wpa_supplicant/wpas_kay.c

   1 /*
   2  * IEEE 802.1X-2010 KaY Interface
   3  * Copyright (c) 2013-2014, Qualcomm Atheros, Inc.
   4  *
   5  * This software may be distributed under the terms of the BSD license.
   6  * See README for more details.
   7  */
   8
   9 #include "utils/includes.h"
  10
  11 #include "utils/common.h"
  12 #include "eap_peer/eap.h"
  13 #include "eap_peer/eap_i.h"
  14 #include "eapol_supp/eapol_supp_sm.h"
  15 #include "pae/ieee802_1x_key.h"
  16 #include "pae/ieee802_1x_kay.h"
  17 #include "wpa_supplicant_i.h"
  18 #include "config.h"
  19 #include "config_ssid.h"
  20 #include "driver_i.h"
  21 #include "wpas_kay.h"
  22
  23
  24 #define DEFAULT_KEY_LEN         16
  25 /* secure Connectivity Association Key Name (CKN) */
  26 #define DEFAULT_CKN_LEN         16
  27
  28
  29 static int wpas_macsec_init(void *priv, struct macsec_init_params *params)
  30 {
  31         return wpa_drv_macsec_init(priv, params);
  32 }
  33
  34
  35 static int wpas_macsec_deinit(void *priv)
  36 {
  37         return wpa_drv_macsec_deinit(priv);
  38 }
  39
  40
  41 static int wpas_macsec_get_capability(void *priv, enum macsec_cap *cap)
  42 {
  43         return wpa_drv_macsec_get_capability(priv, cap);
  44 }
  45
  46
  47 static int wpas_enable_protect_frames(void *wpa_s, Boolean enabled)
  48 {
  49         return wpa_drv_enable_protect_frames(wpa_s, enabled);
  50 }
  51
  52
  53 static int wpas_enable_encrypt(void *wpa_s, Boolean enabled)
  54 {
  55         return wpa_drv_enable_encrypt(wpa_s, enabled);
  56 }
  57
  58
  59 static int wpas_set_replay_protect(void *wpa_s, Boolean enabled, u32 window)
  60 {
  61         return wpa_drv_set_replay_protect(wpa_s, enabled, window);
  62 }
  63
  64
  65 static int wpas_set_current_cipher_suite(void *wpa_s, u64 cs)
  66 {
  67         return wpa_drv_set_current_cipher_suite(wpa_s, cs);
  68 }
  69
  70
  71 static int wpas_enable_controlled_port(void *wpa_s, Boolean enabled)
  72 {
  73         return wpa_drv_enable_controlled_port(wpa_s, enabled);
  74 }
  75
  76
  77 static int wpas_get_receive_lowest_pn(void *wpa_s, struct receive_sa *sa)
  78 {
  79         return wpa_drv_get_receive_lowest_pn(wpa_s, sa);
  80 }
  81
  82
  83 static int wpas_get_transmit_next_pn(void *wpa_s, struct transmit_sa *sa)
  84 {
  85         return wpa_drv_get_transmit_next_pn(wpa_s, sa);
  86 }
  87
  88
  89 static int wpas_set_transmit_next_pn(void *wpa_s, struct transmit_sa *sa)
  90 {
  91         return wpa_drv_set_transmit_next_pn(wpa_s, sa);
  92 }
  93
  94
  95 static unsigned int conf_offset_val(enum confidentiality_offset co)
  96 {
  97         switch (co) {
  98         case CONFIDENTIALITY_OFFSET_30:
  99                 return 30;
 100                 break;
 101         case CONFIDENTIALITY_OFFSET_50:
 102                 return 50;
 103         default:
 104                 return 0;
 105         }
 106 }
 107
 108
 109 static int wpas_create_receive_sc(void *wpa_s, struct receive_sc *sc,
 110                                   enum validate_frames vf,
 111                                   enum confidentiality_offset co)
 112 {
 113         return wpa_drv_create_receive_sc(wpa_s, sc, conf_offset_val(co), vf);
 114 }
 115
 116
 117 static int wpas_delete_receive_sc(void *wpa_s, struct receive_sc *sc)
 118 {
 119         return wpa_drv_delete_receive_sc(wpa_s, sc);
 120 }
 121
 122
 123 static int wpas_create_receive_sa(void *wpa_s, struct receive_sa *sa)
 124 {
 125         return wpa_drv_create_receive_sa(wpa_s, sa);
 126 }
 127
 128
 129 static int wpas_delete_receive_sa(void *wpa_s, struct receive_sa *sa)
 130 {
 131         return wpa_drv_delete_receive_sa(wpa_s, sa);
 132 }
 133
 134
 135 static int wpas_enable_receive_sa(void *wpa_s, struct receive_sa *sa)
 136 {
 137         return wpa_drv_enable_receive_sa(wpa_s, sa);
 138 }
 139
 140
 141 static int wpas_disable_receive_sa(void *wpa_s, struct receive_sa *sa)
 142 {
 143         return wpa_drv_disable_receive_sa(wpa_s, sa);
 144 }
 145
 146
 147 static int
 148 wpas_create_transmit_sc(void *wpa_s, struct transmit_sc *sc,
 149                         enum confidentiality_offset co)
 150 {
 151         return wpa_drv_create_transmit_sc(wpa_s, sc, conf_offset_val(co));
 152 }
 153
 154
 155 static int wpas_delete_transmit_sc(void *wpa_s, struct transmit_sc *sc)
 156 {
 157         return wpa_drv_delete_transmit_sc(wpa_s, sc);
 158 }
 159
 160
 161 static int wpas_create_transmit_sa(void *wpa_s, struct transmit_sa *sa)
 162 {
 163         return wpa_drv_create_transmit_sa(wpa_s, sa);
 164 }
 165
 166
 167 static int wpas_delete_transmit_sa(void *wpa_s, struct transmit_sa *sa)
 168 {
 169         return wpa_drv_delete_transmit_sa(wpa_s, sa);
 170 }
 171
 172
 173 static int wpas_enable_transmit_sa(void *wpa_s, struct transmit_sa *sa)
 174 {
 175         return wpa_drv_enable_transmit_sa(wpa_s, sa);
 176 }
 177
 178
 179 static int wpas_disable_transmit_sa(void *wpa_s, struct transmit_sa *sa)
 180 {
 181         return wpa_drv_disable_transmit_sa(wpa_s, sa);
 182 }
 183
 184
 185 int ieee802_1x_alloc_kay_sm(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
 186 {
 187         struct ieee802_1x_kay_ctx *kay_ctx;
 188         struct ieee802_1x_kay *res = NULL;
 189         enum macsec_policy policy;
 190
 191         ieee802_1x_dealloc_kay_sm(wpa_s);
 192
 193         if (!ssid || ssid->macsec_policy == 0)
 194                 return 0;
 195
 196         if (ssid->macsec_policy == 1) {
 197                 if (ssid->macsec_integ_only == 1)
 198                         policy = SHOULD_SECURE;
 199                 else
 200                         policy = SHOULD_ENCRYPT;
 201         } else {
 202                 policy = DO_NOT_SECURE;
 203         }
 204
 205         kay_ctx = os_zalloc(sizeof(*kay_ctx));
 206         if (!kay_ctx)
 207                 return -1;
 208
 209         kay_ctx->ctx = wpa_s;
 210
 211         kay_ctx->macsec_init = wpas_macsec_init;
 212         kay_ctx->macsec_deinit = wpas_macsec_deinit;
 213         kay_ctx->macsec_get_capability = wpas_macsec_get_capability;
 214         kay_ctx->enable_protect_frames = wpas_enable_protect_frames;
 215         kay_ctx->enable_encrypt = wpas_enable_encrypt;
 216         kay_ctx->set_replay_protect = wpas_set_replay_protect;
 217         kay_ctx->set_current_cipher_suite = wpas_set_current_cipher_suite;
 218         kay_ctx->enable_controlled_port = wpas_enable_controlled_port;
 219         kay_ctx->get_receive_lowest_pn = wpas_get_receive_lowest_pn;
 220         kay_ctx->get_transmit_next_pn = wpas_get_transmit_next_pn;
 221         kay_ctx->set_transmit_next_pn = wpas_set_transmit_next_pn;
 222         kay_ctx->create_receive_sc = wpas_create_receive_sc;
 223         kay_ctx->delete_receive_sc = wpas_delete_receive_sc;
 224         kay_ctx->create_receive_sa = wpas_create_receive_sa;
 225         kay_ctx->delete_receive_sa = wpas_delete_receive_sa;
 226         kay_ctx->enable_receive_sa = wpas_enable_receive_sa;
 227         kay_ctx->disable_receive_sa = wpas_disable_receive_sa;
 228         kay_ctx->create_transmit_sc = wpas_create_transmit_sc;
 229         kay_ctx->delete_transmit_sc = wpas_delete_transmit_sc;
 230         kay_ctx->create_transmit_sa = wpas_create_transmit_sa;
 231         kay_ctx->delete_transmit_sa = wpas_delete_transmit_sa;
 232         kay_ctx->enable_transmit_sa = wpas_enable_transmit_sa;
 233         kay_ctx->disable_transmit_sa = wpas_disable_transmit_sa;
 234
 235         res = ieee802_1x_kay_init(kay_ctx, policy, ssid->macsec_port,
 236                                   ssid->mka_priority, wpa_s->ifname,
 237                                   wpa_s->own_addr);
 238         /* ieee802_1x_kay_init() frees kay_ctx on failure */
 239         if (res == NULL)
 240                 return -1;
 241
 242         wpa_s->kay = res;
 243
 244         return 0;
 245 }
 246
 247
 248 void ieee802_1x_dealloc_kay_sm(struct wpa_supplicant *wpa_s)
 249 {
 250         if (!wpa_s->kay)
 251                 return;
 252
 253         ieee802_1x_kay_deinit(wpa_s->kay);
 254         wpa_s->kay = NULL;
 255 }
 256
 257
 258 static int ieee802_1x_auth_get_session_id(struct wpa_supplicant *wpa_s,
 259                                           const u8 *addr, u8 *sid, size_t *len)
 260 {
 261         const u8 *session_id;
 262         size_t id_len, need_len;
 263
 264         session_id = eapol_sm_get_session_id(wpa_s->eapol, &id_len);
 265         if (session_id == NULL) {
 266                 wpa_printf(MSG_DEBUG,
 267                            "Failed to get SessionID from EAPOL state machines");
 268                 return -1;
 269         }
 270
 271         need_len = 1 + 2 * 32 /* random size */;
 272         if (need_len > id_len) {
 273                 wpa_printf(MSG_DEBUG, "EAP Session-Id not long enough");
 274                 return -1;
 275         }
 276
 277         os_memcpy(sid, session_id, need_len);
 278         *len = need_len;
 279
 280         return 0;
 281 }
 282
 283
 284 static int ieee802_1x_auth_get_msk(struct wpa_supplicant *wpa_s, const u8 *addr,
 285                                    u8 *msk, size_t *len)
 286 {
 287         u8 key[EAP_MSK_LEN];
 288         size_t keylen;
 289         struct eapol_sm *sm;
 290         int res;
 291
 292         sm = wpa_s->eapol;
 293         if (sm == NULL)
 294                 return -1;
 295
 296         keylen = EAP_MSK_LEN;
 297         res = eapol_sm_get_key(sm, key, keylen);
 298         if (res) {
 299                 wpa_printf(MSG_DEBUG,
 300                            "Failed to get MSK from EAPOL state machines");
 301                 return -1;
 302         }
 303
 304         if (keylen > *len)
 305                 keylen = *len;
 306         os_memcpy(msk, key, keylen);
 307         *len = keylen;
 308
 309         return 0;
 310 }
 311
 312
 313 void * ieee802_1x_notify_create_actor(struct wpa_supplicant *wpa_s,
 314                                       const u8 *peer_addr)
 315 {
 316         u8 *sid;
 317         size_t sid_len = 128;
 318         struct mka_key_name *ckn;
 319         struct mka_key *cak;
 320         struct mka_key *msk;
 321         void *res = NULL;
 322
 323         if (!wpa_s->kay || wpa_s->kay->policy == DO_NOT_SECURE)
 324                 return NULL;
 325
 326         wpa_printf(MSG_DEBUG,
 327                    "IEEE 802.1X: External notification - Create MKA for "
 328                    MACSTR, MAC2STR(peer_addr));
 329
 330         msk = os_zalloc(sizeof(*msk));
 331         sid = os_zalloc(sid_len);
 332         ckn = os_zalloc(sizeof(*ckn));
 333         cak = os_zalloc(sizeof(*cak));
 334         if (!msk || !sid || !ckn || !cak)
 335                 goto fail;
 336
 337         msk->len = DEFAULT_KEY_LEN;
 338         if (ieee802_1x_auth_get_msk(wpa_s, wpa_s->bssid, msk->key, &msk->len)) {
 339                 wpa_printf(MSG_ERROR, "IEEE 802.1X: Could not get MSK");
 340                 goto fail;
 341         }
 342
 343         if (ieee802_1x_auth_get_session_id(wpa_s, wpa_s->bssid, sid, &sid_len))
 344         {
 345                 wpa_printf(MSG_ERROR,
 346                            "IEEE 802.1X: Could not get EAP Session Id");
 347                 goto fail;
 348         }
 349
 350         /* Derive CAK from MSK */
 351         cak->len = DEFAULT_KEY_LEN;
 352         if (ieee802_1x_cak_128bits_aes_cmac(msk->key, wpa_s->own_addr,
 353                                             peer_addr, cak->key)) {
 354                 wpa_printf(MSG_ERROR,
 355                            "IEEE 802.1X: Deriving CAK failed");
 356                 goto fail;
 357         }
 358         wpa_hexdump_key(MSG_DEBUG, "Derived CAK", cak->key, cak->len);
 359
 360         /* Derive CKN from MSK */
 361         ckn->len = DEFAULT_CKN_LEN;
 362         if (ieee802_1x_ckn_128bits_aes_cmac(msk->key, wpa_s->own_addr,
 363                                             peer_addr, sid, sid_len,
 364                                             ckn->name)) {
 365                 wpa_printf(MSG_ERROR,
 366                            "IEEE 802.1X: Deriving CKN failed");
 367                 goto fail;
 368         }
 369         wpa_hexdump(MSG_DEBUG, "Derived CKN", ckn->name, ckn->len);
 370
 371         res = ieee802_1x_kay_create_mka(wpa_s->kay, ckn, cak, 0,
 372                                         EAP_EXCHANGE, FALSE);
 373
 374 fail:
 375         if (msk) {
 376                 os_memset(msk, 0, sizeof(*msk));
 377                 os_free(msk);
 378         }
 379         os_free(sid);
 380         os_free(ckn);
 381         if (cak) {
 382                 os_memset(cak, 0, sizeof(*cak));
 383                 os_free(cak);
 384         }
 385
 386         return res;
 387 }
 388
 389
 390 void * ieee802_1x_create_preshared_mka(struct wpa_supplicant *wpa_s,
 391                                        struct wpa_ssid *ssid)
 392 {
 393         struct mka_key *cak;
 394         struct mka_key_name *ckn;
 395         void *res = NULL;
 396
 397         if ((ssid->mka_psk_set & MKA_PSK_SET) != MKA_PSK_SET)
 398                 goto end;
 399
 400         ckn = os_zalloc(sizeof(*ckn));
 401         if (!ckn)
 402                 goto end;
 403
 404         cak = os_zalloc(sizeof(*cak));
 405         if (!cak)
 406                 goto free_ckn;
 407
 408         if (ieee802_1x_alloc_kay_sm(wpa_s, ssid) < 0 || !wpa_s->kay)
 409                 goto free_cak;
 410
 411         if (wpa_s->kay->policy == DO_NOT_SECURE)
 412                 goto dealloc;
 413
 414         cak->len = MACSEC_CAK_LEN;
 415         os_memcpy(cak->key, ssid->mka_cak, cak->len);
 416
 417         ckn->len = MACSEC_CKN_LEN;
 418         os_memcpy(ckn->name, ssid->mka_ckn, ckn->len);
 419
 420         res = ieee802_1x_kay_create_mka(wpa_s->kay, ckn, cak, 0, PSK, FALSE);
 421         if (res)
 422                 goto free_cak;
 423
 424 dealloc:
 425         /* Failed to create MKA */
 426         ieee802_1x_dealloc_kay_sm(wpa_s);
 427 free_cak:
 428         os_free(cak);
 429 free_ckn:
 430         os_free(ckn);
 431 end:
 432         return res;
 433 }