1 /*
2 * Received Data frame processing for EAPOL messages
3 * Copyright (c) 2010-2020, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #include "utils/common.h"
12 #include "crypto/aes_wrap.h"
13 #include "crypto/crypto.h"
14 #include "common/defs.h"
15 #include "common/ieee802_11_defs.h"
16 #include "common/ieee802_11_common.h"
17 #include "common/eapol_common.h"
18 #include "common/wpa_common.h"
19 #include "rsn_supp/wpa_ie.h"
20 #include "wlantest.h"
21
22
is_zero(const u8 * buf,size_t len)23 static int is_zero(const u8 *buf, size_t len)
24 {
25 size_t i;
26 for (i = 0; i < len; i++) {
27 if (buf[i])
28 return 0;
29 }
30 return 1;
31 }
32
33
check_mic(const u8 * kck,size_t kck_len,int akmp,int ver,const u8 * data,size_t len)34 static int check_mic(const u8 *kck, size_t kck_len, int akmp, int ver,
35 const u8 *data, size_t len)
36 {
37 u8 *buf;
38 int ret = -1;
39 struct ieee802_1x_hdr *hdr;
40 struct wpa_eapol_key *key;
41 u8 rx_mic[WPA_EAPOL_KEY_MIC_MAX_LEN];
42 size_t mic_len = wpa_mic_len(akmp, PMK_LEN);
43
44 buf = os_memdup(data, len);
45 if (buf == NULL)
46 return -1;
47 hdr = (struct ieee802_1x_hdr *) buf;
48 key = (struct wpa_eapol_key *) (hdr + 1);
49
50 os_memcpy(rx_mic, key + 1, mic_len);
51 os_memset(key + 1, 0, mic_len);
52
53 if (wpa_eapol_key_mic(kck, kck_len, akmp, ver, buf, len,
54 (u8 *) (key + 1)) == 0 &&
55 os_memcmp(rx_mic, key + 1, mic_len) == 0)
56 ret = 0;
57
58 os_free(buf);
59
60 return ret;
61 }
62
63
rx_data_eapol_key_1_of_4(struct wlantest * wt,const u8 * dst,const u8 * src,const u8 * data,size_t len)64 static void rx_data_eapol_key_1_of_4(struct wlantest *wt, const u8 *dst,
65 const u8 *src, const u8 *data, size_t len)
66 {
67 struct wlantest_bss *bss;
68 struct wlantest_sta *sta;
69 const struct ieee802_1x_hdr *eapol;
70 const struct wpa_eapol_key *hdr;
71
72 wpa_printf(MSG_DEBUG, "EAPOL-Key 1/4 " MACSTR " -> " MACSTR,
73 MAC2STR(src), MAC2STR(dst));
74 bss = bss_get(wt, src);
75 if (bss == NULL)
76 return;
77 sta = sta_get(bss, dst);
78 if (sta == NULL)
79 return;
80
81 eapol = (const struct ieee802_1x_hdr *) data;
82 hdr = (const struct wpa_eapol_key *) (eapol + 1);
83 if (is_zero(hdr->key_nonce, WPA_NONCE_LEN)) {
84 add_note(wt, MSG_INFO, "EAPOL-Key 1/4 from " MACSTR
85 " used zero nonce", MAC2STR(src));
86 }
87 if (!is_zero(hdr->key_rsc, 8)) {
88 add_note(wt, MSG_INFO, "EAPOL-Key 1/4 from " MACSTR
89 " used non-zero Key RSC", MAC2STR(src));
90 }
91 os_memcpy(sta->anonce, hdr->key_nonce, WPA_NONCE_LEN);
92 }
93
94
try_pmk(struct wlantest * wt,struct wlantest_bss * bss,struct wlantest_sta * sta,u16 ver,const u8 * data,size_t len,struct wlantest_pmk * pmk)95 static int try_pmk(struct wlantest *wt, struct wlantest_bss *bss,
96 struct wlantest_sta *sta, u16 ver,
97 const u8 *data, size_t len,
98 struct wlantest_pmk *pmk)
99 {
100 struct wpa_ptk ptk;
101
102 if (wpa_key_mgmt_ft(sta->key_mgmt)) {
103 u8 ptk_name[WPA_PMK_NAME_LEN];
104 int use_sha384 = wpa_key_mgmt_sha384(sta->key_mgmt);
105
106 if (wpa_derive_pmk_r0(pmk->pmk, pmk->pmk_len,
107 bss->ssid, bss->ssid_len, bss->mdid,
108 bss->r0kh_id, bss->r0kh_id_len,
109 sta->addr, sta->pmk_r0, sta->pmk_r0_name,
110 use_sha384) < 0)
111 return -1;
112 sta->pmk_r0_len = use_sha384 ? PMK_LEN_SUITE_B_192 : PMK_LEN;
113 if (wpa_derive_pmk_r1(sta->pmk_r0, sta->pmk_r0_len,
114 sta->pmk_r0_name,
115 bss->r1kh_id, sta->addr,
116 sta->pmk_r1, sta->pmk_r1_name) < 0)
117 return -1;
118 sta->pmk_r1_len = sta->pmk_r0_len;
119 if (wpa_pmk_r1_to_ptk(sta->pmk_r1, sta->pmk_r1_len,
120 sta->snonce, sta->anonce, sta->addr,
121 bss->bssid, sta->pmk_r1_name,
122 &ptk, ptk_name, sta->key_mgmt,
123 sta->pairwise_cipher, 0) < 0 ||
124 check_mic(ptk.kck, ptk.kck_len, sta->key_mgmt, ver, data,
125 len) < 0)
126 return -1;
127 } else if (wpa_pmk_to_ptk(pmk->pmk, pmk->pmk_len,
128 "Pairwise key expansion",
129 bss->bssid, sta->addr, sta->anonce,
130 sta->snonce, &ptk, sta->key_mgmt,
131 sta->pairwise_cipher, NULL, 0, 0) < 0 ||
132 check_mic(ptk.kck, ptk.kck_len, sta->key_mgmt, ver, data,
133 len) < 0) {
134 return -1;
135 }
136
137 wpa_printf(MSG_INFO, "Derived PTK for STA " MACSTR " BSSID " MACSTR,
138 MAC2STR(sta->addr), MAC2STR(bss->bssid));
139 sta->counters[WLANTEST_STA_COUNTER_PTK_LEARNED]++;
140 if (sta->ptk_set) {
141 /*
142 * Rekeying - use new PTK for EAPOL-Key frames, but continue
143 * using the old PTK for frame decryption.
144 */
145 add_note(wt, MSG_DEBUG, "Derived PTK during rekeying");
146 os_memcpy(&sta->tptk, &ptk, sizeof(ptk));
147 wpa_hexdump(MSG_DEBUG, "TPTK:KCK",
148 sta->tptk.kck, sta->tptk.kck_len);
149 wpa_hexdump(MSG_DEBUG, "TPTK:KEK",
150 sta->tptk.kek, sta->tptk.kek_len);
151 wpa_hexdump(MSG_DEBUG, "TPTK:TK",
152 sta->tptk.tk, sta->tptk.tk_len);
153 sta->tptk_set = 1;
154 return 0;
155 }
156 add_note(wt, MSG_DEBUG, "Derived new PTK");
157 os_memcpy(&sta->ptk, &ptk, sizeof(ptk));
158 wpa_hexdump(MSG_DEBUG, "PTK:KCK", sta->ptk.kck, sta->ptk.kck_len);
159 wpa_hexdump(MSG_DEBUG, "PTK:KEK", sta->ptk.kek, sta->ptk.kek_len);
160 wpa_hexdump(MSG_DEBUG, "PTK:TK", sta->ptk.tk, sta->ptk.tk_len);
161 sta->ptk_set = 1;
162 os_memset(sta->rsc_tods, 0, sizeof(sta->rsc_tods));
163 os_memset(sta->rsc_fromds, 0, sizeof(sta->rsc_fromds));
164 return 0;
165 }
166
167
derive_ptk(struct wlantest * wt,struct wlantest_bss * bss,struct wlantest_sta * sta,u16 ver,const u8 * data,size_t len)168 static void derive_ptk(struct wlantest *wt, struct wlantest_bss *bss,
169 struct wlantest_sta *sta, u16 ver,
170 const u8 *data, size_t len)
171 {
172 struct wlantest_pmk *pmk;
173
174 wpa_printf(MSG_DEBUG, "Trying to derive PTK for " MACSTR " (ver %u)",
175 MAC2STR(sta->addr), ver);
176 dl_list_for_each(pmk, &bss->pmk, struct wlantest_pmk, list) {
177 wpa_printf(MSG_DEBUG, "Try per-BSS PMK");
178 if (try_pmk(wt, bss, sta, ver, data, len, pmk) == 0)
179 return;
180 }
181
182 dl_list_for_each(pmk, &wt->pmk, struct wlantest_pmk, list) {
183 wpa_printf(MSG_DEBUG, "Try global PMK");
184 if (try_pmk(wt, bss, sta, ver, data, len, pmk) == 0)
185 return;
186 }
187
188 if (!sta->ptk_set) {
189 struct wlantest_ptk *ptk;
190 int prev_level = wpa_debug_level;
191
192 wpa_debug_level = MSG_WARNING;
193 dl_list_for_each(ptk, &wt->ptk, struct wlantest_ptk, list) {
194 if (check_mic(ptk->ptk.kck, ptk->ptk.kck_len,
195 sta->key_mgmt, ver, data, len) < 0)
196 continue;
197 wpa_printf(MSG_INFO, "Pre-set PTK matches for STA "
198 MACSTR " BSSID " MACSTR,
199 MAC2STR(sta->addr), MAC2STR(bss->bssid));
200 add_note(wt, MSG_DEBUG, "Using pre-set PTK");
201 ptk->ptk_len = 32 +
202 wpa_cipher_key_len(sta->pairwise_cipher);
203 os_memcpy(&sta->ptk, &ptk->ptk, sizeof(ptk->ptk));
204 wpa_hexdump(MSG_DEBUG, "PTK:KCK",
205 sta->ptk.kck, sta->ptk.kck_len);
206 wpa_hexdump(MSG_DEBUG, "PTK:KEK",
207 sta->ptk.kek, sta->ptk.kek_len);
208 wpa_hexdump(MSG_DEBUG, "PTK:TK",
209 sta->ptk.tk, sta->ptk.tk_len);
210 sta->ptk_set = 1;
211 os_memset(sta->rsc_tods, 0, sizeof(sta->rsc_tods));
212 os_memset(sta->rsc_fromds, 0, sizeof(sta->rsc_fromds));
213 }
214 wpa_debug_level = prev_level;
215 }
216
217 add_note(wt, MSG_DEBUG, "No matching PMK found to derive PTK");
218 }
219
220
elems_from_eapol_ie(struct ieee802_11_elems * elems,struct wpa_eapol_ie_parse * ie)221 static void elems_from_eapol_ie(struct ieee802_11_elems *elems,
222 struct wpa_eapol_ie_parse *ie)
223 {
224 os_memset(elems, 0, sizeof(*elems));
225 if (ie->wpa_ie) {
226 elems->wpa_ie = ie->wpa_ie + 2;
227 elems->wpa_ie_len = ie->wpa_ie_len - 2;
228 }
229 if (ie->rsn_ie) {
230 elems->rsn_ie = ie->rsn_ie + 2;
231 elems->rsn_ie_len = ie->rsn_ie_len - 2;
232 }
233 if (ie->osen) {
234 elems->osen = ie->osen + 2;
235 elems->osen_len = ie->osen_len - 2;
236 }
237 }
238
239
rx_data_eapol_key_2_of_4(struct wlantest * wt,const u8 * dst,const u8 * src,const u8 * data,size_t len)240 static void rx_data_eapol_key_2_of_4(struct wlantest *wt, const u8 *dst,
241 const u8 *src, const u8 *data, size_t len)
242 {
243 struct wlantest_bss *bss;
244 struct wlantest_sta *sta;
245 const struct ieee802_1x_hdr *eapol;
246 const struct wpa_eapol_key *hdr;
247 const u8 *key_data, *kck, *mic;
248 size_t kck_len, mic_len;
249 u16 key_info, key_data_len;
250 struct wpa_eapol_ie_parse ie;
251
252 wpa_printf(MSG_DEBUG, "EAPOL-Key 2/4 " MACSTR " -> " MACSTR,
253 MAC2STR(src), MAC2STR(dst));
254 bss = bss_get(wt, dst);
255 if (bss == NULL)
256 return;
257 sta = sta_get(bss, src);
258 if (sta == NULL)
259 return;
260
261 eapol = (const struct ieee802_1x_hdr *) data;
262 hdr = (const struct wpa_eapol_key *) (eapol + 1);
263 mic_len = wpa_mic_len(sta->key_mgmt, PMK_LEN);
264 mic = (const u8 *) (hdr + 1);
265 if (is_zero(hdr->key_nonce, WPA_NONCE_LEN)) {
266 add_note(wt, MSG_INFO, "EAPOL-Key 2/4 from " MACSTR
267 " used zero nonce", MAC2STR(src));
268 }
269 if (!is_zero(hdr->key_rsc, 8)) {
270 add_note(wt, MSG_INFO, "EAPOL-Key 2/4 from " MACSTR
271 " used non-zero Key RSC", MAC2STR(src));
272 }
273 os_memcpy(sta->snonce, hdr->key_nonce, WPA_NONCE_LEN);
274 key_info = WPA_GET_BE16(hdr->key_info);
275 key_data = mic + mic_len + 2;
276 key_data_len = WPA_GET_BE16(mic + mic_len);
277
278 if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0) {
279 add_note(wt, MSG_INFO, "Failed to parse EAPOL-Key Key Data");
280 return;
281 }
282
283 if (!sta->assocreq_seen) {
284 struct ieee802_11_elems elems;
285
286 elems_from_eapol_ie(&elems, &ie);
287 wpa_printf(MSG_DEBUG,
288 "Update STA data based on IEs in EAPOL-Key 2/4");
289 sta_update_assoc(sta, &elems);
290 }
291
292 derive_ptk(wt, bss, sta, key_info & WPA_KEY_INFO_TYPE_MASK, data, len);
293
294 if (!sta->ptk_set && !sta->tptk_set) {
295 add_note(wt, MSG_DEBUG,
296 "No PTK known to process EAPOL-Key 2/4");
297 return;
298 }
299
300 kck = sta->ptk.kck;
301 kck_len = sta->ptk.kck_len;
302 if (sta->tptk_set) {
303 add_note(wt, MSG_DEBUG,
304 "Use TPTK for validation EAPOL-Key MIC");
305 kck = sta->tptk.kck;
306 kck_len = sta->tptk.kck_len;
307 }
308 if (check_mic(kck, kck_len, sta->key_mgmt,
309 key_info & WPA_KEY_INFO_TYPE_MASK, data, len) < 0) {
310 add_note(wt, MSG_INFO, "Mismatch in EAPOL-Key 2/4 MIC");
311 return;
312 }
313 add_note(wt, MSG_DEBUG, "Valid MIC found in EAPOL-Key 2/4");
314
315 if (ie.wpa_ie) {
316 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - WPA IE",
317 ie.wpa_ie, ie.wpa_ie_len);
318 if (os_memcmp(ie.wpa_ie, sta->rsnie, ie.wpa_ie_len) != 0) {
319 add_note(wt, MSG_INFO,
320 "Mismatch in WPA IE between EAPOL-Key 2/4 "
321 "and (Re)Association Request from " MACSTR,
322 MAC2STR(sta->addr));
323 wpa_hexdump(MSG_INFO, "WPA IE in EAPOL-Key",
324 ie.wpa_ie, ie.wpa_ie_len);
325 wpa_hexdump(MSG_INFO, "WPA IE in (Re)Association "
326 "Request",
327 sta->rsnie,
328 sta->rsnie[0] ? 2 + sta->rsnie[1] : 0);
329 }
330 }
331
332 if (ie.rsn_ie) {
333 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - RSN IE",
334 ie.rsn_ie, ie.rsn_ie_len);
335 if (os_memcmp(ie.rsn_ie, sta->rsnie, ie.rsn_ie_len) != 0) {
336 add_note(wt, MSG_INFO,
337 "Mismatch in RSN IE between EAPOL-Key 2/4 "
338 "and (Re)Association Request from " MACSTR,
339 MAC2STR(sta->addr));
340 wpa_hexdump(MSG_INFO, "RSN IE in EAPOL-Key",
341 ie.rsn_ie, ie.rsn_ie_len);
342 wpa_hexdump(MSG_INFO, "RSN IE in (Re)Association "
343 "Request",
344 sta->rsnie,
345 sta->rsnie[0] ? 2 + sta->rsnie[1] : 0);
346 }
347 }
348 }
349
350
decrypt_eapol_key_data_rc4(struct wlantest * wt,const u8 * kek,const struct wpa_eapol_key * hdr,const u8 * keydata,u16 keydatalen,size_t * len)351 static u8 * decrypt_eapol_key_data_rc4(struct wlantest *wt, const u8 *kek,
352 const struct wpa_eapol_key *hdr,
353 const u8 *keydata, u16 keydatalen,
354 size_t *len)
355 {
356 u8 ek[32], *buf;
357
358 buf = os_memdup(keydata, keydatalen);
359 if (buf == NULL)
360 return NULL;
361
362 os_memcpy(ek, hdr->key_iv, 16);
363 os_memcpy(ek + 16, kek, 16);
364 if (rc4_skip(ek, 32, 256, buf, keydatalen)) {
365 add_note(wt, MSG_INFO, "RC4 failed");
366 os_free(buf);
367 return NULL;
368 }
369
370 *len = keydatalen;
371 return buf;
372 }
373
374
decrypt_eapol_key_data_aes(struct wlantest * wt,const u8 * kek,const struct wpa_eapol_key * hdr,const u8 * keydata,u16 keydatalen,size_t * len)375 static u8 * decrypt_eapol_key_data_aes(struct wlantest *wt, const u8 *kek,
376 const struct wpa_eapol_key *hdr,
377 const u8 *keydata, u16 keydatalen,
378 size_t *len)
379 {
380 u8 *buf;
381
382 if (keydatalen % 8) {
383 add_note(wt, MSG_INFO, "Unsupported AES-WRAP len %d",
384 keydatalen);
385 return NULL;
386 }
387 keydatalen -= 8; /* AES-WRAP adds 8 bytes */
388 buf = os_malloc(keydatalen);
389 if (buf == NULL)
390 return NULL;
391 if (aes_unwrap(kek, 16, keydatalen / 8, keydata, buf)) {
392 os_free(buf);
393 add_note(wt, MSG_INFO,
394 "AES unwrap failed - could not decrypt EAPOL-Key "
395 "key data");
396 return NULL;
397 }
398
399 *len = keydatalen;
400 return buf;
401 }
402
403
decrypt_eapol_key_data(struct wlantest * wt,int akmp,const u8 * kek,size_t kek_len,u16 ver,const struct wpa_eapol_key * hdr,size_t * len)404 static u8 * decrypt_eapol_key_data(struct wlantest *wt, int akmp, const u8 *kek,
405 size_t kek_len, u16 ver,
406 const struct wpa_eapol_key *hdr,
407 size_t *len)
408 {
409 size_t mic_len;
410 u16 keydatalen;
411 const u8 *mic, *keydata;
412
413 if (kek_len != 16)
414 return NULL;
415
416 mic = (const u8 *) (hdr + 1);
417 mic_len = wpa_mic_len(akmp, PMK_LEN);
418 keydata = mic + mic_len + 2;
419 keydatalen = WPA_GET_BE16(mic + mic_len);
420
421 switch (ver) {
422 case WPA_KEY_INFO_TYPE_HMAC_MD5_RC4:
423 return decrypt_eapol_key_data_rc4(wt, kek, hdr, keydata,
424 keydatalen, len);
425 case WPA_KEY_INFO_TYPE_HMAC_SHA1_AES:
426 case WPA_KEY_INFO_TYPE_AES_128_CMAC:
427 return decrypt_eapol_key_data_aes(wt, kek, hdr, keydata,
428 keydatalen, len);
429 case WPA_KEY_INFO_TYPE_AKM_DEFINED:
430 /* For now, assume this is OSEN */
431 return decrypt_eapol_key_data_aes(wt, kek, hdr, keydata,
432 keydatalen, len);
433 default:
434 add_note(wt, MSG_INFO,
435 "Unsupported EAPOL-Key Key Descriptor Version %u",
436 ver);
437 return NULL;
438 }
439 }
440
441
learn_kde_keys(struct wlantest * wt,struct wlantest_bss * bss,struct wlantest_sta * sta,const u8 * buf,size_t len,const u8 * rsc)442 static void learn_kde_keys(struct wlantest *wt, struct wlantest_bss *bss,
443 struct wlantest_sta *sta,
444 const u8 *buf, size_t len, const u8 *rsc)
445 {
446 struct wpa_eapol_ie_parse ie;
447
448 if (wpa_supplicant_parse_ies(buf, len, &ie) < 0) {
449 add_note(wt, MSG_INFO, "Failed to parse EAPOL-Key Key Data");
450 return;
451 }
452
453 if (ie.wpa_ie) {
454 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - WPA IE",
455 ie.wpa_ie, ie.wpa_ie_len);
456 }
457
458 if (ie.rsn_ie) {
459 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - RSN IE",
460 ie.rsn_ie, ie.rsn_ie_len);
461 }
462
463 if (ie.key_id)
464 add_note(wt, MSG_DEBUG, "KeyID %u", ie.key_id[0]);
465
466 if (ie.gtk) {
467 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - GTK KDE",
468 ie.gtk, ie.gtk_len);
469 if (ie.gtk_len >= 2 && ie.gtk_len <= 2 + 32) {
470 int id;
471 id = ie.gtk[0] & 0x03;
472 add_note(wt, MSG_DEBUG, "GTK KeyID=%u tx=%u",
473 id, !!(ie.gtk[0] & 0x04));
474 if ((ie.gtk[0] & 0xf8) || ie.gtk[1]) {
475 add_note(wt, MSG_INFO,
476 "GTK KDE: Reserved field set: "
477 "%02x %02x", ie.gtk[0], ie.gtk[1]);
478 }
479 wpa_hexdump(MSG_DEBUG, "GTK", ie.gtk + 2,
480 ie.gtk_len - 2);
481 bss->gtk_len[id] = ie.gtk_len - 2;
482 sta->gtk_len = ie.gtk_len - 2;
483 os_memcpy(bss->gtk[id], ie.gtk + 2, ie.gtk_len - 2);
484 os_memcpy(sta->gtk, ie.gtk + 2, ie.gtk_len - 2);
485 bss->rsc[id][0] = rsc[5];
486 bss->rsc[id][1] = rsc[4];
487 bss->rsc[id][2] = rsc[3];
488 bss->rsc[id][3] = rsc[2];
489 bss->rsc[id][4] = rsc[1];
490 bss->rsc[id][5] = rsc[0];
491 bss->gtk_idx = id;
492 sta->gtk_idx = id;
493 wpa_hexdump(MSG_DEBUG, "RSC", bss->rsc[id], 6);
494 } else {
495 add_note(wt, MSG_INFO, "Invalid GTK KDE length %u",
496 (unsigned) ie.gtk_len);
497 }
498 }
499
500 if (ie.igtk) {
501 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - IGTK KDE",
502 ie.igtk, ie.igtk_len);
503 if (ie.igtk_len == 24) {
504 u16 id;
505 id = WPA_GET_LE16(ie.igtk);
506 if (id > 5) {
507 add_note(wt, MSG_INFO,
508 "Unexpected IGTK KeyID %u", id);
509 } else {
510 const u8 *ipn;
511 add_note(wt, MSG_DEBUG, "IGTK KeyID %u", id);
512 wpa_hexdump(MSG_DEBUG, "IPN", ie.igtk + 2, 6);
513 wpa_hexdump(MSG_DEBUG, "IGTK", ie.igtk + 8,
514 16);
515 os_memcpy(bss->igtk[id], ie.igtk + 8, 16);
516 bss->igtk_len[id] = 16;
517 ipn = ie.igtk + 2;
518 bss->ipn[id][0] = ipn[5];
519 bss->ipn[id][1] = ipn[4];
520 bss->ipn[id][2] = ipn[3];
521 bss->ipn[id][3] = ipn[2];
522 bss->ipn[id][4] = ipn[1];
523 bss->ipn[id][5] = ipn[0];
524 bss->igtk_idx = id;
525 }
526 } else if (ie.igtk_len == 40) {
527 u16 id;
528 id = WPA_GET_LE16(ie.igtk);
529 if (id > 5) {
530 add_note(wt, MSG_INFO,
531 "Unexpected IGTK KeyID %u", id);
532 } else {
533 const u8 *ipn;
534 add_note(wt, MSG_DEBUG, "IGTK KeyID %u", id);
535 wpa_hexdump(MSG_DEBUG, "IPN", ie.igtk + 2, 6);
536 wpa_hexdump(MSG_DEBUG, "IGTK", ie.igtk + 8,
537 32);
538 os_memcpy(bss->igtk[id], ie.igtk + 8, 32);
539 bss->igtk_len[id] = 32;
540 ipn = ie.igtk + 2;
541 bss->ipn[id][0] = ipn[5];
542 bss->ipn[id][1] = ipn[4];
543 bss->ipn[id][2] = ipn[3];
544 bss->ipn[id][3] = ipn[2];
545 bss->ipn[id][4] = ipn[1];
546 bss->ipn[id][5] = ipn[0];
547 bss->igtk_idx = id;
548 }
549 } else {
550 add_note(wt, MSG_INFO, "Invalid IGTK KDE length %u",
551 (unsigned) ie.igtk_len);
552 }
553 }
554
555 if (ie.bigtk) {
556 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - BIGTK KDE",
557 ie.bigtk, ie.bigtk_len);
558 if (ie.bigtk_len == 24) {
559 u16 id;
560
561 id = WPA_GET_LE16(ie.bigtk);
562 if (id < 6 || id > 7) {
563 add_note(wt, MSG_INFO,
564 "Unexpected BIGTK KeyID %u", id);
565 } else {
566 const u8 *ipn;
567
568 add_note(wt, MSG_DEBUG, "BIGTK KeyID %u", id);
569 wpa_hexdump(MSG_DEBUG, "BIPN", ie.bigtk + 2, 6);
570 wpa_hexdump(MSG_DEBUG, "BIGTK", ie.bigtk + 8,
571 16);
572 os_memcpy(bss->igtk[id], ie.bigtk + 8, 16);
573 bss->igtk_len[id] = 16;
574 ipn = ie.bigtk + 2;
575 bss->ipn[id][0] = ipn[5];
576 bss->ipn[id][1] = ipn[4];
577 bss->ipn[id][2] = ipn[3];
578 bss->ipn[id][3] = ipn[2];
579 bss->ipn[id][4] = ipn[1];
580 bss->ipn[id][5] = ipn[0];
581 bss->bigtk_idx = id;
582 }
583 } else if (ie.bigtk_len == 40) {
584 u16 id;
585
586 id = WPA_GET_LE16(ie.bigtk);
587 if (id < 6 || id > 7) {
588 add_note(wt, MSG_INFO,
589 "Unexpected BIGTK KeyID %u", id);
590 } else {
591 const u8 *ipn;
592
593 add_note(wt, MSG_DEBUG, "BIGTK KeyID %u", id);
594 wpa_hexdump(MSG_DEBUG, "BIPN", ie.bigtk + 2, 6);
595 wpa_hexdump(MSG_DEBUG, "BIGTK", ie.bigtk + 8,
596 32);
597 os_memcpy(bss->igtk[id], ie.bigtk + 8, 32);
598 bss->igtk_len[id] = 32;
599 ipn = ie.bigtk + 2;
600 bss->ipn[id][0] = ipn[5];
601 bss->ipn[id][1] = ipn[4];
602 bss->ipn[id][2] = ipn[3];
603 bss->ipn[id][3] = ipn[2];
604 bss->ipn[id][4] = ipn[1];
605 bss->ipn[id][5] = ipn[0];
606 bss->bigtk_idx = id;
607 }
608 } else {
609 add_note(wt, MSG_INFO, "Invalid BIGTK KDE length %u",
610 (unsigned) ie.bigtk_len);
611 }
612 }
613 }
614
615
rx_data_eapol_key_3_of_4(struct wlantest * wt,const u8 * dst,const u8 * src,const u8 * data,size_t len)616 static void rx_data_eapol_key_3_of_4(struct wlantest *wt, const u8 *dst,
617 const u8 *src, const u8 *data, size_t len)
618 {
619 struct wlantest_bss *bss;
620 struct wlantest_sta *sta;
621 const struct ieee802_1x_hdr *eapol;
622 const struct wpa_eapol_key *hdr;
623 const u8 *key_data, *kck, *kek, *mic;
624 size_t kck_len, kek_len, mic_len;
625 int recalc = 0;
626 u16 key_info, ver;
627 u8 *decrypted_buf = NULL;
628 const u8 *decrypted;
629 size_t decrypted_len = 0;
630 struct wpa_eapol_ie_parse ie;
631 struct wpa_ie_data rsn;
632
633 wpa_printf(MSG_DEBUG, "EAPOL-Key 3/4 " MACSTR " -> " MACSTR,
634 MAC2STR(src), MAC2STR(dst));
635 bss = bss_get(wt, src);
636 if (bss == NULL)
637 return;
638 sta = sta_get(bss, dst);
639 if (sta == NULL)
640 return;
641 mic_len = wpa_mic_len(sta->key_mgmt, PMK_LEN);
642
643 eapol = (const struct ieee802_1x_hdr *) data;
644 hdr = (const struct wpa_eapol_key *) (eapol + 1);
645 mic = (const u8 *) (hdr + 1);
646 key_info = WPA_GET_BE16(hdr->key_info);
647
648 if (os_memcmp(sta->anonce, hdr->key_nonce, WPA_NONCE_LEN) != 0) {
649 add_note(wt, MSG_INFO,
650 "EAPOL-Key ANonce mismatch between 1/4 and 3/4");
651 recalc = 1;
652 }
653 os_memcpy(sta->anonce, hdr->key_nonce, WPA_NONCE_LEN);
654 if (recalc) {
655 derive_ptk(wt, bss, sta, key_info & WPA_KEY_INFO_TYPE_MASK,
656 data, len);
657 }
658
659 if (!sta->ptk_set && !sta->tptk_set) {
660 add_note(wt, MSG_DEBUG,
661 "No PTK known to process EAPOL-Key 3/4");
662 return;
663 }
664
665 kek = sta->ptk.kek;
666 kek_len = sta->ptk.kek_len;
667 kck = sta->ptk.kck;
668 kck_len = sta->ptk.kck_len;
669 if (sta->tptk_set) {
670 add_note(wt, MSG_DEBUG,
671 "Use TPTK for validation EAPOL-Key MIC");
672 kck = sta->tptk.kck;
673 kck_len = sta->tptk.kck_len;
674 kek = sta->tptk.kek;
675 kek_len = sta->tptk.kek_len;
676 }
677 if (check_mic(kck, kck_len, sta->key_mgmt,
678 key_info & WPA_KEY_INFO_TYPE_MASK, data, len) < 0) {
679 add_note(wt, MSG_INFO, "Mismatch in EAPOL-Key 3/4 MIC");
680 return;
681 }
682 add_note(wt, MSG_DEBUG, "Valid MIC found in EAPOL-Key 3/4");
683
684 key_data = mic + mic_len + 2;
685 if (!(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
686 if (sta->proto & WPA_PROTO_RSN)
687 add_note(wt, MSG_INFO,
688 "EAPOL-Key 3/4 without EncrKeyData bit");
689 decrypted = key_data;
690 decrypted_len = WPA_GET_BE16(mic + mic_len);
691 } else {
692 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
693 decrypted_buf = decrypt_eapol_key_data(wt, sta->key_mgmt,
694 kek, kek_len, ver,
695 hdr, &decrypted_len);
696 if (decrypted_buf == NULL) {
697 add_note(wt, MSG_INFO,
698 "Failed to decrypt EAPOL-Key Key Data");
699 return;
700 }
701 decrypted = decrypted_buf;
702 wpa_hexdump(MSG_DEBUG, "Decrypted EAPOL-Key Key Data",
703 decrypted, decrypted_len);
704 }
705 if ((wt->write_pcap_dumper || wt->pcapng) && decrypted != key_data) {
706 /* Fill in a stub Data frame header */
707 u8 buf[24 + 8 + sizeof(*eapol) + sizeof(*hdr) + 64];
708 struct ieee80211_hdr *h;
709 struct wpa_eapol_key *k;
710 const u8 *p;
711 u8 *pos;
712 size_t plain_len;
713
714 plain_len = decrypted_len;
715 p = decrypted;
716 while (p + 1 < decrypted + decrypted_len) {
717 if (p[0] == 0xdd && p[1] == 0x00) {
718 /* Remove padding */
719 plain_len = p - decrypted;
720 p = NULL;
721 break;
722 }
723 p += 2 + p[1];
724 }
725 if (p && p > decrypted && p + 1 == decrypted + decrypted_len &&
726 *p == 0xdd) {
727 /* Remove padding */
728 plain_len = p - decrypted;
729 }
730
731 os_memset(buf, 0, sizeof(buf));
732 h = (struct ieee80211_hdr *) buf;
733 h->frame_control = host_to_le16(0x0208);
734 os_memcpy(h->addr1, dst, ETH_ALEN);
735 os_memcpy(h->addr2, src, ETH_ALEN);
736 os_memcpy(h->addr3, src, ETH_ALEN);
737 pos = (u8 *) (h + 1);
738 os_memcpy(pos, "\xaa\xaa\x03\x00\x00\x00\x88\x8e", 8);
739 pos += 8;
740 os_memcpy(pos, eapol, sizeof(*eapol));
741 pos += sizeof(*eapol);
742 os_memcpy(pos, hdr, sizeof(*hdr) + mic_len);
743 k = (struct wpa_eapol_key *) pos;
744 pos += sizeof(struct wpa_eapol_key) + mic_len;
745 WPA_PUT_BE16(k->key_info,
746 key_info & ~WPA_KEY_INFO_ENCR_KEY_DATA);
747 WPA_PUT_BE16(pos, plain_len);
748 write_pcap_decrypted(wt, buf, 24 + 8 + sizeof(*eapol) +
749 sizeof(*hdr) + mic_len + 2,
750 decrypted, plain_len);
751 }
752
753 if (wpa_supplicant_parse_ies(decrypted, decrypted_len, &ie) < 0) {
754 add_note(wt, MSG_INFO, "Failed to parse EAPOL-Key Key Data");
755 os_free(decrypted_buf);
756 return;
757 }
758
759 if (!bss->ies_set) {
760 struct ieee802_11_elems elems;
761
762 elems_from_eapol_ie(&elems, &ie);
763 wpa_printf(MSG_DEBUG,
764 "Update BSS data based on IEs in EAPOL-Key 3/4");
765 bss_update(wt, bss, &elems, 0);
766 }
767
768 if ((ie.wpa_ie &&
769 os_memcmp(ie.wpa_ie, bss->wpaie, ie.wpa_ie_len) != 0) ||
770 (ie.wpa_ie == NULL && bss->wpaie[0])) {
771 add_note(wt, MSG_INFO,
772 "Mismatch in WPA IE between EAPOL-Key 3/4 and "
773 "Beacon/Probe Response from " MACSTR,
774 MAC2STR(bss->bssid));
775 wpa_hexdump(MSG_INFO, "WPA IE in EAPOL-Key",
776 ie.wpa_ie, ie.wpa_ie_len);
777 wpa_hexdump(MSG_INFO, "WPA IE in Beacon/Probe "
778 "Response",
779 bss->wpaie,
780 bss->wpaie[0] ? 2 + bss->wpaie[1] : 0);
781 }
782
783 if ((ie.rsn_ie &&
784 wpa_compare_rsn_ie(wpa_key_mgmt_ft(sta->key_mgmt),
785 ie.rsn_ie, ie.rsn_ie_len,
786 bss->rsnie, 2 + bss->rsnie[1])) ||
787 (ie.rsn_ie == NULL && bss->rsnie[0])) {
788 add_note(wt, MSG_INFO, "Mismatch in RSN IE between EAPOL-Key "
789 "3/4 and Beacon/Probe Response from " MACSTR,
790 MAC2STR(bss->bssid));
791 wpa_hexdump(MSG_INFO, "RSN IE in EAPOL-Key",
792 ie.rsn_ie, ie.rsn_ie_len);
793 wpa_hexdump(MSG_INFO, "RSN IE in Beacon/Probe Response",
794 bss->rsnie,
795 bss->rsnie[0] ? 2 + bss->rsnie[1] : 0);
796 }
797
798 if (wpa_key_mgmt_ft(sta->key_mgmt) &&
799 (wpa_parse_wpa_ie_rsn(ie.rsn_ie, ie.rsn_ie_len, &rsn) < 0 ||
800 rsn.num_pmkid != 1 || !rsn.pmkid ||
801 os_memcmp_const(rsn.pmkid, sta->pmk_r1_name,
802 WPA_PMK_NAME_LEN) != 0))
803 add_note(wt, MSG_INFO,
804 "FT: No matching PMKR1Name in FT 4-way handshake message 3/4");
805
806 /* TODO: validate MDE and FTE match */
807
808 learn_kde_keys(wt, bss, sta, decrypted, decrypted_len, hdr->key_rsc);
809 os_free(decrypted_buf);
810 }
811
812
rx_data_eapol_key_4_of_4(struct wlantest * wt,const u8 * dst,const u8 * src,const u8 * data,size_t len)813 static void rx_data_eapol_key_4_of_4(struct wlantest *wt, const u8 *dst,
814 const u8 *src, const u8 *data, size_t len)
815 {
816 struct wlantest_bss *bss;
817 struct wlantest_sta *sta;
818 const struct ieee802_1x_hdr *eapol;
819 const struct wpa_eapol_key *hdr;
820 u16 key_info;
821 const u8 *kck;
822 size_t kck_len;
823
824 wpa_printf(MSG_DEBUG, "EAPOL-Key 4/4 " MACSTR " -> " MACSTR,
825 MAC2STR(src), MAC2STR(dst));
826 bss = bss_get(wt, dst);
827 if (bss == NULL)
828 return;
829 sta = sta_get(bss, src);
830 if (sta == NULL)
831 return;
832
833 eapol = (const struct ieee802_1x_hdr *) data;
834 hdr = (const struct wpa_eapol_key *) (eapol + 1);
835 if (!is_zero(hdr->key_rsc, 8)) {
836 add_note(wt, MSG_INFO, "EAPOL-Key 4/4 from " MACSTR " used "
837 "non-zero Key RSC", MAC2STR(src));
838 }
839 key_info = WPA_GET_BE16(hdr->key_info);
840
841 if (!sta->ptk_set && !sta->tptk_set) {
842 add_note(wt, MSG_DEBUG,
843 "No PTK known to process EAPOL-Key 4/4");
844 return;
845 }
846
847 kck = sta->ptk.kck;
848 kck_len = sta->ptk.kck_len;
849 if (sta->tptk_set) {
850 add_note(wt, MSG_DEBUG,
851 "Use TPTK for validation EAPOL-Key MIC");
852 kck = sta->tptk.kck;
853 kck_len = sta->tptk.kck_len;
854 }
855 if (check_mic(kck, kck_len, sta->key_mgmt,
856 key_info & WPA_KEY_INFO_TYPE_MASK, data, len) < 0) {
857 add_note(wt, MSG_INFO, "Mismatch in EAPOL-Key 4/4 MIC");
858 return;
859 }
860 add_note(wt, MSG_DEBUG, "Valid MIC found in EAPOL-Key 4/4");
861 if (sta->tptk_set) {
862 add_note(wt, MSG_DEBUG, "Update PTK (rekeying)");
863 os_memcpy(&sta->ptk, &sta->tptk, sizeof(sta->ptk));
864 sta->ptk_set = 1;
865 sta->tptk_set = 0;
866 os_memset(sta->rsc_tods, 0, sizeof(sta->rsc_tods));
867 os_memset(sta->rsc_fromds, 0, sizeof(sta->rsc_fromds));
868 }
869 }
870
871
rx_data_eapol_key_1_of_2(struct wlantest * wt,const u8 * dst,const u8 * src,const u8 * data,size_t len)872 static void rx_data_eapol_key_1_of_2(struct wlantest *wt, const u8 *dst,
873 const u8 *src, const u8 *data, size_t len)
874 {
875 struct wlantest_bss *bss;
876 struct wlantest_sta *sta;
877 const struct ieee802_1x_hdr *eapol;
878 const struct wpa_eapol_key *hdr;
879 u16 key_info, ver;
880 u8 *decrypted;
881 size_t decrypted_len = 0;
882 size_t mic_len;
883
884 wpa_printf(MSG_DEBUG, "EAPOL-Key 1/2 " MACSTR " -> " MACSTR,
885 MAC2STR(src), MAC2STR(dst));
886 bss = bss_get(wt, src);
887 if (bss == NULL)
888 return;
889 sta = sta_get(bss, dst);
890 if (sta == NULL)
891 return;
892 mic_len = wpa_mic_len(sta->key_mgmt, PMK_LEN);
893
894 eapol = (const struct ieee802_1x_hdr *) data;
895 hdr = (const struct wpa_eapol_key *) (eapol + 1);
896 key_info = WPA_GET_BE16(hdr->key_info);
897
898 if (!sta->ptk_set) {
899 add_note(wt, MSG_DEBUG,
900 "No PTK known to process EAPOL-Key 1/2");
901 return;
902 }
903
904 if (sta->ptk_set &&
905 check_mic(sta->ptk.kck, sta->ptk.kck_len, sta->key_mgmt,
906 key_info & WPA_KEY_INFO_TYPE_MASK,
907 data, len) < 0) {
908 add_note(wt, MSG_INFO, "Mismatch in EAPOL-Key 1/2 MIC");
909 return;
910 }
911 add_note(wt, MSG_DEBUG, "Valid MIC found in EAPOL-Key 1/2");
912
913 if (sta->proto & WPA_PROTO_RSN &&
914 !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
915 add_note(wt, MSG_INFO, "EAPOL-Key 1/2 without EncrKeyData bit");
916 return;
917 }
918 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
919 decrypted = decrypt_eapol_key_data(wt, sta->key_mgmt,
920 sta->ptk.kek, sta->ptk.kek_len,
921 ver, hdr, &decrypted_len);
922 if (decrypted == NULL) {
923 add_note(wt, MSG_INFO, "Failed to decrypt EAPOL-Key Key Data");
924 return;
925 }
926 wpa_hexdump(MSG_DEBUG, "Decrypted EAPOL-Key Key Data",
927 decrypted, decrypted_len);
928 if (wt->write_pcap_dumper || wt->pcapng) {
929 /* Fill in a stub Data frame header */
930 u8 buf[24 + 8 + sizeof(*eapol) + sizeof(*hdr) + 64];
931 struct ieee80211_hdr *h;
932 struct wpa_eapol_key *k;
933 u8 *pos;
934 size_t plain_len;
935
936 plain_len = decrypted_len;
937 pos = decrypted;
938 while (pos + 1 < decrypted + decrypted_len) {
939 if (pos[0] == 0xdd && pos[1] == 0x00) {
940 /* Remove padding */
941 plain_len = pos - decrypted;
942 break;
943 }
944 pos += 2 + pos[1];
945 }
946
947 os_memset(buf, 0, sizeof(buf));
948 h = (struct ieee80211_hdr *) buf;
949 h->frame_control = host_to_le16(0x0208);
950 os_memcpy(h->addr1, dst, ETH_ALEN);
951 os_memcpy(h->addr2, src, ETH_ALEN);
952 os_memcpy(h->addr3, src, ETH_ALEN);
953 pos = (u8 *) (h + 1);
954 os_memcpy(pos, "\xaa\xaa\x03\x00\x00\x00\x88\x8e", 8);
955 pos += 8;
956 os_memcpy(pos, eapol, sizeof(*eapol));
957 pos += sizeof(*eapol);
958 os_memcpy(pos, hdr, sizeof(*hdr) + mic_len);
959 k = (struct wpa_eapol_key *) pos;
960 pos += sizeof(struct wpa_eapol_key) + mic_len;
961 WPA_PUT_BE16(k->key_info,
962 key_info & ~WPA_KEY_INFO_ENCR_KEY_DATA);
963 WPA_PUT_BE16(pos, plain_len);
964 write_pcap_decrypted(wt, buf, 24 + 8 + sizeof(*eapol) +
965 sizeof(*hdr) + mic_len + 2,
966 decrypted, plain_len);
967 }
968 if (sta->proto & WPA_PROTO_RSN)
969 learn_kde_keys(wt, bss, sta, decrypted, decrypted_len,
970 hdr->key_rsc);
971 else {
972 int klen = bss->group_cipher == WPA_CIPHER_TKIP ? 32 : 16;
973 if (decrypted_len == klen) {
974 const u8 *rsc = hdr->key_rsc;
975 int id;
976 id = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
977 WPA_KEY_INFO_KEY_INDEX_SHIFT;
978 add_note(wt, MSG_DEBUG, "GTK key index %d", id);
979 wpa_hexdump(MSG_DEBUG, "GTK", decrypted,
980 decrypted_len);
981 bss->gtk_len[id] = decrypted_len;
982 os_memcpy(bss->gtk[id], decrypted, decrypted_len);
983 bss->rsc[id][0] = rsc[5];
984 bss->rsc[id][1] = rsc[4];
985 bss->rsc[id][2] = rsc[3];
986 bss->rsc[id][3] = rsc[2];
987 bss->rsc[id][4] = rsc[1];
988 bss->rsc[id][5] = rsc[0];
989 wpa_hexdump(MSG_DEBUG, "RSC", bss->rsc[id], 6);
990 } else {
991 add_note(wt, MSG_INFO, "Unexpected WPA Key Data length "
992 "in Group Key msg 1/2 from " MACSTR,
993 MAC2STR(src));
994 }
995 }
996 os_free(decrypted);
997 }
998
999
rx_data_eapol_key_2_of_2(struct wlantest * wt,const u8 * dst,const u8 * src,const u8 * data,size_t len)1000 static void rx_data_eapol_key_2_of_2(struct wlantest *wt, const u8 *dst,
1001 const u8 *src, const u8 *data, size_t len)
1002 {
1003 struct wlantest_bss *bss;
1004 struct wlantest_sta *sta;
1005 const struct ieee802_1x_hdr *eapol;
1006 const struct wpa_eapol_key *hdr;
1007 u16 key_info;
1008
1009 wpa_printf(MSG_DEBUG, "EAPOL-Key 2/2 " MACSTR " -> " MACSTR,
1010 MAC2STR(src), MAC2STR(dst));
1011 bss = bss_get(wt, dst);
1012 if (bss == NULL)
1013 return;
1014 sta = sta_get(bss, src);
1015 if (sta == NULL)
1016 return;
1017
1018 eapol = (const struct ieee802_1x_hdr *) data;
1019 hdr = (const struct wpa_eapol_key *) (eapol + 1);
1020 if (!is_zero(hdr->key_rsc, 8)) {
1021 add_note(wt, MSG_INFO, "EAPOL-Key 2/2 from " MACSTR " used "
1022 "non-zero Key RSC", MAC2STR(src));
1023 }
1024 key_info = WPA_GET_BE16(hdr->key_info);
1025
1026 if (!sta->ptk_set) {
1027 add_note(wt, MSG_DEBUG,
1028 "No PTK known to process EAPOL-Key 2/2");
1029 return;
1030 }
1031
1032 if (sta->ptk_set &&
1033 check_mic(sta->ptk.kck, sta->ptk.kck_len, sta->key_mgmt,
1034 key_info & WPA_KEY_INFO_TYPE_MASK,
1035 data, len) < 0) {
1036 add_note(wt, MSG_INFO, "Mismatch in EAPOL-Key 2/2 MIC");
1037 return;
1038 }
1039 add_note(wt, MSG_DEBUG, "Valid MIC found in EAPOL-Key 2/2");
1040 }
1041
1042
rx_data_eapol_key(struct wlantest * wt,const u8 * bssid,const u8 * sta_addr,const u8 * dst,const u8 * src,const u8 * data,size_t len,int prot)1043 static void rx_data_eapol_key(struct wlantest *wt, const u8 *bssid,
1044 const u8 *sta_addr, const u8 *dst,
1045 const u8 *src, const u8 *data, size_t len,
1046 int prot)
1047 {
1048 const struct ieee802_1x_hdr *eapol;
1049 const struct wpa_eapol_key *hdr;
1050 const u8 *key_data;
1051 u16 key_info, key_length, ver, key_data_length;
1052 size_t mic_len = 16;
1053 const u8 *mic;
1054 struct wlantest_bss *bss;
1055 struct wlantest_sta *sta;
1056
1057 bss = bss_get(wt, bssid);
1058 if (bss) {
1059 if (sta_addr)
1060 sta = sta_get(bss, sta_addr);
1061 else
1062 sta = NULL;
1063 if (sta)
1064 mic_len = wpa_mic_len(sta->key_mgmt, PMK_LEN);
1065 }
1066
1067 eapol = (const struct ieee802_1x_hdr *) data;
1068 hdr = (const struct wpa_eapol_key *) (eapol + 1);
1069
1070 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key",
1071 (const u8 *) hdr, len - sizeof(*eapol));
1072 if (len < sizeof(*hdr) + mic_len + 2) {
1073 add_note(wt, MSG_INFO, "Too short EAPOL-Key frame from " MACSTR,
1074 MAC2STR(src));
1075 return;
1076 }
1077 mic = (const u8 *) (hdr + 1);
1078
1079 if (hdr->type == EAPOL_KEY_TYPE_RC4) {
1080 /* TODO: EAPOL-Key RC4 for WEP */
1081 wpa_printf(MSG_INFO, "EAPOL-Key Descriptor Type RC4 from "
1082 MACSTR, MAC2STR(src));
1083 return;
1084 }
1085
1086 if (hdr->type != EAPOL_KEY_TYPE_RSN &&
1087 hdr->type != EAPOL_KEY_TYPE_WPA) {
1088 wpa_printf(MSG_INFO, "Unsupported EAPOL-Key Descriptor Type "
1089 "%u from " MACSTR, hdr->type, MAC2STR(src));
1090 return;
1091 }
1092
1093 key_info = WPA_GET_BE16(hdr->key_info);
1094 key_length = WPA_GET_BE16(hdr->key_length);
1095 key_data_length = WPA_GET_BE16(mic + mic_len);
1096 key_data = mic + mic_len + 2;
1097 if (key_data + key_data_length > data + len) {
1098 add_note(wt, MSG_INFO, "Truncated EAPOL-Key from " MACSTR,
1099 MAC2STR(src));
1100 return;
1101 }
1102 if (key_data + key_data_length < data + len) {
1103 wpa_hexdump(MSG_DEBUG, "Extra data after EAPOL-Key Key Data "
1104 "field", key_data + key_data_length,
1105 data + len - key_data - key_data_length);
1106 }
1107
1108
1109 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
1110 wpa_printf(MSG_DEBUG, "EAPOL-Key ver=%u %c idx=%u%s%s%s%s%s%s%s%s "
1111 "datalen=%u",
1112 ver, key_info & WPA_KEY_INFO_KEY_TYPE ? 'P' : 'G',
1113 (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
1114 WPA_KEY_INFO_KEY_INDEX_SHIFT,
1115 (key_info & WPA_KEY_INFO_INSTALL) ? " Install" : "",
1116 (key_info & WPA_KEY_INFO_ACK) ? " ACK" : "",
1117 (key_info & WPA_KEY_INFO_MIC) ? " MIC" : "",
1118 (key_info & WPA_KEY_INFO_SECURE) ? " Secure" : "",
1119 (key_info & WPA_KEY_INFO_ERROR) ? " Error" : "",
1120 (key_info & WPA_KEY_INFO_REQUEST) ? " Request" : "",
1121 (key_info & WPA_KEY_INFO_ENCR_KEY_DATA) ? " Encr" : "",
1122 (key_info & WPA_KEY_INFO_SMK_MESSAGE) ? " SMK" : "",
1123 key_data_length);
1124
1125 if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
1126 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES &&
1127 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC &&
1128 ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
1129 wpa_printf(MSG_INFO, "Unsupported EAPOL-Key Key Descriptor "
1130 "Version %u from " MACSTR, ver, MAC2STR(src));
1131 return;
1132 }
1133
1134 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Replay Counter",
1135 hdr->replay_counter, WPA_REPLAY_COUNTER_LEN);
1136 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Nonce",
1137 hdr->key_nonce, WPA_NONCE_LEN);
1138 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key IV",
1139 hdr->key_iv, 16);
1140 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key RSC",
1141 hdr->key_rsc, WPA_KEY_RSC_LEN);
1142 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key MIC",
1143 mic, mic_len);
1144 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data",
1145 key_data, key_data_length);
1146
1147 if (hdr->type == EAPOL_KEY_TYPE_RSN &&
1148 (key_info & (WPA_KEY_INFO_KEY_INDEX_MASK | BIT(14) | BIT(15))) !=
1149 0) {
1150 wpa_printf(MSG_INFO, "RSN EAPOL-Key with non-zero reserved "
1151 "Key Info bits 0x%x from " MACSTR,
1152 key_info, MAC2STR(src));
1153 }
1154
1155 if (hdr->type == EAPOL_KEY_TYPE_WPA &&
1156 (key_info & (WPA_KEY_INFO_ENCR_KEY_DATA |
1157 WPA_KEY_INFO_SMK_MESSAGE |BIT(14) | BIT(15))) != 0) {
1158 wpa_printf(MSG_INFO, "WPA EAPOL-Key with non-zero reserved "
1159 "Key Info bits 0x%x from " MACSTR,
1160 key_info, MAC2STR(src));
1161 }
1162
1163 if (key_length > 32) {
1164 wpa_printf(MSG_INFO, "EAPOL-Key with invalid Key Length %d "
1165 "from " MACSTR, key_length, MAC2STR(src));
1166 }
1167
1168 if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
1169 !is_zero(hdr->key_iv, 16)) {
1170 wpa_printf(MSG_INFO, "EAPOL-Key with non-zero Key IV "
1171 "(reserved with ver=%d) field from " MACSTR,
1172 ver, MAC2STR(src));
1173 wpa_hexdump(MSG_INFO, "EAPOL-Key Key IV (reserved)",
1174 hdr->key_iv, 16);
1175 }
1176
1177 if (!is_zero(hdr->key_id, 8)) {
1178 wpa_printf(MSG_INFO, "EAPOL-Key with non-zero Key ID "
1179 "(reserved) field from " MACSTR, MAC2STR(src));
1180 wpa_hexdump(MSG_INFO, "EAPOL-Key Key ID (reserved)",
1181 hdr->key_id, 8);
1182 }
1183
1184 if (hdr->key_rsc[6] || hdr->key_rsc[7]) {
1185 wpa_printf(MSG_INFO, "EAPOL-Key with non-zero Key RSC octets "
1186 "(last two are unused)" MACSTR, MAC2STR(src));
1187 }
1188
1189 if (key_info & (WPA_KEY_INFO_ERROR | WPA_KEY_INFO_REQUEST))
1190 return;
1191
1192 if (key_info & WPA_KEY_INFO_SMK_MESSAGE)
1193 return;
1194
1195 if (key_info & WPA_KEY_INFO_KEY_TYPE) {
1196 /* 4-Way Handshake */
1197 switch (key_info & (WPA_KEY_INFO_SECURE |
1198 WPA_KEY_INFO_MIC |
1199 WPA_KEY_INFO_ACK |
1200 WPA_KEY_INFO_INSTALL)) {
1201 case WPA_KEY_INFO_ACK:
1202 rx_data_eapol_key_1_of_4(wt, dst, src, data, len);
1203 break;
1204 case WPA_KEY_INFO_MIC:
1205 if (key_data_length == 0)
1206 rx_data_eapol_key_4_of_4(wt, dst, src, data,
1207 len);
1208 else
1209 rx_data_eapol_key_2_of_4(wt, dst, src, data,
1210 len);
1211 break;
1212 case WPA_KEY_INFO_MIC | WPA_KEY_INFO_ACK |
1213 WPA_KEY_INFO_INSTALL:
1214 /* WPA does not include Secure bit in 3/4 */
1215 rx_data_eapol_key_3_of_4(wt, dst, src, data, len);
1216 break;
1217 case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
1218 WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL:
1219 case WPA_KEY_INFO_SECURE |
1220 WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL:
1221 rx_data_eapol_key_3_of_4(wt, dst, src, data, len);
1222 break;
1223 case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC:
1224 case WPA_KEY_INFO_SECURE:
1225 if (key_data_length == 0)
1226 rx_data_eapol_key_4_of_4(wt, dst, src, data,
1227 len);
1228 else
1229 rx_data_eapol_key_2_of_4(wt, dst, src, data,
1230 len);
1231 break;
1232 default:
1233 wpa_printf(MSG_DEBUG, "Unsupported EAPOL-Key frame");
1234 break;
1235 }
1236 } else {
1237 /* Group Key Handshake */
1238 switch (key_info & (WPA_KEY_INFO_SECURE |
1239 WPA_KEY_INFO_MIC |
1240 WPA_KEY_INFO_ACK)) {
1241 case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
1242 WPA_KEY_INFO_ACK:
1243 case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_ACK:
1244 rx_data_eapol_key_1_of_2(wt, dst, src, data, len);
1245 break;
1246 case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC:
1247 case WPA_KEY_INFO_SECURE:
1248 rx_data_eapol_key_2_of_2(wt, dst, src, data, len);
1249 break;
1250 default:
1251 wpa_printf(MSG_DEBUG, "Unsupported EAPOL-Key frame");
1252 break;
1253 }
1254 }
1255 }
1256
1257
rx_data_eapol(struct wlantest * wt,const u8 * bssid,const u8 * sta_addr,const u8 * dst,const u8 * src,const u8 * data,size_t len,int prot)1258 void rx_data_eapol(struct wlantest *wt, const u8 *bssid, const u8 *sta_addr,
1259 const u8 *dst, const u8 *src,
1260 const u8 *data, size_t len, int prot)
1261 {
1262 const struct ieee802_1x_hdr *hdr;
1263 u16 length;
1264 const u8 *p;
1265
1266 wpa_hexdump(MSG_EXCESSIVE, "EAPOL", data, len);
1267 if (len < sizeof(*hdr)) {
1268 wpa_printf(MSG_INFO, "Too short EAPOL frame from " MACSTR,
1269 MAC2STR(src));
1270 return;
1271 }
1272
1273 hdr = (const struct ieee802_1x_hdr *) data;
1274 length = be_to_host16(hdr->length);
1275 wpa_printf(MSG_DEBUG, "RX EAPOL: " MACSTR " -> " MACSTR "%s ver=%u "
1276 "type=%u len=%u",
1277 MAC2STR(src), MAC2STR(dst), prot ? " Prot" : "",
1278 hdr->version, hdr->type, length);
1279 if (hdr->version < 1 || hdr->version > 3) {
1280 wpa_printf(MSG_INFO, "Unexpected EAPOL version %u from "
1281 MACSTR, hdr->version, MAC2STR(src));
1282 }
1283 if (sizeof(*hdr) + length > len) {
1284 wpa_printf(MSG_INFO, "Truncated EAPOL frame from " MACSTR,
1285 MAC2STR(src));
1286 return;
1287 }
1288
1289 if (sizeof(*hdr) + length < len) {
1290 wpa_printf(MSG_INFO, "EAPOL frame with %d extra bytes",
1291 (int) (len - sizeof(*hdr) - length));
1292 }
1293 p = (const u8 *) (hdr + 1);
1294
1295 switch (hdr->type) {
1296 case IEEE802_1X_TYPE_EAP_PACKET:
1297 wpa_hexdump(MSG_MSGDUMP, "EAPOL - EAP packet", p, length);
1298 break;
1299 case IEEE802_1X_TYPE_EAPOL_START:
1300 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Start", p, length);
1301 break;
1302 case IEEE802_1X_TYPE_EAPOL_LOGOFF:
1303 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Logoff", p, length);
1304 break;
1305 case IEEE802_1X_TYPE_EAPOL_KEY:
1306 rx_data_eapol_key(wt, bssid, sta_addr, dst, src, data,
1307 sizeof(*hdr) + length, prot);
1308 break;
1309 case IEEE802_1X_TYPE_EAPOL_ENCAPSULATED_ASF_ALERT:
1310 wpa_hexdump(MSG_MSGDUMP, "EAPOL - Encapsulated ASF alert",
1311 p, length);
1312 break;
1313 default:
1314 wpa_hexdump(MSG_MSGDUMP, "Unknown EAPOL payload", p, length);
1315 break;
1316 }
1317 }
1318
