preauth.c

一个Linux下无线网卡的设置工具

/*
 * WPA Supplicant - RSN pre-authentication and PMKSA caching
 * Copyright (c) 2003-2006, Jouni Malinen <jkmaline@cc.hut.fi>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 *
 * Alternatively, this software may be distributed under the terms of BSD
 * license.
 *
 * See README and COPYING for more details.
 */

#include <stdlib.h>
#include <stdio.h>
#include <sys/time.h>
#ifndef CONFIG_NATIVE_WINDOWS
#include <netinet/in.h>
#endif /* CONFIG_NATIVE_WINDOWS */
#include <string.h>
#include <time.h>

#include "common.h"
#include "sha1.h"
#include "wpa.h"
#include "driver.h"
#include "eloop.h"
#include "wpa_supplicant.h"
#include "config.h"
#include "l2_packet.h"
#include "eapol_sm.h"
#include "preauth.h"
#include "wpa_i.h"


#define PMKID_CANDIDATE_PRIO_SCAN 1000
static const int pmksa_cache_max_entries = 32;


struct rsn_pmksa_candidate {
	struct rsn_pmksa_candidate *next;
	u8 bssid[ETH_ALEN];
	int priority;
};


/**
 * rsn_pmkid - Calculate PMK identifier
 * @pmk: Pairwise master key
 * @aa: Authenticator address
 * @spa: Supplicant address
 *
 * IEEE Std 802.11i-2004 - 8.5.1.2 Pairwise key hierarchy
 * PMKID = HMAC-SHA1-128(PMK, "PMK Name" || AA || SPA)
 */
static void rsn_pmkid(const u8 *pmk, const u8 *aa, const u8 *spa, u8 *pmkid)
{
	char *title = "PMK Name";
	const unsigned char *addr[3];
	const size_t len[3] = { 8, ETH_ALEN, ETH_ALEN };
	unsigned char hash[SHA1_MAC_LEN];

	addr[0] = (unsigned char *) title;
	addr[1] = aa;
	addr[2] = spa;

	hmac_sha1_vector(pmk, PMK_LEN, 3, addr, len, hash);
	memcpy(pmkid, hash, PMKID_LEN);
}


static void pmksa_cache_set_expiration(struct wpa_sm *sm);


static void pmksa_cache_free_entry(struct wpa_sm *sm,
				   struct rsn_pmksa_cache *entry, int replace)
{
	int current;

	current = sm->cur_pmksa == entry ||
		(sm->pmk_len == entry->pmk_len &&
		 memcmp(sm->pmk, entry->pmk, sm->pmk_len) == 0);

	free(entry);
	sm->pmksa_count--;

	if (current) {
		wpa_printf(MSG_DEBUG, "RSN: removed current PMKSA entry");
		sm->cur_pmksa = NULL;

		if (replace) {
			/* A new entry is being added, so no need to
			 * deauthenticate in this case. This happens when EAP
			 * authentication is completed again (reauth or failed
			 * PMKSA caching attempt). */
			return;
		}

		memset(sm->pmk, 0, sizeof(sm->pmk));
		wpa_sm_deauthenticate(sm, REASON_UNSPECIFIED);
		wpa_sm_req_scan(sm, 0, 0);
	}
}


static void pmksa_cache_expire(void *eloop_ctx, void *timeout_ctx)
{
	struct wpa_sm *sm = eloop_ctx;
	time_t now;

	time(&now);
	while (sm->pmksa && sm->pmksa->expiration <= now) {
		struct rsn_pmksa_cache *entry = sm->pmksa;
		sm->pmksa = entry->next;
		wpa_printf(MSG_DEBUG, "RSN: expired PMKSA cache entry for "
			   MACSTR, MAC2STR(entry->aa));
		pmksa_cache_free_entry(sm, entry, 0);
	}

	pmksa_cache_set_expiration(sm);
}


static void pmksa_cache_reauth(void *eloop_ctx, void *timeout_ctx)
{
	struct wpa_sm *sm = eloop_ctx;
	sm->cur_pmksa = NULL;
	eapol_sm_request_reauth(sm->eapol);
}


static void pmksa_cache_set_expiration(struct wpa_sm *sm)
{
	int sec;
	struct rsn_pmksa_cache *entry;

	eloop_cancel_timeout(pmksa_cache_expire, sm, NULL);
	eloop_cancel_timeout(pmksa_cache_reauth, sm, NULL);
	if (sm->pmksa == NULL)
		return;
	sec = sm->pmksa->expiration - time(NULL);
	if (sec < 0)
		sec = 0;
	eloop_register_timeout(sec + 1, 0, pmksa_cache_expire, sm, NULL);

	entry = sm->cur_pmksa ? sm->cur_pmksa :
		pmksa_cache_get(sm, sm->bssid, NULL);
	if (entry) {
		sec = sm->pmksa->reauth_time - time(NULL);
		if (sec < 0)
			sec = 0;
		eloop_register_timeout(sec, 0, pmksa_cache_reauth, sm, NULL);
	}
}


/**
 * pmksa_cache_add - Add a PMKSA cache entry
 * @sm: Pointer to WPA state machine data from wpa_sm_init()
 * @pmk: The new pairwise master key
 * @pmk_len: PMK length in bytes, usually PMK_LEN (32)
 * @aa: Authenticator address
 * @spa: Supplicant address
 * @ssid: The network configuration for which this PMK is being added
 * Returns: Pointer to the added PMKSA cache entry or %NULL on error
 *
 * This function create a PMKSA entry for a new PMK and adds it to the PMKSA
 * cache. If an old entry is already in the cache for the same Authenticator,
 * this entry will be replaced with the new entry. PMKID will be calculated
 * based on the PMK and the driver interface is notified of the new PMKID.
 */
struct rsn_pmksa_cache *
pmksa_cache_add(struct wpa_sm *sm, const u8 *pmk,
		size_t pmk_len, const u8 *aa, const u8 *spa,
		struct wpa_ssid *ssid)
{
	struct rsn_pmksa_cache *entry, *pos, *prev;
	time_t now;

	if (sm->proto != WPA_PROTO_RSN || pmk_len > PMK_LEN)
		return NULL;

	entry = malloc(sizeof(*entry));
	if (entry == NULL)
		return NULL;
	memset(entry, 0, sizeof(*entry));
	memcpy(entry->pmk, pmk, pmk_len);
	entry->pmk_len = pmk_len;
	rsn_pmkid(pmk, aa, spa, entry->pmkid);
	now = time(NULL);
	entry->expiration = now + sm->dot11RSNAConfigPMKLifetime;
	entry->reauth_time = now + sm->dot11RSNAConfigPMKLifetime *
		sm->dot11RSNAConfigPMKReauthThreshold / 100;
	entry->akmp = WPA_KEY_MGMT_IEEE8021X;
	memcpy(entry->aa, aa, ETH_ALEN);
	entry->ssid = ssid;

	/* Replace an old entry for the same Authenticator (if found) with the
	 * new entry */
	pos = sm->pmksa;
	prev = NULL;
	while (pos) {
		if (memcmp(aa, pos->aa, ETH_ALEN) == 0) {
			if (pos->pmk_len == pmk_len &&
			    memcmp(pos->pmk, pmk, pmk_len) == 0 &&
			    memcmp(pos->pmkid, entry->pmkid, PMKID_LEN) == 0) {
				wpa_printf(MSG_DEBUG, "WPA: reusing previous "
					   "PMKSA entry");
				free(entry);
				return pos;
			}
			if (prev == NULL)
				sm->pmksa = pos->next;
			else
				prev->next = pos->next;
			wpa_printf(MSG_DEBUG, "RSN: Replace PMKSA entry for "
				   "the current AP");
			pmksa_cache_free_entry(sm, pos, 1);
			break;
		}
		prev = pos;
		pos = pos->next;
	}

	if (sm->pmksa_count >= pmksa_cache_max_entries && sm->pmksa) {
		/* Remove the oldest entry to make room for the new entry */
		pos = sm->pmksa;
		sm->pmksa = pos->next;
		wpa_printf(MSG_DEBUG, "RSN: removed the oldest PMKSA cache "
			   "entry (for " MACSTR ") to make room for new one",
			   MAC2STR(pos->aa));
		wpa_sm_remove_pmkid(sm, pos->aa, pos->pmkid);
		pmksa_cache_free_entry(sm, pos, 0);
	}

	/* Add the new entry; order by expiration time */
	pos = sm->pmksa;
	prev = NULL;
	while (pos) {
		if (pos->expiration > entry->expiration)
			break;
		prev = pos;
		pos = pos->next;
	}
	if (prev == NULL) {
		entry->next = sm->pmksa;
		sm->pmksa = entry;
		pmksa_cache_set_expiration(sm);
	} else {
		entry->next = prev->next;
		prev->next = entry;
	}
	sm->pmksa_count++;
	wpa_printf(MSG_DEBUG, "RSN: added PMKSA cache entry for " MACSTR,
		   MAC2STR(entry->aa));
	wpa_sm_add_pmkid(sm, entry->aa, entry->pmkid);

	return entry;
}


/**
 * pmksa_cache_free - Free all entries in PMKSA cache
 * @sm: Pointer to WPA state machine data from wpa_sm_init()
 */
void pmksa_cache_free(struct wpa_sm *sm)
{
	struct rsn_pmksa_cache *entry, *prev;

	if (sm == NULL)
		return;

	entry = sm->pmksa;
	sm->pmksa = NULL;
	while (entry) {
		prev = entry;
		entry = entry->next;
		free(prev);
	}
	pmksa_cache_set_expiration(sm);
	sm->cur_pmksa = NULL;
}


/**
 * pmksa_cache_get - Fetch a PMKSA cache entry
 * @sm: Pointer to WPA state machine data from wpa_sm_init()
 * @aa: Authenticator address or %NULL to match any
 * @pmkid: PMKID or %NULL to match any
 * Returns: Pointer to PMKSA cache entry or %NULL if no match was found
 */
struct rsn_pmksa_cache * pmksa_cache_get(struct wpa_sm *sm,
					 const u8 *aa, const u8 *pmkid)
{
	struct rsn_pmksa_cache *entry = sm->pmksa;
	while (entry) {
		if ((aa == NULL || memcmp(entry->aa, aa, ETH_ALEN) == 0) &&
		    (pmkid == NULL ||
		     memcmp(entry->pmkid, pmkid, PMKID_LEN) == 0))
			return entry;
		entry = entry->next;
	}
	return NULL;
}


/**
 * pmksa_cache_notify_reconfig - Reconfiguration notification for PMKSA cache
 * @sm: Pointer to WPA state machine data from wpa_sm_init()
 *
 * Clear references to old data structures when wpa_supplicant is reconfigured.
 */
void pmksa_cache_notify_reconfig(struct wpa_sm *sm)
{
	struct rsn_pmksa_cache *entry = sm->pmksa;
	while (entry) {
		entry->ssid = NULL;
		entry = entry->next;
	}
}


static struct rsn_pmksa_cache *
pmksa_cache_clone_entry(struct wpa_sm *sm,
			const struct rsn_pmksa_cache *old_entry, const u8 *aa)
{
	struct rsn_pmksa_cache *new_entry;

	new_entry = pmksa_cache_add(sm, old_entry->pmk, old_entry->pmk_len,
				    aa, sm->own_addr, old_entry->ssid);
	if (new_entry == NULL)
		return NULL;

	/* TODO: reorder entries based on expiration time? */
	new_entry->expiration = old_entry->expiration;
	new_entry->opportunistic = 1;

	return new_entry;
}


/**
 * pmksa_cache_get_opportunistic - Try to get an opportunistic PMKSA entry
 * @sm: Pointer to WPA state machine data from wpa_sm_init()
 * @ssid: Pointer to the current network configuration
 * @aa: Authenticator address for the new AP
 * Returns: Pointer to a new PMKSA cache entry or %NULL if not available
 *
 * Try to create a new PMKSA cache entry opportunistically by guessing that the
 * new AP is sharing the same PMK as another AP that has the same SSID and has
 * already an entry in PMKSA cache.
 */
static struct rsn_pmksa_cache *
pmksa_cache_get_opportunistic(struct wpa_sm *sm,
			      struct wpa_ssid *ssid, const u8 *aa)
{
	struct rsn_pmksa_cache *entry = sm->pmksa;

	if (ssid == NULL)
		return NULL;
	while (entry) {
		if (entry->ssid == ssid) {
			entry = pmksa_cache_clone_entry(sm, entry, aa);
			if (entry) {
				wpa_printf(MSG_DEBUG, "RSN: added "
					   "opportunistic PMKSA cache entry "
					   "for " MACSTR, MAC2STR(aa));
			}
			return entry;
		}
		entry = entry->next;
	}
	return NULL;
}


/**
 * pmksa_cache_get_current - Get the current used PMKSA entry
 * @sm: Pointer to WPA state machine data from wpa_sm_init()
 * Returns: Pointer to the current PMKSA cache entry or %NULL if not available
 */
struct rsn_pmksa_cache * pmksa_cache_get_current(struct wpa_sm *sm)
{
	if (sm == NULL)
		return NULL;
	return sm->cur_pmksa;
}


/**
 * pmksa_cache_clear_current - Clear the current PMKSA entry selection
 * @sm: Pointer to WPA state machine data from wpa_sm_init()
 */
void pmksa_cache_clear_current(struct wpa_sm *sm)
{
	if (sm == NULL)
		return;
	sm->cur_pmksa = NULL;
}


/**
 * pmksa_cache_set_current - Set the current PMKSA entry selection
 * @sm: Pointer to WPA state machine data from wpa_sm_init()
 * @pmkid: PMKID for selecting PMKSA or %NULL if not used
 * @bssid: BSSID for PMKSA or %NULL if not used
 * @ssid: The network configuration for the current network
 * @try_opportunistic: Whether to allow opportunistic PMKSA caching
 * Returns: 0 if PMKSA was found or -1 if no matching entry was found
 */
int pmksa_cache_set_current(struct wpa_sm *sm, const u8 *pmkid,
			    const u8 *bssid, struct wpa_ssid *ssid,
			    int try_opportunistic)
{
	sm->cur_pmksa = NULL;
	if (pmkid)
		sm->cur_pmksa = pmksa_cache_get(sm, NULL, pmkid);
	if (sm->cur_pmksa == NULL && bssid)
		sm->cur_pmksa = pmksa_cache_get(sm, bssid, NULL);
	if (sm->cur_pmksa == NULL && try_opportunistic && bssid)
		sm->cur_pmksa = pmksa_cache_get_opportunistic(sm, ssid, bssid);
	if (sm->cur_pmksa) {
		wpa_hexdump(MSG_DEBUG, "RSN: PMKID",
			    sm->cur_pmksa->pmkid, PMKID_LEN);
		return 0;
	}
	return -1;
}


/**
 * pmksa_cache_list - Dump text list of entries in PMKSA cache
 * @sm: Pointer to WPA state machine data from wpa_sm_init()
 * @buf: Buffer for the list
 * @len: Length of the buffer
 * Returns: number of bytes written to buffer
 *
 * This function is used to generate a text format representation of the
 * current PMKSA cache contents for the ctrl_iface PMKSA command.
 */
int pmksa_cache_list(struct wpa_sm *sm, char *buf, size_t len)
{
	int i, j;
	char *pos = buf;
	struct rsn_pmksa_cache *entry;
	time_t now;

	time(&now);
	pos += snprintf(pos, buf + len - pos,
			"Index / AA / PMKID / expiration (in seconds) / "
			"opportunistic\n");
	i = 0;
	entry = sm->pmksa;
	while (entry) {
		i++;
		pos += snprintf(pos, buf + len - pos, "%d " MACSTR " ",
				i, MAC2STR(entry->aa));
		for (j = 0; j < PMKID_LEN; j++)
			pos += snprintf(pos, buf + len - pos, "%02x",
					entry->pmkid[j]);
		pos += snprintf(pos, buf + len - pos, " %d %d\n",
				(int) (entry->expiration - now),
				entry->opportunistic);
		entry = entry->next;
	}
	return pos - buf;
}