LCOV - code coverage report
Current view: top level - wpa_supplicant - ibss_rsn.c (source / functions) Hit Total Coverage
Test: wpa_supplicant/hostapd combined for hwsim test run 1401264779 Lines: 355 451 78.7 %
Date: 2014-05-28 Functions: 35 39 89.7 %

          Line data    Source code
       1             : /*
       2             :  * wpa_supplicant - IBSS RSN
       3             :  * Copyright (c) 2009-2013, Jouni Malinen <j@w1.fi>
       4             :  *
       5             :  * This software may be distributed under the terms of the BSD license.
       6             :  * See README for more details.
       7             :  */
       8             : 
       9             : #include "includes.h"
      10             : 
      11             : #include "common.h"
      12             : #include "common/wpa_ctrl.h"
      13             : #include "utils/eloop.h"
      14             : #include "l2_packet/l2_packet.h"
      15             : #include "rsn_supp/wpa.h"
      16             : #include "rsn_supp/wpa_ie.h"
      17             : #include "ap/wpa_auth.h"
      18             : #include "wpa_supplicant_i.h"
      19             : #include "driver_i.h"
      20             : #include "common/ieee802_11_defs.h"
      21             : #include "ibss_rsn.h"
      22             : 
      23             : 
      24             : static void ibss_rsn_auth_timeout(void *eloop_ctx, void *timeout_ctx);
      25             : 
      26             : 
      27         256 : static struct ibss_rsn_peer * ibss_rsn_get_peer(struct ibss_rsn *ibss_rsn,
      28             :                                                 const u8 *addr)
      29             : {
      30             :         struct ibss_rsn_peer *peer;
      31             : 
      32         308 :         for (peer = ibss_rsn->peers; peer; peer = peer->next)
      33         286 :                 if (os_memcmp(addr, peer->addr, ETH_ALEN) == 0)
      34         234 :                         break;
      35         256 :         return peer;
      36             : }
      37             : 
      38             : 
      39          12 : static void ibss_rsn_free(struct ibss_rsn_peer *peer)
      40             : {
      41          12 :         eloop_cancel_timeout(ibss_rsn_auth_timeout, peer, NULL);
      42          12 :         wpa_auth_sta_deinit(peer->auth);
      43          12 :         wpa_sm_deinit(peer->supp);
      44          12 :         os_free(peer);
      45          12 : }
      46             : 
      47             : 
      48          44 : static void supp_set_state(void *ctx, enum wpa_states state)
      49             : {
      50          44 :         struct ibss_rsn_peer *peer = ctx;
      51          44 :         peer->supp_state = state;
      52          44 : }
      53             : 
      54             : 
      55           0 : static enum wpa_states supp_get_state(void *ctx)
      56             : {
      57           0 :         struct ibss_rsn_peer *peer = ctx;
      58           0 :         return peer->supp_state;
      59             : }
      60             : 
      61             : 
      62          24 : static int supp_ether_send(void *ctx, const u8 *dest, u16 proto, const u8 *buf,
      63             :                            size_t len)
      64             : {
      65          24 :         struct ibss_rsn_peer *peer = ctx;
      66          24 :         struct wpa_supplicant *wpa_s = peer->ibss_rsn->wpa_s;
      67             : 
      68         168 :         wpa_printf(MSG_DEBUG, "SUPP: %s(dest=" MACSTR " proto=0x%04x "
      69             :                    "len=%lu)",
      70         144 :                    __func__, MAC2STR(dest), proto, (unsigned long) len);
      71             : 
      72          24 :         if (wpa_s->l2)
      73          24 :                 return l2_packet_send(wpa_s->l2, dest, proto, buf, len);
      74             : 
      75           0 :         return wpa_drv_send_eapol(wpa_s, dest, proto, buf, len);
      76             : }
      77             : 
      78             : 
      79          24 : static u8 * supp_alloc_eapol(void *ctx, u8 type, const void *data,
      80             :                              u16 data_len, size_t *msg_len, void **data_pos)
      81             : {
      82             :         struct ieee802_1x_hdr *hdr;
      83             : 
      84          24 :         wpa_printf(MSG_DEBUG, "SUPP: %s(type=%d data_len=%d)",
      85             :                    __func__, type, data_len);
      86             : 
      87          24 :         *msg_len = sizeof(*hdr) + data_len;
      88          24 :         hdr = os_malloc(*msg_len);
      89          24 :         if (hdr == NULL)
      90           0 :                 return NULL;
      91             : 
      92          24 :         hdr->version = 2;
      93          24 :         hdr->type = type;
      94          24 :         hdr->length = host_to_be16(data_len);
      95             : 
      96          24 :         if (data)
      97           0 :                 os_memcpy(hdr + 1, data, data_len);
      98             :         else
      99          24 :                 os_memset(hdr + 1, 0, data_len);
     100             : 
     101          24 :         if (data_pos)
     102          24 :                 *data_pos = hdr + 1;
     103             : 
     104          24 :         return (u8 *) hdr;
     105             : }
     106             : 
     107             : 
     108          10 : static int supp_get_beacon_ie(void *ctx)
     109             : {
     110          10 :         struct ibss_rsn_peer *peer = ctx;
     111             : 
     112          10 :         wpa_printf(MSG_DEBUG, "SUPP: %s", __func__);
     113             :         /* TODO: get correct RSN IE */
     114          10 :         return wpa_sm_set_ap_rsn_ie(peer->supp,
     115             :                                     (u8 *) "\x30\x14\x01\x00"
     116             :                                     "\x00\x0f\xac\x04"
     117             :                                     "\x01\x00\x00\x0f\xac\x04"
     118             :                                     "\x01\x00\x00\x0f\xac\x02"
     119             :                                     "\x00\x00", 22);
     120             : }
     121             : 
     122             : 
     123          46 : static void ibss_check_rsn_completed(struct ibss_rsn_peer *peer)
     124             : {
     125          46 :         struct wpa_supplicant *wpa_s = peer->ibss_rsn->wpa_s;
     126             : 
     127          46 :         if ((peer->authentication_status &
     128             :              (IBSS_RSN_SET_PTK_SUPP | IBSS_RSN_SET_PTK_AUTH)) !=
     129             :             (IBSS_RSN_SET_PTK_SUPP | IBSS_RSN_SET_PTK_AUTH))
     130          28 :                 return;
     131          18 :         if (peer->authentication_status & IBSS_RSN_REPORTED_PTK)
     132           8 :                 return;
     133          10 :         peer->authentication_status |= IBSS_RSN_REPORTED_PTK;
     134          60 :         wpa_msg(wpa_s, MSG_INFO, IBSS_RSN_COMPLETED MACSTR,
     135          60 :                 MAC2STR(peer->addr));
     136             : }
     137             : 
     138             : 
     139          20 : static int supp_set_key(void *ctx, enum wpa_alg alg,
     140             :                         const u8 *addr, int key_idx, int set_tx,
     141             :                         const u8 *seq, size_t seq_len,
     142             :                         const u8 *key, size_t key_len)
     143             : {
     144          20 :         struct ibss_rsn_peer *peer = ctx;
     145             : 
     146         120 :         wpa_printf(MSG_DEBUG, "SUPP: %s(alg=%d addr=" MACSTR " key_idx=%d "
     147             :                    "set_tx=%d)",
     148         120 :                    __func__, alg, MAC2STR(addr), key_idx, set_tx);
     149          20 :         wpa_hexdump(MSG_DEBUG, "SUPP: set_key - seq", seq, seq_len);
     150          20 :         wpa_hexdump_key(MSG_DEBUG, "SUPP: set_key - key", key, key_len);
     151             : 
     152          20 :         if (key_idx == 0) {
     153          10 :                 peer->authentication_status |= IBSS_RSN_SET_PTK_SUPP;
     154          10 :                 ibss_check_rsn_completed(peer);
     155             :                 /*
     156             :                  * In IBSS RSN, the pairwise key from the 4-way handshake
     157             :                  * initiated by the peer with highest MAC address is used.
     158             :                  */
     159          10 :                 if (os_memcmp(peer->ibss_rsn->wpa_s->own_addr, peer->addr,
     160             :                               ETH_ALEN) > 0) {
     161           5 :                         wpa_printf(MSG_DEBUG, "SUPP: Do not use this PTK");
     162           5 :                         return 0;
     163             :                 }
     164             :         }
     165             : 
     166          15 :         if (is_broadcast_ether_addr(addr))
     167          10 :                 addr = peer->addr;
     168          15 :         return wpa_drv_set_key(peer->ibss_rsn->wpa_s, alg, addr, key_idx,
     169             :                                set_tx, seq, seq_len, key, key_len);
     170             : }
     171             : 
     172             : 
     173          14 : static void * supp_get_network_ctx(void *ctx)
     174             : {
     175          14 :         struct ibss_rsn_peer *peer = ctx;
     176          14 :         return wpa_supplicant_get_ssid(peer->ibss_rsn->wpa_s);
     177             : }
     178             : 
     179             : 
     180          20 : static int supp_mlme_setprotection(void *ctx, const u8 *addr,
     181             :                                    int protection_type, int key_type)
     182             : {
     183         120 :         wpa_printf(MSG_DEBUG, "SUPP: %s(addr=" MACSTR " protection_type=%d "
     184             :                    "key_type=%d)",
     185         120 :                    __func__, MAC2STR(addr), protection_type, key_type);
     186          20 :         return 0;
     187             : }
     188             : 
     189             : 
     190          10 : static void supp_cancel_auth_timeout(void *ctx)
     191             : {
     192          10 :         wpa_printf(MSG_DEBUG, "SUPP: %s", __func__);
     193          10 : }
     194             : 
     195             : 
     196           0 : static void supp_deauthenticate(void * ctx, int reason_code)
     197             : {
     198           0 :         wpa_printf(MSG_DEBUG, "SUPP: %s (TODO)", __func__);
     199           0 : }
     200             : 
     201             : 
     202          12 : static int ibss_rsn_supp_init(struct ibss_rsn_peer *peer, const u8 *own_addr,
     203             :                               const u8 *psk)
     204             : {
     205          12 :         struct wpa_sm_ctx *ctx = os_zalloc(sizeof(*ctx));
     206          12 :         if (ctx == NULL)
     207           0 :                 return -1;
     208             : 
     209          12 :         ctx->ctx = peer;
     210          12 :         ctx->msg_ctx = peer->ibss_rsn->wpa_s;
     211          12 :         ctx->set_state = supp_set_state;
     212          12 :         ctx->get_state = supp_get_state;
     213          12 :         ctx->ether_send = supp_ether_send;
     214          12 :         ctx->get_beacon_ie = supp_get_beacon_ie;
     215          12 :         ctx->alloc_eapol = supp_alloc_eapol;
     216          12 :         ctx->set_key = supp_set_key;
     217          12 :         ctx->get_network_ctx = supp_get_network_ctx;
     218          12 :         ctx->mlme_setprotection = supp_mlme_setprotection;
     219          12 :         ctx->cancel_auth_timeout = supp_cancel_auth_timeout;
     220          12 :         ctx->deauthenticate = supp_deauthenticate;
     221          12 :         peer->supp = wpa_sm_init(ctx);
     222          12 :         if (peer->supp == NULL) {
     223           0 :                 wpa_printf(MSG_DEBUG, "SUPP: wpa_sm_init() failed");
     224           0 :                 return -1;
     225             :         }
     226             : 
     227          12 :         wpa_sm_set_own_addr(peer->supp, own_addr);
     228          12 :         wpa_sm_set_param(peer->supp, WPA_PARAM_RSN_ENABLED, 1);
     229          12 :         wpa_sm_set_param(peer->supp, WPA_PARAM_PROTO, WPA_PROTO_RSN);
     230          12 :         wpa_sm_set_param(peer->supp, WPA_PARAM_PAIRWISE, WPA_CIPHER_CCMP);
     231          12 :         wpa_sm_set_param(peer->supp, WPA_PARAM_GROUP, WPA_CIPHER_CCMP);
     232          12 :         wpa_sm_set_param(peer->supp, WPA_PARAM_KEY_MGMT, WPA_KEY_MGMT_PSK);
     233          12 :         wpa_sm_set_pmk(peer->supp, psk, PMK_LEN);
     234             : 
     235          12 :         peer->supp_ie_len = sizeof(peer->supp_ie);
     236          12 :         if (wpa_sm_set_assoc_wpa_ie_default(peer->supp, peer->supp_ie,
     237             :                                             &peer->supp_ie_len) < 0) {
     238           0 :                 wpa_printf(MSG_DEBUG, "SUPP: wpa_sm_set_assoc_wpa_ie_default()"
     239             :                            " failed");
     240           0 :                 return -1;
     241             :         }
     242             : 
     243          12 :         wpa_sm_notify_assoc(peer->supp, peer->addr);
     244             : 
     245          12 :         return 0;
     246             : }
     247             : 
     248             : 
     249          92 : static void auth_logger(void *ctx, const u8 *addr, logger_level level,
     250             :                         const char *txt)
     251             : {
     252          92 :         if (addr)
     253         552 :                 wpa_printf(MSG_DEBUG, "AUTH: " MACSTR " - %s",
     254         552 :                            MAC2STR(addr), txt);
     255             :         else
     256           0 :                 wpa_printf(MSG_DEBUG, "AUTH: %s", txt);
     257          92 : }
     258             : 
     259             : 
     260          34 : static const u8 * auth_get_psk(void *ctx, const u8 *addr,
     261             :                                const u8 *p2p_dev_addr, const u8 *prev_psk)
     262             : {
     263          34 :         struct ibss_rsn *ibss_rsn = ctx;
     264         204 :         wpa_printf(MSG_DEBUG, "AUTH: %s (addr=" MACSTR " prev_psk=%p)",
     265         204 :                    __func__, MAC2STR(addr), prev_psk);
     266          34 :         if (prev_psk)
     267           0 :                 return NULL;
     268          34 :         return ibss_rsn->psk;
     269             : }
     270             : 
     271             : 
     272          28 : static int auth_send_eapol(void *ctx, const u8 *addr, const u8 *data,
     273             :                            size_t data_len, int encrypt)
     274             : {
     275          28 :         struct ibss_rsn *ibss_rsn = ctx;
     276          28 :         struct wpa_supplicant *wpa_s = ibss_rsn->wpa_s;
     277             : 
     278         168 :         wpa_printf(MSG_DEBUG, "AUTH: %s(addr=" MACSTR " data_len=%lu "
     279             :                    "encrypt=%d)",
     280         168 :                    __func__, MAC2STR(addr), (unsigned long) data_len, encrypt);
     281             : 
     282          28 :         if (wpa_s->l2)
     283          28 :                 return l2_packet_send(wpa_s->l2, addr, ETH_P_EAPOL, data,
     284             :                                       data_len);
     285             : 
     286           0 :         return wpa_drv_send_eapol(wpa_s, addr, ETH_P_EAPOL, data, data_len);
     287             : }
     288             : 
     289             : 
     290          46 : static int auth_set_key(void *ctx, int vlan_id, enum wpa_alg alg,
     291             :                         const u8 *addr, int idx, u8 *key, size_t key_len)
     292             : {
     293          46 :         struct ibss_rsn *ibss_rsn = ctx;
     294             :         u8 seq[6];
     295             : 
     296          46 :         os_memset(seq, 0, sizeof(seq));
     297             : 
     298          46 :         if (addr) {
     299         276 :                 wpa_printf(MSG_DEBUG, "AUTH: %s(alg=%d addr=" MACSTR
     300             :                            " key_idx=%d)",
     301         276 :                            __func__, alg, MAC2STR(addr), idx);
     302             :         } else {
     303           0 :                 wpa_printf(MSG_DEBUG, "AUTH: %s(alg=%d key_idx=%d)",
     304             :                            __func__, alg, idx);
     305             :         }
     306          46 :         wpa_hexdump_key(MSG_DEBUG, "AUTH: set_key - key", key, key_len);
     307             : 
     308          46 :         if (idx == 0) {
     309          36 :                 if (addr) {
     310             :                         struct ibss_rsn_peer *peer;
     311          36 :                         peer = ibss_rsn_get_peer(ibss_rsn, addr);
     312          36 :                         if (peer) {
     313          36 :                                 peer->authentication_status |=
     314             :                                         IBSS_RSN_SET_PTK_AUTH;
     315          36 :                                 ibss_check_rsn_completed(peer);
     316             :                         }
     317             :                 }
     318             :                 /*
     319             :                  * In IBSS RSN, the pairwise key from the 4-way handshake
     320             :                  * initiated by the peer with highest MAC address is used.
     321             :                  */
     322          72 :                 if (addr == NULL ||
     323          36 :                     os_memcmp(ibss_rsn->wpa_s->own_addr, addr, ETH_ALEN) < 0) {
     324          18 :                         wpa_printf(MSG_DEBUG, "AUTH: Do not use this PTK");
     325          18 :                         return 0;
     326             :                 }
     327             :         }
     328             : 
     329          28 :         return wpa_drv_set_key(ibss_rsn->wpa_s, alg, addr, idx,
     330             :                                1, seq, 6, key, key_len);
     331             : }
     332             : 
     333             : 
     334           2 : static void ibss_rsn_disconnect(void *ctx, const u8 *addr, u16 reason)
     335             : {
     336           2 :         struct ibss_rsn *ibss_rsn = ctx;
     337           2 :         wpa_drv_sta_deauth(ibss_rsn->wpa_s, addr, reason);
     338           2 : }
     339             : 
     340             : 
     341           0 : static int auth_for_each_sta(void *ctx, int (*cb)(struct wpa_state_machine *sm,
     342             :                                                   void *ctx),
     343             :                              void *cb_ctx)
     344             : {
     345           0 :         struct ibss_rsn *ibss_rsn = ctx;
     346             :         struct ibss_rsn_peer *peer;
     347             : 
     348           0 :         wpa_printf(MSG_DEBUG, "AUTH: for_each_sta");
     349             : 
     350           0 :         for (peer = ibss_rsn->peers; peer; peer = peer->next) {
     351           0 :                 if (peer->auth && cb(peer->auth, cb_ctx))
     352           0 :                         return 1;
     353             :         }
     354             : 
     355           0 :         return 0;
     356             : }
     357             : 
     358             : 
     359          24 : static void ibss_set_sta_authorized(struct ibss_rsn *ibss_rsn,
     360             :                                     struct ibss_rsn_peer *peer, int authorized)
     361             : {
     362             :         int res;
     363             : 
     364          24 :         if (authorized) {
     365          10 :                 res = wpa_drv_sta_set_flags(ibss_rsn->wpa_s, peer->addr,
     366             :                                             WPA_STA_AUTHORIZED,
     367             :                                             WPA_STA_AUTHORIZED, ~0);
     368          60 :                 wpa_printf(MSG_DEBUG, "AUTH: " MACSTR " authorizing port",
     369          60 :                            MAC2STR(peer->addr));
     370             :         } else {
     371          14 :                 res = wpa_drv_sta_set_flags(ibss_rsn->wpa_s, peer->addr,
     372             :                                             0, 0, ~WPA_STA_AUTHORIZED);
     373          84 :                 wpa_printf(MSG_DEBUG, "AUTH: " MACSTR " unauthorizing port",
     374          84 :                            MAC2STR(peer->addr));
     375             :         }
     376             : 
     377          24 :         if (res && errno != ENOENT) {
     378           0 :                 wpa_printf(MSG_DEBUG, "Could not set station " MACSTR " flags "
     379             :                            "for kernel driver (errno=%d)",
     380           0 :                            MAC2STR(peer->addr), errno);
     381             :         }
     382          24 : }
     383             : 
     384             : 
     385         134 : static void auth_set_eapol(void *ctx, const u8 *addr,
     386             :                                        wpa_eapol_variable var, int value)
     387             : {
     388         134 :         struct ibss_rsn *ibss_rsn = ctx;
     389         134 :         struct ibss_rsn_peer *peer = ibss_rsn_get_peer(ibss_rsn, addr);
     390             : 
     391         134 :         if (peer == NULL)
     392         134 :                 return;
     393             : 
     394         134 :         switch (var) {
     395             :         case WPA_EAPOL_authorized:
     396          24 :                 ibss_set_sta_authorized(ibss_rsn, peer, value);
     397          24 :                 break;
     398             :         default:
     399             :                 /* do not handle any other event */
     400         110 :                 wpa_printf(MSG_DEBUG, "AUTH: eapol event not handled %d", var);
     401         110 :                 break;
     402             :         }
     403             : }
     404             : 
     405             : 
     406           6 : static int ibss_rsn_auth_init_group(struct ibss_rsn *ibss_rsn,
     407             :                                     const u8 *own_addr)
     408             : {
     409             :         struct wpa_auth_config conf;
     410             :         struct wpa_auth_callbacks cb;
     411             : 
     412           6 :         wpa_printf(MSG_DEBUG, "AUTH: Initializing group state machine");
     413             : 
     414           6 :         os_memset(&conf, 0, sizeof(conf));
     415           6 :         conf.wpa = 2;
     416           6 :         conf.wpa_key_mgmt = WPA_KEY_MGMT_PSK;
     417           6 :         conf.wpa_pairwise = WPA_CIPHER_CCMP;
     418           6 :         conf.rsn_pairwise = WPA_CIPHER_CCMP;
     419           6 :         conf.wpa_group = WPA_CIPHER_CCMP;
     420           6 :         conf.eapol_version = 2;
     421           6 :         conf.wpa_group_rekey = 600;
     422             : 
     423           6 :         os_memset(&cb, 0, sizeof(cb));
     424           6 :         cb.ctx = ibss_rsn;
     425           6 :         cb.logger = auth_logger;
     426           6 :         cb.set_eapol = auth_set_eapol;
     427           6 :         cb.send_eapol = auth_send_eapol;
     428           6 :         cb.get_psk = auth_get_psk;
     429           6 :         cb.set_key = auth_set_key;
     430           6 :         cb.for_each_sta = auth_for_each_sta;
     431           6 :         cb.disconnect = ibss_rsn_disconnect;
     432             : 
     433           6 :         ibss_rsn->auth_group = wpa_init(own_addr, &conf, &cb);
     434           6 :         if (ibss_rsn->auth_group == NULL) {
     435           0 :                 wpa_printf(MSG_DEBUG, "AUTH: wpa_init() failed");
     436           0 :                 return -1;
     437             :         }
     438             : 
     439           6 :         wpa_init_keys(ibss_rsn->auth_group);
     440             : 
     441           6 :         return 0;
     442             : }
     443             : 
     444             : 
     445          12 : static int ibss_rsn_auth_init(struct ibss_rsn *ibss_rsn,
     446             :                               struct ibss_rsn_peer *peer)
     447             : {
     448          12 :         peer->auth = wpa_auth_sta_init(ibss_rsn->auth_group, peer->addr, NULL);
     449          12 :         if (peer->auth == NULL) {
     450           0 :                 wpa_printf(MSG_DEBUG, "AUTH: wpa_auth_sta_init() failed");
     451           0 :                 return -1;
     452             :         }
     453             : 
     454             :         /* TODO: get peer RSN IE with Probe Request */
     455          12 :         if (wpa_validate_wpa_ie(ibss_rsn->auth_group, peer->auth,
     456             :                                 (u8 *) "\x30\x14\x01\x00"
     457             :                                 "\x00\x0f\xac\x04"
     458             :                                 "\x01\x00\x00\x0f\xac\x04"
     459             :                                 "\x01\x00\x00\x0f\xac\x02"
     460             :                                 "\x00\x00", 22, NULL, 0) !=
     461             :             WPA_IE_OK) {
     462           0 :                 wpa_printf(MSG_DEBUG, "AUTH: wpa_validate_wpa_ie() failed");
     463           0 :                 return -1;
     464             :         }
     465             : 
     466          12 :         if (wpa_auth_sm_event(peer->auth, WPA_ASSOC))
     467           0 :                 return -1;
     468             : 
     469          12 :         if (wpa_auth_sta_associated(ibss_rsn->auth_group, peer->auth))
     470           0 :                 return -1;
     471             : 
     472          12 :         return 0;
     473             : }
     474             : 
     475             : 
     476          20 : static int ibss_rsn_send_auth(struct ibss_rsn *ibss_rsn, const u8 *da, int seq)
     477             : {
     478             :         struct ieee80211_mgmt auth;
     479          20 :         const size_t auth_length = IEEE80211_HDRLEN + sizeof(auth.u.auth);
     480          20 :         struct wpa_supplicant *wpa_s = ibss_rsn->wpa_s;
     481             : 
     482          20 :         if (wpa_s->driver->send_frame == NULL)
     483           0 :                 return -1;
     484             : 
     485          20 :         os_memset(&auth, 0, sizeof(auth));
     486             : 
     487          20 :         auth.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
     488             :                                           WLAN_FC_STYPE_AUTH);
     489          20 :         os_memcpy(auth.da, da, ETH_ALEN);
     490          20 :         os_memcpy(auth.sa, wpa_s->own_addr, ETH_ALEN);
     491          20 :         os_memcpy(auth.bssid, wpa_s->bssid, ETH_ALEN);
     492             : 
     493          20 :         auth.u.auth.auth_alg = host_to_le16(WLAN_AUTH_OPEN);
     494          20 :         auth.u.auth.auth_transaction = host_to_le16(seq);
     495          20 :         auth.u.auth.status_code = host_to_le16(WLAN_STATUS_SUCCESS);
     496             : 
     497         120 :         wpa_printf(MSG_DEBUG, "RSN: IBSS TX Auth frame (SEQ %d) to " MACSTR,
     498         120 :                    seq, MAC2STR(da));
     499             : 
     500          20 :         return wpa_s->driver->send_frame(wpa_s->drv_priv, (u8 *) &auth,
     501             :                                          auth_length, 0);
     502             : }
     503             : 
     504             : 
     505          40 : static int ibss_rsn_is_auth_started(struct ibss_rsn_peer * peer)
     506             : {
     507          40 :         return peer->authentication_status &
     508             :                (IBSS_RSN_AUTH_BY_US | IBSS_RSN_AUTH_EAPOL_BY_US);
     509             : }
     510             : 
     511             : 
     512             : static struct ibss_rsn_peer *
     513          12 : ibss_rsn_peer_init(struct ibss_rsn *ibss_rsn, const u8 *addr)
     514             : {
     515             :         struct ibss_rsn_peer *peer;
     516          12 :         if (ibss_rsn == NULL)
     517           0 :                 return NULL;
     518             : 
     519          12 :         peer = ibss_rsn_get_peer(ibss_rsn, addr);
     520          12 :         if (peer) {
     521           0 :                 wpa_printf(MSG_DEBUG, "RSN: IBSS Supplicant for peer "MACSTR
     522           0 :                            " already running", MAC2STR(addr));
     523           0 :                 return peer;
     524             :         }
     525             : 
     526          72 :         wpa_printf(MSG_DEBUG, "RSN: Starting IBSS Supplicant for peer "MACSTR,
     527          72 :                    MAC2STR(addr));
     528             : 
     529          12 :         peer = os_zalloc(sizeof(*peer));
     530          12 :         if (peer == NULL) {
     531           0 :                 wpa_printf(MSG_DEBUG, "RSN: Could not allocate memory.");
     532           0 :                 return NULL;
     533             :         }
     534             : 
     535          12 :         peer->ibss_rsn = ibss_rsn;
     536          12 :         os_memcpy(peer->addr, addr, ETH_ALEN);
     537          12 :         peer->authentication_status = IBSS_RSN_AUTH_NOT_AUTHENTICATED;
     538             : 
     539          12 :         if (ibss_rsn_supp_init(peer, ibss_rsn->wpa_s->own_addr,
     540          12 :                                ibss_rsn->psk) < 0) {
     541           0 :                 ibss_rsn_free(peer);
     542           0 :                 return NULL;
     543             :         }
     544             : 
     545          12 :         peer->next = ibss_rsn->peers;
     546          12 :         ibss_rsn->peers = peer;
     547             : 
     548          12 :         return peer;
     549             : }
     550             : 
     551             : 
     552           0 : static void ibss_rsn_auth_timeout(void *eloop_ctx, void *timeout_ctx)
     553             : {
     554           0 :         struct ibss_rsn_peer *peer = eloop_ctx;
     555             : 
     556             :         /*
     557             :          * Assume peer does not support Authentication exchange or the frame was
     558             :          * lost somewhere - start EAPOL Authenticator.
     559             :          */
     560           0 :         wpa_printf(MSG_DEBUG,
     561             :                    "RSN: Timeout on waiting Authentication frame response from "
     562           0 :                    MACSTR " - start authenticator", MAC2STR(peer->addr));
     563             : 
     564           0 :         peer->authentication_status |= IBSS_RSN_AUTH_BY_US;
     565           0 :         ibss_rsn_auth_init(peer->ibss_rsn, peer);
     566           0 : }
     567             : 
     568             : 
     569          10 : int ibss_rsn_start(struct ibss_rsn *ibss_rsn, const u8 *addr)
     570             : {
     571             :         struct ibss_rsn_peer *peer;
     572             :         int res;
     573             : 
     574             :         /* if the peer already exists, exit immediately */
     575          10 :         peer = ibss_rsn_get_peer(ibss_rsn, addr);
     576          10 :         if (peer)
     577           0 :                 return 0;
     578             : 
     579          10 :         peer = ibss_rsn_peer_init(ibss_rsn, addr);
     580          10 :         if (peer == NULL)
     581           0 :                 return -1;
     582             : 
     583             :         /* Open Authentication: send first Authentication frame */
     584          10 :         res = ibss_rsn_send_auth(ibss_rsn, addr, 1);
     585          10 :         if (res) {
     586             :                 /*
     587             :                  * The driver may not support Authentication frame exchange in
     588             :                  * IBSS. Ignore authentication and go through EAPOL exchange.
     589             :                  */
     590           0 :                 peer->authentication_status |= IBSS_RSN_AUTH_BY_US;
     591           0 :                 return ibss_rsn_auth_init(ibss_rsn, peer);
     592             :         } else {
     593          10 :                 os_get_reltime(&peer->own_auth_tx);
     594          10 :                 eloop_register_timeout(1, 0, ibss_rsn_auth_timeout, peer, NULL);
     595             :         }
     596             : 
     597          10 :         return 0;
     598             : }
     599             : 
     600             : 
     601          20 : static int ibss_rsn_peer_authenticated(struct ibss_rsn *ibss_rsn,
     602             :                                        struct ibss_rsn_peer *peer, int reason)
     603             : {
     604             :         int already_started;
     605             : 
     606          20 :         if (ibss_rsn == NULL || peer == NULL)
     607           0 :                 return -1;
     608             : 
     609          20 :         already_started = ibss_rsn_is_auth_started(peer);
     610          20 :         peer->authentication_status |= reason;
     611             : 
     612          20 :         if (already_started) {
     613          48 :                 wpa_printf(MSG_DEBUG, "RSN: IBSS Authenticator already "
     614          48 :                            "started for peer " MACSTR, MAC2STR(peer->addr));
     615           8 :                 return 0;
     616             :         }
     617             : 
     618          72 :         wpa_printf(MSG_DEBUG, "RSN: Starting IBSS Authenticator "
     619          72 :                    "for now-authenticated peer " MACSTR, MAC2STR(peer->addr));
     620             : 
     621          12 :         return ibss_rsn_auth_init(ibss_rsn, peer);
     622             : }
     623             : 
     624             : 
     625           4 : void ibss_rsn_stop(struct ibss_rsn *ibss_rsn, const u8 *peermac)
     626             : {
     627             :         struct ibss_rsn_peer *peer, *prev;
     628             : 
     629           4 :         if (ibss_rsn == NULL)
     630           4 :                 return;
     631             : 
     632           4 :         if (peermac == NULL) {
     633             :                 /* remove all peers */
     634           0 :                 wpa_printf(MSG_DEBUG, "%s: Remove all peers", __func__);
     635           0 :                 peer = ibss_rsn->peers;
     636           0 :                 while (peer) {
     637           0 :                         prev = peer;
     638           0 :                         peer = peer->next;
     639           0 :                         ibss_rsn_free(prev);
     640           0 :                         ibss_rsn->peers = peer;
     641             :                 }
     642             :         } else {
     643             :                 /* remove specific peer */
     644          24 :                 wpa_printf(MSG_DEBUG, "%s: Remove specific peer " MACSTR,
     645          24 :                            __func__, MAC2STR(peermac));
     646             : 
     647          11 :                 for (prev = NULL, peer = ibss_rsn->peers; peer != NULL;
     648           3 :                      prev = peer, peer = peer->next) {
     649           7 :                         if (os_memcmp(peermac, peer->addr, ETH_ALEN) == 0) {
     650           4 :                                 if (prev == NULL)
     651           1 :                                         ibss_rsn->peers = peer->next;
     652             :                                 else
     653           3 :                                         prev->next = peer->next;
     654           4 :                                 ibss_rsn_free(peer);
     655           4 :                                 wpa_printf(MSG_DEBUG, "%s: Successfully "
     656             :                                            "removed a specific peer",
     657             :                                            __func__);
     658           4 :                                 break;
     659             :                         }
     660             :                 }
     661             :         }
     662             : }
     663             : 
     664             : 
     665           6 : struct ibss_rsn * ibss_rsn_init(struct wpa_supplicant *wpa_s)
     666             : {
     667             :         struct ibss_rsn *ibss_rsn;
     668             : 
     669           6 :         ibss_rsn = os_zalloc(sizeof(*ibss_rsn));
     670           6 :         if (ibss_rsn == NULL)
     671           0 :                 return NULL;
     672           6 :         ibss_rsn->wpa_s = wpa_s;
     673             : 
     674           6 :         if (ibss_rsn_auth_init_group(ibss_rsn, wpa_s->own_addr) < 0) {
     675           0 :                 ibss_rsn_deinit(ibss_rsn);
     676           0 :                 return NULL;
     677             :         }
     678             : 
     679           6 :         return ibss_rsn;
     680             : }
     681             : 
     682             : 
     683        3441 : void ibss_rsn_deinit(struct ibss_rsn *ibss_rsn)
     684             : {
     685             :         struct ibss_rsn_peer *peer, *prev;
     686             : 
     687        3441 :         if (ibss_rsn == NULL)
     688        6876 :                 return;
     689             : 
     690           6 :         peer = ibss_rsn->peers;
     691          20 :         while (peer) {
     692           8 :                 prev = peer;
     693           8 :                 peer = peer->next;
     694           8 :                 ibss_rsn_free(prev);
     695             :         }
     696             : 
     697           6 :         wpa_deinit(ibss_rsn->auth_group);
     698           6 :         os_free(ibss_rsn);
     699             : 
     700             : }
     701             : 
     702             : 
     703          44 : static int ibss_rsn_eapol_dst_supp(const u8 *buf, size_t len)
     704             : {
     705             :         const struct ieee802_1x_hdr *hdr;
     706             :         const struct wpa_eapol_key *key;
     707             :         u16 key_info;
     708             :         size_t plen;
     709             : 
     710             :         /* TODO: Support other EAPOL packets than just EAPOL-Key */
     711             : 
     712          44 :         if (len < sizeof(*hdr) + sizeof(*key))
     713           0 :                 return -1;
     714             : 
     715          44 :         hdr = (const struct ieee802_1x_hdr *) buf;
     716          44 :         key = (const struct wpa_eapol_key *) (hdr + 1);
     717          44 :         plen = be_to_host16(hdr->length);
     718             : 
     719          44 :         if (hdr->version < EAPOL_VERSION) {
     720             :                 /* TODO: backwards compatibility */
     721             :         }
     722          44 :         if (hdr->type != IEEE802_1X_TYPE_EAPOL_KEY) {
     723           0 :                 wpa_printf(MSG_DEBUG, "RSN: EAPOL frame (type %u) discarded, "
     724           0 :                         "not a Key frame", hdr->type);
     725           0 :                 return -1;
     726             :         }
     727          44 :         if (plen > len - sizeof(*hdr) || plen < sizeof(*key)) {
     728           0 :                 wpa_printf(MSG_DEBUG, "RSN: EAPOL frame payload size %lu "
     729             :                            "invalid (frame size %lu)",
     730             :                            (unsigned long) plen, (unsigned long) len);
     731           0 :                 return -1;
     732             :         }
     733             : 
     734          44 :         if (key->type != EAPOL_KEY_TYPE_RSN) {
     735           0 :                 wpa_printf(MSG_DEBUG, "RSN: EAPOL-Key type (%d) unknown, "
     736           0 :                            "discarded", key->type);
     737           0 :                 return -1;
     738             :         }
     739             : 
     740          44 :         key_info = WPA_GET_BE16(key->key_info);
     741             : 
     742          44 :         return !!(key_info & WPA_KEY_INFO_ACK);
     743             : }
     744             : 
     745             : 
     746          44 : static int ibss_rsn_process_rx_eapol(struct ibss_rsn *ibss_rsn,
     747             :                                      struct ibss_rsn_peer *peer,
     748             :                                      const u8 *buf, size_t len)
     749             : {
     750             :         int supp;
     751             :         u8 *tmp;
     752             : 
     753          44 :         supp = ibss_rsn_eapol_dst_supp(buf, len);
     754          44 :         if (supp < 0)
     755           0 :                 return -1;
     756             : 
     757          44 :         tmp = os_malloc(len);
     758          44 :         if (tmp == NULL)
     759           0 :                 return -1;
     760          44 :         os_memcpy(tmp, buf, len);
     761          44 :         if (supp) {
     762          24 :                 peer->authentication_status |= IBSS_RSN_AUTH_EAPOL_BY_PEER;
     763         144 :                 wpa_printf(MSG_DEBUG, "RSN: IBSS RX EAPOL for Supplicant from "
     764         144 :                            MACSTR, MAC2STR(peer->addr));
     765          24 :                 wpa_sm_rx_eapol(peer->supp, peer->addr, tmp, len);
     766             :         } else {
     767          20 :                 if (ibss_rsn_is_auth_started(peer) == 0) {
     768           0 :                         wpa_printf(MSG_DEBUG, "RSN: IBSS EAPOL for "
     769             :                                    "Authenticator dropped as " MACSTR " is not "
     770           0 :                                    "authenticated", MAC2STR(peer->addr));
     771           0 :                         os_free(tmp);
     772           0 :                         return -1;
     773             :                 }
     774             : 
     775         120 :                 wpa_printf(MSG_DEBUG, "RSN: IBSS RX EAPOL for Authenticator "
     776         120 :                            "from "MACSTR, MAC2STR(peer->addr));
     777          20 :                 wpa_receive(ibss_rsn->auth_group, peer->auth, tmp, len);
     778             :         }
     779          44 :         os_free(tmp);
     780             : 
     781          44 :         return 1;
     782             : }
     783             : 
     784             : 
     785          44 : int ibss_rsn_rx_eapol(struct ibss_rsn *ibss_rsn, const u8 *src_addr,
     786             :                       const u8 *buf, size_t len)
     787             : {
     788             :         struct ibss_rsn_peer *peer;
     789             : 
     790          44 :         if (ibss_rsn == NULL)
     791           0 :                 return -1;
     792             : 
     793          44 :         peer = ibss_rsn_get_peer(ibss_rsn, src_addr);
     794          44 :         if (peer)
     795          44 :                 return ibss_rsn_process_rx_eapol(ibss_rsn, peer, buf, len);
     796             : 
     797           0 :         if (ibss_rsn_eapol_dst_supp(buf, len) > 0) {
     798             :                 /*
     799             :                  * Create new IBSS peer based on an EAPOL message from the peer
     800             :                  * Authenticator.
     801             :                  */
     802           0 :                 peer = ibss_rsn_peer_init(ibss_rsn, src_addr);
     803           0 :                 if (peer == NULL)
     804           0 :                         return -1;
     805             : 
     806             :                 /* assume the peer is authenticated already */
     807           0 :                 wpa_printf(MSG_DEBUG, "RSN: IBSS Not using IBSS Auth for peer "
     808           0 :                            MACSTR, MAC2STR(src_addr));
     809           0 :                 ibss_rsn_peer_authenticated(ibss_rsn, peer,
     810             :                                             IBSS_RSN_AUTH_EAPOL_BY_US);
     811             : 
     812           0 :                 return ibss_rsn_process_rx_eapol(ibss_rsn, ibss_rsn->peers,
     813             :                                                  buf, len);
     814             :         }
     815             : 
     816           0 :         return 0;
     817             : }
     818             : 
     819           6 : void ibss_rsn_set_psk(struct ibss_rsn *ibss_rsn, const u8 *psk)
     820             : {
     821           6 :         if (ibss_rsn == NULL)
     822           6 :                 return;
     823           6 :         os_memcpy(ibss_rsn->psk, psk, PMK_LEN);
     824             : }
     825             : 
     826             : 
     827          10 : static void ibss_rsn_handle_auth_1_of_2(struct ibss_rsn *ibss_rsn,
     828             :                                         struct ibss_rsn_peer *peer,
     829             :                                         const u8* addr)
     830             : {
     831          60 :         wpa_printf(MSG_DEBUG, "RSN: IBSS RX Auth frame (SEQ 1) from " MACSTR,
     832          60 :                    MAC2STR(addr));
     833             : 
     834          20 :         if (peer &&
     835          10 :             peer->authentication_status & IBSS_RSN_AUTH_EAPOL_BY_PEER) {
     836           3 :                 if (peer->own_auth_tx.sec) {
     837             :                         struct os_reltime now, diff;
     838           3 :                         os_get_reltime(&now);
     839           3 :                         os_reltime_sub(&now, &peer->own_auth_tx, &diff);
     840           3 :                         if (diff.sec == 0 && diff.usec < 500000) {
     841           1 :                                 wpa_printf(MSG_DEBUG, "RSN: Skip IBSS reinit since only %u usec from own Auth frame TX",
     842           1 :                                            (int) diff.usec);
     843           1 :                                 goto skip_reinit;
     844             :                         }
     845             :                 }
     846             :                 /*
     847             :                  * A peer sent us an Authentication frame even though it already
     848             :                  * started an EAPOL session. We should reinit state machines
     849             :                  * here, but it's much more complicated than just deleting and
     850             :                  * recreating the state machine
     851             :                  */
     852          12 :                 wpa_printf(MSG_DEBUG, "RSN: IBSS Reinitializing station "
     853          12 :                            MACSTR, MAC2STR(addr));
     854             : 
     855           2 :                 ibss_rsn_stop(ibss_rsn, addr);
     856           2 :                 peer = NULL;
     857             :         }
     858             : 
     859           9 :         if (!peer) {
     860           2 :                 peer = ibss_rsn_peer_init(ibss_rsn, addr);
     861           2 :                 if (!peer)
     862          10 :                         return;
     863             : 
     864          12 :                 wpa_printf(MSG_DEBUG, "RSN: IBSS Auth started by peer " MACSTR,
     865          12 :                            MAC2STR(addr));
     866             :         }
     867             : 
     868             : skip_reinit:
     869             :         /* reply with an Authentication frame now, before sending an EAPOL */
     870          10 :         ibss_rsn_send_auth(ibss_rsn, addr, 2);
     871             :         /* no need to start another AUTH challenge in the other way.. */
     872          10 :         ibss_rsn_peer_authenticated(ibss_rsn, peer, IBSS_RSN_AUTH_EAPOL_BY_US);
     873             : }
     874             : 
     875             : 
     876          20 : void ibss_rsn_handle_auth(struct ibss_rsn *ibss_rsn, const u8 *auth_frame,
     877             :                           size_t len)
     878             : {
     879             :         const struct ieee80211_mgmt *header;
     880             :         struct ibss_rsn_peer *peer;
     881             :         size_t auth_length;
     882             : 
     883          20 :         header = (const struct ieee80211_mgmt *) auth_frame;
     884          20 :         auth_length = IEEE80211_HDRLEN + sizeof(header->u.auth);
     885             : 
     886          20 :         if (ibss_rsn == NULL || len < auth_length)
     887           0 :                 return;
     888             : 
     889          40 :         if (le_to_host16(header->u.auth.auth_alg) != WLAN_AUTH_OPEN ||
     890          20 :             le_to_host16(header->u.auth.status_code) != WLAN_STATUS_SUCCESS)
     891           0 :                 return;
     892             : 
     893          20 :         peer = ibss_rsn_get_peer(ibss_rsn, header->sa);
     894             : 
     895          20 :         switch (le_to_host16(header->u.auth.auth_transaction)) {
     896             :         case 1:
     897          10 :                 ibss_rsn_handle_auth_1_of_2(ibss_rsn, peer, header->sa);
     898          10 :                 break;
     899             :         case 2:
     900          60 :                 wpa_printf(MSG_DEBUG, "RSN: IBSS RX Auth frame (SEQ 2) from "
     901          60 :                            MACSTR, MAC2STR(header->sa));
     902          10 :                 if (!peer) {
     903           0 :                         wpa_printf(MSG_DEBUG, "RSN: Received Auth seq 2 from "
     904           0 :                                    "unknown STA " MACSTR, MAC2STR(header->sa));
     905           0 :                         break;
     906             :                 }
     907             : 
     908             :                 /* authentication has been completed */
     909          10 :                 eloop_cancel_timeout(ibss_rsn_auth_timeout, peer, NULL);
     910          60 :                 wpa_printf(MSG_DEBUG, "RSN: IBSS Auth completed with " MACSTR,
     911          60 :                            MAC2STR(header->sa));
     912          10 :                 ibss_rsn_peer_authenticated(ibss_rsn, peer,
     913             :                                             IBSS_RSN_AUTH_BY_US);
     914          10 :                 break;
     915             :         }
     916             : }

Generated by: LCOV version 1.10