Home | History | Annotate | Download | only in wpa_supplicant
      1 /*
      2  * WPA Supplicant - Glue code to setup EAPOL and RSN modules
      3  * Copyright (c) 2003-2015, Jouni Malinen <j (at) w1.fi>
      4  *
      5  * This software may be distributed under the terms of the BSD license.
      6  * See README for more details.
      7  */
      8 
      9 #include "includes.h"
     10 
     11 #include "common.h"
     12 #include "eapol_supp/eapol_supp_sm.h"
     13 #include "eap_peer/eap.h"
     14 #include "rsn_supp/wpa.h"
     15 #include "eloop.h"
     16 #include "config.h"
     17 #include "l2_packet/l2_packet.h"
     18 #include "common/wpa_common.h"
     19 #include "wpa_supplicant_i.h"
     20 #include "driver_i.h"
     21 #include "rsn_supp/pmksa_cache.h"
     22 #include "sme.h"
     23 #include "common/ieee802_11_defs.h"
     24 #include "common/wpa_ctrl.h"
     25 #include "wpas_glue.h"
     26 #include "wps_supplicant.h"
     27 #include "bss.h"
     28 #include "scan.h"
     29 #include "notify.h"
     30 #include "wpas_kay.h"
     31 
     32 
     33 #ifndef CONFIG_NO_CONFIG_BLOBS
     34 #if defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA)
     35 static void wpa_supplicant_set_config_blob(void *ctx,
     36 					   struct wpa_config_blob *blob)
     37 {
     38 	struct wpa_supplicant *wpa_s = ctx;
     39 	wpa_config_set_blob(wpa_s->conf, blob);
     40 	if (wpa_s->conf->update_config) {
     41 		int ret = wpa_config_write(wpa_s->confname, wpa_s->conf);
     42 		if (ret) {
     43 			wpa_printf(MSG_DEBUG, "Failed to update config after "
     44 				   "blob set");
     45 		}
     46 	}
     47 }
     48 
     49 
     50 static const struct wpa_config_blob *
     51 wpa_supplicant_get_config_blob(void *ctx, const char *name)
     52 {
     53 	struct wpa_supplicant *wpa_s = ctx;
     54 	return wpa_config_get_blob(wpa_s->conf, name);
     55 }
     56 #endif /* defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA) */
     57 #endif /* CONFIG_NO_CONFIG_BLOBS */
     58 
     59 
     60 #if defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA)
     61 static u8 * wpa_alloc_eapol(const struct wpa_supplicant *wpa_s, u8 type,
     62 			    const void *data, u16 data_len,
     63 			    size_t *msg_len, void **data_pos)
     64 {
     65 	struct ieee802_1x_hdr *hdr;
     66 
     67 	*msg_len = sizeof(*hdr) + data_len;
     68 	hdr = os_malloc(*msg_len);
     69 	if (hdr == NULL)
     70 		return NULL;
     71 
     72 	hdr->version = wpa_s->conf->eapol_version;
     73 	hdr->type = type;
     74 	hdr->length = host_to_be16(data_len);
     75 
     76 	if (data)
     77 		os_memcpy(hdr + 1, data, data_len);
     78 	else
     79 		os_memset(hdr + 1, 0, data_len);
     80 
     81 	if (data_pos)
     82 		*data_pos = hdr + 1;
     83 
     84 	return (u8 *) hdr;
     85 }
     86 
     87 
     88 /**
     89  * wpa_ether_send - Send Ethernet frame
     90  * @wpa_s: Pointer to wpa_supplicant data
     91  * @dest: Destination MAC address
     92  * @proto: Ethertype in host byte order
     93  * @buf: Frame payload starting from IEEE 802.1X header
     94  * @len: Frame payload length
     95  * Returns: >=0 on success, <0 on failure
     96  */
     97 static int wpa_ether_send(struct wpa_supplicant *wpa_s, const u8 *dest,
     98 			  u16 proto, const u8 *buf, size_t len)
     99 {
    100 #ifdef CONFIG_TESTING_OPTIONS
    101 	if (wpa_s->ext_eapol_frame_io && proto == ETH_P_EAPOL) {
    102 		size_t hex_len = 2 * len + 1;
    103 		char *hex = os_malloc(hex_len);
    104 
    105 		if (hex == NULL)
    106 			return -1;
    107 		wpa_snprintf_hex(hex, hex_len, buf, len);
    108 		wpa_msg(wpa_s, MSG_INFO, "EAPOL-TX " MACSTR " %s",
    109 			MAC2STR(dest), hex);
    110 		os_free(hex);
    111 		return 0;
    112 	}
    113 #endif /* CONFIG_TESTING_OPTIONS */
    114 
    115 	if (wpa_s->l2) {
    116 		return l2_packet_send(wpa_s->l2, dest, proto, buf, len);
    117 	}
    118 
    119 	return -1;
    120 }
    121 #endif /* IEEE8021X_EAPOL || !CONFIG_NO_WPA */
    122 
    123 
    124 #ifdef IEEE8021X_EAPOL
    125 
    126 /**
    127  * wpa_supplicant_eapol_send - Send IEEE 802.1X EAPOL packet to Authenticator
    128  * @ctx: Pointer to wpa_supplicant data (wpa_s)
    129  * @type: IEEE 802.1X packet type (IEEE802_1X_TYPE_*)
    130  * @buf: EAPOL payload (after IEEE 802.1X header)
    131  * @len: EAPOL payload length
    132  * Returns: >=0 on success, <0 on failure
    133  *
    134  * This function adds Ethernet and IEEE 802.1X header and sends the EAPOL frame
    135  * to the current Authenticator.
    136  */
    137 static int wpa_supplicant_eapol_send(void *ctx, int type, const u8 *buf,
    138 				     size_t len)
    139 {
    140 	struct wpa_supplicant *wpa_s = ctx;
    141 	u8 *msg, *dst, bssid[ETH_ALEN];
    142 	size_t msglen;
    143 	int res;
    144 
    145 	/* TODO: could add l2_packet_sendmsg that allows fragments to avoid
    146 	 * extra copy here */
    147 
    148 	if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
    149 	    wpa_s->key_mgmt == WPA_KEY_MGMT_OWE ||
    150 	    wpa_s->key_mgmt == WPA_KEY_MGMT_DPP ||
    151 	    wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
    152 		/* Current SSID is not using IEEE 802.1X/EAP, so drop possible
    153 		 * EAPOL frames (mainly, EAPOL-Start) from EAPOL state
    154 		 * machines. */
    155 		wpa_printf(MSG_DEBUG, "WPA: drop TX EAPOL in non-IEEE 802.1X "
    156 			   "mode (type=%d len=%lu)", type,
    157 			   (unsigned long) len);
    158 		return -1;
    159 	}
    160 
    161 	if (pmksa_cache_get_current(wpa_s->wpa) &&
    162 	    type == IEEE802_1X_TYPE_EAPOL_START) {
    163 		/*
    164 		 * We were trying to use PMKSA caching and sending EAPOL-Start
    165 		 * would abort that and trigger full EAPOL authentication.
    166 		 * However, we've already waited for the AP/Authenticator to
    167 		 * start 4-way handshake or EAP authentication, and apparently
    168 		 * it has not done so since the startWhen timer has reached zero
    169 		 * to get the state machine sending EAPOL-Start. This is not
    170 		 * really supposed to happen, but an interoperability issue with
    171 		 * a deployed AP has been identified where the connection fails
    172 		 * due to that AP failing to operate correctly if PMKID is
    173 		 * included in the Association Request frame. To work around
    174 		 * this, assume PMKSA caching failed and try to initiate full
    175 		 * EAP authentication.
    176 		 */
    177 		if (!wpa_s->current_ssid ||
    178 		    wpa_s->current_ssid->eap_workaround) {
    179 			wpa_printf(MSG_DEBUG,
    180 				   "RSN: Timeout on waiting for the AP to initiate 4-way handshake for PMKSA caching or EAP authentication - try to force it to start EAP authentication");
    181 		} else {
    182 			wpa_printf(MSG_DEBUG,
    183 				   "RSN: PMKSA caching - do not send EAPOL-Start");
    184 			return -1;
    185 		}
    186 	}
    187 
    188 	if (is_zero_ether_addr(wpa_s->bssid)) {
    189 		wpa_printf(MSG_DEBUG, "BSSID not set when trying to send an "
    190 			   "EAPOL frame");
    191 		if (wpa_drv_get_bssid(wpa_s, bssid) == 0 &&
    192 		    !is_zero_ether_addr(bssid)) {
    193 			dst = bssid;
    194 			wpa_printf(MSG_DEBUG, "Using current BSSID " MACSTR
    195 				   " from the driver as the EAPOL destination",
    196 				   MAC2STR(dst));
    197 		} else {
    198 			dst = wpa_s->last_eapol_src;
    199 			wpa_printf(MSG_DEBUG, "Using the source address of the"
    200 				   " last received EAPOL frame " MACSTR " as "
    201 				   "the EAPOL destination",
    202 				   MAC2STR(dst));
    203 		}
    204 	} else {
    205 		/* BSSID was already set (from (Re)Assoc event, so use it as
    206 		 * the EAPOL destination. */
    207 		dst = wpa_s->bssid;
    208 	}
    209 
    210 	msg = wpa_alloc_eapol(wpa_s, type, buf, len, &msglen, NULL);
    211 	if (msg == NULL)
    212 		return -1;
    213 
    214 	wpa_printf(MSG_DEBUG, "TX EAPOL: dst=" MACSTR, MAC2STR(dst));
    215 	wpa_hexdump(MSG_MSGDUMP, "TX EAPOL", msg, msglen);
    216 	res = wpa_ether_send(wpa_s, dst, ETH_P_EAPOL, msg, msglen);
    217 	os_free(msg);
    218 	return res;
    219 }
    220 
    221 
    222 /**
    223  * wpa_eapol_set_wep_key - set WEP key for the driver
    224  * @ctx: Pointer to wpa_supplicant data (wpa_s)
    225  * @unicast: 1 = individual unicast key, 0 = broadcast key
    226  * @keyidx: WEP key index (0..3)
    227  * @key: Pointer to key data
    228  * @keylen: Key length in bytes
    229  * Returns: 0 on success or < 0 on error.
    230  */
    231 static int wpa_eapol_set_wep_key(void *ctx, int unicast, int keyidx,
    232 				 const u8 *key, size_t keylen)
    233 {
    234 	struct wpa_supplicant *wpa_s = ctx;
    235 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
    236 		int cipher = (keylen == 5) ? WPA_CIPHER_WEP40 :
    237 			WPA_CIPHER_WEP104;
    238 		if (unicast)
    239 			wpa_s->pairwise_cipher = cipher;
    240 		else
    241 			wpa_s->group_cipher = cipher;
    242 	}
    243 	return wpa_drv_set_key(wpa_s, WPA_ALG_WEP,
    244 			       unicast ? wpa_s->bssid : NULL,
    245 			       keyidx, unicast, NULL, 0, key, keylen);
    246 }
    247 
    248 
    249 static void wpa_supplicant_aborted_cached(void *ctx)
    250 {
    251 	struct wpa_supplicant *wpa_s = ctx;
    252 	wpa_sm_aborted_cached(wpa_s->wpa);
    253 }
    254 
    255 
    256 static const char * result_str(enum eapol_supp_result result)
    257 {
    258 	switch (result) {
    259 	case EAPOL_SUPP_RESULT_FAILURE:
    260 		return "FAILURE";
    261 	case EAPOL_SUPP_RESULT_SUCCESS:
    262 		return "SUCCESS";
    263 	case EAPOL_SUPP_RESULT_EXPECTED_FAILURE:
    264 		return "EXPECTED_FAILURE";
    265 	}
    266 	return "?";
    267 }
    268 
    269 
    270 static void wpa_supplicant_eapol_cb(struct eapol_sm *eapol,
    271 				    enum eapol_supp_result result,
    272 				    void *ctx)
    273 {
    274 	struct wpa_supplicant *wpa_s = ctx;
    275 	int res, pmk_len;
    276 	u8 pmk[PMK_LEN];
    277 
    278 	wpa_printf(MSG_DEBUG, "EAPOL authentication completed - result=%s",
    279 		   result_str(result));
    280 
    281 	if (wpas_wps_eapol_cb(wpa_s) > 0)
    282 		return;
    283 
    284 	wpa_s->eap_expected_failure = result ==
    285 		EAPOL_SUPP_RESULT_EXPECTED_FAILURE;
    286 
    287 	if (result != EAPOL_SUPP_RESULT_SUCCESS) {
    288 		/*
    289 		 * Make sure we do not get stuck here waiting for long EAPOL
    290 		 * timeout if the AP does not disconnect in case of
    291 		 * authentication failure.
    292 		 */
    293 		wpa_supplicant_req_auth_timeout(wpa_s, 2, 0);
    294 	} else {
    295 		ieee802_1x_notify_create_actor(wpa_s, wpa_s->last_eapol_src);
    296 	}
    297 
    298 	if (result != EAPOL_SUPP_RESULT_SUCCESS ||
    299 	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
    300 		return;
    301 
    302 	if (!wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt))
    303 		return;
    304 
    305 	wpa_printf(MSG_DEBUG, "Configure PMK for driver-based RSN 4-way "
    306 		   "handshake");
    307 
    308 	pmk_len = PMK_LEN;
    309 	if (wpa_key_mgmt_ft(wpa_s->key_mgmt)) {
    310 #ifdef CONFIG_IEEE80211R
    311 		u8 buf[2 * PMK_LEN];
    312 		wpa_printf(MSG_DEBUG, "RSN: Use FT XXKey as PMK for "
    313 			   "driver-based 4-way hs and FT");
    314 		res = eapol_sm_get_key(eapol, buf, 2 * PMK_LEN);
    315 		if (res == 0) {
    316 			os_memcpy(pmk, buf + PMK_LEN, PMK_LEN);
    317 			os_memset(buf, 0, sizeof(buf));
    318 		}
    319 #else /* CONFIG_IEEE80211R */
    320 		res = -1;
    321 #endif /* CONFIG_IEEE80211R */
    322 	} else {
    323 		res = eapol_sm_get_key(eapol, pmk, PMK_LEN);
    324 		if (res) {
    325 			/*
    326 			 * EAP-LEAP is an exception from other EAP methods: it
    327 			 * uses only 16-byte PMK.
    328 			 */
    329 			res = eapol_sm_get_key(eapol, pmk, 16);
    330 			pmk_len = 16;
    331 		}
    332 	}
    333 
    334 	if (res) {
    335 		wpa_printf(MSG_DEBUG, "Failed to get PMK from EAPOL state "
    336 			   "machines");
    337 		return;
    338 	}
    339 
    340 	wpa_hexdump_key(MSG_DEBUG, "RSN: Configure PMK for driver-based 4-way "
    341 			"handshake", pmk, pmk_len);
    342 
    343 	if (wpa_drv_set_key(wpa_s, WPA_ALG_PMK, NULL, 0, 0, NULL, 0, pmk,
    344 			    pmk_len)) {
    345 		wpa_printf(MSG_DEBUG, "Failed to set PMK to the driver");
    346 	}
    347 
    348 	wpa_supplicant_cancel_scan(wpa_s);
    349 	wpa_supplicant_cancel_auth_timeout(wpa_s);
    350 	wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
    351 
    352 }
    353 
    354 
    355 static void wpa_supplicant_notify_eapol_done(void *ctx)
    356 {
    357 	struct wpa_supplicant *wpa_s = ctx;
    358 	wpa_msg(wpa_s, MSG_DEBUG, "WPA: EAPOL processing complete");
    359 	if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
    360 		wpa_supplicant_set_state(wpa_s, WPA_4WAY_HANDSHAKE);
    361 	} else {
    362 		wpa_supplicant_cancel_auth_timeout(wpa_s);
    363 		wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
    364 	}
    365 }
    366 
    367 #endif /* IEEE8021X_EAPOL */
    368 
    369 
    370 #ifndef CONFIG_NO_WPA
    371 
    372 static int wpa_get_beacon_ie(struct wpa_supplicant *wpa_s)
    373 {
    374 	int ret = 0;
    375 	struct wpa_bss *curr = NULL, *bss;
    376 	struct wpa_ssid *ssid = wpa_s->current_ssid;
    377 	const u8 *ie;
    378 
    379 	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
    380 		if (os_memcmp(bss->bssid, wpa_s->bssid, ETH_ALEN) != 0)
    381 			continue;
    382 		if (ssid == NULL ||
    383 		    ((bss->ssid_len == ssid->ssid_len &&
    384 		      os_memcmp(bss->ssid, ssid->ssid, ssid->ssid_len) == 0) ||
    385 		     ssid->ssid_len == 0)) {
    386 			curr = bss;
    387 			break;
    388 		}
    389 	}
    390 
    391 	if (curr) {
    392 		ie = wpa_bss_get_vendor_ie(curr, WPA_IE_VENDOR_TYPE);
    393 		if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0))
    394 			ret = -1;
    395 
    396 		ie = wpa_bss_get_ie(curr, WLAN_EID_RSN);
    397 		if (wpa_sm_set_ap_rsn_ie(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0))
    398 			ret = -1;
    399 	} else {
    400 		ret = -1;
    401 	}
    402 
    403 	return ret;
    404 }
    405 
    406 
    407 static int wpa_supplicant_get_beacon_ie(void *ctx)
    408 {
    409 	struct wpa_supplicant *wpa_s = ctx;
    410 	if (wpa_get_beacon_ie(wpa_s) == 0) {
    411 		return 0;
    412 	}
    413 
    414 	/* No WPA/RSN IE found in the cached scan results. Try to get updated
    415 	 * scan results from the driver. */
    416 	if (wpa_supplicant_update_scan_results(wpa_s) < 0)
    417 		return -1;
    418 
    419 	return wpa_get_beacon_ie(wpa_s);
    420 }
    421 
    422 
    423 static u8 * _wpa_alloc_eapol(void *wpa_s, u8 type,
    424 			     const void *data, u16 data_len,
    425 			     size_t *msg_len, void **data_pos)
    426 {
    427 	return wpa_alloc_eapol(wpa_s, type, data, data_len, msg_len, data_pos);
    428 }
    429 
    430 
    431 static int _wpa_ether_send(void *wpa_s, const u8 *dest, u16 proto,
    432 			   const u8 *buf, size_t len)
    433 {
    434 	return wpa_ether_send(wpa_s, dest, proto, buf, len);
    435 }
    436 
    437 
    438 static void _wpa_supplicant_cancel_auth_timeout(void *wpa_s)
    439 {
    440 	wpa_supplicant_cancel_auth_timeout(wpa_s);
    441 }
    442 
    443 
    444 static void _wpa_supplicant_set_state(void *wpa_s, enum wpa_states state)
    445 {
    446 	wpa_supplicant_set_state(wpa_s, state);
    447 }
    448 
    449 
    450 /**
    451  * wpa_supplicant_get_state - Get the connection state
    452  * @wpa_s: Pointer to wpa_supplicant data
    453  * Returns: The current connection state (WPA_*)
    454  */
    455 static enum wpa_states wpa_supplicant_get_state(struct wpa_supplicant *wpa_s)
    456 {
    457 	return wpa_s->wpa_state;
    458 }
    459 
    460 
    461 static enum wpa_states _wpa_supplicant_get_state(void *wpa_s)
    462 {
    463 	return wpa_supplicant_get_state(wpa_s);
    464 }
    465 
    466 
    467 static void _wpa_supplicant_deauthenticate(void *wpa_s, int reason_code)
    468 {
    469 	wpa_supplicant_deauthenticate(wpa_s, reason_code);
    470 	/* Schedule a scan to make sure we continue looking for networks */
    471 	wpa_supplicant_req_scan(wpa_s, 5, 0);
    472 }
    473 
    474 
    475 static void * wpa_supplicant_get_network_ctx(void *wpa_s)
    476 {
    477 	return wpa_supplicant_get_ssid(wpa_s);
    478 }
    479 
    480 
    481 static int wpa_supplicant_get_bssid(void *ctx, u8 *bssid)
    482 {
    483 	struct wpa_supplicant *wpa_s = ctx;
    484 	return wpa_drv_get_bssid(wpa_s, bssid);
    485 }
    486 
    487 
    488 static int wpa_supplicant_set_key(void *_wpa_s, enum wpa_alg alg,
    489 				  const u8 *addr, int key_idx, int set_tx,
    490 				  const u8 *seq, size_t seq_len,
    491 				  const u8 *key, size_t key_len)
    492 {
    493 	struct wpa_supplicant *wpa_s = _wpa_s;
    494 	if (alg == WPA_ALG_TKIP && key_idx == 0 && key_len == 32) {
    495 		/* Clear the MIC error counter when setting a new PTK. */
    496 		wpa_s->mic_errors_seen = 0;
    497 	}
    498 #ifdef CONFIG_TESTING_GET_GTK
    499 	if (key_idx > 0 && addr && is_broadcast_ether_addr(addr) &&
    500 	    alg != WPA_ALG_NONE && key_len <= sizeof(wpa_s->last_gtk)) {
    501 		os_memcpy(wpa_s->last_gtk, key, key_len);
    502 		wpa_s->last_gtk_len = key_len;
    503 	}
    504 #endif /* CONFIG_TESTING_GET_GTK */
    505 #ifdef CONFIG_TESTING_OPTIONS
    506 	if (addr && !is_broadcast_ether_addr(addr)) {
    507 		wpa_s->last_tk_alg = alg;
    508 		os_memcpy(wpa_s->last_tk_addr, addr, ETH_ALEN);
    509 		wpa_s->last_tk_key_idx = key_idx;
    510 		if (key)
    511 			os_memcpy(wpa_s->last_tk, key, key_len);
    512 		wpa_s->last_tk_len = key_len;
    513 	}
    514 #endif /* CONFIG_TESTING_OPTIONS */
    515 	return wpa_drv_set_key(wpa_s, alg, addr, key_idx, set_tx, seq, seq_len,
    516 			       key, key_len);
    517 }
    518 
    519 
    520 static int wpa_supplicant_mlme_setprotection(void *wpa_s, const u8 *addr,
    521 					     int protection_type,
    522 					     int key_type)
    523 {
    524 	return wpa_drv_mlme_setprotection(wpa_s, addr, protection_type,
    525 					  key_type);
    526 }
    527 
    528 
    529 static struct wpa_ssid * wpas_get_network_ctx(struct wpa_supplicant *wpa_s,
    530 					      void *network_ctx)
    531 {
    532 	struct wpa_ssid *ssid;
    533 
    534 	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
    535 		if (network_ctx == ssid)
    536 			return ssid;
    537 	}
    538 
    539 	return NULL;
    540 }
    541 
    542 
    543 static int wpa_supplicant_add_pmkid(void *_wpa_s, void *network_ctx,
    544 				    const u8 *bssid, const u8 *pmkid,
    545 				    const u8 *fils_cache_id,
    546 				    const u8 *pmk, size_t pmk_len)
    547 {
    548 	struct wpa_supplicant *wpa_s = _wpa_s;
    549 	struct wpa_ssid *ssid;
    550 	struct wpa_pmkid_params params;
    551 
    552 	os_memset(&params, 0, sizeof(params));
    553 	ssid = wpas_get_network_ctx(wpa_s, network_ctx);
    554 	if (ssid)
    555 		wpa_msg(wpa_s, MSG_INFO, PMKSA_CACHE_ADDED MACSTR " %d",
    556 			MAC2STR(bssid), ssid->id);
    557 	if (ssid && fils_cache_id) {
    558 		params.ssid = ssid->ssid;
    559 		params.ssid_len = ssid->ssid_len;
    560 		params.fils_cache_id = fils_cache_id;
    561 	} else {
    562 		params.bssid = bssid;
    563 	}
    564 
    565 	params.pmkid = pmkid;
    566 	params.pmk = pmk;
    567 	params.pmk_len = pmk_len;
    568 
    569 	return wpa_drv_add_pmkid(wpa_s, &params);
    570 }
    571 
    572 
    573 static int wpa_supplicant_remove_pmkid(void *_wpa_s, void *network_ctx,
    574 				       const u8 *bssid, const u8 *pmkid,
    575 				       const u8 *fils_cache_id)
    576 {
    577 	struct wpa_supplicant *wpa_s = _wpa_s;
    578 	struct wpa_ssid *ssid;
    579 	struct wpa_pmkid_params params;
    580 
    581 	os_memset(&params, 0, sizeof(params));
    582 	ssid = wpas_get_network_ctx(wpa_s, network_ctx);
    583 	if (ssid)
    584 		wpa_msg(wpa_s, MSG_INFO, PMKSA_CACHE_REMOVED MACSTR " %d",
    585 			MAC2STR(bssid), ssid->id);
    586 	if (ssid && fils_cache_id) {
    587 		params.ssid = ssid->ssid;
    588 		params.ssid_len = ssid->ssid_len;
    589 		params.fils_cache_id = fils_cache_id;
    590 	} else {
    591 		params.bssid = bssid;
    592 	}
    593 
    594 	params.pmkid = pmkid;
    595 
    596 	return wpa_drv_remove_pmkid(wpa_s, &params);
    597 }
    598 
    599 
    600 #ifdef CONFIG_IEEE80211R
    601 static int wpa_supplicant_update_ft_ies(void *ctx, const u8 *md,
    602 					const u8 *ies, size_t ies_len)
    603 {
    604 	struct wpa_supplicant *wpa_s = ctx;
    605 	if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)
    606 		return sme_update_ft_ies(wpa_s, md, ies, ies_len);
    607 	return wpa_drv_update_ft_ies(wpa_s, md, ies, ies_len);
    608 }
    609 
    610 
    611 static int wpa_supplicant_send_ft_action(void *ctx, u8 action,
    612 					 const u8 *target_ap,
    613 					 const u8 *ies, size_t ies_len)
    614 {
    615 	struct wpa_supplicant *wpa_s = ctx;
    616 	int ret;
    617 	u8 *data, *pos;
    618 	size_t data_len;
    619 
    620 	if (action != 1) {
    621 		wpa_printf(MSG_ERROR, "Unsupported send_ft_action action %d",
    622 			   action);
    623 		return -1;
    624 	}
    625 
    626 	/*
    627 	 * Action frame payload:
    628 	 * Category[1] = 6 (Fast BSS Transition)
    629 	 * Action[1] = 1 (Fast BSS Transition Request)
    630 	 * STA Address
    631 	 * Target AP Address
    632 	 * FT IEs
    633 	 */
    634 
    635 	data_len = 2 + 2 * ETH_ALEN + ies_len;
    636 	data = os_malloc(data_len);
    637 	if (data == NULL)
    638 		return -1;
    639 	pos = data;
    640 	*pos++ = 0x06; /* FT Action category */
    641 	*pos++ = action;
    642 	os_memcpy(pos, wpa_s->own_addr, ETH_ALEN);
    643 	pos += ETH_ALEN;
    644 	os_memcpy(pos, target_ap, ETH_ALEN);
    645 	pos += ETH_ALEN;
    646 	os_memcpy(pos, ies, ies_len);
    647 
    648 	ret = wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0,
    649 				  wpa_s->bssid, wpa_s->own_addr, wpa_s->bssid,
    650 				  data, data_len, 0);
    651 	os_free(data);
    652 
    653 	return ret;
    654 }
    655 
    656 
    657 static int wpa_supplicant_mark_authenticated(void *ctx, const u8 *target_ap)
    658 {
    659 	struct wpa_supplicant *wpa_s = ctx;
    660 	struct wpa_driver_auth_params params;
    661 	struct wpa_bss *bss;
    662 
    663 	bss = wpa_bss_get_bssid(wpa_s, target_ap);
    664 	if (bss == NULL)
    665 		return -1;
    666 
    667 	os_memset(&params, 0, sizeof(params));
    668 	params.bssid = target_ap;
    669 	params.freq = bss->freq;
    670 	params.ssid = bss->ssid;
    671 	params.ssid_len = bss->ssid_len;
    672 	params.auth_alg = WPA_AUTH_ALG_FT;
    673 	params.local_state_change = 1;
    674 	return wpa_drv_authenticate(wpa_s, &params);
    675 }
    676 #endif /* CONFIG_IEEE80211R */
    677 
    678 
    679 #ifdef CONFIG_TDLS
    680 
    681 static int wpa_supplicant_tdls_get_capa(void *ctx, int *tdls_supported,
    682 					int *tdls_ext_setup,
    683 					int *tdls_chan_switch)
    684 {
    685 	struct wpa_supplicant *wpa_s = ctx;
    686 
    687 	*tdls_supported = 0;
    688 	*tdls_ext_setup = 0;
    689 	*tdls_chan_switch = 0;
    690 
    691 	if (!wpa_s->drv_capa_known)
    692 		return -1;
    693 
    694 	if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)
    695 		*tdls_supported = 1;
    696 
    697 	if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_TDLS_EXTERNAL_SETUP)
    698 		*tdls_ext_setup = 1;
    699 
    700 	if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_TDLS_CHANNEL_SWITCH)
    701 		*tdls_chan_switch = 1;
    702 
    703 	return 0;
    704 }
    705 
    706 
    707 static int wpa_supplicant_send_tdls_mgmt(void *ctx, const u8 *dst,
    708 					 u8 action_code, u8 dialog_token,
    709 					 u16 status_code, u32 peer_capab,
    710 					 int initiator, const u8 *buf,
    711 					 size_t len)
    712 {
    713 	struct wpa_supplicant *wpa_s = ctx;
    714 	return wpa_drv_send_tdls_mgmt(wpa_s, dst, action_code, dialog_token,
    715 				      status_code, peer_capab, initiator, buf,
    716 				      len);
    717 }
    718 
    719 
    720 static int wpa_supplicant_tdls_oper(void *ctx, int oper, const u8 *peer)
    721 {
    722 	struct wpa_supplicant *wpa_s = ctx;
    723 	return wpa_drv_tdls_oper(wpa_s, oper, peer);
    724 }
    725 
    726 
    727 static int wpa_supplicant_tdls_peer_addset(
    728 	void *ctx, const u8 *peer, int add, u16 aid, u16 capability,
    729 	const u8 *supp_rates, size_t supp_rates_len,
    730 	const struct ieee80211_ht_capabilities *ht_capab,
    731 	const struct ieee80211_vht_capabilities *vht_capab,
    732 	u8 qosinfo, int wmm, const u8 *ext_capab, size_t ext_capab_len,
    733 	const u8 *supp_channels, size_t supp_channels_len,
    734 	const u8 *supp_oper_classes, size_t supp_oper_classes_len)
    735 {
    736 	struct wpa_supplicant *wpa_s = ctx;
    737 	struct hostapd_sta_add_params params;
    738 
    739 	os_memset(&params, 0, sizeof(params));
    740 
    741 	params.addr = peer;
    742 	params.aid = aid;
    743 	params.capability = capability;
    744 	params.flags = WPA_STA_TDLS_PEER | WPA_STA_AUTHORIZED;
    745 
    746 	/*
    747 	 * Don't rely only on qosinfo for WMM capability. It may be 0 even when
    748 	 * present. Allow the WMM IE to also indicate QoS support.
    749 	 */
    750 	if (wmm || qosinfo)
    751 		params.flags |= WPA_STA_WMM;
    752 
    753 	params.ht_capabilities = ht_capab;
    754 	params.vht_capabilities = vht_capab;
    755 	params.qosinfo = qosinfo;
    756 	params.listen_interval = 0;
    757 	params.supp_rates = supp_rates;
    758 	params.supp_rates_len = supp_rates_len;
    759 	params.set = !add;
    760 	params.ext_capab = ext_capab;
    761 	params.ext_capab_len = ext_capab_len;
    762 	params.supp_channels = supp_channels;
    763 	params.supp_channels_len = supp_channels_len;
    764 	params.supp_oper_classes = supp_oper_classes;
    765 	params.supp_oper_classes_len = supp_oper_classes_len;
    766 
    767 	return wpa_drv_sta_add(wpa_s, &params);
    768 }
    769 
    770 
    771 static int wpa_supplicant_tdls_enable_channel_switch(
    772 	void *ctx, const u8 *addr, u8 oper_class,
    773 	const struct hostapd_freq_params *params)
    774 {
    775 	struct wpa_supplicant *wpa_s = ctx;
    776 
    777 	return wpa_drv_tdls_enable_channel_switch(wpa_s, addr, oper_class,
    778 						  params);
    779 }
    780 
    781 
    782 static int wpa_supplicant_tdls_disable_channel_switch(void *ctx, const u8 *addr)
    783 {
    784 	struct wpa_supplicant *wpa_s = ctx;
    785 
    786 	return wpa_drv_tdls_disable_channel_switch(wpa_s, addr);
    787 }
    788 
    789 #endif /* CONFIG_TDLS */
    790 
    791 #endif /* CONFIG_NO_WPA */
    792 
    793 
    794 enum wpa_ctrl_req_type wpa_supplicant_ctrl_req_from_string(const char *field)
    795 {
    796 	if (os_strcmp(field, "IDENTITY") == 0)
    797 		return WPA_CTRL_REQ_EAP_IDENTITY;
    798 	else if (os_strcmp(field, "PASSWORD") == 0)
    799 		return WPA_CTRL_REQ_EAP_PASSWORD;
    800 	else if (os_strcmp(field, "NEW_PASSWORD") == 0)
    801 		return WPA_CTRL_REQ_EAP_NEW_PASSWORD;
    802 	else if (os_strcmp(field, "PIN") == 0)
    803 		return WPA_CTRL_REQ_EAP_PIN;
    804 	else if (os_strcmp(field, "OTP") == 0)
    805 		return WPA_CTRL_REQ_EAP_OTP;
    806 	else if (os_strcmp(field, "PASSPHRASE") == 0)
    807 		return WPA_CTRL_REQ_EAP_PASSPHRASE;
    808 	else if (os_strcmp(field, "SIM") == 0)
    809 		return WPA_CTRL_REQ_SIM;
    810 	else if (os_strcmp(field, "PSK_PASSPHRASE") == 0)
    811 		return WPA_CTRL_REQ_PSK_PASSPHRASE;
    812 	else if (os_strcmp(field, "EXT_CERT_CHECK") == 0)
    813 		return WPA_CTRL_REQ_EXT_CERT_CHECK;
    814 	return WPA_CTRL_REQ_UNKNOWN;
    815 }
    816 
    817 
    818 const char * wpa_supplicant_ctrl_req_to_string(enum wpa_ctrl_req_type field,
    819 					       const char *default_txt,
    820 					       const char **txt)
    821 {
    822 	const char *ret = NULL;
    823 
    824 	*txt = default_txt;
    825 
    826 	switch (field) {
    827 	case WPA_CTRL_REQ_EAP_IDENTITY:
    828 		*txt = "Identity";
    829 		ret = "IDENTITY";
    830 		break;
    831 	case WPA_CTRL_REQ_EAP_PASSWORD:
    832 		*txt = "Password";
    833 		ret = "PASSWORD";
    834 		break;
    835 	case WPA_CTRL_REQ_EAP_NEW_PASSWORD:
    836 		*txt = "New Password";
    837 		ret = "NEW_PASSWORD";
    838 		break;
    839 	case WPA_CTRL_REQ_EAP_PIN:
    840 		*txt = "PIN";
    841 		ret = "PIN";
    842 		break;
    843 	case WPA_CTRL_REQ_EAP_OTP:
    844 		ret = "OTP";
    845 		break;
    846 	case WPA_CTRL_REQ_EAP_PASSPHRASE:
    847 		*txt = "Private key passphrase";
    848 		ret = "PASSPHRASE";
    849 		break;
    850 	case WPA_CTRL_REQ_SIM:
    851 		ret = "SIM";
    852 		break;
    853 	case WPA_CTRL_REQ_PSK_PASSPHRASE:
    854 		*txt = "PSK or passphrase";
    855 		ret = "PSK_PASSPHRASE";
    856 		break;
    857 	case WPA_CTRL_REQ_EXT_CERT_CHECK:
    858 		*txt = "External server certificate validation";
    859 		ret = "EXT_CERT_CHECK";
    860 		break;
    861 	default:
    862 		break;
    863 	}
    864 
    865 	/* txt needs to be something */
    866 	if (*txt == NULL) {
    867 		wpa_printf(MSG_WARNING, "No message for request %d", field);
    868 		ret = NULL;
    869 	}
    870 
    871 	return ret;
    872 }
    873 
    874 
    875 void wpas_send_ctrl_req(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
    876 			const char *field_name, const char *txt)
    877 {
    878 	char *buf;
    879 	size_t buflen;
    880 	int len;
    881 
    882 	buflen = 100 + os_strlen(txt) + ssid->ssid_len;
    883 	buf = os_malloc(buflen);
    884 	if (buf == NULL)
    885 		return;
    886 	len = os_snprintf(buf, buflen, "%s-%d:%s needed for SSID ",
    887 			  field_name, ssid->id, txt);
    888 	if (os_snprintf_error(buflen, len)) {
    889 		os_free(buf);
    890 		return;
    891 	}
    892 	if (ssid->ssid && buflen > len + ssid->ssid_len) {
    893 		os_memcpy(buf + len, ssid->ssid, ssid->ssid_len);
    894 		len += ssid->ssid_len;
    895 		buf[len] = '\0';
    896 	}
    897 	buf[buflen - 1] = '\0';
    898 	wpa_msg(wpa_s, MSG_INFO, WPA_CTRL_REQ "%s", buf);
    899 	os_free(buf);
    900 }
    901 
    902 
    903 #ifdef IEEE8021X_EAPOL
    904 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
    905 static void wpa_supplicant_eap_param_needed(void *ctx,
    906 					    enum wpa_ctrl_req_type field,
    907 					    const char *default_txt)
    908 {
    909 	struct wpa_supplicant *wpa_s = ctx;
    910 	struct wpa_ssid *ssid = wpa_s->current_ssid;
    911 	const char *field_name, *txt = NULL;
    912 
    913 	if (ssid == NULL)
    914 		return;
    915 
    916 	if (field == WPA_CTRL_REQ_EXT_CERT_CHECK)
    917 		ssid->eap.pending_ext_cert_check = PENDING_CHECK;
    918 	wpas_notify_network_request(wpa_s, ssid, field, default_txt);
    919 
    920 	field_name = wpa_supplicant_ctrl_req_to_string(field, default_txt,
    921 						       &txt);
    922 	if (field_name == NULL) {
    923 		wpa_printf(MSG_WARNING, "Unhandled EAP param %d needed",
    924 			   field);
    925 		return;
    926 	}
    927 
    928 	wpas_notify_eap_status(wpa_s, "eap parameter needed", field_name);
    929 
    930 	wpas_send_ctrl_req(wpa_s, ssid, field_name, txt);
    931 }
    932 #else /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
    933 #define wpa_supplicant_eap_param_needed NULL
    934 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
    935 
    936 
    937 #ifdef CONFIG_EAP_PROXY
    938 
    939 static void wpa_supplicant_eap_proxy_cb(void *ctx)
    940 {
    941 	struct wpa_supplicant *wpa_s = ctx;
    942 	size_t len;
    943 
    944 	wpa_s->mnc_len = eapol_sm_get_eap_proxy_imsi(wpa_s->eapol, -1,
    945 						     wpa_s->imsi, &len);
    946 	if (wpa_s->mnc_len > 0) {
    947 		wpa_s->imsi[len] = '\0';
    948 		wpa_printf(MSG_DEBUG, "eap_proxy: IMSI %s (MNC length %d)",
    949 			   wpa_s->imsi, wpa_s->mnc_len);
    950 	} else {
    951 		wpa_printf(MSG_DEBUG, "eap_proxy: IMSI not available");
    952 	}
    953 }
    954 
    955 
    956 static void wpa_sm_sim_state_error_handler(struct wpa_supplicant *wpa_s)
    957 {
    958 	int i;
    959 	struct wpa_ssid *ssid;
    960 	const struct eap_method_type *eap_methods;
    961 
    962 	if (!wpa_s->conf)
    963 		return;
    964 
    965 	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)	{
    966 		eap_methods = ssid->eap.eap_methods;
    967 		if (!eap_methods)
    968 			continue;
    969 
    970 		for (i = 0; eap_methods[i].method != EAP_TYPE_NONE; i++) {
    971 			if (eap_methods[i].vendor == EAP_VENDOR_IETF &&
    972 			    (eap_methods[i].method == EAP_TYPE_SIM ||
    973 			     eap_methods[i].method == EAP_TYPE_AKA ||
    974 			     eap_methods[i].method == EAP_TYPE_AKA_PRIME)) {
    975 				wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
    976 				break;
    977 			}
    978 		}
    979 	}
    980 }
    981 
    982 
    983 static void
    984 wpa_supplicant_eap_proxy_notify_sim_status(void *ctx,
    985 					   enum eap_proxy_sim_state sim_state)
    986 {
    987 	struct wpa_supplicant *wpa_s = ctx;
    988 
    989 	wpa_printf(MSG_DEBUG, "eap_proxy: SIM card status %u", sim_state);
    990 	switch (sim_state) {
    991 	case SIM_STATE_ERROR:
    992 		wpa_sm_sim_state_error_handler(wpa_s);
    993 		break;
    994 	default:
    995 		wpa_printf(MSG_DEBUG, "eap_proxy: SIM card status unknown");
    996 		break;
    997 	}
    998 }
    999 
   1000 #endif /* CONFIG_EAP_PROXY */
   1001 
   1002 
   1003 static void wpa_supplicant_port_cb(void *ctx, int authorized)
   1004 {
   1005 	struct wpa_supplicant *wpa_s = ctx;
   1006 #ifdef CONFIG_AP
   1007 	if (wpa_s->ap_iface) {
   1008 		wpa_printf(MSG_DEBUG, "AP mode active - skip EAPOL Supplicant "
   1009 			   "port status: %s",
   1010 			   authorized ? "Authorized" : "Unauthorized");
   1011 		return;
   1012 	}
   1013 #endif /* CONFIG_AP */
   1014 	wpa_printf(MSG_DEBUG, "EAPOL: Supplicant port status: %s",
   1015 		   authorized ? "Authorized" : "Unauthorized");
   1016 	wpa_drv_set_supp_port(wpa_s, authorized);
   1017 }
   1018 
   1019 
   1020 static void wpa_supplicant_cert_cb(void *ctx, int depth, const char *subject,
   1021 				   const char *altsubject[], int num_altsubject,
   1022 				   const char *cert_hash,
   1023 				   const struct wpabuf *cert)
   1024 {
   1025 	struct wpa_supplicant *wpa_s = ctx;
   1026 
   1027 	wpas_notify_certification(wpa_s, depth, subject, altsubject,
   1028 				  num_altsubject, cert_hash, cert);
   1029 }
   1030 
   1031 
   1032 static void wpa_supplicant_status_cb(void *ctx, const char *status,
   1033 				     const char *parameter)
   1034 {
   1035 	struct wpa_supplicant *wpa_s = ctx;
   1036 
   1037 	wpas_notify_eap_status(wpa_s, status, parameter);
   1038 }
   1039 
   1040 static void wpa_supplicant_eap_error_cb(void *ctx, int error_code)
   1041 {
   1042 	struct wpa_supplicant *wpa_s = ctx;
   1043 
   1044 	wpas_notify_eap_error(wpa_s, error_code);
   1045 }
   1046 
   1047 static void wpa_supplicant_set_anon_id(void *ctx, const u8 *id, size_t len)
   1048 {
   1049 	struct wpa_supplicant *wpa_s = ctx;
   1050 	char *str;
   1051 	int res;
   1052 
   1053 	wpa_hexdump_ascii(MSG_DEBUG, "EAP method updated anonymous_identity",
   1054 			  id, len);
   1055 
   1056 	if (wpa_s->current_ssid == NULL)
   1057 		return;
   1058 
   1059 	if (id == NULL) {
   1060 		if (wpa_config_set(wpa_s->current_ssid, "anonymous_identity",
   1061 				   "NULL", 0) < 0)
   1062 			return;
   1063 	} else {
   1064 		str = os_malloc(len * 2 + 1);
   1065 		if (str == NULL)
   1066 			return;
   1067 		wpa_snprintf_hex(str, len * 2 + 1, id, len);
   1068 		res = wpa_config_set(wpa_s->current_ssid, "anonymous_identity",
   1069 				     str, 0);
   1070 		os_free(str);
   1071 		if (res < 0)
   1072 			return;
   1073 	}
   1074 
   1075 	if (wpa_s->conf->update_config) {
   1076 		res = wpa_config_write(wpa_s->confname, wpa_s->conf);
   1077 		if (res) {
   1078 			wpa_printf(MSG_DEBUG, "Failed to update config after "
   1079 				   "anonymous_id update");
   1080 		}
   1081 	}
   1082 }
   1083 #endif /* IEEE8021X_EAPOL */
   1084 
   1085 
   1086 int wpa_supplicant_init_eapol(struct wpa_supplicant *wpa_s)
   1087 {
   1088 #ifdef IEEE8021X_EAPOL
   1089 	struct eapol_ctx *ctx;
   1090 	ctx = os_zalloc(sizeof(*ctx));
   1091 	if (ctx == NULL) {
   1092 		wpa_printf(MSG_ERROR, "Failed to allocate EAPOL context.");
   1093 		return -1;
   1094 	}
   1095 
   1096 	ctx->ctx = wpa_s;
   1097 	ctx->msg_ctx = wpa_s;
   1098 	ctx->eapol_send_ctx = wpa_s;
   1099 	ctx->preauth = 0;
   1100 	ctx->eapol_done_cb = wpa_supplicant_notify_eapol_done;
   1101 	ctx->eapol_send = wpa_supplicant_eapol_send;
   1102 	ctx->set_wep_key = wpa_eapol_set_wep_key;
   1103 #ifndef CONFIG_NO_CONFIG_BLOBS
   1104 	ctx->set_config_blob = wpa_supplicant_set_config_blob;
   1105 	ctx->get_config_blob = wpa_supplicant_get_config_blob;
   1106 #endif /* CONFIG_NO_CONFIG_BLOBS */
   1107 	ctx->aborted_cached = wpa_supplicant_aborted_cached;
   1108 	ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path;
   1109 	ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path;
   1110 	ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path;
   1111 	ctx->openssl_ciphers = wpa_s->conf->openssl_ciphers;
   1112 	ctx->wps = wpa_s->wps;
   1113 	ctx->eap_param_needed = wpa_supplicant_eap_param_needed;
   1114 #ifdef CONFIG_EAP_PROXY
   1115 	ctx->eap_proxy_cb = wpa_supplicant_eap_proxy_cb;
   1116 	ctx->eap_proxy_notify_sim_status =
   1117 		wpa_supplicant_eap_proxy_notify_sim_status;
   1118 #endif /* CONFIG_EAP_PROXY */
   1119 	ctx->port_cb = wpa_supplicant_port_cb;
   1120 	ctx->cb = wpa_supplicant_eapol_cb;
   1121 	ctx->cert_cb = wpa_supplicant_cert_cb;
   1122 	ctx->cert_in_cb = wpa_s->conf->cert_in_cb;
   1123 	ctx->status_cb = wpa_supplicant_status_cb;
   1124 	ctx->eap_error_cb = wpa_supplicant_eap_error_cb;
   1125 	ctx->set_anon_id = wpa_supplicant_set_anon_id;
   1126 	ctx->cb_ctx = wpa_s;
   1127 	wpa_s->eapol = eapol_sm_init(ctx);
   1128 	if (wpa_s->eapol == NULL) {
   1129 		os_free(ctx);
   1130 		wpa_printf(MSG_ERROR, "Failed to initialize EAPOL state "
   1131 			   "machines.");
   1132 		return -1;
   1133 	}
   1134 #endif /* IEEE8021X_EAPOL */
   1135 
   1136 	return 0;
   1137 }
   1138 
   1139 
   1140 #ifndef CONFIG_NO_WPA
   1141 
   1142 static void wpa_supplicant_set_rekey_offload(void *ctx,
   1143 					     const u8 *kek, size_t kek_len,
   1144 					     const u8 *kck, size_t kck_len,
   1145 					     const u8 *replay_ctr)
   1146 {
   1147 	struct wpa_supplicant *wpa_s = ctx;
   1148 
   1149 	wpa_drv_set_rekey_info(wpa_s, kek, kek_len, kck, kck_len, replay_ctr);
   1150 }
   1151 
   1152 
   1153 static int wpa_supplicant_key_mgmt_set_pmk(void *ctx, const u8 *pmk,
   1154 					   size_t pmk_len)
   1155 {
   1156 	struct wpa_supplicant *wpa_s = ctx;
   1157 
   1158 	if (wpa_s->conf->key_mgmt_offload &&
   1159 	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_KEY_MGMT_OFFLOAD))
   1160 		return wpa_drv_set_key(wpa_s, WPA_ALG_PMK, NULL, 0, 0,
   1161 				       NULL, 0, pmk, pmk_len);
   1162 	else
   1163 		return 0;
   1164 }
   1165 
   1166 
   1167 static void wpa_supplicant_fils_hlp_rx(void *ctx, const u8 *dst, const u8 *src,
   1168 				       const u8 *pkt, size_t pkt_len)
   1169 {
   1170 	struct wpa_supplicant *wpa_s = ctx;
   1171 	char *hex;
   1172 	size_t hexlen;
   1173 
   1174 	hexlen = pkt_len * 2 + 1;
   1175 	hex = os_malloc(hexlen);
   1176 	if (!hex)
   1177 		return;
   1178 	wpa_snprintf_hex(hex, hexlen, pkt, pkt_len);
   1179 	wpa_msg(wpa_s, MSG_INFO, FILS_HLP_RX "dst=" MACSTR " src=" MACSTR
   1180 		" frame=%s", MAC2STR(dst), MAC2STR(src), hex);
   1181 	os_free(hex);
   1182 }
   1183 
   1184 #endif /* CONFIG_NO_WPA */
   1185 
   1186 
   1187 int wpa_supplicant_init_wpa(struct wpa_supplicant *wpa_s)
   1188 {
   1189 #ifndef CONFIG_NO_WPA
   1190 	struct wpa_sm_ctx *ctx;
   1191 	ctx = os_zalloc(sizeof(*ctx));
   1192 	if (ctx == NULL) {
   1193 		wpa_printf(MSG_ERROR, "Failed to allocate WPA context.");
   1194 		return -1;
   1195 	}
   1196 
   1197 	ctx->ctx = wpa_s;
   1198 	ctx->msg_ctx = wpa_s;
   1199 	ctx->set_state = _wpa_supplicant_set_state;
   1200 	ctx->get_state = _wpa_supplicant_get_state;
   1201 	ctx->deauthenticate = _wpa_supplicant_deauthenticate;
   1202 	ctx->set_key = wpa_supplicant_set_key;
   1203 	ctx->get_network_ctx = wpa_supplicant_get_network_ctx;
   1204 	ctx->get_bssid = wpa_supplicant_get_bssid;
   1205 	ctx->ether_send = _wpa_ether_send;
   1206 	ctx->get_beacon_ie = wpa_supplicant_get_beacon_ie;
   1207 	ctx->alloc_eapol = _wpa_alloc_eapol;
   1208 	ctx->cancel_auth_timeout = _wpa_supplicant_cancel_auth_timeout;
   1209 	ctx->add_pmkid = wpa_supplicant_add_pmkid;
   1210 	ctx->remove_pmkid = wpa_supplicant_remove_pmkid;
   1211 #ifndef CONFIG_NO_CONFIG_BLOBS
   1212 	ctx->set_config_blob = wpa_supplicant_set_config_blob;
   1213 	ctx->get_config_blob = wpa_supplicant_get_config_blob;
   1214 #endif /* CONFIG_NO_CONFIG_BLOBS */
   1215 	ctx->mlme_setprotection = wpa_supplicant_mlme_setprotection;
   1216 #ifdef CONFIG_IEEE80211R
   1217 	ctx->update_ft_ies = wpa_supplicant_update_ft_ies;
   1218 	ctx->send_ft_action = wpa_supplicant_send_ft_action;
   1219 	ctx->mark_authenticated = wpa_supplicant_mark_authenticated;
   1220 #endif /* CONFIG_IEEE80211R */
   1221 #ifdef CONFIG_TDLS
   1222 	ctx->tdls_get_capa = wpa_supplicant_tdls_get_capa;
   1223 	ctx->send_tdls_mgmt = wpa_supplicant_send_tdls_mgmt;
   1224 	ctx->tdls_oper = wpa_supplicant_tdls_oper;
   1225 	ctx->tdls_peer_addset = wpa_supplicant_tdls_peer_addset;
   1226 	ctx->tdls_enable_channel_switch =
   1227 		wpa_supplicant_tdls_enable_channel_switch;
   1228 	ctx->tdls_disable_channel_switch =
   1229 		wpa_supplicant_tdls_disable_channel_switch;
   1230 #endif /* CONFIG_TDLS */
   1231 	ctx->set_rekey_offload = wpa_supplicant_set_rekey_offload;
   1232 	ctx->key_mgmt_set_pmk = wpa_supplicant_key_mgmt_set_pmk;
   1233 	ctx->fils_hlp_rx = wpa_supplicant_fils_hlp_rx;
   1234 
   1235 	wpa_s->wpa = wpa_sm_init(ctx);
   1236 	if (wpa_s->wpa == NULL) {
   1237 		wpa_printf(MSG_ERROR, "Failed to initialize WPA state "
   1238 			   "machine");
   1239 		os_free(ctx);
   1240 		return -1;
   1241 	}
   1242 #endif /* CONFIG_NO_WPA */
   1243 
   1244 	return 0;
   1245 }
   1246 
   1247 
   1248 void wpa_supplicant_rsn_supp_set_config(struct wpa_supplicant *wpa_s,
   1249 					struct wpa_ssid *ssid)
   1250 {
   1251 	struct rsn_supp_config conf;
   1252 	if (ssid) {
   1253 		os_memset(&conf, 0, sizeof(conf));
   1254 		conf.network_ctx = ssid;
   1255 		conf.allowed_pairwise_cipher = ssid->pairwise_cipher;
   1256 #ifdef IEEE8021X_EAPOL
   1257 		conf.proactive_key_caching = ssid->proactive_key_caching < 0 ?
   1258 			wpa_s->conf->okc : ssid->proactive_key_caching;
   1259 		conf.eap_workaround = ssid->eap_workaround;
   1260 		conf.eap_conf_ctx = &ssid->eap;
   1261 #endif /* IEEE8021X_EAPOL */
   1262 		conf.ssid = ssid->ssid;
   1263 		conf.ssid_len = ssid->ssid_len;
   1264 		conf.wpa_ptk_rekey = ssid->wpa_ptk_rekey;
   1265 #ifdef CONFIG_P2P
   1266 		if (ssid->p2p_group && wpa_s->current_bss &&
   1267 		    !wpa_s->p2p_disable_ip_addr_req) {
   1268 			struct wpabuf *p2p;
   1269 			p2p = wpa_bss_get_vendor_ie_multi(wpa_s->current_bss,
   1270 							  P2P_IE_VENDOR_TYPE);
   1271 			if (p2p) {
   1272 				u8 group_capab;
   1273 				group_capab = p2p_get_group_capab(p2p);
   1274 				if (group_capab &
   1275 				    P2P_GROUP_CAPAB_IP_ADDR_ALLOCATION)
   1276 					conf.p2p = 1;
   1277 				wpabuf_free(p2p);
   1278 			}
   1279 		}
   1280 #endif /* CONFIG_P2P */
   1281 		conf.wpa_rsc_relaxation = wpa_s->conf->wpa_rsc_relaxation;
   1282 #ifdef CONFIG_FILS
   1283 		if (wpa_key_mgmt_fils(wpa_s->key_mgmt))
   1284 			conf.fils_cache_id =
   1285 				wpa_bss_get_fils_cache_id(wpa_s->current_bss);
   1286 #endif /* CONFIG_FILS */
   1287 	}
   1288 	wpa_sm_set_config(wpa_s->wpa, ssid ? &conf : NULL);
   1289 }
   1290