1 /* 2 * wpa_supplicant - SME 3 * Copyright (c) 2009-2010, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "includes.h" 10 11 #include "common.h" 12 #include "utils/eloop.h" 13 #include "common/ieee802_11_defs.h" 14 #include "common/ieee802_11_common.h" 15 #include "eapol_supp/eapol_supp_sm.h" 16 #include "common/wpa_common.h" 17 #include "rsn_supp/wpa.h" 18 #include "rsn_supp/pmksa_cache.h" 19 #include "config.h" 20 #include "wpa_supplicant_i.h" 21 #include "driver_i.h" 22 #include "wpas_glue.h" 23 #include "wps_supplicant.h" 24 #include "p2p_supplicant.h" 25 #include "notify.h" 26 #include "bss.h" 27 #include "scan.h" 28 #include "sme.h" 29 #include "hs20_supplicant.h" 30 31 #define SME_AUTH_TIMEOUT 5 32 #define SME_ASSOC_TIMEOUT 5 33 34 static void sme_auth_timer(void *eloop_ctx, void *timeout_ctx); 35 static void sme_assoc_timer(void *eloop_ctx, void *timeout_ctx); 36 static void sme_obss_scan_timeout(void *eloop_ctx, void *timeout_ctx); 37 #ifdef CONFIG_IEEE80211W 38 static void sme_stop_sa_query(struct wpa_supplicant *wpa_s); 39 #endif /* CONFIG_IEEE80211W */ 40 41 42 void sme_authenticate(struct wpa_supplicant *wpa_s, 43 struct wpa_bss *bss, struct wpa_ssid *ssid) 44 { 45 struct wpa_driver_auth_params params; 46 struct wpa_ssid *old_ssid; 47 #ifdef CONFIG_IEEE80211R 48 const u8 *ie; 49 #endif /* CONFIG_IEEE80211R */ 50 #ifdef CONFIG_IEEE80211R 51 const u8 *md = NULL; 52 #endif /* CONFIG_IEEE80211R */ 53 int i, bssid_changed; 54 55 if (bss == NULL) { 56 wpa_msg(wpa_s, MSG_ERROR, "SME: No scan result available for " 57 "the network"); 58 return; 59 } 60 61 wpa_s->current_bss = bss; 62 63 os_memset(¶ms, 0, sizeof(params)); 64 wpa_s->reassociate = 0; 65 66 params.freq = bss->freq; 67 params.bssid = bss->bssid; 68 params.ssid = bss->ssid; 69 params.ssid_len = bss->ssid_len; 70 params.p2p = ssid->p2p_group; 71 72 if (wpa_s->sme.ssid_len != params.ssid_len || 73 os_memcmp(wpa_s->sme.ssid, params.ssid, params.ssid_len) != 0) 74 wpa_s->sme.prev_bssid_set = 0; 75 76 wpa_s->sme.freq = params.freq; 77 os_memcpy(wpa_s->sme.ssid, params.ssid, params.ssid_len); 78 wpa_s->sme.ssid_len = params.ssid_len; 79 80 params.auth_alg = WPA_AUTH_ALG_OPEN; 81 #ifdef IEEE8021X_EAPOL 82 if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) { 83 if (ssid->leap) { 84 if (ssid->non_leap == 0) 85 params.auth_alg = WPA_AUTH_ALG_LEAP; 86 else 87 params.auth_alg |= WPA_AUTH_ALG_LEAP; 88 } 89 } 90 #endif /* IEEE8021X_EAPOL */ 91 wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x", 92 params.auth_alg); 93 if (ssid->auth_alg) { 94 params.auth_alg = ssid->auth_alg; 95 wpa_dbg(wpa_s, MSG_DEBUG, "Overriding auth_alg selection: " 96 "0x%x", params.auth_alg); 97 } 98 99 for (i = 0; i < NUM_WEP_KEYS; i++) { 100 if (ssid->wep_key_len[i]) 101 params.wep_key[i] = ssid->wep_key[i]; 102 params.wep_key_len[i] = ssid->wep_key_len[i]; 103 } 104 params.wep_tx_keyidx = ssid->wep_tx_keyidx; 105 106 bssid_changed = !is_zero_ether_addr(wpa_s->bssid); 107 os_memset(wpa_s->bssid, 0, ETH_ALEN); 108 os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN); 109 if (bssid_changed) 110 wpas_notify_bssid_changed(wpa_s); 111 112 if ((wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) || 113 wpa_bss_get_ie(bss, WLAN_EID_RSN)) && 114 wpa_key_mgmt_wpa(ssid->key_mgmt)) { 115 int try_opportunistic; 116 try_opportunistic = ssid->proactive_key_caching && 117 (ssid->proto & WPA_PROTO_RSN); 118 if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid, 119 wpa_s->current_ssid, 120 try_opportunistic) == 0) 121 eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1); 122 wpa_s->sme.assoc_req_ie_len = sizeof(wpa_s->sme.assoc_req_ie); 123 if (wpa_supplicant_set_suites(wpa_s, bss, ssid, 124 wpa_s->sme.assoc_req_ie, 125 &wpa_s->sme.assoc_req_ie_len)) { 126 wpa_msg(wpa_s, MSG_WARNING, "SME: Failed to set WPA " 127 "key management and encryption suites"); 128 return; 129 } 130 } else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && 131 wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) { 132 /* 133 * Both WPA and non-WPA IEEE 802.1X enabled in configuration - 134 * use non-WPA since the scan results did not indicate that the 135 * AP is using WPA or WPA2. 136 */ 137 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid); 138 wpa_s->sme.assoc_req_ie_len = 0; 139 } else if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) { 140 wpa_s->sme.assoc_req_ie_len = sizeof(wpa_s->sme.assoc_req_ie); 141 if (wpa_supplicant_set_suites(wpa_s, NULL, ssid, 142 wpa_s->sme.assoc_req_ie, 143 &wpa_s->sme.assoc_req_ie_len)) { 144 wpa_msg(wpa_s, MSG_WARNING, "SME: Failed to set WPA " 145 "key management and encryption suites (no " 146 "scan results)"); 147 return; 148 } 149 #ifdef CONFIG_WPS 150 } else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) { 151 struct wpabuf *wps_ie; 152 wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid)); 153 if (wps_ie && wpabuf_len(wps_ie) <= 154 sizeof(wpa_s->sme.assoc_req_ie)) { 155 wpa_s->sme.assoc_req_ie_len = wpabuf_len(wps_ie); 156 os_memcpy(wpa_s->sme.assoc_req_ie, wpabuf_head(wps_ie), 157 wpa_s->sme.assoc_req_ie_len); 158 } else 159 wpa_s->sme.assoc_req_ie_len = 0; 160 wpabuf_free(wps_ie); 161 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid); 162 #endif /* CONFIG_WPS */ 163 } else { 164 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid); 165 wpa_s->sme.assoc_req_ie_len = 0; 166 } 167 168 #ifdef CONFIG_IEEE80211R 169 ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN); 170 if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN) 171 md = ie + 2; 172 wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0); 173 if (md) { 174 /* Prepare for the next transition */ 175 wpa_ft_prepare_auth_request(wpa_s->wpa, ie); 176 } 177 178 if (md && wpa_key_mgmt_ft(ssid->key_mgmt)) { 179 if (wpa_s->sme.assoc_req_ie_len + 5 < 180 sizeof(wpa_s->sme.assoc_req_ie)) { 181 struct rsn_mdie *mdie; 182 u8 *pos = wpa_s->sme.assoc_req_ie + 183 wpa_s->sme.assoc_req_ie_len; 184 *pos++ = WLAN_EID_MOBILITY_DOMAIN; 185 *pos++ = sizeof(*mdie); 186 mdie = (struct rsn_mdie *) pos; 187 os_memcpy(mdie->mobility_domain, md, 188 MOBILITY_DOMAIN_ID_LEN); 189 mdie->ft_capab = md[MOBILITY_DOMAIN_ID_LEN]; 190 wpa_s->sme.assoc_req_ie_len += 5; 191 } 192 193 if (wpa_s->sme.ft_used && 194 os_memcmp(md, wpa_s->sme.mobility_domain, 2) == 0 && 195 wpa_sm_has_ptk(wpa_s->wpa)) { 196 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Trying to use FT " 197 "over-the-air"); 198 params.auth_alg = WPA_AUTH_ALG_FT; 199 params.ie = wpa_s->sme.ft_ies; 200 params.ie_len = wpa_s->sme.ft_ies_len; 201 } 202 } 203 #endif /* CONFIG_IEEE80211R */ 204 205 #ifdef CONFIG_IEEE80211W 206 wpa_s->sme.mfp = ssid->ieee80211w; 207 if (ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION) { 208 const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN); 209 struct wpa_ie_data _ie; 210 if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &_ie) == 0 && 211 _ie.capabilities & 212 (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) { 213 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Selected AP supports " 214 "MFP: require MFP"); 215 wpa_s->sme.mfp = MGMT_FRAME_PROTECTION_REQUIRED; 216 } 217 } 218 #endif /* CONFIG_IEEE80211W */ 219 220 #ifdef CONFIG_P2P 221 if (wpa_s->global->p2p) { 222 u8 *pos; 223 size_t len; 224 int res; 225 pos = wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len; 226 len = sizeof(wpa_s->sme.assoc_req_ie) - 227 wpa_s->sme.assoc_req_ie_len; 228 res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len, 229 ssid->p2p_group); 230 if (res >= 0) 231 wpa_s->sme.assoc_req_ie_len += res; 232 } 233 #endif /* CONFIG_P2P */ 234 235 #ifdef CONFIG_HS20 236 if (wpa_s->conf->hs20) { 237 struct wpabuf *hs20; 238 hs20 = wpabuf_alloc(20); 239 if (hs20) { 240 wpas_hs20_add_indication(hs20); 241 os_memcpy(wpa_s->sme.assoc_req_ie + 242 wpa_s->sme.assoc_req_ie_len, 243 wpabuf_head(hs20), wpabuf_len(hs20)); 244 wpa_s->sme.assoc_req_ie_len += wpabuf_len(hs20); 245 wpabuf_free(hs20); 246 } 247 } 248 #endif /* CONFIG_HS20 */ 249 250 #ifdef CONFIG_INTERWORKING 251 if (wpa_s->conf->interworking) { 252 u8 *pos = wpa_s->sme.assoc_req_ie; 253 if (wpa_s->sme.assoc_req_ie_len > 0 && pos[0] == WLAN_EID_RSN) 254 pos += 2 + pos[1]; 255 os_memmove(pos + 6, pos, 256 wpa_s->sme.assoc_req_ie_len - 257 (pos - wpa_s->sme.assoc_req_ie)); 258 wpa_s->sme.assoc_req_ie_len += 6; 259 *pos++ = WLAN_EID_EXT_CAPAB; 260 *pos++ = 4; 261 *pos++ = 0x00; 262 *pos++ = 0x00; 263 *pos++ = 0x00; 264 *pos++ = 0x80; /* Bit 31 - Interworking */ 265 } 266 #endif /* CONFIG_INTERWORKING */ 267 268 wpa_supplicant_cancel_sched_scan(wpa_s); 269 wpa_supplicant_cancel_scan(wpa_s); 270 271 wpa_msg(wpa_s, MSG_INFO, "SME: Trying to authenticate with " MACSTR 272 " (SSID='%s' freq=%d MHz)", MAC2STR(params.bssid), 273 wpa_ssid_txt(params.ssid, params.ssid_len), params.freq); 274 275 wpa_clear_keys(wpa_s, bss->bssid); 276 wpa_supplicant_set_state(wpa_s, WPA_AUTHENTICATING); 277 old_ssid = wpa_s->current_ssid; 278 wpa_s->current_ssid = ssid; 279 wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid); 280 wpa_supplicant_initiate_eapol(wpa_s); 281 if (old_ssid != wpa_s->current_ssid) 282 wpas_notify_network_changed(wpa_s); 283 284 wpa_s->sme.auth_alg = params.auth_alg; 285 if (wpa_drv_authenticate(wpa_s, ¶ms) < 0) { 286 wpa_msg(wpa_s, MSG_INFO, "SME: Authentication request to the " 287 "driver failed"); 288 wpas_connection_failed(wpa_s, bss->bssid); 289 wpa_supplicant_mark_disassoc(wpa_s); 290 return; 291 } 292 293 eloop_register_timeout(SME_AUTH_TIMEOUT, 0, sme_auth_timer, wpa_s, 294 NULL); 295 296 /* 297 * Association will be started based on the authentication event from 298 * the driver. 299 */ 300 } 301 302 303 void sme_event_auth(struct wpa_supplicant *wpa_s, union wpa_event_data *data) 304 { 305 struct wpa_ssid *ssid = wpa_s->current_ssid; 306 307 if (ssid == NULL) { 308 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Ignore authentication event " 309 "when network is not selected"); 310 return; 311 } 312 313 if (wpa_s->wpa_state != WPA_AUTHENTICATING) { 314 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Ignore authentication event " 315 "when not in authenticating state"); 316 return; 317 } 318 319 if (os_memcmp(wpa_s->pending_bssid, data->auth.peer, ETH_ALEN) != 0) { 320 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Ignore authentication with " 321 "unexpected peer " MACSTR, 322 MAC2STR(data->auth.peer)); 323 return; 324 } 325 326 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Authentication response: peer=" MACSTR 327 " auth_type=%d status_code=%d", 328 MAC2STR(data->auth.peer), data->auth.auth_type, 329 data->auth.status_code); 330 wpa_hexdump(MSG_MSGDUMP, "SME: Authentication response IEs", 331 data->auth.ies, data->auth.ies_len); 332 333 eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL); 334 335 if (data->auth.status_code != WLAN_STATUS_SUCCESS) { 336 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Authentication failed (status " 337 "code %d)", data->auth.status_code); 338 339 if (data->auth.status_code != 340 WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG || 341 wpa_s->sme.auth_alg == data->auth.auth_type || 342 wpa_s->current_ssid->auth_alg == WPA_AUTH_ALG_LEAP) { 343 wpas_connection_failed(wpa_s, wpa_s->pending_bssid); 344 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); 345 return; 346 } 347 348 switch (data->auth.auth_type) { 349 case WLAN_AUTH_OPEN: 350 wpa_s->current_ssid->auth_alg = WPA_AUTH_ALG_SHARED; 351 352 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Trying SHARED auth"); 353 wpa_supplicant_associate(wpa_s, wpa_s->current_bss, 354 wpa_s->current_ssid); 355 return; 356 357 case WLAN_AUTH_SHARED_KEY: 358 wpa_s->current_ssid->auth_alg = WPA_AUTH_ALG_LEAP; 359 360 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Trying LEAP auth"); 361 wpa_supplicant_associate(wpa_s, wpa_s->current_bss, 362 wpa_s->current_ssid); 363 return; 364 365 default: 366 return; 367 } 368 } 369 370 #ifdef CONFIG_IEEE80211R 371 if (data->auth.auth_type == WLAN_AUTH_FT) { 372 union wpa_event_data edata; 373 os_memset(&edata, 0, sizeof(edata)); 374 edata.ft_ies.ies = data->auth.ies; 375 edata.ft_ies.ies_len = data->auth.ies_len; 376 os_memcpy(edata.ft_ies.target_ap, data->auth.peer, ETH_ALEN); 377 wpa_supplicant_event(wpa_s, EVENT_FT_RESPONSE, &edata); 378 } 379 #endif /* CONFIG_IEEE80211R */ 380 381 sme_associate(wpa_s, ssid->mode, data->auth.peer, 382 data->auth.auth_type); 383 } 384 385 386 void sme_associate(struct wpa_supplicant *wpa_s, enum wpas_mode mode, 387 const u8 *bssid, u16 auth_type) 388 { 389 struct wpa_driver_associate_params params; 390 struct ieee802_11_elems elems; 391 #ifdef CONFIG_HT_OVERRIDES 392 struct ieee80211_ht_capabilities htcaps; 393 struct ieee80211_ht_capabilities htcaps_mask; 394 #endif /* CONFIG_HT_OVERRIDES */ 395 396 os_memset(¶ms, 0, sizeof(params)); 397 params.bssid = bssid; 398 params.ssid = wpa_s->sme.ssid; 399 params.ssid_len = wpa_s->sme.ssid_len; 400 params.freq = wpa_s->sme.freq; 401 params.bg_scan_period = wpa_s->current_ssid ? 402 wpa_s->current_ssid->bg_scan_period : -1; 403 params.wpa_ie = wpa_s->sme.assoc_req_ie_len ? 404 wpa_s->sme.assoc_req_ie : NULL; 405 params.wpa_ie_len = wpa_s->sme.assoc_req_ie_len; 406 params.pairwise_suite = cipher_suite2driver(wpa_s->pairwise_cipher); 407 params.group_suite = cipher_suite2driver(wpa_s->group_cipher); 408 #ifdef CONFIG_HT_OVERRIDES 409 os_memset(&htcaps, 0, sizeof(htcaps)); 410 os_memset(&htcaps_mask, 0, sizeof(htcaps_mask)); 411 params.htcaps = (u8 *) &htcaps; 412 params.htcaps_mask = (u8 *) &htcaps_mask; 413 wpa_supplicant_apply_ht_overrides(wpa_s, wpa_s->current_ssid, ¶ms); 414 #endif /* CONFIG_HT_OVERRIDES */ 415 #ifdef CONFIG_IEEE80211R 416 if (auth_type == WLAN_AUTH_FT && wpa_s->sme.ft_ies) { 417 params.wpa_ie = wpa_s->sme.ft_ies; 418 params.wpa_ie_len = wpa_s->sme.ft_ies_len; 419 } 420 #endif /* CONFIG_IEEE80211R */ 421 params.mode = mode; 422 params.mgmt_frame_protection = wpa_s->sme.mfp; 423 if (wpa_s->sme.prev_bssid_set) 424 params.prev_bssid = wpa_s->sme.prev_bssid; 425 426 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR 427 " (SSID='%s' freq=%d MHz)", MAC2STR(params.bssid), 428 params.ssid ? wpa_ssid_txt(params.ssid, params.ssid_len) : "", 429 params.freq); 430 431 wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING); 432 433 if (params.wpa_ie == NULL || 434 ieee802_11_parse_elems(params.wpa_ie, params.wpa_ie_len, &elems, 0) 435 < 0) { 436 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Could not parse own IEs?!"); 437 os_memset(&elems, 0, sizeof(elems)); 438 } 439 if (elems.rsn_ie) { 440 params.wpa_proto = WPA_PROTO_RSN; 441 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, elems.rsn_ie - 2, 442 elems.rsn_ie_len + 2); 443 } else if (elems.wpa_ie) { 444 params.wpa_proto = WPA_PROTO_WPA; 445 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, elems.wpa_ie - 2, 446 elems.wpa_ie_len + 2); 447 } else 448 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0); 449 if (wpa_s->current_ssid && wpa_s->current_ssid->p2p_group) 450 params.p2p = 1; 451 452 if (wpa_s->parent->set_sta_uapsd) 453 params.uapsd = wpa_s->parent->sta_uapsd; 454 else 455 params.uapsd = -1; 456 457 if (wpa_drv_associate(wpa_s, ¶ms) < 0) { 458 wpa_msg(wpa_s, MSG_INFO, "SME: Association request to the " 459 "driver failed"); 460 wpas_connection_failed(wpa_s, wpa_s->pending_bssid); 461 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); 462 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN); 463 return; 464 } 465 466 eloop_register_timeout(SME_ASSOC_TIMEOUT, 0, sme_assoc_timer, wpa_s, 467 NULL); 468 } 469 470 471 int sme_update_ft_ies(struct wpa_supplicant *wpa_s, const u8 *md, 472 const u8 *ies, size_t ies_len) 473 { 474 if (md == NULL || ies == NULL) { 475 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Remove mobility domain"); 476 os_free(wpa_s->sme.ft_ies); 477 wpa_s->sme.ft_ies = NULL; 478 wpa_s->sme.ft_ies_len = 0; 479 wpa_s->sme.ft_used = 0; 480 return 0; 481 } 482 483 os_memcpy(wpa_s->sme.mobility_domain, md, MOBILITY_DOMAIN_ID_LEN); 484 wpa_hexdump(MSG_DEBUG, "SME: FT IEs", ies, ies_len); 485 os_free(wpa_s->sme.ft_ies); 486 wpa_s->sme.ft_ies = os_malloc(ies_len); 487 if (wpa_s->sme.ft_ies == NULL) 488 return -1; 489 os_memcpy(wpa_s->sme.ft_ies, ies, ies_len); 490 wpa_s->sme.ft_ies_len = ies_len; 491 return 0; 492 } 493 494 495 static void sme_deauth(struct wpa_supplicant *wpa_s) 496 { 497 int bssid_changed; 498 499 bssid_changed = !is_zero_ether_addr(wpa_s->bssid); 500 501 if (wpa_drv_deauthenticate(wpa_s, wpa_s->pending_bssid, 502 WLAN_REASON_DEAUTH_LEAVING) < 0) { 503 wpa_msg(wpa_s, MSG_INFO, "SME: Deauth request to the driver " 504 "failed"); 505 } 506 wpa_s->sme.prev_bssid_set = 0; 507 508 wpas_connection_failed(wpa_s, wpa_s->pending_bssid); 509 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); 510 os_memset(wpa_s->bssid, 0, ETH_ALEN); 511 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN); 512 if (bssid_changed) 513 wpas_notify_bssid_changed(wpa_s); 514 } 515 516 517 void sme_event_assoc_reject(struct wpa_supplicant *wpa_s, 518 union wpa_event_data *data) 519 { 520 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Association with " MACSTR " failed: " 521 "status code %d", MAC2STR(wpa_s->pending_bssid), 522 data->assoc_reject.status_code); 523 524 eloop_cancel_timeout(sme_assoc_timer, wpa_s, NULL); 525 526 /* 527 * For now, unconditionally terminate the previous authentication. In 528 * theory, this should not be needed, but mac80211 gets quite confused 529 * if the authentication is left pending.. Some roaming cases might 530 * benefit from using the previous authentication, so this could be 531 * optimized in the future. 532 */ 533 sme_deauth(wpa_s); 534 } 535 536 537 void sme_event_auth_timed_out(struct wpa_supplicant *wpa_s, 538 union wpa_event_data *data) 539 { 540 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Authentication timed out"); 541 wpas_connection_failed(wpa_s, wpa_s->pending_bssid); 542 wpa_supplicant_mark_disassoc(wpa_s); 543 } 544 545 546 void sme_event_assoc_timed_out(struct wpa_supplicant *wpa_s, 547 union wpa_event_data *data) 548 { 549 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Association timed out"); 550 wpas_connection_failed(wpa_s, wpa_s->pending_bssid); 551 wpa_supplicant_mark_disassoc(wpa_s); 552 } 553 554 555 void sme_event_disassoc(struct wpa_supplicant *wpa_s, 556 union wpa_event_data *data) 557 { 558 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Disassociation event received"); 559 if (wpa_s->sme.prev_bssid_set) { 560 /* 561 * cfg80211/mac80211 can get into somewhat confused state if 562 * the AP only disassociates us and leaves us in authenticated 563 * state. For now, force the state to be cleared to avoid 564 * confusing errors if we try to associate with the AP again. 565 */ 566 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Deauthenticate to clear " 567 "driver state"); 568 wpa_drv_deauthenticate(wpa_s, wpa_s->sme.prev_bssid, 569 WLAN_REASON_DEAUTH_LEAVING); 570 } 571 } 572 573 574 static void sme_auth_timer(void *eloop_ctx, void *timeout_ctx) 575 { 576 struct wpa_supplicant *wpa_s = eloop_ctx; 577 if (wpa_s->wpa_state == WPA_AUTHENTICATING) { 578 wpa_msg(wpa_s, MSG_DEBUG, "SME: Authentication timeout"); 579 sme_deauth(wpa_s); 580 } 581 } 582 583 584 static void sme_assoc_timer(void *eloop_ctx, void *timeout_ctx) 585 { 586 struct wpa_supplicant *wpa_s = eloop_ctx; 587 if (wpa_s->wpa_state == WPA_ASSOCIATING) { 588 wpa_msg(wpa_s, MSG_DEBUG, "SME: Association timeout"); 589 sme_deauth(wpa_s); 590 } 591 } 592 593 594 void sme_state_changed(struct wpa_supplicant *wpa_s) 595 { 596 /* Make sure timers are cleaned up appropriately. */ 597 if (wpa_s->wpa_state != WPA_ASSOCIATING) 598 eloop_cancel_timeout(sme_assoc_timer, wpa_s, NULL); 599 if (wpa_s->wpa_state != WPA_AUTHENTICATING) 600 eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL); 601 } 602 603 604 void sme_disassoc_while_authenticating(struct wpa_supplicant *wpa_s, 605 const u8 *prev_pending_bssid) 606 { 607 /* 608 * mac80211-workaround to force deauth on failed auth cmd, 609 * requires us to remain in authenticating state to allow the 610 * second authentication attempt to be continued properly. 611 */ 612 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Allow pending authentication " 613 "to proceed after disconnection event"); 614 wpa_supplicant_set_state(wpa_s, WPA_AUTHENTICATING); 615 os_memcpy(wpa_s->pending_bssid, prev_pending_bssid, ETH_ALEN); 616 617 /* 618 * Re-arm authentication timer in case auth fails for whatever reason. 619 */ 620 eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL); 621 eloop_register_timeout(SME_AUTH_TIMEOUT, 0, sme_auth_timer, wpa_s, 622 NULL); 623 } 624 625 626 void sme_deinit(struct wpa_supplicant *wpa_s) 627 { 628 os_free(wpa_s->sme.ft_ies); 629 wpa_s->sme.ft_ies = NULL; 630 wpa_s->sme.ft_ies_len = 0; 631 #ifdef CONFIG_IEEE80211W 632 sme_stop_sa_query(wpa_s); 633 #endif /* CONFIG_IEEE80211W */ 634 635 eloop_cancel_timeout(sme_assoc_timer, wpa_s, NULL); 636 eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL); 637 eloop_cancel_timeout(sme_obss_scan_timeout, wpa_s, NULL); 638 } 639 640 641 static void sme_send_2040_bss_coex(struct wpa_supplicant *wpa_s, 642 const u8 *chan_list, u8 num_channels, 643 u8 num_intol) 644 { 645 struct ieee80211_2040_bss_coex_ie *bc_ie; 646 struct ieee80211_2040_intol_chan_report *ic_report; 647 struct wpabuf *buf; 648 649 wpa_printf(MSG_DEBUG, "SME: Send 20/40 BSS Coexistence to " MACSTR, 650 MAC2STR(wpa_s->bssid)); 651 652 buf = wpabuf_alloc(2 + /* action.category + action_code */ 653 sizeof(struct ieee80211_2040_bss_coex_ie) + 654 sizeof(struct ieee80211_2040_intol_chan_report) + 655 num_channels); 656 if (buf == NULL) 657 return; 658 659 wpabuf_put_u8(buf, WLAN_ACTION_PUBLIC); 660 wpabuf_put_u8(buf, WLAN_PA_20_40_BSS_COEX); 661 662 bc_ie = wpabuf_put(buf, sizeof(*bc_ie)); 663 bc_ie->element_id = WLAN_EID_20_40_BSS_COEXISTENCE; 664 bc_ie->length = 1; 665 if (num_intol) 666 bc_ie->coex_param |= WLAN_20_40_BSS_COEX_20MHZ_WIDTH_REQ; 667 668 if (num_channels > 0) { 669 ic_report = wpabuf_put(buf, sizeof(*ic_report)); 670 ic_report->element_id = WLAN_EID_20_40_BSS_INTOLERANT; 671 ic_report->length = num_channels + 1; 672 ic_report->op_class = 0; 673 os_memcpy(wpabuf_put(buf, num_channels), chan_list, 674 num_channels); 675 } 676 677 if (wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid, 678 wpa_s->own_addr, wpa_s->bssid, 679 wpabuf_head(buf), wpabuf_len(buf), 0) < 0) { 680 wpa_msg(wpa_s, MSG_INFO, 681 "SME: Failed to send 20/40 BSS Coexistence frame"); 682 } 683 684 wpabuf_free(buf); 685 } 686 687 688 /** 689 * enum wpas_band - Frequency band 690 * @WPAS_BAND_2GHZ: 2.4 GHz ISM band 691 * @WPAS_BAND_5GHZ: around 5 GHz band (4.9 - 5.7 GHz) 692 */ 693 enum wpas_band { 694 WPAS_BAND_2GHZ, 695 WPAS_BAND_5GHZ, 696 WPAS_BAND_INVALID 697 }; 698 699 /** 700 * freq_to_channel - Convert frequency into channel info 701 * @channel: Buffer for returning channel number 702 * Returns: Band (2 or 5 GHz) 703 */ 704 static enum wpas_band freq_to_channel(int freq, u8 *channel) 705 { 706 enum wpas_band band = (freq <= 2484) ? WPAS_BAND_2GHZ : WPAS_BAND_5GHZ; 707 u8 chan = 0; 708 709 if (freq >= 2412 && freq <= 2472) 710 chan = (freq - 2407) / 5; 711 else if (freq == 2484) 712 chan = 14; 713 else if (freq >= 5180 && freq <= 5805) 714 chan = (freq - 5000) / 5; 715 716 *channel = chan; 717 return band; 718 } 719 720 721 int sme_proc_obss_scan(struct wpa_supplicant *wpa_s) 722 { 723 struct wpa_bss *bss; 724 const u8 *ie; 725 u16 ht_cap; 726 u8 chan_list[P2P_MAX_CHANNELS], channel; 727 u8 num_channels = 0, num_intol = 0, i; 728 729 if (!wpa_s->sme.sched_obss_scan) 730 return 0; 731 732 wpa_s->sme.sched_obss_scan = 0; 733 if (!wpa_s->current_bss || wpa_s->wpa_state != WPA_COMPLETED) 734 return 1; 735 736 /* 737 * Check whether AP uses regulatory triplet or channel triplet in 738 * country info. Right now the operating class of the BSS channel 739 * width trigger event is "unknown" (IEEE Std 802.11-2012 10.15.12), 740 * based on the assumption that operating class triplet is not used in 741 * beacon frame. If the First Channel Number/Operating Extension 742 * Identifier octet has a positive integer value of 201 or greater, 743 * then its operating class triplet. 744 * 745 * TODO: If Supported Operating Classes element is present in beacon 746 * frame, have to lookup operating class in Annex E and fill them in 747 * 2040 coex frame. 748 */ 749 ie = wpa_bss_get_ie(wpa_s->current_bss, WLAN_EID_COUNTRY); 750 if (ie && (ie[1] >= 6) && (ie[5] >= 201)) 751 return 1; 752 753 os_memset(chan_list, 0, sizeof(chan_list)); 754 755 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { 756 /* Skip other band bss */ 757 if (freq_to_channel(bss->freq, &channel) != WPAS_BAND_2GHZ) 758 continue; 759 760 ie = wpa_bss_get_ie(bss, WLAN_EID_HT_CAP); 761 ht_cap = (ie && (ie[1] == 26)) ? WPA_GET_LE16(ie + 2) : 0; 762 763 if (!ht_cap || (ht_cap & HT_CAP_INFO_40MHZ_INTOLERANT)) { 764 /* Check whether the channel is already considered */ 765 for (i = 0; i < num_channels; i++) { 766 if (channel == chan_list[i]) 767 break; 768 } 769 if (i != num_channels) 770 continue; 771 772 if (ht_cap & HT_CAP_INFO_40MHZ_INTOLERANT) 773 num_intol++; 774 775 chan_list[num_channels++] = channel; 776 } 777 } 778 779 sme_send_2040_bss_coex(wpa_s, chan_list, num_channels, num_intol); 780 return 1; 781 } 782 783 784 static struct hostapd_hw_modes * get_mode(struct hostapd_hw_modes *modes, 785 u16 num_modes, 786 enum hostapd_hw_mode mode) 787 { 788 u16 i; 789 790 for (i = 0; i < num_modes; i++) { 791 if (modes[i].mode == mode) 792 return &modes[i]; 793 } 794 795 return NULL; 796 } 797 798 799 static void wpa_setband_scan_freqs_list(struct wpa_supplicant *wpa_s, 800 enum hostapd_hw_mode band, 801 struct wpa_driver_scan_params *params) 802 { 803 /* Include only supported channels for the specified band */ 804 struct hostapd_hw_modes *mode; 805 int count, i; 806 807 mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes, band); 808 if (mode == NULL) { 809 /* No channels supported in this band - use empty list */ 810 params->freqs = os_zalloc(sizeof(int)); 811 return; 812 } 813 814 params->freqs = os_calloc(mode->num_channels + 1, sizeof(int)); 815 if (params->freqs == NULL) 816 return; 817 for (count = 0, i = 0; i < mode->num_channels; i++) { 818 if (mode->channels[i].flag & HOSTAPD_CHAN_DISABLED) 819 continue; 820 params->freqs[count++] = mode->channels[i].freq; 821 } 822 } 823 824 825 static void sme_obss_scan_timeout(void *eloop_ctx, void *timeout_ctx) 826 { 827 struct wpa_supplicant *wpa_s = eloop_ctx; 828 struct wpa_driver_scan_params params; 829 830 if (!wpa_s->current_bss) { 831 wpa_printf(MSG_DEBUG, "SME OBSS: Ignore scan request"); 832 return; 833 } 834 835 os_memset(¶ms, 0, sizeof(params)); 836 wpa_setband_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211G, ¶ms); 837 wpa_printf(MSG_DEBUG, "SME OBSS: Request an OBSS scan"); 838 839 if (wpa_supplicant_trigger_scan(wpa_s, ¶ms)) 840 wpa_printf(MSG_DEBUG, "SME OBSS: Failed to trigger scan"); 841 else 842 wpa_s->sme.sched_obss_scan = 1; 843 os_free(params.freqs); 844 845 eloop_register_timeout(wpa_s->sme.obss_scan_int, 0, 846 sme_obss_scan_timeout, wpa_s, NULL); 847 } 848 849 850 void sme_sched_obss_scan(struct wpa_supplicant *wpa_s, int enable) 851 { 852 const u8 *ie; 853 struct wpa_bss *bss = wpa_s->current_bss; 854 struct wpa_ssid *ssid = wpa_s->current_ssid; 855 struct hostapd_hw_modes *hw_mode = NULL; 856 int i; 857 858 eloop_cancel_timeout(sme_obss_scan_timeout, wpa_s, NULL); 859 wpa_s->sme.sched_obss_scan = 0; 860 if (!enable) 861 return; 862 863 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) || ssid == NULL || 864 ssid->mode != IEEE80211_MODE_INFRA) 865 return; /* Not using station SME in wpa_supplicant */ 866 867 if (!wpa_s->hw.modes) 868 return; 869 870 /* only HT caps in 11g mode are relevant */ 871 for (i = 0; i < wpa_s->hw.num_modes; i++) { 872 hw_mode = &wpa_s->hw.modes[i]; 873 if (hw_mode->mode == HOSTAPD_MODE_IEEE80211G) 874 break; 875 } 876 877 /* Driver does not support HT40 for 11g or doesn't have 11g. */ 878 if (i == wpa_s->hw.num_modes || !hw_mode || 879 !(hw_mode->ht_capab & HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) 880 return; 881 882 if (bss == NULL || bss->freq < 2400 || bss->freq > 2500) 883 return; /* Not associated on 2.4 GHz band */ 884 885 /* Check whether AP supports HT40 */ 886 ie = wpa_bss_get_ie(wpa_s->current_bss, WLAN_EID_HT_CAP); 887 if (!ie || ie[1] < 2 || 888 !(WPA_GET_LE16(ie + 2) & HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) 889 return; /* AP does not support HT40 */ 890 891 ie = wpa_bss_get_ie(wpa_s->current_bss, 892 WLAN_EID_OVERLAPPING_BSS_SCAN_PARAMS); 893 if (!ie || ie[1] < 14) 894 return; /* AP does not request OBSS scans */ 895 896 wpa_s->sme.obss_scan_int = WPA_GET_LE16(ie + 6); 897 if (wpa_s->sme.obss_scan_int < 10) { 898 wpa_printf(MSG_DEBUG, "SME: Invalid OBSS Scan Interval %u " 899 "replaced with the minimum 10 sec", 900 wpa_s->sme.obss_scan_int); 901 wpa_s->sme.obss_scan_int = 10; 902 } 903 wpa_printf(MSG_DEBUG, "SME: OBSS Scan Interval %u sec", 904 wpa_s->sme.obss_scan_int); 905 eloop_register_timeout(wpa_s->sme.obss_scan_int, 0, 906 sme_obss_scan_timeout, wpa_s, NULL); 907 } 908 909 910 #ifdef CONFIG_IEEE80211W 911 912 static const unsigned int sa_query_max_timeout = 1000; 913 static const unsigned int sa_query_retry_timeout = 201; 914 915 static int sme_check_sa_query_timeout(struct wpa_supplicant *wpa_s) 916 { 917 u32 tu; 918 struct os_time now, passed; 919 os_get_time(&now); 920 os_time_sub(&now, &wpa_s->sme.sa_query_start, &passed); 921 tu = (passed.sec * 1000000 + passed.usec) / 1024; 922 if (sa_query_max_timeout < tu) { 923 wpa_dbg(wpa_s, MSG_DEBUG, "SME: SA Query timed out"); 924 sme_stop_sa_query(wpa_s); 925 wpa_supplicant_deauthenticate( 926 wpa_s, WLAN_REASON_PREV_AUTH_NOT_VALID); 927 return 1; 928 } 929 930 return 0; 931 } 932 933 934 static void sme_send_sa_query_req(struct wpa_supplicant *wpa_s, 935 const u8 *trans_id) 936 { 937 u8 req[2 + WLAN_SA_QUERY_TR_ID_LEN]; 938 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Sending SA Query Request to " 939 MACSTR, MAC2STR(wpa_s->bssid)); 940 wpa_hexdump(MSG_DEBUG, "SME: SA Query Transaction ID", 941 trans_id, WLAN_SA_QUERY_TR_ID_LEN); 942 req[0] = WLAN_ACTION_SA_QUERY; 943 req[1] = WLAN_SA_QUERY_REQUEST; 944 os_memcpy(req + 2, trans_id, WLAN_SA_QUERY_TR_ID_LEN); 945 if (wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid, 946 wpa_s->own_addr, wpa_s->bssid, 947 req, sizeof(req), 0) < 0) 948 wpa_msg(wpa_s, MSG_INFO, "SME: Failed to send SA Query " 949 "Request"); 950 } 951 952 953 static void sme_sa_query_timer(void *eloop_ctx, void *timeout_ctx) 954 { 955 struct wpa_supplicant *wpa_s = eloop_ctx; 956 unsigned int timeout, sec, usec; 957 u8 *trans_id, *nbuf; 958 959 if (wpa_s->sme.sa_query_count > 0 && 960 sme_check_sa_query_timeout(wpa_s)) 961 return; 962 963 nbuf = os_realloc_array(wpa_s->sme.sa_query_trans_id, 964 wpa_s->sme.sa_query_count + 1, 965 WLAN_SA_QUERY_TR_ID_LEN); 966 if (nbuf == NULL) 967 return; 968 if (wpa_s->sme.sa_query_count == 0) { 969 /* Starting a new SA Query procedure */ 970 os_get_time(&wpa_s->sme.sa_query_start); 971 } 972 trans_id = nbuf + wpa_s->sme.sa_query_count * WLAN_SA_QUERY_TR_ID_LEN; 973 wpa_s->sme.sa_query_trans_id = nbuf; 974 wpa_s->sme.sa_query_count++; 975 976 os_get_random(trans_id, WLAN_SA_QUERY_TR_ID_LEN); 977 978 timeout = sa_query_retry_timeout; 979 sec = ((timeout / 1000) * 1024) / 1000; 980 usec = (timeout % 1000) * 1024; 981 eloop_register_timeout(sec, usec, sme_sa_query_timer, wpa_s, NULL); 982 983 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Association SA Query attempt %d", 984 wpa_s->sme.sa_query_count); 985 986 sme_send_sa_query_req(wpa_s, trans_id); 987 } 988 989 990 static void sme_start_sa_query(struct wpa_supplicant *wpa_s) 991 { 992 sme_sa_query_timer(wpa_s, NULL); 993 } 994 995 996 static void sme_stop_sa_query(struct wpa_supplicant *wpa_s) 997 { 998 eloop_cancel_timeout(sme_sa_query_timer, wpa_s, NULL); 999 os_free(wpa_s->sme.sa_query_trans_id); 1000 wpa_s->sme.sa_query_trans_id = NULL; 1001 wpa_s->sme.sa_query_count = 0; 1002 } 1003 1004 1005 void sme_event_unprot_disconnect(struct wpa_supplicant *wpa_s, const u8 *sa, 1006 const u8 *da, u16 reason_code) 1007 { 1008 struct wpa_ssid *ssid; 1009 1010 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)) 1011 return; 1012 if (wpa_s->wpa_state != WPA_COMPLETED) 1013 return; 1014 ssid = wpa_s->current_ssid; 1015 if (ssid == NULL || ssid->ieee80211w == 0) 1016 return; 1017 if (os_memcmp(sa, wpa_s->bssid, ETH_ALEN) != 0) 1018 return; 1019 if (reason_code != WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA && 1020 reason_code != WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA) 1021 return; 1022 if (wpa_s->sme.sa_query_count > 0) 1023 return; 1024 1025 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Unprotected disconnect dropped - " 1026 "possible AP/STA state mismatch - trigger SA Query"); 1027 sme_start_sa_query(wpa_s); 1028 } 1029 1030 1031 void sme_sa_query_rx(struct wpa_supplicant *wpa_s, const u8 *sa, 1032 const u8 *data, size_t len) 1033 { 1034 int i; 1035 1036 if (wpa_s->sme.sa_query_trans_id == NULL || 1037 len < 1 + WLAN_SA_QUERY_TR_ID_LEN || 1038 data[0] != WLAN_SA_QUERY_RESPONSE) 1039 return; 1040 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Received SA Query response from " 1041 MACSTR " (trans_id %02x%02x)", MAC2STR(sa), data[1], data[2]); 1042 1043 if (os_memcmp(sa, wpa_s->bssid, ETH_ALEN) != 0) 1044 return; 1045 1046 for (i = 0; i < wpa_s->sme.sa_query_count; i++) { 1047 if (os_memcmp(wpa_s->sme.sa_query_trans_id + 1048 i * WLAN_SA_QUERY_TR_ID_LEN, 1049 data + 1, WLAN_SA_QUERY_TR_ID_LEN) == 0) 1050 break; 1051 } 1052 1053 if (i >= wpa_s->sme.sa_query_count) { 1054 wpa_dbg(wpa_s, MSG_DEBUG, "SME: No matching SA Query " 1055 "transaction identifier found"); 1056 return; 1057 } 1058 1059 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Reply to pending SA Query received " 1060 "from " MACSTR, MAC2STR(sa)); 1061 sme_stop_sa_query(wpa_s); 1062 } 1063 1064 #endif /* CONFIG_IEEE80211W */ 1065