]> git.ipfire.org Git - thirdparty/hostap.git/blame - wpa_supplicant/sme.c
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
SAE: Check hmac_sha256() result in sae_token_hash()
[thirdparty/hostap.git] / wpa_supplicant / sme.c
CommitLineData
c2a04078
JM		 1/*
2 * wpa_supplicant - SME
6ac4b15e 3 * Copyright (c) 2009-2014, Jouni Malinen <j@w1.fi>
c2a04078 4 *
0f3d578e
JM		 5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
c2a04078
JM		 7 */
8
9#include "includes.h"
10
11#include "common.h"
7d878ca7 12#include "utils/eloop.h"
90973fb2 13#include "common/ieee802_11_defs.h"
d9a27b04 14#include "common/ieee802_11_common.h"
f9da7505 15#include "common/ocv.h"
3204795d 16#include "common/hw_features_common.h"
c2a04078 17#include "eapol_supp/eapol_supp_sm.h"
90973fb2 18#include "common/wpa_common.h"
98efcc41 19#include "common/sae.h"
10ec6a5f 20#include "common/dpp.h"
3acb5005
JM		 21#include "rsn_supp/wpa.h"
22#include "rsn_supp/pmksa_cache.h"
c2a04078
JM		 23#include "config.h"
24#include "wpa_supplicant_i.h"
2d5b792d 25#include "driver_i.h"
c2a04078
JM		 26#include "wpas_glue.h"
27#include "wps_supplicant.h"
5f3a6aa0 28#include "p2p_supplicant.h"
8bac466b 29#include "notify.h"
6fa81a3b 30#include "bss.h"
9ba9fa07 31#include "scan.h"
c2a04078 32#include "sme.h"
cb418324 33#include "hs20_supplicant.h"
c2a04078 34
e29853bb
BG		 35#define SME_AUTH_TIMEOUT 5
36#define SME_ASSOC_TIMEOUT 5
37
38static void sme_auth_timer(void *eloop_ctx, void *timeout_ctx);
39static void sme_assoc_timer(void *eloop_ctx, void *timeout_ctx);
c3701c66 40static void sme_obss_scan_timeout(void *eloop_ctx, void *timeout_ctx);
e29853bb 41static void sme_stop_sa_query(struct wpa_supplicant *wpa_s);
e29853bb
BG		 42
43
c10347f2
JM		 44#ifdef CONFIG_SAE
45
625f202a
JM		 46static int index_within_array(const int *array, int idx)
47{
48 int i;
49 for (i = 0; i < idx; i++) {
18ca7332 50 if (array[i] <= 0)
625f202a
JM		 51 return 0;
52 }
53 return 1;
54}
55
56
57static int sme_set_sae_group(struct wpa_supplicant *wpa_s)
58{
59 int *groups = wpa_s->conf->sae_groups;
a9fe1303 60 int default_groups[] = { 19, 20, 21, 0 };
625f202a 61
18ca7332 62 if (!groups || groups[0] <= 0)
625f202a
JM		 63 groups = default_groups;
64
65 /* Configuration may have changed, so validate current index */
66 if (!index_within_array(groups, wpa_s->sme.sae_group_index))
67 return -1;
68
69 for (;;) {
70 int group = groups[wpa_s->sme.sae_group_index];
04e6c4cc 71 if (group <= 0)
625f202a
JM		 72 break;
73 if (sae_set_group(&wpa_s->sme.sae, group) == 0) {
74 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Selected SAE group %d",
75 wpa_s->sme.sae.group);
3d1d4691 76 return 0;
625f202a
JM		 77 }
78 wpa_s->sme.sae_group_index++;
79 }
80
81 return -1;
82}
83
84
8e31e955
JM		 85static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
86 struct wpa_ssid *ssid,
fd830891 87 const u8 *bssid, int external,
cfe1ea5c 88 int reuse, int *ret_use_pt)
c10347f2
JM		 89{
90 struct wpabuf *buf;
d136c376 91 size_t len;
a34ca59e 92 const char *password;
cfe1ea5c
JM		 93 struct wpa_bss *bss;
94 int use_pt = 0;
95
96 if (ret_use_pt)
97 *ret_use_pt = 0;
c10347f2 98
a0f19e9c
JM		 99#ifdef CONFIG_TESTING_OPTIONS
100 if (wpa_s->sae_commit_override) {
101 wpa_printf(MSG_DEBUG, "SAE: TESTING - commit override");
102 buf = wpabuf_alloc(4 + wpabuf_len(wpa_s->sae_commit_override));
103 if (!buf)
104 return NULL;
be609c6f
JM		 105 if (!external) {
106 wpabuf_put_le16(buf, 1); /* Transaction seq# */
107 wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS);
108 }
a0f19e9c
JM		 109 wpabuf_put_buf(buf, wpa_s->sae_commit_override);
110 return buf;
111 }
112#endif /* CONFIG_TESTING_OPTIONS */
113
a34ca59e
JM		 114 password = ssid->sae_password;
115 if (!password)
116 password = ssid->passphrase;
117 if (!password) {
8e31e955
JM		 118 wpa_printf(MSG_DEBUG, "SAE: No password available");
119 return NULL;
120 }
121
fd830891
JM		 122 if (reuse && wpa_s->sme.sae.tmp &&
123 os_memcmp(bssid, wpa_s->sme.sae.tmp->bssid, ETH_ALEN) == 0) {
124 wpa_printf(MSG_DEBUG,
125 "SAE: Reuse previously generated PWE on a retry with the same AP");
cfe1ea5c 126 use_pt = wpa_s->sme.sae.tmp->h2e;
fd830891
JM		 127 goto reuse_data;
128 }
625f202a
JM		 129 if (sme_set_sae_group(wpa_s) < 0) {
130 wpa_printf(MSG_DEBUG, "SAE: Failed to select group");
a46d72d7 131 return NULL;
625f202a 132 }
a46d72d7 133
641d79f1 134 if (ssid->sae_password_id && wpa_s->conf->sae_pwe != 3)
e36a5894
JM		 135 use_pt = 1;
136
137 if (use_pt || wpa_s->conf->sae_pwe == 1 || wpa_s->conf->sae_pwe == 2) {
cfe1ea5c
JM		 138 bss = wpa_bss_get_bssid_latest(wpa_s, bssid);
139 if (bss) {
140 const u8 *rsnxe;
141
142 rsnxe = wpa_bss_get_ie(bss, WLAN_EID_RSNX);
143 if (rsnxe && rsnxe[1] >= 1)
144 use_pt = !!(rsnxe[2] &
145 BIT(WLAN_RSNX_CAPAB_SAE_H2E));
146 }
147
e36a5894 148 if ((wpa_s->conf->sae_pwe == 1 || ssid->sae_password_id) &&
641d79f1 149 wpa_s->conf->sae_pwe != 3 &&
e36a5894 150 !use_pt) {
cfe1ea5c
JM		 151 wpa_printf(MSG_DEBUG,
152 "SAE: Cannot use H2E with the selected AP");
153 return NULL;
154 }
155 }
156
157 if (use_pt &&
158 sae_prepare_commit_pt(&wpa_s->sme.sae, ssid->pt,
159 wpa_s->own_addr, bssid,
160 wpa_s->sme.sae_rejected_groups) < 0)
161 return NULL;
162 if (!use_pt &&
163 sae_prepare_commit(wpa_s->own_addr, bssid,
a34ca59e 164 (u8 *) password, os_strlen(password),
9be19d0b 165 ssid->sae_password_id,
8e31e955
JM		 166 &wpa_s->sme.sae) < 0) {
167 wpa_printf(MSG_DEBUG, "SAE: Could not pick PWE");
168 return NULL;
169 }
fd830891
JM		 170 if (wpa_s->sme.sae.tmp)
171 os_memcpy(wpa_s->sme.sae.tmp->bssid, bssid, ETH_ALEN);
8e31e955 172
fd830891 173reuse_data:
5e32fb01 174 len = wpa_s->sme.sae_token ? 3 + wpabuf_len(wpa_s->sme.sae_token) : 0;
9be19d0b
JM		 175 if (ssid->sae_password_id)
176 len += 4 + os_strlen(ssid->sae_password_id);
d136c376 177 buf = wpabuf_alloc(4 + SAE_COMMIT_MAX_LEN + len);
c10347f2
JM		 178 if (buf == NULL)
179 return NULL;
5ff39c13
SD		 180 if (!external) {
181 wpabuf_put_le16(buf, 1); /* Transaction seq# */
cfe1ea5c
JM		 182 wpabuf_put_le16(buf, use_pt ? WLAN_STATUS_SAE_HASH_TO_ELEMENT :
183 WLAN_STATUS_SUCCESS);
5ff39c13 184 }
9be19d0b
JM		 185 sae_write_commit(&wpa_s->sme.sae, buf, wpa_s->sme.sae_token,
186 ssid->sae_password_id);
cfe1ea5c
JM		 187 if (ret_use_pt)
188 *ret_use_pt = use_pt;
c10347f2
JM		 189
190 return buf;
191}
192
193
5ff39c13
SD		 194static struct wpabuf * sme_auth_build_sae_confirm(struct wpa_supplicant *wpa_s,
195 int external)
c10347f2
JM		 196{
197 struct wpabuf *buf;
198
fb8fcc29 199 buf = wpabuf_alloc(4 + SAE_CONFIRM_MAX_LEN);
c10347f2
JM		 200 if (buf == NULL)
201 return NULL;
202
5ff39c13
SD		 203 if (!external) {
204 wpabuf_put_le16(buf, 2); /* Transaction seq# */
205 wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS);
206 }
fb8fcc29 207 sae_write_confirm(&wpa_s->sme.sae, buf);
c10347f2
JM		 208
209 return buf;
210}
211
212#endif /* CONFIG_SAE */
213
214
b361d580
AK		 215/**
216 * sme_auth_handle_rrm - Handle RRM aspects of current authentication attempt
217 * @wpa_s: Pointer to wpa_supplicant data
218 * @bss: Pointer to the bss which is the target of authentication attempt
219 */
220static void sme_auth_handle_rrm(struct wpa_supplicant *wpa_s,
221 struct wpa_bss *bss)
222{
223 const u8 rrm_ie_len = 5;
224 u8 *pos;
225 const u8 *rrm_ie;
226
227 wpa_s->rrm.rrm_used = 0;
228
229 wpa_printf(MSG_DEBUG,
230 "RRM: Determining whether RRM can be used - device support: 0x%x",
231 wpa_s->drv_rrm_flags);
232
233 rrm_ie = wpa_bss_get_ie(bss, WLAN_EID_RRM_ENABLED_CAPABILITIES);
234 if (!rrm_ie || !(bss->caps & IEEE80211_CAP_RRM)) {
235 wpa_printf(MSG_DEBUG, "RRM: No RRM in network");
236 return;
237 }
238
00ed0aa2
BL		 239 if (!((wpa_s->drv_rrm_flags &
240 WPA_DRIVER_FLAGS_DS_PARAM_SET_IE_IN_PROBES) &&
241 (wpa_s->drv_rrm_flags & WPA_DRIVER_FLAGS_QUIET)) &&
242 !(wpa_s->drv_rrm_flags & WPA_DRIVER_FLAGS_SUPPORT_RRM)) {
b361d580
AK		 243 wpa_printf(MSG_DEBUG,
244 "RRM: Insufficient RRM support in driver - do not use RRM");
245 return;
246 }
247
849367af
JM		 248 if (sizeof(wpa_s->sme.assoc_req_ie) <
249 wpa_s->sme.assoc_req_ie_len + rrm_ie_len + 2) {
b361d580
AK		 250 wpa_printf(MSG_INFO,
251 "RRM: Unable to use RRM, no room for RRM IE");
252 return;
253 }
254
255 wpa_printf(MSG_DEBUG, "RRM: Adding RRM IE to Association Request");
256 pos = wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len;
b361d580
AK		 257 os_memset(pos, 0, 2 + rrm_ie_len);
258 *pos++ = WLAN_EID_RRM_ENABLED_CAPABILITIES;
259 *pos++ = rrm_ie_len;
70d1e728
AO		 260
261 /* Set supported capabilites flags */
262 if (wpa_s->drv_rrm_flags & WPA_DRIVER_FLAGS_TX_POWER_INSERTION)
263 *pos |= WLAN_RRM_CAPS_LINK_MEASUREMENT;
264
d7342014
JM		 265 *pos |= WLAN_RRM_CAPS_BEACON_REPORT_PASSIVE |
266 WLAN_RRM_CAPS_BEACON_REPORT_ACTIVE |
267 WLAN_RRM_CAPS_BEACON_REPORT_TABLE;
76196ddb 268
4a742011
DS		 269 if (wpa_s->lci)
270 pos[1] |= WLAN_RRM_CAPS_LCI_MEASUREMENT;
271
b361d580
AK		 272 wpa_s->sme.assoc_req_ie_len += rrm_ie_len + 2;
273 wpa_s->rrm.rrm_used = 1;
274}
275
276
215ae884
JM		 277static void sme_send_authentication(struct wpa_supplicant *wpa_s,
278 struct wpa_bss *bss, struct wpa_ssid *ssid,
279 int start)
c2a04078
JM		 280{
281 struct wpa_driver_auth_params params;
8bac466b 282 struct wpa_ssid *old_ssid;
fdbe50ed 283#ifdef CONFIG_IEEE80211R
c2a04078 284 const u8 *ie;
fdbe50ed 285#endif /* CONFIG_IEEE80211R */
af3e362f 286#if defined(CONFIG_IEEE80211R) || defined(CONFIG_FILS)
c2a04078 287 const u8 *md = NULL;
af3e362f 288#endif /* CONFIG_IEEE80211R || CONFIG_FILS */
200c7693 289 int bssid_changed;
c10347f2 290 struct wpabuf *resp = NULL;
0bbaa9b9 291 u8 ext_capab[18];
03e47c9c 292 int ext_capab_len;
59b416c7 293 int skip_auth;
170244a1
IP		 294 u8 *wpa_ie;
295 size_t wpa_ie_len;
077232f6
BL		 296#ifdef CONFIG_MBO
297 const u8 *mbo_ie;
298#endif /* CONFIG_MBO */
c2a04078
JM		 299
300 if (bss == NULL) {
f049052b
BG		 301 wpa_msg(wpa_s, MSG_ERROR, "SME: No scan result available for "
302 "the network");
6ac4b15e 303 wpas_connect_work_done(wpa_s);
c2a04078
JM		 304 return;
305 }
306
59b416c7
JM		 307 skip_auth = wpa_s->conf->reassoc_same_bss_optim &&
308 wpa_s->reassoc_same_bss;
8f770587
JM		 309 wpa_s->current_bss = bss;
310
c2a04078
JM		 311 os_memset(&params, 0, sizeof(params));
312 wpa_s->reassociate = 0;
313
314 params.freq = bss->freq;
315 params.bssid = bss->bssid;
6fa81a3b
JM		 316 params.ssid = bss->ssid;
317 params.ssid_len = bss->ssid_len;
2f4f73b1 318 params.p2p = ssid->p2p_group;
c2a04078 319
62fa124c
JM		 320 if (wpa_s->sme.ssid_len != params.ssid_len ||
321 os_memcmp(wpa_s->sme.ssid, params.ssid, params.ssid_len) != 0)
322 wpa_s->sme.prev_bssid_set = 0;
323
c2a04078
JM		 324 wpa_s->sme.freq = params.freq;
325 os_memcpy(wpa_s->sme.ssid, params.ssid, params.ssid_len);
326 wpa_s->sme.ssid_len = params.ssid_len;
327
abd9fafa 328 params.auth_alg = WPA_AUTH_ALG_OPEN;
c2a04078
JM		 329#ifdef IEEE8021X_EAPOL
330 if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
331 if (ssid->leap) {
332 if (ssid->non_leap == 0)
abd9fafa 333 params.auth_alg = WPA_AUTH_ALG_LEAP;
c2a04078 334 else
abd9fafa 335 params.auth_alg |= WPA_AUTH_ALG_LEAP;
c2a04078
JM		 336 }
337 }
338#endif /* IEEE8021X_EAPOL */
f049052b
BG		 339 wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x",
340 params.auth_alg);
c2a04078 341 if (ssid->auth_alg) {
abd9fafa 342 params.auth_alg = ssid->auth_alg;
f049052b
BG		 343 wpa_dbg(wpa_s, MSG_DEBUG, "Overriding auth_alg selection: "
344 "0x%x", params.auth_alg);
c2a04078 345 }
c10347f2 346#ifdef CONFIG_SAE
bc26ac50 347 wpa_s->sme.sae_pmksa_caching = 0;
c10347f2
JM		 348 if (wpa_key_mgmt_sae(ssid->key_mgmt)) {
349 const u8 *rsn;
350 struct wpa_ie_data ied;
351
352 rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
267ac3bc
JM		 353 if (!rsn) {
354 wpa_dbg(wpa_s, MSG_DEBUG,
355 "SAE enabled, but target BSS does not advertise RSN");
dd6c5980
JM		 356#ifdef CONFIG_DPP
357 } else if (wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ied) == 0 &&
358 (ssid->key_mgmt & WPA_KEY_MGMT_DPP) &&
359 (ied.key_mgmt & WPA_KEY_MGMT_DPP)) {
360 wpa_dbg(wpa_s, MSG_DEBUG, "Prefer DPP over SAE when both are enabled");
361#endif /* CONFIG_DPP */
267ac3bc
JM		 362 } else if (wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ied) == 0 &&
363 wpa_key_mgmt_sae(ied.key_mgmt)) {
364 wpa_dbg(wpa_s, MSG_DEBUG, "Using SAE auth_alg");
365 params.auth_alg = WPA_AUTH_ALG_SAE;
366 } else {
367 wpa_dbg(wpa_s, MSG_DEBUG,
368 "SAE enabled, but target BSS does not advertise SAE AKM for RSN");
c10347f2
JM		 369 }
370 }
371#endif /* CONFIG_SAE */
c2a04078 372
200c7693
JM		 373#ifdef CONFIG_WEP
374 {
375 int i;
376
377 for (i = 0; i < NUM_WEP_KEYS; i++) {
378 if (ssid->wep_key_len[i])
379 params.wep_key[i] = ssid->wep_key[i];
380 params.wep_key_len[i] = ssid->wep_key_len[i];
381 }
382 params.wep_tx_keyidx = ssid->wep_tx_keyidx;
a0b2f99b 383 }
200c7693 384#endif /* CONFIG_WEP */
a0b2f99b 385
f337f0e9
JM		 386 if ((wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
387 wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
0bf927a0 388 wpa_key_mgmt_wpa(ssid->key_mgmt)) {
c2a04078 389 int try_opportunistic;
869af307
JM		 390 const u8 *cache_id = NULL;
391
6e202021
JM		 392 try_opportunistic = (ssid->proactive_key_caching < 0 ?
393 wpa_s->conf->okc :
394 ssid->proactive_key_caching) &&
c2a04078 395 (ssid->proto & WPA_PROTO_RSN);
869af307
JM		 396#ifdef CONFIG_FILS
397 if (wpa_key_mgmt_fils(ssid->key_mgmt))
398 cache_id = wpa_bss_get_fils_cache_id(bss);
399#endif /* CONFIG_FILS */
c2a04078
JM		 400 if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
401 wpa_s->current_ssid,
852b2f27
JM		 402 try_opportunistic, cache_id,
403 0) == 0)
ba422613 404 eapol_sm_notify_pmkid_attempt(wpa_s->eapol);
c2a04078
JM		 405 wpa_s->sme.assoc_req_ie_len = sizeof(wpa_s->sme.assoc_req_ie);
406 if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
407 wpa_s->sme.assoc_req_ie,
408 &wpa_s->sme.assoc_req_ie_len)) {
f049052b
BG		 409 wpa_msg(wpa_s, MSG_WARNING, "SME: Failed to set WPA "
410 "key management and encryption suites");
6ac4b15e 411 wpas_connect_work_done(wpa_s);
c2a04078
JM		 412 return;
413 }
dc673aec
JM		 414#ifdef CONFIG_HS20
415 } else if (wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE) &&
416 (ssid->key_mgmt & WPA_KEY_MGMT_OSEN)) {
417 /* No PMKSA caching, but otherwise similar to RSN/WPA */
418 wpa_s->sme.assoc_req_ie_len = sizeof(wpa_s->sme.assoc_req_ie);
419 if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
420 wpa_s->sme.assoc_req_ie,
421 &wpa_s->sme.assoc_req_ie_len)) {
422 wpa_msg(wpa_s, MSG_WARNING, "SME: Failed to set WPA "
423 "key management and encryption suites");
424 wpas_connect_work_done(wpa_s);
425 return;
426 }
427#endif /* CONFIG_HS20 */
a3f7e518
JM		 428 } else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) &&
429 wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) {
430 /*
431 * Both WPA and non-WPA IEEE 802.1X enabled in configuration -
432 * use non-WPA since the scan results did not indicate that the
433 * AP is using WPA or WPA2.
434 */
435 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
436 wpa_s->sme.assoc_req_ie_len = 0;
0bf927a0 437 } else if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) {
c2a04078
JM		 438 wpa_s->sme.assoc_req_ie_len = sizeof(wpa_s->sme.assoc_req_ie);
439 if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
440 wpa_s->sme.assoc_req_ie,
441 &wpa_s->sme.assoc_req_ie_len)) {
f049052b
BG		 442 wpa_msg(wpa_s, MSG_WARNING, "SME: Failed to set WPA "
443 "key management and encryption suites (no "
444 "scan results)");
6ac4b15e 445 wpas_connect_work_done(wpa_s);
c2a04078
JM		 446 return;
447 }
448#ifdef CONFIG_WPS
449 } else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
450 struct wpabuf *wps_ie;
451 wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
452 if (wps_ie && wpabuf_len(wps_ie) <=
453 sizeof(wpa_s->sme.assoc_req_ie)) {
454 wpa_s->sme.assoc_req_ie_len = wpabuf_len(wps_ie);
455 os_memcpy(wpa_s->sme.assoc_req_ie, wpabuf_head(wps_ie),
456 wpa_s->sme.assoc_req_ie_len);
457 } else
458 wpa_s->sme.assoc_req_ie_len = 0;
459 wpabuf_free(wps_ie);
460 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
461#endif /* CONFIG_WPS */
462 } else {
463 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
464 wpa_s->sme.assoc_req_ie_len = 0;
465 }
466
170244a1
IP		 467 /* In case the WPA vendor IE is used, it should be placed after all the
468 * non-vendor IEs, as the lower layer expects the IEs to be ordered as
469 * defined in the standard. Store the WPA IE so it can later be
470 * inserted at the correct location.
471 */
472 wpa_ie = NULL;
473 wpa_ie_len = 0;
474 if (wpa_s->wpa_proto == WPA_PROTO_WPA) {
475 wpa_ie = os_memdup(wpa_s->sme.assoc_req_ie,
476 wpa_s->sme.assoc_req_ie_len);
477 if (wpa_ie) {
478 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Storing WPA IE");
479
480 wpa_ie_len = wpa_s->sme.assoc_req_ie_len;
481 wpa_s->sme.assoc_req_ie_len = 0;
482 } else {
483 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed copy WPA IE");
484 wpas_connect_work_done(wpa_s);
485 return;
486 }
487 }
488
c2a04078 489#ifdef CONFIG_IEEE80211R
6fa81a3b 490 ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
c2a04078
JM		 491 if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
492 md = ie + 2;
e7846b68 493 wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
322d328e
JM		 494 if (md && (!wpa_key_mgmt_ft(ssid->key_mgmt) ||
495 !wpa_key_mgmt_ft(wpa_s->key_mgmt)))
496 md = NULL;
c2a04078
JM		 497 if (md) {
498 /* Prepare for the next transition */
76b7981d 499 wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
c2a04078
JM		 500 }
501
af3e362f
JM		 502 if (md) {
503 wpa_dbg(wpa_s, MSG_DEBUG, "SME: FT mobility domain %02x%02x",
504 md[0], md[1]);
505
c2a04078
JM		 506 if (wpa_s->sme.assoc_req_ie_len + 5 <
507 sizeof(wpa_s->sme.assoc_req_ie)) {
508 struct rsn_mdie *mdie;
509 u8 *pos = wpa_s->sme.assoc_req_ie +
510 wpa_s->sme.assoc_req_ie_len;
511 *pos++ = WLAN_EID_MOBILITY_DOMAIN;
512 *pos++ = sizeof(*mdie);
513 mdie = (struct rsn_mdie *) pos;
514 os_memcpy(mdie->mobility_domain, md,
515 MOBILITY_DOMAIN_ID_LEN);
f4ec630d 516 mdie->ft_capab = md[MOBILITY_DOMAIN_ID_LEN];
c2a04078
JM		 517 wpa_s->sme.assoc_req_ie_len += 5;
518 }
519
f808bd59 520 if (wpa_s->sme.prev_bssid_set && wpa_s->sme.ft_used &&
0d7b4409
JM		 521 os_memcmp(md, wpa_s->sme.mobility_domain, 2) == 0 &&
522 wpa_sm_has_ptk(wpa_s->wpa)) {
f049052b
BG		 523 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Trying to use FT "
524 "over-the-air");
abd9fafa 525 params.auth_alg = WPA_AUTH_ALG_FT;
c2a04078
JM		 526 params.ie = wpa_s->sme.ft_ies;
527 params.ie_len = wpa_s->sme.ft_ies_len;
528 }
529 }
530#endif /* CONFIG_IEEE80211R */
531
3f56a2b7 532 wpa_s->sme.mfp = wpas_get_ssid_pmf(wpa_s, ssid);
62d49803 533 if (wpa_s->sme.mfp != NO_MGMT_FRAME_PROTECTION) {
6fa81a3b 534 const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
c2a04078
JM		 535 struct wpa_ie_data _ie;
536 if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &_ie) == 0 &&
537 _ie.capabilities &
538 (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
f049052b
BG		 539 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Selected AP supports "
540 "MFP: require MFP");
c2a04078
JM		 541 wpa_s->sme.mfp = MGMT_FRAME_PROTECTION_REQUIRED;
542 }
543 }
c2a04078 544
5f3a6aa0
JM		 545#ifdef CONFIG_P2P
546 if (wpa_s->global->p2p) {
547 u8 *pos;
548 size_t len;
549 int res;
5f3a6aa0
JM		 550 pos = wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len;
551 len = sizeof(wpa_s->sme.assoc_req_ie) -
552 wpa_s->sme.assoc_req_ie_len;
ffad8858
JM		 553 res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len,
554 ssid->p2p_group);
5f3a6aa0
JM		 555 if (res >= 0)
556 wpa_s->sme.assoc_req_ie_len += res;
557 }
558#endif /* CONFIG_P2P */
559
b36a3a65
AN		 560#ifdef CONFIG_FST
561 if (wpa_s->fst_ies) {
562 int fst_ies_len = wpabuf_len(wpa_s->fst_ies);
563
564 if (wpa_s->sme.assoc_req_ie_len + fst_ies_len <=
565 sizeof(wpa_s->sme.assoc_req_ie)) {
566 os_memcpy(wpa_s->sme.assoc_req_ie +
567 wpa_s->sme.assoc_req_ie_len,
568 wpabuf_head(wpa_s->fst_ies),
569 fst_ies_len);
570 wpa_s->sme.assoc_req_ie_len += fst_ies_len;
571 }
572 }
573#endif /* CONFIG_FST */
574
a0c38e5d
AS		 575 sme_auth_handle_rrm(wpa_s, bss);
576
065c029a 577 wpa_s->sme.assoc_req_ie_len += wpas_supp_op_class_ie(
cb828507 578 wpa_s, ssid, bss->freq,
065c029a 579 wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len,
580 sizeof(wpa_s->sme.assoc_req_ie) - wpa_s->sme.assoc_req_ie_len);
5e57ba25 581
cc9a2575
KV		 582 if (params.p2p)
583 wpa_drv_get_ext_capa(wpa_s, WPA_IF_P2P_CLIENT);
584 else
585 wpa_drv_get_ext_capa(wpa_s, WPA_IF_STATION);
586
0bbaa9b9
JM		 587 ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab,
588 sizeof(ext_capab));
03e47c9c 589 if (ext_capab_len > 0) {
92cbcf91
JM		 590 u8 *pos = wpa_s->sme.assoc_req_ie;
591 if (wpa_s->sme.assoc_req_ie_len > 0 && pos[0] == WLAN_EID_RSN)
592 pos += 2 + pos[1];
03e47c9c 593 os_memmove(pos + ext_capab_len, pos,
92cbcf91
JM		 594 wpa_s->sme.assoc_req_ie_len -
595 (pos - wpa_s->sme.assoc_req_ie));
03e47c9c
JM		 596 wpa_s->sme.assoc_req_ie_len += ext_capab_len;
597 os_memcpy(pos, ext_capab, ext_capab_len);
92cbcf91 598 }
92cbcf91 599
13256553
JM		 600#ifdef CONFIG_TESTING_OPTIONS
601 if (wpa_s->rsnxe_override_assoc &&
602 wpabuf_len(wpa_s->rsnxe_override_assoc) <=
603 sizeof(wpa_s->sme.assoc_req_ie) - wpa_s->sme.assoc_req_ie_len) {
604 wpa_printf(MSG_DEBUG, "TESTING: RSNXE AssocReq override");
605 os_memcpy(wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len,
606 wpabuf_head(wpa_s->rsnxe_override_assoc),
607 wpabuf_len(wpa_s->rsnxe_override_assoc));
608 wpa_s->sme.assoc_req_ie_len +=
609 wpabuf_len(wpa_s->rsnxe_override_assoc);
610 } else
611#endif /* CONFIG_TESTING_OPTIONS */
6d6c8877
JM		 612 if (wpa_s->rsnxe_len > 0 &&
613 wpa_s->rsnxe_len <=
614 sizeof(wpa_s->sme.assoc_req_ie) - wpa_s->sme.assoc_req_ie_len) {
615 os_memcpy(wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len,
616 wpa_s->rsnxe, wpa_s->rsnxe_len);
617 wpa_s->sme.assoc_req_ie_len += wpa_s->rsnxe_len;
618 }
619
c484b198
AS		 620#ifdef CONFIG_HS20
621 if (is_hs20_network(wpa_s, ssid, bss)) {
622 struct wpabuf *hs20;
623
4204669c 624 hs20 = wpabuf_alloc(20 + MAX_ROAMING_CONS_OI_LEN);
c484b198
AS		 625 if (hs20) {
626 int pps_mo_id = hs20_get_pps_mo_id(wpa_s, ssid);
627 size_t len;
628
ec2cf403
JM		 629 wpas_hs20_add_indication(hs20, pps_mo_id,
630 get_hs20_version(bss));
4204669c 631 wpas_hs20_add_roam_cons_sel(hs20, ssid);
c484b198
AS		 632 len = sizeof(wpa_s->sme.assoc_req_ie) -
633 wpa_s->sme.assoc_req_ie_len;
634 if (wpabuf_len(hs20) <= len) {
635 os_memcpy(wpa_s->sme.assoc_req_ie +
636 wpa_s->sme.assoc_req_ie_len,
637 wpabuf_head(hs20), wpabuf_len(hs20));
638 wpa_s->sme.assoc_req_ie_len += wpabuf_len(hs20);
639 }
640 wpabuf_free(hs20);
641 }
642 }
643#endif /* CONFIG_HS20 */
644
170244a1
IP		 645 if (wpa_ie) {
646 size_t len;
647
648 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Reinsert WPA IE");
649
650 len = sizeof(wpa_s->sme.assoc_req_ie) -
651 wpa_s->sme.assoc_req_ie_len;
652
653 if (len > wpa_ie_len) {
654 os_memcpy(wpa_s->sme.assoc_req_ie +
655 wpa_s->sme.assoc_req_ie_len,
656 wpa_ie, wpa_ie_len);
657 wpa_s->sme.assoc_req_ie_len += wpa_ie_len;
658 } else {
659 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Failed to add WPA IE");
660 }
661
662 os_free(wpa_ie);
663 }
664
d29fa3a7
JM		 665 if (wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ]) {
666 struct wpabuf *buf = wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ];
667 size_t len;
668
669 len = sizeof(wpa_s->sme.assoc_req_ie) -
670 wpa_s->sme.assoc_req_ie_len;
671 if (wpabuf_len(buf) <= len) {
672 os_memcpy(wpa_s->sme.assoc_req_ie +
673 wpa_s->sme.assoc_req_ie_len,
674 wpabuf_head(buf), wpabuf_len(buf));
675 wpa_s->sme.assoc_req_ie_len += wpabuf_len(buf);
676 }
677 }
678
92c6e2e3 679#ifdef CONFIG_MBO
077232f6 680 mbo_ie = wpa_bss_get_vendor_ie(bss, MBO_IE_VENDOR_TYPE);
2e06cef8 681 if (!wpa_s->disable_mbo_oce && mbo_ie) {
5e57ba25 682 int len;
92c6e2e3 683
5e57ba25
AS		 684 len = wpas_mbo_ie(wpa_s, wpa_s->sme.assoc_req_ie +
685 wpa_s->sme.assoc_req_ie_len,
686 sizeof(wpa_s->sme.assoc_req_ie) -
077232f6
BL		 687 wpa_s->sme.assoc_req_ie_len,
688 !!mbo_attr_from_mbo_ie(mbo_ie,
689 OCE_ATTR_ID_CAPA_IND));
5e57ba25
AS		 690 if (len >= 0)
691 wpa_s->sme.assoc_req_ie_len += len;
92c6e2e3
DS		 692 }
693#endif /* CONFIG_MBO */
694
c10347f2 695#ifdef CONFIG_SAE
59b416c7 696 if (!skip_auth && params.auth_alg == WPA_AUTH_ALG_SAE &&
869af307 697 pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid, ssid, 0,
ab3aebcc
JM		 698 NULL,
699 wpa_s->key_mgmt == WPA_KEY_MGMT_FT_SAE ?
700 WPA_KEY_MGMT_FT_SAE :
701 WPA_KEY_MGMT_SAE) == 0) {
bc26ac50
JM		 702 wpa_dbg(wpa_s, MSG_DEBUG,
703 "PMKSA cache entry found - try to use PMKSA caching instead of new SAE authentication");
06b1a104 704 wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
bc26ac50
JM		 705 params.auth_alg = WPA_AUTH_ALG_OPEN;
706 wpa_s->sme.sae_pmksa_caching = 1;
707 }
708
59b416c7 709 if (!skip_auth && params.auth_alg == WPA_AUTH_ALG_SAE) {
c10347f2 710 if (start)
8e31e955 711 resp = sme_auth_build_sae_commit(wpa_s, ssid,
fd830891 712 bss->bssid, 0,
cfe1ea5c 713 start == 2, NULL);
c10347f2 714 else
5ff39c13 715 resp = sme_auth_build_sae_confirm(wpa_s, 0);
6ac4b15e 716 if (resp == NULL) {
81648d00 717 wpas_connection_failed(wpa_s, bss->bssid);
c10347f2 718 return;
6ac4b15e 719 }
ce16c489
JM		 720 params.auth_data = wpabuf_head(resp);
721 params.auth_data_len = wpabuf_len(resp);
dd43026a 722 wpa_s->sme.sae.state = start ? SAE_COMMITTED : SAE_CONFIRMED;
c10347f2
JM		 723 }
724#endif /* CONFIG_SAE */
725
af670cb4
JM		 726 bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
727 os_memset(wpa_s->bssid, 0, ETH_ALEN);
728 os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
729 if (bssid_changed)
730 wpas_notify_bssid_changed(wpa_s);
731
f00b9b88
JM		 732 old_ssid = wpa_s->current_ssid;
733 wpa_s->current_ssid = ssid;
734 wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
735 wpa_supplicant_initiate_eapol(wpa_s);
736
737#ifdef CONFIG_FILS
738 /* TODO: FILS operations can in some cases be done between different
739 * network_ctx (i.e., same credentials can be used with multiple
740 * networks). */
741 if (params.auth_alg == WPA_AUTH_ALG_OPEN &&
742 wpa_key_mgmt_fils(ssid->key_mgmt)) {
64983516
JM		 743 const u8 *indic;
744 u16 fils_info;
af835d75
AB		 745 const u8 *realm, *username, *rrk;
746 size_t realm_len, username_len, rrk_len;
747 u16 next_seq_num;
64983516
JM		 748
749 /*
750 * Check FILS Indication element (FILS Information field) bits
751 * indicating supported authentication algorithms against local
752 * configuration (ssid->fils_dh_group). Try to use FILS
753 * authentication only if the AP supports the combination in the
754 * network profile. */
755 indic = wpa_bss_get_ie(bss, WLAN_EID_FILS_INDICATION);
756 if (!indic || indic[1] < 2) {
757 wpa_printf(MSG_DEBUG, "SME: " MACSTR
758 " does not include FILS Indication element - cannot use FILS authentication with it",
759 MAC2STR(bss->bssid));
760 goto no_fils;
761 }
762
763 fils_info = WPA_GET_LE16(indic + 2);
764 if (ssid->fils_dh_group == 0 && !(fils_info & BIT(9))) {
765 wpa_printf(MSG_DEBUG, "SME: " MACSTR
766 " does not support FILS SK without PFS - cannot use FILS authentication with it",
767 MAC2STR(bss->bssid));
768 goto no_fils;
769 }
770 if (ssid->fils_dh_group != 0 && !(fils_info & BIT(10))) {
771 wpa_printf(MSG_DEBUG, "SME: " MACSTR
772 " does not support FILS SK with PFS - cannot use FILS authentication with it",
773 MAC2STR(bss->bssid));
774 goto no_fils;
775 }
776
af835d75
AB		 777 if (wpa_s->last_con_fail_realm &&
778 eapol_sm_get_erp_info(wpa_s->eapol, &ssid->eap,
779 &username, &username_len,
780 &realm, &realm_len, &next_seq_num,
781 &rrk, &rrk_len) == 0 &&
782 realm && realm_len == wpa_s->last_con_fail_realm_len &&
783 os_memcmp(realm, wpa_s->last_con_fail_realm,
784 realm_len) == 0) {
785 wpa_printf(MSG_DEBUG,
786 "SME: FILS authentication for this realm failed last time - try to regenerate ERP key hierarchy");
787 goto no_fils;
788 }
789
f00b9b88 790 if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
869af307 791 ssid, 0,
852b2f27
JM		 792 wpa_bss_get_fils_cache_id(bss),
793 0) == 0)
f00b9b88
JM		 794 wpa_printf(MSG_DEBUG,
795 "SME: Try to use FILS with PMKSA caching");
af3e362f 796 resp = fils_build_auth(wpa_s->wpa, ssid->fils_dh_group, md);
f00b9b88 797 if (resp) {
76e20f4f
JM		 798 int auth_alg;
799
800 if (ssid->fils_dh_group)
801 wpa_printf(MSG_DEBUG,
802 "SME: Try to use FILS SK authentication with PFS (DH Group %u)",
803 ssid->fils_dh_group);
804 else
805 wpa_printf(MSG_DEBUG,
806 "SME: Try to use FILS SK authentication without PFS");
807 auth_alg = ssid->fils_dh_group ?
808 WPA_AUTH_ALG_FILS_SK_PFS : WPA_AUTH_ALG_FILS;
809 params.auth_alg = auth_alg;
f00b9b88
JM		 810 params.auth_data = wpabuf_head(resp);
811 params.auth_data_len = wpabuf_len(resp);
76e20f4f 812 wpa_s->sme.auth_alg = auth_alg;
f00b9b88
JM		 813 }
814 }
64983516 815no_fils:
f00b9b88
JM		 816#endif /* CONFIG_FILS */
817
a4cba8f1 818 wpa_supplicant_cancel_sched_scan(wpa_s);
c2a04078
JM		 819 wpa_supplicant_cancel_scan(wpa_s);
820
f049052b 821 wpa_msg(wpa_s, MSG_INFO, "SME: Trying to authenticate with " MACSTR
c2a04078
JM		 822 " (SSID='%s' freq=%d MHz)", MAC2STR(params.bssid),
823 wpa_ssid_txt(params.ssid, params.ssid_len), params.freq);
824
6aea02e5 825 eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
c2a04078
JM		 826 wpa_clear_keys(wpa_s, bss->bssid);
827 wpa_supplicant_set_state(wpa_s, WPA_AUTHENTICATING);
8bac466b
JM		 828 if (old_ssid != wpa_s->current_ssid)
829 wpas_notify_network_changed(wpa_s);
c2a04078 830
ece4ac5f
MG		 831#ifdef CONFIG_HS20
832 hs20_configure_frame_filters(wpa_s);
833#endif /* CONFIG_HS20 */
834
d0df6437
IP		 835#ifdef CONFIG_P2P
836 /*
837 * If multi-channel concurrency is not supported, check for any
838 * frequency conflict. In case of any frequency conflict, remove the
839 * least prioritized connection.
840 */
841 if (wpa_s->num_multichan_concurrent < 2) {
842 int freq, num;
843 num = get_shared_radio_freqs(wpa_s, &freq, 1);
844 if (num > 0 && freq > 0 && freq != params.freq) {
845 wpa_printf(MSG_DEBUG,
846 "Conflicting frequency found (%d != %d)",
847 freq, params.freq);
848 if (wpas_p2p_handle_frequency_conflicts(wpa_s,
849 params.freq,
850 ssid) < 0) {
851 wpas_connection_failed(wpa_s, bss->bssid);
852 wpa_supplicant_mark_disassoc(wpa_s);
853 wpabuf_free(resp);
854 wpas_connect_work_done(wpa_s);
855 return;
856 }
857 }
858 }
859#endif /* CONFIG_P2P */
860
59b416c7
JM		 861 if (skip_auth) {
862 wpa_msg(wpa_s, MSG_DEBUG,
863 "SME: Skip authentication step on reassoc-to-same-BSS");
864 wpabuf_free(resp);
865 sme_associate(wpa_s, ssid->mode, bss->bssid, WLAN_AUTH_OPEN);
866 return;
867 }
868
869
62c72d72 870 wpa_s->sme.auth_alg = params.auth_alg;
c2a04078 871 if (wpa_drv_authenticate(wpa_s, &params) < 0) {
f049052b 872 wpa_msg(wpa_s, MSG_INFO, "SME: Authentication request to the "
c2a04078 873 "driver failed");
ed57c590 874 wpas_connection_failed(wpa_s, bss->bssid);
1193dc8f 875 wpa_supplicant_mark_disassoc(wpa_s);
c10347f2 876 wpabuf_free(resp);
6ac4b15e 877 wpas_connect_work_done(wpa_s);
c2a04078
JM		 878 return;
879 }
880
e29853bb
BG		 881 eloop_register_timeout(SME_AUTH_TIMEOUT, 0, sme_auth_timer, wpa_s,
882 NULL);
c2a04078
JM		 883
884 /*
885 * Association will be started based on the authentication event from
886 * the driver.
887 */
c10347f2
JM		 888
889 wpabuf_free(resp);
890}
891
892
6ac4b15e
JM		 893static void sme_auth_start_cb(struct wpa_radio_work *work, int deinit)
894{
895 struct wpa_connect_work *cwork = work->ctx;
896 struct wpa_supplicant *wpa_s = work->wpa_s;
897
898 if (deinit) {
b3253ebb
AO		 899 if (work->started)
900 wpa_s->connect_work = NULL;
901
6ac4b15e
JM		 902 wpas_connect_work_free(cwork);
903 return;
904 }
905
906 wpa_s->connect_work = work;
907
a7f5271d 908 if (cwork->bss_removed ||
6108536d
HW		 909 !wpas_valid_bss_ssid(wpa_s, cwork->bss, cwork->ssid) ||
910 wpas_network_disabled(wpa_s, cwork->ssid)) {
6ac4b15e
JM		 911 wpa_dbg(wpa_s, MSG_DEBUG, "SME: BSS/SSID entry for authentication not valid anymore - drop connection attempt");
912 wpas_connect_work_done(wpa_s);
913 return;
914 }
915
2c2c5579
JM		 916 /* Starting new connection, so clear the possibly used WPA IE from the
917 * previous association. */
918 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
6d6c8877
JM		 919 wpa_sm_set_assoc_rsnxe(wpa_s->wpa, NULL, 0);
920 wpa_s->rsnxe_len = 0;
2c2c5579 921
6ac4b15e
JM		 922 sme_send_authentication(wpa_s, cwork->bss, cwork->ssid, 1);
923}
924
925
c10347f2
JM		 926void sme_authenticate(struct wpa_supplicant *wpa_s,
927 struct wpa_bss *bss, struct wpa_ssid *ssid)
928{
6ac4b15e
JM		 929 struct wpa_connect_work *cwork;
930
931 if (bss == NULL || ssid == NULL)
932 return;
933 if (wpa_s->connect_work) {
934 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Reject sme_authenticate() call since connect_work exist");
935 return;
936 }
937
f0e30c84 938 if (radio_work_pending(wpa_s, "sme-connect")) {
f1c4dbf5
IP		 939 /*
940 * The previous sme-connect work might no longer be valid due to
941 * the fact that the BSS list was updated. In addition, it makes
942 * sense to adhere to the 'newer' decision.
943 */
944 wpa_dbg(wpa_s, MSG_DEBUG,
945 "SME: Remove previous pending sme-connect");
946 radio_remove_works(wpa_s, "sme-connect", 0);
f0e30c84
JM		 947 }
948
4ead7cfd
KV		 949 wpas_abort_ongoing_scan(wpa_s);
950
6ac4b15e
JM		 951 cwork = os_zalloc(sizeof(*cwork));
952 if (cwork == NULL)
953 return;
954 cwork->bss = bss;
955 cwork->ssid = ssid;
956 cwork->sme = 1;
957
98efcc41 958#ifdef CONFIG_SAE
dd43026a 959 wpa_s->sme.sae.state = SAE_NOTHING;
98efcc41 960 wpa_s->sme.sae.send_confirm = 0;
18ca7332 961 wpa_s->sme.sae_group_index = 0;
98efcc41 962#endif /* CONFIG_SAE */
6ac4b15e
JM		 963
964 if (radio_add_work(wpa_s, bss->freq, "sme-connect", 1,
965 sme_auth_start_cb, cwork) < 0)
966 wpas_connect_work_free(cwork);
c2a04078
JM		 967}
968
969
c10347f2 970#ifdef CONFIG_SAE
21af6d15 971
5ff39c13
SD		 972static int sme_external_auth_build_buf(struct wpabuf *buf,
973 struct wpabuf *params,
974 const u8 *sa, const u8 *da,
cfe1ea5c
JM		 975 u16 auth_transaction, u16 seq_num,
976 u16 status_code)
5ff39c13
SD		 977{
978 struct ieee80211_mgmt *resp;
979
980 resp = wpabuf_put(buf, offsetof(struct ieee80211_mgmt,
981 u.auth.variable));
982
983 resp->frame_control = host_to_le16((WLAN_FC_TYPE_MGMT << 2) |
984 (WLAN_FC_STYPE_AUTH << 4));
985 os_memcpy(resp->da, da, ETH_ALEN);
986 os_memcpy(resp->sa, sa, ETH_ALEN);
987 os_memcpy(resp->bssid, da, ETH_ALEN);
fcb3f11e
AP		 988 resp->u.auth.auth_alg = host_to_le16(WLAN_AUTH_SAE);
989 resp->seq_ctrl = host_to_le16(seq_num << 4);
990 resp->u.auth.auth_transaction = host_to_le16(auth_transaction);
cfe1ea5c 991 resp->u.auth.status_code = host_to_le16(status_code);
5ff39c13
SD		 992 if (params)
993 wpabuf_put_buf(buf, params);
994
995 return 0;
996}
997
998
fb6ebd1c
SD		 999static int sme_external_auth_send_sae_commit(struct wpa_supplicant *wpa_s,
1000 const u8 *bssid,
1001 struct wpa_ssid *ssid)
5ff39c13
SD		 1002{
1003 struct wpabuf *resp, *buf;
cfe1ea5c 1004 int use_pt;
5ff39c13 1005
cfe1ea5c 1006 resp = sme_auth_build_sae_commit(wpa_s, ssid, bssid, 1, 0, &use_pt);
fb6ebd1c
SD		 1007 if (!resp) {
1008 wpa_printf(MSG_DEBUG, "SAE: Failed to build SAE commit");
1009 return -1;
1010 }
5ff39c13
SD		 1011
1012 wpa_s->sme.sae.state = SAE_COMMITTED;
1013 buf = wpabuf_alloc(4 + SAE_COMMIT_MAX_LEN + wpabuf_len(resp));
1014 if (!buf) {
1015 wpabuf_free(resp);
fb6ebd1c 1016 return -1;
5ff39c13
SD		 1017 }
1018
1019 wpa_s->sme.seq_num++;
1020 sme_external_auth_build_buf(buf, resp, wpa_s->own_addr,
cfe1ea5c
JM		 1021 bssid, 1, wpa_s->sme.seq_num,
1022 use_pt ? WLAN_STATUS_SAE_HASH_TO_ELEMENT :
1023 WLAN_STATUS_SUCCESS);
c4988e73 1024 wpa_drv_send_mlme(wpa_s, wpabuf_head(buf), wpabuf_len(buf), 1, 0, 0);
5ff39c13
SD		 1025 wpabuf_free(resp);
1026 wpabuf_free(buf);
fb6ebd1c
SD		 1027
1028 return 0;
5ff39c13
SD		 1029}
1030
1031
1032static void sme_send_external_auth_status(struct wpa_supplicant *wpa_s,
1033 u16 status)
1034{
1035 struct external_auth params;
1036
1037 os_memset(&params, 0, sizeof(params));
1038 params.status = status;
d42df8d6
JM		 1039 params.ssid = wpa_s->sme.ext_auth_ssid;
1040 params.ssid_len = wpa_s->sme.ext_auth_ssid_len;
1041 params.bssid = wpa_s->sme.ext_auth_bssid;
346d10cf
SD		 1042 if (wpa_s->conf->sae_pmkid_in_assoc && status == WLAN_STATUS_SUCCESS)
1043 params.pmkid = wpa_s->sme.sae.pmkid;
5ff39c13
SD		 1044 wpa_drv_send_external_auth_status(wpa_s, &params);
1045}
1046
1047
fb6ebd1c
SD		 1048static int sme_handle_external_auth_start(struct wpa_supplicant *wpa_s,
1049 union wpa_event_data *data)
5ff39c13
SD		 1050{
1051 struct wpa_ssid *ssid;
1052 size_t ssid_str_len = data->external_auth.ssid_len;
dd1a8cef 1053 const u8 *ssid_str = data->external_auth.ssid;
5ff39c13
SD		 1054
1055 /* Get the SSID conf from the ssid string obtained */
1056 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
1057 if (!wpas_network_disabled(wpa_s, ssid) &&
1058 ssid_str_len == ssid->ssid_len &&
18a0508a 1059 os_memcmp(ssid_str, ssid->ssid, ssid_str_len) == 0 &&
bcf19000 1060 (ssid->key_mgmt & (WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE)))
5ff39c13
SD		 1061 break;
1062 }
fb6ebd1c
SD		 1063 if (!ssid ||
1064 sme_external_auth_send_sae_commit(wpa_s, data->external_auth.bssid,
1065 ssid) < 0)
1066 return -1;
1067
1068 return 0;
5ff39c13
SD		 1069}
1070
1071
1072static void sme_external_auth_send_sae_confirm(struct wpa_supplicant *wpa_s,
1073 const u8 *da)
1074{
1075 struct wpabuf *resp, *buf;
1076
1077 resp = sme_auth_build_sae_confirm(wpa_s, 1);
1078 if (!resp) {
1079 wpa_printf(MSG_DEBUG, "SAE: Confirm message buf alloc failure");
1080 return;
1081 }
1082
1083 wpa_s->sme.sae.state = SAE_CONFIRMED;
1084 buf = wpabuf_alloc(4 + SAE_CONFIRM_MAX_LEN + wpabuf_len(resp));
1085 if (!buf) {
1086 wpa_printf(MSG_DEBUG, "SAE: Auth Confirm buf alloc failure");
1087 wpabuf_free(resp);
1088 return;
1089 }
1090 wpa_s->sme.seq_num++;
1091 sme_external_auth_build_buf(buf, resp, wpa_s->own_addr,
cfe1ea5c
JM		 1092 da, 2, wpa_s->sme.seq_num,
1093 WLAN_STATUS_SUCCESS);
c4988e73 1094 wpa_drv_send_mlme(wpa_s, wpabuf_head(buf), wpabuf_len(buf), 1, 0, 0);
5ff39c13
SD		 1095 wpabuf_free(resp);
1096 wpabuf_free(buf);
1097}
1098
1099
1100void sme_external_auth_trigger(struct wpa_supplicant *wpa_s,
1101 union wpa_event_data *data)
1102{
1103 if (RSN_SELECTOR_GET(&data->external_auth.key_mgmt_suite) !=
1104 RSN_AUTH_KEY_MGMT_SAE)
1105 return;
1106
1107 if (data->external_auth.action == EXT_AUTH_START) {
d42df8d6
JM		 1108 if (!data->external_auth.bssid || !data->external_auth.ssid)
1109 return;
1110 os_memcpy(wpa_s->sme.ext_auth_bssid, data->external_auth.bssid,
1111 ETH_ALEN);
1112 os_memcpy(wpa_s->sme.ext_auth_ssid, data->external_auth.ssid,
1113 data->external_auth.ssid_len);
1114 wpa_s->sme.ext_auth_ssid_len = data->external_auth.ssid_len;
5ff39c13
SD		 1115 wpa_s->sme.seq_num = 0;
1116 wpa_s->sme.sae.state = SAE_NOTHING;
1117 wpa_s->sme.sae.send_confirm = 0;
1118 wpa_s->sme.sae_group_index = 0;
fb6ebd1c
SD		 1119 if (sme_handle_external_auth_start(wpa_s, data) < 0)
1120 sme_send_external_auth_status(wpa_s,
1121 WLAN_STATUS_UNSPECIFIED_FAILURE);
5ff39c13
SD		 1122 } else if (data->external_auth.action == EXT_AUTH_ABORT) {
1123 /* Report failure to driver for the wrong trigger */
1124 sme_send_external_auth_status(wpa_s,
1125 WLAN_STATUS_UNSPECIFIED_FAILURE);
1126 }
1127}
1128
1129
444d76f7
JM		 1130static int sme_sae_is_group_enabled(struct wpa_supplicant *wpa_s, int group)
1131{
1132 int *groups = wpa_s->conf->sae_groups;
1133 int default_groups[] = { 19, 20, 21, 0 };
1134 int i;
1135
1136 if (!groups)
1137 groups = default_groups;
1138
1139 for (i = 0; groups[i] > 0; i++) {
1140 if (groups[i] == group)
1141 return 1;
1142 }
1143
1144 return 0;
1145}
1146
1147
1148static int sme_check_sae_rejected_groups(struct wpa_supplicant *wpa_s,
1149 const struct wpabuf *groups)
1150{
1151 size_t i, count;
1152 const u8 *pos;
1153
1154 if (!groups)
1155 return 0;
1156
1157 pos = wpabuf_head(groups);
1158 count = wpabuf_len(groups) / 2;
1159 for (i = 0; i < count; i++) {
1160 int enabled;
1161 u16 group;
1162
1163 group = WPA_GET_LE16(pos);
1164 pos += 2;
1165 enabled = sme_sae_is_group_enabled(wpa_s, group);
1166 wpa_printf(MSG_DEBUG, "SAE: Rejected group %u is %s",
1167 group, enabled ? "enabled" : "disabled");
1168 if (enabled)
1169 return 1;
1170 }
1171
1172 return 0;
1173}
1174
1175
c10347f2 1176static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
5ff39c13
SD		 1177 u16 status_code, const u8 *data, size_t len,
1178 int external, const u8 *sa)
c10347f2 1179{
a959a3b6
MH		 1180 int *groups;
1181
c10347f2
JM		 1182 wpa_dbg(wpa_s, MSG_DEBUG, "SME: SAE authentication transaction %u "
1183 "status code %u", auth_transaction, status_code);
c10347f2 1184
d136c376
JM		 1185 if (auth_transaction == 1 &&
1186 status_code == WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ &&
1187 wpa_s->sme.sae.state == SAE_COMMITTED &&
5ff39c13 1188 (external || wpa_s->current_bss) && wpa_s->current_ssid) {
a9fe1303 1189 int default_groups[] = { 19, 20, 21, 0 };
a959a3b6 1190 u16 group;
5e32fb01
JM		 1191 const u8 *token_pos;
1192 size_t token_len;
1193 int h2e = 0;
a959a3b6
MH		 1194
1195 groups = wpa_s->conf->sae_groups;
1196 if (!groups || groups[0] <= 0)
1197 groups = default_groups;
1198
5e32fb01
JM		 1199 wpa_hexdump(MSG_DEBUG, "SME: SAE anti-clogging token request",
1200 data, len);
a959a3b6
MH		 1201 if (len < sizeof(le16)) {
1202 wpa_dbg(wpa_s, MSG_DEBUG,
1203 "SME: Too short SAE anti-clogging token request");
1204 return -1;
1205 }
1206 group = WPA_GET_LE16(data);
1207 wpa_dbg(wpa_s, MSG_DEBUG,
1208 "SME: SAE anti-clogging token requested (group %u)",
1209 group);
1210 if (sae_group_allowed(&wpa_s->sme.sae, groups, group) !=
1211 WLAN_STATUS_SUCCESS) {
1212 wpa_dbg(wpa_s, MSG_ERROR,
1213 "SME: SAE group %u of anti-clogging request is invalid",
1214 group);
1215 return -1;
1216 }
d136c376 1217 wpabuf_free(wpa_s->sme.sae_token);
5e32fb01
JM		 1218 token_pos = data + sizeof(le16);
1219 token_len = len - sizeof(le16);
1220 if (wpa_s->sme.sae.tmp)
1221 h2e = wpa_s->sme.sae.tmp->h2e;
1222 if (h2e) {
1223 if (token_len < 3) {
1224 wpa_dbg(wpa_s, MSG_DEBUG,
1225 "SME: Too short SAE anti-clogging token container");
1226 return -1;
1227 }
1228 if (token_pos[0] != WLAN_EID_EXTENSION ||
1229 token_pos[1] == 0 ||
1230 token_pos[1] > token_len - 2 ||
1231 token_pos[2] != WLAN_EID_EXT_ANTI_CLOGGING_TOKEN) {
1232 wpa_dbg(wpa_s, MSG_DEBUG,
1233 "SME: Invalid SAE anti-clogging token container header");
1234 return -1;
1235 }
1236 token_len = token_pos[1] - 1;
1237 token_pos += 3;
1238 }
1239 wpa_s->sme.sae_token = wpabuf_alloc_copy(token_pos, token_len);
1240 wpa_hexdump_buf(MSG_DEBUG, "SME: Requested anti-clogging token",
1241 wpa_s->sme.sae_token);
5ff39c13
SD		 1242 if (!external)
1243 sme_send_authentication(wpa_s, wpa_s->current_bss,
fd830891 1244 wpa_s->current_ssid, 2);
5ff39c13
SD		 1245 else
1246 sme_external_auth_send_sae_commit(
d42df8d6 1247 wpa_s, wpa_s->sme.ext_auth_bssid,
5ff39c13 1248 wpa_s->current_ssid);
d136c376
JM		 1249 return 0;
1250 }
1251
625f202a
JM		 1252 if (auth_transaction == 1 &&
1253 status_code == WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED &&
1254 wpa_s->sme.sae.state == SAE_COMMITTED &&
5ff39c13 1255 (external || wpa_s->current_bss) && wpa_s->current_ssid) {
625f202a 1256 wpa_dbg(wpa_s, MSG_DEBUG, "SME: SAE group not supported");
447cd5f2
JM		 1257 int_array_add_unique(&wpa_s->sme.sae_rejected_groups,
1258 wpa_s->sme.sae.group);
625f202a
JM		 1259 wpa_s->sme.sae_group_index++;
1260 if (sme_set_sae_group(wpa_s) < 0)
1261 return -1; /* no other groups enabled */
1262 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Try next enabled SAE group");
5ff39c13
SD		 1263 if (!external)
1264 sme_send_authentication(wpa_s, wpa_s->current_bss,
1265 wpa_s->current_ssid, 1);
1266 else
1267 sme_external_auth_send_sae_commit(
d42df8d6 1268 wpa_s, wpa_s->sme.ext_auth_bssid,
5ff39c13 1269 wpa_s->current_ssid);
625f202a
JM		 1270 return 0;
1271 }
1272
9be19d0b
JM		 1273 if (auth_transaction == 1 &&
1274 status_code == WLAN_STATUS_UNKNOWN_PASSWORD_IDENTIFIER) {
1275 const u8 *bssid = sa ? sa : wpa_s->pending_bssid;
1276
1277 wpa_msg(wpa_s, MSG_INFO,
1278 WPA_EVENT_SAE_UNKNOWN_PASSWORD_IDENTIFIER MACSTR,
1279 MAC2STR(bssid));
1280 return -1;
1281 }
1282
cfe1ea5c
JM		 1283 if (status_code != WLAN_STATUS_SUCCESS &&
1284 status_code != WLAN_STATUS_SAE_HASH_TO_ELEMENT)
c10347f2
JM		 1285 return -1;
1286
1287 if (auth_transaction == 1) {
6a58444d
JM		 1288 u16 res;
1289
a959a3b6 1290 groups = wpa_s->conf->sae_groups;
18ca7332 1291
c10347f2 1292 wpa_dbg(wpa_s, MSG_DEBUG, "SME SAE commit");
5ff39c13 1293 if ((!external && wpa_s->current_bss == NULL) ||
c10347f2
JM		 1294 wpa_s->current_ssid == NULL)
1295 return -1;
1b5865a5
JM		 1296 if (wpa_s->sme.sae.state != SAE_COMMITTED) {
1297 wpa_printf(MSG_DEBUG,
1298 "SAE: Ignore commit message while waiting for confirm");
1299 return 0;
1300 }
ca1cecc5
JM		 1301 if (wpa_s->sme.sae.tmp && wpa_s->sme.sae.tmp->h2e &&
1302 status_code == WLAN_STATUS_SUCCESS) {
1303 wpa_printf(MSG_DEBUG,
1304 "SAE: Unexpected use of status code 0 in SAE commit when H2E was expected");
1305 return -1;
1306 }
1307 if (wpa_s->sme.sae.tmp && !wpa_s->sme.sae.tmp->h2e &&
1308 status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT) {
1309 wpa_printf(MSG_DEBUG,
1310 "SAE: Unexpected use of status code for H2E in SAE commit when H2E was not expected");
1311 return -1;
1312 }
1313
18ca7332
JM		 1314 if (groups && groups[0] <= 0)
1315 groups = NULL;
6a58444d 1316 res = sae_parse_commit(&wpa_s->sme.sae, data, len, NULL, NULL,
86f60848
JM		 1317 groups, status_code ==
1318 WLAN_STATUS_SAE_HASH_TO_ELEMENT);
6a58444d
JM		 1319 if (res == SAE_SILENTLY_DISCARD) {
1320 wpa_printf(MSG_DEBUG,
1321 "SAE: Drop commit message due to reflection attack");
1322 return 0;
1323 }
1324 if (res != WLAN_STATUS_SUCCESS)
21af6d15 1325 return -1;
146f6c9a 1326
444d76f7
JM		 1327 if (wpa_s->sme.sae.tmp &&
1328 sme_check_sae_rejected_groups(
1329 wpa_s,
c88e01e1 1330 wpa_s->sme.sae.tmp->peer_rejected_groups))
444d76f7
JM		 1331 return -1;
1332
146f6c9a
JM		 1333 if (sae_process_commit(&wpa_s->sme.sae) < 0) {
1334 wpa_printf(MSG_DEBUG, "SAE: Failed to process peer "
1335 "commit");
1336 return -1;
1337 }
1338
d136c376
JM		 1339 wpabuf_free(wpa_s->sme.sae_token);
1340 wpa_s->sme.sae_token = NULL;
5ff39c13
SD		 1341 if (!external)
1342 sme_send_authentication(wpa_s, wpa_s->current_bss,
1343 wpa_s->current_ssid, 0);
1344 else
1345 sme_external_auth_send_sae_confirm(wpa_s, sa);
c10347f2
JM		 1346 return 0;
1347 } else if (auth_transaction == 2) {
cfe1ea5c
JM		 1348 if (status_code != WLAN_STATUS_SUCCESS)
1349 return -1;
c10347f2 1350 wpa_dbg(wpa_s, MSG_DEBUG, "SME SAE confirm");
dd43026a 1351 if (wpa_s->sme.sae.state != SAE_CONFIRMED)
21af6d15 1352 return -1;
f2e9818f 1353 if (sae_check_confirm(&wpa_s->sme.sae, data, len) < 0)
21af6d15 1354 return -1;
dd43026a 1355 wpa_s->sme.sae.state = SAE_ACCEPTED;
b4fd3613 1356 sae_clear_temp_data(&wpa_s->sme.sae);
5ff39c13
SD		 1357
1358 if (external) {
1359 /* Report success to driver */
1360 sme_send_external_auth_status(wpa_s,
1361 WLAN_STATUS_SUCCESS);
1362 }
1363
c10347f2
JM		 1364 return 1;
1365 }
1366
1367 return -1;
1368}
5ff39c13
SD		 1369
1370
b7cd6487 1371static int sme_sae_set_pmk(struct wpa_supplicant *wpa_s, const u8 *bssid)
d2b20838
JM		 1372{
1373 wpa_printf(MSG_DEBUG,
1374 "SME: SAE completed - setting PMK for 4-way handshake");
1375 wpa_sm_set_pmk(wpa_s->wpa, wpa_s->sme.sae.pmk, PMK_LEN,
b7cd6487 1376 wpa_s->sme.sae.pmkid, bssid);
d2b20838
JM		 1377 if (wpa_s->conf->sae_pmkid_in_assoc) {
1378 /* Update the own RSNE contents now that we have set the PMK
1379 * and added a PMKSA cache entry based on the successfully
1380 * completed SAE exchange. In practice, this will add the PMKID
1381 * into RSNE. */
1382 if (wpa_s->sme.assoc_req_ie_len + 2 + PMKID_LEN >
1383 sizeof(wpa_s->sme.assoc_req_ie)) {
1384 wpa_msg(wpa_s, MSG_WARNING,
1385 "RSN: Not enough room for inserting own PMKID into RSNE");
1386 return -1;
1387 }
1388 if (wpa_insert_pmkid(wpa_s->sme.assoc_req_ie,
1389 &wpa_s->sme.assoc_req_ie_len,
1390 wpa_s->sme.sae.pmkid) < 0)
1391 return -1;
1392 wpa_hexdump(MSG_DEBUG,
1393 "SME: Updated Association Request IEs",
1394 wpa_s->sme.assoc_req_ie,
1395 wpa_s->sme.assoc_req_ie_len);
1396 }
1397
1398 return 0;
1399}
1400
1401
5ff39c13
SD		 1402void sme_external_auth_mgmt_rx(struct wpa_supplicant *wpa_s,
1403 const u8 *auth_frame, size_t len)
1404{
1405 const struct ieee80211_mgmt *header;
1406 size_t auth_length;
1407
1408 header = (const struct ieee80211_mgmt *) auth_frame;
1409 auth_length = IEEE80211_HDRLEN + sizeof(header->u.auth);
1410
1411 if (len < auth_length) {
1412 /* Notify failure to the driver */
1413 sme_send_external_auth_status(wpa_s,
1414 WLAN_STATUS_UNSPECIFIED_FAILURE);
1415 return;
1416 }
1417
fcb3f11e 1418 if (le_to_host16(header->u.auth.auth_alg) == WLAN_AUTH_SAE) {
5ff39c13
SD		 1419 int res;
1420
fcb3f11e
AP		 1421 res = sme_sae_auth(
1422 wpa_s, le_to_host16(header->u.auth.auth_transaction),
1423 le_to_host16(header->u.auth.status_code),
1424 header->u.auth.variable,
1425 len - auth_length, 1, header->sa);
5ff39c13
SD		 1426 if (res < 0) {
1427 /* Notify failure to the driver */
1428 sme_send_external_auth_status(
1429 wpa_s, WLAN_STATUS_UNSPECIFIED_FAILURE);
1430 return;
1431 }
1432 if (res != 1)
1433 return;
1434
b7cd6487 1435 if (sme_sae_set_pmk(wpa_s, wpa_s->sme.ext_auth_bssid) < 0)
d2b20838 1436 return;
5ff39c13
SD		 1437 }
1438}
1439
c10347f2
JM		 1440#endif /* CONFIG_SAE */
1441
1442
c2a04078
JM		 1443void sme_event_auth(struct wpa_supplicant *wpa_s, union wpa_event_data *data)
1444{
c2a04078
JM		 1445 struct wpa_ssid *ssid = wpa_s->current_ssid;
1446
1447 if (ssid == NULL) {
f049052b
BG		 1448 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Ignore authentication event "
1449 "when network is not selected");
c2a04078
JM		 1450 return;
1451 }
1452
1453 if (wpa_s->wpa_state != WPA_AUTHENTICATING) {
f049052b
BG		 1454 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Ignore authentication event "
1455 "when not in authenticating state");
c2a04078
JM		 1456 return;
1457 }
1458
1459 if (os_memcmp(wpa_s->pending_bssid, data->auth.peer, ETH_ALEN) != 0) {
f049052b
BG		 1460 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Ignore authentication with "
1461 "unexpected peer " MACSTR,
1462 MAC2STR(data->auth.peer));
c2a04078
JM		 1463 return;
1464 }
1465
f049052b 1466 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Authentication response: peer=" MACSTR
c10347f2 1467 " auth_type=%d auth_transaction=%d status_code=%d",
f049052b 1468 MAC2STR(data->auth.peer), data->auth.auth_type,
c10347f2 1469 data->auth.auth_transaction, data->auth.status_code);
c2a04078
JM		 1470 wpa_hexdump(MSG_MSGDUMP, "SME: Authentication response IEs",
1471 data->auth.ies, data->auth.ies_len);
1472
e29853bb
BG		 1473 eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL);
1474
c10347f2
JM		 1475#ifdef CONFIG_SAE
1476 if (data->auth.auth_type == WLAN_AUTH_SAE) {
21af6d15
JM		 1477 int res;
1478 res = sme_sae_auth(wpa_s, data->auth.auth_transaction,
1479 data->auth.status_code, data->auth.ies,
5ff39c13 1480 data->auth.ies_len, 0, NULL);
21af6d15
JM		 1481 if (res < 0) {
1482 wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
1483 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
1484
1485 }
1486 if (res != 1)
c10347f2 1487 return;
47b55a3e 1488
b7cd6487 1489 if (sme_sae_set_pmk(wpa_s, wpa_s->pending_bssid) < 0)
d2b20838 1490 return;
c10347f2
JM		 1491 }
1492#endif /* CONFIG_SAE */
1493
c2a04078 1494 if (data->auth.status_code != WLAN_STATUS_SUCCESS) {
ec4387f9
JM		 1495 char *ie_txt = NULL;
1496
1497 if (data->auth.ies && data->auth.ies_len) {
1498 size_t buflen = 2 * data->auth.ies_len + 1;
1499 ie_txt = os_malloc(buflen);
1500 if (ie_txt) {
1501 wpa_snprintf_hex(ie_txt, buflen, data->auth.ies,
1502 data->auth.ies_len);
1503 }
1504 }
1505 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_AUTH_REJECT MACSTR
5f11880f 1506 " auth_type=%u auth_transaction=%u status_code=%u%s%s",
ec4387f9
JM		 1507 MAC2STR(data->auth.peer), data->auth.auth_type,
1508 data->auth.auth_transaction, data->auth.status_code,
5f11880f
JM		 1509 ie_txt ? " ie=" : "",
1510 ie_txt ? ie_txt : "");
ec4387f9 1511 os_free(ie_txt);
cb1583f6 1512
af835d75
AB		 1513#ifdef CONFIG_FILS
1514 if (wpa_s->sme.auth_alg == WPA_AUTH_ALG_FILS ||
1515 wpa_s->sme.auth_alg == WPA_AUTH_ALG_FILS_SK_PFS)
1516 fils_connection_failure(wpa_s);
1517#endif /* CONFIG_FILS */
1518
cb1583f6
SO		 1519 if (data->auth.status_code !=
1520 WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG ||
1521 wpa_s->sme.auth_alg == data->auth.auth_type ||
7e6646c7 1522 wpa_s->current_ssid->auth_alg == WPA_AUTH_ALG_LEAP) {
0fb337c1 1523 wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
c1c02342 1524 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
cb1583f6 1525 return;
7e6646c7 1526 }
cb1583f6 1527
d9504779
JM		 1528 wpas_connect_work_done(wpa_s);
1529
cb1583f6
SO		 1530 switch (data->auth.auth_type) {
1531 case WLAN_AUTH_OPEN:
1532 wpa_s->current_ssid->auth_alg = WPA_AUTH_ALG_SHARED;
1533
f049052b 1534 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Trying SHARED auth");
cb1583f6
SO		 1535 wpa_supplicant_associate(wpa_s, wpa_s->current_bss,
1536 wpa_s->current_ssid);
1537 return;
1538
1539 case WLAN_AUTH_SHARED_KEY:
1540 wpa_s->current_ssid->auth_alg = WPA_AUTH_ALG_LEAP;
1541
f049052b 1542 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Trying LEAP auth");
cb1583f6
SO		 1543 wpa_supplicant_associate(wpa_s, wpa_s->current_bss,
1544 wpa_s->current_ssid);
1545 return;
1546
1547 default:
1548 return;
1549 }
c2a04078
JM		 1550 }
1551
1552#ifdef CONFIG_IEEE80211R
1553 if (data->auth.auth_type == WLAN_AUTH_FT) {
c6c41f6e
JM		 1554 const u8 *ric_ies = NULL;
1555 size_t ric_ies_len = 0;
1556
1557 if (wpa_s->ric_ies) {
1558 ric_ies = wpabuf_head(wpa_s->ric_ies);
1559 ric_ies_len = wpabuf_len(wpa_s->ric_ies);
1560 }
ee140ef9
JM		 1561 if (wpa_ft_process_response(wpa_s->wpa, data->auth.ies,
1562 data->auth.ies_len, 0,
c6c41f6e
JM		 1563 data->auth.peer,
1564 ric_ies, ric_ies_len) < 0) {
ee140ef9
JM		 1565 wpa_dbg(wpa_s, MSG_DEBUG,
1566 "SME: FT Authentication response processing failed");
1567 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DISCONNECTED "bssid="
1568 MACSTR
1569 " reason=%d locally_generated=1",
1570 MAC2STR(wpa_s->pending_bssid),
1571 WLAN_REASON_DEAUTH_LEAVING);
1572 wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
1573 wpa_supplicant_mark_disassoc(wpa_s);
1574 return;
1575 }
c2a04078
JM		 1576 }
1577#endif /* CONFIG_IEEE80211R */
1578
a6609937 1579#ifdef CONFIG_FILS
76e20f4f
JM		 1580 if (data->auth.auth_type == WLAN_AUTH_FILS_SK ||
1581 data->auth.auth_type == WLAN_AUTH_FILS_SK_PFS) {
1582 u16 expect_auth_type;
1583
1584 expect_auth_type = wpa_s->sme.auth_alg ==
1585 WPA_AUTH_ALG_FILS_SK_PFS ? WLAN_AUTH_FILS_SK_PFS :
1586 WLAN_AUTH_FILS_SK;
1587 if (data->auth.auth_type != expect_auth_type) {
1588 wpa_dbg(wpa_s, MSG_DEBUG,
1589 "SME: FILS Authentication response used different auth alg (%u; expected %u)",
1590 data->auth.auth_type, expect_auth_type);
1591 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DISCONNECTED "bssid="
1592 MACSTR
1593 " reason=%d locally_generated=1",
1594 MAC2STR(wpa_s->pending_bssid),
1595 WLAN_REASON_DEAUTH_LEAVING);
1596 wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
1597 wpa_supplicant_mark_disassoc(wpa_s);
1598 return;
1599 }
1600
ba9774bd
JM		 1601 if (fils_process_auth(wpa_s->wpa, wpa_s->pending_bssid,
1602 data->auth.ies, data->auth.ies_len) < 0) {
a6609937
JM		 1603 wpa_dbg(wpa_s, MSG_DEBUG,
1604 "SME: FILS Authentication response processing failed");
1605 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DISCONNECTED "bssid="
1606 MACSTR
1607 " reason=%d locally_generated=1",
1608 MAC2STR(wpa_s->pending_bssid),
1609 WLAN_REASON_DEAUTH_LEAVING);
1610 wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
1611 wpa_supplicant_mark_disassoc(wpa_s);
1612 return;
1613 }
1614 }
1615#endif /* CONFIG_FILS */
1616
71024cb2
JM		 1617 sme_associate(wpa_s, ssid->mode, data->auth.peer,
1618 data->auth.auth_type);
1619}
1620
1621
7d440a3b
JM		 1622#ifdef CONFIG_IEEE80211R
1623static void remove_ie(u8 *buf, size_t *len, u8 eid)
1624{
1625 u8 *pos, *next, *end;
1626
1627 pos = (u8 *) get_ie(buf, *len, eid);
1628 if (pos) {
1629 next = pos + 2 + pos[1];
1630 end = buf + *len;
1631 *len -= 2 + pos[1];
1632 os_memmove(pos, next, end - next);
1633 }
1634}
1635#endif /* CONFIG_IEEE80211R */
1636
1637
71024cb2
JM		 1638void sme_associate(struct wpa_supplicant *wpa_s, enum wpas_mode mode,
1639 const u8 *bssid, u16 auth_type)
1640{
1641 struct wpa_driver_associate_params params;
d9a27b04 1642 struct ieee802_11_elems elems;
86cd6928
JM		 1643#ifdef CONFIG_FILS
1644 u8 nonces[2 * FILS_NONCE_LEN];
1645#endif /* CONFIG_FILS */
80e8a5ee
BG		 1646#ifdef CONFIG_HT_OVERRIDES
1647 struct ieee80211_ht_capabilities htcaps;
1648 struct ieee80211_ht_capabilities htcaps_mask;
1649#endif /* CONFIG_HT_OVERRIDES */
e9ee8dc3
JB		 1650#ifdef CONFIG_VHT_OVERRIDES
1651 struct ieee80211_vht_capabilities vhtcaps;
1652 struct ieee80211_vht_capabilities vhtcaps_mask;
1653#endif /* CONFIG_VHT_OVERRIDES */
71024cb2 1654
c2a04078 1655 os_memset(&params, 0, sizeof(params));
86cd6928
JM		 1656
1657#ifdef CONFIG_FILS
76e20f4f
JM		 1658 if (auth_type == WLAN_AUTH_FILS_SK ||
1659 auth_type == WLAN_AUTH_FILS_SK_PFS) {
86cd6928
JM		 1660 struct wpabuf *buf;
1661 const u8 *snonce, *anonce;
5732b770
JM		 1662 const unsigned int max_hlp = 20;
1663 struct wpabuf *hlp[max_hlp];
1664 unsigned int i, num_hlp = 0;
1665 struct fils_hlp_req *req;
1666
1667 dl_list_for_each(req, &wpa_s->fils_hlp_req, struct fils_hlp_req,
1668 list) {
1669 hlp[num_hlp] = wpabuf_alloc(2 * ETH_ALEN + 6 +
1670 wpabuf_len(req->pkt));
1671 if (!hlp[num_hlp])
1672 break;
1673 wpabuf_put_data(hlp[num_hlp], req->dst, ETH_ALEN);
1674 wpabuf_put_data(hlp[num_hlp], wpa_s->own_addr,
1675 ETH_ALEN);
1676 wpabuf_put_data(hlp[num_hlp],
1677 "\xaa\xaa\x03\x00\x00\x00", 6);
1678 wpabuf_put_buf(hlp[num_hlp], req->pkt);
1679 num_hlp++;
1680 if (num_hlp >= max_hlp)
1681 break;
1682 }
86cd6928
JM		 1683
1684 buf = fils_build_assoc_req(wpa_s->wpa, &params.fils_kek,
1685 &params.fils_kek_len, &snonce,
5732b770
JM		 1686 &anonce,
1687 (const struct wpabuf **) hlp,
1688 num_hlp);
1689 for (i = 0; i < num_hlp; i++)
1690 wpabuf_free(hlp[i]);
86cd6928
JM		 1691 if (!buf)
1692 return;
7d440a3b
JM		 1693 wpa_hexdump(MSG_DEBUG, "FILS: assoc_req before FILS elements",
1694 wpa_s->sme.assoc_req_ie,
1695 wpa_s->sme.assoc_req_ie_len);
1696#ifdef CONFIG_IEEE80211R
1697 if (wpa_key_mgmt_ft(wpa_s->key_mgmt)) {
1698 /* Remove RSNE and MDE to allow them to be overridden
1699 * with FILS+FT specific values from
1700 * fils_build_assoc_req(). */
1701 remove_ie(wpa_s->sme.assoc_req_ie,
1702 &wpa_s->sme.assoc_req_ie_len,
1703 WLAN_EID_RSN);
1704 wpa_hexdump(MSG_DEBUG,
1705 "FILS: assoc_req after RSNE removal",
1706 wpa_s->sme.assoc_req_ie,
1707 wpa_s->sme.assoc_req_ie_len);
1708 remove_ie(wpa_s->sme.assoc_req_ie,
1709 &wpa_s->sme.assoc_req_ie_len,
1710 WLAN_EID_MOBILITY_DOMAIN);
1711 wpa_hexdump(MSG_DEBUG,
1712 "FILS: assoc_req after MDE removal",
1713 wpa_s->sme.assoc_req_ie,
1714 wpa_s->sme.assoc_req_ie_len);
1715 }
1716#endif /* CONFIG_IEEE80211R */
86cd6928
JM		 1717 /* TODO: Make wpa_s->sme.assoc_req_ie use dynamic allocation */
1718 if (wpa_s->sme.assoc_req_ie_len + wpabuf_len(buf) >
1719 sizeof(wpa_s->sme.assoc_req_ie)) {
1720 wpa_printf(MSG_ERROR,
1721 "FILS: Not enough buffer room for own AssocReq elements");
1722 wpabuf_free(buf);
1723 return;
1724 }
1725 os_memcpy(wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len,
1726 wpabuf_head(buf), wpabuf_len(buf));
1727 wpa_s->sme.assoc_req_ie_len += wpabuf_len(buf);
1728 wpabuf_free(buf);
7d440a3b
JM		 1729 wpa_hexdump(MSG_DEBUG, "FILS: assoc_req after FILS elements",
1730 wpa_s->sme.assoc_req_ie,
1731 wpa_s->sme.assoc_req_ie_len);
86cd6928
JM		 1732
1733 os_memcpy(nonces, snonce, FILS_NONCE_LEN);
1734 os_memcpy(nonces + FILS_NONCE_LEN, anonce, FILS_NONCE_LEN);
1735 params.fils_nonces = nonces;
1736 params.fils_nonces_len = sizeof(nonces);
1737 }
1738#endif /* CONFIG_FILS */
1739
0a614799 1740#ifdef CONFIG_OWE
265bda34
JM		 1741#ifdef CONFIG_TESTING_OPTIONS
1742 if (get_ie_ext(wpa_s->sme.assoc_req_ie, wpa_s->sme.assoc_req_ie_len,
1743 WLAN_EID_EXT_OWE_DH_PARAM)) {
1744 wpa_printf(MSG_INFO, "TESTING: Override OWE DH element");
1745 } else
1746#endif /* CONFIG_TESTING_OPTIONS */
0a614799
JM		 1747 if (auth_type == WLAN_AUTH_OPEN &&
1748 wpa_s->key_mgmt == WPA_KEY_MGMT_OWE) {
1749 struct wpabuf *owe_ie;
2cb40e9f 1750 u16 group;
0a614799 1751
2cb40e9f 1752 if (wpa_s->current_ssid && wpa_s->current_ssid->owe_group) {
ec9f4837 1753 group = wpa_s->current_ssid->owe_group;
698c9e20
AK		 1754 } else if (wpa_s->assoc_status_code ==
1755 WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED) {
2cb40e9f
JM		 1756 if (wpa_s->last_owe_group == 19)
1757 group = 20;
1758 else if (wpa_s->last_owe_group == 20)
1759 group = 21;
1760 else
1761 group = OWE_DH_GROUP;
698c9e20
AK		 1762 } else {
1763 group = OWE_DH_GROUP;
2cb40e9f 1764 }
698c9e20 1765
2cb40e9f
JM		 1766 wpa_s->last_owe_group = group;
1767 wpa_printf(MSG_DEBUG, "OWE: Try to use group %u", group);
ec9f4837 1768 owe_ie = owe_build_assoc_req(wpa_s->wpa, group);
0a614799
JM		 1769 if (!owe_ie) {
1770 wpa_printf(MSG_ERROR,
1771 "OWE: Failed to build IE for Association Request frame");
1772 return;
1773 }
1774 if (wpa_s->sme.assoc_req_ie_len + wpabuf_len(owe_ie) >
1775 sizeof(wpa_s->sme.assoc_req_ie)) {
1776 wpa_printf(MSG_ERROR,
1777 "OWE: Not enough buffer room for own Association Request frame elements");
1778 wpabuf_free(owe_ie);
1779 return;
1780 }
1781 os_memcpy(wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len,
1782 wpabuf_head(owe_ie), wpabuf_len(owe_ie));
1783 wpa_s->sme.assoc_req_ie_len += wpabuf_len(owe_ie);
1784 wpabuf_free(owe_ie);
1785 }
1786#endif /* CONFIG_OWE */
1787
10ec6a5f
JM		 1788#ifdef CONFIG_DPP2
1789 if (wpa_s->key_mgmt == WPA_KEY_MGMT_DPP && wpa_s->current_ssid &&
1790 wpa_s->current_ssid->dpp_netaccesskey) {
1791 struct wpa_ssid *ssid = wpa_s->current_ssid;
1792
1793 dpp_pfs_free(wpa_s->dpp_pfs);
1794 wpa_s->dpp_pfs = dpp_pfs_init(ssid->dpp_netaccesskey,
1795 ssid->dpp_netaccesskey_len);
1796 if (!wpa_s->dpp_pfs) {
1797 wpa_printf(MSG_DEBUG, "DPP: Could not initialize PFS");
1798 /* Try to continue without PFS */
1799 goto pfs_fail;
1800 }
1801 if (wpa_s->sme.assoc_req_ie_len +
1802 wpabuf_len(wpa_s->dpp_pfs->ie) >
1803 sizeof(wpa_s->sme.assoc_req_ie)) {
1804 wpa_printf(MSG_ERROR,
1805 "DPP: Not enough buffer room for own Association Request frame elements");
1806 dpp_pfs_free(wpa_s->dpp_pfs);
1807 wpa_s->dpp_pfs = NULL;
1808 goto pfs_fail;
1809 }
1810 os_memcpy(wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len,
1811 wpabuf_head(wpa_s->dpp_pfs->ie),
1812 wpabuf_len(wpa_s->dpp_pfs->ie));
1813 wpa_s->sme.assoc_req_ie_len += wpabuf_len(wpa_s->dpp_pfs->ie);
1814 }
1815pfs_fail:
1816#endif /* CONFIG_DPP2 */
1817
5abc7823
VN		 1818 if (wpa_s->current_ssid && wpa_s->current_ssid->multi_ap_backhaul_sta) {
1819 size_t multi_ap_ie_len;
1820
1821 multi_ap_ie_len = add_multi_ap_ie(
1822 wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len,
1823 sizeof(wpa_s->sme.assoc_req_ie) -
1824 wpa_s->sme.assoc_req_ie_len,
1825 MULTI_AP_BACKHAUL_STA);
1826 if (multi_ap_ie_len == 0) {
1827 wpa_printf(MSG_ERROR,
1828 "Multi-AP: Failed to build Multi-AP IE");
1829 return;
1830 }
1831 wpa_s->sme.assoc_req_ie_len += multi_ap_ie_len;
1832 }
1833
71024cb2 1834 params.bssid = bssid;
c2a04078
JM		 1835 params.ssid = wpa_s->sme.ssid;
1836 params.ssid_len = wpa_s->sme.ssid_len;
4ec68377 1837 params.freq.freq = wpa_s->sme.freq;
1f6c0ab8
BS		 1838 params.bg_scan_period = wpa_s->current_ssid ?
1839 wpa_s->current_ssid->bg_scan_period : -1;
c2a04078
JM		 1840 params.wpa_ie = wpa_s->sme.assoc_req_ie_len ?
1841 wpa_s->sme.assoc_req_ie : NULL;
1842 params.wpa_ie_len = wpa_s->sme.assoc_req_ie_len;
8c41734e
JM		 1843 wpa_hexdump(MSG_DEBUG, "SME: Association Request IEs",
1844 params.wpa_ie, params.wpa_ie_len);
4848a38d
JM		 1845 params.pairwise_suite = wpa_s->pairwise_cipher;
1846 params.group_suite = wpa_s->group_cipher;
61a56c14 1847 params.mgmt_group_suite = wpa_s->mgmt_group_cipher;
163f801e
JM		 1848 params.key_mgmt_suite = wpa_s->key_mgmt;
1849 params.wpa_proto = wpa_s->wpa_proto;
80e8a5ee
BG		 1850#ifdef CONFIG_HT_OVERRIDES
1851 os_memset(&htcaps, 0, sizeof(htcaps));
1852 os_memset(&htcaps_mask, 0, sizeof(htcaps_mask));
1853 params.htcaps = (u8 *) &htcaps;
1854 params.htcaps_mask = (u8 *) &htcaps_mask;
1855 wpa_supplicant_apply_ht_overrides(wpa_s, wpa_s->current_ssid, &params);
1856#endif /* CONFIG_HT_OVERRIDES */
e9ee8dc3
JB		 1857#ifdef CONFIG_VHT_OVERRIDES
1858 os_memset(&vhtcaps, 0, sizeof(vhtcaps));
1859 os_memset(&vhtcaps_mask, 0, sizeof(vhtcaps_mask));
1860 params.vhtcaps = &vhtcaps;
1861 params.vhtcaps_mask = &vhtcaps_mask;
1862 wpa_supplicant_apply_vht_overrides(wpa_s, wpa_s->current_ssid, &params);
1863#endif /* CONFIG_VHT_OVERRIDES */
c2a04078 1864#ifdef CONFIG_IEEE80211R
8c41734e
JM		 1865 if (auth_type == WLAN_AUTH_FT && wpa_s->sme.ft_ies &&
1866 get_ie(wpa_s->sme.ft_ies, wpa_s->sme.ft_ies_len,
1867 WLAN_EID_RIC_DATA)) {
1868 /* There seems to be a pretty inconvenient bug in the Linux
1869 * kernel IE splitting functionality when RIC is used. For now,
1870 * skip correct behavior in IE construction here (i.e., drop the
1871 * additional non-FT-specific IEs) to avoid kernel issues. This
1872 * is fine since RIC is used only for testing purposes in the
1873 * current implementation. */
1874 wpa_printf(MSG_INFO,
1875 "SME: Linux kernel workaround - do not try to include additional IEs with RIC");
c2a04078
JM		 1876 params.wpa_ie = wpa_s->sme.ft_ies;
1877 params.wpa_ie_len = wpa_s->sme.ft_ies_len;
8c41734e
JM		 1878 } else if (auth_type == WLAN_AUTH_FT && wpa_s->sme.ft_ies) {
1879 const u8 *rm_en, *pos, *end;
1880 size_t rm_en_len = 0;
1881 u8 *rm_en_dup = NULL, *wpos;
1882
1883 /* Remove RSNE, MDE, FTE to allow them to be overridden with
1884 * FT specific values */
1885 remove_ie(wpa_s->sme.assoc_req_ie,
1886 &wpa_s->sme.assoc_req_ie_len,
1887 WLAN_EID_RSN);
1888 remove_ie(wpa_s->sme.assoc_req_ie,
1889 &wpa_s->sme.assoc_req_ie_len,
1890 WLAN_EID_MOBILITY_DOMAIN);
1891 remove_ie(wpa_s->sme.assoc_req_ie,
1892 &wpa_s->sme.assoc_req_ie_len,
1893 WLAN_EID_FAST_BSS_TRANSITION);
1894 rm_en = get_ie(wpa_s->sme.assoc_req_ie,
1895 wpa_s->sme.assoc_req_ie_len,
1896 WLAN_EID_RRM_ENABLED_CAPABILITIES);
1897 if (rm_en) {
1898 /* Need to remove RM Enabled Capabilities element as
1899 * well temporarily, so that it can be placed between
1900 * RSNE and MDE. */
1901 rm_en_len = 2 + rm_en[1];
1902 rm_en_dup = os_memdup(rm_en, rm_en_len);
1903 remove_ie(wpa_s->sme.assoc_req_ie,
1904 &wpa_s->sme.assoc_req_ie_len,
1905 WLAN_EID_RRM_ENABLED_CAPABILITIES);
1906 }
1907 wpa_hexdump(MSG_DEBUG,
1908 "SME: Association Request IEs after FT IE removal",
1909 wpa_s->sme.assoc_req_ie,
1910 wpa_s->sme.assoc_req_ie_len);
1911 if (wpa_s->sme.assoc_req_ie_len + wpa_s->sme.ft_ies_len +
1912 rm_en_len > sizeof(wpa_s->sme.assoc_req_ie)) {
1913 wpa_printf(MSG_ERROR,
1914 "SME: Not enough buffer room for FT IEs in Association Request frame");
1915 os_free(rm_en_dup);
1916 return;
1917 }
1918
1919 os_memmove(wpa_s->sme.assoc_req_ie + wpa_s->sme.ft_ies_len +
1920 rm_en_len,
1921 wpa_s->sme.assoc_req_ie,
1922 wpa_s->sme.assoc_req_ie_len);
1923 pos = wpa_s->sme.ft_ies;
1924 end = pos + wpa_s->sme.ft_ies_len;
1925 wpos = wpa_s->sme.assoc_req_ie;
1926 if (*pos == WLAN_EID_RSN) {
1927 os_memcpy(wpos, pos, 2 + pos[1]);
1928 wpos += 2 + pos[1];
1929 pos += 2 + pos[1];
1930 }
1931 if (rm_en_dup) {
1932 os_memcpy(wpos, rm_en_dup, rm_en_len);
1933 wpos += rm_en_len;
1934 os_free(rm_en_dup);
1935 }
1936 os_memcpy(wpos, pos, end - pos);
1937 wpa_s->sme.assoc_req_ie_len += wpa_s->sme.ft_ies_len +
1938 rm_en_len;
1939 params.wpa_ie = wpa_s->sme.assoc_req_ie;
1940 params.wpa_ie_len = wpa_s->sme.assoc_req_ie_len;
1941 wpa_hexdump(MSG_DEBUG,
1942 "SME: Association Request IEs after FT override",
1943 params.wpa_ie, params.wpa_ie_len);
c2a04078
JM		 1944 }
1945#endif /* CONFIG_IEEE80211R */
71024cb2 1946 params.mode = mode;
c2a04078 1947 params.mgmt_frame_protection = wpa_s->sme.mfp;
b361d580 1948 params.rrm_used = wpa_s->rrm.rrm_used;
62fa124c
JM		 1949 if (wpa_s->sme.prev_bssid_set)
1950 params.prev_bssid = wpa_s->sme.prev_bssid;
c2a04078
JM		 1951
1952 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
1953 " (SSID='%s' freq=%d MHz)", MAC2STR(params.bssid),
1954 params.ssid ? wpa_ssid_txt(params.ssid, params.ssid_len) : "",
4ec68377 1955 params.freq.freq);
c2a04078
JM		 1956
1957 wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
1958
9efc3f2a
JM		 1959 if (params.wpa_ie == NULL ||
1960 ieee802_11_parse_elems(params.wpa_ie, params.wpa_ie_len, &elems, 0)
d9a27b04 1961 < 0) {
f049052b 1962 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Could not parse own IEs?!");
d9a27b04
JM		 1963 os_memset(&elems, 0, sizeof(elems));
1964 }
64fa840a
JM		 1965 if (elems.rsn_ie) {
1966 params.wpa_proto = WPA_PROTO_RSN;
d9a27b04
JM		 1967 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, elems.rsn_ie - 2,
1968 elems.rsn_ie_len + 2);
64fa840a
JM		 1969 } else if (elems.wpa_ie) {
1970 params.wpa_proto = WPA_PROTO_WPA;
d9a27b04
JM		 1971 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, elems.wpa_ie - 2,
1972 elems.wpa_ie_len + 2);
df0f01d9
JM		 1973 } else if (elems.osen) {
1974 params.wpa_proto = WPA_PROTO_OSEN;
1975 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, elems.osen - 2,
1976 elems.osen_len + 2);
64fa840a 1977 } else
d9a27b04 1978 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
6d6c8877
JM		 1979 if (elems.rsnxe)
1980 wpa_sm_set_assoc_rsnxe(wpa_s->wpa, elems.rsnxe - 2,
1981 elems.rsnxe_len + 2);
1982 else
1983 wpa_sm_set_assoc_rsnxe(wpa_s->wpa, NULL, 0);
ffad8858 1984 if (wpa_s->current_ssid && wpa_s->current_ssid->p2p_group)
6e3f4b89 1985 params.p2p = 1;
d9a27b04 1986
ba307f85
LD		 1987 if (wpa_s->p2pdev->set_sta_uapsd)
1988 params.uapsd = wpa_s->p2pdev->sta_uapsd;
eea2fd9e
JM		 1989 else
1990 params.uapsd = -1;
1991
c2a04078 1992 if (wpa_drv_associate(wpa_s, &params) < 0) {
f049052b
BG		 1993 wpa_msg(wpa_s, MSG_INFO, "SME: Association request to the "
1994 "driver failed");
e5ad96b7 1995 wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
c1c02342 1996 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
e5ad96b7 1997 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
c2a04078
JM		 1998 return;
1999 }
2000
e29853bb
BG		 2001 eloop_register_timeout(SME_ASSOC_TIMEOUT, 0, sme_assoc_timer, wpa_s,
2002 NULL);
daa40960
JM		 2003
2004#ifdef CONFIG_TESTING_OPTIONS
2005 wpabuf_free(wpa_s->last_assoc_req_wpa_ie);
2006 wpa_s->last_assoc_req_wpa_ie = NULL;
2007 if (params.wpa_ie)
2008 wpa_s->last_assoc_req_wpa_ie =
2009 wpabuf_alloc_copy(params.wpa_ie, params.wpa_ie_len);
2010#endif /* CONFIG_TESTING_OPTIONS */
c2a04078
JM		 2011}
2012
2013
2014int sme_update_ft_ies(struct wpa_supplicant *wpa_s, const u8 *md,
2015 const u8 *ies, size_t ies_len)
2016{
2017 if (md == NULL || ies == NULL) {
f049052b 2018 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Remove mobility domain");
c2a04078
JM		 2019 os_free(wpa_s->sme.ft_ies);
2020 wpa_s->sme.ft_ies = NULL;
2021 wpa_s->sme.ft_ies_len = 0;
2022 wpa_s->sme.ft_used = 0;
2023 return 0;
2024 }
2025
2026 os_memcpy(wpa_s->sme.mobility_domain, md, MOBILITY_DOMAIN_ID_LEN);
2027 wpa_hexdump(MSG_DEBUG, "SME: FT IEs", ies, ies_len);
2028 os_free(wpa_s->sme.ft_ies);
a1f11e34 2029 wpa_s->sme.ft_ies = os_memdup(ies, ies_len);
c2a04078
JM		 2030 if (wpa_s->sme.ft_ies == NULL)
2031 return -1;
c2a04078
JM		 2032 wpa_s->sme.ft_ies_len = ies_len;
2033 return 0;
2034}
efa46078
JM		 2035
2036
e29853bb 2037static void sme_deauth(struct wpa_supplicant *wpa_s)
efa46078 2038{
8bac466b
JM		 2039 int bssid_changed;
2040
8bac466b 2041 bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
76d11d3f 2042
76d11d3f
JM		 2043 if (wpa_drv_deauthenticate(wpa_s, wpa_s->pending_bssid,
2044 WLAN_REASON_DEAUTH_LEAVING) < 0) {
f049052b
BG		 2045 wpa_msg(wpa_s, MSG_INFO, "SME: Deauth request to the driver "
2046 "failed");
76d11d3f 2047 }
62fa124c 2048 wpa_s->sme.prev_bssid_set = 0;
76d11d3f 2049
0fb337c1 2050 wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
76d11d3f 2051 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
efa46078
JM		 2052 os_memset(wpa_s->bssid, 0, ETH_ALEN);
2053 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
8bac466b
JM		 2054 if (bssid_changed)
2055 wpas_notify_bssid_changed(wpa_s);
efa46078 2056}
da1fb17c
JM		 2057
2058
e29853bb
BG		 2059void sme_event_assoc_reject(struct wpa_supplicant *wpa_s,
2060 union wpa_event_data *data)
2061{
2062 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Association with " MACSTR " failed: "
2063 "status code %d", MAC2STR(wpa_s->pending_bssid),
2064 data->assoc_reject.status_code);
2065
2066 eloop_cancel_timeout(sme_assoc_timer, wpa_s, NULL);
2067
bc26ac50
JM		 2068#ifdef CONFIG_SAE
2069 if (wpa_s->sme.sae_pmksa_caching && wpa_s->current_ssid &&
2070 wpa_key_mgmt_sae(wpa_s->current_ssid->key_mgmt)) {
2071 wpa_dbg(wpa_s, MSG_DEBUG,
2072 "PMKSA caching attempt rejected - drop PMKSA cache entry and fall back to SAE authentication");
2073 wpa_sm_aborted_cached(wpa_s->wpa);
2074 wpa_sm_pmksa_cache_flush(wpa_s->wpa, wpa_s->current_ssid);
2075 if (wpa_s->current_bss) {
2076 struct wpa_bss *bss = wpa_s->current_bss;
2077 struct wpa_ssid *ssid = wpa_s->current_ssid;
2078
2079 wpa_drv_deauthenticate(wpa_s, wpa_s->pending_bssid,
2080 WLAN_REASON_DEAUTH_LEAVING);
2081 wpas_connect_work_done(wpa_s);
2082 wpa_supplicant_mark_disassoc(wpa_s);
2083 wpa_supplicant_connect(wpa_s, bss, ssid);
2084 return;
2085 }
2086 }
2087#endif /* CONFIG_SAE */
2088
e29853bb
BG		 2089 /*
2090 * For now, unconditionally terminate the previous authentication. In
2091 * theory, this should not be needed, but mac80211 gets quite confused
2092 * if the authentication is left pending.. Some roaming cases might
2093 * benefit from using the previous authentication, so this could be
2094 * optimized in the future.
2095 */
2096 sme_deauth(wpa_s);
2097}
2098
2099
da1fb17c
JM		 2100void sme_event_auth_timed_out(struct wpa_supplicant *wpa_s,
2101 union wpa_event_data *data)
2102{
f049052b 2103 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Authentication timed out");
0fb337c1 2104 wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
1193dc8f 2105 wpa_supplicant_mark_disassoc(wpa_s);
da1fb17c
JM		 2106}
2107
2108
2109void sme_event_assoc_timed_out(struct wpa_supplicant *wpa_s,
2110 union wpa_event_data *data)
2111{
f049052b 2112 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Association timed out");
0fb337c1 2113 wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
da1fb17c 2114 wpa_supplicant_mark_disassoc(wpa_s);
da1fb17c 2115}
a84ed99e
JM		 2116
2117
2118void sme_event_disassoc(struct wpa_supplicant *wpa_s,
d7df0fa7 2119 struct disassoc_info *info)
a84ed99e 2120{
f049052b 2121 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Disassociation event received");
17fbb751 2122 if (wpa_s->sme.prev_bssid_set) {
a84ed99e
JM		 2123 /*
2124 * cfg80211/mac80211 can get into somewhat confused state if
2125 * the AP only disassociates us and leaves us in authenticated
2126 * state. For now, force the state to be cleared to avoid
2127 * confusing errors if we try to associate with the AP again.
2128 */
f049052b
BG		 2129 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Deauthenticate to clear "
2130 "driver state");
7e26053a 2131 wpa_drv_deauthenticate(wpa_s, wpa_s->sme.prev_bssid,
a84ed99e
JM		 2132 WLAN_REASON_DEAUTH_LEAVING);
2133 }
2134}
7d878ca7
JM		 2135
2136
e29853bb
BG		 2137static void sme_auth_timer(void *eloop_ctx, void *timeout_ctx)
2138{
2139 struct wpa_supplicant *wpa_s = eloop_ctx;
2140 if (wpa_s->wpa_state == WPA_AUTHENTICATING) {
2141 wpa_msg(wpa_s, MSG_DEBUG, "SME: Authentication timeout");
2142 sme_deauth(wpa_s);
2143 }
2144}
2145
2146
2147static void sme_assoc_timer(void *eloop_ctx, void *timeout_ctx)
2148{
2149 struct wpa_supplicant *wpa_s = eloop_ctx;
2150 if (wpa_s->wpa_state == WPA_ASSOCIATING) {
2151 wpa_msg(wpa_s, MSG_DEBUG, "SME: Association timeout");
2152 sme_deauth(wpa_s);
2153 }
2154}
2155
2156
2157void sme_state_changed(struct wpa_supplicant *wpa_s)
2158{
2159 /* Make sure timers are cleaned up appropriately. */
2160 if (wpa_s->wpa_state != WPA_ASSOCIATING)
2161 eloop_cancel_timeout(sme_assoc_timer, wpa_s, NULL);
2162 if (wpa_s->wpa_state != WPA_AUTHENTICATING)
2163 eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL);
2164}
2165
2166
2167void sme_disassoc_while_authenticating(struct wpa_supplicant *wpa_s,
2168 const u8 *prev_pending_bssid)
2169{
2170 /*
2171 * mac80211-workaround to force deauth on failed auth cmd,
2172 * requires us to remain in authenticating state to allow the
2173 * second authentication attempt to be continued properly.
2174 */
2175 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Allow pending authentication "
2176 "to proceed after disconnection event");
2177 wpa_supplicant_set_state(wpa_s, WPA_AUTHENTICATING);
2178 os_memcpy(wpa_s->pending_bssid, prev_pending_bssid, ETH_ALEN);
2179
2180 /*
2181 * Re-arm authentication timer in case auth fails for whatever reason.
2182 */
2183 eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL);
2184 eloop_register_timeout(SME_AUTH_TIMEOUT, 0, sme_auth_timer, wpa_s,
2185 NULL);
2186}
2187
2188
4e70bbf1
JM		 2189void sme_clear_on_disassoc(struct wpa_supplicant *wpa_s)
2190{
2191 wpa_s->sme.prev_bssid_set = 0;
2192#ifdef CONFIG_SAE
2193 wpabuf_free(wpa_s->sme.sae_token);
2194 wpa_s->sme.sae_token = NULL;
2195 sae_clear_data(&wpa_s->sme.sae);
2196#endif /* CONFIG_SAE */
2197#ifdef CONFIG_IEEE80211R
60a5737e 2198 if (wpa_s->sme.ft_ies || wpa_s->sme.ft_used)
4e70bbf1
JM		 2199 sme_update_ft_ies(wpa_s, NULL, NULL, 0);
2200#endif /* CONFIG_IEEE80211R */
01ac337b 2201 sme_stop_sa_query(wpa_s);
4e70bbf1
JM		 2202}
2203
2204
e29853bb
BG		 2205void sme_deinit(struct wpa_supplicant *wpa_s)
2206{
4e70bbf1 2207 sme_clear_on_disassoc(wpa_s);
447cd5f2
JM		 2208#ifdef CONFIG_SAE
2209 os_free(wpa_s->sme.sae_rejected_groups);
2210 wpa_s->sme.sae_rejected_groups = NULL;
2211#endif /* CONFIG_SAE */
e29853bb
BG		 2212
2213 eloop_cancel_timeout(sme_assoc_timer, wpa_s, NULL);
2214 eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL);
c3701c66
RM		 2215 eloop_cancel_timeout(sme_obss_scan_timeout, wpa_s, NULL);
2216}
2217
2218
2219static void sme_send_2040_bss_coex(struct wpa_supplicant *wpa_s,
2220 const u8 *chan_list, u8 num_channels,
2221 u8 num_intol)
2222{
2223 struct ieee80211_2040_bss_coex_ie *bc_ie;
2224 struct ieee80211_2040_intol_chan_report *ic_report;
2225 struct wpabuf *buf;
2226
31ded52e
JM		 2227 wpa_printf(MSG_DEBUG, "SME: Send 20/40 BSS Coexistence to " MACSTR
2228 " (num_channels=%u num_intol=%u)",
2229 MAC2STR(wpa_s->bssid), num_channels, num_intol);
2230 wpa_hexdump(MSG_DEBUG, "SME: 20/40 BSS Intolerant Channels",
2231 chan_list, num_channels);
c3701c66
RM		 2232
2233 buf = wpabuf_alloc(2 + /* action.category + action_code */
2234 sizeof(struct ieee80211_2040_bss_coex_ie) +
2235 sizeof(struct ieee80211_2040_intol_chan_report) +
2236 num_channels);
2237 if (buf == NULL)
2238 return;
2239
2240 wpabuf_put_u8(buf, WLAN_ACTION_PUBLIC);
2241 wpabuf_put_u8(buf, WLAN_PA_20_40_BSS_COEX);
2242
2243 bc_ie = wpabuf_put(buf, sizeof(*bc_ie));
2244 bc_ie->element_id = WLAN_EID_20_40_BSS_COEXISTENCE;
2245 bc_ie->length = 1;
2246 if (num_intol)
2247 bc_ie->coex_param |= WLAN_20_40_BSS_COEX_20MHZ_WIDTH_REQ;
2248
2249 if (num_channels > 0) {
2250 ic_report = wpabuf_put(buf, sizeof(*ic_report));
2251 ic_report->element_id = WLAN_EID_20_40_BSS_INTOLERANT;
2252 ic_report->length = num_channels + 1;
2253 ic_report->op_class = 0;
2254 os_memcpy(wpabuf_put(buf, num_channels), chan_list,
2255 num_channels);
2256 }
2257
2258 if (wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
2259 wpa_s->own_addr, wpa_s->bssid,
2260 wpabuf_head(buf), wpabuf_len(buf), 0) < 0) {
2261 wpa_msg(wpa_s, MSG_INFO,
2262 "SME: Failed to send 20/40 BSS Coexistence frame");
2263 }
2264
2265 wpabuf_free(buf);
2266}
2267
2268
3204795d
SM		 2269int sme_proc_obss_scan(struct wpa_supplicant *wpa_s,
2270 struct wpa_scan_results *scan_res)
c3701c66 2271{
c3701c66 2272 const u8 *ie;
c3701c66
RM		 2273 u8 chan_list[P2P_MAX_CHANNELS], channel;
2274 u8 num_channels = 0, num_intol = 0, i;
3204795d
SM		 2275 size_t j;
2276 int pri_freq, sec_freq;
c3701c66
RM		 2277
2278 if (!wpa_s->sme.sched_obss_scan)
2279 return 0;
2280
2281 wpa_s->sme.sched_obss_scan = 0;
2282 if (!wpa_s->current_bss || wpa_s->wpa_state != WPA_COMPLETED)
2283 return 1;
2284
2285 /*
2286 * Check whether AP uses regulatory triplet or channel triplet in
2287 * country info. Right now the operating class of the BSS channel
2288 * width trigger event is "unknown" (IEEE Std 802.11-2012 10.15.12),
2289 * based on the assumption that operating class triplet is not used in
2290 * beacon frame. If the First Channel Number/Operating Extension
2291 * Identifier octet has a positive integer value of 201 or greater,
2292 * then its operating class triplet.
2293 *
2294 * TODO: If Supported Operating Classes element is present in beacon
2295 * frame, have to lookup operating class in Annex E and fill them in
2296 * 2040 coex frame.
2297 */
2298 ie = wpa_bss_get_ie(wpa_s->current_bss, WLAN_EID_COUNTRY);
2299 if (ie && (ie[1] >= 6) && (ie[5] >= 201))
2300 return 1;
2301
2302 os_memset(chan_list, 0, sizeof(chan_list));
2303
3204795d
SM		 2304 pri_freq = wpa_s->assoc_freq;
2305
2306 switch (wpa_s->sme.ht_sec_chan) {
2307 case HT_SEC_CHAN_ABOVE:
2308 sec_freq = pri_freq + 20;
2309 break;
2310 case HT_SEC_CHAN_BELOW:
2311 sec_freq = pri_freq - 20;
2312 break;
2313 case HT_SEC_CHAN_UNKNOWN:
2314 default:
2315 wpa_msg(wpa_s, MSG_WARNING,
2316 "Undefined secondary channel: drop OBSS scan results");
2317 return 1;
2318 }
2319
2320 for (j = 0; j < scan_res->num; j++) {
2321 struct wpa_scan_res *bss = scan_res->res[j];
e864c0ae 2322 enum hostapd_hw_mode mode;
3204795d
SM		 2323 int res;
2324
2325 /* Skip other band bss */
e864c0ae
JM		 2326 mode = ieee80211_freq_to_chan(bss->freq, &channel);
2327 if (mode != HOSTAPD_MODE_IEEE80211G &&
2328 mode != HOSTAPD_MODE_IEEE80211B)
c3701c66
RM		 2329 continue;
2330
3204795d
SM		 2331 res = check_bss_coex_40mhz(bss, pri_freq, sec_freq);
2332 if (res) {
2333 if (res == 2)
7f8eb34d
JM		 2334 num_intol++;
2335
c3701c66
RM		 2336 /* Check whether the channel is already considered */
2337 for (i = 0; i < num_channels; i++) {
2338 if (channel == chan_list[i])
2339 break;
2340 }
2341 if (i != num_channels)
2342 continue;
2343
c3701c66
RM		 2344 chan_list[num_channels++] = channel;
2345 }
2346 }
2347
2348 sme_send_2040_bss_coex(wpa_s, chan_list, num_channels, num_intol);
2349 return 1;
2350}
2351
2352
d97a3c48
JM		 2353static void wpa_obss_scan_freqs_list(struct wpa_supplicant *wpa_s,
2354 struct wpa_driver_scan_params *params)
6434ad09 2355{
d97a3c48 2356 /* Include only affected channels */
6434ad09
JM		 2357 struct hostapd_hw_modes *mode;
2358 int count, i;
d97a3c48 2359 int start, end;
6434ad09 2360
d97a3c48 2361 mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes,
d0e116f6 2362 HOSTAPD_MODE_IEEE80211G, 0);
6434ad09
JM		 2363 if (mode == NULL) {
2364 /* No channels supported in this band - use empty list */
2365 params->freqs = os_zalloc(sizeof(int));
2366 return;
2367 }
2368
d97a3c48
JM		 2369 if (wpa_s->sme.ht_sec_chan == HT_SEC_CHAN_UNKNOWN &&
2370 wpa_s->current_bss) {
2371 const u8 *ie;
2372
2373 ie = wpa_bss_get_ie(wpa_s->current_bss, WLAN_EID_HT_OPERATION);
2374 if (ie && ie[1] >= 2) {
2375 u8 o;
2376
2377 o = ie[3] & HT_INFO_HT_PARAM_SECONDARY_CHNL_OFF_MASK;
2378 if (o == HT_INFO_HT_PARAM_SECONDARY_CHNL_ABOVE)
2379 wpa_s->sme.ht_sec_chan = HT_SEC_CHAN_ABOVE;
2380 else if (o == HT_INFO_HT_PARAM_SECONDARY_CHNL_BELOW)
2381 wpa_s->sme.ht_sec_chan = HT_SEC_CHAN_BELOW;
2382 }
2383 }
2384
2385 start = wpa_s->assoc_freq - 10;
2386 end = wpa_s->assoc_freq + 10;
2387 switch (wpa_s->sme.ht_sec_chan) {
2388 case HT_SEC_CHAN_UNKNOWN:
2389 /* HT40+ possible on channels 1..9 */
2390 if (wpa_s->assoc_freq <= 2452)
2391 start -= 20;
2392 /* HT40- possible on channels 5-13 */
2393 if (wpa_s->assoc_freq >= 2432)
2394 end += 20;
2395 break;
2396 case HT_SEC_CHAN_ABOVE:
2397 end += 20;
2398 break;
2399 case HT_SEC_CHAN_BELOW:
2400 start -= 20;
2401 break;
2402 }
2403 wpa_printf(MSG_DEBUG,
2404 "OBSS: assoc_freq %d possible affected range %d-%d",
2405 wpa_s->assoc_freq, start, end);
2406
f9884c09 2407 params->freqs = os_calloc(mode->num_channels + 1, sizeof(int));
6434ad09
JM		 2408 if (params->freqs == NULL)
2409 return;
2410 for (count = 0, i = 0; i < mode->num_channels; i++) {
d97a3c48
JM		 2411 int freq;
2412
6434ad09
JM		 2413 if (mode->channels[i].flag & HOSTAPD_CHAN_DISABLED)
2414 continue;
d97a3c48
JM		 2415 freq = mode->channels[i].freq;
2416 if (freq - 10 >= end || freq + 10 <= start)
2417 continue; /* not affected */
2418 params->freqs[count++] = freq;
6434ad09
JM		 2419 }
2420}
2421
2422
c3701c66
RM		 2423static void sme_obss_scan_timeout(void *eloop_ctx, void *timeout_ctx)
2424{
2425 struct wpa_supplicant *wpa_s = eloop_ctx;
2426 struct wpa_driver_scan_params params;
2427
2428 if (!wpa_s->current_bss) {
2429 wpa_printf(MSG_DEBUG, "SME OBSS: Ignore scan request");
2430 return;
2431 }
2432
2433 os_memset(&params, 0, sizeof(params));
d97a3c48 2434 wpa_obss_scan_freqs_list(wpa_s, &params);
57a8f8af 2435 params.low_priority = 1;
c3701c66
RM		 2436 wpa_printf(MSG_DEBUG, "SME OBSS: Request an OBSS scan");
2437
2438 if (wpa_supplicant_trigger_scan(wpa_s, &params))
2439 wpa_printf(MSG_DEBUG, "SME OBSS: Failed to trigger scan");
2440 else
2441 wpa_s->sme.sched_obss_scan = 1;
6434ad09 2442 os_free(params.freqs);
c3701c66
RM		 2443
2444 eloop_register_timeout(wpa_s->sme.obss_scan_int, 0,
2445 sme_obss_scan_timeout, wpa_s, NULL);
2446}
2447
2448
2449void sme_sched_obss_scan(struct wpa_supplicant *wpa_s, int enable)
2450{
2451 const u8 *ie;
2452 struct wpa_bss *bss = wpa_s->current_bss;
2453 struct wpa_ssid *ssid = wpa_s->current_ssid;
b6871ebb
AN		 2454 struct hostapd_hw_modes *hw_mode = NULL;
2455 int i;
c3701c66
RM		 2456
2457 eloop_cancel_timeout(sme_obss_scan_timeout, wpa_s, NULL);
2458 wpa_s->sme.sched_obss_scan = 0;
d97a3c48 2459 wpa_s->sme.ht_sec_chan = HT_SEC_CHAN_UNKNOWN;
c3701c66
RM		 2460 if (!enable)
2461 return;
2462
368b1957
AK		 2463 /*
2464 * Schedule OBSS scan if driver is using station SME in wpa_supplicant
2465 * or it expects OBSS scan to be performed by wpa_supplicant.
2466 */
2467 if (!((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) ||
2468 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_OBSS_SCAN)) ||
f74618cb 2469 ssid == NULL || ssid->mode != WPAS_MODE_INFRA)
368b1957 2470 return;
c3701c66 2471
b6871ebb
AN		 2472 if (!wpa_s->hw.modes)
2473 return;
2474
2475 /* only HT caps in 11g mode are relevant */
2476 for (i = 0; i < wpa_s->hw.num_modes; i++) {
2477 hw_mode = &wpa_s->hw.modes[i];
2478 if (hw_mode->mode == HOSTAPD_MODE_IEEE80211G)
2479 break;
2480 }
2481
2482 /* Driver does not support HT40 for 11g or doesn't have 11g. */
2483 if (i == wpa_s->hw.num_modes || !hw_mode ||
2484 !(hw_mode->ht_capab & HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET))
2485 return;
c3701c66
RM		 2486
2487 if (bss == NULL || bss->freq < 2400 || bss->freq > 2500)
2488 return; /* Not associated on 2.4 GHz band */
2489
2490 /* Check whether AP supports HT40 */
2491 ie = wpa_bss_get_ie(wpa_s->current_bss, WLAN_EID_HT_CAP);
2492 if (!ie || ie[1] < 2 ||
2493 !(WPA_GET_LE16(ie + 2) & HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET))
2494 return; /* AP does not support HT40 */
2495
2496 ie = wpa_bss_get_ie(wpa_s->current_bss,
2497 WLAN_EID_OVERLAPPING_BSS_SCAN_PARAMS);
2498 if (!ie || ie[1] < 14)
2499 return; /* AP does not request OBSS scans */
2500
2501 wpa_s->sme.obss_scan_int = WPA_GET_LE16(ie + 6);
2502 if (wpa_s->sme.obss_scan_int < 10) {
2503 wpa_printf(MSG_DEBUG, "SME: Invalid OBSS Scan Interval %u "
2504 "replaced with the minimum 10 sec",
2505 wpa_s->sme.obss_scan_int);
2506 wpa_s->sme.obss_scan_int = 10;
2507 }
2508 wpa_printf(MSG_DEBUG, "SME: OBSS Scan Interval %u sec",
2509 wpa_s->sme.obss_scan_int);
2510 eloop_register_timeout(wpa_s->sme.obss_scan_int, 0,
2511 sme_obss_scan_timeout, wpa_s, NULL);
e29853bb
BG		 2512}
2513
2514
7d878ca7
JM		 2515static const unsigned int sa_query_max_timeout = 1000;
2516static const unsigned int sa_query_retry_timeout = 201;
f91e68e9 2517static const unsigned int sa_query_ch_switch_max_delay = 5000; /* in usec */
7d878ca7
JM		 2518
2519static int sme_check_sa_query_timeout(struct wpa_supplicant *wpa_s)
2520{
2521 u32 tu;
46b8d4c0
JB		 2522 struct os_reltime now, passed;
2523 os_get_reltime(&now);
2524 os_reltime_sub(&now, &wpa_s->sme.sa_query_start, &passed);
7d878ca7
JM		 2525 tu = (passed.sec * 1000000 + passed.usec) / 1024;
2526 if (sa_query_max_timeout < tu) {
f049052b 2527 wpa_dbg(wpa_s, MSG_DEBUG, "SME: SA Query timed out");
7d878ca7
JM		 2528 sme_stop_sa_query(wpa_s);
2529 wpa_supplicant_deauthenticate(
2530 wpa_s, WLAN_REASON_PREV_AUTH_NOT_VALID);
2531 return 1;
2532 }
2533
2534 return 0;
2535}
2536
2537
2538static void sme_send_sa_query_req(struct wpa_supplicant *wpa_s,
2539 const u8 *trans_id)
2540{
f9da7505
MV		 2541 u8 req[2 + WLAN_SA_QUERY_TR_ID_LEN + OCV_OCI_EXTENDED_LEN];
2542 u8 req_len = 2 + WLAN_SA_QUERY_TR_ID_LEN;
2543
f049052b
BG		 2544 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Sending SA Query Request to "
2545 MACSTR, MAC2STR(wpa_s->bssid));
7d878ca7
JM		 2546 wpa_hexdump(MSG_DEBUG, "SME: SA Query Transaction ID",
2547 trans_id, WLAN_SA_QUERY_TR_ID_LEN);
2548 req[0] = WLAN_ACTION_SA_QUERY;
2549 req[1] = WLAN_SA_QUERY_REQUEST;
2550 os_memcpy(req + 2, trans_id, WLAN_SA_QUERY_TR_ID_LEN);
f9da7505
MV		 2551
2552#ifdef CONFIG_OCV
2553 if (wpa_sm_ocv_enabled(wpa_s->wpa)) {
2554 struct wpa_channel_info ci;
2555
2556 if (wpa_drv_channel_info(wpa_s, &ci) != 0) {
2557 wpa_printf(MSG_WARNING,
2558 "Failed to get channel info for OCI element in SA Query Request frame");
2559 return;
2560 }
2561
2562 if (ocv_insert_extended_oci(&ci, req + req_len) < 0)
2563 return;
2564
2565 req_len += OCV_OCI_EXTENDED_LEN;
2566 }
2567#endif /* CONFIG_OCV */
2568
190b9062 2569 if (wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
7d878ca7 2570 wpa_s->own_addr, wpa_s->bssid,
f9da7505 2571 req, req_len, 0) < 0)
f049052b
BG		 2572 wpa_msg(wpa_s, MSG_INFO, "SME: Failed to send SA Query "
2573 "Request");
7d878ca7
JM		 2574}
2575
2576
2577static void sme_sa_query_timer(void *eloop_ctx, void *timeout_ctx)
2578{
2579 struct wpa_supplicant *wpa_s = eloop_ctx;
2580 unsigned int timeout, sec, usec;
2581 u8 *trans_id, *nbuf;
2582
2583 if (wpa_s->sme.sa_query_count > 0 &&
2584 sme_check_sa_query_timeout(wpa_s))
2585 return;
2586
067ffa26
JM		 2587 nbuf = os_realloc_array(wpa_s->sme.sa_query_trans_id,
2588 wpa_s->sme.sa_query_count + 1,
2589 WLAN_SA_QUERY_TR_ID_LEN);
f8608fab
JM		 2590 if (nbuf == NULL) {
2591 sme_stop_sa_query(wpa_s);
7d878ca7 2592 return;
f8608fab 2593 }
7d878ca7
JM		 2594 if (wpa_s->sme.sa_query_count == 0) {
2595 /* Starting a new SA Query procedure */
46b8d4c0 2596 os_get_reltime(&wpa_s->sme.sa_query_start);
7d878ca7
JM		 2597 }
2598 trans_id = nbuf + wpa_s->sme.sa_query_count * WLAN_SA_QUERY_TR_ID_LEN;
2599 wpa_s->sme.sa_query_trans_id = nbuf;
2600 wpa_s->sme.sa_query_count++;
2601
cb5ef952
JM		 2602 if (os_get_random(trans_id, WLAN_SA_QUERY_TR_ID_LEN) < 0) {
2603 wpa_printf(MSG_DEBUG, "Could not generate SA Query ID");
f8608fab 2604 sme_stop_sa_query(wpa_s);
cb5ef952
JM		 2605 return;
2606 }
7d878ca7
JM		 2607
2608 timeout = sa_query_retry_timeout;
2609 sec = ((timeout / 1000) * 1024) / 1000;
2610 usec = (timeout % 1000) * 1024;
2611 eloop_register_timeout(sec, usec, sme_sa_query_timer, wpa_s, NULL);
2612
f049052b
BG		 2613 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Association SA Query attempt %d",
2614 wpa_s->sme.sa_query_count);
7d878ca7
JM		 2615
2616 sme_send_sa_query_req(wpa_s, trans_id);
2617}
2618
2619
2620static void sme_start_sa_query(struct wpa_supplicant *wpa_s)
2621{
2622 sme_sa_query_timer(wpa_s, NULL);
2623}
2624
2625
19df9b07 2626static void sme_stop_sa_query(struct wpa_supplicant *wpa_s)
7d878ca7 2627{
7a206c50
JM		 2628 if (wpa_s->sme.sa_query_trans_id)
2629 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Stop SA Query");
7d878ca7
JM		 2630 eloop_cancel_timeout(sme_sa_query_timer, wpa_s, NULL);
2631 os_free(wpa_s->sme.sa_query_trans_id);
2632 wpa_s->sme.sa_query_trans_id = NULL;
2633 wpa_s->sme.sa_query_count = 0;
2634}
2635
2636
2637void sme_event_unprot_disconnect(struct wpa_supplicant *wpa_s, const u8 *sa,
2638 const u8 *da, u16 reason_code)
2639{
2640 struct wpa_ssid *ssid;
3302b7c2 2641 struct os_reltime now;
7d878ca7 2642
7d878ca7
JM		 2643 if (wpa_s->wpa_state != WPA_COMPLETED)
2644 return;
2645 ssid = wpa_s->current_ssid;
3f56a2b7 2646 if (wpas_get_ssid_pmf(wpa_s, ssid) == NO_MGMT_FRAME_PROTECTION)
7d878ca7
JM		 2647 return;
2648 if (os_memcmp(sa, wpa_s->bssid, ETH_ALEN) != 0)
2649 return;
2650 if (reason_code != WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA &&
2651 reason_code != WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA)
2652 return;
2653 if (wpa_s->sme.sa_query_count > 0)
2654 return;
2655
3302b7c2
JM		 2656 os_get_reltime(&now);
2657 if (wpa_s->sme.last_unprot_disconnect.sec &&
2658 !os_reltime_expired(&now, &wpa_s->sme.last_unprot_disconnect, 10))
2659 return; /* limit SA Query procedure frequency */
2660 wpa_s->sme.last_unprot_disconnect = now;
2661
f049052b
BG		 2662 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Unprotected disconnect dropped - "
2663 "possible AP/STA state mismatch - trigger SA Query");
7d878ca7
JM		 2664 sme_start_sa_query(wpa_s);
2665}
2666
2667
f91e68e9
MV		 2668void sme_event_ch_switch(struct wpa_supplicant *wpa_s)
2669{
2670 unsigned int usec;
2671 u32 _rand;
2672
2673 if (wpa_s->wpa_state != WPA_COMPLETED ||
2674 !wpa_sm_ocv_enabled(wpa_s->wpa))
2675 return;
2676
2677 wpa_dbg(wpa_s, MSG_DEBUG,
2678 "SME: Channel switch completed - trigger new SA Query to verify new operating channel");
2679 sme_stop_sa_query(wpa_s);
2680
2681 if (os_get_random((u8 *) &_rand, sizeof(_rand)) < 0)
2682 _rand = os_random();
2683 usec = _rand % (sa_query_ch_switch_max_delay + 1);
2684 eloop_register_timeout(0, usec, sme_sa_query_timer, wpa_s, NULL);
2685}
2686
2687
f9da7505
MV		 2688static void sme_process_sa_query_request(struct wpa_supplicant *wpa_s,
2689 const u8 *sa, const u8 *data,
2690 size_t len)
2691{
2692 u8 resp[2 + WLAN_SA_QUERY_TR_ID_LEN + OCV_OCI_EXTENDED_LEN];
2693 u8 resp_len = 2 + WLAN_SA_QUERY_TR_ID_LEN;
2694
2695 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Sending SA Query Response to "
2696 MACSTR, MAC2STR(wpa_s->bssid));
2697
2698 resp[0] = WLAN_ACTION_SA_QUERY;
2699 resp[1] = WLAN_SA_QUERY_RESPONSE;
2700 os_memcpy(resp + 2, data + 1, WLAN_SA_QUERY_TR_ID_LEN);
2701
2702#ifdef CONFIG_OCV
2703 if (wpa_sm_ocv_enabled(wpa_s->wpa)) {
2704 struct wpa_channel_info ci;
2705
2706 if (wpa_drv_channel_info(wpa_s, &ci) != 0) {
2707 wpa_printf(MSG_WARNING,
2708 "Failed to get channel info for OCI element in SA Query Response frame");
2709 return;
2710 }
2711
2712 if (ocv_insert_extended_oci(&ci, resp + resp_len) < 0)
2713 return;
2714
2715 resp_len += OCV_OCI_EXTENDED_LEN;
2716 }
2717#endif /* CONFIG_OCV */
2718
2719 if (wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
2720 wpa_s->own_addr, wpa_s->bssid,
2721 resp, resp_len, 0) < 0)
2722 wpa_msg(wpa_s, MSG_INFO,
2723 "SME: Failed to send SA Query Response");
2724}
2725
2726
2727static void sme_process_sa_query_response(struct wpa_supplicant *wpa_s,
2728 const u8 *sa, const u8 *data,
2729 size_t len)
7d878ca7
JM		 2730{
2731 int i;
2732
f9da7505 2733 if (!wpa_s->sme.sa_query_trans_id)
7d878ca7 2734 return;
f9da7505 2735
f049052b
BG		 2736 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Received SA Query response from "
2737 MACSTR " (trans_id %02x%02x)", MAC2STR(sa), data[1], data[2]);
7d878ca7
JM		 2738
2739 if (os_memcmp(sa, wpa_s->bssid, ETH_ALEN) != 0)
2740 return;
2741
2742 for (i = 0; i < wpa_s->sme.sa_query_count; i++) {
2743 if (os_memcmp(wpa_s->sme.sa_query_trans_id +
2744 i * WLAN_SA_QUERY_TR_ID_LEN,
2745 data + 1, WLAN_SA_QUERY_TR_ID_LEN) == 0)
2746 break;
2747 }
2748
2749 if (i >= wpa_s->sme.sa_query_count) {
f049052b
BG		 2750 wpa_dbg(wpa_s, MSG_DEBUG, "SME: No matching SA Query "
2751 "transaction identifier found");
7d878ca7
JM		 2752 return;
2753 }
2754
f049052b
BG		 2755 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Reply to pending SA Query received "
2756 "from " MACSTR, MAC2STR(sa));
7d878ca7
JM		 2757 sme_stop_sa_query(wpa_s);
2758}
2759
f9da7505
MV		 2760
2761void sme_sa_query_rx(struct wpa_supplicant *wpa_s, const u8 *sa,
2762 const u8 *data, size_t len)
2763{
2764 if (len < 1 + WLAN_SA_QUERY_TR_ID_LEN)
2765 return;
2766
2767 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Received SA Query frame from "
2768 MACSTR " (trans_id %02x%02x)", MAC2STR(sa), data[1], data[2]);
2769
2770#ifdef CONFIG_OCV
2771 if (wpa_sm_ocv_enabled(wpa_s->wpa)) {
2772 struct ieee802_11_elems elems;
2773 struct wpa_channel_info ci;
2774
2775 if (ieee802_11_parse_elems(data + 1 + WLAN_SA_QUERY_TR_ID_LEN,
2776 len - 1 - WLAN_SA_QUERY_TR_ID_LEN,
2777 &elems, 1) == ParseFailed) {
2778 wpa_printf(MSG_DEBUG,
2779 "SA Query: Failed to parse elements");
2780 return;
2781 }
2782
2783 if (wpa_drv_channel_info(wpa_s, &ci) != 0) {
2784 wpa_printf(MSG_WARNING,
2785 "Failed to get channel info to validate received OCI in SA Query Action frame");
2786 return;
2787 }
2788
2789 if (ocv_verify_tx_params(elems.oci, elems.oci_len, &ci,
2790 channel_width_to_int(ci.chanwidth),
2791 ci.seg1_idx) != 0) {
2792 wpa_printf(MSG_WARNING, "%s", ocv_errorstr);
2793 return;
2794 }
2795 }
2796#endif /* CONFIG_OCV */
2797
2798 if (data[0] == WLAN_SA_QUERY_REQUEST)
2799 sme_process_sa_query_request(wpa_s, sa, data, len);
2800 else if (data[0] == WLAN_SA_QUERY_RESPONSE)
2801 sme_process_sa_query_response(wpa_s, sa, data, len);
2802}
Unnamed repository; edit this file 'description' to name the repository.