forked from espressif/esp-idf
Merge branch 'bugfix/remove_stray_newline_in_supplicant_logging' into 'master'
Follow-up changes to remove all stray '\n' Closes IDFGH-8861 See merge request espressif/esp-idf!21453
This commit is contained in:
Nachiket Kukade
@@ -485,7 +485,7 @@ void crypto_debug_print_point(const char *title, struct crypto_ec *e,
|
|||||||
u8 x[32], y[32];
|
u8 x[32], y[32];
|
||||||
|
|
||||||
if (crypto_ec_point_to_bin(e, point, x, y) < 0) {
|
if (crypto_ec_point_to_bin(e, point, x, y) < 0) {
|
||||||
wpa_printf(MSG_ERROR, "error: failed to get corrdinates\n");
|
wpa_printf(MSG_ERROR, "error: failed to get corrdinates");
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -498,7 +498,7 @@ static struct crypto_key *crypto_alloc_key(void)
|
|||||||
mbedtls_pk_context *key = os_malloc(sizeof(*key));
|
mbedtls_pk_context *key = os_malloc(sizeof(*key));
|
||||||
|
|
||||||
if (!key) {
|
if (!key) {
|
||||||
wpa_printf(MSG_ERROR, "%s: memory allocation failed\n", __func__);
|
wpa_printf(MSG_ERROR, "%s: memory allocation failed", __func__);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
mbedtls_pk_init(key);
|
mbedtls_pk_init(key);
|
||||||
@@ -586,7 +586,7 @@ int crypto_ec_get_priv_key_der(struct crypto_key *key, unsigned char **key_data,
|
|||||||
*key_data = os_malloc(*key_len);
|
*key_data = os_malloc(*key_len);
|
||||||
|
|
||||||
if (!*key_data) {
|
if (!*key_data) {
|
||||||
wpa_printf(MSG_ERROR, "memory allocation failed\n");
|
wpa_printf(MSG_ERROR, "memory allocation failed");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
os_memcpy(*key_data, der_data, *key_len);
|
os_memcpy(*key_data, der_data, *key_len);
|
||||||
@@ -651,7 +651,7 @@ struct crypto_key *crypto_ec_get_key(const u8 *privkey, size_t privkey_len)
|
|||||||
mbedtls_pk_context *kctx = (mbedtls_pk_context *)crypto_alloc_key();
|
mbedtls_pk_context *kctx = (mbedtls_pk_context *)crypto_alloc_key();
|
||||||
|
|
||||||
if (!kctx) {
|
if (!kctx) {
|
||||||
wpa_printf(MSG_ERROR, "memory allocation failed\n");
|
wpa_printf(MSG_ERROR, "memory allocation failed");
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
ret = mbedtls_pk_parse_key(kctx, privkey, privkey_len, NULL, 0, crypto_rng_wrapper, NULL);
|
ret = mbedtls_pk_parse_key(kctx, privkey, privkey_len, NULL, 0, crypto_rng_wrapper, NULL);
|
||||||
@@ -734,7 +734,7 @@ int crypto_ecdh(struct crypto_key *key_own, struct crypto_key *key_peer,
|
|||||||
|
|
||||||
/* set params from our key */
|
/* set params from our key */
|
||||||
if (mbedtls_ecdh_get_params(ctx, mbedtls_pk_ec(*own), MBEDTLS_ECDH_OURS) < 0) {
|
if (mbedtls_ecdh_get_params(ctx, mbedtls_pk_ec(*own), MBEDTLS_ECDH_OURS) < 0) {
|
||||||
wpa_printf(MSG_ERROR, "failed to set our ecdh params\n");
|
wpa_printf(MSG_ERROR, "failed to set our ecdh params");
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -743,18 +743,18 @@ int crypto_ecdh(struct crypto_key *key_own, struct crypto_key *key_peer,
|
|||||||
#endif
|
#endif
|
||||||
/* set params from peers key */
|
/* set params from peers key */
|
||||||
if (mbedtls_ecdh_get_params(ctx, mbedtls_pk_ec(*peer), MBEDTLS_ECDH_THEIRS) < 0) {
|
if (mbedtls_ecdh_get_params(ctx, mbedtls_pk_ec(*peer), MBEDTLS_ECDH_THEIRS) < 0) {
|
||||||
wpa_printf(MSG_ERROR, "failed to set peer's ecdh params\n");
|
wpa_printf(MSG_ERROR, "failed to set peer's ecdh params");
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (mbedtls_ecdh_calc_secret(ctx, secret_len, secret, DPP_MAX_SHARED_SECRET_LEN,
|
if (mbedtls_ecdh_calc_secret(ctx, secret_len, secret, DPP_MAX_SHARED_SECRET_LEN,
|
||||||
mbedtls_ctr_drbg_random, &ctr_drbg) < 0) {
|
mbedtls_ctr_drbg_random, &ctr_drbg) < 0) {
|
||||||
wpa_printf(MSG_ERROR, "failed to calculate secret\n");
|
wpa_printf(MSG_ERROR, "failed to calculate secret");
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (*secret_len > DPP_MAX_SHARED_SECRET_LEN) {
|
if (*secret_len > DPP_MAX_SHARED_SECRET_LEN) {
|
||||||
wpa_printf(MSG_ERROR, "secret len=%d is too big\n", *secret_len);
|
wpa_printf(MSG_ERROR, "secret len=%d is too big", *secret_len);
|
||||||
goto fail;
|
goto fail;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -779,7 +779,7 @@ int crypto_ecdsa_get_sign(unsigned char *hash,
|
|||||||
|
|
||||||
mbedtls_ecdsa_context *ctx = os_malloc(sizeof(*ctx));
|
mbedtls_ecdsa_context *ctx = os_malloc(sizeof(*ctx));
|
||||||
if (!ctx) {
|
if (!ctx) {
|
||||||
wpa_printf(MSG_ERROR,"failed to allcate memory\n");
|
wpa_printf(MSG_ERROR,"failed to allcate memory");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
mbedtls_ecdsa_init(ctx);
|
mbedtls_ecdsa_init(ctx);
|
||||||
@@ -805,7 +805,7 @@ int crypto_edcsa_sign_verify(const unsigned char *hash,
|
|||||||
|
|
||||||
mbedtls_ecdsa_context *ctx = os_malloc(sizeof(*ctx));
|
mbedtls_ecdsa_context *ctx = os_malloc(sizeof(*ctx));
|
||||||
if (!ctx) {
|
if (!ctx) {
|
||||||
wpa_printf(MSG_ERROR, "failed to allcate memory\n");
|
wpa_printf(MSG_ERROR, "failed to allcate memory");
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
mbedtls_ecdsa_init(ctx);
|
mbedtls_ecdsa_init(ctx);
|
||||||
@@ -815,7 +815,7 @@ int crypto_edcsa_sign_verify(const unsigned char *hash,
|
|||||||
|
|
||||||
if((ret = mbedtls_ecdsa_verify(&ctx->MBEDTLS_PRIVATE(grp), hash, hlen,
|
if((ret = mbedtls_ecdsa_verify(&ctx->MBEDTLS_PRIVATE(grp), hash, hlen,
|
||||||
&ctx->MBEDTLS_PRIVATE(Q), (mbedtls_mpi *)r, (mbedtls_mpi *)s)) != 0){
|
&ctx->MBEDTLS_PRIVATE(Q), (mbedtls_mpi *)r, (mbedtls_mpi *)s)) != 0){
|
||||||
wpa_printf(MSG_ERROR, "ecdsa verification failed\n");
|
wpa_printf(MSG_ERROR, "ecdsa verification failed");
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -831,11 +831,11 @@ void crypto_debug_print_ec_key(const char *title, struct crypto_key *key)
|
|||||||
mbedtls_pk_context *pkey = (mbedtls_pk_context *)key;
|
mbedtls_pk_context *pkey = (mbedtls_pk_context *)key;
|
||||||
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( *pkey );
|
mbedtls_ecp_keypair *ecp = mbedtls_pk_ec( *pkey );
|
||||||
u8 x[32], y[32], d[32];
|
u8 x[32], y[32], d[32];
|
||||||
wpa_printf(MSG_ERROR, "curve: %s\n",
|
wpa_printf(MSG_ERROR, "curve: %s",
|
||||||
mbedtls_ecp_curve_info_from_grp_id( ecp->MBEDTLS_PRIVATE(grp).id )->name );
|
mbedtls_ecp_curve_info_from_grp_id( ecp->MBEDTLS_PRIVATE(grp).id )->name );
|
||||||
int len = mbedtls_mpi_size((mbedtls_mpi *)crypto_ec_get_prime((struct crypto_ec *)crypto_ec_get_group_from_key(key)));
|
int len = mbedtls_mpi_size((mbedtls_mpi *)crypto_ec_get_prime((struct crypto_ec *)crypto_ec_get_group_from_key(key)));
|
||||||
|
|
||||||
wpa_printf(MSG_ERROR, "prime len is %d\n", len);
|
wpa_printf(MSG_ERROR, "prime len is %d", len);
|
||||||
crypto_ec_point_to_bin((struct crypto_ec *)crypto_ec_get_group_from_key(key), crypto_ec_get_public_key(key), x, y);
|
crypto_ec_point_to_bin((struct crypto_ec *)crypto_ec_get_group_from_key(key), crypto_ec_get_public_key(key), x, y);
|
||||||
crypto_bignum_to_bin(crypto_ec_get_private_key(key),
|
crypto_bignum_to_bin(crypto_ec_get_private_key(key),
|
||||||
d, len, len);
|
d, len, len);
|
||||||
@@ -870,7 +870,7 @@ struct crypto_key * crypto_ec_gen_keypair(u16 ike_group)
|
|||||||
mbedtls_pk_context *kctx = (mbedtls_pk_context *)crypto_alloc_key();
|
mbedtls_pk_context *kctx = (mbedtls_pk_context *)crypto_alloc_key();
|
||||||
|
|
||||||
if (!kctx) {
|
if (!kctx) {
|
||||||
wpa_printf(MSG_ERROR, "%s: memory allocation failed\n", __func__);
|
wpa_printf(MSG_ERROR, "%s: memory allocation failed", __func__);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1005,7 +1005,7 @@ int crypto_ec_write_pub_key(struct crypto_key *key, unsigned char **key_buf)
|
|||||||
|
|
||||||
*key_buf = os_malloc(len);
|
*key_buf = os_malloc(len);
|
||||||
if (!*key_buf) {
|
if (!*key_buf) {
|
||||||
wpa_printf(MSG_ERROR, "%s: memory allocation failed\n", __func__);
|
wpa_printf(MSG_ERROR, "%s: memory allocation failed", __func__);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
os_memcpy(*key_buf, output_buf + 1600 - len, len);
|
os_memcpy(*key_buf, output_buf + 1600 - len, len);
|
||||||
|
|||||||
@@ -962,7 +962,7 @@ static int tls_connection_prf(void *tls_ctx, struct tls_connection *conn,
|
|||||||
label, seed, 2 * TLS_RANDOM_LEN, out, out_len);
|
label, seed, 2 * TLS_RANDOM_LEN, out, out_len);
|
||||||
|
|
||||||
if (ret < 0) {
|
if (ret < 0) {
|
||||||
wpa_printf(MSG_ERROR, "prf failed, ret=%d\n", ret);
|
wpa_printf(MSG_ERROR, "prf failed, ret=%d", ret);
|
||||||
}
|
}
|
||||||
wpa_hexdump_key(MSG_MSGDUMP, "key", out, out_len);
|
wpa_hexdump_key(MSG_MSGDUMP, "key", out, out_len);
|
||||||
|
|
||||||
|
|||||||
@@ -627,7 +627,7 @@ esp_err_t esp_supp_dpp_init(esp_supp_dpp_event_cb_t cb)
|
|||||||
esp_event_handler_register(WIFI_EVENT, WIFI_EVENT_ROC_DONE,
|
esp_event_handler_register(WIFI_EVENT, WIFI_EVENT_ROC_DONE,
|
||||||
&offchan_event_handler, NULL);
|
&offchan_event_handler, NULL);
|
||||||
|
|
||||||
wpa_printf(MSG_INFO, "esp_dpp_task prio:%d, stack:%d\n", 2, DPP_TASK_STACK_SIZE);
|
wpa_printf(MSG_INFO, "esp_dpp_task prio:%d, stack:%d", 2, DPP_TASK_STACK_SIZE);
|
||||||
|
|
||||||
return ESP_OK;
|
return ESP_OK;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -153,7 +153,7 @@ int wifi_ap_wps_enable_internal(const esp_wps_config_t *config)
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
wpa_printf(MSG_INFO, "wifi_wps_enable\n");
|
wpa_printf(MSG_INFO, "wifi_wps_enable");
|
||||||
|
|
||||||
wps_set_type(config->wps_type);
|
wps_set_type(config->wps_type);
|
||||||
wps_set_status(WPS_STATUS_DISABLE);
|
wps_set_status(WPS_STATUS_DISABLE);
|
||||||
|
|||||||
@@ -113,7 +113,7 @@ int esp_handle_beacon_probe(u8 type, u8 *frame, size_t len, u8 *sender,
|
|||||||
u8 *ptr;
|
u8 *ptr;
|
||||||
|
|
||||||
if (len < 12) {
|
if (len < 12) {
|
||||||
wpa_printf(MSG_ERROR, "beacon/probe is having short len=%d\n", len);
|
wpa_printf(MSG_ERROR, "beacon/probe is having short len=%d", len);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -268,7 +268,7 @@ int wpa2_post(uint32_t sig, uint32_t par)
|
|||||||
} else {
|
} else {
|
||||||
ETSEvent *evt = (ETSEvent *)os_malloc(sizeof(ETSEvent));
|
ETSEvent *evt = (ETSEvent *)os_malloc(sizeof(ETSEvent));
|
||||||
if (evt == NULL) {
|
if (evt == NULL) {
|
||||||
wpa_printf(MSG_ERROR, "WPA2: E N M\n");
|
wpa_printf(MSG_ERROR, "WPA2: E N M");
|
||||||
DATA_MUTEX_GIVE();
|
DATA_MUTEX_GIVE();
|
||||||
return ESP_FAIL;
|
return ESP_FAIL;
|
||||||
}
|
}
|
||||||
@@ -303,7 +303,7 @@ int eap_sm_send_eapol(struct eap_sm *sm, struct wpabuf *resp)
|
|||||||
ret = esp_wifi_get_assoc_bssid_internal(bssid);
|
ret = esp_wifi_get_assoc_bssid_internal(bssid);
|
||||||
|
|
||||||
if (ret != 0) {
|
if (ret != 0) {
|
||||||
wpa_printf(MSG_DEBUG, "bssid is empty \n");
|
wpa_printf(MSG_DEBUG, "bssid is empty");
|
||||||
return WPA_ERR_INVALID_BSSID;
|
return WPA_ERR_INVALID_BSSID;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -398,7 +398,7 @@ int eap_sm_process_request(struct eap_sm *sm, struct wpabuf *reqData)
|
|||||||
sm->m = m;
|
sm->m = m;
|
||||||
sm->eap_method_priv = sm->m->init(sm);
|
sm->eap_method_priv = sm->m->init(sm);
|
||||||
if (sm->eap_method_priv == NULL) {
|
if (sm->eap_method_priv == NULL) {
|
||||||
wpa_printf(MSG_ERROR, "Method private structure allocated failure\n");
|
wpa_printf(MSG_ERROR, "Method private structure allocated failure");
|
||||||
sm->m = NULL;
|
sm->m = NULL;
|
||||||
goto build_nak;
|
goto build_nak;
|
||||||
}
|
}
|
||||||
@@ -499,7 +499,7 @@ static int wpa2_ent_rx_eapol(u8 *src_addr, u8 *buf, u32 len, uint8_t *bssid)
|
|||||||
ret = wpa_sm_rx_eapol(src_addr, buf, len);
|
ret = wpa_sm_rx_eapol(src_addr, buf, len);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
wpa_printf(MSG_ERROR, "Unknown EAPOL packet type - %d\n", hdr->type);
|
wpa_printf(MSG_ERROR, "Unknown EAPOL packet type - %d", hdr->type);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -538,7 +538,7 @@ static int eap_sm_rx_eapol_internal(u8 *src_addr, u8 *buf, u32 len, uint8_t *bss
|
|||||||
data_len = plen + sizeof(*hdr);
|
data_len = plen + sizeof(*hdr);
|
||||||
|
|
||||||
#ifdef DEBUG_PRINT
|
#ifdef DEBUG_PRINT
|
||||||
wpa_printf(MSG_DEBUG, "IEEE 802.1X RX: version=%d type=%d length=%d\n",
|
wpa_printf(MSG_DEBUG, "IEEE 802.1X RX: version=%d type=%d length=%d",
|
||||||
hdr->version, hdr->type, plen);
|
hdr->version, hdr->type, plen);
|
||||||
#endif
|
#endif
|
||||||
if (hdr->version < EAPOL_VERSION) {
|
if (hdr->version < EAPOL_VERSION) {
|
||||||
@@ -576,7 +576,7 @@ static int eap_sm_rx_eapol_internal(u8 *src_addr, u8 *buf, u32 len, uint8_t *bss
|
|||||||
case EAP_CODE_REQUEST:
|
case EAP_CODE_REQUEST:
|
||||||
/* Handle EAP-reauthentication case */
|
/* Handle EAP-reauthentication case */
|
||||||
if (sm->finish_state == WPA2_ENT_EAP_STATE_SUCCESS) {
|
if (sm->finish_state == WPA2_ENT_EAP_STATE_SUCCESS) {
|
||||||
wpa_printf(MSG_INFO, ">>>>>wpa2 EAP Re-authentication in progress\n");
|
wpa_printf(MSG_INFO, ">>>>>wpa2 EAP Re-authentication in progress");
|
||||||
wpa2_set_eap_state(WPA2_ENT_EAP_STATE_IN_PROGRESS);
|
wpa2_set_eap_state(WPA2_ENT_EAP_STATE_IN_PROGRESS);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -591,18 +591,18 @@ static int eap_sm_rx_eapol_internal(u8 *src_addr, u8 *buf, u32 len, uint8_t *bss
|
|||||||
wpa_set_pmk(sm->eapKeyData, NULL, false);
|
wpa_set_pmk(sm->eapKeyData, NULL, false);
|
||||||
os_free(sm->eapKeyData);
|
os_free(sm->eapKeyData);
|
||||||
sm->eapKeyData = NULL;
|
sm->eapKeyData = NULL;
|
||||||
wpa_printf(MSG_INFO, ">>>>>wpa2 FINISH\n");
|
wpa_printf(MSG_INFO, ">>>>>wpa2 FINISH");
|
||||||
ret = WPA2_ENT_EAP_STATE_SUCCESS;
|
ret = WPA2_ENT_EAP_STATE_SUCCESS;
|
||||||
wpa2_set_eap_state(WPA2_ENT_EAP_STATE_SUCCESS);
|
wpa2_set_eap_state(WPA2_ENT_EAP_STATE_SUCCESS);
|
||||||
eap_deinit_prev_method(sm, "EAP Success");
|
eap_deinit_prev_method(sm, "EAP Success");
|
||||||
} else {
|
} else {
|
||||||
wpa_printf(MSG_INFO, ">>>>>wpa2 FAILED, receive EAP_SUCCESS but pmk is empty, potential attack!\n");
|
wpa_printf(MSG_INFO, ">>>>>wpa2 FAILED, receive EAP_SUCCESS but pmk is empty, potential attack!");
|
||||||
ret = WPA2_ENT_EAP_STATE_FAIL;
|
ret = WPA2_ENT_EAP_STATE_FAIL;
|
||||||
wpa2_set_eap_state(WPA2_ENT_EAP_STATE_FAIL);
|
wpa2_set_eap_state(WPA2_ENT_EAP_STATE_FAIL);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case EAP_CODE_FAILURE:
|
case EAP_CODE_FAILURE:
|
||||||
wpa_printf(MSG_INFO, ">>>>>wpa2 FAILED\n");
|
wpa_printf(MSG_INFO, ">>>>>wpa2 FAILED");
|
||||||
ret = WPA2_ENT_EAP_STATE_FAIL;
|
ret = WPA2_ENT_EAP_STATE_FAIL;
|
||||||
wpa2_set_eap_state(WPA2_ENT_EAP_STATE_FAIL);
|
wpa2_set_eap_state(WPA2_ENT_EAP_STATE_FAIL);
|
||||||
break;
|
break;
|
||||||
@@ -700,14 +700,14 @@ static int eap_peer_sm_init(void)
|
|||||||
esp_wifi_get_macaddr_internal(WIFI_IF_STA, sm->ownaddr);
|
esp_wifi_get_macaddr_internal(WIFI_IF_STA, sm->ownaddr);
|
||||||
ret = eap_peer_blob_init(sm);
|
ret = eap_peer_blob_init(sm);
|
||||||
if (ret) {
|
if (ret) {
|
||||||
wpa_printf(MSG_ERROR, "eap_peer_blob_init failed\n");
|
wpa_printf(MSG_ERROR, "eap_peer_blob_init failed");
|
||||||
ret = ESP_FAIL;
|
ret = ESP_FAIL;
|
||||||
goto _err;
|
goto _err;
|
||||||
}
|
}
|
||||||
|
|
||||||
ret = eap_peer_config_init(sm, g_wpa_private_key_passwd, g_wpa_private_key_passwd_len);
|
ret = eap_peer_config_init(sm, g_wpa_private_key_passwd, g_wpa_private_key_passwd_len);
|
||||||
if (ret) {
|
if (ret) {
|
||||||
wpa_printf(MSG_ERROR, "eap_peer_config_init failed\n");
|
wpa_printf(MSG_ERROR, "eap_peer_config_init failed");
|
||||||
ret = ESP_FAIL;
|
ret = ESP_FAIL;
|
||||||
goto _err;
|
goto _err;
|
||||||
}
|
}
|
||||||
@@ -737,7 +737,7 @@ static int eap_peer_sm_init(void)
|
|||||||
goto _err;
|
goto _err;
|
||||||
}
|
}
|
||||||
|
|
||||||
wpa_printf(MSG_INFO, "wpa2_task prio:%d, stack:%d\n", 2, WPA2_TASK_STACK_SIZE);
|
wpa_printf(MSG_INFO, "wpa2_task prio:%d, stack:%d", 2, WPA2_TASK_STACK_SIZE);
|
||||||
#endif
|
#endif
|
||||||
return ESP_OK;
|
return ESP_OK;
|
||||||
|
|
||||||
@@ -797,12 +797,12 @@ esp_err_t esp_wifi_sta_wpa2_ent_enable_fn(void *arg)
|
|||||||
{
|
{
|
||||||
struct wpa2_funcs *wpa2_cb;
|
struct wpa2_funcs *wpa2_cb;
|
||||||
|
|
||||||
wpa_printf(MSG_INFO, "WPA2 ENTERPRISE VERSION: [%s] enable\n",
|
wpa_printf(MSG_INFO, "WPA2 ENTERPRISE VERSION: [%s] enable",
|
||||||
WPA2_VERSION);
|
WPA2_VERSION);
|
||||||
|
|
||||||
wpa2_cb = (struct wpa2_funcs *)os_zalloc(sizeof(struct wpa2_funcs));
|
wpa2_cb = (struct wpa2_funcs *)os_zalloc(sizeof(struct wpa2_funcs));
|
||||||
if (wpa2_cb == NULL) {
|
if (wpa2_cb == NULL) {
|
||||||
wpa_printf(MSG_ERROR, "WPA2: no mem for wpa2 cb\n");
|
wpa_printf(MSG_ERROR, "WPA2: no mem for wpa2 cb");
|
||||||
return ESP_ERR_NO_MEM;
|
return ESP_ERR_NO_MEM;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -813,11 +813,11 @@ esp_err_t esp_wifi_sta_wpa2_ent_enable_fn(void *arg)
|
|||||||
|
|
||||||
esp_wifi_register_wpa2_cb_internal(wpa2_cb);
|
esp_wifi_register_wpa2_cb_internal(wpa2_cb);
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "WPA2 ENTERPRISE CRYPTO INIT.\r\n");
|
wpa_printf(MSG_DEBUG, "WPA2 ENTERPRISE CRYPTO INIT.\r");
|
||||||
|
|
||||||
#ifdef EAP_PEER_METHOD
|
#ifdef EAP_PEER_METHOD
|
||||||
if (eap_peer_register_methods()) {
|
if (eap_peer_register_methods()) {
|
||||||
wpa_printf(MSG_ERROR, "Register EAP Peer methods Failure\n");
|
wpa_printf(MSG_ERROR, "Register EAP Peer methods Failure");
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
return ESP_OK;
|
return ESP_OK;
|
||||||
@@ -854,7 +854,7 @@ esp_err_t esp_wifi_sta_wpa2_ent_enable(void)
|
|||||||
|
|
||||||
esp_err_t esp_wifi_sta_wpa2_ent_disable_fn(void *param)
|
esp_err_t esp_wifi_sta_wpa2_ent_disable_fn(void *param)
|
||||||
{
|
{
|
||||||
wpa_printf(MSG_INFO, "WPA2 ENTERPRISE VERSION: [%s] disable\n", WPA2_VERSION);
|
wpa_printf(MSG_INFO, "WPA2 ENTERPRISE VERSION: [%s] disable", WPA2_VERSION);
|
||||||
esp_wifi_unregister_wpa2_cb_internal();
|
esp_wifi_unregister_wpa2_cb_internal();
|
||||||
|
|
||||||
if (gEapSm) {
|
if (gEapSm) {
|
||||||
|
|||||||
@@ -78,7 +78,7 @@ int hostapd_send_eapol(const u8 *source, const u8 *sta_addr,
|
|||||||
struct l2_ethhdr *eth = buffer;
|
struct l2_ethhdr *eth = buffer;
|
||||||
|
|
||||||
if (!buffer){
|
if (!buffer){
|
||||||
wpa_printf( MSG_DEBUG, "send_eapol, buffer=%p\n", buffer);
|
wpa_printf( MSG_DEBUG, "send_eapol, buffer=%p", buffer);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -1815,7 +1815,7 @@ int esp_wifi_wps_enable(const esp_wps_config_t *config)
|
|||||||
}
|
}
|
||||||
|
|
||||||
s_wps_enabled = true;
|
s_wps_enabled = true;
|
||||||
wpa_printf(MSG_DEBUG, "wifi wps task: prio:%d, stack:%d\n", 2, WPS_TASK_STACK_SIZE);
|
wpa_printf(MSG_DEBUG, "wifi wps task: prio:%d, stack:%d", 2, WPS_TASK_STACK_SIZE);
|
||||||
API_MUTEX_GIVE();
|
API_MUTEX_GIVE();
|
||||||
return ret;
|
return ret;
|
||||||
#else
|
#else
|
||||||
@@ -1841,7 +1841,7 @@ int wifi_wps_enable_internal(const esp_wps_config_t *config)
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
wpa_printf(MSG_INFO, "wifi_wps_enable\n");
|
wpa_printf(MSG_INFO, "wifi_wps_enable");
|
||||||
|
|
||||||
wps_set_type(config->wps_type);
|
wps_set_type(config->wps_type);
|
||||||
wps_set_status(WPS_STATUS_DISABLE);
|
wps_set_status(WPS_STATUS_DISABLE);
|
||||||
|
|||||||
@@ -80,7 +80,7 @@ static void wpa_auth_add_sm(struct wpa_state_machine *sm)
|
|||||||
s_sm_table[i] = sm;
|
s_sm_table[i] = sm;
|
||||||
s_sm_valid_bitmap |= BIT(i);
|
s_sm_valid_bitmap |= BIT(i);
|
||||||
sm->index = i;
|
sm->index = i;
|
||||||
wpa_printf( MSG_DEBUG, "add sm, index=%d bitmap=%x\n", i, s_sm_valid_bitmap);
|
wpa_printf( MSG_DEBUG, "add sm, index=%d bitmap=%x", i, s_sm_valid_bitmap);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -94,7 +94,7 @@ static void wpa_auth_del_sm(struct wpa_state_machine *sm)
|
|||||||
}
|
}
|
||||||
s_sm_table[sm->index] = NULL;
|
s_sm_table[sm->index] = NULL;
|
||||||
s_sm_valid_bitmap &= ~BIT(sm->index);
|
s_sm_valid_bitmap &= ~BIT(sm->index);
|
||||||
wpa_printf( MSG_DEBUG, "del sm, index=%d bitmap=%x\n", sm->index, s_sm_valid_bitmap);
|
wpa_printf( MSG_DEBUG, "del sm, index=%d bitmap=%x", sm->index, s_sm_valid_bitmap);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -145,7 +145,7 @@ static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
|
|||||||
|
|
||||||
if (alg == WIFI_WPA_ALG_IGTK) {
|
if (alg == WIFI_WPA_ALG_IGTK) {
|
||||||
if (key) {
|
if (key) {
|
||||||
wpa_printf (MSG_DEBUG, "%s : igtk idx %d\n", __func__, idx);
|
wpa_printf (MSG_DEBUG, "%s : igtk idx %d", __func__, idx);
|
||||||
wifi_wpa_igtk_t *igtk = malloc(sizeof(wifi_wpa_igtk_t));
|
wifi_wpa_igtk_t *igtk = malloc(sizeof(wifi_wpa_igtk_t));
|
||||||
|
|
||||||
if (igtk != NULL) {
|
if (igtk != NULL) {
|
||||||
@@ -166,7 +166,7 @@ static inline int wpa_auth_set_key(struct wpa_authenticator *wpa_auth,
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
wpa_printf( MSG_DEBUG, "%s : key idx %d alg %d vlan_id %d key_len %d key \n", __func__, idx, alg, vlan_id, key_len);
|
wpa_printf( MSG_DEBUG, "%s : key idx %d alg %d vlan_id %d key_len %d key", __func__, idx, alg, vlan_id, key_len);
|
||||||
return esp_wifi_set_ap_key_internal(alg, addr, idx, key, key_len);
|
return esp_wifi_set_ap_key_internal(alg, addr, idx, key, key_len);
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
@@ -308,7 +308,7 @@ static struct wpa_group * wpa_group_init(struct wpa_authenticator *wpa_auth,
|
|||||||
group->GInit = TRUE;
|
group->GInit = TRUE;
|
||||||
if (delay_init) {
|
if (delay_init) {
|
||||||
wpa_printf( MSG_DEBUG, "WPA: Delay group state machine start "
|
wpa_printf( MSG_DEBUG, "WPA: Delay group state machine start "
|
||||||
"until Beacon frames have been configured\n");
|
"until Beacon frames have been configured");
|
||||||
/* Initialization is completed in wpa_init_keys(). */
|
/* Initialization is completed in wpa_init_keys(). */
|
||||||
} else {
|
} else {
|
||||||
wpa_group_sm_step(wpa_auth, group);
|
wpa_group_sm_step(wpa_auth, group);
|
||||||
@@ -606,17 +606,17 @@ void wpa_receive(struct wpa_authenticator *wpa_auth, struct wpa_state_machine *s
|
|||||||
* msg 4/4 with incorrect type value in WPA2 mode.
|
* msg 4/4 with incorrect type value in WPA2 mode.
|
||||||
*/
|
*/
|
||||||
wpa_printf( MSG_DEBUG, "Workaround: Allow EAPOL-Key "
|
wpa_printf( MSG_DEBUG, "Workaround: Allow EAPOL-Key "
|
||||||
"with unexpected WPA type in RSN mode\n");
|
"with unexpected WPA type in RSN mode");
|
||||||
} else if (key->type != EAPOL_KEY_TYPE_RSN) {
|
} else if (key->type != EAPOL_KEY_TYPE_RSN) {
|
||||||
wpa_printf( MSG_DEBUG, "Ignore EAPOL-Key with "
|
wpa_printf( MSG_DEBUG, "Ignore EAPOL-Key with "
|
||||||
"unexpected type %d in RSN mode\n",
|
"unexpected type %d in RSN mode",
|
||||||
key->type);
|
key->type);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if (key->type != EAPOL_KEY_TYPE_WPA) {
|
if (key->type != EAPOL_KEY_TYPE_WPA) {
|
||||||
wpa_printf( MSG_DEBUG, "Ignore EAPOL-Key with "
|
wpa_printf( MSG_DEBUG, "Ignore EAPOL-Key with "
|
||||||
"unexpected type %d in WPA mode\n",
|
"unexpected type %d in WPA mode",
|
||||||
key->type);
|
key->type);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
@@ -865,12 +865,12 @@ continue_processing:
|
|||||||
wpa_replay_counter_mark_invalid(sm->key_replay, NULL);
|
wpa_replay_counter_mark_invalid(sm->key_replay, NULL);
|
||||||
}
|
}
|
||||||
|
|
||||||
wpa_printf( MSG_DEBUG, "wpa_rx: free eapol=%p\n", sm->last_rx_eapol_key);
|
wpa_printf( MSG_DEBUG, "wpa_rx: free eapol=%p", sm->last_rx_eapol_key);
|
||||||
os_free(sm->last_rx_eapol_key);
|
os_free(sm->last_rx_eapol_key);
|
||||||
sm->last_rx_eapol_key = (u8 *)os_malloc(data_len);
|
sm->last_rx_eapol_key = (u8 *)os_malloc(data_len);
|
||||||
if (sm->last_rx_eapol_key == NULL)
|
if (sm->last_rx_eapol_key == NULL)
|
||||||
return;
|
return;
|
||||||
wpa_printf( MSG_DEBUG, "wpa_rx: new eapol=%p\n", sm->last_rx_eapol_key);
|
wpa_printf( MSG_DEBUG, "wpa_rx: new eapol=%p", sm->last_rx_eapol_key);
|
||||||
memcpy(sm->last_rx_eapol_key, data, data_len);
|
memcpy(sm->last_rx_eapol_key, data, data_len);
|
||||||
sm->last_rx_eapol_key_len = data_len;
|
sm->last_rx_eapol_key_len = data_len;
|
||||||
|
|
||||||
@@ -931,7 +931,7 @@ void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
|
|||||||
int version, pairwise;
|
int version, pairwise;
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
wpa_printf( MSG_DEBUG, "wpa_auth=%p sm=%p kdersc=%p kde=%p nounce=%p kde_len=%u keyidx=%d encr=%d force=%d\n",
|
wpa_printf( MSG_DEBUG, "wpa_auth=%p sm=%p kdersc=%p kde=%p nounce=%p kde_len=%u keyidx=%d encr=%d force=%d",
|
||||||
wpa_auth,sm, key_rsc, kde, nonce, kde_len, keyidx, encr, force_version);
|
wpa_auth,sm, key_rsc, kde, nonce, kde_len, keyidx, encr, force_version);
|
||||||
len = sizeof(struct ieee802_1x_hdr) + sizeof(struct wpa_eapol_key);
|
len = sizeof(struct ieee802_1x_hdr) + sizeof(struct wpa_eapol_key);
|
||||||
|
|
||||||
@@ -948,7 +948,7 @@ void __wpa_send_eapol(struct wpa_authenticator *wpa_auth,
|
|||||||
|
|
||||||
wpa_printf( MSG_DEBUG, "WPA: Send EAPOL(version=%d secure=%d mic=%d "
|
wpa_printf( MSG_DEBUG, "WPA: Send EAPOL(version=%d secure=%d mic=%d "
|
||||||
"ack=%d install=%d pairwise=%d kde_len=%lu keyidx=%d "
|
"ack=%d install=%d pairwise=%d kde_len=%lu keyidx=%d "
|
||||||
"encr=%d)\n",
|
"encr=%d)",
|
||||||
version,
|
version,
|
||||||
(key_info & WPA_KEY_INFO_SECURE) ? 1 : 0,
|
(key_info & WPA_KEY_INFO_SECURE) ? 1 : 0,
|
||||||
(key_info & WPA_KEY_INFO_MIC) ? 1 : 0,
|
(key_info & WPA_KEY_INFO_MIC) ? 1 : 0,
|
||||||
@@ -1131,7 +1131,7 @@ static int wpa_verify_key_mic(int akmp, struct wpa_ptk *PTK, u8 *data,
|
|||||||
size_t mic_len = 16;
|
size_t mic_len = 16;
|
||||||
|
|
||||||
if (data_len < sizeof(*hdr) + sizeof(*key)){
|
if (data_len < sizeof(*hdr) + sizeof(*key)){
|
||||||
wpa_printf( MSG_DEBUG, "invalid data length, len=%u\n", data_len);
|
wpa_printf( MSG_DEBUG, "invalid data length, len=%u", data_len);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -1311,7 +1311,7 @@ static void wpa_group_ensure_init(struct wpa_authenticator *wpa_auth,
|
|||||||
* enough entropy available immediately after system startup.
|
* enough entropy available immediately after system startup.
|
||||||
*/
|
*/
|
||||||
wpa_printf( MSG_DEBUG, "WPA: Re-initialize GMK/Counter on first "
|
wpa_printf( MSG_DEBUG, "WPA: Re-initialize GMK/Counter on first "
|
||||||
"station\n");
|
"station");
|
||||||
if (random_pool_ready() != 1) {
|
if (random_pool_ready() != 1) {
|
||||||
wpa_printf( MSG_INFO, "WPA: Not enough entropy in random pool "
|
wpa_printf( MSG_INFO, "WPA: Not enough entropy in random pool "
|
||||||
"to proceed - reject first 4-way handshake");
|
"to proceed - reject first 4-way handshake");
|
||||||
@@ -1503,10 +1503,10 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
|
|||||||
* the packet */
|
* the packet */
|
||||||
for (;;) {
|
for (;;) {
|
||||||
if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
|
if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)) {
|
||||||
wpa_printf( MSG_DEBUG, "wpa psk\n");
|
wpa_printf( MSG_DEBUG, "wpa psk");
|
||||||
pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, pmk);
|
pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr, pmk);
|
||||||
if (pmk == NULL){
|
if (pmk == NULL){
|
||||||
wpa_printf( MSG_DEBUG, "pmk is null\n");
|
wpa_printf( MSG_DEBUG, "pmk is null");
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
@@ -1518,15 +1518,15 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
|
|||||||
if (wpa_verify_key_mic(sm->wpa_key_mgmt, &PTK,
|
if (wpa_verify_key_mic(sm->wpa_key_mgmt, &PTK,
|
||||||
sm->last_rx_eapol_key,
|
sm->last_rx_eapol_key,
|
||||||
sm->last_rx_eapol_key_len) == 0) {
|
sm->last_rx_eapol_key_len) == 0) {
|
||||||
wpa_printf( MSG_DEBUG, "mic verify ok, pmk=%p\n", pmk);
|
wpa_printf( MSG_DEBUG, "mic verify ok, pmk=%p", pmk);
|
||||||
ok = 1;
|
ok = 1;
|
||||||
break;
|
break;
|
||||||
} else {
|
} else {
|
||||||
wpa_printf( MSG_DEBUG, "mic verify fail, pmk=%p\n", pmk);
|
wpa_printf( MSG_DEBUG, "mic verify fail, pmk=%p", pmk);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)){
|
if (!wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt)){
|
||||||
wpa_printf( MSG_DEBUG, "wpa_key_mgmt=%x\n", sm->wpa_key_mgmt);
|
wpa_printf( MSG_DEBUG, "wpa_key_mgmt=%x", sm->wpa_key_mgmt);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -2100,7 +2100,7 @@ static void wpa_group_gtk_init(struct wpa_authenticator *wpa_auth,
|
|||||||
struct wpa_group *group)
|
struct wpa_group *group)
|
||||||
{
|
{
|
||||||
wpa_printf( MSG_DEBUG, "WPA: group state machine entering state "
|
wpa_printf( MSG_DEBUG, "WPA: group state machine entering state "
|
||||||
"GTK_INIT (VLAN-ID %d)\n", group->vlan_id);
|
"GTK_INIT (VLAN-ID %d)", group->vlan_id);
|
||||||
group->changed = FALSE; /* GInit is not cleared here; avoid loop */
|
group->changed = FALSE; /* GInit is not cleared here; avoid loop */
|
||||||
group->wpa_group_state = WPA_GROUP_GTK_INIT;
|
group->wpa_group_state = WPA_GROUP_GTK_INIT;
|
||||||
|
|
||||||
@@ -2232,7 +2232,7 @@ static void wpa_group_setkeys(struct wpa_authenticator *wpa_auth,
|
|||||||
int tmp;
|
int tmp;
|
||||||
|
|
||||||
wpa_printf( MSG_DEBUG, "WPA: group state machine entering state "
|
wpa_printf( MSG_DEBUG, "WPA: group state machine entering state "
|
||||||
"SETKEYS (VLAN-ID %d)\n", group->vlan_id);
|
"SETKEYS (VLAN-ID %d)", group->vlan_id);
|
||||||
group->changed = TRUE;
|
group->changed = TRUE;
|
||||||
group->wpa_group_state = WPA_GROUP_SETKEYS;
|
group->wpa_group_state = WPA_GROUP_SETKEYS;
|
||||||
group->GTKReKey = FALSE;
|
group->GTKReKey = FALSE;
|
||||||
@@ -2288,7 +2288,7 @@ static int wpa_group_setkeysdone(struct wpa_authenticator *wpa_auth,
|
|||||||
struct wpa_group *group)
|
struct wpa_group *group)
|
||||||
{
|
{
|
||||||
wpa_printf( MSG_DEBUG, "WPA: group state machine entering state "
|
wpa_printf( MSG_DEBUG, "WPA: group state machine entering state "
|
||||||
"SETKEYSDONE (VLAN-ID %d)\n", group->vlan_id);
|
"SETKEYSDONE (VLAN-ID %d)", group->vlan_id);
|
||||||
group->changed = TRUE;
|
group->changed = TRUE;
|
||||||
group->wpa_group_state = WPA_GROUP_SETKEYSDONE;
|
group->wpa_group_state = WPA_GROUP_SETKEYSDONE;
|
||||||
|
|
||||||
@@ -2374,7 +2374,7 @@ bool wpa_ap_join(struct sta_info *sta, uint8_t *bssid, uint8_t *wpa_ie, uint8_t
|
|||||||
}
|
}
|
||||||
|
|
||||||
sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, bssid);
|
sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, bssid);
|
||||||
wpa_printf( MSG_DEBUG, "init wpa sm=%p\n", sta->wpa_sm);
|
wpa_printf( MSG_DEBUG, "init wpa sm=%p", sta->wpa_sm);
|
||||||
|
|
||||||
if (sta->wpa_sm == NULL) {
|
if (sta->wpa_sm == NULL) {
|
||||||
return false;
|
return false;
|
||||||
|
|||||||
@@ -702,7 +702,7 @@ static struct crypto_key * dpp_set_keypair(const struct dpp_curve_params **curve
|
|||||||
int id;
|
int id;
|
||||||
|
|
||||||
if (!pkey) {
|
if (!pkey) {
|
||||||
wpa_printf(MSG_ERROR, "%s: failed to get pkey\n", __func__);
|
wpa_printf(MSG_ERROR, "%s: failed to get pkey", __func__);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
group = crypto_ec_get_group_from_key(pkey);
|
group = crypto_ec_get_group_from_key(pkey);
|
||||||
|
|||||||
@@ -415,7 +415,7 @@ struct wpabuf * eap_sm_build_identity_resp(struct eap_sm *sm, u8 id, int encrypt
|
|||||||
struct eap_peer_config *config = eap_get_config(sm);
|
struct eap_peer_config *config = eap_get_config(sm);
|
||||||
|
|
||||||
if (config == NULL) {
|
if (config == NULL) {
|
||||||
wpa_printf(MSG_ERROR, "EAP: Build Identity Resp-> configuration was not available\n");
|
wpa_printf(MSG_ERROR, "EAP: Build Identity Resp-> configuration was not available");
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -432,7 +432,7 @@ struct wpabuf * eap_sm_build_identity_resp(struct eap_sm *sm, u8 id, int encrypt
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (identity == NULL) {
|
if (identity == NULL) {
|
||||||
wpa_printf(MSG_ERROR, "EAP: Build Identity Resp-> identity was not available\n");
|
wpa_printf(MSG_ERROR, "EAP: Build Identity Resp-> identity was not available");
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -140,7 +140,7 @@ eap_mschapv2_challenge_reply(
|
|||||||
const u8 *identity, *password;
|
const u8 *identity, *password;
|
||||||
int pwhash;
|
int pwhash;
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Generate Challenge Response\n");
|
wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Generate Challenge Response");
|
||||||
|
|
||||||
identity = eap_get_config_identity(sm, &identity_len);
|
identity = eap_get_config_identity(sm, &identity_len);
|
||||||
password = eap_get_config_password2(sm, &password_len, &pwhash);
|
password = eap_get_config_password2(sm, &password_len, &pwhash);
|
||||||
@@ -671,13 +671,13 @@ static int eap_mschapv2_check_config(struct eap_sm *sm)
|
|||||||
|
|
||||||
if (config->identity == NULL ||
|
if (config->identity == NULL ||
|
||||||
config->identity_len == 0) {
|
config->identity_len == 0) {
|
||||||
wpa_printf(MSG_ERROR, "EAP-MSCHAPV2: idetity not configured\n");
|
wpa_printf(MSG_ERROR, "EAP-MSCHAPV2: idetity not configured");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (config->password == NULL ||
|
if (config->password == NULL ||
|
||||||
config->password_len == 0) {
|
config->password_len == 0) {
|
||||||
wpa_printf(MSG_ERROR, "EAP-MSCHAPV2: Password not configured\n");
|
wpa_printf(MSG_ERROR, "EAP-MSCHAPV2: Password not configured");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -704,7 +704,7 @@ static int eap_mschapv2_check_mslen(struct eap_sm *sm, size_t len,
|
|||||||
(unsigned long) len);
|
(unsigned long) len);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
wpa_printf(MSG_ERROR, "EAP-MSCHAPV2: Invalid header len=%lu ms_len=%lu\n",
|
wpa_printf(MSG_ERROR, "EAP-MSCHAPV2: Invalid header len=%lu ms_len=%lu",
|
||||||
(unsigned long)len, (unsigned long)ms_len);
|
(unsigned long)len, (unsigned long)ms_len);
|
||||||
|
|
||||||
return -1;
|
return -1;
|
||||||
@@ -786,7 +786,7 @@ static struct wpabuf * eap_mschapv2_process(struct eap_sm *sm, void *priv,
|
|||||||
case MSCHAPV2_OP_FAILURE:
|
case MSCHAPV2_OP_FAILURE:
|
||||||
return eap_mschapv2_failure(sm, data, ret, ms, len, id);
|
return eap_mschapv2_failure(sm, data, ret, ms, len, id);
|
||||||
default:
|
default:
|
||||||
wpa_printf(MSG_ERROR, "EAP-MSCHAPV2: Unknown op code %d - ignored\n",
|
wpa_printf(MSG_ERROR, "EAP-MSCHAPV2: Unknown op code %d - ignored",
|
||||||
ms->op_code);
|
ms->op_code);
|
||||||
ret->ignore = TRUE;
|
ret->ignore = TRUE;
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|||||||
@@ -634,7 +634,7 @@ static int eap_peap_phase2_request(struct eap_sm *sm,
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
pos = (u8 *) (hdr + 1);
|
pos = (u8 *) (hdr + 1);
|
||||||
wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 Request: type=%d\n", *pos);
|
wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 Request: type=%d", *pos);
|
||||||
switch (*pos) {
|
switch (*pos) {
|
||||||
case EAP_TYPE_IDENTITY:
|
case EAP_TYPE_IDENTITY:
|
||||||
*resp = eap_sm_build_identity_resp(sm, hdr->identifier, 1);
|
*resp = eap_sm_build_identity_resp(sm, hdr->identifier, 1);
|
||||||
@@ -702,7 +702,7 @@ static int eap_peap_phase2_request(struct eap_sm *sm,
|
|||||||
data->phase2_type.method =
|
data->phase2_type.method =
|
||||||
data->phase2_types[i].method;
|
data->phase2_types[i].method;
|
||||||
wpa_printf(MSG_DEBUG, "EAP-PEAP: Selected "
|
wpa_printf(MSG_DEBUG, "EAP-PEAP: Selected "
|
||||||
"Phase 2 EAP vendor %d method %d\n",
|
"Phase 2 EAP vendor %d method %d",
|
||||||
data->phase2_type.vendor,
|
data->phase2_type.vendor,
|
||||||
data->phase2_type.method);
|
data->phase2_type.method);
|
||||||
break;
|
break;
|
||||||
@@ -730,7 +730,7 @@ static int eap_peap_phase2_request(struct eap_sm *sm,
|
|||||||
}
|
}
|
||||||
if (data->phase2_priv == NULL || data->phase2_method == NULL) {
|
if (data->phase2_priv == NULL || data->phase2_method == NULL) {
|
||||||
wpa_printf(MSG_ERROR, "EAP-PEAP: failed to initialize "
|
wpa_printf(MSG_ERROR, "EAP-PEAP: failed to initialize "
|
||||||
"Phase 2 EAP method %d\n", *pos);
|
"Phase 2 EAP method %d", *pos);
|
||||||
ret->methodState = METHOD_DONE;
|
ret->methodState = METHOD_DONE;
|
||||||
ret->decision = DECISION_FAIL;
|
ret->decision = DECISION_FAIL;
|
||||||
return -1;
|
return -1;
|
||||||
@@ -750,7 +750,7 @@ static int eap_peap_phase2_request(struct eap_sm *sm,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (*resp == NULL) {
|
if (*resp == NULL) {
|
||||||
wpa_printf(MSG_ERROR, "phase 2 response failure\n");
|
wpa_printf(MSG_ERROR, "phase 2 response failure");
|
||||||
wpabuf_free(data->pending_phase2_req);
|
wpabuf_free(data->pending_phase2_req);
|
||||||
data->pending_phase2_req = wpabuf_alloc_copy(hdr, len);
|
data->pending_phase2_req = wpabuf_alloc_copy(hdr, len);
|
||||||
}
|
}
|
||||||
@@ -781,7 +781,7 @@ eap_peap_decrypt(struct eap_sm *sm, struct eap_peap_data *data,
|
|||||||
size_t len;
|
size_t len;
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "EAP-PEAP: received %lu bytes encrypted data for"
|
wpa_printf(MSG_DEBUG, "EAP-PEAP: received %lu bytes encrypted data for"
|
||||||
" Phase 2\n", (unsigned long) wpabuf_len(in_data));
|
" Phase 2", (unsigned long) wpabuf_len(in_data));
|
||||||
|
|
||||||
if (data->pending_phase2_req) {
|
if (data->pending_phase2_req) {
|
||||||
wpa_printf(MSG_DEBUG, "EAP-PEAP: Pending Phase 2 request - "
|
wpa_printf(MSG_DEBUG, "EAP-PEAP: Pending Phase 2 request - "
|
||||||
@@ -929,12 +929,12 @@ continue_req:
|
|||||||
&resp)) {
|
&resp)) {
|
||||||
wpabuf_free(in_decrypted);
|
wpabuf_free(in_decrypted);
|
||||||
wpa_printf(MSG_ERROR, "EAP-PEAP: Phase2 Request "
|
wpa_printf(MSG_ERROR, "EAP-PEAP: Phase2 Request "
|
||||||
"processing failed\n");
|
"processing failed");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case EAP_CODE_SUCCESS:
|
case EAP_CODE_SUCCESS:
|
||||||
wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 Success\n");
|
wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 Success");
|
||||||
if (data->peap_version == 1) {
|
if (data->peap_version == 1) {
|
||||||
/* EAP-Success within TLS tunnel is used to indicate
|
/* EAP-Success within TLS tunnel is used to indicate
|
||||||
* shutdown of the TLS channel. The authentication has
|
* shutdown of the TLS channel. The authentication has
|
||||||
@@ -983,7 +983,7 @@ continue_req:
|
|||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case EAP_CODE_FAILURE:
|
case EAP_CODE_FAILURE:
|
||||||
wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 Failure\n");
|
wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase 2 Failure");
|
||||||
ret->decision = DECISION_FAIL;
|
ret->decision = DECISION_FAIL;
|
||||||
ret->methodState = METHOD_MAY_CONT;
|
ret->methodState = METHOD_MAY_CONT;
|
||||||
ret->allowNotifications = FALSE;
|
ret->allowNotifications = FALSE;
|
||||||
|
|||||||
@@ -675,7 +675,7 @@ struct wpabuf * eap_peer_tls_build_ack(u8 id, EapType eap_type,
|
|||||||
resp = eap_tls_msg_alloc(eap_type, 1, EAP_CODE_RESPONSE, id);
|
resp = eap_tls_msg_alloc(eap_type, 1, EAP_CODE_RESPONSE, id);
|
||||||
if (resp == NULL)
|
if (resp == NULL)
|
||||||
return NULL;
|
return NULL;
|
||||||
wpa_printf(MSG_DEBUG, "SSL: Building ACK (type=%d id=%d ver=%d) \n",
|
wpa_printf(MSG_DEBUG, "SSL: Building ACK (type=%d id=%d ver=%d)",
|
||||||
(int) eap_type, id, peap_version);
|
(int) eap_type, id, peap_version);
|
||||||
wpabuf_put_u8(resp, peap_version); /* Flags */
|
wpabuf_put_u8(resp, peap_version); /* Flags */
|
||||||
return resp;
|
return resp;
|
||||||
@@ -995,7 +995,7 @@ get_defaults:
|
|||||||
if (methods == NULL)
|
if (methods == NULL)
|
||||||
methods = eap_get_phase2_types(config, &num_methods);
|
methods = eap_get_phase2_types(config, &num_methods);
|
||||||
if (methods == NULL) {
|
if (methods == NULL) {
|
||||||
wpa_printf(MSG_ERROR, "TLS: No Phase EAP methods available\n");
|
wpa_printf(MSG_ERROR, "TLS: No Phase EAP methods available");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
wpa_hexdump(MSG_DEBUG, "TLS: Phase2 EAP types",
|
wpa_hexdump(MSG_DEBUG, "TLS: Phase2 EAP types",
|
||||||
@@ -1025,7 +1025,7 @@ int eap_peer_tls_phase2_nak(struct eap_method_type *types, size_t num_types,
|
|||||||
size_t i;
|
size_t i;
|
||||||
|
|
||||||
/* TODO: add support for expanded Nak */
|
/* TODO: add support for expanded Nak */
|
||||||
wpa_printf(MSG_DEBUG, "TLS: Phase Request: Nak type=%d\n", *pos);
|
wpa_printf(MSG_DEBUG, "TLS: Phase Request: Nak type=%d", *pos);
|
||||||
wpa_hexdump(MSG_DEBUG, "TLS: Allowed Phase2 EAP types",
|
wpa_hexdump(MSG_DEBUG, "TLS: Allowed Phase2 EAP types",
|
||||||
(u8 *) types, num_types * sizeof(struct eap_method_type));
|
(u8 *) types, num_types * sizeof(struct eap_method_type));
|
||||||
*resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_NAK, num_types,
|
*resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_NAK, num_types,
|
||||||
|
|||||||
@@ -106,7 +106,7 @@ static void * eap_ttls_init(struct eap_sm *sm)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (eap_peer_tls_ssl_init(sm, &data->ssl, config, EAP_TYPE_TTLS)) {
|
if (eap_peer_tls_ssl_init(sm, &data->ssl, config, EAP_TYPE_TTLS)) {
|
||||||
wpa_printf(MSG_ERROR, "EAP-TTLS: Failed to initialize SSL.\n");
|
wpa_printf(MSG_ERROR, "EAP-TTLS: Failed to initialize SSL.");
|
||||||
eap_ttls_deinit(sm, data);
|
eap_ttls_deinit(sm, data);
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
@@ -211,7 +211,7 @@ static int eap_ttls_v0_derive_key(struct eap_sm *sm,
|
|||||||
"ttls keying material",
|
"ttls keying material",
|
||||||
EAP_TLS_KEY_LEN);
|
EAP_TLS_KEY_LEN);
|
||||||
if (!data->key_data) {
|
if (!data->key_data) {
|
||||||
wpa_printf(MSG_ERROR, "EAP-TTLS: Failed to derive key\n");
|
wpa_printf(MSG_ERROR, "EAP-TTLS: Failed to derive key");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -229,7 +229,7 @@ static int eap_ttls_v0_derive_key(struct eap_sm *sm,
|
|||||||
wpa_hexdump(MSG_DEBUG, "EAP-TTLS: Derived Session-Id",
|
wpa_hexdump(MSG_DEBUG, "EAP-TTLS: Derived Session-Id",
|
||||||
data->session_id, data->id_len);
|
data->session_id, data->id_len);
|
||||||
} else {
|
} else {
|
||||||
wpa_printf(MSG_ERROR, "EAP-TTLS: Failed to derive Session-Id\n");
|
wpa_printf(MSG_ERROR, "EAP-TTLS: Failed to derive Session-Id");
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
@@ -424,7 +424,7 @@ static int eap_ttls_phase2_request_mschapv2(struct eap_sm *sm,
|
|||||||
size_t identity_len, password_len;
|
size_t identity_len, password_len;
|
||||||
int pwhash;
|
int pwhash;
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 MSCHAPV2 Request\n");
|
wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 MSCHAPV2 Request");
|
||||||
|
|
||||||
identity = eap_get_config_identity(sm, &identity_len);
|
identity = eap_get_config_identity(sm, &identity_len);
|
||||||
password = eap_get_config_password2(sm, &password_len, &pwhash);
|
password = eap_get_config_password2(sm, &password_len, &pwhash);
|
||||||
@@ -433,7 +433,7 @@ static int eap_ttls_phase2_request_mschapv2(struct eap_sm *sm,
|
|||||||
|
|
||||||
msg = wpabuf_alloc(identity_len + 1000);
|
msg = wpabuf_alloc(identity_len + 1000);
|
||||||
if (msg == NULL) {
|
if (msg == NULL) {
|
||||||
wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Failed to allocate memory\n");
|
wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Failed to allocate memory");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
pos = buf = wpabuf_mhead(msg);
|
pos = buf = wpabuf_mhead(msg);
|
||||||
@@ -448,7 +448,7 @@ static int eap_ttls_phase2_request_mschapv2(struct eap_sm *sm,
|
|||||||
if (challenge == NULL) {
|
if (challenge == NULL) {
|
||||||
wpabuf_free(msg);
|
wpabuf_free(msg);
|
||||||
wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Failed to derive "
|
wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Failed to derive "
|
||||||
"implicit challenge\n");
|
"implicit challenge");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -467,7 +467,7 @@ static int eap_ttls_phase2_request_mschapv2(struct eap_sm *sm,
|
|||||||
os_free(challenge);
|
os_free(challenge);
|
||||||
wpabuf_free(msg);
|
wpabuf_free(msg);
|
||||||
wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Failed to get "
|
wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Failed to get "
|
||||||
"random data for peer challenge\n");
|
"random data for peer challenge");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
peer_challenge = pos;
|
peer_challenge = pos;
|
||||||
@@ -481,7 +481,7 @@ static int eap_ttls_phase2_request_mschapv2(struct eap_sm *sm,
|
|||||||
os_free(challenge);
|
os_free(challenge);
|
||||||
wpabuf_free(msg);
|
wpabuf_free(msg);
|
||||||
wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Failed to derive "
|
wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Failed to derive "
|
||||||
"response\n");
|
"response");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
data->auth_response_valid = 1;
|
data->auth_response_valid = 1;
|
||||||
@@ -498,7 +498,7 @@ static int eap_ttls_phase2_request_mschapv2(struct eap_sm *sm,
|
|||||||
* EAP-TTLS/MSHCAPV2 without the expected MS-CHAP-v2 Success
|
* EAP-TTLS/MSHCAPV2 without the expected MS-CHAP-v2 Success
|
||||||
* packet. */
|
* packet. */
|
||||||
wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: EAP workaround - "
|
wpa_printf(MSG_DEBUG, "EAP-TTLS/MSCHAPV2: EAP workaround - "
|
||||||
"allow success without tunneled response\n");
|
"allow success without tunneled response");
|
||||||
ret->methodState = METHOD_MAY_CONT;
|
ret->methodState = METHOD_MAY_CONT;
|
||||||
ret->decision = DECISION_COND_SUCC;
|
ret->decision = DECISION_COND_SUCC;
|
||||||
}
|
}
|
||||||
@@ -506,7 +506,7 @@ static int eap_ttls_phase2_request_mschapv2(struct eap_sm *sm,
|
|||||||
return 0;
|
return 0;
|
||||||
#else /* EAP_MSCHAPv2 */
|
#else /* EAP_MSCHAPv2 */
|
||||||
printf("[Debug] Set EEEEE \n");
|
printf("[Debug] Set EEEEE \n");
|
||||||
wpa_printf(MSG_ERROR, "EAP-TTLS: MSCHAPv2 not included in the build\n");
|
wpa_printf(MSG_ERROR, "EAP-TTLS: MSCHAPv2 not included in the build");
|
||||||
return -1;
|
return -1;
|
||||||
#endif /* EAP_MSCHAPv2 */
|
#endif /* EAP_MSCHAPv2 */
|
||||||
#endif /* CONFIG_FIPS */
|
#endif /* CONFIG_FIPS */
|
||||||
@@ -748,7 +748,7 @@ static int eap_ttls_phase2_request(struct eap_sm *sm,
|
|||||||
#ifdef EAP_TNC
|
#ifdef EAP_TNC
|
||||||
if (data->tnc_started) {
|
if (data->tnc_started) {
|
||||||
printf("[debug] set phase2_type \n");
|
printf("[debug] set phase2_type \n");
|
||||||
wpa_printf(MSG_DEBUG, "EAP-TTLS: Processing TNC\n");
|
wpa_printf(MSG_DEBUG, "EAP-TTLS: Processing TNC");
|
||||||
phase2_type = EAP_TTLS_PHASE2_EAP;
|
phase2_type = EAP_TTLS_PHASE2_EAP;
|
||||||
}
|
}
|
||||||
#endif /* EAP_TNC */
|
#endif /* EAP_TNC */
|
||||||
@@ -758,14 +758,14 @@ static int eap_ttls_phase2_request(struct eap_sm *sm,
|
|||||||
phase2_type == EAP_TTLS_PHASE2_PAP ||
|
phase2_type == EAP_TTLS_PHASE2_PAP ||
|
||||||
phase2_type == EAP_TTLS_PHASE2_CHAP) {
|
phase2_type == EAP_TTLS_PHASE2_CHAP) {
|
||||||
if (eap_get_config_identity(sm, &len) == NULL) {
|
if (eap_get_config_identity(sm, &len) == NULL) {
|
||||||
wpa_printf(MSG_ERROR, "EAP-TTLS: Identity not configured\n");
|
wpa_printf(MSG_ERROR, "EAP-TTLS: Identity not configured");
|
||||||
if (eap_get_config_password(sm, &len) == NULL)
|
if (eap_get_config_password(sm, &len) == NULL)
|
||||||
printf("[Debug] Return because no identity EAP_TTLS_PHASE2_MSCHAPV2 EAP_TTLS_PHASE2_MSCHAP\n");
|
printf("[Debug] Return because no identity EAP_TTLS_PHASE2_MSCHAPV2 EAP_TTLS_PHASE2_MSCHAP\n");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (eap_get_config_password(sm, &len) == NULL) {
|
if (eap_get_config_password(sm, &len) == NULL) {
|
||||||
wpa_printf(MSG_ERROR, "EAP-TTLS: Password not configured\n");
|
wpa_printf(MSG_ERROR, "EAP-TTLS: Password not configured");
|
||||||
printf("[Debug] Return because no password EAP_TTLS_PHASE2_MSCHAPV2 EAP_TTLS_PHASE2_MSCHAP\n");
|
printf("[Debug] Return because no password EAP_TTLS_PHASE2_MSCHAPV2 EAP_TTLS_PHASE2_MSCHAP\n");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@@ -788,7 +788,7 @@ static int eap_ttls_phase2_request(struct eap_sm *sm,
|
|||||||
res = eap_ttls_phase2_request_chap(sm, data, ret, resp);
|
res = eap_ttls_phase2_request_chap(sm, data, ret, resp);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
wpa_printf(MSG_ERROR, "EAP-TTLS: Phase 2 - Unknown\n");
|
wpa_printf(MSG_ERROR, "EAP-TTLS: Phase 2 - Unknown");
|
||||||
res = -1;
|
res = -1;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@@ -813,12 +813,12 @@ struct ttls_parse_avp {
|
|||||||
static int eap_ttls_parse_attr_eap(const u8 *dpos, size_t dlen,
|
static int eap_ttls_parse_attr_eap(const u8 *dpos, size_t dlen,
|
||||||
struct ttls_parse_avp *parse)
|
struct ttls_parse_avp *parse)
|
||||||
{
|
{
|
||||||
wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP - EAP Message\n");
|
wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP - EAP Message");
|
||||||
if (parse->eapdata == NULL) {
|
if (parse->eapdata == NULL) {
|
||||||
parse->eapdata = os_malloc(dlen);
|
parse->eapdata = os_malloc(dlen);
|
||||||
if (parse->eapdata == NULL) {
|
if (parse->eapdata == NULL) {
|
||||||
wpa_printf(MSG_ERROR, "EAP-TTLS: Failed to allocate "
|
wpa_printf(MSG_ERROR, "EAP-TTLS: Failed to allocate "
|
||||||
"memory for Phase 2 EAP data\n");
|
"memory for Phase 2 EAP data");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
os_memcpy(parse->eapdata, dpos, dlen);
|
os_memcpy(parse->eapdata, dpos, dlen);
|
||||||
@@ -827,7 +827,7 @@ static int eap_ttls_parse_attr_eap(const u8 *dpos, size_t dlen,
|
|||||||
u8 *neweap = (u8 *)os_realloc(parse->eapdata, parse->eap_len + dlen);
|
u8 *neweap = (u8 *)os_realloc(parse->eapdata, parse->eap_len + dlen);
|
||||||
if (neweap == NULL) {
|
if (neweap == NULL) {
|
||||||
wpa_printf(MSG_ERROR, "EAP-TTLS: Failed to allocate "
|
wpa_printf(MSG_ERROR, "EAP-TTLS: Failed to allocate "
|
||||||
"memory for Phase 2 EAP data\n");
|
"memory for Phase 2 EAP data");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
os_memcpy(neweap + parse->eap_len, dpos, dlen);
|
os_memcpy(neweap + parse->eap_len, dpos, dlen);
|
||||||
@@ -853,18 +853,18 @@ static int eap_ttls_parse_avp(u8 *pos, size_t left,
|
|||||||
avp_flags = (avp_length >> 24) & 0xff;
|
avp_flags = (avp_length >> 24) & 0xff;
|
||||||
avp_length &= 0xffffff;
|
avp_length &= 0xffffff;
|
||||||
wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP: code=%d flags=0x%02x "
|
wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP: code=%d flags=0x%02x "
|
||||||
"length=%d\n", (int) avp_code, avp_flags,
|
"length=%d", (int) avp_code, avp_flags,
|
||||||
(int) avp_length);
|
(int) avp_length);
|
||||||
|
|
||||||
if (avp_length > left) {
|
if (avp_length > left) {
|
||||||
wpa_printf(MSG_ERROR, "EAP-TTLS: AVP overflow "
|
wpa_printf(MSG_ERROR, "EAP-TTLS: AVP overflow "
|
||||||
"(len=%d, left=%lu) - dropped\n",
|
"(len=%d, left=%lu) - dropped",
|
||||||
(int) avp_length, (unsigned long) left);
|
(int) avp_length, (unsigned long) left);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (avp_length < sizeof(*avp)) {
|
if (avp_length < sizeof(*avp)) {
|
||||||
wpa_printf(MSG_ERROR, "EAP-TTLS: Invalid AVP length %d\n",
|
wpa_printf(MSG_ERROR, "EAP-TTLS: Invalid AVP length %d",
|
||||||
avp_length);
|
avp_length);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@@ -873,11 +873,11 @@ static int eap_ttls_parse_avp(u8 *pos, size_t left,
|
|||||||
dlen = avp_length - sizeof(*avp);
|
dlen = avp_length - sizeof(*avp);
|
||||||
if (avp_flags & AVP_FLAGS_VENDOR) {
|
if (avp_flags & AVP_FLAGS_VENDOR) {
|
||||||
if (dlen < 4) {
|
if (dlen < 4) {
|
||||||
wpa_printf(MSG_ERROR, "EAP-TTLS: Vendor AVP underflow\n");
|
wpa_printf(MSG_ERROR, "EAP-TTLS: Vendor AVP underflow");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
vendor_id = WPA_GET_BE32(dpos);
|
vendor_id = WPA_GET_BE32(dpos);
|
||||||
wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP vendor_id %d\n",
|
wpa_printf(MSG_DEBUG, "EAP-TTLS: AVP vendor_id %d",
|
||||||
(int) vendor_id);
|
(int) vendor_id);
|
||||||
dpos += 4;
|
dpos += 4;
|
||||||
dlen -= 4;
|
dlen -= 4;
|
||||||
@@ -900,7 +900,7 @@ static int eap_ttls_parse_avp(u8 *pos, size_t left,
|
|||||||
if (dlen != 43) {
|
if (dlen != 43) {
|
||||||
wpa_printf(MSG_ERROR, "EAP-TTLS: Unexpected "
|
wpa_printf(MSG_ERROR, "EAP-TTLS: Unexpected "
|
||||||
"MS-CHAP2-Success length "
|
"MS-CHAP2-Success length "
|
||||||
"(len=%lu, expected 43)\n",
|
"(len=%lu, expected 43)",
|
||||||
(unsigned long) dlen);
|
(unsigned long) dlen);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@@ -912,12 +912,12 @@ static int eap_ttls_parse_avp(u8 *pos, size_t left,
|
|||||||
parse->mschapv2_error = 1;
|
parse->mschapv2_error = 1;
|
||||||
} else if (avp_flags & AVP_FLAGS_MANDATORY) {
|
} else if (avp_flags & AVP_FLAGS_MANDATORY) {
|
||||||
wpa_printf(MSG_ERROR, "EAP-TTLS: Unsupported mandatory AVP "
|
wpa_printf(MSG_ERROR, "EAP-TTLS: Unsupported mandatory AVP "
|
||||||
"code %d vendor_id %d - dropped\n",
|
"code %d vendor_id %d - dropped",
|
||||||
(int) avp_code, (int) vendor_id);
|
(int) avp_code, (int) vendor_id);
|
||||||
return -1;
|
return -1;
|
||||||
} else {
|
} else {
|
||||||
wpa_printf(MSG_INFO, "EAP-TTLS: Ignoring unsupported AVP "
|
wpa_printf(MSG_INFO, "EAP-TTLS: Ignoring unsupported AVP "
|
||||||
"code %d vendor_id %d\n",
|
"code %d vendor_id %d",
|
||||||
(int) avp_code, (int) vendor_id);
|
(int) avp_code, (int) vendor_id);
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -937,7 +937,7 @@ static int eap_ttls_parse_avps(struct wpabuf *in_decrypted,
|
|||||||
wpa_hexdump(MSG_DEBUG, "EAP-TTLS: Decrypted Phase 2 AVPs", pos, left);
|
wpa_hexdump(MSG_DEBUG, "EAP-TTLS: Decrypted Phase 2 AVPs", pos, left);
|
||||||
if (left < sizeof(struct ttls_avp)) {
|
if (left < sizeof(struct ttls_avp)) {
|
||||||
wpa_printf(MSG_ERROR, "EAP-TTLS: Too short Phase 2 AVP frame"
|
wpa_printf(MSG_ERROR, "EAP-TTLS: Too short Phase 2 AVP frame"
|
||||||
" len=%lu expected %lu or more - dropped\n",
|
" len=%lu expected %lu or more - dropped",
|
||||||
(unsigned long) left,
|
(unsigned long) left,
|
||||||
(unsigned long) sizeof(struct ttls_avp));
|
(unsigned long) sizeof(struct ttls_avp));
|
||||||
return -1;
|
return -1;
|
||||||
@@ -969,11 +969,11 @@ static u8 * eap_ttls_fake_identity_request(void)
|
|||||||
u8 *buf;
|
u8 *buf;
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "EAP-TTLS: empty data in beginning of "
|
wpa_printf(MSG_DEBUG, "EAP-TTLS: empty data in beginning of "
|
||||||
"Phase 2 - use fake EAP-Request Identity\n");
|
"Phase 2 - use fake EAP-Request Identity");
|
||||||
buf = os_malloc(sizeof(*hdr) + 1);
|
buf = os_malloc(sizeof(*hdr) + 1);
|
||||||
if (buf == NULL) {
|
if (buf == NULL) {
|
||||||
wpa_printf(MSG_ERROR, "EAP-TTLS: failed to allocate "
|
wpa_printf(MSG_ERROR, "EAP-TTLS: failed to allocate "
|
||||||
"memory for fake EAP-Identity Request\n");
|
"memory for fake EAP-Identity Request");
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -998,7 +998,7 @@ static int eap_ttls_encrypt_response(struct eap_sm *sm,
|
|||||||
if (eap_peer_tls_encrypt(sm, &data->ssl, EAP_TYPE_TTLS,
|
if (eap_peer_tls_encrypt(sm, &data->ssl, EAP_TYPE_TTLS,
|
||||||
data->ttls_version, identifier,
|
data->ttls_version, identifier,
|
||||||
resp, out_data)) {
|
resp, out_data)) {
|
||||||
wpa_printf(MSG_ERROR, "EAP-TTLS: Failed to encrypt a Phase 2 frame\n");
|
wpa_printf(MSG_ERROR, "EAP-TTLS: Failed to encrypt a Phase 2 frame");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
wpabuf_free(resp);
|
wpabuf_free(resp);
|
||||||
@@ -1071,7 +1071,7 @@ static int eap_ttls_process_phase2_mschapv2(struct eap_sm *sm,
|
|||||||
#ifdef EAP_MSCHAPv2
|
#ifdef EAP_MSCHAPv2
|
||||||
if (parse->mschapv2_error) {
|
if (parse->mschapv2_error) {
|
||||||
wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Received "
|
wpa_printf(MSG_ERROR, "EAP-TTLS/MSCHAPV2: Received "
|
||||||
"MS-CHAP-Error - failed\n");
|
"MS-CHAP-Error - failed");
|
||||||
ret->methodState = METHOD_DONE;
|
ret->methodState = METHOD_DONE;
|
||||||
ret->decision = DECISION_FAIL;
|
ret->decision = DECISION_FAIL;
|
||||||
/* Reply with empty data to ACK error */
|
/* Reply with empty data to ACK error */
|
||||||
@@ -1089,12 +1089,12 @@ static int eap_ttls_process_phase2_mschapv2(struct eap_sm *sm,
|
|||||||
}
|
}
|
||||||
#endif /* EAP_TNC */
|
#endif /* EAP_TNC */
|
||||||
wpa_printf(MSG_ERROR, "EAP-TTLS: no MS-CHAP2-Success AVP "
|
wpa_printf(MSG_ERROR, "EAP-TTLS: no MS-CHAP2-Success AVP "
|
||||||
"received for Phase2 MSCHAPV2\n");
|
"received for Phase2 MSCHAPV2");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
if (parse->mschapv2[0] != data->ident) {
|
if (parse->mschapv2[0] != data->ident) {
|
||||||
wpa_printf(MSG_ERROR, "EAP-TTLS: Ident mismatch for Phase 2 "
|
wpa_printf(MSG_ERROR, "EAP-TTLS: Ident mismatch for Phase 2 "
|
||||||
"MSCHAPV2 (received Ident 0x%02x, expected 0x%02x)\n",
|
"MSCHAPV2 (received Ident 0x%02x, expected 0x%02x)",
|
||||||
parse->mschapv2[0], data->ident);
|
parse->mschapv2[0], data->ident);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
@@ -1102,12 +1102,12 @@ static int eap_ttls_process_phase2_mschapv2(struct eap_sm *sm,
|
|||||||
mschapv2_verify_auth_response(data->auth_response,
|
mschapv2_verify_auth_response(data->auth_response,
|
||||||
parse->mschapv2 + 1, 42)) {
|
parse->mschapv2 + 1, 42)) {
|
||||||
wpa_printf(MSG_ERROR, "EAP-TTLS: Invalid authenticator "
|
wpa_printf(MSG_ERROR, "EAP-TTLS: Invalid authenticator "
|
||||||
"response in Phase 2 MSCHAPV2 success request\n");
|
"response in Phase 2 MSCHAPV2 success request");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 MSCHAPV2 "
|
wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase 2 MSCHAPV2 "
|
||||||
"authentication succeeded\n");
|
"authentication succeeded");
|
||||||
ret->methodState = METHOD_DONE;
|
ret->methodState = METHOD_DONE;
|
||||||
ret->decision = DECISION_UNCOND_SUCC;
|
ret->decision = DECISION_UNCOND_SUCC;
|
||||||
data->phase2_success = 1;
|
data->phase2_success = 1;
|
||||||
@@ -1118,7 +1118,7 @@ static int eap_ttls_process_phase2_mschapv2(struct eap_sm *sm,
|
|||||||
*/
|
*/
|
||||||
return 1;
|
return 1;
|
||||||
#else /* EAP_MSCHAPv2 */
|
#else /* EAP_MSCHAPv2 */
|
||||||
wpa_printf(MSG_ERROR, "EAP-TTLS: MSCHAPv2 not included in the build\n");
|
wpa_printf(MSG_ERROR, "EAP-TTLS: MSCHAPv2 not included in the build");
|
||||||
return -1;
|
return -1;
|
||||||
#endif /* EAP_MSCHAPv2 */
|
#endif /* EAP_MSCHAPv2 */
|
||||||
}
|
}
|
||||||
@@ -1134,18 +1134,18 @@ static int eap_ttls_process_tnc_start(struct eap_sm *sm,
|
|||||||
/* TNC uses inner EAP method after non-EAP TTLS phase 2. */
|
/* TNC uses inner EAP method after non-EAP TTLS phase 2. */
|
||||||
if (parse->eapdata == NULL) {
|
if (parse->eapdata == NULL) {
|
||||||
wpa_printf(MSG_ERROR, "EAP-TTLS: Phase 2 received "
|
wpa_printf(MSG_ERROR, "EAP-TTLS: Phase 2 received "
|
||||||
"unexpected tunneled data (no EAP)\n");
|
"unexpected tunneled data (no EAP)");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!data->ready_for_tnc) {
|
if (!data->ready_for_tnc) {
|
||||||
wpa_printf(MSG_ERROR, "EAP-TTLS: Phase 2 received "
|
wpa_printf(MSG_ERROR, "EAP-TTLS: Phase 2 received "
|
||||||
"EAP after non-EAP, but not ready for TNC\n");
|
"EAP after non-EAP, but not ready for TNC");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "EAP-TTLS: Start TNC after completed "
|
wpa_printf(MSG_DEBUG, "EAP-TTLS: Start TNC after completed "
|
||||||
"non-EAP method\n");
|
"non-EAP method");
|
||||||
data->tnc_started = 1;
|
data->tnc_started = 1;
|
||||||
|
|
||||||
if (eap_ttls_process_phase2_eap(sm, data, ret, parse, resp) < 0)
|
if (eap_ttls_process_phase2_eap(sm, data, ret, parse, resp) < 0)
|
||||||
@@ -1249,7 +1249,7 @@ static int eap_ttls_implicit_identity_request(struct eap_sm *sm,
|
|||||||
resp = NULL;
|
resp = NULL;
|
||||||
if (eap_ttls_phase2_request(sm, data, ret, hdr, &resp)) {
|
if (eap_ttls_phase2_request(sm, data, ret, hdr, &resp)) {
|
||||||
wpa_printf(MSG_ERROR, "EAP-TTLS: Phase2 Request "
|
wpa_printf(MSG_ERROR, "EAP-TTLS: Phase2 Request "
|
||||||
"processing failed\n");
|
"processing failed");
|
||||||
retval = -1;
|
retval = -1;
|
||||||
} else {
|
} else {
|
||||||
struct eap_peer_config *config = eap_get_config(sm);
|
struct eap_peer_config *config = eap_get_config(sm);
|
||||||
@@ -1298,7 +1298,7 @@ static int eap_ttls_phase2_start(struct eap_sm *sm, struct eap_ttls_data *data,
|
|||||||
if (data->reauth &&
|
if (data->reauth &&
|
||||||
tls_connection_resumed(sm->ssl_ctx, data->ssl.conn)) {
|
tls_connection_resumed(sm->ssl_ctx, data->ssl.conn)) {
|
||||||
wpa_printf(MSG_DEBUG, "EAP-TTLS: Session resumption - "
|
wpa_printf(MSG_DEBUG, "EAP-TTLS: Session resumption - "
|
||||||
"skip phase 2\n");
|
"skip phase 2");
|
||||||
*out_data = eap_peer_tls_build_ack(identifier, EAP_TYPE_TTLS,
|
*out_data = eap_peer_tls_build_ack(identifier, EAP_TYPE_TTLS,
|
||||||
data->ttls_version);
|
data->ttls_version);
|
||||||
ret->methodState = METHOD_DONE;
|
ret->methodState = METHOD_DONE;
|
||||||
@@ -1324,12 +1324,12 @@ static int eap_ttls_decrypt(struct eap_sm *sm, struct eap_ttls_data *data,
|
|||||||
os_memset(&parse, 0, sizeof(parse));
|
os_memset(&parse, 0, sizeof(parse));
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "EAP-TTLS: received %lu bytes encrypted data for"
|
wpa_printf(MSG_DEBUG, "EAP-TTLS: received %lu bytes encrypted data for"
|
||||||
" Phase 2\n",
|
" Phase 2",
|
||||||
in_data ? (unsigned long) wpabuf_len(in_data) : 0);
|
in_data ? (unsigned long) wpabuf_len(in_data) : 0);
|
||||||
|
|
||||||
if (data->pending_phase2_req) {
|
if (data->pending_phase2_req) {
|
||||||
wpa_printf(MSG_DEBUG, "EAP-TTLS: Pending Phase 2 request - "
|
wpa_printf(MSG_DEBUG, "EAP-TTLS: Pending Phase 2 request - "
|
||||||
"skip decryption and use old data\n");
|
"skip decryption and use old data");
|
||||||
/* Clear TLS reassembly state. */
|
/* Clear TLS reassembly state. */
|
||||||
eap_peer_tls_reset_input(&data->ssl);
|
eap_peer_tls_reset_input(&data->ssl);
|
||||||
|
|
||||||
@@ -1399,10 +1399,10 @@ static int eap_ttls_process_handshake(struct eap_sm *sm,
|
|||||||
|
|
||||||
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
|
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
|
||||||
wpa_printf(MSG_DEBUG, "EAP-TTLS: TLS done, proceed to "
|
wpa_printf(MSG_DEBUG, "EAP-TTLS: TLS done, proceed to "
|
||||||
"Phase 2\n");
|
"Phase 2");
|
||||||
if (data->resuming) {
|
if (data->resuming) {
|
||||||
wpa_printf(MSG_DEBUG, "EAP-TTLS: fast reauth - may "
|
wpa_printf(MSG_DEBUG, "EAP-TTLS: fast reauth - may "
|
||||||
"skip Phase 2\n");
|
"skip Phase 2");
|
||||||
ret->decision = DECISION_COND_SUCC;
|
ret->decision = DECISION_COND_SUCC;
|
||||||
ret->methodState = METHOD_MAY_CONT;
|
ret->methodState = METHOD_MAY_CONT;
|
||||||
}
|
}
|
||||||
@@ -1414,7 +1414,7 @@ static int eap_ttls_process_handshake(struct eap_sm *sm,
|
|||||||
NULL, out_data)) {
|
NULL, out_data)) {
|
||||||
wpa_printf(MSG_ERROR, "EAP-TTLS: "
|
wpa_printf(MSG_ERROR, "EAP-TTLS: "
|
||||||
"failed to process early "
|
"failed to process early "
|
||||||
"start for Phase 2\n");
|
"start for Phase 2");
|
||||||
}
|
}
|
||||||
res = 0;
|
res = 0;
|
||||||
}
|
}
|
||||||
@@ -1464,7 +1464,7 @@ static void eap_ttls_check_auth_status(struct eap_sm *sm,
|
|||||||
(ret->decision == DECISION_UNCOND_SUCC ||
|
(ret->decision == DECISION_UNCOND_SUCC ||
|
||||||
ret->decision == DECISION_COND_SUCC)) {
|
ret->decision == DECISION_COND_SUCC)) {
|
||||||
wpa_printf(MSG_DEBUG, "EAP-TTLS: Authentication "
|
wpa_printf(MSG_DEBUG, "EAP-TTLS: Authentication "
|
||||||
"completed successfully (MAY_CONT)\n");
|
"completed successfully (MAY_CONT)");
|
||||||
data->phase2_success = 1;
|
data->phase2_success = 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -1489,7 +1489,7 @@ static struct wpabuf * eap_ttls_process(struct eap_sm *sm, void *priv,
|
|||||||
|
|
||||||
if (flags & EAP_TLS_FLAGS_START) {
|
if (flags & EAP_TLS_FLAGS_START) {
|
||||||
wpa_printf(MSG_DEBUG, "EAP-TTLS: Start (server ver=%d, own "
|
wpa_printf(MSG_DEBUG, "EAP-TTLS: Start (server ver=%d, own "
|
||||||
"ver=%d)\n", flags & EAP_TLS_VERSION_MASK,
|
"ver=%d)", flags & EAP_TLS_VERSION_MASK,
|
||||||
data->ttls_version);
|
data->ttls_version);
|
||||||
|
|
||||||
/* RFC 5281, Ch. 9.2:
|
/* RFC 5281, Ch. 9.2:
|
||||||
|
|||||||
@@ -619,7 +619,7 @@ int wpa_supplicant_send_2_of_4(struct wpa_sm *sm, const unsigned char *dst,
|
|||||||
os_free(rsn_ie_buf);
|
os_free(rsn_ie_buf);
|
||||||
os_memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN);
|
os_memcpy(reply->key_nonce, nonce, WPA_NONCE_LEN);
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "WPA Send EAPOL-Key 2/4\n");
|
wpa_printf(MSG_DEBUG, "WPA Send EAPOL-Key 2/4");
|
||||||
|
|
||||||
wpa_eapol_key_send(sm, ptk->kck, ptk->kck_len, ver, dst, ETH_P_EAPOL,
|
wpa_eapol_key_send(sm, ptk->kck, ptk->kck_len, ver, dst, ETH_P_EAPOL,
|
||||||
rbuf, rlen, key_mic);
|
rbuf, rlen, key_mic);
|
||||||
@@ -655,7 +655,7 @@ void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
|
|||||||
|
|
||||||
wpa_sm_set_state(WPA_FIRST_HALF_4WAY_HANDSHAKE);
|
wpa_sm_set_state(WPA_FIRST_HALF_4WAY_HANDSHAKE);
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "WPA 1/4-Way Handshake\n");
|
wpa_printf(MSG_DEBUG, "WPA 1/4-Way Handshake");
|
||||||
|
|
||||||
memset(&ie, 0, sizeof(ie));
|
memset(&ie, 0, sizeof(ie));
|
||||||
|
|
||||||
@@ -754,7 +754,7 @@ static int wpa_supplicant_install_ptk(struct wpa_sm *sm, enum key_flag key_flag)
|
|||||||
wpa_printf(MSG_DEBUG, "WPA: Do not re-install same PTK to the driver");
|
wpa_printf(MSG_DEBUG, "WPA: Do not re-install same PTK to the driver");
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
wpa_printf(MSG_DEBUG, "WPA: Installing PTK to the driver.\n");
|
wpa_printf(MSG_DEBUG, "WPA: Installing PTK to the driver.");
|
||||||
|
|
||||||
if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
|
if (sm->pairwise_cipher == WPA_CIPHER_NONE) {
|
||||||
wpa_printf(MSG_DEBUG, "WPA: Pairwise Cipher Suite: NONE - do not use pairwise keys");
|
wpa_printf(MSG_DEBUG, "WPA: Pairwise Cipher Suite: NONE - do not use pairwise keys");
|
||||||
@@ -881,7 +881,7 @@ static int wpa_supplicant_install_gtk(struct wpa_sm *sm,
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
wpa_printf(MSG_DEBUG, "WPA: Installing GTK to the driver "
|
wpa_printf(MSG_DEBUG, "WPA: Installing GTK to the driver "
|
||||||
"(keyidx=%d tx=%d len=%d).\n", gd->keyidx, gd->tx,
|
"(keyidx=%d tx=%d len=%d).", gd->keyidx, gd->tx,
|
||||||
gd->gtk_len);
|
gd->gtk_len);
|
||||||
|
|
||||||
wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, gd->key_rsc_len);
|
wpa_hexdump(MSG_DEBUG, "WPA: RSC", key_rsc, gd->key_rsc_len);
|
||||||
@@ -1225,7 +1225,7 @@ static int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *ds
|
|||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
sm->txcb_flags |= WPA_4_4_HANDSHAKE_BIT;
|
sm->txcb_flags |= WPA_4_4_HANDSHAKE_BIT;
|
||||||
wpa_printf(MSG_DEBUG, "tx 4/4 txcb_flags=%d\n", sm->txcb_flags);
|
wpa_printf(MSG_DEBUG, "tx 4/4 txcb_flags=%d", sm->txcb_flags);
|
||||||
|
|
||||||
reply192 = (struct wpa_eapol_key_192 *) reply;
|
reply192 = (struct wpa_eapol_key_192 *) reply;
|
||||||
reply->type = sm->proto == WPA_PROTO_RSN ?
|
reply->type = sm->proto == WPA_PROTO_RSN ?
|
||||||
@@ -1246,7 +1246,7 @@ static int wpa_supplicant_send_4_of_4(struct wpa_sm *sm, const unsigned char *ds
|
|||||||
else
|
else
|
||||||
WPA_PUT_BE16(reply->key_data_length, 0);
|
WPA_PUT_BE16(reply->key_data_length, 0);
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "WPA Send EAPOL-Key 4/4\n");
|
wpa_printf(MSG_DEBUG, "WPA Send EAPOL-Key 4/4");
|
||||||
wpa_eapol_key_send(sm, ptk->kck, ptk->kck_len, ver, dst, ETH_P_EAPOL,
|
wpa_eapol_key_send(sm, ptk->kck, ptk->kck_len, ver, dst, ETH_P_EAPOL,
|
||||||
rbuf, rlen, key_mic);
|
rbuf, rlen, key_mic);
|
||||||
wpa_sm_free_eapol(rbuf);
|
wpa_sm_free_eapol(rbuf);
|
||||||
@@ -1281,7 +1281,7 @@ static void wpa_supplicant_process_3_of_4(struct wpa_sm *sm,
|
|||||||
struct wpa_eapol_ie_parse ie;
|
struct wpa_eapol_ie_parse ie;
|
||||||
|
|
||||||
wpa_sm_set_state(WPA_LAST_HALF_4WAY_HANDSHAKE);
|
wpa_sm_set_state(WPA_LAST_HALF_4WAY_HANDSHAKE);
|
||||||
wpa_printf(MSG_DEBUG, "WPA 3/4-Way Handshake\n");
|
wpa_printf(MSG_DEBUG, "WPA 3/4-Way Handshake");
|
||||||
|
|
||||||
key_info = WPA_GET_BE16(key->key_info);
|
key_info = WPA_GET_BE16(key->key_info);
|
||||||
|
|
||||||
@@ -1627,7 +1627,7 @@ static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm,
|
|||||||
return -1;
|
return -1;
|
||||||
|
|
||||||
sm->txcb_flags |= WPA_GROUP_HANDSHAKE_BIT;
|
sm->txcb_flags |= WPA_GROUP_HANDSHAKE_BIT;
|
||||||
wpa_printf(MSG_DEBUG, "2/2 txcb_flags=%d\n", sm->txcb_flags);
|
wpa_printf(MSG_DEBUG, "2/2 txcb_flags=%d", sm->txcb_flags);
|
||||||
|
|
||||||
reply192 = (struct wpa_eapol_key_192 *) reply;
|
reply192 = (struct wpa_eapol_key_192 *) reply;
|
||||||
reply->type = sm->proto == WPA_PROTO_RSN ?
|
reply->type = sm->proto == WPA_PROTO_RSN ?
|
||||||
@@ -1648,7 +1648,7 @@ static int wpa_supplicant_send_2_of_2(struct wpa_sm *sm,
|
|||||||
else
|
else
|
||||||
WPA_PUT_BE16(reply->key_data_length, 0);
|
WPA_PUT_BE16(reply->key_data_length, 0);
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "WPA Send 2/2 Group key\n");
|
wpa_printf(MSG_DEBUG, "WPA Send 2/2 Group key");
|
||||||
|
|
||||||
wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver, sm->bssid, ETH_P_EAPOL,
|
wpa_eapol_key_send(sm, sm->ptk.kck, sm->ptk.kck_len, ver, sm->bssid, ETH_P_EAPOL,
|
||||||
rbuf, rlen, key_mic);
|
rbuf, rlen, key_mic);
|
||||||
@@ -1669,7 +1669,7 @@ static void wpa_supplicant_process_1_of_2(struct wpa_sm *sm,
|
|||||||
|
|
||||||
memset(gd, 0, sizeof(struct wpa_gtk_data));
|
memset(gd, 0, sizeof(struct wpa_gtk_data));
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "WPA 1/2 Group Key Handshake\n");
|
wpa_printf(MSG_DEBUG, "WPA 1/2 Group Key Handshake");
|
||||||
|
|
||||||
key_info = WPA_GET_BE16(key->key_info);
|
key_info = WPA_GET_BE16(key->key_info);
|
||||||
|
|
||||||
@@ -1866,9 +1866,9 @@ static void wpa_eapol_key_dump(struct wpa_sm *sm,
|
|||||||
|
|
||||||
u16 key_info = WPA_GET_BE16(key->key_info);
|
u16 key_info = WPA_GET_BE16(key->key_info);
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, " EAPOL-Key type=%d\n", key->type);
|
wpa_printf(MSG_DEBUG, " EAPOL-Key type=%d", key->type);
|
||||||
wpa_printf(MSG_DEBUG, " key_info 0x%x (ver=%d keyidx=%d rsvd=%d %s"
|
wpa_printf(MSG_DEBUG, " key_info 0x%x (ver=%d keyidx=%d rsvd=%d %s"
|
||||||
"%s%s%s%s%s%s%s)\n",
|
"%s%s%s%s%s%s%s)",
|
||||||
key_info, (u32)(key_info & WPA_KEY_INFO_TYPE_MASK),
|
key_info, (u32)(key_info & WPA_KEY_INFO_TYPE_MASK),
|
||||||
(u32)((key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
|
(u32)((key_info & WPA_KEY_INFO_KEY_INDEX_MASK) >>
|
||||||
WPA_KEY_INFO_KEY_INDEX_SHIFT),
|
WPA_KEY_INFO_KEY_INDEX_SHIFT),
|
||||||
@@ -1881,7 +1881,7 @@ static void wpa_eapol_key_dump(struct wpa_sm *sm,
|
|||||||
key_info & WPA_KEY_INFO_ERROR ? " Error" : "",
|
key_info & WPA_KEY_INFO_ERROR ? " Error" : "",
|
||||||
key_info & WPA_KEY_INFO_REQUEST ? " Request" : "",
|
key_info & WPA_KEY_INFO_REQUEST ? " Request" : "",
|
||||||
key_info & WPA_KEY_INFO_ENCR_KEY_DATA ? " Encr" : "");
|
key_info & WPA_KEY_INFO_ENCR_KEY_DATA ? " Encr" : "");
|
||||||
wpa_printf(MSG_DEBUG, " key_length=%u key_data_length=%u\n",
|
wpa_printf(MSG_DEBUG, " key_length=%u key_data_length=%u",
|
||||||
WPA_GET_BE16(key->key_length), key_data_len);
|
WPA_GET_BE16(key->key_length), key_data_len);
|
||||||
wpa_hexdump(MSG_DEBUG, " replay_counter",
|
wpa_hexdump(MSG_DEBUG, " replay_counter",
|
||||||
key->replay_counter, WPA_REPLAY_COUNTER_LEN);
|
key->replay_counter, WPA_REPLAY_COUNTER_LEN);
|
||||||
@@ -1952,7 +1952,7 @@ int wpa_sm_rx_eapol(u8 *src_addr, u8 *buf, u32 len)
|
|||||||
data_len = plen + sizeof(*hdr);
|
data_len = plen + sizeof(*hdr);
|
||||||
|
|
||||||
#ifdef DEBUG_PRINT
|
#ifdef DEBUG_PRINT
|
||||||
wpa_printf(MSG_DEBUG, "IEEE 802.1X RX: version=%d type=%d length=%d\n",
|
wpa_printf(MSG_DEBUG, "IEEE 802.1X RX: version=%d type=%d length=%d",
|
||||||
hdr->version, hdr->type, plen);
|
hdr->version, hdr->type, plen);
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@@ -1991,7 +1991,7 @@ int wpa_sm_rx_eapol(u8 *src_addr, u8 *buf, u32 len)
|
|||||||
if (data_len < len) {
|
if (data_len < len) {
|
||||||
#ifdef DEBUG_PRINT
|
#ifdef DEBUG_PRINT
|
||||||
wpa_printf(MSG_DEBUG, "WPA: ignoring %lu bytes after the IEEE "
|
wpa_printf(MSG_DEBUG, "WPA: ignoring %lu bytes after the IEEE "
|
||||||
"802.1X data\n", (unsigned long) len - data_len);
|
"802.1X data", (unsigned long) len - data_len);
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
key_info = WPA_GET_BE16(key->key_info);
|
key_info = WPA_GET_BE16(key->key_info);
|
||||||
@@ -2648,7 +2648,7 @@ void wpa_supplicant_clr_countermeasures(u16 *pisunicast)
|
|||||||
{
|
{
|
||||||
struct wpa_sm *sm = &gWpaSm;
|
struct wpa_sm *sm = &gWpaSm;
|
||||||
sm->mic_errors_seen = 0;
|
sm->mic_errors_seen = 0;
|
||||||
wpa_printf(MSG_DEBUG, "WPA: TKIP countermeasures clean\n");
|
wpa_printf(MSG_DEBUG, "WPA: TKIP countermeasures clean");
|
||||||
}
|
}
|
||||||
|
|
||||||
/*recovery from countermeasures state, countermeasures state is period that stop connection with ap
|
/*recovery from countermeasures state, countermeasures state is period that stop connection with ap
|
||||||
@@ -2663,7 +2663,7 @@ void wpa_supplicant_stop_countermeasures(void *data, void *user_ctx)
|
|||||||
wpa_supplicant_clr_countermeasures(NULL);
|
wpa_supplicant_clr_countermeasures(NULL);
|
||||||
eloop_cancel_timeout(wpa_supplicant_stop_countermeasures, NULL, NULL);
|
eloop_cancel_timeout(wpa_supplicant_stop_countermeasures, NULL, NULL);
|
||||||
|
|
||||||
wpa_printf(MSG_DEBUG, "WPA: TKIP countermeasures stopped\n");
|
wpa_printf(MSG_DEBUG, "WPA: TKIP countermeasures stopped");
|
||||||
/*renew scan preocess, this isn't done now*/
|
/*renew scan preocess, this isn't done now*/
|
||||||
}
|
}
|
||||||
wpa_sm_set_state(WPA_DISCONNECTED);
|
wpa_sm_set_state(WPA_DISCONNECTED);
|
||||||
@@ -2733,14 +2733,14 @@ void eapol_txcb(void *eb)
|
|||||||
sm->txcb_flags &= ~WPA_4_4_HANDSHAKE_BIT;
|
sm->txcb_flags &= ~WPA_4_4_HANDSHAKE_BIT;
|
||||||
isdeauth = wpa_supplicant_send_4_of_4_txcallback(sm);
|
isdeauth = wpa_supplicant_send_4_of_4_txcallback(sm);
|
||||||
} else {
|
} else {
|
||||||
wpa_printf(MSG_DEBUG, "4/4 txcb, flags=%d\n", sm->txcb_flags);
|
wpa_printf(MSG_DEBUG, "4/4 txcb, flags=%d", sm->txcb_flags);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case WPA_GROUP_HANDSHAKE:
|
case WPA_GROUP_HANDSHAKE:
|
||||||
if (sm->txcb_flags & WPA_GROUP_HANDSHAKE_BIT) {
|
if (sm->txcb_flags & WPA_GROUP_HANDSHAKE_BIT) {
|
||||||
sm->txcb_flags &= ~WPA_GROUP_HANDSHAKE_BIT;
|
sm->txcb_flags &= ~WPA_GROUP_HANDSHAKE_BIT;
|
||||||
} else {
|
} else {
|
||||||
wpa_printf(MSG_DEBUG, "2/2 txcb, flags=%d\n", sm->txcb_flags);
|
wpa_printf(MSG_DEBUG, "2/2 txcb, flags=%d", sm->txcb_flags);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
case WPA_TKIP_COUNTERMEASURES: isdeauth=WLAN_REASON_MICHAEL_MIC_FAILURE;
|
case WPA_TKIP_COUNTERMEASURES: isdeauth=WLAN_REASON_MICHAEL_MIC_FAILURE;
|
||||||
|
|||||||
@@ -54,7 +54,7 @@ int wpa_snprintf_hex(char *buf, size_t buf_size, const u8 *data, size_t len)
|
|||||||
void wpa_dump_mem(char* desc, uint8_t *addr, uint16_t len)
|
void wpa_dump_mem(char* desc, uint8_t *addr, uint16_t len)
|
||||||
{
|
{
|
||||||
char output[50];
|
char output[50];
|
||||||
wpa_printf(MSG_DEBUG, "%s\n", desc);
|
wpa_printf(MSG_DEBUG, "%s", desc);
|
||||||
if (addr){
|
if (addr){
|
||||||
uint16_t i=0;
|
uint16_t i=0;
|
||||||
for (i = 0; i < len / 16; i++) {
|
for (i = 0; i < len / 16; i++) {
|
||||||
|
|||||||
Reference in New Issue
Block a user