LCOV - code coverage report
Current view: top level - src/wps - wps_attr_process.c (source / functions) Hit Total Coverage
Test: wpa_supplicant/hostapd combined for hwsim test run 1401264779 Lines: 90 120 75.0 %
Date: 2014-05-28 Functions: 12 12 100.0 %

          Line data    Source code
       1             : /*
       2             :  * Wi-Fi Protected Setup - attribute processing
       3             :  * Copyright (c) 2008, Jouni Malinen <j@w1.fi>
       4             :  *
       5             :  * This software may be distributed under the terms of the BSD license.
       6             :  * See README for more details.
       7             :  */
       8             : 
       9             : #include "includes.h"
      10             : 
      11             : #include "common.h"
      12             : #include "crypto/sha256.h"
      13             : #include "wps_i.h"
      14             : 
      15             : 
      16        1122 : int wps_process_authenticator(struct wps_data *wps, const u8 *authenticator,
      17             :                               const struct wpabuf *msg)
      18             : {
      19             :         u8 hash[SHA256_MAC_LEN];
      20             :         const u8 *addr[2];
      21             :         size_t len[2];
      22             : 
      23        1122 :         if (authenticator == NULL) {
      24           0 :                 wpa_printf(MSG_DEBUG, "WPS: No Authenticator attribute "
      25             :                            "included");
      26           0 :                 return -1;
      27             :         }
      28             : 
      29        1122 :         if (wps->last_msg == NULL) {
      30           0 :                 wpa_printf(MSG_DEBUG, "WPS: Last message not available for "
      31             :                            "validating authenticator");
      32           0 :                 return -1;
      33             :         }
      34             : 
      35             :         /* Authenticator = HMAC-SHA256_AuthKey(M_prev || M_curr*)
      36             :          * (M_curr* is M_curr without the Authenticator attribute)
      37             :          */
      38        1122 :         addr[0] = wpabuf_head(wps->last_msg);
      39        1122 :         len[0] = wpabuf_len(wps->last_msg);
      40        1122 :         addr[1] = wpabuf_head(msg);
      41        1122 :         len[1] = wpabuf_len(msg) - 4 - WPS_AUTHENTICATOR_LEN;
      42        1122 :         hmac_sha256_vector(wps->authkey, WPS_AUTHKEY_LEN, 2, addr, len, hash);
      43             : 
      44        1122 :         if (os_memcmp(hash, authenticator, WPS_AUTHENTICATOR_LEN) != 0) {
      45           0 :                 wpa_printf(MSG_DEBUG, "WPS: Incorrect Authenticator");
      46           0 :                 return -1;
      47             :         }
      48             : 
      49        1122 :         return 0;
      50             : }
      51             : 
      52             : 
      53         788 : int wps_process_key_wrap_auth(struct wps_data *wps, struct wpabuf *msg,
      54             :                               const u8 *key_wrap_auth)
      55             : {
      56             :         u8 hash[SHA256_MAC_LEN];
      57             :         const u8 *head;
      58             :         size_t len;
      59             : 
      60         788 :         if (key_wrap_auth == NULL) {
      61           0 :                 wpa_printf(MSG_DEBUG, "WPS: No KWA in decrypted attribute");
      62           0 :                 return -1;
      63             :         }
      64             : 
      65         788 :         head = wpabuf_head(msg);
      66         788 :         len = wpabuf_len(msg) - 4 - WPS_KWA_LEN;
      67         788 :         if (head + len != key_wrap_auth - 4) {
      68           0 :                 wpa_printf(MSG_DEBUG, "WPS: KWA not in the end of the "
      69             :                            "decrypted attribute");
      70           0 :                 return -1;
      71             :         }
      72             : 
      73         788 :         hmac_sha256(wps->authkey, WPS_AUTHKEY_LEN, head, len, hash);
      74         788 :         if (os_memcmp(hash, key_wrap_auth, WPS_KWA_LEN) != 0) {
      75           0 :                 wpa_printf(MSG_DEBUG, "WPS: Invalid KWA");
      76           0 :                 return -1;
      77             :         }
      78             : 
      79         788 :         return 0;
      80             : }
      81             : 
      82             : 
      83         150 : static int wps_process_cred_network_idx(struct wps_credential *cred,
      84             :                                         const u8 *idx)
      85             : {
      86         150 :         if (idx == NULL) {
      87           2 :                 wpa_printf(MSG_DEBUG, "WPS: Credential did not include "
      88             :                            "Network Index");
      89           2 :                 return -1;
      90             :         }
      91             : 
      92         148 :         wpa_printf(MSG_DEBUG, "WPS: Network Index: %d", *idx);
      93             : 
      94         148 :         return 0;
      95             : }
      96             : 
      97             : 
      98         180 : static int wps_process_cred_ssid(struct wps_credential *cred, const u8 *ssid,
      99             :                                  size_t ssid_len)
     100             : {
     101         180 :         if (ssid == NULL) {
     102           0 :                 wpa_printf(MSG_DEBUG, "WPS: Credential did not include SSID");
     103           0 :                 return -1;
     104             :         }
     105             : 
     106             :         /* Remove zero-padding since some Registrar implementations seem to use
     107             :          * hardcoded 32-octet length for this attribute */
     108         360 :         while (ssid_len > 0 && ssid[ssid_len - 1] == 0)
     109           0 :                 ssid_len--;
     110             : 
     111         180 :         wpa_hexdump_ascii(MSG_DEBUG, "WPS: SSID", ssid, ssid_len);
     112         180 :         if (ssid_len <= sizeof(cred->ssid)) {
     113         180 :                 os_memcpy(cred->ssid, ssid, ssid_len);
     114         180 :                 cred->ssid_len = ssid_len;
     115             :         }
     116             : 
     117         180 :         return 0;
     118             : }
     119             : 
     120             : 
     121         180 : static int wps_process_cred_auth_type(struct wps_credential *cred,
     122             :                                       const u8 *auth_type)
     123             : {
     124         180 :         if (auth_type == NULL) {
     125           0 :                 wpa_printf(MSG_DEBUG, "WPS: Credential did not include "
     126             :                            "Authentication Type");
     127           0 :                 return -1;
     128             :         }
     129             : 
     130         180 :         cred->auth_type = WPA_GET_BE16(auth_type);
     131         180 :         wpa_printf(MSG_DEBUG, "WPS: Authentication Type: 0x%x",
     132         180 :                    cred->auth_type);
     133             : 
     134         180 :         return 0;
     135             : }
     136             : 
     137             : 
     138         180 : static int wps_process_cred_encr_type(struct wps_credential *cred,
     139             :                                       const u8 *encr_type)
     140             : {
     141         180 :         if (encr_type == NULL) {
     142           0 :                 wpa_printf(MSG_DEBUG, "WPS: Credential did not include "
     143             :                            "Encryption Type");
     144           0 :                 return -1;
     145             :         }
     146             : 
     147         180 :         cred->encr_type = WPA_GET_BE16(encr_type);
     148         180 :         wpa_printf(MSG_DEBUG, "WPS: Encryption Type: 0x%x",
     149         180 :                    cred->encr_type);
     150             : 
     151         180 :         return 0;
     152             : }
     153             : 
     154             : 
     155         180 : static int wps_process_cred_network_key_idx(struct wps_credential *cred,
     156             :                                             const u8 *key_idx)
     157             : {
     158         180 :         if (key_idx == NULL)
     159         179 :                 return 0; /* optional attribute */
     160             : 
     161           1 :         wpa_printf(MSG_DEBUG, "WPS: Network Key Index: %d", *key_idx);
     162           1 :         cred->key_idx = *key_idx;
     163             : 
     164           1 :         return 0;
     165             : }
     166             : 
     167             : 
     168         180 : static int wps_process_cred_network_key(struct wps_credential *cred,
     169             :                                         const u8 *key, size_t key_len)
     170             : {
     171         180 :         if (key == NULL) {
     172           0 :                 wpa_printf(MSG_DEBUG, "WPS: Credential did not include "
     173             :                            "Network Key");
     174           0 :                 if (cred->auth_type == WPS_AUTH_OPEN &&
     175           0 :                     cred->encr_type == WPS_ENCR_NONE) {
     176           0 :                         wpa_printf(MSG_DEBUG, "WPS: Workaround - Allow "
     177             :                                    "missing mandatory Network Key attribute "
     178             :                                    "for open network");
     179           0 :                         return 0;
     180             :                 }
     181           0 :                 return -1;
     182             :         }
     183             : 
     184         180 :         wpa_hexdump_key(MSG_DEBUG, "WPS: Network Key", key, key_len);
     185         180 :         if (key_len <= sizeof(cred->key)) {
     186         180 :                 os_memcpy(cred->key, key, key_len);
     187         180 :                 cred->key_len = key_len;
     188             :         }
     189             : 
     190         180 :         return 0;
     191             : }
     192             : 
     193             : 
     194         180 : static int wps_process_cred_mac_addr(struct wps_credential *cred,
     195             :                                      const u8 *mac_addr)
     196             : {
     197         180 :         if (mac_addr == NULL) {
     198           0 :                 wpa_printf(MSG_DEBUG, "WPS: Credential did not include "
     199             :                            "MAC Address");
     200           0 :                 return -1;
     201             :         }
     202             : 
     203         180 :         wpa_printf(MSG_DEBUG, "WPS: MAC Address " MACSTR, MAC2STR(mac_addr));
     204         180 :         os_memcpy(cred->mac_addr, mac_addr, ETH_ALEN);
     205             : 
     206         180 :         return 0;
     207             : }
     208             : 
     209             : 
     210         180 : static int wps_workaround_cred_key(struct wps_credential *cred)
     211             : {
     212         351 :         if (cred->auth_type & (WPS_AUTH_WPAPSK | WPS_AUTH_WPA2PSK) &&
     213         322 :             cred->key_len > 8 && cred->key_len < 64 &&
     214          19 :             cred->key[cred->key_len - 1] == 0) {
     215             : #ifdef CONFIG_WPS_STRICT
     216             :                 wpa_printf(MSG_INFO, "WPS: WPA/WPA2-Personal passphrase uses "
     217             :                            "forbidden NULL termination");
     218             :                 wpa_hexdump_ascii_key(MSG_INFO, "WPS: Network Key",
     219             :                                       cred->key, cred->key_len);
     220             :                 return -1;
     221             : #else /* CONFIG_WPS_STRICT */
     222             :                 /*
     223             :                  * A deployed external registrar is known to encode ASCII
     224             :                  * passphrases incorrectly. Remove the extra NULL termination
     225             :                  * to fix the encoding.
     226             :                  */
     227           0 :                 wpa_printf(MSG_DEBUG, "WPS: Workaround - remove NULL "
     228             :                            "termination from ASCII passphrase");
     229           0 :                 cred->key_len--;
     230             : #endif /* CONFIG_WPS_STRICT */
     231             :         }
     232         180 :         return 0;
     233             : }
     234             : 
     235             : 
     236         150 : int wps_process_cred(struct wps_parse_attr *attr,
     237             :                      struct wps_credential *cred)
     238             : {
     239         150 :         wpa_printf(MSG_DEBUG, "WPS: Process Credential");
     240             : 
     241             :         /* TODO: support multiple Network Keys */
     242         298 :         if (wps_process_cred_network_idx(cred, attr->network_idx) ||
     243         296 :             wps_process_cred_ssid(cred, attr->ssid, attr->ssid_len) ||
     244         296 :             wps_process_cred_auth_type(cred, attr->auth_type) ||
     245         296 :             wps_process_cred_encr_type(cred, attr->encr_type) ||
     246         296 :             wps_process_cred_network_key_idx(cred, attr->network_key_idx) ||
     247         148 :             wps_process_cred_network_key(cred, attr->network_key,
     248         148 :                                          attr->network_key_len) ||
     249         148 :             wps_process_cred_mac_addr(cred, attr->mac_addr))
     250           2 :                 return -1;
     251             : 
     252         148 :         return wps_workaround_cred_key(cred);
     253             : }
     254             : 
     255             : 
     256          32 : int wps_process_ap_settings(struct wps_parse_attr *attr,
     257             :                             struct wps_credential *cred)
     258             : {
     259          32 :         wpa_printf(MSG_DEBUG, "WPS: Processing AP Settings");
     260          32 :         os_memset(cred, 0, sizeof(*cred));
     261             :         /* TODO: optional attributes New Password and Device Password ID */
     262          64 :         if (wps_process_cred_ssid(cred, attr->ssid, attr->ssid_len) ||
     263          64 :             wps_process_cred_auth_type(cred, attr->auth_type) ||
     264          64 :             wps_process_cred_encr_type(cred, attr->encr_type) ||
     265          64 :             wps_process_cred_network_key_idx(cred, attr->network_key_idx) ||
     266          32 :             wps_process_cred_network_key(cred, attr->network_key,
     267          32 :                                          attr->network_key_len) ||
     268          32 :             wps_process_cred_mac_addr(cred, attr->mac_addr))
     269           0 :                 return -1;
     270             : 
     271          32 :         return wps_workaround_cred_key(cred);
     272             : }

Generated by: LCOV version 1.10