2 * hostapd - WPA/RSN IE and KDE definitions
3 * Copyright (c) 2004-2008, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
9 #include "utils/includes.h"
11 #include "utils/common.h"
12 #include "common/ieee802_11_defs.h"
13 #include "eapol_auth/eapol_auth_sm.h"
14 #include "ap_config.h"
15 #include "ieee802_11.h"
17 #include "pmksa_cache_auth.h"
18 #include "wpa_auth_ie.h"
19 #include "wpa_auth_i.h"
22 #ifdef CONFIG_RSN_TESTING
24 #endif /* CONFIG_RSN_TESTING */
27 static int wpa_write_wpa_ie(struct wpa_auth_config *conf, u8 *buf, size_t len)
29 struct wpa_ie_hdr *hdr;
34 hdr = (struct wpa_ie_hdr *) buf;
35 hdr->elem_id = WLAN_EID_VENDOR_SPECIFIC;
36 RSN_SELECTOR_PUT(hdr->oui, WPA_OUI_TYPE);
37 WPA_PUT_LE16(hdr->version, WPA_VERSION);
38 pos = (u8 *) (hdr + 1);
40 suite = wpa_cipher_to_suite(WPA_PROTO_WPA, conf->wpa_group);
42 wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).",
46 RSN_SELECTOR_PUT(pos, suite);
47 pos += WPA_SELECTOR_LEN;
52 num_suites = wpa_cipher_put_suites(pos, conf->wpa_pairwise);
53 if (num_suites == 0) {
54 wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).",
58 pos += num_suites * WPA_SELECTOR_LEN;
59 WPA_PUT_LE16(count, num_suites);
65 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
66 RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X);
67 pos += WPA_SELECTOR_LEN;
70 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
71 RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X);
72 pos += WPA_SELECTOR_LEN;
76 if (num_suites == 0) {
77 wpa_printf(MSG_DEBUG, "Invalid key management type (%d).",
81 WPA_PUT_LE16(count, num_suites);
83 /* WPA Capabilities; use defaults, so no need to include it */
85 hdr->len = (pos - buf) - 2;
91 int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
94 struct rsn_ie_hdr *hdr;
100 hdr = (struct rsn_ie_hdr *) buf;
101 hdr->elem_id = WLAN_EID_RSN;
102 WPA_PUT_LE16(hdr->version, RSN_VERSION);
103 pos = (u8 *) (hdr + 1);
105 suite = wpa_cipher_to_suite(WPA_PROTO_RSN, conf->wpa_group);
107 wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).",
111 RSN_SELECTOR_PUT(pos, suite);
112 pos += RSN_SELECTOR_LEN;
118 #ifdef CONFIG_RSN_TESTING
120 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 1));
121 pos += RSN_SELECTOR_LEN;
124 #endif /* CONFIG_RSN_TESTING */
126 res = rsn_cipher_put_suites(pos, conf->rsn_pairwise);
128 pos += res * RSN_SELECTOR_LEN;
130 #ifdef CONFIG_RSN_TESTING
132 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 2));
133 pos += RSN_SELECTOR_LEN;
136 #endif /* CONFIG_RSN_TESTING */
138 if (num_suites == 0) {
139 wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).",
143 WPA_PUT_LE16(count, num_suites);
149 #ifdef CONFIG_RSN_TESTING
151 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 1));
152 pos += RSN_SELECTOR_LEN;
155 #endif /* CONFIG_RSN_TESTING */
157 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
158 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X);
159 pos += RSN_SELECTOR_LEN;
162 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
163 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X);
164 pos += RSN_SELECTOR_LEN;
167 #ifdef CONFIG_IEEE80211R
168 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) {
169 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X);
170 pos += RSN_SELECTOR_LEN;
173 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_PSK) {
174 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_PSK);
175 pos += RSN_SELECTOR_LEN;
178 #endif /* CONFIG_IEEE80211R */
179 #ifdef CONFIG_IEEE80211W
180 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256) {
181 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SHA256);
182 pos += RSN_SELECTOR_LEN;
185 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK_SHA256) {
186 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_SHA256);
187 pos += RSN_SELECTOR_LEN;
190 #endif /* CONFIG_IEEE80211W */
192 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_SAE) {
193 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_SAE);
194 pos += RSN_SELECTOR_LEN;
197 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_FT_SAE) {
198 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_SAE);
199 pos += RSN_SELECTOR_LEN;
202 #endif /* CONFIG_SAE */
204 #ifdef CONFIG_RSN_TESTING
206 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 2));
207 pos += RSN_SELECTOR_LEN;
210 #endif /* CONFIG_RSN_TESTING */
212 if (num_suites == 0) {
213 wpa_printf(MSG_DEBUG, "Invalid key management type (%d).",
217 WPA_PUT_LE16(count, num_suites);
219 /* RSN Capabilities */
221 if (conf->rsn_preauth)
222 capab |= WPA_CAPABILITY_PREAUTH;
224 capab |= WPA_CAPABILITY_PEERKEY_ENABLED;
225 if (conf->wmm_enabled) {
226 /* 4 PTKSA replay counters when using WMM */
227 capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
229 #ifdef CONFIG_IEEE80211W
230 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
231 capab |= WPA_CAPABILITY_MFPC;
232 if (conf->ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED)
233 capab |= WPA_CAPABILITY_MFPR;
235 #endif /* CONFIG_IEEE80211W */
236 #ifdef CONFIG_RSN_TESTING
238 capab |= BIT(8) | BIT(14) | BIT(15);
239 #endif /* CONFIG_RSN_TESTING */
240 WPA_PUT_LE16(pos, capab);
244 if (pos + 2 + PMKID_LEN > buf + len)
247 WPA_PUT_LE16(pos, 1);
249 os_memcpy(pos, pmkid, PMKID_LEN);
253 #ifdef CONFIG_IEEE80211W
254 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
255 if (pos + 2 + 4 > buf + len)
259 WPA_PUT_LE16(pos, 0);
263 /* Management Group Cipher Suite */
264 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
265 pos += RSN_SELECTOR_LEN;
267 #endif /* CONFIG_IEEE80211W */
269 #ifdef CONFIG_RSN_TESTING
272 * Fill in any defined fields and add extra data to the end of
275 int pmkid_count_set = pmkid != NULL;
276 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION)
279 WPA_PUT_LE16(pos, 0);
281 if (conf->ieee80211w == NO_MGMT_FRAME_PROTECTION) {
282 /* Management Group Cipher Suite */
283 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
284 pos += RSN_SELECTOR_LEN;
287 os_memset(pos, 0x12, 17);
290 #endif /* CONFIG_RSN_TESTING */
292 hdr->len = (pos - buf) - 2;
298 int wpa_auth_gen_wpa_ie(struct wpa_authenticator *wpa_auth)
305 if (wpa_auth->conf.wpa & WPA_PROTO_RSN) {
306 res = wpa_write_rsn_ie(&wpa_auth->conf,
307 pos, buf + sizeof(buf) - pos, NULL);
312 #ifdef CONFIG_IEEE80211R
313 if (wpa_key_mgmt_ft(wpa_auth->conf.wpa_key_mgmt)) {
314 res = wpa_write_mdie(&wpa_auth->conf, pos,
315 buf + sizeof(buf) - pos);
320 #endif /* CONFIG_IEEE80211R */
321 if (wpa_auth->conf.wpa & WPA_PROTO_WPA) {
322 res = wpa_write_wpa_ie(&wpa_auth->conf,
323 pos, buf + sizeof(buf) - pos);
329 os_free(wpa_auth->wpa_ie);
330 wpa_auth->wpa_ie = os_malloc(pos - buf);
331 if (wpa_auth->wpa_ie == NULL)
333 os_memcpy(wpa_auth->wpa_ie, buf, pos - buf);
334 wpa_auth->wpa_ie_len = pos - buf;
340 u8 * wpa_add_kde(u8 *pos, u32 kde, const u8 *data, size_t data_len,
341 const u8 *data2, size_t data2_len)
343 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
344 *pos++ = RSN_SELECTOR_LEN + data_len + data2_len;
345 RSN_SELECTOR_PUT(pos, kde);
346 pos += RSN_SELECTOR_LEN;
347 os_memcpy(pos, data, data_len);
350 os_memcpy(pos, data2, data2_len);
357 struct wpa_auth_okc_iter_data {
358 struct rsn_pmksa_cache_entry *pmksa;
365 static int wpa_auth_okc_iter(struct wpa_authenticator *a, void *ctx)
367 struct wpa_auth_okc_iter_data *data = ctx;
368 data->pmksa = pmksa_cache_get_okc(a->pmksa, data->aa, data->spa,
376 int wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
377 struct wpa_state_machine *sm,
378 const u8 *wpa_ie, size_t wpa_ie_len,
379 const u8 *mdie, size_t mdie_len)
381 struct wpa_ie_data data;
382 int ciphers, key_mgmt, res, version;
385 const u8 *pmkid = NULL;
387 if (wpa_auth == NULL || sm == NULL)
388 return WPA_NOT_ENABLED;
390 if (wpa_ie == NULL || wpa_ie_len < 1)
391 return WPA_INVALID_IE;
393 if (wpa_ie[0] == WLAN_EID_RSN)
394 version = WPA_PROTO_RSN;
396 version = WPA_PROTO_WPA;
398 if (!(wpa_auth->conf.wpa & version)) {
399 wpa_printf(MSG_DEBUG, "Invalid WPA proto (%d) from " MACSTR,
400 version, MAC2STR(sm->addr));
401 return WPA_INVALID_PROTO;
404 if (version == WPA_PROTO_RSN) {
405 res = wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, &data);
407 selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
410 #ifdef CONFIG_IEEE80211R
411 else if (data.key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
412 selector = RSN_AUTH_KEY_MGMT_FT_802_1X;
413 else if (data.key_mgmt & WPA_KEY_MGMT_FT_PSK)
414 selector = RSN_AUTH_KEY_MGMT_FT_PSK;
415 #endif /* CONFIG_IEEE80211R */
416 #ifdef CONFIG_IEEE80211W
417 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256)
418 selector = RSN_AUTH_KEY_MGMT_802_1X_SHA256;
419 else if (data.key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
420 selector = RSN_AUTH_KEY_MGMT_PSK_SHA256;
421 #endif /* CONFIG_IEEE80211W */
423 else if (data.key_mgmt & WPA_KEY_MGMT_SAE)
424 selector = RSN_AUTH_KEY_MGMT_SAE;
425 else if (data.key_mgmt & WPA_KEY_MGMT_FT_SAE)
426 selector = RSN_AUTH_KEY_MGMT_FT_SAE;
427 #endif /* CONFIG_SAE */
428 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
429 selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
430 else if (data.key_mgmt & WPA_KEY_MGMT_PSK)
431 selector = RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X;
432 wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector;
434 selector = wpa_cipher_to_suite(WPA_PROTO_RSN,
435 data.pairwise_cipher);
437 selector = RSN_CIPHER_SUITE_CCMP;
438 wpa_auth->dot11RSNAPairwiseCipherSelected = selector;
440 selector = wpa_cipher_to_suite(WPA_PROTO_RSN,
443 selector = RSN_CIPHER_SUITE_CCMP;
444 wpa_auth->dot11RSNAGroupCipherSelected = selector;
446 res = wpa_parse_wpa_ie_wpa(wpa_ie, wpa_ie_len, &data);
448 selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
449 if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
450 selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
451 else if (data.key_mgmt & WPA_KEY_MGMT_PSK)
452 selector = WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X;
453 wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector;
455 selector = wpa_cipher_to_suite(WPA_PROTO_WPA,
456 data.pairwise_cipher);
458 selector = RSN_CIPHER_SUITE_TKIP;
459 wpa_auth->dot11RSNAPairwiseCipherSelected = selector;
461 selector = wpa_cipher_to_suite(WPA_PROTO_WPA,
464 selector = WPA_CIPHER_SUITE_TKIP;
465 wpa_auth->dot11RSNAGroupCipherSelected = selector;
468 wpa_printf(MSG_DEBUG, "Failed to parse WPA/RSN IE from "
469 MACSTR " (res=%d)", MAC2STR(sm->addr), res);
470 wpa_hexdump(MSG_DEBUG, "WPA/RSN IE", wpa_ie, wpa_ie_len);
471 return WPA_INVALID_IE;
474 if (data.group_cipher != wpa_auth->conf.wpa_group) {
475 wpa_printf(MSG_DEBUG, "Invalid WPA group cipher (0x%x) from "
476 MACSTR, data.group_cipher, MAC2STR(sm->addr));
477 return WPA_INVALID_GROUP;
480 key_mgmt = data.key_mgmt & wpa_auth->conf.wpa_key_mgmt;
482 wpa_printf(MSG_DEBUG, "Invalid WPA key mgmt (0x%x) from "
483 MACSTR, data.key_mgmt, MAC2STR(sm->addr));
484 return WPA_INVALID_AKMP;
488 #ifdef CONFIG_IEEE80211R
489 else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
490 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
491 else if (key_mgmt & WPA_KEY_MGMT_FT_PSK)
492 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_PSK;
493 #endif /* CONFIG_IEEE80211R */
494 #ifdef CONFIG_IEEE80211W
495 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256)
496 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
497 else if (key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
498 sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
499 #endif /* CONFIG_IEEE80211W */
501 else if (key_mgmt & WPA_KEY_MGMT_SAE)
502 sm->wpa_key_mgmt = WPA_KEY_MGMT_SAE;
503 else if (key_mgmt & WPA_KEY_MGMT_FT_SAE)
504 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_SAE;
505 #endif /* CONFIG_SAE */
506 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X)
507 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X;
509 sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
511 if (version == WPA_PROTO_RSN)
512 ciphers = data.pairwise_cipher & wpa_auth->conf.rsn_pairwise;
514 ciphers = data.pairwise_cipher & wpa_auth->conf.wpa_pairwise;
516 wpa_printf(MSG_DEBUG, "Invalid %s pairwise cipher (0x%x) "
518 version == WPA_PROTO_RSN ? "RSN" : "WPA",
519 data.pairwise_cipher, MAC2STR(sm->addr));
520 return WPA_INVALID_PAIRWISE;
523 #ifdef CONFIG_IEEE80211W
524 if (wpa_auth->conf.ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED) {
525 if (!(data.capabilities & WPA_CAPABILITY_MFPC)) {
526 wpa_printf(MSG_DEBUG, "Management frame protection "
527 "required, but client did not enable it");
528 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
531 if (ciphers & WPA_CIPHER_TKIP) {
532 wpa_printf(MSG_DEBUG, "Management frame protection "
534 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
537 if (data.mgmt_group_cipher != WPA_CIPHER_AES_128_CMAC) {
538 wpa_printf(MSG_DEBUG, "Unsupported management group "
539 "cipher %d", data.mgmt_group_cipher);
540 return WPA_INVALID_MGMT_GROUP_CIPHER;
544 if (wpa_auth->conf.ieee80211w == NO_MGMT_FRAME_PROTECTION ||
545 !(data.capabilities & WPA_CAPABILITY_MFPC))
546 sm->mgmt_frame_prot = 0;
548 sm->mgmt_frame_prot = 1;
549 #endif /* CONFIG_IEEE80211W */
551 #ifdef CONFIG_IEEE80211R
552 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
553 if (mdie == NULL || mdie_len < MOBILITY_DOMAIN_ID_LEN + 1) {
554 wpa_printf(MSG_DEBUG, "RSN: Trying to use FT, but "
555 "MDIE not included");
556 return WPA_INVALID_MDIE;
558 if (os_memcmp(mdie, wpa_auth->conf.mobility_domain,
559 MOBILITY_DOMAIN_ID_LEN) != 0) {
560 wpa_hexdump(MSG_DEBUG, "RSN: Attempted to use unknown "
561 "MDIE", mdie, MOBILITY_DOMAIN_ID_LEN);
562 return WPA_INVALID_MDIE;
565 #endif /* CONFIG_IEEE80211R */
567 if (ciphers & WPA_CIPHER_CCMP)
568 sm->pairwise = WPA_CIPHER_CCMP;
569 else if (ciphers & WPA_CIPHER_GCMP)
570 sm->pairwise = WPA_CIPHER_GCMP;
572 sm->pairwise = WPA_CIPHER_TKIP;
574 /* TODO: clear WPA/WPA2 state if STA changes from one to another */
575 if (wpa_ie[0] == WLAN_EID_RSN)
576 sm->wpa = WPA_VERSION_WPA2;
578 sm->wpa = WPA_VERSION_WPA;
581 for (i = 0; i < data.num_pmkid; i++) {
582 wpa_hexdump(MSG_DEBUG, "RSN IE: STA PMKID",
583 &data.pmkid[i * PMKID_LEN], PMKID_LEN);
584 sm->pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sm->addr,
585 &data.pmkid[i * PMKID_LEN]);
587 pmkid = sm->pmksa->pmkid;
591 for (i = 0; sm->pmksa == NULL && wpa_auth->conf.okc &&
592 i < data.num_pmkid; i++) {
593 struct wpa_auth_okc_iter_data idata;
595 idata.aa = wpa_auth->addr;
596 idata.spa = sm->addr;
597 idata.pmkid = &data.pmkid[i * PMKID_LEN];
598 wpa_auth_for_each_auth(wpa_auth, wpa_auth_okc_iter, &idata);
600 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
601 "OKC match for PMKID");
602 sm->pmksa = pmksa_cache_add_okc(wpa_auth->pmksa,
611 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
612 "PMKID found from PMKSA cache "
613 "eap_type=%d vlan_id=%d",
614 sm->pmksa->eap_type_authsrv,
616 os_memcpy(wpa_auth->dot11RSNAPMKIDUsed, pmkid, PMKID_LEN);
619 if (sm->wpa_ie == NULL || sm->wpa_ie_len < wpa_ie_len) {
621 sm->wpa_ie = os_malloc(wpa_ie_len);
622 if (sm->wpa_ie == NULL)
623 return WPA_ALLOC_FAIL;
625 os_memcpy(sm->wpa_ie, wpa_ie, wpa_ie_len);
626 sm->wpa_ie_len = wpa_ie_len;
633 * wpa_parse_generic - Parse EAPOL-Key Key Data Generic IEs
634 * @pos: Pointer to the IE header
635 * @end: Pointer to the end of the Key Data buffer
636 * @ie: Pointer to parsed IE data
637 * Returns: 0 on success, 1 if end mark is found, -1 on failure
639 static int wpa_parse_generic(const u8 *pos, const u8 *end,
640 struct wpa_eapol_ie_parse *ie)
646 RSN_SELECTOR_GET(pos + 2) == WPA_OUI_TYPE &&
647 pos[2 + WPA_SELECTOR_LEN] == 1 &&
648 pos[2 + WPA_SELECTOR_LEN + 1] == 0) {
650 ie->wpa_ie_len = pos[1] + 2;
654 if (pos + 1 + RSN_SELECTOR_LEN < end &&
655 pos[1] >= RSN_SELECTOR_LEN + PMKID_LEN &&
656 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_PMKID) {
657 ie->pmkid = pos + 2 + RSN_SELECTOR_LEN;
661 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
662 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_GROUPKEY) {
663 ie->gtk = pos + 2 + RSN_SELECTOR_LEN;
664 ie->gtk_len = pos[1] - RSN_SELECTOR_LEN;
668 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
669 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_MAC_ADDR) {
670 ie->mac_addr = pos + 2 + RSN_SELECTOR_LEN;
671 ie->mac_addr_len = pos[1] - RSN_SELECTOR_LEN;
675 #ifdef CONFIG_PEERKEY
676 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
677 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_SMK) {
678 ie->smk = pos + 2 + RSN_SELECTOR_LEN;
679 ie->smk_len = pos[1] - RSN_SELECTOR_LEN;
683 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
684 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_NONCE) {
685 ie->nonce = pos + 2 + RSN_SELECTOR_LEN;
686 ie->nonce_len = pos[1] - RSN_SELECTOR_LEN;
690 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
691 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_LIFETIME) {
692 ie->lifetime = pos + 2 + RSN_SELECTOR_LEN;
693 ie->lifetime_len = pos[1] - RSN_SELECTOR_LEN;
697 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
698 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_ERROR) {
699 ie->error = pos + 2 + RSN_SELECTOR_LEN;
700 ie->error_len = pos[1] - RSN_SELECTOR_LEN;
703 #endif /* CONFIG_PEERKEY */
705 #ifdef CONFIG_IEEE80211W
706 if (pos[1] > RSN_SELECTOR_LEN + 2 &&
707 RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_IGTK) {
708 ie->igtk = pos + 2 + RSN_SELECTOR_LEN;
709 ie->igtk_len = pos[1] - RSN_SELECTOR_LEN;
712 #endif /* CONFIG_IEEE80211W */
719 * wpa_parse_kde_ies - Parse EAPOL-Key Key Data IEs
720 * @buf: Pointer to the Key Data buffer
721 * @len: Key Data Length
722 * @ie: Pointer to parsed IE data
723 * Returns: 0 on success, -1 on failure
725 int wpa_parse_kde_ies(const u8 *buf, size_t len, struct wpa_eapol_ie_parse *ie)
730 os_memset(ie, 0, sizeof(*ie));
731 for (pos = buf, end = pos + len; pos + 1 < end; pos += 2 + pos[1]) {
732 if (pos[0] == 0xdd &&
733 ((pos == buf + len - 1) || pos[1] == 0)) {
737 if (pos + 2 + pos[1] > end) {
738 wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key Key Data "
739 "underflow (ie=%d len=%d pos=%d)",
740 pos[0], pos[1], (int) (pos - buf));
741 wpa_hexdump_key(MSG_DEBUG, "WPA: Key Data",
746 if (*pos == WLAN_EID_RSN) {
748 ie->rsn_ie_len = pos[1] + 2;
749 #ifdef CONFIG_IEEE80211R
750 } else if (*pos == WLAN_EID_MOBILITY_DOMAIN) {
752 ie->mdie_len = pos[1] + 2;
753 } else if (*pos == WLAN_EID_FAST_BSS_TRANSITION) {
755 ie->ftie_len = pos[1] + 2;
756 #endif /* CONFIG_IEEE80211R */
757 } else if (*pos == WLAN_EID_VENDOR_SPECIFIC) {
758 ret = wpa_parse_generic(pos, end, ie);
766 wpa_hexdump(MSG_DEBUG, "WPA: Unrecognized EAPOL-Key "
767 "Key Data IE", pos, 2 + pos[1]);
775 int wpa_auth_uses_mfp(struct wpa_state_machine *sm)
777 return sm ? sm->mgmt_frame_prot : 0;