handshake: Rename own_ie/ap_ie and related setters
To avoid confusion in case of an authenticator side handshake_state
structure and eapol_sm structure, rename own_ie to supplicant_ie and
ap_ie to authenticator_ie. Also rename
handshake_state_set_{own,ap}_{rsn,wpa} and fix when we call
handshake_state_setup_own_ciphers. As a result
handshake_state_set_authenticator, if needed, should be called before
handshake_state_set_{own,ap}_{rsn,wpa}.
This commit is contained in:
Andrew Zaborowski
Denis Kenzior
parent
74e4f1a02c
commit
5f3cdc2093
|
|
@ -203,8 +203,8 @@ static struct eapol_sm *adhoc_new_sm(struct sta_state *sta, bool authenticator)
|
|||
handshake_state_set_event_func(hs, adhoc_handshake_event, sta);
|
||||
handshake_state_set_ssid(hs, (void *)adhoc->ssid, strlen(adhoc->ssid));
|
||||
/* we dont have the connecting peer rsn info, so just set ap == own */
|
||||
handshake_state_set_ap_rsn(hs, bss_rsne);
|
||||
handshake_state_set_own_rsn(hs, bss_rsne);
|
||||
handshake_state_set_authenticator_rsn(hs, bss_rsne);
|
||||
handshake_state_set_supplicant_rsn(hs, bss_rsne);
|
||||
handshake_state_set_pmk(hs, adhoc->pmk, 32);
|
||||
|
||||
if (authenticator) {
|
||||
|
|
|
|||
6
src/ap.c
6
src/ap.c
|
|
@ -420,12 +420,12 @@ static void ap_associate_sta_cb(struct l_genl_msg *msg, void *user_data)
|
|||
|
||||
handshake_state_set_event_func(sta->hs, ap_handshake_event, sta);
|
||||
handshake_state_set_ssid(sta->hs, (void *)ap->ssid, strlen(ap->ssid));
|
||||
handshake_state_set_ap_rsn(sta->hs, bss_rsne);
|
||||
handshake_state_set_own_rsn(sta->hs, sta->assoc_rsne);
|
||||
handshake_state_set_authenticator(sta->hs, true);
|
||||
handshake_state_set_authenticator_rsn(sta->hs, bss_rsne);
|
||||
handshake_state_set_supplicant_rsn(sta->hs, sta->assoc_rsne);
|
||||
handshake_state_set_pmk(sta->hs, ap->pmk, 32);
|
||||
handshake_state_set_authenticator_address(sta->hs, own_addr);
|
||||
handshake_state_set_supplicant_address(sta->hs, sta->addr);
|
||||
handshake_state_set_authenticator(sta->hs, true);
|
||||
|
||||
sta->sm = eapol_sm_new(sta->hs);
|
||||
if (!sta->sm) {
|
||||
|
|
|
|||
17
src/device.c
17
src/device.c
|
|
@ -728,12 +728,12 @@ static struct handshake_state *device_handshake_setup(struct device *device,
|
|||
/* RSN takes priority */
|
||||
if (bss->rsne) {
|
||||
ie_build_rsne(&info, rsne_buf);
|
||||
handshake_state_set_ap_rsn(hs, bss->rsne);
|
||||
handshake_state_set_own_rsn(hs, rsne_buf);
|
||||
handshake_state_set_authenticator_rsn(hs, bss->rsne);
|
||||
handshake_state_set_supplicant_rsn(hs, rsne_buf);
|
||||
} else {
|
||||
ie_build_wpa(&info, rsne_buf);
|
||||
handshake_state_set_ap_wpa(hs, bss->wpa);
|
||||
handshake_state_set_own_wpa(hs, rsne_buf);
|
||||
handshake_state_set_authenticator_wpa(hs, bss->wpa);
|
||||
handshake_state_set_supplicant_wpa(hs, rsne_buf);
|
||||
}
|
||||
|
||||
if (security == SECURITY_PSK) {
|
||||
|
|
@ -918,12 +918,13 @@ static void device_preauthenticate_cb(struct netdev *netdev,
|
|||
|
||||
/*
|
||||
* Rebuild the RSNE to include the negotiated PMKID. Note
|
||||
* own_ie can't be a WPA IE here, including because the
|
||||
* WPA IE doesn't have a capabilities field and
|
||||
* supplicant_ie can't be a WPA IE here, including because
|
||||
* the WPA IE doesn't have a capabilities field and
|
||||
* target_rsne->preauthentication would have been false in
|
||||
* device_transition_start.
|
||||
*/
|
||||
ie_parse_rsne_from_data(new_hs->own_ie, new_hs->own_ie[1] + 2,
|
||||
ie_parse_rsne_from_data(new_hs->supplicant_ie,
|
||||
new_hs->supplicant_ie[1] + 2,
|
||||
&rsn_info);
|
||||
|
||||
handshake_state_get_pmkid(new_hs, pmkid);
|
||||
|
|
@ -932,7 +933,7 @@ static void device_preauthenticate_cb(struct netdev *netdev,
|
|||
rsn_info.pmkids = pmkid;
|
||||
|
||||
ie_build_rsne(&rsn_info, rsne_buf);
|
||||
handshake_state_set_own_rsn(new_hs, rsne_buf);
|
||||
handshake_state_set_supplicant_rsn(new_hs, rsne_buf);
|
||||
}
|
||||
|
||||
device_transition_reassociate(device, bss, new_hs);
|
||||
|
|
|
|||
|
|
@ -941,7 +941,7 @@ static void eapol_handle_ptk_1_of_4(struct eapol_sm *sm,
|
|||
uint8_t mic[16];
|
||||
uint8_t *ies;
|
||||
size_t ies_len;
|
||||
const uint8_t *own_ie = sm->handshake->own_ie;
|
||||
const uint8_t *own_ie = sm->handshake->supplicant_ie;
|
||||
const uint8_t *pmkid;
|
||||
struct ie_rsn_info rsn_info;
|
||||
|
||||
|
|
@ -1210,8 +1210,9 @@ static void eapol_handle_ptk_2_of_4(struct eapol_sm *sm,
|
|||
*/
|
||||
rsne = eapol_find_rsne(ek->key_data,
|
||||
L_BE16_TO_CPU(ek->key_data_len), NULL);
|
||||
if (!rsne || rsne[1] != sm->handshake->own_ie[1] ||
|
||||
memcmp(rsne + 2, sm->handshake->own_ie + 2, rsne[1])) {
|
||||
if (!rsne || rsne[1] != sm->handshake->supplicant_ie[1] ||
|
||||
memcmp(rsne + 2, sm->handshake->supplicant_ie + 2,
|
||||
rsne[1])) {
|
||||
|
||||
handshake_failed(sm, MMPDU_REASON_CODE_IE_DIFFERENT);
|
||||
return;
|
||||
|
|
@ -1323,7 +1324,7 @@ static void eapol_handle_ptk_3_of_4(struct eapol_sm *sm,
|
|||
if (!rsne)
|
||||
goto error_ie_different;
|
||||
|
||||
if (!handshake_util_ap_ie_matches(rsne, sm->handshake->ap_ie,
|
||||
if (!handshake_util_ap_ie_matches(rsne, sm->handshake->authenticator_ie,
|
||||
sm->handshake->wpa_ie))
|
||||
goto error_ie_different;
|
||||
|
||||
|
|
|
|||
104
src/handshake.c
104
src/handshake.c
|
|
@ -74,8 +74,8 @@ void handshake_state_free(struct handshake_state *s)
|
|||
{
|
||||
typeof(s->free) destroy = s->free;
|
||||
|
||||
l_free(s->ap_ie);
|
||||
l_free(s->own_ie);
|
||||
l_free(s->authenticator_ie);
|
||||
l_free(s->supplicant_ie);
|
||||
l_free(s->mde);
|
||||
l_free(s->fte);
|
||||
l_free(s->passphrase);
|
||||
|
|
@ -121,28 +121,6 @@ struct l_settings *handshake_state_get_8021x_config(struct handshake_state *s)
|
|||
return s->settings_8021x;
|
||||
}
|
||||
|
||||
static void handshake_state_set_ap_ie(struct handshake_state *s,
|
||||
const uint8_t *ie, bool is_wpa)
|
||||
{
|
||||
l_free(s->ap_ie);
|
||||
s->ap_ie = l_memdup(ie, ie[1] + 2u);
|
||||
s->wpa_ie = is_wpa;
|
||||
}
|
||||
|
||||
static void handshake_state_set_own_ie(struct handshake_state *s,
|
||||
const uint8_t *ie, bool is_wpa)
|
||||
{
|
||||
l_free(s->own_ie);
|
||||
s->own_ie = l_memdup(ie, ie[1] + 2u);
|
||||
s->wpa_ie = is_wpa;
|
||||
}
|
||||
|
||||
void handshake_state_set_ap_rsn(struct handshake_state *s,
|
||||
const uint8_t *rsn_ie)
|
||||
{
|
||||
handshake_state_set_ap_ie(s, rsn_ie, false);
|
||||
}
|
||||
|
||||
static bool handshake_state_setup_own_ciphers(struct handshake_state *s,
|
||||
const struct ie_rsn_info *info)
|
||||
{
|
||||
|
|
@ -161,36 +139,74 @@ static bool handshake_state_setup_own_ciphers(struct handshake_state *s,
|
|||
return true;
|
||||
}
|
||||
|
||||
bool handshake_state_set_own_rsn(struct handshake_state *s,
|
||||
static bool handshake_state_set_authenticator_ie(struct handshake_state *s,
|
||||
const uint8_t *ie, bool is_wpa)
|
||||
{
|
||||
struct ie_rsn_info info;
|
||||
|
||||
l_free(s->authenticator_ie);
|
||||
s->authenticator_ie = l_memdup(ie, ie[1] + 2u);
|
||||
s->wpa_ie = is_wpa;
|
||||
|
||||
if (!s->authenticator)
|
||||
return true;
|
||||
|
||||
if (is_wpa) {
|
||||
if (ie_parse_wpa_from_data(ie, ie[1] + 2, &info) < 0)
|
||||
return false;
|
||||
} else {
|
||||
if (ie_parse_rsne_from_data(ie, ie[1] + 2, &info) < 0)
|
||||
return false;
|
||||
}
|
||||
|
||||
return handshake_state_setup_own_ciphers(s, &info);
|
||||
}
|
||||
|
||||
static bool handshake_state_set_supplicant_ie(struct handshake_state *s,
|
||||
const uint8_t *ie, bool is_wpa)
|
||||
{
|
||||
struct ie_rsn_info info;
|
||||
|
||||
l_free(s->supplicant_ie);
|
||||
s->supplicant_ie = l_memdup(ie, ie[1] + 2u);
|
||||
s->wpa_ie = is_wpa;
|
||||
|
||||
if (s->authenticator)
|
||||
return true;
|
||||
|
||||
if (is_wpa) {
|
||||
if (ie_parse_wpa_from_data(ie, ie[1] + 2, &info) < 0)
|
||||
return false;
|
||||
} else {
|
||||
if (ie_parse_rsne_from_data(ie, ie[1] + 2, &info) < 0)
|
||||
return false;
|
||||
}
|
||||
|
||||
return handshake_state_setup_own_ciphers(s, &info);
|
||||
}
|
||||
|
||||
bool handshake_state_set_authenticator_rsn(struct handshake_state *s,
|
||||
const uint8_t *rsn_ie)
|
||||
{
|
||||
return handshake_state_set_authenticator_ie(s, rsn_ie, false);
|
||||
}
|
||||
|
||||
bool handshake_state_set_supplicant_rsn(struct handshake_state *s,
|
||||
const uint8_t *rsn_ie)
|
||||
{
|
||||
struct ie_rsn_info info;
|
||||
|
||||
handshake_state_set_own_ie(s, rsn_ie, false);
|
||||
|
||||
if (ie_parse_rsne_from_data(rsn_ie, rsn_ie[1] + 2, &info) < 0)
|
||||
return false;
|
||||
|
||||
return handshake_state_setup_own_ciphers(s, &info);
|
||||
return handshake_state_set_supplicant_ie(s, rsn_ie, false);
|
||||
}
|
||||
|
||||
void handshake_state_set_ap_wpa(struct handshake_state *s,
|
||||
bool handshake_state_set_authenticator_wpa(struct handshake_state *s,
|
||||
const uint8_t *wpa_ie)
|
||||
{
|
||||
handshake_state_set_ap_ie(s, wpa_ie, true);
|
||||
return handshake_state_set_authenticator_ie(s, wpa_ie, true);
|
||||
}
|
||||
|
||||
bool handshake_state_set_own_wpa(struct handshake_state *s,
|
||||
bool handshake_state_set_supplicant_wpa(struct handshake_state *s,
|
||||
const uint8_t *wpa_ie)
|
||||
{
|
||||
struct ie_rsn_info info;
|
||||
|
||||
handshake_state_set_own_ie(s, wpa_ie, true);
|
||||
|
||||
if (ie_parse_wpa_from_data(wpa_ie, wpa_ie[1] + 2, &info) < 0)
|
||||
return false;
|
||||
|
||||
return handshake_state_setup_own_ciphers(s, &info);
|
||||
return handshake_state_set_supplicant_ie(s, wpa_ie, true);
|
||||
}
|
||||
|
||||
void handshake_state_set_ssid(struct handshake_state *s, const uint8_t *ssid,
|
||||
|
|
|
|||
|
|
@ -77,8 +77,8 @@ struct handshake_state {
|
|||
uint32_t ifindex;
|
||||
uint8_t spa[6];
|
||||
uint8_t aa[6];
|
||||
uint8_t *ap_ie;
|
||||
uint8_t *own_ie;
|
||||
uint8_t *authenticator_ie;
|
||||
uint8_t *supplicant_ie;
|
||||
uint8_t *mde;
|
||||
uint8_t *fte;
|
||||
enum ie_rsn_cipher_suite pairwise_cipher;
|
||||
|
|
@ -128,13 +128,13 @@ void handshake_state_set_pmk(struct handshake_state *s, const uint8_t *pmk,
|
|||
void handshake_state_set_8021x_config(struct handshake_state *s,
|
||||
struct l_settings *settings);
|
||||
struct l_settings *handshake_state_get_8021x_config(struct handshake_state *s);
|
||||
void handshake_state_set_ap_rsn(struct handshake_state *s,
|
||||
bool handshake_state_set_supplicant_rsn(struct handshake_state *s,
|
||||
const uint8_t *rsn_ie);
|
||||
bool handshake_state_set_own_rsn(struct handshake_state *s,
|
||||
bool handshake_state_set_authenticator_rsn(struct handshake_state *s,
|
||||
const uint8_t *rsn_ie);
|
||||
void handshake_state_set_ap_wpa(struct handshake_state *s,
|
||||
bool handshake_state_set_supplicant_wpa(struct handshake_state *s,
|
||||
const uint8_t *wpa_ie);
|
||||
bool handshake_state_set_own_wpa(struct handshake_state *s,
|
||||
bool handshake_state_set_authenticator_wpa(struct handshake_state *s,
|
||||
const uint8_t *wpa_ie);
|
||||
void handshake_state_set_ssid(struct handshake_state *s,
|
||||
const uint8_t *ssid, size_t ssid_len);
|
||||
|
|
|
|||
41
src/netdev.c
41
src/netdev.c
|
|
@ -1492,7 +1492,7 @@ static bool netdev_handle_associate_resp_ies(struct handshake_state *hs,
|
|||
const uint8_t *fte, bool transition)
|
||||
{
|
||||
const uint8_t *sent_mde = hs->mde;
|
||||
bool is_rsn = hs->own_ie != NULL;
|
||||
bool is_rsn = hs->supplicant_ie != NULL;
|
||||
|
||||
/*
|
||||
* During a transition in an RSN, check for an RSNE containing the
|
||||
|
|
@ -1521,7 +1521,8 @@ static bool netdev_handle_associate_resp_ies(struct handshake_state *hs,
|
|||
memcmp(msg4_rsne.pmkids, hs->pmk_r1_name, 16))
|
||||
return false;
|
||||
|
||||
if (!handshake_util_ap_ie_matches(rsne, hs->ap_ie, false))
|
||||
if (!handshake_util_ap_ie_matches(rsne, hs->authenticator_ie,
|
||||
false))
|
||||
return false;
|
||||
} else {
|
||||
if (rsne)
|
||||
|
|
@ -1732,7 +1733,7 @@ static void netdev_connect_event(struct l_genl_msg *msg,
|
|||
}
|
||||
|
||||
if (netdev->in_ft) {
|
||||
bool is_rsn = netdev->handshake->own_ie != NULL;
|
||||
bool is_rsn = netdev->handshake->supplicant_ie != NULL;
|
||||
|
||||
netdev->in_ft = false;
|
||||
|
||||
|
|
@ -1789,7 +1790,7 @@ static struct l_genl_msg *netdev_build_cmd_associate_common(
|
|||
struct netdev *netdev)
|
||||
{
|
||||
struct handshake_state *hs = netdev->handshake;
|
||||
bool is_rsn = hs->own_ie != NULL;
|
||||
bool is_rsn = hs->supplicant_ie != NULL;
|
||||
struct l_genl_msg *msg;
|
||||
|
||||
msg = l_genl_msg_new_sized(NL80211_CMD_ASSOCIATE, 600);
|
||||
|
|
@ -1863,7 +1864,7 @@ static struct l_genl_msg *netdev_build_cmd_ft_reassociate(
|
|||
struct iovec iov[3];
|
||||
int iov_elems = 0;
|
||||
struct handshake_state *hs = netdev_get_handshake(netdev);
|
||||
bool is_rsn = hs->own_ie != NULL;
|
||||
bool is_rsn = hs->supplicant_ie != NULL;
|
||||
uint8_t *rsne = NULL;
|
||||
|
||||
msg = netdev_build_cmd_associate_common(netdev);
|
||||
|
|
@ -1885,7 +1886,8 @@ static struct l_genl_msg *netdev_build_cmd_ft_reassociate(
|
|||
* — All other fields shall be as specified in 8.4.2.27
|
||||
* and 11.5.3."
|
||||
*/
|
||||
if (ie_parse_rsne_from_data(hs->own_ie, hs->own_ie[1] + 2,
|
||||
if (ie_parse_rsne_from_data(hs->supplicant_ie,
|
||||
hs->supplicant_ie[1] + 2,
|
||||
&rsn_info) < 0)
|
||||
goto error;
|
||||
|
||||
|
|
@ -2033,7 +2035,7 @@ static void netdev_ft_process(struct netdev *netdev, const uint8_t *frame,
|
|||
}
|
||||
}
|
||||
|
||||
is_rsn = hs->own_ie != NULL;
|
||||
is_rsn = hs->supplicant_ie != NULL;
|
||||
|
||||
/*
|
||||
* In an RSN, check for an RSNE containing the PMK-R0-Name and
|
||||
|
|
@ -2062,7 +2064,8 @@ static void netdev_ft_process(struct netdev *netdev, const uint8_t *frame,
|
|||
memcmp(msg2_rsne.pmkids, hs->pmk_r0_name, 16))
|
||||
goto ft_error;
|
||||
|
||||
if (!handshake_util_ap_ie_matches(rsne, hs->ap_ie, false))
|
||||
if (!handshake_util_ap_ie_matches(rsne, hs->authenticator_ie,
|
||||
false))
|
||||
goto ft_error;
|
||||
} else if (rsne)
|
||||
goto ft_error;
|
||||
|
|
@ -2300,8 +2303,8 @@ static void netdev_sae_complete(uint16_t status, void *user_data)
|
|||
msg = netdev_build_cmd_associate_common(netdev);
|
||||
|
||||
l_genl_msg_append_attr(msg, NL80211_ATTR_IE,
|
||||
netdev->handshake->own_ie[1] + 2,
|
||||
netdev->handshake->own_ie);
|
||||
netdev->handshake->supplicant_ie[1] + 2,
|
||||
netdev->handshake->supplicant_ie);
|
||||
|
||||
/* netdev_cmd_connect_cb can be reused */
|
||||
netdev->connect_cmd_id = l_genl_family_send(nl80211, msg,
|
||||
|
|
@ -2369,7 +2372,7 @@ static struct l_genl_msg *netdev_build_cmd_connect(struct netdev *netdev,
|
|||
struct l_genl_msg *msg;
|
||||
struct iovec iov[2];
|
||||
int iov_elems = 0;
|
||||
bool is_rsn = hs->own_ie != NULL;
|
||||
bool is_rsn = hs->supplicant_ie != NULL;
|
||||
|
||||
msg = l_genl_msg_new_sized(NL80211_CMD_CONNECT, 512);
|
||||
l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
|
||||
|
|
@ -2436,8 +2439,8 @@ static struct l_genl_msg *netdev_build_cmd_connect(struct netdev *netdev,
|
|||
NL80211_ATTR_CONTROL_PORT_OVER_NL80211,
|
||||
0, NULL);
|
||||
|
||||
iov[iov_elems].iov_base = (void *) hs->own_ie;
|
||||
iov[iov_elems].iov_len = hs->own_ie[1] + 2;
|
||||
iov[iov_elems].iov_base = (void *) hs->supplicant_ie;
|
||||
iov[iov_elems].iov_len = hs->supplicant_ie[1] + 2;
|
||||
iov_elems += 1;
|
||||
}
|
||||
|
||||
|
|
@ -2499,7 +2502,7 @@ int netdev_connect(struct netdev *netdev, struct scan_bss *bss,
|
|||
{
|
||||
struct l_genl_msg *cmd_connect = NULL;
|
||||
struct eapol_sm *sm = NULL;
|
||||
bool is_rsn = hs->own_ie != NULL;
|
||||
bool is_rsn = hs->supplicant_ie != NULL;
|
||||
|
||||
if (netdev->type != NL80211_IFTYPE_STATION)
|
||||
return -ENOTSUP;
|
||||
|
|
@ -2624,7 +2627,7 @@ int netdev_reassociate(struct netdev *netdev, struct scan_bss *target_bss,
|
|||
struct netdev_handshake_state;
|
||||
struct handshake_state *old_hs;
|
||||
struct eapol_sm *sm = NULL, *old_sm;
|
||||
bool is_rsn = hs->own_ie != NULL;
|
||||
bool is_rsn = hs->supplicant_ie != NULL;
|
||||
int err;
|
||||
|
||||
cmd_connect = netdev_build_cmd_connect(netdev, target_bss, hs,
|
||||
|
|
@ -2780,7 +2783,7 @@ static struct l_genl_msg *netdev_build_cmd_ft_authenticate(
|
|||
struct l_genl_msg *msg;
|
||||
struct iovec iov[3];
|
||||
int iov_elems = 0;
|
||||
bool is_rsn = hs->own_ie != NULL;
|
||||
bool is_rsn = hs->supplicant_ie != NULL;
|
||||
uint8_t mde[5];
|
||||
|
||||
msg = l_genl_msg_new_sized(NL80211_CMD_AUTHENTICATE, 512);
|
||||
|
|
@ -2807,7 +2810,8 @@ static struct l_genl_msg *netdev_build_cmd_ft_authenticate(
|
|||
* — All other fields shall be as specified in 8.4.2.27
|
||||
* and 11.5.3."
|
||||
*/
|
||||
if (ie_parse_rsne_from_data(hs->own_ie, hs->own_ie[1] + 2,
|
||||
if (ie_parse_rsne_from_data(hs->supplicant_ie,
|
||||
hs->supplicant_ie[1] + 2,
|
||||
&rsn_info) < 0)
|
||||
goto error;
|
||||
|
||||
|
|
@ -2928,7 +2932,8 @@ int netdev_fast_transition(struct netdev *netdev, struct scan_bss *target_bss,
|
|||
memcpy(netdev->prev_bssid, netdev->handshake->aa, ETH_ALEN);
|
||||
handshake_state_set_authenticator_address(netdev->handshake,
|
||||
target_bss->addr);
|
||||
handshake_state_set_ap_rsn(netdev->handshake, target_bss->rsne);
|
||||
handshake_state_set_authenticator_rsn(netdev->handshake,
|
||||
target_bss->rsne);
|
||||
memcpy(netdev->handshake->mde + 2, target_bss->mde, 3);
|
||||
|
||||
if (netdev->sm) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue