ibss_rsn.c revision 214501
1214501Srpaulo/* 2214501Srpaulo * wpa_supplicant - IBSS RSN 3214501Srpaulo * Copyright (c) 2009, Jouni Malinen <j@w1.fi> 4214501Srpaulo * 5214501Srpaulo * This program is free software; you can redistribute it and/or modify 6214501Srpaulo * it under the terms of the GNU General Public License version 2 as 7214501Srpaulo * published by the Free Software Foundation. 8214501Srpaulo * 9214501Srpaulo * Alternatively, this software may be distributed under the terms of BSD 10214501Srpaulo * license. 11214501Srpaulo * 12214501Srpaulo * See README and COPYING for more details. 13214501Srpaulo */ 14214501Srpaulo 15214501Srpaulo#include "includes.h" 16214501Srpaulo 17214501Srpaulo#include "common.h" 18214501Srpaulo#include "l2_packet/l2_packet.h" 19214501Srpaulo#include "rsn_supp/wpa.h" 20214501Srpaulo#include "rsn_supp/wpa_ie.h" 21214501Srpaulo#include "ap/wpa_auth.h" 22214501Srpaulo#include "wpa_supplicant_i.h" 23214501Srpaulo#include "driver_i.h" 24214501Srpaulo#include "ibss_rsn.h" 25214501Srpaulo 26214501Srpaulo 27214501Srpaulostatic void ibss_rsn_free(struct ibss_rsn_peer *peer) 28214501Srpaulo{ 29214501Srpaulo wpa_auth_sta_deinit(peer->auth); 30214501Srpaulo wpa_sm_deinit(peer->supp); 31214501Srpaulo os_free(peer); 32214501Srpaulo} 33214501Srpaulo 34214501Srpaulo 35214501Srpaulostatic void supp_set_state(void *ctx, enum wpa_states state) 36214501Srpaulo{ 37214501Srpaulo struct ibss_rsn_peer *peer = ctx; 38214501Srpaulo peer->supp_state = state; 39214501Srpaulo} 40214501Srpaulo 41214501Srpaulo 42214501Srpaulostatic int supp_ether_send(void *ctx, const u8 *dest, u16 proto, const u8 *buf, 43214501Srpaulo size_t len) 44214501Srpaulo{ 45214501Srpaulo struct ibss_rsn_peer *peer = ctx; 46214501Srpaulo struct wpa_supplicant *wpa_s = peer->ibss_rsn->wpa_s; 47214501Srpaulo 48214501Srpaulo wpa_printf(MSG_DEBUG, "SUPP: %s(dest=" MACSTR " proto=0x%04x " 49214501Srpaulo "len=%lu)", 50214501Srpaulo __func__, MAC2STR(dest), proto, (unsigned long) len); 51214501Srpaulo 52214501Srpaulo if (wpa_s->l2) 53214501Srpaulo return l2_packet_send(wpa_s->l2, dest, proto, buf, len); 54214501Srpaulo 55214501Srpaulo return wpa_drv_send_eapol(wpa_s, dest, proto, buf, len); 56214501Srpaulo} 57214501Srpaulo 58214501Srpaulo 59214501Srpaulostatic u8 * supp_alloc_eapol(void *ctx, u8 type, const void *data, 60214501Srpaulo u16 data_len, size_t *msg_len, void **data_pos) 61214501Srpaulo{ 62214501Srpaulo struct ieee802_1x_hdr *hdr; 63214501Srpaulo 64214501Srpaulo wpa_printf(MSG_DEBUG, "SUPP: %s(type=%d data_len=%d)", 65214501Srpaulo __func__, type, data_len); 66214501Srpaulo 67214501Srpaulo *msg_len = sizeof(*hdr) + data_len; 68214501Srpaulo hdr = os_malloc(*msg_len); 69214501Srpaulo if (hdr == NULL) 70214501Srpaulo return NULL; 71214501Srpaulo 72214501Srpaulo hdr->version = 2; 73214501Srpaulo hdr->type = type; 74214501Srpaulo hdr->length = host_to_be16(data_len); 75214501Srpaulo 76214501Srpaulo if (data) 77214501Srpaulo os_memcpy(hdr + 1, data, data_len); 78214501Srpaulo else 79214501Srpaulo os_memset(hdr + 1, 0, data_len); 80214501Srpaulo 81214501Srpaulo if (data_pos) 82214501Srpaulo *data_pos = hdr + 1; 83214501Srpaulo 84214501Srpaulo return (u8 *) hdr; 85214501Srpaulo} 86214501Srpaulo 87214501Srpaulo 88214501Srpaulostatic int supp_get_beacon_ie(void *ctx) 89214501Srpaulo{ 90214501Srpaulo struct ibss_rsn_peer *peer = ctx; 91214501Srpaulo 92214501Srpaulo wpa_printf(MSG_DEBUG, "SUPP: %s", __func__); 93214501Srpaulo /* TODO: get correct RSN IE */ 94214501Srpaulo return wpa_sm_set_ap_rsn_ie(peer->supp, 95214501Srpaulo (u8 *) "\x30\x14\x01\x00" 96214501Srpaulo "\x00\x0f\xac\x04" 97214501Srpaulo "\x01\x00\x00\x0f\xac\x04" 98214501Srpaulo "\x01\x00\x00\x0f\xac\x02" 99214501Srpaulo "\x00\x00", 22); 100214501Srpaulo} 101214501Srpaulo 102214501Srpaulo 103214501Srpaulostatic int supp_set_key(void *ctx, enum wpa_alg alg, 104214501Srpaulo const u8 *addr, int key_idx, int set_tx, 105214501Srpaulo const u8 *seq, size_t seq_len, 106214501Srpaulo const u8 *key, size_t key_len) 107214501Srpaulo{ 108214501Srpaulo struct ibss_rsn_peer *peer = ctx; 109214501Srpaulo 110214501Srpaulo wpa_printf(MSG_DEBUG, "SUPP: %s(alg=%d addr=" MACSTR " key_idx=%d " 111214501Srpaulo "set_tx=%d)", 112214501Srpaulo __func__, alg, MAC2STR(addr), key_idx, set_tx); 113214501Srpaulo wpa_hexdump(MSG_DEBUG, "SUPP: set_key - seq", seq, seq_len); 114214501Srpaulo wpa_hexdump_key(MSG_DEBUG, "SUPP: set_key - key", key, key_len); 115214501Srpaulo 116214501Srpaulo if (key_idx == 0) { 117214501Srpaulo /* 118214501Srpaulo * In IBSS RSN, the pairwise key from the 4-way handshake 119214501Srpaulo * initiated by the peer with highest MAC address is used. 120214501Srpaulo */ 121214501Srpaulo if (os_memcmp(peer->ibss_rsn->wpa_s->own_addr, peer->addr, 122214501Srpaulo ETH_ALEN) > 0) { 123214501Srpaulo wpa_printf(MSG_DEBUG, "SUPP: Do not use this PTK"); 124214501Srpaulo return 0; 125214501Srpaulo } 126214501Srpaulo } 127214501Srpaulo 128214501Srpaulo return wpa_drv_set_key(peer->ibss_rsn->wpa_s, alg, addr, key_idx, 129214501Srpaulo set_tx, seq, seq_len, key, key_len); 130214501Srpaulo} 131214501Srpaulo 132214501Srpaulo 133214501Srpaulostatic void * supp_get_network_ctx(void *ctx) 134214501Srpaulo{ 135214501Srpaulo struct ibss_rsn_peer *peer = ctx; 136214501Srpaulo return wpa_supplicant_get_ssid(peer->ibss_rsn->wpa_s); 137214501Srpaulo} 138214501Srpaulo 139214501Srpaulo 140214501Srpaulostatic int supp_mlme_setprotection(void *ctx, const u8 *addr, 141214501Srpaulo int protection_type, int key_type) 142214501Srpaulo{ 143214501Srpaulo wpa_printf(MSG_DEBUG, "SUPP: %s(addr=" MACSTR " protection_type=%d " 144214501Srpaulo "key_type=%d)", 145214501Srpaulo __func__, MAC2STR(addr), protection_type, key_type); 146214501Srpaulo return 0; 147214501Srpaulo} 148214501Srpaulo 149214501Srpaulo 150214501Srpaulostatic void supp_cancel_auth_timeout(void *ctx) 151214501Srpaulo{ 152214501Srpaulo wpa_printf(MSG_DEBUG, "SUPP: %s", __func__); 153214501Srpaulo} 154214501Srpaulo 155214501Srpaulo 156214501Srpauloint ibss_rsn_supp_init(struct ibss_rsn_peer *peer, const u8 *own_addr, 157214501Srpaulo const u8 *psk) 158214501Srpaulo{ 159214501Srpaulo struct wpa_sm_ctx *ctx = os_zalloc(sizeof(*ctx)); 160214501Srpaulo if (ctx == NULL) 161214501Srpaulo return -1; 162214501Srpaulo 163214501Srpaulo ctx->ctx = peer; 164214501Srpaulo ctx->msg_ctx = peer->ibss_rsn->wpa_s; 165214501Srpaulo ctx->set_state = supp_set_state; 166214501Srpaulo ctx->ether_send = supp_ether_send; 167214501Srpaulo ctx->get_beacon_ie = supp_get_beacon_ie; 168214501Srpaulo ctx->alloc_eapol = supp_alloc_eapol; 169214501Srpaulo ctx->set_key = supp_set_key; 170214501Srpaulo ctx->get_network_ctx = supp_get_network_ctx; 171214501Srpaulo ctx->mlme_setprotection = supp_mlme_setprotection; 172214501Srpaulo ctx->cancel_auth_timeout = supp_cancel_auth_timeout; 173214501Srpaulo peer->supp = wpa_sm_init(ctx); 174214501Srpaulo if (peer->supp == NULL) { 175214501Srpaulo wpa_printf(MSG_DEBUG, "SUPP: wpa_sm_init() failed"); 176214501Srpaulo return -1; 177214501Srpaulo } 178214501Srpaulo 179214501Srpaulo wpa_sm_set_own_addr(peer->supp, own_addr); 180214501Srpaulo wpa_sm_set_param(peer->supp, WPA_PARAM_RSN_ENABLED, 1); 181214501Srpaulo wpa_sm_set_param(peer->supp, WPA_PARAM_PROTO, WPA_PROTO_RSN); 182214501Srpaulo wpa_sm_set_param(peer->supp, WPA_PARAM_PAIRWISE, WPA_CIPHER_CCMP); 183214501Srpaulo wpa_sm_set_param(peer->supp, WPA_PARAM_GROUP, WPA_CIPHER_CCMP); 184214501Srpaulo wpa_sm_set_param(peer->supp, WPA_PARAM_KEY_MGMT, WPA_KEY_MGMT_PSK); 185214501Srpaulo wpa_sm_set_pmk(peer->supp, psk, PMK_LEN); 186214501Srpaulo 187214501Srpaulo peer->supp_ie_len = sizeof(peer->supp_ie); 188214501Srpaulo if (wpa_sm_set_assoc_wpa_ie_default(peer->supp, peer->supp_ie, 189214501Srpaulo &peer->supp_ie_len) < 0) { 190214501Srpaulo wpa_printf(MSG_DEBUG, "SUPP: wpa_sm_set_assoc_wpa_ie_default()" 191214501Srpaulo " failed"); 192214501Srpaulo return -1; 193214501Srpaulo } 194214501Srpaulo 195214501Srpaulo wpa_sm_notify_assoc(peer->supp, peer->addr); 196214501Srpaulo 197214501Srpaulo return 0; 198214501Srpaulo} 199214501Srpaulo 200214501Srpaulo 201214501Srpaulostatic void auth_logger(void *ctx, const u8 *addr, logger_level level, 202214501Srpaulo const char *txt) 203214501Srpaulo{ 204214501Srpaulo if (addr) 205214501Srpaulo wpa_printf(MSG_DEBUG, "AUTH: " MACSTR " - %s", 206214501Srpaulo MAC2STR(addr), txt); 207214501Srpaulo else 208214501Srpaulo wpa_printf(MSG_DEBUG, "AUTH: %s", txt); 209214501Srpaulo} 210214501Srpaulo 211214501Srpaulo 212214501Srpaulostatic const u8 * auth_get_psk(void *ctx, const u8 *addr, const u8 *prev_psk) 213214501Srpaulo{ 214214501Srpaulo struct ibss_rsn *ibss_rsn = ctx; 215214501Srpaulo wpa_printf(MSG_DEBUG, "AUTH: %s (addr=" MACSTR " prev_psk=%p)", 216214501Srpaulo __func__, MAC2STR(addr), prev_psk); 217214501Srpaulo if (prev_psk) 218214501Srpaulo return NULL; 219214501Srpaulo return ibss_rsn->psk; 220214501Srpaulo} 221214501Srpaulo 222214501Srpaulo 223214501Srpaulostatic int auth_send_eapol(void *ctx, const u8 *addr, const u8 *data, 224214501Srpaulo size_t data_len, int encrypt) 225214501Srpaulo{ 226214501Srpaulo struct ibss_rsn *ibss_rsn = ctx; 227214501Srpaulo struct wpa_supplicant *wpa_s = ibss_rsn->wpa_s; 228214501Srpaulo 229214501Srpaulo wpa_printf(MSG_DEBUG, "AUTH: %s(addr=" MACSTR " data_len=%lu " 230214501Srpaulo "encrypt=%d)", 231214501Srpaulo __func__, MAC2STR(addr), (unsigned long) data_len, encrypt); 232214501Srpaulo 233214501Srpaulo if (wpa_s->l2) 234214501Srpaulo return l2_packet_send(wpa_s->l2, addr, ETH_P_EAPOL, data, 235214501Srpaulo data_len); 236214501Srpaulo 237214501Srpaulo return wpa_drv_send_eapol(wpa_s, addr, ETH_P_EAPOL, data, data_len); 238214501Srpaulo} 239214501Srpaulo 240214501Srpaulo 241214501Srpaulostatic int auth_set_key(void *ctx, int vlan_id, enum wpa_alg alg, 242214501Srpaulo const u8 *addr, int idx, u8 *key, size_t key_len) 243214501Srpaulo{ 244214501Srpaulo struct ibss_rsn *ibss_rsn = ctx; 245214501Srpaulo u8 seq[6]; 246214501Srpaulo 247214501Srpaulo os_memset(seq, 0, sizeof(seq)); 248214501Srpaulo 249214501Srpaulo if (addr) { 250214501Srpaulo wpa_printf(MSG_DEBUG, "AUTH: %s(alg=%d addr=" MACSTR 251214501Srpaulo " key_idx=%d)", 252214501Srpaulo __func__, alg, MAC2STR(addr), idx); 253214501Srpaulo } else { 254214501Srpaulo wpa_printf(MSG_DEBUG, "AUTH: %s(alg=%d key_idx=%d)", 255214501Srpaulo __func__, alg, idx); 256214501Srpaulo } 257214501Srpaulo wpa_hexdump_key(MSG_DEBUG, "AUTH: set_key - key", key, key_len); 258214501Srpaulo 259214501Srpaulo if (idx == 0) { 260214501Srpaulo /* 261214501Srpaulo * In IBSS RSN, the pairwise key from the 4-way handshake 262214501Srpaulo * initiated by the peer with highest MAC address is used. 263214501Srpaulo */ 264214501Srpaulo if (addr == NULL || 265214501Srpaulo os_memcmp(ibss_rsn->wpa_s->own_addr, addr, ETH_ALEN) < 0) { 266214501Srpaulo wpa_printf(MSG_DEBUG, "AUTH: Do not use this PTK"); 267214501Srpaulo return 0; 268214501Srpaulo } 269214501Srpaulo } 270214501Srpaulo 271214501Srpaulo return wpa_drv_set_key(ibss_rsn->wpa_s, alg, addr, idx, 272214501Srpaulo 1, seq, 6, key, key_len); 273214501Srpaulo} 274214501Srpaulo 275214501Srpaulo 276214501Srpaulostatic int ibss_rsn_auth_init_group(struct ibss_rsn *ibss_rsn, 277214501Srpaulo const u8 *own_addr) 278214501Srpaulo{ 279214501Srpaulo struct wpa_auth_config conf; 280214501Srpaulo struct wpa_auth_callbacks cb; 281214501Srpaulo 282214501Srpaulo wpa_printf(MSG_DEBUG, "AUTH: Initializing group state machine"); 283214501Srpaulo 284214501Srpaulo os_memset(&conf, 0, sizeof(conf)); 285214501Srpaulo conf.wpa = 2; 286214501Srpaulo conf.wpa_key_mgmt = WPA_KEY_MGMT_PSK; 287214501Srpaulo conf.wpa_pairwise = WPA_CIPHER_CCMP; 288214501Srpaulo conf.rsn_pairwise = WPA_CIPHER_CCMP; 289214501Srpaulo conf.wpa_group = WPA_CIPHER_CCMP; 290214501Srpaulo conf.eapol_version = 2; 291214501Srpaulo 292214501Srpaulo os_memset(&cb, 0, sizeof(cb)); 293214501Srpaulo cb.ctx = ibss_rsn; 294214501Srpaulo cb.logger = auth_logger; 295214501Srpaulo cb.send_eapol = auth_send_eapol; 296214501Srpaulo cb.get_psk = auth_get_psk; 297214501Srpaulo cb.set_key = auth_set_key; 298214501Srpaulo 299214501Srpaulo ibss_rsn->auth_group = wpa_init(own_addr, &conf, &cb); 300214501Srpaulo if (ibss_rsn->auth_group == NULL) { 301214501Srpaulo wpa_printf(MSG_DEBUG, "AUTH: wpa_init() failed"); 302214501Srpaulo return -1; 303214501Srpaulo } 304214501Srpaulo 305214501Srpaulo return 0; 306214501Srpaulo} 307214501Srpaulo 308214501Srpaulo 309214501Srpaulostatic int ibss_rsn_auth_init(struct ibss_rsn *ibss_rsn, 310214501Srpaulo struct ibss_rsn_peer *peer) 311214501Srpaulo{ 312214501Srpaulo peer->auth = wpa_auth_sta_init(ibss_rsn->auth_group, peer->addr); 313214501Srpaulo if (peer->auth == NULL) { 314214501Srpaulo wpa_printf(MSG_DEBUG, "AUTH: wpa_auth_sta_init() failed"); 315214501Srpaulo return -1; 316214501Srpaulo } 317214501Srpaulo 318214501Srpaulo /* TODO: get peer RSN IE with Probe Request */ 319214501Srpaulo if (wpa_validate_wpa_ie(ibss_rsn->auth_group, peer->auth, 320214501Srpaulo (u8 *) "\x30\x14\x01\x00" 321214501Srpaulo "\x00\x0f\xac\x04" 322214501Srpaulo "\x01\x00\x00\x0f\xac\x04" 323214501Srpaulo "\x01\x00\x00\x0f\xac\x02" 324214501Srpaulo "\x00\x00", 22, NULL, 0) != 325214501Srpaulo WPA_IE_OK) { 326214501Srpaulo wpa_printf(MSG_DEBUG, "AUTH: wpa_validate_wpa_ie() failed"); 327214501Srpaulo return -1; 328214501Srpaulo } 329214501Srpaulo 330214501Srpaulo if (wpa_auth_sm_event(peer->auth, WPA_ASSOC)) 331214501Srpaulo return -1; 332214501Srpaulo 333214501Srpaulo if (wpa_auth_sta_associated(ibss_rsn->auth_group, peer->auth)) 334214501Srpaulo return -1; 335214501Srpaulo 336214501Srpaulo return 0; 337214501Srpaulo} 338214501Srpaulo 339214501Srpaulo 340214501Srpauloint ibss_rsn_start(struct ibss_rsn *ibss_rsn, const u8 *addr) 341214501Srpaulo{ 342214501Srpaulo struct ibss_rsn_peer *peer; 343214501Srpaulo 344214501Srpaulo wpa_printf(MSG_DEBUG, "RSN: Starting IBSS Authenticator and " 345214501Srpaulo "Supplicant for peer " MACSTR, MAC2STR(addr)); 346214501Srpaulo 347214501Srpaulo peer = os_zalloc(sizeof(*peer)); 348214501Srpaulo if (peer == NULL) 349214501Srpaulo return -1; 350214501Srpaulo 351214501Srpaulo peer->ibss_rsn = ibss_rsn; 352214501Srpaulo os_memcpy(peer->addr, addr, ETH_ALEN); 353214501Srpaulo 354214501Srpaulo if (ibss_rsn_supp_init(peer, ibss_rsn->wpa_s->own_addr, ibss_rsn->psk) 355214501Srpaulo < 0) { 356214501Srpaulo ibss_rsn_free(peer); 357214501Srpaulo return -1; 358214501Srpaulo } 359214501Srpaulo 360214501Srpaulo if (ibss_rsn_auth_init(ibss_rsn, peer) < 0) { 361214501Srpaulo ibss_rsn_free(peer); 362214501Srpaulo return -1; 363214501Srpaulo } 364214501Srpaulo 365214501Srpaulo peer->next = ibss_rsn->peers; 366214501Srpaulo ibss_rsn->peers = peer; 367214501Srpaulo 368214501Srpaulo return 0; 369214501Srpaulo} 370214501Srpaulo 371214501Srpaulo 372214501Srpaulostruct ibss_rsn * ibss_rsn_init(struct wpa_supplicant *wpa_s) 373214501Srpaulo{ 374214501Srpaulo struct ibss_rsn *ibss_rsn; 375214501Srpaulo 376214501Srpaulo ibss_rsn = os_zalloc(sizeof(*ibss_rsn)); 377214501Srpaulo if (ibss_rsn == NULL) 378214501Srpaulo return NULL; 379214501Srpaulo ibss_rsn->wpa_s = wpa_s; 380214501Srpaulo 381214501Srpaulo if (ibss_rsn_auth_init_group(ibss_rsn, wpa_s->own_addr) < 0) { 382214501Srpaulo ibss_rsn_deinit(ibss_rsn); 383214501Srpaulo return NULL; 384214501Srpaulo } 385214501Srpaulo 386214501Srpaulo return ibss_rsn; 387214501Srpaulo} 388214501Srpaulo 389214501Srpaulo 390214501Srpaulovoid ibss_rsn_deinit(struct ibss_rsn *ibss_rsn) 391214501Srpaulo{ 392214501Srpaulo struct ibss_rsn_peer *peer, *prev; 393214501Srpaulo 394214501Srpaulo if (ibss_rsn == NULL) 395214501Srpaulo return; 396214501Srpaulo 397214501Srpaulo peer = ibss_rsn->peers; 398214501Srpaulo while (peer) { 399214501Srpaulo prev = peer; 400214501Srpaulo peer = peer->next; 401214501Srpaulo ibss_rsn_free(prev); 402214501Srpaulo } 403214501Srpaulo 404214501Srpaulo wpa_deinit(ibss_rsn->auth_group); 405214501Srpaulo os_free(ibss_rsn); 406214501Srpaulo 407214501Srpaulo} 408214501Srpaulo 409214501Srpaulo 410214501Srpaulostatic int ibss_rsn_eapol_dst_supp(const u8 *buf, size_t len) 411214501Srpaulo{ 412214501Srpaulo const struct ieee802_1x_hdr *hdr; 413214501Srpaulo const struct wpa_eapol_key *key; 414214501Srpaulo u16 key_info; 415214501Srpaulo size_t plen; 416214501Srpaulo 417214501Srpaulo /* TODO: Support other EAPOL packets than just EAPOL-Key */ 418214501Srpaulo 419214501Srpaulo if (len < sizeof(*hdr) + sizeof(*key)) 420214501Srpaulo return -1; 421214501Srpaulo 422214501Srpaulo hdr = (const struct ieee802_1x_hdr *) buf; 423214501Srpaulo key = (const struct wpa_eapol_key *) (hdr + 1); 424214501Srpaulo plen = be_to_host16(hdr->length); 425214501Srpaulo 426214501Srpaulo if (hdr->version < EAPOL_VERSION) { 427214501Srpaulo /* TODO: backwards compatibility */ 428214501Srpaulo } 429214501Srpaulo if (hdr->type != IEEE802_1X_TYPE_EAPOL_KEY) { 430214501Srpaulo wpa_printf(MSG_DEBUG, "RSN: EAPOL frame (type %u) discarded, " 431214501Srpaulo "not a Key frame", hdr->type); 432214501Srpaulo return -1; 433214501Srpaulo } 434214501Srpaulo if (plen > len - sizeof(*hdr) || plen < sizeof(*key)) { 435214501Srpaulo wpa_printf(MSG_DEBUG, "RSN: EAPOL frame payload size %lu " 436214501Srpaulo "invalid (frame size %lu)", 437214501Srpaulo (unsigned long) plen, (unsigned long) len); 438214501Srpaulo return -1; 439214501Srpaulo } 440214501Srpaulo 441214501Srpaulo if (key->type != EAPOL_KEY_TYPE_RSN) { 442214501Srpaulo wpa_printf(MSG_DEBUG, "RSN: EAPOL-Key type (%d) unknown, " 443214501Srpaulo "discarded", key->type); 444214501Srpaulo return -1; 445214501Srpaulo } 446214501Srpaulo 447214501Srpaulo key_info = WPA_GET_BE16(key->key_info); 448214501Srpaulo 449214501Srpaulo return !!(key_info & WPA_KEY_INFO_ACK); 450214501Srpaulo} 451214501Srpaulo 452214501Srpaulo 453214501Srpaulostatic int ibss_rsn_process_rx_eapol(struct ibss_rsn *ibss_rsn, 454214501Srpaulo struct ibss_rsn_peer *peer, 455214501Srpaulo const u8 *buf, size_t len) 456214501Srpaulo{ 457214501Srpaulo int supp; 458214501Srpaulo u8 *tmp; 459214501Srpaulo 460214501Srpaulo supp = ibss_rsn_eapol_dst_supp(buf, len); 461214501Srpaulo if (supp < 0) 462214501Srpaulo return -1; 463214501Srpaulo 464214501Srpaulo tmp = os_malloc(len); 465214501Srpaulo if (tmp == NULL) 466214501Srpaulo return -1; 467214501Srpaulo os_memcpy(tmp, buf, len); 468214501Srpaulo if (supp) { 469214501Srpaulo wpa_printf(MSG_DEBUG, "RSN: IBSS RX EAPOL for Supplicant"); 470214501Srpaulo wpa_sm_rx_eapol(peer->supp, peer->addr, tmp, len); 471214501Srpaulo } else { 472214501Srpaulo wpa_printf(MSG_DEBUG, "RSN: IBSS RX EAPOL for Authenticator"); 473214501Srpaulo wpa_receive(ibss_rsn->auth_group, peer->auth, tmp, len); 474214501Srpaulo } 475214501Srpaulo os_free(tmp); 476214501Srpaulo 477214501Srpaulo return 1; 478214501Srpaulo} 479214501Srpaulo 480214501Srpaulo 481214501Srpauloint ibss_rsn_rx_eapol(struct ibss_rsn *ibss_rsn, const u8 *src_addr, 482214501Srpaulo const u8 *buf, size_t len) 483214501Srpaulo{ 484214501Srpaulo struct ibss_rsn_peer *peer; 485214501Srpaulo 486214501Srpaulo for (peer = ibss_rsn->peers; peer; peer = peer->next) { 487214501Srpaulo if (os_memcmp(src_addr, peer->addr, ETH_ALEN) == 0) 488214501Srpaulo return ibss_rsn_process_rx_eapol(ibss_rsn, peer, 489214501Srpaulo buf, len); 490214501Srpaulo } 491214501Srpaulo 492214501Srpaulo if (ibss_rsn_eapol_dst_supp(buf, len) > 0) { 493214501Srpaulo /* 494214501Srpaulo * Create new IBSS peer based on an EAPOL message from the peer 495214501Srpaulo * Authenticator. 496214501Srpaulo */ 497214501Srpaulo if (ibss_rsn_start(ibss_rsn, src_addr) < 0) 498214501Srpaulo return -1; 499214501Srpaulo return ibss_rsn_process_rx_eapol(ibss_rsn, ibss_rsn->peers, 500214501Srpaulo buf, len); 501214501Srpaulo } 502214501Srpaulo 503214501Srpaulo return 0; 504214501Srpaulo} 505214501Srpaulo 506214501Srpaulo 507214501Srpaulovoid ibss_rsn_set_psk(struct ibss_rsn *ibss_rsn, const u8 *psk) 508214501Srpaulo{ 509214501Srpaulo os_memcpy(ibss_rsn->psk, psk, PMK_LEN); 510214501Srpaulo} 511