1 /* 2 * WPA Supplicant - Glue code to setup EAPOL and RSN modules 3 * Copyright (c) 2003-2012, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "includes.h" 10 11 #include "common.h" 12 #include "eapol_supp/eapol_supp_sm.h" 13 #include "rsn_supp/wpa.h" 14 #include "eloop.h" 15 #include "config.h" 16 #include "l2_packet/l2_packet.h" 17 #include "common/wpa_common.h" 18 #include "wpa_supplicant_i.h" 19 #include "driver_i.h" 20 #include "rsn_supp/pmksa_cache.h" 21 #include "sme.h" 22 #include "common/ieee802_11_defs.h" 23 #include "common/wpa_ctrl.h" 24 #include "wpas_glue.h" 25 #include "wps_supplicant.h" 26 #include "bss.h" 27 #include "scan.h" 28 #include "notify.h" 29 #include "wpas_kay.h" 30 31 32 #ifndef CONFIG_NO_CONFIG_BLOBS 33 #if defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA) 34 static void wpa_supplicant_set_config_blob(void *ctx, 35 struct wpa_config_blob *blob) 36 { 37 struct wpa_supplicant *wpa_s = ctx; 38 wpa_config_set_blob(wpa_s->conf, blob); 39 if (wpa_s->conf->update_config) { 40 int ret = wpa_config_write(wpa_s->confname, wpa_s->conf); 41 if (ret) { 42 wpa_printf(MSG_DEBUG, "Failed to update config after " 43 "blob set"); 44 } 45 } 46 } 47 48 49 static const struct wpa_config_blob * 50 wpa_supplicant_get_config_blob(void *ctx, const char *name) 51 { 52 struct wpa_supplicant *wpa_s = ctx; 53 return wpa_config_get_blob(wpa_s->conf, name); 54 } 55 #endif /* defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA) */ 56 #endif /* CONFIG_NO_CONFIG_BLOBS */ 57 58 59 #if defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA) 60 static u8 * wpa_alloc_eapol(const struct wpa_supplicant *wpa_s, u8 type, 61 const void *data, u16 data_len, 62 size_t *msg_len, void **data_pos) 63 { 64 struct ieee802_1x_hdr *hdr; 65 66 *msg_len = sizeof(*hdr) + data_len; 67 hdr = os_malloc(*msg_len); 68 if (hdr == NULL) 69 return NULL; 70 71 hdr->version = wpa_s->conf->eapol_version; 72 hdr->type = type; 73 hdr->length = host_to_be16(data_len); 74 75 if (data) 76 os_memcpy(hdr + 1, data, data_len); 77 else 78 os_memset(hdr + 1, 0, data_len); 79 80 if (data_pos) 81 *data_pos = hdr + 1; 82 83 return (u8 *) hdr; 84 } 85 86 87 /** 88 * wpa_ether_send - Send Ethernet frame 89 * @wpa_s: Pointer to wpa_supplicant data 90 * @dest: Destination MAC address 91 * @proto: Ethertype in host byte order 92 * @buf: Frame payload starting from IEEE 802.1X header 93 * @len: Frame payload length 94 * Returns: >=0 on success, <0 on failure 95 */ 96 static int wpa_ether_send(struct wpa_supplicant *wpa_s, const u8 *dest, 97 u16 proto, const u8 *buf, size_t len) 98 { 99 if (wpa_s->l2) { 100 return l2_packet_send(wpa_s->l2, dest, proto, buf, len); 101 } 102 103 return wpa_drv_send_eapol(wpa_s, dest, proto, buf, len); 104 } 105 #endif /* IEEE8021X_EAPOL || !CONFIG_NO_WPA */ 106 107 108 #ifdef IEEE8021X_EAPOL 109 110 /** 111 * wpa_supplicant_eapol_send - Send IEEE 802.1X EAPOL packet to Authenticator 112 * @ctx: Pointer to wpa_supplicant data (wpa_s) 113 * @type: IEEE 802.1X packet type (IEEE802_1X_TYPE_*) 114 * @buf: EAPOL payload (after IEEE 802.1X header) 115 * @len: EAPOL payload length 116 * Returns: >=0 on success, <0 on failure 117 * 118 * This function adds Ethernet and IEEE 802.1X header and sends the EAPOL frame 119 * to the current Authenticator. 120 */ 121 static int wpa_supplicant_eapol_send(void *ctx, int type, const u8 *buf, 122 size_t len) 123 { 124 struct wpa_supplicant *wpa_s = ctx; 125 u8 *msg, *dst, bssid[ETH_ALEN]; 126 size_t msglen; 127 int res; 128 129 /* TODO: could add l2_packet_sendmsg that allows fragments to avoid 130 * extra copy here */ 131 132 if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) || 133 wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) { 134 /* Current SSID is not using IEEE 802.1X/EAP, so drop possible 135 * EAPOL frames (mainly, EAPOL-Start) from EAPOL state 136 * machines. */ 137 wpa_printf(MSG_DEBUG, "WPA: drop TX EAPOL in non-IEEE 802.1X " 138 "mode (type=%d len=%lu)", type, 139 (unsigned long) len); 140 return -1; 141 } 142 143 if (pmksa_cache_get_current(wpa_s->wpa) && 144 type == IEEE802_1X_TYPE_EAPOL_START) { 145 /* 146 * We were trying to use PMKSA caching and sending EAPOL-Start 147 * would abort that and trigger full EAPOL authentication. 148 * However, we've already waited for the AP/Authenticator to 149 * start 4-way handshake or EAP authentication, and apparently 150 * it has not done so since the startWhen timer has reached zero 151 * to get the state machine sending EAPOL-Start. This is not 152 * really supposed to happen, but an interoperability issue with 153 * a deployed AP has been identified where the connection fails 154 * due to that AP failing to operate correctly if PMKID is 155 * included in the Association Request frame. To work around 156 * this, assume PMKSA caching failed and try to initiate full 157 * EAP authentication. 158 */ 159 if (!wpa_s->current_ssid || 160 wpa_s->current_ssid->eap_workaround) { 161 wpa_printf(MSG_DEBUG, 162 "RSN: Timeout on waiting for the AP to initiate 4-way handshake for PMKSA caching or EAP authentication - try to force it to start EAP authentication"); 163 } else { 164 wpa_printf(MSG_DEBUG, 165 "RSN: PMKSA caching - do not send EAPOL-Start"); 166 return -1; 167 } 168 } 169 170 if (is_zero_ether_addr(wpa_s->bssid)) { 171 wpa_printf(MSG_DEBUG, "BSSID not set when trying to send an " 172 "EAPOL frame"); 173 if (wpa_drv_get_bssid(wpa_s, bssid) == 0 && 174 !is_zero_ether_addr(bssid)) { 175 dst = bssid; 176 wpa_printf(MSG_DEBUG, "Using current BSSID " MACSTR 177 " from the driver as the EAPOL destination", 178 MAC2STR(dst)); 179 } else { 180 dst = wpa_s->last_eapol_src; 181 wpa_printf(MSG_DEBUG, "Using the source address of the" 182 " last received EAPOL frame " MACSTR " as " 183 "the EAPOL destination", 184 MAC2STR(dst)); 185 } 186 } else { 187 /* BSSID was already set (from (Re)Assoc event, so use it as 188 * the EAPOL destination. */ 189 dst = wpa_s->bssid; 190 } 191 192 msg = wpa_alloc_eapol(wpa_s, type, buf, len, &msglen, NULL); 193 if (msg == NULL) 194 return -1; 195 196 wpa_printf(MSG_DEBUG, "TX EAPOL: dst=" MACSTR, MAC2STR(dst)); 197 wpa_hexdump(MSG_MSGDUMP, "TX EAPOL", msg, msglen); 198 res = wpa_ether_send(wpa_s, dst, ETH_P_EAPOL, msg, msglen); 199 os_free(msg); 200 return res; 201 } 202 203 204 /** 205 * wpa_eapol_set_wep_key - set WEP key for the driver 206 * @ctx: Pointer to wpa_supplicant data (wpa_s) 207 * @unicast: 1 = individual unicast key, 0 = broadcast key 208 * @keyidx: WEP key index (0..3) 209 * @key: Pointer to key data 210 * @keylen: Key length in bytes 211 * Returns: 0 on success or < 0 on error. 212 */ 213 static int wpa_eapol_set_wep_key(void *ctx, int unicast, int keyidx, 214 const u8 *key, size_t keylen) 215 { 216 struct wpa_supplicant *wpa_s = ctx; 217 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) { 218 int cipher = (keylen == 5) ? WPA_CIPHER_WEP40 : 219 WPA_CIPHER_WEP104; 220 if (unicast) 221 wpa_s->pairwise_cipher = cipher; 222 else 223 wpa_s->group_cipher = cipher; 224 } 225 return wpa_drv_set_key(wpa_s, WPA_ALG_WEP, 226 unicast ? wpa_s->bssid : NULL, 227 keyidx, unicast, NULL, 0, key, keylen); 228 } 229 230 231 static void wpa_supplicant_aborted_cached(void *ctx) 232 { 233 struct wpa_supplicant *wpa_s = ctx; 234 wpa_sm_aborted_cached(wpa_s->wpa); 235 } 236 237 238 static const char * result_str(enum eapol_supp_result result) 239 { 240 switch (result) { 241 case EAPOL_SUPP_RESULT_FAILURE: 242 return "FAILURE"; 243 case EAPOL_SUPP_RESULT_SUCCESS: 244 return "SUCCESS"; 245 case EAPOL_SUPP_RESULT_EXPECTED_FAILURE: 246 return "EXPECTED_FAILURE"; 247 } 248 return "?"; 249 } 250 251 252 static void wpa_supplicant_eapol_cb(struct eapol_sm *eapol, 253 enum eapol_supp_result result, 254 void *ctx) 255 { 256 struct wpa_supplicant *wpa_s = ctx; 257 int res, pmk_len; 258 u8 pmk[PMK_LEN]; 259 260 wpa_printf(MSG_DEBUG, "EAPOL authentication completed - result=%s", 261 result_str(result)); 262 263 if (wpas_wps_eapol_cb(wpa_s) > 0) 264 return; 265 266 wpa_s->eap_expected_failure = result == 267 EAPOL_SUPP_RESULT_EXPECTED_FAILURE; 268 269 if (result != EAPOL_SUPP_RESULT_SUCCESS) { 270 /* 271 * Make sure we do not get stuck here waiting for long EAPOL 272 * timeout if the AP does not disconnect in case of 273 * authentication failure. 274 */ 275 wpa_supplicant_req_auth_timeout(wpa_s, 2, 0); 276 } else { 277 ieee802_1x_notify_create_actor(wpa_s, wpa_s->last_eapol_src); 278 } 279 280 if (result != EAPOL_SUPP_RESULT_SUCCESS || 281 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE)) 282 return; 283 284 if (!wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) 285 return; 286 287 wpa_printf(MSG_DEBUG, "Configure PMK for driver-based RSN 4-way " 288 "handshake"); 289 290 pmk_len = PMK_LEN; 291 if (wpa_key_mgmt_ft(wpa_s->key_mgmt)) { 292 #ifdef CONFIG_IEEE80211R 293 u8 buf[2 * PMK_LEN]; 294 wpa_printf(MSG_DEBUG, "RSN: Use FT XXKey as PMK for " 295 "driver-based 4-way hs and FT"); 296 res = eapol_sm_get_key(eapol, buf, 2 * PMK_LEN); 297 if (res == 0) { 298 os_memcpy(pmk, buf + PMK_LEN, PMK_LEN); 299 os_memset(buf, 0, sizeof(buf)); 300 } 301 #else /* CONFIG_IEEE80211R */ 302 res = -1; 303 #endif /* CONFIG_IEEE80211R */ 304 } else { 305 res = eapol_sm_get_key(eapol, pmk, PMK_LEN); 306 if (res) { 307 /* 308 * EAP-LEAP is an exception from other EAP methods: it 309 * uses only 16-byte PMK. 310 */ 311 res = eapol_sm_get_key(eapol, pmk, 16); 312 pmk_len = 16; 313 } 314 } 315 316 if (res) { 317 wpa_printf(MSG_DEBUG, "Failed to get PMK from EAPOL state " 318 "machines"); 319 return; 320 } 321 322 wpa_hexdump_key(MSG_DEBUG, "RSN: Configure PMK for driver-based 4-way " 323 "handshake", pmk, pmk_len); 324 325 if (wpa_drv_set_key(wpa_s, WPA_ALG_PMK, NULL, 0, 0, NULL, 0, pmk, 326 pmk_len)) { 327 wpa_printf(MSG_DEBUG, "Failed to set PMK to the driver"); 328 } 329 330 wpa_supplicant_cancel_scan(wpa_s); 331 wpa_supplicant_cancel_auth_timeout(wpa_s); 332 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED); 333 334 } 335 336 337 static void wpa_supplicant_notify_eapol_done(void *ctx) 338 { 339 struct wpa_supplicant *wpa_s = ctx; 340 wpa_msg(wpa_s, MSG_DEBUG, "WPA: EAPOL processing complete"); 341 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) { 342 wpa_supplicant_set_state(wpa_s, WPA_4WAY_HANDSHAKE); 343 } else { 344 wpa_supplicant_cancel_auth_timeout(wpa_s); 345 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED); 346 } 347 } 348 349 #endif /* IEEE8021X_EAPOL */ 350 351 352 #ifndef CONFIG_NO_WPA 353 354 static int wpa_get_beacon_ie(struct wpa_supplicant *wpa_s) 355 { 356 int ret = 0; 357 struct wpa_bss *curr = NULL, *bss; 358 struct wpa_ssid *ssid = wpa_s->current_ssid; 359 const u8 *ie; 360 361 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { 362 if (os_memcmp(bss->bssid, wpa_s->bssid, ETH_ALEN) != 0) 363 continue; 364 if (ssid == NULL || 365 ((bss->ssid_len == ssid->ssid_len && 366 os_memcmp(bss->ssid, ssid->ssid, ssid->ssid_len) == 0) || 367 ssid->ssid_len == 0)) { 368 curr = bss; 369 break; 370 } 371 } 372 373 if (curr) { 374 ie = wpa_bss_get_vendor_ie(curr, WPA_IE_VENDOR_TYPE); 375 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0)) 376 ret = -1; 377 378 ie = wpa_bss_get_ie(curr, WLAN_EID_RSN); 379 if (wpa_sm_set_ap_rsn_ie(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0)) 380 ret = -1; 381 } else { 382 ret = -1; 383 } 384 385 return ret; 386 } 387 388 389 static int wpa_supplicant_get_beacon_ie(void *ctx) 390 { 391 struct wpa_supplicant *wpa_s = ctx; 392 if (wpa_get_beacon_ie(wpa_s) == 0) { 393 return 0; 394 } 395 396 /* No WPA/RSN IE found in the cached scan results. Try to get updated 397 * scan results from the driver. */ 398 if (wpa_supplicant_update_scan_results(wpa_s) < 0) 399 return -1; 400 401 return wpa_get_beacon_ie(wpa_s); 402 } 403 404 405 static u8 * _wpa_alloc_eapol(void *wpa_s, u8 type, 406 const void *data, u16 data_len, 407 size_t *msg_len, void **data_pos) 408 { 409 return wpa_alloc_eapol(wpa_s, type, data, data_len, msg_len, data_pos); 410 } 411 412 413 static int _wpa_ether_send(void *wpa_s, const u8 *dest, u16 proto, 414 const u8 *buf, size_t len) 415 { 416 return wpa_ether_send(wpa_s, dest, proto, buf, len); 417 } 418 419 420 static void _wpa_supplicant_cancel_auth_timeout(void *wpa_s) 421 { 422 wpa_supplicant_cancel_auth_timeout(wpa_s); 423 } 424 425 426 static void _wpa_supplicant_set_state(void *wpa_s, enum wpa_states state) 427 { 428 wpa_supplicant_set_state(wpa_s, state); 429 } 430 431 432 /** 433 * wpa_supplicant_get_state - Get the connection state 434 * @wpa_s: Pointer to wpa_supplicant data 435 * Returns: The current connection state (WPA_*) 436 */ 437 static enum wpa_states wpa_supplicant_get_state(struct wpa_supplicant *wpa_s) 438 { 439 return wpa_s->wpa_state; 440 } 441 442 443 static enum wpa_states _wpa_supplicant_get_state(void *wpa_s) 444 { 445 return wpa_supplicant_get_state(wpa_s); 446 } 447 448 449 static void _wpa_supplicant_deauthenticate(void *wpa_s, int reason_code) 450 { 451 wpa_supplicant_deauthenticate(wpa_s, reason_code); 452 /* Schedule a scan to make sure we continue looking for networks */ 453 wpa_supplicant_req_scan(wpa_s, 5, 0); 454 } 455 456 457 static void * wpa_supplicant_get_network_ctx(void *wpa_s) 458 { 459 return wpa_supplicant_get_ssid(wpa_s); 460 } 461 462 463 static int wpa_supplicant_get_bssid(void *ctx, u8 *bssid) 464 { 465 struct wpa_supplicant *wpa_s = ctx; 466 return wpa_drv_get_bssid(wpa_s, bssid); 467 } 468 469 470 static int wpa_supplicant_set_key(void *_wpa_s, enum wpa_alg alg, 471 const u8 *addr, int key_idx, int set_tx, 472 const u8 *seq, size_t seq_len, 473 const u8 *key, size_t key_len) 474 { 475 struct wpa_supplicant *wpa_s = _wpa_s; 476 if (alg == WPA_ALG_TKIP && key_idx == 0 && key_len == 32) { 477 /* Clear the MIC error counter when setting a new PTK. */ 478 wpa_s->mic_errors_seen = 0; 479 } 480 #ifdef CONFIG_TESTING_GET_GTK 481 if (key_idx > 0 && addr && is_broadcast_ether_addr(addr) && 482 alg != WPA_ALG_NONE && key_len <= sizeof(wpa_s->last_gtk)) { 483 os_memcpy(wpa_s->last_gtk, key, key_len); 484 wpa_s->last_gtk_len = key_len; 485 } 486 #endif /* CONFIG_TESTING_GET_GTK */ 487 return wpa_drv_set_key(wpa_s, alg, addr, key_idx, set_tx, seq, seq_len, 488 key, key_len); 489 } 490 491 492 static int wpa_supplicant_mlme_setprotection(void *wpa_s, const u8 *addr, 493 int protection_type, 494 int key_type) 495 { 496 return wpa_drv_mlme_setprotection(wpa_s, addr, protection_type, 497 key_type); 498 } 499 500 501 static int wpa_supplicant_add_pmkid(void *wpa_s, 502 const u8 *bssid, const u8 *pmkid) 503 { 504 return wpa_drv_add_pmkid(wpa_s, bssid, pmkid); 505 } 506 507 508 static int wpa_supplicant_remove_pmkid(void *wpa_s, 509 const u8 *bssid, const u8 *pmkid) 510 { 511 return wpa_drv_remove_pmkid(wpa_s, bssid, pmkid); 512 } 513 514 515 #ifdef CONFIG_IEEE80211R 516 static int wpa_supplicant_update_ft_ies(void *ctx, const u8 *md, 517 const u8 *ies, size_t ies_len) 518 { 519 struct wpa_supplicant *wpa_s = ctx; 520 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) 521 return sme_update_ft_ies(wpa_s, md, ies, ies_len); 522 return wpa_drv_update_ft_ies(wpa_s, md, ies, ies_len); 523 } 524 525 526 static int wpa_supplicant_send_ft_action(void *ctx, u8 action, 527 const u8 *target_ap, 528 const u8 *ies, size_t ies_len) 529 { 530 struct wpa_supplicant *wpa_s = ctx; 531 return wpa_drv_send_ft_action(wpa_s, action, target_ap, ies, ies_len); 532 } 533 534 535 static int wpa_supplicant_mark_authenticated(void *ctx, const u8 *target_ap) 536 { 537 struct wpa_supplicant *wpa_s = ctx; 538 struct wpa_driver_auth_params params; 539 struct wpa_bss *bss; 540 541 bss = wpa_bss_get_bssid(wpa_s, target_ap); 542 if (bss == NULL) 543 return -1; 544 545 os_memset(¶ms, 0, sizeof(params)); 546 params.bssid = target_ap; 547 params.freq = bss->freq; 548 params.ssid = bss->ssid; 549 params.ssid_len = bss->ssid_len; 550 params.auth_alg = WPA_AUTH_ALG_FT; 551 params.local_state_change = 1; 552 return wpa_drv_authenticate(wpa_s, ¶ms); 553 } 554 #endif /* CONFIG_IEEE80211R */ 555 556 557 #ifdef CONFIG_TDLS 558 559 static int wpa_supplicant_tdls_get_capa(void *ctx, int *tdls_supported, 560 int *tdls_ext_setup) 561 { 562 struct wpa_supplicant *wpa_s = ctx; 563 564 *tdls_supported = 0; 565 *tdls_ext_setup = 0; 566 567 if (!wpa_s->drv_capa_known) 568 return -1; 569 570 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT) 571 *tdls_supported = 1; 572 573 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_TDLS_EXTERNAL_SETUP) 574 *tdls_ext_setup = 1; 575 576 return 0; 577 } 578 579 580 static int wpa_supplicant_send_tdls_mgmt(void *ctx, const u8 *dst, 581 u8 action_code, u8 dialog_token, 582 u16 status_code, u32 peer_capab, 583 int initiator, const u8 *buf, 584 size_t len) 585 { 586 struct wpa_supplicant *wpa_s = ctx; 587 return wpa_drv_send_tdls_mgmt(wpa_s, dst, action_code, dialog_token, 588 status_code, peer_capab, initiator, buf, 589 len); 590 } 591 592 593 static int wpa_supplicant_tdls_oper(void *ctx, int oper, const u8 *peer) 594 { 595 struct wpa_supplicant *wpa_s = ctx; 596 return wpa_drv_tdls_oper(wpa_s, oper, peer); 597 } 598 599 600 static int wpa_supplicant_tdls_peer_addset( 601 void *ctx, const u8 *peer, int add, u16 aid, u16 capability, 602 const u8 *supp_rates, size_t supp_rates_len, 603 const struct ieee80211_ht_capabilities *ht_capab, 604 const struct ieee80211_vht_capabilities *vht_capab, 605 u8 qosinfo, int wmm, const u8 *ext_capab, size_t ext_capab_len, 606 const u8 *supp_channels, size_t supp_channels_len, 607 const u8 *supp_oper_classes, size_t supp_oper_classes_len) 608 { 609 struct wpa_supplicant *wpa_s = ctx; 610 struct hostapd_sta_add_params params; 611 612 os_memset(¶ms, 0, sizeof(params)); 613 614 params.addr = peer; 615 params.aid = aid; 616 params.capability = capability; 617 params.flags = WPA_STA_TDLS_PEER | WPA_STA_AUTHORIZED; 618 619 /* 620 * Don't rely only on qosinfo for WMM capability. It may be 0 even when 621 * present. Allow the WMM IE to also indicate QoS support. 622 */ 623 if (wmm || qosinfo) 624 params.flags |= WPA_STA_WMM; 625 626 params.ht_capabilities = ht_capab; 627 params.vht_capabilities = vht_capab; 628 params.qosinfo = qosinfo; 629 params.listen_interval = 0; 630 params.supp_rates = supp_rates; 631 params.supp_rates_len = supp_rates_len; 632 params.set = !add; 633 params.ext_capab = ext_capab; 634 params.ext_capab_len = ext_capab_len; 635 params.supp_channels = supp_channels; 636 params.supp_channels_len = supp_channels_len; 637 params.supp_oper_classes = supp_oper_classes; 638 params.supp_oper_classes_len = supp_oper_classes_len; 639 640 return wpa_drv_sta_add(wpa_s, ¶ms); 641 } 642 643 #endif /* CONFIG_TDLS */ 644 645 #endif /* CONFIG_NO_WPA */ 646 647 648 enum wpa_ctrl_req_type wpa_supplicant_ctrl_req_from_string(const char *field) 649 { 650 if (os_strcmp(field, "IDENTITY") == 0) 651 return WPA_CTRL_REQ_EAP_IDENTITY; 652 else if (os_strcmp(field, "PASSWORD") == 0) 653 return WPA_CTRL_REQ_EAP_PASSWORD; 654 else if (os_strcmp(field, "NEW_PASSWORD") == 0) 655 return WPA_CTRL_REQ_EAP_NEW_PASSWORD; 656 else if (os_strcmp(field, "PIN") == 0) 657 return WPA_CTRL_REQ_EAP_PIN; 658 else if (os_strcmp(field, "OTP") == 0) 659 return WPA_CTRL_REQ_EAP_OTP; 660 else if (os_strcmp(field, "PASSPHRASE") == 0) 661 return WPA_CTRL_REQ_EAP_PASSPHRASE; 662 else if (os_strcmp(field, "SIM") == 0) 663 return WPA_CTRL_REQ_SIM; 664 return WPA_CTRL_REQ_UNKNOWN; 665 } 666 667 668 const char * wpa_supplicant_ctrl_req_to_string(enum wpa_ctrl_req_type field, 669 const char *default_txt, 670 const char **txt) 671 { 672 const char *ret = NULL; 673 674 *txt = default_txt; 675 676 switch (field) { 677 case WPA_CTRL_REQ_EAP_IDENTITY: 678 *txt = "Identity"; 679 ret = "IDENTITY"; 680 break; 681 case WPA_CTRL_REQ_EAP_PASSWORD: 682 *txt = "Password"; 683 ret = "PASSWORD"; 684 break; 685 case WPA_CTRL_REQ_EAP_NEW_PASSWORD: 686 *txt = "New Password"; 687 ret = "NEW_PASSWORD"; 688 break; 689 case WPA_CTRL_REQ_EAP_PIN: 690 *txt = "PIN"; 691 ret = "PIN"; 692 break; 693 case WPA_CTRL_REQ_EAP_OTP: 694 ret = "OTP"; 695 break; 696 case WPA_CTRL_REQ_EAP_PASSPHRASE: 697 *txt = "Private key passphrase"; 698 ret = "PASSPHRASE"; 699 break; 700 case WPA_CTRL_REQ_SIM: 701 ret = "SIM"; 702 break; 703 default: 704 break; 705 } 706 707 /* txt needs to be something */ 708 if (*txt == NULL) { 709 wpa_printf(MSG_WARNING, "No message for request %d", field); 710 ret = NULL; 711 } 712 713 return ret; 714 } 715 716 #ifdef IEEE8021X_EAPOL 717 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG) 718 static void wpa_supplicant_eap_param_needed(void *ctx, 719 enum wpa_ctrl_req_type field, 720 const char *default_txt) 721 { 722 struct wpa_supplicant *wpa_s = ctx; 723 struct wpa_ssid *ssid = wpa_s->current_ssid; 724 const char *field_name, *txt = NULL; 725 char *buf; 726 size_t buflen; 727 int len; 728 729 if (ssid == NULL) 730 return; 731 732 wpas_notify_network_request(wpa_s, ssid, field, default_txt); 733 734 field_name = wpa_supplicant_ctrl_req_to_string(field, default_txt, 735 &txt); 736 if (field_name == NULL) { 737 wpa_printf(MSG_WARNING, "Unhandled EAP param %d needed", 738 field); 739 return; 740 } 741 742 wpas_notify_eap_status(wpa_s, "eap parameter needed", field_name); 743 744 buflen = 100 + os_strlen(txt) + ssid->ssid_len; 745 buf = os_malloc(buflen); 746 if (buf == NULL) 747 return; 748 len = os_snprintf(buf, buflen, 749 WPA_CTRL_REQ "%s-%d:%s needed for SSID ", 750 field_name, ssid->id, txt); 751 if (len < 0 || (size_t) len >= buflen) { 752 os_free(buf); 753 return; 754 } 755 if (ssid->ssid && buflen > len + ssid->ssid_len) { 756 os_memcpy(buf + len, ssid->ssid, ssid->ssid_len); 757 len += ssid->ssid_len; 758 buf[len] = '\0'; 759 } 760 buf[buflen - 1] = '\0'; 761 wpa_msg(wpa_s, MSG_INFO, "%s", buf); 762 os_free(buf); 763 } 764 #else /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */ 765 #define wpa_supplicant_eap_param_needed NULL 766 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */ 767 768 769 static void wpa_supplicant_port_cb(void *ctx, int authorized) 770 { 771 struct wpa_supplicant *wpa_s = ctx; 772 #ifdef CONFIG_AP 773 if (wpa_s->ap_iface) { 774 wpa_printf(MSG_DEBUG, "AP mode active - skip EAPOL Supplicant " 775 "port status: %s", 776 authorized ? "Authorized" : "Unauthorized"); 777 return; 778 } 779 #endif /* CONFIG_AP */ 780 wpa_printf(MSG_DEBUG, "EAPOL: Supplicant port status: %s", 781 authorized ? "Authorized" : "Unauthorized"); 782 wpa_drv_set_supp_port(wpa_s, authorized); 783 } 784 785 786 static void wpa_supplicant_cert_cb(void *ctx, int depth, const char *subject, 787 const char *cert_hash, 788 const struct wpabuf *cert) 789 { 790 struct wpa_supplicant *wpa_s = ctx; 791 792 wpas_notify_certification(wpa_s, depth, subject, cert_hash, cert); 793 } 794 795 796 static void wpa_supplicant_status_cb(void *ctx, const char *status, 797 const char *parameter) 798 { 799 struct wpa_supplicant *wpa_s = ctx; 800 801 wpas_notify_eap_status(wpa_s, status, parameter); 802 } 803 804 805 static void wpa_supplicant_set_anon_id(void *ctx, const u8 *id, size_t len) 806 { 807 struct wpa_supplicant *wpa_s = ctx; 808 char *str; 809 int res; 810 811 wpa_hexdump_ascii(MSG_DEBUG, "EAP method updated anonymous_identity", 812 id, len); 813 814 if (wpa_s->current_ssid == NULL) 815 return; 816 817 if (id == NULL) { 818 if (wpa_config_set(wpa_s->current_ssid, "anonymous_identity", 819 "NULL", 0) < 0) 820 return; 821 } else { 822 str = os_malloc(len * 2 + 1); 823 if (str == NULL) 824 return; 825 wpa_snprintf_hex(str, len * 2 + 1, id, len); 826 res = wpa_config_set(wpa_s->current_ssid, "anonymous_identity", 827 str, 0); 828 os_free(str); 829 if (res < 0) 830 return; 831 } 832 833 if (wpa_s->conf->update_config) { 834 res = wpa_config_write(wpa_s->confname, wpa_s->conf); 835 if (res) { 836 wpa_printf(MSG_DEBUG, "Failed to update config after " 837 "anonymous_id update"); 838 } 839 } 840 } 841 #endif /* IEEE8021X_EAPOL */ 842 843 844 int wpa_supplicant_init_eapol(struct wpa_supplicant *wpa_s) 845 { 846 #ifdef IEEE8021X_EAPOL 847 struct eapol_ctx *ctx; 848 ctx = os_zalloc(sizeof(*ctx)); 849 if (ctx == NULL) { 850 wpa_printf(MSG_ERROR, "Failed to allocate EAPOL context."); 851 return -1; 852 } 853 854 ctx->ctx = wpa_s; 855 ctx->msg_ctx = wpa_s; 856 ctx->eapol_send_ctx = wpa_s; 857 ctx->preauth = 0; 858 ctx->eapol_done_cb = wpa_supplicant_notify_eapol_done; 859 ctx->eapol_send = wpa_supplicant_eapol_send; 860 ctx->set_wep_key = wpa_eapol_set_wep_key; 861 #ifndef CONFIG_NO_CONFIG_BLOBS 862 ctx->set_config_blob = wpa_supplicant_set_config_blob; 863 ctx->get_config_blob = wpa_supplicant_get_config_blob; 864 #endif /* CONFIG_NO_CONFIG_BLOBS */ 865 ctx->aborted_cached = wpa_supplicant_aborted_cached; 866 ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path; 867 ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path; 868 ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path; 869 ctx->wps = wpa_s->wps; 870 ctx->eap_param_needed = wpa_supplicant_eap_param_needed; 871 ctx->port_cb = wpa_supplicant_port_cb; 872 ctx->cb = wpa_supplicant_eapol_cb; 873 ctx->cert_cb = wpa_supplicant_cert_cb; 874 ctx->status_cb = wpa_supplicant_status_cb; 875 ctx->set_anon_id = wpa_supplicant_set_anon_id; 876 ctx->cb_ctx = wpa_s; 877 wpa_s->eapol = eapol_sm_init(ctx); 878 if (wpa_s->eapol == NULL) { 879 os_free(ctx); 880 wpa_printf(MSG_ERROR, "Failed to initialize EAPOL state " 881 "machines."); 882 return -1; 883 } 884 #endif /* IEEE8021X_EAPOL */ 885 886 return 0; 887 } 888 889 890 #ifndef CONFIG_NO_WPA 891 static void wpa_supplicant_set_rekey_offload(void *ctx, const u8 *kek, 892 const u8 *kck, 893 const u8 *replay_ctr) 894 { 895 struct wpa_supplicant *wpa_s = ctx; 896 897 wpa_drv_set_rekey_info(wpa_s, kek, kck, replay_ctr); 898 } 899 #endif /* CONFIG_NO_WPA */ 900 901 902 int wpa_supplicant_init_wpa(struct wpa_supplicant *wpa_s) 903 { 904 #ifndef CONFIG_NO_WPA 905 struct wpa_sm_ctx *ctx; 906 ctx = os_zalloc(sizeof(*ctx)); 907 if (ctx == NULL) { 908 wpa_printf(MSG_ERROR, "Failed to allocate WPA context."); 909 return -1; 910 } 911 912 ctx->ctx = wpa_s; 913 ctx->msg_ctx = wpa_s; 914 ctx->set_state = _wpa_supplicant_set_state; 915 ctx->get_state = _wpa_supplicant_get_state; 916 ctx->deauthenticate = _wpa_supplicant_deauthenticate; 917 ctx->set_key = wpa_supplicant_set_key; 918 ctx->get_network_ctx = wpa_supplicant_get_network_ctx; 919 ctx->get_bssid = wpa_supplicant_get_bssid; 920 ctx->ether_send = _wpa_ether_send; 921 ctx->get_beacon_ie = wpa_supplicant_get_beacon_ie; 922 ctx->alloc_eapol = _wpa_alloc_eapol; 923 ctx->cancel_auth_timeout = _wpa_supplicant_cancel_auth_timeout; 924 ctx->add_pmkid = wpa_supplicant_add_pmkid; 925 ctx->remove_pmkid = wpa_supplicant_remove_pmkid; 926 #ifndef CONFIG_NO_CONFIG_BLOBS 927 ctx->set_config_blob = wpa_supplicant_set_config_blob; 928 ctx->get_config_blob = wpa_supplicant_get_config_blob; 929 #endif /* CONFIG_NO_CONFIG_BLOBS */ 930 ctx->mlme_setprotection = wpa_supplicant_mlme_setprotection; 931 #ifdef CONFIG_IEEE80211R 932 ctx->update_ft_ies = wpa_supplicant_update_ft_ies; 933 ctx->send_ft_action = wpa_supplicant_send_ft_action; 934 ctx->mark_authenticated = wpa_supplicant_mark_authenticated; 935 #endif /* CONFIG_IEEE80211R */ 936 #ifdef CONFIG_TDLS 937 ctx->tdls_get_capa = wpa_supplicant_tdls_get_capa; 938 ctx->send_tdls_mgmt = wpa_supplicant_send_tdls_mgmt; 939 ctx->tdls_oper = wpa_supplicant_tdls_oper; 940 ctx->tdls_peer_addset = wpa_supplicant_tdls_peer_addset; 941 #endif /* CONFIG_TDLS */ 942 ctx->set_rekey_offload = wpa_supplicant_set_rekey_offload; 943 944 wpa_s->wpa = wpa_sm_init(ctx); 945 if (wpa_s->wpa == NULL) { 946 wpa_printf(MSG_ERROR, "Failed to initialize WPA state " 947 "machine"); 948 return -1; 949 } 950 #endif /* CONFIG_NO_WPA */ 951 952 return 0; 953 } 954 955 956 void wpa_supplicant_rsn_supp_set_config(struct wpa_supplicant *wpa_s, 957 struct wpa_ssid *ssid) 958 { 959 struct rsn_supp_config conf; 960 if (ssid) { 961 os_memset(&conf, 0, sizeof(conf)); 962 conf.network_ctx = ssid; 963 conf.peerkey_enabled = ssid->peerkey; 964 conf.allowed_pairwise_cipher = ssid->pairwise_cipher; 965 #ifdef IEEE8021X_EAPOL 966 conf.proactive_key_caching = ssid->proactive_key_caching < 0 ? 967 wpa_s->conf->okc : ssid->proactive_key_caching; 968 conf.eap_workaround = ssid->eap_workaround; 969 conf.eap_conf_ctx = &ssid->eap; 970 #endif /* IEEE8021X_EAPOL */ 971 conf.ssid = ssid->ssid; 972 conf.ssid_len = ssid->ssid_len; 973 conf.wpa_ptk_rekey = ssid->wpa_ptk_rekey; 974 #ifdef CONFIG_P2P 975 if (ssid->p2p_group && wpa_s->current_bss && 976 !wpa_s->p2p_disable_ip_addr_req) { 977 struct wpabuf *p2p; 978 p2p = wpa_bss_get_vendor_ie_multi(wpa_s->current_bss, 979 P2P_IE_VENDOR_TYPE); 980 if (p2p) { 981 u8 group_capab; 982 group_capab = p2p_get_group_capab(p2p); 983 if (group_capab & 984 P2P_GROUP_CAPAB_IP_ADDR_ALLOCATION) 985 conf.p2p = 1; 986 wpabuf_free(p2p); 987 } 988 } 989 #endif /* CONFIG_P2P */ 990 } 991 wpa_sm_set_config(wpa_s->wpa, ssid ? &conf : NULL); 992 } 993
