Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_wpa_supplicant_8 / 746bde5f922dfd627d25111da4313395bc4ed6af^! / . / wpa_supplicant / mesh_rsn.c
commit746bde5f922dfd627d25111da4313395bc4ed6af[log] [tgz]
authorDmitry Shmidt <dimitrysh@google.com>Mon Jan 12 13:01:47 2015 -0800
committerDmitry Shmidt <dimitrysh@google.com>Mon Jan 12 13:03:23 2015 -0800
tree2e49fc3752a1629311ecfab700dce9c09a6349a7
parent09e996ad0c1f693e52dc8aa108fbdb0dba4968e1 [diff] [blame]
Cumulative patch from commit 3e7f1c7980c6e9fc7173f78aa72b2761fcd8924d

3e7f1c7 GnuTLS: Add TLS event callbacks for chain success/failure and peer cert
0eb2ed0 GnuTLS: Add support for OCSP stapling as a client
cf08e9b Add MESH to modes capabilities
db5adfe Add SAE to auth_alg capabilities
0e1bb94 GnuTLS: Verify that server certificate EKU is valid for a server
d4d1f5c GnuTLS: Fix tls_disable_time_checks=1 processing
594d1fc GnuTLS: Add support for private_key and client_cert as blobs
79b1dd9 GnuTLS: Fix DER encoding certificate parsing
a165145 Add "GET tls_library" to provide information on TLS library and version
c3bb84b GnuTLS: Add event callbacks
8ddcd6b GnuTLS: Add support for domain_suffix_match
4bc13bf GnuTLS: Check for any unknown verification failure
e0d431a GnuTLS: Add more debug prints for version and session status
65ec7f4 GnuTLS: Move peer certificate validation into callback function
7c82457 GnuTLS: Remove support for versions older than 2.12.x
e1d63f6 GnuTLS: Remove old version number checks for 1.3.2
ae0a23a GnuTLS: Remove GNUTLS_INTERNAL_STRUCTURE_HACK
db4cf40 GnuTLS: Add support for ca_cert as a blob
224104d TLS: Reject openssl_ciphers parameter in non-OpenSSL cases
b09baf3 Work around Windows build issues
6dbbef9 Define host_to_le32() for Windows builds
7d28e46 Fix os_win32 build
0b40247 Remove Network Security Service (NSS) support
d166947 schannel: Reject subject_match, altsubject_match, suffix_match
59051f8 TLS: Reject subject_match, altsubject_match, suffix_match
f8717ac GnuTLS: Reject subject_match, altsubject_match, suffix_match
e24aef1 Fix a typo in domain_suffix_match documentation
394b547 Improve subject_match and domain_suffix_match documentation
8a42a07 trace: Fix out-of-memory testing logic
79cd993 Add address masks to BSSID lists
b83e455 Add network specific BSSID black and white lists
b3d6a0a Add generic parser for MAC address lists
21c74e8 nl80211: Use a helper function to put mesh_id
85e1fad nl80211: Use a helper function for putting beacon interval
6dfc557 Remove mesh_ht_mode network block parameter
54fe48b mesh: Use the shared function with IBSS to determine channel parameters
f7e889f mesh: Convert channel configuration to use common routines
6334330 mesh: Use a separate variable to track whether HT is enabled
1fc4ab2 nl80211: Move debug prints into nl80211_put_freq_params()
cae87ab nl80211: Add a helper function for putting basic rates
6b8b077 ibss/mesh: Enable HT40 if supported
a828f62 Make check_40mhz_2g4 common
fdd989d Make check_20mhz_bss common
0e550fe Make check_40mhz_5g common
6d5d098 Make get_pri_sec_chan() common
5144274 Introduce common allowed_ht40_channel_pair()
5f10b7f Use common hw_get_freq/hw_get_chan helpers in hostapd
269dfe2 Introduce common hw features
1830817 IBSS: Add WPA_DRIVER_FLAGS_HT_IBSS
f3b8ad4 SAE: Implement retransmission timer
a206e2a SAE: Centralize function for sending initial COMMIT
28c91ee bsd: Fix parsing of ieee80211req_scan_result on FreeBSD and DragonFly
96d1d97 Android: Remove hardcoded ICU include paths from hs20-osu-client
a354bcc D-Bus: Use NoMemory error message from CreateInterface
635874b Handle interface disabled/enabled more consistently
8f2cf37 P2P: Indicate reason=UNAVAILABLE for group netdev going down
86a7fbb Verify that eloop_register_read_sock() succeeds for ctrl_iface setup
27d9701 Fix a memory leak on WPA authenticator error path
c1c07dc Fix hostapd interface addition error path
a156ffd Add support for testing memory allocation failures
52b3943 D-Bus: Fix interface unregistration on error path
96dc9a6 D-Bus (old): Fix interface unregistration on error path
ef03557 Fix memory leak on wpa_supplicant_init_wpa() error path
52a8058 TDLS: Fix an interface addition error path
f2d5728 D-Bus: Fix string array dict entry parser in out-of-memory case
c61bc23 D-Bus: Fix byte array dict entry parser in out-of-memory case
dacf605 D-Bus: Fix Introspect() in case of os_strdup() failure
68a8669 D-Bus (old): Fix wpsReg error message
f0614bc D-Bus (old): Fix message handler error paths
a2af1c7 D-Bus (old): Fix memory leak on error path
3d2e2d5 trace: Fix compiler warning on 32-bit builds with bfd support
b9f6560 eloop: Fix WPA_TRACE tracking in case of realloc failure
e10422c Fix memory leak on hostapd BSS addition error path
2801659 Fix hostapd initialization error path on allocation failure
d58ade2 nl80211: Fix compilation with libnl 1.1 and 2.0
51f3427 crypto: Clear temporary stack buffers after use
77a2c39 crypto: Clear temporary heap allocations before freeing
a15a7fc DH: Clear memory explicitly on private key deinit
77c45e2 Add wpabuf_clear_free() to allow clearing of freed memory
a90c7d9 OpenSSL: Fix pbkdf2_sha1() wrapper
f6ebbcf AES-SIV: Make aes_s2v() static
dcf8fbc nl80211: Simplify event processing error paths
38751d8 nl80211: Remove cfg80211 state mismatch workaround for authentication
64ae244 nl80211: Check support for rekey offload on first use

Change-Id: Ice94c3cf8e39a6d2cac993aacd0f6d45b31c7c15
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>

diff --git a/wpa_supplicant/mesh_rsn.c b/wpa_supplicant/mesh_rsn.c
index e6ae7c3..aee325a 100644
--- a/wpa_supplicant/mesh_rsn.c
+++ b/wpa_supplicant/mesh_rsn.c

@@ -18,6 +18,7 @@
 #include "ap/hostapd.h"
 #include "ap/wpa_auth.h"
 #include "ap/sta_info.h"
+#include "ap/ieee802_11.h"
 #include "wpa_supplicant_i.h"
 #include "driver_i.h"
 #include "wpas_glue.h"
@@ -245,80 +246,23 @@
 }
 
 
-struct wpabuf *
-mesh_rsn_build_sae_commit(struct wpa_supplicant *wpa_s,
-			  struct wpa_ssid *ssid, struct sta_info *sta)
+static int mesh_rsn_build_sae_commit(struct wpa_supplicant *wpa_s,
+				     struct wpa_ssid *ssid,
+				     struct sta_info *sta)
 {
-	struct wpabuf *buf;
-	int len;
-
 	if (ssid->passphrase == NULL) {
 		wpa_msg(wpa_s, MSG_DEBUG, "SAE: No password available");
-		return NULL;
+		return -1;
 	}
 
 	if (mesh_rsn_sae_group(wpa_s, sta->sae) < 0) {
 		wpa_msg(wpa_s, MSG_DEBUG, "SAE: Failed to select group");
-		return NULL;
+		return -1;
 	}
 
-	if (sae_prepare_commit(wpa_s->own_addr, sta->addr,
-			       (u8 *) ssid->passphrase,
-			       os_strlen(ssid->passphrase), sta->sae) < 0) {
-		wpa_msg(wpa_s, MSG_DEBUG, "SAE: Could not pick PWE");
-		return NULL;
-	}
-
-	len = wpa_s->mesh_rsn->sae_token ?
-		wpabuf_len(wpa_s->mesh_rsn->sae_token) : 0;
-	buf = wpabuf_alloc(4 + SAE_COMMIT_MAX_LEN + len);
-	if (buf == NULL)
-		return NULL;
-
-	sae_write_commit(sta->sae, buf, wpa_s->mesh_rsn->sae_token);
-
-	return buf;
-}
-
-
-static void mesh_rsn_send_auth(struct wpa_supplicant *wpa_s,
-			       const u8 *dst, const u8 *src,
-			       u16 auth_transaction, u16 resp,
-			       struct wpabuf *data)
-{
-	struct ieee80211_mgmt *auth;
-	u8 *buf;
-	size_t len, ielen = 0;
-
-	if (data)
-		ielen = wpabuf_len(data);
-	len = IEEE80211_HDRLEN + sizeof(auth->u.auth) + ielen;
-	buf = os_zalloc(len);
-	if (buf == NULL)
-		return;
-
-	auth = (struct ieee80211_mgmt *) buf;
-	auth->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
-					   WLAN_FC_STYPE_AUTH);
-	os_memcpy(auth->da, dst, ETH_ALEN);
-	os_memcpy(auth->sa, src, ETH_ALEN);
-	os_memcpy(auth->bssid, src, ETH_ALEN);
-
-	auth->u.auth.auth_alg = host_to_le16(WLAN_AUTH_SAE);
-	auth->u.auth.auth_transaction = host_to_le16(auth_transaction);
-	auth->u.auth.status_code = host_to_le16(resp);
-
-	if (data)
-		os_memcpy(auth->u.auth.variable, wpabuf_head(data), ielen);
-
-	wpa_msg(wpa_s, MSG_DEBUG, "authentication frame: STA=" MACSTR
-		" auth_transaction=%d resp=%d (IE len=%lu)",
-		MAC2STR(dst), auth_transaction, resp, (unsigned long) ielen);
-	if (wpa_drv_send_mlme(wpa_s, buf, len, 0) < 0)
-		wpa_printf(MSG_INFO, "send_auth_reply: send_mlme failed: %s",
-			   strerror(errno));
-
-	os_free(buf);
+	return sae_prepare_commit(wpa_s->own_addr, sta->addr,
+				  (u8 *) ssid->passphrase,
+				  os_strlen(ssid->passphrase), sta->sae);
 }
 
 
@@ -326,9 +270,10 @@
 int mesh_rsn_auth_sae_sta(struct wpa_supplicant *wpa_s,
 			  struct sta_info *sta)
 {
+	struct hostapd_data *hapd = wpa_s->ifmsh->bss[0];
 	struct wpa_ssid *ssid = wpa_s->current_ssid;
-	struct wpabuf *buf;
 	unsigned int rnd;
+	int ret;
 
 	if (!ssid) {
 		wpa_msg(wpa_s, MSG_DEBUG,
@@ -342,25 +287,21 @@
 			return -1;
 	}
 
-	buf = mesh_rsn_build_sae_commit(wpa_s, ssid, sta);
-	if (!buf)
+	if (mesh_rsn_build_sae_commit(wpa_s, ssid, sta))
 		return -1;
 
 	wpa_msg(wpa_s, MSG_DEBUG,
 		"AUTH: started authentication with SAE peer: " MACSTR,
 		MAC2STR(sta->addr));
 
-	sta->sae->state = SAE_COMMITTED;
 	wpa_supplicant_set_state(wpa_s, WPA_AUTHENTICATING);
-
-	mesh_rsn_send_auth(wpa_s, sta->addr, wpa_s->own_addr,
-			   1, WLAN_STATUS_SUCCESS, buf);
+	ret = auth_sae_init_committed(hapd, sta);
+	if (ret)
+		return ret;
 
 	rnd = rand() % MESH_AUTH_TIMEOUT;
 	eloop_register_timeout(MESH_AUTH_TIMEOUT + rnd, 0, mesh_auth_timer,
 			       wpa_s, sta);
-	wpabuf_free(buf);
-
 	return 0;
 }