Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit fffd0934 authored by Johannes Berg's avatar Johannes Berg Committed by John W. Linville
Browse files

cfg80211: rework key operation 



This reworks the key operation in cfg80211, and now only
allows, from userspace, configuring keys (via nl80211)
after the connection has been established (in managed
mode), the IBSS been joined (in IBSS mode), at any time
(in AP[_VLAN] modes) or never for all the other modes.

In order to do shared key authentication correctly, it
is now possible to give a WEP key to the AUTH command.
To configure static WEP keys, these are given to the
CONNECT or IBSS_JOIN command directly, for a userspace
SME it is assumed it will configure it properly after
the connection has been established.

Since mac80211 used to check the default key in IBSS
mode to see whether or not the network is protected,
it needs an update in that area, as well as an update
to make use of the WEP key passed to auth() for shared
key authentication.

Signed-off-by: default avatarJohannes Berg <johannes@sipsolutions.net>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent b9454e83

include/linux/nl80211.h

+5 −0
Original line number Original line Diff line number Diff line
@@ -569,6 +569,9 @@ enum nl80211_commands { 
 *

 *

 * @NL80211_ATTR_KEY: key information in a nested attribute with

 * @NL80211_ATTR_KEY: key information in a nested attribute with

 *	%NL80211_KEY_* sub-attributes

 *	%NL80211_KEY_* sub-attributes

 * @NL80211_ATTR_KEYS: array of keys for static WEP keys for connect()

 *	and join_ibss(), key information is in a nested attribute each

 *	with %NL80211_KEY_* sub-attributes

 *

 *

 * @NL80211_ATTR_MAX: highest attribute number currently defined

 * @NL80211_ATTR_MAX: highest attribute number currently defined

 * @__NL80211_ATTR_AFTER_LAST: internal use

 * @__NL80211_ATTR_AFTER_LAST: internal use
@@ -696,6 +699,7 @@ enum nl80211_attrs { 
	NL80211_ATTR_PREV_BSSID,

	NL80211_ATTR_PREV_BSSID,





	NL80211_ATTR_KEY,

	NL80211_ATTR_KEY,

	NL80211_ATTR_KEYS,





	/* add attributes here, update the policy in nl80211.c */

	/* add attributes here, update the policy in nl80211.c */
@@ -726,6 +730,7 @@ enum nl80211_attrs { 
#define NL80211_ATTR_WPA_VERSIONS NL80211_ATTR_WPA_VERSIONS

#define NL80211_ATTR_WPA_VERSIONS NL80211_ATTR_WPA_VERSIONS

#define NL80211_ATTR_AKM_SUITES NL80211_ATTR_AKM_SUITES

#define NL80211_ATTR_AKM_SUITES NL80211_ATTR_AKM_SUITES

#define NL80211_ATTR_KEY NL80211_ATTR_KEY

#define NL80211_ATTR_KEY NL80211_ATTR_KEY

#define NL80211_ATTR_KEYS NL80211_ATTR_KEYS





#define NL80211_MAX_SUPP_RATES			32

#define NL80211_MAX_SUPP_RATES			32

#define NL80211_MAX_SUPP_REG_RULES		32

#define NL80211_MAX_SUPP_REG_RULES		32

include/net/cfg80211.h

+17 −1
Original line number Original line Diff line number Diff line
@@ -647,12 +647,17 @@ struct cfg80211_crypto_settings { 
 * @auth_type: Authentication type (algorithm)

 * @auth_type: Authentication type (algorithm)

 * @ie: Extra IEs to add to Authentication frame or %NULL

 * @ie: Extra IEs to add to Authentication frame or %NULL

 * @ie_len: Length of ie buffer in octets

 * @ie_len: Length of ie buffer in octets

 * @key_len: length of WEP key for shared key authentication

 * @key_idx: index of WEP key for shared key authentication

 * @key: WEP key for shared key authentication

 */

 */

struct cfg80211_auth_request {

struct cfg80211_auth_request {

	struct cfg80211_bss *bss;

	struct cfg80211_bss *bss;

	const u8 *ie;

	const u8 *ie;

	size_t ie_len;

	size_t ie_len;

	enum nl80211_auth_type auth_type;

	enum nl80211_auth_type auth_type;

	const u8 *key;

	u8 key_len, key_idx;

};

};





/**

/**
@@ -727,6 +732,8 @@ struct cfg80211_disassoc_request { 
 * @ie: information element(s) to include in the beacon

 * @ie: information element(s) to include in the beacon

 * @ie_len: length of that

 * @ie_len: length of that

 * @beacon_interval: beacon interval to use

 * @beacon_interval: beacon interval to use

 * @privacy: this is a protected network, keys will be configured

 *	after joining

 */

 */

struct cfg80211_ibss_params {

struct cfg80211_ibss_params {

	u8 *ssid;

	u8 *ssid;
@@ -736,6 +743,7 @@ struct cfg80211_ibss_params { 
	u8 ssid_len, ie_len;

	u8 ssid_len, ie_len;

	u16 beacon_interval;

	u16 beacon_interval;

	bool channel_fixed;

	bool channel_fixed;

	bool privacy;

};

};





/**

/**
@@ -755,6 +763,9 @@ struct cfg80211_ibss_params { 
 * @assoc_ie_len: Length of assoc_ie in octets

 * @assoc_ie_len: Length of assoc_ie in octets

 * @privacy: indicates whether privacy-enabled APs should be used

 * @privacy: indicates whether privacy-enabled APs should be used

 * @crypto: crypto settings

 * @crypto: crypto settings

 * @key_len: length of WEP key for shared key authentication

 * @key_idx: index of WEP key for shared key authentication

 * @key: WEP key for shared key authentication

 */

 */

struct cfg80211_connect_params {

struct cfg80211_connect_params {

	struct ieee80211_channel *channel;

	struct ieee80211_channel *channel;
@@ -766,6 +777,8 @@ struct cfg80211_connect_params { 
	size_t ie_len;

	size_t ie_len;

	bool privacy;

	bool privacy;

	struct cfg80211_crypto_settings crypto;

	struct cfg80211_crypto_settings crypto;

	const u8 *key;

	u8 key_len, key_idx;

};

};





/**

/**
@@ -1223,9 +1236,10 @@ extern void wiphy_unregister(struct wiphy *wiphy); 
 */

 */

extern void wiphy_free(struct wiphy *wiphy);

extern void wiphy_free(struct wiphy *wiphy);





/* internal struct */

/* internal structs */

struct cfg80211_conn;

struct cfg80211_conn;

struct cfg80211_internal_bss;

struct cfg80211_internal_bss;

struct cfg80211_cached_keys;





#define MAX_AUTH_BSSES		4

#define MAX_AUTH_BSSES		4
@@ -1267,6 +1281,7 @@ struct wireless_dev { 
		CFG80211_SME_CONNECTED,

		CFG80211_SME_CONNECTED,

	} sme_state;

	} sme_state;

	struct cfg80211_conn *conn;

	struct cfg80211_conn *conn;

	struct cfg80211_cached_keys *connect_keys;





	struct list_head event_list;

	struct list_head event_list;

	spinlock_t event_lock;

	spinlock_t event_lock;
@@ -1280,6 +1295,7 @@ struct wireless_dev { 
	struct {

	struct {

		struct cfg80211_ibss_params ibss;

		struct cfg80211_ibss_params ibss;

		struct cfg80211_connect_params connect;

		struct cfg80211_connect_params connect;

		struct cfg80211_cached_keys *keys;

		u8 *ie;

		u8 *ie;

		size_t ie_len;

		size_t ie_len;

		u8 bssid[ETH_ALEN];

		u8 bssid[ETH_ALEN];

net/mac80211/ibss.c

+5 −4
Original line number Original line Diff line number Diff line
@@ -57,7 +57,7 @@ static void ieee80211_rx_mgmt_auth_ibss(struct ieee80211_sub_if_data *sdata, 
	 */

	 */

	if (auth_alg == WLAN_AUTH_OPEN && auth_transaction == 1)

	if (auth_alg == WLAN_AUTH_OPEN && auth_transaction == 1)

		ieee80211_send_auth(sdata, 2, WLAN_AUTH_OPEN, NULL, 0,

		ieee80211_send_auth(sdata, 2, WLAN_AUTH_OPEN, NULL, 0,

				    sdata->u.ibss.bssid, 0);

				    sdata->u.ibss.bssid, NULL, 0, 0);

}

}





static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,

static void __ieee80211_sta_join_ibss(struct ieee80211_sub_if_data *sdata,
@@ -494,7 +494,7 @@ static void ieee80211_sta_create_ibss(struct ieee80211_sub_if_data *sdata) 




	capability = WLAN_CAPABILITY_IBSS;

	capability = WLAN_CAPABILITY_IBSS;





	if (sdata->default_key)

	if (ifibss->privacy)

		capability |= WLAN_CAPABILITY_PRIVACY;

		capability |= WLAN_CAPABILITY_PRIVACY;

	else

	else

		sdata->drop_unencrypted = 0;

		sdata->drop_unencrypted = 0;
@@ -524,9 +524,8 @@ static void ieee80211_sta_find_ibss(struct ieee80211_sub_if_data *sdata) 
		return;

		return;





	capability = WLAN_CAPABILITY_IBSS;

	capability = WLAN_CAPABILITY_IBSS;

	if (sdata->default_key)

	if (ifibss->privacy)

		capability |= WLAN_CAPABILITY_PRIVACY;

		capability |= WLAN_CAPABILITY_PRIVACY;



	if (ifibss->fixed_bssid)

	if (ifibss->fixed_bssid)

		bssid = ifibss->bssid;

		bssid = ifibss->bssid;

	if (ifibss->fixed_channel)

	if (ifibss->fixed_channel)
@@ -872,6 +871,8 @@ int ieee80211_ibss_join(struct ieee80211_sub_if_data *sdata, 
	} else

	} else

		sdata->u.ibss.fixed_bssid = false;

		sdata->u.ibss.fixed_bssid = false;





	sdata->u.ibss.privacy = params->privacy;



	sdata->vif.bss_conf.beacon_int = params->beacon_interval;

	sdata->vif.bss_conf.beacon_int = params->beacon_interval;





	sdata->u.ibss.channel = params->channel;

	sdata->u.ibss.channel = params->channel;

net/mac80211/ieee80211_i.h

+6 −2
Original line number Original line Diff line number Diff line
@@ -247,6 +247,9 @@ struct ieee80211_mgd_work { 




	int tries;

	int tries;





	u8 key[WLAN_KEY_LEN_WEP104];

	u8 key_len, key_idx;



	/* must be last */

	/* must be last */

	u8 ie[0]; /* for auth or assoc frame, not probe */

	u8 ie[0]; /* for auth or assoc frame, not probe */

};

};
@@ -321,6 +324,7 @@ struct ieee80211_if_ibss { 




	bool fixed_bssid;

	bool fixed_bssid;

	bool fixed_channel;

	bool fixed_channel;

	bool privacy;





	u8 bssid[ETH_ALEN];

	u8 bssid[ETH_ALEN];

	u8 ssid[IEEE80211_MAX_SSID_LEN];

	u8 ssid[IEEE80211_MAX_SSID_LEN];
@@ -1093,8 +1097,8 @@ int ieee80211_add_pending_skbs(struct ieee80211_local *local, 




void ieee80211_send_auth(struct ieee80211_sub_if_data *sdata,

void ieee80211_send_auth(struct ieee80211_sub_if_data *sdata,

			 u16 transaction, u16 auth_alg,

			 u16 transaction, u16 auth_alg,

			 u8 *extra, size_t extra_len,

			 u8 *extra, size_t extra_len, const u8 *bssid,

			 const u8 *bssid, int encrypt);

			 const u8 *key, u8 key_len, u8 key_idx);

int ieee80211_build_preq_ies(struct ieee80211_local *local, u8 *buffer,

int ieee80211_build_preq_ies(struct ieee80211_local *local, u8 *buffer,

			     const u8 *ie, size_t ie_len);

			     const u8 *ie, size_t ie_len);

void ieee80211_send_probe_req(struct ieee80211_sub_if_data *sdata, u8 *dst,

void ieee80211_send_probe_req(struct ieee80211_sub_if_data *sdata, u8 *dst,

net/mac80211/mlme.c

+9 −2
Original line number Original line Diff line number Diff line
@@ -954,7 +954,7 @@ ieee80211_authenticate(struct ieee80211_sub_if_data *sdata, 
	       sdata->dev->name, wk->bss->cbss.bssid, wk->tries);

	       sdata->dev->name, wk->bss->cbss.bssid, wk->tries);





	ieee80211_send_auth(sdata, 1, wk->auth_alg, wk->ie, wk->ie_len,

	ieee80211_send_auth(sdata, 1, wk->auth_alg, wk->ie, wk->ie_len,

			    wk->bss->cbss.bssid, 0);

			    wk->bss->cbss.bssid, NULL, 0, 0);

	wk->auth_transaction = 2;

	wk->auth_transaction = 2;





	wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;

	wk->timeout = jiffies + IEEE80211_AUTH_TIMEOUT;
@@ -1176,7 +1176,8 @@ static void ieee80211_auth_challenge(struct ieee80211_sub_if_data *sdata, 
		return;

		return;

	ieee80211_send_auth(sdata, 3, wk->auth_alg,

	ieee80211_send_auth(sdata, 3, wk->auth_alg,

			    elems.challenge - 2, elems.challenge_len + 2,

			    elems.challenge - 2, elems.challenge_len + 2,

			    wk->bss->cbss.bssid, 1);

			    wk->bss->cbss.bssid,

			    wk->key, wk->key_len, wk->key_idx);

	wk->auth_transaction = 4;

	wk->auth_transaction = 4;

}

}
@@ -2175,6 +2176,12 @@ int ieee80211_mgd_auth(struct ieee80211_sub_if_data *sdata, 
		wk->ie_len = req->ie_len;

		wk->ie_len = req->ie_len;

	}

	}





	if (req->key && req->key_len) {

		wk->key_len = req->key_len;

		wk->key_idx = req->key_idx;

		memcpy(wk->key, req->key, req->key_len);

	}



	ssid = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID);

	ssid = ieee80211_bss_get_ie(req->bss, WLAN_EID_SSID);

	memcpy(wk->ssid, ssid + 2, ssid[1]);

	memcpy(wk->ssid, ssid + 2, ssid[1]);

	wk->ssid_len = ssid[1];

	wk->ssid_len = ssid[1];