aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2005-12-17 23:02:03 (GMT)
committerJouni Malinen <j@w1.fi>2005-12-17 23:02:03 (GMT)
commitf425ed4bd8f60316f01b8a39e8a67465b90c31e4 (patch)
tree7d42e9be1842177096022a2ffe29c976eaee1966
parentb744d9747fa2848ff0784dcdd12a6a7098729bdb (diff)
downloadhostap-history-f425ed4bd8f60316f01b8a39e8a67465b90c31e4.zip
hostap-history-f425ed4bd8f60316f01b8a39e8a67465b90c31e4.tar.gz
hostap-history-f425ed4bd8f60316f01b8a39e8a67465b90c31e4.tar.bz2
Small changes to make pmksa_cache implementations in hostapd and
wpa_supplicant closer to eachother.
-rw-r--r--hostapd/pmksa_cache.c42
-rw-r--r--hostapd/pmksa_cache.h33
-rw-r--r--hostapd/wpa.c8
-rw-r--r--wpa_supplicant/pmksa_cache.c26
-rw-r--r--wpa_supplicant/pmksa_cache.h10
5 files changed, 76 insertions, 43 deletions
diff --git a/hostapd/pmksa_cache.c b/hostapd/pmksa_cache.c
index 514c9aa..ade88be 100644
--- a/hostapd/pmksa_cache.c
+++ b/hostapd/pmksa_cache.c
@@ -15,11 +15,12 @@
#include "includes.h"
#include "hostapd.h"
-#include "sha1.h"
+#include "common.h"
+#include "wpa.h"
#include "eloop.h"
+#include "sha1.h"
#include "ieee802_1x.h"
#include "eapol_sm.h"
-#include "wpa.h"
#include "pmksa_cache.h"
@@ -35,21 +36,21 @@ struct rsn_pmksa_cache {
void (*free_cb)(struct rsn_pmksa_cache_entry *entry, void *ctx);
void *ctx;
-
- u8 own_addr[ETH_ALEN];
};
/**
* rsn_pmkid - Calculate PMK identifier
* @pmk: Pairwise master key
+ * @pmk_len: Length of pmk in bytes
* @aa: Authenticator address
* @spa: Supplicant address
*
* IEEE Std 802.11i-2004 - 8.5.1.2 Pairwise key hierarchy
* PMKID = HMAC-SHA1-128(PMK, "PMK Name" || AA || SPA)
*/
-static void rsn_pmkid(const u8 *pmk, const u8 *aa, const u8 *spa, u8 *pmkid)
+static void rsn_pmkid(const u8 *pmk, size_t pmk_len, const u8 *aa,
+ const u8 *spa, u8 *pmkid)
{
char *title = "PMK Name";
const u8 *addr[3];
@@ -60,7 +61,7 @@ static void rsn_pmkid(const u8 *pmk, const u8 *aa, const u8 *spa, u8 *pmkid)
addr[1] = aa;
addr[2] = spa;
- hmac_sha1_vector(pmk, PMK_LEN, 3, addr, len, hash);
+ hmac_sha1_vector(pmk, pmk_len, 3, addr, len, hash);
memcpy(pmkid, hash, PMKID_LEN);
}
@@ -68,7 +69,7 @@ static void rsn_pmkid(const u8 *pmk, const u8 *aa, const u8 *spa, u8 *pmkid)
static void pmksa_cache_set_expiration(struct rsn_pmksa_cache *pmksa);
-void _pmksa_cache_free_entry(struct rsn_pmksa_cache_entry *entry)
+static void _pmksa_cache_free_entry(struct rsn_pmksa_cache_entry *entry)
{
if (entry == NULL)
return;
@@ -139,10 +140,13 @@ static void pmksa_cache_expire(void *eloop_ctx, void *timeout_ctx)
static void pmksa_cache_set_expiration(struct rsn_pmksa_cache *pmksa)
{
int sec;
+ struct os_time now;
+
eloop_cancel_timeout(pmksa_cache_expire, pmksa, NULL);
if (pmksa->pmksa == NULL)
return;
- sec = pmksa->pmksa->expiration - time(NULL);
+ os_get_time(&now);
+ sec = pmksa->pmksa->expiration - now.sec;
if (sec < 0)
sec = 0;
eloop_register_timeout(sec + 1, 0, pmksa_cache_expire, pmksa, NULL);
@@ -200,8 +204,10 @@ void pmksa_cache_to_eapol_data(struct rsn_pmksa_cache_entry *entry,
/**
* pmksa_cache_add - Add a PMKSA cache entry
* @pmksa: Pointer to PMKSA cache data from pmksa_cache_init()
- * @spa: Supplicant address
* @pmk: The new pairwise master key
+ * @pmk_len: PMK length in bytes, usually PMK_LEN (32)
+ * @aa: Authenticator address
+ * @spa: Supplicant address
* @session_timeout: Session timeout
* @eapol: Pointer to EAPOL state machine data
* Returns: Pointer to the added PMKSA cache entry or %NULL on error
@@ -212,18 +218,23 @@ void pmksa_cache_to_eapol_data(struct rsn_pmksa_cache_entry *entry,
* based on the PMK.
*/
struct rsn_pmksa_cache_entry *
-pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *spa, const u8 *pmk,
- int session_timeout, struct eapol_state_machine *eapol)
+pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len,
+ const u8 *aa, const u8 *spa, int session_timeout,
+ struct eapol_state_machine *eapol)
{
struct rsn_pmksa_cache_entry *entry, *pos, *prev;
struct os_time now;
+ if (pmk_len > PMK_LEN)
+ return NULL;
+
entry = malloc(sizeof(*entry));
if (entry == NULL)
return NULL;
memset(entry, 0, sizeof(*entry));
- memcpy(entry->pmk, pmk, PMK_LEN);
- rsn_pmkid(pmk, pmksa->own_addr, spa, entry->pmkid);
+ memcpy(entry->pmk, pmk, pmk_len);
+ entry->pmk_len = pmk_len;
+ rsn_pmkid(pmk, pmk_len, aa, spa, entry->pmkid);
os_get_time(&now);
entry->expiration = now.sec;
if (session_timeout > 0)
@@ -332,13 +343,11 @@ struct rsn_pmksa_cache_entry * pmksa_cache_get(struct rsn_pmksa_cache *pmksa,
* pmksa_cache_init - Initialize PMKSA cache
* @free_cb: Callback function to be called when a PMKSA cache entry is freed
* @ctx: Context pointer for free_cb function
- * @own_addr: Own MAC address
* Returns: Pointer to PMKSA cache data or %NULL on failure
*/
struct rsn_pmksa_cache *
pmksa_cache_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry,
- void *ctx),
- void *ctx, const u8 *own_addr)
+ void *ctx), void *ctx)
{
struct rsn_pmksa_cache *pmksa;
@@ -347,7 +356,6 @@ pmksa_cache_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry,
memset(pmksa, 0, sizeof(*pmksa));
pmksa->free_cb = free_cb;
pmksa->ctx = ctx;
- memcpy(pmksa->own_addr, own_addr, ETH_ALEN);
}
return pmksa;
diff --git a/hostapd/pmksa_cache.h b/hostapd/pmksa_cache.h
index ca1565b..7930389 100644
--- a/hostapd/pmksa_cache.h
+++ b/hostapd/pmksa_cache.h
@@ -1,13 +1,32 @@
+/*
+ * hostapd - PMKSA cache for IEEE 802.11i RSN
+ * Copyright (c) 2004-2005, Jouni Malinen <jkmaline@cc.hut.fi>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See README and COPYING for more details.
+ */
+
#ifndef PMKSA_CACHE_H
#define PMKSA_CACHE_H
+/**
+ * struct rsn_pmksa_cache_entry - PMKSA cache entry
+ */
struct rsn_pmksa_cache_entry {
struct rsn_pmksa_cache_entry *next, *hnext;
u8 pmkid[PMKID_LEN];
u8 pmk[PMK_LEN];
- time_t expiration;
+ size_t pmk_len;
+ os_time_t expiration;
int akmp; /* WPA_KEY_MGMT_* */
u8 spa[ETH_ALEN];
+
u8 *identity;
size_t identity_len;
struct radius_class_data radius_class;
@@ -17,14 +36,14 @@ struct rsn_pmksa_cache;
struct rsn_pmksa_cache *
pmksa_cache_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry,
- void *ctx),
- void *ctx, const u8 *own_addr);
+ void *ctx), void *ctx);
void pmksa_cache_deinit(struct rsn_pmksa_cache *pmksa);
-struct rsn_pmksa_cache_entry *
-pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *spa, const u8 *pmk,
- int session_timeout, struct eapol_state_machine *eapol);
-struct rsn_pmksa_cache_entry * pmksa_cache_get(struct rsn_pmksa_cache *hapd,
+struct rsn_pmksa_cache_entry * pmksa_cache_get(struct rsn_pmksa_cache *pmksa,
const u8 *spa, const u8 *pmkid);
+struct rsn_pmksa_cache_entry *
+pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len,
+ const u8 *aa, const u8 *spa, int session_timeout,
+ struct eapol_state_machine *eapol);
void pmksa_cache_to_eapol_data(struct rsn_pmksa_cache_entry *entry,
struct eapol_state_machine *eapol);
diff --git a/hostapd/wpa.c b/hostapd/wpa.c
index 0a6a6be..5d282bf 100644
--- a/hostapd/wpa.c
+++ b/hostapd/wpa.c
@@ -726,8 +726,7 @@ struct wpa_authenticator * wpa_init(const u8 *addr,
break;
}
- wpa_auth->pmksa = pmksa_cache_init(wpa_auth_pmksa_free_cb, wpa_auth,
- wpa_auth->addr);
+ wpa_auth->pmksa = pmksa_cache_init(wpa_auth_pmksa_free_cb, wpa_auth);
if (wpa_auth->pmksa == NULL) {
wpa_printf(MSG_ERROR, "PMKSA cache initialization failed.");
free(wpa_auth->wpa_ie);
@@ -3132,8 +3131,9 @@ int wpa_auth_pmksa_add(struct wpa_state_machine *sm, const u8 *pmk,
if (sm == NULL || sm->wpa != WPA_VERSION_WPA2)
return -1;
- if (pmksa_cache_add(sm->wpa_auth->pmksa, sm->addr, pmk,
- session_timeout, eapol))
+ if (pmksa_cache_add(sm->wpa_auth->pmksa, pmk, WPA_PMK_LEN,
+ sm->wpa_auth->addr, sm->addr, session_timeout,
+ eapol))
return 0;
return -1;
diff --git a/wpa_supplicant/pmksa_cache.c b/wpa_supplicant/pmksa_cache.c
index fc639bc..b8da5cf 100644
--- a/wpa_supplicant/pmksa_cache.c
+++ b/wpa_supplicant/pmksa_cache.c
@@ -20,9 +20,9 @@
#include "config_ssid.h"
#include "sha1.h"
#include "wpa_i.h"
-#include "pmksa_cache.h"
#include "l2_packet.h"
#include "eapol_sm.h"
+#include "pmksa_cache.h"
static const int pmksa_cache_max_entries = 32;
@@ -39,13 +39,15 @@ struct rsn_pmksa_cache {
/**
* rsn_pmkid - Calculate PMK identifier
* @pmk: Pairwise master key
+ * @pmk_len: Length of pmk in bytes
* @aa: Authenticator address
* @spa: Supplicant address
*
* IEEE Std 802.11i-2004 - 8.5.1.2 Pairwise key hierarchy
* PMKID = HMAC-SHA1-128(PMK, "PMK Name" || AA || SPA)
*/
-static void rsn_pmkid(const u8 *pmk, const u8 *aa, const u8 *spa, u8 *pmkid)
+static void rsn_pmkid(const u8 *pmk, size_t pmk_len, const u8 *aa,
+ const u8 *spa, u8 *pmkid)
{
char *title = "PMK Name";
const u8 *addr[3];
@@ -56,7 +58,7 @@ static void rsn_pmkid(const u8 *pmk, const u8 *aa, const u8 *spa, u8 *pmkid)
addr[1] = aa;
addr[2] = spa;
- hmac_sha1_vector(pmk, PMK_LEN, 3, addr, len, hash);
+ hmac_sha1_vector(pmk, pmk_len, 3, addr, len, hash);
memcpy(pmkid, hash, PMKID_LEN);
}
@@ -64,12 +66,18 @@ static void rsn_pmkid(const u8 *pmk, const u8 *aa, const u8 *spa, u8 *pmkid)
static void pmksa_cache_set_expiration(struct rsn_pmksa_cache *pmksa);
+static void _pmksa_cache_free_entry(struct rsn_pmksa_cache_entry *entry)
+{
+ free(entry);
+}
+
+
static void pmksa_cache_free_entry(struct rsn_pmksa_cache *pmksa,
struct rsn_pmksa_cache_entry *entry)
{
pmksa->pmksa_count--;
pmksa->free_cb(entry, pmksa->ctx);
- free(entry);
+ _pmksa_cache_free_entry(entry);
}
@@ -143,9 +151,8 @@ static void pmksa_cache_set_expiration(struct rsn_pmksa_cache *pmksa)
* based on the PMK and the driver interface is notified of the new PMKID.
*/
struct rsn_pmksa_cache_entry *
-pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk,
- size_t pmk_len, const u8 *aa, const u8 *spa,
- struct wpa_ssid *ssid)
+pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len,
+ const u8 *aa, const u8 *spa, struct wpa_ssid *ssid)
{
struct rsn_pmksa_cache_entry *entry, *pos, *prev;
struct os_time now;
@@ -159,7 +166,7 @@ pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk,
memset(entry, 0, sizeof(*entry));
memcpy(entry->pmk, pmk, pmk_len);
entry->pmk_len = pmk_len;
- rsn_pmkid(pmk, aa, spa, entry->pmkid);
+ rsn_pmkid(pmk, pmk_len, aa, spa, entry->pmkid);
os_get_time(&now);
entry->expiration = now.sec + pmksa->sm->dot11RSNAConfigPMKLifetime;
entry->reauth_time = now.sec + pmksa->sm->dot11RSNAConfigPMKLifetime *
@@ -193,8 +200,7 @@ pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk,
pos = pos->next;
}
- if (pmksa->pmksa_count >= pmksa_cache_max_entries &&
- pmksa->pmksa) {
+ if (pmksa->pmksa_count >= pmksa_cache_max_entries && pmksa->pmksa) {
/* Remove the oldest entry to make room for the new entry */
pos = pmksa->pmksa;
pmksa->pmksa = pos->next;
diff --git a/wpa_supplicant/pmksa_cache.h b/wpa_supplicant/pmksa_cache.h
index 6428402..1528c0e 100644
--- a/wpa_supplicant/pmksa_cache.h
+++ b/wpa_supplicant/pmksa_cache.h
@@ -24,9 +24,10 @@ struct rsn_pmksa_cache_entry {
u8 pmk[PMK_LEN];
size_t pmk_len;
os_time_t expiration;
- os_time_t reauth_time;
int akmp; /* WPA_KEY_MGMT_* */
u8 aa[ETH_ALEN];
+
+ os_time_t reauth_time;
struct wpa_ssid *ssid;
int opportunistic;
};
@@ -38,14 +39,13 @@ struct rsn_pmksa_cache;
struct rsn_pmksa_cache *
pmksa_cache_init(void (*free_cb)(struct rsn_pmksa_cache_entry *entry,
void *ctx), void *ctx, struct wpa_sm *sm);
-void pmksa_cache_deinit(struct rsn_pmksa_cache *sm);
+void pmksa_cache_deinit(struct rsn_pmksa_cache *pmksa);
struct rsn_pmksa_cache_entry * pmksa_cache_get(struct rsn_pmksa_cache *pmksa,
const u8 *aa, const u8 *pmkid);
int pmksa_cache_list(struct wpa_sm *sm, char *buf, size_t len);
struct rsn_pmksa_cache_entry *
-pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk,
- size_t pmk_len, const u8 *aa, const u8 *spa,
- struct wpa_ssid *ssid);
+pmksa_cache_add(struct rsn_pmksa_cache *pmksa, const u8 *pmk, size_t pmk_len,
+ const u8 *aa, const u8 *spa, struct wpa_ssid *ssid);
void pmksa_cache_notify_reconfig(struct rsn_pmksa_cache *pmksa);
struct rsn_pmksa_cache_entry * pmksa_cache_get_current(struct wpa_sm *sm);
void pmksa_cache_clear_current(struct wpa_sm *sm);