Replace some vlan_id with vlan_description

Signed-off-by: Tom Barthe <jeltz+hostap@auro.re>
This commit is contained in:
jeltz 2021-11-14 09:26:02 +01:00
parent c34c234aec
commit 9fa8a0c991
Signed by: jeltz
GPG key ID: 800882B66C0C3326
10 changed files with 94 additions and 54 deletions

View file

@ -1096,13 +1096,14 @@ const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan, int vlan_id)
const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf, const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf,
const u8 *addr, const u8 *p2p_dev_addr, const u8 *addr, const u8 *p2p_dev_addr,
const u8 *prev_psk, int *vlan_id) const u8 *prev_psk,
struct vlan_description *vlan_desc)
{ {
struct hostapd_wpa_psk *psk; struct hostapd_wpa_psk *psk;
int next_ok = prev_psk == NULL; int next_ok = prev_psk == NULL;
if (vlan_id) if (vlan_desc)
*vlan_id = 0; os_memset(vlan_desc, 0, sizeof(*vlan_desc));
if (p2p_dev_addr && !is_zero_ether_addr(p2p_dev_addr)) { if (p2p_dev_addr && !is_zero_ether_addr(p2p_dev_addr)) {
wpa_printf(MSG_DEBUG, "Searching a PSK for " MACSTR wpa_printf(MSG_DEBUG, "Searching a PSK for " MACSTR
@ -1122,8 +1123,8 @@ const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf,
(!addr && p2p_dev_addr && (!addr && p2p_dev_addr &&
os_memcmp(psk->p2p_dev_addr, p2p_dev_addr, ETH_ALEN) == os_memcmp(psk->p2p_dev_addr, p2p_dev_addr, ETH_ALEN) ==
0))) { 0))) {
if (vlan_id) if (vlan_desc)
*vlan_id = psk->vlan_id; *vlan_desc = vlan_desc_from_id(psk->vlan_id);
return psk->psk; return psk->psk;
} }

View file

@ -1176,7 +1176,8 @@ int hostapd_maclist_found(struct mac_acl_entry *list, int num_entries,
int hostapd_rate_found(int *list, int rate); int hostapd_rate_found(int *list, int rate);
const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf, const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf,
const u8 *addr, const u8 *p2p_dev_addr, const u8 *addr, const u8 *p2p_dev_addr,
const u8 *prev_psk, int *vlan_id); const u8 *prev_psk,
struct vlan_description *vlan_desc);
int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf); int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf);
int hostapd_vlan_valid(struct hostapd_vlan *vlan, int hostapd_vlan_valid(struct hostapd_vlan *vlan,
struct vlan_description *vlan_desc); struct vlan_description *vlan_desc);

View file

@ -32,3 +32,16 @@ int vlan_compare(struct vlan_description *a, struct vlan_description *b)
} }
return 0; return 0;
} }
struct vlan_description
vlan_desc_from_id(int vlan_id)
{
struct vlan_description vlan_desc;
os_memset(&vlan_desc, 0, sizeof(vlan_desc));
vlan_desc.notempty = 1;
vlan_desc.untagged = vlan_id;
return vlan_desc;
}

View file

@ -19,12 +19,23 @@ struct vlan_description {
#ifndef CONFIG_NO_VLAN #ifndef CONFIG_NO_VLAN
int vlan_compare(struct vlan_description *a, struct vlan_description *b); int vlan_compare(struct vlan_description *a, struct vlan_description *b);
struct vlan_description vlan_desc_from_id(int vlan_id);
#else /* CONFIG_NO_VLAN */ #else /* CONFIG_NO_VLAN */
static inline int static inline int
vlan_compare(struct vlan_description *a, struct vlan_description *b) vlan_compare(struct vlan_description *a, struct vlan_description *b)
{ {
return 0; return 0;
} }
static inline struct vlan_description
vlan_desc_from_id(int vlan_id)
{
struct vlan_description vlan_desc;
os_memset(&vlan_desc, 0, sizeof(vlan_desc));
return vlan_desc;
}
#endif /* CONFIG_NO_VLAN */ #endif /* CONFIG_NO_VLAN */
#endif /* VLAN_H */ #endif /* VLAN_H */

View file

@ -118,12 +118,12 @@ static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth,
const u8 *addr, const u8 *addr,
const u8 *p2p_dev_addr, const u8 *p2p_dev_addr,
const u8 *prev_psk, size_t *psk_len, const u8 *prev_psk, size_t *psk_len,
int *vlan_id) struct vlan_description *vlan_desc)
{ {
if (!wpa_auth->cb->get_psk) if (!wpa_auth->cb->get_psk)
return NULL; return NULL;
return wpa_auth->cb->get_psk(wpa_auth->cb_ctx, addr, p2p_dev_addr, return wpa_auth->cb->get_psk(wpa_auth->cb_ctx, addr, p2p_dev_addr,
prev_psk, psk_len, vlan_id); prev_psk, psk_len, vlan_desc);
} }
@ -298,11 +298,12 @@ static int wpa_channel_info(struct wpa_authenticator *wpa_auth,
static int wpa_auth_update_vlan(struct wpa_authenticator *wpa_auth, static int wpa_auth_update_vlan(struct wpa_authenticator *wpa_auth,
const u8 *addr, int vlan_id) const u8 *addr,
struct vlan_description *vlan_desc)
{ {
if (!wpa_auth->cb->update_vlan) if (!wpa_auth->cb->update_vlan)
return -1; return -1;
return wpa_auth->cb->update_vlan(wpa_auth->cb_ctx, addr, vlan_id); return wpa_auth->cb->update_vlan(wpa_auth->cb_ctx, addr, vlan_desc);
} }
@ -937,15 +938,16 @@ static int wpa_try_alt_snonce(struct wpa_state_machine *sm, u8 *data,
int ok = 0; int ok = 0;
const u8 *pmk = NULL; const u8 *pmk = NULL;
size_t pmk_len; size_t pmk_len;
int vlan_id = 0; struct vlan_description vlan_desc;
os_memset(&PTK, 0, sizeof(PTK)); os_memset(&PTK, 0, sizeof(PTK));
os_memset(&vlan_desc, 0, sizeof(vlan_desc));
for (;;) { for (;;) {
if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) && if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) &&
!wpa_key_mgmt_sae(sm->wpa_key_mgmt)) { !wpa_key_mgmt_sae(sm->wpa_key_mgmt)) {
pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr,
sm->p2p_dev_addr, pmk, &pmk_len, sm->p2p_dev_addr, pmk, &pmk_len,
&vlan_id); &vlan_desc);
if (!pmk) if (!pmk)
break; break;
#ifdef CONFIG_IEEE80211R_AP #ifdef CONFIG_IEEE80211R_AP
@ -988,8 +990,9 @@ static int wpa_try_alt_snonce(struct wpa_state_machine *sm, u8 *data,
"WPA: Earlier SNonce resulted in matching MIC"); "WPA: Earlier SNonce resulted in matching MIC");
sm->alt_snonce_valid = 0; sm->alt_snonce_valid = 0;
if (vlan_id && wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) && if (vlan_desc.notempty && vlan_desc.untagged
wpa_auth_update_vlan(sm->wpa_auth, sm->addr, vlan_id) < 0) && wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) &&
wpa_auth_update_vlan(sm->wpa_auth, sm->addr, &vlan_desc) < 0)
return -1; return -1;
os_memcpy(sm->SNonce, sm->alt_SNonce, WPA_NONCE_LEN); os_memcpy(sm->SNonce, sm->alt_SNonce, WPA_NONCE_LEN);
@ -2938,7 +2941,7 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
struct ieee802_1x_hdr *hdr; struct ieee802_1x_hdr *hdr;
struct wpa_eapol_key *key; struct wpa_eapol_key *key;
struct wpa_eapol_ie_parse kde; struct wpa_eapol_ie_parse kde;
int vlan_id = 0; struct vlan_description vlan_desc;
int owe_ptk_workaround = !!wpa_auth->conf.owe_ptk_workaround; int owe_ptk_workaround = !!wpa_auth->conf.owe_ptk_workaround;
SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk); SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk);
@ -2946,6 +2949,8 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
sm->update_snonce = false; sm->update_snonce = false;
os_memset(&PTK, 0, sizeof(PTK)); os_memset(&PTK, 0, sizeof(PTK));
os_memset(&vlan_desc, 0, sizeof(vlan_desc));
mic_len = wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len); mic_len = wpa_mic_len(sm->wpa_key_mgmt, sm->pmk_len);
/* WPA with IEEE 802.1X: use the derived PMK from EAP /* WPA with IEEE 802.1X: use the derived PMK from EAP
@ -2956,7 +2961,7 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
!wpa_key_mgmt_sae(sm->wpa_key_mgmt)) { !wpa_key_mgmt_sae(sm->wpa_key_mgmt)) {
pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr,
sm->p2p_dev_addr, pmk, &pmk_len, sm->p2p_dev_addr, pmk, &pmk_len,
&vlan_id); &vlan_desc);
if (!pmk) if (!pmk)
break; break;
psk_found = 1; psk_found = 1;
@ -3189,8 +3194,9 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
} }
#endif /* CONFIG_IEEE80211R_AP */ #endif /* CONFIG_IEEE80211R_AP */
if (vlan_id && wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) && if (vlan_desc.notempty && vlan_desc.untagged &&
wpa_auth_update_vlan(wpa_auth, sm->addr, vlan_id) < 0) { wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) &&
wpa_auth_update_vlan(wpa_auth, sm->addr, &vlan_desc) < 0) {
wpa_sta_disconnect(wpa_auth, sm->addr, wpa_sta_disconnect(wpa_auth, sm->addr,
WLAN_REASON_PREV_AUTH_NOT_VALID); WLAN_REASON_PREV_AUTH_NOT_VALID);
return; return;

View file

@ -296,7 +296,7 @@ struct wpa_auth_callbacks {
int (*get_eapol)(void *ctx, const u8 *addr, wpa_eapol_variable var); int (*get_eapol)(void *ctx, const u8 *addr, wpa_eapol_variable var);
const u8 * (*get_psk)(void *ctx, const u8 *addr, const u8 *p2p_dev_addr, const u8 * (*get_psk)(void *ctx, const u8 *addr, const u8 *p2p_dev_addr,
const u8 *prev_psk, size_t *psk_len, const u8 *prev_psk, size_t *psk_len,
int *vlan_id); struct vlan_description *vlan_desc);
int (*get_msk)(void *ctx, const u8 *addr, u8 *msk, size_t *len); int (*get_msk)(void *ctx, const u8 *addr, u8 *msk, size_t *len);
int (*set_key)(void *ctx, int vlan_id, enum wpa_alg alg, int (*set_key)(void *ctx, int vlan_id, enum wpa_alg alg,
const u8 *addr, int idx, u8 *key, size_t key_len, const u8 *addr, int idx, u8 *key, size_t key_len,
@ -313,7 +313,8 @@ struct wpa_auth_callbacks {
int (*send_oui)(void *ctx, const u8 *dst, u8 oui_suffix, const u8 *data, int (*send_oui)(void *ctx, const u8 *dst, u8 oui_suffix, const u8 *data,
size_t data_len); size_t data_len);
int (*channel_info)(void *ctx, struct wpa_channel_info *ci); int (*channel_info)(void *ctx, struct wpa_channel_info *ci);
int (*update_vlan)(void *ctx, const u8 *addr, int vlan_id); int (*update_vlan)(void *ctx, const u8 *addr,
struct vlan_description *vlan_desc);
int (*get_sta_tx_params)(void *ctx, const u8 *addr, int (*get_sta_tx_params)(void *ctx, const u8 *addr,
int ap_max_chanwidth, int ap_seg1_idx, int ap_max_chanwidth, int ap_seg1_idx,
int *bandwidth, int *seg1_idx); int *bandwidth, int *seg1_idx);

View file

@ -330,14 +330,15 @@ static int hostapd_wpa_auth_get_eapol(void *ctx, const u8 *addr,
static const u8 * hostapd_wpa_auth_get_psk(void *ctx, const u8 *addr, static const u8 * hostapd_wpa_auth_get_psk(void *ctx, const u8 *addr,
const u8 *p2p_dev_addr, const u8 *p2p_dev_addr,
const u8 *prev_psk, size_t *psk_len, const u8 *prev_psk, size_t *psk_len,
int *vlan_id) struct vlan_description *vlan_desc)
{ {
struct hostapd_data *hapd = ctx; struct hostapd_data *hapd = ctx;
struct sta_info *sta = ap_get_sta(hapd, addr); struct sta_info *sta = ap_get_sta(hapd, addr);
struct vlan_description *vlan = NULL;
const u8 *psk; const u8 *psk;
if (vlan_id) if (vlan_desc)
*vlan_id = 0; os_memset(vlan_desc, 0, sizeof(*vlan_desc));
if (psk_len) if (psk_len)
*psk_len = PMK_LEN; *psk_len = PMK_LEN;
@ -374,7 +375,7 @@ static const u8 * hostapd_wpa_auth_get_psk(void *ctx, const u8 *addr,
#endif /* CONFIG_OWE */ #endif /* CONFIG_OWE */
psk = hostapd_get_psk(hapd->conf, addr, p2p_dev_addr, prev_psk, psk = hostapd_get_psk(hapd->conf, addr, p2p_dev_addr, prev_psk,
vlan_id); vlan_desc);
/* /*
* This is about to iterate over all psks, prev_psk gives the last * This is about to iterate over all psks, prev_psk gives the last
* returned psk which should not be returned again. * returned psk which should not be returned again.
@ -383,9 +384,10 @@ static const u8 * hostapd_wpa_auth_get_psk(void *ctx, const u8 *addr,
if (sta && sta->psk && !psk) { if (sta && sta->psk && !psk) {
struct hostapd_sta_wpa_psk_short *pos; struct hostapd_sta_wpa_psk_short *pos;
if (vlan_id) if (vlan_desc)
*vlan_id = 0; os_memset(vlan_desc, 0, sizeof(*vlan_desc));
psk = sta->psk->psk; psk = sta->psk->psk;
vlan = &sta->psk->vlan;
for (pos = sta->psk; pos; pos = pos->next) { for (pos = sta->psk; pos; pos = pos->next) {
if (pos->is_passphrase) { if (pos->is_passphrase) {
pbkdf2_sha1(pos->passphrase, pbkdf2_sha1(pos->passphrase,
@ -396,10 +398,13 @@ static const u8 * hostapd_wpa_auth_get_psk(void *ctx, const u8 *addr,
} }
if (pos->psk == prev_psk) { if (pos->psk == prev_psk) {
psk = pos->next ? pos->next->psk : NULL; psk = pos->next ? pos->next->psk : NULL;
vlan = pos->next ? &pos->next->vlan : NULL;
break; break;
} }
} }
} }
if (vlan_desc && vlan)
*vlan_desc = *vlan;
return psk; return psk;
} }
@ -939,42 +944,40 @@ static void hostapd_clear_ptksa(void *ctx, const u8 *addr, int cipher)
#endif /* CONFIG_PASN */ #endif /* CONFIG_PASN */
static int hostapd_wpa_auth_update_vlan(void *ctx, const u8 *addr, int vlan_id) static int hostapd_wpa_auth_update_vlan(void *ctx, const u8 *addr,
struct vlan_description *vlan_desc)
{ {
#ifndef CONFIG_NO_VLAN #ifndef CONFIG_NO_VLAN
struct hostapd_data *hapd = ctx; struct hostapd_data *hapd = ctx;
struct sta_info *sta; struct sta_info *sta;
if (!hostapd_vlan_valid(hapd->conf->vlan, vlan_desc)) {
wpa_printf(MSG_INFO,
"Invalid VLAN ID %d",
vlan_desc->untagged);
return -1;
}
sta = ap_get_sta(hapd, addr); sta = ap_get_sta(hapd, addr);
if (!sta) if (!sta)
return -1; return -1;
if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_VLAN_OFFLOAD)) { if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_VLAN_OFFLOAD)) {
struct vlan_description vlan_desc; if (ap_sta_set_vlan(hapd, sta, vlan_desc) < 0) {
os_memset(&vlan_desc, 0, sizeof(vlan_desc));
vlan_desc.notempty = 1;
vlan_desc.untagged = vlan_id;
if (!hostapd_vlan_valid(hapd->conf->vlan, &vlan_desc)) {
wpa_printf(MSG_INFO, wpa_printf(MSG_INFO,
"Invalid VLAN ID %d in wpa_psk_file", "Failed to assign VLAN ID %d to "
vlan_id); MACSTR, vlan_desc->untagged,
return -1; MAC2STR(sta->addr));
}
if (ap_sta_set_vlan(hapd, sta, &vlan_desc) < 0) {
wpa_printf(MSG_INFO,
"Failed to assign VLAN ID %d from wpa_psk_file to "
MACSTR, vlan_id, MAC2STR(sta->addr));
return -1; return -1;
} }
} else { } else {
sta->vlan_id = vlan_id; /* TODO: tagged? */
sta->vlan_id = vlan_desc->untagged;
} }
wpa_printf(MSG_INFO, wpa_printf(MSG_INFO,
"Assigned VLAN ID %d from wpa_psk_file to " MACSTR, "Assigned VLAN ID %d to " MACSTR,
vlan_id, MAC2STR(sta->addr)); vlan_desc->untagged, MAC2STR(sta->addr));
if ((sta->flags & WLAN_STA_ASSOC) && if ((sta->flags & WLAN_STA_ASSOC) &&
ap_sta_bind_vlan(hapd, sta) < 0) ap_sta_bind_vlan(hapd, sta) < 0)
return -1; return -1;

View file

@ -11,6 +11,7 @@
#include "utils/common.h" #include "utils/common.h"
#include "utils/eloop.h" #include "utils/eloop.h"
#include "ap/wpa_auth.h" #include "ap/wpa_auth.h"
#include "ap/vlan.h"
#include "../fuzzer-common.h" #include "../fuzzer-common.h"
@ -141,14 +142,14 @@ static int auth_send_eapol(void *ctx, const u8 *addr, const u8 *data,
static const u8 * auth_get_psk(void *ctx, const u8 *addr, static const u8 * auth_get_psk(void *ctx, const u8 *addr,
const u8 *p2p_dev_addr, const u8 *prev_psk, const u8 *p2p_dev_addr, const u8 *prev_psk,
size_t *psk_len, int *vlan_id) size_t *psk_len, struct vlan_description *vlan_desc)
{ {
struct wpa *wpa = ctx; struct wpa *wpa = ctx;
wpa_printf(MSG_DEBUG, "AUTH: %s (addr=" MACSTR " prev_psk=%p)", wpa_printf(MSG_DEBUG, "AUTH: %s (addr=" MACSTR " prev_psk=%p)",
__func__, MAC2STR(addr), prev_psk); __func__, MAC2STR(addr), prev_psk);
if (vlan_id) if (vlan_desc)
*vlan_id = 0; os_memset(vlan_desc, 0, sizeof(*vlan_desc));
if (psk_len) if (psk_len)
*psk_len = PMK_LEN; *psk_len = PMK_LEN;
if (prev_psk) if (prev_psk)

View file

@ -18,6 +18,7 @@
#include "wpa_supplicant_i.h" #include "wpa_supplicant_i.h"
#include "driver_i.h" #include "driver_i.h"
#include "common/ieee802_11_defs.h" #include "common/ieee802_11_defs.h"
#include "ap/vlan.h"
#include "ibss_rsn.h" #include "ibss_rsn.h"
@ -274,14 +275,15 @@ static void auth_logger(void *ctx, const u8 *addr, logger_level level,
static const u8 * auth_get_psk(void *ctx, const u8 *addr, static const u8 * auth_get_psk(void *ctx, const u8 *addr,
const u8 *p2p_dev_addr, const u8 *prev_psk, const u8 *p2p_dev_addr, const u8 *prev_psk,
size_t *psk_len, int *vlan_id) size_t *psk_len,
struct vlan_description *vlan_desc)
{ {
struct ibss_rsn *ibss_rsn = ctx; struct ibss_rsn *ibss_rsn = ctx;
if (psk_len) if (psk_len)
*psk_len = PMK_LEN; *psk_len = PMK_LEN;
if (vlan_id) if (vlan_desc)
*vlan_id = 0; os_memset(vlan_desc, 0, sizeof(*vlan_desc));
wpa_printf(MSG_DEBUG, "AUTH: %s (addr=" MACSTR " prev_psk=%p)", wpa_printf(MSG_DEBUG, "AUTH: %s (addr=" MACSTR " prev_psk=%p)",
__func__, MAC2STR(addr), prev_psk); __func__, MAC2STR(addr), prev_psk);
if (prev_psk) if (prev_psk)

View file

@ -76,7 +76,8 @@ static void auth_logger(void *ctx, const u8 *addr, logger_level level,
static const u8 *auth_get_psk(void *ctx, const u8 *addr, static const u8 *auth_get_psk(void *ctx, const u8 *addr,
const u8 *p2p_dev_addr, const u8 *prev_psk, const u8 *p2p_dev_addr, const u8 *prev_psk,
size_t *psk_len, int *vlan_id) size_t *psk_len,
struct vlan_description *vlan_desc)
{ {
struct mesh_rsn *mesh_rsn = ctx; struct mesh_rsn *mesh_rsn = ctx;
struct hostapd_data *hapd = mesh_rsn->wpa_s->ifmsh->bss[0]; struct hostapd_data *hapd = mesh_rsn->wpa_s->ifmsh->bss[0];
@ -84,8 +85,8 @@ static const u8 *auth_get_psk(void *ctx, const u8 *addr,
if (psk_len) if (psk_len)
*psk_len = PMK_LEN; *psk_len = PMK_LEN;
if (vlan_id) if (vlan_desc)
*vlan_id = 0; os_memset(vlan_desc, 0, sizeof(*vlan_desc));
wpa_printf(MSG_DEBUG, "AUTH: %s (addr=" MACSTR " prev_psk=%p)", wpa_printf(MSG_DEBUG, "AUTH: %s (addr=" MACSTR " prev_psk=%p)",
__func__, MAC2STR(addr), prev_psk); __func__, MAC2STR(addr), prev_psk);