static struct wpabuf * eap_mschapv2_build_challenge( struct eap_sm *sm, struct eap_mschapv2_data *data, u8 id) { struct wpabuf *req; struct eap_mschapv2_hdr *ms; char *name = "hostapd"; /* TODO: make this configurable */ size_t ms_len; if (!data->auth_challenge_from_tls && os_get_random(data->auth_challenge, CHALLENGE_LEN)) { wpa_printf(MSG_ERROR, "EAP-MSCHAPV2: Failed to get random " "data"); data->state = FAILURE; return NULL; } ms_len = sizeof(*ms) + 1 + CHALLENGE_LEN + os_strlen(name); req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2, ms_len, EAP_CODE_REQUEST, id); if (req == NULL) { wpa_printf(MSG_ERROR, "EAP-MSCHAPV2: Failed to allocate memory" " for request"); data->state = FAILURE; return NULL; } ms = wpabuf_put(req, sizeof(*ms)); ms->op_code = MSCHAPV2_OP_CHALLENGE; ms->mschapv2_id = id; WPA_PUT_BE16(ms->ms_length, ms_len); wpabuf_put_u8(req, CHALLENGE_LEN); if (!data->auth_challenge_from_tls) wpabuf_put_data(req, data->auth_challenge, CHALLENGE_LEN); else wpabuf_put(req, CHALLENGE_LEN); wpa_hexdump(MSG_MSGDUMP, "EAP-MSCHAPV2: Challenge", data->auth_challenge, CHALLENGE_LEN); wpabuf_put_data(req, name, os_strlen(name)); return req; }
int wifi_display_subelem_set(struct wpa_global *global, char *cmd) { char *pos; int subelem; size_t len; struct wpabuf *e; pos = os_strchr(cmd, ' '); if (pos == NULL) return -1; *pos++ = '\0'; subelem = atoi(cmd); if (subelem < 0 || subelem >= MAX_WFD_SUBELEMS) return -1; len = os_strlen(pos); if (len & 1) return -1; len /= 2; if (len == 0) { /* Clear subelement */ e = NULL; wpa_printf(MSG_DEBUG, "WFD: Clear subelement %d", subelem); } else { e = wpabuf_alloc(1 + len); if (e == NULL) return -1; wpabuf_put_u8(e, subelem); if (hexstr2bin(pos, wpabuf_put(e, len), len) < 0) { wpabuf_free(e); return -1; } wpa_printf(MSG_DEBUG, "WFD: Set subelement %d", subelem); } wpabuf_free(global->wfd_subelem[subelem]); global->wfd_subelem[subelem] = e; wifi_display_update_wfd_ie(global); return 0; }
/** * wps_build_probe_req_ie - Build WPS IE for Probe Request * @pbc: Whether searching for PBC mode APs * @dev: Device attributes * @uuid: Own UUID * @req_type: Value for Request Type attribute * Returns: WPS IE or %NULL on failure * * The caller is responsible for freeing the buffer. */ struct wpabuf * wps_build_probe_req_ie(int pbc, struct wps_device_data *dev, const u8 *uuid, enum wps_request_type req_type) { struct wpabuf *ie; u8 *len; u16 methods; wpa_printf(MSG_DEBUG, "WPS: Building WPS IE for Probe Request"); ie = wpabuf_alloc(200); if (ie == NULL) return NULL; wpabuf_put_u8(ie, WLAN_EID_VENDOR_SPECIFIC); len = wpabuf_put(ie, 1); wpabuf_put_be32(ie, WPS_DEV_OUI_WFA); if (pbc) methods = WPS_CONFIG_PUSHBUTTON; else methods = WPS_CONFIG_LABEL | WPS_CONFIG_DISPLAY | WPS_CONFIG_KEYPAD; if (wps_build_version(ie) || wps_build_req_type(ie, req_type) || wps_build_config_methods(ie, methods) || wps_build_uuid_e(ie, uuid) || wps_build_primary_dev_type(dev, ie) || wps_build_rf_bands(dev, ie) || wps_build_assoc_state(NULL, ie) || wps_build_config_error(ie, WPS_CFG_NO_ERROR) || wps_build_dev_password_id(ie, pbc ? DEV_PW_PUSHBUTTON : DEV_PW_DEFAULT)) { wpabuf_free(ie); return NULL; } *len = wpabuf_len(ie) - 2; return ie; }
static struct wpabuf * eap_peap_build_start(struct eap_sm *sm, struct eap_peap_data *data, u8 id) { struct wpabuf *req; req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PEAP, 1, EAP_CODE_REQUEST, id); if (req == NULL) { wpa_printf(MSG_ERROR, "EAP-PEAP: Failed to allocate memory for" " request"); eap_peap_state(data, FAILURE); return NULL; } wpabuf_put_u8(req, EAP_TLS_FLAGS_START | data->peap_version); eap_peap_state(data, PHASE1); return req; }
static int wps_build_dev_name(struct wps_device_data *dev, struct wpabuf *msg) { size_t len; wpa_printf(MSG_DEBUG, "WPS: * Device Name"); wpabuf_put_be16(msg, ATTR_DEV_NAME); len = dev->device_name ? os_strlen(dev->device_name) : 0; if (len == 0) { /* * Some deployed WPS implementations fail to parse zero-length * attributes. As a workaround, send a null character if the * device attribute string is empty. */ wpabuf_put_be16(msg, 1); wpabuf_put_u8(msg, '\0'); } else { wpabuf_put_be16(msg, len); wpabuf_put_data(msg, dev->device_name, len); } return 0; }
static struct wpabuf * eap_tnc_build_start(struct eap_sm *sm, struct eap_tnc_data *data, u8 id) { struct wpabuf *req; req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_TNC, 1, EAP_CODE_REQUEST, id); if (req == NULL) { wpa_printf(MSG_ERROR, "EAP-TNC: Failed to allocate memory for " "request"); eap_tnc_set_state(data, FAIL); return NULL; } wpabuf_put_u8(req, EAP_TNC_FLAGS_START | EAP_TNC_VERSION); eap_tnc_set_state(data, CONTINUE); return req; }
static struct wpabuf * p2p_group_build_probe_resp_ie(struct p2p_group *group) { u8 *group_info; struct wpabuf *p2p_subelems, *ie; struct p2p_group_member *m; size_t extra = 0; #ifdef CONFIG_WIFI_DISPLAY if (group->wfd_ie) extra += wpabuf_len(group->wfd_ie); #endif /* CONFIG_WIFI_DISPLAY */ p2p_subelems = wpabuf_alloc(500 + extra); if (p2p_subelems == NULL) return NULL; #ifdef CONFIG_WIFI_DISPLAY if (group->wfd_ie) wpabuf_put_buf(p2p_subelems, group->wfd_ie); #endif /* CONFIG_WIFI_DISPLAY */ p2p_group_add_common_ies(group, p2p_subelems); p2p_group_add_noa(p2p_subelems, group->noa); /* P2P Device Info */ p2p_buf_add_device_info(p2p_subelems, group->p2p, NULL); /* P2P Group Info */ group_info = wpabuf_put(p2p_subelems, 0); wpabuf_put_u8(p2p_subelems, P2P_ATTR_GROUP_INFO); wpabuf_put_le16(p2p_subelems, 0); /* Length to be filled */ for (m = group->members; m; m = m->next) p2p_client_info(p2p_subelems, m); WPA_PUT_LE16(group_info + 1, (u8 *) wpabuf_put(p2p_subelems, 0) - group_info - 3); ie = p2p_group_encaps_probe_resp(p2p_subelems); wpabuf_free(p2p_subelems); return ie; }
static void anqp_add_nai_realm_eap(struct wpabuf *buf, struct hostapd_nai_realm_data *realm) { unsigned int i, j; wpabuf_put_u8(buf, realm->eap_method_count); for (i = 0; i < realm->eap_method_count; i++) { struct hostapd_nai_realm_eap *eap = &realm->eap_method[i]; wpabuf_put_u8(buf, 2 + (3 * eap->num_auths)); wpabuf_put_u8(buf, eap->eap_method); wpabuf_put_u8(buf, eap->num_auths); for (j = 0; j < eap->num_auths; j++) { wpabuf_put_u8(buf, eap->auth_id[j]); wpabuf_put_u8(buf, 1); wpabuf_put_u8(buf, eap->auth_val[j]); } } }
struct wpabuf * hs20_build_anqp_req(u32 stypes, const u8 *payload, size_t payload_len) { struct wpabuf *buf; u8 *len_pos; buf = gas_anqp_build_initial_req(0, 100 + payload_len); if (buf == NULL) return NULL; len_pos = gas_anqp_add_element(buf, ANQP_VENDOR_SPECIFIC); wpabuf_put_be24(buf, OUI_WFA); wpabuf_put_u8(buf, HS20_ANQP_OUI_TYPE); if (stypes == BIT(HS20_STYPE_NAI_HOME_REALM_QUERY)) { wpabuf_put_u8(buf, HS20_STYPE_NAI_HOME_REALM_QUERY); wpabuf_put_u8(buf, 0); /* Reserved */ if (payload) wpabuf_put_data(buf, payload, payload_len); } else if (stypes == BIT(HS20_STYPE_ICON_REQUEST)) { wpabuf_put_u8(buf, HS20_STYPE_ICON_REQUEST); wpabuf_put_u8(buf, 0); /* Reserved */ if (payload) wpabuf_put_data(buf, payload, payload_len); } else { u8 i; wpabuf_put_u8(buf, HS20_STYPE_QUERY_LIST); wpabuf_put_u8(buf, 0); /* Reserved */ for (i = 0; i < 32; i++) { if (stypes & BIT(i)) wpabuf_put_u8(buf, i); } } gas_anqp_set_element_len(buf, len_pos); gas_anqp_set_len(buf); return buf; }
static int wps_build_serial_number(struct wps_device_data *dev, struct wpabuf *msg) { size_t len; wpa_printf(MSG_DEBUG, "WPS: * Serial Number"); wpabuf_put_be16(msg, ATTR_SERIAL_NUMBER); len = dev->serial_number ? os_strlen(dev->serial_number) : 0; if (len == 0) { /* * Some deployed WPS implementations fail to parse zero-length * attributes. As a workaround, send a null character if the * device attribute string is empty. */ wpabuf_put_be16(msg, 1); wpabuf_put_u8(msg, '\0'); } else { wpabuf_put_be16(msg, len); wpabuf_put_data(msg, dev->serial_number, len); } return 0; }
static struct wpabuf * p2p_group_build_probe_resp_ie(struct p2p_group *group) { struct wpabuf *p2p_subelems, *ie; struct p2p_group_member *m; p2p_subelems = wpabuf_alloc(500); if (p2p_subelems == NULL) return NULL; p2p_group_add_common_ies(group, p2p_subelems); p2p_group_add_noa(p2p_subelems, group->noa); /* P2P Device Info */ p2p_buf_add_device_info(p2p_subelems, group->p2p, NULL); /* P2P Group Info: Only when at least one P2P Client is connected */ if (group->members) { u8 *group_info; group_info = wpabuf_put(p2p_subelems, 0); wpabuf_put_u8(p2p_subelems, P2P_ATTR_GROUP_INFO); wpabuf_put_le16(p2p_subelems, 0); /* Length to be filled */ for (m = group->members; m; m = m->next) p2p_client_info(p2p_subelems, m); WPA_PUT_LE16(group_info + 1, (u8 *) wpabuf_put(p2p_subelems, 0) - group_info - 3); } ie = p2p_group_encaps_probe_resp(p2p_subelems); wpabuf_free(p2p_subelems); #ifdef CONFIG_WIFI_DISPLAY if (group->wfd_ie) { struct wpabuf *wfd = wpabuf_dup(group->wfd_ie); ie = wpabuf_concat(wfd, ie); } #endif /* CONFIG_WIFI_DISPLAY */ return ie; }
int wps_build_model_number(struct wps_device_data *dev, struct wpabuf *msg) { size_t len; wpa_printf(MSG_DEBUG, "WPS: * Model Number"); wpabuf_put_be16(msg, ATTR_MODEL_NUMBER); len = dev->model_number ? os_strlen(dev->model_number) : 0; #ifndef CONFIG_WPS_STRICT if (len == 0) { /* * Some deployed WPS implementations fail to parse zero-length * attributes. As a workaround, send a space character if the * device attribute string is empty. */ wpabuf_put_be16(msg, 1); wpabuf_put_u8(msg, ' '); return 0; } #endif /* CONFIG_WPS_STRICT */ wpabuf_put_be16(msg, len); wpabuf_put_data(msg, dev->model_number, len); return 0; }
static struct wpabuf * build_fake_wsc_ack(void) { struct wpabuf *msg = wpabuf_alloc(100); if (msg == NULL) return NULL; wpabuf_put_u8(msg, UPNP_WPS_WLANEVENT_TYPE_EAP); wpabuf_put_str(msg, "00:00:00:00:00:00"); if (wps_build_version(msg) || wps_build_msg_type(msg, WPS_WSC_ACK)) { wpabuf_free(msg); return NULL; } /* Enrollee Nonce */ wpabuf_put_be16(msg, ATTR_ENROLLEE_NONCE); wpabuf_put_be16(msg, WPS_NONCE_LEN); wpabuf_put(msg, WPS_NONCE_LEN); /* Registrar Nonce */ wpabuf_put_be16(msg, ATTR_REGISTRAR_NONCE); wpabuf_put_be16(msg, WPS_NONCE_LEN); wpabuf_put(msg, WPS_NONCE_LEN); return msg; }
static struct wpabuf * p2p_build_sd_query(u16 update_indic, struct wpabuf *tlvs) { struct wpabuf *buf; u8 *len_pos; buf = gas_anqp_build_initial_req(0, 100 + wpabuf_len(tlvs)); if (buf == NULL) return NULL; /* ANQP Query Request Frame */ len_pos = gas_anqp_add_element(buf, ANQP_VENDOR_SPECIFIC); wpabuf_put_be24(buf, OUI_WFA); wpabuf_put_u8(buf, P2P_OUI_TYPE); wpabuf_put_le16(buf, update_indic); /* Service Update Indicator */ wpabuf_put_buf(buf, tlvs); gas_anqp_set_element_len(buf, len_pos); gas_anqp_set_len(buf); return buf; }
static void anqp_add_roaming_consortium(struct hostapd_data *hapd, struct wpabuf *buf, struct gas_dialog_info *di) { unsigned int i; u8 *len; if (di && di->roaming_consortium) { wpabuf_put_data(buf, di->roaming_consortium, di->roaming_consortium_len); return; } len = gas_anqp_add_element(buf, ANQP_ROAMING_CONSORTIUM); for (i = 0; i < hapd->conf->roaming_consortium_count; i++) { struct hostapd_roaming_consortium *rc; rc = &hapd->conf->roaming_consortium[i]; wpabuf_put_u8(buf, rc->len); wpabuf_put_data(buf, rc->oi, rc->len); } gas_anqp_set_element_len(buf, len); }
static struct wpabuf * p2p_build_sd_query(u16 update_indic, struct wpabuf *tlvs) { struct wpabuf *buf; u8 *len_pos, *len_pos2; buf = wpabuf_alloc(1000 + wpabuf_len(tlvs)); if (buf == NULL) return NULL; wpabuf_put_u8(buf, WLAN_ACTION_PUBLIC); wpabuf_put_u8(buf, WLAN_PA_GAS_INITIAL_REQ); wpabuf_put_u8(buf, 0); /* Dialog Token */ /* Advertisement Protocol IE */ wpabuf_put_u8(buf, WLAN_EID_ADV_PROTO); wpabuf_put_u8(buf, 2); /* Length */ wpabuf_put_u8(buf, 0); /* QueryRespLenLimit | PAME-BI */ wpabuf_put_u8(buf, NATIVE_QUERY_PROTOCOL); /* Advertisement Protocol */ /* Query Request */ len_pos = wpabuf_put(buf, 2); /* Length (to be filled) */ /* NQP Query Request Frame */ wpabuf_put_le16(buf, NQP_VENDOR_SPECIFIC); /* Info ID */ len_pos2 = wpabuf_put(buf, 2); /* Length (to be filled) */ wpabuf_put_be24(buf, OUI_WFA); wpabuf_put_u8(buf, P2P_OUI_TYPE); wpabuf_put_le16(buf, update_indic); /* Service Update Indicator */ wpabuf_put_buf(buf, tlvs); WPA_PUT_LE16(len_pos2, (u8 *) wpabuf_put(buf, 0) - len_pos2 - 2); WPA_PUT_LE16(len_pos, (u8 *) wpabuf_put(buf, 0) - len_pos - 2); return buf; }
static int ikev2_build_auth(struct ikev2_responder_data *data, struct wpabuf *msg, u8 next_payload) { struct ikev2_payload_hdr *phdr; size_t plen; const struct ikev2_prf_alg *prf; wpa_printf(MSG_DEBUG, "IKEV2: Adding AUTH payload"); prf = ikev2_get_prf(data->proposal.prf); if (prf == NULL) return -1; /* Authentication - RFC 4306, Sect. 3.8 */ phdr = wpabuf_put(msg, sizeof(*phdr)); phdr->next_payload = next_payload; phdr->flags = 0; wpabuf_put_u8(msg, AUTH_SHARED_KEY_MIC); wpabuf_put(msg, 3); /* RESERVED */ /* msg | Ni | prf(SK_pr,IDr') */ if (ikev2_derive_auth_data(data->proposal.prf, data->r_sign_msg, data->IDr, data->IDr_len, ID_KEY_ID, &data->keys, 0, data->shared_secret, data->shared_secret_len, data->i_nonce, data->i_nonce_len, data->key_pad, data->key_pad_len, wpabuf_put(msg, prf->hash_len)) < 0) { wpa_printf(MSG_INFO, "IKEV2: Could not derive AUTH data"); return -1; } wpabuf_free(data->r_sign_msg); data->r_sign_msg = NULL; plen = (u8 *) wpabuf_put(msg, 0) - (u8 *) phdr; WPA_PUT_BE16(phdr->payload_length, plen); return 0; }
static struct wpabuf * eap_gpsk_build_gpsk_1(struct eap_sm *sm, struct eap_gpsk_data *data, u8 id) { size_t len; struct wpabuf *req; wpa_printf(MSG_DEBUG, "EAP-GPSK: Request/GPSK-1"); if (random_get_bytes(data->rand_server, EAP_GPSK_RAND_LEN)) { wpa_printf(MSG_ERROR, "EAP-GPSK: Failed to get random data"); eap_gpsk_state(data, FAILURE); return NULL; } wpa_hexdump(MSG_MSGDUMP, "EAP-GPSK: RAND_Server", data->rand_server, EAP_GPSK_RAND_LEN); len = 1 + 2 + sm->server_id_len + EAP_GPSK_RAND_LEN + 2 + data->csuite_count * sizeof(struct eap_gpsk_csuite); req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_GPSK, len, EAP_CODE_REQUEST, id); if (req == NULL) { wpa_printf(MSG_ERROR, "EAP-GPSK: Failed to allocate memory " "for request/GPSK-1"); eap_gpsk_state(data, FAILURE); return NULL; } wpabuf_put_u8(req, EAP_GPSK_OPCODE_GPSK_1); wpabuf_put_be16(req, sm->server_id_len); wpabuf_put_data(req, sm->server_id, sm->server_id_len); wpabuf_put_data(req, data->rand_server, EAP_GPSK_RAND_LEN); wpabuf_put_be16(req, data->csuite_count * sizeof(struct eap_gpsk_csuite)); wpabuf_put_data(req, data->csuite_list, data->csuite_count * sizeof(struct eap_gpsk_csuite)); return req; }
static void p2p_add_wps_string(struct wpabuf *buf, enum wps_attribute attr, const char *val) { size_t len; wpabuf_put_be16(buf, attr); len = val ? os_strlen(val) : 0; #ifndef CONFIG_WPS_STRICT if (len == 0) { /* * Some deployed WPS implementations fail to parse zeor-length * attributes. As a workaround, send a space character if the * device attribute string is empty. */ wpabuf_put_be16(buf, 1); wpabuf_put_u8(buf, ' '); return; } #endif /* CONFIG_WPS_STRICT */ wpabuf_put_be16(buf, len); if (val) wpabuf_put_data(buf, val, len); }
static int ikev2_build_idr(struct ikev2_responder_data *data, struct wpabuf *msg, u8 next_payload) { struct ikev2_payload_hdr *phdr; size_t plen; wpa_printf(MSG_DEBUG, "IKEV2: Adding IDr payload"); if (data->IDr == NULL) { wpa_printf(MSG_INFO, "IKEV2: No IDr available"); return -1; } /* IDr - RFC 4306, Sect. 3.5 */ phdr = wpabuf_put(msg, sizeof(*phdr)); phdr->next_payload = next_payload; phdr->flags = 0; wpabuf_put_u8(msg, ID_KEY_ID); wpabuf_put(msg, 3); /* RESERVED */ wpabuf_put_data(msg, data->IDr, data->IDr_len); plen = (u8 *)wpabuf_put(msg, 0) - (u8 *)phdr; WPA_PUT_BE16(phdr->payload_length, plen); return 0; }
/** * wps_build_assoc_req_ie - Build WPS IE for (Re)Association Request * @req_type: Value for Request Type attribute * Returns: WPS IE or %NULL on failure * * The caller is responsible for freeing the buffer. */ struct wpabuf * wps_build_assoc_req_ie(enum wps_request_type req_type) { struct wpabuf *ie; u8 *len; wpa_printf(MSG_DEBUG, "WPS: Building WPS IE for (Re)Association " "Request"); ie = wpabuf_alloc(100); if (ie == NULL) return NULL; wpabuf_put_u8(ie, WLAN_EID_VENDOR_SPECIFIC); len = wpabuf_put(ie, 1); wpabuf_put_be32(ie, WPS_DEV_OUI_WFA); if (wps_build_version(ie) || wps_build_req_type(ie, req_type)) { wpabuf_free(ie); return NULL; } *len = wpabuf_len(ie) - 2; return ie; }
/** * wps_build_assoc_resp_ie - Build WPS IE for (Re)Association Response * Returns: WPS IE or %NULL on failure * * The caller is responsible for freeing the buffer. */ struct wpabuf *wps_build_assoc_resp_ie(void) { struct wpabuf *ie; u8 *len; wpa_printf(MSG_DEBUG, "WPS: Building WPS IE for (Re)Association " "Response"); ie = wpabuf_alloc(100); if (ie == NULL) { return NULL; } wpabuf_put_u8(ie, WLAN_EID_VENDOR_SPECIFIC); len = wpabuf_put(ie, 1); wpabuf_put_be32(ie, WPS_DEV_OUI_WFA); if (wps_build_version(ie) || wps_build_resp_type(ie, WPS_RESP_AP) || wps_build_wfa_ext(ie, 0, NULL, 0)) { wpabuf_free(ie); return NULL; } *len = wpabuf_len(ie) - 2; return ie; }
static struct wpabuf * p2p_group_build_probe_resp_ie(struct p2p_group *group) { u8 *group_info; struct wpabuf *ie; struct p2p_group_member *m; u8 *len; ie = wpabuf_alloc(257); if (ie == NULL) return NULL; len = p2p_buf_add_ie_hdr(ie); p2p_group_add_common_ies(group, ie); p2p_group_add_noa(ie, group->noa); /* P2P Device Info */ p2p_buf_add_device_info(ie, group->p2p, NULL); /* P2P Group Info */ group_info = wpabuf_put(ie, 0); wpabuf_put_u8(ie, P2P_ATTR_GROUP_INFO); wpabuf_put_le16(ie, 0); /* Length to be filled */ for (m = group->members; m; m = m->next) p2p_client_info(ie, m); WPA_PUT_LE16(group_info + 1, (u8 *) wpabuf_put(ie, 0) - group_info - 3); p2p_buf_update_ie_hdr(ie, len); #ifdef CONFIG_WFD wfd_add_wfd_ie(group->p2p->cfg->cb_ctx, group->p2p->wfd, ie); #endif return ie; }
static struct wpabuf * eap_fast_build_start(struct eap_sm *sm, struct eap_fast_data *data, u8 id) { struct wpabuf *req; req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_FAST, 1 + sizeof(struct pac_tlv_hdr) + data->srv_id_len, EAP_CODE_REQUEST, id); if (req == NULL) { wpa_printf(MSG_ERROR, "EAP-FAST: Failed to allocate memory for" " request"); eap_fast_state(data, FAILURE); return NULL; } wpabuf_put_u8(req, EAP_TLS_FLAGS_START | data->fast_version); /* RFC 4851, 4.1.1. Authority ID Data */ eap_fast_put_tlv(req, PAC_TYPE_A_ID, data->srv_id, data->srv_id_len); eap_fast_state(data, PHASE1); return req; }
static int ikev2_build_idi(struct ikev2_initiator_data *data, struct wpabuf *msg, u8 next_payload) { struct ikev2_payload_hdr *phdr; size_t plen; asd_printf(ASD_DEFAULT,MSG_DEBUG, "IKEV2: Adding IDi payload"); if (data->IDi == NULL) { asd_printf(ASD_DEFAULT,MSG_DEBUG, "IKEV2: No IDi available"); return -1; } /* IDi - RFC 4306, Sect. 3.5 */ phdr = wpabuf_put(msg, sizeof(*phdr)); phdr->next_payload = next_payload; phdr->flags = 0; wpabuf_put_u8(msg, ID_KEY_ID); wpabuf_put(msg, 3); /* RESERVED */ wpabuf_put_data(msg, data->IDi, data->IDi_len); plen = (u8 *) wpabuf_put(msg, 0) - (u8 *) phdr; WPA_PUT_BE16(phdr->payload_length, plen); return 0; }
void p2p_build_wps_ie(struct p2p_data *p2p, struct wpabuf *buf, u16 pw_id, int all_attr) { u8 *len; int i; wpabuf_put_u8(buf, WLAN_EID_VENDOR_SPECIFIC); len = wpabuf_put(buf, 1); wpabuf_put_be32(buf, WPS_DEV_OUI_WFA); wps_build_version(buf); if (all_attr) { wpabuf_put_be16(buf, ATTR_WPS_STATE); wpabuf_put_be16(buf, 1); wpabuf_put_u8(buf, WPS_STATE_NOT_CONFIGURED); } /* Device Password ID */ wpabuf_put_be16(buf, ATTR_DEV_PASSWORD_ID); wpabuf_put_be16(buf, 2); wpa_printf(MSG_DEBUG, "P2P: WPS IE Device Password ID: %d", pw_id); wpabuf_put_be16(buf, pw_id); if (all_attr) { size_t nlen; wpabuf_put_be16(buf, ATTR_RESPONSE_TYPE); wpabuf_put_be16(buf, 1); wpabuf_put_u8(buf, WPS_RESP_ENROLLEE_INFO); #if 0 /* FIX */ wps_build_uuid_e(buf, reg->wps->uuid); wps_build_manufacturer(dev, buf); wps_build_model_name(dev, buf); wps_build_model_number(dev, buf); wps_build_serial_number(dev, buf); #endif wpabuf_put_be16(buf, ATTR_PRIMARY_DEV_TYPE); wpabuf_put_be16(buf, WPS_DEV_TYPE_LEN); wpabuf_put_data(buf, p2p->cfg->pri_dev_type, WPS_DEV_TYPE_LEN); wpabuf_put_be16(buf, ATTR_DEV_NAME); nlen = p2p->cfg->dev_name ? os_strlen(p2p->cfg->dev_name) : 0; wpabuf_put_be16(buf, nlen); if (p2p->cfg->dev_name) wpabuf_put_data(buf, p2p->cfg->dev_name, nlen); wpabuf_put_be16(buf, ATTR_CONFIG_METHODS); wpabuf_put_be16(buf, 2); wpabuf_put_be16(buf, 0); /* FIX: ? */ } wps_build_wfa_ext(buf, 0, NULL, 0); if (all_attr && p2p->cfg->num_sec_dev_types) { wpabuf_put_be16(buf, ATTR_SECONDARY_DEV_TYPE_LIST); wpabuf_put_be16(buf, WPS_DEV_TYPE_LEN * p2p->cfg->num_sec_dev_types); wpabuf_put_data(buf, p2p->cfg->sec_dev_type, WPS_DEV_TYPE_LEN * p2p->cfg->num_sec_dev_types); } /* Add the WPS vendor extensions */ for (i = 0; i < P2P_MAX_WPS_VENDOR_EXT; i++) { if (p2p->wps_vendor_ext[i] == NULL) break; if (wpabuf_tailroom(buf) < 4 + wpabuf_len(p2p->wps_vendor_ext[i])) continue; wpabuf_put_be16(buf, ATTR_VENDOR_EXT); wpabuf_put_be16(buf, wpabuf_len(p2p->wps_vendor_ext[i])); wpabuf_put_buf(buf, p2p->wps_vendor_ext[i]); } p2p_buf_update_ie_hdr(buf, len); }
static void gas_server_send_resp(struct gas_server *gas, struct gas_server_handler *handler, const u8 *da, int freq, u8 dialog_token, struct wpabuf *query_resp) { size_t max_len = (freq > 56160) ? 928 : 1400; size_t hdr_len = 24 + 2 + 5 + 3 + handler->adv_proto_id_len + 2; size_t resp_frag_len; struct wpabuf *resp; u16 comeback_delay; struct gas_server_response *response; if (!query_resp) return; response = os_zalloc(sizeof(*response)); if (!response) return; wpa_printf(MSG_DEBUG, "DPP: Allocated GAS response @%p", response); response->freq = freq; response->handler = handler; os_memcpy(response->dst, da, ETH_ALEN); response->dialog_token = dialog_token; if (hdr_len + wpabuf_len(query_resp) > max_len) { /* Need to use comeback to initiate fragmentation */ comeback_delay = 1; resp_frag_len = 0; } else { /* Full response fits into the initial response */ comeback_delay = 0; resp_frag_len = wpabuf_len(query_resp); } resp = gas_build_initial_resp(dialog_token, WLAN_STATUS_SUCCESS, comeback_delay, handler->adv_proto_id_len + resp_frag_len); if (!resp) { gas_server_free_response(response); return; } /* Advertisement Protocol element */ wpabuf_put_u8(resp, WLAN_EID_ADV_PROTO); wpabuf_put_u8(resp, 1 + handler->adv_proto_id_len); /* Length */ wpabuf_put_u8(resp, 0x7f); /* Advertisement Protocol ID */ wpabuf_put_data(resp, handler->adv_proto_id, handler->adv_proto_id_len); /* Query Response Length */ wpabuf_put_le16(resp, resp_frag_len); if (!comeback_delay) wpabuf_put_buf(resp, query_resp); if (comeback_delay) { wpa_printf(MSG_DEBUG, "GAS: Need to fragment query response"); } else { wpa_printf(MSG_DEBUG, "GAS: Full query response fits in the GAS Initial Response frame"); } response->offset = resp_frag_len; response->resp = query_resp; dl_list_add(&gas->responses, &response->list); gas->tx(gas->ctx, freq, da, resp, comeback_delay ? 2000 : 0); wpabuf_free(resp); eloop_register_timeout(GAS_QUERY_TIMEOUT, 0, gas_server_response_timeout, response, NULL); }
static struct wpabuf * eap_pwd_build_confirm_req(struct eap_sm *sm, struct eap_pwd_data *data, u8 id) { struct wpabuf *req = NULL; BIGNUM *x = NULL, *y = NULL; HMAC_CTX ctx; u8 conf[SHA256_DIGEST_LENGTH], *cruft = NULL, *ptr; u16 grp; wpa_printf(MSG_DEBUG, "EAP-pwd: Confirm/Request"); /* Each component of the cruft will be at most as big as the prime */ if (((cruft = os_malloc(BN_num_bytes(data->grp->prime))) == NULL) || ((x = BN_new()) == NULL) || ((y = BN_new()) == NULL)) { wpa_printf(MSG_INFO, "EAP-PWD (server): debug allocation " "fail"); goto fin; } /* * commit is H(k | server_element | server_scalar | peer_element | * peer_scalar | ciphersuite) */ H_Init(&ctx); /* * Zero the memory each time because this is mod prime math and some * value may start with a few zeros and the previous one did not. * * First is k */ os_memset(cruft, 0, BN_num_bytes(data->grp->prime)); BN_bn2bin(data->k, cruft); H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime)); /* server element: x, y */ if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group, data->my_element, x, y, data->bnctx)) { wpa_printf(MSG_INFO, "EAP-PWD (server): confirm point " "assignment fail"); goto fin; } os_memset(cruft, 0, BN_num_bytes(data->grp->prime)); BN_bn2bin(x, cruft); H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime)); os_memset(cruft, 0, BN_num_bytes(data->grp->prime)); BN_bn2bin(y, cruft); H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime)); /* server scalar */ os_memset(cruft, 0, BN_num_bytes(data->grp->prime)); BN_bn2bin(data->my_scalar, cruft); H_Update(&ctx, cruft, BN_num_bytes(data->grp->order)); /* peer element: x, y */ if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group, data->peer_element, x, y, data->bnctx)) { wpa_printf(MSG_INFO, "EAP-PWD (server): confirm point " "assignment fail"); goto fin; } os_memset(cruft, 0, BN_num_bytes(data->grp->prime)); BN_bn2bin(x, cruft); H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime)); os_memset(cruft, 0, BN_num_bytes(data->grp->prime)); BN_bn2bin(y, cruft); H_Update(&ctx, cruft, BN_num_bytes(data->grp->prime)); /* peer scalar */ os_memset(cruft, 0, BN_num_bytes(data->grp->prime)); BN_bn2bin(data->peer_scalar, cruft); H_Update(&ctx, cruft, BN_num_bytes(data->grp->order)); /* ciphersuite */ grp = htons(data->group_num); os_memset(cruft, 0, BN_num_bytes(data->grp->prime)); ptr = cruft; os_memcpy(ptr, &grp, sizeof(u16)); ptr += sizeof(u16); *ptr = EAP_PWD_DEFAULT_RAND_FUNC; ptr += sizeof(u8); *ptr = EAP_PWD_DEFAULT_PRF; ptr += sizeof(u8); H_Update(&ctx, cruft, ptr-cruft); /* all done with the random function */ H_Final(&ctx, conf); os_memcpy(data->my_confirm, conf, SHA256_DIGEST_LENGTH); req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PWD, sizeof(struct eap_pwd_hdr) + SHA256_DIGEST_LENGTH, EAP_CODE_REQUEST, id); if (req == NULL) goto fin; wpabuf_put_u8(req, EAP_PWD_OPCODE_CONFIRM_EXCH); wpabuf_put_data(req, conf, SHA256_DIGEST_LENGTH); fin: os_free(cruft); BN_free(x); BN_free(y); if (req == NULL) eap_pwd_state(data, FAILURE); return req; }
static struct wpabuf * eap_pwd_build_commit_req(struct eap_sm *sm, struct eap_pwd_data *data, u8 id) { struct wpabuf *req = NULL; BIGNUM *mask = NULL, *x = NULL, *y = NULL; u8 *scalar = NULL, *element = NULL; u16 offset; wpa_printf(MSG_DEBUG, "EAP-pwd: Commit/Request"); if (((data->private_value = BN_new()) == NULL) || ((data->my_element = EC_POINT_new(data->grp->group)) == NULL) || ((data->my_scalar = BN_new()) == NULL) || ((mask = BN_new()) == NULL)) { wpa_printf(MSG_INFO, "EAP-PWD (server): scalar allocation " "fail"); goto fin; } BN_rand_range(data->private_value, data->grp->order); BN_rand_range(mask, data->grp->order); BN_add(data->my_scalar, data->private_value, mask); BN_mod(data->my_scalar, data->my_scalar, data->grp->order, data->bnctx); if (!EC_POINT_mul(data->grp->group, data->my_element, NULL, data->grp->pwe, mask, data->bnctx)) { wpa_printf(MSG_INFO, "EAP-PWD (server): element allocation " "fail"); eap_pwd_state(data, FAILURE); goto fin; } if (!EC_POINT_invert(data->grp->group, data->my_element, data->bnctx)) { wpa_printf(MSG_INFO, "EAP-PWD (server): element inversion " "fail"); goto fin; } BN_free(mask); if (((x = BN_new()) == NULL) || ((y = BN_new()) == NULL)) { wpa_printf(MSG_INFO, "EAP-PWD (server): point allocation " "fail"); goto fin; } if (!EC_POINT_get_affine_coordinates_GFp(data->grp->group, data->my_element, x, y, data->bnctx)) { wpa_printf(MSG_INFO, "EAP-PWD (server): point assignment " "fail"); goto fin; } if (((scalar = os_malloc(BN_num_bytes(data->grp->order))) == NULL) || ((element = os_malloc(BN_num_bytes(data->grp->prime) * 2)) == NULL)) { wpa_printf(MSG_INFO, "EAP-PWD (server): data allocation fail"); goto fin; } /* * bignums occupy as little memory as possible so one that is * sufficiently smaller than the prime or order might need pre-pending * with zeros. */ os_memset(scalar, 0, BN_num_bytes(data->grp->order)); os_memset(element, 0, BN_num_bytes(data->grp->prime) * 2); offset = BN_num_bytes(data->grp->order) - BN_num_bytes(data->my_scalar); BN_bn2bin(data->my_scalar, scalar + offset); offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(x); BN_bn2bin(x, element + offset); offset = BN_num_bytes(data->grp->prime) - BN_num_bytes(y); BN_bn2bin(y, element + BN_num_bytes(data->grp->prime) + offset); req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PWD, sizeof(struct eap_pwd_hdr) + (2 * BN_num_bytes(data->grp->prime)) + BN_num_bytes(data->grp->order), EAP_CODE_REQUEST, id); if (req == NULL) goto fin; wpabuf_put_u8(req, EAP_PWD_OPCODE_COMMIT_EXCH); /* We send the element as (x,y) followed by the scalar */ wpabuf_put_data(req, element, (2 * BN_num_bytes(data->grp->prime))); wpabuf_put_data(req, scalar, BN_num_bytes(data->grp->order)); fin: os_free(scalar); os_free(element); BN_free(x); BN_free(y); if (req == NULL) eap_pwd_state(data, FAILURE); return req; }
static struct wpabuf * eap_pwd_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret, const struct wpabuf *reqData) { struct eap_pwd_data *data = priv; struct wpabuf *resp = NULL; const u8 *pos, *buf; size_t len; u16 tot_len = 0; u8 lm_exch; pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_PWD, reqData, &len); if ((pos == NULL) || (len < 1)) { wpa_printf(MSG_DEBUG, "EAP-pwd: Got a frame but pos is %s and " "len is %d", pos == NULL ? "NULL" : "not NULL", (int) len); ret->ignore = TRUE; return NULL; } ret->ignore = FALSE; ret->methodState = METHOD_MAY_CONT; ret->decision = DECISION_FAIL; ret->allowNotifications = FALSE; lm_exch = *pos; pos++; /* skip over the bits and the exch */ len--; /* * we're fragmenting so send out the next fragment */ if (data->out_frag_pos) { /* * this should be an ACK */ if (len) wpa_printf(MSG_INFO, "Bad Response! Fragmenting but " "not an ACK"); wpa_printf(MSG_DEBUG, "EAP-pwd: Got an ACK for a fragment"); /* * check if there are going to be more fragments */ len = wpabuf_len(data->outbuf) - data->out_frag_pos; if ((len + EAP_PWD_HDR_SIZE) > data->mtu) { len = data->mtu - EAP_PWD_HDR_SIZE; EAP_PWD_SET_MORE_BIT(lm_exch); } resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PWD, EAP_PWD_HDR_SIZE + len, EAP_CODE_RESPONSE, eap_get_id(reqData)); if (resp == NULL) { wpa_printf(MSG_INFO, "Unable to allocate memory for " "next fragment!"); return NULL; } wpabuf_put_u8(resp, lm_exch); buf = wpabuf_head_u8(data->outbuf); wpabuf_put_data(resp, buf + data->out_frag_pos, len); data->out_frag_pos += len; /* * this is the last fragment so get rid of the out buffer */ if (data->out_frag_pos >= wpabuf_len(data->outbuf)) { wpabuf_free(data->outbuf); data->outbuf = NULL; data->out_frag_pos = 0; } wpa_printf(MSG_DEBUG, "EAP-pwd: Send %s fragment of %d bytes", data->out_frag_pos == 0 ? "last" : "next", (int) len); return resp; } /* * see if this is a fragment that needs buffering * * if it's the first fragment there'll be a length field */ if (EAP_PWD_GET_LENGTH_BIT(lm_exch)) { tot_len = WPA_GET_BE16(pos); wpa_printf(MSG_DEBUG, "EAP-pwd: Incoming fragments whose " "total length = %d", tot_len); data->inbuf = wpabuf_alloc(tot_len); if (data->inbuf == NULL) { wpa_printf(MSG_INFO, "Out of memory to buffer " "fragments!"); return NULL; } pos += sizeof(u16); len -= sizeof(u16); } /* * buffer and ACK the fragment */ if (EAP_PWD_GET_MORE_BIT(lm_exch)) { data->in_frag_pos += len; if (data->in_frag_pos > wpabuf_size(data->inbuf)) { wpa_printf(MSG_INFO, "EAP-pwd: Buffer overflow attack " "detected (%d vs. %d)!", (int) data->in_frag_pos, (int) wpabuf_len(data->inbuf)); wpabuf_free(data->inbuf); data->in_frag_pos = 0; return NULL; } wpabuf_put_data(data->inbuf, pos, len); resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PWD, EAP_PWD_HDR_SIZE, EAP_CODE_RESPONSE, eap_get_id(reqData)); if (resp != NULL) wpabuf_put_u8(resp, (EAP_PWD_GET_EXCHANGE(lm_exch))); wpa_printf(MSG_DEBUG, "EAP-pwd: ACKing a %d byte fragment", (int) len); return resp; } /* * we're buffering and this is the last fragment */ if (data->in_frag_pos) { wpabuf_put_data(data->inbuf, pos, len); wpa_printf(MSG_DEBUG, "EAP-pwd: Last fragment, %d bytes", (int) len); data->in_frag_pos += len; pos = wpabuf_head_u8(data->inbuf); len = data->in_frag_pos; } wpa_printf(MSG_DEBUG, "EAP-pwd: processing frame: exch %d, len %d", EAP_PWD_GET_EXCHANGE(lm_exch), (int) len); switch (EAP_PWD_GET_EXCHANGE(lm_exch)) { case EAP_PWD_OPCODE_ID_EXCH: eap_pwd_perform_id_exchange(sm, data, ret, reqData, pos, len); break; case EAP_PWD_OPCODE_COMMIT_EXCH: eap_pwd_perform_commit_exchange(sm, data, ret, reqData, pos, len); break; case EAP_PWD_OPCODE_CONFIRM_EXCH: eap_pwd_perform_confirm_exchange(sm, data, ret, reqData, pos, len); break; default: wpa_printf(MSG_INFO, "EAP-pwd: Ignoring message with unknown " "opcode %d", lm_exch); break; } /* * if we buffered the just processed input now's the time to free it */ if (data->in_frag_pos) { wpabuf_free(data->inbuf); data->in_frag_pos = 0; } if (data->outbuf == NULL) return NULL; /* generic failure */ /* * we have output! Do we need to fragment it? */ len = wpabuf_len(data->outbuf); if ((len + EAP_PWD_HDR_SIZE) > data->mtu) { resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PWD, data->mtu, EAP_CODE_RESPONSE, eap_get_id(reqData)); /* * if so it's the first so include a length field */ EAP_PWD_SET_LENGTH_BIT(lm_exch); EAP_PWD_SET_MORE_BIT(lm_exch); tot_len = len; /* * keep the packet at the MTU */ len = data->mtu - EAP_PWD_HDR_SIZE - sizeof(u16); wpa_printf(MSG_DEBUG, "EAP-pwd: Fragmenting output, total " "length = %d", tot_len); } else { resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PWD, EAP_PWD_HDR_SIZE + len, EAP_CODE_RESPONSE, eap_get_id(reqData)); } if (resp == NULL) return NULL; wpabuf_put_u8(resp, lm_exch); if (EAP_PWD_GET_LENGTH_BIT(lm_exch)) { wpabuf_put_be16(resp, tot_len); data->out_frag_pos += len; } buf = wpabuf_head_u8(data->outbuf); wpabuf_put_data(resp, buf, len); /* * if we're not fragmenting then there's no need to carry this around */ if (data->out_frag_pos == 0) { wpabuf_free(data->outbuf); data->outbuf = NULL; data->out_frag_pos = 0; } return resp; }