static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm,
const struct wpa_eapol_key *key,
int ver, u16 key_info)
{
size_t rlen;
struct wpa_eapol_key *reply;
u8 *rbuf;
printf("2/2\n");
rbuf = wpa_alloc_eapol(IEEE802_1X_TYPE_EAPOL_KEY, NULL, sizeof(*reply), &rlen, (void *) &reply);
if (rbuf == NULL)
return -1;
reply->type = sm->proto == WPA_PROTO_RSN ?
EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
key_info &= WPA_KEY_INFO_KEY_INDEX_MASK;
key_info |= ver | WPA_KEY_INFO_MIC | WPA_KEY_INFO_SECURE;
WPA_PUT_BE16(reply->key_info, key_info);
if (sm->proto == WPA_PROTO_RSN)
WPA_PUT_BE16(reply->key_length, 0);
else
os_memcpy(reply->key_length, key->key_length, 2);
os_memcpy(reply->replay_counter, key->replay_counter,
WPA_REPLAY_COUNTER_LEN);
WPA_PUT_BE16(reply->key_data_length, 0);
lwip_log("WPA: Sending EAPOL-Key 2/2\n");
wpa_eapol_key_send(sm, sm->ptk.kck, ver, sm->bssid, ETH_P_EAPOL, rbuf, rlen, reply->key_mic);
return 0;
}
/**
* wpa_supplicant_eapol_send - Send IEEE 802.1X EAPOL packet to Authenticator
* @ctx: Pointer to wpa_supplicant data (wpa_s)
* @type: IEEE 802.1X packet type (IEEE802_1X_TYPE_*)
* @buf: EAPOL payload (after IEEE 802.1X header)
* @len: EAPOL payload length
* Returns: >=0 on success, <0 on failure
*
* This function adds Ethernet and IEEE 802.1X header and sends the EAPOL frame
* to the current Authenticator.
*/
static int wpa_supplicant_eapol_send(void *ctx, int type, const u8 *buf,
size_t len)
{
struct wpa_supplicant *wpa_s = ctx;
u8 *msg, *dst, bssid[ETH_ALEN];
size_t msglen;
int res;
/* TODO: could add l2_packet_sendmsg that allows fragments to avoid
* extra copy here */
if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
/* Current SSID is not using IEEE 802.1X/EAP, so drop possible
* EAPOL frames (mainly, EAPOL-Start) from EAPOL state
* machines. */
wpa_printf(MSG_DEBUG, "WPA: drop TX EAPOL in non-IEEE 802.1X "
"mode (type=%d len=%lu)", type,
(unsigned long) len);
return -1;
}
if (is_zero_ether_addr(wpa_s->bssid)) {
wpa_printf(MSG_DEBUG, "BSSID not set when trying to send an "
"EAPOL frame");
if (wpa_drv_get_bssid(wpa_s, bssid) == 0 &&
!is_zero_ether_addr(bssid)) {
dst = bssid;
wpa_printf(MSG_DEBUG, "Using current BSSID " MACSTR
" from the driver as the EAPOL destination",
MAC2STR(dst));
} else {
dst = wpa_s->last_eapol_src;
wpa_printf(MSG_DEBUG, "Using the source address of the"
" last received EAPOL frame " MACSTR " as "
"the EAPOL destination",
MAC2STR(dst));
}
} else {
/* BSSID was already set (from (Re)Assoc event, so use it as
* the EAPOL destination. */
dst = wpa_s->bssid;
}
msg = wpa_alloc_eapol(wpa_s, type, buf, len, &msglen, NULL);
if (msg == NULL)
return -1;
wpa_printf(MSG_DEBUG, "TX EAPOL: dst=" MACSTR, MAC2STR(dst));
wpa_hexdump(MSG_MSGDUMP, "TX EAPOL", msg, msglen);
res = wpa_ether_send(wpa_s, dst, ETH_P_EAPOL, msg, msglen);
os_free(msg);
return res;
}
static int wpa_supplicant_send_2_of_4(struct wpa_sm *sm,
const unsigned char *dst,
const struct wpa_eapol_key *key,
int ver, const u8 *nonce,
const u8 *wpa_ie, size_t wpa_ie_len,
struct wpa_ptk *ptk)
{
size_t rlen;
struct wpa_eapol_key *reply;
u8 *rbuf;
if (wpa_ie == NULL)
{
lwip_log("WPA: No wpa_ie set - cannot generate msg 2/4\n");
return -1;
}
wpa_hexdump(MSG_DEBUG, "WPA: WPA IE for msg 2/4", wpa_ie, wpa_ie_len);
rbuf = wpa_alloc_eapol(IEEE802_1X_TYPE_EAPOL_KEY,
NULL, sizeof(*reply) + wpa_ie_len,
&rlen, (void *) &reply);
if (rbuf == NULL)
return -1;
reply->type = sm->proto == WPA_PROTO_RSN ? EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
WPA_PUT_BE16(reply->key_info, ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC);
if (sm->proto == WPA_PROTO_RSN)
WPA_PUT_BE16(reply->key_length, 0);
else
os_memcpy(reply->key_length, key->key_length, 2);
os_memcpy(reply->replay_counter, key->replay_counter, WPA_REPLAY_COUNTER_LEN);
WPA_PUT_BE16(reply->key_data_length, wpa_ie_len);
os_memcpy(reply + 1, wpa_ie, wpa_ie_len);
os_memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN);
wpa_eapol_key_send(sm, ptk->kck, ver, dst, ETH_P_EAPOL, rbuf, rlen, reply->key_mic);
//printf("wpa_supplicant_process_2_of_4 exit\n");
printf("2/4x\n");
return 0;
}
static int wpa_supplicant_send_4_of_4(struct wpa_sm *sm,
const unsigned char *dst,
const struct wpa_eapol_key *key,
u16 ver, u16 key_info,
const u8 *kde, size_t kde_len,
struct wpa_ptk *ptk)
{
int i;
size_t rlen;
struct wpa_eapol_key *reply;
u8 *rbuf;
if (kde)
wpa_hexdump(MSG_DEBUG, "WPA: KDE for msg 4/4", kde, kde_len);
rbuf = wpa_alloc_eapol(IEEE802_1X_TYPE_EAPOL_KEY, NULL,
sizeof(*reply) + kde_len,
&rlen, (void *) &reply);
if (rbuf == NULL)
return -1;
reply->type = (sm->proto == WPA_PROTO_RSN) ? EAPOL_KEY_TYPE_RSN : EAPOL_KEY_TYPE_WPA;
key_info &= WPA_KEY_INFO_SECURE;
key_info |= ver | WPA_KEY_INFO_KEY_TYPE | WPA_KEY_INFO_MIC;
WPA_PUT_BE16(reply->key_info, key_info);
if (sm->proto == WPA_PROTO_RSN)
WPA_PUT_BE16(reply->key_length, 0);
else
os_memcpy(reply->key_length, key->key_length, 2);
os_memcpy(reply->replay_counter, key->replay_counter, WPA_REPLAY_COUNTER_LEN);
WPA_PUT_BE16(reply->key_data_length, kde_len);
if (kde)
os_memcpy(reply + 1, kde, kde_len);
wpa_eapol_key_send(sm, ptk->kck, ver, dst, ETH_P_EAPOL, rbuf, rlen, reply->key_mic);
//printf("wpa_supplicant_process_4_of_4 exit\n");
printf("4/4x\n");
return 0;
}
static u8 * _wpa_alloc_eapol(void *wpa_s, u8 type,
const void *data, u16 data_len,
size_t *msg_len, void **data_pos)
{
return wpa_alloc_eapol(wpa_s, type, data, data_len, msg_len, data_pos);
}
/**
* wpa_supplicant_eapol_send - Send IEEE 802.1X EAPOL packet to Authenticator
* @ctx: Pointer to wpa_supplicant data (wpa_s)
* @type: IEEE 802.1X packet type (IEEE802_1X_TYPE_*)
* @buf: EAPOL payload (after IEEE 802.1X header)
* @len: EAPOL payload length
* Returns: >=0 on success, <0 on failure
*
* This function adds Ethernet and IEEE 802.1X header and sends the EAPOL frame
* to the current Authenticator.
*/
static int wpa_supplicant_eapol_send(void *ctx, int type, const u8 *buf,
size_t len)
{
struct wpa_supplicant *wpa_s = ctx;
u8 *msg, *dst, bssid[ETH_ALEN];
size_t msglen;
int res;
/* TODO: could add l2_packet_sendmsg that allows fragments to avoid
* extra copy here */
if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
/* Current SSID is not using IEEE 802.1X/EAP, so drop possible
* EAPOL frames (mainly, EAPOL-Start) from EAPOL state
* machines. */
wpa_printf(MSG_DEBUG, "WPA: drop TX EAPOL in non-IEEE 802.1X "
"mode (type=%d len=%lu)", type,
(unsigned long) len);
return -1;
}
if (pmksa_cache_get_current(wpa_s->wpa) &&
type == IEEE802_1X_TYPE_EAPOL_START) {
/*
* We were trying to use PMKSA caching and sending EAPOL-Start
* would abort that and trigger full EAPOL authentication.
* However, we've already waited for the AP/Authenticator to
* start 4-way handshake or EAP authentication, and apparently
* it has not done so since the startWhen timer has reached zero
* to get the state machine sending EAPOL-Start. This is not
* really supposed to happen, but an interoperability issue with
* a deployed AP has been identified where the connection fails
* due to that AP failing to operate correctly if PMKID is
* included in the Association Request frame. To work around
* this, assume PMKSA caching failed and try to initiate full
* EAP authentication.
*/
if (!wpa_s->current_ssid ||
wpa_s->current_ssid->eap_workaround) {
wpa_printf(MSG_DEBUG,
"RSN: Timeout on waiting for the AP to initiate 4-way handshake for PMKSA caching or EAP authentication - try to force it to start EAP authentication");
} else {
wpa_printf(MSG_DEBUG,
"RSN: PMKSA caching - do not send EAPOL-Start");
return -1;
}
}
if (is_zero_ether_addr(wpa_s->bssid)) {
wpa_printf(MSG_DEBUG, "BSSID not set when trying to send an "
"EAPOL frame");
if (wpa_drv_get_bssid(wpa_s, bssid) == 0 &&
!is_zero_ether_addr(bssid)) {
dst = bssid;
wpa_printf(MSG_DEBUG, "Using current BSSID " MACSTR
" from the driver as the EAPOL destination",
MAC2STR(dst));
} else {
dst = wpa_s->last_eapol_src;
wpa_printf(MSG_DEBUG, "Using the source address of the"
" last received EAPOL frame " MACSTR " as "
"the EAPOL destination",
MAC2STR(dst));
}
} else {
/* BSSID was already set (from (Re)Assoc event, so use it as
* the EAPOL destination. */
dst = wpa_s->bssid;
}
msg = wpa_alloc_eapol(wpa_s, type, buf, len, &msglen, NULL);
if (msg == NULL)
return -1;
wpa_printf(MSG_DEBUG, "TX EAPOL: dst=" MACSTR, MAC2STR(dst));
wpa_hexdump(MSG_MSGDUMP, "TX EAPOL", msg, msglen);
res = wpa_ether_send(wpa_s, dst, ETH_P_EAPOL, msg, msglen);
os_free(msg);
return res;
}