diff options
| author | Hai Shalom <haishalom@google.com> | 2020-04-23 21:49:02 -0700 |
|---|---|---|
| committer | Hai Shalom <haishalom@google.com> | 2020-04-23 21:51:48 -0700 |
| commit | b755a2a1f96287314b26818bc18a494bd2c8771e (patch) | |
| tree | 658eec75c5a945a3dd7da690fdf566e5d506fed4 | |
| parent | a5ae4a7eeb4ab4f0bcc86f02ebf047e5a9193d4e (diff) | |
| download | wpa_supplicant_8-b755a2a1f96287314b26818bc18a494bd2c8771e.tar.gz | |
[wpa_supplicant] Cumulative patch from commit 0c5ededed
Merge to enable randomized source MAC address for ANQP/GAS
messages. Addresses an issue with DPP when GAS MAC randomization
is enabled.
Enable GAS MAC randomization in HIDL.
Bug: 154393320
Test: Device boots up and connects to wifi networks, run traffic.
Test: Able to turn on/off softap, associate wifi STA, run traffic.
Test: Confirm ANQP messages are randomized from logs:
wpa_supplicant: GAS: Use a new random transmitter address ae:a2:5f:5e:65:11
Test: act.py -c ../WifiDppConfig.json -tc WifiDppTest
Test: Wi-Fi direct tests in CtsVerifier
Test: Regression test passed (Bug: 154769005)
0c5ededed DPP: Fix config exchange with gas_rand_mac_addr
60a2de568 EAP server: Convert Boolean to C99 bool
4d2ec436e DPP: Add driver operation for enabling/disabling listen mode
99cf89555 Include stdbool.h to allow C99 bool to be used
3e6383f31 DPP2: Silence compiler warning with no-CONFIG_DPP2 and OpenSSL 1.0.2
f23b70f16 Silence compiler warning in no-NEED_AP_MLME hostapd builds
011526874 nl80211: Move nl80211_init_connect_handle() to avoid forward declaration
2c70b7d0b Do not open l2_packet(EAPOL) for receive unnecessarily
7a880b129 l2_packet: Allow initialization without RX handling
95cbf4509 nl80211: Do not open EAPOL RX socket when using control port for RX (AP)
c3bb8865a Clean up l2_packet_get_own_addr() call
9d6334e81 Do not open l2_packet bridge workaround socket if control port is used
c1bc0dd80 nl80211: Disable EAPOL TX over control port in AP mode by default
12ea7dee3 nl80211: Use nl80211 control port for receiving EAPOL frames
8609aa5ba nl80211: Tie connect handle to bss init/destroy
b4a70018e nl80211: Handle control port frame in bss events
6f70fcd98 nl80211: Check ethertype for control port RX
932546ac2 nl80211: Add a separate driver capability for control port RX
bb9e3935d driver: Add second driver capability flags bitmap
6255a8ac1 WPS: Convert WPA/TKIP-only to WPA+WPA2 mixed mode credential
6b1c590eb Allow TKIP support to be removed from build
a6c689d35 FT: Testing override for RSNXE Used subfield in FTE (AP)
9b222b613 nl80211: Remove unnecessary inclusion of l2_packet.h
b2d8dc59f FT: Testing override for RSNXE Used subfield in FTE
5344af7d2 FT: Discard ReassocReq with mismatching RSNXE Used value
af0178c75 Add vendor attributes indicating number of spectral detectors
7a510a97b Add an attribute for secondary 80 MHz span of agile spectral scan
24a6bca70 PKCS#1: Debug dump invalid Signature EB
eac6eb702 X509: Use unique debug prints for unused bits entries
153333ef6 FT RRB: Remove confusing debug print about extra data
d867e1181 FT: Remove and re-add STA entry after FT protocol success with PMF
97beccc83 SAE: Fix build without DPP/OWE/ERP
c7a9a5745 P2P: Start group with user configured params after accepting invitation
512b6c02e DPP: Mandate mutual auth with NFC negotiated connection handover
872299f4b DPP2: Store netAccessKey in psk/sae credentials for reconfig
bf9f49396 OWE: Remove check for unexpected DH Parameter IE use with other AKMs
e4eb009d9 DPP2: Add Connector and C-sign-key in psk/sae credentials for reconfig
1dcfbab25 DPP2: Clear requirement for QR Code mutual authentication for chirping
Change-Id: Iecf7494c1be132e006dee9ec0a40283765bdddbb
94 files changed, 992 insertions, 427 deletions
diff --git a/hostapd/Android.mk b/hostapd/Android.mk index dff5704d..3bde8d52 100644 --- a/hostapd/Android.mk +++ b/hostapd/Android.mk @@ -263,6 +263,7 @@ L_CFLAGS += -DCONFIG_SAE OBJS += src/common/sae.c NEED_ECC=y NEED_DH_GROUPS=y +NEED_HMAC_SHA256_KDF=y NEED_DRAGONFLY=y endif @@ -328,6 +329,10 @@ ifdef CONFIG_WEP L_CFLAGS += -DCONFIG_WEP endif +ifdef CONFIG_NO_TKIP +L_CFLAGS += -DCONFIG_NO_TKIP +endif + include $(LOCAL_PATH)/src/drivers/drivers.mk diff --git a/hostapd/Makefile b/hostapd/Makefile index 4adf9968..9c7fc5ca 100644 --- a/hostapd/Makefile +++ b/hostapd/Makefile @@ -296,6 +296,7 @@ CFLAGS += -DCONFIG_SAE OBJS += ../src/common/sae.o NEED_ECC=y NEED_DH_GROUPS=y +NEED_HMAC_SHA256_KDF=y NEED_AP_MLME=y NEED_DRAGONFLY=y endif @@ -1246,6 +1247,10 @@ ifdef CONFIG_WEP CFLAGS += -DCONFIG_WEP endif +ifdef CONFIG_NO_TKIP +CFLAGS += -DCONFIG_NO_TKIP +endif + ALL=hostapd hostapd_cli all: verify_config $(ALL) diff --git a/hostapd/config_file.c b/hostapd/config_file.c index 1d8c0397..cc1855dc 100644 --- a/hostapd/config_file.c +++ b/hostapd/config_file.c @@ -4215,6 +4215,8 @@ static int hostapd_config_fill(struct hostapd_config *conf, bss->no_beacon_rsnxe = atoi(pos); } else if (os_strcmp(buf, "skip_prune_assoc") == 0) { bss->skip_prune_assoc = atoi(pos); + } else if (os_strcmp(buf, "ft_rsnxe_used") == 0) { + bss->ft_rsnxe_used = atoi(pos); #endif /* CONFIG_TESTING_OPTIONS */ #ifdef CONFIG_SAE } else if (os_strcmp(buf, "sae_password") == 0) { diff --git a/hostapd/ctrl_iface.c b/hostapd/ctrl_iface.c index d90b5dc8..6e8352f2 100644 --- a/hostapd/ctrl_iface.c +++ b/hostapd/ctrl_iface.c @@ -1477,6 +1477,12 @@ static int hostapd_ctrl_iface_set(struct hostapd_data *hapd, char *cmd) if (hapd->started) hostapd_setup_sae_pt(hapd->conf); } + +#ifdef CONFIG_TESTING_OPTIONS + if (os_strcmp(cmd, "ft_rsnxe_used") == 0) + wpa_auth_set_ft_rsnxe_used(hapd->wpa_auth, + hapd->conf->ft_rsnxe_used); +#endif /* CONFIG_TESTING_OPTIONS */ } return ret; @@ -2433,6 +2439,7 @@ static int hostapd_ctrl_get_pmk(struct hostapd_data *hapd, const char *cmd, #endif /* CONFIG_TESTING_OPTIONS */ +#ifdef NEED_AP_MLME static int hostapd_ctrl_check_freq_params(struct hostapd_freq_params *params) { switch (params->bandwidth) { @@ -2521,6 +2528,7 @@ static int hostapd_ctrl_check_freq_params(struct hostapd_freq_params *params) return 0; } +#endif /* NEED_AP_MLME */ static int hostapd_ctrl_iface_chan_switch(struct hostapd_iface *iface, @@ -3099,6 +3107,34 @@ static int hostapd_ctrl_driver_flags(struct hostapd_iface *iface, char *buf, } +static int hostapd_ctrl_driver_flags2(struct hostapd_iface *iface, char *buf, + size_t buflen) +{ + int ret, i; + char *pos, *end; + + ret = os_snprintf(buf, buflen, "%016llX:\n", + (long long unsigned) iface->drv_flags2); + if (os_snprintf_error(buflen, ret)) + return -1; + + pos = buf + ret; + end = buf + buflen; + + for (i = 0; i < 64; i++) { + if (iface->drv_flags2 & (1LLU << i)) { + ret = os_snprintf(pos, end - pos, "%s\n", + driver_flag2_to_string(1LLU << i)); + if (os_snprintf_error(end - pos, ret)) + return -1; + pos += ret; + } + } + + return pos - buf; +} + + static int hostapd_ctrl_iface_acl_del_mac(struct mac_acl_entry **acl, int *num, const char *txtaddr) { @@ -3511,6 +3547,9 @@ static int hostapd_ctrl_iface_receive_process(struct hostapd_data *hapd, } else if (os_strcmp(buf, "DRIVER_FLAGS") == 0) { reply_len = hostapd_ctrl_driver_flags(hapd->iface, reply, reply_size); + } else if (os_strcmp(buf, "DRIVER_FLAGS2") == 0) { + reply_len = hostapd_ctrl_driver_flags2(hapd->iface, reply, + reply_size); } else if (os_strcmp(buf, "TERMINATE") == 0) { eloop_terminate(); } else if (os_strncmp(buf, "ACCEPT_ACL ", 11) == 0) { diff --git a/hostapd/defconfig b/hostapd/defconfig index f630a223..23417651 100644 --- a/hostapd/defconfig +++ b/hostapd/defconfig @@ -393,3 +393,10 @@ CONFIG_IPV6=y # release under this optional build parameter. This functionality is subject to # be completely removed in a future release. #CONFIG_WEP=y + +# Remove all TKIP functionality +# TKIP is an old cryptographic data confidentiality algorithm that is not +# considered secure. It should not be used anymore. For now, the default hostapd +# build includes this to allow mixed mode WPA+WPA2 networks to be enabled, but +# that functionality is subject to be removed in the future. +#CONFIG_NO_TKIP=y diff --git a/hostapd/main.c b/hostapd/main.c index 85c1fd1c..3ce81269 100644 --- a/hostapd/main.c +++ b/hostapd/main.c @@ -220,6 +220,7 @@ static int hostapd_driver_init(struct hostapd_iface *iface) struct wowlan_triggers *triggs; iface->drv_flags = capa.flags; + iface->drv_flags2 = capa.flags2; iface->probe_resp_offloads = capa.probe_resp_offloads; /* * Use default extended capa values from per-radio information diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c index 5bf4502b..35a32a13 100644 --- a/src/ap/ap_config.c +++ b/src/ap/ap_config.c @@ -74,8 +74,13 @@ void hostapd_config_defaults_bss(struct hostapd_bss_config *bss) bss->wpa_disable_eapol_key_retries = DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES; bss->wpa_key_mgmt = WPA_KEY_MGMT_PSK; +#ifdef CONFIG_NO_TKIP + bss->wpa_pairwise = WPA_CIPHER_CCMP; + bss->wpa_group = WPA_CIPHER_CCMP; +#else /* CONFIG_NO_TKIP */ bss->wpa_pairwise = WPA_CIPHER_TKIP; bss->wpa_group = WPA_CIPHER_TKIP; +#endif /* CONFIG_NO_TKIP */ bss->rsn_pairwise = 0; bss->max_num_sta = MAX_STA_COUNT; diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h index 2a0bf076..0503400b 100644 --- a/src/ap/ap_config.h +++ b/src/ap/ap_config.h @@ -686,6 +686,7 @@ struct hostapd_bss_config { struct wpabuf *igtk_rsc_override; int no_beacon_rsnxe; int skip_prune_assoc; + int ft_rsnxe_used; #endif /* CONFIG_TESTING_OPTIONS */ #define MESH_ENABLED BIT(0) diff --git a/src/ap/drv_callbacks.c b/src/ap/drv_callbacks.c index 559bb87c..524a1513 100644 --- a/src/ap/drv_callbacks.c +++ b/src/ap/drv_callbacks.c @@ -117,7 +117,7 @@ int hostapd_notif_assoc(struct hostapd_data *hapd, const u8 *addr, u8 buf[sizeof(struct ieee80211_mgmt) + 1024]; u8 *p = buf; u16 reason = WLAN_REASON_UNSPECIFIED; - u16 status = WLAN_STATUS_SUCCESS; + int status = WLAN_STATUS_SUCCESS; const u8 *p2p_dev_addr = NULL; if (addr == NULL) { @@ -606,17 +606,19 @@ skip_wpa_check: wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE && elems.owe_dh) { u8 *npos; + u16 ret_status; npos = owe_assoc_req_process(hapd, sta, elems.owe_dh, elems.owe_dh_len, p, sizeof(buf) - (p - buf), - &status); + &ret_status); + status = ret_status; if (npos) p = npos; if (!npos && status == WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED) { - hostapd_sta_assoc(hapd, addr, reassoc, status, buf, + hostapd_sta_assoc(hapd, addr, reassoc, ret_status, buf, p - buf); return 0; } @@ -709,7 +711,8 @@ skip_wpa_check: fail: #ifdef CONFIG_IEEE80211R_AP - hostapd_sta_assoc(hapd, addr, reassoc, status, buf, p - buf); + if (status >= 0) + hostapd_sta_assoc(hapd, addr, reassoc, status, buf, p - buf); #endif /* CONFIG_IEEE80211R_AP */ hostapd_drv_sta_disassoc(hapd, sta->addr, reason); ap_free_sta(hapd, sta); diff --git a/src/ap/hostapd.h b/src/ap/hostapd.h index 439e7274..c8f691e4 100644 --- a/src/ap/hostapd.h +++ b/src/ap/hostapd.h @@ -476,6 +476,7 @@ struct hostapd_iface { struct ap_info *ap_hash[STA_HASH_SIZE]; u64 drv_flags; + u64 drv_flags2; /* * A bitmap of supported protocols for probe response offload. See diff --git a/src/ap/ieee802_11.c b/src/ap/ieee802_11.c index e54217ce..e6aa83dd 100644 --- a/src/ap/ieee802_11.c +++ b/src/ap/ieee802_11.c @@ -2526,32 +2526,10 @@ static void handle_auth(struct hostapd_data *hapd, (!(sta->flags & WLAN_STA_MFP) || !ap_sta_is_authorized(sta)) && !(hapd->conf->mesh & MESH_ENABLED) && !(sta->added_unassoc)) { - /* - * If a station that is already associated to the AP, is trying - * to authenticate again, remove the STA entry, in order to make - * sure the STA PS state gets cleared and configuration gets - * updated. To handle this, station's added_unassoc flag is - * cleared once the station has completed association. - */ - ap_sta_set_authorized(hapd, sta, 0); - hostapd_drv_sta_remove(hapd, sta->addr); - sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_AUTH | - WLAN_STA_AUTHORIZED); - - if (hostapd_sta_add(hapd, sta->addr, 0, 0, - sta->supported_rates, - sta->supported_rates_len, - 0, NULL, NULL, NULL, 0, - sta->flags, 0, 0, 0, 0)) { - hostapd_logger(hapd, sta->addr, - HOSTAPD_MODULE_IEEE80211, - HOSTAPD_LEVEL_NOTICE, - "Could not add STA to kernel driver"); + if (ap_sta_re_add(hapd, sta) < 0) { resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; goto fail; } - - sta->added_unassoc = 1; } switch (auth_alg) { @@ -3126,11 +3104,11 @@ end: #endif /* CONFIG_OWE */ -static u16 check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta, +static int check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta, const u8 *ies, size_t ies_len, int reassoc) { struct ieee802_11_elems elems; - u16 resp; + int resp; const u8 *wpa_ie; size_t wpa_ie_len; const u8 *p2p_dev_addr = NULL; @@ -4097,7 +4075,8 @@ static void handle_assoc(struct hostapd_data *hapd, int reassoc, int rssi) { u16 capab_info, listen_interval, seq_ctrl, fc; - u16 resp = WLAN_STATUS_SUCCESS, reply_res; + int resp = WLAN_STATUS_SUCCESS; + u16 reply_res; const u8 *pos; int left, i; struct sta_info *sta; @@ -4471,8 +4450,9 @@ static void handle_assoc(struct hostapd_data *hapd, } #endif /* CONFIG_FILS */ - reply_res = send_assoc_resp(hapd, sta, mgmt->sa, resp, reassoc, pos, - left, rssi, omit_rsnxe); + if (resp >= 0) + reply_res = send_assoc_resp(hapd, sta, mgmt->sa, resp, reassoc, + pos, left, rssi, omit_rsnxe); os_free(tmp); /* diff --git a/src/ap/sta_info.c b/src/ap/sta_info.c index 903be28d..93f1f0c2 100644 --- a/src/ap/sta_info.c +++ b/src/ap/sta_info.c @@ -1497,3 +1497,33 @@ int ap_sta_pending_delayed_1x_auth_fail_disconnect(struct hostapd_data *hapd, return eloop_is_timeout_registered(ap_sta_delayed_1x_auth_fail_cb, hapd, sta); } + + +int ap_sta_re_add(struct hostapd_data *hapd, struct sta_info *sta) +{ + /* + * If a station that is already associated to the AP, is trying to + * authenticate again, remove the STA entry, in order to make sure the + * STA PS state gets cleared and configuration gets updated. To handle + * this, station's added_unassoc flag is cleared once the station has + * completed association. + */ + ap_sta_set_authorized(hapd, sta, 0); + hostapd_drv_sta_remove(hapd, sta->addr); + sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_AUTH | WLAN_STA_AUTHORIZED); + + if (hostapd_sta_add(hapd, sta->addr, 0, 0, + sta->supported_rates, + sta->supported_rates_len, + 0, NULL, NULL, NULL, 0, + sta->flags, 0, 0, 0, 0)) { + hostapd_logger(hapd, sta->addr, + HOSTAPD_MODULE_IEEE80211, + HOSTAPD_LEVEL_NOTICE, + "Could not add STA to kernel driver"); + return -1; + } + + sta->added_unassoc = 1; + return 0; +} diff --git a/src/ap/sta_info.h b/src/ap/sta_info.h index 8ff6ac62..308aa29d 100644 --- a/src/ap/sta_info.h +++ b/src/ap/sta_info.h @@ -358,5 +358,6 @@ void ap_sta_delayed_1x_auth_fail_disconnect(struct hostapd_data *hapd, struct sta_info *sta); int ap_sta_pending_delayed_1x_auth_fail_disconnect(struct hostapd_data *hapd, struct sta_info *sta); +int ap_sta_re_add(struct hostapd_data *hapd, struct sta_info *sta); #endif /* STA_INFO_H */ diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c index e0ffb271..8ecb1731 100644 --- a/src/ap/wpa_auth.c +++ b/src/ap/wpa_auth.c @@ -1836,7 +1836,7 @@ int wpa_auth_sm_event(struct wpa_state_machine *sm, enum wpa_event event) #ifdef CONFIG_IEEE80211R_AP wpa_printf(MSG_DEBUG, "FT: Retry PTK configuration after association"); - wpa_ft_install_ptk(sm); + wpa_ft_install_ptk(sm, 1); /* Using FT protocol, not WPA auth state machine */ sm->ft_completed = 1; @@ -5459,4 +5459,11 @@ int wpa_auth_rekey_gtk(struct wpa_authenticator *wpa_auth) return eloop_register_timeout(0, 0, wpa_rekey_gtk, wpa_auth, NULL); } + +void wpa_auth_set_ft_rsnxe_used(struct wpa_authenticator *wpa_auth, int val) +{ + if (wpa_auth) + wpa_auth->conf.ft_rsnxe_used = val; +} + #endif /* CONFIG_TESTING_OPTIONS */ diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h index 868aaa1f..1ea067bc 100644 --- a/src/ap/wpa_auth.h +++ b/src/ap/wpa_auth.h @@ -238,6 +238,7 @@ struct wpa_auth_config { unsigned int rsnxe_override_ft_set:1; unsigned int gtk_rsc_override_set:1; unsigned int igtk_rsc_override_set:1; + int ft_rsnxe_used; #endif /* CONFIG_TESTING_OPTIONS */ #ifdef CONFIG_P2P u8 ip_addr_go[4]; @@ -301,6 +302,7 @@ struct wpa_auth_callbacks { int *bandwidth, int *seg1_idx); #ifdef CONFIG_IEEE80211R_AP struct wpa_state_machine * (*add_sta)(void *ctx, const u8 *sta_addr); + int (*add_sta_ft)(void *ctx, const u8 *sta_addr); int (*set_vlan)(void *ctx, const u8 *sta_addr, struct vlan_description *vlan); int (*get_vlan)(void *ctx, const u8 *sta_addr, @@ -440,7 +442,7 @@ void wpa_ft_process_auth(struct wpa_state_machine *sm, const u8 *bssid, u16 auth_transaction, u16 resp, const u8 *ies, size_t ies_len), void *ctx); -u16 wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies, +int wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies, size_t ies_len); int wpa_ft_action_rx(struct wpa_state_machine *sm, const u8 *data, size_t len); int wpa_ft_rrb_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr, @@ -521,5 +523,6 @@ int wpa_auth_resend_group_m1(struct wpa_state_machine *sm, void *ctx1, void *ctx2); int wpa_auth_rekey_gtk(struct wpa_authenticator *wpa_auth); void wpa_auth_set_ptk_rekey_timer(struct wpa_state_machine *sm); +void wpa_auth_set_ft_rsnxe_used(struct wpa_authenticator *wpa_auth, int val); #endif /* WPA_AUTH_H */ diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c index 476a2be6..4b17da7a 100644 --- a/src/ap/wpa_auth_ft.c +++ b/src/ap/wpa_auth_ft.c @@ -2647,6 +2647,13 @@ u8 * wpa_sm_write_assoc_resp_ies(struct wpa_state_machine *sm, u8 *pos, } rsnxe_used = (auth_alg == WLAN_AUTH_FT) && (conf->sae_pwe == 1 || conf->sae_pwe == 2); +#ifdef CONFIG_TESTING_OPTIONS + if (sm->wpa_auth->conf.ft_rsnxe_used) { + rsnxe_used = sm->wpa_auth->conf.ft_rsnxe_used == 1; + wpa_printf(MSG_DEBUG, "TESTING: FT: Force RSNXE Used %d", + rsnxe_used); + } +#endif /* CONFIG_TESTING_OPTIONS */ res = wpa_write_ftie(conf, use_sha384, r0kh_id, r0kh_id_len, anonce, snonce, pos, end - pos, subelem, subelem_len, rsnxe_used); @@ -2747,7 +2754,16 @@ static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth, } -void wpa_ft_install_ptk(struct wpa_state_machine *sm) +static inline int wpa_auth_add_sta_ft(struct wpa_authenticator *wpa_auth, + const u8 *addr) +{ + if (!wpa_auth->cb->add_sta_ft) + return -1; + return wpa_auth->cb->add_sta_ft(wpa_auth->cb_ctx, addr); +} + + +void wpa_ft_install_ptk(struct wpa_state_machine *sm, int retry) { enum wpa_alg alg; int klen; @@ -2769,6 +2785,9 @@ void wpa_ft_install_ptk(struct wpa_state_machine *sm) return; } + if (!retry) + wpa_auth_add_sta_ft(sm->wpa_auth, sm->addr); + /* FIX: add STA entry to kernel/driver here? The set_key will fail * most likely without this.. At the moment, STA entry is added only * after association has been completed. This function will be called @@ -3140,7 +3159,7 @@ pmk_r1_derived: sm->pairwise = pairwise; sm->PTK_valid = TRUE; sm->tk_already_set = FALSE; - wpa_ft_install_ptk(sm); + wpa_ft_install_ptk(sm, 0); if (wpa_ft_set_vlan(sm->wpa_auth, sm->addr, &vlan) < 0) { wpa_printf(MSG_DEBUG, "FT: Failed to configure VLAN"); @@ -3235,7 +3254,7 @@ void wpa_ft_process_auth(struct wpa_state_machine *sm, const u8 *bssid, } -u16 wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies, +int wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies, size_t ies_len) { struct wpa_ft_ies parse; @@ -3433,7 +3452,7 @@ u16 wpa_ft_validate_reassoc(struct wpa_state_machine *sm, const u8 *ies, !parse.rsnxe) { wpa_printf(MSG_INFO, "FT: FTE indicated that STA uses RSNXE, but RSNXE was not included"); - return WLAN_STATUS_UNSPECIFIED_FAILURE; + return -1; /* discard request */ } #ifdef CONFIG_OCV @@ -4560,7 +4579,6 @@ int wpa_ft_rrb_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr, return -1; } status_code = WPA_GET_LE16(pos); - pos += 2; wpa_printf(MSG_DEBUG, "FT: FT Packet Type - Response " "(status_code=%d)", status_code); @@ -4573,11 +4591,6 @@ int wpa_ft_rrb_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr, return -1; } - if (end > pos) { - wpa_hexdump(MSG_DEBUG, "FT: Ignore extra data in end", - pos, end - pos); - } - return 0; } diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c index 7a1ed24e..058b34ca 100644 --- a/src/ap/wpa_auth_glue.c +++ b/src/ap/wpa_auth_glue.c @@ -174,6 +174,7 @@ static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf, wpabuf_len(conf->igtk_rsc_override)); wconf->igtk_rsc_override_set = 1; } + wconf->ft_rsnxe_used = conf->ft_rsnxe_used; #endif /* CONFIG_TESTING_OPTIONS */ #ifdef CONFIG_P2P os_memcpy(wconf->ip_addr_go, conf->ip_addr_go, 4); @@ -1038,6 +1039,34 @@ hostapd_wpa_auth_add_sta(void *ctx, const u8 *sta_addr) } +static int hostapd_wpa_auth_add_sta_ft(void *ctx, const u8 *sta_addr) +{ + struct hostapd_data *hapd = ctx; + struct sta_info *sta; + + sta = ap_get_sta(hapd, sta_addr); + if (!sta) + return -1; + + if (FULL_AP_CLIENT_STATE_SUPP(hapd->iface->drv_flags) && + (sta->flags & WLAN_STA_MFP) && ap_sta_is_authorized(sta) && + !(hapd->conf->mesh & MESH_ENABLED) && !(sta->added_unassoc)) { + /* We could not do this in handle_auth() since there was a + * PMF-enabled association for the STA and the new + * authentication attempt was not yet fully processed. Now that + * we are ready to configure the TK to the driver, + * authentication has succeeded and we can clean up the driver + * STA entry to avoid issues with any maintained state from the + * previous association. */ + wpa_printf(MSG_DEBUG, + "FT: Remove and re-add driver STA entry after successful FT authentication"); + return ap_sta_re_add(hapd, sta); + } + + return 0; +} + + static int hostapd_wpa_auth_set_vlan(void *ctx, const u8 *sta_addr, struct vlan_description *vlan) { @@ -1399,6 +1428,7 @@ int hostapd_setup_wpa(struct hostapd_data *hapd) #ifdef CONFIG_IEEE80211R_AP .send_ft_action = hostapd_wpa_auth_send_ft_action, .add_sta = hostapd_wpa_auth_add_sta, + .add_sta_ft = hostapd_wpa_auth_add_sta_ft, .add_tspec = hostapd_wpa_auth_add_tspec, .set_vlan = hostapd_wpa_auth_set_vlan, .get_vlan = hostapd_wpa_auth_get_vlan, diff --git a/src/ap/wpa_auth_i.h b/src/ap/wpa_auth_i.h index bc59d6a4..813612e7 100644 --- a/src/ap/wpa_auth_i.h +++ b/src/ap/wpa_auth_i.h @@ -300,7 +300,7 @@ int wpa_write_ftie(struct wpa_auth_config *conf, int use_sha384, int wpa_auth_derive_ptk_ft(struct wpa_state_machine *sm, struct wpa_ptk *ptk); struct wpa_ft_pmk_cache * wpa_ft_pmk_cache_init(void); void wpa_ft_pmk_cache_deinit(struct wpa_ft_pmk_cache *cache); -void wpa_ft_install_ptk(struct wpa_state_machine *sm); +void wpa_ft_install_ptk(struct wpa_state_machine *sm, int retry); int wpa_ft_store_pmk_fils(struct wpa_state_machine *sm, const u8 *pmk_r0, const u8 *pmk_r0_name); #endif /* CONFIG_IEEE80211R_AP */ diff --git a/src/ap/wpa_auth_ie.c b/src/ap/wpa_auth_ie.c index 2ac1df47..9bcb997a 100644 --- a/src/ap/wpa_auth_ie.c +++ b/src/ap/wpa_auth_ie.c @@ -851,17 +851,6 @@ wpa_validate_wpa_ie(struct wpa_authenticator *wpa_auth, "OWE: No Diffie-Hellman Parameter element"); return WPA_INVALID_AKMP; } -#ifdef CONFIG_DPP - if (sm->wpa_key_mgmt == WPA_KEY_MGMT_DPP && owe_dh) { - /* Diffie-Hellman Parameter element can be used with DPP as - * well, so allow this to proceed. */ - } else -#endif /* CONFIG_DPP */ - if (sm->wpa_key_mgmt != WPA_KEY_MGMT_OWE && owe_dh) { - wpa_printf(MSG_DEBUG, - "OWE: Unexpected Diffie-Hellman Parameter element with non-OWE AKM"); - return WPA_INVALID_AKMP; - } #endif /* CONFIG_OWE */ #ifdef CONFIG_DPP2 diff --git a/src/ap/wps_hostapd.c b/src/ap/wps_hostapd.c index 1d77b946..dc8aa8f6 100644 --- a/src/ap/wps_hostapd.c +++ b/src/ap/wps_hostapd.c @@ -364,6 +364,13 @@ static int hapd_wps_reconfig_in_memory(struct hostapd_data *hapd, bss->ssid.ssid_set = 1; } +#ifdef CONFIG_NO_TKIP + if (cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA2PSK | + WPS_AUTH_WPA | WPS_AUTH_WPAPSK)) + bss->wpa = 2; + else + bss->wpa = 0; +#else /* CONFIG_NO_TKIP */ if ((cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA2PSK)) && (cred->auth_type & (WPS_AUTH_WPA | WPS_AUTH_WPAPSK))) bss->wpa = 3; @@ -373,6 +380,7 @@ static int hapd_wps_reconfig_in_memory(struct hostapd_data *hapd, bss->wpa = 1; else bss->wpa = 0; +#endif /* CONFIG_NO_TKIP */ if (bss->wpa) { if (cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA)) @@ -387,8 +395,10 @@ static int hapd_wps_reconfig_in_memory(struct hostapd_data *hapd, else bss->wpa_pairwise |= WPA_CIPHER_CCMP; } +#ifndef CONFIG_NO_TKIP if (cred->encr_type & WPS_ENCR_TKIP) bss->wpa_pairwise |= WPA_CIPHER_TKIP; +#endif /* CONFIG_NO_TKIP */ bss->rsn_pairwise = bss->wpa_pairwise; bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa, bss->wpa_pairwise, @@ -559,6 +569,13 @@ static int hapd_wps_cred_cb(struct hostapd_data *hapd, void *ctx) fprintf(nconf, "\n"); } +#ifdef CONFIG_NO_TKIP + if (cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA2PSK | + WPS_AUTH_WPA | WPS_AUTH_WPAPSK)) + wpa = 2; + else + wpa = 0; +#else /* CONFIG_NO_TKIP */ if ((cred->auth_type & (WPS_AUTH_WPA2 | WPS_AUTH_WPA2PSK)) && (cred->auth_type & (WPS_AUTH_WPA | WPS_AUTH_WPAPSK))) wpa = 3; @@ -568,6 +585,7 @@ static int hapd_wps_cred_cb(struct hostapd_data *hapd, void *ctx) wpa = 1; else wpa = 0; +#endif /* CONFIG_NO_TKIP */ if (wpa) { char *prefix; @@ -611,9 +629,11 @@ static int hapd_wps_cred_cb(struct hostapd_data *hapd, void *ctx) prefix = " "; } +#ifndef CONFIG_NO_TKIP if (cred->encr_type & WPS_ENCR_TKIP) { fprintf(nconf, "%sTKIP", prefix); } +#endif /* CONFIG_NO_TKIP */ fprintf(nconf, "\n"); if (cred->key_len >= 8 && cred->key_len < 64) { @@ -1160,12 +1180,24 @@ int hostapd_init_wps(struct hostapd_data *hapd, wps->encr_types_rsn |= WPS_ENCR_AES; } if (conf->rsn_pairwise & WPA_CIPHER_TKIP) { +#ifdef CONFIG_NO_TKIP + wpa_printf(MSG_INFO, "WPS: TKIP not supported"); + goto fail; +#else /* CONFIG_NO_TKIP */ wps->encr_types |= WPS_ENCR_TKIP; wps->encr_types_rsn |= WPS_ENCR_TKIP; +#endif /* CONFIG_NO_TKIP */ } } if (conf->wpa & WPA_PROTO_WPA) { +#ifdef CONFIG_NO_TKIP + if (!(conf->wpa & WPA_PROTO_RSN)) { + wpa_printf(MSG_INFO, "WPS: WPA(v1) not supported"); + goto fail; + } + conf->wpa &= ~WPA_PROTO_WPA; +#else /* CONFIG_NO_TKIP */ if (conf->wpa_key_mgmt & WPA_KEY_MGMT_PSK) wps->auth_types |= WPS_AUTH_WPAPSK; if (conf->wpa_key_mgmt & WPA_KEY_MGMT_IEEE8021X) @@ -1179,6 +1211,7 @@ int hostapd_init_wps(struct hostapd_data *hapd, wps->encr_types |= WPS_ENCR_TKIP; wps->encr_types_wpa |= WPS_ENCR_TKIP; } +#endif /* CONFIG_NO_TKIP */ } if (conf->ssid.security_policy == SECURITY_PLAINTEXT) { @@ -1218,10 +1251,17 @@ int hostapd_init_wps(struct hostapd_data *hapd, wps->ap_encr_type = wps->encr_types; if (conf->wps_state == WPS_STATE_NOT_CONFIGURED) { /* Override parameters to enable security by default */ +#ifdef CONFIG_NO_TKIP + wps->auth_types = WPS_AUTH_WPA2PSK; + wps->encr_types = WPS_ENCR_AES; + wps->encr_types_rsn = WPS_ENCR_AES; + wps->encr_types_wpa = WPS_ENCR_AES; +#else /* CONFIG_NO_TKIP */ wps->auth_types = WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK; wps->encr_types = WPS_ENCR_AES | WPS_ENCR_TKIP; wps->encr_types_rsn = WPS_ENCR_AES | WPS_ENCR_TKIP; wps->encr_types_wpa = WPS_ENCR_AES | WPS_ENCR_TKIP; +#endif /* CONFIG_NO_TKIP */ } if ((hapd->conf->multi_ap & FRONTHAUL_BSS) && @@ -1801,8 +1841,10 @@ int hostapd_wps_config_ap(struct hostapd_data *hapd, const char *ssid, if (os_strncmp(auth, "OPEN", 4) == 0) cred.auth_type = WPS_AUTH_OPEN; +#ifndef CONFIG_NO_TKIP else if (os_strncmp(auth, "WPAPSK", 6) == 0) cred.auth_type = WPS_AUTH_WPAPSK; +#endif /* CONFIG_NO_TKIP */ else if (os_strncmp(auth, "WPA2PSK", 7) == 0) cred.auth_type = WPS_AUTH_WPA2PSK; else @@ -1811,8 +1853,10 @@ int hostapd_wps_config_ap(struct hostapd_data *hapd, const char *ssid, if (encr) { if (os_strncmp(encr, "NONE", 4) == 0) cred.encr_type = WPS_ENCR_NONE; +#ifndef CONFIG_NO_TKIP else if (os_strncmp(encr, "TKIP", 4) == 0) cred.encr_type = WPS_ENCR_TKIP; +#endif /* CONFIG_NO_TKIP */ else if (os_strncmp(encr, "CCMP", 4) == 0) cred.encr_type = WPS_ENCR_AES; else diff --git a/src/common/dpp.c b/src/common/dpp.c index d8690ad5..b33ab15c 100644 --- a/src/common/dpp.c +++ b/src/common/dpp.c @@ -74,12 +74,14 @@ static void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, } +#ifdef CONFIG_DPP2 static EC_KEY * EVP_PKEY_get0_EC_KEY(EVP_PKEY *pkey) { if (pkey->type != EVP_PKEY_EC) return NULL; return pkey->pkey.ec; } +#endif /* CONFIG_DPP2 */ #endif @@ -3952,6 +3954,14 @@ dpp_auth_resp_rx(struct dpp_authentication *auth, const u8 *hdr, dpp_auth_fail(auth, "Missing Initiator Bootstrapping Key Hash attribute"); return NULL; + } else if (auth->own_bi && + auth->own_bi->type == DPP_BOOTSTRAP_NFC_URI && + auth->own_bi->nfc_negotiated) { + /* NFC negotiated connection handover bootstrapping mandates + * use of mutual authentication */ + dpp_auth_fail(auth, + "Missing Initiator Bootstrapping Key Hash attribute"); + return NULL; } auth->peer_version = 1; /* default to the first version */ @@ -6730,7 +6740,7 @@ static int dpp_parse_cred_dpp(struct dpp_authentication *auth, conf->connector = os_strdup(signed_connector); dpp_copy_csign(conf, csign_pub); - if (dpp_akm_dpp(conf->akm)) + if (dpp_akm_dpp(conf->akm) || auth->peer_version >= 2) dpp_copy_netaccesskey(auth, conf); ret = 0; diff --git a/src/common/dpp.h b/src/common/dpp.h index ab3f9271..585d3980 100644 --- a/src/common/dpp.h +++ b/src/common/dpp.h @@ -138,6 +138,8 @@ struct dpp_bootstrap_info { const struct dpp_curve_params *curve; unsigned int pkex_t; /* number of failures before dpp_pkex * instantiation */ + int nfc_negotiated; /* whether this has been used in NFC negotiated + * connection handover */ char *configurator_params; }; diff --git a/src/common/qca-vendor.h b/src/common/qca-vendor.h index 8ef666db..3fa38c92 100644 --- a/src/common/qca-vendor.h +++ b/src/common/qca-vendor.h @@ -5469,8 +5469,12 @@ enum qca_wlan_vendor_attr_spectral_scan { * QCA_WLAN_VENDOR_SPECTRAL_SCAN_MODE_AGILE * Center frequency (in MHz) of the span of interest or * for convenience, center frequency (in MHz) of any channel - * in the span of interest. If agile spectral scan is initiated - * without setting a valid frequency it returns the error code + * in the span of interest. For 80+80 MHz agile spectral scan + * request it represents center frequency (in MHz) of the primary + * 80 MHz span or for convenience, center frequency (in MHz) of any + * channel in the primary 80 MHz span. If agile spectral scan is + * initiated without setting a valid frequency it returns the + * error code * (QCA_WLAN_VENDOR_SPECTRAL_SCAN_ERR_PARAM_NOT_INITIALIZED). * u32 attribute. */ @@ -5497,6 +5501,20 @@ enum qca_wlan_vendor_attr_spectral_scan { * 1-enable, 0-disable */ QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_DMA_BUFFER_DEBUG = 28, + /* This specifies the frequency span over which spectral scan would be + * carried out. Its value depends on the value of + * QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_MODE and the relation is as + * follows. + * QCA_WLAN_VENDOR_SPECTRAL_SCAN_MODE_NORMAL + * Not applicable. Spectral scan would happen in the operating span. + * QCA_WLAN_VENDOR_SPECTRAL_SCAN_MODE_AGILE + * This attribute is applicable only for agile spectral scan + * requests in 80+80 MHz mode. It represents center frequency (in + * MHz) of the secondary 80 MHz span or for convenience, center + * frequency (in MHz) of any channel in the secondary 80 MHz span. + * u32 attribute. + */ + QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_FREQUENCY_2 = 29, QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_AFTER_LAST, QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CONFIG_MAX = @@ -5587,6 +5605,26 @@ enum qca_wlan_vendor_attr_spectral_cap { * for 80+80 MHz mode. */ QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_AGILE_SPECTRAL_80_80 = 13, + /* Number of spectral detectors used for scan in 20 MHz. + * u32 attribute. + */ + QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_NUM_DETECTORS_20_MHZ = 14, + /* Number of spectral detectors used for scan in 40 MHz. + * u32 attribute. + */ + QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_NUM_DETECTORS_40_MHZ = 15, + /* Number of spectral detectors used for scan in 80 MHz. + * u32 attribute. + */ + QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_NUM_DETECTORS_80_MHZ = 16, + /* Number of spectral detectors used for scan in 160 MHz. + * u32 attribute. + */ + QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_NUM_DETECTORS_160_MHZ = 17, + /* Number of spectral detectors used for scan in 80+80 MHz. + * u32 attribute. + */ + QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_NUM_DETECTORS_80P80_MHZ = 18, QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_AFTER_LAST, QCA_WLAN_VENDOR_ATTR_SPECTRAL_SCAN_CAP_MAX = diff --git a/src/common/wpa_common.c b/src/common/wpa_common.c index 12847430..46b647bc 100644 --- a/src/common/wpa_common.c +++ b/src/common/wpa_common.c @@ -2319,11 +2319,18 @@ enum wpa_alg wpa_cipher_to_alg(int cipher) int wpa_cipher_valid_pairwise(int cipher) { +#ifdef CONFIG_NO_TKIP + return cipher == WPA_CIPHER_CCMP_256 || + cipher == WPA_CIPHER_GCMP_256 || + cipher == WPA_CIPHER_CCMP || + cipher == WPA_CIPHER_GCMP; +#else /* CONFIG_NO_TKIP */ return cipher == WPA_CIPHER_CCMP_256 || cipher == WPA_CIPHER_GCMP_256 || cipher == WPA_CIPHER_CCMP || cipher == WPA_CIPHER_GCMP || cipher == WPA_CIPHER_TKIP; +#endif /* CONFIG_NO_TKIP */ } @@ -2476,8 +2483,10 @@ int wpa_parse_cipher(const char *value) val |= WPA_CIPHER_CCMP; else if (os_strcmp(start, "GCMP") == 0) val |= WPA_CIPHER_GCMP; +#ifndef CONFIG_NO_TKIP else if (os_strcmp(start, "TKIP") == 0) val |= WPA_CIPHER_TKIP; +#endif /* CONFIG_NO_TKIP */ #ifdef CONFIG_WEP else if (os_strcmp(start, "WEP104") == 0) val |= WPA_CIPHER_WEP104; diff --git a/src/common/wpa_common.h b/src/common/wpa_common.h index da58159e..c0ef689c 100644 --- a/src/common/wpa_common.h +++ b/src/common/wpa_common.h @@ -22,6 +22,15 @@ #define OWE_DH_GROUP 19 +#ifdef CONFIG_NO_TKIP +#define WPA_ALLOWED_PAIRWISE_CIPHERS \ +(WPA_CIPHER_CCMP | WPA_CIPHER_GCMP | WPA_CIPHER_NONE | \ +WPA_CIPHER_GCMP_256 | WPA_CIPHER_CCMP_256) +#define WPA_ALLOWED_GROUP_CIPHERS \ +(WPA_CIPHER_CCMP | WPA_CIPHER_GCMP | \ +WPA_CIPHER_GCMP_256 | WPA_CIPHER_CCMP_256 | \ +WPA_CIPHER_GTK_NOT_USED) +#else /* CONFIG_NO_TKIP */ #define WPA_ALLOWED_PAIRWISE_CIPHERS \ (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP | WPA_CIPHER_TKIP | WPA_CIPHER_NONE | \ WPA_CIPHER_GCMP_256 | WPA_CIPHER_CCMP_256) @@ -29,6 +38,7 @@ WPA_CIPHER_GCMP_256 | WPA_CIPHER_CCMP_256) (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP | WPA_CIPHER_TKIP | \ WPA_CIPHER_GCMP_256 | WPA_CIPHER_CCMP_256 | \ WPA_CIPHER_GTK_NOT_USED) +#endif /* CONFIG_NO_TKIP */ #define WPA_ALLOWED_GROUP_MGMT_CIPHERS \ (WPA_CIPHER_AES_128_CMAC | WPA_CIPHER_BIP_GMAC_128 | WPA_CIPHER_BIP_GMAC_256 | \ WPA_CIPHER_BIP_CMAC_256) diff --git a/src/drivers/driver.h b/src/drivers/driver.h index 032bbd89..bdd90d89 100644 --- a/src/drivers/driver.h +++ b/src/drivers/driver.h @@ -1838,7 +1838,7 @@ struct wpa_driver_capa { #define WPA_DRIVER_FLAGS_FTM_RESPONDER 0x0100000000000000ULL /** Driver support 4-way handshake offload for WPA-Personal */ #define WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK 0x0200000000000000ULL -/** Driver supports a separate control port for EAPOL frames */ +/** Driver supports a separate control port TX for EAPOL frames */ #define WPA_DRIVER_FLAGS_CONTROL_PORT 0x0400000000000000ULL /** Driver supports VLAN offload */ #define WPA_DRIVER_FLAGS_VLAN_OFFLOAD 0x0800000000000000ULL @@ -1852,6 +1852,10 @@ struct wpa_driver_capa { #define WPA_DRIVER_FLAGS_EXTENDED_KEY_ID 0x8000000000000000ULL u64 flags; +/** Driver supports a separate control port RX for EAPOL frames */ +#define WPA_DRIVER_FLAGS2_CONTROL_PORT_RX 0x0000000000000001ULL + u64 flags2; + #define FULL_AP_CLIENT_STATE_SUPP(drv_flags) \ (drv_flags & WPA_DRIVER_FLAGS_FULL_AP_CLIENT_STATE) @@ -4420,6 +4424,17 @@ struct wpa_driver_ops { */ int (*update_dh_ie)(void *priv, const u8 *peer_mac, u16 reason_code, const u8 *ie, size_t ie_len); + + /** + * dpp_listen - Notify driver about start/stop of DPP listen + * @priv: Private driver interface data + * @enable: Whether listen state is enabled (or disabled) + * Returns: 0 on success, -1 on failure + * + * This optional callback can be used to update RX frame filtering to + * explicitly allow reception of broadcast Public Action frames. + */ + int (*dpp_listen)(void *priv, int enable); }; /** @@ -5921,6 +5936,7 @@ wpa_get_wowlan_triggers(const char *wowlan_triggers, const struct wpa_driver_capa *capa); /* Convert driver flag to string */ const char * driver_flag_to_string(u64 flag); +const char * driver_flag2_to_string(u64 flag2); /* NULL terminated array of linked in driver wrappers */ extern const struct wpa_driver_ops *const wpa_drivers[]; diff --git a/src/drivers/driver_common.c b/src/drivers/driver_common.c index 63846db2..23a6a429 100644 --- a/src/drivers/driver_common.c +++ b/src/drivers/driver_common.c @@ -321,3 +321,14 @@ const char * driver_flag_to_string(u64 flag) return "UNKNOWN"; #undef DF2S } + + +const char * driver_flag2_to_string(u64 flag2) +{ +#define DF2S(x) case WPA_DRIVER_FLAGS2_ ## x: return #x + switch (flag2) { + DF2S(CONTROL_PORT_RX); + } + return "UNKNOWN"; +#undef DF2S +} diff --git a/src/drivers/driver_nl80211.c b/src/drivers/driver_nl80211.c index 3b7c31c8..75792f34 100644 --- a/src/drivers/driver_nl80211.c +++ b/src/drivers/driver_nl80211.c @@ -30,7 +30,6 @@ #include "common/ieee802_11_defs.h" #include "common/ieee802_11_common.h" #include "common/wpa_common.h" -#include "l2_packet/l2_packet.h" #include "netlink.h" #include "linux_defines.h" #include "linux_ioctl.h" @@ -438,6 +437,52 @@ int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv, } +/* Use this method to mark that it is necessary to own the connection/interface + * for this operation. + * handle may be set to NULL, to get the same behavior as send_and_recv_msgs(). + * set_owner can be used to mark this socket for receiving control port frames. + */ +static int send_and_recv_msgs_owner(struct wpa_driver_nl80211_data *drv, + struct nl_msg *msg, + struct nl_sock *handle, int set_owner, + int (*valid_handler)(struct nl_msg *, + void *), + void *valid_data) +{ + /* Control port over nl80211 needs the flags and attributes below. + * + * The Linux kernel has initial checks for them (in nl80211.c) like: + * validate_pae_over_nl80211(...) + * or final checks like: + * dev->ieee80211_ptr->conn_owner_nlportid != info->snd_portid + * + * Final operations (e.g., disassociate) don't need to set these + * attributes, but they have to be performed on the socket, which has + * the connection owner property set in the kernel. + */ + if ((drv->capa.flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX) && + handle && set_owner && + (nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_OVER_NL80211) || + nla_put_flag(msg, NL80211_ATTR_SOCKET_OWNER) || + nla_put_u16(msg, NL80211_ATTR_CONTROL_PORT_ETHERTYPE, ETH_P_PAE) || + nla_put_flag(msg, NL80211_ATTR_CONTROL_PORT_NO_PREAUTH))) + return -1; + + return send_and_recv(drv->global, handle ? handle : drv->global->nl, + msg, valid_handler, valid_data); +} + + +struct nl_sock * get_connect_handle(struct i802_bss *bss) +{ + if ((bss->drv->capa.flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX) || + bss->use_nl_connect) + return bss->nl_connect; + + return NULL; +} + + struct family_data { const char *group; int id; @@ -1918,6 +1963,25 @@ static void wpa_driver_nl80211_handle_eapol_tx_status(int sock, } +static int nl80211_init_connect_handle(struct i802_bss *bss) +{ + if (bss->nl_connect) { + wpa_printf(MSG_DEBUG, + "nl80211: Connect handle already created (nl_connect=%p)", + bss->nl_connect); + return -1; + } + + bss->nl_connect = nl_create_handle(bss->nl_cb, "connect"); + if (!bss->nl_connect) + return -1; + nl80211_register_eloop_read(&bss->nl_connect, + wpa_driver_nl80211_event_receive, + bss->nl_cb, 1); + return 0; +} + + static int nl80211_init_bss(struct i802_bss *bss) { bss->nl_cb = nl_cb_alloc(NL_CB_DEFAULT); @@ -1929,6 +1993,8 @@ static int nl80211_init_bss(struct i802_bss *bss) nl_cb_set(bss->nl_cb, NL_CB_VALID, NL_CB_CUSTOM, process_bss_event, bss); + nl80211_init_connect_handle(bss); + return 0; } @@ -1937,6 +2003,9 @@ static void nl80211_destroy_bss(struct i802_bss *bss) { nl_cb_put(bss->nl_cb); bss->nl_cb = NULL; + + if (bss->nl_connect) + nl80211_destroy_eloop_handle(&bss->nl_connect, 1); } @@ -2160,25 +2229,6 @@ static int nl80211_register_action_frame(struct i802_bss *bss, } -static int nl80211_init_connect_handle(struct i802_bss *bss) -{ - if (bss->nl_connect) { - wpa_printf(MSG_DEBUG, - "nl80211: Connect handle already created (nl_connect=%p)", - bss->nl_connect); - return -1; - } - - bss->nl_connect = nl_create_handle(bss->nl_cb, "connect"); - if (!bss->nl_connect) - return -1; - nl80211_register_eloop_read(&bss->nl_connect, - wpa_driver_nl80211_event_receive, - bss->nl_cb, 1); - return 0; -} - - static int nl80211_mgmt_subscribe_non_ap(struct i802_bss *bss) { struct wpa_driver_nl80211_data *drv = bss->drv; @@ -2716,8 +2766,6 @@ wpa_driver_nl80211_finish_drv_init(struct wpa_driver_nl80211_data *drv, if (drv->vendor_cmd_test_avail) qca_vendor_test(drv); - nl80211_init_connect_handle(bss); - return 0; } @@ -2830,9 +2878,6 @@ static void wpa_driver_nl80211_deinit(struct i802_bss *bss) nl80211_del_p2pdev(bss); } - if (bss->nl_connect) - nl80211_destroy_eloop_handle(&bss->nl_connect, 1); - nl80211_destroy_bss(drv->first_bss); os_free(drv->filter_ssids); @@ -3437,18 +3482,14 @@ static int wpa_driver_nl80211_deauthenticate(struct i802_bss *bss, return nl80211_leave_ibss(drv, 1); } if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) { - struct nl_sock *nl_connect = NULL; - - if (bss->use_nl_connect) - nl_connect = bss->nl_connect; return wpa_driver_nl80211_disconnect(drv, reason_code, - nl_connect); + get_connect_handle(bss)); } wpa_printf(MSG_DEBUG, "%s(addr=" MACSTR " reason_code=%d)", __func__, MAC2STR(addr), reason_code); nl80211_mark_disconnected(drv); ret = wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE, - reason_code, 0, NULL); + reason_code, 0, get_connect_handle(bss)); /* * For locally generated deauthenticate, supplicant already generates a * DEAUTH event, so ignore the event from NL80211. @@ -4432,7 +4473,8 @@ static int wpa_driver_nl80211_set_ap(void *priv, } #endif /* CONFIG_IEEE80211AX */ - ret = send_and_recv_msgs(drv, msg, NULL, NULL); + ret = send_and_recv_msgs_owner(drv, msg, get_connect_handle(bss), 1, + NULL, NULL); if (ret) { wpa_printf(MSG_DEBUG, "nl80211: Beacon set failed: %d (%s)", ret, strerror(-ret)); @@ -5285,7 +5327,10 @@ static int wpa_driver_nl80211_hapd_send_eapol( int res; int qos = flags & WPA_STA_WMM; - if (drv->capa.flags & WPA_DRIVER_FLAGS_CONTROL_PORT) + /* For now, disable EAPOL TX over control port in AP mode by default + * since it does not provide TX status notifications. */ + if (drv->control_port_ap && + (drv->capa.flags & WPA_DRIVER_FLAGS_CONTROL_PORT)) return nl80211_tx_control_port(bss, addr, ETH_P_EAPOL, data, data_len, !encrypt); @@ -5452,7 +5497,9 @@ static int nl80211_leave_ibss(struct wpa_driver_nl80211_data *drv, int ret; msg = nl80211_drv_msg(drv, 0, NL80211_CMD_LEAVE_IBSS); - ret = send_and_recv_msgs(drv, msg, NULL, NULL); + ret = send_and_recv_msgs_owner(drv, msg, + get_connect_handle(drv->first_bss), 1, + NULL, NULL); if (ret) { wpa_printf(MSG_DEBUG, "nl80211: Leave IBSS failed: ret=%d " "(%s)", ret, strerror(-ret)); @@ -5584,7 +5631,9 @@ retry: if (ret < 0) goto fail; - ret = send_and_recv_msgs(drv, msg, NULL, NULL); + ret = send_and_recv_msgs_owner(drv, msg, + get_connect_handle(drv->first_bss), 1, + NULL, NULL); msg = NULL; if (ret) { wpa_printf(MSG_DEBUG, "nl80211: Join IBSS failed: ret=%d (%s)", @@ -5985,12 +6034,8 @@ skip_auth_type: if (ret) goto fail; - if (nl_connect) - ret = send_and_recv(drv->global, nl_connect, msg, - NULL, (void *) -1); - else - ret = send_and_recv_msgs(drv, msg, NULL, (void *) -1); - + ret = send_and_recv_msgs_owner(drv, msg, nl_connect, 1, NULL, + (void *) -1); msg = NULL; if (ret) { wpa_printf(MSG_DEBUG, "nl80211: MLME connect failed: ret=%d " @@ -6059,19 +6104,17 @@ static int wpa_driver_nl80211_associate( if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) { enum nl80211_iftype nlmode = params->p2p ? NL80211_IFTYPE_P2P_CLIENT : NL80211_IFTYPE_STATION; - struct nl_sock *nl_connect = NULL; if (wpa_driver_nl80211_set_mode(priv, nlmode) < 0) return -1; if (params->key_mgmt_suite == WPA_KEY_MGMT_SAE || - params->key_mgmt_suite == WPA_KEY_MGMT_FT_SAE) { - nl_connect = bss->nl_connect; + params->key_mgmt_suite == WPA_KEY_MGMT_FT_SAE) bss->use_nl_connect = 1; - } else { + else bss->use_nl_connect = 0; - } - return wpa_driver_nl80211_connect(drv, params, nl_connect); + return wpa_driver_nl80211_connect(drv, params, + get_connect_handle(bss)); } nl80211_mark_disconnected(drv); @@ -6106,7 +6149,9 @@ static int wpa_driver_nl80211_associate( goto fail; } - ret = send_and_recv_msgs(drv, msg, NULL, NULL); + ret = send_and_recv_msgs_owner(drv, msg, + get_connect_handle(drv->first_bss), 1, + NULL, NULL); msg = NULL; if (ret) { wpa_dbg(drv->ctx, MSG_DEBUG, @@ -7242,6 +7287,12 @@ static void *i802_init(struct hostapd_data *hapd, } #endif /* CONFIG_LIBNL3_ROUTE */ + if (drv->capa.flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX) { + wpa_printf(MSG_DEBUG, + "nl80211: Do not open EAPOL RX socket - using control port for RX"); + goto skip_eapol_sock; + } + drv->eapol_sock = socket(PF_PACKET, SOCK_DGRAM, htons(ETH_P_PAE)); if (drv->eapol_sock < 0) { wpa_printf(MSG_ERROR, "nl80211: socket(PF_PACKET, SOCK_DGRAM, ETH_P_PAE) failed: %s", @@ -7254,6 +7305,7 @@ static void *i802_init(struct hostapd_data *hapd, wpa_printf(MSG_INFO, "nl80211: Could not register read socket for eapol"); goto failed; } +skip_eapol_sock: if (linux_get_ifhwaddr(drv->global->ioctl_sock, bss->ifname, params->own_addr)) @@ -8125,8 +8177,13 @@ static int nl80211_set_param(void *priv, const char *param) drv->test_use_roc_tx = 1; } - if (os_strstr(param, "control_port=0")) + if (os_strstr(param, "control_port=0")) { drv->capa.flags &= ~WPA_DRIVER_FLAGS_CONTROL_PORT; + drv->capa.flags2 &= ~WPA_DRIVER_FLAGS2_CONTROL_PORT_RX; + } + + if (os_strstr(param, "control_port_ap=1")) + drv->control_port_ap = 1; if (os_strstr(param, "full_ap_client_state=0")) drv->capa.flags &= ~WPA_DRIVER_FLAGS_FULL_AP_CLIENT_STATE; @@ -9500,7 +9557,12 @@ static int nl80211_vendor_cmd(void *priv, unsigned int vendor_id, if (nlmsg_append(msg, (void *) data, data_len, NLMSG_ALIGNTO) < 0) goto fail; - ret = send_and_recv_msgs(drv, msg, cmd_reply_handler, buf); + /* This test vendor_cmd can be used with nl80211 commands that + * need the connect nl_sock, so use the owner-setting variant + * of send_and_recv_msgs(). */ + ret = send_and_recv_msgs_owner(drv, msg, + get_connect_handle(bss), 0, + cmd_reply_handler, buf); if (ret) wpa_printf(MSG_DEBUG, "nl80211: command failed err=%d", ret); @@ -9955,7 +10017,8 @@ static int nl80211_join_mesh(struct i802_bss *bss, if (nl80211_put_mesh_config(msg, ¶ms->conf) < 0) goto fail; - ret = send_and_recv_msgs(drv, msg, NULL, NULL); + ret = send_and_recv_msgs_owner(drv, msg, get_connect_handle(bss), 1, + NULL, NULL); msg = NULL; if (ret) { wpa_printf(MSG_DEBUG, "nl80211: mesh join failed: ret=%d (%s)", @@ -10012,7 +10075,8 @@ static int wpa_driver_nl80211_leave_mesh(void *priv) wpa_printf(MSG_DEBUG, "nl80211: mesh leave (ifindex=%d)", drv->ifindex); msg = nl80211_drv_msg(drv, 0, NL80211_CMD_LEAVE_MESH); - ret = send_and_recv_msgs(drv, msg, NULL, NULL); + ret = send_and_recv_msgs_owner(drv, msg, get_connect_handle(bss), 0, + NULL, NULL); if (ret) { wpa_printf(MSG_DEBUG, "nl80211: mesh leave failed: ret=%d (%s)", ret, strerror(-ret)); diff --git a/src/drivers/driver_nl80211.h b/src/drivers/driver_nl80211.h index 6e6c8724..19ac44a4 100644 --- a/src/drivers/driver_nl80211.h +++ b/src/drivers/driver_nl80211.h @@ -171,6 +171,7 @@ struct wpa_driver_nl80211_data { unsigned int roam_vendor_cmd_avail:1; unsigned int get_supported_akm_suites_avail:1; unsigned int add_sta_node_vendor_cmd_avail:1; + unsigned int control_port_ap:1; u64 vendor_scan_cookie; u64 remain_on_chan_cookie; @@ -229,6 +230,7 @@ struct nl_msg * nl80211_bss_msg(struct i802_bss *bss, int flags, uint8_t cmd); int send_and_recv_msgs(struct wpa_driver_nl80211_data *drv, struct nl_msg *msg, int (*valid_handler)(struct nl_msg *, void *), void *valid_data); +struct nl_sock * get_connect_handle(struct i802_bss *bss); int nl80211_create_iface(struct wpa_driver_nl80211_data *drv, const char *ifname, enum nl80211_iftype iftype, const u8 *addr, int wds, diff --git a/src/drivers/driver_nl80211_capa.c b/src/drivers/driver_nl80211_capa.c index b4fed9ea..f0335912 100644 --- a/src/drivers/driver_nl80211_capa.c +++ b/src/drivers/driver_nl80211_capa.c @@ -441,6 +441,9 @@ static void wiphy_info_ext_feature_flags(struct wiphy_info_data *info, if (ext_feature_isset(ext_features, len, NL80211_EXT_FEATURE_CONTROL_PORT_OVER_NL80211)) capa->flags |= WPA_DRIVER_FLAGS_CONTROL_PORT; + if (ext_feature_isset(ext_features, len, + NL80211_EXT_FEATURE_CONTROL_PORT_NO_PREAUTH)) + capa->flags2 |= WPA_DRIVER_FLAGS2_CONTROL_PORT_RX; if (ext_feature_isset(ext_features, len, NL80211_EXT_FEATURE_VLAN_OFFLOAD)) diff --git a/src/drivers/driver_nl80211_event.c b/src/drivers/driver_nl80211_event.c index d4ca2eb2..17a06d8f 100644 --- a/src/drivers/driver_nl80211_event.c +++ b/src/drivers/driver_nl80211_event.c @@ -2505,12 +2505,34 @@ static void nl80211_sta_opmode_change_event(struct wpa_driver_nl80211_data *drv, static void nl80211_control_port_frame(struct wpa_driver_nl80211_data *drv, struct nlattr **tb) { - if (!tb[NL80211_ATTR_MAC] || !tb[NL80211_ATTR_FRAME]) + u8 *src_addr; + u16 ethertype; + + if (!tb[NL80211_ATTR_MAC] || + !tb[NL80211_ATTR_FRAME] || + !tb[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]) return; - drv_event_eapol_rx(drv->ctx, nla_data(tb[NL80211_ATTR_MAC]), - nla_data(tb[NL80211_ATTR_FRAME]), - nla_len(tb[NL80211_ATTR_FRAME])); + src_addr = nla_data(tb[NL80211_ATTR_MAC]); + ethertype = nla_get_u16(tb[NL80211_ATTR_CONTROL_PORT_ETHERTYPE]); + + switch (ethertype) { + case ETH_P_RSN_PREAUTH: + wpa_printf(MSG_INFO, "nl80211: Got pre-auth frame from " + MACSTR " over control port unexpectedly", + MAC2STR(src_addr)); + break; + case ETH_P_PAE: + drv_event_eapol_rx(drv->ctx, src_addr, + nla_data(tb[NL80211_ATTR_FRAME]), + nla_len(tb[NL80211_ATTR_FRAME])); + break; + default: + wpa_printf(MSG_INFO, "nl80211: Unxpected ethertype 0x%04x from " + MACSTR " over control port", + ethertype, MAC2STR(src_addr)); + break; + } } @@ -2729,9 +2751,6 @@ static void do_process_drv_event(struct i802_bss *bss, int cmd, case NL80211_CMD_UPDATE_OWE_INFO: mlme_event_dh_event(drv, bss, tb); break; - case NL80211_CMD_CONTROL_PORT_FRAME: - nl80211_control_port_frame(drv, tb); - break; default: wpa_dbg(drv->ctx, MSG_DEBUG, "nl80211: Ignored unknown event " "(cmd=%d)", cmd); @@ -2821,6 +2840,9 @@ int process_bss_event(struct nl_msg *msg, void *arg) case NL80211_CMD_EXTERNAL_AUTH: nl80211_external_auth(bss->drv, tb); break; + case NL80211_CMD_CONTROL_PORT_FRAME: + nl80211_control_port_frame(bss->drv, tb); + break; default: wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event " "(cmd=%d)", gnlh->cmd); diff --git a/src/drivers/driver_nl80211_scan.c b/src/drivers/driver_nl80211_scan.c index 04f6bb87..17e8b2c2 100644 --- a/src/drivers/driver_nl80211_scan.c +++ b/src/drivers/driver_nl80211_scan.c @@ -872,7 +872,7 @@ static void clear_state_mismatch(struct wpa_driver_nl80211_data *drv, wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE, WLAN_REASON_PREV_AUTH_NOT_VALID, 1, - NULL); + get_connect_handle(drv->first_bss)); } } diff --git a/src/eap_server/eap.h b/src/eap_server/eap.h index 540b4e70..61032cc0 100644 --- a/src/eap_server/eap.h +++ b/src/eap_server/eap.h @@ -45,43 +45,43 @@ struct eap_user { struct eap_eapol_interface { /* Lower layer to full authenticator variables */ - Boolean eapResp; /* shared with EAPOL Backend Authentication */ + bool eapResp; /* shared with EAPOL Backend Authentication */ struct wpabuf *eapRespData; - Boolean portEnabled; + bool portEnabled; int retransWhile; - Boolean eapRestart; /* shared with EAPOL Authenticator PAE */ + bool eapRestart; /* shared with EAPOL Authenticator PAE */ int eapSRTT; int eapRTTVAR; /* Full authenticator to lower layer variables */ - Boolean eapReq; /* shared with EAPOL Backend Authentication */ - Boolean eapNoReq; /* shared with EAPOL Backend Authentication */ - Boolean eapSuccess; - Boolean eapFail; - Boolean eapTimeout; + bool eapReq; /* shared with EAPOL Backend Authentication */ + bool eapNoReq; /* shared with EAPOL Backend Authentication */ + bool eapSuccess; + bool eapFail; + bool eapTimeout; struct wpabuf *eapReqData; u8 *eapKeyData; size_t eapKeyDataLen; u8 *eapSessionId; size_t eapSessionIdLen; - Boolean eapKeyAvailable; /* called keyAvailable in IEEE 802.1X-2004 */ + bool eapKeyAvailable; /* called keyAvailable in IEEE 802.1X-2004 */ /* AAA interface to full authenticator variables */ - Boolean aaaEapReq; - Boolean aaaEapNoReq; - Boolean aaaSuccess; - Boolean aaaFail; + bool aaaEapReq; + bool aaaEapNoReq; + bool aaaSuccess; + bool aaaFail; struct wpabuf *aaaEapReqData; u8 *aaaEapKeyData; size_t aaaEapKeyDataLen; - Boolean aaaEapKeyAvailable; + bool aaaEapKeyAvailable; int aaaMethodTimeout; /* Full authenticator to AAA interface variables */ - Boolean aaaEapResp; + bool aaaEapResp; struct wpabuf *aaaEapRespData; /* aaaIdentity -> eap_get_identity() */ - Boolean aaaTimeout; + bool aaaTimeout; }; struct eap_server_erp_key { @@ -124,7 +124,7 @@ struct eap_config { * callback context. */ void *eap_sim_db_priv; - Boolean backend_auth; + bool backend_auth; int eap_server; /** diff --git a/src/eap_server/eap_i.h b/src/eap_server/eap_i.h index 44896a69..28bb564e 100644 --- a/src/eap_server/eap_i.h +++ b/src/eap_server/eap_i.h @@ -32,15 +32,14 @@ struct eap_method { struct wpabuf * (*buildReq)(struct eap_sm *sm, void *priv, u8 id); int (*getTimeout)(struct eap_sm *sm, void *priv); - Boolean (*check)(struct eap_sm *sm, void *priv, - struct wpabuf *respData); + bool (*check)(struct eap_sm *sm, void *priv, struct wpabuf *respData); void (*process)(struct eap_sm *sm, void *priv, struct wpabuf *respData); - Boolean (*isDone)(struct eap_sm *sm, void *priv); + bool (*isDone)(struct eap_sm *sm, void *priv); u8 * (*getKey)(struct eap_sm *sm, void *priv, size_t *len); /* isSuccess is not specified in draft-ietf-eap-statemachine-05.txt, * but it is useful in implementing Policy.getDecision() */ - Boolean (*isSuccess)(struct eap_sm *sm, void *priv); + bool (*isSuccess)(struct eap_sm *sm, void *priv); /** * free - Free EAP method data @@ -138,13 +137,13 @@ struct eap_sm { int methodTimeout; /* Short-term (not maintained between packets) */ - Boolean rxResp; - Boolean rxInitiate; + bool rxResp; + bool rxInitiate; int respId; enum eap_type respMethod; int respVendor; u32 respVendorMethod; - Boolean ignore; + bool ignore; enum { DECISION_SUCCESS, DECISION_FAILURE, DECISION_CONTINUE, DECISION_PASSTHROUGH, DECISION_INITIATE_REAUTH_START @@ -153,7 +152,7 @@ struct eap_sm { /* Miscellaneous variables */ const struct eap_method *m; /* selected EAP method */ /* not defined in RFC 4137 */ - Boolean changed; + bool changed; void *eapol_ctx; const struct eapol_callbacks *eapol_cb; void *eap_method_priv; @@ -169,7 +168,7 @@ struct eap_sm { int init_phase2; const struct eap_config *cfg; struct eap_config cfg_buf; - Boolean update_user; + bool update_user; unsigned int num_rounds; unsigned int num_rounds_short; @@ -183,12 +182,12 @@ struct eap_sm { struct wpabuf *assoc_wps_ie; struct wpabuf *assoc_p2p_ie; - Boolean start_reauth; + bool start_reauth; u8 peer_addr[ETH_ALEN]; - Boolean initiate_reauth_start_sent; - Boolean try_initiate_reauth; + bool initiate_reauth_start_sent; + bool try_initiate_reauth; #ifdef CONFIG_TESTING_OPTIONS u32 tls_test_flags; diff --git a/src/eap_server/eap_server.c b/src/eap_server/eap_server.c index 34ce2394..0b7a5b98 100644 --- a/src/eap_server/eap_server.c +++ b/src/eap_server/eap_server.c @@ -9,7 +9,7 @@ * in RFC 4137. However, to support backend authentication in RADIUS * authentication server functionality, parts of backend authenticator (also * from RFC 4137) are mixed in. This functionality is enabled by setting - * backend_auth configuration variable to TRUE. + * backend_auth configuration variable to true. */ #include "includes.h" @@ -38,7 +38,7 @@ static void eap_sm_Policy_update(struct eap_sm *sm, const u8 *nak_list, static enum eap_type eap_sm_Policy_getNextMethod(struct eap_sm *sm, int *vendor); static int eap_sm_Policy_getDecision(struct eap_sm *sm); -static Boolean eap_sm_Policy_doPickUp(struct eap_sm *sm, enum eap_type method); +static bool eap_sm_Policy_doPickUp(struct eap_sm *sm, enum eap_type method); static int eap_get_erp_send_reauth_start(struct eap_sm *sm) @@ -230,19 +230,19 @@ SM_STATE(EAP, INITIALIZE) eap_server_clear_identity(sm); } - sm->try_initiate_reauth = FALSE; + sm->try_initiate_reauth = false; sm->currentId = -1; - sm->eap_if.eapSuccess = FALSE; - sm->eap_if.eapFail = FALSE; - sm->eap_if.eapTimeout = FALSE; + sm->eap_if.eapSuccess = false; + sm->eap_if.eapFail = false; + sm->eap_if.eapTimeout = false; bin_clear_free(sm->eap_if.eapKeyData, sm->eap_if.eapKeyDataLen); sm->eap_if.eapKeyData = NULL; sm->eap_if.eapKeyDataLen = 0; os_free(sm->eap_if.eapSessionId); sm->eap_if.eapSessionId = NULL; sm->eap_if.eapSessionIdLen = 0; - sm->eap_if.eapKeyAvailable = FALSE; - sm->eap_if.eapRestart = FALSE; + sm->eap_if.eapKeyAvailable = false; + sm->eap_if.eapRestart = false; /* * This is not defined in RFC 4137, but method state needs to be @@ -322,7 +322,7 @@ SM_STATE(EAP, RETRANSMIT) sm->retransCount++; if (sm->retransCount <= sm->MaxRetrans && sm->lastReqData) { if (eap_copy_buf(&sm->eap_if.eapReqData, sm->lastReqData) == 0) - sm->eap_if.eapReq = TRUE; + sm->eap_if.eapReq = true; } wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_RETRANSMIT MACSTR, @@ -347,8 +347,8 @@ SM_STATE(EAP, RECEIVED) SM_STATE(EAP, DISCARD) { SM_ENTRY(EAP, DISCARD); - sm->eap_if.eapResp = FALSE; - sm->eap_if.eapNoReq = TRUE; + sm->eap_if.eapResp = false; + sm->eap_if.eapNoReq = true; } @@ -362,17 +362,17 @@ SM_STATE(EAP, SEND_REQUEST) sm->num_rounds_short = 0; if (eap_copy_buf(&sm->lastReqData, sm->eap_if.eapReqData) == 0) { - sm->eap_if.eapResp = FALSE; - sm->eap_if.eapReq = TRUE; + sm->eap_if.eapResp = false; + sm->eap_if.eapReq = true; } else { - sm->eap_if.eapResp = FALSE; - sm->eap_if.eapReq = FALSE; + sm->eap_if.eapResp = false; + sm->eap_if.eapReq = false; } } else { wpa_printf(MSG_INFO, "EAP: SEND_REQUEST - no eapReqData"); - sm->eap_if.eapResp = FALSE; - sm->eap_if.eapReq = FALSE; - sm->eap_if.eapNoReq = TRUE; + sm->eap_if.eapResp = false; + sm->eap_if.eapReq = false; + sm->eap_if.eapNoReq = true; } } @@ -382,7 +382,7 @@ SM_STATE(EAP, INTEGRITY_CHECK) SM_ENTRY(EAP, INTEGRITY_CHECK); if (!eap_hdr_len_valid(sm->eap_if.eapRespData, 1)) { - sm->ignore = TRUE; + sm->ignore = true; return; } @@ -552,7 +552,7 @@ SM_STATE(EAP, PROPOSE_METHOD) SM_ENTRY(EAP, PROPOSE_METHOD); - sm->try_initiate_reauth = FALSE; + sm->try_initiate_reauth = false; try_another_method: type = eap_sm_Policy_getNextMethod(sm, &vendor); if (vendor == EAP_VENDOR_IETF) @@ -640,7 +640,7 @@ SM_STATE(EAP, TIMEOUT_FAILURE) { SM_ENTRY(EAP, TIMEOUT_FAILURE); - sm->eap_if.eapTimeout = TRUE; + sm->eap_if.eapTimeout = true; wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_TIMEOUT_FAILURE MACSTR, MAC2STR(sm->peer_addr)); @@ -655,7 +655,7 @@ SM_STATE(EAP, FAILURE) sm->eap_if.eapReqData = eap_sm_buildFailure(sm, sm->currentId); wpabuf_free(sm->lastReqData); sm->lastReqData = NULL; - sm->eap_if.eapFail = TRUE; + sm->eap_if.eapFail = true; wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE MACSTR, MAC2STR(sm->peer_addr)); @@ -671,8 +671,8 @@ SM_STATE(EAP, SUCCESS) wpabuf_free(sm->lastReqData); sm->lastReqData = NULL; if (sm->eap_if.eapKeyData) - sm->eap_if.eapKeyAvailable = TRUE; - sm->eap_if.eapSuccess = TRUE; + sm->eap_if.eapKeyAvailable = true; + sm->eap_if.eapSuccess = true; wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_SUCCESS MACSTR, MAC2STR(sm->peer_addr)); @@ -683,8 +683,8 @@ SM_STATE(EAP, INITIATE_REAUTH_START) { SM_ENTRY(EAP, INITIATE_REAUTH_START); - sm->initiate_reauth_start_sent = TRUE; - sm->try_initiate_reauth = TRUE; + sm->initiate_reauth_start_sent = true; + sm->try_initiate_reauth = true; sm->currentId = eap_sm_nextId(sm, sm->currentId); wpa_printf(MSG_DEBUG, "EAP: building EAP-Initiate-Re-auth-Start: Identifier %d", @@ -760,7 +760,7 @@ static void erp_send_finish_reauth(struct eap_sm *sm, sm->lastReqData = NULL; if ((flags & 0x80) || !erp) { - sm->eap_if.eapFail = TRUE; + sm->eap_if.eapFail = true; wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE MACSTR, MAC2STR(sm->peer_addr)); return; @@ -784,10 +784,10 @@ static void erp_send_finish_reauth(struct eap_sm *sm, return; } sm->eap_if.eapKeyDataLen = erp->rRK_len; - sm->eap_if.eapKeyAvailable = TRUE; + sm->eap_if.eapKeyAvailable = true; wpa_hexdump_key(MSG_DEBUG, "EAP: ERP rMSK", sm->eap_if.eapKeyData, sm->eap_if.eapKeyDataLen); - sm->eap_if.eapSuccess = TRUE; + sm->eap_if.eapSuccess = true; wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_SUCCESS MACSTR, MAC2STR(sm->peer_addr)); @@ -811,7 +811,7 @@ SM_STATE(EAP, INITIATE_RECEIVED) SM_ENTRY(EAP, INITIATE_RECEIVED); - sm->rxInitiate = FALSE; + sm->rxInitiate = false; pos = eap_hdr_validate(EAP_VENDOR_IETF, (enum eap_type) EAP_ERP_TYPE_REAUTH, @@ -988,7 +988,7 @@ report_error: return; fail: - sm->ignore = TRUE; + sm->ignore = true; } #endif /* CONFIG_ERP */ @@ -1000,7 +1000,7 @@ SM_STATE(EAP, INITIALIZE_PASSTHROUGH) wpabuf_free(sm->eap_if.aaaEapRespData); sm->eap_if.aaaEapRespData = NULL; - sm->try_initiate_reauth = FALSE; + sm->try_initiate_reauth = false; } @@ -1021,7 +1021,7 @@ SM_STATE(EAP, RETRANSMIT2) sm->retransCount++; if (sm->retransCount <= sm->MaxRetrans && sm->lastReqData) { if (eap_copy_buf(&sm->eap_if.eapReqData, sm->lastReqData) == 0) - sm->eap_if.eapReq = TRUE; + sm->eap_if.eapReq = true; } wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_RETRANSMIT2 MACSTR, @@ -1041,8 +1041,8 @@ SM_STATE(EAP, RECEIVED2) SM_STATE(EAP, DISCARD2) { SM_ENTRY(EAP, DISCARD2); - sm->eap_if.eapResp = FALSE; - sm->eap_if.eapNoReq = TRUE; + sm->eap_if.eapResp = false; + sm->eap_if.eapNoReq = true; } @@ -1054,17 +1054,17 @@ SM_STATE(EAP, SEND_REQUEST2) if (sm->eap_if.eapReqData) { if (eap_copy_buf(&sm->lastReqData, sm->eap_if.eapReqData) == 0) { - sm->eap_if.eapResp = FALSE; - sm->eap_if.eapReq = TRUE; + sm->eap_if.eapResp = false; + sm->eap_if.eapReq = true; } else { - sm->eap_if.eapResp = FALSE; - sm->eap_if.eapReq = FALSE; + sm->eap_if.eapResp = false; + sm->eap_if.eapReq = false; } } else { wpa_printf(MSG_INFO, "EAP: SEND_REQUEST2 - no eapReqData"); - sm->eap_if.eapResp = FALSE; - sm->eap_if.eapReq = FALSE; - sm->eap_if.eapNoReq = TRUE; + sm->eap_if.eapResp = false; + sm->eap_if.eapReq = false; + sm->eap_if.eapNoReq = true; } } @@ -1103,11 +1103,11 @@ SM_STATE(EAP, AAA_IDLE) { SM_ENTRY(EAP, AAA_IDLE); - sm->eap_if.aaaFail = FALSE; - sm->eap_if.aaaSuccess = FALSE; - sm->eap_if.aaaEapReq = FALSE; - sm->eap_if.aaaEapNoReq = FALSE; - sm->eap_if.aaaEapResp = TRUE; + sm->eap_if.aaaFail = false; + sm->eap_if.aaaSuccess = false; + sm->eap_if.aaaEapReq = false; + sm->eap_if.aaaEapNoReq = false; + sm->eap_if.aaaEapResp = true; } @@ -1115,7 +1115,7 @@ SM_STATE(EAP, TIMEOUT_FAILURE2) { SM_ENTRY(EAP, TIMEOUT_FAILURE2); - sm->eap_if.eapTimeout = TRUE; + sm->eap_if.eapTimeout = true; wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_TIMEOUT_FAILURE2 MACSTR, MAC2STR(sm->peer_addr)); @@ -1127,7 +1127,7 @@ SM_STATE(EAP, FAILURE2) SM_ENTRY(EAP, FAILURE2); eap_copy_buf(&sm->eap_if.eapReqData, sm->eap_if.aaaEapReqData); - sm->eap_if.eapFail = TRUE; + sm->eap_if.eapFail = true; wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE2 MACSTR, MAC2STR(sm->peer_addr)); @@ -1149,14 +1149,14 @@ SM_STATE(EAP, SUCCESS2) sm->eap_if.eapKeyDataLen = 0; } - sm->eap_if.eapSuccess = TRUE; + sm->eap_if.eapSuccess = true; /* * Start reauthentication with identity request even though we know the * previously used identity. This is needed to get reauthentication * started properly. */ - sm->start_reauth = TRUE; + sm->start_reauth = true; wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_SUCCESS2 MACSTR, MAC2STR(sm->peer_addr)); @@ -1217,7 +1217,7 @@ SM_STEP(EAP) case EAP_IDLE: if (sm->eap_if.retransWhile == 0) { if (sm->try_initiate_reauth) { - sm->try_initiate_reauth = FALSE; + sm->try_initiate_reauth = false; SM_ENTER(EAP, SELECT_ACTION); } else { SM_ENTER(EAP, RETRANSMIT); @@ -1491,8 +1491,8 @@ static void eap_sm_parseEapResp(struct eap_sm *sm, const struct wpabuf *resp) size_t plen; /* parse rxResp, respId, respMethod */ - sm->rxResp = FALSE; - sm->rxInitiate = FALSE; + sm->rxResp = false; + sm->rxInitiate = false; sm->respId = -1; sm->respMethod = EAP_TYPE_NONE; sm->respVendor = EAP_VENDOR_IETF; @@ -1518,9 +1518,9 @@ static void eap_sm_parseEapResp(struct eap_sm *sm, const struct wpabuf *resp) sm->respId = hdr->identifier; if (hdr->code == EAP_CODE_RESPONSE) - sm->rxResp = TRUE; + sm->rxResp = true; else if (hdr->code == EAP_CODE_INITIATE) - sm->rxInitiate = TRUE; + sm->rxInitiate = true; if (plen > sizeof(*hdr)) { u8 *pos = (u8 *) (hdr + 1); @@ -1702,7 +1702,7 @@ static enum eap_type eap_sm_Policy_getNextMethod(struct eap_sm *sm, int *vendor) if (sm->identity == NULL || sm->currentId == -1) { *vendor = EAP_VENDOR_IETF; next = EAP_TYPE_IDENTITY; - sm->update_user = TRUE; + sm->update_user = true; } else if (sm->user && idx < EAP_MAX_METHODS && (sm->user->methods[idx].vendor != EAP_VENDOR_IETF || sm->user->methods[idx].method != EAP_TYPE_NONE)) { @@ -1730,7 +1730,7 @@ static int eap_sm_Policy_getDecision(struct eap_sm *sm) sm->m->isSuccess(sm, sm->eap_method_priv)) { wpa_printf(MSG_DEBUG, "EAP: getDecision: method succeeded -> " "SUCCESS"); - sm->update_user = TRUE; + sm->update_user = true; return DECISION_SUCCESS; } @@ -1738,7 +1738,7 @@ static int eap_sm_Policy_getDecision(struct eap_sm *sm) !sm->m->isSuccess(sm, sm->eap_method_priv)) { wpa_printf(MSG_DEBUG, "EAP: getDecision: method failed -> " "FAILURE"); - sm->update_user = TRUE; + sm->update_user = true; return DECISION_FAILURE; } @@ -1765,12 +1765,12 @@ static int eap_sm_Policy_getDecision(struct eap_sm *sm) sm->user->methods[0].method == EAP_TYPE_IDENTITY) { wpa_printf(MSG_DEBUG, "EAP: getDecision: stop " "identity request loop -> FAILURE"); - sm->update_user = TRUE; + sm->update_user = true; return DECISION_FAILURE; } - sm->update_user = FALSE; + sm->update_user = false; } - sm->start_reauth = FALSE; + sm->start_reauth = false; if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS && (sm->user->methods[sm->user_eap_method_index].vendor != @@ -1801,9 +1801,9 @@ static int eap_sm_Policy_getDecision(struct eap_sm *sm) } -static Boolean eap_sm_Policy_doPickUp(struct eap_sm *sm, enum eap_type method) +static bool eap_sm_Policy_doPickUp(struct eap_sm *sm, enum eap_type method) { - return method == EAP_TYPE_IDENTITY ? TRUE : FALSE; + return method == EAP_TYPE_IDENTITY; } @@ -1820,7 +1820,7 @@ int eap_server_sm_step(struct eap_sm *sm) { int res = 0; do { - sm->changed = FALSE; + sm->changed = false; SM_STEP_RUN(EAP); if (sm->changed) res = 1; diff --git a/src/eap_server/eap_server_aka.c b/src/eap_server/eap_server_aka.c index 22dd965d..e9bf0300 100644 --- a/src/eap_server/eap_server_aka.c +++ b/src/eap_server/eap_server_aka.c @@ -664,8 +664,8 @@ static struct wpabuf * eap_aka_buildReq(struct eap_sm *sm, void *priv, u8 id) } -static Boolean eap_aka_check(struct eap_sm *sm, void *priv, - struct wpabuf *respData) +static bool eap_aka_check(struct eap_sm *sm, void *priv, + struct wpabuf *respData) { struct eap_aka_data *data = priv; const u8 *pos; @@ -675,25 +675,25 @@ static Boolean eap_aka_check(struct eap_sm *sm, void *priv, &len); if (pos == NULL || len < 3) { wpa_printf(MSG_INFO, "EAP-AKA: Invalid frame"); - return TRUE; + return true; } - return FALSE; + return false; } -static Boolean eap_aka_subtype_ok(struct eap_aka_data *data, u8 subtype) +static bool eap_aka_subtype_ok(struct eap_aka_data *data, u8 subtype) { if (subtype == EAP_AKA_SUBTYPE_CLIENT_ERROR || subtype == EAP_AKA_SUBTYPE_AUTHENTICATION_REJECT) - return FALSE; + return false; switch (data->state) { case IDENTITY: if (subtype != EAP_AKA_SUBTYPE_IDENTITY) { wpa_printf(MSG_INFO, "EAP-AKA: Unexpected response " "subtype %d", subtype); - return TRUE; + return true; } break; case CHALLENGE: @@ -701,30 +701,30 @@ static Boolean eap_aka_subtype_ok(struct eap_aka_data *data, u8 subtype) subtype != EAP_AKA_SUBTYPE_SYNCHRONIZATION_FAILURE) { wpa_printf(MSG_INFO, "EAP-AKA: Unexpected response " "subtype %d", subtype); - return TRUE; + return true; } break; case REAUTH: if (subtype != EAP_AKA_SUBTYPE_REAUTHENTICATION) { wpa_printf(MSG_INFO, "EAP-AKA: Unexpected response " "subtype %d", subtype); - return TRUE; + return true; } break; case NOTIFICATION: if (subtype != EAP_AKA_SUBTYPE_NOTIFICATION) { wpa_printf(MSG_INFO, "EAP-AKA: Unexpected response " "subtype %d", subtype); - return TRUE; + return true; } break; default: wpa_printf(MSG_INFO, "EAP-AKA: Unexpected state (%d) for " "processing a response", data->state); - return TRUE; + return true; } - return FALSE; + return false; } @@ -1269,7 +1269,7 @@ static void eap_aka_process(struct eap_sm *sm, void *priv, } -static Boolean eap_aka_isDone(struct eap_sm *sm, void *priv) +static bool eap_aka_isDone(struct eap_sm *sm, void *priv) { struct eap_aka_data *data = priv; return data->state == SUCCESS || data->state == FAILURE; @@ -1308,7 +1308,7 @@ static u8 * eap_aka_get_emsk(struct eap_sm *sm, void *priv, size_t *len) } -static Boolean eap_aka_isSuccess(struct eap_sm *sm, void *priv) +static bool eap_aka_isSuccess(struct eap_sm *sm, void *priv) { struct eap_aka_data *data = priv; return data->state == SUCCESS; diff --git a/src/eap_server/eap_server_eke.c b/src/eap_server/eap_server_eke.c index 71fab962..eac3245c 100644 --- a/src/eap_server/eap_server_eke.c +++ b/src/eap_server/eap_server_eke.c @@ -380,8 +380,8 @@ static struct wpabuf * eap_eke_buildReq(struct eap_sm *sm, void *priv, u8 id) } -static Boolean eap_eke_check(struct eap_sm *sm, void *priv, - struct wpabuf *respData) +static bool eap_eke_check(struct eap_sm *sm, void *priv, + struct wpabuf *respData) { struct eap_eke_data *data = priv; size_t len; @@ -391,28 +391,28 @@ static Boolean eap_eke_check(struct eap_sm *sm, void *priv, pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_EKE, respData, &len); if (pos == NULL || len < 1) { wpa_printf(MSG_INFO, "EAP-EKE: Invalid frame"); - return TRUE; + return true; } eke_exch = *pos; wpa_printf(MSG_DEBUG, "EAP-EKE: Received frame: EKE-Exch=%d", eke_exch); if (data->state == IDENTITY && eke_exch == EAP_EKE_ID) - return FALSE; + return false; if (data->state == COMMIT && eke_exch == EAP_EKE_COMMIT) - return FALSE; + return false; if (data->state == CONFIRM && eke_exch == EAP_EKE_CONFIRM) - return FALSE; + return false; if (eke_exch == EAP_EKE_FAILURE) - return FALSE; + return false; wpa_printf(MSG_INFO, "EAP-EKE: Unexpected EKE-Exch=%d in state=%d", eke_exch, data->state); - return TRUE; + return true; } @@ -716,7 +716,7 @@ static void eap_eke_process(struct eap_sm *sm, void *priv, } -static Boolean eap_eke_isDone(struct eap_sm *sm, void *priv) +static bool eap_eke_isDone(struct eap_sm *sm, void *priv) { struct eap_eke_data *data = priv; return data->state == SUCCESS || data->state == FAILURE; @@ -757,7 +757,7 @@ static u8 * eap_eke_get_emsk(struct eap_sm *sm, void *priv, size_t *len) } -static Boolean eap_eke_isSuccess(struct eap_sm *sm, void *priv) +static bool eap_eke_isSuccess(struct eap_sm *sm, void *priv) { struct eap_eke_data *data = priv; return data->state == SUCCESS; diff --git a/src/eap_server/eap_server_fast.c b/src/eap_server/eap_server_fast.c index 0270821c..55d48d91 100644 --- a/src/eap_server/eap_server_fast.c +++ b/src/eap_server/eap_server_fast.c @@ -929,8 +929,8 @@ static struct wpabuf * eap_fast_buildReq(struct eap_sm *sm, void *priv, u8 id) } -static Boolean eap_fast_check(struct eap_sm *sm, void *priv, - struct wpabuf *respData) +static bool eap_fast_check(struct eap_sm *sm, void *priv, + struct wpabuf *respData) { const u8 *pos; size_t len; @@ -938,10 +938,10 @@ static Boolean eap_fast_check(struct eap_sm *sm, void *priv, pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_FAST, respData, &len); if (pos == NULL || len < 1) { wpa_printf(MSG_INFO, "EAP-FAST: Invalid frame"); - return TRUE; + return true; } - return FALSE; + return false; } @@ -1563,7 +1563,7 @@ static void eap_fast_process(struct eap_sm *sm, void *priv, } -static Boolean eap_fast_isDone(struct eap_sm *sm, void *priv) +static bool eap_fast_isDone(struct eap_sm *sm, void *priv) { struct eap_fast_data *data = priv; return data->state == SUCCESS || data->state == FAILURE; @@ -1614,7 +1614,7 @@ static u8 * eap_fast_get_emsk(struct eap_sm *sm, void *priv, size_t *len) } -static Boolean eap_fast_isSuccess(struct eap_sm *sm, void *priv) +static bool eap_fast_isSuccess(struct eap_sm *sm, void *priv) { struct eap_fast_data *data = priv; return data->state == SUCCESS; diff --git a/src/eap_server/eap_server_gpsk.c b/src/eap_server/eap_server_gpsk.c index a7742751..4081b9f9 100644 --- a/src/eap_server/eap_server_gpsk.c +++ b/src/eap_server/eap_server_gpsk.c @@ -208,8 +208,8 @@ static struct wpabuf * eap_gpsk_buildReq(struct eap_sm *sm, void *priv, u8 id) } -static Boolean eap_gpsk_check(struct eap_sm *sm, void *priv, - struct wpabuf *respData) +static bool eap_gpsk_check(struct eap_sm *sm, void *priv, + struct wpabuf *respData) { struct eap_gpsk_data *data = priv; const u8 *pos; @@ -218,21 +218,21 @@ static Boolean eap_gpsk_check(struct eap_sm *sm, void *priv, pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_GPSK, respData, &len); if (pos == NULL || len < 1) { wpa_printf(MSG_INFO, "EAP-GPSK: Invalid frame"); - return TRUE; + return true; } wpa_printf(MSG_DEBUG, "EAP-GPSK: Received frame: opcode=%d", *pos); if (data->state == GPSK_1 && *pos == EAP_GPSK_OPCODE_GPSK_2) - return FALSE; + return false; if (data->state == GPSK_3 && *pos == EAP_GPSK_OPCODE_GPSK_4) - return FALSE; + return false; wpa_printf(MSG_INFO, "EAP-GPSK: Unexpected opcode=%d in state=%d", *pos, data->state); - return TRUE; + return true; } @@ -560,7 +560,7 @@ static void eap_gpsk_process(struct eap_sm *sm, void *priv, } -static Boolean eap_gpsk_isDone(struct eap_sm *sm, void *priv) +static bool eap_gpsk_isDone(struct eap_sm *sm, void *priv) { struct eap_gpsk_data *data = priv; return data->state == SUCCESS || data->state == FAILURE; @@ -601,7 +601,7 @@ static u8 * eap_gpsk_get_emsk(struct eap_sm *sm, void *priv, size_t *len) } -static Boolean eap_gpsk_isSuccess(struct eap_sm *sm, void *priv) +static bool eap_gpsk_isSuccess(struct eap_sm *sm, void *priv) { struct eap_gpsk_data *data = priv; return data->state == SUCCESS; diff --git a/src/eap_server/eap_server_gtc.c b/src/eap_server/eap_server_gtc.c index fcccbcbd..6310793a 100644 --- a/src/eap_server/eap_server_gtc.c +++ b/src/eap_server/eap_server_gtc.c @@ -74,8 +74,8 @@ static struct wpabuf * eap_gtc_buildReq(struct eap_sm *sm, void *priv, u8 id) } -static Boolean eap_gtc_check(struct eap_sm *sm, void *priv, - struct wpabuf *respData) +static bool eap_gtc_check(struct eap_sm *sm, void *priv, + struct wpabuf *respData) { const u8 *pos; size_t len; @@ -83,10 +83,10 @@ static Boolean eap_gtc_check(struct eap_sm *sm, void *priv, pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_GTC, respData, &len); if (pos == NULL || len < 1) { wpa_printf(MSG_INFO, "EAP-GTC: Invalid frame"); - return TRUE; + return true; } - return FALSE; + return false; } @@ -184,14 +184,14 @@ static void eap_gtc_process(struct eap_sm *sm, void *priv, } -static Boolean eap_gtc_isDone(struct eap_sm *sm, void *priv) +static bool eap_gtc_isDone(struct eap_sm *sm, void *priv) { struct eap_gtc_data *data = priv; return data->state != CONTINUE; } -static Boolean eap_gtc_isSuccess(struct eap_sm *sm, void *priv) +static bool eap_gtc_isSuccess(struct eap_sm *sm, void *priv) { struct eap_gtc_data *data = priv; return data->state == SUCCESS; diff --git a/src/eap_server/eap_server_identity.c b/src/eap_server/eap_server_identity.c index 1b1db53f..813e1d6d 100644 --- a/src/eap_server/eap_server_identity.c +++ b/src/eap_server/eap_server_identity.c @@ -79,8 +79,8 @@ static struct wpabuf * eap_identity_buildReq(struct eap_sm *sm, void *priv, } -static Boolean eap_identity_check(struct eap_sm *sm, void *priv, - struct wpabuf *respData) +static bool eap_identity_check(struct eap_sm *sm, void *priv, + struct wpabuf *respData) { const u8 *pos; size_t len; @@ -89,10 +89,10 @@ static Boolean eap_identity_check(struct eap_sm *sm, void *priv, respData, &len); if (pos == NULL) { wpa_printf(MSG_INFO, "EAP-Identity: Invalid frame"); - return TRUE; + return true; } - return FALSE; + return false; } @@ -127,7 +127,7 @@ static void eap_identity_process(struct eap_sm *sm, void *priv, os_free(buf); } if (sm->identity) - sm->update_user = TRUE; + sm->update_user = true; os_free(sm->identity); sm->identity = os_malloc(len ? len : 1); if (sm->identity == NULL) { @@ -140,14 +140,14 @@ static void eap_identity_process(struct eap_sm *sm, void *priv, } -static Boolean eap_identity_isDone(struct eap_sm *sm, void *priv) +static bool eap_identity_isDone(struct eap_sm *sm, void *priv) { struct eap_identity_data *data = priv; return data->state != CONTINUE; } -static Boolean eap_identity_isSuccess(struct eap_sm *sm, void *priv) +static bool eap_identity_isSuccess(struct eap_sm *sm, void *priv) { struct eap_identity_data *data = priv; return data->state == SUCCESS; diff --git a/src/eap_server/eap_server_ikev2.c b/src/eap_server/eap_server_ikev2.c index 897637e8..ef3cc8cc 100644 --- a/src/eap_server/eap_server_ikev2.c +++ b/src/eap_server/eap_server_ikev2.c @@ -236,8 +236,8 @@ static struct wpabuf * eap_ikev2_buildReq(struct eap_sm *sm, void *priv, u8 id) } -static Boolean eap_ikev2_check(struct eap_sm *sm, void *priv, - struct wpabuf *respData) +static bool eap_ikev2_check(struct eap_sm *sm, void *priv, + struct wpabuf *respData) { const u8 *pos; size_t len; @@ -246,10 +246,10 @@ static Boolean eap_ikev2_check(struct eap_sm *sm, void *priv, &len); if (pos == NULL) { wpa_printf(MSG_INFO, "EAP-IKEV2: Invalid frame"); - return TRUE; + return true; } - return FALSE; + return false; } @@ -465,14 +465,14 @@ static void eap_ikev2_process(struct eap_sm *sm, void *priv, } -static Boolean eap_ikev2_isDone(struct eap_sm *sm, void *priv) +static bool eap_ikev2_isDone(struct eap_sm *sm, void *priv) { struct eap_ikev2_data *data = priv; return data->state == DONE || data->state == FAIL; } -static Boolean eap_ikev2_isSuccess(struct eap_sm *sm, void *priv) +static bool eap_ikev2_isSuccess(struct eap_sm *sm, void *priv) { struct eap_ikev2_data *data = priv; return data->state == DONE && data->ikev2.state == IKEV2_DONE && diff --git a/src/eap_server/eap_server_md5.c b/src/eap_server/eap_server_md5.c index cf5ceb1d..c9b500cd 100644 --- a/src/eap_server/eap_server_md5.c +++ b/src/eap_server/eap_server_md5.c @@ -73,8 +73,8 @@ static struct wpabuf * eap_md5_buildReq(struct eap_sm *sm, void *priv, u8 id) } -static Boolean eap_md5_check(struct eap_sm *sm, void *priv, - struct wpabuf *respData) +static bool eap_md5_check(struct eap_sm *sm, void *priv, + struct wpabuf *respData) { const u8 *pos; size_t len; @@ -82,16 +82,16 @@ static Boolean eap_md5_check(struct eap_sm *sm, void *priv, pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_MD5, respData, &len); if (pos == NULL || len < 1) { wpa_printf(MSG_INFO, "EAP-MD5: Invalid frame"); - return TRUE; + return true; } if (*pos != CHAP_MD5_LEN || 1 + CHAP_MD5_LEN > len) { wpa_printf(MSG_INFO, "EAP-MD5: Invalid response " "(response_len=%d payload_len=%lu", *pos, (unsigned long) len); - return TRUE; + return true; } - return FALSE; + return false; } @@ -136,14 +136,14 @@ static void eap_md5_process(struct eap_sm *sm, void *priv, } -static Boolean eap_md5_isDone(struct eap_sm *sm, void *priv) +static bool eap_md5_isDone(struct eap_sm *sm, void *priv) { struct eap_md5_data *data = priv; return data->state != CONTINUE; } -static Boolean eap_md5_isSuccess(struct eap_sm *sm, void *priv) +static bool eap_md5_isSuccess(struct eap_sm *sm, void *priv) { struct eap_md5_data *data = priv; return data->state == SUCCESS; diff --git a/src/eap_server/eap_server_mschapv2.c b/src/eap_server/eap_server_mschapv2.c index 8a1621af..9b3eb26e 100644 --- a/src/eap_server/eap_server_mschapv2.c +++ b/src/eap_server/eap_server_mschapv2.c @@ -235,8 +235,8 @@ static struct wpabuf * eap_mschapv2_buildReq(struct eap_sm *sm, void *priv, } -static Boolean eap_mschapv2_check(struct eap_sm *sm, void *priv, - struct wpabuf *respData) +static bool eap_mschapv2_check(struct eap_sm *sm, void *priv, + struct wpabuf *respData) { struct eap_mschapv2_data *data = priv; struct eap_mschapv2_hdr *resp; @@ -247,7 +247,7 @@ static Boolean eap_mschapv2_check(struct eap_sm *sm, void *priv, &len); if (pos == NULL || len < 1) { wpa_printf(MSG_INFO, "EAP-MSCHAPV2: Invalid frame"); - return TRUE; + return true; } resp = (struct eap_mschapv2_hdr *) pos; @@ -255,7 +255,7 @@ static Boolean eap_mschapv2_check(struct eap_sm *sm, void *priv, resp->op_code != MSCHAPV2_OP_RESPONSE) { wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Expected Response - " "ignore op %d", resp->op_code); - return TRUE; + return true; } if (data->state == SUCCESS_REQ && @@ -263,17 +263,17 @@ static Boolean eap_mschapv2_check(struct eap_sm *sm, void *priv, resp->op_code != MSCHAPV2_OP_FAILURE) { wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Expected Success or " "Failure - ignore op %d", resp->op_code); - return TRUE; + return true; } if (data->state == FAILURE_REQ && resp->op_code != MSCHAPV2_OP_FAILURE) { wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Expected Failure " "- ignore op %d", resp->op_code); - return TRUE; + return true; } - return FALSE; + return false; } @@ -531,7 +531,7 @@ static void eap_mschapv2_process(struct eap_sm *sm, void *priv, } -static Boolean eap_mschapv2_isDone(struct eap_sm *sm, void *priv) +static bool eap_mschapv2_isDone(struct eap_sm *sm, void *priv) { struct eap_mschapv2_data *data = priv; return data->state == SUCCESS || data->state == FAILURE; @@ -564,7 +564,7 @@ static u8 * eap_mschapv2_getKey(struct eap_sm *sm, void *priv, size_t *len) } -static Boolean eap_mschapv2_isSuccess(struct eap_sm *sm, void *priv) +static bool eap_mschapv2_isSuccess(struct eap_sm *sm, void *priv) { struct eap_mschapv2_data *data = priv; return data->state == SUCCESS; diff --git a/src/eap_server/eap_server_pax.c b/src/eap_server/eap_server_pax.c index 5ed29efd..fb089d50 100644 --- a/src/eap_server/eap_server_pax.c +++ b/src/eap_server/eap_server_pax.c @@ -195,8 +195,8 @@ static struct wpabuf * eap_pax_buildReq(struct eap_sm *sm, void *priv, u8 id) } -static Boolean eap_pax_check(struct eap_sm *sm, void *priv, - struct wpabuf *respData) +static bool eap_pax_check(struct eap_sm *sm, void *priv, + struct wpabuf *respData) { struct eap_pax_data *data = priv; struct eap_pax_hdr *resp; @@ -207,7 +207,7 @@ static Boolean eap_pax_check(struct eap_sm *sm, void *priv, pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_PAX, respData, &len); if (pos == NULL || len < sizeof(*resp) + EAP_PAX_ICV_LEN) { wpa_printf(MSG_INFO, "EAP-PAX: Invalid frame"); - return TRUE; + return true; } mlen = sizeof(struct eap_hdr) + 1 + len; @@ -225,14 +225,14 @@ static Boolean eap_pax_check(struct eap_sm *sm, void *priv, resp->op_code != EAP_PAX_OP_STD_2) { wpa_printf(MSG_DEBUG, "EAP-PAX: Expected PAX_STD-2 - " "ignore op %d", resp->op_code); - return TRUE; + return true; } if (data->state == PAX_STD_3 && resp->op_code != EAP_PAX_OP_ACK) { wpa_printf(MSG_DEBUG, "EAP-PAX: Expected PAX-ACK - " "ignore op %d", resp->op_code); - return TRUE; + return true; } if (resp->op_code != EAP_PAX_OP_STD_2 && @@ -244,38 +244,38 @@ static Boolean eap_pax_check(struct eap_sm *sm, void *priv, if (data->mac_id != resp->mac_id) { wpa_printf(MSG_DEBUG, "EAP-PAX: Expected MAC ID 0x%x, " "received 0x%x", data->mac_id, resp->mac_id); - return TRUE; + return true; } if (resp->dh_group_id != EAP_PAX_DH_GROUP_NONE) { wpa_printf(MSG_INFO, "EAP-PAX: Expected DH Group ID 0x%x, " "received 0x%x", EAP_PAX_DH_GROUP_NONE, resp->dh_group_id); - return TRUE; + return true; } if (resp->public_key_id != EAP_PAX_PUBLIC_KEY_NONE) { wpa_printf(MSG_INFO, "EAP-PAX: Expected Public Key ID 0x%x, " "received 0x%x", EAP_PAX_PUBLIC_KEY_NONE, resp->public_key_id); - return TRUE; + return true; } if (resp->flags & EAP_PAX_FLAGS_MF) { /* TODO: add support for reassembling fragments */ wpa_printf(MSG_INFO, "EAP-PAX: fragmentation not supported"); - return TRUE; + return true; } if (resp->flags & EAP_PAX_FLAGS_CE) { wpa_printf(MSG_INFO, "EAP-PAX: Unexpected CE flag"); - return TRUE; + return true; } if (data->keys_set) { if (len - sizeof(*resp) < EAP_PAX_ICV_LEN) { wpa_printf(MSG_INFO, "EAP-PAX: No ICV in the packet"); - return TRUE; + return true; } icv = wpabuf_mhead_u8(respData) + mlen - EAP_PAX_ICV_LEN; wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: ICV", icv, EAP_PAX_ICV_LEN); @@ -285,18 +285,18 @@ static Boolean eap_pax_check(struct eap_sm *sm, void *priv, NULL, 0, NULL, 0, icvbuf) < 0) { wpa_printf(MSG_INFO, "EAP-PAX: Failed to calculate ICV"); - return TRUE; + return true; } if (os_memcmp_const(icvbuf, icv, EAP_PAX_ICV_LEN) != 0) { wpa_printf(MSG_INFO, "EAP-PAX: Invalid ICV"); wpa_hexdump(MSG_MSGDUMP, "EAP-PAX: Expected ICV", icvbuf, EAP_PAX_ICV_LEN); - return TRUE; + return true; } } - return FALSE; + return false; } @@ -513,7 +513,7 @@ static void eap_pax_process(struct eap_sm *sm, void *priv, } -static Boolean eap_pax_isDone(struct eap_sm *sm, void *priv) +static bool eap_pax_isDone(struct eap_sm *sm, void *priv) { struct eap_pax_data *data = priv; return data->state == SUCCESS || data->state == FAILURE; @@ -563,7 +563,7 @@ static u8 * eap_pax_get_emsk(struct eap_sm *sm, void *priv, size_t *len) } -static Boolean eap_pax_isSuccess(struct eap_sm *sm, void *priv) +static bool eap_pax_isSuccess(struct eap_sm *sm, void *priv) { struct eap_pax_data *data = priv; return data->state == SUCCESS; diff --git a/src/eap_server/eap_server_peap.c b/src/eap_server/eap_server_peap.c index 02d8b8e8..f234f6fa 100644 --- a/src/eap_server/eap_server_peap.c +++ b/src/eap_server/eap_server_peap.c @@ -569,8 +569,8 @@ static struct wpabuf * eap_peap_buildReq(struct eap_sm *sm, void *priv, u8 id) } -static Boolean eap_peap_check(struct eap_sm *sm, void *priv, - struct wpabuf *respData) +static bool eap_peap_check(struct eap_sm *sm, void *priv, + struct wpabuf *respData) { const u8 *pos; size_t len; @@ -578,10 +578,10 @@ static Boolean eap_peap_check(struct eap_sm *sm, void *priv, pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_PEAP, respData, &len); if (pos == NULL || len < 1) { wpa_printf(MSG_INFO, "EAP-PEAP: Invalid frame"); - return TRUE; + return true; } - return FALSE; + return false; } @@ -1289,7 +1289,7 @@ static void eap_peap_process(struct eap_sm *sm, void *priv, } -static Boolean eap_peap_isDone(struct eap_sm *sm, void *priv) +static bool eap_peap_isDone(struct eap_sm *sm, void *priv) { struct eap_peap_data *data = priv; return data->state == SUCCESS || data->state == FAILURE; @@ -1383,7 +1383,7 @@ static u8 * eap_peap_get_emsk(struct eap_sm *sm, void *priv, size_t *len) } -static Boolean eap_peap_isSuccess(struct eap_sm *sm, void *priv) +static bool eap_peap_isSuccess(struct eap_sm *sm, void *priv) { struct eap_peap_data *data = priv; return data->state == SUCCESS; diff --git a/src/eap_server/eap_server_psk.c b/src/eap_server/eap_server_psk.c index 511973c9..f55f70dd 100644 --- a/src/eap_server/eap_server_psk.c +++ b/src/eap_server/eap_server_psk.c @@ -171,8 +171,8 @@ static struct wpabuf * eap_psk_buildReq(struct eap_sm *sm, void *priv, u8 id) } -static Boolean eap_psk_check(struct eap_sm *sm, void *priv, - struct wpabuf *respData) +static bool eap_psk_check(struct eap_sm *sm, void *priv, + struct wpabuf *respData) { struct eap_psk_data *data = priv; size_t len; @@ -182,7 +182,7 @@ static Boolean eap_psk_check(struct eap_sm *sm, void *priv, pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_PSK, respData, &len); if (pos == NULL || len < 1) { wpa_printf(MSG_INFO, "EAP-PSK: Invalid frame"); - return TRUE; + return true; } t = EAP_PSK_FLAGS_GET_T(*pos); @@ -191,22 +191,22 @@ static Boolean eap_psk_check(struct eap_sm *sm, void *priv, if (data->state == PSK_1 && t != 1) { wpa_printf(MSG_DEBUG, "EAP-PSK: Expected PSK-2 - " "ignore T=%d", t); - return TRUE; + return true; } if (data->state == PSK_3 && t != 3) { wpa_printf(MSG_DEBUG, "EAP-PSK: Expected PSK-4 - " "ignore T=%d", t); - return TRUE; + return true; } if ((t == 1 && len < sizeof(struct eap_psk_hdr_2)) || (t == 3 && len < sizeof(struct eap_psk_hdr_4))) { wpa_printf(MSG_DEBUG, "EAP-PSK: Too short frame"); - return TRUE; + return true; } - return FALSE; + return false; } @@ -433,7 +433,7 @@ static void eap_psk_process(struct eap_sm *sm, void *priv, } -static Boolean eap_psk_isDone(struct eap_sm *sm, void *priv) +static bool eap_psk_isDone(struct eap_sm *sm, void *priv) { struct eap_psk_data *data = priv; return data->state == SUCCESS || data->state == FAILURE; @@ -474,7 +474,7 @@ static u8 * eap_psk_get_emsk(struct eap_sm *sm, void *priv, size_t *len) } -static Boolean eap_psk_isSuccess(struct eap_sm *sm, void *priv) +static bool eap_psk_isSuccess(struct eap_sm *sm, void *priv) { struct eap_psk_data *data = priv; return data->state == SUCCESS; diff --git a/src/eap_server/eap_server_pwd.c b/src/eap_server/eap_server_pwd.c index 6bf3a23d..81cddca6 100644 --- a/src/eap_server/eap_server_pwd.c +++ b/src/eap_server/eap_server_pwd.c @@ -530,8 +530,8 @@ eap_pwd_build_req(struct eap_sm *sm, void *priv, u8 id) } -static Boolean eap_pwd_check(struct eap_sm *sm, void *priv, - struct wpabuf *respData) +static bool eap_pwd_check(struct eap_sm *sm, void *priv, + struct wpabuf *respData) { struct eap_pwd_data *data = priv; const u8 *pos; @@ -540,7 +540,7 @@ static Boolean eap_pwd_check(struct eap_sm *sm, void *priv, pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_PWD, respData, &len); if (pos == NULL || len < 1) { wpa_printf(MSG_INFO, "EAP-pwd: Invalid frame"); - return TRUE; + return true; } wpa_printf(MSG_DEBUG, "EAP-pwd: Received frame: exch = %d, len = %d", @@ -548,20 +548,20 @@ static Boolean eap_pwd_check(struct eap_sm *sm, void *priv, if (data->state == PWD_ID_Req && ((EAP_PWD_GET_EXCHANGE(*pos)) == EAP_PWD_OPCODE_ID_EXCH)) - return FALSE; + return false; if (data->state == PWD_Commit_Req && ((EAP_PWD_GET_EXCHANGE(*pos)) == EAP_PWD_OPCODE_COMMIT_EXCH)) - return FALSE; + return false; if (data->state == PWD_Confirm_Req && ((EAP_PWD_GET_EXCHANGE(*pos)) == EAP_PWD_OPCODE_CONFIRM_EXCH)) - return FALSE; + return false; wpa_printf(MSG_INFO, "EAP-pwd: Unexpected opcode=%d in state=%d", *pos, data->state); - return TRUE; + return true; } @@ -1003,14 +1003,14 @@ static u8 * eap_pwd_get_emsk(struct eap_sm *sm, void *priv, size_t *len) } -static Boolean eap_pwd_is_success(struct eap_sm *sm, void *priv) +static bool eap_pwd_is_success(struct eap_sm *sm, void *priv) { struct eap_pwd_data *data = priv; return data->state == SUCCESS; } -static Boolean eap_pwd_is_done(struct eap_sm *sm, void *priv) +static bool eap_pwd_is_done(struct eap_sm *sm, void *priv) { struct eap_pwd_data *data = priv; return (data->state == SUCCESS) || (data->state == FAILURE); diff --git a/src/eap_server/eap_server_sake.c b/src/eap_server/eap_server_sake.c index 56cfbfb3..8c39e63b 100644 --- a/src/eap_server/eap_server_sake.c +++ b/src/eap_server/eap_server_sake.c @@ -232,8 +232,8 @@ static struct wpabuf * eap_sake_buildReq(struct eap_sm *sm, void *priv, u8 id) } -static Boolean eap_sake_check(struct eap_sm *sm, void *priv, - struct wpabuf *respData) +static bool eap_sake_check(struct eap_sm *sm, void *priv, + struct wpabuf *respData) { struct eap_sake_data *data = priv; struct eap_sake_hdr *resp; @@ -244,7 +244,7 @@ static Boolean eap_sake_check(struct eap_sm *sm, void *priv, pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_SAKE, respData, &len); if (pos == NULL || len < sizeof(struct eap_sake_hdr)) { wpa_printf(MSG_INFO, "EAP-SAKE: Invalid frame"); - return TRUE; + return true; } resp = (struct eap_sake_hdr *) pos; @@ -254,33 +254,33 @@ static Boolean eap_sake_check(struct eap_sm *sm, void *priv, if (version != EAP_SAKE_VERSION) { wpa_printf(MSG_INFO, "EAP-SAKE: Unknown version %d", version); - return TRUE; + return true; } if (session_id != data->session_id) { wpa_printf(MSG_INFO, "EAP-SAKE: Session ID mismatch (%d,%d)", session_id, data->session_id); - return TRUE; + return true; } wpa_printf(MSG_DEBUG, "EAP-SAKE: Received frame: subtype=%d", subtype); if (data->state == IDENTITY && subtype == EAP_SAKE_SUBTYPE_IDENTITY) - return FALSE; + return false; if (data->state == CHALLENGE && subtype == EAP_SAKE_SUBTYPE_CHALLENGE) - return FALSE; + return false; if (data->state == CONFIRM && subtype == EAP_SAKE_SUBTYPE_CONFIRM) - return FALSE; + return false; if (subtype == EAP_SAKE_SUBTYPE_AUTH_REJECT) - return FALSE; + return false; wpa_printf(MSG_INFO, "EAP-SAKE: Unexpected subtype=%d in state=%d", subtype, data->state); - return TRUE; + return true; } @@ -456,7 +456,7 @@ static void eap_sake_process(struct eap_sm *sm, void *priv, } -static Boolean eap_sake_isDone(struct eap_sm *sm, void *priv) +static bool eap_sake_isDone(struct eap_sm *sm, void *priv) { struct eap_sake_data *data = priv; return data->state == SUCCESS || data->state == FAILURE; @@ -497,7 +497,7 @@ static u8 * eap_sake_get_emsk(struct eap_sm *sm, void *priv, size_t *len) } -static Boolean eap_sake_isSuccess(struct eap_sm *sm, void *priv) +static bool eap_sake_isSuccess(struct eap_sm *sm, void *priv) { struct eap_sake_data *data = priv; return data->state == SUCCESS; diff --git a/src/eap_server/eap_server_sim.c b/src/eap_server/eap_server_sim.c index d7ac87ce..8a682896 100644 --- a/src/eap_server/eap_server_sim.c +++ b/src/eap_server/eap_server_sim.c @@ -360,8 +360,8 @@ static struct wpabuf * eap_sim_buildReq(struct eap_sm *sm, void *priv, u8 id) } -static Boolean eap_sim_check(struct eap_sm *sm, void *priv, - struct wpabuf *respData) +static bool eap_sim_check(struct eap_sm *sm, void *priv, + struct wpabuf *respData) { const u8 *pos; size_t len; @@ -369,55 +369,55 @@ static Boolean eap_sim_check(struct eap_sm *sm, void *priv, pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_SIM, respData, &len); if (pos == NULL || len < 3) { wpa_printf(MSG_INFO, "EAP-SIM: Invalid frame"); - return TRUE; + return true; } - return FALSE; + return false; } -static Boolean eap_sim_unexpected_subtype(struct eap_sim_data *data, - u8 subtype) +static bool eap_sim_unexpected_subtype(struct eap_sim_data *data, + u8 subtype) { if (subtype == EAP_SIM_SUBTYPE_CLIENT_ERROR) - return FALSE; + return false; switch (data->state) { case START: if (subtype != EAP_SIM_SUBTYPE_START) { wpa_printf(MSG_INFO, "EAP-SIM: Unexpected response " "subtype %d", subtype); - return TRUE; + return true; } break; case CHALLENGE: if (subtype != EAP_SIM_SUBTYPE_CHALLENGE) { wpa_printf(MSG_INFO, "EAP-SIM: Unexpected response " "subtype %d", subtype); - return TRUE; + return true; } break; case REAUTH: if (subtype != EAP_SIM_SUBTYPE_REAUTHENTICATION) { wpa_printf(MSG_INFO, "EAP-SIM: Unexpected response " "subtype %d", subtype); - return TRUE; + return true; } break; case NOTIFICATION: if (subtype != EAP_SIM_SUBTYPE_NOTIFICATION) { wpa_printf(MSG_INFO, "EAP-SIM: Unexpected response " "subtype %d", subtype); - return TRUE; + return true; } break; default: wpa_printf(MSG_INFO, "EAP-SIM: Unexpected state (%d) for " "processing a response", data->state); - return TRUE; + return true; } - return FALSE; + return false; } @@ -794,7 +794,7 @@ static void eap_sim_process(struct eap_sm *sm, void *priv, } -static Boolean eap_sim_isDone(struct eap_sm *sm, void *priv) +static bool eap_sim_isDone(struct eap_sm *sm, void *priv) { struct eap_sim_data *data = priv; return data->state == SUCCESS || data->state == FAILURE; @@ -833,7 +833,7 @@ static u8 * eap_sim_get_emsk(struct eap_sm *sm, void *priv, size_t *len) } -static Boolean eap_sim_isSuccess(struct eap_sm *sm, void *priv) +static bool eap_sim_isSuccess(struct eap_sm *sm, void *priv) { struct eap_sim_data *data = priv; return data->state == SUCCESS; diff --git a/src/eap_server/eap_server_teap.c b/src/eap_server/eap_server_teap.c index a2cbf7a7..d7b1b099 100644 --- a/src/eap_server/eap_server_teap.c +++ b/src/eap_server/eap_server_teap.c @@ -965,8 +965,8 @@ static struct wpabuf * eap_teap_buildReq(struct eap_sm *sm, void *priv, u8 id) } -static Boolean eap_teap_check(struct eap_sm *sm, void *priv, - struct wpabuf *respData) +static bool eap_teap_check(struct eap_sm *sm, void *priv, + struct wpabuf *respData) { const u8 *pos; size_t len; @@ -974,10 +974,10 @@ static Boolean eap_teap_check(struct eap_sm *sm, void *priv, pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_TEAP, respData, &len); if (!pos || len < 1) { wpa_printf(MSG_INFO, "EAP-TEAP: Invalid frame"); - return TRUE; + return true; } - return FALSE; + return false; } @@ -1974,7 +1974,7 @@ static void eap_teap_process(struct eap_sm *sm, void *priv, } -static Boolean eap_teap_isDone(struct eap_sm *sm, void *priv) +static bool eap_teap_isDone(struct eap_sm *sm, void *priv) { struct eap_teap_data *data = priv; @@ -2032,7 +2032,7 @@ static u8 * eap_teap_get_emsk(struct eap_sm *sm, void *priv, size_t *len) } -static Boolean eap_teap_isSuccess(struct eap_sm *sm, void *priv) +static bool eap_teap_isSuccess(struct eap_sm *sm, void *priv) { struct eap_teap_data *data = priv; diff --git a/src/eap_server/eap_server_tls.c b/src/eap_server/eap_server_tls.c index c64cebb4..769fd1fe 100644 --- a/src/eap_server/eap_server_tls.c +++ b/src/eap_server/eap_server_tls.c @@ -226,8 +226,8 @@ check_established: } -static Boolean eap_tls_check(struct eap_sm *sm, void *priv, - struct wpabuf *respData) +static bool eap_tls_check(struct eap_sm *sm, void *priv, + struct wpabuf *respData) { struct eap_tls_data *data = priv; const u8 *pos; @@ -246,10 +246,10 @@ static Boolean eap_tls_check(struct eap_sm *sm, void *priv, respData, &len); if (pos == NULL || len < 1) { wpa_printf(MSG_INFO, "EAP-TLS: Invalid frame"); - return TRUE; + return true; } - return FALSE; + return false; } @@ -346,7 +346,7 @@ static void eap_tls_process(struct eap_sm *sm, void *priv, } -static Boolean eap_tls_isDone(struct eap_sm *sm, void *priv) +static bool eap_tls_isDone(struct eap_sm *sm, void *priv) { struct eap_tls_data *data = priv; return data->state == SUCCESS || data->state == FAILURE; @@ -431,7 +431,7 @@ static u8 * eap_tls_get_emsk(struct eap_sm *sm, void *priv, size_t *len) } -static Boolean eap_tls_isSuccess(struct eap_sm *sm, void *priv) +static bool eap_tls_isSuccess(struct eap_sm *sm, void *priv) { struct eap_tls_data *data = priv; return data->state == SUCCESS; diff --git a/src/eap_server/eap_server_tnc.c b/src/eap_server/eap_server_tnc.c index f6cdcb1e..36fb5c34 100644 --- a/src/eap_server/eap_server_tnc.c +++ b/src/eap_server/eap_server_tnc.c @@ -320,8 +320,8 @@ static struct wpabuf * eap_tnc_buildReq(struct eap_sm *sm, void *priv, u8 id) } -static Boolean eap_tnc_check(struct eap_sm *sm, void *priv, - struct wpabuf *respData) +static bool eap_tnc_check(struct eap_sm *sm, void *priv, + struct wpabuf *respData) { struct eap_tnc_data *data = priv; const u8 *pos; @@ -331,29 +331,29 @@ static Boolean eap_tnc_check(struct eap_sm *sm, void *priv, &len); if (pos == NULL) { wpa_printf(MSG_INFO, "EAP-TNC: Invalid frame"); - return TRUE; + return true; } if (len == 0 && data->state != WAIT_FRAG_ACK) { wpa_printf(MSG_INFO, "EAP-TNC: Invalid frame (empty)"); - return TRUE; + return true; } if (len == 0) - return FALSE; /* Fragment ACK does not include flags */ + return false; /* Fragment ACK does not include flags */ if ((*pos & EAP_TNC_VERSION_MASK) != EAP_TNC_VERSION) { wpa_printf(MSG_DEBUG, "EAP-TNC: Unsupported version %d", *pos & EAP_TNC_VERSION_MASK); - return TRUE; + return true; } if (*pos & EAP_TNC_FLAGS_START) { wpa_printf(MSG_DEBUG, "EAP-TNC: Peer used Start flag"); - return TRUE; + return true; } - return FALSE; + return false; } @@ -537,14 +537,14 @@ static void eap_tnc_process(struct eap_sm *sm, void *priv, } -static Boolean eap_tnc_isDone(struct eap_sm *sm, void *priv) +static bool eap_tnc_isDone(struct eap_sm *sm, void *priv) { struct eap_tnc_data *data = priv; return data->state == DONE || data->state == FAIL; } -static Boolean eap_tnc_isSuccess(struct eap_sm *sm, void *priv) +static bool eap_tnc_isSuccess(struct eap_sm *sm, void *priv) { struct eap_tnc_data *data = priv; return data->state == DONE; diff --git a/src/eap_server/eap_server_ttls.c b/src/eap_server/eap_server_ttls.c index 721835db..2f0c041d 100644 --- a/src/eap_server/eap_server_ttls.c +++ b/src/eap_server/eap_server_ttls.c @@ -509,8 +509,8 @@ static struct wpabuf * eap_ttls_buildReq(struct eap_sm *sm, void *priv, u8 id) } -static Boolean eap_ttls_check(struct eap_sm *sm, void *priv, - struct wpabuf *respData) +static bool eap_ttls_check(struct eap_sm *sm, void *priv, + struct wpabuf *respData) { const u8 *pos; size_t len; @@ -518,10 +518,10 @@ static Boolean eap_ttls_check(struct eap_sm *sm, void *priv, pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_TTLS, respData, &len); if (pos == NULL || len < 1) { wpa_printf(MSG_INFO, "EAP-TTLS: Invalid frame"); - return TRUE; + return true; } - return FALSE; + return false; } @@ -1260,7 +1260,7 @@ static void eap_ttls_process(struct eap_sm *sm, void *priv, } -static Boolean eap_ttls_isDone(struct eap_sm *sm, void *priv) +static bool eap_ttls_isDone(struct eap_sm *sm, void *priv) { struct eap_ttls_data *data = priv; return data->state == SUCCESS || data->state == FAILURE; @@ -1290,7 +1290,7 @@ static u8 * eap_ttls_getKey(struct eap_sm *sm, void *priv, size_t *len) } -static Boolean eap_ttls_isSuccess(struct eap_sm *sm, void *priv) +static bool eap_ttls_isSuccess(struct eap_sm *sm, void *priv) { struct eap_ttls_data *data = priv; return data->state == SUCCESS; diff --git a/src/eap_server/eap_server_vendor_test.c b/src/eap_server/eap_server_vendor_test.c index 96399775..77860411 100644 --- a/src/eap_server/eap_server_vendor_test.c +++ b/src/eap_server/eap_server_vendor_test.c @@ -88,8 +88,8 @@ static struct wpabuf * eap_vendor_test_buildReq(struct eap_sm *sm, void *priv, } -static Boolean eap_vendor_test_check(struct eap_sm *sm, void *priv, - struct wpabuf *respData) +static bool eap_vendor_test_check(struct eap_sm *sm, void *priv, + struct wpabuf *respData) { const u8 *pos; size_t len; @@ -97,10 +97,10 @@ static Boolean eap_vendor_test_check(struct eap_sm *sm, void *priv, pos = eap_hdr_validate(EAP_VENDOR_ID, EAP_VENDOR_TYPE, respData, &len); if (pos == NULL || len < 1) { wpa_printf(MSG_INFO, "EAP-VENDOR-TEST: Invalid frame"); - return TRUE; + return true; } - return FALSE; + return false; } @@ -130,7 +130,7 @@ static void eap_vendor_test_process(struct eap_sm *sm, void *priv, } -static Boolean eap_vendor_test_isDone(struct eap_sm *sm, void *priv) +static bool eap_vendor_test_isDone(struct eap_sm *sm, void *priv) { struct eap_vendor_test_data *data = priv; return data->state == SUCCESS; @@ -158,7 +158,7 @@ static u8 * eap_vendor_test_getKey(struct eap_sm *sm, void *priv, size_t *len) } -static Boolean eap_vendor_test_isSuccess(struct eap_sm *sm, void *priv) +static bool eap_vendor_test_isSuccess(struct eap_sm *sm, void *priv) { struct eap_vendor_test_data *data = priv; return data->state == SUCCESS; diff --git a/src/eap_server/eap_server_wsc.c b/src/eap_server/eap_server_wsc.c index 364c089a..fc70cf19 100644 --- a/src/eap_server/eap_server_wsc.c +++ b/src/eap_server/eap_server_wsc.c @@ -270,8 +270,8 @@ static struct wpabuf * eap_wsc_buildReq(struct eap_sm *sm, void *priv, u8 id) } -static Boolean eap_wsc_check(struct eap_sm *sm, void *priv, - struct wpabuf *respData) +static bool eap_wsc_check(struct eap_sm *sm, void *priv, + struct wpabuf *respData) { const u8 *pos; size_t len; @@ -280,10 +280,10 @@ static Boolean eap_wsc_check(struct eap_sm *sm, void *priv, respData, &len); if (pos == NULL || len < 2) { wpa_printf(MSG_INFO, "EAP-WSC: Invalid frame"); - return TRUE; + return true; } - return FALSE; + return false; } @@ -462,17 +462,17 @@ static void eap_wsc_process(struct eap_sm *sm, void *priv, } -static Boolean eap_wsc_isDone(struct eap_sm *sm, void *priv) +static bool eap_wsc_isDone(struct eap_sm *sm, void *priv) { struct eap_wsc_data *data = priv; return data->state == FAIL; } -static Boolean eap_wsc_isSuccess(struct eap_sm *sm, void *priv) +static bool eap_wsc_isSuccess(struct eap_sm *sm, void *priv) { /* EAP-WSC will always result in EAP-Failure */ - return FALSE; + return false; } diff --git a/src/l2_packet/l2_packet.h b/src/l2_packet/l2_packet.h index 53871774..6a862806 100644 --- a/src/l2_packet/l2_packet.h +++ b/src/l2_packet/l2_packet.h @@ -61,6 +61,10 @@ enum l2_packet_filter_type { * points to len bytes of the payload after the layer 2 header and similarly, * TX buffers start with payload. This behavior can be changed by setting * l2_hdr=1 to include the layer 2 header in the data buffer. + * + * IF rx_callback is NULL, receive operation is not opened at all, i.e., only + * the TX path and additional helper functions for fetching MAC and IP + * addresses can be used. */ struct l2_packet_data * l2_packet_init( const char *ifname, const u8 *own_addr, unsigned short protocol, diff --git a/src/l2_packet/l2_packet_freebsd.c b/src/l2_packet/l2_packet_freebsd.c index aa836482..60de9fe6 100644 --- a/src/l2_packet/l2_packet_freebsd.c +++ b/src/l2_packet/l2_packet_freebsd.c @@ -84,7 +84,7 @@ static void l2_packet_receive(int sock, void *eloop_ctx, void *sock_ctx) packet = pcap_next(pcap, &hdr); - if (packet == NULL || hdr.caplen < sizeof(*ethhdr)) + if (!l2->rx_callback || !packet || hdr.caplen < sizeof(*ethhdr)) return; ethhdr = (struct l2_ethhdr *) packet; diff --git a/src/l2_packet/l2_packet_linux.c b/src/l2_packet/l2_packet_linux.c index 138dcafc..7897bc02 100644 --- a/src/l2_packet/l2_packet_linux.c +++ b/src/l2_packet/l2_packet_linux.c @@ -312,7 +312,8 @@ struct l2_packet_data * l2_packet_init( ll.sll_family = PF_PACKET; ll.sll_ifindex = ifr.ifr_ifindex; ll.sll_protocol = htons(protocol); - if (bind(l2->fd, (struct sockaddr *) &ll, sizeof(ll)) < 0) { + if (rx_callback && + bind(l2->fd, (struct sockaddr *) &ll, sizeof(ll)) < 0) { wpa_printf(MSG_ERROR, "%s: bind[PF_PACKET]: %s", __func__, strerror(errno)); close(l2->fd); @@ -329,7 +330,8 @@ struct l2_packet_data * l2_packet_init( } os_memcpy(l2->own_addr, ifr.ifr_hwaddr.sa_data, ETH_ALEN); - eloop_register_read_sock(l2->fd, l2_packet_receive, l2, NULL); + if (rx_callback) + eloop_register_read_sock(l2->fd, l2_packet_receive, l2, NULL); return l2; } diff --git a/src/l2_packet/l2_packet_ndis.c b/src/l2_packet/l2_packet_ndis.c index 71677816..4a4b639f 100644 --- a/src/l2_packet/l2_packet_ndis.c +++ b/src/l2_packet/l2_packet_ndis.c @@ -294,7 +294,8 @@ static void l2_packet_callback(struct l2_packet_data *l2) } rx_src = ethhdr->h_source; - l2->rx_callback(l2->rx_callback_ctx, rx_src, rx_buf, rx_len); + if (l2->rx_callback) + l2->rx_callback(l2->rx_callback_ctx, rx_src, rx_buf, rx_len); #ifndef _WIN32_WCE l2_ndisuio_start_read(l2, 1); #endif /* _WIN32_WCE */ diff --git a/src/l2_packet/l2_packet_none.c b/src/l2_packet/l2_packet_none.c index 307fc6da..bc7a4e82 100644 --- a/src/l2_packet/l2_packet_none.c +++ b/src/l2_packet/l2_packet_none.c @@ -84,7 +84,7 @@ struct l2_packet_data * l2_packet_init( * TODO: open connection for receiving frames */ l2->fd = -1; - if (l2->fd >= 0) + if (rx_callback && l2->fd >= 0) eloop_register_read_sock(l2->fd, l2_packet_receive, l2, NULL); return l2; @@ -112,7 +112,7 @@ void l2_packet_deinit(struct l2_packet_data *l2) eloop_unregister_read_sock(l2->fd); /* TODO: close connection */ } - + os_free(l2); } diff --git a/src/l2_packet/l2_packet_pcap.c b/src/l2_packet/l2_packet_pcap.c index 423c099f..c2b17fcf 100644 --- a/src/l2_packet/l2_packet_pcap.c +++ b/src/l2_packet/l2_packet_pcap.c @@ -127,7 +127,7 @@ static void l2_packet_receive(int sock, void *eloop_ctx, void *sock_ctx) packet = pcap_next(pcap, &hdr); - if (packet == NULL || hdr.caplen < sizeof(*ethhdr)) + if (!l2->rx_callback || !packet || hdr.caplen < sizeof(*ethhdr)) return; ethhdr = (struct l2_ethhdr *) packet; @@ -152,7 +152,7 @@ static void l2_packet_receive_cb(u_char *user, const struct pcap_pkthdr *hdr, unsigned char *buf; size_t len; - if (pkt_data == NULL || hdr->caplen < sizeof(*ethhdr)) + if (!l2->rx_callback || !pkt_data || hdr->caplen < sizeof(*ethhdr)) return; ethhdr = (struct l2_ethhdr *) pkt_data; diff --git a/src/l2_packet/l2_packet_privsep.c b/src/l2_packet/l2_packet_privsep.c index ce86802c..014a45f3 100644 --- a/src/l2_packet/l2_packet_privsep.c +++ b/src/l2_packet/l2_packet_privsep.c @@ -216,7 +216,8 @@ struct l2_packet_data * l2_packet_init( } os_memcpy(l2->own_addr, reply, ETH_ALEN); - eloop_register_read_sock(l2->fd, l2_packet_receive, l2, NULL); + if (rx_callback) + eloop_register_read_sock(l2->fd, l2_packet_receive, l2, NULL); return l2; diff --git a/src/l2_packet/l2_packet_winpcap.c b/src/l2_packet/l2_packet_winpcap.c index 74085a31..3452051f 100644 --- a/src/l2_packet/l2_packet_winpcap.c +++ b/src/l2_packet/l2_packet_winpcap.c @@ -224,6 +224,9 @@ struct l2_packet_data * l2_packet_init( return NULL; } + if (!rx_callback) + return l2; + l2->rx_avail = CreateEvent(NULL, TRUE, FALSE, NULL); l2->rx_done = CreateEvent(NULL, TRUE, FALSE, NULL); l2->rx_notify = CreateEvent(NULL, TRUE, FALSE, NULL); diff --git a/src/rsn_supp/wpa.c b/src/rsn_supp/wpa.c index 166d6eeb..3ce5327d 100644 --- a/src/rsn_supp/wpa.c +++ b/src/rsn_supp/wpa.c @@ -3252,6 +3252,11 @@ int wpa_sm_set_param(struct wpa_sm *sm, enum wpa_sm_conf_params param, case WPA_PARAM_USE_EXT_KEY_ID: sm->use_ext_key_id = value; break; +#ifdef CONFIG_TESTING_OPTIONS + case WPA_PARAM_FT_RSNXE_USED: + sm->ft_rsnxe_used = value; + break; +#endif /* CONFIG_TESTING_OPTIONS */ default: break; } diff --git a/src/rsn_supp/wpa.h b/src/rsn_supp/wpa.h index 796f3920..0986c6c6 100644 --- a/src/rsn_supp/wpa.h +++ b/src/rsn_supp/wpa.h @@ -106,6 +106,7 @@ enum wpa_sm_conf_params { WPA_PARAM_DENY_PTK0_REKEY, WPA_PARAM_EXT_KEY_ID, WPA_PARAM_USE_EXT_KEY_ID, + WPA_PARAM_FT_RSNXE_USED, }; struct rsn_supp_config { diff --git a/src/rsn_supp/wpa_ft.c b/src/rsn_supp/wpa_ft.c index 203a61c7..3e51cf2a 100644 --- a/src/rsn_supp/wpa_ft.c +++ b/src/rsn_supp/wpa_ft.c @@ -305,6 +305,13 @@ static u8 * wpa_ft_gen_req_ies(struct wpa_sm *sm, size_t *len, ftie_len = pos++; rsnxe_used = wpa_key_mgmt_sae(sm->key_mgmt) && anonce && (sm->sae_pwe == 1 || sm->sae_pwe == 2); +#ifdef CONFIG_TESTING_OPTIONS + if (anonce && sm->ft_rsnxe_used) { + rsnxe_used = sm->ft_rsnxe_used == 1; + wpa_printf(MSG_DEBUG, "TESTING: FT: Force RSNXE Used %d", + rsnxe_used); + } +#endif /* CONFIG_TESTING_OPTIONS */ if (wpa_key_mgmt_sha384(sm->key_mgmt)) { struct rsn_ftie_sha384 *ftie; diff --git a/src/rsn_supp/wpa_i.h b/src/rsn_supp/wpa_i.h index 1ad75dcf..497d1288 100644 --- a/src/rsn_supp/wpa_i.h +++ b/src/rsn_supp/wpa_i.h @@ -153,6 +153,7 @@ struct wpa_sm { #ifdef CONFIG_TESTING_OPTIONS struct wpabuf *test_assoc_ie; + int ft_rsnxe_used; #endif /* CONFIG_TESTING_OPTIONS */ #ifdef CONFIG_FILS diff --git a/src/tls/pkcs1.c b/src/tls/pkcs1.c index 141ac50d..654c01b7 100644 --- a/src/tls/pkcs1.c +++ b/src/tls/pkcs1.c @@ -157,6 +157,7 @@ int pkcs1_decrypt_public_key(struct crypto_rsa_key *key, plain[0] != 0x00 || plain[1] != 0x01) { wpa_printf(MSG_INFO, "LibTomCrypt: Invalid signature EB " "structure"); + wpa_hexdump_key(MSG_DEBUG, "Signature EB", plain, len); return -1; } @@ -165,6 +166,7 @@ int pkcs1_decrypt_public_key(struct crypto_rsa_key *key, if (plain[2] != 0xff) { wpa_printf(MSG_INFO, "LibTomCrypt: Invalid signature " "PS (BT=01)"); + wpa_hexdump_key(MSG_DEBUG, "Signature EB", plain, len); return -1; } while (pos < plain + len && *pos == 0xff) @@ -174,12 +176,14 @@ int pkcs1_decrypt_public_key(struct crypto_rsa_key *key, /* PKCS #1 v1.5, 8.1: At least eight octets long PS */ wpa_printf(MSG_INFO, "LibTomCrypt: Too short signature " "padding"); + wpa_hexdump_key(MSG_DEBUG, "Signature EB", plain, len); return -1; } if (pos + 16 /* min hash len */ >= plain + len || *pos != 0x00) { wpa_printf(MSG_INFO, "LibTomCrypt: Invalid signature EB " "structure (2)"); + wpa_hexdump_key(MSG_DEBUG, "Signature EB", plain, len); return -1; } pos++; diff --git a/src/tls/x509v3.c b/src/tls/x509v3.c index 5c8ac567..d2e685cb 100644 --- a/src/tls/x509v3.c +++ b/src/tls/x509v3.c @@ -264,7 +264,8 @@ static int x509_parse_public_key(const u8 *buf, size_t len, return -1; pos = hdr.payload; if (*pos) { - wpa_printf(MSG_DEBUG, "X509: BITSTRING - %d unused bits", + wpa_printf(MSG_DEBUG, + "X509: BITSTRING (subjectPublicKey) - %d unused bits", *pos); /* * TODO: should this be rejected? X.509 certificates are @@ -1851,7 +1852,8 @@ struct x509_certificate * x509_certificate_parse(const u8 *buf, size_t len) } pos = hdr.payload; if (*pos) { - wpa_printf(MSG_DEBUG, "X509: BITSTRING - %d unused bits", + wpa_printf(MSG_DEBUG, + "X509: BITSTRING (signatureValue) - %d unused bits", *pos); /* PKCS #1 v1.5 10.2.1: * It is an error if the length in bits of the signature S is diff --git a/src/utils/includes.h b/src/utils/includes.h index 75513fc8..741fc9c1 100644 --- a/src/utils/includes.h +++ b/src/utils/includes.h @@ -18,6 +18,7 @@ #include <stdlib.h> #include <stddef.h> +#include <stdbool.h> #include <stdio.h> #include <stdarg.h> #include <string.h> diff --git a/src/wps/wps_attr_build.c b/src/wps/wps_attr_build.c index 5ec7133a..f3722567 100644 --- a/src/wps/wps_attr_build.c +++ b/src/wps/wps_attr_build.c @@ -310,6 +310,9 @@ int wps_build_auth_type_flags(struct wps_data *wps, struct wpabuf *msg) auth_types &= ~WPS_AUTH_WPA; auth_types &= ~WPS_AUTH_WPA2; auth_types &= ~WPS_AUTH_SHARED; +#ifdef CONFIG_NO_TKIP + auth_types &= ~WPS_AUTH_WPAPSK; +#endif /* CONFIG_NO_TKIP */ #ifdef CONFIG_WPS_TESTING if (wps_force_auth_types_in_use) { wpa_printf(MSG_DEBUG, @@ -331,6 +334,9 @@ int wps_build_encr_type_flags(struct wps_data *wps, struct wpabuf *msg) { u16 encr_types = WPS_ENCR_TYPES; encr_types &= ~WPS_ENCR_WEP; +#ifdef CONFIG_NO_TKIP + encr_types &= ~WPS_ENCR_TKIP; +#endif /* CONFIG_NO_TKIP */ #ifdef CONFIG_WPS_TESTING if (wps_force_encr_types_in_use) { wpa_printf(MSG_DEBUG, diff --git a/src/wps/wps_enrollee.c b/src/wps/wps_enrollee.c index 80ed603f..819cd43f 100644 --- a/src/wps/wps_enrollee.c +++ b/src/wps/wps_enrollee.c @@ -880,6 +880,17 @@ static int wps_process_ap_settings_e(struct wps_data *wps, cred.auth_type |= WPS_AUTH_WPA2PSK; } +#ifdef CONFIG_NO_TKIP + if (cred.encr_type & WPS_ENCR_TKIP) { + wpa_printf(MSG_DEBUG, "WPS: Disable encr_type TKIP"); + cred.encr_type &= ~WPS_ENCR_TKIP; + } + if (cred.auth_type & WPS_AUTH_WPAPSK) { + wpa_printf(MSG_DEBUG, "WPS: Disable auth_type WPAPSK"); + cred.auth_type &= ~WPS_AUTH_WPAPSK; + } +#endif /* CONFIG_NO_TKIP */ + if (wps->wps->cred_cb) { cred.cred_attr = wpabuf_head(attrs); cred.cred_attr_len = wpabuf_len(attrs); diff --git a/src/wps/wps_registrar.c b/src/wps/wps_registrar.c index 9ee89ae3..9e1ee36d 100644 --- a/src/wps/wps_registrar.c +++ b/src/wps/wps_registrar.c @@ -1677,8 +1677,10 @@ int wps_build_cred(struct wps_data *wps, struct wpabuf *msg) wps->wps->auth_types, wps->auth_type); if (wps->auth_type & WPS_AUTH_WPA2PSK) wps->auth_type = WPS_AUTH_WPA2PSK; +#ifndef CONFIG_NO_TKIP else if (wps->auth_type & WPS_AUTH_WPAPSK) wps->auth_type = WPS_AUTH_WPAPSK; +#endif /* CONFIG_NO_TKIP */ else if (wps->auth_type & WPS_AUTH_OPEN) wps->auth_type = WPS_AUTH_OPEN; else { @@ -1700,8 +1702,10 @@ int wps_build_cred(struct wps_data *wps, struct wpabuf *msg) wps->auth_type == WPS_AUTH_WPAPSK) { if (wps->encr_type & WPS_ENCR_AES) wps->encr_type = WPS_ENCR_AES; +#ifndef CONFIG_NO_TKIP else if (wps->encr_type & WPS_ENCR_TKIP) wps->encr_type = WPS_ENCR_TKIP; +#endif /* CONFIG_NO_TKIP */ else { wpa_printf(MSG_DEBUG, "WPS: No suitable encryption " "type for WPA/WPA2"); diff --git a/wpa_supplicant/Android.mk b/wpa_supplicant/Android.mk index 65c639b6..37432d9a 100644 --- a/wpa_supplicant/Android.mk +++ b/wpa_supplicant/Android.mk @@ -267,6 +267,7 @@ L_CFLAGS += -DCONFIG_SAE OBJS += src/common/sae.c NEED_ECC=y NEED_DH_GROUPS=y +NEED_HMAC_SHA256_KDF=y NEED_DRAGONFLY=y ifdef CONFIG_TESTING_OPTIONS NEED_DH_GROUPS_ALL=y @@ -420,6 +421,10 @@ ifdef CONFIG_WEP L_CFLAGS += -DCONFIG_WEP endif +ifdef CONFIG_NO_TKIP +L_CFLAGS += -DCONFIG_NO_TKIP +endif + include $(LOCAL_PATH)/src/drivers/drivers.mk diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile index 45f673ee..738b0bd8 100644 --- a/wpa_supplicant/Makefile +++ b/wpa_supplicant/Makefile @@ -269,6 +269,7 @@ CFLAGS += -DCONFIG_SAE OBJS += ../src/common/sae.o NEED_ECC=y NEED_DH_GROUPS=y +NEED_HMAC_SHA256_KDF=y NEED_DRAGONFLY=y ifdef CONFIG_TESTING_OPTIONS NEED_DH_GROUPS_ALL=y @@ -1855,6 +1856,10 @@ ifdef CONFIG_WEP CFLAGS += -DCONFIG_WEP endif +ifdef CONFIG_NO_TKIP +CFLAGS += -DCONFIG_NO_TKIP +endif + ifndef LDO LDO=$(CC) endif diff --git a/wpa_supplicant/config_ssid.h b/wpa_supplicant/config_ssid.h index a186ab9f..6737223f 100644 --- a/wpa_supplicant/config_ssid.h +++ b/wpa_supplicant/config_ssid.h @@ -18,8 +18,13 @@ EAPOL_FLAG_REQUIRE_KEY_BROADCAST) #define DEFAULT_PROTO (WPA_PROTO_WPA | WPA_PROTO_RSN) #define DEFAULT_KEY_MGMT (WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_IEEE8021X) +#ifdef CONFIG_NO_TKIP +#define DEFAULT_PAIRWISE (WPA_CIPHER_CCMP) +#define DEFAULT_GROUP (WPA_CIPHER_CCMP) +#else /* CONFIG_NO_TKIP */ #define DEFAULT_PAIRWISE (WPA_CIPHER_CCMP | WPA_CIPHER_TKIP) #define DEFAULT_GROUP (WPA_CIPHER_CCMP | WPA_CIPHER_TKIP) +#endif /* CONFIG_NO_TKIP */ #define DEFAULT_FRAGMENT_SIZE 1398 #define DEFAULT_BG_SCAN_PERIOD -1 diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c index 7301d50f..541de758 100644 --- a/wpa_supplicant/ctrl_iface.c +++ b/wpa_supplicant/ctrl_iface.c @@ -747,6 +747,8 @@ static int wpa_supplicant_ctrl_iface_set(struct wpa_supplicant *wpa_s, break; pos++; } + } else if (os_strcasecmp(cmd, "ft_rsnxe_used") == 0) { + wpa_s->ft_rsnxe_used = atoi(value); } else if (os_strcasecmp(cmd, "rsne_override_eapol") == 0) { wpabuf_free(wpa_s->rsne_override_eapol); if (os_strcmp(value, "NULL") == 0) @@ -3957,7 +3959,9 @@ static const struct cipher_info ciphers[] = { { WPA_DRIVER_CAPA_ENC_GCMP_256, "GCMP-256", 0 }, { WPA_DRIVER_CAPA_ENC_CCMP, "CCMP", 0 }, { WPA_DRIVER_CAPA_ENC_GCMP, "GCMP", 0 }, +#ifndef CONFIG_NO_TKIP { WPA_DRIVER_CAPA_ENC_TKIP, "TKIP", 0 }, +#endif /* CONFIG_NO_TKIP */ { WPA_DRIVER_CAPA_KEY_MGMT_WPA_NONE, "NONE", 0 }, #ifdef CONFIG_WEP { WPA_DRIVER_CAPA_ENC_WEP104, "WEP104", 1 }, @@ -3988,7 +3992,11 @@ static int ctrl_iface_get_capability_pairwise(int res, char *strict, if (res < 0) { if (strict) return 0; +#ifdef CONFIG_NO_TKIP + len = os_strlcpy(buf, "CCMP NONE", buflen); +#else /* CONFIG_NO_TKIP */ len = os_strlcpy(buf, "CCMP TKIP NONE", buflen); +#endif /* CONFIG_NO_TKIP */ if (len >= buflen) return -1; return len; @@ -4025,9 +4033,17 @@ static int ctrl_iface_get_capability_group(int res, char *strict, if (strict) return 0; #ifdef CONFIG_WEP +#ifdef CONFIG_NO_TKIP + len = os_strlcpy(buf, "CCMP WEP104 WEP40", buflen); +#else /* CONFIG_NO_TKIP */ len = os_strlcpy(buf, "CCMP TKIP WEP104 WEP40", buflen); +#endif /* CONFIG_NO_TKIP */ #else /* CONFIG_WEP */ +#ifdef CONFIG_NO_TKIP + len = os_strlcpy(buf, "CCMP", buflen); +#else /* CONFIG_NO_TKIP */ len = os_strlcpy(buf, "CCMP TKIP", buflen); +#endif /* CONFIG_NO_TKIP */ #endif /* CONFIG_WEP */ if (len >= buflen) return -1; @@ -7944,6 +7960,34 @@ static int wpas_ctrl_iface_driver_flags(struct wpa_supplicant *wpa_s, } +static int wpas_ctrl_iface_driver_flags2(struct wpa_supplicant *wpa_s, + char *buf, size_t buflen) +{ + int ret, i; + char *pos, *end; + + ret = os_snprintf(buf, buflen, "%016llX:\n", + (long long unsigned) wpa_s->drv_flags2); + if (os_snprintf_error(buflen, ret)) + return -1; + + pos = buf + ret; + end = buf + buflen; + + for (i = 0; i < 64; i++) { + if (wpa_s->drv_flags2 & (1LLU << i)) { + ret = os_snprintf(pos, end - pos, "%s\n", + driver_flag2_to_string(1LLU << i)); + if (os_snprintf_error(end - pos, ret)) + return -1; + pos += ret; + } + } + + return pos - buf; +} + + static int wpa_supplicant_pktcnt_poll(struct wpa_supplicant *wpa_s, char *buf, size_t buflen) { @@ -8184,6 +8228,7 @@ static void wpa_supplicant_ctrl_iface_flush(struct wpa_supplicant *wpa_s) wpa_s->disable_sa_query = 0; wpa_s->testing_resend_assoc = 0; wpa_s->ignore_sae_h2e_only = 0; + wpa_s->ft_rsnxe_used = 0; wpa_s->reject_btm_req_reason = 0; wpa_sm_set_test_assoc_ie(wpa_s->wpa, NULL); os_free(wpa_s->get_pref_freq_list_override); @@ -10713,6 +10758,9 @@ char * wpa_supplicant_ctrl_iface_process(struct wpa_supplicant *wpa_s, } else if (os_strcmp(buf, "DRIVER_FLAGS") == 0) { reply_len = wpas_ctrl_iface_driver_flags(wpa_s, reply, reply_size); + } else if (os_strcmp(buf, "DRIVER_FLAGS2") == 0) { + reply_len = wpas_ctrl_iface_driver_flags2(wpa_s, reply, + reply_size); #ifdef ANDROID } else if (os_strncmp(buf, "DRIVER ", 7) == 0) { reply_len = wpa_supplicant_driver_cmd(wpa_s, buf + 7, reply, diff --git a/wpa_supplicant/dbus/dbus_new.c b/wpa_supplicant/dbus/dbus_new.c index e9e77bd1..793a881e 100644 --- a/wpa_supplicant/dbus/dbus_new.c +++ b/wpa_supplicant/dbus/dbus_new.c @@ -750,10 +750,12 @@ void wpas_dbus_signal_wps_cred(struct wpa_supplicant *wpa_s, if (cred->auth_type & WPS_AUTH_OPEN) auth_type[at_num++] = "open"; +#ifndef CONFIG_NO_TKIP if (cred->auth_type & WPS_AUTH_WPAPSK) auth_type[at_num++] = "wpa-psk"; if (cred->auth_type & WPS_AUTH_WPA) auth_type[at_num++] = "wpa-eap"; +#endif /* CONFIG_NO_TKIP */ if (cred->auth_type & WPS_AUTH_WPA2) auth_type[at_num++] = "wpa2-eap"; if (cred->auth_type & WPS_AUTH_WPA2PSK) @@ -761,8 +763,10 @@ void wpas_dbus_signal_wps_cred(struct wpa_supplicant *wpa_s, if (cred->encr_type & WPS_ENCR_NONE) encr_type[et_num++] = "none"; +#ifndef CONFIG_NO_TKIP if (cred->encr_type & WPS_ENCR_TKIP) encr_type[et_num++] = "tkip"; +#endif /* CONFIG_NO_TKIP */ if (cred->encr_type & WPS_ENCR_AES) encr_type[et_num++] = "aes"; diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c index 4e17e31a..d1f9607c 100644 --- a/wpa_supplicant/dbus/dbus_new_handlers.c +++ b/wpa_supplicant/dbus/dbus_new_handlers.c @@ -2632,7 +2632,11 @@ dbus_bool_t wpas_dbus_getter_capabilities( /***** pairwise cipher */ if (res < 0) { +#ifdef CONFIG_NO_TKIP + const char *args[] = {"ccmp", "none"}; +#else /* CONFIG_NO_TKIP */ const char *args[] = {"ccmp", "tkip", "none"}; +#endif /* CONFIG_NO_TKIP */ if (!wpa_dbus_dict_append_string_array( &iter_dict, "Pairwise", args, @@ -2655,9 +2659,11 @@ dbus_bool_t wpas_dbus_getter_capabilities( ((capa.enc & WPA_DRIVER_CAPA_ENC_GCMP) && !wpa_dbus_dict_string_array_add_element( &iter_array, "gcmp")) || +#ifndef CONFIG_NO_TKIP ((capa.enc & WPA_DRIVER_CAPA_ENC_TKIP) && !wpa_dbus_dict_string_array_add_element( &iter_array, "tkip")) || +#endif /* CONFIG_NO_TKIP */ ((capa.key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_WPA_NONE) && !wpa_dbus_dict_string_array_add_element( &iter_array, "none")) || @@ -2671,7 +2677,10 @@ dbus_bool_t wpas_dbus_getter_capabilities( /***** group cipher */ if (res < 0) { const char *args[] = { - "ccmp", "tkip", + "ccmp", +#ifndef CONFIG_NO_TKIP + "tkip", +#endif /* CONFIG_NO_TKIP */ #ifdef CONFIG_WEP "wep104", "wep40" #endif /* CONFIG_WEP */ @@ -2698,9 +2707,11 @@ dbus_bool_t wpas_dbus_getter_capabilities( ((capa.enc & WPA_DRIVER_CAPA_ENC_GCMP) && !wpa_dbus_dict_string_array_add_element( &iter_array, "gcmp")) || +#ifndef CONFIG_NO_TKIP ((capa.enc & WPA_DRIVER_CAPA_ENC_TKIP) && !wpa_dbus_dict_string_array_add_element( &iter_array, "tkip")) || +#endif /* CONFIG_NO_TKIP */ #ifdef CONFIG_WEP ((capa.enc & WPA_DRIVER_CAPA_ENC_WEP104) && !wpa_dbus_dict_string_array_add_element( @@ -4759,9 +4770,11 @@ static dbus_bool_t wpas_dbus_get_bss_security_prop( group = "wep104"; break; #endif /* CONFIG_WEP */ +#ifndef CONFIG_NO_TKIP case WPA_CIPHER_TKIP: group = "tkip"; break; +#endif /* CONFIG_NO_TKIP */ case WPA_CIPHER_CCMP: group = "ccmp"; break; @@ -4784,8 +4797,10 @@ static dbus_bool_t wpas_dbus_get_bss_security_prop( /* Pairwise */ n = 0; +#ifndef CONFIG_NO_TKIP if (ie_data->pairwise_cipher & WPA_CIPHER_TKIP) pairwise[n++] = "tkip"; +#endif /* CONFIG_NO_TKIP */ if (ie_data->pairwise_cipher & WPA_CIPHER_CCMP) pairwise[n++] = "ccmp"; if (ie_data->pairwise_cipher & WPA_CIPHER_GCMP) diff --git a/wpa_supplicant/defconfig b/wpa_supplicant/defconfig index ef2339f2..c570775d 100644 --- a/wpa_supplicant/defconfig +++ b/wpa_supplicant/defconfig @@ -617,3 +617,12 @@ CONFIG_DPP=y # be completely removed in a future release. #CONFIG_WEP=y +# Remove all TKIP functionality +# TKIP is an old cryptographic data confidentiality algorithm that is not +# considered secure. It should not be used anymore for anything else than a +# backwards compatibility option as a group cipher when connecting to APs that +# use WPA+WPA2 mixed mode. For now, the default wpa_supplicant build includes +# support for this by default, but that functionality is subject to be removed +# in the future. +#CONFIG_NO_TKIP=y + diff --git a/wpa_supplicant/dpp_supplicant.c b/wpa_supplicant/dpp_supplicant.c index c75ab47c..6dfa2e50 100644 --- a/wpa_supplicant/dpp_supplicant.c +++ b/wpa_supplicant/dpp_supplicant.c @@ -119,6 +119,7 @@ int wpas_dpp_nfc_handover_req(struct wpa_supplicant *wpa_s, const char *cmd) own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos)); if (!own_bi) return -1; + own_bi->nfc_negotiated = 1; pos = os_strstr(cmd, " uri="); if (!pos) @@ -150,6 +151,7 @@ int wpas_dpp_nfc_handover_sel(struct wpa_supplicant *wpa_s, const char *cmd) own_bi = dpp_bootstrap_get_id(wpa_s->dpp, atoi(pos)); if (!own_bi) return -1; + own_bi->nfc_negotiated = 1; pos = os_strstr(cmd, " uri="); if (!pos) @@ -858,6 +860,7 @@ static void dpp_start_listen_cb(struct wpa_radio_work *work, int deinit) } wpa_s->off_channel_freq = 0; wpa_s->roc_waiting_drv_freq = lwork->freq; + wpa_drv_dpp_listen(wpa_s, true); } @@ -932,6 +935,7 @@ void wpas_dpp_listen_stop(struct wpa_supplicant *wpa_s) wpa_printf(MSG_DEBUG, "DPP: Stop listen on %u MHz", wpa_s->dpp_listen_freq); wpa_drv_cancel_remain_on_channel(wpa_s); + wpa_drv_dpp_listen(wpa_s, false); wpa_s->dpp_listen_freq = 0; wpas_dpp_listen_work_done(wpa_s); } @@ -1432,7 +1436,7 @@ static void wpas_dpp_start_gas_client(struct wpa_supplicant *wpa_s) MAC2STR(auth->peer_mac_addr), auth->curr_freq); res = gas_query_req(wpa_s->gas, auth->peer_mac_addr, auth->curr_freq, - 1, buf, wpas_dpp_gas_resp_cb, wpa_s); + 1, 1, buf, wpas_dpp_gas_resp_cb, wpa_s); if (res < 0) { wpa_msg(wpa_s, MSG_DEBUG, "GAS: Failed to send Query Request"); wpabuf_free(buf); diff --git a/wpa_supplicant/driver_i.h b/wpa_supplicant/driver_i.h index 6a03d8e9..68185892 100644 --- a/wpa_supplicant/driver_i.h +++ b/wpa_supplicant/driver_i.h @@ -1108,4 +1108,11 @@ static inline int wpa_drv_set_4addr_mode(struct wpa_supplicant *wpa_s, int val) wpa_s->bridge_ifname, val); } +static inline int wpa_drv_dpp_listen(struct wpa_supplicant *wpa_s, int enable) +{ + if (!wpa_s->driver->dpp_listen) + return 0; + return wpa_s->driver->dpp_listen(wpa_s->drv_priv, enable); +} + #endif /* DRIVER_I_H */ diff --git a/wpa_supplicant/gas_query.c b/wpa_supplicant/gas_query.c index 8e977a3e..759b9b9c 100644 --- a/wpa_supplicant/gas_query.c +++ b/wpa_supplicant/gas_query.c @@ -43,6 +43,7 @@ struct gas_query_pending { unsigned int offchannel_tx_started:1; unsigned int retry:1; unsigned int wildcard_bssid:1; + unsigned int maintain_addr:1; int freq; u16 status_code; struct wpabuf *req; @@ -693,7 +694,8 @@ static void gas_query_start_cb(struct wpa_radio_work *work, int deinit) return; } - if (wpas_update_random_addr_disassoc(wpa_s) < 0) { + if (!query->maintain_addr && + wpas_update_random_addr_disassoc(wpa_s) < 0) { wpa_msg(wpa_s, MSG_INFO, "Failed to assign random MAC address for GAS"); gas_query_free(query, 1); @@ -749,12 +751,23 @@ static int gas_query_set_sa(struct gas_query *gas, struct wpa_supplicant *wpa_s = gas->wpa_s; struct os_reltime now; - if (!wpa_s->conf->gas_rand_mac_addr || + if (query->maintain_addr || + !wpa_s->conf->gas_rand_mac_addr || !(wpa_s->current_bss ? (wpa_s->drv_flags & WPA_DRIVER_FLAGS_MGMT_TX_RANDOM_TA_CONNECTED) : (wpa_s->drv_flags & WPA_DRIVER_FLAGS_MGMT_TX_RANDOM_TA))) { /* Use own MAC address as the transmitter address */ + wpa_printf(MSG_DEBUG, + "GAS: Use own MAC address as the transmitter address%s%s%s", + query->maintain_addr ? " (maintain_addr)" : "", + !wpa_s->conf->gas_rand_mac_addr ? " (no gas_rand_mac_adr set)" : "", + !(wpa_s->current_bss ? + (wpa_s->drv_flags & + WPA_DRIVER_FLAGS_MGMT_TX_RANDOM_TA_CONNECTED) : + (wpa_s->drv_flags & + WPA_DRIVER_FLAGS_MGMT_TX_RANDOM_TA)) ? + " (no driver rand capa" : ""); os_memcpy(query->sa, wpa_s->own_addr, ETH_ALEN); return 0; } @@ -800,6 +813,9 @@ static int gas_query_set_sa(struct gas_query *gas, * @gas: GAS query data from gas_query_init() * @dst: Destination MAC address for the query * @freq: Frequency (in MHz) for the channel on which to send the query + * @wildcard_bssid: Force use of wildcard BSSID value + * @maintain_addr: Maintain own MAC address for exchange (i.e., ignore MAC + * address randomization rules) * @req: GAS query payload (to be freed by gas_query module in case of success * return) * @cb: Callback function for reporting GAS query result and response @@ -807,7 +823,7 @@ static int gas_query_set_sa(struct gas_query *gas, * Returns: dialog token (>= 0) on success or -1 on failure */ int gas_query_req(struct gas_query *gas, const u8 *dst, int freq, - int wildcard_bssid, struct wpabuf *req, + int wildcard_bssid, int maintain_addr, struct wpabuf *req, void (*cb)(void *ctx, const u8 *dst, u8 dialog_token, enum gas_query_result result, const struct wpabuf *adv_proto, @@ -829,6 +845,7 @@ int gas_query_req(struct gas_query *gas, const u8 *dst, int freq, return -1; query->gas = gas; + query->maintain_addr = !!maintain_addr; if (gas_query_set_sa(gas, query)) { os_free(query); return -1; diff --git a/wpa_supplicant/gas_query.h b/wpa_supplicant/gas_query.h index d2b45544..f9ce7b68 100644 --- a/wpa_supplicant/gas_query.h +++ b/wpa_supplicant/gas_query.h @@ -35,7 +35,7 @@ enum gas_query_result { }; int gas_query_req(struct gas_query *gas, const u8 *dst, int freq, - int wildcard_bssid, struct wpabuf *req, + int wildcard_bssid, int maintain_addr, struct wpabuf *req, void (*cb)(void *ctx, const u8 *dst, u8 dialog_token, enum gas_query_result result, const struct wpabuf *adv_proto, diff --git a/wpa_supplicant/hidl/1.3/hidl_manager.cpp b/wpa_supplicant/hidl/1.3/hidl_manager.cpp index e467da32..e15e9fd2 100644 --- a/wpa_supplicant/hidl/1.3/hidl_manager.cpp +++ b/wpa_supplicant/hidl/1.3/hidl_manager.cpp @@ -482,6 +482,12 @@ int HidlManager::registerInterface(struct wpa_supplicant *wpa_s) "Failed to enable scan mac randomization"); } } + + // Enable randomized source MAC address for GAS/ANQP + // Set the lifetime to 0, guarantees a unique address for each GAS + // session + wpa_s->conf->gas_rand_mac_addr = 1; + wpa_s->conf->gas_rand_addr_lifetime = 0; } // Invoke the |onInterfaceCreated| method on all registered callbacks. diff --git a/wpa_supplicant/hs20_supplicant.c b/wpa_supplicant/hs20_supplicant.c index 741f9255..ce5608e0 100644 --- a/wpa_supplicant/hs20_supplicant.c +++ b/wpa_supplicant/hs20_supplicant.c @@ -289,7 +289,8 @@ int hs20_anqp_send_req(struct wpa_supplicant *wpa_s, const u8 *dst, u32 stypes, if (buf == NULL) return -1; - res = gas_query_req(wpa_s->gas, dst, freq, 0, buf, anqp_resp_cb, wpa_s); + res = gas_query_req(wpa_s->gas, dst, freq, 0, 0, buf, anqp_resp_cb, + wpa_s); if (res < 0) { wpa_printf(MSG_DEBUG, "ANQP: Failed to send Query Request"); wpabuf_free(buf); diff --git a/wpa_supplicant/interworking.c b/wpa_supplicant/interworking.c index dc51418c..c16c2a98 100644 --- a/wpa_supplicant/interworking.c +++ b/wpa_supplicant/interworking.c @@ -316,7 +316,7 @@ static int interworking_anqp_send_req(struct wpa_supplicant *wpa_s, if (buf == NULL) return -1; - res = gas_query_req(wpa_s->gas, bss->bssid, bss->freq, 0, buf, + res = gas_query_req(wpa_s->gas, bss->bssid, bss->freq, 0, 0, buf, interworking_anqp_resp_cb, wpa_s); if (res < 0) { wpa_msg(wpa_s, MSG_DEBUG, "ANQP: Failed to send Query Request"); @@ -2804,7 +2804,8 @@ int anqp_send_req(struct wpa_supplicant *wpa_s, const u8 *dst, if (buf == NULL) return -1; - res = gas_query_req(wpa_s->gas, dst, freq, 0, buf, anqp_resp_cb, wpa_s); + res = gas_query_req(wpa_s->gas, dst, freq, 0, 0, buf, anqp_resp_cb, + wpa_s); if (res < 0) { wpa_msg(wpa_s, MSG_DEBUG, "ANQP: Failed to send Query Request"); wpabuf_free(buf); @@ -3244,7 +3245,8 @@ int gas_send_request(struct wpa_supplicant *wpa_s, const u8 *dst, } else wpabuf_put_le16(buf, 0); - res = gas_query_req(wpa_s->gas, dst, freq, 0, buf, gas_resp_cb, wpa_s); + res = gas_query_req(wpa_s->gas, dst, freq, 0, 0, buf, gas_resp_cb, + wpa_s); if (res < 0) { wpa_msg(wpa_s, MSG_DEBUG, "GAS: Failed to send Query Request"); wpabuf_free(buf); diff --git a/wpa_supplicant/mesh.c b/wpa_supplicant/mesh.c index b504124f..c085466b 100644 --- a/wpa_supplicant/mesh.c +++ b/wpa_supplicant/mesh.c @@ -268,6 +268,7 @@ static int wpa_supplicant_mesh_init(struct wpa_supplicant *wpa_s, return -ENOMEM; ifmsh->drv_flags = wpa_s->drv_flags; + ifmsh->drv_flags2 = wpa_s->drv_flags2; ifmsh->num_bss = 1; ifmsh->bss = os_calloc(wpa_s->ifmsh->num_bss, sizeof(struct hostapd_data *)); diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c index 2c8754bd..b0bea614 100644 --- a/wpa_supplicant/p2p_supplicant.c +++ b/wpa_supplicant/p2p_supplicant.c @@ -3192,8 +3192,12 @@ static void wpas_invitation_received(void *ctx, const u8 *sa, const u8 *bssid, MAC2STR(sa), s->id); } wpas_p2p_group_add_persistent( - wpa_s, s, go, 0, op_freq, 0, 0, 0, 0, 0, - 0, NULL, + wpa_s, s, go, 0, op_freq, 0, + wpa_s->conf->p2p_go_ht40, + wpa_s->conf->p2p_go_vht, + 0, + wpa_s->conf->p2p_go_he, + wpa_s->conf->p2p_go_edmg, NULL, go ? P2P_MAX_INITIAL_CONN_WAIT_GO_REINVOKE : 0, 1); } else if (bssid) { diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c index d4294966..089830f8 100644 --- a/wpa_supplicant/wpa_supplicant.c +++ b/wpa_supplicant/wpa_supplicant.c @@ -1640,6 +1640,10 @@ int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s, if (ssid->sae_password_id && sae_pwe != 3) sae_pwe = 1; wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_SAE_PWE, sae_pwe); +#ifdef CONFIG_TESTING_OPTIONS + wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_FT_RSNXE_USED, + wpa_s->ft_rsnxe_used); +#endif /* CONFIG_TESTING_OPTIONS */ /* Extended Key ID is only supported in infrastructure BSS so far */ if (ssid->mode == WPAS_MODE_INFRA && wpa_s->conf->extended_key_id && @@ -4758,6 +4762,13 @@ void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr, } +static int wpas_eapol_needs_l2_packet(struct wpa_supplicant *wpa_s) +{ + return !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_CONTROL_PORT) || + !(wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX); +} + + int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s) { if ((!wpa_s->p2p_mgmt || @@ -4767,7 +4778,9 @@ int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s) wpa_s->l2 = l2_packet_init(wpa_s->ifname, wpa_drv_get_mac_addr(wpa_s), ETH_P_EAPOL, - wpa_supplicant_rx_eapol, wpa_s, 0); + wpas_eapol_needs_l2_packet(wpa_s) ? + wpa_supplicant_rx_eapol : NULL, + wpa_s, 0); if (wpa_s->l2 == NULL) return -1; @@ -4775,17 +4788,18 @@ int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s) L2_PACKET_FILTER_PKTTYPE)) wpa_dbg(wpa_s, MSG_DEBUG, "Failed to attach pkt_type filter"); + + if (l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) { + wpa_msg(wpa_s, MSG_ERROR, + "Failed to get own L2 address"); + return -1; + } } else { const u8 *addr = wpa_drv_get_mac_addr(wpa_s); if (addr) os_memcpy(wpa_s->own_addr, addr, ETH_ALEN); } - if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) { - wpa_msg(wpa_s, MSG_ERROR, "Failed to get own L2 address"); - return -1; - } - wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr); wpas_wps_update_mac_addr(wpa_s); @@ -4844,7 +4858,7 @@ int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s) os_memcpy(wpa_s->perm_addr, wpa_s->own_addr, ETH_ALEN); wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr); - if (wpa_s->bridge_ifname[0]) { + if (wpa_s->bridge_ifname[0] && wpas_eapol_needs_l2_packet(wpa_s)) { wpa_dbg(wpa_s, MSG_DEBUG, "Receiving packets from bridge " "interface '%s'", wpa_s->bridge_ifname); wpa_s->l2_br = l2_packet_init_bridge( @@ -6240,6 +6254,7 @@ static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s, if (capa_res == 0) { wpa_s->drv_capa_known = 1; wpa_s->drv_flags = capa.flags; + wpa_s->drv_flags2 = capa.flags2; wpa_s->drv_enc = capa.enc; wpa_s->drv_rrm_flags = capa.rrm_flags; wpa_s->probe_resp_offloads = capa.probe_resp_offloads; diff --git a/wpa_supplicant/wpa_supplicant.conf b/wpa_supplicant/wpa_supplicant.conf index f242c3a9..3b905677 100644 --- a/wpa_supplicant/wpa_supplicant.conf +++ b/wpa_supplicant/wpa_supplicant.conf @@ -481,6 +481,11 @@ fast_reauth=1 # 0 = use permanent MAC address # 1 = use random MAC address # 2 = like 1, but maintain OUI (with local admin bit set) +# Note that this setting is ignored when a specific MAC address is needed for +# a full protocol exchange that includes GAS, e.g., when going through a DPP +# exchange that exposes the configured interface address as part of the DP +# Public Action frame exchanges before using GAS. That same address is then used +# during the GAS exchange as well to avoid breaking the protocol expectations. #gas_rand_mac_addr=0 # Lifetime of GAS random MAC address in seconds (default: 60) diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h index 8b1d0d04..2f95eeb1 100644 --- a/wpa_supplicant/wpa_supplicant_i.h +++ b/wpa_supplicant/wpa_supplicant_i.h @@ -725,6 +725,7 @@ struct wpa_supplicant { unsigned int no_suitable_network; u64 drv_flags; + u64 drv_flags2; unsigned int drv_enc; unsigned int drv_rrm_flags; @@ -1144,6 +1145,7 @@ struct wpa_supplicant { unsigned int disable_sa_query:1; unsigned int testing_resend_assoc:1; unsigned int ignore_sae_h2e_only:1; + int ft_rsnxe_used; struct wpabuf *sae_commit_override; enum wpa_alg last_tk_alg; u8 last_tk_addr[ETH_ALEN]; diff --git a/wpa_supplicant/wps_supplicant.c b/wpa_supplicant/wps_supplicant.c index e6171585..130c2789 100644 --- a/wpa_supplicant/wps_supplicant.c +++ b/wpa_supplicant/wps_supplicant.c @@ -484,7 +484,7 @@ static int wpa_supplicant_wps_cred(void *ctx, case WPS_ENCR_NONE: break; case WPS_ENCR_TKIP: - ssid->pairwise_cipher = WPA_CIPHER_TKIP; + ssid->pairwise_cipher = WPA_CIPHER_TKIP | WPA_CIPHER_CCMP; break; case WPS_ENCR_AES: ssid->pairwise_cipher = WPA_CIPHER_CCMP; @@ -525,7 +525,7 @@ static int wpa_supplicant_wps_cred(void *ctx, case WPS_AUTH_WPAPSK: ssid->auth_alg = WPA_AUTH_ALG_OPEN; ssid->key_mgmt = WPA_KEY_MGMT_PSK; - ssid->proto = WPA_PROTO_WPA; + ssid->proto = WPA_PROTO_WPA | WPA_PROTO_RSN; break; case WPS_AUTH_WPA2PSK: ssid->auth_alg = WPA_AUTH_ALG_OPEN; @@ -1618,8 +1618,13 @@ int wpas_wps_init(struct wpa_supplicant *wpa_s) os_memcpy(wps->dev.mac_addr, wpa_s->own_addr, ETH_ALEN); wpas_wps_set_uuid(wpa_s, wps); +#ifdef CONFIG_NO_TKIP + wps->auth_types = WPS_AUTH_WPA2PSK; + wps->encr_types = WPS_ENCR_AES; +#else /* CONFIG_NO_TKIP */ wps->auth_types = WPS_AUTH_WPA2PSK | WPS_AUTH_WPAPSK; wps->encr_types = WPS_ENCR_AES | WPS_ENCR_TKIP; +#endif /* CONFIG_NO_TKIP */ os_memset(&rcfg, 0, sizeof(rcfg)); rcfg.new_psk_cb = wpas_wps_new_psk_cb; |