]> git.ipfire.org Git - thirdparty/hostap.git/blame - wpa_supplicant/sme.c
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
nl80211: Run TKIP countermeasures in correct hostapd_data context
[thirdparty/hostap.git] / wpa_supplicant / sme.c
CommitLineData
c2a04078
JM		 1/*
2 * wpa_supplicant - SME
71024cb2 3 * Copyright (c) 2009-2010, Jouni Malinen <j@w1.fi>
c2a04078 4 *
0f3d578e
JM		 5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
c2a04078
JM		 7 */
8
9#include "includes.h"
10
11#include "common.h"
7d878ca7 12#include "utils/eloop.h"
90973fb2 13#include "common/ieee802_11_defs.h"
d9a27b04 14#include "common/ieee802_11_common.h"
c2a04078 15#include "eapol_supp/eapol_supp_sm.h"
90973fb2 16#include "common/wpa_common.h"
3acb5005
JM		 17#include "rsn_supp/wpa.h"
18#include "rsn_supp/pmksa_cache.h"
c2a04078
JM		 19#include "config.h"
20#include "wpa_supplicant_i.h"
2d5b792d 21#include "driver_i.h"
c2a04078
JM		 22#include "wpas_glue.h"
23#include "wps_supplicant.h"
5f3a6aa0 24#include "p2p_supplicant.h"
8bac466b 25#include "notify.h"
6fa81a3b 26#include "bss.h"
9ba9fa07 27#include "scan.h"
c2a04078 28#include "sme.h"
cb418324 29#include "hs20_supplicant.h"
c2a04078 30
e29853bb
BG		 31#define SME_AUTH_TIMEOUT 5
32#define SME_ASSOC_TIMEOUT 5
33
34static void sme_auth_timer(void *eloop_ctx, void *timeout_ctx);
35static void sme_assoc_timer(void *eloop_ctx, void *timeout_ctx);
c3701c66 36static void sme_obss_scan_timeout(void *eloop_ctx, void *timeout_ctx);
e29853bb
BG		 37#ifdef CONFIG_IEEE80211W
38static void sme_stop_sa_query(struct wpa_supplicant *wpa_s);
39#endif /* CONFIG_IEEE80211W */
40
41
c10347f2
JM		 42#ifdef CONFIG_SAE
43
44static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s)
45{
46 struct wpabuf *buf;
47
21af6d15 48 buf = wpabuf_alloc(4 + 2);
c10347f2
JM		 49 if (buf == NULL)
50 return NULL;
51
52 wpabuf_put_le16(buf, 1); /* Transaction seq# */
53 wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS);
21af6d15
JM		 54 wpabuf_put_le16(buf, 19); /* Finite Cyclic Group */
55 /* TODO: Anti-Clogging Token (if requested) */
56 /* TODO: Scalar */
57 /* TODO: Element */
c10347f2
JM		 58
59 return buf;
60}
61
62
63static struct wpabuf * sme_auth_build_sae_confirm(struct wpa_supplicant *wpa_s)
64{
65 struct wpabuf *buf;
66
21af6d15 67 buf = wpabuf_alloc(4 + 2);
c10347f2
JM		 68 if (buf == NULL)
69 return NULL;
70
71 wpabuf_put_le16(buf, 2); /* Transaction seq# */
72 wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS);
21af6d15
JM		 73 wpabuf_put_le16(buf, wpa_s->sme.sae_send_confirm);
74 wpa_s->sme.sae_send_confirm++;
75 /* TODO: Confirm */
c10347f2
JM		 76
77 return buf;
78}
79
80#endif /* CONFIG_SAE */
81
82
215ae884
JM		 83static void sme_send_authentication(struct wpa_supplicant *wpa_s,
84 struct wpa_bss *bss, struct wpa_ssid *ssid,
85 int start)
c2a04078
JM		 86{
87 struct wpa_driver_auth_params params;
8bac466b 88 struct wpa_ssid *old_ssid;
fdbe50ed 89#ifdef CONFIG_IEEE80211R
c2a04078 90 const u8 *ie;
fdbe50ed 91#endif /* CONFIG_IEEE80211R */
c2a04078
JM		 92#ifdef CONFIG_IEEE80211R
93 const u8 *md = NULL;
94#endif /* CONFIG_IEEE80211R */
8bac466b 95 int i, bssid_changed;
c10347f2 96 struct wpabuf *resp = NULL;
e6955ba9 97 u32 ext_capab;
c2a04078
JM		 98
99 if (bss == NULL) {
f049052b
BG		 100 wpa_msg(wpa_s, MSG_ERROR, "SME: No scan result available for "
101 "the network");
c2a04078
JM		 102 return;
103 }
104
8f770587
JM		 105 wpa_s->current_bss = bss;
106
c2a04078
JM		 107 os_memset(&params, 0, sizeof(params));
108 wpa_s->reassociate = 0;
109
110 params.freq = bss->freq;
111 params.bssid = bss->bssid;
6fa81a3b
JM		 112 params.ssid = bss->ssid;
113 params.ssid_len = bss->ssid_len;
2f4f73b1 114 params.p2p = ssid->p2p_group;
c2a04078 115
62fa124c
JM		 116 if (wpa_s->sme.ssid_len != params.ssid_len ||
117 os_memcmp(wpa_s->sme.ssid, params.ssid, params.ssid_len) != 0)
118 wpa_s->sme.prev_bssid_set = 0;
119
c2a04078
JM		 120 wpa_s->sme.freq = params.freq;
121 os_memcpy(wpa_s->sme.ssid, params.ssid, params.ssid_len);
122 wpa_s->sme.ssid_len = params.ssid_len;
123
abd9fafa 124 params.auth_alg = WPA_AUTH_ALG_OPEN;
c2a04078
JM		 125#ifdef IEEE8021X_EAPOL
126 if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
127 if (ssid->leap) {
128 if (ssid->non_leap == 0)
abd9fafa 129 params.auth_alg = WPA_AUTH_ALG_LEAP;
c2a04078 130 else
abd9fafa 131 params.auth_alg |= WPA_AUTH_ALG_LEAP;
c2a04078
JM		 132 }
133 }
134#endif /* IEEE8021X_EAPOL */
f049052b
BG		 135 wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x",
136 params.auth_alg);
c2a04078 137 if (ssid->auth_alg) {
abd9fafa 138 params.auth_alg = ssid->auth_alg;
f049052b
BG		 139 wpa_dbg(wpa_s, MSG_DEBUG, "Overriding auth_alg selection: "
140 "0x%x", params.auth_alg);
c2a04078 141 }
c10347f2
JM		 142#ifdef CONFIG_SAE
143 if (wpa_key_mgmt_sae(ssid->key_mgmt)) {
144 const u8 *rsn;
145 struct wpa_ie_data ied;
146
147 rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
148 if (rsn &&
149 wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ied) == 0) {
150 if (wpa_key_mgmt_sae(ied.key_mgmt)) {
151 wpa_dbg(wpa_s, MSG_DEBUG, "Using SAE auth_alg");
152 params.auth_alg = WPA_AUTH_ALG_SAE;
153 }
154 }
155 }
156#endif /* CONFIG_SAE */
c2a04078 157
a0b2f99b
JM		 158 for (i = 0; i < NUM_WEP_KEYS; i++) {
159 if (ssid->wep_key_len[i])
160 params.wep_key[i] = ssid->wep_key[i];
161 params.wep_key_len[i] = ssid->wep_key_len[i];
162 }
163 params.wep_tx_keyidx = ssid->wep_tx_keyidx;
164
8bac466b 165 bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
c2a04078
JM		 166 os_memset(wpa_s->bssid, 0, ETH_ALEN);
167 os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
8bac466b
JM		 168 if (bssid_changed)
169 wpas_notify_bssid_changed(wpa_s);
c2a04078 170
f337f0e9
JM		 171 if ((wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
172 wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
0bf927a0 173 wpa_key_mgmt_wpa(ssid->key_mgmt)) {
c2a04078 174 int try_opportunistic;
6e202021
JM		 175 try_opportunistic = (ssid->proactive_key_caching < 0 ?
176 wpa_s->conf->okc :
177 ssid->proactive_key_caching) &&
c2a04078
JM		 178 (ssid->proto & WPA_PROTO_RSN);
179 if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
180 wpa_s->current_ssid,
181 try_opportunistic) == 0)
182 eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1);
183 wpa_s->sme.assoc_req_ie_len = sizeof(wpa_s->sme.assoc_req_ie);
184 if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
185 wpa_s->sme.assoc_req_ie,
186 &wpa_s->sme.assoc_req_ie_len)) {
f049052b
BG		 187 wpa_msg(wpa_s, MSG_WARNING, "SME: Failed to set WPA "
188 "key management and encryption suites");
c2a04078
JM		 189 return;
190 }
a3f7e518
JM		 191 } else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) &&
192 wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) {
193 /*
194 * Both WPA and non-WPA IEEE 802.1X enabled in configuration -
195 * use non-WPA since the scan results did not indicate that the
196 * AP is using WPA or WPA2.
197 */
198 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
199 wpa_s->sme.assoc_req_ie_len = 0;
0bf927a0 200 } else if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) {
c2a04078
JM		 201 wpa_s->sme.assoc_req_ie_len = sizeof(wpa_s->sme.assoc_req_ie);
202 if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
203 wpa_s->sme.assoc_req_ie,
204 &wpa_s->sme.assoc_req_ie_len)) {
f049052b
BG		 205 wpa_msg(wpa_s, MSG_WARNING, "SME: Failed to set WPA "
206 "key management and encryption suites (no "
207 "scan results)");
c2a04078
JM		 208 return;
209 }
210#ifdef CONFIG_WPS
211 } else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
212 struct wpabuf *wps_ie;
213 wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
214 if (wps_ie && wpabuf_len(wps_ie) <=
215 sizeof(wpa_s->sme.assoc_req_ie)) {
216 wpa_s->sme.assoc_req_ie_len = wpabuf_len(wps_ie);
217 os_memcpy(wpa_s->sme.assoc_req_ie, wpabuf_head(wps_ie),
218 wpa_s->sme.assoc_req_ie_len);
219 } else
220 wpa_s->sme.assoc_req_ie_len = 0;
221 wpabuf_free(wps_ie);
222 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
223#endif /* CONFIG_WPS */
224 } else {
225 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
226 wpa_s->sme.assoc_req_ie_len = 0;
227 }
228
229#ifdef CONFIG_IEEE80211R
6fa81a3b 230 ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
c2a04078
JM		 231 if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
232 md = ie + 2;
e7846b68 233 wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
c2a04078
JM		 234 if (md) {
235 /* Prepare for the next transition */
76b7981d 236 wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
c2a04078
JM		 237 }
238
0bf927a0 239 if (md && wpa_key_mgmt_ft(ssid->key_mgmt)) {
c2a04078
JM		 240 if (wpa_s->sme.assoc_req_ie_len + 5 <
241 sizeof(wpa_s->sme.assoc_req_ie)) {
242 struct rsn_mdie *mdie;
243 u8 *pos = wpa_s->sme.assoc_req_ie +
244 wpa_s->sme.assoc_req_ie_len;
245 *pos++ = WLAN_EID_MOBILITY_DOMAIN;
246 *pos++ = sizeof(*mdie);
247 mdie = (struct rsn_mdie *) pos;
248 os_memcpy(mdie->mobility_domain, md,
249 MOBILITY_DOMAIN_ID_LEN);
f4ec630d 250 mdie->ft_capab = md[MOBILITY_DOMAIN_ID_LEN];
c2a04078
JM		 251 wpa_s->sme.assoc_req_ie_len += 5;
252 }
253
254 if (wpa_s->sme.ft_used &&
0d7b4409
JM		 255 os_memcmp(md, wpa_s->sme.mobility_domain, 2) == 0 &&
256 wpa_sm_has_ptk(wpa_s->wpa)) {
f049052b
BG		 257 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Trying to use FT "
258 "over-the-air");
abd9fafa 259 params.auth_alg = WPA_AUTH_ALG_FT;
c2a04078
JM		 260 params.ie = wpa_s->sme.ft_ies;
261 params.ie_len = wpa_s->sme.ft_ies_len;
262 }
263 }
264#endif /* CONFIG_IEEE80211R */
265
266#ifdef CONFIG_IEEE80211W
62d49803
JM		 267 wpa_s->sme.mfp = ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
268 wpa_s->conf->pmf : ssid->ieee80211w;
269 if (wpa_s->sme.mfp != NO_MGMT_FRAME_PROTECTION) {
6fa81a3b 270 const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
c2a04078
JM		 271 struct wpa_ie_data _ie;
272 if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &_ie) == 0 &&
273 _ie.capabilities &
274 (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
f049052b
BG		 275 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Selected AP supports "
276 "MFP: require MFP");
c2a04078
JM		 277 wpa_s->sme.mfp = MGMT_FRAME_PROTECTION_REQUIRED;
278 }
279 }
280#endif /* CONFIG_IEEE80211W */
281
5f3a6aa0
JM		 282#ifdef CONFIG_P2P
283 if (wpa_s->global->p2p) {
284 u8 *pos;
285 size_t len;
286 int res;
5f3a6aa0
JM		 287 pos = wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len;
288 len = sizeof(wpa_s->sme.assoc_req_ie) -
289 wpa_s->sme.assoc_req_ie_len;
ffad8858
JM		 290 res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len,
291 ssid->p2p_group);
5f3a6aa0
JM		 292 if (res >= 0)
293 wpa_s->sme.assoc_req_ie_len += res;
294 }
295#endif /* CONFIG_P2P */
296
cb418324
JM		 297#ifdef CONFIG_HS20
298 if (wpa_s->conf->hs20) {
299 struct wpabuf *hs20;
300 hs20 = wpabuf_alloc(20);
301 if (hs20) {
302 wpas_hs20_add_indication(hs20);
303 os_memcpy(wpa_s->sme.assoc_req_ie +
304 wpa_s->sme.assoc_req_ie_len,
305 wpabuf_head(hs20), wpabuf_len(hs20));
306 wpa_s->sme.assoc_req_ie_len += wpabuf_len(hs20);
307 wpabuf_free(hs20);
308 }
309 }
310#endif /* CONFIG_HS20 */
311
e6955ba9 312 ext_capab = 0;
92cbcf91 313#ifdef CONFIG_INTERWORKING
e6955ba9
JM		 314 if (wpa_s->conf->interworking)
315 ext_capab |= BIT(31); /* Interworking */
316#endif /* CONFIG_INTERWORKING */
317#ifdef CONFIG_WNM
318 ext_capab |= BIT(17); /* WNM-Sleep Mode */
319#endif /* CONFIG_WNM */
320
321 if (ext_capab) {
92cbcf91
JM		 322 u8 *pos = wpa_s->sme.assoc_req_ie;
323 if (wpa_s->sme.assoc_req_ie_len > 0 && pos[0] == WLAN_EID_RSN)
324 pos += 2 + pos[1];
325 os_memmove(pos + 6, pos,
326 wpa_s->sme.assoc_req_ie_len -
327 (pos - wpa_s->sme.assoc_req_ie));
328 wpa_s->sme.assoc_req_ie_len += 6;
329 *pos++ = WLAN_EID_EXT_CAPAB;
330 *pos++ = 4;
e6955ba9 331 WPA_PUT_LE32(pos, ext_capab);
92cbcf91 332 }
92cbcf91 333
c10347f2
JM		 334#ifdef CONFIG_SAE
335 if (params.auth_alg == WPA_AUTH_ALG_SAE) {
336 if (start)
337 resp = sme_auth_build_sae_commit(wpa_s);
338 else
339 resp = sme_auth_build_sae_confirm(wpa_s);
340 if (resp == NULL)
341 return;
342 params.sae_data = wpabuf_head(resp);
343 params.sae_data_len = wpabuf_len(resp);
21af6d15 344 wpa_s->sme.sae_state = start ? SME_SAE_COMMIT : SME_SAE_CONFIRM;
c10347f2
JM		 345 }
346#endif /* CONFIG_SAE */
347
a4cba8f1 348 wpa_supplicant_cancel_sched_scan(wpa_s);
c2a04078
JM		 349 wpa_supplicant_cancel_scan(wpa_s);
350
f049052b 351 wpa_msg(wpa_s, MSG_INFO, "SME: Trying to authenticate with " MACSTR
c2a04078
JM		 352 " (SSID='%s' freq=%d MHz)", MAC2STR(params.bssid),
353 wpa_ssid_txt(params.ssid, params.ssid_len), params.freq);
354
355 wpa_clear_keys(wpa_s, bss->bssid);
356 wpa_supplicant_set_state(wpa_s, WPA_AUTHENTICATING);
8bac466b 357 old_ssid = wpa_s->current_ssid;
c2a04078
JM		 358 wpa_s->current_ssid = ssid;
359 wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
360 wpa_supplicant_initiate_eapol(wpa_s);
8bac466b
JM		 361 if (old_ssid != wpa_s->current_ssid)
362 wpas_notify_network_changed(wpa_s);
c2a04078 363
62c72d72 364 wpa_s->sme.auth_alg = params.auth_alg;
c2a04078 365 if (wpa_drv_authenticate(wpa_s, &params) < 0) {
f049052b 366 wpa_msg(wpa_s, MSG_INFO, "SME: Authentication request to the "
c2a04078 367 "driver failed");
ed57c590 368 wpas_connection_failed(wpa_s, bss->bssid);
1193dc8f 369 wpa_supplicant_mark_disassoc(wpa_s);
c10347f2 370 wpabuf_free(resp);
c2a04078
JM		 371 return;
372 }
373
e29853bb
BG		 374 eloop_register_timeout(SME_AUTH_TIMEOUT, 0, sme_auth_timer, wpa_s,
375 NULL);
c2a04078
JM		 376
377 /*
378 * Association will be started based on the authentication event from
379 * the driver.
380 */
c10347f2
JM		 381
382 wpabuf_free(resp);
383}
384
385
386void sme_authenticate(struct wpa_supplicant *wpa_s,
387 struct wpa_bss *bss, struct wpa_ssid *ssid)
388{
21af6d15
JM		 389 wpa_s->sme.sae_state = SME_SAE_INIT;
390 wpa_s->sme.sae_send_confirm = 0;
c10347f2 391 sme_send_authentication(wpa_s, bss, ssid, 1);
c2a04078
JM		 392}
393
394
c10347f2 395#ifdef CONFIG_SAE
21af6d15
JM		 396
397static int sme_sae_process_commit(struct wpa_supplicant *wpa_s, const u8 *data,
398 size_t len)
399{
400 /* Check Finite Cyclic Group */
401 if (len < 2)
402 return -1;
403 if (WPA_GET_LE16(data) != 19) {
404 wpa_printf(MSG_DEBUG, "SAE: Unsupported Finite Cyclic Group %u",
405 WPA_GET_LE16(data));
406 return -1;
407 }
408
409 /* TODO */
410
411 return 0;
412}
413
414
415static int sme_sae_process_confirm(struct wpa_supplicant *wpa_s, const u8 *data,
416 size_t len)
417{
418 u16 rc;
419
420 if (len < 2)
421 return -1;
422 rc = WPA_GET_LE16(data);
423 wpa_printf(MSG_DEBUG, "SAE: peer-send-confirm %u", rc);
424
425 /* TODO */
426 return 0;
427}
428
429
c10347f2
JM		 430static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
431 u16 status_code, const u8 *data, size_t len)
432{
433 wpa_dbg(wpa_s, MSG_DEBUG, "SME: SAE authentication transaction %u "
434 "status code %u", auth_transaction, status_code);
435 wpa_hexdump(MSG_DEBUG, "SME: SAE fields", data, len);
436
437 if (status_code != WLAN_STATUS_SUCCESS)
438 return -1;
439
440 if (auth_transaction == 1) {
441 wpa_dbg(wpa_s, MSG_DEBUG, "SME SAE commit");
442 if (wpa_s->current_bss == NULL ||
443 wpa_s->current_ssid == NULL)
444 return -1;
21af6d15
JM		 445 if (wpa_s->sme.sae_state != SME_SAE_COMMIT)
446 return -1;
447 if (sme_sae_process_commit(wpa_s, data, len) < 0)
448 return -1;
c10347f2
JM		 449 sme_send_authentication(wpa_s, wpa_s->current_bss,
450 wpa_s->current_ssid, 0);
451 return 0;
452 } else if (auth_transaction == 2) {
453 wpa_dbg(wpa_s, MSG_DEBUG, "SME SAE confirm");
21af6d15
JM		 454 if (wpa_s->sme.sae_state != SME_SAE_CONFIRM)
455 return -1;
456 if (sme_sae_process_confirm(wpa_s, data, len) < 0)
457 return -1;
c10347f2
JM		 458 return 1;
459 }
460
461 return -1;
462}
463#endif /* CONFIG_SAE */
464
465
c2a04078
JM		 466void sme_event_auth(struct wpa_supplicant *wpa_s, union wpa_event_data *data)
467{
c2a04078
JM		 468 struct wpa_ssid *ssid = wpa_s->current_ssid;
469
470 if (ssid == NULL) {
f049052b
BG		 471 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Ignore authentication event "
472 "when network is not selected");
c2a04078
JM		 473 return;
474 }
475
476 if (wpa_s->wpa_state != WPA_AUTHENTICATING) {
f049052b
BG		 477 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Ignore authentication event "
478 "when not in authenticating state");
c2a04078
JM		 479 return;
480 }
481
482 if (os_memcmp(wpa_s->pending_bssid, data->auth.peer, ETH_ALEN) != 0) {
f049052b
BG		 483 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Ignore authentication with "
484 "unexpected peer " MACSTR,
485 MAC2STR(data->auth.peer));
c2a04078
JM		 486 return;
487 }
488
f049052b 489 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Authentication response: peer=" MACSTR
c10347f2 490 " auth_type=%d auth_transaction=%d status_code=%d",
f049052b 491 MAC2STR(data->auth.peer), data->auth.auth_type,
c10347f2 492 data->auth.auth_transaction, data->auth.status_code);
c2a04078
JM		 493 wpa_hexdump(MSG_MSGDUMP, "SME: Authentication response IEs",
494 data->auth.ies, data->auth.ies_len);
495
e29853bb
BG		 496 eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL);
497
c10347f2
JM		 498#ifdef CONFIG_SAE
499 if (data->auth.auth_type == WLAN_AUTH_SAE) {
21af6d15
JM		 500 int res;
501 res = sme_sae_auth(wpa_s, data->auth.auth_transaction,
502 data->auth.status_code, data->auth.ies,
503 data->auth.ies_len);
504 if (res < 0) {
505 wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
506 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
507
508 }
509 if (res != 1)
c10347f2
JM		 510 return;
511 }
512#endif /* CONFIG_SAE */
513
c2a04078 514 if (data->auth.status_code != WLAN_STATUS_SUCCESS) {
f049052b
BG		 515 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Authentication failed (status "
516 "code %d)", data->auth.status_code);
cb1583f6
SO		 517
518 if (data->auth.status_code !=
519 WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG ||
520 wpa_s->sme.auth_alg == data->auth.auth_type ||
7e6646c7 521 wpa_s->current_ssid->auth_alg == WPA_AUTH_ALG_LEAP) {
0fb337c1 522 wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
c1c02342 523 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
cb1583f6 524 return;
7e6646c7 525 }
cb1583f6
SO		 526
527 switch (data->auth.auth_type) {
528 case WLAN_AUTH_OPEN:
529 wpa_s->current_ssid->auth_alg = WPA_AUTH_ALG_SHARED;
530
f049052b 531 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Trying SHARED auth");
cb1583f6
SO		 532 wpa_supplicant_associate(wpa_s, wpa_s->current_bss,
533 wpa_s->current_ssid);
534 return;
535
536 case WLAN_AUTH_SHARED_KEY:
537 wpa_s->current_ssid->auth_alg = WPA_AUTH_ALG_LEAP;
538
f049052b 539 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Trying LEAP auth");
cb1583f6
SO		 540 wpa_supplicant_associate(wpa_s, wpa_s->current_bss,
541 wpa_s->current_ssid);
542 return;
543
544 default:
545 return;
546 }
c2a04078
JM		 547 }
548
549#ifdef CONFIG_IEEE80211R
550 if (data->auth.auth_type == WLAN_AUTH_FT) {
551 union wpa_event_data edata;
552 os_memset(&edata, 0, sizeof(edata));
553 edata.ft_ies.ies = data->auth.ies;
554 edata.ft_ies.ies_len = data->auth.ies_len;
555 os_memcpy(edata.ft_ies.target_ap, data->auth.peer, ETH_ALEN);
556 wpa_supplicant_event(wpa_s, EVENT_FT_RESPONSE, &edata);
557 }
558#endif /* CONFIG_IEEE80211R */
559
71024cb2
JM		 560 sme_associate(wpa_s, ssid->mode, data->auth.peer,
561 data->auth.auth_type);
562}
563
564
565void sme_associate(struct wpa_supplicant *wpa_s, enum wpas_mode mode,
566 const u8 *bssid, u16 auth_type)
567{
568 struct wpa_driver_associate_params params;
d9a27b04 569 struct ieee802_11_elems elems;
80e8a5ee
BG		 570#ifdef CONFIG_HT_OVERRIDES
571 struct ieee80211_ht_capabilities htcaps;
572 struct ieee80211_ht_capabilities htcaps_mask;
573#endif /* CONFIG_HT_OVERRIDES */
71024cb2 574
c2a04078 575 os_memset(&params, 0, sizeof(params));
71024cb2 576 params.bssid = bssid;
c2a04078
JM		 577 params.ssid = wpa_s->sme.ssid;
578 params.ssid_len = wpa_s->sme.ssid_len;
579 params.freq = wpa_s->sme.freq;
1f6c0ab8
BS		 580 params.bg_scan_period = wpa_s->current_ssid ?
581 wpa_s->current_ssid->bg_scan_period : -1;
c2a04078
JM		 582 params.wpa_ie = wpa_s->sme.assoc_req_ie_len ?
583 wpa_s->sme.assoc_req_ie : NULL;
584 params.wpa_ie_len = wpa_s->sme.assoc_req_ie_len;
aca01605
JM		 585 params.pairwise_suite = cipher_suite2driver(wpa_s->pairwise_cipher);
586 params.group_suite = cipher_suite2driver(wpa_s->group_cipher);
80e8a5ee
BG		 587#ifdef CONFIG_HT_OVERRIDES
588 os_memset(&htcaps, 0, sizeof(htcaps));
589 os_memset(&htcaps_mask, 0, sizeof(htcaps_mask));
590 params.htcaps = (u8 *) &htcaps;
591 params.htcaps_mask = (u8 *) &htcaps_mask;
592 wpa_supplicant_apply_ht_overrides(wpa_s, wpa_s->current_ssid, &params);
593#endif /* CONFIG_HT_OVERRIDES */
c2a04078 594#ifdef CONFIG_IEEE80211R
71024cb2 595 if (auth_type == WLAN_AUTH_FT && wpa_s->sme.ft_ies) {
c2a04078
JM		 596 params.wpa_ie = wpa_s->sme.ft_ies;
597 params.wpa_ie_len = wpa_s->sme.ft_ies_len;
598 }
599#endif /* CONFIG_IEEE80211R */
71024cb2 600 params.mode = mode;
c2a04078 601 params.mgmt_frame_protection = wpa_s->sme.mfp;
62fa124c
JM		 602 if (wpa_s->sme.prev_bssid_set)
603 params.prev_bssid = wpa_s->sme.prev_bssid;
c2a04078
JM		 604
605 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
606 " (SSID='%s' freq=%d MHz)", MAC2STR(params.bssid),
607 params.ssid ? wpa_ssid_txt(params.ssid, params.ssid_len) : "",
608 params.freq);
609
610 wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
611
9efc3f2a
JM		 612 if (params.wpa_ie == NULL ||
613 ieee802_11_parse_elems(params.wpa_ie, params.wpa_ie_len, &elems, 0)
d9a27b04 614 < 0) {
f049052b 615 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Could not parse own IEs?!");
d9a27b04
JM		 616 os_memset(&elems, 0, sizeof(elems));
617 }
64fa840a
JM		 618 if (elems.rsn_ie) {
619 params.wpa_proto = WPA_PROTO_RSN;
d9a27b04
JM		 620 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, elems.rsn_ie - 2,
621 elems.rsn_ie_len + 2);
64fa840a
JM		 622 } else if (elems.wpa_ie) {
623 params.wpa_proto = WPA_PROTO_WPA;
d9a27b04
JM		 624 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, elems.wpa_ie - 2,
625 elems.wpa_ie_len + 2);
64fa840a 626 } else
d9a27b04 627 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
ffad8858 628 if (wpa_s->current_ssid && wpa_s->current_ssid->p2p_group)
6e3f4b89 629 params.p2p = 1;
d9a27b04 630
eea2fd9e
JM		 631 if (wpa_s->parent->set_sta_uapsd)
632 params.uapsd = wpa_s->parent->sta_uapsd;
633 else
634 params.uapsd = -1;
635
c2a04078 636 if (wpa_drv_associate(wpa_s, &params) < 0) {
f049052b
BG		 637 wpa_msg(wpa_s, MSG_INFO, "SME: Association request to the "
638 "driver failed");
e5ad96b7 639 wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
c1c02342 640 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
e5ad96b7 641 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
c2a04078
JM		 642 return;
643 }
644
e29853bb
BG		 645 eloop_register_timeout(SME_ASSOC_TIMEOUT, 0, sme_assoc_timer, wpa_s,
646 NULL);
c2a04078
JM		 647}
648
649
650int sme_update_ft_ies(struct wpa_supplicant *wpa_s, const u8 *md,
651 const u8 *ies, size_t ies_len)
652{
653 if (md == NULL || ies == NULL) {
f049052b 654 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Remove mobility domain");
c2a04078
JM		 655 os_free(wpa_s->sme.ft_ies);
656 wpa_s->sme.ft_ies = NULL;
657 wpa_s->sme.ft_ies_len = 0;
658 wpa_s->sme.ft_used = 0;
659 return 0;
660 }
661
662 os_memcpy(wpa_s->sme.mobility_domain, md, MOBILITY_DOMAIN_ID_LEN);
663 wpa_hexdump(MSG_DEBUG, "SME: FT IEs", ies, ies_len);
664 os_free(wpa_s->sme.ft_ies);
665 wpa_s->sme.ft_ies = os_malloc(ies_len);
666 if (wpa_s->sme.ft_ies == NULL)
667 return -1;
668 os_memcpy(wpa_s->sme.ft_ies, ies, ies_len);
669 wpa_s->sme.ft_ies_len = ies_len;
670 return 0;
671}
efa46078
JM		 672
673
e29853bb 674static void sme_deauth(struct wpa_supplicant *wpa_s)
efa46078 675{
8bac466b
JM		 676 int bssid_changed;
677
8bac466b 678 bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
76d11d3f 679
76d11d3f
JM		 680 if (wpa_drv_deauthenticate(wpa_s, wpa_s->pending_bssid,
681 WLAN_REASON_DEAUTH_LEAVING) < 0) {
f049052b
BG		 682 wpa_msg(wpa_s, MSG_INFO, "SME: Deauth request to the driver "
683 "failed");
76d11d3f 684 }
62fa124c 685 wpa_s->sme.prev_bssid_set = 0;
76d11d3f 686
0fb337c1 687 wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
76d11d3f 688 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
efa46078
JM		 689 os_memset(wpa_s->bssid, 0, ETH_ALEN);
690 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
8bac466b
JM		 691 if (bssid_changed)
692 wpas_notify_bssid_changed(wpa_s);
efa46078 693}
da1fb17c
JM		 694
695
e29853bb
BG		 696void sme_event_assoc_reject(struct wpa_supplicant *wpa_s,
697 union wpa_event_data *data)
698{
699 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Association with " MACSTR " failed: "
700 "status code %d", MAC2STR(wpa_s->pending_bssid),
701 data->assoc_reject.status_code);
702
703 eloop_cancel_timeout(sme_assoc_timer, wpa_s, NULL);
704
705 /*
706 * For now, unconditionally terminate the previous authentication. In
707 * theory, this should not be needed, but mac80211 gets quite confused
708 * if the authentication is left pending.. Some roaming cases might
709 * benefit from using the previous authentication, so this could be
710 * optimized in the future.
711 */
712 sme_deauth(wpa_s);
713}
714
715
da1fb17c
JM		 716void sme_event_auth_timed_out(struct wpa_supplicant *wpa_s,
717 union wpa_event_data *data)
718{
f049052b 719 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Authentication timed out");
0fb337c1 720 wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
1193dc8f 721 wpa_supplicant_mark_disassoc(wpa_s);
da1fb17c
JM		 722}
723
724
725void sme_event_assoc_timed_out(struct wpa_supplicant *wpa_s,
726 union wpa_event_data *data)
727{
f049052b 728 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Association timed out");
0fb337c1 729 wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
da1fb17c 730 wpa_supplicant_mark_disassoc(wpa_s);
da1fb17c 731}
a84ed99e
JM		 732
733
734void sme_event_disassoc(struct wpa_supplicant *wpa_s,
735 union wpa_event_data *data)
736{
f049052b 737 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Disassociation event received");
17fbb751 738 if (wpa_s->sme.prev_bssid_set) {
a84ed99e
JM		 739 /*
740 * cfg80211/mac80211 can get into somewhat confused state if
741 * the AP only disassociates us and leaves us in authenticated
742 * state. For now, force the state to be cleared to avoid
743 * confusing errors if we try to associate with the AP again.
744 */
f049052b
BG		 745 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Deauthenticate to clear "
746 "driver state");
7e26053a 747 wpa_drv_deauthenticate(wpa_s, wpa_s->sme.prev_bssid,
a84ed99e
JM		 748 WLAN_REASON_DEAUTH_LEAVING);
749 }
750}
7d878ca7
JM		 751
752
e29853bb
BG		 753static void sme_auth_timer(void *eloop_ctx, void *timeout_ctx)
754{
755 struct wpa_supplicant *wpa_s = eloop_ctx;
756 if (wpa_s->wpa_state == WPA_AUTHENTICATING) {
757 wpa_msg(wpa_s, MSG_DEBUG, "SME: Authentication timeout");
758 sme_deauth(wpa_s);
759 }
760}
761
762
763static void sme_assoc_timer(void *eloop_ctx, void *timeout_ctx)
764{
765 struct wpa_supplicant *wpa_s = eloop_ctx;
766 if (wpa_s->wpa_state == WPA_ASSOCIATING) {
767 wpa_msg(wpa_s, MSG_DEBUG, "SME: Association timeout");
768 sme_deauth(wpa_s);
769 }
770}
771
772
773void sme_state_changed(struct wpa_supplicant *wpa_s)
774{
775 /* Make sure timers are cleaned up appropriately. */
776 if (wpa_s->wpa_state != WPA_ASSOCIATING)
777 eloop_cancel_timeout(sme_assoc_timer, wpa_s, NULL);
778 if (wpa_s->wpa_state != WPA_AUTHENTICATING)
779 eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL);
780}
781
782
783void sme_disassoc_while_authenticating(struct wpa_supplicant *wpa_s,
784 const u8 *prev_pending_bssid)
785{
786 /*
787 * mac80211-workaround to force deauth on failed auth cmd,
788 * requires us to remain in authenticating state to allow the
789 * second authentication attempt to be continued properly.
790 */
791 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Allow pending authentication "
792 "to proceed after disconnection event");
793 wpa_supplicant_set_state(wpa_s, WPA_AUTHENTICATING);
794 os_memcpy(wpa_s->pending_bssid, prev_pending_bssid, ETH_ALEN);
795
796 /*
797 * Re-arm authentication timer in case auth fails for whatever reason.
798 */
799 eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL);
800 eloop_register_timeout(SME_AUTH_TIMEOUT, 0, sme_auth_timer, wpa_s,
801 NULL);
802}
803
804
805void sme_deinit(struct wpa_supplicant *wpa_s)
806{
807 os_free(wpa_s->sme.ft_ies);
808 wpa_s->sme.ft_ies = NULL;
809 wpa_s->sme.ft_ies_len = 0;
810#ifdef CONFIG_IEEE80211W
811 sme_stop_sa_query(wpa_s);
812#endif /* CONFIG_IEEE80211W */
813
814 eloop_cancel_timeout(sme_assoc_timer, wpa_s, NULL);
815 eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL);
c3701c66
RM		 816 eloop_cancel_timeout(sme_obss_scan_timeout, wpa_s, NULL);
817}
818
819
820static void sme_send_2040_bss_coex(struct wpa_supplicant *wpa_s,
821 const u8 *chan_list, u8 num_channels,
822 u8 num_intol)
823{
824 struct ieee80211_2040_bss_coex_ie *bc_ie;
825 struct ieee80211_2040_intol_chan_report *ic_report;
826 struct wpabuf *buf;
827
828 wpa_printf(MSG_DEBUG, "SME: Send 20/40 BSS Coexistence to " MACSTR,
829 MAC2STR(wpa_s->bssid));
830
831 buf = wpabuf_alloc(2 + /* action.category + action_code */
832 sizeof(struct ieee80211_2040_bss_coex_ie) +
833 sizeof(struct ieee80211_2040_intol_chan_report) +
834 num_channels);
835 if (buf == NULL)
836 return;
837
838 wpabuf_put_u8(buf, WLAN_ACTION_PUBLIC);
839 wpabuf_put_u8(buf, WLAN_PA_20_40_BSS_COEX);
840
841 bc_ie = wpabuf_put(buf, sizeof(*bc_ie));
842 bc_ie->element_id = WLAN_EID_20_40_BSS_COEXISTENCE;
843 bc_ie->length = 1;
844 if (num_intol)
845 bc_ie->coex_param |= WLAN_20_40_BSS_COEX_20MHZ_WIDTH_REQ;
846
847 if (num_channels > 0) {
848 ic_report = wpabuf_put(buf, sizeof(*ic_report));
849 ic_report->element_id = WLAN_EID_20_40_BSS_INTOLERANT;
850 ic_report->length = num_channels + 1;
851 ic_report->op_class = 0;
852 os_memcpy(wpabuf_put(buf, num_channels), chan_list,
853 num_channels);
854 }
855
856 if (wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
857 wpa_s->own_addr, wpa_s->bssid,
858 wpabuf_head(buf), wpabuf_len(buf), 0) < 0) {
859 wpa_msg(wpa_s, MSG_INFO,
860 "SME: Failed to send 20/40 BSS Coexistence frame");
861 }
862
863 wpabuf_free(buf);
864}
865
866
867/**
868 * enum wpas_band - Frequency band
869 * @WPAS_BAND_2GHZ: 2.4 GHz ISM band
870 * @WPAS_BAND_5GHZ: around 5 GHz band (4.9 - 5.7 GHz)
871 */
872enum wpas_band {
873 WPAS_BAND_2GHZ,
874 WPAS_BAND_5GHZ,
875 WPAS_BAND_INVALID
876};
877
878/**
879 * freq_to_channel - Convert frequency into channel info
880 * @channel: Buffer for returning channel number
881 * Returns: Band (2 or 5 GHz)
882 */
883static enum wpas_band freq_to_channel(int freq, u8 *channel)
884{
885 enum wpas_band band = (freq <= 2484) ? WPAS_BAND_2GHZ : WPAS_BAND_5GHZ;
886 u8 chan = 0;
887
888 if (freq >= 2412 && freq <= 2472)
889 chan = (freq - 2407) / 5;
890 else if (freq == 2484)
891 chan = 14;
892 else if (freq >= 5180 && freq <= 5805)
893 chan = (freq - 5000) / 5;
894
895 *channel = chan;
896 return band;
897}
898
899
900int sme_proc_obss_scan(struct wpa_supplicant *wpa_s)
901{
902 struct wpa_bss *bss;
903 const u8 *ie;
904 u16 ht_cap;
905 u8 chan_list[P2P_MAX_CHANNELS], channel;
906 u8 num_channels = 0, num_intol = 0, i;
907
908 if (!wpa_s->sme.sched_obss_scan)
909 return 0;
910
911 wpa_s->sme.sched_obss_scan = 0;
912 if (!wpa_s->current_bss || wpa_s->wpa_state != WPA_COMPLETED)
913 return 1;
914
915 /*
916 * Check whether AP uses regulatory triplet or channel triplet in
917 * country info. Right now the operating class of the BSS channel
918 * width trigger event is "unknown" (IEEE Std 802.11-2012 10.15.12),
919 * based on the assumption that operating class triplet is not used in
920 * beacon frame. If the First Channel Number/Operating Extension
921 * Identifier octet has a positive integer value of 201 or greater,
922 * then its operating class triplet.
923 *
924 * TODO: If Supported Operating Classes element is present in beacon
925 * frame, have to lookup operating class in Annex E and fill them in
926 * 2040 coex frame.
927 */
928 ie = wpa_bss_get_ie(wpa_s->current_bss, WLAN_EID_COUNTRY);
929 if (ie && (ie[1] >= 6) && (ie[5] >= 201))
930 return 1;
931
932 os_memset(chan_list, 0, sizeof(chan_list));
933
934 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
935 /* Skip other band bss */
936 if (freq_to_channel(bss->freq, &channel) != WPAS_BAND_2GHZ)
937 continue;
938
939 ie = wpa_bss_get_ie(bss, WLAN_EID_HT_CAP);
940 ht_cap = (ie && (ie[1] == 26)) ? WPA_GET_LE16(ie + 2) : 0;
941
942 if (!ht_cap || (ht_cap & HT_CAP_INFO_40MHZ_INTOLERANT)) {
943 /* Check whether the channel is already considered */
944 for (i = 0; i < num_channels; i++) {
945 if (channel == chan_list[i])
946 break;
947 }
948 if (i != num_channels)
949 continue;
950
951 if (ht_cap & HT_CAP_INFO_40MHZ_INTOLERANT)
952 num_intol++;
953
954 chan_list[num_channels++] = channel;
955 }
956 }
957
958 sme_send_2040_bss_coex(wpa_s, chan_list, num_channels, num_intol);
959 return 1;
960}
961
962
6434ad09
JM		 963static struct hostapd_hw_modes * get_mode(struct hostapd_hw_modes *modes,
964 u16 num_modes,
965 enum hostapd_hw_mode mode)
966{
967 u16 i;
968
969 for (i = 0; i < num_modes; i++) {
970 if (modes[i].mode == mode)
971 return &modes[i];
972 }
973
974 return NULL;
975}
976
977
978static void wpa_setband_scan_freqs_list(struct wpa_supplicant *wpa_s,
979 enum hostapd_hw_mode band,
980 struct wpa_driver_scan_params *params)
981{
982 /* Include only supported channels for the specified band */
983 struct hostapd_hw_modes *mode;
984 int count, i;
985
986 mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes, band);
987 if (mode == NULL) {
988 /* No channels supported in this band - use empty list */
989 params->freqs = os_zalloc(sizeof(int));
990 return;
991 }
992
f9884c09 993 params->freqs = os_calloc(mode->num_channels + 1, sizeof(int));
6434ad09
JM		 994 if (params->freqs == NULL)
995 return;
996 for (count = 0, i = 0; i < mode->num_channels; i++) {
997 if (mode->channels[i].flag & HOSTAPD_CHAN_DISABLED)
998 continue;
999 params->freqs[count++] = mode->channels[i].freq;
1000 }
1001}
1002
1003
c3701c66
RM		 1004static void sme_obss_scan_timeout(void *eloop_ctx, void *timeout_ctx)
1005{
1006 struct wpa_supplicant *wpa_s = eloop_ctx;
1007 struct wpa_driver_scan_params params;
1008
1009 if (!wpa_s->current_bss) {
1010 wpa_printf(MSG_DEBUG, "SME OBSS: Ignore scan request");
1011 return;
1012 }
1013
1014 os_memset(&params, 0, sizeof(params));
6434ad09 1015 wpa_setband_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211G, &params);
c3701c66
RM		 1016 wpa_printf(MSG_DEBUG, "SME OBSS: Request an OBSS scan");
1017
1018 if (wpa_supplicant_trigger_scan(wpa_s, &params))
1019 wpa_printf(MSG_DEBUG, "SME OBSS: Failed to trigger scan");
1020 else
1021 wpa_s->sme.sched_obss_scan = 1;
6434ad09 1022 os_free(params.freqs);
c3701c66
RM		 1023
1024 eloop_register_timeout(wpa_s->sme.obss_scan_int, 0,
1025 sme_obss_scan_timeout, wpa_s, NULL);
1026}
1027
1028
1029void sme_sched_obss_scan(struct wpa_supplicant *wpa_s, int enable)
1030{
1031 const u8 *ie;
1032 struct wpa_bss *bss = wpa_s->current_bss;
1033 struct wpa_ssid *ssid = wpa_s->current_ssid;
b6871ebb
AN		 1034 struct hostapd_hw_modes *hw_mode = NULL;
1035 int i;
c3701c66
RM		 1036
1037 eloop_cancel_timeout(sme_obss_scan_timeout, wpa_s, NULL);
1038 wpa_s->sme.sched_obss_scan = 0;
1039 if (!enable)
1040 return;
1041
368b1957
AK		 1042 /*
1043 * Schedule OBSS scan if driver is using station SME in wpa_supplicant
1044 * or it expects OBSS scan to be performed by wpa_supplicant.
1045 */
1046 if (!((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) ||
1047 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_OBSS_SCAN)) ||
1048 ssid == NULL || ssid->mode != IEEE80211_MODE_INFRA)
1049 return;
c3701c66 1050
b6871ebb
AN		 1051 if (!wpa_s->hw.modes)
1052 return;
1053
1054 /* only HT caps in 11g mode are relevant */
1055 for (i = 0; i < wpa_s->hw.num_modes; i++) {
1056 hw_mode = &wpa_s->hw.modes[i];
1057 if (hw_mode->mode == HOSTAPD_MODE_IEEE80211G)
1058 break;
1059 }
1060
1061 /* Driver does not support HT40 for 11g or doesn't have 11g. */
1062 if (i == wpa_s->hw.num_modes || !hw_mode ||
1063 !(hw_mode->ht_capab & HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET))
1064 return;
c3701c66
RM		 1065
1066 if (bss == NULL || bss->freq < 2400 || bss->freq > 2500)
1067 return; /* Not associated on 2.4 GHz band */
1068
1069 /* Check whether AP supports HT40 */
1070 ie = wpa_bss_get_ie(wpa_s->current_bss, WLAN_EID_HT_CAP);
1071 if (!ie || ie[1] < 2 ||
1072 !(WPA_GET_LE16(ie + 2) & HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET))
1073 return; /* AP does not support HT40 */
1074
1075 ie = wpa_bss_get_ie(wpa_s->current_bss,
1076 WLAN_EID_OVERLAPPING_BSS_SCAN_PARAMS);
1077 if (!ie || ie[1] < 14)
1078 return; /* AP does not request OBSS scans */
1079
1080 wpa_s->sme.obss_scan_int = WPA_GET_LE16(ie + 6);
1081 if (wpa_s->sme.obss_scan_int < 10) {
1082 wpa_printf(MSG_DEBUG, "SME: Invalid OBSS Scan Interval %u "
1083 "replaced with the minimum 10 sec",
1084 wpa_s->sme.obss_scan_int);
1085 wpa_s->sme.obss_scan_int = 10;
1086 }
1087 wpa_printf(MSG_DEBUG, "SME: OBSS Scan Interval %u sec",
1088 wpa_s->sme.obss_scan_int);
1089 eloop_register_timeout(wpa_s->sme.obss_scan_int, 0,
1090 sme_obss_scan_timeout, wpa_s, NULL);
e29853bb
BG		 1091}
1092
1093
7d878ca7
JM		 1094#ifdef CONFIG_IEEE80211W
1095
1096static const unsigned int sa_query_max_timeout = 1000;
1097static const unsigned int sa_query_retry_timeout = 201;
1098
1099static int sme_check_sa_query_timeout(struct wpa_supplicant *wpa_s)
1100{
1101 u32 tu;
1102 struct os_time now, passed;
1103 os_get_time(&now);
1104 os_time_sub(&now, &wpa_s->sme.sa_query_start, &passed);
1105 tu = (passed.sec * 1000000 + passed.usec) / 1024;
1106 if (sa_query_max_timeout < tu) {
f049052b 1107 wpa_dbg(wpa_s, MSG_DEBUG, "SME: SA Query timed out");
7d878ca7
JM		 1108 sme_stop_sa_query(wpa_s);
1109 wpa_supplicant_deauthenticate(
1110 wpa_s, WLAN_REASON_PREV_AUTH_NOT_VALID);
1111 return 1;
1112 }
1113
1114 return 0;
1115}
1116
1117
1118static void sme_send_sa_query_req(struct wpa_supplicant *wpa_s,
1119 const u8 *trans_id)
1120{
1121 u8 req[2 + WLAN_SA_QUERY_TR_ID_LEN];
f049052b
BG		 1122 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Sending SA Query Request to "
1123 MACSTR, MAC2STR(wpa_s->bssid));
7d878ca7
JM		 1124 wpa_hexdump(MSG_DEBUG, "SME: SA Query Transaction ID",
1125 trans_id, WLAN_SA_QUERY_TR_ID_LEN);
1126 req[0] = WLAN_ACTION_SA_QUERY;
1127 req[1] = WLAN_SA_QUERY_REQUEST;
1128 os_memcpy(req + 2, trans_id, WLAN_SA_QUERY_TR_ID_LEN);
190b9062 1129 if (wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
7d878ca7 1130 wpa_s->own_addr, wpa_s->bssid,
b106173a 1131 req, sizeof(req), 0) < 0)
f049052b
BG		 1132 wpa_msg(wpa_s, MSG_INFO, "SME: Failed to send SA Query "
1133 "Request");
7d878ca7
JM		 1134}
1135
1136
1137static void sme_sa_query_timer(void *eloop_ctx, void *timeout_ctx)
1138{
1139 struct wpa_supplicant *wpa_s = eloop_ctx;
1140 unsigned int timeout, sec, usec;
1141 u8 *trans_id, *nbuf;
1142
1143 if (wpa_s->sme.sa_query_count > 0 &&
1144 sme_check_sa_query_timeout(wpa_s))
1145 return;
1146
067ffa26
JM		 1147 nbuf = os_realloc_array(wpa_s->sme.sa_query_trans_id,
1148 wpa_s->sme.sa_query_count + 1,
1149 WLAN_SA_QUERY_TR_ID_LEN);
7d878ca7
JM		 1150 if (nbuf == NULL)
1151 return;
1152 if (wpa_s->sme.sa_query_count == 0) {
1153 /* Starting a new SA Query procedure */
1154 os_get_time(&wpa_s->sme.sa_query_start);
1155 }
1156 trans_id = nbuf + wpa_s->sme.sa_query_count * WLAN_SA_QUERY_TR_ID_LEN;
1157 wpa_s->sme.sa_query_trans_id = nbuf;
1158 wpa_s->sme.sa_query_count++;
1159
1160 os_get_random(trans_id, WLAN_SA_QUERY_TR_ID_LEN);
1161
1162 timeout = sa_query_retry_timeout;
1163 sec = ((timeout / 1000) * 1024) / 1000;
1164 usec = (timeout % 1000) * 1024;
1165 eloop_register_timeout(sec, usec, sme_sa_query_timer, wpa_s, NULL);
1166
f049052b
BG		 1167 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Association SA Query attempt %d",
1168 wpa_s->sme.sa_query_count);
7d878ca7
JM		 1169
1170 sme_send_sa_query_req(wpa_s, trans_id);
1171}
1172
1173
1174static void sme_start_sa_query(struct wpa_supplicant *wpa_s)
1175{
1176 sme_sa_query_timer(wpa_s, NULL);
1177}
1178
1179
19df9b07 1180static void sme_stop_sa_query(struct wpa_supplicant *wpa_s)
7d878ca7
JM		 1181{
1182 eloop_cancel_timeout(sme_sa_query_timer, wpa_s, NULL);
1183 os_free(wpa_s->sme.sa_query_trans_id);
1184 wpa_s->sme.sa_query_trans_id = NULL;
1185 wpa_s->sme.sa_query_count = 0;
1186}
1187
1188
1189void sme_event_unprot_disconnect(struct wpa_supplicant *wpa_s, const u8 *sa,
1190 const u8 *da, u16 reason_code)
1191{
1192 struct wpa_ssid *ssid;
1193
1194 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME))
1195 return;
1196 if (wpa_s->wpa_state != WPA_COMPLETED)
1197 return;
1198 ssid = wpa_s->current_ssid;
62d49803
JM		 1199 if (ssid == NULL ||
1200 (ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
1201 wpa_s->conf->pmf : ssid->ieee80211w) == NO_MGMT_FRAME_PROTECTION)
7d878ca7
JM		 1202 return;
1203 if (os_memcmp(sa, wpa_s->bssid, ETH_ALEN) != 0)
1204 return;
1205 if (reason_code != WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA &&
1206 reason_code != WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA)
1207 return;
1208 if (wpa_s->sme.sa_query_count > 0)
1209 return;
1210
f049052b
BG		 1211 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Unprotected disconnect dropped - "
1212 "possible AP/STA state mismatch - trigger SA Query");
7d878ca7
JM		 1213 sme_start_sa_query(wpa_s);
1214}
1215
1216
1217void sme_sa_query_rx(struct wpa_supplicant *wpa_s, const u8 *sa,
1218 const u8 *data, size_t len)
1219{
1220 int i;
1221
1222 if (wpa_s->sme.sa_query_trans_id == NULL ||
1223 len < 1 + WLAN_SA_QUERY_TR_ID_LEN ||
1224 data[0] != WLAN_SA_QUERY_RESPONSE)
1225 return;
f049052b
BG		 1226 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Received SA Query response from "
1227 MACSTR " (trans_id %02x%02x)", MAC2STR(sa), data[1], data[2]);
7d878ca7
JM		 1228
1229 if (os_memcmp(sa, wpa_s->bssid, ETH_ALEN) != 0)
1230 return;
1231
1232 for (i = 0; i < wpa_s->sme.sa_query_count; i++) {
1233 if (os_memcmp(wpa_s->sme.sa_query_trans_id +
1234 i * WLAN_SA_QUERY_TR_ID_LEN,
1235 data + 1, WLAN_SA_QUERY_TR_ID_LEN) == 0)
1236 break;
1237 }
1238
1239 if (i >= wpa_s->sme.sa_query_count) {
f049052b
BG		 1240 wpa_dbg(wpa_s, MSG_DEBUG, "SME: No matching SA Query "
1241 "transaction identifier found");
7d878ca7
JM		 1242 return;
1243 }
1244
f049052b
BG		 1245 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Reply to pending SA Query received "
1246 "from " MACSTR, MAC2STR(sa));
7d878ca7
JM		 1247 sme_stop_sa_query(wpa_s);
1248}
1249
1250#endif /* CONFIG_IEEE80211W */
Unnamed repository; edit this file 'description' to name the repository.