static void shift_right_block(u8 *v) { u32 val; val = WPA_GET_BE32(v + 12); val >>= 1; if (v[11] & 0x01) val |= 0x80000000; WPA_PUT_BE32(v + 12, val); val = WPA_GET_BE32(v + 8); val >>= 1; if (v[7] & 0x01) val |= 0x80000000; WPA_PUT_BE32(v + 8, val); val = WPA_GET_BE32(v + 4); val >>= 1; if (v[3] & 0x01) val |= 0x80000000; WPA_PUT_BE32(v + 4, val); val = WPA_GET_BE32(v); val >>= 1; WPA_PUT_BE32(v, val); }
static u8 * attr_get(u8 *buf, size_t buflen, enum wlantest_ctrl_attr attr, size_t *len) { u8 *pos = buf; while (pos + 8 <= buf + buflen) { enum wlantest_ctrl_attr a; size_t alen; a = WPA_GET_BE32(pos); pos += 4; alen = WPA_GET_BE32(pos); pos += 4; if (pos + alen > buf + buflen) { wpa_printf(MSG_DEBUG, "Invalid control message " "attribute"); return NULL; } if (a == attr) { *len = alen; return pos; } pos += alen; } return NULL; }
static int wpa_config_write_global(struct wpa_config *config, HKEY hk) { #ifdef CONFIG_CTRL_IFACE wpa_config_write_reg_string(hk, "ctrl_interface", config->ctrl_interface); #endif /* CONFIG_CTRL_IFACE */ wpa_config_write_reg_dword(hk, TEXT("eapol_version"), config->eapol_version, DEFAULT_EAPOL_VERSION); wpa_config_write_reg_dword(hk, TEXT("ap_scan"), config->ap_scan, DEFAULT_AP_SCAN); wpa_config_write_reg_dword(hk, TEXT("fast_reauth"), config->fast_reauth, DEFAULT_FAST_REAUTH); wpa_config_write_reg_dword(hk, TEXT("dot11RSNAConfigPMKLifetime"), config->dot11RSNAConfigPMKLifetime, 0); wpa_config_write_reg_dword(hk, TEXT("dot11RSNAConfigPMKReauthThreshold"), config->dot11RSNAConfigPMKReauthThreshold, 0); wpa_config_write_reg_dword(hk, TEXT("dot11RSNAConfigSATimeout"), config->dot11RSNAConfigSATimeout, 0); wpa_config_write_reg_dword(hk, TEXT("update_config"), config->update_config, 0); #ifdef CONFIG_WPS if (!is_nil_uuid(config->uuid)) { char buf[40]; uuid_bin2str(config->uuid, buf, sizeof(buf)); wpa_config_write_reg_string(hk, "uuid", buf); } wpa_config_write_reg_string(hk, "device_name", config->device_name); wpa_config_write_reg_string(hk, "manufacturer", config->manufacturer); wpa_config_write_reg_string(hk, "model_name", config->model_name); wpa_config_write_reg_string(hk, "model_number", config->model_number); wpa_config_write_reg_string(hk, "serial_number", config->serial_number); wpa_config_write_reg_string(hk, "device_type", config->device_type); wpa_config_write_reg_string(hk, "config_methods", config->config_methods); if (WPA_GET_BE32(config->os_version)) { char vbuf[10]; os_snprintf(vbuf, sizeof(vbuf), "%08x", WPA_GET_BE32(config->os_version)); wpa_config_write_reg_string(hk, "os_version", vbuf); } wpa_config_write_reg_dword(hk, TEXT("wps_cred_processing"), config->wps_cred_processing, 0); #endif /* CONFIG_WPS */ wpa_config_write_reg_dword(hk, TEXT("bss_max_count"), config->bss_max_count, DEFAULT_BSS_MAX_COUNT); wpa_config_write_reg_dword(hk, TEXT("filter_ssids"), config->filter_ssids, 0); return 0; }
void hostapd_wps_probe_req_rx(struct hostapd_data *hapd, const u8 *addr, const u8 *ie, size_t ie_len) { struct wpabuf *wps_ie; const u8 *end, *pos, *wps; if (hapd->wps == NULL) return; pos = ie; end = ie + ie_len; wps = NULL; while (pos + 1 < end) { if (pos + 2 + pos[1] > end) return; if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && WPA_GET_BE32(&pos[2]) == WPS_DEV_OUI_WFA) { wps = pos; break; } pos += 2 + pos[1]; } if (wps == NULL) return; /* No WPS IE in Probe Request */ wps_ie = wpabuf_alloc(ie_len); if (wps_ie == NULL) return; /* There may be multiple WPS IEs in the message, so need to concatenate * their WPS Data fields */ while (pos + 1 < end) { if (pos + 2 + pos[1] > end) break; if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && WPA_GET_BE32(&pos[2]) == WPS_DEV_OUI_WFA) wpabuf_put_data(wps_ie, pos + 6, pos[1] - 4); pos += 2 + pos[1]; } if (wpabuf_len(wps_ie) > 0) { wps_registrar_probe_req_rx(hapd->wps->registrar, addr, wps_ie); #ifdef CONFIG_WPS_UPNP /* FIX: what exactly should be included in the WLANEvent? * WPS attributes? Full ProbeReq frame? */ upnp_wps_device_send_wlan_event(hapd->wps_upnp, addr, UPNP_WPS_WLANEVENT_TYPE_PROBE, wps_ie); #endif /* CONFIG_WPS_UPNP */ } wpabuf_free(wps_ie); }
/** * wpa_bss_get_vendor_ie_multi - Fetch vendor IE data from a BSS entry * @bss: BSS table entry * @vendor_type: Vendor type (four octets starting the IE payload) * Returns: Pointer to the information element payload or %NULL if not found * * This function returns concatenated payload of possibly fragmented vendor * specific information elements in the BSS entry. The caller is responsible for * freeing the returned buffer. */ struct wpabuf * wpa_bss_get_vendor_ie_multi(const struct wpa_bss *bss, u32 vendor_type) { struct wpabuf *buf; const u8 *end, *pos; buf = wpabuf_alloc(bss->ie_len); if (buf == NULL) return NULL; pos = (const u8 *) (bss + 1); end = pos + bss->ie_len; while (end - pos > 1) { if (2 + pos[1] > end - pos) break; if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && vendor_type == WPA_GET_BE32(&pos[2])) wpabuf_put_data(buf, pos + 2 + 4, pos[1] - 4); pos += 2 + pos[1]; } if (wpabuf_len(buf) == 0) { wpabuf_free(buf); buf = NULL; } return buf; }
static void ctrl_get_bss_counter(struct wlantest *wt, int sock, u8 *cmd, size_t clen) { u8 *addr; size_t addr_len; struct wlantest_bss *bss; u32 counter; u8 buf[4 + 12], *end, *pos; bss = ctrl_get_bss(wt, sock, cmd, clen); if (bss == NULL) return; addr = attr_get(cmd, clen, WLANTEST_ATTR_BSS_COUNTER, &addr_len); if (addr == NULL || addr_len != 4) { ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD); return; } counter = WPA_GET_BE32(addr); if (counter >= NUM_WLANTEST_BSS_COUNTER) { ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD); return; } pos = buf; end = buf + sizeof(buf); WPA_PUT_BE32(pos, WLANTEST_CTRL_SUCCESS); pos += 4; pos = attr_add_be32(pos, end, WLANTEST_ATTR_COUNTER, bss->counters[counter]); ctrl_send(wt, sock, buf, pos - buf); }
static void wpa_supplicant_update_smk_lifetime(struct wpa_sm *sm, struct wpa_peerkey *peerkey, struct wpa_eapol_ie_parse *kde) { u32 lifetime; struct os_time now; if (kde->lifetime == NULL || kde->lifetime_len < sizeof(lifetime)) return; lifetime = WPA_GET_BE32(kde->lifetime); if (lifetime >= peerkey->lifetime) { wpa_printf(MSG_DEBUG, "RSN: Peer used SMK lifetime %u seconds " "which is larger than or equal to own value %u " "seconds - ignored", lifetime, peerkey->lifetime); return; } wpa_printf(MSG_DEBUG, "RSN: Peer used shorter SMK lifetime %u seconds " "(own was %u seconds) - updated", lifetime, peerkey->lifetime); peerkey->lifetime = lifetime; os_get_time(&now); peerkey->expiration = now.sec + lifetime; eloop_cancel_timeout(wpa_supplicant_smk_timeout, sm, peerkey); eloop_register_timeout(lifetime, 0, wpa_supplicant_smk_timeout, sm, peerkey); }
static const u8 * eap_gpsk_validate_csuite(struct eap_gpsk_data *data, const u8 *pos, const u8 *end) { int vendor, specifier; const struct eap_gpsk_csuite *csuite; if (pos == NULL) return NULL; if (end - pos < (int) sizeof(*csuite)) { wpa_printf(MSG_DEBUG, "EAP-GPSK: Message too short for " "CSuite_Sel"); return NULL; } csuite = (const struct eap_gpsk_csuite *) pos; vendor = WPA_GET_BE32(csuite->vendor); specifier = WPA_GET_BE16(csuite->specifier); pos += sizeof(*csuite); if (vendor != data->vendor || specifier != data->specifier) { wpa_printf(MSG_DEBUG, "EAP-GPSK: CSuite_Sel (%d:%d) does not " "match with the one sent in GPSK-2 (%d:%d)", vendor, specifier, data->vendor, data->specifier); return NULL; } return pos; }
/* compress 512-bits */ static int sha256_compress(struct sha256_state *md, unsigned char *buf) { unsigned long S[8], W[64], t0, t1; unsigned long t; int i; /* copy state into S */ for(i = 0; i < 8; i++) { S[i] = md->state[i]; } /* copy the state into 512-bits into W[0..15] */ for(i = 0; i < 16; i++) W[i] = WPA_GET_BE32(buf + (4 * i)); /* fill W[16..63] */ for(i = 16; i < 64; i++) { W[i] = Gamma1(W[i - 2]) + W[i - 7] + Gamma0(W[i - 15]) + W[i - 16]; } /* Compress */ #define RND(a,b,c,d,e,f,g,h,i) \ t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \ t1 = Sigma0(a) + Maj(a, b, c); \ d += t0; \ h = t0 + t1; for(i = 0; i < 64; ++i) { RND(S[0], S[1], S[2], S[3], S[4], S[5], S[6], S[7], i); t = S[7]; S[7] = S[6]; S[6] = S[5]; S[5] = S[4]; S[4] = S[3]; S[3] = S[2]; S[2] = S[1]; S[1] = S[0]; S[0] = t; } /* feedback */ for(i = 0; i < 8; i++) { md->state[i] = md->state[i] + S[i]; } return 0; }
static void inc32(u8 *block) { u32 val; val = WPA_GET_BE32(block + AES_BLOCK_SIZE - 4); val++; WPA_PUT_BE32(block + AES_BLOCK_SIZE - 4, val); }
static Boolean eap_vendor_test_check(struct eap_sm *sm, void *priv, u8 *respData, size_t respDataLen) { struct eap_hdr *resp; u8 *pos; size_t len; int vendor; u32 method; resp = (struct eap_hdr *) respData; pos = (u8 *) (resp + 1); if (respDataLen < sizeof(*resp)) return TRUE; len = ntohs(resp->length); if (len > respDataLen) return TRUE; if (len < sizeof(*resp) + 8 || *pos != EAP_TYPE_EXPANDED) { wpa_printf(MSG_INFO, "EAP-VENDOR-TEST: Invalid frame"); return TRUE; } pos++; vendor = WPA_GET_BE24(pos); pos += 3; method = WPA_GET_BE32(pos); pos++; if (vendor != EAP_VENDOR_ID || method != EAP_VENDOR_TYPE) return TRUE; return FALSE; }
struct wpabuf * wpa_scan_get_vendor_ie_multi_beacon( const struct wpa_scan_res *res, u32 vendor_type) { struct wpabuf *buf; const u8 *end, *pos; if (res->beacon_ie_len == 0) return NULL; buf = wpabuf_alloc(res->beacon_ie_len); if (buf == NULL) return NULL; pos = (const u8 *) (res + 1); pos += res->ie_len; end = pos + res->beacon_ie_len; while (pos + 1 < end) { if (pos + 2 + pos[1] > end) break; if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && vendor_type == WPA_GET_BE32(&pos[2])) wpabuf_put_data(buf, pos + 2 + 4, pos[1] - 4); pos += 2 + pos[1]; } if (wpabuf_len(buf) == 0) { wpabuf_free(buf); buf = NULL; } return buf; }
struct wpabuf * tncc_process_soh_request(int ver, const u8 *data, size_t len) { const u8 *pos; wpa_hexdump(MSG_DEBUG, "TNC: SoH Request", data, len); if (len < 12) return NULL; /* SoH Request */ pos = data; /* TLV Type */ if (WPA_GET_BE16(pos) != EAP_TLV_VENDOR_SPECIFIC_TLV) return NULL; pos += 2; /* Length */ if (WPA_GET_BE16(pos) < 8) return NULL; pos += 2; /* Vendor_Id */ if (WPA_GET_BE32(pos) != EAP_VENDOR_MICROSOFT) return NULL; pos += 4; /* TLV Type */ if (WPA_GET_BE16(pos) != 0x02 /* SoH request TLV */) return NULL; wpa_printf(MSG_DEBUG, "TNC: SoH Request TLV received"); return tncc_build_soh(2); }
static int eap_server_tls_reassemble(struct eap_ssl_data *data, u8 flags, const u8 **pos, size_t *left) { unsigned int tls_msg_len = 0; const u8 *end = *pos + *left; if (flags & EAP_TLS_FLAGS_LENGTH_INCLUDED) { if (*left < 4) { wpa_printf(MSG_INFO, "SSL: Short frame with TLS " "length"); return -1; } tls_msg_len = WPA_GET_BE32(*pos); wpa_printf(MSG_DEBUG, "SSL: TLS Message Length: %d", tls_msg_len); *pos += 4; *left -= 4; } wpa_printf(MSG_DEBUG, "SSL: Received packet: Flags 0x%x " "Message Length %u", flags, tls_msg_len); if (data->state == WAIT_FRAG_ACK) { if (*left != 0) { wpa_printf(MSG_DEBUG, "SSL: Unexpected payload in " "WAIT_FRAG_ACK state"); return -1; } wpa_printf(MSG_DEBUG, "SSL: Fragment acknowledged"); return 1; } if (data->tls_in && eap_server_tls_process_cont(data, *pos, end - *pos) < 0) return -1; if (flags & EAP_TLS_FLAGS_MORE_FRAGMENTS) { if (eap_server_tls_process_fragment(data, flags, tls_msg_len, *pos, end - *pos) < 0) return -1; data->state = FRAG_ACK; return 1; } if (data->state == FRAG_ACK) { wpa_printf(MSG_DEBUG, "SSL: All fragments received"); data->state = MSG; } if (data->tls_in == NULL) { /* Wrap unfragmented messages as wpabuf without extra copy */ wpabuf_set(&data->tmpbuf, *pos, end - *pos); data->tls_in = &data->tmpbuf; } return 0; }
static int attr_get_int(u8 *buf, size_t buflen, enum wlantest_ctrl_attr attr) { u8 *pos; size_t len; pos = attr_get(buf, buflen, attr, &len); if (pos == NULL || len != 4) return -1; return WPA_GET_BE32(pos); }
int wpas_wps_init(struct wpa_supplicant *wpa_s) { struct wps_context *wps; struct wps_registrar_config rcfg; wps = os_zalloc(sizeof(*wps)); if (wps == NULL) return -1; wps->cred_cb = wpa_supplicant_wps_cred; wps->event_cb = wpa_supplicant_wps_event; wps->cb_ctx = wpa_s; wps->dev.device_name = wpa_s->conf->device_name; wps->dev.manufacturer = wpa_s->conf->manufacturer; wps->dev.model_name = wpa_s->conf->model_name; wps->dev.model_number = wpa_s->conf->model_number; wps->dev.serial_number = wpa_s->conf->serial_number; wps->config_methods = wps_config_methods_str2bin(wpa_s->conf->config_methods); if (wpa_s->conf->device_type && wps_dev_type_str2bin(wpa_s->conf->device_type, wps->dev.pri_dev_type) < 0) { wpa_printf(MSG_ERROR, "WPS: Invalid device_type"); os_free(wps); return -1; } wps->dev.os_version = WPA_GET_BE32(wpa_s->conf->os_version); wps->dev.rf_bands = WPS_RF_24GHZ | WPS_RF_50GHZ; /* TODO: config */ os_memcpy(wps->dev.mac_addr, wpa_s->own_addr, ETH_ALEN); if (is_nil_uuid(wpa_s->conf->uuid)) { uuid_gen_mac_addr(wpa_s->own_addr, wps->uuid); wpa_hexdump(MSG_DEBUG, "WPS: UUID based on MAC address", wps->uuid, WPS_UUID_LEN); } else os_memcpy(wps->uuid, wpa_s->conf->uuid, WPS_UUID_LEN); wps->auth_types = WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK; wps->encr_types = WPS_ENCR_AES | WPS_ENCR_TKIP; os_memset(&rcfg, 0, sizeof(rcfg)); rcfg.new_psk_cb = wpas_wps_new_psk_cb; rcfg.pin_needed_cb = wpas_wps_pin_needed_cb; rcfg.set_sel_reg_cb = wpas_wps_set_sel_reg_cb; rcfg.cb_ctx = wpa_s; wps->registrar = wps_registrar_init(wps, &rcfg); if (wps->registrar == NULL) { wpa_printf(MSG_DEBUG, "Failed to initialize WPS Registrar"); os_free(wps); return -1; } wpa_s->wps = wps; return 0; }
static int cmd_get_sta_counter(int s, int argc, char *argv[]) { u8 resp[WLANTEST_CTRL_MAX_RESP_LEN]; u8 buf[100], *end, *pos; int rlen, i; size_t len; if (argc != 3) { printf("get_sta_counter needs at three arguments: " "counter name, BSSID, and STA address\n"); return -1; } pos = buf; end = buf + sizeof(buf); WPA_PUT_BE32(pos, WLANTEST_CTRL_GET_STA_COUNTER); pos += 4; for (i = 0; sta_counters[i].name; i++) { if (os_strcasecmp(sta_counters[i].name, argv[0]) == 0) break; } if (sta_counters[i].name == NULL) { printf("Unknown STA counter '%s'\n", argv[0]); printf("Counters:"); for (i = 0; sta_counters[i].name; i++) printf(" %s", sta_counters[i].name); printf("\n"); return -1; } pos = attr_add_be32(pos, end, WLANTEST_ATTR_STA_COUNTER, sta_counters[i].num); pos = attr_hdr_add(pos, end, WLANTEST_ATTR_BSSID, ETH_ALEN); if (hwaddr_aton(argv[1], pos) < 0) { printf("Invalid BSSID '%s'\n", argv[1]); return -1; } pos += ETH_ALEN; pos = attr_hdr_add(pos, end, WLANTEST_ATTR_STA_ADDR, ETH_ALEN); if (hwaddr_aton(argv[2], pos) < 0) { printf("Invalid STA address '%s'\n", argv[2]); return -1; } pos += ETH_ALEN; rlen = cmd_send_and_recv(s, buf, pos - buf, resp, sizeof(resp)); if (rlen < 0) return -1; pos = attr_get(resp + 4, rlen - 4, WLANTEST_ATTR_COUNTER, &len); if (pos == NULL || len != 4) return -1; printf("%u\n", WPA_GET_BE32(pos)); return 0; }
struct wpabuf * ieee802_11_vendor_ie_concat(const u8 *ies, size_t ies_len, u32 oui_type) { struct wpabuf *buf; const u8 *end, *pos, *ie; pos = ies; end = ies + ies_len; ie = NULL; while (pos + 1 < end) { if (pos + 2 + pos[1] > end) return NULL; if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && WPA_GET_BE32(&pos[2]) == oui_type) { ie = pos; break; } pos += 2 + pos[1]; } if (ie == NULL) return NULL; /* No specified vendor IE found */ buf = wpabuf_alloc(ies_len); if (buf == NULL) return NULL; /* * There may be multiple vendor IEs in the message, so need to * concatenate their data fields. */ while (pos + 1 < end) { if (pos + 2 + pos[1] > end) break; if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && WPA_GET_BE32(&pos[2]) == oui_type) wpabuf_put_data(buf, pos + 6, pos[1] - 4); pos += 2 + pos[1]; } return buf; }
static void eap_sm_parseEapResp(struct eap_sm *sm, const struct wpabuf *resp) { const struct eap_hdr *hdr; size_t plen; /* parse rxResp, respId, respMethod */ sm->rxResp = FALSE; sm->respId = -1; sm->respMethod = EAP_TYPE_NONE; sm->respVendor = EAP_VENDOR_IETF; sm->respVendorMethod = EAP_TYPE_NONE; if (resp == NULL || wpabuf_len(resp) < sizeof(*hdr)) { wpa_printf(MSG_DEBUG, "EAP: parseEapResp: invalid resp=%p " "len=%lu", resp, resp ? (unsigned long) wpabuf_len(resp) : 0); return; } hdr = wpabuf_head(resp); plen = be_to_host16(hdr->length); if (plen > wpabuf_len(resp)) { wpa_printf(MSG_DEBUG, "EAP: Ignored truncated EAP-Packet " "(len=%lu plen=%lu)", (unsigned long) wpabuf_len(resp), (unsigned long) plen); return; } sm->respId = hdr->identifier; if (hdr->code == EAP_CODE_RESPONSE) sm->rxResp = TRUE; if (plen > sizeof(*hdr)) { u8 *pos = (u8 *) (hdr + 1); sm->respMethod = *pos++; if (sm->respMethod == EAP_TYPE_EXPANDED) { if (plen < sizeof(*hdr) + 8) { wpa_printf(MSG_DEBUG, "EAP: Ignored truncated " "expanded EAP-Packet (plen=%lu)", (unsigned long) plen); return; } sm->respVendor = WPA_GET_BE24(pos); pos += 3; sm->respVendorMethod = WPA_GET_BE32(pos); } } wpa_printf(MSG_DEBUG, "EAP: parseEapResp: rxResp=%d respId=%d " "respMethod=%u respVendor=%u respVendorMethod=%u", sm->rxResp, sm->respId, sm->respMethod, sm->respVendor, sm->respVendorMethod); }
/** * wpa_parse_wpa_ie - Parse WPA/RSN IE * @wpa_ie: Pointer to WPA or RSN IE * @wpa_ie_len: Length of the WPA/RSN IE * @data: Pointer to data area for parsing results * Returns: 0 on success, -1 on failure * * Parse the contents of WPA or RSN IE and write the parsed data into data. */ int wpa_parse_wpa_ie(const u8 *wpa_ie, size_t wpa_ie_len, struct wpa_ie_data *data) { if (wpa_ie_len >= 1 && wpa_ie[0] == WLAN_EID_RSN) return wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, data); if (wpa_ie_len >= 6 && wpa_ie[0] == WLAN_EID_VENDOR_SPECIFIC && wpa_ie[1] >= 4 && WPA_GET_BE32(&wpa_ie[2]) == OSEN_IE_VENDOR_TYPE) return wpa_parse_wpa_ie_rsn(wpa_ie, wpa_ie_len, data); else return wpa_parse_wpa_ie_wpa(wpa_ie, wpa_ie_len, data); }
const u8 * eap_tls_process_init(struct eap_sm *sm, struct eap_ssl_data *data, EapType eap_type, struct eap_method_ret *ret, const u8 *reqData, size_t reqDataLen, size_t *len, u8 *flags) { const u8 *pos; size_t left; unsigned int tls_msg_len; if (tls_get_errors(sm->ssl_ctx)) { wpa_printf(MSG_INFO, "SSL: TLS errors detected"); ret->ignore = TRUE; return NULL; } pos = eap_hdr_validate(EAP_VENDOR_IETF, eap_type, reqData, reqDataLen, &left); if (pos == NULL) { ret->ignore = TRUE; return NULL; } *flags = *pos++; left--; wpa_printf(MSG_DEBUG, "SSL: Received packet(len=%lu) - " "Flags 0x%02x", (unsigned long) reqDataLen, *flags); if (*flags & EAP_TLS_FLAGS_LENGTH_INCLUDED) { if (left < 4) { wpa_printf(MSG_INFO, "SSL: Short frame with TLS " "length"); ret->ignore = TRUE; return NULL; } tls_msg_len = WPA_GET_BE32(pos); wpa_printf(MSG_DEBUG, "SSL: TLS Message Length: %d", tls_msg_len); if (data->tls_in_left == 0) { data->tls_in_total = tls_msg_len; data->tls_in_left = tls_msg_len; os_free(data->tls_in); data->tls_in = NULL; data->tls_in_len = 0; } pos += 4; left -= 4; } ret->ignore = FALSE; ret->methodState = METHOD_MAY_CONT; ret->decision = DECISION_FAIL; ret->allowNotifications = TRUE; *len = (size_t) left; return pos; }
static void ctrl_info_sta(struct wlantest *wt, int sock, u8 *cmd, size_t clen) { u8 *addr; size_t addr_len; struct wlantest_bss *bss; struct wlantest_sta *sta; enum wlantest_sta_info info; u8 buf[4 + 108], *end, *pos; char resp[100]; bss = ctrl_get_bss(wt, sock, cmd, clen); sta = ctrl_get_sta(wt, sock, cmd, clen, bss); if (sta == NULL) return; addr = attr_get(cmd, clen, WLANTEST_ATTR_STA_INFO, &addr_len); if (addr == NULL || addr_len != 4) { ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD); return; } info = WPA_GET_BE32(addr); resp[0] = '\0'; switch (info) { case WLANTEST_STA_INFO_PROTO: info_print_proto(resp, sizeof(resp), sta->proto); break; case WLANTEST_STA_INFO_PAIRWISE: info_print_cipher(resp, sizeof(resp), sta->pairwise_cipher); break; case WLANTEST_STA_INFO_KEY_MGMT: info_print_key_mgmt(resp, sizeof(resp), sta->key_mgmt); break; case WLANTEST_STA_INFO_RSN_CAPAB: info_print_rsn_capab(resp, sizeof(resp), sta->rsn_capab); break; case WLANTEST_STA_INFO_STATE: info_print_state(resp, sizeof(resp), sta->state); break; case WLANTEST_STA_INFO_GTK: info_print_gtk(resp, sizeof(resp), sta); break; default: ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD); return; } pos = buf; end = buf + sizeof(buf); WPA_PUT_BE32(pos, WLANTEST_CTRL_SUCCESS); pos += 4; pos = attr_add_str(pos, end, WLANTEST_ATTR_INFO, resp); ctrl_send(wt, sock, buf, pos - buf); }
static int wpa_config_process_os_version(const struct global_parse_data *data, struct wpa_config *config, int line, const char *pos) { if (hexstr2bin(pos, config->os_version, 4)) { wpa_printf(MSG_ERROR, "Line %d: invalid os_version", line); return -1; } wpa_printf(MSG_DEBUG, "os_version=%08x", WPA_GET_BE32(config->os_version)); return 0; }
int wps_process_os_version(struct wps_device_data *dev, const u8 *ver) { if (ver == NULL) { wpa_printf(MSG_DEBUG, "WPS: No OS Version received"); return -1; } dev->os_version = WPA_GET_BE32(ver); wpa_printf(MSG_DEBUG, "WPS: OS Version %08x", dev->os_version); return 0; }
static void ctrl_get_tdls_counter(struct wlantest *wt, int sock, u8 *cmd, size_t clen) { u8 *addr; size_t addr_len; struct wlantest_bss *bss; struct wlantest_sta *sta; struct wlantest_sta *sta2; struct wlantest_tdls *tdls; u32 counter; u8 buf[4 + 12], *end, *pos; int found = 0; bss = ctrl_get_bss(wt, sock, cmd, clen); sta = ctrl_get_sta(wt, sock, cmd, clen, bss); sta2 = ctrl_get_sta2(wt, sock, cmd, clen, bss); if (sta == NULL || sta2 == NULL) { ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE); return; } addr = attr_get(cmd, clen, WLANTEST_ATTR_TDLS_COUNTER, &addr_len); if (addr == NULL || addr_len != 4) { ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD); return; } counter = WPA_GET_BE32(addr); if (counter >= NUM_WLANTEST_TDLS_COUNTER) { ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD); return; } dl_list_for_each(tdls, &bss->tdls, struct wlantest_tdls, list) { if (tdls->init == sta && tdls->resp == sta2) { found = 1; break; } } if (!found) { ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE); return; } pos = buf; end = buf + sizeof(buf); WPA_PUT_BE32(pos, WLANTEST_CTRL_SUCCESS); pos += 4; pos = attr_add_be32(pos, end, WLANTEST_ATTR_COUNTER, tdls->counters[counter]); ctrl_send(wt, sock, buf, pos - buf); }
const u8 * eap_hdr_validate(int vendor, EapType eap_type, const struct wpabuf *msg, size_t *plen) { const struct eap_hdr *hdr; const u8 *pos; size_t len; hdr = wpabuf_head(msg); if (wpabuf_len(msg) < sizeof(*hdr)) { wpa_printf(MSG_INFO, "EAP: Too short EAP frame"); return NULL; } len = be_to_host16(hdr->length); if (len < sizeof(*hdr) + 1 || len > wpabuf_len(msg)) { wpa_printf(MSG_INFO, "EAP: Invalid EAP length"); return NULL; } pos = (const u8 *) (hdr + 1); if (*pos == EAP_TYPE_EXPANDED) { int exp_vendor; u32 exp_type; if (len < sizeof(*hdr) + 8) { wpa_printf(MSG_INFO, "EAP: Invalid expanded EAP " "length"); return NULL; } pos++; exp_vendor = WPA_GET_BE24(pos); pos += 3; exp_type = WPA_GET_BE32(pos); pos += 4; if (exp_vendor != vendor || exp_type != (u32) eap_type) { wpa_printf(MSG_INFO, "EAP: Invalid expanded frame " "type"); return NULL; } *plen = len - sizeof(*hdr) - 8; return pos; } else { if (vendor != EAP_VENDOR_IETF || *pos != eap_type) { wpa_printf(MSG_INFO, "EAP: Invalid frame type"); return NULL; } *plen = len - sizeof(*hdr) - 1; return pos + 1; } }
char * wps_dev_type_bin2str(const u8 dev_type[WPS_DEV_TYPE_LEN], char *buf, size_t buf_len) { int ret; ret = os_snprintf(buf, buf_len, "%u-%08X-%u", WPA_GET_BE16(dev_type), WPA_GET_BE32(&dev_type[2]), WPA_GET_BE16(&dev_type[6])); if (ret < 0 || (unsigned int) ret >= buf_len) return NULL; return buf; }
static void eap_sm_parseEapResp(struct eap_sm *sm, u8 *resp, size_t len) { struct eap_hdr *hdr; size_t plen; /* parse rxResp, respId, respMethod */ sm->rxResp = FALSE; sm->respId = -1; sm->respMethod = EAP_TYPE_NONE; sm->respVendor = EAP_VENDOR_IETF; sm->respVendorMethod = EAP_TYPE_NONE; if (resp == NULL || len < sizeof(*hdr)) return; hdr = (struct eap_hdr *) resp; plen = ntohs(hdr->length); if (plen > len) { wpa_printf(MSG_DEBUG, "EAP: Ignored truncated EAP-Packet " "(len=%lu plen=%lu)", (unsigned long) len, (unsigned long) plen); return; } sm->respId = hdr->identifier; if (hdr->code == EAP_CODE_RESPONSE) sm->rxResp = TRUE; if (plen > sizeof(*hdr)) { u8 *pos = (u8 *) (hdr + 1); sm->respMethod = *pos++; if (sm->respMethod == EAP_TYPE_EXPANDED) { if (plen < sizeof(*hdr) + 8) { wpa_printf(MSG_DEBUG, "EAP: Ignored truncated " "expanded EAP-Packet (plen=%lu)", (unsigned long) plen); return; } sm->respVendor = WPA_GET_BE24(pos); pos += 3; sm->respVendorMethod = WPA_GET_BE32(pos); } } wpa_printf(MSG_DEBUG, "EAP: parseEapResp: rxResp=%d respId=%d " "respMethod=%u respVendor=%u respVendorMethod=%u", sm->rxResp, sm->respId, sm->respMethod, sm->respVendor, sm->respVendorMethod); }
void wpas_wps_update_config(struct wpa_supplicant *wpa_s) { struct wps_context *wps = wpa_s->wps; if (wps == NULL) return; if (wpa_s->conf->changed_parameters & CFG_CHANGED_CONFIG_METHODS) { wps->config_methods = wps_config_methods_str2bin( wpa_s->conf->config_methods); if ((wps->config_methods & (WPS_CONFIG_DISPLAY | WPS_CONFIG_LABEL)) == (WPS_CONFIG_DISPLAY | WPS_CONFIG_LABEL)) { wpa_printf(MSG_ERROR, "WPS: Both Label and Display " "config methods are not allowed at the " "same time"); wps->config_methods &= ~WPS_CONFIG_LABEL; } } wps->config_methods = wps_fix_config_methods(wps->config_methods); if (wpa_s->conf->changed_parameters & CFG_CHANGED_DEVICE_TYPE) os_memcpy(wps->dev.pri_dev_type, wpa_s->conf->device_type, WPS_DEV_TYPE_LEN); if (wpa_s->conf->changed_parameters & CFG_CHANGED_SEC_DEVICE_TYPE) { wps->dev.num_sec_dev_types = wpa_s->conf->num_sec_device_types; os_memcpy(wps->dev.sec_dev_type, wpa_s->conf->sec_device_type, wps->dev.num_sec_dev_types * WPS_DEV_TYPE_LEN); } if (wpa_s->conf->changed_parameters & CFG_CHANGED_OS_VERSION) wps->dev.os_version = WPA_GET_BE32(wpa_s->conf->os_version); if (wpa_s->conf->changed_parameters & CFG_CHANGED_UUID) wpas_wps_set_uuid(wpa_s, wps); if (wpa_s->conf->changed_parameters & (CFG_CHANGED_DEVICE_NAME | CFG_CHANGED_WPS_STRING)) { /* Update pointers to make sure they refer current values */ wps->dev.device_name = wpa_s->conf->device_name; wps->dev.manufacturer = wpa_s->conf->manufacturer; wps->dev.model_name = wpa_s->conf->model_name; wps->dev.model_number = wpa_s->conf->model_number; wps->dev.serial_number = wpa_s->conf->serial_number; } }
/** * wpa_bss_get_vendor_ie - Fetch a vendor information element from a BSS entry * @bss: BSS table entry * @vendor_type: Vendor type (four octets starting the IE payload) * Returns: Pointer to the information element (id field) or %NULL if not found * * This function returns the first matching information element in the BSS * entry. */ const u8 * wpa_bss_get_vendor_ie(const struct wpa_bss *bss, u32 vendor_type) { const u8 *end, *pos; pos = (const u8 *) (bss + 1); end = pos + bss->ie_len; while (pos + 1 < end) { if (pos + 2 + pos[1] > end) break; if (pos[0] == WLAN_EID_VENDOR_SPECIFIC && pos[1] >= 4 && vendor_type == WPA_GET_BE32(&pos[2])) return pos; pos += 2 + pos[1]; } return NULL; }