mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-29 02:38:22 -05:00
FILS: Move authentication response handling into a helper function
This can be reused when splitting handle_auth_fils() to support the driver-based AP SME case. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit is contained in:
parent
b8a3453aca
commit
5e5f8c816b
@ -48,6 +48,16 @@
|
|||||||
#include "fils_hlp.h"
|
#include "fils_hlp.h"
|
||||||
|
|
||||||
|
|
||||||
|
#ifdef CONFIG_FILS
|
||||||
|
static struct wpabuf *
|
||||||
|
prepare_auth_resp_fils(struct hostapd_data *hapd,
|
||||||
|
struct sta_info *sta, u16 *resp,
|
||||||
|
struct rsn_pmksa_cache_entry *pmksa,
|
||||||
|
struct wpabuf *erp_resp,
|
||||||
|
const u8 *msk, size_t msk_len,
|
||||||
|
int *is_pub);
|
||||||
|
#endif /* CONFIG_FILS */
|
||||||
|
|
||||||
u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid)
|
u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid)
|
||||||
{
|
{
|
||||||
u8 *pos = eid;
|
u8 *pos = eid;
|
||||||
@ -1223,11 +1233,13 @@ fail:
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
static void handle_auth_fils_finish(struct hostapd_data *hapd,
|
static struct wpabuf *
|
||||||
struct sta_info *sta, u16 resp,
|
prepare_auth_resp_fils(struct hostapd_data *hapd,
|
||||||
|
struct sta_info *sta, u16 *resp,
|
||||||
struct rsn_pmksa_cache_entry *pmksa,
|
struct rsn_pmksa_cache_entry *pmksa,
|
||||||
struct wpabuf *erp_resp,
|
struct wpabuf *erp_resp,
|
||||||
const u8 *msk, size_t msk_len)
|
const u8 *msk, size_t msk_len,
|
||||||
|
int *is_pub)
|
||||||
{
|
{
|
||||||
u8 fils_nonce[FILS_NONCE_LEN];
|
u8 fils_nonce[FILS_NONCE_LEN];
|
||||||
size_t ielen;
|
size_t ielen;
|
||||||
@ -1238,33 +1250,34 @@ static void handle_auth_fils_finish(struct hostapd_data *hapd,
|
|||||||
size_t pmk_len = 0;
|
size_t pmk_len = 0;
|
||||||
u8 pmk_buf[PMK_LEN_MAX];
|
u8 pmk_buf[PMK_LEN_MAX];
|
||||||
struct wpabuf *pub = NULL;
|
struct wpabuf *pub = NULL;
|
||||||
u16 auth_alg;
|
|
||||||
|
|
||||||
if (resp != WLAN_STATUS_SUCCESS)
|
if (*resp != WLAN_STATUS_SUCCESS)
|
||||||
goto fail;
|
goto fail;
|
||||||
|
|
||||||
ie = wpa_auth_get_wpa_ie(hapd->wpa_auth, &ielen);
|
ie = wpa_auth_get_wpa_ie(hapd->wpa_auth, &ielen);
|
||||||
if (!ie) {
|
if (!ie) {
|
||||||
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
*resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (pmksa) {
|
if (pmksa) {
|
||||||
/* Add PMKID of the selected PMKSA into RSNE */
|
/* Add PMKID of the selected PMKSA into RSNE */
|
||||||
ie_buf = os_malloc(ielen + 2 + 2 + PMKID_LEN);
|
ie_buf = os_malloc(ielen + 2 + 2 + PMKID_LEN);
|
||||||
if (!ie_buf) {
|
if (!ie_buf) {
|
||||||
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
*resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
os_memcpy(ie_buf, ie, ielen);
|
os_memcpy(ie_buf, ie, ielen);
|
||||||
if (wpa_insert_pmkid(ie_buf, &ielen, pmksa->pmkid) < 0) {
|
if (wpa_insert_pmkid(ie_buf, &ielen, pmksa->pmkid) < 0) {
|
||||||
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
*resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
ie = ie_buf;
|
ie = ie_buf;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (random_get_bytes(fils_nonce, FILS_NONCE_LEN) < 0) {
|
if (random_get_bytes(fils_nonce, FILS_NONCE_LEN) < 0) {
|
||||||
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
*resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
wpa_hexdump(MSG_DEBUG, "RSN: Generated FILS Nonce",
|
wpa_hexdump(MSG_DEBUG, "RSN: Generated FILS Nonce",
|
||||||
@ -1274,7 +1287,7 @@ static void handle_auth_fils_finish(struct hostapd_data *hapd,
|
|||||||
if (sta->fils_dh_ss && sta->fils_ecdh) {
|
if (sta->fils_dh_ss && sta->fils_ecdh) {
|
||||||
pub = crypto_ecdh_get_pubkey(sta->fils_ecdh, 1);
|
pub = crypto_ecdh_get_pubkey(sta->fils_ecdh, 1);
|
||||||
if (!pub) {
|
if (!pub) {
|
||||||
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
*resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -1282,7 +1295,7 @@ static void handle_auth_fils_finish(struct hostapd_data *hapd,
|
|||||||
|
|
||||||
data = wpabuf_alloc(1000 + ielen + (pub ? wpabuf_len(pub) : 0));
|
data = wpabuf_alloc(1000 + ielen + (pub ? wpabuf_len(pub) : 0));
|
||||||
if (!data) {
|
if (!data) {
|
||||||
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
*resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1310,7 +1323,7 @@ static void handle_auth_fils_finish(struct hostapd_data *hapd,
|
|||||||
res = wpa_auth_write_fte(hapd->wpa_auth, wpabuf_put(data, 0),
|
res = wpa_auth_write_fte(hapd->wpa_auth, wpabuf_put(data, 0),
|
||||||
wpabuf_tailroom(data));
|
wpabuf_tailroom(data));
|
||||||
if (res < 0) {
|
if (res < 0) {
|
||||||
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
*resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
wpabuf_put(data, res);
|
wpabuf_put(data, res);
|
||||||
@ -1347,7 +1360,7 @@ static void handle_auth_fils_finish(struct hostapd_data *hapd,
|
|||||||
wpabuf_len(sta->fils_dh_ss) : 0,
|
wpabuf_len(sta->fils_dh_ss) : 0,
|
||||||
pmk_buf, &pmk_len)) {
|
pmk_buf, &pmk_len)) {
|
||||||
wpa_printf(MSG_DEBUG, "FILS: Failed to derive PMK");
|
wpa_printf(MSG_DEBUG, "FILS: Failed to derive PMK");
|
||||||
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
*resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
||||||
wpabuf_free(data);
|
wpabuf_free(data);
|
||||||
data = NULL;
|
data = NULL;
|
||||||
goto fail;
|
goto fail;
|
||||||
@ -1360,7 +1373,7 @@ static void handle_auth_fils_finish(struct hostapd_data *hapd,
|
|||||||
|
|
||||||
if (!pmk) {
|
if (!pmk) {
|
||||||
wpa_printf(MSG_DEBUG, "FILS: No PMK available");
|
wpa_printf(MSG_DEBUG, "FILS: No PMK available");
|
||||||
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
*resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
||||||
wpabuf_free(data);
|
wpabuf_free(data);
|
||||||
data = NULL;
|
data = NULL;
|
||||||
goto fail;
|
goto fail;
|
||||||
@ -1368,13 +1381,43 @@ static void handle_auth_fils_finish(struct hostapd_data *hapd,
|
|||||||
|
|
||||||
if (fils_auth_pmk_to_ptk(sta->wpa_sm, pmk, pmk_len,
|
if (fils_auth_pmk_to_ptk(sta->wpa_sm, pmk, pmk_len,
|
||||||
sta->fils_snonce, fils_nonce) < 0) {
|
sta->fils_snonce, fils_nonce) < 0) {
|
||||||
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
*resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
||||||
wpabuf_free(data);
|
wpabuf_free(data);
|
||||||
data = NULL;
|
data = NULL;
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
fail:
|
fail:
|
||||||
|
if (is_pub)
|
||||||
|
*is_pub = pub != NULL;
|
||||||
|
os_free(ie_buf);
|
||||||
|
wpabuf_free(pub);
|
||||||
|
wpabuf_clear_free(sta->fils_dh_ss);
|
||||||
|
sta->fils_dh_ss = NULL;
|
||||||
|
#ifdef CONFIG_FILS_SK_PFS
|
||||||
|
crypto_ecdh_deinit(sta->fils_ecdh);
|
||||||
|
sta->fils_ecdh = NULL;
|
||||||
|
#endif /* CONFIG_FILS_SK_PFS */
|
||||||
|
return data;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
static void handle_auth_fils_finish(struct hostapd_data *hapd,
|
||||||
|
struct sta_info *sta, u16 resp,
|
||||||
|
struct rsn_pmksa_cache_entry *pmksa,
|
||||||
|
struct wpabuf *erp_resp,
|
||||||
|
const u8 *msk, size_t msk_len)
|
||||||
|
{
|
||||||
|
struct wpabuf *data;
|
||||||
|
u16 auth_alg;
|
||||||
|
int pub = 0;
|
||||||
|
|
||||||
|
data = prepare_auth_resp_fils(hapd, sta, &resp, pmksa, erp_resp,
|
||||||
|
msk, msk_len, &pub);
|
||||||
|
if (!data)
|
||||||
|
wpa_printf(MSG_DEBUG, "%s: prepare_auth_resp returned failure",
|
||||||
|
__func__);
|
||||||
|
|
||||||
auth_alg = (pub ||
|
auth_alg = (pub ||
|
||||||
resp == WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED) ?
|
resp == WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED) ?
|
||||||
WLAN_AUTH_FILS_SK_PFS : WLAN_AUTH_FILS_SK;
|
WLAN_AUTH_FILS_SK_PFS : WLAN_AUTH_FILS_SK;
|
||||||
@ -1392,15 +1435,6 @@ fail:
|
|||||||
sta->auth_alg = pub ? WLAN_AUTH_FILS_SK_PFS : WLAN_AUTH_FILS_SK;
|
sta->auth_alg = pub ? WLAN_AUTH_FILS_SK_PFS : WLAN_AUTH_FILS_SK;
|
||||||
mlme_authenticate_indication(hapd, sta);
|
mlme_authenticate_indication(hapd, sta);
|
||||||
}
|
}
|
||||||
|
|
||||||
os_free(ie_buf);
|
|
||||||
wpabuf_free(pub);
|
|
||||||
wpabuf_clear_free(sta->fils_dh_ss);
|
|
||||||
sta->fils_dh_ss = NULL;
|
|
||||||
#ifdef CONFIG_FILS_SK_PFS
|
|
||||||
crypto_ecdh_deinit(sta->fils_ecdh);
|
|
||||||
sta->fils_ecdh = NULL;
|
|
||||||
#endif /* CONFIG_FILS_SK_PFS */
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user