iwd/src/ftutil.c

/*
 *
 *  Wireless daemon for Linux
 *
 *  Copyright (C) 2017  Intel Corporation. All rights reserved.
 *
 *  This library is free software; you can redistribute it and/or
 *  modify it under the terms of the GNU Lesser General Public
 *  License as published by the Free Software Foundation; either
 *  version 2.1 of the License, or (at your option) any later version.
 *
 *  This library is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 *  Lesser General Public License for more details.
 *
 *  You should have received a copy of the GNU Lesser General Public
 *  License along with this library; if not, write to the Free Software
 *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 *
 */

#ifdef HAVE_CONFIG_H
#include <config.h>
#endif

#include "linux/nl80211.h"

#include <ell/ell.h>

#include "src/ie.h"
#include "src/handshake.h"
#include "src/crypto.h"
#include "src/ftutil.h"
#include "src/mpdu.h"

/*
 * Calculate the MIC field of the FTE and write it directly to that FTE,
 * assuming it was all zeros before.  See 12.8.4 and 12.8.5.
 */
bool ft_calculate_fte_mic(struct handshake_state *hs, uint8_t seq_num,
				const uint8_t *rsne, const uint8_t *fte,
				const uint8_t *ric, uint8_t *out_mic)
{
	struct iovec iov[10];
	int iov_elems = 0;
	struct l_checksum *checksum;
	const uint8_t *kck = handshake_state_get_kck(hs);
	uint8_t zero_mic[16] = {};

	iov[iov_elems].iov_base = hs->spa;
	iov[iov_elems++].iov_len = 6;

	iov[iov_elems].iov_base = hs->aa;
	iov[iov_elems++].iov_len = 6;

	iov[iov_elems].iov_base = &seq_num;
	iov[iov_elems++].iov_len = 1;

	if (rsne) {
		iov[iov_elems].iov_base = (void *) rsne;
		iov[iov_elems++].iov_len = rsne[1] + 2;
	}

	iov[iov_elems].iov_base = hs->mde;
	iov[iov_elems++].iov_len = hs->mde[1] + 2;

	if (fte) {
		iov[iov_elems].iov_base = (void *) fte;
		iov[iov_elems++].iov_len = 4;

		iov[iov_elems].iov_base = zero_mic;
		iov[iov_elems++].iov_len = 16;

		iov[iov_elems].iov_base = (void *) (fte + 20);
		iov[iov_elems++].iov_len = fte[1] + 2 - 20;
	}

	if (ric) {
		iov[iov_elems].iov_base = (void *) ric;
		iov[iov_elems++].iov_len = ric[1] + 2;
	}

	checksum = l_checksum_new_cmac_aes(kck, 16);
	if (!checksum)
		return false;

	l_checksum_updatev(checksum, iov, iov_elems);
	l_checksum_get_digest(checksum, out_mic, 16);
	l_checksum_free(checksum);

	return true;
}

/*
 * Validate the FC, the addresses, Auth Type and authentication sequence
 * number of an FT Authentication Response frame, return status code, and
 * the start of the IE array (RSN, MD, FT, TI and RIC).
 * See 8.3.3.1 for the header and 8.3.3.11 for the body format.
 */
bool ft_parse_authentication_resp_frame(const uint8_t *data, size_t len,
				const uint8_t *addr1, const uint8_t *addr2,
				const uint8_t *addr3, uint16_t auth_seq,
				uint16_t *out_status, const uint8_t **out_ies,
				size_t *out_ies_len)
{
	const uint16_t frame_type = 0x00b0;
	uint16_t status = 0;

	if (len < 30)
		return false;

	/* Check FC == Management Frame -> Authentication */
	if (l_get_le16(data + 0) != frame_type)
		return false;

	if (memcmp(data + 4, addr1, 6))
		return false;
	if (memcmp(data + 10, addr2, 6))
		return false;
	if (memcmp(data + 16, addr3, 6))
		return false;

	/* Check Authentication algorithm number is FT */
	if (l_get_le16(data + 24) != NL80211_AUTHTYPE_FT)
		return false;

	if (l_get_le16(data + 26) != auth_seq)
		return false;

	if (auth_seq == 2 || auth_seq == 4)
		status = l_get_le16(data + 28);

	if (out_status)
		*out_status = status;

	if (status == 0 && out_ies) {
		*out_ies = data + 28;
		*out_ies_len = len - 28;
	}

	return true;
}

bool ft_parse_associate_resp_frame(const uint8_t *frame, size_t frame_len,
				uint16_t *out_status, const uint8_t **rsne,
				const uint8_t **mde, const uint8_t **fte)
{
	const struct mmpdu_header *mpdu;
	const struct mmpdu_association_response *body;
	struct ie_tlv_iter iter;

	mpdu = mpdu_validate(frame, frame_len);
	if (!mpdu)
		return false;

	body = mmpdu_body(mpdu);

	ie_tlv_iter_init(&iter, body->ies, (const uint8_t *) mpdu + frame_len -
				body->ies);

	while (ie_tlv_iter_next(&iter)) {
		switch (ie_tlv_iter_get_tag(&iter)) {
		case IE_TYPE_RSN:
			if (*rsne)
				return false;

			*rsne = ie_tlv_iter_get_data(&iter) - 2;
			break;

		case IE_TYPE_MOBILITY_DOMAIN:
			if (*mde)
				return false;

			*mde = ie_tlv_iter_get_data(&iter) - 2;
			break;

		case IE_TYPE_FAST_BSS_TRANSITION:
			if (*fte)
				return false;

			*fte = ie_tlv_iter_get_data(&iter) - 2;
			break;
		}
	}

	*out_status = body->status_code;

	return true;
}
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request. 2017-01-12 09:36:01 +01:00			`/*`
			`*`
			`* Wireless daemon for Linux`
			`*`
			`* Copyright (C) 2017 Intel Corporation. All rights reserved.`
			`*`
			`* This library is free software; you can redistribute it and/or`
			`* modify it under the terms of the GNU Lesser General Public`
			`* License as published by the Free Software Foundation; either`
			`* version 2.1 of the License, or (at your option) any later version.`
			`*`
			`* This library is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU`
			`* Lesser General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU Lesser General Public`
			`* License along with this library; if not, write to the Free Software`
			`* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA`
			`*`
			`*/`

			`#ifdef HAVE_CONFIG_H`
			`#include <config.h>`
			`#endif`

			`#include "linux/nl80211.h"`

			`#include <ell/ell.h>`

			`#include "src/ie.h"`
			`#include "src/handshake.h"`
			`#include "src/crypto.h"`
			`#include "src/ftutil.h"`
ftutil: add associate parser Helper to obtain RSNE, MDE, and FTE from associate frame. 2019-03-05 18:12:30 +01:00			`#include "src/mpdu.h"`
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request. 2017-01-12 09:36:01 +01:00
			`/*`
			`* Calculate the MIC field of the FTE and write it directly to that FTE,`
			`* assuming it was all zeros before. See 12.8.4 and 12.8.5.`
			`*/`
			`bool ft_calculate_fte_mic(struct handshake_state *hs, uint8_t seq_num,`
			`const uint8_t rsne, const uint8_t fte,`
			`const uint8_t ric, uint8_t out_mic)`
			`{`
			`struct iovec iov[10];`
			`int iov_elems = 0;`
			`struct l_checksum *checksum;`
crypto/handshake/eapol: Allow other PTK lengths The crypto_ptk was hard coded for 16 byte KCK/KEK. Depending on the AKM these can be up to 32 bytes. This changes completely removes the crypto_ptk struct and adds getters to the handshake object for the kck and kek. Like before the PTK is derived into a continuous buffer, and the kck/kek getters take care of returning the proper key offset depending on AKM. To allow for larger than 16 byte keys aes_unwrap needed to be modified to take the kek length. 2019-01-17 21:25:30 +01:00			`const uint8_t *kck = handshake_state_get_kck(hs);`
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request. 2017-01-12 09:36:01 +01:00			`uint8_t zero_mic[16] = {};`

			`iov[iov_elems].iov_base = hs->spa;`
			`iov[iov_elems++].iov_len = 6;`

			`iov[iov_elems].iov_base = hs->aa;`
			`iov[iov_elems++].iov_len = 6;`

			`iov[iov_elems].iov_base = &seq_num;`
			`iov[iov_elems++].iov_len = 1;`

			`if (rsne) {`
			`iov[iov_elems].iov_base = (void *) rsne;`
			`iov[iov_elems++].iov_len = rsne[1] + 2;`
			`}`

			`iov[iov_elems].iov_base = hs->mde;`
			`iov[iov_elems++].iov_len = hs->mde[1] + 2;`

			`if (fte) {`
			`iov[iov_elems].iov_base = (void *) fte;`
			`iov[iov_elems++].iov_len = 4;`

			`iov[iov_elems].iov_base = zero_mic;`
			`iov[iov_elems++].iov_len = 16;`

			`iov[iov_elems].iov_base = (void *) (fte + 20);`
			`iov[iov_elems++].iov_len = fte[1] + 2 - 20;`
			`}`

			`if (ric) {`
			`iov[iov_elems].iov_base = (void *) ric;`
			`iov[iov_elems++].iov_len = ric[1] + 2;`
			`}`

crypto/handshake/eapol: Allow other PTK lengths The crypto_ptk was hard coded for 16 byte KCK/KEK. Depending on the AKM these can be up to 32 bytes. This changes completely removes the crypto_ptk struct and adds getters to the handshake object for the kck and kek. Like before the PTK is derived into a continuous buffer, and the kck/kek getters take care of returning the proper key offset depending on AKM. To allow for larger than 16 byte keys aes_unwrap needed to be modified to take the kek length. 2019-01-17 21:25:30 +01:00			`checksum = l_checksum_new_cmac_aes(kck, 16);`
netdev: Handle the FT Authentication Response message Parse the second message of the FT transition, validate and build the third message, the Reassociation Request. 2017-01-12 09:36:01 +01:00			`if (!checksum)`
			`return false;`

			`l_checksum_updatev(checksum, iov, iov_elems);`
			`l_checksum_get_digest(checksum, out_mic, 16);`
			`l_checksum_free(checksum);`

			`return true;`
			`}`

			`/*`
			`* Validate the FC, the addresses, Auth Type and authentication sequence`
			`* number of an FT Authentication Response frame, return status code, and`
			`* the start of the IE array (RSN, MD, FT, TI and RIC).`
			`* See 8.3.3.1 for the header and 8.3.3.11 for the body format.`
			`*/`
			`bool ft_parse_authentication_resp_frame(const uint8_t *data, size_t len,`
			`const uint8_t addr1, const uint8_t addr2,`
			`const uint8_t *addr3, uint16_t auth_seq,`
			`uint16_t out_status, const uint8_t *out_ies,`
			`size_t *out_ies_len)`
			`{`
			`const uint16_t frame_type = 0x00b0;`
			`uint16_t status = 0;`

			`if (len < 30)`
			`return false;`

			`/* Check FC == Management Frame -> Authentication */`
			`if (l_get_le16(data + 0) != frame_type)`
			`return false;`

			`if (memcmp(data + 4, addr1, 6))`
			`return false;`
			`if (memcmp(data + 10, addr2, 6))`
			`return false;`
			`if (memcmp(data + 16, addr3, 6))`
			`return false;`

			`/* Check Authentication algorithm number is FT */`
			`if (l_get_le16(data + 24) != NL80211_AUTHTYPE_FT)`
			`return false;`

			`if (l_get_le16(data + 26) != auth_seq)`
			`return false;`

			`if (auth_seq == 2 \|\| auth_seq == 4)`
			`status = l_get_le16(data + 28);`

			`if (out_status)`
			`*out_status = status;`

			`if (status == 0 && out_ies) {`
			`*out_ies = data + 28;`
			`*out_ies_len = len - 28;`
			`}`

			`return true;`
			`}`
ftutil: add associate parser Helper to obtain RSNE, MDE, and FTE from associate frame. 2019-03-05 18:12:30 +01:00
			`bool ft_parse_associate_resp_frame(const uint8_t *frame, size_t frame_len,`
			`uint16_t out_status, const uint8_t *rsne,`
			`const uint8_t mde, const uint8_t fte)`
			`{`
			`const struct mmpdu_header *mpdu;`
			`const struct mmpdu_association_response *body;`
			`struct ie_tlv_iter iter;`

			`mpdu = mpdu_validate(frame, frame_len);`
			`if (!mpdu)`
			`return false;`

			`body = mmpdu_body(mpdu);`

			`ie_tlv_iter_init(&iter, body->ies, (const uint8_t *) mpdu + frame_len -`
			`body->ies);`

			`while (ie_tlv_iter_next(&iter)) {`
			`switch (ie_tlv_iter_get_tag(&iter)) {`
			`case IE_TYPE_RSN:`
			`if (*rsne)`
			`return false;`

			`*rsne = ie_tlv_iter_get_data(&iter) - 2;`
			`break;`

			`case IE_TYPE_MOBILITY_DOMAIN:`
			`if (*mde)`
			`return false;`

			`*mde = ie_tlv_iter_get_data(&iter) - 2;`
			`break;`

			`case IE_TYPE_FAST_BSS_TRANSITION:`
			`if (*fte)`
			`return false;`

			`*fte = ie_tlv_iter_get_data(&iter) - 2;`
			`break;`
			`}`
			`}`

			`*out_status = body->status_code;`

			`return true;`
			`}`