~ubuntu-branches/ubuntu/lucid/wpasupplicant/lucid-updates

« back to all changes in this revision

Viewing changes to wpa.c

  • Committer: Bazaar Package Importer
  • Author(s): Kel Modderman
  • Date: 2006-10-05 08:04:01 UTC
  • mfrom: (1.1.5 upstream) (3 etch)
  • mto: This revision was merged to the branch mainline in revision 4.
  • Revision ID: james.westby@ubuntu.com-20061005080401-r8lqlix4390yos7b
Tags: 0.5.5-2
* Update madwifi headers to latest SVN. (Closes: #388316)
* Remove failed attempt at action locking. [debian/functions.sh,
  debian/wpa_action.sh]
* Add hysteresis checking functions, to avoid "event loops" while
  using wpa-roam. [debian/functions.sh, debian/wpa_action.sh]
* Change of co-maintainer email address.
* Add ishex() function to functions.sh to determine wpa-psk value type in
  plaintext or hex. This effectively eliminates the need for the bogus and
  somewhat confusing wpa-passphrase contruct specific to our scripts and
  allows wpa-psk to work with either a 8 to 63 character long plaintext
  string or 64 character long hex string.
* Adjust README.modes to not refer to the redundant wpa-passphrase stuff.
* Add big fat NOTE about acceptable wpa-psk's to top of example gallery.
* Strip surrounding quotes from wpa-ssid if present, instead of just whining
  about them.
* Update email address in copyright blurb of functions.sh, ifupdown.sh and
  wpa_action.sh.  

Show diffs side-by-side

added added

removed removed

Lines of Context:
853
853
                               int ver, const u8 *dest, u16 proto,
854
854
                               u8 *msg, size_t msg_len, u8 *key_mic)
855
855
{
 
856
        if (memcmp(dest, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0 &&
 
857
            memcmp(sm->bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0) {
 
858
                /*
 
859
                 * Association event was not yet received; try to fetch
 
860
                 * BSSID from the driver.
 
861
                 */
 
862
                if (wpa_sm_get_bssid(sm, sm->bssid) < 0) {
 
863
                        wpa_printf(MSG_DEBUG, "WPA: Failed to read BSSID for "
 
864
                                   "EAPOL-Key destination address");
 
865
                } else {
 
866
                        dest = sm->bssid;
 
867
                        wpa_printf(MSG_DEBUG, "WPA: Use BSSID (" MACSTR
 
868
                                   ") as the destination for EAPOL-Key",
 
869
                                   MAC2STR(dest));
 
870
                }
 
871
        }
856
872
        if (key_mic) {
857
873
                wpa_eapol_key_mic(kck, ver, msg, msg_len, key_mic);
858
874
        }
1390
1406
 
1391
1407
 
1392
1408
static int wpa_supplicant_send_2_of_4(struct wpa_sm *sm,
1393
 
                                      const unsigned char *src_addr,
 
1409
                                      const unsigned char *dst,
1394
1410
                                      const struct wpa_eapol_key *key,
1395
1411
                                      int ver, const u8 *nonce,
1396
1412
                                      const u8 *wpa_ie, size_t wpa_ie_len,
1431
1447
        memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN);
1432
1448
 
1433
1449
        wpa_printf(MSG_DEBUG, "WPA: Sending EAPOL-Key 2/4");
1434
 
        wpa_eapol_key_send(sm, ptk->kck, ver, src_addr, ETH_P_EAPOL,
 
1450
        wpa_eapol_key_send(sm, ptk->kck, ver, dst, ETH_P_EAPOL,
1435
1451
                           rbuf, rlen, reply->key_mic);
1436
1452
 
1437
1453
        return 0;
1491
1507
         * been verified when processing message 3/4. */
1492
1508
        ptk = &sm->tptk;
1493
1509
        wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion",
1494
 
                       sm->own_addr, src_addr, sm->snonce, key->key_nonce,
 
1510
                       sm->own_addr, sm->bssid, sm->snonce, key->key_nonce,
1495
1511
                       (u8 *) ptk, sizeof(*ptk));
1496
1512
        /* Supplicant: swap tx/rx Mic keys */
1497
1513
        memcpy(buf, ptk->u.auth.tx_mic_key, 8);
1499
1515
        memcpy(ptk->u.auth.rx_mic_key, buf, 8);
1500
1516
        sm->tptk_set = 1;
1501
1517
 
1502
 
        if (wpa_supplicant_send_2_of_4(sm, src_addr, key, ver, sm->snonce,
 
1518
        if (wpa_supplicant_send_2_of_4(sm, sm->bssid, key, ver, sm->snonce,
1503
1519
                                       sm->assoc_wpa_ie, sm->assoc_wpa_ie_len,
1504
1520
                                       ptk))
1505
1521
                return;
1552
1568
 
1553
1569
 
1554
1570
static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
1555
 
                                      const unsigned char *src_addr,
1556
1571
                                      const struct wpa_eapol_key *key)
1557
1572
{
1558
1573
        int alg, keylen, rsclen;
1589
1604
                wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, rsclen);
1590
1605
        }
1591
1606
 
1592
 
        if (wpa_sm_set_key(sm, alg, src_addr, 0, 1, key_rsc, rsclen,
 
1607
        if (wpa_sm_set_key(sm, alg, sm->bssid, 0, 1, key_rsc, rsclen,
1593
1608
                           (u8 *) sm->ptk.tk1, keylen) < 0) {
1594
1609
                wpa_printf(MSG_WARNING, "WPA: Failed to set PTK to the "
1595
1610
                           "driver.");
1719
1734
 
1720
1735
 
1721
1736
static int wpa_supplicant_pairwise_gtk(struct wpa_sm *sm,
1722
 
                                       const unsigned char *src_addr,
1723
1737
                                       const struct wpa_eapol_key *key,
1724
1738
                                       const u8 *gtk, size_t gtk_len,
1725
1739
                                       int key_info)
1759
1773
                return -1;
1760
1774
        }
1761
1775
 
1762
 
        wpa_supplicant_key_neg_complete(sm, src_addr,
 
1776
        wpa_supplicant_key_neg_complete(sm, sm->bssid,
1763
1777
                                        key_info & WPA_KEY_INFO_SECURE);
1764
1778
        return 0;
1765
1779
#else /* CONFIG_NO_WPA2 */
1864
1878
 
1865
1879
 
1866
1880
static int wpa_supplicant_send_4_of_4(struct wpa_sm *sm,
1867
 
                                      const unsigned char *src_addr,
 
1881
                                      const unsigned char *dst,
1868
1882
                                      const struct wpa_eapol_key *key,
1869
1883
                                      u16 ver, u16 key_info,
1870
1884
                                      const u8 *kde, size_t kde_len,
1900
1914
                memcpy(reply + 1, kde, kde_len);
1901
1915
 
1902
1916
        wpa_printf(MSG_DEBUG, "WPA: Sending EAPOL-Key 4/4");
1903
 
        wpa_eapol_key_send(sm, ptk->kck, ver, src_addr, ETH_P_EAPOL,
 
1917
        wpa_eapol_key_send(sm, ptk->kck, ver, dst, ETH_P_EAPOL,
1904
1918
                           rbuf, rlen, reply->key_mic);
1905
1919
 
1906
1920
        return 0;
1908
1922
 
1909
1923
 
1910
1924
static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm,
1911
 
                                          const unsigned char *src_addr,
1912
1925
                                          const struct wpa_eapol_key *key,
1913
1926
                                          u16 ver)
1914
1927
{
1918
1931
 
1919
1932
        wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
1920
1933
        wpa_printf(MSG_DEBUG, "WPA: RX message 3 of 4-Way Handshake from "
1921
 
                   MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
 
1934
                   MACSTR " (ver=%d)", MAC2STR(sm->bssid), ver);
1922
1935
 
1923
1936
        key_info = WPA_GET_BE16(key->key_info);
1924
1937
 
1931
1944
                return;
1932
1945
        }
1933
1946
 
1934
 
        if (wpa_supplicant_validate_ie(sm, src_addr, &ie) < 0)
 
1947
        if (wpa_supplicant_validate_ie(sm, sm->bssid, &ie) < 0)
1935
1948
                return;
1936
1949
 
1937
1950
        if (memcmp(sm->anonce, key->key_nonce, WPA_NONCE_LEN) != 0) {
1938
1951
                wpa_printf(MSG_WARNING, "WPA: ANonce from message 1 of 4-Way "
1939
1952
                           "Handshake differs from 3 of 4-Way Handshake - drop"
1940
 
                           " packet (src=" MACSTR ")", MAC2STR(src_addr));
 
1953
                           " packet (src=" MACSTR ")", MAC2STR(sm->bssid));
1941
1954
                return;
1942
1955
        }
1943
1956
 
1947
1960
                if (keylen != 16) {
1948
1961
                        wpa_printf(MSG_WARNING, "WPA: Invalid CCMP key length "
1949
1962
                                   "%d (src=" MACSTR ")",
1950
 
                                   keylen, MAC2STR(src_addr));
 
1963
                                   keylen, MAC2STR(sm->bssid));
1951
1964
                        return;
1952
1965
                }
1953
1966
                break;
1955
1968
                if (keylen != 32) {
1956
1969
                        wpa_printf(MSG_WARNING, "WPA: Invalid TKIP key length "
1957
1970
                                   "%d (src=" MACSTR ")",
1958
 
                                   keylen, MAC2STR(src_addr));
 
1971
                                   keylen, MAC2STR(sm->bssid));
1959
1972
                        return;
1960
1973
                }
1961
1974
                break;
1962
1975
        }
1963
1976
 
1964
 
        if (wpa_supplicant_send_4_of_4(sm, src_addr, key, ver, key_info,
 
1977
        if (wpa_supplicant_send_4_of_4(sm, sm->bssid, key, ver, key_info,
1965
1978
                                       NULL, 0, &sm->ptk))
1966
1979
                return;
1967
1980
 
1971
1984
        sm->renew_snonce = 1;
1972
1985
 
1973
1986
        if (key_info & WPA_KEY_INFO_INSTALL) {
1974
 
                wpa_supplicant_install_ptk(sm, src_addr, key);
 
1987
                wpa_supplicant_install_ptk(sm, key);
1975
1988
        }
1976
1989
 
1977
1990
        if (key_info & WPA_KEY_INFO_SECURE) {
1978
1991
                wpa_sm_mlme_setprotection(
1979
 
                        sm, src_addr, MLME_SETPROTECTION_PROTECT_TYPE_RX,
 
1992
                        sm, sm->bssid, MLME_SETPROTECTION_PROTECT_TYPE_RX,
1980
1993
                        MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
1981
1994
                eapol_sm_notify_portValid(sm->eapol, TRUE);
1982
1995
        }
1983
1996
        wpa_sm_set_state(sm, WPA_GROUP_HANDSHAKE);
1984
1997
 
1985
1998
        if (ie.gtk &&
1986
 
            wpa_supplicant_pairwise_gtk(sm, src_addr, key,
 
1999
            wpa_supplicant_pairwise_gtk(sm, key,
1987
2000
                                        ie.gtk, ie.gtk_len, key_info) < 0) {
1988
2001
                wpa_printf(MSG_INFO, "RSN: Failed to configure GTK");
1989
2002
        }
3073
3086
 
3074
3087
 
3075
3088
static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm,
3076
 
                                      const unsigned char *src_addr,
3077
3089
                                      const struct wpa_eapol_key *key,
3078
3090
                                      int ver, u16 key_info)
3079
3091
{
3101
3113
        WPA_PUT_BE16(reply->key_data_length, 0);
3102
3114
 
3103
3115
        wpa_printf(MSG_DEBUG, "WPA: Sending EAPOL-Key 2/2");
3104
 
        wpa_eapol_key_send(sm, sm->ptk.kck, ver, src_addr, ETH_P_EAPOL,
 
3116
        wpa_eapol_key_send(sm, sm->ptk.kck, ver, sm->bssid, ETH_P_EAPOL,
3105
3117
                           rbuf, rlen, reply->key_mic);
3106
3118
 
3107
3119
        return 0;
3149
3161
                return;
3150
3162
 
3151
3163
        if (wpa_supplicant_install_gtk(sm, &gd, key->key_rsc) ||
3152
 
            wpa_supplicant_send_2_of_2(sm, src_addr, key, ver, key_info))
 
3164
            wpa_supplicant_send_2_of_2(sm, key, ver, key_info))
3153
3165
                return;
3154
3166
 
3155
3167
        if (rekey) {
3156
3168
                wpa_msg(sm->ctx->ctx, MSG_INFO, "WPA: Group rekeying "
3157
3169
                        "completed with " MACSTR " [GTK=%s]",
3158
 
                        MAC2STR(src_addr), wpa_cipher_txt(sm->group_cipher));
 
3170
                        MAC2STR(sm->bssid), wpa_cipher_txt(sm->group_cipher));
3159
3171
                wpa_sm_set_state(sm, WPA_COMPLETED);
3160
3172
        } else {
3161
 
                wpa_supplicant_key_neg_complete(sm, src_addr,
 
3173
                wpa_supplicant_key_neg_complete(sm, sm->bssid,
3162
3174
                                                key_info &
3163
3175
                                                WPA_KEY_INFO_SECURE);
3164
3176
        }
3594
3606
#endif /* CONFIG_PEERKEY */
3595
3607
                if (key_info & WPA_KEY_INFO_MIC) {
3596
3608
                        /* 3/4 4-Way Handshake */
3597
 
                        wpa_supplicant_process_3_of_4(sm, src_addr, key, ver);
 
3609
                        wpa_supplicant_process_3_of_4(sm, key, ver);
3598
3610
                } else {
3599
3611
                        /* 1/4 4-Way Handshake */
3600
3612
                        wpa_supplicant_process_1_of_4(sm, src_addr, key,
3713
3725
int wpa_sm_get_mib(struct wpa_sm *sm, char *buf, size_t buflen)
3714
3726
{
3715
3727
        char pmkid_txt[PMKID_LEN * 2 + 1];
3716
 
        int rsna;
 
3728
        int rsna, ret;
3717
3729
        size_t len;
3718
3730
 
3719
3731
        if (sm->cur_pmksa) {
3729
3741
        else
3730
3742
                rsna = 0;
3731
3743
 
3732
 
        len = snprintf(buf, buflen,
 
3744
        ret = snprintf(buf, buflen,
3733
3745
                       "dot11RSNAOptionImplemented=TRUE\n"
3734
3746
                       "dot11RSNAPreauthenticationImplemented=TRUE\n"
3735
3747
                       "dot11RSNAEnabled=%s\n"
3748
3760
                       sm->dot11RSNAConfigPMKLifetime,
3749
3761
                       sm->dot11RSNAConfigPMKReauthThreshold,
3750
3762
                       sm->dot11RSNAConfigSATimeout);
3751
 
 
3752
 
        if (len >= buflen)
3753
 
                return len;
3754
 
 
3755
 
        len += snprintf(buf + len, buflen - len,
 
3763
        if (ret < 0 || (size_t) ret >= buflen)
 
3764
                return 0;
 
3765
        len = ret;
 
3766
 
 
3767
        ret = snprintf(buf + len, buflen - len,
3756
3768
                       "dot11RSNAAuthenticationSuiteSelected=" RSN_SUITE "\n"
3757
3769
                       "dot11RSNAPairwiseCipherSelected=" RSN_SUITE "\n"
3758
3770
                       "dot11RSNAGroupCipherSelected=" RSN_SUITE "\n"
3772
3784
                                                      sm->pairwise_cipher)),
3773
3785
                       RSN_SUITE_ARG(wpa_cipher_suite(sm, sm->group_cipher)),
3774
3786
                       sm->dot11RSNA4WayHandshakeFailures);
 
3787
        if (ret >= 0 && (size_t) ret < buflen)
 
3788
                len += ret;
3775
3789
 
3776
3790
        return (int) len;
3777
3791
}
4129
4143
                      int verbose)
4130
4144
{
4131
4145
        char *pos = buf, *end = buf + buflen;
 
4146
        int ret;
4132
4147
 
4133
 
        pos += snprintf(pos, end - pos,
4134
 
                        "pairwise_cipher=%s\n"
4135
 
                        "group_cipher=%s\n"
4136
 
                        "key_mgmt=%s\n",
4137
 
                        wpa_cipher_txt(sm->pairwise_cipher),
4138
 
                        wpa_cipher_txt(sm->group_cipher),
4139
 
                        wpa_key_mgmt_txt(sm->key_mgmt, sm->proto));
 
4148
        ret = snprintf(pos, end - pos,
 
4149
                       "pairwise_cipher=%s\n"
 
4150
                       "group_cipher=%s\n"
 
4151
                       "key_mgmt=%s\n",
 
4152
                       wpa_cipher_txt(sm->pairwise_cipher),
 
4153
                       wpa_cipher_txt(sm->group_cipher),
 
4154
                       wpa_key_mgmt_txt(sm->key_mgmt, sm->proto));
 
4155
        if (ret < 0 || ret >= end - pos)
 
4156
                return pos - buf;
 
4157
        pos += ret;
4140
4158
        return pos - buf;
4141
4159
}
4142
4160