记录wpa_supplicant四次握手的过程。

相关log:https://www.cnblogs.com/helloworldtoyou/p/9633603.html

  1. 接收到第一次握手,会设置一个认证超时时间,根据情况,设置成10s或者70s
  2. 四次握手,如果出错,将会等待这个超时时间后,才会判断认证失败。然后从新连接。
  4. wpa_supplicant/wpa_supplicant.c
  5. void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
  6. 			     const u8 *buf, size_t len)
  7. {
  8. 	struct wpa_supplicant *wpa_s = ctx;
  9. 	// 接受到EAPOL帧
  10. 	wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
  11. 	wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
  13. #ifdef CONFIG_TESTING_OPTIONS
  14. 	if (wpa_s->ignore_auth_resp) {
  15. 		wpa_printf(MSG_INFO, "RX EAPOL - ignore_auth_resp active!");
  16. 		return;
  17. 	}
  18. #endif /* CONFIG_TESTING_OPTIONS */
  20. #ifdef CONFIG_PEERKEY
  21. 	if (wpa_s->wpa_state > WPA_ASSOCIATED && wpa_s->current_ssid &&
  22. 	    wpa_s->current_ssid->peerkey &&
  23. 	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) &&
  24. 	    wpa_sm_rx_eapol_peerkey(wpa_s->wpa, src_addr, buf, len) == 1) {
  25. 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: Processed PeerKey EAPOL-Key");
  26. 		return;
  27. 	}
  28. #endif /* CONFIG_PEERKEY */
  30. 	if (wpa_s->wpa_state < WPA_ASSOCIATED ||
  31. 	    (wpa_s->last_eapol_matches_bssid &&
  32. #ifdef CONFIG_AP
  33. 	     !wpa_s->ap_iface &&
  34. #endif /* CONFIG_AP */
  35. 	     os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) != 0)) {
  36. 		/*
  37. 		 * There is possible race condition between receiving the
  38. 		 * association event and the EAPOL frame since they are coming
  39. 		 * through different paths from the driver. In order to avoid
  40. 		 * issues in trying to process the EAPOL frame before receiving
  41. 		 * association information, lets queue it for processing until
  42. 		 * the association event is received. This may also be needed in
  43. 		 * driver-based roaming case, so also use src_addr != BSSID as a
  44. 		 * trigger if we have previously confirmed that the
  45. 		 * Authenticator uses BSSID as the src_addr (which is not the
  46. 		 * case with wired IEEE 802.1X).
  47. 		 */
  48. 		wpa_dbg(wpa_s, MSG_DEBUG, "Not associated - Delay processing "
  49. 			"of received EAPOL frame (state=%s bssid=" MACSTR ")",
  50. 			wpa_supplicant_state_txt(wpa_s->wpa_state),
  51. 			MAC2STR(wpa_s->bssid));
  52. 		wpabuf_free(wpa_s->pending_eapol_rx);
  53. 		wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
  54. 		if (wpa_s->pending_eapol_rx) {
  55. 			os_get_reltime(&wpa_s->pending_eapol_rx_time);
  56. 			os_memcpy(wpa_s->pending_eapol_rx_src, src_addr,
  57. 				  ETH_ALEN);
  58. 		}
  59. 		return;
  60. 	}
  62. 	wpa_s->last_eapol_matches_bssid =
  63. 		os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) == 0;
  65. #ifdef CONFIG_AP
  66. 	if (wpa_s->ap_iface) {
  67. 		wpa_supplicant_ap_rx_eapol(wpa_s, src_addr, buf, len);
  68. 		return;
  69. 	}
  70. #endif /* CONFIG_AP */
  71. 															// 没有配置密钥,退出
  72. 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
  73. 		wpa_dbg(wpa_s, MSG_DEBUG, "Ignored received EAPOL frame since "
  74. 			"no key management is configured");
  75. 		return;
  76. 	}
  77. 															// 第一次收到EAPOL帧,设置认证超时时间,
  78. 	if (wpa_s->eapol_received == 0 &&
  79. 	    (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) ||
  80. 	     !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
  81. 	     wpa_s->wpa_state != WPA_COMPLETED) &&
  82. 	    (wpa_s->current_ssid == NULL ||
  83. 	     wpa_s->current_ssid->mode != IEEE80211_MODE_IBSS)) {
  84. 		/* Timeout for completing IEEE 802.1X and WPA authentication */
  85. 		int timeout = 10;									// 认证超时时间10s
  87. 		if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
  88. 		    wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA ||
  89. 		    wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
  90. 			/* Use longer timeout for IEEE 802.1X/EAP */
  91. 			timeout = 70;									// 802.1X/EAP认证超时时间设置成70s
  92. 		}
  93. 															// WPS相关设置
  94. #ifdef CONFIG_WPS
  95. 		if (wpa_s->current_ssid && wpa_s->current_bss &&
  96. 		    (wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_WPS) &&
  97. 		    eap_is_wps_pin_enrollee(&wpa_s->current_ssid->eap)) {
  98. 			/*
  99. 			 * Use shorter timeout if going through WPS AP iteration
  100. 			 * for PIN config method with an AP that does not
  101. 			 * advertise Selected Registrar.
  102. 			 */
  103. 			struct wpabuf *wps_ie;
  105. 			wps_ie = wpa_bss_get_vendor_ie_multi(
  106. 				wpa_s->current_bss, WPS_IE_VENDOR_TYPE);
  107. 			if (wps_ie &&
  108. 			    !wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1))
  109. 				timeout = 10;
  110. 			else {
  111. 			    /* We should apply a flexible timeout value,
  112.                 * becasue some AP which send M2D MSG
  113.                 * need more time to complete EAP auth,such as Marvell.
  114.                 * */
  115. 		        timeout = 70;
  116. 			}
  117. 			wpabuf_free(wps_ie);
  118. 		}
  119. #endif /* CONFIG_WPS */
  121. 		wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);			// 设置认证超时,10s或者70s
  122. 	}
  123. 	wpa_s->eapol_received++;										// 接受到的EAPOL计数加一
  125. 	if (wpa_s->countermeasures) {
  126. 		wpa_msg(wpa_s, MSG_INFO, "WPA: Countermeasures - dropped "
  127. 			"EAPOL packet");
  128. 		return;
  129. 	}
  131. #ifdef CONFIG_IBSS_RSN
  132. 	if (wpa_s->current_ssid &&
  133. 	    wpa_s->current_ssid->mode == WPAS_MODE_IBSS) {
  134. 		ibss_rsn_rx_eapol(wpa_s->ibss_rsn, src_addr, buf, len);
  135. 		return;
  136. 	}
  137. #endif /* CONFIG_IBSS_RSN */
  139. 	/* Source address of the incoming EAPOL frame could be compared to the
  140. 	 * current BSSID. However, it is possible that a centralized
  141. 	 * Authenticator could be using another MAC address than the BSSID of
  142. 	 * an AP, so just allow any address to be used for now. The replies are
  143. 	 * still sent to the current BSSID (if available), though. */
  145. 	os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
  146. 	if (!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) &&
  147. 	    wpa_s->key_mgmt != WPA_KEY_MGMT_OWE &&
  148. 	    wpa_s->key_mgmt != WPA_KEY_MGMT_DPP &&
  149. 	    eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
  150. 		return;
  151. 	wpa_drv_poll(wpa_s);
  152. 	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
  153. 		wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);				// 处理接受的EAPOL帧
  154. 	else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
  155. 		/*
  156. 		 * Set portValid = TRUE here since we are going to skip 4-way
  157. 		 * handshake processing which would normally set portValid. We
  158. 		 * need this to allow the EAPOL state machines to be completed
  159. 		 * without going through EAPOL-Key handshake.
  160. 		 */
  161. 		eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
  162. 	}
  163. }
  165. src/rsn_supp/wpa.c
  166. int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
  167.             const u8 *buf, size_t len)
  168. {
  169. 	各种帧内容判断
  170. ...
  171.     if (key_info & WPA_KEY_INFO_KEY_TYPE) {
  172.         if (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) {
  173.             wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
  174.                 "WPA: Ignored EAPOL-Key (Pairwise) with "
  175.                 "non-zero key index");
  176.             goto out;
  177.         }
  178.         if (peerkey) {
  179.             /* PeerKey 4-Way Handshake */
  180.             peerkey_rx_eapol_4way(sm, peerkey, key, key_info, ver,
  181.                           key_data, key_data_len);
  182.         } else if (key_info & (WPA_KEY_INFO_MIC |
  183.                        WPA_KEY_INFO_ENCR_KEY_DATA)) {
  184.             /* 3/4 4-Way Handshake */                        // 第三次握手
  185.             wpa_supplicant_process_3_of_4(sm, key, ver, key_data,
  186.                               key_data_len);
  187.         } else {
  188.             /* 1/4 4-Way Handshake */                        // 第一次握手
  189.             wpa_supplicant_process_1_of_4(sm, src_addr, key,
  190.                               ver, key_data,
  191.                               key_data_len);
  192.         }
  193.     } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
  194.         /* PeerKey SMK Handshake */
  195.         peerkey_rx_eapol_smk(sm, src_addr, key, key_data, key_data_len,
  196.                      key_info, ver);
  197.     } else {
  198.         if ((mic_len && (key_info & WPA_KEY_INFO_MIC)) ||
  199.             (!mic_len && (key_info & WPA_KEY_INFO_ENCR_KEY_DATA))) {
  200.             /* 1/2 Group Key Handshake */
  201.             wpa_supplicant_process_1_of_2(sm, src_addr, key,
  202.                               key_data, key_data_len,
  203.                               ver);
  204.         } else {
  205.             wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
  206.                 "WPA: EAPOL-Key (Group) without Mic/Encr bit - "
  207.                 "dropped");
  208.         }
  209.     }
  210. ...
  211. }
  213. static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
  214.                       const unsigned char *src_addr,
  215.                       const struct wpa_eapol_key *key,
  216.                       u16 ver, const u8 *key_data,
  217.                       size_t key_data_len)
  218. {
  219.     struct wpa_eapol_ie_parse ie;
  220.     struct wpa_ptk *ptk;
  221.     int res;
  222.     u8 *kde, *kde_buf = NULL;
  223.     size_t kde_len;
  225.     if (wpa_sm_get_network_ctx(sm) == NULL) {
  226.         wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No SSID info "
  227.             "found (msg 1 of 4)");
  228.         return;
  229.     }
  231.     wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
  232.     wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of 4-Way "
  233.         "Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver);
  235.     os_memset(&ie, 0, sizeof(ie));
  237.     if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
  238.         /* RSN: msg 1/4 should contain PMKID for the selected PMK */
  239.         wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data",
  240.                 key_data, key_data_len);
  241.         if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0)
  242.             goto failed;
  243.         if (ie.pmkid) {
  244.             wpa_hexdump(MSG_DEBUG, "RSN: PMKID from "
  245.                     "Authenticator", ie.pmkid, PMKID_LEN);
  246.         }
  247.     }
  249.     res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid);
  250.     if (res == -2) {
  251.         wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: Do not reply to "
  252.             "msg 1/4 - requesting full EAP authentication");
  253.         return;
  254.     }
  255.     if (res)
  256.         goto failed;
  258.     if (sm->renew_snonce) {
  259.         if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) {
  260.             wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
  261.                 "WPA: Failed to get random data for SNonce");
  262.             goto failed;
  263.         }
  264.         sm->renew_snonce = 0;
  265.         wpa_hexdump(MSG_DEBUG, "WPA: Renewed SNonce",
  266.                 sm->snonce, WPA_NONCE_LEN);
  267.     }
  269.     /* Calculate PTK which will be stored as a temporary PTK until it has
  270.      * been verified when processing message 3/4. */
  271.     ptk = &sm->tptk;
  272.     wpa_derive_ptk(sm, src_addr, key, ptk);
  273.     if (sm->pairwise_cipher == WPA_CIPHER_TKIP) {
  274.         u8 buf[8];
  275.         /* Supplicant: swap tx/rx Mic keys */
  276.         os_memcpy(buf, &ptk->tk[16], 8);
  277.         os_memcpy(&ptk->tk[16], &ptk->tk[24], 8);
  278.         os_memcpy(&ptk->tk[24], buf, 8);
  279.         os_memset(buf, 0, sizeof(buf));
  280.     }
  281.     sm->tptk_set = 1;
  283.     kde = sm->assoc_wpa_ie;
  284.     kde_len = sm->assoc_wpa_ie_len;
  286. ...
  287.                             // 发送第二次握手的包
  288.     if (wpa_supplicant_send_2_of_4(sm, sm->bssid, key, ver, sm->snonce,
  289.                        kde, kde_len, ptk) < 0)
  290.         goto failed;
  292.     os_free(kde_buf);
  293.     os_memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN);
  294.     return;
  296. failed:
  297.     os_free(kde_buf);
  298.     wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
  299. }

Liutao

2018-11-22

Android wpa_supplicant 四次握手 流程分析的更多相关文章

  1. TCP/IP协议三次握手与四次握手流程解析

    原文链接地址:http://www.2cto.com/net/201310/251896.html TCP/IP协议三次握手与四次握手流程解析 TCP/IP协议的详细信息参看<TCP/IP协议详 ...

  2. TCP/IP协议三次握手与四次握手流程解析(转载及总结)

    原文地址:http://www.2cto.com/net/201310/251896.html,转载请注明出处: TCP/IP协议三次握手与四次握手流程解析 一.TCP报文格式  TCP/IP协议的详 ...

  3. Android 4.4 音量调节流程分析(二)

    之前在Android 4.4 音量调节流程分析(一)里已经有简单的分析音量控制的流程,今天想接着继续分析下音量大小计算的方法.对于任一播放文件而言其本身都有着固定大小的音量Volume_Max,而在A ...

  4. Android 7.1 屏幕旋转流程分析

    Android 7.1   屏幕旋转流程分析 一.概述 Android屏幕的旋转在framework主要涉及到三个类,结构如图 PhoneWindowManager:为屏幕的横竖屏转换的管理类. Wi ...

  5. TCP/IP协议三次握手与四次握手流程解析(转)

    一.TCP报文格式   下面是TCP报文格式图:       上图中有几个字段需要重点介绍下:  (1)序号:Seq序号,占32位,用来标识从TCP源端向目的端发送的字节流,发起方发送数据时对此进行标 ...

  6. 【协议】2、TCP/IP协议三次握手与四次握手流程解析

    一.TCP报文格式  TCP/IP协议的详细信息参看<TCP/IP协议详解>三卷本.下面是TCP报文格式图:图1 TCP报文格式  上图中有几个字段需要重点介绍下:  (1)序号:Seq序 ...

  7. PPTP协议握手流程分析

    一  PPTP概述 PPTP(Point to Point Tunneling Protocol),即点对点隧道协议.该协议是在PPP协议的基础上开发的一种新的增强型安全协议,支持多协议虚拟专用网,可 ...

  8. Android之 MTP框架和流程分析

    概要 本文的目的是介绍Android系统中MTP的一些相关知识.主要的内容包括:第1部分 MTP简介            对Mtp协议进行简单的介绍.第2部分 MTP框架            介绍 ...

  9. PPTP协议握手流程分析--转载

    一  PPTP概述   PPTP(Point to Point Tunneling Protocol),即点对点隧道协议.该协议是在PPP协议的基础上开发的一种新的增强型安全协议,支持多协议虚拟专用网 ...

随机推荐

  1. BZOJ.4766.文艺计算姬(Prufer)

    题目链接 这是完全二分图,那么在构造Prufer序列时,最后会剩下两个点,两点的边是连接两个集合的,这两个点自然分属两个集合 那么集合A被删了m-1次,每次从n个点中选:B被删了n-1次,每次都可以从 ...

  2. POJ 3243 Clever Y 扩展BSGS

    http://poj.org/problem?id=3243 这道题的输入数据输入后需要将a和b都%p https://blog.csdn.net/zzkksunboy/article/details ...

  3. CODEVS.1228 苹果树(DFS序)

    To CODEVS.1228 苹果树  To poj 3321 Description 在卡卡的房子外面,有一棵苹果树.每年的春天,树上总会结出很多的苹果.卡卡非常喜欢吃苹果,所以他一直都精心的呵护这 ...

  4. [SNOI2017]一个简单的询问

    [SNOI2017]一个简单的询问 题目大意: 给定一个长度为\(n(n\le50000)\)的序列\(A(1\le A_i\le n)\),定义\(\operatorname{get}(l,r,x) ...

  5. AngularJS中介者模式实例

    在任何应用程序中,中介者模式随处可见. → 有一个事件源,触发事件,传递参数→ 中介者记下这个事件,向外界广播,并带上参赛→ 有一个地方侦听中介者事件,一旦事件源触发事件,就从中介者手里获取事件相关参 ...

  6. SpringBoot自定义线程池处理异步任务

    @Async异步调用 就不解释什么是异步调用了,Spring Boot中进行异步调用很简单 1.通过使用@Async注解就能简单的将原来的同步函数变为异步函数 package com.winner.s ...

  7. 【.NET线程--进阶(一)】--线程方法详解

    上篇博客从线程的基本概况开始着重讨论了线程,进程,程序之间的区别,然后讨论了线程操作的几个类,并通过实例来说明了线程的创建方法.本篇博客将会带大家更深入的了解线程,介绍线程的基本方法,并通过一个Dem ...

  8. iOS开发-命令模式

    命令模式算是设计模式中比较简单的,最常见的例子是工作任务安排下来进行编程,如果工作任务不需要完成,我们可以取消我们之前完成的代码,也可以理解为回滚撤销操作.这里面涉及到命令模式中的两个对象,一个是动作 ...

  9. install pymongo,mysql

    yum install pymongo yum install MySQL-python

  10. how to check the computer is 32 bit or 64bit in linux

    just use cat /proc/cpuinfo in shell