG_DEBUG, "PASN: SAE buffer too short for commit");
163* return -1;
164* }
165*
166* buf_len -= 2;
167* data += 2;
168*
169* alg = WPA_GET_LE16(data);
170* seq = WPA_GET_LE16(data + 2);
171* status = WPA_GET_LE16(data + 4);
172*
173* wpa_printf(MSG_DEBUG, "PASN: SAE: commit: alg=%u, seq=%u, status=%u",
174* alg, seq, status);
175*
176* if (alg != WLAN_AUTH_SAE || seq != 1 ||
177* status != WLAN_STATUS_SAE_HASH_TO_ELEMENT) {
178* wpa_printf(MSG_DEBUG, "PASN: SAE: dropping peer commit");
179* return -1;
180* }
181*
182* res = sae_parse_commit(&pasn->sae, data + 6, len - 6, NULL, 0, groups,
183* 1);
184* if (res != WLAN_STATUS_SUCCESS) {
185* wpa_printf(MSG_DEBUG, "PASN: SAE failed parsing commit");
186* return -1;
187* }
188*
189* /* Process the commit message and derive the PMK */
190* ret = sae_process_commit(&pasn->sae);
191* if (ret) {
192* wpa_printf(MSG_DEBUG, "SAE: Failed to process peer commit");
193* return -1;
194* }
195*
196* buf_len -= len;
197* data += len;
198*
199* /* Handle the confirm message */
200* if (buf_len < 2) {
201* wpa_printf(MSG_DEBUG, "PASN: SAE buffer too short (confirm)");
202* return -1;
203* }
204*
205* len = WPA_GET_LE16(data);
206* if (len < 6 || buf_len - 2 < len) {
207* wpa_printf(MSG_DEBUG, "PASN: SAE buffer too short for confirm");
208* return -1;
209* }
210*
211* buf_len -= 2;
212* data += 2;
213*
214* alg = WPA_GET_LE16(data);
215* seq = WPA_GET_LE16(data + 2);
216* status = WPA_GET_LE16(data + 4);
217*
218* wpa_printf(MSG_DEBUG, "PASN: SAE confirm: alg=%u, seq=%u, status=%u",
219* alg, seq, status);
220*
221* if (alg != WLAN_AUTH_SAE || seq != 2 || status != WLAN_STATUS_SUCCESS) {
222* wpa_printf(MSG_DEBUG, "PASN: Dropping peer SAE confirm");
223* return -1;
224* }
225*
226* res = sae_check_confirm(&pasn->sae, data + 6, len - 6);
227* if (res != WLAN_STATUS_SUCCESS) {
228* wpa_printf(MSG_DEBUG, "PASN: SAE failed checking confirm");
229* return -1;
230* }
231*
232* wpa_printf(MSG_DEBUG, "PASN: SAE completed successfully");
233* pasn->sae.state = SAE_ACCEPTED;
234*
235* return 0;
236* }
237*
238*
wpas_pasn_wd_sae_confirm(struct wpa_supplicant * wpa_s)239* static struct wpabuf * wpas_pasn_wd_sae_confirm(struct wpa_supplicant *wpa_s)
240* {
241* struct wpas_pasn *pasn = &wpa_s->pasn;
242* struct wpabuf *buf = NULL;
243*
244* /* Need to add the entire authentication frame body */
245* buf = wpabuf_alloc(6 + SAE_CONFIRM_MAX_LEN);
246* if (!buf) {
247* wpa_printf(MSG_DEBUG, "PASN: Failed to allocate SAE buffer");
248* return NULL;
249* }
250*
251* wpabuf_put_le16(buf, WLAN_AUTH_SAE);
252* wpabuf_put_le16(buf, 2);
253* wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS);
254*
255* sae_write_confirm(&pasn->sae, buf);
256* pasn->sae.state = SAE_CONFIRMED;
257*
258* return buf;
259* }
260*
261*
wpas_pasn_sae_setup_pt(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,int group)262* static int wpas_pasn_sae_setup_pt(struct wpa_supplicant *wpa_s,
263* struct wpa_ssid *ssid, int group)
264* {
265* const char *password = ssid->sae_password;
266* int groups[2] = { group, 0 };
267*
268* if (!password)
269* password = ssid->passphrase;
270*
271* if (!password) {
272* wpa_printf(MSG_DEBUG, "PASN: SAE without a password");
273* return -1;
274* }
275*
276* if (ssid->pt)
277* return 0; /* PT already derived */
278*
279* ssid->pt = sae_derive_pt(groups, ssid->ssid, ssid->ssid_len,
280* (const u8 *) password, os_strlen(password),
281* ssid->sae_password_id);
282*
283* return ssid->pt ? 0 : -1;
284* }
285*
286* #endif /* CONFIG_SAE */
287*
288*
289* #ifdef CONFIG_FILS
290*
wpas_pasn_fils_build_auth(struct wpa_supplicant * wpa_s)291* static struct wpabuf * wpas_pasn_fils_build_auth(struct wpa_supplicant *wpa_s)
292* {
293* struct wpas_pasn *pasn = &wpa_s->pasn;
294* struct wpabuf *buf = NULL;
295* struct wpabuf *erp_msg;
296* int ret;
297*
298* erp_msg = eapol_sm_build_erp_reauth_start(wpa_s->eapol);
299* if (!erp_msg) {
300* wpa_printf(MSG_DEBUG,
301* "PASN: FILS: ERP EAP-Initiate/Re-auth unavailable");
302* return NULL;
303* }
304*
305* if (random_get_bytes(pasn->fils.nonce, FILS_NONCE_LEN) < 0 ||
306* random_get_bytes(pasn->fils.session, FILS_SESSION_LEN) < 0)
307* goto fail;
308*
309* wpa_hexdump(MSG_DEBUG, "PASN: FILS: Nonce", pasn->fils.nonce,
310* FILS_NONCE_LEN);
311*
312* wpa_hexdump(MSG_DEBUG, "PASN: FILS: Session", pasn->fils.session,
313* FILS_SESSION_LEN);
314*
315* buf = wpabuf_alloc(1500);
316* if (!buf)
317* goto fail;
318*
319* /* Add the authentication algorithm */
320* wpabuf_put_le16(buf, WLAN_AUTH_FILS_SK);
321*
322* /* Authentication Transaction seq# */
323* wpabuf_put_le16(buf, 1);
324*
325* /* Status Code */
326* wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS);
327*
328* /* Own RSNE */
329* wpa_pasn_add_rsne(buf, NULL, pasn->akmp, pasn->cipher);
330*
331* /* FILS Nonce */
332* wpabuf_put_u8(buf, WLAN_EID_EXTENSION);
333* wpabuf_put_u8(buf, 1 + FILS_NONCE_LEN);
334* wpabuf_put_u8(buf, WLAN_EID_EXT_FILS_NONCE);
335* wpabuf_put_data(buf, pasn->fils.nonce, FILS_NONCE_LEN);
336*
337* /* FILS Session */
338* wpabuf_put_u8(buf, WLAN_EID_EXTENSION);
339* wpabuf_put_u8(buf, 1 + FILS_SESSION_LEN);
340* wpabuf_put_u8(buf, WLAN_EID_EXT_FILS_SESSION);
341* wpabuf_put_data(buf, pasn->fils.session, FILS_SESSION_LEN);
342*
343* /* Wrapped Data (ERP) */
344* wpabuf_put_u8(buf, WLAN_EID_EXTENSION);
345* wpabuf_put_u8(buf, 1 + wpabuf_len(erp_msg));
346* wpabuf_put_u8(buf, WLAN_EID_EXT_WRAPPED_DATA);
347* wpabuf_put_buf(buf, erp_msg);
348*
349* /*
350* * Calculate pending PMKID here so that we do not need to maintain a
351* * copy of the EAP-Initiate/Reauth message.
352* */
353* ret = fils_pmkid_erp(pasn->akmp, wpabuf_head(erp_msg),
354* wpabuf_len(erp_msg),
355* pasn->fils.erp_pmkid);
356* if (ret) {
357* wpa_printf(MSG_DEBUG, "PASN: FILS: Failed to get ERP PMKID");
358* goto fail;
359* }
360*
361* wpabuf_free(erp_msg);
362* erp_msg = NULL;
363*
364* wpa_hexdump_buf(MSG_DEBUG, "PASN: FILS: Authentication frame", buf);
365* return buf;
366* fail:
367* wpabuf_free(erp_msg);
368* wpabuf_free(buf);
369* return NULL;
370* }
371*
372*
wpas_pasn_initiate_eapol(struct wpa_supplicant * wpa_s)373* static void wpas_pasn_initiate_eapol(struct wpa_supplicant *wpa_s)
374* {
375* struct wpas_pasn *pasn = &wpa_s->pasn;
376* struct eapol_config eapol_conf;
377* struct wpa_ssid *ssid = pasn->ssid;
378*
379* wpa_printf(MSG_DEBUG, "PASN: FILS: Initiating EAPOL");
380*
381* eapol_sm_notify_eap_success(wpa_s->eapol, false);
382* eapol_sm_notify_eap_fail(wpa_s->eapol, false);
383* eapol_sm_notify_portControl(wpa_s->eapol, Auto);
384*
385* os_memset(&eapol_conf, 0, sizeof(eapol_conf));
386* eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
387* eapol_conf.workaround = ssid->eap_workaround;
388*
389* eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
390* }
391*
392*
wpas_pasn_wd_fils_auth(struct wpa_supplicant * wpa_s)393* static struct wpabuf * wpas_pasn_wd_fils_auth(struct wpa_supplicant *wpa_s)
394* {
395* struct wpas_pasn *pasn = &wpa_s->pasn;
396* struct wpa_bss *bss;
397* const u8 *indic;
398* u16 fils_info;
399*
400* wpa_printf(MSG_DEBUG, "PASN: FILS: wrapped data - completed=%u",
401* pasn->fils.completed);
402*
403* /* Nothing to add as we are done */
404* if (pasn->fils.completed)
405* return NULL;
406*
407* if (!pasn->ssid) {
408* wpa_printf(MSG_DEBUG, "PASN: FILS: No network block");
409* return NULL;
410* }
411*
412* bss = wpa_bss_get_bssid(wpa_s, pasn->bssid);
413* if (!bss) {
414* wpa_printf(MSG_DEBUG, "PASN: FILS: BSS not found");
415* return NULL;
416* }
417*
418* indic = wpa_bss_get_ie(bss, WLAN_EID_FILS_INDICATION);
419* if (!indic || indic[1] < 2) {
420* wpa_printf(MSG_DEBUG, "PASN: Missing FILS Indication IE");
421* return NULL;
422* }
423*
424* fils_info = WPA_GET_LE16(indic + 2);
425* if (!(fils_info & BIT(9))) {
426* wpa_printf(MSG_DEBUG,
427* "PASN: FILS auth without PFS not supported");
428* return NULL;
429* }
430*
431* wpas_pasn_initiate_eapol(wpa_s);
432*
433* return wpas_pasn_fils_build_auth(wpa_s);
434* }
435*
436*
wpas_pasn_wd_fils_rx(struct wpa_supplicant * wpa_s,struct wpabuf * wd)437* static int wpas_pasn_wd_fils_rx(struct wpa_supplicant *wpa_s, struct wpabuf *wd)
438* {
439* struct wpas_pasn *pasn = &wpa_s->pasn;
440* struct ieee802_11_elems elems;
441* struct wpa_ie_data rsne_data;
442* u8 rmsk[ERP_MAX_KEY_LEN];
443* size_t rmsk_len;
444* u8 anonce[FILS_NONCE_LEN];
445* const u8 *data;
446* size_t buf_len;
447* struct wpabuf *fils_wd = NULL;
448* u16 alg, seq, status;
449* int ret;
450*
451* if (!wd)
452* return -1;
453*
454* data = wpabuf_head(wd);
455* buf_len = wpabuf_len(wd);
456*
457* wpa_hexdump(MSG_DEBUG, "PASN: FILS: Authentication frame len=%zu",
458* data, buf_len);
459*
460* /* first handle the header */
461* if (buf_len < 6) {
462* wpa_printf(MSG_DEBUG, "PASN: FILS: Buffer too short");
463* return -1;
464* }
465*
466* alg = WPA_GET_LE16(data);
467* seq = WPA_GET_LE16(data + 2);
468* status = WPA_GET_LE16(data + 4);
469*
470* wpa_printf(MSG_DEBUG, "PASN: FILS: commit: alg=%u, seq=%u, status=%u",
471* alg, seq, status);
472*
473* if (alg != WLAN_AUTH_FILS_SK || seq != 2 ||
474* status != WLAN_STATUS_SUCCESS) {
475* wpa_printf(MSG_DEBUG,
476* "PASN: FILS: Dropping peer authentication");
477* return -1;
478* }
479*
480* data += 6;
481* buf_len -= 6;
482*
483* if (ieee802_11_parse_elems(data, buf_len, &elems, 1) == ParseFailed) {
484* wpa_printf(MSG_DEBUG, "PASN: FILS: Could not parse elements");
485* return -1;
486* }
487*
488* if (!elems.rsn_ie || !elems.fils_nonce || !elems.fils_nonce ||
489* !elems.wrapped_data) {
490* wpa_printf(MSG_DEBUG, "PASN: FILS: Missing IEs");
491* return -1;
492* }
493*
494* ret = wpa_parse_wpa_ie(elems.rsn_ie - 2, elems.rsn_ie_len + 2,
495* &rsne_data);
496* if (ret) {
497* wpa_printf(MSG_DEBUG, "PASN: FILS: Failed parsing RNSE");
498* return -1;
499* }
500*
501* ret = wpa_pasn_validate_rsne(&rsne_data);
502* if (ret) {
503* wpa_printf(MSG_DEBUG, "PASN: FILS: Failed validating RSNE");
504* return -1;
505* }
506*
507* if (rsne_data.num_pmkid) {
508* wpa_printf(MSG_DEBUG,
509* "PASN: FILS: Not expecting PMKID in RSNE");
510* return -1;
511* }
512*
513* wpa_hexdump(MSG_DEBUG, "PASN: FILS: ANonce", elems.fils_nonce,
514* FILS_NONCE_LEN);
515* os_memcpy(anonce, elems.fils_nonce, FILS_NONCE_LEN);
516*
517* wpa_hexdump(MSG_DEBUG, "PASN: FILS: FILS Session", elems.fils_session,
518* FILS_SESSION_LEN);
519*
520* if (os_memcmp(pasn->fils.session, elems.fils_session,
521* FILS_SESSION_LEN)) {
522* wpa_printf(MSG_DEBUG, "PASN: FILS: Session mismatch");
523* return -1;
524* }
525*
526* fils_wd = ieee802_11_defrag(&elems, WLAN_EID_EXTENSION,
527* WLAN_EID_EXT_WRAPPED_DATA);
528*
529* if (!fils_wd) {
530* wpa_printf(MSG_DEBUG,
531* "PASN: FILS: Failed getting wrapped data");
532* return -1;
533* }
534*
535* eapol_sm_process_erp_finish(wpa_s->eapol, wpabuf_head(fils_wd),
536* wpabuf_len(fils_wd));
537*
538* wpabuf_free(fils_wd);
539* fils_wd = NULL;
540*
541* if (eapol_sm_failed(wpa_s->eapol)) {
542* wpa_printf(MSG_DEBUG, "PASN: FILS: ERP finish failed");
543* return -1;
544* }
545*
546* rmsk_len = ERP_MAX_KEY_LEN;
547* ret = eapol_sm_get_key(wpa_s->eapol, rmsk, rmsk_len);
548*
549* if (ret == PMK_LEN) {
550* rmsk_len = PMK_LEN;
551* ret = eapol_sm_get_key(wpa_s->eapol, rmsk, rmsk_len);
552* }
553*
554* if (ret) {
555* wpa_printf(MSG_DEBUG, "PASN: FILS: Failed getting RMSK");
556* return -1;
557* }
558*
559* ret = fils_rmsk_to_pmk(pasn->akmp, rmsk, rmsk_len,
560* pasn->fils.nonce, anonce, NULL, 0,
561* pasn->pmk, &pasn->pmk_len);
562*
563* forced_memzero(rmsk, sizeof(rmsk));
564*
565* if (ret) {
566* wpa_printf(MSG_DEBUG, "PASN: FILS: Failed to derive PMK");
567* return -1;
568* }
569*
570* wpa_hexdump(MSG_DEBUG, "PASN: FILS: PMKID", pasn->fils.erp_pmkid,
571* PMKID_LEN);
572*
573* wpa_printf(MSG_DEBUG, "PASN: FILS: ERP processing succeeded");
574*
575* wpa_pasn_pmksa_cache_add(wpa_s->wpa, pasn->pmk,
576* pasn->pmk_len, pasn->fils.erp_pmkid,
577* pasn->bssid, pasn->akmp);
578*
579* pasn->fils.completed = true;
580* return 0;
581* }
582*
583* #endif /* CONFIG_FILS */
584*
585*
wpas_pasn_get_wrapped_data(struct wpa_supplicant * wpa_s)586* static struct wpabuf * wpas_pasn_get_wrapped_data(struct wpa_supplicant *wpa_s)
587* {
588* struct wpas_pasn *pasn = &wpa_s->pasn;
589*
590* if (pasn->using_pmksa)
591* return NULL;
592*
593* switch (pasn->akmp) {
594* case WPA_KEY_MGMT_PASN:
595* /* no wrapped data */
596* return NULL;
597* case WPA_KEY_MGMT_SAE:
598* #ifdef CONFIG_SAE
599* if (pasn->trans_seq == 0)
600* return wpas_pasn_wd_sae_commit(wpa_s);
601* if (pasn->trans_seq == 2)
602* return wpas_pasn_wd_sae_confirm(wpa_s);
603* #endif /* CONFIG_SAE */
604* wpa_printf(MSG_ERROR,
605* "PASN: SAE: Cannot derive wrapped data");
606* return NULL;
607* case WPA_KEY_MGMT_FILS_SHA256:
608* case WPA_KEY_MGMT_FILS_SHA384:
609* #ifdef CONFIG_FILS
610* return wpas_pasn_wd_fils_auth(wpa_s);
611* #endif /* CONFIG_FILS */
612* case WPA_KEY_MGMT_FT_PSK:
613* case WPA_KEY_MGMT_FT_IEEE8021X:
614* case WPA_KEY_MGMT_FT_IEEE8021X_SHA384:
615* /*
616* * Wrapped data with these AKMs is optional and is only needed
617* * for further validation of FT security parameters. For now do
618* * not use them.
619* */
620* return NULL;
621* default:
622* wpa_printf(MSG_ERROR,
623* "PASN: TODO: Wrapped data for akmp=0x%x",
624* pasn->akmp);
625* return NULL;
626* }
627* }
628*
629*
wpas_pasn_get_wrapped_data_format(struct wpas_pasn * pasn)630* static u8 wpas_pasn_get_wrapped_data_format(struct wpas_pasn *pasn)
631* {
632* if (pasn->using_pmksa)
633* return WPA_PASN_WRAPPED_DATA_NO;
634*
635* /* Note: Valid AKMP is expected to already be validated */
636* switch (pasn->akmp) {
637* case WPA_KEY_MGMT_SAE:
638* return WPA_PASN_WRAPPED_DATA_SAE;
639* case WPA_KEY_MGMT_FILS_SHA256:
640* case WPA_KEY_MGMT_FILS_SHA384:
641* return WPA_PASN_WRAPPED_DATA_FILS_SK;
642* case WPA_KEY_MGMT_FT_PSK:
643* case WPA_KEY_MGMT_FT_IEEE8021X:
644* case WPA_KEY_MGMT_FT_IEEE8021X_SHA384:
645* /*
646* * Wrapped data with these AKMs is optional and is only needed
647* * for further validation of FT security parameters. For now do
648* * not use them.
649* */
650* return WPA_PASN_WRAPPED_DATA_NO;
651* case WPA_KEY_MGMT_PASN:
652* default:
653* return WPA_PASN_WRAPPED_DATA_NO;
654* }
655* }
656*
657*
wpas_pasn_build_auth_1(struct wpa_supplicant * wpa_s,const struct wpabuf * comeback)658* static struct wpabuf * wpas_pasn_build_auth_1(struct wpa_supplicant *wpa_s,
659* const struct wpabuf *comeback)
660* {
661* struct wpas_pasn *pasn = &wpa_s->pasn;
662* struct wpabuf *buf, *pubkey = NULL, *wrapped_data_buf = NULL;
663* const u8 *pmkid;
664* u8 wrapped_data;
665* int ret;
666* u16 capab;
667*
668* wpa_printf(MSG_DEBUG, "PASN: Building frame 1");
669*
670* if (pasn->trans_seq)
671* return NULL;
672*
673* buf = wpabuf_alloc(1500);
674* if (!buf)
675* goto fail;
676*
677* /* Get public key */
678* pubkey = crypto_ecdh_get_pubkey(pasn->ecdh, 0);
679* pubkey = wpabuf_zeropad(pubkey, crypto_ecdh_prime_len(pasn->ecdh));
680* if (!pubkey) {
681* wpa_printf(MSG_DEBUG, "PASN: Failed to get pubkey");
682* goto fail;
683* }
684*
685* wrapped_data = wpas_pasn_get_wrapped_data_format(pasn);
686*
687* wpa_pasn_build_auth_header(buf, pasn->bssid,
688* wpa_s->own_addr, pasn->bssid,
689* pasn->trans_seq + 1, WLAN_STATUS_SUCCESS);
690*
691* pmkid = NULL;
692* if (wpa_key_mgmt_ft(pasn->akmp)) {
693* ret = wpa_pasn_ft_derive_pmk_r1(wpa_s->wpa, pasn->akmp,
694* pasn->bssid,
695* pasn->pmk_r1,
696* &pasn->pmk_r1_len,
697* pasn->pmk_r1_name);
698* if (ret) {
699* wpa_printf(MSG_DEBUG,
700* "PASN: FT: Failed to derive keys");
701* goto fail;
702* }
703*
704* pmkid = pasn->pmk_r1_name;
705* } else if (wrapped_data != WPA_PASN_WRAPPED_DATA_NO) {
706* struct rsn_pmksa_cache_entry *pmksa;
707*
708* pmksa = wpa_sm_pmksa_cache_get(wpa_s->wpa, pasn->bssid,
709* NULL, NULL, pasn->akmp);
710* if (pmksa)
711* pmkid = pmksa->pmkid;
712*
713* /*
714* * Note: Even when PMKSA is available, also add wrapped data as
715* * it is possible that the PMKID is no longer valid at the AP.
716* */
717* wrapped_data_buf = wpas_pasn_get_wrapped_data(wpa_s);
718* }
719*
720* if (wpa_pasn_add_rsne(buf, pmkid, pasn->akmp, pasn->cipher) < 0)
721* goto fail;
722*
723* if (!wrapped_data_buf)
724* wrapped_data = WPA_PASN_WRAPPED_DATA_NO;
725*
726* wpa_pasn_add_parameter_ie(buf, pasn->group, wrapped_data,
727* pubkey, true, comeback, -1);
728*
729* if (wpa_pasn_add_wrapped_data(buf, wrapped_data_buf) < 0)
730* goto fail;
731*
732* /* Add own RNSXE */
733* capab = 0;
734* capab |= BIT(WLAN_RSNX_CAPAB_SAE_H2E);
735* if (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_LTF)
736* capab |= BIT(WLAN_RSNX_CAPAB_SECURE_LTF);
737* if (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_RTT)
738* capab |= BIT(WLAN_RSNX_CAPAB_SECURE_RTT);
739* if (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_PROT_RANGE_NEG)
740* capab |= BIT(WLAN_RSNX_CAPAB_PROT_RANGE_NEG);
741* wpa_pasn_add_rsnxe(buf, capab);
742*
743* ret = pasn_auth_frame_hash(pasn->akmp, pasn->cipher,
744* wpabuf_head_u8(buf) + IEEE80211_HDRLEN,
745* wpabuf_len(buf) - IEEE80211_HDRLEN,
746* pasn->hash);
747* if (ret) {
748* wpa_printf(MSG_DEBUG, "PASN: Failed to compute hash");
749* goto fail;
750* }
751*
752* pasn->trans_seq++;
753*
754* wpabuf_free(wrapped_data_buf);
755* wpabuf_free(pubkey);
756*
757* wpa_printf(MSG_DEBUG, "PASN: Frame 1: Success");
758* return buf;
759* fail:
760* pasn->status = WLAN_STATUS_UNSPECIFIED_FAILURE;
761* wpabuf_free(wrapped_data_buf);
762* wpabuf_free(pubkey);
763* wpabuf_free(buf);
764* return NULL;
765* }
766*
767*
wpas_pasn_build_auth_3(struct wpa_supplicant * wpa_s)768* static struct wpabuf * wpas_pasn_build_auth_3(struct wpa_supplicant *wpa_s)
769* {
770* struct wpas_pasn *pasn = &wpa_s->pasn;
771* struct wpabuf *buf, *wrapped_data_buf = NULL;
772* u8 mic[WPA_PASN_MAX_MIC_LEN];
773* u8 mic_len, data_len;
774* const u8 *data;
775* u8 *ptr;
776* u8 wrapped_data;
777* int ret;
778*
779* wpa_printf(MSG_DEBUG, "PASN: Building frame 3");
780*
781* if (pasn->trans_seq != 2)
782* return NULL;
783*
784* buf = wpabuf_alloc(1500);
785* if (!buf)
786* goto fail;
787*
788* wrapped_data = wpas_pasn_get_wrapped_data_format(pasn);
789*
790* wpa_pasn_build_auth_header(buf, pasn->bssid,
791* wpa_s->own_addr, pasn->bssid,
792* pasn->trans_seq + 1, WLAN_STATUS_SUCCESS);
793*
794* wrapped_data_buf = wpas_pasn_get_wrapped_data(wpa_s);
795*
796* if (!wrapped_data_buf)
797* wrapped_data = WPA_PASN_WRAPPED_DATA_NO;
798*
799* wpa_pasn_add_parameter_ie(buf, pasn->group, wrapped_data,
800* NULL, false, NULL, -1);
801*
802* if (wpa_pasn_add_wrapped_data(buf, wrapped_data_buf) < 0)
803* goto fail;
804* wpabuf_free(wrapped_data_buf);
805* wrapped_data_buf = NULL;
806*
807* /* Add the MIC */
808* mic_len = pasn_mic_len(pasn->akmp, pasn->cipher);
809* wpabuf_put_u8(buf, WLAN_EID_MIC);
810* wpabuf_put_u8(buf, mic_len);
811* ptr = wpabuf_put(buf, mic_len);
812*
813* os_memset(ptr, 0, mic_len);
814*
815* data = wpabuf_head_u8(buf) + IEEE80211_HDRLEN;
816* data_len = wpabuf_len(buf) - IEEE80211_HDRLEN;
817*
818* ret = pasn_mic(pasn->ptk.kck, pasn->akmp, pasn->cipher,
819* wpa_s->own_addr, pasn->bssid,
820* pasn->hash, mic_len * 2, data, data_len, mic);
821* if (ret) {
822* wpa_printf(MSG_DEBUG, "PASN: frame 3: Failed MIC calculation");
823* goto fail;
824* }
825*
826* #ifdef CONFIG_TESTING_OPTIONS
827* if (wpa_s->conf->pasn_corrupt_mic) {
828* wpa_printf(MSG_DEBUG, "PASN: frame 3: Corrupt MIC");
829* mic[0] = ~mic[0];
830* }
831* #endif /* CONFIG_TESTING_OPTIONS */
832*
833* os_memcpy(ptr, mic, mic_len);
834*
835* pasn->trans_seq++;
836*
837* wpa_printf(MSG_DEBUG, "PASN: frame 3: Success");
838* return buf;
839* fail:
840* pasn->status = WLAN_STATUS_UNSPECIFIED_FAILURE;
841* wpabuf_free(wrapped_data_buf);
842* wpabuf_free(buf);
843* return NULL;
844* }
845*
846*
wpas_pasn_reset(struct wpa_supplicant * wpa_s)847* static void wpas_pasn_reset(struct wpa_supplicant *wpa_s)
848* {
849* struct wpas_pasn *pasn = &wpa_s->pasn;
850*
851* wpa_printf(MSG_DEBUG, "PASN: Reset");
852*
853* crypto_ecdh_deinit(pasn->ecdh);
854* pasn->ecdh = NULL;
855*
856* wpas_pasn_cancel_auth_work(wpa_s);
857* wpa_s->pasn_auth_work = NULL;
858*
859* eloop_cancel_timeout(wpas_pasn_auth_work_timeout, wpa_s, NULL);
860*
861* pasn->akmp = 0;
862* pasn->cipher = 0;
863* pasn->group = 0;
864* pasn->trans_seq = 0;
865* pasn->pmk_len = 0;
866* pasn->using_pmksa = false;
867*
868* forced_memzero(pasn->pmk, sizeof(pasn->pmk));
869* forced_memzero(&pasn->ptk, sizeof(pasn->ptk));
870* forced_memzero(&pasn->hash, sizeof(pasn->hash));
871*
872* wpabuf_free(pasn->beacon_rsne_rsnxe);
873* pasn->beacon_rsne_rsnxe = NULL;
874*
875* wpabuf_free(pasn->comeback);
876* pasn->comeback = NULL;
877* pasn->comeback_after = 0;
878*
879* #ifdef CONFIG_SAE
880* sae_clear_data(&pasn->sae);
881* #endif /* CONFIG_SAE */
882*
883* #ifdef CONFIG_FILS
884* os_memset(&pasn->fils, 0, sizeof(pasn->fils));
885* #endif /* CONFIG_FILS*/
886*
887* #ifdef CONFIG_IEEE80211R
888* forced_memzero(pasn->pmk_r1, sizeof(pasn->pmk_r1));
889* pasn->pmk_r1_len = 0;
890* os_memset(pasn->pmk_r1_name, 0, sizeof(pasn->pmk_r1_name));
891* #endif /* CONFIG_IEEE80211R */
892* pasn->status = WLAN_STATUS_UNSPECIFIED_FAILURE;
893* }
894*
895*
wpas_pasn_set_pmk(struct wpa_supplicant * wpa_s,struct wpa_ie_data * rsn_data,struct wpa_pasn_params_data * pasn_data,struct wpabuf * wrapped_data)896* static int wpas_pasn_set_pmk(struct wpa_supplicant *wpa_s,
897* struct wpa_ie_data *rsn_data,
898* struct wpa_pasn_params_data *pasn_data,
899* struct wpabuf *wrapped_data)
900* {
901* static const u8 pasn_default_pmk[] = {'P', 'M', 'K', 'z'};
902* struct wpas_pasn *pasn = &wpa_s->pasn;
903*
904* os_memset(pasn->pmk, 0, sizeof(pasn->pmk));
905* pasn->pmk_len = 0;
906*
907* if (pasn->akmp == WPA_KEY_MGMT_PASN) {
908* wpa_printf(MSG_DEBUG, "PASN: Using default PMK");
909*
910* pasn->pmk_len = WPA_PASN_PMK_LEN;
911* os_memcpy(pasn->pmk, pasn_default_pmk,
912* sizeof(pasn_default_pmk));
913* return 0;
914* }
915*
916* if (wpa_key_mgmt_ft(pasn->akmp)) {
917* #ifdef CONFIG_IEEE80211R
918* wpa_printf(MSG_DEBUG, "PASN: FT: Using PMK-R1");
919* pasn->pmk_len = pasn->pmk_r1_len;
920* os_memcpy(pasn->pmk, pasn->pmk_r1, pasn->pmk_r1_len);
921* pasn->using_pmksa = true;
922* return 0;
923* #else /* CONFIG_IEEE80211R */
924* wpa_printf(MSG_DEBUG, "PASN: FT: Not supported");
925* return -1;
926* #endif /* CONFIG_IEEE80211R */
927* }
928*
929* if (rsn_data->num_pmkid) {
930* struct rsn_pmksa_cache_entry *pmksa;
931*
932* pmksa = wpa_sm_pmksa_cache_get(wpa_s->wpa, pasn->bssid,
933* rsn_data->pmkid, NULL,
934* pasn->akmp);
935* if (pmksa) {
936* wpa_printf(MSG_DEBUG, "PASN: Using PMKSA");
937*
938* pasn->pmk_len = pmksa->pmk_len;
939* os_memcpy(pasn->pmk, pmksa->pmk, pmksa->pmk_len);
940* pasn->using_pmksa = true;
941*
942* return 0;
943* }
944* }
945*
946* #ifdef CONFIG_SAE
947* if (pasn->akmp == WPA_KEY_MGMT_SAE) {
948* int ret;
949*
950* ret = wpas_pasn_wd_sae_rx(wpa_s, wrapped_data);
951* if (ret) {
952* wpa_printf(MSG_DEBUG,
953* "PASN: Failed processing SAE wrapped data");
954* pasn->status = WLAN_STATUS_UNSPECIFIED_FAILURE;
955* return -1;
956* }
957*
958* wpa_printf(MSG_DEBUG, "PASN: Success deriving PMK with SAE");
959* pasn->pmk_len = PMK_LEN;
960* os_memcpy(pasn->pmk, pasn->sae.pmk, PMK_LEN);
961*
962* wpa_pasn_pmksa_cache_add(wpa_s->wpa, pasn->pmk,
963* pasn->pmk_len, pasn->sae.pmkid,
964* pasn->bssid, pasn->akmp);
965* return 0;
966* }
967* #endif /* CONFIG_SAE */
968*
969* #ifdef CONFIG_FILS
970* if (pasn->akmp == WPA_KEY_MGMT_FILS_SHA256 ||
971* pasn->akmp == WPA_KEY_MGMT_FILS_SHA384) {
972* int ret;
973*
974* ret = wpas_pasn_wd_fils_rx(wpa_s, wrapped_data);
975* if (ret) {
976* wpa_printf(MSG_DEBUG,
977* "PASN: Failed processing FILS wrapped data");
978* pasn->status = WLAN_STATUS_UNSPECIFIED_FAILURE;
979* return -1;
980* }
981*
982* return 0;
983* }
984* #endif /* CONFIG_FILS */
985*
986* /* TODO: Derive PMK based on wrapped data */
987* wpa_printf(MSG_DEBUG, "PASN: Missing implementation to derive PMK");
988* pasn->status = WLAN_STATUS_UNSPECIFIED_FAILURE;
989* return -1;
990* }
991*
992*
wpas_pasn_start(struct wpa_supplicant * wpa_s,const u8 * bssid,int akmp,int cipher,u16 group,int freq,const u8 * beacon_rsne,u8 beacon_rsne_len,const u8 * beacon_rsnxe,u8 beacon_rsnxe_len,int network_id,struct wpabuf * comeback)993* static int wpas_pasn_start(struct wpa_supplicant *wpa_s, const u8 *bssid,
994* int akmp, int cipher, u16 group, int freq,
995* const u8 *beacon_rsne, u8 beacon_rsne_len,
996* const u8 *beacon_rsnxe, u8 beacon_rsnxe_len,
997* int network_id, struct wpabuf *comeback)
998* {
999* struct wpas_pasn *pasn = &wpa_s->pasn;
1000* struct wpa_ssid *ssid = NULL;
1001* struct wpabuf *frame;
1002* int ret;
1003*
1004* /* TODO: Currently support only ECC groups */
1005* if (!dragonfly_suitable_group(group, 1)) {
1006* wpa_printf(MSG_DEBUG,
1007* "PASN: Reject unsuitable group %u", group);
1008* return -1;
1009* }
1010*
1011* ssid = wpa_config_get_network(wpa_s->conf, network_id);
1012*
1013* switch (akmp) {
1014* case WPA_KEY_MGMT_PASN:
1015* break;
1016* #ifdef CONFIG_SAE
1017* case WPA_KEY_MGMT_SAE:
1018* if (!ssid) {
1019* wpa_printf(MSG_DEBUG,
1020* "PASN: No network profile found for SAE");
1021* return -1;
1022* }
1023*
1024* if (!ieee802_11_rsnx_capab(beacon_rsnxe,
1025* WLAN_RSNX_CAPAB_SAE_H2E)) {
1026* wpa_printf(MSG_DEBUG,
1027* "PASN: AP does not support SAE H2E");
1028* return -1;
1029* }
1030*
1031* if (wpas_pasn_sae_setup_pt(wpa_s, ssid, group) < 0) {
1032* wpa_printf(MSG_DEBUG,
1033* "PASN: Failed to derive PT");
1034* return -1;
1035* }
1036*
1037* pasn->sae.state = SAE_NOTHING;
1038* pasn->sae.send_confirm = 0;
1039* pasn->ssid = ssid;
1040* break;
1041* #endif /* CONFIG_SAE */
1042* #ifdef CONFIG_FILS
1043* case WPA_KEY_MGMT_FILS_SHA256:
1044* case WPA_KEY_MGMT_FILS_SHA384:
1045* pasn->ssid = ssid;
1046* break;
1047* #endif /* CONFIG_FILS */
1048* #ifdef CONFIG_IEEE80211R
1049* case WPA_KEY_MGMT_FT_PSK:
1050* case WPA_KEY_MGMT_FT_IEEE8021X:
1051* case WPA_KEY_MGMT_FT_IEEE8021X_SHA384:
1052* break;
1053* #endif /* CONFIG_IEEE80211R */
1054* default:
1055* wpa_printf(MSG_ERROR, "PASN: Unsupported AKMP=0x%x", akmp);
1056* return -1;
1057* }
1058*
1059* pasn->ecdh = crypto_ecdh_init(group);
1060* if (!pasn->ecdh) {
1061* wpa_printf(MSG_DEBUG, "PASN: Failed to init ECDH");
1062* goto fail;
1063* }
1064*
1065* pasn->beacon_rsne_rsnxe = wpabuf_alloc(beacon_rsne_len +
1066* beacon_rsnxe_len);
1067* if (!pasn->beacon_rsne_rsnxe) {
1068* wpa_printf(MSG_DEBUG, "PASN: Failed storing beacon RSNE/RSNXE");
1069* goto fail;
1070* }
1071*
1072* wpabuf_put_data(pasn->beacon_rsne_rsnxe, beacon_rsne, beacon_rsne_len);
1073* if (beacon_rsnxe && beacon_rsnxe_len)
1074* wpabuf_put_data(pasn->beacon_rsne_rsnxe, beacon_rsnxe,
1075* beacon_rsnxe_len);
1076*
1077* pasn->akmp = akmp;
1078* pasn->cipher = cipher;
1079* pasn->group = group;
1080* pasn->freq = freq;
1081*
1082* #ifdef CONFIG_TESTING_OPTIONS
1083* if (wpa_s->conf->force_kdk_derivation ||
1084* #else
1085* if (
1086* #endif
1087* (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_SEC_LTF &&
1088* ieee802_11_rsnx_capab(beacon_rsnxe, WLAN_RSNX_CAPAB_SECURE_LTF)))
1089* pasn->kdk_len = WPA_KDK_MAX_LEN;
1090* else
1091* pasn->kdk_len = 0;
1092* wpa_printf(MSG_DEBUG, "PASN: kdk_len=%zu", pasn->kdk_len);
1093*
1094* os_memcpy(pasn->bssid, bssid, ETH_ALEN);
1095*
1096* wpa_printf(MSG_DEBUG,
1097* "PASN: Init: " MACSTR " akmp=0x%x, cipher=0x%x, group=%u",
1098* MAC2STR(pasn->bssid), pasn->akmp, pasn->cipher,
1099* pasn->group);
1100*
1101* frame = wpas_pasn_build_auth_1(wpa_s, comeback);
1102* if (!frame) {
1103* wpa_printf(MSG_DEBUG, "PASN: Failed building 1st auth frame");
1104* goto fail;
1105* }
1106*
1107* ret = wpa_drv_send_mlme(wpa_s, wpabuf_head(frame), wpabuf_len(frame), 0,
1108* pasn->freq, 1000);
1109*
1110* wpabuf_free(frame);
1111* if (ret) {
1112* wpa_printf(MSG_DEBUG, "PASN: Failed sending 1st auth frame");
1113* goto fail;
1114* }
1115*
1116* eloop_register_timeout(2, 0, wpas_pasn_auth_work_timeout, wpa_s, NULL);
1117* return 0;
1118*
1119* fail:
1120* return -1;
1121* }
1122*
1123*
wpas_pasn_allowed(struct wpa_supplicant * wpa_s,const u8 * bssid,int akmp,int cipher)1124* static struct wpa_bss * wpas_pasn_allowed(struct wpa_supplicant *wpa_s,
1125* const u8 *bssid, int akmp, int cipher)
1126* {
1127* struct wpa_bss *bss;
1128* const u8 *rsne;
1129* struct wpa_ie_data rsne_data;
1130* int ret;
1131*
1132* if (os_memcmp(wpa_s->bssid, bssid, ETH_ALEN) == 0) {
1133* wpa_printf(MSG_DEBUG,
1134* "PASN: Not doing authentication with current BSS");
1135* return NULL;
1136* }
1137*
1138* bss = wpa_bss_get_bssid(wpa_s, bssid);
1139* if (!bss) {
1140* wpa_printf(MSG_DEBUG, "PASN: BSS not found");
1141* return NULL;
1142* }
1143*
1144* rsne = wpa_bss_get_ie(bss, WLAN_EID_RSN);
1145* if (!rsne) {
1146* wpa_printf(MSG_DEBUG, "PASN: BSS without RSNE");
1147* return NULL;
1148* }
1149*
1150* ret = wpa_parse_wpa_ie(rsne, *(rsne + 1) + 2, &rsne_data);
1151* if (ret) {
1152* wpa_printf(MSG_DEBUG, "PASN: Failed parsing RSNE data");
1153* return NULL;
1154* }
1155*
1156* if (!(rsne_data.key_mgmt & akmp) ||
1157* !(rsne_data.pairwise_cipher & cipher)) {
1158* wpa_printf(MSG_DEBUG,
1159* "PASN: AP does not support requested AKMP or cipher");
1160* return NULL;
1161* }
1162*
1163* return bss;
1164* }
1165*
1166*
wpas_pasn_auth_start_cb(struct wpa_radio_work * work,int deinit)1167* static void wpas_pasn_auth_start_cb(struct wpa_radio_work *work, int deinit)
1168* {
1169* struct wpa_supplicant *wpa_s = work->wpa_s;
1170* struct wpa_pasn_auth_work *awork = work->ctx;
1171* struct wpa_bss *bss;
1172* const u8 *rsne, *rsnxe;
1173* int ret;
1174*
1175* wpa_printf(MSG_DEBUG, "PASN: auth_start_cb: deinit=%d", deinit);
1176*
1177* if (deinit) {
1178* if (work->started) {
1179* eloop_cancel_timeout(wpas_pasn_auth_work_timeout,
1180* wpa_s, NULL);
1181* wpa_s->pasn_auth_work = NULL;
1182* }
1183*
1184* wpas_pasn_free_auth_work(awork);
1185* return;
1186* }
1187*
1188* /*
1189* * It is possible that by the time the callback is called, the PASN
1190* * authentication is not allowed, e.g., a connection with the AP was
1191* * established.
1192* */
1193* bss = wpas_pasn_allowed(wpa_s, awork->bssid, awork->akmp,
1194* awork->cipher);
1195* if (!bss) {
1196* wpa_printf(MSG_DEBUG, "PASN: auth_start_cb: Not allowed");
1197* goto fail;
1198* }
1199*
1200* rsne = wpa_bss_get_ie(bss, WLAN_EID_RSN);
1201* if (!rsne) {
1202* wpa_printf(MSG_DEBUG, "PASN: BSS without RSNE");
1203* goto fail;
1204* }
1205*
1206* rsnxe = wpa_bss_get_ie(bss, WLAN_EID_RSNX);
1207*
1208* ret = wpas_pasn_start(wpa_s, awork->bssid, awork->akmp, awork->cipher,
1209* awork->group, bss->freq, rsne, *(rsne + 1) + 2,
1210* rsnxe, rsnxe ? *(rsnxe + 1) + 2 : 0,
1211* awork->network_id, awork->comeback);
1212* if (ret) {
1213* wpa_printf(MSG_DEBUG,
1214* "PASN: Failed to start PASN authentication");
1215* goto fail;
1216* }
1217*
1218* /* comeback token is no longer needed at this stage */
1219* wpabuf_free(awork->comeback);
1220* awork->comeback = NULL;
1221*
1222* wpa_s->pasn_auth_work = work;
1223* return;
1224* fail:
1225* wpas_pasn_free_auth_work(awork);
1226* work->ctx = NULL;
1227* radio_work_done(work);
1228* }
1229*
1230*
wpas_pasn_auth_start(struct wpa_supplicant * wpa_s,const u8 * bssid,int akmp,int cipher,u16 group,int network_id,const u8 * comeback,size_t comeback_len)1231* int wpas_pasn_auth_start(struct wpa_supplicant *wpa_s, const u8 *bssid,
1232* int akmp, int cipher, u16 group, int network_id,
1233* const u8 *comeback, size_t comeback_len)
1234* {
1235* struct wpa_pasn_auth_work *awork;
1236* struct wpa_bss *bss;
1237*
1238* wpa_printf(MSG_DEBUG, "PASN: Start: " MACSTR " akmp=0x%x, cipher=0x%x",
1239* MAC2STR(bssid), akmp, cipher);
1240*
1241* /*
1242* * TODO: Consider modifying the offchannel logic to handle additional
1243* * Management frames other then Action frames. For now allow PASN only
1244* * with drivers that support off-channel TX.
1245* */
1246* if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_TX)) {
1247* wpa_printf(MSG_DEBUG,
1248* "PASN: Driver does not support offchannel TX");
1249* return -1;
1250* }
1251*
1252* if (radio_work_pending(wpa_s, "pasn-start-auth")) {
1253* wpa_printf(MSG_DEBUG,
1254* "PASN: send_auth: Work is already pending");
1255* return -1;
1256* }
1257*
1258* if (wpa_s->pasn_auth_work) {
1259* wpa_printf(MSG_DEBUG, "PASN: send_auth: Already in progress");
1260* return -1;
1261* }
1262*
1263* bss = wpas_pasn_allowed(wpa_s, bssid, akmp, cipher);
1264* if (!bss)
1265* return -1;
1266*
1267* wpas_pasn_reset(wpa_s);
1268*
1269* awork = os_zalloc(sizeof(*awork));
1270* if (!awork)
1271* return -1;
1272*
1273* os_memcpy(awork->bssid, bssid, ETH_ALEN);
1274* awork->akmp = akmp;
1275* awork->cipher = cipher;
1276* awork->group = group;
1277* awork->network_id = network_id;
1278*
1279* if (comeback && comeback_len) {
1280* awork->comeback = wpabuf_alloc_copy(comeback, comeback_len);
1281* if (!awork->comeback) {
1282* wpas_pasn_free_auth_work(awork);
1283* return -1;
1284* }
1285* }
1286*
1287* if (radio_add_work(wpa_s, bss->freq, "pasn-start-auth", 1,
1288* wpas_pasn_auth_start_cb, awork) < 0) {
1289* wpas_pasn_free_auth_work(awork);
1290* return -1;
1291* }
1292*
1293* wpa_printf(MSG_DEBUG, "PASN: Auth work successfully added");
1294* return 0;
1295* }
1296*
1297*
wpas_pasn_auth_stop(struct wpa_supplicant * wpa_s)1298* void wpas_pasn_auth_stop(struct wpa_supplicant *wpa_s)
1299* {
1300* struct wpas_pasn *pasn = &wpa_s->pasn;
1301*
1302* if (!wpa_s->pasn.ecdh)
1303* return;
1304*
1305* wpa_printf(MSG_DEBUG, "PASN: Stopping authentication");
1306*
1307* wpas_pasn_auth_status(wpa_s, pasn->bssid, pasn->akmp, pasn->cipher,
1308* pasn->status, pasn->comeback,
1309* pasn->comeback_after);
1310*
1311* wpas_pasn_reset(wpa_s);
1312* }
1313*
1314*
wpas_pasn_immediate_retry(struct wpa_supplicant * wpa_s,struct wpas_pasn * pasn,struct wpa_pasn_params_data * params)1315* static int wpas_pasn_immediate_retry(struct wpa_supplicant *wpa_s,
1316* struct wpas_pasn *pasn,
1317* struct wpa_pasn_params_data *params)
1318* {
1319* int akmp = pasn->akmp;
1320* int cipher = pasn->cipher;
1321* u16 group = pasn->group;
1322* u8 bssid[ETH_ALEN];
1323* int network_id = pasn->ssid ? pasn->ssid->id : 0;
1324*
1325* wpa_printf(MSG_DEBUG, "PASN: Immediate retry");
1326* os_memcpy(bssid, pasn->bssid, ETH_ALEN);
1327* wpas_pasn_reset(wpa_s);
1328*
1329* return wpas_pasn_auth_start(wpa_s, bssid, akmp, cipher, group,
1330* network_id,
1331* params->comeback, params->comeback_len);
1332* }
1333*
1334*
wpas_pasn_auth_rx(struct wpa_supplicant * wpa_s,const struct ieee80211_mgmt * mgmt,size_t len)1335* int wpas_pasn_auth_rx(struct wpa_supplicant *wpa_s,
1336* const struct ieee80211_mgmt *mgmt, size_t len)
1337* {
1338* struct wpas_pasn *pasn = &wpa_s->pasn;
1339* struct ieee802_11_elems elems;
1340* struct wpa_ie_data rsn_data;
1341* struct wpa_pasn_params_data pasn_params;
1342* struct wpabuf *wrapped_data = NULL, *secret = NULL, *frame = NULL;
1343* u8 mic[WPA_PASN_MAX_MIC_LEN], out_mic[WPA_PASN_MAX_MIC_LEN];
1344* u8 mic_len;
1345* u16 status;
1346* int ret, inc_y;
1347* u16 fc = host_to_le16((WLAN_FC_TYPE_MGMT << 2) |
1348* (WLAN_FC_STYPE_AUTH << 4));
1349*
1350* if (!wpa_s->pasn_auth_work || !mgmt ||
1351* len < offsetof(struct ieee80211_mgmt, u.auth.variable))
1352* return -2;
1353*
1354* /* Not an Authentication frame; do nothing */
1355* if ((mgmt->frame_control & fc) != fc)
1356* return -2;
1357*
1358* /* Not our frame; do nothing */
1359* if (os_memcmp(mgmt->da, wpa_s->own_addr, ETH_ALEN) != 0 ||
1360* os_memcmp(mgmt->sa, pasn->bssid, ETH_ALEN) != 0 ||
1361* os_memcmp(mgmt->bssid, pasn->bssid, ETH_ALEN) != 0)
1362* return -2;
1363*
1364* /* Not PASN; do nothing */
1365* if (mgmt->u.auth.auth_alg != host_to_le16(WLAN_AUTH_PASN))
1366* return -2;
1367*
1368* if (mgmt->u.auth.auth_transaction !=
1369* host_to_le16(pasn->trans_seq + 1)) {
1370* wpa_printf(MSG_DEBUG,
1371* "PASN: RX: Invalid transaction sequence: (%u != %u)",
1372* le_to_host16(mgmt->u.auth.auth_transaction),
1373* pasn->trans_seq + 1);
1374* return -1;
1375* }
1376*
1377* status = le_to_host16(mgmt->u.auth.status_code);
1378*
1379* if (status != WLAN_STATUS_SUCCESS &&
1380* status != WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY) {
1381* wpa_printf(MSG_DEBUG,
1382* "PASN: Authentication rejected - status=%u", status);
1383* pasn->status = status;
1384* wpas_pasn_auth_stop(wpa_s);
1385* return -1;
1386* }
1387*
1388* if (ieee802_11_parse_elems(mgmt->u.auth.variable,
1389* len - offsetof(struct ieee80211_mgmt,
1390* u.auth.variable),
1391* &elems, 0) == ParseFailed) {
1392* wpa_printf(MSG_DEBUG,
1393* "PASN: Failed parsing Authentication frame");
1394* goto fail;
1395* }
1396*
1397* /* Check that the MIC IE exists. Save it and zero out the memory */
1398* mic_len = pasn_mic_len(pasn->akmp, pasn->cipher);
1399* if (status == WLAN_STATUS_SUCCESS) {
1400* if (!elems.mic || elems.mic_len != mic_len) {
1401* wpa_printf(MSG_DEBUG,
1402* "PASN: Invalid MIC. Expecting len=%u",
1403* mic_len);
1404* goto fail;
1405* } else {
1406* os_memcpy(mic, elems.mic, mic_len);
1407* /* TODO: Clean this up.. Should not be modifying the
1408* * received message buffer. */
1409* os_memset((u8 *) elems.mic, 0, mic_len);
1410* }
1411* }
1412*
1413* if (!elems.pasn_params || !elems.pasn_params_len) {
1414* wpa_printf(MSG_DEBUG,
1415* "PASN: Missing PASN Parameters IE");
1416* goto fail;
1417* }
1418*
1419* ret = wpa_pasn_parse_parameter_ie(elems.pasn_params - 3,
1420* elems.pasn_params_len + 3,
1421* true, &pasn_params);
1422* if (ret) {
1423* wpa_printf(MSG_DEBUG,
1424* "PASN: Failed validation PASN of Parameters IE");
1425* goto fail;
1426* }
1427*
1428* if (status == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY) {
1429* wpa_printf(MSG_DEBUG,
1430* "PASN: Authentication temporarily rejected");
1431*
1432* if (pasn_params.comeback && pasn_params.comeback_len) {
1433* wpa_printf(MSG_DEBUG,
1434* "PASN: Comeback token available. After=%u",
1435* pasn_params.after);
1436*
1437* if (!pasn_params.after)
1438* return wpas_pasn_immediate_retry(wpa_s, pasn,
1439* &pasn_params);
1440*
1441* pasn->comeback = wpabuf_alloc_copy(
1442* pasn_params.comeback, pasn_params.comeback_len);
1443* if (pasn->comeback)
1444* pasn->comeback_after = pasn_params.after;
1445* }
1446*
1447* pasn->status = status;
1448* goto fail;
1449* }
1450*
1451* ret = wpa_parse_wpa_ie(elems.rsn_ie - 2, elems.rsn_ie_len + 2,
1452* &rsn_data);
1453* if (ret) {
1454* wpa_printf(MSG_DEBUG, "PASN: Failed parsing RNSE");
1455* goto fail;
1456* }
1457*
1458* ret = wpa_pasn_validate_rsne(&rsn_data);
1459* if (ret) {
1460* wpa_printf(MSG_DEBUG, "PASN: Failed validating RSNE");
1461* goto fail;
1462* }
1463*
1464* if (pasn->akmp != rsn_data.key_mgmt ||
1465* pasn->cipher != rsn_data.pairwise_cipher) {
1466* wpa_printf(MSG_DEBUG, "PASN: Mismatch in AKMP/cipher");
1467* goto fail;
1468* }
1469*
1470* if (pasn->group != pasn_params.group) {
1471* wpa_printf(MSG_DEBUG, "PASN: Mismatch in group");
1472* goto fail;
1473* }
1474*
1475* if (!pasn_params.pubkey || !pasn_params.pubkey_len) {
1476* wpa_printf(MSG_DEBUG, "PASN: Invalid public key");
1477* goto fail;
1478* }
1479*
1480* if (pasn_params.pubkey[0] == WPA_PASN_PUBKEY_UNCOMPRESSED) {
1481* inc_y = 1;
1482* } else if (pasn_params.pubkey[0] == WPA_PASN_PUBKEY_COMPRESSED_0 ||
1483* pasn_params.pubkey[0] == WPA_PASN_PUBKEY_COMPRESSED_1) {
1484* inc_y = 0;
1485* } else {
1486* wpa_printf(MSG_DEBUG,
1487* "PASN: Invalid first octet in pubkey=0x%x",
1488* pasn_params.pubkey[0]);
1489* goto fail;
1490* }
1491*
1492* secret = crypto_ecdh_set_peerkey(pasn->ecdh, inc_y,
1493* pasn_params.pubkey + 1,
1494* pasn_params.pubkey_len - 1);
1495*
1496* if (!secret) {
1497* wpa_printf(MSG_DEBUG, "PASN: Failed to derive shared secret");
1498* goto fail;
1499* }
1500*
1501* if (pasn_params.wrapped_data_format != WPA_PASN_WRAPPED_DATA_NO) {
1502* wrapped_data = ieee802_11_defrag(&elems,
1503* WLAN_EID_EXTENSION,
1504* WLAN_EID_EXT_WRAPPED_DATA);
1505*
1506* if (!wrapped_data) {
1507* wpa_printf(MSG_DEBUG, "PASN: Missing wrapped data");
1508* goto fail;
1509* }
1510* }
1511*
1512* ret = wpas_pasn_set_pmk(wpa_s, &rsn_data, &pasn_params, wrapped_data);
1513* if (ret) {
1514* wpa_printf(MSG_DEBUG, "PASN: Failed to set PMK");
1515* goto fail;
1516* }
1517*
1518* ret = pasn_pmk_to_ptk(pasn->pmk, pasn->pmk_len,
1519* wpa_s->own_addr, pasn->bssid,
1520* wpabuf_head(secret), wpabuf_len(secret),
1521* &pasn->ptk, pasn->akmp, pasn->cipher,
1522* pasn->kdk_len);
1523* if (ret) {
1524* wpa_printf(MSG_DEBUG, "PASN: Failed to derive PTK");
1525* goto fail;
1526* }
1527*
1528* wpabuf_free(wrapped_data);
1529* wrapped_data = NULL;
1530* wpabuf_free(secret);
1531* secret = NULL;
1532*
1533* /* Verify the MIC */
1534* ret = pasn_mic(pasn->ptk.kck, pasn->akmp, pasn->cipher,
1535* pasn->bssid, wpa_s->own_addr,
1536* wpabuf_head(pasn->beacon_rsne_rsnxe),
1537* wpabuf_len(pasn->beacon_rsne_rsnxe),
1538* (u8 *) &mgmt->u.auth,
1539* len - offsetof(struct ieee80211_mgmt, u.auth),
1540* out_mic);
1541*
1542* wpa_hexdump_key(MSG_DEBUG, "PASN: Frame MIC", mic, mic_len);
1543* if (ret || os_memcmp(mic, out_mic, mic_len) != 0) {
1544* wpa_printf(MSG_DEBUG, "PASN: Failed MIC verification");
1545* goto fail;
1546* }
1547*
1548* pasn->trans_seq++;
1549*
1550* wpa_printf(MSG_DEBUG, "PASN: Success verifying Authentication frame");
1551*
1552* frame = wpas_pasn_build_auth_3(wpa_s);
1553* if (!frame) {
1554* wpa_printf(MSG_DEBUG, "PASN: Failed building 3rd auth frame");
1555* goto fail;
1556* }
1557*
1558* ret = wpa_drv_send_mlme(wpa_s, wpabuf_head(frame), wpabuf_len(frame), 0,
1559* pasn->freq, 100);
1560* wpabuf_free(frame);
1561* if (ret) {
1562* wpa_printf(MSG_DEBUG, "PASN: Failed sending 3st auth frame");
1563* goto fail;
1564* }
1565*
1566* wpa_printf(MSG_DEBUG, "PASN: Success sending last frame. Store PTK");
1567*
1568* ptksa_cache_add(wpa_s->ptksa, pasn->bssid, pasn->cipher,
1569* dot11RSNAConfigPMKLifetime, &pasn->ptk);
1570*
1571* forced_memzero(&pasn->ptk, sizeof(pasn->ptk));
1572*
1573* pasn->status = WLAN_STATUS_SUCCESS;
1574* return 0;
1575* fail:
1576* wpa_printf(MSG_DEBUG, "PASN: Failed RX processing - terminating");
1577* wpabuf_free(wrapped_data);
1578* wpabuf_free(secret);
1579*
1580* /*
1581* * TODO: In case of an error the standard allows to silently drop
1582* * the frame and terminate the authentication exchange. However, better
1583* * reply to the AP with an error status.
1584* */
1585* if (status == WLAN_STATUS_SUCCESS)
1586* pasn->status = WLAN_STATUS_UNSPECIFIED_FAILURE;
1587* else
1588* pasn->status = status;
1589*
1590* wpas_pasn_auth_stop(wpa_s);
1591* return -1;
1592* }
1593*
1594*
wpas_pasn_auth_tx_status(struct wpa_supplicant * wpa_s,const u8 * data,size_t data_len,u8 acked)1595* int wpas_pasn_auth_tx_status(struct wpa_supplicant *wpa_s,
1596* const u8 *data, size_t data_len, u8 acked)
1597*
1598* {
1599* struct wpas_pasn *pasn = &wpa_s->pasn;
1600* const struct ieee80211_mgmt *mgmt = (struct ieee80211_mgmt *) data;
1601* u16 fc = host_to_le16((WLAN_FC_TYPE_MGMT << 2) |
1602* (WLAN_FC_STYPE_AUTH << 4));
1603*
1604* wpa_printf(MSG_DEBUG, "PASN: auth_tx_status: acked=%u", acked);
1605*
1606* if (!wpa_s->pasn_auth_work) {
1607* wpa_printf(MSG_DEBUG,
1608* "PASN: auth_tx_status: no work in progress");
1609* return -1;
1610* }
1611*
1612* if (!mgmt ||
1613* data_len < offsetof(struct ieee80211_mgmt, u.auth.variable))
1614* return -1;
1615*
1616* /* Not an authentication frame; do nothing */
1617* if ((mgmt->frame_control & fc) != fc)
1618* return -1;
1619*
1620* /* Not our frame; do nothing */
1621* if (os_memcmp(mgmt->da, pasn->bssid, ETH_ALEN) ||
1622* os_memcmp(mgmt->sa, wpa_s->own_addr, ETH_ALEN) ||
1623* os_memcmp(mgmt->bssid, pasn->bssid, ETH_ALEN))
1624* return -1;
1625*
1626* /* Not PASN; do nothing */
1627* if (mgmt->u.auth.auth_alg != host_to_le16(WLAN_AUTH_PASN))
1628* return -1;
1629*
1630* if (mgmt->u.auth.auth_transaction != host_to_le16(pasn->trans_seq)) {
1631* wpa_printf(MSG_ERROR,
1632* "PASN: Invalid transaction sequence: (%u != %u)",
1633* pasn->trans_seq,
1634* le_to_host16(mgmt->u.auth.auth_transaction));
1635* return 0;
1636* }
1637*
1638* wpa_printf(MSG_ERROR,
1639* "PASN: auth with trans_seq=%u, acked=%u", pasn->trans_seq,
1640* acked);
1641*
1642* /*
1643* * Even if the frame was not acked, do not treat this is an error, and
1644* * try to complete the flow, relying on the PASN timeout callback to
1645* * clean up.
1646* */
1647* if (pasn->trans_seq == 3) {
1648* wpa_printf(MSG_DEBUG, "PASN: auth complete with: " MACSTR,
1649* MAC2STR(pasn->bssid));
1650* /*
1651* * Either frame was not ACKed or it was ACKed but the trans_seq
1652* * != 1, i.e., not expecting an RX frame, so we are done.
1653* */
1654* wpas_pasn_auth_stop(wpa_s);
1655* }
1656*
1657* return 0;
1658* }
1659*
1660*
wpas_pasn_deauthenticate(struct wpa_supplicant * wpa_s,const u8 * bssid)1661* int wpas_pasn_deauthenticate(struct wpa_supplicant *wpa_s, const u8 *bssid)
1662* {
1663* struct wpa_bss *bss;
1664* struct wpabuf *buf;
1665* struct ieee80211_mgmt *deauth;
1666* int ret;
1667*
1668* if (os_memcmp(wpa_s->bssid, bssid, ETH_ALEN) == 0) {
1669* wpa_printf(MSG_DEBUG,
1670* "PASN: Cannot deauthenticate from current BSS");
1671* return -1;
1672* }
1673*
1674* wpa_printf(MSG_DEBUG, "PASN: deauth: Flushing all PTKSA entries for "
1675* MACSTR, MAC2STR(bssid));
1676* ptksa_cache_flush(wpa_s->ptksa, bssid, WPA_CIPHER_NONE);
1677*
1678* bss = wpa_bss_get_bssid(wpa_s, bssid);
1679* if (!bss) {
1680* wpa_printf(MSG_DEBUG, "PASN: deauth: BSS not found");
1681* return -1;
1682* }
1683*
1684* buf = wpabuf_alloc(64);
1685* if (!buf) {
1686* wpa_printf(MSG_DEBUG, "PASN: deauth: Failed wpabuf allocate");
1687* return -1;
1688* }
1689*
1690* deauth = wpabuf_put(buf, offsetof(struct ieee80211_mgmt,
1691* u.deauth.variable));
1692*
1693* deauth->frame_control = host_to_le16((WLAN_FC_TYPE_MGMT << 2) |
1694* (WLAN_FC_STYPE_DEAUTH << 4));
1695*
1696* os_memcpy(deauth->da, bssid, ETH_ALEN);
1697* os_memcpy(deauth->sa, wpa_s->own_addr, ETH_ALEN);
1698* os_memcpy(deauth->bssid, bssid, ETH_ALEN);
1699* deauth->u.deauth.reason_code =
1700* host_to_le16(WLAN_REASON_PREV_AUTH_NOT_VALID);
1701*
1702* /*
1703* * Since we do not expect any response from the AP, implement the
1704* * Deauthentication frame transmission using direct call to the driver
1705* * without a radio work.
1706* */
1707* ret = wpa_drv_send_mlme(wpa_s, wpabuf_head(buf), wpabuf_len(buf), 1,
1708* bss->freq, 0);
1709*
1710* wpabuf_free(buf);
1711* wpa_printf(MSG_DEBUG, "PASN: deauth: send_mlme ret=%d", ret);
1712*
1713* return ret;
1714* }
1715*