ibss_rsn.c revision b7b4d0ec07161a6d76c40ba7ef1306e82fbb7e15
1/* 2 * wpa_supplicant - IBSS RSN 3 * Copyright (c) 2009-2013, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9#include "includes.h" 10 11#include "common.h" 12#include "common/wpa_ctrl.h" 13#include "l2_packet/l2_packet.h" 14#include "rsn_supp/wpa.h" 15#include "rsn_supp/wpa_ie.h" 16#include "ap/wpa_auth.h" 17#include "wpa_supplicant_i.h" 18#include "driver_i.h" 19#include "common/ieee802_11_defs.h" 20#include "ibss_rsn.h" 21 22 23static struct ibss_rsn_peer * ibss_rsn_get_peer(struct ibss_rsn *ibss_rsn, 24 const u8 *addr) 25{ 26 struct ibss_rsn_peer *peer; 27 28 for (peer = ibss_rsn->peers; peer; peer = peer->next) 29 if (os_memcmp(addr, peer->addr, ETH_ALEN) == 0) 30 break; 31 return peer; 32} 33 34 35static void ibss_rsn_free(struct ibss_rsn_peer *peer) 36{ 37 wpa_auth_sta_deinit(peer->auth); 38 wpa_sm_deinit(peer->supp); 39 os_free(peer); 40} 41 42 43static void supp_set_state(void *ctx, enum wpa_states state) 44{ 45 struct ibss_rsn_peer *peer = ctx; 46 peer->supp_state = state; 47} 48 49 50static enum wpa_states supp_get_state(void *ctx) 51{ 52 struct ibss_rsn_peer *peer = ctx; 53 return peer->supp_state; 54} 55 56 57static int supp_ether_send(void *ctx, const u8 *dest, u16 proto, const u8 *buf, 58 size_t len) 59{ 60 struct ibss_rsn_peer *peer = ctx; 61 struct wpa_supplicant *wpa_s = peer->ibss_rsn->wpa_s; 62 63 wpa_printf(MSG_DEBUG, "SUPP: %s(dest=" MACSTR " proto=0x%04x " 64 "len=%lu)", 65 __func__, MAC2STR(dest), proto, (unsigned long) len); 66 67 if (wpa_s->l2) 68 return l2_packet_send(wpa_s->l2, dest, proto, buf, len); 69 70 return wpa_drv_send_eapol(wpa_s, dest, proto, buf, len); 71} 72 73 74static u8 * supp_alloc_eapol(void *ctx, u8 type, const void *data, 75 u16 data_len, size_t *msg_len, void **data_pos) 76{ 77 struct ieee802_1x_hdr *hdr; 78 79 wpa_printf(MSG_DEBUG, "SUPP: %s(type=%d data_len=%d)", 80 __func__, type, data_len); 81 82 *msg_len = sizeof(*hdr) + data_len; 83 hdr = os_malloc(*msg_len); 84 if (hdr == NULL) 85 return NULL; 86 87 hdr->version = 2; 88 hdr->type = type; 89 hdr->length = host_to_be16(data_len); 90 91 if (data) 92 os_memcpy(hdr + 1, data, data_len); 93 else 94 os_memset(hdr + 1, 0, data_len); 95 96 if (data_pos) 97 *data_pos = hdr + 1; 98 99 return (u8 *) hdr; 100} 101 102 103static int supp_get_beacon_ie(void *ctx) 104{ 105 struct ibss_rsn_peer *peer = ctx; 106 107 wpa_printf(MSG_DEBUG, "SUPP: %s", __func__); 108 /* TODO: get correct RSN IE */ 109 return wpa_sm_set_ap_rsn_ie(peer->supp, 110 (u8 *) "\x30\x14\x01\x00" 111 "\x00\x0f\xac\x04" 112 "\x01\x00\x00\x0f\xac\x04" 113 "\x01\x00\x00\x0f\xac\x02" 114 "\x00\x00", 22); 115} 116 117 118static void ibss_check_rsn_completed(struct ibss_rsn_peer *peer) 119{ 120 struct wpa_supplicant *wpa_s = peer->ibss_rsn->wpa_s; 121 122 if ((peer->authentication_status & 123 (IBSS_RSN_SET_PTK_SUPP | IBSS_RSN_SET_PTK_AUTH)) != 124 (IBSS_RSN_SET_PTK_SUPP | IBSS_RSN_SET_PTK_AUTH)) 125 return; 126 if (peer->authentication_status & IBSS_RSN_REPORTED_PTK) 127 return; 128 peer->authentication_status |= IBSS_RSN_REPORTED_PTK; 129 wpa_msg(wpa_s, MSG_INFO, IBSS_RSN_COMPLETED MACSTR, 130 MAC2STR(peer->addr)); 131} 132 133 134static int supp_set_key(void *ctx, enum wpa_alg alg, 135 const u8 *addr, int key_idx, int set_tx, 136 const u8 *seq, size_t seq_len, 137 const u8 *key, size_t key_len) 138{ 139 struct ibss_rsn_peer *peer = ctx; 140 141 wpa_printf(MSG_DEBUG, "SUPP: %s(alg=%d addr=" MACSTR " key_idx=%d " 142 "set_tx=%d)", 143 __func__, alg, MAC2STR(addr), key_idx, set_tx); 144 wpa_hexdump(MSG_DEBUG, "SUPP: set_key - seq", seq, seq_len); 145 wpa_hexdump_key(MSG_DEBUG, "SUPP: set_key - key", key, key_len); 146 147 if (key_idx == 0) { 148 peer->authentication_status |= IBSS_RSN_SET_PTK_SUPP; 149 ibss_check_rsn_completed(peer); 150 /* 151 * In IBSS RSN, the pairwise key from the 4-way handshake 152 * initiated by the peer with highest MAC address is used. 153 */ 154 if (os_memcmp(peer->ibss_rsn->wpa_s->own_addr, peer->addr, 155 ETH_ALEN) > 0) { 156 wpa_printf(MSG_DEBUG, "SUPP: Do not use this PTK"); 157 return 0; 158 } 159 } 160 161 if (is_broadcast_ether_addr(addr)) 162 addr = peer->addr; 163 return wpa_drv_set_key(peer->ibss_rsn->wpa_s, alg, addr, key_idx, 164 set_tx, seq, seq_len, key, key_len); 165} 166 167 168static void * supp_get_network_ctx(void *ctx) 169{ 170 struct ibss_rsn_peer *peer = ctx; 171 return wpa_supplicant_get_ssid(peer->ibss_rsn->wpa_s); 172} 173 174 175static int supp_mlme_setprotection(void *ctx, const u8 *addr, 176 int protection_type, int key_type) 177{ 178 wpa_printf(MSG_DEBUG, "SUPP: %s(addr=" MACSTR " protection_type=%d " 179 "key_type=%d)", 180 __func__, MAC2STR(addr), protection_type, key_type); 181 return 0; 182} 183 184 185static void supp_cancel_auth_timeout(void *ctx) 186{ 187 wpa_printf(MSG_DEBUG, "SUPP: %s", __func__); 188} 189 190 191static void supp_deauthenticate(void * ctx, int reason_code) 192{ 193 wpa_printf(MSG_DEBUG, "SUPP: %s (TODO)", __func__); 194} 195 196 197static int ibss_rsn_supp_init(struct ibss_rsn_peer *peer, const u8 *own_addr, 198 const u8 *psk) 199{ 200 struct wpa_sm_ctx *ctx = os_zalloc(sizeof(*ctx)); 201 if (ctx == NULL) 202 return -1; 203 204 ctx->ctx = peer; 205 ctx->msg_ctx = peer->ibss_rsn->wpa_s; 206 ctx->set_state = supp_set_state; 207 ctx->get_state = supp_get_state; 208 ctx->ether_send = supp_ether_send; 209 ctx->get_beacon_ie = supp_get_beacon_ie; 210 ctx->alloc_eapol = supp_alloc_eapol; 211 ctx->set_key = supp_set_key; 212 ctx->get_network_ctx = supp_get_network_ctx; 213 ctx->mlme_setprotection = supp_mlme_setprotection; 214 ctx->cancel_auth_timeout = supp_cancel_auth_timeout; 215 ctx->deauthenticate = supp_deauthenticate; 216 peer->supp = wpa_sm_init(ctx); 217 if (peer->supp == NULL) { 218 wpa_printf(MSG_DEBUG, "SUPP: wpa_sm_init() failed"); 219 return -1; 220 } 221 222 wpa_sm_set_own_addr(peer->supp, own_addr); 223 wpa_sm_set_param(peer->supp, WPA_PARAM_RSN_ENABLED, 1); 224 wpa_sm_set_param(peer->supp, WPA_PARAM_PROTO, WPA_PROTO_RSN); 225 wpa_sm_set_param(peer->supp, WPA_PARAM_PAIRWISE, WPA_CIPHER_CCMP); 226 wpa_sm_set_param(peer->supp, WPA_PARAM_GROUP, WPA_CIPHER_CCMP); 227 wpa_sm_set_param(peer->supp, WPA_PARAM_KEY_MGMT, WPA_KEY_MGMT_PSK); 228 wpa_sm_set_pmk(peer->supp, psk, PMK_LEN); 229 230 peer->supp_ie_len = sizeof(peer->supp_ie); 231 if (wpa_sm_set_assoc_wpa_ie_default(peer->supp, peer->supp_ie, 232 &peer->supp_ie_len) < 0) { 233 wpa_printf(MSG_DEBUG, "SUPP: wpa_sm_set_assoc_wpa_ie_default()" 234 " failed"); 235 return -1; 236 } 237 238 wpa_sm_notify_assoc(peer->supp, peer->addr); 239 240 return 0; 241} 242 243 244static void auth_logger(void *ctx, const u8 *addr, logger_level level, 245 const char *txt) 246{ 247 if (addr) 248 wpa_printf(MSG_DEBUG, "AUTH: " MACSTR " - %s", 249 MAC2STR(addr), txt); 250 else 251 wpa_printf(MSG_DEBUG, "AUTH: %s", txt); 252} 253 254 255static const u8 * auth_get_psk(void *ctx, const u8 *addr, const u8 *prev_psk) 256{ 257 struct ibss_rsn *ibss_rsn = ctx; 258 wpa_printf(MSG_DEBUG, "AUTH: %s (addr=" MACSTR " prev_psk=%p)", 259 __func__, MAC2STR(addr), prev_psk); 260 if (prev_psk) 261 return NULL; 262 return ibss_rsn->psk; 263} 264 265 266static int auth_send_eapol(void *ctx, const u8 *addr, const u8 *data, 267 size_t data_len, int encrypt) 268{ 269 struct ibss_rsn *ibss_rsn = ctx; 270 struct wpa_supplicant *wpa_s = ibss_rsn->wpa_s; 271 272 wpa_printf(MSG_DEBUG, "AUTH: %s(addr=" MACSTR " data_len=%lu " 273 "encrypt=%d)", 274 __func__, MAC2STR(addr), (unsigned long) data_len, encrypt); 275 276 if (wpa_s->l2) 277 return l2_packet_send(wpa_s->l2, addr, ETH_P_EAPOL, data, 278 data_len); 279 280 return wpa_drv_send_eapol(wpa_s, addr, ETH_P_EAPOL, data, data_len); 281} 282 283 284static int auth_set_key(void *ctx, int vlan_id, enum wpa_alg alg, 285 const u8 *addr, int idx, u8 *key, size_t key_len) 286{ 287 struct ibss_rsn *ibss_rsn = ctx; 288 u8 seq[6]; 289 290 os_memset(seq, 0, sizeof(seq)); 291 292 if (addr) { 293 wpa_printf(MSG_DEBUG, "AUTH: %s(alg=%d addr=" MACSTR 294 " key_idx=%d)", 295 __func__, alg, MAC2STR(addr), idx); 296 } else { 297 wpa_printf(MSG_DEBUG, "AUTH: %s(alg=%d key_idx=%d)", 298 __func__, alg, idx); 299 } 300 wpa_hexdump_key(MSG_DEBUG, "AUTH: set_key - key", key, key_len); 301 302 if (idx == 0) { 303 if (addr) { 304 struct ibss_rsn_peer *peer; 305 peer = ibss_rsn_get_peer(ibss_rsn, addr); 306 if (peer) { 307 peer->authentication_status |= 308 IBSS_RSN_SET_PTK_AUTH; 309 ibss_check_rsn_completed(peer); 310 } 311 } 312 /* 313 * In IBSS RSN, the pairwise key from the 4-way handshake 314 * initiated by the peer with highest MAC address is used. 315 */ 316 if (addr == NULL || 317 os_memcmp(ibss_rsn->wpa_s->own_addr, addr, ETH_ALEN) < 0) { 318 wpa_printf(MSG_DEBUG, "AUTH: Do not use this PTK"); 319 return 0; 320 } 321 } 322 323 return wpa_drv_set_key(ibss_rsn->wpa_s, alg, addr, idx, 324 1, seq, 6, key, key_len); 325} 326 327 328static void ibss_rsn_disconnect(void *ctx, const u8 *addr, u16 reason) 329{ 330 struct ibss_rsn *ibss_rsn = ctx; 331 wpa_drv_sta_deauth(ibss_rsn->wpa_s, addr, reason); 332} 333 334 335static int auth_for_each_sta(void *ctx, int (*cb)(struct wpa_state_machine *sm, 336 void *ctx), 337 void *cb_ctx) 338{ 339 struct ibss_rsn *ibss_rsn = ctx; 340 struct ibss_rsn_peer *peer; 341 342 wpa_printf(MSG_DEBUG, "AUTH: for_each_sta"); 343 344 for (peer = ibss_rsn->peers; peer; peer = peer->next) { 345 if (peer->auth && cb(peer->auth, cb_ctx)) 346 return 1; 347 } 348 349 return 0; 350} 351 352 353static void ibss_set_sta_authorized(struct ibss_rsn *ibss_rsn, 354 struct ibss_rsn_peer *peer, int authorized) 355{ 356 int res; 357 358 if (authorized) { 359 res = wpa_drv_sta_set_flags(ibss_rsn->wpa_s, peer->addr, 360 WPA_STA_AUTHORIZED, 361 WPA_STA_AUTHORIZED, ~0); 362 wpa_printf(MSG_DEBUG, "AUTH: " MACSTR " authorizing port", 363 MAC2STR(peer->addr)); 364 } else { 365 res = wpa_drv_sta_set_flags(ibss_rsn->wpa_s, peer->addr, 366 0, 0, ~WPA_STA_AUTHORIZED); 367 wpa_printf(MSG_DEBUG, "AUTH: " MACSTR " unauthorizing port", 368 MAC2STR(peer->addr)); 369 } 370 371 if (res && errno != ENOENT) { 372 wpa_printf(MSG_DEBUG, "Could not set station " MACSTR " flags " 373 "for kernel driver (errno=%d)", 374 MAC2STR(peer->addr), errno); 375 } 376} 377 378 379static void auth_set_eapol(void *ctx, const u8 *addr, 380 wpa_eapol_variable var, int value) 381{ 382 struct ibss_rsn *ibss_rsn = ctx; 383 struct ibss_rsn_peer *peer = ibss_rsn_get_peer(ibss_rsn, addr); 384 385 if (peer == NULL) 386 return; 387 388 switch (var) { 389 case WPA_EAPOL_authorized: 390 ibss_set_sta_authorized(ibss_rsn, peer, value); 391 break; 392 default: 393 /* do not handle any other event */ 394 wpa_printf(MSG_DEBUG, "AUTH: eapol event not handled %d", var); 395 break; 396 } 397} 398 399 400static int ibss_rsn_auth_init_group(struct ibss_rsn *ibss_rsn, 401 const u8 *own_addr) 402{ 403 struct wpa_auth_config conf; 404 struct wpa_auth_callbacks cb; 405 406 wpa_printf(MSG_DEBUG, "AUTH: Initializing group state machine"); 407 408 os_memset(&conf, 0, sizeof(conf)); 409 conf.wpa = 2; 410 conf.wpa_key_mgmt = WPA_KEY_MGMT_PSK; 411 conf.wpa_pairwise = WPA_CIPHER_CCMP; 412 conf.rsn_pairwise = WPA_CIPHER_CCMP; 413 conf.wpa_group = WPA_CIPHER_CCMP; 414 conf.eapol_version = 2; 415 conf.wpa_group_rekey = 600; 416 417 os_memset(&cb, 0, sizeof(cb)); 418 cb.ctx = ibss_rsn; 419 cb.logger = auth_logger; 420 cb.set_eapol = auth_set_eapol; 421 cb.send_eapol = auth_send_eapol; 422 cb.get_psk = auth_get_psk; 423 cb.set_key = auth_set_key; 424 cb.for_each_sta = auth_for_each_sta; 425 cb.disconnect = ibss_rsn_disconnect; 426 427 ibss_rsn->auth_group = wpa_init(own_addr, &conf, &cb); 428 if (ibss_rsn->auth_group == NULL) { 429 wpa_printf(MSG_DEBUG, "AUTH: wpa_init() failed"); 430 return -1; 431 } 432 433 wpa_init_keys(ibss_rsn->auth_group); 434 435 return 0; 436} 437 438 439static int ibss_rsn_auth_init(struct ibss_rsn *ibss_rsn, 440 struct ibss_rsn_peer *peer) 441{ 442 peer->auth = wpa_auth_sta_init(ibss_rsn->auth_group, peer->addr); 443 if (peer->auth == NULL) { 444 wpa_printf(MSG_DEBUG, "AUTH: wpa_auth_sta_init() failed"); 445 return -1; 446 } 447 448 /* TODO: get peer RSN IE with Probe Request */ 449 if (wpa_validate_wpa_ie(ibss_rsn->auth_group, peer->auth, 450 (u8 *) "\x30\x14\x01\x00" 451 "\x00\x0f\xac\x04" 452 "\x01\x00\x00\x0f\xac\x04" 453 "\x01\x00\x00\x0f\xac\x02" 454 "\x00\x00", 22, NULL, 0) != 455 WPA_IE_OK) { 456 wpa_printf(MSG_DEBUG, "AUTH: wpa_validate_wpa_ie() failed"); 457 return -1; 458 } 459 460 if (wpa_auth_sm_event(peer->auth, WPA_ASSOC)) 461 return -1; 462 463 if (wpa_auth_sta_associated(ibss_rsn->auth_group, peer->auth)) 464 return -1; 465 466 return 0; 467} 468 469 470static int ibss_rsn_send_auth(struct ibss_rsn *ibss_rsn, const u8 *da, int seq) 471{ 472 struct ieee80211_mgmt auth; 473 const size_t auth_length = IEEE80211_HDRLEN + sizeof(auth.u.auth); 474 struct wpa_supplicant *wpa_s = ibss_rsn->wpa_s; 475 476 if (wpa_s->driver->send_frame == NULL) 477 return -1; 478 479 os_memset(&auth, 0, sizeof(auth)); 480 481 auth.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 482 WLAN_FC_STYPE_AUTH); 483 os_memcpy(auth.da, da, ETH_ALEN); 484 os_memcpy(auth.sa, wpa_s->own_addr, ETH_ALEN); 485 os_memcpy(auth.bssid, wpa_s->bssid, ETH_ALEN); 486 487 auth.u.auth.auth_alg = host_to_le16(WLAN_AUTH_OPEN); 488 auth.u.auth.auth_transaction = host_to_le16(seq); 489 auth.u.auth.status_code = host_to_le16(WLAN_STATUS_SUCCESS); 490 491 wpa_printf(MSG_DEBUG, "RSN: IBSS TX Auth frame (SEQ %d) to " MACSTR, 492 seq, MAC2STR(da)); 493 494 return wpa_s->driver->send_frame(wpa_s->drv_priv, (u8 *) &auth, 495 auth_length, 0); 496} 497 498 499static int ibss_rsn_is_auth_started(struct ibss_rsn_peer * peer) 500{ 501 return peer->authentication_status & 502 (IBSS_RSN_AUTH_BY_US | IBSS_RSN_AUTH_EAPOL_BY_US); 503} 504 505 506static struct ibss_rsn_peer * 507ibss_rsn_peer_init(struct ibss_rsn *ibss_rsn, const u8 *addr) 508{ 509 struct ibss_rsn_peer *peer; 510 if (ibss_rsn == NULL) 511 return NULL; 512 513 peer = ibss_rsn_get_peer(ibss_rsn, addr); 514 if (peer) { 515 wpa_printf(MSG_DEBUG, "RSN: IBSS Supplicant for peer "MACSTR 516 " already running", MAC2STR(addr)); 517 return peer; 518 } 519 520 wpa_printf(MSG_DEBUG, "RSN: Starting IBSS Supplicant for peer "MACSTR, 521 MAC2STR(addr)); 522 523 peer = os_zalloc(sizeof(*peer)); 524 if (peer == NULL) { 525 wpa_printf(MSG_DEBUG, "RSN: Could not allocate memory."); 526 return NULL; 527 } 528 529 peer->ibss_rsn = ibss_rsn; 530 os_memcpy(peer->addr, addr, ETH_ALEN); 531 peer->authentication_status = IBSS_RSN_AUTH_NOT_AUTHENTICATED; 532 533 if (ibss_rsn_supp_init(peer, ibss_rsn->wpa_s->own_addr, 534 ibss_rsn->psk) < 0) { 535 ibss_rsn_free(peer); 536 return NULL; 537 } 538 539 peer->next = ibss_rsn->peers; 540 ibss_rsn->peers = peer; 541 542 return peer; 543} 544 545 546int ibss_rsn_start(struct ibss_rsn *ibss_rsn, const u8 *addr) 547{ 548 struct ibss_rsn_peer *peer; 549 int res; 550 551 /* if the peer already exists, exit immediately */ 552 peer = ibss_rsn_get_peer(ibss_rsn, addr); 553 if (peer) 554 return 0; 555 556 peer = ibss_rsn_peer_init(ibss_rsn, addr); 557 if (peer == NULL) 558 return -1; 559 560 /* Open Authentication: send first Authentication frame */ 561 res = ibss_rsn_send_auth(ibss_rsn, addr, 1); 562 if (res) { 563 /* 564 * The driver may not support Authentication frame exchange in 565 * IBSS. Ignore authentication and go through EAPOL exchange. 566 */ 567 peer->authentication_status |= IBSS_RSN_AUTH_BY_US; 568 return ibss_rsn_auth_init(ibss_rsn, peer); 569 } 570 571 return 0; 572} 573 574 575static int ibss_rsn_peer_authenticated(struct ibss_rsn *ibss_rsn, 576 struct ibss_rsn_peer *peer, int reason) 577{ 578 int already_started; 579 580 if (ibss_rsn == NULL || peer == NULL) 581 return -1; 582 583 already_started = ibss_rsn_is_auth_started(peer); 584 peer->authentication_status |= reason; 585 586 if (already_started) { 587 wpa_printf(MSG_DEBUG, "RSN: IBSS Authenticator already " 588 "started for peer " MACSTR, MAC2STR(peer->addr)); 589 return 0; 590 } 591 592 wpa_printf(MSG_DEBUG, "RSN: Starting IBSS Authenticator " 593 "for now-authenticated peer " MACSTR, MAC2STR(peer->addr)); 594 595 return ibss_rsn_auth_init(ibss_rsn, peer); 596} 597 598 599void ibss_rsn_stop(struct ibss_rsn *ibss_rsn, const u8 *peermac) 600{ 601 struct ibss_rsn_peer *peer, *prev; 602 603 if (ibss_rsn == NULL) 604 return; 605 606 if (peermac == NULL) { 607 /* remove all peers */ 608 wpa_printf(MSG_DEBUG, "%s: Remove all peers", __func__); 609 peer = ibss_rsn->peers; 610 while (peer) { 611 prev = peer; 612 peer = peer->next; 613 ibss_rsn_free(prev); 614 ibss_rsn->peers = peer; 615 } 616 } else { 617 /* remove specific peer */ 618 wpa_printf(MSG_DEBUG, "%s: Remove specific peer " MACSTR, 619 __func__, MAC2STR(peermac)); 620 621 for (prev = NULL, peer = ibss_rsn->peers; peer != NULL; 622 prev = peer, peer = peer->next) { 623 if (os_memcmp(peermac, peer->addr, ETH_ALEN) == 0) { 624 if (prev == NULL) 625 ibss_rsn->peers = peer->next; 626 else 627 prev->next = peer->next; 628 ibss_rsn_free(peer); 629 wpa_printf(MSG_DEBUG, "%s: Successfully " 630 "removed a specific peer", 631 __func__); 632 break; 633 } 634 } 635 } 636} 637 638 639struct ibss_rsn * ibss_rsn_init(struct wpa_supplicant *wpa_s) 640{ 641 struct ibss_rsn *ibss_rsn; 642 643 ibss_rsn = os_zalloc(sizeof(*ibss_rsn)); 644 if (ibss_rsn == NULL) 645 return NULL; 646 ibss_rsn->wpa_s = wpa_s; 647 648 if (ibss_rsn_auth_init_group(ibss_rsn, wpa_s->own_addr) < 0) { 649 ibss_rsn_deinit(ibss_rsn); 650 return NULL; 651 } 652 653 return ibss_rsn; 654} 655 656 657void ibss_rsn_deinit(struct ibss_rsn *ibss_rsn) 658{ 659 struct ibss_rsn_peer *peer, *prev; 660 661 if (ibss_rsn == NULL) 662 return; 663 664 peer = ibss_rsn->peers; 665 while (peer) { 666 prev = peer; 667 peer = peer->next; 668 ibss_rsn_free(prev); 669 } 670 671 wpa_deinit(ibss_rsn->auth_group); 672 os_free(ibss_rsn); 673 674} 675 676 677static int ibss_rsn_eapol_dst_supp(const u8 *buf, size_t len) 678{ 679 const struct ieee802_1x_hdr *hdr; 680 const struct wpa_eapol_key *key; 681 u16 key_info; 682 size_t plen; 683 684 /* TODO: Support other EAPOL packets than just EAPOL-Key */ 685 686 if (len < sizeof(*hdr) + sizeof(*key)) 687 return -1; 688 689 hdr = (const struct ieee802_1x_hdr *) buf; 690 key = (const struct wpa_eapol_key *) (hdr + 1); 691 plen = be_to_host16(hdr->length); 692 693 if (hdr->version < EAPOL_VERSION) { 694 /* TODO: backwards compatibility */ 695 } 696 if (hdr->type != IEEE802_1X_TYPE_EAPOL_KEY) { 697 wpa_printf(MSG_DEBUG, "RSN: EAPOL frame (type %u) discarded, " 698 "not a Key frame", hdr->type); 699 return -1; 700 } 701 if (plen > len - sizeof(*hdr) || plen < sizeof(*key)) { 702 wpa_printf(MSG_DEBUG, "RSN: EAPOL frame payload size %lu " 703 "invalid (frame size %lu)", 704 (unsigned long) plen, (unsigned long) len); 705 return -1; 706 } 707 708 if (key->type != EAPOL_KEY_TYPE_RSN) { 709 wpa_printf(MSG_DEBUG, "RSN: EAPOL-Key type (%d) unknown, " 710 "discarded", key->type); 711 return -1; 712 } 713 714 key_info = WPA_GET_BE16(key->key_info); 715 716 return !!(key_info & WPA_KEY_INFO_ACK); 717} 718 719 720static int ibss_rsn_process_rx_eapol(struct ibss_rsn *ibss_rsn, 721 struct ibss_rsn_peer *peer, 722 const u8 *buf, size_t len) 723{ 724 int supp; 725 u8 *tmp; 726 727 supp = ibss_rsn_eapol_dst_supp(buf, len); 728 if (supp < 0) 729 return -1; 730 731 tmp = os_malloc(len); 732 if (tmp == NULL) 733 return -1; 734 os_memcpy(tmp, buf, len); 735 if (supp) { 736 peer->authentication_status |= IBSS_RSN_AUTH_EAPOL_BY_PEER; 737 wpa_printf(MSG_DEBUG, "RSN: IBSS RX EAPOL for Supplicant from " 738 MACSTR, MAC2STR(peer->addr)); 739 wpa_sm_rx_eapol(peer->supp, peer->addr, tmp, len); 740 } else { 741 if (ibss_rsn_is_auth_started(peer) == 0) { 742 wpa_printf(MSG_DEBUG, "RSN: IBSS EAPOL for " 743 "Authenticator dropped as " MACSTR " is not " 744 "authenticated", MAC2STR(peer->addr)); 745 os_free(tmp); 746 return -1; 747 } 748 749 wpa_printf(MSG_DEBUG, "RSN: IBSS RX EAPOL for Authenticator " 750 "from "MACSTR, MAC2STR(peer->addr)); 751 wpa_receive(ibss_rsn->auth_group, peer->auth, tmp, len); 752 } 753 os_free(tmp); 754 755 return 1; 756} 757 758 759int ibss_rsn_rx_eapol(struct ibss_rsn *ibss_rsn, const u8 *src_addr, 760 const u8 *buf, size_t len) 761{ 762 struct ibss_rsn_peer *peer; 763 764 if (ibss_rsn == NULL) 765 return -1; 766 767 peer = ibss_rsn_get_peer(ibss_rsn, src_addr); 768 if (peer) 769 return ibss_rsn_process_rx_eapol(ibss_rsn, peer, buf, len); 770 771 if (ibss_rsn_eapol_dst_supp(buf, len) > 0) { 772 /* 773 * Create new IBSS peer based on an EAPOL message from the peer 774 * Authenticator. 775 */ 776 peer = ibss_rsn_peer_init(ibss_rsn, src_addr); 777 if (peer == NULL) 778 return -1; 779 780 /* assume the peer is authenticated already */ 781 wpa_printf(MSG_DEBUG, "RSN: IBSS Not using IBSS Auth for peer " 782 MACSTR, MAC2STR(src_addr)); 783 ibss_rsn_peer_authenticated(ibss_rsn, peer, 784 IBSS_RSN_AUTH_EAPOL_BY_US); 785 786 return ibss_rsn_process_rx_eapol(ibss_rsn, ibss_rsn->peers, 787 buf, len); 788 } 789 790 return 0; 791} 792 793void ibss_rsn_set_psk(struct ibss_rsn *ibss_rsn, const u8 *psk) 794{ 795 if (ibss_rsn == NULL) 796 return; 797 os_memcpy(ibss_rsn->psk, psk, PMK_LEN); 798} 799 800 801static void ibss_rsn_handle_auth_1_of_2(struct ibss_rsn *ibss_rsn, 802 struct ibss_rsn_peer *peer, 803 const u8* addr) 804{ 805 wpa_printf(MSG_DEBUG, "RSN: IBSS RX Auth frame (SEQ 1) from " MACSTR, 806 MAC2STR(addr)); 807 808 if (peer && 809 peer->authentication_status & IBSS_RSN_AUTH_EAPOL_BY_PEER) { 810 /* 811 * A peer sent us an Authentication frame even though it already 812 * started an EAPOL session. We should reinit state machines 813 * here, but it's much more complicated than just deleting and 814 * recreating the state machine 815 */ 816 wpa_printf(MSG_DEBUG, "RSN: IBSS Reinitializing station " 817 MACSTR, MAC2STR(addr)); 818 819 ibss_rsn_stop(ibss_rsn, addr); 820 peer = NULL; 821 } 822 823 if (!peer) { 824 peer = ibss_rsn_peer_init(ibss_rsn, addr); 825 if (!peer) 826 return; 827 828 wpa_printf(MSG_DEBUG, "RSN: IBSS Auth started by peer " MACSTR, 829 MAC2STR(addr)); 830 } 831 832 /* reply with an Authentication frame now, before sending an EAPOL */ 833 ibss_rsn_send_auth(ibss_rsn, addr, 2); 834 /* no need to start another AUTH challenge in the other way.. */ 835 ibss_rsn_peer_authenticated(ibss_rsn, peer, IBSS_RSN_AUTH_EAPOL_BY_US); 836} 837 838 839void ibss_rsn_handle_auth(struct ibss_rsn *ibss_rsn, const u8 *auth_frame, 840 size_t len) 841{ 842 const struct ieee80211_mgmt *header; 843 struct ibss_rsn_peer *peer; 844 size_t auth_length; 845 846 header = (const struct ieee80211_mgmt *) auth_frame; 847 auth_length = IEEE80211_HDRLEN + sizeof(header->u.auth); 848 849 if (ibss_rsn == NULL || len < auth_length) 850 return; 851 852 if (le_to_host16(header->u.auth.auth_alg) != WLAN_AUTH_OPEN || 853 le_to_host16(header->u.auth.status_code) != WLAN_STATUS_SUCCESS) 854 return; 855 856 peer = ibss_rsn_get_peer(ibss_rsn, header->sa); 857 858 switch (le_to_host16(header->u.auth.auth_transaction)) { 859 case 1: 860 ibss_rsn_handle_auth_1_of_2(ibss_rsn, peer, header->sa); 861 break; 862 case 2: 863 wpa_printf(MSG_DEBUG, "RSN: IBSS RX Auth frame (SEQ 2) from " 864 MACSTR, MAC2STR(header->sa)); 865 if (!peer) { 866 wpa_printf(MSG_DEBUG, "RSN: Received Auth seq 2 from " 867 "unknown STA " MACSTR, MAC2STR(header->sa)); 868 break; 869 } 870 871 /* authentication has been completed */ 872 wpa_printf(MSG_DEBUG, "RSN: IBSS Auth completed with "MACSTR, 873 MAC2STR(header->sa)); 874 ibss_rsn_peer_authenticated(ibss_rsn, peer, 875 IBSS_RSN_AUTH_BY_US); 876 break; 877 } 878} 879