DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

wpa_auth: Do not split strings into multiple lines

Browse source 
Avoid unnecessary splitting of long string constants into multiple
lines.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2020-03-28 19:48:32 +02:00
parent 9385f03feb
commit f83d3491b9
1 changed files with 105 additions and 119 deletions
Download patch file Download diff file Expand all files Collapse all files

224
src/ap/wpa_auth.c
View file

@ -292,8 +292,8 @@ static void wpa_rekey_gmk(void *eloop_ctx, void *timeout_ctx)
struct wpa_authenticator *wpa_auth = eloop_ctx; struct wpa_authenticator *wpa_auth = eloop_ctx;
if (random_get_bytes(wpa_auth->group->GMK, WPA_GMK_LEN)) { if (random_get_bytes(wpa_auth->group->GMK, WPA_GMK_LEN)) {
wpa_printf(MSG_ERROR, "Failed to get random data for WPA " wpa_printf(MSG_ERROR,
"initialization."); "Failed to get random data for WPA initialization.");
} else { } else {
wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "GMK rekeyd"); wpa_auth_logger(wpa_auth, NULL, LOGGER_DEBUG, "GMK rekeyd");
wpa_hexdump_key(MSG_DEBUG, "GMK", wpa_hexdump_key(MSG_DEBUG, "GMK",
@ -425,9 +425,8 @@ static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group); group->GTK_len = wpa_cipher_key_len(wpa_auth->conf.wpa_group);
if (random_pool_ready() != 1) { if (random_pool_ready() != 1) {
wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool " wpa_printf(MSG_INFO,
"for secure operations - update keys later when " "WPA: Not enough entropy in random pool for secure operations - update keys later when the first station connects");
"the first station connects");
} }
/* /*
@ -437,16 +436,16 @@ static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
* on embedded devices. * on embedded devices.
*/ */
if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0) { if (wpa_group_init_gmk_and_counter(wpa_auth, group) < 0) {
wpa_printf(MSG_ERROR, "Failed to get random data for WPA " wpa_printf(MSG_ERROR,
"initialization."); "Failed to get random data for WPA initialization.");
os_free(group); os_free(group);
return NULL; return NULL;
} }
group->GInit = TRUE; group->GInit = TRUE;
if (delay_init) { if (delay_init) {
wpa_printf(MSG_DEBUG, "WPA: Delay group state machine start " wpa_printf(MSG_DEBUG,
"until Beacon frames have been configured"); "WPA: Delay group state machine start until Beacon frames have been configured");
/* Initialization is completed in wpa_init_keys(). */ /* Initialization is completed in wpa_init_keys(). */
} else { } else {
wpa_group_sm_step(wpa_auth, group); wpa_group_sm_step(wpa_auth, group);
@ -544,8 +543,8 @@ int wpa_init_keys(struct wpa_authenticator *wpa_auth)
{ {
struct wpa_group *group = wpa_auth->group; struct wpa_group *group = wpa_auth->group;
wpa_printf(MSG_DEBUG, "WPA: Start group state machine to set initial " wpa_printf(MSG_DEBUG,
"keys"); "WPA: Start group state machine to set initial keys");
wpa_group_sm_step(wpa_auth, group); wpa_group_sm_step(wpa_auth, group);
group->GInit = FALSE; group->GInit = FALSE;
wpa_group_sm_step(wpa_auth, group); wpa_group_sm_step(wpa_auth, group);
@ -659,8 +658,7 @@ int wpa_auth_sta_associated(struct wpa_authenticator *wpa_auth,
#ifdef CONFIG_IEEE80211R_AP #ifdef CONFIG_IEEE80211R_AP
if (sm->ft_completed) { if (sm->ft_completed) {
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
"FT authentication already completed - do not " "FT authentication already completed - do not start 4-way handshake");
"start 4-way handshake");
/* Go to PTKINITDONE state to allow GTK rekeying */ /* Go to PTKINITDONE state to allow GTK rekeying */
sm->wpa_ptk_state = WPA_PTK_PTKINITDONE; sm->wpa_ptk_state = WPA_PTK_PTKINITDONE;
sm->Pair = TRUE; sm->Pair = TRUE;
@ -715,8 +713,9 @@ static void wpa_free_sta_sm(struct wpa_state_machine *sm)
#ifdef CONFIG_P2P #ifdef CONFIG_P2P
if (WPA_GET_BE32(sm->ip_addr)) { if (WPA_GET_BE32(sm->ip_addr)) {
u32 start; u32 start;
wpa_printf(MSG_DEBUG, "P2P: Free assigned IP " wpa_printf(MSG_DEBUG,
"address %u.%u.%u.%u from " MACSTR, "P2P: Free assigned IP address %u.%u.%u.%u from "
MACSTR,
sm->ip_addr[0], sm->ip_addr[1], sm->ip_addr[0], sm->ip_addr[1],
sm->ip_addr[2], sm->ip_addr[3], sm->ip_addr[2], sm->ip_addr[3],
MAC2STR(sm->addr)); MAC2STR(sm->addr));
@ -754,8 +753,7 @@ void wpa_auth_sta_deinit(struct wpa_state_machine *sm)
wpa_auth = sm->wpa_auth; wpa_auth = sm->wpa_auth;
if (wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) { if (wpa_auth->conf.wpa_strict_rekey && sm->has_GTK) {
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
"strict rekeying - force GTK rekey since STA " "strict rekeying - force GTK rekey since STA is leaving");
"is leaving");
if (eloop_deplete_timeout(0, 500000, wpa_rekey_gtk, if (eloop_deplete_timeout(0, 500000, wpa_rekey_gtk,
wpa_auth, NULL) == -1) wpa_auth, NULL) == -1)
eloop_register_timeout(0, 500000, wpa_rekey_gtk, eloop_register_timeout(0, 500000, wpa_rekey_gtk,
@ -772,8 +770,9 @@ void wpa_auth_sta_deinit(struct wpa_state_machine *sm)
if (sm->in_step_loop) { if (sm->in_step_loop) {
/* Must not free state machine while wpa_sm_step() is running. /* Must not free state machine while wpa_sm_step() is running.
* Freeing will be completed in the end of wpa_sm_step(). */ * Freeing will be completed in the end of wpa_sm_step(). */
wpa_printf(MSG_DEBUG, "WPA: Registering pending STA state " wpa_printf(MSG_DEBUG,
"machine deinit for " MACSTR, MAC2STR(sm->addr)); "WPA: Registering pending STA state machine deinit for "
MACSTR, MAC2STR(sm->addr));
sm->pending_deinit = 1; sm->pending_deinit = 1;
} else } else
wpa_free_sta_sm(sm); wpa_free_sta_sm(sm);
@ -841,8 +840,8 @@ static int ft_check_msg_2_of_4(struct wpa_authenticator *wpa_auth,
if (wpa_parse_wpa_ie_rsn(kde->rsn_ie, kde->rsn_ie_len, &ie) < 0 || if (wpa_parse_wpa_ie_rsn(kde->rsn_ie, kde->rsn_ie_len, &ie) < 0 ||
ie.num_pmkid != 1 || !ie.pmkid) { ie.num_pmkid != 1 || !ie.pmkid) {
wpa_printf(MSG_DEBUG, "FT: No PMKR1Name in " wpa_printf(MSG_DEBUG,
"FT 4-way handshake message 2/4"); "FT: No PMKR1Name in FT 4-way handshake message 2/4");
return -1; return -1;
} }
@ -851,8 +850,9 @@ static int ft_check_msg_2_of_4(struct wpa_authenticator *wpa_auth,
sm->sup_pmk_r1_name, PMKID_LEN); sm->sup_pmk_r1_name, PMKID_LEN);
if (!kde->mdie || !kde->ftie) { if (!kde->mdie || !kde->ftie) {
wpa_printf(MSG_DEBUG, "FT: No %s in FT 4-way handshake " wpa_printf(MSG_DEBUG,
"message 2/4", kde->mdie ? "FTIE" : "MDIE"); "FT: No %s in FT 4-way handshake message 2/4",
kde->mdie ? "FTIE" : "MDIE");
return -1; return -1;
} }
@ -886,18 +886,15 @@ static int wpa_receive_error_report(struct wpa_authenticator *wpa_auth,
{ {
/* Supplicant reported a Michael MIC error */ /* Supplicant reported a Michael MIC error */
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO, wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
"received EAPOL-Key Error Request " "received EAPOL-Key Error Request (STA detected Michael MIC failure (group=%d))",
"(STA detected Michael MIC failure (group=%d))",
group); group);
if (group && wpa_auth->conf.wpa_group != WPA_CIPHER_TKIP) { if (group && wpa_auth->conf.wpa_group != WPA_CIPHER_TKIP) {
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
"ignore Michael MIC failure report since " "ignore Michael MIC failure report since group cipher is not TKIP");
"group cipher is not TKIP");
} else if (!group && sm->pairwise != WPA_CIPHER_TKIP) { } else if (!group && sm->pairwise != WPA_CIPHER_TKIP) {
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
"ignore Michael MIC failure report since " "ignore Michael MIC failure report since pairwise cipher is not TKIP");
"pairwise cipher is not TKIP");
} else { } else {
if (wpa_auth_mic_failure_report(wpa_auth, sm->addr) > 0) if (wpa_auth_mic_failure_report(wpa_auth, sm->addr) > 0)
return 1; /* STA entry was removed */ return 1; /* STA entry was removed */
@ -1027,8 +1024,8 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
wpa_hexdump(MSG_MSGDUMP, "WPA: EAPOL-Key Key MIC", wpa_hexdump(MSG_MSGDUMP, "WPA: EAPOL-Key Key MIC",
mic, mic_len); mic, mic_len);
if (key_data_length > data_len - sizeof(*hdr) - keyhdrlen) { if (key_data_length > data_len - sizeof(*hdr) - keyhdrlen) {
wpa_printf(MSG_INFO, "WPA: Invalid EAPOL-Key frame - " wpa_printf(MSG_INFO,
"key_data overflow (%d > %lu)", "WPA: Invalid EAPOL-Key frame - key_data overflow (%d > %lu)",
key_data_length, key_data_length,
(unsigned long) (data_len - sizeof(*hdr) - (unsigned long) (data_len - sizeof(*hdr) -
keyhdrlen)); keyhdrlen));
@ -1041,18 +1038,18 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
* Some deployed station implementations seem to send * Some deployed station implementations seem to send
* msg 4/4 with incorrect type value in WPA2 mode. * msg 4/4 with incorrect type value in WPA2 mode.
*/ */
wpa_printf(MSG_DEBUG, "Workaround: Allow EAPOL-Key " wpa_printf(MSG_DEBUG,
"with unexpected WPA type in RSN mode"); "Workaround: Allow EAPOL-Key with unexpected WPA type in RSN mode");
} else if (key->type != EAPOL_KEY_TYPE_RSN) { } else if (key->type != EAPOL_KEY_TYPE_RSN) {
wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with " wpa_printf(MSG_DEBUG,
"unexpected type %d in RSN mode", "Ignore EAPOL-Key with unexpected type %d in RSN mode",
key->type); key->type);
return; return;
} }
} else { } else {
if (key->type != EAPOL_KEY_TYPE_WPA) { if (key->type != EAPOL_KEY_TYPE_WPA) {
wpa_printf(MSG_DEBUG, "Ignore EAPOL-Key with " wpa_printf(MSG_DEBUG,
"unexpected type %d in WPA mode", "Ignore EAPOL-Key with unexpected type %d in WPA mode",
key->type); key->type);
return; return;
} }
@ -1097,9 +1094,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) { ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
wpa_auth_logger(wpa_auth, sm->addr, wpa_auth_logger(wpa_auth, sm->addr,
LOGGER_WARNING, LOGGER_WARNING,
"advertised support for " "advertised support for AES-128-CMAC, but did not use it");
"AES-128-CMAC, but did not "
"use it");
return; return;
} }
@ -1108,8 +1103,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) { ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
wpa_auth_logger(wpa_auth, sm->addr, wpa_auth_logger(wpa_auth, sm->addr,
LOGGER_WARNING, LOGGER_WARNING,
"did not use HMAC-SHA1-AES " "did not use HMAC-SHA1-AES with CCMP/GCMP");
"with CCMP/GCMP");
return; return;
} }
} }
@ -1127,8 +1121,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
os_memcmp(key->replay_counter, sm->req_replay_counter, os_memcmp(key->replay_counter, sm->req_replay_counter,
WPA_REPLAY_COUNTER_LEN) <= 0) { WPA_REPLAY_COUNTER_LEN) <= 0) {
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING, wpa_auth_logger(wpa_auth, sm->addr, LOGGER_WARNING,
"received EAPOL-Key request with " "received EAPOL-Key request with replayed counter");
"replayed counter");
return; return;
} }
} }
@ -1151,9 +1144,7 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
* even if we have already sent out EAPOL-Key 3/4. * even if we have already sent out EAPOL-Key 3/4.
*/ */
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG, wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
"Process SNonce update from STA " "Process SNonce update from STA based on retransmitted EAPOL-Key 1/4");
"based on retransmitted EAPOL-Key "
"1/4");
sm->update_snonce = 1; sm->update_snonce = 1;
os_memcpy(sm->alt_SNonce, sm->SNonce, WPA_NONCE_LEN); os_memcpy(sm->alt_SNonce, sm->SNonce, WPA_NONCE_LEN);
sm->alt_snonce_valid = TRUE; sm->alt_snonce_valid = TRUE;
@ -1182,12 +1173,12 @@ void wpa_receive(struct wpa_authenticator *wpa_auth,
key->replay_counter) && key->replay_counter) &&
sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING) { sm->wpa_ptk_state == WPA_PTK_PTKINITNEGOTIATING) {
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG, wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
"ignore retransmitted EAPOL-Key %s - " "ignore retransmitted EAPOL-Key %s - SNonce did not change",
"SNonce did not change", msgtxt); msgtxt);
} else { } else {
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG, wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_DEBUG,
"received EAPOL-Key %s with " "received EAPOL-Key %s with unexpected replay counter",
"unexpected replay counter", msgtxt); msgtxt);
} }
for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) { for (i = 0; i < RSNA_MAX_EAPOL_RETRIES; i++) {
if (!sm->key_replay[i].valid) if (!sm->key_replay[i].valid)
@ -1218,8 +1209,7 @@ continue_processing:
(!sm->update_snonce || (!sm->update_snonce ||
sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING)) { sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING)) {
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO, wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
"received EAPOL-Key msg 2/4 in " "received EAPOL-Key msg 2/4 in invalid state (%d) - dropped",
"invalid state (%d) - dropped",
sm->wpa_ptk_state); sm->wpa_ptk_state);
return; return;
} }
@ -1234,9 +1224,8 @@ continue_processing:
* Counter update and the station will be allowed to * Counter update and the station will be allowed to
* continue. * continue.
*/ */
wpa_printf(MSG_DEBUG, "WPA: Reject 4-way handshake to " wpa_printf(MSG_DEBUG,
"collect more entropy for random number " "WPA: Reject 4-way handshake to collect more entropy for random number generation");
"generation");
random_mark_pool_ready(); random_mark_pool_ready();
wpa_sta_disconnect(wpa_auth, sm->addr, wpa_sta_disconnect(wpa_auth, sm->addr,
WLAN_REASON_PREV_AUTH_NOT_VALID); WLAN_REASON_PREV_AUTH_NOT_VALID);
@ -1247,8 +1236,7 @@ continue_processing:
if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING || if (sm->wpa_ptk_state != WPA_PTK_PTKINITNEGOTIATING ||
!sm->PTK_valid) { !sm->PTK_valid) {
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO, wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
"received EAPOL-Key msg 4/4 in " "received EAPOL-Key msg 4/4 in invalid state (%d) - dropped",
"invalid state (%d) - dropped",
sm->wpa_ptk_state); sm->wpa_ptk_state);
return; return;
} }
@ -1257,8 +1245,7 @@ continue_processing:
if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING if (sm->wpa_ptk_group_state != WPA_PTK_GROUP_REKEYNEGOTIATING
|| !sm->PTK_valid) { || !sm->PTK_valid) {
wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO, wpa_auth_vlogger(wpa_auth, sm->addr, LOGGER_INFO,
"received EAPOL-Key msg 2/2 in " "received EAPOL-Key msg 2/2 in invalid state (%d) - dropped",
"invalid state (%d) - dropped",
sm->wpa_ptk_group_state); sm->wpa_ptk_group_state);
return; return;
} }
@ -1337,8 +1324,7 @@ continue_processing:
WPA_REPLAY_COUNTER_LEN); WPA_REPLAY_COUNTER_LEN);
} else { } else {
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
"received EAPOL-Key request with " "received EAPOL-Key request with invalid MIC");
"invalid MIC");
return; return;
} }
@ -1354,8 +1340,7 @@ continue_processing:
return; /* STA entry was removed */ return; /* STA entry was removed */
} else if (key_info & WPA_KEY_INFO_KEY_TYPE) { } else if (key_info & WPA_KEY_INFO_KEY_TYPE) {
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
"received EAPOL-Key Request for new " "received EAPOL-Key Request for new 4-Way Handshake");
"4-Way Handshake");
wpa_request_new_ptk(sm); wpa_request_new_ptk(sm);
} else if (key_data_length > 0 && } else if (key_data_length > 0 &&
wpa_parse_kde_ies(key_data, key_data_length, wpa_parse_kde_ies(key_data, key_data_length,
@ -1363,8 +1348,7 @@ continue_processing:
kde.mac_addr) { kde.mac_addr) {
} else { } else {
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO, wpa_auth_logger(wpa_auth, sm->addr, LOGGER_INFO,
"received EAPOL-Key Request for GTK " "received EAPOL-Key Request for GTK rekeying");
"rekeying");
eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL); eloop_cancel_timeout(wpa_rekey_gtk, wpa_auth, NULL);
wpa_rekey_gtk(wpa_auth, NULL); wpa_rekey_gtk(wpa_auth, NULL);
} }
@ -1505,9 +1489,8 @@ void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
pairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE); pairwise = !!(key_info & WPA_KEY_INFO_KEY_TYPE);
wpa_printf(MSG_DEBUG, "WPA: Send EAPOL(version=%d secure=%d mic=%d " wpa_printf(MSG_DEBUG,
"ack=%d install=%d pairwise=%d kde_len=%lu keyidx=%d " "WPA: Send EAPOL(version=%d secure=%d mic=%d ack=%d install=%d pairwise=%d kde_len=%lu keyidx=%d encr=%d)",
"encr=%d)",
version, version,
(key_info & WPA_KEY_INFO_SECURE) ? 1 : 0, (key_info & WPA_KEY_INFO_SECURE) ? 1 : 0,
(key_info & WPA_KEY_INFO_MIC) ? 1 : 0, (key_info & WPA_KEY_INFO_MIC) ? 1 : 0,
@ -1655,8 +1638,7 @@ void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
if (key_info & WPA_KEY_INFO_MIC) { if (key_info & WPA_KEY_INFO_MIC) {
if (!sm->PTK_valid || !mic_len) { if (!sm->PTK_valid || !mic_len) {
wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG, wpa_auth_logger(wpa_auth, sm->addr, LOGGER_DEBUG,
"PTK not valid when sending EAPOL-Key " "PTK not valid when sending EAPOL-Key frame");
"frame");
os_free(hdr); os_free(hdr);
return; return;
} }
@ -1715,8 +1697,9 @@ static void wpa_send_eapol(struct wpa_authenticator *wpa_auth,
#ifdef TEST_FUZZ #ifdef TEST_FUZZ
timeout_ms = 1; timeout_ms = 1;
#endif /* TEST_FUZZ */ #endif /* TEST_FUZZ */
wpa_printf(MSG_DEBUG, "WPA: Use EAPOL-Key timeout of %u ms (retry " wpa_printf(MSG_DEBUG,
"counter %u)", timeout_ms, ctr); "WPA: Use EAPOL-Key timeout of %u ms (retry counter %u)",
timeout_ms, ctr);
eloop_register_timeout(timeout_ms / 1000, (timeout_ms % 1000) * 1000, eloop_register_timeout(timeout_ms / 1000, (timeout_ms % 1000) * 1000,
wpa_send_eapol_timeout, wpa_auth, sm); wpa_send_eapol_timeout, wpa_auth, sm);
} }
@ -1813,8 +1796,8 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
* sure that the WPA state machines gets initialized * sure that the WPA state machines gets initialized
* properly at this point. * properly at this point.
*/ */
wpa_printf(MSG_DEBUG, "WPA state machine had not been " wpa_printf(MSG_DEBUG,
"started - initialize now"); "WPA state machine had not been started - initialize now");
sm->started = 1; sm->started = 1;
sm->Init = TRUE; sm->Init = TRUE;
if (wpa_sm_step(sm) == 1) if (wpa_sm_step(sm) == 1)
@ -1852,8 +1835,8 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event)
break; break;
case WPA_ASSOC_FT: case WPA_ASSOC_FT:
#ifdef CONFIG_IEEE80211R_AP #ifdef CONFIG_IEEE80211R_AP
wpa_printf(MSG_DEBUG, "FT: Retry PTK configuration " wpa_printf(MSG_DEBUG,
"after association"); "FT: Retry PTK configuration after association");
wpa_ft_install_ptk(sm); wpa_ft_install_ptk(sm);
/* Using FT protocol, not WPA auth state machine */ /* Using FT protocol, not WPA auth state machine */
@ -1986,11 +1969,11 @@ static void wpa_group_ensure_init(struct wpa_authenticator *wpa_auth,
* GMK and Counter here to improve their strength if there was not * GMK and Counter here to improve their strength if there was not
* enough entropy available immediately after system startup. * enough entropy available immediately after system startup.
*/ */
wpa_printf(MSG_DEBUG, "WPA: Re-initialize GMK/Counter on first " wpa_printf(MSG_DEBUG,
"station"); "WPA: Re-initialize GMK/Counter on first station");
if (random_pool_ready() != 1) { if (random_pool_ready() != 1) {
wpa_printf(MSG_INFO, "WPA: Not enough entropy in random pool " wpa_printf(MSG_INFO,
"to proceed - reject first 4-way handshake"); "WPA: Not enough entropy in random pool to proceed - reject first 4-way handshake");
group->reject_4way_hs_for_entropy = TRUE; group->reject_4way_hs_for_entropy = TRUE;
} else { } else {
group->first_sta_seen = TRUE; group->first_sta_seen = TRUE;
@ -2024,8 +2007,8 @@ SM_STATE(WPA_PTK, AUTHENTICATION2)
* stronger protection against potential precomputation attacks. * stronger protection against potential precomputation attacks.
*/ */
if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) { if (random_get_bytes(sm->ANonce, WPA_NONCE_LEN)) {
wpa_printf(MSG_ERROR, "WPA: Failed to get random data for " wpa_printf(MSG_ERROR,
"ANonce."); "WPA: Failed to get random data for ANonce.");
sm->Disconnect = TRUE; sm->Disconnect = TRUE;
return; return;
} }
@ -2082,8 +2065,9 @@ SM_STATE(WPA_PTK, INITPMK)
pmk_len = PMK_LEN_SUITE_B_192; pmk_len = PMK_LEN_SUITE_B_192;
else else
pmk_len = PMK_LEN; pmk_len = PMK_LEN;
wpa_printf(MSG_DEBUG, "WPA: PMK from EAPOL state machine " wpa_printf(MSG_DEBUG,
"(MSK len=%lu PMK len=%u)", (unsigned long) len, "WPA: PMK from EAPOL state machine (MSK len=%lu PMK len=%u)",
(unsigned long) len,
pmk_len); pmk_len);
if (len < pmk_len) { if (len < pmk_len) {
wpa_printf(MSG_DEBUG, wpa_printf(MSG_DEBUG,
@ -3106,10 +3090,9 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
if (os_memcmp_const(sm->sup_pmk_r1_name, sm->pmk_r1_name, if (os_memcmp_const(sm->sup_pmk_r1_name, sm->pmk_r1_name,
WPA_PMK_NAME_LEN) != 0) { WPA_PMK_NAME_LEN) != 0) {
wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
"PMKR1Name mismatch in FT 4-way " "PMKR1Name mismatch in FT 4-way handshake");
"handshake"); wpa_hexdump(MSG_DEBUG,
wpa_hexdump(MSG_DEBUG, "FT: PMKR1Name from " "FT: PMKR1Name from Supplicant",
"Supplicant",
sm->sup_pmk_r1_name, WPA_PMK_NAME_LEN); sm->sup_pmk_r1_name, WPA_PMK_NAME_LEN);
wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name", wpa_hexdump(MSG_DEBUG, "FT: Derived PMKR1Name",
sm->pmk_r1_name, WPA_PMK_NAME_LEN); sm->pmk_r1_name, WPA_PMK_NAME_LEN);
@ -3390,8 +3373,7 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
* WPA if the supplicant used it first. * WPA if the supplicant used it first.
*/ */
wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
"STA used Secure bit in WPA msg 2/4 - " "STA used Secure bit in WPA msg 2/4 - set Secure for 3/4 as workaround");
"set Secure for 3/4 as workaround");
secure = 1; secure = 1;
} }
} }
@ -3432,8 +3414,8 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
elen = pos - kde; elen = pos - kde;
res = wpa_insert_pmkid(kde, &elen, sm->pmk_r1_name); res = wpa_insert_pmkid(kde, &elen, sm->pmk_r1_name);
if (res < 0) { if (res < 0) {
wpa_printf(MSG_ERROR, "FT: Failed to insert " wpa_printf(MSG_ERROR,
"PMKR1Name into RSN IE in EAPOL-Key data"); "FT: Failed to insert PMKR1Name into RSN IE in EAPOL-Key data");
goto done; goto done;
} }
pos -= wpa_ie_len; pos -= wpa_ie_len;
@ -3476,8 +3458,8 @@ SM_STATE(WPA_PTK, PTKINITNEGOTIATING)
NULL, 0, 0); NULL, 0, 0);
} }
if (res < 0) { if (res < 0) {
wpa_printf(MSG_ERROR, "FT: Failed to insert FTIE " wpa_printf(MSG_ERROR,
"into EAPOL-Key Key Data"); "FT: Failed to insert FTIE into EAPOL-Key Key Data");
goto done; goto done;
} }
pos += res; pos += res;
@ -3974,8 +3956,9 @@ static int wpa_gtk_update(struct wpa_authenticator *wpa_auth,
static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth, static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
struct wpa_group *group) struct wpa_group *group)
{ {
wpa_printf(MSG_DEBUG, "WPA: group state machine entering state " wpa_printf(MSG_DEBUG,
"GTK_INIT (VLAN-ID %d)", group->vlan_id); "WPA: group state machine entering state GTK_INIT (VLAN-ID %d)",
group->vlan_id);
group->changed = FALSE; /* GInit is not cleared here; avoid loop */ group->changed = FALSE; /* GInit is not cleared here; avoid loop */
group->wpa_group_state = WPA_GROUP_GTK_INIT; group->wpa_group_state = WPA_GROUP_GTK_INIT;
@ -4010,8 +3993,7 @@ static int wpa_group_update_sta(struct wpa_state_machine *sm, void *ctx)
* station needs to be counted here anyway. * station needs to be counted here anyway.
*/ */
wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
"GUpdateStationKeys was already set when " "GUpdateStationKeys was already set when marking station for GTK rekeying");
"marking station for GTK rekeying");
} }
/* Do not rekey GTK/IGTK when STA is in WNM-Sleep Mode */ /* Do not rekey GTK/IGTK when STA is in WNM-Sleep Mode */
@ -4142,8 +4124,9 @@ static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
{ {
int tmp; int tmp;
wpa_printf(MSG_DEBUG, "WPA: group state machine entering state " wpa_printf(MSG_DEBUG,
"SETKEYS (VLAN-ID %d)", group->vlan_id); "WPA: group state machine entering state SETKEYS (VLAN-ID %d)",
group->vlan_id);
group->changed = TRUE; group->changed = TRUE;
group->wpa_group_state = WPA_GROUP_SETKEYS; group->wpa_group_state = WPA_GROUP_SETKEYS;
group->GTKReKey = FALSE; group->GTKReKey = FALSE;
@ -4162,8 +4145,8 @@ static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
wpa_gtk_update(wpa_auth, group); wpa_gtk_update(wpa_auth, group);
if (group->GKeyDoneStations) { if (group->GKeyDoneStations) {
wpa_printf(MSG_DEBUG, "wpa_group_setkeys: Unexpected " wpa_printf(MSG_DEBUG,
"GKeyDoneStations=%d when starting new GTK rekey", "wpa_group_setkeys: Unexpected GKeyDoneStations=%d when starting new GTK rekey",
group->GKeyDoneStations); group->GKeyDoneStations);
group->GKeyDoneStations = 0; group->GKeyDoneStations = 0;
} }
@ -4216,7 +4199,7 @@ static int wpa_group_disconnect_cb(struct wpa_state_machine *sm, void *ctx)
{ {
if (sm->group == ctx) { if (sm->group == ctx) {
wpa_printf(MSG_DEBUG, "WPA: Mark STA " MACSTR wpa_printf(MSG_DEBUG, "WPA: Mark STA " MACSTR
" for discconnection due to fatal failure", " for disconnection due to fatal failure",
MAC2STR(sm->addr)); MAC2STR(sm->addr));
sm->Disconnect = TRUE; sm->Disconnect = TRUE;
} }
@ -4228,7 +4211,8 @@ static int wpa_group_disconnect_cb(struct wpa_state_machine *sm, void *ctx)
static void wpa_group_fatal_failure(struct wpa_authenticator *wpa_auth, static void wpa_group_fatal_failure(struct wpa_authenticator *wpa_auth,
struct wpa_group *group) struct wpa_group *group)
{ {
wpa_printf(MSG_DEBUG, "WPA: group state machine entering state FATAL_FAILURE"); wpa_printf(MSG_DEBUG,
"WPA: group state machine entering state FATAL_FAILURE");
group->changed = TRUE; group->changed = TRUE;
group->wpa_group_state = WPA_GROUP_FATAL_FAILURE; group->wpa_group_state = WPA_GROUP_FATAL_FAILURE;
wpa_auth_for_each_sta(wpa_auth, wpa_group_disconnect_cb, group); wpa_auth_for_each_sta(wpa_auth, wpa_group_disconnect_cb, group);
@ -4238,8 +4222,9 @@ static void wpa_group_fatal_failure(struct wpa_authenticator *wpa_auth,
static int wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth, static int wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth,
struct wpa_group *group) struct wpa_group *group)
{ {
wpa_printf(MSG_DEBUG, "WPA: group state machine entering state " wpa_printf(MSG_DEBUG,
"SETKEYSDONE (VLAN-ID %d)", group->vlan_id); "WPA: group state machine entering state SETKEYSDONE (VLAN-ID %d)",
group->vlan_id);
group->changed = TRUE; group->changed = TRUE;
group->wpa_group_state = WPA_GROUP_SETKEYSDONE; group->wpa_group_state = WPA_GROUP_SETKEYSDONE;
@ -4306,8 +4291,9 @@ static int wpa_sm_step(struct wpa_state_machine *sm)
sm->in_step_loop = 0; sm->in_step_loop = 0;
if (sm->pending_deinit) { if (sm->pending_deinit) {
wpa_printf(MSG_DEBUG, "WPA: Completing pending STA state " wpa_printf(MSG_DEBUG,
"machine deinit for " MACSTR, MAC2STR(sm->addr)); "WPA: Completing pending STA state machine deinit for "
MACSTR, MAC2STR(sm->addr));
wpa_free_sta_sm(sm); wpa_free_sta_sm(sm);
return 1; return 1;
} }
@ -5007,8 +4993,9 @@ int wpa_auth_sta_set_vlan(struct wpa_state_machine *sm, int vlan_id)
if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE) if (group->wpa_group_state == WPA_GROUP_FATAL_FAILURE)
return -1; return -1;
wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR " to use group state " wpa_printf(MSG_DEBUG, "WPA: Moving STA " MACSTR
"machine for VLAN ID %d", MAC2STR(sm->addr), vlan_id); " to use group state machine for VLAN ID %d",
MAC2STR(sm->addr), vlan_id);
wpa_group_get(sm->wpa_auth, group); wpa_group_get(sm->wpa_auth, group);
wpa_group_put(sm->wpa_auth, sm->group); wpa_group_put(sm->wpa_auth, sm->group);
@ -5037,8 +5024,8 @@ void wpa_auth_eapol_key_tx_status(struct wpa_authenticator *wpa_auth,
* the station has received the frame. * the station has received the frame.
*/ */
int timeout_ms = eapol_key_timeout_subseq; int timeout_ms = eapol_key_timeout_subseq;
wpa_printf(MSG_DEBUG, "WPA: Increase initial EAPOL-Key 1/4 " wpa_printf(MSG_DEBUG,
"timeout by %u ms because of acknowledged frame", "WPA: Increase initial EAPOL-Key 1/4 timeout by %u ms because of acknowledged frame",
timeout_ms); timeout_ms);
eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm); eloop_cancel_timeout(wpa_send_eapol_timeout, wpa_auth, sm);
eloop_register_timeout(timeout_ms / 1000, eloop_register_timeout(timeout_ms / 1000,
@ -5277,8 +5264,7 @@ int wpa_auth_resend_m3(struct wpa_state_machine *sm,
* WPA if the supplicant used it first. * WPA if the supplicant used it first.
*/ */
wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG, wpa_auth_logger(sm->wpa_auth, sm->addr, LOGGER_DEBUG,
"STA used Secure bit in WPA msg 2/4 - " "STA used Secure bit in WPA msg 2/4 - set Secure for 3/4 as workaround");
"set Secure for 3/4 as workaround");
secure = 1; secure = 1;
} }
} }
@ -5311,8 +5297,8 @@ int wpa_auth_resend_m3(struct wpa_state_machine *sm,
elen = pos - kde; elen = pos - kde;
res = wpa_insert_pmkid(kde, &elen, sm->pmk_r1_name); res = wpa_insert_pmkid(kde, &elen, sm->pmk_r1_name);
if (res < 0) { if (res < 0) {
wpa_printf(MSG_ERROR, "FT: Failed to insert " wpa_printf(MSG_ERROR,
"PMKR1Name into RSN IE in EAPOL-Key data"); "FT: Failed to insert PMKR1Name into RSN IE in EAPOL-Key data");
os_free(kde); os_free(kde);
return -1; return -1;
} }
@ -5366,8 +5352,8 @@ int wpa_auth_resend_m3(struct wpa_state_machine *sm,
NULL, 0, 0); NULL, 0, 0);
} }
if (res < 0) { if (res < 0) {
wpa_printf(MSG_ERROR, "FT: Failed to insert FTIE " wpa_printf(MSG_ERROR,
"into EAPOL-Key Key Data"); "FT: Failed to insert FTIE into EAPOL-Key Key Data");
os_free(kde); os_free(kde);
return -1; return -1;
} }