1 /*
2 * Received Data frame processing for EAPOL messages
3 * Copyright (c) 2010-2020, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #include "utils/common.h"
12 #include "crypto/aes_wrap.h"
13 #include "crypto/crypto.h"
14 #include "common/defs.h"
15 #include "common/ieee802_11_defs.h"
16 #include "common/ieee802_11_common.h"
17 #include "common/eapol_common.h"
18 #include "common/wpa_common.h"
19 #include "rsn_supp/wpa_ie.h"
20 #include "wlantest.h"
21
22
is_zero(const u8 * buf,size_t len)23 static int is_zero(const u8 *buf, size_t len)
24 {
25 size_t i;
26 for (i = 0; i < len; i++) {
27 if (buf[i])
28 return 0;
29 }
30 return 1;
31 }
32
33
determine_mic_len(struct wlantest_sta * sta)34 static size_t determine_mic_len(struct wlantest_sta *sta)
35 {
36 size_t pmk_len = PMK_LEN;
37 int group = 0;
38
39 if (sta && wpa_key_mgmt_sae_ext_key(sta->key_mgmt))
40 group = sta->sae_group;
41 else if (sta && sta->key_mgmt == WPA_KEY_MGMT_OWE)
42 group = sta->owe_group;
43
44 switch (group) {
45 case 20:
46 pmk_len = 48;
47 break;
48 case 21:
49 pmk_len = 64;
50 break;
51 }
52
53 return wpa_mic_len(sta->key_mgmt, pmk_len);
54 }
55
56
check_mic(struct wlantest_sta * sta,const u8 * kck,size_t kck_len,int ver,const u8 * data,size_t len)57 static int check_mic(struct wlantest_sta *sta, const u8 *kck, size_t kck_len,
58 int ver, const u8 *data, size_t len)
59 {
60 u8 *buf;
61 int ret = -1;
62 struct ieee802_1x_hdr *hdr;
63 struct wpa_eapol_key *key;
64 u8 rx_mic[WPA_EAPOL_KEY_MIC_MAX_LEN];
65 size_t mic_len = determine_mic_len(sta);
66
67 buf = os_memdup(data, len);
68 if (buf == NULL)
69 return -1;
70 hdr = (struct ieee802_1x_hdr *) buf;
71 key = (struct wpa_eapol_key *) (hdr + 1);
72
73 os_memcpy(rx_mic, key + 1, mic_len);
74 os_memset(key + 1, 0, mic_len);
75
76 if (wpa_eapol_key_mic(kck, kck_len, sta->key_mgmt, ver, buf, len,
77 (u8 *) (key + 1)) == 0 &&
78 os_memcmp(rx_mic, key + 1, mic_len) == 0)
79 ret = 0;
80
81 os_free(buf);
82
83 return ret;
84 }
85
86
rx_data_eapol_key_1_of_4(struct wlantest * wt,const u8 * dst,const u8 * src,const u8 * bssid,const u8 * data,size_t len)87 static void rx_data_eapol_key_1_of_4(struct wlantest *wt, const u8 *dst,
88 const u8 *src, const u8 *bssid,
89 const u8 *data, size_t len)
90 {
91 struct wlantest_bss *bss, *bss_mld;
92 struct wlantest_sta *sta;
93 const struct ieee802_1x_hdr *eapol;
94 const struct wpa_eapol_key *hdr;
95 const u8 *key_data, *mic;
96 size_t mic_len, left;
97 u16 key_data_len;
98 struct wpa_eapol_ie_parse ie;
99
100 wpa_printf(MSG_DEBUG, "EAPOL-Key 1/4 " MACSTR " -> " MACSTR " (BSSID "
101 MACSTR ")",
102 MAC2STR(src), MAC2STR(dst), MAC2STR(bssid));
103 if (ether_addr_equal(src, bssid)) {
104 bss = bss_get(wt, src);
105 } else {
106 bss = bss_find(wt, bssid);
107 bss_mld = bss_find(wt, src);
108 if (bss_mld && (!bss || sta_find(bss_mld, src)))
109 bss = bss_get(wt, src);
110 else
111 bss = bss_get(wt, bssid);
112 }
113 if (bss == NULL)
114 return;
115 sta = sta_get(bss, dst);
116 if (sta == NULL)
117 return;
118
119 eapol = (const struct ieee802_1x_hdr *) data;
120 hdr = (const struct wpa_eapol_key *) (eapol + 1);
121 left = len - sizeof(*hdr);
122 mic_len = determine_mic_len(sta);
123 if (mic_len > left) {
124 add_note(wt, MSG_INFO, "EAPOL-Key 1/4 from " MACSTR
125 " has a truncated MIC field", MAC2STR(src));
126 return;
127 }
128 left -= mic_len;
129 mic = (const u8 *) (hdr + 1);
130 if (is_zero(hdr->key_nonce, WPA_NONCE_LEN)) {
131 add_note(wt, MSG_INFO, "EAPOL-Key 1/4 from " MACSTR
132 " used zero nonce", MAC2STR(src));
133 }
134 if (!is_zero(hdr->key_rsc, 8)) {
135 add_note(wt, MSG_INFO, "EAPOL-Key 1/4 from " MACSTR
136 " used non-zero Key RSC", MAC2STR(src));
137 }
138 os_memcpy(sta->anonce, hdr->key_nonce, WPA_NONCE_LEN);
139 if (left < 2) {
140 add_note(wt, MSG_INFO, "EAPOL-Key 1/4 from " MACSTR
141 " has a truncated Key Data Length field",
142 MAC2STR(src));
143 return;
144 }
145 left -= 2;
146 key_data = mic + mic_len + 2;
147 key_data_len = WPA_GET_BE16(mic + mic_len);
148 if (key_data_len > left) {
149 add_note(wt, MSG_INFO, "EAPOL-Key 1/4 from " MACSTR
150 " has a truncated Key Data field",
151 MAC2STR(src));
152 return;
153 }
154
155 if (wpa_parse_kde_ies(key_data, key_data_len, &ie) < 0) {
156 add_note(wt, MSG_INFO, "Failed to parse EAPOL-Key Key Data");
157 return;
158 }
159
160 if (ie.mac_addr) {
161 if (is_zero_ether_addr(bss->mld_mac_addr)) {
162 wpa_printf(MSG_DEBUG,
163 "Learned AP MLD MAC Address from EAPOL-Key 1/4: "
164 MACSTR, MAC2STR(ie.mac_addr));
165 } else if (!ether_addr_equal(bss->mld_mac_addr, ie.mac_addr)) {
166 wpa_printf(MSG_DEBUG,
167 "Updated AP MLD MAC Address from EAPOL-Key 1/4: "
168 MACSTR " --> " MACSTR,
169 MAC2STR(bss->mld_mac_addr),
170 MAC2STR(ie.mac_addr));
171 }
172 os_memcpy(bss->mld_mac_addr, ie.mac_addr, ETH_ALEN);
173 }
174 }
175
176
try_pmk(struct wlantest * wt,struct wlantest_bss * bss,struct wlantest_sta * sta,u16 ver,const u8 * data,size_t len,struct wlantest_pmk * pmk)177 static int try_pmk(struct wlantest *wt, struct wlantest_bss *bss,
178 struct wlantest_sta *sta, u16 ver,
179 const u8 *data, size_t len,
180 struct wlantest_pmk *pmk)
181 {
182 struct wpa_ptk ptk;
183 const u8 *sa, *aa;
184 bool mlo;
185 size_t kdk_len;
186 const u8 *rsnxe;
187 size_t rsnxe_len;
188
189 mlo = !is_zero_ether_addr(sta->mld_mac_addr) &&
190 !is_zero_ether_addr(bss->mld_mac_addr);
191 sa = mlo ? sta->mld_mac_addr : sta->addr;
192 aa = mlo ? bss->mld_mac_addr : bss->bssid;
193
194 if ((sta->rsn_selection == RSN_SELECTION_RSNE_OVERRIDE ||
195 sta->rsn_selection == RSN_SELECTION_RSNE_OVERRIDE_2) &&
196 bss->rsnxoe_len) {
197 rsnxe = bss->rsnxoe;
198 rsnxe_len = bss->rsnxoe_len;
199 } else {
200 rsnxe = bss->rsnxe;
201 rsnxe_len = bss->rsnxe_len;
202 }
203 if (ieee802_11_rsnx_capab_len(rsnxe, rsnxe_len,
204 WLAN_RSNX_CAPAB_SECURE_LTF) &&
205 ieee802_11_rsnx_capab_len(sta->rsnxe, sta->rsnxe_len,
206 WLAN_RSNX_CAPAB_SECURE_LTF))
207 kdk_len = WPA_KDK_MAX_LEN;
208 else
209 kdk_len = 0;
210
211 if (wpa_key_mgmt_ft(sta->key_mgmt)) {
212 u8 ptk_name[WPA_PMK_NAME_LEN];
213 int use_sha384 = wpa_key_mgmt_sha384(sta->key_mgmt);
214
215 if (wpa_derive_pmk_r0(pmk->pmk, pmk->pmk_len,
216 bss->ssid, bss->ssid_len, bss->mdid,
217 bss->r0kh_id, bss->r0kh_id_len,
218 sa, sta->pmk_r0, sta->pmk_r0_name,
219 sta->key_mgmt) < 0)
220 return -1;
221 if (wpa_key_mgmt_sae_ext_key(sta->key_mgmt))
222 sta->pmk_r0_len = pmk->pmk_len;
223 else
224 sta->pmk_r0_len = use_sha384 ? PMK_LEN_SUITE_B_192 :
225 PMK_LEN;
226 if (wpa_derive_pmk_r1(sta->pmk_r0, sta->pmk_r0_len,
227 sta->pmk_r0_name,
228 bss->r1kh_id, sa,
229 sta->pmk_r1, sta->pmk_r1_name) < 0)
230 return -1;
231 sta->pmk_r1_len = sta->pmk_r0_len;
232 if (wpa_pmk_r1_to_ptk(sta->pmk_r1, sta->pmk_r1_len,
233 sta->snonce, sta->anonce, sa,
234 aa, sta->pmk_r1_name,
235 &ptk, ptk_name, sta->key_mgmt,
236 sta->pairwise_cipher, kdk_len) < 0 ||
237 check_mic(sta, ptk.kck, ptk.kck_len, ver, data, len) < 0)
238 return -1;
239 } else if (wpa_pmk_to_ptk(pmk->pmk, pmk->pmk_len,
240 "Pairwise key expansion",
241 aa, sa, sta->anonce,
242 sta->snonce, &ptk, sta->key_mgmt,
243 sta->pairwise_cipher, NULL, 0, kdk_len) < 0 ||
244 check_mic(sta, ptk.kck, ptk.kck_len, ver, data, len) < 0) {
245 return -1;
246 }
247
248 if (mlo) {
249 wpa_printf(MSG_INFO, "Derived PTK for STA " MACSTR " (MLD "
250 MACSTR ") BSSID " MACSTR " (MLD " MACSTR ")",
251 MAC2STR(sta->addr), MAC2STR(sta->mld_mac_addr),
252 MAC2STR(bss->bssid), MAC2STR(bss->mld_mac_addr));
253 } else {
254 wpa_printf(MSG_INFO, "Derived PTK for STA " MACSTR
255 " BSSID " MACSTR,
256 MAC2STR(sta->addr), MAC2STR(bss->bssid));
257 }
258 sta->counters[WLANTEST_STA_COUNTER_PTK_LEARNED]++;
259 if (sta->ptk_set) {
260 /*
261 * Rekeying - use new PTK for EAPOL-Key frames, but continue
262 * using the old PTK for frame decryption.
263 */
264 add_note(wt, MSG_DEBUG, "Derived PTK during rekeying");
265 os_memcpy(&sta->tptk, &ptk, sizeof(ptk));
266 wpa_hexdump(MSG_DEBUG, "TPTK:KCK",
267 sta->tptk.kck, sta->tptk.kck_len);
268 wpa_hexdump(MSG_DEBUG, "TPTK:KEK",
269 sta->tptk.kek, sta->tptk.kek_len);
270 wpa_hexdump(MSG_DEBUG, "TPTK:TK",
271 sta->tptk.tk, sta->tptk.tk_len);
272 sta->tptk_set = 1;
273 return 0;
274 }
275 sta_new_ptk(wt, sta, &ptk);
276 return 0;
277 }
278
279
derive_ptk(struct wlantest * wt,struct wlantest_bss * bss,struct wlantest_sta * sta,u16 ver,const u8 * data,size_t len)280 static void derive_ptk(struct wlantest *wt, struct wlantest_bss *bss,
281 struct wlantest_sta *sta, u16 ver,
282 const u8 *data, size_t len)
283 {
284 struct wlantest_pmk *pmk;
285
286 wpa_printf(MSG_DEBUG, "Trying to derive PTK for " MACSTR " (MLD " MACSTR
287 ") (ver %u)",
288 MAC2STR(sta->addr), MAC2STR(sta->mld_mac_addr), ver);
289 dl_list_for_each(pmk, &bss->pmk, struct wlantest_pmk, list) {
290 wpa_printf(MSG_DEBUG, "Try per-BSS PMK");
291 if (try_pmk(wt, bss, sta, ver, data, len, pmk) == 0)
292 return;
293 }
294
295 dl_list_for_each(pmk, &wt->pmk, struct wlantest_pmk, list) {
296 wpa_printf(MSG_DEBUG, "Try global PMK");
297 if (try_pmk(wt, bss, sta, ver, data, len, pmk) == 0)
298 return;
299 }
300
301 if (!sta->ptk_set) {
302 struct wlantest_ptk *ptk;
303 int prev_level = wpa_debug_level;
304
305 wpa_debug_level = MSG_WARNING;
306 dl_list_for_each(ptk, &wt->ptk, struct wlantest_ptk, list) {
307 if (check_mic(sta, ptk->ptk.kck, ptk->ptk.kck_len,
308 ver, data, len) < 0)
309 continue;
310 wpa_printf(MSG_INFO, "Pre-set PTK matches for STA "
311 MACSTR " BSSID " MACSTR,
312 MAC2STR(sta->addr), MAC2STR(bss->bssid));
313 add_note(wt, MSG_DEBUG, "Using pre-set PTK");
314 ptk->ptk_len = 32 +
315 wpa_cipher_key_len(sta->pairwise_cipher);
316 os_memcpy(&sta->ptk, &ptk->ptk, sizeof(ptk->ptk));
317 wpa_hexdump(MSG_DEBUG, "PTK:KCK",
318 sta->ptk.kck, sta->ptk.kck_len);
319 wpa_hexdump(MSG_DEBUG, "PTK:KEK",
320 sta->ptk.kek, sta->ptk.kek_len);
321 wpa_hexdump(MSG_DEBUG, "PTK:TK",
322 sta->ptk.tk, sta->ptk.tk_len);
323 sta->ptk_set = 1;
324 os_memset(sta->rsc_tods, 0, sizeof(sta->rsc_tods));
325 os_memset(sta->rsc_fromds, 0, sizeof(sta->rsc_fromds));
326 }
327 wpa_debug_level = prev_level;
328 }
329
330 add_note(wt, MSG_DEBUG, "No matching PMK found to derive PTK");
331 }
332
333
elems_from_eapol_ie(struct ieee802_11_elems * elems,struct wpa_eapol_ie_parse * ie)334 static void elems_from_eapol_ie(struct ieee802_11_elems *elems,
335 struct wpa_eapol_ie_parse *ie)
336 {
337 os_memset(elems, 0, sizeof(*elems));
338 if (ie->wpa_ie) {
339 elems->wpa_ie = ie->wpa_ie + 2;
340 elems->wpa_ie_len = ie->wpa_ie_len - 2;
341 }
342 if (ie->rsn_ie) {
343 elems->rsn_ie = ie->rsn_ie + 2;
344 elems->rsn_ie_len = ie->rsn_ie_len - 2;
345 }
346 if (ie->osen) {
347 elems->osen = ie->osen + 2;
348 elems->osen_len = ie->osen_len - 2;
349 }
350 }
351
352
rx_data_eapol_key_2_of_4(struct wlantest * wt,const u8 * dst,const u8 * src,const u8 * bssid,const u8 * data,size_t len)353 static void rx_data_eapol_key_2_of_4(struct wlantest *wt, const u8 *dst,
354 const u8 *src, const u8 *bssid,
355 const u8 *data, size_t len)
356 {
357 struct wlantest_bss *bss, *bss_mld;
358 struct wlantest_sta *sta;
359 const struct ieee802_1x_hdr *eapol;
360 const struct wpa_eapol_key *hdr;
361 const u8 *key_data, *kck, *mic;
362 size_t kck_len, mic_len, left;
363 u16 key_info, key_data_len;
364 struct wpa_eapol_ie_parse ie;
365 int link_id;
366
367 wpa_printf(MSG_DEBUG, "EAPOL-Key 2/4 " MACSTR " -> " MACSTR " (BSSID "
368 MACSTR ")",
369 MAC2STR(src), MAC2STR(dst), MAC2STR(bssid));
370 if (ether_addr_equal(dst, bssid)) {
371 bss = bss_get(wt, dst);
372 } else {
373 bss = bss_find(wt, bssid);
374 bss_mld = bss_find(wt, dst);
375 if (bss_mld && (!bss || sta_find(bss_mld, src)))
376 bss = bss_get(wt, dst);
377 else
378 bss = bss_get(wt, bssid);
379 }
380 if (bss == NULL)
381 return;
382 sta = sta_get(bss, src);
383 if (sta == NULL)
384 return;
385
386 eapol = (const struct ieee802_1x_hdr *) data;
387 hdr = (const struct wpa_eapol_key *) (eapol + 1);
388 left = len - sizeof(*hdr);
389 mic_len = determine_mic_len(sta);
390 if (mic_len > left) {
391 add_note(wt, MSG_INFO, "EAPOL-Key 2/4 from " MACSTR
392 " has a truncated MIC field", MAC2STR(src));
393 return;
394 }
395 left -= mic_len;
396 mic = (const u8 *) (hdr + 1);
397 if (!is_zero(hdr->key_rsc, 8)) {
398 add_note(wt, MSG_INFO, "EAPOL-Key 2/4 from " MACSTR
399 " used non-zero Key RSC", MAC2STR(src));
400 }
401 os_memcpy(sta->snonce, hdr->key_nonce, WPA_NONCE_LEN);
402 key_info = WPA_GET_BE16(hdr->key_info);
403 if (left < 2) {
404 add_note(wt, MSG_INFO, "EAPOL-Key 2/4 from " MACSTR
405 " has a truncated Key Data Length field",
406 MAC2STR(src));
407 return;
408 }
409 left -= 2;
410 key_data = mic + mic_len + 2;
411 key_data_len = WPA_GET_BE16(mic + mic_len);
412 if (key_data_len > left) {
413 add_note(wt, MSG_INFO, "EAPOL-Key 2/4 from " MACSTR
414 " has a truncated Key Data field",
415 MAC2STR(src));
416 return;
417 }
418
419 if (wpa_parse_kde_ies(key_data, key_data_len, &ie) < 0) {
420 add_note(wt, MSG_INFO, "Failed to parse EAPOL-Key Key Data");
421 return;
422 }
423
424 if (!sta->assocreq_seen) {
425 struct ieee802_11_elems elems;
426
427 elems_from_eapol_ie(&elems, &ie);
428 wpa_printf(MSG_DEBUG,
429 "Update STA data based on IEs in EAPOL-Key 2/4");
430 sta_update_assoc(sta, &elems);
431 }
432
433 if (ie.mac_addr) {
434 if (is_zero_ether_addr(sta->mld_mac_addr)) {
435 wpa_printf(MSG_DEBUG,
436 "Learned non-AP STA MLD MAC Address from EAPOL-Key 2/4: "
437 MACSTR, MAC2STR(ie.mac_addr));
438 } else {
439 wpa_printf(MSG_DEBUG,
440 "Updated non-AP STA MLD MAC Address from EAPOL-Key 2/4: "
441 MACSTR " --> " MACSTR,
442 MAC2STR(sta->mld_mac_addr),
443 MAC2STR(ie.mac_addr));
444 }
445 os_memcpy(sta->mld_mac_addr, ie.mac_addr, ETH_ALEN);
446 }
447
448 derive_ptk(wt, bss, sta, key_info & WPA_KEY_INFO_TYPE_MASK, data, len);
449
450 if (!sta->ptk_set && !sta->tptk_set) {
451 add_note(wt, MSG_DEBUG,
452 "No PTK known to process EAPOL-Key 2/4");
453 return;
454 }
455
456 kck = sta->ptk.kck;
457 kck_len = sta->ptk.kck_len;
458 if (sta->tptk_set) {
459 add_note(wt, MSG_DEBUG,
460 "Use TPTK for validation EAPOL-Key MIC");
461 kck = sta->tptk.kck;
462 kck_len = sta->tptk.kck_len;
463 }
464 if (check_mic(sta, kck, kck_len,
465 key_info & WPA_KEY_INFO_TYPE_MASK, data, len) < 0) {
466 add_note(wt, MSG_INFO, "Mismatch in EAPOL-Key 2/4 MIC");
467 return;
468 }
469 add_note(wt, MSG_DEBUG, "Valid MIC found in EAPOL-Key 2/4");
470
471 if (ie.wpa_ie) {
472 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - WPA IE",
473 ie.wpa_ie, ie.wpa_ie_len);
474 if (os_memcmp(ie.wpa_ie, sta->rsnie, ie.wpa_ie_len) != 0) {
475 add_note(wt, MSG_INFO,
476 "Mismatch in WPA IE between EAPOL-Key 2/4 "
477 "and (Re)Association Request from " MACSTR,
478 MAC2STR(sta->addr));
479 wpa_hexdump(MSG_INFO, "WPA IE in EAPOL-Key",
480 ie.wpa_ie, ie.wpa_ie_len);
481 wpa_hexdump(MSG_INFO, "WPA IE in (Re)Association "
482 "Request",
483 sta->rsnie,
484 sta->rsnie[0] ? 2 + sta->rsnie[1] : 0);
485 }
486 }
487
488 if (ie.rsn_ie) {
489 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - RSN IE",
490 ie.rsn_ie, ie.rsn_ie_len);
491 if (os_memcmp(ie.rsn_ie, sta->rsnie, ie.rsn_ie_len) != 0) {
492 add_note(wt, MSG_INFO,
493 "Mismatch in RSN IE between EAPOL-Key 2/4 "
494 "and (Re)Association Request from " MACSTR,
495 MAC2STR(sta->addr));
496 wpa_hexdump(MSG_INFO, "RSN IE in EAPOL-Key",
497 ie.rsn_ie, ie.rsn_ie_len);
498 wpa_hexdump(MSG_INFO, "RSN IE in (Re)Association "
499 "Request",
500 sta->rsnie,
501 sta->rsnie[0] ? 2 + sta->rsnie[1] : 0);
502 }
503 }
504
505 for (link_id = 0; link_id < MAX_NUM_MLD_LINKS; link_id++) {
506 const u8 *addr;
507
508 if (!ie.mlo_link[link_id])
509 continue;
510 addr = &ie.mlo_link[link_id][RSN_MLO_LINK_KDE_LINK_MAC_INDEX];
511 wpa_printf(MSG_DEBUG,
512 "Learned Link ID %u MAC address " MACSTR
513 " from EAPOL-Key 2/4",
514 link_id, MAC2STR(addr));
515 os_memcpy(sta->link_addr[link_id], addr, ETH_ALEN);
516 }
517 }
518
519
decrypt_eapol_key_data_rc4(struct wlantest * wt,const u8 * kek,const struct wpa_eapol_key * hdr,const u8 * keydata,u16 keydatalen,size_t * len)520 static u8 * decrypt_eapol_key_data_rc4(struct wlantest *wt, const u8 *kek,
521 const struct wpa_eapol_key *hdr,
522 const u8 *keydata, u16 keydatalen,
523 size_t *len)
524 {
525 u8 ek[32], *buf;
526
527 buf = os_memdup(keydata, keydatalen);
528 if (buf == NULL)
529 return NULL;
530
531 os_memcpy(ek, hdr->key_iv, 16);
532 os_memcpy(ek + 16, kek, 16);
533 if (rc4_skip(ek, 32, 256, buf, keydatalen)) {
534 add_note(wt, MSG_INFO, "RC4 failed");
535 os_free(buf);
536 return NULL;
537 }
538
539 *len = keydatalen;
540 return buf;
541 }
542
543
decrypt_eapol_key_data_aes(struct wlantest * wt,const u8 * kek,size_t kek_len,const struct wpa_eapol_key * hdr,const u8 * keydata,u16 keydatalen,size_t * len)544 static u8 * decrypt_eapol_key_data_aes(struct wlantest *wt, const u8 *kek,
545 size_t kek_len,
546 const struct wpa_eapol_key *hdr,
547 const u8 *keydata, u16 keydatalen,
548 size_t *len)
549 {
550 u8 *buf;
551
552 if (keydatalen % 8) {
553 add_note(wt, MSG_INFO, "Unsupported AES-WRAP len %d",
554 keydatalen);
555 return NULL;
556 }
557 keydatalen -= 8; /* AES-WRAP adds 8 bytes */
558 buf = os_malloc(keydatalen);
559 if (buf == NULL)
560 return NULL;
561 if (aes_unwrap(kek, kek_len, keydatalen / 8, keydata, buf)) {
562 os_free(buf);
563 add_note(wt, MSG_INFO,
564 "AES unwrap failed - could not decrypt EAPOL-Key "
565 "key data");
566 return NULL;
567 }
568
569 *len = keydatalen;
570 return buf;
571 }
572
573
decrypt_eapol_key_data(struct wlantest * wt,struct wlantest_sta * sta,const u8 * kek,size_t kek_len,u16 ver,const struct wpa_eapol_key * hdr,const u8 * end,size_t * len)574 static u8 * decrypt_eapol_key_data(struct wlantest *wt,
575 struct wlantest_sta *sta, const u8 *kek,
576 size_t kek_len, u16 ver,
577 const struct wpa_eapol_key *hdr,
578 const u8 *end, size_t *len)
579 {
580 size_t mic_len;
581 u16 keydatalen;
582 const u8 *mic, *keydata;
583
584 mic = (const u8 *) (hdr + 1);
585 mic_len = determine_mic_len(sta);
586 if (mic_len + 2 > end - mic)
587 return NULL;
588 keydata = mic + mic_len + 2;
589 keydatalen = WPA_GET_BE16(mic + mic_len);
590 if (keydatalen > end - keydata)
591 return NULL;
592
593 switch (ver) {
594 case WPA_KEY_INFO_TYPE_HMAC_MD5_RC4:
595 if (kek_len != 16)
596 return NULL;
597 return decrypt_eapol_key_data_rc4(wt, kek, hdr, keydata,
598 keydatalen, len);
599 case WPA_KEY_INFO_TYPE_HMAC_SHA1_AES:
600 case WPA_KEY_INFO_TYPE_AES_128_CMAC:
601 return decrypt_eapol_key_data_aes(wt, kek, kek_len, hdr,
602 keydata, keydatalen, len);
603 case WPA_KEY_INFO_TYPE_AKM_DEFINED:
604 /* For now, assume this is OSEN */
605 return decrypt_eapol_key_data_aes(wt, kek, kek_len, hdr,
606 keydata, keydatalen, len);
607 default:
608 add_note(wt, MSG_INFO,
609 "Unsupported EAPOL-Key Key Descriptor Version %u",
610 ver);
611 return NULL;
612 }
613 }
614
615
learn_kde_keys_mlo(struct wlantest * wt,struct wlantest_bss * bss,struct wlantest_sta * sta,int link_id,struct wpa_eapol_ie_parse * ie)616 static void learn_kde_keys_mlo(struct wlantest *wt, struct wlantest_bss *bss,
617 struct wlantest_sta *sta, int link_id,
618 struct wpa_eapol_ie_parse *ie)
619 {
620 const u8 *key, *pn;
621 size_t key_len;
622 unsigned int key_id;
623 bool tx;
624
625 if (ie->mlo_gtk[link_id]) {
626 pn = ie->mlo_gtk[link_id] + 1;
627 key = ie->mlo_gtk[link_id] + RSN_MLO_GTK_KDE_PREFIX_LENGTH;
628 key_len = ie->mlo_gtk_len[link_id] -
629 RSN_MLO_GTK_KDE_PREFIX_LENGTH;
630 key_id = ie->mlo_gtk[link_id][0] &
631 RSN_MLO_GTK_KDE_PREFIX0_KEY_ID_MASK;
632 tx = ie->mlo_gtk[link_id][0] & RSN_MLO_GTK_KDE_PREFIX0_TX;
633 if (key_len <= WPA_GTK_MAX_LEN) {
634 add_note(wt, MSG_DEBUG, "GTK KeyID=%u tx=%u",
635 key_id, tx);
636 if (ie->mlo_gtk[link_id][0] & BIT(3)) {
637 add_note(wt, MSG_INFO,
638 "MLO GTK KDE: Reserved field set");
639 }
640 wpa_hexdump(MSG_DEBUG, "GTK", key, key_len);
641 bss->gtk_len[key_id] = key_len;
642 if (sta)
643 sta->gtk_len = key_len;
644 os_memcpy(bss->gtk[key_id], key, key_len);
645 if (sta)
646 os_memcpy(sta->gtk, key, key_len);
647 bss->rsc[key_id][0] = pn[5];
648 bss->rsc[key_id][1] = pn[4];
649 bss->rsc[key_id][2] = pn[3];
650 bss->rsc[key_id][3] = pn[2];
651 bss->rsc[key_id][4] = pn[1];
652 bss->rsc[key_id][5] = pn[0];
653 bss->gtk_idx = key_id;
654 if (sta)
655 sta->gtk_idx = key_id;
656 wpa_hexdump(MSG_DEBUG, "RSC", bss->rsc[key_id], 6);
657 } else {
658 add_note(wt, MSG_INFO,
659 "Invalid MLO GTK KDE key length %zu",
660 key_len);
661 }
662 }
663
664 if (ie->mlo_igtk[link_id]) {
665 pn = ie->mlo_igtk[link_id] + 2;
666 key = ie->mlo_igtk[link_id] + RSN_MLO_IGTK_KDE_PREFIX_LENGTH;
667 key_len = ie->mlo_igtk_len[link_id] -
668 RSN_MLO_IGTK_KDE_PREFIX_LENGTH;
669 key_id = WPA_GET_LE16(ie->mlo_igtk[link_id]);
670 if (key_len <= WPA_IGTK_MAX_LEN && key_id >= 4 && key_id <= 5) {
671 add_note(wt, MSG_DEBUG, "IGTK KeyID=%u", key_id);
672 if (ie->mlo_igtk[link_id][2 + 6] & 0x0f) {
673 add_note(wt, MSG_INFO,
674 "MLO IGTK KDE: Reserved field set");
675 }
676 wpa_hexdump(MSG_DEBUG, "IGTK", key, key_len);
677 wpa_hexdump(MSG_DEBUG, "IPN", pn, 6);
678 bss->igtk_len[key_id] = key_len;
679 os_memcpy(bss->igtk[key_id], key, key_len);
680 bss->ipn[key_id][0] = pn[5];
681 bss->ipn[key_id][1] = pn[4];
682 bss->ipn[key_id][2] = pn[3];
683 bss->ipn[key_id][3] = pn[2];
684 bss->ipn[key_id][4] = pn[1];
685 bss->ipn[key_id][5] = pn[0];
686 bss->igtk_idx = key_id;
687 } else {
688 add_note(wt, MSG_INFO,
689 "Invalid MLO IGTK KDE ID %u or key length %zu",
690 key_id, key_len);
691 }
692 }
693
694 if (ie->mlo_bigtk[link_id]) {
695 pn = ie->mlo_bigtk[link_id] + 2;
696 key = ie->mlo_bigtk[link_id] + RSN_MLO_BIGTK_KDE_PREFIX_LENGTH;
697 key_len = ie->mlo_bigtk_len[link_id] -
698 RSN_MLO_BIGTK_KDE_PREFIX_LENGTH;
699 key_id = WPA_GET_LE16(ie->mlo_bigtk[link_id]);
700 if (key_len <= WPA_BIGTK_MAX_LEN &&
701 key_id >= 6 && key_id <= 7) {
702 add_note(wt, MSG_DEBUG, "BIGTK KeyID=%u", key_id);
703 if (ie->mlo_bigtk[link_id][2 + 6] & 0x0f) {
704 add_note(wt, MSG_INFO,
705 "MLO BIGTK KDE: Reserved field set");
706 }
707 wpa_hexdump(MSG_DEBUG, "BIGTK", key, key_len);
708 wpa_hexdump(MSG_DEBUG, "BIPN", pn, 6);
709 bss->igtk_len[key_id] = key_len;
710 os_memcpy(bss->igtk[key_id], key, key_len);
711 bss->ipn[key_id][0] = pn[5];
712 bss->ipn[key_id][1] = pn[4];
713 bss->ipn[key_id][2] = pn[3];
714 bss->ipn[key_id][3] = pn[2];
715 bss->ipn[key_id][4] = pn[1];
716 bss->ipn[key_id][5] = pn[0];
717 bss->bigtk_idx = key_id;
718 } else {
719 add_note(wt, MSG_INFO,
720 "Invalid MLO IGTK KDE ID %u or key length %zu",
721 key_id, key_len);
722 }
723 }
724 }
725
726
learn_kde_keys(struct wlantest * wt,struct wlantest_bss * bss,struct wlantest_sta * sta,const u8 * buf,size_t len,const u8 * rsc)727 static void learn_kde_keys(struct wlantest *wt, struct wlantest_bss *bss,
728 struct wlantest_sta *sta,
729 const u8 *buf, size_t len, const u8 *rsc)
730 {
731 struct wpa_eapol_ie_parse ie;
732 int link_id;
733
734 if (wpa_parse_kde_ies(buf, len, &ie) < 0) {
735 add_note(wt, MSG_INFO, "Failed to parse EAPOL-Key Key Data");
736 return;
737 }
738
739 if (ie.wpa_ie) {
740 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - WPA IE",
741 ie.wpa_ie, ie.wpa_ie_len);
742 }
743
744 if (ie.rsn_ie) {
745 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - RSN IE",
746 ie.rsn_ie, ie.rsn_ie_len);
747 }
748
749 if (ie.key_id)
750 add_note(wt, MSG_DEBUG, "KeyID %u", ie.key_id[0]);
751
752 if (ie.gtk) {
753 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - GTK KDE",
754 ie.gtk, ie.gtk_len);
755 if (ie.gtk_len >= 2 && ie.gtk_len <= 2 + 32) {
756 int id;
757 id = ie.gtk[0] & 0x03;
758 add_note(wt, MSG_DEBUG, "GTK KeyID=%u tx=%u",
759 id, !!(ie.gtk[0] & 0x04));
760 if ((ie.gtk[0] & 0xf8) || ie.gtk[1]) {
761 add_note(wt, MSG_INFO,
762 "GTK KDE: Reserved field set: "
763 "%02x %02x", ie.gtk[0], ie.gtk[1]);
764 }
765 wpa_hexdump(MSG_DEBUG, "GTK", ie.gtk + 2,
766 ie.gtk_len - 2);
767 bss->gtk_len[id] = ie.gtk_len - 2;
768 sta->gtk_len = ie.gtk_len - 2;
769 os_memcpy(bss->gtk[id], ie.gtk + 2, ie.gtk_len - 2);
770 os_memcpy(sta->gtk, ie.gtk + 2, ie.gtk_len - 2);
771 bss->rsc[id][0] = rsc[5];
772 bss->rsc[id][1] = rsc[4];
773 bss->rsc[id][2] = rsc[3];
774 bss->rsc[id][3] = rsc[2];
775 bss->rsc[id][4] = rsc[1];
776 bss->rsc[id][5] = rsc[0];
777 bss->gtk_idx = id;
778 sta->gtk_idx = id;
779 wpa_hexdump(MSG_DEBUG, "RSC", bss->rsc[id], 6);
780 } else {
781 add_note(wt, MSG_INFO, "Invalid GTK KDE length %u",
782 (unsigned) ie.gtk_len);
783 }
784 }
785
786 if (ie.igtk) {
787 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - IGTK KDE",
788 ie.igtk, ie.igtk_len);
789 if (ie.igtk_len == 24) {
790 u16 id;
791 id = WPA_GET_LE16(ie.igtk);
792 if (id > 5) {
793 add_note(wt, MSG_INFO,
794 "Unexpected IGTK KeyID %u", id);
795 } else {
796 const u8 *ipn;
797 add_note(wt, MSG_DEBUG, "IGTK KeyID %u", id);
798 wpa_hexdump(MSG_DEBUG, "IPN", ie.igtk + 2, 6);
799 wpa_hexdump(MSG_DEBUG, "IGTK", ie.igtk + 8,
800 16);
801 os_memcpy(bss->igtk[id], ie.igtk + 8, 16);
802 bss->igtk_len[id] = 16;
803 ipn = ie.igtk + 2;
804 bss->ipn[id][0] = ipn[5];
805 bss->ipn[id][1] = ipn[4];
806 bss->ipn[id][2] = ipn[3];
807 bss->ipn[id][3] = ipn[2];
808 bss->ipn[id][4] = ipn[1];
809 bss->ipn[id][5] = ipn[0];
810 bss->igtk_idx = id;
811 }
812 } else if (ie.igtk_len == 40) {
813 u16 id;
814 id = WPA_GET_LE16(ie.igtk);
815 if (id > 5) {
816 add_note(wt, MSG_INFO,
817 "Unexpected IGTK KeyID %u", id);
818 } else {
819 const u8 *ipn;
820 add_note(wt, MSG_DEBUG, "IGTK KeyID %u", id);
821 wpa_hexdump(MSG_DEBUG, "IPN", ie.igtk + 2, 6);
822 wpa_hexdump(MSG_DEBUG, "IGTK", ie.igtk + 8,
823 32);
824 os_memcpy(bss->igtk[id], ie.igtk + 8, 32);
825 bss->igtk_len[id] = 32;
826 ipn = ie.igtk + 2;
827 bss->ipn[id][0] = ipn[5];
828 bss->ipn[id][1] = ipn[4];
829 bss->ipn[id][2] = ipn[3];
830 bss->ipn[id][3] = ipn[2];
831 bss->ipn[id][4] = ipn[1];
832 bss->ipn[id][5] = ipn[0];
833 bss->igtk_idx = id;
834 }
835 } else {
836 add_note(wt, MSG_INFO, "Invalid IGTK KDE length %u",
837 (unsigned) ie.igtk_len);
838 }
839 }
840
841 if (ie.bigtk) {
842 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data - BIGTK KDE",
843 ie.bigtk, ie.bigtk_len);
844 if (ie.bigtk_len == 24) {
845 u16 id;
846
847 id = WPA_GET_LE16(ie.bigtk);
848 if (id < 6 || id > 7) {
849 add_note(wt, MSG_INFO,
850 "Unexpected BIGTK KeyID %u", id);
851 } else {
852 const u8 *ipn;
853
854 add_note(wt, MSG_DEBUG, "BIGTK KeyID %u", id);
855 wpa_hexdump(MSG_DEBUG, "BIPN", ie.bigtk + 2, 6);
856 wpa_hexdump(MSG_DEBUG, "BIGTK", ie.bigtk + 8,
857 16);
858 os_memcpy(bss->igtk[id], ie.bigtk + 8, 16);
859 bss->igtk_len[id] = 16;
860 ipn = ie.bigtk + 2;
861 bss->ipn[id][0] = ipn[5];
862 bss->ipn[id][1] = ipn[4];
863 bss->ipn[id][2] = ipn[3];
864 bss->ipn[id][3] = ipn[2];
865 bss->ipn[id][4] = ipn[1];
866 bss->ipn[id][5] = ipn[0];
867 bss->bigtk_idx = id;
868 }
869 } else if (ie.bigtk_len == 40) {
870 u16 id;
871
872 id = WPA_GET_LE16(ie.bigtk);
873 if (id < 6 || id > 7) {
874 add_note(wt, MSG_INFO,
875 "Unexpected BIGTK KeyID %u", id);
876 } else {
877 const u8 *ipn;
878
879 add_note(wt, MSG_DEBUG, "BIGTK KeyID %u", id);
880 wpa_hexdump(MSG_DEBUG, "BIPN", ie.bigtk + 2, 6);
881 wpa_hexdump(MSG_DEBUG, "BIGTK", ie.bigtk + 8,
882 32);
883 os_memcpy(bss->igtk[id], ie.bigtk + 8, 32);
884 bss->igtk_len[id] = 32;
885 ipn = ie.bigtk + 2;
886 bss->ipn[id][0] = ipn[5];
887 bss->ipn[id][1] = ipn[4];
888 bss->ipn[id][2] = ipn[3];
889 bss->ipn[id][3] = ipn[2];
890 bss->ipn[id][4] = ipn[1];
891 bss->ipn[id][5] = ipn[0];
892 bss->bigtk_idx = id;
893 }
894 } else {
895 add_note(wt, MSG_INFO, "Invalid BIGTK KDE length %u",
896 (unsigned) ie.bigtk_len);
897 }
898 }
899
900 for (link_id = 0; link_id < MAX_NUM_MLD_LINKS; link_id++) {
901 const u8 *addr;
902
903 if (!ie.mlo_link[link_id])
904 continue;
905 addr = &ie.mlo_link[link_id][RSN_MLO_LINK_KDE_LINK_MAC_INDEX];
906 if (ether_addr_equal(addr, bss->bssid)) {
907 wpa_printf(MSG_DEBUG,
908 "Trying to learn keys for the current MLO link (ID %u)",
909 link_id);
910 learn_kde_keys_mlo(wt, bss, sta, link_id, &ie);
911 } else {
912 struct wlantest_bss *obss;
913
914 wpa_printf(MSG_DEBUG,
915 "Trying to learn keys for another MLO link (ID %u addr " MACSTR ")",
916 link_id, MAC2STR(addr));
917 obss = bss_get(wt, addr);
918 if (!obss) {
919 wpa_printf(MSG_DEBUG,
920 "No BSS entry for the other BSS found");
921 continue;
922 }
923 learn_kde_keys_mlo(wt, obss, NULL, link_id, &ie);
924 }
925 }
926 }
927
928
rx_data_eapol_key_3_of_4(struct wlantest * wt,const u8 * dst,const u8 * src,const u8 * bssid,const u8 * data,size_t len)929 static void rx_data_eapol_key_3_of_4(struct wlantest *wt, const u8 *dst,
930 const u8 *src, const u8 *bssid,
931 const u8 *data, size_t len)
932 {
933 struct wlantest_bss *bss, *bss_mld;
934 struct wlantest_sta *sta;
935 const struct ieee802_1x_hdr *eapol;
936 const struct wpa_eapol_key *hdr;
937 const u8 *key_data, *kck, *kek, *mic;
938 size_t kck_len, kek_len, mic_len;
939 int recalc = 0;
940 u16 key_info, ver;
941 u8 *decrypted_buf = NULL;
942 const u8 *decrypted;
943 size_t decrypted_len = 0;
944 struct wpa_eapol_ie_parse ie;
945 struct wpa_ie_data rsn;
946 const u8 *rsne;
947 size_t rsne_len;
948 int link_id;
949
950 wpa_printf(MSG_DEBUG, "EAPOL-Key 3/4 " MACSTR " -> " MACSTR " (BSSID "
951 MACSTR ")",
952 MAC2STR(src), MAC2STR(dst), MAC2STR(bssid));
953 if (ether_addr_equal(src, bssid)) {
954 bss = bss_get(wt, src);
955 } else {
956 bss = bss_find(wt, bssid);
957 bss_mld = bss_find(wt, src);
958 if (bss_mld && (!bss || sta_find(bss_mld, src)))
959 bss = bss_get(wt, src);
960 else
961 bss = bss_get(wt, bssid);
962 }
963 if (bss == NULL)
964 return;
965 sta = sta_get(bss, dst);
966 if (sta == NULL)
967 return;
968 mic_len = determine_mic_len(sta);
969
970 eapol = (const struct ieee802_1x_hdr *) data;
971 hdr = (const struct wpa_eapol_key *) (eapol + 1);
972 mic = (const u8 *) (hdr + 1);
973 key_info = WPA_GET_BE16(hdr->key_info);
974
975 if (os_memcmp(sta->anonce, hdr->key_nonce, WPA_NONCE_LEN) != 0) {
976 add_note(wt, MSG_INFO,
977 "EAPOL-Key ANonce mismatch between 1/4 and 3/4");
978 recalc = 1;
979 }
980 os_memcpy(sta->anonce, hdr->key_nonce, WPA_NONCE_LEN);
981 if (recalc) {
982 derive_ptk(wt, bss, sta, key_info & WPA_KEY_INFO_TYPE_MASK,
983 data, len);
984 }
985
986 if (!sta->ptk_set && !sta->tptk_set) {
987 add_note(wt, MSG_DEBUG,
988 "No PTK known to process EAPOL-Key 3/4");
989 return;
990 }
991
992 kek = sta->ptk.kek;
993 kek_len = sta->ptk.kek_len;
994 kck = sta->ptk.kck;
995 kck_len = sta->ptk.kck_len;
996 if (sta->tptk_set) {
997 add_note(wt, MSG_DEBUG,
998 "Use TPTK for validation EAPOL-Key MIC");
999 kck = sta->tptk.kck;
1000 kck_len = sta->tptk.kck_len;
1001 kek = sta->tptk.kek;
1002 kek_len = sta->tptk.kek_len;
1003 }
1004 if (check_mic(sta, kck, kck_len,
1005 key_info & WPA_KEY_INFO_TYPE_MASK, data, len) < 0) {
1006 add_note(wt, MSG_INFO, "Mismatch in EAPOL-Key 3/4 MIC");
1007 return;
1008 }
1009 add_note(wt, MSG_DEBUG, "Valid MIC found in EAPOL-Key 3/4");
1010
1011 key_data = mic + mic_len + 2;
1012 if (!(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1013 if (sta->proto & WPA_PROTO_RSN)
1014 add_note(wt, MSG_INFO,
1015 "EAPOL-Key 3/4 without EncrKeyData bit");
1016 decrypted = key_data;
1017 decrypted_len = WPA_GET_BE16(mic + mic_len);
1018 } else {
1019 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
1020 decrypted_buf = decrypt_eapol_key_data(wt, sta,
1021 kek, kek_len, ver,
1022 hdr, data + len,
1023 &decrypted_len);
1024 if (decrypted_buf == NULL) {
1025 add_note(wt, MSG_INFO,
1026 "Failed to decrypt EAPOL-Key Key Data");
1027 return;
1028 }
1029 decrypted = decrypted_buf;
1030 wpa_hexdump(MSG_DEBUG, "Decrypted EAPOL-Key Key Data",
1031 decrypted, decrypted_len);
1032 }
1033 if ((wt->write_pcap_dumper || wt->pcapng) && decrypted != key_data) {
1034 /* Fill in a stub Data frame header */
1035 u8 buf[24 + 8 + sizeof(*eapol) + sizeof(*hdr) + 64];
1036 struct ieee80211_hdr *h;
1037 struct wpa_eapol_key *k;
1038 const u8 *p;
1039 u8 *pos;
1040 size_t plain_len;
1041
1042 plain_len = decrypted_len;
1043 p = decrypted;
1044 while (p + 1 < decrypted + decrypted_len) {
1045 if (p[0] == 0xdd && p[1] == 0x00) {
1046 /* Remove padding */
1047 plain_len = p - decrypted;
1048 p = NULL;
1049 break;
1050 }
1051 p += 2 + p[1];
1052 }
1053 if (p && p > decrypted && p + 1 == decrypted + decrypted_len &&
1054 *p == 0xdd) {
1055 /* Remove padding */
1056 plain_len = p - decrypted;
1057 }
1058
1059 os_memset(buf, 0, sizeof(buf));
1060 h = (struct ieee80211_hdr *) buf;
1061 h->frame_control = host_to_le16(0x0208);
1062 os_memcpy(h->addr1, dst, ETH_ALEN);
1063 os_memcpy(h->addr2, src, ETH_ALEN);
1064 os_memcpy(h->addr3, src, ETH_ALEN);
1065 pos = (u8 *) (h + 1);
1066 os_memcpy(pos, "\xaa\xaa\x03\x00\x00\x00\x88\x8e", 8);
1067 pos += 8;
1068 os_memcpy(pos, eapol, sizeof(*eapol));
1069 pos += sizeof(*eapol);
1070 os_memcpy(pos, hdr, sizeof(*hdr) + mic_len);
1071 k = (struct wpa_eapol_key *) pos;
1072 pos += sizeof(struct wpa_eapol_key) + mic_len;
1073 WPA_PUT_BE16(k->key_info,
1074 key_info & ~WPA_KEY_INFO_ENCR_KEY_DATA);
1075 WPA_PUT_BE16(pos, plain_len);
1076 write_pcap_decrypted(wt, buf, 24 + 8 + sizeof(*eapol) +
1077 sizeof(*hdr) + mic_len + 2,
1078 decrypted, plain_len);
1079 }
1080
1081 if (wpa_parse_kde_ies(decrypted, decrypted_len, &ie) < 0) {
1082 add_note(wt, MSG_INFO, "Failed to parse EAPOL-Key Key Data");
1083 os_free(decrypted_buf);
1084 return;
1085 }
1086
1087 if (!bss->ies_set) {
1088 struct ieee802_11_elems elems;
1089
1090 elems_from_eapol_ie(&elems, &ie);
1091 wpa_printf(MSG_DEBUG,
1092 "Update BSS data based on IEs in EAPOL-Key 3/4");
1093 bss_update(wt, bss, &elems, 0);
1094 }
1095
1096 if ((ie.wpa_ie &&
1097 os_memcmp(ie.wpa_ie, bss->wpaie, ie.wpa_ie_len) != 0) ||
1098 (ie.wpa_ie == NULL && bss->wpaie[0])) {
1099 add_note(wt, MSG_INFO,
1100 "Mismatch in WPA IE between EAPOL-Key 3/4 and "
1101 "Beacon/Probe Response from " MACSTR,
1102 MAC2STR(bss->bssid));
1103 wpa_hexdump(MSG_INFO, "WPA IE in EAPOL-Key",
1104 ie.wpa_ie, ie.wpa_ie_len);
1105 wpa_hexdump(MSG_INFO, "WPA IE in Beacon/Probe "
1106 "Response",
1107 bss->wpaie,
1108 bss->wpaie[0] ? 2 + bss->wpaie[1] : 0);
1109 }
1110
1111 rsne = ie.rsn_ie;
1112 rsne_len = ie.rsn_ie_len;
1113 for (link_id = 0; !rsne && link_id < MAX_NUM_MLD_LINKS; link_id++) {
1114 const u8 *addr, *pos, *end;
1115
1116 if (!ie.mlo_link[link_id])
1117 continue;
1118 addr = &ie.mlo_link[link_id][RSN_MLO_LINK_KDE_LINK_MAC_INDEX];
1119 if (!ether_addr_equal(addr, bss->bssid))
1120 continue;
1121 if (!(ie.mlo_link[link_id][0] & RSN_MLO_LINK_KDE_LI_RSNE_INFO))
1122 continue;
1123 pos = ie.mlo_link[link_id] + RSN_MLO_LINK_KDE_FIXED_LENGTH;
1124 end = ie.mlo_link[link_id] + ie.mlo_link_len[link_id];
1125 if (end - pos < 2 || pos[0] != WLAN_EID_RSN ||
1126 end - pos < 2 + pos[1]) {
1127 add_note(wt, MSG_INFO, "Invalid MLO Link KDE from "
1128 MACSTR " - RSNE info missing",
1129 MAC2STR(bss->bssid));
1130 break;
1131 }
1132 wpa_printf(MSG_DEBUG,
1133 "Using RSNE from MLO Link KDE for Link ID %u",
1134 link_id);
1135 rsne = pos;
1136 rsne_len = 2 + pos[1];
1137 break;
1138 }
1139
1140 if ((rsne &&
1141 wpa_compare_rsn_ie(wpa_key_mgmt_ft(sta->key_mgmt),
1142 rsne, rsne_len,
1143 bss->rsnie, 2 + bss->rsnie[1])) ||
1144 (!rsne && bss->rsnie[0])) {
1145 add_note(wt, MSG_INFO, "Mismatch in RSN IE between EAPOL-Key "
1146 "3/4 and Beacon/Probe Response from " MACSTR,
1147 MAC2STR(bss->bssid));
1148 wpa_hexdump(MSG_INFO, "RSN IE in EAPOL-Key",
1149 rsne, rsne_len);
1150 wpa_hexdump(MSG_INFO, "RSN IE in Beacon/Probe Response",
1151 bss->rsnie,
1152 bss->rsnie[0] ? 2 + bss->rsnie[1] : 0);
1153 }
1154
1155 if (wpa_key_mgmt_ft(sta->key_mgmt) &&
1156 (wpa_parse_wpa_ie_rsn(rsne, rsne_len, &rsn) < 0 ||
1157 rsn.num_pmkid != 1 || !rsn.pmkid ||
1158 os_memcmp_const(rsn.pmkid, sta->pmk_r1_name,
1159 WPA_PMK_NAME_LEN) != 0))
1160 add_note(wt, MSG_INFO,
1161 "FT: No matching PMKR1Name in FT 4-way handshake message 3/4");
1162
1163 /* TODO: validate MDE and FTE match */
1164
1165 learn_kde_keys(wt, bss, sta, decrypted, decrypted_len, hdr->key_rsc);
1166 os_free(decrypted_buf);
1167 }
1168
1169
rx_data_eapol_key_4_of_4(struct wlantest * wt,const u8 * dst,const u8 * src,const u8 * bssid,const u8 * data,size_t len)1170 static void rx_data_eapol_key_4_of_4(struct wlantest *wt, const u8 *dst,
1171 const u8 *src, const u8 *bssid,
1172 const u8 *data, size_t len)
1173 {
1174 struct wlantest_bss *bss, *bss_mld;
1175 struct wlantest_sta *sta;
1176 const struct ieee802_1x_hdr *eapol;
1177 const struct wpa_eapol_key *hdr;
1178 u16 key_info;
1179 const u8 *kck;
1180 size_t kck_len;
1181
1182 wpa_printf(MSG_DEBUG, "EAPOL-Key 4/4 " MACSTR " -> " MACSTR " (BSSID "
1183 MACSTR ")",
1184 MAC2STR(src), MAC2STR(dst), MAC2STR(bssid));
1185 if (ether_addr_equal(dst, bssid)) {
1186 bss = bss_get(wt, dst);
1187 } else {
1188 bss = bss_find(wt, bssid);
1189 bss_mld = bss_find(wt, dst);
1190 if (bss_mld && (!bss || sta_find(bss_mld, src)))
1191 bss = bss_get(wt, dst);
1192 else
1193 bss = bss_get(wt, bssid);
1194 }
1195 if (bss == NULL)
1196 return;
1197 sta = sta_get(bss, src);
1198 if (sta == NULL)
1199 return;
1200
1201 eapol = (const struct ieee802_1x_hdr *) data;
1202 hdr = (const struct wpa_eapol_key *) (eapol + 1);
1203 if (!is_zero(hdr->key_rsc, 8)) {
1204 add_note(wt, MSG_INFO, "EAPOL-Key 4/4 from " MACSTR " used "
1205 "non-zero Key RSC", MAC2STR(src));
1206 }
1207 key_info = WPA_GET_BE16(hdr->key_info);
1208
1209 if (!sta->ptk_set && !sta->tptk_set) {
1210 add_note(wt, MSG_DEBUG,
1211 "No PTK known to process EAPOL-Key 4/4");
1212 return;
1213 }
1214
1215 kck = sta->ptk.kck;
1216 kck_len = sta->ptk.kck_len;
1217 if (sta->tptk_set) {
1218 add_note(wt, MSG_DEBUG,
1219 "Use TPTK for validation EAPOL-Key MIC");
1220 kck = sta->tptk.kck;
1221 kck_len = sta->tptk.kck_len;
1222 }
1223 if (check_mic(sta, kck, kck_len,
1224 key_info & WPA_KEY_INFO_TYPE_MASK, data, len) < 0) {
1225 add_note(wt, MSG_INFO, "Mismatch in EAPOL-Key 4/4 MIC");
1226 return;
1227 }
1228 add_note(wt, MSG_DEBUG, "Valid MIC found in EAPOL-Key 4/4");
1229 if (sta->tptk_set) {
1230 add_note(wt, MSG_DEBUG, "Update PTK (rekeying)");
1231 os_memcpy(&sta->ptk, &sta->tptk, sizeof(sta->ptk));
1232 sta->ptk_set = 1;
1233 sta->tptk_set = 0;
1234 os_memset(sta->rsc_tods, 0, sizeof(sta->rsc_tods));
1235 os_memset(sta->rsc_fromds, 0, sizeof(sta->rsc_fromds));
1236 }
1237 }
1238
1239
rx_data_eapol_key_1_of_2(struct wlantest * wt,const u8 * dst,const u8 * src,const u8 * bssid,const u8 * data,size_t len)1240 static void rx_data_eapol_key_1_of_2(struct wlantest *wt, const u8 *dst,
1241 const u8 *src, const u8 *bssid,
1242 const u8 *data, size_t len)
1243 {
1244 struct wlantest_bss *bss, *bss_mld;
1245 struct wlantest_sta *sta;
1246 const struct ieee802_1x_hdr *eapol;
1247 const struct wpa_eapol_key *hdr;
1248 u16 key_info, ver;
1249 u8 *decrypted;
1250 size_t decrypted_len = 0;
1251 size_t mic_len;
1252
1253 wpa_printf(MSG_DEBUG, "EAPOL-Key 1/2 " MACSTR " -> " MACSTR " (BSSID "
1254 MACSTR ")",
1255 MAC2STR(src), MAC2STR(dst), MAC2STR(bssid));
1256 if (ether_addr_equal(src, bssid)) {
1257 bss = bss_get(wt, src);
1258 } else {
1259 bss = bss_find(wt, bssid);
1260 bss_mld = bss_find(wt, src);
1261 if (bss_mld && (!bss || sta_find(bss_mld, src)))
1262 bss = bss_get(wt, src);
1263 else
1264 bss = bss_get(wt, bssid);
1265 }
1266 if (bss == NULL)
1267 return;
1268 sta = sta_get(bss, dst);
1269 if (sta == NULL)
1270 return;
1271 mic_len = determine_mic_len(sta);
1272
1273 eapol = (const struct ieee802_1x_hdr *) data;
1274 hdr = (const struct wpa_eapol_key *) (eapol + 1);
1275 key_info = WPA_GET_BE16(hdr->key_info);
1276
1277 if (!sta->ptk_set) {
1278 add_note(wt, MSG_DEBUG,
1279 "No PTK known to process EAPOL-Key 1/2");
1280 return;
1281 }
1282
1283 if (sta->ptk_set &&
1284 check_mic(sta, sta->ptk.kck, sta->ptk.kck_len,
1285 key_info & WPA_KEY_INFO_TYPE_MASK,
1286 data, len) < 0) {
1287 add_note(wt, MSG_INFO, "Mismatch in EAPOL-Key 1/2 MIC");
1288 return;
1289 }
1290 add_note(wt, MSG_DEBUG, "Valid MIC found in EAPOL-Key 1/2");
1291
1292 if (sta->proto & WPA_PROTO_RSN &&
1293 !(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
1294 add_note(wt, MSG_INFO, "EAPOL-Key 1/2 without EncrKeyData bit");
1295 return;
1296 }
1297 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
1298 decrypted = decrypt_eapol_key_data(wt, sta,
1299 sta->ptk.kek, sta->ptk.kek_len,
1300 ver, hdr, data + len,
1301 &decrypted_len);
1302 if (decrypted == NULL) {
1303 add_note(wt, MSG_INFO, "Failed to decrypt EAPOL-Key Key Data");
1304 return;
1305 }
1306 wpa_hexdump(MSG_DEBUG, "Decrypted EAPOL-Key Key Data",
1307 decrypted, decrypted_len);
1308 if (wt->write_pcap_dumper || wt->pcapng) {
1309 /* Fill in a stub Data frame header */
1310 u8 buf[24 + 8 + sizeof(*eapol) + sizeof(*hdr) + 64];
1311 struct ieee80211_hdr *h;
1312 struct wpa_eapol_key *k;
1313 u8 *pos;
1314 size_t plain_len;
1315
1316 plain_len = decrypted_len;
1317 pos = decrypted;
1318 while (pos + 1 < decrypted + decrypted_len) {
1319 if (pos[0] == 0xdd && pos[1] == 0x00) {
1320 /* Remove padding */
1321 plain_len = pos - decrypted;
1322 break;
1323 }
1324 pos += 2 + pos[1];
1325 }
1326
1327 os_memset(buf, 0, sizeof(buf));
1328 h = (struct ieee80211_hdr *) buf;
1329 h->frame_control = host_to_le16(0x0208);
1330 os_memcpy(h->addr1, dst, ETH_ALEN);
1331 os_memcpy(h->addr2, src, ETH_ALEN);
1332 os_memcpy(h->addr3, src, ETH_ALEN);
1333 pos = (u8 *) (h + 1);
1334 os_memcpy(pos, "\xaa\xaa\x03\x00\x00\x00\x88\x8e", 8);
1335 pos += 8;
1336 os_memcpy(pos, eapol, sizeof(*eapol));
1337 pos += sizeof(*eapol);
1338 os_memcpy(pos, hdr, sizeof(*hdr) + mic_len);
1339 k = (struct wpa_eapol_key *) pos;
1340 pos += sizeof(struct wpa_eapol_key) + mic_len;
1341 WPA_PUT_BE16(k->key_info,
1342 key_info & ~WPA_KEY_INFO_ENCR_KEY_DATA);
1343 WPA_PUT_BE16(pos, plain_len);
1344 write_pcap_decrypted(wt, buf, 24 + 8 + sizeof(*eapol) +
1345 sizeof(*hdr) + mic_len + 2,
1346 decrypted, plain_len);
1347 }
1348 if (sta->proto & WPA_PROTO_RSN)
1349 learn_kde_keys(wt, bss, sta, decrypted, decrypted_len,
1350 hdr->key_rsc);
1351 else {
1352 int klen = bss->group_cipher == WPA_CIPHER_TKIP ? 32 : 16;
1353 if (decrypted_len == klen) {
1354 const u8 *rsc = hdr->key_rsc;
1355 int id;
1356 id = (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
1357 WPA_KEY_INFO_KEY_INDEX_SHIFT;
1358 add_note(wt, MSG_DEBUG, "GTK key index %d", id);
1359 wpa_hexdump(MSG_DEBUG, "GTK", decrypted,
1360 decrypted_len);
1361 bss->gtk_len[id] = decrypted_len;
1362 os_memcpy(bss->gtk[id], decrypted, decrypted_len);
1363 bss->rsc[id][0] = rsc[5];
1364 bss->rsc[id][1] = rsc[4];
1365 bss->rsc[id][2] = rsc[3];
1366 bss->rsc[id][3] = rsc[2];
1367 bss->rsc[id][4] = rsc[1];
1368 bss->rsc[id][5] = rsc[0];
1369 wpa_hexdump(MSG_DEBUG, "RSC", bss->rsc[id], 6);
1370 } else {
1371 add_note(wt, MSG_INFO, "Unexpected WPA Key Data length "
1372 "in Group Key msg 1/2 from " MACSTR,
1373 MAC2STR(src));
1374 }
1375 }
1376 os_free(decrypted);
1377 }
1378
1379
rx_data_eapol_key_2_of_2(struct wlantest * wt,const u8 * dst,const u8 * src,const u8 * bssid,const u8 * data,size_t len)1380 static void rx_data_eapol_key_2_of_2(struct wlantest *wt, const u8 *dst,
1381 const u8 *src, const u8 *bssid,
1382 const u8 *data, size_t len)
1383 {
1384 struct wlantest_bss *bss, *bss_mld;
1385 struct wlantest_sta *sta;
1386 const struct ieee802_1x_hdr *eapol;
1387 const struct wpa_eapol_key *hdr;
1388 u16 key_info;
1389
1390 wpa_printf(MSG_DEBUG, "EAPOL-Key 2/2 " MACSTR " -> " MACSTR " (BSSID "
1391 MACSTR ")",
1392 MAC2STR(src), MAC2STR(dst), MAC2STR(bssid));
1393 if (ether_addr_equal(dst, bssid)) {
1394 bss = bss_get(wt, dst);
1395 } else {
1396 bss = bss_find(wt, bssid);
1397 bss_mld = bss_find(wt, dst);
1398 if (bss_mld && (!bss || sta_find(bss_mld, src)))
1399 bss = bss_get(wt, dst);
1400 else
1401 bss = bss_get(wt, bssid);
1402 }
1403 if (bss == NULL)
1404 return;
1405 sta = sta_get(bss, src);
1406 if (sta == NULL)
1407 return;
1408
1409 eapol = (const struct ieee802_1x_hdr *) data;
1410 hdr = (const struct wpa_eapol_key *) (eapol + 1);
1411 if (!is_zero(hdr->key_rsc, 8)) {
1412 add_note(wt, MSG_INFO, "EAPOL-Key 2/2 from " MACSTR " used "
1413 "non-zero Key RSC", MAC2STR(src));
1414 }
1415 key_info = WPA_GET_BE16(hdr->key_info);
1416
1417 if (!sta->ptk_set) {
1418 add_note(wt, MSG_DEBUG,
1419 "No PTK known to process EAPOL-Key 2/2");
1420 return;
1421 }
1422
1423 if (sta->ptk_set &&
1424 check_mic(sta, sta->ptk.kck, sta->ptk.kck_len,
1425 key_info & WPA_KEY_INFO_TYPE_MASK,
1426 data, len) < 0) {
1427 add_note(wt, MSG_INFO, "Mismatch in EAPOL-Key 2/2 MIC");
1428 return;
1429 }
1430 add_note(wt, MSG_DEBUG, "Valid MIC found in EAPOL-Key 2/2");
1431 }
1432
1433
rx_data_eapol_key(struct wlantest * wt,const u8 * bssid,const u8 * sta_addr,const u8 * dst,const u8 * src,const u8 * data,size_t len,int prot)1434 static void rx_data_eapol_key(struct wlantest *wt, const u8 *bssid,
1435 const u8 *sta_addr, const u8 *dst,
1436 const u8 *src, const u8 *data, size_t len,
1437 int prot)
1438 {
1439 const struct ieee802_1x_hdr *eapol;
1440 const struct wpa_eapol_key *hdr;
1441 const u8 *key_data, *alt_key_data;
1442 u16 key_info, key_length, ver, key_data_length, alt_key_data_length;
1443 size_t mic_len = 16, alt_mic_len;
1444 const u8 *mic;
1445 struct wlantest_bss *bss;
1446 struct wlantest_sta *sta = NULL;
1447
1448 bss = bss_get(wt, bssid);
1449 if (bss) {
1450 if (sta_addr)
1451 sta = sta_get(bss, sta_addr);
1452 else
1453 sta = NULL;
1454 mic_len = determine_mic_len(sta);
1455 }
1456
1457 eapol = (const struct ieee802_1x_hdr *) data;
1458 hdr = (const struct wpa_eapol_key *) (eapol + 1);
1459
1460 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key",
1461 (const u8 *) hdr, len - sizeof(*eapol));
1462 if (len < sizeof(*hdr) + mic_len + 2) {
1463 add_note(wt, MSG_INFO, "Too short EAPOL-Key frame from " MACSTR,
1464 MAC2STR(src));
1465 return;
1466 }
1467 mic = (const u8 *) (hdr + 1);
1468
1469 if (hdr->type == EAPOL_KEY_TYPE_RC4) {
1470 /* TODO: EAPOL-Key RC4 for WEP */
1471 wpa_printf(MSG_INFO, "EAPOL-Key Descriptor Type RC4 from "
1472 MACSTR, MAC2STR(src));
1473 return;
1474 }
1475
1476 if (hdr->type != EAPOL_KEY_TYPE_RSN &&
1477 hdr->type != EAPOL_KEY_TYPE_WPA) {
1478 wpa_printf(MSG_INFO, "Unsupported EAPOL-Key Descriptor Type "
1479 "%u from " MACSTR, hdr->type, MAC2STR(src));
1480 return;
1481 }
1482
1483 key_info = WPA_GET_BE16(hdr->key_info);
1484 key_length = WPA_GET_BE16(hdr->key_length);
1485 key_data_length = WPA_GET_BE16(mic + mic_len);
1486 key_data = mic + mic_len + 2;
1487
1488 if (key_data + key_data_length != data + len && sta &&
1489 ((wpa_key_mgmt_sae_ext_key(sta->key_mgmt) && sta->sae_group == 0) ||
1490 (sta->key_mgmt == WPA_KEY_MGMT_OWE && sta->owe_group == 0))) {
1491 /* We do not know which group was used (e.g., due to use of
1492 * PMKSA caching without the initial association included in
1493 * the capture file), so the MIC length might not be correct.
1494 * Try the other options to see if matching EAPOL-Key length
1495 * can be determined. */
1496
1497 /* Group 20 */
1498 alt_mic_len = wpa_mic_len(sta->key_mgmt, 48);
1499 alt_key_data_length = WPA_GET_BE16(mic + alt_mic_len);
1500 alt_key_data = mic + alt_mic_len + 2;
1501 if (len >= sizeof(*hdr) + alt_mic_len + 2 &&
1502 alt_key_data + alt_key_data_length == data + len) {
1503 add_note(wt, MSG_INFO,
1504 "Assume group 20 was used to get matching Key MIC length for EAPOL-Key");
1505 if (wpa_key_mgmt_sae_ext_key(sta->key_mgmt))
1506 sta->sae_group = 20;
1507 else
1508 sta->owe_group = 20;
1509 mic_len = alt_mic_len;
1510 key_data_length = alt_key_data_length;
1511 key_data = alt_key_data;
1512 goto group_determined;
1513 }
1514
1515 /* Group 21 */
1516 alt_mic_len = wpa_mic_len(sta->key_mgmt, 64);
1517 alt_key_data_length = WPA_GET_BE16(mic + alt_mic_len);
1518 alt_key_data = mic + alt_mic_len + 2;
1519 if (len >= sizeof(*hdr) + alt_mic_len + 2 &&
1520 alt_key_data + alt_key_data_length == data + len) {
1521 add_note(wt, MSG_INFO,
1522 "Assume group 21 was used to get matching Key MIC length for EAPOL-Key");
1523 if (wpa_key_mgmt_sae_ext_key(sta->key_mgmt))
1524 sta->sae_group = 21;
1525 else
1526 sta->owe_group = 21;
1527 mic_len = alt_mic_len;
1528 key_data_length = alt_key_data_length;
1529 key_data = alt_key_data;
1530 goto group_determined;
1531 }
1532 }
1533
1534 group_determined:
1535 if (key_data + key_data_length > data + len) {
1536 add_note(wt, MSG_INFO, "Truncated EAPOL-Key from " MACSTR,
1537 MAC2STR(src));
1538 return;
1539 }
1540 if (key_data + key_data_length < data + len) {
1541 wpa_hexdump(MSG_DEBUG, "Extra data after EAPOL-Key Key Data "
1542 "field", key_data + key_data_length,
1543 data + len - key_data - key_data_length);
1544 }
1545
1546
1547 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
1548 wpa_printf(MSG_DEBUG, "EAPOL-Key ver=%u %c idx=%u%s%s%s%s%s%s%s%s "
1549 "datalen=%u",
1550 ver, key_info & WPA_KEY_INFO_KEY_TYPE ? 'P' : 'G',
1551 (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
1552 WPA_KEY_INFO_KEY_INDEX_SHIFT,
1553 (key_info & WPA_KEY_INFO_INSTALL) ? " Install" : "",
1554 (key_info & WPA_KEY_INFO_ACK) ? " ACK" : "",
1555 (key_info & WPA_KEY_INFO_MIC) ? " MIC" : "",
1556 (key_info & WPA_KEY_INFO_SECURE) ? " Secure" : "",
1557 (key_info & WPA_KEY_INFO_ERROR) ? " Error" : "",
1558 (key_info & WPA_KEY_INFO_REQUEST) ? " Request" : "",
1559 (key_info & WPA_KEY_INFO_ENCR_KEY_DATA) ? " Encr" : "",
1560 (key_info & WPA_KEY_INFO_SMK_MESSAGE) ? " SMK" : "",
1561 key_data_length);
1562
1563 if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
1564 ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES &&
1565 ver != WPA_KEY_INFO_TYPE_AES_128_CMAC &&
1566 ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
1567 wpa_printf(MSG_INFO, "Unsupported EAPOL-Key Key Descriptor "
1568 "Version %u from " MACSTR, ver, MAC2STR(src));
1569 return;
1570 }
1571
1572 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Replay Counter",
1573 hdr->replay_counter, WPA_REPLAY_COUNTER_LEN);
1574 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Nonce",
1575 hdr->key_nonce, WPA_NONCE_LEN);
1576 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key IV",
1577 hdr->key_iv, 16);
1578 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key RSC",
1579 hdr->key_rsc, WPA_KEY_RSC_LEN);
1580 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key MIC",
1581 mic, mic_len);
1582 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Key Key Data",
1583 key_data, key_data_length);
1584
1585 if (hdr->type == EAPOL_KEY_TYPE_RSN &&
1586 (key_info & (WPA_KEY_INFO_KEY_INDEX_MASK | BIT(14) | BIT(15))) !=
1587 0) {
1588 wpa_printf(MSG_INFO, "RSN EAPOL-Key with non-zero reserved "
1589 "Key Info bits 0x%x from " MACSTR,
1590 key_info, MAC2STR(src));
1591 }
1592
1593 if (hdr->type == EAPOL_KEY_TYPE_WPA &&
1594 (key_info & (WPA_KEY_INFO_ENCR_KEY_DATA |
1595 WPA_KEY_INFO_SMK_MESSAGE |BIT(14) | BIT(15))) != 0) {
1596 wpa_printf(MSG_INFO, "WPA EAPOL-Key with non-zero reserved "
1597 "Key Info bits 0x%x from " MACSTR,
1598 key_info, MAC2STR(src));
1599 }
1600
1601 if (key_length > 32) {
1602 wpa_printf(MSG_INFO, "EAPOL-Key with invalid Key Length %d "
1603 "from " MACSTR, key_length, MAC2STR(src));
1604 }
1605
1606 if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
1607 !is_zero(hdr->key_iv, 16)) {
1608 wpa_printf(MSG_INFO, "EAPOL-Key with non-zero Key IV "
1609 "(reserved with ver=%d) field from " MACSTR,
1610 ver, MAC2STR(src));
1611 wpa_hexdump(MSG_INFO, "EAPOL-Key Key IV (reserved)",
1612 hdr->key_iv, 16);
1613 }
1614
1615 if (!is_zero(hdr->key_id, 8)) {
1616 wpa_printf(MSG_INFO, "EAPOL-Key with non-zero Key ID "
1617 "(reserved) field from " MACSTR, MAC2STR(src));
1618 wpa_hexdump(MSG_INFO, "EAPOL-Key Key ID (reserved)",
1619 hdr->key_id, 8);
1620 }
1621
1622 if (hdr->key_rsc[6] || hdr->key_rsc[7]) {
1623 wpa_printf(MSG_INFO, "EAPOL-Key with non-zero Key RSC octets "
1624 "(last two are unused)" MACSTR, MAC2STR(src));
1625 }
1626
1627 if (key_info & (WPA_KEY_INFO_ERROR | WPA_KEY_INFO_REQUEST))
1628 return;
1629
1630 if (key_info & WPA_KEY_INFO_SMK_MESSAGE)
1631 return;
1632
1633 if (key_info & WPA_KEY_INFO_KEY_TYPE) {
1634 /* 4-Way Handshake */
1635 switch (key_info & (WPA_KEY_INFO_SECURE |
1636 WPA_KEY_INFO_MIC |
1637 WPA_KEY_INFO_ACK |
1638 WPA_KEY_INFO_INSTALL)) {
1639 case WPA_KEY_INFO_ACK:
1640 rx_data_eapol_key_1_of_4(wt, dst, src, bssid,
1641 data, len);
1642 break;
1643 case WPA_KEY_INFO_MIC:
1644 if (key_data_length == 0 ||
1645 is_zero(hdr->key_nonce, WPA_NONCE_LEN))
1646 rx_data_eapol_key_4_of_4(wt, dst, src, bssid,
1647 data, len);
1648 else
1649 rx_data_eapol_key_2_of_4(wt, dst, src, bssid,
1650 data, len);
1651 break;
1652 case WPA_KEY_INFO_MIC | WPA_KEY_INFO_ACK |
1653 WPA_KEY_INFO_INSTALL:
1654 /* WPA does not include Secure bit in 3/4 */
1655 rx_data_eapol_key_3_of_4(wt, dst, src, bssid,
1656 data, len);
1657 break;
1658 case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
1659 WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL:
1660 case WPA_KEY_INFO_SECURE |
1661 WPA_KEY_INFO_ACK | WPA_KEY_INFO_INSTALL:
1662 rx_data_eapol_key_3_of_4(wt, dst, src, bssid,
1663 data, len);
1664 break;
1665 case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC:
1666 case WPA_KEY_INFO_SECURE:
1667 if (key_data_length == 0 ||
1668 is_zero(hdr->key_nonce, WPA_NONCE_LEN))
1669 rx_data_eapol_key_4_of_4(wt, dst, src, bssid,
1670 data, len);
1671 else
1672 rx_data_eapol_key_2_of_4(wt, dst, src, bssid,
1673 data, len);
1674 break;
1675 default:
1676 wpa_printf(MSG_DEBUG, "Unsupported EAPOL-Key frame");
1677 break;
1678 }
1679 } else {
1680 /* Group Key Handshake */
1681 switch (key_info & (WPA_KEY_INFO_SECURE |
1682 WPA_KEY_INFO_MIC |
1683 WPA_KEY_INFO_ACK)) {
1684 case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
1685 WPA_KEY_INFO_ACK:
1686 case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_ACK:
1687 rx_data_eapol_key_1_of_2(wt, dst, src, bssid,
1688 data, len);
1689 break;
1690 case WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC:
1691 case WPA_KEY_INFO_SECURE:
1692 rx_data_eapol_key_2_of_2(wt, dst, src, bssid,
1693 data, len);
1694 break;
1695 default:
1696 wpa_printf(MSG_DEBUG, "Unsupported EAPOL-Key frame");
1697 break;
1698 }
1699 }
1700 }
1701
1702
rx_data_eapol(struct wlantest * wt,const u8 * bssid,const u8 * sta_addr,const u8 * dst,const u8 * src,const u8 * data,size_t len,int prot)1703 void rx_data_eapol(struct wlantest *wt, const u8 *bssid, const u8 *sta_addr,
1704 const u8 *dst, const u8 *src,
1705 const u8 *data, size_t len, int prot)
1706 {
1707 const struct ieee802_1x_hdr *hdr;
1708 u16 length;
1709 const u8 *p;
1710
1711 wpa_hexdump(MSG_EXCESSIVE, "EAPOL", data, len);
1712 if (len < sizeof(*hdr)) {
1713 wpa_printf(MSG_INFO, "Too short EAPOL frame from " MACSTR,
1714 MAC2STR(src));
1715 return;
1716 }
1717
1718 hdr = (const struct ieee802_1x_hdr *) data;
1719 length = be_to_host16(hdr->length);
1720 wpa_printf(MSG_DEBUG, "RX EAPOL: " MACSTR " -> " MACSTR "%s ver=%u "
1721 "type=%u len=%u",
1722 MAC2STR(src), MAC2STR(dst), prot ? " Prot" : "",
1723 hdr->version, hdr->type, length);
1724 if (hdr->version < 1 || hdr->version > 3) {
1725 wpa_printf(MSG_INFO, "Unexpected EAPOL version %u from "
1726 MACSTR, hdr->version, MAC2STR(src));
1727 }
1728 if (sizeof(*hdr) + length > len) {
1729 wpa_printf(MSG_INFO, "Truncated EAPOL frame from " MACSTR,
1730 MAC2STR(src));
1731 return;
1732 }
1733
1734 if (sizeof(*hdr) + length < len) {
1735 wpa_printf(MSG_INFO, "EAPOL frame with %d extra bytes",
1736 (int) (len - sizeof(*hdr) - length));
1737 }
1738 p = (const u8 *) (hdr + 1);
1739
1740 switch (hdr->type) {
1741 case IEEE802_1X_TYPE_EAP_PACKET:
1742 wpa_hexdump(MSG_MSGDUMP, "EAPOL - EAP packet", p, length);
1743 break;
1744 case IEEE802_1X_TYPE_EAPOL_START:
1745 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Start", p, length);
1746 break;
1747 case IEEE802_1X_TYPE_EAPOL_LOGOFF:
1748 wpa_hexdump(MSG_MSGDUMP, "EAPOL-Logoff", p, length);
1749 break;
1750 case IEEE802_1X_TYPE_EAPOL_KEY:
1751 rx_data_eapol_key(wt, bssid, sta_addr, dst, src, data,
1752 sizeof(*hdr) + length, prot);
1753 break;
1754 case IEEE802_1X_TYPE_EAPOL_ENCAPSULATED_ASF_ALERT:
1755 wpa_hexdump(MSG_MSGDUMP, "EAPOL - Encapsulated ASF alert",
1756 p, length);
1757 break;
1758 default:
1759 wpa_hexdump(MSG_MSGDUMP, "Unknown EAPOL payload", p, length);
1760 break;
1761 }
1762 }
1763
