ibss_rsn.c revision cc00d5dc8483e32158b2ba61ea44b0c38d790ed7
1/* 2 * wpa_supplicant - IBSS RSN 3 * Copyright (c) 2009-2013, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9#include "includes.h" 10 11#include "common.h" 12#include "common/wpa_ctrl.h" 13#include "utils/eloop.h" 14#include "l2_packet/l2_packet.h" 15#include "rsn_supp/wpa.h" 16#include "rsn_supp/wpa_ie.h" 17#include "ap/wpa_auth.h" 18#include "wpa_supplicant_i.h" 19#include "driver_i.h" 20#include "common/ieee802_11_defs.h" 21#include "ibss_rsn.h" 22 23 24static void ibss_rsn_auth_timeout(void *eloop_ctx, void *timeout_ctx); 25 26 27static struct ibss_rsn_peer * ibss_rsn_get_peer(struct ibss_rsn *ibss_rsn, 28 const u8 *addr) 29{ 30 struct ibss_rsn_peer *peer; 31 32 for (peer = ibss_rsn->peers; peer; peer = peer->next) 33 if (os_memcmp(addr, peer->addr, ETH_ALEN) == 0) 34 break; 35 return peer; 36} 37 38 39static void ibss_rsn_free(struct ibss_rsn_peer *peer) 40{ 41 eloop_cancel_timeout(ibss_rsn_auth_timeout, peer, NULL); 42 wpa_auth_sta_deinit(peer->auth); 43 wpa_sm_deinit(peer->supp); 44 os_free(peer); 45} 46 47 48static void supp_set_state(void *ctx, enum wpa_states state) 49{ 50 struct ibss_rsn_peer *peer = ctx; 51 peer->supp_state = state; 52} 53 54 55static enum wpa_states supp_get_state(void *ctx) 56{ 57 struct ibss_rsn_peer *peer = ctx; 58 return peer->supp_state; 59} 60 61 62static int supp_ether_send(void *ctx, const u8 *dest, u16 proto, const u8 *buf, 63 size_t len) 64{ 65 struct ibss_rsn_peer *peer = ctx; 66 struct wpa_supplicant *wpa_s = peer->ibss_rsn->wpa_s; 67 68 wpa_printf(MSG_DEBUG, "SUPP: %s(dest=" MACSTR " proto=0x%04x " 69 "len=%lu)", 70 __func__, MAC2STR(dest), proto, (unsigned long) len); 71 72 if (wpa_s->l2) 73 return l2_packet_send(wpa_s->l2, dest, proto, buf, len); 74 75 return -1; 76} 77 78 79static u8 * supp_alloc_eapol(void *ctx, u8 type, const void *data, 80 u16 data_len, size_t *msg_len, void **data_pos) 81{ 82 struct ieee802_1x_hdr *hdr; 83 84 wpa_printf(MSG_DEBUG, "SUPP: %s(type=%d data_len=%d)", 85 __func__, type, data_len); 86 87 *msg_len = sizeof(*hdr) + data_len; 88 hdr = os_malloc(*msg_len); 89 if (hdr == NULL) 90 return NULL; 91 92 hdr->version = 2; 93 hdr->type = type; 94 hdr->length = host_to_be16(data_len); 95 96 if (data) 97 os_memcpy(hdr + 1, data, data_len); 98 else 99 os_memset(hdr + 1, 0, data_len); 100 101 if (data_pos) 102 *data_pos = hdr + 1; 103 104 return (u8 *) hdr; 105} 106 107 108static int supp_get_beacon_ie(void *ctx) 109{ 110 struct ibss_rsn_peer *peer = ctx; 111 112 wpa_printf(MSG_DEBUG, "SUPP: %s", __func__); 113 /* TODO: get correct RSN IE */ 114 return wpa_sm_set_ap_rsn_ie(peer->supp, 115 (u8 *) "\x30\x14\x01\x00" 116 "\x00\x0f\xac\x04" 117 "\x01\x00\x00\x0f\xac\x04" 118 "\x01\x00\x00\x0f\xac\x02" 119 "\x00\x00", 22); 120} 121 122 123static void ibss_check_rsn_completed(struct ibss_rsn_peer *peer) 124{ 125 struct wpa_supplicant *wpa_s = peer->ibss_rsn->wpa_s; 126 127 if ((peer->authentication_status & 128 (IBSS_RSN_SET_PTK_SUPP | IBSS_RSN_SET_PTK_AUTH)) != 129 (IBSS_RSN_SET_PTK_SUPP | IBSS_RSN_SET_PTK_AUTH)) 130 return; 131 if (peer->authentication_status & IBSS_RSN_REPORTED_PTK) 132 return; 133 peer->authentication_status |= IBSS_RSN_REPORTED_PTK; 134 wpa_msg(wpa_s, MSG_INFO, IBSS_RSN_COMPLETED MACSTR, 135 MAC2STR(peer->addr)); 136} 137 138 139static int supp_set_key(void *ctx, enum wpa_alg alg, 140 const u8 *addr, int key_idx, int set_tx, 141 const u8 *seq, size_t seq_len, 142 const u8 *key, size_t key_len) 143{ 144 struct ibss_rsn_peer *peer = ctx; 145 146 wpa_printf(MSG_DEBUG, "SUPP: %s(alg=%d addr=" MACSTR " key_idx=%d " 147 "set_tx=%d)", 148 __func__, alg, MAC2STR(addr), key_idx, set_tx); 149 wpa_hexdump(MSG_DEBUG, "SUPP: set_key - seq", seq, seq_len); 150 wpa_hexdump_key(MSG_DEBUG, "SUPP: set_key - key", key, key_len); 151 152 if (key_idx == 0) { 153 peer->authentication_status |= IBSS_RSN_SET_PTK_SUPP; 154 ibss_check_rsn_completed(peer); 155 /* 156 * In IBSS RSN, the pairwise key from the 4-way handshake 157 * initiated by the peer with highest MAC address is used. 158 */ 159 if (os_memcmp(peer->ibss_rsn->wpa_s->own_addr, peer->addr, 160 ETH_ALEN) > 0) { 161 wpa_printf(MSG_DEBUG, "SUPP: Do not use this PTK"); 162 return 0; 163 } 164 } 165 166 if (is_broadcast_ether_addr(addr)) 167 addr = peer->addr; 168 return wpa_drv_set_key(peer->ibss_rsn->wpa_s, alg, addr, key_idx, 169 set_tx, seq, seq_len, key, key_len); 170} 171 172 173static void * supp_get_network_ctx(void *ctx) 174{ 175 struct ibss_rsn_peer *peer = ctx; 176 return wpa_supplicant_get_ssid(peer->ibss_rsn->wpa_s); 177} 178 179 180static int supp_mlme_setprotection(void *ctx, const u8 *addr, 181 int protection_type, int key_type) 182{ 183 wpa_printf(MSG_DEBUG, "SUPP: %s(addr=" MACSTR " protection_type=%d " 184 "key_type=%d)", 185 __func__, MAC2STR(addr), protection_type, key_type); 186 return 0; 187} 188 189 190static void supp_cancel_auth_timeout(void *ctx) 191{ 192 wpa_printf(MSG_DEBUG, "SUPP: %s", __func__); 193} 194 195 196static void supp_deauthenticate(void * ctx, int reason_code) 197{ 198 wpa_printf(MSG_DEBUG, "SUPP: %s (TODO)", __func__); 199} 200 201 202static int ibss_rsn_supp_init(struct ibss_rsn_peer *peer, const u8 *own_addr, 203 const u8 *psk) 204{ 205 struct wpa_sm_ctx *ctx = os_zalloc(sizeof(*ctx)); 206 if (ctx == NULL) 207 return -1; 208 209 ctx->ctx = peer; 210 ctx->msg_ctx = peer->ibss_rsn->wpa_s; 211 ctx->set_state = supp_set_state; 212 ctx->get_state = supp_get_state; 213 ctx->ether_send = supp_ether_send; 214 ctx->get_beacon_ie = supp_get_beacon_ie; 215 ctx->alloc_eapol = supp_alloc_eapol; 216 ctx->set_key = supp_set_key; 217 ctx->get_network_ctx = supp_get_network_ctx; 218 ctx->mlme_setprotection = supp_mlme_setprotection; 219 ctx->cancel_auth_timeout = supp_cancel_auth_timeout; 220 ctx->deauthenticate = supp_deauthenticate; 221 peer->supp = wpa_sm_init(ctx); 222 if (peer->supp == NULL) { 223 wpa_printf(MSG_DEBUG, "SUPP: wpa_sm_init() failed"); 224 return -1; 225 } 226 227 wpa_sm_set_own_addr(peer->supp, own_addr); 228 wpa_sm_set_param(peer->supp, WPA_PARAM_RSN_ENABLED, 1); 229 wpa_sm_set_param(peer->supp, WPA_PARAM_PROTO, WPA_PROTO_RSN); 230 wpa_sm_set_param(peer->supp, WPA_PARAM_PAIRWISE, WPA_CIPHER_CCMP); 231 wpa_sm_set_param(peer->supp, WPA_PARAM_GROUP, WPA_CIPHER_CCMP); 232 wpa_sm_set_param(peer->supp, WPA_PARAM_KEY_MGMT, WPA_KEY_MGMT_PSK); 233 wpa_sm_set_pmk(peer->supp, psk, PMK_LEN, NULL); 234 235 peer->supp_ie_len = sizeof(peer->supp_ie); 236 if (wpa_sm_set_assoc_wpa_ie_default(peer->supp, peer->supp_ie, 237 &peer->supp_ie_len) < 0) { 238 wpa_printf(MSG_DEBUG, "SUPP: wpa_sm_set_assoc_wpa_ie_default()" 239 " failed"); 240 return -1; 241 } 242 243 wpa_sm_notify_assoc(peer->supp, peer->addr); 244 245 return 0; 246} 247 248 249static void auth_logger(void *ctx, const u8 *addr, logger_level level, 250 const char *txt) 251{ 252 if (addr) 253 wpa_printf(MSG_DEBUG, "AUTH: " MACSTR " - %s", 254 MAC2STR(addr), txt); 255 else 256 wpa_printf(MSG_DEBUG, "AUTH: %s", txt); 257} 258 259 260static const u8 * auth_get_psk(void *ctx, const u8 *addr, 261 const u8 *p2p_dev_addr, const u8 *prev_psk) 262{ 263 struct ibss_rsn *ibss_rsn = ctx; 264 wpa_printf(MSG_DEBUG, "AUTH: %s (addr=" MACSTR " prev_psk=%p)", 265 __func__, MAC2STR(addr), prev_psk); 266 if (prev_psk) 267 return NULL; 268 return ibss_rsn->psk; 269} 270 271 272static int auth_send_eapol(void *ctx, const u8 *addr, const u8 *data, 273 size_t data_len, int encrypt) 274{ 275 struct ibss_rsn *ibss_rsn = ctx; 276 struct wpa_supplicant *wpa_s = ibss_rsn->wpa_s; 277 278 wpa_printf(MSG_DEBUG, "AUTH: %s(addr=" MACSTR " data_len=%lu " 279 "encrypt=%d)", 280 __func__, MAC2STR(addr), (unsigned long) data_len, encrypt); 281 282 if (wpa_s->l2) 283 return l2_packet_send(wpa_s->l2, addr, ETH_P_EAPOL, data, 284 data_len); 285 286 return -1; 287} 288 289 290static int auth_set_key(void *ctx, int vlan_id, enum wpa_alg alg, 291 const u8 *addr, int idx, u8 *key, size_t key_len) 292{ 293 struct ibss_rsn *ibss_rsn = ctx; 294 u8 seq[6]; 295 296 os_memset(seq, 0, sizeof(seq)); 297 298 if (addr) { 299 wpa_printf(MSG_DEBUG, "AUTH: %s(alg=%d addr=" MACSTR 300 " key_idx=%d)", 301 __func__, alg, MAC2STR(addr), idx); 302 } else { 303 wpa_printf(MSG_DEBUG, "AUTH: %s(alg=%d key_idx=%d)", 304 __func__, alg, idx); 305 } 306 wpa_hexdump_key(MSG_DEBUG, "AUTH: set_key - key", key, key_len); 307 308 if (idx == 0) { 309 if (addr) { 310 struct ibss_rsn_peer *peer; 311 peer = ibss_rsn_get_peer(ibss_rsn, addr); 312 if (peer) { 313 peer->authentication_status |= 314 IBSS_RSN_SET_PTK_AUTH; 315 ibss_check_rsn_completed(peer); 316 } 317 } 318 /* 319 * In IBSS RSN, the pairwise key from the 4-way handshake 320 * initiated by the peer with highest MAC address is used. 321 */ 322 if (addr == NULL || 323 os_memcmp(ibss_rsn->wpa_s->own_addr, addr, ETH_ALEN) < 0) { 324 wpa_printf(MSG_DEBUG, "AUTH: Do not use this PTK"); 325 return 0; 326 } 327 } 328 329 return wpa_drv_set_key(ibss_rsn->wpa_s, alg, addr, idx, 330 1, seq, 6, key, key_len); 331} 332 333 334static void ibss_rsn_disconnect(void *ctx, const u8 *addr, u16 reason) 335{ 336 struct ibss_rsn *ibss_rsn = ctx; 337 wpa_drv_sta_deauth(ibss_rsn->wpa_s, addr, reason); 338} 339 340 341static int auth_for_each_sta(void *ctx, int (*cb)(struct wpa_state_machine *sm, 342 void *ctx), 343 void *cb_ctx) 344{ 345 struct ibss_rsn *ibss_rsn = ctx; 346 struct ibss_rsn_peer *peer; 347 348 wpa_printf(MSG_DEBUG, "AUTH: for_each_sta"); 349 350 for (peer = ibss_rsn->peers; peer; peer = peer->next) { 351 if (peer->auth && cb(peer->auth, cb_ctx)) 352 return 1; 353 } 354 355 return 0; 356} 357 358 359static void ibss_set_sta_authorized(struct ibss_rsn *ibss_rsn, 360 struct ibss_rsn_peer *peer, int authorized) 361{ 362 int res; 363 364 if (authorized) { 365 res = wpa_drv_sta_set_flags(ibss_rsn->wpa_s, peer->addr, 366 WPA_STA_AUTHORIZED, 367 WPA_STA_AUTHORIZED, ~0); 368 wpa_printf(MSG_DEBUG, "AUTH: " MACSTR " authorizing port", 369 MAC2STR(peer->addr)); 370 } else { 371 res = wpa_drv_sta_set_flags(ibss_rsn->wpa_s, peer->addr, 372 0, 0, ~WPA_STA_AUTHORIZED); 373 wpa_printf(MSG_DEBUG, "AUTH: " MACSTR " unauthorizing port", 374 MAC2STR(peer->addr)); 375 } 376 377 if (res && errno != ENOENT) { 378 wpa_printf(MSG_DEBUG, "Could not set station " MACSTR " flags " 379 "for kernel driver (errno=%d)", 380 MAC2STR(peer->addr), errno); 381 } 382} 383 384 385static void auth_set_eapol(void *ctx, const u8 *addr, 386 wpa_eapol_variable var, int value) 387{ 388 struct ibss_rsn *ibss_rsn = ctx; 389 struct ibss_rsn_peer *peer = ibss_rsn_get_peer(ibss_rsn, addr); 390 391 if (peer == NULL) 392 return; 393 394 switch (var) { 395 case WPA_EAPOL_authorized: 396 ibss_set_sta_authorized(ibss_rsn, peer, value); 397 break; 398 default: 399 /* do not handle any other event */ 400 wpa_printf(MSG_DEBUG, "AUTH: eapol event not handled %d", var); 401 break; 402 } 403} 404 405 406static int ibss_rsn_auth_init_group(struct ibss_rsn *ibss_rsn, 407 const u8 *own_addr) 408{ 409 struct wpa_auth_config conf; 410 struct wpa_auth_callbacks cb; 411 412 wpa_printf(MSG_DEBUG, "AUTH: Initializing group state machine"); 413 414 os_memset(&conf, 0, sizeof(conf)); 415 conf.wpa = 2; 416 conf.wpa_key_mgmt = WPA_KEY_MGMT_PSK; 417 conf.wpa_pairwise = WPA_CIPHER_CCMP; 418 conf.rsn_pairwise = WPA_CIPHER_CCMP; 419 conf.wpa_group = WPA_CIPHER_CCMP; 420 conf.eapol_version = 2; 421 conf.wpa_group_rekey = 600; 422 423 os_memset(&cb, 0, sizeof(cb)); 424 cb.ctx = ibss_rsn; 425 cb.logger = auth_logger; 426 cb.set_eapol = auth_set_eapol; 427 cb.send_eapol = auth_send_eapol; 428 cb.get_psk = auth_get_psk; 429 cb.set_key = auth_set_key; 430 cb.for_each_sta = auth_for_each_sta; 431 cb.disconnect = ibss_rsn_disconnect; 432 433 ibss_rsn->auth_group = wpa_init(own_addr, &conf, &cb); 434 if (ibss_rsn->auth_group == NULL) { 435 wpa_printf(MSG_DEBUG, "AUTH: wpa_init() failed"); 436 return -1; 437 } 438 439 wpa_init_keys(ibss_rsn->auth_group); 440 441 return 0; 442} 443 444 445static int ibss_rsn_auth_init(struct ibss_rsn *ibss_rsn, 446 struct ibss_rsn_peer *peer) 447{ 448 peer->auth = wpa_auth_sta_init(ibss_rsn->auth_group, peer->addr, NULL); 449 if (peer->auth == NULL) { 450 wpa_printf(MSG_DEBUG, "AUTH: wpa_auth_sta_init() failed"); 451 return -1; 452 } 453 454 /* TODO: get peer RSN IE with Probe Request */ 455 if (wpa_validate_wpa_ie(ibss_rsn->auth_group, peer->auth, 456 (u8 *) "\x30\x14\x01\x00" 457 "\x00\x0f\xac\x04" 458 "\x01\x00\x00\x0f\xac\x04" 459 "\x01\x00\x00\x0f\xac\x02" 460 "\x00\x00", 22, NULL, 0) != 461 WPA_IE_OK) { 462 wpa_printf(MSG_DEBUG, "AUTH: wpa_validate_wpa_ie() failed"); 463 return -1; 464 } 465 466 if (wpa_auth_sm_event(peer->auth, WPA_ASSOC)) 467 return -1; 468 469 if (wpa_auth_sta_associated(ibss_rsn->auth_group, peer->auth)) 470 return -1; 471 472 return 0; 473} 474 475 476static int ibss_rsn_send_auth(struct ibss_rsn *ibss_rsn, const u8 *da, int seq) 477{ 478 struct ieee80211_mgmt auth; 479 const size_t auth_length = IEEE80211_HDRLEN + sizeof(auth.u.auth); 480 struct wpa_supplicant *wpa_s = ibss_rsn->wpa_s; 481 482 if (wpa_s->driver->send_frame == NULL) 483 return -1; 484 485 os_memset(&auth, 0, sizeof(auth)); 486 487 auth.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 488 WLAN_FC_STYPE_AUTH); 489 os_memcpy(auth.da, da, ETH_ALEN); 490 os_memcpy(auth.sa, wpa_s->own_addr, ETH_ALEN); 491 os_memcpy(auth.bssid, wpa_s->bssid, ETH_ALEN); 492 493 auth.u.auth.auth_alg = host_to_le16(WLAN_AUTH_OPEN); 494 auth.u.auth.auth_transaction = host_to_le16(seq); 495 auth.u.auth.status_code = host_to_le16(WLAN_STATUS_SUCCESS); 496 497 wpa_printf(MSG_DEBUG, "RSN: IBSS TX Auth frame (SEQ %d) to " MACSTR, 498 seq, MAC2STR(da)); 499 500 return wpa_s->driver->send_frame(wpa_s->drv_priv, (u8 *) &auth, 501 auth_length, 0); 502} 503 504 505static int ibss_rsn_is_auth_started(struct ibss_rsn_peer * peer) 506{ 507 return peer->authentication_status & 508 (IBSS_RSN_AUTH_BY_US | IBSS_RSN_AUTH_EAPOL_BY_US); 509} 510 511 512static struct ibss_rsn_peer * 513ibss_rsn_peer_init(struct ibss_rsn *ibss_rsn, const u8 *addr) 514{ 515 struct ibss_rsn_peer *peer; 516 if (ibss_rsn == NULL) 517 return NULL; 518 519 peer = ibss_rsn_get_peer(ibss_rsn, addr); 520 if (peer) { 521 wpa_printf(MSG_DEBUG, "RSN: IBSS Supplicant for peer "MACSTR 522 " already running", MAC2STR(addr)); 523 return peer; 524 } 525 526 wpa_printf(MSG_DEBUG, "RSN: Starting IBSS Supplicant for peer "MACSTR, 527 MAC2STR(addr)); 528 529 peer = os_zalloc(sizeof(*peer)); 530 if (peer == NULL) { 531 wpa_printf(MSG_DEBUG, "RSN: Could not allocate memory."); 532 return NULL; 533 } 534 535 peer->ibss_rsn = ibss_rsn; 536 os_memcpy(peer->addr, addr, ETH_ALEN); 537 peer->authentication_status = IBSS_RSN_AUTH_NOT_AUTHENTICATED; 538 539 if (ibss_rsn_supp_init(peer, ibss_rsn->wpa_s->own_addr, 540 ibss_rsn->psk) < 0) { 541 ibss_rsn_free(peer); 542 return NULL; 543 } 544 545 peer->next = ibss_rsn->peers; 546 ibss_rsn->peers = peer; 547 548 return peer; 549} 550 551 552static void ibss_rsn_auth_timeout(void *eloop_ctx, void *timeout_ctx) 553{ 554 struct ibss_rsn_peer *peer = eloop_ctx; 555 556 /* 557 * Assume peer does not support Authentication exchange or the frame was 558 * lost somewhere - start EAPOL Authenticator. 559 */ 560 wpa_printf(MSG_DEBUG, 561 "RSN: Timeout on waiting Authentication frame response from " 562 MACSTR " - start authenticator", MAC2STR(peer->addr)); 563 564 peer->authentication_status |= IBSS_RSN_AUTH_BY_US; 565 ibss_rsn_auth_init(peer->ibss_rsn, peer); 566} 567 568 569int ibss_rsn_start(struct ibss_rsn *ibss_rsn, const u8 *addr) 570{ 571 struct ibss_rsn_peer *peer; 572 int res; 573 574 if (!ibss_rsn) 575 return -1; 576 577 /* if the peer already exists, exit immediately */ 578 peer = ibss_rsn_get_peer(ibss_rsn, addr); 579 if (peer) 580 return 0; 581 582 peer = ibss_rsn_peer_init(ibss_rsn, addr); 583 if (peer == NULL) 584 return -1; 585 586 /* Open Authentication: send first Authentication frame */ 587 res = ibss_rsn_send_auth(ibss_rsn, addr, 1); 588 if (res) { 589 /* 590 * The driver may not support Authentication frame exchange in 591 * IBSS. Ignore authentication and go through EAPOL exchange. 592 */ 593 peer->authentication_status |= IBSS_RSN_AUTH_BY_US; 594 return ibss_rsn_auth_init(ibss_rsn, peer); 595 } else { 596 os_get_reltime(&peer->own_auth_tx); 597 eloop_register_timeout(1, 0, ibss_rsn_auth_timeout, peer, NULL); 598 } 599 600 return 0; 601} 602 603 604static int ibss_rsn_peer_authenticated(struct ibss_rsn *ibss_rsn, 605 struct ibss_rsn_peer *peer, int reason) 606{ 607 int already_started; 608 609 if (ibss_rsn == NULL || peer == NULL) 610 return -1; 611 612 already_started = ibss_rsn_is_auth_started(peer); 613 peer->authentication_status |= reason; 614 615 if (already_started) { 616 wpa_printf(MSG_DEBUG, "RSN: IBSS Authenticator already " 617 "started for peer " MACSTR, MAC2STR(peer->addr)); 618 return 0; 619 } 620 621 wpa_printf(MSG_DEBUG, "RSN: Starting IBSS Authenticator " 622 "for now-authenticated peer " MACSTR, MAC2STR(peer->addr)); 623 624 return ibss_rsn_auth_init(ibss_rsn, peer); 625} 626 627 628void ibss_rsn_stop(struct ibss_rsn *ibss_rsn, const u8 *peermac) 629{ 630 struct ibss_rsn_peer *peer, *prev; 631 632 if (ibss_rsn == NULL) 633 return; 634 635 if (peermac == NULL) { 636 /* remove all peers */ 637 wpa_printf(MSG_DEBUG, "%s: Remove all peers", __func__); 638 peer = ibss_rsn->peers; 639 while (peer) { 640 prev = peer; 641 peer = peer->next; 642 ibss_rsn_free(prev); 643 ibss_rsn->peers = peer; 644 } 645 } else { 646 /* remove specific peer */ 647 wpa_printf(MSG_DEBUG, "%s: Remove specific peer " MACSTR, 648 __func__, MAC2STR(peermac)); 649 650 for (prev = NULL, peer = ibss_rsn->peers; peer != NULL; 651 prev = peer, peer = peer->next) { 652 if (os_memcmp(peermac, peer->addr, ETH_ALEN) == 0) { 653 if (prev == NULL) 654 ibss_rsn->peers = peer->next; 655 else 656 prev->next = peer->next; 657 ibss_rsn_free(peer); 658 wpa_printf(MSG_DEBUG, "%s: Successfully " 659 "removed a specific peer", 660 __func__); 661 break; 662 } 663 } 664 } 665} 666 667 668struct ibss_rsn * ibss_rsn_init(struct wpa_supplicant *wpa_s) 669{ 670 struct ibss_rsn *ibss_rsn; 671 672 ibss_rsn = os_zalloc(sizeof(*ibss_rsn)); 673 if (ibss_rsn == NULL) 674 return NULL; 675 ibss_rsn->wpa_s = wpa_s; 676 677 if (ibss_rsn_auth_init_group(ibss_rsn, wpa_s->own_addr) < 0) { 678 ibss_rsn_deinit(ibss_rsn); 679 return NULL; 680 } 681 682 return ibss_rsn; 683} 684 685 686void ibss_rsn_deinit(struct ibss_rsn *ibss_rsn) 687{ 688 struct ibss_rsn_peer *peer, *prev; 689 690 if (ibss_rsn == NULL) 691 return; 692 693 peer = ibss_rsn->peers; 694 while (peer) { 695 prev = peer; 696 peer = peer->next; 697 ibss_rsn_free(prev); 698 } 699 700 wpa_deinit(ibss_rsn->auth_group); 701 os_free(ibss_rsn); 702 703} 704 705 706static int ibss_rsn_eapol_dst_supp(const u8 *buf, size_t len) 707{ 708 const struct ieee802_1x_hdr *hdr; 709 const struct wpa_eapol_key *key; 710 u16 key_info; 711 size_t plen; 712 713 /* TODO: Support other EAPOL packets than just EAPOL-Key */ 714 715 if (len < sizeof(*hdr) + sizeof(*key)) 716 return -1; 717 718 hdr = (const struct ieee802_1x_hdr *) buf; 719 key = (const struct wpa_eapol_key *) (hdr + 1); 720 plen = be_to_host16(hdr->length); 721 722 if (hdr->version < EAPOL_VERSION) { 723 /* TODO: backwards compatibility */ 724 } 725 if (hdr->type != IEEE802_1X_TYPE_EAPOL_KEY) { 726 wpa_printf(MSG_DEBUG, "RSN: EAPOL frame (type %u) discarded, " 727 "not a Key frame", hdr->type); 728 return -1; 729 } 730 if (plen > len - sizeof(*hdr) || plen < sizeof(*key)) { 731 wpa_printf(MSG_DEBUG, "RSN: EAPOL frame payload size %lu " 732 "invalid (frame size %lu)", 733 (unsigned long) plen, (unsigned long) len); 734 return -1; 735 } 736 737 if (key->type != EAPOL_KEY_TYPE_RSN) { 738 wpa_printf(MSG_DEBUG, "RSN: EAPOL-Key type (%d) unknown, " 739 "discarded", key->type); 740 return -1; 741 } 742 743 key_info = WPA_GET_BE16(key->key_info); 744 745 return !!(key_info & WPA_KEY_INFO_ACK); 746} 747 748 749static int ibss_rsn_process_rx_eapol(struct ibss_rsn *ibss_rsn, 750 struct ibss_rsn_peer *peer, 751 const u8 *buf, size_t len) 752{ 753 int supp; 754 u8 *tmp; 755 756 supp = ibss_rsn_eapol_dst_supp(buf, len); 757 if (supp < 0) 758 return -1; 759 760 tmp = os_malloc(len); 761 if (tmp == NULL) 762 return -1; 763 os_memcpy(tmp, buf, len); 764 if (supp) { 765 peer->authentication_status |= IBSS_RSN_AUTH_EAPOL_BY_PEER; 766 wpa_printf(MSG_DEBUG, "RSN: IBSS RX EAPOL for Supplicant from " 767 MACSTR, MAC2STR(peer->addr)); 768 wpa_sm_rx_eapol(peer->supp, peer->addr, tmp, len); 769 } else { 770 if (ibss_rsn_is_auth_started(peer) == 0) { 771 wpa_printf(MSG_DEBUG, "RSN: IBSS EAPOL for " 772 "Authenticator dropped as " MACSTR " is not " 773 "authenticated", MAC2STR(peer->addr)); 774 os_free(tmp); 775 return -1; 776 } 777 778 wpa_printf(MSG_DEBUG, "RSN: IBSS RX EAPOL for Authenticator " 779 "from "MACSTR, MAC2STR(peer->addr)); 780 wpa_receive(ibss_rsn->auth_group, peer->auth, tmp, len); 781 } 782 os_free(tmp); 783 784 return 1; 785} 786 787 788int ibss_rsn_rx_eapol(struct ibss_rsn *ibss_rsn, const u8 *src_addr, 789 const u8 *buf, size_t len) 790{ 791 struct ibss_rsn_peer *peer; 792 793 if (ibss_rsn == NULL) 794 return -1; 795 796 peer = ibss_rsn_get_peer(ibss_rsn, src_addr); 797 if (peer) 798 return ibss_rsn_process_rx_eapol(ibss_rsn, peer, buf, len); 799 800 if (ibss_rsn_eapol_dst_supp(buf, len) > 0) { 801 /* 802 * Create new IBSS peer based on an EAPOL message from the peer 803 * Authenticator. 804 */ 805 peer = ibss_rsn_peer_init(ibss_rsn, src_addr); 806 if (peer == NULL) 807 return -1; 808 809 /* assume the peer is authenticated already */ 810 wpa_printf(MSG_DEBUG, "RSN: IBSS Not using IBSS Auth for peer " 811 MACSTR, MAC2STR(src_addr)); 812 ibss_rsn_peer_authenticated(ibss_rsn, peer, 813 IBSS_RSN_AUTH_EAPOL_BY_US); 814 815 return ibss_rsn_process_rx_eapol(ibss_rsn, ibss_rsn->peers, 816 buf, len); 817 } 818 819 return 0; 820} 821 822void ibss_rsn_set_psk(struct ibss_rsn *ibss_rsn, const u8 *psk) 823{ 824 if (ibss_rsn == NULL) 825 return; 826 os_memcpy(ibss_rsn->psk, psk, PMK_LEN); 827} 828 829 830static void ibss_rsn_handle_auth_1_of_2(struct ibss_rsn *ibss_rsn, 831 struct ibss_rsn_peer *peer, 832 const u8* addr) 833{ 834 wpa_printf(MSG_DEBUG, "RSN: IBSS RX Auth frame (SEQ 1) from " MACSTR, 835 MAC2STR(addr)); 836 837 if (peer && 838 peer->authentication_status & IBSS_RSN_AUTH_EAPOL_BY_PEER) { 839 if (peer->own_auth_tx.sec) { 840 struct os_reltime now, diff; 841 os_get_reltime(&now); 842 os_reltime_sub(&now, &peer->own_auth_tx, &diff); 843 if (diff.sec == 0 && diff.usec < 500000) { 844 wpa_printf(MSG_DEBUG, "RSN: Skip IBSS reinit since only %u usec from own Auth frame TX", 845 (int) diff.usec); 846 goto skip_reinit; 847 } 848 } 849 /* 850 * A peer sent us an Authentication frame even though it already 851 * started an EAPOL session. We should reinit state machines 852 * here, but it's much more complicated than just deleting and 853 * recreating the state machine 854 */ 855 wpa_printf(MSG_DEBUG, "RSN: IBSS Reinitializing station " 856 MACSTR, MAC2STR(addr)); 857 858 ibss_rsn_stop(ibss_rsn, addr); 859 peer = NULL; 860 } 861 862 if (!peer) { 863 peer = ibss_rsn_peer_init(ibss_rsn, addr); 864 if (!peer) 865 return; 866 867 wpa_printf(MSG_DEBUG, "RSN: IBSS Auth started by peer " MACSTR, 868 MAC2STR(addr)); 869 } 870 871skip_reinit: 872 /* reply with an Authentication frame now, before sending an EAPOL */ 873 ibss_rsn_send_auth(ibss_rsn, addr, 2); 874 /* no need to start another AUTH challenge in the other way.. */ 875 ibss_rsn_peer_authenticated(ibss_rsn, peer, IBSS_RSN_AUTH_EAPOL_BY_US); 876} 877 878 879void ibss_rsn_handle_auth(struct ibss_rsn *ibss_rsn, const u8 *auth_frame, 880 size_t len) 881{ 882 const struct ieee80211_mgmt *header; 883 struct ibss_rsn_peer *peer; 884 size_t auth_length; 885 886 header = (const struct ieee80211_mgmt *) auth_frame; 887 auth_length = IEEE80211_HDRLEN + sizeof(header->u.auth); 888 889 if (ibss_rsn == NULL || len < auth_length) 890 return; 891 892 if (le_to_host16(header->u.auth.auth_alg) != WLAN_AUTH_OPEN || 893 le_to_host16(header->u.auth.status_code) != WLAN_STATUS_SUCCESS) 894 return; 895 896 peer = ibss_rsn_get_peer(ibss_rsn, header->sa); 897 898 switch (le_to_host16(header->u.auth.auth_transaction)) { 899 case 1: 900 ibss_rsn_handle_auth_1_of_2(ibss_rsn, peer, header->sa); 901 break; 902 case 2: 903 wpa_printf(MSG_DEBUG, "RSN: IBSS RX Auth frame (SEQ 2) from " 904 MACSTR, MAC2STR(header->sa)); 905 if (!peer) { 906 wpa_printf(MSG_DEBUG, "RSN: Received Auth seq 2 from " 907 "unknown STA " MACSTR, MAC2STR(header->sa)); 908 break; 909 } 910 911 /* authentication has been completed */ 912 eloop_cancel_timeout(ibss_rsn_auth_timeout, peer, NULL); 913 wpa_printf(MSG_DEBUG, "RSN: IBSS Auth completed with " MACSTR, 914 MAC2STR(header->sa)); 915 ibss_rsn_peer_authenticated(ibss_rsn, peer, 916 IBSS_RSN_AUTH_BY_US); 917 break; 918 } 919} 920