[PATCH 2/7] Replace some vlan_ids with vlan_descriptions
Tom Barthe
jeltz+hostap at auro.re
Mon Oct 11 04:24:32 PDT 2021
It should ease the integration of PPSK.
Signed-off-by: Tom Barthe <jeltz+hostap at auro.re>
---
src/ap/ap_config.c | 23 +++++++++++----
src/ap/ap_config.h | 3 +-
src/ap/wpa_auth.c | 29 +++++++++++--------
src/ap/wpa_auth.h | 5 ++--
src/ap/wpa_auth_glue.c | 28 +++++++++---------
tests/fuzzing/eapol-key-auth/eapol-key-auth.c | 6 ++--
6 files changed, 57 insertions(+), 37 deletions(-)
diff --git a/src/ap/ap_config.c b/src/ap/ap_config.c
index 2e0af2b7e..8e887fabc 100644
--- a/src/ap/ap_config.c
+++ b/src/ap/ap_config.c
@@ -1094,15 +1094,28 @@ const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan, int vlan_id)
}
+static struct vlan_description vlan_desc_from_id(int vlan_id)
+{
+ struct vlan_description vlan_desc;
+
+ os_memset(&vlan_desc, 0, sizeof(vlan_desc));
+
+ vlan_desc.notempty = 1;
+ vlan_desc.untagged = vlan_id;
+
+ return vlan_desc;
+}
+
+
const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf,
const u8 *addr, const u8 *p2p_dev_addr,
- const u8 *prev_psk, int *vlan_id)
+ const u8 *prev_psk, struct vlan_description *vlan_desc)
{
struct hostapd_wpa_psk *psk;
int next_ok = prev_psk == NULL;
- if (vlan_id)
- *vlan_id = 0;
+ if (vlan_desc)
+ vlan_desc->notempty = 0;
if (p2p_dev_addr && !is_zero_ether_addr(p2p_dev_addr)) {
wpa_printf(MSG_DEBUG, "Searching a PSK for " MACSTR
@@ -1122,8 +1135,8 @@ const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf,
(!addr && p2p_dev_addr &&
os_memcmp(psk->p2p_dev_addr, p2p_dev_addr, ETH_ALEN) ==
0))) {
- if (vlan_id)
- *vlan_id = psk->vlan_id;
+ if (vlan_desc)
+ *vlan_desc = vlan_desc_from_id(psk->vlan_id);
return psk->psk;
}
diff --git a/src/ap/ap_config.h b/src/ap/ap_config.h
index edd21516b..38dd77dc5 100644
--- a/src/ap/ap_config.h
+++ b/src/ap/ap_config.h
@@ -1175,7 +1175,8 @@ int hostapd_maclist_found(struct mac_acl_entry *list, int num_entries,
int hostapd_rate_found(int *list, int rate);
const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf,
const u8 *addr, const u8 *p2p_dev_addr,
- const u8 *prev_psk, int *vlan_id);
+ const u8 *prev_psk,
+ struct vlan_description *vlan_desc);
int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf);
int hostapd_vlan_valid(struct hostapd_vlan *vlan,
struct vlan_description *vlan_desc);
diff --git a/src/ap/wpa_auth.c b/src/ap/wpa_auth.c
index 83805681e..a1bbecd1a 100644
--- a/src/ap/wpa_auth.c
+++ b/src/ap/wpa_auth.c
@@ -118,12 +118,12 @@ static inline const u8 * wpa_auth_get_psk(struct wpa_authenticator *wpa_auth,
const u8 *addr,
const u8 *p2p_dev_addr,
const u8 *prev_psk, size_t *psk_len,
- int *vlan_id)
+ struct vlan_description *vlan_desc)
{
if (!wpa_auth->cb->get_psk)
return NULL;
return wpa_auth->cb->get_psk(wpa_auth->cb_ctx, addr, p2p_dev_addr,
- prev_psk, psk_len, vlan_id);
+ prev_psk, psk_len, vlan_desc);
}
@@ -298,11 +298,12 @@ static int wpa_channel_info(struct wpa_authenticator *wpa_auth,
static int wpa_auth_update_vlan(struct wpa_authenticator *wpa_auth,
- const u8 *addr, int vlan_id)
+ const u8 *addr,
+ struct vlan_description *vlan_desc)
{
if (!wpa_auth->cb->update_vlan)
return -1;
- return wpa_auth->cb->update_vlan(wpa_auth->cb_ctx, addr, vlan_id);
+ return wpa_auth->cb->update_vlan(wpa_auth->cb_ctx, addr, vlan_desc);
}
@@ -937,15 +938,16 @@ static int wpa_try_alt_snonce(struct wpa_state_machine *sm, u8 *data,
int ok = 0;
const u8 *pmk = NULL;
size_t pmk_len;
- int vlan_id = 0;
+ struct vlan_description vlan_desc;
+ os_memset(&vlan_desc, 0, sizeof(vlan_desc));
os_memset(&PTK, 0, sizeof(PTK));
for (;;) {
if (wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) &&
!wpa_key_mgmt_sae(sm->wpa_key_mgmt)) {
pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr,
sm->p2p_dev_addr, pmk, &pmk_len,
- &vlan_id);
+ &vlan_desc);
if (!pmk)
break;
#ifdef CONFIG_IEEE80211R_AP
@@ -988,8 +990,8 @@ static int wpa_try_alt_snonce(struct wpa_state_machine *sm, u8 *data,
"WPA: Earlier SNonce resulted in matching MIC");
sm->alt_snonce_valid = 0;
- if (vlan_id && wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) &&
- wpa_auth_update_vlan(sm->wpa_auth, sm->addr, vlan_id) < 0)
+ if (vlan_desc.notempty && wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) &&
+ wpa_auth_update_vlan(sm->wpa_auth, sm->addr, &vlan_desc) < 0)
return -1;
os_memcpy(sm->SNonce, sm->alt_SNonce, WPA_NONCE_LEN);
@@ -2938,9 +2940,11 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
struct ieee802_1x_hdr *hdr;
struct wpa_eapol_key *key;
struct wpa_eapol_ie_parse kde;
- int vlan_id = 0;
+ struct vlan_description vlan_desc;
int owe_ptk_workaround = !!wpa_auth->conf.owe_ptk_workaround;
+ os_memset(&vlan_desc, 0, sizeof(vlan_desc));
+
SM_ENTRY_MA(WPA_PTK, PTKCALCNEGOTIATING, wpa_ptk);
sm->EAPOLKeyReceived = false;
sm->update_snonce = false;
@@ -2956,7 +2960,7 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
!wpa_key_mgmt_sae(sm->wpa_key_mgmt)) {
pmk = wpa_auth_get_psk(sm->wpa_auth, sm->addr,
sm->p2p_dev_addr, pmk, &pmk_len,
- &vlan_id);
+ &vlan_desc);
if (!pmk)
break;
psk_found = 1;
@@ -3086,6 +3090,7 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
WLAN_REASON_PREV_AUTH_NOT_VALID);
return;
}
+
#ifdef CONFIG_OCV
if (wpa_auth_uses_ocv(sm)) {
struct wpa_channel_info ci;
@@ -3189,8 +3194,8 @@ SM_STATE(WPA_PTK, PTKCALCNEGOTIATING)
}
#endif /* CONFIG_IEEE80211R_AP */
- if (vlan_id && wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) &&
- wpa_auth_update_vlan(wpa_auth, sm->addr, vlan_id) < 0) {
+ if (vlan_desc.notempty && wpa_key_mgmt_wpa_psk(sm->wpa_key_mgmt) &&
+ wpa_auth_update_vlan(wpa_auth, sm->addr, &vlan_desc) < 0) {
wpa_sta_disconnect(wpa_auth, sm->addr,
WLAN_REASON_PREV_AUTH_NOT_VALID);
return;
diff --git a/src/ap/wpa_auth.h b/src/ap/wpa_auth.h
index fe47723b9..f7d1d3dbc 100644
--- a/src/ap/wpa_auth.h
+++ b/src/ap/wpa_auth.h
@@ -296,7 +296,7 @@ struct wpa_auth_callbacks {
int (*get_eapol)(void *ctx, const u8 *addr, wpa_eapol_variable var);
const u8 * (*get_psk)(void *ctx, const u8 *addr, const u8 *p2p_dev_addr,
const u8 *prev_psk, size_t *psk_len,
- int *vlan_id);
+ struct vlan_description *vlan);
int (*get_msk)(void *ctx, const u8 *addr, u8 *msk, size_t *len);
int (*set_key)(void *ctx, int vlan_id, enum wpa_alg alg,
const u8 *addr, int idx, u8 *key, size_t key_len,
@@ -313,7 +313,8 @@ struct wpa_auth_callbacks {
int (*send_oui)(void *ctx, const u8 *dst, u8 oui_suffix, const u8 *data,
size_t data_len);
int (*channel_info)(void *ctx, struct wpa_channel_info *ci);
- int (*update_vlan)(void *ctx, const u8 *addr, int vlan_id);
+ int (*update_vlan)(void *ctx, const u8 *addr,
+ struct vlan_description *vlan);
int (*get_sta_tx_params)(void *ctx, const u8 *addr,
int ap_max_chanwidth, int ap_seg1_idx,
int *bandwidth, int *seg1_idx);
diff --git a/src/ap/wpa_auth_glue.c b/src/ap/wpa_auth_glue.c
index 3e9921553..f0e94700c 100644
--- a/src/ap/wpa_auth_glue.c
+++ b/src/ap/wpa_auth_glue.c
@@ -330,14 +330,14 @@ static int hostapd_wpa_auth_get_eapol(void *ctx, const u8 *addr,
static const u8 * hostapd_wpa_auth_get_psk(void *ctx, const u8 *addr,
const u8 *p2p_dev_addr,
const u8 *prev_psk, size_t *psk_len,
- int *vlan_id)
+ struct vlan_description *vlan_desc)
{
struct hostapd_data *hapd = ctx;
struct sta_info *sta = ap_get_sta(hapd, addr);
const u8 *psk;
- if (vlan_id)
- *vlan_id = 0;
+ if (vlan_desc)
+ vlan_desc->notempty = 0;
if (psk_len)
*psk_len = PMK_LEN;
@@ -374,7 +374,7 @@ static const u8 * hostapd_wpa_auth_get_psk(void *ctx, const u8 *addr,
#endif /* CONFIG_OWE */
psk = hostapd_get_psk(hapd->conf, addr, p2p_dev_addr, prev_psk,
- vlan_id);
+ vlan_desc);
/*
* This is about to iterate over all psks, prev_psk gives the last
* returned psk which should not be returned again.
@@ -383,8 +383,8 @@ static const u8 * hostapd_wpa_auth_get_psk(void *ctx, const u8 *addr,
if (sta && sta->psk && !psk) {
struct hostapd_sta_wpa_psk_short *pos;
- if (vlan_id)
- *vlan_id = 0;
+ if (vlan_desc)
+ vlan_desc->notempty = 0;
psk = sta->psk->psk;
for (pos = sta->psk; pos; pos = pos->next) {
if (pos->is_passphrase) {
@@ -939,30 +939,30 @@ static void hostapd_clear_ptksa(void *ctx, const u8 *addr, int cipher)
#endif /* CONFIG_PASN */
-static int hostapd_wpa_auth_update_vlan(void *ctx, const u8 *addr, int vlan_id)
+static int hostapd_wpa_auth_update_vlan(void *ctx, const u8 *addr,
+ struct vlan_description *vlan_desc)
{
#ifndef CONFIG_NO_VLAN
struct hostapd_data *hapd = ctx;
struct sta_info *sta;
+ int vlan_id = 0;
+
+ if (vlan_desc)
+ vlan_id = vlan_desc->untagged;
sta = ap_get_sta(hapd, addr);
if (!sta)
return -1;
if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_VLAN_OFFLOAD)) {
- struct vlan_description vlan_desc;
-
- os_memset(&vlan_desc, 0, sizeof(vlan_desc));
- vlan_desc.notempty = 1;
- vlan_desc.untagged = vlan_id;
- if (!hostapd_vlan_valid(hapd->conf->vlan, &vlan_desc)) {
+ if (!hostapd_vlan_valid(hapd->conf->vlan, vlan_desc)) {
wpa_printf(MSG_INFO,
"Invalid VLAN ID %d in wpa_psk_file",
vlan_id);
return -1;
}
- if (ap_sta_set_vlan(hapd, sta, &vlan_desc) < 0) {
+ if (ap_sta_set_vlan(hapd, sta, vlan_desc) < 0) {
wpa_printf(MSG_INFO,
"Failed to assign VLAN ID %d from wpa_psk_file to "
MACSTR, vlan_id, MAC2STR(sta->addr));
diff --git a/tests/fuzzing/eapol-key-auth/eapol-key-auth.c b/tests/fuzzing/eapol-key-auth/eapol-key-auth.c
index bb46422c6..2a3aa8347 100644
--- a/tests/fuzzing/eapol-key-auth/eapol-key-auth.c
+++ b/tests/fuzzing/eapol-key-auth/eapol-key-auth.c
@@ -141,14 +141,14 @@ static int auth_send_eapol(void *ctx, const u8 *addr, const u8 *data,
static const u8 * auth_get_psk(void *ctx, const u8 *addr,
const u8 *p2p_dev_addr, const u8 *prev_psk,
- size_t *psk_len, int *vlan_id)
+ size_t *psk_len, struct vlan_description *vlan_desc)
{
struct wpa *wpa = ctx;
wpa_printf(MSG_DEBUG, "AUTH: %s (addr=" MACSTR " prev_psk=%p)",
__func__, MAC2STR(addr), prev_psk);
- if (vlan_id)
- *vlan_id = 0;
+ if (vlan_desc)
+ vlan_desc->notempty = 0;
if (psk_len)
*psk_len = PMK_LEN;
if (prev_psk)
--
2.30.2
More information about the Hostap
mailing list