mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-12-22 21:22:37 +01:00
netdev: Handle the FT Authentication Response message
Parse the second message of the FT transition, validate and build the third message, the Reassociation Request.
This commit is contained in:
parent
d52683a2cb
commit
0854b90687
@ -82,6 +82,7 @@ src_iwd_SOURCES = src/main.c linux/nl80211.h \
|
|||||||
src/knownnetworks.c \
|
src/knownnetworks.c \
|
||||||
src/rfkill.h src/rfkill.c \
|
src/rfkill.h src/rfkill.c \
|
||||||
src/watchlist.h src/watchlist.c \
|
src/watchlist.h src/watchlist.c \
|
||||||
|
src/ftutil.h src/ftutil.c \
|
||||||
src/iwd.h
|
src/iwd.h
|
||||||
src_iwd_LDADD = ell/libell-internal.la -ldl
|
src_iwd_LDADD = ell/libell-internal.la -ldl
|
||||||
|
|
||||||
|
142
src/ftutil.c
Normal file
142
src/ftutil.c
Normal file
@ -0,0 +1,142 @@
|
|||||||
|
/*
|
||||||
|
*
|
||||||
|
* Wireless daemon for Linux
|
||||||
|
*
|
||||||
|
* Copyright (C) 2017 Intel Corporation. All rights reserved.
|
||||||
|
*
|
||||||
|
* This library is free software; you can redistribute it and/or
|
||||||
|
* modify it under the terms of the GNU Lesser General Public
|
||||||
|
* License as published by the Free Software Foundation; either
|
||||||
|
* version 2.1 of the License, or (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This library is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
* Lesser General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Lesser General Public
|
||||||
|
* License along with this library; if not, write to the Free Software
|
||||||
|
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
#ifdef HAVE_CONFIG_H
|
||||||
|
#include <config.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#include "linux/nl80211.h"
|
||||||
|
|
||||||
|
#include <ell/ell.h>
|
||||||
|
|
||||||
|
#include "src/ie.h"
|
||||||
|
#include "src/handshake.h"
|
||||||
|
#include "src/crypto.h"
|
||||||
|
#include "src/ftutil.h"
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Calculate the MIC field of the FTE and write it directly to that FTE,
|
||||||
|
* assuming it was all zeros before. See 12.8.4 and 12.8.5.
|
||||||
|
*/
|
||||||
|
bool ft_calculate_fte_mic(struct handshake_state *hs, uint8_t seq_num,
|
||||||
|
const uint8_t *rsne, const uint8_t *fte,
|
||||||
|
const uint8_t *ric, uint8_t *out_mic)
|
||||||
|
{
|
||||||
|
struct iovec iov[10];
|
||||||
|
int iov_elems = 0;
|
||||||
|
struct l_checksum *checksum;
|
||||||
|
const struct crypto_ptk *ptk = handshake_state_get_ptk(hs);
|
||||||
|
uint8_t zero_mic[16] = {};
|
||||||
|
|
||||||
|
iov[iov_elems].iov_base = hs->spa;
|
||||||
|
iov[iov_elems++].iov_len = 6;
|
||||||
|
|
||||||
|
iov[iov_elems].iov_base = hs->aa;
|
||||||
|
iov[iov_elems++].iov_len = 6;
|
||||||
|
|
||||||
|
iov[iov_elems].iov_base = &seq_num;
|
||||||
|
iov[iov_elems++].iov_len = 1;
|
||||||
|
|
||||||
|
if (rsne) {
|
||||||
|
iov[iov_elems].iov_base = (void *) rsne;
|
||||||
|
iov[iov_elems++].iov_len = rsne[1] + 2;
|
||||||
|
}
|
||||||
|
|
||||||
|
iov[iov_elems].iov_base = hs->mde;
|
||||||
|
iov[iov_elems++].iov_len = hs->mde[1] + 2;
|
||||||
|
|
||||||
|
if (fte) {
|
||||||
|
iov[iov_elems].iov_base = (void *) fte;
|
||||||
|
iov[iov_elems++].iov_len = 4;
|
||||||
|
|
||||||
|
iov[iov_elems].iov_base = zero_mic;
|
||||||
|
iov[iov_elems++].iov_len = 16;
|
||||||
|
|
||||||
|
iov[iov_elems].iov_base = (void *) (fte + 20);
|
||||||
|
iov[iov_elems++].iov_len = fte[1] + 2 - 20;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (ric) {
|
||||||
|
iov[iov_elems].iov_base = (void *) ric;
|
||||||
|
iov[iov_elems++].iov_len = ric[1] + 2;
|
||||||
|
}
|
||||||
|
|
||||||
|
checksum = l_checksum_new_cmac_aes(ptk->kck, 16);
|
||||||
|
if (!checksum)
|
||||||
|
return false;
|
||||||
|
|
||||||
|
l_checksum_updatev(checksum, iov, iov_elems);
|
||||||
|
l_checksum_get_digest(checksum, out_mic, 16);
|
||||||
|
l_checksum_free(checksum);
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Validate the FC, the addresses, Auth Type and authentication sequence
|
||||||
|
* number of an FT Authentication Response frame, return status code, and
|
||||||
|
* the start of the IE array (RSN, MD, FT, TI and RIC).
|
||||||
|
* See 8.3.3.1 for the header and 8.3.3.11 for the body format.
|
||||||
|
*/
|
||||||
|
bool ft_parse_authentication_resp_frame(const uint8_t *data, size_t len,
|
||||||
|
const uint8_t *addr1, const uint8_t *addr2,
|
||||||
|
const uint8_t *addr3, uint16_t auth_seq,
|
||||||
|
uint16_t *out_status, const uint8_t **out_ies,
|
||||||
|
size_t *out_ies_len)
|
||||||
|
{
|
||||||
|
const uint16_t frame_type = 0x00b0;
|
||||||
|
uint16_t status = 0;
|
||||||
|
|
||||||
|
if (len < 30)
|
||||||
|
return false;
|
||||||
|
|
||||||
|
/* Check FC == Management Frame -> Authentication */
|
||||||
|
if (l_get_le16(data + 0) != frame_type)
|
||||||
|
return false;
|
||||||
|
|
||||||
|
if (memcmp(data + 4, addr1, 6))
|
||||||
|
return false;
|
||||||
|
if (memcmp(data + 10, addr2, 6))
|
||||||
|
return false;
|
||||||
|
if (memcmp(data + 16, addr3, 6))
|
||||||
|
return false;
|
||||||
|
|
||||||
|
/* Check Authentication algorithm number is FT */
|
||||||
|
if (l_get_le16(data + 24) != NL80211_AUTHTYPE_FT)
|
||||||
|
return false;
|
||||||
|
|
||||||
|
if (l_get_le16(data + 26) != auth_seq)
|
||||||
|
return false;
|
||||||
|
|
||||||
|
if (auth_seq == 2 || auth_seq == 4)
|
||||||
|
status = l_get_le16(data + 28);
|
||||||
|
|
||||||
|
if (out_status)
|
||||||
|
*out_status = status;
|
||||||
|
|
||||||
|
if (status == 0 && out_ies) {
|
||||||
|
*out_ies = data + 28;
|
||||||
|
*out_ies_len = len - 28;
|
||||||
|
}
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
35
src/ftutil.h
Normal file
35
src/ftutil.h
Normal file
@ -0,0 +1,35 @@
|
|||||||
|
/*
|
||||||
|
*
|
||||||
|
* Wireless daemon for Linux
|
||||||
|
*
|
||||||
|
* Copyright (C) 2017 Intel Corporation. All rights reserved.
|
||||||
|
*
|
||||||
|
* This library is free software; you can redistribute it and/or
|
||||||
|
* modify it under the terms of the GNU Lesser General Public
|
||||||
|
* License as published by the Free Software Foundation; either
|
||||||
|
* version 2.1 of the License, or (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This library is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||||
|
* Lesser General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Lesser General Public
|
||||||
|
* License along with this library; if not, write to the Free Software
|
||||||
|
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
#include <stdbool.h>
|
||||||
|
|
||||||
|
struct handshake_state;
|
||||||
|
|
||||||
|
bool ft_calculate_fte_mic(struct handshake_state *hs, uint8_t seq_num,
|
||||||
|
const uint8_t *rsne, const uint8_t *fte,
|
||||||
|
const uint8_t *ric, uint8_t *out_mic);
|
||||||
|
|
||||||
|
bool ft_parse_authentication_resp_frame(const uint8_t *data, size_t len,
|
||||||
|
const uint8_t *addr1, const uint8_t *addr2,
|
||||||
|
const uint8_t *addr3, uint16_t auth_seq,
|
||||||
|
uint16_t *out_status, const uint8_t **out_ies,
|
||||||
|
size_t *out_ies_len);
|
446
src/netdev.c
446
src/netdev.c
@ -49,6 +49,7 @@
|
|||||||
#include "src/scan.h"
|
#include "src/scan.h"
|
||||||
#include "src/netdev.h"
|
#include "src/netdev.h"
|
||||||
#include "src/wscutil.h"
|
#include "src/wscutil.h"
|
||||||
|
#include "src/ftutil.h"
|
||||||
|
|
||||||
struct netdev {
|
struct netdev {
|
||||||
uint32_t index;
|
uint32_t index;
|
||||||
@ -1243,10 +1244,403 @@ error:
|
|||||||
netdev_connect_failed(NULL, netdev);
|
netdev_connect_failed(NULL, netdev);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Build an FT Reassociation Request frame according to 12.5.2 / 12.5.4:
|
||||||
|
* RSN or non-RSN Over-the-air FT Protocol, and with the IE contents
|
||||||
|
* according to 12.8.4: FT authentication sequence: contents of third message.
|
||||||
|
*/
|
||||||
|
static struct l_genl_msg *netdev_build_cmd_ft_reassociate(struct netdev *netdev,
|
||||||
|
uint32_t frequency,
|
||||||
|
const uint8_t *prev_bssid)
|
||||||
|
{
|
||||||
|
struct l_genl_msg *msg;
|
||||||
|
struct iovec iov[3];
|
||||||
|
int iov_elems = 0;
|
||||||
|
struct handshake_state *hs = netdev_get_handshake(netdev);
|
||||||
|
bool is_rsn = hs->own_ie != NULL;
|
||||||
|
uint8_t *rsne = NULL;
|
||||||
|
|
||||||
|
msg = l_genl_msg_new_sized(NL80211_CMD_ASSOCIATE, 600);
|
||||||
|
l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
|
||||||
|
l_genl_msg_append_attr(msg, NL80211_ATTR_WIPHY_FREQ, 4, &frequency);
|
||||||
|
l_genl_msg_append_attr(msg, NL80211_ATTR_MAC, ETH_ALEN, hs->aa);
|
||||||
|
l_genl_msg_append_attr(msg, NL80211_ATTR_PREV_BSSID, ETH_ALEN,
|
||||||
|
prev_bssid);
|
||||||
|
l_genl_msg_append_attr(msg, NL80211_ATTR_SSID, hs->ssid_len, hs->ssid);
|
||||||
|
|
||||||
|
if (is_rsn) {
|
||||||
|
uint32_t nl_cipher;
|
||||||
|
uint32_t nl_akm;
|
||||||
|
uint32_t wpa_version;
|
||||||
|
struct ie_rsn_info rsn_info;
|
||||||
|
|
||||||
|
if (hs->pairwise_cipher == IE_RSN_CIPHER_SUITE_CCMP)
|
||||||
|
nl_cipher = CRYPTO_CIPHER_CCMP;
|
||||||
|
else
|
||||||
|
nl_cipher = CRYPTO_CIPHER_TKIP;
|
||||||
|
|
||||||
|
l_genl_msg_append_attr(msg, NL80211_ATTR_CIPHER_SUITES_PAIRWISE,
|
||||||
|
4, &nl_cipher);
|
||||||
|
|
||||||
|
if (hs->group_cipher == IE_RSN_CIPHER_SUITE_CCMP)
|
||||||
|
nl_cipher = CRYPTO_CIPHER_CCMP;
|
||||||
|
else
|
||||||
|
nl_cipher = CRYPTO_CIPHER_TKIP;
|
||||||
|
|
||||||
|
l_genl_msg_append_attr(msg, NL80211_ATTR_CIPHER_SUITE_GROUP,
|
||||||
|
4, &nl_cipher);
|
||||||
|
|
||||||
|
if (hs->mfp) {
|
||||||
|
uint32_t use_mfp = NL80211_MFP_REQUIRED;
|
||||||
|
l_genl_msg_append_attr(msg, NL80211_ATTR_USE_MFP,
|
||||||
|
4, &use_mfp);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (hs->akm_suite == IE_RSN_AKM_SUITE_FT_OVER_8021X)
|
||||||
|
nl_akm = CRYPTO_AKM_FT_OVER_8021X;
|
||||||
|
else
|
||||||
|
nl_akm = CRYPTO_AKM_FT_USING_PSK;
|
||||||
|
|
||||||
|
l_genl_msg_append_attr(msg, NL80211_ATTR_AKM_SUITES,
|
||||||
|
4, &nl_akm);
|
||||||
|
|
||||||
|
wpa_version = NL80211_WPA_VERSION_2;
|
||||||
|
l_genl_msg_append_attr(msg, NL80211_ATTR_WPA_VERSIONS,
|
||||||
|
4, &wpa_version);
|
||||||
|
|
||||||
|
l_genl_msg_append_attr(msg, NL80211_ATTR_CONTROL_PORT, 0, NULL);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Rebuild the RSNE to include the PMKR1Name and append
|
||||||
|
* MDE + FTE.
|
||||||
|
*
|
||||||
|
* 12.8.4: "If present, the RSNE shall be set as follows:
|
||||||
|
* — Version field shall be set to 1.
|
||||||
|
* — PMKID Count field shall be set to 1.
|
||||||
|
* — PMKID field shall contain the PMKR1Name.
|
||||||
|
* — All other fields shall be as specified in 8.4.2.27
|
||||||
|
* and 11.5.3."
|
||||||
|
*/
|
||||||
|
if (ie_parse_rsne_from_data(hs->own_ie, hs->own_ie[1] + 2,
|
||||||
|
&rsn_info) < 0)
|
||||||
|
goto error;
|
||||||
|
|
||||||
|
rsn_info.num_pmkids = 1;
|
||||||
|
rsn_info.pmkids = hs->pmk_r1_name;
|
||||||
|
|
||||||
|
rsne = alloca(256);
|
||||||
|
ie_build_rsne(&rsn_info, rsne);
|
||||||
|
|
||||||
|
iov[iov_elems].iov_base = rsne;
|
||||||
|
iov[iov_elems].iov_len = rsne[1] + 2;
|
||||||
|
iov_elems += 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* The MDE advertised by the BSS must be passed verbatim */
|
||||||
|
iov[iov_elems].iov_base = (void *) hs->mde;
|
||||||
|
iov[iov_elems].iov_len = hs->mde[1] + 2;
|
||||||
|
iov_elems += 1;
|
||||||
|
|
||||||
|
if (is_rsn) {
|
||||||
|
struct ie_ft_info ft_info;
|
||||||
|
uint8_t *fte;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* 12.8.4: "If present, the FTE shall be set as follows:
|
||||||
|
* — ANonce, SNonce, R0KH-ID, and R1KH-ID shall be set to
|
||||||
|
* the values contained in the second message of this
|
||||||
|
* sequence.
|
||||||
|
* — The Element Count field of the MIC Control field shall
|
||||||
|
* be set to the number of elements protected in this
|
||||||
|
* frame (variable).
|
||||||
|
* [...]
|
||||||
|
* — All other fields shall be set to 0."
|
||||||
|
*/
|
||||||
|
|
||||||
|
memset(&ft_info, 0, sizeof(ft_info));
|
||||||
|
|
||||||
|
ft_info.mic_element_count = 3;
|
||||||
|
memcpy(ft_info.r0khid, hs->r0khid, hs->r0khid_len);
|
||||||
|
ft_info.r0khid_len = hs->r0khid_len;
|
||||||
|
memcpy(ft_info.r1khid, hs->r1khid, 6);
|
||||||
|
ft_info.r1khid_present = true;
|
||||||
|
memcpy(ft_info.anonce, hs->anonce, 32);
|
||||||
|
memcpy(ft_info.snonce, hs->snonce, 32);
|
||||||
|
|
||||||
|
fte = alloca(256);
|
||||||
|
ie_build_fast_bss_transition(&ft_info, fte);
|
||||||
|
|
||||||
|
if (!ft_calculate_fte_mic(hs, 5, rsne, fte, NULL, ft_info.mic))
|
||||||
|
goto error;
|
||||||
|
|
||||||
|
/* Rebuild the FT IE now with the MIC included */
|
||||||
|
ie_build_fast_bss_transition(&ft_info, fte);
|
||||||
|
|
||||||
|
iov[iov_elems].iov_base = fte;
|
||||||
|
iov[iov_elems].iov_len = fte[1] + 2;
|
||||||
|
iov_elems += 1;
|
||||||
|
}
|
||||||
|
|
||||||
|
l_genl_msg_append_attrv(msg, NL80211_ATTR_IE, iov, iov_elems);
|
||||||
|
|
||||||
|
return msg;
|
||||||
|
|
||||||
|
error:
|
||||||
|
l_genl_msg_unref(msg);
|
||||||
|
|
||||||
|
return NULL;
|
||||||
|
}
|
||||||
|
|
||||||
|
static void netdev_cmd_ft_reassociate_cb(struct l_genl_msg *msg,
|
||||||
|
void *user_data)
|
||||||
|
{
|
||||||
|
struct netdev *netdev = user_data;
|
||||||
|
|
||||||
|
netdev->connect_cmd_id = 0;
|
||||||
|
|
||||||
|
if (l_genl_msg_get_error(msg) < 0) {
|
||||||
|
struct l_genl_msg *cmd_deauth;
|
||||||
|
|
||||||
|
netdev->result = NETDEV_RESULT_ASSOCIATION_FAILED;
|
||||||
|
cmd_deauth = netdev_build_cmd_deauthenticate(netdev,
|
||||||
|
MPDU_REASON_CODE_UNSPECIFIED);
|
||||||
|
netdev->disconnect_cmd_id = l_genl_family_send(nl80211,
|
||||||
|
cmd_deauth,
|
||||||
|
netdev_connect_failed,
|
||||||
|
netdev, NULL);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
static void netdev_authenticate_event(struct l_genl_msg *msg,
|
static void netdev_authenticate_event(struct l_genl_msg *msg,
|
||||||
struct netdev *netdev)
|
struct netdev *netdev)
|
||||||
{
|
{
|
||||||
|
struct l_genl_msg *cmd_associate, *cmd_deauth;
|
||||||
|
struct l_genl_attr attr;
|
||||||
|
uint16_t type, len;
|
||||||
|
const void *data;
|
||||||
|
uint16_t status_code;
|
||||||
|
const uint8_t *ies = NULL;
|
||||||
|
size_t ies_len;
|
||||||
|
const uint8_t *frame = NULL;
|
||||||
|
size_t frame_len = 0;
|
||||||
|
struct ie_tlv_iter iter;
|
||||||
|
const uint8_t *rsne = NULL;
|
||||||
|
const uint8_t *mde = NULL;
|
||||||
|
const uint8_t *fte = NULL;
|
||||||
|
struct handshake_state *hs = netdev->handshake;
|
||||||
|
bool is_rsn = hs->own_ie != NULL;
|
||||||
|
|
||||||
l_debug("");
|
l_debug("");
|
||||||
|
|
||||||
|
/*
|
||||||
|
* During Fast Transition we use the authenticate event to start the
|
||||||
|
* reassociation step because the FTE necessary before we can build
|
||||||
|
* the FT Associate command is included in the attached frame and is
|
||||||
|
* not available in the Authenticate command callback.
|
||||||
|
*/
|
||||||
|
if (!netdev->in_ft)
|
||||||
|
return;
|
||||||
|
|
||||||
|
if (!l_genl_attr_init(&attr, msg)) {
|
||||||
|
l_debug("attr init failed");
|
||||||
|
|
||||||
|
goto auth_error;
|
||||||
|
}
|
||||||
|
|
||||||
|
while (l_genl_attr_next(&attr, &type, &len, &data)) {
|
||||||
|
switch (type) {
|
||||||
|
case NL80211_ATTR_TIMED_OUT:
|
||||||
|
l_warn("authentication timed out");
|
||||||
|
|
||||||
|
goto auth_error;
|
||||||
|
|
||||||
|
case NL80211_ATTR_FRAME:
|
||||||
|
if (frame)
|
||||||
|
goto auth_error;
|
||||||
|
|
||||||
|
frame = data;
|
||||||
|
frame_len = len;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!frame)
|
||||||
|
goto auth_error;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Parse the Authentication Response and validate the contents
|
||||||
|
* according to 12.5.2 / 12.5.4: RSN or non-RSN Over-the-air
|
||||||
|
* FT Protocol.
|
||||||
|
*/
|
||||||
|
if (!ft_parse_authentication_resp_frame(frame, frame_len,
|
||||||
|
netdev->addr, hs->aa, hs->aa, 2,
|
||||||
|
&status_code, &ies, &ies_len))
|
||||||
|
goto auth_error;
|
||||||
|
|
||||||
|
/* AP Rejected the authenticate / associate */
|
||||||
|
if (status_code != 0)
|
||||||
|
goto auth_error;
|
||||||
|
|
||||||
|
/* Check 802.11r IEs */
|
||||||
|
if (!ies)
|
||||||
|
goto ft_error;
|
||||||
|
|
||||||
|
ie_tlv_iter_init(&iter, ies, ies_len);
|
||||||
|
|
||||||
|
while (ie_tlv_iter_next(&iter)) {
|
||||||
|
switch (ie_tlv_iter_get_tag(&iter)) {
|
||||||
|
case IE_TYPE_RSN:
|
||||||
|
if (rsne)
|
||||||
|
goto ft_error;
|
||||||
|
|
||||||
|
rsne = ie_tlv_iter_get_data(&iter) - 2;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case IE_TYPE_MOBILITY_DOMAIN:
|
||||||
|
if (mde)
|
||||||
|
goto ft_error;
|
||||||
|
|
||||||
|
mde = ie_tlv_iter_get_data(&iter) - 2;
|
||||||
|
break;
|
||||||
|
|
||||||
|
case IE_TYPE_FAST_BSS_TRANSITION:
|
||||||
|
if (fte)
|
||||||
|
goto ft_error;
|
||||||
|
|
||||||
|
fte = ie_tlv_iter_get_data(&iter) - 2;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* In an RSN, check for an RSNE containing the PMK-R0-Name and
|
||||||
|
* the remaining fields same as in the advertised RSNE.
|
||||||
|
*
|
||||||
|
* 12.8.3: "The RSNE shall be present only if dot11RSNAActivated
|
||||||
|
* is true. If present, the RSNE shall be set as follows:
|
||||||
|
* — Version field shall be set to 1.
|
||||||
|
* — PMKID Count field shall be set to 1.
|
||||||
|
* — PMKID List field shall be set to the value contained in the
|
||||||
|
* first message of this sequence.
|
||||||
|
* — All other fields shall be identical to the contents of the
|
||||||
|
* RSNE advertised by the AP in Beacon and Probe Response frames."
|
||||||
|
*/
|
||||||
|
if (is_rsn) {
|
||||||
|
struct ie_rsn_info msg2_rsne;
|
||||||
|
|
||||||
|
if (!rsne)
|
||||||
|
goto ft_error;
|
||||||
|
|
||||||
|
if (ie_parse_rsne_from_data(rsne, rsne[1] + 2,
|
||||||
|
&msg2_rsne) < 0)
|
||||||
|
goto ft_error;
|
||||||
|
|
||||||
|
if (msg2_rsne.num_pmkids != 1 ||
|
||||||
|
memcmp(msg2_rsne.pmkids, hs->pmk_r0_name, 16))
|
||||||
|
goto ft_error;
|
||||||
|
|
||||||
|
if (!handshake_util_ap_ie_matches(rsne, hs->ap_ie, false))
|
||||||
|
goto ft_error;
|
||||||
|
} else if (rsne)
|
||||||
|
goto ft_error;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Check for an MD IE identical to the one we sent in message 1
|
||||||
|
*
|
||||||
|
* 12.8.3: "The MDE shall contain the MDID and FT Capability and
|
||||||
|
* Policy fields. This element shall be the same as the MDE
|
||||||
|
* advertised by the target AP in Beacon and Probe Response frames."
|
||||||
|
*/
|
||||||
|
if (!mde || memcmp(hs->mde, mde, hs->mde[1] + 2))
|
||||||
|
goto ft_error;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* In an RSN, check for an FT IE with the same R0KH-ID and the same
|
||||||
|
* SNonce that we sent, and check that the R1KH-ID and the ANonce
|
||||||
|
* are present. Use them to generate new PMK-R1, PMK-R1-Name and PTK
|
||||||
|
* in handshake.c.
|
||||||
|
*
|
||||||
|
* 12.8.3: "The FTE shall be present only if dot11RSNAActivated is
|
||||||
|
* true. If present, the FTE shall be set as follows:
|
||||||
|
* — R0KH-ID shall be identical to the R0KH-ID provided by the FTO
|
||||||
|
* in the first message.
|
||||||
|
* — R1KH-ID shall be set to the R1KH-ID of the target AP, from
|
||||||
|
* dot11FTR1KeyHolderID.
|
||||||
|
* — ANonce shall be set to a value chosen randomly by the target AP,
|
||||||
|
* following the recommendations of 11.6.5.
|
||||||
|
* — SNonce shall be set to the value contained in the first message
|
||||||
|
* of this sequence.
|
||||||
|
* — All other fields shall be set to 0."
|
||||||
|
*/
|
||||||
|
if (is_rsn) {
|
||||||
|
struct ie_ft_info ft_info;
|
||||||
|
uint8_t zeros[16] = {};
|
||||||
|
|
||||||
|
if (!fte)
|
||||||
|
goto ft_error;
|
||||||
|
|
||||||
|
if (ie_parse_fast_bss_transition_from_data(fte, fte[1] + 2,
|
||||||
|
&ft_info) < 0)
|
||||||
|
goto ft_error;
|
||||||
|
|
||||||
|
if (ft_info.mic_element_count != 0 ||
|
||||||
|
memcmp(ft_info.mic, zeros, 16))
|
||||||
|
goto ft_error;
|
||||||
|
|
||||||
|
if (hs->r0khid_len != ft_info.r0khid_len ||
|
||||||
|
memcmp(hs->r0khid, ft_info.r0khid,
|
||||||
|
hs->r0khid_len) ||
|
||||||
|
!ft_info.r1khid_present)
|
||||||
|
goto ft_error;
|
||||||
|
|
||||||
|
if (memcmp(ft_info.snonce, hs->snonce, 32))
|
||||||
|
goto ft_error;
|
||||||
|
|
||||||
|
handshake_state_set_fte(hs, fte);
|
||||||
|
|
||||||
|
handshake_state_set_anonce(hs, ft_info.anonce);
|
||||||
|
|
||||||
|
handshake_state_set_kh_ids(hs, ft_info.r0khid,
|
||||||
|
ft_info.r0khid_len,
|
||||||
|
ft_info.r1khid);
|
||||||
|
|
||||||
|
handshake_state_derive_ptk(hs);
|
||||||
|
} else if (fte)
|
||||||
|
goto ft_error;
|
||||||
|
|
||||||
|
cmd_associate = netdev_build_cmd_ft_reassociate(netdev,
|
||||||
|
netdev->frequency,
|
||||||
|
netdev->prev_bssid);
|
||||||
|
if (!cmd_associate)
|
||||||
|
goto ft_error;
|
||||||
|
|
||||||
|
netdev->connect_cmd_id = l_genl_family_send(nl80211,
|
||||||
|
cmd_associate,
|
||||||
|
netdev_cmd_ft_reassociate_cb,
|
||||||
|
netdev, NULL);
|
||||||
|
if (!netdev->connect_cmd_id) {
|
||||||
|
l_genl_msg_unref(cmd_associate);
|
||||||
|
|
||||||
|
goto ft_error;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (netdev->sm)
|
||||||
|
eapol_register(netdev->sm); /* See netdev_cmd_connect_cb */
|
||||||
|
|
||||||
|
return;
|
||||||
|
|
||||||
|
auth_error:
|
||||||
|
netdev->result = NETDEV_RESULT_AUTHENTICATION_FAILED;
|
||||||
|
netdev_connect_failed(NULL, netdev);
|
||||||
|
return;
|
||||||
|
|
||||||
|
ft_error:
|
||||||
|
netdev->result = NETDEV_RESULT_AUTHENTICATION_FAILED;
|
||||||
|
cmd_deauth = netdev_build_cmd_deauthenticate(netdev,
|
||||||
|
MPDU_REASON_CODE_UNSPECIFIED);
|
||||||
|
netdev->disconnect_cmd_id = l_genl_family_send(nl80211, cmd_deauth,
|
||||||
|
netdev_connect_failed,
|
||||||
|
netdev, NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
static void netdev_associate_event(struct l_genl_msg *msg,
|
static void netdev_associate_event(struct l_genl_msg *msg,
|
||||||
@ -1255,6 +1649,32 @@ static void netdev_associate_event(struct l_genl_msg *msg,
|
|||||||
l_debug("");
|
l_debug("");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static unsigned int ie_rsn_akm_suite_to_nl80211(enum ie_rsn_akm_suite akm)
|
||||||
|
{
|
||||||
|
switch (akm) {
|
||||||
|
case IE_RSN_AKM_SUITE_8021X:
|
||||||
|
return CRYPTO_AKM_8021X;
|
||||||
|
case IE_RSN_AKM_SUITE_PSK:
|
||||||
|
return CRYPTO_AKM_PSK;
|
||||||
|
case IE_RSN_AKM_SUITE_FT_OVER_8021X:
|
||||||
|
return CRYPTO_AKM_FT_OVER_8021X;
|
||||||
|
case IE_RSN_AKM_SUITE_FT_USING_PSK:
|
||||||
|
return CRYPTO_AKM_FT_USING_PSK;
|
||||||
|
case IE_RSN_AKM_SUITE_8021X_SHA256:
|
||||||
|
return CRYPTO_AKM_8021X_SHA256;
|
||||||
|
case IE_RSN_AKM_SUITE_PSK_SHA256:
|
||||||
|
return CRYPTO_AKM_PSK_SHA256;
|
||||||
|
case IE_RSN_AKM_SUITE_TDLS:
|
||||||
|
return CRYPTO_AKM_TDLS;
|
||||||
|
case IE_RSN_AKM_SUITE_SAE_SHA256:
|
||||||
|
return CRYPTO_AKM_SAE_SHA256;
|
||||||
|
case IE_RSN_AKM_SUITE_FT_OVER_SAE_SHA256:
|
||||||
|
return CRYPTO_AKM_FT_OVER_SAE_SHA256;
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
static void netdev_cmd_connect_cb(struct l_genl_msg *msg, void *user_data)
|
static void netdev_cmd_connect_cb(struct l_genl_msg *msg, void *user_data)
|
||||||
{
|
{
|
||||||
struct netdev *netdev = user_data;
|
struct netdev *netdev = user_data;
|
||||||
@ -1285,32 +1705,6 @@ static void netdev_cmd_connect_cb(struct l_genl_msg *msg, void *user_data)
|
|||||||
netdev_connect_failed(NULL, netdev);
|
netdev_connect_failed(NULL, netdev);
|
||||||
}
|
}
|
||||||
|
|
||||||
static unsigned int ie_rsn_akm_suite_to_nl80211(enum ie_rsn_akm_suite akm)
|
|
||||||
{
|
|
||||||
switch (akm) {
|
|
||||||
case IE_RSN_AKM_SUITE_8021X:
|
|
||||||
return CRYPTO_AKM_8021X;
|
|
||||||
case IE_RSN_AKM_SUITE_PSK:
|
|
||||||
return CRYPTO_AKM_PSK;
|
|
||||||
case IE_RSN_AKM_SUITE_FT_OVER_8021X:
|
|
||||||
return CRYPTO_AKM_FT_OVER_8021X;
|
|
||||||
case IE_RSN_AKM_SUITE_FT_USING_PSK:
|
|
||||||
return CRYPTO_AKM_FT_USING_PSK;
|
|
||||||
case IE_RSN_AKM_SUITE_8021X_SHA256:
|
|
||||||
return CRYPTO_AKM_8021X_SHA256;
|
|
||||||
case IE_RSN_AKM_SUITE_PSK_SHA256:
|
|
||||||
return CRYPTO_AKM_PSK_SHA256;
|
|
||||||
case IE_RSN_AKM_SUITE_TDLS:
|
|
||||||
return CRYPTO_AKM_TDLS;
|
|
||||||
case IE_RSN_AKM_SUITE_SAE_SHA256:
|
|
||||||
return CRYPTO_AKM_SAE_SHA256;
|
|
||||||
case IE_RSN_AKM_SUITE_FT_OVER_SAE_SHA256:
|
|
||||||
return CRYPTO_AKM_FT_OVER_SAE_SHA256;
|
|
||||||
}
|
|
||||||
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
static struct l_genl_msg *netdev_build_cmd_connect(struct netdev *netdev,
|
static struct l_genl_msg *netdev_build_cmd_connect(struct netdev *netdev,
|
||||||
struct scan_bss *bss,
|
struct scan_bss *bss,
|
||||||
struct handshake_state *hs)
|
struct handshake_state *hs)
|
||||||
|
Loading…
Reference in New Issue
Block a user