From 309765eb660d4d762e1b68c04144cfa494a4cd8d Mon Sep 17 00:00:00 2001 From: Vinay Gannevaram Date: Fri, 4 Nov 2022 16:15:31 +0530 Subject: [PATCH] PASN: Use separate variables for BSSID and peer address Using separate variables for BSSID and peer address is needed to support Wi-Fi Aware (NAN) use cases where the group address is used as the BSSID and that could be different from any other peer address. The infrastructure BSS cases will continue to use the AP's BSSID as both the peer address and BSSID for the PASN exchanges. Signed-off-by: Jouni Malinen --- src/ap/ieee802_11.c | 1 + src/pasn/pasn_common.h | 7 +++++-- src/pasn/pasn_initiator.c | 29 ++++++++++++++++------------- src/pasn/pasn_responder.c | 4 ++-- wpa_supplicant/pasn_supplicant.c | 4 ++-- 5 files changed, 26 insertions(+), 19 deletions(-) diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index c168786f9..e771b069d 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -2520,6 +2520,7 @@ static void hapd_initialize_pasn(struct hostapd_data *hapd, pasn->comeback_idx = hapd->comeback_idx; pasn->comeback_key = hapd->comeback_key; pasn->comeback_pending_idx = hapd->comeback_pending_idx; + os_memcpy(pasn->bssid, hapd->own_addr, ETH_ALEN); } diff --git a/src/pasn/pasn_common.h b/src/pasn/pasn_common.h index f65031c79..9c2f397e7 100644 --- a/src/pasn/pasn_common.h +++ b/src/pasn/pasn_common.h @@ -47,6 +47,7 @@ struct pasn_data { u8 own_addr[ETH_ALEN]; u8 peer_addr[ETH_ALEN]; + u8 bssid[ETH_ALEN]; size_t pmk_len; u8 pmk[PMK_LEN_MAX]; bool using_pmksa; @@ -148,12 +149,14 @@ struct pasn_data { void wpa_pasn_reset(struct pasn_data *pasn); int wpas_pasn_start(struct pasn_data *pasn, const u8 *own_addr, - const u8 *peer_addr, int akmp, int cipher, u16 group, + const u8 *peer_addr, const u8 *bssid, + int akmp, int cipher, u16 group, int freq, const u8 *beacon_rsne, u8 beacon_rsne_len, const u8 *beacon_rsnxe, u8 beacon_rsnxe_len, const struct wpabuf *comeback); int wpa_pasn_verify(struct pasn_data *pasn, const u8 *own_addr, - const u8 *peer_addr, int akmp, int cipher, u16 group, + const u8 *peer_addr, const u8 *bssid, + int akmp, int cipher, u16 group, int freq, const u8 *beacon_rsne, u8 beacon_rsne_len, const u8 *beacon_rsnxe, u8 beacon_rsnxe_len, const struct wpabuf *comeback); diff --git a/src/pasn/pasn_initiator.c b/src/pasn/pasn_initiator.c index d0cf2aa4a..280575405 100644 --- a/src/pasn/pasn_initiator.c +++ b/src/pasn/pasn_initiator.c @@ -538,7 +538,7 @@ static struct wpabuf * wpas_pasn_build_auth_1(struct pasn_data *pasn, wrapped_data = wpas_pasn_get_wrapped_data_format(pasn); - wpa_pasn_build_auth_header(buf, pasn->peer_addr, + wpa_pasn_build_auth_header(buf, pasn->bssid, pasn->own_addr, pasn->peer_addr, pasn->trans_seq + 1, WLAN_STATUS_SUCCESS); @@ -629,7 +629,7 @@ static struct wpabuf * wpas_pasn_build_auth_3(struct pasn_data *pasn) wrapped_data = wpas_pasn_get_wrapped_data_format(pasn); - wpa_pasn_build_auth_header(buf, pasn->peer_addr, + wpa_pasn_build_auth_header(buf, pasn->bssid, pasn->own_addr, pasn->peer_addr, pasn->trans_seq + 1, WLAN_STATUS_SUCCESS); @@ -858,8 +858,8 @@ static int wpas_pasn_set_pmk(struct pasn_data *pasn, static int wpas_pasn_send_auth_1(struct pasn_data *pasn, const u8 *own_addr, - const u8 *peer_addr, int akmp, int cipher, - u16 group, int freq, + const u8 *peer_addr, const u8 *bssid, int akmp, + int cipher, u16 group, int freq, const u8 *beacon_rsne, u8 beacon_rsne_len, const u8 *beacon_rsnxe, u8 beacon_rsnxe_len, const struct wpabuf *comeback, bool verify) @@ -896,6 +896,7 @@ static int wpas_pasn_send_auth_1(struct pasn_data *pasn, const u8 *own_addr, os_memcpy(pasn->own_addr, own_addr, ETH_ALEN); os_memcpy(pasn->peer_addr, peer_addr, ETH_ALEN); + os_memcpy(pasn->bssid, bssid, ETH_ALEN); wpa_printf(MSG_DEBUG, "PASN: Init%s: " MACSTR " akmp=0x%x, cipher=0x%x, group=%u", @@ -927,7 +928,8 @@ fail: int wpas_pasn_start(struct pasn_data *pasn, const u8 *own_addr, - const u8 *peer_addr, int akmp, int cipher, u16 group, + const u8 *peer_addr, const u8 *bssid, + int akmp, int cipher, u16 group, int freq, const u8 *beacon_rsne, u8 beacon_rsne_len, const u8 *beacon_rsnxe, u8 beacon_rsnxe_len, const struct wpabuf *comeback) @@ -973,8 +975,8 @@ int wpas_pasn_start(struct pasn_data *pasn, const u8 *own_addr, return -1; } - return wpas_pasn_send_auth_1(pasn, own_addr, peer_addr, akmp, cipher, - group, + return wpas_pasn_send_auth_1(pasn, own_addr, peer_addr, bssid, akmp, + cipher, group, freq, beacon_rsne, beacon_rsne_len, beacon_rsnxe, beacon_rsnxe_len, comeback, false); @@ -992,15 +994,16 @@ int wpas_pasn_start(struct pasn_data *pasn, const u8 *own_addr, * verification. */ int wpa_pasn_verify(struct pasn_data *pasn, const u8 *own_addr, - const u8 *peer_addr, int akmp, int cipher, u16 group, + const u8 *peer_addr, const u8 *bssid, + int akmp, int cipher, u16 group, int freq, const u8 *beacon_rsne, u8 beacon_rsne_len, const u8 *beacon_rsnxe, u8 beacon_rsnxe_len, const struct wpabuf *comeback) { - return wpas_pasn_send_auth_1(pasn, own_addr, peer_addr, akmp, cipher, - group, freq, beacon_rsne, beacon_rsne_len, - beacon_rsnxe, beacon_rsnxe_len, comeback, - true); + return wpas_pasn_send_auth_1(pasn, own_addr, peer_addr, bssid, akmp, + cipher, group, freq, beacon_rsne, + beacon_rsne_len, beacon_rsnxe, + beacon_rsnxe_len, comeback, true); } @@ -1022,7 +1025,7 @@ static bool is_pasn_auth_frame(struct pasn_data *pasn, /* Not our frame; do nothing */ if (os_memcmp(mgmt->da, pasn->own_addr, ETH_ALEN) != 0 || os_memcmp(mgmt->sa, pasn->peer_addr, ETH_ALEN) != 0 || - os_memcmp(mgmt->bssid, pasn->peer_addr, ETH_ALEN) != 0) + os_memcmp(mgmt->bssid, pasn->bssid, ETH_ALEN) != 0) return false; /* Not PASN; do nothing */ diff --git a/src/pasn/pasn_responder.c b/src/pasn/pasn_responder.c index 35a88f327..ea2737c0f 100644 --- a/src/pasn/pasn_responder.c +++ b/src/pasn/pasn_responder.c @@ -374,7 +374,7 @@ static void handle_auth_pasn_comeback(struct pasn_data *pasn, if (!buf) return; - wpa_pasn_build_auth_header(buf, own_addr, own_addr, peer_addr, 2, + wpa_pasn_build_auth_header(buf, pasn->bssid, own_addr, peer_addr, 2, WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY); /* @@ -432,7 +432,7 @@ int handle_auth_pasn_resp(struct pasn_data *pasn, const u8 *own_addr, if (!buf) goto fail; - wpa_pasn_build_auth_header(buf, own_addr, own_addr, peer_addr, 2, + wpa_pasn_build_auth_header(buf, pasn->bssid, own_addr, peer_addr, 2, status); if (status != WLAN_STATUS_SUCCESS) diff --git a/wpa_supplicant/pasn_supplicant.c b/wpa_supplicant/pasn_supplicant.c index 526b45c33..a8d4e919b 100644 --- a/wpa_supplicant/pasn_supplicant.c +++ b/wpa_supplicant/pasn_supplicant.c @@ -647,8 +647,8 @@ static void wpas_pasn_auth_start_cb(struct wpa_radio_work *work, int deinit) ret = wpas_pasn_start(pasn, awork->own_addr, awork->peer_addr, - awork->akmp, awork->cipher, awork->group, - bss->freq, rsne, *(rsne + 1) + 2, + awork->peer_addr, awork->akmp, awork->cipher, + awork->group, bss->freq, rsne, *(rsne + 1) + 2, rsnxe, rsnxe ? *(rsnxe + 1) + 2 : 0, awork->comeback); if (ret) {