]> git.ipfire.org Git - thirdparty/hostap.git/blob - src/ap/ieee802_11.c
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
OWE: Add RSNE when not using PMKSA caching (driver-SME/MLME)
[thirdparty/hostap.git] / src / ap / ieee802_11.c
1 /*
2 * hostapd / IEEE 802.11 Management
3 * Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #ifndef CONFIG_NATIVE_WINDOWS
12
13 #include "utils/common.h"
14 #include "utils/eloop.h"
15 #include "crypto/crypto.h"
16 #include "crypto/sha256.h"
17 #include "crypto/sha384.h"
18 #include "crypto/sha512.h"
19 #include "crypto/random.h"
20 #include "common/ieee802_11_defs.h"
21 #include "common/ieee802_11_common.h"
22 #include "common/wpa_ctrl.h"
23 #include "common/sae.h"
24 #include "radius/radius.h"
25 #include "radius/radius_client.h"
26 #include "p2p/p2p.h"
27 #include "wps/wps.h"
28 #include "fst/fst.h"
29 #include "hostapd.h"
30 #include "beacon.h"
31 #include "ieee802_11_auth.h"
32 #include "sta_info.h"
33 #include "ieee802_1x.h"
34 #include "wpa_auth.h"
35 #include "pmksa_cache_auth.h"
36 #include "wmm.h"
37 #include "ap_list.h"
38 #include "accounting.h"
39 #include "ap_config.h"
40 #include "ap_mlme.h"
41 #include "p2p_hostapd.h"
42 #include "ap_drv_ops.h"
43 #include "wnm_ap.h"
44 #include "hw_features.h"
45 #include "ieee802_11.h"
46 #include "dfs.h"
47 #include "mbo_ap.h"
48 #include "rrm.h"
49 #include "taxonomy.h"
50 #include "fils_hlp.h"
51 #include "dpp_hostapd.h"
52 #include "gas_query_ap.h"
53
54
55 #ifdef CONFIG_FILS
56 static struct wpabuf *
57 prepare_auth_resp_fils(struct hostapd_data *hapd,
58 struct sta_info *sta, u16 *resp,
59 struct rsn_pmksa_cache_entry *pmksa,
60 struct wpabuf *erp_resp,
61 const u8 *msk, size_t msk_len,
62 int *is_pub);
63 #endif /* CONFIG_FILS */
64
65 u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid)
66 {
67 u8 *pos = eid;
68 int i, num, count;
69
70 if (hapd->iface->current_rates == NULL)
71 return eid;
72
73 *pos++ = WLAN_EID_SUPP_RATES;
74 num = hapd->iface->num_rates;
75 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht)
76 num++;
77 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht)
78 num++;
79 if (num > 8) {
80 /* rest of the rates are encoded in Extended supported
81 * rates element */
82 num = 8;
83 }
84
85 *pos++ = num;
86 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num;
87 i++) {
88 count++;
89 *pos = hapd->iface->current_rates[i].rate / 5;
90 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC)
91 *pos |= 0x80;
92 pos++;
93 }
94
95 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht && count < 8) {
96 count++;
97 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY;
98 }
99
100 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht && count < 8) {
101 count++;
102 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY;
103 }
104
105 return pos;
106 }
107
108
109 u8 * hostapd_eid_ext_supp_rates(struct hostapd_data *hapd, u8 *eid)
110 {
111 u8 *pos = eid;
112 int i, num, count;
113
114 if (hapd->iface->current_rates == NULL)
115 return eid;
116
117 num = hapd->iface->num_rates;
118 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht)
119 num++;
120 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht)
121 num++;
122 if (num <= 8)
123 return eid;
124 num -= 8;
125
126 *pos++ = WLAN_EID_EXT_SUPP_RATES;
127 *pos++ = num;
128 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num + 8;
129 i++) {
130 count++;
131 if (count <= 8)
132 continue; /* already in SuppRates IE */
133 *pos = hapd->iface->current_rates[i].rate / 5;
134 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC)
135 *pos |= 0x80;
136 pos++;
137 }
138
139 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) {
140 count++;
141 if (count > 8)
142 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY;
143 }
144
145 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) {
146 count++;
147 if (count > 8)
148 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY;
149 }
150
151 return pos;
152 }
153
154
155 u16 hostapd_own_capab_info(struct hostapd_data *hapd)
156 {
157 int capab = WLAN_CAPABILITY_ESS;
158 int privacy;
159 int dfs;
160 int i;
161
162 /* Check if any of configured channels require DFS */
163 dfs = hostapd_is_dfs_required(hapd->iface);
164 if (dfs < 0) {
165 wpa_printf(MSG_WARNING, "Failed to check if DFS is required; ret=%d",
166 dfs);
167 dfs = 0;
168 }
169
170 if (hapd->iface->num_sta_no_short_preamble == 0 &&
171 hapd->iconf->preamble == SHORT_PREAMBLE)
172 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
173
174 privacy = hapd->conf->ssid.wep.keys_set;
175
176 if (hapd->conf->ieee802_1x &&
177 (hapd->conf->default_wep_key_len ||
178 hapd->conf->individual_wep_key_len))
179 privacy = 1;
180
181 if (hapd->conf->wpa)
182 privacy = 1;
183
184 #ifdef CONFIG_HS20
185 if (hapd->conf->osen)
186 privacy = 1;
187 #endif /* CONFIG_HS20 */
188
189 if (privacy)
190 capab |= WLAN_CAPABILITY_PRIVACY;
191
192 if (hapd->iface->current_mode &&
193 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G &&
194 hapd->iface->num_sta_no_short_slot_time == 0)
195 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
196
197 /*
198 * Currently, Spectrum Management capability bit is set when directly
199 * requested in configuration by spectrum_mgmt_required or when AP is
200 * running on DFS channel.
201 * TODO: Also consider driver support for TPC to set Spectrum Mgmt bit
202 */
203 if (hapd->iface->current_mode &&
204 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211A &&
205 (hapd->iconf->spectrum_mgmt_required || dfs))
206 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
207
208 for (i = 0; i < RRM_CAPABILITIES_IE_LEN; i++) {
209 if (hapd->conf->radio_measurements[i]) {
210 capab |= IEEE80211_CAP_RRM;
211 break;
212 }
213 }
214
215 return capab;
216 }
217
218
219 #ifndef CONFIG_NO_RC4
220 static u16 auth_shared_key(struct hostapd_data *hapd, struct sta_info *sta,
221 u16 auth_transaction, const u8 *challenge,
222 int iswep)
223 {
224 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
225 HOSTAPD_LEVEL_DEBUG,
226 "authentication (shared key, transaction %d)",
227 auth_transaction);
228
229 if (auth_transaction == 1) {
230 if (!sta->challenge) {
231 /* Generate a pseudo-random challenge */
232 u8 key[8];
233
234 sta->challenge = os_zalloc(WLAN_AUTH_CHALLENGE_LEN);
235 if (sta->challenge == NULL)
236 return WLAN_STATUS_UNSPECIFIED_FAILURE;
237
238 if (os_get_random(key, sizeof(key)) < 0) {
239 os_free(sta->challenge);
240 sta->challenge = NULL;
241 return WLAN_STATUS_UNSPECIFIED_FAILURE;
242 }
243
244 rc4_skip(key, sizeof(key), 0,
245 sta->challenge, WLAN_AUTH_CHALLENGE_LEN);
246 }
247 return 0;
248 }
249
250 if (auth_transaction != 3)
251 return WLAN_STATUS_UNSPECIFIED_FAILURE;
252
253 /* Transaction 3 */
254 if (!iswep || !sta->challenge || !challenge ||
255 os_memcmp_const(sta->challenge, challenge,
256 WLAN_AUTH_CHALLENGE_LEN)) {
257 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
258 HOSTAPD_LEVEL_INFO,
259 "shared key authentication - invalid "
260 "challenge-response");
261 return WLAN_STATUS_CHALLENGE_FAIL;
262 }
263
264 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
265 HOSTAPD_LEVEL_DEBUG,
266 "authentication OK (shared key)");
267 sta->flags |= WLAN_STA_AUTH;
268 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
269 os_free(sta->challenge);
270 sta->challenge = NULL;
271
272 return 0;
273 }
274 #endif /* CONFIG_NO_RC4 */
275
276
277 static int send_auth_reply(struct hostapd_data *hapd,
278 const u8 *dst, const u8 *bssid,
279 u16 auth_alg, u16 auth_transaction, u16 resp,
280 const u8 *ies, size_t ies_len)
281 {
282 struct ieee80211_mgmt *reply;
283 u8 *buf;
284 size_t rlen;
285 int reply_res = WLAN_STATUS_UNSPECIFIED_FAILURE;
286
287 rlen = IEEE80211_HDRLEN + sizeof(reply->u.auth) + ies_len;
288 buf = os_zalloc(rlen);
289 if (buf == NULL)
290 return -1;
291
292 reply = (struct ieee80211_mgmt *) buf;
293 reply->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
294 WLAN_FC_STYPE_AUTH);
295 os_memcpy(reply->da, dst, ETH_ALEN);
296 os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN);
297 os_memcpy(reply->bssid, bssid, ETH_ALEN);
298
299 reply->u.auth.auth_alg = host_to_le16(auth_alg);
300 reply->u.auth.auth_transaction = host_to_le16(auth_transaction);
301 reply->u.auth.status_code = host_to_le16(resp);
302
303 if (ies && ies_len)
304 os_memcpy(reply->u.auth.variable, ies, ies_len);
305
306 wpa_printf(MSG_DEBUG, "authentication reply: STA=" MACSTR
307 " auth_alg=%d auth_transaction=%d resp=%d (IE len=%lu)",
308 MAC2STR(dst), auth_alg, auth_transaction,
309 resp, (unsigned long) ies_len);
310 if (hostapd_drv_send_mlme(hapd, reply, rlen, 0) < 0)
311 wpa_printf(MSG_INFO, "send_auth_reply: send failed");
312 else
313 reply_res = WLAN_STATUS_SUCCESS;
314
315 os_free(buf);
316
317 return reply_res;
318 }
319
320
321 #ifdef CONFIG_IEEE80211R_AP
322 static void handle_auth_ft_finish(void *ctx, const u8 *dst, const u8 *bssid,
323 u16 auth_transaction, u16 status,
324 const u8 *ies, size_t ies_len)
325 {
326 struct hostapd_data *hapd = ctx;
327 struct sta_info *sta;
328 int reply_res;
329
330 reply_res = send_auth_reply(hapd, dst, bssid, WLAN_AUTH_FT,
331 auth_transaction, status, ies, ies_len);
332
333 sta = ap_get_sta(hapd, dst);
334 if (sta == NULL)
335 return;
336
337 if (sta->added_unassoc && (reply_res != WLAN_STATUS_SUCCESS ||
338 status != WLAN_STATUS_SUCCESS)) {
339 hostapd_drv_sta_remove(hapd, sta->addr);
340 sta->added_unassoc = 0;
341 return;
342 }
343
344 if (status != WLAN_STATUS_SUCCESS)
345 return;
346
347 hostapd_logger(hapd, dst, HOSTAPD_MODULE_IEEE80211,
348 HOSTAPD_LEVEL_DEBUG, "authentication OK (FT)");
349 sta->flags |= WLAN_STA_AUTH;
350 mlme_authenticate_indication(hapd, sta);
351 }
352 #endif /* CONFIG_IEEE80211R_AP */
353
354
355 #ifdef CONFIG_SAE
356
357 static void sae_set_state(struct sta_info *sta, enum sae_state state,
358 const char *reason)
359 {
360 wpa_printf(MSG_DEBUG, "SAE: State %s -> %s for peer " MACSTR " (%s)",
361 sae_state_txt(sta->sae->state), sae_state_txt(state),
362 MAC2STR(sta->addr), reason);
363 sta->sae->state = state;
364 }
365
366
367 static struct wpabuf * auth_build_sae_commit(struct hostapd_data *hapd,
368 struct sta_info *sta, int update)
369 {
370 struct wpabuf *buf;
371 const char *password;
372
373 password = hapd->conf->sae_password;
374 if (!password)
375 password = hapd->conf->ssid.wpa_passphrase;
376 if (!password) {
377 wpa_printf(MSG_DEBUG, "SAE: No password available");
378 return NULL;
379 }
380
381 if (update &&
382 sae_prepare_commit(hapd->own_addr, sta->addr,
383 (u8 *) password, os_strlen(password),
384 sta->sae) < 0) {
385 wpa_printf(MSG_DEBUG, "SAE: Could not pick PWE");
386 return NULL;
387 }
388
389 buf = wpabuf_alloc(SAE_COMMIT_MAX_LEN);
390 if (buf == NULL)
391 return NULL;
392 sae_write_commit(sta->sae, buf, sta->sae->tmp ?
393 sta->sae->tmp->anti_clogging_token : NULL);
394
395 return buf;
396 }
397
398
399 static struct wpabuf * auth_build_sae_confirm(struct hostapd_data *hapd,
400 struct sta_info *sta)
401 {
402 struct wpabuf *buf;
403
404 buf = wpabuf_alloc(SAE_CONFIRM_MAX_LEN);
405 if (buf == NULL)
406 return NULL;
407
408 sae_write_confirm(sta->sae, buf);
409
410 return buf;
411 }
412
413
414 static int auth_sae_send_commit(struct hostapd_data *hapd,
415 struct sta_info *sta,
416 const u8 *bssid, int update)
417 {
418 struct wpabuf *data;
419 int reply_res;
420
421 data = auth_build_sae_commit(hapd, sta, update);
422 if (data == NULL)
423 return WLAN_STATUS_UNSPECIFIED_FAILURE;
424
425 reply_res = send_auth_reply(hapd, sta->addr, bssid, WLAN_AUTH_SAE, 1,
426 WLAN_STATUS_SUCCESS, wpabuf_head(data),
427 wpabuf_len(data));
428
429 wpabuf_free(data);
430
431 return reply_res;
432 }
433
434
435 static int auth_sae_send_confirm(struct hostapd_data *hapd,
436 struct sta_info *sta,
437 const u8 *bssid)
438 {
439 struct wpabuf *data;
440 int reply_res;
441
442 data = auth_build_sae_confirm(hapd, sta);
443 if (data == NULL)
444 return WLAN_STATUS_UNSPECIFIED_FAILURE;
445
446 reply_res = send_auth_reply(hapd, sta->addr, bssid, WLAN_AUTH_SAE, 2,
447 WLAN_STATUS_SUCCESS, wpabuf_head(data),
448 wpabuf_len(data));
449
450 wpabuf_free(data);
451
452 return reply_res;
453 }
454
455
456 static int use_sae_anti_clogging(struct hostapd_data *hapd)
457 {
458 struct sta_info *sta;
459 unsigned int open = 0;
460
461 if (hapd->conf->sae_anti_clogging_threshold == 0)
462 return 1;
463
464 for (sta = hapd->sta_list; sta; sta = sta->next) {
465 if (!sta->sae)
466 continue;
467 if (sta->sae->state != SAE_COMMITTED &&
468 sta->sae->state != SAE_CONFIRMED)
469 continue;
470 open++;
471 if (open >= hapd->conf->sae_anti_clogging_threshold)
472 return 1;
473 }
474
475 return 0;
476 }
477
478
479 static int check_sae_token(struct hostapd_data *hapd, const u8 *addr,
480 const u8 *token, size_t token_len)
481 {
482 u8 mac[SHA256_MAC_LEN];
483
484 if (token_len != SHA256_MAC_LEN)
485 return -1;
486 if (hmac_sha256(hapd->sae_token_key, sizeof(hapd->sae_token_key),
487 addr, ETH_ALEN, mac) < 0 ||
488 os_memcmp_const(token, mac, SHA256_MAC_LEN) != 0)
489 return -1;
490
491 return 0;
492 }
493
494
495 static struct wpabuf * auth_build_token_req(struct hostapd_data *hapd,
496 int group, const u8 *addr)
497 {
498 struct wpabuf *buf;
499 u8 *token;
500 struct os_reltime now;
501
502 os_get_reltime(&now);
503 if (!os_reltime_initialized(&hapd->last_sae_token_key_update) ||
504 os_reltime_expired(&now, &hapd->last_sae_token_key_update, 60)) {
505 if (random_get_bytes(hapd->sae_token_key,
506 sizeof(hapd->sae_token_key)) < 0)
507 return NULL;
508 wpa_hexdump(MSG_DEBUG, "SAE: Updated token key",
509 hapd->sae_token_key, sizeof(hapd->sae_token_key));
510 hapd->last_sae_token_key_update = now;
511 }
512
513 buf = wpabuf_alloc(sizeof(le16) + SHA256_MAC_LEN);
514 if (buf == NULL)
515 return NULL;
516
517 wpabuf_put_le16(buf, group); /* Finite Cyclic Group */
518
519 token = wpabuf_put(buf, SHA256_MAC_LEN);
520 hmac_sha256(hapd->sae_token_key, sizeof(hapd->sae_token_key),
521 addr, ETH_ALEN, token);
522
523 return buf;
524 }
525
526
527 static int sae_check_big_sync(struct hostapd_data *hapd, struct sta_info *sta)
528 {
529 if (sta->sae->sync > hapd->conf->sae_sync) {
530 sae_set_state(sta, SAE_NOTHING, "Sync > dot11RSNASAESync");
531 sta->sae->sync = 0;
532 return -1;
533 }
534 return 0;
535 }
536
537
538 static void auth_sae_retransmit_timer(void *eloop_ctx, void *eloop_data)
539 {
540 struct hostapd_data *hapd = eloop_ctx;
541 struct sta_info *sta = eloop_data;
542 int ret;
543
544 if (sae_check_big_sync(hapd, sta))
545 return;
546 sta->sae->sync++;
547 wpa_printf(MSG_DEBUG, "SAE: Auth SAE retransmit timer for " MACSTR
548 " (sync=%d state=%s)",
549 MAC2STR(sta->addr), sta->sae->sync,
550 sae_state_txt(sta->sae->state));
551
552 switch (sta->sae->state) {
553 case SAE_COMMITTED:
554 ret = auth_sae_send_commit(hapd, sta, hapd->own_addr, 0);
555 eloop_register_timeout(0,
556 hapd->dot11RSNASAERetransPeriod * 1000,
557 auth_sae_retransmit_timer, hapd, sta);
558 break;
559 case SAE_CONFIRMED:
560 ret = auth_sae_send_confirm(hapd, sta, hapd->own_addr);
561 eloop_register_timeout(0,
562 hapd->dot11RSNASAERetransPeriod * 1000,
563 auth_sae_retransmit_timer, hapd, sta);
564 break;
565 default:
566 ret = -1;
567 break;
568 }
569
570 if (ret != WLAN_STATUS_SUCCESS)
571 wpa_printf(MSG_INFO, "SAE: Failed to retransmit: ret=%d", ret);
572 }
573
574
575 void sae_clear_retransmit_timer(struct hostapd_data *hapd, struct sta_info *sta)
576 {
577 eloop_cancel_timeout(auth_sae_retransmit_timer, hapd, sta);
578 }
579
580
581 static void sae_set_retransmit_timer(struct hostapd_data *hapd,
582 struct sta_info *sta)
583 {
584 if (!(hapd->conf->mesh & MESH_ENABLED))
585 return;
586
587 eloop_cancel_timeout(auth_sae_retransmit_timer, hapd, sta);
588 eloop_register_timeout(0, hapd->dot11RSNASAERetransPeriod * 1000,
589 auth_sae_retransmit_timer, hapd, sta);
590 }
591
592
593 void sae_accept_sta(struct hostapd_data *hapd, struct sta_info *sta)
594 {
595 sta->flags |= WLAN_STA_AUTH;
596 sta->auth_alg = WLAN_AUTH_SAE;
597 mlme_authenticate_indication(hapd, sta);
598 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
599 sae_set_state(sta, SAE_ACCEPTED, "Accept Confirm");
600 wpa_auth_pmksa_add_sae(hapd->wpa_auth, sta->addr,
601 sta->sae->pmk, sta->sae->pmkid);
602 }
603
604
605 static int sae_sm_step(struct hostapd_data *hapd, struct sta_info *sta,
606 const u8 *bssid, u8 auth_transaction)
607 {
608 int ret;
609
610 if (auth_transaction != 1 && auth_transaction != 2)
611 return WLAN_STATUS_UNSPECIFIED_FAILURE;
612
613 wpa_printf(MSG_DEBUG, "SAE: Peer " MACSTR " state=%s auth_trans=%u",
614 MAC2STR(sta->addr), sae_state_txt(sta->sae->state),
615 auth_transaction);
616 switch (sta->sae->state) {
617 case SAE_NOTHING:
618 if (auth_transaction == 1) {
619 ret = auth_sae_send_commit(hapd, sta, bssid, 1);
620 if (ret)
621 return ret;
622 sae_set_state(sta, SAE_COMMITTED, "Sent Commit");
623
624 if (sae_process_commit(sta->sae) < 0)
625 return WLAN_STATUS_UNSPECIFIED_FAILURE;
626
627 /*
628 * In mesh case, both Commit and Confirm can be sent
629 * immediately. In infrastructure BSS, only a single
630 * Authentication frame (Commit) is expected from the AP
631 * here and the second one (Confirm) will be sent once
632 * the STA has sent its second Authentication frame
633 * (Confirm).
634 */
635 if (hapd->conf->mesh & MESH_ENABLED) {
636 /*
637 * Send both Commit and Confirm immediately
638 * based on SAE finite state machine
639 * Nothing -> Confirm transition.
640 */
641 ret = auth_sae_send_confirm(hapd, sta, bssid);
642 if (ret)
643 return ret;
644 sae_set_state(sta, SAE_CONFIRMED,
645 "Sent Confirm (mesh)");
646 } else {
647 /*
648 * For infrastructure BSS, send only the Commit
649 * message now to get alternating sequence of
650 * Authentication frames between the AP and STA.
651 * Confirm will be sent in
652 * Committed -> Confirmed/Accepted transition
653 * when receiving Confirm from STA.
654 */
655 }
656 sta->sae->sync = 0;
657 sae_set_retransmit_timer(hapd, sta);
658 } else {
659 hostapd_logger(hapd, sta->addr,
660 HOSTAPD_MODULE_IEEE80211,
661 HOSTAPD_LEVEL_DEBUG,
662 "SAE confirm before commit");
663 }
664 break;
665 case SAE_COMMITTED:
666 sae_clear_retransmit_timer(hapd, sta);
667 if (auth_transaction == 1) {
668 if (sae_process_commit(sta->sae) < 0)
669 return WLAN_STATUS_UNSPECIFIED_FAILURE;
670
671 ret = auth_sae_send_confirm(hapd, sta, bssid);
672 if (ret)
673 return ret;
674 sae_set_state(sta, SAE_CONFIRMED, "Sent Confirm");
675 sta->sae->sync = 0;
676 sae_set_retransmit_timer(hapd, sta);
677 } else if (hapd->conf->mesh & MESH_ENABLED) {
678 /*
679 * In mesh case, follow SAE finite state machine and
680 * send Commit now, if sync count allows.
681 */
682 if (sae_check_big_sync(hapd, sta))
683 return WLAN_STATUS_SUCCESS;
684 sta->sae->sync++;
685
686 ret = auth_sae_send_commit(hapd, sta, bssid, 0);
687 if (ret)
688 return ret;
689
690 sae_set_retransmit_timer(hapd, sta);
691 } else {
692 /*
693 * For instructure BSS, send the postponed Confirm from
694 * Nothing -> Confirmed transition that was reduced to
695 * Nothing -> Committed above.
696 */
697 ret = auth_sae_send_confirm(hapd, sta, bssid);
698 if (ret)
699 return ret;
700
701 sae_set_state(sta, SAE_CONFIRMED, "Sent Confirm");
702
703 /*
704 * Since this was triggered on Confirm RX, run another
705 * step to get to Accepted without waiting for
706 * additional events.
707 */
708 return sae_sm_step(hapd, sta, bssid, auth_transaction);
709 }
710 break;
711 case SAE_CONFIRMED:
712 sae_clear_retransmit_timer(hapd, sta);
713 if (auth_transaction == 1) {
714 if (sae_check_big_sync(hapd, sta))
715 return WLAN_STATUS_SUCCESS;
716 sta->sae->sync++;
717
718 ret = auth_sae_send_commit(hapd, sta, bssid, 1);
719 if (ret)
720 return ret;
721
722 if (sae_process_commit(sta->sae) < 0)
723 return WLAN_STATUS_UNSPECIFIED_FAILURE;
724
725 ret = auth_sae_send_confirm(hapd, sta, bssid);
726 if (ret)
727 return ret;
728
729 sae_set_retransmit_timer(hapd, sta);
730 } else {
731 sta->sae->send_confirm = 0xffff;
732 sae_accept_sta(hapd, sta);
733 }
734 break;
735 case SAE_ACCEPTED:
736 if (auth_transaction == 1) {
737 wpa_printf(MSG_DEBUG, "SAE: remove the STA (" MACSTR
738 ") doing reauthentication",
739 MAC2STR(sta->addr));
740 ap_free_sta(hapd, sta);
741 wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr);
742 } else {
743 if (sae_check_big_sync(hapd, sta))
744 return WLAN_STATUS_SUCCESS;
745 sta->sae->sync++;
746
747 ret = auth_sae_send_confirm(hapd, sta, bssid);
748 sae_clear_temp_data(sta->sae);
749 if (ret)
750 return ret;
751 }
752 break;
753 default:
754 wpa_printf(MSG_ERROR, "SAE: invalid state %d",
755 sta->sae->state);
756 return WLAN_STATUS_UNSPECIFIED_FAILURE;
757 }
758 return WLAN_STATUS_SUCCESS;
759 }
760
761
762 static void sae_pick_next_group(struct hostapd_data *hapd, struct sta_info *sta)
763 {
764 struct sae_data *sae = sta->sae;
765 int i, *groups = hapd->conf->sae_groups;
766
767 if (sae->state != SAE_COMMITTED)
768 return;
769
770 wpa_printf(MSG_DEBUG, "SAE: Previously selected group: %d", sae->group);
771
772 for (i = 0; groups && groups[i] > 0; i++) {
773 if (sae->group == groups[i])
774 break;
775 }
776
777 if (!groups || groups[i] <= 0) {
778 wpa_printf(MSG_DEBUG,
779 "SAE: Previously selected group not found from the current configuration");
780 return;
781 }
782
783 for (;;) {
784 i++;
785 if (groups[i] <= 0) {
786 wpa_printf(MSG_DEBUG,
787 "SAE: No alternative group enabled");
788 return;
789 }
790
791 if (sae_set_group(sae, groups[i]) < 0)
792 continue;
793
794 break;
795 }
796 wpa_printf(MSG_DEBUG, "SAE: Selected new group: %d", groups[i]);
797 }
798
799
800 static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
801 const struct ieee80211_mgmt *mgmt, size_t len,
802 u16 auth_transaction, u16 status_code)
803 {
804 int resp = WLAN_STATUS_SUCCESS;
805 struct wpabuf *data = NULL;
806
807 #ifdef CONFIG_TESTING_OPTIONS
808 if (hapd->conf->sae_reflection_attack && auth_transaction == 1) {
809 const u8 *pos, *end;
810
811 wpa_printf(MSG_DEBUG, "SAE: TESTING - reflection attack");
812 pos = mgmt->u.auth.variable;
813 end = ((const u8 *) mgmt) + len;
814 send_auth_reply(hapd, mgmt->sa, mgmt->bssid, WLAN_AUTH_SAE,
815 auth_transaction, resp, pos, end - pos);
816 goto remove_sta;
817 }
818
819 if (hapd->conf->sae_commit_override && auth_transaction == 1) {
820 wpa_printf(MSG_DEBUG, "SAE: TESTING - commit override");
821 send_auth_reply(hapd, mgmt->sa, mgmt->bssid, WLAN_AUTH_SAE,
822 auth_transaction, resp,
823 wpabuf_head(hapd->conf->sae_commit_override),
824 wpabuf_len(hapd->conf->sae_commit_override));
825 goto remove_sta;
826 }
827 #endif /* CONFIG_TESTING_OPTIONS */
828 if (!sta->sae) {
829 if (auth_transaction != 1 ||
830 status_code != WLAN_STATUS_SUCCESS) {
831 resp = -1;
832 goto remove_sta;
833 }
834 sta->sae = os_zalloc(sizeof(*sta->sae));
835 if (!sta->sae) {
836 resp = -1;
837 goto remove_sta;
838 }
839 sae_set_state(sta, SAE_NOTHING, "Init");
840 sta->sae->sync = 0;
841 }
842
843 if (sta->mesh_sae_pmksa_caching) {
844 wpa_printf(MSG_DEBUG,
845 "SAE: Cancel use of mesh PMKSA caching because peer starts SAE authentication");
846 wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr);
847 sta->mesh_sae_pmksa_caching = 0;
848 }
849
850 if (auth_transaction == 1) {
851 const u8 *token = NULL, *pos, *end;
852 size_t token_len = 0;
853 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
854 HOSTAPD_LEVEL_DEBUG,
855 "start SAE authentication (RX commit, status=%u)",
856 status_code);
857
858 if ((hapd->conf->mesh & MESH_ENABLED) &&
859 status_code == WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ &&
860 sta->sae->tmp) {
861 pos = mgmt->u.auth.variable;
862 end = ((const u8 *) mgmt) + len;
863 if (pos + sizeof(le16) > end) {
864 wpa_printf(MSG_ERROR,
865 "SAE: Too short anti-clogging token request");
866 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
867 goto reply;
868 }
869 resp = sae_group_allowed(sta->sae,
870 hapd->conf->sae_groups,
871 WPA_GET_LE16(pos));
872 if (resp != WLAN_STATUS_SUCCESS) {
873 wpa_printf(MSG_ERROR,
874 "SAE: Invalid group in anti-clogging token request");
875 goto reply;
876 }
877 pos += sizeof(le16);
878
879 wpabuf_free(sta->sae->tmp->anti_clogging_token);
880 sta->sae->tmp->anti_clogging_token =
881 wpabuf_alloc_copy(pos, end - pos);
882 if (sta->sae->tmp->anti_clogging_token == NULL) {
883 wpa_printf(MSG_ERROR,
884 "SAE: Failed to alloc for anti-clogging token");
885 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
886 goto remove_sta;
887 }
888
889 /*
890 * IEEE Std 802.11-2012, 11.3.8.6.4: If the Status code
891 * is 76, a new Commit Message shall be constructed
892 * with the Anti-Clogging Token from the received
893 * Authentication frame, and the commit-scalar and
894 * COMMIT-ELEMENT previously sent.
895 */
896 resp = auth_sae_send_commit(hapd, sta, mgmt->bssid, 0);
897 if (resp != WLAN_STATUS_SUCCESS) {
898 wpa_printf(MSG_ERROR,
899 "SAE: Failed to send commit message");
900 goto remove_sta;
901 }
902 sae_set_state(sta, SAE_COMMITTED,
903 "Sent Commit (anti-clogging token case in mesh)");
904 sta->sae->sync = 0;
905 sae_set_retransmit_timer(hapd, sta);
906 return;
907 }
908
909 if ((hapd->conf->mesh & MESH_ENABLED) &&
910 status_code ==
911 WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED &&
912 sta->sae->tmp) {
913 wpa_printf(MSG_DEBUG,
914 "SAE: Peer did not accept our SAE group");
915 sae_pick_next_group(hapd, sta);
916 goto remove_sta;
917 }
918
919 if (status_code != WLAN_STATUS_SUCCESS)
920 goto remove_sta;
921
922 resp = sae_parse_commit(sta->sae, mgmt->u.auth.variable,
923 ((const u8 *) mgmt) + len -
924 mgmt->u.auth.variable, &token,
925 &token_len, hapd->conf->sae_groups);
926 if (resp == SAE_SILENTLY_DISCARD) {
927 wpa_printf(MSG_DEBUG,
928 "SAE: Drop commit message from " MACSTR " due to reflection attack",
929 MAC2STR(sta->addr));
930 goto remove_sta;
931 }
932 if (token && check_sae_token(hapd, sta->addr, token, token_len)
933 < 0) {
934 wpa_printf(MSG_DEBUG, "SAE: Drop commit message with "
935 "incorrect token from " MACSTR,
936 MAC2STR(sta->addr));
937 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
938 goto remove_sta;
939 }
940
941 if (resp != WLAN_STATUS_SUCCESS)
942 goto reply;
943
944 if (!token && use_sae_anti_clogging(hapd)) {
945 wpa_printf(MSG_DEBUG,
946 "SAE: Request anti-clogging token from "
947 MACSTR, MAC2STR(sta->addr));
948 data = auth_build_token_req(hapd, sta->sae->group,
949 sta->addr);
950 resp = WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ;
951 if (hapd->conf->mesh & MESH_ENABLED)
952 sae_set_state(sta, SAE_NOTHING,
953 "Request anti-clogging token case in mesh");
954 goto reply;
955 }
956
957 resp = sae_sm_step(hapd, sta, mgmt->bssid, auth_transaction);
958 } else if (auth_transaction == 2) {
959 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
960 HOSTAPD_LEVEL_DEBUG,
961 "SAE authentication (RX confirm, status=%u)",
962 status_code);
963 if (status_code != WLAN_STATUS_SUCCESS)
964 goto remove_sta;
965 if (sta->sae->state >= SAE_CONFIRMED ||
966 !(hapd->conf->mesh & MESH_ENABLED)) {
967 const u8 *var;
968 size_t var_len;
969 u16 peer_send_confirm;
970
971 var = mgmt->u.auth.variable;
972 var_len = ((u8 *) mgmt) + len - mgmt->u.auth.variable;
973 if (var_len < 2) {
974 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
975 goto reply;
976 }
977
978 peer_send_confirm = WPA_GET_LE16(var);
979
980 if (sta->sae->state == SAE_ACCEPTED &&
981 (peer_send_confirm <= sta->sae->rc ||
982 peer_send_confirm == 0xffff)) {
983 wpa_printf(MSG_DEBUG,
984 "SAE: Silently ignore unexpected Confirm from peer "
985 MACSTR
986 " (peer-send-confirm=%u Rc=%u)",
987 MAC2STR(sta->addr),
988 peer_send_confirm, sta->sae->rc);
989 return;
990 }
991
992 if (sae_check_confirm(sta->sae, var, var_len) < 0) {
993 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
994 goto reply;
995 }
996 sta->sae->rc = peer_send_confirm;
997 }
998 resp = sae_sm_step(hapd, sta, mgmt->bssid, auth_transaction);
999 } else {
1000 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1001 HOSTAPD_LEVEL_DEBUG,
1002 "unexpected SAE authentication transaction %u (status=%u)",
1003 auth_transaction, status_code);
1004 if (status_code != WLAN_STATUS_SUCCESS)
1005 goto remove_sta;
1006 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION;
1007 }
1008
1009 reply:
1010 if (resp != WLAN_STATUS_SUCCESS) {
1011 send_auth_reply(hapd, mgmt->sa, mgmt->bssid, WLAN_AUTH_SAE,
1012 auth_transaction, resp,
1013 data ? wpabuf_head(data) : (u8 *) "",
1014 data ? wpabuf_len(data) : 0);
1015 }
1016
1017 remove_sta:
1018 if (sta->added_unassoc && (resp != WLAN_STATUS_SUCCESS ||
1019 status_code != WLAN_STATUS_SUCCESS)) {
1020 hostapd_drv_sta_remove(hapd, sta->addr);
1021 sta->added_unassoc = 0;
1022 }
1023 wpabuf_free(data);
1024 }
1025
1026
1027 /**
1028 * auth_sae_init_committed - Send COMMIT and start SAE in committed state
1029 * @hapd: BSS data for the device initiating the authentication
1030 * @sta: the peer to which commit authentication frame is sent
1031 *
1032 * This function implements Init event handling (IEEE Std 802.11-2012,
1033 * 11.3.8.6.3) in which initial COMMIT message is sent. Prior to calling, the
1034 * sta->sae structure should be initialized appropriately via a call to
1035 * sae_prepare_commit().
1036 */
1037 int auth_sae_init_committed(struct hostapd_data *hapd, struct sta_info *sta)
1038 {
1039 int ret;
1040
1041 if (!sta->sae || !sta->sae->tmp)
1042 return -1;
1043
1044 if (sta->sae->state != SAE_NOTHING)
1045 return -1;
1046
1047 ret = auth_sae_send_commit(hapd, sta, hapd->own_addr, 0);
1048 if (ret)
1049 return -1;
1050
1051 sae_set_state(sta, SAE_COMMITTED, "Init and sent commit");
1052 sta->sae->sync = 0;
1053 sae_set_retransmit_timer(hapd, sta);
1054
1055 return 0;
1056 }
1057
1058 #endif /* CONFIG_SAE */
1059
1060
1061 static u16 wpa_res_to_status_code(int res)
1062 {
1063 if (res == WPA_INVALID_GROUP)
1064 return WLAN_STATUS_GROUP_CIPHER_NOT_VALID;
1065 if (res == WPA_INVALID_PAIRWISE)
1066 return WLAN_STATUS_PAIRWISE_CIPHER_NOT_VALID;
1067 if (res == WPA_INVALID_AKMP)
1068 return WLAN_STATUS_AKMP_NOT_VALID;
1069 if (res == WPA_ALLOC_FAIL)
1070 return WLAN_STATUS_UNSPECIFIED_FAILURE;
1071 #ifdef CONFIG_IEEE80211W
1072 if (res == WPA_MGMT_FRAME_PROTECTION_VIOLATION)
1073 return WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION;
1074 if (res == WPA_INVALID_MGMT_GROUP_CIPHER)
1075 return WLAN_STATUS_CIPHER_REJECTED_PER_POLICY;
1076 #endif /* CONFIG_IEEE80211W */
1077 if (res == WPA_INVALID_MDIE)
1078 return WLAN_STATUS_INVALID_MDIE;
1079 if (res == WPA_INVALID_PMKID)
1080 return WLAN_STATUS_INVALID_PMKID;
1081 if (res != WPA_IE_OK)
1082 return WLAN_STATUS_INVALID_IE;
1083 return WLAN_STATUS_SUCCESS;
1084 }
1085
1086
1087 #ifdef CONFIG_FILS
1088
1089 static void handle_auth_fils_finish(struct hostapd_data *hapd,
1090 struct sta_info *sta, u16 resp,
1091 struct wpabuf *data, int pub);
1092
1093 void handle_auth_fils(struct hostapd_data *hapd, struct sta_info *sta,
1094 const u8 *pos, size_t len, u16 auth_alg,
1095 u16 auth_transaction, u16 status_code,
1096 void (*cb)(struct hostapd_data *hapd,
1097 struct sta_info *sta, u16 resp,
1098 struct wpabuf *data, int pub))
1099 {
1100 u16 resp = WLAN_STATUS_SUCCESS;
1101 const u8 *end;
1102 struct ieee802_11_elems elems;
1103 int res;
1104 struct wpa_ie_data rsn;
1105 struct rsn_pmksa_cache_entry *pmksa = NULL;
1106
1107 if (auth_transaction != 1 || status_code != WLAN_STATUS_SUCCESS)
1108 return;
1109
1110 end = pos + len;
1111
1112 wpa_hexdump(MSG_DEBUG, "FILS: Authentication frame fields",
1113 pos, end - pos);
1114
1115 /* TODO: FILS PK */
1116 #ifdef CONFIG_FILS_SK_PFS
1117 if (auth_alg == WLAN_AUTH_FILS_SK_PFS) {
1118 u16 group;
1119 struct wpabuf *pub;
1120 size_t elem_len;
1121
1122 /* Using FILS PFS */
1123
1124 /* Finite Cyclic Group */
1125 if (end - pos < 2) {
1126 wpa_printf(MSG_DEBUG,
1127 "FILS: No room for Finite Cyclic Group");
1128 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1129 goto fail;
1130 }
1131 group = WPA_GET_LE16(pos);
1132 pos += 2;
1133 if (group != hapd->conf->fils_dh_group) {
1134 wpa_printf(MSG_DEBUG,
1135 "FILS: Unsupported Finite Cyclic Group: %u (expected %u)",
1136 group, hapd->conf->fils_dh_group);
1137 resp = WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED;
1138 goto fail;
1139 }
1140
1141 crypto_ecdh_deinit(sta->fils_ecdh);
1142 sta->fils_ecdh = crypto_ecdh_init(group);
1143 if (!sta->fils_ecdh) {
1144 wpa_printf(MSG_INFO,
1145 "FILS: Could not initialize ECDH with group %d",
1146 group);
1147 resp = WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED;
1148 goto fail;
1149 }
1150
1151 pub = crypto_ecdh_get_pubkey(sta->fils_ecdh, 1);
1152 if (!pub) {
1153 wpa_printf(MSG_DEBUG,
1154 "FILS: Failed to derive ECDH public key");
1155 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1156 goto fail;
1157 }
1158 elem_len = wpabuf_len(pub);
1159 wpabuf_free(pub);
1160
1161 /* Element */
1162 if ((size_t) (end - pos) < elem_len) {
1163 wpa_printf(MSG_DEBUG, "FILS: No room for Element");
1164 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1165 goto fail;
1166 }
1167
1168 wpabuf_free(sta->fils_g_sta);
1169 sta->fils_g_sta = wpabuf_alloc_copy(pos, elem_len);
1170 wpabuf_clear_free(sta->fils_dh_ss);
1171 sta->fils_dh_ss = crypto_ecdh_set_peerkey(sta->fils_ecdh, 1,
1172 pos, elem_len);
1173 if (!sta->fils_dh_ss) {
1174 wpa_printf(MSG_DEBUG, "FILS: ECDH operation failed");
1175 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1176 goto fail;
1177 }
1178 wpa_hexdump_buf_key(MSG_DEBUG, "FILS: DH_SS", sta->fils_dh_ss);
1179 pos += elem_len;
1180 } else {
1181 crypto_ecdh_deinit(sta->fils_ecdh);
1182 sta->fils_ecdh = NULL;
1183 wpabuf_clear_free(sta->fils_dh_ss);
1184 sta->fils_dh_ss = NULL;
1185 }
1186 #endif /* CONFIG_FILS_SK_PFS */
1187
1188 wpa_hexdump(MSG_DEBUG, "FILS: Remaining IEs", pos, end - pos);
1189 if (ieee802_11_parse_elems(pos, end - pos, &elems, 1) == ParseFailed) {
1190 wpa_printf(MSG_DEBUG, "FILS: Could not parse elements");
1191 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1192 goto fail;
1193 }
1194
1195 /* RSNE */
1196 wpa_hexdump(MSG_DEBUG, "FILS: RSN element",
1197 elems.rsn_ie, elems.rsn_ie_len);
1198 if (!elems.rsn_ie ||
1199 wpa_parse_wpa_ie_rsn(elems.rsn_ie - 2, elems.rsn_ie_len + 2,
1200 &rsn) < 0) {
1201 wpa_printf(MSG_DEBUG, "FILS: No valid RSN element");
1202 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1203 goto fail;
1204 }
1205
1206 if (!sta->wpa_sm)
1207 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, sta->addr,
1208 NULL);
1209 if (!sta->wpa_sm) {
1210 wpa_printf(MSG_DEBUG,
1211 "FILS: Failed to initialize RSN state machine");
1212 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1213 goto fail;
1214 }
1215
1216 res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm,
1217 elems.rsn_ie - 2, elems.rsn_ie_len + 2,
1218 elems.mdie, elems.mdie_len, NULL, 0);
1219 resp = wpa_res_to_status_code(res);
1220 if (resp != WLAN_STATUS_SUCCESS)
1221 goto fail;
1222
1223 if (!elems.fils_nonce) {
1224 wpa_printf(MSG_DEBUG, "FILS: No FILS Nonce field");
1225 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1226 goto fail;
1227 }
1228 wpa_hexdump(MSG_DEBUG, "FILS: SNonce", elems.fils_nonce,
1229 FILS_NONCE_LEN);
1230 os_memcpy(sta->fils_snonce, elems.fils_nonce, FILS_NONCE_LEN);
1231
1232 /* PMKID List */
1233 if (rsn.pmkid && rsn.num_pmkid > 0) {
1234 u8 num;
1235 const u8 *pmkid;
1236
1237 wpa_hexdump(MSG_DEBUG, "FILS: PMKID List",
1238 rsn.pmkid, rsn.num_pmkid * PMKID_LEN);
1239
1240 pmkid = rsn.pmkid;
1241 num = rsn.num_pmkid;
1242 while (num) {
1243 wpa_hexdump(MSG_DEBUG, "FILS: PMKID", pmkid, PMKID_LEN);
1244 pmksa = wpa_auth_pmksa_get(hapd->wpa_auth, sta->addr,
1245 pmkid);
1246 if (pmksa)
1247 break;
1248 pmksa = wpa_auth_pmksa_get_fils_cache_id(hapd->wpa_auth,
1249 sta->addr,
1250 pmkid);
1251 if (pmksa)
1252 break;
1253 pmkid += PMKID_LEN;
1254 num--;
1255 }
1256 }
1257 if (pmksa && wpa_auth_sta_key_mgmt(sta->wpa_sm) != pmksa->akmp) {
1258 wpa_printf(MSG_DEBUG,
1259 "FILS: Matching PMKSA cache entry has different AKMP (0x%x != 0x%x) - ignore",
1260 wpa_auth_sta_key_mgmt(sta->wpa_sm), pmksa->akmp);
1261 pmksa = NULL;
1262 }
1263 if (pmksa)
1264 wpa_printf(MSG_DEBUG, "FILS: Found matching PMKSA cache entry");
1265
1266 /* FILS Session */
1267 if (!elems.fils_session) {
1268 wpa_printf(MSG_DEBUG, "FILS: No FILS Session element");
1269 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1270 goto fail;
1271 }
1272 wpa_hexdump(MSG_DEBUG, "FILS: FILS Session", elems.fils_session,
1273 FILS_SESSION_LEN);
1274 os_memcpy(sta->fils_session, elems.fils_session, FILS_SESSION_LEN);
1275
1276 /* FILS Wrapped Data */
1277 if (elems.fils_wrapped_data) {
1278 wpa_hexdump(MSG_DEBUG, "FILS: Wrapped Data",
1279 elems.fils_wrapped_data,
1280 elems.fils_wrapped_data_len);
1281 if (!pmksa) {
1282 #ifndef CONFIG_NO_RADIUS
1283 if (!sta->eapol_sm) {
1284 sta->eapol_sm =
1285 ieee802_1x_alloc_eapol_sm(hapd, sta);
1286 }
1287 wpa_printf(MSG_DEBUG,
1288 "FILS: Forward EAP-Initiate/Re-auth to authentication server");
1289 ieee802_1x_encapsulate_radius(
1290 hapd, sta, elems.fils_wrapped_data,
1291 elems.fils_wrapped_data_len);
1292 sta->fils_pending_cb = cb;
1293 wpa_printf(MSG_DEBUG,
1294 "FILS: Will send Authentication frame once the response from authentication server is available");
1295 sta->flags |= WLAN_STA_PENDING_FILS_ERP;
1296 /* Calculate pending PMKID here so that we do not need
1297 * to maintain a copy of the EAP-Initiate/Reauth
1298 * message. */
1299 if (fils_pmkid_erp(wpa_auth_sta_key_mgmt(sta->wpa_sm),
1300 elems.fils_wrapped_data,
1301 elems.fils_wrapped_data_len,
1302 sta->fils_erp_pmkid) == 0)
1303 sta->fils_erp_pmkid_set = 1;
1304 return;
1305 #else /* CONFIG_NO_RADIUS */
1306 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1307 goto fail;
1308 #endif /* CONFIG_NO_RADIUS */
1309 }
1310 }
1311
1312 fail:
1313 if (cb) {
1314 struct wpabuf *data;
1315 int pub = 0;
1316
1317 data = prepare_auth_resp_fils(hapd, sta, &resp, pmksa, NULL,
1318 NULL, 0, &pub);
1319 if (!data) {
1320 wpa_printf(MSG_DEBUG,
1321 "%s: prepare_auth_resp_fils() returned failure",
1322 __func__);
1323 }
1324
1325 cb(hapd, sta, resp, data, pub);
1326 }
1327 }
1328
1329
1330 static struct wpabuf *
1331 prepare_auth_resp_fils(struct hostapd_data *hapd,
1332 struct sta_info *sta, u16 *resp,
1333 struct rsn_pmksa_cache_entry *pmksa,
1334 struct wpabuf *erp_resp,
1335 const u8 *msk, size_t msk_len,
1336 int *is_pub)
1337 {
1338 u8 fils_nonce[FILS_NONCE_LEN];
1339 size_t ielen;
1340 struct wpabuf *data = NULL;
1341 const u8 *ie;
1342 u8 *ie_buf = NULL;
1343 const u8 *pmk = NULL;
1344 size_t pmk_len = 0;
1345 u8 pmk_buf[PMK_LEN_MAX];
1346 struct wpabuf *pub = NULL;
1347
1348 if (*resp != WLAN_STATUS_SUCCESS)
1349 goto fail;
1350
1351 ie = wpa_auth_get_wpa_ie(hapd->wpa_auth, &ielen);
1352 if (!ie) {
1353 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1354 goto fail;
1355 }
1356
1357 if (pmksa) {
1358 /* Add PMKID of the selected PMKSA into RSNE */
1359 ie_buf = os_malloc(ielen + 2 + 2 + PMKID_LEN);
1360 if (!ie_buf) {
1361 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1362 goto fail;
1363 }
1364
1365 os_memcpy(ie_buf, ie, ielen);
1366 if (wpa_insert_pmkid(ie_buf, &ielen, pmksa->pmkid) < 0) {
1367 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1368 goto fail;
1369 }
1370 ie = ie_buf;
1371 }
1372
1373 if (random_get_bytes(fils_nonce, FILS_NONCE_LEN) < 0) {
1374 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1375 goto fail;
1376 }
1377 wpa_hexdump(MSG_DEBUG, "RSN: Generated FILS Nonce",
1378 fils_nonce, FILS_NONCE_LEN);
1379
1380 #ifdef CONFIG_FILS_SK_PFS
1381 if (sta->fils_dh_ss && sta->fils_ecdh) {
1382 pub = crypto_ecdh_get_pubkey(sta->fils_ecdh, 1);
1383 if (!pub) {
1384 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1385 goto fail;
1386 }
1387 }
1388 #endif /* CONFIG_FILS_SK_PFS */
1389
1390 data = wpabuf_alloc(1000 + ielen + (pub ? wpabuf_len(pub) : 0));
1391 if (!data) {
1392 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1393 goto fail;
1394 }
1395
1396 /* TODO: FILS PK */
1397 #ifdef CONFIG_FILS_SK_PFS
1398 if (pub) {
1399 /* Finite Cyclic Group */
1400 wpabuf_put_le16(data, hapd->conf->fils_dh_group);
1401
1402 /* Element */
1403 wpabuf_put_buf(data, pub);
1404 }
1405 #endif /* CONFIG_FILS_SK_PFS */
1406
1407 /* RSNE */
1408 wpabuf_put_data(data, ie, ielen);
1409
1410 /* MDE when using FILS+FT (already included in ie,ielen with RSNE) */
1411
1412 #ifdef CONFIG_IEEE80211R_AP
1413 if (wpa_key_mgmt_ft(wpa_auth_sta_key_mgmt(sta->wpa_sm))) {
1414 /* FTE[R1KH-ID,R0KH-ID] when using FILS+FT */
1415 int res;
1416
1417 res = wpa_auth_write_fte(hapd->wpa_auth, wpabuf_put(data, 0),
1418 wpabuf_tailroom(data));
1419 if (res < 0) {
1420 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1421 goto fail;
1422 }
1423 wpabuf_put(data, res);
1424 }
1425 #endif /* CONFIG_IEEE80211R_AP */
1426
1427 /* FILS Nonce */
1428 wpabuf_put_u8(data, WLAN_EID_EXTENSION); /* Element ID */
1429 wpabuf_put_u8(data, 1 + FILS_NONCE_LEN); /* Length */
1430 /* Element ID Extension */
1431 wpabuf_put_u8(data, WLAN_EID_EXT_FILS_NONCE);
1432 wpabuf_put_data(data, fils_nonce, FILS_NONCE_LEN);
1433
1434 /* FILS Session */
1435 wpabuf_put_u8(data, WLAN_EID_EXTENSION); /* Element ID */
1436 wpabuf_put_u8(data, 1 + FILS_SESSION_LEN); /* Length */
1437 /* Element ID Extension */
1438 wpabuf_put_u8(data, WLAN_EID_EXT_FILS_SESSION);
1439 wpabuf_put_data(data, sta->fils_session, FILS_SESSION_LEN);
1440
1441 /* FILS Wrapped Data */
1442 if (!pmksa && erp_resp) {
1443 wpabuf_put_u8(data, WLAN_EID_EXTENSION); /* Element ID */
1444 wpabuf_put_u8(data, 1 + wpabuf_len(erp_resp)); /* Length */
1445 /* Element ID Extension */
1446 wpabuf_put_u8(data, WLAN_EID_EXT_FILS_WRAPPED_DATA);
1447 wpabuf_put_buf(data, erp_resp);
1448
1449 if (fils_rmsk_to_pmk(wpa_auth_sta_key_mgmt(sta->wpa_sm),
1450 msk, msk_len, sta->fils_snonce, fils_nonce,
1451 sta->fils_dh_ss ?
1452 wpabuf_head(sta->fils_dh_ss) : NULL,
1453 sta->fils_dh_ss ?
1454 wpabuf_len(sta->fils_dh_ss) : 0,
1455 pmk_buf, &pmk_len)) {
1456 wpa_printf(MSG_DEBUG, "FILS: Failed to derive PMK");
1457 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1458 wpabuf_free(data);
1459 data = NULL;
1460 goto fail;
1461 }
1462 pmk = pmk_buf;
1463
1464 /* Don't use DHss in PTK derivation if PMKSA caching is not
1465 * used. */
1466 wpabuf_clear_free(sta->fils_dh_ss);
1467 sta->fils_dh_ss = NULL;
1468
1469 if (sta->fils_erp_pmkid_set) {
1470 /* TODO: get PMKLifetime from WPA parameters */
1471 unsigned int dot11RSNAConfigPMKLifetime = 43200;
1472
1473 sta->fils_erp_pmkid_set = 0;
1474 if (wpa_auth_pmksa_add2(
1475 hapd->wpa_auth, sta->addr,
1476 pmk, pmk_len,
1477 sta->fils_erp_pmkid,
1478 sta->session_timeout_set ?
1479 sta->session_timeout :
1480 dot11RSNAConfigPMKLifetime,
1481 wpa_auth_sta_key_mgmt(sta->wpa_sm)) < 0) {
1482 wpa_printf(MSG_ERROR,
1483 "FILS: Failed to add PMKSA cache entry based on ERP");
1484 }
1485 }
1486 } else if (pmksa) {
1487 pmk = pmksa->pmk;
1488 pmk_len = pmksa->pmk_len;
1489 }
1490
1491 if (!pmk) {
1492 wpa_printf(MSG_DEBUG, "FILS: No PMK available");
1493 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1494 wpabuf_free(data);
1495 data = NULL;
1496 goto fail;
1497 }
1498
1499 if (fils_auth_pmk_to_ptk(sta->wpa_sm, pmk, pmk_len,
1500 sta->fils_snonce, fils_nonce,
1501 sta->fils_dh_ss ?
1502 wpabuf_head(sta->fils_dh_ss) : NULL,
1503 sta->fils_dh_ss ?
1504 wpabuf_len(sta->fils_dh_ss) : 0,
1505 sta->fils_g_sta, pub) < 0) {
1506 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1507 wpabuf_free(data);
1508 data = NULL;
1509 goto fail;
1510 }
1511
1512 fail:
1513 if (is_pub)
1514 *is_pub = pub != NULL;
1515 os_free(ie_buf);
1516 wpabuf_free(pub);
1517 wpabuf_clear_free(sta->fils_dh_ss);
1518 sta->fils_dh_ss = NULL;
1519 #ifdef CONFIG_FILS_SK_PFS
1520 crypto_ecdh_deinit(sta->fils_ecdh);
1521 sta->fils_ecdh = NULL;
1522 #endif /* CONFIG_FILS_SK_PFS */
1523 return data;
1524 }
1525
1526
1527 static void handle_auth_fils_finish(struct hostapd_data *hapd,
1528 struct sta_info *sta, u16 resp,
1529 struct wpabuf *data, int pub)
1530 {
1531 u16 auth_alg;
1532
1533 auth_alg = (pub ||
1534 resp == WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED) ?
1535 WLAN_AUTH_FILS_SK_PFS : WLAN_AUTH_FILS_SK;
1536 send_auth_reply(hapd, sta->addr, hapd->own_addr, auth_alg, 2, resp,
1537 data ? wpabuf_head(data) : (u8 *) "",
1538 data ? wpabuf_len(data) : 0);
1539 wpabuf_free(data);
1540
1541 if (resp == WLAN_STATUS_SUCCESS) {
1542 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1543 HOSTAPD_LEVEL_DEBUG,
1544 "authentication OK (FILS)");
1545 sta->flags |= WLAN_STA_AUTH;
1546 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
1547 sta->auth_alg = pub ? WLAN_AUTH_FILS_SK_PFS : WLAN_AUTH_FILS_SK;
1548 mlme_authenticate_indication(hapd, sta);
1549 }
1550 }
1551
1552
1553 void ieee802_11_finish_fils_auth(struct hostapd_data *hapd,
1554 struct sta_info *sta, int success,
1555 struct wpabuf *erp_resp,
1556 const u8 *msk, size_t msk_len)
1557 {
1558 struct wpabuf *data;
1559 int pub = 0;
1560 u16 resp;
1561
1562 sta->flags &= ~WLAN_STA_PENDING_FILS_ERP;
1563
1564 if (!sta->fils_pending_cb)
1565 return;
1566 resp = success ? WLAN_STATUS_SUCCESS : WLAN_STATUS_UNSPECIFIED_FAILURE;
1567 data = prepare_auth_resp_fils(hapd, sta, &resp, NULL, erp_resp,
1568 msk, msk_len, &pub);
1569 if (!data) {
1570 wpa_printf(MSG_DEBUG,
1571 "%s: prepare_auth_resp_fils() returned failure",
1572 __func__);
1573 }
1574 sta->fils_pending_cb(hapd, sta, resp, data, pub);
1575 }
1576
1577 #endif /* CONFIG_FILS */
1578
1579
1580 static int
1581 ieee802_11_allowed_address(struct hostapd_data *hapd, const u8 *addr,
1582 const u8 *msg, size_t len, u32 *session_timeout,
1583 u32 *acct_interim_interval,
1584 struct vlan_description *vlan_id,
1585 struct hostapd_sta_wpa_psk_short **psk,
1586 char **identity, char **radius_cui)
1587 {
1588 int res;
1589
1590 os_memset(vlan_id, 0, sizeof(*vlan_id));
1591 res = hostapd_allowed_address(hapd, addr, msg, len,
1592 session_timeout, acct_interim_interval,
1593 vlan_id, psk, identity, radius_cui);
1594
1595 if (res == HOSTAPD_ACL_REJECT) {
1596 wpa_printf(MSG_INFO,
1597 "Station " MACSTR " not allowed to authenticate",
1598 MAC2STR(addr));
1599 return HOSTAPD_ACL_REJECT;
1600 }
1601
1602 if (res == HOSTAPD_ACL_PENDING) {
1603 wpa_printf(MSG_DEBUG, "Authentication frame from " MACSTR
1604 " waiting for an external authentication",
1605 MAC2STR(addr));
1606 /* Authentication code will re-send the authentication frame
1607 * after it has received (and cached) information from the
1608 * external source. */
1609 return HOSTAPD_ACL_PENDING;
1610 }
1611
1612 return res;
1613 }
1614
1615
1616 static int
1617 ieee802_11_set_radius_info(struct hostapd_data *hapd, struct sta_info *sta,
1618 int res, u32 session_timeout,
1619 u32 acct_interim_interval,
1620 struct vlan_description *vlan_id,
1621 struct hostapd_sta_wpa_psk_short **psk,
1622 char **identity, char **radius_cui)
1623 {
1624 if (vlan_id->notempty &&
1625 !hostapd_vlan_valid(hapd->conf->vlan, vlan_id)) {
1626 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
1627 HOSTAPD_LEVEL_INFO,
1628 "Invalid VLAN %d%s received from RADIUS server",
1629 vlan_id->untagged,
1630 vlan_id->tagged[0] ? "+" : "");
1631 return -1;
1632 }
1633 if (ap_sta_set_vlan(hapd, sta, vlan_id) < 0)
1634 return -1;
1635 if (sta->vlan_id)
1636 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
1637 HOSTAPD_LEVEL_INFO, "VLAN ID %d", sta->vlan_id);
1638
1639 hostapd_free_psk_list(sta->psk);
1640 if (hapd->conf->wpa_psk_radius != PSK_RADIUS_IGNORED) {
1641 sta->psk = *psk;
1642 *psk = NULL;
1643 } else {
1644 sta->psk = NULL;
1645 }
1646
1647 sta->identity = *identity;
1648 *identity = NULL;
1649 sta->radius_cui = *radius_cui;
1650 *radius_cui = NULL;
1651
1652 if (hapd->conf->acct_interim_interval == 0 && acct_interim_interval)
1653 sta->acct_interim_interval = acct_interim_interval;
1654 if (res == HOSTAPD_ACL_ACCEPT_TIMEOUT)
1655 ap_sta_session_timeout(hapd, sta, session_timeout);
1656 else
1657 ap_sta_no_session_timeout(hapd, sta);
1658
1659 return 0;
1660 }
1661
1662
1663 static void handle_auth(struct hostapd_data *hapd,
1664 const struct ieee80211_mgmt *mgmt, size_t len)
1665 {
1666 u16 auth_alg, auth_transaction, status_code;
1667 u16 resp = WLAN_STATUS_SUCCESS;
1668 struct sta_info *sta = NULL;
1669 int res, reply_res;
1670 u16 fc;
1671 const u8 *challenge = NULL;
1672 u32 session_timeout, acct_interim_interval;
1673 struct vlan_description vlan_id;
1674 struct hostapd_sta_wpa_psk_short *psk = NULL;
1675 u8 resp_ies[2 + WLAN_AUTH_CHALLENGE_LEN];
1676 size_t resp_ies_len = 0;
1677 char *identity = NULL;
1678 char *radius_cui = NULL;
1679 u16 seq_ctrl;
1680
1681 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
1682 wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)",
1683 (unsigned long) len);
1684 return;
1685 }
1686
1687 #ifdef CONFIG_TESTING_OPTIONS
1688 if (hapd->iconf->ignore_auth_probability > 0.0 &&
1689 drand48() < hapd->iconf->ignore_auth_probability) {
1690 wpa_printf(MSG_INFO,
1691 "TESTING: ignoring auth frame from " MACSTR,
1692 MAC2STR(mgmt->sa));
1693 return;
1694 }
1695 #endif /* CONFIG_TESTING_OPTIONS */
1696
1697 auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
1698 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction);
1699 status_code = le_to_host16(mgmt->u.auth.status_code);
1700 fc = le_to_host16(mgmt->frame_control);
1701 seq_ctrl = le_to_host16(mgmt->seq_ctrl);
1702
1703 if (len >= IEEE80211_HDRLEN + sizeof(mgmt->u.auth) +
1704 2 + WLAN_AUTH_CHALLENGE_LEN &&
1705 mgmt->u.auth.variable[0] == WLAN_EID_CHALLENGE &&
1706 mgmt->u.auth.variable[1] == WLAN_AUTH_CHALLENGE_LEN)
1707 challenge = &mgmt->u.auth.variable[2];
1708
1709 wpa_printf(MSG_DEBUG, "authentication: STA=" MACSTR " auth_alg=%d "
1710 "auth_transaction=%d status_code=%d wep=%d%s "
1711 "seq_ctrl=0x%x%s",
1712 MAC2STR(mgmt->sa), auth_alg, auth_transaction,
1713 status_code, !!(fc & WLAN_FC_ISWEP),
1714 challenge ? " challenge" : "",
1715 seq_ctrl, (fc & WLAN_FC_RETRY) ? " retry" : "");
1716
1717 #ifdef CONFIG_NO_RC4
1718 if (auth_alg == WLAN_AUTH_SHARED_KEY) {
1719 wpa_printf(MSG_INFO,
1720 "Unsupported authentication algorithm (%d)",
1721 auth_alg);
1722 resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG;
1723 goto fail;
1724 }
1725 #endif /* CONFIG_NO_RC4 */
1726
1727 if (hapd->tkip_countermeasures) {
1728 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1729 goto fail;
1730 }
1731
1732 if (!(((hapd->conf->auth_algs & WPA_AUTH_ALG_OPEN) &&
1733 auth_alg == WLAN_AUTH_OPEN) ||
1734 #ifdef CONFIG_IEEE80211R_AP
1735 (hapd->conf->wpa && wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt) &&
1736 auth_alg == WLAN_AUTH_FT) ||
1737 #endif /* CONFIG_IEEE80211R_AP */
1738 #ifdef CONFIG_SAE
1739 (hapd->conf->wpa && wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt) &&
1740 auth_alg == WLAN_AUTH_SAE) ||
1741 #endif /* CONFIG_SAE */
1742 #ifdef CONFIG_FILS
1743 (hapd->conf->wpa && wpa_key_mgmt_fils(hapd->conf->wpa_key_mgmt) &&
1744 auth_alg == WLAN_AUTH_FILS_SK) ||
1745 (hapd->conf->wpa && wpa_key_mgmt_fils(hapd->conf->wpa_key_mgmt) &&
1746 hapd->conf->fils_dh_group &&
1747 auth_alg == WLAN_AUTH_FILS_SK_PFS) ||
1748 #endif /* CONFIG_FILS */
1749 ((hapd->conf->auth_algs & WPA_AUTH_ALG_SHARED) &&
1750 auth_alg == WLAN_AUTH_SHARED_KEY))) {
1751 wpa_printf(MSG_INFO, "Unsupported authentication algorithm (%d)",
1752 auth_alg);
1753 resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG;
1754 goto fail;
1755 }
1756
1757 if (!(auth_transaction == 1 || auth_alg == WLAN_AUTH_SAE ||
1758 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 3))) {
1759 wpa_printf(MSG_INFO, "Unknown authentication transaction number (%d)",
1760 auth_transaction);
1761 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION;
1762 goto fail;
1763 }
1764
1765 if (os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
1766 wpa_printf(MSG_INFO, "Station " MACSTR " not allowed to authenticate",
1767 MAC2STR(mgmt->sa));
1768 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1769 goto fail;
1770 }
1771
1772 if (hapd->conf->no_auth_if_seen_on) {
1773 struct hostapd_data *other;
1774
1775 other = sta_track_seen_on(hapd->iface, mgmt->sa,
1776 hapd->conf->no_auth_if_seen_on);
1777 if (other) {
1778 u8 *pos;
1779 u32 info;
1780 u8 op_class, channel, phytype;
1781
1782 wpa_printf(MSG_DEBUG, "%s: Reject authentication from "
1783 MACSTR " since STA has been seen on %s",
1784 hapd->conf->iface, MAC2STR(mgmt->sa),
1785 hapd->conf->no_auth_if_seen_on);
1786
1787 resp = WLAN_STATUS_REJECTED_WITH_SUGGESTED_BSS_TRANSITION;
1788 pos = &resp_ies[0];
1789 *pos++ = WLAN_EID_NEIGHBOR_REPORT;
1790 *pos++ = 13;
1791 os_memcpy(pos, other->own_addr, ETH_ALEN);
1792 pos += ETH_ALEN;
1793 info = 0; /* TODO: BSSID Information */
1794 WPA_PUT_LE32(pos, info);
1795 pos += 4;
1796 if (other->iconf->hw_mode == HOSTAPD_MODE_IEEE80211AD)
1797 phytype = 8; /* dmg */
1798 else if (other->iconf->ieee80211ac)
1799 phytype = 9; /* vht */
1800 else if (other->iconf->ieee80211n)
1801 phytype = 7; /* ht */
1802 else if (other->iconf->hw_mode ==
1803 HOSTAPD_MODE_IEEE80211A)
1804 phytype = 4; /* ofdm */
1805 else if (other->iconf->hw_mode ==
1806 HOSTAPD_MODE_IEEE80211G)
1807 phytype = 6; /* erp */
1808 else
1809 phytype = 5; /* hrdsss */
1810 if (ieee80211_freq_to_channel_ext(
1811 hostapd_hw_get_freq(other,
1812 other->iconf->channel),
1813 other->iconf->secondary_channel,
1814 other->iconf->ieee80211ac,
1815 &op_class, &channel) == NUM_HOSTAPD_MODES) {
1816 op_class = 0;
1817 channel = other->iconf->channel;
1818 }
1819 *pos++ = op_class;
1820 *pos++ = channel;
1821 *pos++ = phytype;
1822 resp_ies_len = pos - &resp_ies[0];
1823 goto fail;
1824 }
1825 }
1826
1827 res = ieee802_11_allowed_address(
1828 hapd, mgmt->sa, (const u8 *) mgmt, len, &session_timeout,
1829 &acct_interim_interval, &vlan_id, &psk, &identity, &radius_cui);
1830 if (res == HOSTAPD_ACL_REJECT) {
1831 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1832 goto fail;
1833 }
1834 if (res == HOSTAPD_ACL_PENDING)
1835 return;
1836
1837 sta = ap_get_sta(hapd, mgmt->sa);
1838 if (sta) {
1839 sta->flags &= ~WLAN_STA_PENDING_FILS_ERP;
1840 if ((fc & WLAN_FC_RETRY) &&
1841 sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ &&
1842 sta->last_seq_ctrl == seq_ctrl &&
1843 sta->last_subtype == WLAN_FC_STYPE_AUTH) {
1844 hostapd_logger(hapd, sta->addr,
1845 HOSTAPD_MODULE_IEEE80211,
1846 HOSTAPD_LEVEL_DEBUG,
1847 "Drop repeated authentication frame seq_ctrl=0x%x",
1848 seq_ctrl);
1849 return;
1850 }
1851 #ifdef CONFIG_MESH
1852 if ((hapd->conf->mesh & MESH_ENABLED) &&
1853 sta->plink_state == PLINK_BLOCKED) {
1854 wpa_printf(MSG_DEBUG, "Mesh peer " MACSTR
1855 " is blocked - drop Authentication frame",
1856 MAC2STR(mgmt->sa));
1857 return;
1858 }
1859 #endif /* CONFIG_MESH */
1860 } else {
1861 #ifdef CONFIG_MESH
1862 if (hapd->conf->mesh & MESH_ENABLED) {
1863 /* if the mesh peer is not available, we don't do auth.
1864 */
1865 wpa_printf(MSG_DEBUG, "Mesh peer " MACSTR
1866 " not yet known - drop Authentication frame",
1867 MAC2STR(mgmt->sa));
1868 /*
1869 * Save a copy of the frame so that it can be processed
1870 * if a new peer entry is added shortly after this.
1871 */
1872 wpabuf_free(hapd->mesh_pending_auth);
1873 hapd->mesh_pending_auth = wpabuf_alloc_copy(mgmt, len);
1874 os_get_reltime(&hapd->mesh_pending_auth_time);
1875 return;
1876 }
1877 #endif /* CONFIG_MESH */
1878
1879 sta = ap_sta_add(hapd, mgmt->sa);
1880 if (!sta) {
1881 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
1882 goto fail;
1883 }
1884 }
1885 sta->last_seq_ctrl = seq_ctrl;
1886 sta->last_subtype = WLAN_FC_STYPE_AUTH;
1887
1888 res = ieee802_11_set_radius_info(
1889 hapd, sta, res, session_timeout, acct_interim_interval,
1890 &vlan_id, &psk, &identity, &radius_cui);
1891 if (res) {
1892 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1893 goto fail;
1894 }
1895
1896 sta->flags &= ~WLAN_STA_PREAUTH;
1897 ieee802_1x_notify_pre_auth(sta->eapol_sm, 0);
1898
1899 /*
1900 * If the driver supports full AP client state, add a station to the
1901 * driver before sending authentication reply to make sure the driver
1902 * has resources, and not to go through the entire authentication and
1903 * association handshake, and fail it at the end.
1904 *
1905 * If this is not the first transaction, in a multi-step authentication
1906 * algorithm, the station already exists in the driver
1907 * (sta->added_unassoc = 1) so skip it.
1908 *
1909 * In mesh mode, the station was already added to the driver when the
1910 * NEW_PEER_CANDIDATE event is received.
1911 *
1912 * If PMF was negotiated for the existing association, skip this to
1913 * avoid dropping the STA entry and the associated keys. This is needed
1914 * to allow the original connection work until the attempt can complete
1915 * (re)association, so that unprotected Authentication frame cannot be
1916 * used to bypass PMF protection.
1917 */
1918 if (FULL_AP_CLIENT_STATE_SUPP(hapd->iface->drv_flags) &&
1919 (!(sta->flags & WLAN_STA_MFP) || !ap_sta_is_authorized(sta)) &&
1920 !(hapd->conf->mesh & MESH_ENABLED) &&
1921 !(sta->added_unassoc)) {
1922 /*
1923 * If a station that is already associated to the AP, is trying
1924 * to authenticate again, remove the STA entry, in order to make
1925 * sure the STA PS state gets cleared and configuration gets
1926 * updated. To handle this, station's added_unassoc flag is
1927 * cleared once the station has completed association.
1928 */
1929 hostapd_drv_sta_remove(hapd, sta->addr);
1930 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_AUTH |
1931 WLAN_STA_AUTHORIZED);
1932
1933 if (hostapd_sta_add(hapd, sta->addr, 0, 0, NULL, 0, 0,
1934 NULL, NULL, sta->flags, 0, 0, 0, 0)) {
1935 hostapd_logger(hapd, sta->addr,
1936 HOSTAPD_MODULE_IEEE80211,
1937 HOSTAPD_LEVEL_NOTICE,
1938 "Could not add STA to kernel driver");
1939 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
1940 goto fail;
1941 }
1942
1943 sta->added_unassoc = 1;
1944 }
1945
1946 switch (auth_alg) {
1947 case WLAN_AUTH_OPEN:
1948 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1949 HOSTAPD_LEVEL_DEBUG,
1950 "authentication OK (open system)");
1951 sta->flags |= WLAN_STA_AUTH;
1952 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
1953 sta->auth_alg = WLAN_AUTH_OPEN;
1954 mlme_authenticate_indication(hapd, sta);
1955 break;
1956 #ifndef CONFIG_NO_RC4
1957 case WLAN_AUTH_SHARED_KEY:
1958 resp = auth_shared_key(hapd, sta, auth_transaction, challenge,
1959 fc & WLAN_FC_ISWEP);
1960 sta->auth_alg = WLAN_AUTH_SHARED_KEY;
1961 mlme_authenticate_indication(hapd, sta);
1962 if (sta->challenge && auth_transaction == 1) {
1963 resp_ies[0] = WLAN_EID_CHALLENGE;
1964 resp_ies[1] = WLAN_AUTH_CHALLENGE_LEN;
1965 os_memcpy(resp_ies + 2, sta->challenge,
1966 WLAN_AUTH_CHALLENGE_LEN);
1967 resp_ies_len = 2 + WLAN_AUTH_CHALLENGE_LEN;
1968 }
1969 break;
1970 #endif /* CONFIG_NO_RC4 */
1971 #ifdef CONFIG_IEEE80211R_AP
1972 case WLAN_AUTH_FT:
1973 sta->auth_alg = WLAN_AUTH_FT;
1974 if (sta->wpa_sm == NULL)
1975 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
1976 sta->addr, NULL);
1977 if (sta->wpa_sm == NULL) {
1978 wpa_printf(MSG_DEBUG, "FT: Failed to initialize WPA "
1979 "state machine");
1980 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1981 goto fail;
1982 }
1983 wpa_ft_process_auth(sta->wpa_sm, mgmt->bssid,
1984 auth_transaction, mgmt->u.auth.variable,
1985 len - IEEE80211_HDRLEN -
1986 sizeof(mgmt->u.auth),
1987 handle_auth_ft_finish, hapd);
1988 /* handle_auth_ft_finish() callback will complete auth. */
1989 return;
1990 #endif /* CONFIG_IEEE80211R_AP */
1991 #ifdef CONFIG_SAE
1992 case WLAN_AUTH_SAE:
1993 #ifdef CONFIG_MESH
1994 if (status_code == WLAN_STATUS_SUCCESS &&
1995 hapd->conf->mesh & MESH_ENABLED) {
1996 if (sta->wpa_sm == NULL)
1997 sta->wpa_sm =
1998 wpa_auth_sta_init(hapd->wpa_auth,
1999 sta->addr, NULL);
2000 if (sta->wpa_sm == NULL) {
2001 wpa_printf(MSG_DEBUG,
2002 "SAE: Failed to initialize WPA state machine");
2003 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
2004 goto fail;
2005 }
2006 }
2007 #endif /* CONFIG_MESH */
2008 handle_auth_sae(hapd, sta, mgmt, len, auth_transaction,
2009 status_code);
2010 return;
2011 #endif /* CONFIG_SAE */
2012 #ifdef CONFIG_FILS
2013 case WLAN_AUTH_FILS_SK:
2014 case WLAN_AUTH_FILS_SK_PFS:
2015 handle_auth_fils(hapd, sta, mgmt->u.auth.variable,
2016 len - IEEE80211_HDRLEN - sizeof(mgmt->u.auth),
2017 auth_alg, auth_transaction, status_code,
2018 handle_auth_fils_finish);
2019 return;
2020 #endif /* CONFIG_FILS */
2021 }
2022
2023 fail:
2024 os_free(identity);
2025 os_free(radius_cui);
2026 hostapd_free_psk_list(psk);
2027
2028 reply_res = send_auth_reply(hapd, mgmt->sa, mgmt->bssid, auth_alg,
2029 auth_transaction + 1, resp, resp_ies,
2030 resp_ies_len);
2031
2032 if (sta && sta->added_unassoc && (resp != WLAN_STATUS_SUCCESS ||
2033 reply_res != WLAN_STATUS_SUCCESS)) {
2034 hostapd_drv_sta_remove(hapd, sta->addr);
2035 sta->added_unassoc = 0;
2036 }
2037 }
2038
2039
2040 int hostapd_get_aid(struct hostapd_data *hapd, struct sta_info *sta)
2041 {
2042 int i, j = 32, aid;
2043
2044 /* get a unique AID */
2045 if (sta->aid > 0) {
2046 wpa_printf(MSG_DEBUG, " old AID %d", sta->aid);
2047 return 0;
2048 }
2049
2050 if (TEST_FAIL())
2051 return -1;
2052
2053 for (i = 0; i < AID_WORDS; i++) {
2054 if (hapd->sta_aid[i] == (u32) -1)
2055 continue;
2056 for (j = 0; j < 32; j++) {
2057 if (!(hapd->sta_aid[i] & BIT(j)))
2058 break;
2059 }
2060 if (j < 32)
2061 break;
2062 }
2063 if (j == 32)
2064 return -1;
2065 aid = i * 32 + j + 1;
2066 if (aid > 2007)
2067 return -1;
2068
2069 sta->aid = aid;
2070 hapd->sta_aid[i] |= BIT(j);
2071 wpa_printf(MSG_DEBUG, " new AID %d", sta->aid);
2072 return 0;
2073 }
2074
2075
2076 static u16 check_ssid(struct hostapd_data *hapd, struct sta_info *sta,
2077 const u8 *ssid_ie, size_t ssid_ie_len)
2078 {
2079 if (ssid_ie == NULL)
2080 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2081
2082 if (ssid_ie_len != hapd->conf->ssid.ssid_len ||
2083 os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0) {
2084 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2085 HOSTAPD_LEVEL_INFO,
2086 "Station tried to associate with unknown SSID "
2087 "'%s'", wpa_ssid_txt(ssid_ie, ssid_ie_len));
2088 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2089 }
2090
2091 return WLAN_STATUS_SUCCESS;
2092 }
2093
2094
2095 static u16 check_wmm(struct hostapd_data *hapd, struct sta_info *sta,
2096 const u8 *wmm_ie, size_t wmm_ie_len)
2097 {
2098 sta->flags &= ~WLAN_STA_WMM;
2099 sta->qosinfo = 0;
2100 if (wmm_ie && hapd->conf->wmm_enabled) {
2101 struct wmm_information_element *wmm;
2102
2103 if (!hostapd_eid_wmm_valid(hapd, wmm_ie, wmm_ie_len)) {
2104 hostapd_logger(hapd, sta->addr,
2105 HOSTAPD_MODULE_WPA,
2106 HOSTAPD_LEVEL_DEBUG,
2107 "invalid WMM element in association "
2108 "request");
2109 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2110 }
2111
2112 sta->flags |= WLAN_STA_WMM;
2113 wmm = (struct wmm_information_element *) wmm_ie;
2114 sta->qosinfo = wmm->qos_info;
2115 }
2116 return WLAN_STATUS_SUCCESS;
2117 }
2118
2119
2120 static u16 copy_supp_rates(struct hostapd_data *hapd, struct sta_info *sta,
2121 struct ieee802_11_elems *elems)
2122 {
2123 /* Supported rates not used in IEEE 802.11ad/DMG */
2124 if (hapd->iface->current_mode &&
2125 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD)
2126 return WLAN_STATUS_SUCCESS;
2127
2128 if (!elems->supp_rates) {
2129 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2130 HOSTAPD_LEVEL_DEBUG,
2131 "No supported rates element in AssocReq");
2132 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2133 }
2134
2135 if (elems->supp_rates_len + elems->ext_supp_rates_len >
2136 sizeof(sta->supported_rates)) {
2137 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2138 HOSTAPD_LEVEL_DEBUG,
2139 "Invalid supported rates element length %d+%d",
2140 elems->supp_rates_len,
2141 elems->ext_supp_rates_len);
2142 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2143 }
2144
2145 sta->supported_rates_len = merge_byte_arrays(
2146 sta->supported_rates, sizeof(sta->supported_rates),
2147 elems->supp_rates, elems->supp_rates_len,
2148 elems->ext_supp_rates, elems->ext_supp_rates_len);
2149
2150 return WLAN_STATUS_SUCCESS;
2151 }
2152
2153
2154 static u16 check_ext_capab(struct hostapd_data *hapd, struct sta_info *sta,
2155 const u8 *ext_capab_ie, size_t ext_capab_ie_len)
2156 {
2157 #ifdef CONFIG_INTERWORKING
2158 /* check for QoS Map support */
2159 if (ext_capab_ie_len >= 5) {
2160 if (ext_capab_ie[4] & 0x01)
2161 sta->qos_map_enabled = 1;
2162 }
2163 #endif /* CONFIG_INTERWORKING */
2164
2165 if (ext_capab_ie_len > 0) {
2166 sta->ecsa_supported = !!(ext_capab_ie[0] & BIT(2));
2167 os_free(sta->ext_capability);
2168 sta->ext_capability = os_malloc(1 + ext_capab_ie_len);
2169 if (sta->ext_capability) {
2170 sta->ext_capability[0] = ext_capab_ie_len;
2171 os_memcpy(sta->ext_capability + 1, ext_capab_ie,
2172 ext_capab_ie_len);
2173 }
2174 }
2175
2176 return WLAN_STATUS_SUCCESS;
2177 }
2178
2179
2180 #ifdef CONFIG_OWE
2181
2182 static int owe_group_supported(struct hostapd_data *hapd, u16 group)
2183 {
2184 int i;
2185 int *groups = hapd->conf->owe_groups;
2186
2187 if (group != 19 && group != 20 && group != 21)
2188 return 0;
2189
2190 if (!groups)
2191 return 1;
2192
2193 for (i = 0; groups[i] > 0; i++) {
2194 if (groups[i] == group)
2195 return 1;
2196 }
2197
2198 return 0;
2199 }
2200
2201
2202 static u16 owe_process_assoc_req(struct hostapd_data *hapd,
2203 struct sta_info *sta, const u8 *owe_dh,
2204 u8 owe_dh_len)
2205 {
2206 struct wpabuf *secret, *pub, *hkey;
2207 int res;
2208 u8 prk[SHA512_MAC_LEN], pmkid[SHA512_MAC_LEN];
2209 const char *info = "OWE Key Generation";
2210 const u8 *addr[2];
2211 size_t len[2];
2212 u16 group;
2213 size_t hash_len, prime_len;
2214
2215 if (wpa_auth_sta_get_pmksa(sta->wpa_sm)) {
2216 wpa_printf(MSG_DEBUG, "OWE: Using PMKSA caching");
2217 return WLAN_STATUS_SUCCESS;
2218 }
2219
2220 group = WPA_GET_LE16(owe_dh);
2221 if (!owe_group_supported(hapd, group)) {
2222 wpa_printf(MSG_DEBUG, "OWE: Unsupported DH group %u", group);
2223 return WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED;
2224 }
2225 if (group == 19)
2226 prime_len = 32;
2227 else if (group == 20)
2228 prime_len = 48;
2229 else if (group == 21)
2230 prime_len = 66;
2231 else
2232 return WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED;
2233
2234 crypto_ecdh_deinit(sta->owe_ecdh);
2235 sta->owe_ecdh = crypto_ecdh_init(group);
2236 if (!sta->owe_ecdh)
2237 return WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED;
2238 sta->owe_group = group;
2239
2240 secret = crypto_ecdh_set_peerkey(sta->owe_ecdh, 0, owe_dh + 2,
2241 owe_dh_len - 2);
2242 secret = wpabuf_zeropad(secret, prime_len);
2243 if (!secret) {
2244 wpa_printf(MSG_DEBUG, "OWE: Invalid peer DH public key");
2245 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2246 }
2247 wpa_hexdump_buf_key(MSG_DEBUG, "OWE: DH shared secret", secret);
2248
2249 /* prk = HKDF-extract(C | A | group, z) */
2250
2251 pub = crypto_ecdh_get_pubkey(sta->owe_ecdh, 0);
2252 if (!pub) {
2253 wpabuf_clear_free(secret);
2254 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2255 }
2256
2257 /* PMKID = Truncate-128(Hash(C | A)) */
2258 addr[0] = owe_dh + 2;
2259 len[0] = owe_dh_len - 2;
2260 addr[1] = wpabuf_head(pub);
2261 len[1] = wpabuf_len(pub);
2262 if (group == 19) {
2263 res = sha256_vector(2, addr, len, pmkid);
2264 hash_len = SHA256_MAC_LEN;
2265 } else if (group == 20) {
2266 res = sha384_vector(2, addr, len, pmkid);
2267 hash_len = SHA384_MAC_LEN;
2268 } else if (group == 21) {
2269 res = sha512_vector(2, addr, len, pmkid);
2270 hash_len = SHA512_MAC_LEN;
2271 } else {
2272 wpabuf_free(pub);
2273 wpabuf_clear_free(secret);
2274 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2275 }
2276 pub = wpabuf_zeropad(pub, prime_len);
2277 if (res < 0 || !pub) {
2278 wpabuf_free(pub);
2279 wpabuf_clear_free(secret);
2280 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2281 }
2282
2283 hkey = wpabuf_alloc(owe_dh_len - 2 + wpabuf_len(pub) + 2);
2284 if (!hkey) {
2285 wpabuf_free(pub);
2286 wpabuf_clear_free(secret);
2287 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2288 }
2289
2290 wpabuf_put_data(hkey, owe_dh + 2, owe_dh_len - 2); /* C */
2291 wpabuf_put_buf(hkey, pub); /* A */
2292 wpabuf_free(pub);
2293 wpabuf_put_le16(hkey, group); /* group */
2294 if (group == 19)
2295 res = hmac_sha256(wpabuf_head(hkey), wpabuf_len(hkey),
2296 wpabuf_head(secret), wpabuf_len(secret), prk);
2297 else if (group == 20)
2298 res = hmac_sha384(wpabuf_head(hkey), wpabuf_len(hkey),
2299 wpabuf_head(secret), wpabuf_len(secret), prk);
2300 else if (group == 21)
2301 res = hmac_sha512(wpabuf_head(hkey), wpabuf_len(hkey),
2302 wpabuf_head(secret), wpabuf_len(secret), prk);
2303 wpabuf_clear_free(hkey);
2304 wpabuf_clear_free(secret);
2305 if (res < 0)
2306 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2307
2308 wpa_hexdump_key(MSG_DEBUG, "OWE: prk", prk, hash_len);
2309
2310 /* PMK = HKDF-expand(prk, "OWE Key Generation", n) */
2311
2312 os_free(sta->owe_pmk);
2313 sta->owe_pmk = os_malloc(hash_len);
2314 if (!sta->owe_pmk) {
2315 os_memset(prk, 0, SHA512_MAC_LEN);
2316 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2317 }
2318
2319 if (group == 19)
2320 res = hmac_sha256_kdf(prk, hash_len, NULL, (const u8 *) info,
2321 os_strlen(info), sta->owe_pmk, hash_len);
2322 else if (group == 20)
2323 res = hmac_sha384_kdf(prk, hash_len, NULL, (const u8 *) info,
2324 os_strlen(info), sta->owe_pmk, hash_len);
2325 else if (group == 21)
2326 res = hmac_sha512_kdf(prk, hash_len, NULL, (const u8 *) info,
2327 os_strlen(info), sta->owe_pmk, hash_len);
2328 os_memset(prk, 0, SHA512_MAC_LEN);
2329 if (res < 0) {
2330 os_free(sta->owe_pmk);
2331 sta->owe_pmk = NULL;
2332 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2333 }
2334 sta->owe_pmk_len = hash_len;
2335
2336 wpa_hexdump_key(MSG_DEBUG, "OWE: PMK", sta->owe_pmk, sta->owe_pmk_len);
2337 wpa_hexdump(MSG_DEBUG, "OWE: PMKID", pmkid, PMKID_LEN);
2338 wpa_auth_pmksa_add2(hapd->wpa_auth, sta->addr, sta->owe_pmk,
2339 sta->owe_pmk_len, pmkid, 0, WPA_KEY_MGMT_OWE);
2340
2341 return WLAN_STATUS_SUCCESS;
2342 }
2343
2344 #endif /* CONFIG_OWE */
2345
2346
2347 static u16 check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta,
2348 const u8 *ies, size_t ies_len, int reassoc)
2349 {
2350 struct ieee802_11_elems elems;
2351 u16 resp;
2352 const u8 *wpa_ie;
2353 size_t wpa_ie_len;
2354 const u8 *p2p_dev_addr = NULL;
2355
2356 if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed) {
2357 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2358 HOSTAPD_LEVEL_INFO, "Station sent an invalid "
2359 "association request");
2360 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2361 }
2362
2363 resp = check_ssid(hapd, sta, elems.ssid, elems.ssid_len);
2364 if (resp != WLAN_STATUS_SUCCESS)
2365 return resp;
2366 resp = check_wmm(hapd, sta, elems.wmm, elems.wmm_len);
2367 if (resp != WLAN_STATUS_SUCCESS)
2368 return resp;
2369 resp = check_ext_capab(hapd, sta, elems.ext_capab, elems.ext_capab_len);
2370 if (resp != WLAN_STATUS_SUCCESS)
2371 return resp;
2372 resp = copy_supp_rates(hapd, sta, &elems);
2373 if (resp != WLAN_STATUS_SUCCESS)
2374 return resp;
2375 #ifdef CONFIG_IEEE80211N
2376 resp = copy_sta_ht_capab(hapd, sta, elems.ht_capabilities);
2377 if (resp != WLAN_STATUS_SUCCESS)
2378 return resp;
2379 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht &&
2380 !(sta->flags & WLAN_STA_HT)) {
2381 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2382 HOSTAPD_LEVEL_INFO, "Station does not support "
2383 "mandatory HT PHY - reject association");
2384 return WLAN_STATUS_ASSOC_DENIED_NO_HT;
2385 }
2386 #endif /* CONFIG_IEEE80211N */
2387
2388 #ifdef CONFIG_IEEE80211AC
2389 if (hapd->iconf->ieee80211ac) {
2390 resp = copy_sta_vht_capab(hapd, sta, elems.vht_capabilities);
2391 if (resp != WLAN_STATUS_SUCCESS)
2392 return resp;
2393
2394 resp = set_sta_vht_opmode(hapd, sta, elems.vht_opmode_notif);
2395 if (resp != WLAN_STATUS_SUCCESS)
2396 return resp;
2397 }
2398
2399 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht &&
2400 !(sta->flags & WLAN_STA_VHT)) {
2401 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2402 HOSTAPD_LEVEL_INFO, "Station does not support "
2403 "mandatory VHT PHY - reject association");
2404 return WLAN_STATUS_ASSOC_DENIED_NO_VHT;
2405 }
2406
2407 if (hapd->conf->vendor_vht && !elems.vht_capabilities) {
2408 resp = copy_sta_vendor_vht(hapd, sta, elems.vendor_vht,
2409 elems.vendor_vht_len);
2410 if (resp != WLAN_STATUS_SUCCESS)
2411 return resp;
2412 }
2413 #endif /* CONFIG_IEEE80211AC */
2414
2415 #ifdef CONFIG_P2P
2416 if (elems.p2p) {
2417 wpabuf_free(sta->p2p_ie);
2418 sta->p2p_ie = ieee802_11_vendor_ie_concat(ies, ies_len,
2419 P2P_IE_VENDOR_TYPE);
2420 if (sta->p2p_ie)
2421 p2p_dev_addr = p2p_get_go_dev_addr(sta->p2p_ie);
2422 } else {
2423 wpabuf_free(sta->p2p_ie);
2424 sta->p2p_ie = NULL;
2425 }
2426 #endif /* CONFIG_P2P */
2427
2428 if ((hapd->conf->wpa & WPA_PROTO_RSN) && elems.rsn_ie) {
2429 wpa_ie = elems.rsn_ie;
2430 wpa_ie_len = elems.rsn_ie_len;
2431 } else if ((hapd->conf->wpa & WPA_PROTO_WPA) &&
2432 elems.wpa_ie) {
2433 wpa_ie = elems.wpa_ie;
2434 wpa_ie_len = elems.wpa_ie_len;
2435 } else {
2436 wpa_ie = NULL;
2437 wpa_ie_len = 0;
2438 }
2439
2440 #ifdef CONFIG_WPS
2441 sta->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS | WLAN_STA_WPS2);
2442 if (hapd->conf->wps_state && elems.wps_ie) {
2443 wpa_printf(MSG_DEBUG, "STA included WPS IE in (Re)Association "
2444 "Request - assume WPS is used");
2445 sta->flags |= WLAN_STA_WPS;
2446 wpabuf_free(sta->wps_ie);
2447 sta->wps_ie = ieee802_11_vendor_ie_concat(ies, ies_len,
2448 WPS_IE_VENDOR_TYPE);
2449 if (sta->wps_ie && wps_is_20(sta->wps_ie)) {
2450 wpa_printf(MSG_DEBUG, "WPS: STA supports WPS 2.0");
2451 sta->flags |= WLAN_STA_WPS2;
2452 }
2453 wpa_ie = NULL;
2454 wpa_ie_len = 0;
2455 if (sta->wps_ie && wps_validate_assoc_req(sta->wps_ie) < 0) {
2456 wpa_printf(MSG_DEBUG, "WPS: Invalid WPS IE in "
2457 "(Re)Association Request - reject");
2458 return WLAN_STATUS_INVALID_IE;
2459 }
2460 } else if (hapd->conf->wps_state && wpa_ie == NULL) {
2461 wpa_printf(MSG_DEBUG, "STA did not include WPA/RSN IE in "
2462 "(Re)Association Request - possible WPS use");
2463 sta->flags |= WLAN_STA_MAYBE_WPS;
2464 } else
2465 #endif /* CONFIG_WPS */
2466 if (hapd->conf->wpa && wpa_ie == NULL) {
2467 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2468 HOSTAPD_LEVEL_INFO,
2469 "No WPA/RSN IE in association request");
2470 return WLAN_STATUS_INVALID_IE;
2471 }
2472
2473 if (hapd->conf->wpa && wpa_ie) {
2474 int res;
2475 wpa_ie -= 2;
2476 wpa_ie_len += 2;
2477 if (sta->wpa_sm == NULL)
2478 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
2479 sta->addr,
2480 p2p_dev_addr);
2481 if (sta->wpa_sm == NULL) {
2482 wpa_printf(MSG_WARNING, "Failed to initialize WPA "
2483 "state machine");
2484 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2485 }
2486 res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm,
2487 wpa_ie, wpa_ie_len,
2488 elems.mdie, elems.mdie_len,
2489 elems.owe_dh, elems.owe_dh_len);
2490 resp = wpa_res_to_status_code(res);
2491 if (resp != WLAN_STATUS_SUCCESS)
2492 return resp;
2493 #ifdef CONFIG_IEEE80211W
2494 if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out &&
2495 sta->sa_query_count > 0)
2496 ap_check_sa_query_timeout(hapd, sta);
2497 if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out &&
2498 (!reassoc || sta->auth_alg != WLAN_AUTH_FT)) {
2499 /*
2500 * STA has already been associated with MFP and SA
2501 * Query timeout has not been reached. Reject the
2502 * association attempt temporarily and start SA Query,
2503 * if one is not pending.
2504 */
2505
2506 if (sta->sa_query_count == 0)
2507 ap_sta_start_sa_query(hapd, sta);
2508
2509 return WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY;
2510 }
2511
2512 if (wpa_auth_uses_mfp(sta->wpa_sm))
2513 sta->flags |= WLAN_STA_MFP;
2514 else
2515 sta->flags &= ~WLAN_STA_MFP;
2516 #endif /* CONFIG_IEEE80211W */
2517
2518 #ifdef CONFIG_IEEE80211R_AP
2519 if (sta->auth_alg == WLAN_AUTH_FT) {
2520 if (!reassoc) {
2521 wpa_printf(MSG_DEBUG, "FT: " MACSTR " tried "
2522 "to use association (not "
2523 "re-association) with FT auth_alg",
2524 MAC2STR(sta->addr));
2525 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2526 }
2527
2528 resp = wpa_ft_validate_reassoc(sta->wpa_sm, ies,
2529 ies_len);
2530 if (resp != WLAN_STATUS_SUCCESS)
2531 return resp;
2532 }
2533 #endif /* CONFIG_IEEE80211R_AP */
2534
2535 #ifdef CONFIG_SAE
2536 if (wpa_auth_uses_sae(sta->wpa_sm) &&
2537 sta->auth_alg == WLAN_AUTH_OPEN) {
2538 struct rsn_pmksa_cache_entry *sa;
2539 sa = wpa_auth_sta_get_pmksa(sta->wpa_sm);
2540 if (!sa || sa->akmp != WPA_KEY_MGMT_SAE) {
2541 wpa_printf(MSG_DEBUG,
2542 "SAE: No PMKSA cache entry found for "
2543 MACSTR, MAC2STR(sta->addr));
2544 return WLAN_STATUS_INVALID_PMKID;
2545 }
2546 wpa_printf(MSG_DEBUG, "SAE: " MACSTR
2547 " using PMKSA caching", MAC2STR(sta->addr));
2548 } else if (wpa_auth_uses_sae(sta->wpa_sm) &&
2549 sta->auth_alg != WLAN_AUTH_SAE &&
2550 !(sta->auth_alg == WLAN_AUTH_FT &&
2551 wpa_auth_uses_ft_sae(sta->wpa_sm))) {
2552 wpa_printf(MSG_DEBUG, "SAE: " MACSTR " tried to use "
2553 "SAE AKM after non-SAE auth_alg %u",
2554 MAC2STR(sta->addr), sta->auth_alg);
2555 return WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG;
2556 }
2557 #endif /* CONFIG_SAE */
2558
2559 #ifdef CONFIG_OWE
2560 if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) &&
2561 wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE &&
2562 elems.owe_dh) {
2563 resp = owe_process_assoc_req(hapd, sta, elems.owe_dh,
2564 elems.owe_dh_len);
2565 if (resp != WLAN_STATUS_SUCCESS)
2566 return resp;
2567 }
2568 #endif /* CONFIG_OWE */
2569
2570 #ifdef CONFIG_IEEE80211N
2571 if ((sta->flags & (WLAN_STA_HT | WLAN_STA_VHT)) &&
2572 wpa_auth_get_pairwise(sta->wpa_sm) == WPA_CIPHER_TKIP) {
2573 hostapd_logger(hapd, sta->addr,
2574 HOSTAPD_MODULE_IEEE80211,
2575 HOSTAPD_LEVEL_INFO,
2576 "Station tried to use TKIP with HT "
2577 "association");
2578 return WLAN_STATUS_CIPHER_REJECTED_PER_POLICY;
2579 }
2580 #endif /* CONFIG_IEEE80211N */
2581 #ifdef CONFIG_HS20
2582 } else if (hapd->conf->osen) {
2583 if (elems.osen == NULL) {
2584 hostapd_logger(
2585 hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2586 HOSTAPD_LEVEL_INFO,
2587 "No HS 2.0 OSEN element in association request");
2588 return WLAN_STATUS_INVALID_IE;
2589 }
2590
2591 wpa_printf(MSG_DEBUG, "HS 2.0: OSEN association");
2592 if (sta->wpa_sm == NULL)
2593 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
2594 sta->addr, NULL);
2595 if (sta->wpa_sm == NULL) {
2596 wpa_printf(MSG_WARNING, "Failed to initialize WPA "
2597 "state machine");
2598 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2599 }
2600 if (wpa_validate_osen(hapd->wpa_auth, sta->wpa_sm,
2601 elems.osen - 2, elems.osen_len + 2) < 0)
2602 return WLAN_STATUS_INVALID_IE;
2603 #endif /* CONFIG_HS20 */
2604 } else
2605 wpa_auth_sta_no_wpa(sta->wpa_sm);
2606
2607 #ifdef CONFIG_P2P
2608 p2p_group_notif_assoc(hapd->p2p_group, sta->addr, ies, ies_len);
2609 #endif /* CONFIG_P2P */
2610
2611 #ifdef CONFIG_HS20
2612 wpabuf_free(sta->hs20_ie);
2613 if (elems.hs20 && elems.hs20_len > 4) {
2614 sta->hs20_ie = wpabuf_alloc_copy(elems.hs20 + 4,
2615 elems.hs20_len - 4);
2616 } else
2617 sta->hs20_ie = NULL;
2618 #endif /* CONFIG_HS20 */
2619
2620 #ifdef CONFIG_FST
2621 wpabuf_free(sta->mb_ies);
2622 if (hapd->iface->fst)
2623 sta->mb_ies = mb_ies_by_info(&elems.mb_ies);
2624 else
2625 sta->mb_ies = NULL;
2626 #endif /* CONFIG_FST */
2627
2628 #ifdef CONFIG_MBO
2629 mbo_ap_check_sta_assoc(hapd, sta, &elems);
2630
2631 if (hapd->conf->mbo_enabled && (hapd->conf->wpa & 2) &&
2632 elems.mbo && sta->cell_capa && !(sta->flags & WLAN_STA_MFP) &&
2633 hapd->conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
2634 wpa_printf(MSG_INFO,
2635 "MBO: Reject WPA2 association without PMF");
2636 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2637 }
2638 #endif /* CONFIG_MBO */
2639
2640 ap_copy_sta_supp_op_classes(sta, elems.supp_op_classes,
2641 elems.supp_op_classes_len);
2642
2643 if ((sta->capability & WLAN_CAPABILITY_RADIO_MEASUREMENT) &&
2644 elems.rrm_enabled &&
2645 elems.rrm_enabled_len >= sizeof(sta->rrm_enabled_capa))
2646 os_memcpy(sta->rrm_enabled_capa, elems.rrm_enabled,
2647 sizeof(sta->rrm_enabled_capa));
2648
2649 if (elems.power_capab) {
2650 sta->min_tx_power = elems.power_capab[0];
2651 sta->max_tx_power = elems.power_capab[1];
2652 sta->power_capab = 1;
2653 } else {
2654 sta->power_capab = 0;
2655 }
2656
2657 return WLAN_STATUS_SUCCESS;
2658 }
2659
2660
2661 static void send_deauth(struct hostapd_data *hapd, const u8 *addr,
2662 u16 reason_code)
2663 {
2664 int send_len;
2665 struct ieee80211_mgmt reply;
2666
2667 os_memset(&reply, 0, sizeof(reply));
2668 reply.frame_control =
2669 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_DEAUTH);
2670 os_memcpy(reply.da, addr, ETH_ALEN);
2671 os_memcpy(reply.sa, hapd->own_addr, ETH_ALEN);
2672 os_memcpy(reply.bssid, hapd->own_addr, ETH_ALEN);
2673
2674 send_len = IEEE80211_HDRLEN + sizeof(reply.u.deauth);
2675 reply.u.deauth.reason_code = host_to_le16(reason_code);
2676
2677 if (hostapd_drv_send_mlme(hapd, &reply, send_len, 0) < 0)
2678 wpa_printf(MSG_INFO, "Failed to send deauth: %s",
2679 strerror(errno));
2680 }
2681
2682
2683 static int add_associated_sta(struct hostapd_data *hapd,
2684 struct sta_info *sta)
2685 {
2686 struct ieee80211_ht_capabilities ht_cap;
2687 struct ieee80211_vht_capabilities vht_cap;
2688 int set = 1;
2689
2690 /*
2691 * Remove the STA entry to ensure the STA PS state gets cleared and
2692 * configuration gets updated. This is relevant for cases, such as
2693 * FT-over-the-DS, where a station re-associates back to the same AP but
2694 * skips the authentication flow, or if working with a driver that
2695 * does not support full AP client state.
2696 *
2697 * Skip this if the STA has already completed FT reassociation and the
2698 * TK has been configured since the TX/RX PN must not be reset to 0 for
2699 * the same key.
2700 */
2701 if (!sta->added_unassoc &&
2702 (!(sta->flags & WLAN_STA_AUTHORIZED) ||
2703 (!wpa_auth_sta_ft_tk_already_set(sta->wpa_sm) &&
2704 !wpa_auth_sta_fils_tk_already_set(sta->wpa_sm)))) {
2705 hostapd_drv_sta_remove(hapd, sta->addr);
2706 wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
2707 set = 0;
2708 }
2709
2710 #ifdef CONFIG_IEEE80211N
2711 if (sta->flags & WLAN_STA_HT)
2712 hostapd_get_ht_capab(hapd, sta->ht_capabilities, &ht_cap);
2713 #endif /* CONFIG_IEEE80211N */
2714 #ifdef CONFIG_IEEE80211AC
2715 if (sta->flags & WLAN_STA_VHT)
2716 hostapd_get_vht_capab(hapd, sta->vht_capabilities, &vht_cap);
2717 #endif /* CONFIG_IEEE80211AC */
2718
2719 /*
2720 * Add the station with forced WLAN_STA_ASSOC flag. The sta->flags
2721 * will be set when the ACK frame for the (Re)Association Response frame
2722 * is processed (TX status driver event).
2723 */
2724 if (hostapd_sta_add(hapd, sta->addr, sta->aid, sta->capability,
2725 sta->supported_rates, sta->supported_rates_len,
2726 sta->listen_interval,
2727 sta->flags & WLAN_STA_HT ? &ht_cap : NULL,
2728 sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
2729 sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
2730 sta->vht_opmode, sta->p2p_ie ? 1 : 0,
2731 set)) {
2732 hostapd_logger(hapd, sta->addr,
2733 HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
2734 "Could not %s STA to kernel driver",
2735 set ? "set" : "add");
2736
2737 if (sta->added_unassoc) {
2738 hostapd_drv_sta_remove(hapd, sta->addr);
2739 sta->added_unassoc = 0;
2740 }
2741
2742 return -1;
2743 }
2744
2745 sta->added_unassoc = 0;
2746
2747 return 0;
2748 }
2749
2750
2751 static u16 send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta,
2752 const u8 *addr, u16 status_code, int reassoc,
2753 const u8 *ies, size_t ies_len)
2754 {
2755 int send_len;
2756 u8 *buf;
2757 size_t buflen;
2758 struct ieee80211_mgmt *reply;
2759 u8 *p;
2760 u16 res = WLAN_STATUS_SUCCESS;
2761
2762 buflen = sizeof(struct ieee80211_mgmt) + 1024;
2763 #ifdef CONFIG_FILS
2764 if (sta && sta->fils_hlp_resp)
2765 buflen += wpabuf_len(sta->fils_hlp_resp);
2766 #endif /* CONFIG_FILS */
2767 #ifdef CONFIG_OWE
2768 if (sta && (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE))
2769 buflen += 150;
2770 #endif /* CONFIG_OWE */
2771 buf = os_zalloc(buflen);
2772 if (!buf) {
2773 res = WLAN_STATUS_UNSPECIFIED_FAILURE;
2774 goto done;
2775 }
2776 reply = (struct ieee80211_mgmt *) buf;
2777 reply->frame_control =
2778 IEEE80211_FC(WLAN_FC_TYPE_MGMT,
2779 (reassoc ? WLAN_FC_STYPE_REASSOC_RESP :
2780 WLAN_FC_STYPE_ASSOC_RESP));
2781 os_memcpy(reply->da, addr, ETH_ALEN);
2782 os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN);
2783 os_memcpy(reply->bssid, hapd->own_addr, ETH_ALEN);
2784
2785 send_len = IEEE80211_HDRLEN;
2786 send_len += sizeof(reply->u.assoc_resp);
2787 reply->u.assoc_resp.capab_info =
2788 host_to_le16(hostapd_own_capab_info(hapd));
2789 reply->u.assoc_resp.status_code = host_to_le16(status_code);
2790
2791 reply->u.assoc_resp.aid = host_to_le16((sta ? sta->aid : 0) |
2792 BIT(14) | BIT(15));
2793 /* Supported rates */
2794 p = hostapd_eid_supp_rates(hapd, reply->u.assoc_resp.variable);
2795 /* Extended supported rates */
2796 p = hostapd_eid_ext_supp_rates(hapd, p);
2797
2798 #ifdef CONFIG_IEEE80211R_AP
2799 if (sta && status_code == WLAN_STATUS_SUCCESS) {
2800 /* IEEE 802.11r: Mobility Domain Information, Fast BSS
2801 * Transition Information, RSN, [RIC Response] */
2802 p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, p,
2803 buf + buflen - p,
2804 sta->auth_alg, ies, ies_len);
2805 }
2806 #endif /* CONFIG_IEEE80211R_AP */
2807
2808 #ifdef CONFIG_OWE
2809 if (sta && (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE))
2810 p = wpa_auth_write_assoc_resp_owe(sta->wpa_sm, p,
2811 buf + buflen - p,
2812 ies, ies_len);
2813 #endif /* CONFIG_OWE */
2814
2815 #ifdef CONFIG_IEEE80211W
2816 if (sta && status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY)
2817 p = hostapd_eid_assoc_comeback_time(hapd, sta, p);
2818 #endif /* CONFIG_IEEE80211W */
2819
2820 #ifdef CONFIG_IEEE80211N
2821 p = hostapd_eid_ht_capabilities(hapd, p);
2822 p = hostapd_eid_ht_operation(hapd, p);
2823 #endif /* CONFIG_IEEE80211N */
2824
2825 #ifdef CONFIG_IEEE80211AC
2826 if (hapd->iconf->ieee80211ac && !hapd->conf->disable_11ac) {
2827 u32 nsts = 0, sta_nsts;
2828
2829 if (sta && hapd->conf->use_sta_nsts && sta->vht_capabilities) {
2830 struct ieee80211_vht_capabilities *capa;
2831
2832 nsts = (hapd->iface->conf->vht_capab >>
2833 VHT_CAP_BEAMFORMEE_STS_OFFSET) & 7;
2834 capa = sta->vht_capabilities;
2835 sta_nsts = (le_to_host32(capa->vht_capabilities_info) >>
2836 VHT_CAP_BEAMFORMEE_STS_OFFSET) & 7;
2837
2838 if (nsts < sta_nsts)
2839 nsts = 0;
2840 else
2841 nsts = sta_nsts;
2842 }
2843 p = hostapd_eid_vht_capabilities(hapd, p, nsts);
2844 p = hostapd_eid_vht_operation(hapd, p);
2845 }
2846 #endif /* CONFIG_IEEE80211AC */
2847
2848 p = hostapd_eid_ext_capab(hapd, p);
2849 p = hostapd_eid_bss_max_idle_period(hapd, p);
2850 if (sta && sta->qos_map_enabled)
2851 p = hostapd_eid_qos_map_set(hapd, p);
2852
2853 #ifdef CONFIG_FST
2854 if (hapd->iface->fst_ies) {
2855 os_memcpy(p, wpabuf_head(hapd->iface->fst_ies),
2856 wpabuf_len(hapd->iface->fst_ies));
2857 p += wpabuf_len(hapd->iface->fst_ies);
2858 }
2859 #endif /* CONFIG_FST */
2860
2861 #ifdef CONFIG_IEEE80211AC
2862 if (sta && hapd->conf->vendor_vht && (sta->flags & WLAN_STA_VENDOR_VHT))
2863 p = hostapd_eid_vendor_vht(hapd, p);
2864 #endif /* CONFIG_IEEE80211AC */
2865
2866 if (sta && (sta->flags & WLAN_STA_WMM))
2867 p = hostapd_eid_wmm(hapd, p);
2868
2869 #ifdef CONFIG_WPS
2870 if (sta &&
2871 ((sta->flags & WLAN_STA_WPS) ||
2872 ((sta->flags & WLAN_STA_MAYBE_WPS) && hapd->conf->wpa))) {
2873 struct wpabuf *wps = wps_build_assoc_resp_ie();
2874 if (wps) {
2875 os_memcpy(p, wpabuf_head(wps), wpabuf_len(wps));
2876 p += wpabuf_len(wps);
2877 wpabuf_free(wps);
2878 }
2879 }
2880 #endif /* CONFIG_WPS */
2881
2882 #ifdef CONFIG_P2P
2883 if (sta && sta->p2p_ie && hapd->p2p_group) {
2884 struct wpabuf *p2p_resp_ie;
2885 enum p2p_status_code status;
2886 switch (status_code) {
2887 case WLAN_STATUS_SUCCESS:
2888 status = P2P_SC_SUCCESS;
2889 break;
2890 case WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA:
2891 status = P2P_SC_FAIL_LIMIT_REACHED;
2892 break;
2893 default:
2894 status = P2P_SC_FAIL_INVALID_PARAMS;
2895 break;
2896 }
2897 p2p_resp_ie = p2p_group_assoc_resp_ie(hapd->p2p_group, status);
2898 if (p2p_resp_ie) {
2899 os_memcpy(p, wpabuf_head(p2p_resp_ie),
2900 wpabuf_len(p2p_resp_ie));
2901 p += wpabuf_len(p2p_resp_ie);
2902 wpabuf_free(p2p_resp_ie);
2903 }
2904 }
2905 #endif /* CONFIG_P2P */
2906
2907 #ifdef CONFIG_P2P_MANAGER
2908 if (hapd->conf->p2p & P2P_MANAGE)
2909 p = hostapd_eid_p2p_manage(hapd, p);
2910 #endif /* CONFIG_P2P_MANAGER */
2911
2912 p = hostapd_eid_mbo(hapd, p, buf + buflen - p);
2913
2914 if (hapd->conf->assocresp_elements &&
2915 (size_t) (buf + buflen - p) >=
2916 wpabuf_len(hapd->conf->assocresp_elements)) {
2917 os_memcpy(p, wpabuf_head(hapd->conf->assocresp_elements),
2918 wpabuf_len(hapd->conf->assocresp_elements));
2919 p += wpabuf_len(hapd->conf->assocresp_elements);
2920 }
2921
2922 send_len += p - reply->u.assoc_resp.variable;
2923
2924 #ifdef CONFIG_FILS
2925 if (sta &&
2926 (sta->auth_alg == WLAN_AUTH_FILS_SK ||
2927 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
2928 sta->auth_alg == WLAN_AUTH_FILS_PK) &&
2929 status_code == WLAN_STATUS_SUCCESS) {
2930 struct ieee802_11_elems elems;
2931
2932 if (ieee802_11_parse_elems(ies, ies_len, &elems, 0) ==
2933 ParseFailed || !elems.fils_session) {
2934 res = WLAN_STATUS_UNSPECIFIED_FAILURE;
2935 goto done;
2936 }
2937
2938 /* FILS Session */
2939 *p++ = WLAN_EID_EXTENSION; /* Element ID */
2940 *p++ = 1 + FILS_SESSION_LEN; /* Length */
2941 *p++ = WLAN_EID_EXT_FILS_SESSION; /* Element ID Extension */
2942 os_memcpy(p, elems.fils_session, FILS_SESSION_LEN);
2943 send_len += 2 + 1 + FILS_SESSION_LEN;
2944
2945 send_len = fils_encrypt_assoc(sta->wpa_sm, buf, send_len,
2946 buflen, sta->fils_hlp_resp);
2947 if (send_len < 0) {
2948 res = WLAN_STATUS_UNSPECIFIED_FAILURE;
2949 goto done;
2950 }
2951 }
2952 #endif /* CONFIG_FILS */
2953
2954 #ifdef CONFIG_OWE
2955 if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) &&
2956 sta && sta->owe_ecdh &&
2957 wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE) {
2958 struct wpabuf *pub;
2959
2960 pub = crypto_ecdh_get_pubkey(sta->owe_ecdh, 0);
2961 if (!pub) {
2962 res = WLAN_STATUS_UNSPECIFIED_FAILURE;
2963 goto done;
2964 }
2965 /* OWE Diffie-Hellman Parameter element */
2966 *p++ = WLAN_EID_EXTENSION; /* Element ID */
2967 *p++ = 1 + 2 + wpabuf_len(pub); /* Length */
2968 *p++ = WLAN_EID_EXT_OWE_DH_PARAM; /* Element ID Extension */
2969 WPA_PUT_LE16(p, sta->owe_group);
2970 p += 2;
2971 os_memcpy(p, wpabuf_head(pub), wpabuf_len(pub));
2972 p += wpabuf_len(pub);
2973 send_len += 3 + 2 + wpabuf_len(pub);
2974 wpabuf_free(pub);
2975 }
2976 #endif /* CONFIG_OWE */
2977
2978 if (hostapd_drv_send_mlme(hapd, reply, send_len, 0) < 0) {
2979 wpa_printf(MSG_INFO, "Failed to send assoc resp: %s",
2980 strerror(errno));
2981 res = WLAN_STATUS_UNSPECIFIED_FAILURE;
2982 }
2983
2984 done:
2985 os_free(buf);
2986 return res;
2987 }
2988
2989
2990 #ifdef CONFIG_OWE
2991 u8 * owe_auth_req_process(struct hostapd_data *hapd, struct sta_info *sta,
2992 const u8 *owe_dh, u8 owe_dh_len,
2993 u8 *owe_buf, size_t owe_buf_len, u16 *reason)
2994 {
2995 struct wpabuf *pub;
2996
2997 if (wpa_auth_sta_get_pmksa(sta->wpa_sm)) {
2998 wpa_printf(MSG_DEBUG, "OWE: Using PMKSA caching");
2999 owe_buf = wpa_auth_write_assoc_resp_owe(sta->wpa_sm, owe_buf,
3000 owe_buf_len, NULL, 0);
3001 *reason = WLAN_STATUS_SUCCESS;
3002 return owe_buf;
3003 }
3004
3005 *reason = owe_process_assoc_req(hapd, sta, owe_dh, owe_dh_len);
3006 if (*reason != WLAN_STATUS_SUCCESS)
3007 return NULL;
3008 pub = crypto_ecdh_get_pubkey(sta->owe_ecdh, 0);
3009 if (!pub) {
3010 *reason = WLAN_STATUS_UNSPECIFIED_FAILURE;
3011 return NULL;
3012 }
3013
3014 owe_buf = wpa_auth_write_assoc_resp_owe(sta->wpa_sm, owe_buf,
3015 owe_buf_len, NULL, 0);
3016
3017 /* OWE Diffie-Hellman Parameter element */
3018 *owe_buf++ = WLAN_EID_EXTENSION; /* Element ID */
3019 *owe_buf++ = 1 + 2 + wpabuf_len(pub); /* Length */
3020 *owe_buf++ = WLAN_EID_EXT_OWE_DH_PARAM; /* Element ID Extension */
3021 WPA_PUT_LE16(owe_buf, sta->owe_group);
3022 owe_buf += 2;
3023 os_memcpy(owe_buf, wpabuf_head(pub), wpabuf_len(pub));
3024 owe_buf += wpabuf_len(pub);
3025 wpabuf_free(pub);
3026 *reason = WLAN_STATUS_SUCCESS;
3027 return owe_buf;
3028 }
3029 #endif /* CONFIG_OWE */
3030
3031
3032 #ifdef CONFIG_FILS
3033
3034 void fils_hlp_finish_assoc(struct hostapd_data *hapd, struct sta_info *sta)
3035 {
3036 u16 reply_res;
3037
3038 wpa_printf(MSG_DEBUG, "FILS: Finish association with " MACSTR,
3039 MAC2STR(sta->addr));
3040 eloop_cancel_timeout(fils_hlp_timeout, hapd, sta);
3041 if (!sta->fils_pending_assoc_req)
3042 return;
3043 reply_res = send_assoc_resp(hapd, sta, sta->addr, WLAN_STATUS_SUCCESS,
3044 sta->fils_pending_assoc_is_reassoc,
3045 sta->fils_pending_assoc_req,
3046 sta->fils_pending_assoc_req_len);
3047 os_free(sta->fils_pending_assoc_req);
3048 sta->fils_pending_assoc_req = NULL;
3049 sta->fils_pending_assoc_req_len = 0;
3050 wpabuf_free(sta->fils_hlp_resp);
3051 sta->fils_hlp_resp = NULL;
3052 wpabuf_free(sta->hlp_dhcp_discover);
3053 sta->hlp_dhcp_discover = NULL;
3054
3055 /*
3056 * Remove the station in case transmission of a success response fails.
3057 * At this point the station was already added associated to the driver.
3058 */
3059 if (reply_res != WLAN_STATUS_SUCCESS)
3060 hostapd_drv_sta_remove(hapd, sta->addr);
3061 }
3062
3063
3064 void fils_hlp_timeout(void *eloop_ctx, void *eloop_data)
3065 {
3066 struct hostapd_data *hapd = eloop_ctx;
3067 struct sta_info *sta = eloop_data;
3068
3069 wpa_printf(MSG_DEBUG,
3070 "FILS: HLP response timeout - continue with association response for "
3071 MACSTR, MAC2STR(sta->addr));
3072 if (sta->fils_drv_assoc_finish)
3073 hostapd_notify_assoc_fils_finish(hapd, sta);
3074 else
3075 fils_hlp_finish_assoc(hapd, sta);
3076 }
3077
3078 #endif /* CONFIG_FILS */
3079
3080
3081 static void handle_assoc(struct hostapd_data *hapd,
3082 const struct ieee80211_mgmt *mgmt, size_t len,
3083 int reassoc)
3084 {
3085 u16 capab_info, listen_interval, seq_ctrl, fc;
3086 u16 resp = WLAN_STATUS_SUCCESS, reply_res;
3087 const u8 *pos;
3088 int left, i;
3089 struct sta_info *sta;
3090 u8 *tmp = NULL;
3091 struct hostapd_sta_wpa_psk_short *psk = NULL;
3092 char *identity = NULL;
3093 char *radius_cui = NULL;
3094 #ifdef CONFIG_FILS
3095 int delay_assoc = 0;
3096 #endif /* CONFIG_FILS */
3097
3098 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) :
3099 sizeof(mgmt->u.assoc_req))) {
3100 wpa_printf(MSG_INFO, "handle_assoc(reassoc=%d) - too short payload (len=%lu)",
3101 reassoc, (unsigned long) len);
3102 return;
3103 }
3104
3105 #ifdef CONFIG_TESTING_OPTIONS
3106 if (reassoc) {
3107 if (hapd->iconf->ignore_reassoc_probability > 0.0 &&
3108 drand48() < hapd->iconf->ignore_reassoc_probability) {
3109 wpa_printf(MSG_INFO,
3110 "TESTING: ignoring reassoc request from "
3111 MACSTR, MAC2STR(mgmt->sa));
3112 return;
3113 }
3114 } else {
3115 if (hapd->iconf->ignore_assoc_probability > 0.0 &&
3116 drand48() < hapd->iconf->ignore_assoc_probability) {
3117 wpa_printf(MSG_INFO,
3118 "TESTING: ignoring assoc request from "
3119 MACSTR, MAC2STR(mgmt->sa));
3120 return;
3121 }
3122 }
3123 #endif /* CONFIG_TESTING_OPTIONS */
3124
3125 fc = le_to_host16(mgmt->frame_control);
3126 seq_ctrl = le_to_host16(mgmt->seq_ctrl);
3127
3128 if (reassoc) {
3129 capab_info = le_to_host16(mgmt->u.reassoc_req.capab_info);
3130 listen_interval = le_to_host16(
3131 mgmt->u.reassoc_req.listen_interval);
3132 wpa_printf(MSG_DEBUG, "reassociation request: STA=" MACSTR
3133 " capab_info=0x%02x listen_interval=%d current_ap="
3134 MACSTR " seq_ctrl=0x%x%s",
3135 MAC2STR(mgmt->sa), capab_info, listen_interval,
3136 MAC2STR(mgmt->u.reassoc_req.current_ap),
3137 seq_ctrl, (fc & WLAN_FC_RETRY) ? " retry" : "");
3138 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.reassoc_req));
3139 pos = mgmt->u.reassoc_req.variable;
3140 } else {
3141 capab_info = le_to_host16(mgmt->u.assoc_req.capab_info);
3142 listen_interval = le_to_host16(
3143 mgmt->u.assoc_req.listen_interval);
3144 wpa_printf(MSG_DEBUG, "association request: STA=" MACSTR
3145 " capab_info=0x%02x listen_interval=%d "
3146 "seq_ctrl=0x%x%s",
3147 MAC2STR(mgmt->sa), capab_info, listen_interval,
3148 seq_ctrl, (fc & WLAN_FC_RETRY) ? " retry" : "");
3149 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.assoc_req));
3150 pos = mgmt->u.assoc_req.variable;
3151 }
3152
3153 sta = ap_get_sta(hapd, mgmt->sa);
3154 #ifdef CONFIG_IEEE80211R_AP
3155 if (sta && sta->auth_alg == WLAN_AUTH_FT &&
3156 (sta->flags & WLAN_STA_AUTH) == 0) {
3157 wpa_printf(MSG_DEBUG, "FT: Allow STA " MACSTR " to associate "
3158 "prior to authentication since it is using "
3159 "over-the-DS FT", MAC2STR(mgmt->sa));
3160
3161 /*
3162 * Mark station as authenticated, to avoid adding station
3163 * entry in the driver as associated and not authenticated
3164 */
3165 sta->flags |= WLAN_STA_AUTH;
3166 } else
3167 #endif /* CONFIG_IEEE80211R_AP */
3168 if (sta == NULL || (sta->flags & WLAN_STA_AUTH) == 0) {
3169 if (hapd->iface->current_mode &&
3170 hapd->iface->current_mode->mode ==
3171 HOSTAPD_MODE_IEEE80211AD) {
3172 int acl_res;
3173 u32 session_timeout, acct_interim_interval;
3174 struct vlan_description vlan_id;
3175
3176 acl_res = ieee802_11_allowed_address(
3177 hapd, mgmt->sa, (const u8 *) mgmt, len,
3178 &session_timeout, &acct_interim_interval,
3179 &vlan_id, &psk, &identity, &radius_cui);
3180 if (acl_res == HOSTAPD_ACL_REJECT) {
3181 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
3182 goto fail;
3183 }
3184 if (acl_res == HOSTAPD_ACL_PENDING)
3185 return;
3186
3187 /* DMG/IEEE 802.11ad does not use authentication.
3188 * Allocate sta entry upon association. */
3189 sta = ap_sta_add(hapd, mgmt->sa);
3190 if (!sta) {
3191 hostapd_logger(hapd, mgmt->sa,
3192 HOSTAPD_MODULE_IEEE80211,
3193 HOSTAPD_LEVEL_INFO,
3194 "Failed to add STA");
3195 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
3196 goto fail;
3197 }
3198
3199 acl_res = ieee802_11_set_radius_info(
3200 hapd, sta, acl_res, session_timeout,
3201 acct_interim_interval, &vlan_id, &psk,
3202 &identity, &radius_cui);
3203 if (acl_res) {
3204 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
3205 goto fail;
3206 }
3207
3208 hostapd_logger(hapd, sta->addr,
3209 HOSTAPD_MODULE_IEEE80211,
3210 HOSTAPD_LEVEL_DEBUG,
3211 "Skip authentication for DMG/IEEE 802.11ad");
3212 sta->flags |= WLAN_STA_AUTH;
3213 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
3214 sta->auth_alg = WLAN_AUTH_OPEN;
3215 } else {
3216 hostapd_logger(hapd, mgmt->sa,
3217 HOSTAPD_MODULE_IEEE80211,
3218 HOSTAPD_LEVEL_INFO,
3219 "Station tried to associate before authentication (aid=%d flags=0x%x)",
3220 sta ? sta->aid : -1,
3221 sta ? sta->flags : 0);
3222 send_deauth(hapd, mgmt->sa,
3223 WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA);
3224 return;
3225 }
3226 }
3227
3228 if ((fc & WLAN_FC_RETRY) &&
3229 sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ &&
3230 sta->last_seq_ctrl == seq_ctrl &&
3231 sta->last_subtype == (reassoc ? WLAN_FC_STYPE_REASSOC_REQ :
3232 WLAN_FC_STYPE_ASSOC_REQ)) {
3233 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
3234 HOSTAPD_LEVEL_DEBUG,
3235 "Drop repeated association frame seq_ctrl=0x%x",
3236 seq_ctrl);
3237 return;
3238 }
3239 sta->last_seq_ctrl = seq_ctrl;
3240 sta->last_subtype = reassoc ? WLAN_FC_STYPE_REASSOC_REQ :
3241 WLAN_FC_STYPE_ASSOC_REQ;
3242
3243 if (hapd->tkip_countermeasures) {
3244 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
3245 goto fail;
3246 }
3247
3248 if (listen_interval > hapd->conf->max_listen_interval) {
3249 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
3250 HOSTAPD_LEVEL_DEBUG,
3251 "Too large Listen Interval (%d)",
3252 listen_interval);
3253 resp = WLAN_STATUS_ASSOC_DENIED_LISTEN_INT_TOO_LARGE;
3254 goto fail;
3255 }
3256
3257 #ifdef CONFIG_MBO
3258 if (hapd->conf->mbo_enabled && hapd->mbo_assoc_disallow) {
3259 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
3260 goto fail;
3261 }
3262 #endif /* CONFIG_MBO */
3263
3264 /*
3265 * sta->capability is used in check_assoc_ies() for RRM enabled
3266 * capability element.
3267 */
3268 sta->capability = capab_info;
3269
3270 #ifdef CONFIG_FILS
3271 if (sta->auth_alg == WLAN_AUTH_FILS_SK ||
3272 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
3273 sta->auth_alg == WLAN_AUTH_FILS_PK) {
3274 int res;
3275
3276 /* The end of the payload is encrypted. Need to decrypt it
3277 * before parsing. */
3278
3279 tmp = os_memdup(pos, left);
3280 if (!tmp) {
3281 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
3282 goto fail;
3283 }
3284
3285 res = fils_decrypt_assoc(sta->wpa_sm, sta->fils_session, mgmt,
3286 len, tmp, left);
3287 if (res < 0) {
3288 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
3289 goto fail;
3290 }
3291 pos = tmp;
3292 left = res;
3293 }
3294 #endif /* CONFIG_FILS */
3295
3296 /* followed by SSID and Supported rates; and HT capabilities if 802.11n
3297 * is used */
3298 resp = check_assoc_ies(hapd, sta, pos, left, reassoc);
3299 if (resp != WLAN_STATUS_SUCCESS)
3300 goto fail;
3301
3302 if (hostapd_get_aid(hapd, sta) < 0) {
3303 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
3304 HOSTAPD_LEVEL_INFO, "No room for more AIDs");
3305 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
3306 goto fail;
3307 }
3308
3309 sta->listen_interval = listen_interval;
3310
3311 if (hapd->iface->current_mode &&
3312 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G)
3313 sta->flags |= WLAN_STA_NONERP;
3314 for (i = 0; i < sta->supported_rates_len; i++) {
3315 if ((sta->supported_rates[i] & 0x7f) > 22) {
3316 sta->flags &= ~WLAN_STA_NONERP;
3317 break;
3318 }
3319 }
3320 if (sta->flags & WLAN_STA_NONERP && !sta->nonerp_set) {
3321 sta->nonerp_set = 1;
3322 hapd->iface->num_sta_non_erp++;
3323 if (hapd->iface->num_sta_non_erp == 1)
3324 ieee802_11_set_beacons(hapd->iface);
3325 }
3326
3327 if (!(sta->capability & WLAN_CAPABILITY_SHORT_SLOT_TIME) &&
3328 !sta->no_short_slot_time_set) {
3329 sta->no_short_slot_time_set = 1;
3330 hapd->iface->num_sta_no_short_slot_time++;
3331 if (hapd->iface->current_mode &&
3332 hapd->iface->current_mode->mode ==
3333 HOSTAPD_MODE_IEEE80211G &&
3334 hapd->iface->num_sta_no_short_slot_time == 1)
3335 ieee802_11_set_beacons(hapd->iface);
3336 }
3337
3338 if (sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE)
3339 sta->flags |= WLAN_STA_SHORT_PREAMBLE;
3340 else
3341 sta->flags &= ~WLAN_STA_SHORT_PREAMBLE;
3342
3343 if (!(sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE) &&
3344 !sta->no_short_preamble_set) {
3345 sta->no_short_preamble_set = 1;
3346 hapd->iface->num_sta_no_short_preamble++;
3347 if (hapd->iface->current_mode &&
3348 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G
3349 && hapd->iface->num_sta_no_short_preamble == 1)
3350 ieee802_11_set_beacons(hapd->iface);
3351 }
3352
3353 #ifdef CONFIG_IEEE80211N
3354 update_ht_state(hapd, sta);
3355 #endif /* CONFIG_IEEE80211N */
3356
3357 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
3358 HOSTAPD_LEVEL_DEBUG,
3359 "association OK (aid %d)", sta->aid);
3360 /* Station will be marked associated, after it acknowledges AssocResp
3361 */
3362 sta->flags |= WLAN_STA_ASSOC_REQ_OK;
3363
3364 #ifdef CONFIG_IEEE80211W
3365 if ((sta->flags & WLAN_STA_MFP) && sta->sa_query_timed_out) {
3366 wpa_printf(MSG_DEBUG, "Allowing %sassociation after timed out "
3367 "SA Query procedure", reassoc ? "re" : "");
3368 /* TODO: Send a protected Disassociate frame to the STA using
3369 * the old key and Reason Code "Previous Authentication no
3370 * longer valid". Make sure this is only sent protected since
3371 * unprotected frame would be received by the STA that is now
3372 * trying to associate.
3373 */
3374 }
3375 #endif /* CONFIG_IEEE80211W */
3376
3377 /* Make sure that the previously registered inactivity timer will not
3378 * remove the STA immediately. */
3379 sta->timeout_next = STA_NULLFUNC;
3380
3381 #ifdef CONFIG_TAXONOMY
3382 taxonomy_sta_info_assoc_req(hapd, sta, pos, left);
3383 #endif /* CONFIG_TAXONOMY */
3384
3385 sta->pending_wds_enable = 0;
3386
3387 #ifdef CONFIG_FILS
3388 if (sta->auth_alg == WLAN_AUTH_FILS_SK ||
3389 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
3390 sta->auth_alg == WLAN_AUTH_FILS_PK) {
3391 if (fils_process_hlp(hapd, sta, pos, left) > 0)
3392 delay_assoc = 1;
3393 }
3394 #endif /* CONFIG_FILS */
3395
3396 fail:
3397 os_free(identity);
3398 os_free(radius_cui);
3399 hostapd_free_psk_list(psk);
3400
3401 /*
3402 * In case of a successful response, add the station to the driver.
3403 * Otherwise, the kernel may ignore Data frames before we process the
3404 * ACK frame (TX status). In case of a failure, this station will be
3405 * removed.
3406 *
3407 * Note that this is not compliant with the IEEE 802.11 standard that
3408 * states that a non-AP station should transition into the
3409 * authenticated/associated state only after the station acknowledges
3410 * the (Re)Association Response frame. However, still do this as:
3411 *
3412 * 1. In case the station does not acknowledge the (Re)Association
3413 * Response frame, it will be removed.
3414 * 2. Data frames will be dropped in the kernel until the station is
3415 * set into authorized state, and there are no significant known
3416 * issues with processing other non-Data Class 3 frames during this
3417 * window.
3418 */
3419 if (resp == WLAN_STATUS_SUCCESS && sta && add_associated_sta(hapd, sta))
3420 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
3421
3422 #ifdef CONFIG_FILS
3423 if (sta) {
3424 eloop_cancel_timeout(fils_hlp_timeout, hapd, sta);
3425 os_free(sta->fils_pending_assoc_req);
3426 sta->fils_pending_assoc_req = NULL;
3427 sta->fils_pending_assoc_req_len = 0;
3428 wpabuf_free(sta->fils_hlp_resp);
3429 sta->fils_hlp_resp = NULL;
3430 }
3431 if (sta && delay_assoc && resp == WLAN_STATUS_SUCCESS) {
3432 sta->fils_pending_assoc_req = tmp;
3433 sta->fils_pending_assoc_req_len = left;
3434 sta->fils_pending_assoc_is_reassoc = reassoc;
3435 sta->fils_drv_assoc_finish = 0;
3436 wpa_printf(MSG_DEBUG,
3437 "FILS: Waiting for HLP processing before sending (Re)Association Response frame to "
3438 MACSTR, MAC2STR(sta->addr));
3439 eloop_cancel_timeout(fils_hlp_timeout, hapd, sta);
3440 eloop_register_timeout(0, hapd->conf->fils_hlp_wait_time * 1024,
3441 fils_hlp_timeout, hapd, sta);
3442 return;
3443 }
3444 #endif /* CONFIG_FILS */
3445
3446 reply_res = send_assoc_resp(hapd, sta, mgmt->sa, resp, reassoc, pos,
3447 left);
3448 os_free(tmp);
3449
3450 /*
3451 * Remove the station in case tranmission of a success response fails
3452 * (the STA was added associated to the driver) or if the station was
3453 * previously added unassociated.
3454 */
3455 if (sta && ((reply_res != WLAN_STATUS_SUCCESS &&
3456 resp == WLAN_STATUS_SUCCESS) || sta->added_unassoc)) {
3457 hostapd_drv_sta_remove(hapd, sta->addr);
3458 sta->added_unassoc = 0;
3459 }
3460 }
3461
3462
3463 static void handle_disassoc(struct hostapd_data *hapd,
3464 const struct ieee80211_mgmt *mgmt, size_t len)
3465 {
3466 struct sta_info *sta;
3467
3468 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.disassoc)) {
3469 wpa_printf(MSG_INFO, "handle_disassoc - too short payload (len=%lu)",
3470 (unsigned long) len);
3471 return;
3472 }
3473
3474 wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d",
3475 MAC2STR(mgmt->sa),
3476 le_to_host16(mgmt->u.disassoc.reason_code));
3477
3478 sta = ap_get_sta(hapd, mgmt->sa);
3479 if (sta == NULL) {
3480 wpa_printf(MSG_INFO, "Station " MACSTR " trying to disassociate, but it is not associated",
3481 MAC2STR(mgmt->sa));
3482 return;
3483 }
3484
3485 ap_sta_set_authorized(hapd, sta, 0);
3486 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
3487 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK);
3488 wpa_auth_sm_event(sta->wpa_sm, WPA_DISASSOC);
3489 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
3490 HOSTAPD_LEVEL_INFO, "disassociated");
3491 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST;
3492 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
3493 /* Stop Accounting and IEEE 802.1X sessions, but leave the STA
3494 * authenticated. */
3495 accounting_sta_stop(hapd, sta);
3496 ieee802_1x_free_station(hapd, sta);
3497 if (sta->ipaddr)
3498 hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr);
3499 ap_sta_ip6addr_del(hapd, sta);
3500 hostapd_drv_sta_remove(hapd, sta->addr);
3501 sta->added_unassoc = 0;
3502
3503 if (sta->timeout_next == STA_NULLFUNC ||
3504 sta->timeout_next == STA_DISASSOC) {
3505 sta->timeout_next = STA_DEAUTH;
3506 eloop_cancel_timeout(ap_handle_timer, hapd, sta);
3507 eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer,
3508 hapd, sta);
3509 }
3510
3511 mlme_disassociate_indication(
3512 hapd, sta, le_to_host16(mgmt->u.disassoc.reason_code));
3513
3514 /* DMG/IEEE 802.11ad does not use deauthication. Deallocate sta upon
3515 * disassociation. */
3516 if (hapd->iface->current_mode &&
3517 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) {
3518 sta->flags &= ~WLAN_STA_AUTH;
3519 wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH);
3520 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
3521 HOSTAPD_LEVEL_DEBUG, "deauthenticated");
3522 ap_free_sta(hapd, sta);
3523 }
3524 }
3525
3526
3527 static void handle_deauth(struct hostapd_data *hapd,
3528 const struct ieee80211_mgmt *mgmt, size_t len)
3529 {
3530 struct sta_info *sta;
3531
3532 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.deauth)) {
3533 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "handle_deauth - too short "
3534 "payload (len=%lu)", (unsigned long) len);
3535 return;
3536 }
3537
3538 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "deauthentication: STA=" MACSTR
3539 " reason_code=%d",
3540 MAC2STR(mgmt->sa), le_to_host16(mgmt->u.deauth.reason_code));
3541
3542 sta = ap_get_sta(hapd, mgmt->sa);
3543 if (sta == NULL) {
3544 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR " trying "
3545 "to deauthenticate, but it is not authenticated",
3546 MAC2STR(mgmt->sa));
3547 return;
3548 }
3549
3550 ap_sta_set_authorized(hapd, sta, 0);
3551 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
3552 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC |
3553 WLAN_STA_ASSOC_REQ_OK);
3554 wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH);
3555 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
3556 HOSTAPD_LEVEL_DEBUG, "deauthenticated");
3557 mlme_deauthenticate_indication(
3558 hapd, sta, le_to_host16(mgmt->u.deauth.reason_code));
3559 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST;
3560 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
3561 ap_free_sta(hapd, sta);
3562 }
3563
3564
3565 static void handle_beacon(struct hostapd_data *hapd,
3566 const struct ieee80211_mgmt *mgmt, size_t len,
3567 struct hostapd_frame_info *fi)
3568 {
3569 struct ieee802_11_elems elems;
3570
3571 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.beacon)) {
3572 wpa_printf(MSG_INFO, "handle_beacon - too short payload (len=%lu)",
3573 (unsigned long) len);
3574 return;
3575 }
3576
3577 (void) ieee802_11_parse_elems(mgmt->u.beacon.variable,
3578 len - (IEEE80211_HDRLEN +
3579 sizeof(mgmt->u.beacon)), &elems,
3580 0);
3581
3582 ap_list_process_beacon(hapd->iface, mgmt, &elems, fi);
3583 }
3584
3585
3586 #ifdef CONFIG_IEEE80211W
3587
3588 static int hostapd_sa_query_action(struct hostapd_data *hapd,
3589 const struct ieee80211_mgmt *mgmt,
3590 size_t len)
3591 {
3592 const u8 *end;
3593
3594 end = mgmt->u.action.u.sa_query_resp.trans_id +
3595 WLAN_SA_QUERY_TR_ID_LEN;
3596 if (((u8 *) mgmt) + len < end) {
3597 wpa_printf(MSG_DEBUG, "IEEE 802.11: Too short SA Query Action "
3598 "frame (len=%lu)", (unsigned long) len);
3599 return 0;
3600 }
3601
3602 ieee802_11_sa_query_action(hapd, mgmt->sa,
3603 mgmt->u.action.u.sa_query_resp.action,
3604 mgmt->u.action.u.sa_query_resp.trans_id);
3605 return 1;
3606 }
3607
3608
3609 static int robust_action_frame(u8 category)
3610 {
3611 return category != WLAN_ACTION_PUBLIC &&
3612 category != WLAN_ACTION_HT;
3613 }
3614 #endif /* CONFIG_IEEE80211W */
3615
3616
3617 static int handle_action(struct hostapd_data *hapd,
3618 const struct ieee80211_mgmt *mgmt, size_t len,
3619 unsigned int freq)
3620 {
3621 struct sta_info *sta;
3622 sta = ap_get_sta(hapd, mgmt->sa);
3623
3624 if (len < IEEE80211_HDRLEN + 1) {
3625 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
3626 HOSTAPD_LEVEL_DEBUG,
3627 "handle_action - too short payload (len=%lu)",
3628 (unsigned long) len);
3629 return 0;
3630 }
3631
3632 if (mgmt->u.action.category != WLAN_ACTION_PUBLIC &&
3633 (sta == NULL || !(sta->flags & WLAN_STA_ASSOC))) {
3634 wpa_printf(MSG_DEBUG, "IEEE 802.11: Ignored Action "
3635 "frame (category=%u) from unassociated STA " MACSTR,
3636 mgmt->u.action.category, MAC2STR(mgmt->sa));
3637 return 0;
3638 }
3639
3640 #ifdef CONFIG_IEEE80211W
3641 if (sta && (sta->flags & WLAN_STA_MFP) &&
3642 !(mgmt->frame_control & host_to_le16(WLAN_FC_ISWEP)) &&
3643 robust_action_frame(mgmt->u.action.category)) {
3644 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
3645 HOSTAPD_LEVEL_DEBUG,
3646 "Dropped unprotected Robust Action frame from "
3647 "an MFP STA");
3648 return 0;
3649 }
3650 #endif /* CONFIG_IEEE80211W */
3651
3652 if (sta) {
3653 u16 fc = le_to_host16(mgmt->frame_control);
3654 u16 seq_ctrl = le_to_host16(mgmt->seq_ctrl);
3655
3656 if ((fc & WLAN_FC_RETRY) &&
3657 sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ &&
3658 sta->last_seq_ctrl == seq_ctrl &&
3659 sta->last_subtype == WLAN_FC_STYPE_ACTION) {
3660 hostapd_logger(hapd, sta->addr,
3661 HOSTAPD_MODULE_IEEE80211,
3662 HOSTAPD_LEVEL_DEBUG,
3663 "Drop repeated action frame seq_ctrl=0x%x",
3664 seq_ctrl);
3665 return 1;
3666 }
3667
3668 sta->last_seq_ctrl = seq_ctrl;
3669 sta->last_subtype = WLAN_FC_STYPE_ACTION;
3670 }
3671
3672 switch (mgmt->u.action.category) {
3673 #ifdef CONFIG_IEEE80211R_AP
3674 case WLAN_ACTION_FT:
3675 if (!sta ||
3676 wpa_ft_action_rx(sta->wpa_sm, (u8 *) &mgmt->u.action,
3677 len - IEEE80211_HDRLEN))
3678 break;
3679 return 1;
3680 #endif /* CONFIG_IEEE80211R_AP */
3681 case WLAN_ACTION_WMM:
3682 hostapd_wmm_action(hapd, mgmt, len);
3683 return 1;
3684 #ifdef CONFIG_IEEE80211W
3685 case WLAN_ACTION_SA_QUERY:
3686 return hostapd_sa_query_action(hapd, mgmt, len);
3687 #endif /* CONFIG_IEEE80211W */
3688 #ifdef CONFIG_WNM_AP
3689 case WLAN_ACTION_WNM:
3690 ieee802_11_rx_wnm_action_ap(hapd, mgmt, len);
3691 return 1;
3692 #endif /* CONFIG_WNM_AP */
3693 #ifdef CONFIG_FST
3694 case WLAN_ACTION_FST:
3695 if (hapd->iface->fst)
3696 fst_rx_action(hapd->iface->fst, mgmt, len);
3697 else
3698 wpa_printf(MSG_DEBUG,
3699 "FST: Ignore FST Action frame - no FST attached");
3700 return 1;
3701 #endif /* CONFIG_FST */
3702 case WLAN_ACTION_PUBLIC:
3703 case WLAN_ACTION_PROTECTED_DUAL:
3704 #ifdef CONFIG_IEEE80211N
3705 if (len >= IEEE80211_HDRLEN + 2 &&
3706 mgmt->u.action.u.public_action.action ==
3707 WLAN_PA_20_40_BSS_COEX) {
3708 wpa_printf(MSG_DEBUG,
3709 "HT20/40 coex mgmt frame received from STA "
3710 MACSTR, MAC2STR(mgmt->sa));
3711 hostapd_2040_coex_action(hapd, mgmt, len);
3712 return 1;
3713 }
3714 #endif /* CONFIG_IEEE80211N */
3715 #ifdef CONFIG_DPP
3716 if (len >= IEEE80211_HDRLEN + 6 &&
3717 mgmt->u.action.u.vs_public_action.action ==
3718 WLAN_PA_VENDOR_SPECIFIC &&
3719 WPA_GET_BE24(mgmt->u.action.u.vs_public_action.oui) ==
3720 OUI_WFA &&
3721 mgmt->u.action.u.vs_public_action.variable[0] ==
3722 DPP_OUI_TYPE) {
3723 const u8 *pos, *end;
3724
3725 pos = mgmt->u.action.u.vs_public_action.oui;
3726 end = ((const u8 *) mgmt) + len;
3727 hostapd_dpp_rx_action(hapd, mgmt->sa, pos, end - pos,
3728 freq);
3729 return 1;
3730 }
3731 if (len >= IEEE80211_HDRLEN + 2 &&
3732 (mgmt->u.action.u.public_action.action ==
3733 WLAN_PA_GAS_INITIAL_RESP ||
3734 mgmt->u.action.u.public_action.action ==
3735 WLAN_PA_GAS_COMEBACK_RESP)) {
3736 const u8 *pos, *end;
3737
3738 pos = &mgmt->u.action.u.public_action.action;
3739 end = ((const u8 *) mgmt) + len;
3740 gas_query_ap_rx(hapd->gas, mgmt->sa,
3741 mgmt->u.action.category,
3742 pos, end - pos, hapd->iface->freq);
3743 return 1;
3744 }
3745 #endif /* CONFIG_DPP */
3746 if (hapd->public_action_cb) {
3747 hapd->public_action_cb(hapd->public_action_cb_ctx,
3748 (u8 *) mgmt, len,
3749 hapd->iface->freq);
3750 }
3751 if (hapd->public_action_cb2) {
3752 hapd->public_action_cb2(hapd->public_action_cb2_ctx,
3753 (u8 *) mgmt, len,
3754 hapd->iface->freq);
3755 }
3756 if (hapd->public_action_cb || hapd->public_action_cb2)
3757 return 1;
3758 break;
3759 case WLAN_ACTION_VENDOR_SPECIFIC:
3760 if (hapd->vendor_action_cb) {
3761 if (hapd->vendor_action_cb(hapd->vendor_action_cb_ctx,
3762 (u8 *) mgmt, len,
3763 hapd->iface->freq) == 0)
3764 return 1;
3765 }
3766 break;
3767 case WLAN_ACTION_RADIO_MEASUREMENT:
3768 hostapd_handle_radio_measurement(hapd, (const u8 *) mgmt, len);
3769 return 1;
3770 }
3771
3772 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
3773 HOSTAPD_LEVEL_DEBUG,
3774 "handle_action - unknown action category %d or invalid "
3775 "frame",
3776 mgmt->u.action.category);
3777 if (!is_multicast_ether_addr(mgmt->da) &&
3778 !(mgmt->u.action.category & 0x80) &&
3779 !is_multicast_ether_addr(mgmt->sa)) {
3780 struct ieee80211_mgmt *resp;
3781
3782 /*
3783 * IEEE 802.11-REVma/D9.0 - 7.3.1.11
3784 * Return the Action frame to the source without change
3785 * except that MSB of the Category set to 1.
3786 */
3787 wpa_printf(MSG_DEBUG, "IEEE 802.11: Return unknown Action "
3788 "frame back to sender");
3789 resp = os_memdup(mgmt, len);
3790 if (resp == NULL)
3791 return 0;
3792 os_memcpy(resp->da, resp->sa, ETH_ALEN);
3793 os_memcpy(resp->sa, hapd->own_addr, ETH_ALEN);
3794 os_memcpy(resp->bssid, hapd->own_addr, ETH_ALEN);
3795 resp->u.action.category |= 0x80;
3796
3797 if (hostapd_drv_send_mlme(hapd, resp, len, 0) < 0) {
3798 wpa_printf(MSG_ERROR, "IEEE 802.11: Failed to send "
3799 "Action frame");
3800 }
3801 os_free(resp);
3802 }
3803
3804 return 1;
3805 }
3806
3807
3808 /**
3809 * ieee802_11_mgmt - process incoming IEEE 802.11 management frames
3810 * @hapd: hostapd BSS data structure (the BSS to which the management frame was
3811 * sent to)
3812 * @buf: management frame data (starting from IEEE 802.11 header)
3813 * @len: length of frame data in octets
3814 * @fi: meta data about received frame (signal level, etc.)
3815 *
3816 * Process all incoming IEEE 802.11 management frames. This will be called for
3817 * each frame received from the kernel driver through wlan#ap interface. In
3818 * addition, it can be called to re-inserted pending frames (e.g., when using
3819 * external RADIUS server as an MAC ACL).
3820 */
3821 int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
3822 struct hostapd_frame_info *fi)
3823 {
3824 struct ieee80211_mgmt *mgmt;
3825 u16 fc, stype;
3826 int ret = 0;
3827 unsigned int freq;
3828
3829 if (len < 24)
3830 return 0;
3831
3832 if (fi && fi->freq)
3833 freq = fi->freq;
3834 else
3835 freq = hapd->iface->freq;
3836
3837 mgmt = (struct ieee80211_mgmt *) buf;
3838 fc = le_to_host16(mgmt->frame_control);
3839 stype = WLAN_FC_GET_STYPE(fc);
3840
3841 if (stype == WLAN_FC_STYPE_BEACON) {
3842 handle_beacon(hapd, mgmt, len, fi);
3843 return 1;
3844 }
3845
3846 if (!is_broadcast_ether_addr(mgmt->bssid) &&
3847 #ifdef CONFIG_P2P
3848 /* Invitation responses can be sent with the peer MAC as BSSID */
3849 !((hapd->conf->p2p & P2P_GROUP_OWNER) &&
3850 stype == WLAN_FC_STYPE_ACTION) &&
3851 #endif /* CONFIG_P2P */
3852 #ifdef CONFIG_MESH
3853 !(hapd->conf->mesh & MESH_ENABLED) &&
3854 #endif /* CONFIG_MESH */
3855 os_memcmp(mgmt->bssid, hapd->own_addr, ETH_ALEN) != 0) {
3856 wpa_printf(MSG_INFO, "MGMT: BSSID=" MACSTR " not our address",
3857 MAC2STR(mgmt->bssid));
3858 return 0;
3859 }
3860
3861
3862 if (stype == WLAN_FC_STYPE_PROBE_REQ) {
3863 handle_probe_req(hapd, mgmt, len, fi->ssi_signal);
3864 return 1;
3865 }
3866
3867 if ((!is_broadcast_ether_addr(mgmt->da) ||
3868 stype != WLAN_FC_STYPE_ACTION) &&
3869 os_memcmp(mgmt->da, hapd->own_addr, ETH_ALEN) != 0) {
3870 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
3871 HOSTAPD_LEVEL_DEBUG,
3872 "MGMT: DA=" MACSTR " not our address",
3873 MAC2STR(mgmt->da));
3874 return 0;
3875 }
3876
3877 if (hapd->iconf->track_sta_max_num)
3878 sta_track_add(hapd->iface, mgmt->sa, fi->ssi_signal);
3879
3880 switch (stype) {
3881 case WLAN_FC_STYPE_AUTH:
3882 wpa_printf(MSG_DEBUG, "mgmt::auth");
3883 handle_auth(hapd, mgmt, len);
3884 ret = 1;
3885 break;
3886 case WLAN_FC_STYPE_ASSOC_REQ:
3887 wpa_printf(MSG_DEBUG, "mgmt::assoc_req");
3888 handle_assoc(hapd, mgmt, len, 0);
3889 ret = 1;
3890 break;
3891 case WLAN_FC_STYPE_REASSOC_REQ:
3892 wpa_printf(MSG_DEBUG, "mgmt::reassoc_req");
3893 handle_assoc(hapd, mgmt, len, 1);
3894 ret = 1;
3895 break;
3896 case WLAN_FC_STYPE_DISASSOC:
3897 wpa_printf(MSG_DEBUG, "mgmt::disassoc");
3898 handle_disassoc(hapd, mgmt, len);
3899 ret = 1;
3900 break;
3901 case WLAN_FC_STYPE_DEAUTH:
3902 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "mgmt::deauth");
3903 handle_deauth(hapd, mgmt, len);
3904 ret = 1;
3905 break;
3906 case WLAN_FC_STYPE_ACTION:
3907 wpa_printf(MSG_DEBUG, "mgmt::action");
3908 ret = handle_action(hapd, mgmt, len, freq);
3909 break;
3910 default:
3911 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
3912 HOSTAPD_LEVEL_DEBUG,
3913 "unknown mgmt frame subtype %d", stype);
3914 break;
3915 }
3916
3917 return ret;
3918 }
3919
3920
3921 static void handle_auth_cb(struct hostapd_data *hapd,
3922 const struct ieee80211_mgmt *mgmt,
3923 size_t len, int ok)
3924 {
3925 u16 auth_alg, auth_transaction, status_code;
3926 struct sta_info *sta;
3927
3928 sta = ap_get_sta(hapd, mgmt->da);
3929 if (!sta) {
3930 wpa_printf(MSG_INFO, "handle_auth_cb: STA " MACSTR " not found",
3931 MAC2STR(mgmt->da));
3932 return;
3933 }
3934
3935 auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
3936 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction);
3937 status_code = le_to_host16(mgmt->u.auth.status_code);
3938
3939 if (!ok) {
3940 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211,
3941 HOSTAPD_LEVEL_NOTICE,
3942 "did not acknowledge authentication response");
3943 goto fail;
3944 }
3945
3946 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
3947 wpa_printf(MSG_INFO, "handle_auth_cb - too short payload (len=%lu)",
3948 (unsigned long) len);
3949 goto fail;
3950 }
3951
3952 if (status_code == WLAN_STATUS_SUCCESS &&
3953 ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 2) ||
3954 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 4))) {
3955 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
3956 HOSTAPD_LEVEL_INFO, "authenticated");
3957 sta->flags |= WLAN_STA_AUTH;
3958 if (sta->added_unassoc)
3959 hostapd_set_sta_flags(hapd, sta);
3960 return;
3961 }
3962
3963 fail:
3964 if (status_code != WLAN_STATUS_SUCCESS && sta->added_unassoc) {
3965 hostapd_drv_sta_remove(hapd, sta->addr);
3966 sta->added_unassoc = 0;
3967 }
3968 }
3969
3970
3971 static void hostapd_set_wds_encryption(struct hostapd_data *hapd,
3972 struct sta_info *sta,
3973 char *ifname_wds)
3974 {
3975 int i;
3976 struct hostapd_ssid *ssid = &hapd->conf->ssid;
3977
3978 if (hapd->conf->ieee802_1x || hapd->conf->wpa)
3979 return;
3980
3981 for (i = 0; i < 4; i++) {
3982 if (ssid->wep.key[i] &&
3983 hostapd_drv_set_key(ifname_wds, hapd, WPA_ALG_WEP, NULL, i,
3984 i == ssid->wep.idx, NULL, 0,
3985 ssid->wep.key[i], ssid->wep.len[i])) {
3986 wpa_printf(MSG_WARNING,
3987 "Could not set WEP keys for WDS interface; %s",
3988 ifname_wds);
3989 break;
3990 }
3991 }
3992 }
3993
3994
3995 static void handle_assoc_cb(struct hostapd_data *hapd,
3996 const struct ieee80211_mgmt *mgmt,
3997 size_t len, int reassoc, int ok)
3998 {
3999 u16 status;
4000 struct sta_info *sta;
4001 int new_assoc = 1;
4002
4003 sta = ap_get_sta(hapd, mgmt->da);
4004 if (!sta) {
4005 wpa_printf(MSG_INFO, "handle_assoc_cb: STA " MACSTR " not found",
4006 MAC2STR(mgmt->da));
4007 return;
4008 }
4009
4010 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_resp) :
4011 sizeof(mgmt->u.assoc_resp))) {
4012 wpa_printf(MSG_INFO,
4013 "handle_assoc_cb(reassoc=%d) - too short payload (len=%lu)",
4014 reassoc, (unsigned long) len);
4015 hostapd_drv_sta_remove(hapd, sta->addr);
4016 return;
4017 }
4018
4019 if (reassoc)
4020 status = le_to_host16(mgmt->u.reassoc_resp.status_code);
4021 else
4022 status = le_to_host16(mgmt->u.assoc_resp.status_code);
4023
4024 if (!ok) {
4025 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211,
4026 HOSTAPD_LEVEL_DEBUG,
4027 "did not acknowledge association response");
4028 sta->flags &= ~WLAN_STA_ASSOC_REQ_OK;
4029 /* The STA is added only in case of SUCCESS */
4030 if (status == WLAN_STATUS_SUCCESS)
4031 hostapd_drv_sta_remove(hapd, sta->addr);
4032
4033 return;
4034 }
4035
4036 if (status != WLAN_STATUS_SUCCESS)
4037 return;
4038
4039 /* Stop previous accounting session, if one is started, and allocate
4040 * new session id for the new session. */
4041 accounting_sta_stop(hapd, sta);
4042
4043 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
4044 HOSTAPD_LEVEL_INFO,
4045 "associated (aid %d)",
4046 sta->aid);
4047
4048 if (sta->flags & WLAN_STA_ASSOC)
4049 new_assoc = 0;
4050 sta->flags |= WLAN_STA_ASSOC;
4051 sta->flags &= ~WLAN_STA_WNM_SLEEP_MODE;
4052 if ((!hapd->conf->ieee802_1x && !hapd->conf->wpa &&
4053 !hapd->conf->osen) ||
4054 sta->auth_alg == WLAN_AUTH_FILS_SK ||
4055 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
4056 sta->auth_alg == WLAN_AUTH_FILS_PK ||
4057 sta->auth_alg == WLAN_AUTH_FT) {
4058 /*
4059 * Open, static WEP, FT protocol, or FILS; no separate
4060 * authorization step.
4061 */
4062 ap_sta_set_authorized(hapd, sta, 1);
4063 }
4064
4065 if (reassoc)
4066 mlme_reassociate_indication(hapd, sta);
4067 else
4068 mlme_associate_indication(hapd, sta);
4069
4070 #ifdef CONFIG_IEEE80211W
4071 sta->sa_query_timed_out = 0;
4072 #endif /* CONFIG_IEEE80211W */
4073
4074 if (sta->eapol_sm == NULL) {
4075 /*
4076 * This STA does not use RADIUS server for EAP authentication,
4077 * so bind it to the selected VLAN interface now, since the
4078 * interface selection is not going to change anymore.
4079 */
4080 if (ap_sta_bind_vlan(hapd, sta) < 0)
4081 return;
4082 } else if (sta->vlan_id) {
4083 /* VLAN ID already set (e.g., by PMKSA caching), so bind STA */
4084 if (ap_sta_bind_vlan(hapd, sta) < 0)
4085 return;
4086 }
4087
4088 hostapd_set_sta_flags(hapd, sta);
4089
4090 if (!(sta->flags & WLAN_STA_WDS) && sta->pending_wds_enable) {
4091 wpa_printf(MSG_DEBUG, "Enable 4-address WDS mode for STA "
4092 MACSTR " based on pending request",
4093 MAC2STR(sta->addr));
4094 sta->pending_wds_enable = 0;
4095 sta->flags |= WLAN_STA_WDS;
4096 }
4097
4098 if (sta->flags & WLAN_STA_WDS) {
4099 int ret;
4100 char ifname_wds[IFNAMSIZ + 1];
4101
4102 wpa_printf(MSG_DEBUG, "Reenable 4-address WDS mode for STA "
4103 MACSTR " (aid %u)",
4104 MAC2STR(sta->addr), sta->aid);
4105 ret = hostapd_set_wds_sta(hapd, ifname_wds, sta->addr,
4106 sta->aid, 1);
4107 if (!ret)
4108 hostapd_set_wds_encryption(hapd, sta, ifname_wds);
4109 }
4110
4111 if (sta->auth_alg == WLAN_AUTH_FT)
4112 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC_FT);
4113 else
4114 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC);
4115 hapd->new_assoc_sta_cb(hapd, sta, !new_assoc);
4116 ieee802_1x_notify_port_enabled(sta->eapol_sm, 1);
4117
4118 #ifdef CONFIG_FILS
4119 if ((sta->auth_alg == WLAN_AUTH_FILS_SK ||
4120 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
4121 sta->auth_alg == WLAN_AUTH_FILS_PK) &&
4122 fils_set_tk(sta->wpa_sm) < 0) {
4123 wpa_printf(MSG_DEBUG, "FILS: TK configuration failed");
4124 ap_sta_disconnect(hapd, sta, sta->addr,
4125 WLAN_REASON_UNSPECIFIED);
4126 return;
4127 }
4128 #endif /* CONFIG_FILS */
4129
4130 if (sta->pending_eapol_rx) {
4131 struct os_reltime now, age;
4132
4133 os_get_reltime(&now);
4134 os_reltime_sub(&now, &sta->pending_eapol_rx->rx_time, &age);
4135 if (age.sec == 0 && age.usec < 200000) {
4136 wpa_printf(MSG_DEBUG,
4137 "Process pending EAPOL frame that was received from " MACSTR " just before association notification",
4138 MAC2STR(sta->addr));
4139 ieee802_1x_receive(
4140 hapd, mgmt->da,
4141 wpabuf_head(sta->pending_eapol_rx->buf),
4142 wpabuf_len(sta->pending_eapol_rx->buf));
4143 }
4144 wpabuf_free(sta->pending_eapol_rx->buf);
4145 os_free(sta->pending_eapol_rx);
4146 sta->pending_eapol_rx = NULL;
4147 }
4148 }
4149
4150
4151 static void handle_deauth_cb(struct hostapd_data *hapd,
4152 const struct ieee80211_mgmt *mgmt,
4153 size_t len, int ok)
4154 {
4155 struct sta_info *sta;
4156 if (is_multicast_ether_addr(mgmt->da))
4157 return;
4158 sta = ap_get_sta(hapd, mgmt->da);
4159 if (!sta) {
4160 wpa_printf(MSG_DEBUG, "handle_deauth_cb: STA " MACSTR
4161 " not found", MAC2STR(mgmt->da));
4162 return;
4163 }
4164 if (ok)
4165 wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged deauth",
4166 MAC2STR(sta->addr));
4167 else
4168 wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge "
4169 "deauth", MAC2STR(sta->addr));
4170
4171 ap_sta_deauth_cb(hapd, sta);
4172 }
4173
4174
4175 static void handle_disassoc_cb(struct hostapd_data *hapd,
4176 const struct ieee80211_mgmt *mgmt,
4177 size_t len, int ok)
4178 {
4179 struct sta_info *sta;
4180 if (is_multicast_ether_addr(mgmt->da))
4181 return;
4182 sta = ap_get_sta(hapd, mgmt->da);
4183 if (!sta) {
4184 wpa_printf(MSG_DEBUG, "handle_disassoc_cb: STA " MACSTR
4185 " not found", MAC2STR(mgmt->da));
4186 return;
4187 }
4188 if (ok)
4189 wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged disassoc",
4190 MAC2STR(sta->addr));
4191 else
4192 wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge "
4193 "disassoc", MAC2STR(sta->addr));
4194
4195 ap_sta_disassoc_cb(hapd, sta);
4196 }
4197
4198
4199 static void handle_action_cb(struct hostapd_data *hapd,
4200 const struct ieee80211_mgmt *mgmt,
4201 size_t len, int ok)
4202 {
4203 struct sta_info *sta;
4204 const struct rrm_measurement_report_element *report;
4205
4206 if (is_multicast_ether_addr(mgmt->da))
4207 return;
4208 #ifdef CONFIG_DPP
4209 if (len >= IEEE80211_HDRLEN + 6 &&
4210 mgmt->u.action.category == WLAN_ACTION_PUBLIC &&
4211 mgmt->u.action.u.vs_public_action.action ==
4212 WLAN_PA_VENDOR_SPECIFIC &&
4213 WPA_GET_BE24(mgmt->u.action.u.vs_public_action.oui) ==
4214 OUI_WFA &&
4215 mgmt->u.action.u.vs_public_action.variable[0] ==
4216 DPP_OUI_TYPE) {
4217 const u8 *pos, *end;
4218
4219 pos = &mgmt->u.action.u.vs_public_action.variable[1];
4220 end = ((const u8 *) mgmt) + len;
4221 hostapd_dpp_tx_status(hapd, mgmt->da, pos, end - pos, ok);
4222 return;
4223 }
4224 if (len >= IEEE80211_HDRLEN + 2 &&
4225 mgmt->u.action.category == WLAN_ACTION_PUBLIC &&
4226 (mgmt->u.action.u.public_action.action ==
4227 WLAN_PA_GAS_INITIAL_REQ ||
4228 mgmt->u.action.u.public_action.action ==
4229 WLAN_PA_GAS_COMEBACK_REQ)) {
4230 const u8 *pos, *end;
4231
4232 pos = mgmt->u.action.u.public_action.variable;
4233 end = ((const u8 *) mgmt) + len;
4234 gas_query_ap_tx_status(hapd->gas, mgmt->da, pos, end - pos, ok);
4235 return;
4236 }
4237 #endif /* CONFIG_DPP */
4238 sta = ap_get_sta(hapd, mgmt->da);
4239 if (!sta) {
4240 wpa_printf(MSG_DEBUG, "handle_action_cb: STA " MACSTR
4241 " not found", MAC2STR(mgmt->da));
4242 return;
4243 }
4244
4245 if (len < 24 + 5 + sizeof(*report))
4246 return;
4247 report = (const struct rrm_measurement_report_element *)
4248 &mgmt->u.action.u.rrm.variable[2];
4249 if (mgmt->u.action.category == WLAN_ACTION_RADIO_MEASUREMENT &&
4250 mgmt->u.action.u.rrm.action == WLAN_RRM_RADIO_MEASUREMENT_REQUEST &&
4251 report->eid == WLAN_EID_MEASURE_REQUEST &&
4252 report->len >= 3 &&
4253 report->type == MEASURE_TYPE_BEACON)
4254 hostapd_rrm_beacon_req_tx_status(hapd, mgmt, len, ok);
4255 }
4256
4257
4258 /**
4259 * ieee802_11_mgmt_cb - Process management frame TX status callback
4260 * @hapd: hostapd BSS data structure (the BSS from which the management frame
4261 * was sent from)
4262 * @buf: management frame data (starting from IEEE 802.11 header)
4263 * @len: length of frame data in octets
4264 * @stype: management frame subtype from frame control field
4265 * @ok: Whether the frame was ACK'ed
4266 */
4267 void ieee802_11_mgmt_cb(struct hostapd_data *hapd, const u8 *buf, size_t len,
4268 u16 stype, int ok)
4269 {
4270 const struct ieee80211_mgmt *mgmt;
4271 mgmt = (const struct ieee80211_mgmt *) buf;
4272
4273 #ifdef CONFIG_TESTING_OPTIONS
4274 if (hapd->ext_mgmt_frame_handling) {
4275 size_t hex_len = 2 * len + 1;
4276 char *hex = os_malloc(hex_len);
4277
4278 if (hex) {
4279 wpa_snprintf_hex(hex, hex_len, buf, len);
4280 wpa_msg(hapd->msg_ctx, MSG_INFO,
4281 "MGMT-TX-STATUS stype=%u ok=%d buf=%s",
4282 stype, ok, hex);
4283 os_free(hex);
4284 }
4285 return;
4286 }
4287 #endif /* CONFIG_TESTING_OPTIONS */
4288
4289 switch (stype) {
4290 case WLAN_FC_STYPE_AUTH:
4291 wpa_printf(MSG_DEBUG, "mgmt::auth cb");
4292 handle_auth_cb(hapd, mgmt, len, ok);
4293 break;
4294 case WLAN_FC_STYPE_ASSOC_RESP:
4295 wpa_printf(MSG_DEBUG, "mgmt::assoc_resp cb");
4296 handle_assoc_cb(hapd, mgmt, len, 0, ok);
4297 break;
4298 case WLAN_FC_STYPE_REASSOC_RESP:
4299 wpa_printf(MSG_DEBUG, "mgmt::reassoc_resp cb");
4300 handle_assoc_cb(hapd, mgmt, len, 1, ok);
4301 break;
4302 case WLAN_FC_STYPE_PROBE_RESP:
4303 wpa_printf(MSG_EXCESSIVE, "mgmt::proberesp cb ok=%d", ok);
4304 break;
4305 case WLAN_FC_STYPE_DEAUTH:
4306 wpa_printf(MSG_DEBUG, "mgmt::deauth cb");
4307 handle_deauth_cb(hapd, mgmt, len, ok);
4308 break;
4309 case WLAN_FC_STYPE_DISASSOC:
4310 wpa_printf(MSG_DEBUG, "mgmt::disassoc cb");
4311 handle_disassoc_cb(hapd, mgmt, len, ok);
4312 break;
4313 case WLAN_FC_STYPE_ACTION:
4314 wpa_printf(MSG_DEBUG, "mgmt::action cb ok=%d", ok);
4315 handle_action_cb(hapd, mgmt, len, ok);
4316 break;
4317 default:
4318 wpa_printf(MSG_INFO, "unknown mgmt cb frame subtype %d", stype);
4319 break;
4320 }
4321 }
4322
4323
4324 int ieee802_11_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen)
4325 {
4326 /* TODO */
4327 return 0;
4328 }
4329
4330
4331 int ieee802_11_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta,
4332 char *buf, size_t buflen)
4333 {
4334 /* TODO */
4335 return 0;
4336 }
4337
4338
4339 void hostapd_tx_status(struct hostapd_data *hapd, const u8 *addr,
4340 const u8 *buf, size_t len, int ack)
4341 {
4342 struct sta_info *sta;
4343 struct hostapd_iface *iface = hapd->iface;
4344
4345 sta = ap_get_sta(hapd, addr);
4346 if (sta == NULL && iface->num_bss > 1) {
4347 size_t j;
4348 for (j = 0; j < iface->num_bss; j++) {
4349 hapd = iface->bss[j];
4350 sta = ap_get_sta(hapd, addr);
4351 if (sta)
4352 break;
4353 }
4354 }
4355 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC))
4356 return;
4357 if (sta->flags & WLAN_STA_PENDING_POLL) {
4358 wpa_printf(MSG_DEBUG, "STA " MACSTR " %s pending "
4359 "activity poll", MAC2STR(sta->addr),
4360 ack ? "ACKed" : "did not ACK");
4361 if (ack)
4362 sta->flags &= ~WLAN_STA_PENDING_POLL;
4363 }
4364
4365 ieee802_1x_tx_status(hapd, sta, buf, len, ack);
4366 }
4367
4368
4369 void hostapd_eapol_tx_status(struct hostapd_data *hapd, const u8 *dst,
4370 const u8 *data, size_t len, int ack)
4371 {
4372 struct sta_info *sta;
4373 struct hostapd_iface *iface = hapd->iface;
4374
4375 sta = ap_get_sta(hapd, dst);
4376 if (sta == NULL && iface->num_bss > 1) {
4377 size_t j;
4378 for (j = 0; j < iface->num_bss; j++) {
4379 hapd = iface->bss[j];
4380 sta = ap_get_sta(hapd, dst);
4381 if (sta)
4382 break;
4383 }
4384 }
4385 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) {
4386 wpa_printf(MSG_DEBUG, "Ignore TX status for Data frame to STA "
4387 MACSTR " that is not currently associated",
4388 MAC2STR(dst));
4389 return;
4390 }
4391
4392 ieee802_1x_eapol_tx_status(hapd, sta, data, len, ack);
4393 }
4394
4395
4396 void hostapd_client_poll_ok(struct hostapd_data *hapd, const u8 *addr)
4397 {
4398 struct sta_info *sta;
4399 struct hostapd_iface *iface = hapd->iface;
4400
4401 sta = ap_get_sta(hapd, addr);
4402 if (sta == NULL && iface->num_bss > 1) {
4403 size_t j;
4404 for (j = 0; j < iface->num_bss; j++) {
4405 hapd = iface->bss[j];
4406 sta = ap_get_sta(hapd, addr);
4407 if (sta)
4408 break;
4409 }
4410 }
4411 if (sta == NULL)
4412 return;
4413 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POLL_OK MACSTR,
4414 MAC2STR(sta->addr));
4415 if (!(sta->flags & WLAN_STA_PENDING_POLL))
4416 return;
4417
4418 wpa_printf(MSG_DEBUG, "STA " MACSTR " ACKed pending "
4419 "activity poll", MAC2STR(sta->addr));
4420 sta->flags &= ~WLAN_STA_PENDING_POLL;
4421 }
4422
4423
4424 void ieee802_11_rx_from_unknown(struct hostapd_data *hapd, const u8 *src,
4425 int wds)
4426 {
4427 struct sta_info *sta;
4428
4429 sta = ap_get_sta(hapd, src);
4430 if (sta &&
4431 ((sta->flags & WLAN_STA_ASSOC) ||
4432 ((sta->flags & WLAN_STA_ASSOC_REQ_OK) && wds))) {
4433 if (!hapd->conf->wds_sta)
4434 return;
4435
4436 if ((sta->flags & (WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK)) ==
4437 WLAN_STA_ASSOC_REQ_OK) {
4438 wpa_printf(MSG_DEBUG,
4439 "Postpone 4-address WDS mode enabling for STA "
4440 MACSTR " since TX status for AssocResp is not yet known",
4441 MAC2STR(sta->addr));
4442 sta->pending_wds_enable = 1;
4443 return;
4444 }
4445
4446 if (wds && !(sta->flags & WLAN_STA_WDS)) {
4447 int ret;
4448 char ifname_wds[IFNAMSIZ + 1];
4449
4450 wpa_printf(MSG_DEBUG, "Enable 4-address WDS mode for "
4451 "STA " MACSTR " (aid %u)",
4452 MAC2STR(sta->addr), sta->aid);
4453 sta->flags |= WLAN_STA_WDS;
4454 ret = hostapd_set_wds_sta(hapd, ifname_wds,
4455 sta->addr, sta->aid, 1);
4456 if (!ret)
4457 hostapd_set_wds_encryption(hapd, sta,
4458 ifname_wds);
4459 }
4460 return;
4461 }
4462
4463 wpa_printf(MSG_DEBUG, "Data/PS-poll frame from not associated STA "
4464 MACSTR, MAC2STR(src));
4465 if (is_multicast_ether_addr(src)) {
4466 /* Broadcast bit set in SA?! Ignore the frame silently. */
4467 return;
4468 }
4469
4470 if (sta && (sta->flags & WLAN_STA_ASSOC_REQ_OK)) {
4471 wpa_printf(MSG_DEBUG, "Association Response to the STA has "
4472 "already been sent, but no TX status yet known - "
4473 "ignore Class 3 frame issue with " MACSTR,
4474 MAC2STR(src));
4475 return;
4476 }
4477
4478 if (sta && (sta->flags & WLAN_STA_AUTH))
4479 hostapd_drv_sta_disassoc(
4480 hapd, src,
4481 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
4482 else
4483 hostapd_drv_sta_deauth(
4484 hapd, src,
4485 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
4486 }
4487
4488
4489 #endif /* CONFIG_NATIVE_WINDOWS */
Unnamed repository; edit this file 'description' to name the repository.