mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-12-22 21:22:37 +01:00
eapol,ap: Remove assumption of single cipher in authenticator IE
Allow the user of the eapol_sm & handshake_state APIs to have multiple pairwise ciphers listed in the authenticator IE.
This commit is contained in:
parent
436c5a45e4
commit
074bc52717
18
src/ap.c
18
src/ap.c
@ -709,7 +709,7 @@ static void ap_start_handshake(struct sta_state *sta, bool use_eapol_start,
|
|||||||
struct ap_state *ap = sta->ap;
|
struct ap_state *ap = sta->ap;
|
||||||
const uint8_t *own_addr = netdev_get_address(ap->netdev);
|
const uint8_t *own_addr = netdev_get_address(ap->netdev);
|
||||||
struct ie_rsn_info rsn;
|
struct ie_rsn_info rsn;
|
||||||
uint8_t bss_rsne[24];
|
uint8_t bss_rsne[64];
|
||||||
|
|
||||||
handshake_state_set_ssid(sta->hs, (void *) ap->config->ssid,
|
handshake_state_set_ssid(sta->hs, (void *) ap->config->ssid,
|
||||||
strlen(ap->config->ssid));
|
strlen(ap->config->ssid));
|
||||||
@ -1485,7 +1485,8 @@ static void ap_assoc_reassoc(struct sta_state *sta, bool reassoc,
|
|||||||
goto unsupported;
|
goto unsupported;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!(rsn_info.pairwise_ciphers & ap->ciphers)) {
|
if (__builtin_popcount(rsn_info.pairwise_ciphers) != 1 ||
|
||||||
|
!(rsn_info.pairwise_ciphers & ap->ciphers)) {
|
||||||
err = MMPDU_REASON_CODE_INVALID_PAIRWISE_CIPHER;
|
err = MMPDU_REASON_CODE_INVALID_PAIRWISE_CIPHER;
|
||||||
goto unsupported;
|
goto unsupported;
|
||||||
}
|
}
|
||||||
@ -2108,7 +2109,8 @@ static struct l_genl_msg *ap_build_cmd_start_ap(struct ap_state *ap)
|
|||||||
uint32_t ifindex = netdev_get_ifindex(ap->netdev);
|
uint32_t ifindex = netdev_get_ifindex(ap->netdev);
|
||||||
struct wiphy *wiphy = netdev_get_wiphy(ap->netdev);
|
struct wiphy *wiphy = netdev_get_wiphy(ap->netdev);
|
||||||
uint32_t hidden_ssid = NL80211_HIDDEN_SSID_NOT_IN_USE;
|
uint32_t hidden_ssid = NL80211_HIDDEN_SSID_NOT_IN_USE;
|
||||||
uint32_t nl_ciphers = ie_rsn_cipher_suite_to_cipher(ap->ciphers);
|
unsigned int nl_ciphers_cnt = __builtin_popcount(ap->ciphers);
|
||||||
|
uint32_t nl_ciphers[nl_ciphers_cnt];
|
||||||
uint32_t group_nl_cipher =
|
uint32_t group_nl_cipher =
|
||||||
ie_rsn_cipher_suite_to_cipher(ap->group_cipher);
|
ie_rsn_cipher_suite_to_cipher(ap->group_cipher);
|
||||||
uint32_t nl_akm = CRYPTO_AKM_PSK;
|
uint32_t nl_akm = CRYPTO_AKM_PSK;
|
||||||
@ -2117,11 +2119,17 @@ static struct l_genl_msg *ap_build_cmd_start_ap(struct ap_state *ap)
|
|||||||
uint32_t ch_freq = scan_channel_to_freq(ap->config->channel,
|
uint32_t ch_freq = scan_channel_to_freq(ap->config->channel,
|
||||||
SCAN_BAND_2_4_GHZ);
|
SCAN_BAND_2_4_GHZ);
|
||||||
uint32_t ch_width = NL80211_CHAN_WIDTH_20;
|
uint32_t ch_width = NL80211_CHAN_WIDTH_20;
|
||||||
|
unsigned int i;
|
||||||
|
|
||||||
static const uint8_t bcast_addr[6] = {
|
static const uint8_t bcast_addr[6] = {
|
||||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff
|
0xff, 0xff, 0xff, 0xff, 0xff, 0xff
|
||||||
};
|
};
|
||||||
|
|
||||||
|
for (i = 0, nl_ciphers_cnt = 0; i < 8; i++)
|
||||||
|
if (ap->ciphers & (1 << i))
|
||||||
|
nl_ciphers[nl_ciphers_cnt++] =
|
||||||
|
ie_rsn_cipher_suite_to_cipher(1 << i);
|
||||||
|
|
||||||
head_len = ap_build_beacon_pr_head(ap, MPDU_MANAGEMENT_SUBTYPE_BEACON,
|
head_len = ap_build_beacon_pr_head(ap, MPDU_MANAGEMENT_SUBTYPE_BEACON,
|
||||||
bcast_addr, head, sizeof(head));
|
bcast_addr, head, sizeof(head));
|
||||||
tail_len = ap_build_beacon_pr_tail(ap, false, tail);
|
tail_len = ap_build_beacon_pr_tail(ap, false, tail);
|
||||||
@ -2148,8 +2156,8 @@ static struct l_genl_msg *ap_build_cmd_start_ap(struct ap_state *ap)
|
|||||||
ap->config->ssid);
|
ap->config->ssid);
|
||||||
l_genl_msg_append_attr(cmd, NL80211_ATTR_HIDDEN_SSID, 4,
|
l_genl_msg_append_attr(cmd, NL80211_ATTR_HIDDEN_SSID, 4,
|
||||||
&hidden_ssid);
|
&hidden_ssid);
|
||||||
l_genl_msg_append_attr(cmd, NL80211_ATTR_CIPHER_SUITES_PAIRWISE, 4,
|
l_genl_msg_append_attr(cmd, NL80211_ATTR_CIPHER_SUITES_PAIRWISE,
|
||||||
&nl_ciphers);
|
nl_ciphers_cnt * 4, nl_ciphers);
|
||||||
l_genl_msg_append_attr(cmd, NL80211_ATTR_CIPHER_SUITE_GROUP, 4,
|
l_genl_msg_append_attr(cmd, NL80211_ATTR_CIPHER_SUITE_GROUP, 4,
|
||||||
&group_nl_cipher);
|
&group_nl_cipher);
|
||||||
l_genl_msg_append_attr(cmd, NL80211_ATTR_WPA_VERSIONS, 4, &wpa_version);
|
l_genl_msg_append_attr(cmd, NL80211_ATTR_WPA_VERSIONS, 4, &wpa_version);
|
||||||
|
@ -1307,8 +1307,8 @@ static void eapol_send_ptk_3_of_4(struct eapol_sm *sm)
|
|||||||
ek->key_rsc[7] = 0;
|
ek->key_rsc[7] = 0;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Just one RSNE in Key Data as we only set one cipher in ap->ciphers
|
* Just one RSNE in Key Data as we either accept the single pairwise
|
||||||
* currently.
|
* cipher in the supplicant IE or fail.
|
||||||
*/
|
*/
|
||||||
memcpy(key_data_buf, sm->handshake->authenticator_ie, rsne_len);
|
memcpy(key_data_buf, sm->handshake->authenticator_ie, rsne_len);
|
||||||
|
|
||||||
|
@ -133,14 +133,10 @@ void handshake_state_set_8021x_config(struct handshake_state *s,
|
|||||||
static bool handshake_state_setup_own_ciphers(struct handshake_state *s,
|
static bool handshake_state_setup_own_ciphers(struct handshake_state *s,
|
||||||
const struct ie_rsn_info *info)
|
const struct ie_rsn_info *info)
|
||||||
{
|
{
|
||||||
if (__builtin_popcount(info->pairwise_ciphers) != 1)
|
|
||||||
return false;
|
|
||||||
|
|
||||||
if (__builtin_popcount(info->akm_suites) != 1)
|
if (__builtin_popcount(info->akm_suites) != 1)
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
s->akm_suite = info->akm_suites;
|
s->akm_suite = info->akm_suites;
|
||||||
s->pairwise_cipher = info->pairwise_ciphers;
|
|
||||||
s->group_cipher = info->group_cipher;
|
s->group_cipher = info->group_cipher;
|
||||||
s->group_management_cipher = info->group_management_cipher;
|
s->group_management_cipher = info->group_management_cipher;
|
||||||
|
|
||||||
@ -191,9 +187,6 @@ bool handshake_state_set_supplicant_ie(struct handshake_state *s,
|
|||||||
s->wpa_ie = is_ie_wpa_ie(ie + 2, ie[1]);
|
s->wpa_ie = is_ie_wpa_ie(ie + 2, ie[1]);
|
||||||
s->osen_ie = is_ie_wfa_ie(ie + 2, ie[1], IE_WFA_OI_OSEN);
|
s->osen_ie = is_ie_wfa_ie(ie + 2, ie[1], IE_WFA_OI_OSEN);
|
||||||
|
|
||||||
if (s->authenticator)
|
|
||||||
return true;
|
|
||||||
|
|
||||||
if (s->wpa_ie) {
|
if (s->wpa_ie) {
|
||||||
if (ie_parse_wpa_from_data(ie, ie[1] + 2, &info) < 0)
|
if (ie_parse_wpa_from_data(ie, ie[1] + 2, &info) < 0)
|
||||||
return false;
|
return false;
|
||||||
@ -205,6 +198,14 @@ bool handshake_state_set_supplicant_ie(struct handshake_state *s,
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (__builtin_popcount(info.pairwise_ciphers) != 1)
|
||||||
|
return false;
|
||||||
|
|
||||||
|
s->pairwise_cipher = info.pairwise_ciphers;
|
||||||
|
|
||||||
|
if (s->authenticator)
|
||||||
|
return true;
|
||||||
|
|
||||||
return handshake_state_setup_own_ciphers(s, &info);
|
return handshake_state_setup_own_ciphers(s, &info);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user