1/* 2 * IEEE 802.1X-2010 KaY Interface 3 * Copyright (c) 2013-2014, Qualcomm Atheros, Inc. 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9#include "utils/includes.h" 10 11#include "utils/common.h" 12#include "eap_peer/eap.h" 13#include "eap_peer/eap_i.h" 14#include "eapol_supp/eapol_supp_sm.h" 15#include "pae/ieee802_1x_key.h" 16#include "pae/ieee802_1x_kay.h" 17#include "wpa_supplicant_i.h" 18#include "config.h" 19#include "config_ssid.h" 20#include "driver_i.h" 21#include "wpas_kay.h" 22 23 24#define DEFAULT_KEY_LEN 16 25/* secure Connectivity Association Key Name (CKN) */ 26#define DEFAULT_CKN_LEN 16 27 28 29static int wpas_macsec_init(void *priv, struct macsec_init_params *params) 30{ 31 return wpa_drv_macsec_init(priv, params); 32} 33 34 35static int wpas_macsec_deinit(void *priv) 36{ 37 return wpa_drv_macsec_deinit(priv); 38} 39 40 41static int wpas_macsec_get_capability(void *priv, enum macsec_cap *cap) 42{ 43 return wpa_drv_macsec_get_capability(priv, cap); 44} 45 46 47static int wpas_enable_protect_frames(void *wpa_s, Boolean enabled) 48{ 49 return wpa_drv_enable_protect_frames(wpa_s, enabled); 50} 51 52 53static int wpas_enable_encrypt(void *wpa_s, Boolean enabled) 54{ 55 return wpa_drv_enable_encrypt(wpa_s, enabled); 56} 57 58 59static int wpas_set_replay_protect(void *wpa_s, Boolean enabled, u32 window) 60{ 61 return wpa_drv_set_replay_protect(wpa_s, enabled, window); 62} 63 64 65static int wpas_set_current_cipher_suite(void *wpa_s, u64 cs) 66{ 67 return wpa_drv_set_current_cipher_suite(wpa_s, cs); 68} 69 70 71static int wpas_enable_controlled_port(void *wpa_s, Boolean enabled) 72{ 73 return wpa_drv_enable_controlled_port(wpa_s, enabled); 74} 75 76 77static int wpas_get_receive_lowest_pn(void *wpa_s, struct receive_sa *sa) 78{ 79 return wpa_drv_get_receive_lowest_pn(wpa_s, sa); 80} 81 82 83static int wpas_get_transmit_next_pn(void *wpa_s, struct transmit_sa *sa) 84{ 85 return wpa_drv_get_transmit_next_pn(wpa_s, sa); 86} 87 88 89static int wpas_set_transmit_next_pn(void *wpa_s, struct transmit_sa *sa) 90{ 91 return wpa_drv_set_transmit_next_pn(wpa_s, sa); 92} 93 94 95static int wpas_set_receive_lowest_pn(void *wpa_s, struct receive_sa *sa) 96{ 97 return wpa_drv_set_receive_lowest_pn(wpa_s, sa); 98} 99 100 101static unsigned int conf_offset_val(enum confidentiality_offset co) 102{ 103 switch (co) { 104 case CONFIDENTIALITY_OFFSET_30: 105 return 30; 106 break; 107 case CONFIDENTIALITY_OFFSET_50: 108 return 50; 109 default: 110 return 0; 111 } 112} 113 114 115static int wpas_create_receive_sc(void *wpa_s, struct receive_sc *sc, 116 enum validate_frames vf, 117 enum confidentiality_offset co) 118{ 119 return wpa_drv_create_receive_sc(wpa_s, sc, conf_offset_val(co), vf); 120} 121 122 123static int wpas_delete_receive_sc(void *wpa_s, struct receive_sc *sc) 124{ 125 return wpa_drv_delete_receive_sc(wpa_s, sc); 126} 127 128 129static int wpas_create_receive_sa(void *wpa_s, struct receive_sa *sa) 130{ 131 return wpa_drv_create_receive_sa(wpa_s, sa); 132} 133 134 135static int wpas_delete_receive_sa(void *wpa_s, struct receive_sa *sa) 136{ 137 return wpa_drv_delete_receive_sa(wpa_s, sa); 138} 139 140 141static int wpas_enable_receive_sa(void *wpa_s, struct receive_sa *sa) 142{ 143 return wpa_drv_enable_receive_sa(wpa_s, sa); 144} 145 146 147static int wpas_disable_receive_sa(void *wpa_s, struct receive_sa *sa) 148{ 149 return wpa_drv_disable_receive_sa(wpa_s, sa); 150} 151 152 153static int 154wpas_create_transmit_sc(void *wpa_s, struct transmit_sc *sc, 155 enum confidentiality_offset co) 156{ 157 return wpa_drv_create_transmit_sc(wpa_s, sc, conf_offset_val(co)); 158} 159 160 161static int wpas_delete_transmit_sc(void *wpa_s, struct transmit_sc *sc) 162{ 163 return wpa_drv_delete_transmit_sc(wpa_s, sc); 164} 165 166 167static int wpas_create_transmit_sa(void *wpa_s, struct transmit_sa *sa) 168{ 169 return wpa_drv_create_transmit_sa(wpa_s, sa); 170} 171 172 173static int wpas_delete_transmit_sa(void *wpa_s, struct transmit_sa *sa) 174{ 175 return wpa_drv_delete_transmit_sa(wpa_s, sa); 176} 177 178 179static int wpas_enable_transmit_sa(void *wpa_s, struct transmit_sa *sa) 180{ 181 return wpa_drv_enable_transmit_sa(wpa_s, sa); 182} 183 184 185static int wpas_disable_transmit_sa(void *wpa_s, struct transmit_sa *sa) 186{ 187 return wpa_drv_disable_transmit_sa(wpa_s, sa); 188} 189 190 191int ieee802_1x_alloc_kay_sm(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid) 192{ 193 struct ieee802_1x_kay_ctx *kay_ctx; 194 struct ieee802_1x_kay *res = NULL; 195 enum macsec_policy policy; 196 197 ieee802_1x_dealloc_kay_sm(wpa_s); 198 199 if (!ssid || ssid->macsec_policy == 0) 200 return 0; 201 202 if (ssid->macsec_policy == 1) { 203 if (ssid->macsec_integ_only == 1) 204 policy = SHOULD_SECURE; 205 else 206 policy = SHOULD_ENCRYPT; 207 } else { 208 policy = DO_NOT_SECURE; 209 } 210 211 kay_ctx = os_zalloc(sizeof(*kay_ctx)); 212 if (!kay_ctx) 213 return -1; 214 215 kay_ctx->ctx = wpa_s; 216 217 kay_ctx->macsec_init = wpas_macsec_init; 218 kay_ctx->macsec_deinit = wpas_macsec_deinit; 219 kay_ctx->macsec_get_capability = wpas_macsec_get_capability; 220 kay_ctx->enable_protect_frames = wpas_enable_protect_frames; 221 kay_ctx->enable_encrypt = wpas_enable_encrypt; 222 kay_ctx->set_replay_protect = wpas_set_replay_protect; 223 kay_ctx->set_current_cipher_suite = wpas_set_current_cipher_suite; 224 kay_ctx->enable_controlled_port = wpas_enable_controlled_port; 225 kay_ctx->get_receive_lowest_pn = wpas_get_receive_lowest_pn; 226 kay_ctx->get_transmit_next_pn = wpas_get_transmit_next_pn; 227 kay_ctx->set_transmit_next_pn = wpas_set_transmit_next_pn; 228 kay_ctx->set_receive_lowest_pn = wpas_set_receive_lowest_pn; 229 kay_ctx->create_receive_sc = wpas_create_receive_sc; 230 kay_ctx->delete_receive_sc = wpas_delete_receive_sc; 231 kay_ctx->create_receive_sa = wpas_create_receive_sa; 232 kay_ctx->delete_receive_sa = wpas_delete_receive_sa; 233 kay_ctx->enable_receive_sa = wpas_enable_receive_sa; 234 kay_ctx->disable_receive_sa = wpas_disable_receive_sa; 235 kay_ctx->create_transmit_sc = wpas_create_transmit_sc; 236 kay_ctx->delete_transmit_sc = wpas_delete_transmit_sc; 237 kay_ctx->create_transmit_sa = wpas_create_transmit_sa; 238 kay_ctx->delete_transmit_sa = wpas_delete_transmit_sa; 239 kay_ctx->enable_transmit_sa = wpas_enable_transmit_sa; 240 kay_ctx->disable_transmit_sa = wpas_disable_transmit_sa; 241 242 res = ieee802_1x_kay_init(kay_ctx, policy, ssid->macsec_replay_protect, 243 ssid->macsec_replay_window, ssid->macsec_port, 244 ssid->mka_priority, wpa_s->ifname, 245 wpa_s->own_addr); 246 /* ieee802_1x_kay_init() frees kay_ctx on failure */ 247 if (res == NULL) 248 return -1; 249 250 wpa_s->kay = res; 251 252 return 0; 253} 254 255 256void ieee802_1x_dealloc_kay_sm(struct wpa_supplicant *wpa_s) 257{ 258 if (!wpa_s->kay) 259 return; 260 261 ieee802_1x_kay_deinit(wpa_s->kay); 262 wpa_s->kay = NULL; 263} 264 265 266static int ieee802_1x_auth_get_session_id(struct wpa_supplicant *wpa_s, 267 const u8 *addr, u8 *sid, size_t *len) 268{ 269 const u8 *session_id; 270 size_t id_len, need_len; 271 272 session_id = eapol_sm_get_session_id(wpa_s->eapol, &id_len); 273 if (session_id == NULL) { 274 wpa_printf(MSG_DEBUG, 275 "Failed to get SessionID from EAPOL state machines"); 276 return -1; 277 } 278 279 need_len = 1 + 2 * 32 /* random size */; 280 if (need_len > id_len) { 281 wpa_printf(MSG_DEBUG, "EAP Session-Id not long enough"); 282 return -1; 283 } 284 285 os_memcpy(sid, session_id, need_len); 286 *len = need_len; 287 288 return 0; 289} 290 291 292static int ieee802_1x_auth_get_msk(struct wpa_supplicant *wpa_s, const u8 *addr, 293 u8 *msk, size_t *len) 294{ 295 u8 key[EAP_MSK_LEN]; 296 size_t keylen; 297 struct eapol_sm *sm; 298 int res; 299 300 sm = wpa_s->eapol; 301 if (sm == NULL) 302 return -1; 303 304 keylen = EAP_MSK_LEN; 305 res = eapol_sm_get_key(sm, key, keylen); 306 if (res) { 307 wpa_printf(MSG_DEBUG, 308 "Failed to get MSK from EAPOL state machines"); 309 return -1; 310 } 311 312 if (keylen > *len) 313 keylen = *len; 314 os_memcpy(msk, key, keylen); 315 *len = keylen; 316 317 return 0; 318} 319 320 321void * ieee802_1x_notify_create_actor(struct wpa_supplicant *wpa_s, 322 const u8 *peer_addr) 323{ 324 u8 *sid; 325 size_t sid_len = 128; 326 struct mka_key_name *ckn; 327 struct mka_key *cak; 328 struct mka_key *msk; 329 void *res = NULL; 330 331 if (!wpa_s->kay || wpa_s->kay->policy == DO_NOT_SECURE) 332 return NULL; 333 334 wpa_printf(MSG_DEBUG, 335 "IEEE 802.1X: External notification - Create MKA for " 336 MACSTR, MAC2STR(peer_addr)); 337 338 msk = os_zalloc(sizeof(*msk)); 339 sid = os_zalloc(sid_len); 340 ckn = os_zalloc(sizeof(*ckn)); 341 cak = os_zalloc(sizeof(*cak)); 342 if (!msk || !sid || !ckn || !cak) 343 goto fail; 344 345 msk->len = DEFAULT_KEY_LEN; 346 if (ieee802_1x_auth_get_msk(wpa_s, wpa_s->bssid, msk->key, &msk->len)) { 347 wpa_printf(MSG_ERROR, "IEEE 802.1X: Could not get MSK"); 348 goto fail; 349 } 350 351 if (ieee802_1x_auth_get_session_id(wpa_s, wpa_s->bssid, sid, &sid_len)) 352 { 353 wpa_printf(MSG_ERROR, 354 "IEEE 802.1X: Could not get EAP Session Id"); 355 goto fail; 356 } 357 358 /* Derive CAK from MSK */ 359 cak->len = DEFAULT_KEY_LEN; 360 if (ieee802_1x_cak_aes_cmac(msk->key, msk->len, wpa_s->own_addr, 361 peer_addr, cak->key, cak->len)) { 362 wpa_printf(MSG_ERROR, 363 "IEEE 802.1X: Deriving CAK failed"); 364 goto fail; 365 } 366 wpa_hexdump_key(MSG_DEBUG, "Derived CAK", cak->key, cak->len); 367 368 /* Derive CKN from MSK */ 369 ckn->len = DEFAULT_CKN_LEN; 370 if (ieee802_1x_ckn_aes_cmac(msk->key, msk->len, wpa_s->own_addr, 371 peer_addr, sid, sid_len, ckn->name)) { 372 wpa_printf(MSG_ERROR, 373 "IEEE 802.1X: Deriving CKN failed"); 374 goto fail; 375 } 376 wpa_hexdump(MSG_DEBUG, "Derived CKN", ckn->name, ckn->len); 377 378 res = ieee802_1x_kay_create_mka(wpa_s->kay, ckn, cak, 0, 379 EAP_EXCHANGE, FALSE); 380 381fail: 382 if (msk) { 383 os_memset(msk, 0, sizeof(*msk)); 384 os_free(msk); 385 } 386 os_free(sid); 387 os_free(ckn); 388 if (cak) { 389 os_memset(cak, 0, sizeof(*cak)); 390 os_free(cak); 391 } 392 393 return res; 394} 395 396 397void * ieee802_1x_create_preshared_mka(struct wpa_supplicant *wpa_s, 398 struct wpa_ssid *ssid) 399{ 400 struct mka_key *cak; 401 struct mka_key_name *ckn; 402 void *res = NULL; 403 404 if ((ssid->mka_psk_set & MKA_PSK_SET) != MKA_PSK_SET) 405 goto end; 406 407 ckn = os_zalloc(sizeof(*ckn)); 408 if (!ckn) 409 goto end; 410 411 cak = os_zalloc(sizeof(*cak)); 412 if (!cak) 413 goto free_ckn; 414 415 if (ieee802_1x_alloc_kay_sm(wpa_s, ssid) < 0 || !wpa_s->kay) 416 goto free_cak; 417 418 if (wpa_s->kay->policy == DO_NOT_SECURE) 419 goto dealloc; 420 421 cak->len = ssid->mka_cak_len; 422 os_memcpy(cak->key, ssid->mka_cak, cak->len); 423 424 ckn->len = ssid->mka_ckn_len; 425 os_memcpy(ckn->name, ssid->mka_ckn, ckn->len); 426 427 res = ieee802_1x_kay_create_mka(wpa_s->kay, ckn, cak, 0, PSK, FALSE); 428 if (res) 429 goto free_cak; 430 431dealloc: 432 /* Failed to create MKA */ 433 ieee802_1x_dealloc_kay_sm(wpa_s); 434free_cak: 435 os_free(cak); 436free_ckn: 437 os_free(ckn); 438end: 439 return res; 440} 441