/src/hostap/wpa_supplicant/wpas_glue.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * WPA Supplicant - Glue code to setup EAPOL and RSN modules |
3 | | * Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi> |
4 | | * |
5 | | * This software may be distributed under the terms of the BSD license. |
6 | | * See README for more details. |
7 | | */ |
8 | | |
9 | | #include "includes.h" |
10 | | |
11 | | #include "common.h" |
12 | | #include "eapol_supp/eapol_supp_sm.h" |
13 | | #include "eap_peer/eap.h" |
14 | | #include "rsn_supp/wpa.h" |
15 | | #include "eloop.h" |
16 | | #include "config.h" |
17 | | #include "l2_packet/l2_packet.h" |
18 | | #include "common/wpa_common.h" |
19 | | #include "common/ptksa_cache.h" |
20 | | #include "wpa_supplicant_i.h" |
21 | | #include "driver_i.h" |
22 | | #include "rsn_supp/pmksa_cache.h" |
23 | | #include "sme.h" |
24 | | #include "common/ieee802_11_defs.h" |
25 | | #include "common/wpa_ctrl.h" |
26 | | #include "wpas_glue.h" |
27 | | #include "wps_supplicant.h" |
28 | | #include "bss.h" |
29 | | #include "scan.h" |
30 | | #include "notify.h" |
31 | | #include "wpas_kay.h" |
32 | | |
33 | | |
34 | | #ifndef CONFIG_NO_CONFIG_BLOBS |
35 | | #if defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA) |
36 | | static void wpa_supplicant_set_config_blob(void *ctx, |
37 | | struct wpa_config_blob *blob) |
38 | 0 | { |
39 | 0 | struct wpa_supplicant *wpa_s = ctx; |
40 | 0 | wpa_config_set_blob(wpa_s->conf, blob); |
41 | 0 | if (wpa_s->conf->update_config) { |
42 | 0 | int ret = wpa_config_write(wpa_s->confname, wpa_s->conf); |
43 | 0 | if (ret) { |
44 | 0 | wpa_printf(MSG_DEBUG, "Failed to update config after " |
45 | 0 | "blob set"); |
46 | 0 | } |
47 | 0 | } |
48 | 0 | } |
49 | | |
50 | | |
51 | | static const struct wpa_config_blob * |
52 | | wpa_supplicant_get_config_blob(void *ctx, const char *name) |
53 | 0 | { |
54 | 0 | struct wpa_supplicant *wpa_s = ctx; |
55 | 0 | return wpa_config_get_blob(wpa_s->conf, name); |
56 | 0 | } |
57 | | #endif /* defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA) */ |
58 | | #endif /* CONFIG_NO_CONFIG_BLOBS */ |
59 | | |
60 | | |
61 | | #if defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA) |
62 | | static u8 * wpa_alloc_eapol(const struct wpa_supplicant *wpa_s, u8 type, |
63 | | const void *data, u16 data_len, |
64 | | size_t *msg_len, void **data_pos) |
65 | 0 | { |
66 | 0 | struct ieee802_1x_hdr *hdr; |
67 | |
|
68 | 0 | *msg_len = sizeof(*hdr) + data_len; |
69 | 0 | hdr = os_malloc(*msg_len); |
70 | 0 | if (hdr == NULL) |
71 | 0 | return NULL; |
72 | | |
73 | 0 | hdr->version = wpa_s->conf->eapol_version; |
74 | 0 | hdr->type = type; |
75 | 0 | hdr->length = host_to_be16(data_len); |
76 | |
|
77 | 0 | if (data) |
78 | 0 | os_memcpy(hdr + 1, data, data_len); |
79 | 0 | else |
80 | 0 | os_memset(hdr + 1, 0, data_len); |
81 | |
|
82 | 0 | if (data_pos) |
83 | 0 | *data_pos = hdr + 1; |
84 | |
|
85 | 0 | return (u8 *) hdr; |
86 | 0 | } |
87 | | |
88 | | |
89 | | /** |
90 | | * wpa_ether_send - Send Ethernet frame |
91 | | * @wpa_s: Pointer to wpa_supplicant data |
92 | | * @dest: Destination MAC address |
93 | | * @proto: Ethertype in host byte order |
94 | | * @buf: Frame payload starting from IEEE 802.1X header |
95 | | * @len: Frame payload length |
96 | | * Returns: >=0 on success, <0 on failure |
97 | | */ |
98 | | int wpa_ether_send(struct wpa_supplicant *wpa_s, const u8 *dest, |
99 | | u16 proto, const u8 *buf, size_t len) |
100 | 0 | { |
101 | | #ifdef CONFIG_TESTING_OPTIONS |
102 | | if (wpa_s->ext_eapol_frame_io && proto == ETH_P_EAPOL) { |
103 | | size_t hex_len = 2 * len + 1; |
104 | | char *hex = os_malloc(hex_len); |
105 | | |
106 | | if (hex == NULL) |
107 | | return -1; |
108 | | wpa_snprintf_hex(hex, hex_len, buf, len); |
109 | | wpa_msg(wpa_s, MSG_INFO, "EAPOL-TX " MACSTR " %s", |
110 | | MAC2STR(dest), hex); |
111 | | os_free(hex); |
112 | | return 0; |
113 | | } |
114 | | #endif /* CONFIG_TESTING_OPTIONS */ |
115 | |
|
116 | 0 | if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_CONTROL_PORT) { |
117 | 0 | int encrypt = wpa_s->wpa && |
118 | 0 | wpa_sm_has_ptk_installed(wpa_s->wpa); |
119 | |
|
120 | 0 | return wpa_drv_tx_control_port(wpa_s, dest, proto, buf, len, |
121 | 0 | !encrypt); |
122 | 0 | } |
123 | | |
124 | 0 | if (wpa_s->l2) { |
125 | 0 | return l2_packet_send(wpa_s->l2, dest, proto, buf, len); |
126 | 0 | } |
127 | | |
128 | 0 | return -1; |
129 | 0 | } |
130 | | #endif /* IEEE8021X_EAPOL || !CONFIG_NO_WPA */ |
131 | | |
132 | | |
133 | | #ifdef IEEE8021X_EAPOL |
134 | | |
135 | | /** |
136 | | * wpa_supplicant_eapol_send - Send IEEE 802.1X EAPOL packet to Authenticator |
137 | | * @ctx: Pointer to wpa_supplicant data (wpa_s) |
138 | | * @type: IEEE 802.1X packet type (IEEE802_1X_TYPE_*) |
139 | | * @buf: EAPOL payload (after IEEE 802.1X header) |
140 | | * @len: EAPOL payload length |
141 | | * Returns: >=0 on success, <0 on failure |
142 | | * |
143 | | * This function adds Ethernet and IEEE 802.1X header and sends the EAPOL frame |
144 | | * to the current Authenticator. |
145 | | */ |
146 | | static int wpa_supplicant_eapol_send(void *ctx, int type, const u8 *buf, |
147 | | size_t len) |
148 | 0 | { |
149 | 0 | struct wpa_supplicant *wpa_s = ctx; |
150 | 0 | u8 *msg, *dst, bssid[ETH_ALEN]; |
151 | 0 | size_t msglen; |
152 | 0 | int res; |
153 | | |
154 | | /* TODO: could add l2_packet_sendmsg that allows fragments to avoid |
155 | | * extra copy here */ |
156 | |
|
157 | 0 | if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) || |
158 | 0 | wpa_s->key_mgmt == WPA_KEY_MGMT_OWE || |
159 | 0 | wpa_s->key_mgmt == WPA_KEY_MGMT_DPP || |
160 | 0 | wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) { |
161 | | /* Current SSID is not using IEEE 802.1X/EAP, so drop possible |
162 | | * EAPOL frames (mainly, EAPOL-Start) from EAPOL state |
163 | | * machines. */ |
164 | 0 | wpa_printf(MSG_DEBUG, "WPA: drop TX EAPOL in non-IEEE 802.1X " |
165 | 0 | "mode (type=%d len=%lu)", type, |
166 | 0 | (unsigned long) len); |
167 | 0 | return -1; |
168 | 0 | } |
169 | | |
170 | 0 | if (pmksa_cache_get_current(wpa_s->wpa) && |
171 | 0 | type == IEEE802_1X_TYPE_EAPOL_START) { |
172 | | /* |
173 | | * We were trying to use PMKSA caching and sending EAPOL-Start |
174 | | * would abort that and trigger full EAPOL authentication. |
175 | | * However, we've already waited for the AP/Authenticator to |
176 | | * start 4-way handshake or EAP authentication, and apparently |
177 | | * it has not done so since the startWhen timer has reached zero |
178 | | * to get the state machine sending EAPOL-Start. This is not |
179 | | * really supposed to happen, but an interoperability issue with |
180 | | * a deployed AP has been identified where the connection fails |
181 | | * due to that AP failing to operate correctly if PMKID is |
182 | | * included in the Association Request frame. To work around |
183 | | * this, assume PMKSA caching failed and try to initiate full |
184 | | * EAP authentication. |
185 | | */ |
186 | 0 | if (!wpa_s->current_ssid || |
187 | 0 | wpa_s->current_ssid->eap_workaround) { |
188 | 0 | wpa_printf(MSG_DEBUG, |
189 | 0 | "RSN: Timeout on waiting for the AP to initiate 4-way handshake for PMKSA caching or EAP authentication - try to force it to start EAP authentication"); |
190 | 0 | } else { |
191 | 0 | wpa_printf(MSG_DEBUG, |
192 | 0 | "RSN: PMKSA caching - do not send EAPOL-Start"); |
193 | 0 | return -1; |
194 | 0 | } |
195 | 0 | } |
196 | | |
197 | 0 | if (is_zero_ether_addr(wpa_s->bssid)) { |
198 | 0 | wpa_printf(MSG_DEBUG, "BSSID not set when trying to send an " |
199 | 0 | "EAPOL frame"); |
200 | 0 | if (wpa_drv_get_bssid(wpa_s, bssid) == 0 && |
201 | 0 | !is_zero_ether_addr(bssid)) { |
202 | 0 | dst = bssid; |
203 | 0 | wpa_printf(MSG_DEBUG, "Using current BSSID " MACSTR |
204 | 0 | " from the driver as the EAPOL destination", |
205 | 0 | MAC2STR(dst)); |
206 | 0 | } else { |
207 | 0 | dst = wpa_s->last_eapol_src; |
208 | 0 | wpa_printf(MSG_DEBUG, "Using the source address of the" |
209 | 0 | " last received EAPOL frame " MACSTR " as " |
210 | 0 | "the EAPOL destination", |
211 | 0 | MAC2STR(dst)); |
212 | 0 | } |
213 | 0 | } else { |
214 | | /* BSSID was already set (from (Re)Assoc event, so use it as |
215 | | * the EAPOL destination. */ |
216 | 0 | dst = wpa_s->bssid; |
217 | 0 | } |
218 | |
|
219 | 0 | msg = wpa_alloc_eapol(wpa_s, type, buf, len, &msglen, NULL); |
220 | 0 | if (msg == NULL) |
221 | 0 | return -1; |
222 | | |
223 | 0 | wpa_printf(MSG_DEBUG, "TX EAPOL: dst=" MACSTR, MAC2STR(dst)); |
224 | 0 | wpa_hexdump(MSG_MSGDUMP, "TX EAPOL", msg, msglen); |
225 | 0 | res = wpa_ether_send(wpa_s, dst, ETH_P_EAPOL, msg, msglen); |
226 | 0 | os_free(msg); |
227 | 0 | return res; |
228 | 0 | } |
229 | | |
230 | | |
231 | | #ifdef CONFIG_WEP |
232 | | /** |
233 | | * wpa_eapol_set_wep_key - set WEP key for the driver |
234 | | * @ctx: Pointer to wpa_supplicant data (wpa_s) |
235 | | * @unicast: 1 = individual unicast key, 0 = broadcast key |
236 | | * @keyidx: WEP key index (0..3) |
237 | | * @key: Pointer to key data |
238 | | * @keylen: Key length in bytes |
239 | | * Returns: 0 on success or < 0 on error. |
240 | | */ |
241 | | static int wpa_eapol_set_wep_key(void *ctx, int unicast, int keyidx, |
242 | | const u8 *key, size_t keylen) |
243 | | { |
244 | | struct wpa_supplicant *wpa_s = ctx; |
245 | | if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) { |
246 | | int cipher = (keylen == 5) ? WPA_CIPHER_WEP40 : |
247 | | WPA_CIPHER_WEP104; |
248 | | if (unicast) |
249 | | wpa_s->pairwise_cipher = cipher; |
250 | | else |
251 | | wpa_s->group_cipher = cipher; |
252 | | } |
253 | | return wpa_drv_set_key(wpa_s, -1, WPA_ALG_WEP, |
254 | | unicast ? wpa_s->bssid : NULL, |
255 | | keyidx, unicast, NULL, 0, key, keylen, |
256 | | unicast ? KEY_FLAG_PAIRWISE_RX_TX : |
257 | | KEY_FLAG_GROUP_RX_TX_DEFAULT); |
258 | | } |
259 | | #endif /* CONFIG_WEP */ |
260 | | |
261 | | |
262 | | static void wpa_supplicant_aborted_cached(void *ctx) |
263 | 0 | { |
264 | 0 | struct wpa_supplicant *wpa_s = ctx; |
265 | 0 | wpa_sm_aborted_cached(wpa_s->wpa); |
266 | 0 | } |
267 | | |
268 | | |
269 | | static const char * result_str(enum eapol_supp_result result) |
270 | 0 | { |
271 | 0 | switch (result) { |
272 | 0 | case EAPOL_SUPP_RESULT_FAILURE: |
273 | 0 | return "FAILURE"; |
274 | 0 | case EAPOL_SUPP_RESULT_SUCCESS: |
275 | 0 | return "SUCCESS"; |
276 | 0 | case EAPOL_SUPP_RESULT_EXPECTED_FAILURE: |
277 | 0 | return "EXPECTED_FAILURE"; |
278 | 0 | } |
279 | 0 | return "?"; |
280 | 0 | } |
281 | | |
282 | | |
283 | | static void wpa_supplicant_eapol_cb(struct eapol_sm *eapol, |
284 | | enum eapol_supp_result result, |
285 | | void *ctx) |
286 | 0 | { |
287 | 0 | struct wpa_supplicant *wpa_s = ctx; |
288 | 0 | int res, pmk_len; |
289 | 0 | u8 pmk[PMK_LEN_MAX]; |
290 | |
|
291 | 0 | wpa_printf(MSG_DEBUG, "EAPOL authentication completed - result=%s", |
292 | 0 | result_str(result)); |
293 | |
|
294 | 0 | if (wpas_wps_eapol_cb(wpa_s) > 0) |
295 | 0 | return; |
296 | | |
297 | 0 | wpa_s->eap_expected_failure = result == |
298 | 0 | EAPOL_SUPP_RESULT_EXPECTED_FAILURE; |
299 | |
|
300 | 0 | if (result != EAPOL_SUPP_RESULT_SUCCESS) { |
301 | 0 | int timeout = 2; |
302 | | /* |
303 | | * Make sure we do not get stuck here waiting for long EAPOL |
304 | | * timeout if the AP does not disconnect in case of |
305 | | * authentication failure. |
306 | | */ |
307 | 0 | if (wpa_s->eapol_failed) { |
308 | 0 | wpa_printf(MSG_DEBUG, |
309 | 0 | "EAPOL authentication failed again and AP did not disconnect us"); |
310 | 0 | timeout = 0; |
311 | 0 | } |
312 | 0 | wpa_s->eapol_failed = 1; |
313 | 0 | wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0); |
314 | 0 | } else { |
315 | 0 | wpa_s->eapol_failed = 0; |
316 | 0 | ieee802_1x_notify_create_actor(wpa_s, wpa_s->last_eapol_src); |
317 | 0 | } |
318 | |
|
319 | 0 | if (result != EAPOL_SUPP_RESULT_SUCCESS || |
320 | 0 | !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X)) |
321 | 0 | return; |
322 | | |
323 | 0 | if (!wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) |
324 | 0 | return; |
325 | | |
326 | 0 | wpa_printf(MSG_DEBUG, "Configure PMK for driver-based RSN 4-way " |
327 | 0 | "handshake"); |
328 | |
|
329 | 0 | if (wpa_key_mgmt_sha384(wpa_s->key_mgmt)) |
330 | 0 | pmk_len = PMK_LEN_SUITE_B_192; |
331 | 0 | else |
332 | 0 | pmk_len = PMK_LEN; |
333 | |
|
334 | 0 | if (wpa_key_mgmt_ft(wpa_s->key_mgmt)) { |
335 | | #ifdef CONFIG_IEEE80211R |
336 | | u8 buf[2 * PMK_LEN]; |
337 | | wpa_printf(MSG_DEBUG, "RSN: Use FT XXKey as PMK for " |
338 | | "driver-based 4-way hs and FT"); |
339 | | res = eapol_sm_get_key(eapol, buf, 2 * PMK_LEN); |
340 | | if (res == 0) { |
341 | | os_memcpy(pmk, buf + PMK_LEN, PMK_LEN); |
342 | | os_memset(buf, 0, sizeof(buf)); |
343 | | } |
344 | | #else /* CONFIG_IEEE80211R */ |
345 | 0 | res = -1; |
346 | 0 | #endif /* CONFIG_IEEE80211R */ |
347 | 0 | } else { |
348 | 0 | res = eapol_sm_get_key(eapol, pmk, pmk_len); |
349 | 0 | if (res) { |
350 | | /* |
351 | | * EAP-LEAP is an exception from other EAP methods: it |
352 | | * uses only 16-byte PMK. |
353 | | */ |
354 | 0 | res = eapol_sm_get_key(eapol, pmk, 16); |
355 | 0 | pmk_len = 16; |
356 | 0 | } |
357 | 0 | } |
358 | |
|
359 | 0 | if (res) { |
360 | 0 | wpa_printf(MSG_DEBUG, "Failed to get PMK from EAPOL state " |
361 | 0 | "machines"); |
362 | 0 | return; |
363 | 0 | } |
364 | | |
365 | 0 | wpa_hexdump_key(MSG_DEBUG, "RSN: Configure PMK for driver-based 4-way " |
366 | 0 | "handshake", pmk, pmk_len); |
367 | |
|
368 | 0 | if (wpa_drv_set_key(wpa_s, -1, 0, NULL, 0, 0, NULL, 0, pmk, |
369 | 0 | pmk_len, KEY_FLAG_PMK)) { |
370 | 0 | wpa_printf(MSG_DEBUG, "Failed to set PMK to the driver"); |
371 | 0 | } |
372 | |
|
373 | 0 | wpa_supplicant_cancel_scan(wpa_s); |
374 | 0 | wpa_supplicant_cancel_auth_timeout(wpa_s); |
375 | 0 | wpa_supplicant_set_state(wpa_s, WPA_COMPLETED); |
376 | |
|
377 | 0 | } |
378 | | |
379 | | |
380 | | static void wpa_supplicant_notify_eapol_done(void *ctx) |
381 | 0 | { |
382 | 0 | struct wpa_supplicant *wpa_s = ctx; |
383 | 0 | wpa_msg(wpa_s, MSG_DEBUG, "WPA: EAPOL processing complete"); |
384 | 0 | if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) { |
385 | 0 | wpa_supplicant_set_state(wpa_s, WPA_4WAY_HANDSHAKE); |
386 | 0 | } else { |
387 | 0 | wpa_supplicant_cancel_auth_timeout(wpa_s); |
388 | 0 | wpa_supplicant_set_state(wpa_s, WPA_COMPLETED); |
389 | 0 | } |
390 | 0 | } |
391 | | |
392 | | #endif /* IEEE8021X_EAPOL */ |
393 | | |
394 | | |
395 | | #ifndef CONFIG_NO_WPA |
396 | | |
397 | | static int wpa_get_beacon_ie(struct wpa_supplicant *wpa_s) |
398 | 0 | { |
399 | 0 | int ret = 0; |
400 | 0 | struct wpa_bss *curr = NULL, *bss; |
401 | 0 | struct wpa_ssid *ssid = wpa_s->current_ssid; |
402 | 0 | const u8 *ie; |
403 | |
|
404 | 0 | dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { |
405 | 0 | if (os_memcmp(bss->bssid, wpa_s->bssid, ETH_ALEN) != 0) |
406 | 0 | continue; |
407 | 0 | if (ssid == NULL || |
408 | 0 | ((bss->ssid_len == ssid->ssid_len && |
409 | 0 | os_memcmp(bss->ssid, ssid->ssid, ssid->ssid_len) == 0) || |
410 | 0 | ssid->ssid_len == 0)) { |
411 | 0 | curr = bss; |
412 | 0 | break; |
413 | 0 | } |
414 | | #ifdef CONFIG_OWE |
415 | | if (ssid && (ssid->key_mgmt & WPA_KEY_MGMT_OWE) && |
416 | | (bss->flags & WPA_BSS_OWE_TRANSITION)) { |
417 | | curr = bss; |
418 | | break; |
419 | | } |
420 | | #endif /* CONFIG_OWE */ |
421 | 0 | } |
422 | |
|
423 | 0 | if (curr) { |
424 | 0 | ie = wpa_bss_get_vendor_ie(curr, WPA_IE_VENDOR_TYPE); |
425 | 0 | if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0)) |
426 | 0 | ret = -1; |
427 | |
|
428 | 0 | ie = wpa_bss_get_ie(curr, WLAN_EID_RSN); |
429 | 0 | if (wpa_sm_set_ap_rsn_ie(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0)) |
430 | 0 | ret = -1; |
431 | |
|
432 | 0 | ie = wpa_bss_get_ie(curr, WLAN_EID_RSNX); |
433 | 0 | if (wpa_sm_set_ap_rsnxe(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0)) |
434 | 0 | ret = -1; |
435 | 0 | } else { |
436 | 0 | ret = -1; |
437 | 0 | } |
438 | |
|
439 | 0 | return ret; |
440 | 0 | } |
441 | | |
442 | | |
443 | | static int wpa_supplicant_get_beacon_ie(void *ctx) |
444 | 0 | { |
445 | 0 | struct wpa_supplicant *wpa_s = ctx; |
446 | 0 | if (wpa_get_beacon_ie(wpa_s) == 0) { |
447 | 0 | return 0; |
448 | 0 | } |
449 | | |
450 | | /* No WPA/RSN IE found in the cached scan results. Try to get updated |
451 | | * scan results from the driver. */ |
452 | 0 | if (wpa_supplicant_update_scan_results(wpa_s) < 0) |
453 | 0 | return -1; |
454 | | |
455 | 0 | return wpa_get_beacon_ie(wpa_s); |
456 | 0 | } |
457 | | |
458 | | |
459 | | static u8 * _wpa_alloc_eapol(void *wpa_s, u8 type, |
460 | | const void *data, u16 data_len, |
461 | | size_t *msg_len, void **data_pos) |
462 | 0 | { |
463 | 0 | return wpa_alloc_eapol(wpa_s, type, data, data_len, msg_len, data_pos); |
464 | 0 | } |
465 | | |
466 | | |
467 | | static int _wpa_ether_send(void *wpa_s, const u8 *dest, u16 proto, |
468 | | const u8 *buf, size_t len) |
469 | 0 | { |
470 | 0 | return wpa_ether_send(wpa_s, dest, proto, buf, len); |
471 | 0 | } |
472 | | |
473 | | |
474 | | static void _wpa_supplicant_cancel_auth_timeout(void *wpa_s) |
475 | 0 | { |
476 | 0 | wpa_supplicant_cancel_auth_timeout(wpa_s); |
477 | 0 | } |
478 | | |
479 | | |
480 | | static void _wpa_supplicant_set_state(void *wpa_s, enum wpa_states state) |
481 | 0 | { |
482 | 0 | wpa_supplicant_set_state(wpa_s, state); |
483 | 0 | } |
484 | | |
485 | | |
486 | | /** |
487 | | * wpa_supplicant_get_state - Get the connection state |
488 | | * @wpa_s: Pointer to wpa_supplicant data |
489 | | * Returns: The current connection state (WPA_*) |
490 | | */ |
491 | | static enum wpa_states wpa_supplicant_get_state(struct wpa_supplicant *wpa_s) |
492 | 0 | { |
493 | 0 | return wpa_s->wpa_state; |
494 | 0 | } |
495 | | |
496 | | |
497 | | static enum wpa_states _wpa_supplicant_get_state(void *wpa_s) |
498 | 0 | { |
499 | 0 | return wpa_supplicant_get_state(wpa_s); |
500 | 0 | } |
501 | | |
502 | | |
503 | | static void _wpa_supplicant_deauthenticate(void *wpa_s, u16 reason_code) |
504 | 0 | { |
505 | 0 | wpa_supplicant_deauthenticate(wpa_s, reason_code); |
506 | | /* Schedule a scan to make sure we continue looking for networks */ |
507 | 0 | wpa_supplicant_req_scan(wpa_s, 5, 0); |
508 | 0 | } |
509 | | |
510 | | |
511 | | static void _wpa_supplicant_reconnect(void *wpa_s) |
512 | 0 | { |
513 | 0 | wpa_supplicant_reconnect(wpa_s); |
514 | 0 | } |
515 | | |
516 | | |
517 | | static void * wpa_supplicant_get_network_ctx(void *wpa_s) |
518 | 0 | { |
519 | 0 | return wpa_supplicant_get_ssid(wpa_s); |
520 | 0 | } |
521 | | |
522 | | |
523 | | static int wpa_supplicant_get_bssid(void *ctx, u8 *bssid) |
524 | 0 | { |
525 | 0 | struct wpa_supplicant *wpa_s = ctx; |
526 | 0 | return wpa_drv_get_bssid(wpa_s, bssid); |
527 | 0 | } |
528 | | |
529 | | |
530 | | static int wpa_supplicant_set_key(void *_wpa_s, int link_id, enum wpa_alg alg, |
531 | | const u8 *addr, int key_idx, int set_tx, |
532 | | const u8 *seq, size_t seq_len, |
533 | | const u8 *key, size_t key_len, |
534 | | enum key_flag key_flag) |
535 | 0 | { |
536 | 0 | struct wpa_supplicant *wpa_s = _wpa_s; |
537 | 0 | if (alg == WPA_ALG_TKIP && key_idx == 0 && key_len == 32) { |
538 | | /* Clear the MIC error counter when setting a new PTK. */ |
539 | 0 | wpa_s->mic_errors_seen = 0; |
540 | 0 | } |
541 | | #ifdef CONFIG_TESTING_GET_GTK |
542 | | if (key_idx > 0 && addr && is_broadcast_ether_addr(addr) && |
543 | | alg != WPA_ALG_NONE && key_len <= sizeof(wpa_s->last_gtk)) { |
544 | | os_memcpy(wpa_s->last_gtk, key, key_len); |
545 | | wpa_s->last_gtk_len = key_len; |
546 | | } |
547 | | #endif /* CONFIG_TESTING_GET_GTK */ |
548 | | #ifdef CONFIG_TESTING_OPTIONS |
549 | | if (addr && !is_broadcast_ether_addr(addr) && |
550 | | !(key_flag & KEY_FLAG_MODIFY)) { |
551 | | wpa_s->last_tk_alg = alg; |
552 | | os_memcpy(wpa_s->last_tk_addr, addr, ETH_ALEN); |
553 | | wpa_s->last_tk_key_idx = key_idx; |
554 | | if (key) |
555 | | os_memcpy(wpa_s->last_tk, key, key_len); |
556 | | wpa_s->last_tk_len = key_len; |
557 | | } |
558 | | #endif /* CONFIG_TESTING_OPTIONS */ |
559 | 0 | return wpa_drv_set_key(wpa_s, link_id, alg, addr, key_idx, set_tx, seq, |
560 | 0 | seq_len, key, key_len, key_flag); |
561 | 0 | } |
562 | | |
563 | | |
564 | | static int wpa_supplicant_mlme_setprotection(void *wpa_s, const u8 *addr, |
565 | | int protection_type, |
566 | | int key_type) |
567 | 0 | { |
568 | 0 | return wpa_drv_mlme_setprotection(wpa_s, addr, protection_type, |
569 | 0 | key_type); |
570 | 0 | } |
571 | | |
572 | | |
573 | | static struct wpa_ssid * wpas_get_network_ctx(struct wpa_supplicant *wpa_s, |
574 | | void *network_ctx) |
575 | 0 | { |
576 | 0 | struct wpa_ssid *ssid; |
577 | |
|
578 | 0 | for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { |
579 | 0 | if (network_ctx == ssid) |
580 | 0 | return ssid; |
581 | 0 | } |
582 | | |
583 | 0 | return NULL; |
584 | 0 | } |
585 | | |
586 | | |
587 | | static int wpa_supplicant_add_pmkid(void *_wpa_s, void *network_ctx, |
588 | | const u8 *bssid, const u8 *pmkid, |
589 | | const u8 *fils_cache_id, |
590 | | const u8 *pmk, size_t pmk_len, |
591 | | u32 pmk_lifetime, u8 pmk_reauth_threshold, |
592 | | int akmp) |
593 | 0 | { |
594 | 0 | struct wpa_supplicant *wpa_s = _wpa_s; |
595 | 0 | struct wpa_ssid *ssid; |
596 | 0 | struct wpa_pmkid_params params; |
597 | |
|
598 | 0 | os_memset(¶ms, 0, sizeof(params)); |
599 | 0 | ssid = wpas_get_network_ctx(wpa_s, network_ctx); |
600 | 0 | if (ssid) { |
601 | 0 | wpa_msg(wpa_s, MSG_INFO, PMKSA_CACHE_ADDED MACSTR " %d", |
602 | 0 | MAC2STR(bssid), ssid->id); |
603 | 0 | if ((akmp == WPA_KEY_MGMT_FT_IEEE8021X || |
604 | 0 | akmp == WPA_KEY_MGMT_FT_IEEE8021X_SHA384) && |
605 | 0 | !ssid->ft_eap_pmksa_caching) { |
606 | | /* Since we will not be using PMKSA caching for FT-EAP |
607 | | * within wpa_supplicant to avoid known interop issues |
608 | | * with APs, do not add this PMKID to the driver either |
609 | | * so that we won't be hitting those interop issues |
610 | | * with driver-based RSNE generation. */ |
611 | 0 | wpa_printf(MSG_DEBUG, |
612 | 0 | "FT: Do not add PMKID entry to the driver since FT-EAP PMKSA caching is not enabled in configuration"); |
613 | 0 | return 0; |
614 | 0 | } |
615 | 0 | } |
616 | 0 | if (ssid && fils_cache_id) { |
617 | 0 | params.ssid = ssid->ssid; |
618 | 0 | params.ssid_len = ssid->ssid_len; |
619 | 0 | params.fils_cache_id = fils_cache_id; |
620 | 0 | } else { |
621 | 0 | params.bssid = bssid; |
622 | 0 | } |
623 | |
|
624 | 0 | params.pmkid = pmkid; |
625 | 0 | params.pmk = pmk; |
626 | 0 | params.pmk_len = pmk_len; |
627 | 0 | params.pmk_lifetime = pmk_lifetime; |
628 | 0 | params.pmk_reauth_threshold = pmk_reauth_threshold; |
629 | |
|
630 | 0 | return wpa_drv_add_pmkid(wpa_s, ¶ms); |
631 | 0 | } |
632 | | |
633 | | |
634 | | static int wpa_supplicant_remove_pmkid(void *_wpa_s, void *network_ctx, |
635 | | const u8 *bssid, const u8 *pmkid, |
636 | | const u8 *fils_cache_id) |
637 | 0 | { |
638 | 0 | struct wpa_supplicant *wpa_s = _wpa_s; |
639 | 0 | struct wpa_ssid *ssid; |
640 | 0 | struct wpa_pmkid_params params; |
641 | |
|
642 | 0 | os_memset(¶ms, 0, sizeof(params)); |
643 | 0 | ssid = wpas_get_network_ctx(wpa_s, network_ctx); |
644 | 0 | if (ssid) |
645 | 0 | wpa_msg(wpa_s, MSG_INFO, PMKSA_CACHE_REMOVED MACSTR " %d", |
646 | 0 | MAC2STR(bssid), ssid->id); |
647 | 0 | if (ssid && fils_cache_id) { |
648 | 0 | params.ssid = ssid->ssid; |
649 | 0 | params.ssid_len = ssid->ssid_len; |
650 | 0 | params.fils_cache_id = fils_cache_id; |
651 | 0 | } else { |
652 | 0 | params.bssid = bssid; |
653 | 0 | } |
654 | |
|
655 | 0 | params.pmkid = pmkid; |
656 | |
|
657 | 0 | return wpa_drv_remove_pmkid(wpa_s, ¶ms); |
658 | 0 | } |
659 | | |
660 | | |
661 | | #ifdef CONFIG_IEEE80211R |
662 | | static int wpa_supplicant_update_ft_ies(void *ctx, const u8 *md, |
663 | | const u8 *ies, size_t ies_len) |
664 | | { |
665 | | struct wpa_supplicant *wpa_s = ctx; |
666 | | if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) |
667 | | return sme_update_ft_ies(wpa_s, md, ies, ies_len); |
668 | | return wpa_drv_update_ft_ies(wpa_s, md, ies, ies_len); |
669 | | } |
670 | | |
671 | | |
672 | | static int wpa_supplicant_send_ft_action(void *ctx, u8 action, |
673 | | const u8 *target_ap, |
674 | | const u8 *ies, size_t ies_len) |
675 | | { |
676 | | struct wpa_supplicant *wpa_s = ctx; |
677 | | int ret; |
678 | | u8 *data, *pos; |
679 | | size_t data_len; |
680 | | |
681 | | if (action != 1) { |
682 | | wpa_printf(MSG_ERROR, "Unsupported send_ft_action action %d", |
683 | | action); |
684 | | return -1; |
685 | | } |
686 | | |
687 | | /* |
688 | | * Action frame payload: |
689 | | * Category[1] = 6 (Fast BSS Transition) |
690 | | * Action[1] = 1 (Fast BSS Transition Request) |
691 | | * STA Address |
692 | | * Target AP Address |
693 | | * FT IEs |
694 | | */ |
695 | | |
696 | | data_len = 2 + 2 * ETH_ALEN + ies_len; |
697 | | data = os_malloc(data_len); |
698 | | if (data == NULL) |
699 | | return -1; |
700 | | pos = data; |
701 | | *pos++ = 0x06; /* FT Action category */ |
702 | | *pos++ = action; |
703 | | os_memcpy(pos, wpa_s->own_addr, ETH_ALEN); |
704 | | pos += ETH_ALEN; |
705 | | os_memcpy(pos, target_ap, ETH_ALEN); |
706 | | pos += ETH_ALEN; |
707 | | os_memcpy(pos, ies, ies_len); |
708 | | |
709 | | ret = wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, |
710 | | wpa_s->bssid, wpa_s->own_addr, wpa_s->bssid, |
711 | | data, data_len, 0); |
712 | | os_free(data); |
713 | | |
714 | | return ret; |
715 | | } |
716 | | |
717 | | |
718 | | static int wpa_supplicant_mark_authenticated(void *ctx, const u8 *target_ap) |
719 | | { |
720 | | struct wpa_supplicant *wpa_s = ctx; |
721 | | struct wpa_driver_auth_params params; |
722 | | struct wpa_bss *bss; |
723 | | |
724 | | bss = wpa_bss_get_bssid(wpa_s, target_ap); |
725 | | if (bss == NULL) |
726 | | return -1; |
727 | | |
728 | | os_memset(¶ms, 0, sizeof(params)); |
729 | | params.bssid = target_ap; |
730 | | params.freq = bss->freq; |
731 | | params.ssid = bss->ssid; |
732 | | params.ssid_len = bss->ssid_len; |
733 | | params.auth_alg = WPA_AUTH_ALG_FT; |
734 | | params.local_state_change = 1; |
735 | | return wpa_drv_authenticate(wpa_s, ¶ms); |
736 | | } |
737 | | #endif /* CONFIG_IEEE80211R */ |
738 | | |
739 | | |
740 | | #ifdef CONFIG_TDLS |
741 | | |
742 | | static int wpa_supplicant_tdls_get_capa(void *ctx, int *tdls_supported, |
743 | | int *tdls_ext_setup, |
744 | | int *tdls_chan_switch) |
745 | | { |
746 | | struct wpa_supplicant *wpa_s = ctx; |
747 | | |
748 | | *tdls_supported = 0; |
749 | | *tdls_ext_setup = 0; |
750 | | *tdls_chan_switch = 0; |
751 | | |
752 | | if (!wpa_s->drv_capa_known) |
753 | | return -1; |
754 | | |
755 | | if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT) |
756 | | *tdls_supported = 1; |
757 | | |
758 | | if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_TDLS_EXTERNAL_SETUP) |
759 | | *tdls_ext_setup = 1; |
760 | | |
761 | | if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_TDLS_CHANNEL_SWITCH) |
762 | | *tdls_chan_switch = 1; |
763 | | |
764 | | return 0; |
765 | | } |
766 | | |
767 | | |
768 | | static int wpa_supplicant_send_tdls_mgmt(void *ctx, const u8 *dst, |
769 | | u8 action_code, u8 dialog_token, |
770 | | u16 status_code, u32 peer_capab, |
771 | | int initiator, const u8 *buf, |
772 | | size_t len, int link_id) |
773 | | { |
774 | | struct wpa_supplicant *wpa_s = ctx; |
775 | | return wpa_drv_send_tdls_mgmt(wpa_s, dst, action_code, dialog_token, |
776 | | status_code, peer_capab, initiator, buf, |
777 | | len, link_id); |
778 | | } |
779 | | |
780 | | |
781 | | static int wpa_supplicant_tdls_oper(void *ctx, int oper, const u8 *peer) |
782 | | { |
783 | | struct wpa_supplicant *wpa_s = ctx; |
784 | | return wpa_drv_tdls_oper(wpa_s, oper, peer); |
785 | | } |
786 | | |
787 | | |
788 | | static int wpa_supplicant_tdls_peer_addset( |
789 | | void *ctx, const u8 *peer, int add, u16 aid, u16 capability, |
790 | | const u8 *supp_rates, size_t supp_rates_len, |
791 | | const struct ieee80211_ht_capabilities *ht_capab, |
792 | | const struct ieee80211_vht_capabilities *vht_capab, |
793 | | const struct ieee80211_he_capabilities *he_capab, |
794 | | size_t he_capab_len, |
795 | | const struct ieee80211_he_6ghz_band_cap *he_6ghz_he_capab, |
796 | | u8 qosinfo, int wmm, const u8 *ext_capab, size_t ext_capab_len, |
797 | | const u8 *supp_channels, size_t supp_channels_len, |
798 | | const u8 *supp_oper_classes, size_t supp_oper_classes_len, |
799 | | const struct ieee80211_eht_capabilities *eht_capab, |
800 | | size_t eht_capab_len, int mld_link_id) |
801 | | { |
802 | | struct wpa_supplicant *wpa_s = ctx; |
803 | | struct hostapd_sta_add_params params; |
804 | | |
805 | | os_memset(¶ms, 0, sizeof(params)); |
806 | | |
807 | | params.addr = peer; |
808 | | params.aid = aid; |
809 | | params.capability = capability; |
810 | | params.flags = WPA_STA_TDLS_PEER | WPA_STA_AUTHORIZED; |
811 | | |
812 | | /* |
813 | | * Don't rely only on qosinfo for WMM capability. It may be 0 even when |
814 | | * present. Allow the WMM IE to also indicate QoS support. |
815 | | */ |
816 | | if (wmm || qosinfo) |
817 | | params.flags |= WPA_STA_WMM; |
818 | | |
819 | | params.ht_capabilities = ht_capab; |
820 | | params.vht_capabilities = vht_capab; |
821 | | params.he_capab = he_capab; |
822 | | params.he_capab_len = he_capab_len; |
823 | | params.he_6ghz_capab = he_6ghz_he_capab; |
824 | | params.qosinfo = qosinfo; |
825 | | params.listen_interval = 0; |
826 | | params.supp_rates = supp_rates; |
827 | | params.supp_rates_len = supp_rates_len; |
828 | | params.set = !add; |
829 | | params.ext_capab = ext_capab; |
830 | | params.ext_capab_len = ext_capab_len; |
831 | | params.supp_channels = supp_channels; |
832 | | params.supp_channels_len = supp_channels_len; |
833 | | params.supp_oper_classes = supp_oper_classes; |
834 | | params.supp_oper_classes_len = supp_oper_classes_len; |
835 | | params.eht_capab = eht_capab; |
836 | | params.eht_capab_len = eht_capab_len; |
837 | | params.mld_link_id = mld_link_id; |
838 | | |
839 | | return wpa_drv_sta_add(wpa_s, ¶ms); |
840 | | } |
841 | | |
842 | | |
843 | | static int wpa_supplicant_tdls_enable_channel_switch( |
844 | | void *ctx, const u8 *addr, u8 oper_class, |
845 | | const struct hostapd_freq_params *params) |
846 | | { |
847 | | struct wpa_supplicant *wpa_s = ctx; |
848 | | |
849 | | return wpa_drv_tdls_enable_channel_switch(wpa_s, addr, oper_class, |
850 | | params); |
851 | | } |
852 | | |
853 | | |
854 | | static int wpa_supplicant_tdls_disable_channel_switch(void *ctx, const u8 *addr) |
855 | | { |
856 | | struct wpa_supplicant *wpa_s = ctx; |
857 | | |
858 | | return wpa_drv_tdls_disable_channel_switch(wpa_s, addr); |
859 | | } |
860 | | |
861 | | #endif /* CONFIG_TDLS */ |
862 | | |
863 | | #endif /* CONFIG_NO_WPA */ |
864 | | |
865 | | |
866 | | enum wpa_ctrl_req_type wpa_supplicant_ctrl_req_from_string(const char *field) |
867 | 0 | { |
868 | 0 | if (os_strcmp(field, "IDENTITY") == 0) |
869 | 0 | return WPA_CTRL_REQ_EAP_IDENTITY; |
870 | 0 | else if (os_strcmp(field, "PASSWORD") == 0) |
871 | 0 | return WPA_CTRL_REQ_EAP_PASSWORD; |
872 | 0 | else if (os_strcmp(field, "NEW_PASSWORD") == 0) |
873 | 0 | return WPA_CTRL_REQ_EAP_NEW_PASSWORD; |
874 | 0 | else if (os_strcmp(field, "PIN") == 0) |
875 | 0 | return WPA_CTRL_REQ_EAP_PIN; |
876 | 0 | else if (os_strcmp(field, "OTP") == 0) |
877 | 0 | return WPA_CTRL_REQ_EAP_OTP; |
878 | 0 | else if (os_strcmp(field, "PASSPHRASE") == 0) |
879 | 0 | return WPA_CTRL_REQ_EAP_PASSPHRASE; |
880 | 0 | else if (os_strcmp(field, "SIM") == 0) |
881 | 0 | return WPA_CTRL_REQ_SIM; |
882 | 0 | else if (os_strcmp(field, "PSK_PASSPHRASE") == 0) |
883 | 0 | return WPA_CTRL_REQ_PSK_PASSPHRASE; |
884 | 0 | else if (os_strcmp(field, "EXT_CERT_CHECK") == 0) |
885 | 0 | return WPA_CTRL_REQ_EXT_CERT_CHECK; |
886 | 0 | return WPA_CTRL_REQ_UNKNOWN; |
887 | 0 | } |
888 | | |
889 | | |
890 | | const char * wpa_supplicant_ctrl_req_to_string(enum wpa_ctrl_req_type field, |
891 | | const char *default_txt, |
892 | | const char **txt) |
893 | 0 | { |
894 | 0 | const char *ret = NULL; |
895 | |
|
896 | 0 | *txt = default_txt; |
897 | |
|
898 | 0 | switch (field) { |
899 | 0 | case WPA_CTRL_REQ_EAP_IDENTITY: |
900 | 0 | *txt = "Identity"; |
901 | 0 | ret = "IDENTITY"; |
902 | 0 | break; |
903 | 0 | case WPA_CTRL_REQ_EAP_PASSWORD: |
904 | 0 | *txt = "Password"; |
905 | 0 | ret = "PASSWORD"; |
906 | 0 | break; |
907 | 0 | case WPA_CTRL_REQ_EAP_NEW_PASSWORD: |
908 | 0 | *txt = "New Password"; |
909 | 0 | ret = "NEW_PASSWORD"; |
910 | 0 | break; |
911 | 0 | case WPA_CTRL_REQ_EAP_PIN: |
912 | 0 | *txt = "PIN"; |
913 | 0 | ret = "PIN"; |
914 | 0 | break; |
915 | 0 | case WPA_CTRL_REQ_EAP_OTP: |
916 | 0 | ret = "OTP"; |
917 | 0 | break; |
918 | 0 | case WPA_CTRL_REQ_EAP_PASSPHRASE: |
919 | 0 | *txt = "Private key passphrase"; |
920 | 0 | ret = "PASSPHRASE"; |
921 | 0 | break; |
922 | 0 | case WPA_CTRL_REQ_SIM: |
923 | 0 | ret = "SIM"; |
924 | 0 | break; |
925 | 0 | case WPA_CTRL_REQ_PSK_PASSPHRASE: |
926 | 0 | *txt = "PSK or passphrase"; |
927 | 0 | ret = "PSK_PASSPHRASE"; |
928 | 0 | break; |
929 | 0 | case WPA_CTRL_REQ_EXT_CERT_CHECK: |
930 | 0 | *txt = "External server certificate validation"; |
931 | 0 | ret = "EXT_CERT_CHECK"; |
932 | 0 | break; |
933 | 0 | default: |
934 | 0 | break; |
935 | 0 | } |
936 | | |
937 | | /* txt needs to be something */ |
938 | 0 | if (*txt == NULL) { |
939 | 0 | wpa_printf(MSG_WARNING, "No message for request %d", field); |
940 | 0 | ret = NULL; |
941 | 0 | } |
942 | |
|
943 | 0 | return ret; |
944 | 0 | } |
945 | | |
946 | | |
947 | | void wpas_send_ctrl_req(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid, |
948 | | const char *field_name, const char *txt) |
949 | 0 | { |
950 | 0 | wpa_msg(wpa_s, MSG_INFO, WPA_CTRL_REQ "%s-%d:%s needed for SSID %s", |
951 | 0 | field_name, ssid->id, txt, |
952 | 0 | wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); |
953 | 0 | } |
954 | | |
955 | | |
956 | | #ifdef IEEE8021X_EAPOL |
957 | | #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG) |
958 | | static void wpa_supplicant_eap_param_needed(void *ctx, |
959 | | enum wpa_ctrl_req_type field, |
960 | | const char *default_txt) |
961 | 0 | { |
962 | 0 | struct wpa_supplicant *wpa_s = ctx; |
963 | 0 | struct wpa_ssid *ssid = wpa_s->current_ssid; |
964 | 0 | const char *field_name, *txt = NULL; |
965 | |
|
966 | 0 | if (ssid == NULL) |
967 | 0 | return; |
968 | | |
969 | 0 | if (field == WPA_CTRL_REQ_EXT_CERT_CHECK) |
970 | 0 | ssid->eap.pending_ext_cert_check = PENDING_CHECK; |
971 | 0 | wpas_notify_network_request(wpa_s, ssid, field, default_txt); |
972 | |
|
973 | 0 | field_name = wpa_supplicant_ctrl_req_to_string(field, default_txt, |
974 | 0 | &txt); |
975 | 0 | if (field_name == NULL) { |
976 | 0 | wpa_printf(MSG_WARNING, "Unhandled EAP param %d needed", |
977 | 0 | field); |
978 | 0 | return; |
979 | 0 | } |
980 | | |
981 | 0 | wpas_notify_eap_status(wpa_s, "eap parameter needed", field_name); |
982 | |
|
983 | 0 | wpas_send_ctrl_req(wpa_s, ssid, field_name, txt); |
984 | 0 | } |
985 | | #else /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */ |
986 | | #define wpa_supplicant_eap_param_needed NULL |
987 | | #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */ |
988 | | |
989 | | |
990 | | #ifdef CONFIG_EAP_PROXY |
991 | | |
992 | | static void wpa_supplicant_eap_proxy_cb(void *ctx) |
993 | | { |
994 | | struct wpa_supplicant *wpa_s = ctx; |
995 | | size_t len; |
996 | | |
997 | | wpa_s->mnc_len = eapol_sm_get_eap_proxy_imsi(wpa_s->eapol, -1, |
998 | | wpa_s->imsi, &len); |
999 | | if (wpa_s->mnc_len > 0) { |
1000 | | wpa_s->imsi[len] = '\0'; |
1001 | | wpa_printf(MSG_DEBUG, "eap_proxy: IMSI %s (MNC length %d)", |
1002 | | wpa_s->imsi, wpa_s->mnc_len); |
1003 | | } else { |
1004 | | wpa_printf(MSG_DEBUG, "eap_proxy: IMSI not available"); |
1005 | | } |
1006 | | } |
1007 | | |
1008 | | |
1009 | | static void wpa_sm_sim_state_error_handler(struct wpa_supplicant *wpa_s) |
1010 | | { |
1011 | | int i; |
1012 | | struct wpa_ssid *ssid; |
1013 | | const struct eap_method_type *eap_methods; |
1014 | | |
1015 | | if (!wpa_s->conf) |
1016 | | return; |
1017 | | |
1018 | | for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { |
1019 | | eap_methods = ssid->eap.eap_methods; |
1020 | | if (!eap_methods) |
1021 | | continue; |
1022 | | |
1023 | | for (i = 0; eap_methods[i].method != EAP_TYPE_NONE; i++) { |
1024 | | if (eap_methods[i].vendor == EAP_VENDOR_IETF && |
1025 | | (eap_methods[i].method == EAP_TYPE_SIM || |
1026 | | eap_methods[i].method == EAP_TYPE_AKA || |
1027 | | eap_methods[i].method == EAP_TYPE_AKA_PRIME)) { |
1028 | | wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid); |
1029 | | break; |
1030 | | } |
1031 | | } |
1032 | | } |
1033 | | } |
1034 | | |
1035 | | |
1036 | | static void |
1037 | | wpa_supplicant_eap_proxy_notify_sim_status(void *ctx, |
1038 | | enum eap_proxy_sim_state sim_state) |
1039 | | { |
1040 | | struct wpa_supplicant *wpa_s = ctx; |
1041 | | |
1042 | | wpa_printf(MSG_DEBUG, "eap_proxy: SIM card status %u", sim_state); |
1043 | | switch (sim_state) { |
1044 | | case SIM_STATE_ERROR: |
1045 | | wpa_sm_sim_state_error_handler(wpa_s); |
1046 | | break; |
1047 | | default: |
1048 | | wpa_printf(MSG_DEBUG, "eap_proxy: SIM card status unknown"); |
1049 | | break; |
1050 | | } |
1051 | | } |
1052 | | |
1053 | | #endif /* CONFIG_EAP_PROXY */ |
1054 | | |
1055 | | |
1056 | | static void wpa_supplicant_port_cb(void *ctx, int authorized) |
1057 | 0 | { |
1058 | 0 | struct wpa_supplicant *wpa_s = ctx; |
1059 | | #ifdef CONFIG_AP |
1060 | | if (wpa_s->ap_iface) { |
1061 | | wpa_printf(MSG_DEBUG, "AP mode active - skip EAPOL Supplicant " |
1062 | | "port status: %s", |
1063 | | authorized ? "Authorized" : "Unauthorized"); |
1064 | | return; |
1065 | | } |
1066 | | #endif /* CONFIG_AP */ |
1067 | 0 | wpa_printf(MSG_DEBUG, "EAPOL: Supplicant port status: %s", |
1068 | 0 | authorized ? "Authorized" : "Unauthorized"); |
1069 | 0 | wpa_drv_set_supp_port(wpa_s, authorized); |
1070 | 0 | } |
1071 | | |
1072 | | |
1073 | | static void wpa_supplicant_cert_cb(void *ctx, struct tls_cert_data *cert, |
1074 | | const char *cert_hash) |
1075 | 0 | { |
1076 | 0 | struct wpa_supplicant *wpa_s = ctx; |
1077 | |
|
1078 | 0 | wpas_notify_certification(wpa_s, cert, cert_hash); |
1079 | 0 | } |
1080 | | |
1081 | | |
1082 | | static void wpa_supplicant_status_cb(void *ctx, const char *status, |
1083 | | const char *parameter) |
1084 | 0 | { |
1085 | 0 | struct wpa_supplicant *wpa_s = ctx; |
1086 | |
|
1087 | 0 | wpas_notify_eap_status(wpa_s, status, parameter); |
1088 | 0 | } |
1089 | | |
1090 | | |
1091 | | static void wpa_supplicant_eap_error_cb(void *ctx, int error_code) |
1092 | 0 | { |
1093 | 0 | struct wpa_supplicant *wpa_s = ctx; |
1094 | |
|
1095 | 0 | wpas_notify_eap_error(wpa_s, error_code); |
1096 | 0 | } |
1097 | | |
1098 | | |
1099 | | static int wpa_supplicant_eap_auth_start_cb(void *ctx) |
1100 | 0 | { |
1101 | 0 | struct wpa_supplicant *wpa_s = ctx; |
1102 | |
|
1103 | 0 | if (!wpa_s->new_connection && wpa_s->deny_ptk0_rekey && |
1104 | 0 | !wpa_sm_ext_key_id_active(wpa_s->wpa)) { |
1105 | 0 | wpa_msg(wpa_s, MSG_INFO, |
1106 | 0 | "WPA: PTK0 rekey not allowed, reconnecting"); |
1107 | 0 | wpa_supplicant_reconnect(wpa_s); |
1108 | 0 | return -1; |
1109 | 0 | } |
1110 | 0 | return 0; |
1111 | 0 | } |
1112 | | |
1113 | | |
1114 | | static void wpa_supplicant_set_anon_id(void *ctx, const u8 *id, size_t len) |
1115 | 0 | { |
1116 | 0 | struct wpa_supplicant *wpa_s = ctx; |
1117 | 0 | char *str; |
1118 | 0 | int res; |
1119 | |
|
1120 | 0 | wpa_hexdump_ascii(MSG_DEBUG, "EAP method updated anonymous_identity", |
1121 | 0 | id, len); |
1122 | |
|
1123 | 0 | if (wpa_s->current_ssid == NULL) |
1124 | 0 | return; |
1125 | | |
1126 | 0 | if (id == NULL) { |
1127 | 0 | if (wpa_config_set(wpa_s->current_ssid, "anonymous_identity", |
1128 | 0 | "NULL", 0) < 0) |
1129 | 0 | return; |
1130 | 0 | } else { |
1131 | 0 | str = os_malloc(len * 2 + 1); |
1132 | 0 | if (str == NULL) |
1133 | 0 | return; |
1134 | 0 | wpa_snprintf_hex(str, len * 2 + 1, id, len); |
1135 | 0 | res = wpa_config_set(wpa_s->current_ssid, "anonymous_identity", |
1136 | 0 | str, 0); |
1137 | 0 | os_free(str); |
1138 | 0 | if (res < 0) |
1139 | 0 | return; |
1140 | 0 | } |
1141 | | |
1142 | 0 | if (wpa_s->conf->update_config) { |
1143 | 0 | res = wpa_config_write(wpa_s->confname, wpa_s->conf); |
1144 | 0 | if (res) { |
1145 | 0 | wpa_printf(MSG_DEBUG, "Failed to update config after " |
1146 | 0 | "anonymous_id update"); |
1147 | 0 | } |
1148 | 0 | } |
1149 | 0 | } |
1150 | | |
1151 | | |
1152 | | static bool wpas_encryption_required(void *ctx) |
1153 | 0 | { |
1154 | 0 | struct wpa_supplicant *wpa_s = ctx; |
1155 | |
|
1156 | 0 | return wpa_s->wpa && |
1157 | 0 | wpa_sm_has_ptk_installed(wpa_s->wpa) && |
1158 | 0 | wpa_sm_pmf_enabled(wpa_s->wpa); |
1159 | 0 | } |
1160 | | |
1161 | | #endif /* IEEE8021X_EAPOL */ |
1162 | | |
1163 | | |
1164 | | int wpa_supplicant_init_eapol(struct wpa_supplicant *wpa_s) |
1165 | 0 | { |
1166 | 0 | #ifdef IEEE8021X_EAPOL |
1167 | 0 | struct eapol_ctx *ctx; |
1168 | 0 | ctx = os_zalloc(sizeof(*ctx)); |
1169 | 0 | if (ctx == NULL) { |
1170 | 0 | wpa_printf(MSG_ERROR, "Failed to allocate EAPOL context."); |
1171 | 0 | return -1; |
1172 | 0 | } |
1173 | | |
1174 | 0 | ctx->ctx = wpa_s; |
1175 | 0 | ctx->msg_ctx = wpa_s; |
1176 | 0 | ctx->eapol_send_ctx = wpa_s; |
1177 | 0 | ctx->preauth = 0; |
1178 | 0 | ctx->eapol_done_cb = wpa_supplicant_notify_eapol_done; |
1179 | 0 | ctx->eapol_send = wpa_supplicant_eapol_send; |
1180 | | #ifdef CONFIG_WEP |
1181 | | ctx->set_wep_key = wpa_eapol_set_wep_key; |
1182 | | #endif /* CONFIG_WEP */ |
1183 | 0 | #ifndef CONFIG_NO_CONFIG_BLOBS |
1184 | 0 | ctx->set_config_blob = wpa_supplicant_set_config_blob; |
1185 | 0 | ctx->get_config_blob = wpa_supplicant_get_config_blob; |
1186 | 0 | #endif /* CONFIG_NO_CONFIG_BLOBS */ |
1187 | 0 | ctx->aborted_cached = wpa_supplicant_aborted_cached; |
1188 | 0 | #ifndef CONFIG_OPENSC_ENGINE_PATH |
1189 | 0 | ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path; |
1190 | 0 | #endif /* CONFIG_OPENSC_ENGINE_PATH */ |
1191 | 0 | #ifndef CONFIG_PKCS11_ENGINE_PATH |
1192 | 0 | ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path; |
1193 | 0 | #endif /* CONFIG_PKCS11_ENGINE_PATH */ |
1194 | 0 | #ifndef CONFIG_PKCS11_MODULE_PATH |
1195 | 0 | ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path; |
1196 | 0 | #endif /* CONFIG_PKCS11_MODULE_PATH */ |
1197 | 0 | ctx->openssl_ciphers = wpa_s->conf->openssl_ciphers; |
1198 | 0 | ctx->wps = wpa_s->wps; |
1199 | 0 | ctx->eap_param_needed = wpa_supplicant_eap_param_needed; |
1200 | | #ifdef CONFIG_EAP_PROXY |
1201 | | ctx->eap_proxy_cb = wpa_supplicant_eap_proxy_cb; |
1202 | | ctx->eap_proxy_notify_sim_status = |
1203 | | wpa_supplicant_eap_proxy_notify_sim_status; |
1204 | | #endif /* CONFIG_EAP_PROXY */ |
1205 | 0 | ctx->port_cb = wpa_supplicant_port_cb; |
1206 | 0 | ctx->cb = wpa_supplicant_eapol_cb; |
1207 | 0 | ctx->cert_cb = wpa_supplicant_cert_cb; |
1208 | 0 | ctx->cert_in_cb = wpa_s->conf->cert_in_cb; |
1209 | 0 | ctx->status_cb = wpa_supplicant_status_cb; |
1210 | 0 | ctx->eap_error_cb = wpa_supplicant_eap_error_cb; |
1211 | 0 | ctx->confirm_auth_cb = wpa_supplicant_eap_auth_start_cb; |
1212 | 0 | ctx->set_anon_id = wpa_supplicant_set_anon_id; |
1213 | 0 | ctx->encryption_required = wpas_encryption_required; |
1214 | 0 | ctx->cb_ctx = wpa_s; |
1215 | 0 | wpa_s->eapol = eapol_sm_init(ctx); |
1216 | 0 | if (wpa_s->eapol == NULL) { |
1217 | 0 | os_free(ctx); |
1218 | 0 | wpa_printf(MSG_ERROR, "Failed to initialize EAPOL state " |
1219 | 0 | "machines."); |
1220 | 0 | return -1; |
1221 | 0 | } |
1222 | 0 | #endif /* IEEE8021X_EAPOL */ |
1223 | | |
1224 | 0 | return 0; |
1225 | 0 | } |
1226 | | |
1227 | | |
1228 | | #ifndef CONFIG_NO_WPA |
1229 | | |
1230 | | static void wpa_supplicant_set_rekey_offload(void *ctx, |
1231 | | const u8 *kek, size_t kek_len, |
1232 | | const u8 *kck, size_t kck_len, |
1233 | | const u8 *replay_ctr) |
1234 | 0 | { |
1235 | 0 | struct wpa_supplicant *wpa_s = ctx; |
1236 | |
|
1237 | 0 | wpa_drv_set_rekey_info(wpa_s, kek, kek_len, kck, kck_len, replay_ctr); |
1238 | 0 | } |
1239 | | |
1240 | | |
1241 | | static int wpa_supplicant_key_mgmt_set_pmk(void *ctx, const u8 *pmk, |
1242 | | size_t pmk_len) |
1243 | 0 | { |
1244 | 0 | struct wpa_supplicant *wpa_s = ctx; |
1245 | |
|
1246 | 0 | if (wpa_s->conf->key_mgmt_offload && |
1247 | 0 | (wpa_s->drv_flags & WPA_DRIVER_FLAGS_KEY_MGMT_OFFLOAD)) |
1248 | 0 | return wpa_drv_set_key(wpa_s, -1, 0, NULL, 0, 0, |
1249 | 0 | NULL, 0, pmk, pmk_len, KEY_FLAG_PMK); |
1250 | 0 | else |
1251 | 0 | return 0; |
1252 | 0 | } |
1253 | | |
1254 | | |
1255 | | static void wpa_supplicant_fils_hlp_rx(void *ctx, const u8 *dst, const u8 *src, |
1256 | | const u8 *pkt, size_t pkt_len) |
1257 | 0 | { |
1258 | 0 | struct wpa_supplicant *wpa_s = ctx; |
1259 | 0 | char *hex; |
1260 | 0 | size_t hexlen; |
1261 | |
|
1262 | 0 | hexlen = pkt_len * 2 + 1; |
1263 | 0 | hex = os_malloc(hexlen); |
1264 | 0 | if (!hex) |
1265 | 0 | return; |
1266 | 0 | wpa_snprintf_hex(hex, hexlen, pkt, pkt_len); |
1267 | 0 | wpa_msg(wpa_s, MSG_INFO, FILS_HLP_RX "dst=" MACSTR " src=" MACSTR |
1268 | 0 | " frame=%s", MAC2STR(dst), MAC2STR(src), hex); |
1269 | 0 | os_free(hex); |
1270 | 0 | } |
1271 | | |
1272 | | |
1273 | | static int wpa_supplicant_channel_info(void *_wpa_s, |
1274 | | struct wpa_channel_info *ci) |
1275 | 0 | { |
1276 | 0 | struct wpa_supplicant *wpa_s = _wpa_s; |
1277 | |
|
1278 | 0 | return wpa_drv_channel_info(wpa_s, ci); |
1279 | 0 | } |
1280 | | |
1281 | | |
1282 | | static void disable_wpa_wpa2(struct wpa_ssid *ssid) |
1283 | 0 | { |
1284 | 0 | ssid->proto &= ~WPA_PROTO_WPA; |
1285 | 0 | ssid->proto |= WPA_PROTO_RSN; |
1286 | 0 | ssid->key_mgmt &= ~(WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_FT_PSK | |
1287 | 0 | WPA_KEY_MGMT_PSK_SHA256); |
1288 | 0 | ssid->group_cipher &= ~WPA_CIPHER_TKIP; |
1289 | 0 | if (!(ssid->group_cipher & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP | |
1290 | 0 | WPA_CIPHER_GCMP_256 | WPA_CIPHER_CCMP_256))) |
1291 | 0 | ssid->group_cipher |= WPA_CIPHER_CCMP; |
1292 | 0 | ssid->ieee80211w = MGMT_FRAME_PROTECTION_REQUIRED; |
1293 | 0 | } |
1294 | | |
1295 | | |
1296 | | void wpas_transition_disable(struct wpa_supplicant *wpa_s, u8 bitmap) |
1297 | 0 | { |
1298 | 0 | struct wpa_ssid *ssid; |
1299 | 0 | int changed = 0; |
1300 | |
|
1301 | 0 | wpa_msg(wpa_s, MSG_INFO, TRANSITION_DISABLE "%02x", bitmap); |
1302 | |
|
1303 | 0 | ssid = wpa_s->current_ssid; |
1304 | 0 | if (!ssid) |
1305 | 0 | return; |
1306 | | |
1307 | | #ifdef CONFIG_SAE |
1308 | | if ((bitmap & TRANSITION_DISABLE_WPA3_PERSONAL) && |
1309 | | wpa_key_mgmt_sae(wpa_s->key_mgmt) && |
1310 | | wpa_key_mgmt_sae(ssid->key_mgmt) && |
1311 | | (ssid->ieee80211w != MGMT_FRAME_PROTECTION_REQUIRED || |
1312 | | (ssid->group_cipher & WPA_CIPHER_TKIP))) { |
1313 | | wpa_printf(MSG_DEBUG, |
1314 | | "WPA3-Personal transition mode disabled based on AP notification"); |
1315 | | disable_wpa_wpa2(ssid); |
1316 | | changed = 1; |
1317 | | } |
1318 | | |
1319 | | if ((bitmap & TRANSITION_DISABLE_SAE_PK) && |
1320 | | wpa_key_mgmt_sae(wpa_s->key_mgmt) && |
1321 | | #ifdef CONFIG_SME |
1322 | | wpa_s->sme.sae.state == SAE_ACCEPTED && |
1323 | | wpa_s->sme.sae.pk && |
1324 | | #endif /* CONFIG_SME */ |
1325 | | wpa_key_mgmt_sae(ssid->key_mgmt) && |
1326 | | (ssid->sae_pk != SAE_PK_MODE_ONLY || |
1327 | | ssid->ieee80211w != MGMT_FRAME_PROTECTION_REQUIRED || |
1328 | | (ssid->group_cipher & WPA_CIPHER_TKIP))) { |
1329 | | wpa_printf(MSG_DEBUG, |
1330 | | "SAE-PK: SAE authentication without PK disabled based on AP notification"); |
1331 | | disable_wpa_wpa2(ssid); |
1332 | | ssid->sae_pk = SAE_PK_MODE_ONLY; |
1333 | | changed = 1; |
1334 | | } |
1335 | | #endif /* CONFIG_SAE */ |
1336 | | |
1337 | 0 | if ((bitmap & TRANSITION_DISABLE_WPA3_ENTERPRISE) && |
1338 | 0 | wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) && |
1339 | 0 | (ssid->key_mgmt & (WPA_KEY_MGMT_IEEE8021X | |
1340 | 0 | WPA_KEY_MGMT_FT_IEEE8021X | |
1341 | 0 | WPA_KEY_MGMT_IEEE8021X_SHA256 | |
1342 | 0 | WPA_KEY_MGMT_IEEE8021X_SHA384)) && |
1343 | 0 | (ssid->ieee80211w != MGMT_FRAME_PROTECTION_REQUIRED || |
1344 | 0 | (ssid->group_cipher & WPA_CIPHER_TKIP))) { |
1345 | 0 | disable_wpa_wpa2(ssid); |
1346 | 0 | changed = 1; |
1347 | 0 | } |
1348 | |
|
1349 | 0 | if ((bitmap & TRANSITION_DISABLE_ENHANCED_OPEN) && |
1350 | 0 | wpa_s->key_mgmt == WPA_KEY_MGMT_OWE && |
1351 | 0 | (ssid->key_mgmt & WPA_KEY_MGMT_OWE) && |
1352 | 0 | !ssid->owe_only) { |
1353 | 0 | ssid->owe_only = 1; |
1354 | 0 | changed = 1; |
1355 | 0 | } |
1356 | |
|
1357 | 0 | if (!changed) |
1358 | 0 | return; |
1359 | | |
1360 | 0 | #ifndef CONFIG_NO_CONFIG_WRITE |
1361 | 0 | if (wpa_s->conf->update_config && |
1362 | 0 | wpa_config_write(wpa_s->confname, wpa_s->conf)) |
1363 | 0 | wpa_printf(MSG_DEBUG, "Failed to update configuration"); |
1364 | 0 | #endif /* CONFIG_NO_CONFIG_WRITE */ |
1365 | 0 | } |
1366 | | |
1367 | | |
1368 | | static void wpa_supplicant_transition_disable(void *_wpa_s, u8 bitmap) |
1369 | 0 | { |
1370 | 0 | struct wpa_supplicant *wpa_s = _wpa_s; |
1371 | 0 | wpas_transition_disable(wpa_s, bitmap); |
1372 | 0 | } |
1373 | | |
1374 | | |
1375 | | static void wpa_supplicant_store_ptk(void *ctx, const u8 *addr, int cipher, |
1376 | | u32 life_time, const struct wpa_ptk *ptk) |
1377 | 0 | { |
1378 | 0 | struct wpa_supplicant *wpa_s = ctx; |
1379 | |
|
1380 | 0 | ptksa_cache_add(wpa_s->ptksa, wpa_s->own_addr, addr, cipher, life_time, |
1381 | 0 | ptk, NULL, NULL, 0); |
1382 | 0 | } |
1383 | | |
1384 | | #endif /* CONFIG_NO_WPA */ |
1385 | | |
1386 | | |
1387 | | #ifdef CONFIG_PASN |
1388 | | static int wpa_supplicant_set_ltf_keyseed(void *_wpa_s, const u8 *own_addr, |
1389 | | const u8 *peer_addr, |
1390 | | size_t ltf_keyseed_len, |
1391 | | const u8 *ltf_keyseed) |
1392 | | { |
1393 | | struct wpa_supplicant *wpa_s = _wpa_s; |
1394 | | |
1395 | | return wpa_drv_set_secure_ranging_ctx(wpa_s, own_addr, peer_addr, 0, 0, |
1396 | | NULL, ltf_keyseed_len, |
1397 | | ltf_keyseed, 0); |
1398 | | } |
1399 | | #endif /* CONFIG_PASN */ |
1400 | | |
1401 | | |
1402 | | static void |
1403 | | wpa_supplicant_notify_pmksa_cache_entry(void *_wpa_s, |
1404 | | struct rsn_pmksa_cache_entry *entry) |
1405 | 0 | { |
1406 | 0 | struct wpa_supplicant *wpa_s = _wpa_s; |
1407 | |
|
1408 | 0 | wpas_notify_pmk_cache_added(wpa_s, entry); |
1409 | 0 | } |
1410 | | |
1411 | | |
1412 | | int wpa_supplicant_init_wpa(struct wpa_supplicant *wpa_s) |
1413 | 0 | { |
1414 | 0 | #ifndef CONFIG_NO_WPA |
1415 | 0 | struct wpa_sm_ctx *ctx; |
1416 | |
|
1417 | 0 | wpa_s->ptksa = ptksa_cache_init(); |
1418 | 0 | if (!wpa_s->ptksa) { |
1419 | 0 | wpa_printf(MSG_ERROR, "Failed to allocate PTKSA"); |
1420 | 0 | return -1; |
1421 | 0 | } |
1422 | | |
1423 | 0 | ctx = os_zalloc(sizeof(*ctx)); |
1424 | 0 | if (ctx == NULL) { |
1425 | 0 | wpa_printf(MSG_ERROR, "Failed to allocate WPA context."); |
1426 | |
|
1427 | 0 | ptksa_cache_deinit(wpa_s->ptksa); |
1428 | 0 | wpa_s->ptksa = NULL; |
1429 | |
|
1430 | 0 | return -1; |
1431 | 0 | } |
1432 | | |
1433 | 0 | ctx->ctx = wpa_s; |
1434 | 0 | ctx->msg_ctx = wpa_s; |
1435 | 0 | ctx->set_state = _wpa_supplicant_set_state; |
1436 | 0 | ctx->get_state = _wpa_supplicant_get_state; |
1437 | 0 | ctx->deauthenticate = _wpa_supplicant_deauthenticate; |
1438 | 0 | ctx->reconnect = _wpa_supplicant_reconnect; |
1439 | 0 | ctx->set_key = wpa_supplicant_set_key; |
1440 | 0 | ctx->get_network_ctx = wpa_supplicant_get_network_ctx; |
1441 | 0 | ctx->get_bssid = wpa_supplicant_get_bssid; |
1442 | 0 | ctx->ether_send = _wpa_ether_send; |
1443 | 0 | ctx->get_beacon_ie = wpa_supplicant_get_beacon_ie; |
1444 | 0 | ctx->alloc_eapol = _wpa_alloc_eapol; |
1445 | 0 | ctx->cancel_auth_timeout = _wpa_supplicant_cancel_auth_timeout; |
1446 | 0 | ctx->add_pmkid = wpa_supplicant_add_pmkid; |
1447 | 0 | ctx->remove_pmkid = wpa_supplicant_remove_pmkid; |
1448 | 0 | #ifndef CONFIG_NO_CONFIG_BLOBS |
1449 | 0 | ctx->set_config_blob = wpa_supplicant_set_config_blob; |
1450 | 0 | ctx->get_config_blob = wpa_supplicant_get_config_blob; |
1451 | 0 | #endif /* CONFIG_NO_CONFIG_BLOBS */ |
1452 | 0 | ctx->mlme_setprotection = wpa_supplicant_mlme_setprotection; |
1453 | | #ifdef CONFIG_IEEE80211R |
1454 | | ctx->update_ft_ies = wpa_supplicant_update_ft_ies; |
1455 | | ctx->send_ft_action = wpa_supplicant_send_ft_action; |
1456 | | ctx->mark_authenticated = wpa_supplicant_mark_authenticated; |
1457 | | #endif /* CONFIG_IEEE80211R */ |
1458 | | #ifdef CONFIG_TDLS |
1459 | | ctx->tdls_get_capa = wpa_supplicant_tdls_get_capa; |
1460 | | ctx->send_tdls_mgmt = wpa_supplicant_send_tdls_mgmt; |
1461 | | ctx->tdls_oper = wpa_supplicant_tdls_oper; |
1462 | | ctx->tdls_peer_addset = wpa_supplicant_tdls_peer_addset; |
1463 | | ctx->tdls_enable_channel_switch = |
1464 | | wpa_supplicant_tdls_enable_channel_switch; |
1465 | | ctx->tdls_disable_channel_switch = |
1466 | | wpa_supplicant_tdls_disable_channel_switch; |
1467 | | #endif /* CONFIG_TDLS */ |
1468 | 0 | ctx->set_rekey_offload = wpa_supplicant_set_rekey_offload; |
1469 | 0 | ctx->key_mgmt_set_pmk = wpa_supplicant_key_mgmt_set_pmk; |
1470 | 0 | ctx->fils_hlp_rx = wpa_supplicant_fils_hlp_rx; |
1471 | 0 | ctx->channel_info = wpa_supplicant_channel_info; |
1472 | 0 | ctx->transition_disable = wpa_supplicant_transition_disable; |
1473 | 0 | ctx->store_ptk = wpa_supplicant_store_ptk; |
1474 | | #ifdef CONFIG_PASN |
1475 | | ctx->set_ltf_keyseed = wpa_supplicant_set_ltf_keyseed; |
1476 | | #endif /* CONFIG_PASN */ |
1477 | 0 | ctx->notify_pmksa_cache_entry = wpa_supplicant_notify_pmksa_cache_entry; |
1478 | |
|
1479 | 0 | wpa_s->wpa = wpa_sm_init(ctx); |
1480 | 0 | if (wpa_s->wpa == NULL) { |
1481 | 0 | wpa_printf(MSG_ERROR, |
1482 | 0 | "Failed to initialize WPA state machine"); |
1483 | 0 | os_free(ctx); |
1484 | 0 | ptksa_cache_deinit(wpa_s->ptksa); |
1485 | 0 | wpa_s->ptksa = NULL; |
1486 | 0 | return -1; |
1487 | 0 | } |
1488 | 0 | #endif /* CONFIG_NO_WPA */ |
1489 | | |
1490 | 0 | return 0; |
1491 | 0 | } |
1492 | | |
1493 | | |
1494 | | void wpa_supplicant_rsn_supp_set_config(struct wpa_supplicant *wpa_s, |
1495 | | struct wpa_ssid *ssid) |
1496 | 0 | { |
1497 | 0 | struct rsn_supp_config conf; |
1498 | 0 | if (ssid) { |
1499 | 0 | os_memset(&conf, 0, sizeof(conf)); |
1500 | 0 | conf.network_ctx = ssid; |
1501 | 0 | conf.allowed_pairwise_cipher = ssid->pairwise_cipher; |
1502 | 0 | #ifdef IEEE8021X_EAPOL |
1503 | 0 | conf.proactive_key_caching = ssid->proactive_key_caching < 0 ? |
1504 | 0 | wpa_s->conf->okc : ssid->proactive_key_caching; |
1505 | 0 | conf.eap_workaround = ssid->eap_workaround; |
1506 | 0 | conf.eap_conf_ctx = &ssid->eap; |
1507 | 0 | #endif /* IEEE8021X_EAPOL */ |
1508 | 0 | conf.ssid = ssid->ssid; |
1509 | 0 | conf.ssid_len = ssid->ssid_len; |
1510 | 0 | conf.wpa_ptk_rekey = ssid->wpa_ptk_rekey; |
1511 | 0 | conf.wpa_deny_ptk0_rekey = ssid->wpa_deny_ptk0_rekey; |
1512 | 0 | conf.owe_ptk_workaround = ssid->owe_ptk_workaround; |
1513 | | #ifdef CONFIG_P2P |
1514 | | if (ssid->p2p_group && wpa_s->current_bss && |
1515 | | !wpa_s->p2p_disable_ip_addr_req) { |
1516 | | struct wpabuf *p2p; |
1517 | | p2p = wpa_bss_get_vendor_ie_multi(wpa_s->current_bss, |
1518 | | P2P_IE_VENDOR_TYPE); |
1519 | | if (p2p) { |
1520 | | u8 group_capab; |
1521 | | group_capab = p2p_get_group_capab(p2p); |
1522 | | if (group_capab & |
1523 | | P2P_GROUP_CAPAB_IP_ADDR_ALLOCATION) |
1524 | | conf.p2p = 1; |
1525 | | wpabuf_free(p2p); |
1526 | | } |
1527 | | } |
1528 | | #endif /* CONFIG_P2P */ |
1529 | 0 | conf.wpa_rsc_relaxation = wpa_s->conf->wpa_rsc_relaxation; |
1530 | | #ifdef CONFIG_FILS |
1531 | | if (wpa_key_mgmt_fils(wpa_s->key_mgmt)) |
1532 | | conf.fils_cache_id = |
1533 | | wpa_bss_get_fils_cache_id(wpa_s->current_bss); |
1534 | | #endif /* CONFIG_FILS */ |
1535 | 0 | if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_BEACON_PROTECTION) || |
1536 | 0 | (wpa_s->drv_flags2 & |
1537 | 0 | WPA_DRIVER_FLAGS2_BEACON_PROTECTION_CLIENT)) |
1538 | 0 | conf.beacon_prot = ssid->beacon_prot; |
1539 | |
|
1540 | | #ifdef CONFIG_PASN |
1541 | | #ifdef CONFIG_TESTING_OPTIONS |
1542 | | conf.force_kdk_derivation = wpa_s->conf->force_kdk_derivation; |
1543 | | #endif /* CONFIG_TESTING_OPTIONS */ |
1544 | | #endif /* CONFIG_PASN */ |
1545 | 0 | } |
1546 | 0 | wpa_sm_set_config(wpa_s->wpa, ssid ? &conf : NULL); |
1547 | 0 | } |