rx_tdls.c 17 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618
  1. /*
  2. * Received Data frame processing for TDLS packets
  3. * Copyright (c) 2010, Jouni Malinen <j@w1.fi>
  4. *
  5. * This software may be distributed under the terms of the BSD license.
  6. * See README for more details.
  7. */
  8. #include "utils/includes.h"
  9. #include "utils/common.h"
  10. #include "crypto/sha256.h"
  11. #include "crypto/crypto.h"
  12. #include "crypto/aes_wrap.h"
  13. #include "common/ieee802_11_defs.h"
  14. #include "common/ieee802_11_common.h"
  15. #include "wlantest.h"
  16. static struct wlantest_tdls * get_tdls(struct wlantest *wt, const u8 *linkid,
  17. int create_new, const u8 *bssid)
  18. {
  19. struct wlantest_bss *bss;
  20. struct wlantest_sta *init, *resp;
  21. struct wlantest_tdls *tdls;
  22. bss = bss_find(wt, linkid);
  23. if (bss == NULL && bssid) {
  24. bss = bss_find(wt, bssid);
  25. if (bss)
  26. add_note(wt, MSG_INFO, "TDLS: Incorrect BSSID " MACSTR
  27. " in LinkId?! (init=" MACSTR " resp="
  28. MACSTR ")",
  29. MAC2STR(linkid), MAC2STR(linkid + ETH_ALEN),
  30. MAC2STR(linkid + 2 * ETH_ALEN));
  31. }
  32. if (bss == NULL)
  33. return NULL;
  34. init = sta_find(bss, linkid + ETH_ALEN);
  35. if (init == NULL)
  36. return NULL;
  37. resp = sta_find(bss, linkid + 2 * ETH_ALEN);
  38. if (resp == NULL)
  39. return NULL;
  40. dl_list_for_each(tdls, &bss->tdls, struct wlantest_tdls, list) {
  41. if (tdls->init == init && tdls->resp == resp)
  42. return tdls;
  43. }
  44. if (!create_new)
  45. return NULL;
  46. add_note(wt, MSG_DEBUG, "Add new TDLS link context: initiator " MACSTR
  47. " responder " MACSTR " BSSID " MACSTR,
  48. MAC2STR(linkid + ETH_ALEN),
  49. MAC2STR(linkid + 2 * ETH_ALEN),
  50. MAC2STR(bssid));
  51. tdls = os_zalloc(sizeof(*tdls));
  52. if (tdls == NULL)
  53. return NULL;
  54. tdls->init = init;
  55. tdls->resp = resp;
  56. dl_list_add(&bss->tdls, &tdls->list);
  57. return tdls;
  58. }
  59. static int tdls_derive_tpk(struct wlantest_tdls *tdls, const u8 *bssid,
  60. const u8 *ftie, u8 ftie_len)
  61. {
  62. const struct rsn_ftie *f;
  63. u8 key_input[SHA256_MAC_LEN];
  64. const u8 *nonce[2];
  65. size_t len[2];
  66. u8 data[3 * ETH_ALEN];
  67. if (ftie == NULL || ftie_len < sizeof(struct rsn_ftie))
  68. return 0;
  69. f = (const struct rsn_ftie *) ftie;
  70. wpa_hexdump(MSG_DEBUG, "TDLS ANonce", f->anonce, WPA_NONCE_LEN);
  71. wpa_hexdump(MSG_DEBUG, "TDLS SNonce", f->snonce, WPA_NONCE_LEN);
  72. /*
  73. * IEEE Std 802.11z-2010 8.5.9.1:
  74. * TPK-Key-Input = SHA-256(min(SNonce, ANonce) || max(SNonce, ANonce))
  75. */
  76. len[0] = WPA_NONCE_LEN;
  77. len[1] = WPA_NONCE_LEN;
  78. if (os_memcmp(f->anonce, f->snonce, WPA_NONCE_LEN) < 0) {
  79. nonce[0] = f->anonce;
  80. nonce[1] = f->snonce;
  81. } else {
  82. nonce[0] = f->snonce;
  83. nonce[1] = f->anonce;
  84. }
  85. sha256_vector(2, nonce, len, key_input);
  86. wpa_hexdump_key(MSG_DEBUG, "TDLS: TPK-Key-Input",
  87. key_input, SHA256_MAC_LEN);
  88. /*
  89. * TPK-Key-Data = KDF-N_KEY(TPK-Key-Input, "TDLS PMK",
  90. * min(MAC_I, MAC_R) || max(MAC_I, MAC_R) || BSSID || N_KEY)
  91. * TODO: is N_KEY really included in KDF Context and if so, in which
  92. * presentation format (little endian 16-bit?) is it used? It gets
  93. * added by the KDF anyway..
  94. */
  95. if (os_memcmp(tdls->init->addr, tdls->resp->addr, ETH_ALEN) < 0) {
  96. os_memcpy(data, tdls->init->addr, ETH_ALEN);
  97. os_memcpy(data + ETH_ALEN, tdls->resp->addr, ETH_ALEN);
  98. } else {
  99. os_memcpy(data, tdls->resp->addr, ETH_ALEN);
  100. os_memcpy(data + ETH_ALEN, tdls->init->addr, ETH_ALEN);
  101. }
  102. os_memcpy(data + 2 * ETH_ALEN, bssid, ETH_ALEN);
  103. wpa_hexdump(MSG_DEBUG, "TDLS: KDF Context", data, sizeof(data));
  104. sha256_prf(key_input, SHA256_MAC_LEN, "TDLS PMK", data, sizeof(data),
  105. (u8 *) &tdls->tpk, sizeof(tdls->tpk));
  106. wpa_hexdump_key(MSG_DEBUG, "TDLS: TPK-KCK",
  107. tdls->tpk.kck, sizeof(tdls->tpk.kck));
  108. wpa_hexdump_key(MSG_DEBUG, "TDLS: TPK-TK",
  109. tdls->tpk.tk, sizeof(tdls->tpk.tk));
  110. return 1;
  111. }
  112. static int tdls_verify_mic(struct wlantest *wt, struct wlantest_tdls *tdls,
  113. u8 trans_seq, struct ieee802_11_elems *elems)
  114. {
  115. u8 *buf, *pos;
  116. int len;
  117. u8 mic[16];
  118. int ret;
  119. const struct rsn_ftie *rx_ftie;
  120. struct rsn_ftie *tmp_ftie;
  121. if (elems->link_id == NULL || elems->rsn_ie == NULL ||
  122. elems->timeout_int == NULL || elems->ftie == NULL ||
  123. elems->ftie_len < sizeof(struct rsn_ftie))
  124. return -1;
  125. len = 2 * ETH_ALEN + 1 + 2 + 18 + 2 + elems->rsn_ie_len +
  126. 2 + 5 + 2 + elems->ftie_len;
  127. buf = os_zalloc(len);
  128. if (buf == NULL)
  129. return -1;
  130. pos = buf;
  131. /* 1) TDLS initiator STA MAC address */
  132. os_memcpy(pos, elems->link_id + ETH_ALEN, ETH_ALEN);
  133. pos += ETH_ALEN;
  134. /* 2) TDLS responder STA MAC address */
  135. os_memcpy(pos, elems->link_id + 2 * ETH_ALEN, ETH_ALEN);
  136. pos += ETH_ALEN;
  137. /* 3) Transaction Sequence number */
  138. *pos++ = trans_seq;
  139. /* 4) Link Identifier IE */
  140. os_memcpy(pos, elems->link_id - 2, 2 + 18);
  141. pos += 2 + 18;
  142. /* 5) RSN IE */
  143. os_memcpy(pos, elems->rsn_ie - 2, 2 + elems->rsn_ie_len);
  144. pos += 2 + elems->rsn_ie_len;
  145. /* 6) Timeout Interval IE */
  146. os_memcpy(pos, elems->timeout_int - 2, 2 + 5);
  147. pos += 2 + 5;
  148. /* 7) FTIE, with the MIC field of the FTIE set to 0 */
  149. os_memcpy(pos, elems->ftie - 2, 2 + elems->ftie_len);
  150. pos += 2;
  151. tmp_ftie = (struct rsn_ftie *) pos;
  152. os_memset(tmp_ftie->mic, 0, 16);
  153. pos += elems->ftie_len;
  154. wpa_hexdump(MSG_DEBUG, "TDLS: Data for FTIE MIC", buf, pos - buf);
  155. wpa_hexdump_key(MSG_DEBUG, "TDLS: KCK", tdls->tpk.kck, 16);
  156. ret = omac1_aes_128(tdls->tpk.kck, buf, pos - buf, mic);
  157. os_free(buf);
  158. if (ret)
  159. return -1;
  160. wpa_hexdump(MSG_DEBUG, "TDLS: FTIE MIC", mic, 16);
  161. rx_ftie = (const struct rsn_ftie *) elems->ftie;
  162. if (os_memcmp(mic, rx_ftie->mic, 16) == 0) {
  163. add_note(wt, MSG_DEBUG, "TDLS: Valid MIC");
  164. return 0;
  165. }
  166. add_note(wt, MSG_DEBUG, "TDLS: Invalid MIC");
  167. return -1;
  168. }
  169. static void rx_data_tdls_setup_request(struct wlantest *wt, const u8 *bssid,
  170. const u8 *sta_addr, const u8 *dst,
  171. const u8 *src,
  172. const u8 *data, size_t len)
  173. {
  174. struct ieee802_11_elems elems;
  175. struct wlantest_tdls *tdls;
  176. u8 linkid[3 * ETH_ALEN];
  177. if (len < 3) {
  178. add_note(wt, MSG_INFO, "Too short TDLS Setup Request " MACSTR
  179. " -> " MACSTR, MAC2STR(src), MAC2STR(dst));
  180. return;
  181. }
  182. wpa_printf(MSG_DEBUG, "TDLS Setup Request " MACSTR " -> "
  183. MACSTR, MAC2STR(src), MAC2STR(dst));
  184. if (ieee802_11_parse_elems(data + 3, len - 3, &elems, 1) ==
  185. ParseFailed || elems.link_id == NULL)
  186. return;
  187. wpa_printf(MSG_DEBUG, "TDLS Link Identifier: BSSID " MACSTR
  188. " initiator STA " MACSTR " responder STA " MACSTR,
  189. MAC2STR(elems.link_id), MAC2STR(elems.link_id + ETH_ALEN),
  190. MAC2STR(elems.link_id + 2 * ETH_ALEN));
  191. tdls = get_tdls(wt, elems.link_id, 1, bssid);
  192. if (tdls) {
  193. tdls->counters[WLANTEST_TDLS_COUNTER_SETUP_REQ]++;
  194. tdls->dialog_token = data[0];
  195. if (elems.ftie && elems.ftie_len >= sizeof(struct rsn_ftie)) {
  196. const struct rsn_ftie *f;
  197. f = (const struct rsn_ftie *) elems.ftie;
  198. os_memcpy(tdls->inonce, f->snonce, WPA_NONCE_LEN);
  199. }
  200. }
  201. /* Check whether reverse direction context exists already */
  202. os_memcpy(linkid, bssid, ETH_ALEN);
  203. os_memcpy(linkid + ETH_ALEN, dst, ETH_ALEN);
  204. os_memcpy(linkid + 2 * ETH_ALEN, src, ETH_ALEN);
  205. tdls = get_tdls(wt, linkid, 0, bssid);
  206. if (tdls)
  207. add_note(wt, MSG_INFO, "Reverse direction TDLS context exists");
  208. }
  209. static void rx_data_tdls_setup_response_failure(struct wlantest *wt,
  210. const u8 *bssid,
  211. const u8 *sta_addr,
  212. u8 dialog_token, u16 status)
  213. {
  214. struct wlantest_bss *bss;
  215. struct wlantest_tdls *tdls;
  216. struct wlantest_sta *sta;
  217. if (status == WLAN_STATUS_SUCCESS) {
  218. add_note(wt, MSG_INFO, "TDLS: Invalid TDLS Setup Response from "
  219. MACSTR, MAC2STR(sta_addr));
  220. return;
  221. }
  222. bss = bss_find(wt, bssid);
  223. if (!bss)
  224. return;
  225. sta = sta_find(bss, sta_addr);
  226. if (!sta)
  227. return;
  228. dl_list_for_each(tdls, &bss->tdls, struct wlantest_tdls, list) {
  229. if (tdls->resp == sta) {
  230. if (dialog_token != tdls->dialog_token) {
  231. add_note(wt, MSG_DEBUG, "TDLS: Dialog token "
  232. "mismatch in TDLS Setup Response "
  233. "(failure)");
  234. break;
  235. }
  236. add_note(wt, MSG_DEBUG, "TDLS: Found matching TDLS "
  237. "setup session based on dialog token");
  238. tdls->counters[
  239. WLANTEST_TDLS_COUNTER_SETUP_RESP_FAIL]++;
  240. break;
  241. }
  242. }
  243. }
  244. static void rx_data_tdls_setup_response(struct wlantest *wt, const u8 *bssid,
  245. const u8 *sta_addr, const u8 *dst,
  246. const u8 *src,
  247. const u8 *data, size_t len)
  248. {
  249. u16 status;
  250. struct ieee802_11_elems elems;
  251. struct wlantest_tdls *tdls;
  252. if (len < 3) {
  253. add_note(wt, MSG_INFO, "Too short TDLS Setup Response " MACSTR
  254. " -> " MACSTR, MAC2STR(src), MAC2STR(dst));
  255. return;
  256. }
  257. status = WPA_GET_LE16(data);
  258. wpa_printf(MSG_DEBUG, "TDLS Setup Response " MACSTR " -> "
  259. MACSTR " (status %d)",
  260. MAC2STR(src), MAC2STR(dst), status);
  261. if (len < 5 && status == 0) {
  262. add_note(wt, MSG_INFO, "Too short TDLS Setup Response " MACSTR
  263. " -> " MACSTR, MAC2STR(src), MAC2STR(dst));
  264. return;
  265. }
  266. if (len < 5 ||
  267. ieee802_11_parse_elems(data + 5, len - 5, &elems, 1) ==
  268. ParseFailed || elems.link_id == NULL) {
  269. /* Need to match TDLS link based on Dialog Token */
  270. rx_data_tdls_setup_response_failure(wt, bssid, sta_addr,
  271. data[2], status);
  272. return;
  273. }
  274. wpa_printf(MSG_DEBUG, "TDLS Link Identifier: BSSID " MACSTR
  275. " initiator STA " MACSTR " responder STA " MACSTR,
  276. MAC2STR(elems.link_id), MAC2STR(elems.link_id + ETH_ALEN),
  277. MAC2STR(elems.link_id + 2 * ETH_ALEN));
  278. tdls = get_tdls(wt, elems.link_id, 1, bssid);
  279. if (!tdls) {
  280. add_note(wt, MSG_INFO, "No match TDLS context found");
  281. return;
  282. }
  283. if (status)
  284. tdls->counters[WLANTEST_TDLS_COUNTER_SETUP_RESP_FAIL]++;
  285. else
  286. tdls->counters[WLANTEST_TDLS_COUNTER_SETUP_RESP_OK]++;
  287. if (status != WLAN_STATUS_SUCCESS)
  288. return;
  289. if (elems.ftie && elems.ftie_len >= sizeof(struct rsn_ftie)) {
  290. const struct rsn_ftie *f;
  291. f = (const struct rsn_ftie *) elems.ftie;
  292. if (os_memcmp(tdls->inonce, f->snonce, WPA_NONCE_LEN) != 0) {
  293. add_note(wt, MSG_INFO, "Mismatch in TDLS initiator "
  294. "nonce");
  295. }
  296. os_memcpy(tdls->rnonce, f->anonce, WPA_NONCE_LEN);
  297. }
  298. if (tdls_derive_tpk(tdls, bssid, elems.ftie, elems.ftie_len) < 1)
  299. return;
  300. if (tdls_verify_mic(wt, tdls, 2, &elems) == 0) {
  301. tdls->dialog_token = data[2];
  302. add_note(wt, MSG_DEBUG, "TDLS: Dialog Token for the link: %u",
  303. tdls->dialog_token);
  304. }
  305. }
  306. static void rx_data_tdls_setup_confirm_failure(struct wlantest *wt,
  307. const u8 *bssid,
  308. const u8 *src,
  309. u8 dialog_token, u16 status)
  310. {
  311. struct wlantest_bss *bss;
  312. struct wlantest_tdls *tdls;
  313. struct wlantest_sta *sta;
  314. if (status == WLAN_STATUS_SUCCESS) {
  315. add_note(wt, MSG_INFO, "TDLS: Invalid TDLS Setup Confirm from "
  316. MACSTR, MAC2STR(src));
  317. return;
  318. }
  319. bss = bss_find(wt, bssid);
  320. if (!bss)
  321. return;
  322. sta = sta_find(bss, src);
  323. if (!sta)
  324. return;
  325. dl_list_for_each(tdls, &bss->tdls, struct wlantest_tdls, list) {
  326. if (tdls->init == sta) {
  327. if (dialog_token != tdls->dialog_token) {
  328. add_note(wt, MSG_DEBUG, "TDLS: Dialog token "
  329. "mismatch in TDLS Setup Confirm "
  330. "(failure)");
  331. break;
  332. }
  333. add_note(wt, MSG_DEBUG, "TDLS: Found matching TDLS "
  334. "setup session based on dialog token");
  335. tdls->counters[
  336. WLANTEST_TDLS_COUNTER_SETUP_CONF_FAIL]++;
  337. break;
  338. }
  339. }
  340. }
  341. static void rx_data_tdls_setup_confirm(struct wlantest *wt, const u8 *bssid,
  342. const u8 *sta_addr, const u8 *dst,
  343. const u8 *src,
  344. const u8 *data, size_t len)
  345. {
  346. u16 status;
  347. struct ieee802_11_elems elems;
  348. struct wlantest_tdls *tdls;
  349. u8 link_id[3 * ETH_ALEN];
  350. if (len < 3) {
  351. add_note(wt, MSG_INFO, "Too short TDLS Setup Confirm " MACSTR
  352. " -> " MACSTR, MAC2STR(src), MAC2STR(dst));
  353. return;
  354. }
  355. status = WPA_GET_LE16(data);
  356. wpa_printf(MSG_DEBUG, "TDLS Setup Confirm " MACSTR " -> "
  357. MACSTR " (status %d)",
  358. MAC2STR(src), MAC2STR(dst), status);
  359. if (ieee802_11_parse_elems(data + 3, len - 3, &elems, 1) ==
  360. ParseFailed || elems.link_id == NULL) {
  361. /* Need to match TDLS link based on Dialog Token */
  362. rx_data_tdls_setup_confirm_failure(wt, bssid, src,
  363. data[2], status);
  364. return;
  365. }
  366. wpa_printf(MSG_DEBUG, "TDLS Link Identifier: BSSID " MACSTR
  367. " initiator STA " MACSTR " responder STA " MACSTR,
  368. MAC2STR(elems.link_id), MAC2STR(elems.link_id + ETH_ALEN),
  369. MAC2STR(elems.link_id + 2 * ETH_ALEN));
  370. tdls = get_tdls(wt, elems.link_id, 1, bssid);
  371. if (tdls == NULL)
  372. return;
  373. if (status)
  374. tdls->counters[WLANTEST_TDLS_COUNTER_SETUP_CONF_FAIL]++;
  375. else
  376. tdls->counters[WLANTEST_TDLS_COUNTER_SETUP_CONF_OK]++;
  377. if (status != WLAN_STATUS_SUCCESS)
  378. return;
  379. if (elems.ftie && elems.ftie_len >= sizeof(struct rsn_ftie)) {
  380. const struct rsn_ftie *f;
  381. f = (const struct rsn_ftie *) elems.ftie;
  382. if (os_memcmp(tdls->inonce, f->snonce, WPA_NONCE_LEN) != 0) {
  383. add_note(wt, MSG_INFO, "Mismatch in TDLS initiator "
  384. "nonce");
  385. }
  386. if (os_memcmp(tdls->rnonce, f->anonce, WPA_NONCE_LEN) != 0) {
  387. add_note(wt, MSG_INFO, "Mismatch in TDLS responder "
  388. "nonce");
  389. }
  390. }
  391. tdls->link_up = 1;
  392. if (tdls_derive_tpk(tdls, bssid, elems.ftie, elems.ftie_len) < 1) {
  393. if (elems.ftie == NULL)
  394. goto remove_reverse;
  395. return;
  396. }
  397. if (tdls_verify_mic(wt, tdls, 3, &elems) == 0) {
  398. tdls->dialog_token = data[2];
  399. add_note(wt, MSG_DEBUG, "TDLS: Link up - Dialog Token: %u",
  400. tdls->dialog_token);
  401. }
  402. remove_reverse:
  403. /*
  404. * The TDLS link itself is bidirectional, but there is explicit
  405. * initiator/responder roles. Remove the other direction of the link
  406. * (if it exists) to make sure that the link counters are stored for
  407. * the current TDLS entery.
  408. */
  409. os_memcpy(link_id, elems.link_id, ETH_ALEN);
  410. os_memcpy(link_id + ETH_ALEN, elems.link_id + 2 * ETH_ALEN, ETH_ALEN);
  411. os_memcpy(link_id + 2 * ETH_ALEN, elems.link_id + ETH_ALEN, ETH_ALEN);
  412. tdls = get_tdls(wt, link_id, 0, bssid);
  413. if (tdls) {
  414. add_note(wt, MSG_DEBUG, "TDLS: Remove reverse link entry");
  415. tdls_deinit(tdls);
  416. }
  417. }
  418. static int tdls_verify_mic_teardown(struct wlantest *wt,
  419. struct wlantest_tdls *tdls, u8 trans_seq,
  420. const u8 *reason_code,
  421. struct ieee802_11_elems *elems)
  422. {
  423. u8 *buf, *pos;
  424. int len;
  425. u8 mic[16];
  426. int ret;
  427. const struct rsn_ftie *rx_ftie;
  428. struct rsn_ftie *tmp_ftie;
  429. if (elems->link_id == NULL || elems->ftie == NULL ||
  430. elems->ftie_len < sizeof(struct rsn_ftie))
  431. return -1;
  432. len = 2 + 18 + 2 + 1 + 1 + 2 + elems->ftie_len;
  433. buf = os_zalloc(len);
  434. if (buf == NULL)
  435. return -1;
  436. pos = buf;
  437. /* 1) Link Identifier IE */
  438. os_memcpy(pos, elems->link_id - 2, 2 + 18);
  439. pos += 2 + 18;
  440. /* 2) Reason Code */
  441. os_memcpy(pos, reason_code, 2);
  442. pos += 2;
  443. /* 3) Dialog token */
  444. *pos++ = tdls->dialog_token;
  445. /* 4) Transaction Sequence number */
  446. *pos++ = trans_seq;
  447. /* 5) FTIE, with the MIC field of the FTIE set to 0 */
  448. os_memcpy(pos, elems->ftie - 2, 2 + elems->ftie_len);
  449. pos += 2;
  450. tmp_ftie = (struct rsn_ftie *) pos;
  451. os_memset(tmp_ftie->mic, 0, 16);
  452. pos += elems->ftie_len;
  453. wpa_hexdump(MSG_DEBUG, "TDLS: Data for FTIE MIC", buf, pos - buf);
  454. wpa_hexdump_key(MSG_DEBUG, "TDLS: KCK", tdls->tpk.kck, 16);
  455. ret = omac1_aes_128(tdls->tpk.kck, buf, pos - buf, mic);
  456. os_free(buf);
  457. if (ret)
  458. return -1;
  459. wpa_hexdump(MSG_DEBUG, "TDLS: FTIE MIC", mic, 16);
  460. rx_ftie = (const struct rsn_ftie *) elems->ftie;
  461. if (os_memcmp(mic, rx_ftie->mic, 16) == 0) {
  462. add_note(wt, MSG_DEBUG, "TDLS: Valid MIC");
  463. return 0;
  464. }
  465. add_note(wt, MSG_DEBUG, "TDLS: Invalid MIC");
  466. return -1;
  467. }
  468. static void rx_data_tdls_teardown(struct wlantest *wt, const u8 *bssid,
  469. const u8 *sta_addr, const u8 *dst,
  470. const u8 *src,
  471. const u8 *data, size_t len)
  472. {
  473. u16 reason;
  474. struct ieee802_11_elems elems;
  475. struct wlantest_tdls *tdls;
  476. if (len < 2)
  477. return;
  478. reason = WPA_GET_LE16(data);
  479. wpa_printf(MSG_DEBUG, "TDLS Teardown " MACSTR " -> "
  480. MACSTR " (reason %d)",
  481. MAC2STR(src), MAC2STR(dst), reason);
  482. if (ieee802_11_parse_elems(data + 2, len - 2, &elems, 1) ==
  483. ParseFailed || elems.link_id == NULL)
  484. return;
  485. wpa_printf(MSG_DEBUG, "TDLS Link Identifier: BSSID " MACSTR
  486. " initiator STA " MACSTR " responder STA " MACSTR,
  487. MAC2STR(elems.link_id), MAC2STR(elems.link_id + ETH_ALEN),
  488. MAC2STR(elems.link_id + 2 * ETH_ALEN));
  489. tdls = get_tdls(wt, elems.link_id, 1, bssid);
  490. if (tdls) {
  491. if (tdls->link_up)
  492. add_note(wt, MSG_DEBUG, "TDLS: Link down");
  493. tdls->link_up = 0;
  494. tdls->counters[WLANTEST_TDLS_COUNTER_TEARDOWN]++;
  495. tdls_verify_mic_teardown(wt, tdls, 4, data, &elems);
  496. }
  497. }
  498. static void rx_data_tdls(struct wlantest *wt, const u8 *bssid,
  499. const u8 *sta_addr, const u8 *dst, const u8 *src,
  500. const u8 *data, size_t len)
  501. {
  502. /* data contains the payload of a TDLS Action frame */
  503. if (len < 2 || data[0] != WLAN_ACTION_TDLS) {
  504. wpa_hexdump(MSG_DEBUG, "Unrecognized encapsulated TDLS frame",
  505. data, len);
  506. return;
  507. }
  508. switch (data[1]) {
  509. case WLAN_TDLS_SETUP_REQUEST:
  510. rx_data_tdls_setup_request(wt, bssid, sta_addr, dst, src,
  511. data + 2, len - 2);
  512. break;
  513. case WLAN_TDLS_SETUP_RESPONSE:
  514. rx_data_tdls_setup_response(wt, bssid, sta_addr, dst, src,
  515. data + 2, len - 2);
  516. break;
  517. case WLAN_TDLS_SETUP_CONFIRM:
  518. rx_data_tdls_setup_confirm(wt, bssid, sta_addr, dst, src,
  519. data + 2, len - 2);
  520. break;
  521. case WLAN_TDLS_TEARDOWN:
  522. rx_data_tdls_teardown(wt, bssid, sta_addr, dst, src, data + 2,
  523. len - 2);
  524. break;
  525. case WLAN_TDLS_DISCOVERY_REQUEST:
  526. wpa_printf(MSG_DEBUG, "TDLS Discovery Request " MACSTR " -> "
  527. MACSTR, MAC2STR(src), MAC2STR(dst));
  528. break;
  529. }
  530. }
  531. void rx_data_80211_encap(struct wlantest *wt, const u8 *bssid,
  532. const u8 *sta_addr, const u8 *dst, const u8 *src,
  533. const u8 *data, size_t len)
  534. {
  535. wpa_hexdump(MSG_EXCESSIVE, "802.11 data encap frame", data, len);
  536. if (len < 1)
  537. return;
  538. if (data[0] == 0x02)
  539. rx_data_tdls(wt, bssid, sta_addr, dst, src, data + 1, len - 1);
  540. }