handshake: Rename own_ie/ap_ie and related setters

To avoid confusion in case of an authenticator side handshake_state structure and eapol_sm structure, rename own_ie to supplicant_ie and ap_ie to authenticator_ie. Also rename handshake_state_set_{own,ap}_{rsn,wpa} and fix when we call handshake_state_setup_own_ciphers. As a result handshake_state_set_authenticator, if needed, should be called before handshake_state_set_{own,ap}_{rsn,wpa}.
2024-12-22 13:02:44 +01:00 · 2018-08-25 03:54:24 +02:00 · 2018-08-25 03:54:24 +02:00 · 5f3cdc2093
commit 5f3cdc2093
parent 74e4f1a02c
7 changed files with 108 additions and 85 deletions
--- a/src/adhoc.c
+++ b/src/adhoc.c
@ -203,8 +203,8 @@ static struct eapol_sm *adhoc_new_sm(struct sta_state *sta, bool authenticator)
 	handshake_state_set_event_func(hs, adhoc_handshake_event, sta);
 	handshake_state_set_ssid(hs, (void *)adhoc->ssid, strlen(adhoc->ssid));
 	/* we dont have the connecting peer rsn info, so just set ap == own */
-	handshake_state_set_ap_rsn(hs, bss_rsne);
-	handshake_state_set_own_rsn(hs, bss_rsne);
+	handshake_state_set_authenticator_rsn(hs, bss_rsne);
+	handshake_state_set_supplicant_rsn(hs, bss_rsne);
 	handshake_state_set_pmk(hs, adhoc->pmk, 32);

 	if (authenticator) {
--- a/src/ap.c
+++ b/src/ap.c
@ -420,12 +420,12 @@ static void ap_associate_sta_cb(struct l_genl_msg *msg, void *user_data)

 	handshake_state_set_event_func(sta->hs, ap_handshake_event, sta);
 	handshake_state_set_ssid(sta->hs, (void *)ap->ssid, strlen(ap->ssid));
-	handshake_state_set_ap_rsn(sta->hs, bss_rsne);
-	handshake_state_set_own_rsn(sta->hs, sta->assoc_rsne);
+	handshake_state_set_authenticator(sta->hs, true);
+	handshake_state_set_authenticator_rsn(sta->hs, bss_rsne);
+	handshake_state_set_supplicant_rsn(sta->hs, sta->assoc_rsne);
 	handshake_state_set_pmk(sta->hs, ap->pmk, 32);
 	handshake_state_set_authenticator_address(sta->hs, own_addr);
 	handshake_state_set_supplicant_address(sta->hs, sta->addr);
-	handshake_state_set_authenticator(sta->hs, true);

 	sta->sm = eapol_sm_new(sta->hs);
 	if (!sta->sm) {
--- a/src/device.c
+++ b/src/device.c
@ -728,12 +728,12 @@ static struct handshake_state *device_handshake_setup(struct device *device,
 		/* RSN takes priority */
 		if (bss->rsne) {
 			ie_build_rsne(&info, rsne_buf);
-			handshake_state_set_ap_rsn(hs, bss->rsne);
-			handshake_state_set_own_rsn(hs, rsne_buf);
+			handshake_state_set_authenticator_rsn(hs, bss->rsne);
+			handshake_state_set_supplicant_rsn(hs, rsne_buf);
 		} else {
 			ie_build_wpa(&info, rsne_buf);
-			handshake_state_set_ap_wpa(hs, bss->wpa);
-			handshake_state_set_own_wpa(hs, rsne_buf);
+			handshake_state_set_authenticator_wpa(hs, bss->wpa);
+			handshake_state_set_supplicant_wpa(hs, rsne_buf);
 		}

 		if (security == SECURITY_PSK) {
@ -918,12 +918,13 @@ static void device_preauthenticate_cb(struct netdev *netdev,

 		/*
 		 * Rebuild the RSNE to include the negotiated PMKID.  Note
-		 * own_ie can't be a WPA IE here, including because the
-		 * WPA IE doesn't have a capabilities field and
+		 * supplicant_ie can't be a WPA IE here, including because
+		 * the WPA IE doesn't have a capabilities field and
 		 * target_rsne->preauthentication would have been false in
 		 * device_transition_start.
 		 */
-		ie_parse_rsne_from_data(new_hs->own_ie, new_hs->own_ie[1] + 2,
+		ie_parse_rsne_from_data(new_hs->supplicant_ie,
+					new_hs->supplicant_ie[1] + 2,
 					&rsn_info);

 		handshake_state_get_pmkid(new_hs, pmkid);
@ -932,7 +933,7 @@ static void device_preauthenticate_cb(struct netdev *netdev,
 		rsn_info.pmkids = pmkid;

 		ie_build_rsne(&rsn_info, rsne_buf);
-		handshake_state_set_own_rsn(new_hs, rsne_buf);
+		handshake_state_set_supplicant_rsn(new_hs, rsne_buf);
 	}

 	device_transition_reassociate(device, bss, new_hs);
--- a/src/eapol.c
+++ b/src/eapol.c
@ -941,7 +941,7 @@ static void eapol_handle_ptk_1_of_4(struct eapol_sm *sm,
 	uint8_t mic[16];
 	uint8_t *ies;
 	size_t ies_len;
-	const uint8_t *own_ie = sm->handshake->own_ie;
+	const uint8_t *own_ie = sm->handshake->supplicant_ie;
 	const uint8_t *pmkid;
 	struct ie_rsn_info rsn_info;

@ -1210,8 +1210,9 @@ static void eapol_handle_ptk_2_of_4(struct eapol_sm *sm,
 	 */
 	rsne = eapol_find_rsne(ek->key_data,
 				L_BE16_TO_CPU(ek->key_data_len), NULL);
-	if (!rsne || rsne[1] != sm->handshake->own_ie[1] ||
-			memcmp(rsne + 2, sm->handshake->own_ie + 2, rsne[1])) {
+	if (!rsne || rsne[1] != sm->handshake->supplicant_ie[1] ||
+			memcmp(rsne + 2, sm->handshake->supplicant_ie + 2,
+				rsne[1])) {

 		handshake_failed(sm, MMPDU_REASON_CODE_IE_DIFFERENT);
 		return;
@ -1323,7 +1324,7 @@ static void eapol_handle_ptk_3_of_4(struct eapol_sm *sm,
 	if (!rsne)
 		goto error_ie_different;

-	if (!handshake_util_ap_ie_matches(rsne, sm->handshake->ap_ie,
+	if (!handshake_util_ap_ie_matches(rsne, sm->handshake->authenticator_ie,
 						sm->handshake->wpa_ie))
 		goto error_ie_different;

--- a/src/handshake.c
+++ b/src/handshake.c
@ -74,8 +74,8 @@ void handshake_state_free(struct handshake_state *s)
 {
 	typeof(s->free) destroy = s->free;

-	l_free(s->ap_ie);
-	l_free(s->own_ie);
+	l_free(s->authenticator_ie);
+	l_free(s->supplicant_ie);
 	l_free(s->mde);
 	l_free(s->fte);
 	l_free(s->passphrase);
@ -121,28 +121,6 @@ struct l_settings *handshake_state_get_8021x_config(struct handshake_state *s)
 	return s->settings_8021x;
 }

-static void handshake_state_set_ap_ie(struct handshake_state *s,
-					const uint8_t *ie, bool is_wpa)
-{
-	l_free(s->ap_ie);
-	s->ap_ie = l_memdup(ie, ie[1] + 2u);
-	s->wpa_ie = is_wpa;
-}
-
-static void handshake_state_set_own_ie(struct handshake_state *s,
-					const uint8_t *ie, bool is_wpa)
-{
-	l_free(s->own_ie);
-	s->own_ie = l_memdup(ie, ie[1] + 2u);
-	s->wpa_ie = is_wpa;
-}
-
-void handshake_state_set_ap_rsn(struct handshake_state *s,
-				const uint8_t *rsn_ie)
-{
-	handshake_state_set_ap_ie(s, rsn_ie, false);
-}
-
 static bool handshake_state_setup_own_ciphers(struct handshake_state *s,
 						const struct ie_rsn_info *info)
 {
@ -161,36 +139,74 @@ static bool handshake_state_setup_own_ciphers(struct handshake_state *s,
 	return true;
 }

-bool handshake_state_set_own_rsn(struct handshake_state *s,
+static bool handshake_state_set_authenticator_ie(struct handshake_state *s,
+						const uint8_t *ie, bool is_wpa)
+{
+	struct ie_rsn_info info;
+
+	l_free(s->authenticator_ie);
+	s->authenticator_ie = l_memdup(ie, ie[1] + 2u);
+	s->wpa_ie = is_wpa;
+
+	if (!s->authenticator)
+		return true;
+
+	if (is_wpa) {
+		if (ie_parse_wpa_from_data(ie, ie[1] + 2, &info) < 0)
+			return false;
+	} else {
+		if (ie_parse_rsne_from_data(ie, ie[1] + 2, &info) < 0)
+			return false;
+	}
+
+	return handshake_state_setup_own_ciphers(s, &info);
+}
+
+static bool handshake_state_set_supplicant_ie(struct handshake_state *s,
+						const uint8_t *ie, bool is_wpa)
+{
+	struct ie_rsn_info info;
+
+	l_free(s->supplicant_ie);
+	s->supplicant_ie = l_memdup(ie, ie[1] + 2u);
+	s->wpa_ie = is_wpa;
+
+	if (s->authenticator)
+		return true;
+
+	if (is_wpa) {
+		if (ie_parse_wpa_from_data(ie, ie[1] + 2, &info) < 0)
+			return false;
+	} else {
+		if (ie_parse_rsne_from_data(ie, ie[1] + 2, &info) < 0)
+			return false;
+	}
+
+	return handshake_state_setup_own_ciphers(s, &info);
+}
+
+bool handshake_state_set_authenticator_rsn(struct handshake_state *s,
+						const uint8_t *rsn_ie)
+{
+	return handshake_state_set_authenticator_ie(s, rsn_ie, false);
+}
+
+bool handshake_state_set_supplicant_rsn(struct handshake_state *s,
 					const uint8_t *rsn_ie)
 {
-	struct ie_rsn_info info;
-
-	handshake_state_set_own_ie(s, rsn_ie, false);
-
-	if (ie_parse_rsne_from_data(rsn_ie, rsn_ie[1] + 2, &info) < 0)
-		return false;
-
-	return handshake_state_setup_own_ciphers(s, &info);
+	return handshake_state_set_supplicant_ie(s, rsn_ie, false);
 }

-void handshake_state_set_ap_wpa(struct handshake_state *s,
+bool handshake_state_set_authenticator_wpa(struct handshake_state *s,
 				const uint8_t *wpa_ie)
 {
-	handshake_state_set_ap_ie(s, wpa_ie, true);
+	return handshake_state_set_authenticator_ie(s, wpa_ie, true);
 }

-bool handshake_state_set_own_wpa(struct handshake_state *s,
+bool handshake_state_set_supplicant_wpa(struct handshake_state *s,
 					const uint8_t *wpa_ie)
 {
-	struct ie_rsn_info info;
-
-	handshake_state_set_own_ie(s, wpa_ie, true);
-
-	if (ie_parse_wpa_from_data(wpa_ie, wpa_ie[1] + 2, &info) < 0)
-		return false;
-
-	return handshake_state_setup_own_ciphers(s, &info);
+	return handshake_state_set_supplicant_ie(s, wpa_ie, true);
 }

 void handshake_state_set_ssid(struct handshake_state *s, const uint8_t *ssid,
--- a/src/handshake.h
+++ b/src/handshake.h
@ -77,8 +77,8 @@ struct handshake_state {
 	uint32_t ifindex;
 	uint8_t spa[6];
 	uint8_t aa[6];
-	uint8_t *ap_ie;
-	uint8_t *own_ie;
+	uint8_t *authenticator_ie;
+	uint8_t *supplicant_ie;
 	uint8_t *mde;
 	uint8_t *fte;
 	enum ie_rsn_cipher_suite pairwise_cipher;
@ -128,13 +128,13 @@ void handshake_state_set_pmk(struct handshake_state *s, const uint8_t *pmk,
 void handshake_state_set_8021x_config(struct handshake_state *s,
 					struct l_settings *settings);
 struct l_settings *handshake_state_get_8021x_config(struct handshake_state *s);
-void handshake_state_set_ap_rsn(struct handshake_state *s,
+bool handshake_state_set_supplicant_rsn(struct handshake_state *s,
 					const uint8_t *rsn_ie);
-bool handshake_state_set_own_rsn(struct handshake_state *s,
+bool handshake_state_set_authenticator_rsn(struct handshake_state *s,
 					const uint8_t *rsn_ie);
-void handshake_state_set_ap_wpa(struct handshake_state *s,
+bool handshake_state_set_supplicant_wpa(struct handshake_state *s,
 					const uint8_t *wpa_ie);
-bool handshake_state_set_own_wpa(struct handshake_state *s,
+bool handshake_state_set_authenticator_wpa(struct handshake_state *s,
 					const uint8_t *wpa_ie);
 void handshake_state_set_ssid(struct handshake_state *s,
 					const uint8_t *ssid, size_t ssid_len);
--- a/src/netdev.c
+++ b/src/netdev.c
@ -1492,7 +1492,7 @@ static bool netdev_handle_associate_resp_ies(struct handshake_state *hs,
 					const uint8_t *fte, bool transition)
 {
 	const uint8_t *sent_mde = hs->mde;
-	bool is_rsn = hs->own_ie != NULL;
+	bool is_rsn = hs->supplicant_ie != NULL;

 	/*
 	 * During a transition in an RSN, check for an RSNE containing the
@ -1521,7 +1521,8 @@ static bool netdev_handle_associate_resp_ies(struct handshake_state *hs,
 				memcmp(msg4_rsne.pmkids, hs->pmk_r1_name, 16))
 			return false;

-		if (!handshake_util_ap_ie_matches(rsne, hs->ap_ie, false))
+		if (!handshake_util_ap_ie_matches(rsne, hs->authenticator_ie,
+							false))
 			return false;
 	} else {
 		if (rsne)
@ -1732,7 +1733,7 @@ static void netdev_connect_event(struct l_genl_msg *msg,
 	}

 	if (netdev->in_ft) {
-		bool is_rsn = netdev->handshake->own_ie != NULL;
+		bool is_rsn = netdev->handshake->supplicant_ie != NULL;

 		netdev->in_ft = false;

@ -1789,7 +1790,7 @@ static struct l_genl_msg *netdev_build_cmd_associate_common(
 							struct netdev *netdev)
 {
 	struct handshake_state *hs = netdev->handshake;
-	bool is_rsn = hs->own_ie != NULL;
+	bool is_rsn = hs->supplicant_ie != NULL;
 	struct l_genl_msg *msg;

 	msg = l_genl_msg_new_sized(NL80211_CMD_ASSOCIATE, 600);
@ -1863,7 +1864,7 @@ static struct l_genl_msg *netdev_build_cmd_ft_reassociate(
 	struct iovec iov[3];
 	int iov_elems = 0;
 	struct handshake_state *hs = netdev_get_handshake(netdev);
-	bool is_rsn = hs->own_ie != NULL;
+	bool is_rsn = hs->supplicant_ie != NULL;
 	uint8_t *rsne = NULL;

 	msg = netdev_build_cmd_associate_common(netdev);
@ -1885,7 +1886,8 @@ static struct l_genl_msg *netdev_build_cmd_ft_reassociate(
 		 * — All other fields shall be as specified in 8.4.2.27
 		 *   and 11.5.3."
 		 */
-		if (ie_parse_rsne_from_data(hs->own_ie, hs->own_ie[1] + 2,
+		if (ie_parse_rsne_from_data(hs->supplicant_ie,
+						hs->supplicant_ie[1] + 2,
 						&rsn_info) < 0)
 			goto error;

@ -2033,7 +2035,7 @@ static void netdev_ft_process(struct netdev *netdev, const uint8_t *frame,
 		}
 	}

-	is_rsn = hs->own_ie != NULL;
+	is_rsn = hs->supplicant_ie != NULL;

 	/*
 	 * In an RSN, check for an RSNE containing the PMK-R0-Name and
@ -2062,7 +2064,8 @@ static void netdev_ft_process(struct netdev *netdev, const uint8_t *frame,
 				memcmp(msg2_rsne.pmkids, hs->pmk_r0_name, 16))
 			goto ft_error;

-		if (!handshake_util_ap_ie_matches(rsne, hs->ap_ie, false))
+		if (!handshake_util_ap_ie_matches(rsne, hs->authenticator_ie,
+							false))
 			goto ft_error;
 	} else if (rsne)
 		goto ft_error;
@ -2300,8 +2303,8 @@ static void netdev_sae_complete(uint16_t status, void *user_data)
 	msg = netdev_build_cmd_associate_common(netdev);

 	l_genl_msg_append_attr(msg, NL80211_ATTR_IE,
-					netdev->handshake->own_ie[1] + 2,
-					netdev->handshake->own_ie);
+					netdev->handshake->supplicant_ie[1] + 2,
+					netdev->handshake->supplicant_ie);

 	/* netdev_cmd_connect_cb can be reused */
 	netdev->connect_cmd_id = l_genl_family_send(nl80211, msg,
@ -2369,7 +2372,7 @@ static struct l_genl_msg *netdev_build_cmd_connect(struct netdev *netdev,
 	struct l_genl_msg *msg;
 	struct iovec iov[2];
 	int iov_elems = 0;
-	bool is_rsn = hs->own_ie != NULL;
+	bool is_rsn = hs->supplicant_ie != NULL;

 	msg = l_genl_msg_new_sized(NL80211_CMD_CONNECT, 512);
 	l_genl_msg_append_attr(msg, NL80211_ATTR_IFINDEX, 4, &netdev->index);
@ -2436,8 +2439,8 @@ static struct l_genl_msg *netdev_build_cmd_connect(struct netdev *netdev,
 					NL80211_ATTR_CONTROL_PORT_OVER_NL80211,
 					0, NULL);

-		iov[iov_elems].iov_base = (void *) hs->own_ie;
-		iov[iov_elems].iov_len = hs->own_ie[1] + 2;
+		iov[iov_elems].iov_base = (void *) hs->supplicant_ie;
+		iov[iov_elems].iov_len = hs->supplicant_ie[1] + 2;
 		iov_elems += 1;
 	}

@ -2499,7 +2502,7 @@ int netdev_connect(struct netdev *netdev, struct scan_bss *bss,
 {
 	struct l_genl_msg *cmd_connect = NULL;
 	struct eapol_sm *sm = NULL;
-	bool is_rsn = hs->own_ie != NULL;
+	bool is_rsn = hs->supplicant_ie != NULL;

 	if (netdev->type != NL80211_IFTYPE_STATION)
 		return -ENOTSUP;
@ -2624,7 +2627,7 @@ int netdev_reassociate(struct netdev *netdev, struct scan_bss *target_bss,
 	struct netdev_handshake_state;
 	struct handshake_state *old_hs;
 	struct eapol_sm *sm = NULL, *old_sm;
-	bool is_rsn = hs->own_ie != NULL;
+	bool is_rsn = hs->supplicant_ie != NULL;
 	int err;

 	cmd_connect = netdev_build_cmd_connect(netdev, target_bss, hs,
@ -2780,7 +2783,7 @@ static struct l_genl_msg *netdev_build_cmd_ft_authenticate(
 	struct l_genl_msg *msg;
 	struct iovec iov[3];
 	int iov_elems = 0;
-	bool is_rsn = hs->own_ie != NULL;
+	bool is_rsn = hs->supplicant_ie != NULL;
 	uint8_t mde[5];

 	msg = l_genl_msg_new_sized(NL80211_CMD_AUTHENTICATE, 512);
@ -2807,7 +2810,8 @@ static struct l_genl_msg *netdev_build_cmd_ft_authenticate(
 		 * — All other fields shall be as specified in 8.4.2.27
 		 *   and 11.5.3."
 		 */
-		if (ie_parse_rsne_from_data(hs->own_ie, hs->own_ie[1] + 2,
+		if (ie_parse_rsne_from_data(hs->supplicant_ie,
+						hs->supplicant_ie[1] + 2,
 						&rsn_info) < 0)
 			goto error;

@ -2928,7 +2932,8 @@ int netdev_fast_transition(struct netdev *netdev, struct scan_bss *target_bss,
 	memcpy(netdev->prev_bssid, netdev->handshake->aa, ETH_ALEN);
 	handshake_state_set_authenticator_address(netdev->handshake,
 							target_bss->addr);
-	handshake_state_set_ap_rsn(netdev->handshake, target_bss->rsne);
+	handshake_state_set_authenticator_rsn(netdev->handshake,
+							target_bss->rsne);
 	memcpy(netdev->handshake->mde + 2, target_bss->mde, 3);

 	if (netdev->sm) {