tkip_countermeasures.c revision 1f69aa52ea2e0a73ac502565df8c666ee49cab6a
18d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt/* 28d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * hostapd / TKIP countermeasures 31f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt * Copyright (c) 2002-2011, Jouni Malinen <j@w1.fi> 48d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 58d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * This program is free software; you can redistribute it and/or modify 68d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * it under the terms of the GNU General Public License version 2 as 78d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * published by the Free Software Foundation. 88d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 98d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * Alternatively, this software may be distributed under the terms of BSD 108d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * license. 118d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * 128d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt * See README and COPYING for more details. 138d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt */ 148d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 158d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "utils/includes.h" 168d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 178d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "utils/common.h" 188d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "utils/eloop.h" 198d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "common/ieee802_11_defs.h" 208d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "hostapd.h" 218d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "sta_info.h" 228d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "ap_mlme.h" 238d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "wpa_auth.h" 248d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "ap_drv_ops.h" 258d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt#include "tkip_countermeasures.h" 268d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 278d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 288d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstatic void ieee80211_tkip_countermeasures_stop(void *eloop_ctx, 298d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt void *timeout_ctx) 308d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt{ 318d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct hostapd_data *hapd = eloop_ctx; 328d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt hapd->tkip_countermeasures = 0; 338d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt hostapd_drv_set_countermeasures(hapd, 0); 348d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE80211, 358d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt HOSTAPD_LEVEL_INFO, "TKIP countermeasures ended"); 368d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} 378d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 388d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 398d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtstatic void ieee80211_tkip_countermeasures_start(struct hostapd_data *hapd) 408d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt{ 418d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct sta_info *sta; 428d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 438d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt hostapd_logger(hapd, NULL, HOSTAPD_MODULE_IEEE80211, 448d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt HOSTAPD_LEVEL_INFO, "TKIP countermeasures initiated"); 458d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 468d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt wpa_auth_countermeasures_start(hapd->wpa_auth); 478d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt hapd->tkip_countermeasures = 1; 488d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt hostapd_drv_set_countermeasures(hapd, 1); 498d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt wpa_gtk_rekey(hapd->wpa_auth); 508d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt eloop_cancel_timeout(ieee80211_tkip_countermeasures_stop, hapd, NULL); 518d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt eloop_register_timeout(60, 0, ieee80211_tkip_countermeasures_stop, 528d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt hapd, NULL); 538d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt for (sta = hapd->sta_list; sta != NULL; sta = sta->next) { 548d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt hostapd_drv_sta_deauth(hapd, sta->addr, 558d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt WLAN_REASON_MICHAEL_MIC_FAILURE); 568d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ap_sta_set_authorized(hapd, sta, 0); 578d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC); 588d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt hostapd_drv_sta_remove(hapd, sta->addr); 598d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt } 608d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} 618d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 628d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 631f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidtvoid ieee80211_tkip_countermeasures_deinit(struct hostapd_data *hapd) 641f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt{ 651f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt eloop_cancel_timeout(ieee80211_tkip_countermeasures_stop, hapd, NULL); 661f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt} 671f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt 681f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt 698d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidtvoid michael_mic_failure(struct hostapd_data *hapd, const u8 *addr, int local) 708d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt{ 711f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt struct os_time now; 728d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 738d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt if (addr && local) { 748d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt struct sta_info *sta = ap_get_sta(hapd, addr); 758d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt if (sta != NULL) { 768d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt wpa_auth_sta_local_mic_failure_report(sta->wpa_sm); 778d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt hostapd_logger(hapd, addr, HOSTAPD_MODULE_IEEE80211, 788d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt HOSTAPD_LEVEL_INFO, 798d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt "Michael MIC failure detected in " 808d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt "received frame"); 818d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt mlme_michaelmicfailure_indication(hapd, addr); 828d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt } else { 838d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt wpa_printf(MSG_DEBUG, 848d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt "MLME-MICHAELMICFAILURE.indication " 858d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt "for not associated STA (" MACSTR 868d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ") ignored", MAC2STR(addr)); 878d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt return; 888d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt } 898d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt } 908d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt 911f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt os_get_time(&now); 921f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt if (now.sec > hapd->michael_mic_failure + 60) { 938d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt hapd->michael_mic_failures = 1; 948d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt } else { 958d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt hapd->michael_mic_failures++; 968d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt if (hapd->michael_mic_failures > 1) 978d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt ieee80211_tkip_countermeasures_start(hapd); 988d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt } 991f69aa52ea2e0a73ac502565df8c666ee49cab6aDmitry Shmidt hapd->michael_mic_failure = now.sec; 1008d520ff1dc2da35cdca849e982051b86468016d8Dmitry Shmidt} 101