1 /*
2 * Wi-Fi Protected Setup - attribute processing
3 * Copyright (c) 2008, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8 #include "utils/includes.h"
9
10 #include "utils/common.h"
11 #include "crypto/sha256.h"
12 #include "wps/wps_i.h"
13
14
wps_process_authenticator(struct wps_data * wps,const u8 * authenticator,const struct wpabuf * msg)15 int wps_process_authenticator(struct wps_data *wps, const u8 *authenticator,
16 const struct wpabuf *msg)
17 {
18 u8 hash[SHA256_MAC_LEN];
19 const u8 *addr[2];
20 size_t len[2];
21
22 if (authenticator == NULL) {
23 wpa_printf(MSG_DEBUG, "WPS: No Authenticator attribute "
24 "included");
25 return -1;
26 }
27
28 if (wps->last_msg == NULL) {
29 wpa_printf(MSG_DEBUG, "WPS: Last message not available for "
30 "validating authenticator");
31 return -1;
32 }
33
34 /* Authenticator = HMAC-SHA256_AuthKey(M_prev || M_curr*)
35 * (M_curr* is M_curr without the Authenticator attribute)
36 */
37 addr[0] = wpabuf_head(wps->last_msg);
38 len[0] = wpabuf_len(wps->last_msg);
39 addr[1] = wpabuf_head(msg);
40 len[1] = wpabuf_len(msg) - 4 - WPS_AUTHENTICATOR_LEN;
41 hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 2, addr, len, hash);
42 if (os_memcmp(hash, authenticator, WPS_AUTHENTICATOR_LEN) != 0) {
43 wpa_printf(MSG_DEBUG, "WPS: Incorrect Authenticator");
44 return -1;
45 }
46
47 return 0;
48 }
49
50
wps_process_key_wrap_auth(struct wps_data * wps,struct wpabuf * msg,const u8 * key_wrap_auth)51 int wps_process_key_wrap_auth(struct wps_data *wps, struct wpabuf *msg,
52 const u8 *key_wrap_auth)
53 {
54 u8 hash[SHA256_MAC_LEN];
55 const u8 *head;
56 size_t len;
57
58 if (key_wrap_auth == NULL) {
59 wpa_printf(MSG_DEBUG, "WPS: No KWA in decrypted attribute");
60 return -1;
61 }
62
63 head = wpabuf_head(msg);
64 len = wpabuf_len(msg) - 4 - WPS_KWA_LEN;
65 if (head + len != key_wrap_auth - 4) {
66 wpa_printf(MSG_DEBUG, "WPS: KWA not in the end of the "
67 "decrypted attribute");
68 return -1;
69 }
70
71 hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, head, len, hash);
72 if (os_memcmp(hash, key_wrap_auth, WPS_KWA_LEN) != 0) {
73 wpa_printf(MSG_DEBUG, "WPS: Invalid KWA");
74 return -1;
75 }
76
77 return 0;
78 }
79
80
wps_process_cred_network_idx(struct wps_credential * cred,const u8 * idx)81 static int wps_process_cred_network_idx(struct wps_credential *cred,
82 const u8 *idx)
83 {
84 if (idx == NULL) {
85 wpa_printf(MSG_DEBUG, "WPS: Credential did not include "
86 "Network Index");
87 return -1;
88 }
89
90 wpa_printf(MSG_DEBUG, "WPS: Network Index: %d", *idx);
91
92 return 0;
93 }
94
95
wps_process_cred_ssid(struct wps_credential * cred,const u8 * ssid,size_t ssid_len)96 static int wps_process_cred_ssid(struct wps_credential *cred, const u8 *ssid,
97 size_t ssid_len)
98 {
99 if (ssid == NULL) {
100 wpa_printf(MSG_DEBUG, "WPS: Credential did not include SSID");
101 return -1;
102 }
103
104 /* Remove zero-padding since some Registrar implementations seem to use
105 * hardcoded 32-octet length for this attribute */
106 while (ssid_len > 0 && ssid[ssid_len - 1] == 0)
107 ssid_len--;
108
109 wpa_hexdump_ascii(MSG_DEBUG, "WPS: SSID", ssid, ssid_len);
110 if (ssid_len <= sizeof(cred->ssid)) {
111 os_memcpy(cred->ssid, ssid, ssid_len);
112 cred->ssid_len = ssid_len;
113 }
114
115 return 0;
116 }
117
118
wps_process_cred_auth_type(struct wps_credential * cred,const u8 * auth_type)119 static int wps_process_cred_auth_type(struct wps_credential *cred,
120 const u8 *auth_type)
121 {
122 if (auth_type == NULL) {
123 wpa_printf(MSG_DEBUG, "WPS: Credential did not include "
124 "Authentication Type");
125 return -1;
126 }
127
128 cred->auth_type = WPA_GET_BE16(auth_type);
129 wpa_printf(MSG_DEBUG, "WPS: Authentication Type: 0x%x",
130 cred->auth_type);
131
132 return 0;
133 }
134
135
wps_process_cred_encr_type(struct wps_credential * cred,const u8 * encr_type)136 static int wps_process_cred_encr_type(struct wps_credential *cred,
137 const u8 *encr_type)
138 {
139 if (encr_type == NULL) {
140 wpa_printf(MSG_DEBUG, "WPS: Credential did not include "
141 "Encryption Type");
142 return -1;
143 }
144
145 cred->encr_type = WPA_GET_BE16(encr_type);
146 wpa_printf(MSG_DEBUG, "WPS: Encryption Type: 0x%x",
147 cred->encr_type);
148
149 return 0;
150 }
151
152
wps_process_cred_network_key_idx(struct wps_credential * cred,const u8 * key_idx)153 static int wps_process_cred_network_key_idx(struct wps_credential *cred,
154 const u8 *key_idx)
155 {
156 if (key_idx == NULL)
157 return 0; /* optional attribute */
158
159 wpa_printf(MSG_DEBUG, "WPS: Network Key Index: %d", *key_idx);
160 cred->key_idx = *key_idx;
161
162 return 0;
163 }
164
165
wps_process_cred_network_key(struct wps_credential * cred,const u8 * key,size_t key_len)166 static int wps_process_cred_network_key(struct wps_credential *cred,
167 const u8 *key, size_t key_len)
168 {
169 if (key == NULL) {
170 wpa_printf(MSG_DEBUG, "WPS: Credential did not include "
171 "Network Key");
172 if (cred->auth_type == WPS_WIFI_AUTH_OPEN &&
173 cred->encr_type == WPS_ENCR_NONE) {
174 wpa_printf(MSG_DEBUG, "WPS: Workaround - Allow "
175 "missing mandatory Network Key attribute "
176 "for open network");
177 return 0;
178 }
179 return -1;
180 }
181
182 wpa_hexdump_key(MSG_DEBUG, "WPS: Network Key", key, key_len);
183 if (key_len <= sizeof(cred->key)) {
184 os_memcpy(cred->key, key, key_len);
185 cred->key_len = key_len;
186 }
187
188 return 0;
189 }
190
191
wps_process_cred_mac_addr(struct wps_credential * cred,const u8 * mac_addr)192 static int wps_process_cred_mac_addr(struct wps_credential *cred,
193 const u8 *mac_addr)
194 {
195 if (mac_addr == NULL) {
196 wpa_printf(MSG_DEBUG, "WPS: Credential did not include "
197 "MAC Address");
198 return -1;
199 }
200
201 wpa_printf(MSG_DEBUG, "WPS: MAC Address " MACSTR, MAC2STR(mac_addr));
202 os_memcpy(cred->mac_addr, mac_addr, ETH_ALEN);
203
204 return 0;
205 }
206
207
wps_process_cred_eap_type(struct wps_credential * cred,const u8 * eap_type,size_t eap_type_len)208 static int wps_process_cred_eap_type(struct wps_credential *cred,
209 const u8 *eap_type, size_t eap_type_len)
210 {
211 if (eap_type == NULL)
212 return 0; /* optional attribute */
213
214 wpa_hexdump(MSG_DEBUG, "WPS: EAP Type", eap_type, eap_type_len);
215
216 return 0;
217 }
218
219
wps_process_cred_eap_identity(struct wps_credential * cred,const u8 * identity,size_t identity_len)220 static int wps_process_cred_eap_identity(struct wps_credential *cred,
221 const u8 *identity,
222 size_t identity_len)
223 {
224 if (identity == NULL)
225 return 0; /* optional attribute */
226
227 wpa_hexdump_ascii(MSG_DEBUG, "WPS: EAP Identity",
228 identity, identity_len);
229
230 return 0;
231 }
232
233
wps_process_cred_key_prov_auto(struct wps_credential * cred,const u8 * key_prov_auto)234 static int wps_process_cred_key_prov_auto(struct wps_credential *cred,
235 const u8 *key_prov_auto)
236 {
237 if (key_prov_auto == NULL)
238 return 0; /* optional attribute */
239
240 wpa_printf(MSG_DEBUG, "WPS: Key Provided Automatically: %d",
241 *key_prov_auto);
242
243 return 0;
244 }
245
246
wps_process_cred_802_1x_enabled(struct wps_credential * cred,const u8 * dot1x_enabled)247 static int wps_process_cred_802_1x_enabled(struct wps_credential *cred,
248 const u8 *dot1x_enabled)
249 {
250 if (dot1x_enabled == NULL)
251 return 0; /* optional attribute */
252
253 wpa_printf(MSG_DEBUG, "WPS: 802.1X Enabled: %d", *dot1x_enabled);
254
255 return 0;
256 }
257
258
wps_process_cred_ap_channel(struct wps_credential * cred,const u8 * ap_channel)259 static int wps_process_cred_ap_channel(struct wps_credential *cred,
260 const u8 *ap_channel)
261 {
262 if (ap_channel == NULL)
263 return 0; /* optional attribute */
264
265 cred->ap_channel = WPA_GET_BE16(ap_channel);
266 wpa_printf(MSG_DEBUG, "WPS: AP Channel: %u", cred->ap_channel);
267
268 return 0;
269 }
270
271
wps_workaround_cred_key(struct wps_credential * cred)272 static int wps_workaround_cred_key(struct wps_credential *cred)
273 {
274 if (cred->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK) &&
275 cred->key_len > 8 && cred->key_len < 64 &&
276 cred->key[cred->key_len - 1] == 0) {
277 #ifdef CONFIG_WPS_STRICT
278 wpa_printf(MSG_INFO, "WPS: WPA/WPA2-Personal passphrase uses "
279 "forbidden NULL termination");
280 wpa_hexdump_ascii_key(MSG_INFO, "WPS: Network Key",
281 cred->key, cred->key_len);
282 return -1;
283 #else /* CONFIG_WPS_STRICT */
284 /*
285 * A deployed external registrar is known to encode ASCII
286 * passphrases incorrectly. Remove the extra NULL termination
287 * to fix the encoding.
288 */
289 wpa_printf(MSG_DEBUG, "WPS: Workaround - remove NULL "
290 "termination from ASCII passphrase");
291 cred->key_len--;
292 #endif /* CONFIG_WPS_STRICT */
293 }
294 return 0;
295 }
296
297
wps_process_cred(struct wps_parse_attr * attr,struct wps_credential * cred)298 int wps_process_cred(struct wps_parse_attr *attr,
299 struct wps_credential *cred)
300 {
301 wpa_printf(MSG_DEBUG, "WPS: Process Credential");
302
303 /* TODO: support multiple Network Keys */
304 if (wps_process_cred_network_idx(cred, attr->network_idx) ||
305 wps_process_cred_ssid(cred, attr->ssid, attr->ssid_len) ||
306 wps_process_cred_auth_type(cred, attr->auth_type) ||
307 wps_process_cred_encr_type(cred, attr->encr_type) ||
308 wps_process_cred_network_key_idx(cred, attr->network_key_idx) ||
309 wps_process_cred_network_key(cred, attr->network_key,
310 attr->network_key_len) ||
311 wps_process_cred_mac_addr(cred, attr->mac_addr) ||
312 wps_process_cred_eap_type(cred, attr->eap_type,
313 attr->eap_type_len) ||
314 wps_process_cred_eap_identity(cred, attr->eap_identity,
315 attr->eap_identity_len) ||
316 wps_process_cred_key_prov_auto(cred, attr->key_prov_auto) ||
317 wps_process_cred_802_1x_enabled(cred, attr->dot1x_enabled) ||
318 wps_process_cred_ap_channel(cred, attr->ap_channel))
319 return -1;
320
321 return wps_workaround_cred_key(cred);
322 }
323
324
wps_process_ap_settings(struct wps_parse_attr * attr,struct wps_credential * cred)325 int wps_process_ap_settings(struct wps_parse_attr *attr,
326 struct wps_credential *cred)
327 {
328 wpa_printf(MSG_DEBUG, "WPS: Processing AP Settings");
329 os_memset(cred, 0, sizeof(*cred));
330 /* TODO: optional attributes New Password and Device Password ID */
331 if (wps_process_cred_ssid(cred, attr->ssid, attr->ssid_len) ||
332 wps_process_cred_auth_type(cred, attr->auth_type) ||
333 wps_process_cred_encr_type(cred, attr->encr_type) ||
334 wps_process_cred_network_key_idx(cred, attr->network_key_idx) ||
335 wps_process_cred_network_key(cred, attr->network_key,
336 attr->network_key_len) ||
337 wps_process_cred_mac_addr(cred, attr->mac_addr))
338 return -1;
339
340 return wps_workaround_cred_key(cred);
341 }
342
