Add own MAC address in PASN supplicant start and deauthentication

The driver requests PASN authentication for a peer with a specified
source (own) MAC address. Use the specified own MAC address for PASN
operations. This is needed to allow random MAC addresses to be used.

Signed-off-by: Jouni Malinen <quic_jouni@quicinc.com>
This commit is contained in:
Vinay Gannevaram 2022-03-20 15:29:49 +05:30 committed by Jouni Malinen
parent 580bd04cf3
commit 9391f71004
3 changed files with 34 additions and 24 deletions

View file

@ -10914,8 +10914,8 @@ static int wpas_ctrl_iface_pasn_start(struct wpa_supplicant *wpa_s, char *cmd)
goto out;
}
ret = wpas_pasn_auth_start(wpa_s, bssid, akmp, cipher, group, id,
comeback, comeback_len);
ret = wpas_pasn_auth_start(wpa_s, wpa_s->own_addr, bssid, akmp, cipher,
group, id, comeback, comeback_len);
out:
os_free(comeback);
return ret;
@ -10933,7 +10933,7 @@ static int wpas_ctrl_iface_pasn_deauthenticate(struct wpa_supplicant *wpa_s,
return -1;
}
return wpas_pasn_deauthenticate(wpa_s, bssid);
return wpas_pasn_deauthenticate(wpa_s, wpa_s->own_addr, bssid);
}
#endif /* CONFIG_PASN */

View file

@ -28,6 +28,7 @@
static const int dot11RSNAConfigPMKLifetime = 43200;
struct wpa_pasn_auth_work {
u8 own_addr[ETH_ALEN];
u8 bssid[ETH_ALEN];
int akmp;
int cipher;
@ -111,7 +112,7 @@ static struct wpabuf * wpas_pasn_wd_sae_commit(struct wpa_supplicant *wpa_s)
}
ret = sae_prepare_commit_pt(&pasn->sae, pasn->ssid->pt,
wpa_s->own_addr, pasn->bssid,
pasn->own_addr, pasn->bssid,
NULL, NULL);
if (ret) {
wpa_printf(MSG_DEBUG, "PASN: Failed to prepare SAE commit");
@ -685,7 +686,7 @@ static struct wpabuf * wpas_pasn_build_auth_1(struct wpa_supplicant *wpa_s,
wrapped_data = wpas_pasn_get_wrapped_data_format(pasn);
wpa_pasn_build_auth_header(buf, pasn->bssid,
wpa_s->own_addr, pasn->bssid,
pasn->own_addr, pasn->bssid,
pasn->trans_seq + 1, WLAN_STATUS_SUCCESS);
pmkid = NULL;
@ -788,7 +789,7 @@ static struct wpabuf * wpas_pasn_build_auth_3(struct wpa_supplicant *wpa_s)
wrapped_data = wpas_pasn_get_wrapped_data_format(pasn);
wpa_pasn_build_auth_header(buf, pasn->bssid,
wpa_s->own_addr, pasn->bssid,
pasn->own_addr, pasn->bssid,
pasn->trans_seq + 1, WLAN_STATUS_SUCCESS);
wrapped_data_buf = wpas_pasn_get_wrapped_data(wpa_s);
@ -816,7 +817,7 @@ static struct wpabuf * wpas_pasn_build_auth_3(struct wpa_supplicant *wpa_s)
data_len = wpabuf_len(buf) - IEEE80211_HDRLEN;
ret = pasn_mic(pasn->ptk.kck, pasn->akmp, pasn->cipher,
wpa_s->own_addr, pasn->bssid,
pasn->own_addr, pasn->bssid,
pasn->hash, mic_len * 2, data, data_len, mic);
if (ret) {
wpa_printf(MSG_DEBUG, "PASN: frame 3: Failed MIC calculation");
@ -990,9 +991,9 @@ static int wpas_pasn_set_pmk(struct wpa_supplicant *wpa_s,
}
static int wpas_pasn_start(struct wpa_supplicant *wpa_s, const u8 *bssid,
int akmp, int cipher, u16 group, int freq,
const u8 *beacon_rsne, u8 beacon_rsne_len,
static int wpas_pasn_start(struct wpa_supplicant *wpa_s, const u8 *own_addr,
const u8 *bssid, int akmp, int cipher, u16 group,
int freq, const u8 *beacon_rsne, u8 beacon_rsne_len,
const u8 *beacon_rsnxe, u8 beacon_rsnxe_len,
int network_id, struct wpabuf *comeback)
{
@ -1093,6 +1094,7 @@ static int wpas_pasn_start(struct wpa_supplicant *wpa_s, const u8 *bssid,
pasn->kdk_len = 0;
wpa_printf(MSG_DEBUG, "PASN: kdk_len=%zu", pasn->kdk_len);
os_memcpy(pasn->own_addr, own_addr, ETH_ALEN);
os_memcpy(pasn->bssid, bssid, ETH_ALEN);
wpa_printf(MSG_DEBUG,
@ -1207,8 +1209,9 @@ static void wpas_pasn_auth_start_cb(struct wpa_radio_work *work, int deinit)
rsnxe = wpa_bss_get_ie(bss, WLAN_EID_RSNX);
ret = wpas_pasn_start(wpa_s, awork->bssid, awork->akmp, awork->cipher,
awork->group, bss->freq, rsne, *(rsne + 1) + 2,
ret = wpas_pasn_start(wpa_s, awork->own_addr, awork->bssid, awork->akmp,
awork->cipher, awork->group, bss->freq,
rsne, *(rsne + 1) + 2,
rsnxe, rsnxe ? *(rsnxe + 1) + 2 : 0,
awork->network_id, awork->comeback);
if (ret) {
@ -1230,7 +1233,8 @@ fail:
}
int wpas_pasn_auth_start(struct wpa_supplicant *wpa_s, const u8 *bssid,
int wpas_pasn_auth_start(struct wpa_supplicant *wpa_s,
const u8 *own_addr, const u8 *bssid,
int akmp, int cipher, u16 group, int network_id,
const u8 *comeback, size_t comeback_len)
{
@ -1272,6 +1276,7 @@ int wpas_pasn_auth_start(struct wpa_supplicant *wpa_s, const u8 *bssid,
if (!awork)
return -1;
os_memcpy(awork->own_addr, own_addr, ETH_ALEN);
os_memcpy(awork->bssid, bssid, ETH_ALEN);
awork->akmp = akmp;
awork->cipher = cipher;
@ -1321,14 +1326,16 @@ static int wpas_pasn_immediate_retry(struct wpa_supplicant *wpa_s,
int akmp = pasn->akmp;
int cipher = pasn->cipher;
u16 group = pasn->group;
u8 own_addr[ETH_ALEN];
u8 bssid[ETH_ALEN];
int network_id = pasn->ssid ? pasn->ssid->id : 0;
wpa_printf(MSG_DEBUG, "PASN: Immediate retry");
os_memcpy(own_addr, pasn->own_addr, ETH_ALEN);
os_memcpy(bssid, pasn->bssid, ETH_ALEN);
wpas_pasn_reset(wpa_s);
return wpas_pasn_auth_start(wpa_s, bssid, akmp, cipher, group,
return wpas_pasn_auth_start(wpa_s, own_addr, bssid, akmp, cipher, group,
network_id,
params->comeback, params->comeback_len);
}
@ -1358,7 +1365,7 @@ int wpas_pasn_auth_rx(struct wpa_supplicant *wpa_s,
return -2;
/* Not our frame; do nothing */
if (os_memcmp(mgmt->da, wpa_s->own_addr, ETH_ALEN) != 0 ||
if (os_memcmp(mgmt->da, pasn->own_addr, ETH_ALEN) != 0 ||
os_memcmp(mgmt->sa, pasn->bssid, ETH_ALEN) != 0 ||
os_memcmp(mgmt->bssid, pasn->bssid, ETH_ALEN) != 0)
return -2;
@ -1518,7 +1525,7 @@ int wpas_pasn_auth_rx(struct wpa_supplicant *wpa_s,
}
ret = pasn_pmk_to_ptk(pasn->pmk, pasn->pmk_len,
wpa_s->own_addr, pasn->bssid,
pasn->own_addr, pasn->bssid,
wpabuf_head(secret), wpabuf_len(secret),
&pasn->ptk, pasn->akmp, pasn->cipher,
pasn->kdk_len);
@ -1534,7 +1541,7 @@ int wpas_pasn_auth_rx(struct wpa_supplicant *wpa_s,
/* Verify the MIC */
ret = pasn_mic(pasn->ptk.kck, pasn->akmp, pasn->cipher,
pasn->bssid, wpa_s->own_addr,
pasn->bssid, pasn->own_addr,
wpabuf_head(pasn->beacon_rsne_rsnxe),
wpabuf_len(pasn->beacon_rsne_rsnxe),
(u8 *) &mgmt->u.auth,
@ -1567,7 +1574,7 @@ int wpas_pasn_auth_rx(struct wpa_supplicant *wpa_s,
wpa_printf(MSG_DEBUG, "PASN: Success sending last frame. Store PTK");
ptksa_cache_add(wpa_s->ptksa, wpa_s->own_addr, pasn->bssid,
ptksa_cache_add(wpa_s->ptksa, pasn->own_addr, pasn->bssid,
pasn->cipher, dot11RSNAConfigPMKLifetime, &pasn->ptk);
forced_memzero(&pasn->ptk, sizeof(pasn->ptk));
@ -1621,7 +1628,7 @@ int wpas_pasn_auth_tx_status(struct wpa_supplicant *wpa_s,
/* Not our frame; do nothing */
if (os_memcmp(mgmt->da, pasn->bssid, ETH_ALEN) ||
os_memcmp(mgmt->sa, wpa_s->own_addr, ETH_ALEN) ||
os_memcmp(mgmt->sa, pasn->own_addr, ETH_ALEN) ||
os_memcmp(mgmt->bssid, pasn->bssid, ETH_ALEN))
return -1;
@ -1660,7 +1667,8 @@ int wpas_pasn_auth_tx_status(struct wpa_supplicant *wpa_s,
}
int wpas_pasn_deauthenticate(struct wpa_supplicant *wpa_s, const u8 *bssid)
int wpas_pasn_deauthenticate(struct wpa_supplicant *wpa_s, const u8 *own_addr,
const u8 *bssid)
{
struct wpa_bss *bss;
struct wpabuf *buf;
@ -1696,7 +1704,7 @@ int wpas_pasn_deauthenticate(struct wpa_supplicant *wpa_s, const u8 *bssid)
(WLAN_FC_STYPE_DEAUTH << 4));
os_memcpy(deauth->da, bssid, ETH_ALEN);
os_memcpy(deauth->sa, wpa_s->own_addr, ETH_ALEN);
os_memcpy(deauth->sa, own_addr, ETH_ALEN);
os_memcpy(deauth->bssid, bssid, ETH_ALEN);
deauth->u.deauth.reason_code =
host_to_le16(WLAN_REASON_PREV_AUTH_NOT_VALID);

View file

@ -559,6 +559,7 @@ struct wpas_pasn {
u8 trans_seq;
u8 status;
u8 own_addr[ETH_ALEN];
u8 bssid[ETH_ALEN];
size_t pmk_len;
u8 pmk[PMK_LEN_MAX];
@ -1655,7 +1656,7 @@ void wpa_supplicant_deinit(struct wpa_global *global);
int wpa_supplicant_scard_init(struct wpa_supplicant *wpa_s,
struct wpa_ssid *ssid);
void wpa_supplicant_terminate_proc(struct wpa_global *global);
void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
void wpa_supplicant_rx_eapol(void *ctx, const u8 *own_addr,
const u8 *buf, size_t len,
enum frame_encryption encrypted);
void wpa_supplicant_update_config(struct wpa_supplicant *wpa_s);
@ -1914,7 +1915,7 @@ void wpas_handle_assoc_resp_qos_mgmt(struct wpa_supplicant *wpa_s,
int wpas_send_dscp_query(struct wpa_supplicant *wpa_s, const char *domain_name,
size_t domain_name_length);
int wpas_pasn_auth_start(struct wpa_supplicant *wpa_s,
int wpas_pasn_auth_start(struct wpa_supplicant *wpa_s, const u8 *own_addr,
const u8 *bssid, int akmp, int cipher,
u16 group, int network_id,
const u8 *comeback, size_t comeback_len);
@ -1924,6 +1925,7 @@ int wpas_pasn_auth_tx_status(struct wpa_supplicant *wpa_s,
int wpas_pasn_auth_rx(struct wpa_supplicant *wpa_s,
const struct ieee80211_mgmt *mgmt, size_t len);
int wpas_pasn_deauthenticate(struct wpa_supplicant *wpa_s, const u8 *bssid);
int wpas_pasn_deauthenticate(struct wpa_supplicant *wpa_s, const u8 *own_addr,
const u8 *bssid);
#endif /* WPA_SUPPLICANT_I_H */