1/*
2 * IEEE 802.1X-2010 KaY Interface
3 * Copyright (c) 2013-2014, Qualcomm Atheros, Inc.
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9#include "utils/includes.h"
10
11#include "utils/common.h"
12#include "eap_peer/eap.h"
13#include "eap_peer/eap_i.h"
14#include "eapol_supp/eapol_supp_sm.h"
15#include "pae/ieee802_1x_key.h"
16#include "pae/ieee802_1x_kay.h"
17#include "wpa_supplicant_i.h"
18#include "config.h"
19#include "config_ssid.h"
20#include "driver_i.h"
21#include "wpas_kay.h"
22
23
24#define DEFAULT_KEY_LEN		16
25/* secure Connectivity Association Key Name (CKN) */
26#define DEFAULT_CKN_LEN		16
27
28
29static int wpas_macsec_init(void *priv, struct macsec_init_params *params)
30{
31	return wpa_drv_macsec_init(priv, params);
32}
33
34
35static int wpas_macsec_deinit(void *priv)
36{
37	return wpa_drv_macsec_deinit(priv);
38}
39
40
41static int wpas_macsec_get_capability(void *priv, enum macsec_cap *cap)
42{
43	return wpa_drv_macsec_get_capability(priv, cap);
44}
45
46
47static int wpas_enable_protect_frames(void *wpa_s, Boolean enabled)
48{
49	return wpa_drv_enable_protect_frames(wpa_s, enabled);
50}
51
52
53static int wpas_enable_encrypt(void *wpa_s, Boolean enabled)
54{
55	return wpa_drv_enable_encrypt(wpa_s, enabled);
56}
57
58
59static int wpas_set_replay_protect(void *wpa_s, Boolean enabled, u32 window)
60{
61	return wpa_drv_set_replay_protect(wpa_s, enabled, window);
62}
63
64
65static int wpas_set_current_cipher_suite(void *wpa_s, u64 cs)
66{
67	return wpa_drv_set_current_cipher_suite(wpa_s, cs);
68}
69
70
71static int wpas_enable_controlled_port(void *wpa_s, Boolean enabled)
72{
73	return wpa_drv_enable_controlled_port(wpa_s, enabled);
74}
75
76
77static int wpas_get_receive_lowest_pn(void *wpa_s, struct receive_sa *sa)
78{
79	return wpa_drv_get_receive_lowest_pn(wpa_s, sa);
80}
81
82
83static int wpas_get_transmit_next_pn(void *wpa_s, struct transmit_sa *sa)
84{
85	return wpa_drv_get_transmit_next_pn(wpa_s, sa);
86}
87
88
89static int wpas_set_transmit_next_pn(void *wpa_s, struct transmit_sa *sa)
90{
91	return wpa_drv_set_transmit_next_pn(wpa_s, sa);
92}
93
94
95static int wpas_set_receive_lowest_pn(void *wpa_s, struct receive_sa *sa)
96{
97	return wpa_drv_set_receive_lowest_pn(wpa_s, sa);
98}
99
100
101static unsigned int conf_offset_val(enum confidentiality_offset co)
102{
103	switch (co) {
104	case CONFIDENTIALITY_OFFSET_30:
105		return 30;
106		break;
107	case CONFIDENTIALITY_OFFSET_50:
108		return 50;
109	default:
110		return 0;
111	}
112}
113
114
115static int wpas_create_receive_sc(void *wpa_s, struct receive_sc *sc,
116				  enum validate_frames vf,
117				  enum confidentiality_offset co)
118{
119	return wpa_drv_create_receive_sc(wpa_s, sc, conf_offset_val(co), vf);
120}
121
122
123static int wpas_delete_receive_sc(void *wpa_s, struct receive_sc *sc)
124{
125	return wpa_drv_delete_receive_sc(wpa_s, sc);
126}
127
128
129static int wpas_create_receive_sa(void *wpa_s, struct receive_sa *sa)
130{
131	return wpa_drv_create_receive_sa(wpa_s, sa);
132}
133
134
135static int wpas_delete_receive_sa(void *wpa_s, struct receive_sa *sa)
136{
137	return wpa_drv_delete_receive_sa(wpa_s, sa);
138}
139
140
141static int wpas_enable_receive_sa(void *wpa_s, struct receive_sa *sa)
142{
143	return wpa_drv_enable_receive_sa(wpa_s, sa);
144}
145
146
147static int wpas_disable_receive_sa(void *wpa_s, struct receive_sa *sa)
148{
149	return wpa_drv_disable_receive_sa(wpa_s, sa);
150}
151
152
153static int
154wpas_create_transmit_sc(void *wpa_s, struct transmit_sc *sc,
155			enum confidentiality_offset co)
156{
157	return wpa_drv_create_transmit_sc(wpa_s, sc, conf_offset_val(co));
158}
159
160
161static int wpas_delete_transmit_sc(void *wpa_s, struct transmit_sc *sc)
162{
163	return wpa_drv_delete_transmit_sc(wpa_s, sc);
164}
165
166
167static int wpas_create_transmit_sa(void *wpa_s, struct transmit_sa *sa)
168{
169	return wpa_drv_create_transmit_sa(wpa_s, sa);
170}
171
172
173static int wpas_delete_transmit_sa(void *wpa_s, struct transmit_sa *sa)
174{
175	return wpa_drv_delete_transmit_sa(wpa_s, sa);
176}
177
178
179static int wpas_enable_transmit_sa(void *wpa_s, struct transmit_sa *sa)
180{
181	return wpa_drv_enable_transmit_sa(wpa_s, sa);
182}
183
184
185static int wpas_disable_transmit_sa(void *wpa_s, struct transmit_sa *sa)
186{
187	return wpa_drv_disable_transmit_sa(wpa_s, sa);
188}
189
190
191int ieee802_1x_alloc_kay_sm(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
192{
193	struct ieee802_1x_kay_ctx *kay_ctx;
194	struct ieee802_1x_kay *res = NULL;
195	enum macsec_policy policy;
196
197	ieee802_1x_dealloc_kay_sm(wpa_s);
198
199	if (!ssid || ssid->macsec_policy == 0)
200		return 0;
201
202	if (ssid->macsec_policy == 1) {
203		if (ssid->macsec_integ_only == 1)
204			policy = SHOULD_SECURE;
205		else
206			policy = SHOULD_ENCRYPT;
207	} else {
208		policy = DO_NOT_SECURE;
209	}
210
211	kay_ctx = os_zalloc(sizeof(*kay_ctx));
212	if (!kay_ctx)
213		return -1;
214
215	kay_ctx->ctx = wpa_s;
216
217	kay_ctx->macsec_init = wpas_macsec_init;
218	kay_ctx->macsec_deinit = wpas_macsec_deinit;
219	kay_ctx->macsec_get_capability = wpas_macsec_get_capability;
220	kay_ctx->enable_protect_frames = wpas_enable_protect_frames;
221	kay_ctx->enable_encrypt = wpas_enable_encrypt;
222	kay_ctx->set_replay_protect = wpas_set_replay_protect;
223	kay_ctx->set_current_cipher_suite = wpas_set_current_cipher_suite;
224	kay_ctx->enable_controlled_port = wpas_enable_controlled_port;
225	kay_ctx->get_receive_lowest_pn = wpas_get_receive_lowest_pn;
226	kay_ctx->get_transmit_next_pn = wpas_get_transmit_next_pn;
227	kay_ctx->set_transmit_next_pn = wpas_set_transmit_next_pn;
228	kay_ctx->set_receive_lowest_pn = wpas_set_receive_lowest_pn;
229	kay_ctx->create_receive_sc = wpas_create_receive_sc;
230	kay_ctx->delete_receive_sc = wpas_delete_receive_sc;
231	kay_ctx->create_receive_sa = wpas_create_receive_sa;
232	kay_ctx->delete_receive_sa = wpas_delete_receive_sa;
233	kay_ctx->enable_receive_sa = wpas_enable_receive_sa;
234	kay_ctx->disable_receive_sa = wpas_disable_receive_sa;
235	kay_ctx->create_transmit_sc = wpas_create_transmit_sc;
236	kay_ctx->delete_transmit_sc = wpas_delete_transmit_sc;
237	kay_ctx->create_transmit_sa = wpas_create_transmit_sa;
238	kay_ctx->delete_transmit_sa = wpas_delete_transmit_sa;
239	kay_ctx->enable_transmit_sa = wpas_enable_transmit_sa;
240	kay_ctx->disable_transmit_sa = wpas_disable_transmit_sa;
241
242	res = ieee802_1x_kay_init(kay_ctx, policy, ssid->macsec_replay_protect,
243				  ssid->macsec_replay_window, ssid->macsec_port,
244				  ssid->mka_priority, wpa_s->ifname,
245				  wpa_s->own_addr);
246	/* ieee802_1x_kay_init() frees kay_ctx on failure */
247	if (res == NULL)
248		return -1;
249
250	wpa_s->kay = res;
251
252	return 0;
253}
254
255
256void ieee802_1x_dealloc_kay_sm(struct wpa_supplicant *wpa_s)
257{
258	if (!wpa_s->kay)
259		return;
260
261	ieee802_1x_kay_deinit(wpa_s->kay);
262	wpa_s->kay = NULL;
263}
264
265
266static int ieee802_1x_auth_get_session_id(struct wpa_supplicant *wpa_s,
267					  const u8 *addr, u8 *sid, size_t *len)
268{
269	const u8 *session_id;
270	size_t id_len, need_len;
271
272	session_id = eapol_sm_get_session_id(wpa_s->eapol, &id_len);
273	if (session_id == NULL) {
274		wpa_printf(MSG_DEBUG,
275			   "Failed to get SessionID from EAPOL state machines");
276		return -1;
277	}
278
279	need_len = 1 + 2 * 32 /* random size */;
280	if (need_len > id_len) {
281		wpa_printf(MSG_DEBUG, "EAP Session-Id not long enough");
282		return -1;
283	}
284
285	os_memcpy(sid, session_id, need_len);
286	*len = need_len;
287
288	return 0;
289}
290
291
292static int ieee802_1x_auth_get_msk(struct wpa_supplicant *wpa_s, const u8 *addr,
293				   u8 *msk, size_t *len)
294{
295	u8 key[EAP_MSK_LEN];
296	size_t keylen;
297	struct eapol_sm *sm;
298	int res;
299
300	sm = wpa_s->eapol;
301	if (sm == NULL)
302		return -1;
303
304	keylen = EAP_MSK_LEN;
305	res = eapol_sm_get_key(sm, key, keylen);
306	if (res) {
307		wpa_printf(MSG_DEBUG,
308			   "Failed to get MSK from EAPOL state machines");
309		return -1;
310	}
311
312	if (keylen > *len)
313		keylen = *len;
314	os_memcpy(msk, key, keylen);
315	*len = keylen;
316
317	return 0;
318}
319
320
321void * ieee802_1x_notify_create_actor(struct wpa_supplicant *wpa_s,
322				      const u8 *peer_addr)
323{
324	u8 *sid;
325	size_t sid_len = 128;
326	struct mka_key_name *ckn;
327	struct mka_key *cak;
328	struct mka_key *msk;
329	void *res = NULL;
330
331	if (!wpa_s->kay || wpa_s->kay->policy == DO_NOT_SECURE)
332		return NULL;
333
334	wpa_printf(MSG_DEBUG,
335		   "IEEE 802.1X: External notification - Create MKA for "
336		   MACSTR, MAC2STR(peer_addr));
337
338	msk = os_zalloc(sizeof(*msk));
339	sid = os_zalloc(sid_len);
340	ckn = os_zalloc(sizeof(*ckn));
341	cak = os_zalloc(sizeof(*cak));
342	if (!msk || !sid || !ckn || !cak)
343		goto fail;
344
345	msk->len = DEFAULT_KEY_LEN;
346	if (ieee802_1x_auth_get_msk(wpa_s, wpa_s->bssid, msk->key, &msk->len)) {
347		wpa_printf(MSG_ERROR, "IEEE 802.1X: Could not get MSK");
348		goto fail;
349	}
350
351	if (ieee802_1x_auth_get_session_id(wpa_s, wpa_s->bssid, sid, &sid_len))
352	{
353		wpa_printf(MSG_ERROR,
354			   "IEEE 802.1X: Could not get EAP Session Id");
355		goto fail;
356	}
357
358	/* Derive CAK from MSK */
359	cak->len = DEFAULT_KEY_LEN;
360	if (ieee802_1x_cak_aes_cmac(msk->key, msk->len, wpa_s->own_addr,
361				    peer_addr, cak->key, cak->len)) {
362		wpa_printf(MSG_ERROR,
363			   "IEEE 802.1X: Deriving CAK failed");
364		goto fail;
365	}
366	wpa_hexdump_key(MSG_DEBUG, "Derived CAK", cak->key, cak->len);
367
368	/* Derive CKN from MSK */
369	ckn->len = DEFAULT_CKN_LEN;
370	if (ieee802_1x_ckn_aes_cmac(msk->key, msk->len, wpa_s->own_addr,
371				    peer_addr, sid, sid_len, ckn->name)) {
372		wpa_printf(MSG_ERROR,
373			   "IEEE 802.1X: Deriving CKN failed");
374		goto fail;
375	}
376	wpa_hexdump(MSG_DEBUG, "Derived CKN", ckn->name, ckn->len);
377
378	res = ieee802_1x_kay_create_mka(wpa_s->kay, ckn, cak, 0,
379					EAP_EXCHANGE, FALSE);
380
381fail:
382	if (msk) {
383		os_memset(msk, 0, sizeof(*msk));
384		os_free(msk);
385	}
386	os_free(sid);
387	os_free(ckn);
388	if (cak) {
389		os_memset(cak, 0, sizeof(*cak));
390		os_free(cak);
391	}
392
393	return res;
394}
395
396
397void * ieee802_1x_create_preshared_mka(struct wpa_supplicant *wpa_s,
398				       struct wpa_ssid *ssid)
399{
400	struct mka_key *cak;
401	struct mka_key_name *ckn;
402	void *res = NULL;
403
404	if ((ssid->mka_psk_set & MKA_PSK_SET) != MKA_PSK_SET)
405		goto end;
406
407	ckn = os_zalloc(sizeof(*ckn));
408	if (!ckn)
409		goto end;
410
411	cak = os_zalloc(sizeof(*cak));
412	if (!cak)
413		goto free_ckn;
414
415	if (ieee802_1x_alloc_kay_sm(wpa_s, ssid) < 0 || !wpa_s->kay)
416		goto free_cak;
417
418	if (wpa_s->kay->policy == DO_NOT_SECURE)
419		goto dealloc;
420
421	cak->len = ssid->mka_cak_len;
422	os_memcpy(cak->key, ssid->mka_cak, cak->len);
423
424	ckn->len = ssid->mka_ckn_len;
425	os_memcpy(ckn->name, ssid->mka_ckn, ckn->len);
426
427	res = ieee802_1x_kay_create_mka(wpa_s->kay, ckn, cak, 0, PSK, FALSE);
428	if (res)
429		goto free_cak;
430
431dealloc:
432	/* Failed to create MKA */
433	ieee802_1x_dealloc_kay_sm(wpa_s);
434free_cak:
435	os_free(cak);
436free_ckn:
437	os_free(ckn);
438end:
439	return res;
440}
441