static int eap_wsc_process_cont(struct eap_wsc_data *data,
const u8 *buf, size_t len, u8 op_code)
{
/* Process continuation of a pending message */
if (op_code != data->in_op_code) {
wpa_printf(MSG_DEBUG, "EAP-WSC: Unexpected Op-Code %d in "
"fragment (expected %d)",
op_code, data->in_op_code);
eap_wsc_state(data, FAIL);
return -1;
}
if (len > wpabuf_tailroom(data->in_buf)) {
wpa_printf(MSG_DEBUG, "EAP-WSC: Fragment overflow");
eap_wsc_state(data, FAIL);
return -1;
}
wpabuf_put_data(data->in_buf, buf, len);
wpa_printf(MSG_DEBUG, "EAP-WSC: Received %lu bytes, waiting for %lu "
"bytes more", (unsigned long) len,
(unsigned long) wpabuf_tailroom(data->in_buf));
return 0;
}
static int p2p_add_wps_string(struct wpabuf *buf, enum wps_attribute attr,
const char *val)
{
size_t len;
len = val ? os_strlen(val) : 0;
if (wpabuf_tailroom(buf) < 4 + len)
return -1;
wpabuf_put_be16(buf, attr);
#ifndef CONFIG_WPS_STRICT
if (len == 0) {
/*
* Some deployed WPS implementations fail to parse zeor-length
* attributes. As a workaround, send a space character if the
* device attribute string is empty.
*/
if (wpabuf_tailroom(buf) < 3)
return -1;
wpabuf_put_be16(buf, 1);
wpabuf_put_u8(buf, ' ');
return 0;
}
#endif /* CONFIG_WPS_STRICT */
wpabuf_put_be16(buf, len);
if (val)
wpabuf_put_data(buf, val, len);
return 0;
}
static struct wpabuf * eap_ikev2_process_fragment(struct eap_ikev2_data *data,
struct eap_method_ret *ret,
u8 id, u8 flags,
u32 message_length,
const u8 *buf, size_t len)
{
/* Process a fragment that is not the last one of the message */
if (data->in_buf == NULL && !(flags & IKEV2_FLAGS_LENGTH_INCLUDED)) {
wpa_printf(MSG_DEBUG, "EAP-IKEV2: No Message Length field in "
"a fragmented packet");
ret->ignore = TRUE;
return NULL;
}
if (data->in_buf == NULL) {
/* First fragment of the message */
data->in_buf = wpabuf_alloc(message_length);
if (data->in_buf == NULL) {
wpa_printf(MSG_DEBUG, "EAP-IKEV2: No memory for "
"message");
ret->ignore = TRUE;
return NULL;
}
wpabuf_put_data(data->in_buf, buf, len);
wpa_printf(MSG_DEBUG, "EAP-IKEV2: Received %lu bytes in first "
"fragment, waiting for %lu bytes more",
(unsigned long) len,
(unsigned long) wpabuf_tailroom(data->in_buf));
}
return eap_ikev2_build_frag_ack(id, EAP_CODE_RESPONSE);
}
static int eap_server_tls_process_cont(struct eap_ssl_data *data,
const u8 *buf, size_t len)
{
/* Process continuation of a pending message */
if (len > wpabuf_tailroom(data->tls_in)) {
wpa_printf(MSG_DEBUG, "SSL: Fragment overflow");
return -1;
}
wpabuf_put_data(data->tls_in, buf, len);
wpa_printf(MSG_DEBUG, "SSL: Received %lu bytes, waiting for %lu "
"bytes more", (unsigned long) len,
(unsigned long) wpabuf_tailroom(data->tls_in));
return 0;
}
struct radius_attr_hdr *radius_msg_add_attr(struct radius_msg *msg, u8 type,
const u8 *data, size_t data_len)
{
size_t buf_needed;
struct radius_attr_hdr *attr;
if (data_len > RADIUS_MAX_ATTR_LEN) {
printf("radius_msg_add_attr: too long attribute (%lu bytes)\n",
(unsigned long) data_len);
return NULL;
}
buf_needed = sizeof(*attr) + data_len;
if (wpabuf_tailroom(msg->buf) < buf_needed) {
/* allocate more space for message buffer */
if (wpabuf_resize(&msg->buf, buf_needed) < 0)
return NULL;
msg->hdr = wpabuf_mhead(msg->buf);
}
attr = wpabuf_put(msg->buf, sizeof(struct radius_attr_hdr));
attr->type = type;
attr->length = sizeof(*attr) + data_len;
wpabuf_put_data(msg->buf, data, data_len);
if (radius_msg_add_attr_to_array(msg, attr))
return NULL;
return attr;
}
static int eap_wsc_process_fragment(struct eap_wsc_data *data,
u8 flags, u8 op_code, u16 message_length,
const u8 *buf, size_t len)
{
/* Process a fragment that is not the last one of the message */
if (data->in_buf == NULL && !(flags & WSC_FLAGS_LF)) {
wpa_printf(MSG_DEBUG, "EAP-WSC: No Message Length "
"field in a fragmented packet");
return -1;
}
if (data->in_buf == NULL) {
/* First fragment of the message */
data->in_buf = wpabuf_alloc(message_length);
if (data->in_buf == NULL) {
wpa_printf(MSG_DEBUG, "EAP-WSC: No memory for "
"message");
return -1;
}
data->in_op_code = op_code;
wpabuf_put_data(data->in_buf, buf, len);
wpa_printf(MSG_DEBUG, "EAP-WSC: Received %lu bytes in "
"first fragment, waiting for %lu bytes more",
(unsigned long) len,
(unsigned long) wpabuf_tailroom(data->in_buf));
}
return 0;
}
static int eap_tnc_process_fragment(struct eap_tnc_data *data,
u8 flags, u32 message_length,
const u8 *buf, size_t len)
{
/* Process a fragment that is not the last one of the message */
if (data->in_buf == NULL && !(flags & EAP_TNC_FLAGS_LENGTH_INCLUDED)) {
wpa_printf(MSG_DEBUG, "EAP-TNC: No Message Length field in a "
"fragmented packet");
return -1;
}
if (data->in_buf == NULL) {
/* First fragment of the message */
data->in_buf = wpabuf_alloc(message_length);
if (data->in_buf == NULL) {
wpa_printf(MSG_DEBUG, "EAP-TNC: No memory for "
"message");
return -1;
}
wpabuf_put_data(data->in_buf, buf, len);
wpa_printf(MSG_DEBUG, "EAP-TNC: Received %lu bytes in first "
"fragment, waiting for %lu bytes more",
(unsigned long) len,
(unsigned long) wpabuf_tailroom(data->in_buf));
}
return 0;
}
static int eap_tnc_process_cont(struct eap_tnc_data *data,
const u8 *buf, size_t len)
{
/* Process continuation of a pending message */
if (len > wpabuf_tailroom(data->in_buf)) {
wpa_printf(MSG_DEBUG, "EAP-TNC: Fragment overflow");
eap_tnc_set_state(data, FAIL);
return -1;
}
wpabuf_put_data(data->in_buf, buf, len);
wpa_printf(MSG_DEBUG, "EAP-TNC: Received %lu bytes, waiting for %lu "
"bytes more", (unsigned long) len,
(unsigned long) wpabuf_tailroom(data->in_buf));
return 0;
}
static void p2p_client_info(struct wpabuf *ie, struct p2p_group_member *m)
{
if (m->client_info == NULL)
return;
if (wpabuf_tailroom(ie) < wpabuf_len(m->client_info) + 1)
return;
wpabuf_put_buf(ie, m->client_info);
}
static struct wpabuf * eap_eke_build_confirm(struct eap_sm *sm,
struct eap_eke_data *data, u8 id)
{
struct wpabuf *msg;
size_t plen, prot_len;
u8 nonces[2 * EAP_EKE_MAX_NONCE_LEN];
u8 *auth;
wpa_printf(MSG_DEBUG, "EAP-EKE: Request/Confirm");
plen = data->sess.pnonce_ps_len + data->sess.prf_len;
msg = eap_eke_build_msg(data, id, plen, EAP_EKE_CONFIRM);
if (msg == NULL) {
eap_eke_fail(data, EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
return eap_eke_build_failure(data, id);
}
if (random_get_bytes(data->nonce_s, data->sess.nonce_len)) {
wpabuf_free(msg);
eap_eke_fail(data, EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
return eap_eke_build_failure(data, id);
}
wpa_hexdump_key(MSG_DEBUG, "EAP-EKE: Nonce_S",
data->nonce_s, data->sess.nonce_len);
os_memcpy(nonces, data->nonce_p, data->sess.nonce_len);
os_memcpy(nonces + data->sess.nonce_len, data->nonce_s,
data->sess.nonce_len);
prot_len = wpabuf_tailroom(msg);
if (eap_eke_prot(&data->sess, nonces, 2 * data->sess.nonce_len,
wpabuf_put(msg, 0), &prot_len) < 0) {
wpabuf_free(msg);
eap_eke_fail(data, EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
return eap_eke_build_failure(data, id);
}
wpabuf_put(msg, prot_len);
if (eap_eke_derive_ka(&data->sess,
sm->server_id, sm->server_id_len,
data->peerid, data->peerid_len,
data->nonce_p, data->nonce_s) < 0) {
wpabuf_free(msg);
eap_eke_fail(data, EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
return eap_eke_build_failure(data, id);
}
auth = wpabuf_put(msg, data->sess.prf_len);
if (eap_eke_auth(&data->sess, "EAP-EKE server", data->msgs, auth) < 0) {
wpabuf_free(msg);
eap_eke_fail(data, EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
return eap_eke_build_failure(data, id);
}
wpa_hexdump(MSG_DEBUG, "EAP-EKE: Auth_S", auth, data->sess.prf_len);
return msg;
}
int wps_build_uuid_e(struct wpabuf *msg, const u8 *uuid)
{
if (wpabuf_tailroom(msg) < 4 + WPS_UUID_LEN)
return -1;
wpa_printf(MSG_DEBUG, "WPS: * UUID-E");
wpabuf_put_be16(msg, ATTR_UUID_E);
wpabuf_put_be16(msg, WPS_UUID_LEN);
wpabuf_put_data(msg, uuid, WPS_UUID_LEN);
return 0;
}
static void wpas_mbo_non_pref_chan_subelement(struct wpa_supplicant *wpa_s,
struct wpabuf *mbo, u8 start,
u8 end)
{
size_t size = end - start + 7;
if (size + 2 > wpabuf_tailroom(mbo))
return;
wpas_mbo_non_pref_chan_subelem_hdr(mbo, size);
wpas_mbo_non_pref_chan_attr_body(wpa_s, mbo, start, end);
}
static void wpas_mbo_non_pref_chan_attr(struct wpa_supplicant *wpa_s,
struct wpabuf *mbo, u8 start, u8 end)
{
size_t size = end - start + 3;
if (size + 2 > wpabuf_tailroom(mbo))
return;
wpabuf_put_u8(mbo, MBO_ATTR_ID_NON_PREF_CHAN_REPORT);
wpabuf_put_u8(mbo, size); /* Length */
wpas_mbo_non_pref_chan_attr_body(wpa_s, mbo, start, end);
}
int wps_build_version(struct wpabuf *msg)
{
/*
* Note: This attribute is deprecated and set to hardcoded 0x10 for
* backwards compatibility reasons. The real version negotiation is
* done with Version2.
*/
if (wpabuf_tailroom(msg) < 5)
return -1;
wpa_printf(MSG_DEBUG, "WPS: * Version (hardcoded 0x10)");
wpabuf_put_be16(msg, ATTR_VERSION);
wpabuf_put_be16(msg, 1);
wpabuf_put_u8(msg, 0x10);
return 0;
}
static void anqp_add_elem(struct hostapd_data *hapd, struct wpabuf *buf,
u16 infoid)
{
struct anqp_element *elem;
elem = get_anqp_elem(hapd, infoid);
if (!elem)
return;
if (wpabuf_tailroom(buf) < 2 + 2 + wpabuf_len(elem->payload)) {
wpa_printf(MSG_DEBUG, "ANQP: No room for InfoID %u payload",
infoid);
return;
}
wpabuf_put_le16(buf, infoid);
wpabuf_put_le16(buf, wpabuf_len(elem->payload));
wpabuf_put_buf(buf, elem->payload);
}
static int eap_server_tls_process_fragment(struct eap_ssl_data *data,
u8 flags, u32 message_length,
const u8 *buf, size_t len)
{
/* Process a fragment that is not the last one of the message */
if (data->tls_in == NULL && !(flags & EAP_TLS_FLAGS_LENGTH_INCLUDED)) {
wpa_printf(MSG_DEBUG, "SSL: No Message Length field in a "
"fragmented packet");
return -1;
}
if (data->tls_in == NULL) {
/* First fragment of the message */
/* Limit length to avoid rogue peers from causing large
* memory allocations. */
if (message_length > 65536) {
wpa_printf(MSG_INFO, "SSL: Too long TLS fragment (size"
" over 64 kB)");
return -1;
}
if (len > message_length) {
wpa_printf(MSG_INFO, "SSL: Too much data (%d bytes) in "
"first fragment of frame (TLS Message "
"Length %d bytes)",
(int) len, (int) message_length);
return -1;
}
data->tls_in = wpabuf_alloc(message_length);
if (data->tls_in == NULL) {
wpa_printf(MSG_DEBUG, "SSL: No memory for message");
return -1;
}
wpabuf_put_data(data->tls_in, buf, len);
wpa_printf(MSG_DEBUG, "SSL: Received %lu bytes in first "
"fragment, waiting for %lu bytes more",
(unsigned long) len,
(unsigned long) wpabuf_tailroom(data->tls_in));
}
return 0;
}
void p2p_build_wps_ie(struct p2p_data *p2p, struct wpabuf *buf, u16 pw_id,
int all_attr)
{
u8 *len;
int i;
wpabuf_put_u8(buf, WLAN_EID_VENDOR_SPECIFIC);
len = wpabuf_put(buf, 1);
wpabuf_put_be32(buf, WPS_DEV_OUI_WFA);
wps_build_version(buf);
if (all_attr) {
wpabuf_put_be16(buf, ATTR_WPS_STATE);
wpabuf_put_be16(buf, 1);
wpabuf_put_u8(buf, WPS_STATE_NOT_CONFIGURED);
}
/* Device Password ID */
wpabuf_put_be16(buf, ATTR_DEV_PASSWORD_ID);
wpabuf_put_be16(buf, 2);
wpa_printf(MSG_DEBUG, "P2P: WPS IE Device Password ID: %d", pw_id);
wpabuf_put_be16(buf, pw_id);
if (all_attr) {
size_t nlen;
wpabuf_put_be16(buf, ATTR_RESPONSE_TYPE);
wpabuf_put_be16(buf, 1);
wpabuf_put_u8(buf, WPS_RESP_ENROLLEE_INFO);
#if 0
/* FIX */
wps_build_uuid_e(buf, reg->wps->uuid);
wps_build_manufacturer(dev, buf);
wps_build_model_name(dev, buf);
wps_build_model_number(dev, buf);
wps_build_serial_number(dev, buf);
#endif
wpabuf_put_be16(buf, ATTR_PRIMARY_DEV_TYPE);
wpabuf_put_be16(buf, WPS_DEV_TYPE_LEN);
wpabuf_put_data(buf, p2p->cfg->pri_dev_type, WPS_DEV_TYPE_LEN);
wpabuf_put_be16(buf, ATTR_DEV_NAME);
nlen = p2p->cfg->dev_name ? os_strlen(p2p->cfg->dev_name) : 0;
wpabuf_put_be16(buf, nlen);
if (p2p->cfg->dev_name)
wpabuf_put_data(buf, p2p->cfg->dev_name, nlen);
wpabuf_put_be16(buf, ATTR_CONFIG_METHODS);
wpabuf_put_be16(buf, 2);
wpabuf_put_be16(buf, 0); /* FIX: ? */
}
wps_build_wfa_ext(buf, 0, NULL, 0);
if (all_attr && p2p->cfg->num_sec_dev_types) {
wpabuf_put_be16(buf, ATTR_SECONDARY_DEV_TYPE_LIST);
wpabuf_put_be16(buf, WPS_DEV_TYPE_LEN *
p2p->cfg->num_sec_dev_types);
wpabuf_put_data(buf, p2p->cfg->sec_dev_type,
WPS_DEV_TYPE_LEN *
p2p->cfg->num_sec_dev_types);
}
/* Add the WPS vendor extensions */
for (i = 0; i < P2P_MAX_WPS_VENDOR_EXT; i++) {
if (p2p->wps_vendor_ext[i] == NULL)
break;
if (wpabuf_tailroom(buf) <
4 + wpabuf_len(p2p->wps_vendor_ext[i]))
continue;
wpabuf_put_be16(buf, ATTR_VENDOR_EXT);
wpabuf_put_be16(buf, wpabuf_len(p2p->wps_vendor_ext[i]));
wpabuf_put_buf(buf, p2p->wps_vendor_ext[i]);
}
p2p_buf_update_ie_hdr(buf, len);
}
int wps_build_wfa_ext(struct wpabuf *msg, int req_to_enroll,
const u8 *auth_macs, size_t auth_macs_count,
u8 multi_ap_subelem)
{
u8 *len;
#ifdef CONFIG_WPS_TESTING
if (WPS_VERSION == 0x10)
return 0;
#endif /* CONFIG_WPS_TESTING */
if (wpabuf_tailroom(msg) <
7 + 3 + (req_to_enroll ? 3 : 0) +
(auth_macs ? 2 + auth_macs_count * ETH_ALEN : 0))
return -1;
wpabuf_put_be16(msg, ATTR_VENDOR_EXT);
len = wpabuf_put(msg, 2); /* to be filled */
wpabuf_put_be24(msg, WPS_VENDOR_ID_WFA);
wpa_printf(MSG_DEBUG, "WPS: * Version2 (0x%x)", WPS_VERSION);
wpabuf_put_u8(msg, WFA_ELEM_VERSION2);
wpabuf_put_u8(msg, 1);
wpabuf_put_u8(msg, WPS_VERSION);
if (req_to_enroll) {
wpa_printf(MSG_DEBUG, "WPS: * Request to Enroll (1)");
wpabuf_put_u8(msg, WFA_ELEM_REQUEST_TO_ENROLL);
wpabuf_put_u8(msg, 1);
wpabuf_put_u8(msg, 1);
}
if (auth_macs && auth_macs_count) {
size_t i;
wpa_printf(MSG_DEBUG, "WPS: * AuthorizedMACs (count=%d)",
(int) auth_macs_count);
wpabuf_put_u8(msg, WFA_ELEM_AUTHORIZEDMACS);
wpabuf_put_u8(msg, auth_macs_count * ETH_ALEN);
wpabuf_put_data(msg, auth_macs, auth_macs_count * ETH_ALEN);
for (i = 0; i < auth_macs_count; i++)
wpa_printf(MSG_DEBUG, "WPS: AuthorizedMAC: " MACSTR,
MAC2STR(&auth_macs[i * ETH_ALEN]));
}
if (multi_ap_subelem) {
wpa_printf(MSG_DEBUG, "WPS: * Multi-AP (0x%x)",
multi_ap_subelem);
wpabuf_put_u8(msg, WFA_ELEM_MULTI_AP);
wpabuf_put_u8(msg, 1); /* length */
wpabuf_put_u8(msg, multi_ap_subelem);
}
WPA_PUT_BE16(len, (u8 *) wpabuf_put(msg, 0) - len - 2);
#ifdef CONFIG_WPS_TESTING
if (WPS_VERSION > 0x20) {
if (wpabuf_tailroom(msg) < 5)
return -1;
wpa_printf(MSG_DEBUG, "WPS: * Extensibility Testing - extra "
"attribute");
wpabuf_put_be16(msg, ATTR_EXTENSIBILITY_TEST);
wpabuf_put_be16(msg, 1);
wpabuf_put_u8(msg, 42);
}
#endif /* CONFIG_WPS_TESTING */
return 0;
}
static struct wpabuf * eap_eke_process_commit(struct eap_sm *sm,
struct eap_eke_data *data,
struct eap_method_ret *ret,
const struct wpabuf *reqData,
const u8 *payload,
size_t payload_len)
{
struct wpabuf *resp;
const u8 *pos, *end, *dhcomp;
size_t prot_len;
u8 *rpos;
u8 key[EAP_EKE_MAX_KEY_LEN];
u8 pub[EAP_EKE_MAX_DH_LEN];
const u8 *password;
size_t password_len;
u8 id = eap_get_id(reqData);
if (data->state != COMMIT) {
wpa_printf(MSG_DEBUG, "EAP-EKE: EAP-EKE-Commit/Request received in unexpected state (%d)", data->state);
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PROTO_ERROR);
}
wpa_printf(MSG_DEBUG, "EAP-EKE: Received EAP-EKE-Commit/Request");
password = eap_get_config_password(sm, &password_len);
if (password == NULL) {
wpa_printf(MSG_INFO, "EAP-EKE: No password configured!");
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PASSWD_NOT_FOUND);
}
pos = payload;
end = payload + payload_len;
if (pos + data->sess.dhcomp_len > end) {
wpa_printf(MSG_DEBUG, "EAP-EKE: Too short EAP-EKE-Commit");
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PROTO_ERROR);
}
wpa_hexdump(MSG_DEBUG, "EAP-EKE: DHComponent_S",
pos, data->sess.dhcomp_len);
dhcomp = pos;
pos += data->sess.dhcomp_len;
wpa_hexdump(MSG_DEBUG, "EAP-EKE: CBValue", pos, end - pos);
/*
* temp = prf(0+, password)
* key = prf+(temp, ID_S | ID_P)
*/
if (eap_eke_derive_key(&data->sess, password, password_len,
data->serverid, data->serverid_len,
data->peerid, data->peerid_len, key) < 0) {
wpa_printf(MSG_INFO, "EAP-EKE: Failed to derive key");
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
/*
* y_p = g ^ x_p (mod p)
* x_p = random number 2 .. p-1
*/
if (eap_eke_dh_init(data->sess.dhgroup, data->dh_priv, pub) < 0) {
wpa_printf(MSG_INFO, "EAP-EKE: Failed to initialize DH");
os_memset(key, 0, sizeof(key));
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
if (eap_eke_shared_secret(&data->sess, key, data->dh_priv, dhcomp) < 0)
{
wpa_printf(MSG_INFO, "EAP-EKE: Failed to derive shared secret");
os_memset(key, 0, sizeof(key));
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
if (eap_eke_derive_ke_ki(&data->sess,
data->serverid, data->serverid_len,
data->peerid, data->peerid_len) < 0) {
wpa_printf(MSG_INFO, "EAP-EKE: Failed to derive Ke/Ki");
os_memset(key, 0, sizeof(key));
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
wpa_printf(MSG_DEBUG, "EAP-EKE: Sending EAP-EKE-Commit/Response");
resp = eap_eke_build_msg(data, id,
data->sess.dhcomp_len + data->sess.pnonce_len,
EAP_EKE_COMMIT);
if (resp == NULL) {
os_memset(key, 0, sizeof(key));
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
/* DHComponent_P = Encr(key, y_p) */
rpos = wpabuf_put(resp, data->sess.dhcomp_len);
if (eap_eke_dhcomp(&data->sess, key, pub, rpos) < 0) {
wpabuf_free(resp);
wpa_printf(MSG_INFO, "EAP-EKE: Failed to build DHComponent_P");
os_memset(key, 0, sizeof(key));
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
os_memset(key, 0, sizeof(key));
wpa_hexdump(MSG_DEBUG, "EAP-EKE: DHComponent_P",
rpos, data->sess.dhcomp_len);
if (random_get_bytes(data->nonce_p, data->sess.nonce_len)) {
wpabuf_free(resp);
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
wpa_hexdump_key(MSG_DEBUG, "EAP-EKE: Nonce_P",
data->nonce_p, data->sess.nonce_len);
prot_len = wpabuf_tailroom(resp);
if (eap_eke_prot(&data->sess, data->nonce_p, data->sess.nonce_len,
wpabuf_put(resp, 0), &prot_len) < 0) {
wpabuf_free(resp);
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
wpa_hexdump(MSG_DEBUG, "EAP-EKE: PNonce_P",
wpabuf_put(resp, 0), prot_len);
wpabuf_put(resp, prot_len);
/* TODO: CBValue */
if (wpabuf_resize(&data->msgs, wpabuf_len(reqData) + wpabuf_len(resp))
< 0) {
wpabuf_free(resp);
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
wpabuf_put_buf(data->msgs, reqData);
wpabuf_put_buf(data->msgs, resp);
eap_eke_state(data, CONFIRM);
return resp;
}
static struct wpabuf * eap_eke_process_confirm(struct eap_eke_data *data,
struct eap_method_ret *ret,
const struct wpabuf *reqData,
const u8 *payload,
size_t payload_len)
{
struct wpabuf *resp;
const u8 *pos, *end;
size_t prot_len;
u8 nonces[2 * EAP_EKE_MAX_NONCE_LEN];
u8 auth_s[EAP_EKE_MAX_HASH_LEN];
size_t decrypt_len;
u8 *auth;
u8 id = eap_get_id(reqData);
if (data->state != CONFIRM) {
wpa_printf(MSG_DEBUG, "EAP-EKE: EAP-EKE-Confirm/Request received in unexpected state (%d)",
data->state);
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PROTO_ERROR);
}
wpa_printf(MSG_DEBUG, "EAP-EKE: Received EAP-EKE-Confirm/Request");
pos = payload;
end = payload + payload_len;
if (pos + data->sess.pnonce_ps_len + data->sess.prf_len > end) {
wpa_printf(MSG_DEBUG, "EAP-EKE: Too short EAP-EKE-Confirm");
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PROTO_ERROR);
}
decrypt_len = sizeof(nonces);
if (eap_eke_decrypt_prot(&data->sess, pos, data->sess.pnonce_ps_len,
nonces, &decrypt_len) < 0) {
wpa_printf(MSG_INFO, "EAP-EKE: Failed to decrypt PNonce_PS");
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_AUTHENTICATION_FAIL);
}
if (decrypt_len != (size_t) 2 * data->sess.nonce_len) {
wpa_printf(MSG_INFO, "EAP-EKE: PNonce_PS protected data length does not match length of Nonce_P and Nonce_S");
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_AUTHENTICATION_FAIL);
}
wpa_hexdump_key(MSG_DEBUG, "EAP-EKE: Received Nonce_P | Nonce_S",
nonces, 2 * data->sess.nonce_len);
if (os_memcmp(data->nonce_p, nonces, data->sess.nonce_len) != 0) {
wpa_printf(MSG_INFO, "EAP-EKE: Received Nonce_P does not match transmitted Nonce_P");
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_AUTHENTICATION_FAIL);
}
os_memcpy(data->nonce_s, nonces + data->sess.nonce_len,
data->sess.nonce_len);
wpa_hexdump_key(MSG_DEBUG, "EAP-EKE: Nonce_S",
data->nonce_s, data->sess.nonce_len);
if (eap_eke_derive_ka(&data->sess, data->serverid, data->serverid_len,
data->peerid, data->peerid_len,
data->nonce_p, data->nonce_s) < 0) {
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
if (eap_eke_auth(&data->sess, "EAP-EKE server", data->msgs, auth_s) < 0)
{
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
wpa_hexdump(MSG_DEBUG, "EAP-EKE: Auth_S", auth_s, data->sess.prf_len);
if (os_memcmp_const(auth_s, pos + data->sess.pnonce_ps_len,
data->sess.prf_len) != 0) {
wpa_printf(MSG_INFO, "EAP-EKE: Auth_S does not match");
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_AUTHENTICATION_FAIL);
}
wpa_printf(MSG_DEBUG, "EAP-EKE: Sending EAP-EKE-Confirm/Response");
resp = eap_eke_build_msg(data, id,
data->sess.pnonce_len + data->sess.prf_len,
EAP_EKE_CONFIRM);
if (resp == NULL) {
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
prot_len = wpabuf_tailroom(resp);
if (eap_eke_prot(&data->sess, data->nonce_s, data->sess.nonce_len,
wpabuf_put(resp, 0), &prot_len) < 0) {
wpabuf_free(resp);
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
wpabuf_put(resp, prot_len);
auth = wpabuf_put(resp, data->sess.prf_len);
if (eap_eke_auth(&data->sess, "EAP-EKE peer", data->msgs, auth) < 0) {
wpabuf_free(resp);
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
wpa_hexdump(MSG_DEBUG, "EAP-EKE: Auth_P", auth, data->sess.prf_len);
if (eap_eke_derive_msk(&data->sess, data->serverid, data->serverid_len,
data->peerid, data->peerid_len,
data->nonce_s, data->nonce_p,
data->msk, data->emsk) < 0) {
wpa_printf(MSG_INFO, "EAP-EKE: Failed to derive MSK/EMSK");
wpabuf_free(resp);
return eap_eke_build_fail(data, ret, id,
EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
}
os_memset(data->dh_priv, 0, sizeof(data->dh_priv));
eap_eke_session_clean(&data->sess);
eap_eke_state(data, SUCCESS);
ret->methodState = METHOD_MAY_CONT;
ret->decision = DECISION_COND_SUCC;
ret->allowNotifications = FALSE;
return resp;
}
/* insert AMPE and encrypted MIC at @ie.
* @mesh_rsn: mesh RSN context
* @sta: STA we're sending to
* @cat: pointer to category code in frame header.
* @buf: wpabuf to add encrypted AMPE and MIC to.
* */
int mesh_rsn_protect_frame(struct mesh_rsn *rsn, struct sta_info *sta,
const u8 *cat, struct wpabuf *buf)
{
struct ieee80211_ampe_ie *ampe;
u8 const *ie = wpabuf_head_u8(buf) + wpabuf_len(buf);
u8 *ampe_ie = NULL, *mic_ie = NULL, *mic_payload;
const u8 *aad[] = { rsn->wpa_s->own_addr, sta->addr, cat };
const size_t aad_len[] = { ETH_ALEN, ETH_ALEN, ie - cat };
int ret = 0;
if (AES_BLOCK_SIZE + 2 + sizeof(*ampe) + 2 > wpabuf_tailroom(buf)) {
wpa_printf(MSG_ERROR, "protect frame: buffer too small");
return -EINVAL;
}
ampe_ie = os_zalloc(2 + sizeof(*ampe));
if (!ampe_ie) {
wpa_printf(MSG_ERROR, "protect frame: out of memory");
return -ENOMEM;
}
mic_ie = os_zalloc(2 + AES_BLOCK_SIZE);
if (!mic_ie) {
wpa_printf(MSG_ERROR, "protect frame: out of memory");
ret = -ENOMEM;
goto free;
}
/* IE: AMPE */
ampe_ie[0] = WLAN_EID_AMPE;
ampe_ie[1] = sizeof(*ampe);
ampe = (struct ieee80211_ampe_ie *) (ampe_ie + 2);
RSN_SELECTOR_PUT(ampe->selected_pairwise_suite,
wpa_cipher_to_suite(WPA_PROTO_RSN, WPA_CIPHER_CCMP));
os_memcpy(ampe->local_nonce, sta->my_nonce, 32);
os_memcpy(ampe->peer_nonce, sta->peer_nonce, 32);
/* incomplete: see 13.5.4 */
/* TODO: static mgtk for now since we don't support rekeying! */
os_memcpy(ampe->mgtk, rsn->mgtk, 16);
/* TODO: Populate Key RSC */
/* expire in 13 decades or so */
os_memset(ampe->key_expiration, 0xff, 4);
/* IE: MIC */
mic_ie[0] = WLAN_EID_MIC;
mic_ie[1] = AES_BLOCK_SIZE;
wpabuf_put_data(buf, mic_ie, 2);
/* MIC field is output ciphertext */
/* encrypt after MIC */
mic_payload = (u8 *) wpabuf_put(buf, 2 + sizeof(*ampe) +
AES_BLOCK_SIZE);
if (aes_siv_encrypt(sta->aek, ampe_ie, 2 + sizeof(*ampe), 3,
aad, aad_len, mic_payload)) {
wpa_printf(MSG_ERROR, "protect frame: failed to encrypt");
ret = -ENOMEM;
goto free;
}
free:
os_free(ampe_ie);
os_free(mic_ie);
return ret;
}
int p2p_build_wps_ie(struct p2p_data *p2p, struct wpabuf *buf, int pw_id,
int all_attr)
{
u8 *len;
int i;
if (wpabuf_tailroom(buf) < 6)
return -1;
wpabuf_put_u8(buf, WLAN_EID_VENDOR_SPECIFIC);
len = wpabuf_put(buf, 1);
wpabuf_put_be32(buf, WPS_DEV_OUI_WFA);
if (wps_build_version(buf) < 0)
return -1;
if (all_attr) {
if (wpabuf_tailroom(buf) < 5)
return -1;
wpabuf_put_be16(buf, ATTR_WPS_STATE);
wpabuf_put_be16(buf, 1);
wpabuf_put_u8(buf, WPS_STATE_NOT_CONFIGURED);
}
if (pw_id >= 0) {
if (wpabuf_tailroom(buf) < 6)
return -1;
/* Device Password ID */
wpabuf_put_be16(buf, ATTR_DEV_PASSWORD_ID);
wpabuf_put_be16(buf, 2);
wpa_printf(MSG_DEBUG, "P2P: WPS IE Device Password ID: %d",
pw_id);
wpabuf_put_be16(buf, pw_id);
}
if (all_attr) {
if (wpabuf_tailroom(buf) < 5)
return -1;
wpabuf_put_be16(buf, ATTR_RESPONSE_TYPE);
wpabuf_put_be16(buf, 1);
wpabuf_put_u8(buf, WPS_RESP_ENROLLEE_INFO);
if (wps_build_uuid_e(buf, p2p->cfg->uuid) < 0 ||
p2p_add_wps_string(buf, ATTR_MANUFACTURER,
p2p->cfg->manufacturer) < 0 ||
p2p_add_wps_string(buf, ATTR_MODEL_NAME,
p2p->cfg->model_name) < 0 ||
p2p_add_wps_string(buf, ATTR_MODEL_NUMBER,
p2p->cfg->model_number) < 0 ||
p2p_add_wps_string(buf, ATTR_SERIAL_NUMBER,
p2p->cfg->serial_number) < 0)
return -1;
if (wpabuf_tailroom(buf) < 4 + WPS_DEV_TYPE_LEN)
return -1;
wpabuf_put_be16(buf, ATTR_PRIMARY_DEV_TYPE);
wpabuf_put_be16(buf, WPS_DEV_TYPE_LEN);
wpabuf_put_data(buf, p2p->cfg->pri_dev_type, WPS_DEV_TYPE_LEN);
if (p2p_add_wps_string(buf, ATTR_DEV_NAME, p2p->cfg->dev_name)
< 0)
return -1;
if (wpabuf_tailroom(buf) < 6)
return -1;
wpabuf_put_be16(buf, ATTR_CONFIG_METHODS);
wpabuf_put_be16(buf, 2);
wpabuf_put_be16(buf, p2p->cfg->config_methods);
}
if (wps_build_wfa_ext(buf, 0, NULL, 0) < 0)
return -1;
if (all_attr && p2p->cfg->num_sec_dev_types) {
if (wpabuf_tailroom(buf) <
4 + WPS_DEV_TYPE_LEN * p2p->cfg->num_sec_dev_types)
return -1;
wpabuf_put_be16(buf, ATTR_SECONDARY_DEV_TYPE_LIST);
wpabuf_put_be16(buf, WPS_DEV_TYPE_LEN *
p2p->cfg->num_sec_dev_types);
wpabuf_put_data(buf, p2p->cfg->sec_dev_type,
WPS_DEV_TYPE_LEN *
p2p->cfg->num_sec_dev_types);
}
/* Add the WPS vendor extensions */
for (i = 0; i < P2P_MAX_WPS_VENDOR_EXT; i++) {
if (p2p->wps_vendor_ext[i] == NULL)
break;
if (wpabuf_tailroom(buf) <
4 + wpabuf_len(p2p->wps_vendor_ext[i]))
continue;
wpabuf_put_be16(buf, ATTR_VENDOR_EXT);
wpabuf_put_be16(buf, wpabuf_len(p2p->wps_vendor_ext[i]));
wpabuf_put_buf(buf, p2p->wps_vendor_ext[i]);
}
p2p_buf_update_ie_hdr(buf, len);
return 0;
}
/**
* tlsv1_client_decrypt - Decrypt data from TLS tunnel
* @conn: TLSv1 client connection data from tlsv1_client_init()
* @in_data: Pointer to input buffer (encrypted TLS data)
* @in_len: Input buffer length
* @need_more_data: Set to 1 if more data would be needed to complete
* processing
* Returns: Decrypted data or %NULL on failure
*
* This function is used after TLS handshake has been completed successfully to
* receive data from the encrypted tunnel.
*/
struct wpabuf * tlsv1_client_decrypt(struct tlsv1_client *conn,
const u8 *in_data, size_t in_len,
int *need_more_data)
{
const u8 *in_end, *pos;
int used;
u8 alert, *out_pos, ct;
size_t olen;
struct wpabuf *buf = NULL;
if (need_more_data)
*need_more_data = 0;
if (conn->partial_input) {
if (wpabuf_resize(&conn->partial_input, in_len) < 0) {
wpa_printf(MSG_DEBUG, "TLSv1: Failed to allocate "
"memory for pending record");
alert = TLS_ALERT_INTERNAL_ERROR;
goto fail;
}
wpabuf_put_data(conn->partial_input, in_data, in_len);
in_data = wpabuf_head(conn->partial_input);
in_len = wpabuf_len(conn->partial_input);
}
pos = in_data;
in_end = in_data + in_len;
while (pos < in_end) {
ct = pos[0];
if (wpabuf_resize(&buf, in_end - pos) < 0) {
alert = TLS_ALERT_INTERNAL_ERROR;
goto fail;
}
out_pos = wpabuf_put(buf, 0);
olen = wpabuf_tailroom(buf);
used = tlsv1_record_receive(&conn->rl, pos, in_end - pos,
out_pos, &olen, &alert);
if (used < 0) {
wpa_printf(MSG_DEBUG, "TLSv1: Record layer processing "
"failed");
goto fail;
}
if (used == 0) {
struct wpabuf *partial;
wpa_printf(MSG_DEBUG, "TLSv1: Need more data");
partial = wpabuf_alloc_copy(pos, in_end - pos);
wpabuf_free(conn->partial_input);
conn->partial_input = partial;
if (conn->partial_input == NULL) {
wpa_printf(MSG_DEBUG, "TLSv1: Failed to "
"allocate memory for pending "
"record");
alert = TLS_ALERT_INTERNAL_ERROR;
goto fail;
}
if (need_more_data)
*need_more_data = 1;
return buf;
}
if (ct == TLS_CONTENT_TYPE_ALERT) {
if (olen < 2) {
wpa_printf(MSG_DEBUG, "TLSv1: Alert "
"underflow");
alert = TLS_ALERT_DECODE_ERROR;
goto fail;
}
wpa_printf(MSG_DEBUG, "TLSv1: Received alert %d:%d",
out_pos[0], out_pos[1]);
if (out_pos[0] == TLS_ALERT_LEVEL_WARNING) {
/* Continue processing */
pos += used;
continue;
}
alert = out_pos[1];
goto fail;
}
if (ct != TLS_CONTENT_TYPE_APPLICATION_DATA) {
wpa_printf(MSG_DEBUG, "TLSv1: Unexpected content type "
"0x%x when decrypting application data",
pos[0]);
alert = TLS_ALERT_UNEXPECTED_MESSAGE;
goto fail;
}
wpabuf_put(buf, olen);
pos += used;
}
wpabuf_free(conn->partial_input);
conn->partial_input = NULL;
return buf;
fail:
wpabuf_free(buf);
wpabuf_free(conn->partial_input);
conn->partial_input = NULL;
tls_alert(conn, TLS_ALERT_LEVEL_FATAL, alert);
return NULL;
}
