|
@@ -403,6 +403,144 @@ int wpa_parse_wpa_ie_rsn(const u8 *rsn_ie, size_t rsn_ie_len,
|
|
|
}
|
|
|
|
|
|
|
|
|
+static int wpa_selector_to_bitfield(const u8 *s)
|
|
|
+{
|
|
|
+ if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_NONE)
|
|
|
+ return WPA_CIPHER_NONE;
|
|
|
+ if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_WEP40)
|
|
|
+ return WPA_CIPHER_WEP40;
|
|
|
+ if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_TKIP)
|
|
|
+ return WPA_CIPHER_TKIP;
|
|
|
+ if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_CCMP)
|
|
|
+ return WPA_CIPHER_CCMP;
|
|
|
+ if (RSN_SELECTOR_GET(s) == WPA_CIPHER_SUITE_WEP104)
|
|
|
+ return WPA_CIPHER_WEP104;
|
|
|
+ return 0;
|
|
|
+}
|
|
|
+
|
|
|
+
|
|
|
+static int wpa_key_mgmt_to_bitfield(const u8 *s)
|
|
|
+{
|
|
|
+ if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_UNSPEC_802_1X)
|
|
|
+ return WPA_KEY_MGMT_IEEE8021X;
|
|
|
+ if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_PSK_OVER_802_1X)
|
|
|
+ return WPA_KEY_MGMT_PSK;
|
|
|
+ if (RSN_SELECTOR_GET(s) == WPA_AUTH_KEY_MGMT_NONE)
|
|
|
+ return WPA_KEY_MGMT_WPA_NONE;
|
|
|
+ return 0;
|
|
|
+}
|
|
|
+
|
|
|
+
|
|
|
+int wpa_parse_wpa_ie_wpa(const u8 *wpa_ie, size_t wpa_ie_len,
|
|
|
+ struct wpa_ie_data *data)
|
|
|
+{
|
|
|
+ const struct wpa_ie_hdr *hdr;
|
|
|
+ const u8 *pos;
|
|
|
+ int left;
|
|
|
+ int i, count;
|
|
|
+
|
|
|
+ os_memset(data, 0, sizeof(*data));
|
|
|
+ data->proto = WPA_PROTO_WPA;
|
|
|
+ data->pairwise_cipher = WPA_CIPHER_TKIP;
|
|
|
+ data->group_cipher = WPA_CIPHER_TKIP;
|
|
|
+ data->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
|
|
|
+ data->capabilities = 0;
|
|
|
+ data->pmkid = NULL;
|
|
|
+ data->num_pmkid = 0;
|
|
|
+ data->mgmt_group_cipher = 0;
|
|
|
+
|
|
|
+ if (wpa_ie_len == 0) {
|
|
|
+ /* No WPA IE - fail silently */
|
|
|
+ return -1;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (wpa_ie_len < sizeof(struct wpa_ie_hdr)) {
|
|
|
+ wpa_printf(MSG_DEBUG, "%s: ie len too short %lu",
|
|
|
+ __func__, (unsigned long) wpa_ie_len);
|
|
|
+ return -1;
|
|
|
+ }
|
|
|
+
|
|
|
+ hdr = (const struct wpa_ie_hdr *) wpa_ie;
|
|
|
+
|
|
|
+ if (hdr->elem_id != WLAN_EID_VENDOR_SPECIFIC ||
|
|
|
+ hdr->len != wpa_ie_len - 2 ||
|
|
|
+ RSN_SELECTOR_GET(hdr->oui) != WPA_OUI_TYPE ||
|
|
|
+ WPA_GET_LE16(hdr->version) != WPA_VERSION) {
|
|
|
+ wpa_printf(MSG_DEBUG, "%s: malformed ie or unknown version",
|
|
|
+ __func__);
|
|
|
+ return -2;
|
|
|
+ }
|
|
|
+
|
|
|
+ pos = (const u8 *) (hdr + 1);
|
|
|
+ left = wpa_ie_len - sizeof(*hdr);
|
|
|
+
|
|
|
+ if (left >= WPA_SELECTOR_LEN) {
|
|
|
+ data->group_cipher = wpa_selector_to_bitfield(pos);
|
|
|
+ pos += WPA_SELECTOR_LEN;
|
|
|
+ left -= WPA_SELECTOR_LEN;
|
|
|
+ } else if (left > 0) {
|
|
|
+ wpa_printf(MSG_DEBUG, "%s: ie length mismatch, %u too much",
|
|
|
+ __func__, left);
|
|
|
+ return -3;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (left >= 2) {
|
|
|
+ data->pairwise_cipher = 0;
|
|
|
+ count = WPA_GET_LE16(pos);
|
|
|
+ pos += 2;
|
|
|
+ left -= 2;
|
|
|
+ if (count == 0 || left < count * WPA_SELECTOR_LEN) {
|
|
|
+ wpa_printf(MSG_DEBUG, "%s: ie count botch (pairwise), "
|
|
|
+ "count %u left %u", __func__, count, left);
|
|
|
+ return -4;
|
|
|
+ }
|
|
|
+ for (i = 0; i < count; i++) {
|
|
|
+ data->pairwise_cipher |= wpa_selector_to_bitfield(pos);
|
|
|
+ pos += WPA_SELECTOR_LEN;
|
|
|
+ left -= WPA_SELECTOR_LEN;
|
|
|
+ }
|
|
|
+ } else if (left == 1) {
|
|
|
+ wpa_printf(MSG_DEBUG, "%s: ie too short (for key mgmt)",
|
|
|
+ __func__);
|
|
|
+ return -5;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (left >= 2) {
|
|
|
+ data->key_mgmt = 0;
|
|
|
+ count = WPA_GET_LE16(pos);
|
|
|
+ pos += 2;
|
|
|
+ left -= 2;
|
|
|
+ if (count == 0 || left < count * WPA_SELECTOR_LEN) {
|
|
|
+ wpa_printf(MSG_DEBUG, "%s: ie count botch (key mgmt), "
|
|
|
+ "count %u left %u", __func__, count, left);
|
|
|
+ return -6;
|
|
|
+ }
|
|
|
+ for (i = 0; i < count; i++) {
|
|
|
+ data->key_mgmt |= wpa_key_mgmt_to_bitfield(pos);
|
|
|
+ pos += WPA_SELECTOR_LEN;
|
|
|
+ left -= WPA_SELECTOR_LEN;
|
|
|
+ }
|
|
|
+ } else if (left == 1) {
|
|
|
+ wpa_printf(MSG_DEBUG, "%s: ie too short (for capabilities)",
|
|
|
+ __func__);
|
|
|
+ return -7;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (left >= 2) {
|
|
|
+ data->capabilities = WPA_GET_LE16(pos);
|
|
|
+ pos += 2;
|
|
|
+ left -= 2;
|
|
|
+ }
|
|
|
+
|
|
|
+ if (left > 0) {
|
|
|
+ wpa_printf(MSG_DEBUG, "%s: ie has %u trailing bytes - ignored",
|
|
|
+ __func__, left);
|
|
|
+ }
|
|
|
+
|
|
|
+ return 0;
|
|
|
+}
|
|
|
+
|
|
|
+
|
|
|
#ifdef CONFIG_IEEE80211R
|
|
|
|
|
|
/**
|