1 /*
2 * hostapd - WPA/RSN IE and KDE definitions
3 * Copyright (c) 2004-2018, Jouni Malinen <[email protected]>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #include "utils/common.h"
12 #include "common/ieee802_11_defs.h"
13 #include "drivers/driver.h"
14 #include "eapol_auth/eapol_auth_sm.h"
15 #include "ap_config.h"
16 #include "ieee802_11.h"
17 #include "wpa_auth.h"
18 #include "pmksa_cache_auth.h"
19 #include "wpa_auth_ie.h"
20 #include "wpa_auth_i.h"
21
22
23 #ifdef CONFIG_RSN_TESTING
24 int rsn_testing = 0;
25 #endif /* CONFIG_RSN_TESTING */
26
27
wpa_write_wpa_ie(struct wpa_auth_config * conf,u8 * buf,size_t len)28 static int wpa_write_wpa_ie(struct wpa_auth_config *conf, u8 *buf, size_t len)
29 {
30 struct wpa_ie_hdr *hdr;
31 int num_suites;
32 u8 *pos, *count;
33 u32 suite;
34
35 hdr = (struct wpa_ie_hdr *) buf;
36 hdr->elem_id = WLAN_EID_VENDOR_SPECIFIC;
37 RSN_SELECTOR_PUT(hdr->oui, WPA_OUI_TYPE);
38 WPA_PUT_LE16(hdr->version, WPA_VERSION);
39 pos = (u8 *) (hdr + 1);
40
41 suite = wpa_cipher_to_suite(WPA_PROTO_WPA, conf->wpa_group);
42 if (suite == 0) {
43 wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).",
44 conf->wpa_group);
45 return -1;
46 }
47 RSN_SELECTOR_PUT(pos, suite);
48 pos += WPA_SELECTOR_LEN;
49
50 count = pos;
51 pos += 2;
52
53 num_suites = wpa_cipher_put_suites(pos, conf->wpa_pairwise);
54 if (num_suites == 0) {
55 wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).",
56 conf->wpa_pairwise);
57 return -1;
58 }
59 pos += num_suites * WPA_SELECTOR_LEN;
60 WPA_PUT_LE16(count, num_suites);
61
62 num_suites = 0;
63 count = pos;
64 pos += 2;
65
66 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
67 RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_UNSPEC_802_1X);
68 pos += WPA_SELECTOR_LEN;
69 num_suites++;
70 }
71 if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) {
72 RSN_SELECTOR_PUT(pos, WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X);
73 pos += WPA_SELECTOR_LEN;
74 num_suites++;
75 }
76
77 if (num_suites == 0) {
78 wpa_printf(MSG_DEBUG, "Invalid key management type (%d).",
79 conf->wpa_key_mgmt);
80 return -1;
81 }
82 WPA_PUT_LE16(count, num_suites);
83
84 /* WPA Capabilities; use defaults, so no need to include it */
85
86 hdr->len = (pos - buf) - 2;
87
88 return pos - buf;
89 }
90
91
wpa_own_rsn_capab(struct wpa_auth_config * conf,enum mfp_options mfp)92 static u16 wpa_own_rsn_capab(struct wpa_auth_config *conf,
93 enum mfp_options mfp)
94 {
95 u16 capab = 0;
96
97 if (conf->rsn_preauth)
98 capab |= WPA_CAPABILITY_PREAUTH;
99 if (conf->wmm_enabled) {
100 /* 4 PTKSA replay counters when using WMM */
101 capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
102 }
103 if (mfp != NO_MGMT_FRAME_PROTECTION) {
104 capab |= WPA_CAPABILITY_MFPC;
105 if (mfp == MGMT_FRAME_PROTECTION_REQUIRED)
106 capab |= WPA_CAPABILITY_MFPR;
107 }
108 #ifdef CONFIG_OCV
109 if (conf->ocv)
110 capab |= WPA_CAPABILITY_OCVC;
111 #endif /* CONFIG_OCV */
112 #ifdef CONFIG_RSN_TESTING
113 if (rsn_testing)
114 capab |= BIT(8) | BIT(15);
115 #endif /* CONFIG_RSN_TESTING */
116 if (conf->extended_key_id)
117 capab |= WPA_CAPABILITY_EXT_KEY_ID_FOR_UNICAST;
118
119 return capab;
120 }
121
122
rsne_write_data(u8 * buf,size_t len,u8 * pos,int group,int pairwise,int key_mgmt,u16 rsn_capab,const u8 * pmkid,enum mfp_options mfp,int group_mgmt_cipher)123 static u8 * rsne_write_data(u8 *buf, size_t len, u8 *pos, int group,
124 int pairwise, int key_mgmt, u16 rsn_capab,
125 const u8 *pmkid, enum mfp_options mfp,
126 int group_mgmt_cipher)
127 {
128 int num_suites, res;
129 u8 *count;
130 u32 suite;
131
132 suite = wpa_cipher_to_suite(WPA_PROTO_RSN, group);
133 if (suite == 0) {
134 wpa_printf(MSG_DEBUG, "Invalid group cipher (%d).", group);
135 return NULL;
136 }
137 RSN_SELECTOR_PUT(pos, suite);
138 pos += RSN_SELECTOR_LEN;
139
140 num_suites = 0;
141 count = pos;
142 pos += 2;
143
144 #ifdef CONFIG_RSN_TESTING
145 if (rsn_testing) {
146 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 1));
147 pos += RSN_SELECTOR_LEN;
148 num_suites++;
149 }
150 #endif /* CONFIG_RSN_TESTING */
151
152 res = rsn_cipher_put_suites(pos, pairwise);
153 num_suites += res;
154 pos += res * RSN_SELECTOR_LEN;
155
156 #ifdef CONFIG_RSN_TESTING
157 if (rsn_testing) {
158 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 2));
159 pos += RSN_SELECTOR_LEN;
160 num_suites++;
161 }
162 #endif /* CONFIG_RSN_TESTING */
163
164 if (num_suites == 0) {
165 wpa_printf(MSG_DEBUG, "Invalid pairwise cipher (%d).",
166 pairwise);
167 return NULL;
168 }
169 WPA_PUT_LE16(count, num_suites);
170
171 num_suites = 0;
172 count = pos;
173 pos += 2;
174
175 #ifdef CONFIG_RSN_TESTING
176 if (rsn_testing) {
177 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 1));
178 pos += RSN_SELECTOR_LEN;
179 num_suites++;
180 }
181 #endif /* CONFIG_RSN_TESTING */
182
183 if (key_mgmt & WPA_KEY_MGMT_IEEE8021X) {
184 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_UNSPEC_802_1X);
185 pos += RSN_SELECTOR_LEN;
186 num_suites++;
187 }
188 if (key_mgmt & WPA_KEY_MGMT_PSK) {
189 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X);
190 pos += RSN_SELECTOR_LEN;
191 num_suites++;
192 }
193 #ifdef CONFIG_IEEE80211R_AP
194 if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X) {
195 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X);
196 pos += RSN_SELECTOR_LEN;
197 num_suites++;
198 }
199 #ifdef CONFIG_SHA384
200 if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384) {
201 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_802_1X_SHA384);
202 pos += RSN_SELECTOR_LEN;
203 num_suites++;
204 }
205 #endif /* CONFIG_SHA384 */
206 if (key_mgmt & WPA_KEY_MGMT_FT_PSK) {
207 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_PSK);
208 pos += RSN_SELECTOR_LEN;
209 num_suites++;
210 }
211 #endif /* CONFIG_IEEE80211R_AP */
212 #ifdef CONFIG_SHA384
213 if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA384) {
214 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SHA384);
215 pos += RSN_SELECTOR_LEN;
216 num_suites++;
217 }
218 #endif /* CONFIG_SHA384 */
219 if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256) {
220 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SHA256);
221 pos += RSN_SELECTOR_LEN;
222 num_suites++;
223 }
224 if (key_mgmt & WPA_KEY_MGMT_PSK_SHA256) {
225 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PSK_SHA256);
226 pos += RSN_SELECTOR_LEN;
227 num_suites++;
228 }
229 #ifdef CONFIG_SAE
230 if (key_mgmt & WPA_KEY_MGMT_SAE) {
231 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_SAE);
232 pos += RSN_SELECTOR_LEN;
233 num_suites++;
234 }
235 if (key_mgmt & WPA_KEY_MGMT_SAE_EXT_KEY) {
236 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_SAE_EXT_KEY);
237 pos += RSN_SELECTOR_LEN;
238 num_suites++;
239 }
240 if (key_mgmt & WPA_KEY_MGMT_FT_SAE) {
241 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_SAE);
242 pos += RSN_SELECTOR_LEN;
243 num_suites++;
244 }
245 if (key_mgmt & WPA_KEY_MGMT_FT_SAE_EXT_KEY) {
246 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_SAE_EXT_KEY);
247 pos += RSN_SELECTOR_LEN;
248 num_suites++;
249 }
250 #endif /* CONFIG_SAE */
251 if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B) {
252 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SUITE_B);
253 pos += RSN_SELECTOR_LEN;
254 num_suites++;
255 }
256 if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
257 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192);
258 pos += RSN_SELECTOR_LEN;
259 num_suites++;
260 }
261 #ifdef CONFIG_FILS
262 if (key_mgmt & WPA_KEY_MGMT_FILS_SHA256) {
263 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FILS_SHA256);
264 pos += RSN_SELECTOR_LEN;
265 num_suites++;
266 }
267 if (key_mgmt & WPA_KEY_MGMT_FILS_SHA384) {
268 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FILS_SHA384);
269 pos += RSN_SELECTOR_LEN;
270 num_suites++;
271 }
272 #ifdef CONFIG_IEEE80211R_AP
273 if (key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256) {
274 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_FILS_SHA256);
275 pos += RSN_SELECTOR_LEN;
276 num_suites++;
277 }
278 if (key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384) {
279 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_FT_FILS_SHA384);
280 pos += RSN_SELECTOR_LEN;
281 num_suites++;
282 }
283 #endif /* CONFIG_IEEE80211R_AP */
284 #endif /* CONFIG_FILS */
285 #ifdef CONFIG_OWE
286 if (key_mgmt & WPA_KEY_MGMT_OWE) {
287 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_OWE);
288 pos += RSN_SELECTOR_LEN;
289 num_suites++;
290 }
291 #endif /* CONFIG_OWE */
292 #ifdef CONFIG_DPP
293 if (key_mgmt & WPA_KEY_MGMT_DPP) {
294 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_DPP);
295 pos += RSN_SELECTOR_LEN;
296 num_suites++;
297 }
298 #endif /* CONFIG_DPP */
299 #ifdef CONFIG_HS20
300 if (key_mgmt & WPA_KEY_MGMT_OSEN) {
301 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_OSEN);
302 pos += RSN_SELECTOR_LEN;
303 num_suites++;
304 }
305 #endif /* CONFIG_HS20 */
306 #ifdef CONFIG_PASN
307 if (key_mgmt & WPA_KEY_MGMT_PASN) {
308 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_PASN);
309 pos += RSN_SELECTOR_LEN;
310 num_suites++;
311 }
312 #endif /* CONFIG_PASN */
313
314 #ifdef CONFIG_RSN_TESTING
315 if (rsn_testing) {
316 RSN_SELECTOR_PUT(pos, RSN_SELECTOR(0x12, 0x34, 0x56, 2));
317 pos += RSN_SELECTOR_LEN;
318 num_suites++;
319 }
320 #endif /* CONFIG_RSN_TESTING */
321
322 if (num_suites == 0) {
323 wpa_printf(MSG_DEBUG, "Invalid key management type (%d).",
324 key_mgmt);
325 return NULL;
326 }
327 WPA_PUT_LE16(count, num_suites);
328
329 /* RSN Capabilities */
330 WPA_PUT_LE16(pos, rsn_capab);
331 pos += 2;
332
333 if (pmkid) {
334 if (2 + PMKID_LEN > buf + len - pos)
335 return NULL;
336 /* PMKID Count */
337 WPA_PUT_LE16(pos, 1);
338 pos += 2;
339 os_memcpy(pos, pmkid, PMKID_LEN);
340 pos += PMKID_LEN;
341 }
342
343
344 if (mfp != NO_MGMT_FRAME_PROTECTION &&
345 group_mgmt_cipher != WPA_CIPHER_AES_128_CMAC) {
346 if (2 + 4 > buf + len - pos)
347 return NULL;
348 if (!pmkid) {
349 /* PMKID Count */
350 WPA_PUT_LE16(pos, 0);
351 pos += 2;
352 }
353
354 /* Management Group Cipher Suite */
355 switch (group_mgmt_cipher) {
356 case WPA_CIPHER_AES_128_CMAC:
357 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
358 break;
359 case WPA_CIPHER_BIP_GMAC_128:
360 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_BIP_GMAC_128);
361 break;
362 case WPA_CIPHER_BIP_GMAC_256:
363 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_BIP_GMAC_256);
364 break;
365 case WPA_CIPHER_BIP_CMAC_256:
366 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_BIP_CMAC_256);
367 break;
368 default:
369 wpa_printf(MSG_DEBUG,
370 "Invalid group management cipher (0x%x)",
371 group_mgmt_cipher);
372 return NULL;
373 }
374 pos += RSN_SELECTOR_LEN;
375 }
376
377 #ifdef CONFIG_RSN_TESTING
378 if (rsn_testing) {
379 /*
380 * Fill in any defined fields and add extra data to the end of
381 * the element.
382 */
383 int pmkid_count_set = pmkid != NULL;
384 if (mfp != NO_MGMT_FRAME_PROTECTION)
385 pmkid_count_set = 1;
386 /* PMKID Count */
387 WPA_PUT_LE16(pos, 0);
388 pos += 2;
389 if (mfp == NO_MGMT_FRAME_PROTECTION) {
390 /* Management Group Cipher Suite */
391 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_AES_128_CMAC);
392 pos += RSN_SELECTOR_LEN;
393 }
394
395 os_memset(pos, 0x12, 17);
396 pos += 17;
397 }
398 #endif /* CONFIG_RSN_TESTING */
399 return pos;
400 }
401
402
wpa_write_rsn_ie(struct wpa_auth_config * conf,u8 * buf,size_t len,const u8 * pmkid)403 int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
404 const u8 *pmkid)
405 {
406 struct rsn_ie_hdr *hdr;
407 u8 *pos;
408
409 hdr = (struct rsn_ie_hdr *) buf;
410 hdr->elem_id = WLAN_EID_RSN;
411 WPA_PUT_LE16(hdr->version, RSN_VERSION);
412 pos = (u8 *) (hdr + 1);
413
414 pos = rsne_write_data(buf, len, pos, conf->wpa_group,
415 conf->rsn_pairwise, conf->wpa_key_mgmt,
416 wpa_own_rsn_capab(conf, conf->ieee80211w), pmkid,
417 conf->ieee80211w, conf->group_mgmt_cipher);
418 if (!pos)
419 return -1;
420
421 hdr->len = (pos - buf) - 2;
422
423 return pos - buf;
424 }
425
426
wpa_write_rsne_override(struct wpa_auth_config * conf,u8 * buf,size_t len)427 static int wpa_write_rsne_override(struct wpa_auth_config *conf, u8 *buf,
428 size_t len)
429 {
430 u8 *pos, *len_pos;
431
432 pos = buf;
433 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
434 len_pos = pos++;
435
436 WPA_PUT_BE32(pos, RSNE_OVERRIDE_IE_VENDOR_TYPE);
437 pos += 4;
438
439 WPA_PUT_LE16(pos, RSN_VERSION);
440 pos += 2;
441
442 pos = rsne_write_data(buf, len, pos, conf->wpa_group,
443 conf->rsn_override_pairwise,
444 conf->rsn_override_key_mgmt,
445 wpa_own_rsn_capab(conf, conf->rsn_override_mfp),
446 NULL, conf->rsn_override_mfp,
447 conf->group_mgmt_cipher);
448 if (!pos)
449 return -1;
450
451 *len_pos = (pos - buf) - 2;
452
453 return pos - buf;
454 }
455
456
wpa_write_rsne_override_2(struct wpa_auth_config * conf,u8 * buf,size_t len)457 static int wpa_write_rsne_override_2(struct wpa_auth_config *conf, u8 *buf,
458 size_t len)
459 {
460 u8 *pos, *len_pos;
461
462 pos = buf;
463 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
464 len_pos = pos++;
465
466 WPA_PUT_BE32(pos, RSNE_OVERRIDE_2_IE_VENDOR_TYPE);
467 pos += 4;
468
469 WPA_PUT_LE16(pos, RSN_VERSION);
470 pos += 2;
471
472 pos = rsne_write_data(buf, len, pos, conf->wpa_group,
473 conf->rsn_override_pairwise_2,
474 conf->rsn_override_key_mgmt_2,
475 wpa_own_rsn_capab(conf, conf->rsn_override_mfp_2),
476 NULL, conf->rsn_override_mfp_2,
477 conf->group_mgmt_cipher);
478 if (!pos)
479 return -1;
480
481 *len_pos = (pos - buf) - 2;
482
483 return pos - buf;
484 }
485
486
rsnxe_capab(struct wpa_auth_config * conf,int key_mgmt)487 static u32 rsnxe_capab(struct wpa_auth_config *conf, int key_mgmt)
488 {
489 u32 capab = 0;
490
491 if (wpa_key_mgmt_sae(key_mgmt) &&
492 (conf->sae_pwe == SAE_PWE_HASH_TO_ELEMENT ||
493 conf->sae_pwe == SAE_PWE_BOTH || conf->sae_pk ||
494 wpa_key_mgmt_sae_ext_key(key_mgmt))) {
495 capab |= BIT(WLAN_RSNX_CAPAB_SAE_H2E);
496 #ifdef CONFIG_SAE_PK
497 if (conf->sae_pk)
498 capab |= BIT(WLAN_RSNX_CAPAB_SAE_PK);
499 #endif /* CONFIG_SAE_PK */
500 }
501
502 if (conf->secure_ltf)
503 capab |= BIT(WLAN_RSNX_CAPAB_SECURE_LTF);
504 if (conf->secure_rtt)
505 capab |= BIT(WLAN_RSNX_CAPAB_SECURE_RTT);
506 if (conf->prot_range_neg)
507 capab |= BIT(WLAN_RSNX_CAPAB_URNM_MFPR);
508 if (conf->ssid_protection)
509 capab |= BIT(WLAN_RSNX_CAPAB_SSID_PROTECTION);
510
511 return capab;
512 }
513
514
wpa_write_rsnxe(struct wpa_auth_config * conf,u8 * buf,size_t len)515 int wpa_write_rsnxe(struct wpa_auth_config *conf, u8 *buf, size_t len)
516 {
517 u8 *pos = buf;
518 u32 capab = 0, tmp;
519 size_t flen;
520
521 capab = rsnxe_capab(conf, conf->wpa_key_mgmt);
522
523 if (!capab)
524 return 0; /* no supported extended RSN capabilities */
525 tmp = capab;
526 flen = 0;
527 while (tmp) {
528 flen++;
529 tmp >>= 8;
530 }
531 if (len < 2 + flen)
532 return -1;
533 capab |= flen - 1; /* bit 0-3 = Field length (n - 1) */
534
535 *pos++ = WLAN_EID_RSNX;
536 *pos++ = flen;
537 while (capab) {
538 *pos++ = capab & 0xff;
539 capab >>= 8;
540 }
541
542 return pos - buf;
543 }
544
545
wpa_write_rsnxe_override(struct wpa_auth_config * conf,u8 * buf,size_t len)546 static int wpa_write_rsnxe_override(struct wpa_auth_config *conf, u8 *buf,
547 size_t len)
548 {
549 u8 *pos = buf;
550 u32 capab, tmp;
551 size_t flen;
552
553 capab = rsnxe_capab(conf, conf->rsn_override_key_mgmt |
554 conf->rsn_override_key_mgmt_2);
555
556 if (!capab)
557 return 0; /* no supported extended RSN capabilities */
558 tmp = capab;
559 flen = 0;
560 while (tmp) {
561 flen++;
562 tmp >>= 8;
563 }
564 if (len < 2 + flen)
565 return -1;
566 capab |= flen - 1; /* bit 0-3 = Field length (n - 1) */
567
568 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
569 *pos++ = 4 + flen;
570 WPA_PUT_BE32(pos, RSNXE_OVERRIDE_IE_VENDOR_TYPE);
571 pos += 4;
572
573 while (capab) {
574 *pos++ = capab & 0xff;
575 capab >>= 8;
576 }
577
578 return pos - buf;
579 }
580
581
wpa_write_osen(struct wpa_auth_config * conf,u8 * eid)582 static u8 * wpa_write_osen(struct wpa_auth_config *conf, u8 *eid)
583 {
584 u8 *len;
585 u16 capab;
586
587 *eid++ = WLAN_EID_VENDOR_SPECIFIC;
588 len = eid++; /* to be filled */
589 WPA_PUT_BE24(eid, OUI_WFA);
590 eid += 3;
591 *eid++ = HS20_OSEN_OUI_TYPE;
592
593 /* Group Data Cipher Suite */
594 RSN_SELECTOR_PUT(eid, RSN_CIPHER_SUITE_NO_GROUP_ADDRESSED);
595 eid += RSN_SELECTOR_LEN;
596
597 /* Pairwise Cipher Suite Count and List */
598 WPA_PUT_LE16(eid, 1);
599 eid += 2;
600 RSN_SELECTOR_PUT(eid, RSN_CIPHER_SUITE_CCMP);
601 eid += RSN_SELECTOR_LEN;
602
603 /* AKM Suite Count and List */
604 WPA_PUT_LE16(eid, 1);
605 eid += 2;
606 RSN_SELECTOR_PUT(eid, RSN_AUTH_KEY_MGMT_OSEN);
607 eid += RSN_SELECTOR_LEN;
608
609 /* RSN Capabilities */
610 capab = 0;
611 if (conf->wmm_enabled) {
612 /* 4 PTKSA replay counters when using WMM */
613 capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
614 }
615 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
616 capab |= WPA_CAPABILITY_MFPC;
617 if (conf->ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED)
618 capab |= WPA_CAPABILITY_MFPR;
619 }
620 #ifdef CONFIG_OCV
621 if (conf->ocv)
622 capab |= WPA_CAPABILITY_OCVC;
623 #endif /* CONFIG_OCV */
624 WPA_PUT_LE16(eid, capab);
625 eid += 2;
626
627 *len = eid - len - 1;
628
629 return eid;
630 }
631
632
wpa_auth_gen_wpa_ie(struct wpa_authenticator * wpa_auth)633 int wpa_auth_gen_wpa_ie(struct wpa_authenticator *wpa_auth)
634 {
635 u8 *pos, buf[1500];
636 int res;
637
638 #ifdef CONFIG_TESTING_OPTIONS
639 if (wpa_auth->conf.own_ie_override_len) {
640 wpa_hexdump(MSG_DEBUG, "WPA: Forced own IE(s) for testing",
641 wpa_auth->conf.own_ie_override,
642 wpa_auth->conf.own_ie_override_len);
643 os_free(wpa_auth->wpa_ie);
644 wpa_auth->wpa_ie =
645 os_malloc(wpa_auth->conf.own_ie_override_len);
646 if (wpa_auth->wpa_ie == NULL)
647 return -1;
648 os_memcpy(wpa_auth->wpa_ie, wpa_auth->conf.own_ie_override,
649 wpa_auth->conf.own_ie_override_len);
650 wpa_auth->wpa_ie_len = wpa_auth->conf.own_ie_override_len;
651 return 0;
652 }
653 #endif /* CONFIG_TESTING_OPTIONS */
654
655 pos = buf;
656
657 if (wpa_auth->conf.wpa == WPA_PROTO_OSEN) {
658 pos = wpa_write_osen(&wpa_auth->conf, pos);
659 }
660 if (wpa_auth->conf.wpa & WPA_PROTO_RSN) {
661 #ifdef CONFIG_TESTING_OPTIONS
662 if (wpa_auth->conf.rsne_override_set) {
663 wpa_hexdump(MSG_DEBUG,
664 "RSN: Forced own RSNE for testing",
665 wpa_auth->conf.rsne_override,
666 wpa_auth->conf.rsne_override_len);
667 if (sizeof(buf) - (pos - buf) <
668 wpa_auth->conf.rsne_override_len)
669 return -1;
670 os_memcpy(pos, wpa_auth->conf.rsne_override,
671 wpa_auth->conf.rsne_override_len);
672 pos += wpa_auth->conf.rsne_override_len;
673 goto rsnxe;
674 }
675 #endif /* CONFIG_TESTING_OPTIONS */
676 res = wpa_write_rsn_ie(&wpa_auth->conf,
677 pos, buf + sizeof(buf) - pos, NULL);
678 if (res < 0)
679 return res;
680 pos += res;
681 #ifdef CONFIG_TESTING_OPTIONS
682 rsnxe:
683 if (wpa_auth->conf.rsnxe_override_set) {
684 wpa_hexdump(MSG_DEBUG,
685 "RSN: Forced own RSNXE for testing",
686 wpa_auth->conf.rsnxe_override,
687 wpa_auth->conf.rsnxe_override_len);
688 if (sizeof(buf) - (pos - buf) <
689 wpa_auth->conf.rsnxe_override_len)
690 return -1;
691 os_memcpy(pos, wpa_auth->conf.rsnxe_override,
692 wpa_auth->conf.rsnxe_override_len);
693 pos += wpa_auth->conf.rsnxe_override_len;
694 goto fte;
695 }
696 #endif /* CONFIG_TESTING_OPTIONS */
697 if (wpa_auth->conf.rsn_override_omit_rsnxe)
698 res = 0;
699 else
700 res = wpa_write_rsnxe(&wpa_auth->conf, pos,
701 buf + sizeof(buf) - pos);
702 if (res < 0)
703 return res;
704 pos += res;
705 }
706 #ifdef CONFIG_TESTING_OPTIONS
707 fte:
708 #endif /* CONFIG_TESTING_OPTIONS */
709 #ifdef CONFIG_IEEE80211R_AP
710 if (wpa_key_mgmt_ft(wpa_auth->conf.wpa_key_mgmt)) {
711 res = wpa_write_mdie(&wpa_auth->conf, pos,
712 buf + sizeof(buf) - pos);
713 if (res < 0)
714 return res;
715 pos += res;
716 }
717 #endif /* CONFIG_IEEE80211R_AP */
718 if (wpa_auth->conf.wpa & WPA_PROTO_WPA) {
719 res = wpa_write_wpa_ie(&wpa_auth->conf,
720 pos, buf + sizeof(buf) - pos);
721 if (res < 0)
722 return res;
723 pos += res;
724 }
725 if ((wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
726 wpa_auth->conf.rsn_override_key_mgmt) {
727 #ifdef CONFIG_TESTING_OPTIONS
728 if (wpa_auth->conf.rsnoe_override_set) {
729 wpa_hexdump(MSG_DEBUG,
730 "RSN: Forced own RSNOE for testing",
731 wpa_auth->conf.rsnoe_override,
732 wpa_auth->conf.rsnoe_override_len);
733 if (sizeof(buf) - (pos - buf) <
734 wpa_auth->conf.rsnoe_override_len)
735 return -1;
736 os_memcpy(pos, wpa_auth->conf.rsnoe_override,
737 wpa_auth->conf.rsnoe_override_len);
738 pos += wpa_auth->conf.rsnoe_override_len;
739 goto rsno2e;
740 }
741 #endif /* CONFIG_TESTING_OPTIONS */
742 res = wpa_write_rsne_override(&wpa_auth->conf,
743 pos, buf + sizeof(buf) - pos);
744 if (res < 0)
745 return res;
746 pos += res;
747 }
748 #ifdef CONFIG_TESTING_OPTIONS
749 rsno2e:
750 #endif /* CONFIG_TESTING_OPTIONS */
751 if ((wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
752 wpa_auth->conf.rsn_override_key_mgmt_2) {
753 #ifdef CONFIG_TESTING_OPTIONS
754 if (wpa_auth->conf.rsno2e_override_set) {
755 wpa_hexdump(MSG_DEBUG,
756 "RSN: Forced own RSNO2E for testing",
757 wpa_auth->conf.rsno2e_override,
758 wpa_auth->conf.rsno2e_override_len);
759 if (sizeof(buf) - (pos - buf) <
760 wpa_auth->conf.rsno2e_override_len)
761 return -1;
762 os_memcpy(pos, wpa_auth->conf.rsno2e_override,
763 wpa_auth->conf.rsno2e_override_len);
764 pos += wpa_auth->conf.rsno2e_override_len;
765 goto rsnxoe;
766 }
767 #endif /* CONFIG_TESTING_OPTIONS */
768 res = wpa_write_rsne_override_2(&wpa_auth->conf, pos,
769 buf + sizeof(buf) - pos);
770 if (res < 0)
771 return res;
772 pos += res;
773 }
774 #ifdef CONFIG_TESTING_OPTIONS
775 rsnxoe:
776 #endif /* CONFIG_TESTING_OPTIONS */
777 if ((wpa_auth->conf.wpa & WPA_PROTO_RSN) &&
778 (wpa_auth->conf.rsn_override_key_mgmt ||
779 wpa_auth->conf.rsn_override_key_mgmt_2)) {
780 #ifdef CONFIG_TESTING_OPTIONS
781 if (wpa_auth->conf.rsnxoe_override_set) {
782 wpa_hexdump(MSG_DEBUG,
783 "RSN: Forced own RSNXOE for testing",
784 wpa_auth->conf.rsnxoe_override,
785 wpa_auth->conf.rsnxoe_override_len);
786 if (sizeof(buf) - (pos - buf) <
787 wpa_auth->conf.rsnxoe_override_len)
788 return -1;
789 os_memcpy(pos, wpa_auth->conf.rsnxoe_override,
790 wpa_auth->conf.rsnxoe_override_len);
791 pos += wpa_auth->conf.rsnxoe_override_len;
792 goto done;
793 }
794 #endif /* CONFIG_TESTING_OPTIONS */
795 res = wpa_write_rsnxe_override(&wpa_auth->conf, pos,
796 buf + sizeof(buf) - pos);
797 if (res < 0)
798 return res;
799 pos += res;
800 }
801 #ifdef CONFIG_TESTING_OPTIONS
802 done:
803 #endif /* CONFIG_TESTING_OPTIONS */
804
805 wpa_hexdump(MSG_DEBUG, "RSN: Own IEs", buf, pos - buf);
806 os_free(wpa_auth->wpa_ie);
807 wpa_auth->wpa_ie = os_malloc(pos - buf);
808 if (wpa_auth->wpa_ie == NULL)
809 return -1;
810 os_memcpy(wpa_auth->wpa_ie, buf, pos - buf);
811 wpa_auth->wpa_ie_len = pos - buf;
812
813 return 0;
814 }
815
816
wpa_add_kde(u8 * pos,u32 kde,const u8 * data,size_t data_len,const u8 * data2,size_t data2_len)817 u8 * wpa_add_kde(u8 *pos, u32 kde, const u8 *data, size_t data_len,
818 const u8 *data2, size_t data2_len)
819 {
820 *pos++ = WLAN_EID_VENDOR_SPECIFIC;
821 *pos++ = RSN_SELECTOR_LEN + data_len + data2_len;
822 RSN_SELECTOR_PUT(pos, kde);
823 pos += RSN_SELECTOR_LEN;
824 os_memcpy(pos, data, data_len);
825 pos += data_len;
826 if (data2) {
827 os_memcpy(pos, data2, data2_len);
828 pos += data2_len;
829 }
830 return pos;
831 }
832
833
834 struct wpa_auth_okc_iter_data {
835 struct rsn_pmksa_cache_entry *pmksa;
836 const u8 *aa;
837 const u8 *spa;
838 const u8 *pmkid;
839 };
840
841
wpa_auth_okc_iter(struct wpa_authenticator * a,void * ctx)842 static int wpa_auth_okc_iter(struct wpa_authenticator *a, void *ctx)
843 {
844 struct wpa_auth_okc_iter_data *data = ctx;
845 data->pmksa = pmksa_cache_get_okc(a->pmksa, data->aa, data->spa,
846 data->pmkid);
847 if (data->pmksa)
848 return 1;
849 return 0;
850 }
851
852
853 enum wpa_validate_result
wpa_validate_wpa_ie(struct wpa_authenticator * wpa_auth,struct wpa_state_machine * sm,int freq,const u8 * wpa_ie,size_t wpa_ie_len,const u8 * rsnxe,size_t rsnxe_len,const u8 * mdie,size_t mdie_len,const u8 * owe_dh,size_t owe_dh_len,struct wpa_state_machine * assoc_sm)854 wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth,
855 struct wpa_state_machine *sm, int freq,
856 const u8 *wpa_ie, size_t wpa_ie_len,
857 const u8 *rsnxe, size_t rsnxe_len,
858 const u8 *mdie, size_t mdie_len,
859 const u8 *owe_dh, size_t owe_dh_len,
860 struct wpa_state_machine *assoc_sm)
861 {
862 struct wpa_auth_config *conf = &wpa_auth->conf;
863 struct wpa_ie_data data;
864 int ciphers, key_mgmt, res, version;
865 u32 selector;
866 size_t i;
867 const u8 *pmkid = NULL;
868
869 if (wpa_auth == NULL || sm == NULL)
870 return WPA_NOT_ENABLED;
871
872 if (wpa_ie == NULL || wpa_ie_len < 1)
873 return WPA_INVALID_IE;
874
875 if (wpa_ie[0] == WLAN_EID_RSN)
876 version = WPA_PROTO_RSN;
877 else
878 version = WPA_PROTO_WPA;
879
880 if (!(wpa_auth->conf.wpa & version)) {
881 wpa_printf(MSG_DEBUG, "Invalid WPA proto (%d) from " MACSTR,
882 version, MAC2STR(sm->addr));
883 return WPA_INVALID_PROTO;
884 }
885
886 if (version == WPA_PROTO_RSN) {
887 res = wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, &data);
888 if (!data.has_pairwise)
889 data.pairwise_cipher = wpa_default_rsn_cipher(freq);
890 if (!data.has_group)
891 data.group_cipher = wpa_default_rsn_cipher(freq);
892
893 if (wpa_key_mgmt_ft(data.key_mgmt) && !mdie &&
894 !wpa_key_mgmt_only_ft(data.key_mgmt)) {
895 /* Workaround for some HP and Epson printers that seem
896 * to incorrectly copy the FT-PSK + WPA-PSK AKMs from AP
897 * advertised RSNE to Association Request frame. */
898 wpa_printf(MSG_DEBUG,
899 "RSN: FT set in RSNE AKM but MDE is missing from "
900 MACSTR
901 " - ignore FT AKM(s) because there's also a non-FT AKM",
902 MAC2STR(sm->addr));
903 data.key_mgmt &= ~WPA_KEY_MGMT_FT;
904 }
905
906 selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
907 if (0) {
908 }
909 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
910 selector = RSN_AUTH_KEY_MGMT_802_1X_SUITE_B_192;
911 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B)
912 selector = RSN_AUTH_KEY_MGMT_802_1X_SUITE_B;
913 #ifdef CONFIG_FILS
914 #ifdef CONFIG_IEEE80211R_AP
915 else if (data.key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384)
916 selector = RSN_AUTH_KEY_MGMT_FT_FILS_SHA384;
917 else if (data.key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256)
918 selector = RSN_AUTH_KEY_MGMT_FT_FILS_SHA256;
919 #endif /* CONFIG_IEEE80211R_AP */
920 else if (data.key_mgmt & WPA_KEY_MGMT_FILS_SHA384)
921 selector = RSN_AUTH_KEY_MGMT_FILS_SHA384;
922 else if (data.key_mgmt & WPA_KEY_MGMT_FILS_SHA256)
923 selector = RSN_AUTH_KEY_MGMT_FILS_SHA256;
924 #endif /* CONFIG_FILS */
925 #ifdef CONFIG_IEEE80211R_AP
926 #ifdef CONFIG_SHA384
927 else if (data.key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384)
928 selector = RSN_AUTH_KEY_MGMT_FT_802_1X_SHA384;
929 #endif /* CONFIG_SHA384 */
930 else if (data.key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
931 selector = RSN_AUTH_KEY_MGMT_FT_802_1X;
932 else if (data.key_mgmt & WPA_KEY_MGMT_FT_PSK)
933 selector = RSN_AUTH_KEY_MGMT_FT_PSK;
934 #endif /* CONFIG_IEEE80211R_AP */
935 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256)
936 selector = RSN_AUTH_KEY_MGMT_802_1X_SHA256;
937 else if (data.key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
938 selector = RSN_AUTH_KEY_MGMT_PSK_SHA256;
939 #ifdef CONFIG_SAE
940 else if (data.key_mgmt & WPA_KEY_MGMT_SAE)
941 selector = RSN_AUTH_KEY_MGMT_SAE;
942 else if (data.key_mgmt & WPA_KEY_MGMT_SAE_EXT_KEY)
943 selector = RSN_AUTH_KEY_MGMT_SAE_EXT_KEY;
944 else if (data.key_mgmt & WPA_KEY_MGMT_FT_SAE)
945 selector = RSN_AUTH_KEY_MGMT_FT_SAE;
946 else if (data.key_mgmt & WPA_KEY_MGMT_FT_SAE_EXT_KEY)
947 selector = RSN_AUTH_KEY_MGMT_FT_SAE_EXT_KEY;
948 #endif /* CONFIG_SAE */
949 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
950 selector = RSN_AUTH_KEY_MGMT_UNSPEC_802_1X;
951 else if (data.key_mgmt & WPA_KEY_MGMT_PSK)
952 selector = RSN_AUTH_KEY_MGMT_PSK_OVER_802_1X;
953 #ifdef CONFIG_OWE
954 else if (data.key_mgmt & WPA_KEY_MGMT_OWE)
955 selector = RSN_AUTH_KEY_MGMT_OWE;
956 #endif /* CONFIG_OWE */
957 #ifdef CONFIG_DPP
958 else if (data.key_mgmt & WPA_KEY_MGMT_DPP)
959 selector = RSN_AUTH_KEY_MGMT_DPP;
960 #endif /* CONFIG_DPP */
961 #ifdef CONFIG_HS20
962 else if (data.key_mgmt & WPA_KEY_MGMT_OSEN)
963 selector = RSN_AUTH_KEY_MGMT_OSEN;
964 #endif /* CONFIG_HS20 */
965 #ifdef CONFIG_SHA384
966 else if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA384)
967 selector = RSN_AUTH_KEY_MGMT_802_1X_SHA384;
968 #endif /* CONFIG_SHA384 */
969 wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector;
970
971 selector = wpa_cipher_to_suite(WPA_PROTO_RSN,
972 data.pairwise_cipher);
973 if (!selector)
974 selector = RSN_CIPHER_SUITE_CCMP;
975 wpa_auth->dot11RSNAPairwiseCipherSelected = selector;
976
977 selector = wpa_cipher_to_suite(WPA_PROTO_RSN,
978 data.group_cipher);
979 if (!selector)
980 selector = RSN_CIPHER_SUITE_CCMP;
981 wpa_auth->dot11RSNAGroupCipherSelected = selector;
982 } else {
983 res = wpa_parse_wpa_ie_wpa(wpa_ie, wpa_ie_len, &data);
984
985 selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
986 if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X)
987 selector = WPA_AUTH_KEY_MGMT_UNSPEC_802_1X;
988 else if (data.key_mgmt & WPA_KEY_MGMT_PSK)
989 selector = WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X;
990 wpa_auth->dot11RSNAAuthenticationSuiteSelected = selector;
991
992 selector = wpa_cipher_to_suite(WPA_PROTO_WPA,
993 data.pairwise_cipher);
994 if (!selector)
995 selector = RSN_CIPHER_SUITE_TKIP;
996 wpa_auth->dot11RSNAPairwiseCipherSelected = selector;
997
998 selector = wpa_cipher_to_suite(WPA_PROTO_WPA,
999 data.group_cipher);
1000 if (!selector)
1001 selector = WPA_CIPHER_SUITE_TKIP;
1002 wpa_auth->dot11RSNAGroupCipherSelected = selector;
1003 }
1004 if (res) {
1005 wpa_printf(MSG_DEBUG, "Failed to parse WPA/RSN IE from "
1006 MACSTR " (res=%d)", MAC2STR(sm->addr), res);
1007 wpa_hexdump(MSG_DEBUG, "WPA/RSN IE", wpa_ie, wpa_ie_len);
1008 return WPA_INVALID_IE;
1009 }
1010
1011 if (data.group_cipher != wpa_auth->conf.wpa_group) {
1012 wpa_printf(MSG_DEBUG, "Invalid WPA group cipher (0x%x) from "
1013 MACSTR, data.group_cipher, MAC2STR(sm->addr));
1014 return WPA_INVALID_GROUP;
1015 }
1016
1017 if (sm->rsn_override_2)
1018 key_mgmt = data.key_mgmt &
1019 wpa_auth->conf.rsn_override_key_mgmt_2;
1020 else if (sm->rsn_override)
1021 key_mgmt = data.key_mgmt & wpa_auth->conf.rsn_override_key_mgmt;
1022 else
1023 key_mgmt = data.key_mgmt & wpa_auth->conf.wpa_key_mgmt;
1024 if (!key_mgmt) {
1025 wpa_printf(MSG_DEBUG, "Invalid WPA key mgmt (0x%x) from "
1026 MACSTR, data.key_mgmt, MAC2STR(sm->addr));
1027 return WPA_INVALID_AKMP;
1028 }
1029 if (0) {
1030 }
1031 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
1032 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B_192;
1033 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B)
1034 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B;
1035 #ifdef CONFIG_FILS
1036 #ifdef CONFIG_IEEE80211R_AP
1037 else if (key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA384)
1038 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384;
1039 else if (data.key_mgmt & WPA_KEY_MGMT_FT_FILS_SHA256)
1040 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256;
1041 #endif /* CONFIG_IEEE80211R_AP */
1042 else if (key_mgmt & WPA_KEY_MGMT_FILS_SHA384)
1043 sm->wpa_key_mgmt = WPA_KEY_MGMT_FILS_SHA384;
1044 else if (key_mgmt & WPA_KEY_MGMT_FILS_SHA256)
1045 sm->wpa_key_mgmt = WPA_KEY_MGMT_FILS_SHA256;
1046 #endif /* CONFIG_FILS */
1047 #ifdef CONFIG_IEEE80211R_AP
1048 #ifdef CONFIG_SHA384
1049 else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X_SHA384)
1050 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
1051 #endif /* CONFIG_SHA384 */
1052 else if (key_mgmt & WPA_KEY_MGMT_FT_IEEE8021X)
1053 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
1054 else if (key_mgmt & WPA_KEY_MGMT_FT_PSK)
1055 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_PSK;
1056 #endif /* CONFIG_IEEE80211R_AP */
1057 #ifdef CONFIG_SHA384
1058 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA384)
1059 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA384;
1060 #endif /* CONFIG_SHA384 */
1061 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256)
1062 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
1063 else if (key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
1064 sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
1065 #ifdef CONFIG_SAE
1066 else if (key_mgmt & WPA_KEY_MGMT_SAE)
1067 sm->wpa_key_mgmt = WPA_KEY_MGMT_SAE;
1068 else if (key_mgmt & WPA_KEY_MGMT_SAE_EXT_KEY)
1069 sm->wpa_key_mgmt = WPA_KEY_MGMT_SAE_EXT_KEY;
1070 else if (key_mgmt & WPA_KEY_MGMT_FT_SAE)
1071 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_SAE;
1072 else if (key_mgmt & WPA_KEY_MGMT_FT_SAE_EXT_KEY)
1073 sm->wpa_key_mgmt = WPA_KEY_MGMT_FT_SAE_EXT_KEY;
1074 #endif /* CONFIG_SAE */
1075 else if (key_mgmt & WPA_KEY_MGMT_IEEE8021X)
1076 sm->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X;
1077 #ifdef CONFIG_OWE
1078 else if (key_mgmt & WPA_KEY_MGMT_OWE)
1079 sm->wpa_key_mgmt = WPA_KEY_MGMT_OWE;
1080 #endif /* CONFIG_OWE */
1081 #ifdef CONFIG_DPP
1082 else if (key_mgmt & WPA_KEY_MGMT_DPP)
1083 sm->wpa_key_mgmt = WPA_KEY_MGMT_DPP;
1084 #endif /* CONFIG_DPP */
1085 #ifdef CONFIG_HS20
1086 else if (key_mgmt & WPA_KEY_MGMT_OSEN)
1087 sm->wpa_key_mgmt = WPA_KEY_MGMT_OSEN;
1088 #endif /* CONFIG_HS20 */
1089 else
1090 sm->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
1091
1092 if (version == WPA_PROTO_RSN && sm->rsn_override_2)
1093 ciphers = data.pairwise_cipher &
1094 wpa_auth->conf.rsn_override_pairwise_2;
1095 else if (version == WPA_PROTO_RSN && sm->rsn_override)
1096 ciphers = data.pairwise_cipher &
1097 wpa_auth->conf.rsn_override_pairwise;
1098 else if (version == WPA_PROTO_RSN)
1099 ciphers = data.pairwise_cipher & wpa_auth->conf.rsn_pairwise;
1100 else
1101 ciphers = data.pairwise_cipher & wpa_auth->conf.wpa_pairwise;
1102 if (!ciphers) {
1103 wpa_printf(MSG_DEBUG, "Invalid %s pairwise cipher (0x%x) "
1104 "from " MACSTR,
1105 version == WPA_PROTO_RSN ? "RSN" : "WPA",
1106 data.pairwise_cipher, MAC2STR(sm->addr));
1107 return WPA_INVALID_PAIRWISE;
1108 }
1109
1110 if (wpa_auth->conf.ieee80211w == MGMT_FRAME_PROTECTION_REQUIRED) {
1111 if (!(data.capabilities & WPA_CAPABILITY_MFPC)) {
1112 wpa_printf(MSG_DEBUG, "Management frame protection "
1113 "required, but client did not enable it");
1114 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
1115 }
1116
1117 if (data.mgmt_group_cipher != wpa_auth->conf.group_mgmt_cipher)
1118 {
1119 wpa_printf(MSG_DEBUG, "Unsupported management group "
1120 "cipher %d", data.mgmt_group_cipher);
1121 return WPA_INVALID_MGMT_GROUP_CIPHER;
1122 }
1123 }
1124
1125 #ifdef CONFIG_SAE
1126 if (wpa_auth->conf.ieee80211w == MGMT_FRAME_PROTECTION_OPTIONAL &&
1127 wpa_auth->conf.sae_require_mfp &&
1128 wpa_key_mgmt_sae(sm->wpa_key_mgmt) &&
1129 !(data.capabilities & WPA_CAPABILITY_MFPC)) {
1130 wpa_printf(MSG_DEBUG,
1131 "Management frame protection required with SAE, but client did not enable it");
1132 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
1133 }
1134 #endif /* CONFIG_SAE */
1135
1136 #ifdef CONFIG_OCV
1137 if (wpa_auth->conf.ocv && (data.capabilities & WPA_CAPABILITY_OCVC) &&
1138 !(data.capabilities & WPA_CAPABILITY_MFPC)) {
1139 /* Some legacy MFP incapable STAs wrongly copy OCVC bit from
1140 * AP RSN capabilities. To improve interoperability with such
1141 * legacy STAs allow connection without enabling OCV when the
1142 * workaround mode (ocv=2) is enabled.
1143 */
1144 if (wpa_auth->conf.ocv == 2) {
1145 wpa_printf(MSG_DEBUG,
1146 "Allow connecting MFP incapable and OCV capable STA without enabling OCV");
1147 wpa_auth_set_ocv(sm, 0);
1148 } else {
1149 wpa_printf(MSG_DEBUG,
1150 "Management frame protection required with OCV, but client did not enable it");
1151 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
1152 }
1153 } else {
1154 wpa_auth_set_ocv(sm, (data.capabilities & WPA_CAPABILITY_OCVC) ?
1155 wpa_auth->conf.ocv : 0);
1156 }
1157 #endif /* CONFIG_OCV */
1158
1159 if (wpa_auth->conf.ieee80211w == NO_MGMT_FRAME_PROTECTION ||
1160 !(data.capabilities & WPA_CAPABILITY_MFPC))
1161 sm->mgmt_frame_prot = 0;
1162 else
1163 sm->mgmt_frame_prot = 1;
1164 sm->mfpr = !!(data.capabilities & WPA_CAPABILITY_MFPR);
1165
1166 if (sm->mgmt_frame_prot && (ciphers & WPA_CIPHER_TKIP)) {
1167 wpa_printf(MSG_DEBUG,
1168 "Management frame protection cannot use TKIP");
1169 return WPA_MGMT_FRAME_PROTECTION_VIOLATION;
1170 }
1171
1172 #ifdef CONFIG_IEEE80211R_AP
1173 if (wpa_key_mgmt_ft(sm->wpa_key_mgmt)) {
1174 if (mdie == NULL || mdie_len < MOBILITY_DOMAIN_ID_LEN + 1) {
1175 wpa_printf(MSG_DEBUG, "RSN: Trying to use FT, but "
1176 "MDIE not included");
1177 return WPA_INVALID_MDIE;
1178 }
1179 if (os_memcmp(mdie, wpa_auth->conf.mobility_domain,
1180 MOBILITY_DOMAIN_ID_LEN) != 0) {
1181 wpa_hexdump(MSG_DEBUG, "RSN: Attempted to use unknown "
1182 "MDIE", mdie, MOBILITY_DOMAIN_ID_LEN);
1183 return WPA_INVALID_MDIE;
1184 }
1185 } else if (mdie != NULL) {
1186 wpa_printf(MSG_DEBUG,
1187 "RSN: Trying to use non-FT AKM suite, but MDIE included");
1188 return WPA_INVALID_AKMP;
1189 }
1190 #endif /* CONFIG_IEEE80211R_AP */
1191
1192 #ifdef CONFIG_OWE
1193 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_OWE && !owe_dh) {
1194 wpa_printf(MSG_DEBUG,
1195 "OWE: No Diffie-Hellman Parameter element");
1196 return WPA_INVALID_AKMP;
1197 }
1198 #endif /* CONFIG_OWE */
1199
1200 #ifdef CONFIG_DPP2
1201 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP &&
1202 ((conf->dpp_pfs == 1 && !owe_dh) ||
1203 (conf->dpp_pfs == 2 && owe_dh))) {
1204 wpa_printf(MSG_DEBUG, "DPP: PFS %s",
1205 conf->dpp_pfs == 1 ? "required" : "not allowed");
1206 return WPA_DENIED_OTHER_REASON;
1207 }
1208 #endif /* CONFIG_DPP2 */
1209
1210 sm->pairwise = wpa_pick_pairwise_cipher(ciphers, 0);
1211 if (sm->pairwise < 0)
1212 return WPA_INVALID_PAIRWISE;
1213
1214 /* TODO: clear WPA/WPA2 state if STA changes from one to another */
1215 if (wpa_ie[0] == WLAN_EID_RSN)
1216 sm->wpa = WPA_VERSION_WPA2;
1217 else
1218 sm->wpa = WPA_VERSION_WPA;
1219
1220 if (assoc_sm) {
1221 /* For ML association link STA cannot choose a different
1222 * AKM or pairwise cipher from association STA */
1223 if (sm->wpa_key_mgmt != assoc_sm->wpa_key_mgmt)
1224 return WPA_INVALID_AKMP;
1225 if (sm->pairwise != assoc_sm->pairwise)
1226 return WPA_INVALID_PAIRWISE;
1227 }
1228
1229 #if defined(CONFIG_IEEE80211R_AP) && defined(CONFIG_FILS)
1230 if ((sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA256 ||
1231 sm->wpa_key_mgmt == WPA_KEY_MGMT_FT_FILS_SHA384) &&
1232 (sm->auth_alg == WLAN_AUTH_FILS_SK ||
1233 sm->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
1234 sm->auth_alg == WLAN_AUTH_FILS_PK) &&
1235 (data.num_pmkid != 1 || !data.pmkid || !sm->pmk_r1_name_valid ||
1236 os_memcmp_const(data.pmkid, sm->pmk_r1_name,
1237 WPA_PMK_NAME_LEN) != 0)) {
1238 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1239 "No PMKR1Name match for FILS+FT");
1240 return WPA_INVALID_PMKID;
1241 }
1242 #endif /* CONFIG_IEEE80211R_AP && CONFIG_FILS */
1243
1244 sm->pmksa = NULL;
1245 for (i = 0; i < data.num_pmkid; i++) {
1246 wpa_hexdump(MSG_DEBUG, "RSN IE: STA PMKID",
1247 &data.pmkid[i * PMKID_LEN], PMKID_LEN);
1248 sm->pmksa = pmksa_cache_auth_get(wpa_auth->pmksa, sm->addr,
1249 &data.pmkid[i * PMKID_LEN]);
1250 if (sm->pmksa) {
1251 pmkid = sm->pmksa->pmkid;
1252 break;
1253 }
1254 }
1255 for (i = 0; sm->pmksa == NULL && wpa_auth->conf.okc &&
1256 i < data.num_pmkid; i++) {
1257 struct wpa_auth_okc_iter_data idata;
1258 idata.pmksa = NULL;
1259 idata.aa = wpa_auth->addr;
1260 idata.spa = sm->addr;
1261 idata.pmkid = &data.pmkid[i * PMKID_LEN];
1262 wpa_auth_for_each_auth(wpa_auth, wpa_auth_okc_iter, &idata);
1263 if (idata.pmksa) {
1264 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1265 "OKC match for PMKID");
1266 sm->pmksa = pmksa_cache_add_okc(wpa_auth->pmksa,
1267 idata.pmksa,
1268 wpa_auth->addr,
1269 idata.pmkid);
1270 pmkid = idata.pmkid;
1271 break;
1272 }
1273 }
1274 if (sm->pmksa && pmkid) {
1275 struct vlan_description *vlan;
1276
1277 vlan = sm->pmksa->vlan_desc;
1278 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1279 "PMKID found from PMKSA cache eap_type=%d vlan=%d%s",
1280 sm->pmksa->eap_type_authsrv,
1281 vlan ? vlan->untagged : 0,
1282 (vlan && vlan->tagged[0]) ? "+" : "");
1283 os_memcpy(wpa_auth->dot11RSNAPMKIDUsed, pmkid, PMKID_LEN);
1284 }
1285
1286 #ifdef CONFIG_SAE
1287 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_SAE ||
1288 sm->wpa_key_mgmt == WPA_KEY_MGMT_SAE_EXT_KEY) {
1289 u64 drv_flags = 0;
1290 u64 drv_flags2 = 0;
1291 bool ap_sae_offload = false;
1292
1293 if (wpa_auth->cb->get_drv_flags &&
1294 wpa_auth->cb->get_drv_flags(wpa_auth->cb_ctx, &drv_flags,
1295 &drv_flags2) == 0)
1296 ap_sae_offload =
1297 !!(drv_flags2 &
1298 WPA_DRIVER_FLAGS2_SAE_OFFLOAD_AP);
1299
1300 if (!ap_sae_offload && data.num_pmkid && !sm->pmksa) {
1301 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1302 "No PMKSA cache entry found for SAE");
1303 return WPA_INVALID_PMKID;
1304 }
1305 }
1306 #endif /* CONFIG_SAE */
1307
1308 #ifdef CONFIG_DPP
1309 if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP && !sm->pmksa) {
1310 wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
1311 "No PMKSA cache entry found for DPP");
1312 return WPA_INVALID_PMKID;
1313 }
1314 #endif /* CONFIG_DPP */
1315
1316 if (conf->extended_key_id && sm->wpa == WPA_VERSION_WPA2 &&
1317 sm->pairwise != WPA_CIPHER_TKIP &&
1318 (data.capabilities & WPA_CAPABILITY_EXT_KEY_ID_FOR_UNICAST)) {
1319 sm->use_ext_key_id = true;
1320 if (conf->extended_key_id == 2 &&
1321 !wpa_key_mgmt_ft(sm->wpa_key_mgmt) &&
1322 !wpa_key_mgmt_fils(sm->wpa_key_mgmt))
1323 sm->keyidx_active = 1;
1324 else
1325 sm->keyidx_active = 0;
1326 wpa_printf(MSG_DEBUG,
1327 "RSN: Extended Key ID supported (start with %d)",
1328 sm->keyidx_active);
1329 } else {
1330 sm->use_ext_key_id = false;
1331 }
1332
1333 if (sm->wpa_ie == NULL || sm->wpa_ie_len < wpa_ie_len) {
1334 os_free(sm->wpa_ie);
1335 sm->wpa_ie = os_malloc(wpa_ie_len);
1336 if (sm->wpa_ie == NULL)
1337 return WPA_ALLOC_FAIL;
1338 }
1339 os_memcpy(sm->wpa_ie, wpa_ie, wpa_ie_len);
1340 sm->wpa_ie_len = wpa_ie_len;
1341
1342 if (rsnxe && rsnxe_len) {
1343 if (!sm->rsnxe || sm->rsnxe_len < rsnxe_len) {
1344 os_free(sm->rsnxe);
1345 sm->rsnxe = os_malloc(rsnxe_len);
1346 if (!sm->rsnxe)
1347 return WPA_ALLOC_FAIL;
1348 }
1349 os_memcpy(sm->rsnxe, rsnxe, rsnxe_len);
1350 sm->rsnxe_len = rsnxe_len;
1351 } else {
1352 os_free(sm->rsnxe);
1353 sm->rsnxe = NULL;
1354 sm->rsnxe_len = 0;
1355 }
1356
1357 return WPA_IE_OK;
1358 }
1359
1360
1361 #ifdef CONFIG_HS20
wpa_validate_osen(struct wpa_authenticator * wpa_auth,struct wpa_state_machine * sm,const u8 * osen_ie,size_t osen_ie_len)1362 int wpa_validate_osen(struct wpa_authenticator *wpa_auth,
1363 struct wpa_state_machine *sm,
1364 const u8 *osen_ie, size_t osen_ie_len)
1365 {
1366 if (wpa_auth == NULL || sm == NULL)
1367 return -1;
1368
1369 /* TODO: parse OSEN element */
1370 sm->wpa_key_mgmt = WPA_KEY_MGMT_OSEN;
1371 sm->mgmt_frame_prot = 1;
1372 sm->pairwise = WPA_CIPHER_CCMP;
1373 sm->wpa = WPA_VERSION_WPA2;
1374
1375 if (sm->wpa_ie == NULL || sm->wpa_ie_len < osen_ie_len) {
1376 os_free(sm->wpa_ie);
1377 sm->wpa_ie = os_malloc(osen_ie_len);
1378 if (sm->wpa_ie == NULL)
1379 return -1;
1380 }
1381
1382 os_memcpy(sm->wpa_ie, osen_ie, osen_ie_len);
1383 sm->wpa_ie_len = osen_ie_len;
1384
1385 return 0;
1386 }
1387
1388 #endif /* CONFIG_HS20 */
1389
1390
wpa_auth_uses_mfp(struct wpa_state_machine * sm)1391 int wpa_auth_uses_mfp(struct wpa_state_machine *sm)
1392 {
1393 return sm ? sm->mgmt_frame_prot : 0;
1394 }
1395
1396
1397 #ifdef CONFIG_OCV
1398
wpa_auth_set_ocv(struct wpa_state_machine * sm,int ocv)1399 void wpa_auth_set_ocv(struct wpa_state_machine *sm, int ocv)
1400 {
1401 if (sm)
1402 sm->ocv_enabled = ocv;
1403 }
1404
1405
wpa_auth_uses_ocv(struct wpa_state_machine * sm)1406 int wpa_auth_uses_ocv(struct wpa_state_machine *sm)
1407 {
1408 return sm ? sm->ocv_enabled : 0;
1409 }
1410
1411 #endif /* CONFIG_OCV */
1412
1413
1414 #ifdef CONFIG_OWE
wpa_auth_write_assoc_resp_owe(struct wpa_state_machine * sm,u8 * pos,size_t max_len,const u8 * req_ies,size_t req_ies_len)1415 u8 * wpa_auth_write_assoc_resp_owe(struct wpa_state_machine *sm,
1416 u8 *pos, size_t max_len,
1417 const u8 *req_ies, size_t req_ies_len)
1418 {
1419 int res;
1420 struct wpa_auth_config *conf;
1421
1422 if (!sm)
1423 return pos;
1424 conf = &sm->wpa_auth->conf;
1425
1426 #ifdef CONFIG_TESTING_OPTIONS
1427 if (conf->own_ie_override_len) {
1428 if (max_len < conf->own_ie_override_len)
1429 return NULL;
1430 wpa_hexdump(MSG_DEBUG, "WPA: Forced own IE(s) for testing",
1431 conf->own_ie_override, conf->own_ie_override_len);
1432 os_memcpy(pos, conf->own_ie_override,
1433 conf->own_ie_override_len);
1434 return pos + conf->own_ie_override_len;
1435 }
1436 #endif /* CONFIG_TESTING_OPTIONS */
1437
1438 res = wpa_write_rsn_ie(conf, pos, max_len,
1439 sm->pmksa ? sm->pmksa->pmkid : NULL);
1440 if (res < 0)
1441 return pos;
1442 return pos + res;
1443 }
1444 #endif /* CONFIG_OWE */
1445
1446
1447 #ifdef CONFIG_FILS
1448
wpa_auth_write_assoc_resp_fils(struct wpa_state_machine * sm,u8 * pos,size_t max_len,const u8 * req_ies,size_t req_ies_len)1449 u8 * wpa_auth_write_assoc_resp_fils(struct wpa_state_machine *sm,
1450 u8 *pos, size_t max_len,
1451 const u8 *req_ies, size_t req_ies_len)
1452 {
1453 int res;
1454
1455 if (!sm ||
1456 sm->wpa_key_mgmt & (WPA_KEY_MGMT_FT_FILS_SHA256 |
1457 WPA_KEY_MGMT_FT_FILS_SHA384))
1458 return pos;
1459
1460 res = wpa_write_rsn_ie(&sm->wpa_auth->conf, pos, max_len, NULL);
1461 if (res < 0)
1462 return pos;
1463 return pos + res;
1464 }
1465
1466
wpa_auth_write_fd_rsn_info(struct wpa_authenticator * wpa_auth,u8 * fd_rsn_info)1467 bool wpa_auth_write_fd_rsn_info(struct wpa_authenticator *wpa_auth,
1468 u8 *fd_rsn_info)
1469 {
1470 struct wpa_auth_config *conf;
1471 u32 selectors = 0;
1472 u8 *pos = fd_rsn_info;
1473 int i, res;
1474 u32 cipher, suite, selector, mask;
1475 u8 tmp[10 * RSN_SELECTOR_LEN];
1476
1477 if (!wpa_auth)
1478 return false;
1479 conf = &wpa_auth->conf;
1480
1481 if (!(conf->wpa & WPA_PROTO_RSN))
1482 return false;
1483
1484 /* RSN Capability (B0..B15) */
1485 WPA_PUT_LE16(pos, wpa_own_rsn_capab(conf, conf->ieee80211w));
1486 pos += 2;
1487
1488 /* Group Data Cipher Suite Selector (B16..B21) */
1489 suite = wpa_cipher_to_suite(WPA_PROTO_RSN, conf->wpa_group);
1490 if (suite == RSN_CIPHER_SUITE_NO_GROUP_ADDRESSED)
1491 cipher = 63; /* No cipher suite selected */
1492 else if ((suite >> 8) == 0x000fac && ((suite & 0xff) <= 13))
1493 cipher = suite & 0xff;
1494 else
1495 cipher = 62; /* vendor specific */
1496 selectors |= cipher;
1497
1498 /* Group Management Cipher Suite Selector (B22..B27) */
1499 cipher = 63; /* Default to no cipher suite selected */
1500 if (conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
1501 switch (conf->group_mgmt_cipher) {
1502 case WPA_CIPHER_AES_128_CMAC:
1503 cipher = RSN_CIPHER_SUITE_AES_128_CMAC & 0xff;
1504 break;
1505 case WPA_CIPHER_BIP_GMAC_128:
1506 cipher = RSN_CIPHER_SUITE_BIP_GMAC_128 & 0xff;
1507 break;
1508 case WPA_CIPHER_BIP_GMAC_256:
1509 cipher = RSN_CIPHER_SUITE_BIP_GMAC_256 & 0xff;
1510 break;
1511 case WPA_CIPHER_BIP_CMAC_256:
1512 cipher = RSN_CIPHER_SUITE_BIP_CMAC_256 & 0xff;
1513 break;
1514 }
1515 }
1516 selectors |= cipher << 6;
1517
1518 /* Pairwise Cipher Suite Selector (B28..B33) */
1519 cipher = 63; /* Default to no cipher suite selected */
1520 res = rsn_cipher_put_suites(tmp, conf->rsn_pairwise);
1521 if (res == 1 && tmp[0] == 0x00 && tmp[1] == 0x0f && tmp[2] == 0xac &&
1522 tmp[3] <= 13)
1523 cipher = tmp[3];
1524 selectors |= cipher << 12;
1525
1526 /* AKM Suite Selector (B34..B39) */
1527 selector = 0; /* default to AKM from RSNE in Beacon/Probe Response */
1528 mask = WPA_KEY_MGMT_FILS_SHA256 | WPA_KEY_MGMT_FILS_SHA384 |
1529 WPA_KEY_MGMT_FT_FILS_SHA384;
1530 if ((conf->wpa_key_mgmt & mask) && (conf->wpa_key_mgmt & ~mask) == 0) {
1531 suite = conf->wpa_key_mgmt & mask;
1532 if (suite == WPA_KEY_MGMT_FILS_SHA256)
1533 selector = 1; /* 00-0f-ac:14 */
1534 else if (suite == WPA_KEY_MGMT_FILS_SHA384)
1535 selector = 2; /* 00-0f-ac:15 */
1536 else if (suite == (WPA_KEY_MGMT_FILS_SHA256 |
1537 WPA_KEY_MGMT_FILS_SHA384))
1538 selector = 3; /* 00-0f-ac:14 or 00-0f-ac:15 */
1539 else if (suite == WPA_KEY_MGMT_FT_FILS_SHA384)
1540 selector = 4; /* 00-0f-ac:17 */
1541 }
1542 selectors |= selector << 18;
1543
1544 for (i = 0; i < 3; i++) {
1545 *pos++ = selectors & 0xff;
1546 selectors >>= 8;
1547 }
1548
1549 return true;
1550 }
1551
1552 #endif /* CONFIG_FILS */
1553