1 /* 2 * WPA Supplicant - Glue code to setup EAPOL and RSN modules 3 * Copyright (c) 2003-2015, Jouni Malinen <j (at) w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "includes.h" 10 11 #include "common.h" 12 #include "eapol_supp/eapol_supp_sm.h" 13 #include "eap_peer/eap.h" 14 #include "rsn_supp/wpa.h" 15 #include "eloop.h" 16 #include "config.h" 17 #include "l2_packet/l2_packet.h" 18 #include "common/wpa_common.h" 19 #include "wpa_supplicant_i.h" 20 #include "driver_i.h" 21 #include "rsn_supp/pmksa_cache.h" 22 #include "sme.h" 23 #include "common/ieee802_11_defs.h" 24 #include "common/wpa_ctrl.h" 25 #include "wpas_glue.h" 26 #include "wps_supplicant.h" 27 #include "bss.h" 28 #include "scan.h" 29 #include "notify.h" 30 #include "wpas_kay.h" 31 32 33 #ifndef CONFIG_NO_CONFIG_BLOBS 34 #if defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA) 35 static void wpa_supplicant_set_config_blob(void *ctx, 36 struct wpa_config_blob *blob) 37 { 38 struct wpa_supplicant *wpa_s = ctx; 39 wpa_config_set_blob(wpa_s->conf, blob); 40 if (wpa_s->conf->update_config) { 41 int ret = wpa_config_write(wpa_s->confname, wpa_s->conf); 42 if (ret) { 43 wpa_printf(MSG_DEBUG, "Failed to update config after " 44 "blob set"); 45 } 46 } 47 } 48 49 50 static const struct wpa_config_blob * 51 wpa_supplicant_get_config_blob(void *ctx, const char *name) 52 { 53 struct wpa_supplicant *wpa_s = ctx; 54 return wpa_config_get_blob(wpa_s->conf, name); 55 } 56 #endif /* defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA) */ 57 #endif /* CONFIG_NO_CONFIG_BLOBS */ 58 59 60 #if defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA) 61 static u8 * wpa_alloc_eapol(const struct wpa_supplicant *wpa_s, u8 type, 62 const void *data, u16 data_len, 63 size_t *msg_len, void **data_pos) 64 { 65 struct ieee802_1x_hdr *hdr; 66 67 *msg_len = sizeof(*hdr) + data_len; 68 hdr = os_malloc(*msg_len); 69 if (hdr == NULL) 70 return NULL; 71 72 hdr->version = wpa_s->conf->eapol_version; 73 hdr->type = type; 74 hdr->length = host_to_be16(data_len); 75 76 if (data) 77 os_memcpy(hdr + 1, data, data_len); 78 else 79 os_memset(hdr + 1, 0, data_len); 80 81 if (data_pos) 82 *data_pos = hdr + 1; 83 84 return (u8 *) hdr; 85 } 86 87 88 /** 89 * wpa_ether_send - Send Ethernet frame 90 * @wpa_s: Pointer to wpa_supplicant data 91 * @dest: Destination MAC address 92 * @proto: Ethertype in host byte order 93 * @buf: Frame payload starting from IEEE 802.1X header 94 * @len: Frame payload length 95 * Returns: >=0 on success, <0 on failure 96 */ 97 static int wpa_ether_send(struct wpa_supplicant *wpa_s, const u8 *dest, 98 u16 proto, const u8 *buf, size_t len) 99 { 100 #ifdef CONFIG_TESTING_OPTIONS 101 if (wpa_s->ext_eapol_frame_io && proto == ETH_P_EAPOL) { 102 size_t hex_len = 2 * len + 1; 103 char *hex = os_malloc(hex_len); 104 105 if (hex == NULL) 106 return -1; 107 wpa_snprintf_hex(hex, hex_len, buf, len); 108 wpa_msg(wpa_s, MSG_INFO, "EAPOL-TX " MACSTR " %s", 109 MAC2STR(dest), hex); 110 os_free(hex); 111 return 0; 112 } 113 #endif /* CONFIG_TESTING_OPTIONS */ 114 115 if (wpa_s->l2) { 116 return l2_packet_send(wpa_s->l2, dest, proto, buf, len); 117 } 118 119 return -1; 120 } 121 #endif /* IEEE8021X_EAPOL || !CONFIG_NO_WPA */ 122 123 124 #ifdef IEEE8021X_EAPOL 125 126 /** 127 * wpa_supplicant_eapol_send - Send IEEE 802.1X EAPOL packet to Authenticator 128 * @ctx: Pointer to wpa_supplicant data (wpa_s) 129 * @type: IEEE 802.1X packet type (IEEE802_1X_TYPE_*) 130 * @buf: EAPOL payload (after IEEE 802.1X header) 131 * @len: EAPOL payload length 132 * Returns: >=0 on success, <0 on failure 133 * 134 * This function adds Ethernet and IEEE 802.1X header and sends the EAPOL frame 135 * to the current Authenticator. 136 */ 137 static int wpa_supplicant_eapol_send(void *ctx, int type, const u8 *buf, 138 size_t len) 139 { 140 struct wpa_supplicant *wpa_s = ctx; 141 u8 *msg, *dst, bssid[ETH_ALEN]; 142 size_t msglen; 143 int res; 144 145 /* TODO: could add l2_packet_sendmsg that allows fragments to avoid 146 * extra copy here */ 147 148 if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) || 149 wpa_s->key_mgmt == WPA_KEY_MGMT_OWE || 150 wpa_s->key_mgmt == WPA_KEY_MGMT_DPP || 151 wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) { 152 /* Current SSID is not using IEEE 802.1X/EAP, so drop possible 153 * EAPOL frames (mainly, EAPOL-Start) from EAPOL state 154 * machines. */ 155 wpa_printf(MSG_DEBUG, "WPA: drop TX EAPOL in non-IEEE 802.1X " 156 "mode (type=%d len=%lu)", type, 157 (unsigned long) len); 158 return -1; 159 } 160 161 if (pmksa_cache_get_current(wpa_s->wpa) && 162 type == IEEE802_1X_TYPE_EAPOL_START) { 163 /* 164 * We were trying to use PMKSA caching and sending EAPOL-Start 165 * would abort that and trigger full EAPOL authentication. 166 * However, we've already waited for the AP/Authenticator to 167 * start 4-way handshake or EAP authentication, and apparently 168 * it has not done so since the startWhen timer has reached zero 169 * to get the state machine sending EAPOL-Start. This is not 170 * really supposed to happen, but an interoperability issue with 171 * a deployed AP has been identified where the connection fails 172 * due to that AP failing to operate correctly if PMKID is 173 * included in the Association Request frame. To work around 174 * this, assume PMKSA caching failed and try to initiate full 175 * EAP authentication. 176 */ 177 if (!wpa_s->current_ssid || 178 wpa_s->current_ssid->eap_workaround) { 179 wpa_printf(MSG_DEBUG, 180 "RSN: Timeout on waiting for the AP to initiate 4-way handshake for PMKSA caching or EAP authentication - try to force it to start EAP authentication"); 181 } else { 182 wpa_printf(MSG_DEBUG, 183 "RSN: PMKSA caching - do not send EAPOL-Start"); 184 return -1; 185 } 186 } 187 188 if (is_zero_ether_addr(wpa_s->bssid)) { 189 wpa_printf(MSG_DEBUG, "BSSID not set when trying to send an " 190 "EAPOL frame"); 191 if (wpa_drv_get_bssid(wpa_s, bssid) == 0 && 192 !is_zero_ether_addr(bssid)) { 193 dst = bssid; 194 wpa_printf(MSG_DEBUG, "Using current BSSID " MACSTR 195 " from the driver as the EAPOL destination", 196 MAC2STR(dst)); 197 } else { 198 dst = wpa_s->last_eapol_src; 199 wpa_printf(MSG_DEBUG, "Using the source address of the" 200 " last received EAPOL frame " MACSTR " as " 201 "the EAPOL destination", 202 MAC2STR(dst)); 203 } 204 } else { 205 /* BSSID was already set (from (Re)Assoc event, so use it as 206 * the EAPOL destination. */ 207 dst = wpa_s->bssid; 208 } 209 210 msg = wpa_alloc_eapol(wpa_s, type, buf, len, &msglen, NULL); 211 if (msg == NULL) 212 return -1; 213 214 wpa_printf(MSG_DEBUG, "TX EAPOL: dst=" MACSTR, MAC2STR(dst)); 215 wpa_hexdump(MSG_MSGDUMP, "TX EAPOL", msg, msglen); 216 res = wpa_ether_send(wpa_s, dst, ETH_P_EAPOL, msg, msglen); 217 os_free(msg); 218 return res; 219 } 220 221 222 /** 223 * wpa_eapol_set_wep_key - set WEP key for the driver 224 * @ctx: Pointer to wpa_supplicant data (wpa_s) 225 * @unicast: 1 = individual unicast key, 0 = broadcast key 226 * @keyidx: WEP key index (0..3) 227 * @key: Pointer to key data 228 * @keylen: Key length in bytes 229 * Returns: 0 on success or < 0 on error. 230 */ 231 static int wpa_eapol_set_wep_key(void *ctx, int unicast, int keyidx, 232 const u8 *key, size_t keylen) 233 { 234 struct wpa_supplicant *wpa_s = ctx; 235 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) { 236 int cipher = (keylen == 5) ? WPA_CIPHER_WEP40 : 237 WPA_CIPHER_WEP104; 238 if (unicast) 239 wpa_s->pairwise_cipher = cipher; 240 else 241 wpa_s->group_cipher = cipher; 242 } 243 return wpa_drv_set_key(wpa_s, WPA_ALG_WEP, 244 unicast ? wpa_s->bssid : NULL, 245 keyidx, unicast, NULL, 0, key, keylen); 246 } 247 248 249 static void wpa_supplicant_aborted_cached(void *ctx) 250 { 251 struct wpa_supplicant *wpa_s = ctx; 252 wpa_sm_aborted_cached(wpa_s->wpa); 253 } 254 255 256 static const char * result_str(enum eapol_supp_result result) 257 { 258 switch (result) { 259 case EAPOL_SUPP_RESULT_FAILURE: 260 return "FAILURE"; 261 case EAPOL_SUPP_RESULT_SUCCESS: 262 return "SUCCESS"; 263 case EAPOL_SUPP_RESULT_EXPECTED_FAILURE: 264 return "EXPECTED_FAILURE"; 265 } 266 return "?"; 267 } 268 269 270 static void wpa_supplicant_eapol_cb(struct eapol_sm *eapol, 271 enum eapol_supp_result result, 272 void *ctx) 273 { 274 struct wpa_supplicant *wpa_s = ctx; 275 int res, pmk_len; 276 u8 pmk[PMK_LEN]; 277 278 wpa_printf(MSG_DEBUG, "EAPOL authentication completed - result=%s", 279 result_str(result)); 280 281 if (wpas_wps_eapol_cb(wpa_s) > 0) 282 return; 283 284 wpa_s->eap_expected_failure = result == 285 EAPOL_SUPP_RESULT_EXPECTED_FAILURE; 286 287 if (result != EAPOL_SUPP_RESULT_SUCCESS) { 288 /* 289 * Make sure we do not get stuck here waiting for long EAPOL 290 * timeout if the AP does not disconnect in case of 291 * authentication failure. 292 */ 293 wpa_supplicant_req_auth_timeout(wpa_s, 2, 0); 294 } else { 295 ieee802_1x_notify_create_actor(wpa_s, wpa_s->last_eapol_src); 296 } 297 298 if (result != EAPOL_SUPP_RESULT_SUCCESS || 299 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE)) 300 return; 301 302 if (!wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) 303 return; 304 305 wpa_printf(MSG_DEBUG, "Configure PMK for driver-based RSN 4-way " 306 "handshake"); 307 308 pmk_len = PMK_LEN; 309 if (wpa_key_mgmt_ft(wpa_s->key_mgmt)) { 310 #ifdef CONFIG_IEEE80211R 311 u8 buf[2 * PMK_LEN]; 312 wpa_printf(MSG_DEBUG, "RSN: Use FT XXKey as PMK for " 313 "driver-based 4-way hs and FT"); 314 res = eapol_sm_get_key(eapol, buf, 2 * PMK_LEN); 315 if (res == 0) { 316 os_memcpy(pmk, buf + PMK_LEN, PMK_LEN); 317 os_memset(buf, 0, sizeof(buf)); 318 } 319 #else /* CONFIG_IEEE80211R */ 320 res = -1; 321 #endif /* CONFIG_IEEE80211R */ 322 } else { 323 res = eapol_sm_get_key(eapol, pmk, PMK_LEN); 324 if (res) { 325 /* 326 * EAP-LEAP is an exception from other EAP methods: it 327 * uses only 16-byte PMK. 328 */ 329 res = eapol_sm_get_key(eapol, pmk, 16); 330 pmk_len = 16; 331 } 332 } 333 334 if (res) { 335 wpa_printf(MSG_DEBUG, "Failed to get PMK from EAPOL state " 336 "machines"); 337 return; 338 } 339 340 wpa_hexdump_key(MSG_DEBUG, "RSN: Configure PMK for driver-based 4-way " 341 "handshake", pmk, pmk_len); 342 343 if (wpa_drv_set_key(wpa_s, WPA_ALG_PMK, NULL, 0, 0, NULL, 0, pmk, 344 pmk_len)) { 345 wpa_printf(MSG_DEBUG, "Failed to set PMK to the driver"); 346 } 347 348 wpa_supplicant_cancel_scan(wpa_s); 349 wpa_supplicant_cancel_auth_timeout(wpa_s); 350 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED); 351 352 } 353 354 355 static void wpa_supplicant_notify_eapol_done(void *ctx) 356 { 357 struct wpa_supplicant *wpa_s = ctx; 358 wpa_msg(wpa_s, MSG_DEBUG, "WPA: EAPOL processing complete"); 359 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) { 360 wpa_supplicant_set_state(wpa_s, WPA_4WAY_HANDSHAKE); 361 } else { 362 wpa_supplicant_cancel_auth_timeout(wpa_s); 363 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED); 364 } 365 } 366 367 #endif /* IEEE8021X_EAPOL */ 368 369 370 #ifndef CONFIG_NO_WPA 371 372 static int wpa_get_beacon_ie(struct wpa_supplicant *wpa_s) 373 { 374 int ret = 0; 375 struct wpa_bss *curr = NULL, *bss; 376 struct wpa_ssid *ssid = wpa_s->current_ssid; 377 const u8 *ie; 378 379 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { 380 if (os_memcmp(bss->bssid, wpa_s->bssid, ETH_ALEN) != 0) 381 continue; 382 if (ssid == NULL || 383 ((bss->ssid_len == ssid->ssid_len && 384 os_memcmp(bss->ssid, ssid->ssid, ssid->ssid_len) == 0) || 385 ssid->ssid_len == 0)) { 386 curr = bss; 387 break; 388 } 389 } 390 391 if (curr) { 392 ie = wpa_bss_get_vendor_ie(curr, WPA_IE_VENDOR_TYPE); 393 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0)) 394 ret = -1; 395 396 ie = wpa_bss_get_ie(curr, WLAN_EID_RSN); 397 if (wpa_sm_set_ap_rsn_ie(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0)) 398 ret = -1; 399 } else { 400 ret = -1; 401 } 402 403 return ret; 404 } 405 406 407 static int wpa_supplicant_get_beacon_ie(void *ctx) 408 { 409 struct wpa_supplicant *wpa_s = ctx; 410 if (wpa_get_beacon_ie(wpa_s) == 0) { 411 return 0; 412 } 413 414 /* No WPA/RSN IE found in the cached scan results. Try to get updated 415 * scan results from the driver. */ 416 if (wpa_supplicant_update_scan_results(wpa_s) < 0) 417 return -1; 418 419 return wpa_get_beacon_ie(wpa_s); 420 } 421 422 423 static u8 * _wpa_alloc_eapol(void *wpa_s, u8 type, 424 const void *data, u16 data_len, 425 size_t *msg_len, void **data_pos) 426 { 427 return wpa_alloc_eapol(wpa_s, type, data, data_len, msg_len, data_pos); 428 } 429 430 431 static int _wpa_ether_send(void *wpa_s, const u8 *dest, u16 proto, 432 const u8 *buf, size_t len) 433 { 434 return wpa_ether_send(wpa_s, dest, proto, buf, len); 435 } 436 437 438 static void _wpa_supplicant_cancel_auth_timeout(void *wpa_s) 439 { 440 wpa_supplicant_cancel_auth_timeout(wpa_s); 441 } 442 443 444 static void _wpa_supplicant_set_state(void *wpa_s, enum wpa_states state) 445 { 446 wpa_supplicant_set_state(wpa_s, state); 447 } 448 449 450 /** 451 * wpa_supplicant_get_state - Get the connection state 452 * @wpa_s: Pointer to wpa_supplicant data 453 * Returns: The current connection state (WPA_*) 454 */ 455 static enum wpa_states wpa_supplicant_get_state(struct wpa_supplicant *wpa_s) 456 { 457 return wpa_s->wpa_state; 458 } 459 460 461 static enum wpa_states _wpa_supplicant_get_state(void *wpa_s) 462 { 463 return wpa_supplicant_get_state(wpa_s); 464 } 465 466 467 static void _wpa_supplicant_deauthenticate(void *wpa_s, int reason_code) 468 { 469 wpa_supplicant_deauthenticate(wpa_s, reason_code); 470 /* Schedule a scan to make sure we continue looking for networks */ 471 wpa_supplicant_req_scan(wpa_s, 5, 0); 472 } 473 474 475 static void * wpa_supplicant_get_network_ctx(void *wpa_s) 476 { 477 return wpa_supplicant_get_ssid(wpa_s); 478 } 479 480 481 static int wpa_supplicant_get_bssid(void *ctx, u8 *bssid) 482 { 483 struct wpa_supplicant *wpa_s = ctx; 484 return wpa_drv_get_bssid(wpa_s, bssid); 485 } 486 487 488 static int wpa_supplicant_set_key(void *_wpa_s, enum wpa_alg alg, 489 const u8 *addr, int key_idx, int set_tx, 490 const u8 *seq, size_t seq_len, 491 const u8 *key, size_t key_len) 492 { 493 struct wpa_supplicant *wpa_s = _wpa_s; 494 if (alg == WPA_ALG_TKIP && key_idx == 0 && key_len == 32) { 495 /* Clear the MIC error counter when setting a new PTK. */ 496 wpa_s->mic_errors_seen = 0; 497 } 498 #ifdef CONFIG_TESTING_GET_GTK 499 if (key_idx > 0 && addr && is_broadcast_ether_addr(addr) && 500 alg != WPA_ALG_NONE && key_len <= sizeof(wpa_s->last_gtk)) { 501 os_memcpy(wpa_s->last_gtk, key, key_len); 502 wpa_s->last_gtk_len = key_len; 503 } 504 #endif /* CONFIG_TESTING_GET_GTK */ 505 #ifdef CONFIG_TESTING_OPTIONS 506 if (addr && !is_broadcast_ether_addr(addr)) { 507 wpa_s->last_tk_alg = alg; 508 os_memcpy(wpa_s->last_tk_addr, addr, ETH_ALEN); 509 wpa_s->last_tk_key_idx = key_idx; 510 if (key) 511 os_memcpy(wpa_s->last_tk, key, key_len); 512 wpa_s->last_tk_len = key_len; 513 } 514 #endif /* CONFIG_TESTING_OPTIONS */ 515 return wpa_drv_set_key(wpa_s, alg, addr, key_idx, set_tx, seq, seq_len, 516 key, key_len); 517 } 518 519 520 static int wpa_supplicant_mlme_setprotection(void *wpa_s, const u8 *addr, 521 int protection_type, 522 int key_type) 523 { 524 return wpa_drv_mlme_setprotection(wpa_s, addr, protection_type, 525 key_type); 526 } 527 528 529 static struct wpa_ssid * wpas_get_network_ctx(struct wpa_supplicant *wpa_s, 530 void *network_ctx) 531 { 532 struct wpa_ssid *ssid; 533 534 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 535 if (network_ctx == ssid) 536 return ssid; 537 } 538 539 return NULL; 540 } 541 542 543 static int wpa_supplicant_add_pmkid(void *_wpa_s, void *network_ctx, 544 const u8 *bssid, const u8 *pmkid, 545 const u8 *fils_cache_id, 546 const u8 *pmk, size_t pmk_len) 547 { 548 struct wpa_supplicant *wpa_s = _wpa_s; 549 struct wpa_ssid *ssid; 550 struct wpa_pmkid_params params; 551 552 os_memset(¶ms, 0, sizeof(params)); 553 ssid = wpas_get_network_ctx(wpa_s, network_ctx); 554 if (ssid) 555 wpa_msg(wpa_s, MSG_INFO, PMKSA_CACHE_ADDED MACSTR " %d", 556 MAC2STR(bssid), ssid->id); 557 if (ssid && fils_cache_id) { 558 params.ssid = ssid->ssid; 559 params.ssid_len = ssid->ssid_len; 560 params.fils_cache_id = fils_cache_id; 561 } else { 562 params.bssid = bssid; 563 } 564 565 params.pmkid = pmkid; 566 params.pmk = pmk; 567 params.pmk_len = pmk_len; 568 569 return wpa_drv_add_pmkid(wpa_s, ¶ms); 570 } 571 572 573 static int wpa_supplicant_remove_pmkid(void *_wpa_s, void *network_ctx, 574 const u8 *bssid, const u8 *pmkid, 575 const u8 *fils_cache_id) 576 { 577 struct wpa_supplicant *wpa_s = _wpa_s; 578 struct wpa_ssid *ssid; 579 struct wpa_pmkid_params params; 580 581 os_memset(¶ms, 0, sizeof(params)); 582 ssid = wpas_get_network_ctx(wpa_s, network_ctx); 583 if (ssid) 584 wpa_msg(wpa_s, MSG_INFO, PMKSA_CACHE_REMOVED MACSTR " %d", 585 MAC2STR(bssid), ssid->id); 586 if (ssid && fils_cache_id) { 587 params.ssid = ssid->ssid; 588 params.ssid_len = ssid->ssid_len; 589 params.fils_cache_id = fils_cache_id; 590 } else { 591 params.bssid = bssid; 592 } 593 594 params.pmkid = pmkid; 595 596 return wpa_drv_remove_pmkid(wpa_s, ¶ms); 597 } 598 599 600 #ifdef CONFIG_IEEE80211R 601 static int wpa_supplicant_update_ft_ies(void *ctx, const u8 *md, 602 const u8 *ies, size_t ies_len) 603 { 604 struct wpa_supplicant *wpa_s = ctx; 605 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) 606 return sme_update_ft_ies(wpa_s, md, ies, ies_len); 607 return wpa_drv_update_ft_ies(wpa_s, md, ies, ies_len); 608 } 609 610 611 static int wpa_supplicant_send_ft_action(void *ctx, u8 action, 612 const u8 *target_ap, 613 const u8 *ies, size_t ies_len) 614 { 615 struct wpa_supplicant *wpa_s = ctx; 616 int ret; 617 u8 *data, *pos; 618 size_t data_len; 619 620 if (action != 1) { 621 wpa_printf(MSG_ERROR, "Unsupported send_ft_action action %d", 622 action); 623 return -1; 624 } 625 626 /* 627 * Action frame payload: 628 * Category[1] = 6 (Fast BSS Transition) 629 * Action[1] = 1 (Fast BSS Transition Request) 630 * STA Address 631 * Target AP Address 632 * FT IEs 633 */ 634 635 data_len = 2 + 2 * ETH_ALEN + ies_len; 636 data = os_malloc(data_len); 637 if (data == NULL) 638 return -1; 639 pos = data; 640 *pos++ = 0x06; /* FT Action category */ 641 *pos++ = action; 642 os_memcpy(pos, wpa_s->own_addr, ETH_ALEN); 643 pos += ETH_ALEN; 644 os_memcpy(pos, target_ap, ETH_ALEN); 645 pos += ETH_ALEN; 646 os_memcpy(pos, ies, ies_len); 647 648 ret = wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, 649 wpa_s->bssid, wpa_s->own_addr, wpa_s->bssid, 650 data, data_len, 0); 651 os_free(data); 652 653 return ret; 654 } 655 656 657 static int wpa_supplicant_mark_authenticated(void *ctx, const u8 *target_ap) 658 { 659 struct wpa_supplicant *wpa_s = ctx; 660 struct wpa_driver_auth_params params; 661 struct wpa_bss *bss; 662 663 bss = wpa_bss_get_bssid(wpa_s, target_ap); 664 if (bss == NULL) 665 return -1; 666 667 os_memset(¶ms, 0, sizeof(params)); 668 params.bssid = target_ap; 669 params.freq = bss->freq; 670 params.ssid = bss->ssid; 671 params.ssid_len = bss->ssid_len; 672 params.auth_alg = WPA_AUTH_ALG_FT; 673 params.local_state_change = 1; 674 return wpa_drv_authenticate(wpa_s, ¶ms); 675 } 676 #endif /* CONFIG_IEEE80211R */ 677 678 679 #ifdef CONFIG_TDLS 680 681 static int wpa_supplicant_tdls_get_capa(void *ctx, int *tdls_supported, 682 int *tdls_ext_setup, 683 int *tdls_chan_switch) 684 { 685 struct wpa_supplicant *wpa_s = ctx; 686 687 *tdls_supported = 0; 688 *tdls_ext_setup = 0; 689 *tdls_chan_switch = 0; 690 691 if (!wpa_s->drv_capa_known) 692 return -1; 693 694 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT) 695 *tdls_supported = 1; 696 697 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_TDLS_EXTERNAL_SETUP) 698 *tdls_ext_setup = 1; 699 700 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_TDLS_CHANNEL_SWITCH) 701 *tdls_chan_switch = 1; 702 703 return 0; 704 } 705 706 707 static int wpa_supplicant_send_tdls_mgmt(void *ctx, const u8 *dst, 708 u8 action_code, u8 dialog_token, 709 u16 status_code, u32 peer_capab, 710 int initiator, const u8 *buf, 711 size_t len) 712 { 713 struct wpa_supplicant *wpa_s = ctx; 714 return wpa_drv_send_tdls_mgmt(wpa_s, dst, action_code, dialog_token, 715 status_code, peer_capab, initiator, buf, 716 len); 717 } 718 719 720 static int wpa_supplicant_tdls_oper(void *ctx, int oper, const u8 *peer) 721 { 722 struct wpa_supplicant *wpa_s = ctx; 723 return wpa_drv_tdls_oper(wpa_s, oper, peer); 724 } 725 726 727 static int wpa_supplicant_tdls_peer_addset( 728 void *ctx, const u8 *peer, int add, u16 aid, u16 capability, 729 const u8 *supp_rates, size_t supp_rates_len, 730 const struct ieee80211_ht_capabilities *ht_capab, 731 const struct ieee80211_vht_capabilities *vht_capab, 732 u8 qosinfo, int wmm, const u8 *ext_capab, size_t ext_capab_len, 733 const u8 *supp_channels, size_t supp_channels_len, 734 const u8 *supp_oper_classes, size_t supp_oper_classes_len) 735 { 736 struct wpa_supplicant *wpa_s = ctx; 737 struct hostapd_sta_add_params params; 738 739 os_memset(¶ms, 0, sizeof(params)); 740 741 params.addr = peer; 742 params.aid = aid; 743 params.capability = capability; 744 params.flags = WPA_STA_TDLS_PEER | WPA_STA_AUTHORIZED; 745 746 /* 747 * Don't rely only on qosinfo for WMM capability. It may be 0 even when 748 * present. Allow the WMM IE to also indicate QoS support. 749 */ 750 if (wmm || qosinfo) 751 params.flags |= WPA_STA_WMM; 752 753 params.ht_capabilities = ht_capab; 754 params.vht_capabilities = vht_capab; 755 params.qosinfo = qosinfo; 756 params.listen_interval = 0; 757 params.supp_rates = supp_rates; 758 params.supp_rates_len = supp_rates_len; 759 params.set = !add; 760 params.ext_capab = ext_capab; 761 params.ext_capab_len = ext_capab_len; 762 params.supp_channels = supp_channels; 763 params.supp_channels_len = supp_channels_len; 764 params.supp_oper_classes = supp_oper_classes; 765 params.supp_oper_classes_len = supp_oper_classes_len; 766 767 return wpa_drv_sta_add(wpa_s, ¶ms); 768 } 769 770 771 static int wpa_supplicant_tdls_enable_channel_switch( 772 void *ctx, const u8 *addr, u8 oper_class, 773 const struct hostapd_freq_params *params) 774 { 775 struct wpa_supplicant *wpa_s = ctx; 776 777 return wpa_drv_tdls_enable_channel_switch(wpa_s, addr, oper_class, 778 params); 779 } 780 781 782 static int wpa_supplicant_tdls_disable_channel_switch(void *ctx, const u8 *addr) 783 { 784 struct wpa_supplicant *wpa_s = ctx; 785 786 return wpa_drv_tdls_disable_channel_switch(wpa_s, addr); 787 } 788 789 #endif /* CONFIG_TDLS */ 790 791 #endif /* CONFIG_NO_WPA */ 792 793 794 enum wpa_ctrl_req_type wpa_supplicant_ctrl_req_from_string(const char *field) 795 { 796 if (os_strcmp(field, "IDENTITY") == 0) 797 return WPA_CTRL_REQ_EAP_IDENTITY; 798 else if (os_strcmp(field, "PASSWORD") == 0) 799 return WPA_CTRL_REQ_EAP_PASSWORD; 800 else if (os_strcmp(field, "NEW_PASSWORD") == 0) 801 return WPA_CTRL_REQ_EAP_NEW_PASSWORD; 802 else if (os_strcmp(field, "PIN") == 0) 803 return WPA_CTRL_REQ_EAP_PIN; 804 else if (os_strcmp(field, "OTP") == 0) 805 return WPA_CTRL_REQ_EAP_OTP; 806 else if (os_strcmp(field, "PASSPHRASE") == 0) 807 return WPA_CTRL_REQ_EAP_PASSPHRASE; 808 else if (os_strcmp(field, "SIM") == 0) 809 return WPA_CTRL_REQ_SIM; 810 else if (os_strcmp(field, "PSK_PASSPHRASE") == 0) 811 return WPA_CTRL_REQ_PSK_PASSPHRASE; 812 else if (os_strcmp(field, "EXT_CERT_CHECK") == 0) 813 return WPA_CTRL_REQ_EXT_CERT_CHECK; 814 return WPA_CTRL_REQ_UNKNOWN; 815 } 816 817 818 const char * wpa_supplicant_ctrl_req_to_string(enum wpa_ctrl_req_type field, 819 const char *default_txt, 820 const char **txt) 821 { 822 const char *ret = NULL; 823 824 *txt = default_txt; 825 826 switch (field) { 827 case WPA_CTRL_REQ_EAP_IDENTITY: 828 *txt = "Identity"; 829 ret = "IDENTITY"; 830 break; 831 case WPA_CTRL_REQ_EAP_PASSWORD: 832 *txt = "Password"; 833 ret = "PASSWORD"; 834 break; 835 case WPA_CTRL_REQ_EAP_NEW_PASSWORD: 836 *txt = "New Password"; 837 ret = "NEW_PASSWORD"; 838 break; 839 case WPA_CTRL_REQ_EAP_PIN: 840 *txt = "PIN"; 841 ret = "PIN"; 842 break; 843 case WPA_CTRL_REQ_EAP_OTP: 844 ret = "OTP"; 845 break; 846 case WPA_CTRL_REQ_EAP_PASSPHRASE: 847 *txt = "Private key passphrase"; 848 ret = "PASSPHRASE"; 849 break; 850 case WPA_CTRL_REQ_SIM: 851 ret = "SIM"; 852 break; 853 case WPA_CTRL_REQ_PSK_PASSPHRASE: 854 *txt = "PSK or passphrase"; 855 ret = "PSK_PASSPHRASE"; 856 break; 857 case WPA_CTRL_REQ_EXT_CERT_CHECK: 858 *txt = "External server certificate validation"; 859 ret = "EXT_CERT_CHECK"; 860 break; 861 default: 862 break; 863 } 864 865 /* txt needs to be something */ 866 if (*txt == NULL) { 867 wpa_printf(MSG_WARNING, "No message for request %d", field); 868 ret = NULL; 869 } 870 871 return ret; 872 } 873 874 875 void wpas_send_ctrl_req(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid, 876 const char *field_name, const char *txt) 877 { 878 char *buf; 879 size_t buflen; 880 int len; 881 882 buflen = 100 + os_strlen(txt) + ssid->ssid_len; 883 buf = os_malloc(buflen); 884 if (buf == NULL) 885 return; 886 len = os_snprintf(buf, buflen, "%s-%d:%s needed for SSID ", 887 field_name, ssid->id, txt); 888 if (os_snprintf_error(buflen, len)) { 889 os_free(buf); 890 return; 891 } 892 if (ssid->ssid && buflen > len + ssid->ssid_len) { 893 os_memcpy(buf + len, ssid->ssid, ssid->ssid_len); 894 len += ssid->ssid_len; 895 buf[len] = '\0'; 896 } 897 buf[buflen - 1] = '\0'; 898 wpa_msg(wpa_s, MSG_INFO, WPA_CTRL_REQ "%s", buf); 899 os_free(buf); 900 } 901 902 903 #ifdef IEEE8021X_EAPOL 904 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG) 905 static void wpa_supplicant_eap_param_needed(void *ctx, 906 enum wpa_ctrl_req_type field, 907 const char *default_txt) 908 { 909 struct wpa_supplicant *wpa_s = ctx; 910 struct wpa_ssid *ssid = wpa_s->current_ssid; 911 const char *field_name, *txt = NULL; 912 913 if (ssid == NULL) 914 return; 915 916 if (field == WPA_CTRL_REQ_EXT_CERT_CHECK) 917 ssid->eap.pending_ext_cert_check = PENDING_CHECK; 918 wpas_notify_network_request(wpa_s, ssid, field, default_txt); 919 920 field_name = wpa_supplicant_ctrl_req_to_string(field, default_txt, 921 &txt); 922 if (field_name == NULL) { 923 wpa_printf(MSG_WARNING, "Unhandled EAP param %d needed", 924 field); 925 return; 926 } 927 928 wpas_notify_eap_status(wpa_s, "eap parameter needed", field_name); 929 930 wpas_send_ctrl_req(wpa_s, ssid, field_name, txt); 931 } 932 #else /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */ 933 #define wpa_supplicant_eap_param_needed NULL 934 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */ 935 936 937 #ifdef CONFIG_EAP_PROXY 938 939 static void wpa_supplicant_eap_proxy_cb(void *ctx) 940 { 941 struct wpa_supplicant *wpa_s = ctx; 942 size_t len; 943 944 wpa_s->mnc_len = eapol_sm_get_eap_proxy_imsi(wpa_s->eapol, -1, 945 wpa_s->imsi, &len); 946 if (wpa_s->mnc_len > 0) { 947 wpa_s->imsi[len] = '\0'; 948 wpa_printf(MSG_DEBUG, "eap_proxy: IMSI %s (MNC length %d)", 949 wpa_s->imsi, wpa_s->mnc_len); 950 } else { 951 wpa_printf(MSG_DEBUG, "eap_proxy: IMSI not available"); 952 } 953 } 954 955 956 static void wpa_sm_sim_state_error_handler(struct wpa_supplicant *wpa_s) 957 { 958 int i; 959 struct wpa_ssid *ssid; 960 const struct eap_method_type *eap_methods; 961 962 if (!wpa_s->conf) 963 return; 964 965 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 966 eap_methods = ssid->eap.eap_methods; 967 if (!eap_methods) 968 continue; 969 970 for (i = 0; eap_methods[i].method != EAP_TYPE_NONE; i++) { 971 if (eap_methods[i].vendor == EAP_VENDOR_IETF && 972 (eap_methods[i].method == EAP_TYPE_SIM || 973 eap_methods[i].method == EAP_TYPE_AKA || 974 eap_methods[i].method == EAP_TYPE_AKA_PRIME)) { 975 wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid); 976 break; 977 } 978 } 979 } 980 } 981 982 983 static void 984 wpa_supplicant_eap_proxy_notify_sim_status(void *ctx, 985 enum eap_proxy_sim_state sim_state) 986 { 987 struct wpa_supplicant *wpa_s = ctx; 988 989 wpa_printf(MSG_DEBUG, "eap_proxy: SIM card status %u", sim_state); 990 switch (sim_state) { 991 case SIM_STATE_ERROR: 992 wpa_sm_sim_state_error_handler(wpa_s); 993 break; 994 default: 995 wpa_printf(MSG_DEBUG, "eap_proxy: SIM card status unknown"); 996 break; 997 } 998 } 999 1000 #endif /* CONFIG_EAP_PROXY */ 1001 1002 1003 static void wpa_supplicant_port_cb(void *ctx, int authorized) 1004 { 1005 struct wpa_supplicant *wpa_s = ctx; 1006 #ifdef CONFIG_AP 1007 if (wpa_s->ap_iface) { 1008 wpa_printf(MSG_DEBUG, "AP mode active - skip EAPOL Supplicant " 1009 "port status: %s", 1010 authorized ? "Authorized" : "Unauthorized"); 1011 return; 1012 } 1013 #endif /* CONFIG_AP */ 1014 wpa_printf(MSG_DEBUG, "EAPOL: Supplicant port status: %s", 1015 authorized ? "Authorized" : "Unauthorized"); 1016 wpa_drv_set_supp_port(wpa_s, authorized); 1017 } 1018 1019 1020 static void wpa_supplicant_cert_cb(void *ctx, int depth, const char *subject, 1021 const char *altsubject[], int num_altsubject, 1022 const char *cert_hash, 1023 const struct wpabuf *cert) 1024 { 1025 struct wpa_supplicant *wpa_s = ctx; 1026 1027 wpas_notify_certification(wpa_s, depth, subject, altsubject, 1028 num_altsubject, cert_hash, cert); 1029 } 1030 1031 1032 static void wpa_supplicant_status_cb(void *ctx, const char *status, 1033 const char *parameter) 1034 { 1035 struct wpa_supplicant *wpa_s = ctx; 1036 1037 wpas_notify_eap_status(wpa_s, status, parameter); 1038 } 1039 1040 static void wpa_supplicant_eap_error_cb(void *ctx, int error_code) 1041 { 1042 struct wpa_supplicant *wpa_s = ctx; 1043 1044 wpas_notify_eap_error(wpa_s, error_code); 1045 } 1046 1047 static void wpa_supplicant_set_anon_id(void *ctx, const u8 *id, size_t len) 1048 { 1049 struct wpa_supplicant *wpa_s = ctx; 1050 char *str; 1051 int res; 1052 1053 wpa_hexdump_ascii(MSG_DEBUG, "EAP method updated anonymous_identity", 1054 id, len); 1055 1056 if (wpa_s->current_ssid == NULL) 1057 return; 1058 1059 if (id == NULL) { 1060 if (wpa_config_set(wpa_s->current_ssid, "anonymous_identity", 1061 "NULL", 0) < 0) 1062 return; 1063 } else { 1064 str = os_malloc(len * 2 + 1); 1065 if (str == NULL) 1066 return; 1067 wpa_snprintf_hex(str, len * 2 + 1, id, len); 1068 res = wpa_config_set(wpa_s->current_ssid, "anonymous_identity", 1069 str, 0); 1070 os_free(str); 1071 if (res < 0) 1072 return; 1073 } 1074 1075 if (wpa_s->conf->update_config) { 1076 res = wpa_config_write(wpa_s->confname, wpa_s->conf); 1077 if (res) { 1078 wpa_printf(MSG_DEBUG, "Failed to update config after " 1079 "anonymous_id update"); 1080 } 1081 } 1082 } 1083 #endif /* IEEE8021X_EAPOL */ 1084 1085 1086 int wpa_supplicant_init_eapol(struct wpa_supplicant *wpa_s) 1087 { 1088 #ifdef IEEE8021X_EAPOL 1089 struct eapol_ctx *ctx; 1090 ctx = os_zalloc(sizeof(*ctx)); 1091 if (ctx == NULL) { 1092 wpa_printf(MSG_ERROR, "Failed to allocate EAPOL context."); 1093 return -1; 1094 } 1095 1096 ctx->ctx = wpa_s; 1097 ctx->msg_ctx = wpa_s; 1098 ctx->eapol_send_ctx = wpa_s; 1099 ctx->preauth = 0; 1100 ctx->eapol_done_cb = wpa_supplicant_notify_eapol_done; 1101 ctx->eapol_send = wpa_supplicant_eapol_send; 1102 ctx->set_wep_key = wpa_eapol_set_wep_key; 1103 #ifndef CONFIG_NO_CONFIG_BLOBS 1104 ctx->set_config_blob = wpa_supplicant_set_config_blob; 1105 ctx->get_config_blob = wpa_supplicant_get_config_blob; 1106 #endif /* CONFIG_NO_CONFIG_BLOBS */ 1107 ctx->aborted_cached = wpa_supplicant_aborted_cached; 1108 ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path; 1109 ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path; 1110 ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path; 1111 ctx->openssl_ciphers = wpa_s->conf->openssl_ciphers; 1112 ctx->wps = wpa_s->wps; 1113 ctx->eap_param_needed = wpa_supplicant_eap_param_needed; 1114 #ifdef CONFIG_EAP_PROXY 1115 ctx->eap_proxy_cb = wpa_supplicant_eap_proxy_cb; 1116 ctx->eap_proxy_notify_sim_status = 1117 wpa_supplicant_eap_proxy_notify_sim_status; 1118 #endif /* CONFIG_EAP_PROXY */ 1119 ctx->port_cb = wpa_supplicant_port_cb; 1120 ctx->cb = wpa_supplicant_eapol_cb; 1121 ctx->cert_cb = wpa_supplicant_cert_cb; 1122 ctx->cert_in_cb = wpa_s->conf->cert_in_cb; 1123 ctx->status_cb = wpa_supplicant_status_cb; 1124 ctx->eap_error_cb = wpa_supplicant_eap_error_cb; 1125 ctx->set_anon_id = wpa_supplicant_set_anon_id; 1126 ctx->cb_ctx = wpa_s; 1127 wpa_s->eapol = eapol_sm_init(ctx); 1128 if (wpa_s->eapol == NULL) { 1129 os_free(ctx); 1130 wpa_printf(MSG_ERROR, "Failed to initialize EAPOL state " 1131 "machines."); 1132 return -1; 1133 } 1134 #endif /* IEEE8021X_EAPOL */ 1135 1136 return 0; 1137 } 1138 1139 1140 #ifndef CONFIG_NO_WPA 1141 1142 static void wpa_supplicant_set_rekey_offload(void *ctx, 1143 const u8 *kek, size_t kek_len, 1144 const u8 *kck, size_t kck_len, 1145 const u8 *replay_ctr) 1146 { 1147 struct wpa_supplicant *wpa_s = ctx; 1148 1149 wpa_drv_set_rekey_info(wpa_s, kek, kek_len, kck, kck_len, replay_ctr); 1150 } 1151 1152 1153 static int wpa_supplicant_key_mgmt_set_pmk(void *ctx, const u8 *pmk, 1154 size_t pmk_len) 1155 { 1156 struct wpa_supplicant *wpa_s = ctx; 1157 1158 if (wpa_s->conf->key_mgmt_offload && 1159 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_KEY_MGMT_OFFLOAD)) 1160 return wpa_drv_set_key(wpa_s, WPA_ALG_PMK, NULL, 0, 0, 1161 NULL, 0, pmk, pmk_len); 1162 else 1163 return 0; 1164 } 1165 1166 1167 static void wpa_supplicant_fils_hlp_rx(void *ctx, const u8 *dst, const u8 *src, 1168 const u8 *pkt, size_t pkt_len) 1169 { 1170 struct wpa_supplicant *wpa_s = ctx; 1171 char *hex; 1172 size_t hexlen; 1173 1174 hexlen = pkt_len * 2 + 1; 1175 hex = os_malloc(hexlen); 1176 if (!hex) 1177 return; 1178 wpa_snprintf_hex(hex, hexlen, pkt, pkt_len); 1179 wpa_msg(wpa_s, MSG_INFO, FILS_HLP_RX "dst=" MACSTR " src=" MACSTR 1180 " frame=%s", MAC2STR(dst), MAC2STR(src), hex); 1181 os_free(hex); 1182 } 1183 1184 #endif /* CONFIG_NO_WPA */ 1185 1186 1187 int wpa_supplicant_init_wpa(struct wpa_supplicant *wpa_s) 1188 { 1189 #ifndef CONFIG_NO_WPA 1190 struct wpa_sm_ctx *ctx; 1191 ctx = os_zalloc(sizeof(*ctx)); 1192 if (ctx == NULL) { 1193 wpa_printf(MSG_ERROR, "Failed to allocate WPA context."); 1194 return -1; 1195 } 1196 1197 ctx->ctx = wpa_s; 1198 ctx->msg_ctx = wpa_s; 1199 ctx->set_state = _wpa_supplicant_set_state; 1200 ctx->get_state = _wpa_supplicant_get_state; 1201 ctx->deauthenticate = _wpa_supplicant_deauthenticate; 1202 ctx->set_key = wpa_supplicant_set_key; 1203 ctx->get_network_ctx = wpa_supplicant_get_network_ctx; 1204 ctx->get_bssid = wpa_supplicant_get_bssid; 1205 ctx->ether_send = _wpa_ether_send; 1206 ctx->get_beacon_ie = wpa_supplicant_get_beacon_ie; 1207 ctx->alloc_eapol = _wpa_alloc_eapol; 1208 ctx->cancel_auth_timeout = _wpa_supplicant_cancel_auth_timeout; 1209 ctx->add_pmkid = wpa_supplicant_add_pmkid; 1210 ctx->remove_pmkid = wpa_supplicant_remove_pmkid; 1211 #ifndef CONFIG_NO_CONFIG_BLOBS 1212 ctx->set_config_blob = wpa_supplicant_set_config_blob; 1213 ctx->get_config_blob = wpa_supplicant_get_config_blob; 1214 #endif /* CONFIG_NO_CONFIG_BLOBS */ 1215 ctx->mlme_setprotection = wpa_supplicant_mlme_setprotection; 1216 #ifdef CONFIG_IEEE80211R 1217 ctx->update_ft_ies = wpa_supplicant_update_ft_ies; 1218 ctx->send_ft_action = wpa_supplicant_send_ft_action; 1219 ctx->mark_authenticated = wpa_supplicant_mark_authenticated; 1220 #endif /* CONFIG_IEEE80211R */ 1221 #ifdef CONFIG_TDLS 1222 ctx->tdls_get_capa = wpa_supplicant_tdls_get_capa; 1223 ctx->send_tdls_mgmt = wpa_supplicant_send_tdls_mgmt; 1224 ctx->tdls_oper = wpa_supplicant_tdls_oper; 1225 ctx->tdls_peer_addset = wpa_supplicant_tdls_peer_addset; 1226 ctx->tdls_enable_channel_switch = 1227 wpa_supplicant_tdls_enable_channel_switch; 1228 ctx->tdls_disable_channel_switch = 1229 wpa_supplicant_tdls_disable_channel_switch; 1230 #endif /* CONFIG_TDLS */ 1231 ctx->set_rekey_offload = wpa_supplicant_set_rekey_offload; 1232 ctx->key_mgmt_set_pmk = wpa_supplicant_key_mgmt_set_pmk; 1233 ctx->fils_hlp_rx = wpa_supplicant_fils_hlp_rx; 1234 1235 wpa_s->wpa = wpa_sm_init(ctx); 1236 if (wpa_s->wpa == NULL) { 1237 wpa_printf(MSG_ERROR, "Failed to initialize WPA state " 1238 "machine"); 1239 os_free(ctx); 1240 return -1; 1241 } 1242 #endif /* CONFIG_NO_WPA */ 1243 1244 return 0; 1245 } 1246 1247 1248 void wpa_supplicant_rsn_supp_set_config(struct wpa_supplicant *wpa_s, 1249 struct wpa_ssid *ssid) 1250 { 1251 struct rsn_supp_config conf; 1252 if (ssid) { 1253 os_memset(&conf, 0, sizeof(conf)); 1254 conf.network_ctx = ssid; 1255 conf.allowed_pairwise_cipher = ssid->pairwise_cipher; 1256 #ifdef IEEE8021X_EAPOL 1257 conf.proactive_key_caching = ssid->proactive_key_caching < 0 ? 1258 wpa_s->conf->okc : ssid->proactive_key_caching; 1259 conf.eap_workaround = ssid->eap_workaround; 1260 conf.eap_conf_ctx = &ssid->eap; 1261 #endif /* IEEE8021X_EAPOL */ 1262 conf.ssid = ssid->ssid; 1263 conf.ssid_len = ssid->ssid_len; 1264 conf.wpa_ptk_rekey = ssid->wpa_ptk_rekey; 1265 #ifdef CONFIG_P2P 1266 if (ssid->p2p_group && wpa_s->current_bss && 1267 !wpa_s->p2p_disable_ip_addr_req) { 1268 struct wpabuf *p2p; 1269 p2p = wpa_bss_get_vendor_ie_multi(wpa_s->current_bss, 1270 P2P_IE_VENDOR_TYPE); 1271 if (p2p) { 1272 u8 group_capab; 1273 group_capab = p2p_get_group_capab(p2p); 1274 if (group_capab & 1275 P2P_GROUP_CAPAB_IP_ADDR_ALLOCATION) 1276 conf.p2p = 1; 1277 wpabuf_free(p2p); 1278 } 1279 } 1280 #endif /* CONFIG_P2P */ 1281 conf.wpa_rsc_relaxation = wpa_s->conf->wpa_rsc_relaxation; 1282 #ifdef CONFIG_FILS 1283 if (wpa_key_mgmt_fils(wpa_s->key_mgmt)) 1284 conf.fils_cache_id = 1285 wpa_bss_get_fils_cache_id(wpa_s->current_bss); 1286 #endif /* CONFIG_FILS */ 1287 } 1288 wpa_sm_set_config(wpa_s->wpa, ssid ? &conf : NULL); 1289 } 1290
