PASN: Use separate variables for BSSID and peer address

Using separate variables for BSSID and peer address is needed to support
Wi-Fi Aware (NAN) use cases where the group address is used as the BSSID
and that could be different from any other peer address. The
infrastructure BSS cases will continue to use the AP's BSSID as both the
peer address and BSSID for the PASN exchanges.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
Vinay Gannevaram 2022-11-04 16:15:31 +05:30 committed by Jouni Malinen
parent 42f0c44d84
commit 309765eb66
5 changed files with 26 additions and 19 deletions

View file

@ -2520,6 +2520,7 @@ static void hapd_initialize_pasn(struct hostapd_data *hapd,
pasn->comeback_idx = hapd->comeback_idx; pasn->comeback_idx = hapd->comeback_idx;
pasn->comeback_key = hapd->comeback_key; pasn->comeback_key = hapd->comeback_key;
pasn->comeback_pending_idx = hapd->comeback_pending_idx; pasn->comeback_pending_idx = hapd->comeback_pending_idx;
os_memcpy(pasn->bssid, hapd->own_addr, ETH_ALEN);
} }

View file

@ -47,6 +47,7 @@ struct pasn_data {
u8 own_addr[ETH_ALEN]; u8 own_addr[ETH_ALEN];
u8 peer_addr[ETH_ALEN]; u8 peer_addr[ETH_ALEN];
u8 bssid[ETH_ALEN];
size_t pmk_len; size_t pmk_len;
u8 pmk[PMK_LEN_MAX]; u8 pmk[PMK_LEN_MAX];
bool using_pmksa; bool using_pmksa;
@ -148,12 +149,14 @@ struct pasn_data {
void wpa_pasn_reset(struct pasn_data *pasn); void wpa_pasn_reset(struct pasn_data *pasn);
int wpas_pasn_start(struct pasn_data *pasn, const u8 *own_addr, int wpas_pasn_start(struct pasn_data *pasn, const u8 *own_addr,
const u8 *peer_addr, int akmp, int cipher, u16 group, const u8 *peer_addr, const u8 *bssid,
int akmp, int cipher, u16 group,
int freq, const u8 *beacon_rsne, u8 beacon_rsne_len, int freq, const u8 *beacon_rsne, u8 beacon_rsne_len,
const u8 *beacon_rsnxe, u8 beacon_rsnxe_len, const u8 *beacon_rsnxe, u8 beacon_rsnxe_len,
const struct wpabuf *comeback); const struct wpabuf *comeback);
int wpa_pasn_verify(struct pasn_data *pasn, const u8 *own_addr, int wpa_pasn_verify(struct pasn_data *pasn, const u8 *own_addr,
const u8 *peer_addr, int akmp, int cipher, u16 group, const u8 *peer_addr, const u8 *bssid,
int akmp, int cipher, u16 group,
int freq, const u8 *beacon_rsne, u8 beacon_rsne_len, int freq, const u8 *beacon_rsne, u8 beacon_rsne_len,
const u8 *beacon_rsnxe, u8 beacon_rsnxe_len, const u8 *beacon_rsnxe, u8 beacon_rsnxe_len,
const struct wpabuf *comeback); const struct wpabuf *comeback);

View file

@ -538,7 +538,7 @@ static struct wpabuf * wpas_pasn_build_auth_1(struct pasn_data *pasn,
wrapped_data = wpas_pasn_get_wrapped_data_format(pasn); wrapped_data = wpas_pasn_get_wrapped_data_format(pasn);
wpa_pasn_build_auth_header(buf, pasn->peer_addr, wpa_pasn_build_auth_header(buf, pasn->bssid,
pasn->own_addr, pasn->peer_addr, pasn->own_addr, pasn->peer_addr,
pasn->trans_seq + 1, WLAN_STATUS_SUCCESS); pasn->trans_seq + 1, WLAN_STATUS_SUCCESS);
@ -629,7 +629,7 @@ static struct wpabuf * wpas_pasn_build_auth_3(struct pasn_data *pasn)
wrapped_data = wpas_pasn_get_wrapped_data_format(pasn); wrapped_data = wpas_pasn_get_wrapped_data_format(pasn);
wpa_pasn_build_auth_header(buf, pasn->peer_addr, wpa_pasn_build_auth_header(buf, pasn->bssid,
pasn->own_addr, pasn->peer_addr, pasn->own_addr, pasn->peer_addr,
pasn->trans_seq + 1, WLAN_STATUS_SUCCESS); pasn->trans_seq + 1, WLAN_STATUS_SUCCESS);
@ -858,8 +858,8 @@ static int wpas_pasn_set_pmk(struct pasn_data *pasn,
static int wpas_pasn_send_auth_1(struct pasn_data *pasn, const u8 *own_addr, static int wpas_pasn_send_auth_1(struct pasn_data *pasn, const u8 *own_addr,
const u8 *peer_addr, int akmp, int cipher, const u8 *peer_addr, const u8 *bssid, int akmp,
u16 group, int freq, int cipher, u16 group, int freq,
const u8 *beacon_rsne, u8 beacon_rsne_len, const u8 *beacon_rsne, u8 beacon_rsne_len,
const u8 *beacon_rsnxe, u8 beacon_rsnxe_len, const u8 *beacon_rsnxe, u8 beacon_rsnxe_len,
const struct wpabuf *comeback, bool verify) const struct wpabuf *comeback, bool verify)
@ -896,6 +896,7 @@ static int wpas_pasn_send_auth_1(struct pasn_data *pasn, const u8 *own_addr,
os_memcpy(pasn->own_addr, own_addr, ETH_ALEN); os_memcpy(pasn->own_addr, own_addr, ETH_ALEN);
os_memcpy(pasn->peer_addr, peer_addr, ETH_ALEN); os_memcpy(pasn->peer_addr, peer_addr, ETH_ALEN);
os_memcpy(pasn->bssid, bssid, ETH_ALEN);
wpa_printf(MSG_DEBUG, wpa_printf(MSG_DEBUG,
"PASN: Init%s: " MACSTR " akmp=0x%x, cipher=0x%x, group=%u", "PASN: Init%s: " MACSTR " akmp=0x%x, cipher=0x%x, group=%u",
@ -927,7 +928,8 @@ fail:
int wpas_pasn_start(struct pasn_data *pasn, const u8 *own_addr, int wpas_pasn_start(struct pasn_data *pasn, const u8 *own_addr,
const u8 *peer_addr, int akmp, int cipher, u16 group, const u8 *peer_addr, const u8 *bssid,
int akmp, int cipher, u16 group,
int freq, const u8 *beacon_rsne, u8 beacon_rsne_len, int freq, const u8 *beacon_rsne, u8 beacon_rsne_len,
const u8 *beacon_rsnxe, u8 beacon_rsnxe_len, const u8 *beacon_rsnxe, u8 beacon_rsnxe_len,
const struct wpabuf *comeback) const struct wpabuf *comeback)
@ -973,8 +975,8 @@ int wpas_pasn_start(struct pasn_data *pasn, const u8 *own_addr,
return -1; return -1;
} }
return wpas_pasn_send_auth_1(pasn, own_addr, peer_addr, akmp, cipher, return wpas_pasn_send_auth_1(pasn, own_addr, peer_addr, bssid, akmp,
group, cipher, group,
freq, beacon_rsne, beacon_rsne_len, freq, beacon_rsne, beacon_rsne_len,
beacon_rsnxe, beacon_rsnxe_len, comeback, beacon_rsnxe, beacon_rsnxe_len, comeback,
false); false);
@ -992,15 +994,16 @@ int wpas_pasn_start(struct pasn_data *pasn, const u8 *own_addr,
* verification. * verification.
*/ */
int wpa_pasn_verify(struct pasn_data *pasn, const u8 *own_addr, int wpa_pasn_verify(struct pasn_data *pasn, const u8 *own_addr,
const u8 *peer_addr, int akmp, int cipher, u16 group, const u8 *peer_addr, const u8 *bssid,
int akmp, int cipher, u16 group,
int freq, const u8 *beacon_rsne, u8 beacon_rsne_len, int freq, const u8 *beacon_rsne, u8 beacon_rsne_len,
const u8 *beacon_rsnxe, u8 beacon_rsnxe_len, const u8 *beacon_rsnxe, u8 beacon_rsnxe_len,
const struct wpabuf *comeback) const struct wpabuf *comeback)
{ {
return wpas_pasn_send_auth_1(pasn, own_addr, peer_addr, akmp, cipher, return wpas_pasn_send_auth_1(pasn, own_addr, peer_addr, bssid, akmp,
group, freq, beacon_rsne, beacon_rsne_len, cipher, group, freq, beacon_rsne,
beacon_rsnxe, beacon_rsnxe_len, comeback, beacon_rsne_len, beacon_rsnxe,
true); beacon_rsnxe_len, comeback, true);
} }
@ -1022,7 +1025,7 @@ static bool is_pasn_auth_frame(struct pasn_data *pasn,
/* Not our frame; do nothing */ /* Not our frame; do nothing */
if (os_memcmp(mgmt->da, pasn->own_addr, ETH_ALEN) != 0 || if (os_memcmp(mgmt->da, pasn->own_addr, ETH_ALEN) != 0 ||
os_memcmp(mgmt->sa, pasn->peer_addr, ETH_ALEN) != 0 || os_memcmp(mgmt->sa, pasn->peer_addr, ETH_ALEN) != 0 ||
os_memcmp(mgmt->bssid, pasn->peer_addr, ETH_ALEN) != 0) os_memcmp(mgmt->bssid, pasn->bssid, ETH_ALEN) != 0)
return false; return false;
/* Not PASN; do nothing */ /* Not PASN; do nothing */

View file

@ -374,7 +374,7 @@ static void handle_auth_pasn_comeback(struct pasn_data *pasn,
if (!buf) if (!buf)
return; return;
wpa_pasn_build_auth_header(buf, own_addr, own_addr, peer_addr, 2, wpa_pasn_build_auth_header(buf, pasn->bssid, own_addr, peer_addr, 2,
WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY); WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY);
/* /*
@ -432,7 +432,7 @@ int handle_auth_pasn_resp(struct pasn_data *pasn, const u8 *own_addr,
if (!buf) if (!buf)
goto fail; goto fail;
wpa_pasn_build_auth_header(buf, own_addr, own_addr, peer_addr, 2, wpa_pasn_build_auth_header(buf, pasn->bssid, own_addr, peer_addr, 2,
status); status);
if (status != WLAN_STATUS_SUCCESS) if (status != WLAN_STATUS_SUCCESS)

View file

@ -647,8 +647,8 @@ static void wpas_pasn_auth_start_cb(struct wpa_radio_work *work, int deinit)
ret = wpas_pasn_start(pasn, awork->own_addr, awork->peer_addr, ret = wpas_pasn_start(pasn, awork->own_addr, awork->peer_addr,
awork->akmp, awork->cipher, awork->group, awork->peer_addr, awork->akmp, awork->cipher,
bss->freq, rsne, *(rsne + 1) + 2, awork->group, bss->freq, rsne, *(rsne + 1) + 2,
rsnxe, rsnxe ? *(rsnxe + 1) + 2 : 0, rsnxe, rsnxe ? *(rsnxe + 1) + 2 : 0,
awork->comeback); awork->comeback);
if (ret) { if (ret) {