Remove all PeerKey functionality
This was originally added to allow the IEEE 802.11 protocol to be tested, but there are no known fully functional implementations based on this nor any known deployments of PeerKey functionality. Furthermore, PeerKey design in the IEEE Std 802.11-2016 standard has already been marked as obsolete for DLS and it is being considered for complete removal in REVmd. This implementation did not really work, so it could not have been used in practice. For example, key configuration was using incorrect algorithm values (WPA_CIPHER_* instead of WPA_ALG_*) which resulted in mapping to an invalid WPA_ALG_* value for the actual driver operation. As such, the derived key could not have been successfully set for the link. Since there are bugs in this implementation and there does not seem to be any future for the PeerKey design with DLS (TDLS being the future for DLS), the best approach is to simply delete all this code to simplify the EAPOL-Key handling design and to get rid of any potential issues if these code paths were accidentially reachable. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
2956fcc401
commit
a0bf1b68c0
45 changed files with 43 additions and 2092 deletions
|
@ -215,11 +215,6 @@ L_CFLAGS += -DCONFIG_RSN_PREAUTH
|
||||||
CONFIG_L2_PACKET=y
|
CONFIG_L2_PACKET=y
|
||||||
endif
|
endif
|
||||||
|
|
||||||
ifdef CONFIG_PEERKEY
|
|
||||||
L_CFLAGS += -DCONFIG_PEERKEY
|
|
||||||
OBJS += src/ap/peerkey_auth.c
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifdef CONFIG_HS20
|
ifdef CONFIG_HS20
|
||||||
NEED_AES_OMAC1=y
|
NEED_AES_OMAC1=y
|
||||||
CONFIG_PROXYARP=y
|
CONFIG_PROXYARP=y
|
||||||
|
|
|
@ -258,11 +258,6 @@ CFLAGS += -DCONFIG_RSN_PREAUTH
|
||||||
CONFIG_L2_PACKET=y
|
CONFIG_L2_PACKET=y
|
||||||
endif
|
endif
|
||||||
|
|
||||||
ifdef CONFIG_PEERKEY
|
|
||||||
CFLAGS += -DCONFIG_PEERKEY
|
|
||||||
OBJS += ../src/ap/peerkey_auth.o
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifdef CONFIG_HS20
|
ifdef CONFIG_HS20
|
||||||
NEED_AES_OMAC1=y
|
NEED_AES_OMAC1=y
|
||||||
CONFIG_PROXYARP=y
|
CONFIG_PROXYARP=y
|
||||||
|
|
|
@ -44,9 +44,6 @@ CONFIG_DRIVER_NL80211_QCA=y
|
||||||
# WPA2/IEEE 802.11i RSN pre-authentication
|
# WPA2/IEEE 802.11i RSN pre-authentication
|
||||||
#CONFIG_RSN_PREAUTH=y
|
#CONFIG_RSN_PREAUTH=y
|
||||||
|
|
||||||
# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
|
|
||||||
#CONFIG_PEERKEY=y
|
|
||||||
|
|
||||||
# IEEE 802.11w (management frame protection)
|
# IEEE 802.11w (management frame protection)
|
||||||
# This version is an experimental implementation based on IEEE 802.11w/D1.0
|
# This version is an experimental implementation based on IEEE 802.11w/D1.0
|
||||||
# draft and is subject to change since the standard has not yet been finalized.
|
# draft and is subject to change since the standard has not yet been finalized.
|
||||||
|
|
|
@ -2648,10 +2648,9 @@ static int hostapd_config_fill(struct hostapd_config *conf,
|
||||||
os_free(bss->rsn_preauth_interfaces);
|
os_free(bss->rsn_preauth_interfaces);
|
||||||
bss->rsn_preauth_interfaces = os_strdup(pos);
|
bss->rsn_preauth_interfaces = os_strdup(pos);
|
||||||
#endif /* CONFIG_RSN_PREAUTH */
|
#endif /* CONFIG_RSN_PREAUTH */
|
||||||
#ifdef CONFIG_PEERKEY
|
|
||||||
} else if (os_strcmp(buf, "peerkey") == 0) {
|
} else if (os_strcmp(buf, "peerkey") == 0) {
|
||||||
bss->peerkey = atoi(pos);
|
wpa_printf(MSG_INFO,
|
||||||
#endif /* CONFIG_PEERKEY */
|
"Line %d: Obsolete peerkey parameter ignored", line);
|
||||||
#ifdef CONFIG_IEEE80211R_AP
|
#ifdef CONFIG_IEEE80211R_AP
|
||||||
} else if (os_strcmp(buf, "mobility_domain") == 0) {
|
} else if (os_strcmp(buf, "mobility_domain") == 0) {
|
||||||
if (os_strlen(pos) != 2 * MOBILITY_DOMAIN_ID_LEN ||
|
if (os_strlen(pos) != 2 * MOBILITY_DOMAIN_ID_LEN ||
|
||||||
|
|
|
@ -50,9 +50,6 @@ CONFIG_IAPP=y
|
||||||
# WPA2/IEEE 802.11i RSN pre-authentication
|
# WPA2/IEEE 802.11i RSN pre-authentication
|
||||||
CONFIG_RSN_PREAUTH=y
|
CONFIG_RSN_PREAUTH=y
|
||||||
|
|
||||||
# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
|
|
||||||
CONFIG_PEERKEY=y
|
|
||||||
|
|
||||||
# IEEE 802.11w (management frame protection)
|
# IEEE 802.11w (management frame protection)
|
||||||
CONFIG_IEEE80211W=y
|
CONFIG_IEEE80211W=y
|
||||||
|
|
||||||
|
|
|
@ -1330,12 +1330,6 @@ own_ip_addr=127.0.0.1
|
||||||
# one.
|
# one.
|
||||||
#rsn_preauth_interfaces=eth0
|
#rsn_preauth_interfaces=eth0
|
||||||
|
|
||||||
# peerkey: Whether PeerKey negotiation for direct links (IEEE 802.11e) is
|
|
||||||
# allowed. This is only used with RSN/WPA2.
|
|
||||||
# 0 = disabled (default)
|
|
||||||
# 1 = enabled
|
|
||||||
#peerkey=1
|
|
||||||
|
|
||||||
# ieee80211w: Whether management frame protection (MFP) is enabled
|
# ieee80211w: Whether management frame protection (MFP) is enabled
|
||||||
# 0 = disabled (default)
|
# 0 = disabled (default)
|
||||||
# 1 = optional
|
# 1 = optional
|
||||||
|
|
|
@ -48,7 +48,6 @@ LIB_OBJS= \
|
||||||
neighbor_db.o \
|
neighbor_db.o \
|
||||||
ndisc_snoop.o \
|
ndisc_snoop.o \
|
||||||
p2p_hostapd.o \
|
p2p_hostapd.o \
|
||||||
peerkey_auth.o \
|
|
||||||
pmksa_cache_auth.o \
|
pmksa_cache_auth.o \
|
||||||
preauth_auth.o \
|
preauth_auth.o \
|
||||||
rrm.o \
|
rrm.o \
|
||||||
|
|
|
@ -336,7 +336,6 @@ struct hostapd_bss_config {
|
||||||
int rsn_pairwise;
|
int rsn_pairwise;
|
||||||
int rsn_preauth;
|
int rsn_preauth;
|
||||||
char *rsn_preauth_interfaces;
|
char *rsn_preauth_interfaces;
|
||||||
int peerkey;
|
|
||||||
|
|
||||||
#ifdef CONFIG_IEEE80211R_AP
|
#ifdef CONFIG_IEEE80211R_AP
|
||||||
/* IEEE 802.11r - Fast BSS Transition */
|
/* IEEE 802.11r - Fast BSS Transition */
|
||||||
|
|
|
@ -1,355 +0,0 @@
|
||||||
/*
|
|
||||||
* hostapd - PeerKey for Direct Link Setup (DLS)
|
|
||||||
* Copyright (c) 2006-2009, Jouni Malinen <j@w1.fi>
|
|
||||||
*
|
|
||||||
* This software may be distributed under the terms of the BSD license.
|
|
||||||
* See README for more details.
|
|
||||||
*/
|
|
||||||
|
|
||||||
#include "utils/includes.h"
|
|
||||||
|
|
||||||
#include "utils/common.h"
|
|
||||||
#include "utils/eloop.h"
|
|
||||||
#include "crypto/sha1.h"
|
|
||||||
#include "crypto/sha256.h"
|
|
||||||
#include "crypto/random.h"
|
|
||||||
#include "wpa_auth.h"
|
|
||||||
#include "wpa_auth_i.h"
|
|
||||||
#include "wpa_auth_ie.h"
|
|
||||||
|
|
||||||
#ifdef CONFIG_PEERKEY
|
|
||||||
|
|
||||||
struct wpa_stsl_search {
|
|
||||||
const u8 *addr;
|
|
||||||
struct wpa_state_machine *sm;
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
static int wpa_stsl_select_sta(struct wpa_state_machine *sm, void *ctx)
|
|
||||||
{
|
|
||||||
struct wpa_stsl_search *search = ctx;
|
|
||||||
if (os_memcmp(search->addr, sm->addr, ETH_ALEN) == 0) {
|
|
||||||
search->sm = sm;
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
static void wpa_smk_send_error(struct wpa_authenticator *wpa_auth,
|
|
||||||
struct wpa_state_machine *sm, const u8 *peer,
|
|
||||||
u16 mui, u16 error_type)
|
|
||||||
{
|
|
||||||
u8 kde[2 + RSN_SELECTOR_LEN + ETH_ALEN +
|
|
||||||
2 + RSN_SELECTOR_LEN + sizeof(struct rsn_error_kde)];
|
|
||||||
u8 *pos;
|
|
||||||
struct rsn_error_kde error;
|
|
||||||
|
|
||||||
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
|
|
||||||
"Sending SMK Error");
|
|
||||||
|
|
||||||
pos = kde;
|
|
||||||
|
|
||||||
if (peer) {
|
|
||||||
pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peer, ETH_ALEN,
|
|
||||||
NULL, 0);
|
|
||||||
}
|
|
||||||
|
|
||||||
error.mui = host_to_be16(mui);
|
|
||||||
error.error_type = host_to_be16(error_type);
|
|
||||||
pos = wpa_add_kde(pos, RSN_KEY_DATA_ERROR,
|
|
||||||
(u8 *) &error, sizeof(error), NULL, 0);
|
|
||||||
|
|
||||||
__wpa_send_eapol(wpa_auth, sm,
|
|
||||||
WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
|
|
||||||
WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_ERROR,
|
|
||||||
NULL, NULL, kde, pos - kde, 0, 0, 0);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
void wpa_smk_m1(struct wpa_authenticator *wpa_auth,
|
|
||||||
struct wpa_state_machine *sm, struct wpa_eapol_key *key,
|
|
||||||
const u8 *key_data, size_t key_data_len)
|
|
||||||
{
|
|
||||||
struct wpa_eapol_ie_parse kde;
|
|
||||||
struct wpa_stsl_search search;
|
|
||||||
u8 *buf, *pos;
|
|
||||||
size_t buf_len;
|
|
||||||
|
|
||||||
if (wpa_parse_kde_ies(key_data, key_data_len, &kde) < 0) {
|
|
||||||
wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK M1");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (kde.rsn_ie == NULL || kde.mac_addr == NULL ||
|
|
||||||
kde.mac_addr_len < ETH_ALEN) {
|
|
||||||
wpa_printf(MSG_INFO, "RSN: No RSN IE or MAC address KDE in "
|
|
||||||
"SMK M1");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Initiator = sm->addr; Peer = kde.mac_addr */
|
|
||||||
|
|
||||||
search.addr = kde.mac_addr;
|
|
||||||
search.sm = NULL;
|
|
||||||
if (wpa_auth_for_each_sta(wpa_auth, wpa_stsl_select_sta, &search) ==
|
|
||||||
0 || search.sm == NULL) {
|
|
||||||
wpa_printf(MSG_DEBUG, "RSN: SMK handshake with " MACSTR
|
|
||||||
" aborted - STA not associated anymore",
|
|
||||||
MAC2STR(kde.mac_addr));
|
|
||||||
wpa_smk_send_error(wpa_auth, sm, kde.mac_addr, STK_MUI_SMK,
|
|
||||||
STK_ERR_STA_NR);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
buf_len = kde.rsn_ie_len + 2 + RSN_SELECTOR_LEN + ETH_ALEN;
|
|
||||||
buf = os_malloc(buf_len);
|
|
||||||
if (buf == NULL)
|
|
||||||
return;
|
|
||||||
/* Initiator RSN IE */
|
|
||||||
os_memcpy(buf, kde.rsn_ie, kde.rsn_ie_len);
|
|
||||||
pos = buf + kde.rsn_ie_len;
|
|
||||||
/* Initiator MAC Address */
|
|
||||||
pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, sm->addr, ETH_ALEN,
|
|
||||||
NULL, 0);
|
|
||||||
|
|
||||||
/* SMK M2:
|
|
||||||
* EAPOL-Key(S=1, M=1, A=1, I=0, K=0, SM=1, KeyRSC=0, Nonce=INonce,
|
|
||||||
* MIC=MIC, DataKDs=(RSNIE_I, MAC_I KDE)
|
|
||||||
*/
|
|
||||||
|
|
||||||
wpa_auth_logger(wpa_auth, search.sm->addr, LOGGER_DEBUG,
|
|
||||||
"Sending SMK M2");
|
|
||||||
|
|
||||||
__wpa_send_eapol(wpa_auth, search.sm,
|
|
||||||
WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
|
|
||||||
WPA_KEY_INFO_ACK | WPA_KEY_INFO_SMK_MESSAGE,
|
|
||||||
NULL, key->key_nonce, buf, pos - buf, 0, 0, 0);
|
|
||||||
|
|
||||||
os_free(buf);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
static void wpa_send_smk_m4(struct wpa_authenticator *wpa_auth,
|
|
||||||
struct wpa_state_machine *sm,
|
|
||||||
struct wpa_eapol_key *key,
|
|
||||||
struct wpa_eapol_ie_parse *kde,
|
|
||||||
const u8 *smk)
|
|
||||||
{
|
|
||||||
u8 *buf, *pos;
|
|
||||||
size_t buf_len;
|
|
||||||
u32 lifetime;
|
|
||||||
|
|
||||||
/* SMK M4:
|
|
||||||
* EAPOL-Key(S=1, M=1, A=0, I=1, K=0, SM=1, KeyRSC=0, Nonce=PNonce,
|
|
||||||
* MIC=MIC, DataKDs=(MAC_I KDE, INonce KDE, SMK KDE,
|
|
||||||
* Lifetime KDE)
|
|
||||||
*/
|
|
||||||
|
|
||||||
buf_len = 2 + RSN_SELECTOR_LEN + ETH_ALEN +
|
|
||||||
2 + RSN_SELECTOR_LEN + WPA_NONCE_LEN +
|
|
||||||
2 + RSN_SELECTOR_LEN + PMK_LEN + WPA_NONCE_LEN +
|
|
||||||
2 + RSN_SELECTOR_LEN + sizeof(lifetime);
|
|
||||||
pos = buf = os_malloc(buf_len);
|
|
||||||
if (buf == NULL)
|
|
||||||
return;
|
|
||||||
|
|
||||||
/* Initiator MAC Address */
|
|
||||||
pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, kde->mac_addr, ETH_ALEN,
|
|
||||||
NULL, 0);
|
|
||||||
|
|
||||||
/* Initiator Nonce */
|
|
||||||
pos = wpa_add_kde(pos, RSN_KEY_DATA_NONCE, kde->nonce, WPA_NONCE_LEN,
|
|
||||||
NULL, 0);
|
|
||||||
|
|
||||||
/* SMK with PNonce */
|
|
||||||
pos = wpa_add_kde(pos, RSN_KEY_DATA_SMK, smk, PMK_LEN,
|
|
||||||
key->key_nonce, WPA_NONCE_LEN);
|
|
||||||
|
|
||||||
/* Lifetime */
|
|
||||||
lifetime = htonl(43200); /* dot11RSNAConfigSMKLifetime */
|
|
||||||
pos = wpa_add_kde(pos, RSN_KEY_DATA_LIFETIME,
|
|
||||||
(u8 *) &lifetime, sizeof(lifetime), NULL, 0);
|
|
||||||
|
|
||||||
wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
|
|
||||||
"Sending SMK M4");
|
|
||||||
|
|
||||||
__wpa_send_eapol(wpa_auth, sm,
|
|
||||||
WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
|
|
||||||
WPA_KEY_INFO_INSTALL | WPA_KEY_INFO_SMK_MESSAGE,
|
|
||||||
NULL, key->key_nonce, buf, pos - buf, 0, 1, 0);
|
|
||||||
|
|
||||||
os_free(buf);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
static void wpa_send_smk_m5(struct wpa_authenticator *wpa_auth,
|
|
||||||
struct wpa_state_machine *sm,
|
|
||||||
struct wpa_eapol_key *key,
|
|
||||||
struct wpa_eapol_ie_parse *kde,
|
|
||||||
const u8 *smk, const u8 *peer)
|
|
||||||
{
|
|
||||||
u8 *buf, *pos;
|
|
||||||
size_t buf_len;
|
|
||||||
u32 lifetime;
|
|
||||||
|
|
||||||
/* SMK M5:
|
|
||||||
* EAPOL-Key(S=1, M=1, A=0, I=0, K=0, SM=1, KeyRSC=0, Nonce=INonce,
|
|
||||||
* MIC=MIC, DataKDs=(RSNIE_P, MAC_P KDE, PNonce, SMK KDE,
|
|
||||||
* Lifetime KDE))
|
|
||||||
*/
|
|
||||||
|
|
||||||
buf_len = kde->rsn_ie_len +
|
|
||||||
2 + RSN_SELECTOR_LEN + ETH_ALEN +
|
|
||||||
2 + RSN_SELECTOR_LEN + WPA_NONCE_LEN +
|
|
||||||
2 + RSN_SELECTOR_LEN + PMK_LEN + WPA_NONCE_LEN +
|
|
||||||
2 + RSN_SELECTOR_LEN + sizeof(lifetime);
|
|
||||||
pos = buf = os_malloc(buf_len);
|
|
||||||
if (buf == NULL)
|
|
||||||
return;
|
|
||||||
|
|
||||||
/* Peer RSN IE */
|
|
||||||
os_memcpy(pos, kde->rsn_ie, kde->rsn_ie_len);
|
|
||||||
pos += kde->rsn_ie_len;
|
|
||||||
|
|
||||||
/* Peer MAC Address */
|
|
||||||
pos = wpa_add_kde(pos, RSN_KEY_DATA_MAC_ADDR, peer, ETH_ALEN, NULL, 0);
|
|
||||||
|
|
||||||
/* PNonce */
|
|
||||||
pos = wpa_add_kde(pos, RSN_KEY_DATA_NONCE, key->key_nonce,
|
|
||||||
WPA_NONCE_LEN, NULL, 0);
|
|
||||||
|
|
||||||
/* SMK and INonce */
|
|
||||||
pos = wpa_add_kde(pos, RSN_KEY_DATA_SMK, smk, PMK_LEN,
|
|
||||||
kde->nonce, WPA_NONCE_LEN);
|
|
||||||
|
|
||||||
/* Lifetime */
|
|
||||||
lifetime = htonl(43200); /* dot11RSNAConfigSMKLifetime */
|
|
||||||
pos = wpa_add_kde(pos, RSN_KEY_DATA_LIFETIME,
|
|
||||||
(u8 *) &lifetime, sizeof(lifetime), NULL, 0);
|
|
||||||
|
|
||||||
wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
|
|
||||||
"Sending SMK M5");
|
|
||||||
|
|
||||||
__wpa_send_eapol(wpa_auth, sm,
|
|
||||||
WPA_KEY_INFO_SECURE | WPA_KEY_INFO_MIC |
|
|
||||||
WPA_KEY_INFO_SMK_MESSAGE,
|
|
||||||
NULL, kde->nonce, buf, pos - buf, 0, 1, 0);
|
|
||||||
|
|
||||||
os_free(buf);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
void wpa_smk_m3(struct wpa_authenticator *wpa_auth,
|
|
||||||
struct wpa_state_machine *sm, struct wpa_eapol_key *key,
|
|
||||||
const u8 *key_data, size_t key_data_len)
|
|
||||||
{
|
|
||||||
struct wpa_eapol_ie_parse kde;
|
|
||||||
struct wpa_stsl_search search;
|
|
||||||
u8 smk[32], buf[ETH_ALEN + 8 + 2 * WPA_NONCE_LEN], *pos;
|
|
||||||
|
|
||||||
if (wpa_parse_kde_ies(key_data, key_data_len, &kde) < 0) {
|
|
||||||
wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK M3");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (kde.rsn_ie == NULL ||
|
|
||||||
kde.mac_addr == NULL || kde.mac_addr_len < ETH_ALEN ||
|
|
||||||
kde.nonce == NULL || kde.nonce_len < WPA_NONCE_LEN) {
|
|
||||||
wpa_printf(MSG_INFO, "RSN: No RSN IE, MAC address KDE, or "
|
|
||||||
"Nonce KDE in SMK M3");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Peer = sm->addr; Initiator = kde.mac_addr;
|
|
||||||
* Peer Nonce = key->key_nonce; Initiator Nonce = kde.nonce */
|
|
||||||
|
|
||||||
search.addr = kde.mac_addr;
|
|
||||||
search.sm = NULL;
|
|
||||||
if (wpa_auth_for_each_sta(wpa_auth, wpa_stsl_select_sta, &search) ==
|
|
||||||
0 || search.sm == NULL) {
|
|
||||||
wpa_printf(MSG_DEBUG, "RSN: SMK handshake with " MACSTR
|
|
||||||
" aborted - STA not associated anymore",
|
|
||||||
MAC2STR(kde.mac_addr));
|
|
||||||
wpa_smk_send_error(wpa_auth, sm, kde.mac_addr, STK_MUI_SMK,
|
|
||||||
STK_ERR_STA_NR);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (random_get_bytes(smk, PMK_LEN)) {
|
|
||||||
wpa_printf(MSG_DEBUG, "RSN: Failed to generate SMK");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* SMK = PRF-256(Random number, "SMK Derivation",
|
|
||||||
* AA || Time || INonce || PNonce)
|
|
||||||
*/
|
|
||||||
os_memcpy(buf, wpa_auth->addr, ETH_ALEN);
|
|
||||||
pos = buf + ETH_ALEN;
|
|
||||||
wpa_get_ntp_timestamp(pos);
|
|
||||||
pos += 8;
|
|
||||||
os_memcpy(pos, kde.nonce, WPA_NONCE_LEN);
|
|
||||||
pos += WPA_NONCE_LEN;
|
|
||||||
os_memcpy(pos, key->key_nonce, WPA_NONCE_LEN);
|
|
||||||
#ifdef CONFIG_IEEE80211W
|
|
||||||
sha256_prf(smk, PMK_LEN, "SMK Derivation", buf, sizeof(buf),
|
|
||||||
smk, PMK_LEN);
|
|
||||||
#else /* CONFIG_IEEE80211W */
|
|
||||||
sha1_prf(smk, PMK_LEN, "SMK Derivation", buf, sizeof(buf),
|
|
||||||
smk, PMK_LEN);
|
|
||||||
#endif /* CONFIG_IEEE80211W */
|
|
||||||
|
|
||||||
wpa_hexdump_key(MSG_DEBUG, "RSN: SMK", smk, PMK_LEN);
|
|
||||||
|
|
||||||
wpa_send_smk_m4(wpa_auth, sm, key, &kde, smk);
|
|
||||||
wpa_send_smk_m5(wpa_auth, search.sm, key, &kde, smk, sm->addr);
|
|
||||||
|
|
||||||
/* Authenticator does not need SMK anymore and it is required to forget
|
|
||||||
* it. */
|
|
||||||
os_memset(smk, 0, sizeof(*smk));
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
void wpa_smk_error(struct wpa_authenticator *wpa_auth,
|
|
||||||
struct wpa_state_machine *sm,
|
|
||||||
const u8 *key_data, size_t key_data_len)
|
|
||||||
{
|
|
||||||
struct wpa_eapol_ie_parse kde;
|
|
||||||
struct wpa_stsl_search search;
|
|
||||||
struct rsn_error_kde error;
|
|
||||||
u16 mui, error_type;
|
|
||||||
|
|
||||||
if (wpa_parse_kde_ies(key_data, key_data_len, &kde) < 0) {
|
|
||||||
wpa_printf(MSG_INFO, "RSN: Failed to parse KDEs in SMK Error");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (kde.mac_addr == NULL || kde.mac_addr_len < ETH_ALEN ||
|
|
||||||
kde.error == NULL || kde.error_len < sizeof(error)) {
|
|
||||||
wpa_printf(MSG_INFO, "RSN: No MAC address or Error KDE in "
|
|
||||||
"SMK Error");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
search.addr = kde.mac_addr;
|
|
||||||
search.sm = NULL;
|
|
||||||
if (wpa_auth_for_each_sta(wpa_auth, wpa_stsl_select_sta, &search) ==
|
|
||||||
0 || search.sm == NULL) {
|
|
||||||
wpa_printf(MSG_DEBUG, "RSN: Peer STA " MACSTR " not "
|
|
||||||
"associated for SMK Error message from " MACSTR,
|
|
||||||
MAC2STR(kde.mac_addr), MAC2STR(sm->addr));
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
os_memcpy(&error, kde.error, sizeof(error));
|
|
||||||
mui = be_to_host16(error.mui);
|
|
||||||
error_type = be_to_host16(error.error_type);
|
|
||||||
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
|
|
||||||
"STA reported SMK Error: Peer " MACSTR
|
|
||||||
" MUI %d Error Type %d",
|
|
||||||
MAC2STR(kde.mac_addr), mui, error_type);
|
|
||||||
|
|
||||||
wpa_smk_send_error(wpa_auth, search.sm, sm->addr, mui, error_type);
|
|
||||||
}
|
|
||||||
|
|
||||||
#endif /* CONFIG_PEERKEY */
|
|
|
@ -900,8 +900,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
|
||||||
struct ieee802_1x_hdr *hdr;
|
struct ieee802_1x_hdr *hdr;
|
||||||
struct wpa_eapol_key *key;
|
struct wpa_eapol_key *key;
|
||||||
u16 key_info, key_data_length;
|
u16 key_info, key_data_length;
|
||||||
enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST,
|
enum { PAIRWISE_2, PAIRWISE_4, GROUP_2, REQUEST } msg;
|
||||||
SMK_M1, SMK_M3, SMK_ERROR } msg;
|
|
||||||
char *msgtxt;
|
char *msgtxt;
|
||||||
struct wpa_eapol_ie_parse kde;
|
struct wpa_eapol_ie_parse kde;
|
||||||
const u8 *key_data;
|
const u8 *key_data;
|
||||||
|
@ -975,19 +974,12 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
|
||||||
/* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
|
/* FIX: verify that the EAPOL-Key frame was encrypted if pairwise keys
|
||||||
* are set */
|
* are set */
|
||||||
|
|
||||||
if ((key_info & (WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) ==
|
if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
|
||||||
(WPA_KEY_INFO_SMK_MESSAGE | WPA_KEY_INFO_REQUEST)) {
|
wpa_printf(MSG_DEBUG, "WPA: Ignore SMK message");
|
||||||
if (key_info & WPA_KEY_INFO_ERROR) {
|
return;
|
||||||
msg = SMK_ERROR;
|
}
|
||||||
msgtxt = "SMK Error";
|
|
||||||
} else {
|
if (key_info & WPA_KEY_INFO_REQUEST) {
|
||||||
msg = SMK_M1;
|
|
||||||
msgtxt = "SMK M1";
|
|
||||||
}
|
|
||||||
} else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
|
|
||||||
msg = SMK_M3;
|
|
||||||
msgtxt = "SMK M3";
|
|
||||||
} else if (key_info & WPA_KEY_INFO_REQUEST) {
|
|
||||||
msg = REQUEST;
|
msg = REQUEST;
|
||||||
msgtxt = "Request";
|
msgtxt = "Request";
|
||||||
} else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) {
|
} else if (!(key_info & WPA_KEY_INFO_KEY_TYPE)) {
|
||||||
|
@ -1003,7 +995,6 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
|
||||||
msgtxt = "2/4 Pairwise";
|
msgtxt = "2/4 Pairwise";
|
||||||
}
|
}
|
||||||
|
|
||||||
/* TODO: key_info type validation for PeerKey */
|
|
||||||
if (msg == REQUEST || msg == PAIRWISE_2 || msg == PAIRWISE_4 ||
|
if (msg == REQUEST || msg == PAIRWISE_2 || msg == PAIRWISE_4 ||
|
||||||
msg == GROUP_2) {
|
msg == GROUP_2) {
|
||||||
u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
|
u16 ver = key_info & WPA_KEY_INFO_TYPE_MASK;
|
||||||
|
@ -1188,28 +1179,6 @@ continue_processing:
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
#ifdef CONFIG_PEERKEY
|
|
||||||
case SMK_M1:
|
|
||||||
case SMK_M3:
|
|
||||||
case SMK_ERROR:
|
|
||||||
if (!wpa_auth->conf.peerkey) {
|
|
||||||
wpa_printf(MSG_DEBUG, "RSN: SMK M1/M3/Error, but "
|
|
||||||
"PeerKey use disabled - ignoring message");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
if (!sm->PTK_valid) {
|
|
||||||
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
|
|
||||||
"received EAPOL-Key msg SMK in "
|
|
||||||
"invalid state - dropped");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
#else /* CONFIG_PEERKEY */
|
|
||||||
case SMK_M1:
|
|
||||||
case SMK_M3:
|
|
||||||
case SMK_ERROR:
|
|
||||||
return; /* STSL disabled - ignore SMK messages */
|
|
||||||
#endif /* CONFIG_PEERKEY */
|
|
||||||
case REQUEST:
|
case REQUEST:
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
@ -1281,12 +1250,7 @@ continue_processing:
|
||||||
* even though MAC address KDE is not normally encrypted,
|
* even though MAC address KDE is not normally encrypted,
|
||||||
* supplicant is allowed to encrypt it.
|
* supplicant is allowed to encrypt it.
|
||||||
*/
|
*/
|
||||||
if (msg == SMK_ERROR) {
|
if (key_info & WPA_KEY_INFO_ERROR) {
|
||||||
#ifdef CONFIG_PEERKEY
|
|
||||||
wpa_smk_error(wpa_auth, sm, key_data, key_data_length);
|
|
||||||
#endif /* CONFIG_PEERKEY */
|
|
||||||
return;
|
|
||||||
} else if (key_info & WPA_KEY_INFO_ERROR) {
|
|
||||||
if (wpa_receive_error_report(
|
if (wpa_receive_error_report(
|
||||||
wpa_auth, sm,
|
wpa_auth, sm,
|
||||||
!(key_info & WPA_KEY_INFO_KEY_TYPE)) > 0)
|
!(key_info & WPA_KEY_INFO_KEY_TYPE)) > 0)
|
||||||
|
@ -1296,11 +1260,6 @@ continue_processing:
|
||||||
"received EAPOL-Key Request for new "
|
"received EAPOL-Key Request for new "
|
||||||
"4-Way Handshake");
|
"4-Way Handshake");
|
||||||
wpa_request_new_ptk(sm);
|
wpa_request_new_ptk(sm);
|
||||||
#ifdef CONFIG_PEERKEY
|
|
||||||
} else if (msg == SMK_M1) {
|
|
||||||
wpa_smk_m1(wpa_auth, sm, key, key_data,
|
|
||||||
key_data_length);
|
|
||||||
#endif /* CONFIG_PEERKEY */
|
|
||||||
} else if (key_data_length > 0 &&
|
} else if (key_data_length > 0 &&
|
||||||
wpa_parse_kde_ies(key_data, key_data_length,
|
wpa_parse_kde_ies(key_data, key_data_length,
|
||||||
&kde) == 0 &&
|
&kde) == 0 &&
|
||||||
|
@ -1339,13 +1298,6 @@ continue_processing:
|
||||||
wpa_replay_counter_mark_invalid(sm->key_replay, NULL);
|
wpa_replay_counter_mark_invalid(sm->key_replay, NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef CONFIG_PEERKEY
|
|
||||||
if (msg == SMK_M3) {
|
|
||||||
wpa_smk_m3(wpa_auth, sm, key, key_data, key_data_length);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
#endif /* CONFIG_PEERKEY */
|
|
||||||
|
|
||||||
os_free(sm->last_rx_eapol_key);
|
os_free(sm->last_rx_eapol_key);
|
||||||
sm->last_rx_eapol_key = os_memdup(data, data_len);
|
sm->last_rx_eapol_key = os_memdup(data, data_len);
|
||||||
if (sm->last_rx_eapol_key == NULL)
|
if (sm->last_rx_eapol_key == NULL)
|
||||||
|
@ -1493,13 +1445,11 @@ void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
|
||||||
WPA_PUT_BE16(key->key_info, key_info);
|
WPA_PUT_BE16(key->key_info, key_info);
|
||||||
|
|
||||||
alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group;
|
alg = pairwise ? sm->pairwise : wpa_auth->conf.wpa_group;
|
||||||
if ((key_info & WPA_KEY_INFO_SMK_MESSAGE) ||
|
if (sm->wpa == WPA_VERSION_WPA2 && !pairwise)
|
||||||
(sm->wpa == WPA_VERSION_WPA2 && !pairwise))
|
|
||||||
WPA_PUT_BE16(key->key_length, 0);
|
WPA_PUT_BE16(key->key_length, 0);
|
||||||
else
|
else
|
||||||
WPA_PUT_BE16(key->key_length, wpa_cipher_key_len(alg));
|
WPA_PUT_BE16(key->key_length, wpa_cipher_key_len(alg));
|
||||||
|
|
||||||
/* FIX: STSL: what to use as key_replay_counter? */
|
|
||||||
for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) {
|
for (i = RSNA_MAX_EAPOL_RETRIES - 1; i > 0; i--) {
|
||||||
sm->key_replay[i].valid = sm->key_replay[i - 1].valid;
|
sm->key_replay[i].valid = sm->key_replay[i - 1].valid;
|
||||||
os_memcpy(sm->key_replay[i].counter,
|
os_memcpy(sm->key_replay[i].counter,
|
||||||
|
|
|
@ -168,7 +168,6 @@ struct wpa_auth_config {
|
||||||
int rsn_pairwise;
|
int rsn_pairwise;
|
||||||
int rsn_preauth;
|
int rsn_preauth;
|
||||||
int eapol_version;
|
int eapol_version;
|
||||||
int peerkey;
|
|
||||||
int wmm_enabled;
|
int wmm_enabled;
|
||||||
int wmm_uapsd;
|
int wmm_uapsd;
|
||||||
int disable_pmksa_caching;
|
int disable_pmksa_caching;
|
||||||
|
|
|
@ -50,7 +50,6 @@ static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf,
|
||||||
wconf->rsn_pairwise = conf->rsn_pairwise;
|
wconf->rsn_pairwise = conf->rsn_pairwise;
|
||||||
wconf->rsn_preauth = conf->rsn_preauth;
|
wconf->rsn_preauth = conf->rsn_preauth;
|
||||||
wconf->eapol_version = conf->eapol_version;
|
wconf->eapol_version = conf->eapol_version;
|
||||||
wconf->peerkey = conf->peerkey;
|
|
||||||
wconf->wmm_enabled = conf->wmm_enabled;
|
wconf->wmm_enabled = conf->wmm_enabled;
|
||||||
wconf->wmm_uapsd = conf->wmm_uapsd;
|
wconf->wmm_uapsd = conf->wmm_uapsd;
|
||||||
wconf->disable_pmksa_caching = conf->disable_pmksa_caching;
|
wconf->disable_pmksa_caching = conf->disable_pmksa_caching;
|
||||||
|
|
|
@ -266,18 +266,6 @@ int wpa_auth_for_each_auth(struct wpa_authenticator *wpa_auth,
|
||||||
int (*cb)(struct wpa_authenticator *a, void *ctx),
|
int (*cb)(struct wpa_authenticator *a, void *ctx),
|
||||||
void *cb_ctx);
|
void *cb_ctx);
|
||||||
|
|
||||||
#ifdef CONFIG_PEERKEY
|
|
||||||
void wpa_smk_error(struct wpa_authenticator *wpa_auth,
|
|
||||||
struct wpa_state_machine *sm,
|
|
||||||
const u8 *key_data, size_t key_data_len);
|
|
||||||
void wpa_smk_m1(struct wpa_authenticator *wpa_auth,
|
|
||||||
struct wpa_state_machine *sm, struct wpa_eapol_key *key,
|
|
||||||
const u8 *key_data, size_t key_data_len);
|
|
||||||
void wpa_smk_m3(struct wpa_authenticator *wpa_auth,
|
|
||||||
struct wpa_state_machine *sm, struct wpa_eapol_key *key,
|
|
||||||
const u8 *key_data, size_t key_data_len);
|
|
||||||
#endif /* CONFIG_PEERKEY */
|
|
||||||
|
|
||||||
#ifdef CONFIG_IEEE80211R_AP
|
#ifdef CONFIG_IEEE80211R_AP
|
||||||
int wpa_write_mdie(struct wpa_auth_config *conf, u8 *buf, size_t len);
|
int wpa_write_mdie(struct wpa_auth_config *conf, u8 *buf, size_t len);
|
||||||
int wpa_write_ftie(struct wpa_auth_config *conf, const u8 *r0kh_id,
|
int wpa_write_ftie(struct wpa_auth_config *conf, const u8 *r0kh_id,
|
||||||
|
|
|
@ -268,8 +268,6 @@ int wpa_write_rsn_ie(struct wpa_auth_config *conf, u8 *buf, size_t len,
|
||||||
capab = 0;
|
capab = 0;
|
||||||
if (conf->rsn_preauth)
|
if (conf->rsn_preauth)
|
||||||
capab |= WPA_CAPABILITY_PREAUTH;
|
capab |= WPA_CAPABILITY_PREAUTH;
|
||||||
if (conf->peerkey)
|
|
||||||
capab |= WPA_CAPABILITY_PEERKEY_ENABLED;
|
|
||||||
if (conf->wmm_enabled) {
|
if (conf->wmm_enabled) {
|
||||||
/* 4 PTKSA replay counters when using WMM */
|
/* 4 PTKSA replay counters when using WMM */
|
||||||
capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
|
capab |= (RSN_NUM_REPLAY_COUNTERS_16 << 2);
|
||||||
|
@ -919,36 +917,6 @@ static int wpa_parse_generic(const u8 *pos, const u8 *end,
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef CONFIG_PEERKEY
|
|
||||||
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
|
|
||||||
RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_SMK) {
|
|
||||||
ie->smk = pos + 2 + RSN_SELECTOR_LEN;
|
|
||||||
ie->smk_len = pos[1] - RSN_SELECTOR_LEN;
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
|
|
||||||
RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_NONCE) {
|
|
||||||
ie->nonce = pos + 2 + RSN_SELECTOR_LEN;
|
|
||||||
ie->nonce_len = pos[1] - RSN_SELECTOR_LEN;
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
|
|
||||||
RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_LIFETIME) {
|
|
||||||
ie->lifetime = pos + 2 + RSN_SELECTOR_LEN;
|
|
||||||
ie->lifetime_len = pos[1] - RSN_SELECTOR_LEN;
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
|
|
||||||
RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_ERROR) {
|
|
||||||
ie->error = pos + 2 + RSN_SELECTOR_LEN;
|
|
||||||
ie->error_len = pos[1] - RSN_SELECTOR_LEN;
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
#endif /* CONFIG_PEERKEY */
|
|
||||||
|
|
||||||
#ifdef CONFIG_IEEE80211W
|
#ifdef CONFIG_IEEE80211W
|
||||||
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
|
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
|
||||||
RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_IGTK) {
|
RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_IGTK) {
|
||||||
|
|
|
@ -19,16 +19,6 @@ struct wpa_eapol_ie_parse {
|
||||||
size_t gtk_len;
|
size_t gtk_len;
|
||||||
const u8 *mac_addr;
|
const u8 *mac_addr;
|
||||||
size_t mac_addr_len;
|
size_t mac_addr_len;
|
||||||
#ifdef CONFIG_PEERKEY
|
|
||||||
const u8 *smk;
|
|
||||||
size_t smk_len;
|
|
||||||
const u8 *nonce;
|
|
||||||
size_t nonce_len;
|
|
||||||
const u8 *lifetime;
|
|
||||||
size_t lifetime_len;
|
|
||||||
const u8 *error;
|
|
||||||
size_t error_len;
|
|
||||||
#endif /* CONFIG_PEERKEY */
|
|
||||||
#ifdef CONFIG_IEEE80211W
|
#ifdef CONFIG_IEEE80211W
|
||||||
const u8 *igtk;
|
const u8 *igtk;
|
||||||
size_t igtk_len;
|
size_t igtk_len;
|
||||||
|
|
|
@ -92,7 +92,6 @@ enum privsep_event {
|
||||||
PRIVSEP_EVENT_MICHAEL_MIC_FAILURE,
|
PRIVSEP_EVENT_MICHAEL_MIC_FAILURE,
|
||||||
PRIVSEP_EVENT_INTERFACE_STATUS,
|
PRIVSEP_EVENT_INTERFACE_STATUS,
|
||||||
PRIVSEP_EVENT_PMKID_CANDIDATE,
|
PRIVSEP_EVENT_PMKID_CANDIDATE,
|
||||||
PRIVSEP_EVENT_STKSTART,
|
|
||||||
PRIVSEP_EVENT_FT_RESPONSE,
|
PRIVSEP_EVENT_FT_RESPONSE,
|
||||||
PRIVSEP_EVENT_RX_EAPOL,
|
PRIVSEP_EVENT_RX_EAPOL,
|
||||||
PRIVSEP_EVENT_SCAN_STARTED,
|
PRIVSEP_EVENT_SCAN_STARTED,
|
||||||
|
|
|
@ -231,10 +231,6 @@ int wpa_eapol_key_mic(const u8 *key, size_t key_len, int akmp, int ver,
|
||||||
* PTK = PRF-X(PMK, "Pairwise key expansion",
|
* PTK = PRF-X(PMK, "Pairwise key expansion",
|
||||||
* Min(AA, SA) || Max(AA, SA) ||
|
* Min(AA, SA) || Max(AA, SA) ||
|
||||||
* Min(ANonce, SNonce) || Max(ANonce, SNonce))
|
* Min(ANonce, SNonce) || Max(ANonce, SNonce))
|
||||||
*
|
|
||||||
* STK = PRF-X(SMK, "Peer key expansion",
|
|
||||||
* Min(MAC_I, MAC_P) || Max(MAC_I, MAC_P) ||
|
|
||||||
* Min(INonce, PNonce) || Max(INonce, PNonce))
|
|
||||||
*/
|
*/
|
||||||
int wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const char *label,
|
int wpa_pmk_to_ptk(const u8 *pmk, size_t pmk_len, const char *label,
|
||||||
const u8 *addr1, const u8 *addr2,
|
const u8 *addr1, const u8 *addr2,
|
||||||
|
|
|
@ -105,12 +105,6 @@ RSN_SELECTOR(0x00, 0x0f, 0xac, 13)
|
||||||
#endif
|
#endif
|
||||||
#define RSN_KEY_DATA_MAC_ADDR RSN_SELECTOR(0x00, 0x0f, 0xac, 3)
|
#define RSN_KEY_DATA_MAC_ADDR RSN_SELECTOR(0x00, 0x0f, 0xac, 3)
|
||||||
#define RSN_KEY_DATA_PMKID RSN_SELECTOR(0x00, 0x0f, 0xac, 4)
|
#define RSN_KEY_DATA_PMKID RSN_SELECTOR(0x00, 0x0f, 0xac, 4)
|
||||||
#ifdef CONFIG_PEERKEY
|
|
||||||
#define RSN_KEY_DATA_SMK RSN_SELECTOR(0x00, 0x0f, 0xac, 5)
|
|
||||||
#define RSN_KEY_DATA_NONCE RSN_SELECTOR(0x00, 0x0f, 0xac, 6)
|
|
||||||
#define RSN_KEY_DATA_LIFETIME RSN_SELECTOR(0x00, 0x0f, 0xac, 7)
|
|
||||||
#define RSN_KEY_DATA_ERROR RSN_SELECTOR(0x00, 0x0f, 0xac, 8)
|
|
||||||
#endif /* CONFIG_PEERKEY */
|
|
||||||
#ifdef CONFIG_IEEE80211W
|
#ifdef CONFIG_IEEE80211W
|
||||||
#define RSN_KEY_DATA_IGTK RSN_SELECTOR(0x00, 0x0f, 0xac, 9)
|
#define RSN_KEY_DATA_IGTK RSN_SELECTOR(0x00, 0x0f, 0xac, 9)
|
||||||
#endif /* CONFIG_IEEE80211W */
|
#endif /* CONFIG_IEEE80211W */
|
||||||
|
@ -287,22 +281,6 @@ struct rsn_ie_hdr {
|
||||||
} STRUCT_PACKED;
|
} STRUCT_PACKED;
|
||||||
|
|
||||||
|
|
||||||
#ifdef CONFIG_PEERKEY
|
|
||||||
enum {
|
|
||||||
STK_MUI_4WAY_STA_AP = 1,
|
|
||||||
STK_MUI_4WAY_STAT_STA = 2,
|
|
||||||
STK_MUI_GTK = 3,
|
|
||||||
STK_MUI_SMK = 4
|
|
||||||
};
|
|
||||||
|
|
||||||
enum {
|
|
||||||
STK_ERR_STA_NR = 1,
|
|
||||||
STK_ERR_STA_NRSN = 2,
|
|
||||||
STK_ERR_CPHR_NS = 3,
|
|
||||||
STK_ERR_NO_STSL = 4
|
|
||||||
};
|
|
||||||
#endif /* CONFIG_PEERKEY */
|
|
||||||
|
|
||||||
struct rsn_error_kde {
|
struct rsn_error_kde {
|
||||||
be16 mui;
|
be16 mui;
|
||||||
be16 error_type;
|
be16 error_type;
|
||||||
|
|
|
@ -4086,17 +4086,6 @@ enum wpa_event_type {
|
||||||
*/
|
*/
|
||||||
EVENT_PMKID_CANDIDATE,
|
EVENT_PMKID_CANDIDATE,
|
||||||
|
|
||||||
/**
|
|
||||||
* EVENT_STKSTART - Request STK handshake (MLME-STKSTART.request)
|
|
||||||
*
|
|
||||||
* This event can be used to inform wpa_supplicant about desire to set
|
|
||||||
* up secure direct link connection between two stations as defined in
|
|
||||||
* IEEE 802.11e with a new PeerKey mechanism that replaced the original
|
|
||||||
* STAKey negotiation. The caller will need to set peer address for the
|
|
||||||
* event.
|
|
||||||
*/
|
|
||||||
EVENT_STKSTART,
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* EVENT_TDLS - Request TDLS operation
|
* EVENT_TDLS - Request TDLS operation
|
||||||
*
|
*
|
||||||
|
@ -4801,13 +4790,6 @@ union wpa_event_data {
|
||||||
int preauth;
|
int preauth;
|
||||||
} pmkid_candidate;
|
} pmkid_candidate;
|
||||||
|
|
||||||
/**
|
|
||||||
* struct stkstart - Data for EVENT_STKSTART
|
|
||||||
*/
|
|
||||||
struct stkstart {
|
|
||||||
u8 peer[ETH_ALEN];
|
|
||||||
} stkstart;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* struct tdls - Data for EVENT_TDLS
|
* struct tdls - Data for EVENT_TDLS
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -35,7 +35,6 @@ const char * event_to_string(enum wpa_event_type event)
|
||||||
E2S(ASSOCINFO);
|
E2S(ASSOCINFO);
|
||||||
E2S(INTERFACE_STATUS);
|
E2S(INTERFACE_STATUS);
|
||||||
E2S(PMKID_CANDIDATE);
|
E2S(PMKID_CANDIDATE);
|
||||||
E2S(STKSTART);
|
|
||||||
E2S(TDLS);
|
E2S(TDLS);
|
||||||
E2S(FT_RESPONSE);
|
E2S(FT_RESPONSE);
|
||||||
E2S(IBSS_RSN_START);
|
E2S(IBSS_RSN_START);
|
||||||
|
|
|
@ -483,19 +483,6 @@ static void wpa_driver_privsep_event_pmkid_candidate(void *ctx, u8 *buf,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static void wpa_driver_privsep_event_stkstart(void *ctx, u8 *buf, size_t len)
|
|
||||||
{
|
|
||||||
union wpa_event_data data;
|
|
||||||
|
|
||||||
if (len != ETH_ALEN)
|
|
||||||
return;
|
|
||||||
|
|
||||||
os_memset(&data, 0, sizeof(data));
|
|
||||||
os_memcpy(data.stkstart.peer, buf, ETH_ALEN);
|
|
||||||
wpa_supplicant_event(ctx, EVENT_STKSTART, &data);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
static void wpa_driver_privsep_event_ft_response(void *ctx, u8 *buf,
|
static void wpa_driver_privsep_event_ft_response(void *ctx, u8 *buf,
|
||||||
size_t len)
|
size_t len)
|
||||||
{
|
{
|
||||||
|
@ -589,10 +576,6 @@ static void wpa_driver_privsep_receive(int sock, void *eloop_ctx,
|
||||||
wpa_driver_privsep_event_pmkid_candidate(drv->ctx, event_buf,
|
wpa_driver_privsep_event_pmkid_candidate(drv->ctx, event_buf,
|
||||||
event_len);
|
event_len);
|
||||||
break;
|
break;
|
||||||
case PRIVSEP_EVENT_STKSTART:
|
|
||||||
wpa_driver_privsep_event_stkstart(drv->ctx, event_buf,
|
|
||||||
event_len);
|
|
||||||
break;
|
|
||||||
case PRIVSEP_EVENT_FT_RESPONSE:
|
case PRIVSEP_EVENT_FT_RESPONSE:
|
||||||
wpa_driver_privsep_event_ft_response(drv->ctx, event_buf,
|
wpa_driver_privsep_event_ft_response(drv->ctx, event_buf,
|
||||||
event_len);
|
event_len);
|
||||||
|
|
|
@ -290,15 +290,6 @@ wpa_driver_wext_event_wireless_custom(void *ctx, char *custom)
|
||||||
done:
|
done:
|
||||||
os_free(resp_ies);
|
os_free(resp_ies);
|
||||||
os_free(req_ies);
|
os_free(req_ies);
|
||||||
#ifdef CONFIG_PEERKEY
|
|
||||||
} else if (os_strncmp(custom, "STKSTART.request=", 17) == 0) {
|
|
||||||
if (hwaddr_aton(custom + 17, data.stkstart.peer)) {
|
|
||||||
wpa_printf(MSG_DEBUG, "WEXT: unrecognized "
|
|
||||||
"STKSTART.request '%s'", custom + 17);
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
wpa_supplicant_event(ctx, EVENT_STKSTART, &data);
|
|
||||||
#endif /* CONFIG_PEERKEY */
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -10,7 +10,6 @@ include ../lib.rules
|
||||||
|
|
||||||
CFLAGS += -DCONFIG_IEEE80211W
|
CFLAGS += -DCONFIG_IEEE80211W
|
||||||
CFLAGS += -DCONFIG_IEEE80211R
|
CFLAGS += -DCONFIG_IEEE80211R
|
||||||
CFLAGS += -DCONFIG_PEERKEY
|
|
||||||
CFLAGS += -DCONFIG_TDLS
|
CFLAGS += -DCONFIG_TDLS
|
||||||
CFLAGS += -DCONFIG_WNM
|
CFLAGS += -DCONFIG_WNM
|
||||||
CFLAGS += -DIEEE8021X_EAPOL
|
CFLAGS += -DIEEE8021X_EAPOL
|
||||||
|
@ -18,7 +17,6 @@ CFLAGS += -DIEEE8021X_EAPOL
|
||||||
LIB_OBJS= \
|
LIB_OBJS= \
|
||||||
pmksa_cache.o \
|
pmksa_cache.o \
|
||||||
wpa_ft.o \
|
wpa_ft.o \
|
||||||
peerkey.o \
|
|
||||||
tdls.o \
|
tdls.o \
|
||||||
preauth.o \
|
preauth.o \
|
||||||
wpa.o \
|
wpa.o \
|
||||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -1,82 +0,0 @@
|
||||||
/*
|
|
||||||
* WPA Supplicant - PeerKey for Direct Link Setup (DLS)
|
|
||||||
* Copyright (c) 2006-2015, Jouni Malinen <j@w1.fi>
|
|
||||||
*
|
|
||||||
* This software may be distributed under the terms of the BSD license.
|
|
||||||
* See README for more details.
|
|
||||||
*/
|
|
||||||
|
|
||||||
#ifndef PEERKEY_H
|
|
||||||
#define PEERKEY_H
|
|
||||||
|
|
||||||
#define PEERKEY_MAX_IE_LEN 80
|
|
||||||
struct wpa_peerkey {
|
|
||||||
struct wpa_peerkey *next;
|
|
||||||
int initiator; /* whether this end was initator for SMK handshake */
|
|
||||||
u8 addr[ETH_ALEN]; /* other end MAC address */
|
|
||||||
u8 inonce[WPA_NONCE_LEN]; /* Initiator Nonce */
|
|
||||||
u8 pnonce[WPA_NONCE_LEN]; /* Peer Nonce */
|
|
||||||
u8 rsnie_i[PEERKEY_MAX_IE_LEN]; /* Initiator RSN IE */
|
|
||||||
size_t rsnie_i_len;
|
|
||||||
u8 rsnie_p[PEERKEY_MAX_IE_LEN]; /* Peer RSN IE */
|
|
||||||
size_t rsnie_p_len;
|
|
||||||
u8 smk[PMK_LEN];
|
|
||||||
int smk_complete;
|
|
||||||
u8 smkid[PMKID_LEN];
|
|
||||||
u32 lifetime;
|
|
||||||
int cipher; /* Selected cipher (WPA_CIPHER_*) */
|
|
||||||
u8 replay_counter[WPA_REPLAY_COUNTER_LEN];
|
|
||||||
int replay_counter_set;
|
|
||||||
int akmp;
|
|
||||||
|
|
||||||
struct wpa_ptk stk, tstk;
|
|
||||||
int stk_set, tstk_set;
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
#ifdef CONFIG_PEERKEY
|
|
||||||
|
|
||||||
int peerkey_verify_eapol_key_mic(struct wpa_sm *sm,
|
|
||||||
struct wpa_peerkey *peerkey,
|
|
||||||
struct wpa_eapol_key *key, u16 ver,
|
|
||||||
const u8 *buf, size_t len);
|
|
||||||
void peerkey_rx_eapol_4way(struct wpa_sm *sm, struct wpa_peerkey *peerkey,
|
|
||||||
struct wpa_eapol_key *key, u16 key_info, u16 ver,
|
|
||||||
const u8 *key_data, size_t key_data_len);
|
|
||||||
void peerkey_rx_eapol_smk(struct wpa_sm *sm, const u8 *src_addr,
|
|
||||||
struct wpa_eapol_key *key, const u8 *key_data,
|
|
||||||
size_t key_data_len, u16 key_info, u16 ver);
|
|
||||||
void peerkey_deinit(struct wpa_sm *sm);
|
|
||||||
|
|
||||||
#else /* CONFIG_PEERKEY */
|
|
||||||
|
|
||||||
static inline int
|
|
||||||
peerkey_verify_eapol_key_mic(struct wpa_sm *sm,
|
|
||||||
struct wpa_peerkey *peerkey,
|
|
||||||
struct wpa_eapol_key *key, u16 ver,
|
|
||||||
const u8 *buf, size_t len)
|
|
||||||
{
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
static inline void
|
|
||||||
peerkey_rx_eapol_4way(struct wpa_sm *sm, struct wpa_peerkey *peerkey,
|
|
||||||
struct wpa_eapol_key *key, u16 key_info, u16 ver,
|
|
||||||
const u8 *key_data, size_t key_data_len)
|
|
||||||
{
|
|
||||||
}
|
|
||||||
|
|
||||||
static inline void
|
|
||||||
peerkey_rx_eapol_smk(struct wpa_sm *sm, const u8 *src_addr,
|
|
||||||
struct wpa_eapol_key *key, const u8 *key_data,
|
|
||||||
size_t key_data_len, u16 key_info, u16 ver)
|
|
||||||
{
|
|
||||||
}
|
|
||||||
|
|
||||||
static inline void peerkey_deinit(struct wpa_sm *sm)
|
|
||||||
{
|
|
||||||
}
|
|
||||||
|
|
||||||
#endif /* CONFIG_PEERKEY */
|
|
||||||
|
|
||||||
#endif /* PEERKEY_H */
|
|
|
@ -28,7 +28,6 @@
|
||||||
#include "pmksa_cache.h"
|
#include "pmksa_cache.h"
|
||||||
#include "wpa_i.h"
|
#include "wpa_i.h"
|
||||||
#include "wpa_ie.h"
|
#include "wpa_ie.h"
|
||||||
#include "peerkey.h"
|
|
||||||
|
|
||||||
|
|
||||||
static const u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
|
static const u8 null_rsc[8] = { 0, 0, 0, 0, 0, 0, 0, 0 };
|
||||||
|
@ -1988,7 +1987,6 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
|
||||||
u16 key_info, ver;
|
u16 key_info, ver;
|
||||||
u8 *tmp = NULL;
|
u8 *tmp = NULL;
|
||||||
int ret = -1;
|
int ret = -1;
|
||||||
struct wpa_peerkey *peerkey = NULL;
|
|
||||||
u8 *mic, *key_data;
|
u8 *mic, *key_data;
|
||||||
size_t mic_len, keyhdrlen;
|
size_t mic_len, keyhdrlen;
|
||||||
|
|
||||||
|
@ -2164,44 +2162,7 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef CONFIG_PEERKEY
|
if (sm->rx_replay_counter_set &&
|
||||||
for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
|
|
||||||
if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0)
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!(key_info & WPA_KEY_INFO_SMK_MESSAGE) && peerkey) {
|
|
||||||
if (!peerkey->initiator && peerkey->replay_counter_set &&
|
|
||||||
os_memcmp(key->replay_counter, peerkey->replay_counter,
|
|
||||||
WPA_REPLAY_COUNTER_LEN) <= 0) {
|
|
||||||
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
|
|
||||||
"RSN: EAPOL-Key Replay Counter did not "
|
|
||||||
"increase (STK) - dropping packet");
|
|
||||||
goto out;
|
|
||||||
} else if (peerkey->initiator) {
|
|
||||||
u8 _tmp[WPA_REPLAY_COUNTER_LEN];
|
|
||||||
os_memcpy(_tmp, key->replay_counter,
|
|
||||||
WPA_REPLAY_COUNTER_LEN);
|
|
||||||
inc_byte_array(_tmp, WPA_REPLAY_COUNTER_LEN);
|
|
||||||
if (os_memcmp(_tmp, peerkey->replay_counter,
|
|
||||||
WPA_REPLAY_COUNTER_LEN) != 0) {
|
|
||||||
wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG,
|
|
||||||
"RSN: EAPOL-Key Replay "
|
|
||||||
"Counter did not match (STK) - "
|
|
||||||
"dropping packet");
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (peerkey && peerkey->initiator && (key_info & WPA_KEY_INFO_ACK)) {
|
|
||||||
wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
|
|
||||||
"RSN: Ack bit in key_info from STK peer");
|
|
||||||
goto out;
|
|
||||||
}
|
|
||||||
#endif /* CONFIG_PEERKEY */
|
|
||||||
|
|
||||||
if (!peerkey && sm->rx_replay_counter_set &&
|
|
||||||
os_memcmp(key->replay_counter, sm->rx_replay_counter,
|
os_memcmp(key->replay_counter, sm->rx_replay_counter,
|
||||||
WPA_REPLAY_COUNTER_LEN) <= 0) {
|
WPA_REPLAY_COUNTER_LEN) <= 0) {
|
||||||
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
|
wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
|
||||||
|
@ -2210,11 +2171,13 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!(key_info & (WPA_KEY_INFO_ACK | WPA_KEY_INFO_SMK_MESSAGE))
|
if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
|
||||||
#ifdef CONFIG_PEERKEY
|
wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
|
||||||
&& (peerkey == NULL || !peerkey->initiator)
|
"WPA: Unsupported SMK bit in key_info");
|
||||||
#endif /* CONFIG_PEERKEY */
|
goto out;
|
||||||
) {
|
}
|
||||||
|
|
||||||
|
if (!(key_info & WPA_KEY_INFO_ACK)) {
|
||||||
wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
|
wpa_msg(sm->ctx->msg_ctx, MSG_INFO,
|
||||||
"WPA: No Ack bit in key_info");
|
"WPA: No Ack bit in key_info");
|
||||||
goto out;
|
goto out;
|
||||||
|
@ -2226,17 +2189,10 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((key_info & WPA_KEY_INFO_MIC) && !peerkey &&
|
if ((key_info & WPA_KEY_INFO_MIC) &&
|
||||||
wpa_supplicant_verify_eapol_key_mic(sm, key, ver, tmp, data_len))
|
wpa_supplicant_verify_eapol_key_mic(sm, key, ver, tmp, data_len))
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
#ifdef CONFIG_PEERKEY
|
|
||||||
if ((key_info & WPA_KEY_INFO_MIC) && peerkey &&
|
|
||||||
peerkey_verify_eapol_key_mic(sm, peerkey, key, ver, tmp,
|
|
||||||
data_len))
|
|
||||||
goto out;
|
|
||||||
#endif /* CONFIG_PEERKEY */
|
|
||||||
|
|
||||||
#ifdef CONFIG_FILS
|
#ifdef CONFIG_FILS
|
||||||
if (!mic_len && (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
|
if (!mic_len && (key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
|
||||||
if (wpa_supp_aead_decrypt(sm, tmp, data_len, &key_data_len))
|
if (wpa_supp_aead_decrypt(sm, tmp, data_len, &key_data_len))
|
||||||
|
@ -2259,12 +2215,8 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
|
||||||
"non-zero key index");
|
"non-zero key index");
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
if (peerkey) {
|
if (key_info & (WPA_KEY_INFO_MIC |
|
||||||
/* PeerKey 4-Way Handshake */
|
WPA_KEY_INFO_ENCR_KEY_DATA)) {
|
||||||
peerkey_rx_eapol_4way(sm, peerkey, key, key_info, ver,
|
|
||||||
key_data, key_data_len);
|
|
||||||
} else if (key_info & (WPA_KEY_INFO_MIC |
|
|
||||||
WPA_KEY_INFO_ENCR_KEY_DATA)) {
|
|
||||||
/* 3/4 4-Way Handshake */
|
/* 3/4 4-Way Handshake */
|
||||||
wpa_supplicant_process_3_of_4(sm, key, ver, key_data,
|
wpa_supplicant_process_3_of_4(sm, key, ver, key_data,
|
||||||
key_data_len);
|
key_data_len);
|
||||||
|
@ -2274,10 +2226,6 @@ int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
|
||||||
ver, key_data,
|
ver, key_data,
|
||||||
key_data_len);
|
key_data_len);
|
||||||
}
|
}
|
||||||
} else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
|
|
||||||
/* PeerKey SMK Handshake */
|
|
||||||
peerkey_rx_eapol_smk(sm, src_addr, key, key_data, key_data_len,
|
|
||||||
key_info, ver);
|
|
||||||
} else {
|
} else {
|
||||||
if ((mic_len && (key_info & WPA_KEY_INFO_MIC)) ||
|
if ((mic_len && (key_info & WPA_KEY_INFO_MIC)) ||
|
||||||
(!mic_len && (key_info & WPA_KEY_INFO_ENCR_KEY_DATA))) {
|
(!mic_len && (key_info & WPA_KEY_INFO_ENCR_KEY_DATA))) {
|
||||||
|
@ -2519,7 +2467,6 @@ void wpa_sm_deinit(struct wpa_sm *sm)
|
||||||
os_free(sm->ap_rsn_ie);
|
os_free(sm->ap_rsn_ie);
|
||||||
wpa_sm_drop_sa(sm);
|
wpa_sm_drop_sa(sm);
|
||||||
os_free(sm->ctx);
|
os_free(sm->ctx);
|
||||||
peerkey_deinit(sm);
|
|
||||||
#ifdef CONFIG_IEEE80211R
|
#ifdef CONFIG_IEEE80211R
|
||||||
os_free(sm->assoc_resp_ies);
|
os_free(sm->assoc_resp_ies);
|
||||||
#endif /* CONFIG_IEEE80211R */
|
#endif /* CONFIG_IEEE80211R */
|
||||||
|
@ -2628,7 +2575,6 @@ void wpa_sm_notify_disassoc(struct wpa_sm *sm)
|
||||||
{
|
{
|
||||||
eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL);
|
eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL);
|
||||||
eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
|
eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
|
||||||
peerkey_deinit(sm);
|
|
||||||
rsn_preauth_deinit(sm);
|
rsn_preauth_deinit(sm);
|
||||||
pmksa_cache_clear_current(sm);
|
pmksa_cache_clear_current(sm);
|
||||||
if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE)
|
if (wpa_sm_get_state(sm) == WPA_4WAY_HANDSHAKE)
|
||||||
|
@ -2748,7 +2694,6 @@ void wpa_sm_set_config(struct wpa_sm *sm, struct rsn_supp_config *config)
|
||||||
|
|
||||||
if (config) {
|
if (config) {
|
||||||
sm->network_ctx = config->network_ctx;
|
sm->network_ctx = config->network_ctx;
|
||||||
sm->peerkey_enabled = config->peerkey_enabled;
|
|
||||||
sm->allowed_pairwise_cipher = config->allowed_pairwise_cipher;
|
sm->allowed_pairwise_cipher = config->allowed_pairwise_cipher;
|
||||||
sm->proactive_key_caching = config->proactive_key_caching;
|
sm->proactive_key_caching = config->proactive_key_caching;
|
||||||
sm->eap_workaround = config->eap_workaround;
|
sm->eap_workaround = config->eap_workaround;
|
||||||
|
@ -2772,7 +2717,6 @@ void wpa_sm_set_config(struct wpa_sm *sm, struct rsn_supp_config *config)
|
||||||
#endif /* CONFIG_FILS */
|
#endif /* CONFIG_FILS */
|
||||||
} else {
|
} else {
|
||||||
sm->network_ctx = NULL;
|
sm->network_ctx = NULL;
|
||||||
sm->peerkey_enabled = 0;
|
|
||||||
sm->allowed_pairwise_cipher = 0;
|
sm->allowed_pairwise_cipher = 0;
|
||||||
sm->proactive_key_caching = 0;
|
sm->proactive_key_caching = 0;
|
||||||
sm->eap_workaround = 0;
|
sm->eap_workaround = 0;
|
||||||
|
@ -3278,27 +3222,6 @@ int wpa_wnmsleep_install_key(struct wpa_sm *sm, u8 subelem_id, u8 *buf)
|
||||||
#endif /* CONFIG_WNM */
|
#endif /* CONFIG_WNM */
|
||||||
|
|
||||||
|
|
||||||
#ifdef CONFIG_PEERKEY
|
|
||||||
int wpa_sm_rx_eapol_peerkey(struct wpa_sm *sm, const u8 *src_addr,
|
|
||||||
const u8 *buf, size_t len)
|
|
||||||
{
|
|
||||||
struct wpa_peerkey *peerkey;
|
|
||||||
|
|
||||||
for (peerkey = sm->peerkey; peerkey; peerkey = peerkey->next) {
|
|
||||||
if (os_memcmp(peerkey->addr, src_addr, ETH_ALEN) == 0)
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!peerkey)
|
|
||||||
return 0;
|
|
||||||
|
|
||||||
wpa_sm_rx_eapol(sm, src_addr, buf, len);
|
|
||||||
|
|
||||||
return 1;
|
|
||||||
}
|
|
||||||
#endif /* CONFIG_PEERKEY */
|
|
||||||
|
|
||||||
|
|
||||||
#ifdef CONFIG_P2P
|
#ifdef CONFIG_P2P
|
||||||
|
|
||||||
int wpa_sm_get_p2p_ip_addr(struct wpa_sm *sm, u8 *buf)
|
int wpa_sm_get_p2p_ip_addr(struct wpa_sm *sm, u8 *buf)
|
||||||
|
|
|
@ -100,7 +100,6 @@ enum wpa_sm_conf_params {
|
||||||
|
|
||||||
struct rsn_supp_config {
|
struct rsn_supp_config {
|
||||||
void *network_ctx;
|
void *network_ctx;
|
||||||
int peerkey_enabled;
|
|
||||||
int allowed_pairwise_cipher; /* bitfield of WPA_CIPHER_* */
|
int allowed_pairwise_cipher; /* bitfield of WPA_CIPHER_* */
|
||||||
int proactive_key_caching;
|
int proactive_key_caching;
|
||||||
int eap_workaround;
|
int eap_workaround;
|
||||||
|
@ -350,23 +349,6 @@ static inline int wpa_fils_is_completed(struct wpa_sm *sm)
|
||||||
|
|
||||||
#endif /* CONFIG_NO_WPA */
|
#endif /* CONFIG_NO_WPA */
|
||||||
|
|
||||||
#ifdef CONFIG_PEERKEY
|
|
||||||
int wpa_sm_stkstart(struct wpa_sm *sm, const u8 *peer);
|
|
||||||
int wpa_sm_rx_eapol_peerkey(struct wpa_sm *sm, const u8 *src_addr,
|
|
||||||
const u8 *buf, size_t len);
|
|
||||||
#else /* CONFIG_PEERKEY */
|
|
||||||
static inline int wpa_sm_stkstart(struct wpa_sm *sm, const u8 *peer)
|
|
||||||
{
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
static inline int wpa_sm_rx_eapol_peerkey(struct wpa_sm *sm, const u8 *src_addr,
|
|
||||||
const u8 *buf, size_t len)
|
|
||||||
{
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
#endif /* CONFIG_PEERKEY */
|
|
||||||
|
|
||||||
#ifdef CONFIG_IEEE80211R
|
#ifdef CONFIG_IEEE80211R
|
||||||
|
|
||||||
int wpa_sm_set_ft_params(struct wpa_sm *sm, const u8 *ies, size_t ies_len);
|
int wpa_sm_set_ft_params(struct wpa_sm *sm, const u8 *ies, size_t ies_len);
|
||||||
|
|
|
@ -11,7 +11,6 @@
|
||||||
|
|
||||||
#include "utils/list.h"
|
#include "utils/list.h"
|
||||||
|
|
||||||
struct wpa_peerkey;
|
|
||||||
struct wpa_tdls_peer;
|
struct wpa_tdls_peer;
|
||||||
struct wpa_eapol_key;
|
struct wpa_eapol_key;
|
||||||
|
|
||||||
|
@ -57,7 +56,6 @@ struct wpa_sm {
|
||||||
int fast_reauth; /* whether EAP fast re-authentication is enabled */
|
int fast_reauth; /* whether EAP fast re-authentication is enabled */
|
||||||
|
|
||||||
void *network_ctx;
|
void *network_ctx;
|
||||||
int peerkey_enabled;
|
|
||||||
int allowed_pairwise_cipher; /* bitfield of WPA_CIPHER_* */
|
int allowed_pairwise_cipher; /* bitfield of WPA_CIPHER_* */
|
||||||
int proactive_key_caching;
|
int proactive_key_caching;
|
||||||
int eap_workaround;
|
int eap_workaround;
|
||||||
|
@ -94,9 +92,6 @@ struct wpa_sm {
|
||||||
u8 *ap_wpa_ie, *ap_rsn_ie;
|
u8 *ap_wpa_ie, *ap_rsn_ie;
|
||||||
size_t ap_wpa_ie_len, ap_rsn_ie_len;
|
size_t ap_wpa_ie_len, ap_rsn_ie_len;
|
||||||
|
|
||||||
#ifdef CONFIG_PEERKEY
|
|
||||||
struct wpa_peerkey *peerkey;
|
|
||||||
#endif /* CONFIG_PEERKEY */
|
|
||||||
#ifdef CONFIG_TDLS
|
#ifdef CONFIG_TDLS
|
||||||
struct wpa_tdls_peer *tdls;
|
struct wpa_tdls_peer *tdls;
|
||||||
int tdls_prohibited;
|
int tdls_prohibited;
|
||||||
|
|
|
@ -425,44 +425,6 @@ static int wpa_parse_generic(const u8 *pos, const u8 *end,
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef CONFIG_PEERKEY
|
|
||||||
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
|
|
||||||
RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_SMK) {
|
|
||||||
ie->smk = pos + 2 + RSN_SELECTOR_LEN;
|
|
||||||
ie->smk_len = pos[1] - RSN_SELECTOR_LEN;
|
|
||||||
wpa_hexdump_key(MSG_DEBUG, "WPA: SMK in EAPOL-Key",
|
|
||||||
pos, pos[1] + 2);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
|
|
||||||
RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_NONCE) {
|
|
||||||
ie->nonce = pos + 2 + RSN_SELECTOR_LEN;
|
|
||||||
ie->nonce_len = pos[1] - RSN_SELECTOR_LEN;
|
|
||||||
wpa_hexdump(MSG_DEBUG, "WPA: Nonce in EAPOL-Key",
|
|
||||||
pos, pos[1] + 2);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
|
|
||||||
RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_LIFETIME) {
|
|
||||||
ie->lifetime = pos + 2 + RSN_SELECTOR_LEN;
|
|
||||||
ie->lifetime_len = pos[1] - RSN_SELECTOR_LEN;
|
|
||||||
wpa_hexdump(MSG_DEBUG, "WPA: Lifetime in EAPOL-Key",
|
|
||||||
pos, pos[1] + 2);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
|
|
||||||
RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_ERROR) {
|
|
||||||
ie->error = pos + 2 + RSN_SELECTOR_LEN;
|
|
||||||
ie->error_len = pos[1] - RSN_SELECTOR_LEN;
|
|
||||||
wpa_hexdump(MSG_DEBUG, "WPA: Error in EAPOL-Key",
|
|
||||||
pos, pos[1] + 2);
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
#endif /* CONFIG_PEERKEY */
|
|
||||||
|
|
||||||
#ifdef CONFIG_IEEE80211W
|
#ifdef CONFIG_IEEE80211W
|
||||||
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
|
if (pos[1] > RSN_SELECTOR_LEN + 2 &&
|
||||||
RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_IGTK) {
|
RSN_SELECTOR_GET(pos + 2) == RSN_KEY_DATA_IGTK) {
|
||||||
|
|
|
@ -21,16 +21,6 @@ struct wpa_eapol_ie_parse {
|
||||||
size_t gtk_len;
|
size_t gtk_len;
|
||||||
const u8 *mac_addr;
|
const u8 *mac_addr;
|
||||||
size_t mac_addr_len;
|
size_t mac_addr_len;
|
||||||
#ifdef CONFIG_PEERKEY
|
|
||||||
const u8 *smk;
|
|
||||||
size_t smk_len;
|
|
||||||
const u8 *nonce;
|
|
||||||
size_t nonce_len;
|
|
||||||
const u8 *lifetime;
|
|
||||||
size_t lifetime_len;
|
|
||||||
const u8 *error;
|
|
||||||
size_t error_len;
|
|
||||||
#endif /* CONFIG_PEERKEY */
|
|
||||||
#ifdef CONFIG_IEEE80211W
|
#ifdef CONFIG_IEEE80211W
|
||||||
const u8 *igtk;
|
const u8 *igtk;
|
||||||
size_t igtk_len;
|
size_t igtk_len;
|
||||||
|
|
|
@ -300,10 +300,6 @@ ifdef CONFIG_TDLS_TESTING
|
||||||
L_CFLAGS += -DCONFIG_TDLS_TESTING
|
L_CFLAGS += -DCONFIG_TDLS_TESTING
|
||||||
endif
|
endif
|
||||||
|
|
||||||
ifdef CONFIG_PEERKEY
|
|
||||||
L_CFLAGS += -DCONFIG_PEERKEY
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifdef CONFIG_PMKSA_CACHE_EXTERNAL
|
ifdef CONFIG_PMKSA_CACHE_EXTERNAL
|
||||||
L_CFLAGS += -DCONFIG_PMKSA_CACHE_EXTERNAL
|
L_CFLAGS += -DCONFIG_PMKSA_CACHE_EXTERNAL
|
||||||
endif
|
endif
|
||||||
|
@ -312,7 +308,6 @@ ifndef CONFIG_NO_WPA
|
||||||
OBJS += src/rsn_supp/wpa.c
|
OBJS += src/rsn_supp/wpa.c
|
||||||
OBJS += src/rsn_supp/preauth.c
|
OBJS += src/rsn_supp/preauth.c
|
||||||
OBJS += src/rsn_supp/pmksa_cache.c
|
OBJS += src/rsn_supp/pmksa_cache.c
|
||||||
OBJS += src/rsn_supp/peerkey.c
|
|
||||||
OBJS += src/rsn_supp/wpa_ie.c
|
OBJS += src/rsn_supp/wpa_ie.c
|
||||||
OBJS += src/common/wpa_common.c
|
OBJS += src/common/wpa_common.c
|
||||||
NEED_AES=y
|
NEED_AES=y
|
||||||
|
@ -937,9 +932,6 @@ ifdef CONFIG_IEEE80211R_AP
|
||||||
L_CFLAGS += -DCONFIG_IEEE80211R_AP
|
L_CFLAGS += -DCONFIG_IEEE80211R_AP
|
||||||
OBJS += src/ap/wpa_auth_ft.c
|
OBJS += src/ap/wpa_auth_ft.c
|
||||||
endif
|
endif
|
||||||
ifdef CONFIG_PEERKEY
|
|
||||||
OBJS += src/ap/peerkey_auth.c
|
|
||||||
endif
|
|
||||||
endif
|
endif
|
||||||
|
|
||||||
ifdef CONFIG_ACS
|
ifdef CONFIG_ACS
|
||||||
|
|
|
@ -333,10 +333,6 @@ ifdef CONFIG_TDLS_TESTING
|
||||||
CFLAGS += -DCONFIG_TDLS_TESTING
|
CFLAGS += -DCONFIG_TDLS_TESTING
|
||||||
endif
|
endif
|
||||||
|
|
||||||
ifdef CONFIG_PEERKEY
|
|
||||||
CFLAGS += -DCONFIG_PEERKEY
|
|
||||||
endif
|
|
||||||
|
|
||||||
ifdef CONFIG_PMKSA_CACHE_EXTERNAL
|
ifdef CONFIG_PMKSA_CACHE_EXTERNAL
|
||||||
CFLAGS += -DCONFIG_PMKSA_CACHE_EXTERNAL
|
CFLAGS += -DCONFIG_PMKSA_CACHE_EXTERNAL
|
||||||
endif
|
endif
|
||||||
|
@ -345,7 +341,6 @@ ifndef CONFIG_NO_WPA
|
||||||
OBJS += ../src/rsn_supp/wpa.o
|
OBJS += ../src/rsn_supp/wpa.o
|
||||||
OBJS += ../src/rsn_supp/preauth.o
|
OBJS += ../src/rsn_supp/preauth.o
|
||||||
OBJS += ../src/rsn_supp/pmksa_cache.o
|
OBJS += ../src/rsn_supp/pmksa_cache.o
|
||||||
OBJS += ../src/rsn_supp/peerkey.o
|
|
||||||
OBJS += ../src/rsn_supp/wpa_ie.o
|
OBJS += ../src/rsn_supp/wpa_ie.o
|
||||||
OBJS += ../src/common/wpa_common.o
|
OBJS += ../src/common/wpa_common.o
|
||||||
NEED_AES=y
|
NEED_AES=y
|
||||||
|
@ -975,9 +970,6 @@ ifdef CONFIG_IEEE80211R_AP
|
||||||
CFLAGS += -DCONFIG_IEEE80211R_AP
|
CFLAGS += -DCONFIG_IEEE80211R_AP
|
||||||
OBJS += ../src/ap/wpa_auth_ft.o
|
OBJS += ../src/ap/wpa_auth_ft.o
|
||||||
endif
|
endif
|
||||||
ifdef CONFIG_PEERKEY
|
|
||||||
OBJS += ../src/ap/peerkey_auth.o
|
|
||||||
endif
|
|
||||||
endif
|
endif
|
||||||
|
|
||||||
ifdef CONFIG_ACS
|
ifdef CONFIG_ACS
|
||||||
|
|
|
@ -276,9 +276,6 @@ CONFIG_L2_PACKET=linux
|
||||||
# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
|
# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
|
||||||
#CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
|
#CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
|
||||||
|
|
||||||
# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
|
|
||||||
CONFIG_PEERKEY=y
|
|
||||||
|
|
||||||
# IEEE 802.11w (management frame protection), also known as PMF
|
# IEEE 802.11w (management frame protection), also known as PMF
|
||||||
# Driver support is also needed for IEEE 802.11w.
|
# Driver support is also needed for IEEE 802.11w.
|
||||||
CONFIG_IEEE80211W=y
|
CONFIG_IEEE80211W=y
|
||||||
|
|
|
@ -2019,6 +2019,24 @@ static char * wpa_config_write_mka_ckn(const struct parse_data *data,
|
||||||
#endif /* CONFIG_MACSEC */
|
#endif /* CONFIG_MACSEC */
|
||||||
|
|
||||||
|
|
||||||
|
static int wpa_config_parse_peerkey(const struct parse_data *data,
|
||||||
|
struct wpa_ssid *ssid, int line,
|
||||||
|
const char *value)
|
||||||
|
{
|
||||||
|
wpa_printf(MSG_INFO, "NOTE: Obsolete peerkey parameter ignored");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
#ifndef NO_CONFIG_WRITE
|
||||||
|
static char * wpa_config_write_peerkey(const struct parse_data *data,
|
||||||
|
struct wpa_ssid *ssid)
|
||||||
|
{
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
#endif /* NO_CONFIG_WRITE */
|
||||||
|
|
||||||
|
|
||||||
/* Helper macros for network block parser */
|
/* Helper macros for network block parser */
|
||||||
|
|
||||||
#ifdef OFFSET
|
#ifdef OFFSET
|
||||||
|
@ -2202,7 +2220,7 @@ static const struct parse_data ssid_fields[] = {
|
||||||
#ifdef CONFIG_IEEE80211W
|
#ifdef CONFIG_IEEE80211W
|
||||||
{ INT_RANGE(ieee80211w, 0, 2) },
|
{ INT_RANGE(ieee80211w, 0, 2) },
|
||||||
#endif /* CONFIG_IEEE80211W */
|
#endif /* CONFIG_IEEE80211W */
|
||||||
{ INT_RANGE(peerkey, 0, 1) },
|
{ FUNC(peerkey) /* obsolete - removed */ },
|
||||||
{ INT_RANGE(mixed_cell, 0, 1) },
|
{ INT_RANGE(mixed_cell, 0, 1) },
|
||||||
{ INT_RANGE(frequency, 0, 65000) },
|
{ INT_RANGE(frequency, 0, 65000) },
|
||||||
{ INT_RANGE(fixed_freq, 0, 1) },
|
{ INT_RANGE(fixed_freq, 0, 1) },
|
||||||
|
|
|
@ -820,7 +820,6 @@ static void wpa_config_write_network(FILE *f, struct wpa_ssid *ssid)
|
||||||
#endif /* CONFIG_ACS */
|
#endif /* CONFIG_ACS */
|
||||||
write_int(f, "proactive_key_caching", ssid->proactive_key_caching, -1);
|
write_int(f, "proactive_key_caching", ssid->proactive_key_caching, -1);
|
||||||
INT(disabled);
|
INT(disabled);
|
||||||
INT(peerkey);
|
|
||||||
INT(mixed_cell);
|
INT(mixed_cell);
|
||||||
INT(vht);
|
INT(vht);
|
||||||
INT_DEF(ht, 1);
|
INT_DEF(ht, 1);
|
||||||
|
|
|
@ -424,17 +424,6 @@ struct wpa_ssid {
|
||||||
*/
|
*/
|
||||||
int disabled_for_connect;
|
int disabled_for_connect;
|
||||||
|
|
||||||
/**
|
|
||||||
* peerkey - Whether PeerKey handshake for direct links is allowed
|
|
||||||
*
|
|
||||||
* This is only used when both RSN/WPA2 and IEEE 802.11e (QoS) are
|
|
||||||
* enabled.
|
|
||||||
*
|
|
||||||
* 0 = disabled (default)
|
|
||||||
* 1 = enabled
|
|
||||||
*/
|
|
||||||
int peerkey;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* id_str - Network identifier string for external scripts
|
* id_str - Network identifier string for external scripts
|
||||||
*
|
*
|
||||||
|
|
|
@ -927,7 +927,6 @@ static int wpa_config_write_network(HKEY hk, struct wpa_ssid *ssid, int id)
|
||||||
write_int(netw, "proactive_key_caching", ssid->proactive_key_caching,
|
write_int(netw, "proactive_key_caching", ssid->proactive_key_caching,
|
||||||
-1);
|
-1);
|
||||||
INT(disabled);
|
INT(disabled);
|
||||||
INT(peerkey);
|
|
||||||
#ifdef CONFIG_IEEE80211W
|
#ifdef CONFIG_IEEE80211W
|
||||||
write_int(netw, "ieee80211w", ssid->ieee80211w,
|
write_int(netw, "ieee80211w", ssid->ieee80211w,
|
||||||
MGMT_FRAME_PROTECTION_DEFAULT);
|
MGMT_FRAME_PROTECTION_DEFAULT);
|
||||||
|
|
|
@ -782,27 +782,6 @@ static int wpa_supplicant_ctrl_iface_preauth(struct wpa_supplicant *wpa_s,
|
||||||
#endif /* IEEE8021X_EAPOL */
|
#endif /* IEEE8021X_EAPOL */
|
||||||
|
|
||||||
|
|
||||||
#ifdef CONFIG_PEERKEY
|
|
||||||
/* MLME-STKSTART.request(peer) */
|
|
||||||
static int wpa_supplicant_ctrl_iface_stkstart(
|
|
||||||
struct wpa_supplicant *wpa_s, char *addr)
|
|
||||||
{
|
|
||||||
u8 peer[ETH_ALEN];
|
|
||||||
|
|
||||||
if (hwaddr_aton(addr, peer)) {
|
|
||||||
wpa_printf(MSG_DEBUG, "CTRL_IFACE STKSTART: invalid "
|
|
||||||
"address '%s'", addr);
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "CTRL_IFACE STKSTART " MACSTR,
|
|
||||||
MAC2STR(peer));
|
|
||||||
|
|
||||||
return wpa_sm_stkstart(wpa_s->wpa, peer);
|
|
||||||
}
|
|
||||||
#endif /* CONFIG_PEERKEY */
|
|
||||||
|
|
||||||
|
|
||||||
#ifdef CONFIG_TDLS
|
#ifdef CONFIG_TDLS
|
||||||
|
|
||||||
static int wpa_supplicant_ctrl_iface_tdls_discover(
|
static int wpa_supplicant_ctrl_iface_tdls_discover(
|
||||||
|
@ -9723,11 +9702,6 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s,
|
||||||
if (wpa_supplicant_ctrl_iface_preauth(wpa_s, buf + 8))
|
if (wpa_supplicant_ctrl_iface_preauth(wpa_s, buf + 8))
|
||||||
reply_len = -1;
|
reply_len = -1;
|
||||||
#endif /* IEEE8021X_EAPOL */
|
#endif /* IEEE8021X_EAPOL */
|
||||||
#ifdef CONFIG_PEERKEY
|
|
||||||
} else if (os_strncmp(buf, "STKSTART ", 9) == 0) {
|
|
||||||
if (wpa_supplicant_ctrl_iface_stkstart(wpa_s, buf + 9))
|
|
||||||
reply_len = -1;
|
|
||||||
#endif /* CONFIG_PEERKEY */
|
|
||||||
#ifdef CONFIG_IEEE80211R
|
#ifdef CONFIG_IEEE80211R
|
||||||
} else if (os_strncmp(buf, "FT_DS ", 6) == 0) {
|
} else if (os_strncmp(buf, "FT_DS ", 6) == 0) {
|
||||||
if (wpa_supplicant_ctrl_iface_ft_ds(wpa_s, buf + 6))
|
if (wpa_supplicant_ctrl_iface_ft_ds(wpa_s, buf + 6))
|
||||||
|
|
|
@ -288,9 +288,6 @@ CONFIG_BACKEND=file
|
||||||
# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
|
# bridge interfaces (commit 'bridge: respect RFC2863 operational state')').
|
||||||
#CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
|
#CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y
|
||||||
|
|
||||||
# PeerKey handshake for Station to Station Link (IEEE 802.11e DLS)
|
|
||||||
CONFIG_PEERKEY=y
|
|
||||||
|
|
||||||
# IEEE 802.11w (management frame protection), also known as PMF
|
# IEEE 802.11w (management frame protection), also known as PMF
|
||||||
# Driver support is also needed for IEEE 802.11w.
|
# Driver support is also needed for IEEE 802.11w.
|
||||||
#CONFIG_IEEE80211W=y
|
#CONFIG_IEEE80211W=y
|
||||||
|
|
|
@ -3160,18 +3160,6 @@ wpa_supplicant_event_interface_status(struct wpa_supplicant *wpa_s,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
#ifdef CONFIG_PEERKEY
|
|
||||||
static void
|
|
||||||
wpa_supplicant_event_stkstart(struct wpa_supplicant *wpa_s,
|
|
||||||
union wpa_event_data *data)
|
|
||||||
{
|
|
||||||
if (data == NULL)
|
|
||||||
return;
|
|
||||||
wpa_sm_stkstart(wpa_s->wpa, data->stkstart.peer);
|
|
||||||
}
|
|
||||||
#endif /* CONFIG_PEERKEY */
|
|
||||||
|
|
||||||
|
|
||||||
#ifdef CONFIG_TDLS
|
#ifdef CONFIG_TDLS
|
||||||
static void wpa_supplicant_event_tdls(struct wpa_supplicant *wpa_s,
|
static void wpa_supplicant_event_tdls(struct wpa_supplicant *wpa_s,
|
||||||
union wpa_event_data *data)
|
union wpa_event_data *data)
|
||||||
|
@ -3947,11 +3935,6 @@ void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
|
||||||
case EVENT_PMKID_CANDIDATE:
|
case EVENT_PMKID_CANDIDATE:
|
||||||
wpa_supplicant_event_pmkid_candidate(wpa_s, data);
|
wpa_supplicant_event_pmkid_candidate(wpa_s, data);
|
||||||
break;
|
break;
|
||||||
#ifdef CONFIG_PEERKEY
|
|
||||||
case EVENT_STKSTART:
|
|
||||||
wpa_supplicant_event_stkstart(wpa_s, data);
|
|
||||||
break;
|
|
||||||
#endif /* CONFIG_PEERKEY */
|
|
||||||
#ifdef CONFIG_TDLS
|
#ifdef CONFIG_TDLS
|
||||||
case EVENT_TDLS:
|
case EVENT_TDLS:
|
||||||
wpa_supplicant_event_tdls(wpa_s, data);
|
wpa_supplicant_event_tdls(wpa_s, data);
|
||||||
|
|
|
@ -682,13 +682,6 @@ static int wpa_cli_cmd_bss_flush(struct wpa_ctrl *ctrl, int argc, char *argv[])
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static int wpa_cli_cmd_stkstart(struct wpa_ctrl *ctrl, int argc,
|
|
||||||
char *argv[])
|
|
||||||
{
|
|
||||||
return wpa_cli_cmd(ctrl, "STKSTART", 1, argc, argv);
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
static int wpa_cli_cmd_ft_ds(struct wpa_ctrl *ctrl, int argc, char *argv[])
|
static int wpa_cli_cmd_ft_ds(struct wpa_ctrl *ctrl, int argc, char *argv[])
|
||||||
{
|
{
|
||||||
return wpa_cli_cmd(ctrl, "FT_DS", 1, argc, argv);
|
return wpa_cli_cmd(ctrl, "FT_DS", 1, argc, argv);
|
||||||
|
@ -1404,7 +1397,7 @@ static const char *network_fields[] = {
|
||||||
#ifdef CONFIG_IEEE80211W
|
#ifdef CONFIG_IEEE80211W
|
||||||
"ieee80211w",
|
"ieee80211w",
|
||||||
#endif /* CONFIG_IEEE80211W */
|
#endif /* CONFIG_IEEE80211W */
|
||||||
"peerkey", "mixed_cell", "frequency", "fixed_freq",
|
"mixed_cell", "frequency", "fixed_freq",
|
||||||
#ifdef CONFIG_MESH
|
#ifdef CONFIG_MESH
|
||||||
"mesh_basic_rates", "dot11MeshMaxRetries",
|
"mesh_basic_rates", "dot11MeshMaxRetries",
|
||||||
"dot11MeshRetryTimeout", "dot11MeshConfirmTimeout",
|
"dot11MeshRetryTimeout", "dot11MeshConfirmTimeout",
|
||||||
|
@ -3167,9 +3160,6 @@ static const struct wpa_cli_cmd wpa_cli_commands[] = {
|
||||||
{ "bss_flush", wpa_cli_cmd_bss_flush, NULL,
|
{ "bss_flush", wpa_cli_cmd_bss_flush, NULL,
|
||||||
cli_cmd_flag_none,
|
cli_cmd_flag_none,
|
||||||
"<value> = set BSS flush age (0 by default)" },
|
"<value> = set BSS flush age (0 by default)" },
|
||||||
{ "stkstart", wpa_cli_cmd_stkstart, NULL,
|
|
||||||
cli_cmd_flag_none,
|
|
||||||
"<addr> = request STK negotiation with <addr>" },
|
|
||||||
{ "ft_ds", wpa_cli_cmd_ft_ds, wpa_cli_complete_bss,
|
{ "ft_ds", wpa_cli_cmd_ft_ds, wpa_cli_complete_bss,
|
||||||
cli_cmd_flag_none,
|
cli_cmd_flag_none,
|
||||||
"<addr> = request over-the-DS FT with <addr>" },
|
"<addr> = request over-the-DS FT with <addr>" },
|
||||||
|
|
|
@ -1081,12 +1081,6 @@ void wpa_supplicant_event(void *ctx, enum wpa_event_type event,
|
||||||
&data->pmkid_candidate,
|
&data->pmkid_candidate,
|
||||||
sizeof(struct pmkid_candidate));
|
sizeof(struct pmkid_candidate));
|
||||||
break;
|
break;
|
||||||
case EVENT_STKSTART:
|
|
||||||
if (data == NULL)
|
|
||||||
return;
|
|
||||||
wpa_priv_send_event(iface, PRIVSEP_EVENT_STKSTART,
|
|
||||||
&data->stkstart.peer, ETH_ALEN);
|
|
||||||
break;
|
|
||||||
case EVENT_FT_RESPONSE:
|
case EVENT_FT_RESPONSE:
|
||||||
wpa_priv_send_ft_response(iface, data);
|
wpa_priv_send_ft_response(iface, data);
|
||||||
break;
|
break;
|
||||||
|
|
|
@ -3755,16 +3755,6 @@ void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
|
||||||
}
|
}
|
||||||
#endif /* CONFIG_TESTING_OPTIONS */
|
#endif /* CONFIG_TESTING_OPTIONS */
|
||||||
|
|
||||||
#ifdef CONFIG_PEERKEY
|
|
||||||
if (wpa_s->wpa_state > WPA_ASSOCIATED && wpa_s->current_ssid &&
|
|
||||||
wpa_s->current_ssid->peerkey &&
|
|
||||||
!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) &&
|
|
||||||
wpa_sm_rx_eapol_peerkey(wpa_s->wpa, src_addr, buf, len) == 1) {
|
|
||||||
wpa_dbg(wpa_s, MSG_DEBUG, "RSN: Processed PeerKey EAPOL-Key");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
#endif /* CONFIG_PEERKEY */
|
|
||||||
|
|
||||||
if (wpa_s->wpa_state < WPA_ASSOCIATED ||
|
if (wpa_s->wpa_state < WPA_ASSOCIATED ||
|
||||||
(wpa_s->last_eapol_matches_bssid &&
|
(wpa_s->last_eapol_matches_bssid &&
|
||||||
#ifdef CONFIG_AP
|
#ifdef CONFIG_AP
|
||||||
|
|
|
@ -992,12 +992,6 @@ fast_reauth=1
|
||||||
# hex without quotation, e.g., 0102030405)
|
# hex without quotation, e.g., 0102030405)
|
||||||
# wep_tx_keyidx: Default WEP key index (TX) (0..3)
|
# wep_tx_keyidx: Default WEP key index (TX) (0..3)
|
||||||
#
|
#
|
||||||
# peerkey: Whether PeerKey negotiation for direct links (IEEE 802.11e DLS) is
|
|
||||||
# allowed. This is only used with RSN/WPA2.
|
|
||||||
# 0 = disabled (default)
|
|
||||||
# 1 = enabled
|
|
||||||
#peerkey=1
|
|
||||||
#
|
|
||||||
# wpa_ptk_rekey: Maximum lifetime for PTK in seconds. This can be used to
|
# wpa_ptk_rekey: Maximum lifetime for PTK in seconds. This can be used to
|
||||||
# enforce rekeying of PTK to mitigate some attacks against TKIP deficiencies.
|
# enforce rekeying of PTK to mitigate some attacks against TKIP deficiencies.
|
||||||
#
|
#
|
||||||
|
|
|
@ -1235,7 +1235,6 @@ void wpa_supplicant_rsn_supp_set_config(struct wpa_supplicant *wpa_s,
|
||||||
if (ssid) {
|
if (ssid) {
|
||||||
os_memset(&conf, 0, sizeof(conf));
|
os_memset(&conf, 0, sizeof(conf));
|
||||||
conf.network_ctx = ssid;
|
conf.network_ctx = ssid;
|
||||||
conf.peerkey_enabled = ssid->peerkey;
|
|
||||||
conf.allowed_pairwise_cipher = ssid->pairwise_cipher;
|
conf.allowed_pairwise_cipher = ssid->pairwise_cipher;
|
||||||
#ifdef IEEE8021X_EAPOL
|
#ifdef IEEE8021X_EAPOL
|
||||||
conf.proactive_key_caching = ssid->proactive_key_caching < 0 ?
|
conf.proactive_key_caching = ssid->proactive_key_caching < 0 ?
|
||||||
|
|
Loading…
Reference in a new issue