SAE: Print state changes in debug log
This makes it easier to follow state changes in SAE protocol instances. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
d8b841eba8
commit
9249afc8e1
3 changed files with 51 additions and 13 deletions
|
@ -354,6 +354,16 @@ static void handle_auth_ft_finish(void *ctx, const u8 *dst, const u8 *bssid,
|
||||||
|
|
||||||
#ifdef CONFIG_SAE
|
#ifdef CONFIG_SAE
|
||||||
|
|
||||||
|
static void sae_set_state(struct sta_info *sta, enum sae_state state,
|
||||||
|
const char *reason)
|
||||||
|
{
|
||||||
|
wpa_printf(MSG_DEBUG, "SAE: State %s -> %s for peer " MACSTR " (%s)",
|
||||||
|
sae_state_txt(sta->sae->state), sae_state_txt(state),
|
||||||
|
MAC2STR(sta->addr), reason);
|
||||||
|
sta->sae->state = state;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
static struct wpabuf * auth_build_sae_commit(struct hostapd_data *hapd,
|
static struct wpabuf * auth_build_sae_commit(struct hostapd_data *hapd,
|
||||||
struct sta_info *sta, int update)
|
struct sta_info *sta, int update)
|
||||||
{
|
{
|
||||||
|
@ -517,7 +527,7 @@ static struct wpabuf * auth_build_token_req(struct hostapd_data *hapd,
|
||||||
static int sae_check_big_sync(struct hostapd_data *hapd, struct sta_info *sta)
|
static int sae_check_big_sync(struct hostapd_data *hapd, struct sta_info *sta)
|
||||||
{
|
{
|
||||||
if (sta->sae->sync > hapd->conf->sae_sync) {
|
if (sta->sae->sync > hapd->conf->sae_sync) {
|
||||||
sta->sae->state = SAE_NOTHING;
|
sae_set_state(sta, SAE_NOTHING, "Sync > dot11RSNASAESync");
|
||||||
sta->sae->sync = 0;
|
sta->sae->sync = 0;
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
@ -535,8 +545,9 @@ static void auth_sae_retransmit_timer(void *eloop_ctx, void *eloop_data)
|
||||||
return;
|
return;
|
||||||
sta->sae->sync++;
|
sta->sae->sync++;
|
||||||
wpa_printf(MSG_DEBUG, "SAE: Auth SAE retransmit timer for " MACSTR
|
wpa_printf(MSG_DEBUG, "SAE: Auth SAE retransmit timer for " MACSTR
|
||||||
" (sync=%d state=%d)",
|
" (sync=%d state=%s)",
|
||||||
MAC2STR(sta->addr), sta->sae->sync, sta->sae->state);
|
MAC2STR(sta->addr), sta->sae->sync,
|
||||||
|
sae_state_txt(sta->sae->state));
|
||||||
|
|
||||||
switch (sta->sae->state) {
|
switch (sta->sae->state) {
|
||||||
case SAE_COMMITTED:
|
case SAE_COMMITTED:
|
||||||
|
@ -585,7 +596,7 @@ void sae_accept_sta(struct hostapd_data *hapd, struct sta_info *sta)
|
||||||
sta->auth_alg = WLAN_AUTH_SAE;
|
sta->auth_alg = WLAN_AUTH_SAE;
|
||||||
mlme_authenticate_indication(hapd, sta);
|
mlme_authenticate_indication(hapd, sta);
|
||||||
wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
|
wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
|
||||||
sta->sae->state = SAE_ACCEPTED;
|
sae_set_state(sta, SAE_ACCEPTED, "Accept Confirm");
|
||||||
wpa_auth_pmksa_add_sae(hapd->wpa_auth, sta->addr,
|
wpa_auth_pmksa_add_sae(hapd->wpa_auth, sta->addr,
|
||||||
sta->sae->pmk, sta->sae->pmkid);
|
sta->sae->pmk, sta->sae->pmkid);
|
||||||
}
|
}
|
||||||
|
@ -599,13 +610,16 @@ static int sae_sm_step(struct hostapd_data *hapd, struct sta_info *sta,
|
||||||
if (auth_transaction != 1 && auth_transaction != 2)
|
if (auth_transaction != 1 && auth_transaction != 2)
|
||||||
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
||||||
|
|
||||||
|
wpa_printf(MSG_DEBUG, "SAE: Peer " MACSTR " state=%s auth_trans=%u",
|
||||||
|
MAC2STR(sta->addr), sae_state_txt(sta->sae->state),
|
||||||
|
auth_transaction);
|
||||||
switch (sta->sae->state) {
|
switch (sta->sae->state) {
|
||||||
case SAE_NOTHING:
|
case SAE_NOTHING:
|
||||||
if (auth_transaction == 1) {
|
if (auth_transaction == 1) {
|
||||||
ret = auth_sae_send_commit(hapd, sta, bssid, 1);
|
ret = auth_sae_send_commit(hapd, sta, bssid, 1);
|
||||||
if (ret)
|
if (ret)
|
||||||
return ret;
|
return ret;
|
||||||
sta->sae->state = SAE_COMMITTED;
|
sae_set_state(sta, SAE_COMMITTED, "Sent Commit");
|
||||||
|
|
||||||
if (sae_process_commit(sta->sae) < 0)
|
if (sae_process_commit(sta->sae) < 0)
|
||||||
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
||||||
|
@ -627,7 +641,8 @@ static int sae_sm_step(struct hostapd_data *hapd, struct sta_info *sta,
|
||||||
ret = auth_sae_send_confirm(hapd, sta, bssid);
|
ret = auth_sae_send_confirm(hapd, sta, bssid);
|
||||||
if (ret)
|
if (ret)
|
||||||
return ret;
|
return ret;
|
||||||
sta->sae->state = SAE_CONFIRMED;
|
sae_set_state(sta, SAE_CONFIRMED,
|
||||||
|
"Sent Confirm (mesh)");
|
||||||
} else {
|
} else {
|
||||||
/*
|
/*
|
||||||
* For infrastructure BSS, send only the Commit
|
* For infrastructure BSS, send only the Commit
|
||||||
|
@ -656,7 +671,7 @@ static int sae_sm_step(struct hostapd_data *hapd, struct sta_info *sta,
|
||||||
ret = auth_sae_send_confirm(hapd, sta, bssid);
|
ret = auth_sae_send_confirm(hapd, sta, bssid);
|
||||||
if (ret)
|
if (ret)
|
||||||
return ret;
|
return ret;
|
||||||
sta->sae->state = SAE_CONFIRMED;
|
sae_set_state(sta, SAE_CONFIRMED, "Sent Confirm");
|
||||||
sta->sae->sync = 0;
|
sta->sae->sync = 0;
|
||||||
sae_set_retransmit_timer(hapd, sta);
|
sae_set_retransmit_timer(hapd, sta);
|
||||||
} else if (hapd->conf->mesh & MESH_ENABLED) {
|
} else if (hapd->conf->mesh & MESH_ENABLED) {
|
||||||
|
@ -683,7 +698,7 @@ static int sae_sm_step(struct hostapd_data *hapd, struct sta_info *sta,
|
||||||
if (ret)
|
if (ret)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
sta->sae->state = SAE_CONFIRMED;
|
sae_set_state(sta, SAE_CONFIRMED, "Sent Confirm");
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Since this was triggered on Confirm RX, run another
|
* Since this was triggered on Confirm RX, run another
|
||||||
|
@ -820,7 +835,7 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
|
||||||
resp = -1;
|
resp = -1;
|
||||||
goto remove_sta;
|
goto remove_sta;
|
||||||
}
|
}
|
||||||
sta->sae->state = SAE_NOTHING;
|
sae_set_state(sta, SAE_NOTHING, "Init");
|
||||||
sta->sae->sync = 0;
|
sta->sae->sync = 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -883,7 +898,8 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
|
||||||
"SAE: Failed to send commit message");
|
"SAE: Failed to send commit message");
|
||||||
goto remove_sta;
|
goto remove_sta;
|
||||||
}
|
}
|
||||||
sta->sae->state = SAE_COMMITTED;
|
sae_set_state(sta, SAE_COMMITTED,
|
||||||
|
"Sent Commit (anti-clogging token case in mesh)");
|
||||||
sta->sae->sync = 0;
|
sta->sae->sync = 0;
|
||||||
sae_set_retransmit_timer(hapd, sta);
|
sae_set_retransmit_timer(hapd, sta);
|
||||||
return;
|
return;
|
||||||
|
@ -932,7 +948,8 @@ static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
|
||||||
sta->addr);
|
sta->addr);
|
||||||
resp = WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ;
|
resp = WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ;
|
||||||
if (hapd->conf->mesh & MESH_ENABLED)
|
if (hapd->conf->mesh & MESH_ENABLED)
|
||||||
sta->sae->state = SAE_NOTHING;
|
sae_set_state(sta, SAE_NOTHING,
|
||||||
|
"Request anti-clogging token case in mesh");
|
||||||
goto reply;
|
goto reply;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -1006,7 +1023,7 @@ int auth_sae_init_committed(struct hostapd_data *hapd, struct sta_info *sta)
|
||||||
if (ret)
|
if (ret)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
sta->sae->state = SAE_COMMITTED;
|
sae_set_state(sta, SAE_COMMITTED, "Init and sent commit");
|
||||||
sta->sae->sync = 0;
|
sta->sae->sync = 0;
|
||||||
sae_set_retransmit_timer(hapd, sta);
|
sae_set_retransmit_timer(hapd, sta);
|
||||||
|
|
||||||
|
|
|
@ -1292,3 +1292,19 @@ int sae_check_confirm(struct sae_data *sae, const u8 *data, size_t len)
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
const char * sae_state_txt(enum sae_state state)
|
||||||
|
{
|
||||||
|
switch (state) {
|
||||||
|
case SAE_NOTHING:
|
||||||
|
return "Nothing";
|
||||||
|
case SAE_COMMITTED:
|
||||||
|
return "Committed";
|
||||||
|
case SAE_CONFIRMED:
|
||||||
|
return "Confirmed";
|
||||||
|
case SAE_ACCEPTED:
|
||||||
|
return "Accepted";
|
||||||
|
}
|
||||||
|
return "?";
|
||||||
|
}
|
||||||
|
|
|
@ -41,8 +41,12 @@ struct sae_temporary_data {
|
||||||
struct wpabuf *anti_clogging_token;
|
struct wpabuf *anti_clogging_token;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
enum sae_state {
|
||||||
|
SAE_NOTHING, SAE_COMMITTED, SAE_CONFIRMED, SAE_ACCEPTED
|
||||||
|
};
|
||||||
|
|
||||||
struct sae_data {
|
struct sae_data {
|
||||||
enum { SAE_NOTHING, SAE_COMMITTED, SAE_CONFIRMED, SAE_ACCEPTED } state;
|
enum sae_state state;
|
||||||
u16 send_confirm;
|
u16 send_confirm;
|
||||||
u8 pmk[SAE_PMK_LEN];
|
u8 pmk[SAE_PMK_LEN];
|
||||||
u8 pmkid[SAE_PMKID_LEN];
|
u8 pmkid[SAE_PMKID_LEN];
|
||||||
|
@ -67,5 +71,6 @@ u16 sae_parse_commit(struct sae_data *sae, const u8 *data, size_t len,
|
||||||
void sae_write_confirm(struct sae_data *sae, struct wpabuf *buf);
|
void sae_write_confirm(struct sae_data *sae, struct wpabuf *buf);
|
||||||
int sae_check_confirm(struct sae_data *sae, const u8 *data, size_t len);
|
int sae_check_confirm(struct sae_data *sae, const u8 *data, size_t len);
|
||||||
u16 sae_group_allowed(struct sae_data *sae, int *allowed_groups, u16 group);
|
u16 sae_group_allowed(struct sae_data *sae, int *allowed_groups, u16 group);
|
||||||
|
const char * sae_state_txt(enum sae_state state);
|
||||||
|
|
||||||
#endif /* SAE_H */
|
#endif /* SAE_H */
|
||||||
|
|
Loading…
Reference in a new issue