1 /* 2 * wpa_supplicant - IBSS RSN 3 * Copyright (c) 2009-2013, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "includes.h" 10 11 #include "common.h" 12 #include "common/wpa_ctrl.h" 13 #include "utils/eloop.h" 14 #include "l2_packet/l2_packet.h" 15 #include "rsn_supp/wpa.h" 16 #include "rsn_supp/wpa_ie.h" 17 #include "ap/wpa_auth.h" 18 #include "wpa_supplicant_i.h" 19 #include "driver_i.h" 20 #include "common/ieee802_11_defs.h" 21 #include "ibss_rsn.h" 22 23 24 static void ibss_rsn_auth_timeout(void *eloop_ctx, void *timeout_ctx); 25 26 27 static struct ibss_rsn_peer * ibss_rsn_get_peer(struct ibss_rsn *ibss_rsn, 28 const u8 *addr) 29 { 30 struct ibss_rsn_peer *peer; 31 32 for (peer = ibss_rsn->peers; peer; peer = peer->next) 33 if (os_memcmp(addr, peer->addr, ETH_ALEN) == 0) 34 break; 35 return peer; 36 } 37 38 39 static void ibss_rsn_free(struct ibss_rsn_peer *peer) 40 { 41 eloop_cancel_timeout(ibss_rsn_auth_timeout, peer, NULL); 42 wpa_auth_sta_deinit(peer->auth); 43 wpa_sm_deinit(peer->supp); 44 os_free(peer); 45 } 46 47 48 static void supp_set_state(void *ctx, enum wpa_states state) 49 { 50 struct ibss_rsn_peer *peer = ctx; 51 peer->supp_state = state; 52 } 53 54 55 static enum wpa_states supp_get_state(void *ctx) 56 { 57 struct ibss_rsn_peer *peer = ctx; 58 return peer->supp_state; 59 } 60 61 62 static int supp_ether_send(void *ctx, const u8 *dest, u16 proto, const u8 *buf, 63 size_t len) 64 { 65 struct ibss_rsn_peer *peer = ctx; 66 struct wpa_supplicant *wpa_s = peer->ibss_rsn->wpa_s; 67 68 wpa_printf(MSG_DEBUG, "SUPP: %s(dest=" MACSTR " proto=0x%04x " 69 "len=%lu)", 70 __func__, MAC2STR(dest), proto, (unsigned long) len); 71 72 if (wpa_s->l2) 73 return l2_packet_send(wpa_s->l2, dest, proto, buf, len); 74 75 return -1; 76 } 77 78 79 static u8 * supp_alloc_eapol(void *ctx, u8 type, const void *data, 80 u16 data_len, size_t *msg_len, void **data_pos) 81 { 82 struct ieee802_1x_hdr *hdr; 83 84 wpa_printf(MSG_DEBUG, "SUPP: %s(type=%d data_len=%d)", 85 __func__, type, data_len); 86 87 *msg_len = sizeof(*hdr) + data_len; 88 hdr = os_malloc(*msg_len); 89 if (hdr == NULL) 90 return NULL; 91 92 hdr->version = 2; 93 hdr->type = type; 94 hdr->length = host_to_be16(data_len); 95 96 if (data) 97 os_memcpy(hdr + 1, data, data_len); 98 else 99 os_memset(hdr + 1, 0, data_len); 100 101 if (data_pos) 102 *data_pos = hdr + 1; 103 104 return (u8 *) hdr; 105 } 106 107 108 static int supp_get_beacon_ie(void *ctx) 109 { 110 struct ibss_rsn_peer *peer = ctx; 111 112 wpa_printf(MSG_DEBUG, "SUPP: %s", __func__); 113 /* TODO: get correct RSN IE */ 114 return wpa_sm_set_ap_rsn_ie(peer->supp, 115 (u8 *) "\x30\x14\x01\x00" 116 "\x00\x0f\xac\x04" 117 "\x01\x00\x00\x0f\xac\x04" 118 "\x01\x00\x00\x0f\xac\x02" 119 "\x00\x00", 22); 120 } 121 122 123 static void ibss_check_rsn_completed(struct ibss_rsn_peer *peer) 124 { 125 struct wpa_supplicant *wpa_s = peer->ibss_rsn->wpa_s; 126 127 if ((peer->authentication_status & 128 (IBSS_RSN_SET_PTK_SUPP | IBSS_RSN_SET_PTK_AUTH)) != 129 (IBSS_RSN_SET_PTK_SUPP | IBSS_RSN_SET_PTK_AUTH)) 130 return; 131 if (peer->authentication_status & IBSS_RSN_REPORTED_PTK) 132 return; 133 peer->authentication_status |= IBSS_RSN_REPORTED_PTK; 134 wpa_msg(wpa_s, MSG_INFO, IBSS_RSN_COMPLETED MACSTR, 135 MAC2STR(peer->addr)); 136 } 137 138 139 static int supp_set_key(void *ctx, enum wpa_alg alg, 140 const u8 *addr, int key_idx, int set_tx, 141 const u8 *seq, size_t seq_len, 142 const u8 *key, size_t key_len) 143 { 144 struct ibss_rsn_peer *peer = ctx; 145 146 wpa_printf(MSG_DEBUG, "SUPP: %s(alg=%d addr=" MACSTR " key_idx=%d " 147 "set_tx=%d)", 148 __func__, alg, MAC2STR(addr), key_idx, set_tx); 149 wpa_hexdump(MSG_DEBUG, "SUPP: set_key - seq", seq, seq_len); 150 wpa_hexdump_key(MSG_DEBUG, "SUPP: set_key - key", key, key_len); 151 152 if (key_idx == 0) { 153 peer->authentication_status |= IBSS_RSN_SET_PTK_SUPP; 154 ibss_check_rsn_completed(peer); 155 /* 156 * In IBSS RSN, the pairwise key from the 4-way handshake 157 * initiated by the peer with highest MAC address is used. 158 */ 159 if (os_memcmp(peer->ibss_rsn->wpa_s->own_addr, peer->addr, 160 ETH_ALEN) > 0) { 161 wpa_printf(MSG_DEBUG, "SUPP: Do not use this PTK"); 162 return 0; 163 } 164 } 165 166 if (is_broadcast_ether_addr(addr)) 167 addr = peer->addr; 168 return wpa_drv_set_key(peer->ibss_rsn->wpa_s, alg, addr, key_idx, 169 set_tx, seq, seq_len, key, key_len); 170 } 171 172 173 static void * supp_get_network_ctx(void *ctx) 174 { 175 struct ibss_rsn_peer *peer = ctx; 176 return wpa_supplicant_get_ssid(peer->ibss_rsn->wpa_s); 177 } 178 179 180 static int supp_mlme_setprotection(void *ctx, const u8 *addr, 181 int protection_type, int key_type) 182 { 183 wpa_printf(MSG_DEBUG, "SUPP: %s(addr=" MACSTR " protection_type=%d " 184 "key_type=%d)", 185 __func__, MAC2STR(addr), protection_type, key_type); 186 return 0; 187 } 188 189 190 static void supp_cancel_auth_timeout(void *ctx) 191 { 192 wpa_printf(MSG_DEBUG, "SUPP: %s", __func__); 193 } 194 195 196 static void supp_deauthenticate(void * ctx, int reason_code) 197 { 198 wpa_printf(MSG_DEBUG, "SUPP: %s (TODO)", __func__); 199 } 200 201 202 static int ibss_rsn_supp_init(struct ibss_rsn_peer *peer, const u8 *own_addr, 203 const u8 *psk) 204 { 205 struct wpa_sm_ctx *ctx = os_zalloc(sizeof(*ctx)); 206 if (ctx == NULL) 207 return -1; 208 209 ctx->ctx = peer; 210 ctx->msg_ctx = peer->ibss_rsn->wpa_s; 211 ctx->set_state = supp_set_state; 212 ctx->get_state = supp_get_state; 213 ctx->ether_send = supp_ether_send; 214 ctx->get_beacon_ie = supp_get_beacon_ie; 215 ctx->alloc_eapol = supp_alloc_eapol; 216 ctx->set_key = supp_set_key; 217 ctx->get_network_ctx = supp_get_network_ctx; 218 ctx->mlme_setprotection = supp_mlme_setprotection; 219 ctx->cancel_auth_timeout = supp_cancel_auth_timeout; 220 ctx->deauthenticate = supp_deauthenticate; 221 peer->supp = wpa_sm_init(ctx); 222 if (peer->supp == NULL) { 223 wpa_printf(MSG_DEBUG, "SUPP: wpa_sm_init() failed"); 224 os_free(ctx); 225 return -1; 226 } 227 228 wpa_sm_set_own_addr(peer->supp, own_addr); 229 wpa_sm_set_param(peer->supp, WPA_PARAM_RSN_ENABLED, 1); 230 wpa_sm_set_param(peer->supp, WPA_PARAM_PROTO, WPA_PROTO_RSN); 231 wpa_sm_set_param(peer->supp, WPA_PARAM_PAIRWISE, WPA_CIPHER_CCMP); 232 wpa_sm_set_param(peer->supp, WPA_PARAM_GROUP, WPA_CIPHER_CCMP); 233 wpa_sm_set_param(peer->supp, WPA_PARAM_KEY_MGMT, WPA_KEY_MGMT_PSK); 234 wpa_sm_set_pmk(peer->supp, psk, PMK_LEN, NULL, NULL); 235 236 peer->supp_ie_len = sizeof(peer->supp_ie); 237 if (wpa_sm_set_assoc_wpa_ie_default(peer->supp, peer->supp_ie, 238 &peer->supp_ie_len) < 0) { 239 wpa_printf(MSG_DEBUG, "SUPP: wpa_sm_set_assoc_wpa_ie_default()" 240 " failed"); 241 return -1; 242 } 243 244 wpa_sm_notify_assoc(peer->supp, peer->addr); 245 246 return 0; 247 } 248 249 250 static void auth_logger(void *ctx, const u8 *addr, logger_level level, 251 const char *txt) 252 { 253 if (addr) 254 wpa_printf(MSG_DEBUG, "AUTH: " MACSTR " - %s", 255 MAC2STR(addr), txt); 256 else 257 wpa_printf(MSG_DEBUG, "AUTH: %s", txt); 258 } 259 260 261 static const u8 * auth_get_psk(void *ctx, const u8 *addr, 262 const u8 *p2p_dev_addr, const u8 *prev_psk, 263 size_t *psk_len) 264 { 265 struct ibss_rsn *ibss_rsn = ctx; 266 267 if (psk_len) 268 *psk_len = PMK_LEN; 269 wpa_printf(MSG_DEBUG, "AUTH: %s (addr=" MACSTR " prev_psk=%p)", 270 __func__, MAC2STR(addr), prev_psk); 271 if (prev_psk) 272 return NULL; 273 return ibss_rsn->psk; 274 } 275 276 277 static int auth_send_eapol(void *ctx, const u8 *addr, const u8 *data, 278 size_t data_len, int encrypt) 279 { 280 struct ibss_rsn *ibss_rsn = ctx; 281 struct wpa_supplicant *wpa_s = ibss_rsn->wpa_s; 282 283 wpa_printf(MSG_DEBUG, "AUTH: %s(addr=" MACSTR " data_len=%lu " 284 "encrypt=%d)", 285 __func__, MAC2STR(addr), (unsigned long) data_len, encrypt); 286 287 if (wpa_s->l2) 288 return l2_packet_send(wpa_s->l2, addr, ETH_P_EAPOL, data, 289 data_len); 290 291 return -1; 292 } 293 294 295 static int auth_set_key(void *ctx, int vlan_id, enum wpa_alg alg, 296 const u8 *addr, int idx, u8 *key, size_t key_len) 297 { 298 struct ibss_rsn *ibss_rsn = ctx; 299 u8 seq[6]; 300 301 os_memset(seq, 0, sizeof(seq)); 302 303 if (addr) { 304 wpa_printf(MSG_DEBUG, "AUTH: %s(alg=%d addr=" MACSTR 305 " key_idx=%d)", 306 __func__, alg, MAC2STR(addr), idx); 307 } else { 308 wpa_printf(MSG_DEBUG, "AUTH: %s(alg=%d key_idx=%d)", 309 __func__, alg, idx); 310 } 311 wpa_hexdump_key(MSG_DEBUG, "AUTH: set_key - key", key, key_len); 312 313 if (idx == 0) { 314 if (addr) { 315 struct ibss_rsn_peer *peer; 316 peer = ibss_rsn_get_peer(ibss_rsn, addr); 317 if (peer) { 318 peer->authentication_status |= 319 IBSS_RSN_SET_PTK_AUTH; 320 ibss_check_rsn_completed(peer); 321 } 322 } 323 /* 324 * In IBSS RSN, the pairwise key from the 4-way handshake 325 * initiated by the peer with highest MAC address is used. 326 */ 327 if (addr == NULL || 328 os_memcmp(ibss_rsn->wpa_s->own_addr, addr, ETH_ALEN) < 0) { 329 wpa_printf(MSG_DEBUG, "AUTH: Do not use this PTK"); 330 return 0; 331 } 332 } 333 334 return wpa_drv_set_key(ibss_rsn->wpa_s, alg, addr, idx, 335 1, seq, 6, key, key_len); 336 } 337 338 339 static void ibss_rsn_disconnect(void *ctx, const u8 *addr, u16 reason) 340 { 341 struct ibss_rsn *ibss_rsn = ctx; 342 wpa_drv_sta_deauth(ibss_rsn->wpa_s, addr, reason); 343 } 344 345 346 static int auth_for_each_sta(void *ctx, int (*cb)(struct wpa_state_machine *sm, 347 void *ctx), 348 void *cb_ctx) 349 { 350 struct ibss_rsn *ibss_rsn = ctx; 351 struct ibss_rsn_peer *peer; 352 353 wpa_printf(MSG_DEBUG, "AUTH: for_each_sta"); 354 355 for (peer = ibss_rsn->peers; peer; peer = peer->next) { 356 if (peer->auth && cb(peer->auth, cb_ctx)) 357 return 1; 358 } 359 360 return 0; 361 } 362 363 364 static void ibss_set_sta_authorized(struct ibss_rsn *ibss_rsn, 365 struct ibss_rsn_peer *peer, int authorized) 366 { 367 int res; 368 369 if (authorized) { 370 res = wpa_drv_sta_set_flags(ibss_rsn->wpa_s, peer->addr, 371 WPA_STA_AUTHORIZED, 372 WPA_STA_AUTHORIZED, ~0); 373 wpa_printf(MSG_DEBUG, "AUTH: " MACSTR " authorizing port", 374 MAC2STR(peer->addr)); 375 } else { 376 res = wpa_drv_sta_set_flags(ibss_rsn->wpa_s, peer->addr, 377 0, 0, ~WPA_STA_AUTHORIZED); 378 wpa_printf(MSG_DEBUG, "AUTH: " MACSTR " unauthorizing port", 379 MAC2STR(peer->addr)); 380 } 381 382 if (res && errno != ENOENT) { 383 wpa_printf(MSG_DEBUG, "Could not set station " MACSTR " flags " 384 "for kernel driver (errno=%d)", 385 MAC2STR(peer->addr), errno); 386 } 387 } 388 389 390 static void auth_set_eapol(void *ctx, const u8 *addr, 391 wpa_eapol_variable var, int value) 392 { 393 struct ibss_rsn *ibss_rsn = ctx; 394 struct ibss_rsn_peer *peer = ibss_rsn_get_peer(ibss_rsn, addr); 395 396 if (peer == NULL) 397 return; 398 399 switch (var) { 400 case WPA_EAPOL_authorized: 401 ibss_set_sta_authorized(ibss_rsn, peer, value); 402 break; 403 default: 404 /* do not handle any other event */ 405 wpa_printf(MSG_DEBUG, "AUTH: eapol event not handled %d", var); 406 break; 407 } 408 } 409 410 411 static int ibss_rsn_auth_init_group(struct ibss_rsn *ibss_rsn, 412 const u8 *own_addr, struct wpa_ssid *ssid) 413 { 414 struct wpa_auth_config conf; 415 static const struct wpa_auth_callbacks cb = { 416 .logger = auth_logger, 417 .set_eapol = auth_set_eapol, 418 .send_eapol = auth_send_eapol, 419 .get_psk = auth_get_psk, 420 .set_key = auth_set_key, 421 .for_each_sta = auth_for_each_sta, 422 .disconnect = ibss_rsn_disconnect, 423 }; 424 425 wpa_printf(MSG_DEBUG, "AUTH: Initializing group state machine"); 426 427 os_memset(&conf, 0, sizeof(conf)); 428 conf.wpa = 2; 429 conf.wpa_key_mgmt = WPA_KEY_MGMT_PSK; 430 conf.wpa_pairwise = WPA_CIPHER_CCMP; 431 conf.rsn_pairwise = WPA_CIPHER_CCMP; 432 conf.wpa_group = WPA_CIPHER_CCMP; 433 conf.eapol_version = 2; 434 conf.wpa_group_rekey = ssid->group_rekey ? ssid->group_rekey : 600; 435 conf.wpa_group_update_count = 4; 436 conf.wpa_pairwise_update_count = 4; 437 438 ibss_rsn->auth_group = wpa_init(own_addr, &conf, &cb, ibss_rsn); 439 if (ibss_rsn->auth_group == NULL) { 440 wpa_printf(MSG_DEBUG, "AUTH: wpa_init() failed"); 441 return -1; 442 } 443 444 wpa_init_keys(ibss_rsn->auth_group); 445 446 return 0; 447 } 448 449 450 static int ibss_rsn_auth_init(struct ibss_rsn *ibss_rsn, 451 struct ibss_rsn_peer *peer) 452 { 453 peer->auth = wpa_auth_sta_init(ibss_rsn->auth_group, peer->addr, NULL); 454 if (peer->auth == NULL) { 455 wpa_printf(MSG_DEBUG, "AUTH: wpa_auth_sta_init() failed"); 456 return -1; 457 } 458 459 /* TODO: get peer RSN IE with Probe Request */ 460 if (wpa_validate_wpa_ie(ibss_rsn->auth_group, peer->auth, 461 (u8 *) "\x30\x14\x01\x00" 462 "\x00\x0f\xac\x04" 463 "\x01\x00\x00\x0f\xac\x04" 464 "\x01\x00\x00\x0f\xac\x02" 465 "\x00\x00", 22, NULL, 0, NULL, 0) != 466 WPA_IE_OK) { 467 wpa_printf(MSG_DEBUG, "AUTH: wpa_validate_wpa_ie() failed"); 468 return -1; 469 } 470 471 if (wpa_auth_sm_event(peer->auth, WPA_ASSOC)) 472 return -1; 473 474 if (wpa_auth_sta_associated(ibss_rsn->auth_group, peer->auth)) 475 return -1; 476 477 return 0; 478 } 479 480 481 static int ibss_rsn_send_auth(struct ibss_rsn *ibss_rsn, const u8 *da, int seq) 482 { 483 struct ieee80211_mgmt auth; 484 const size_t auth_length = IEEE80211_HDRLEN + sizeof(auth.u.auth); 485 struct wpa_supplicant *wpa_s = ibss_rsn->wpa_s; 486 487 if (wpa_s->driver->send_frame == NULL) 488 return -1; 489 490 os_memset(&auth, 0, sizeof(auth)); 491 492 auth.frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 493 WLAN_FC_STYPE_AUTH); 494 os_memcpy(auth.da, da, ETH_ALEN); 495 os_memcpy(auth.sa, wpa_s->own_addr, ETH_ALEN); 496 os_memcpy(auth.bssid, wpa_s->bssid, ETH_ALEN); 497 498 auth.u.auth.auth_alg = host_to_le16(WLAN_AUTH_OPEN); 499 auth.u.auth.auth_transaction = host_to_le16(seq); 500 auth.u.auth.status_code = host_to_le16(WLAN_STATUS_SUCCESS); 501 502 wpa_printf(MSG_DEBUG, "RSN: IBSS TX Auth frame (SEQ %d) to " MACSTR, 503 seq, MAC2STR(da)); 504 505 return wpa_s->driver->send_frame(wpa_s->drv_priv, (u8 *) &auth, 506 auth_length, 0); 507 } 508 509 510 static int ibss_rsn_is_auth_started(struct ibss_rsn_peer * peer) 511 { 512 return peer->authentication_status & 513 (IBSS_RSN_AUTH_BY_US | IBSS_RSN_AUTH_EAPOL_BY_US); 514 } 515 516 517 static struct ibss_rsn_peer * 518 ibss_rsn_peer_init(struct ibss_rsn *ibss_rsn, const u8 *addr) 519 { 520 struct ibss_rsn_peer *peer; 521 if (ibss_rsn == NULL) 522 return NULL; 523 524 peer = ibss_rsn_get_peer(ibss_rsn, addr); 525 if (peer) { 526 wpa_printf(MSG_DEBUG, "RSN: IBSS Supplicant for peer "MACSTR 527 " already running", MAC2STR(addr)); 528 return peer; 529 } 530 531 wpa_printf(MSG_DEBUG, "RSN: Starting IBSS Supplicant for peer "MACSTR, 532 MAC2STR(addr)); 533 534 peer = os_zalloc(sizeof(*peer)); 535 if (peer == NULL) { 536 wpa_printf(MSG_DEBUG, "RSN: Could not allocate memory."); 537 return NULL; 538 } 539 540 peer->ibss_rsn = ibss_rsn; 541 os_memcpy(peer->addr, addr, ETH_ALEN); 542 peer->authentication_status = IBSS_RSN_AUTH_NOT_AUTHENTICATED; 543 544 if (ibss_rsn_supp_init(peer, ibss_rsn->wpa_s->own_addr, 545 ibss_rsn->psk) < 0) { 546 ibss_rsn_free(peer); 547 return NULL; 548 } 549 550 peer->next = ibss_rsn->peers; 551 ibss_rsn->peers = peer; 552 553 return peer; 554 } 555 556 557 static void ibss_rsn_auth_timeout(void *eloop_ctx, void *timeout_ctx) 558 { 559 struct ibss_rsn_peer *peer = eloop_ctx; 560 561 /* 562 * Assume peer does not support Authentication exchange or the frame was 563 * lost somewhere - start EAPOL Authenticator. 564 */ 565 wpa_printf(MSG_DEBUG, 566 "RSN: Timeout on waiting Authentication frame response from " 567 MACSTR " - start authenticator", MAC2STR(peer->addr)); 568 569 peer->authentication_status |= IBSS_RSN_AUTH_BY_US; 570 ibss_rsn_auth_init(peer->ibss_rsn, peer); 571 } 572 573 574 int ibss_rsn_start(struct ibss_rsn *ibss_rsn, const u8 *addr) 575 { 576 struct ibss_rsn_peer *peer; 577 int res; 578 579 if (!ibss_rsn) 580 return -1; 581 582 /* if the peer already exists, exit immediately */ 583 peer = ibss_rsn_get_peer(ibss_rsn, addr); 584 if (peer) 585 return 0; 586 587 peer = ibss_rsn_peer_init(ibss_rsn, addr); 588 if (peer == NULL) 589 return -1; 590 591 /* Open Authentication: send first Authentication frame */ 592 res = ibss_rsn_send_auth(ibss_rsn, addr, 1); 593 if (res) { 594 /* 595 * The driver may not support Authentication frame exchange in 596 * IBSS. Ignore authentication and go through EAPOL exchange. 597 */ 598 peer->authentication_status |= IBSS_RSN_AUTH_BY_US; 599 return ibss_rsn_auth_init(ibss_rsn, peer); 600 } else { 601 os_get_reltime(&peer->own_auth_tx); 602 eloop_register_timeout(1, 0, ibss_rsn_auth_timeout, peer, NULL); 603 } 604 605 return 0; 606 } 607 608 609 static int ibss_rsn_peer_authenticated(struct ibss_rsn *ibss_rsn, 610 struct ibss_rsn_peer *peer, int reason) 611 { 612 int already_started; 613 614 if (ibss_rsn == NULL || peer == NULL) 615 return -1; 616 617 already_started = ibss_rsn_is_auth_started(peer); 618 peer->authentication_status |= reason; 619 620 if (already_started) { 621 wpa_printf(MSG_DEBUG, "RSN: IBSS Authenticator already " 622 "started for peer " MACSTR, MAC2STR(peer->addr)); 623 return 0; 624 } 625 626 wpa_printf(MSG_DEBUG, "RSN: Starting IBSS Authenticator " 627 "for now-authenticated peer " MACSTR, MAC2STR(peer->addr)); 628 629 return ibss_rsn_auth_init(ibss_rsn, peer); 630 } 631 632 633 void ibss_rsn_stop(struct ibss_rsn *ibss_rsn, const u8 *peermac) 634 { 635 struct ibss_rsn_peer *peer, *prev; 636 637 if (ibss_rsn == NULL) 638 return; 639 640 if (peermac == NULL) { 641 /* remove all peers */ 642 wpa_printf(MSG_DEBUG, "%s: Remove all peers", __func__); 643 peer = ibss_rsn->peers; 644 while (peer) { 645 prev = peer; 646 peer = peer->next; 647 ibss_rsn_free(prev); 648 ibss_rsn->peers = peer; 649 } 650 } else { 651 /* remove specific peer */ 652 wpa_printf(MSG_DEBUG, "%s: Remove specific peer " MACSTR, 653 __func__, MAC2STR(peermac)); 654 655 for (prev = NULL, peer = ibss_rsn->peers; peer != NULL; 656 prev = peer, peer = peer->next) { 657 if (os_memcmp(peermac, peer->addr, ETH_ALEN) == 0) { 658 if (prev == NULL) 659 ibss_rsn->peers = peer->next; 660 else 661 prev->next = peer->next; 662 ibss_rsn_free(peer); 663 wpa_printf(MSG_DEBUG, "%s: Successfully " 664 "removed a specific peer", 665 __func__); 666 break; 667 } 668 } 669 } 670 } 671 672 673 struct ibss_rsn * ibss_rsn_init(struct wpa_supplicant *wpa_s, 674 struct wpa_ssid *ssid) 675 { 676 struct ibss_rsn *ibss_rsn; 677 678 ibss_rsn = os_zalloc(sizeof(*ibss_rsn)); 679 if (ibss_rsn == NULL) 680 return NULL; 681 ibss_rsn->wpa_s = wpa_s; 682 683 if (ibss_rsn_auth_init_group(ibss_rsn, wpa_s->own_addr, ssid) < 0) { 684 ibss_rsn_deinit(ibss_rsn); 685 return NULL; 686 } 687 688 return ibss_rsn; 689 } 690 691 692 void ibss_rsn_deinit(struct ibss_rsn *ibss_rsn) 693 { 694 struct ibss_rsn_peer *peer, *prev; 695 696 if (ibss_rsn == NULL) 697 return; 698 699 peer = ibss_rsn->peers; 700 while (peer) { 701 prev = peer; 702 peer = peer->next; 703 ibss_rsn_free(prev); 704 } 705 706 if (ibss_rsn->auth_group) 707 wpa_deinit(ibss_rsn->auth_group); 708 os_free(ibss_rsn); 709 710 } 711 712 713 static int ibss_rsn_eapol_dst_supp(const u8 *buf, size_t len) 714 { 715 const struct ieee802_1x_hdr *hdr; 716 const struct wpa_eapol_key *key; 717 u16 key_info; 718 size_t plen; 719 720 /* TODO: Support other EAPOL packets than just EAPOL-Key */ 721 722 if (len < sizeof(*hdr) + sizeof(*key)) 723 return -1; 724 725 hdr = (const struct ieee802_1x_hdr *) buf; 726 key = (const struct wpa_eapol_key *) (hdr + 1); 727 plen = be_to_host16(hdr->length); 728 729 if (hdr->version < EAPOL_VERSION) { 730 /* TODO: backwards compatibility */ 731 } 732 if (hdr->type != IEEE802_1X_TYPE_EAPOL_KEY) { 733 wpa_printf(MSG_DEBUG, "RSN: EAPOL frame (type %u) discarded, " 734 "not a Key frame", hdr->type); 735 return -1; 736 } 737 if (plen > len - sizeof(*hdr) || plen < sizeof(*key)) { 738 wpa_printf(MSG_DEBUG, "RSN: EAPOL frame payload size %lu " 739 "invalid (frame size %lu)", 740 (unsigned long) plen, (unsigned long) len); 741 return -1; 742 } 743 744 if (key->type != EAPOL_KEY_TYPE_RSN) { 745 wpa_printf(MSG_DEBUG, "RSN: EAPOL-Key type (%d) unknown, " 746 "discarded", key->type); 747 return -1; 748 } 749 750 key_info = WPA_GET_BE16(key->key_info); 751 752 return !!(key_info & WPA_KEY_INFO_ACK); 753 } 754 755 756 static int ibss_rsn_process_rx_eapol(struct ibss_rsn *ibss_rsn, 757 struct ibss_rsn_peer *peer, 758 const u8 *buf, size_t len) 759 { 760 int supp; 761 u8 *tmp; 762 763 supp = ibss_rsn_eapol_dst_supp(buf, len); 764 if (supp < 0) 765 return -1; 766 767 tmp = os_memdup(buf, len); 768 if (tmp == NULL) 769 return -1; 770 if (supp) { 771 peer->authentication_status |= IBSS_RSN_AUTH_EAPOL_BY_PEER; 772 wpa_printf(MSG_DEBUG, "RSN: IBSS RX EAPOL for Supplicant from " 773 MACSTR, MAC2STR(peer->addr)); 774 wpa_sm_rx_eapol(peer->supp, peer->addr, tmp, len); 775 } else { 776 if (ibss_rsn_is_auth_started(peer) == 0) { 777 wpa_printf(MSG_DEBUG, "RSN: IBSS EAPOL for " 778 "Authenticator dropped as " MACSTR " is not " 779 "authenticated", MAC2STR(peer->addr)); 780 os_free(tmp); 781 return -1; 782 } 783 784 wpa_printf(MSG_DEBUG, "RSN: IBSS RX EAPOL for Authenticator " 785 "from "MACSTR, MAC2STR(peer->addr)); 786 wpa_receive(ibss_rsn->auth_group, peer->auth, tmp, len); 787 } 788 os_free(tmp); 789 790 return 1; 791 } 792 793 794 int ibss_rsn_rx_eapol(struct ibss_rsn *ibss_rsn, const u8 *src_addr, 795 const u8 *buf, size_t len) 796 { 797 struct ibss_rsn_peer *peer; 798 799 if (ibss_rsn == NULL) 800 return -1; 801 802 peer = ibss_rsn_get_peer(ibss_rsn, src_addr); 803 if (peer) 804 return ibss_rsn_process_rx_eapol(ibss_rsn, peer, buf, len); 805 806 if (ibss_rsn_eapol_dst_supp(buf, len) > 0) { 807 /* 808 * Create new IBSS peer based on an EAPOL message from the peer 809 * Authenticator. 810 */ 811 peer = ibss_rsn_peer_init(ibss_rsn, src_addr); 812 if (peer == NULL) 813 return -1; 814 815 /* assume the peer is authenticated already */ 816 wpa_printf(MSG_DEBUG, "RSN: IBSS Not using IBSS Auth for peer " 817 MACSTR, MAC2STR(src_addr)); 818 ibss_rsn_peer_authenticated(ibss_rsn, peer, 819 IBSS_RSN_AUTH_EAPOL_BY_US); 820 821 return ibss_rsn_process_rx_eapol(ibss_rsn, ibss_rsn->peers, 822 buf, len); 823 } 824 825 return 0; 826 } 827 828 void ibss_rsn_set_psk(struct ibss_rsn *ibss_rsn, const u8 *psk) 829 { 830 if (ibss_rsn == NULL) 831 return; 832 os_memcpy(ibss_rsn->psk, psk, PMK_LEN); 833 } 834 835 836 static void ibss_rsn_handle_auth_1_of_2(struct ibss_rsn *ibss_rsn, 837 struct ibss_rsn_peer *peer, 838 const u8* addr) 839 { 840 wpa_printf(MSG_DEBUG, "RSN: IBSS RX Auth frame (SEQ 1) from " MACSTR, 841 MAC2STR(addr)); 842 843 if (peer && 844 peer->authentication_status & (IBSS_RSN_SET_PTK_SUPP | 845 IBSS_RSN_SET_PTK_AUTH)) { 846 /* Clear the TK for this pair to allow recovery from the case 847 * where the peer STA has restarted and lost its key while we 848 * still have a pairwise key configured. */ 849 wpa_printf(MSG_DEBUG, "RSN: Clear pairwise key for peer " 850 MACSTR, MAC2STR(addr)); 851 wpa_drv_set_key(ibss_rsn->wpa_s, WPA_ALG_NONE, addr, 0, 0, 852 NULL, 0, NULL, 0); 853 } 854 855 if (peer && 856 peer->authentication_status & IBSS_RSN_AUTH_EAPOL_BY_PEER) { 857 if (peer->own_auth_tx.sec) { 858 struct os_reltime now, diff; 859 os_get_reltime(&now); 860 os_reltime_sub(&now, &peer->own_auth_tx, &diff); 861 if (diff.sec == 0 && diff.usec < 500000) { 862 wpa_printf(MSG_DEBUG, "RSN: Skip IBSS reinit since only %u usec from own Auth frame TX", 863 (int) diff.usec); 864 goto skip_reinit; 865 } 866 } 867 /* 868 * A peer sent us an Authentication frame even though it already 869 * started an EAPOL session. We should reinit state machines 870 * here, but it's much more complicated than just deleting and 871 * recreating the state machine 872 */ 873 wpa_printf(MSG_DEBUG, "RSN: IBSS Reinitializing station " 874 MACSTR, MAC2STR(addr)); 875 876 ibss_rsn_stop(ibss_rsn, addr); 877 peer = NULL; 878 } 879 880 if (!peer) { 881 peer = ibss_rsn_peer_init(ibss_rsn, addr); 882 if (!peer) 883 return; 884 885 wpa_printf(MSG_DEBUG, "RSN: IBSS Auth started by peer " MACSTR, 886 MAC2STR(addr)); 887 } 888 889 skip_reinit: 890 /* reply with an Authentication frame now, before sending an EAPOL */ 891 ibss_rsn_send_auth(ibss_rsn, addr, 2); 892 /* no need to start another AUTH challenge in the other way.. */ 893 ibss_rsn_peer_authenticated(ibss_rsn, peer, IBSS_RSN_AUTH_EAPOL_BY_US); 894 } 895 896 897 void ibss_rsn_handle_auth(struct ibss_rsn *ibss_rsn, const u8 *auth_frame, 898 size_t len) 899 { 900 const struct ieee80211_mgmt *header; 901 struct ibss_rsn_peer *peer; 902 size_t auth_length; 903 904 header = (const struct ieee80211_mgmt *) auth_frame; 905 auth_length = IEEE80211_HDRLEN + sizeof(header->u.auth); 906 907 if (ibss_rsn == NULL || len < auth_length) 908 return; 909 910 if (le_to_host16(header->u.auth.auth_alg) != WLAN_AUTH_OPEN || 911 le_to_host16(header->u.auth.status_code) != WLAN_STATUS_SUCCESS) 912 return; 913 914 peer = ibss_rsn_get_peer(ibss_rsn, header->sa); 915 916 switch (le_to_host16(header->u.auth.auth_transaction)) { 917 case 1: 918 ibss_rsn_handle_auth_1_of_2(ibss_rsn, peer, header->sa); 919 break; 920 case 2: 921 wpa_printf(MSG_DEBUG, "RSN: IBSS RX Auth frame (SEQ 2) from " 922 MACSTR, MAC2STR(header->sa)); 923 if (!peer) { 924 wpa_printf(MSG_DEBUG, "RSN: Received Auth seq 2 from " 925 "unknown STA " MACSTR, MAC2STR(header->sa)); 926 break; 927 } 928 929 /* authentication has been completed */ 930 eloop_cancel_timeout(ibss_rsn_auth_timeout, peer, NULL); 931 wpa_printf(MSG_DEBUG, "RSN: IBSS Auth completed with " MACSTR, 932 MAC2STR(header->sa)); 933 ibss_rsn_peer_authenticated(ibss_rsn, peer, 934 IBSS_RSN_AUTH_BY_US); 935 break; 936 } 937 } 938