[PATCHv3 3/4] FT: add support for wildcard R0KH / R1KH

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This enables using FT RRB without configuring each other AP locally.
Instead, broadcast messages are exchanged.

Signed-off-by: Michael Braun <michael-dev@xxxxxxxxxxxxx>
---
 hostapd/hostapd.conf |  4 ++++
 src/ap/wpa_auth_ft.c | 42 +++++++++++++++++++++++++++++++++---------
 2 files changed, 37 insertions(+), 9 deletions(-)

diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index 0574fa4..ca98fe5 100644
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -1313,6 +1313,8 @@ own_ip_addr=127.0.0.1
 #r0kh=02:01:02:03:04:05 r0kh-1.example.com 000102030405060708090a0b0c0d0e0f
 #r0kh=02:01:02:03:04:06 r0kh-2.example.com 00112233445566778899aabbccddeeff
 # And so on.. One line per R0KH.
+# Wildcard entry:
+#r0kh=ff:ff:ff:ff:ff:ff * 00112233445566778899aabbccddeeff
 
 # List of R1KHs in the same Mobility Domain
 # format: <MAC address> <R1KH-ID> <128-bit key as hex string>
@@ -1322,6 +1324,8 @@ own_ip_addr=127.0.0.1
 #r1kh=02:01:02:03:04:05 02:11:22:33:44:55 000102030405060708090a0b0c0d0e0f
 #r1kh=02:01:02:03:04:06 02:11:22:33:44:66 00112233445566778899aabbccddeeff
 # And so on.. One line per R1KH.
+# Wildcard entry:
+#r1kh=00:00:00:00:00:00 00:00:00:00:00:00 00112233445566778899aabbccddeeff
 
 # Whether PMK-R1 push is enabled at R0KH
 # 0 = do not push PMK-R1 to all configured R1KHs (default)
diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
index a620136..d8c03b5 100644
--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
@@ -303,7 +303,6 @@ out:
 	} \
 } while (0)
 
-
 static int wpa_ft_rrb_send(struct wpa_authenticator *wpa_auth, const u8 *dst,
 			   const u8 *data, size_t data_len)
 {
@@ -602,7 +601,7 @@ static int wpa_ft_pull_pmk_r1(struct wpa_state_machine *sm,
 			      const u8 *ies, size_t ies_len,
 			      const u8 *pmk_r0_name)
 {
-	struct ft_remote_r0kh *r0kh;
+	struct ft_remote_r0kh *r0kh, *r0kh_wildcard = NULL;
 	u8 *packet = NULL;
 	size_t packet_len;
 
@@ -612,8 +611,14 @@ static int wpa_ft_pull_pmk_r1(struct wpa_state_machine *sm,
 		    os_memcmp_const(r0kh->id, sm->r0kh_id, sm->r0kh_id_len) ==
 		    0)
 			break;
+		if (r0kh->id_len == 1 && r0kh->id[0] == '*')
+			r0kh_wildcard = r0kh;
 		r0kh = r0kh->next;
 	}
+	if (r0kh == NULL && r0kh_wildcard != NULL) {
+		wpa_printf(MSG_DEBUG, "FT: Using wildcard R0KH-ID");
+		r0kh = r0kh_wildcard;
+	}
 	if (r0kh == NULL) {
 		wpa_hexdump(MSG_DEBUG, "FT: Did not find R0KH-ID",
 			    sm->r0kh_id, sm->r0kh_id_len);
@@ -1742,7 +1747,7 @@ static int wpa_ft_rrb_rx_pull(struct wpa_authenticator *wpa_auth,
 {
 	u8 *plain, *packet = NULL;
 	size_t plain_len, packet_len;
-	struct ft_remote_r1kh *r1kh;
+	struct ft_remote_r1kh *r1kh, *r1kh_wildcard = NULL;
 	int ret;
 	const u8 *f_nonce, *f_r0kh_id, *f_r1kh_id, *f_s1kh_id, *f_pmk_r0_name;
 	size_t f_nonce_len, f_r0kh_id_len, f_r1kh_id_len, f_s1kh_id_len;
@@ -1756,8 +1761,15 @@ static int wpa_ft_rrb_rx_pull(struct wpa_authenticator *wpa_auth,
 	while (r1kh) {
 		if (os_memcmp(r1kh->addr, src_addr, ETH_ALEN) == 0)
 			break;
+		if (is_zero_ether_addr(r1kh->addr) &&
+		    is_zero_ether_addr(r1kh->id))
+			r1kh_wildcard = r1kh;
 		r1kh = r1kh->next;
 	}
+	if (r1kh == NULL && r1kh_wildcard != NULL) {
+		wpa_printf(MSG_DEBUG, "FT: Using wildcard R1KH-ID");
+		r1kh = r1kh_wildcard;
+	}
 	if (r1kh == NULL) {
 		wpa_printf(MSG_DEBUG, "FT: No matching R1KH address found for "
 			   "PMK-R1 pull source address " MACSTR,
@@ -1932,7 +1944,7 @@ static int wpa_ft_rrb_rx_resp(struct wpa_authenticator *wpa_auth,
 {
 	u8 *plain;
 	size_t plain_len;
-	struct ft_remote_r0kh *r0kh;
+	struct ft_remote_r0kh *r0kh, *r0kh_wildcard = NULL;
 	int ret;
 	struct ft_pull_resp_cb_ctx ctx;
 	const u8 *f_nonce, *f_s1kh_id;
@@ -1944,8 +1956,14 @@ static int wpa_ft_rrb_rx_resp(struct wpa_authenticator *wpa_auth,
 	while (r0kh) {
 		if (os_memcmp(r0kh->addr, src_addr, ETH_ALEN) == 0)
 			break;
+		if (r0kh->id_len == 1 && r0kh->id[0] == '*')
+			r0kh_wildcard = r0kh;
 		r0kh = r0kh->next;
 	}
+	if (r0kh == NULL && r0kh_wildcard != NULL) {
+		wpa_printf(MSG_DEBUG, "FT: Using wildcard R0KH-ID");
+		r0kh = r0kh_wildcard;
+	}
 	if (r0kh == NULL) {
 		wpa_printf(MSG_DEBUG, "FT: No matching R0KH address found for "
 			   "PMK-R0 pull response source address " MACSTR,
@@ -1998,7 +2016,7 @@ static int wpa_ft_rrb_rx_push(struct wpa_authenticator *wpa_auth,
 	int ret = -1;
 	u8 *plain;
 	size_t plain_len;
-	struct ft_remote_r0kh *r0kh;
+	struct ft_remote_r0kh *r0kh, *r0kh_wildcard = NULL;
 	struct os_time now;
 	os_time_t tsend;
 	const u8 *f_timestamp;
@@ -2010,8 +2028,14 @@ static int wpa_ft_rrb_rx_push(struct wpa_authenticator *wpa_auth,
 	while (r0kh) {
 		if (os_memcmp(r0kh->addr, src_addr, ETH_ALEN) == 0)
 			break;
+		if (r0kh->id_len == 1 && r0kh->id[0] == '*')
+			r0kh_wildcard = r0kh;
 		r0kh = r0kh->next;
 	}
+	if (r0kh == NULL && r0kh_wildcard != NULL) {
+		wpa_printf(MSG_DEBUG, "FT: Using wildcard R0KH-ID");
+		r0kh = r0kh_wildcard;
+	}
 	if (r0kh == NULL) {
 		wpa_printf(MSG_DEBUG, "FT: No matching R0KH address found for "
 			   "PMK-R0 push source address " MACSTR,
@@ -2182,7 +2206,6 @@ void wpa_ft_rrb_oui_rx(struct wpa_authenticator *wpa_auth, const u8 *src_addr,
 		wpa_printf(MSG_ERROR, "FT: RRB-OUI received frame from remote "
 			   "AP " MACSTR " to multicast address " MACSTR,
 			   MAC2STR(src_addr), MAC2STR(dst_addr));
-		return;
 	}
 
 	switch (ouisuffix) {
@@ -2258,10 +2281,11 @@ void wpa_ft_push_pmk_r1(struct wpa_authenticator *wpa_auth, const u8 *addr)
 	wpa_printf(MSG_DEBUG, "FT: Deriving and pushing PMK-R1 keys to R1KHs "
 		   "for STA " MACSTR, MAC2STR(addr));
 
-	r1kh = wpa_auth->conf.r1kh_list;
-	while (r1kh) {
+	for (r1kh = wpa_auth->conf.r1kh_list; r1kh; r1kh = r1kh->next) {
+		if (is_zero_ether_addr(r1kh->addr) ||
+		    is_zero_ether_addr(r1kh->id))
+			continue;
 		wpa_ft_generate_pmk_r1(wpa_auth, r0, r1kh, addr);
-		r1kh = r1kh->next;
 	}
 }
 
-- 
2.1.4


_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap



[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux