← Back to branch summary

~ubuntu-branches/ubuntu/precise/wpasupplicant/precise-security

« back to all changes in this revision

Viewing changes to src/rsn_supp/wpa.c

  • Committer: Bazaar Package Importer
  • Author(s): Kel Modderman
  • Date: 2009-05-16 03:47:08 UTC
  • mfrom: (4.1.5 karmic)
  • Revision ID: james.westby@ubuntu.com-20090516034708-pkqje2dgvhj6tb2i
Tags: 0.6.9-3
http://bugs.debian.org/528639
Drop debian/patches/12_syslog_supplement.patch. It adds code which
attempts to prettify output but doesn't handle large output well.
(Closes: #528639)

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/rsn_supp/wpa.c
77
77
        case WPA_KEY_MGMT_FT_PSK:
78
78
                return "FT-PSK";
79
79
#endif /* CONFIG_IEEE80211R */
 
80
#ifdef CONFIG_IEEE80211W
 
81
        case WPA_KEY_MGMT_IEEE8021X_SHA256:
 
82
                return "WPA2-EAP-SHA256";
 
83
        case WPA_KEY_MGMT_PSK_SHA256:
 
84
                return "WPA2-PSK-SHA256";
 
85
#endif /* CONFIG_IEEE80211W */
80
86
        default:
81
87
                return "UNKNOWN";
82
88
        }
127
133
 * @sm: Pointer to WPA state machine data from wpa_sm_init()
128
134
 * @error: Indicate whether this is an Michael MIC error report
129
135
 * @pairwise: 1 = error report for pairwise packet, 0 = for group packet
130
 
 * Returns: Pointer to the current network structure or %NULL on failure
131
136
 *
132
137
 * Send an EAPOL-Key Request to the current authenticator. This function is
133
138
 * used to request rekeying and it is usually called when a local Michael MIC
140
145
        int key_info, ver;
141
146
        u8 bssid[ETH_ALEN], *rbuf;
142
147
 
143
 
        if (sm->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X ||
144
 
            sm->key_mgmt == WPA_KEY_MGMT_FT_PSK)
 
148
        if (wpa_key_mgmt_ft(sm->key_mgmt) || wpa_key_mgmt_sha256(sm->key_mgmt))
145
149
                ver = WPA_KEY_INFO_TYPE_AES_128_CMAC;
146
150
        else if (sm->pairwise_cipher == WPA_CIPHER_CCMP)
147
151
                ver = WPA_KEY_INFO_TYPE_HMAC_SHA1_AES;
216
220
#ifdef CONFIG_IEEE80211R
217
221
                sm->xxkey_len = 0;
218
222
#endif /* CONFIG_IEEE80211R */
219
 
        } else if ((sm->key_mgmt == WPA_KEY_MGMT_IEEE8021X ||
220
 
                    sm->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X) && sm->eapol) {
 
223
        } else if (wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt) && sm->eapol) {
221
224
                int res, pmk_len;
222
225
                pmk_len = PMK_LEN;
223
226
                res = eapol_sm_get_key(sm->eapol, sm->pmk, PMK_LEN);
244
247
                                        "machines", sm->pmk, pmk_len);
245
248
                        sm->pmk_len = pmk_len;
246
249
                        pmksa_cache_add(sm->pmksa, sm->pmk, pmk_len, src_addr,
247
 
                                        sm->own_addr, sm->network_ctx);
 
250
                                        sm->own_addr, sm->network_ctx,
 
251
                                        sm->key_mgmt);
248
252
                        if (!sm->cur_pmksa && pmkid &&
249
253
                            pmksa_cache_get(sm->pmksa, src_addr, pmkid)) {
250
254
                                wpa_printf(MSG_DEBUG, "RSN: the new PMK "
262
266
                                           "caching attempt");
263
267
                                sm->cur_pmksa = NULL;
264
268
                                abort_cached = 1;
265
 
                        } else {
 
269
                        } else if (!abort_cached) {
266
270
                                return -1;
267
271
                        }
268
272
                }
269
273
        }
270
274
 
271
 
        if (abort_cached && (sm->key_mgmt == WPA_KEY_MGMT_IEEE8021X ||
272
 
                             sm->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X)) {
 
275
        if (abort_cached && wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) {
273
276
                /* Send EAPOL-Start to trigger full EAP authentication. */
274
277
                u8 *buf;
275
278
                size_t buflen;
356
359
                          struct wpa_ptk *ptk)
357
360
{
358
361
#ifdef CONFIG_IEEE80211R
359
 
        if (sm->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X ||
360
 
            sm->key_mgmt == WPA_KEY_MGMT_FT_PSK)
 
362
        if (wpa_key_mgmt_ft(sm->key_mgmt))
361
363
                return wpa_derive_ptk_ft(sm, src_addr, key, ptk);
362
364
#endif /* CONFIG_IEEE80211R */
363
365
 
364
366
        wpa_pmk_to_ptk(sm->pmk, sm->pmk_len, "Pairwise key expansion",
365
367
                       sm->own_addr, sm->bssid, sm->snonce, key->key_nonce,
366
 
                       (u8 *) ptk, sizeof(*ptk));
 
368
                       (u8 *) ptk, sizeof(*ptk),
 
369
                       wpa_key_mgmt_sha256(sm->key_mgmt));
367
370
        return 0;
368
371
}
369
372
 
458
461
                        sm, addr, MLME_SETPROTECTION_PROTECT_TYPE_RX_TX,
459
462
                        MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
460
463
                eapol_sm_notify_portValid(sm->eapol, TRUE);
461
 
                if (sm->key_mgmt == WPA_KEY_MGMT_PSK ||
462
 
                    sm->key_mgmt == WPA_KEY_MGMT_FT_PSK)
 
464
                if (wpa_key_mgmt_wpa_psk(sm->key_mgmt))
463
465
                        eapol_sm_notify_eap_success(sm->eapol, TRUE);
464
466
                /*
465
467
                 * Start preauthentication after a short wait to avoid a
478
480
        }
479
481
 
480
482
#ifdef CONFIG_IEEE80211R
481
 
        if (sm->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X ||
482
 
            sm->key_mgmt == WPA_KEY_MGMT_FT_PSK) {
 
483
        if (wpa_key_mgmt_ft(sm->key_mgmt)) {
483
484
                /* Prepare for the next transition */
484
485
                wpa_ft_prepare_auth_request(sm);
485
486
        }
487
488
}
488
489
 
489
490
 
 
491
static void wpa_sm_rekey_ptk(void *eloop_ctx, void *timeout_ctx)
 
492
{
 
493
        struct wpa_sm *sm = eloop_ctx;
 
494
        wpa_printf(MSG_DEBUG, "WPA: Request PTK rekeying");
 
495
        wpa_sm_key_request(sm, 0, 1);
 
496
}
 
497
 
 
498
 
490
499
static int wpa_supplicant_install_ptk(struct wpa_sm *sm,
491
500
                                      const struct wpa_eapol_key *key)
492
501
{
531
540
                           "driver.");
532
541
                return -1;
533
542
        }
 
543
 
 
544
        if (sm->wpa_ptk_rekey) {
 
545
                eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
 
546
                eloop_register_timeout(sm->wpa_ptk_rekey, 0, wpa_sm_rekey_ptk,
 
547
                                       sm, NULL);
 
548
        }
 
549
 
534
550
        return 0;
535
551
}
536
552
 
834
850
        }
835
851
 
836
852
#ifdef CONFIG_IEEE80211R
837
 
        if (sm->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X ||
838
 
            sm->key_mgmt == WPA_KEY_MGMT_FT_PSK) {
 
853
        if (wpa_key_mgmt_ft(sm->key_mgmt)) {
839
854
                struct rsn_mdie *mdie;
840
855
                /* TODO: verify that full MDIE matches with the one from scan
841
856
                 * results, not only mobility domain */
1453
1468
        key_info = WPA_GET_BE16(key->key_info);
1454
1469
        ver = key_info & WPA_KEY_INFO_TYPE_MASK;
1455
1470
        if (ver != WPA_KEY_INFO_TYPE_HMAC_MD5_RC4 &&
1456
 
#ifdef CONFIG_IEEE80211R
 
1471
#if defined(CONFIG_IEEE80211R) || defined(CONFIG_IEEE80211W)
1457
1472
            ver != WPA_KEY_INFO_TYPE_AES_128_CMAC &&
1458
 
#endif /* CONFIG_IEEE80211R */
 
1473
#endif /* CONFIG_IEEE80211R || CONFIG_IEEE80211W */
1459
1474
            ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1460
1475
                wpa_printf(MSG_INFO, "WPA: Unsupported EAPOL-Key descriptor "
1461
1476
                           "version %d.", ver);
1463
1478
        }
1464
1479
 
1465
1480
#ifdef CONFIG_IEEE80211R
1466
 
        if (sm->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X ||
1467
 
            sm->key_mgmt == WPA_KEY_MGMT_FT_PSK) {
 
1481
        if (wpa_key_mgmt_ft(sm->key_mgmt)) {
1468
1482
                /* IEEE 802.11r uses a new key_info type (AES-128-CMAC). */
1469
1483
                if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
1470
1484
                        wpa_printf(MSG_INFO, "FT: AP did not use "
1473
1487
                }
1474
1488
        } else
1475
1489
#endif /* CONFIG_IEEE80211R */
 
1490
#ifdef CONFIG_IEEE80211W
 
1491
        if (wpa_key_mgmt_sha256(sm->key_mgmt)) {
 
1492
                if (ver != WPA_KEY_INFO_TYPE_AES_128_CMAC) {
 
1493
                        wpa_printf(MSG_INFO, "WPA: AP did not use the "
 
1494
                                   "negotiated AES-128-CMAC.");
 
1495
                        goto out;
 
1496
                }
 
1497
        } else
 
1498
#endif /* CONFIG_IEEE80211W */
1476
1499
        if (sm->pairwise_cipher == WPA_CIPHER_CCMP &&
1477
1500
            ver != WPA_KEY_INFO_TYPE_HMAC_SHA1_AES) {
1478
1501
                wpa_printf(MSG_INFO, "WPA: CCMP is used, but EAPOL-Key "
1651
1674
        case WPA_KEY_MGMT_FT_PSK:
1652
1675
                return RSN_AUTH_KEY_MGMT_FT_PSK;
1653
1676
#endif /* CONFIG_IEEE80211R */
 
1677
#ifdef CONFIG_IEEE80211W
 
1678
        case WPA_KEY_MGMT_IEEE8021X_SHA256:
 
1679
                return RSN_AUTH_KEY_MGMT_802_1X_SHA256;
 
1680
        case WPA_KEY_MGMT_PSK_SHA256:
 
1681
                return RSN_AUTH_KEY_MGMT_PSK_SHA256;
 
1682
#endif /* CONFIG_IEEE80211W */
1654
1683
        case WPA_KEY_MGMT_WPA_NONE:
1655
1684
                return WPA_AUTH_KEY_MGMT_NONE;
1656
1685
        default:
1708
1737
        } else
1709
1738
                pmkid_txt[0] = '\0';
1710
1739
 
1711
 
        if ((sm->key_mgmt == WPA_KEY_MGMT_PSK ||
1712
 
             sm->key_mgmt == WPA_KEY_MGMT_IEEE8021X ||
1713
 
             sm->key_mgmt == WPA_KEY_MGMT_FT_PSK ||
1714
 
             sm->key_mgmt == WPA_KEY_MGMT_FT_IEEE8021X) &&
 
1740
        if ((wpa_key_mgmt_wpa_psk(sm->key_mgmt) ||
 
1741
             wpa_key_mgmt_wpa_ieee8021x(sm->key_mgmt)) &&
1715
1742
            sm->proto == WPA_PROTO_RSN)
1716
1743
                rsna = 1;
1717
1744
        else
1836
1863
                return;
1837
1864
        pmksa_cache_deinit(sm->pmksa);
1838
1865
        eloop_cancel_timeout(wpa_sm_start_preauth, sm, NULL);
 
1866
        eloop_cancel_timeout(wpa_sm_rekey_ptk, sm, NULL);
1839
1867
        os_free(sm->assoc_wpa_ie);
1840
1868
        os_free(sm->ap_wpa_ie);
1841
1869
        os_free(sm->ap_rsn_ie);
2005
2033
                        sm->ssid_len = config->ssid_len;
2006
2034
                } else
2007
2035
                        sm->ssid_len = 0;
 
2036
                sm->wpa_ptk_rekey = config->wpa_ptk_rekey;
2008
2037
        } else {
2009
2038
                sm->network_ctx = NULL;
2010
2039
                sm->peerkey_enabled = 0;
2013
2042
                sm->eap_workaround = 0;
2014
2043
                sm->eap_conf_ctx = NULL;
2015
2044
                sm->ssid_len = 0;
 
2045
                sm->wpa_ptk_rekey = 0;
2016
2046
        }
2017
2047
        if (config == NULL || config->network_ctx != sm->network_ctx)
2018
2048
                pmksa_cache_notify_reconfig(sm->pmksa);