Kernel/iwd
3
0
Fork 0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-22 21:22:37 +01:00
Code Releases Activity

handshake: Rename own_ie/ap_ie and related setters

Browse Source 
To avoid confusion in case of an authenticator side handshake_state
structure and eapol_sm structure, rename own_ie to supplicant_ie and
ap_ie to authenticator_ie.  Also rename
handshake_state_set_{own,ap}_{rsn,wpa} and fix when we call
handshake_state_setup_own_ciphers.  As a result
handshake_state_set_authenticator, if needed, should be called before
handshake_state_set_{own,ap}_{rsn,wpa}.
This commit is contained in:
Andrew Zaborowski 2018-08-25 03:54:24 +02:00 committed by Denis Kenzior
parent 74e4f1a02c
commit 5f3cdc2093
7 changed files with 108 additions and 85 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/adhoc.c
View File

@ -203,8 +203,8 @@ static struct eapol_sm *adhoc_new_sm(struct sta_state *sta, bool authenticator)
handshake_state_set_event_func(hs, adhoc_handshake_event, sta); handshake_state_set_event_func(hs, adhoc_handshake_event, sta);
handshake_state_set_ssid(hs, (void *)adhoc->ssid, strlen(adhoc->ssid)); handshake_state_set_ssid(hs, (void *)adhoc->ssid, strlen(adhoc->ssid));
/* we dont have the connecting peer rsn info, so just set ap == own */ /* we dont have the connecting peer rsn info, so just set ap == own */
handshake_state_set_ap_rsn(hs, bss_rsne); handshake_state_set_authenticator_rsn(hs, bss_rsne);
handshake_state_set_own_rsn(hs, bss_rsne); handshake_state_set_supplicant_rsn(hs, bss_rsne);
handshake_state_set_pmk(hs, adhoc->pmk, 32); handshake_state_set_pmk(hs, adhoc->pmk, 32);
if (authenticator) { if (authenticator) {

6
src/ap.c
View File

@ -420,12 +420,12 @@ static void ap_associate_sta_cb(struct l_genl_msg *msg, void *user_data)
handshake_state_set_event_func(sta->hs, ap_handshake_event, sta); handshake_state_set_event_func(sta->hs, ap_handshake_event, sta);
handshake_state_set_ssid(sta->hs, (void *)ap->ssid, strlen(ap->ssid)); handshake_state_set_ssid(sta->hs, (void *)ap->ssid, strlen(ap->ssid));
handshake_state_set_ap_rsn(sta->hs, bss_rsne); handshake_state_set_authenticator(sta->hs, true);
handshake_state_set_own_rsn(sta->hs, sta->assoc_rsne); handshake_state_set_authenticator_rsn(sta->hs, bss_rsne);
handshake_state_set_supplicant_rsn(sta->hs, sta->assoc_rsne);
handshake_state_set_pmk(sta->hs, ap->pmk, 32); handshake_state_set_pmk(sta->hs, ap->pmk, 32);
handshake_state_set_authenticator_address(sta->hs, own_addr); handshake_state_set_authenticator_address(sta->hs, own_addr);
handshake_state_set_supplicant_address(sta->hs, sta->addr); handshake_state_set_supplicant_address(sta->hs, sta->addr);
handshake_state_set_authenticator(sta->hs, true);
sta->sm = eapol_sm_new(sta->hs); sta->sm = eapol_sm_new(sta->hs);
if (!sta->sm) { if (!sta->sm) {

17
src/device.c
View File

@ -728,12 +728,12 @@ static struct handshake_state *device_handshake_setup(struct device *device,
/* RSN takes priority */ /* RSN takes priority */
if (bss->rsne) { if (bss->rsne) {
ie_build_rsne(&info, rsne_buf); ie_build_rsne(&info, rsne_buf);
handshake_state_set_ap_rsn(hs, bss->rsne); handshake_state_set_authenticator_rsn(hs, bss->rsne);
handshake_state_set_own_rsn(hs, rsne_buf); handshake_state_set_supplicant_rsn(hs, rsne_buf);
} else { } else {
ie_build_wpa(&info, rsne_buf); ie_build_wpa(&info, rsne_buf);
handshake_state_set_ap_wpa(hs, bss->wpa); handshake_state_set_authenticator_wpa(hs, bss->wpa);
handshake_state_set_own_wpa(hs, rsne_buf); handshake_state_set_supplicant_wpa(hs, rsne_buf);
} }
if (security == SECURITY_PSK) { if (security == SECURITY_PSK) {
@ -918,12 +918,13 @@ static void device_preauthenticate_cb(struct netdev *netdev,
/* /*
* Rebuild the RSNE to include the negotiated PMKID. Note * Rebuild the RSNE to include the negotiated PMKID. Note
* own_ie can't be a WPA IE here, including because the * supplicant_ie can't be a WPA IE here, including because
* WPA IE doesn't have a capabilities field and * the WPA IE doesn't have a capabilities field and
* target_rsne->preauthentication would have been false in * target_rsne->preauthentication would have been false in
* device_transition_start. * device_transition_start.
*/ */
ie_parse_rsne_from_data(new_hs->own_ie, new_hs->own_ie[1] + 2, ie_parse_rsne_from_data(new_hs->supplicant_ie,
new_hs->supplicant_ie[1] + 2,
&rsn_info); &rsn_info);
handshake_state_get_pmkid(new_hs, pmkid); handshake_state_get_pmkid(new_hs, pmkid);
@ -932,7 +933,7 @@ static void device_preauthenticate_cb(struct netdev *netdev,
rsn_info.pmkids = pmkid; rsn_info.pmkids = pmkid;
ie_build_rsne(&rsn_info, rsne_buf); ie_build_rsne(&rsn_info, rsne_buf);
handshake_state_set_own_rsn(new_hs, rsne_buf); handshake_state_set_supplicant_rsn(new_hs, rsne_buf);
} }
device_transition_reassociate(device, bss, new_hs); device_transition_reassociate(device, bss, new_hs);

9
src/eapol.c
View File

@ -941,7 +941,7 @@ static void eapol_handle_ptk_1_of_4(struct eapol_sm *sm,
uint8_t mic[16]; uint8_t mic[16];
uint8_t *ies; uint8_t *ies;
size_t ies_len; size_t ies_len;
const uint8_t *own_ie = sm->handshake->own_ie; const uint8_t *own_ie = sm->handshake->supplicant_ie;
const uint8_t *pmkid; const uint8_t *pmkid;
struct ie_rsn_info rsn_info; struct ie_rsn_info rsn_info;
@ -1210,8 +1210,9 @@ static void eapol_handle_ptk_2_of_4(struct eapol_sm *sm,
*/ */
rsne = eapol_find_rsne(ek->key_data, rsne = eapol_find_rsne(ek->key_data,
L_BE16_TO_CPU(ek->key_data_len), NULL); L_BE16_TO_CPU(ek->key_data_len), NULL);
if (!rsne || rsne[1] != sm->handshake->own_ie[1] || if (!rsne || rsne[1] != sm->handshake->supplicant_ie[1] ||
memcmp(rsne + 2, sm->handshake->own_ie + 2, rsne[1])) { memcmp(rsne + 2, sm->handshake->supplicant_ie + 2,
rsne[1])) {
handshake_failed(sm, MMPDU_REASON_CODE_IE_DIFFERENT); handshake_failed(sm, MMPDU_REASON_CODE_IE_DIFFERENT);
return; return;
@ -1323,7 +1324,7 @@ static void eapol_handle_ptk_3_of_4(struct eapol_sm *sm,
if (!rsne) if (!rsne)
goto error_ie_different; goto error_ie_different;
if (!handshake_util_ap_ie_matches(rsne, sm->handshake->ap_ie, if (!handshake_util_ap_ie_matches(rsne, sm->handshake->authenticator_ie,
sm->handshake->wpa_ie)) sm->handshake->wpa_ie))
goto error_ie_different; goto error_ie_different;

104
src/handshake.c
View File

@ -74,8 +74,8 @@ void handshake_state_free(struct handshake_state *s)
{ {
typeof(s->free) destroy = s->free; typeof(s->free) destroy = s->free;
l_free(s->ap_ie); l_free(s->authenticator_ie);
l_free(s->own_ie); l_free(s->supplicant_ie);
l_free(s->mde); l_free(s->mde);
l_free(s->fte); l_free(s->fte);
l_free(s->passphrase); l_free(s->passphrase);
@ -121,28 +121,6 @@ struct l_settings *handshake_state_get_8021x_config(struct handshake_state *s)
return s->settings_8021x; return s->settings_8021x;
} }
static void handshake_state_set_ap_ie(struct handshake_state *s,
const uint8_t *ie, bool is_wpa)
{
l_free(s->ap_ie);
s->ap_ie = l_memdup(ie, ie[1] + 2u);
s->wpa_ie = is_wpa;
}
static void handshake_state_set_own_ie(struct handshake_state *s,
const uint8_t *ie, bool is_wpa)
{
l_free(s->own_ie);
s->own_ie = l_memdup(ie, ie[1] + 2u);
s->wpa_ie = is_wpa;
}
void handshake_state_set_ap_rsn(struct handshake_state *s,
const uint8_t *rsn_ie)
{
handshake_state_set_ap_ie(s, rsn_ie, false);
}
static bool handshake_state_setup_own_ciphers(struct handshake_state *s, static bool handshake_state_setup_own_ciphers(struct handshake_state *s,
const struct ie_rsn_info *info) const struct ie_rsn_info *info)
{ {
@ -161,36 +139,74 @@ static bool handshake_state_setup_own_ciphers(struct handshake_state *s,
return true; return true;
} }
bool handshake_state_set_own_rsn(struct handshake_state *s, static bool handshake_state_set_authenticator_ie(struct handshake_state *s,
const uint8_t *ie, bool is_wpa)
{
struct ie_rsn_info info;
l_free(s->authenticator_ie);
s->authenticator_ie = l_memdup(ie, ie[1] + 2u);
s->wpa_ie = is_wpa;
if (!s->authenticator)
return true;
if (is_wpa) {
if (ie_parse_wpa_from_data(ie, ie[1] + 2, &info) < 0)
return false;
} else {
if (ie_parse_rsne_from_data(ie, ie[1] + 2, &info) < 0)
return false;
}
return handshake_state_setup_own_ciphers(s, &info);
}
static bool handshake_state_set_supplicant_ie(struct handshake_state *s,
const uint8_t *ie, bool is_wpa)
{
struct ie_rsn_info info;
l_free(s->supplicant_ie);
s->supplicant_ie = l_memdup(ie, ie[1] + 2u);
s->wpa_ie = is_wpa;
if (s->authenticator)
return true;
if (is_wpa) {
if (ie_parse_wpa_from_data(ie, ie[1] + 2, &info) < 0)
return false;
} else {
if (ie_parse_rsne_from_data(ie, ie[1] + 2, &info) < 0)
return false;
}
return handshake_state_setup_own_ciphers(s, &info);
}
bool handshake_state_set_authenticator_rsn(struct handshake_state *s,
const uint8_t *rsn_ie)
{
return handshake_state_set_authenticator_ie(s, rsn_ie, false);
}
bool handshake_state_set_supplicant_rsn(struct handshake_state *s,
const uint8_t *rsn_ie) const uint8_t *rsn_ie)
{ {
struct ie_rsn_info info; return handshake_state_set_supplicant_ie(s, rsn_ie, false);
handshake_state_set_own_ie(s, rsn_ie, false);
if (ie_parse_rsne_from_data(rsn_ie, rsn_ie[1] + 2, &info) < 0)
return false;
return handshake_state_setup_own_ciphers(s, &info);
} }
void handshake_state_set_ap_wpa(struct handshake_state *s, bool handshake_state_set_authenticator_wpa(struct handshake_state *s,
const uint8_t *wpa_ie) const uint8_t *wpa_ie)
{ {
handshake_state_set_ap_ie(s, wpa_ie, true); return handshake_state_set_authenticator_ie(s, wpa_ie, true);
} }
bool handshake_state_set_own_wpa(struct handshake_state *s, bool handshake_state_set_supplicant_wpa(struct handshake_state *s,
const uint8_t *wpa_ie) const uint8_t *wpa_ie)
{ {
struct ie_rsn_info info; return handshake_state_set_supplicant_ie(s, wpa_ie, true);
handshake_state_set_own_ie(s, wpa_ie, true);
if (ie_parse_wpa_from_data(wpa_ie, wpa_ie[1] + 2, &info) < 0)
return false;
return handshake_state_setup_own_ciphers(s, &info);
} }
void handshake_state_set_ssid(struct handshake_state *s, const uint8_t *ssid, void handshake_state_set_ssid(struct handshake_state *s, const uint8_t *ssid,

12
src/handshake.h
View File

@ -77,8 +77,8 @@ struct handshake_state {
uint32_t ifindex; uint32_t ifindex;
uint8_t spa[6]; uint8_t spa[6];
uint8_t aa[6]; uint8_t aa[6];
uint8_t *ap_ie; uint8_t *authenticator_ie;
uint8_t *own_ie; uint8_t *supplicant_ie;
uint8_t *mde; uint8_t *mde;
uint8_t *fte; uint8_t *fte;
enum ie_rsn_cipher_suite pairwise_cipher; enum ie_rsn_cipher_suite pairwise_cipher;
@ -128,13 +128,13 @@ void handshake_state_set_pmk(struct handshake_state *s, const uint8_t *pmk,
void handshake_state_set_8021x_config(struct handshake_state *s, void handshake_state_set_8021x_config(struct handshake_state *s,
struct l_settings *settings); struct l_settings *settings);
struct l_settings *handshake_state_get_8021x_config(struct handshake_state *s); struct l_settings *handshake_state_get_8021x_config(struct handshake_state *s);
void handshake_state_set_ap_rsn(struct handshake_state *s, bool handshake_state_set_supplicant_rsn(struct handshake_state *s,
const uint8_t *rsn_ie); const uint8_t *rsn_ie);
bool handshake_state_set_own_rsn(struct handshake_state *s, bool handshake_state_set_authenticator_rsn(struct handshake_state *s,
const uint8_t *rsn_ie); const uint8_t *rsn_ie);
void handshake_state_set_ap_wpa(struct handshake_state *s, bool handshake_state_set_supplicant_wpa(struct handshake_state *s,
const uint8_t *wpa_ie); const uint8_t *wpa_ie);
bool handshake_state_set_own_wpa(struct handshake_state *s, bool handshake_state_set_authenticator_wpa(struct handshake_state *s,
const uint8_t *wpa_ie); const uint8_t *wpa_ie);
void handshake_state_set_ssid(struct handshake_state *s, void handshake_state_set_ssid(struct handshake_state *s,
const uint8_t *ssid, size_t ssid_len); const uint8_t *ssid, size_t ssid_len);

41
src/netdev.c
View File

@ -1492,7 +1492,7 @@ static bool netdev_handle_associate_resp_ies(struct handshake_state *hs,
const uint8_t *fte, bool transition) const uint8_t *fte, bool transition)
{ {
const uint8_t *sent_mde = hs->mde; const uint8_t *sent_mde = hs->mde;
bool is_rsn = hs->own_ie != NULL; bool is_rsn = hs->supplicant_ie != NULL;
/* /*
* During a transition in an RSN, check for an RSNE containing the * During a transition in an RSN, check for an RSNE containing the
@ -1521,7 +1521,8 @@ static bool netdev_handle_associate_resp_ies(struct handshake_state *hs,
memcmp(msg4_rsne.pmkids, hs->pmk_r1_name, 16)) memcmp(msg4_rsne.pmkids, hs->pmk_r1_name, 16))
return false; return false;
if (!handshake_util_ap_ie_matches(rsne, hs->ap_ie, false)) if (!handshake_util_ap_ie_matches(rsne, hs->authenticator_ie,
false))
return false; return false;
} else { } else {
if (rsne) if (rsne)
@ -1732,7 +1733,7 @@ static void netdev_connect_event(struct l_genl_msg *msg,
} }
if (netdev->in_ft) { if (netdev->in_ft) {
bool is_rsn = netdev->handshake->own_ie != NULL; bool is_rsn = netdev->handshake->supplicant_ie != NULL;
netdev->in_ft = false; netdev->in_ft = false;
@ -1789,7 +1790,7 @@ static struct l_genl_msg *netdev_build_cmd_associate_common(
struct netdev *netdev) struct netdev *netdev)
{ {
struct handshake_state *hs = netdev->handshake; struct handshake_state *hs = netdev->handshake;
bool is_rsn = hs->own_ie != NULL; bool is_rsn = hs->supplicant_ie != NULL;
struct l_genl_msg *msg; struct l_genl_msg *msg;
msg = l_genl_msg_new_sized(NL80211_CMD_ASSOCIATE, 600); msg = l_genl_msg_new_sized(NL80211_CMD_ASSOCIATE, 600);
@ -1863,7 +1864,7 @@ static struct l_genl_msg *netdev_build_cmd_ft_reassociate(
struct iovec iov[3]; struct iovec iov[3];
int iov_elems = 0; int iov_elems = 0;
struct handshake_state *hs = netdev_get_handshake(netdev); struct handshake_state *hs = netdev_get_handshake(netdev);
bool is_rsn = hs->own_ie != NULL; bool is_rsn = hs->supplicant_ie != NULL;
uint8_t *rsne = NULL; uint8_t *rsne = NULL;
msg = netdev_build_cmd_associate_common(netdev); msg = netdev_build_cmd_associate_common(netdev);
@ -1885,7 +1886,8 @@ static struct l_genl_msg *netdev_build_cmd_ft_reassociate(
* All other fields shall be as specified in 8.4.2.27 * All other fields shall be as specified in 8.4.2.27
* and 11.5.3." * and 11.5.3."
*/ */
if (ie_parse_rsne_from_data(hs->own_ie, hs->own_ie[1] + 2, if (ie_parse_rsne_from_data(hs->supplicant_ie,
hs->supplicant_ie[1] + 2,
&rsn_info) < 0) &rsn_info) < 0)
goto error; goto error;
@ -2033,7 +2035,7 @@ static void netdev_ft_process(struct netdev *netdev, const uint8_t *frame,
} }
} }
is_rsn = hs->own_ie != NULL; is_rsn = hs->supplicant_ie != NULL;
/* /*
* In an RSN, check for an RSNE containing the PMK-R0-Name and * In an RSN, check for an RSNE containing the PMK-R0-Name and
@ -2062,7 +2064,8 @@ static void netdev_ft_process(struct netdev *netdev, const uint8_t *frame,
memcmp(msg2_rsne.pmkids, hs->pmk_r0_name, 16)) memcmp(msg2_rsne.pmkids, hs->pmk_r0_name, 16))
goto ft_error; goto ft_error;
if (!handshake_util_ap_ie_matches(rsne, hs->ap_ie, false)) if (!handshake_util_ap_ie_matches(rsne, hs->authenticator_ie,
false))
goto ft_error; goto ft_error;
} else if (rsne) } else if (rsne)
goto ft_error; goto ft_error;
@ -2300,8 +2303,8 @@ static void netdev_sae_complete(uint16_t status, void *user_data)
msg = netdev_build_cmd_associate_common(netdev); msg = netdev_build_cmd_associate_common(netdev);
l_genl_msg_append_attr(msg, NL80211_ATTR_IE, l_genl_msg_append_attr(msg, NL80211_ATTR_IE,
netdev->handshake->own_ie[1] + 2, netdev->handshake->supplicant_ie[1] + 2,
netdev->handshake->own_ie); netdev->handshake->supplicant_ie);
/* netdev_cmd_connect_cb can be reused */ /* netdev_cmd_connect_cb can be reused */
netdev->connect_cmd_id = l_genl_family_send(nl80211, msg, netdev->connect_cmd_id = l_genl_family_send(nl80211, msg,
@ -2369,7 +2372,7 @@ static struct l_genl_msg *netdev_build_cmd_connect(struct netdev *netdev,
struct l_genl_msg *msg; struct l_genl_msg *msg;
struct iovec iov[2]; struct iovec iov[2];
int iov_elems = 0; int iov_elems = 0;
bool is_rsn = hs->own_ie != NULL; bool is_rsn = hs->supplicant_ie != NULL;
msg = l_genl_msg_new_sized(NL80211_CMD_CONNECT, 512); msg = l_genl_msg_new_sized(NL80211_CMD_CONNECT, 512);
l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index); l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
@ -2436,8 +2439,8 @@ static struct l_genl_msg *netdev_build_cmd_connect(struct netdev *netdev,
NL80211_ATTR_CONTROL_PORT_OVER_NL80211, NL80211_ATTR_CONTROL_PORT_OVER_NL80211,
0, NULL); 0, NULL);
iov[iov_elems].iov_base = (void *) hs->own_ie; iov[iov_elems].iov_base = (void *) hs->supplicant_ie;
iov[iov_elems].iov_len = hs->own_ie[1] + 2; iov[iov_elems].iov_len = hs->supplicant_ie[1] + 2;
iov_elems += 1; iov_elems += 1;
} }
@ -2499,7 +2502,7 @@ int netdev_connect(struct netdev *netdev, struct scan_bss *bss,
{ {
struct l_genl_msg *cmd_connect = NULL; struct l_genl_msg *cmd_connect = NULL;
struct eapol_sm *sm = NULL; struct eapol_sm *sm = NULL;
bool is_rsn = hs->own_ie != NULL; bool is_rsn = hs->supplicant_ie != NULL;
if (netdev->type != NL80211_IFTYPE_STATION) if (netdev->type != NL80211_IFTYPE_STATION)
return -ENOTSUP; return -ENOTSUP;
@ -2624,7 +2627,7 @@ int netdev_reassociate(struct netdev *netdev, struct scan_bss *target_bss,
struct netdev_handshake_state; struct netdev_handshake_state;
struct handshake_state *old_hs; struct handshake_state *old_hs;
struct eapol_sm *sm = NULL, *old_sm; struct eapol_sm *sm = NULL, *old_sm;
bool is_rsn = hs->own_ie != NULL; bool is_rsn = hs->supplicant_ie != NULL;
int err; int err;
cmd_connect = netdev_build_cmd_connect(netdev, target_bss, hs, cmd_connect = netdev_build_cmd_connect(netdev, target_bss, hs,
@ -2780,7 +2783,7 @@ static struct l_genl_msg *netdev_build_cmd_ft_authenticate(
struct l_genl_msg *msg; struct l_genl_msg *msg;
struct iovec iov[3]; struct iovec iov[3];
int iov_elems = 0; int iov_elems = 0;
bool is_rsn = hs->own_ie != NULL; bool is_rsn = hs->supplicant_ie != NULL;
uint8_t mde[5]; uint8_t mde[5];
msg = l_genl_msg_new_sized(NL80211_CMD_AUTHENTICATE, 512); msg = l_genl_msg_new_sized(NL80211_CMD_AUTHENTICATE, 512);
@ -2807,7 +2810,8 @@ static struct l_genl_msg *netdev_build_cmd_ft_authenticate(
* All other fields shall be as specified in 8.4.2.27 * All other fields shall be as specified in 8.4.2.27
* and 11.5.3." * and 11.5.3."
*/ */
if (ie_parse_rsne_from_data(hs->own_ie, hs->own_ie[1] + 2, if (ie_parse_rsne_from_data(hs->supplicant_ie,
hs->supplicant_ie[1] + 2,
&rsn_info) < 0) &rsn_info) < 0)
goto error; goto error;
@ -2928,7 +2932,8 @@ int netdev_fast_transition(struct netdev *netdev, struct scan_bss *target_bss,
memcpy(netdev->prev_bssid, netdev->handshake->aa, ETH_ALEN); memcpy(netdev->prev_bssid, netdev->handshake->aa, ETH_ALEN);
handshake_state_set_authenticator_address(netdev->handshake, handshake_state_set_authenticator_address(netdev->handshake,
target_bss->addr); target_bss->addr);
handshake_state_set_ap_rsn(netdev->handshake, target_bss->rsne); handshake_state_set_authenticator_rsn(netdev->handshake,
target_bss->rsne);
memcpy(netdev->handshake->mde + 2, target_bss->mde, 3); memcpy(netdev->handshake->mde + 2, target_bss->mde, 3);
if (netdev->sm) { if (netdev->sm) {