Gitiles
Code Review Sign In
gerrit.omnirom.org / android_external_wpa_supplicant_8 / adaa28a85b3a1e28d36875bdf9113fea8eeb0248 / . / src / rsn_supp / tdls.c
blob: 8cb19a25ab4f852a132a08416eba57e5f7de4432 [file] [log] [blame]
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1/*
2 * wpa_supplicant - TDLS
3 * Copyright (c) 2010-2011, Atheros Communications
4 *
Dmitry Shmidtc5ec7f52012-03-06 16:33:24 -0800[diff] [blame]5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]7 */
8
9#include "utils/includes.h"
10
11#include "utils/common.h"
12#include "utils/eloop.h"
13#include "utils/os.h"
14#include "common/ieee802_11_defs.h"
15#include "crypto/sha256.h"
16#include "crypto/crypto.h"
17#include "crypto/aes_wrap.h"
18#include "rsn_supp/wpa.h"
19#include "rsn_supp/wpa_ie.h"
20#include "rsn_supp/wpa_i.h"
21#include "drivers/driver.h"
22#include "l2_packet/l2_packet.h"
23
24#ifdef CONFIG_TDLS_TESTING
25#define TDLS_TESTING_LONG_FRAME BIT(0)
26#define TDLS_TESTING_ALT_RSN_IE BIT(1)
27#define TDLS_TESTING_DIFF_BSSID BIT(2)
28#define TDLS_TESTING_SHORT_LIFETIME BIT(3)
29#define TDLS_TESTING_WRONG_LIFETIME_RESP BIT(4)
30#define TDLS_TESTING_WRONG_LIFETIME_CONF BIT(5)
31#define TDLS_TESTING_LONG_LIFETIME BIT(6)
32#define TDLS_TESTING_CONCURRENT_INIT BIT(7)
33#define TDLS_TESTING_NO_TPK_EXPIRATION BIT(8)
34#define TDLS_TESTING_DECLINE_RESP BIT(9)
35#define TDLS_TESTING_IGNORE_AP_PROHIBIT BIT(10)
Dmitry Shmidt21de2142014-04-08 10:50:52 -0700[diff] [blame]36#define TDLS_TESTING_WRONG_MIC BIT(11)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]37unsigned int tdls_testing = 0;
38#endif /* CONFIG_TDLS_TESTING */
39
40#define TPK_LIFETIME 43200 /* 12 hours */
Dmitry Shmidtf7e0a992013-05-23 11:03:10 -0700[diff] [blame]41#define TPK_M1_RETRY_COUNT 3
42#define TPK_M1_TIMEOUT 5000 /* in milliseconds */
43#define TPK_M2_RETRY_COUNT 10
44#define TPK_M2_TIMEOUT 500 /* in milliseconds */
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]45
46#define TDLS_MIC_LEN 16
47
48#define TDLS_TIMEOUT_LEN 4
49
50struct wpa_tdls_ftie {
51 u8 ie_type; /* FTIE */
52 u8 ie_len;
53 u8 mic_ctrl[2];
54 u8 mic[TDLS_MIC_LEN];
55 u8 Anonce[WPA_NONCE_LEN]; /* Responder Nonce in TDLS */
56 u8 Snonce[WPA_NONCE_LEN]; /* Initiator Nonce in TDLS */
57 /* followed by optional elements */
58} STRUCT_PACKED;
59
60struct wpa_tdls_timeoutie {
61 u8 ie_type; /* Timeout IE */
62 u8 ie_len;
63 u8 interval_type;
64 u8 value[TDLS_TIMEOUT_LEN];
65} STRUCT_PACKED;
66
67struct wpa_tdls_lnkid {
68 u8 ie_type; /* Link Identifier IE */
69 u8 ie_len;
70 u8 bssid[ETH_ALEN];
71 u8 init_sta[ETH_ALEN];
72 u8 resp_sta[ETH_ALEN];
73} STRUCT_PACKED;
74
75/* TDLS frame headers as per IEEE Std 802.11z-2010 */
76struct wpa_tdls_frame {
77 u8 payloadtype; /* IEEE80211_TDLS_RFTYPE */
78 u8 category; /* Category */
79 u8 action; /* Action (enum tdls_frame_type) */
80} STRUCT_PACKED;
81
82static u8 * wpa_add_tdls_timeoutie(u8 *pos, u8 *ie, size_t ie_len, u32 tsecs);
83static void wpa_tdls_tpk_retry_timeout(void *eloop_ctx, void *timeout_ctx);
84static void wpa_tdls_peer_free(struct wpa_sm *sm, struct wpa_tdls_peer *peer);
Sunil Duttd0ef38b2013-09-30 17:34:13 +0300[diff] [blame]85static void wpa_tdls_disable_peer_link(struct wpa_sm *sm,
86 struct wpa_tdls_peer *peer);
Dmitry Shmidtb58836e2014-04-29 14:35:56 -0700[diff] [blame]87static int wpa_tdls_send_teardown(struct wpa_sm *sm, const u8 *addr,
88 u16 reason_code);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]89
90
91#define TDLS_MAX_IE_LEN 80
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]92#define IEEE80211_MAX_SUPP_RATES 32
93
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]94struct wpa_tdls_peer {
95 struct wpa_tdls_peer *next;
Dmitry Shmidt8da800a2013-04-24 12:57:01 -0700[diff] [blame]96 unsigned int reconfig_key:1;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]97 int initiator; /* whether this end was initiator for TDLS setup */
98 u8 addr[ETH_ALEN]; /* other end MAC address */
99 u8 inonce[WPA_NONCE_LEN]; /* Initiator Nonce */
100 u8 rnonce[WPA_NONCE_LEN]; /* Responder Nonce */
101 u8 rsnie_i[TDLS_MAX_IE_LEN]; /* Initiator RSN IE */
102 size_t rsnie_i_len;
103 u8 rsnie_p[TDLS_MAX_IE_LEN]; /* Peer RSN IE */
104 size_t rsnie_p_len;
105 u32 lifetime;
106 int cipher; /* Selected cipher (WPA_CIPHER_*) */
107 u8 dtoken;
108
109 struct tpk {
110 u8 kck[16]; /* TPK-KCK */
111 u8 tk[16]; /* TPK-TK; assuming only CCMP will be used */
112 } tpk;
113 int tpk_set;
114 int tpk_success;
Sunil Dutt73b28cc2013-09-30 17:38:41 +0300[diff] [blame]115 int tpk_in_progress;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]116
117 struct tpk_timer {
118 u8 dest[ETH_ALEN];
119 int count; /* Retry Count */
120 int timer; /* Timeout in milliseconds */
121 u8 action_code; /* TDLS frame type */
122 u8 dialog_token;
123 u16 status_code;
Dmitry Shmidtdf5a7e42014-04-02 12:59:59 -0700[diff] [blame]124 u32 peer_capab;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]125 int buf_len; /* length of TPK message for retransmission */
126 u8 *buf; /* buffer for TPK message */
127 } sm_tmr;
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]128
129 u16 capability;
130
131 u8 supp_rates[IEEE80211_MAX_SUPP_RATES];
132 size_t supp_rates_len;
Dmitry Shmidtf8623282013-02-20 14:34:59 -0800[diff] [blame]133
134 struct ieee80211_ht_capabilities *ht_capabilities;
Dmitry Shmidt33e38bf2013-02-27 12:56:00 -0800[diff] [blame]135 struct ieee80211_vht_capabilities *vht_capabilities;
Dmitry Shmidtf8623282013-02-20 14:34:59 -0800[diff] [blame]136
137 u8 qos_info;
138
Dmitry Shmidt51b6ea82013-05-08 10:42:09 -0700[diff] [blame]139 u16 aid;
140
Dmitry Shmidtf8623282013-02-20 14:34:59 -0800[diff] [blame]141 u8 *ext_capab;
142 size_t ext_capab_len;
Dmitry Shmidt344abd32014-01-14 13:17:00 -0800[diff] [blame]143
144 u8 *supp_channels;
145 size_t supp_channels_len;
146
147 u8 *supp_oper_classes;
148 size_t supp_oper_classes_len;
Dmitry Shmidtdf5a7e42014-04-02 12:59:59 -0700[diff] [blame]149
150 u8 wmm_capable;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]151};
152
153
154static int wpa_tdls_get_privacy(struct wpa_sm *sm)
155{
156 /*
157 * Get info needed from supplicant to check if the current BSS supports
158 * security. Other than OPEN mode, rest are considered secured
159 * WEP/WPA/WPA2 hence TDLS frames are processed for TPK handshake.
160 */
161 return sm->pairwise_cipher != WPA_CIPHER_NONE;
162}
163
164
165static u8 * wpa_add_ie(u8 *pos, const u8 *ie, size_t ie_len)
166{
167 os_memcpy(pos, ie, ie_len);
168 return pos + ie_len;
169}
170
171
172static int wpa_tdls_del_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
173{
174 if (wpa_sm_set_key(sm, WPA_ALG_NONE, peer->addr,
175 0, 0, NULL, 0, NULL, 0) < 0) {
176 wpa_printf(MSG_WARNING, "TDLS: Failed to delete TPK-TK from "
177 "the driver");
178 return -1;
179 }
180
181 return 0;
182}
183
184
185static int wpa_tdls_set_key(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
186{
187 u8 key_len;
188 u8 rsc[6];
189 enum wpa_alg alg;
190
191 os_memset(rsc, 0, 6);
192
193 switch (peer->cipher) {
194 case WPA_CIPHER_CCMP:
195 alg = WPA_ALG_CCMP;
196 key_len = 16;
197 break;
198 case WPA_CIPHER_NONE:
199 wpa_printf(MSG_DEBUG, "TDLS: Pairwise Cipher Suite: "
200 "NONE - do not use pairwise keys");
201 return -1;
202 default:
203 wpa_printf(MSG_WARNING, "TDLS: Unsupported pairwise cipher %d",
204 sm->pairwise_cipher);
205 return -1;
206 }
207
208 if (wpa_sm_set_key(sm, alg, peer->addr, -1, 1,
209 rsc, sizeof(rsc), peer->tpk.tk, key_len) < 0) {
210 wpa_printf(MSG_WARNING, "TDLS: Failed to set TPK to the "
211 "driver");
212 return -1;
213 }
214 return 0;
215}
216
217
218static int wpa_tdls_send_tpk_msg(struct wpa_sm *sm, const u8 *dst,
219 u8 action_code, u8 dialog_token,
Dmitry Shmidtdf5a7e42014-04-02 12:59:59 -0700[diff] [blame]220 u16 status_code, u32 peer_capab,
Dmitry Shmidt9ead16e2014-10-07 13:15:23 -0700[diff] [blame]221 int initiator, const u8 *buf, size_t len)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]222{
223 return wpa_sm_send_tdls_mgmt(sm, dst, action_code, dialog_token,
Dmitry Shmidt9ead16e2014-10-07 13:15:23 -0700[diff] [blame]224 status_code, peer_capab, initiator, buf,
225 len);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]226}
227
228
229static int wpa_tdls_tpk_send(struct wpa_sm *sm, const u8 *dest, u8 action_code,
Dmitry Shmidtdf5a7e42014-04-02 12:59:59 -0700[diff] [blame]230 u8 dialog_token, u16 status_code, u32 peer_capab,
Dmitry Shmidt9ead16e2014-10-07 13:15:23 -0700[diff] [blame]231 int initiator, const u8 *msg, size_t msg_len)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]232{
233 struct wpa_tdls_peer *peer;
234
235 wpa_printf(MSG_DEBUG, "TDLS: TPK send dest=" MACSTR " action_code=%u "
Dmitry Shmidt9ead16e2014-10-07 13:15:23 -0700[diff] [blame]236 "dialog_token=%u status_code=%u peer_capab=%u initiator=%d "
237 "msg_len=%u",
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]238 MAC2STR(dest), action_code, dialog_token, status_code,
Dmitry Shmidt9ead16e2014-10-07 13:15:23 -0700[diff] [blame]239 peer_capab, initiator, (unsigned int) msg_len);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]240
241 if (wpa_tdls_send_tpk_msg(sm, dest, action_code, dialog_token,
Dmitry Shmidt9ead16e2014-10-07 13:15:23 -0700[diff] [blame]242 status_code, peer_capab, initiator, msg,
243 msg_len)) {
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]244 wpa_printf(MSG_INFO, "TDLS: Failed to send message "
245 "(action_code=%u)", action_code);
246 return -1;
247 }
248
249 if (action_code == WLAN_TDLS_SETUP_CONFIRM ||
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]250 action_code == WLAN_TDLS_TEARDOWN ||
251 action_code == WLAN_TDLS_DISCOVERY_REQUEST ||
252 action_code == WLAN_TDLS_DISCOVERY_RESPONSE)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]253 return 0; /* No retries */
254
255 for (peer = sm->tdls; peer; peer = peer->next) {
256 if (os_memcmp(peer->addr, dest, ETH_ALEN) == 0)
257 break;
258 }
259
260 if (peer == NULL) {
261 wpa_printf(MSG_INFO, "TDLS: No matching entry found for "
262 "retry " MACSTR, MAC2STR(dest));
263 return 0;
264 }
265
266 eloop_cancel_timeout(wpa_tdls_tpk_retry_timeout, sm, peer);
267
Dmitry Shmidtf7e0a992013-05-23 11:03:10 -0700[diff] [blame]268 if (action_code == WLAN_TDLS_SETUP_RESPONSE) {
269 peer->sm_tmr.count = TPK_M2_RETRY_COUNT;
270 peer->sm_tmr.timer = TPK_M2_TIMEOUT;
271 } else {
272 peer->sm_tmr.count = TPK_M1_RETRY_COUNT;
273 peer->sm_tmr.timer = TPK_M1_TIMEOUT;
274 }
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]275
276 /* Copy message to resend on timeout */
277 os_memcpy(peer->sm_tmr.dest, dest, ETH_ALEN);
278 peer->sm_tmr.action_code = action_code;
279 peer->sm_tmr.dialog_token = dialog_token;
280 peer->sm_tmr.status_code = status_code;
Dmitry Shmidtdf5a7e42014-04-02 12:59:59 -0700[diff] [blame]281 peer->sm_tmr.peer_capab = peer_capab;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]282 peer->sm_tmr.buf_len = msg_len;
283 os_free(peer->sm_tmr.buf);
284 peer->sm_tmr.buf = os_malloc(msg_len);
285 if (peer->sm_tmr.buf == NULL)
286 return -1;
287 os_memcpy(peer->sm_tmr.buf, msg, msg_len);
288
289 wpa_printf(MSG_DEBUG, "TDLS: Retry timeout registered "
290 "(action_code=%u)", action_code);
Dmitry Shmidtf7e0a992013-05-23 11:03:10 -0700[diff] [blame]291 eloop_register_timeout(peer->sm_tmr.timer / 1000,
292 (peer->sm_tmr.timer % 1000) * 1000,
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]293 wpa_tdls_tpk_retry_timeout, sm, peer);
294 return 0;
295}
296
297
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]298static int wpa_tdls_do_teardown(struct wpa_sm *sm, struct wpa_tdls_peer *peer,
Sunil Dutt6a9f5222013-09-30 17:10:18 +0300[diff] [blame]299 u16 reason_code)
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]300{
301 int ret;
302
Sunil Dutt6a9f5222013-09-30 17:10:18 +0300[diff] [blame]303 ret = wpa_tdls_send_teardown(sm, peer->addr, reason_code);
304 /* disable the link after teardown was sent */
Sunil Duttd0ef38b2013-09-30 17:34:13 +0300[diff] [blame]305 wpa_tdls_disable_peer_link(sm, peer);
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]306
307 return ret;
308}
309
310
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]311static void wpa_tdls_tpk_retry_timeout(void *eloop_ctx, void *timeout_ctx)
312{
313
314 struct wpa_sm *sm = eloop_ctx;
315 struct wpa_tdls_peer *peer = timeout_ctx;
316
317 if (peer->sm_tmr.count) {
318 peer->sm_tmr.count--;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]319
320 wpa_printf(MSG_INFO, "TDLS: Retrying sending of message "
321 "(action_code=%u)",
322 peer->sm_tmr.action_code);
323
324 if (peer->sm_tmr.buf == NULL) {
325 wpa_printf(MSG_INFO, "TDLS: No retry buffer available "
326 "for action_code=%u",
327 peer->sm_tmr.action_code);
328 eloop_cancel_timeout(wpa_tdls_tpk_retry_timeout, sm,
329 peer);
330 return;
331 }
332
333 /* resend TPK Handshake Message to Peer */
334 if (wpa_tdls_send_tpk_msg(sm, peer->sm_tmr.dest,
335 peer->sm_tmr.action_code,
336 peer->sm_tmr.dialog_token,
337 peer->sm_tmr.status_code,
Dmitry Shmidtdf5a7e42014-04-02 12:59:59 -0700[diff] [blame]338 peer->sm_tmr.peer_capab,
Dmitry Shmidt9ead16e2014-10-07 13:15:23 -0700[diff] [blame]339 peer->initiator,
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]340 peer->sm_tmr.buf,
341 peer->sm_tmr.buf_len)) {
342 wpa_printf(MSG_INFO, "TDLS: Failed to retry "
343 "transmission");
344 }
345
346 eloop_cancel_timeout(wpa_tdls_tpk_retry_timeout, sm, peer);
Dmitry Shmidtf7e0a992013-05-23 11:03:10 -0700[diff] [blame]347 eloop_register_timeout(peer->sm_tmr.timer / 1000,
348 (peer->sm_tmr.timer % 1000) * 1000,
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]349 wpa_tdls_tpk_retry_timeout, sm, peer);
350 } else {
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]351 eloop_cancel_timeout(wpa_tdls_tpk_retry_timeout, sm, peer);
352
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]353 wpa_printf(MSG_DEBUG, "TDLS: Sending Teardown Request");
354 wpa_tdls_do_teardown(sm, peer,
Sunil Dutt6a9f5222013-09-30 17:10:18 +0300[diff] [blame]355 WLAN_REASON_TDLS_TEARDOWN_UNSPECIFIED);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]356 }
357}
358
359
360static void wpa_tdls_tpk_retry_timeout_cancel(struct wpa_sm *sm,
361 struct wpa_tdls_peer *peer,
362 u8 action_code)
363{
364 if (action_code == peer->sm_tmr.action_code) {
365 wpa_printf(MSG_DEBUG, "TDLS: Retry timeout cancelled for "
366 "action_code=%u", action_code);
367
368 /* Cancel Timeout registered */
369 eloop_cancel_timeout(wpa_tdls_tpk_retry_timeout, sm, peer);
370
371 /* free all resources meant for retry */
372 os_free(peer->sm_tmr.buf);
373 peer->sm_tmr.buf = NULL;
374
375 peer->sm_tmr.count = 0;
376 peer->sm_tmr.timer = 0;
377 peer->sm_tmr.buf_len = 0;
378 peer->sm_tmr.action_code = 0xff;
379 } else {
380 wpa_printf(MSG_INFO, "TDLS: Error in cancelling retry timeout "
381 "(Unknown action_code=%u)", action_code);
382 }
383}
384
385
386static void wpa_tdls_generate_tpk(struct wpa_tdls_peer *peer,
387 const u8 *own_addr, const u8 *bssid)
388{
389 u8 key_input[SHA256_MAC_LEN];
390 const u8 *nonce[2];
391 size_t len[2];
392 u8 data[3 * ETH_ALEN];
393
394 /* IEEE Std 802.11z-2010 8.5.9.1:
395 * TPK-Key-Input = SHA-256(min(SNonce, ANonce) || max(SNonce, ANonce))
396 */
397 len[0] = WPA_NONCE_LEN;
398 len[1] = WPA_NONCE_LEN;
399 if (os_memcmp(peer->inonce, peer->rnonce, WPA_NONCE_LEN) < 0) {
400 nonce[0] = peer->inonce;
401 nonce[1] = peer->rnonce;
402 } else {
403 nonce[0] = peer->rnonce;
404 nonce[1] = peer->inonce;
405 }
406 wpa_hexdump(MSG_DEBUG, "TDLS: min(Nonce)", nonce[0], WPA_NONCE_LEN);
407 wpa_hexdump(MSG_DEBUG, "TDLS: max(Nonce)", nonce[1], WPA_NONCE_LEN);
408 sha256_vector(2, nonce, len, key_input);
409 wpa_hexdump_key(MSG_DEBUG, "TDLS: TPK-Key-Input",
410 key_input, SHA256_MAC_LEN);
411
412 /*
413 * TPK-Key-Data = KDF-N_KEY(TPK-Key-Input, "TDLS PMK",
414 * min(MAC_I, MAC_R) || max(MAC_I, MAC_R) || BSSID || N_KEY)
415 * TODO: is N_KEY really included in KDF Context and if so, in which
416 * presentation format (little endian 16-bit?) is it used? It gets
417 * added by the KDF anyway..
418 */
419
420 if (os_memcmp(own_addr, peer->addr, ETH_ALEN) < 0) {
421 os_memcpy(data, own_addr, ETH_ALEN);
422 os_memcpy(data + ETH_ALEN, peer->addr, ETH_ALEN);
423 } else {
424 os_memcpy(data, peer->addr, ETH_ALEN);
425 os_memcpy(data + ETH_ALEN, own_addr, ETH_ALEN);
426 }
427 os_memcpy(data + 2 * ETH_ALEN, bssid, ETH_ALEN);
428 wpa_hexdump(MSG_DEBUG, "TDLS: KDF Context", data, sizeof(data));
429
430 sha256_prf(key_input, SHA256_MAC_LEN, "TDLS PMK", data, sizeof(data),
431 (u8 *) &peer->tpk, sizeof(peer->tpk));
432 wpa_hexdump_key(MSG_DEBUG, "TDLS: TPK-KCK",
433 peer->tpk.kck, sizeof(peer->tpk.kck));
434 wpa_hexdump_key(MSG_DEBUG, "TDLS: TPK-TK",
435 peer->tpk.tk, sizeof(peer->tpk.tk));
436 peer->tpk_set = 1;
437}
438
439
440/**
441 * wpa_tdls_ftie_mic - Calculate TDLS FTIE MIC
442 * @kck: TPK-KCK
443 * @lnkid: Pointer to the beginning of Link Identifier IE
444 * @rsnie: Pointer to the beginning of RSN IE used for handshake
445 * @timeoutie: Pointer to the beginning of Timeout IE used for handshake
446 * @ftie: Pointer to the beginning of FT IE
447 * @mic: Pointer for writing MIC
448 *
449 * Calculate MIC for TDLS frame.
450 */
451static int wpa_tdls_ftie_mic(const u8 *kck, u8 trans_seq, const u8 *lnkid,
452 const u8 *rsnie, const u8 *timeoutie,
453 const u8 *ftie, u8 *mic)
454{
455 u8 *buf, *pos;
456 struct wpa_tdls_ftie *_ftie;
457 const struct wpa_tdls_lnkid *_lnkid;
458 int ret;
459 int len = 2 * ETH_ALEN + 1 + 2 + lnkid[1] + 2 + rsnie[1] +
460 2 + timeoutie[1] + 2 + ftie[1];
461 buf = os_zalloc(len);
462 if (!buf) {
463 wpa_printf(MSG_WARNING, "TDLS: No memory for MIC calculation");
464 return -1;
465 }
466
467 pos = buf;
468 _lnkid = (const struct wpa_tdls_lnkid *) lnkid;
469 /* 1) TDLS initiator STA MAC address */
470 os_memcpy(pos, _lnkid->init_sta, ETH_ALEN);
471 pos += ETH_ALEN;
472 /* 2) TDLS responder STA MAC address */
473 os_memcpy(pos, _lnkid->resp_sta, ETH_ALEN);
474 pos += ETH_ALEN;
475 /* 3) Transaction Sequence number */
476 *pos++ = trans_seq;
477 /* 4) Link Identifier IE */
478 os_memcpy(pos, lnkid, 2 + lnkid[1]);
479 pos += 2 + lnkid[1];
480 /* 5) RSN IE */
481 os_memcpy(pos, rsnie, 2 + rsnie[1]);
482 pos += 2 + rsnie[1];
483 /* 6) Timeout Interval IE */
484 os_memcpy(pos, timeoutie, 2 + timeoutie[1]);
485 pos += 2 + timeoutie[1];
486 /* 7) FTIE, with the MIC field of the FTIE set to 0 */
487 os_memcpy(pos, ftie, 2 + ftie[1]);
488 _ftie = (struct wpa_tdls_ftie *) pos;
489 os_memset(_ftie->mic, 0, TDLS_MIC_LEN);
490 pos += 2 + ftie[1];
491
492 wpa_hexdump(MSG_DEBUG, "TDLS: Data for FTIE MIC", buf, pos - buf);
493 wpa_hexdump_key(MSG_DEBUG, "TDLS: KCK", kck, 16);
494 ret = omac1_aes_128(kck, buf, pos - buf, mic);
495 os_free(buf);
496 wpa_hexdump(MSG_DEBUG, "TDLS: FTIE MIC", mic, 16);
497 return ret;
498}
499
500
501/**
502 * wpa_tdls_key_mic_teardown - Calculate TDLS FTIE MIC for Teardown frame
503 * @kck: TPK-KCK
504 * @trans_seq: Transaction Sequence Number (4 - Teardown)
505 * @rcode: Reason code for Teardown
506 * @dtoken: Dialog Token used for that particular link
507 * @lnkid: Pointer to the beginning of Link Identifier IE
508 * @ftie: Pointer to the beginning of FT IE
509 * @mic: Pointer for writing MIC
510 *
511 * Calculate MIC for TDLS frame.
512 */
513static int wpa_tdls_key_mic_teardown(const u8 *kck, u8 trans_seq, u16 rcode,
514 u8 dtoken, const u8 *lnkid,
515 const u8 *ftie, u8 *mic)
516{
517 u8 *buf, *pos;
518 struct wpa_tdls_ftie *_ftie;
519 int ret;
520 int len;
521
522 if (lnkid == NULL)
523 return -1;
524
525 len = 2 + lnkid[1] + sizeof(rcode) + sizeof(dtoken) +
526 sizeof(trans_seq) + 2 + ftie[1];
527
528 buf = os_zalloc(len);
529 if (!buf) {
530 wpa_printf(MSG_WARNING, "TDLS: No memory for MIC calculation");
531 return -1;
532 }
533
534 pos = buf;
535 /* 1) Link Identifier IE */
536 os_memcpy(pos, lnkid, 2 + lnkid[1]);
537 pos += 2 + lnkid[1];
538 /* 2) Reason Code */
539 WPA_PUT_LE16(pos, rcode);
540 pos += sizeof(rcode);
541 /* 3) Dialog token */
542 *pos++ = dtoken;
543 /* 4) Transaction Sequence number */
544 *pos++ = trans_seq;
545 /* 7) FTIE, with the MIC field of the FTIE set to 0 */
546 os_memcpy(pos, ftie, 2 + ftie[1]);
547 _ftie = (struct wpa_tdls_ftie *) pos;
548 os_memset(_ftie->mic, 0, TDLS_MIC_LEN);
549 pos += 2 + ftie[1];
550
551 wpa_hexdump(MSG_DEBUG, "TDLS: Data for FTIE MIC", buf, pos - buf);
552 wpa_hexdump_key(MSG_DEBUG, "TDLS: KCK", kck, 16);
553 ret = omac1_aes_128(kck, buf, pos - buf, mic);
554 os_free(buf);
555 wpa_hexdump(MSG_DEBUG, "TDLS: FTIE MIC", mic, 16);
556 return ret;
557}
558
559
560static int wpa_supplicant_verify_tdls_mic(u8 trans_seq,
561 struct wpa_tdls_peer *peer,
562 const u8 *lnkid, const u8 *timeoutie,
563 const struct wpa_tdls_ftie *ftie)
564{
565 u8 mic[16];
566
567 if (peer->tpk_set) {
568 wpa_tdls_ftie_mic(peer->tpk.kck, trans_seq, lnkid,
569 peer->rsnie_p, timeoutie, (u8 *) ftie,
570 mic);
Dmitry Shmidtc2817022014-07-02 10:32:10 -0700[diff] [blame]571 if (os_memcmp_const(mic, ftie->mic, 16) != 0) {
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]572 wpa_printf(MSG_INFO, "TDLS: Invalid MIC in FTIE - "
573 "dropping packet");
574 wpa_hexdump(MSG_DEBUG, "TDLS: Received MIC",
575 ftie->mic, 16);
576 wpa_hexdump(MSG_DEBUG, "TDLS: Calculated MIC",
577 mic, 16);
578 return -1;
579 }
580 } else {
581 wpa_printf(MSG_WARNING, "TDLS: Could not verify TDLS MIC, "
582 "TPK not set - dropping packet");
583 return -1;
584 }
585 return 0;
586}
587
588
589static int wpa_supplicant_verify_tdls_mic_teardown(
590 u8 trans_seq, u16 rcode, u8 dtoken, struct wpa_tdls_peer *peer,
591 const u8 *lnkid, const struct wpa_tdls_ftie *ftie)
592{
593 u8 mic[16];
594
595 if (peer->tpk_set) {
596 wpa_tdls_key_mic_teardown(peer->tpk.kck, trans_seq, rcode,
597 dtoken, lnkid, (u8 *) ftie, mic);
Dmitry Shmidtc2817022014-07-02 10:32:10 -0700[diff] [blame]598 if (os_memcmp_const(mic, ftie->mic, 16) != 0) {
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]599 wpa_printf(MSG_INFO, "TDLS: Invalid MIC in Teardown - "
600 "dropping packet");
601 return -1;
602 }
603 } else {
604 wpa_printf(MSG_INFO, "TDLS: Could not verify TDLS Teardown "
605 "MIC, TPK not set - dropping packet");
606 return -1;
607 }
608 return 0;
609}
610
611
612static void wpa_tdls_tpk_timeout(void *eloop_ctx, void *timeout_ctx)
613{
614 struct wpa_sm *sm = eloop_ctx;
615 struct wpa_tdls_peer *peer = timeout_ctx;
616
617 /*
618 * On TPK lifetime expiration, we have an option of either tearing down
619 * the direct link or trying to re-initiate it. The selection of what
620 * to do is not strictly speaking controlled by our role in the expired
621 * link, but for now, use that to select whether to renew or tear down
622 * the link.
623 */
624
625 if (peer->initiator) {
626 wpa_printf(MSG_DEBUG, "TDLS: TPK lifetime expired for " MACSTR
627 " - try to renew", MAC2STR(peer->addr));
628 wpa_tdls_start(sm, peer->addr);
629 } else {
630 wpa_printf(MSG_DEBUG, "TDLS: TPK lifetime expired for " MACSTR
631 " - tear down", MAC2STR(peer->addr));
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]632 wpa_tdls_do_teardown(sm, peer,
Sunil Dutt6a9f5222013-09-30 17:10:18 +0300[diff] [blame]633 WLAN_REASON_TDLS_TEARDOWN_UNSPECIFIED);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]634 }
635}
636
637
Dmitry Shmidtd30ac602014-06-30 09:54:22 -0700[diff] [blame]638static void wpa_tdls_peer_remove_from_list(struct wpa_sm *sm,
639 struct wpa_tdls_peer *peer)
640{
641 struct wpa_tdls_peer *cur, *prev;
642
643 cur = sm->tdls;
644 prev = NULL;
645 while (cur && cur != peer) {
646 prev = cur;
647 cur = cur->next;
648 }
649
650 if (cur != peer) {
651 wpa_printf(MSG_ERROR, "TDLS: Could not find peer " MACSTR
652 " to remove it from the list",
653 MAC2STR(peer->addr));
654 return;
655 }
656
657 if (prev)
658 prev->next = peer->next;
659 else
660 sm->tdls = peer->next;
661}
662
663
664static void wpa_tdls_peer_clear(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]665{
666 wpa_printf(MSG_DEBUG, "TDLS: Clear state for peer " MACSTR,
667 MAC2STR(peer->addr));
668 eloop_cancel_timeout(wpa_tdls_tpk_timeout, sm, peer);
669 eloop_cancel_timeout(wpa_tdls_tpk_retry_timeout, sm, peer);
Dmitry Shmidt8da800a2013-04-24 12:57:01 -0700[diff] [blame]670 peer->reconfig_key = 0;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]671 peer->initiator = 0;
Sunil Dutt73b28cc2013-09-30 17:38:41 +0300[diff] [blame]672 peer->tpk_in_progress = 0;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]673 os_free(peer->sm_tmr.buf);
674 peer->sm_tmr.buf = NULL;
Dmitry Shmidtf8623282013-02-20 14:34:59 -0800[diff] [blame]675 os_free(peer->ht_capabilities);
676 peer->ht_capabilities = NULL;
Dmitry Shmidt33e38bf2013-02-27 12:56:00 -0800[diff] [blame]677 os_free(peer->vht_capabilities);
678 peer->vht_capabilities = NULL;
Dmitry Shmidtf8623282013-02-20 14:34:59 -0800[diff] [blame]679 os_free(peer->ext_capab);
680 peer->ext_capab = NULL;
Dmitry Shmidt344abd32014-01-14 13:17:00 -0800[diff] [blame]681 os_free(peer->supp_channels);
682 peer->supp_channels = NULL;
683 os_free(peer->supp_oper_classes);
684 peer->supp_oper_classes = NULL;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]685 peer->rsnie_i_len = peer->rsnie_p_len = 0;
686 peer->cipher = 0;
Dmitry Shmidtdf5a7e42014-04-02 12:59:59 -0700[diff] [blame]687 peer->qos_info = 0;
688 peer->wmm_capable = 0;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]689 peer->tpk_set = peer->tpk_success = 0;
690 os_memset(&peer->tpk, 0, sizeof(peer->tpk));
691 os_memset(peer->inonce, 0, WPA_NONCE_LEN);
692 os_memset(peer->rnonce, 0, WPA_NONCE_LEN);
693}
694
695
Dmitry Shmidtd30ac602014-06-30 09:54:22 -0700[diff] [blame]696static void wpa_tdls_peer_free(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
697{
698 wpa_tdls_peer_clear(sm, peer);
699 wpa_tdls_peer_remove_from_list(sm, peer);
700 os_free(peer);
701}
702
703
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]704static void wpa_tdls_linkid(struct wpa_sm *sm, struct wpa_tdls_peer *peer,
705 struct wpa_tdls_lnkid *lnkid)
706{
707 lnkid->ie_type = WLAN_EID_LINK_ID;
708 lnkid->ie_len = 3 * ETH_ALEN;
709 os_memcpy(lnkid->bssid, sm->bssid, ETH_ALEN);
710 if (peer->initiator) {
711 os_memcpy(lnkid->init_sta, sm->own_addr, ETH_ALEN);
712 os_memcpy(lnkid->resp_sta, peer->addr, ETH_ALEN);
713 } else {
714 os_memcpy(lnkid->init_sta, peer->addr, ETH_ALEN);
715 os_memcpy(lnkid->resp_sta, sm->own_addr, ETH_ALEN);
716 }
717}
718
719
Dmitry Shmidtb58836e2014-04-29 14:35:56 -0700[diff] [blame]720static int wpa_tdls_send_teardown(struct wpa_sm *sm, const u8 *addr,
721 u16 reason_code)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]722{
723 struct wpa_tdls_peer *peer;
724 struct wpa_tdls_ftie *ftie;
725 struct wpa_tdls_lnkid lnkid;
726 u8 dialog_token;
727 u8 *rbuf, *pos;
728 int ielen;
729
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]730 if (sm->tdls_disabled || !sm->tdls_supported)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]731 return -1;
732
733 /* Find the node and free from the list */
734 for (peer = sm->tdls; peer; peer = peer->next) {
735 if (os_memcmp(peer->addr, addr, ETH_ALEN) == 0)
736 break;
737 }
738
739 if (peer == NULL) {
740 wpa_printf(MSG_INFO, "TDLS: No matching entry found for "
741 "Teardown " MACSTR, MAC2STR(addr));
742 return 0;
743 }
744
745 dialog_token = peer->dtoken;
746
747 wpa_printf(MSG_DEBUG, "TDLS: TDLS Teardown for " MACSTR,
748 MAC2STR(addr));
749
750 ielen = 0;
751 if (wpa_tdls_get_privacy(sm) && peer->tpk_set && peer->tpk_success) {
752 /* To add FTIE for Teardown request and compute MIC */
753 ielen += sizeof(*ftie);
754#ifdef CONFIG_TDLS_TESTING
755 if (tdls_testing & TDLS_TESTING_LONG_FRAME)
756 ielen += 170;
757#endif /* CONFIG_TDLS_TESTING */
758 }
759
760 rbuf = os_zalloc(ielen + 1);
761 if (rbuf == NULL)
762 return -1;
763 pos = rbuf;
764
Dmitry Shmidt51b6ea82013-05-08 10:42:09 -0700[diff] [blame]765 if (!wpa_tdls_get_privacy(sm) || !peer->tpk_set || !peer->tpk_success)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]766 goto skip_ies;
767
768 ftie = (struct wpa_tdls_ftie *) pos;
769 ftie->ie_type = WLAN_EID_FAST_BSS_TRANSITION;
770 /* Using the recent nonce which should be for CONFIRM frame */
771 os_memcpy(ftie->Anonce, peer->rnonce, WPA_NONCE_LEN);
772 os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
773 ftie->ie_len = sizeof(struct wpa_tdls_ftie) - 2;
774 pos = (u8 *) (ftie + 1);
775#ifdef CONFIG_TDLS_TESTING
776 if (tdls_testing & TDLS_TESTING_LONG_FRAME) {
777 wpa_printf(MSG_DEBUG, "TDLS: Testing - add extra subelem to "
778 "FTIE");
779 ftie->ie_len += 170;
780 *pos++ = 255; /* FTIE subelem */
781 *pos++ = 168; /* FTIE subelem length */
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]782 pos += 168;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]783 }
784#endif /* CONFIG_TDLS_TESTING */
785 wpa_hexdump(MSG_DEBUG, "TDLS: FTIE for TDLS Teardown handshake",
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]786 (u8 *) ftie, pos - (u8 *) ftie);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]787
788 /* compute MIC before sending */
789 wpa_tdls_linkid(sm, peer, &lnkid);
790 wpa_tdls_key_mic_teardown(peer->tpk.kck, 4, reason_code,
791 dialog_token, (u8 *) &lnkid, (u8 *) ftie,
792 ftie->mic);
793
794skip_ies:
795 /* TODO: register for a Timeout handler, if Teardown is not received at
796 * the other end, then try again another time */
797
798 /* request driver to send Teardown using this FTIE */
799 wpa_tdls_tpk_send(sm, addr, WLAN_TDLS_TEARDOWN, 0,
Dmitry Shmidt9ead16e2014-10-07 13:15:23 -0700[diff] [blame]800 reason_code, 0, peer->initiator, rbuf, pos - rbuf);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]801 os_free(rbuf);
802
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]803 return 0;
804}
805
806
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]807int wpa_tdls_teardown_link(struct wpa_sm *sm, const u8 *addr, u16 reason_code)
808{
809 struct wpa_tdls_peer *peer;
810
811 if (sm->tdls_disabled || !sm->tdls_supported)
812 return -1;
813
814 for (peer = sm->tdls; peer; peer = peer->next) {
815 if (os_memcmp(peer->addr, addr, ETH_ALEN) == 0)
816 break;
817 }
818
819 if (peer == NULL) {
820 wpa_printf(MSG_DEBUG, "TDLS: Could not find peer " MACSTR
821 " for link Teardown", MAC2STR(addr));
822 return -1;
823 }
824
825 if (!peer->tpk_success) {
826 wpa_printf(MSG_DEBUG, "TDLS: Peer " MACSTR
827 " not connected - cannot Teardown link", MAC2STR(addr));
828 return -1;
829 }
830
Sunil Dutt6a9f5222013-09-30 17:10:18 +0300[diff] [blame]831 return wpa_tdls_do_teardown(sm, peer, reason_code);
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]832}
833
834
Sunil Dutt38ffd882013-09-30 17:23:23 +0300[diff] [blame]835static void wpa_tdls_disable_peer_link(struct wpa_sm *sm,
836 struct wpa_tdls_peer *peer)
837{
838 wpa_sm_tdls_oper(sm, TDLS_DISABLE_LINK, peer->addr);
839 wpa_tdls_peer_free(sm, peer);
840}
841
842
Dmitry Shmidt43cb5782014-06-16 16:23:22 -0700[diff] [blame]843void wpa_tdls_disable_unreachable_link(struct wpa_sm *sm, const u8 *addr)
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]844{
845 struct wpa_tdls_peer *peer;
846
847 for (peer = sm->tdls; peer; peer = peer->next) {
848 if (os_memcmp(peer->addr, addr, ETH_ALEN) == 0)
849 break;
850 }
851
Dmitry Shmidt43cb5782014-06-16 16:23:22 -0700[diff] [blame]852 if (!peer || !peer->tpk_success) {
853 wpa_printf(MSG_DEBUG, "TDLS: Peer " MACSTR
854 " not connected - cannot teardown unreachable link",
855 MAC2STR(addr));
856 return;
857 }
858
859 if (wpa_tdls_is_external_setup(sm)) {
860 /*
861 * Disable the link, send a teardown packet through the
862 * AP, and then reset link data.
863 */
864 wpa_sm_tdls_oper(sm, TDLS_DISABLE_LINK, addr);
865 wpa_tdls_send_teardown(sm, addr,
866 WLAN_REASON_TDLS_TEARDOWN_UNREACHABLE);
867 wpa_tdls_peer_free(sm, peer);
868 } else {
Sunil Dutt38ffd882013-09-30 17:23:23 +0300[diff] [blame]869 wpa_tdls_disable_peer_link(sm, peer);
Dmitry Shmidt43cb5782014-06-16 16:23:22 -0700[diff] [blame]870 }
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]871}
872
873
Dmitry Shmidte0e48dc2013-11-18 12:00:06 -0800[diff] [blame]874const char * wpa_tdls_get_link_status(struct wpa_sm *sm, const u8 *addr)
875{
876 struct wpa_tdls_peer *peer;
877
878 if (sm->tdls_disabled || !sm->tdls_supported)
879 return "disabled";
880
881 for (peer = sm->tdls; peer; peer = peer->next) {
882 if (os_memcmp(peer->addr, addr, ETH_ALEN) == 0)
883 break;
884 }
885
886 if (peer == NULL)
887 return "peer does not exist";
888
889 if (!peer->tpk_success)
890 return "peer not connected";
891
892 return "connected";
893}
894
895
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]896static int wpa_tdls_recv_teardown(struct wpa_sm *sm, const u8 *src_addr,
897 const u8 *buf, size_t len)
898{
899 struct wpa_tdls_peer *peer = NULL;
900 struct wpa_tdls_ftie *ftie;
901 struct wpa_tdls_lnkid *lnkid;
902 struct wpa_eapol_ie_parse kde;
903 u16 reason_code;
904 const u8 *pos;
905 int ielen;
906
907 /* Find the node and free from the list */
908 for (peer = sm->tdls; peer; peer = peer->next) {
909 if (os_memcmp(peer->addr, src_addr, ETH_ALEN) == 0)
910 break;
911 }
912
913 if (peer == NULL) {
914 wpa_printf(MSG_INFO, "TDLS: No matching entry found for "
915 "Teardown " MACSTR, MAC2STR(src_addr));
916 return 0;
917 }
918
919 pos = buf;
920 pos += 1 /* pkt_type */ + 1 /* Category */ + 1 /* Action */;
921
922 reason_code = WPA_GET_LE16(pos);
923 pos += 2;
924
925 wpa_printf(MSG_DEBUG, "TDLS: TDLS Teardown Request from " MACSTR
926 " (reason code %u)", MAC2STR(src_addr), reason_code);
927
928 ielen = len - (pos - buf); /* start of IE in buf */
929 if (wpa_supplicant_parse_ies((const u8 *) pos, ielen, &kde) < 0) {
930 wpa_printf(MSG_INFO, "TDLS: Failed to parse IEs in Teardown");
931 return -1;
932 }
933
934 if (kde.lnkid == NULL || kde.lnkid_len < 3 * ETH_ALEN) {
935 wpa_printf(MSG_INFO, "TDLS: No Link Identifier IE in TDLS "
936 "Teardown");
937 return -1;
938 }
939 lnkid = (struct wpa_tdls_lnkid *) kde.lnkid;
940
941 if (!wpa_tdls_get_privacy(sm) || !peer->tpk_set || !peer->tpk_success)
942 goto skip_ftie;
943
944 if (kde.ftie == NULL || kde.ftie_len < sizeof(*ftie)) {
945 wpa_printf(MSG_INFO, "TDLS: No FTIE in TDLS Teardown");
946 return -1;
947 }
948
949 ftie = (struct wpa_tdls_ftie *) kde.ftie;
950
951 /* Process MIC check to see if TDLS Teardown is right */
952 if (wpa_supplicant_verify_tdls_mic_teardown(4, reason_code,
953 peer->dtoken, peer,
954 (u8 *) lnkid, ftie) < 0) {
955 wpa_printf(MSG_DEBUG, "TDLS: MIC failure for TDLS "
956 "Teardown Request from " MACSTR, MAC2STR(src_addr));
957 return -1;
958 }
959
960skip_ftie:
961 /*
962 * Request the driver to disable the direct link and clear associated
963 * keys.
964 */
Sunil Dutt38ffd882013-09-30 17:23:23 +0300[diff] [blame]965 wpa_tdls_disable_peer_link(sm, peer);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]966 return 0;
967}
968
969
970/**
971 * wpa_tdls_send_error - To send suitable TDLS status response with
972 * appropriate status code mentioning reason for error/failure.
973 * @dst - MAC addr of Peer station
974 * @tdls_action - TDLS frame type for which error code is sent
Dmitry Shmidt9ead16e2014-10-07 13:15:23 -0700[diff] [blame]975 * @initiator - was this end the initiator of the connection
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]976 * @status - status code mentioning reason
977 */
978
979static int wpa_tdls_send_error(struct wpa_sm *sm, const u8 *dst,
Dmitry Shmidt9ead16e2014-10-07 13:15:23 -0700[diff] [blame]980 u8 tdls_action, u8 dialog_token, int initiator,
981 u16 status)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]982{
983 wpa_printf(MSG_DEBUG, "TDLS: Sending error to " MACSTR
984 " (action=%u status=%u)",
985 MAC2STR(dst), tdls_action, status);
986 return wpa_tdls_tpk_send(sm, dst, tdls_action, dialog_token, status,
Dmitry Shmidt9ead16e2014-10-07 13:15:23 -0700[diff] [blame]987 0, initiator, NULL, 0);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]988}
989
990
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]991static struct wpa_tdls_peer *
Dmitry Shmidt4b9d52f2013-02-05 17:44:43 -0800[diff] [blame]992wpa_tdls_add_peer(struct wpa_sm *sm, const u8 *addr, int *existing)
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]993{
994 struct wpa_tdls_peer *peer;
995
Dmitry Shmidt4b9d52f2013-02-05 17:44:43 -0800[diff] [blame]996 if (existing)
997 *existing = 0;
998 for (peer = sm->tdls; peer; peer = peer->next) {
999 if (os_memcmp(peer->addr, addr, ETH_ALEN) == 0) {
1000 if (existing)
1001 *existing = 1;
1002 return peer; /* re-use existing entry */
1003 }
1004 }
1005
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]1006 wpa_printf(MSG_INFO, "TDLS: Creating peer entry for " MACSTR,
1007 MAC2STR(addr));
1008
1009 peer = os_zalloc(sizeof(*peer));
1010 if (peer == NULL)
1011 return NULL;
1012
1013 os_memcpy(peer->addr, addr, ETH_ALEN);
1014 peer->next = sm->tdls;
1015 sm->tdls = peer;
1016
1017 return peer;
1018}
1019
1020
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1021static int wpa_tdls_send_tpk_m1(struct wpa_sm *sm,
1022 struct wpa_tdls_peer *peer)
1023{
1024 size_t buf_len;
1025 struct wpa_tdls_timeoutie timeoutie;
1026 u16 rsn_capab;
1027 struct wpa_tdls_ftie *ftie;
1028 u8 *rbuf, *pos, *count_pos;
1029 u16 count;
1030 struct rsn_ie_hdr *hdr;
Dmitry Shmidtd5c075b2013-08-05 14:36:10 -0700[diff] [blame]1031 int status;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1032
1033 if (!wpa_tdls_get_privacy(sm)) {
1034 wpa_printf(MSG_DEBUG, "TDLS: No security used on the link");
1035 peer->rsnie_i_len = 0;
1036 goto skip_rsnie;
1037 }
1038
1039 /*
1040 * TPK Handshake Message 1:
1041 * FTIE: ANonce=0, SNonce=initiator nonce MIC=0, DataKDs=(RSNIE_I,
1042 * Timeout Interval IE))
1043 */
1044
1045 /* Filling RSN IE */
1046 hdr = (struct rsn_ie_hdr *) peer->rsnie_i;
1047 hdr->elem_id = WLAN_EID_RSN;
1048 WPA_PUT_LE16(hdr->version, RSN_VERSION);
1049
1050 pos = (u8 *) (hdr + 1);
1051 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_NO_GROUP_ADDRESSED);
1052 pos += RSN_SELECTOR_LEN;
1053 count_pos = pos;
1054 pos += 2;
1055
1056 count = 0;
1057
1058 /*
1059 * AES-CCMP is the default Encryption preferred for TDLS, so
1060 * RSN IE is filled only with CCMP CIPHER
1061 * Note: TKIP is not used to encrypt TDLS link.
1062 *
1063 * Regardless of the cipher used on the AP connection, select CCMP
1064 * here.
1065 */
1066 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
1067 pos += RSN_SELECTOR_LEN;
1068 count++;
1069
1070 WPA_PUT_LE16(count_pos, count);
1071
1072 WPA_PUT_LE16(pos, 1);
1073 pos += 2;
1074 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_TPK_HANDSHAKE);
1075 pos += RSN_SELECTOR_LEN;
1076
1077 rsn_capab = WPA_CAPABILITY_PEERKEY_ENABLED;
1078 rsn_capab |= RSN_NUM_REPLAY_COUNTERS_16 << 2;
1079#ifdef CONFIG_TDLS_TESTING
1080 if (tdls_testing & TDLS_TESTING_ALT_RSN_IE) {
1081 wpa_printf(MSG_DEBUG, "TDLS: Use alternative RSN IE for "
1082 "testing");
1083 rsn_capab = WPA_CAPABILITY_PEERKEY_ENABLED;
1084 }
1085#endif /* CONFIG_TDLS_TESTING */
1086 WPA_PUT_LE16(pos, rsn_capab);
1087 pos += 2;
1088#ifdef CONFIG_TDLS_TESTING
1089 if (tdls_testing & TDLS_TESTING_ALT_RSN_IE) {
1090 /* Number of PMKIDs */
1091 *pos++ = 0x00;
1092 *pos++ = 0x00;
1093 }
1094#endif /* CONFIG_TDLS_TESTING */
1095
1096 hdr->len = (pos - peer->rsnie_i) - 2;
1097 peer->rsnie_i_len = pos - peer->rsnie_i;
1098 wpa_hexdump(MSG_DEBUG, "TDLS: RSN IE for TPK handshake",
1099 peer->rsnie_i, peer->rsnie_i_len);
1100
1101skip_rsnie:
1102 buf_len = 0;
1103 if (wpa_tdls_get_privacy(sm))
1104 buf_len += peer->rsnie_i_len + sizeof(struct wpa_tdls_ftie) +
1105 sizeof(struct wpa_tdls_timeoutie);
1106#ifdef CONFIG_TDLS_TESTING
1107 if (wpa_tdls_get_privacy(sm) &&
1108 (tdls_testing & TDLS_TESTING_LONG_FRAME))
1109 buf_len += 170;
1110 if (tdls_testing & TDLS_TESTING_DIFF_BSSID)
1111 buf_len += sizeof(struct wpa_tdls_lnkid);
1112#endif /* CONFIG_TDLS_TESTING */
1113 rbuf = os_zalloc(buf_len + 1);
1114 if (rbuf == NULL) {
1115 wpa_tdls_peer_free(sm, peer);
1116 return -1;
1117 }
1118 pos = rbuf;
1119
1120 if (!wpa_tdls_get_privacy(sm))
1121 goto skip_ies;
1122
1123 /* Initiator RSN IE */
1124 pos = wpa_add_ie(pos, peer->rsnie_i, peer->rsnie_i_len);
1125
1126 ftie = (struct wpa_tdls_ftie *) pos;
1127 ftie->ie_type = WLAN_EID_FAST_BSS_TRANSITION;
1128 ftie->ie_len = sizeof(struct wpa_tdls_ftie) - 2;
1129
1130 if (os_get_random(peer->inonce, WPA_NONCE_LEN)) {
1131 wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
1132 "TDLS: Failed to get random data for initiator Nonce");
1133 os_free(rbuf);
1134 wpa_tdls_peer_free(sm, peer);
1135 return -1;
1136 }
1137 wpa_hexdump(MSG_DEBUG, "TDLS: Initiator Nonce for TPK handshake",
1138 peer->inonce, WPA_NONCE_LEN);
1139 os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
1140
1141 wpa_hexdump(MSG_DEBUG, "TDLS: FTIE for TPK Handshake M1",
1142 (u8 *) ftie, sizeof(struct wpa_tdls_ftie));
1143
1144 pos = (u8 *) (ftie + 1);
1145
1146#ifdef CONFIG_TDLS_TESTING
1147 if (tdls_testing & TDLS_TESTING_LONG_FRAME) {
1148 wpa_printf(MSG_DEBUG, "TDLS: Testing - add extra subelem to "
1149 "FTIE");
1150 ftie->ie_len += 170;
1151 *pos++ = 255; /* FTIE subelem */
1152 *pos++ = 168; /* FTIE subelem length */
1153 pos += 168;
1154 }
1155#endif /* CONFIG_TDLS_TESTING */
1156
1157 /* Lifetime */
1158 peer->lifetime = TPK_LIFETIME;
1159#ifdef CONFIG_TDLS_TESTING
1160 if (tdls_testing & TDLS_TESTING_SHORT_LIFETIME) {
1161 wpa_printf(MSG_DEBUG, "TDLS: Testing - use short TPK "
1162 "lifetime");
1163 peer->lifetime = 301;
1164 }
1165 if (tdls_testing & TDLS_TESTING_LONG_LIFETIME) {
1166 wpa_printf(MSG_DEBUG, "TDLS: Testing - use long TPK "
1167 "lifetime");
1168 peer->lifetime = 0xffffffff;
1169 }
1170#endif /* CONFIG_TDLS_TESTING */
1171 pos = wpa_add_tdls_timeoutie(pos, (u8 *) &timeoutie,
1172 sizeof(timeoutie), peer->lifetime);
1173 wpa_printf(MSG_DEBUG, "TDLS: TPK lifetime %u seconds", peer->lifetime);
1174
1175skip_ies:
1176
1177#ifdef CONFIG_TDLS_TESTING
1178 if (tdls_testing & TDLS_TESTING_DIFF_BSSID) {
1179 wpa_printf(MSG_DEBUG, "TDLS: Testing - use incorrect BSSID in "
1180 "Link Identifier");
1181 struct wpa_tdls_lnkid *l = (struct wpa_tdls_lnkid *) pos;
1182 wpa_tdls_linkid(sm, peer, l);
1183 l->bssid[5] ^= 0x01;
1184 pos += sizeof(*l);
1185 }
1186#endif /* CONFIG_TDLS_TESTING */
1187
1188 wpa_printf(MSG_DEBUG, "TDLS: Sending TDLS Setup Request / TPK "
1189 "Handshake Message 1 (peer " MACSTR ")",
1190 MAC2STR(peer->addr));
1191
Dmitry Shmidtd5c075b2013-08-05 14:36:10 -0700[diff] [blame]1192 status = wpa_tdls_tpk_send(sm, peer->addr, WLAN_TDLS_SETUP_REQUEST,
Dmitry Shmidt9ead16e2014-10-07 13:15:23 -0700[diff] [blame]1193 1, 0, 0, peer->initiator, rbuf, pos - rbuf);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1194 os_free(rbuf);
1195
Dmitry Shmidtd5c075b2013-08-05 14:36:10 -0700[diff] [blame]1196 return status;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1197}
1198
1199
1200static int wpa_tdls_send_tpk_m2(struct wpa_sm *sm,
1201 const unsigned char *src_addr, u8 dtoken,
1202 struct wpa_tdls_lnkid *lnkid,
1203 const struct wpa_tdls_peer *peer)
1204{
1205 u8 *rbuf, *pos;
1206 size_t buf_len;
1207 u32 lifetime;
1208 struct wpa_tdls_timeoutie timeoutie;
1209 struct wpa_tdls_ftie *ftie;
Dmitry Shmidtd5c075b2013-08-05 14:36:10 -0700[diff] [blame]1210 int status;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1211
1212 buf_len = 0;
1213 if (wpa_tdls_get_privacy(sm)) {
1214 /* Peer RSN IE, FTIE(Initiator Nonce, Responder Nonce),
1215 * Lifetime */
1216 buf_len += peer->rsnie_i_len + sizeof(struct wpa_tdls_ftie) +
1217 sizeof(struct wpa_tdls_timeoutie);
1218#ifdef CONFIG_TDLS_TESTING
1219 if (tdls_testing & TDLS_TESTING_LONG_FRAME)
1220 buf_len += 170;
1221#endif /* CONFIG_TDLS_TESTING */
1222 }
1223
1224 rbuf = os_zalloc(buf_len + 1);
1225 if (rbuf == NULL)
1226 return -1;
1227 pos = rbuf;
1228
1229 if (!wpa_tdls_get_privacy(sm))
1230 goto skip_ies;
1231
1232 /* Peer RSN IE */
1233 pos = wpa_add_ie(pos, peer->rsnie_p, peer->rsnie_p_len);
1234
1235 ftie = (struct wpa_tdls_ftie *) pos;
1236 ftie->ie_type = WLAN_EID_FAST_BSS_TRANSITION;
1237 /* TODO: ftie->mic_control to set 2-RESPONSE */
1238 os_memcpy(ftie->Anonce, peer->rnonce, WPA_NONCE_LEN);
1239 os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
1240 ftie->ie_len = sizeof(struct wpa_tdls_ftie) - 2;
1241 wpa_hexdump(MSG_DEBUG, "TDLS: FTIE for TPK M2",
1242 (u8 *) ftie, sizeof(*ftie));
1243
1244 pos = (u8 *) (ftie + 1);
1245
1246#ifdef CONFIG_TDLS_TESTING
1247 if (tdls_testing & TDLS_TESTING_LONG_FRAME) {
1248 wpa_printf(MSG_DEBUG, "TDLS: Testing - add extra subelem to "
1249 "FTIE");
1250 ftie->ie_len += 170;
1251 *pos++ = 255; /* FTIE subelem */
1252 *pos++ = 168; /* FTIE subelem length */
1253 pos += 168;
1254 }
1255#endif /* CONFIG_TDLS_TESTING */
1256
1257 /* Lifetime */
1258 lifetime = peer->lifetime;
1259#ifdef CONFIG_TDLS_TESTING
1260 if (tdls_testing & TDLS_TESTING_WRONG_LIFETIME_RESP) {
1261 wpa_printf(MSG_DEBUG, "TDLS: Testing - use wrong TPK "
1262 "lifetime in response");
1263 lifetime++;
1264 }
1265#endif /* CONFIG_TDLS_TESTING */
1266 pos = wpa_add_tdls_timeoutie(pos, (u8 *) &timeoutie,
1267 sizeof(timeoutie), lifetime);
1268 wpa_printf(MSG_DEBUG, "TDLS: TPK lifetime %u seconds from initiator",
1269 lifetime);
1270
1271 /* compute MIC before sending */
1272 wpa_tdls_ftie_mic(peer->tpk.kck, 2, (u8 *) lnkid, peer->rsnie_p,
1273 (u8 *) &timeoutie, (u8 *) ftie, ftie->mic);
Dmitry Shmidt21de2142014-04-08 10:50:52 -0700[diff] [blame]1274#ifdef CONFIG_TDLS_TESTING
1275 if (tdls_testing & TDLS_TESTING_WRONG_MIC) {
1276 wpa_printf(MSG_DEBUG, "TDLS: Testing - use wrong MIC");
1277 ftie->mic[0] ^= 0x01;
1278 }
1279#endif /* CONFIG_TDLS_TESTING */
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1280
1281skip_ies:
Dmitry Shmidtd5c075b2013-08-05 14:36:10 -0700[diff] [blame]1282 status = wpa_tdls_tpk_send(sm, src_addr, WLAN_TDLS_SETUP_RESPONSE,
Dmitry Shmidt9ead16e2014-10-07 13:15:23 -0700[diff] [blame]1283 dtoken, 0, 0, peer->initiator, rbuf,
1284 pos - rbuf);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1285 os_free(rbuf);
1286
Dmitry Shmidtd5c075b2013-08-05 14:36:10 -0700[diff] [blame]1287 return status;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1288}
1289
1290
1291static int wpa_tdls_send_tpk_m3(struct wpa_sm *sm,
1292 const unsigned char *src_addr, u8 dtoken,
1293 struct wpa_tdls_lnkid *lnkid,
1294 const struct wpa_tdls_peer *peer)
1295{
1296 u8 *rbuf, *pos;
1297 size_t buf_len;
1298 struct wpa_tdls_ftie *ftie;
1299 struct wpa_tdls_timeoutie timeoutie;
1300 u32 lifetime;
Dmitry Shmidtd5c075b2013-08-05 14:36:10 -0700[diff] [blame]1301 int status;
Dmitry Shmidtdf5a7e42014-04-02 12:59:59 -0700[diff] [blame]1302 u32 peer_capab = 0;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1303
1304 buf_len = 0;
1305 if (wpa_tdls_get_privacy(sm)) {
1306 /* Peer RSN IE, FTIE(Initiator Nonce, Responder Nonce),
1307 * Lifetime */
1308 buf_len += peer->rsnie_i_len + sizeof(struct wpa_tdls_ftie) +
1309 sizeof(struct wpa_tdls_timeoutie);
1310#ifdef CONFIG_TDLS_TESTING
1311 if (tdls_testing & TDLS_TESTING_LONG_FRAME)
1312 buf_len += 170;
1313#endif /* CONFIG_TDLS_TESTING */
1314 }
1315
1316 rbuf = os_zalloc(buf_len + 1);
1317 if (rbuf == NULL)
1318 return -1;
1319 pos = rbuf;
1320
1321 if (!wpa_tdls_get_privacy(sm))
1322 goto skip_ies;
1323
1324 /* Peer RSN IE */
1325 pos = wpa_add_ie(pos, peer->rsnie_p, peer->rsnie_p_len);
1326
1327 ftie = (struct wpa_tdls_ftie *) pos;
1328 ftie->ie_type = WLAN_EID_FAST_BSS_TRANSITION;
1329 /*TODO: ftie->mic_control to set 3-CONFIRM */
1330 os_memcpy(ftie->Anonce, peer->rnonce, WPA_NONCE_LEN);
1331 os_memcpy(ftie->Snonce, peer->inonce, WPA_NONCE_LEN);
1332 ftie->ie_len = sizeof(struct wpa_tdls_ftie) - 2;
1333
1334 pos = (u8 *) (ftie + 1);
1335
1336#ifdef CONFIG_TDLS_TESTING
1337 if (tdls_testing & TDLS_TESTING_LONG_FRAME) {
1338 wpa_printf(MSG_DEBUG, "TDLS: Testing - add extra subelem to "
1339 "FTIE");
1340 ftie->ie_len += 170;
1341 *pos++ = 255; /* FTIE subelem */
1342 *pos++ = 168; /* FTIE subelem length */
1343 pos += 168;
1344 }
1345#endif /* CONFIG_TDLS_TESTING */
1346
1347 /* Lifetime */
1348 lifetime = peer->lifetime;
1349#ifdef CONFIG_TDLS_TESTING
1350 if (tdls_testing & TDLS_TESTING_WRONG_LIFETIME_CONF) {
1351 wpa_printf(MSG_DEBUG, "TDLS: Testing - use wrong TPK "
1352 "lifetime in confirm");
1353 lifetime++;
1354 }
1355#endif /* CONFIG_TDLS_TESTING */
1356 pos = wpa_add_tdls_timeoutie(pos, (u8 *) &timeoutie,
1357 sizeof(timeoutie), lifetime);
1358 wpa_printf(MSG_DEBUG, "TDLS: TPK lifetime %u seconds",
1359 lifetime);
1360
1361 /* compute MIC before sending */
1362 wpa_tdls_ftie_mic(peer->tpk.kck, 3, (u8 *) lnkid, peer->rsnie_p,
1363 (u8 *) &timeoutie, (u8 *) ftie, ftie->mic);
Dmitry Shmidt21de2142014-04-08 10:50:52 -0700[diff] [blame]1364#ifdef CONFIG_TDLS_TESTING
1365 if (tdls_testing & TDLS_TESTING_WRONG_MIC) {
1366 wpa_printf(MSG_DEBUG, "TDLS: Testing - use wrong MIC");
1367 ftie->mic[0] ^= 0x01;
1368 }
1369#endif /* CONFIG_TDLS_TESTING */
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1370
Dmitry Shmidtb58836e2014-04-29 14:35:56 -0700[diff] [blame]1371skip_ies:
1372
Dmitry Shmidtdf5a7e42014-04-02 12:59:59 -0700[diff] [blame]1373 if (peer->vht_capabilities)
1374 peer_capab |= TDLS_PEER_VHT;
Dmitry Shmidtb58836e2014-04-29 14:35:56 -0700[diff] [blame]1375 if (peer->ht_capabilities)
Dmitry Shmidtdf5a7e42014-04-02 12:59:59 -0700[diff] [blame]1376 peer_capab |= TDLS_PEER_HT;
Dmitry Shmidtb58836e2014-04-29 14:35:56 -0700[diff] [blame]1377 if (peer->wmm_capable)
Dmitry Shmidtdf5a7e42014-04-02 12:59:59 -0700[diff] [blame]1378 peer_capab |= TDLS_PEER_WMM;
1379
Dmitry Shmidtd5c075b2013-08-05 14:36:10 -0700[diff] [blame]1380 status = wpa_tdls_tpk_send(sm, src_addr, WLAN_TDLS_SETUP_CONFIRM,
Dmitry Shmidt9ead16e2014-10-07 13:15:23 -0700[diff] [blame]1381 dtoken, 0, peer_capab, peer->initiator,
1382 rbuf, pos - rbuf);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1383 os_free(rbuf);
1384
Dmitry Shmidtd5c075b2013-08-05 14:36:10 -0700[diff] [blame]1385 return status;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1386}
1387
1388
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]1389static int wpa_tdls_send_discovery_response(struct wpa_sm *sm,
1390 struct wpa_tdls_peer *peer,
1391 u8 dialog_token)
1392{
Dmitry Shmidt661b4f72014-09-29 14:58:27 -0700[diff] [blame]1393 size_t buf_len = 0;
1394 struct wpa_tdls_timeoutie timeoutie;
1395 u16 rsn_capab;
1396 u8 *rbuf, *pos, *count_pos;
1397 u16 count;
1398 struct rsn_ie_hdr *hdr;
1399 int status;
1400
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]1401 wpa_printf(MSG_DEBUG, "TDLS: Sending TDLS Discovery Response "
1402 "(peer " MACSTR ")", MAC2STR(peer->addr));
Dmitry Shmidt661b4f72014-09-29 14:58:27 -0700[diff] [blame]1403 if (!wpa_tdls_get_privacy(sm))
1404 goto skip_rsn_ies;
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]1405
Dmitry Shmidt661b4f72014-09-29 14:58:27 -0700[diff] [blame]1406 /* Filling RSN IE */
1407 hdr = (struct rsn_ie_hdr *) peer->rsnie_i;
1408 hdr->elem_id = WLAN_EID_RSN;
1409 WPA_PUT_LE16(hdr->version, RSN_VERSION);
1410 pos = (u8 *) (hdr + 1);
1411 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_NO_GROUP_ADDRESSED);
1412 pos += RSN_SELECTOR_LEN;
1413 count_pos = pos;
1414 pos += 2;
1415 count = 0;
1416
1417 /*
1418 * AES-CCMP is the default encryption preferred for TDLS, so
1419 * RSN IE is filled only with CCMP cipher suite.
1420 * Note: TKIP is not used to encrypt TDLS link.
1421 *
1422 * Regardless of the cipher used on the AP connection, select CCMP
1423 * here.
1424 */
1425 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
1426 pos += RSN_SELECTOR_LEN;
1427 count++;
1428 WPA_PUT_LE16(count_pos, count);
1429 WPA_PUT_LE16(pos, 1);
1430 pos += 2;
1431 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_TPK_HANDSHAKE);
1432 pos += RSN_SELECTOR_LEN;
1433
1434 rsn_capab = WPA_CAPABILITY_PEERKEY_ENABLED;
1435 rsn_capab |= RSN_NUM_REPLAY_COUNTERS_16 << 2;
1436 WPA_PUT_LE16(pos, rsn_capab);
1437 pos += 2;
1438 hdr->len = (pos - (u8 *) hdr) - 2;
1439 peer->rsnie_i_len = pos - peer->rsnie_i;
1440
1441 wpa_hexdump(MSG_DEBUG, "TDLS: RSN IE for Discovery Response",
1442 (u8 *) hdr, hdr->len + 2);
1443skip_rsn_ies:
1444 buf_len = 0;
1445 if (wpa_tdls_get_privacy(sm)) {
1446 /* Peer RSN IE, Lifetime */
1447 buf_len += peer->rsnie_i_len +
1448 sizeof(struct wpa_tdls_timeoutie);
1449 }
1450 rbuf = os_zalloc(buf_len + 1);
1451 if (rbuf == NULL) {
1452 wpa_tdls_peer_free(sm, peer);
1453 return -1;
1454 }
1455 pos = rbuf;
1456
1457 if (!wpa_tdls_get_privacy(sm))
1458 goto skip_ies;
1459 /* Initiator RSN IE */
1460 pos = wpa_add_ie(pos, peer->rsnie_i, peer->rsnie_i_len);
1461 /* Lifetime */
1462 peer->lifetime = TPK_LIFETIME;
1463 pos = wpa_add_tdls_timeoutie(pos, (u8 *) &timeoutie,
1464 sizeof(timeoutie), peer->lifetime);
1465 wpa_printf(MSG_DEBUG, "TDLS: TPK lifetime %u seconds", peer->lifetime);
1466skip_ies:
1467 status = wpa_tdls_tpk_send(sm, peer->addr, WLAN_TDLS_DISCOVERY_RESPONSE,
Dmitry Shmidt9ead16e2014-10-07 13:15:23 -0700[diff] [blame]1468 dialog_token, 0, 0, 0, rbuf, pos - rbuf);
Dmitry Shmidt661b4f72014-09-29 14:58:27 -0700[diff] [blame]1469 os_free(rbuf);
1470
1471 return status;
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]1472}
1473
1474
1475static int
1476wpa_tdls_process_discovery_request(struct wpa_sm *sm, const u8 *addr,
1477 const u8 *buf, size_t len)
1478{
1479 struct wpa_eapol_ie_parse kde;
1480 const struct wpa_tdls_lnkid *lnkid;
1481 struct wpa_tdls_peer *peer;
1482 size_t min_req_len = sizeof(struct wpa_tdls_frame) +
1483 1 /* dialog token */ + sizeof(struct wpa_tdls_lnkid);
1484 u8 dialog_token;
1485
1486 wpa_printf(MSG_DEBUG, "TDLS: Discovery Request from " MACSTR,
1487 MAC2STR(addr));
1488
1489 if (len < min_req_len) {
1490 wpa_printf(MSG_DEBUG, "TDLS Discovery Request is too short: "
1491 "%d", (int) len);
1492 return -1;
1493 }
1494
1495 dialog_token = buf[sizeof(struct wpa_tdls_frame)];
1496
Dmitry Shmidt0c08fdc2014-06-20 10:16:40 -0700[diff] [blame]1497 /*
1498 * Some APs will tack on a weird IE to the end of a TDLS
1499 * discovery request packet. This needn't fail the response,
1500 * since the required IE are verified separately.
1501 */
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]1502 if (wpa_supplicant_parse_ies(buf + sizeof(struct wpa_tdls_frame) + 1,
1503 len - (sizeof(struct wpa_tdls_frame) + 1),
Dmitry Shmidt0c08fdc2014-06-20 10:16:40 -0700[diff] [blame]1504 &kde) < 0) {
1505 wpa_printf(MSG_DEBUG,
1506 "TDLS: Failed to parse IEs in Discovery Request - ignore as an interop workaround");
1507 }
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]1508
1509 if (!kde.lnkid) {
1510 wpa_printf(MSG_DEBUG, "TDLS: Link ID not found in Discovery "
1511 "Request");
1512 return -1;
1513 }
1514
1515 lnkid = (const struct wpa_tdls_lnkid *) kde.lnkid;
1516
1517 if (os_memcmp(sm->bssid, lnkid->bssid, ETH_ALEN) != 0) {
1518 wpa_printf(MSG_DEBUG, "TDLS: Discovery Request from different "
1519 " BSS " MACSTR, MAC2STR(lnkid->bssid));
1520 return -1;
1521 }
1522
Dmitry Shmidt4b9d52f2013-02-05 17:44:43 -0800[diff] [blame]1523 peer = wpa_tdls_add_peer(sm, addr, NULL);
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]1524 if (peer == NULL)
1525 return -1;
1526
1527 return wpa_tdls_send_discovery_response(sm, peer, dialog_token);
1528}
1529
1530
1531int wpa_tdls_send_discovery_request(struct wpa_sm *sm, const u8 *addr)
1532{
1533 if (sm->tdls_disabled || !sm->tdls_supported)
1534 return -1;
1535
1536 wpa_printf(MSG_DEBUG, "TDLS: Sending Discovery Request to peer "
1537 MACSTR, MAC2STR(addr));
1538 return wpa_tdls_tpk_send(sm, addr, WLAN_TDLS_DISCOVERY_REQUEST,
Dmitry Shmidt9ead16e2014-10-07 13:15:23 -0700[diff] [blame]1539 1, 0, 0, 1, NULL, 0);
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]1540}
1541
1542
1543static int copy_supp_rates(const struct wpa_eapol_ie_parse *kde,
1544 struct wpa_tdls_peer *peer)
1545{
1546 if (!kde->supp_rates) {
1547 wpa_printf(MSG_DEBUG, "TDLS: No supported rates received");
1548 return -1;
1549 }
Dmitry Shmidta54fa5f2013-01-15 13:53:35 -0800[diff] [blame]1550 peer->supp_rates_len = merge_byte_arrays(
1551 peer->supp_rates, sizeof(peer->supp_rates),
1552 kde->supp_rates + 2, kde->supp_rates_len - 2,
Dmitry Shmidt34af3062013-07-11 10:46:32 -0700[diff] [blame]1553 kde->ext_supp_rates ? kde->ext_supp_rates + 2 : NULL,
1554 kde->ext_supp_rates_len - 2);
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]1555 return 0;
1556}
1557
1558
Dmitry Shmidtf8623282013-02-20 14:34:59 -0800[diff] [blame]1559static int copy_peer_ht_capab(const struct wpa_eapol_ie_parse *kde,
1560 struct wpa_tdls_peer *peer)
1561{
1562 if (!kde->ht_capabilities ||
1563 kde->ht_capabilities_len <
1564 sizeof(struct ieee80211_ht_capabilities) ) {
1565 wpa_printf(MSG_DEBUG, "TDLS: No supported ht capabilities "
1566 "received");
1567 return 0;
1568 }
1569
1570 if (!peer->ht_capabilities) {
1571 peer->ht_capabilities =
1572 os_zalloc(sizeof(struct ieee80211_ht_capabilities));
1573 if (peer->ht_capabilities == NULL)
1574 return -1;
1575 }
1576
1577 os_memcpy(peer->ht_capabilities, kde->ht_capabilities,
1578 sizeof(struct ieee80211_ht_capabilities));
1579 wpa_hexdump(MSG_DEBUG, "TDLS: Peer HT capabilities",
1580 (u8 *) peer->ht_capabilities,
1581 sizeof(struct ieee80211_ht_capabilities));
1582
1583 return 0;
1584}
1585
1586
Dmitry Shmidt33e38bf2013-02-27 12:56:00 -0800[diff] [blame]1587static int copy_peer_vht_capab(const struct wpa_eapol_ie_parse *kde,
1588 struct wpa_tdls_peer *peer)
1589{
1590 if (!kde->vht_capabilities ||
1591 kde->vht_capabilities_len <
1592 sizeof(struct ieee80211_vht_capabilities) ) {
1593 wpa_printf(MSG_DEBUG, "TDLS: No supported vht capabilities "
1594 "received");
1595 return 0;
1596 }
1597
1598 if (!peer->vht_capabilities) {
1599 peer->vht_capabilities =
1600 os_zalloc(sizeof(struct ieee80211_vht_capabilities));
1601 if (peer->vht_capabilities == NULL)
1602 return -1;
1603 }
1604
1605 os_memcpy(peer->vht_capabilities, kde->vht_capabilities,
1606 sizeof(struct ieee80211_vht_capabilities));
1607 wpa_hexdump(MSG_DEBUG, "TDLS: Peer VHT capabilities",
1608 (u8 *) peer->vht_capabilities,
1609 sizeof(struct ieee80211_vht_capabilities));
1610
1611 return 0;
1612}
1613
1614
Dmitry Shmidtf8623282013-02-20 14:34:59 -0800[diff] [blame]1615static int copy_peer_ext_capab(const struct wpa_eapol_ie_parse *kde,
1616 struct wpa_tdls_peer *peer)
1617{
1618 if (!kde->ext_capab) {
1619 wpa_printf(MSG_DEBUG, "TDLS: No extended capabilities "
1620 "received");
1621 return 0;
1622 }
1623
1624 if (!peer->ext_capab || peer->ext_capab_len < kde->ext_capab_len - 2) {
1625 /* Need to allocate buffer to fit the new information */
1626 os_free(peer->ext_capab);
1627 peer->ext_capab = os_zalloc(kde->ext_capab_len - 2);
1628 if (peer->ext_capab == NULL)
1629 return -1;
1630 }
1631
1632 peer->ext_capab_len = kde->ext_capab_len - 2;
1633 os_memcpy(peer->ext_capab, kde->ext_capab + 2, peer->ext_capab_len);
1634
1635 return 0;
1636}
1637
1638
Dmitry Shmidtb36ed7c2014-03-17 10:57:26 -0700[diff] [blame]1639static int copy_peer_wmm_capab(const struct wpa_eapol_ie_parse *kde,
1640 struct wpa_tdls_peer *peer)
1641{
1642 struct wmm_information_element *wmm;
1643
1644 if (!kde->wmm) {
1645 wpa_printf(MSG_DEBUG, "TDLS: No supported WMM capabilities received");
1646 return 0;
1647 }
1648
1649 if (kde->wmm_len < sizeof(struct wmm_information_element)) {
1650 wpa_printf(MSG_DEBUG, "TDLS: Invalid supported WMM capabilities received");
1651 return -1;
1652 }
1653
1654 wmm = (struct wmm_information_element *) kde->wmm;
1655 peer->qos_info = wmm->qos_info;
1656
Dmitry Shmidtdf5a7e42014-04-02 12:59:59 -0700[diff] [blame]1657 peer->wmm_capable = 1;
1658
Dmitry Shmidtb36ed7c2014-03-17 10:57:26 -0700[diff] [blame]1659 wpa_printf(MSG_DEBUG, "TDLS: Peer WMM QOS Info 0x%x", peer->qos_info);
1660 return 0;
1661}
1662
1663
Dmitry Shmidt344abd32014-01-14 13:17:00 -0800[diff] [blame]1664static int copy_peer_supp_channels(const struct wpa_eapol_ie_parse *kde,
1665 struct wpa_tdls_peer *peer)
1666{
1667 if (!kde->supp_channels) {
1668 wpa_printf(MSG_DEBUG, "TDLS: No supported channels received");
1669 return 0;
1670 }
1671
1672 if (!peer->supp_channels ||
1673 peer->supp_channels_len < kde->supp_channels_len) {
1674 os_free(peer->supp_channels);
1675 peer->supp_channels = os_zalloc(kde->supp_channels_len);
1676 if (peer->supp_channels == NULL)
1677 return -1;
1678 }
1679
1680 peer->supp_channels_len = kde->supp_channels_len;
1681
1682 os_memcpy(peer->supp_channels, kde->supp_channels,
1683 peer->supp_channels_len);
1684 wpa_hexdump(MSG_DEBUG, "TDLS: Peer Supported Channels",
1685 (u8 *) peer->supp_channels, peer->supp_channels_len);
1686 return 0;
1687}
1688
1689
1690static int copy_peer_supp_oper_classes(const struct wpa_eapol_ie_parse *kde,
1691 struct wpa_tdls_peer *peer)
1692{
1693 if (!kde->supp_oper_classes) {
1694 wpa_printf(MSG_DEBUG, "TDLS: No supported operating classes received");
1695 return 0;
1696 }
1697
1698 if (!peer->supp_oper_classes ||
1699 peer->supp_oper_classes_len < kde->supp_oper_classes_len) {
1700 os_free(peer->supp_oper_classes);
1701 peer->supp_oper_classes = os_zalloc(kde->supp_oper_classes_len);
1702 if (peer->supp_oper_classes == NULL)
1703 return -1;
1704 }
1705
1706 peer->supp_oper_classes_len = kde->supp_oper_classes_len;
1707 os_memcpy(peer->supp_oper_classes, kde->supp_oper_classes,
1708 peer->supp_oper_classes_len);
1709 wpa_hexdump(MSG_DEBUG, "TDLS: Peer Supported Operating Classes",
1710 (u8 *) peer->supp_oper_classes,
1711 peer->supp_oper_classes_len);
1712 return 0;
1713}
1714
1715
Dmitry Shmidtd30ac602014-06-30 09:54:22 -0700[diff] [blame]1716static int wpa_tdls_addset_peer(struct wpa_sm *sm, struct wpa_tdls_peer *peer,
1717 int add)
1718{
1719 return wpa_sm_tdls_peer_addset(sm, peer->addr, add, peer->aid,
1720 peer->capability,
1721 peer->supp_rates, peer->supp_rates_len,
1722 peer->ht_capabilities,
1723 peer->vht_capabilities,
Dmitry Shmidt9ead16e2014-10-07 13:15:23 -0700[diff] [blame]1724 peer->qos_info, peer->wmm_capable,
1725 peer->ext_capab, peer->ext_capab_len,
Dmitry Shmidtd30ac602014-06-30 09:54:22 -0700[diff] [blame]1726 peer->supp_channels,
1727 peer->supp_channels_len,
1728 peer->supp_oper_classes,
1729 peer->supp_oper_classes_len);
1730}
1731
1732
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1733static int wpa_tdls_process_tpk_m1(struct wpa_sm *sm, const u8 *src_addr,
1734 const u8 *buf, size_t len)
1735{
1736 struct wpa_tdls_peer *peer;
1737 struct wpa_eapol_ie_parse kde;
1738 struct wpa_ie_data ie;
1739 int cipher;
1740 const u8 *cpos;
1741 struct wpa_tdls_ftie *ftie = NULL;
1742 struct wpa_tdls_timeoutie *timeoutie;
1743 struct wpa_tdls_lnkid *lnkid;
1744 u32 lifetime = 0;
1745#if 0
1746 struct rsn_ie_hdr *hdr;
1747 u8 *pos;
1748 u16 rsn_capab;
1749 u16 rsn_ver;
1750#endif
1751 u8 dtoken;
1752 u16 ielen;
1753 u16 status = WLAN_STATUS_UNSPECIFIED_FAILURE;
1754 int tdls_prohibited = sm->tdls_prohibited;
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]1755 int existing_peer = 0;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1756
1757 if (len < 3 + 3)
1758 return -1;
1759
1760 cpos = buf;
1761 cpos += 1 /* pkt_type */ + 1 /* Category */ + 1 /* Action */;
1762
1763 /* driver had already verified the frame format */
1764 dtoken = *cpos++; /* dialog token */
1765
1766 wpa_printf(MSG_INFO, "TDLS: Dialog Token in TPK M1 %d", dtoken);
1767
Dmitry Shmidt4b9d52f2013-02-05 17:44:43 -0800[diff] [blame]1768 peer = wpa_tdls_add_peer(sm, src_addr, &existing_peer);
1769 if (peer == NULL)
1770 goto error;
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]1771
Dmitry Shmidt0ccb66e2013-03-29 16:41:28 -0700[diff] [blame]1772 /* If found, use existing entry instead of adding a new one;
1773 * how to handle the case where both ends initiate at the
1774 * same time? */
1775 if (existing_peer) {
1776 if (peer->tpk_success) {
1777 wpa_printf(MSG_DEBUG, "TDLS: TDLS Setup Request while "
1778 "direct link is enabled - tear down the "
1779 "old link first");
Dmitry Shmidtd30ac602014-06-30 09:54:22 -0700[diff] [blame]1780 wpa_sm_tdls_oper(sm, TDLS_DISABLE_LINK, peer->addr);
1781 wpa_tdls_peer_clear(sm, peer);
1782 } else if (peer->initiator) {
1783 /*
1784 * An entry is already present, so check if we already
1785 * sent a TDLS Setup Request. If so, compare MAC
1786 * addresses and let the STA with the lower MAC address
1787 * continue as the initiator. The other negotiation is
1788 * terminated.
1789 */
Dmitry Shmidt0ccb66e2013-03-29 16:41:28 -0700[diff] [blame]1790 if (os_memcmp(sm->own_addr, src_addr, ETH_ALEN) < 0) {
1791 wpa_printf(MSG_DEBUG, "TDLS: Discard request "
1792 "from peer with higher address "
1793 MACSTR, MAC2STR(src_addr));
1794 return -1;
1795 } else {
1796 wpa_printf(MSG_DEBUG, "TDLS: Accept request "
1797 "from peer with lower address "
1798 MACSTR " (terminate previously "
1799 "initiated negotiation",
1800 MAC2STR(src_addr));
Dmitry Shmidtd30ac602014-06-30 09:54:22 -0700[diff] [blame]1801 wpa_sm_tdls_oper(sm, TDLS_DISABLE_LINK,
1802 peer->addr);
1803 wpa_tdls_peer_clear(sm, peer);
Dmitry Shmidt0ccb66e2013-03-29 16:41:28 -0700[diff] [blame]1804 }
1805 }
1806 }
1807
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]1808 /* capability information */
1809 peer->capability = WPA_GET_LE16(cpos);
1810 cpos += 2;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1811
1812 ielen = len - (cpos - buf); /* start of IE in buf */
1813 if (wpa_supplicant_parse_ies(cpos, ielen, &kde) < 0) {
1814 wpa_printf(MSG_INFO, "TDLS: Failed to parse IEs in TPK M1");
1815 goto error;
1816 }
1817
1818 if (kde.lnkid == NULL || kde.lnkid_len < 3 * ETH_ALEN) {
1819 wpa_printf(MSG_INFO, "TDLS: No valid Link Identifier IE in "
1820 "TPK M1");
1821 goto error;
1822 }
1823 wpa_hexdump(MSG_DEBUG, "TDLS: Link ID Received from TPK M1",
1824 kde.lnkid, kde.lnkid_len);
1825 lnkid = (struct wpa_tdls_lnkid *) kde.lnkid;
1826 if (os_memcmp(sm->bssid, lnkid->bssid, ETH_ALEN) != 0) {
1827 wpa_printf(MSG_INFO, "TDLS: TPK M1 from diff BSS");
Dmitry Shmidt661b4f72014-09-29 14:58:27 -0700[diff] [blame]1828 status = WLAN_STATUS_REQUEST_DECLINED;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1829 goto error;
1830 }
1831
1832 wpa_printf(MSG_DEBUG, "TDLS: TPK M1 - TPK initiator " MACSTR,
1833 MAC2STR(src_addr));
1834
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]1835 if (copy_supp_rates(&kde, peer) < 0)
1836 goto error;
1837
Dmitry Shmidtf8623282013-02-20 14:34:59 -0800[diff] [blame]1838 if (copy_peer_ht_capab(&kde, peer) < 0)
1839 goto error;
1840
Dmitry Shmidt33e38bf2013-02-27 12:56:00 -0800[diff] [blame]1841 if (copy_peer_vht_capab(&kde, peer) < 0)
1842 goto error;
1843
Dmitry Shmidtf8623282013-02-20 14:34:59 -0800[diff] [blame]1844 if (copy_peer_ext_capab(&kde, peer) < 0)
1845 goto error;
1846
Dmitry Shmidt344abd32014-01-14 13:17:00 -0800[diff] [blame]1847 if (copy_peer_supp_channels(&kde, peer) < 0)
1848 goto error;
1849
1850 if (copy_peer_supp_oper_classes(&kde, peer) < 0)
1851 goto error;
1852
Dmitry Shmidtf8623282013-02-20 14:34:59 -0800[diff] [blame]1853 peer->qos_info = kde.qosinfo;
1854
Dmitry Shmidtb36ed7c2014-03-17 10:57:26 -0700[diff] [blame]1855 /* Overwrite with the qos_info obtained in WMM IE */
1856 if (copy_peer_wmm_capab(&kde, peer) < 0)
1857 goto error;
1858
Dmitry Shmidt51b6ea82013-05-08 10:42:09 -0700[diff] [blame]1859 peer->aid = kde.aid;
1860
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1861#ifdef CONFIG_TDLS_TESTING
1862 if (tdls_testing & TDLS_TESTING_CONCURRENT_INIT) {
Dmitry Shmidt4b9d52f2013-02-05 17:44:43 -0800[diff] [blame]1863 peer = wpa_tdls_add_peer(sm, src_addr, NULL);
1864 if (peer == NULL)
1865 goto error;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1866 wpa_printf(MSG_DEBUG, "TDLS: Testing concurrent initiation of "
1867 "TDLS setup - send own request");
1868 peer->initiator = 1;
Dmitry Shmidt9ead16e2014-10-07 13:15:23 -0700[diff] [blame]1869 wpa_sm_tdls_peer_addset(sm, peer->addr, 1, 0, 0, NULL, 0, NULL,
1870 NULL, 0, 0, NULL, 0, NULL, 0, NULL, 0);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1871 wpa_tdls_send_tpk_m1(sm, peer);
1872 }
1873
1874 if ((tdls_testing & TDLS_TESTING_IGNORE_AP_PROHIBIT) &&
1875 tdls_prohibited) {
1876 wpa_printf(MSG_DEBUG, "TDLS: Testing - ignore AP prohibition "
1877 "on TDLS");
1878 tdls_prohibited = 0;
1879 }
1880#endif /* CONFIG_TDLS_TESTING */
1881
1882 if (tdls_prohibited) {
1883 wpa_printf(MSG_INFO, "TDLS: TDLS prohibited in this BSS");
1884 status = WLAN_STATUS_REQUEST_DECLINED;
1885 goto error;
1886 }
1887
1888 if (!wpa_tdls_get_privacy(sm)) {
1889 if (kde.rsn_ie) {
1890 wpa_printf(MSG_INFO, "TDLS: RSN IE in TPK M1 while "
1891 "security is disabled");
1892 status = WLAN_STATUS_SECURITY_DISABLED;
1893 goto error;
1894 }
1895 goto skip_rsn;
1896 }
1897
1898 if (kde.ftie == NULL || kde.ftie_len < sizeof(*ftie) ||
1899 kde.rsn_ie == NULL) {
1900 wpa_printf(MSG_INFO, "TDLS: No FTIE or RSN IE in TPK M1");
1901 status = WLAN_STATUS_INVALID_PARAMETERS;
1902 goto error;
1903 }
1904
1905 if (kde.rsn_ie_len > TDLS_MAX_IE_LEN) {
1906 wpa_printf(MSG_INFO, "TDLS: Too long Initiator RSN IE in "
1907 "TPK M1");
1908 status = WLAN_STATUS_INVALID_RSNIE;
1909 goto error;
1910 }
1911
1912 if (wpa_parse_wpa_ie_rsn(kde.rsn_ie, kde.rsn_ie_len, &ie) < 0) {
1913 wpa_printf(MSG_INFO, "TDLS: Failed to parse RSN IE in TPK M1");
1914 status = WLAN_STATUS_INVALID_RSNIE;
1915 goto error;
1916 }
1917
1918 cipher = ie.pairwise_cipher;
1919 if (cipher & WPA_CIPHER_CCMP) {
1920 wpa_printf(MSG_DEBUG, "TDLS: Using CCMP for direct link");
1921 cipher = WPA_CIPHER_CCMP;
1922 } else {
1923 wpa_printf(MSG_INFO, "TDLS: No acceptable cipher in TPK M1");
1924 status = WLAN_STATUS_PAIRWISE_CIPHER_NOT_VALID;
1925 goto error;
1926 }
1927
1928 if ((ie.capabilities &
1929 (WPA_CAPABILITY_NO_PAIRWISE | WPA_CAPABILITY_PEERKEY_ENABLED)) !=
1930 WPA_CAPABILITY_PEERKEY_ENABLED) {
1931 wpa_printf(MSG_INFO, "TDLS: Invalid RSN Capabilities in "
1932 "TPK M1");
1933 status = WLAN_STATUS_INVALID_RSN_IE_CAPAB;
1934 goto error;
1935 }
1936
1937 /* Lifetime */
1938 if (kde.key_lifetime == NULL) {
1939 wpa_printf(MSG_INFO, "TDLS: No Key Lifetime IE in TPK M1");
1940 status = WLAN_STATUS_UNACCEPTABLE_LIFETIME;
1941 goto error;
1942 }
1943 timeoutie = (struct wpa_tdls_timeoutie *) kde.key_lifetime;
1944 lifetime = WPA_GET_LE32(timeoutie->value);
1945 wpa_printf(MSG_DEBUG, "TDLS: TPK lifetime %u seconds", lifetime);
1946 if (lifetime < 300) {
1947 wpa_printf(MSG_INFO, "TDLS: Too short TPK lifetime");
1948 status = WLAN_STATUS_UNACCEPTABLE_LIFETIME;
1949 goto error;
1950 }
1951
1952skip_rsn:
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]1953#ifdef CONFIG_TDLS_TESTING
1954 if (tdls_testing & TDLS_TESTING_CONCURRENT_INIT) {
1955 if (os_memcmp(sm->own_addr, peer->addr, ETH_ALEN) < 0) {
1956 /*
1957 * The request frame from us is going to win, so do not
1958 * replace information based on this request frame from
1959 * the peer.
1960 */
1961 goto skip_rsn_check;
1962 }
1963 }
1964#endif /* CONFIG_TDLS_TESTING */
1965
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1966 peer->initiator = 0; /* Need to check */
1967 peer->dtoken = dtoken;
1968
1969 if (!wpa_tdls_get_privacy(sm)) {
1970 peer->rsnie_i_len = 0;
1971 peer->rsnie_p_len = 0;
1972 peer->cipher = WPA_CIPHER_NONE;
1973 goto skip_rsn_check;
1974 }
1975
1976 ftie = (struct wpa_tdls_ftie *) kde.ftie;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1977 os_memcpy(peer->rsnie_i, kde.rsn_ie, kde.rsn_ie_len);
1978 peer->rsnie_i_len = kde.rsn_ie_len;
1979 peer->cipher = cipher;
1980
Sunil Dutt61024722013-09-15 12:09:40 -0700[diff] [blame]1981 if (os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) != 0) {
1982 /*
1983 * There is no point in updating the RNonce for every obtained
1984 * TPK M1 frame (e.g., retransmission due to timeout) with the
1985 * same INonce (SNonce in FTIE). However, if the TPK M1 is
1986 * retransmitted with a different INonce, update the RNonce
1987 * since this is for a new TDLS session.
1988 */
1989 wpa_printf(MSG_DEBUG,
1990 "TDLS: New TPK M1 INonce - generate new RNonce");
1991 os_memcpy(peer->inonce, ftie->Snonce, WPA_NONCE_LEN);
1992 if (os_get_random(peer->rnonce, WPA_NONCE_LEN)) {
1993 wpa_msg(sm->ctx->ctx, MSG_WARNING,
1994 "TDLS: Failed to get random data for responder nonce");
Sunil Dutt61024722013-09-15 12:09:40 -0700[diff] [blame]1995 goto error;
1996 }
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]1997 }
1998
1999#if 0
2000 /* get version info from RSNIE received from Peer */
2001 hdr = (struct rsn_ie_hdr *) kde.rsn_ie;
2002 rsn_ver = WPA_GET_LE16(hdr->version);
2003
2004 /* use min(peer's version, out version) */
2005 if (rsn_ver > RSN_VERSION)
2006 rsn_ver = RSN_VERSION;
2007
2008 hdr = (struct rsn_ie_hdr *) peer->rsnie_p;
2009
2010 hdr->elem_id = WLAN_EID_RSN;
2011 WPA_PUT_LE16(hdr->version, rsn_ver);
2012 pos = (u8 *) (hdr + 1);
2013
2014 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_NO_GROUP_ADDRESSED);
2015 pos += RSN_SELECTOR_LEN;
2016 /* Include only the selected cipher in pairwise cipher suite */
2017 WPA_PUT_LE16(pos, 1);
2018 pos += 2;
2019 if (cipher == WPA_CIPHER_CCMP)
2020 RSN_SELECTOR_PUT(pos, RSN_CIPHER_SUITE_CCMP);
2021 pos += RSN_SELECTOR_LEN;
2022
2023 WPA_PUT_LE16(pos, 1);
2024 pos += 2;
2025 RSN_SELECTOR_PUT(pos, RSN_AUTH_KEY_MGMT_TPK_HANDSHAKE);
2026 pos += RSN_SELECTOR_LEN;
2027
2028 rsn_capab = WPA_CAPABILITY_PEERKEY_ENABLED;
2029 rsn_capab |= RSN_NUM_REPLAY_COUNTERS_16 << 2;
2030 WPA_PUT_LE16(pos, rsn_capab);
2031 pos += 2;
2032
2033 hdr->len = (pos - peer->rsnie_p) - 2;
2034 peer->rsnie_p_len = pos - peer->rsnie_p;
2035#endif
2036
2037 /* temp fix: validation of RSNIE later */
2038 os_memcpy(peer->rsnie_p, peer->rsnie_i, peer->rsnie_i_len);
2039 peer->rsnie_p_len = peer->rsnie_i_len;
2040
2041 wpa_hexdump(MSG_DEBUG, "TDLS: RSN IE for TPK handshake",
2042 peer->rsnie_p, peer->rsnie_p_len);
2043
2044 peer->lifetime = lifetime;
2045
2046 wpa_tdls_generate_tpk(peer, sm->own_addr, sm->bssid);
2047
2048skip_rsn_check:
Dmitry Shmidt9ead16e2014-10-07 13:15:23 -0700[diff] [blame]2049#ifdef CONFIG_TDLS_TESTING
2050 if (tdls_testing & TDLS_TESTING_CONCURRENT_INIT)
2051 goto skip_add_peer;
2052#endif /* CONFIG_TDLS_TESTING */
2053
Dmitry Shmidtd30ac602014-06-30 09:54:22 -0700[diff] [blame]2054 /* add supported rates, capabilities, and qos_info to the TDLS peer */
2055 if (wpa_tdls_addset_peer(sm, peer, 1) < 0)
Dmitry Shmidt43cb5782014-06-16 16:23:22 -0700[diff] [blame]2056 goto error;
2057
Dmitry Shmidt9ead16e2014-10-07 13:15:23 -0700[diff] [blame]2058#ifdef CONFIG_TDLS_TESTING
2059skip_add_peer:
2060#endif /* CONFIG_TDLS_TESTING */
Sunil Dutt73b28cc2013-09-30 17:38:41 +0300[diff] [blame]2061 peer->tpk_in_progress = 1;
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]2062
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2063 wpa_printf(MSG_DEBUG, "TDLS: Sending TDLS Setup Response / TPK M2");
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]2064 if (wpa_tdls_send_tpk_m2(sm, src_addr, dtoken, lnkid, peer) < 0) {
Dmitry Shmidtd30ac602014-06-30 09:54:22 -0700[diff] [blame]2065 wpa_sm_tdls_oper(sm, TDLS_DISABLE_LINK, peer->addr);
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]2066 goto error;
2067 }
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2068
2069 return 0;
2070
2071error:
Dmitry Shmidt9ead16e2014-10-07 13:15:23 -0700[diff] [blame]2072 wpa_tdls_send_error(sm, src_addr, WLAN_TDLS_SETUP_RESPONSE, dtoken, 0,
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2073 status);
Dmitry Shmidt43cb5782014-06-16 16:23:22 -0700[diff] [blame]2074 if (peer)
2075 wpa_tdls_peer_free(sm, peer);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2076 return -1;
2077}
2078
2079
Dmitry Shmidt8da800a2013-04-24 12:57:01 -0700[diff] [blame]2080static int wpa_tdls_enable_link(struct wpa_sm *sm, struct wpa_tdls_peer *peer)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2081{
2082 peer->tpk_success = 1;
Sunil Dutt73b28cc2013-09-30 17:38:41 +0300[diff] [blame]2083 peer->tpk_in_progress = 0;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2084 eloop_cancel_timeout(wpa_tdls_tpk_timeout, sm, peer);
2085 if (wpa_tdls_get_privacy(sm)) {
2086 u32 lifetime = peer->lifetime;
2087 /*
2088 * Start the initiator process a bit earlier to avoid race
2089 * condition with the responder sending teardown request.
2090 */
2091 if (lifetime > 3 && peer->initiator)
2092 lifetime -= 3;
2093 eloop_register_timeout(lifetime, 0, wpa_tdls_tpk_timeout,
2094 sm, peer);
2095#ifdef CONFIG_TDLS_TESTING
2096 if (tdls_testing & TDLS_TESTING_NO_TPK_EXPIRATION) {
2097 wpa_printf(MSG_DEBUG, "TDLS: Testing - disable TPK "
2098 "expiration");
2099 eloop_cancel_timeout(wpa_tdls_tpk_timeout, sm, peer);
2100 }
2101#endif /* CONFIG_TDLS_TESTING */
2102 }
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]2103
Dmitry Shmidt8da800a2013-04-24 12:57:01 -0700[diff] [blame]2104 if (peer->reconfig_key && wpa_tdls_set_key(sm, peer) < 0) {
2105 wpa_printf(MSG_INFO, "TDLS: Could not configure key to the "
2106 "driver");
2107 return -1;
2108 }
2109 peer->reconfig_key = 0;
2110
2111 return wpa_sm_tdls_oper(sm, TDLS_ENABLE_LINK, peer->addr);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2112}
2113
2114
2115static int wpa_tdls_process_tpk_m2(struct wpa_sm *sm, const u8 *src_addr,
2116 const u8 *buf, size_t len)
2117{
2118 struct wpa_tdls_peer *peer;
2119 struct wpa_eapol_ie_parse kde;
2120 struct wpa_ie_data ie;
2121 int cipher;
2122 struct wpa_tdls_ftie *ftie;
2123 struct wpa_tdls_timeoutie *timeoutie;
2124 struct wpa_tdls_lnkid *lnkid;
2125 u32 lifetime;
2126 u8 dtoken;
2127 int ielen;
2128 u16 status;
2129 const u8 *pos;
Dmitry Shmidt292b0c32013-11-22 12:54:42 -0800[diff] [blame]2130 int ret = 0;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2131
2132 wpa_printf(MSG_DEBUG, "TDLS: Received TDLS Setup Response / TPK M2 "
2133 "(Peer " MACSTR ")", MAC2STR(src_addr));
2134 for (peer = sm->tdls; peer; peer = peer->next) {
2135 if (os_memcmp(peer->addr, src_addr, ETH_ALEN) == 0)
2136 break;
2137 }
2138 if (peer == NULL) {
2139 wpa_printf(MSG_INFO, "TDLS: No matching peer found for "
2140 "TPK M2: " MACSTR, MAC2STR(src_addr));
2141 return -1;
2142 }
Dmitry Shmidt0ccb66e2013-03-29 16:41:28 -0700[diff] [blame]2143 if (!peer->initiator) {
2144 /*
2145 * This may happen if both devices try to initiate TDLS at the
2146 * same time and we accept the TPK M1 from the peer in
2147 * wpa_tdls_process_tpk_m1() and clear our previous state.
2148 */
2149 wpa_printf(MSG_INFO, "TDLS: We were not the initiator, so "
2150 "ignore TPK M2 from " MACSTR, MAC2STR(src_addr));
2151 return -1;
2152 }
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2153 wpa_tdls_tpk_retry_timeout_cancel(sm, peer, WLAN_TDLS_SETUP_REQUEST);
2154
Sunil Duttadce9cf2013-09-15 11:51:00 -0700[diff] [blame]2155 if (len < 3 + 2 + 1) {
Sunil Duttd0ef38b2013-09-30 17:34:13 +0300[diff] [blame]2156 wpa_tdls_disable_peer_link(sm, peer);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2157 return -1;
Sunil Duttadce9cf2013-09-15 11:51:00 -0700[diff] [blame]2158 }
2159
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2160 pos = buf;
2161 pos += 1 /* pkt_type */ + 1 /* Category */ + 1 /* Action */;
2162 status = WPA_GET_LE16(pos);
2163 pos += 2 /* status code */;
2164
2165 if (status != WLAN_STATUS_SUCCESS) {
2166 wpa_printf(MSG_INFO, "TDLS: Status code in TPK M2: %u",
2167 status);
Sunil Duttd0ef38b2013-09-30 17:34:13 +0300[diff] [blame]2168 wpa_tdls_disable_peer_link(sm, peer);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2169 return -1;
2170 }
2171
2172 status = WLAN_STATUS_UNSPECIFIED_FAILURE;
2173
2174 /* TODO: need to verify dialog token matches here or in kernel */
2175 dtoken = *pos++; /* dialog token */
2176
2177 wpa_printf(MSG_DEBUG, "TDLS: Dialog Token in TPK M2 %d", dtoken);
2178
Sunil Duttadce9cf2013-09-15 11:51:00 -0700[diff] [blame]2179 if (len < 3 + 2 + 1 + 2) {
Sunil Duttd0ef38b2013-09-30 17:34:13 +0300[diff] [blame]2180 wpa_tdls_disable_peer_link(sm, peer);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2181 return -1;
Sunil Duttadce9cf2013-09-15 11:51:00 -0700[diff] [blame]2182 }
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]2183
2184 /* capability information */
2185 peer->capability = WPA_GET_LE16(pos);
2186 pos += 2;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2187
2188 ielen = len - (pos - buf); /* start of IE in buf */
2189 if (wpa_supplicant_parse_ies(pos, ielen, &kde) < 0) {
2190 wpa_printf(MSG_INFO, "TDLS: Failed to parse IEs in TPK M2");
2191 goto error;
2192 }
2193
2194#ifdef CONFIG_TDLS_TESTING
2195 if (tdls_testing & TDLS_TESTING_DECLINE_RESP) {
2196 wpa_printf(MSG_DEBUG, "TDLS: Testing - decline response");
2197 status = WLAN_STATUS_REQUEST_DECLINED;
2198 goto error;
2199 }
2200#endif /* CONFIG_TDLS_TESTING */
2201
2202 if (kde.lnkid == NULL || kde.lnkid_len < 3 * ETH_ALEN) {
2203 wpa_printf(MSG_INFO, "TDLS: No valid Link Identifier IE in "
2204 "TPK M2");
2205 goto error;
2206 }
2207 wpa_hexdump(MSG_DEBUG, "TDLS: Link ID Received from TPK M2",
2208 kde.lnkid, kde.lnkid_len);
2209 lnkid = (struct wpa_tdls_lnkid *) kde.lnkid;
2210
2211 if (os_memcmp(sm->bssid, lnkid->bssid, ETH_ALEN) != 0) {
2212 wpa_printf(MSG_INFO, "TDLS: TPK M2 from different BSS");
2213 status = WLAN_STATUS_NOT_IN_SAME_BSS;
2214 goto error;
2215 }
2216
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]2217 if (copy_supp_rates(&kde, peer) < 0)
2218 goto error;
2219
Dmitry Shmidtf8623282013-02-20 14:34:59 -0800[diff] [blame]2220 if (copy_peer_ht_capab(&kde, peer) < 0)
2221 goto error;
2222
Dmitry Shmidt33e38bf2013-02-27 12:56:00 -0800[diff] [blame]2223 if (copy_peer_vht_capab(&kde, peer) < 0)
2224 goto error;
2225
Dmitry Shmidtf8623282013-02-20 14:34:59 -0800[diff] [blame]2226 if (copy_peer_ext_capab(&kde, peer) < 0)
2227 goto error;
2228
Dmitry Shmidt344abd32014-01-14 13:17:00 -0800[diff] [blame]2229 if (copy_peer_supp_channels(&kde, peer) < 0)
2230 goto error;
2231
2232 if (copy_peer_supp_oper_classes(&kde, peer) < 0)
2233 goto error;
2234
Dmitry Shmidtf8623282013-02-20 14:34:59 -0800[diff] [blame]2235 peer->qos_info = kde.qosinfo;
2236
Dmitry Shmidtb36ed7c2014-03-17 10:57:26 -0700[diff] [blame]2237 /* Overwrite with the qos_info obtained in WMM IE */
2238 if (copy_peer_wmm_capab(&kde, peer) < 0)
2239 goto error;
2240
Dmitry Shmidt51b6ea82013-05-08 10:42:09 -0700[diff] [blame]2241 peer->aid = kde.aid;
2242
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2243 if (!wpa_tdls_get_privacy(sm)) {
2244 peer->rsnie_p_len = 0;
2245 peer->cipher = WPA_CIPHER_NONE;
2246 goto skip_rsn;
2247 }
2248
2249 if (kde.ftie == NULL || kde.ftie_len < sizeof(*ftie) ||
2250 kde.rsn_ie == NULL) {
2251 wpa_printf(MSG_INFO, "TDLS: No FTIE or RSN IE in TPK M2");
2252 status = WLAN_STATUS_INVALID_PARAMETERS;
2253 goto error;
2254 }
2255 wpa_hexdump(MSG_DEBUG, "TDLS: RSN IE Received from TPK M2",
2256 kde.rsn_ie, kde.rsn_ie_len);
2257
Dmitry Shmidt09f57ba2014-06-10 16:07:13 -0700[diff] [blame]2258 if (kde.rsn_ie_len > TDLS_MAX_IE_LEN) {
2259 wpa_printf(MSG_INFO,
2260 "TDLS: Too long Responder RSN IE in TPK M2");
2261 status = WLAN_STATUS_INVALID_RSNIE;
2262 goto error;
2263 }
2264
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2265 /*
2266 * FIX: bitwise comparison of RSN IE is not the correct way of
2267 * validation this. It can be different, but certain fields must
2268 * match. Since we list only a single pairwise cipher in TPK M1, the
2269 * memcmp is likely to work in most cases, though.
2270 */
2271 if (kde.rsn_ie_len != peer->rsnie_i_len ||
2272 os_memcmp(peer->rsnie_i, kde.rsn_ie, peer->rsnie_i_len) != 0) {
2273 wpa_printf(MSG_INFO, "TDLS: RSN IE in TPK M2 does "
2274 "not match with RSN IE used in TPK M1");
2275 wpa_hexdump(MSG_DEBUG, "TDLS: RSN IE Sent in TPK M1",
2276 peer->rsnie_i, peer->rsnie_i_len);
2277 wpa_hexdump(MSG_DEBUG, "TDLS: RSN IE Received from TPK M2",
2278 kde.rsn_ie, kde.rsn_ie_len);
2279 status = WLAN_STATUS_INVALID_RSNIE;
2280 goto error;
2281 }
2282
2283 if (wpa_parse_wpa_ie_rsn(kde.rsn_ie, kde.rsn_ie_len, &ie) < 0) {
2284 wpa_printf(MSG_INFO, "TDLS: Failed to parse RSN IE in TPK M2");
2285 status = WLAN_STATUS_INVALID_RSNIE;
2286 goto error;
2287 }
2288
2289 cipher = ie.pairwise_cipher;
2290 if (cipher == WPA_CIPHER_CCMP) {
2291 wpa_printf(MSG_DEBUG, "TDLS: Using CCMP for direct link");
2292 cipher = WPA_CIPHER_CCMP;
2293 } else {
2294 wpa_printf(MSG_INFO, "TDLS: No acceptable cipher in TPK M2");
2295 status = WLAN_STATUS_PAIRWISE_CIPHER_NOT_VALID;
2296 goto error;
2297 }
2298
2299 wpa_hexdump(MSG_DEBUG, "TDLS: FTIE Received from TPK M2",
2300 kde.ftie, sizeof(*ftie));
2301 ftie = (struct wpa_tdls_ftie *) kde.ftie;
2302
2303 if (!os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) == 0) {
2304 wpa_printf(MSG_INFO, "TDLS: FTIE SNonce in TPK M2 does "
2305 "not match with FTIE SNonce used in TPK M1");
2306 /* Silently discard the frame */
2307 return -1;
2308 }
2309
2310 /* Responder Nonce and RSN IE */
2311 os_memcpy(peer->rnonce, ftie->Anonce, WPA_NONCE_LEN);
2312 os_memcpy(peer->rsnie_p, kde.rsn_ie, kde.rsn_ie_len);
2313 peer->rsnie_p_len = kde.rsn_ie_len;
2314 peer->cipher = cipher;
2315
2316 /* Lifetime */
2317 if (kde.key_lifetime == NULL) {
2318 wpa_printf(MSG_INFO, "TDLS: No Key Lifetime IE in TPK M2");
2319 status = WLAN_STATUS_UNACCEPTABLE_LIFETIME;
2320 goto error;
2321 }
2322 timeoutie = (struct wpa_tdls_timeoutie *) kde.key_lifetime;
2323 lifetime = WPA_GET_LE32(timeoutie->value);
2324 wpa_printf(MSG_DEBUG, "TDLS: TPK lifetime %u seconds in TPK M2",
2325 lifetime);
2326 if (lifetime != peer->lifetime) {
2327 wpa_printf(MSG_INFO, "TDLS: Unexpected TPK lifetime %u in "
2328 "TPK M2 (expected %u)", lifetime, peer->lifetime);
2329 status = WLAN_STATUS_UNACCEPTABLE_LIFETIME;
2330 goto error;
2331 }
2332
2333 wpa_tdls_generate_tpk(peer, sm->own_addr, sm->bssid);
2334
2335 /* Process MIC check to see if TPK M2 is right */
2336 if (wpa_supplicant_verify_tdls_mic(2, peer, (u8 *) lnkid,
2337 (u8 *) timeoutie, ftie) < 0) {
2338 /* Discard the frame */
2339 wpa_tdls_del_key(sm, peer);
Sunil Dutt38ffd882013-09-30 17:23:23 +0300[diff] [blame]2340 wpa_tdls_disable_peer_link(sm, peer);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2341 return -1;
2342 }
2343
Dmitry Shmidt8da800a2013-04-24 12:57:01 -0700[diff] [blame]2344 if (wpa_tdls_set_key(sm, peer) < 0) {
2345 /*
2346 * Some drivers may not be able to config the key prior to full
2347 * STA entry having been configured.
2348 */
2349 wpa_printf(MSG_DEBUG, "TDLS: Try to configure TPK again after "
2350 "STA entry is complete");
2351 peer->reconfig_key = 1;
2352 }
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2353
2354skip_rsn:
2355 peer->dtoken = dtoken;
2356
Dmitry Shmidtd30ac602014-06-30 09:54:22 -0700[diff] [blame]2357 /* add supported rates, capabilities, and qos_info to the TDLS peer */
2358 if (wpa_tdls_addset_peer(sm, peer, 0) < 0)
2359 goto error;
2360
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2361 wpa_printf(MSG_DEBUG, "TDLS: Sending TDLS Setup Confirm / "
2362 "TPK Handshake Message 3");
Dmitry Shmidtd30ac602014-06-30 09:54:22 -0700[diff] [blame]2363 if (wpa_tdls_send_tpk_m3(sm, src_addr, dtoken, lnkid, peer) < 0)
2364 goto error;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2365
Dmitry Shmidt292b0c32013-11-22 12:54:42 -0800[diff] [blame]2366 if (!peer->tpk_success) {
2367 /*
2368 * Enable Link only when tpk_success is 0, signifying that this
2369 * processing of TPK M2 frame is not because of a retransmission
2370 * during TDLS setup handshake.
2371 */
2372 ret = wpa_tdls_enable_link(sm, peer);
2373 if (ret < 0) {
2374 wpa_printf(MSG_DEBUG, "TDLS: Could not enable link");
2375 wpa_tdls_do_teardown(
2376 sm, peer,
2377 WLAN_REASON_TDLS_TEARDOWN_UNSPECIFIED);
2378 }
Dmitry Shmidt8da800a2013-04-24 12:57:01 -0700[diff] [blame]2379 }
2380 return ret;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2381
2382error:
Dmitry Shmidt9ead16e2014-10-07 13:15:23 -0700[diff] [blame]2383 wpa_tdls_send_error(sm, src_addr, WLAN_TDLS_SETUP_CONFIRM, dtoken, 1,
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2384 status);
Sunil Duttd0ef38b2013-09-30 17:34:13 +0300[diff] [blame]2385 wpa_tdls_disable_peer_link(sm, peer);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2386 return -1;
2387}
2388
2389
2390static int wpa_tdls_process_tpk_m3(struct wpa_sm *sm, const u8 *src_addr,
2391 const u8 *buf, size_t len)
2392{
2393 struct wpa_tdls_peer *peer;
2394 struct wpa_eapol_ie_parse kde;
2395 struct wpa_tdls_ftie *ftie;
2396 struct wpa_tdls_timeoutie *timeoutie;
2397 struct wpa_tdls_lnkid *lnkid;
2398 int ielen;
2399 u16 status;
2400 const u8 *pos;
2401 u32 lifetime;
Dmitry Shmidt292b0c32013-11-22 12:54:42 -0800[diff] [blame]2402 int ret = 0;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2403
2404 wpa_printf(MSG_DEBUG, "TDLS: Received TDLS Setup Confirm / TPK M3 "
2405 "(Peer " MACSTR ")", MAC2STR(src_addr));
2406 for (peer = sm->tdls; peer; peer = peer->next) {
2407 if (os_memcmp(peer->addr, src_addr, ETH_ALEN) == 0)
2408 break;
2409 }
2410 if (peer == NULL) {
2411 wpa_printf(MSG_INFO, "TDLS: No matching peer found for "
2412 "TPK M3: " MACSTR, MAC2STR(src_addr));
2413 return -1;
2414 }
2415 wpa_tdls_tpk_retry_timeout_cancel(sm, peer, WLAN_TDLS_SETUP_RESPONSE);
2416
2417 if (len < 3 + 3)
Sunil Duttadce9cf2013-09-15 11:51:00 -0700[diff] [blame]2418 goto error;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2419 pos = buf;
2420 pos += 1 /* pkt_type */ + 1 /* Category */ + 1 /* Action */;
2421
2422 status = WPA_GET_LE16(pos);
2423
2424 if (status != 0) {
2425 wpa_printf(MSG_INFO, "TDLS: Status code in TPK M3: %u",
2426 status);
Sunil Duttadce9cf2013-09-15 11:51:00 -0700[diff] [blame]2427 goto error;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2428 }
2429 pos += 2 /* status code */ + 1 /* dialog token */;
2430
2431 ielen = len - (pos - buf); /* start of IE in buf */
Dmitry Shmidt0c08fdc2014-06-20 10:16:40 -0700[diff] [blame]2432
2433 /*
2434 * Don't reject the message if failing to parse IEs. The IEs we need are
2435 * explicitly checked below. Some APs piggy-back broken IEs to the end
2436 * of a TDLS Confirm packet, which will fail the link if we don't ignore
2437 * this error.
2438 */
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2439 if (wpa_supplicant_parse_ies((const u8 *) pos, ielen, &kde) < 0) {
Dmitry Shmidt0c08fdc2014-06-20 10:16:40 -0700[diff] [blame]2440 wpa_printf(MSG_DEBUG,
2441 "TDLS: Failed to parse KDEs in TPK M3 - ignore as an interop workaround");
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2442 }
2443
2444 if (kde.lnkid == NULL || kde.lnkid_len < 3 * ETH_ALEN) {
2445 wpa_printf(MSG_INFO, "TDLS: No Link Identifier IE in TPK M3");
Sunil Duttadce9cf2013-09-15 11:51:00 -0700[diff] [blame]2446 goto error;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2447 }
2448 wpa_hexdump(MSG_DEBUG, "TDLS: Link ID Received from TPK M3",
2449 (u8 *) kde.lnkid, kde.lnkid_len);
2450 lnkid = (struct wpa_tdls_lnkid *) kde.lnkid;
2451
2452 if (os_memcmp(sm->bssid, lnkid->bssid, ETH_ALEN) != 0) {
2453 wpa_printf(MSG_INFO, "TDLS: TPK M3 from diff BSS");
Sunil Duttadce9cf2013-09-15 11:51:00 -0700[diff] [blame]2454 goto error;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2455 }
2456
2457 if (!wpa_tdls_get_privacy(sm))
2458 goto skip_rsn;
2459
2460 if (kde.ftie == NULL || kde.ftie_len < sizeof(*ftie)) {
2461 wpa_printf(MSG_INFO, "TDLS: No FTIE in TPK M3");
Sunil Duttadce9cf2013-09-15 11:51:00 -0700[diff] [blame]2462 goto error;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2463 }
2464 wpa_hexdump(MSG_DEBUG, "TDLS: FTIE Received from TPK M3",
2465 kde.ftie, sizeof(*ftie));
2466 ftie = (struct wpa_tdls_ftie *) kde.ftie;
2467
2468 if (kde.rsn_ie == NULL) {
2469 wpa_printf(MSG_INFO, "TDLS: No RSN IE in TPK M3");
Sunil Duttadce9cf2013-09-15 11:51:00 -0700[diff] [blame]2470 goto error;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2471 }
2472 wpa_hexdump(MSG_DEBUG, "TDLS: RSN IE Received from TPK M3",
2473 kde.rsn_ie, kde.rsn_ie_len);
2474 if (kde.rsn_ie_len != peer->rsnie_p_len ||
2475 os_memcmp(kde.rsn_ie, peer->rsnie_p, peer->rsnie_p_len) != 0) {
2476 wpa_printf(MSG_INFO, "TDLS: RSN IE in TPK M3 does not match "
2477 "with the one sent in TPK M2");
Sunil Duttadce9cf2013-09-15 11:51:00 -0700[diff] [blame]2478 goto error;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2479 }
2480
2481 if (!os_memcmp(peer->rnonce, ftie->Anonce, WPA_NONCE_LEN) == 0) {
2482 wpa_printf(MSG_INFO, "TDLS: FTIE ANonce in TPK M3 does "
2483 "not match with FTIE ANonce used in TPK M2");
Sunil Duttadce9cf2013-09-15 11:51:00 -0700[diff] [blame]2484 goto error;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2485 }
2486
2487 if (!os_memcmp(peer->inonce, ftie->Snonce, WPA_NONCE_LEN) == 0) {
2488 wpa_printf(MSG_INFO, "TDLS: FTIE SNonce in TPK M3 does not "
2489 "match with FTIE SNonce used in TPK M1");
Sunil Duttadce9cf2013-09-15 11:51:00 -0700[diff] [blame]2490 goto error;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2491 }
2492
2493 if (kde.key_lifetime == NULL) {
2494 wpa_printf(MSG_INFO, "TDLS: No Key Lifetime IE in TPK M3");
Sunil Duttadce9cf2013-09-15 11:51:00 -0700[diff] [blame]2495 goto error;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2496 }
2497 timeoutie = (struct wpa_tdls_timeoutie *) kde.key_lifetime;
2498 wpa_hexdump(MSG_DEBUG, "TDLS: Timeout IE Received from TPK M3",
2499 (u8 *) timeoutie, sizeof(*timeoutie));
2500 lifetime = WPA_GET_LE32(timeoutie->value);
2501 wpa_printf(MSG_DEBUG, "TDLS: TPK lifetime %u seconds in TPK M3",
2502 lifetime);
2503 if (lifetime != peer->lifetime) {
2504 wpa_printf(MSG_INFO, "TDLS: Unexpected TPK lifetime %u in "
2505 "TPK M3 (expected %u)", lifetime, peer->lifetime);
Sunil Duttadce9cf2013-09-15 11:51:00 -0700[diff] [blame]2506 goto error;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2507 }
2508
2509 if (wpa_supplicant_verify_tdls_mic(3, peer, (u8 *) lnkid,
2510 (u8 *) timeoutie, ftie) < 0) {
2511 wpa_tdls_del_key(sm, peer);
Sunil Duttadce9cf2013-09-15 11:51:00 -0700[diff] [blame]2512 goto error;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2513 }
2514
Dmitry Shmidt8da800a2013-04-24 12:57:01 -0700[diff] [blame]2515 if (wpa_tdls_set_key(sm, peer) < 0) {
2516 /*
2517 * Some drivers may not be able to config the key prior to full
2518 * STA entry having been configured.
2519 */
2520 wpa_printf(MSG_DEBUG, "TDLS: Try to configure TPK again after "
2521 "STA entry is complete");
2522 peer->reconfig_key = 1;
2523 }
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2524
2525skip_rsn:
Dmitry Shmidtd30ac602014-06-30 09:54:22 -0700[diff] [blame]2526 /* add supported rates, capabilities, and qos_info to the TDLS peer */
2527 if (wpa_tdls_addset_peer(sm, peer, 0) < 0)
2528 goto error;
2529
Dmitry Shmidt292b0c32013-11-22 12:54:42 -0800[diff] [blame]2530 if (!peer->tpk_success) {
2531 /*
2532 * Enable Link only when tpk_success is 0, signifying that this
2533 * processing of TPK M3 frame is not because of a retransmission
2534 * during TDLS setup handshake.
2535 */
2536 ret = wpa_tdls_enable_link(sm, peer);
2537 if (ret < 0) {
2538 wpa_printf(MSG_DEBUG, "TDLS: Could not enable link");
Dmitry Shmidtd30ac602014-06-30 09:54:22 -0700[diff] [blame]2539 goto error;
Dmitry Shmidt292b0c32013-11-22 12:54:42 -0800[diff] [blame]2540 }
Dmitry Shmidt8da800a2013-04-24 12:57:01 -0700[diff] [blame]2541 }
2542 return ret;
Sunil Duttadce9cf2013-09-15 11:51:00 -0700[diff] [blame]2543error:
Dmitry Shmidtd30ac602014-06-30 09:54:22 -0700[diff] [blame]2544 wpa_tdls_do_teardown(sm, peer, WLAN_REASON_TDLS_TEARDOWN_UNSPECIFIED);
Sunil Duttadce9cf2013-09-15 11:51:00 -0700[diff] [blame]2545 return -1;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2546}
2547
2548
2549static u8 * wpa_add_tdls_timeoutie(u8 *pos, u8 *ie, size_t ie_len, u32 tsecs)
2550{
2551 struct wpa_tdls_timeoutie *lifetime = (struct wpa_tdls_timeoutie *) ie;
2552
2553 os_memset(lifetime, 0, ie_len);
2554 lifetime->ie_type = WLAN_EID_TIMEOUT_INTERVAL;
2555 lifetime->ie_len = sizeof(struct wpa_tdls_timeoutie) - 2;
2556 lifetime->interval_type = WLAN_TIMEOUT_KEY_LIFETIME;
2557 WPA_PUT_LE32(lifetime->value, tsecs);
2558 os_memcpy(pos, ie, ie_len);
2559 return pos + ie_len;
2560}
2561
2562
2563/**
2564 * wpa_tdls_start - Initiate TDLS handshake (send TPK Handshake Message 1)
2565 * @sm: Pointer to WPA state machine data from wpa_sm_init()
2566 * @peer: MAC address of the peer STA
2567 * Returns: 0 on success, or -1 on failure
2568 *
2569 * Send TPK Handshake Message 1 info to driver to start TDLS
2570 * handshake with the peer.
2571 */
2572int wpa_tdls_start(struct wpa_sm *sm, const u8 *addr)
2573{
2574 struct wpa_tdls_peer *peer;
2575 int tdls_prohibited = sm->tdls_prohibited;
2576
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]2577 if (sm->tdls_disabled || !sm->tdls_supported)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2578 return -1;
2579
2580#ifdef CONFIG_TDLS_TESTING
2581 if ((tdls_testing & TDLS_TESTING_IGNORE_AP_PROHIBIT) &&
2582 tdls_prohibited) {
2583 wpa_printf(MSG_DEBUG, "TDLS: Testing - ignore AP prohibition "
2584 "on TDLS");
2585 tdls_prohibited = 0;
2586 }
2587#endif /* CONFIG_TDLS_TESTING */
2588
2589 if (tdls_prohibited) {
2590 wpa_printf(MSG_DEBUG, "TDLS: TDLS is prohibited in this BSS - "
2591 "reject request to start setup");
2592 return -1;
2593 }
2594
Dmitry Shmidt4b9d52f2013-02-05 17:44:43 -0800[diff] [blame]2595 peer = wpa_tdls_add_peer(sm, addr, NULL);
2596 if (peer == NULL)
2597 return -1;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2598
Sunil Dutt73b28cc2013-09-30 17:38:41 +0300[diff] [blame]2599 if (peer->tpk_in_progress) {
2600 wpa_printf(MSG_DEBUG, "TDLS: Setup is already in progress with the peer");
2601 return 0;
2602 }
2603
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2604 peer->initiator = 1;
2605
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]2606 /* add the peer to the driver as a "setup in progress" peer */
Dmitry Shmidtd30ac602014-06-30 09:54:22 -0700[diff] [blame]2607 if (wpa_sm_tdls_peer_addset(sm, peer->addr, 1, 0, 0, NULL, 0, NULL,
Dmitry Shmidt9ead16e2014-10-07 13:15:23 -0700[diff] [blame]2608 NULL, 0, 0, NULL, 0, NULL, 0, NULL, 0)) {
Dmitry Shmidtd30ac602014-06-30 09:54:22 -0700[diff] [blame]2609 wpa_tdls_disable_peer_link(sm, peer);
2610 return -1;
2611 }
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]2612
Sunil Dutt73b28cc2013-09-30 17:38:41 +0300[diff] [blame]2613 peer->tpk_in_progress = 1;
2614
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]2615 if (wpa_tdls_send_tpk_m1(sm, peer) < 0) {
Sunil Duttd0ef38b2013-09-30 17:34:13 +0300[diff] [blame]2616 wpa_tdls_disable_peer_link(sm, peer);
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]2617 return -1;
2618 }
2619
2620 return 0;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2621}
2622
2623
Dmitry Shmidt4b9d52f2013-02-05 17:44:43 -0800[diff] [blame]2624void wpa_tdls_remove(struct wpa_sm *sm, const u8 *addr)
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2625{
2626 struct wpa_tdls_peer *peer;
2627
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]2628 if (sm->tdls_disabled || !sm->tdls_supported)
Dmitry Shmidt4b9d52f2013-02-05 17:44:43 -0800[diff] [blame]2629 return;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2630
2631 for (peer = sm->tdls; peer; peer = peer->next) {
2632 if (os_memcmp(peer->addr, addr, ETH_ALEN) == 0)
2633 break;
2634 }
2635
2636 if (peer == NULL || !peer->tpk_success)
Dmitry Shmidt4b9d52f2013-02-05 17:44:43 -0800[diff] [blame]2637 return;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2638
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]2639 if (sm->tdls_external_setup) {
2640 /*
2641 * Disable previous link to allow renegotiation to be completed
2642 * on AP path.
2643 */
Dmitry Shmidtb58836e2014-04-29 14:35:56 -0700[diff] [blame]2644 wpa_tdls_do_teardown(sm, peer,
2645 WLAN_REASON_TDLS_TEARDOWN_UNSPECIFIED);
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]2646 }
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2647}
2648
2649
2650/**
2651 * wpa_supplicant_rx_tdls - Receive TDLS data frame
2652 *
2653 * This function is called to receive TDLS (ethertype = 0x890d) data frames.
2654 */
2655static void wpa_supplicant_rx_tdls(void *ctx, const u8 *src_addr,
2656 const u8 *buf, size_t len)
2657{
2658 struct wpa_sm *sm = ctx;
2659 struct wpa_tdls_frame *tf;
2660
2661 wpa_hexdump(MSG_DEBUG, "TDLS: Received Data frame encapsulation",
2662 buf, len);
2663
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]2664 if (sm->tdls_disabled || !sm->tdls_supported) {
2665 wpa_printf(MSG_DEBUG, "TDLS: Discard message - TDLS disabled "
2666 "or unsupported by driver");
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2667 return;
2668 }
2669
2670 if (os_memcmp(src_addr, sm->own_addr, ETH_ALEN) == 0) {
2671 wpa_printf(MSG_DEBUG, "TDLS: Discard copy of own message");
2672 return;
2673 }
2674
2675 if (len < sizeof(*tf)) {
2676 wpa_printf(MSG_INFO, "TDLS: Drop too short frame");
2677 return;
2678 }
2679
2680 /* Check to make sure its a valid encapsulated TDLS frame */
2681 tf = (struct wpa_tdls_frame *) buf;
2682 if (tf->payloadtype != 2 /* TDLS_RFTYPE */ ||
2683 tf->category != WLAN_ACTION_TDLS) {
2684 wpa_printf(MSG_INFO, "TDLS: Invalid frame - payloadtype=%u "
2685 "category=%u action=%u",
2686 tf->payloadtype, tf->category, tf->action);
2687 return;
2688 }
2689
2690 switch (tf->action) {
2691 case WLAN_TDLS_SETUP_REQUEST:
2692 wpa_tdls_process_tpk_m1(sm, src_addr, buf, len);
2693 break;
2694 case WLAN_TDLS_SETUP_RESPONSE:
2695 wpa_tdls_process_tpk_m2(sm, src_addr, buf, len);
2696 break;
2697 case WLAN_TDLS_SETUP_CONFIRM:
2698 wpa_tdls_process_tpk_m3(sm, src_addr, buf, len);
2699 break;
2700 case WLAN_TDLS_TEARDOWN:
2701 wpa_tdls_recv_teardown(sm, src_addr, buf, len);
2702 break;
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]2703 case WLAN_TDLS_DISCOVERY_REQUEST:
2704 wpa_tdls_process_discovery_request(sm, src_addr, buf, len);
2705 break;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2706 default:
2707 /* Kernel code will process remaining frames */
2708 wpa_printf(MSG_DEBUG, "TDLS: Ignore TDLS frame action code %u",
2709 tf->action);
2710 break;
2711 }
2712}
2713
2714
2715/**
2716 * wpa_tdls_init - Initialize driver interface parameters for TDLS
2717 * @wpa_s: Pointer to wpa_supplicant data
2718 * Returns: 0 on success, -1 on failure
2719 *
2720 * This function is called to initialize driver interface parameters for TDLS.
2721 * wpa_drv_init() must have been called before this function to initialize the
2722 * driver interface.
2723 */
2724int wpa_tdls_init(struct wpa_sm *sm)
2725{
2726 if (sm == NULL)
2727 return -1;
2728
Dmitry Shmidt04949592012-07-19 12:16:46 -0700[diff] [blame]2729 sm->l2_tdls = l2_packet_init(sm->bridge_ifname ? sm->bridge_ifname :
2730 sm->ifname,
2731 sm->own_addr,
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2732 ETH_P_80211_ENCAP, wpa_supplicant_rx_tdls,
2733 sm, 0);
2734 if (sm->l2_tdls == NULL) {
2735 wpa_printf(MSG_ERROR, "TDLS: Failed to open l2_packet "
2736 "connection");
2737 return -1;
2738 }
2739
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]2740 /*
2741 * Drivers that support TDLS but don't implement the get_capa callback
2742 * are assumed to perform everything internally
2743 */
2744 if (wpa_sm_tdls_get_capa(sm, &sm->tdls_supported,
2745 &sm->tdls_external_setup) < 0) {
2746 sm->tdls_supported = 1;
2747 sm->tdls_external_setup = 0;
2748 }
2749
2750 wpa_printf(MSG_DEBUG, "TDLS: TDLS operation%s supported by "
2751 "driver", sm->tdls_supported ? "" : " not");
2752 wpa_printf(MSG_DEBUG, "TDLS: Driver uses %s link setup",
2753 sm->tdls_external_setup ? "external" : "internal");
2754
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2755 return 0;
2756}
2757
2758
Dmitry Shmidtf8623282013-02-20 14:34:59 -0800[diff] [blame]2759void wpa_tdls_teardown_peers(struct wpa_sm *sm)
2760{
Dmitry Shmidtd30ac602014-06-30 09:54:22 -0700[diff] [blame]2761 struct wpa_tdls_peer *peer, *tmp;
Dmitry Shmidtf8623282013-02-20 14:34:59 -0800[diff] [blame]2762
2763 peer = sm->tdls;
2764
2765 wpa_printf(MSG_DEBUG, "TDLS: Tear down peers");
2766
2767 while (peer) {
Dmitry Shmidtd30ac602014-06-30 09:54:22 -0700[diff] [blame]2768 tmp = peer->next;
Dmitry Shmidtf8623282013-02-20 14:34:59 -0800[diff] [blame]2769 wpa_printf(MSG_DEBUG, "TDLS: Tear down peer " MACSTR,
2770 MAC2STR(peer->addr));
2771 if (sm->tdls_external_setup)
Dmitry Shmidtb58836e2014-04-29 14:35:56 -0700[diff] [blame]2772 wpa_tdls_do_teardown(sm, peer,
2773 WLAN_REASON_DEAUTH_LEAVING);
Dmitry Shmidtf8623282013-02-20 14:34:59 -0800[diff] [blame]2774 else
2775 wpa_sm_tdls_oper(sm, TDLS_TEARDOWN, peer->addr);
2776
Dmitry Shmidtd30ac602014-06-30 09:54:22 -0700[diff] [blame]2777 peer = tmp;
Dmitry Shmidtf8623282013-02-20 14:34:59 -0800[diff] [blame]2778 }
2779}
2780
2781
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2782static void wpa_tdls_remove_peers(struct wpa_sm *sm)
2783{
2784 struct wpa_tdls_peer *peer, *tmp;
2785
2786 peer = sm->tdls;
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2787
2788 while (peer) {
2789 int res;
2790 tmp = peer->next;
2791 res = wpa_sm_tdls_oper(sm, TDLS_DISABLE_LINK, peer->addr);
2792 wpa_printf(MSG_DEBUG, "TDLS: Remove peer " MACSTR " (res=%d)",
2793 MAC2STR(peer->addr), res);
2794 wpa_tdls_peer_free(sm, peer);
Dmitry Shmidt8d520ff2011-05-09 14:06:53 -0700[diff] [blame]2795 peer = tmp;
2796 }
2797}
2798
2799
2800/**
2801 * wpa_tdls_deinit - Deinitialize driver interface parameters for TDLS
2802 *
2803 * This function is called to recover driver interface parameters for TDLS
2804 * and frees resources allocated for it.
2805 */
2806void wpa_tdls_deinit(struct wpa_sm *sm)
2807{
2808 if (sm == NULL)
2809 return;
2810
2811 if (sm->l2_tdls)
2812 l2_packet_deinit(sm->l2_tdls);
2813 sm->l2_tdls = NULL;
2814
2815 wpa_tdls_remove_peers(sm);
2816}
2817
2818
2819void wpa_tdls_assoc(struct wpa_sm *sm)
2820{
2821 wpa_printf(MSG_DEBUG, "TDLS: Remove peers on association");
2822 wpa_tdls_remove_peers(sm);
2823}
2824
2825
2826void wpa_tdls_disassoc(struct wpa_sm *sm)
2827{
2828 wpa_printf(MSG_DEBUG, "TDLS: Remove peers on disassociation");
2829 wpa_tdls_remove_peers(sm);
2830}
2831
2832
2833static int wpa_tdls_prohibited(const u8 *ies, size_t len)
2834{
2835 struct wpa_eapol_ie_parse elems;
2836
2837 if (ies == NULL)
2838 return 0;
2839
2840 if (wpa_supplicant_parse_ies(ies, len, &elems) < 0)
2841 return 0;
2842
2843 if (elems.ext_capab == NULL || elems.ext_capab_len < 2 + 5)
2844 return 0;
2845
2846 /* bit 38 - TDLS Prohibited */
2847 return !!(elems.ext_capab[2 + 4] & 0x40);
2848}
2849
2850
2851void wpa_tdls_ap_ies(struct wpa_sm *sm, const u8 *ies, size_t len)
2852{
2853 sm->tdls_prohibited = wpa_tdls_prohibited(ies, len);
2854 wpa_printf(MSG_DEBUG, "TDLS: TDLS is %s in the target BSS",
2855 sm->tdls_prohibited ? "prohibited" : "allowed");
2856}
2857
2858
2859void wpa_tdls_assoc_resp_ies(struct wpa_sm *sm, const u8 *ies, size_t len)
2860{
2861 if (!sm->tdls_prohibited && wpa_tdls_prohibited(ies, len)) {
2862 wpa_printf(MSG_DEBUG, "TDLS: TDLS prohibited based on "
2863 "(Re)Association Response IEs");
2864 sm->tdls_prohibited = 1;
2865 }
2866}
2867
2868
2869void wpa_tdls_enable(struct wpa_sm *sm, int enabled)
2870{
2871 wpa_printf(MSG_DEBUG, "TDLS: %s", enabled ? "enabled" : "disabled");
2872 sm->tdls_disabled = !enabled;
2873}
Dmitry Shmidt1f69aa52012-01-24 16:10:04 -0800[diff] [blame]2874
2875
2876int wpa_tdls_is_external_setup(struct wpa_sm *sm)
2877{
2878 return sm->tdls_external_setup;
2879}