Android wpa_supplicant 四次握手 流程分析

最新推荐文章于 2023-03-02 17:20:28 发布
最新推荐文章于 2023-03-02 17:20:28 发布
阅读量1.3k 收藏 7
点赞数 1
文章标签: 移动开发 python

记录wpa_supplicant四次握手的过程。

相关log:https://www.cnblogs.com/helloworldtoyou/p/9633603.html

接收到第一次握手,会设置一个认证超时时间,根据情况,设置成10s或者70s。
四次握手,如果出错,将会等待这个超时时间后,才会判断认证失败。然后从新连接。

wpa_supplicant/wpa_supplicant.c
void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
                 const u8 *buf, size_t len)
{
    struct wpa_supplicant *wpa_s = ctx;
    // 接受到EAPOL帧
    wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
    wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);

#ifdef CONFIG_TESTING_OPTIONS
    if (wpa_s->ignore_auth_resp) {
        wpa_printf(MSG_INFO, "RX EAPOL - ignore_auth_resp active!");
        return;
    }
#endif /* CONFIG_TESTING_OPTIONS */

#ifdef CONFIG_PEERKEY
    if (wpa_s->wpa_state > WPA_ASSOCIATED && wpa_s->current_ssid &&
        wpa_s->current_ssid->peerkey &&
        !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) &&
        wpa_sm_rx_eapol_peerkey(wpa_s->wpa, src_addr, buf, len) == 1) {
        wpa_dbg(wpa_s, MSG_DEBUG, "RSN: Processed PeerKey EAPOL-Key");
        return;
    }
#endif /* CONFIG_PEERKEY */

    if (wpa_s->wpa_state < WPA_ASSOCIATED ||
        (wpa_s->last_eapol_matches_bssid &&
#ifdef CONFIG_AP
         !wpa_s->ap_iface &&
#endif /* CONFIG_AP */
         os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) != 0)) {
        /*
         * There is possible race condition between receiving the
         * association event and the EAPOL frame since they are coming
         * through different paths from the driver. In order to avoid
         * issues in trying to process the EAPOL frame before receiving
         * association information, lets queue it for processing until
         * the association event is received. This may also be needed in
         * driver-based roaming case, so also use src_addr != BSSID as a
         * trigger if we have previously confirmed that the
         * Authenticator uses BSSID as the src_addr (which is not the
         * case with wired IEEE 802.1X).
         */
        wpa_dbg(wpa_s, MSG_DEBUG, "Not associated - Delay processing "
            "of received EAPOL frame (state=%s bssid=" MACSTR ")",
            wpa_supplicant_state_txt(wpa_s->wpa_state),
            MAC2STR(wpa_s->bssid));
        wpabuf_free(wpa_s->pending_eapol_rx);
        wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
        if (wpa_s->pending_eapol_rx) {
            os_get_reltime(&wpa_s->pending_eapol_rx_time);
            os_memcpy(wpa_s->pending_eapol_rx_src, src_addr,
                  ETH_ALEN);
        }
        return;
    }

    wpa_s->last_eapol_matches_bssid =
        os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) == 0;

#ifdef CONFIG_AP
    if (wpa_s->ap_iface) {
        wpa_supplicant_ap_rx_eapol(wpa_s, src_addr, buf, len);
        return;
    }
#endif /* CONFIG_AP */
                                                            // 没有配置密钥,退出
    if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
        wpa_dbg(wpa_s, MSG_DEBUG, "Ignored received EAPOL frame since "
            "no key management is configured");
        return;
    }
                                                            // 第一次收到EAPOL帧,设置认证超时时间,
    if (wpa_s->eapol_received == 0 &&
        (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) ||
         !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
         wpa_s->wpa_state != WPA_COMPLETED) &&
        (wpa_s->current_ssid == NULL ||
         wpa_s->current_ssid->mode != IEEE80211_MODE_IBSS)) {
        /* Timeout for completing IEEE 802.1X and WPA authentication */
        int timeout = 10;                                   // 认证超时时间10s

        if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
            wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA ||
            wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
            /* Use longer timeout for IEEE 802.1X/EAP */
            timeout = 70;                                   // 802.1X/EAP认证超时时间设置成70s
        }
                                                            // WPS相关设置
#ifdef CONFIG_WPS
        if (wpa_s->current_ssid && wpa_s->current_bss &&
            (wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_WPS) &&
            eap_is_wps_pin_enrollee(&wpa_s->current_ssid->eap)) {
            /*
             * Use shorter timeout if going through WPS AP iteration
             * for PIN config method with an AP that does not
             * advertise Selected Registrar.
             */
            struct wpabuf *wps_ie;

            wps_ie = wpa_bss_get_vendor_ie_multi(
                wpa_s->current_bss, WPS_IE_VENDOR_TYPE);
            if (wps_ie &&
                !wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1))
                timeout = 10;
            else {
                /* We should apply a flexible timeout value,
                * becasue some AP which send M2D MSG
                * need more time to complete EAP auth,such as Marvell.
                * */
                timeout = 70;
            }
            wpabuf_free(wps_ie);
        }
#endif /* CONFIG_WPS */

        wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);         // 设置认证超时,10s或者70s
    }
    wpa_s->eapol_received++;                                        // 接受到的EAPOL计数加一

    if (wpa_s->countermeasures) {
        wpa_msg(wpa_s, MSG_INFO, "WPA: Countermeasures - dropped "
            "EAPOL packet");
        return;
    }

#ifdef CONFIG_IBSS_RSN
    if (wpa_s->current_ssid &&
        wpa_s->current_ssid->mode == WPAS_MODE_IBSS) {
        ibss_rsn_rx_eapol(wpa_s->ibss_rsn, src_addr, buf, len);
        return;
    }
#endif /* CONFIG_IBSS_RSN */

    /* Source address of the incoming EAPOL frame could be compared to the
     * current BSSID. However, it is possible that a centralized
     * Authenticator could be using another MAC address than the BSSID of
     * an AP, so just allow any address to be used for now. The replies are
     * still sent to the current BSSID (if available), though. */

    os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
    if (!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) &&
        wpa_s->key_mgmt != WPA_KEY_MGMT_OWE &&
        wpa_s->key_mgmt != WPA_KEY_MGMT_DPP &&
        eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
        return;
    wpa_drv_poll(wpa_s);
    if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
        wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);                // 处理接受的EAPOL帧
    else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
        /*
         * Set portValid = TRUE here since we are going to skip 4-way
         * handshake processing which would normally set portValid. We
         * need this to allow the EAPOL state machines to be completed
         * without going through EAPOL-Key handshake.
         */
        eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
    }
}

src/rsn_supp/wpa.c
int wpa_sm_rx_eapol(struct wpa_sm *sm, const u8 *src_addr,
            const u8 *buf, size_t len)
{
    各种帧内容判断
...
    if (key_info & WPA_KEY_INFO_KEY_TYPE) {
        if (key_info & WPA_KEY_INFO_KEY_INDEX_MASK) {
            wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
                "WPA: Ignored EAPOL-Key (Pairwise) with "
                "non-zero key index");
            goto out; 
        }    
        if (peerkey) {
            /* PeerKey 4-Way Handshake */               
            peerkey_rx_eapol_4way(sm, peerkey, key, key_info, ver, 
                          key_data, key_data_len);
        } else if (key_info & (WPA_KEY_INFO_MIC |
                       WPA_KEY_INFO_ENCR_KEY_DATA)) {
            /* 3/4 4-Way Handshake */                        // 第三次握手
            wpa_supplicant_process_3_of_4(sm, key, ver, key_data,
                              key_data_len);
        } else {
            /* 1/4 4-Way Handshake */                        // 第一次握手
            wpa_supplicant_process_1_of_4(sm, src_addr, key, 
                              ver, key_data,
                              key_data_len);
        }    
    } else if (key_info & WPA_KEY_INFO_SMK_MESSAGE) {
        /* PeerKey SMK Handshake */
        peerkey_rx_eapol_smk(sm, src_addr, key, key_data, key_data_len,
                     key_info, ver);
    } else {
        if ((mic_len && (key_info & WPA_KEY_INFO_MIC)) ||
            (!mic_len && (key_info & WPA_KEY_INFO_ENCR_KEY_DATA))) {
            /* 1/2 Group Key Handshake */
            wpa_supplicant_process_1_of_2(sm, src_addr, key, 
                              key_data, key_data_len,
                              ver);
        } else {
            wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
                "WPA: EAPOL-Key (Group) without Mic/Encr bit - "
                "dropped");
        }    
    }    
... 
}


static void wpa_supplicant_process_1_of_4(struct wpa_sm *sm,
                      const unsigned char *src_addr,
                      const struct wpa_eapol_key *key,
                      u16 ver, const u8 *key_data,
                      size_t key_data_len)
{
    struct wpa_eapol_ie_parse ie;
    struct wpa_ptk *ptk;
    int res;
    u8 *kde, *kde_buf = NULL;
    size_t kde_len;

    if (wpa_sm_get_network_ctx(sm) == NULL) {
        wpa_msg(sm->ctx->msg_ctx, MSG_WARNING, "WPA: No SSID info "
            "found (msg 1 of 4)");
        return;
    }

    wpa_sm_set_state(sm, WPA_4WAY_HANDSHAKE);
    wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "WPA: RX message 1 of 4-Way "
        "Handshake from " MACSTR " (ver=%d)", MAC2STR(src_addr), ver);

    os_memset(&ie, 0, sizeof(ie));

    if (sm->proto == WPA_PROTO_RSN || sm->proto == WPA_PROTO_OSEN) {
        /* RSN: msg 1/4 should contain PMKID for the selected PMK */
        wpa_hexdump(MSG_DEBUG, "RSN: msg 1/4 key data",
                key_data, key_data_len);
        if (wpa_supplicant_parse_ies(key_data, key_data_len, &ie) < 0)
            goto failed;
        if (ie.pmkid) {
            wpa_hexdump(MSG_DEBUG, "RSN: PMKID from "
                    "Authenticator", ie.pmkid, PMKID_LEN);
        }
    }

    res = wpa_supplicant_get_pmk(sm, src_addr, ie.pmkid);
    if (res == -2) {
        wpa_dbg(sm->ctx->msg_ctx, MSG_DEBUG, "RSN: Do not reply to "
            "msg 1/4 - requesting full EAP authentication");
        return;
    }
    if (res)
        goto failed;

    if (sm->renew_snonce) {
        if (random_get_bytes(sm->snonce, WPA_NONCE_LEN)) {
            wpa_msg(sm->ctx->msg_ctx, MSG_WARNING,
                "WPA: Failed to get random data for SNonce");
            goto failed;
        }
        sm->renew_snonce = 0;
        wpa_hexdump(MSG_DEBUG, "WPA: Renewed SNonce",
                sm->snonce, WPA_NONCE_LEN);
    }

    /* Calculate PTK which will be stored as a temporary PTK until it has
     * been verified when processing message 3/4. */
    ptk = &sm->tptk;
    wpa_derive_ptk(sm, src_addr, key, ptk);
    if (sm->pairwise_cipher == WPA_CIPHER_TKIP) {
        u8 buf[8];
        /* Supplicant: swap tx/rx Mic keys */
        os_memcpy(buf, &ptk->tk[16], 8);
        os_memcpy(&ptk->tk[16], &ptk->tk[24], 8);
        os_memcpy(&ptk->tk[24], buf, 8);
        os_memset(buf, 0, sizeof(buf));
    }
    sm->tptk_set = 1;

    kde = sm->assoc_wpa_ie;
    kde_len = sm->assoc_wpa_ie_len;

...
                            // 发送第二次握手的包
    if (wpa_supplicant_send_2_of_4(sm, sm->bssid, key, ver, sm->snonce,
                       kde, kde_len, ptk) < 0)
        goto failed;

    os_free(kde_buf);
    os_memcpy(sm->anonce, key->key_nonce, WPA_NONCE_LEN);
    return;

failed:
    os_free(kde_buf);
    wpa_sm_deauthenticate(sm, WLAN_REASON_UNSPECIFIED);
}

Liutao

2018-11-22

weixin_33862188
关注
  • 1
    点赞
  • 7
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
wpa_supplicant-2.9.zip
06-13
wpa_supplicant是一款开源且功能强大的无线网络认证客户端,广泛应用于Linux、Android等操作系统中,用于处理Wi-Fi连接。在这个名为“wpa_supplicant-2.9.zip”的压缩包中,包含了版本2.9的源代码及其相关配置文件,...
wpa_supplicant-2.7.tar.gz
06-08
wpa_supplicant-2.7:无线网络安全守护者与OpenSSL的紧密协作》 在无线网络连接的世界中,安全始终是首要考虑的因素。wpa_supplicant是一个强大的开源软件,用于处理Wi-Fi连接的安全性,它确保了我们的设备能够...
wpa_supplicant2.9之sae握手流程
krokodil98的博客
07-09 3232
wpa_supplicant2.9之sae握手流程SME介绍wpa_supplicant_connectsme_authenticatesme_auth_start_cbsme_send_authenticationwpa_drv_authenticatewpa_driver_nl80211_authenticatedo_process_drv_eventmlme_event_authsme_event_authsme_sae_auth WPA3-Personal采用了新的加密方式,SAE算法。 WPA2的
Android WiFi 日志记录(四次握手)
weixin_33814685的博客
09-12 2168
记录一下四次握手的log。 PMK: PMK(Pairwise Master Key,成对主密钥 STA和AP得到PMK后,将进行密匙派生以得到PTK。最后,PTK被设置到硬件中, 用于数据的加解密。 ·由于AP和STA都需要使用PTK,所以二者需要利用EAPOL Key帧进行信息交换。 这就是4-Way Handshake的作用。 由于STA每次关联都需要重新派生这些 Key,所以它们称为...
关于WPA/WPA2 4次握手
maizaozao的专栏
02-15 1121
简单描述一下WPA/WPA2的4次握手中的一些关键词:   WPA/WPA2使用4次握手的方式来产生所需要的密钥。四次握手通过一系列的交互,从PMK(Pairwise Master Key)生成PTK(Pairwise Transient Key)。PMK来自MSK(Master Session Key),是MSK的前256位,32字节。   PTK包含3个部分,KCK(KeyConfirmationKey),KEK(Key EncryptionKey),TK(Temporal Key)。   ...
Android wpa_supplicant源码分析–连接AP过程
热门推荐
cuijiyue的专栏
06-24 1万+
连接网络过程STA连接AP的过程可以参考该文章,http://support.huawei.com/ecommunity/bbs/10232527.htmlSTA需要认证后才可以接入AP,认证过程分为链路认证(associate)和接入认证(authentication),根据AP的加密方式 associate 和 authentication采用的认证方式不同。 上述网页中列出了各种加密方式的认
android wpa_supplicant 流程分析
IC_SOC_ARM
02-27 1万+
以下分析基于 wpa_supplicant 0.5.11 版本 1、wpa_supplicant简介     wpa_supplicant is an implementation of the WPA Supplicant component, i.e., the part that runs in the client stations. It implements WPA ke
wpa_supplicant中几种状态详解
我的博客
03-02 701
wpa_supplicant中几种状态详解
wpa_supplicant-2.0_wpa_supplicant_
10-01
wpa_supplicant 2.0:无线网络安全的守护者》 wpa_supplicant是一款开源的无线网络连接管理工具,其2.0版本是它在无线网络安全领域的一个重要里程碑。这款软件的主要职责是处理Wi-Fi连接,特别是对于WPA(Wi-Fi ...
wpa_supplicant_8 源码
10-28
对于WPA/WPA2协议,它使用了TKIP或CCMP加密算法,通过四次握手完成安全连接的建立。在这个过程中,源码揭示了如何生成和验证双方的密钥,以及如何处理重传和密钥更新。 此外,wpa_supplicant还支持多种EAP方法,如...
wpa_supplicant-2.6.tar.gz
05-12
wpa_supplicant-2.6:无线网络连接的核心组件》 在当今的数字化社会,无线网络连接已经成为我们日常生活和工作的重要组成部分。wpa_supplicant是实现这一连接的关键软件之一,尤其是在Linux系统中。本文将深入...
5wpa_supplicant程序 --详解
03-25 2103
目前可以使用wireless-tools或wpa_supplicant工具来配置无线网络。请记住重要的一点是,对无线网络的配置是全局性的,而非针对具体的接口。 wpa_supplicant是一个较好的选择,但缺点是它不支持所有的驱动。请浏览wpa_supplicant网站获得它所支持...
android nfc settimeout,4.5.3 ENABLE_NETWORK命令处理
weixin_30746795的博客
05-27 626
ENABLE_NETWORK命令由wpa_supplicant_ctrl_iface_enable_network进行处理,其代码如下所示。**ctrl_iface.c::wpa_supplicant_ctrl_iface_enable_network**~~~static int wpa_supplicant_ctrl_iface_enable_network(struct wpa_suppli...
4wpa_supplicant适配层 -- 详解 5wpa_supplicant程序 --详解 6wpa_supplicant无线网络配置
Gabby
09-26 1581
http://blog.csdn.net/wh_19910525/article/details/7392390 适配层是 通用的wpa_supplicant的 封装,在Android中 作为 WiFi部分的 硬件抽象层来使用。wpa_supplicant适配层 主要用于 与wpa_supplicant守护进程 的通信,以提供给Android框架使用,它实现了 加载、控制
Android wpa_supplicant源码分析--启动之网络接口初始化
weichanghu_的博客
02-26 1086
1 wpa_supplicant结构体与网络接口在手机adb中运行 netcfg或者ifconfig可以看到相关的网络接口的ip,掩码,mac地址等信息 Wpa_supplicant为每个网络接口都分配了一个struct wpa_supplicant, 该结构体存储了一些必要信息例如 struct dl_list bss(扫描结果); struct wpa_config *conf(配置文件)等等...
跟一下wpa_supplicant(3-2) connect AP
weixin_34248118的博客
11-21 211
2019独角兽企业重金招聘Python工程师标准>>> ...
WPA 4次握手
lixiangminghate的专栏
01-25 1162
一、why EALOP 4-way handshake 为了解决无线传输不安全,需要对无线连接的接入进行控制,并实现帧传播的加解密。WPA 4-way handshake有点相当于一个“安全”地协商“交换”秘钥的过程。这个秘钥就是PTK(PairwiseTransient Key),成对传输秘钥。 二、WPA 4-way handshake过程 1.一个简单的4-way ha...
wpa_supplicant 2.0版源代码阅读(2) ---- L2_packet模块
weixin_38503885的博客
10-17 1279
2. L2_packet模块     L2_packet模块是wpa_supplicant软件中实现EAPOL帧的收发功能的模块。L2即网络协议层的数据链路层。wpa_supplicant针对不同的OS系统,采用了不同的抓包技术实现。windows平台采用NDIS协议驱动抓包技术,linux平台采用packet socket抓包技术。     该模块的实现代码在目录wpa_supplicant/...
深入理解 WLAN 中的WPS
alimingh的博客
03-27 2775
第6章深入理解Wi-Fi Simple Configuration 本章主要内容: 介绍Wi-Fi Simple Configuration相关知识; 介绍Android中WSC的相关代码。 6.1概述 在Wi-Fi相关技术体系中,除了802.11定义的标准规范外,Wi-Fi Alliance(Wi-Fi联盟)也推出了两项比较重要的技术规范,他们分别是Wi-Fi Simple Configuration和Wi-Fi P2P。其中: Wi-Fi Simple Configuration(以后简...
讲解一下Android wpa_supplicant
最新发布
07-14
Android wpa_supplicantAndroid系统中负责管理Wi-Fi连接的关键组件之一。它是基于Linux系统的wpa_supplicant软件的Android定制版本。 wpa_supplicant是一个开源的Wi-Fi客户端,它支持WPA(Wi-Fi Protected Access...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值