From f096bfd317aef4c66b16f2a57f0bf6b96e3f562c Mon Sep 17 00:00:00 2001
From: Jo-Philipp Wich <jo@mein.io>
Date: Sun, 22 Sep 2019 17:35:33 +0200
Subject: utils: support parsing SAE and OWE key management suites from IEs

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
---
 iwinfo_utils.c | 122 +++++++++++++++++++++++++++++++++++++++++----------------
 1 file changed, 88 insertions(+), 34 deletions(-)

(limited to 'iwinfo_utils.c')

diff --git a/iwinfo_utils.c b/iwinfo_utils.c
index 43e2eb7..b4f98a9 100644
--- a/iwinfo_utils.c
+++ b/iwinfo_utils.c
@@ -285,10 +285,50 @@ int iwinfo_hardware_id_from_mtd(struct iwinfo_hardware_id *id)
 	return (id->vendor_id && id->device_id) ? 0 : -1;
 }
 
+static void iwinfo_parse_rsn_cipher(uint8_t idx, uint8_t *ciphers)
+{
+	switch (idx)
+	{
+		case 0:
+			*ciphers |= IWINFO_CIPHER_NONE;
+			break;
+
+		case 1:
+			*ciphers |= IWINFO_CIPHER_WEP40;
+			break;
+
+		case 2:
+			*ciphers |= IWINFO_CIPHER_TKIP;
+			break;
+
+		case 3:  /* WRAP */
+			break;
+
+		case 4:
+			*ciphers |= IWINFO_CIPHER_CCMP;
+			break;
+
+		case 5:
+			*ciphers |= IWINFO_CIPHER_WEP104;
+			break;
+
+		case 6:  /* AES-128-CMAC */
+		case 7:  /* No group addressed */
+		case 8:  /* GCMP */
+		case 9:  /* GCMP-256 */
+		case 10: /* CCMP-256 */
+		case 11: /* BIP-GMAC-128 */
+		case 12: /* BIP-GMAC-256 */
+		case 13: /* BIP-CMAC-256 */
+			break;
+	}
+}
+
 void iwinfo_parse_rsn(struct iwinfo_crypto_entry *c, uint8_t *data, uint8_t len,
 					  uint8_t defcipher, uint8_t defauth)
 {
 	uint16_t i, count;
+	uint8_t wpa_version = 0;
 
 	static unsigned char ms_oui[3]        = { 0x00, 0x50, 0xf2 };
 	static unsigned char ieee80211_oui[3] = { 0x00, 0x0f, 0xac };
@@ -297,9 +337,9 @@ void iwinfo_parse_rsn(struct iwinfo_crypto_entry *c, uint8_t *data, uint8_t len,
 	len -= 2;
 
 	if (!memcmp(data, ms_oui, 3))
-		c->wpa_version += 1;
+		wpa_version |= 1;
 	else if (!memcmp(data, ieee80211_oui, 3))
-		c->wpa_version += 2;
+		wpa_version |= 2;
 
 	if (len < 4)
 	{
@@ -310,17 +350,7 @@ void iwinfo_parse_rsn(struct iwinfo_crypto_entry *c, uint8_t *data, uint8_t len,
 	}
 
 	if (!memcmp(data, ms_oui, 3) || !memcmp(data, ieee80211_oui, 3))
-	{
-		switch (data[3])
-		{
-			case 1: c->group_ciphers |= IWINFO_CIPHER_WEP40;  break;
-			case 2: c->group_ciphers |= IWINFO_CIPHER_TKIP;   break;
-			case 4: c->group_ciphers |= IWINFO_CIPHER_CCMP;   break;
-			case 5: c->group_ciphers |= IWINFO_CIPHER_WEP104; break;
-			case 6:  /* AES-128-CMAC */ break;
-			default: /* proprietary */  break;
-		}
-	}
+		iwinfo_parse_rsn_cipher(data[3], &c->group_ciphers);
 
 	data += 4;
 	len -= 4;
@@ -337,21 +367,9 @@ void iwinfo_parse_rsn(struct iwinfo_crypto_entry *c, uint8_t *data, uint8_t len,
 		return;
 
 	for (i = 0; i < count; i++)
-	{
 		if (!memcmp(data + 2 + (i * 4), ms_oui, 3) ||
-			!memcmp(data + 2 + (i * 4), ieee80211_oui, 3))
-		{
-			switch (data[2 + (i * 4) + 3])
-			{
-				case 1: c->pair_ciphers |= IWINFO_CIPHER_WEP40;  break;
-				case 2: c->pair_ciphers |= IWINFO_CIPHER_TKIP;   break;
-				case 4: c->pair_ciphers |= IWINFO_CIPHER_CCMP;   break;
-				case 5: c->pair_ciphers |= IWINFO_CIPHER_WEP104; break;
-				case 6:  /* AES-128-CMAC */ break;
-				default: /* proprietary */  break;
-			}
-		}
-	}
+		    !memcmp(data + 2 + (i * 4), ieee80211_oui, 3))
+			iwinfo_parse_rsn_cipher(data[2 + (i * 4) + 3], &c->pair_ciphers);
 
 	data += 2 + (count * 4);
 	len -= 2 + (count * 4);
@@ -373,13 +391,49 @@ void iwinfo_parse_rsn(struct iwinfo_crypto_entry *c, uint8_t *data, uint8_t len,
 		{
 			switch (data[2 + (i * 4) + 3])
 			{
-				case 1: c->auth_suites |= IWINFO_KMGMT_8021x; break;
-				case 2: c->auth_suites |= IWINFO_KMGMT_PSK;   break;
-				case 3:  /* FT/IEEE 802.1X */                 break;
-				case 4:  /* FT/PSK */                         break;
-				case 5:  /* IEEE 802.1X/SHA-256 */            break;
-				case 6:  /* PSK/SHA-256 */                    break;
-				default: /* proprietary */                    break;
+				case 1:  /* IEEE 802.1x */
+					c->wpa_version |= wpa_version;
+					c->auth_suites |= IWINFO_KMGMT_8021x;
+					break;
+
+				case 2:  /* PSK */
+					c->wpa_version |= wpa_version;
+					c->auth_suites |= IWINFO_KMGMT_PSK;
+					break;
+
+				case 3:  /* FT/IEEE 802.1X */
+				case 4:  /* FT/PSK */
+				case 5:  /* IEEE 802.1X/SHA-256 */
+				case 6:  /* PSK/SHA-256 */
+				case 7:  /* TPK Handshake */
+					break;
+
+				case 8:  /* SAE */
+					c->wpa_version |= 4;
+					c->auth_suites |= IWINFO_KMGMT_SAE;
+					break;
+
+				case 9:  /* FT/SAE */
+				case 10: /* undefined */
+					break;
+
+				case 11: /* 802.1x Suite-B */
+				case 12: /* 802.1x Suite-B-192 */
+					c->wpa_version |= 4;
+					c->auth_suites |= IWINFO_KMGMT_8021x;
+					break;
+
+				case 13: /* FT/802.1x SHA-384 */
+				case 14: /* FILS SHA-256 */
+				case 15: /* FILS SHA-384 */
+				case 16: /* FT/FILS SHA-256 */
+				case 17: /* FT/FILS SHA-384 */
+					break;
+
+				case 18: /* OWE */
+					c->wpa_version |= 4;
+					c->auth_suites |= IWINFO_KMGMT_OWE;
+					break;
 			}
 		}
 	}
-- 
cgit v1.2.1