Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_wpa_supplicant_8 / 97a1e7d55662fa4a41b05b9fbd2e9e03e153266a / . / src / rsn_supp / tdls.c
blob: efc643139976e163580069b763148e0752608862 [file] [log] [blame]
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1/*
2 * wpa_supplicant - TDLS
3 * Copyright (c) 2010-2011, Atheros Communications
4 *
Dmitry Shmidtc5ec7f52012-03-06 16:33:24 -0800[diff] [blame]5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]7 */
8
9#include "utils/includes.h"
10
11#include "utils/common.h"
12#include "utils/eloop.h"
13#include "utils/os.h"
14#include "common/ieee802_11_defs.h"
15#include "crypto/sha256.h"
16#include "crypto/crypto.h"
17#include "crypto/aes_wrap.h"
18#include "rsn_supp/wpa.h"
19#include "rsn_supp/wpa_ie.h"
20#include "rsn_supp/wpa_i.h"
21#include "drivers/driver.h"
22#include "l2_packet/l2_packet.h"
23
24#ifdef CONFIG_TDLS_TESTING
25#define TDLS_TESTING_LONG_FRAME BIT(0)
26#define TDLS_TESTING_ALT_RSN_IE BIT(1)
27#define TDLS_TESTING_DIFF_BSSID BIT(2)
28#define TDLS_TESTING_SHORT_LIFETIME BIT(3)
29#define TDLS_TESTING_WRONG_LIFETIME_RESP BIT(4)
30#define TDLS_TESTING_WRONG_LIFETIME_CONF BIT(5)
31#define TDLS_TESTING_LONG_LIFETIME BIT(6)
32#define TDLS_TESTING_CONCURRENT_INIT BIT(7)
33#define TDLS_TESTING_NO_TPK_EXPIRATION BIT(8)
34#define TDLS_TESTING_DECLINE_RESP BIT(9)
35#define TDLS_TESTING_IGNORE_AP_PROHIBIT BIT(10)
36unsigned int tdls_testing = 0;
37#endif /* CONFIG_TDLS_TESTING */
38
39#define TPK_LIFETIME 43200 /* 12 hours */
Dmitry Shmidtf7e0a992013-05-23 11:03:10 -0700[diff] [blame]40#define TPK_M1_RETRY_COUNT 3
41#define TPK_M1_TIMEOUT 5000 /* in milliseconds */
42#define TPK_M2_RETRY_COUNT 10
43#define TPK_M2_TIMEOUT 500 /* in milliseconds */
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]44
45#define TDLS_MIC_LEN 16
46
47#define TDLS_TIMEOUT_LEN 4
48
49struct wpa_tdls_ftie {
50 u8 ie_type; /* FTIE */
51 u8 ie_len;
52 u8 mic_ctrl[2];
53 u8 mic[TDLS_MIC_LEN];
54 u8 Anonce[WPA_NONCE_LEN]; /* Responder Nonce in TDLS */
55 u8 Snonce[WPA_NONCE_LEN]; /* Initiator Nonce in TDLS */
56 /* followed by optional elements */
57} STRUCT_PACKED;
58
59struct wpa_tdls_timeoutie {
60 u8 ie_type; /* Timeout IE */
61 u8 ie_len;
62 u8 interval_type;
63 u8 value[TDLS_TIMEOUT_LEN];
64} STRUCT_PACKED;
65
66struct wpa_tdls_lnkid {
67 u8 ie_type; /* Link Identifier IE */
68 u8 ie_len;
69 u8 bssid[ETH_ALEN];
70 u8 init_sta[ETH_ALEN];
71 u8 resp_sta[ETH_ALEN];
72} STRUCT_PACKED;
73
74/* TDLS frame headers as per IEEE Std 802.11z-2010 */
75struct wpa_tdls_frame {
76 u8 payloadtype; /* IEEE80211_TDLS_RFTYPE */
77 u8 category; /* Category */
78 u8 action; /* Action (enum tdls_frame_type) */
79} STRUCT_PACKED;
80
81static u8 * wpa_add_tdls_timeoutie(u8 *pos, u8 *ie, size_t ie_len, u32 tsecs);
82static void wpa_tdls_tpk_retry_timeout(void *eloop_ctx, void *timeout_ctx);
83static void wpa_tdls_peer_free(struct wpa_sm *sm, struct wpa_tdls_peer *peer);
Sunil Duttd0ef38b2013-09-30 17:34:13 +0300[diff] [blame]84static void wpa_tdls_disable_peer_link(struct wpa_sm *sm,
85 struct wpa_tdls_peer *peer);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]86
87
88#define TDLS_MAX_IE_LEN 80
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]89#define IEEE80211_MAX_SUPP_RATES 32
90
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]91struct wpa_tdls_peer {
92 struct wpa_tdls_peer *next;
Dmitry Shmidt8da800a2013-04-24 12:57:01 -0700[diff] [blame]93 unsigned int reconfig_key:1;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]94 int initiator; /* whether this end was initiator for TDLS setup */
95 u8 addr[ETH_ALEN]; /* other end MAC address */
96 u8 inonce[WPA_NONCE_LEN]; /* Initiator Nonce */
97 u8 rnonce[WPA_NONCE_LEN]; /* Responder Nonce */
98 u8 rsnie_i[TDLS_MAX_IE_LEN]; /* Initiator RSN IE */
99 size_t rsnie_i_len;
100 u8 rsnie_p[TDLS_MAX_IE_LEN]; /* Peer RSN IE */
101 size_t rsnie_p_len;
102 u32 lifetime;
103 int cipher; /* Selected cipher (WPA_CIPHER_*) */
104 u8 dtoken;
105
106 struct tpk {
107 u8 kck[16]; /* TPK-KCK */
108 u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */
109 } tpk;
110 int tpk_set;
111 int tpk_success;
Sunil Dutt73b28cc2013-09-30 17:38:41 +0300[diff] [blame]112 int tpk_in_progress;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]113
114 struct tpk_timer {
115 u8 dest[ETH_ALEN];
116 int count; /* Retry Count */
117 int timer; /* Timeout in milliseconds */
118 u8 action_code; /* TDLS frame type */
119 u8 dialog_token;
120 u16 status_code;
121 int buf_len; /* length of TPK message for retransmission */
122 u8 *buf; /* buffer for TPK message */
123 } sm_tmr;
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]124
125 u16 capability;
126
127 u8 supp_rates[IEEE80211_MAX_SUPP_RATES];
128 size_t supp_rates_len;
Dmitry Shmidtf8623282013-02-20 14:34:59 -0800[diff] [blame]129
130 struct ieee80211_ht_capabilities *ht_capabilities;
Dmitry Shmidt33e38bf2013-02-27 12:56:00 -0800[diff] [blame]131 struct ieee80211_vht_capabilities *vht_capabilities;
Dmitry Shmidtf8623282013-02-20 14:34:59 -0800[diff] [blame]132
133 u8 qos_info;
134
Dmitry Shmidt51b6ea82013-05-08 10:42:09 -0700[diff] [blame]135 u16 aid;
136
Dmitry Shmidtf8623282013-02-20 14:34:59 -0800[diff] [blame]137 u8 *ext_capab;
138 size_t ext_capab_len;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]139};
140
141
142static int wpa_tdls_get_privacy(struct wpa_sm *sm)
143{
144 /*
145 * Get info needed from supplicant to check if the current BSS supports
146 * security. Other than OPEN mode, rest are considered secured
147 * WEP/WPA/WPA2 hence TDLS frames are processed for TPK handshake.
148 */
149 return sm->pairwise_cipher != WPA_CIPHER_NONE;
150}
151
152
153static u8 * wpa_add_ie(u8 *pos, const u8 *ie, size_t ie_len)
154{
155 os_memcpy(pos, ie, ie_len);
156 return pos + ie_len;
157}
158
159
160static int wpa_tdls_del_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
161{
162 if (wpa_sm_set_key(sm, WPA_ALG_NONE, peer->addr,
163 0, 0, NULL, 0, NULL, 0) < 0) {
164 wpa_printf(MSG_WARNING, "TDLS: Failed to delete TPK-TK from "
165 "the driver");
166 return -1;
167 }
168
169 return 0;
170}
171
172
173static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
174{
175 u8 key_len;
176 u8 rsc[6];
177 enum wpa_alg alg;
178
179 os_memset(rsc, 0, 6);
180
181 switch (peer->cipher) {
182 case WPA_CIPHER_CCMP:
183 alg = WPA_ALG_CCMP;
184 key_len = 16;
185 break;
186 case WPA_CIPHER_NONE:
187 wpa_printf(MSG_DEBUG, "TDLS: Pairwise Cipher Suite: "
188 "NONE - do not use pairwise keys");
189 return -1;
190 default:
191 wpa_printf(MSG_WARNING, "TDLS: Unsupported pairwise cipher %d",
192 sm->pairwise_cipher);
193 return -1;
194 }
195
196 if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1,
197 rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) {
198 wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the "
199 "driver");
200 return -1;
201 }
202 return 0;
203}
204
205
206static int wpa_tdls_send_tpk_msg(struct wpa_sm *sm, const u8 *dst,
207 u8 action_code, u8 dialog_token,
208 u16 status_code, const u8 *buf, size_t len)
209{
210 return wpa_sm_send_tdls_mgmt(sm, dst, action_code, dialog_token,
211 status_code, buf, len);
212}
213
214
215static int wpa_tdls_tpk_send(struct wpa_sm *sm, const u8 *dest, u8 action_code,
216 u8 dialog_token, u16 status_code,
217 const u8 *msg, size_t msg_len)
218{
219 struct wpa_tdls_peer *peer;
220
221 wpa_printf(MSG_DEBUG, "TDLS: TPK send dest=" MACSTR " action_code=%u "
222 "dialog_token=%u status_code=%u msg_len=%u",
223 MAC2STR(dest), action_code, dialog_token, status_code,
224 (unsigned int) msg_len);
225
226 if (wpa_tdls_send_tpk_msg(sm, dest, action_code, dialog_token,
227 status_code, msg, msg_len)) {
228 wpa_printf(MSG_INFO, "TDLS: Failed to send message "
229 "(action_code=%u)", action_code);
230 return -1;
231 }
232
233 if (action_code == WLAN_TDLS_SETUP_CONFIRM ||
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]234 action_code == WLAN_TDLS_TEARDOWN ||
235 action_code == WLAN_TDLS_DISCOVERY_REQUEST ||
236 action_code == WLAN_TDLS_DISCOVERY_RESPONSE)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]237 return 0; /* No retries */
238
239 for (peer = sm->tdls; peer; peer = peer->next) {
240 if (os_memcmp(peer->addr, dest, ETH_ALEN) == 0)
241 break;
242 }
243
244 if (peer == NULL) {
245 wpa_printf(MSG_INFO, "TDLS: No matching entry found for "
246 "retry " MACSTR, MAC2STR(dest));
247 return 0;
248 }
249
250 eloop_cancel_timeout(wpa_tdls_tpk_retry_timeout, sm, peer);
251
Dmitry Shmidtf7e0a992013-05-23 11:03:10 -0700[diff] [blame]252 if (action_code == WLAN_TDLS_SETUP_RESPONSE) {
253 peer->sm_tmr.count = TPK_M2_RETRY_COUNT;
254 peer->sm_tmr.timer = TPK_M2_TIMEOUT;
255 } else {
256 peer->sm_tmr.count = TPK_M1_RETRY_COUNT;
257 peer->sm_tmr.timer = TPK_M1_TIMEOUT;
258 }
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]259
260 /* Copy message to resend on timeout */
261 os_memcpy(peer->sm_tmr.dest, dest, ETH_ALEN);
262 peer->sm_tmr.action_code = action_code;
263 peer->sm_tmr.dialog_token = dialog_token;
264 peer->sm_tmr.status_code = status_code;
265 peer->sm_tmr.buf_len = msg_len;
266 os_free(peer->sm_tmr.buf);
267 peer->sm_tmr.buf = os_malloc(msg_len);
268 if (peer->sm_tmr.buf == NULL)
269 return -1;
270 os_memcpy(peer->sm_tmr.buf, msg, msg_len);
271
272 wpa_printf(MSG_DEBUG, "TDLS: Retry timeout registered "
273 "(action_code=%u)", action_code);
Dmitry Shmidtf7e0a992013-05-23 11:03:10 -0700[diff] [blame]274 eloop_register_timeout(peer->sm_tmr.timer / 1000,
275 (peer->sm_tmr.timer % 1000) * 1000,
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]276 wpa_tdls_tpk_retry_timeout, sm, peer);
277 return 0;
278}
279
280
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]281static int wpa_tdls_do_teardown(struct wpa_sm *sm, struct wpa_tdls_peer *peer,
Sunil Dutt6a9f5222013-09-30 17:10:18 +0300[diff] [blame]282 u16 reason_code)
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]283{
284 int ret;
285
Sunil Dutt6a9f5222013-09-30 17:10:18 +0300[diff] [blame]286 ret = wpa_tdls_send_teardown(sm, peer->addr, reason_code);
287 /* disable the link after teardown was sent */
Sunil Duttd0ef38b2013-09-30 17:34:13 +0300[diff] [blame]288 wpa_tdls_disable_peer_link(sm, peer);
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]289
290 return ret;
291}
292
293
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]294static void wpa_tdls_tpk_retry_timeout(void *eloop_ctx, void *timeout_ctx)
295{
296
297 struct wpa_sm *sm = eloop_ctx;
298 struct wpa_tdls_peer *peer = timeout_ctx;
299
300 if (peer->sm_tmr.count) {
301 peer->sm_tmr.count--;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]302
303 wpa_printf(MSG_INFO, "TDLS: Retrying sending of message "
304 "(action_code=%u)",
305 peer->sm_tmr.action_code);
306
307 if (peer->sm_tmr.buf == NULL) {
308 wpa_printf(MSG_INFO, "TDLS: No retry buffer available "
309 "for action_code=%u",
310 peer->sm_tmr.action_code);
311 eloop_cancel_timeout(wpa_tdls_tpk_retry_timeout, sm,
312 peer);
313 return;
314 }
315
316 /* resend TPK Handshake Message to Peer */
317 if (wpa_tdls_send_tpk_msg(sm, peer->sm_tmr.dest,
318 peer->sm_tmr.action_code,
319 peer->sm_tmr.dialog_token,
320 peer->sm_tmr.status_code,
321 peer->sm_tmr.buf,
322 peer->sm_tmr.buf_len)) {
323 wpa_printf(MSG_INFO, "TDLS: Failed to retry "
324 "transmission");
325 }
326
327 eloop_cancel_timeout(wpa_tdls_tpk_retry_timeout, sm, peer);
Dmitry Shmidtf7e0a992013-05-23 11:03:10 -0700[diff] [blame]328 eloop_register_timeout(peer->sm_tmr.timer / 1000,
329 (peer->sm_tmr.timer % 1000) * 1000,
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]330 wpa_tdls_tpk_retry_timeout, sm, peer);
331 } else {
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]332 eloop_cancel_timeout(wpa_tdls_tpk_retry_timeout, sm, peer);
333
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]334 wpa_printf(MSG_DEBUG, "TDLS: Sending Teardown Request");
335 wpa_tdls_do_teardown(sm, peer,
Sunil Dutt6a9f5222013-09-30 17:10:18 +0300[diff] [blame]336 WLAN_REASON_TDLS_TEARDOWN_UNSPECIFIED);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]337 }
338}
339
340
341static void wpa_tdls_tpk_retry_timeout_cancel(struct wpa_sm *sm,
342 struct wpa_tdls_peer *peer,
343 u8 action_code)
344{
345 if (action_code == peer->sm_tmr.action_code) {
346 wpa_printf(MSG_DEBUG, "TDLS: Retry timeout cancelled for "
347 "action_code=%u", action_code);
348
349 /* Cancel Timeout registered */
350 eloop_cancel_timeout(wpa_tdls_tpk_retry_timeout, sm, peer);
351
352 /* free all resources meant for retry */
353 os_free(peer->sm_tmr.buf);
354 peer->sm_tmr.buf = NULL;
355
356 peer->sm_tmr.count = 0;
357 peer->sm_tmr.timer = 0;
358 peer->sm_tmr.buf_len = 0;
359 peer->sm_tmr.action_code = 0xff;
360 } else {
361 wpa_printf(MSG_INFO, "TDLS: Error in cancelling retry timeout "
362 "(Unknown action_code=%u)", action_code);
363 }
364}
365
366
367static void wpa_tdls_generate_tpk(struct wpa_tdls_peer *peer,
368 const u8 *own_addr, const u8 *bssid)
369{
370 u8 key_input[SHA256_MAC_LEN];
371 const u8 *nonce[2];
372 size_t len[2];
373 u8 data[3 * ETH_ALEN];
374
375 /* IEEE Std 802.11z-2010 8.5.9.1:
376 * TPK-Key-Input = SHA-256(min(SNonce, ANonce) || max(SNonce, ANonce))
377 */
378 len[0] = WPA_NONCE_LEN;
379 len[1] = WPA_NONCE_LEN;
380 if (os_memcmp(peer->inonce, peer->rnonce, WPA_NONCE_LEN) < 0) {
381 nonce[0] = peer->inonce;
382 nonce[1] = peer->rnonce;
383 } else {
384 nonce[0] = peer->rnonce;
385 nonce[1] = peer->inonce;
386 }
387 wpa_hexdump(MSG_DEBUG, "TDLS: min(Nonce)", nonce[0], WPA_NONCE_LEN);
388 wpa_hexdump(MSG_DEBUG, "TDLS: max(Nonce)", nonce[1], WPA_NONCE_LEN);
389 sha256_vector(2, nonce, len, key_input);
390 wpa_hexdump_key(MSG_DEBUG, "TDLS: TPK-Key-Input",
391 key_input, SHA256_MAC_LEN);
392
393 /*
394 * TPK-Key-Data = KDF-N_KEY(TPK-Key-Input, "TDLS PMK",
395 * min(MAC_I, MAC_R) || max(MAC_I, MAC_R) || BSSID || N_KEY)
396 * TODO: is N_KEY really included in KDF Context and if so, in which
397 * presentation format (little endian 16-bit?) is it used? It gets
398 * added by the KDF anyway..
399 */
400
401 if (os_memcmp(own_addr, peer->addr, ETH_ALEN) < 0) {
402 os_memcpy(data, own_addr, ETH_ALEN);
403 os_memcpy(data + ETH_ALEN, peer->addr, ETH_ALEN);
404 } else {
405 os_memcpy(data, peer->addr, ETH_ALEN);
406 os_memcpy(data + ETH_ALEN, own_addr, ETH_ALEN);
407 }
408 os_memcpy(data + 2 * ETH_ALEN, bssid, ETH_ALEN);
409 wpa_hexdump(MSG_DEBUG, "TDLS: KDF Context", data, sizeof(data));
410
411 sha256_prf(key_input, SHA256_MAC_LEN, "TDLS PMK", data, sizeof(data),
412 (u8 *) &peer->tpk, sizeof(peer->tpk));
413 wpa_hexdump_key(MSG_DEBUG, "TDLS: TPK-KCK",
414 peer->tpk.kck, sizeof(peer->tpk.kck));
415 wpa_hexdump_key(MSG_DEBUG, "TDLS: TPK-TK",
416 peer->tpk.tk, sizeof(peer->tpk.tk));
417 peer->tpk_set = 1;
418}
419
420
421/**
422 * wpa_tdls_ftie_mic - Calculate TDLS FTIE MIC
423 * @kck: TPK-KCK
424 * @lnkid: Pointer to the beginning of Link Identifier IE
425 * @rsnie: Pointer to the beginning of RSN IE used for handshake
426 * @timeoutie: Pointer to the beginning of Timeout IE used for handshake
427 * @ftie: Pointer to the beginning of FT IE
428 * @mic: Pointer for writing MIC
429 *
430 * Calculate MIC for TDLS frame.
431 */
432static int wpa_tdls_ftie_mic(const u8 *kck, u8 trans_seq, const u8 *lnkid,
433 const u8 *rsnie, const u8 *timeoutie,
434 const u8 *ftie, u8 *mic)
435{
436 u8 *buf, *pos;
437 struct wpa_tdls_ftie *_ftie;
438 const struct wpa_tdls_lnkid *_lnkid;
439 int ret;
440 int len = 2 * ETH_ALEN + 1 + 2 + lnkid[1] + 2 + rsnie[1] +
441 2 + timeoutie[1] + 2 + ftie[1];
442 buf = os_zalloc(len);
443 if (!buf) {
444 wpa_printf(MSG_WARNING, "TDLS: No memory for MIC calculation");
445 return -1;
446 }
447
448 pos = buf;
449 _lnkid = (const struct wpa_tdls_lnkid *) lnkid;
450 /* 1) TDLS initiator STA MAC address */
451 os_memcpy(pos, _lnkid->init_sta, ETH_ALEN);
452 pos += ETH_ALEN;
453 /* 2) TDLS responder STA MAC address */
454 os_memcpy(pos, _lnkid->resp_sta, ETH_ALEN);
455 pos += ETH_ALEN;
456 /* 3) Transaction Sequence number */
457 *pos++ = trans_seq;
458 /* 4) Link Identifier IE */
459 os_memcpy(pos, lnkid, 2 + lnkid[1]);
460 pos += 2 + lnkid[1];
461 /* 5) RSN IE */
462 os_memcpy(pos, rsnie, 2 + rsnie[1]);
463 pos += 2 + rsnie[1];
464 /* 6) Timeout Interval IE */
465 os_memcpy(pos, timeoutie, 2 + timeoutie[1]);
466 pos += 2 + timeoutie[1];
467 /* 7) FTIE, with the MIC field of the FTIE set to 0 */
468 os_memcpy(pos, ftie, 2 + ftie[1]);
469 _ftie = (struct wpa_tdls_ftie *) pos;
470 os_memset(_ftie->mic, 0, TDLS_MIC_LEN);
471 pos += 2 + ftie[1];
472
473 wpa_hexdump(MSG_DEBUG, "TDLS: Data for FTIE MIC", buf, pos - buf);
474 wpa_hexdump_key(MSG_DEBUG, "TDLS: KCK", kck, 16);
475 ret = omac1_aes_128(kck, buf, pos - buf, mic);
476 os_free(buf);
477 wpa_hexdump(MSG_DEBUG, "TDLS: FTIE MIC", mic, 16);
478 return ret;
479}
480
481
482/**
483 * wpa_tdls_key_mic_teardown - Calculate TDLS FTIE MIC for Teardown frame
484 * @kck: TPK-KCK
485 * @trans_seq: Transaction Sequence Number (4 - Teardown)
486 * @rcode: Reason code for Teardown
487 * @dtoken: Dialog Token used for that particular link
488 * @lnkid: Pointer to the beginning of Link Identifier IE
489 * @ftie: Pointer to the beginning of FT IE
490 * @mic: Pointer for writing MIC
491 *
492 * Calculate MIC for TDLS frame.
493 */
494static int wpa_tdls_key_mic_teardown(const u8 *kck, u8 trans_seq, u16 rcode,
495 u8 dtoken, const u8 *lnkid,
496 const u8 *ftie, u8 *mic)
497{
498 u8 *buf, *pos;
499 struct wpa_tdls_ftie *_ftie;
500 int ret;
501 int len;
502
503 if (lnkid == NULL)
504 return -1;
505
506 len = 2 + lnkid[1] + sizeof(rcode) + sizeof(dtoken) +
507 sizeof(trans_seq) + 2 + ftie[1];
508
509 buf = os_zalloc(len);
510 if (!buf) {
511 wpa_printf(MSG_WARNING, "TDLS: No memory for MIC calculation");
512 return -1;
513 }
514
515 pos = buf;
516 /* 1) Link Identifier IE */
517 os_memcpy(pos, lnkid, 2 + lnkid[1]);
518 pos += 2 + lnkid[1];
519 /* 2) Reason Code */
520 WPA_PUT_LE16(pos, rcode);
521 pos += sizeof(rcode);
522 /* 3) Dialog token */
523 *pos++ = dtoken;
524 /* 4) Transaction Sequence number */
525 *pos++ = trans_seq;
526 /* 7) FTIE, with the MIC field of the FTIE set to 0 */
527 os_memcpy(pos, ftie, 2 + ftie[1]);
528 _ftie = (struct wpa_tdls_ftie *) pos;
529 os_memset(_ftie->mic, 0, TDLS_MIC_LEN);
530 pos += 2 + ftie[1];
531
532 wpa_hexdump(MSG_DEBUG, "TDLS: Data for FTIE MIC", buf, pos - buf);
533 wpa_hexdump_key(MSG_DEBUG, "TDLS: KCK", kck, 16);
534 ret = omac1_aes_128(kck, buf, pos - buf, mic);
535 os_free(buf);
536 wpa_hexdump(MSG_DEBUG, "TDLS: FTIE MIC", mic, 16);
537 return ret;
538}
539
540
541static int wpa_supplicant_verify_tdls_mic(u8 trans_seq,
542 struct wpa_tdls_peer *peer,
543 const u8 *lnkid, const u8 *timeoutie,
544 const struct wpa_tdls_ftie *ftie)
545{
546 u8 mic[16];
547
548 if (peer->tpk_set) {
549 wpa_tdls_ftie_mic(peer->tpk.kck, trans_seq, lnkid,
550 peer->rsnie_p, timeoutie, (u8 *) ftie,
551 mic);
552 if (os_memcmp(mic, ftie->mic, 16) != 0) {
553 wpa_printf(MSG_INFO, "TDLS: Invalid MIC in FTIE - "
554 "dropping packet");
555 wpa_hexdump(MSG_DEBUG, "TDLS: Received MIC",
556 ftie->mic, 16);
557 wpa_hexdump(MSG_DEBUG, "TDLS: Calculated MIC",
558 mic, 16);
559 return -1;
560 }
561 } else {
562 wpa_printf(MSG_WARNING, "TDLS: Could not verify TDLS MIC, "
563 "TPK not set - dropping packet");
564 return -1;
565 }
566 return 0;
567}
568
569
570static int wpa_supplicant_verify_tdls_mic_teardown(
571 u8 trans_seq, u16 rcode, u8 dtoken, struct wpa_tdls_peer *peer,
572 const u8 *lnkid, const struct wpa_tdls_ftie *ftie)
573{
574 u8 mic[16];
575
576 if (peer->tpk_set) {
577 wpa_tdls_key_mic_teardown(peer->tpk.kck, trans_seq, rcode,
578 dtoken, lnkid, (u8 *) ftie, mic);
579 if (os_memcmp(mic, ftie->mic, 16) != 0) {
580 wpa_printf(MSG_INFO, "TDLS: Invalid MIC in Teardown - "
581 "dropping packet");
582 return -1;
583 }
584 } else {
585 wpa_printf(MSG_INFO, "TDLS: Could not verify TDLS Teardown "
586 "MIC, TPK not set - dropping packet");
587 return -1;
588 }
589 return 0;
590}
591
592
593static void wpa_tdls_tpk_timeout(void *eloop_ctx, void *timeout_ctx)
594{
595 struct wpa_sm *sm = eloop_ctx;
596 struct wpa_tdls_peer *peer = timeout_ctx;
597
598 /*
599 * On TPK lifetime expiration, we have an option of either tearing down
600 * the direct link or trying to re-initiate it. The selection of what
601 * to do is not strictly speaking controlled by our role in the expired
602 * link, but for now, use that to select whether to renew or tear down
603 * the link.
604 */
605
606 if (peer->initiator) {
607 wpa_printf(MSG_DEBUG, "TDLS: TPK lifetime expired for " MACSTR
608 " - try to renew", MAC2STR(peer->addr));
609 wpa_tdls_start(sm, peer->addr);
610 } else {
611 wpa_printf(MSG_DEBUG, "TDLS: TPK lifetime expired for " MACSTR
612 " - tear down", MAC2STR(peer->addr));
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]613 wpa_tdls_do_teardown(sm, peer,
Sunil Dutt6a9f5222013-09-30 17:10:18 +0300[diff] [blame]614 WLAN_REASON_TDLS_TEARDOWN_UNSPECIFIED);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]615 }
616}
617
618
619static void wpa_tdls_peer_free(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
620{
621 wpa_printf(MSG_DEBUG, "TDLS: Clear state for peer " MACSTR,
622 MAC2STR(peer->addr));
623 eloop_cancel_timeout(wpa_tdls_tpk_timeout, sm, peer);
624 eloop_cancel_timeout(wpa_tdls_tpk_retry_timeout, sm, peer);
Dmitry Shmidt8da800a2013-04-24 12:57:01 -0700[diff] [blame]625 peer->reconfig_key = 0;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]626 peer->initiator = 0;
Sunil Dutt73b28cc2013-09-30 17:38:41 +0300[diff] [blame]627 peer->tpk_in_progress = 0;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]628 os_free(peer->sm_tmr.buf);
629 peer->sm_tmr.buf = NULL;
Dmitry Shmidtf8623282013-02-20 14:34:59 -0800[diff] [blame]630 os_free(peer->ht_capabilities);
631 peer->ht_capabilities = NULL;
Dmitry Shmidt33e38bf2013-02-27 12:56:00 -0800[diff] [blame]632 os_free(peer->vht_capabilities);
633 peer->vht_capabilities = NULL;
Dmitry Shmidtf8623282013-02-20 14:34:59 -0800[diff] [blame]634 os_free(peer->ext_capab);
635 peer->ext_capab = NULL;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]636 peer->rsnie_i_len = peer->rsnie_p_len = 0;
637 peer->cipher = 0;
638 peer->tpk_set = peer->tpk_success = 0;
639 os_memset(&peer->tpk, 0, sizeof(peer->tpk));
640 os_memset(peer->inonce, 0, WPA_NONCE_LEN);
641 os_memset(peer->rnonce, 0, WPA_NONCE_LEN);
642}
643
644
645static void wpa_tdls_linkid(struct wpa_sm *sm, struct wpa_tdls_peer *peer,
646 struct wpa_tdls_lnkid *lnkid)
647{
648 lnkid->ie_type = WLAN_EID_LINK_ID;
649 lnkid->ie_len = 3 * ETH_ALEN;
650 os_memcpy(lnkid->bssid, sm->bssid, ETH_ALEN);
651 if (peer->initiator) {
652 os_memcpy(lnkid->init_sta, sm->own_addr, ETH_ALEN);
653 os_memcpy(lnkid->resp_sta, peer->addr, ETH_ALEN);
654 } else {
655 os_memcpy(lnkid->init_sta, peer->addr, ETH_ALEN);
656 os_memcpy(lnkid->resp_sta, sm->own_addr, ETH_ALEN);
657 }
658}
659
660
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]661int wpa_tdls_send_teardown(struct wpa_sm *sm, const u8 *addr, u16 reason_code)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]662{
663 struct wpa_tdls_peer *peer;
664 struct wpa_tdls_ftie *ftie;
665 struct wpa_tdls_lnkid lnkid;
666 u8 dialog_token;
667 u8 *rbuf, *pos;
668 int ielen;
669
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]670 if (sm->tdls_disabled || !sm->tdls_supported)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]671 return -1;
672
673 /* Find the node and free from the list */
674 for (peer = sm->tdls; peer; peer = peer->next) {
675 if (os_memcmp(peer->addr, addr, ETH_ALEN) == 0)
676 break;
677 }
678
679 if (peer == NULL) {
680 wpa_printf(MSG_INFO, "TDLS: No matching entry found for "
681 "Teardown " MACSTR, MAC2STR(addr));
682 return 0;
683 }
684
685 dialog_token = peer->dtoken;
686
687 wpa_printf(MSG_DEBUG, "TDLS: TDLS Teardown for " MACSTR,
688 MAC2STR(addr));
689
690 ielen = 0;
691 if (wpa_tdls_get_privacy(sm) && peer->tpk_set && peer->tpk_success) {
692 /* To add FTIE for Teardown request and compute MIC */
693 ielen += sizeof(*ftie);
694#ifdef CONFIG_TDLS_TESTING
695 if (tdls_testing & TDLS_TESTING_LONG_FRAME)
696 ielen += 170;
697#endif /* CONFIG_TDLS_TESTING */
698 }
699
700 rbuf = os_zalloc(ielen + 1);
701 if (rbuf == NULL)
702 return -1;
703 pos = rbuf;
704
Dmitry Shmidt51b6ea82013-05-08 10:42:09 -0700[diff] [blame]705 if (!wpa_tdls_get_privacy(sm) || !peer->tpk_set || !peer->tpk_success)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]706 goto skip_ies;
707
708 ftie = (struct wpa_tdls_ftie *) pos;
709 ftie->ie_type = WLAN_EID_FAST_BSS_TRANSITION;
710 /* Using the recent nonce which should be for CONFIRM frame */
711 os_memcpy(ftie->Anonce, peer->rnonce, WPA_NONCE_LEN);
712 os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
713 ftie->ie_len = sizeof(struct wpa_tdls_ftie) - 2;
714 pos = (u8 *) (ftie + 1);
715#ifdef CONFIG_TDLS_TESTING
716 if (tdls_testing & TDLS_TESTING_LONG_FRAME) {
717 wpa_printf(MSG_DEBUG, "TDLS: Testing - add extra subelem to "
718 "FTIE");
719 ftie->ie_len += 170;
720 *pos++ = 255; /* FTIE subelem */
721 *pos++ = 168; /* FTIE subelem length */
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]722 pos += 168;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]723 }
724#endif /* CONFIG_TDLS_TESTING */
725 wpa_hexdump(MSG_DEBUG, "TDLS: FTIE for TDLS Teardown handshake",
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]726 (u8 *) ftie, pos - (u8 *) ftie);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]727
728 /* compute MIC before sending */
729 wpa_tdls_linkid(sm, peer, &lnkid);
730 wpa_tdls_key_mic_teardown(peer->tpk.kck, 4, reason_code,
731 dialog_token, (u8 *) &lnkid, (u8 *) ftie,
732 ftie->mic);
733
734skip_ies:
735 /* TODO: register for a Timeout handler, if Teardown is not received at
736 * the other end, then try again another time */
737
738 /* request driver to send Teardown using this FTIE */
739 wpa_tdls_tpk_send(sm, addr, WLAN_TDLS_TEARDOWN, 0,
Dmitry Shmidt4b9d52f2013-02-05 17:44:43 -0800[diff] [blame]740 reason_code, rbuf, pos - rbuf);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]741 os_free(rbuf);
742
743 /* clear the Peerkey statemachine */
744 wpa_tdls_peer_free(sm, peer);
745
746 return 0;
747}
748
749
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]750int wpa_tdls_teardown_link(struct wpa_sm *sm, const u8 *addr, u16 reason_code)
751{
752 struct wpa_tdls_peer *peer;
753
754 if (sm->tdls_disabled || !sm->tdls_supported)
755 return -1;
756
757 for (peer = sm->tdls; peer; peer = peer->next) {
758 if (os_memcmp(peer->addr, addr, ETH_ALEN) == 0)
759 break;
760 }
761
762 if (peer == NULL) {
763 wpa_printf(MSG_DEBUG, "TDLS: Could not find peer " MACSTR
764 " for link Teardown", MAC2STR(addr));
765 return -1;
766 }
767
768 if (!peer->tpk_success) {
769 wpa_printf(MSG_DEBUG, "TDLS: Peer " MACSTR
770 " not connected - cannot Teardown link", MAC2STR(addr));
771 return -1;
772 }
773
Sunil Dutt6a9f5222013-09-30 17:10:18 +0300[diff] [blame]774 return wpa_tdls_do_teardown(sm, peer, reason_code);
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]775}
776
777
Sunil Dutt38ffd882013-09-30 17:23:23 +0300[diff] [blame]778static void wpa_tdls_disable_peer_link(struct wpa_sm *sm,
779 struct wpa_tdls_peer *peer)
780{
781 wpa_sm_tdls_oper(sm, TDLS_DISABLE_LINK, peer->addr);
782 wpa_tdls_peer_free(sm, peer);
783}
784
785
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]786void wpa_tdls_disable_link(struct wpa_sm *sm, const u8 *addr)
787{
788 struct wpa_tdls_peer *peer;
789
790 for (peer = sm->tdls; peer; peer = peer->next) {
791 if (os_memcmp(peer->addr, addr, ETH_ALEN) == 0)
792 break;
793 }
794
Sunil Dutt38ffd882013-09-30 17:23:23 +0300[diff] [blame]795 if (peer)
796 wpa_tdls_disable_peer_link(sm, peer);
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]797}
798
799
Dmitry Shmidte0e48dc2013-11-18 12:00:06 -0800[diff] [blame]800const char * wpa_tdls_get_link_status(struct wpa_sm *sm, const u8 *addr)
801{
802 struct wpa_tdls_peer *peer;
803
804 if (sm->tdls_disabled || !sm->tdls_supported)
805 return "disabled";
806
807 for (peer = sm->tdls; peer; peer = peer->next) {
808 if (os_memcmp(peer->addr, addr, ETH_ALEN) == 0)
809 break;
810 }
811
812 if (peer == NULL)
813 return "peer does not exist";
814
815 if (!peer->tpk_success)
816 return "peer not connected";
817
818 return "connected";
819}
820
821
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]822static int wpa_tdls_recv_teardown(struct wpa_sm *sm, const u8 *src_addr,
823 const u8 *buf, size_t len)
824{
825 struct wpa_tdls_peer *peer = NULL;
826 struct wpa_tdls_ftie *ftie;
827 struct wpa_tdls_lnkid *lnkid;
828 struct wpa_eapol_ie_parse kde;
829 u16 reason_code;
830 const u8 *pos;
831 int ielen;
832
833 /* Find the node and free from the list */
834 for (peer = sm->tdls; peer; peer = peer->next) {
835 if (os_memcmp(peer->addr, src_addr, ETH_ALEN) == 0)
836 break;
837 }
838
839 if (peer == NULL) {
840 wpa_printf(MSG_INFO, "TDLS: No matching entry found for "
841 "Teardown " MACSTR, MAC2STR(src_addr));
842 return 0;
843 }
844
845 pos = buf;
846 pos += 1 /* pkt_type */ + 1 /* Category */ + 1 /* Action */;
847
848 reason_code = WPA_GET_LE16(pos);
849 pos += 2;
850
851 wpa_printf(MSG_DEBUG, "TDLS: TDLS Teardown Request from " MACSTR
852 " (reason code %u)", MAC2STR(src_addr), reason_code);
853
854 ielen = len - (pos - buf); /* start of IE in buf */
855 if (wpa_supplicant_parse_ies((const u8 *) pos, ielen, &kde) < 0) {
856 wpa_printf(MSG_INFO, "TDLS: Failed to parse IEs in Teardown");
857 return -1;
858 }
859
860 if (kde.lnkid == NULL || kde.lnkid_len < 3 * ETH_ALEN) {
861 wpa_printf(MSG_INFO, "TDLS: No Link Identifier IE in TDLS "
862 "Teardown");
863 return -1;
864 }
865 lnkid = (struct wpa_tdls_lnkid *) kde.lnkid;
866
867 if (!wpa_tdls_get_privacy(sm) || !peer->tpk_set || !peer->tpk_success)
868 goto skip_ftie;
869
870 if (kde.ftie == NULL || kde.ftie_len < sizeof(*ftie)) {
871 wpa_printf(MSG_INFO, "TDLS: No FTIE in TDLS Teardown");
872 return -1;
873 }
874
875 ftie = (struct wpa_tdls_ftie *) kde.ftie;
876
877 /* Process MIC check to see if TDLS Teardown is right */
878 if (wpa_supplicant_verify_tdls_mic_teardown(4, reason_code,
879 peer->dtoken, peer,
880 (u8 *) lnkid, ftie) < 0) {
881 wpa_printf(MSG_DEBUG, "TDLS: MIC failure for TDLS "
882 "Teardown Request from " MACSTR, MAC2STR(src_addr));
883 return -1;
884 }
885
886skip_ftie:
887 /*
888 * Request the driver to disable the direct link and clear associated
889 * keys.
890 */
Sunil Dutt38ffd882013-09-30 17:23:23 +0300[diff] [blame]891 wpa_tdls_disable_peer_link(sm, peer);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]892 return 0;
893}
894
895
896/**
897 * wpa_tdls_send_error - To send suitable TDLS status response with
898 * appropriate status code mentioning reason for error/failure.
899 * @dst - MAC addr of Peer station
900 * @tdls_action - TDLS frame type for which error code is sent
901 * @status - status code mentioning reason
902 */
903
904static int wpa_tdls_send_error(struct wpa_sm *sm, const u8 *dst,
905 u8 tdls_action, u8 dialog_token, u16 status)
906{
907 wpa_printf(MSG_DEBUG, "TDLS: Sending error to " MACSTR
908 " (action=%u status=%u)",
909 MAC2STR(dst), tdls_action, status);
910 return wpa_tdls_tpk_send(sm, dst, tdls_action, dialog_token, status,
911 NULL, 0);
912}
913
914
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]915static struct wpa_tdls_peer *
Dmitry Shmidt4b9d52f2013-02-05 17:44:43 -0800[diff] [blame]916wpa_tdls_add_peer(struct wpa_sm *sm, const u8 *addr, int *existing)
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]917{
918 struct wpa_tdls_peer *peer;
919
Dmitry Shmidt4b9d52f2013-02-05 17:44:43 -0800[diff] [blame]920 if (existing)
921 *existing = 0;
922 for (peer = sm->tdls; peer; peer = peer->next) {
923 if (os_memcmp(peer->addr, addr, ETH_ALEN) == 0) {
924 if (existing)
925 *existing = 1;
926 return peer; /* re-use existing entry */
927 }
928 }
929
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]930 wpa_printf(MSG_INFO, "TDLS: Creating peer entry for " MACSTR,
931 MAC2STR(addr));
932
933 peer = os_zalloc(sizeof(*peer));
934 if (peer == NULL)
935 return NULL;
936
937 os_memcpy(peer->addr, addr, ETH_ALEN);
938 peer->next = sm->tdls;
939 sm->tdls = peer;
940
941 return peer;
942}
943
944
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]945static int wpa_tdls_send_tpk_m1(struct wpa_sm *sm,
946 struct wpa_tdls_peer *peer)
947{
948 size_t buf_len;
949 struct wpa_tdls_timeoutie timeoutie;
950 u16 rsn_capab;
951 struct wpa_tdls_ftie *ftie;
952 u8 *rbuf, *pos, *count_pos;
953 u16 count;
954 struct rsn_ie_hdr *hdr;
Dmitry Shmidtd5c075b2013-08-05 14:36:10 -0700[diff] [blame]955 int status;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]956
957 if (!wpa_tdls_get_privacy(sm)) {
958 wpa_printf(MSG_DEBUG, "TDLS: No security used on the link");
959 peer->rsnie_i_len = 0;
960 goto skip_rsnie;
961 }
962
963 /*
964 * TPK Handshake Message 1:
965 * FTIE: ANonce=0, SNonce=initiator nonce MIC=0, DataKDs=(RSNIE_I,
966 * Timeout Interval IE))
967 */
968
969 /* Filling RSN IE */
970 hdr = (struct rsn_ie_hdr *) peer->rsnie_i;
971 hdr->elem_id = WLAN_EID_RSN;
972 WPA_PUT_LE16(hdr->version, RSN_VERSION);
973
974 pos = (u8 *) (hdr + 1);
975 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_NO_GROUP_ADDRESSED);
976 pos += RSN_SELECTOR_LEN;
977 count_pos = pos;
978 pos += 2;
979
980 count = 0;
981
982 /*
983 * AES-CCMP is the default Encryption preferred for TDLS, so
984 * RSN IE is filled only with CCMP CIPHER
985 * Note: TKIP is not used to encrypt TDLS link.
986 *
987 * Regardless of the cipher used on the AP connection, select CCMP
988 * here.
989 */
990 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
991 pos += RSN_SELECTOR_LEN;
992 count++;
993
994 WPA_PUT_LE16(count_pos, count);
995
996 WPA_PUT_LE16(pos, 1);
997 pos += 2;
998 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_TPK_HANDSHAKE);
999 pos += RSN_SELECTOR_LEN;
1000
1001 rsn_capab = WPA_CAPABILITY_PEERKEY_ENABLED;
1002 rsn_capab |= RSN_NUM_REPLAY_COUNTERS_16 << 2;
1003#ifdef CONFIG_TDLS_TESTING
1004 if (tdls_testing & TDLS_TESTING_ALT_RSN_IE) {
1005 wpa_printf(MSG_DEBUG, "TDLS: Use alternative RSN IE for "
1006 "testing");
1007 rsn_capab = WPA_CAPABILITY_PEERKEY_ENABLED;
1008 }
1009#endif /* CONFIG_TDLS_TESTING */
1010 WPA_PUT_LE16(pos, rsn_capab);
1011 pos += 2;
1012#ifdef CONFIG_TDLS_TESTING
1013 if (tdls_testing & TDLS_TESTING_ALT_RSN_IE) {
1014 /* Number of PMKIDs */
1015 *pos++ = 0x00;
1016 *pos++ = 0x00;
1017 }
1018#endif /* CONFIG_TDLS_TESTING */
1019
1020 hdr->len = (pos - peer->rsnie_i) - 2;
1021 peer->rsnie_i_len = pos - peer->rsnie_i;
1022 wpa_hexdump(MSG_DEBUG, "TDLS: RSN IE for TPK handshake",
1023 peer->rsnie_i, peer->rsnie_i_len);
1024
1025skip_rsnie:
1026 buf_len = 0;
1027 if (wpa_tdls_get_privacy(sm))
1028 buf_len += peer->rsnie_i_len + sizeof(struct wpa_tdls_ftie) +
1029 sizeof(struct wpa_tdls_timeoutie);
1030#ifdef CONFIG_TDLS_TESTING
1031 if (wpa_tdls_get_privacy(sm) &&
1032 (tdls_testing & TDLS_TESTING_LONG_FRAME))
1033 buf_len += 170;
1034 if (tdls_testing & TDLS_TESTING_DIFF_BSSID)
1035 buf_len += sizeof(struct wpa_tdls_lnkid);
1036#endif /* CONFIG_TDLS_TESTING */
1037 rbuf = os_zalloc(buf_len + 1);
1038 if (rbuf == NULL) {
1039 wpa_tdls_peer_free(sm, peer);
1040 return -1;
1041 }
1042 pos = rbuf;
1043
1044 if (!wpa_tdls_get_privacy(sm))
1045 goto skip_ies;
1046
1047 /* Initiator RSN IE */
1048 pos = wpa_add_ie(pos, peer->rsnie_i, peer->rsnie_i_len);
1049
1050 ftie = (struct wpa_tdls_ftie *) pos;
1051 ftie->ie_type = WLAN_EID_FAST_BSS_TRANSITION;
1052 ftie->ie_len = sizeof(struct wpa_tdls_ftie) - 2;
1053
1054 if (os_get_random(peer->inonce, WPA_NONCE_LEN)) {
1055 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1056 "TDLS: Failed to get random data for initiator Nonce");
1057 os_free(rbuf);
1058 wpa_tdls_peer_free(sm, peer);
1059 return -1;
1060 }
1061 wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake",
1062 peer->inonce, WPA_NONCE_LEN);
1063 os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
1064
1065 wpa_hexdump(MSG_DEBUG, "TDLS: FTIE for TPK Handshake M1",
1066 (u8 *) ftie, sizeof(struct wpa_tdls_ftie));
1067
1068 pos = (u8 *) (ftie + 1);
1069
1070#ifdef CONFIG_TDLS_TESTING
1071 if (tdls_testing & TDLS_TESTING_LONG_FRAME) {
1072 wpa_printf(MSG_DEBUG, "TDLS: Testing - add extra subelem to "
1073 "FTIE");
1074 ftie->ie_len += 170;
1075 *pos++ = 255; /* FTIE subelem */
1076 *pos++ = 168; /* FTIE subelem length */
1077 pos += 168;
1078 }
1079#endif /* CONFIG_TDLS_TESTING */
1080
1081 /* Lifetime */
1082 peer->lifetime = TPK_LIFETIME;
1083#ifdef CONFIG_TDLS_TESTING
1084 if (tdls_testing & TDLS_TESTING_SHORT_LIFETIME) {
1085 wpa_printf(MSG_DEBUG, "TDLS: Testing - use short TPK "
1086 "lifetime");
1087 peer->lifetime = 301;
1088 }
1089 if (tdls_testing & TDLS_TESTING_LONG_LIFETIME) {
1090 wpa_printf(MSG_DEBUG, "TDLS: Testing - use long TPK "
1091 "lifetime");
1092 peer->lifetime = 0xffffffff;
1093 }
1094#endif /* CONFIG_TDLS_TESTING */
1095 pos = wpa_add_tdls_timeoutie(pos, (u8 *) &timeoutie,
1096 sizeof(timeoutie), peer->lifetime);
1097 wpa_printf(MSG_DEBUG, "TDLS: TPK lifetime %u seconds", peer->lifetime);
1098
1099skip_ies:
1100
1101#ifdef CONFIG_TDLS_TESTING
1102 if (tdls_testing & TDLS_TESTING_DIFF_BSSID) {
1103 wpa_printf(MSG_DEBUG, "TDLS: Testing - use incorrect BSSID in "
1104 "Link Identifier");
1105 struct wpa_tdls_lnkid *l = (struct wpa_tdls_lnkid *) pos;
1106 wpa_tdls_linkid(sm, peer, l);
1107 l->bssid[5] ^= 0x01;
1108 pos += sizeof(*l);
1109 }
1110#endif /* CONFIG_TDLS_TESTING */
1111
1112 wpa_printf(MSG_DEBUG, "TDLS: Sending TDLS Setup Request / TPK "
1113 "Handshake Message 1 (peer " MACSTR ")",
1114 MAC2STR(peer->addr));
1115
Dmitry Shmidtd5c075b2013-08-05 14:36:10 -0700[diff] [blame]1116 status = wpa_tdls_tpk_send(sm, peer->addr, WLAN_TDLS_SETUP_REQUEST,
1117 1, 0, rbuf, pos - rbuf);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1118 os_free(rbuf);
1119
Dmitry Shmidtd5c075b2013-08-05 14:36:10 -0700[diff] [blame]1120 return status;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1121}
1122
1123
1124static int wpa_tdls_send_tpk_m2(struct wpa_sm *sm,
1125 const unsigned char *src_addr, u8 dtoken,
1126 struct wpa_tdls_lnkid *lnkid,
1127 const struct wpa_tdls_peer *peer)
1128{
1129 u8 *rbuf, *pos;
1130 size_t buf_len;
1131 u32 lifetime;
1132 struct wpa_tdls_timeoutie timeoutie;
1133 struct wpa_tdls_ftie *ftie;
Dmitry Shmidtd5c075b2013-08-05 14:36:10 -0700[diff] [blame]1134 int status;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1135
1136 buf_len = 0;
1137 if (wpa_tdls_get_privacy(sm)) {
1138 /* Peer RSN IE, FTIE(Initiator Nonce, Responder Nonce),
1139 * Lifetime */
1140 buf_len += peer->rsnie_i_len + sizeof(struct wpa_tdls_ftie) +
1141 sizeof(struct wpa_tdls_timeoutie);
1142#ifdef CONFIG_TDLS_TESTING
1143 if (tdls_testing & TDLS_TESTING_LONG_FRAME)
1144 buf_len += 170;
1145#endif /* CONFIG_TDLS_TESTING */
1146 }
1147
1148 rbuf = os_zalloc(buf_len + 1);
1149 if (rbuf == NULL)
1150 return -1;
1151 pos = rbuf;
1152
1153 if (!wpa_tdls_get_privacy(sm))
1154 goto skip_ies;
1155
1156 /* Peer RSN IE */
1157 pos = wpa_add_ie(pos, peer->rsnie_p, peer->rsnie_p_len);
1158
1159 ftie = (struct wpa_tdls_ftie *) pos;
1160 ftie->ie_type = WLAN_EID_FAST_BSS_TRANSITION;
1161 /* TODO: ftie->mic_control to set 2-RESPONSE */
1162 os_memcpy(ftie->Anonce, peer->rnonce, WPA_NONCE_LEN);
1163 os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
1164 ftie->ie_len = sizeof(struct wpa_tdls_ftie) - 2;
1165 wpa_hexdump(MSG_DEBUG, "TDLS: FTIE for TPK M2",
1166 (u8 *) ftie, sizeof(*ftie));
1167
1168 pos = (u8 *) (ftie + 1);
1169
1170#ifdef CONFIG_TDLS_TESTING
1171 if (tdls_testing & TDLS_TESTING_LONG_FRAME) {
1172 wpa_printf(MSG_DEBUG, "TDLS: Testing - add extra subelem to "
1173 "FTIE");
1174 ftie->ie_len += 170;
1175 *pos++ = 255; /* FTIE subelem */
1176 *pos++ = 168; /* FTIE subelem length */
1177 pos += 168;
1178 }
1179#endif /* CONFIG_TDLS_TESTING */
1180
1181 /* Lifetime */
1182 lifetime = peer->lifetime;
1183#ifdef CONFIG_TDLS_TESTING
1184 if (tdls_testing & TDLS_TESTING_WRONG_LIFETIME_RESP) {
1185 wpa_printf(MSG_DEBUG, "TDLS: Testing - use wrong TPK "
1186 "lifetime in response");
1187 lifetime++;
1188 }
1189#endif /* CONFIG_TDLS_TESTING */
1190 pos = wpa_add_tdls_timeoutie(pos, (u8 *) &timeoutie,
1191 sizeof(timeoutie), lifetime);
1192 wpa_printf(MSG_DEBUG, "TDLS: TPK lifetime %u seconds from initiator",
1193 lifetime);
1194
1195 /* compute MIC before sending */
1196 wpa_tdls_ftie_mic(peer->tpk.kck, 2, (u8 *) lnkid, peer->rsnie_p,
1197 (u8 *) &timeoutie, (u8 *) ftie, ftie->mic);
1198
1199skip_ies:
Dmitry Shmidtd5c075b2013-08-05 14:36:10 -0700[diff] [blame]1200 status = wpa_tdls_tpk_send(sm, src_addr, WLAN_TDLS_SETUP_RESPONSE,
1201 dtoken, 0, rbuf, pos - rbuf);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1202 os_free(rbuf);
1203
Dmitry Shmidtd5c075b2013-08-05 14:36:10 -0700[diff] [blame]1204 return status;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1205}
1206
1207
1208static int wpa_tdls_send_tpk_m3(struct wpa_sm *sm,
1209 const unsigned char *src_addr, u8 dtoken,
1210 struct wpa_tdls_lnkid *lnkid,
1211 const struct wpa_tdls_peer *peer)
1212{
1213 u8 *rbuf, *pos;
1214 size_t buf_len;
1215 struct wpa_tdls_ftie *ftie;
1216 struct wpa_tdls_timeoutie timeoutie;
1217 u32 lifetime;
Dmitry Shmidtd5c075b2013-08-05 14:36:10 -0700[diff] [blame]1218 int status;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1219
1220 buf_len = 0;
1221 if (wpa_tdls_get_privacy(sm)) {
1222 /* Peer RSN IE, FTIE(Initiator Nonce, Responder Nonce),
1223 * Lifetime */
1224 buf_len += peer->rsnie_i_len + sizeof(struct wpa_tdls_ftie) +
1225 sizeof(struct wpa_tdls_timeoutie);
1226#ifdef CONFIG_TDLS_TESTING
1227 if (tdls_testing & TDLS_TESTING_LONG_FRAME)
1228 buf_len += 170;
1229#endif /* CONFIG_TDLS_TESTING */
1230 }
1231
1232 rbuf = os_zalloc(buf_len + 1);
1233 if (rbuf == NULL)
1234 return -1;
1235 pos = rbuf;
1236
1237 if (!wpa_tdls_get_privacy(sm))
1238 goto skip_ies;
1239
1240 /* Peer RSN IE */
1241 pos = wpa_add_ie(pos, peer->rsnie_p, peer->rsnie_p_len);
1242
1243 ftie = (struct wpa_tdls_ftie *) pos;
1244 ftie->ie_type = WLAN_EID_FAST_BSS_TRANSITION;
1245 /*TODO: ftie->mic_control to set 3-CONFIRM */
1246 os_memcpy(ftie->Anonce, peer->rnonce, WPA_NONCE_LEN);
1247 os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
1248 ftie->ie_len = sizeof(struct wpa_tdls_ftie) - 2;
1249
1250 pos = (u8 *) (ftie + 1);
1251
1252#ifdef CONFIG_TDLS_TESTING
1253 if (tdls_testing & TDLS_TESTING_LONG_FRAME) {
1254 wpa_printf(MSG_DEBUG, "TDLS: Testing - add extra subelem to "
1255 "FTIE");
1256 ftie->ie_len += 170;
1257 *pos++ = 255; /* FTIE subelem */
1258 *pos++ = 168; /* FTIE subelem length */
1259 pos += 168;
1260 }
1261#endif /* CONFIG_TDLS_TESTING */
1262
1263 /* Lifetime */
1264 lifetime = peer->lifetime;
1265#ifdef CONFIG_TDLS_TESTING
1266 if (tdls_testing & TDLS_TESTING_WRONG_LIFETIME_CONF) {
1267 wpa_printf(MSG_DEBUG, "TDLS: Testing - use wrong TPK "
1268 "lifetime in confirm");
1269 lifetime++;
1270 }
1271#endif /* CONFIG_TDLS_TESTING */
1272 pos = wpa_add_tdls_timeoutie(pos, (u8 *) &timeoutie,
1273 sizeof(timeoutie), lifetime);
1274 wpa_printf(MSG_DEBUG, "TDLS: TPK lifetime %u seconds",
1275 lifetime);
1276
1277 /* compute MIC before sending */
1278 wpa_tdls_ftie_mic(peer->tpk.kck, 3, (u8 *) lnkid, peer->rsnie_p,
1279 (u8 *) &timeoutie, (u8 *) ftie, ftie->mic);
1280
1281skip_ies:
Dmitry Shmidtd5c075b2013-08-05 14:36:10 -0700[diff] [blame]1282 status = wpa_tdls_tpk_send(sm, src_addr, WLAN_TDLS_SETUP_CONFIRM,
1283 dtoken, 0, rbuf, pos - rbuf);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1284 os_free(rbuf);
1285
Dmitry Shmidtd5c075b2013-08-05 14:36:10 -0700[diff] [blame]1286 return status;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1287}
1288
1289
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]1290static int wpa_tdls_send_discovery_response(struct wpa_sm *sm,
1291 struct wpa_tdls_peer *peer,
1292 u8 dialog_token)
1293{
1294 wpa_printf(MSG_DEBUG, "TDLS: Sending TDLS Discovery Response "
1295 "(peer " MACSTR ")", MAC2STR(peer->addr));
1296
1297 return wpa_tdls_tpk_send(sm, peer->addr, WLAN_TDLS_DISCOVERY_RESPONSE,
1298 dialog_token, 0, NULL, 0);
1299}
1300
1301
1302static int
1303wpa_tdls_process_discovery_request(struct wpa_sm *sm, const u8 *addr,
1304 const u8 *buf, size_t len)
1305{
1306 struct wpa_eapol_ie_parse kde;
1307 const struct wpa_tdls_lnkid *lnkid;
1308 struct wpa_tdls_peer *peer;
1309 size_t min_req_len = sizeof(struct wpa_tdls_frame) +
1310 1 /* dialog token */ + sizeof(struct wpa_tdls_lnkid);
1311 u8 dialog_token;
1312
1313 wpa_printf(MSG_DEBUG, "TDLS: Discovery Request from " MACSTR,
1314 MAC2STR(addr));
1315
1316 if (len < min_req_len) {
1317 wpa_printf(MSG_DEBUG, "TDLS Discovery Request is too short: "
1318 "%d", (int) len);
1319 return -1;
1320 }
1321
1322 dialog_token = buf[sizeof(struct wpa_tdls_frame)];
1323
1324 if (wpa_supplicant_parse_ies(buf + sizeof(struct wpa_tdls_frame) + 1,
1325 len - (sizeof(struct wpa_tdls_frame) + 1),
1326 &kde) < 0)
1327 return -1;
1328
1329 if (!kde.lnkid) {
1330 wpa_printf(MSG_DEBUG, "TDLS: Link ID not found in Discovery "
1331 "Request");
1332 return -1;
1333 }
1334
1335 lnkid = (const struct wpa_tdls_lnkid *) kde.lnkid;
1336
1337 if (os_memcmp(sm->bssid, lnkid->bssid, ETH_ALEN) != 0) {
1338 wpa_printf(MSG_DEBUG, "TDLS: Discovery Request from different "
1339 " BSS " MACSTR, MAC2STR(lnkid->bssid));
1340 return -1;
1341 }
1342
Dmitry Shmidt4b9d52f2013-02-05 17:44:43 -0800[diff] [blame]1343 peer = wpa_tdls_add_peer(sm, addr, NULL);
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]1344 if (peer == NULL)
1345 return -1;
1346
1347 return wpa_tdls_send_discovery_response(sm, peer, dialog_token);
1348}
1349
1350
1351int wpa_tdls_send_discovery_request(struct wpa_sm *sm, const u8 *addr)
1352{
1353 if (sm->tdls_disabled || !sm->tdls_supported)
1354 return -1;
1355
1356 wpa_printf(MSG_DEBUG, "TDLS: Sending Discovery Request to peer "
1357 MACSTR, MAC2STR(addr));
1358 return wpa_tdls_tpk_send(sm, addr, WLAN_TDLS_DISCOVERY_REQUEST,
1359 1, 0, NULL, 0);
1360}
1361
1362
1363static int copy_supp_rates(const struct wpa_eapol_ie_parse *kde,
1364 struct wpa_tdls_peer *peer)
1365{
1366 if (!kde->supp_rates) {
1367 wpa_printf(MSG_DEBUG, "TDLS: No supported rates received");
1368 return -1;
1369 }
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]1370 peer->supp_rates_len = merge_byte_arrays(
1371 peer->supp_rates, sizeof(peer->supp_rates),
1372 kde->supp_rates + 2, kde->supp_rates_len - 2,
Dmitry Shmidt34af3062013-07-11 10:46:32 -0700[diff] [blame]1373 kde->ext_supp_rates ? kde->ext_supp_rates + 2 : NULL,
1374 kde->ext_supp_rates_len - 2);
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]1375 return 0;
1376}
1377
1378
Dmitry Shmidtf8623282013-02-20 14:34:59 -0800[diff] [blame]1379static int copy_peer_ht_capab(const struct wpa_eapol_ie_parse *kde,
1380 struct wpa_tdls_peer *peer)
1381{
1382 if (!kde->ht_capabilities ||
1383 kde->ht_capabilities_len <
1384 sizeof(struct ieee80211_ht_capabilities) ) {
1385 wpa_printf(MSG_DEBUG, "TDLS: No supported ht capabilities "
1386 "received");
1387 return 0;
1388 }
1389
1390 if (!peer->ht_capabilities) {
1391 peer->ht_capabilities =
1392 os_zalloc(sizeof(struct ieee80211_ht_capabilities));
1393 if (peer->ht_capabilities == NULL)
1394 return -1;
1395 }
1396
1397 os_memcpy(peer->ht_capabilities, kde->ht_capabilities,
1398 sizeof(struct ieee80211_ht_capabilities));
1399 wpa_hexdump(MSG_DEBUG, "TDLS: Peer HT capabilities",
1400 (u8 *) peer->ht_capabilities,
1401 sizeof(struct ieee80211_ht_capabilities));
1402
1403 return 0;
1404}
1405
1406
Dmitry Shmidt33e38bf2013-02-27 12:56:00 -0800[diff] [blame]1407static int copy_peer_vht_capab(const struct wpa_eapol_ie_parse *kde,
1408 struct wpa_tdls_peer *peer)
1409{
1410 if (!kde->vht_capabilities ||
1411 kde->vht_capabilities_len <
1412 sizeof(struct ieee80211_vht_capabilities) ) {
1413 wpa_printf(MSG_DEBUG, "TDLS: No supported vht capabilities "
1414 "received");
1415 return 0;
1416 }
1417
1418 if (!peer->vht_capabilities) {
1419 peer->vht_capabilities =
1420 os_zalloc(sizeof(struct ieee80211_vht_capabilities));
1421 if (peer->vht_capabilities == NULL)
1422 return -1;
1423 }
1424
1425 os_memcpy(peer->vht_capabilities, kde->vht_capabilities,
1426 sizeof(struct ieee80211_vht_capabilities));
1427 wpa_hexdump(MSG_DEBUG, "TDLS: Peer VHT capabilities",
1428 (u8 *) peer->vht_capabilities,
1429 sizeof(struct ieee80211_vht_capabilities));
1430
1431 return 0;
1432}
1433
1434
Dmitry Shmidtf8623282013-02-20 14:34:59 -0800[diff] [blame]1435static int copy_peer_ext_capab(const struct wpa_eapol_ie_parse *kde,
1436 struct wpa_tdls_peer *peer)
1437{
1438 if (!kde->ext_capab) {
1439 wpa_printf(MSG_DEBUG, "TDLS: No extended capabilities "
1440 "received");
1441 return 0;
1442 }
1443
1444 if (!peer->ext_capab || peer->ext_capab_len < kde->ext_capab_len - 2) {
1445 /* Need to allocate buffer to fit the new information */
1446 os_free(peer->ext_capab);
1447 peer->ext_capab = os_zalloc(kde->ext_capab_len - 2);
1448 if (peer->ext_capab == NULL)
1449 return -1;
1450 }
1451
1452 peer->ext_capab_len = kde->ext_capab_len - 2;
1453 os_memcpy(peer->ext_capab, kde->ext_capab + 2, peer->ext_capab_len);
1454
1455 return 0;
1456}
1457
1458
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1459static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr,
1460 const u8 *buf, size_t len)
1461{
1462 struct wpa_tdls_peer *peer;
1463 struct wpa_eapol_ie_parse kde;
1464 struct wpa_ie_data ie;
1465 int cipher;
1466 const u8 *cpos;
1467 struct wpa_tdls_ftie *ftie = NULL;
1468 struct wpa_tdls_timeoutie *timeoutie;
1469 struct wpa_tdls_lnkid *lnkid;
1470 u32 lifetime = 0;
1471#if 0
1472 struct rsn_ie_hdr *hdr;
1473 u8 *pos;
1474 u16 rsn_capab;
1475 u16 rsn_ver;
1476#endif
1477 u8 dtoken;
1478 u16 ielen;
1479 u16 status = WLAN_STATUS_UNSPECIFIED_FAILURE;
1480 int tdls_prohibited = sm->tdls_prohibited;
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]1481 int existing_peer = 0;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1482
1483 if (len < 3 + 3)
1484 return -1;
1485
1486 cpos = buf;
1487 cpos += 1 /* pkt_type */ + 1 /* Category */ + 1 /* Action */;
1488
1489 /* driver had already verified the frame format */
1490 dtoken = *cpos++; /* dialog token */
1491
1492 wpa_printf(MSG_INFO, "TDLS: Dialog Token in TPK M1 %d", dtoken);
1493
Dmitry Shmidt4b9d52f2013-02-05 17:44:43 -0800[diff] [blame]1494 peer = wpa_tdls_add_peer(sm, src_addr, &existing_peer);
1495 if (peer == NULL)
1496 goto error;
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]1497
Dmitry Shmidt0ccb66e2013-03-29 16:41:28 -0700[diff] [blame]1498 /* If found, use existing entry instead of adding a new one;
1499 * how to handle the case where both ends initiate at the
1500 * same time? */
1501 if (existing_peer) {
1502 if (peer->tpk_success) {
1503 wpa_printf(MSG_DEBUG, "TDLS: TDLS Setup Request while "
1504 "direct link is enabled - tear down the "
1505 "old link first");
Sunil Dutt8b43e822013-09-30 17:36:26 +0300[diff] [blame]1506 wpa_tdls_disable_peer_link(sm, peer);
Dmitry Shmidt0ccb66e2013-03-29 16:41:28 -0700[diff] [blame]1507 }
1508
1509 /*
1510 * An entry is already present, so check if we already sent a
1511 * TDLS Setup Request. If so, compare MAC addresses and let the
1512 * STA with the lower MAC address continue as the initiator.
1513 * The other negotiation is terminated.
1514 */
1515 if (peer->initiator) {
1516 if (os_memcmp(sm->own_addr, src_addr, ETH_ALEN) < 0) {
1517 wpa_printf(MSG_DEBUG, "TDLS: Discard request "
1518 "from peer with higher address "
1519 MACSTR, MAC2STR(src_addr));
1520 return -1;
1521 } else {
1522 wpa_printf(MSG_DEBUG, "TDLS: Accept request "
1523 "from peer with lower address "
1524 MACSTR " (terminate previously "
1525 "initiated negotiation",
1526 MAC2STR(src_addr));
Sunil Dutt8b43e822013-09-30 17:36:26 +0300[diff] [blame]1527 wpa_tdls_disable_peer_link(sm, peer);
Dmitry Shmidt0ccb66e2013-03-29 16:41:28 -0700[diff] [blame]1528 }
1529 }
1530 }
1531
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]1532 /* capability information */
1533 peer->capability = WPA_GET_LE16(cpos);
1534 cpos += 2;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1535
1536 ielen = len - (cpos - buf); /* start of IE in buf */
1537 if (wpa_supplicant_parse_ies(cpos, ielen, &kde) < 0) {
1538 wpa_printf(MSG_INFO, "TDLS: Failed to parse IEs in TPK M1");
1539 goto error;
1540 }
1541
1542 if (kde.lnkid == NULL || kde.lnkid_len < 3 * ETH_ALEN) {
1543 wpa_printf(MSG_INFO, "TDLS: No valid Link Identifier IE in "
1544 "TPK M1");
1545 goto error;
1546 }
1547 wpa_hexdump(MSG_DEBUG, "TDLS: Link ID Received from TPK M1",
1548 kde.lnkid, kde.lnkid_len);
1549 lnkid = (struct wpa_tdls_lnkid *) kde.lnkid;
1550 if (os_memcmp(sm->bssid, lnkid->bssid, ETH_ALEN) != 0) {
1551 wpa_printf(MSG_INFO, "TDLS: TPK M1 from diff BSS");
1552 status = WLAN_STATUS_NOT_IN_SAME_BSS;
1553 goto error;
1554 }
1555
1556 wpa_printf(MSG_DEBUG, "TDLS: TPK M1 - TPK initiator " MACSTR,
1557 MAC2STR(src_addr));
1558
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]1559 if (copy_supp_rates(&kde, peer) < 0)
1560 goto error;
1561
Dmitry Shmidtf8623282013-02-20 14:34:59 -0800[diff] [blame]1562 if (copy_peer_ht_capab(&kde, peer) < 0)
1563 goto error;
1564
Dmitry Shmidt33e38bf2013-02-27 12:56:00 -0800[diff] [blame]1565 if (copy_peer_vht_capab(&kde, peer) < 0)
1566 goto error;
1567
Dmitry Shmidtf8623282013-02-20 14:34:59 -0800[diff] [blame]1568 if (copy_peer_ext_capab(&kde, peer) < 0)
1569 goto error;
1570
1571 peer->qos_info = kde.qosinfo;
1572
Dmitry Shmidt51b6ea82013-05-08 10:42:09 -0700[diff] [blame]1573 peer->aid = kde.aid;
1574
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1575#ifdef CONFIG_TDLS_TESTING
1576 if (tdls_testing & TDLS_TESTING_CONCURRENT_INIT) {
Dmitry Shmidt4b9d52f2013-02-05 17:44:43 -0800[diff] [blame]1577 peer = wpa_tdls_add_peer(sm, src_addr, NULL);
1578 if (peer == NULL)
1579 goto error;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1580 wpa_printf(MSG_DEBUG, "TDLS: Testing concurrent initiation of "
1581 "TDLS setup - send own request");
1582 peer->initiator = 1;
1583 wpa_tdls_send_tpk_m1(sm, peer);
1584 }
1585
1586 if ((tdls_testing & TDLS_TESTING_IGNORE_AP_PROHIBIT) &&
1587 tdls_prohibited) {
1588 wpa_printf(MSG_DEBUG, "TDLS: Testing - ignore AP prohibition "
1589 "on TDLS");
1590 tdls_prohibited = 0;
1591 }
1592#endif /* CONFIG_TDLS_TESTING */
1593
1594 if (tdls_prohibited) {
1595 wpa_printf(MSG_INFO, "TDLS: TDLS prohibited in this BSS");
1596 status = WLAN_STATUS_REQUEST_DECLINED;
1597 goto error;
1598 }
1599
1600 if (!wpa_tdls_get_privacy(sm)) {
1601 if (kde.rsn_ie) {
1602 wpa_printf(MSG_INFO, "TDLS: RSN IE in TPK M1 while "
1603 "security is disabled");
1604 status = WLAN_STATUS_SECURITY_DISABLED;
1605 goto error;
1606 }
1607 goto skip_rsn;
1608 }
1609
1610 if (kde.ftie == NULL || kde.ftie_len < sizeof(*ftie) ||
1611 kde.rsn_ie == NULL) {
1612 wpa_printf(MSG_INFO, "TDLS: No FTIE or RSN IE in TPK M1");
1613 status = WLAN_STATUS_INVALID_PARAMETERS;
1614 goto error;
1615 }
1616
1617 if (kde.rsn_ie_len > TDLS_MAX_IE_LEN) {
1618 wpa_printf(MSG_INFO, "TDLS: Too long Initiator RSN IE in "
1619 "TPK M1");
1620 status = WLAN_STATUS_INVALID_RSNIE;
1621 goto error;
1622 }
1623
1624 if (wpa_parse_wpa_ie_rsn(kde.rsn_ie, kde.rsn_ie_len, &ie) < 0) {
1625 wpa_printf(MSG_INFO, "TDLS: Failed to parse RSN IE in TPK M1");
1626 status = WLAN_STATUS_INVALID_RSNIE;
1627 goto error;
1628 }
1629
1630 cipher = ie.pairwise_cipher;
1631 if (cipher & WPA_CIPHER_CCMP) {
1632 wpa_printf(MSG_DEBUG, "TDLS: Using CCMP for direct link");
1633 cipher = WPA_CIPHER_CCMP;
1634 } else {
1635 wpa_printf(MSG_INFO, "TDLS: No acceptable cipher in TPK M1");
1636 status = WLAN_STATUS_PAIRWISE_CIPHER_NOT_VALID;
1637 goto error;
1638 }
1639
1640 if ((ie.capabilities &
1641 (WPA_CAPABILITY_NO_PAIRWISE | WPA_CAPABILITY_PEERKEY_ENABLED)) !=
1642 WPA_CAPABILITY_PEERKEY_ENABLED) {
1643 wpa_printf(MSG_INFO, "TDLS: Invalid RSN Capabilities in "
1644 "TPK M1");
1645 status = WLAN_STATUS_INVALID_RSN_IE_CAPAB;
1646 goto error;
1647 }
1648
1649 /* Lifetime */
1650 if (kde.key_lifetime == NULL) {
1651 wpa_printf(MSG_INFO, "TDLS: No Key Lifetime IE in TPK M1");
1652 status = WLAN_STATUS_UNACCEPTABLE_LIFETIME;
1653 goto error;
1654 }
1655 timeoutie = (struct wpa_tdls_timeoutie *) kde.key_lifetime;
1656 lifetime = WPA_GET_LE32(timeoutie->value);
1657 wpa_printf(MSG_DEBUG, "TDLS: TPK lifetime %u seconds", lifetime);
1658 if (lifetime < 300) {
1659 wpa_printf(MSG_INFO, "TDLS: Too short TPK lifetime");
1660 status = WLAN_STATUS_UNACCEPTABLE_LIFETIME;
1661 goto error;
1662 }
1663
1664skip_rsn:
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]1665#ifdef CONFIG_TDLS_TESTING
1666 if (tdls_testing & TDLS_TESTING_CONCURRENT_INIT) {
1667 if (os_memcmp(sm->own_addr, peer->addr, ETH_ALEN) < 0) {
1668 /*
1669 * The request frame from us is going to win, so do not
1670 * replace information based on this request frame from
1671 * the peer.
1672 */
1673 goto skip_rsn_check;
1674 }
1675 }
1676#endif /* CONFIG_TDLS_TESTING */
1677
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1678 peer->initiator = 0; /* Need to check */
1679 peer->dtoken = dtoken;
1680
1681 if (!wpa_tdls_get_privacy(sm)) {
1682 peer->rsnie_i_len = 0;
1683 peer->rsnie_p_len = 0;
1684 peer->cipher = WPA_CIPHER_NONE;
1685 goto skip_rsn_check;
1686 }
1687
1688 ftie = (struct wpa_tdls_ftie *) kde.ftie;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1689 os_memcpy(peer->rsnie_i, kde.rsn_ie, kde.rsn_ie_len);
1690 peer->rsnie_i_len = kde.rsn_ie_len;
1691 peer->cipher = cipher;
1692
Sunil Dutt61024722013-09-15 12:09:40 -0700[diff] [blame]1693 if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) {
1694 /*
1695 * There is no point in updating the RNonce for every obtained
1696 * TPK M1 frame (e.g., retransmission due to timeout) with the
1697 * same INonce (SNonce in FTIE). However, if the TPK M1 is
1698 * retransmitted with a different INonce, update the RNonce
1699 * since this is for a new TDLS session.
1700 */
1701 wpa_printf(MSG_DEBUG,
1702 "TDLS: New TPK M1 INonce - generate new RNonce");
1703 os_memcpy(peer->inonce, ftie->Snonce, WPA_NONCE_LEN);
1704 if (os_get_random(peer->rnonce, WPA_NONCE_LEN)) {
1705 wpa_msg(sm->ctx->ctx, MSG_WARNING,
1706 "TDLS: Failed to get random data for responder nonce");
1707 wpa_tdls_peer_free(sm, peer);
1708 goto error;
1709 }
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1710 }
1711
1712#if 0
1713 /* get version info from RSNIE received from Peer */
1714 hdr = (struct rsn_ie_hdr *) kde.rsn_ie;
1715 rsn_ver = WPA_GET_LE16(hdr->version);
1716
1717 /* use min(peer's version, out version) */
1718 if (rsn_ver > RSN_VERSION)
1719 rsn_ver = RSN_VERSION;
1720
1721 hdr = (struct rsn_ie_hdr *) peer->rsnie_p;
1722
1723 hdr->elem_id = WLAN_EID_RSN;
1724 WPA_PUT_LE16(hdr->version, rsn_ver);
1725 pos = (u8 *) (hdr + 1);
1726
1727 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_NO_GROUP_ADDRESSED);
1728 pos += RSN_SELECTOR_LEN;
1729 /* Include only the selected cipher in pairwise cipher suite */
1730 WPA_PUT_LE16(pos, 1);
1731 pos += 2;
1732 if (cipher == WPA_CIPHER_CCMP)
1733 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
1734 pos += RSN_SELECTOR_LEN;
1735
1736 WPA_PUT_LE16(pos, 1);
1737 pos += 2;
1738 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_TPK_HANDSHAKE);
1739 pos += RSN_SELECTOR_LEN;
1740
1741 rsn_capab = WPA_CAPABILITY_PEERKEY_ENABLED;
1742 rsn_capab |= RSN_NUM_REPLAY_COUNTERS_16 << 2;
1743 WPA_PUT_LE16(pos, rsn_capab);
1744 pos += 2;
1745
1746 hdr->len = (pos - peer->rsnie_p) - 2;
1747 peer->rsnie_p_len = pos - peer->rsnie_p;
1748#endif
1749
1750 /* temp fix: validation of RSNIE later */
1751 os_memcpy(peer->rsnie_p, peer->rsnie_i, peer->rsnie_i_len);
1752 peer->rsnie_p_len = peer->rsnie_i_len;
1753
1754 wpa_hexdump(MSG_DEBUG, "TDLS: RSN IE for TPK handshake",
1755 peer->rsnie_p, peer->rsnie_p_len);
1756
1757 peer->lifetime = lifetime;
1758
1759 wpa_tdls_generate_tpk(peer, sm->own_addr, sm->bssid);
1760
1761skip_rsn_check:
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]1762 /* add the peer to the driver as a "setup in progress" peer */
Dmitry Shmidt51b6ea82013-05-08 10:42:09 -0700[diff] [blame]1763 wpa_sm_tdls_peer_addset(sm, peer->addr, 1, 0, 0, NULL, 0, NULL, NULL, 0,
Dmitry Shmidtf8623282013-02-20 14:34:59 -0800[diff] [blame]1764 NULL, 0);
Sunil Dutt73b28cc2013-09-30 17:38:41 +0300[diff] [blame]1765 peer->tpk_in_progress = 1;
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]1766
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1767 wpa_printf(MSG_DEBUG, "TDLS: Sending TDLS Setup Response / TPK M2");
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]1768 if (wpa_tdls_send_tpk_m2(sm, src_addr, dtoken, lnkid, peer) < 0) {
Sunil Duttd0ef38b2013-09-30 17:34:13 +0300[diff] [blame]1769 wpa_tdls_disable_peer_link(sm, peer);
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]1770 goto error;
1771 }
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1772
1773 return 0;
1774
1775error:
1776 wpa_tdls_send_error(sm, src_addr, WLAN_TDLS_SETUP_RESPONSE, dtoken,
1777 status);
1778 return -1;
1779}
1780
1781
Dmitry Shmidt8da800a2013-04-24 12:57:01 -0700[diff] [blame]1782static int wpa_tdls_enable_link(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1783{
1784 peer->tpk_success = 1;
Sunil Dutt73b28cc2013-09-30 17:38:41 +0300[diff] [blame]1785 peer->tpk_in_progress = 0;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1786 eloop_cancel_timeout(wpa_tdls_tpk_timeout, sm, peer);
1787 if (wpa_tdls_get_privacy(sm)) {
1788 u32 lifetime = peer->lifetime;
1789 /*
1790 * Start the initiator process a bit earlier to avoid race
1791 * condition with the responder sending teardown request.
1792 */
1793 if (lifetime > 3 && peer->initiator)
1794 lifetime -= 3;
1795 eloop_register_timeout(lifetime, 0, wpa_tdls_tpk_timeout,
1796 sm, peer);
1797#ifdef CONFIG_TDLS_TESTING
1798 if (tdls_testing & TDLS_TESTING_NO_TPK_EXPIRATION) {
1799 wpa_printf(MSG_DEBUG, "TDLS: Testing - disable TPK "
1800 "expiration");
1801 eloop_cancel_timeout(wpa_tdls_tpk_timeout, sm, peer);
1802 }
1803#endif /* CONFIG_TDLS_TESTING */
1804 }
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]1805
Dmitry Shmidtf8623282013-02-20 14:34:59 -0800[diff] [blame]1806 /* add supported rates, capabilities, and qos_info to the TDLS peer */
Dmitry Shmidt51b6ea82013-05-08 10:42:09 -0700[diff] [blame]1807 if (wpa_sm_tdls_peer_addset(sm, peer->addr, 0, peer->aid,
1808 peer->capability,
Dmitry Shmidt8da800a2013-04-24 12:57:01 -0700[diff] [blame]1809 peer->supp_rates, peer->supp_rates_len,
1810 peer->ht_capabilities,
1811 peer->vht_capabilities,
1812 peer->qos_info, peer->ext_capab,
1813 peer->ext_capab_len) < 0)
1814 return -1;
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]1815
Dmitry Shmidt8da800a2013-04-24 12:57:01 -0700[diff] [blame]1816 if (peer->reconfig_key && wpa_tdls_set_key(sm, peer) < 0) {
1817 wpa_printf(MSG_INFO, "TDLS: Could not configure key to the "
1818 "driver");
1819 return -1;
1820 }
1821 peer->reconfig_key = 0;
1822
1823 return wpa_sm_tdls_oper(sm, TDLS_ENABLE_LINK, peer->addr);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1824}
1825
1826
1827static int wpa_tdls_process_tpk_m2(struct wpa_sm *sm, const u8 *src_addr,
1828 const u8 *buf, size_t len)
1829{
1830 struct wpa_tdls_peer *peer;
1831 struct wpa_eapol_ie_parse kde;
1832 struct wpa_ie_data ie;
1833 int cipher;
1834 struct wpa_tdls_ftie *ftie;
1835 struct wpa_tdls_timeoutie *timeoutie;
1836 struct wpa_tdls_lnkid *lnkid;
1837 u32 lifetime;
1838 u8 dtoken;
1839 int ielen;
1840 u16 status;
1841 const u8 *pos;
Dmitry Shmidt292b0c32013-11-22 12:54:42 -0800[diff] [blame]1842 int ret = 0;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1843
1844 wpa_printf(MSG_DEBUG, "TDLS: Received TDLS Setup Response / TPK M2 "
1845 "(Peer " MACSTR ")", MAC2STR(src_addr));
1846 for (peer = sm->tdls; peer; peer = peer->next) {
1847 if (os_memcmp(peer->addr, src_addr, ETH_ALEN) == 0)
1848 break;
1849 }
1850 if (peer == NULL) {
1851 wpa_printf(MSG_INFO, "TDLS: No matching peer found for "
1852 "TPK M2: " MACSTR, MAC2STR(src_addr));
1853 return -1;
1854 }
Dmitry Shmidt0ccb66e2013-03-29 16:41:28 -0700[diff] [blame]1855 if (!peer->initiator) {
1856 /*
1857 * This may happen if both devices try to initiate TDLS at the
1858 * same time and we accept the TPK M1 from the peer in
1859 * wpa_tdls_process_tpk_m1() and clear our previous state.
1860 */
1861 wpa_printf(MSG_INFO, "TDLS: We were not the initiator, so "
1862 "ignore TPK M2 from " MACSTR, MAC2STR(src_addr));
1863 return -1;
1864 }
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1865 wpa_tdls_tpk_retry_timeout_cancel(sm, peer, WLAN_TDLS_SETUP_REQUEST);
1866
Sunil Duttadce9cf2013-09-15 11:51:00 -0700[diff] [blame]1867 if (len < 3 + 2 + 1) {
Sunil Duttd0ef38b2013-09-30 17:34:13 +0300[diff] [blame]1868 wpa_tdls_disable_peer_link(sm, peer);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1869 return -1;
Sunil Duttadce9cf2013-09-15 11:51:00 -0700[diff] [blame]1870 }
1871
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1872 pos = buf;
1873 pos += 1 /* pkt_type */ + 1 /* Category */ + 1 /* Action */;
1874 status = WPA_GET_LE16(pos);
1875 pos += 2 /* status code */;
1876
1877 if (status != WLAN_STATUS_SUCCESS) {
1878 wpa_printf(MSG_INFO, "TDLS: Status code in TPK M2: %u",
1879 status);
Sunil Duttd0ef38b2013-09-30 17:34:13 +0300[diff] [blame]1880 wpa_tdls_disable_peer_link(sm, peer);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1881 return -1;
1882 }
1883
1884 status = WLAN_STATUS_UNSPECIFIED_FAILURE;
1885
1886 /* TODO: need to verify dialog token matches here or in kernel */
1887 dtoken = *pos++; /* dialog token */
1888
1889 wpa_printf(MSG_DEBUG, "TDLS: Dialog Token in TPK M2 %d", dtoken);
1890
Sunil Duttadce9cf2013-09-15 11:51:00 -0700[diff] [blame]1891 if (len < 3 + 2 + 1 + 2) {
Sunil Duttd0ef38b2013-09-30 17:34:13 +0300[diff] [blame]1892 wpa_tdls_disable_peer_link(sm, peer);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1893 return -1;
Sunil Duttadce9cf2013-09-15 11:51:00 -0700[diff] [blame]1894 }
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]1895
1896 /* capability information */
1897 peer->capability = WPA_GET_LE16(pos);
1898 pos += 2;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1899
1900 ielen = len - (pos - buf); /* start of IE in buf */
1901 if (wpa_supplicant_parse_ies(pos, ielen, &kde) < 0) {
1902 wpa_printf(MSG_INFO, "TDLS: Failed to parse IEs in TPK M2");
1903 goto error;
1904 }
1905
1906#ifdef CONFIG_TDLS_TESTING
1907 if (tdls_testing & TDLS_TESTING_DECLINE_RESP) {
1908 wpa_printf(MSG_DEBUG, "TDLS: Testing - decline response");
1909 status = WLAN_STATUS_REQUEST_DECLINED;
1910 goto error;
1911 }
1912#endif /* CONFIG_TDLS_TESTING */
1913
1914 if (kde.lnkid == NULL || kde.lnkid_len < 3 * ETH_ALEN) {
1915 wpa_printf(MSG_INFO, "TDLS: No valid Link Identifier IE in "
1916 "TPK M2");
1917 goto error;
1918 }
1919 wpa_hexdump(MSG_DEBUG, "TDLS: Link ID Received from TPK M2",
1920 kde.lnkid, kde.lnkid_len);
1921 lnkid = (struct wpa_tdls_lnkid *) kde.lnkid;
1922
1923 if (os_memcmp(sm->bssid, lnkid->bssid, ETH_ALEN) != 0) {
1924 wpa_printf(MSG_INFO, "TDLS: TPK M2 from different BSS");
1925 status = WLAN_STATUS_NOT_IN_SAME_BSS;
1926 goto error;
1927 }
1928
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]1929 if (copy_supp_rates(&kde, peer) < 0)
1930 goto error;
1931
Dmitry Shmidtf8623282013-02-20 14:34:59 -0800[diff] [blame]1932 if (copy_peer_ht_capab(&kde, peer) < 0)
1933 goto error;
1934
Dmitry Shmidt33e38bf2013-02-27 12:56:00 -0800[diff] [blame]1935 if (copy_peer_vht_capab(&kde, peer) < 0)
1936 goto error;
1937
Dmitry Shmidtf8623282013-02-20 14:34:59 -0800[diff] [blame]1938 if (copy_peer_ext_capab(&kde, peer) < 0)
1939 goto error;
1940
1941 peer->qos_info = kde.qosinfo;
1942
Dmitry Shmidt51b6ea82013-05-08 10:42:09 -0700[diff] [blame]1943 peer->aid = kde.aid;
1944
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1945 if (!wpa_tdls_get_privacy(sm)) {
1946 peer->rsnie_p_len = 0;
1947 peer->cipher = WPA_CIPHER_NONE;
1948 goto skip_rsn;
1949 }
1950
1951 if (kde.ftie == NULL || kde.ftie_len < sizeof(*ftie) ||
1952 kde.rsn_ie == NULL) {
1953 wpa_printf(MSG_INFO, "TDLS: No FTIE or RSN IE in TPK M2");
1954 status = WLAN_STATUS_INVALID_PARAMETERS;
1955 goto error;
1956 }
1957 wpa_hexdump(MSG_DEBUG, "TDLS: RSN IE Received from TPK M2",
1958 kde.rsn_ie, kde.rsn_ie_len);
1959
1960 /*
1961 * FIX: bitwise comparison of RSN IE is not the correct way of
1962 * validation this. It can be different, but certain fields must
1963 * match. Since we list only a single pairwise cipher in TPK M1, the
1964 * memcmp is likely to work in most cases, though.
1965 */
1966 if (kde.rsn_ie_len != peer->rsnie_i_len ||
1967 os_memcmp(peer->rsnie_i, kde.rsn_ie, peer->rsnie_i_len) != 0) {
1968 wpa_printf(MSG_INFO, "TDLS: RSN IE in TPK M2 does "
1969 "not match with RSN IE used in TPK M1");
1970 wpa_hexdump(MSG_DEBUG, "TDLS: RSN IE Sent in TPK M1",
1971 peer->rsnie_i, peer->rsnie_i_len);
1972 wpa_hexdump(MSG_DEBUG, "TDLS: RSN IE Received from TPK M2",
1973 kde.rsn_ie, kde.rsn_ie_len);
1974 status = WLAN_STATUS_INVALID_RSNIE;
1975 goto error;
1976 }
1977
1978 if (wpa_parse_wpa_ie_rsn(kde.rsn_ie, kde.rsn_ie_len, &ie) < 0) {
1979 wpa_printf(MSG_INFO, "TDLS: Failed to parse RSN IE in TPK M2");
1980 status = WLAN_STATUS_INVALID_RSNIE;
1981 goto error;
1982 }
1983
1984 cipher = ie.pairwise_cipher;
1985 if (cipher == WPA_CIPHER_CCMP) {
1986 wpa_printf(MSG_DEBUG, "TDLS: Using CCMP for direct link");
1987 cipher = WPA_CIPHER_CCMP;
1988 } else {
1989 wpa_printf(MSG_INFO, "TDLS: No acceptable cipher in TPK M2");
1990 status = WLAN_STATUS_PAIRWISE_CIPHER_NOT_VALID;
1991 goto error;
1992 }
1993
1994 wpa_hexdump(MSG_DEBUG, "TDLS: FTIE Received from TPK M2",
1995 kde.ftie, sizeof(*ftie));
1996 ftie = (struct wpa_tdls_ftie *) kde.ftie;
1997
1998 if (!os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) == 0) {
1999 wpa_printf(MSG_INFO, "TDLS: FTIE SNonce in TPK M2 does "
2000 "not match with FTIE SNonce used in TPK M1");
2001 /* Silently discard the frame */
2002 return -1;
2003 }
2004
2005 /* Responder Nonce and RSN IE */
2006 os_memcpy(peer->rnonce, ftie->Anonce, WPA_NONCE_LEN);
2007 os_memcpy(peer->rsnie_p, kde.rsn_ie, kde.rsn_ie_len);
2008 peer->rsnie_p_len = kde.rsn_ie_len;
2009 peer->cipher = cipher;
2010
2011 /* Lifetime */
2012 if (kde.key_lifetime == NULL) {
2013 wpa_printf(MSG_INFO, "TDLS: No Key Lifetime IE in TPK M2");
2014 status = WLAN_STATUS_UNACCEPTABLE_LIFETIME;
2015 goto error;
2016 }
2017 timeoutie = (struct wpa_tdls_timeoutie *) kde.key_lifetime;
2018 lifetime = WPA_GET_LE32(timeoutie->value);
2019 wpa_printf(MSG_DEBUG, "TDLS: TPK lifetime %u seconds in TPK M2",
2020 lifetime);
2021 if (lifetime != peer->lifetime) {
2022 wpa_printf(MSG_INFO, "TDLS: Unexpected TPK lifetime %u in "
2023 "TPK M2 (expected %u)", lifetime, peer->lifetime);
2024 status = WLAN_STATUS_UNACCEPTABLE_LIFETIME;
2025 goto error;
2026 }
2027
2028 wpa_tdls_generate_tpk(peer, sm->own_addr, sm->bssid);
2029
2030 /* Process MIC check to see if TPK M2 is right */
2031 if (wpa_supplicant_verify_tdls_mic(2, peer, (u8 *) lnkid,
2032 (u8 *) timeoutie, ftie) < 0) {
2033 /* Discard the frame */
2034 wpa_tdls_del_key(sm, peer);
Sunil Dutt38ffd882013-09-30 17:23:23 +0300[diff] [blame]2035 wpa_tdls_disable_peer_link(sm, peer);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2036 return -1;
2037 }
2038
Dmitry Shmidt8da800a2013-04-24 12:57:01 -0700[diff] [blame]2039 if (wpa_tdls_set_key(sm, peer) < 0) {
2040 /*
2041 * Some drivers may not be able to config the key prior to full
2042 * STA entry having been configured.
2043 */
2044 wpa_printf(MSG_DEBUG, "TDLS: Try to configure TPK again after "
2045 "STA entry is complete");
2046 peer->reconfig_key = 1;
2047 }
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2048
2049skip_rsn:
2050 peer->dtoken = dtoken;
2051
2052 wpa_printf(MSG_DEBUG, "TDLS: Sending TDLS Setup Confirm / "
2053 "TPK Handshake Message 3");
Dmitry Shmidtd5c075b2013-08-05 14:36:10 -0700[diff] [blame]2054 if (wpa_tdls_send_tpk_m3(sm, src_addr, dtoken, lnkid, peer) < 0) {
Sunil Duttd0ef38b2013-09-30 17:34:13 +0300[diff] [blame]2055 wpa_tdls_disable_peer_link(sm, peer);
Dmitry Shmidtd5c075b2013-08-05 14:36:10 -0700[diff] [blame]2056 return -1;
2057 }
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2058
Dmitry Shmidt292b0c32013-11-22 12:54:42 -0800[diff] [blame]2059 if (!peer->tpk_success) {
2060 /*
2061 * Enable Link only when tpk_success is 0, signifying that this
2062 * processing of TPK M2 frame is not because of a retransmission
2063 * during TDLS setup handshake.
2064 */
2065 ret = wpa_tdls_enable_link(sm, peer);
2066 if (ret < 0) {
2067 wpa_printf(MSG_DEBUG, "TDLS: Could not enable link");
2068 wpa_tdls_do_teardown(
2069 sm, peer,
2070 WLAN_REASON_TDLS_TEARDOWN_UNSPECIFIED);
2071 }
Dmitry Shmidt8da800a2013-04-24 12:57:01 -0700[diff] [blame]2072 }
2073 return ret;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2074
2075error:
2076 wpa_tdls_send_error(sm, src_addr, WLAN_TDLS_SETUP_CONFIRM, dtoken,
2077 status);
Sunil Duttd0ef38b2013-09-30 17:34:13 +0300[diff] [blame]2078 wpa_tdls_disable_peer_link(sm, peer);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2079 return -1;
2080}
2081
2082
2083static int wpa_tdls_process_tpk_m3(struct wpa_sm *sm, const u8 *src_addr,
2084 const u8 *buf, size_t len)
2085{
2086 struct wpa_tdls_peer *peer;
2087 struct wpa_eapol_ie_parse kde;
2088 struct wpa_tdls_ftie *ftie;
2089 struct wpa_tdls_timeoutie *timeoutie;
2090 struct wpa_tdls_lnkid *lnkid;
2091 int ielen;
2092 u16 status;
2093 const u8 *pos;
2094 u32 lifetime;
Dmitry Shmidt292b0c32013-11-22 12:54:42 -0800[diff] [blame]2095 int ret = 0;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2096
2097 wpa_printf(MSG_DEBUG, "TDLS: Received TDLS Setup Confirm / TPK M3 "
2098 "(Peer " MACSTR ")", MAC2STR(src_addr));
2099 for (peer = sm->tdls; peer; peer = peer->next) {
2100 if (os_memcmp(peer->addr, src_addr, ETH_ALEN) == 0)
2101 break;
2102 }
2103 if (peer == NULL) {
2104 wpa_printf(MSG_INFO, "TDLS: No matching peer found for "
2105 "TPK M3: " MACSTR, MAC2STR(src_addr));
2106 return -1;
2107 }
2108 wpa_tdls_tpk_retry_timeout_cancel(sm, peer, WLAN_TDLS_SETUP_RESPONSE);
2109
2110 if (len < 3 + 3)
Sunil Duttadce9cf2013-09-15 11:51:00 -0700[diff] [blame]2111 goto error;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2112 pos = buf;
2113 pos += 1 /* pkt_type */ + 1 /* Category */ + 1 /* Action */;
2114
2115 status = WPA_GET_LE16(pos);
2116
2117 if (status != 0) {
2118 wpa_printf(MSG_INFO, "TDLS: Status code in TPK M3: %u",
2119 status);
Sunil Duttadce9cf2013-09-15 11:51:00 -0700[diff] [blame]2120 goto error;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2121 }
2122 pos += 2 /* status code */ + 1 /* dialog token */;
2123
2124 ielen = len - (pos - buf); /* start of IE in buf */
2125 if (wpa_supplicant_parse_ies((const u8 *) pos, ielen, &kde) < 0) {
2126 wpa_printf(MSG_INFO, "TDLS: Failed to parse KDEs in TPK M3");
Sunil Duttadce9cf2013-09-15 11:51:00 -0700[diff] [blame]2127 goto error;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2128 }
2129
2130 if (kde.lnkid == NULL || kde.lnkid_len < 3 * ETH_ALEN) {
2131 wpa_printf(MSG_INFO, "TDLS: No Link Identifier IE in TPK M3");
Sunil Duttadce9cf2013-09-15 11:51:00 -0700[diff] [blame]2132 goto error;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2133 }
2134 wpa_hexdump(MSG_DEBUG, "TDLS: Link ID Received from TPK M3",
2135 (u8 *) kde.lnkid, kde.lnkid_len);
2136 lnkid = (struct wpa_tdls_lnkid *) kde.lnkid;
2137
2138 if (os_memcmp(sm->bssid, lnkid->bssid, ETH_ALEN) != 0) {
2139 wpa_printf(MSG_INFO, "TDLS: TPK M3 from diff BSS");
Sunil Duttadce9cf2013-09-15 11:51:00 -0700[diff] [blame]2140 goto error;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2141 }
2142
2143 if (!wpa_tdls_get_privacy(sm))
2144 goto skip_rsn;
2145
2146 if (kde.ftie == NULL || kde.ftie_len < sizeof(*ftie)) {
2147 wpa_printf(MSG_INFO, "TDLS: No FTIE in TPK M3");
Sunil Duttadce9cf2013-09-15 11:51:00 -0700[diff] [blame]2148 goto error;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2149 }
2150 wpa_hexdump(MSG_DEBUG, "TDLS: FTIE Received from TPK M3",
2151 kde.ftie, sizeof(*ftie));
2152 ftie = (struct wpa_tdls_ftie *) kde.ftie;
2153
2154 if (kde.rsn_ie == NULL) {
2155 wpa_printf(MSG_INFO, "TDLS: No RSN IE in TPK M3");
Sunil Duttadce9cf2013-09-15 11:51:00 -0700[diff] [blame]2156 goto error;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2157 }
2158 wpa_hexdump(MSG_DEBUG, "TDLS: RSN IE Received from TPK M3",
2159 kde.rsn_ie, kde.rsn_ie_len);
2160 if (kde.rsn_ie_len != peer->rsnie_p_len ||
2161 os_memcmp(kde.rsn_ie, peer->rsnie_p, peer->rsnie_p_len) != 0) {
2162 wpa_printf(MSG_INFO, "TDLS: RSN IE in TPK M3 does not match "
2163 "with the one sent in TPK M2");
Sunil Duttadce9cf2013-09-15 11:51:00 -0700[diff] [blame]2164 goto error;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2165 }
2166
2167 if (!os_memcmp(peer->rnonce, ftie->Anonce, WPA_NONCE_LEN) == 0) {
2168 wpa_printf(MSG_INFO, "TDLS: FTIE ANonce in TPK M3 does "
2169 "not match with FTIE ANonce used in TPK M2");
Sunil Duttadce9cf2013-09-15 11:51:00 -0700[diff] [blame]2170 goto error;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2171 }
2172
2173 if (!os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) == 0) {
2174 wpa_printf(MSG_INFO, "TDLS: FTIE SNonce in TPK M3 does not "
2175 "match with FTIE SNonce used in TPK M1");
Sunil Duttadce9cf2013-09-15 11:51:00 -0700[diff] [blame]2176 goto error;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2177 }
2178
2179 if (kde.key_lifetime == NULL) {
2180 wpa_printf(MSG_INFO, "TDLS: No Key Lifetime IE in TPK M3");
Sunil Duttadce9cf2013-09-15 11:51:00 -0700[diff] [blame]2181 goto error;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2182 }
2183 timeoutie = (struct wpa_tdls_timeoutie *) kde.key_lifetime;
2184 wpa_hexdump(MSG_DEBUG, "TDLS: Timeout IE Received from TPK M3",
2185 (u8 *) timeoutie, sizeof(*timeoutie));
2186 lifetime = WPA_GET_LE32(timeoutie->value);
2187 wpa_printf(MSG_DEBUG, "TDLS: TPK lifetime %u seconds in TPK M3",
2188 lifetime);
2189 if (lifetime != peer->lifetime) {
2190 wpa_printf(MSG_INFO, "TDLS: Unexpected TPK lifetime %u in "
2191 "TPK M3 (expected %u)", lifetime, peer->lifetime);
Sunil Duttadce9cf2013-09-15 11:51:00 -0700[diff] [blame]2192 goto error;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2193 }
2194
2195 if (wpa_supplicant_verify_tdls_mic(3, peer, (u8 *) lnkid,
2196 (u8 *) timeoutie, ftie) < 0) {
2197 wpa_tdls_del_key(sm, peer);
Sunil Duttadce9cf2013-09-15 11:51:00 -0700[diff] [blame]2198 goto error;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2199 }
2200
Dmitry Shmidt8da800a2013-04-24 12:57:01 -0700[diff] [blame]2201 if (wpa_tdls_set_key(sm, peer) < 0) {
2202 /*
2203 * Some drivers may not be able to config the key prior to full
2204 * STA entry having been configured.
2205 */
2206 wpa_printf(MSG_DEBUG, "TDLS: Try to configure TPK again after "
2207 "STA entry is complete");
2208 peer->reconfig_key = 1;
2209 }
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2210
2211skip_rsn:
Dmitry Shmidt292b0c32013-11-22 12:54:42 -0800[diff] [blame]2212 if (!peer->tpk_success) {
2213 /*
2214 * Enable Link only when tpk_success is 0, signifying that this
2215 * processing of TPK M3 frame is not because of a retransmission
2216 * during TDLS setup handshake.
2217 */
2218 ret = wpa_tdls_enable_link(sm, peer);
2219 if (ret < 0) {
2220 wpa_printf(MSG_DEBUG, "TDLS: Could not enable link");
2221 wpa_tdls_do_teardown(
2222 sm, peer,
2223 WLAN_REASON_TDLS_TEARDOWN_UNSPECIFIED);
2224 }
Dmitry Shmidt8da800a2013-04-24 12:57:01 -0700[diff] [blame]2225 }
2226 return ret;
Sunil Duttadce9cf2013-09-15 11:51:00 -0700[diff] [blame]2227error:
Sunil Duttd0ef38b2013-09-30 17:34:13 +0300[diff] [blame]2228 wpa_tdls_disable_peer_link(sm, peer);
Sunil Duttadce9cf2013-09-15 11:51:00 -0700[diff] [blame]2229 return -1;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2230}
2231
2232
2233static u8 * wpa_add_tdls_timeoutie(u8 *pos, u8 *ie, size_t ie_len, u32 tsecs)
2234{
2235 struct wpa_tdls_timeoutie *lifetime = (struct wpa_tdls_timeoutie *) ie;
2236
2237 os_memset(lifetime, 0, ie_len);
2238 lifetime->ie_type = WLAN_EID_TIMEOUT_INTERVAL;
2239 lifetime->ie_len = sizeof(struct wpa_tdls_timeoutie) - 2;
2240 lifetime->interval_type = WLAN_TIMEOUT_KEY_LIFETIME;
2241 WPA_PUT_LE32(lifetime->value, tsecs);
2242 os_memcpy(pos, ie, ie_len);
2243 return pos + ie_len;
2244}
2245
2246
2247/**
2248 * wpa_tdls_start - Initiate TDLS handshake (send TPK Handshake Message 1)
2249 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2250 * @peer: MAC address of the peer STA
2251 * Returns: 0 on success, or -1 on failure
2252 *
2253 * Send TPK Handshake Message 1 info to driver to start TDLS
2254 * handshake with the peer.
2255 */
2256int wpa_tdls_start(struct wpa_sm *sm, const u8 *addr)
2257{
2258 struct wpa_tdls_peer *peer;
2259 int tdls_prohibited = sm->tdls_prohibited;
2260
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]2261 if (sm->tdls_disabled || !sm->tdls_supported)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2262 return -1;
2263
2264#ifdef CONFIG_TDLS_TESTING
2265 if ((tdls_testing & TDLS_TESTING_IGNORE_AP_PROHIBIT) &&
2266 tdls_prohibited) {
2267 wpa_printf(MSG_DEBUG, "TDLS: Testing - ignore AP prohibition "
2268 "on TDLS");
2269 tdls_prohibited = 0;
2270 }
2271#endif /* CONFIG_TDLS_TESTING */
2272
2273 if (tdls_prohibited) {
2274 wpa_printf(MSG_DEBUG, "TDLS: TDLS is prohibited in this BSS - "
2275 "reject request to start setup");
2276 return -1;
2277 }
2278
Dmitry Shmidt4b9d52f2013-02-05 17:44:43 -0800[diff] [blame]2279 peer = wpa_tdls_add_peer(sm, addr, NULL);
2280 if (peer == NULL)
2281 return -1;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2282
Sunil Dutt73b28cc2013-09-30 17:38:41 +0300[diff] [blame]2283 if (peer->tpk_in_progress) {
2284 wpa_printf(MSG_DEBUG, "TDLS: Setup is already in progress with the peer");
2285 return 0;
2286 }
2287
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2288 peer->initiator = 1;
2289
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]2290 /* add the peer to the driver as a "setup in progress" peer */
Dmitry Shmidt51b6ea82013-05-08 10:42:09 -0700[diff] [blame]2291 wpa_sm_tdls_peer_addset(sm, peer->addr, 1, 0, 0, NULL, 0, NULL, NULL, 0,
Dmitry Shmidtf8623282013-02-20 14:34:59 -0800[diff] [blame]2292 NULL, 0);
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]2293
Sunil Dutt73b28cc2013-09-30 17:38:41 +0300[diff] [blame]2294 peer->tpk_in_progress = 1;
2295
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]2296 if (wpa_tdls_send_tpk_m1(sm, peer) < 0) {
Sunil Duttd0ef38b2013-09-30 17:34:13 +0300[diff] [blame]2297 wpa_tdls_disable_peer_link(sm, peer);
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]2298 return -1;
2299 }
2300
2301 return 0;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2302}
2303
2304
Dmitry Shmidt4b9d52f2013-02-05 17:44:43 -0800[diff] [blame]2305void wpa_tdls_remove(struct wpa_sm *sm, const u8 *addr)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2306{
2307 struct wpa_tdls_peer *peer;
2308
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]2309 if (sm->tdls_disabled || !sm->tdls_supported)
Dmitry Shmidt4b9d52f2013-02-05 17:44:43 -0800[diff] [blame]2310 return;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2311
2312 for (peer = sm->tdls; peer; peer = peer->next) {
2313 if (os_memcmp(peer->addr, addr, ETH_ALEN) == 0)
2314 break;
2315 }
2316
2317 if (peer == NULL || !peer->tpk_success)
Dmitry Shmidt4b9d52f2013-02-05 17:44:43 -0800[diff] [blame]2318 return;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2319
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]2320 if (sm->tdls_external_setup) {
2321 /*
2322 * Disable previous link to allow renegotiation to be completed
2323 * on AP path.
2324 */
Dmitry Shmidt292b0c32013-11-22 12:54:42 -0800[diff] [blame]2325 wpa_tdls_disable_peer_link(sm, peer);
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]2326 }
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2327}
2328
2329
2330/**
2331 * wpa_supplicant_rx_tdls - Receive TDLS data frame
2332 *
2333 * This function is called to receive TDLS (ethertype = 0x890d) data frames.
2334 */
2335static void wpa_supplicant_rx_tdls(void *ctx, const u8 *src_addr,
2336 const u8 *buf, size_t len)
2337{
2338 struct wpa_sm *sm = ctx;
2339 struct wpa_tdls_frame *tf;
2340
2341 wpa_hexdump(MSG_DEBUG, "TDLS: Received Data frame encapsulation",
2342 buf, len);
2343
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]2344 if (sm->tdls_disabled || !sm->tdls_supported) {
2345 wpa_printf(MSG_DEBUG, "TDLS: Discard message - TDLS disabled "
2346 "or unsupported by driver");
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2347 return;
2348 }
2349
2350 if (os_memcmp(src_addr, sm->own_addr, ETH_ALEN) == 0) {
2351 wpa_printf(MSG_DEBUG, "TDLS: Discard copy of own message");
2352 return;
2353 }
2354
2355 if (len < sizeof(*tf)) {
2356 wpa_printf(MSG_INFO, "TDLS: Drop too short frame");
2357 return;
2358 }
2359
2360 /* Check to make sure its a valid encapsulated TDLS frame */
2361 tf = (struct wpa_tdls_frame *) buf;
2362 if (tf->payloadtype != 2 /* TDLS_RFTYPE */ ||
2363 tf->category != WLAN_ACTION_TDLS) {
2364 wpa_printf(MSG_INFO, "TDLS: Invalid frame - payloadtype=%u "
2365 "category=%u action=%u",
2366 tf->payloadtype, tf->category, tf->action);
2367 return;
2368 }
2369
2370 switch (tf->action) {
2371 case WLAN_TDLS_SETUP_REQUEST:
2372 wpa_tdls_process_tpk_m1(sm, src_addr, buf, len);
2373 break;
2374 case WLAN_TDLS_SETUP_RESPONSE:
2375 wpa_tdls_process_tpk_m2(sm, src_addr, buf, len);
2376 break;
2377 case WLAN_TDLS_SETUP_CONFIRM:
2378 wpa_tdls_process_tpk_m3(sm, src_addr, buf, len);
2379 break;
2380 case WLAN_TDLS_TEARDOWN:
2381 wpa_tdls_recv_teardown(sm, src_addr, buf, len);
2382 break;
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]2383 case WLAN_TDLS_DISCOVERY_REQUEST:
2384 wpa_tdls_process_discovery_request(sm, src_addr, buf, len);
2385 break;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2386 default:
2387 /* Kernel code will process remaining frames */
2388 wpa_printf(MSG_DEBUG, "TDLS: Ignore TDLS frame action code %u",
2389 tf->action);
2390 break;
2391 }
2392}
2393
2394
2395/**
2396 * wpa_tdls_init - Initialize driver interface parameters for TDLS
2397 * @wpa_s: Pointer to wpa_supplicant data
2398 * Returns: 0 on success, -1 on failure
2399 *
2400 * This function is called to initialize driver interface parameters for TDLS.
2401 * wpa_drv_init() must have been called before this function to initialize the
2402 * driver interface.
2403 */
2404int wpa_tdls_init(struct wpa_sm *sm)
2405{
2406 if (sm == NULL)
2407 return -1;
2408
Dmitry Shmidt04949592012-07-19 12:16:46 -0700[diff] [blame]2409 sm->l2_tdls = l2_packet_init(sm->bridge_ifname ? sm->bridge_ifname :
2410 sm->ifname,
2411 sm->own_addr,
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2412 ETH_P_80211_ENCAP, wpa_supplicant_rx_tdls,
2413 sm, 0);
2414 if (sm->l2_tdls == NULL) {
2415 wpa_printf(MSG_ERROR, "TDLS: Failed to open l2_packet "
2416 "connection");
2417 return -1;
2418 }
2419
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]2420 /*
2421 * Drivers that support TDLS but don't implement the get_capa callback
2422 * are assumed to perform everything internally
2423 */
2424 if (wpa_sm_tdls_get_capa(sm, &sm->tdls_supported,
2425 &sm->tdls_external_setup) < 0) {
2426 sm->tdls_supported = 1;
2427 sm->tdls_external_setup = 0;
2428 }
2429
2430 wpa_printf(MSG_DEBUG, "TDLS: TDLS operation%s supported by "
2431 "driver", sm->tdls_supported ? "" : " not");
2432 wpa_printf(MSG_DEBUG, "TDLS: Driver uses %s link setup",
2433 sm->tdls_external_setup ? "external" : "internal");
2434
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2435 return 0;
2436}
2437
2438
Dmitry Shmidtf8623282013-02-20 14:34:59 -0800[diff] [blame]2439void wpa_tdls_teardown_peers(struct wpa_sm *sm)
2440{
2441 struct wpa_tdls_peer *peer;
2442
2443 peer = sm->tdls;
2444
2445 wpa_printf(MSG_DEBUG, "TDLS: Tear down peers");
2446
2447 while (peer) {
2448 wpa_printf(MSG_DEBUG, "TDLS: Tear down peer " MACSTR,
2449 MAC2STR(peer->addr));
2450 if (sm->tdls_external_setup)
2451 wpa_tdls_send_teardown(sm, peer->addr,
2452 WLAN_REASON_DEAUTH_LEAVING);
2453 else
2454 wpa_sm_tdls_oper(sm, TDLS_TEARDOWN, peer->addr);
2455
2456 peer = peer->next;
2457 }
2458}
2459
2460
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2461static void wpa_tdls_remove_peers(struct wpa_sm *sm)
2462{
2463 struct wpa_tdls_peer *peer, *tmp;
2464
2465 peer = sm->tdls;
2466 sm->tdls = NULL;
2467
2468 while (peer) {
2469 int res;
2470 tmp = peer->next;
2471 res = wpa_sm_tdls_oper(sm, TDLS_DISABLE_LINK, peer->addr);
2472 wpa_printf(MSG_DEBUG, "TDLS: Remove peer " MACSTR " (res=%d)",
2473 MAC2STR(peer->addr), res);
2474 wpa_tdls_peer_free(sm, peer);
2475 os_free(peer);
2476 peer = tmp;
2477 }
2478}
2479
2480
2481/**
2482 * wpa_tdls_deinit - Deinitialize driver interface parameters for TDLS
2483 *
2484 * This function is called to recover driver interface parameters for TDLS
2485 * and frees resources allocated for it.
2486 */
2487void wpa_tdls_deinit(struct wpa_sm *sm)
2488{
2489 if (sm == NULL)
2490 return;
2491
2492 if (sm->l2_tdls)
2493 l2_packet_deinit(sm->l2_tdls);
2494 sm->l2_tdls = NULL;
2495
2496 wpa_tdls_remove_peers(sm);
2497}
2498
2499
2500void wpa_tdls_assoc(struct wpa_sm *sm)
2501{
2502 wpa_printf(MSG_DEBUG, "TDLS: Remove peers on association");
2503 wpa_tdls_remove_peers(sm);
2504}
2505
2506
2507void wpa_tdls_disassoc(struct wpa_sm *sm)
2508{
2509 wpa_printf(MSG_DEBUG, "TDLS: Remove peers on disassociation");
2510 wpa_tdls_remove_peers(sm);
2511}
2512
2513
2514static int wpa_tdls_prohibited(const u8 *ies, size_t len)
2515{
2516 struct wpa_eapol_ie_parse elems;
2517
2518 if (ies == NULL)
2519 return 0;
2520
2521 if (wpa_supplicant_parse_ies(ies, len, &elems) < 0)
2522 return 0;
2523
2524 if (elems.ext_capab == NULL || elems.ext_capab_len < 2 + 5)
2525 return 0;
2526
2527 /* bit 38 - TDLS Prohibited */
2528 return !!(elems.ext_capab[2 + 4] & 0x40);
2529}
2530
2531
2532void wpa_tdls_ap_ies(struct wpa_sm *sm, const u8 *ies, size_t len)
2533{
2534 sm->tdls_prohibited = wpa_tdls_prohibited(ies, len);
2535 wpa_printf(MSG_DEBUG, "TDLS: TDLS is %s in the target BSS",
2536 sm->tdls_prohibited ? "prohibited" : "allowed");
2537}
2538
2539
2540void wpa_tdls_assoc_resp_ies(struct wpa_sm *sm, const u8 *ies, size_t len)
2541{
2542 if (!sm->tdls_prohibited && wpa_tdls_prohibited(ies, len)) {
2543 wpa_printf(MSG_DEBUG, "TDLS: TDLS prohibited based on "
2544 "(Re)Association Response IEs");
2545 sm->tdls_prohibited = 1;
2546 }
2547}
2548
2549
2550void wpa_tdls_enable(struct wpa_sm *sm, int enabled)
2551{
2552 wpa_printf(MSG_DEBUG, "TDLS: %s", enabled ? "enabled" : "disabled");
2553 sm->tdls_disabled = !enabled;
2554}
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]2555
2556
2557int wpa_tdls_is_external_setup(struct wpa_sm *sm)
2558{
2559 return sm->tdls_external_setup;
2560}