static int are_ies_equal(const struct wpa_bss *old, const struct wpa_scan_res *new_res, u32 ie) { const u8 *old_ie, *new_ie; struct wpabuf *old_ie_buff = NULL; struct wpabuf *new_ie_buff = NULL; int new_ie_len, old_ie_len, ret, is_multi; switch (ie) { case WPA_IE_VENDOR_TYPE: old_ie = wpa_bss_get_vendor_ie(old, ie); new_ie = wpa_scan_get_vendor_ie(new_res, ie); is_multi = 0; break; case WPS_IE_VENDOR_TYPE: old_ie_buff = wpa_bss_get_vendor_ie_multi(old, ie); new_ie_buff = wpa_scan_get_vendor_ie_multi(new_res, ie); is_multi = 1; break; case WLAN_EID_RSN: case WLAN_EID_SUPP_RATES: case WLAN_EID_EXT_SUPP_RATES: old_ie = wpa_bss_get_ie(old, ie); new_ie = wpa_scan_get_ie(new_res, ie); is_multi = 0; break; default: wpa_printf(MSG_DEBUG, "bss: %s: cannot compare IEs", __func__); return 0; } if (is_multi) { /* in case of multiple IEs stored in buffer */ old_ie = old_ie_buff ? wpabuf_head_u8(old_ie_buff) : NULL; new_ie = new_ie_buff ? wpabuf_head_u8(new_ie_buff) : NULL; old_ie_len = old_ie_buff ? wpabuf_len(old_ie_buff) : 0; new_ie_len = new_ie_buff ? wpabuf_len(new_ie_buff) : 0; } else { /* in case of single IE */ old_ie_len = old_ie ? old_ie[1] + 2 : 0; new_ie_len = new_ie ? new_ie[1] + 2 : 0; } if (!old_ie || !new_ie) ret = !old_ie && !new_ie; else ret = (old_ie_len == new_ie_len && os_memcmp(old_ie, new_ie, old_ie_len) == 0); wpabuf_free(old_ie_buff); wpabuf_free(new_ie_buff); return ret; }
int wpas_mbo_ie(struct wpa_supplicant *wpa_s, u8 *buf, size_t len) { struct wpabuf *mbo; int res; if (len < MBO_IE_HEADER + 3 + 7) return 0; /* Leave room for the MBO IE header */ mbo = wpabuf_alloc(len - MBO_IE_HEADER); if (!mbo) return 0; /* Add non-preferred channels attribute */ wpas_mbo_non_pref_chan_attrs(wpa_s, mbo, 0); /* * Send cellular capabilities attribute even if AP does not advertise * cellular capabilities. */ wpabuf_put_u8(mbo, MBO_ATTR_ID_CELL_DATA_CAPA); wpabuf_put_u8(mbo, 1); wpabuf_put_u8(mbo, wpa_s->conf->mbo_cell_capa); res = mbo_add_ie(buf, len, wpabuf_head_u8(mbo), wpabuf_len(mbo)); if (!res) wpa_printf(MSG_ERROR, "Failed to add MBO IE"); wpabuf_free(mbo); return res; }
static struct wpabuf * eap_tnc_build_msg(struct eap_tnc_data *data, u8 id) { struct wpabuf *req; u8 flags; size_t send_len, plen; wpa_printf(MSG_DEBUG, "EAP-TNC: Generating Request"); flags = EAP_TNC_VERSION; send_len = wpabuf_len(data->out_buf) - data->out_used; if (1 + send_len > data->fragment_size) { send_len = data->fragment_size - 1; flags |= EAP_TNC_FLAGS_MORE_FRAGMENTS; if (data->out_used == 0) { flags |= EAP_TNC_FLAGS_LENGTH_INCLUDED; send_len -= 4; } } plen = 1 + send_len; if (flags & EAP_TNC_FLAGS_LENGTH_INCLUDED) plen += 4; req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_TNC, plen, EAP_CODE_REQUEST, id); if (req == NULL) return NULL; wpabuf_put_u8(req, flags); /* Flags */ if (flags & EAP_TNC_FLAGS_LENGTH_INCLUDED) wpabuf_put_be32(req, wpabuf_len(data->out_buf)); wpabuf_put_data(req, wpabuf_head_u8(data->out_buf) + data->out_used, send_len); data->out_used += send_len; if (data->out_used == wpabuf_len(data->out_buf)) { wpa_printf(MSG_DEBUG, "EAP-TNC: Sending out %lu bytes " "(message sent completely)", (unsigned long) send_len); wpabuf_free(data->out_buf); data->out_buf = NULL; data->out_used = 0; if (data->was_fail) eap_tnc_set_state(data, FAIL); else if (data->was_done) eap_tnc_set_state(data, DONE); } else { wpa_printf(MSG_DEBUG, "EAP-TNC: Sending out %lu bytes " "(%lu more to send)", (unsigned long) send_len, (unsigned long) wpabuf_len(data->out_buf) - data->out_used); if (data->state == FAIL) data->was_fail = 1; else if (data->state == DONE) data->was_done = 1; eap_tnc_set_state(data, WAIT_FRAG_ACK); } return req; }
u8 * eap_sim_msg_add_mac(struct eap_sim_msg *msg, u8 attr) { u8 *pos = eap_sim_msg_add(msg, attr, 0, NULL, EAP_SIM_MAC_LEN); if (pos) msg->mac = (pos - wpabuf_head_u8(msg->buf)) + 4; return pos; }
int radius_msg_verify(struct radius_msg *msg, const u8 *secret, size_t secret_len, struct radius_msg *sent_msg, int auth) { const u8 *addr[4]; size_t len[4]; u8 hash[MD5_MAC_LEN]; if (sent_msg == NULL) { printf("No matching Access-Request message found\n"); return 1; } if (auth && radius_msg_verify_msg_auth(msg, secret, secret_len, sent_msg->hdr->authenticator)) { return 1; } /* ResponseAuth = MD5(Code+ID+Length+RequestAuth+Attributes+Secret) */ addr[0] = (u8 *) msg->hdr; len[0] = 1 + 1 + 2; addr[1] = sent_msg->hdr->authenticator; len[1] = MD5_MAC_LEN; addr[2] = wpabuf_head_u8(msg->buf) + sizeof(struct radius_hdr); len[2] = wpabuf_len(msg->buf) - sizeof(struct radius_hdr); addr[3] = secret; len[3] = secret_len; md5_vector(4, addr, len, hash); if (os_memcmp(hash, msg->hdr->authenticator, MD5_MAC_LEN) != 0) { printf("Response Authenticator invalid!\n"); return 1; } return 0; }
static ssize_t tls_pull_func(gnutls_transport_ptr ptr, void *buf, size_t len) { struct tls_connection *conn = (struct tls_connection *) ptr; const u8 *end; if (conn->pull_buf == NULL) { errno = EWOULDBLOCK; return -1; } end = wpabuf_head_u8(conn->pull_buf) + wpabuf_len(conn->pull_buf); if ((size_t) (end - conn->pull_buf_offset) < len) len = end - conn->pull_buf_offset; os_memcpy(buf, conn->pull_buf_offset, len); conn->pull_buf_offset += len; if (conn->pull_buf_offset == end) { wpa_printf(MSG_DEBUG, "%s - pull_buf consumed", __func__); wpabuf_free(conn->pull_buf); conn->pull_buf = NULL; conn->pull_buf_offset = NULL; } else { wpa_printf(MSG_DEBUG, "%s - %lu bytes remaining in pull_buf", __func__, (unsigned long) (end - conn->pull_buf_offset)); } return len; }
/** * gas_anqp_set_len - Set Query Request/Response Length * @buf: GAS message * * This function is used to update the Query Request/Response Length field once * the payload has been filled. */ void gas_anqp_set_len(struct wpabuf *buf) { u8 action; size_t offset; u8 *len; if (buf == NULL || wpabuf_len(buf) < 2) return; action = *(wpabuf_head_u8(buf) + 1); switch (action) { case WLAN_PA_GAS_INITIAL_REQ: offset = 3 + 4; break; case WLAN_PA_GAS_INITIAL_RESP: offset = 7 + 4; break; case WLAN_PA_GAS_COMEBACK_RESP: offset = 8 + 4; break; default: return; } if (wpabuf_len(buf) < offset + 2) return; len = wpabuf_mhead_u8(buf) + offset; WPA_PUT_LE16(len, (u8 *) wpabuf_put(buf, 0) - len - 2); }
int eap_sim_msg_add_encr_end(struct eap_sim_msg *msg, u8 *k_encr, int attr_pad) { size_t encr_len; if (msg == NULL || k_encr == NULL || msg->iv == 0 || msg->encr == 0) return -1; encr_len = wpabuf_len(msg->buf) - msg->encr - 4; if (encr_len % 16) { u8 *pos; int pad_len = 16 - (encr_len % 16); if (pad_len < 4) { wpa_printf(MSG_WARNING, "EAP-SIM: " "eap_sim_msg_add_encr_end - invalid pad_len" " %d", pad_len); return -1; } wpa_printf(MSG_DEBUG, " *AT_PADDING"); pos = eap_sim_msg_add(msg, attr_pad, 0, NULL, pad_len - 4); if (pos == NULL) return -1; os_memset(pos + 4, 0, pad_len - 4); encr_len += pad_len; } wpa_printf(MSG_DEBUG, " (AT_ENCR_DATA data len %lu)", (unsigned long) encr_len); wpabuf_mhead_u8(msg->buf)[msg->encr + 1] = encr_len / 4 + 1; return aes_128_cbc_encrypt(k_encr, wpabuf_head_u8(msg->buf) + msg->iv, wpabuf_mhead_u8(msg->buf) + msg->encr + 4, encr_len); }
/** * p2p_parse_p2p_ie - Parse P2P IE * @buf: Concatenated P2P IE(s) payload * @msg: Buffer for returning parsed attributes * Returns: 0 on success, -1 on failure * * Note: Caller is responsible for clearing the msg data structure before * calling this function. */ int p2p_parse_p2p_ie(const struct wpabuf *buf, struct p2p_message *msg) { const u8 *pos = wpabuf_head_u8(buf); const u8 *end = pos + wpabuf_len(buf); wpa_printf(MSG_DEBUG, "P2P: Parsing P2P IE"); while (pos < end) { u16 attr_len; if (pos + 2 >= end) { wpa_printf(MSG_DEBUG, "P2P: Invalid P2P attribute"); return -1; } attr_len = WPA_GET_LE16(pos + 1); wpa_printf(MSG_DEBUG, "P2P: Attribute %d length %u", pos[0], attr_len); if (pos + 3 + attr_len > end) { wpa_printf(MSG_DEBUG, "P2P: Attribute underflow " "(len=%u left=%d)", attr_len, (int) (end - pos - 3)); wpa_hexdump(MSG_MSGDUMP, "P2P: Data", pos, end - pos); return -1; } if (p2p_parse_attribute(pos[0], pos + 3, attr_len, msg)) return -1; pos += 3 + attr_len; } return 0; }
struct wpabuf * eap_server_tls_build_msg(struct eap_ssl_data *data, int eap_type, int version, u8 id) { struct wpabuf *req; u8 flags; size_t send_len, plen; wpa_printf(MSG_DEBUG, "SSL: Generating Request"); if (data->tls_out == NULL) { wpa_printf(MSG_ERROR, "SSL: tls_out NULL in %s", __func__); return NULL; } flags = version; send_len = wpabuf_len(data->tls_out) - data->tls_out_pos; if (1 + send_len > data->tls_out_limit) { send_len = data->tls_out_limit - 1; flags |= EAP_TLS_FLAGS_MORE_FRAGMENTS; if (data->tls_out_pos == 0) { flags |= EAP_TLS_FLAGS_LENGTH_INCLUDED; send_len -= 4; } } plen = 1 + send_len; if (flags & EAP_TLS_FLAGS_LENGTH_INCLUDED) plen += 4; req = eap_msg_alloc(EAP_VENDOR_IETF, eap_type, plen, EAP_CODE_REQUEST, id); if (req == NULL) return NULL; wpabuf_put_u8(req, flags); /* Flags */ if (flags & EAP_TLS_FLAGS_LENGTH_INCLUDED) wpabuf_put_be32(req, wpabuf_len(data->tls_out)); wpabuf_put_data(req, wpabuf_head_u8(data->tls_out) + data->tls_out_pos, send_len); data->tls_out_pos += send_len; if (data->tls_out_pos == wpabuf_len(data->tls_out)) { wpa_printf(MSG_DEBUG, "SSL: Sending out %lu bytes " "(message sent completely)", (unsigned long) send_len); wpabuf_free(data->tls_out); data->tls_out = NULL; data->tls_out_pos = 0; data->state = MSG; } else { wpa_printf(MSG_DEBUG, "SSL: Sending out %lu bytes " "(%lu more to send)", (unsigned long) send_len, (unsigned long) wpabuf_len(data->tls_out) - data->tls_out_pos); data->state = WAIT_FRAG_ACK; } return req; }
static struct wpabuf *eap_wsc_build_msg(struct eap_wsc_data *data, struct eap_method_ret *ret, u8 id) { struct wpabuf *resp; u8 flags; size_t send_len, plen; ret->ignore = FALSE; wpa_printf(MSG_DEBUG, "EAP-WSC: Generating Response"); ret->allowNotifications = TRUE; flags = 0; send_len = wpabuf_len(data->out_buf) - data->out_used; if (2 + send_len > data->fragment_size) { send_len = data->fragment_size - 2; flags |= WSC_FLAGS_MF; if (data->out_used == 0) { flags |= WSC_FLAGS_LF; send_len -= 2; } } plen = 2 + send_len; if (flags & WSC_FLAGS_LF) { plen += 2; } resp = eap_msg_alloc(EAP_VENDOR_WFA, EAP_VENDOR_TYPE_WSC, plen, EAP_CODE_RESPONSE, id); if (resp == NULL) { return NULL; } wpabuf_put_u8(resp, data->out_op_code); /* Op-Code */ wpabuf_put_u8(resp, flags); /* Flags */ if (flags & WSC_FLAGS_LF) { wpabuf_put_be16(resp, wpabuf_len(data->out_buf)); } wpabuf_put_data(resp, wpabuf_head_u8(data->out_buf) + data->out_used, send_len); data->out_used += send_len; ret->methodState = METHOD_MAY_CONT; ret->decision = DECISION_FAIL; if (data->out_used == wpabuf_len(data->out_buf)) { wpa_printf(MSG_DEBUG, "EAP-WSC: Sending out %lu bytes " "(message sent completely)", (unsigned long)send_len); wpabuf_free(data->out_buf); data->out_buf = NULL; data->out_used = 0; if ((data->state == FAIL && data->out_op_code == WSC_ACK) || data->out_op_code == WSC_NACK || data->out_op_code == WSC_Done) { eap_wsc_state(data, FAIL); ret->methodState = METHOD_DONE; } else { eap_wsc_state(data, MESG); } } else { wpa_printf(MSG_DEBUG, "EAP-WSC: Sending out %lu bytes " "(%lu more to send)", (unsigned long)send_len, (unsigned long)wpabuf_len(data->out_buf) - data->out_used); eap_wsc_state(data, WAIT_FRAG_ACK); } return resp; }
static struct wpabuf * eap_tnc_build_msg(struct eap_tnc_data *data, struct eap_method_ret *ret, u8 id) { struct wpabuf *resp; u8 flags; size_t send_len, plen; ret->ignore = FALSE; wpa_printf(MSG_DEBUG, "EAP-TNC: Generating Response"); ret->allowNotifications = TRUE; flags = EAP_TNC_VERSION; send_len = wpabuf_len(data->out_buf) - data->out_used; if (1 + send_len > data->fragment_size) { send_len = data->fragment_size - 1; flags |= EAP_TNC_FLAGS_MORE_FRAGMENTS; if (data->out_used == 0) { flags |= EAP_TNC_FLAGS_LENGTH_INCLUDED; send_len -= 4; } } plen = 1 + send_len; if (flags & EAP_TNC_FLAGS_LENGTH_INCLUDED) plen += 4; resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_TNC, plen, EAP_CODE_RESPONSE, id); if (resp == NULL) return NULL; wpabuf_put_u8(resp, flags); /* Flags */ if (flags & EAP_TNC_FLAGS_LENGTH_INCLUDED) wpabuf_put_be32(resp, wpabuf_len(data->out_buf)); wpabuf_put_data(resp, wpabuf_head_u8(data->out_buf) + data->out_used, send_len); data->out_used += send_len; ret->methodState = METHOD_MAY_CONT; ret->decision = DECISION_FAIL; if (data->out_used == wpabuf_len(data->out_buf)) { wpa_printf(MSG_DEBUG, "EAP-TNC: Sending out %lu bytes " "(message sent completely)", (unsigned long) send_len); wpabuf_free(data->out_buf); data->out_buf = NULL; data->out_used = 0; } else { wpa_printf(MSG_DEBUG, "EAP-TNC: Sending out %lu bytes " "(%lu more to send)", (unsigned long) send_len, (unsigned long) wpabuf_len(data->out_buf) - data->out_used); data->state = WAIT_FRAG_ACK; } return resp; }
static struct wpabuf * eap_wsc_build_msg(struct eap_wsc_data *data, u8 id) { struct wpabuf *req; u8 flags; size_t send_len, plen; flags = 0; send_len = wpabuf_len(data->out_buf) - data->out_used; if (2 + send_len > data->fragment_size) { send_len = data->fragment_size - 2; flags |= WSC_FLAGS_MF; if (data->out_used == 0) { flags |= WSC_FLAGS_LF; send_len -= 2; } } plen = 2 + send_len; if (flags & WSC_FLAGS_LF) plen += 2; req = eap_msg_alloc(EAP_VENDOR_WFA, EAP_VENDOR_TYPE_WSC, plen, EAP_CODE_REQUEST, id); if (req == NULL) { wpa_printf(MSG_ERROR, "EAP-WSC: Failed to allocate memory for " "request"); return NULL; } wpabuf_put_u8(req, data->out_op_code); /* Op-Code */ wpabuf_put_u8(req, flags); /* Flags */ if (flags & WSC_FLAGS_LF) wpabuf_put_be16(req, wpabuf_len(data->out_buf)); wpabuf_put_data(req, wpabuf_head_u8(data->out_buf) + data->out_used, send_len); data->out_used += send_len; if (data->out_used == wpabuf_len(data->out_buf)) { wpa_printf(MSG_DEBUG, "EAP-WSC: Sending out %lu bytes " "(message sent completely)", (unsigned long) send_len); wpabuf_free(data->out_buf); data->out_buf = NULL; data->out_used = 0; eap_wsc_state(data, MESG); } else { wpa_printf(MSG_DEBUG, "EAP-WSC: Sending out %lu bytes " "(%lu more to send)", (unsigned long) send_len, (unsigned long) wpabuf_len(data->out_buf) - data->out_used); eap_wsc_state(data, WAIT_FRAG_ACK); } return req; }
static void wpas_mbo_non_pref_chan_changed(struct wpa_supplicant *wpa_s) { struct wpabuf *buf; buf = wpabuf_alloc(512); if (!buf) return; wpas_mbo_non_pref_chan_attrs(wpa_s, buf, 1); wpas_mbo_send_wnm_notification(wpa_s, wpabuf_head_u8(buf), wpabuf_len(buf)); wpabuf_free(buf); }
int eap_sim_msg_add_encr_start(struct eap_sim_msg *msg, u8 attr_iv, u8 attr_encr) { u8 *pos = eap_sim_msg_add(msg, attr_iv, 0, NULL, EAP_SIM_IV_LEN); if (pos == NULL) return -1; msg->iv = (pos - wpabuf_head_u8(msg->buf)) + 4; if (random_get_bytes(wpabuf_mhead_u8(msg->buf) + msg->iv, EAP_SIM_IV_LEN)) { msg->iv = 0; return -1; } pos = eap_sim_msg_add(msg, attr_encr, 0, NULL, 0); if (pos == NULL) { msg->iv = 0; return -1; } msg->encr = pos - wpabuf_head_u8(msg->buf); return 0; }
int eap_sim_verify_mac_sha256(const u8 *k_aut, const struct wpabuf *req, const u8 *mac, const u8 *extra, size_t extra_len) { unsigned char hmac[SHA256_MAC_LEN]; const u8 *addr[2]; size_t len[2]; u8 *tmp; if (mac == NULL || wpabuf_len(req) < EAP_SIM_MAC_LEN || mac < wpabuf_head_u8(req) || mac > wpabuf_head_u8(req) + wpabuf_len(req) - EAP_SIM_MAC_LEN) return -1; tmp = os_malloc(wpabuf_len(req)); if (tmp == NULL) return -1; addr[0] = tmp; len[0] = wpabuf_len(req); addr[1] = extra; len[1] = extra_len; /* HMAC-SHA-256-128 */ os_memcpy(tmp, wpabuf_head(req), wpabuf_len(req)); os_memset(tmp + (mac - wpabuf_head_u8(req)), 0, EAP_SIM_MAC_LEN); wpa_hexdump(MSG_MSGDUMP, "EAP-AKA': Verify MAC - msg", tmp, wpabuf_len(req)); wpa_hexdump(MSG_MSGDUMP, "EAP-AKA': Verify MAC - extra data", extra, extra_len); wpa_hexdump_key(MSG_MSGDUMP, "EAP-AKA': Verify MAC - K_aut", k_aut, EAP_AKA_PRIME_K_AUT_LEN); hmac_sha256_vector(k_aut, EAP_AKA_PRIME_K_AUT_LEN, 2, addr, len, hmac); wpa_hexdump(MSG_MSGDUMP, "EAP-AKA': Verify MAC: MAC", hmac, EAP_SIM_MAC_LEN); os_free(tmp); return (os_memcmp(hmac, mac, EAP_SIM_MAC_LEN) == 0) ? 0 : 1; }
struct wpabuf * wps_decrypt_encr_settings(struct wps_data *wps, const u8 *encr, size_t encr_len) { struct wpabuf *decrypted; const size_t block_size = 16; size_t i; u8 pad; const u8 *pos; /* AES-128-CBC */ if (encr == NULL || encr_len < 2 * block_size || encr_len % block_size) { wpa_printf(MSG_DEBUG, "WPS: No Encrypted Settings received"); return NULL; } decrypted = wpabuf_alloc(encr_len - block_size); if (decrypted == NULL) return NULL; wpa_hexdump(MSG_MSGDUMP, "WPS: Encrypted Settings", encr, encr_len); wpabuf_put_data(decrypted, encr + block_size, encr_len - block_size); if (aes_128_cbc_decrypt(wps->keywrapkey, encr, wpabuf_mhead(decrypted), wpabuf_len(decrypted))) { wpabuf_free(decrypted); return NULL; } wpa_hexdump_buf_key(MSG_MSGDUMP, "WPS: Decrypted Encrypted Settings", decrypted); pos = wpabuf_head_u8(decrypted) + wpabuf_len(decrypted) - 1; pad = *pos; if (pad > wpabuf_len(decrypted)) { wpa_printf(MSG_DEBUG, "WPS: Invalid PKCS#5 v2.0 pad value"); wpabuf_free(decrypted); return NULL; } for (i = 0; i < pad; i++) { if (*pos-- != pad) { wpa_printf(MSG_DEBUG, "WPS: Invalid PKCS#5 v2.0 pad " "string"); wpabuf_free(decrypted); return NULL; } } decrypted->used -= pad; return decrypted; }
char * wifi_display_subelem_hex(const struct wpabuf *wfd_subelems, u8 id) { char *subelem = NULL; const u8 *buf; size_t buflen; size_t i = 0; u16 elen; if (!wfd_subelems) return NULL; buf = wpabuf_head_u8(wfd_subelems); if (!buf) return NULL; buflen = wpabuf_len(wfd_subelems); while (i + WIFI_DISPLAY_SUBELEM_HEADER_LEN < buflen) { elen = WPA_GET_BE16(buf + i + 1); if (i + WIFI_DISPLAY_SUBELEM_HEADER_LEN + elen > buflen) break; /* truncated subelement */ if (buf[i] == id) { /* * Limit explicitly to an arbitrary length to avoid * unnecessarily large allocations. In practice, this * is limited to maximum frame length anyway, so the * maximum memory allocation here is not really that * large. Anyway, the Wi-Fi Display subelements that * are fetched with this function are even shorter. */ if (elen > 1000) break; subelem = os_zalloc(2 * elen + 1); if (!subelem) return NULL; wpa_snprintf_hex(subelem, 2 * elen + 1, buf + i + WIFI_DISPLAY_SUBELEM_HEADER_LEN, elen); break; } i += elen + WIFI_DISPLAY_SUBELEM_HEADER_LEN; } return subelem; }
static void gas_server_handle_rx_comeback_req(struct gas_server_response *response) { struct gas_server_handler *handler = response->handler; struct gas_server *gas = handler->gas; size_t max_len = (response->freq > 56160) ? 928 : 1400; size_t hdr_len = 24 + 2 + 6 + 3 + handler->adv_proto_id_len + 2; size_t remaining, resp_frag_len; struct wpabuf *resp; remaining = wpabuf_len(response->resp) - response->offset; if (hdr_len + remaining > max_len) resp_frag_len = max_len - hdr_len; else resp_frag_len = remaining; wpa_printf(MSG_DEBUG, "GAS: Sending out %u/%u remaining Query Response octets", (unsigned int) resp_frag_len, (unsigned int) remaining); resp = gas_build_comeback_resp(response->dialog_token, WLAN_STATUS_SUCCESS, response->frag_id++, resp_frag_len < remaining, 0, handler->adv_proto_id_len + resp_frag_len); if (!resp) { gas_server_free_response(response); return; } /* Advertisement Protocol element */ wpabuf_put_u8(resp, WLAN_EID_ADV_PROTO); wpabuf_put_u8(resp, 1 + handler->adv_proto_id_len); /* Length */ wpabuf_put_u8(resp, 0x7f); /* Advertisement Protocol ID */ wpabuf_put_data(resp, handler->adv_proto_id, handler->adv_proto_id_len); /* Query Response Length */ wpabuf_put_le16(resp, resp_frag_len); wpabuf_put_data(resp, wpabuf_head_u8(response->resp) + response->offset, resp_frag_len); response->offset += resp_frag_len; gas->tx(gas->ctx, response->freq, response->dst, resp, remaining > resp_frag_len ? 2000 : 0); wpabuf_free(resp); }
static void EAP_Restart(pana_session_t * pacs) { paa_ctx_t * ctx = pacs->ctx; struct wpabuf * eap_resq = NULL; eap_md5_reset(ctx->method_data); ctx->method_data = eap_md5_init(); eap_resq = eap_md5_buildReq(ctx->method_data, EAP_VENDOR_IETF); if (eap_resq != NULL) { ctx->eap_resp_payload = bytebuff_from_bytes(wpabuf_head_u8(eap_resq), eap_resq->used); EAP_REQUEST_Set(); } wpabuf_free(eap_resq); }
int wps_build_vendor_ext(struct wps_device_data *dev, struct wpabuf *msg) { int i; for (i = 0; i < MAX_WPS_VENDOR_EXTENSIONS; i++) { if (dev->vendor_ext[i] == NULL) continue; wpa_hexdump(MSG_DEBUG, "WPS: * Vendor Extension", wpabuf_head_u8(dev->vendor_ext[i]), wpabuf_len(dev->vendor_ext[i])); wpabuf_put_be16(msg, ATTR_VENDOR_EXT); wpabuf_put_be16(msg, wpabuf_len(dev->vendor_ext[i])); wpabuf_put_buf(msg, dev->vendor_ext[i]); } return 0; }
int wifi_display_subelem_get(struct wpa_global *global, char *cmd, char *buf, size_t buflen) { int subelem; subelem = atoi(cmd); if (subelem < 0 || subelem >= MAX_WFD_SUBELEMS) return -1; if (global->wfd_subelem[subelem] == NULL) return 0; return wpa_snprintf_hex(buf, buflen, wpabuf_head_u8(global->wfd_subelem[subelem]) + 1, wpabuf_len(global->wfd_subelem[subelem]) - 1); }
static void http_client_tx_ready(int sock, void *eloop_ctx, void *sock_ctx) { struct http_client *c = eloop_ctx; int res; size_t send_len; send_len = wpabuf_len(c->req) - c->req_pos; wpa_printf(MSG_DEBUG, "HTTP: Send client request to %s:%d (%lu of %lu " "bytes remaining)", inet_ntoa(c->dst.sin_addr), ntohs(c->dst.sin_port), (unsigned long) wpabuf_len(c->req), (unsigned long) send_len); res = send(c->sd, wpabuf_head_u8(c->req) + c->req_pos, send_len, 0); if (res < 0) { wpa_printf(MSG_DEBUG, "HTTP: Failed to send buffer: %s", strerror(errno)); eloop_unregister_sock(c->sd, EVENT_TYPE_WRITE); c->cb(c->cb_ctx, c, HTTP_CLIENT_FAILED); return; } if ((size_t) res < send_len) { wpa_printf(MSG_DEBUG, "HTTP: Sent %d of %lu bytes; %lu bytes " "remaining", res, (unsigned long) wpabuf_len(c->req), (unsigned long) send_len - res); c->req_pos += res; return; } wpa_printf(MSG_DEBUG, "HTTP: Full client request sent to %s:%d", inet_ntoa(c->dst.sin_addr), ntohs(c->dst.sin_port)); eloop_unregister_sock(c->sd, EVENT_TYPE_WRITE); wpabuf_free(c->req); c->req = NULL; c->hread = httpread_create(c->sd, http_client_got_response, c, c->max_response, HTTP_CLIENT_TIMEOUT_SEC); if (c->hread == NULL) { c->cb(c->cb_ctx, c, HTTP_CLIENT_FAILED); return; } }
static int radius_msg_add_attr_to_array(struct radius_msg *msg, struct radius_attr_hdr *attr) { if (msg->attr_used >= msg->attr_size) { size_t *nattr_pos; int nlen = msg->attr_size * 2; nattr_pos = os_realloc(msg->attr_pos, nlen * sizeof(*msg->attr_pos)); if (nattr_pos == NULL) return -1; msg->attr_pos = nattr_pos; msg->attr_size = nlen; } msg->attr_pos[msg->attr_used++] = (unsigned char *) attr - wpabuf_head_u8(msg->buf); return 0; }
int radius_msg_finish_srv(struct radius_msg *msg, const u8 *secret, size_t secret_len, const u8 *req_authenticator) { u8 auth[MD5_MAC_LEN]; struct radius_attr_hdr *attr; const u8 *addr[4]; size_t len[4]; os_memset(auth, 0, MD5_MAC_LEN); attr = radius_msg_add_attr(msg, RADIUS_ATTR_MESSAGE_AUTHENTICATOR, auth, MD5_MAC_LEN); if (attr == NULL) { printf("WARNING: Could not add Message-Authenticator\n"); return -1; } msg->hdr->length = htons(wpabuf_len(msg->buf)); os_memcpy(msg->hdr->authenticator, req_authenticator, sizeof(msg->hdr->authenticator)); hmac_md5(secret, secret_len, wpabuf_head(msg->buf), wpabuf_len(msg->buf), (u8 *) (attr + 1)); /* ResponseAuth = MD5(Code+ID+Length+RequestAuth+Attributes+Secret) */ addr[0] = (u8 *) msg->hdr; len[0] = 1 + 1 + 2; addr[1] = req_authenticator; len[1] = MD5_MAC_LEN; addr[2] = wpabuf_head_u8(msg->buf) + sizeof(struct radius_hdr); len[2] = wpabuf_len(msg->buf) - sizeof(struct radius_hdr); addr[3] = secret; len[3] = secret_len; md5_vector(4, addr, len, msg->hdr->authenticator); if (wpabuf_len(msg->buf) > 0xffff) { wpa_printf(MSG_WARNING, "RADIUS: Too long message (%lu)", (unsigned long) wpabuf_len(msg->buf)); return -1; } return 0; }
int radius_msg_finish_das_resp(struct radius_msg *msg, const u8 *secret, size_t secret_len, const struct radius_hdr *req_hdr) { const u8 *addr[2]; size_t len[2]; u8 auth[MD5_MAC_LEN]; struct radius_attr_hdr *attr; os_memset(auth, 0, MD5_MAC_LEN); attr = radius_msg_add_attr(msg, RADIUS_ATTR_MESSAGE_AUTHENTICATOR, auth, MD5_MAC_LEN); if (attr == NULL) { wpa_printf(MSG_WARNING, "Could not add Message-Authenticator"); return -1; } msg->hdr->length = host_to_be16(wpabuf_len(msg->buf)); os_memcpy(msg->hdr->authenticator, req_hdr->authenticator, 16); hmac_md5(secret, secret_len, wpabuf_head(msg->buf), wpabuf_len(msg->buf), (u8 *) (attr + 1)); /* ResponseAuth = MD5(Code+ID+Length+RequestAuth+Attributes+Secret) */ addr[0] = wpabuf_head_u8(msg->buf); len[0] = wpabuf_len(msg->buf); addr[1] = secret; len[1] = secret_len; if (md5_vector(2, addr, len, msg->hdr->authenticator) < 0) return -1; if (wpabuf_len(msg->buf) > 0xffff) { wpa_printf(MSG_WARNING, "RADIUS: Too long message (%lu)", (unsigned long) wpabuf_len(msg->buf)); return -1; } return 0; }
static struct nai_realm * nai_realm_parse(struct wpabuf *anqp, u16 *count) { struct nai_realm *realm; const u8 *pos, *end; u16 i, num; if (anqp == NULL || wpabuf_len(anqp) < 2) return NULL; pos = wpabuf_head_u8(anqp); end = pos + wpabuf_len(anqp); num = WPA_GET_LE16(pos); wpa_printf(MSG_DEBUG, "NAI Realm Count: %u", num); pos += 2; if (num * 5 > end - pos) { wpa_printf(MSG_DEBUG, "Invalid NAI Realm Count %u - not " "enough data (%u octets) for that many realms", num, (unsigned int) (end - pos)); return NULL; } realm = os_zalloc(num * sizeof(struct nai_realm)); if (realm == NULL) return NULL; for (i = 0; i < num; i++) { pos = nai_realm_parse_realm(&realm[i], pos, end); if (pos == NULL) { nai_realm_free(realm, num); return NULL; } } *count = num; return realm; }
int hostapd_wps_nfc_tag_read(struct hostapd_data *hapd, const struct wpabuf *data) { const struct wpabuf *wps = data; struct wpabuf *tmp = NULL; int ret; if (wpabuf_len(data) < 4) return -1; if (*wpabuf_head_u8(data) != 0x10) { /* Assume this contains full NDEF record */ tmp = ndef_parse_wifi(data); if (tmp == NULL) { wpa_printf(MSG_DEBUG, "WPS: Could not parse NDEF"); return -1; } wps = tmp; } ret = hostapd_wps_nfc_tag_process(hapd, wps); wpabuf_free(tmp); return ret; }
void p2p_rx_gas_comeback_req(struct p2p_data *p2p, const u8 *sa, const u8 *data, size_t len, int rx_freq) { struct wpabuf *resp; u8 dialog_token; size_t frag_len; int more = 0; wpa_hexdump(MSG_DEBUG, "P2P: RX GAS Comeback Request", data, len); if (len < 1) return; dialog_token = *data; p2p_dbg(p2p, "Dialog Token: %u", dialog_token); if (dialog_token != p2p->sd_resp_dialog_token) { p2p_dbg(p2p, "No pending SD response fragment for dialog token %u", dialog_token); return; } if (p2p->sd_resp == NULL) { p2p_dbg(p2p, "No pending SD response fragment available"); return; } if (os_memcmp(sa, p2p->sd_resp_addr, ETH_ALEN) != 0) { p2p_dbg(p2p, "No pending SD response fragment for " MACSTR, MAC2STR(sa)); return; } frag_len = wpabuf_len(p2p->sd_resp) - p2p->sd_resp_pos; if (frag_len > 1400) { frag_len = 1400; more = 1; } resp = p2p_build_gas_comeback_resp(dialog_token, WLAN_STATUS_SUCCESS, p2p->srv_update_indic, wpabuf_head_u8(p2p->sd_resp) + p2p->sd_resp_pos, frag_len, p2p->sd_frag_id, more, wpabuf_len(p2p->sd_resp)); if (resp == NULL) return; p2p_dbg(p2p, "Send GAS Comeback Response (frag_id %d more=%d frag_len=%d)", p2p->sd_frag_id, more, (int) frag_len); p2p->sd_frag_id++; p2p->sd_resp_pos += frag_len; if (more) { p2p_dbg(p2p, "%d more bytes remain to be sent", (int) (wpabuf_len(p2p->sd_resp) - p2p->sd_resp_pos)); } else { p2p_dbg(p2p, "All fragments of SD response sent"); wpabuf_free(p2p->sd_resp); p2p->sd_resp = NULL; } p2p->pending_action_state = P2P_NO_PENDING_ACTION; if (p2p_send_action(p2p, rx_freq, sa, p2p->cfg->dev_addr, p2p->cfg->dev_addr, wpabuf_head(resp), wpabuf_len(resp), 200) < 0) p2p_dbg(p2p, "Failed to send Action frame"); wpabuf_free(resp); }
static int eap_peap_decrypt(struct eap_sm *sm, struct eap_peap_data *data, struct eap_method_ret *ret, const struct eap_hdr *req, const struct wpabuf *in_data, struct wpabuf **out_data) { struct wpabuf *in_decrypted = NULL; int res, skip_change = 0; struct eap_hdr *hdr, *rhdr; struct wpabuf *resp = NULL; size_t len; wpa_printf(MSG_DEBUG, "EAP-PEAP: received %lu bytes encrypted data for" " Phase 2", (unsigned long) wpabuf_len(in_data)); if (data->pending_phase2_req) { wpa_printf(MSG_DEBUG, "EAP-PEAP: Pending Phase 2 request - " "skip decryption and use old data"); /* Clear TLS reassembly state. */ eap_peer_tls_reset_input(&data->ssl); in_decrypted = data->pending_phase2_req; data->pending_phase2_req = NULL; skip_change = 1; goto continue_req; } if (wpabuf_len(in_data) == 0 && sm->workaround && data->phase2_success) { /* * Cisco ACS seems to be using TLS ACK to terminate * EAP-PEAPv0/GTC. Try to reply with TLS ACK. */ wpa_printf(MSG_DEBUG, "EAP-PEAP: Received TLS ACK, but " "expected data - acknowledge with TLS ACK since " "Phase 2 has been completed"); ret->decision = DECISION_COND_SUCC; ret->methodState = METHOD_DONE; return 1; } else if (wpabuf_len(in_data) == 0) { /* Received TLS ACK - requesting more fragments */ return eap_peer_tls_encrypt(sm, &data->ssl, EAP_TYPE_PEAP, data->peap_version, req->identifier, NULL, out_data); } res = eap_peer_tls_decrypt(sm, &data->ssl, in_data, &in_decrypted); if (res) return res; continue_req: wpa_hexdump_buf(MSG_DEBUG, "EAP-PEAP: Decrypted Phase 2 EAP", in_decrypted); hdr = wpabuf_mhead(in_decrypted); if (wpabuf_len(in_decrypted) == 5 && hdr->code == EAP_CODE_REQUEST && be_to_host16(hdr->length) == 5 && eap_get_type(in_decrypted) == EAP_TYPE_IDENTITY) { /* At least FreeRADIUS seems to send full EAP header with * EAP Request Identity */ skip_change = 1; } if (wpabuf_len(in_decrypted) >= 5 && hdr->code == EAP_CODE_REQUEST && eap_get_type(in_decrypted) == EAP_TYPE_TLV) { skip_change = 1; } if (data->peap_version == 0 && !skip_change) { struct eap_hdr *nhdr; struct wpabuf *nmsg = wpabuf_alloc(sizeof(struct eap_hdr) + wpabuf_len(in_decrypted)); if (nmsg == NULL) { wpabuf_free(in_decrypted); return 0; } nhdr = wpabuf_put(nmsg, sizeof(*nhdr)); wpabuf_put_buf(nmsg, in_decrypted); nhdr->code = req->code; nhdr->identifier = req->identifier; nhdr->length = host_to_be16(sizeof(struct eap_hdr) + wpabuf_len(in_decrypted)); wpabuf_free(in_decrypted); in_decrypted = nmsg; } if (data->peap_version >= 2) { struct eap_tlv_hdr *tlv; struct wpabuf *nmsg; if (wpabuf_len(in_decrypted) < sizeof(*tlv) + sizeof(*hdr)) { wpa_printf(MSG_INFO, "EAP-PEAPv2: Too short Phase 2 " "EAP TLV"); wpabuf_free(in_decrypted); return 0; } tlv = wpabuf_mhead(in_decrypted); if ((be_to_host16(tlv->tlv_type) & 0x3fff) != EAP_TLV_EAP_PAYLOAD_TLV) { wpa_printf(MSG_INFO, "EAP-PEAPv2: Not an EAP TLV"); wpabuf_free(in_decrypted); return 0; } if (sizeof(*tlv) + be_to_host16(tlv->length) > wpabuf_len(in_decrypted)) { wpa_printf(MSG_INFO, "EAP-PEAPv2: Invalid EAP TLV " "length"); wpabuf_free(in_decrypted); return 0; } hdr = (struct eap_hdr *) (tlv + 1); if (be_to_host16(hdr->length) > be_to_host16(tlv->length)) { wpa_printf(MSG_INFO, "EAP-PEAPv2: No room for full " "EAP packet in EAP TLV"); wpabuf_free(in_decrypted); return 0; } nmsg = wpabuf_alloc(be_to_host16(hdr->length)); if (nmsg == NULL) { wpabuf_free(in_decrypted); return 0; } wpabuf_put_data(nmsg, hdr, be_to_host16(hdr->length)); wpabuf_free(in_decrypted); in_decrypted = nmsg; } hdr = wpabuf_mhead(in_decrypted); if (wpabuf_len(in_decrypted) < sizeof(*hdr)) { wpa_printf(MSG_INFO, "EAP-PEAP: Too short Phase 2 " "EAP frame (len=%lu)", (unsigned long) wpabuf_len(in_decrypted)); wpabuf_free(in_decrypted); return 0; } len = be_to_host16(hdr->length); if (len > wpabuf_len(in_decrypted)) { wpa_printf(MSG_INFO, "EAP-PEAP: Length mismatch in " "Phase 2 EAP frame (len=%lu hdr->length=%lu)", (unsigned long) wpabuf_len(in_decrypted), (unsigned long) len); wpabuf_free(in_decrypted); return 0; } if (len < wpabuf_len(in_decrypted)) { wpa_printf(MSG_INFO, "EAP-PEAP: Odd.. Phase 2 EAP header has " "shorter length than full decrypted data " "(%lu < %lu)", (unsigned long) len, (unsigned long) wpabuf_len(in_decrypted)); } wpa_printf(MSG_DEBUG, "EAP-PEAP: received Phase 2: code=%d " "identifier=%d length=%lu", hdr->code, hdr->identifier, (unsigned long) len); switch (hdr->code) { case EAP_CODE_REQUEST: if (eap_peap_phase2_request(sm, data, ret, in_decrypted, &resp)) { wpabuf_free(in_decrypted); wpa_printf(MSG_INFO, "EAP-PEAP: Phase2 Request " "processing failed"); return 0; } break; case EAP_CODE_SUCCESS: wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 Success"); if (data->peap_version == 1) { /* EAP-Success within TLS tunnel is used to indicate * shutdown of the TLS channel. The authentication has * been completed. */ if (data->phase2_eap_started && !data->phase2_eap_success) { wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 " "Success used to indicate success, " "but Phase 2 EAP was not yet " "completed successfully"); ret->methodState = METHOD_DONE; ret->decision = DECISION_FAIL; wpabuf_free(in_decrypted); return 0; } wpa_printf(MSG_DEBUG, "EAP-PEAP: Version 1 - " "EAP-Success within TLS tunnel - " "authentication completed"); ret->decision = DECISION_UNCOND_SUCC; ret->methodState = METHOD_DONE; data->phase2_success = 1; if (data->peap_outer_success == 2) { wpabuf_free(in_decrypted); wpa_printf(MSG_DEBUG, "EAP-PEAP: Use TLS ACK " "to finish authentication"); return 1; } else if (data->peap_outer_success == 1) { /* Reply with EAP-Success within the TLS * channel to complete the authentication. */ resp = wpabuf_alloc(sizeof(struct eap_hdr)); if (resp) { rhdr = wpabuf_put(resp, sizeof(*rhdr)); rhdr->code = EAP_CODE_SUCCESS; rhdr->identifier = hdr->identifier; rhdr->length = host_to_be16(sizeof(*rhdr)); } } else { /* No EAP-Success expected for Phase 1 (outer, * unencrypted auth), so force EAP state * machine to SUCCESS state. */ sm->peap_done = TRUE; } } else { /* FIX: ? */ } break; case EAP_CODE_FAILURE: wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 Failure"); ret->decision = DECISION_FAIL; ret->methodState = METHOD_MAY_CONT; ret->allowNotifications = FALSE; /* Reply with EAP-Failure within the TLS channel to complete * failure reporting. */ resp = wpabuf_alloc(sizeof(struct eap_hdr)); if (resp) { rhdr = wpabuf_put(resp, sizeof(*rhdr)); rhdr->code = EAP_CODE_FAILURE; rhdr->identifier = hdr->identifier; rhdr->length = host_to_be16(sizeof(*rhdr)); } break; default: wpa_printf(MSG_INFO, "EAP-PEAP: Unexpected code=%d in " "Phase 2 EAP header", hdr->code); break; } wpabuf_free(in_decrypted); if (resp) { int skip_change2 = 0; struct wpabuf *rmsg, buf; wpa_hexdump_buf_key(MSG_DEBUG, "EAP-PEAP: Encrypting Phase 2 data", resp); /* PEAP version changes */ if (data->peap_version >= 2) { resp = eap_peapv2_tlv_eap_payload(resp); if (resp == NULL) return -1; } if (wpabuf_len(resp) >= 5 && wpabuf_head_u8(resp)[0] == EAP_CODE_RESPONSE && eap_get_type(resp) == EAP_TYPE_TLV) skip_change2 = 1; rmsg = resp; if (data->peap_version == 0 && !skip_change2) { wpabuf_set(&buf, wpabuf_head_u8(resp) + sizeof(struct eap_hdr), wpabuf_len(resp) - sizeof(struct eap_hdr)); rmsg = &buf; } if (eap_peer_tls_encrypt(sm, &data->ssl, EAP_TYPE_PEAP, data->peap_version, req->identifier, rmsg, out_data)) { wpa_printf(MSG_INFO, "EAP-PEAP: Failed to encrypt " "a Phase 2 frame"); } wpabuf_free(resp); } return 0; }