SAE: Print state changes in debug log

This makes it easier to follow state changes in SAE protocol instances.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2017-12-27 00:07:42 +02:00
parent d8b841eba8
commit 9249afc8e1
3 changed files with 51 additions and 13 deletions

View file

@ -354,6 +354,16 @@ static void handle_auth_ft_finish(void *ctx, const u8 *dst, const u8 *bssid,
#ifdef CONFIG_SAE #ifdef CONFIG_SAE
static void sae_set_state(struct sta_info *sta, enum sae_state state,
const char *reason)
{
wpa_printf(MSG_DEBUG, "SAE: State %s -> %s for peer " MACSTR " (%s)",
sae_state_txt(sta->sae->state), sae_state_txt(state),
MAC2STR(sta->addr), reason);
sta->sae->state = state;
}
static struct wpabuf * auth_build_sae_commit(struct hostapd_data *hapd, static struct wpabuf * auth_build_sae_commit(struct hostapd_data *hapd,
struct sta_info *sta, int update) struct sta_info *sta, int update)
{ {
@ -517,7 +527,7 @@ static struct wpabuf * auth_build_token_req(struct hostapd_data *hapd,
static int sae_check_big_sync(struct hostapd_data *hapd, struct sta_info *sta) static int sae_check_big_sync(struct hostapd_data *hapd, struct sta_info *sta)
{ {
if (sta->sae->sync > hapd->conf->sae_sync) { if (sta->sae->sync > hapd->conf->sae_sync) {
sta->sae->state = SAE_NOTHING; sae_set_state(sta, SAE_NOTHING, "Sync > dot11RSNASAESync");
sta->sae->sync = 0; sta->sae->sync = 0;
return -1; return -1;
} }
@ -535,8 +545,9 @@ static void auth_sae_retransmit_timer(void *eloop_ctx, void *eloop_data)
return; return;
sta->sae->sync++; sta->sae->sync++;
wpa_printf(MSG_DEBUG, "SAE: Auth SAE retransmit timer for " MACSTR wpa_printf(MSG_DEBUG, "SAE: Auth SAE retransmit timer for " MACSTR
" (sync=%d state=%d)", " (sync=%d state=%s)",
MAC2STR(sta->addr), sta->sae->sync, sta->sae->state); MAC2STR(sta->addr), sta->sae->sync,
sae_state_txt(sta->sae->state));
switch (sta->sae->state) { switch (sta->sae->state) {
case SAE_COMMITTED: case SAE_COMMITTED:
@ -585,7 +596,7 @@ void sae_accept_sta(struct hostapd_data *hapd, struct sta_info *sta)
sta->auth_alg = WLAN_AUTH_SAE; sta->auth_alg = WLAN_AUTH_SAE;
mlme_authenticate_indication(hapd, sta); mlme_authenticate_indication(hapd, sta);
wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
sta->sae->state = SAE_ACCEPTED; sae_set_state(sta, SAE_ACCEPTED, "Accept Confirm");
wpa_auth_pmksa_add_sae(hapd->wpa_auth, sta->addr, wpa_auth_pmksa_add_sae(hapd->wpa_auth, sta->addr,
sta->sae->pmk, sta->sae->pmkid); sta->sae->pmk, sta->sae->pmkid);
} }
@ -599,13 +610,16 @@ static int sae_sm_step(struct hostapd_data *hapd, struct sta_info *sta,
if (auth_transaction != 1 && auth_transaction != 2) if (auth_transaction != 1 && auth_transaction != 2)
return WLAN_STATUS_UNSPECIFIED_FAILURE; return WLAN_STATUS_UNSPECIFIED_FAILURE;
wpa_printf(MSG_DEBUG, "SAE: Peer " MACSTR " state=%s auth_trans=%u",
MAC2STR(sta->addr), sae_state_txt(sta->sae->state),
auth_transaction);
switch (sta->sae->state) { switch (sta->sae->state) {
case SAE_NOTHING: case SAE_NOTHING:
if (auth_transaction == 1) { if (auth_transaction == 1) {
ret = auth_sae_send_commit(hapd, sta, bssid, 1); ret = auth_sae_send_commit(hapd, sta, bssid, 1);
if (ret) if (ret)
return ret; return ret;
sta->sae->state = SAE_COMMITTED; sae_set_state(sta, SAE_COMMITTED, "Sent Commit");
if (sae_process_commit(sta->sae) < 0) if (sae_process_commit(sta->sae) < 0)
return WLAN_STATUS_UNSPECIFIED_FAILURE; return WLAN_STATUS_UNSPECIFIED_FAILURE;
@ -627,7 +641,8 @@ static int sae_sm_step(struct hostapd_data *hapd, struct sta_info *sta,
ret = auth_sae_send_confirm(hapd, sta, bssid); ret = auth_sae_send_confirm(hapd, sta, bssid);
if (ret) if (ret)
return ret; return ret;
sta->sae->state = SAE_CONFIRMED; sae_set_state(sta, SAE_CONFIRMED,
"Sent Confirm (mesh)");
} else { } else {
/* /*
* For infrastructure BSS, send only the Commit * For infrastructure BSS, send only the Commit
@ -656,7 +671,7 @@ static int sae_sm_step(struct hostapd_data *hapd, struct sta_info *sta,
ret = auth_sae_send_confirm(hapd, sta, bssid); ret = auth_sae_send_confirm(hapd, sta, bssid);
if (ret) if (ret)
return ret; return ret;
sta->sae->state = SAE_CONFIRMED; sae_set_state(sta, SAE_CONFIRMED, "Sent Confirm");
sta->sae->sync = 0; sta->sae->sync = 0;
sae_set_retransmit_timer(hapd, sta); sae_set_retransmit_timer(hapd, sta);
} else if (hapd->conf->mesh & MESH_ENABLED) { } else if (hapd->conf->mesh & MESH_ENABLED) {
@ -683,7 +698,7 @@ static int sae_sm_step(struct hostapd_data *hapd, struct sta_info *sta,
if (ret) if (ret)
return ret; return ret;
sta->sae->state = SAE_CONFIRMED; sae_set_state(sta, SAE_CONFIRMED, "Sent Confirm");
/* /*
* Since this was triggered on Confirm RX, run another * Since this was triggered on Confirm RX, run another
@ -820,7 +835,7 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
resp = -1; resp = -1;
goto remove_sta; goto remove_sta;
} }
sta->sae->state = SAE_NOTHING; sae_set_state(sta, SAE_NOTHING, "Init");
sta->sae->sync = 0; sta->sae->sync = 0;
} }
@ -883,7 +898,8 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
"SAE: Failed to send commit message"); "SAE: Failed to send commit message");
goto remove_sta; goto remove_sta;
} }
sta->sae->state = SAE_COMMITTED; sae_set_state(sta, SAE_COMMITTED,
"Sent Commit (anti-clogging token case in mesh)");
sta->sae->sync = 0; sta->sae->sync = 0;
sae_set_retransmit_timer(hapd, sta); sae_set_retransmit_timer(hapd, sta);
return; return;
@ -932,7 +948,8 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
sta->addr); sta->addr);
resp = WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ; resp = WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ;
if (hapd->conf->mesh & MESH_ENABLED) if (hapd->conf->mesh & MESH_ENABLED)
sta->sae->state = SAE_NOTHING; sae_set_state(sta, SAE_NOTHING,
"Request anti-clogging token case in mesh");
goto reply; goto reply;
} }
@ -1006,7 +1023,7 @@ int auth_sae_init_committed(struct hostapd_data *hapd, struct sta_info *sta)
if (ret) if (ret)
return -1; return -1;
sta->sae->state = SAE_COMMITTED; sae_set_state(sta, SAE_COMMITTED, "Init and sent commit");
sta->sae->sync = 0; sta->sae->sync = 0;
sae_set_retransmit_timer(hapd, sta); sae_set_retransmit_timer(hapd, sta);

View file

@ -1292,3 +1292,19 @@ int sae_check_confirm(struct sae_data *sae, const u8 *data, size_t len)
return 0; return 0;
} }
const char * sae_state_txt(enum sae_state state)
{
switch (state) {
case SAE_NOTHING:
return "Nothing";
case SAE_COMMITTED:
return "Committed";
case SAE_CONFIRMED:
return "Confirmed";
case SAE_ACCEPTED:
return "Accepted";
}
return "?";
}

View file

@ -41,8 +41,12 @@ struct sae_temporary_data {
struct wpabuf *anti_clogging_token; struct wpabuf *anti_clogging_token;
}; };
enum sae_state {
SAE_NOTHING, SAE_COMMITTED, SAE_CONFIRMED, SAE_ACCEPTED
};
struct sae_data { struct sae_data {
enum { SAE_NOTHING, SAE_COMMITTED, SAE_CONFIRMED, SAE_ACCEPTED } state; enum sae_state state;
u16 send_confirm; u16 send_confirm;
u8 pmk[SAE_PMK_LEN]; u8 pmk[SAE_PMK_LEN];
u8 pmkid[SAE_PMKID_LEN]; u8 pmkid[SAE_PMKID_LEN];
@ -67,5 +71,6 @@ u16 sae_parse_commit(struct sae_data *sae, const u8 *data, size_t len,
void sae_write_confirm(struct sae_data *sae, struct wpabuf *buf); void sae_write_confirm(struct sae_data *sae, struct wpabuf *buf);
int sae_check_confirm(struct sae_data *sae, const u8 *data, size_t len); int sae_check_confirm(struct sae_data *sae, const u8 *data, size_t len);
u16 sae_group_allowed(struct sae_data *sae, int *allowed_groups, u16 group); u16 sae_group_allowed(struct sae_data *sae, int *allowed_groups, u16 group);
const char * sae_state_txt(enum sae_state state);
#endif /* SAE_H */ #endif /* SAE_H */