]> git.ipfire.org Git - thirdparty/hostap.git/blame - src/ap/wpa_auth_glue.c
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tests: Fix bgscan_learn_beacon_loss with REPORTS_TX_ACK_STATUS
[thirdparty/hostap.git] / src / ap / wpa_auth_glue.c
CommitLineData
c442055e
JM		 1/*
2 * hostapd / WPA authenticator glue code
47b55a3e 3 * Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi>
c442055e 4 *
0f3d578e
JM		 5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
c442055e
JM		 7 */
8
9#include "utils/includes.h"
10
11#include "utils/common.h"
c5fee160
MB		 12#include "utils/eloop.h"
13#include "utils/list.h"
c442055e 14#include "common/ieee802_11_defs.h"
47b55a3e 15#include "common/sae.h"
2c502460 16#include "common/wpa_ctrl.h"
f8e09bc5 17#include "crypto/sha1.h"
c442055e
JM		 18#include "eapol_auth/eapol_auth_sm.h"
19#include "eapol_auth/eapol_auth_sm_i.h"
20#include "eap_server/eap.h"
21#include "l2_packet/l2_packet.h"
50bd8e0a 22#include "eth_p_oui.h"
6226e38d
JM		 23#include "hostapd.h"
24#include "ieee802_1x.h"
25#include "preauth_auth.h"
26#include "sta_info.h"
27#include "tkip_countermeasures.h"
8b06c1ed
JM		 28#include "ap_drv_ops.h"
29#include "ap_config.h"
1034f67b 30#include "ieee802_11.h"
d90f10fa 31#include "pmksa_cache_auth.h"
8b06c1ed 32#include "wpa_auth.h"
373f6c72 33#include "wpa_auth_glue.h"
c442055e
JM		 34
35
36static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf,
7af092a0 37 struct hostapd_config *iconf,
c442055e
JM		 38 struct wpa_auth_config *wconf)
39{
e36a5894
JM		 40 int sae_pw_id;
41
d28b43f6 42 os_memset(wconf, 0, sizeof(*wconf));
c442055e
JM		 43 wconf->wpa = conf->wpa;
44 wconf->wpa_key_mgmt = conf->wpa_key_mgmt;
45 wconf->wpa_pairwise = conf->wpa_pairwise;
46 wconf->wpa_group = conf->wpa_group;
47 wconf->wpa_group_rekey = conf->wpa_group_rekey;
48 wconf->wpa_strict_rekey = conf->wpa_strict_rekey;
49 wconf->wpa_gmk_rekey = conf->wpa_gmk_rekey;
50 wconf->wpa_ptk_rekey = conf->wpa_ptk_rekey;
41f140d3 51 wconf->wpa_group_update_count = conf->wpa_group_update_count;
6f234c1e
JM		 52 wconf->wpa_disable_eapol_key_retries =
53 conf->wpa_disable_eapol_key_retries;
41f140d3 54 wconf->wpa_pairwise_update_count = conf->wpa_pairwise_update_count;
c442055e
JM		 55 wconf->rsn_pairwise = conf->rsn_pairwise;
56 wconf->rsn_preauth = conf->rsn_preauth;
57 wconf->eapol_version = conf->eapol_version;
524dc5bf
JM		 58#ifdef CONFIG_MACSEC
59 if (wconf->eapol_version > 2)
60 wconf->eapol_version = 2;
61#endif /* CONFIG_MACSEC */
c442055e 62 wconf->wmm_enabled = conf->wmm_enabled;
721abef9 63 wconf->wmm_uapsd = conf->wmm_uapsd;
cb465555 64 wconf->disable_pmksa_caching = conf->disable_pmksa_caching;
875ab60d
MV		 65#ifdef CONFIG_OCV
66 wconf->ocv = conf->ocv;
67#endif /* CONFIG_OCV */
c442055e 68 wconf->okc = conf->okc;
c442055e 69 wconf->ieee80211w = conf->ieee80211w;
92d407db 70 wconf->beacon_prot = conf->beacon_prot;
8dd9f9cd 71 wconf->group_mgmt_cipher = conf->group_mgmt_cipher;
ba3d435f 72 wconf->sae_require_mfp = conf->sae_require_mfp;
4ec1fd8e 73#ifdef CONFIG_IEEE80211R_AP
c442055e 74 wconf->ssid_len = conf->ssid.ssid_len;
d6c3067d
JM		 75 if (wconf->ssid_len > SSID_MAX_LEN)
76 wconf->ssid_len = SSID_MAX_LEN;
c442055e
JM		 77 os_memcpy(wconf->ssid, conf->ssid.ssid, wconf->ssid_len);
78 os_memcpy(wconf->mobility_domain, conf->mobility_domain,
79 MOBILITY_DOMAIN_ID_LEN);
80 if (conf->nas_identifier &&
81 os_strlen(conf->nas_identifier) <= FT_R0KH_ID_MAX_LEN) {
82 wconf->r0_key_holder_len = os_strlen(conf->nas_identifier);
83 os_memcpy(wconf->r0_key_holder, conf->nas_identifier,
84 wconf->r0_key_holder_len);
85 }
86 os_memcpy(wconf->r1_key_holder, conf->r1_key_holder, FT_R1KH_ID_LEN);
87 wconf->r0_key_lifetime = conf->r0_key_lifetime;
3a3e2832 88 wconf->r1_max_key_lifetime = conf->r1_max_key_lifetime;
c442055e 89 wconf->reassociation_deadline = conf->reassociation_deadline;
3a46cf93
MB		 90 wconf->rkh_pos_timeout = conf->rkh_pos_timeout;
91 wconf->rkh_neg_timeout = conf->rkh_neg_timeout;
92 wconf->rkh_pull_timeout = conf->rkh_pull_timeout;
93 wconf->rkh_pull_retries = conf->rkh_pull_retries;
94 wconf->r0kh_list = &conf->r0kh_list;
95 wconf->r1kh_list = &conf->r1kh_list;
c442055e 96 wconf->pmk_r1_push = conf->pmk_r1_push;
d7956add 97 wconf->ft_over_ds = conf->ft_over_ds;
96590564 98 wconf->ft_psk_generate_local = conf->ft_psk_generate_local;
4ec1fd8e 99#endif /* CONFIG_IEEE80211R_AP */
83421850
JM		 100#ifdef CONFIG_HS20
101 wconf->disable_gtk = conf->disable_dgaf;
a14896e8
JM		 102 if (conf->osen) {
103 wconf->disable_gtk = 1;
104 wconf->wpa = WPA_PROTO_OSEN;
105 wconf->wpa_key_mgmt = WPA_KEY_MGMT_OSEN;
106 wconf->wpa_pairwise = 0;
107 wconf->wpa_group = WPA_CIPHER_CCMP;
108 wconf->rsn_pairwise = WPA_CIPHER_CCMP;
109 wconf->rsn_preauth = 0;
110 wconf->disable_pmksa_caching = 1;
a14896e8 111 wconf->ieee80211w = 1;
a14896e8 112 }
83421850 113#endif /* CONFIG_HS20 */
7af092a0
JB		 114#ifdef CONFIG_TESTING_OPTIONS
115 wconf->corrupt_gtk_rekey_mic_probability =
116 iconf->corrupt_gtk_rekey_mic_probability;
bc02843e
JM		 117 if (conf->own_ie_override &&
118 wpabuf_len(conf->own_ie_override) <= MAX_OWN_IE_OVERRIDE) {
119 wconf->own_ie_override_len = wpabuf_len(conf->own_ie_override);
120 os_memcpy(wconf->own_ie_override,
121 wpabuf_head(conf->own_ie_override),
122 wconf->own_ie_override_len);
123 }
4d64fd37
JM		 124 if (conf->rsne_override_eapol &&
125 wpabuf_len(conf->rsne_override_eapol) <= MAX_OWN_IE_OVERRIDE) {
126 wconf->rsne_override_eapol_set = 1;
127 wconf->rsne_override_eapol_len =
128 wpabuf_len(conf->rsne_override_eapol);
129 os_memcpy(wconf->rsne_override_eapol,
130 wpabuf_head(conf->rsne_override_eapol),
131 wconf->rsne_override_eapol_len);
132 }
f2c4b44b
JM		 133 if (conf->rsnxe_override_eapol &&
134 wpabuf_len(conf->rsnxe_override_eapol) <= MAX_OWN_IE_OVERRIDE) {
9128b672 135 wconf->rsnxe_override_eapol_set = 1;
f2c4b44b
JM		 136 wconf->rsnxe_override_eapol_len =
137 wpabuf_len(conf->rsnxe_override_eapol);
138 os_memcpy(wconf->rsnxe_override_eapol,
139 wpabuf_head(conf->rsnxe_override_eapol),
140 wconf->rsnxe_override_eapol_len);
141 }
46e147fc
JM		 142 if (conf->rsne_override_ft &&
143 wpabuf_len(conf->rsne_override_ft) <= MAX_OWN_IE_OVERRIDE) {
144 wconf->rsne_override_ft_set = 1;
145 wconf->rsne_override_ft_len =
146 wpabuf_len(conf->rsne_override_ft);
147 os_memcpy(wconf->rsne_override_ft,
148 wpabuf_head(conf->rsne_override_ft),
149 wconf->rsne_override_ft_len);
150 }
151 if (conf->rsnxe_override_ft &&
152 wpabuf_len(conf->rsnxe_override_ft) <= MAX_OWN_IE_OVERRIDE) {
153 wconf->rsnxe_override_ft_set = 1;
154 wconf->rsnxe_override_ft_len =
155 wpabuf_len(conf->rsnxe_override_ft);
156 os_memcpy(wconf->rsnxe_override_ft,
157 wpabuf_head(conf->rsnxe_override_ft),
158 wconf->rsnxe_override_ft_len);
159 }
8d84c75f
JM		 160 if (conf->gtk_rsc_override &&
161 wpabuf_len(conf->gtk_rsc_override) > 0 &&
162 wpabuf_len(conf->gtk_rsc_override) <= WPA_KEY_RSC_LEN) {
163 os_memcpy(wconf->gtk_rsc_override,
164 wpabuf_head(conf->gtk_rsc_override),
165 wpabuf_len(conf->gtk_rsc_override));
166 wconf->gtk_rsc_override_set = 1;
167 }
168 if (conf->igtk_rsc_override &&
169 wpabuf_len(conf->igtk_rsc_override) > 0 &&
170 wpabuf_len(conf->igtk_rsc_override) <= WPA_KEY_RSC_LEN) {
171 os_memcpy(wconf->igtk_rsc_override,
172 wpabuf_head(conf->igtk_rsc_override),
173 wpabuf_len(conf->igtk_rsc_override));
174 wconf->igtk_rsc_override_set = 1;
175 }
7af092a0 176#endif /* CONFIG_TESTING_OPTIONS */
25ef8529
JM		 177#ifdef CONFIG_P2P
178 os_memcpy(wconf->ip_addr_go, conf->ip_addr_go, 4);
179 os_memcpy(wconf->ip_addr_mask, conf->ip_addr_mask, 4);
180 os_memcpy(wconf->ip_addr_start, conf->ip_addr_start, 4);
181 os_memcpy(wconf->ip_addr_end, conf->ip_addr_end, 4);
182#endif /* CONFIG_P2P */
7eace378
JM		 183#ifdef CONFIG_FILS
184 wconf->fils_cache_id_set = conf->fils_cache_id_set;
185 os_memcpy(wconf->fils_cache_id, conf->fils_cache_id,
186 FILS_CACHE_ID_LEN);
187#endif /* CONFIG_FILS */
a36e13a7 188 wconf->sae_pwe = conf->sae_pwe;
e36a5894 189 sae_pw_id = hostapd_sae_pw_id_in_use(conf);
641d79f1 190 if (sae_pw_id == 2 && wconf->sae_pwe != 3)
e36a5894
JM		 191 wconf->sae_pwe = 1;
192 else if (sae_pw_id == 1 && wconf->sae_pwe == 0)
193 wconf->sae_pwe = 2;
65a44e84
JM		 194#ifdef CONFIG_OWE
195 wconf->owe_ptk_workaround = conf->owe_ptk_workaround;
196#endif /* CONFIG_OWE */
c442055e
JM		 197}
198
199
200static void hostapd_wpa_auth_logger(void *ctx, const u8 *addr,
201 logger_level level, const char *txt)
202{
203#ifndef CONFIG_NO_HOSTAPD_LOGGER
204 struct hostapd_data *hapd = ctx;
205 int hlevel;
206
207 switch (level) {
208 case LOGGER_WARNING:
209 hlevel = HOSTAPD_LEVEL_WARNING;
210 break;
211 case LOGGER_INFO:
212 hlevel = HOSTAPD_LEVEL_INFO;
213 break;
214 case LOGGER_DEBUG:
215 default:
216 hlevel = HOSTAPD_LEVEL_DEBUG;
217 break;
218 }
219
220 hostapd_logger(hapd, addr, HOSTAPD_MODULE_WPA, hlevel, "%s", txt);
221#endif /* CONFIG_NO_HOSTAPD_LOGGER */
222}
223
224
225static void hostapd_wpa_auth_disconnect(void *ctx, const u8 *addr,
226 u16 reason)
227{
228 struct hostapd_data *hapd = ctx;
229 wpa_printf(MSG_DEBUG, "%s: WPA authenticator requests disconnect: "
230 "STA " MACSTR " reason %d",
231 __func__, MAC2STR(addr), reason);
232 ap_sta_disconnect(hapd, NULL, addr, reason);
233}
234
235
c772d054 236static int hostapd_wpa_auth_mic_failure_report(void *ctx, const u8 *addr)
c442055e
JM		 237{
238 struct hostapd_data *hapd = ctx;
c772d054 239 return michael_mic_failure(hapd, addr, 0);
c442055e
JM		 240}
241
242
2c502460
JM		 243static void hostapd_wpa_auth_psk_failure_report(void *ctx, const u8 *addr)
244{
245 struct hostapd_data *hapd = ctx;
246 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POSSIBLE_PSK_MISMATCH MACSTR,
247 MAC2STR(addr));
248}
249
250
c442055e
JM		 251static void hostapd_wpa_auth_set_eapol(void *ctx, const u8 *addr,
252 wpa_eapol_variable var, int value)
253{
254 struct hostapd_data *hapd = ctx;
255 struct sta_info *sta = ap_get_sta(hapd, addr);
256 if (sta == NULL)
257 return;
258 switch (var) {
259 case WPA_EAPOL_portEnabled:
260 ieee802_1x_notify_port_enabled(sta->eapol_sm, value);
261 break;
262 case WPA_EAPOL_portValid:
263 ieee802_1x_notify_port_valid(sta->eapol_sm, value);
264 break;
265 case WPA_EAPOL_authorized:
266 ieee802_1x_set_sta_authorized(hapd, sta, value);
267 break;
268 case WPA_EAPOL_portControl_Auto:
269 if (sta->eapol_sm)
270 sta->eapol_sm->portControl = Auto;
271 break;
272 case WPA_EAPOL_keyRun:
273 if (sta->eapol_sm)
274 sta->eapol_sm->keyRun = value ? TRUE : FALSE;
275 break;
276 case WPA_EAPOL_keyAvailable:
277 if (sta->eapol_sm)
278 sta->eapol_sm->eap_if->eapKeyAvailable =
279 value ? TRUE : FALSE;
280 break;
281 case WPA_EAPOL_keyDone:
282 if (sta->eapol_sm)
283 sta->eapol_sm->keyDone = value ? TRUE : FALSE;
284 break;
285 case WPA_EAPOL_inc_EapolFramesTx:
286 if (sta->eapol_sm)
287 sta->eapol_sm->dot1xAuthEapolFramesTx++;
288 break;
289 }
290}
291
292
293static int hostapd_wpa_auth_get_eapol(void *ctx, const u8 *addr,
294 wpa_eapol_variable var)
295{
296 struct hostapd_data *hapd = ctx;
297 struct sta_info *sta = ap_get_sta(hapd, addr);
298 if (sta == NULL || sta->eapol_sm == NULL)
299 return -1;
300 switch (var) {
301 case WPA_EAPOL_keyRun:
302 return sta->eapol_sm->keyRun;
303 case WPA_EAPOL_keyAvailable:
304 return sta->eapol_sm->eap_if->eapKeyAvailable;
305 default:
306 return -1;
307 }
308}
309
310
311static const u8 * hostapd_wpa_auth_get_psk(void *ctx, const u8 *addr,
759fd76b 312 const u8 *p2p_dev_addr,
dbfa691d
JM		 313 const u8 *prev_psk, size_t *psk_len,
314 int *vlan_id)
c442055e
JM		 315{
316 struct hostapd_data *hapd = ctx;
05ab9712 317 struct sta_info *sta = ap_get_sta(hapd, addr);
47b55a3e
JM		 318 const u8 *psk;
319
dbfa691d
JM		 320 if (vlan_id)
321 *vlan_id = 0;
7a12edd1
JM		 322 if (psk_len)
323 *psk_len = PMK_LEN;
324
47b55a3e
JM		 325#ifdef CONFIG_SAE
326 if (sta && sta->auth_alg == WLAN_AUTH_SAE) {
327 if (!sta->sae || prev_psk)
328 return NULL;
329 return sta->sae->pmk;
330 }
e61fea6b
JM		 331 if (sta && wpa_auth_uses_sae(sta->wpa_sm)) {
332 wpa_printf(MSG_DEBUG,
333 "No PSK for STA trying to use SAE with PMKSA caching");
334 return NULL;
335 }
47b55a3e
JM		 336#endif /* CONFIG_SAE */
337
09368515
JM		 338#ifdef CONFIG_OWE
339 if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) &&
7a12edd1
JM		 340 sta && sta->owe_pmk) {
341 if (psk_len)
342 *psk_len = sta->owe_pmk_len;
09368515 343 return sta->owe_pmk;
7a12edd1 344 }
d90f10fa
JM		 345 if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) && sta) {
346 struct rsn_pmksa_cache_entry *sa;
347
348 sa = wpa_auth_sta_get_pmksa(sta->wpa_sm);
349 if (sa && sa->akmp == WPA_KEY_MGMT_OWE) {
350 if (psk_len)
351 *psk_len = sa->pmk_len;
352 return sa->pmk;
353 }
354 }
09368515
JM		 355#endif /* CONFIG_OWE */
356
dbfa691d
JM		 357 psk = hostapd_get_psk(hapd->conf, addr, p2p_dev_addr, prev_psk,
358 vlan_id);
59dff51d
MB		 359 /*
360 * This is about to iterate over all psks, prev_psk gives the last
361 * returned psk which should not be returned again.
5ee56c4e 362 * logic list (all hostapd_get_psk; all sta->psk)
59dff51d 363 */
5ee56c4e
MB		 364 if (sta && sta->psk && !psk) {
365 struct hostapd_sta_wpa_psk_short *pos;
dbfa691d
JM		 366
367 if (vlan_id)
368 *vlan_id = 0;
5ee56c4e
MB		 369 psk = sta->psk->psk;
370 for (pos = sta->psk; pos; pos = pos->next) {
f8e09bc5
MB		 371 if (pos->is_passphrase) {
372 pbkdf2_sha1(pos->passphrase,
373 hapd->conf->ssid.ssid,
374 hapd->conf->ssid.ssid_len, 4096,
375 pos->psk, PMK_LEN);
376 pos->is_passphrase = 0;
377 }
5ee56c4e
MB		 378 if (pos->psk == prev_psk) {
379 psk = pos->next ? pos->next->psk : NULL;
380 break;
381 }
382 }
383 }
59dff51d 384 return psk;
c442055e
JM		 385}
386
387
388static int hostapd_wpa_auth_get_msk(void *ctx, const u8 *addr, u8 *msk,
389 size_t *len)
390{
391 struct hostapd_data *hapd = ctx;
392 const u8 *key;
393 size_t keylen;
394 struct sta_info *sta;
395
396 sta = ap_get_sta(hapd, addr);
400de9b1
BG		 397 if (sta == NULL) {
398 wpa_printf(MSG_DEBUG, "AUTH_GET_MSK: Cannot find STA");
c442055e 399 return -1;
400de9b1 400 }
c442055e
JM		 401
402 key = ieee802_1x_get_key(sta->eapol_sm, &keylen);
400de9b1
BG		 403 if (key == NULL) {
404 wpa_printf(MSG_DEBUG, "AUTH_GET_MSK: Key is null, eapol_sm: %p",
405 sta->eapol_sm);
c442055e 406 return -1;
400de9b1 407 }
c442055e
JM		 408
409 if (keylen > *len)
410 keylen = *len;
411 os_memcpy(msk, key, keylen);
412 *len = keylen;
413
414 return 0;
415}
416
417
71934751 418static int hostapd_wpa_auth_set_key(void *ctx, int vlan_id, enum wpa_alg alg,
c442055e 419 const u8 *addr, int idx, u8 *key,
a919a260 420 size_t key_len, enum key_flag key_flag)
c442055e
JM		 421{
422 struct hostapd_data *hapd = ctx;
423 const char *ifname = hapd->conf->iface;
424
425 if (vlan_id > 0) {
426 ifname = hostapd_get_vlan_id_ifname(hapd->conf->vlan, vlan_id);
99d8c4dc
GG		 427 if (!ifname) {
428 if (!(hapd->iface->drv_flags &
429 WPA_DRIVER_FLAGS_VLAN_OFFLOAD))
430 return -1;
431 ifname = hapd->conf->iface;
432 }
c442055e
JM		 433 }
434
16579769
JM		 435#ifdef CONFIG_TESTING_OPTIONS
436 if (addr && !is_broadcast_ether_addr(addr)) {
437 struct sta_info *sta;
438
439 sta = ap_get_sta(hapd, addr);
440 if (sta) {
441 sta->last_tk_alg = alg;
442 sta->last_tk_key_idx = idx;
443 if (key)
444 os_memcpy(sta->last_tk, key, key_len);
445 sta->last_tk_len = key_len;
446 }
f8bfc9cb
PK		 447 } else if (alg == WPA_ALG_IGTK ||
448 alg == WPA_ALG_BIP_GMAC_128 ||
449 alg == WPA_ALG_BIP_GMAC_256 ||
450 alg == WPA_ALG_BIP_CMAC_256) {
16579769
JM		 451 hapd->last_igtk_alg = alg;
452 hapd->last_igtk_key_idx = idx;
453 if (key)
454 os_memcpy(hapd->last_igtk, key, key_len);
455 hapd->last_igtk_len = key_len;
16579769
JM		 456 } else {
457 hapd->last_gtk_alg = alg;
458 hapd->last_gtk_key_idx = idx;
459 if (key)
460 os_memcpy(hapd->last_gtk, key, key_len);
461 hapd->last_gtk_len = key_len;
462 }
463#endif /* CONFIG_TESTING_OPTIONS */
4d3ae54f 464 return hostapd_drv_set_key(ifname, hapd, alg, addr, idx, vlan_id, 1,
a919a260 465 NULL, 0, key, key_len, key_flag);
c442055e
JM		 466}
467
468
469static int hostapd_wpa_auth_get_seqnum(void *ctx, const u8 *addr, int idx,
470 u8 *seq)
471{
472 struct hostapd_data *hapd = ctx;
473 return hostapd_get_seqnum(hapd->conf->iface, hapd, addr, idx, seq);
474}
475
476
477static int hostapd_wpa_auth_send_eapol(void *ctx, const u8 *addr,
478 const u8 *data, size_t data_len,
479 int encrypt)
480{
481 struct hostapd_data *hapd = ctx;
4378fc14
FF		 482 struct sta_info *sta;
483 u32 flags = 0;
484
9d4ff04a
JM		 485#ifdef CONFIG_TESTING_OPTIONS
486 if (hapd->ext_eapol_frame_io) {
487 size_t hex_len = 2 * data_len + 1;
488 char *hex = os_malloc(hex_len);
489
490 if (hex == NULL)
491 return -1;
492 wpa_snprintf_hex(hex, hex_len, data, data_len);
493 wpa_msg(hapd->msg_ctx, MSG_INFO, "EAPOL-TX " MACSTR " %s",
494 MAC2STR(addr), hex);
495 os_free(hex);
496 return 0;
497 }
498#endif /* CONFIG_TESTING_OPTIONS */
499
4378fc14
FF		 500 sta = ap_get_sta(hapd, addr);
501 if (sta)
502 flags = hostapd_sta_flags_to_drv(sta->flags);
503
3acdf771 504 return hostapd_drv_hapd_send_eapol(hapd, addr, data, data_len,
4378fc14 505 encrypt, flags);
c442055e
JM		 506}
507
508
509static int hostapd_wpa_auth_for_each_sta(
510 void *ctx, int (*cb)(struct wpa_state_machine *sm, void *ctx),
511 void *cb_ctx)
512{
513 struct hostapd_data *hapd = ctx;
514 struct sta_info *sta;
515
516 for (sta = hapd->sta_list; sta; sta = sta->next) {
517 if (sta->wpa_sm && cb(sta->wpa_sm, cb_ctx))
518 return 1;
519 }
520 return 0;
521}
522
523
524struct wpa_auth_iface_iter_data {
525 int (*cb)(struct wpa_authenticator *sm, void *ctx);
526 void *cb_ctx;
527};
528
529static int wpa_auth_iface_iter(struct hostapd_iface *iface, void *ctx)
530{
531 struct wpa_auth_iface_iter_data *data = ctx;
532 size_t i;
533 for (i = 0; i < iface->num_bss; i++) {
03bcb0af
JM		 534 if (iface->bss[i]->wpa_auth &&
535 data->cb(iface->bss[i]->wpa_auth, data->cb_ctx))
c442055e
JM		 536 return 1;
537 }
538 return 0;
539}
540
541
542static int hostapd_wpa_auth_for_each_auth(
543 void *ctx, int (*cb)(struct wpa_authenticator *sm, void *ctx),
544 void *cb_ctx)
545{
546 struct hostapd_data *hapd = ctx;
547 struct wpa_auth_iface_iter_data data;
3776ac73
JM		 548 if (hapd->iface->interfaces == NULL ||
549 hapd->iface->interfaces->for_each_interface == NULL)
1b56c26c 550 return -1;
c442055e
JM		 551 data.cb = cb;
552 data.cb_ctx = cb_ctx;
3776ac73
JM		 553 return hapd->iface->interfaces->for_each_interface(
554 hapd->iface->interfaces, wpa_auth_iface_iter, &data);
c442055e
JM		 555}
556
557
4ec1fd8e 558#ifdef CONFIG_IEEE80211R_AP
67ccef7e 559
c5fee160
MB		 560struct wpa_ft_rrb_rx_later_data {
561 struct dl_list list;
562 u8 addr[ETH_ALEN];
563 size_t data_len;
564 /* followed by data_len octets of data */
565};
566
567static void hostapd_wpa_ft_rrb_rx_later(void *eloop_ctx, void *timeout_ctx)
568{
569 struct hostapd_data *hapd = eloop_ctx;
570 struct wpa_ft_rrb_rx_later_data *data, *n;
571
572 dl_list_for_each_safe(data, n, &hapd->l2_queue,
573 struct wpa_ft_rrb_rx_later_data, list) {
574 if (hapd->wpa_auth) {
575 wpa_ft_rrb_rx(hapd->wpa_auth, data->addr,
576 (const u8 *) (data + 1),
577 data->data_len);
578 }
579 dl_list_del(&data->list);
580 os_free(data);
581 }
582}
583
584
67ccef7e
JM		 585struct wpa_auth_ft_iface_iter_data {
586 struct hostapd_data *src_hapd;
587 const u8 *dst;
588 const u8 *data;
589 size_t data_len;
590};
591
592
593static int hostapd_wpa_auth_ft_iter(struct hostapd_iface *iface, void *ctx)
594{
595 struct wpa_auth_ft_iface_iter_data *idata = ctx;
c5fee160 596 struct wpa_ft_rrb_rx_later_data *data;
67ccef7e
JM		 597 struct hostapd_data *hapd;
598 size_t j;
599
600 for (j = 0; j < iface->num_bss; j++) {
601 hapd = iface->bss[j];
c5fee160
MB		 602 if (hapd == idata->src_hapd ||
603 !hapd->wpa_auth ||
604 os_memcmp(hapd->own_addr, idata->dst, ETH_ALEN) != 0)
71456dbd 605 continue;
c5fee160
MB		 606
607 wpa_printf(MSG_DEBUG,
608 "FT: Send RRB data directly to locally managed BSS "
609 MACSTR "@%s -> " MACSTR "@%s",
610 MAC2STR(idata->src_hapd->own_addr),
611 idata->src_hapd->conf->iface,
612 MAC2STR(hapd->own_addr), hapd->conf->iface);
613
614 /* Defer wpa_ft_rrb_rx() until next eloop step as this is
615 * when it would be triggered when reading from a socket.
616 * This avoids
617 * hapd0:send -> hapd1:recv -> hapd1:send -> hapd0:recv,
618 * that is calling hapd0:recv handler from within
619 * hapd0:send directly.
620 */
621 data = os_zalloc(sizeof(*data) + idata->data_len);
622 if (!data)
67ccef7e 623 return 1;
c5fee160
MB		 624
625 os_memcpy(data->addr, idata->src_hapd->own_addr, ETH_ALEN);
626 os_memcpy(data + 1, idata->data, idata->data_len);
627 data->data_len = idata->data_len;
628
629 dl_list_add(&hapd->l2_queue, &data->list);
630
631 if (!eloop_is_timeout_registered(hostapd_wpa_ft_rrb_rx_later,
632 hapd, NULL))
633 eloop_register_timeout(0, 0,
634 hostapd_wpa_ft_rrb_rx_later,
635 hapd, NULL);
636
637 return 1;
67ccef7e
JM		 638 }
639
640 return 0;
641}
642
4ec1fd8e 643#endif /* CONFIG_IEEE80211R_AP */
67ccef7e
JM		 644
645
c442055e
JM		 646static int hostapd_wpa_auth_send_ether(void *ctx, const u8 *dst, u16 proto,
647 const u8 *data, size_t data_len)
648{
649 struct hostapd_data *hapd = ctx;
7e031850
JM		 650 struct l2_ethhdr *buf;
651 int ret;
c442055e 652
9d4ff04a
JM		 653#ifdef CONFIG_TESTING_OPTIONS
654 if (hapd->ext_eapol_frame_io && proto == ETH_P_EAPOL) {
655 size_t hex_len = 2 * data_len + 1;
656 char *hex = os_malloc(hex_len);
657
658 if (hex == NULL)
659 return -1;
660 wpa_snprintf_hex(hex, hex_len, data, data_len);
661 wpa_msg(hapd->msg_ctx, MSG_INFO, "EAPOL-TX " MACSTR " %s",
662 MAC2STR(dst), hex);
663 os_free(hex);
664 return 0;
665 }
666#endif /* CONFIG_TESTING_OPTIONS */
667
4ec1fd8e 668#ifdef CONFIG_IEEE80211R_AP
3776ac73
JM		 669 if (proto == ETH_P_RRB && hapd->iface->interfaces &&
670 hapd->iface->interfaces->for_each_interface) {
67ccef7e
JM		 671 int res;
672 struct wpa_auth_ft_iface_iter_data idata;
673 idata.src_hapd = hapd;
674 idata.dst = dst;
675 idata.data = data;
676 idata.data_len = data_len;
3776ac73
JM		 677 res = hapd->iface->interfaces->for_each_interface(
678 hapd->iface->interfaces, hostapd_wpa_auth_ft_iter,
679 &idata);
67ccef7e
JM		 680 if (res == 1)
681 return data_len;
682 }
4ec1fd8e 683#endif /* CONFIG_IEEE80211R_AP */
67ccef7e 684
c442055e
JM		 685 if (hapd->l2 == NULL)
686 return -1;
7e031850
JM		 687
688 buf = os_malloc(sizeof(*buf) + data_len);
689 if (buf == NULL)
690 return -1;
691 os_memcpy(buf->h_dest, dst, ETH_ALEN);
692 os_memcpy(buf->h_source, hapd->own_addr, ETH_ALEN);
693 buf->h_proto = host_to_be16(proto);
694 os_memcpy(buf + 1, data, data_len);
695 ret = l2_packet_send(hapd->l2, dst, proto, (u8 *) buf,
696 sizeof(*buf) + data_len);
697 os_free(buf);
2683690d 698 return ret;
c442055e
JM		 699}
700
701
50bd8e0a
MB		 702#ifdef CONFIG_ETH_P_OUI
703static struct eth_p_oui_ctx * hostapd_wpa_get_oui(struct hostapd_data *hapd,
704 u8 oui_suffix)
705{
706 switch (oui_suffix) {
707#ifdef CONFIG_IEEE80211R_AP
708 case FT_PACKET_R0KH_R1KH_PULL:
709 return hapd->oui_pull;
710 case FT_PACKET_R0KH_R1KH_RESP:
711 return hapd->oui_resp;
712 case FT_PACKET_R0KH_R1KH_PUSH:
713 return hapd->oui_push;
eefe8630
MB		 714 case FT_PACKET_R0KH_R1KH_SEQ_REQ:
715 return hapd->oui_sreq;
716 case FT_PACKET_R0KH_R1KH_SEQ_RESP:
717 return hapd->oui_sresp;
50bd8e0a
MB		 718#endif /* CONFIG_IEEE80211R_AP */
719 default:
720 return NULL;
721 }
722}
723#endif /* CONFIG_ETH_P_OUI */
724
725
726#ifdef CONFIG_IEEE80211R_AP
727
728struct oui_deliver_later_data {
729 struct dl_list list;
730 u8 src_addr[ETH_ALEN];
731 u8 dst_addr[ETH_ALEN];
732 size_t data_len;
733 u8 oui_suffix;
734 /* followed by data_len octets of data */
735};
736
737static void hostapd_oui_deliver_later(void *eloop_ctx, void *timeout_ctx)
738{
739 struct hostapd_data *hapd = eloop_ctx;
740 struct oui_deliver_later_data *data, *n;
741 struct eth_p_oui_ctx *oui_ctx;
742
743 dl_list_for_each_safe(data, n, &hapd->l2_oui_queue,
744 struct oui_deliver_later_data, list) {
745 oui_ctx = hostapd_wpa_get_oui(hapd, data->oui_suffix);
a422d9b4
JM		 746 wpa_printf(MSG_DEBUG, "RRB(%s): %s src=" MACSTR " dst=" MACSTR
747 " oui_suffix=%u data_len=%u data=%p",
748 hapd->conf->iface, __func__,
749 MAC2STR(data->src_addr), MAC2STR(data->dst_addr),
750 data->oui_suffix, (unsigned int) data->data_len,
751 data);
50bd8e0a
MB		 752 if (hapd->wpa_auth && oui_ctx) {
753 eth_p_oui_deliver(oui_ctx, data->src_addr,
754 data->dst_addr,
755 (const u8 *) (data + 1),
756 data->data_len);
757 }
758 dl_list_del(&data->list);
759 os_free(data);
760 }
761}
762
763
764struct wpa_auth_oui_iface_iter_data {
765 struct hostapd_data *src_hapd;
766 const u8 *dst_addr;
767 const u8 *data;
768 size_t data_len;
769 u8 oui_suffix;
770};
771
772static int hostapd_wpa_auth_oui_iter(struct hostapd_iface *iface, void *ctx)
773{
774 struct wpa_auth_oui_iface_iter_data *idata = ctx;
775 struct oui_deliver_later_data *data;
3cd4db23 776 struct hostapd_data *hapd, *src_hapd = idata->src_hapd;
50bd8e0a
MB		 777 size_t j;
778
779 for (j = 0; j < iface->num_bss; j++) {
780 hapd = iface->bss[j];
3cd4db23
JM		 781 if (hapd == src_hapd)
782 continue; /* don't deliver back to same interface */
783 if (!wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt) ||
784 hapd->conf->ssid.ssid_len !=
785 src_hapd->conf->ssid.ssid_len ||
786 os_memcmp(hapd->conf->ssid.ssid,
787 src_hapd->conf->ssid.ssid,
788 hapd->conf->ssid.ssid_len) != 0 ||
789 os_memcmp(hapd->conf->mobility_domain,
790 src_hapd->conf->mobility_domain,
c133c785 791 MOBILITY_DOMAIN_ID_LEN) != 0)
3cd4db23 792 continue; /* no matching FT SSID/mobility domain */
50bd8e0a
MB		 793 if (!is_multicast_ether_addr(idata->dst_addr) &&
794 os_memcmp(hapd->own_addr, idata->dst_addr, ETH_ALEN) != 0)
3cd4db23 795 continue; /* destination address does not match */
50bd8e0a
MB		 796
797 /* defer eth_p_oui_deliver until next eloop step as this is
798 * when it would be triggerd from reading from sock
799 * This avoids
800 * hapd0:send -> hapd1:recv -> hapd1:send -> hapd0:recv,
801 * that is calling hapd0:recv handler from within
802 * hapd0:send directly.
803 */
804 data = os_zalloc(sizeof(*data) + idata->data_len);
805 if (!data)
806 return 1;
a422d9b4
JM		 807 wpa_printf(MSG_DEBUG,
808 "RRB(%s): local delivery to %s dst=" MACSTR
809 " oui_suffix=%u data_len=%u data=%p",
3cd4db23 810 src_hapd->conf->iface, hapd->conf->iface,
a422d9b4
JM		 811 MAC2STR(idata->dst_addr), idata->oui_suffix,
812 (unsigned int) idata->data_len, data);
50bd8e0a 813
3cd4db23 814 os_memcpy(data->src_addr, src_hapd->own_addr, ETH_ALEN);
50bd8e0a
MB		 815 os_memcpy(data->dst_addr, idata->dst_addr, ETH_ALEN);
816 os_memcpy(data + 1, idata->data, idata->data_len);
817 data->data_len = idata->data_len;
818 data->oui_suffix = idata->oui_suffix;
819
7b1105af 820 dl_list_add_tail(&hapd->l2_oui_queue, &data->list);
50bd8e0a
MB		 821
822 if (!eloop_is_timeout_registered(hostapd_oui_deliver_later,
823 hapd, NULL))
824 eloop_register_timeout(0, 0,
825 hostapd_oui_deliver_later,
826 hapd, NULL);
827
4834c686
JW		 828 /* If dst_addr is a multicast address, do not return any
829 * non-zero value here. Otherwise, the iteration of
830 * for_each_interface() will be stopped. */
831 if (!is_multicast_ether_addr(idata->dst_addr))
832 return 1;
50bd8e0a
MB		 833 }
834
835 return 0;
836}
837
838#endif /* CONFIG_IEEE80211R_AP */
839
840
841static int hostapd_wpa_auth_send_oui(void *ctx, const u8 *dst, u8 oui_suffix,
842 const u8 *data, size_t data_len)
843{
844#ifdef CONFIG_ETH_P_OUI
845 struct hostapd_data *hapd = ctx;
846 struct eth_p_oui_ctx *oui_ctx;
847
a422d9b4
JM		 848 wpa_printf(MSG_DEBUG, "RRB(%s): send to dst=" MACSTR
849 " oui_suffix=%u data_len=%u",
850 hapd->conf->iface, MAC2STR(dst), oui_suffix,
851 (unsigned int) data_len);
50bd8e0a
MB		 852#ifdef CONFIG_IEEE80211R_AP
853 if (hapd->iface->interfaces &&
854 hapd->iface->interfaces->for_each_interface) {
855 struct wpa_auth_oui_iface_iter_data idata;
856 int res;
857
858 idata.src_hapd = hapd;
859 idata.dst_addr = dst;
860 idata.data = data;
861 idata.data_len = data_len;
862 idata.oui_suffix = oui_suffix;
863 res = hapd->iface->interfaces->for_each_interface(
864 hapd->iface->interfaces, hostapd_wpa_auth_oui_iter,
865 &idata);
866 if (res == 1)
867 return data_len;
868 }
869#endif /* CONFIG_IEEE80211R_AP */
870
871 oui_ctx = hostapd_wpa_get_oui(hapd, oui_suffix);
872 if (!oui_ctx)
873 return -1;
874
875 return eth_p_oui_send(oui_ctx, hapd->own_addr, dst, data, data_len);
876#else /* CONFIG_ETH_P_OUI */
877 return -1;
878#endif /* CONFIG_ETH_P_OUI */
879}
880
881
bef4d07a
MV		 882static int hostapd_channel_info(void *ctx, struct wpa_channel_info *ci)
883{
884 struct hostapd_data *hapd = ctx;
885
886 return hostapd_drv_channel_info(hapd, ci);
887}
888
1034f67b 889
dbfa691d
JM		 890static int hostapd_wpa_auth_update_vlan(void *ctx, const u8 *addr, int vlan_id)
891{
892#ifndef CONFIG_NO_VLAN
893 struct hostapd_data *hapd = ctx;
894 struct sta_info *sta;
dbfa691d
JM		 895
896 sta = ap_get_sta(hapd, addr);
897 if (!sta)
898 return -1;
899
99d8c4dc
GG		 900 if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_VLAN_OFFLOAD)) {
901 struct vlan_description vlan_desc;
dbfa691d 902
99d8c4dc
GG		 903 os_memset(&vlan_desc, 0, sizeof(vlan_desc));
904 vlan_desc.notempty = 1;
905 vlan_desc.untagged = vlan_id;
906 if (!hostapd_vlan_valid(hapd->conf->vlan, &vlan_desc)) {
907 wpa_printf(MSG_INFO,
908 "Invalid VLAN ID %d in wpa_psk_file",
909 vlan_id);
910 return -1;
911 }
912
913 if (ap_sta_set_vlan(hapd, sta, &vlan_desc) < 0) {
914 wpa_printf(MSG_INFO,
915 "Failed to assign VLAN ID %d from wpa_psk_file to "
916 MACSTR, vlan_id, MAC2STR(sta->addr));
917 return -1;
918 }
919 } else {
920 sta->vlan_id = vlan_id;
dbfa691d
JM		 921 }
922
923 wpa_printf(MSG_INFO,
924 "Assigned VLAN ID %d from wpa_psk_file to " MACSTR,
925 vlan_id, MAC2STR(sta->addr));
926 if ((sta->flags & WLAN_STA_ASSOC) &&
927 ap_sta_bind_vlan(hapd, sta) < 0)
928 return -1;
929#endif /* CONFIG_NO_VLAN */
930
931 return 0;
932}
933
934
1034f67b
MV		 935#ifdef CONFIG_OCV
936static int hostapd_get_sta_tx_params(void *ctx, const u8 *addr,
937 int ap_max_chanwidth, int ap_seg1_idx,
938 int *bandwidth, int *seg1_idx)
939{
940 struct hostapd_data *hapd = ctx;
941 struct sta_info *sta;
942
943 sta = ap_get_sta(hapd, addr);
944 if (!sta) {
945 hostapd_wpa_auth_logger(hapd, addr, LOGGER_INFO,
946 "Failed to get STA info to validate received OCI");
947 return -1;
948 }
949
950 return get_tx_parameters(sta, ap_max_chanwidth, ap_seg1_idx, bandwidth,
951 seg1_idx);
952}
953#endif /* CONFIG_OCV */
954
955
4ec1fd8e 956#ifdef CONFIG_IEEE80211R_AP
c442055e
JM		 957
958static int hostapd_wpa_auth_send_ft_action(void *ctx, const u8 *dst,
959 const u8 *data, size_t data_len)
960{
961 struct hostapd_data *hapd = ctx;
962 int res;
963 struct ieee80211_mgmt *m;
964 size_t mlen;
965 struct sta_info *sta;
966
967 sta = ap_get_sta(hapd, dst);
968 if (sta == NULL || sta->wpa_sm == NULL)
969 return -1;
970
971 m = os_zalloc(sizeof(*m) + data_len);
972 if (m == NULL)
973 return -1;
974 mlen = ((u8 *) &m->u - (u8 *) m) + data_len;
975 m->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
976 WLAN_FC_STYPE_ACTION);
977 os_memcpy(m->da, dst, ETH_ALEN);
978 os_memcpy(m->sa, hapd->own_addr, ETH_ALEN);
979 os_memcpy(m->bssid, hapd->own_addr, ETH_ALEN);
980 os_memcpy(&m->u, data, data_len);
981
37100274 982 res = hostapd_drv_send_mlme(hapd, (u8 *) m, mlen, 0, NULL, 0, 0);
c442055e
JM		 983 os_free(m);
984 return res;
985}
986
987
988static struct wpa_state_machine *
989hostapd_wpa_auth_add_sta(void *ctx, const u8 *sta_addr)
990{
991 struct hostapd_data *hapd = ctx;
992 struct sta_info *sta;
df3b2e22 993 int ret;
c442055e 994
4cf5efec
JM		 995 wpa_printf(MSG_DEBUG, "Add station entry for " MACSTR
996 " based on WPA authenticator callback",
997 MAC2STR(sta_addr));
df3b2e22
SSG		 998 ret = hostapd_add_sta_node(hapd, sta_addr, WLAN_AUTH_FT);
999
1000 /*
1001 * The expected return values from hostapd_add_sta_node() are
1002 * 0: successfully added STA entry
1003 * -EOPNOTSUPP: driver or driver wrapper does not support/need this
1004 * operations
1005 * any other negative value: error in adding the STA entry */
1006 if (ret < 0 && ret != -EOPNOTSUPP)
88b32a99
SP		 1007 return NULL;
1008
c442055e
JM		 1009 sta = ap_sta_add(hapd, sta_addr);
1010 if (sta == NULL)
1011 return NULL;
df3b2e22 1012 if (ret == 0)
4cf5efec 1013 sta->added_unassoc = 1;
df3b2e22 1014
4cf5efec 1015 sta->ft_over_ds = 1;
21c9b690
JM		 1016 if (sta->wpa_sm) {
1017 sta->auth_alg = WLAN_AUTH_FT;
c442055e 1018 return sta->wpa_sm;
21c9b690 1019 }
c442055e 1020
94ddef3e 1021 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, sta->addr, NULL);
c442055e
JM		 1022 if (sta->wpa_sm == NULL) {
1023 ap_free_sta(hapd, sta);
1024 return NULL;
1025 }
1026 sta->auth_alg = WLAN_AUTH_FT;
1027
1028 return sta->wpa_sm;
1029}
1030
1031
47a039b0
MB		 1032static int hostapd_wpa_auth_set_vlan(void *ctx, const u8 *sta_addr,
1033 struct vlan_description *vlan)
1034{
1035 struct hostapd_data *hapd = ctx;
1036 struct sta_info *sta;
1037
1038 sta = ap_get_sta(hapd, sta_addr);
1039 if (!sta || !sta->wpa_sm)
1040 return -1;
1041
1042 if (vlan->notempty &&
1043 !hostapd_vlan_valid(hapd->conf->vlan, vlan)) {
1044 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1045 HOSTAPD_LEVEL_INFO,
1046 "Invalid VLAN %d%s received from FT",
1047 vlan->untagged, vlan->tagged[0] ? "+" : "");
1048 return -1;
1049 }
1050
1051 if (ap_sta_set_vlan(hapd, sta, vlan) < 0)
1052 return -1;
1053 /* Configure wpa_group for GTK but ignore error due to driver not
1054 * knowing this STA. */
1055 ap_sta_bind_vlan(hapd, sta);
1056
1057 if (sta->vlan_id)
1058 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1059 HOSTAPD_LEVEL_INFO, "VLAN ID %d", sta->vlan_id);
1060
1061 return 0;
1062}
1063
1064
1065static int hostapd_wpa_auth_get_vlan(void *ctx, const u8 *sta_addr,
1066 struct vlan_description *vlan)
1067{
1068 struct hostapd_data *hapd = ctx;
1069 struct sta_info *sta;
1070
1071 sta = ap_get_sta(hapd, sta_addr);
1072 if (!sta)
1073 return -1;
1074
1075 if (sta->vlan_desc)
1076 *vlan = *sta->vlan_desc;
1077 else
1078 os_memset(vlan, 0, sizeof(*vlan));
1079
1080 return 0;
1081}
1082
1083
8c345234
MB		 1084static int
1085hostapd_wpa_auth_set_identity(void *ctx, const u8 *sta_addr,
1086 const u8 *identity, size_t identity_len)
1087{
1088 struct hostapd_data *hapd = ctx;
1089 struct sta_info *sta;
1090
1091 sta = ap_get_sta(hapd, sta_addr);
1092 if (!sta)
1093 return -1;
1094
1095 os_free(sta->identity);
1096 sta->identity = NULL;
1097
1098 if (sta->eapol_sm) {
1099 os_free(sta->eapol_sm->identity);
1100 sta->eapol_sm->identity = NULL;
1101 sta->eapol_sm->identity_len = 0;
1102 }
1103
1104 if (!identity_len)
1105 return 0;
1106
1107 /* sta->identity is NULL terminated */
1108 sta->identity = os_zalloc(identity_len + 1);
1109 if (!sta->identity)
1110 return -1;
1111 os_memcpy(sta->identity, identity, identity_len);
1112
1113 if (sta->eapol_sm) {
1114 sta->eapol_sm->identity = os_zalloc(identity_len);
1115 if (!sta->eapol_sm->identity)
1116 return -1;
1117 os_memcpy(sta->eapol_sm->identity, identity, identity_len);
1118 sta->eapol_sm->identity_len = identity_len;
1119 }
1120
1121 return 0;
1122}
1123
1124
1125static size_t
1126hostapd_wpa_auth_get_identity(void *ctx, const u8 *sta_addr, const u8 **buf)
1127{
1128 struct hostapd_data *hapd = ctx;
1129 struct sta_info *sta;
1130 size_t len;
1131 char *identity;
1132
1133 sta = ap_get_sta(hapd, sta_addr);
1134 if (!sta)
1135 return 0;
1136
1137 *buf = ieee802_1x_get_identity(sta->eapol_sm, &len);
1138 if (*buf && len)
1139 return len;
1140
1141 if (!sta->identity) {
1142 *buf = NULL;
1143 return 0;
1144 }
1145
1146 identity = sta->identity;
1147 len = os_strlen(identity);
1148 *buf = (u8 *) identity;
1149
1150 return len;
1151}
1152
1153
1154static int
1155hostapd_wpa_auth_set_radius_cui(void *ctx, const u8 *sta_addr,
1156 const u8 *radius_cui, size_t radius_cui_len)
1157{
1158 struct hostapd_data *hapd = ctx;
1159 struct sta_info *sta;
1160
1161 sta = ap_get_sta(hapd, sta_addr);
1162 if (!sta)
1163 return -1;
1164
1165 os_free(sta->radius_cui);
1166 sta->radius_cui = NULL;
1167
1168 if (sta->eapol_sm) {
1169 wpabuf_free(sta->eapol_sm->radius_cui);
1170 sta->eapol_sm->radius_cui = NULL;
1171 }
1172
1173 if (!radius_cui)
1174 return 0;
1175
1176 /* sta->radius_cui is NULL terminated */
1177 sta->radius_cui = os_zalloc(radius_cui_len + 1);
1178 if (!sta->radius_cui)
1179 return -1;
1180 os_memcpy(sta->radius_cui, radius_cui, radius_cui_len);
1181
1182 if (sta->eapol_sm) {
1183 sta->eapol_sm->radius_cui = wpabuf_alloc_copy(radius_cui,
1184 radius_cui_len);
1185 if (!sta->eapol_sm->radius_cui)
1186 return -1;
1187 }
1188
1189 return 0;
1190}
1191
1192
1193static size_t
1194hostapd_wpa_auth_get_radius_cui(void *ctx, const u8 *sta_addr, const u8 **buf)
1195{
1196 struct hostapd_data *hapd = ctx;
1197 struct sta_info *sta;
1198 struct wpabuf *b;
1199 size_t len;
1200 char *radius_cui;
1201
1202 sta = ap_get_sta(hapd, sta_addr);
1203 if (!sta)
1204 return 0;
1205
1206 b = ieee802_1x_get_radius_cui(sta->eapol_sm);
1207 if (b) {
1208 len = wpabuf_len(b);
1209 *buf = wpabuf_head(b);
1210 return len;
1211 }
1212
1213 if (!sta->radius_cui) {
1214 *buf = NULL;
1215 return 0;
1216 }
1217
1218 radius_cui = sta->radius_cui;
1219 len = os_strlen(radius_cui);
1220 *buf = (u8 *) radius_cui;
1221
1222 return len;
1223}
1224
1225
3cb286ca
MB		 1226static void hostapd_wpa_auth_set_session_timeout(void *ctx, const u8 *sta_addr,
1227 int session_timeout)
1228{
1229 struct hostapd_data *hapd = ctx;
1230 struct sta_info *sta;
1231
1232 sta = ap_get_sta(hapd, sta_addr);
1233 if (!sta)
1234 return;
1235
1236 if (session_timeout) {
1237 os_get_reltime(&sta->session_timeout);
1238 sta->session_timeout.sec += session_timeout;
1239 sta->session_timeout_set = 1;
1240 ap_sta_session_timeout(hapd, sta, session_timeout);
1241 } else {
1242 sta->session_timeout_set = 0;
1243 ap_sta_no_session_timeout(hapd, sta);
1244 }
1245}
1246
1247
1248static int hostapd_wpa_auth_get_session_timeout(void *ctx, const u8 *sta_addr)
1249{
1250 struct hostapd_data *hapd = ctx;
1251 struct sta_info *sta;
1252 struct os_reltime now, remaining;
1253
1254 sta = ap_get_sta(hapd, sta_addr);
1255 if (!sta || !sta->session_timeout_set)
1256 return 0;
1257
1258 os_get_reltime(&now);
1259 if (os_reltime_before(&sta->session_timeout, &now)) {
1260 /* already expired, return >0 as timeout was set */
1261 return 1;
1262 }
1263
1264 os_reltime_sub(&sta->session_timeout, &now, &remaining);
1265
1266 return (remaining.sec > 0) ? remaining.sec : 1;
1267}
1268
1269
c442055e
JM		 1270static void hostapd_rrb_receive(void *ctx, const u8 *src_addr, const u8 *buf,
1271 size_t len)
1272{
1273 struct hostapd_data *hapd = ctx;
7e031850
JM		 1274 struct l2_ethhdr *ethhdr;
1275 if (len < sizeof(*ethhdr))
1276 return;
1277 ethhdr = (struct l2_ethhdr *) buf;
1278 wpa_printf(MSG_DEBUG, "FT: RRB received packet " MACSTR " -> "
1279 MACSTR, MAC2STR(ethhdr->h_source), MAC2STR(ethhdr->h_dest));
170c545a
MB		 1280 if (!is_multicast_ether_addr(ethhdr->h_dest) &&
1281 os_memcmp(hapd->own_addr, ethhdr->h_dest, ETH_ALEN) != 0)
1282 return;
7e031850
JM		 1283 wpa_ft_rrb_rx(hapd->wpa_auth, ethhdr->h_source, buf + sizeof(*ethhdr),
1284 len - sizeof(*ethhdr));
c442055e
JM		 1285}
1286
88b32a99 1287
50bd8e0a
MB		 1288static void hostapd_rrb_oui_receive(void *ctx, const u8 *src_addr,
1289 const u8 *dst_addr, u8 oui_suffix,
1290 const u8 *buf, size_t len)
1291{
1292 struct hostapd_data *hapd = ctx;
1293
1294 wpa_printf(MSG_DEBUG, "FT: RRB received packet " MACSTR " -> "
1295 MACSTR, MAC2STR(src_addr), MAC2STR(dst_addr));
1296 if (!is_multicast_ether_addr(dst_addr) &&
1297 os_memcmp(hapd->own_addr, dst_addr, ETH_ALEN) != 0)
1298 return;
1299 wpa_ft_rrb_oui_rx(hapd->wpa_auth, src_addr, dst_addr, oui_suffix, buf,
1300 len);
1301}
1302
1303
88b32a99
SP		 1304static int hostapd_wpa_auth_add_tspec(void *ctx, const u8 *sta_addr,
1305 u8 *tspec_ie, size_t tspec_ielen)
1306{
1307 struct hostapd_data *hapd = ctx;
1308 return hostapd_add_tspec(hapd, sta_addr, tspec_ie, tspec_ielen);
1309}
1310
50bd8e0a
MB		 1311
1312
1313static int hostapd_wpa_register_ft_oui(struct hostapd_data *hapd,
1314 const char *ft_iface)
1315{
1316 hapd->oui_pull = eth_p_oui_register(hapd, ft_iface,
1317 FT_PACKET_R0KH_R1KH_PULL,
1318 hostapd_rrb_oui_receive, hapd);
1319 if (!hapd->oui_pull)
1320 return -1;
1321
1322 hapd->oui_resp = eth_p_oui_register(hapd, ft_iface,
1323 FT_PACKET_R0KH_R1KH_RESP,
1324 hostapd_rrb_oui_receive, hapd);
1325 if (!hapd->oui_resp)
1326 return -1;
1327
1328 hapd->oui_push = eth_p_oui_register(hapd, ft_iface,
1329 FT_PACKET_R0KH_R1KH_PUSH,
1330 hostapd_rrb_oui_receive, hapd);
1331 if (!hapd->oui_push)
1332 return -1;
1333
eefe8630
MB		 1334 hapd->oui_sreq = eth_p_oui_register(hapd, ft_iface,
1335 FT_PACKET_R0KH_R1KH_SEQ_REQ,
1336 hostapd_rrb_oui_receive, hapd);
1337 if (!hapd->oui_sreq)
1338 return -1;
1339
1340 hapd->oui_sresp = eth_p_oui_register(hapd, ft_iface,
1341 FT_PACKET_R0KH_R1KH_SEQ_RESP,
1342 hostapd_rrb_oui_receive, hapd);
1343 if (!hapd->oui_sresp)
1344 return -1;
1345
50bd8e0a
MB		 1346 return 0;
1347}
1348
1349
1350static void hostapd_wpa_unregister_ft_oui(struct hostapd_data *hapd)
1351{
1352 eth_p_oui_unregister(hapd->oui_pull);
1353 hapd->oui_pull = NULL;
1354 eth_p_oui_unregister(hapd->oui_resp);
1355 hapd->oui_resp = NULL;
1356 eth_p_oui_unregister(hapd->oui_push);
1357 hapd->oui_push = NULL;
eefe8630
MB		 1358 eth_p_oui_unregister(hapd->oui_sreq);
1359 hapd->oui_sreq = NULL;
1360 eth_p_oui_unregister(hapd->oui_sresp);
1361 hapd->oui_sresp = NULL;
50bd8e0a 1362}
4ec1fd8e 1363#endif /* CONFIG_IEEE80211R_AP */
c442055e
JM		 1364
1365
1366int hostapd_setup_wpa(struct hostapd_data *hapd)
1367{
1368 struct wpa_auth_config _conf;
cef8fac0
JB		 1369 static const struct wpa_auth_callbacks cb = {
1370 .logger = hostapd_wpa_auth_logger,
1371 .disconnect = hostapd_wpa_auth_disconnect,
1372 .mic_failure_report = hostapd_wpa_auth_mic_failure_report,
1373 .psk_failure_report = hostapd_wpa_auth_psk_failure_report,
1374 .set_eapol = hostapd_wpa_auth_set_eapol,
1375 .get_eapol = hostapd_wpa_auth_get_eapol,
1376 .get_psk = hostapd_wpa_auth_get_psk,
1377 .get_msk = hostapd_wpa_auth_get_msk,
1378 .set_key = hostapd_wpa_auth_set_key,
1379 .get_seqnum = hostapd_wpa_auth_get_seqnum,
1380 .send_eapol = hostapd_wpa_auth_send_eapol,
1381 .for_each_sta = hostapd_wpa_auth_for_each_sta,
1382 .for_each_auth = hostapd_wpa_auth_for_each_auth,
1383 .send_ether = hostapd_wpa_auth_send_ether,
50bd8e0a 1384 .send_oui = hostapd_wpa_auth_send_oui,
bef4d07a 1385 .channel_info = hostapd_channel_info,
dbfa691d 1386 .update_vlan = hostapd_wpa_auth_update_vlan,
1034f67b
MV		 1387#ifdef CONFIG_OCV
1388 .get_sta_tx_params = hostapd_get_sta_tx_params,
1389#endif /* CONFIG_OCV */
cef8fac0
JB		 1390#ifdef CONFIG_IEEE80211R_AP
1391 .send_ft_action = hostapd_wpa_auth_send_ft_action,
1392 .add_sta = hostapd_wpa_auth_add_sta,
1393 .add_tspec = hostapd_wpa_auth_add_tspec,
47a039b0
MB		 1394 .set_vlan = hostapd_wpa_auth_set_vlan,
1395 .get_vlan = hostapd_wpa_auth_get_vlan,
8c345234
MB		 1396 .set_identity = hostapd_wpa_auth_set_identity,
1397 .get_identity = hostapd_wpa_auth_get_identity,
1398 .set_radius_cui = hostapd_wpa_auth_set_radius_cui,
1399 .get_radius_cui = hostapd_wpa_auth_get_radius_cui,
3cb286ca
MB		 1400 .set_session_timeout = hostapd_wpa_auth_set_session_timeout,
1401 .get_session_timeout = hostapd_wpa_auth_get_session_timeout,
cef8fac0
JB		 1402#endif /* CONFIG_IEEE80211R_AP */
1403 };
c442055e
JM		 1404 const u8 *wpa_ie;
1405 size_t wpa_ie_len;
1406
7af092a0 1407 hostapd_wpa_auth_conf(hapd->conf, hapd->iconf, &_conf);
e4bf4db9
JM		 1408 if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_EAPOL_TX_STATUS)
1409 _conf.tx_status = 1;
88b32a99
SP		 1410 if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_AP_MLME)
1411 _conf.ap_mlme = 1;
1a7963e3
AW		 1412
1413 if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_WIRED) &&
1414 (hapd->conf->wpa_deny_ptk0_rekey == PTK0_REKEY_ALLOW_NEVER ||
1415 (hapd->conf->wpa_deny_ptk0_rekey == PTK0_REKEY_ALLOW_LOCAL_OK &&
1416 !(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_SAFE_PTK0_REKEYS)))) {
1417 wpa_msg(hapd->msg_ctx, MSG_INFO,
1418 "Disable PTK0 rekey support - replaced with disconnect");
1419 _conf.wpa_deny_ptk0_rekey = 1;
1420 }
1421
cef8fac0 1422 hapd->wpa_auth = wpa_init(hapd->own_addr, &_conf, &cb, hapd);
c442055e
JM		 1423 if (hapd->wpa_auth == NULL) {
1424 wpa_printf(MSG_ERROR, "WPA initialization failed.");
1425 return -1;
1426 }
1427
1428 if (hostapd_set_privacy(hapd, 1)) {
1429 wpa_printf(MSG_ERROR, "Could not set PrivacyInvoked "
1430 "for interface %s", hapd->conf->iface);
1431 return -1;
1432 }
1433
1434 wpa_ie = wpa_auth_get_wpa_ie(hapd->wpa_auth, &wpa_ie_len);
1435 if (hostapd_set_generic_elem(hapd, wpa_ie, wpa_ie_len)) {
1436 wpa_printf(MSG_ERROR, "Failed to configure WPA IE for "
1437 "the kernel driver.");
1438 return -1;
1439 }
1440
1441 if (rsn_preauth_iface_init(hapd)) {
1442 wpa_printf(MSG_ERROR, "Initialization of RSN "
1443 "pre-authentication failed.");
1444 return -1;
1445 }
1446
4ec1fd8e 1447#ifdef CONFIG_IEEE80211R_AP
b92d2a57 1448 if (!hostapd_drv_none(hapd) &&
66d46406 1449 wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt)) {
50bd8e0a
MB		 1450 const char *ft_iface;
1451
1452 ft_iface = hapd->conf->bridge[0] ? hapd->conf->bridge :
1453 hapd->conf->iface;
1454 hapd->l2 = l2_packet_init(ft_iface, NULL, ETH_P_RRB,
7e031850 1455 hostapd_rrb_receive, hapd, 1);
ccaabeaa 1456 if (!hapd->l2) {
c442055e
JM		 1457 wpa_printf(MSG_ERROR, "Failed to open l2_packet "
1458 "interface");
1459 return -1;
1460 }
50bd8e0a
MB		 1461
1462 if (hostapd_wpa_register_ft_oui(hapd, ft_iface)) {
1463 wpa_printf(MSG_ERROR,
1464 "Failed to open ETH_P_OUI interface");
1465 return -1;
1466 }
c442055e 1467 }
4ec1fd8e 1468#endif /* CONFIG_IEEE80211R_AP */
c442055e
JM		 1469
1470 return 0;
1471
1472}
1473
1474
1475void hostapd_reconfig_wpa(struct hostapd_data *hapd)
1476{
1477 struct wpa_auth_config wpa_auth_conf;
7af092a0 1478 hostapd_wpa_auth_conf(hapd->conf, hapd->iconf, &wpa_auth_conf);
c442055e
JM		 1479 wpa_reconfig(hapd->wpa_auth, &wpa_auth_conf);
1480}
1481
1482
1483void hostapd_deinit_wpa(struct hostapd_data *hapd)
1484{
01a17491 1485 ieee80211_tkip_countermeasures_deinit(hapd);
c442055e
JM		 1486 rsn_preauth_iface_deinit(hapd);
1487 if (hapd->wpa_auth) {
1488 wpa_deinit(hapd->wpa_auth);
1489 hapd->wpa_auth = NULL;
1490
1b822f52 1491 if (hapd->drv_priv && hostapd_set_privacy(hapd, 0)) {
c442055e
JM		 1492 wpa_printf(MSG_DEBUG, "Could not disable "
1493 "PrivacyInvoked for interface %s",
1494 hapd->conf->iface);
1495 }
1496
1b822f52
JM		 1497 if (hapd->drv_priv &&
1498 hostapd_set_generic_elem(hapd, (u8 *) "", 0)) {
c442055e
JM		 1499 wpa_printf(MSG_DEBUG, "Could not remove generic "
1500 "information element from interface %s",
1501 hapd->conf->iface);
1502 }
1503 }
1504 ieee802_1x_deinit(hapd);
1505
4ec1fd8e 1506#ifdef CONFIG_IEEE80211R_AP
c5fee160
MB		 1507 eloop_cancel_timeout(hostapd_wpa_ft_rrb_rx_later, hapd, ELOOP_ALL_CTX);
1508 hostapd_wpa_ft_rrb_rx_later(hapd, NULL); /* flush without delivering */
50bd8e0a
MB		 1509 eloop_cancel_timeout(hostapd_oui_deliver_later, hapd, ELOOP_ALL_CTX);
1510 hostapd_oui_deliver_later(hapd, NULL); /* flush without delivering */
c442055e 1511 l2_packet_deinit(hapd->l2);
66f4dd15 1512 hapd->l2 = NULL;
50bd8e0a 1513 hostapd_wpa_unregister_ft_oui(hapd);
4ec1fd8e 1514#endif /* CONFIG_IEEE80211R_AP */
c442055e 1515}
Unnamed repository; edit this file 'description' to name the repository.