![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to wpa.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [Qemu by Fabrice Bellard] / qemu / roms / ipxe / src / net / 80211|
Return to wpa.c CVS log | Up to [Qemu by Fabrice Bellard] / qemu / roms / ipxe / src / net / 80211 |
1.1 root 1: /*
2: * Copyright (c) 2009 Joshua Oreman <[email protected]>.
3: *
4: * This program is free software; you can redistribute it and/or
5: * modify it under the terms of the GNU General Public License as
6: * published by the Free Software Foundation; either version 2 of the
7: * License, or any later version.
8: *
9: * This program is distributed in the hope that it will be useful, but
10: * WITHOUT ANY WARRANTY; without even the implied warranty of
11: * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12: * General Public License for more details.
13: *
14: * You should have received a copy of the GNU General Public License
15: * along with this program; if not, write to the Free Software
16: * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
17: */
18:
19: FILE_LICENCE ( GPL2_OR_LATER );
20:
21: #include <ipxe/net80211.h>
22: #include <ipxe/sec80211.h>
23: #include <ipxe/wpa.h>
24: #include <ipxe/eapol.h>
25: #include <ipxe/crypto.h>
26: #include <ipxe/arc4.h>
27: #include <ipxe/crc32.h>
28: #include <ipxe/sha1.h>
29: #include <ipxe/hmac.h>
30: #include <ipxe/list.h>
31: #include <ipxe/ethernet.h>
32: #include <stdlib.h>
33: #include <string.h>
34: #include <errno.h>
35:
36: /** @file
37: *
38: * Handler for the aspects of WPA handshaking that are independent of
39: * 802.1X/PSK or TKIP/CCMP; this mostly involves the 4-Way Handshake.
40: */
41:
42: /** List of WPA contexts in active use. */
43: struct list_head wpa_contexts = LIST_HEAD_INIT ( wpa_contexts );
44:
45:
46: /**
47: * Return an error code and deauthenticate
48: *
49: * @v ctx WPA common context
50: * @v rc Return status code
51: * @ret rc The passed return status code
52: */
53: static int wpa_fail ( struct wpa_common_ctx *ctx, int rc )
54: {
55: net80211_deauthenticate ( ctx->dev, rc );
56: return rc;
57: }
58:
59:
60: /**
61: * Find a cryptosystem handler structure from a crypto ID
62: *
63: * @v crypt Cryptosystem ID
64: * @ret crypto Cryptosystem handler structure
65: *
66: * If support for @a crypt is not compiled in to iPXE, or if @a crypt
67: * is NET80211_CRYPT_UNKNOWN, returns @c NULL.
68: */
69: static struct net80211_crypto *
70: wpa_find_cryptosystem ( enum net80211_crypto_alg crypt )
71: {
72: struct net80211_crypto *crypto;
73:
74: for_each_table_entry ( crypto, NET80211_CRYPTOS ) {
75: if ( crypto->algorithm == crypt )
76: return crypto;
77: }
78:
79: return NULL;
80: }
81:
82:
83: /**
84: * Find WPA key integrity and encryption handler from key version field
85: *
86: * @v ver Version bits of EAPOL-Key info field
87: * @ret kie Key integrity and encryption handler
88: */
89: struct wpa_kie * wpa_find_kie ( int version )
90: {
91: struct wpa_kie *kie;
92:
93: for_each_table_entry ( kie, WPA_KIES ) {
94: if ( kie->version == version )
95: return kie;
96: }
97:
98: return NULL;
99: }
100:
101:
102: /**
103: * Construct RSN or WPA information element
104: *
105: * @v dev 802.11 device
106: * @ret ie_ret RSN or WPA information element
107: * @ret rc Return status code
108: *
109: * This function allocates, fills, and returns a RSN or WPA
110: * information element suitable for including in an association
111: * request frame to the network identified by @c dev->associating.
112: * If it is impossible to construct an information element consistent
113: * with iPXE's capabilities that is compatible with that network, or
114: * if none should be sent because that network's beacon included no
115: * security information, returns an error indication and leaves
116: * @a ie_ret unchanged.
117: *
118: * The returned IE will be of the same type (RSN or WPA) as was
119: * included in the beacon for the network it is destined for.
120: */
121: int wpa_make_rsn_ie ( struct net80211_device *dev, union ieee80211_ie **ie_ret )
122: {
123: u8 *rsn, *rsn_end;
124: int is_rsn;
125: u32 group_cipher;
126: enum net80211_crypto_alg gcrypt;
127: int ie_len;
128: u8 *iep;
129: struct ieee80211_ie_rsn *ie;
130: struct ieee80211_frame *hdr;
131: struct ieee80211_beacon *beacon;
132:
133: if ( ! dev->associating ) {
134: DBG ( "WPA: Can't make RSN IE for a non-associating device\n" );
135: return -EINVAL;
136: }
137:
138: hdr = dev->associating->beacon->data;
139: beacon = ( struct ieee80211_beacon * ) hdr->data;
140: rsn = sec80211_find_rsn ( beacon->info_element,
141: dev->associating->beacon->tail, &is_rsn,
142: &rsn_end );
143: if ( ! rsn ) {
144: DBG ( "WPA: Can't make RSN IE when we didn't get one\n" );
145: return -EINVAL;
146: }
147:
148: rsn += 2; /* skip version */
149: group_cipher = *( u32 * ) rsn;
150: gcrypt = sec80211_rsn_get_net80211_crypt ( group_cipher );
151:
152: if ( ! wpa_find_cryptosystem ( gcrypt ) ||
153: ! wpa_find_cryptosystem ( dev->associating->crypto ) ) {
154: DBG ( "WPA: No support for (GC:%d, PC:%d)\n",
155: gcrypt, dev->associating->crypto );
156: return -ENOTSUP;
157: }
158:
159: /* Everything looks good - make our IE. */
160:
161: /* WPA IEs need 4 more bytes for the OUI+type */
162: ie_len = ieee80211_rsn_size ( 1, 1, 0, is_rsn ) + ( 4 * ! is_rsn );
163: iep = malloc ( ie_len );
164: if ( ! iep )
165: return -ENOMEM;
166:
167: *ie_ret = ( union ieee80211_ie * ) iep;
168:
169: /* Store ID and length bytes. */
170: *iep++ = ( is_rsn ? IEEE80211_IE_RSN : IEEE80211_IE_VENDOR );
171: *iep++ = ie_len - 2;
172:
173: /* Store OUI+type for WPA IEs. */
174: if ( ! is_rsn ) {
175: *( u32 * ) iep = IEEE80211_WPA_OUI_VEN;
176: iep += 4;
177: }
178:
179: /* If this is a WPA IE, the id and len bytes in the
180: ieee80211_ie_rsn structure will not be valid, but by doing
181: the cast we can fill all the other fields much more
182: readily. */
183:
184: ie = ( struct ieee80211_ie_rsn * ) ( iep - 2 );
185: ie->version = IEEE80211_RSN_VERSION;
186: ie->group_cipher = group_cipher;
187: ie->pairwise_count = 1;
188: ie->pairwise_cipher[0] =
189: sec80211_rsn_get_crypto_desc ( dev->associating->crypto,
190: is_rsn );
191: ie->akm_count = 1;
192: ie->akm_list[0] =
193: sec80211_rsn_get_akm_desc ( dev->associating->handshaking,
194: is_rsn );
195: if ( is_rsn ) {
196: ie->rsn_capab = 0;
197: ie->pmkid_count = 0;
198: }
199:
200: return 0;
201: }
202:
203:
204: /**
205: * Set up generic WPA support to handle 4-Way Handshake
206: *
207: * @v dev 802.11 device
208: * @v ctx WPA common context
209: * @v pmk Pairwise Master Key to use for session
210: * @v pmk_len Length of PMK, almost always 32
211: * @ret rc Return status code
212: */
213: int wpa_start ( struct net80211_device *dev, struct wpa_common_ctx *ctx,
214: const void *pmk, size_t pmk_len )
215: {
216: struct io_buffer *iob;
217: struct ieee80211_frame *hdr;
218: struct ieee80211_beacon *beacon;
219: u8 *ap_rsn_ie = NULL, *ap_rsn_ie_end;
220:
221: if ( ! dev->rsn_ie || ! dev->associating )
222: return -EINVAL;
223:
224: ctx->dev = dev;
225: memcpy ( ctx->pmk, pmk, ctx->pmk_len = pmk_len );
226: ctx->state = WPA_READY;
227: ctx->replay = ~0ULL;
228:
229: iob = dev->associating->beacon;
230: hdr = iob->data;
231: beacon = ( struct ieee80211_beacon * ) hdr->data;
232: ap_rsn_ie = sec80211_find_rsn ( beacon->info_element, iob->tail,
233: &ctx->ap_rsn_is_rsn, &ap_rsn_ie_end );
234: if ( ap_rsn_ie ) {
235: ctx->ap_rsn_ie = malloc ( ap_rsn_ie_end - ap_rsn_ie );
236: if ( ! ctx->ap_rsn_ie )
237: return -ENOMEM;
238: memcpy ( ctx->ap_rsn_ie, ap_rsn_ie, ap_rsn_ie_end - ap_rsn_ie );
239: ctx->ap_rsn_ie_len = ap_rsn_ie_end - ap_rsn_ie;
240: } else {
241: return -ENOENT;
242: }
243:
244: ctx->crypt = dev->associating->crypto;
245: ctx->gcrypt = NET80211_CRYPT_UNKNOWN;
246:
247: list_add_tail ( &ctx->list, &wpa_contexts );
248: return 0;
249: }
250:
251:
252: /**
253: * Disable handling of received WPA handshake frames
254: *
255: * @v dev 802.11 device
256: */
257: void wpa_stop ( struct net80211_device *dev )
258: {
259: struct wpa_common_ctx *ctx, *tmp;
260:
261: list_for_each_entry_safe ( ctx, tmp, &wpa_contexts, list ) {
262: if ( ctx->dev == dev ) {
263: free ( ctx->ap_rsn_ie );
264: ctx->ap_rsn_ie = NULL;
265: list_del ( &ctx->list );
266: }
267: }
268: }
269:
270:
271: /**
272: * Derive pairwise transient key
273: *
274: * @v ctx WPA common context
275: */
276: static void wpa_derive_ptk ( struct wpa_common_ctx *ctx )
277: {
278: struct {
279: u8 mac1[ETH_ALEN];
280: u8 mac2[ETH_ALEN];
281: u8 nonce1[WPA_NONCE_LEN];
282: u8 nonce2[WPA_NONCE_LEN];
283: } __attribute__ (( packed )) ptk_data;
284:
285: /* The addresses and nonces are stored in numerical order (!) */
286:
287: if ( memcmp ( ctx->dev->netdev->ll_addr, ctx->dev->bssid,
288: ETH_ALEN ) < 0 ) {
289: memcpy ( ptk_data.mac1, ctx->dev->netdev->ll_addr, ETH_ALEN );
290: memcpy ( ptk_data.mac2, ctx->dev->bssid, ETH_ALEN );
291: } else {
292: memcpy ( ptk_data.mac1, ctx->dev->bssid, ETH_ALEN );
293: memcpy ( ptk_data.mac2, ctx->dev->netdev->ll_addr, ETH_ALEN );
294: }
295:
296: if ( memcmp ( ctx->Anonce, ctx->Snonce, WPA_NONCE_LEN ) < 0 ) {
297: memcpy ( ptk_data.nonce1, ctx->Anonce, WPA_NONCE_LEN );
298: memcpy ( ptk_data.nonce2, ctx->Snonce, WPA_NONCE_LEN );
299: } else {
300: memcpy ( ptk_data.nonce1, ctx->Snonce, WPA_NONCE_LEN );
301: memcpy ( ptk_data.nonce2, ctx->Anonce, WPA_NONCE_LEN );
302: }
303:
304: DBGC2 ( ctx, "WPA %p A1 %s, A2 %s\n", ctx, eth_ntoa ( ptk_data.mac1 ),
305: eth_ntoa ( ptk_data.mac2 ) );
306: DBGC2 ( ctx, "WPA %p Nonce1, Nonce2:\n", ctx );
307: DBGC2_HD ( ctx, ptk_data.nonce1, WPA_NONCE_LEN );
308: DBGC2_HD ( ctx, ptk_data.nonce2, WPA_NONCE_LEN );
309:
310: prf_sha1 ( ctx->pmk, ctx->pmk_len,
311: "Pairwise key expansion",
312: &ptk_data, sizeof ( ptk_data ),
313: &ctx->ptk, sizeof ( ctx->ptk ) );
314:
315: DBGC2 ( ctx, "WPA %p PTK:\n", ctx );
316: DBGC2_HD ( ctx, &ctx->ptk, sizeof ( ctx->ptk ) );
317: }
318:
319:
320: /**
321: * Install pairwise transient key
322: *
323: * @v ctx WPA common context
324: * @v len Key length (16 for CCMP, 32 for TKIP)
325: * @ret rc Return status code
326: */
327: static inline int wpa_install_ptk ( struct wpa_common_ctx *ctx, int len )
328: {
329: DBGC ( ctx, "WPA %p: installing %d-byte pairwise transient key\n",
330: ctx, len );
331: DBGC2_HD ( ctx, &ctx->ptk.tk, len );
332:
333: return sec80211_install ( &ctx->dev->crypto, ctx->crypt,
334: &ctx->ptk.tk, len, NULL );
335: }
336:
337: /**
338: * Install group transient key
339: *
340: * @v ctx WPA common context
341: * @v len Key length (16 for CCMP, 32 for TKIP)
342: * @v rsc Receive sequence counter field in EAPOL-Key packet
343: * @ret rc Return status code
344: */
345: static inline int wpa_install_gtk ( struct wpa_common_ctx *ctx, int len,
346: const void *rsc )
347: {
348: DBGC ( ctx, "WPA %p: installing %d-byte group transient key\n",
349: ctx, len );
350: DBGC2_HD ( ctx, &ctx->gtk.tk, len );
351:
352: return sec80211_install ( &ctx->dev->gcrypto, ctx->gcrypt,
353: &ctx->gtk.tk, len, rsc );
354: }
355:
356: /**
357: * Search for group transient key, and install it if found
358: *
359: * @v ctx WPA common context
360: * @v ie Pointer to first IE in key data field
361: * @v ie_end Pointer to first byte not in key data field
362: * @v rsc Receive sequence counter field in EAPOL-Key packet
363: * @ret rc Return status code
364: */
365: static int wpa_maybe_install_gtk ( struct wpa_common_ctx *ctx,
366: union ieee80211_ie *ie, void *ie_end,
367: const void *rsc )
368: {
369: struct wpa_kde *kde;
370:
371: if ( ! ieee80211_ie_bound ( ie, ie_end ) )
372: return -ENOENT;
373:
374: while ( ie ) {
375: if ( ie->id == IEEE80211_IE_VENDOR &&
376: ie->vendor.oui == WPA_KDE_GTK )
377: break;
378:
379: ie = ieee80211_next_ie ( ie, ie_end );
380: }
381:
382: if ( ! ie )
383: return -ENOENT;
384:
385: if ( ie->len - 6u > sizeof ( ctx->gtk.tk ) ) {
386: DBGC ( ctx, "WPA %p: GTK KDE is too long (%d bytes, max %zd)\n",
387: ctx, ie->len - 4, sizeof ( ctx->gtk.tk ) );
388: return -EINVAL;
389: }
390:
391: /* XXX We ignore key ID for now. */
392: kde = ( struct wpa_kde * ) ie;
393: memcpy ( &ctx->gtk.tk, &kde->gtk_encap.gtk, kde->len - 6 );
394:
395: return wpa_install_gtk ( ctx, kde->len - 6, rsc );
396: }
397:
398:
399: /**
400: * Allocate I/O buffer for construction of outgoing EAPOL-Key frame
401: *
402: * @v kdlen Maximum number of bytes in the Key Data field
403: * @ret iob Newly allocated I/O buffer
404: *
405: * The returned buffer will have space reserved for the link-layer and
406: * EAPOL headers, and will have @c iob->tail pointing to the start of
407: * the Key Data field. Thus, it is necessary to use iob_put() in
408: * filling the Key Data.
409: */
410: static struct io_buffer * wpa_alloc_frame ( int kdlen )
411: {
412: struct io_buffer *ret = alloc_iob ( sizeof ( struct eapol_key_pkt ) +
413: kdlen + EAPOL_HDR_LEN +
414: MAX_LL_HEADER_LEN );
415: if ( ! ret )
416: return NULL;
417:
418: iob_reserve ( ret, MAX_LL_HEADER_LEN + EAPOL_HDR_LEN );
419: memset ( iob_put ( ret, sizeof ( struct eapol_key_pkt ) ), 0,
420: sizeof ( struct eapol_key_pkt ) );
421:
422: return ret;
423: }
424:
425:
426: /**
427: * Send EAPOL-Key packet
428: *
429: * @v iob I/O buffer, with sufficient headroom for headers
430: * @v dev 802.11 device
431: * @v kie Key integrity and encryption handler
432: * @v is_rsn If TRUE, handshake uses new RSN format
433: * @ret rc Return status code
434: *
435: * If a KIE is specified, the MIC will be filled in before transmission.
436: */
437: static int wpa_send_eapol ( struct io_buffer *iob, struct wpa_common_ctx *ctx,
438: struct wpa_kie *kie )
439: {
440: struct eapol_key_pkt *pkt = iob->data;
441: struct eapol_frame *eapol = iob_push ( iob, EAPOL_HDR_LEN );
442:
443: pkt->info = htons ( pkt->info );
444: pkt->keysize = htons ( pkt->keysize );
445: pkt->datalen = htons ( pkt->datalen );
446: pkt->replay = cpu_to_be64 ( pkt->replay );
447: eapol->version = EAPOL_THIS_VERSION;
448: eapol->type = EAPOL_TYPE_KEY;
449: eapol->length = htons ( iob->tail - iob->data - sizeof ( *eapol ) );
450:
451: memset ( pkt->mic, 0, sizeof ( pkt->mic ) );
452: if ( kie )
453: kie->mic ( &ctx->ptk.kck, eapol, EAPOL_HDR_LEN +
454: sizeof ( *pkt ) + ntohs ( pkt->datalen ),
455: pkt->mic );
456:
457: return net_tx ( iob, ctx->dev->netdev, &eapol_protocol,
458: ctx->dev->bssid, ctx->dev->netdev->ll_addr );
459: }
460:
461:
462: /**
463: * Send second frame in 4-Way Handshake
464: *
465: * @v ctx WPA common context
466: * @v pkt First frame, to which this is a reply
467: * @v is_rsn If TRUE, handshake uses new RSN format
468: * @v kie Key integrity and encryption handler
469: * @ret rc Return status code
470: */
471: static int wpa_send_2_of_4 ( struct wpa_common_ctx *ctx,
472: struct eapol_key_pkt *pkt, int is_rsn,
473: struct wpa_kie *kie )
474: {
475: struct io_buffer *iob = wpa_alloc_frame ( ctx->dev->rsn_ie->len + 2 );
476: struct eapol_key_pkt *npkt;
477:
478: if ( ! iob )
479: return -ENOMEM;
480:
481: npkt = iob->data;
482: memcpy ( npkt, pkt, sizeof ( *pkt ) );
483: npkt->info &= ~EAPOL_KEY_INFO_KEY_ACK;
484: npkt->info |= EAPOL_KEY_INFO_KEY_MIC;
485: if ( is_rsn )
486: npkt->keysize = 0;
487: memcpy ( npkt->nonce, ctx->Snonce, sizeof ( npkt->nonce ) );
488: npkt->datalen = ctx->dev->rsn_ie->len + 2;
489: memcpy ( iob_put ( iob, npkt->datalen ), ctx->dev->rsn_ie,
490: npkt->datalen );
491:
492: DBGC ( ctx, "WPA %p: sending 2/4\n", ctx );
493:
494: return wpa_send_eapol ( iob, ctx, kie );
495: }
496:
497:
498: /**
499: * Handle receipt of first frame in 4-Way Handshake
500: *
501: * @v ctx WPA common context
502: * @v pkt EAPOL-Key packet
503: * @v is_rsn If TRUE, frame uses new RSN format
504: * @v kie Key integrity and encryption handler
505: * @ret rc Return status code
506: */
507: static int wpa_handle_1_of_4 ( struct wpa_common_ctx *ctx,
508: struct eapol_key_pkt *pkt, int is_rsn,
509: struct wpa_kie *kie )
510: {
511: if ( ctx->state == WPA_WAITING )
512: return -EINVAL;
513:
514: ctx->state = WPA_WORKING;
515: memcpy ( ctx->Anonce, pkt->nonce, sizeof ( ctx->Anonce ) );
516: if ( ! ctx->have_Snonce ) {
517: get_random_bytes ( ctx->Snonce, sizeof ( ctx->Snonce ) );
518: ctx->have_Snonce = 1;
519: }
520:
521: DBGC ( ctx, "WPA %p: received 1/4, looks OK\n", ctx );
522:
523: wpa_derive_ptk ( ctx );
524:
525: return wpa_send_2_of_4 ( ctx, pkt, is_rsn, kie );
526: }
527:
528:
529: /**
530: * Send fourth frame in 4-Way Handshake, or second in Group Key Handshake
531: *
532: * @v ctx WPA common context
533: * @v pkt EAPOL-Key packet for frame to which we're replying
534: * @v is_rsn If TRUE, frame uses new RSN format
535: * @v kie Key integrity and encryption handler
536: * @ret rc Return status code
537: */
538: static int wpa_send_final ( struct wpa_common_ctx *ctx,
539: struct eapol_key_pkt *pkt, int is_rsn,
540: struct wpa_kie *kie )
541: {
542: struct io_buffer *iob = wpa_alloc_frame ( 0 );
543: struct eapol_key_pkt *npkt;
544:
545: if ( ! iob )
546: return -ENOMEM;
547:
548: npkt = iob->data;
549: memcpy ( npkt, pkt, sizeof ( *pkt ) );
550: npkt->info &= ~( EAPOL_KEY_INFO_KEY_ACK | EAPOL_KEY_INFO_INSTALL |
551: EAPOL_KEY_INFO_KEY_ENC );
552: if ( is_rsn )
553: npkt->keysize = 0;
554: memset ( npkt->nonce, 0, sizeof ( npkt->nonce ) );
555: memset ( npkt->iv, 0, sizeof ( npkt->iv ) );
556: npkt->datalen = 0;
557:
558: if ( npkt->info & EAPOL_KEY_INFO_TYPE )
559: DBGC ( ctx, "WPA %p: sending 4/4\n", ctx );
560: else
561: DBGC ( ctx, "WPA %p: sending 2/2\n", ctx );
562:
563: return wpa_send_eapol ( iob, ctx, kie );
564:
565: }
566:
567:
568: /**
569: * Handle receipt of third frame in 4-Way Handshake
570: *
571: * @v ctx WPA common context
572: * @v pkt EAPOL-Key packet
573: * @v is_rsn If TRUE, frame uses new RSN format
574: * @v kie Key integrity and encryption handler
575: * @ret rc Return status code
576: */
577: static int wpa_handle_3_of_4 ( struct wpa_common_ctx *ctx,
578: struct eapol_key_pkt *pkt, int is_rsn,
579: struct wpa_kie *kie )
580: {
581: int rc;
582: u8 *this_rsn, *this_rsn_end;
583: u8 *new_rsn, *new_rsn_end;
584: int this_is_rsn, new_is_rsn;
585:
586: if ( ctx->state == WPA_WAITING )
587: return -EINVAL;
588:
589: ctx->state = WPA_WORKING;
590:
591: /* Check nonce */
592: if ( memcmp ( ctx->Anonce, pkt->nonce, WPA_NONCE_LEN ) != 0 ) {
593: DBGC ( ctx, "WPA %p ALERT: nonce mismatch in 3/4\n", ctx );
594: return wpa_fail ( ctx, -EACCES );
595: }
596:
597: /* Check RSN IE */
598: this_rsn = sec80211_find_rsn ( ( union ieee80211_ie * ) pkt->data,
599: pkt->data + pkt->datalen,
600: &this_is_rsn, &this_rsn_end );
601: if ( this_rsn )
602: new_rsn = sec80211_find_rsn ( ( union ieee80211_ie * )
603: this_rsn_end,
604: pkt->data + pkt->datalen,
605: &new_is_rsn, &new_rsn_end );
606: else
607: new_rsn = NULL;
608:
609: if ( ! ctx->ap_rsn_ie || ! this_rsn ||
610: ctx->ap_rsn_ie_len != ( this_rsn_end - this_rsn ) ||
611: ctx->ap_rsn_is_rsn != this_is_rsn ||
612: memcmp ( ctx->ap_rsn_ie, this_rsn, ctx->ap_rsn_ie_len ) != 0 ) {
613: DBGC ( ctx, "WPA %p ALERT: RSN mismatch in 3/4\n", ctx );
614: DBGC2 ( ctx, "WPA %p RSNs (in 3/4, in beacon):\n", ctx );
615: DBGC2_HD ( ctx, this_rsn, this_rsn_end - this_rsn );
616: DBGC2_HD ( ctx, ctx->ap_rsn_ie, ctx->ap_rsn_ie_len );
617: return wpa_fail ( ctx, -EACCES );
618: }
619:
620: /* Don't switch if they just supplied both styles of IE
621: simultaneously; we need two RSN IEs or two WPA IEs to
622: switch ciphers. They'll be immediately consecutive because
623: of ordering guarantees. */
624: if ( new_rsn && this_is_rsn == new_is_rsn ) {
625: struct net80211_wlan *assoc = ctx->dev->associating;
626: DBGC ( ctx, "WPA %p: accommodating bait-and-switch tactics\n",
627: ctx );
628: DBGC2 ( ctx, "WPA %p RSNs (in 3/4+beacon, new in 3/4):\n",
629: ctx );
630: DBGC2_HD ( ctx, this_rsn, this_rsn_end - this_rsn );
631: DBGC2_HD ( ctx, new_rsn, new_rsn_end - new_rsn );
632:
633: if ( ( rc = sec80211_detect_ie ( new_is_rsn, new_rsn,
634: new_rsn_end,
635: &assoc->handshaking,
636: &assoc->crypto ) ) != 0 )
637: DBGC ( ctx, "WPA %p: bait-and-switch invalid, staying "
638: "with original request\n", ctx );
639: } else {
640: new_rsn = this_rsn;
641: new_is_rsn = this_is_rsn;
642: new_rsn_end = this_rsn_end;
643: }
644:
645: /* Grab group cryptosystem ID */
646: ctx->gcrypt = sec80211_rsn_get_net80211_crypt ( *( u32 * )
647: ( new_rsn + 2 ) );
648:
649: /* Check for a GTK, if info field is encrypted */
650: if ( pkt->info & EAPOL_KEY_INFO_KEY_ENC ) {
651: rc = wpa_maybe_install_gtk ( ctx,
652: ( union ieee80211_ie * ) pkt->data,
653: pkt->data + pkt->datalen,
654: pkt->rsc );
655: if ( rc < 0 ) {
656: DBGC ( ctx, "WPA %p did not install GTK in 3/4: %s\n",
657: ctx, strerror ( rc ) );
658: if ( rc != -ENOENT )
659: return wpa_fail ( ctx, rc );
660: }
661: }
662:
663: DBGC ( ctx, "WPA %p: received 3/4, looks OK\n", ctx );
664:
665: /* Send final message */
666: rc = wpa_send_final ( ctx, pkt, is_rsn, kie );
667: if ( rc < 0 )
668: return wpa_fail ( ctx, rc );
669:
670: /* Install PTK */
671: rc = wpa_install_ptk ( ctx, pkt->keysize );
672: if ( rc < 0 ) {
673: DBGC ( ctx, "WPA %p failed to install PTK: %s\n", ctx,
674: strerror ( rc ) );
675: return wpa_fail ( ctx, rc );
676: }
677:
678: /* Mark us as needing a new Snonce if we rekey */
679: ctx->have_Snonce = 0;
680:
681: /* Done! */
682: ctx->state = WPA_SUCCESS;
683: return 0;
684: }
685:
686:
687: /**
688: * Handle receipt of first frame in Group Key Handshake
689: *
690: * @v ctx WPA common context
691: * @v pkt EAPOL-Key packet
692: * @v is_rsn If TRUE, frame uses new RSN format
693: * @v kie Key integrity and encryption handler
694: * @ret rc Return status code
695: */
696: static int wpa_handle_1_of_2 ( struct wpa_common_ctx *ctx,
697: struct eapol_key_pkt *pkt, int is_rsn,
698: struct wpa_kie *kie )
699: {
700: int rc;
701:
702: /*
703: * WPA and RSN do this completely differently.
704: *
705: * The idea of encoding the GTK (or PMKID, or various other
706: * things) into a KDE that looks like an information element
707: * is an RSN innovation; old WPA code never encapsulates
708: * things like that. If it looks like an info element, it
709: * really is (for the WPA IE check in frames 2/4 and 3/4). The
710: * "key data encrypted" bit in the info field is also specific
711: * to RSN.
712: *
713: * So from an old WPA host, 3/4 does not contain an
714: * encapsulated GTK. The first frame of the GK handshake
715: * contains it, encrypted, but without a KDE wrapper, and with
716: * the key ID field (which iPXE doesn't use) shoved away in
717: * the reserved bits in the info field, and the TxRx bit
718: * stealing the Install bit's spot.
719: */
720:
721: if ( is_rsn && ( pkt->info & EAPOL_KEY_INFO_KEY_ENC ) ) {
722: rc = wpa_maybe_install_gtk ( ctx,
723: ( union ieee80211_ie * ) pkt->data,
724: pkt->data + pkt->datalen,
725: pkt->rsc );
726: if ( rc < 0 ) {
727: DBGC ( ctx, "WPA %p: failed to install GTK in 1/2: "
728: "%s\n", ctx, strerror ( rc ) );
729: return wpa_fail ( ctx, rc );
730: }
731: } else {
732: rc = kie->decrypt ( &ctx->ptk.kek, pkt->iv, pkt->data,
733: &pkt->datalen );
734: if ( rc < 0 ) {
735: DBGC ( ctx, "WPA %p: failed to decrypt GTK: %s\n",
736: ctx, strerror ( rc ) );
737: return rc; /* non-fatal */
738: }
739: if ( pkt->datalen > sizeof ( ctx->gtk.tk ) ) {
740: DBGC ( ctx, "WPA %p: too much GTK data (%d > %zd)\n",
741: ctx, pkt->datalen, sizeof ( ctx->gtk.tk ) );
742: return wpa_fail ( ctx, -EINVAL );
743: }
744:
745: memcpy ( &ctx->gtk.tk, pkt->data, pkt->datalen );
746: wpa_install_gtk ( ctx, pkt->datalen, pkt->rsc );
747: }
748:
749: DBGC ( ctx, "WPA %p: received 1/2, looks OK\n", ctx );
750:
751: return wpa_send_final ( ctx, pkt, is_rsn, kie );
752: }
753:
754:
755: /**
756: * Handle receipt of EAPOL-Key frame for WPA
757: *
758: * @v iob I/O buffer
759: * @v netdev Network device
760: * @v ll_dest Link-layer destination address
761: * @v ll_source Source link-layer address
762: */
763: static int eapol_key_rx ( struct io_buffer *iob, struct net_device *netdev,
764: const void *ll_dest __unused,
765: const void *ll_source )
766: {
767: struct net80211_device *dev = net80211_get ( netdev );
768: struct eapol_key_pkt *pkt = iob->data;
769: int is_rsn, found_ctx;
770: struct wpa_common_ctx *ctx;
771: int rc = 0;
772: struct wpa_kie *kie;
773: u8 their_mic[16], our_mic[16];
774:
775: if ( pkt->type != EAPOL_KEY_TYPE_WPA &&
776: pkt->type != EAPOL_KEY_TYPE_RSN ) {
777: DBG ( "EAPOL-Key: packet not of 802.11 type\n" );
778: rc = -EINVAL;
779: goto drop;
780: }
781:
782: is_rsn = ( pkt->type == EAPOL_KEY_TYPE_RSN );
783:
784: if ( ! dev ) {
785: DBG ( "EAPOL-Key: packet not from 802.11\n" );
786: rc = -EINVAL;
787: goto drop;
788: }
789:
790: if ( memcmp ( dev->bssid, ll_source, ETH_ALEN ) != 0 ) {
791: DBG ( "EAPOL-Key: packet not from associated AP\n" );
792: rc = -EINVAL;
793: goto drop;
794: }
795:
796: if ( ! ( ntohs ( pkt->info ) & EAPOL_KEY_INFO_KEY_ACK ) ) {
797: DBG ( "EAPOL-Key: packet sent in wrong direction\n" );
798: rc = -EINVAL;
799: goto drop;
800: }
801:
802: found_ctx = 0;
803: list_for_each_entry ( ctx, &wpa_contexts, list ) {
804: if ( ctx->dev == dev ) {
805: found_ctx = 1;
806: break;
807: }
808: }
809:
810: if ( ! found_ctx ) {
811: DBG ( "EAPOL-Key: no WPA context to handle packet for %p\n",
812: dev );
813: rc = -ENOENT;
814: goto drop;
815: }
816:
817: if ( ( void * ) ( pkt + 1 ) + ntohs ( pkt->datalen ) > iob->tail ) {
818: DBGC ( ctx, "WPA %p: packet truncated (has %zd extra bytes, "
819: "states %d)\n", ctx, iob->tail - ( void * ) ( pkt + 1 ),
820: ntohs ( pkt->datalen ) );
821: rc = -EINVAL;
822: goto drop;
823: }
824:
825: /* Get a handle on key integrity/encryption handler */
826: kie = wpa_find_kie ( ntohs ( pkt->info ) & EAPOL_KEY_INFO_VERSION );
827: if ( ! kie ) {
828: DBGC ( ctx, "WPA %p: no support for packet version %d\n", ctx,
829: ntohs ( pkt->info ) & EAPOL_KEY_INFO_VERSION );
830: rc = wpa_fail ( ctx, -ENOTSUP );
831: goto drop;
832: }
833:
834: /* Check MIC */
835: if ( ntohs ( pkt->info ) & EAPOL_KEY_INFO_KEY_MIC ) {
836: memcpy ( their_mic, pkt->mic, sizeof ( pkt->mic ) );
837: memset ( pkt->mic, 0, sizeof ( pkt->mic ) );
838: kie->mic ( &ctx->ptk.kck, ( void * ) pkt - EAPOL_HDR_LEN,
839: EAPOL_HDR_LEN + sizeof ( *pkt ) +
840: ntohs ( pkt->datalen ), our_mic );
841: DBGC2 ( ctx, "WPA %p MIC comparison (theirs, ours):\n", ctx );
842: DBGC2_HD ( ctx, their_mic, 16 );
843: DBGC2_HD ( ctx, our_mic, 16 );
844: if ( memcmp ( their_mic, our_mic, sizeof ( pkt->mic ) ) != 0 ) {
845: DBGC ( ctx, "WPA %p: EAPOL MIC failure\n", ctx );
846: goto drop;
847: }
848: }
849:
850: /* Fix byte order to local */
851: pkt->info = ntohs ( pkt->info );
852: pkt->keysize = ntohs ( pkt->keysize );
853: pkt->datalen = ntohs ( pkt->datalen );
854: pkt->replay = be64_to_cpu ( pkt->replay );
855:
856: /* Check replay counter */
857: if ( ctx->replay != ~0ULL && ctx->replay >= pkt->replay ) {
858: DBGC ( ctx, "WPA %p ALERT: Replay detected! "
859: "(%08x:%08x >= %08x:%08x)\n", ctx,
860: ( u32 ) ( ctx->replay >> 32 ), ( u32 ) ctx->replay,
861: ( u32 ) ( pkt->replay >> 32 ), ( u32 ) pkt->replay );
862: rc = 0; /* ignore without error */
863: goto drop;
864: }
865: ctx->replay = pkt->replay;
866:
867: /* Decrypt key data */
868: if ( pkt->info & EAPOL_KEY_INFO_KEY_ENC ) {
869: rc = kie->decrypt ( &ctx->ptk.kek, pkt->iv, pkt->data,
870: &pkt->datalen );
871: if ( rc < 0 ) {
872: DBGC ( ctx, "WPA %p: failed to decrypt packet: %s\n",
873: ctx, strerror ( rc ) );
874: goto drop;
875: }
876: }
877:
878: /* Hand it off to appropriate handler */
879: switch ( pkt->info & ( EAPOL_KEY_INFO_TYPE |
880: EAPOL_KEY_INFO_KEY_MIC ) ) {
881: case EAPOL_KEY_TYPE_PTK:
882: rc = wpa_handle_1_of_4 ( ctx, pkt, is_rsn, kie );
883: break;
884:
885: case EAPOL_KEY_TYPE_PTK | EAPOL_KEY_INFO_KEY_MIC:
886: rc = wpa_handle_3_of_4 ( ctx, pkt, is_rsn, kie );
887: break;
888:
889: case EAPOL_KEY_TYPE_GTK | EAPOL_KEY_INFO_KEY_MIC:
890: rc = wpa_handle_1_of_2 ( ctx, pkt, is_rsn, kie );
891: break;
892:
893: default:
894: DBGC ( ctx, "WPA %p: Invalid combination of key flags %04x\n",
895: ctx, pkt->info );
896: rc = -EINVAL;
897: break;
898: }
899:
900: drop:
901: free_iob ( iob );
902: return rc;
903: }
904:
905: struct eapol_handler eapol_key_handler __eapol_handler = {
906: .type = EAPOL_TYPE_KEY,
907: .rx = eapol_key_rx,
908: };
909:
910: /* WPA always needs EAPOL in order to be useful */
911: REQUIRE_OBJECT ( eapol );
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.