jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
hostap/wpa_supplicant/ibss_rsn.c

921 lines
23 KiB
C
Raw Normal View History

Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
/*
* wpa_supplicant - IBSS RSN
IBSS RSN: Add IBSS-RSN-COMPLETED event message This new control interface event message is used to indicate when both 4-way handshakes have been completed with a new IBSS peer. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-08-25 22:09:22 +02:00
* Copyright (c) 2009-2013, Jouni Malinen <j@w1.fi>
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
*
Remove the GPL notification from files contributed by Jouni Malinen Remove the GPL notification text from the files that were initially contributed by myself. Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 15:46:35 +01:00
* This software may be distributed under the terms of the BSD license.
* See README for more details.
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
*/
#include "includes.h"
#include "common.h"
IBSS RSN: Add IBSS-RSN-COMPLETED event message This new control interface event message is used to indicate when both 4-way handshakes have been completed with a new IBSS peer. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-08-25 22:09:22 +02:00
#include "common/wpa_ctrl.h"
IBSS RSN: Add a timeout for Authentication frame exchange It is possible for the peer device not to support Authentication frame exchange even though this would be required functionality in the standard. Furthermore, either Authentication frame may be lost. To recover from cases where Authentication frame sequence 2 is not received, start EAPOL Authenticator from one second timeout. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-08-27 15:26:33 +02:00
#include "utils/eloop.h"
Implement EAPOL sending callbacks for IBSS RSN
2009-01-15 23:56:31 +01:00
#include "l2_packet/l2_packet.h"
Remove src/rsn_supp from default header path
2009-11-29 17:28:08 +01:00
#include "rsn_supp/wpa.h"
#include "rsn_supp/wpa_ie.h"
Get rid of unnecessary typedefs for enums.
2009-12-26 09:35:08 +01:00
#include "ap/wpa_auth.h"
Move generic AP functionality implementation into src/ap This code can be shared by both hostapd and wpa_supplicant and this is an initial step in getting the generic code moved to be under the src directories. Couple of generic files still remain under the hostapd directory due to direct dependencies to files there. Once the dependencies have been removed, they will also be moved to the src/ap directory to allow wpa_supplicant to be built without requiring anything from the hostapd directory.
2009-12-25 00:12:50 +01:00
#include "wpa_supplicant_i.h"
Fix IBSS RSN build
2009-11-29 17:31:16 +01:00
#include "driver_i.h"
IBSS RSN: Add peer restart detection To better support the IBSS/RSN mechanism, wpa_supplicant has to be able to detect a possible peer reboot and in this case it should start a new EAPOL handshake. To perform such reboot detection wpa_supplicant has to perform an Open Authentication by sending an Authentication frame and then replying to it. IF an Authentication frame is received when the key have already been exchanged, wpa_supplicant understands that the peer has rebooted and can reset its state machine. Whenever a new peer is added to the IBSS wpa_supplicant will start the Open Authentication and only after having accomplished it will start the key exchange. If the driver does not support Authentication frame exchange initiated from user space, this step is skipped to maintain previous behavior (just go through EAPOL-Key frame processing). The Open Authentication was partly supported by the Linux kernel but now wpa_supplicant can register for Authentication frames, handle it in userspace and so avoid any possible race condition. Signed-hostap: Nicolas Cavallari <cavallar@lri.fr> Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
2013-07-21 14:56:53 +02:00
#include "common/ieee802_11_defs.h"
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
#include "ibss_rsn.h"
IBSS RSN: Add a timeout for Authentication frame exchange It is possible for the peer device not to support Authentication frame exchange even though this would be required functionality in the standard. Furthermore, either Authentication frame may be lost. To recover from cases where Authentication frame sequence 2 is not received, start EAPOL Authenticator from one second timeout. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-08-27 15:26:33 +02:00
static void ibss_rsn_auth_timeout(void *eloop_ctx, void *timeout_ctx);
IBSS RSN: Provide ibss_rsn_get_peer() helper function This is a useful function that simplifies some code and can eventually be used somewhere else in future. Signed-hostap: Antonio Quartulli <ordex@autistici.org>
2012-01-29 11:23:27 +01:00
static struct ibss_rsn_peer * ibss_rsn_get_peer(struct ibss_rsn *ibss_rsn,
const u8 *addr)
{
struct ibss_rsn_peer *peer;
for (peer = ibss_rsn->peers; peer; peer = peer->next)
if (os_memcmp(addr, peer->addr, ETH_ALEN) == 0)
break;
return peer;
}
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
static void ibss_rsn_free(struct ibss_rsn_peer *peer)
{
IBSS RSN: Add a timeout for Authentication frame exchange It is possible for the peer device not to support Authentication frame exchange even though this would be required functionality in the standard. Furthermore, either Authentication frame may be lost. To recover from cases where Authentication frame sequence 2 is not received, start EAPOL Authenticator from one second timeout. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-08-27 15:26:33 +02:00
eloop_cancel_timeout(ibss_rsn_auth_timeout, peer, NULL);
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
wpa_auth_sta_deinit(peer->auth);
wpa_sm_deinit(peer->supp);
os_free(peer);
}
Get rid of unnecessary typedefs for enums.
2009-12-26 09:35:08 +01:00
static void supp_set_state(void *ctx, enum wpa_states state)
IBSS RSN: Added couple of required WPA supplicant callback functions
2009-01-17 16:31:21 +01:00
{
struct ibss_rsn_peer *peer = ctx;
peer->supp_state = state;
}
IBSS RSN: Add supp_get_state handler
2011-03-16 15:27:08 +01:00
static enum wpa_states supp_get_state(void *ctx)
{
struct ibss_rsn_peer *peer = ctx;
return peer->supp_state;
}
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
static int supp_ether_send(void *ctx, const u8 *dest, u16 proto, const u8 *buf,
size_t len)
{
Implement EAPOL sending callbacks for IBSS RSN
2009-01-15 23:56:31 +01:00
struct ibss_rsn_peer *peer = ctx;
struct wpa_supplicant *wpa_s = peer->ibss_rsn->wpa_s;
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
wpa_printf(MSG_DEBUG, "SUPP: %s(dest=" MACSTR " proto=0x%04x "
"len=%lu)",
__func__, MAC2STR(dest), proto, (unsigned long) len);
Implement EAPOL sending callbacks for IBSS RSN
2009-01-15 23:56:31 +01:00
if (wpa_s->l2)
return l2_packet_send(wpa_s->l2, dest, proto, buf, len);
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
Remove unused send_eapol() driver op The send_eapol() callback was used by driver_test.c, but with that removed, there is no remaining users of the alternative EAPOL frame transmitting mechanism in wpa_supplicant, i.e., all remaining driver interfaces use l2_packet instead. Remove the send_eapol() to get rid of unused code. Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-11 14:40:07 +01:00
return -1;
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
}
static u8 * supp_alloc_eapol(void *ctx, u8 type, const void *data,
u16 data_len, size_t *msg_len, void **data_pos)
{
struct ieee802_1x_hdr *hdr;
wpa_printf(MSG_DEBUG, "SUPP: %s(type=%d data_len=%d)",
__func__, type, data_len);
*msg_len = sizeof(*hdr) + data_len;
hdr = os_malloc(*msg_len);
if (hdr == NULL)
return NULL;
hdr->version = 2;
hdr->type = type;
hdr->length = host_to_be16(data_len);
if (data)
os_memcpy(hdr + 1, data, data_len);
else
os_memset(hdr + 1, 0, data_len);
if (data_pos)
*data_pos = hdr + 1;
return (u8 *) hdr;
}
static int supp_get_beacon_ie(void *ctx)
{
IBSS RSN: Set more hardcoded RSN IEs for now This allows 4-way handshakes to be completed successfully.
2009-01-17 16:39:57 +01:00
struct ibss_rsn_peer *peer = ctx;
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
wpa_printf(MSG_DEBUG, "SUPP: %s", __func__);
IBSS RSN: Set more hardcoded RSN IEs for now This allows 4-way handshakes to be completed successfully.
2009-01-17 16:39:57 +01:00
/* TODO: get correct RSN IE */
return wpa_sm_set_ap_rsn_ie(peer->supp,
(u8 *) "\x30\x14\x01\x00"
"\x00\x0f\xac\x04"
"\x01\x00\x00\x0f\xac\x04"
"\x01\x00\x00\x0f\xac\x02"
"\x00\x00", 22);
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
}
IBSS RSN: Add IBSS-RSN-COMPLETED event message This new control interface event message is used to indicate when both 4-way handshakes have been completed with a new IBSS peer. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-08-25 22:09:22 +02:00
static void ibss_check_rsn_completed(struct ibss_rsn_peer *peer)
{
struct wpa_supplicant *wpa_s = peer->ibss_rsn->wpa_s;
if ((peer->authentication_status &
(IBSS_RSN_SET_PTK_SUPP | IBSS_RSN_SET_PTK_AUTH)) !=
(IBSS_RSN_SET_PTK_SUPP | IBSS_RSN_SET_PTK_AUTH))
return;
if (peer->authentication_status & IBSS_RSN_REPORTED_PTK)
return;
peer->authentication_status |= IBSS_RSN_REPORTED_PTK;
wpa_msg(wpa_s, MSG_INFO, IBSS_RSN_COMPLETED MACSTR,
MAC2STR(peer->addr));
}
Get rid of unnecessary typedefs for enums.
2009-12-26 09:35:08 +01:00
static int supp_set_key(void *ctx, enum wpa_alg alg,
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
const u8 *addr, int key_idx, int set_tx,
const u8 *seq, size_t seq_len,
const u8 *key, size_t key_len)
{
IBSS RSN: Added key configuration
2009-01-17 17:14:41 +01:00
struct ibss_rsn_peer *peer = ctx;
IBSS RSN: Add more verbose debug info for key setup
2009-12-04 21:55:28 +01:00
wpa_printf(MSG_DEBUG, "SUPP: %s(alg=%d addr=" MACSTR " key_idx=%d "
"set_tx=%d)",
__func__, alg, MAC2STR(addr), key_idx, set_tx);
wpa_hexdump(MSG_DEBUG, "SUPP: set_key - seq", seq, seq_len);
wpa_hexdump_key(MSG_DEBUG, "SUPP: set_key - key", key, key_len);
IBSS RSN: Added key configuration
2009-01-17 17:14:41 +01:00
if (key_idx == 0) {
IBSS RSN: Add IBSS-RSN-COMPLETED event message This new control interface event message is used to indicate when both 4-way handshakes have been completed with a new IBSS peer. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-08-25 22:09:22 +02:00
peer->authentication_status |= IBSS_RSN_SET_PTK_SUPP;
ibss_check_rsn_completed(peer);
IBSS RSN: Added key configuration
2009-01-17 17:14:41 +01:00
/*
* In IBSS RSN, the pairwise key from the 4-way handshake
* initiated by the peer with highest MAC address is used.
*/
if (os_memcmp(peer->ibss_rsn->wpa_s->own_addr, peer->addr,
IBSS RSN: Add more verbose debug info for key setup
2009-12-04 21:55:28 +01:00
ETH_ALEN) > 0) {
wpa_printf(MSG_DEBUG, "SUPP: Do not use this PTK");
IBSS RSN: Added key configuration
2009-01-17 17:14:41 +01:00
return 0;
IBSS RSN: Add more verbose debug info for key setup
2009-12-04 21:55:28 +01:00
}
IBSS RSN: Added key configuration
2009-01-17 17:14:41 +01:00
}
IBSS RSN: peer->addr is an array so it cannot be NULL
2011-04-14 19:18:12 +02:00
if (is_broadcast_ether_addr(addr))
RSN IBSS: RX GTK configuration with nl80211 This add preliminary code for setting the per-STA RX GTK for RSN IBSS when nl80211 drivers. For some reason, this does not seem to fully work, but at least driver_nl80211.c is now aware of what kind of key is being set and the whatever is missing from making this key configuration go through should be specific to nl80211/cfg80211.
2010-12-05 05:31:22 +01:00
addr = peer->addr;
IBSS RSN: Added key configuration
2009-01-17 17:14:41 +01:00
return wpa_drv_set_key(peer->ibss_rsn->wpa_s, alg, addr, key_idx,
set_tx, seq, seq_len, key, key_len);
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
}
IBSS RSN: Added couple of required WPA supplicant callback functions
2009-01-17 16:31:21 +01:00
static void * supp_get_network_ctx(void *ctx)
{
struct ibss_rsn_peer *peer = ctx;
return wpa_supplicant_get_ssid(peer->ibss_rsn->wpa_s);
}
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
static int supp_mlme_setprotection(void *ctx, const u8 *addr,
int protection_type, int key_type)
{
wpa_printf(MSG_DEBUG, "SUPP: %s(addr=" MACSTR " protection_type=%d "
"key_type=%d)",
__func__, MAC2STR(addr), protection_type, key_type);
return 0;
}
static void supp_cancel_auth_timeout(void *ctx)
{
wpa_printf(MSG_DEBUG, "SUPP: %s", __func__);
}
RSN IBSS: RX GTK configuration with nl80211 This add preliminary code for setting the per-STA RX GTK for RSN IBSS when nl80211 drivers. For some reason, this does not seem to fully work, but at least driver_nl80211.c is now aware of what kind of key is being set and the whatever is missing from making this key configuration go through should be specific to nl80211/cfg80211.
2010-12-05 05:31:22 +01:00
static void supp_deauthenticate(void * ctx, int reason_code)
{
wpa_printf(MSG_DEBUG, "SUPP: %s (TODO)", __func__);
}
Mark local functions static These functions are not used outside the file in which they are defined. Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-18 20:53:36 +01:00
static int ibss_rsn_supp_init(struct ibss_rsn_peer *peer, const u8 *own_addr,
const u8 *psk)
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
{
struct wpa_sm_ctx *ctx = os_zalloc(sizeof(*ctx));
if (ctx == NULL)
return -1;
ctx->ctx = peer;
Added a separate ctx pointer for wpa_msg() calls in WPA supp This is needed to allow IBSS RSN to use per-peer context while maintaining support for wpa_msg() calls to get *wpa_s as the pointer.
2009-01-17 16:54:40 +01:00
ctx->msg_ctx = peer->ibss_rsn->wpa_s;
IBSS RSN: Added couple of required WPA supplicant callback functions
2009-01-17 16:31:21 +01:00
ctx->set_state = supp_set_state;
IBSS RSN: Add supp_get_state handler
2011-03-16 15:27:08 +01:00
ctx->get_state = supp_get_state;
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
ctx->ether_send = supp_ether_send;
ctx->get_beacon_ie = supp_get_beacon_ie;
ctx->alloc_eapol = supp_alloc_eapol;
ctx->set_key = supp_set_key;
IBSS RSN: Added couple of required WPA supplicant callback functions
2009-01-17 16:31:21 +01:00
ctx->get_network_ctx = supp_get_network_ctx;
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
ctx->mlme_setprotection = supp_mlme_setprotection;
ctx->cancel_auth_timeout = supp_cancel_auth_timeout;
RSN IBSS: RX GTK configuration with nl80211 This add preliminary code for setting the per-STA RX GTK for RSN IBSS when nl80211 drivers. For some reason, this does not seem to fully work, but at least driver_nl80211.c is now aware of what kind of key is being set and the whatever is missing from making this key configuration go through should be specific to nl80211/cfg80211.
2010-12-05 05:31:22 +01:00
ctx->deauthenticate = supp_deauthenticate;
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
peer->supp = wpa_sm_init(ctx);
if (peer->supp == NULL) {
wpa_printf(MSG_DEBUG, "SUPP: wpa_sm_init() failed");
return -1;
}
wpa_sm_set_own_addr(peer->supp, own_addr);
wpa_sm_set_param(peer->supp, WPA_PARAM_RSN_ENABLED, 1);
wpa_sm_set_param(peer->supp, WPA_PARAM_PROTO, WPA_PROTO_RSN);
wpa_sm_set_param(peer->supp, WPA_PARAM_PAIRWISE, WPA_CIPHER_CCMP);
wpa_sm_set_param(peer->supp, WPA_PARAM_GROUP, WPA_CIPHER_CCMP);
wpa_sm_set_param(peer->supp, WPA_PARAM_KEY_MGMT, WPA_KEY_MGMT_PSK);
SAE: Fix PMKID calculation for PMKSA cache The SAE PMKID is calculated with IEEE Std 802.11-2012 11.3.5.4, but the PMKID was re-calculated with 11.6.1.3 and saved into PMKSA cache. Fix this to save the PMKID calculated with 11.3.5.4 into the PMKSA cache. Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-02-15 03:23:37 +01:00
wpa_sm_set_pmk(peer->supp, psk, PMK_LEN, NULL, NULL);
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
peer->supp_ie_len = sizeof(peer->supp_ie);
if (wpa_sm_set_assoc_wpa_ie_default(peer->supp, peer->supp_ie,
&peer->supp_ie_len) < 0) {
wpa_printf(MSG_DEBUG, "SUPP: wpa_sm_set_assoc_wpa_ie_default()"
" failed");
return -1;
}
wpa_sm_notify_assoc(peer->supp, peer->addr);
return 0;
}
static void auth_logger(void *ctx, const u8 *addr, logger_level level,
const char *txt)
{
if (addr)
wpa_printf(MSG_DEBUG, "AUTH: " MACSTR " - %s",
MAC2STR(addr), txt);
else
wpa_printf(MSG_DEBUG, "AUTH: %s", txt);
}
P2P: Select PSK based on Device Address instead of Interface Address When using per-device PSKs, select the PSK based on the P2P Device Address of the connecting client if that client is a P2P Device. This allows the P2P Interface Address to be changed between P2P group connections which may happen especially when using persistent groups. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-01 10:30:26 +02:00
static const u8 * auth_get_psk(void *ctx, const u8 *addr,
const u8 *p2p_dev_addr, const u8 *prev_psk)
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
{
struct ibss_rsn *ibss_rsn = ctx;
wpa_printf(MSG_DEBUG, "AUTH: %s (addr=" MACSTR " prev_psk=%p)",
__func__, MAC2STR(addr), prev_psk);
if (prev_psk)
return NULL;
return ibss_rsn->psk;
}
static int auth_send_eapol(void *ctx, const u8 *addr, const u8 *data,
size_t data_len, int encrypt)
{
Fixed auth_send_eapol() to use correct ctx structure
2009-01-16 00:18:11 +01:00
struct ibss_rsn *ibss_rsn = ctx;
struct wpa_supplicant *wpa_s = ibss_rsn->wpa_s;
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
wpa_printf(MSG_DEBUG, "AUTH: %s(addr=" MACSTR " data_len=%lu "
"encrypt=%d)",
__func__, MAC2STR(addr), (unsigned long) data_len, encrypt);
Implement EAPOL sending callbacks for IBSS RSN
2009-01-15 23:56:31 +01:00
if (wpa_s->l2)
return l2_packet_send(wpa_s->l2, addr, ETH_P_EAPOL, data,
data_len);
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
Remove unused send_eapol() driver op The send_eapol() callback was used by driver_test.c, but with that removed, there is no remaining users of the alternative EAPOL frame transmitting mechanism in wpa_supplicant, i.e., all remaining driver interfaces use l2_packet instead. Remove the send_eapol() to get rid of unused code. Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-11 14:40:07 +01:00
return -1;
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
}
Get rid of unnecessary typedefs for enums.
2009-12-26 09:35:08 +01:00
static int auth_set_key(void *ctx, int vlan_id, enum wpa_alg alg,
const u8 *addr, int idx, u8 *key, size_t key_len)
IBSS RSN: Added key configuration
2009-01-17 17:14:41 +01:00
{
struct ibss_rsn *ibss_rsn = ctx;
u8 seq[6];
os_memset(seq, 0, sizeof(seq));
IBSS RSN: Add more verbose debug info for key setup
2009-12-04 21:55:28 +01:00
if (addr) {
wpa_printf(MSG_DEBUG, "AUTH: %s(alg=%d addr=" MACSTR
" key_idx=%d)",
__func__, alg, MAC2STR(addr), idx);
} else {
wpa_printf(MSG_DEBUG, "AUTH: %s(alg=%d key_idx=%d)",
__func__, alg, idx);
}
wpa_hexdump_key(MSG_DEBUG, "AUTH: set_key - key", key, key_len);
IBSS RSN: Added key configuration
2009-01-17 17:14:41 +01:00
if (idx == 0) {
IBSS RSN: Add IBSS-RSN-COMPLETED event message This new control interface event message is used to indicate when both 4-way handshakes have been completed with a new IBSS peer. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-08-25 22:09:22 +02:00
if (addr) {
struct ibss_rsn_peer *peer;
peer = ibss_rsn_get_peer(ibss_rsn, addr);
if (peer) {
peer->authentication_status |=
IBSS_RSN_SET_PTK_AUTH;
ibss_check_rsn_completed(peer);
}
}
IBSS RSN: Added key configuration
2009-01-17 17:14:41 +01:00
/*
* In IBSS RSN, the pairwise key from the 4-way handshake
* initiated by the peer with highest MAC address is used.
*/
IBSS RSN: Explicitly check addr != NULL before passing it to memcmp idx == 0 should be enough to make sure that the addr is set, but verify that this is indeed the case to avoid any potential issues if auth_set_key() gets called incorrectly.
2010-01-10 20:53:17 +01:00
if (addr == NULL ||
os_memcmp(ibss_rsn->wpa_s->own_addr, addr, ETH_ALEN) < 0) {
IBSS RSN: Add more verbose debug info for key setup
2009-12-04 21:55:28 +01:00
wpa_printf(MSG_DEBUG, "AUTH: Do not use this PTK");
IBSS RSN: Added key configuration
2009-01-17 17:14:41 +01:00
return 0;
IBSS RSN: Add more verbose debug info for key setup
2009-12-04 21:55:28 +01:00
}
IBSS RSN: Added key configuration
2009-01-17 17:14:41 +01:00
}
return wpa_drv_set_key(ibss_rsn->wpa_s, alg, addr, idx,
1, seq, 6, key, key_len);
}
IBSS RSN: Implement disconnect() callback using sta_deauth() This allows driver wrappers to implement disconnection of IBSS peers in cases operations, e.g., GTK update, fail. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-06-07 12:07:17 +02:00
static void ibss_rsn_disconnect(void *ctx, const u8 *addr, u16 reason)
{
struct ibss_rsn *ibss_rsn = ctx;
wpa_drv_sta_deauth(ibss_rsn->wpa_s, addr, reason);
}
IBSS RSN: Add for_each_sta handler for authenticator
2011-03-16 15:28:32 +01:00
static int auth_for_each_sta(void *ctx, int (*cb)(struct wpa_state_machine *sm,
void *ctx),
void *cb_ctx)
{
struct ibss_rsn *ibss_rsn = ctx;
struct ibss_rsn_peer *peer;
wpa_printf(MSG_DEBUG, "AUTH: for_each_sta");
for (peer = ibss_rsn->peers; peer; peer = peer->next) {
if (peer->auth && cb(peer->auth, cb_ctx))
return 1;
}
return 0;
}
IBSS RSN: Support authorization In IBSS RSN cfg80211/mac80211 now waits for userspace to authorize new stations. This patch makes wpa_supplicant notify the driver when a station can be considered authorized. Signed-hostap: Antonio Quartulli <ordex@autistici.org>
2012-02-12 17:08:34 +01:00
static void ibss_set_sta_authorized(struct ibss_rsn *ibss_rsn,
struct ibss_rsn_peer *peer, int authorized)
{
int res;
if (authorized) {
res = wpa_drv_sta_set_flags(ibss_rsn->wpa_s, peer->addr,
WPA_STA_AUTHORIZED,
WPA_STA_AUTHORIZED, ~0);
wpa_printf(MSG_DEBUG, "AUTH: " MACSTR " authorizing port",
MAC2STR(peer->addr));
} else {
res = wpa_drv_sta_set_flags(ibss_rsn->wpa_s, peer->addr,
0, 0, ~WPA_STA_AUTHORIZED);
wpa_printf(MSG_DEBUG, "AUTH: " MACSTR " unauthorizing port",
MAC2STR(peer->addr));
}
if (res && errno != ENOENT) {
wpa_printf(MSG_DEBUG, "Could not set station " MACSTR " flags "
"for kernel driver (errno=%d)",
MAC2STR(peer->addr), errno);
}
}
static void auth_set_eapol(void *ctx, const u8 *addr,
wpa_eapol_variable var, int value)
{
struct ibss_rsn *ibss_rsn = ctx;
struct ibss_rsn_peer *peer = ibss_rsn_get_peer(ibss_rsn, addr);
if (peer == NULL)
return;
switch (var) {
case WPA_EAPOL_authorized:
ibss_set_sta_authorized(ibss_rsn, peer, value);
break;
default:
/* do not handle any other event */
wpa_printf(MSG_DEBUG, "AUTH: eapol event not handled %d", var);
break;
}
}
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
static int ibss_rsn_auth_init_group(struct ibss_rsn *ibss_rsn,
const u8 *own_addr)
{
struct wpa_auth_config conf;
struct wpa_auth_callbacks cb;
wpa_printf(MSG_DEBUG, "AUTH: Initializing group state machine");
os_memset(&conf, 0, sizeof(conf));
conf.wpa = 2;
conf.wpa_key_mgmt = WPA_KEY_MGMT_PSK;
conf.wpa_pairwise = WPA_CIPHER_CCMP;
conf.rsn_pairwise = WPA_CIPHER_CCMP;
conf.wpa_group = WPA_CIPHER_CCMP;
conf.eapol_version = 2;
IBSS RSN: Enable group rekeying every 10 minutes
2011-03-16 15:28:56 +01:00
conf.wpa_group_rekey = 600;
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
os_memset(&cb, 0, sizeof(cb));
cb.ctx = ibss_rsn;
cb.logger = auth_logger;
IBSS RSN: Support authorization In IBSS RSN cfg80211/mac80211 now waits for userspace to authorize new stations. This patch makes wpa_supplicant notify the driver when a station can be considered authorized. Signed-hostap: Antonio Quartulli <ordex@autistici.org>
2012-02-12 17:08:34 +01:00
cb.set_eapol = auth_set_eapol;
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
cb.send_eapol = auth_send_eapol;
cb.get_psk = auth_get_psk;
IBSS RSN: Added key configuration
2009-01-17 17:14:41 +01:00
cb.set_key = auth_set_key;
IBSS RSN: Add for_each_sta handler for authenticator
2011-03-16 15:28:32 +01:00
cb.for_each_sta = auth_for_each_sta;
IBSS RSN: Implement disconnect() callback using sta_deauth() This allows driver wrappers to implement disconnection of IBSS peers in cases operations, e.g., GTK update, fail. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-06-07 12:07:17 +02:00
cb.disconnect = ibss_rsn_disconnect;
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
ibss_rsn->auth_group = wpa_init(own_addr, &conf, &cb);
if (ibss_rsn->auth_group == NULL) {
wpa_printf(MSG_DEBUG, "AUTH: wpa_init() failed");
return -1;
}
IBSS: fix RSN key initialisation Antonio reported that RSN IBSS failed to work. We traced it down to a GTK failure, and he then bisected it to commit bdffdc5ddb0c838af4c90d11: "AP: Reorder WPA/Beacon initialization". The reason this commit broke it is that the state machine's GInit variable is never set to false as wpa_init_keys() never gets called, and thus new keys are generated every time the state machine executes. Fix this by calling wpa_init_keys() when the new group has been initialised. Reported-by: Antonio Quartulli <ordex@autistici.org> Tested-by: Antonio Quartulli <ordex@autistici.org> Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2011-12-11 18:57:50 +01:00
wpa_init_keys(ibss_rsn->auth_group);
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
return 0;
}
static int ibss_rsn_auth_init(struct ibss_rsn *ibss_rsn,
struct ibss_rsn_peer *peer)
{
P2P: Make peer's P2P Device Address available to authenticator This can be used to implement per-device PSK selection based on the peer's P2P Device Address instead of P2P Interface Address. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-01 10:05:19 +02:00
peer->auth = wpa_auth_sta_init(ibss_rsn->auth_group, peer->addr, NULL);
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
if (peer->auth == NULL) {
wpa_printf(MSG_DEBUG, "AUTH: wpa_auth_sta_init() failed");
return -1;
}
Use a hardcoded RSN IE for testing to start Authenticator This needs to be replaced with proper RSN IE from the peer STA (e.g., from Probe Response).
2009-01-16 00:11:50 +01:00
/* TODO: get peer RSN IE with Probe Request */
if (wpa_validate_wpa_ie(ibss_rsn->auth_group, peer->auth,
IBSS RSN: Set more hardcoded RSN IEs for now This allows 4-way handshakes to be completed successfully.
2009-01-17 16:39:57 +01:00
(u8 *) "\x30\x14\x01\x00"
Use a hardcoded RSN IE for testing to start Authenticator This needs to be replaced with proper RSN IE from the peer STA (e.g., from Probe Response).
2009-01-16 00:11:50 +01:00
"\x00\x0f\xac\x04"
"\x01\x00\x00\x0f\xac\x04"
IBSS RSN: Set more hardcoded RSN IEs for now This allows 4-way handshakes to be completed successfully.
2009-01-17 16:39:57 +01:00
"\x01\x00\x00\x0f\xac\x02"
"\x00\x00", 22, NULL, 0) !=
Use a hardcoded RSN IE for testing to start Authenticator This needs to be replaced with proper RSN IE from the peer STA (e.g., from Probe Response).
2009-01-16 00:11:50 +01:00
WPA_IE_OK) {
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
wpa_printf(MSG_DEBUG, "AUTH: wpa_validate_wpa_ie() failed");
return -1;
}
IBSS RSN: Check explicitly that WPA auth sm assoc call succeeded Verify that association processing did not end up freeing the state machine. This should not really happen in practice, but better verify it anyway.
2010-01-10 20:45:44 +01:00
if (wpa_auth_sm_event(peer->auth, WPA_ASSOC))
return -1;
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
IBSS RSN: Check explicitly that WPA auth sm assoc call succeeded Verify that association processing did not end up freeing the state machine. This should not really happen in practice, but better verify it anyway.
2010-01-10 20:45:44 +01:00
if (wpa_auth_sta_associated(ibss_rsn->auth_group, peer->auth))
return -1;
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
return 0;
}
IBSS RSN: Add peer restart detection To better support the IBSS/RSN mechanism, wpa_supplicant has to be able to detect a possible peer reboot and in this case it should start a new EAPOL handshake. To perform such reboot detection wpa_supplicant has to perform an Open Authentication by sending an Authentication frame and then replying to it. IF an Authentication frame is received when the key have already been exchanged, wpa_supplicant understands that the peer has rebooted and can reset its state machine. Whenever a new peer is added to the IBSS wpa_supplicant will start the Open Authentication and only after having accomplished it will start the key exchange. If the driver does not support Authentication frame exchange initiated from user space, this step is skipped to maintain previous behavior (just go through EAPOL-Key frame processing). The Open Authentication was partly supported by the Linux kernel but now wpa_supplicant can register for Authentication frames, handle it in userspace and so avoid any possible race condition. Signed-hostap: Nicolas Cavallari <cavallar@lri.fr> Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
2013-07-21 14:56:53 +02:00
static int ibss_rsn_send_auth(struct ibss_rsn *ibss_rsn, const u8 *da, int seq)
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
{
IBSS RSN: Add peer restart detection To better support the IBSS/RSN mechanism, wpa_supplicant has to be able to detect a possible peer reboot and in this case it should start a new EAPOL handshake. To perform such reboot detection wpa_supplicant has to perform an Open Authentication by sending an Authentication frame and then replying to it. IF an Authentication frame is received when the key have already been exchanged, wpa_supplicant understands that the peer has rebooted and can reset its state machine. Whenever a new peer is added to the IBSS wpa_supplicant will start the Open Authentication and only after having accomplished it will start the key exchange. If the driver does not support Authentication frame exchange initiated from user space, this step is skipped to maintain previous behavior (just go through EAPOL-Key frame processing). The Open Authentication was partly supported by the Linux kernel but now wpa_supplicant can register for Authentication frames, handle it in userspace and so avoid any possible race condition. Signed-hostap: Nicolas Cavallari <cavallar@lri.fr> Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
2013-07-21 14:56:53 +02:00
struct ieee80211_mgmt auth;
const size_t auth_length = IEEE80211_HDRLEN + sizeof(auth.u.auth);
struct wpa_supplicant *wpa_s = ibss_rsn->wpa_s;
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
IBSS RSN: Add peer restart detection To better support the IBSS/RSN mechanism, wpa_supplicant has to be able to detect a possible peer reboot and in this case it should start a new EAPOL handshake. To perform such reboot detection wpa_supplicant has to perform an Open Authentication by sending an Authentication frame and then replying to it. IF an Authentication frame is received when the key have already been exchanged, wpa_supplicant understands that the peer has rebooted and can reset its state machine. Whenever a new peer is added to the IBSS wpa_supplicant will start the Open Authentication and only after having accomplished it will start the key exchange. If the driver does not support Authentication frame exchange initiated from user space, this step is skipped to maintain previous behavior (just go through EAPOL-Key frame processing). The Open Authentication was partly supported by the Linux kernel but now wpa_supplicant can register for Authentication frames, handle it in userspace and so avoid any possible race condition. Signed-hostap: Nicolas Cavallari <cavallar@lri.fr> Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
2013-07-21 14:56:53 +02:00
if (wpa_s->driver->send_frame == NULL)
RSN IBSS: Restart IBSS state machines for each new IBSS Change the old design of running a single long living RSN IBSS instance to keep a separate instance for each IBSS connection. This fixes number of issues in getting keys set properly for new connections and is in general quite a bit more correct design.
2011-03-23 20:15:46 +01:00
return -1;
IBSS RSN: Add peer restart detection To better support the IBSS/RSN mechanism, wpa_supplicant has to be able to detect a possible peer reboot and in this case it should start a new EAPOL handshake. To perform such reboot detection wpa_supplicant has to perform an Open Authentication by sending an Authentication frame and then replying to it. IF an Authentication frame is received when the key have already been exchanged, wpa_supplicant understands that the peer has rebooted and can reset its state machine. Whenever a new peer is added to the IBSS wpa_supplicant will start the Open Authentication and only after having accomplished it will start the key exchange. If the driver does not support Authentication frame exchange initiated from user space, this step is skipped to maintain previous behavior (just go through EAPOL-Key frame processing). The Open Authentication was partly supported by the Linux kernel but now wpa_supplicant can register for Authentication frames, handle it in userspace and so avoid any possible race condition. Signed-hostap: Nicolas Cavallari <cavallar@lri.fr> Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
2013-07-21 14:56:53 +02:00
os_memset(&auth, 0, sizeof(auth));
auth.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
WLAN_FC_STYPE_AUTH);
os_memcpy(auth.da, da, ETH_ALEN);
os_memcpy(auth.sa, wpa_s->own_addr, ETH_ALEN);
os_memcpy(auth.bssid, wpa_s->bssid, ETH_ALEN);
auth.u.auth.auth_alg = host_to_le16(WLAN_AUTH_OPEN);
auth.u.auth.auth_transaction = host_to_le16(seq);
auth.u.auth.status_code = host_to_le16(WLAN_STATUS_SUCCESS);
wpa_printf(MSG_DEBUG, "RSN: IBSS TX Auth frame (SEQ %d) to " MACSTR,
seq, MAC2STR(da));
return wpa_s->driver->send_frame(wpa_s->drv_priv, (u8 *) &auth,
auth_length, 0);
}
static int ibss_rsn_is_auth_started(struct ibss_rsn_peer * peer)
{
return peer->authentication_status &
(IBSS_RSN_AUTH_BY_US | IBSS_RSN_AUTH_EAPOL_BY_US);
}
static struct ibss_rsn_peer *
ibss_rsn_peer_init(struct ibss_rsn *ibss_rsn, const u8 *addr)
{
struct ibss_rsn_peer *peer;
if (ibss_rsn == NULL)
return NULL;
peer = ibss_rsn_get_peer(ibss_rsn, addr);
if (peer) {
wpa_printf(MSG_DEBUG, "RSN: IBSS Supplicant for peer "MACSTR
" already running", MAC2STR(addr));
return peer;
IBSS RSN: Do not start multiple Auth/Supp for same peer This avoids an issue when a received EAPOL-Key frame from a peer is initiating IBSS RSN Authenticator and Supplicant for the peer and the following new-STA-in-IBSS event from the driver is adding yet another instance of Authenticator/Supplicant. The EAPOL-Key RX case was already checking whether an instance had been started; the driver new-STA event needs to do same.
2011-01-15 15:55:15 +01:00
}
IBSS RSN: Add peer restart detection To better support the IBSS/RSN mechanism, wpa_supplicant has to be able to detect a possible peer reboot and in this case it should start a new EAPOL handshake. To perform such reboot detection wpa_supplicant has to perform an Open Authentication by sending an Authentication frame and then replying to it. IF an Authentication frame is received when the key have already been exchanged, wpa_supplicant understands that the peer has rebooted and can reset its state machine. Whenever a new peer is added to the IBSS wpa_supplicant will start the Open Authentication and only after having accomplished it will start the key exchange. If the driver does not support Authentication frame exchange initiated from user space, this step is skipped to maintain previous behavior (just go through EAPOL-Key frame processing). The Open Authentication was partly supported by the Linux kernel but now wpa_supplicant can register for Authentication frames, handle it in userspace and so avoid any possible race condition. Signed-hostap: Nicolas Cavallari <cavallar@lri.fr> Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
2013-07-21 14:56:53 +02:00
wpa_printf(MSG_DEBUG, "RSN: Starting IBSS Supplicant for peer "MACSTR,
MAC2STR(addr));
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
peer = os_zalloc(sizeof(*peer));
IBSS RSN: Add peer restart detection To better support the IBSS/RSN mechanism, wpa_supplicant has to be able to detect a possible peer reboot and in this case it should start a new EAPOL handshake. To perform such reboot detection wpa_supplicant has to perform an Open Authentication by sending an Authentication frame and then replying to it. IF an Authentication frame is received when the key have already been exchanged, wpa_supplicant understands that the peer has rebooted and can reset its state machine. Whenever a new peer is added to the IBSS wpa_supplicant will start the Open Authentication and only after having accomplished it will start the key exchange. If the driver does not support Authentication frame exchange initiated from user space, this step is skipped to maintain previous behavior (just go through EAPOL-Key frame processing). The Open Authentication was partly supported by the Linux kernel but now wpa_supplicant can register for Authentication frames, handle it in userspace and so avoid any possible race condition. Signed-hostap: Nicolas Cavallari <cavallar@lri.fr> Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
2013-07-21 14:56:53 +02:00
if (peer == NULL) {
wpa_printf(MSG_DEBUG, "RSN: Could not allocate memory.");
return NULL;
}
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
Implement EAPOL sending callbacks for IBSS RSN
2009-01-15 23:56:31 +01:00
peer->ibss_rsn = ibss_rsn;
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
os_memcpy(peer->addr, addr, ETH_ALEN);
IBSS RSN: Add peer restart detection To better support the IBSS/RSN mechanism, wpa_supplicant has to be able to detect a possible peer reboot and in this case it should start a new EAPOL handshake. To perform such reboot detection wpa_supplicant has to perform an Open Authentication by sending an Authentication frame and then replying to it. IF an Authentication frame is received when the key have already been exchanged, wpa_supplicant understands that the peer has rebooted and can reset its state machine. Whenever a new peer is added to the IBSS wpa_supplicant will start the Open Authentication and only after having accomplished it will start the key exchange. If the driver does not support Authentication frame exchange initiated from user space, this step is skipped to maintain previous behavior (just go through EAPOL-Key frame processing). The Open Authentication was partly supported by the Linux kernel but now wpa_supplicant can register for Authentication frames, handle it in userspace and so avoid any possible race condition. Signed-hostap: Nicolas Cavallari <cavallar@lri.fr> Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
2013-07-21 14:56:53 +02:00
peer->authentication_status = IBSS_RSN_AUTH_NOT_AUTHENTICATED;
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
IBSS RSN: Add peer restart detection To better support the IBSS/RSN mechanism, wpa_supplicant has to be able to detect a possible peer reboot and in this case it should start a new EAPOL handshake. To perform such reboot detection wpa_supplicant has to perform an Open Authentication by sending an Authentication frame and then replying to it. IF an Authentication frame is received when the key have already been exchanged, wpa_supplicant understands that the peer has rebooted and can reset its state machine. Whenever a new peer is added to the IBSS wpa_supplicant will start the Open Authentication and only after having accomplished it will start the key exchange. If the driver does not support Authentication frame exchange initiated from user space, this step is skipped to maintain previous behavior (just go through EAPOL-Key frame processing). The Open Authentication was partly supported by the Linux kernel but now wpa_supplicant can register for Authentication frames, handle it in userspace and so avoid any possible race condition. Signed-hostap: Nicolas Cavallari <cavallar@lri.fr> Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
2013-07-21 14:56:53 +02:00
if (ibss_rsn_supp_init(peer, ibss_rsn->wpa_s->own_addr,
ibss_rsn->psk) < 0) {
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
ibss_rsn_free(peer);
IBSS RSN: Add peer restart detection To better support the IBSS/RSN mechanism, wpa_supplicant has to be able to detect a possible peer reboot and in this case it should start a new EAPOL handshake. To perform such reboot detection wpa_supplicant has to perform an Open Authentication by sending an Authentication frame and then replying to it. IF an Authentication frame is received when the key have already been exchanged, wpa_supplicant understands that the peer has rebooted and can reset its state machine. Whenever a new peer is added to the IBSS wpa_supplicant will start the Open Authentication and only after having accomplished it will start the key exchange. If the driver does not support Authentication frame exchange initiated from user space, this step is skipped to maintain previous behavior (just go through EAPOL-Key frame processing). The Open Authentication was partly supported by the Linux kernel but now wpa_supplicant can register for Authentication frames, handle it in userspace and so avoid any possible race condition. Signed-hostap: Nicolas Cavallari <cavallar@lri.fr> Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
2013-07-21 14:56:53 +02:00
return NULL;
}
peer->next = ibss_rsn->peers;
ibss_rsn->peers = peer;
return peer;
}
IBSS RSN: Add a timeout for Authentication frame exchange It is possible for the peer device not to support Authentication frame exchange even though this would be required functionality in the standard. Furthermore, either Authentication frame may be lost. To recover from cases where Authentication frame sequence 2 is not received, start EAPOL Authenticator from one second timeout. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-08-27 15:26:33 +02:00
static void ibss_rsn_auth_timeout(void *eloop_ctx, void *timeout_ctx)
{
struct ibss_rsn_peer *peer = eloop_ctx;
/*
* Assume peer does not support Authentication exchange or the frame was
* lost somewhere - start EAPOL Authenticator.
*/
wpa_printf(MSG_DEBUG,
"RSN: Timeout on waiting Authentication frame response from "
MACSTR " - start authenticator", MAC2STR(peer->addr));
peer->authentication_status |= IBSS_RSN_AUTH_BY_US;
ibss_rsn_auth_init(peer->ibss_rsn, peer);
}
IBSS RSN: Add peer restart detection To better support the IBSS/RSN mechanism, wpa_supplicant has to be able to detect a possible peer reboot and in this case it should start a new EAPOL handshake. To perform such reboot detection wpa_supplicant has to perform an Open Authentication by sending an Authentication frame and then replying to it. IF an Authentication frame is received when the key have already been exchanged, wpa_supplicant understands that the peer has rebooted and can reset its state machine. Whenever a new peer is added to the IBSS wpa_supplicant will start the Open Authentication and only after having accomplished it will start the key exchange. If the driver does not support Authentication frame exchange initiated from user space, this step is skipped to maintain previous behavior (just go through EAPOL-Key frame processing). The Open Authentication was partly supported by the Linux kernel but now wpa_supplicant can register for Authentication frames, handle it in userspace and so avoid any possible race condition. Signed-hostap: Nicolas Cavallari <cavallar@lri.fr> Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
2013-07-21 14:56:53 +02:00
int ibss_rsn_start(struct ibss_rsn *ibss_rsn, const u8 *addr)
{
struct ibss_rsn_peer *peer;
int res;
IBSS: Check ibss_rsn init before starting new IBSS authentication Sanity check added to avoid segmentation fault which occurs, when issuing ibss_rsn ctrl iface cmd and IBSS was not initialized previously via IBSS network selection. Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
2015-05-01 16:14:16 +02:00
if (!ibss_rsn)
return -1;
IBSS RSN: Add peer restart detection To better support the IBSS/RSN mechanism, wpa_supplicant has to be able to detect a possible peer reboot and in this case it should start a new EAPOL handshake. To perform such reboot detection wpa_supplicant has to perform an Open Authentication by sending an Authentication frame and then replying to it. IF an Authentication frame is received when the key have already been exchanged, wpa_supplicant understands that the peer has rebooted and can reset its state machine. Whenever a new peer is added to the IBSS wpa_supplicant will start the Open Authentication and only after having accomplished it will start the key exchange. If the driver does not support Authentication frame exchange initiated from user space, this step is skipped to maintain previous behavior (just go through EAPOL-Key frame processing). The Open Authentication was partly supported by the Linux kernel but now wpa_supplicant can register for Authentication frames, handle it in userspace and so avoid any possible race condition. Signed-hostap: Nicolas Cavallari <cavallar@lri.fr> Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
2013-07-21 14:56:53 +02:00
/* if the peer already exists, exit immediately */
peer = ibss_rsn_get_peer(ibss_rsn, addr);
if (peer)
return 0;
peer = ibss_rsn_peer_init(ibss_rsn, addr);
if (peer == NULL)
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
return -1;
IBSS RSN: Add peer restart detection To better support the IBSS/RSN mechanism, wpa_supplicant has to be able to detect a possible peer reboot and in this case it should start a new EAPOL handshake. To perform such reboot detection wpa_supplicant has to perform an Open Authentication by sending an Authentication frame and then replying to it. IF an Authentication frame is received when the key have already been exchanged, wpa_supplicant understands that the peer has rebooted and can reset its state machine. Whenever a new peer is added to the IBSS wpa_supplicant will start the Open Authentication and only after having accomplished it will start the key exchange. If the driver does not support Authentication frame exchange initiated from user space, this step is skipped to maintain previous behavior (just go through EAPOL-Key frame processing). The Open Authentication was partly supported by the Linux kernel but now wpa_supplicant can register for Authentication frames, handle it in userspace and so avoid any possible race condition. Signed-hostap: Nicolas Cavallari <cavallar@lri.fr> Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
2013-07-21 14:56:53 +02:00
/* Open Authentication: send first Authentication frame */
res = ibss_rsn_send_auth(ibss_rsn, addr, 1);
if (res) {
/*
* The driver may not support Authentication frame exchange in
* IBSS. Ignore authentication and go through EAPOL exchange.
*/
peer->authentication_status |= IBSS_RSN_AUTH_BY_US;
return ibss_rsn_auth_init(ibss_rsn, peer);
IBSS RSN: Work around Data RX vs. Authentication RX race condition It is possible for the driver to report EAPOL frame RX before Authentication frame RX even if the frames arrived in the opposite order. This can result in issues in cases where both IBSS peers initiate Authentication frame exchange at about the same time and one of the EAPOL sessions is started before processing Authentication frame seq=1 RX. Work around this by not re-initializing EAPOL state on Authentication (SEQ=1) RX if own Authentication frame was transmitted within last 500 ms. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-08-27 01:54:35 +02:00
} else {
IBSS RSN: Use monotonic time for reinit detection The reinit detection skips reinit when the time since the own authentication frame TX is less than half a second, so it shouldn't be affected by wall time and use monotonic time instead. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-16 21:08:39 +01:00
os_get_reltime(&peer->own_auth_tx);
IBSS RSN: Add a timeout for Authentication frame exchange It is possible for the peer device not to support Authentication frame exchange even though this would be required functionality in the standard. Furthermore, either Authentication frame may be lost. To recover from cases where Authentication frame sequence 2 is not received, start EAPOL Authenticator from one second timeout. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-08-27 15:26:33 +02:00
eloop_register_timeout(1, 0, ibss_rsn_auth_timeout, peer, NULL);
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
}
IBSS RSN: Add peer restart detection To better support the IBSS/RSN mechanism, wpa_supplicant has to be able to detect a possible peer reboot and in this case it should start a new EAPOL handshake. To perform such reboot detection wpa_supplicant has to perform an Open Authentication by sending an Authentication frame and then replying to it. IF an Authentication frame is received when the key have already been exchanged, wpa_supplicant understands that the peer has rebooted and can reset its state machine. Whenever a new peer is added to the IBSS wpa_supplicant will start the Open Authentication and only after having accomplished it will start the key exchange. If the driver does not support Authentication frame exchange initiated from user space, this step is skipped to maintain previous behavior (just go through EAPOL-Key frame processing). The Open Authentication was partly supported by the Linux kernel but now wpa_supplicant can register for Authentication frames, handle it in userspace and so avoid any possible race condition. Signed-hostap: Nicolas Cavallari <cavallar@lri.fr> Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
2013-07-21 14:56:53 +02:00
return 0;
}
static int ibss_rsn_peer_authenticated(struct ibss_rsn *ibss_rsn,
struct ibss_rsn_peer *peer, int reason)
{
int already_started;
if (ibss_rsn == NULL || peer == NULL)
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
return -1;
IBSS RSN: Add peer restart detection To better support the IBSS/RSN mechanism, wpa_supplicant has to be able to detect a possible peer reboot and in this case it should start a new EAPOL handshake. To perform such reboot detection wpa_supplicant has to perform an Open Authentication by sending an Authentication frame and then replying to it. IF an Authentication frame is received when the key have already been exchanged, wpa_supplicant understands that the peer has rebooted and can reset its state machine. Whenever a new peer is added to the IBSS wpa_supplicant will start the Open Authentication and only after having accomplished it will start the key exchange. If the driver does not support Authentication frame exchange initiated from user space, this step is skipped to maintain previous behavior (just go through EAPOL-Key frame processing). The Open Authentication was partly supported by the Linux kernel but now wpa_supplicant can register for Authentication frames, handle it in userspace and so avoid any possible race condition. Signed-hostap: Nicolas Cavallari <cavallar@lri.fr> Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
2013-07-21 14:56:53 +02:00
already_started = ibss_rsn_is_auth_started(peer);
peer->authentication_status |= reason;
if (already_started) {
wpa_printf(MSG_DEBUG, "RSN: IBSS Authenticator already "
"started for peer " MACSTR, MAC2STR(peer->addr));
return 0;
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
}
IBSS RSN: Add peer restart detection To better support the IBSS/RSN mechanism, wpa_supplicant has to be able to detect a possible peer reboot and in this case it should start a new EAPOL handshake. To perform such reboot detection wpa_supplicant has to perform an Open Authentication by sending an Authentication frame and then replying to it. IF an Authentication frame is received when the key have already been exchanged, wpa_supplicant understands that the peer has rebooted and can reset its state machine. Whenever a new peer is added to the IBSS wpa_supplicant will start the Open Authentication and only after having accomplished it will start the key exchange. If the driver does not support Authentication frame exchange initiated from user space, this step is skipped to maintain previous behavior (just go through EAPOL-Key frame processing). The Open Authentication was partly supported by the Linux kernel but now wpa_supplicant can register for Authentication frames, handle it in userspace and so avoid any possible race condition. Signed-hostap: Nicolas Cavallari <cavallar@lri.fr> Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
2013-07-21 14:56:53 +02:00
wpa_printf(MSG_DEBUG, "RSN: Starting IBSS Authenticator "
"for now-authenticated peer " MACSTR, MAC2STR(peer->addr));
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
IBSS RSN: Add peer restart detection To better support the IBSS/RSN mechanism, wpa_supplicant has to be able to detect a possible peer reboot and in this case it should start a new EAPOL handshake. To perform such reboot detection wpa_supplicant has to perform an Open Authentication by sending an Authentication frame and then replying to it. IF an Authentication frame is received when the key have already been exchanged, wpa_supplicant understands that the peer has rebooted and can reset its state machine. Whenever a new peer is added to the IBSS wpa_supplicant will start the Open Authentication and only after having accomplished it will start the key exchange. If the driver does not support Authentication frame exchange initiated from user space, this step is skipped to maintain previous behavior (just go through EAPOL-Key frame processing). The Open Authentication was partly supported by the Linux kernel but now wpa_supplicant can register for Authentication frames, handle it in userspace and so avoid any possible race condition. Signed-hostap: Nicolas Cavallari <cavallar@lri.fr> Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
2013-07-21 14:56:53 +02:00
return ibss_rsn_auth_init(ibss_rsn, peer);
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
}
IBSS RSN: Clear IBSS RSN peers based on peer lost events
2011-03-18 16:04:46 +01:00
void ibss_rsn_stop(struct ibss_rsn *ibss_rsn, const u8 *peermac)
{
struct ibss_rsn_peer *peer, *prev;
if (ibss_rsn == NULL)
return;
if (peermac == NULL) {
/* remove all peers */
wpa_printf(MSG_DEBUG, "%s: Remove all peers", __func__);
peer = ibss_rsn->peers;
while (peer) {
prev = peer;
peer = peer->next;
ibss_rsn_free(prev);
ibss_rsn->peers = peer;
}
} else {
/* remove specific peer */
wpa_printf(MSG_DEBUG, "%s: Remove specific peer " MACSTR,
__func__, MAC2STR(peermac));
for (prev = NULL, peer = ibss_rsn->peers; peer != NULL;
prev = peer, peer = peer->next) {
if (os_memcmp(peermac, peer->addr, ETH_ALEN) == 0) {
if (prev == NULL)
ibss_rsn->peers = peer->next;
else
prev->next = peer->next;
ibss_rsn_free(peer);
wpa_printf(MSG_DEBUG, "%s: Successfully "
"removed a specific peer",
__func__);
break;
}
}
}
}
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
struct ibss_rsn * ibss_rsn_init(struct wpa_supplicant *wpa_s)
{
struct ibss_rsn *ibss_rsn;
ibss_rsn = os_zalloc(sizeof(*ibss_rsn));
if (ibss_rsn == NULL)
return NULL;
ibss_rsn->wpa_s = wpa_s;
if (ibss_rsn_auth_init_group(ibss_rsn, wpa_s->own_addr) < 0) {
ibss_rsn_deinit(ibss_rsn);
return NULL;
}
return ibss_rsn;
}
void ibss_rsn_deinit(struct ibss_rsn *ibss_rsn)
{
struct ibss_rsn_peer *peer, *prev;
if (ibss_rsn == NULL)
return;
peer = ibss_rsn->peers;
while (peer) {
prev = peer;
peer = peer->next;
ibss_rsn_free(prev);
}
RSN IBSS: Fix segfault on error path If wpa_init() fails, wpa_deinit(NULL) must not be called to avoid hitting a NULL pointer dereference. Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-05 20:35:16 +02:00
if (ibss_rsn->auth_group)
wpa_deinit(ibss_rsn->auth_group);
Added initial step for IBSS RSN support This commit adds a new build option, CONFIG_IBSS_RSN=y, that can be used to enable RSN support for IBSS. This links in RSN Authenticator code from hostapd and adds code for managing per-peer information for IBSS. A new wpa_cli command or driver event can be used to request RSN authentication with an IBSS peer. New RSN Authenticator and Supplicant will be allocated for each peer. The basic state machine setup code is included in this commit, but the state machines are not properly started yet. In addition, some of the callback functions are not yet complete.
2009-01-15 00:21:55 +01:00
os_free(ibss_rsn);
}
Process received EAPOL frames in IBSS RSN code if in IBSS mode
2009-01-17 16:25:11 +01:00
static int ibss_rsn_eapol_dst_supp(const u8 *buf, size_t len)
{
const struct ieee802_1x_hdr *hdr;
const struct wpa_eapol_key *key;
u16 key_info;
size_t plen;
/* TODO: Support other EAPOL packets than just EAPOL-Key */
if (len < sizeof(*hdr) + sizeof(*key))
return -1;
hdr = (const struct ieee802_1x_hdr *) buf;
key = (const struct wpa_eapol_key *) (hdr + 1);
plen = be_to_host16(hdr->length);
if (hdr->version < EAPOL_VERSION) {
/* TODO: backwards compatibility */
}
if (hdr->type != IEEE802_1X_TYPE_EAPOL_KEY) {
wpa_printf(MSG_DEBUG, "RSN: EAPOL frame (type %u) discarded, "
"not a Key frame", hdr->type);
return -1;
}
if (plen > len - sizeof(*hdr) || plen < sizeof(*key)) {
wpa_printf(MSG_DEBUG, "RSN: EAPOL frame payload size %lu "
"invalid (frame size %lu)",
(unsigned long) plen, (unsigned long) len);
return -1;
}
if (key->type != EAPOL_KEY_TYPE_RSN) {
wpa_printf(MSG_DEBUG, "RSN: EAPOL-Key type (%d) unknown, "
"discarded", key->type);
return -1;
}
key_info = WPA_GET_BE16(key->key_info);
return !!(key_info & WPA_KEY_INFO_ACK);
}
static int ibss_rsn_process_rx_eapol(struct ibss_rsn *ibss_rsn,
struct ibss_rsn_peer *peer,
const u8 *buf, size_t len)
{
int supp;
u8 *tmp;
supp = ibss_rsn_eapol_dst_supp(buf, len);
if (supp < 0)
return -1;
tmp = os_malloc(len);
if (tmp == NULL)
return -1;
os_memcpy(tmp, buf, len);
if (supp) {
IBSS RSN: Add peer restart detection To better support the IBSS/RSN mechanism, wpa_supplicant has to be able to detect a possible peer reboot and in this case it should start a new EAPOL handshake. To perform such reboot detection wpa_supplicant has to perform an Open Authentication by sending an Authentication frame and then replying to it. IF an Authentication frame is received when the key have already been exchanged, wpa_supplicant understands that the peer has rebooted and can reset its state machine. Whenever a new peer is added to the IBSS wpa_supplicant will start the Open Authentication and only after having accomplished it will start the key exchange. If the driver does not support Authentication frame exchange initiated from user space, this step is skipped to maintain previous behavior (just go through EAPOL-Key frame processing). The Open Authentication was partly supported by the Linux kernel but now wpa_supplicant can register for Authentication frames, handle it in userspace and so avoid any possible race condition. Signed-hostap: Nicolas Cavallari <cavallar@lri.fr> Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
2013-07-21 14:56:53 +02:00
peer->authentication_status |= IBSS_RSN_AUTH_EAPOL_BY_PEER;
wpa_printf(MSG_DEBUG, "RSN: IBSS RX EAPOL for Supplicant from "
MACSTR, MAC2STR(peer->addr));
Process received EAPOL frames in IBSS RSN code if in IBSS mode
2009-01-17 16:25:11 +01:00
wpa_sm_rx_eapol(peer->supp, peer->addr, tmp, len);
} else {
IBSS RSN: Add peer restart detection To better support the IBSS/RSN mechanism, wpa_supplicant has to be able to detect a possible peer reboot and in this case it should start a new EAPOL handshake. To perform such reboot detection wpa_supplicant has to perform an Open Authentication by sending an Authentication frame and then replying to it. IF an Authentication frame is received when the key have already been exchanged, wpa_supplicant understands that the peer has rebooted and can reset its state machine. Whenever a new peer is added to the IBSS wpa_supplicant will start the Open Authentication and only after having accomplished it will start the key exchange. If the driver does not support Authentication frame exchange initiated from user space, this step is skipped to maintain previous behavior (just go through EAPOL-Key frame processing). The Open Authentication was partly supported by the Linux kernel but now wpa_supplicant can register for Authentication frames, handle it in userspace and so avoid any possible race condition. Signed-hostap: Nicolas Cavallari <cavallar@lri.fr> Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
2013-07-21 14:56:53 +02:00
if (ibss_rsn_is_auth_started(peer) == 0) {
wpa_printf(MSG_DEBUG, "RSN: IBSS EAPOL for "
"Authenticator dropped as " MACSTR " is not "
"authenticated", MAC2STR(peer->addr));
os_free(tmp);
return -1;
}
wpa_printf(MSG_DEBUG, "RSN: IBSS RX EAPOL for Authenticator "
"from "MACSTR, MAC2STR(peer->addr));
Process received EAPOL frames in IBSS RSN code if in IBSS mode
2009-01-17 16:25:11 +01:00
wpa_receive(ibss_rsn->auth_group, peer->auth, tmp, len);
}
os_free(tmp);
return 1;
}
int ibss_rsn_rx_eapol(struct ibss_rsn *ibss_rsn, const u8 *src_addr,
const u8 *buf, size_t len)
{
struct ibss_rsn_peer *peer;
RSN IBSS: Restart IBSS state machines for each new IBSS Change the old design of running a single long living RSN IBSS instance to keep a separate instance for each IBSS connection. This fixes number of issues in getting keys set properly for new connections and is in general quite a bit more correct design.
2011-03-23 20:15:46 +01:00
if (ibss_rsn == NULL)
return -1;
IBSS RSN: Provide ibss_rsn_get_peer() helper function This is a useful function that simplifies some code and can eventually be used somewhere else in future. Signed-hostap: Antonio Quartulli <ordex@autistici.org>
2012-01-29 11:23:27 +01:00
peer = ibss_rsn_get_peer(ibss_rsn, src_addr);
if (peer)
return ibss_rsn_process_rx_eapol(ibss_rsn, peer, buf, len);
Process received EAPOL frames in IBSS RSN code if in IBSS mode
2009-01-17 16:25:11 +01:00
if (ibss_rsn_eapol_dst_supp(buf, len) > 0) {
/*
* Create new IBSS peer based on an EAPOL message from the peer
* Authenticator.
*/
IBSS RSN: Add peer restart detection To better support the IBSS/RSN mechanism, wpa_supplicant has to be able to detect a possible peer reboot and in this case it should start a new EAPOL handshake. To perform such reboot detection wpa_supplicant has to perform an Open Authentication by sending an Authentication frame and then replying to it. IF an Authentication frame is received when the key have already been exchanged, wpa_supplicant understands that the peer has rebooted and can reset its state machine. Whenever a new peer is added to the IBSS wpa_supplicant will start the Open Authentication and only after having accomplished it will start the key exchange. If the driver does not support Authentication frame exchange initiated from user space, this step is skipped to maintain previous behavior (just go through EAPOL-Key frame processing). The Open Authentication was partly supported by the Linux kernel but now wpa_supplicant can register for Authentication frames, handle it in userspace and so avoid any possible race condition. Signed-hostap: Nicolas Cavallari <cavallar@lri.fr> Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
2013-07-21 14:56:53 +02:00
peer = ibss_rsn_peer_init(ibss_rsn, src_addr);
if (peer == NULL)
Process received EAPOL frames in IBSS RSN code if in IBSS mode
2009-01-17 16:25:11 +01:00
return -1;
IBSS RSN: Add peer restart detection To better support the IBSS/RSN mechanism, wpa_supplicant has to be able to detect a possible peer reboot and in this case it should start a new EAPOL handshake. To perform such reboot detection wpa_supplicant has to perform an Open Authentication by sending an Authentication frame and then replying to it. IF an Authentication frame is received when the key have already been exchanged, wpa_supplicant understands that the peer has rebooted and can reset its state machine. Whenever a new peer is added to the IBSS wpa_supplicant will start the Open Authentication and only after having accomplished it will start the key exchange. If the driver does not support Authentication frame exchange initiated from user space, this step is skipped to maintain previous behavior (just go through EAPOL-Key frame processing). The Open Authentication was partly supported by the Linux kernel but now wpa_supplicant can register for Authentication frames, handle it in userspace and so avoid any possible race condition. Signed-hostap: Nicolas Cavallari <cavallar@lri.fr> Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
2013-07-21 14:56:53 +02:00
/* assume the peer is authenticated already */
wpa_printf(MSG_DEBUG, "RSN: IBSS Not using IBSS Auth for peer "
MACSTR, MAC2STR(src_addr));
ibss_rsn_peer_authenticated(ibss_rsn, peer,
IBSS_RSN_AUTH_EAPOL_BY_US);
Process received EAPOL frames in IBSS RSN code if in IBSS mode
2009-01-17 16:25:11 +01:00
return ibss_rsn_process_rx_eapol(ibss_rsn, ibss_rsn->peers,
buf, len);
}
return 0;
}
IBSS RSN: Set the PSK based on network configuration
2009-01-17 16:47:25 +01:00
void ibss_rsn_set_psk(struct ibss_rsn *ibss_rsn, const u8 *psk)
{
RSN IBSS: Restart IBSS state machines for each new IBSS Change the old design of running a single long living RSN IBSS instance to keep a separate instance for each IBSS connection. This fixes number of issues in getting keys set properly for new connections and is in general quite a bit more correct design.
2011-03-23 20:15:46 +01:00
if (ibss_rsn == NULL)
return;
IBSS RSN: Set the PSK based on network configuration
2009-01-17 16:47:25 +01:00
os_memcpy(ibss_rsn->psk, psk, PMK_LEN);
}
IBSS RSN: Add peer restart detection To better support the IBSS/RSN mechanism, wpa_supplicant has to be able to detect a possible peer reboot and in this case it should start a new EAPOL handshake. To perform such reboot detection wpa_supplicant has to perform an Open Authentication by sending an Authentication frame and then replying to it. IF an Authentication frame is received when the key have already been exchanged, wpa_supplicant understands that the peer has rebooted and can reset its state machine. Whenever a new peer is added to the IBSS wpa_supplicant will start the Open Authentication and only after having accomplished it will start the key exchange. If the driver does not support Authentication frame exchange initiated from user space, this step is skipped to maintain previous behavior (just go through EAPOL-Key frame processing). The Open Authentication was partly supported by the Linux kernel but now wpa_supplicant can register for Authentication frames, handle it in userspace and so avoid any possible race condition. Signed-hostap: Nicolas Cavallari <cavallar@lri.fr> Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
2013-07-21 14:56:53 +02:00
static void ibss_rsn_handle_auth_1_of_2(struct ibss_rsn *ibss_rsn,
struct ibss_rsn_peer *peer,
const u8* addr)
{
wpa_printf(MSG_DEBUG, "RSN: IBSS RX Auth frame (SEQ 1) from " MACSTR,
MAC2STR(addr));
if (peer &&
peer->authentication_status & IBSS_RSN_AUTH_EAPOL_BY_PEER) {
IBSS RSN: Work around Data RX vs. Authentication RX race condition It is possible for the driver to report EAPOL frame RX before Authentication frame RX even if the frames arrived in the opposite order. This can result in issues in cases where both IBSS peers initiate Authentication frame exchange at about the same time and one of the EAPOL sessions is started before processing Authentication frame seq=1 RX. Work around this by not re-initializing EAPOL state on Authentication (SEQ=1) RX if own Authentication frame was transmitted within last 500 ms. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-08-27 01:54:35 +02:00
if (peer->own_auth_tx.sec) {
IBSS RSN: Use monotonic time for reinit detection The reinit detection skips reinit when the time since the own authentication frame TX is less than half a second, so it shouldn't be affected by wall time and use monotonic time instead. Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-16 21:08:39 +01:00
struct os_reltime now, diff;
os_get_reltime(&now);
os_reltime_sub(&now, &peer->own_auth_tx, &diff);
IBSS RSN: Work around Data RX vs. Authentication RX race condition It is possible for the driver to report EAPOL frame RX before Authentication frame RX even if the frames arrived in the opposite order. This can result in issues in cases where both IBSS peers initiate Authentication frame exchange at about the same time and one of the EAPOL sessions is started before processing Authentication frame seq=1 RX. Work around this by not re-initializing EAPOL state on Authentication (SEQ=1) RX if own Authentication frame was transmitted within last 500 ms. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-08-27 01:54:35 +02:00
if (diff.sec == 0 && diff.usec < 500000) {
wpa_printf(MSG_DEBUG, "RSN: Skip IBSS reinit since only %u usec from own Auth frame TX",
(int) diff.usec);
goto skip_reinit;
}
}
IBSS RSN: Add peer restart detection To better support the IBSS/RSN mechanism, wpa_supplicant has to be able to detect a possible peer reboot and in this case it should start a new EAPOL handshake. To perform such reboot detection wpa_supplicant has to perform an Open Authentication by sending an Authentication frame and then replying to it. IF an Authentication frame is received when the key have already been exchanged, wpa_supplicant understands that the peer has rebooted and can reset its state machine. Whenever a new peer is added to the IBSS wpa_supplicant will start the Open Authentication and only after having accomplished it will start the key exchange. If the driver does not support Authentication frame exchange initiated from user space, this step is skipped to maintain previous behavior (just go through EAPOL-Key frame processing). The Open Authentication was partly supported by the Linux kernel but now wpa_supplicant can register for Authentication frames, handle it in userspace and so avoid any possible race condition. Signed-hostap: Nicolas Cavallari <cavallar@lri.fr> Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
2013-07-21 14:56:53 +02:00
/*
* A peer sent us an Authentication frame even though it already
* started an EAPOL session. We should reinit state machines
* here, but it's much more complicated than just deleting and
* recreating the state machine
*/
wpa_printf(MSG_DEBUG, "RSN: IBSS Reinitializing station "
MACSTR, MAC2STR(addr));
ibss_rsn_stop(ibss_rsn, addr);
peer = NULL;
}
if (!peer) {
peer = ibss_rsn_peer_init(ibss_rsn, addr);
if (!peer)
return;
wpa_printf(MSG_DEBUG, "RSN: IBSS Auth started by peer " MACSTR,
MAC2STR(addr));
}
IBSS RSN: Work around Data RX vs. Authentication RX race condition It is possible for the driver to report EAPOL frame RX before Authentication frame RX even if the frames arrived in the opposite order. This can result in issues in cases where both IBSS peers initiate Authentication frame exchange at about the same time and one of the EAPOL sessions is started before processing Authentication frame seq=1 RX. Work around this by not re-initializing EAPOL state on Authentication (SEQ=1) RX if own Authentication frame was transmitted within last 500 ms. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-08-27 01:54:35 +02:00
skip_reinit:
IBSS RSN: Add peer restart detection To better support the IBSS/RSN mechanism, wpa_supplicant has to be able to detect a possible peer reboot and in this case it should start a new EAPOL handshake. To perform such reboot detection wpa_supplicant has to perform an Open Authentication by sending an Authentication frame and then replying to it. IF an Authentication frame is received when the key have already been exchanged, wpa_supplicant understands that the peer has rebooted and can reset its state machine. Whenever a new peer is added to the IBSS wpa_supplicant will start the Open Authentication and only after having accomplished it will start the key exchange. If the driver does not support Authentication frame exchange initiated from user space, this step is skipped to maintain previous behavior (just go through EAPOL-Key frame processing). The Open Authentication was partly supported by the Linux kernel but now wpa_supplicant can register for Authentication frames, handle it in userspace and so avoid any possible race condition. Signed-hostap: Nicolas Cavallari <cavallar@lri.fr> Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
2013-07-21 14:56:53 +02:00
/* reply with an Authentication frame now, before sending an EAPOL */
ibss_rsn_send_auth(ibss_rsn, addr, 2);
/* no need to start another AUTH challenge in the other way.. */
ibss_rsn_peer_authenticated(ibss_rsn, peer, IBSS_RSN_AUTH_EAPOL_BY_US);
}
void ibss_rsn_handle_auth(struct ibss_rsn *ibss_rsn, const u8 *auth_frame,
size_t len)
{
const struct ieee80211_mgmt *header;
struct ibss_rsn_peer *peer;
size_t auth_length;
header = (const struct ieee80211_mgmt *) auth_frame;
auth_length = IEEE80211_HDRLEN + sizeof(header->u.auth);
if (ibss_rsn == NULL || len < auth_length)
return;
if (le_to_host16(header->u.auth.auth_alg) != WLAN_AUTH_OPEN ||
le_to_host16(header->u.auth.status_code) != WLAN_STATUS_SUCCESS)
return;
peer = ibss_rsn_get_peer(ibss_rsn, header->sa);
switch (le_to_host16(header->u.auth.auth_transaction)) {
case 1:
ibss_rsn_handle_auth_1_of_2(ibss_rsn, peer, header->sa);
break;
case 2:
wpa_printf(MSG_DEBUG, "RSN: IBSS RX Auth frame (SEQ 2) from "
MACSTR, MAC2STR(header->sa));
if (!peer) {
wpa_printf(MSG_DEBUG, "RSN: Received Auth seq 2 from "
"unknown STA " MACSTR, MAC2STR(header->sa));
break;
}
/* authentication has been completed */
IBSS RSN: Add a timeout for Authentication frame exchange It is possible for the peer device not to support Authentication frame exchange even though this would be required functionality in the standard. Furthermore, either Authentication frame may be lost. To recover from cases where Authentication frame sequence 2 is not received, start EAPOL Authenticator from one second timeout. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-08-27 15:26:33 +02:00
eloop_cancel_timeout(ibss_rsn_auth_timeout, peer, NULL);
wpa_printf(MSG_DEBUG, "RSN: IBSS Auth completed with " MACSTR,
IBSS RSN: Add peer restart detection To better support the IBSS/RSN mechanism, wpa_supplicant has to be able to detect a possible peer reboot and in this case it should start a new EAPOL handshake. To perform such reboot detection wpa_supplicant has to perform an Open Authentication by sending an Authentication frame and then replying to it. IF an Authentication frame is received when the key have already been exchanged, wpa_supplicant understands that the peer has rebooted and can reset its state machine. Whenever a new peer is added to the IBSS wpa_supplicant will start the Open Authentication and only after having accomplished it will start the key exchange. If the driver does not support Authentication frame exchange initiated from user space, this step is skipped to maintain previous behavior (just go through EAPOL-Key frame processing). The Open Authentication was partly supported by the Linux kernel but now wpa_supplicant can register for Authentication frames, handle it in userspace and so avoid any possible race condition. Signed-hostap: Nicolas Cavallari <cavallar@lri.fr> Signed-hostap: Antonio Quartulli <antonio@open-mesh.com>
2013-07-21 14:56:53 +02:00
MAC2STR(header->sa));
ibss_rsn_peer_authenticated(ibss_rsn, peer,
IBSS_RSN_AUTH_BY_US);
break;
}
}
Reference in a new issue Copy permalink