WPA_AUTH: MLO: Add functions to get the AA and SPA
As a preparation to use AP MLD address and non-AP MLD address in the RSN Authenticator state machine, add utility functions to get the current AA and SPA. Signed-off-by: Ilan Peer <ilan.peer@intel.com> Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
This commit is contained in:
parent
cab963e9f8
commit
c4cb62ca8e
1 changed files with 151 additions and 92 deletions
|
@ -36,7 +36,7 @@
|
||||||
|
|
||||||
#define STATE_MACHINE_DATA struct wpa_state_machine
|
#define STATE_MACHINE_DATA struct wpa_state_machine
|
||||||
#define STATE_MACHINE_DEBUG_PREFIX "WPA"
|
#define STATE_MACHINE_DEBUG_PREFIX "WPA"
|
||||||
#define STATE_MACHINE_ADDR sm->addr
|
#define STATE_MACHINE_ADDR wpa_auth_get_spa(sm)
|
||||||
|
|
||||||
|
|
||||||
static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx);
|
static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx);
|
||||||
|
@ -82,6 +82,18 @@ static const int dot11RSNAConfigPMKReauthThreshold = 70;
|
||||||
static const int dot11RSNAConfigSATimeout = 60;
|
static const int dot11RSNAConfigSATimeout = 60;
|
||||||
|
|
||||||
|
|
||||||
|
static const u8 * wpa_auth_get_aa(const struct wpa_state_machine *sm)
|
||||||
|
{
|
||||||
|
return sm->wpa_auth->addr;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static const u8 * wpa_auth_get_spa(const struct wpa_state_machine *sm)
|
||||||
|
{
|
||||||
|
return sm->addr;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
static inline int wpa_auth_mic_failure_report(
|
static inline int wpa_auth_mic_failure_report(
|
||||||
struct wpa_authenticator *wpa_auth, const u8 *addr)
|
struct wpa_authenticator *wpa_auth, const u8 *addr)
|
||||||
{
|
{
|
||||||
|
@ -377,7 +389,8 @@ static void wpa_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
|
||||||
struct wpa_authenticator *wpa_auth = eloop_ctx;
|
struct wpa_authenticator *wpa_auth = eloop_ctx;
|
||||||
struct wpa_state_machine *sm = timeout_ctx;
|
struct wpa_state_machine *sm = timeout_ctx;
|
||||||
|
|
||||||
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "rekeying PTK");
|
wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
|
||||||
|
"rekeying PTK");
|
||||||
wpa_request_new_ptk(sm);
|
wpa_request_new_ptk(sm);
|
||||||
wpa_sm_step(sm);
|
wpa_sm_step(sm);
|
||||||
}
|
}
|
||||||
|
@ -387,7 +400,8 @@ void wpa_auth_set_ptk_rekey_timer(struct wpa_state_machine *sm)
|
||||||
{
|
{
|
||||||
if (sm && sm->wpa_auth->conf.wpa_ptk_rekey) {
|
if (sm && sm->wpa_auth->conf.wpa_ptk_rekey) {
|
||||||
wpa_printf(MSG_DEBUG, "WPA: Start PTK rekeying timer for "
|
wpa_printf(MSG_DEBUG, "WPA: Start PTK rekeying timer for "
|
||||||
MACSTR " (%d seconds)", MAC2STR(sm->addr),
|
MACSTR " (%d seconds)",
|
||||||
|
MAC2STR(wpa_auth_get_spa(sm)),
|
||||||
sm->wpa_auth->conf.wpa_ptk_rekey);
|
sm->wpa_auth->conf.wpa_ptk_rekey);
|
||||||
eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
|
eloop_cancel_timeout(wpa_rekey_ptk, sm->wpa_auth, sm);
|
||||||
eloop_register_timeout(sm->wpa_auth->conf.wpa_ptk_rekey, 0,
|
eloop_register_timeout(sm->wpa_auth->conf.wpa_ptk_rekey, 0,
|
||||||
|
@ -694,7 +708,7 @@ int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
|
||||||
|
|
||||||
#ifdef CONFIG_IEEE80211R_AP
|
#ifdef CONFIG_IEEE80211R_AP
|
||||||
if (sm->ft_completed) {
|
if (sm->ft_completed) {
|
||||||
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
|
wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
|
||||||
"FT authentication already completed - do not start 4-way handshake");
|
"FT authentication already completed - do not start 4-way handshake");
|
||||||
/* Go to PTKINITDONE state to allow GTK rekeying */
|
/* Go to PTKINITDONE state to allow GTK rekeying */
|
||||||
sm->wpa_ptk_state = WPA_PTK_PTKINITDONE;
|
sm->wpa_ptk_state = WPA_PTK_PTKINITDONE;
|
||||||
|
@ -705,7 +719,7 @@ int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
|
||||||
|
|
||||||
#ifdef CONFIG_FILS
|
#ifdef CONFIG_FILS
|
||||||
if (sm->fils_completed) {
|
if (sm->fils_completed) {
|
||||||
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
|
wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
|
||||||
"FILS authentication already completed - do not start 4-way handshake");
|
"FILS authentication already completed - do not start 4-way handshake");
|
||||||
/* Go to PTKINITDONE state to allow GTK rekeying */
|
/* Go to PTKINITDONE state to allow GTK rekeying */
|
||||||
sm->wpa_ptk_state = WPA_PTK_PTKINITDONE;
|
sm->wpa_ptk_state = WPA_PTK_PTKINITDONE;
|
||||||
|
@ -720,7 +734,7 @@ int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
|
||||||
return wpa_sm_step(sm);
|
return wpa_sm_step(sm);
|
||||||
}
|
}
|
||||||
|
|
||||||
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
|
wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
|
||||||
"start authentication");
|
"start authentication");
|
||||||
sm->started = 1;
|
sm->started = 1;
|
||||||
|
|
||||||
|
@ -754,7 +768,8 @@ static void wpa_free_sta_sm(struct wpa_state_machine *sm)
|
||||||
MACSTR " (bit %u)",
|
MACSTR " (bit %u)",
|
||||||
sm->ip_addr[0], sm->ip_addr[1],
|
sm->ip_addr[0], sm->ip_addr[1],
|
||||||
sm->ip_addr[2], sm->ip_addr[3],
|
sm->ip_addr[2], sm->ip_addr[3],
|
||||||
MAC2STR(sm->addr), sm->ip_addr_bit);
|
MAC2STR(wpa_auth_get_spa(sm)),
|
||||||
|
sm->ip_addr_bit);
|
||||||
bitfield_clear(sm->wpa_auth->ip_pool, sm->ip_addr_bit);
|
bitfield_clear(sm->wpa_auth->ip_pool, sm->ip_addr_bit);
|
||||||
}
|
}
|
||||||
#endif /* CONFIG_P2P */
|
#endif /* CONFIG_P2P */
|
||||||
|
@ -786,7 +801,7 @@ void wpa_auth_sta_deinit(struct wpa_state_machine *sm)
|
||||||
|
|
||||||
wpa_auth = sm->wpa_auth;
|
wpa_auth = sm->wpa_auth;
|
||||||
if (wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) {
|
if (wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) {
|
||||||
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
|
wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
|
||||||
"strict rekeying - force GTK rekey since STA is leaving");
|
"strict rekeying - force GTK rekey since STA is leaving");
|
||||||
if (eloop_deplete_timeout(0, 500000, wpa_rekey_gtk,
|
if (eloop_deplete_timeout(0, 500000, wpa_rekey_gtk,
|
||||||
wpa_auth, NULL) == -1)
|
wpa_auth, NULL) == -1)
|
||||||
|
@ -806,7 +821,7 @@ void wpa_auth_sta_deinit(struct wpa_state_machine *sm)
|
||||||
* Freeing will be completed in the end of wpa_sm_step(). */
|
* Freeing will be completed in the end of wpa_sm_step(). */
|
||||||
wpa_printf(MSG_DEBUG,
|
wpa_printf(MSG_DEBUG,
|
||||||
"WPA: Registering pending STA state machine deinit for "
|
"WPA: Registering pending STA state machine deinit for "
|
||||||
MACSTR, MAC2STR(sm->addr));
|
MACSTR, MAC2STR(wpa_auth_get_spa(sm)));
|
||||||
sm->pending_deinit = 1;
|
sm->pending_deinit = 1;
|
||||||
} else
|
} else
|
||||||
wpa_free_sta_sm(sm);
|
wpa_free_sta_sm(sm);
|
||||||
|
@ -821,7 +836,7 @@ static void wpa_request_new_ptk(struct wpa_state_machine *sm)
|
||||||
if (!sm->use_ext_key_id && sm->wpa_auth->conf.wpa_deny_ptk0_rekey) {
|
if (!sm->use_ext_key_id && sm->wpa_auth->conf.wpa_deny_ptk0_rekey) {
|
||||||
wpa_printf(MSG_INFO,
|
wpa_printf(MSG_INFO,
|
||||||
"WPA: PTK0 rekey not allowed, disconnect " MACSTR,
|
"WPA: PTK0 rekey not allowed, disconnect " MACSTR,
|
||||||
MAC2STR(sm->addr));
|
MAC2STR(wpa_auth_get_spa(sm)));
|
||||||
sm->Disconnect = true;
|
sm->Disconnect = true;
|
||||||
/* Try to encourage the STA to reconnect */
|
/* Try to encourage the STA to reconnect */
|
||||||
sm->disconnect_reason =
|
sm->disconnect_reason =
|
||||||
|
@ -919,18 +934,19 @@ static int wpa_receive_error_report(struct wpa_authenticator *wpa_auth,
|
||||||
struct wpa_state_machine *sm, int group)
|
struct wpa_state_machine *sm, int group)
|
||||||
{
|
{
|
||||||
/* Supplicant reported a Michael MIC error */
|
/* Supplicant reported a Michael MIC error */
|
||||||
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
|
wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
|
||||||
"received EAPOL-Key Error Request (STA detected Michael MIC failure (group=%d))",
|
"received EAPOL-Key Error Request (STA detected Michael MIC failure (group=%d))",
|
||||||
group);
|
group);
|
||||||
|
|
||||||
if (group && wpa_auth->conf.wpa_group != WPA_CIPHER_TKIP) {
|
if (group && wpa_auth->conf.wpa_group != WPA_CIPHER_TKIP) {
|
||||||
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
|
wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
|
||||||
"ignore Michael MIC failure report since group cipher is not TKIP");
|
"ignore Michael MIC failure report since group cipher is not TKIP");
|
||||||
} else if (!group && sm->pairwise != WPA_CIPHER_TKIP) {
|
} else if (!group && sm->pairwise != WPA_CIPHER_TKIP) {
|
||||||
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
|
wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
|
||||||
"ignore Michael MIC failure report since pairwise cipher is not TKIP");
|
"ignore Michael MIC failure report since pairwise cipher is not TKIP");
|
||||||
} else {
|
} else {
|
||||||
if (wpa_auth_mic_failure_report(wpa_auth, sm->addr) > 0)
|
if (wpa_auth_mic_failure_report(wpa_auth,
|
||||||
|
wpa_auth_get_spa(sm)) > 0)
|
||||||
return 1; /* STA entry was removed */
|
return 1; /* STA entry was removed */
|
||||||
sm->dot11RSNAStatsTKIPRemoteMICFailures++;
|
sm->dot11RSNAStatsTKIPRemoteMICFailures++;
|
||||||
wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
|
wpa_auth->dot11RSNAStatsTKIPRemoteMICFailures++;
|
||||||
|
@ -1078,7 +1094,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
|
||||||
key_data_length = WPA_GET_BE16(mic + mic_len);
|
key_data_length = WPA_GET_BE16(mic + mic_len);
|
||||||
wpa_printf(MSG_DEBUG, "WPA: Received EAPOL-Key from " MACSTR
|
wpa_printf(MSG_DEBUG, "WPA: Received EAPOL-Key from " MACSTR
|
||||||
" key_info=0x%x type=%u mic_len=%zu key_data_length=%u",
|
" key_info=0x%x type=%u mic_len=%zu key_data_length=%u",
|
||||||
MAC2STR(sm->addr), key_info, key->type,
|
MAC2STR(wpa_auth_get_spa(sm)), key_info, key->type,
|
||||||
mic_len, key_data_length);
|
mic_len, key_data_length);
|
||||||
wpa_hexdump(MSG_MSGDUMP,
|
wpa_hexdump(MSG_MSGDUMP,
|
||||||
"WPA: EAPOL-Key header (ending before Key MIC)",
|
"WPA: EAPOL-Key header (ending before Key MIC)",
|
||||||
|
@ -1153,7 +1169,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
|
||||||
if (wpa_use_cmac(sm->wpa_key_mgmt) &&
|
if (wpa_use_cmac(sm->wpa_key_mgmt) &&
|
||||||
!wpa_use_akm_defined(sm->wpa_key_mgmt) &&
|
!wpa_use_akm_defined(sm->wpa_key_mgmt) &&
|
||||||
ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
|
ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
|
||||||
wpa_auth_logger(wpa_auth, sm->addr,
|
wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
|
||||||
LOGGER_WARNING,
|
LOGGER_WARNING,
|
||||||
"advertised support for AES-128-CMAC, but did not use it");
|
"advertised support for AES-128-CMAC, but did not use it");
|
||||||
return;
|
return;
|
||||||
|
@ -1162,7 +1178,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
|
||||||
if (!wpa_use_cmac(sm->wpa_key_mgmt) &&
|
if (!wpa_use_cmac(sm->wpa_key_mgmt) &&
|
||||||
!wpa_use_akm_defined(sm->wpa_key_mgmt) &&
|
!wpa_use_akm_defined(sm->wpa_key_mgmt) &&
|
||||||
ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
|
ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
|
||||||
wpa_auth_logger(wpa_auth, sm->addr,
|
wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
|
||||||
LOGGER_WARNING,
|
LOGGER_WARNING,
|
||||||
"did not use HMAC-SHA1-AES with CCMP/GCMP");
|
"did not use HMAC-SHA1-AES with CCMP/GCMP");
|
||||||
return;
|
return;
|
||||||
|
@ -1171,7 +1187,8 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
|
||||||
|
|
||||||
if (wpa_use_akm_defined(sm->wpa_key_mgmt) &&
|
if (wpa_use_akm_defined(sm->wpa_key_mgmt) &&
|
||||||
ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
|
ver != WPA_KEY_INFO_TYPE_AKM_DEFINED) {
|
||||||
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
|
wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
|
||||||
|
LOGGER_WARNING,
|
||||||
"did not use EAPOL-Key descriptor version 0 as required for AKM-defined cases");
|
"did not use EAPOL-Key descriptor version 0 as required for AKM-defined cases");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -1181,7 +1198,8 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
|
||||||
if (sm->req_replay_counter_used &&
|
if (sm->req_replay_counter_used &&
|
||||||
os_memcmp(key->replay_counter, sm->req_replay_counter,
|
os_memcmp(key->replay_counter, sm->req_replay_counter,
|
||||||
WPA_REPLAY_COUNTER_LEN) <= 0) {
|
WPA_REPLAY_COUNTER_LEN) <= 0) {
|
||||||
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
|
wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
|
||||||
|
LOGGER_WARNING,
|
||||||
"received EAPOL-Key request with replayed counter");
|
"received EAPOL-Key request with replayed counter");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -1204,7 +1222,8 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
|
||||||
* pending requests, so allow the SNonce to be updated
|
* pending requests, so allow the SNonce to be updated
|
||||||
* even if we have already sent out EAPOL-Key 3/4.
|
* even if we have already sent out EAPOL-Key 3/4.
|
||||||
*/
|
*/
|
||||||
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
|
wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm),
|
||||||
|
LOGGER_DEBUG,
|
||||||
"Process SNonce update from STA based on retransmitted EAPOL-Key 1/4");
|
"Process SNonce update from STA based on retransmitted EAPOL-Key 1/4");
|
||||||
sm->update_snonce = 1;
|
sm->update_snonce = 1;
|
||||||
os_memcpy(sm->alt_SNonce, sm->SNonce, WPA_NONCE_LEN);
|
os_memcpy(sm->alt_SNonce, sm->SNonce, WPA_NONCE_LEN);
|
||||||
|
@ -1224,7 +1243,8 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
|
||||||
* there was two EAPOL-Key 2/4 messages and they had
|
* there was two EAPOL-Key 2/4 messages and they had
|
||||||
* different SNonce values.
|
* different SNonce values.
|
||||||
*/
|
*/
|
||||||
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
|
wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm),
|
||||||
|
LOGGER_DEBUG,
|
||||||
"Try to process received EAPOL-Key 4/4 based on old Replay Counter and SNonce from an earlier EAPOL-Key 1/4");
|
"Try to process received EAPOL-Key 4/4 based on old Replay Counter and SNonce from an earlier EAPOL-Key 1/4");
|
||||||
goto continue_processing;
|
goto continue_processing;
|
||||||
}
|
}
|
||||||
|
@ -1233,11 +1253,13 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
|
||||||
wpa_replay_counter_valid(sm->prev_key_replay,
|
wpa_replay_counter_valid(sm->prev_key_replay,
|
||||||
key->replay_counter) &&
|
key->replay_counter) &&
|
||||||
sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING) {
|
sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING) {
|
||||||
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
|
wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm),
|
||||||
|
LOGGER_DEBUG,
|
||||||
"ignore retransmitted EAPOL-Key %s - SNonce did not change",
|
"ignore retransmitted EAPOL-Key %s - SNonce did not change",
|
||||||
msgtxt);
|
msgtxt);
|
||||||
} else {
|
} else {
|
||||||
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
|
wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm),
|
||||||
|
LOGGER_DEBUG,
|
||||||
"received EAPOL-Key %s with unexpected replay counter",
|
"received EAPOL-Key %s with unexpected replay counter",
|
||||||
msgtxt);
|
msgtxt);
|
||||||
}
|
}
|
||||||
|
@ -1257,7 +1279,7 @@ continue_processing:
|
||||||
#ifdef CONFIG_FILS
|
#ifdef CONFIG_FILS
|
||||||
if (sm->wpa == WPA_VERSION_WPA2 && mic_len == 0 &&
|
if (sm->wpa == WPA_VERSION_WPA2 && mic_len == 0 &&
|
||||||
!(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
|
!(key_info & WPA_KEY_INFO_ENCR_KEY_DATA)) {
|
||||||
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
|
wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
|
||||||
"WPA: Encr Key Data bit not set even though AEAD cipher is supposed to be used - drop frame");
|
"WPA: Encr Key Data bit not set even though AEAD cipher is supposed to be used - drop frame");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -1269,7 +1291,8 @@ continue_processing:
|
||||||
sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING &&
|
sm->wpa_ptk_state != WPA_PTK_PTKCALCNEGOTIATING &&
|
||||||
(!sm->update_snonce ||
|
(!sm->update_snonce ||
|
||||||
sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING)) {
|
sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING)) {
|
||||||
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
|
wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm),
|
||||||
|
LOGGER_INFO,
|
||||||
"received EAPOL-Key msg 2/4 in invalid state (%d) - dropped",
|
"received EAPOL-Key msg 2/4 in invalid state (%d) - dropped",
|
||||||
sm->wpa_ptk_state);
|
sm->wpa_ptk_state);
|
||||||
return;
|
return;
|
||||||
|
@ -1296,7 +1319,8 @@ continue_processing:
|
||||||
case PAIRWISE_4:
|
case PAIRWISE_4:
|
||||||
if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING ||
|
if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING ||
|
||||||
!sm->PTK_valid) {
|
!sm->PTK_valid) {
|
||||||
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
|
wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm),
|
||||||
|
LOGGER_INFO,
|
||||||
"received EAPOL-Key msg 4/4 in invalid state (%d) - dropped",
|
"received EAPOL-Key msg 4/4 in invalid state (%d) - dropped",
|
||||||
sm->wpa_ptk_state);
|
sm->wpa_ptk_state);
|
||||||
return;
|
return;
|
||||||
|
@ -1305,7 +1329,8 @@ continue_processing:
|
||||||
case GROUP_2:
|
case GROUP_2:
|
||||||
if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING
|
if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING
|
||||||
|| !sm->PTK_valid) {
|
|| !sm->PTK_valid) {
|
||||||
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
|
wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm),
|
||||||
|
LOGGER_INFO,
|
||||||
"received EAPOL-Key msg 2/2 in invalid state (%d) - dropped",
|
"received EAPOL-Key msg 2/2 in invalid state (%d) - dropped",
|
||||||
sm->wpa_ptk_group_state);
|
sm->wpa_ptk_group_state);
|
||||||
return;
|
return;
|
||||||
|
@ -1315,18 +1340,18 @@ continue_processing:
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
|
wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
|
||||||
"received EAPOL-Key frame (%s)", msgtxt);
|
"received EAPOL-Key frame (%s)", msgtxt);
|
||||||
|
|
||||||
if (key_info & WPA_KEY_INFO_ACK) {
|
if (key_info & WPA_KEY_INFO_ACK) {
|
||||||
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
|
wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
|
||||||
"received invalid EAPOL-Key: Key Ack set");
|
"received invalid EAPOL-Key: Key Ack set");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!wpa_key_mgmt_fils(sm->wpa_key_mgmt) &&
|
if (!wpa_key_mgmt_fils(sm->wpa_key_mgmt) &&
|
||||||
!(key_info & WPA_KEY_INFO_MIC)) {
|
!(key_info & WPA_KEY_INFO_MIC)) {
|
||||||
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
|
wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
|
||||||
"received invalid EAPOL-Key: Key MIC not set");
|
"received invalid EAPOL-Key: Key MIC not set");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -1334,7 +1359,7 @@ continue_processing:
|
||||||
#ifdef CONFIG_FILS
|
#ifdef CONFIG_FILS
|
||||||
if (wpa_key_mgmt_fils(sm->wpa_key_mgmt) &&
|
if (wpa_key_mgmt_fils(sm->wpa_key_mgmt) &&
|
||||||
(key_info & WPA_KEY_INFO_MIC)) {
|
(key_info & WPA_KEY_INFO_MIC)) {
|
||||||
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
|
wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
|
||||||
"received invalid EAPOL-Key: Key MIC set");
|
"received invalid EAPOL-Key: Key MIC set");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -1347,7 +1372,8 @@ continue_processing:
|
||||||
data, data_len) &&
|
data, data_len) &&
|
||||||
(msg != PAIRWISE_4 || !sm->alt_snonce_valid ||
|
(msg != PAIRWISE_4 || !sm->alt_snonce_valid ||
|
||||||
wpa_try_alt_snonce(sm, data, data_len))) {
|
wpa_try_alt_snonce(sm, data, data_len))) {
|
||||||
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
|
wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
|
||||||
|
LOGGER_INFO,
|
||||||
"received EAPOL-Key with invalid MIC");
|
"received EAPOL-Key with invalid MIC");
|
||||||
#ifdef TEST_FUZZ
|
#ifdef TEST_FUZZ
|
||||||
wpa_printf(MSG_INFO,
|
wpa_printf(MSG_INFO,
|
||||||
|
@ -1360,7 +1386,8 @@ continue_processing:
|
||||||
if (!mic_len &&
|
if (!mic_len &&
|
||||||
wpa_aead_decrypt(sm, &sm->PTK, data, data_len,
|
wpa_aead_decrypt(sm, &sm->PTK, data, data_len,
|
||||||
&key_data_length) < 0) {
|
&key_data_length) < 0) {
|
||||||
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
|
wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
|
||||||
|
LOGGER_INFO,
|
||||||
"received EAPOL-Key with invalid MIC");
|
"received EAPOL-Key with invalid MIC");
|
||||||
#ifdef TEST_FUZZ
|
#ifdef TEST_FUZZ
|
||||||
wpa_printf(MSG_INFO,
|
wpa_printf(MSG_INFO,
|
||||||
|
@ -1384,7 +1411,8 @@ continue_processing:
|
||||||
os_memcpy(sm->req_replay_counter, key->replay_counter,
|
os_memcpy(sm->req_replay_counter, key->replay_counter,
|
||||||
WPA_REPLAY_COUNTER_LEN);
|
WPA_REPLAY_COUNTER_LEN);
|
||||||
} else {
|
} else {
|
||||||
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
|
wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
|
||||||
|
LOGGER_INFO,
|
||||||
"received EAPOL-Key request with invalid MIC");
|
"received EAPOL-Key request with invalid MIC");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -1400,7 +1428,8 @@ continue_processing:
|
||||||
!(key_info & WPA_KEY_INFO_KEY_TYPE)) > 0)
|
!(key_info & WPA_KEY_INFO_KEY_TYPE)) > 0)
|
||||||
return; /* STA entry was removed */
|
return; /* STA entry was removed */
|
||||||
} else if (key_info & WPA_KEY_INFO_KEY_TYPE) {
|
} else if (key_info & WPA_KEY_INFO_KEY_TYPE) {
|
||||||
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
|
wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
|
||||||
|
LOGGER_INFO,
|
||||||
"received EAPOL-Key Request for new 4-Way Handshake");
|
"received EAPOL-Key Request for new 4-Way Handshake");
|
||||||
wpa_request_new_ptk(sm);
|
wpa_request_new_ptk(sm);
|
||||||
} else if (key_data_length > 0 &&
|
} else if (key_data_length > 0 &&
|
||||||
|
@ -1408,7 +1437,8 @@ continue_processing:
|
||||||
&kde) == 0 &&
|
&kde) == 0 &&
|
||||||
kde.mac_addr) {
|
kde.mac_addr) {
|
||||||
} else {
|
} else {
|
||||||
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
|
wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
|
||||||
|
LOGGER_INFO,
|
||||||
"received EAPOL-Key Request for GTK rekeying");
|
"received EAPOL-Key Request for GTK rekeying");
|
||||||
eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
|
eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
|
||||||
if (wpa_auth_gtk_rekey_in_process(wpa_auth))
|
if (wpa_auth_gtk_rekey_in_process(wpa_auth))
|
||||||
|
@ -1519,7 +1549,8 @@ static void wpa_send_eapol_timeout(void *eloop_ctx, void *timeout_ctx)
|
||||||
}
|
}
|
||||||
|
|
||||||
sm->pending_1_of_4_timeout = 0;
|
sm->pending_1_of_4_timeout = 0;
|
||||||
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, "EAPOL-Key timeout");
|
wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
|
||||||
|
"EAPOL-Key timeout");
|
||||||
sm->TimeoutEvt = true;
|
sm->TimeoutEvt = true;
|
||||||
wpa_sm_step(sm);
|
wpa_sm_step(sm);
|
||||||
}
|
}
|
||||||
|
@ -1711,7 +1742,8 @@ void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
|
||||||
|
|
||||||
if (key_info & WPA_KEY_INFO_MIC) {
|
if (key_info & WPA_KEY_INFO_MIC) {
|
||||||
if (!sm->PTK_valid || !mic_len) {
|
if (!sm->PTK_valid || !mic_len) {
|
||||||
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
|
wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
|
||||||
|
LOGGER_DEBUG,
|
||||||
"PTK not valid when sending EAPOL-Key frame");
|
"PTK not valid when sending EAPOL-Key frame");
|
||||||
os_free(hdr);
|
os_free(hdr);
|
||||||
return;
|
return;
|
||||||
|
@ -1727,7 +1759,8 @@ void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
|
||||||
if (!pairwise &&
|
if (!pairwise &&
|
||||||
conf->corrupt_gtk_rekey_mic_probability > 0.0 &&
|
conf->corrupt_gtk_rekey_mic_probability > 0.0 &&
|
||||||
drand48() < conf->corrupt_gtk_rekey_mic_probability) {
|
drand48() < conf->corrupt_gtk_rekey_mic_probability) {
|
||||||
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
|
wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
|
||||||
|
LOGGER_INFO,
|
||||||
"Corrupting group EAPOL-Key Key MIC");
|
"Corrupting group EAPOL-Key Key MIC");
|
||||||
key_mic[0]++;
|
key_mic[0]++;
|
||||||
}
|
}
|
||||||
|
@ -1852,7 +1885,7 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
|
||||||
if (!sm)
|
if (!sm)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
|
wpa_auth_vlogger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
|
||||||
"event %d notification", event);
|
"event %d notification", event);
|
||||||
|
|
||||||
switch (event) {
|
switch (event) {
|
||||||
|
@ -1912,7 +1945,7 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
|
||||||
sm->wpa_auth->conf.wpa_deny_ptk0_rekey) {
|
sm->wpa_auth->conf.wpa_deny_ptk0_rekey) {
|
||||||
wpa_printf(MSG_INFO,
|
wpa_printf(MSG_INFO,
|
||||||
"WPA: PTK0 rekey not allowed, disconnect "
|
"WPA: PTK0 rekey not allowed, disconnect "
|
||||||
MACSTR, MAC2STR(sm->addr));
|
MACSTR, MAC2STR(wpa_auth_get_spa(sm)));
|
||||||
sm->Disconnect = true;
|
sm->Disconnect = true;
|
||||||
/* Try to encourage the STA to reconnect */
|
/* Try to encourage the STA to reconnect */
|
||||||
sm->disconnect_reason =
|
sm->disconnect_reason =
|
||||||
|
@ -2159,7 +2192,8 @@ SM_STATE(WPA_PTK, INITPMK)
|
||||||
sm->disconnect_reason = WLAN_REASON_INVALID_PMKID;
|
sm->disconnect_reason = WLAN_REASON_INVALID_PMKID;
|
||||||
return;
|
return;
|
||||||
#endif /* CONFIG_DPP */
|
#endif /* CONFIG_DPP */
|
||||||
} else if (wpa_auth_get_msk(sm->wpa_auth, sm->addr, msk, &len) == 0) {
|
} else if (wpa_auth_get_msk(sm->wpa_auth, wpa_auth_get_spa(sm),
|
||||||
|
msk, &len) == 0) {
|
||||||
unsigned int pmk_len;
|
unsigned int pmk_len;
|
||||||
|
|
||||||
if (wpa_key_mgmt_sha384(sm->wpa_key_mgmt))
|
if (wpa_key_mgmt_sha384(sm->wpa_key_mgmt))
|
||||||
|
@ -2267,7 +2301,7 @@ SM_STATE(WPA_PTK, PTKSTART)
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
|
wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
|
||||||
"sending 1/4 msg of 4-Way Handshake");
|
"sending 1/4 msg of 4-Way Handshake");
|
||||||
/*
|
/*
|
||||||
* For infrastructure BSS cases, it is better for the AP not to include
|
* For infrastructure BSS cases, it is better for the AP not to include
|
||||||
|
@ -2346,8 +2380,10 @@ SM_STATE(WPA_PTK, PTKSTART)
|
||||||
* Calculate PMKID since no PMKSA cache entry was
|
* Calculate PMKID since no PMKSA cache entry was
|
||||||
* available with pre-calculated PMKID.
|
* available with pre-calculated PMKID.
|
||||||
*/
|
*/
|
||||||
rsn_pmkid(sm->PMK, sm->pmk_len, sm->wpa_auth->addr,
|
rsn_pmkid(sm->PMK, sm->pmk_len,
|
||||||
sm->addr, &pmkid[2 + RSN_SELECTOR_LEN],
|
wpa_auth_get_aa(sm),
|
||||||
|
wpa_auth_get_spa(sm),
|
||||||
|
&pmkid[2 + RSN_SELECTOR_LEN],
|
||||||
sm->wpa_key_mgmt);
|
sm->wpa_key_mgmt);
|
||||||
wpa_hexdump(MSG_DEBUG,
|
wpa_hexdump(MSG_DEBUG,
|
||||||
"RSN: Message 1/4 PMKID derived from PMK",
|
"RSN: Message 1/4 PMKID derived from PMK",
|
||||||
|
@ -2389,7 +2425,8 @@ static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce,
|
||||||
|
|
||||||
ret = wpa_pmk_r1_to_ptk(sm->pmk_r1, sm->pmk_r1_len,
|
ret = wpa_pmk_r1_to_ptk(sm->pmk_r1, sm->pmk_r1_len,
|
||||||
sm->SNonce, sm->ANonce,
|
sm->SNonce, sm->ANonce,
|
||||||
sm->addr, sm->wpa_auth->addr,
|
wpa_auth_get_spa(sm),
|
||||||
|
wpa_auth_get_aa(sm),
|
||||||
sm->pmk_r1_name, ptk,
|
sm->pmk_r1_name, ptk,
|
||||||
ptk_name, sm->wpa_key_mgmt,
|
ptk_name, sm->wpa_key_mgmt,
|
||||||
sm->pairwise, kdk_len);
|
sm->pairwise, kdk_len);
|
||||||
|
@ -2430,9 +2467,9 @@ static int wpa_derive_ptk(struct wpa_state_machine *sm, const u8 *snonce,
|
||||||
if (force_sha256)
|
if (force_sha256)
|
||||||
akmp |= WPA_KEY_MGMT_PSK_SHA256;
|
akmp |= WPA_KEY_MGMT_PSK_SHA256;
|
||||||
ret = wpa_pmk_to_ptk(pmk, pmk_len, "Pairwise key expansion",
|
ret = wpa_pmk_to_ptk(pmk, pmk_len, "Pairwise key expansion",
|
||||||
sm->wpa_auth->addr, sm->addr, sm->ANonce,
|
wpa_auth_get_aa(sm), wpa_auth_get_spa(sm),
|
||||||
snonce, ptk, akmp, sm->pairwise, z, z_len,
|
sm->ANonce, snonce, ptk, akmp,
|
||||||
kdk_len);
|
sm->pairwise, z, z_len, kdk_len);
|
||||||
if (ret) {
|
if (ret) {
|
||||||
wpa_printf(MSG_DEBUG,
|
wpa_printf(MSG_DEBUG,
|
||||||
"WPA: PTK derivation failed");
|
"WPA: PTK derivation failed");
|
||||||
|
@ -2473,7 +2510,8 @@ int fils_auth_pmk_to_ptk(struct wpa_state_machine *sm, const u8 *pmk,
|
||||||
else
|
else
|
||||||
kdk_len = 0;
|
kdk_len = 0;
|
||||||
|
|
||||||
res = fils_pmk_to_ptk(pmk, pmk_len, sm->addr, sm->wpa_auth->addr,
|
res = fils_pmk_to_ptk(pmk, pmk_len, wpa_auth_get_spa(sm),
|
||||||
|
wpa_auth_get_aa(sm),
|
||||||
snonce, anonce, dhss, dhss_len,
|
snonce, anonce, dhss, dhss_len,
|
||||||
&sm->PTK, ick, &ick_len,
|
&sm->PTK, ick, &ick_len,
|
||||||
sm->wpa_key_mgmt, sm->pairwise,
|
sm->wpa_key_mgmt, sm->pairwise,
|
||||||
|
@ -2507,7 +2545,7 @@ int fils_auth_pmk_to_ptk(struct wpa_state_machine *sm, const u8 *pmk,
|
||||||
conf->mobility_domain,
|
conf->mobility_domain,
|
||||||
conf->r0_key_holder,
|
conf->r0_key_holder,
|
||||||
conf->r0_key_holder_len,
|
conf->r0_key_holder_len,
|
||||||
sm->addr, pmk_r0, pmk_r0_name,
|
wpa_auth_get_spa(sm), pmk_r0, pmk_r0_name,
|
||||||
sm->wpa_key_mgmt) < 0)
|
sm->wpa_key_mgmt) < 0)
|
||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
|
@ -2515,7 +2553,8 @@ int fils_auth_pmk_to_ptk(struct wpa_state_machine *sm, const u8 *pmk,
|
||||||
forced_memzero(fils_ft, sizeof(fils_ft));
|
forced_memzero(fils_ft, sizeof(fils_ft));
|
||||||
|
|
||||||
res = wpa_derive_pmk_r1_name(pmk_r0_name, conf->r1_key_holder,
|
res = wpa_derive_pmk_r1_name(pmk_r0_name, conf->r1_key_holder,
|
||||||
sm->addr, sm->pmk_r1_name,
|
wpa_auth_get_spa(sm),
|
||||||
|
sm->pmk_r1_name,
|
||||||
fils_ft_len);
|
fils_ft_len);
|
||||||
forced_memzero(pmk_r0, PMK_LEN_MAX);
|
forced_memzero(pmk_r0, PMK_LEN_MAX);
|
||||||
if (res < 0)
|
if (res < 0)
|
||||||
|
@ -2527,7 +2566,8 @@ int fils_auth_pmk_to_ptk(struct wpa_state_machine *sm, const u8 *pmk,
|
||||||
#endif /* CONFIG_IEEE80211R_AP */
|
#endif /* CONFIG_IEEE80211R_AP */
|
||||||
|
|
||||||
res = fils_key_auth_sk(ick, ick_len, snonce, anonce,
|
res = fils_key_auth_sk(ick, ick_len, snonce, anonce,
|
||||||
sm->addr, sm->wpa_auth->addr,
|
wpa_auth_get_spa(sm),
|
||||||
|
wpa_auth_get_aa(sm),
|
||||||
g_sta ? wpabuf_head(g_sta) : NULL,
|
g_sta ? wpabuf_head(g_sta) : NULL,
|
||||||
g_sta ? wpabuf_len(g_sta) : 0,
|
g_sta ? wpabuf_len(g_sta) : 0,
|
||||||
g_ap ? wpabuf_head(g_ap) : NULL,
|
g_ap ? wpabuf_head(g_ap) : NULL,
|
||||||
|
@ -2562,7 +2602,7 @@ static int wpa_aead_decrypt(struct wpa_state_machine *sm, struct wpa_ptk *ptk,
|
||||||
key_data_len = WPA_GET_BE16(pos);
|
key_data_len = WPA_GET_BE16(pos);
|
||||||
if (key_data_len < AES_BLOCK_SIZE ||
|
if (key_data_len < AES_BLOCK_SIZE ||
|
||||||
key_data_len > buf_len - sizeof(*hdr) - sizeof(*key) - 2) {
|
key_data_len > buf_len - sizeof(*hdr) - sizeof(*key) - 2) {
|
||||||
wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
|
wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
|
||||||
"No room for AES-SIV data in the frame");
|
"No room for AES-SIV data in the frame");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
@ -2578,7 +2618,7 @@ static int wpa_aead_decrypt(struct wpa_state_machine *sm, struct wpa_ptk *ptk,
|
||||||
aad_len[0] = pos - buf;
|
aad_len[0] = pos - buf;
|
||||||
if (aes_siv_decrypt(ptk->kek, ptk->kek_len, pos, key_data_len,
|
if (aes_siv_decrypt(ptk->kek, ptk->kek_len, pos, key_data_len,
|
||||||
1, aad, aad_len, tmp) < 0) {
|
1, aad, aad_len, tmp) < 0) {
|
||||||
wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_INFO,
|
wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
|
||||||
"Invalid AES-SIV data in the frame");
|
"Invalid AES-SIV data in the frame");
|
||||||
bin_clear_free(tmp, key_data_len);
|
bin_clear_free(tmp, key_data_len);
|
||||||
return -1;
|
return -1;
|
||||||
|
@ -3176,7 +3216,8 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!ok) {
|
if (!ok) {
|
||||||
wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
|
wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm),
|
||||||
|
LOGGER_DEBUG,
|
||||||
"invalid MIC in msg 2/4 of 4-Way Handshake");
|
"invalid MIC in msg 2/4 of 4-Way Handshake");
|
||||||
if (psk_found)
|
if (psk_found)
|
||||||
wpa_auth_psk_failure_report(sm->wpa_auth, sm->addr);
|
wpa_auth_psk_failure_report(sm->wpa_auth, sm->addr);
|
||||||
|
@ -3197,7 +3238,7 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
if (wpa_parse_kde_ies(key_data, key_data_length, &kde) < 0) {
|
if (wpa_parse_kde_ies(key_data, key_data_length, &kde) < 0) {
|
||||||
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
|
wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
|
||||||
"received EAPOL-Key msg 2/4 with invalid Key Data contents");
|
"received EAPOL-Key msg 2/4 with invalid Key Data contents");
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
@ -3215,7 +3256,7 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
|
||||||
if (!sm->wpa_ie ||
|
if (!sm->wpa_ie ||
|
||||||
wpa_compare_rsn_ie(ft, sm->wpa_ie, sm->wpa_ie_len,
|
wpa_compare_rsn_ie(ft, sm->wpa_ie, sm->wpa_ie_len,
|
||||||
eapol_key_ie, eapol_key_ie_len)) {
|
eapol_key_ie, eapol_key_ie_len)) {
|
||||||
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
|
wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
|
||||||
"WPA IE from (Re)AssocReq did not match with msg 2/4");
|
"WPA IE from (Re)AssocReq did not match with msg 2/4");
|
||||||
if (sm->wpa_ie) {
|
if (sm->wpa_ie) {
|
||||||
wpa_hexdump(MSG_DEBUG, "WPA IE in AssocReq",
|
wpa_hexdump(MSG_DEBUG, "WPA IE in AssocReq",
|
||||||
|
@ -3233,7 +3274,7 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
|
||||||
(sm->rsnxe && kde.rsnxe &&
|
(sm->rsnxe && kde.rsnxe &&
|
||||||
(sm->rsnxe_len != kde.rsnxe_len ||
|
(sm->rsnxe_len != kde.rsnxe_len ||
|
||||||
os_memcmp(sm->rsnxe, kde.rsnxe, sm->rsnxe_len) != 0))) {
|
os_memcmp(sm->rsnxe, kde.rsnxe, sm->rsnxe_len) != 0))) {
|
||||||
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
|
wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
|
||||||
"RSNXE from (Re)AssocReq did not match the one in EAPOL-Key msg 2/4");
|
"RSNXE from (Re)AssocReq did not match the one in EAPOL-Key msg 2/4");
|
||||||
wpa_hexdump(MSG_DEBUG, "RSNXE in AssocReq",
|
wpa_hexdump(MSG_DEBUG, "RSNXE in AssocReq",
|
||||||
sm->rsnxe, sm->rsnxe_len);
|
sm->rsnxe, sm->rsnxe_len);
|
||||||
|
@ -3252,7 +3293,8 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
|
||||||
enum oci_verify_result res;
|
enum oci_verify_result res;
|
||||||
|
|
||||||
if (wpa_channel_info(wpa_auth, &ci) != 0) {
|
if (wpa_channel_info(wpa_auth, &ci) != 0) {
|
||||||
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
|
wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
|
||||||
|
LOGGER_INFO,
|
||||||
"Failed to get channel info to validate received OCI in EAPOL-Key 2/4");
|
"Failed to get channel info to validate received OCI in EAPOL-Key 2/4");
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
@ -3267,17 +3309,20 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
|
||||||
tx_chanwidth, tx_seg1_idx);
|
tx_chanwidth, tx_seg1_idx);
|
||||||
if (wpa_auth_uses_ocv(sm) == 2 && res == OCI_NOT_FOUND) {
|
if (wpa_auth_uses_ocv(sm) == 2 && res == OCI_NOT_FOUND) {
|
||||||
/* Work around misbehaving STAs */
|
/* Work around misbehaving STAs */
|
||||||
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
|
wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm),
|
||||||
|
LOGGER_INFO,
|
||||||
"Disable OCV with a STA that does not send OCI");
|
"Disable OCV with a STA that does not send OCI");
|
||||||
wpa_auth_set_ocv(sm, 0);
|
wpa_auth_set_ocv(sm, 0);
|
||||||
} else if (res != OCI_SUCCESS) {
|
} else if (res != OCI_SUCCESS) {
|
||||||
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
|
wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm),
|
||||||
|
LOGGER_INFO,
|
||||||
"OCV failed: %s", ocv_errorstr);
|
"OCV failed: %s", ocv_errorstr);
|
||||||
if (wpa_auth->conf.msg_ctx)
|
if (wpa_auth->conf.msg_ctx)
|
||||||
wpa_msg(wpa_auth->conf.msg_ctx, MSG_INFO,
|
wpa_msg(wpa_auth->conf.msg_ctx, MSG_INFO,
|
||||||
OCV_FAILURE "addr=" MACSTR
|
OCV_FAILURE "addr=" MACSTR
|
||||||
" frame=eapol-key-m2 error=%s",
|
" frame=eapol-key-m2 error=%s",
|
||||||
MAC2STR(sm->addr), ocv_errorstr);
|
MAC2STR(wpa_auth_get_spa(sm)),
|
||||||
|
ocv_errorstr);
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -3306,7 +3351,8 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
|
||||||
MACSTR " (bit %u)",
|
MACSTR " (bit %u)",
|
||||||
sm->ip_addr[0], sm->ip_addr[1],
|
sm->ip_addr[0], sm->ip_addr[1],
|
||||||
sm->ip_addr[2], sm->ip_addr[3],
|
sm->ip_addr[2], sm->ip_addr[3],
|
||||||
MAC2STR(sm->addr), sm->ip_addr_bit);
|
MAC2STR(wpa_auth_get_spa(sm)),
|
||||||
|
sm->ip_addr_bit);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif /* CONFIG_P2P */
|
#endif /* CONFIG_P2P */
|
||||||
|
@ -3337,7 +3383,8 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
|
||||||
*/
|
*/
|
||||||
if (os_memcmp_const(sm->sup_pmk_r1_name, sm->pmk_r1_name,
|
if (os_memcmp_const(sm->sup_pmk_r1_name, sm->pmk_r1_name,
|
||||||
WPA_PMK_NAME_LEN) != 0) {
|
WPA_PMK_NAME_LEN) != 0) {
|
||||||
wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
|
wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm),
|
||||||
|
LOGGER_DEBUG,
|
||||||
"PMKR1Name mismatch in FT 4-way handshake");
|
"PMKR1Name mismatch in FT 4-way handshake");
|
||||||
wpa_hexdump(MSG_DEBUG,
|
wpa_hexdump(MSG_DEBUG,
|
||||||
"FT: PMKR1Name from Supplicant",
|
"FT: PMKR1Name from Supplicant",
|
||||||
|
@ -3606,7 +3653,7 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
|
||||||
wpa_ie = wpa_ie_buf;
|
wpa_ie = wpa_ie_buf;
|
||||||
}
|
}
|
||||||
#endif /* CONFIG_TESTING_OPTIONS */
|
#endif /* CONFIG_TESTING_OPTIONS */
|
||||||
wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
|
wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
|
||||||
"sending 3/4 msg of 4-Way Handshake");
|
"sending 3/4 msg of 4-Way Handshake");
|
||||||
if (sm->wpa == WPA_VERSION_WPA2) {
|
if (sm->wpa == WPA_VERSION_WPA2) {
|
||||||
if (sm->use_ext_key_id && sm->TimeoutCtr == 1 &&
|
if (sm->use_ext_key_id && sm->TimeoutCtr == 1 &&
|
||||||
|
@ -3668,7 +3715,8 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
|
||||||
* by setting the Secure bit here even in the case of
|
* by setting the Secure bit here even in the case of
|
||||||
* WPA if the supplicant used it first.
|
* WPA if the supplicant used it first.
|
||||||
*/
|
*/
|
||||||
wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
|
wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm),
|
||||||
|
LOGGER_DEBUG,
|
||||||
"STA used Secure bit in WPA msg 2/4 - set Secure for 3/4 as workaround");
|
"STA used Secure bit in WPA msg 2/4 - set Secure for 3/4 as workaround");
|
||||||
secure = 1;
|
secure = 1;
|
||||||
}
|
}
|
||||||
|
@ -3894,14 +3942,14 @@ SM_STATE(WPA_PTK, PTKINITDONE)
|
||||||
sm->PInitAKeys = true;
|
sm->PInitAKeys = true;
|
||||||
else
|
else
|
||||||
sm->has_GTK = true;
|
sm->has_GTK = true;
|
||||||
wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
|
wpa_auth_vlogger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
|
||||||
"pairwise key handshake completed (%s)",
|
"pairwise key handshake completed (%s)",
|
||||||
sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
|
sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
|
||||||
wpa_msg(sm->wpa_auth->conf.msg_ctx, MSG_INFO, "EAPOL-4WAY-HS-COMPLETED "
|
wpa_msg(sm->wpa_auth->conf.msg_ctx, MSG_INFO, "EAPOL-4WAY-HS-COMPLETED "
|
||||||
MACSTR, MAC2STR(sm->addr));
|
MACSTR, MAC2STR(sm->addr));
|
||||||
|
|
||||||
#ifdef CONFIG_IEEE80211R_AP
|
#ifdef CONFIG_IEEE80211R_AP
|
||||||
wpa_ft_push_pmk_r1(sm->wpa_auth, sm->addr);
|
wpa_ft_push_pmk_r1(sm->wpa_auth, wpa_auth_get_spa(sm));
|
||||||
#endif /* CONFIG_IEEE80211R_AP */
|
#endif /* CONFIG_IEEE80211R_AP */
|
||||||
|
|
||||||
sm->ptkstart_without_success = 0;
|
sm->ptkstart_without_success = 0;
|
||||||
|
@ -3917,7 +3965,7 @@ SM_STEP(WPA_PTK)
|
||||||
SM_ENTER(WPA_PTK, INITIALIZE);
|
SM_ENTER(WPA_PTK, INITIALIZE);
|
||||||
else if (sm->Disconnect
|
else if (sm->Disconnect
|
||||||
/* || FIX: dot11RSNAConfigSALifetime timeout */) {
|
/* || FIX: dot11RSNAConfigSALifetime timeout */) {
|
||||||
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
|
wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
|
||||||
"WPA_PTK: sm->Disconnect");
|
"WPA_PTK: sm->Disconnect");
|
||||||
SM_ENTER(WPA_PTK, DISCONNECT);
|
SM_ENTER(WPA_PTK, DISCONNECT);
|
||||||
}
|
}
|
||||||
|
@ -3966,7 +4014,8 @@ SM_STEP(WPA_PTK)
|
||||||
#endif /* CONFIG_DPP */
|
#endif /* CONFIG_DPP */
|
||||||
} else {
|
} else {
|
||||||
wpa_auth->dot11RSNA4WayHandshakeFailures++;
|
wpa_auth->dot11RSNA4WayHandshakeFailures++;
|
||||||
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
|
wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
|
||||||
|
LOGGER_INFO,
|
||||||
"INITPMK - keyAvailable = false");
|
"INITPMK - keyAvailable = false");
|
||||||
SM_ENTER(WPA_PTK, DISCONNECT);
|
SM_ENTER(WPA_PTK, DISCONNECT);
|
||||||
}
|
}
|
||||||
|
@ -3985,7 +4034,8 @@ SM_STEP(WPA_PTK)
|
||||||
"INITPSK: No PSK yet available for STA - use RADIUS later");
|
"INITPSK: No PSK yet available for STA - use RADIUS later");
|
||||||
SM_ENTER(WPA_PTK, PTKSTART);
|
SM_ENTER(WPA_PTK, PTKSTART);
|
||||||
} else {
|
} else {
|
||||||
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
|
wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
|
||||||
|
LOGGER_INFO,
|
||||||
"no PSK configured for the STA");
|
"no PSK configured for the STA");
|
||||||
wpa_auth->dot11RSNA4WayHandshakeFailures++;
|
wpa_auth->dot11RSNA4WayHandshakeFailures++;
|
||||||
SM_ENTER(WPA_PTK, DISCONNECT);
|
SM_ENTER(WPA_PTK, DISCONNECT);
|
||||||
|
@ -3997,7 +4047,8 @@ SM_STEP(WPA_PTK)
|
||||||
SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
|
SM_ENTER(WPA_PTK, PTKCALCNEGOTIATING);
|
||||||
else if (sm->TimeoutCtr > conf->wpa_pairwise_update_count) {
|
else if (sm->TimeoutCtr > conf->wpa_pairwise_update_count) {
|
||||||
wpa_auth->dot11RSNA4WayHandshakeFailures++;
|
wpa_auth->dot11RSNA4WayHandshakeFailures++;
|
||||||
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
|
wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm),
|
||||||
|
LOGGER_DEBUG,
|
||||||
"PTKSTART: Retry limit %u reached",
|
"PTKSTART: Retry limit %u reached",
|
||||||
conf->wpa_pairwise_update_count);
|
conf->wpa_pairwise_update_count);
|
||||||
sm->disconnect_reason =
|
sm->disconnect_reason =
|
||||||
|
@ -4029,7 +4080,8 @@ SM_STEP(WPA_PTK)
|
||||||
(conf->wpa_disable_eapol_key_retries &&
|
(conf->wpa_disable_eapol_key_retries &&
|
||||||
sm->TimeoutCtr > 1)) {
|
sm->TimeoutCtr > 1)) {
|
||||||
wpa_auth->dot11RSNA4WayHandshakeFailures++;
|
wpa_auth->dot11RSNA4WayHandshakeFailures++;
|
||||||
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
|
wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm),
|
||||||
|
LOGGER_DEBUG,
|
||||||
"PTKINITNEGOTIATING: Retry limit %u reached",
|
"PTKINITNEGOTIATING: Retry limit %u reached",
|
||||||
conf->wpa_pairwise_update_count);
|
conf->wpa_pairwise_update_count);
|
||||||
sm->disconnect_reason =
|
sm->disconnect_reason =
|
||||||
|
@ -4086,7 +4138,7 @@ SM_STATE(WPA_PTK_GROUP, REKEYNEGOTIATING)
|
||||||
os_memset(rsc, 0, WPA_KEY_RSC_LEN);
|
os_memset(rsc, 0, WPA_KEY_RSC_LEN);
|
||||||
if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE)
|
if (gsm->wpa_group_state == WPA_GROUP_SETKEYSDONE)
|
||||||
wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
|
wpa_auth_get_seqnum(sm->wpa_auth, NULL, gsm->GN, rsc);
|
||||||
wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
|
wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
|
||||||
"sending 1/2 msg of Group Key Handshake");
|
"sending 1/2 msg of Group Key Handshake");
|
||||||
|
|
||||||
gtk = gsm->GTK[gsm->GN - 1];
|
gtk = gsm->GTK[gsm->GN - 1];
|
||||||
|
@ -4167,7 +4219,7 @@ SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
if (wpa_parse_kde_ies(key_data, key_data_length, &kde) < 0) {
|
if (wpa_parse_kde_ies(key_data, key_data_length, &kde) < 0) {
|
||||||
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
|
wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
|
||||||
"received EAPOL-Key group msg 2/2 with invalid Key Data contents");
|
"received EAPOL-Key group msg 2/2 with invalid Key Data contents");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -4178,7 +4230,8 @@ SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
|
||||||
int tx_seg1_idx;
|
int tx_seg1_idx;
|
||||||
|
|
||||||
if (wpa_channel_info(wpa_auth, &ci) != 0) {
|
if (wpa_channel_info(wpa_auth, &ci) != 0) {
|
||||||
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
|
wpa_auth_logger(wpa_auth, wpa_auth_get_spa(sm),
|
||||||
|
LOGGER_INFO,
|
||||||
"Failed to get channel info to validate received OCI in EAPOL-Key group 2/2");
|
"Failed to get channel info to validate received OCI in EAPOL-Key group 2/2");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -4192,13 +4245,15 @@ SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
|
||||||
if (ocv_verify_tx_params(kde.oci, kde.oci_len, &ci,
|
if (ocv_verify_tx_params(kde.oci, kde.oci_len, &ci,
|
||||||
tx_chanwidth, tx_seg1_idx) !=
|
tx_chanwidth, tx_seg1_idx) !=
|
||||||
OCI_SUCCESS) {
|
OCI_SUCCESS) {
|
||||||
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
|
wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm),
|
||||||
|
LOGGER_INFO,
|
||||||
"OCV failed: %s", ocv_errorstr);
|
"OCV failed: %s", ocv_errorstr);
|
||||||
if (wpa_auth->conf.msg_ctx)
|
if (wpa_auth->conf.msg_ctx)
|
||||||
wpa_msg(wpa_auth->conf.msg_ctx, MSG_INFO,
|
wpa_msg(wpa_auth->conf.msg_ctx, MSG_INFO,
|
||||||
OCV_FAILURE "addr=" MACSTR
|
OCV_FAILURE "addr=" MACSTR
|
||||||
" frame=eapol-key-g2 error=%s",
|
" frame=eapol-key-g2 error=%s",
|
||||||
MAC2STR(sm->addr), ocv_errorstr);
|
MAC2STR(wpa_auth_get_spa(sm)),
|
||||||
|
ocv_errorstr);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -4209,7 +4264,7 @@ SM_STATE(WPA_PTK_GROUP, REKEYESTABLISHED)
|
||||||
sm->GUpdateStationKeys = false;
|
sm->GUpdateStationKeys = false;
|
||||||
sm->GTimeoutCtr = 0;
|
sm->GTimeoutCtr = 0;
|
||||||
/* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */
|
/* FIX: MLME.SetProtection.Request(TA, Tx_Rx) */
|
||||||
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
|
wpa_auth_vlogger(wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
|
||||||
"group key handshake completed (%s)",
|
"group key handshake completed (%s)",
|
||||||
sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
|
sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN");
|
||||||
sm->has_GTK = true;
|
sm->has_GTK = true;
|
||||||
|
@ -4224,7 +4279,7 @@ SM_STATE(WPA_PTK_GROUP, KEYERROR)
|
||||||
sm->GUpdateStationKeys = false;
|
sm->GUpdateStationKeys = false;
|
||||||
sm->Disconnect = true;
|
sm->Disconnect = true;
|
||||||
sm->disconnect_reason = WLAN_REASON_GROUP_KEY_UPDATE_TIMEOUT;
|
sm->disconnect_reason = WLAN_REASON_GROUP_KEY_UPDATE_TIMEOUT;
|
||||||
wpa_auth_vlogger(sm->wpa_auth, sm->addr, LOGGER_INFO,
|
wpa_auth_vlogger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_INFO,
|
||||||
"group key handshake failed (%s) after %u tries",
|
"group key handshake failed (%s) after %u tries",
|
||||||
sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN",
|
sm->wpa == WPA_VERSION_WPA ? "WPA" : "RSN",
|
||||||
sm->wpa_auth->conf.wpa_group_update_count);
|
sm->wpa_auth->conf.wpa_group_update_count);
|
||||||
|
@ -4337,7 +4392,8 @@ static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
|
if (sm->wpa_ptk_state != WPA_PTK_PTKINITDONE) {
|
||||||
wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
|
wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm),
|
||||||
|
LOGGER_DEBUG,
|
||||||
"Not in PTKINITDONE; skip Group Key update");
|
"Not in PTKINITDONE; skip Group Key update");
|
||||||
sm->GUpdateStationKeys = false;
|
sm->GUpdateStationKeys = false;
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -4348,7 +4404,8 @@ static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
|
||||||
* Since we clear the GKeyDoneStations before the loop, the
|
* Since we clear the GKeyDoneStations before the loop, the
|
||||||
* station needs to be counted here anyway.
|
* station needs to be counted here anyway.
|
||||||
*/
|
*/
|
||||||
wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
|
wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm),
|
||||||
|
LOGGER_DEBUG,
|
||||||
"GUpdateStationKeys was already set when marking station for GTK rekeying");
|
"GUpdateStationKeys was already set when marking station for GTK rekeying");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -4582,7 +4639,7 @@ static int wpa_group_disconnect_cb(struct wpa_state_machine *sm, void *ctx)
|
||||||
if (sm->group == ctx) {
|
if (sm->group == ctx) {
|
||||||
wpa_printf(MSG_DEBUG, "WPA: Mark STA " MACSTR
|
wpa_printf(MSG_DEBUG, "WPA: Mark STA " MACSTR
|
||||||
" for disconnection due to fatal failure",
|
" for disconnection due to fatal failure",
|
||||||
MAC2STR(sm->addr));
|
MAC2STR(wpa_auth_get_spa(sm)));
|
||||||
sm->Disconnect = true;
|
sm->Disconnect = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -4675,7 +4732,7 @@ static int wpa_sm_step(struct wpa_state_machine *sm)
|
||||||
if (sm->pending_deinit) {
|
if (sm->pending_deinit) {
|
||||||
wpa_printf(MSG_DEBUG,
|
wpa_printf(MSG_DEBUG,
|
||||||
"WPA: Completing pending STA state machine deinit for "
|
"WPA: Completing pending STA state machine deinit for "
|
||||||
MACSTR, MAC2STR(sm->addr));
|
MACSTR, MAC2STR(wpa_auth_get_spa(sm)));
|
||||||
wpa_free_sta_sm(sm);
|
wpa_free_sta_sm(sm);
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
@ -5011,7 +5068,8 @@ int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
|
||||||
wpa_hexdump_key(MSG_DEBUG, "RSN: Cache PMK", pmk, pmk_len);
|
wpa_hexdump_key(MSG_DEBUG, "RSN: Cache PMK", pmk, pmk_len);
|
||||||
if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, pmk_len, NULL,
|
if (pmksa_cache_auth_add(sm->wpa_auth->pmksa, pmk, pmk_len, NULL,
|
||||||
sm->PTK.kck, sm->PTK.kck_len,
|
sm->PTK.kck, sm->PTK.kck_len,
|
||||||
sm->wpa_auth->addr, sm->addr, session_timeout,
|
wpa_auth_get_aa(sm),
|
||||||
|
wpa_auth_get_spa(sm), session_timeout,
|
||||||
eapol, sm->wpa_key_mgmt))
|
eapol, sm->wpa_key_mgmt))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
@ -5421,7 +5479,7 @@ int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id)
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR
|
wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR
|
||||||
" to use group state machine for VLAN ID %d",
|
" to use group state machine for VLAN ID %d",
|
||||||
MAC2STR(sm->addr), vlan_id);
|
MAC2STR(wpa_auth_get_spa(sm)), vlan_id);
|
||||||
|
|
||||||
wpa_group_get(sm->wpa_auth, group);
|
wpa_group_get(sm->wpa_auth, group);
|
||||||
wpa_group_put(sm->wpa_auth, sm->group);
|
wpa_group_put(sm->wpa_auth, sm->group);
|
||||||
|
@ -5437,7 +5495,7 @@ void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth,
|
||||||
if (!wpa_auth || !sm)
|
if (!wpa_auth || !sm)
|
||||||
return;
|
return;
|
||||||
wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key TX status for STA " MACSTR
|
wpa_printf(MSG_DEBUG, "WPA: EAPOL-Key TX status for STA " MACSTR
|
||||||
" ack=%d", MAC2STR(sm->addr), ack);
|
" ack=%d", MAC2STR(wpa_auth_get_spa(sm)), ack);
|
||||||
if (sm->pending_1_of_4_timeout && ack) {
|
if (sm->pending_1_of_4_timeout && ack) {
|
||||||
/*
|
/*
|
||||||
* Some deployed supplicant implementations update their SNonce
|
* Some deployed supplicant implementations update their SNonce
|
||||||
|
@ -5635,7 +5693,7 @@ int wpa_auth_resend_m1(struct wpa_state_machine *sm, int change_anonce,
|
||||||
anonce = anonce_buf;
|
anonce = anonce_buf;
|
||||||
}
|
}
|
||||||
|
|
||||||
wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
|
wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
|
||||||
"sending 1/4 msg of 4-Way Handshake (TESTING)");
|
"sending 1/4 msg of 4-Way Handshake (TESTING)");
|
||||||
wpa_send_eapol(sm->wpa_auth, sm,
|
wpa_send_eapol(sm->wpa_auth, sm,
|
||||||
WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL,
|
WPA_KEY_INFO_ACK | WPA_KEY_INFO_KEY_TYPE, NULL,
|
||||||
|
@ -5677,7 +5735,7 @@ int wpa_auth_resend_m3(struct wpa_state_machine *sm,
|
||||||
wpa_ie = wpa_ie + wpa_ie[1] + 2;
|
wpa_ie = wpa_ie + wpa_ie[1] + 2;
|
||||||
wpa_ie_len = wpa_ie[1] + 2;
|
wpa_ie_len = wpa_ie[1] + 2;
|
||||||
}
|
}
|
||||||
wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
|
wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
|
||||||
"sending 3/4 msg of 4-Way Handshake (TESTING)");
|
"sending 3/4 msg of 4-Way Handshake (TESTING)");
|
||||||
if (sm->wpa == WPA_VERSION_WPA2) {
|
if (sm->wpa == WPA_VERSION_WPA2) {
|
||||||
/* WPA2 send GTK in the 4-way handshake */
|
/* WPA2 send GTK in the 4-way handshake */
|
||||||
|
@ -5702,7 +5760,8 @@ int wpa_auth_resend_m3(struct wpa_state_machine *sm,
|
||||||
* by setting the Secure bit here even in the case of
|
* by setting the Secure bit here even in the case of
|
||||||
* WPA if the supplicant used it first.
|
* WPA if the supplicant used it first.
|
||||||
*/
|
*/
|
||||||
wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
|
wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm),
|
||||||
|
LOGGER_DEBUG,
|
||||||
"STA used Secure bit in WPA msg 2/4 - set Secure for 3/4 as workaround");
|
"STA used Secure bit in WPA msg 2/4 - set Secure for 3/4 as workaround");
|
||||||
secure = 1;
|
secure = 1;
|
||||||
}
|
}
|
||||||
|
@ -5839,7 +5898,7 @@ int wpa_auth_resend_group_m1(struct wpa_state_machine *sm,
|
||||||
/* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
|
/* Send EAPOL(1, 1, 1, !Pair, G, RSC, GNonce, MIC(PTK), GTK[GN]) */
|
||||||
os_memset(rsc, 0, WPA_KEY_RSC_LEN);
|
os_memset(rsc, 0, WPA_KEY_RSC_LEN);
|
||||||
/* Use 0 RSC */
|
/* Use 0 RSC */
|
||||||
wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
|
wpa_auth_logger(sm->wpa_auth, wpa_auth_get_spa(sm), LOGGER_DEBUG,
|
||||||
"sending 1/2 msg of Group Key Handshake (TESTING)");
|
"sending 1/2 msg of Group Key Handshake (TESTING)");
|
||||||
|
|
||||||
gtk = gsm->GTK[gsm->GN - 1];
|
gtk = gsm->GTK[gsm->GN - 1];
|
||||||
|
|
Loading…
Reference in a new issue