]> git.ipfire.org Git - thirdparty/hostap.git/blame - src/ap/wpa_auth_glue.c
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
OCV: Add function to derive Tx parameters to a specific STA
[thirdparty/hostap.git] / src / ap / wpa_auth_glue.c
CommitLineData
c442055e
JM		 1/*
2 * hostapd / WPA authenticator glue code
47b55a3e 3 * Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi>
c442055e 4 *
0f3d578e
JM		 5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
c442055e
JM		 7 */
8
9#include "utils/includes.h"
10
11#include "utils/common.h"
c5fee160
MB		 12#include "utils/eloop.h"
13#include "utils/list.h"
c442055e 14#include "common/ieee802_11_defs.h"
47b55a3e 15#include "common/sae.h"
2c502460 16#include "common/wpa_ctrl.h"
f8e09bc5 17#include "crypto/sha1.h"
c442055e
JM		 18#include "eapol_auth/eapol_auth_sm.h"
19#include "eapol_auth/eapol_auth_sm_i.h"
20#include "eap_server/eap.h"
21#include "l2_packet/l2_packet.h"
50bd8e0a 22#include "eth_p_oui.h"
6226e38d
JM		 23#include "hostapd.h"
24#include "ieee802_1x.h"
25#include "preauth_auth.h"
26#include "sta_info.h"
27#include "tkip_countermeasures.h"
8b06c1ed
JM		 28#include "ap_drv_ops.h"
29#include "ap_config.h"
1034f67b 30#include "ieee802_11.h"
d90f10fa 31#include "pmksa_cache_auth.h"
8b06c1ed 32#include "wpa_auth.h"
373f6c72 33#include "wpa_auth_glue.h"
c442055e
JM		 34
35
36static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf,
7af092a0 37 struct hostapd_config *iconf,
c442055e
JM		 38 struct wpa_auth_config *wconf)
39{
d28b43f6 40 os_memset(wconf, 0, sizeof(*wconf));
c442055e
JM		 41 wconf->wpa = conf->wpa;
42 wconf->wpa_key_mgmt = conf->wpa_key_mgmt;
43 wconf->wpa_pairwise = conf->wpa_pairwise;
44 wconf->wpa_group = conf->wpa_group;
45 wconf->wpa_group_rekey = conf->wpa_group_rekey;
46 wconf->wpa_strict_rekey = conf->wpa_strict_rekey;
47 wconf->wpa_gmk_rekey = conf->wpa_gmk_rekey;
48 wconf->wpa_ptk_rekey = conf->wpa_ptk_rekey;
41f140d3 49 wconf->wpa_group_update_count = conf->wpa_group_update_count;
6f234c1e
JM		 50 wconf->wpa_disable_eapol_key_retries =
51 conf->wpa_disable_eapol_key_retries;
41f140d3 52 wconf->wpa_pairwise_update_count = conf->wpa_pairwise_update_count;
c442055e
JM		 53 wconf->rsn_pairwise = conf->rsn_pairwise;
54 wconf->rsn_preauth = conf->rsn_preauth;
55 wconf->eapol_version = conf->eapol_version;
c442055e 56 wconf->wmm_enabled = conf->wmm_enabled;
721abef9 57 wconf->wmm_uapsd = conf->wmm_uapsd;
cb465555 58 wconf->disable_pmksa_caching = conf->disable_pmksa_caching;
875ab60d
MV		 59#ifdef CONFIG_OCV
60 wconf->ocv = conf->ocv;
61#endif /* CONFIG_OCV */
c442055e
JM		 62 wconf->okc = conf->okc;
63#ifdef CONFIG_IEEE80211W
64 wconf->ieee80211w = conf->ieee80211w;
8dd9f9cd 65 wconf->group_mgmt_cipher = conf->group_mgmt_cipher;
ba3d435f 66 wconf->sae_require_mfp = conf->sae_require_mfp;
c442055e 67#endif /* CONFIG_IEEE80211W */
4ec1fd8e 68#ifdef CONFIG_IEEE80211R_AP
c442055e 69 wconf->ssid_len = conf->ssid.ssid_len;
d6c3067d
JM		 70 if (wconf->ssid_len > SSID_MAX_LEN)
71 wconf->ssid_len = SSID_MAX_LEN;
c442055e
JM		 72 os_memcpy(wconf->ssid, conf->ssid.ssid, wconf->ssid_len);
73 os_memcpy(wconf->mobility_domain, conf->mobility_domain,
74 MOBILITY_DOMAIN_ID_LEN);
75 if (conf->nas_identifier &&
76 os_strlen(conf->nas_identifier) <= FT_R0KH_ID_MAX_LEN) {
77 wconf->r0_key_holder_len = os_strlen(conf->nas_identifier);
78 os_memcpy(wconf->r0_key_holder, conf->nas_identifier,
79 wconf->r0_key_holder_len);
80 }
81 os_memcpy(wconf->r1_key_holder, conf->r1_key_holder, FT_R1KH_ID_LEN);
82 wconf->r0_key_lifetime = conf->r0_key_lifetime;
3a3e2832 83 wconf->r1_max_key_lifetime = conf->r1_max_key_lifetime;
c442055e 84 wconf->reassociation_deadline = conf->reassociation_deadline;
3a46cf93
MB		 85 wconf->rkh_pos_timeout = conf->rkh_pos_timeout;
86 wconf->rkh_neg_timeout = conf->rkh_neg_timeout;
87 wconf->rkh_pull_timeout = conf->rkh_pull_timeout;
88 wconf->rkh_pull_retries = conf->rkh_pull_retries;
89 wconf->r0kh_list = &conf->r0kh_list;
90 wconf->r1kh_list = &conf->r1kh_list;
c442055e 91 wconf->pmk_r1_push = conf->pmk_r1_push;
d7956add 92 wconf->ft_over_ds = conf->ft_over_ds;
96590564 93 wconf->ft_psk_generate_local = conf->ft_psk_generate_local;
4ec1fd8e 94#endif /* CONFIG_IEEE80211R_AP */
83421850
JM		 95#ifdef CONFIG_HS20
96 wconf->disable_gtk = conf->disable_dgaf;
a14896e8
JM		 97 if (conf->osen) {
98 wconf->disable_gtk = 1;
99 wconf->wpa = WPA_PROTO_OSEN;
100 wconf->wpa_key_mgmt = WPA_KEY_MGMT_OSEN;
101 wconf->wpa_pairwise = 0;
102 wconf->wpa_group = WPA_CIPHER_CCMP;
103 wconf->rsn_pairwise = WPA_CIPHER_CCMP;
104 wconf->rsn_preauth = 0;
105 wconf->disable_pmksa_caching = 1;
106#ifdef CONFIG_IEEE80211W
107 wconf->ieee80211w = 1;
108#endif /* CONFIG_IEEE80211W */
109 }
83421850 110#endif /* CONFIG_HS20 */
7af092a0
JB		 111#ifdef CONFIG_TESTING_OPTIONS
112 wconf->corrupt_gtk_rekey_mic_probability =
113 iconf->corrupt_gtk_rekey_mic_probability;
bc02843e
JM		 114 if (conf->own_ie_override &&
115 wpabuf_len(conf->own_ie_override) <= MAX_OWN_IE_OVERRIDE) {
116 wconf->own_ie_override_len = wpabuf_len(conf->own_ie_override);
117 os_memcpy(wconf->own_ie_override,
118 wpabuf_head(conf->own_ie_override),
119 wconf->own_ie_override_len);
120 }
7af092a0 121#endif /* CONFIG_TESTING_OPTIONS */
25ef8529
JM		 122#ifdef CONFIG_P2P
123 os_memcpy(wconf->ip_addr_go, conf->ip_addr_go, 4);
124 os_memcpy(wconf->ip_addr_mask, conf->ip_addr_mask, 4);
125 os_memcpy(wconf->ip_addr_start, conf->ip_addr_start, 4);
126 os_memcpy(wconf->ip_addr_end, conf->ip_addr_end, 4);
127#endif /* CONFIG_P2P */
7eace378
JM		 128#ifdef CONFIG_FILS
129 wconf->fils_cache_id_set = conf->fils_cache_id_set;
130 os_memcpy(wconf->fils_cache_id, conf->fils_cache_id,
131 FILS_CACHE_ID_LEN);
132#endif /* CONFIG_FILS */
c442055e
JM		 133}
134
135
136static void hostapd_wpa_auth_logger(void *ctx, const u8 *addr,
137 logger_level level, const char *txt)
138{
139#ifndef CONFIG_NO_HOSTAPD_LOGGER
140 struct hostapd_data *hapd = ctx;
141 int hlevel;
142
143 switch (level) {
144 case LOGGER_WARNING:
145 hlevel = HOSTAPD_LEVEL_WARNING;
146 break;
147 case LOGGER_INFO:
148 hlevel = HOSTAPD_LEVEL_INFO;
149 break;
150 case LOGGER_DEBUG:
151 default:
152 hlevel = HOSTAPD_LEVEL_DEBUG;
153 break;
154 }
155
156 hostapd_logger(hapd, addr, HOSTAPD_MODULE_WPA, hlevel, "%s", txt);
157#endif /* CONFIG_NO_HOSTAPD_LOGGER */
158}
159
160
161static void hostapd_wpa_auth_disconnect(void *ctx, const u8 *addr,
162 u16 reason)
163{
164 struct hostapd_data *hapd = ctx;
165 wpa_printf(MSG_DEBUG, "%s: WPA authenticator requests disconnect: "
166 "STA " MACSTR " reason %d",
167 __func__, MAC2STR(addr), reason);
168 ap_sta_disconnect(hapd, NULL, addr, reason);
169}
170
171
c772d054 172static int hostapd_wpa_auth_mic_failure_report(void *ctx, const u8 *addr)
c442055e
JM		 173{
174 struct hostapd_data *hapd = ctx;
c772d054 175 return michael_mic_failure(hapd, addr, 0);
c442055e
JM		 176}
177
178
2c502460
JM		 179static void hostapd_wpa_auth_psk_failure_report(void *ctx, const u8 *addr)
180{
181 struct hostapd_data *hapd = ctx;
182 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POSSIBLE_PSK_MISMATCH MACSTR,
183 MAC2STR(addr));
184}
185
186
c442055e
JM		 187static void hostapd_wpa_auth_set_eapol(void *ctx, const u8 *addr,
188 wpa_eapol_variable var, int value)
189{
190 struct hostapd_data *hapd = ctx;
191 struct sta_info *sta = ap_get_sta(hapd, addr);
192 if (sta == NULL)
193 return;
194 switch (var) {
195 case WPA_EAPOL_portEnabled:
196 ieee802_1x_notify_port_enabled(sta->eapol_sm, value);
197 break;
198 case WPA_EAPOL_portValid:
199 ieee802_1x_notify_port_valid(sta->eapol_sm, value);
200 break;
201 case WPA_EAPOL_authorized:
202 ieee802_1x_set_sta_authorized(hapd, sta, value);
203 break;
204 case WPA_EAPOL_portControl_Auto:
205 if (sta->eapol_sm)
206 sta->eapol_sm->portControl = Auto;
207 break;
208 case WPA_EAPOL_keyRun:
209 if (sta->eapol_sm)
210 sta->eapol_sm->keyRun = value ? TRUE : FALSE;
211 break;
212 case WPA_EAPOL_keyAvailable:
213 if (sta->eapol_sm)
214 sta->eapol_sm->eap_if->eapKeyAvailable =
215 value ? TRUE : FALSE;
216 break;
217 case WPA_EAPOL_keyDone:
218 if (sta->eapol_sm)
219 sta->eapol_sm->keyDone = value ? TRUE : FALSE;
220 break;
221 case WPA_EAPOL_inc_EapolFramesTx:
222 if (sta->eapol_sm)
223 sta->eapol_sm->dot1xAuthEapolFramesTx++;
224 break;
225 }
226}
227
228
229static int hostapd_wpa_auth_get_eapol(void *ctx, const u8 *addr,
230 wpa_eapol_variable var)
231{
232 struct hostapd_data *hapd = ctx;
233 struct sta_info *sta = ap_get_sta(hapd, addr);
234 if (sta == NULL || sta->eapol_sm == NULL)
235 return -1;
236 switch (var) {
237 case WPA_EAPOL_keyRun:
238 return sta->eapol_sm->keyRun;
239 case WPA_EAPOL_keyAvailable:
240 return sta->eapol_sm->eap_if->eapKeyAvailable;
241 default:
242 return -1;
243 }
244}
245
246
247static const u8 * hostapd_wpa_auth_get_psk(void *ctx, const u8 *addr,
759fd76b 248 const u8 *p2p_dev_addr,
7a12edd1 249 const u8 *prev_psk, size_t *psk_len)
c442055e
JM		 250{
251 struct hostapd_data *hapd = ctx;
05ab9712 252 struct sta_info *sta = ap_get_sta(hapd, addr);
47b55a3e
JM		 253 const u8 *psk;
254
7a12edd1
JM		 255 if (psk_len)
256 *psk_len = PMK_LEN;
257
47b55a3e
JM		 258#ifdef CONFIG_SAE
259 if (sta && sta->auth_alg == WLAN_AUTH_SAE) {
260 if (!sta->sae || prev_psk)
261 return NULL;
262 return sta->sae->pmk;
263 }
e61fea6b
JM		 264 if (sta && wpa_auth_uses_sae(sta->wpa_sm)) {
265 wpa_printf(MSG_DEBUG,
266 "No PSK for STA trying to use SAE with PMKSA caching");
267 return NULL;
268 }
47b55a3e
JM		 269#endif /* CONFIG_SAE */
270
09368515
JM		 271#ifdef CONFIG_OWE
272 if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) &&
7a12edd1
JM		 273 sta && sta->owe_pmk) {
274 if (psk_len)
275 *psk_len = sta->owe_pmk_len;
09368515 276 return sta->owe_pmk;
7a12edd1 277 }
d90f10fa
JM		 278 if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) && sta) {
279 struct rsn_pmksa_cache_entry *sa;
280
281 sa = wpa_auth_sta_get_pmksa(sta->wpa_sm);
282 if (sa && sa->akmp == WPA_KEY_MGMT_OWE) {
283 if (psk_len)
284 *psk_len = sa->pmk_len;
285 return sa->pmk;
286 }
287 }
09368515
JM		 288#endif /* CONFIG_OWE */
289
759fd76b 290 psk = hostapd_get_psk(hapd->conf, addr, p2p_dev_addr, prev_psk);
59dff51d
MB		 291 /*
292 * This is about to iterate over all psks, prev_psk gives the last
293 * returned psk which should not be returned again.
5ee56c4e 294 * logic list (all hostapd_get_psk; all sta->psk)
59dff51d 295 */
5ee56c4e
MB		 296 if (sta && sta->psk && !psk) {
297 struct hostapd_sta_wpa_psk_short *pos;
298 psk = sta->psk->psk;
299 for (pos = sta->psk; pos; pos = pos->next) {
f8e09bc5
MB		 300 if (pos->is_passphrase) {
301 pbkdf2_sha1(pos->passphrase,
302 hapd->conf->ssid.ssid,
303 hapd->conf->ssid.ssid_len, 4096,
304 pos->psk, PMK_LEN);
305 pos->is_passphrase = 0;
306 }
5ee56c4e
MB		 307 if (pos->psk == prev_psk) {
308 psk = pos->next ? pos->next->psk : NULL;
309 break;
310 }
311 }
312 }
59dff51d 313 return psk;
c442055e
JM		 314}
315
316
317static int hostapd_wpa_auth_get_msk(void *ctx, const u8 *addr, u8 *msk,
318 size_t *len)
319{
320 struct hostapd_data *hapd = ctx;
321 const u8 *key;
322 size_t keylen;
323 struct sta_info *sta;
324
325 sta = ap_get_sta(hapd, addr);
400de9b1
BG		 326 if (sta == NULL) {
327 wpa_printf(MSG_DEBUG, "AUTH_GET_MSK: Cannot find STA");
c442055e 328 return -1;
400de9b1 329 }
c442055e
JM		 330
331 key = ieee802_1x_get_key(sta->eapol_sm, &keylen);
400de9b1
BG		 332 if (key == NULL) {
333 wpa_printf(MSG_DEBUG, "AUTH_GET_MSK: Key is null, eapol_sm: %p",
334 sta->eapol_sm);
c442055e 335 return -1;
400de9b1 336 }
c442055e
JM		 337
338 if (keylen > *len)
339 keylen = *len;
340 os_memcpy(msk, key, keylen);
341 *len = keylen;
342
343 return 0;
344}
345
346
71934751 347static int hostapd_wpa_auth_set_key(void *ctx, int vlan_id, enum wpa_alg alg,
c442055e
JM		 348 const u8 *addr, int idx, u8 *key,
349 size_t key_len)
350{
351 struct hostapd_data *hapd = ctx;
352 const char *ifname = hapd->conf->iface;
353
354 if (vlan_id > 0) {
355 ifname = hostapd_get_vlan_id_ifname(hapd->conf->vlan, vlan_id);
356 if (ifname == NULL)
357 return -1;
358 }
359
16579769
JM		 360#ifdef CONFIG_TESTING_OPTIONS
361 if (addr && !is_broadcast_ether_addr(addr)) {
362 struct sta_info *sta;
363
364 sta = ap_get_sta(hapd, addr);
365 if (sta) {
366 sta->last_tk_alg = alg;
367 sta->last_tk_key_idx = idx;
368 if (key)
369 os_memcpy(sta->last_tk, key, key_len);
370 sta->last_tk_len = key_len;
371 }
372#ifdef CONFIG_IEEE80211W
f8bfc9cb
PK		 373 } else if (alg == WPA_ALG_IGTK ||
374 alg == WPA_ALG_BIP_GMAC_128 ||
375 alg == WPA_ALG_BIP_GMAC_256 ||
376 alg == WPA_ALG_BIP_CMAC_256) {
16579769
JM		 377 hapd->last_igtk_alg = alg;
378 hapd->last_igtk_key_idx = idx;
379 if (key)
380 os_memcpy(hapd->last_igtk, key, key_len);
381 hapd->last_igtk_len = key_len;
382#endif /* CONFIG_IEEE80211W */
383 } else {
384 hapd->last_gtk_alg = alg;
385 hapd->last_gtk_key_idx = idx;
386 if (key)
387 os_memcpy(hapd->last_gtk, key, key_len);
388 hapd->last_gtk_len = key_len;
389 }
390#endif /* CONFIG_TESTING_OPTIONS */
3acdf771
JM		 391 return hostapd_drv_set_key(ifname, hapd, alg, addr, idx, 1, NULL, 0,
392 key, key_len);
c442055e
JM		 393}
394
395
396static int hostapd_wpa_auth_get_seqnum(void *ctx, const u8 *addr, int idx,
397 u8 *seq)
398{
399 struct hostapd_data *hapd = ctx;
400 return hostapd_get_seqnum(hapd->conf->iface, hapd, addr, idx, seq);
401}
402
403
404static int hostapd_wpa_auth_send_eapol(void *ctx, const u8 *addr,
405 const u8 *data, size_t data_len,
406 int encrypt)
407{
408 struct hostapd_data *hapd = ctx;
4378fc14
FF		 409 struct sta_info *sta;
410 u32 flags = 0;
411
9d4ff04a
JM		 412#ifdef CONFIG_TESTING_OPTIONS
413 if (hapd->ext_eapol_frame_io) {
414 size_t hex_len = 2 * data_len + 1;
415 char *hex = os_malloc(hex_len);
416
417 if (hex == NULL)
418 return -1;
419 wpa_snprintf_hex(hex, hex_len, data, data_len);
420 wpa_msg(hapd->msg_ctx, MSG_INFO, "EAPOL-TX " MACSTR " %s",
421 MAC2STR(addr), hex);
422 os_free(hex);
423 return 0;
424 }
425#endif /* CONFIG_TESTING_OPTIONS */
426
4378fc14
FF		 427 sta = ap_get_sta(hapd, addr);
428 if (sta)
429 flags = hostapd_sta_flags_to_drv(sta->flags);
430
3acdf771 431 return hostapd_drv_hapd_send_eapol(hapd, addr, data, data_len,
4378fc14 432 encrypt, flags);
c442055e
JM		 433}
434
435
436static int hostapd_wpa_auth_for_each_sta(
437 void *ctx, int (*cb)(struct wpa_state_machine *sm, void *ctx),
438 void *cb_ctx)
439{
440 struct hostapd_data *hapd = ctx;
441 struct sta_info *sta;
442
443 for (sta = hapd->sta_list; sta; sta = sta->next) {
444 if (sta->wpa_sm && cb(sta->wpa_sm, cb_ctx))
445 return 1;
446 }
447 return 0;
448}
449
450
451struct wpa_auth_iface_iter_data {
452 int (*cb)(struct wpa_authenticator *sm, void *ctx);
453 void *cb_ctx;
454};
455
456static int wpa_auth_iface_iter(struct hostapd_iface *iface, void *ctx)
457{
458 struct wpa_auth_iface_iter_data *data = ctx;
459 size_t i;
460 for (i = 0; i < iface->num_bss; i++) {
03bcb0af
JM		 461 if (iface->bss[i]->wpa_auth &&
462 data->cb(iface->bss[i]->wpa_auth, data->cb_ctx))
c442055e
JM		 463 return 1;
464 }
465 return 0;
466}
467
468
469static int hostapd_wpa_auth_for_each_auth(
470 void *ctx, int (*cb)(struct wpa_authenticator *sm, void *ctx),
471 void *cb_ctx)
472{
473 struct hostapd_data *hapd = ctx;
474 struct wpa_auth_iface_iter_data data;
3776ac73
JM		 475 if (hapd->iface->interfaces == NULL ||
476 hapd->iface->interfaces->for_each_interface == NULL)
1b56c26c 477 return -1;
c442055e
JM		 478 data.cb = cb;
479 data.cb_ctx = cb_ctx;
3776ac73
JM		 480 return hapd->iface->interfaces->for_each_interface(
481 hapd->iface->interfaces, wpa_auth_iface_iter, &data);
c442055e
JM		 482}
483
484
4ec1fd8e 485#ifdef CONFIG_IEEE80211R_AP
67ccef7e 486
c5fee160
MB		 487struct wpa_ft_rrb_rx_later_data {
488 struct dl_list list;
489 u8 addr[ETH_ALEN];
490 size_t data_len;
491 /* followed by data_len octets of data */
492};
493
494static void hostapd_wpa_ft_rrb_rx_later(void *eloop_ctx, void *timeout_ctx)
495{
496 struct hostapd_data *hapd = eloop_ctx;
497 struct wpa_ft_rrb_rx_later_data *data, *n;
498
499 dl_list_for_each_safe(data, n, &hapd->l2_queue,
500 struct wpa_ft_rrb_rx_later_data, list) {
501 if (hapd->wpa_auth) {
502 wpa_ft_rrb_rx(hapd->wpa_auth, data->addr,
503 (const u8 *) (data + 1),
504 data->data_len);
505 }
506 dl_list_del(&data->list);
507 os_free(data);
508 }
509}
510
511
67ccef7e
JM		 512struct wpa_auth_ft_iface_iter_data {
513 struct hostapd_data *src_hapd;
514 const u8 *dst;
515 const u8 *data;
516 size_t data_len;
517};
518
519
520static int hostapd_wpa_auth_ft_iter(struct hostapd_iface *iface, void *ctx)
521{
522 struct wpa_auth_ft_iface_iter_data *idata = ctx;
c5fee160 523 struct wpa_ft_rrb_rx_later_data *data;
67ccef7e
JM		 524 struct hostapd_data *hapd;
525 size_t j;
526
527 for (j = 0; j < iface->num_bss; j++) {
528 hapd = iface->bss[j];
c5fee160
MB		 529 if (hapd == idata->src_hapd ||
530 !hapd->wpa_auth ||
531 os_memcmp(hapd->own_addr, idata->dst, ETH_ALEN) != 0)
71456dbd 532 continue;
c5fee160
MB		 533
534 wpa_printf(MSG_DEBUG,
535 "FT: Send RRB data directly to locally managed BSS "
536 MACSTR "@%s -> " MACSTR "@%s",
537 MAC2STR(idata->src_hapd->own_addr),
538 idata->src_hapd->conf->iface,
539 MAC2STR(hapd->own_addr), hapd->conf->iface);
540
541 /* Defer wpa_ft_rrb_rx() until next eloop step as this is
542 * when it would be triggered when reading from a socket.
543 * This avoids
544 * hapd0:send -> hapd1:recv -> hapd1:send -> hapd0:recv,
545 * that is calling hapd0:recv handler from within
546 * hapd0:send directly.
547 */
548 data = os_zalloc(sizeof(*data) + idata->data_len);
549 if (!data)
67ccef7e 550 return 1;
c5fee160
MB		 551
552 os_memcpy(data->addr, idata->src_hapd->own_addr, ETH_ALEN);
553 os_memcpy(data + 1, idata->data, idata->data_len);
554 data->data_len = idata->data_len;
555
556 dl_list_add(&hapd->l2_queue, &data->list);
557
558 if (!eloop_is_timeout_registered(hostapd_wpa_ft_rrb_rx_later,
559 hapd, NULL))
560 eloop_register_timeout(0, 0,
561 hostapd_wpa_ft_rrb_rx_later,
562 hapd, NULL);
563
564 return 1;
67ccef7e
JM		 565 }
566
567 return 0;
568}
569
4ec1fd8e 570#endif /* CONFIG_IEEE80211R_AP */
67ccef7e
JM		 571
572
c442055e
JM		 573static int hostapd_wpa_auth_send_ether(void *ctx, const u8 *dst, u16 proto,
574 const u8 *data, size_t data_len)
575{
576 struct hostapd_data *hapd = ctx;
7e031850
JM		 577 struct l2_ethhdr *buf;
578 int ret;
c442055e 579
9d4ff04a
JM		 580#ifdef CONFIG_TESTING_OPTIONS
581 if (hapd->ext_eapol_frame_io && proto == ETH_P_EAPOL) {
582 size_t hex_len = 2 * data_len + 1;
583 char *hex = os_malloc(hex_len);
584
585 if (hex == NULL)
586 return -1;
587 wpa_snprintf_hex(hex, hex_len, data, data_len);
588 wpa_msg(hapd->msg_ctx, MSG_INFO, "EAPOL-TX " MACSTR " %s",
589 MAC2STR(dst), hex);
590 os_free(hex);
591 return 0;
592 }
593#endif /* CONFIG_TESTING_OPTIONS */
594
4ec1fd8e 595#ifdef CONFIG_IEEE80211R_AP
3776ac73
JM		 596 if (proto == ETH_P_RRB && hapd->iface->interfaces &&
597 hapd->iface->interfaces->for_each_interface) {
67ccef7e
JM		 598 int res;
599 struct wpa_auth_ft_iface_iter_data idata;
600 idata.src_hapd = hapd;
601 idata.dst = dst;
602 idata.data = data;
603 idata.data_len = data_len;
3776ac73
JM		 604 res = hapd->iface->interfaces->for_each_interface(
605 hapd->iface->interfaces, hostapd_wpa_auth_ft_iter,
606 &idata);
67ccef7e
JM		 607 if (res == 1)
608 return data_len;
609 }
4ec1fd8e 610#endif /* CONFIG_IEEE80211R_AP */
67ccef7e 611
c442055e
JM		 612 if (hapd->driver && hapd->driver->send_ether)
613 return hapd->driver->send_ether(hapd->drv_priv, dst,
614 hapd->own_addr, proto,
615 data, data_len);
616 if (hapd->l2 == NULL)
617 return -1;
7e031850
JM		 618
619 buf = os_malloc(sizeof(*buf) + data_len);
620 if (buf == NULL)
621 return -1;
622 os_memcpy(buf->h_dest, dst, ETH_ALEN);
623 os_memcpy(buf->h_source, hapd->own_addr, ETH_ALEN);
624 buf->h_proto = host_to_be16(proto);
625 os_memcpy(buf + 1, data, data_len);
626 ret = l2_packet_send(hapd->l2, dst, proto, (u8 *) buf,
627 sizeof(*buf) + data_len);
628 os_free(buf);
2683690d 629 return ret;
c442055e
JM		 630}
631
632
50bd8e0a
MB		 633#ifdef CONFIG_ETH_P_OUI
634static struct eth_p_oui_ctx * hostapd_wpa_get_oui(struct hostapd_data *hapd,
635 u8 oui_suffix)
636{
637 switch (oui_suffix) {
638#ifdef CONFIG_IEEE80211R_AP
639 case FT_PACKET_R0KH_R1KH_PULL:
640 return hapd->oui_pull;
641 case FT_PACKET_R0KH_R1KH_RESP:
642 return hapd->oui_resp;
643 case FT_PACKET_R0KH_R1KH_PUSH:
644 return hapd->oui_push;
eefe8630
MB		 645 case FT_PACKET_R0KH_R1KH_SEQ_REQ:
646 return hapd->oui_sreq;
647 case FT_PACKET_R0KH_R1KH_SEQ_RESP:
648 return hapd->oui_sresp;
50bd8e0a
MB		 649#endif /* CONFIG_IEEE80211R_AP */
650 default:
651 return NULL;
652 }
653}
654#endif /* CONFIG_ETH_P_OUI */
655
656
657#ifdef CONFIG_IEEE80211R_AP
658
659struct oui_deliver_later_data {
660 struct dl_list list;
661 u8 src_addr[ETH_ALEN];
662 u8 dst_addr[ETH_ALEN];
663 size_t data_len;
664 u8 oui_suffix;
665 /* followed by data_len octets of data */
666};
667
668static void hostapd_oui_deliver_later(void *eloop_ctx, void *timeout_ctx)
669{
670 struct hostapd_data *hapd = eloop_ctx;
671 struct oui_deliver_later_data *data, *n;
672 struct eth_p_oui_ctx *oui_ctx;
673
674 dl_list_for_each_safe(data, n, &hapd->l2_oui_queue,
675 struct oui_deliver_later_data, list) {
676 oui_ctx = hostapd_wpa_get_oui(hapd, data->oui_suffix);
677 if (hapd->wpa_auth && oui_ctx) {
678 eth_p_oui_deliver(oui_ctx, data->src_addr,
679 data->dst_addr,
680 (const u8 *) (data + 1),
681 data->data_len);
682 }
683 dl_list_del(&data->list);
684 os_free(data);
685 }
686}
687
688
689struct wpa_auth_oui_iface_iter_data {
690 struct hostapd_data *src_hapd;
691 const u8 *dst_addr;
692 const u8 *data;
693 size_t data_len;
694 u8 oui_suffix;
695};
696
697static int hostapd_wpa_auth_oui_iter(struct hostapd_iface *iface, void *ctx)
698{
699 struct wpa_auth_oui_iface_iter_data *idata = ctx;
700 struct oui_deliver_later_data *data;
701 struct hostapd_data *hapd;
702 size_t j;
703
704 for (j = 0; j < iface->num_bss; j++) {
705 hapd = iface->bss[j];
706 if (hapd == idata->src_hapd)
707 continue;
708 if (!is_multicast_ether_addr(idata->dst_addr) &&
709 os_memcmp(hapd->own_addr, idata->dst_addr, ETH_ALEN) != 0)
710 continue;
711
712 /* defer eth_p_oui_deliver until next eloop step as this is
713 * when it would be triggerd from reading from sock
714 * This avoids
715 * hapd0:send -> hapd1:recv -> hapd1:send -> hapd0:recv,
716 * that is calling hapd0:recv handler from within
717 * hapd0:send directly.
718 */
719 data = os_zalloc(sizeof(*data) + idata->data_len);
720 if (!data)
721 return 1;
722
723 os_memcpy(data->src_addr, idata->src_hapd->own_addr, ETH_ALEN);
724 os_memcpy(data->dst_addr, idata->dst_addr, ETH_ALEN);
725 os_memcpy(data + 1, idata->data, idata->data_len);
726 data->data_len = idata->data_len;
727 data->oui_suffix = idata->oui_suffix;
728
729 dl_list_add(&hapd->l2_oui_queue, &data->list);
730
731 if (!eloop_is_timeout_registered(hostapd_oui_deliver_later,
732 hapd, NULL))
733 eloop_register_timeout(0, 0,
734 hostapd_oui_deliver_later,
735 hapd, NULL);
736
737 return 1;
738 }
739
740 return 0;
741}
742
743#endif /* CONFIG_IEEE80211R_AP */
744
745
746static int hostapd_wpa_auth_send_oui(void *ctx, const u8 *dst, u8 oui_suffix,
747 const u8 *data, size_t data_len)
748{
749#ifdef CONFIG_ETH_P_OUI
750 struct hostapd_data *hapd = ctx;
751 struct eth_p_oui_ctx *oui_ctx;
752
753#ifdef CONFIG_IEEE80211R_AP
754 if (hapd->iface->interfaces &&
755 hapd->iface->interfaces->for_each_interface) {
756 struct wpa_auth_oui_iface_iter_data idata;
757 int res;
758
759 idata.src_hapd = hapd;
760 idata.dst_addr = dst;
761 idata.data = data;
762 idata.data_len = data_len;
763 idata.oui_suffix = oui_suffix;
764 res = hapd->iface->interfaces->for_each_interface(
765 hapd->iface->interfaces, hostapd_wpa_auth_oui_iter,
766 &idata);
767 if (res == 1)
768 return data_len;
769 }
770#endif /* CONFIG_IEEE80211R_AP */
771
772 oui_ctx = hostapd_wpa_get_oui(hapd, oui_suffix);
773 if (!oui_ctx)
774 return -1;
775
776 return eth_p_oui_send(oui_ctx, hapd->own_addr, dst, data, data_len);
777#else /* CONFIG_ETH_P_OUI */
778 return -1;
779#endif /* CONFIG_ETH_P_OUI */
780}
781
782
bef4d07a
MV		 783static int hostapd_channel_info(void *ctx, struct wpa_channel_info *ci)
784{
785 struct hostapd_data *hapd = ctx;
786
787 return hostapd_drv_channel_info(hapd, ci);
788}
789
1034f67b
MV		 790
791#ifdef CONFIG_OCV
792static int hostapd_get_sta_tx_params(void *ctx, const u8 *addr,
793 int ap_max_chanwidth, int ap_seg1_idx,
794 int *bandwidth, int *seg1_idx)
795{
796 struct hostapd_data *hapd = ctx;
797 struct sta_info *sta;
798
799 sta = ap_get_sta(hapd, addr);
800 if (!sta) {
801 hostapd_wpa_auth_logger(hapd, addr, LOGGER_INFO,
802 "Failed to get STA info to validate received OCI");
803 return -1;
804 }
805
806 return get_tx_parameters(sta, ap_max_chanwidth, ap_seg1_idx, bandwidth,
807 seg1_idx);
808}
809#endif /* CONFIG_OCV */
810
811
4ec1fd8e 812#ifdef CONFIG_IEEE80211R_AP
c442055e
JM		 813
814static int hostapd_wpa_auth_send_ft_action(void *ctx, const u8 *dst,
815 const u8 *data, size_t data_len)
816{
817 struct hostapd_data *hapd = ctx;
818 int res;
819 struct ieee80211_mgmt *m;
820 size_t mlen;
821 struct sta_info *sta;
822
823 sta = ap_get_sta(hapd, dst);
824 if (sta == NULL || sta->wpa_sm == NULL)
825 return -1;
826
827 m = os_zalloc(sizeof(*m) + data_len);
828 if (m == NULL)
829 return -1;
830 mlen = ((u8 *) &m->u - (u8 *) m) + data_len;
831 m->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
832 WLAN_FC_STYPE_ACTION);
833 os_memcpy(m->da, dst, ETH_ALEN);
834 os_memcpy(m->sa, hapd->own_addr, ETH_ALEN);
835 os_memcpy(m->bssid, hapd->own_addr, ETH_ALEN);
836 os_memcpy(&m->u, data, data_len);
837
8cfa3527 838 res = hostapd_drv_send_mlme(hapd, (u8 *) m, mlen, 0);
c442055e
JM		 839 os_free(m);
840 return res;
841}
842
843
844static struct wpa_state_machine *
845hostapd_wpa_auth_add_sta(void *ctx, const u8 *sta_addr)
846{
847 struct hostapd_data *hapd = ctx;
848 struct sta_info *sta;
849
88b32a99
SP		 850 if (hostapd_add_sta_node(hapd, sta_addr, WLAN_AUTH_FT) < 0)
851 return NULL;
852
c442055e
JM		 853 sta = ap_sta_add(hapd, sta_addr);
854 if (sta == NULL)
855 return NULL;
21c9b690
JM		 856 if (sta->wpa_sm) {
857 sta->auth_alg = WLAN_AUTH_FT;
c442055e 858 return sta->wpa_sm;
21c9b690 859 }
c442055e 860
94ddef3e 861 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, sta->addr, NULL);
c442055e
JM		 862 if (sta->wpa_sm == NULL) {
863 ap_free_sta(hapd, sta);
864 return NULL;
865 }
866 sta->auth_alg = WLAN_AUTH_FT;
867
868 return sta->wpa_sm;
869}
870
871
47a039b0
MB		 872static int hostapd_wpa_auth_set_vlan(void *ctx, const u8 *sta_addr,
873 struct vlan_description *vlan)
874{
875 struct hostapd_data *hapd = ctx;
876 struct sta_info *sta;
877
878 sta = ap_get_sta(hapd, sta_addr);
879 if (!sta || !sta->wpa_sm)
880 return -1;
881
882 if (vlan->notempty &&
883 !hostapd_vlan_valid(hapd->conf->vlan, vlan)) {
884 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
885 HOSTAPD_LEVEL_INFO,
886 "Invalid VLAN %d%s received from FT",
887 vlan->untagged, vlan->tagged[0] ? "+" : "");
888 return -1;
889 }
890
891 if (ap_sta_set_vlan(hapd, sta, vlan) < 0)
892 return -1;
893 /* Configure wpa_group for GTK but ignore error due to driver not
894 * knowing this STA. */
895 ap_sta_bind_vlan(hapd, sta);
896
897 if (sta->vlan_id)
898 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
899 HOSTAPD_LEVEL_INFO, "VLAN ID %d", sta->vlan_id);
900
901 return 0;
902}
903
904
905static int hostapd_wpa_auth_get_vlan(void *ctx, const u8 *sta_addr,
906 struct vlan_description *vlan)
907{
908 struct hostapd_data *hapd = ctx;
909 struct sta_info *sta;
910
911 sta = ap_get_sta(hapd, sta_addr);
912 if (!sta)
913 return -1;
914
915 if (sta->vlan_desc)
916 *vlan = *sta->vlan_desc;
917 else
918 os_memset(vlan, 0, sizeof(*vlan));
919
920 return 0;
921}
922
923
8c345234
MB		 924static int
925hostapd_wpa_auth_set_identity(void *ctx, const u8 *sta_addr,
926 const u8 *identity, size_t identity_len)
927{
928 struct hostapd_data *hapd = ctx;
929 struct sta_info *sta;
930
931 sta = ap_get_sta(hapd, sta_addr);
932 if (!sta)
933 return -1;
934
935 os_free(sta->identity);
936 sta->identity = NULL;
937
938 if (sta->eapol_sm) {
939 os_free(sta->eapol_sm->identity);
940 sta->eapol_sm->identity = NULL;
941 sta->eapol_sm->identity_len = 0;
942 }
943
944 if (!identity_len)
945 return 0;
946
947 /* sta->identity is NULL terminated */
948 sta->identity = os_zalloc(identity_len + 1);
949 if (!sta->identity)
950 return -1;
951 os_memcpy(sta->identity, identity, identity_len);
952
953 if (sta->eapol_sm) {
954 sta->eapol_sm->identity = os_zalloc(identity_len);
955 if (!sta->eapol_sm->identity)
956 return -1;
957 os_memcpy(sta->eapol_sm->identity, identity, identity_len);
958 sta->eapol_sm->identity_len = identity_len;
959 }
960
961 return 0;
962}
963
964
965static size_t
966hostapd_wpa_auth_get_identity(void *ctx, const u8 *sta_addr, const u8 **buf)
967{
968 struct hostapd_data *hapd = ctx;
969 struct sta_info *sta;
970 size_t len;
971 char *identity;
972
973 sta = ap_get_sta(hapd, sta_addr);
974 if (!sta)
975 return 0;
976
977 *buf = ieee802_1x_get_identity(sta->eapol_sm, &len);
978 if (*buf && len)
979 return len;
980
981 if (!sta->identity) {
982 *buf = NULL;
983 return 0;
984 }
985
986 identity = sta->identity;
987 len = os_strlen(identity);
988 *buf = (u8 *) identity;
989
990 return len;
991}
992
993
994static int
995hostapd_wpa_auth_set_radius_cui(void *ctx, const u8 *sta_addr,
996 const u8 *radius_cui, size_t radius_cui_len)
997{
998 struct hostapd_data *hapd = ctx;
999 struct sta_info *sta;
1000
1001 sta = ap_get_sta(hapd, sta_addr);
1002 if (!sta)
1003 return -1;
1004
1005 os_free(sta->radius_cui);
1006 sta->radius_cui = NULL;
1007
1008 if (sta->eapol_sm) {
1009 wpabuf_free(sta->eapol_sm->radius_cui);
1010 sta->eapol_sm->radius_cui = NULL;
1011 }
1012
1013 if (!radius_cui)
1014 return 0;
1015
1016 /* sta->radius_cui is NULL terminated */
1017 sta->radius_cui = os_zalloc(radius_cui_len + 1);
1018 if (!sta->radius_cui)
1019 return -1;
1020 os_memcpy(sta->radius_cui, radius_cui, radius_cui_len);
1021
1022 if (sta->eapol_sm) {
1023 sta->eapol_sm->radius_cui = wpabuf_alloc_copy(radius_cui,
1024 radius_cui_len);
1025 if (!sta->eapol_sm->radius_cui)
1026 return -1;
1027 }
1028
1029 return 0;
1030}
1031
1032
1033static size_t
1034hostapd_wpa_auth_get_radius_cui(void *ctx, const u8 *sta_addr, const u8 **buf)
1035{
1036 struct hostapd_data *hapd = ctx;
1037 struct sta_info *sta;
1038 struct wpabuf *b;
1039 size_t len;
1040 char *radius_cui;
1041
1042 sta = ap_get_sta(hapd, sta_addr);
1043 if (!sta)
1044 return 0;
1045
1046 b = ieee802_1x_get_radius_cui(sta->eapol_sm);
1047 if (b) {
1048 len = wpabuf_len(b);
1049 *buf = wpabuf_head(b);
1050 return len;
1051 }
1052
1053 if (!sta->radius_cui) {
1054 *buf = NULL;
1055 return 0;
1056 }
1057
1058 radius_cui = sta->radius_cui;
1059 len = os_strlen(radius_cui);
1060 *buf = (u8 *) radius_cui;
1061
1062 return len;
1063}
1064
1065
3cb286ca
MB		 1066static void hostapd_wpa_auth_set_session_timeout(void *ctx, const u8 *sta_addr,
1067 int session_timeout)
1068{
1069 struct hostapd_data *hapd = ctx;
1070 struct sta_info *sta;
1071
1072 sta = ap_get_sta(hapd, sta_addr);
1073 if (!sta)
1074 return;
1075
1076 if (session_timeout) {
1077 os_get_reltime(&sta->session_timeout);
1078 sta->session_timeout.sec += session_timeout;
1079 sta->session_timeout_set = 1;
1080 ap_sta_session_timeout(hapd, sta, session_timeout);
1081 } else {
1082 sta->session_timeout_set = 0;
1083 ap_sta_no_session_timeout(hapd, sta);
1084 }
1085}
1086
1087
1088static int hostapd_wpa_auth_get_session_timeout(void *ctx, const u8 *sta_addr)
1089{
1090 struct hostapd_data *hapd = ctx;
1091 struct sta_info *sta;
1092 struct os_reltime now, remaining;
1093
1094 sta = ap_get_sta(hapd, sta_addr);
1095 if (!sta || !sta->session_timeout_set)
1096 return 0;
1097
1098 os_get_reltime(&now);
1099 if (os_reltime_before(&sta->session_timeout, &now)) {
1100 /* already expired, return >0 as timeout was set */
1101 return 1;
1102 }
1103
1104 os_reltime_sub(&sta->session_timeout, &now, &remaining);
1105
1106 return (remaining.sec > 0) ? remaining.sec : 1;
1107}
1108
1109
c442055e
JM		 1110static void hostapd_rrb_receive(void *ctx, const u8 *src_addr, const u8 *buf,
1111 size_t len)
1112{
1113 struct hostapd_data *hapd = ctx;
7e031850
JM		 1114 struct l2_ethhdr *ethhdr;
1115 if (len < sizeof(*ethhdr))
1116 return;
1117 ethhdr = (struct l2_ethhdr *) buf;
1118 wpa_printf(MSG_DEBUG, "FT: RRB received packet " MACSTR " -> "
1119 MACSTR, MAC2STR(ethhdr->h_source), MAC2STR(ethhdr->h_dest));
170c545a
MB		 1120 if (!is_multicast_ether_addr(ethhdr->h_dest) &&
1121 os_memcmp(hapd->own_addr, ethhdr->h_dest, ETH_ALEN) != 0)
1122 return;
7e031850
JM		 1123 wpa_ft_rrb_rx(hapd->wpa_auth, ethhdr->h_source, buf + sizeof(*ethhdr),
1124 len - sizeof(*ethhdr));
c442055e
JM		 1125}
1126
88b32a99 1127
50bd8e0a
MB		 1128static void hostapd_rrb_oui_receive(void *ctx, const u8 *src_addr,
1129 const u8 *dst_addr, u8 oui_suffix,
1130 const u8 *buf, size_t len)
1131{
1132 struct hostapd_data *hapd = ctx;
1133
1134 wpa_printf(MSG_DEBUG, "FT: RRB received packet " MACSTR " -> "
1135 MACSTR, MAC2STR(src_addr), MAC2STR(dst_addr));
1136 if (!is_multicast_ether_addr(dst_addr) &&
1137 os_memcmp(hapd->own_addr, dst_addr, ETH_ALEN) != 0)
1138 return;
1139 wpa_ft_rrb_oui_rx(hapd->wpa_auth, src_addr, dst_addr, oui_suffix, buf,
1140 len);
1141}
1142
1143
88b32a99
SP		 1144static int hostapd_wpa_auth_add_tspec(void *ctx, const u8 *sta_addr,
1145 u8 *tspec_ie, size_t tspec_ielen)
1146{
1147 struct hostapd_data *hapd = ctx;
1148 return hostapd_add_tspec(hapd, sta_addr, tspec_ie, tspec_ielen);
1149}
1150
50bd8e0a
MB		 1151
1152
1153static int hostapd_wpa_register_ft_oui(struct hostapd_data *hapd,
1154 const char *ft_iface)
1155{
1156 hapd->oui_pull = eth_p_oui_register(hapd, ft_iface,
1157 FT_PACKET_R0KH_R1KH_PULL,
1158 hostapd_rrb_oui_receive, hapd);
1159 if (!hapd->oui_pull)
1160 return -1;
1161
1162 hapd->oui_resp = eth_p_oui_register(hapd, ft_iface,
1163 FT_PACKET_R0KH_R1KH_RESP,
1164 hostapd_rrb_oui_receive, hapd);
1165 if (!hapd->oui_resp)
1166 return -1;
1167
1168 hapd->oui_push = eth_p_oui_register(hapd, ft_iface,
1169 FT_PACKET_R0KH_R1KH_PUSH,
1170 hostapd_rrb_oui_receive, hapd);
1171 if (!hapd->oui_push)
1172 return -1;
1173
eefe8630
MB		 1174 hapd->oui_sreq = eth_p_oui_register(hapd, ft_iface,
1175 FT_PACKET_R0KH_R1KH_SEQ_REQ,
1176 hostapd_rrb_oui_receive, hapd);
1177 if (!hapd->oui_sreq)
1178 return -1;
1179
1180 hapd->oui_sresp = eth_p_oui_register(hapd, ft_iface,
1181 FT_PACKET_R0KH_R1KH_SEQ_RESP,
1182 hostapd_rrb_oui_receive, hapd);
1183 if (!hapd->oui_sresp)
1184 return -1;
1185
50bd8e0a
MB		 1186 return 0;
1187}
1188
1189
1190static void hostapd_wpa_unregister_ft_oui(struct hostapd_data *hapd)
1191{
1192 eth_p_oui_unregister(hapd->oui_pull);
1193 hapd->oui_pull = NULL;
1194 eth_p_oui_unregister(hapd->oui_resp);
1195 hapd->oui_resp = NULL;
1196 eth_p_oui_unregister(hapd->oui_push);
1197 hapd->oui_push = NULL;
eefe8630
MB		 1198 eth_p_oui_unregister(hapd->oui_sreq);
1199 hapd->oui_sreq = NULL;
1200 eth_p_oui_unregister(hapd->oui_sresp);
1201 hapd->oui_sresp = NULL;
50bd8e0a 1202}
4ec1fd8e 1203#endif /* CONFIG_IEEE80211R_AP */
c442055e
JM		 1204
1205
1206int hostapd_setup_wpa(struct hostapd_data *hapd)
1207{
1208 struct wpa_auth_config _conf;
cef8fac0
JB		 1209 static const struct wpa_auth_callbacks cb = {
1210 .logger = hostapd_wpa_auth_logger,
1211 .disconnect = hostapd_wpa_auth_disconnect,
1212 .mic_failure_report = hostapd_wpa_auth_mic_failure_report,
1213 .psk_failure_report = hostapd_wpa_auth_psk_failure_report,
1214 .set_eapol = hostapd_wpa_auth_set_eapol,
1215 .get_eapol = hostapd_wpa_auth_get_eapol,
1216 .get_psk = hostapd_wpa_auth_get_psk,
1217 .get_msk = hostapd_wpa_auth_get_msk,
1218 .set_key = hostapd_wpa_auth_set_key,
1219 .get_seqnum = hostapd_wpa_auth_get_seqnum,
1220 .send_eapol = hostapd_wpa_auth_send_eapol,
1221 .for_each_sta = hostapd_wpa_auth_for_each_sta,
1222 .for_each_auth = hostapd_wpa_auth_for_each_auth,
1223 .send_ether = hostapd_wpa_auth_send_ether,
50bd8e0a 1224 .send_oui = hostapd_wpa_auth_send_oui,
bef4d07a 1225 .channel_info = hostapd_channel_info,
1034f67b
MV		 1226#ifdef CONFIG_OCV
1227 .get_sta_tx_params = hostapd_get_sta_tx_params,
1228#endif /* CONFIG_OCV */
cef8fac0
JB		 1229#ifdef CONFIG_IEEE80211R_AP
1230 .send_ft_action = hostapd_wpa_auth_send_ft_action,
1231 .add_sta = hostapd_wpa_auth_add_sta,
1232 .add_tspec = hostapd_wpa_auth_add_tspec,
47a039b0
MB		 1233 .set_vlan = hostapd_wpa_auth_set_vlan,
1234 .get_vlan = hostapd_wpa_auth_get_vlan,
8c345234
MB		 1235 .set_identity = hostapd_wpa_auth_set_identity,
1236 .get_identity = hostapd_wpa_auth_get_identity,
1237 .set_radius_cui = hostapd_wpa_auth_set_radius_cui,
1238 .get_radius_cui = hostapd_wpa_auth_get_radius_cui,
3cb286ca
MB		 1239 .set_session_timeout = hostapd_wpa_auth_set_session_timeout,
1240 .get_session_timeout = hostapd_wpa_auth_get_session_timeout,
cef8fac0
JB		 1241#endif /* CONFIG_IEEE80211R_AP */
1242 };
c442055e
JM		 1243 const u8 *wpa_ie;
1244 size_t wpa_ie_len;
1245
7af092a0 1246 hostapd_wpa_auth_conf(hapd->conf, hapd->iconf, &_conf);
e4bf4db9
JM		 1247 if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_EAPOL_TX_STATUS)
1248 _conf.tx_status = 1;
88b32a99
SP		 1249 if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_AP_MLME)
1250 _conf.ap_mlme = 1;
cef8fac0 1251 hapd->wpa_auth = wpa_init(hapd->own_addr, &_conf, &cb, hapd);
c442055e
JM		 1252 if (hapd->wpa_auth == NULL) {
1253 wpa_printf(MSG_ERROR, "WPA initialization failed.");
1254 return -1;
1255 }
1256
1257 if (hostapd_set_privacy(hapd, 1)) {
1258 wpa_printf(MSG_ERROR, "Could not set PrivacyInvoked "
1259 "for interface %s", hapd->conf->iface);
1260 return -1;
1261 }
1262
1263 wpa_ie = wpa_auth_get_wpa_ie(hapd->wpa_auth, &wpa_ie_len);
1264 if (hostapd_set_generic_elem(hapd, wpa_ie, wpa_ie_len)) {
1265 wpa_printf(MSG_ERROR, "Failed to configure WPA IE for "
1266 "the kernel driver.");
1267 return -1;
1268 }
1269
1270 if (rsn_preauth_iface_init(hapd)) {
1271 wpa_printf(MSG_ERROR, "Initialization of RSN "
1272 "pre-authentication failed.");
1273 return -1;
1274 }
1275
4ec1fd8e 1276#ifdef CONFIG_IEEE80211R_AP
b92d2a57 1277 if (!hostapd_drv_none(hapd) &&
66d46406 1278 wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt)) {
50bd8e0a
MB		 1279 const char *ft_iface;
1280
1281 ft_iface = hapd->conf->bridge[0] ? hapd->conf->bridge :
1282 hapd->conf->iface;
1283 hapd->l2 = l2_packet_init(ft_iface, NULL, ETH_P_RRB,
7e031850 1284 hostapd_rrb_receive, hapd, 1);
c442055e
JM		 1285 if (hapd->l2 == NULL &&
1286 (hapd->driver == NULL ||
1287 hapd->driver->send_ether == NULL)) {
1288 wpa_printf(MSG_ERROR, "Failed to open l2_packet "
1289 "interface");
1290 return -1;
1291 }
50bd8e0a
MB		 1292
1293 if (hostapd_wpa_register_ft_oui(hapd, ft_iface)) {
1294 wpa_printf(MSG_ERROR,
1295 "Failed to open ETH_P_OUI interface");
1296 return -1;
1297 }
c442055e 1298 }
4ec1fd8e 1299#endif /* CONFIG_IEEE80211R_AP */
c442055e
JM		 1300
1301 return 0;
1302
1303}
1304
1305
1306void hostapd_reconfig_wpa(struct hostapd_data *hapd)
1307{
1308 struct wpa_auth_config wpa_auth_conf;
7af092a0 1309 hostapd_wpa_auth_conf(hapd->conf, hapd->iconf, &wpa_auth_conf);
c442055e
JM		 1310 wpa_reconfig(hapd->wpa_auth, &wpa_auth_conf);
1311}
1312
1313
1314void hostapd_deinit_wpa(struct hostapd_data *hapd)
1315{
01a17491 1316 ieee80211_tkip_countermeasures_deinit(hapd);
c442055e
JM		 1317 rsn_preauth_iface_deinit(hapd);
1318 if (hapd->wpa_auth) {
1319 wpa_deinit(hapd->wpa_auth);
1320 hapd->wpa_auth = NULL;
1321
1b822f52 1322 if (hapd->drv_priv && hostapd_set_privacy(hapd, 0)) {
c442055e
JM		 1323 wpa_printf(MSG_DEBUG, "Could not disable "
1324 "PrivacyInvoked for interface %s",
1325 hapd->conf->iface);
1326 }
1327
1b822f52
JM		 1328 if (hapd->drv_priv &&
1329 hostapd_set_generic_elem(hapd, (u8 *) "", 0)) {
c442055e
JM		 1330 wpa_printf(MSG_DEBUG, "Could not remove generic "
1331 "information element from interface %s",
1332 hapd->conf->iface);
1333 }
1334 }
1335 ieee802_1x_deinit(hapd);
1336
4ec1fd8e 1337#ifdef CONFIG_IEEE80211R_AP
c5fee160
MB		 1338 eloop_cancel_timeout(hostapd_wpa_ft_rrb_rx_later, hapd, ELOOP_ALL_CTX);
1339 hostapd_wpa_ft_rrb_rx_later(hapd, NULL); /* flush without delivering */
50bd8e0a
MB		 1340 eloop_cancel_timeout(hostapd_oui_deliver_later, hapd, ELOOP_ALL_CTX);
1341 hostapd_oui_deliver_later(hapd, NULL); /* flush without delivering */
c442055e 1342 l2_packet_deinit(hapd->l2);
66f4dd15 1343 hapd->l2 = NULL;
50bd8e0a 1344 hostapd_wpa_unregister_ft_oui(hapd);
4ec1fd8e 1345#endif /* CONFIG_IEEE80211R_AP */
c442055e 1346}
Unnamed repository; edit this file 'description' to name the repository.