]> git.ipfire.org Git - thirdparty/hostap.git/blame - wpa_supplicant/wpa_supplicant.c
projects / thirdparty / hostap.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
OCE: Mandate PMF for WPA2 association with OCE AP
[thirdparty/hostap.git] / wpa_supplicant / wpa_supplicant.c
CommitLineData
6fc6879b
JM		 1/*
2 * WPA Supplicant
cc58a357 3 * Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi>
6fc6879b 4 *
0f3d578e
JM		 5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
6fc6879b
JM		 7 *
8 * This file implements functions for registering and unregistering
9 * %wpa_supplicant interfaces. In addition, this file contains number of
10 * functions for managing network connections.
11 */
12
13#include "includes.h"
2e997eec
RM		 14#ifdef CONFIG_MATCH_IFACE
15#include <net/if.h>
16#include <fnmatch.h>
17#endif /* CONFIG_MATCH_IFACE */
6fc6879b
JM		 18
19#include "common.h"
d47fa330 20#include "crypto/random.h"
7d232e23 21#include "crypto/sha1.h"
6fc6879b
JM		 22#include "eapol_supp/eapol_supp_sm.h"
23#include "eap_peer/eap.h"
ec7b97ab 24#include "eap_peer/eap_proxy.h"
3ec97afe 25#include "eap_server/eap_methods.h"
3acb5005 26#include "rsn_supp/wpa.h"
6fc6879b 27#include "eloop.h"
6fc6879b 28#include "config.h"
306ae225 29#include "utils/ext_password.h"
6fc6879b
JM		 30#include "l2_packet/l2_packet.h"
31#include "wpa_supplicant_i.h"
2d5b792d 32#include "driver_i.h"
6fc6879b 33#include "ctrl_iface.h"
6fc6879b 34#include "pcsc_funcs.h"
90973fb2 35#include "common/version.h"
3acb5005
JM		 36#include "rsn_supp/preauth.h"
37#include "rsn_supp/pmksa_cache.h"
90973fb2 38#include "common/wpa_ctrl.h"
cfde99a8 39#include "common/ieee802_11_common.h"
90973fb2 40#include "common/ieee802_11_defs.h"
6b8b0774 41#include "common/hw_features_common.h"
461d39af 42#include "common/gas_server.h"
10ec6a5f 43#include "common/dpp.h"
72044390 44#include "p2p/p2p.h"
b36a3a65 45#include "fst/fst.h"
6fc6879b
JM		 46#include "blacklist.h"
47#include "wpas_glue.h"
116654ce 48#include "wps_supplicant.h"
11ef8d35 49#include "ibss_rsn.h"
c2a04078 50#include "sme.h"
04ea7b79 51#include "gas_query.h"
1f1b62a0 52#include "ap.h"
b22128ef 53#include "p2p_supplicant.h"
9675ce35 54#include "wifi_display.h"
8bac466b 55#include "notify.h"
60b94c98 56#include "bgscan.h"
7c865c68 57#include "autoscan.h"
83922c2d 58#include "bss.h"
9ba9fa07 59#include "scan.h"
24f6497c 60#include "offchannel.h"
cb418324 61#include "hs20_supplicant.h"
e27d20bb 62#include "wnm_sta.h"
dd10abcc 63#include "wpas_kay.h"
603a3f34 64#include "mesh.h"
be27e185 65#include "dpp_supplicant.h"
a39b040b
SB		 66#ifdef CONFIG_MESH
67#include "ap/ap_config.h"
68#include "ap/hostapd.h"
69#endif /* CONFIG_MESH */
6fc6879b 70
8b423edb 71const char *const wpa_supplicant_version =
6fc6879b 72"wpa_supplicant v" VERSION_STR "\n"
cc58a357 73"Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi> and contributors";
6fc6879b 74
8b423edb 75const char *const wpa_supplicant_license =
331f89ff
JM		 76"This software may be distributed under the terms of the BSD license.\n"
77"See README for more details.\n"
6fc6879b
JM		 78#ifdef EAP_TLS_OPENSSL
79"\nThis product includes software developed by the OpenSSL Project\n"
80"for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
81#endif /* EAP_TLS_OPENSSL */
82;
83
84#ifndef CONFIG_NO_STDOUT_DEBUG
85/* Long text divided into parts in order to fit in C89 strings size limits. */
8b423edb 86const char *const wpa_supplicant_full_license1 =
331f89ff 87"";
8b423edb 88const char *const wpa_supplicant_full_license2 =
331f89ff 89"This software may be distributed under the terms of the BSD license.\n"
6fc6879b
JM		 90"\n"
91"Redistribution and use in source and binary forms, with or without\n"
92"modification, are permitted provided that the following conditions are\n"
93"met:\n"
94"\n";
8b423edb 95const char *const wpa_supplicant_full_license3 =
6fc6879b
JM		 96"1. Redistributions of source code must retain the above copyright\n"
97" notice, this list of conditions and the following disclaimer.\n"
98"\n"
99"2. Redistributions in binary form must reproduce the above copyright\n"
100" notice, this list of conditions and the following disclaimer in the\n"
101" documentation and/or other materials provided with the distribution.\n"
102"\n";
8b423edb 103const char *const wpa_supplicant_full_license4 =
6fc6879b
JM		 104"3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
105" names of its contributors may be used to endorse or promote products\n"
106" derived from this software without specific prior written permission.\n"
107"\n"
108"THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
109"\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
110"LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
111"A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
8b423edb 112const char *const wpa_supplicant_full_license5 =
6fc6879b
JM		 113"OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
114"SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
115"LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
116"DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
117"THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
118"(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
119"OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
120"\n";
121#endif /* CONFIG_NO_STDOUT_DEBUG */
122
b04854ce
AP		 123
124static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx, void *timeout_ctx);
6338c99e
VK		 125#if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
126static void wpas_update_fils_connect_params(struct wpa_supplicant *wpa_s);
127#endif /* CONFIG_FILS && IEEE8021X_EAPOL */
b04854ce
AP		 128
129
6fc6879b 130/* Configure default/group WEP keys for static WEP */
0194fedb 131int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
6fc6879b
JM		 132{
133 int i, set = 0;
134
135 for (i = 0; i < NUM_WEP_KEYS; i++) {
136 if (ssid->wep_key_len[i] == 0)
137 continue;
138
139 set = 1;
0382097e 140 wpa_drv_set_key(wpa_s, WPA_ALG_WEP, NULL,
da64c266 141 i, i == ssid->wep_tx_keyidx, NULL, 0,
6fc6879b
JM		 142 ssid->wep_key[i], ssid->wep_key_len[i]);
143 }
144
145 return set;
146}
147
148
6ea1f413
JM		 149int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
150 struct wpa_ssid *ssid)
6fc6879b
JM		 151{
152 u8 key[32];
153 size_t keylen;
71934751 154 enum wpa_alg alg;
6fc6879b 155 u8 seq[6] = { 0 };
658da804 156 int ret;
6fc6879b
JM		 157
158 /* IBSS/WPA-None uses only one key (Group) for both receiving and
159 * sending unicast and multicast packets. */
160
d7dcba70 161 if (ssid->mode != WPAS_MODE_IBSS) {
f049052b
BG		 162 wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid mode %d (not "
163 "IBSS/ad-hoc) for WPA-None", ssid->mode);
6fc6879b
JM		 164 return -1;
165 }
166
167 if (!ssid->psk_set) {
f049052b
BG		 168 wpa_msg(wpa_s, MSG_INFO, "WPA: No PSK configured for "
169 "WPA-None");
6fc6879b
JM		 170 return -1;
171 }
172
173 switch (wpa_s->group_cipher) {
174 case WPA_CIPHER_CCMP:
175 os_memcpy(key, ssid->psk, 16);
176 keylen = 16;
177 alg = WPA_ALG_CCMP;
178 break;
eb7719ff
JM		 179 case WPA_CIPHER_GCMP:
180 os_memcpy(key, ssid->psk, 16);
181 keylen = 16;
182 alg = WPA_ALG_GCMP;
183 break;
6fc6879b
JM		 184 case WPA_CIPHER_TKIP:
185 /* WPA-None uses the same Michael MIC key for both TX and RX */
186 os_memcpy(key, ssid->psk, 16 + 8);
187 os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
188 keylen = 32;
189 alg = WPA_ALG_TKIP;
190 break;
191 default:
f049052b
BG		 192 wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid group cipher %d for "
193 "WPA-None", wpa_s->group_cipher);
6fc6879b
JM		 194 return -1;
195 }
196
197 /* TODO: should actually remember the previously used seq#, both for TX
198 * and RX from each STA.. */
199
658da804
JM		 200 ret = wpa_drv_set_key(wpa_s, alg, NULL, 0, 1, seq, 6, key, keylen);
201 os_memset(key, 0, sizeof(key));
202 return ret;
6fc6879b
JM		 203}
204
205
206static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
207{
208 struct wpa_supplicant *wpa_s = eloop_ctx;
209 const u8 *bssid = wpa_s->bssid;
04e3d815
MK		 210 if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
211 (wpa_s->wpa_state == WPA_AUTHENTICATING ||
212 wpa_s->wpa_state == WPA_ASSOCIATING))
6fc6879b
JM		 213 bssid = wpa_s->pending_bssid;
214 wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
215 MAC2STR(bssid));
216 wpa_blacklist_add(wpa_s, bssid);
217 wpa_sm_notify_disassoc(wpa_s->wpa);
07783eaa 218 wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
6fc6879b 219 wpa_s->reassociate = 1;
48b84f18
BG		 220
221 /*
222 * If we timed out, the AP or the local radio may be busy.
223 * So, wait a second until scanning again.
224 */
225 wpa_supplicant_req_scan(wpa_s, 1, 0);
6fc6879b
JM		 226}
227
228
229/**
230 * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
231 * @wpa_s: Pointer to wpa_supplicant data
232 * @sec: Number of seconds after which to time out authentication
233 * @usec: Number of microseconds after which to time out authentication
234 *
235 * This function is used to schedule a timeout for the current authentication
236 * attempt.
237 */
238void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
239 int sec, int usec)
240{
a2a535f8 241 if (wpa_s->conf->ap_scan == 0 &&
c2a04078 242 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
6fc6879b
JM		 243 return;
244
f049052b 245 wpa_dbg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
6fc6879b
JM		 246 "%d usec", sec, usec);
247 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
37547ad6 248 wpa_s->last_auth_timeout_sec = sec;
6fc6879b
JM		 249 eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
250}
251
252
37547ad6
DL		 253/*
254 * wpas_auth_timeout_restart - Restart and change timeout for authentication
255 * @wpa_s: Pointer to wpa_supplicant data
256 * @sec_diff: difference in seconds applied to original timeout value
257 */
258void wpas_auth_timeout_restart(struct wpa_supplicant *wpa_s, int sec_diff)
259{
260 int new_sec = wpa_s->last_auth_timeout_sec + sec_diff;
261
262 if (eloop_is_timeout_registered(wpa_supplicant_timeout, wpa_s, NULL)) {
263 wpa_dbg(wpa_s, MSG_DEBUG,
264 "Authentication timeout restart: %d sec", new_sec);
265 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
266 eloop_register_timeout(new_sec, 0, wpa_supplicant_timeout,
267 wpa_s, NULL);
268 }
269}
270
271
6fc6879b
JM		 272/**
273 * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
274 * @wpa_s: Pointer to wpa_supplicant data
275 *
276 * This function is used to cancel authentication timeout scheduled with
277 * wpa_supplicant_req_auth_timeout() and it is called when authentication has
278 * been completed.
279 */
280void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
281{
f049052b 282 wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
6fc6879b
JM		 283 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
284 wpa_blacklist_del(wpa_s, wpa_s->bssid);
af835d75
AB		 285 os_free(wpa_s->last_con_fail_realm);
286 wpa_s->last_con_fail_realm = NULL;
287 wpa_s->last_con_fail_realm_len = 0;
6fc6879b
JM		 288}
289
290
291/**
292 * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
293 * @wpa_s: Pointer to wpa_supplicant data
294 *
295 * This function is used to configure EAPOL state machine based on the selected
296 * authentication mode.
297 */
298void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
299{
300#ifdef IEEE8021X_EAPOL
301 struct eapol_config eapol_conf;
302 struct wpa_ssid *ssid = wpa_s->current_ssid;
303
53895c3b 304#ifdef CONFIG_IBSS_RSN
d7dcba70 305 if (ssid->mode == WPAS_MODE_IBSS &&
53895c3b
JM		 306 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
307 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
308 /*
309 * RSN IBSS authentication is per-STA and we can disable the
310 * per-BSSID EAPOL authentication.
311 */
312 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
313 eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
314 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
315 return;
316 }
317#endif /* CONFIG_IBSS_RSN */
318
0a40ec6a
JM		 319 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
320 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
321
6fc6879b
JM		 322 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
323 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
324 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
325 else
326 eapol_sm_notify_portControl(wpa_s->eapol, Auto);
327
328 os_memset(&eapol_conf, 0, sizeof(eapol_conf));
329 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
330 eapol_conf.accept_802_1x_keys = 1;
331 eapol_conf.required_keys = 0;
332 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
333 eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
334 }
335 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
336 eapol_conf.required_keys |=
337 EAPOL_REQUIRE_KEY_BROADCAST;
338 }
339
a2a535f8 340 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)
6fc6879b 341 eapol_conf.required_keys = 0;
6fc6879b 342 }
a2a535f8 343 eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
6fc6879b 344 eapol_conf.workaround = ssid->eap_workaround;
56586197
JM		 345 eapol_conf.eap_disabled =
346 !wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) &&
ad08c363
JM		 347 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
348 wpa_s->key_mgmt != WPA_KEY_MGMT_WPS;
a5d44ac0 349 eapol_conf.external_sim = wpa_s->conf->external_sim;
3f7ac058
JS		 350
351#ifdef CONFIG_WPS
352 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
353 eapol_conf.wps |= EAPOL_LOCAL_WPS_IN_USE;
354 if (wpa_s->current_bss) {
355 struct wpabuf *ie;
356 ie = wpa_bss_get_vendor_ie_multi(wpa_s->current_bss,
357 WPS_IE_VENDOR_TYPE);
358 if (ie) {
359 if (wps_is_20(ie))
360 eapol_conf.wps |=
361 EAPOL_PEER_IS_WPS20_AP;
362 wpabuf_free(ie);
363 }
364 }
365 }
366#endif /* CONFIG_WPS */
367
6fc6879b 368 eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
dd10abcc 369
ad51731a
SD		 370#ifdef CONFIG_MACSEC
371 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE && ssid->mka_psk_set)
372 ieee802_1x_create_preshared_mka(wpa_s, ssid);
373 else
374 ieee802_1x_alloc_kay_sm(wpa_s, ssid);
375#endif /* CONFIG_MACSEC */
cd3153a9 376#endif /* IEEE8021X_EAPOL */
6fc6879b
JM		 377}
378
379
380/**
381 * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
382 * @wpa_s: Pointer to wpa_supplicant data
383 * @ssid: Configuration data for the network
384 *
385 * This function is used to configure WPA state machine and related parameters
386 * to a mode where WPA is not enabled. This is called as part of the
387 * authentication configuration when the selected network does not use WPA.
388 */
389void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
390 struct wpa_ssid *ssid)
391{
392 int i;
393
ad08c363
JM		 394 if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
395 wpa_s->key_mgmt = WPA_KEY_MGMT_WPS;
396 else if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
6fc6879b
JM		 397 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
398 else
399 wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
400 wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
401 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
402 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
403 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
404 wpa_s->group_cipher = WPA_CIPHER_NONE;
405 wpa_s->mgmt_group_cipher = 0;
406
407 for (i = 0; i < NUM_WEP_KEYS; i++) {
408 if (ssid->wep_key_len[i] > 5) {
409 wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
410 wpa_s->group_cipher = WPA_CIPHER_WEP104;
411 break;
412 } else if (ssid->wep_key_len[i] > 0) {
413 wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
414 wpa_s->group_cipher = WPA_CIPHER_WEP40;
415 break;
416 }
417 }
418
419 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 0);
420 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
421 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
422 wpa_s->pairwise_cipher);
423 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
424#ifdef CONFIG_IEEE80211W
425 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
426 wpa_s->mgmt_group_cipher);
427#endif /* CONFIG_IEEE80211W */
428
429 pmksa_cache_clear_current(wpa_s->wpa);
430}
431
432
6979582c 433void free_hw_features(struct wpa_supplicant *wpa_s)
6bf731e8
CL		 434{
435 int i;
436 if (wpa_s->hw.modes == NULL)
437 return;
438
439 for (i = 0; i < wpa_s->hw.num_modes; i++) {
440 os_free(wpa_s->hw.modes[i].channels);
441 os_free(wpa_s->hw.modes[i].rates);
442 }
443
444 os_free(wpa_s->hw.modes);
445 wpa_s->hw.modes = NULL;
446}
447
448
19677b77 449void free_bss_tmp_disallowed(struct wpa_supplicant *wpa_s)
dd599908
AS		 450{
451 struct wpa_bss_tmp_disallowed *bss, *prev;
452
453 dl_list_for_each_safe(bss, prev, &wpa_s->bss_tmp_disallowed,
454 struct wpa_bss_tmp_disallowed, list) {
b04854ce 455 eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout, wpa_s, bss);
dd599908
AS		 456 dl_list_del(&bss->list);
457 os_free(bss);
458 }
459}
460
461
5732b770
JM		 462void wpas_flush_fils_hlp_req(struct wpa_supplicant *wpa_s)
463{
464 struct fils_hlp_req *req;
465
466 while ((req = dl_list_first(&wpa_s->fils_hlp_req, struct fils_hlp_req,
467 list)) != NULL) {
468 dl_list_del(&req->list);
469 wpabuf_free(req->pkt);
470 os_free(req);
471 }
472}
473
474
6fc6879b
JM		 475static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
476{
86bd36f0
JM		 477 int i;
478
60b94c98 479 bgscan_deinit(wpa_s);
7c865c68 480 autoscan_deinit(wpa_s);
6fc6879b
JM		 481 scard_deinit(wpa_s->scard);
482 wpa_s->scard = NULL;
483 wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
484 eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
485 l2_packet_deinit(wpa_s->l2);
486 wpa_s->l2 = NULL;
487 if (wpa_s->l2_br) {
488 l2_packet_deinit(wpa_s->l2_br);
489 wpa_s->l2_br = NULL;
490 }
4a6cc862
JM		 491#ifdef CONFIG_TESTING_OPTIONS
492 l2_packet_deinit(wpa_s->l2_test);
493 wpa_s->l2_test = NULL;
c06fca04
JM		 494 os_free(wpa_s->get_pref_freq_list_override);
495 wpa_s->get_pref_freq_list_override = NULL;
daa40960
JM		 496 wpabuf_free(wpa_s->last_assoc_req_wpa_ie);
497 wpa_s->last_assoc_req_wpa_ie = NULL;
4a6cc862 498#endif /* CONFIG_TESTING_OPTIONS */
6fc6879b 499
6fc6879b 500 if (wpa_s->conf != NULL) {
8e56d189
JM		 501 struct wpa_ssid *ssid;
502 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
503 wpas_notify_network_removed(wpa_s, ssid);
6fc6879b
JM		 504 }
505
506 os_free(wpa_s->confname);
507 wpa_s->confname = NULL;
508
e6304cad
DS		 509 os_free(wpa_s->confanother);
510 wpa_s->confanother = NULL;
511
af835d75
AB		 512 os_free(wpa_s->last_con_fail_realm);
513 wpa_s->last_con_fail_realm = NULL;
514 wpa_s->last_con_fail_realm_len = 0;
515
6fc6879b
JM		 516 wpa_sm_set_eapol(wpa_s->wpa, NULL);
517 eapol_sm_deinit(wpa_s->eapol);
518 wpa_s->eapol = NULL;
519
520 rsn_preauth_deinit(wpa_s->wpa);
521
281ff0aa
GP		 522#ifdef CONFIG_TDLS
523 wpa_tdls_deinit(wpa_s->wpa);
524#endif /* CONFIG_TDLS */
525
8c42b369 526 wmm_ac_clear_saved_tspecs(wpa_s);
6fc6879b
JM		 527 pmksa_candidate_free(wpa_s->wpa);
528 wpa_sm_deinit(wpa_s->wpa);
529 wpa_s->wpa = NULL;
530 wpa_blacklist_clear(wpa_s);
531
83922c2d 532 wpa_bss_deinit(wpa_s);
6fc6879b 533
831770bf 534 wpa_supplicant_cancel_delayed_sched_scan(wpa_s);
6fc6879b
JM		 535 wpa_supplicant_cancel_scan(wpa_s);
536 wpa_supplicant_cancel_auth_timeout(wpa_s);
01a17491
JM		 537 eloop_cancel_timeout(wpa_supplicant_stop_countermeasures, wpa_s, NULL);
538#ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
539 eloop_cancel_timeout(wpa_supplicant_delayed_mic_error_report,
540 wpa_s, NULL);
541#endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
6fc6879b 542
9bd566a3
AS		 543 eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
544
116654ce 545 wpas_wps_deinit(wpa_s);
11ef8d35 546
1ff73338
JM		 547 wpabuf_free(wpa_s->pending_eapol_rx);
548 wpa_s->pending_eapol_rx = NULL;
549
11ef8d35
JM		 550#ifdef CONFIG_IBSS_RSN
551 ibss_rsn_deinit(wpa_s->ibss_rsn);
552 wpa_s->ibss_rsn = NULL;
553#endif /* CONFIG_IBSS_RSN */
c2a04078 554
e29853bb 555 sme_deinit(wpa_s);
2d5b792d
JM		 556
557#ifdef CONFIG_AP
558 wpa_supplicant_ap_deinit(wpa_s);
559#endif /* CONFIG_AP */
b22128ef 560
b22128ef 561 wpas_p2p_deinit(wpa_s);
f47d639d 562
24f6497c
JM		 563#ifdef CONFIG_OFFCHANNEL
564 offchannel_deinit(wpa_s);
565#endif /* CONFIG_OFFCHANNEL */
566
a4cba8f1
LC		 567 wpa_supplicant_cancel_sched_scan(wpa_s);
568
f47d639d
JM		 569 os_free(wpa_s->next_scan_freqs);
570 wpa_s->next_scan_freqs = NULL;
fee52342
JM		 571
572 os_free(wpa_s->manual_scan_freqs);
573 wpa_s->manual_scan_freqs = NULL;
88a44755
JM		 574 os_free(wpa_s->select_network_scan_freqs);
575 wpa_s->select_network_scan_freqs = NULL;
04ea7b79 576
d3c9c35f
DS		 577 os_free(wpa_s->manual_sched_scan_freqs);
578 wpa_s->manual_sched_scan_freqs = NULL;
579
56c76fa5
IP		 580 wpas_mac_addr_rand_scan_clear(wpa_s, MAC_ADDR_RAND_ALL);
581
57e832de
IP		 582 /*
583 * Need to remove any pending gas-query radio work before the
584 * gas_query_deinit() call because gas_query::work has not yet been set
585 * for works that have not been started. gas_query_free() will be unable
586 * to cancel such pending radio works and once the pending gas-query
587 * radio work eventually gets removed, the deinit notification call to
588 * gas_query_start_cb() would result in dereferencing freed memory.
589 */
590 if (wpa_s->radio)
591 radio_remove_works(wpa_s, "gas-query", 0);
04ea7b79
JM		 592 gas_query_deinit(wpa_s->gas);
593 wpa_s->gas = NULL;
461d39af
JM		 594 gas_server_deinit(wpa_s->gas_server);
595 wpa_s->gas_server = NULL;
6bf731e8
CL		 596
597 free_hw_features(wpa_s);
d445a5cd 598
dd10abcc
HW		 599 ieee802_1x_dealloc_kay_sm(wpa_s);
600
d445a5cd
JM		 601 os_free(wpa_s->bssid_filter);
602 wpa_s->bssid_filter = NULL;
b6668734 603
6407f413
JM		 604 os_free(wpa_s->disallow_aps_bssid);
605 wpa_s->disallow_aps_bssid = NULL;
606 os_free(wpa_s->disallow_aps_ssid);
607 wpa_s->disallow_aps_ssid = NULL;
608
b6668734 609 wnm_bss_keep_alive_deinit(wpa_s);
e27d20bb
VK		 610#ifdef CONFIG_WNM
611 wnm_deallocate_memory(wpa_s);
612#endif /* CONFIG_WNM */
306ae225
JM		 613
614 ext_password_deinit(wpa_s->ext_pw);
615 wpa_s->ext_pw = NULL;
b1f12296
JM		 616
617 wpabuf_free(wpa_s->last_gas_resp);
b6a9590b
JM		 618 wpa_s->last_gas_resp = NULL;
619 wpabuf_free(wpa_s->prev_gas_resp);
620 wpa_s->prev_gas_resp = NULL;
a297201d
JM		 621
622 os_free(wpa_s->last_scan_res);
623 wpa_s->last_scan_res = NULL;
b572df86
JM		 624
625#ifdef CONFIG_HS20
ece4ac5f
MG		 626 if (wpa_s->drv_priv)
627 wpa_drv_configure_frame_filters(wpa_s, 0);
fb2ac53d 628 hs20_deinit(wpa_s);
b572df86 629#endif /* CONFIG_HS20 */
86bd36f0
JM		 630
631 for (i = 0; i < NUM_VENDOR_ELEM_FRAMES; i++) {
632 wpabuf_free(wpa_s->vendor_elem[i]);
633 wpa_s->vendor_elem[i] = NULL;
634 }
3882a708
JM		 635
636 wmm_ac_notify_disassoc(wpa_s);
32c02261
AS		 637
638 wpa_s->sched_scan_plans_num = 0;
639 os_free(wpa_s->sched_scan_plans);
640 wpa_s->sched_scan_plans = NULL;
92c6e2e3
DS		 641
642#ifdef CONFIG_MBO
643 wpa_s->non_pref_chan_num = 0;
644 os_free(wpa_s->non_pref_chan);
645 wpa_s->non_pref_chan = NULL;
646#endif /* CONFIG_MBO */
dd599908
AS		 647
648 free_bss_tmp_disallowed(wpa_s);
4a742011
DS		 649
650 wpabuf_free(wpa_s->lci);
651 wpa_s->lci = NULL;
76196ddb 652 wpas_clear_beacon_rep_data(wpa_s);
4d77d80e
MH		 653
654#ifdef CONFIG_PMKSA_CACHE_EXTERNAL
655#ifdef CONFIG_MESH
656 {
657 struct external_pmksa_cache *entry;
658
659 while ((entry = dl_list_last(&wpa_s->mesh_external_pmksa_cache,
660 struct external_pmksa_cache,
661 list)) != NULL) {
662 dl_list_del(&entry->list);
663 os_free(entry->pmksa_cache);
664 os_free(entry);
665 }
666 }
667#endif /* CONFIG_MESH */
668#endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
5732b770
JM		 669
670 wpas_flush_fils_hlp_req(wpa_s);
c6c41f6e
JM		 671
672 wpabuf_free(wpa_s->ric_ies);
673 wpa_s->ric_ies = NULL;
be27e185
JM		 674
675#ifdef CONFIG_DPP
676 wpas_dpp_deinit(wpa_s);
87d8435c
JM		 677 dpp_global_deinit(wpa_s->dpp);
678 wpa_s->dpp = NULL;
be27e185 679#endif /* CONFIG_DPP */
6fc6879b
JM		 680}
681
682
683/**
684 * wpa_clear_keys - Clear keys configured for the driver
685 * @wpa_s: Pointer to wpa_supplicant data
686 * @addr: Previously used BSSID or %NULL if not available
687 *
688 * This function clears the encryption keys that has been previously configured
689 * for the driver.
690 */
691void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
692{
2f30cac3 693 int i, max;
6fc6879b 694
0e27f655 695#ifdef CONFIG_IEEE80211W
2f30cac3
JM		 696 max = 6;
697#else /* CONFIG_IEEE80211W */
698 max = 4;
0e27f655 699#endif /* CONFIG_IEEE80211W */
2f30cac3
JM		 700
701 /* MLME-DELETEKEYS.request */
702 for (i = 0; i < max; i++) {
703 if (wpa_s->keys_cleared & BIT(i))
704 continue;
705 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, i, 0, NULL, 0,
706 NULL, 0);
707 }
708 if (!(wpa_s->keys_cleared & BIT(0)) && addr &&
709 !is_zero_ether_addr(addr)) {
6fc6879b
JM		 710 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
711 0);
712 /* MLME-SETPROTECTION.request(None) */
713 wpa_drv_mlme_setprotection(
714 wpa_s, addr,
715 MLME_SETPROTECTION_PROTECT_TYPE_NONE,
716 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
717 }
2f30cac3 718 wpa_s->keys_cleared = (u32) -1;
6fc6879b
JM		 719}
720
721
722/**
723 * wpa_supplicant_state_txt - Get the connection state name as a text string
724 * @state: State (wpa_state; WPA_*)
725 * Returns: The state name as a printable text string
726 */
71934751 727const char * wpa_supplicant_state_txt(enum wpa_states state)
6fc6879b
JM		 728{
729 switch (state) {
730 case WPA_DISCONNECTED:
731 return "DISCONNECTED";
732 case WPA_INACTIVE:
733 return "INACTIVE";
8401a6b0
JM		 734 case WPA_INTERFACE_DISABLED:
735 return "INTERFACE_DISABLED";
6fc6879b
JM		 736 case WPA_SCANNING:
737 return "SCANNING";
c2a04078
JM		 738 case WPA_AUTHENTICATING:
739 return "AUTHENTICATING";
6fc6879b
JM		 740 case WPA_ASSOCIATING:
741 return "ASSOCIATING";
742 case WPA_ASSOCIATED:
743 return "ASSOCIATED";
744 case WPA_4WAY_HANDSHAKE:
745 return "4WAY_HANDSHAKE";
746 case WPA_GROUP_HANDSHAKE:
747 return "GROUP_HANDSHAKE";
748 case WPA_COMPLETED:
749 return "COMPLETED";
750 default:
751 return "UNKNOWN";
752 }
753}
754
755
cfe53c9a
PS		 756#ifdef CONFIG_BGSCAN
757
758static void wpa_supplicant_start_bgscan(struct wpa_supplicant *wpa_s)
759{
31392709
HD		 760 const char *name;
761
762 if (wpa_s->current_ssid && wpa_s->current_ssid->bgscan)
763 name = wpa_s->current_ssid->bgscan;
764 else
765 name = wpa_s->conf->bgscan;
268043d5 766 if (name == NULL || name[0] == '\0')
31392709 767 return;
0096c427
JM		 768 if (wpas_driver_bss_selection(wpa_s))
769 return;
cfe53c9a
PS		 770 if (wpa_s->current_ssid == wpa_s->bgscan_ssid)
771 return;
aa109830
DS		 772#ifdef CONFIG_P2P
773 if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE)
774 return;
775#endif /* CONFIG_P2P */
cfe53c9a
PS		 776
777 bgscan_deinit(wpa_s);
31392709
HD		 778 if (wpa_s->current_ssid) {
779 if (bgscan_init(wpa_s, wpa_s->current_ssid, name)) {
cfe53c9a
PS		 780 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
781 "bgscan");
782 /*
783 * Live without bgscan; it is only used as a roaming
784 * optimization, so the initial connection is not
785 * affected.
786 */
6409b7a7
YD		 787 } else {
788 struct wpa_scan_results *scan_res;
cfe53c9a 789 wpa_s->bgscan_ssid = wpa_s->current_ssid;
6409b7a7
YD		 790 scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL,
791 0);
792 if (scan_res) {
793 bgscan_notify_scan(wpa_s, scan_res);
794 wpa_scan_results_free(scan_res);
795 }
796 }
cfe53c9a
PS		 797 } else
798 wpa_s->bgscan_ssid = NULL;
799}
800
801
802static void wpa_supplicant_stop_bgscan(struct wpa_supplicant *wpa_s)
803{
804 if (wpa_s->bgscan_ssid != NULL) {
805 bgscan_deinit(wpa_s);
806 wpa_s->bgscan_ssid = NULL;
807 }
808}
809
810#endif /* CONFIG_BGSCAN */
811
812
7c865c68
TB		 813static void wpa_supplicant_start_autoscan(struct wpa_supplicant *wpa_s)
814{
99218999 815 if (autoscan_init(wpa_s, 0))
7c865c68
TB		 816 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize autoscan");
817}
818
819
820static void wpa_supplicant_stop_autoscan(struct wpa_supplicant *wpa_s)
821{
822 autoscan_deinit(wpa_s);
823}
824
825
c3d12238
JM		 826void wpa_supplicant_reinit_autoscan(struct wpa_supplicant *wpa_s)
827{
828 if (wpa_s->wpa_state == WPA_DISCONNECTED ||
829 wpa_s->wpa_state == WPA_SCANNING) {
830 autoscan_deinit(wpa_s);
831 wpa_supplicant_start_autoscan(wpa_s);
832 }
833}
834
835
6fc6879b
JM		 836/**
837 * wpa_supplicant_set_state - Set current connection state
838 * @wpa_s: Pointer to wpa_supplicant data
839 * @state: The new connection state
840 *
841 * This function is called whenever the connection state changes, e.g.,
842 * association is completed for WPA/WPA2 4-Way Handshake is started.
843 */
71934751
JM		 844void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s,
845 enum wpa_states state)
6fc6879b 846{
27f43d8d
MH		 847 enum wpa_states old_state = wpa_s->wpa_state;
848
f049052b
BG		 849 wpa_dbg(wpa_s, MSG_DEBUG, "State: %s -> %s",
850 wpa_supplicant_state_txt(wpa_s->wpa_state),
851 wpa_supplicant_state_txt(state));
6fc6879b 852
2bbad1c7
MW		 853 if (state == WPA_COMPLETED &&
854 os_reltime_initialized(&wpa_s->roam_start)) {
855 os_reltime_age(&wpa_s->roam_start, &wpa_s->roam_time);
856 wpa_s->roam_start.sec = 0;
857 wpa_s->roam_start.usec = 0;
858 wpas_notify_auth_changed(wpa_s);
859 wpas_notify_roam_time(wpa_s);
860 wpas_notify_roam_complete(wpa_s);
861 } else if (state == WPA_DISCONNECTED &&
862 os_reltime_initialized(&wpa_s->roam_start)) {
863 wpa_s->roam_start.sec = 0;
864 wpa_s->roam_start.usec = 0;
865 wpa_s->roam_time.sec = 0;
866 wpa_s->roam_time.usec = 0;
867 wpas_notify_roam_complete(wpa_s);
868 }
869
5ddd07cb
AS		 870 if (state == WPA_INTERFACE_DISABLED) {
871 /* Assure normal scan when interface is restored */
872 wpa_s->normal_scans = 0;
873 }
874
0cf24fda 875 if (state == WPA_COMPLETED) {
6ac4b15e 876 wpas_connect_work_done(wpa_s);
0cf24fda
LC		 877 /* Reinitialize normal_scan counter */
878 wpa_s->normal_scans = 0;
879 }
6ac4b15e 880
07c1e987
MS		 881#ifdef CONFIG_P2P
882 /*
883 * P2PS client has to reply to Probe Request frames received on the
884 * group operating channel. Enable Probe Request frame reporting for
885 * P2P connected client in case p2p_cli_probe configuration property is
886 * set to 1.
887 */
888 if (wpa_s->conf->p2p_cli_probe && wpa_s->current_ssid &&
889 wpa_s->current_ssid->mode == WPAS_MODE_INFRA &&
890 wpa_s->current_ssid->p2p_group) {
891 if (state == WPA_COMPLETED && !wpa_s->p2p_cli_probe) {
892 wpa_dbg(wpa_s, MSG_DEBUG,
893 "P2P: Enable CLI Probe Request RX reporting");
894 wpa_s->p2p_cli_probe =
895 wpa_drv_probe_req_report(wpa_s, 1) >= 0;
896 } else if (state != WPA_COMPLETED && wpa_s->p2p_cli_probe) {
897 wpa_dbg(wpa_s, MSG_DEBUG,
898 "P2P: Disable CLI Probe Request RX reporting");
899 wpa_s->p2p_cli_probe = 0;
900 wpa_drv_probe_req_report(wpa_s, 0);
901 }
902 }
903#endif /* CONFIG_P2P */
904
cb8564b1
DW		 905 if (state != WPA_SCANNING)
906 wpa_supplicant_notify_scanning(wpa_s, 0);
907
6fc6879b 908 if (state == WPA_COMPLETED && wpa_s->new_connection) {
6fc6879b 909 struct wpa_ssid *ssid = wpa_s->current_ssid;
da6a28ba
VK		 910 int fils_hlp_sent = 0;
911
912#ifdef CONFIG_SME
913 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
914 wpa_auth_alg_fils(wpa_s->sme.auth_alg))
915 fils_hlp_sent = 1;
916#endif /* CONFIG_SME */
917 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
918 wpa_auth_alg_fils(wpa_s->auth_alg))
919 fils_hlp_sent = 1;
920
7d37a357 921#if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
6fc6879b 922 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
da6a28ba 923 MACSTR " completed [id=%d id_str=%s%s]",
1cfc6787 924 MAC2STR(wpa_s->bssid),
6fc6879b 925 ssid ? ssid->id : -1,
da6a28ba
VK		 926 ssid && ssid->id_str ? ssid->id_str : "",
927 fils_hlp_sent ? " FILS_HLP_SENT" : "");
6fc6879b 928#endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
00e5e3d5 929 wpas_clear_temp_disabled(wpa_s, ssid, 1);
a20a3616 930 wpa_blacklist_clear(wpa_s);
f1a52633 931 wpa_s->extra_blacklist_count = 0;
6fc6879b 932 wpa_s->new_connection = 0;
6fc6879b 933 wpa_drv_set_operstate(wpa_s, 1);
99ac2913
FF		 934#ifndef IEEE8021X_EAPOL
935 wpa_drv_set_supp_port(wpa_s, 1);
936#endif /* IEEE8021X_EAPOL */
17a4734d 937 wpa_s->after_wps = 0;
4d9fb08d 938 wpa_s->known_wps_freq = 0;
b22128ef 939 wpas_p2p_completed(wpa_s);
c3701c66
RM		 940
941 sme_sched_obss_scan(wpa_s, 1);
6338c99e
VK		 942
943#if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
944 if (!fils_hlp_sent && ssid && ssid->eap.erp)
945 wpas_update_fils_connect_params(wpa_s);
946#endif /* CONFIG_FILS && IEEE8021X_EAPOL */
6fc6879b
JM		 947 } else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
948 state == WPA_ASSOCIATED) {
949 wpa_s->new_connection = 1;
950 wpa_drv_set_operstate(wpa_s, 0);
99ac2913
FF		 951#ifndef IEEE8021X_EAPOL
952 wpa_drv_set_supp_port(wpa_s, 0);
953#endif /* IEEE8021X_EAPOL */
c3701c66 954 sme_sched_obss_scan(wpa_s, 0);
6fc6879b
JM		 955 }
956 wpa_s->wpa_state = state;
27f43d8d 957
cfe53c9a
PS		 958#ifdef CONFIG_BGSCAN
959 if (state == WPA_COMPLETED)
960 wpa_supplicant_start_bgscan(wpa_s);
37271232 961 else if (state < WPA_ASSOCIATED)
cfe53c9a
PS		 962 wpa_supplicant_stop_bgscan(wpa_s);
963#endif /* CONFIG_BGSCAN */
964
bce3d4f7 965 if (state > WPA_SCANNING)
7c865c68
TB		 966 wpa_supplicant_stop_autoscan(wpa_s);
967
968 if (state == WPA_DISCONNECTED || state == WPA_INACTIVE)
969 wpa_supplicant_start_autoscan(wpa_s);
970
fecc2bb5
EP		 971 if (old_state >= WPA_ASSOCIATED && wpa_s->wpa_state < WPA_ASSOCIATED)
972 wmm_ac_notify_disassoc(wpa_s);
973
5bbf9f10 974 if (wpa_s->wpa_state != old_state) {
27f43d8d 975 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
5bbf9f10 976
e3bd6e9d
IP		 977 /*
978 * Notify the P2P Device interface about a state change in one
979 * of the interfaces.
980 */
981 wpas_p2p_indicate_state_change(wpa_s);
e3bd6e9d 982
5bbf9f10
PS		 983 if (wpa_s->wpa_state == WPA_COMPLETED ||
984 old_state == WPA_COMPLETED)
985 wpas_notify_auth_changed(wpa_s);
986 }
6fc6879b
JM		 987}
988
989
1a1bf008
JM		 990void wpa_supplicant_terminate_proc(struct wpa_global *global)
991{
992 int pending = 0;
993#ifdef CONFIG_WPS
994 struct wpa_supplicant *wpa_s = global->ifaces;
995 while (wpa_s) {
ab41595f 996 struct wpa_supplicant *next = wpa_s->next;
5516ed32
EA		 997 if (wpas_wps_terminate_pending(wpa_s) == 1)
998 pending = 1;
20625e97
JM		 999#ifdef CONFIG_P2P
1000 if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE ||
1001 (wpa_s->current_ssid && wpa_s->current_ssid->p2p_group))
1002 wpas_p2p_disconnect(wpa_s);
1003#endif /* CONFIG_P2P */
ab41595f 1004 wpa_s = next;
1a1bf008
JM		 1005 }
1006#endif /* CONFIG_WPS */
1007 if (pending)
1008 return;
1009 eloop_terminate();
1010}
1011
1012
0456ea16 1013static void wpa_supplicant_terminate(int sig, void *signal_ctx)
6fc6879b 1014{
0456ea16 1015 struct wpa_global *global = signal_ctx;
1a1bf008 1016 wpa_supplicant_terminate_proc(global);
6fc6879b
JM		 1017}
1018
1019
b22128ef 1020void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
6fc6879b 1021{
71934751 1022 enum wpa_states old_state = wpa_s->wpa_state;
27f43d8d 1023
6fc6879b
JM		 1024 wpa_s->pairwise_cipher = 0;
1025 wpa_s->group_cipher = 0;
1026 wpa_s->mgmt_group_cipher = 0;
1027 wpa_s->key_mgmt = 0;
8401a6b0 1028 if (wpa_s->wpa_state != WPA_INTERFACE_DISABLED)
99218999 1029 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
27f43d8d
MH		 1030
1031 if (wpa_s->wpa_state != old_state)
1032 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
6fc6879b
JM		 1033}
1034
1035
1036/**
1037 * wpa_supplicant_reload_configuration - Reload configuration data
1038 * @wpa_s: Pointer to wpa_supplicant data
1039 * Returns: 0 on success or -1 if configuration parsing failed
1040 *
1041 * This function can be used to request that the configuration data is reloaded
1042 * (e.g., after configuration file change). This function is reloading
1043 * configuration only for one interface, so this may need to be called multiple
1044 * times if %wpa_supplicant is controlling multiple interfaces and all
1045 * interfaces need reconfiguration.
1046 */
1047int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
1048{
1049 struct wpa_config *conf;
1050 int reconf_ctrl;
8bac466b
JM		 1051 int old_ap_scan;
1052
6fc6879b
JM		 1053 if (wpa_s->confname == NULL)
1054 return -1;
e6304cad 1055 conf = wpa_config_read(wpa_s->confname, NULL);
6fc6879b
JM		 1056 if (conf == NULL) {
1057 wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
1058 "file '%s' - exiting", wpa_s->confname);
1059 return -1;
1060 }
3bd35b68
JM		 1061 if (wpa_s->confanother &&
1062 !wpa_config_read(wpa_s->confanother, conf)) {
1063 wpa_msg(wpa_s, MSG_ERROR,
1064 "Failed to parse the configuration file '%s' - exiting",
1065 wpa_s->confanother);
1066 return -1;
1067 }
e6304cad 1068
611aea7d 1069 conf->changed_parameters = (unsigned int) -1;
6fc6879b
JM		 1070
1071 reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
1072 || (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
1073 os_strcmp(conf->ctrl_interface,
1074 wpa_s->conf->ctrl_interface) != 0);
1075
1076 if (reconf_ctrl && wpa_s->ctrl_iface) {
1077 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
1078 wpa_s->ctrl_iface = NULL;
1079 }
1080
1081 eapol_sm_invalidate_cached_session(wpa_s->eapol);
7b7ce8aa 1082 if (wpa_s->current_ssid) {
e66bcedd
JM		 1083 if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
1084 wpa_s->own_disconnect_req = 1;
7b7ce8aa
JM		 1085 wpa_supplicant_deauthenticate(wpa_s,
1086 WLAN_REASON_DEAUTH_LEAVING);
1087 }
8bac466b 1088
6fc6879b
JM		 1089 /*
1090 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
07e2de31 1091 * pkcs11_engine_path, pkcs11_module_path, openssl_ciphers.
6fc6879b 1092 */
a1ea1b45 1093 if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
567da5bb
JM		 1094 wpa_s->key_mgmt == WPA_KEY_MGMT_OWE ||
1095 wpa_s->key_mgmt == WPA_KEY_MGMT_DPP) {
6fc6879b
JM		 1096 /*
1097 * Clear forced success to clear EAP state for next
1098 * authentication.
1099 */
1100 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
1101 }
1102 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1103 wpa_sm_set_config(wpa_s->wpa, NULL);
d8a790b9 1104 wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
6fc6879b
JM		 1105 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
1106 rsn_preauth_deinit(wpa_s->wpa);
8bac466b
JM		 1107
1108 old_ap_scan = wpa_s->conf->ap_scan;
6fc6879b
JM		 1109 wpa_config_free(wpa_s->conf);
1110 wpa_s->conf = conf;
8bac466b
JM		 1111 if (old_ap_scan != wpa_s->conf->ap_scan)
1112 wpas_notify_ap_scan_changed(wpa_s);
1113
6fc6879b
JM		 1114 if (reconf_ctrl)
1115 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
1116
611aea7d
JM		 1117 wpa_supplicant_update_config(wpa_s);
1118
6fc6879b 1119 wpa_supplicant_clear_status(wpa_s);
349493bd 1120 if (wpa_supplicant_enabled_networks(wpa_s)) {
43a38635
JM		 1121 wpa_s->reassociate = 1;
1122 wpa_supplicant_req_scan(wpa_s, 0, 0);
1123 }
f049052b 1124 wpa_dbg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
6fc6879b
JM		 1125 return 0;
1126}
1127
1128
0456ea16 1129static void wpa_supplicant_reconfig(int sig, void *signal_ctx)
6fc6879b 1130{
0456ea16 1131 struct wpa_global *global = signal_ctx;
6fc6879b 1132 struct wpa_supplicant *wpa_s;
6fc6879b 1133 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
f049052b
BG		 1134 wpa_dbg(wpa_s, MSG_DEBUG, "Signal %d received - reconfiguring",
1135 sig);
6fc6879b 1136 if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
1a1bf008 1137 wpa_supplicant_terminate_proc(global);
6fc6879b
JM		 1138 }
1139 }
1248e584
LR		 1140
1141 if (wpa_debug_reopen_file() < 0) {
1142 /* Ignore errors since we cannot really do much to fix this */
1143 wpa_printf(MSG_DEBUG, "Could not reopen debug log file");
1144 }
6fc6879b
JM		 1145}
1146
1147
6fc6879b
JM		 1148static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
1149 struct wpa_ssid *ssid,
1150 struct wpa_ie_data *ie)
1151{
1152 int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
1153 if (ret) {
1154 if (ret == -2) {
1155 wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
1156 "from association info");
1157 }
1158 return -1;
1159 }
1160
f049052b
BG		 1161 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set "
1162 "cipher suites");
6fc6879b
JM		 1163 if (!(ie->group_cipher & ssid->group_cipher)) {
1164 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
1165 "cipher 0x%x (mask 0x%x) - reject",
1166 ie->group_cipher, ssid->group_cipher);
1167 return -1;
1168 }
1169 if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
1170 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
1171 "cipher 0x%x (mask 0x%x) - reject",
1172 ie->pairwise_cipher, ssid->pairwise_cipher);
1173 return -1;
1174 }
1175 if (!(ie->key_mgmt & ssid->key_mgmt)) {
1176 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
1177 "management 0x%x (mask 0x%x) - reject",
1178 ie->key_mgmt, ssid->key_mgmt);
1179 return -1;
1180 }
1181
1182#ifdef CONFIG_IEEE80211W
0b60b0aa 1183 if (!(ie->capabilities & WPA_CAPABILITY_MFPC) &&
3f56a2b7 1184 wpas_get_ssid_pmf(wpa_s, ssid) == MGMT_FRAME_PROTECTION_REQUIRED) {
6fc6879b
JM		 1185 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
1186 "that does not support management frame protection - "
1187 "reject");
1188 return -1;
1189 }
1190#endif /* CONFIG_IEEE80211W */
1191
1192 return 0;
1193}
1194
1195
2c129a1b
LD		 1196static int matching_ciphers(struct wpa_ssid *ssid, struct wpa_ie_data *ie,
1197 int freq)
1198{
1199 if (!ie->has_group)
1200 ie->group_cipher = wpa_default_rsn_cipher(freq);
1201 if (!ie->has_pairwise)
1202 ie->pairwise_cipher = wpa_default_rsn_cipher(freq);
1203 return (ie->group_cipher & ssid->group_cipher) &&
1204 (ie->pairwise_cipher & ssid->pairwise_cipher);
1205}
1206
1207
6fc6879b
JM		 1208/**
1209 * wpa_supplicant_set_suites - Set authentication and encryption parameters
1210 * @wpa_s: Pointer to wpa_supplicant data
1211 * @bss: Scan results for the selected BSS, or %NULL if not available
1212 * @ssid: Configuration data for the selected network
1213 * @wpa_ie: Buffer for the WPA/RSN IE
1214 * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
1215 * used buffer length in case the functions returns success.
1216 * Returns: 0 on success or -1 on failure
1217 *
1218 * This function is used to configure authentication and encryption parameters
1219 * based on the network configuration and scan result for the selected BSS (if
1220 * available).
1221 */
1222int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
6fa81a3b 1223 struct wpa_bss *bss, struct wpa_ssid *ssid,
6fc6879b
JM		 1224 u8 *wpa_ie, size_t *wpa_ie_len)
1225{
1226 struct wpa_ie_data ie;
1227 int sel, proto;
df0f01d9 1228 const u8 *bss_wpa, *bss_rsn, *bss_osen;
6fc6879b
JM		 1229
1230 if (bss) {
6fa81a3b
JM		 1231 bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
1232 bss_rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
df0f01d9 1233 bss_osen = wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE);
6fc6879b 1234 } else
df0f01d9 1235 bss_wpa = bss_rsn = bss_osen = NULL;
6fc6879b
JM		 1236
1237 if (bss_rsn && (ssid->proto & WPA_PROTO_RSN) &&
1238 wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
2c129a1b 1239 matching_ciphers(ssid, &ie, bss->freq) &&
6fc6879b 1240 (ie.key_mgmt & ssid->key_mgmt)) {
f049052b 1241 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
6fc6879b
JM		 1242 proto = WPA_PROTO_RSN;
1243 } else if (bss_wpa && (ssid->proto & WPA_PROTO_WPA) &&
267ac3bc 1244 wpa_parse_wpa_ie(bss_wpa, 2 + bss_wpa[1], &ie) == 0 &&
6fc6879b
JM		 1245 (ie.group_cipher & ssid->group_cipher) &&
1246 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1247 (ie.key_mgmt & ssid->key_mgmt)) {
f049052b 1248 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
6fc6879b 1249 proto = WPA_PROTO_WPA;
df0f01d9 1250#ifdef CONFIG_HS20
dc673aec
JM		 1251 } else if (bss_osen && (ssid->proto & WPA_PROTO_OSEN) &&
1252 wpa_parse_wpa_ie(bss_osen, 2 + bss_osen[1], &ie) == 0 &&
1253 (ie.group_cipher & ssid->group_cipher) &&
1254 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1255 (ie.key_mgmt & ssid->key_mgmt)) {
df0f01d9 1256 wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: using OSEN");
df0f01d9 1257 proto = WPA_PROTO_OSEN;
f5a60216
JM		 1258 } else if (bss_rsn && (ssid->proto & WPA_PROTO_OSEN) &&
1259 wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
1260 (ie.group_cipher & ssid->group_cipher) &&
1261 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1262 (ie.key_mgmt & ssid->key_mgmt)) {
1263 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using OSEN (within RSN)");
1264 proto = WPA_PROTO_RSN;
df0f01d9 1265#endif /* CONFIG_HS20 */
6fc6879b
JM		 1266 } else if (bss) {
1267 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
267ac3bc
JM		 1268 wpa_dbg(wpa_s, MSG_DEBUG,
1269 "WPA: ssid proto=0x%x pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1270 ssid->proto, ssid->pairwise_cipher, ssid->group_cipher,
1271 ssid->key_mgmt);
1272 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: BSS " MACSTR " ssid='%s'%s%s%s",
1273 MAC2STR(bss->bssid),
1274 wpa_ssid_txt(bss->ssid, bss->ssid_len),
1275 bss_wpa ? " WPA" : "",
1276 bss_rsn ? " RSN" : "",
1277 bss_osen ? " OSEN" : "");
1278 if (bss_rsn) {
1279 wpa_hexdump(MSG_DEBUG, "RSN", bss_rsn, 2 + bss_rsn[1]);
1280 if (wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie)) {
1281 wpa_dbg(wpa_s, MSG_DEBUG,
1282 "Could not parse RSN element");
1283 } else {
1284 wpa_dbg(wpa_s, MSG_DEBUG,
1285 "RSN: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1286 ie.pairwise_cipher, ie.group_cipher,
1287 ie.key_mgmt);
1288 }
1289 }
1290 if (bss_wpa) {
1291 wpa_hexdump(MSG_DEBUG, "WPA", bss_wpa, 2 + bss_wpa[1]);
1292 if (wpa_parse_wpa_ie(bss_wpa, 2 + bss_wpa[1], &ie)) {
1293 wpa_dbg(wpa_s, MSG_DEBUG,
1294 "Could not parse WPA element");
1295 } else {
1296 wpa_dbg(wpa_s, MSG_DEBUG,
1297 "WPA: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1298 ie.pairwise_cipher, ie.group_cipher,
1299 ie.key_mgmt);
1300 }
1301 }
6fc6879b
JM		 1302 return -1;
1303 } else {
df0f01d9
JM		 1304 if (ssid->proto & WPA_PROTO_OSEN)
1305 proto = WPA_PROTO_OSEN;
1306 else if (ssid->proto & WPA_PROTO_RSN)
6fc6879b
JM		 1307 proto = WPA_PROTO_RSN;
1308 else
1309 proto = WPA_PROTO_WPA;
1310 if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
1311 os_memset(&ie, 0, sizeof(ie));
1312 ie.group_cipher = ssid->group_cipher;
1313 ie.pairwise_cipher = ssid->pairwise_cipher;
1314 ie.key_mgmt = ssid->key_mgmt;
1315#ifdef CONFIG_IEEE80211W
61a56c14
JM		 1316 ie.mgmt_group_cipher = 0;
1317 if (ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
1318 if (ssid->group_mgmt_cipher &
1319 WPA_CIPHER_BIP_GMAC_256)
1320 ie.mgmt_group_cipher =
1321 WPA_CIPHER_BIP_GMAC_256;
1322 else if (ssid->group_mgmt_cipher &
1323 WPA_CIPHER_BIP_CMAC_256)
1324 ie.mgmt_group_cipher =
1325 WPA_CIPHER_BIP_CMAC_256;
1326 else if (ssid->group_mgmt_cipher &
1327 WPA_CIPHER_BIP_GMAC_128)
1328 ie.mgmt_group_cipher =
1329 WPA_CIPHER_BIP_GMAC_128;
1330 else
1331 ie.mgmt_group_cipher =
1332 WPA_CIPHER_AES_128_CMAC;
1333 }
6fc6879b 1334#endif /* CONFIG_IEEE80211W */
c1790a5f
JM		 1335#ifdef CONFIG_OWE
1336 if ((ssid->key_mgmt & WPA_KEY_MGMT_OWE) &&
1337 !ssid->owe_only &&
1338 !bss_wpa && !bss_rsn && !bss_osen) {
1339 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1340 wpa_s->wpa_proto = 0;
9f8d459d 1341 *wpa_ie_len = 0;
c1790a5f
JM		 1342 return 0;
1343 }
1344#endif /* CONFIG_OWE */
f049052b
BG		 1345 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Set cipher suites "
1346 "based on configuration");
6fc6879b
JM		 1347 } else
1348 proto = ie.proto;
1349 }
1350
f049052b
BG		 1351 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected cipher suites: group %d "
1352 "pairwise %d key_mgmt %d proto %d",
1353 ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
6fc6879b
JM		 1354#ifdef CONFIG_IEEE80211W
1355 if (ssid->ieee80211w) {
f049052b
BG		 1356 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
1357 ie.mgmt_group_cipher);
6fc6879b
JM		 1358 }
1359#endif /* CONFIG_IEEE80211W */
1360
64fa840a 1361 wpa_s->wpa_proto = proto;
6fc6879b
JM		 1362 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
1363 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
df0f01d9 1364 !!(ssid->proto & (WPA_PROTO_RSN | WPA_PROTO_OSEN)));
6fc6879b
JM		 1365
1366 if (bss || !wpa_s->ap_ies_from_associnfo) {
1367 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
1368 bss_wpa ? 2 + bss_wpa[1] : 0) ||
1369 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
1370 bss_rsn ? 2 + bss_rsn[1] : 0))
1371 return -1;
1372 }
1373
9e68742e
JM		 1374#ifdef CONFIG_NO_WPA
1375 wpa_s->group_cipher = WPA_CIPHER_NONE;
1376 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
1377#else /* CONFIG_NO_WPA */
6fc6879b 1378 sel = ie.group_cipher & ssid->group_cipher;
853bd19f
JM		 1379 wpa_dbg(wpa_s, MSG_DEBUG,
1380 "WPA: AP group 0x%x network profile group 0x%x; available group 0x%x",
1381 ie.group_cipher, ssid->group_cipher, sel);
edbd2a19
JM		 1382 wpa_s->group_cipher = wpa_pick_group_cipher(sel);
1383 if (wpa_s->group_cipher < 0) {
f049052b
BG		 1384 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select group "
1385 "cipher");
6fc6879b
JM		 1386 return -1;
1387 }
edbd2a19
JM		 1388 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK %s",
1389 wpa_cipher_txt(wpa_s->group_cipher));
6fc6879b
JM		 1390
1391 sel = ie.pairwise_cipher & ssid->pairwise_cipher;
853bd19f
JM		 1392 wpa_dbg(wpa_s, MSG_DEBUG,
1393 "WPA: AP pairwise 0x%x network profile pairwise 0x%x; available pairwise 0x%x",
1394 ie.pairwise_cipher, ssid->pairwise_cipher, sel);
edbd2a19
JM		 1395 wpa_s->pairwise_cipher = wpa_pick_pairwise_cipher(sel, 1);
1396 if (wpa_s->pairwise_cipher < 0) {
f049052b
BG		 1397 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select pairwise "
1398 "cipher");
6fc6879b
JM		 1399 return -1;
1400 }
edbd2a19
JM		 1401 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK %s",
1402 wpa_cipher_txt(wpa_s->pairwise_cipher));
9e68742e 1403#endif /* CONFIG_NO_WPA */
6fc6879b
JM		 1404
1405 sel = ie.key_mgmt & ssid->key_mgmt;
853bd19f
JM		 1406 wpa_dbg(wpa_s, MSG_DEBUG,
1407 "WPA: AP key_mgmt 0x%x network profile key_mgmt 0x%x; available key_mgmt 0x%x",
1408 ie.key_mgmt, ssid->key_mgmt, sel);
c10347f2
JM		 1409#ifdef CONFIG_SAE
1410 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE))
1411 sel &= ~(WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE);
1412#endif /* CONFIG_SAE */
6fc6879b 1413 if (0) {
6d77014e
JM		 1414#ifdef CONFIG_IEEE80211R
1415#ifdef CONFIG_SHA384
dd0153fc
MW		 1416 } else if ((sel & WPA_KEY_MGMT_FT_IEEE8021X_SHA384) &&
1417 os_strcmp(wpa_supplicant_get_eap_mode(wpa_s), "LEAP") != 0) {
6d77014e
JM		 1418 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
1419 wpa_dbg(wpa_s, MSG_DEBUG,
1420 "WPA: using KEY_MGMT FT/802.1X-SHA384");
9083ef13
JM		 1421 if (!ssid->ft_eap_pmksa_caching &&
1422 pmksa_cache_get_current(wpa_s->wpa)) {
1423 /* PMKSA caching with FT may have interoperability
1424 * issues, so disable that case by default for now. */
6d77014e
JM		 1425 wpa_dbg(wpa_s, MSG_DEBUG,
1426 "WPA: Disable PMKSA caching for FT/802.1X connection");
1427 pmksa_cache_clear_current(wpa_s->wpa);
1428 }
1429#endif /* CONFIG_SHA384 */
1430#endif /* CONFIG_IEEE80211R */
5e3b5197
JM		 1431#ifdef CONFIG_SUITEB192
1432 } else if (sel & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
1433 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B_192;
1434 wpa_dbg(wpa_s, MSG_DEBUG,
1435 "WPA: using KEY_MGMT 802.1X with Suite B (192-bit)");
1436#endif /* CONFIG_SUITEB192 */
1437#ifdef CONFIG_SUITEB
666497c8
JM		 1438 } else if (sel & WPA_KEY_MGMT_IEEE8021X_SUITE_B) {
1439 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B;
1440 wpa_dbg(wpa_s, MSG_DEBUG,
1441 "WPA: using KEY_MGMT 802.1X with Suite B");
5e3b5197 1442#endif /* CONFIG_SUITEB */
b8ae56e4
JM		 1443#ifdef CONFIG_FILS
1444#ifdef CONFIG_IEEE80211R
1445 } else if (sel & WPA_KEY_MGMT_FT_FILS_SHA384) {
1446 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384;
1447 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA384");
1448 } else if (sel & WPA_KEY_MGMT_FT_FILS_SHA256) {
1449 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256;
1450 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA256");
1451#endif /* CONFIG_IEEE80211R */
1452 } else if (sel & WPA_KEY_MGMT_FILS_SHA384) {
1453 wpa_s->key_mgmt = WPA_KEY_MGMT_FILS_SHA384;
1454 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FILS-SHA384");
1455 } else if (sel & WPA_KEY_MGMT_FILS_SHA256) {
1456 wpa_s->key_mgmt = WPA_KEY_MGMT_FILS_SHA256;
1457 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FILS-SHA256");
1458#endif /* CONFIG_FILS */
6fc6879b 1459#ifdef CONFIG_IEEE80211R
dd0153fc
MW		 1460 } else if ((sel & WPA_KEY_MGMT_FT_IEEE8021X) &&
1461 os_strcmp(wpa_supplicant_get_eap_mode(wpa_s), "LEAP") != 0) {
6fc6879b 1462 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
f049052b 1463 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
9083ef13
JM		 1464 if (!ssid->ft_eap_pmksa_caching &&
1465 pmksa_cache_get_current(wpa_s->wpa)) {
1466 /* PMKSA caching with FT may have interoperability
1467 * issues, so disable that case by default for now. */
833bb2ab
JM		 1468 wpa_dbg(wpa_s, MSG_DEBUG,
1469 "WPA: Disable PMKSA caching for FT/802.1X connection");
1470 pmksa_cache_clear_current(wpa_s->wpa);
1471 }
6fc6879b 1472#endif /* CONFIG_IEEE80211R */
dd6c5980
JM		 1473#ifdef CONFIG_DPP
1474 } else if (sel & WPA_KEY_MGMT_DPP) {
1475 wpa_s->key_mgmt = WPA_KEY_MGMT_DPP;
1476 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT DPP");
1477#endif /* CONFIG_DPP */
c10347f2 1478#ifdef CONFIG_SAE
c10347f2
JM		 1479 } else if (sel & WPA_KEY_MGMT_FT_SAE) {
1480 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_SAE;
1481 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT FT/SAE");
76fd782a
JM		 1482 } else if (sel & WPA_KEY_MGMT_SAE) {
1483 wpa_s->key_mgmt = WPA_KEY_MGMT_SAE;
1484 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT SAE");
c10347f2 1485#endif /* CONFIG_SAE */
9af1eea3
JM		 1486#ifdef CONFIG_IEEE80211R
1487 } else if (sel & WPA_KEY_MGMT_FT_PSK) {
1488 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
1489 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
1490#endif /* CONFIG_IEEE80211R */
56586197
JM		 1491#ifdef CONFIG_IEEE80211W
1492 } else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA256) {
1493 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
f049052b 1494 wpa_dbg(wpa_s, MSG_DEBUG,
56586197
JM		 1495 "WPA: using KEY_MGMT 802.1X with SHA256");
1496 } else if (sel & WPA_KEY_MGMT_PSK_SHA256) {
1497 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
f049052b 1498 wpa_dbg(wpa_s, MSG_DEBUG,
56586197
JM		 1499 "WPA: using KEY_MGMT PSK with SHA256");
1500#endif /* CONFIG_IEEE80211W */
6fc6879b
JM		 1501 } else if (sel & WPA_KEY_MGMT_IEEE8021X) {
1502 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
f049052b 1503 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
6fc6879b
JM		 1504 } else if (sel & WPA_KEY_MGMT_PSK) {
1505 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
f049052b 1506 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
6fc6879b
JM		 1507 } else if (sel & WPA_KEY_MGMT_WPA_NONE) {
1508 wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
f049052b 1509 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
df0f01d9
JM		 1510#ifdef CONFIG_HS20
1511 } else if (sel & WPA_KEY_MGMT_OSEN) {
1512 wpa_s->key_mgmt = WPA_KEY_MGMT_OSEN;
1513 wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: using KEY_MGMT OSEN");
1514#endif /* CONFIG_HS20 */
a1ea1b45
JM		 1515#ifdef CONFIG_OWE
1516 } else if (sel & WPA_KEY_MGMT_OWE) {
1517 wpa_s->key_mgmt = WPA_KEY_MGMT_OWE;
1518 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT OWE");
1519#endif /* CONFIG_OWE */
6fc6879b 1520 } else {
f049052b
BG		 1521 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select "
1522 "authenticated key management type");
6fc6879b
JM		 1523 return -1;
1524 }
1525
1526 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
1527 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
1528 wpa_s->pairwise_cipher);
1529 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
1530
1531#ifdef CONFIG_IEEE80211W
1532 sel = ie.mgmt_group_cipher;
61a56c14
JM		 1533 if (ssid->group_mgmt_cipher)
1534 sel &= ssid->group_mgmt_cipher;
3f56a2b7 1535 if (wpas_get_ssid_pmf(wpa_s, ssid) == NO_MGMT_FRAME_PROTECTION ||
0b60b0aa 1536 !(ie.capabilities & WPA_CAPABILITY_MFPC))
6fc6879b 1537 sel = 0;
853bd19f
JM		 1538 wpa_dbg(wpa_s, MSG_DEBUG,
1539 "WPA: AP mgmt_group_cipher 0x%x network profile mgmt_group_cipher 0x%x; available mgmt_group_cipher 0x%x",
1540 ie.mgmt_group_cipher, ssid->group_mgmt_cipher, sel);
6fc6879b
JM		 1541 if (sel & WPA_CIPHER_AES_128_CMAC) {
1542 wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
f049052b 1543 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
6fc6879b 1544 "AES-128-CMAC");
8dd9f9cd
JM		 1545 } else if (sel & WPA_CIPHER_BIP_GMAC_128) {
1546 wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_GMAC_128;
1547 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1548 "BIP-GMAC-128");
1549 } else if (sel & WPA_CIPHER_BIP_GMAC_256) {
1550 wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_GMAC_256;
1551 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1552 "BIP-GMAC-256");
1553 } else if (sel & WPA_CIPHER_BIP_CMAC_256) {
1554 wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_CMAC_256;
1555 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1556 "BIP-CMAC-256");
6fc6879b
JM		 1557 } else {
1558 wpa_s->mgmt_group_cipher = 0;
f049052b 1559 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
6fc6879b
JM		 1560 }
1561 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
1562 wpa_s->mgmt_group_cipher);
62d49803 1563 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP,
3f56a2b7 1564 wpas_get_ssid_pmf(wpa_s, ssid));
6fc6879b 1565#endif /* CONFIG_IEEE80211W */
55c12f5d
MV		 1566#ifdef CONFIG_OCV
1567 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCV, ssid->ocv);
1568#endif /* CONFIG_OCV */
6fc6879b
JM		 1569
1570 if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
f049052b 1571 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to generate WPA IE");
6fc6879b
JM		 1572 return -1;
1573 }
1574
dd6c5980
JM		 1575 if (0) {
1576#ifdef CONFIG_DPP
1577 } else if (wpa_s->key_mgmt == WPA_KEY_MGMT_DPP) {
1578 /* Use PMK from DPP network introduction (PMKSA entry) */
1579 wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
1580#endif /* CONFIG_DPP */
1581 } else if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt)) {
a52410c2 1582 int psk_set = 0;
06b1a104 1583 int sae_only;
a52410c2 1584
06b1a104
JM		 1585 sae_only = (ssid->key_mgmt & (WPA_KEY_MGMT_PSK |
1586 WPA_KEY_MGMT_FT_PSK |
1587 WPA_KEY_MGMT_PSK_SHA256)) == 0;
1588
1589 if (ssid->psk_set && !sae_only) {
66dbc8d9
JM		 1590 wpa_hexdump_key(MSG_MSGDUMP, "PSK (set in config)",
1591 ssid->psk, PMK_LEN);
70c93963
MH		 1592 wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN, NULL,
1593 NULL);
a52410c2
JM		 1594 psk_set = 1;
1595 }
a34ca59e 1596
06b1a104
JM		 1597 if (wpa_key_mgmt_sae(ssid->key_mgmt) &&
1598 (ssid->sae_password || ssid->passphrase))
a34ca59e
JM		 1599 psk_set = 1;
1600
7d232e23
ZC		 1601#ifndef CONFIG_NO_PBKDF2
1602 if (bss && ssid->bssid_set && ssid->ssid_len == 0 &&
06b1a104 1603 ssid->passphrase && !sae_only) {
7d232e23 1604 u8 psk[PMK_LEN];
986de33d
JM		 1605 pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len,
1606 4096, psk, PMK_LEN);
7d232e23
ZC		 1607 wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
1608 psk, PMK_LEN);
70c93963 1609 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL, NULL);
a52410c2 1610 psk_set = 1;
e886c88e 1611 os_memset(psk, 0, sizeof(psk));
7d232e23
ZC		 1612 }
1613#endif /* CONFIG_NO_PBKDF2 */
9173b16f 1614#ifdef CONFIG_EXT_PASSWORD
06b1a104 1615 if (ssid->ext_psk && !sae_only) {
9173b16f
JM		 1616 struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
1617 ssid->ext_psk);
1618 char pw_str[64 + 1];
1619 u8 psk[PMK_LEN];
1620
1621 if (pw == NULL) {
1622 wpa_msg(wpa_s, MSG_INFO, "EXT PW: No PSK "
1623 "found from external storage");
1624 return -1;
1625 }
1626
1627 if (wpabuf_len(pw) < 8 || wpabuf_len(pw) > 64) {
1628 wpa_msg(wpa_s, MSG_INFO, "EXT PW: Unexpected "
1629 "PSK length %d in external storage",
1630 (int) wpabuf_len(pw));
1631 ext_password_free(pw);
1632 return -1;
1633 }
1634
1635 os_memcpy(pw_str, wpabuf_head(pw), wpabuf_len(pw));
1636 pw_str[wpabuf_len(pw)] = '\0';
1637
1638#ifndef CONFIG_NO_PBKDF2
1639 if (wpabuf_len(pw) >= 8 && wpabuf_len(pw) < 64 && bss)
1640 {
986de33d
JM		 1641 pbkdf2_sha1(pw_str, bss->ssid, bss->ssid_len,
1642 4096, psk, PMK_LEN);
9173b16f
JM		 1643 os_memset(pw_str, 0, sizeof(pw_str));
1644 wpa_hexdump_key(MSG_MSGDUMP, "PSK (from "
1645 "external passphrase)",
1646 psk, PMK_LEN);
70c93963
MH		 1647 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL,
1648 NULL);
a52410c2 1649 psk_set = 1;
e886c88e 1650 os_memset(psk, 0, sizeof(psk));
9173b16f
JM		 1651 } else
1652#endif /* CONFIG_NO_PBKDF2 */
1653 if (wpabuf_len(pw) == 2 * PMK_LEN) {
1654 if (hexstr2bin(pw_str, psk, PMK_LEN) < 0) {
1655 wpa_msg(wpa_s, MSG_INFO, "EXT PW: "
1656 "Invalid PSK hex string");
1657 os_memset(pw_str, 0, sizeof(pw_str));
1658 ext_password_free(pw);
1659 return -1;
1660 }
66dbc8d9
JM		 1661 wpa_hexdump_key(MSG_MSGDUMP,
1662 "PSK (from external PSK)",
1663 psk, PMK_LEN);
70c93963
MH		 1664 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL,
1665 NULL);
a52410c2 1666 psk_set = 1;
e886c88e 1667 os_memset(psk, 0, sizeof(psk));
9173b16f
JM		 1668 } else {
1669 wpa_msg(wpa_s, MSG_INFO, "EXT PW: No suitable "
1670 "PSK available");
1671 os_memset(pw_str, 0, sizeof(pw_str));
1672 ext_password_free(pw);
1673 return -1;
1674 }
1675
1676 os_memset(pw_str, 0, sizeof(pw_str));
1677 ext_password_free(pw);
1678 }
1679#endif /* CONFIG_EXT_PASSWORD */
a52410c2
JM		 1680
1681 if (!psk_set) {
1682 wpa_msg(wpa_s, MSG_INFO,
1683 "No PSK available for association");
06b1a104 1684 wpas_auth_failed(wpa_s, "NO_PSK_AVAILABLE");
a52410c2
JM		 1685 return -1;
1686 }
675112df
JM		 1687#ifdef CONFIG_OWE
1688 } else if (wpa_s->key_mgmt == WPA_KEY_MGMT_OWE) {
1689 /* OWE Diffie-Hellman exchange in (Re)Association
1690 * Request/Response frames set the PMK, so do not override it
1691 * here. */
1692#endif /* CONFIG_OWE */
7d232e23 1693 } else
6fc6879b
JM		 1694 wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
1695
1696 return 0;
1697}
1698
1699
8cd6b7bc 1700static void wpas_ext_capab_byte(struct wpa_supplicant *wpa_s, u8 *pos, int idx)
03e47c9c 1701{
8cd6b7bc 1702 *pos = 0x00;
03e47c9c 1703
8cd6b7bc
JB		 1704 switch (idx) {
1705 case 0: /* Bits 0-7 */
1706 break;
1707 case 1: /* Bits 8-15 */
d514b502
JM		 1708 if (wpa_s->conf->coloc_intf_reporting) {
1709 /* Bit 13 - Collocated Interference Reporting */
1710 *pos |= 0x20;
1711 }
8cd6b7bc
JB		 1712 break;
1713 case 2: /* Bits 16-23 */
1714#ifdef CONFIG_WNM
1715 *pos |= 0x02; /* Bit 17 - WNM-Sleep Mode */
ef59f987
AB		 1716 if (!wpa_s->conf->disable_btm)
1717 *pos |= 0x08; /* Bit 19 - BSS Transition */
8cd6b7bc
JB		 1718#endif /* CONFIG_WNM */
1719 break;
1720 case 3: /* Bits 24-31 */
1721#ifdef CONFIG_WNM
1722 *pos |= 0x02; /* Bit 25 - SSID List */
1723#endif /* CONFIG_WNM */
03e47c9c 1724#ifdef CONFIG_INTERWORKING
8cd6b7bc
JB		 1725 if (wpa_s->conf->interworking)
1726 *pos |= 0x80; /* Bit 31 - Interworking */
03e47c9c 1727#endif /* CONFIG_INTERWORKING */
8cd6b7bc
JB		 1728 break;
1729 case 4: /* Bits 32-39 */
56f5af48 1730#ifdef CONFIG_INTERWORKING
1e1245bc 1731 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_QOS_MAPPING)
429dd9af 1732 *pos |= 0x01; /* Bit 32 - QoS Map */
56f5af48 1733#endif /* CONFIG_INTERWORKING */
8cd6b7bc
JB		 1734 break;
1735 case 5: /* Bits 40-47 */
95a3ea94
JM		 1736#ifdef CONFIG_HS20
1737 if (wpa_s->conf->hs20)
1738 *pos |= 0x40; /* Bit 46 - WNM-Notification */
1739#endif /* CONFIG_HS20 */
92c6e2e3
DS		 1740#ifdef CONFIG_MBO
1741 *pos |= 0x40; /* Bit 46 - WNM-Notification */
1742#endif /* CONFIG_MBO */
8cd6b7bc
JB		 1743 break;
1744 case 6: /* Bits 48-55 */
1745 break;
d1723c55
LD		 1746 case 7: /* Bits 56-63 */
1747 break;
1748 case 8: /* Bits 64-71 */
1749 if (wpa_s->conf->ftm_responder)
1750 *pos |= 0x40; /* Bit 70 - FTM responder */
1751 if (wpa_s->conf->ftm_initiator)
1752 *pos |= 0x80; /* Bit 71 - FTM initiator */
1753 break;
e4d2ce1b
JM		 1754 case 9: /* Bits 72-79 */
1755#ifdef CONFIG_FILS
d98038bb 1756 if (!wpa_s->disable_fils)
1757 *pos |= 0x01;
e4d2ce1b
JM		 1758#endif /* CONFIG_FILS */
1759 break;
8cd6b7bc
JB		 1760 }
1761}
03e47c9c 1762
03e47c9c 1763
0bbaa9b9 1764int wpas_build_ext_capab(struct wpa_supplicant *wpa_s, u8 *buf, size_t buflen)
8cd6b7bc
JB		 1765{
1766 u8 *pos = buf;
e4d2ce1b 1767 u8 len = 10, i;
8cd6b7bc
JB		 1768
1769 if (len < wpa_s->extended_capa_len)
1770 len = wpa_s->extended_capa_len;
0bbaa9b9
JM		 1771 if (buflen < (size_t) len + 2) {
1772 wpa_printf(MSG_INFO,
1773 "Not enough room for building extended capabilities element");
1774 return -1;
1775 }
03e47c9c
JM		 1776
1777 *pos++ = WLAN_EID_EXT_CAPAB;
8cd6b7bc
JB		 1778 *pos++ = len;
1779 for (i = 0; i < len; i++, pos++) {
1780 wpas_ext_capab_byte(wpa_s, pos, i);
1781
1782 if (i < wpa_s->extended_capa_len) {
1783 *pos &= ~wpa_s->extended_capa_mask[i];
1784 *pos |= wpa_s->extended_capa[i];
1785 }
1786 }
03e47c9c 1787
3db5439a
JM		 1788 while (len > 0 && buf[1 + len] == 0) {
1789 len--;
1790 buf[1] = len;
1791 }
1792 if (len == 0)
1793 return 0;
1794
1795 return 2 + len;
03e47c9c
JM		 1796}
1797
1798
6ac4b15e
JM		 1799static int wpas_valid_bss(struct wpa_supplicant *wpa_s,
1800 struct wpa_bss *test_bss)
1801{
1802 struct wpa_bss *bss;
1803
1804 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
1805 if (bss == test_bss)
1806 return 1;
1807 }
1808
1809 return 0;
1810}
1811
1812
1813static int wpas_valid_ssid(struct wpa_supplicant *wpa_s,
1814 struct wpa_ssid *test_ssid)
1815{
1816 struct wpa_ssid *ssid;
1817
1818 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
1819 if (ssid == test_ssid)
1820 return 1;
1821 }
1822
1823 return 0;
1824}
1825
1826
1827int wpas_valid_bss_ssid(struct wpa_supplicant *wpa_s, struct wpa_bss *test_bss,
1828 struct wpa_ssid *test_ssid)
1829{
1830 if (test_bss && !wpas_valid_bss(wpa_s, test_bss))
1831 return 0;
1832
1833 return test_ssid == NULL || wpas_valid_ssid(wpa_s, test_ssid);
1834}
1835
1836
1837void wpas_connect_work_free(struct wpa_connect_work *cwork)
1838{
1839 if (cwork == NULL)
1840 return;
1841 os_free(cwork);
1842}
1843
1844
1845void wpas_connect_work_done(struct wpa_supplicant *wpa_s)
1846{
1847 struct wpa_connect_work *cwork;
1848 struct wpa_radio_work *work = wpa_s->connect_work;
1849
1850 if (!work)
1851 return;
1852
1853 wpa_s->connect_work = NULL;
1854 cwork = work->ctx;
1855 work->ctx = NULL;
1856 wpas_connect_work_free(cwork);
1857 radio_work_done(work);
1858}
1859
1860
a313d17d 1861int wpas_update_random_addr(struct wpa_supplicant *wpa_s, int style)
c267753b
JM		 1862{
1863 struct os_reltime now;
1864 u8 addr[ETH_ALEN];
1865
1866 os_get_reltime(&now);
a313d17d
JM		 1867 if (wpa_s->last_mac_addr_style == style &&
1868 wpa_s->last_mac_addr_change.sec != 0 &&
c267753b
JM		 1869 !os_reltime_expired(&now, &wpa_s->last_mac_addr_change,
1870 wpa_s->conf->rand_addr_lifetime)) {
1871 wpa_msg(wpa_s, MSG_DEBUG,
1872 "Previously selected random MAC address has not yet expired");
1873 return 0;
1874 }
1875
a313d17d
JM		 1876 switch (style) {
1877 case 1:
1878 if (random_mac_addr(addr) < 0)
1879 return -1;
1880 break;
1881 case 2:
1882 os_memcpy(addr, wpa_s->perm_addr, ETH_ALEN);
1883 if (random_mac_addr_keep_oui(addr) < 0)
1884 return -1;
1885 break;
1886 default:
c267753b 1887 return -1;
a313d17d 1888 }
c267753b
JM		 1889
1890 if (wpa_drv_set_mac_addr(wpa_s, addr) < 0) {
1891 wpa_msg(wpa_s, MSG_INFO,
1892 "Failed to set random MAC address");
1893 return -1;
1894 }
1895
1896 os_get_reltime(&wpa_s->last_mac_addr_change);
1897 wpa_s->mac_addr_changed = 1;
a313d17d 1898 wpa_s->last_mac_addr_style = style;
c267753b
JM		 1899
1900 if (wpa_supplicant_update_mac_addr(wpa_s) < 0) {
1901 wpa_msg(wpa_s, MSG_INFO,
1902 "Could not update MAC address information");
1903 return -1;
1904 }
1905
1906 wpa_msg(wpa_s, MSG_DEBUG, "Using random MAC address " MACSTR,
1907 MAC2STR(addr));
1908
1909 return 0;
1910}
1911
1912
1913int wpas_update_random_addr_disassoc(struct wpa_supplicant *wpa_s)
1914{
1915 if (wpa_s->wpa_state >= WPA_AUTHENTICATING ||
1916 !wpa_s->conf->preassoc_mac_addr)
1917 return 0;
1918
a313d17d 1919 return wpas_update_random_addr(wpa_s, wpa_s->conf->preassoc_mac_addr);
c267753b
JM		 1920}
1921
1922
6ac4b15e
JM		 1923static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit);
1924
6fc6879b
JM		 1925/**
1926 * wpa_supplicant_associate - Request association
1927 * @wpa_s: Pointer to wpa_supplicant data
1928 * @bss: Scan results for the selected BSS, or %NULL if not available
1929 * @ssid: Configuration data for the selected network
1930 *
1931 * This function is used to request %wpa_supplicant to associate with a BSS.
1932 */
1933void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
6fa81a3b 1934 struct wpa_bss *bss, struct wpa_ssid *ssid)
6fc6879b 1935{
6ac4b15e 1936 struct wpa_connect_work *cwork;
a313d17d
JM		 1937 int rand_style;
1938
a8412ec9
JM		 1939 wpa_s->own_disconnect_req = 0;
1940
e7160bd8
JM		 1941 /*
1942 * If we are starting a new connection, any previously pending EAPOL
1943 * RX cannot be valid anymore.
1944 */
1945 wpabuf_free(wpa_s->pending_eapol_rx);
1946 wpa_s->pending_eapol_rx = NULL;
1947
a313d17d
JM		 1948 if (ssid->mac_addr == -1)
1949 rand_style = wpa_s->conf->mac_addr;
1950 else
1951 rand_style = ssid->mac_addr;
6fc6879b 1952
8c42b369
EP		 1953 wmm_ac_clear_saved_tspecs(wpa_s);
1954 wpa_s->reassoc_same_bss = 0;
6a5ee810 1955 wpa_s->reassoc_same_ess = 0;
daa40960
JM		 1956#ifdef CONFIG_TESTING_OPTIONS
1957 wpa_s->testing_resend_assoc = 0;
1958#endif /* CONFIG_TESTING_OPTIONS */
8c42b369 1959
c267753b
JM		 1960 if (wpa_s->last_ssid == ssid) {
1961 wpa_dbg(wpa_s, MSG_DEBUG, "Re-association to the same ESS");
6a5ee810 1962 wpa_s->reassoc_same_ess = 1;
8c42b369
EP		 1963 if (wpa_s->current_bss && wpa_s->current_bss == bss) {
1964 wmm_ac_save_tspecs(wpa_s);
1965 wpa_s->reassoc_same_bss = 1;
2bbad1c7
MW		 1966 } else if (wpa_s->current_bss && wpa_s->current_bss != bss) {
1967 os_get_reltime(&wpa_s->roam_start);
8c42b369 1968 }
5d30f927
BR		 1969 }
1970
1971 if (rand_style > 0 && !wpa_s->reassoc_same_ess) {
a313d17d 1972 if (wpas_update_random_addr(wpa_s, rand_style) < 0)
c267753b
JM		 1973 return;
1974 wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
5d30f927 1975 } else if (rand_style == 0 && wpa_s->mac_addr_changed) {
c267753b
JM		 1976 if (wpa_drv_set_mac_addr(wpa_s, NULL) < 0) {
1977 wpa_msg(wpa_s, MSG_INFO,
1978 "Could not restore permanent MAC address");
1979 return;
1980 }
1981 wpa_s->mac_addr_changed = 0;
1982 if (wpa_supplicant_update_mac_addr(wpa_s) < 0) {
1983 wpa_msg(wpa_s, MSG_INFO,
1984 "Could not update MAC address information");
1985 return;
1986 }
1987 wpa_msg(wpa_s, MSG_DEBUG, "Using permanent MAC address");
1988 }
1989 wpa_s->last_ssid = ssid;
1990
78177a00
JM		 1991#ifdef CONFIG_IBSS_RSN
1992 ibss_rsn_deinit(wpa_s->ibss_rsn);
1993 wpa_s->ibss_rsn = NULL;
81a10a94
JM		 1994#else /* CONFIG_IBSS_RSN */
1995 if (ssid->mode == WPAS_MODE_IBSS &&
1996 !(ssid->key_mgmt & (WPA_KEY_MGMT_NONE | WPA_KEY_MGMT_WPA_NONE))) {
1997 wpa_msg(wpa_s, MSG_INFO,
1998 "IBSS RSN not supported in the build");
1999 return;
2000 }
78177a00
JM		 2001#endif /* CONFIG_IBSS_RSN */
2002
2c5d725c
JM		 2003 if (ssid->mode == WPAS_MODE_AP || ssid->mode == WPAS_MODE_P2P_GO ||
2004 ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION) {
1581b38b
JM		 2005#ifdef CONFIG_AP
2006 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP)) {
f049052b
BG		 2007 wpa_msg(wpa_s, MSG_INFO, "Driver does not support AP "
2008 "mode");
1581b38b
JM		 2009 return;
2010 }
8c981d17
DW		 2011 if (wpa_supplicant_create_ap(wpa_s, ssid) < 0) {
2012 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
b2b688d1
VKE		 2013 if (ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION)
2014 wpas_p2p_ap_setup_failed(wpa_s);
8c981d17
DW		 2015 return;
2016 }
8f770587 2017 wpa_s->current_bss = bss;
1581b38b 2018#else /* CONFIG_AP */
f049052b
BG		 2019 wpa_msg(wpa_s, MSG_ERROR, "AP mode support not included in "
2020 "the build");
1581b38b
JM		 2021#endif /* CONFIG_AP */
2022 return;
2023 }
2024
603a3f34
JL		 2025 if (ssid->mode == WPAS_MODE_MESH) {
2026#ifdef CONFIG_MESH
2027 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_MESH)) {
2028 wpa_msg(wpa_s, MSG_INFO,
2029 "Driver does not support mesh mode");
2030 return;
2031 }
2032 if (bss)
2033 ssid->frequency = bss->freq;
2034 if (wpa_supplicant_join_mesh(wpa_s, ssid) < 0) {
2035 wpa_msg(wpa_s, MSG_ERROR, "Could not join mesh");
2036 return;
2037 }
2038 wpa_s->current_bss = bss;
6174de66
JM		 2039 wpa_msg(wpa_s, MSG_INFO, MESH_GROUP_STARTED "ssid=\"%s\" id=%d",
2040 wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
2041 ssid->id);
89e9cd25 2042 wpas_notify_mesh_group_started(wpa_s, ssid);
603a3f34
JL		 2043#else /* CONFIG_MESH */
2044 wpa_msg(wpa_s, MSG_ERROR,
2045 "mesh mode support not included in the build");
2046#endif /* CONFIG_MESH */
2047 return;
2048 }
2049
2efc6720
JM		 2050 /*
2051 * Set WPA state machine configuration to match the selected network now
2052 * so that the information is available before wpas_start_assoc_cb()
2053 * gets called. This is needed at least for RSN pre-authentication where
2054 * candidate APs are added to a list based on scan result processing
2055 * before completion of the first association.
2056 */
2057 wpa_supplicant_rsn_supp_set_config(wpa_s, ssid);
2058
a0d5c56f
JM		 2059#ifdef CONFIG_DPP
2060 if (wpas_dpp_check_connect(wpa_s, ssid, bss) != 0)
2061 return;
2062#endif /* CONFIG_DPP */
2063
52c9e6f3 2064#ifdef CONFIG_TDLS
95cb2d88
JM		 2065 if (bss)
2066 wpa_tdls_ap_ies(wpa_s->wpa, (const u8 *) (bss + 1),
2067 bss->ie_len);
52c9e6f3
JM		 2068#endif /* CONFIG_TDLS */
2069
5cc4d64b 2070 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
f74618cb 2071 ssid->mode == WPAS_MODE_INFRA) {
c2a04078
JM		 2072 sme_authenticate(wpa_s, bss, ssid);
2073 return;
2074 }
2075
6ac4b15e
JM		 2076 if (wpa_s->connect_work) {
2077 wpa_dbg(wpa_s, MSG_DEBUG, "Reject wpa_supplicant_associate() call since connect_work exist");
2078 return;
2079 }
2080
f0e30c84
JM		 2081 if (radio_work_pending(wpa_s, "connect")) {
2082 wpa_dbg(wpa_s, MSG_DEBUG, "Reject wpa_supplicant_associate() call since pending work exist");
2083 return;
2084 }
2085
a1836de6
JM		 2086#ifdef CONFIG_SME
2087 if (ssid->mode == WPAS_MODE_IBSS || ssid->mode == WPAS_MODE_MESH) {
2088 /* Clear possibly set auth_alg, if any, from last attempt. */
2089 wpa_s->sme.auth_alg = WPA_AUTH_ALG_OPEN;
2090 }
2091#endif /* CONFIG_SME */
2092
4ead7cfd
KV		 2093 wpas_abort_ongoing_scan(wpa_s);
2094
6ac4b15e
JM		 2095 cwork = os_zalloc(sizeof(*cwork));
2096 if (cwork == NULL)
2097 return;
2098
2099 cwork->bss = bss;
2100 cwork->ssid = ssid;
2101
2102 if (radio_add_work(wpa_s, bss ? bss->freq : 0, "connect", 1,
2103 wpas_start_assoc_cb, cwork) < 0) {
2104 os_free(cwork);
2105 }
2106}
2107
2108
98479dc9
JD		 2109static int bss_is_ibss(struct wpa_bss *bss)
2110{
2111 return (bss->caps & (IEEE80211_CAP_ESS | IEEE80211_CAP_IBSS)) ==
2112 IEEE80211_CAP_IBSS;
2113}
2114
2115
a65efbfb
PO		 2116static int drv_supports_vht(struct wpa_supplicant *wpa_s,
2117 const struct wpa_ssid *ssid)
2118{
2119 enum hostapd_hw_mode hw_mode;
2120 struct hostapd_hw_modes *mode = NULL;
2121 u8 channel;
2122 int i;
2123
a65efbfb
PO		 2124 hw_mode = ieee80211_freq_to_chan(ssid->frequency, &channel);
2125 if (hw_mode == NUM_HOSTAPD_MODES)
2126 return 0;
2127 for (i = 0; wpa_s->hw.modes && i < wpa_s->hw.num_modes; i++) {
2128 if (wpa_s->hw.modes[i].mode == hw_mode) {
2129 mode = &wpa_s->hw.modes[i];
2130 break;
2131 }
2132 }
2133
2134 if (!mode)
2135 return 0;
2136
2137 return mode->vht_capab != 0;
2138}
2139
2140
54fe48b9
JM		 2141void ibss_mesh_setup_freq(struct wpa_supplicant *wpa_s,
2142 const struct wpa_ssid *ssid,
2143 struct hostapd_freq_params *freq)
1830817e 2144{
3459c54a 2145 int ieee80211_mode = wpas_mode_to_ieee80211_mode(ssid->mode);
1830817e
JD		 2146 enum hostapd_hw_mode hw_mode;
2147 struct hostapd_hw_modes *mode = NULL;
6b8b0774
JD		 2148 int ht40plus[] = { 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157,
2149 184, 192 };
563ee183 2150 int vht80[] = { 36, 52, 100, 116, 132, 149 };
6b8b0774 2151 struct hostapd_channel_data *pri_chan = NULL, *sec_chan = NULL;
1830817e 2152 u8 channel;
98479dc9 2153 int i, chan_idx, ht40 = -1, res, obss_scan = 1;
0f29bc68 2154 unsigned int j, k;
563ee183 2155 struct hostapd_freq_params vht_freq;
0f29bc68
AK		 2156 int chwidth, seg0, seg1;
2157 u32 vht_caps = 0;
1830817e
JD		 2158
2159 freq->freq = ssid->frequency;
2160
98479dc9
JD		 2161 for (j = 0; j < wpa_s->last_scan_res_used; j++) {
2162 struct wpa_bss *bss = wpa_s->last_scan_res[j];
2163
2164 if (ssid->mode != WPAS_MODE_IBSS)
2165 break;
2166
2167 /* Don't adjust control freq in case of fixed_freq */
2168 if (ssid->fixed_freq)
2169 break;
2170
2171 if (!bss_is_ibss(bss))
2172 continue;
2173
2174 if (ssid->ssid_len == bss->ssid_len &&
2175 os_memcmp(ssid->ssid, bss->ssid, bss->ssid_len) == 0) {
2176 wpa_printf(MSG_DEBUG,
2177 "IBSS already found in scan results, adjust control freq: %d",
2178 bss->freq);
2179 freq->freq = bss->freq;
2180 obss_scan = 0;
2181 break;
2182 }
2183 }
2184
1830817e
JD		 2185 /* For IBSS check HT_IBSS flag */
2186 if (ssid->mode == WPAS_MODE_IBSS &&
2187 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_HT_IBSS))
2188 return;
2189
d9a9bc04
JD		 2190 if (wpa_s->group_cipher == WPA_CIPHER_WEP40 ||
2191 wpa_s->group_cipher == WPA_CIPHER_WEP104 ||
2192 wpa_s->pairwise_cipher == WPA_CIPHER_TKIP) {
2193 wpa_printf(MSG_DEBUG,
2194 "IBSS: WEP/TKIP detected, do not try to enable HT");
2195 return;
2196 }
2197
98479dc9 2198 hw_mode = ieee80211_freq_to_chan(freq->freq, &channel);
1830817e
JD		 2199 for (i = 0; wpa_s->hw.modes && i < wpa_s->hw.num_modes; i++) {
2200 if (wpa_s->hw.modes[i].mode == hw_mode) {
2201 mode = &wpa_s->hw.modes[i];
2202 break;
2203 }
2204 }
2205
2206 if (!mode)
2207 return;
2208
3459c54a
SE		 2209 /* HE can work without HT + VHT */
2210 freq->he_enabled = mode->he_capab[ieee80211_mode].he_supported;
2211
3388e7b9
MH		 2212#ifdef CONFIG_HT_OVERRIDES
2213 if (ssid->disable_ht) {
2214 freq->ht_enabled = 0;
2215 return;
2216 }
2217#endif /* CONFIG_HT_OVERRIDES */
2218
1830817e 2219 freq->ht_enabled = ht_supported(mode);
6b8b0774
JD		 2220 if (!freq->ht_enabled)
2221 return;
2222
2223 /* Setup higher BW only for 5 GHz */
2224 if (mode->mode != HOSTAPD_MODE_IEEE80211A)
2225 return;
2226
2227 for (chan_idx = 0; chan_idx < mode->num_channels; chan_idx++) {
2228 pri_chan = &mode->channels[chan_idx];
2229 if (pri_chan->chan == channel)
2230 break;
2231 pri_chan = NULL;
2232 }
2233 if (!pri_chan)
2234 return;
2235
2236 /* Check primary channel flags */
2237 if (pri_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
2238 return;
2239
e5a9b1e8
PO		 2240 freq->channel = pri_chan->chan;
2241
05aed438 2242#ifdef CONFIG_HT_OVERRIDES
e5a9b1e8
PO		 2243 if (ssid->disable_ht40) {
2244 if (ssid->disable_vht)
2245 return;
2246 goto skip_ht40;
2247 }
05aed438
MH		 2248#endif /* CONFIG_HT_OVERRIDES */
2249
6b8b0774
JD		 2250 /* Check/setup HT40+/HT40- */
2251 for (j = 0; j < ARRAY_SIZE(ht40plus); j++) {
2252 if (ht40plus[j] == channel) {
2253 ht40 = 1;
2254 break;
2255 }
2256 }
2257
2258 /* Find secondary channel */
2259 for (i = 0; i < mode->num_channels; i++) {
2260 sec_chan = &mode->channels[i];
2261 if (sec_chan->chan == channel + ht40 * 4)
2262 break;
2263 sec_chan = NULL;
2264 }
2265 if (!sec_chan)
2266 return;
2267
2268 /* Check secondary channel flags */
2269 if (sec_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
2270 return;
2271
ecba4509 2272 if (ht40 == -1) {
6b8b0774
JD		 2273 if (!(pri_chan->flag & HOSTAPD_CHAN_HT40MINUS))
2274 return;
ecba4509 2275 } else {
6b8b0774
JD		 2276 if (!(pri_chan->flag & HOSTAPD_CHAN_HT40PLUS))
2277 return;
6b8b0774 2278 }
ecba4509 2279 freq->sec_channel_offset = ht40;
6b8b0774 2280
ecba4509 2281 if (obss_scan) {
6b8b0774
JD		 2282 struct wpa_scan_results *scan_res;
2283
2284 scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL, 0);
2285 if (scan_res == NULL) {
2286 /* Back to HT20 */
2287 freq->sec_channel_offset = 0;
2288 return;
2289 }
2290
2291 res = check_40mhz_5g(mode, scan_res, pri_chan->chan,
2292 sec_chan->chan);
2293 switch (res) {
2294 case 0:
2295 /* Back to HT20 */
2296 freq->sec_channel_offset = 0;
2297 break;
2298 case 1:
2299 /* Configuration allowed */
2300 break;
2301 case 2:
2302 /* Switch pri/sec channels */
2303 freq->freq = hw_get_freq(mode, sec_chan->chan);
2304 freq->sec_channel_offset = -freq->sec_channel_offset;
2305 freq->channel = sec_chan->chan;
2306 break;
2307 default:
2308 freq->sec_channel_offset = 0;
2309 break;
2310 }
2311
2312 wpa_scan_results_free(scan_res);
2313 }
2314
e5a9b1e8
PO		 2315#ifdef CONFIG_HT_OVERRIDES
2316skip_ht40:
2317#endif /* CONFIG_HT_OVERRIDES */
6b8b0774
JD		 2318 wpa_printf(MSG_DEBUG,
2319 "IBSS/mesh: setup freq channel %d, sec_channel_offset %d",
2320 freq->channel, freq->sec_channel_offset);
563ee183 2321
a65efbfb 2322 if (!drv_supports_vht(wpa_s, ssid))
563ee183
JD		 2323 return;
2324
2325 /* For IBSS check VHT_IBSS flag */
a65efbfb
PO		 2326 if (ssid->mode == WPAS_MODE_IBSS &&
2327 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_VHT_IBSS))
563ee183
JD		 2328 return;
2329
2330 vht_freq = *freq;
2331
b301f54e
JM		 2332#ifdef CONFIG_VHT_OVERRIDES
2333 if (ssid->disable_vht) {
2334 freq->vht_enabled = 0;
2335 return;
2336 }
2337#endif /* CONFIG_VHT_OVERRIDES */
2338
563ee183
JD		 2339 vht_freq.vht_enabled = vht_supported(mode);
2340 if (!vht_freq.vht_enabled)
2341 return;
2342
2343 /* setup center_freq1, bandwidth */
2344 for (j = 0; j < ARRAY_SIZE(vht80); j++) {
2345 if (freq->channel >= vht80[j] &&
2346 freq->channel < vht80[j] + 16)
2347 break;
2348 }
2349
2350 if (j == ARRAY_SIZE(vht80))
2351 return;
2352
2353 for (i = vht80[j]; i < vht80[j] + 16; i += 4) {
2354 struct hostapd_channel_data *chan;
2355
2356 chan = hw_get_channel_chan(mode, i, NULL);
2357 if (!chan)
2358 return;
2359
2360 /* Back to HT configuration if channel not usable */
2361 if (chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
2362 return;
2363 }
2364
464dcfd0 2365 chwidth = CHANWIDTH_80MHZ;
0f29bc68
AK		 2366 seg0 = vht80[j] + 6;
2367 seg1 = 0;
2368
464dcfd0 2369 if (ssid->max_oper_chwidth == CHANWIDTH_80P80MHZ) {
0f29bc68
AK		 2370 /* setup center_freq2, bandwidth */
2371 for (k = 0; k < ARRAY_SIZE(vht80); k++) {
2372 /* Only accept 80 MHz segments separated by a gap */
2373 if (j == k || abs(vht80[j] - vht80[k]) == 16)
2374 continue;
2375 for (i = vht80[k]; i < vht80[k] + 16; i += 4) {
2376 struct hostapd_channel_data *chan;
2377
2378 chan = hw_get_channel_chan(mode, i, NULL);
2379 if (!chan)
2380 continue;
2381
2382 if (chan->flag & (HOSTAPD_CHAN_DISABLED |
2383 HOSTAPD_CHAN_NO_IR |
2384 HOSTAPD_CHAN_RADAR))
2385 continue;
2386
2387 /* Found a suitable second segment for 80+80 */
464dcfd0 2388 chwidth = CHANWIDTH_80P80MHZ;
0f29bc68
AK		 2389 vht_caps |=
2390 VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ;
2391 seg1 = vht80[k] + 6;
2392 }
2393
464dcfd0 2394 if (chwidth == CHANWIDTH_80P80MHZ)
0f29bc68
AK		 2395 break;
2396 }
464dcfd0 2397 } else if (ssid->max_oper_chwidth == CHANWIDTH_160MHZ) {
331f0774 2398 if (freq->freq == 5180) {
464dcfd0 2399 chwidth = CHANWIDTH_160MHZ;
331f0774
JM		 2400 vht_caps |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
2401 seg0 = 50;
2402 } else if (freq->freq == 5520) {
464dcfd0 2403 chwidth = CHANWIDTH_160MHZ;
331f0774
JM		 2404 vht_caps |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
2405 seg0 = 114;
2406 }
464dcfd0
JC		 2407 } else if (ssid->max_oper_chwidth == CHANWIDTH_USE_HT) {
2408 chwidth = CHANWIDTH_USE_HT;
806db174 2409 seg0 = vht80[j] + 2;
e5a9b1e8
PO		 2410#ifdef CONFIG_HT_OVERRIDES
2411 if (ssid->disable_ht40)
2412 seg0 = 0;
2413#endif /* CONFIG_HT_OVERRIDES */
0f29bc68
AK		 2414 }
2415
563ee183
JD		 2416 if (hostapd_set_freq_params(&vht_freq, mode->mode, freq->freq,
2417 freq->channel, freq->ht_enabled,
3459c54a 2418 vht_freq.vht_enabled, freq->he_enabled,
563ee183 2419 freq->sec_channel_offset,
3459c54a
SE		 2420 chwidth, seg0, seg1, vht_caps,
2421 &mode->he_capab[ieee80211_mode]) != 0)
563ee183
JD		 2422 return;
2423
2424 *freq = vht_freq;
2425
2426 wpa_printf(MSG_DEBUG, "IBSS: VHT setup freq cf1 %d, cf2 %d, bw %d",
2427 freq->center_freq1, freq->center_freq2, freq->bandwidth);
1830817e
JD		 2428}
2429
2430
a38090b1
VK		 2431#ifdef CONFIG_FILS
2432static size_t wpas_add_fils_hlp_req(struct wpa_supplicant *wpa_s, u8 *ie_buf,
2433 size_t ie_buf_len)
2434{
2435 struct fils_hlp_req *req;
2436 size_t rem_len, hdr_len, hlp_len, len, ie_len = 0;
2437 const u8 *pos;
2438 u8 *buf = ie_buf;
2439
2440 dl_list_for_each(req, &wpa_s->fils_hlp_req, struct fils_hlp_req,
2441 list) {
2442 rem_len = ie_buf_len - ie_len;
2443 pos = wpabuf_head(req->pkt);
2444 hdr_len = 1 + 2 * ETH_ALEN + 6;
2445 hlp_len = wpabuf_len(req->pkt);
2446
2447 if (rem_len < 2 + hdr_len + hlp_len) {
2448 wpa_printf(MSG_ERROR,
2449 "FILS: Cannot fit HLP - rem_len=%lu to_fill=%lu",
2450 (unsigned long) rem_len,
2451 (unsigned long) (2 + hdr_len + hlp_len));
2452 break;
2453 }
2454
2455 len = (hdr_len + hlp_len) > 255 ? 255 : hdr_len + hlp_len;
2456 /* Element ID */
2457 *buf++ = WLAN_EID_EXTENSION;
2458 /* Length */
2459 *buf++ = len;
2460 /* Element ID Extension */
2461 *buf++ = WLAN_EID_EXT_FILS_HLP_CONTAINER;
2462 /* Destination MAC address */
2463 os_memcpy(buf, req->dst, ETH_ALEN);
2464 buf += ETH_ALEN;
2465 /* Source MAC address */
2466 os_memcpy(buf, wpa_s->own_addr, ETH_ALEN);
2467 buf += ETH_ALEN;
2468 /* LLC/SNAP Header */
2469 os_memcpy(buf, "\xaa\xaa\x03\x00\x00\x00", 6);
2470 buf += 6;
2471 /* HLP Packet */
2472 os_memcpy(buf, pos, len - hdr_len);
2473 buf += len - hdr_len;
2474 pos += len - hdr_len;
2475
2476 hlp_len -= len - hdr_len;
2477 ie_len += 2 + len;
2478 rem_len -= 2 + len;
2479
2480 while (hlp_len) {
2481 len = (hlp_len > 255) ? 255 : hlp_len;
2482 if (rem_len < 2 + len)
2483 break;
2484 *buf++ = WLAN_EID_FRAGMENT;
2485 *buf++ = len;
2486 os_memcpy(buf, pos, len);
2487 buf += len;
2488 pos += len;
2489
2490 hlp_len -= len;
2491 ie_len += 2 + len;
2492 rem_len -= 2 + len;
2493 }
2494 }
2495
2496 return ie_len;
2497}
e4802127
MH		 2498
2499
2500int wpa_is_fils_supported(struct wpa_supplicant *wpa_s)
2501{
2502 return (((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2503 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SUPPORT_FILS)) ||
2504 (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2505 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD)));
2506}
2507
2508
2509int wpa_is_fils_sk_pfs_supported(struct wpa_supplicant *wpa_s)
2510{
2511#ifdef CONFIG_FILS_SK_PFS
2512 return (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2513 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SUPPORT_FILS);
2514#else /* CONFIG_FILS_SK_PFS */
2515 return 0;
2516#endif /* CONFIG_FILS_SK_PFS */
2517}
2518
a38090b1
VK		 2519#endif /* CONFIG_FILS */
2520
2521
d2ba0d71
VK		 2522static u8 * wpas_populate_assoc_ies(
2523 struct wpa_supplicant *wpa_s,
2524 struct wpa_bss *bss, struct wpa_ssid *ssid,
6338c99e
VK		 2525 struct wpa_driver_associate_params *params,
2526 enum wpa_drv_update_connect_params_mask *mask)
6ac4b15e 2527{
1e6780bd 2528 u8 *wpa_ie;
10970465 2529 size_t max_wpa_ie_len = 500;
6ac4b15e 2530 size_t wpa_ie_len;
6ac4b15e 2531 int algs = WPA_AUTH_ALG_OPEN;
077232f6
BL		 2532#ifdef CONFIG_MBO
2533 const u8 *mbo_ie;
2534#endif
eb3234c0
SM		 2535#ifdef CONFIG_SAE
2536 int sae_pmksa_cached = 0;
2537#endif /* CONFIG_SAE */
8b0a6dba
VK		 2538#ifdef CONFIG_FILS
2539 const u8 *realm, *username, *rrk;
2540 size_t realm_len, username_len, rrk_len;
2541 u16 next_seq_num;
b377ec25 2542 struct fils_hlp_req *req;
6fc6879b 2543
b377ec25
VK		 2544 dl_list_for_each(req, &wpa_s->fils_hlp_req, struct fils_hlp_req,
2545 list) {
2546 max_wpa_ie_len += 3 + 2 * ETH_ALEN + 6 + wpabuf_len(req->pkt) +
2547 2 + 2 * wpabuf_len(req->pkt) / 255;
8b0a6dba
VK		 2548 }
2549#endif /* CONFIG_FILS */
8b0a6dba 2550
1e6780bd
VK		 2551 wpa_ie = os_malloc(max_wpa_ie_len);
2552 if (!wpa_ie) {
2553 wpa_printf(MSG_ERROR,
2554 "Failed to allocate connect IE buffer for %lu bytes",
2555 (unsigned long) max_wpa_ie_len);
d2ba0d71 2556 return NULL;
1e6780bd
VK		 2557 }
2558
6fa81a3b
JM		 2559 if (bss && (wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
2560 wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
0bf927a0 2561 wpa_key_mgmt_wpa(ssid->key_mgmt)) {
6fc6879b 2562 int try_opportunistic;
79f3121b
VK		 2563 const u8 *cache_id = NULL;
2564
6e202021
JM		 2565 try_opportunistic = (ssid->proactive_key_caching < 0 ?
2566 wpa_s->conf->okc :
2567 ssid->proactive_key_caching) &&
6fc6879b 2568 (ssid->proto & WPA_PROTO_RSN);
79f3121b
VK		 2569#ifdef CONFIG_FILS
2570 if (wpa_key_mgmt_fils(ssid->key_mgmt))
2571 cache_id = wpa_bss_get_fils_cache_id(bss);
2572#endif /* CONFIG_FILS */
6fc6879b 2573 if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
79f3121b 2574 ssid, try_opportunistic,
eb3234c0 2575 cache_id, 0) == 0) {
ba422613 2576 eapol_sm_notify_pmkid_attempt(wpa_s->eapol);
eb3234c0
SM		 2577#ifdef CONFIG_SAE
2578 sae_pmksa_cached = 1;
2579#endif /* CONFIG_SAE */
2580 }
1e6780bd 2581 wpa_ie_len = max_wpa_ie_len;
6fc6879b
JM		 2582 if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
2583 wpa_ie, &wpa_ie_len)) {
f049052b
BG		 2584 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
2585 "key management and encryption suites");
1e6780bd 2586 os_free(wpa_ie);
d2ba0d71 2587 return NULL;
6fc6879b 2588 }
dc673aec
JM		 2589#ifdef CONFIG_HS20
2590 } else if (bss && wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE) &&
2591 (ssid->key_mgmt & WPA_KEY_MGMT_OSEN)) {
2592 /* No PMKSA caching, but otherwise similar to RSN/WPA */
2593 wpa_ie_len = max_wpa_ie_len;
2594 if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
2595 wpa_ie, &wpa_ie_len)) {
2596 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
2597 "key management and encryption suites");
2598 os_free(wpa_ie);
2599 return NULL;
2600 }
2601#endif /* CONFIG_HS20 */
a3f7e518
JM		 2602 } else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && bss &&
2603 wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) {
2604 /*
2605 * Both WPA and non-WPA IEEE 802.1X enabled in configuration -
2606 * use non-WPA since the scan results did not indicate that the
2607 * AP is using WPA or WPA2.
2608 */
2609 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
2610 wpa_ie_len = 0;
2611 wpa_s->wpa_proto = 0;
0bf927a0 2612 } else if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) {
1e6780bd 2613 wpa_ie_len = max_wpa_ie_len;
6fc6879b
JM		 2614 if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
2615 wpa_ie, &wpa_ie_len)) {
f049052b
BG		 2616 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
2617 "key management and encryption suites (no "
2618 "scan results)");
1e6780bd 2619 os_free(wpa_ie);
d2ba0d71 2620 return NULL;
6fc6879b 2621 }
ad08c363
JM		 2622#ifdef CONFIG_WPS
2623 } else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
b01c18a8
JM		 2624 struct wpabuf *wps_ie;
2625 wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
1e6780bd 2626 if (wps_ie && wpabuf_len(wps_ie) <= max_wpa_ie_len) {
ad08c363
JM		 2627 wpa_ie_len = wpabuf_len(wps_ie);
2628 os_memcpy(wpa_ie, wpabuf_head(wps_ie), wpa_ie_len);
24386985
JM		 2629 } else
2630 wpa_ie_len = 0;
ad08c363
JM		 2631 wpabuf_free(wps_ie);
2632 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
0c80427d 2633 if (!bss || (bss->caps & IEEE80211_CAP_PRIVACY))
d2ba0d71 2634 params->wps = WPS_MODE_PRIVACY;
0c80427d 2635 else
d2ba0d71 2636 params->wps = WPS_MODE_OPEN;
cf546f1a 2637 wpa_s->wpa_proto = 0;
ad08c363 2638#endif /* CONFIG_WPS */
6fc6879b
JM		 2639 } else {
2640 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
2641 wpa_ie_len = 0;
cf546f1a 2642 wpa_s->wpa_proto = 0;
6fc6879b
JM		 2643 }
2644
b377ec25
VK		 2645#ifdef IEEE8021X_EAPOL
2646 if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
2647 if (ssid->leap) {
2648 if (ssid->non_leap == 0)
2649 algs = WPA_AUTH_ALG_LEAP;
2650 else
2651 algs |= WPA_AUTH_ALG_LEAP;
2652 }
2653 }
2654
2655#ifdef CONFIG_FILS
2656 /* Clear FILS association */
2657 wpa_sm_set_reset_fils_completed(wpa_s->wpa, 0);
2658
2659 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD) &&
2660 ssid->eap.erp && wpa_key_mgmt_fils(wpa_s->key_mgmt) &&
2661 eapol_sm_get_erp_info(wpa_s->eapol, &ssid->eap, &username,
2662 &username_len, &realm, &realm_len,
af835d75
AB		 2663 &next_seq_num, &rrk, &rrk_len) == 0 &&
2664 (!wpa_s->last_con_fail_realm ||
2665 wpa_s->last_con_fail_realm_len != realm_len ||
2666 os_memcmp(wpa_s->last_con_fail_realm, realm, realm_len) != 0)) {
b377ec25 2667 algs = WPA_AUTH_ALG_FILS;
d2ba0d71
VK		 2668 params->fils_erp_username = username;
2669 params->fils_erp_username_len = username_len;
2670 params->fils_erp_realm = realm;
2671 params->fils_erp_realm_len = realm_len;
2672 params->fils_erp_next_seq_num = next_seq_num;
2673 params->fils_erp_rrk = rrk;
2674 params->fils_erp_rrk_len = rrk_len;
6338c99e
VK		 2675
2676 if (mask)
2677 *mask |= WPA_DRV_UPDATE_FILS_ERP_INFO;
b377ec25
VK		 2678 }
2679#endif /* CONFIG_FILS */
2680#endif /* IEEE8021X_EAPOL */
5ff39c13
SD		 2681#ifdef CONFIG_SAE
2682 if (wpa_s->key_mgmt & (WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE))
2683 algs = WPA_AUTH_ALG_SAE;
2684#endif /* CONFIG_SAE */
b377ec25
VK		 2685
2686 wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
2687 if (ssid->auth_alg) {
2688 algs = ssid->auth_alg;
2689 wpa_dbg(wpa_s, MSG_DEBUG,
2690 "Overriding auth_alg selection: 0x%x", algs);
2691 }
2692
eb3234c0
SM		 2693#ifdef CONFIG_SAE
2694 if (sae_pmksa_cached && algs == WPA_AUTH_ALG_SAE) {
2695 wpa_dbg(wpa_s, MSG_DEBUG,
2696 "SAE: Use WPA_AUTH_ALG_OPEN for PMKSA caching attempt");
2697 algs = WPA_AUTH_ALG_OPEN;
2698 }
2699#endif /* CONFIG_SAE */
2700
5f3a6aa0
JM		 2701#ifdef CONFIG_P2P
2702 if (wpa_s->global->p2p) {
2703 u8 *pos;
2704 size_t len;
2705 int res;
5f3a6aa0 2706 pos = wpa_ie + wpa_ie_len;
1e6780bd 2707 len = max_wpa_ie_len - wpa_ie_len;
b8a8d677
JM		 2708 res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len,
2709 ssid->p2p_group);
5f3a6aa0
JM		 2710 if (res >= 0)
2711 wpa_ie_len += res;
2712 }
72044390
JM		 2713
2714 wpa_s->cross_connect_disallowed = 0;
2715 if (bss) {
2716 struct wpabuf *p2p;
2717 p2p = wpa_bss_get_vendor_ie_multi(bss, P2P_IE_VENDOR_TYPE);
2718 if (p2p) {
2719 wpa_s->cross_connect_disallowed =
2720 p2p_get_cross_connect_disallowed(p2p);
2721 wpabuf_free(p2p);
f049052b
BG		 2722 wpa_dbg(wpa_s, MSG_DEBUG, "P2P: WLAN AP %s cross "
2723 "connection",
2724 wpa_s->cross_connect_disallowed ?
2725 "disallows" : "allows");
72044390
JM		 2726 }
2727 }
25ef8529
JM		 2728
2729 os_memset(wpa_s->p2p_ip_addr_info, 0, sizeof(wpa_s->p2p_ip_addr_info));
5f3a6aa0
JM		 2730#endif /* CONFIG_P2P */
2731
5e57ba25 2732 if (bss) {
cb828507 2733 wpa_ie_len += wpas_supp_op_class_ie(wpa_s, ssid, bss->freq,
065c029a 2734 wpa_ie + wpa_ie_len,
1e6780bd 2735 max_wpa_ie_len -
065c029a 2736 wpa_ie_len);
5e57ba25 2737 }
5e57ba25 2738
8b3b803a
AH		 2739 /*
2740 * Workaround: Add Extended Capabilities element only if the AP
2741 * included this element in Beacon/Probe Response frames. Some older
2742 * APs seem to have interoperability issues if this element is
2743 * included, so while the standard may require us to include the
2744 * element in all cases, it is justifiable to skip it to avoid
2745 * interoperability issues.
2746 */
cc9a2575
KV		 2747 if (ssid->p2p_group)
2748 wpa_drv_get_ext_capa(wpa_s, WPA_IF_P2P_CLIENT);
2749 else
2750 wpa_drv_get_ext_capa(wpa_s, WPA_IF_STATION);
2751
8b3b803a 2752 if (!bss || wpa_bss_get_ie(bss, WLAN_EID_EXT_CAPAB)) {
0bbaa9b9 2753 u8 ext_capab[18];
8b3b803a 2754 int ext_capab_len;
0bbaa9b9
JM		 2755 ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab,
2756 sizeof(ext_capab));
2c66c7d1
AA		 2757 if (ext_capab_len > 0 &&
2758 wpa_ie_len + ext_capab_len <= max_wpa_ie_len) {
8b3b803a
AH		 2759 u8 *pos = wpa_ie;
2760 if (wpa_ie_len > 0 && pos[0] == WLAN_EID_RSN)
2761 pos += 2 + pos[1];
2762 os_memmove(pos + ext_capab_len, pos,
2763 wpa_ie_len - (pos - wpa_ie));
2764 wpa_ie_len += ext_capab_len;
2765 os_memcpy(pos, ext_capab, ext_capab_len);
2766 }
92cbcf91 2767 }
92cbcf91 2768
c484b198
AS		 2769#ifdef CONFIG_HS20
2770 if (is_hs20_network(wpa_s, ssid, bss)) {
2771 struct wpabuf *hs20;
2772
4204669c 2773 hs20 = wpabuf_alloc(20 + MAX_ROAMING_CONS_OI_LEN);
c484b198
AS		 2774 if (hs20) {
2775 int pps_mo_id = hs20_get_pps_mo_id(wpa_s, ssid);
2776 size_t len;
2777
ec2cf403
JM		 2778 wpas_hs20_add_indication(hs20, pps_mo_id,
2779 get_hs20_version(bss));
4204669c 2780 wpas_hs20_add_roam_cons_sel(hs20, ssid);
1e6780bd 2781 len = max_wpa_ie_len - wpa_ie_len;
c484b198
AS		 2782 if (wpabuf_len(hs20) <= len) {
2783 os_memcpy(wpa_ie + wpa_ie_len,
2784 wpabuf_head(hs20), wpabuf_len(hs20));
2785 wpa_ie_len += wpabuf_len(hs20);
2786 }
2787 wpabuf_free(hs20);
ece4ac5f
MG		 2788
2789 hs20_configure_frame_filters(wpa_s);
c484b198
AS		 2790 }
2791 }
2792#endif /* CONFIG_HS20 */
2793
d29fa3a7
JM		 2794 if (wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ]) {
2795 struct wpabuf *buf = wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ];
2796 size_t len;
2797
1e6780bd 2798 len = max_wpa_ie_len - wpa_ie_len;
d29fa3a7
JM		 2799 if (wpabuf_len(buf) <= len) {
2800 os_memcpy(wpa_ie + wpa_ie_len,
2801 wpabuf_head(buf), wpabuf_len(buf));
2802 wpa_ie_len += wpabuf_len(buf);
2803 }
2804 }
2805
b36a3a65
AN		 2806#ifdef CONFIG_FST
2807 if (wpa_s->fst_ies) {
2808 int fst_ies_len = wpabuf_len(wpa_s->fst_ies);
2809
1e6780bd 2810 if (wpa_ie_len + fst_ies_len <= max_wpa_ie_len) {
b36a3a65
AN		 2811 os_memcpy(wpa_ie + wpa_ie_len,
2812 wpabuf_head(wpa_s->fst_ies), fst_ies_len);
2813 wpa_ie_len += fst_ies_len;
2814 }
2815 }
2816#endif /* CONFIG_FST */
2817
92c6e2e3 2818#ifdef CONFIG_MBO
077232f6
BL		 2819 mbo_ie = bss ? wpa_bss_get_vendor_ie(bss, MBO_IE_VENDOR_TYPE) : NULL;
2820 if (mbo_ie) {
5e57ba25 2821 int len;
92c6e2e3 2822
5e57ba25 2823 len = wpas_mbo_ie(wpa_s, wpa_ie + wpa_ie_len,
077232f6
BL		 2824 max_wpa_ie_len - wpa_ie_len,
2825 !!mbo_attr_from_mbo_ie(mbo_ie,
2826 OCE_ATTR_ID_CAPA_IND));
5e57ba25
AS		 2827 if (len >= 0)
2828 wpa_ie_len += len;
92c6e2e3
DS		 2829 }
2830#endif /* CONFIG_MBO */
2831
a38090b1
VK		 2832#ifdef CONFIG_FILS
2833 if (algs == WPA_AUTH_ALG_FILS) {
2834 size_t len;
2835
2836 len = wpas_add_fils_hlp_req(wpa_s, wpa_ie + wpa_ie_len,
2837 max_wpa_ie_len - wpa_ie_len);
2838 wpa_ie_len += len;
2839 }
2840#endif /* CONFIG_FILS */
2841
10970465 2842#ifdef CONFIG_OWE
5f30b69c
JM		 2843#ifdef CONFIG_TESTING_OPTIONS
2844 if (get_ie_ext(wpa_ie, wpa_ie_len, WLAN_EID_EXT_OWE_DH_PARAM)) {
2845 wpa_printf(MSG_INFO, "TESTING: Override OWE DH element");
2846 } else
2847#endif /* CONFIG_TESTING_OPTIONS */
10970465
JM		 2848 if (algs == WPA_AUTH_ALG_OPEN &&
2849 ssid->key_mgmt == WPA_KEY_MGMT_OWE) {
2850 struct wpabuf *owe_ie;
2cb40e9f 2851 u16 group;
10970465 2852
2cb40e9f 2853 if (ssid->owe_group) {
10970465 2854 group = ssid->owe_group;
698c9e20
AK		 2855 } else if (wpa_s->assoc_status_code ==
2856 WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED) {
2cb40e9f
JM		 2857 if (wpa_s->last_owe_group == 19)
2858 group = 20;
2859 else if (wpa_s->last_owe_group == 20)
2860 group = 21;
2861 else
2862 group = OWE_DH_GROUP;
698c9e20
AK		 2863 } else {
2864 group = OWE_DH_GROUP;
2cb40e9f 2865 }
698c9e20 2866
2cb40e9f
JM		 2867 wpa_s->last_owe_group = group;
2868 wpa_printf(MSG_DEBUG, "OWE: Try to use group %u", group);
10970465
JM		 2869 owe_ie = owe_build_assoc_req(wpa_s->wpa, group);
2870 if (owe_ie &&
2871 wpabuf_len(owe_ie) <= max_wpa_ie_len - wpa_ie_len) {
2872 os_memcpy(wpa_ie + wpa_ie_len,
2873 wpabuf_head(owe_ie), wpabuf_len(owe_ie));
2874 wpa_ie_len += wpabuf_len(owe_ie);
10970465 2875 }
04879671 2876 wpabuf_free(owe_ie);
10970465
JM		 2877 }
2878#endif /* CONFIG_OWE */
2879
10ec6a5f
JM		 2880#ifdef CONFIG_DPP2
2881 if (wpa_sm_get_key_mgmt(wpa_s->wpa) == WPA_KEY_MGMT_DPP &&
2882 ssid->dpp_netaccesskey) {
2883 dpp_pfs_free(wpa_s->dpp_pfs);
2884 wpa_s->dpp_pfs = dpp_pfs_init(ssid->dpp_netaccesskey,
2885 ssid->dpp_netaccesskey_len);
2886 if (!wpa_s->dpp_pfs) {
2887 wpa_printf(MSG_DEBUG, "DPP: Could not initialize PFS");
2888 /* Try to continue without PFS */
2889 goto pfs_fail;
2890 }
2891 if (wpabuf_len(wpa_s->dpp_pfs->ie) <=
2892 max_wpa_ie_len - wpa_ie_len) {
2893 os_memcpy(wpa_ie + wpa_ie_len,
2894 wpabuf_head(wpa_s->dpp_pfs->ie),
2895 wpabuf_len(wpa_s->dpp_pfs->ie));
2896 wpa_ie_len += wpabuf_len(wpa_s->dpp_pfs->ie);
2897 }
2898 }
2899pfs_fail:
2900#endif /* CONFIG_DPP2 */
2901
3dc3afe2
AM		 2902#ifdef CONFIG_IEEE80211R
2903 /*
2904 * Add MDIE under these conditions: the network profile allows FT,
2905 * the AP supports FT, and the mobility domain ID matches.
2906 */
88bf44be 2907 if (bss && wpa_key_mgmt_ft(wpa_sm_get_key_mgmt(wpa_s->wpa))) {
3dc3afe2
AM		 2908 const u8 *mdie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
2909
2910 if (mdie && mdie[1] >= MOBILITY_DOMAIN_ID_LEN) {
86c998d3 2911 size_t len = 0;
3dc3afe2
AM		 2912 const u8 *md = mdie + 2;
2913 const u8 *wpa_md = wpa_sm_get_ft_md(wpa_s->wpa);
2914
2915 if (os_memcmp(md, wpa_md,
2916 MOBILITY_DOMAIN_ID_LEN) == 0) {
2917 /* Add mobility domain IE */
86c998d3 2918 len = wpa_ft_add_mdie(
3dc3afe2
AM		 2919 wpa_s->wpa, wpa_ie + wpa_ie_len,
2920 max_wpa_ie_len - wpa_ie_len, mdie);
86c998d3 2921 wpa_ie_len += len;
3dc3afe2 2922 }
86c998d3
AM		 2923#ifdef CONFIG_SME
2924 if (len > 0 && wpa_s->sme.ft_used &&
2925 wpa_sm_has_ptk(wpa_s->wpa)) {
2926 wpa_dbg(wpa_s, MSG_DEBUG,
2927 "SME: Trying to use FT over-the-air");
2928 algs |= WPA_AUTH_ALG_FT;
2929 }
2930#endif /* CONFIG_SME */
3dc3afe2
AM		 2931 }
2932 }
2933#endif /* CONFIG_IEEE80211R */
2934
5abc7823
VN		 2935 if (ssid->multi_ap_backhaul_sta) {
2936 size_t multi_ap_ie_len;
2937
2938 multi_ap_ie_len = add_multi_ap_ie(wpa_ie + wpa_ie_len,
2939 max_wpa_ie_len - wpa_ie_len,
2940 MULTI_AP_BACKHAUL_STA);
2941 if (multi_ap_ie_len == 0) {
2942 wpa_printf(MSG_ERROR,
2943 "Multi-AP: Failed to build Multi-AP IE");
2944 os_free(wpa_ie);
2945 return NULL;
2946 }
2947 wpa_ie_len += multi_ap_ie_len;
2948 }
2949
d2ba0d71
VK		 2950 params->wpa_ie = wpa_ie;
2951 params->wpa_ie_len = wpa_ie_len;
2952 params->auth_alg = algs;
6338c99e
VK		 2953 if (mask)
2954 *mask |= WPA_DRV_UPDATE_ASSOC_IES | WPA_DRV_UPDATE_AUTH_TYPE;
d2ba0d71
VK		 2955
2956 return wpa_ie;
2957}
2958
2959
6338c99e
VK		 2960#if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
2961static void wpas_update_fils_connect_params(struct wpa_supplicant *wpa_s)
2962{
2963 struct wpa_driver_associate_params params;
2964 enum wpa_drv_update_connect_params_mask mask = 0;
2965 u8 *wpa_ie;
2966
2967 if (wpa_s->auth_alg != WPA_AUTH_ALG_OPEN)
2968 return; /* nothing to do */
2969
2970 os_memset(&params, 0, sizeof(params));
2971 wpa_ie = wpas_populate_assoc_ies(wpa_s, wpa_s->current_bss,
2972 wpa_s->current_ssid, &params, &mask);
2973 if (!wpa_ie)
2974 return;
2975
2976 if (params.auth_alg != WPA_AUTH_ALG_FILS) {
2977 os_free(wpa_ie);
2978 return;
2979 }
2980
2981 wpa_s->auth_alg = params.auth_alg;
2982 wpa_drv_update_connect_params(wpa_s, &params, mask);
2983 os_free(wpa_ie);
2984}
2985#endif /* CONFIG_FILS && IEEE8021X_EAPOL */
2986
2987
822c756e
AB		 2988#ifdef CONFIG_MBO
2989void wpas_update_mbo_connect_params(struct wpa_supplicant *wpa_s)
2990{
2991 struct wpa_driver_associate_params params;
2992 u8 *wpa_ie;
2993
2994 /*
2995 * Update MBO connect params only in case of change of MBO attributes
2996 * when connected, if the AP support MBO.
2997 */
2998
2999 if (wpa_s->wpa_state != WPA_COMPLETED || !wpa_s->current_ssid ||
3000 !wpa_s->current_bss ||
3001 !wpa_bss_get_vendor_ie(wpa_s->current_bss, MBO_IE_VENDOR_TYPE))
3002 return;
3003
3004 os_memset(&params, 0, sizeof(params));
3005 wpa_ie = wpas_populate_assoc_ies(wpa_s, wpa_s->current_bss,
3006 wpa_s->current_ssid, &params, NULL);
3007 if (!wpa_ie)
3008 return;
3009
3010 wpa_drv_update_connect_params(wpa_s, &params, WPA_DRV_UPDATE_ASSOC_IES);
3011 os_free(wpa_ie);
3012}
3013#endif /* CONFIG_MBO */
3014
3015
d2ba0d71
VK		 3016static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
3017{
3018 struct wpa_connect_work *cwork = work->ctx;
3019 struct wpa_bss *bss = cwork->bss;
3020 struct wpa_ssid *ssid = cwork->ssid;
3021 struct wpa_supplicant *wpa_s = work->wpa_s;
3022 u8 *wpa_ie;
3023 int use_crypt, ret, i, bssid_changed;
3024 unsigned int cipher_pairwise, cipher_group, cipher_group_mgmt;
3025 struct wpa_driver_associate_params params;
3026 int wep_keys_set = 0;
3027 int assoc_failed = 0;
3028 struct wpa_ssid *old_ssid;
3029 u8 prev_bssid[ETH_ALEN];
3030#ifdef CONFIG_HT_OVERRIDES
3031 struct ieee80211_ht_capabilities htcaps;
3032 struct ieee80211_ht_capabilities htcaps_mask;
3033#endif /* CONFIG_HT_OVERRIDES */
3034#ifdef CONFIG_VHT_OVERRIDES
3035 struct ieee80211_vht_capabilities vhtcaps;
3036 struct ieee80211_vht_capabilities vhtcaps_mask;
3037#endif /* CONFIG_VHT_OVERRIDES */
3038
3039 if (deinit) {
3040 if (work->started) {
3041 wpa_s->connect_work = NULL;
3042
3043 /* cancel possible auth. timeout */
3044 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s,
3045 NULL);
3046 }
3047 wpas_connect_work_free(cwork);
3048 return;
3049 }
3050
3051 wpa_s->connect_work = work;
3052
3053 if (cwork->bss_removed || !wpas_valid_bss_ssid(wpa_s, bss, ssid) ||
3054 wpas_network_disabled(wpa_s, ssid)) {
3055 wpa_dbg(wpa_s, MSG_DEBUG, "BSS/SSID entry for association not valid anymore - drop connection attempt");
3056 wpas_connect_work_done(wpa_s);
3057 return;
3058 }
3059
3060 os_memcpy(prev_bssid, wpa_s->bssid, ETH_ALEN);
3061 os_memset(&params, 0, sizeof(params));
3062 wpa_s->reassociate = 0;
3063 wpa_s->eap_expected_failure = 0;
3064 if (bss &&
3065 (!wpas_driver_bss_selection(wpa_s) || wpas_wps_searching(wpa_s))) {
3066#ifdef CONFIG_IEEE80211R
3067 const u8 *ie, *md = NULL;
3068#endif /* CONFIG_IEEE80211R */
3069 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
3070 " (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
3071 wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
3072 bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
3073 os_memset(wpa_s->bssid, 0, ETH_ALEN);
3074 os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
3075 if (bssid_changed)
3076 wpas_notify_bssid_changed(wpa_s);
3077#ifdef CONFIG_IEEE80211R
3078 ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
3079 if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
3080 md = ie + 2;
3081 wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
3082 if (md) {
3083 /* Prepare for the next transition */
3084 wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
3085 }
3086#endif /* CONFIG_IEEE80211R */
3087#ifdef CONFIG_WPS
3088 } else if ((ssid->ssid == NULL || ssid->ssid_len == 0) &&
3089 wpa_s->conf->ap_scan == 2 &&
3090 (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
3091 /* Use ap_scan==1 style network selection to find the network
3092 */
3093 wpas_connect_work_done(wpa_s);
3094 wpa_s->scan_req = MANUAL_SCAN_REQ;
3095 wpa_s->reassociate = 1;
3096 wpa_supplicant_req_scan(wpa_s, 0, 0);
3097 return;
3098#endif /* CONFIG_WPS */
3099 } else {
3100 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
3101 wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
3102 if (bss)
3103 os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
3104 else
3105 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
3106 }
3107 if (!wpa_s->pno)
3108 wpa_supplicant_cancel_sched_scan(wpa_s);
3109
3110 wpa_supplicant_cancel_scan(wpa_s);
3111
3112 /* Starting new association, so clear the possibly used WPA IE from the
3113 * previous association. */
3114 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
3115
6338c99e 3116 wpa_ie = wpas_populate_assoc_ies(wpa_s, bss, ssid, &params, NULL);
d2ba0d71
VK		 3117 if (!wpa_ie) {
3118 wpas_connect_work_done(wpa_s);
3119 return;
3120 }
3121
6fc6879b
JM		 3122 wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
3123 use_crypt = 1;
4848a38d
JM		 3124 cipher_pairwise = wpa_s->pairwise_cipher;
3125 cipher_group = wpa_s->group_cipher;
61a56c14 3126 cipher_group_mgmt = wpa_s->mgmt_group_cipher;
6fc6879b
JM		 3127 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
3128 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
3129 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
3130 use_crypt = 0;
3131 if (wpa_set_wep_keys(wpa_s, ssid)) {
3132 use_crypt = 1;
3133 wep_keys_set = 1;
3134 }
3135 }
ad08c363
JM		 3136 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS)
3137 use_crypt = 0;
6fc6879b
JM		 3138
3139#ifdef IEEE8021X_EAPOL
3140 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
3141 if ((ssid->eapol_flags &
3142 (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
3143 EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
3144 !wep_keys_set) {
3145 use_crypt = 0;
3146 } else {
3147 /* Assume that dynamic WEP-104 keys will be used and
3148 * set cipher suites in order for drivers to expect
3149 * encryption. */
4848a38d 3150 cipher_pairwise = cipher_group = WPA_CIPHER_WEP104;
6fc6879b
JM		 3151 }
3152 }
3153#endif /* IEEE8021X_EAPOL */
3154
3155 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
3156 /* Set the key before (and later after) association */
3157 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
3158 }
3159
6fc6879b 3160 wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
6fc6879b 3161 if (bss) {
6fa81a3b
JM		 3162 params.ssid = bss->ssid;
3163 params.ssid_len = bss->ssid_len;
4b5b8a53
JM		 3164 if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set ||
3165 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
f15854d1
JM		 3166 wpa_printf(MSG_DEBUG, "Limit connection to BSSID "
3167 MACSTR " freq=%u MHz based on scan results "
4b5b8a53 3168 "(bssid_set=%d wps=%d)",
f15854d1 3169 MAC2STR(bss->bssid), bss->freq,
4b5b8a53
JM		 3170 ssid->bssid_set,
3171 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS);
22628eca 3172 params.bssid = bss->bssid;
4ec68377 3173 params.freq.freq = bss->freq;
22628eca 3174 }
7ac7fd43
DS		 3175 params.bssid_hint = bss->bssid;
3176 params.freq_hint = bss->freq;
b9074912 3177 params.pbss = bss_is_pbss(bss);
6fc6879b 3178 } else {
43a356b2
PK		 3179 if (ssid->bssid_hint_set)
3180 params.bssid_hint = ssid->bssid_hint;
3181
6fc6879b
JM		 3182 params.ssid = ssid->ssid;
3183 params.ssid_len = ssid->ssid_len;
90f14962 3184 params.pbss = (ssid->pbss != 2) ? ssid->pbss : 0;
6fc6879b 3185 }
9e2af29f
NC		 3186
3187 if (ssid->mode == WPAS_MODE_IBSS && ssid->bssid_set &&
3188 wpa_s->conf->ap_scan == 2) {
3189 params.bssid = ssid->bssid;
3190 params.fixed_bssid = 1;
3191 }
3192
603a3f34
JL		 3193 /* Initial frequency for IBSS/mesh */
3194 if ((ssid->mode == WPAS_MODE_IBSS || ssid->mode == WPAS_MODE_MESH) &&
1830817e
JD		 3195 ssid->frequency > 0 && params.freq.freq == 0)
3196 ibss_mesh_setup_freq(wpa_s, ssid, &params.freq);
dc152f32 3197
8f05577d 3198 if (ssid->mode == WPAS_MODE_IBSS) {
4d9e6fba 3199 params.fixed_freq = ssid->fixed_freq;
8f05577d
JM		 3200 if (ssid->beacon_int)
3201 params.beacon_int = ssid->beacon_int;
3202 else
3203 params.beacon_int = wpa_s->conf->beacon_int;
3204 }
3205
6fc6879b
JM		 3206 params.pairwise_suite = cipher_pairwise;
3207 params.group_suite = cipher_group;
61a56c14 3208 params.mgmt_group_suite = cipher_group_mgmt;
4848a38d 3209 params.key_mgmt_suite = wpa_s->key_mgmt;
64fa840a 3210 params.wpa_proto = wpa_s->wpa_proto;
5538fc93 3211 wpa_s->auth_alg = params.auth_alg;
6fc6879b 3212 params.mode = ssid->mode;
1f6c0ab8 3213 params.bg_scan_period = ssid->bg_scan_period;
6fc6879b
JM		 3214 for (i = 0; i < NUM_WEP_KEYS; i++) {
3215 if (ssid->wep_key_len[i])
3216 params.wep_key[i] = ssid->wep_key[i];
3217 params.wep_key_len[i] = ssid->wep_key_len[i];
3218 }
3219 params.wep_tx_keyidx = ssid->wep_tx_keyidx;
3220
436ee2fd 3221 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) &&
4848a38d
JM		 3222 (params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
3223 params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK)) {
6fc6879b
JM		 3224 params.passphrase = ssid->passphrase;
3225 if (ssid->psk_set)
3226 params.psk = ssid->psk;
b41f2684
CL		 3227 }
3228
d896874f
AS		 3229 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X) &&
3230 (params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
3231 params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
3232 params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
3233 params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192))
cb28bd52 3234 params.req_handshake_offload = 1;
d896874f 3235
b41f2684
CL		 3236 if (wpa_s->conf->key_mgmt_offload) {
3237 if (params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
666497c8 3238 params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
5e3b5197
JM		 3239 params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
3240 params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
b41f2684
CL		 3241 params.req_key_mgmt_offload =
3242 ssid->proactive_key_caching < 0 ?
3243 wpa_s->conf->okc : ssid->proactive_key_caching;
3244 else
3245 params.req_key_mgmt_offload = 1;
3246
3247 if ((params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
3248 params.key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256 ||
3249 params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK) &&
3250 ssid->psk_set)
3251 params.psk = ssid->psk;
6fc6879b
JM		 3252 }
3253
36b15723
JM		 3254 params.drop_unencrypted = use_crypt;
3255
6fc6879b 3256#ifdef CONFIG_IEEE80211W
3f56a2b7 3257 params.mgmt_frame_protection = wpas_get_ssid_pmf(wpa_s, ssid);
62d49803 3258 if (params.mgmt_frame_protection != NO_MGMT_FRAME_PROTECTION && bss) {
6fa81a3b 3259 const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
97d3497e
JM		 3260 struct wpa_ie_data ie;
3261 if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ie) == 0 &&
3262 ie.capabilities &
3263 (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
f049052b
BG		 3264 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected AP supports "
3265 "MFP: require MFP");
97d3497e
JM		 3266 params.mgmt_frame_protection =
3267 MGMT_FRAME_PROTECTION_REQUIRED;
cf94626c
PK		 3268#ifdef CONFIG_OWE
3269 } else if (!rsn && (ssid->key_mgmt & WPA_KEY_MGMT_OWE) &&
3270 !ssid->owe_only) {
3271 params.mgmt_frame_protection = NO_MGMT_FRAME_PROTECTION;
3272#endif /* CONFIG_OWE */
97d3497e
JM		 3273 }
3274 }
6fc6879b
JM		 3275#endif /* CONFIG_IEEE80211W */
3276
ffad8858 3277 params.p2p = ssid->p2p_group;
6e3f4b89 3278
ba307f85
LD		 3279 if (wpa_s->p2pdev->set_sta_uapsd)
3280 params.uapsd = wpa_s->p2pdev->sta_uapsd;
eea2fd9e
JM		 3281 else
3282 params.uapsd = -1;
3283
80e8a5ee
BG		 3284#ifdef CONFIG_HT_OVERRIDES
3285 os_memset(&htcaps, 0, sizeof(htcaps));
3286 os_memset(&htcaps_mask, 0, sizeof(htcaps_mask));
3287 params.htcaps = (u8 *) &htcaps;
3288 params.htcaps_mask = (u8 *) &htcaps_mask;
3289 wpa_supplicant_apply_ht_overrides(wpa_s, ssid, &params);
3290#endif /* CONFIG_HT_OVERRIDES */
6aa1cd4e
PS		 3291#ifdef CONFIG_VHT_OVERRIDES
3292 os_memset(&vhtcaps, 0, sizeof(vhtcaps));
3293 os_memset(&vhtcaps_mask, 0, sizeof(vhtcaps_mask));
3294 params.vhtcaps = &vhtcaps;
3295 params.vhtcaps_mask = &vhtcaps_mask;
95ff3069 3296 wpa_supplicant_apply_vht_overrides(wpa_s, ssid, &params);
6aa1cd4e 3297#endif /* CONFIG_VHT_OVERRIDES */
80e8a5ee 3298
8567866d
JJ		 3299#ifdef CONFIG_P2P
3300 /*
3301 * If multi-channel concurrency is not supported, check for any
3302 * frequency conflict. In case of any frequency conflict, remove the
3303 * least prioritized connection.
3304 */
3305 if (wpa_s->num_multichan_concurrent < 2) {
d0df6437
IP		 3306 int freq, num;
3307 num = get_shared_radio_freqs(wpa_s, &freq, 1);
4ec68377 3308 if (num > 0 && freq > 0 && freq != params.freq.freq) {
d0df6437
IP		 3309 wpa_printf(MSG_DEBUG,
3310 "Assoc conflicting freq found (%d != %d)",
4ec68377
JD		 3311 freq, params.freq.freq);
3312 if (wpas_p2p_handle_frequency_conflicts(
74656400
SD		 3313 wpa_s, params.freq.freq, ssid) < 0) {
3314 wpas_connect_work_done(wpa_s);
1e6780bd 3315 os_free(wpa_ie);
8567866d 3316 return;
74656400 3317 }
8567866d
JJ		 3318 }
3319 }
3320#endif /* CONFIG_P2P */
3321
6a5ee810
JM		 3322 if (wpa_s->reassoc_same_ess && !is_zero_ether_addr(prev_bssid) &&
3323 wpa_s->current_ssid)
3324 params.prev_bssid = prev_bssid;
3325
17fbb751 3326 ret = wpa_drv_associate(wpa_s, &params);
1e6780bd 3327 os_free(wpa_ie);
6fc6879b
JM		 3328 if (ret < 0) {
3329 wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
3330 "failed");
871f4dd0
JM		 3331 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SANE_ERROR_CODES) {
3332 /*
3333 * The driver is known to mean what is saying, so we
3334 * can stop right here; the association will not
3335 * succeed.
3336 */
3337 wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
c1c02342 3338 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
871f4dd0
JM		 3339 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
3340 return;
3341 }
6fc6879b
JM		 3342 /* try to continue anyway; new association will be tried again
3343 * after timeout */
3344 assoc_failed = 1;
3345 }
3346
3347 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
3348 /* Set the key after the association just in case association
3349 * cleared the previously configured key. */
3350 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
3351 /* No need to timeout authentication since there is no key
3352 * management. */
3353 wpa_supplicant_cancel_auth_timeout(wpa_s);
3354 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
53895c3b 3355#ifdef CONFIG_IBSS_RSN
d7dcba70 3356 } else if (ssid->mode == WPAS_MODE_IBSS &&
53895c3b
JM		 3357 wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
3358 wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
3359 /*
3360 * RSN IBSS authentication is per-STA and we can disable the
3361 * per-BSSID authentication.
3362 */
3363 wpa_supplicant_cancel_auth_timeout(wpa_s);
53895c3b 3364#endif /* CONFIG_IBSS_RSN */
6fc6879b
JM		 3365 } else {
3366 /* Timeout for IEEE 802.11 authentication and association */
1d3c75b3
DW		 3367 int timeout = 60;
3368
3369 if (assoc_failed) {
3370 /* give IBSS a bit more time */
d7dcba70 3371 timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5;
1d3c75b3
DW		 3372 } else if (wpa_s->conf->ap_scan == 1) {
3373 /* give IBSS a bit more time */
d7dcba70 3374 timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
1d3c75b3 3375 }
6fc6879b
JM		 3376 wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
3377 }
3378
66562e9c
JM		 3379 if (wep_keys_set &&
3380 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC)) {
6fc6879b
JM		 3381 /* Set static WEP keys again */
3382 wpa_set_wep_keys(wpa_s, ssid);
3383 }
3384
3385 if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
3386 /*
3387 * Do not allow EAP session resumption between different
3388 * network configurations.
3389 */
3390 eapol_sm_invalidate_cached_session(wpa_s->eapol);
3391 }
8bac466b 3392 old_ssid = wpa_s->current_ssid;
6fc6879b 3393 wpa_s->current_ssid = ssid;
ece4ac5f
MG		 3394
3395 if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set) {
4d3be9cd 3396 wpa_s->current_bss = bss;
ece4ac5f
MG		 3397#ifdef CONFIG_HS20
3398 hs20_configure_frame_filters(wpa_s);
3399#endif /* CONFIG_HS20 */
3400 }
3401
6fc6879b
JM		 3402 wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
3403 wpa_supplicant_initiate_eapol(wpa_s);
8bac466b
JM		 3404 if (old_ssid != wpa_s->current_ssid)
3405 wpas_notify_network_changed(wpa_s);
6fc6879b
JM		 3406}
3407
3408
09f58c09
JM		 3409static void wpa_supplicant_clear_connection(struct wpa_supplicant *wpa_s,
3410 const u8 *addr)
3411{
3412 struct wpa_ssid *old_ssid;
3413
c155305f 3414 wpas_connect_work_done(wpa_s);
09f58c09 3415 wpa_clear_keys(wpa_s, addr);
09f58c09 3416 old_ssid = wpa_s->current_ssid;
0d30cc24 3417 wpa_supplicant_mark_disassoc(wpa_s);
09f58c09
JM		 3418 wpa_sm_set_config(wpa_s->wpa, NULL);
3419 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
3420 if (old_ssid != wpa_s->current_ssid)
3421 wpas_notify_network_changed(wpa_s);
3422 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
3423}
3424
3425
6fc6879b
JM		 3426/**
3427 * wpa_supplicant_deauthenticate - Deauthenticate the current connection
3428 * @wpa_s: Pointer to wpa_supplicant data
3429 * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
3430 *
073ab58f 3431 * This function is used to request %wpa_supplicant to deauthenticate from the
6fc6879b
JM		 3432 * current AP.
3433 */
3434void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
4be17ffb 3435 u16 reason_code)
6fc6879b
JM		 3436{
3437 u8 *addr = NULL;
ef48ff94 3438 union wpa_event_data event;
42d23547 3439 int zero_addr = 0;
8bac466b 3440
42d23547 3441 wpa_dbg(wpa_s, MSG_DEBUG, "Request to deauthenticate - bssid=" MACSTR
cfde99a8 3442 " pending_bssid=" MACSTR " reason=%d (%s) state=%s",
42d23547 3443 MAC2STR(wpa_s->bssid), MAC2STR(wpa_s->pending_bssid),
cfde99a8
AK		 3444 reason_code, reason2str(reason_code),
3445 wpa_supplicant_state_txt(wpa_s->wpa_state));
42d23547 3446
04e3d815
MK		 3447 if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
3448 (wpa_s->wpa_state == WPA_AUTHENTICATING ||
3449 wpa_s->wpa_state == WPA_ASSOCIATING))
42d23547 3450 addr = wpa_s->pending_bssid;
04e3d815
MK		 3451 else if (!is_zero_ether_addr(wpa_s->bssid))
3452 addr = wpa_s->bssid;
42d23547
JM		 3453 else if (wpa_s->wpa_state == WPA_ASSOCIATING) {
3454 /*
3455 * When using driver-based BSS selection, we may not know the
3456 * BSSID with which we are currently trying to associate. We
3457 * need to notify the driver of this disconnection even in such
3458 * a case, so use the all zeros address here.
3459 */
6fc6879b 3460 addr = wpa_s->bssid;
42d23547
JM		 3461 zero_addr = 1;
3462 }
3463
5abc7823
VN		 3464 if (wpa_s->enabled_4addr_mode && wpa_drv_set_4addr_mode(wpa_s, 0) == 0)
3465 wpa_s->enabled_4addr_mode = 0;
3466
7b44ff2c
SD		 3467#ifdef CONFIG_TDLS
3468 wpa_tdls_teardown_peers(wpa_s->wpa);
3469#endif /* CONFIG_TDLS */
3470
603a3f34
JL		 3471#ifdef CONFIG_MESH
3472 if (wpa_s->ifmsh) {
a39b040b
SB		 3473 struct mesh_conf *mconf;
3474
3475 mconf = wpa_s->ifmsh->mconf;
6174de66
JM		 3476 wpa_msg(wpa_s, MSG_INFO, MESH_GROUP_REMOVED "%s",
3477 wpa_s->ifname);
a39b040b
SB		 3478 wpas_notify_mesh_group_removed(wpa_s, mconf->meshid,
3479 mconf->meshid_len, reason_code);
603a3f34
JL		 3480 wpa_supplicant_leave_mesh(wpa_s);
3481 }
3482#endif /* CONFIG_MESH */
3483
42d23547
JM		 3484 if (addr) {
3485 wpa_drv_deauthenticate(wpa_s, addr, reason_code);
ef48ff94 3486 os_memset(&event, 0, sizeof(event));
4be17ffb 3487 event.deauth_info.reason_code = reason_code;
ef48ff94
JM		 3488 event.deauth_info.locally_generated = 1;
3489 wpa_supplicant_event(wpa_s, EVENT_DEAUTH, &event);
42d23547
JM		 3490 if (zero_addr)
3491 addr = NULL;
6fc6879b 3492 }
09f58c09
JM		 3493
3494 wpa_supplicant_clear_connection(wpa_s, addr);
6fc6879b
JM		 3495}
3496
dca1a511
DS		 3497static void wpa_supplicant_enable_one_network(struct wpa_supplicant *wpa_s,
3498 struct wpa_ssid *ssid)
3499{
3500 if (!ssid || !ssid->disabled || ssid->disabled == 2)
3501 return;
3502
3503 ssid->disabled = 0;
91073cca 3504 ssid->owe_transition_bss_select_count = 0;
dca1a511
DS		 3505 wpas_clear_temp_disabled(wpa_s, ssid, 1);
3506 wpas_notify_network_enabled_changed(wpa_s, ssid);
3507
3508 /*
3509 * Try to reassociate since there is no current configuration and a new
3510 * network was made available.
3511 */
d2592497 3512 if (!wpa_s->current_ssid && !wpa_s->disconnected)
dca1a511
DS		 3513 wpa_s->reassociate = 1;
3514}
3515
6fc6879b 3516
d015bb05
RP		 3517/**
3518 * wpa_supplicant_add_network - Add a new network
3519 * @wpa_s: wpa_supplicant structure for a network interface
3520 * Returns: The new network configuration or %NULL if operation failed
3521 *
3522 * This function performs the following operations:
3523 * 1. Adds a new network.
3524 * 2. Send network addition notification.
3525 * 3. Marks the network disabled.
3526 * 4. Set network default parameters.
3527 */
3528struct wpa_ssid * wpa_supplicant_add_network(struct wpa_supplicant *wpa_s)
3529{
3530 struct wpa_ssid *ssid;
3531
3532 ssid = wpa_config_add_network(wpa_s->conf);
3533 if (!ssid)
3534 return NULL;
3535 wpas_notify_network_added(wpa_s, ssid);
3536 ssid->disabled = 1;
3537 wpa_config_set_network_defaults(ssid);
3538
3539 return ssid;
3540}
3541
3542
3543/**
3544 * wpa_supplicant_remove_network - Remove a configured network based on id
3545 * @wpa_s: wpa_supplicant structure for a network interface
3546 * @id: Unique network id to search for
3547 * Returns: 0 on success, or -1 if the network was not found, -2 if the network
3548 * could not be removed
3549 *
3550 * This function performs the following operations:
3551 * 1. Removes the network.
3552 * 2. Send network removal notification.
3553 * 3. Update internal state machines.
3554 * 4. Stop any running sched scans.
3555 */
3556int wpa_supplicant_remove_network(struct wpa_supplicant *wpa_s, int id)
3557{
3558 struct wpa_ssid *ssid;
3559 int was_disabled;
3560
3561 ssid = wpa_config_get_network(wpa_s->conf, id);
3562 if (!ssid)
3563 return -1;
3564 wpas_notify_network_removed(wpa_s, ssid);
3565
3566 if (wpa_s->last_ssid == ssid)
3567 wpa_s->last_ssid = NULL;
3568
3569 if (ssid == wpa_s->current_ssid || !wpa_s->current_ssid) {
3570#ifdef CONFIG_SME
3571 wpa_s->sme.prev_bssid_set = 0;
3572#endif /* CONFIG_SME */
3573 /*
3574 * Invalidate the EAP session cache if the current or
3575 * previously used network is removed.
3576 */
3577 eapol_sm_invalidate_cached_session(wpa_s->eapol);
3578 }
3579
3580 if (ssid == wpa_s->current_ssid) {
3581 wpa_sm_set_config(wpa_s->wpa, NULL);
3582 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
3583
3584 if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
3585 wpa_s->own_disconnect_req = 1;
3586 wpa_supplicant_deauthenticate(wpa_s,
3587 WLAN_REASON_DEAUTH_LEAVING);
3588 }
3589
3590 was_disabled = ssid->disabled;
3591
3592 if (wpa_config_remove_network(wpa_s->conf, id) < 0)
3593 return -2;
3594
3595 if (!was_disabled && wpa_s->sched_scanning) {
3596 wpa_printf(MSG_DEBUG,
3597 "Stop ongoing sched_scan to remove network from filters");
3598 wpa_supplicant_cancel_sched_scan(wpa_s);
3599 wpa_supplicant_req_scan(wpa_s, 0, 0);
3600 }
3601
3602 return 0;
3603}
3604
3605
86b89452
WS		 3606/**
3607 * wpa_supplicant_enable_network - Mark a configured network as enabled
3608 * @wpa_s: wpa_supplicant structure for a network interface
3609 * @ssid: wpa_ssid structure for a configured network or %NULL
3610 *
3611 * Enables the specified network or all networks if no network specified.
3612 */
3613void wpa_supplicant_enable_network(struct wpa_supplicant *wpa_s,
3614 struct wpa_ssid *ssid)
3615{
86b89452 3616 if (ssid == NULL) {
14f79078
JM		 3617 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
3618 wpa_supplicant_enable_one_network(wpa_s, ssid);
dca1a511
DS		 3619 } else
3620 wpa_supplicant_enable_one_network(wpa_s, ssid);
86b89452 3621
5a1d9d1a
JM		 3622 if (wpa_s->reassociate && !wpa_s->disconnected &&
3623 (!wpa_s->current_ssid ||
3624 wpa_s->wpa_state == WPA_DISCONNECTED ||
3625 wpa_s->wpa_state == WPA_SCANNING)) {
dca1a511
DS		 3626 if (wpa_s->sched_scanning) {
3627 wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan to add "
3628 "new network to scan filters");
3629 wpa_supplicant_cancel_sched_scan(wpa_s);
3630 }
86b89452 3631
35d40309
JM		 3632 if (wpa_supplicant_fast_associate(wpa_s) != 1) {
3633 wpa_s->scan_req = NORMAL_SCAN_REQ;
dad153d1 3634 wpa_supplicant_req_scan(wpa_s, 0, 0);
35d40309 3635 }
86b89452
WS		 3636 }
3637}
3638
3639
3640/**
3641 * wpa_supplicant_disable_network - Mark a configured network as disabled
3642 * @wpa_s: wpa_supplicant structure for a network interface
3643 * @ssid: wpa_ssid structure for a configured network or %NULL
3644 *
3645 * Disables the specified network or all networks if no network specified.
3646 */
3647void wpa_supplicant_disable_network(struct wpa_supplicant *wpa_s,
3648 struct wpa_ssid *ssid)
3649{
3650 struct wpa_ssid *other_ssid;
3651 int was_disabled;
3652
3653 if (ssid == NULL) {
725fc39e
DS		 3654 if (wpa_s->sched_scanning)
3655 wpa_supplicant_cancel_sched_scan(wpa_s);
3656
4dac0245
JM		 3657 for (other_ssid = wpa_s->conf->ssid; other_ssid;
3658 other_ssid = other_ssid->next) {
86b89452 3659 was_disabled = other_ssid->disabled;
4dac0245
JM		 3660 if (was_disabled == 2)
3661 continue; /* do not change persistent P2P group
3662 * data */
86b89452
WS		 3663
3664 other_ssid->disabled = 1;
3665
3666 if (was_disabled != other_ssid->disabled)
3667 wpas_notify_network_enabled_changed(
3668 wpa_s, other_ssid);
86b89452 3669 }
0661163e
SD		 3670 if (wpa_s->current_ssid) {
3671 if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
3672 wpa_s->own_disconnect_req = 1;
07783eaa 3673 wpa_supplicant_deauthenticate(
86b89452 3674 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
0661163e 3675 }
4dac0245 3676 } else if (ssid->disabled != 2) {
0661163e
SD		 3677 if (ssid == wpa_s->current_ssid) {
3678 if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
3679 wpa_s->own_disconnect_req = 1;
07783eaa 3680 wpa_supplicant_deauthenticate(
86b89452 3681 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
0661163e 3682 }
86b89452
WS		 3683
3684 was_disabled = ssid->disabled;
3685
3686 ssid->disabled = 1;
3687
725fc39e 3688 if (was_disabled != ssid->disabled) {
86b89452 3689 wpas_notify_network_enabled_changed(wpa_s, ssid);
725fc39e
DS		 3690 if (wpa_s->sched_scanning) {
3691 wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan "
3692 "to remove network from filters");
3693 wpa_supplicant_cancel_sched_scan(wpa_s);
3694 wpa_supplicant_req_scan(wpa_s, 0, 0);
3695 }
3696 }
86b89452
WS		 3697 }
3698}
3699
3700
3701/**
3702 * wpa_supplicant_select_network - Attempt association with a network
3703 * @wpa_s: wpa_supplicant structure for a network interface
3704 * @ssid: wpa_ssid structure for a configured network or %NULL for any network
3705 */
3706void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
3707 struct wpa_ssid *ssid)
3708{
3709
3710 struct wpa_ssid *other_ssid;
d93dfbd5 3711 int disconnected = 0;
86b89452 3712
d93dfbd5 3713 if (ssid && ssid != wpa_s->current_ssid && wpa_s->current_ssid) {
e66bcedd
JM		 3714 if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
3715 wpa_s->own_disconnect_req = 1;
07783eaa 3716 wpa_supplicant_deauthenticate(
86b89452 3717 wpa_s, WLAN_REASON_DEAUTH_LEAVING);
d93dfbd5
JM		 3718 disconnected = 1;
3719 }
86b89452 3720
00e5e3d5
JM		 3721 if (ssid)
3722 wpas_clear_temp_disabled(wpa_s, ssid, 1);
3723
86b89452
WS		 3724 /*
3725 * Mark all other networks disabled or mark all networks enabled if no
3726 * network specified.
3727 */
4dac0245
JM		 3728 for (other_ssid = wpa_s->conf->ssid; other_ssid;
3729 other_ssid = other_ssid->next) {
86b89452 3730 int was_disabled = other_ssid->disabled;
4dac0245
JM		 3731 if (was_disabled == 2)
3732 continue; /* do not change persistent P2P group data */
86b89452
WS		 3733
3734 other_ssid->disabled = ssid ? (ssid->id != other_ssid->id) : 0;
00e5e3d5
JM		 3735 if (was_disabled && !other_ssid->disabled)
3736 wpas_clear_temp_disabled(wpa_s, other_ssid, 0);
86b89452
WS		 3737
3738 if (was_disabled != other_ssid->disabled)
3739 wpas_notify_network_enabled_changed(wpa_s, other_ssid);
86b89452 3740 }
2a6f78fb 3741
d38c7be0
JM		 3742 if (ssid && ssid == wpa_s->current_ssid && wpa_s->current_ssid &&
3743 wpa_s->wpa_state >= WPA_AUTHENTICATING) {
2a6f78fb
JJ		 3744 /* We are already associated with the selected network */
3745 wpa_printf(MSG_DEBUG, "Already associated with the "
3746 "selected network - do nothing");
3747 return;
3748 }
3749
25a8f9e3 3750 if (ssid) {
96efeeb6 3751 wpa_s->current_ssid = ssid;
25a8f9e3 3752 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
603a3f34
JL		 3753 wpa_s->connect_without_scan =
3754 (ssid->mode == WPAS_MODE_MESH) ? ssid : NULL;
701f3961
AS		 3755
3756 /*
3757 * Don't optimize next scan freqs since a new ESS has been
3758 * selected.
3759 */
3760 os_free(wpa_s->next_scan_freqs);
3761 wpa_s->next_scan_freqs = NULL;
603a3f34
JL		 3762 } else {
3763 wpa_s->connect_without_scan = NULL;
25a8f9e3 3764 }
603a3f34 3765
86b89452
WS		 3766 wpa_s->disconnected = 0;
3767 wpa_s->reassociate = 1;
2cb40e9f 3768 wpa_s->last_owe_group = 0;
91073cca
SD		 3769 if (ssid)
3770 ssid->owe_transition_bss_select_count = 0;
cecdddc1 3771
e4a35f07 3772 if (wpa_s->connect_without_scan ||
35d40309
JM		 3773 wpa_supplicant_fast_associate(wpa_s) != 1) {
3774 wpa_s->scan_req = NORMAL_SCAN_REQ;
be7ebd89 3775 wpas_scan_reset_sched_scan(wpa_s);
cecdddc1 3776 wpa_supplicant_req_scan(wpa_s, 0, disconnected ? 100000 : 0);
35d40309 3777 }
86b89452 3778
a1641d26
JM		 3779 if (ssid)
3780 wpas_notify_network_selected(wpa_s, ssid);
86b89452
WS		 3781}
3782
3783
bdec7ee5
MS		 3784/**
3785 * wpas_set_pkcs11_engine_and_module_path - Set PKCS #11 engine and module path
3786 * @wpa_s: wpa_supplicant structure for a network interface
3787 * @pkcs11_engine_path: PKCS #11 engine path or NULL
3788 * @pkcs11_module_path: PKCS #11 module path or NULL
3789 * Returns: 0 on success; -1 on failure
3790 *
3791 * Sets the PKCS #11 engine and module path. Both have to be NULL or a valid
3792 * path. If resetting the EAPOL state machine with the new PKCS #11 engine and
3793 * module path fails the paths will be reset to the default value (NULL).
3794 */
3795int wpas_set_pkcs11_engine_and_module_path(struct wpa_supplicant *wpa_s,
3796 const char *pkcs11_engine_path,
3797 const char *pkcs11_module_path)
3798{
3799 char *pkcs11_engine_path_copy = NULL;
3800 char *pkcs11_module_path_copy = NULL;
3801
3802 if (pkcs11_engine_path != NULL) {
3803 pkcs11_engine_path_copy = os_strdup(pkcs11_engine_path);
3804 if (pkcs11_engine_path_copy == NULL)
3805 return -1;
3806 }
3807 if (pkcs11_module_path != NULL) {
3808 pkcs11_module_path_copy = os_strdup(pkcs11_module_path);
04c366cb 3809 if (pkcs11_module_path_copy == NULL) {
bdec7ee5
MS		 3810 os_free(pkcs11_engine_path_copy);
3811 return -1;
3812 }
3813 }
3814
3815 os_free(wpa_s->conf->pkcs11_engine_path);
3816 os_free(wpa_s->conf->pkcs11_module_path);
3817 wpa_s->conf->pkcs11_engine_path = pkcs11_engine_path_copy;
3818 wpa_s->conf->pkcs11_module_path = pkcs11_module_path_copy;
3819
3820 wpa_sm_set_eapol(wpa_s->wpa, NULL);
3821 eapol_sm_deinit(wpa_s->eapol);
3822 wpa_s->eapol = NULL;
3823 if (wpa_supplicant_init_eapol(wpa_s)) {
3824 /* Error -> Reset paths to the default value (NULL) once. */
3825 if (pkcs11_engine_path != NULL && pkcs11_module_path != NULL)
3826 wpas_set_pkcs11_engine_and_module_path(wpa_s, NULL,
3827 NULL);
3828
3829 return -1;
3830 }
3831 wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
3832
3833 return 0;
3834}
3835
3836
86b89452
WS		 3837/**
3838 * wpa_supplicant_set_ap_scan - Set AP scan mode for interface
3839 * @wpa_s: wpa_supplicant structure for a network interface
3840 * @ap_scan: AP scan mode
3841 * Returns: 0 if succeed or -1 if ap_scan has an invalid value
3842 *
3843 */
3844int wpa_supplicant_set_ap_scan(struct wpa_supplicant *wpa_s, int ap_scan)
3845{
3846
3847 int old_ap_scan;
3848
3849 if (ap_scan < 0 || ap_scan > 2)
3850 return -1;
3851
8406cd35
JM		 3852 if (ap_scan == 2 && os_strcmp(wpa_s->driver->name, "nl80211") == 0) {
3853 wpa_printf(MSG_INFO,
3854 "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
3855 }
3856
48f8e036
DS		 3857#ifdef ANDROID
3858 if (ap_scan == 2 && ap_scan != wpa_s->conf->ap_scan &&
3859 wpa_s->wpa_state >= WPA_ASSOCIATING &&
3860 wpa_s->wpa_state < WPA_COMPLETED) {
3861 wpa_printf(MSG_ERROR, "ap_scan = %d (%d) rejected while "
3862 "associating", wpa_s->conf->ap_scan, ap_scan);
3863 return 0;
3864 }
3865#endif /* ANDROID */
3866
86b89452
WS		 3867 old_ap_scan = wpa_s->conf->ap_scan;
3868 wpa_s->conf->ap_scan = ap_scan;
3869
3870 if (old_ap_scan != wpa_s->conf->ap_scan)
3871 wpas_notify_ap_scan_changed(wpa_s);
3872
3873 return 0;
3874}
3875
3876
78633c37
SL		 3877/**
3878 * wpa_supplicant_set_bss_expiration_age - Set BSS entry expiration age
3879 * @wpa_s: wpa_supplicant structure for a network interface
3880 * @expire_age: Expiration age in seconds
3881 * Returns: 0 if succeed or -1 if expire_age has an invalid value
3882 *
3883 */
3884int wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant *wpa_s,
3885 unsigned int bss_expire_age)
3886{
3887 if (bss_expire_age < 10) {
3888 wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration age %u",
3889 bss_expire_age);
3890 return -1;
3891 }
3892 wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration age: %d sec",
3893 bss_expire_age);
3894 wpa_s->conf->bss_expiration_age = bss_expire_age;
3895
3896 return 0;
3897}
3898
3899
3900/**
3901 * wpa_supplicant_set_bss_expiration_count - Set BSS entry expiration scan count
3902 * @wpa_s: wpa_supplicant structure for a network interface
3903 * @expire_count: number of scans after which an unseen BSS is reclaimed
3904 * Returns: 0 if succeed or -1 if expire_count has an invalid value
3905 *
3906 */
3907int wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant *wpa_s,
3908 unsigned int bss_expire_count)
3909{
3910 if (bss_expire_count < 1) {
3911 wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration count %u",
3912 bss_expire_count);
3913 return -1;
3914 }
3915 wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration scan count: %u",
3916 bss_expire_count);
3917 wpa_s->conf->bss_expiration_scan_count = bss_expire_count;
3918
3919 return 0;
3920}
3921
3922
c6e86b63
MA		 3923/**
3924 * wpa_supplicant_set_scan_interval - Set scan interval
3925 * @wpa_s: wpa_supplicant structure for a network interface
3926 * @scan_interval: scan interval in seconds
3927 * Returns: 0 if succeed or -1 if scan_interval has an invalid value
3928 *
3929 */
3930int wpa_supplicant_set_scan_interval(struct wpa_supplicant *wpa_s,
3931 int scan_interval)
3932{
3933 if (scan_interval < 0) {
3934 wpa_msg(wpa_s, MSG_ERROR, "Invalid scan interval %d",
3935 scan_interval);
3936 return -1;
3937 }
3938 wpa_msg(wpa_s, MSG_DEBUG, "Setting scan interval: %d sec",
3939 scan_interval);
9e737f08 3940 wpa_supplicant_update_scan_int(wpa_s, scan_interval);
c6e86b63
MA		 3941
3942 return 0;
3943}
3944
3945
86b89452
WS		 3946/**
3947 * wpa_supplicant_set_debug_params - Set global debug params
3948 * @global: wpa_global structure
3949 * @debug_level: debug level
3950 * @debug_timestamp: determines if show timestamp in debug data
3951 * @debug_show_keys: determines if show keys in debug data
3952 * Returns: 0 if succeed or -1 if debug_level has wrong value
3953 */
3954int wpa_supplicant_set_debug_params(struct wpa_global *global, int debug_level,
3955 int debug_timestamp, int debug_show_keys)
3956{
3957
3958 int old_level, old_timestamp, old_show_keys;
3959
3960 /* check for allowed debuglevels */
14dc0011
PS		 3961 if (debug_level != MSG_EXCESSIVE &&
3962 debug_level != MSG_MSGDUMP &&
86b89452
WS		 3963 debug_level != MSG_DEBUG &&
3964 debug_level != MSG_INFO &&
3965 debug_level != MSG_WARNING &&
3966 debug_level != MSG_ERROR)
3967 return -1;
3968
3969 old_level = wpa_debug_level;
3970 old_timestamp = wpa_debug_timestamp;
3971 old_show_keys = wpa_debug_show_keys;
3972
3973 wpa_debug_level = debug_level;
3974 wpa_debug_timestamp = debug_timestamp ? 1 : 0;
3975 wpa_debug_show_keys = debug_show_keys ? 1 : 0;
3976
db9133ac
WS		 3977 if (wpa_debug_level != old_level)
3978 wpas_notify_debug_level_changed(global);
3979 if (wpa_debug_timestamp != old_timestamp)
3980 wpas_notify_debug_timestamp_changed(global);
3981 if (wpa_debug_show_keys != old_show_keys)
3982 wpas_notify_debug_show_keys_changed(global);
86b89452
WS		 3983
3984 return 0;
3985}
3986
3987
e8b96490
JM		 3988#ifdef CONFIG_OWE
3989static int owe_trans_ssid_match(struct wpa_supplicant *wpa_s, const u8 *bssid,
3990 const u8 *entry_ssid, size_t entry_ssid_len)
3991{
3992 const u8 *owe, *pos, *end;
3993 u8 ssid_len;
3994 struct wpa_bss *bss;
3995
3996 /* Check network profile SSID aganst the SSID in the
3997 * OWE Transition Mode element. */
3998
3999 bss = wpa_bss_get_bssid_latest(wpa_s, bssid);
4000 if (!bss)
4001 return 0;
4002
4003 owe = wpa_bss_get_vendor_ie(bss, OWE_IE_VENDOR_TYPE);
4004 if (!owe)
4005 return 0;
4006
4007 pos = owe + 6;
4008 end = owe + 2 + owe[1];
4009
4010 if (end - pos < ETH_ALEN + 1)
4011 return 0;
4012 pos += ETH_ALEN;
4013 ssid_len = *pos++;
4014 if (end - pos < ssid_len || ssid_len > SSID_MAX_LEN)
4015 return 0;
4016
4017 return entry_ssid_len == ssid_len &&
4018 os_memcmp(pos, entry_ssid, ssid_len) == 0;
4019}
4020#endif /* CONFIG_OWE */
4021
4022
6fc6879b
JM		 4023/**
4024 * wpa_supplicant_get_ssid - Get a pointer to the current network structure
4025 * @wpa_s: Pointer to wpa_supplicant data
4026 * Returns: A pointer to the current network structure or %NULL on failure
4027 */
4028struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
4029{
4030 struct wpa_ssid *entry;
eaa8eefe 4031 u8 ssid[SSID_MAX_LEN];
6fc6879b
JM		 4032 int res;
4033 size_t ssid_len;
4034 u8 bssid[ETH_ALEN];
4035 int wired;
4036
17fbb751
JM		 4037 res = wpa_drv_get_ssid(wpa_s, ssid);
4038 if (res < 0) {
4039 wpa_msg(wpa_s, MSG_WARNING, "Could not read SSID from "
4040 "driver");
4041 return NULL;
6fc6879b 4042 }
17fbb751 4043 ssid_len = res;
6fc6879b 4044
17fbb751 4045 if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
f049052b
BG		 4046 wpa_msg(wpa_s, MSG_WARNING, "Could not read BSSID from "
4047 "driver");
6fc6879b
JM		 4048 return NULL;
4049 }
4050
c2a04078
JM		 4051 wired = wpa_s->conf->ap_scan == 0 &&
4052 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED);
6fc6879b
JM		 4053
4054 entry = wpa_s->conf->ssid;
4055 while (entry) {
349493bd 4056 if (!wpas_network_disabled(wpa_s, entry) &&
6fc6879b 4057 ((ssid_len == entry->ssid_len &&
c4fccfc7
JM		 4058 (!entry->ssid ||
4059 os_memcmp(ssid, entry->ssid, ssid_len) == 0)) ||
4060 wired) &&
6fc6879b
JM		 4061 (!entry->bssid_set ||
4062 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
4063 return entry;
24c23d1b 4064#ifdef CONFIG_WPS
349493bd 4065 if (!wpas_network_disabled(wpa_s, entry) &&
24c23d1b
JM		 4066 (entry->key_mgmt & WPA_KEY_MGMT_WPS) &&
4067 (entry->ssid == NULL || entry->ssid_len == 0) &&
4068 (!entry->bssid_set ||
4069 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
4070 return entry;
4071#endif /* CONFIG_WPS */
7d232e23 4072
e8b96490
JM		 4073#ifdef CONFIG_OWE
4074 if (!wpas_network_disabled(wpa_s, entry) &&
4075 owe_trans_ssid_match(wpa_s, bssid, entry->ssid,
4076 entry->ssid_len) &&
4077 (!entry->bssid_set ||
4078 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
4079 return entry;
4080#endif /* CONFIG_OWE */
4081
349493bd 4082 if (!wpas_network_disabled(wpa_s, entry) && entry->bssid_set &&
7d232e23
ZC		 4083 entry->ssid_len == 0 &&
4084 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0)
4085 return entry;
4086
6fc6879b
JM		 4087 entry = entry->next;
4088 }
4089
4090 return NULL;
4091}
4092
4093
7756114f
JM		 4094static int select_driver(struct wpa_supplicant *wpa_s, int i)
4095{
4096 struct wpa_global *global = wpa_s->global;
4097
4098 if (wpa_drivers[i]->global_init && global->drv_priv[i] == NULL) {
45e3fc72 4099 global->drv_priv[i] = wpa_drivers[i]->global_init(global);
7756114f
JM		 4100 if (global->drv_priv[i] == NULL) {
4101 wpa_printf(MSG_ERROR, "Failed to initialize driver "
4102 "'%s'", wpa_drivers[i]->name);
4103 return -1;
4104 }
4105 }
4106
4107 wpa_s->driver = wpa_drivers[i];
4108 wpa_s->global_drv_priv = global->drv_priv[i];
4109
4110 return 0;
4111}
4112
4113
6fc6879b
JM		 4114static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
4115 const char *name)
4116{
4117 int i;
362f781e 4118 size_t len;
74b1c84a 4119 const char *pos, *driver = name;
6fc6879b
JM		 4120
4121 if (wpa_s == NULL)
4122 return -1;
4123
c5121837 4124 if (wpa_drivers[0] == NULL) {
f049052b
BG		 4125 wpa_msg(wpa_s, MSG_ERROR, "No driver interfaces build into "
4126 "wpa_supplicant");
6fc6879b
JM		 4127 return -1;
4128 }
4129
4130 if (name == NULL) {
4131 /* default to first driver in the list */
7756114f 4132 return select_driver(wpa_s, 0);
6fc6879b
JM		 4133 }
4134
74b1c84a
SO		 4135 do {
4136 pos = os_strchr(driver, ',');
4137 if (pos)
4138 len = pos - driver;
4139 else
4140 len = os_strlen(driver);
4141
4142 for (i = 0; wpa_drivers[i]; i++) {
4143 if (os_strlen(wpa_drivers[i]->name) == len &&
4144 os_strncmp(driver, wpa_drivers[i]->name, len) ==
0f4668ce
DW		 4145 0) {
4146 /* First driver that succeeds wins */
4147 if (select_driver(wpa_s, i) == 0)
4148 return 0;
4149 }
6fc6879b 4150 }
74b1c84a
SO		 4151
4152 driver = pos + 1;
4153 } while (pos);
6fc6879b 4154
f049052b 4155 wpa_msg(wpa_s, MSG_ERROR, "Unsupported driver '%s'", name);
6fc6879b
JM		 4156 return -1;
4157}
4158
4159
a8e0505b
JM		 4160/**
4161 * wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
4162 * @ctx: Context pointer (wpa_s); this is the ctx variable registered
4163 * with struct wpa_driver_ops::init()
4164 * @src_addr: Source address of the EAPOL frame
4165 * @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
4166 * @len: Length of the EAPOL data
4167 *
4168 * This function is called for each received EAPOL frame. Most driver
4169 * interfaces rely on more generic OS mechanism for receiving frames through
4170 * l2_packet, but if such a mechanism is not available, the driver wrapper may
4171 * take care of received EAPOL frames and deliver them to the core supplicant
4172 * code by calling this function.
4173 */
6fc6879b
JM		 4174void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
4175 const u8 *buf, size_t len)
4176{
4177 struct wpa_supplicant *wpa_s = ctx;
4178
f049052b 4179 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
6fc6879b
JM		 4180 wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
4181
02adead5
MK		 4182#ifdef CONFIG_TESTING_OPTIONS
4183 if (wpa_s->ignore_auth_resp) {
4184 wpa_printf(MSG_INFO, "RX EAPOL - ignore_auth_resp active!");
4185 return;
4186 }
4187#endif /* CONFIG_TESTING_OPTIONS */
4188
3ab35a66
JM		 4189 if (wpa_s->wpa_state < WPA_ASSOCIATED ||
4190 (wpa_s->last_eapol_matches_bssid &&
4191#ifdef CONFIG_AP
4192 !wpa_s->ap_iface &&
4193#endif /* CONFIG_AP */
4194 os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) != 0)) {
1ff73338
JM		 4195 /*
4196 * There is possible race condition between receiving the
4197 * association event and the EAPOL frame since they are coming
4198 * through different paths from the driver. In order to avoid
4199 * issues in trying to process the EAPOL frame before receiving
4200 * association information, lets queue it for processing until
3ab35a66
JM		 4201 * the association event is received. This may also be needed in
4202 * driver-based roaming case, so also use src_addr != BSSID as a
4203 * trigger if we have previously confirmed that the
4204 * Authenticator uses BSSID as the src_addr (which is not the
4205 * case with wired IEEE 802.1X).
1ff73338 4206 */
f049052b 4207 wpa_dbg(wpa_s, MSG_DEBUG, "Not associated - Delay processing "
3ab35a66
JM		 4208 "of received EAPOL frame (state=%s bssid=" MACSTR ")",
4209 wpa_supplicant_state_txt(wpa_s->wpa_state),
4210 MAC2STR(wpa_s->bssid));
1ff73338
JM		 4211 wpabuf_free(wpa_s->pending_eapol_rx);
4212 wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
4213 if (wpa_s->pending_eapol_rx) {
c2be937c 4214 os_get_reltime(&wpa_s->pending_eapol_rx_time);
1ff73338
JM		 4215 os_memcpy(wpa_s->pending_eapol_rx_src, src_addr,
4216 ETH_ALEN);
4217 }
4218 return;
4219 }
4220
3ab35a66
JM		 4221 wpa_s->last_eapol_matches_bssid =
4222 os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) == 0;
4223
db149ac9
JM		 4224#ifdef CONFIG_AP
4225 if (wpa_s->ap_iface) {
4226 wpa_supplicant_ap_rx_eapol(wpa_s, src_addr, buf, len);
4227 return;
4228 }
4229#endif /* CONFIG_AP */
4230
6fc6879b 4231 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
f049052b
BG		 4232 wpa_dbg(wpa_s, MSG_DEBUG, "Ignored received EAPOL frame since "
4233 "no key management is configured");
6fc6879b
JM		 4234 return;
4235 }
4236
4237 if (wpa_s->eapol_received == 0 &&
436ee2fd 4238 (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) ||
56586197 4239 !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
9c972abb
JM		 4240 wpa_s->wpa_state != WPA_COMPLETED) &&
4241 (wpa_s->current_ssid == NULL ||
f74618cb 4242 wpa_s->current_ssid->mode != WPAS_MODE_IBSS)) {
6fc6879b 4243 /* Timeout for completing IEEE 802.1X and WPA authentication */
5add4101
JM		 4244 int timeout = 10;
4245
4246 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
4247 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA ||
4248 wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
4249 /* Use longer timeout for IEEE 802.1X/EAP */
4250 timeout = 70;
4251 }
4252
c7dafdf9 4253#ifdef CONFIG_WPS
5add4101
JM		 4254 if (wpa_s->current_ssid && wpa_s->current_bss &&
4255 (wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_WPS) &&
4256 eap_is_wps_pin_enrollee(&wpa_s->current_ssid->eap)) {
4257 /*
4258 * Use shorter timeout if going through WPS AP iteration
4259 * for PIN config method with an AP that does not
4260 * advertise Selected Registrar.
4261 */
4262 struct wpabuf *wps_ie;
4263
4264 wps_ie = wpa_bss_get_vendor_ie_multi(
4265 wpa_s->current_bss, WPS_IE_VENDOR_TYPE);
0ef1e290
JM		 4266 if (wps_ie &&
4267 !wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1))
5add4101
JM		 4268 timeout = 10;
4269 wpabuf_free(wps_ie);
4270 }
c7dafdf9 4271#endif /* CONFIG_WPS */
5add4101
JM		 4272
4273 wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
6fc6879b
JM		 4274 }
4275 wpa_s->eapol_received++;
4276
4277 if (wpa_s->countermeasures) {
f049052b
BG		 4278 wpa_msg(wpa_s, MSG_INFO, "WPA: Countermeasures - dropped "
4279 "EAPOL packet");
6fc6879b
JM		 4280 return;
4281 }
4282
8be18440
JM		 4283#ifdef CONFIG_IBSS_RSN
4284 if (wpa_s->current_ssid &&
d7dcba70 4285 wpa_s->current_ssid->mode == WPAS_MODE_IBSS) {
8be18440
JM		 4286 ibss_rsn_rx_eapol(wpa_s->ibss_rsn, src_addr, buf, len);
4287 return;
4288 }
4289#endif /* CONFIG_IBSS_RSN */
4290
6fc6879b
JM		 4291 /* Source address of the incoming EAPOL frame could be compared to the
4292 * current BSSID. However, it is possible that a centralized
4293 * Authenticator could be using another MAC address than the BSSID of
4294 * an AP, so just allow any address to be used for now. The replies are
4295 * still sent to the current BSSID (if available), though. */
4296
4297 os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
56586197 4298 if (!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) &&
a1ea1b45 4299 wpa_s->key_mgmt != WPA_KEY_MGMT_OWE &&
567da5bb 4300 wpa_s->key_mgmt != WPA_KEY_MGMT_DPP &&
6fc6879b
JM		 4301 eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
4302 return;
4303 wpa_drv_poll(wpa_s);
436ee2fd 4304 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK))
6fc6879b 4305 wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
56586197 4306 else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
6fc6879b
JM		 4307 /*
4308 * Set portValid = TRUE here since we are going to skip 4-way
4309 * handshake processing which would normally set portValid. We
4310 * need this to allow the EAPOL state machines to be completed
4311 * without going through EAPOL-Key handshake.
4312 */
4313 eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
4314 }
4315}
4316
4317
bfba8deb 4318int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s)
6fc6879b 4319{
2961bfa8
JM		 4320 if ((!wpa_s->p2p_mgmt ||
4321 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)) &&
4322 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE)) {
bfba8deb 4323 l2_packet_deinit(wpa_s->l2);
6fc6879b
JM		 4324 wpa_s->l2 = l2_packet_init(wpa_s->ifname,
4325 wpa_drv_get_mac_addr(wpa_s),
4326 ETH_P_EAPOL,
4327 wpa_supplicant_rx_eapol, wpa_s, 0);
4328 if (wpa_s->l2 == NULL)
4329 return -1;
d89edb61
DC		 4330
4331 if (l2_packet_set_packet_filter(wpa_s->l2,
4332 L2_PACKET_FILTER_PKTTYPE))
4333 wpa_dbg(wpa_s, MSG_DEBUG,
4334 "Failed to attach pkt_type filter");
fdadd5fe
JM		 4335 } else {
4336 const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
4337 if (addr)
4338 os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
6fc6879b
JM		 4339 }
4340
4341 if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
f049052b 4342 wpa_msg(wpa_s, MSG_ERROR, "Failed to get own L2 address");
6fc6879b
JM		 4343 return -1;
4344 }
4345
c267753b
JM		 4346 wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
4347
bfba8deb
JM		 4348 return 0;
4349}
4350
4351
25f839c6
JM		 4352static void wpa_supplicant_rx_eapol_bridge(void *ctx, const u8 *src_addr,
4353 const u8 *buf, size_t len)
4354{
4355 struct wpa_supplicant *wpa_s = ctx;
4356 const struct l2_ethhdr *eth;
4357
4358 if (len < sizeof(*eth))
4359 return;
4360 eth = (const struct l2_ethhdr *) buf;
4361
4362 if (os_memcmp(eth->h_dest, wpa_s->own_addr, ETH_ALEN) != 0 &&
4363 !(eth->h_dest[0] & 0x01)) {
4364 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
4365 " (bridge - not for this interface - ignore)",
4366 MAC2STR(src_addr), MAC2STR(eth->h_dest));
4367 return;
4368 }
4369
4370 wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
4371 " (bridge)", MAC2STR(src_addr), MAC2STR(eth->h_dest));
4372 wpa_supplicant_rx_eapol(wpa_s, src_addr, buf + sizeof(*eth),
4373 len - sizeof(*eth));
4374}
4375
4376
bfba8deb
JM		 4377/**
4378 * wpa_supplicant_driver_init - Initialize driver interface parameters
4379 * @wpa_s: Pointer to wpa_supplicant data
4380 * Returns: 0 on success, -1 on failure
4381 *
4382 * This function is called to initialize driver interface parameters.
4383 * wpa_drv_init() must have been called before this function to initialize the
4384 * driver interface.
4385 */
4386int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s)
4387{
4388 static int interface_count = 0;
4389
4390 if (wpa_supplicant_update_mac_addr(wpa_s) < 0)
4391 return -1;
4392
c68f6200
AS		 4393 wpa_dbg(wpa_s, MSG_DEBUG, "Own MAC address: " MACSTR,
4394 MAC2STR(wpa_s->own_addr));
a313d17d 4395 os_memcpy(wpa_s->perm_addr, wpa_s->own_addr, ETH_ALEN);
c68f6200
AS		 4396 wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
4397
6fc6879b 4398 if (wpa_s->bridge_ifname[0]) {
f049052b
BG		 4399 wpa_dbg(wpa_s, MSG_DEBUG, "Receiving packets from bridge "
4400 "interface '%s'", wpa_s->bridge_ifname);
e6dd8196
JM		 4401 wpa_s->l2_br = l2_packet_init_bridge(
4402 wpa_s->bridge_ifname, wpa_s->ifname, wpa_s->own_addr,
4403 ETH_P_EAPOL, wpa_supplicant_rx_eapol_bridge, wpa_s, 1);
6fc6879b 4404 if (wpa_s->l2_br == NULL) {
f049052b
BG		 4405 wpa_msg(wpa_s, MSG_ERROR, "Failed to open l2_packet "
4406 "connection for the bridge interface '%s'",
4407 wpa_s->bridge_ifname);
6fc6879b
JM		 4408 return -1;
4409 }
4410 }
4411
8406cd35
JM		 4412 if (wpa_s->conf->ap_scan == 2 &&
4413 os_strcmp(wpa_s->driver->name, "nl80211") == 0) {
4414 wpa_printf(MSG_INFO,
4415 "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
4416 }
4417
6fc6879b
JM		 4418 wpa_clear_keys(wpa_s, NULL);
4419
4420 /* Make sure that TKIP countermeasures are not left enabled (could
4421 * happen if wpa_supplicant is killed during countermeasures. */
4422 wpa_drv_set_countermeasures(wpa_s, 0);
4423
f049052b 4424 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: flushing PMKID list in the driver");
6fc6879b
JM		 4425 wpa_drv_flush_pmkid(wpa_s);
4426
ba2a573c 4427 wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
b3aa456b
ES		 4428 wpa_s->prev_scan_wildcard = 0;
4429
349493bd 4430 if (wpa_supplicant_enabled_networks(wpa_s)) {
a0e9d892
AS		 4431 if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
4432 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
4433 interface_count = 0;
4434 }
ee82e33d 4435#ifndef ANDROID
3a94adbf 4436 if (!wpa_s->p2p_mgmt &&
5d0d72a3
BG		 4437 wpa_supplicant_delayed_sched_scan(wpa_s,
4438 interface_count % 3,
6a90053c 4439 100000))
5d0d72a3 4440 wpa_supplicant_req_scan(wpa_s, interface_count % 3,
a4cba8f1 4441 100000);
ee82e33d 4442#endif /* ANDROID */
74e259ec
JM		 4443 interface_count++;
4444 } else
4445 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
6fc6879b
JM		 4446
4447 return 0;
4448}
4449
4450
4451static int wpa_supplicant_daemon(const char *pid_file)
4452{
4453 wpa_printf(MSG_DEBUG, "Daemonize..");
4454 return os_daemonize(pid_file);
4455}
4456
4457
1772d348
JM		 4458static struct wpa_supplicant *
4459wpa_supplicant_alloc(struct wpa_supplicant *parent)
6fc6879b
JM		 4460{
4461 struct wpa_supplicant *wpa_s;
4462
4463 wpa_s = os_zalloc(sizeof(*wpa_s));
4464 if (wpa_s == NULL)
4465 return NULL;
4115303b 4466 wpa_s->scan_req = INITIAL_SCAN_REQ;
67b9bd08 4467 wpa_s->scan_interval = 5;
c302f207 4468 wpa_s->new_connection = 1;
1772d348 4469 wpa_s->parent = parent ? parent : wpa_s;
ba307f85 4470 wpa_s->p2pdev = wpa_s->parent;
cbdf3507 4471 wpa_s->sched_scanning = 0;
6fc6879b 4472
dd599908 4473 dl_list_init(&wpa_s->bss_tmp_disallowed);
5732b770 4474 dl_list_init(&wpa_s->fils_hlp_req);
dd599908 4475
6fc6879b
JM		 4476 return wpa_s;
4477}
4478
4479
80e8a5ee
BG		 4480#ifdef CONFIG_HT_OVERRIDES
4481
4482static int wpa_set_htcap_mcs(struct wpa_supplicant *wpa_s,
4483 struct ieee80211_ht_capabilities *htcaps,
4484 struct ieee80211_ht_capabilities *htcaps_mask,
4485 const char *ht_mcs)
4486{
4487 /* parse ht_mcs into hex array */
4488 int i;
4489 const char *tmp = ht_mcs;
4490 char *end = NULL;
4491
4492 /* If ht_mcs is null, do not set anything */
4493 if (!ht_mcs)
4494 return 0;
4495
4496 /* This is what we are setting in the kernel */
4497 os_memset(&htcaps->supported_mcs_set, 0, IEEE80211_HT_MCS_MASK_LEN);
4498
4499 wpa_msg(wpa_s, MSG_DEBUG, "set_htcap, ht_mcs -:%s:-", ht_mcs);
4500
4501 for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
30eddf35
JB		 4502 long v;
4503
80e8a5ee 4504 errno = 0;
30eddf35
JB		 4505 v = strtol(tmp, &end, 16);
4506
80e8a5ee
BG		 4507 if (errno == 0) {
4508 wpa_msg(wpa_s, MSG_DEBUG,
4509 "htcap value[%i]: %ld end: %p tmp: %p",
4510 i, v, end, tmp);
4511 if (end == tmp)
4512 break;
4513
4514 htcaps->supported_mcs_set[i] = v;
4515 tmp = end;
4516 } else {
4517 wpa_msg(wpa_s, MSG_ERROR,
4518 "Failed to parse ht-mcs: %s, error: %s\n",
4519 ht_mcs, strerror(errno));
4520 return -1;
4521 }
4522 }
4523
4524 /*
4525 * If we were able to parse any values, then set mask for the MCS set.
4526 */
4527 if (i) {
4528 os_memset(&htcaps_mask->supported_mcs_set, 0xff,
4529 IEEE80211_HT_MCS_MASK_LEN - 1);
4530 /* skip the 3 reserved bits */
4531 htcaps_mask->supported_mcs_set[IEEE80211_HT_MCS_MASK_LEN - 1] =
4532 0x1f;
4533 }
4534
4535 return 0;
4536}
4537
4538
4539static int wpa_disable_max_amsdu(struct wpa_supplicant *wpa_s,
4540 struct ieee80211_ht_capabilities *htcaps,
4541 struct ieee80211_ht_capabilities *htcaps_mask,
4542 int disabled)
4543{
5bc28571 4544 le16 msk;
80e8a5ee 4545
80e8a5ee
BG		 4546 if (disabled == -1)
4547 return 0;
4548
bbdb5014
JM		 4549 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_max_amsdu: %d", disabled);
4550
80e8a5ee
BG		 4551 msk = host_to_le16(HT_CAP_INFO_MAX_AMSDU_SIZE);
4552 htcaps_mask->ht_capabilities_info |= msk;
4553 if (disabled)
4554 htcaps->ht_capabilities_info &= msk;
4555 else
4556 htcaps->ht_capabilities_info |= msk;
4557
4558 return 0;
4559}
4560
4561
4562static int wpa_set_ampdu_factor(struct wpa_supplicant *wpa_s,
4563 struct ieee80211_ht_capabilities *htcaps,
4564 struct ieee80211_ht_capabilities *htcaps_mask,
4565 int factor)
4566{
80e8a5ee
BG		 4567 if (factor == -1)
4568 return 0;
4569
bbdb5014
JM		 4570 wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_factor: %d", factor);
4571
80e8a5ee
BG		 4572 if (factor < 0 || factor > 3) {
4573 wpa_msg(wpa_s, MSG_ERROR, "ampdu_factor: %d out of range. "
4574 "Must be 0-3 or -1", factor);
4575 return -EINVAL;
4576 }
4577
4578 htcaps_mask->a_mpdu_params |= 0x3; /* 2 bits for factor */
4579 htcaps->a_mpdu_params &= ~0x3;
4580 htcaps->a_mpdu_params |= factor & 0x3;
4581
4582 return 0;
4583}
4584
4585
4586static int wpa_set_ampdu_density(struct wpa_supplicant *wpa_s,
4587 struct ieee80211_ht_capabilities *htcaps,
4588 struct ieee80211_ht_capabilities *htcaps_mask,
4589 int density)
4590{
80e8a5ee
BG		 4591 if (density == -1)
4592 return 0;
4593
bbdb5014
JM		 4594 wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_density: %d", density);
4595
80e8a5ee
BG		 4596 if (density < 0 || density > 7) {
4597 wpa_msg(wpa_s, MSG_ERROR,
4598 "ampdu_density: %d out of range. Must be 0-7 or -1.",
4599 density);
4600 return -EINVAL;
4601 }
4602
4603 htcaps_mask->a_mpdu_params |= 0x1C;
4604 htcaps->a_mpdu_params &= ~(0x1C);
4605 htcaps->a_mpdu_params |= (density << 2) & 0x1C;
4606
4607 return 0;
4608}
4609
4610
4611static int wpa_set_disable_ht40(struct wpa_supplicant *wpa_s,
4612 struct ieee80211_ht_capabilities *htcaps,
4613 struct ieee80211_ht_capabilities *htcaps_mask,
4614 int disabled)
4615{
bbdb5014
JM		 4616 if (disabled)
4617 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ht40: %d", disabled);
80e8a5ee 4618
9eb5757a
MH		 4619 set_disable_ht40(htcaps, disabled);
4620 set_disable_ht40(htcaps_mask, 0);
80e8a5ee
BG		 4621
4622 return 0;
4623}
4624
4625
a90497f8
BG		 4626static int wpa_set_disable_sgi(struct wpa_supplicant *wpa_s,
4627 struct ieee80211_ht_capabilities *htcaps,
4628 struct ieee80211_ht_capabilities *htcaps_mask,
4629 int disabled)
4630{
4631 /* Masking these out disables SGI */
5bc28571
JM		 4632 le16 msk = host_to_le16(HT_CAP_INFO_SHORT_GI20MHZ |
4633 HT_CAP_INFO_SHORT_GI40MHZ);
a90497f8 4634
bbdb5014
JM		 4635 if (disabled)
4636 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_sgi: %d", disabled);
a90497f8
BG		 4637
4638 if (disabled)
4639 htcaps->ht_capabilities_info &= ~msk;
4640 else
4641 htcaps->ht_capabilities_info |= msk;
4642
4643 htcaps_mask->ht_capabilities_info |= msk;
4644
4645 return 0;
4646}
4647
4648
39a5800f
PK		 4649static int wpa_set_disable_ldpc(struct wpa_supplicant *wpa_s,
4650 struct ieee80211_ht_capabilities *htcaps,
4651 struct ieee80211_ht_capabilities *htcaps_mask,
4652 int disabled)
4653{
4654 /* Masking these out disables LDPC */
5bc28571 4655 le16 msk = host_to_le16(HT_CAP_INFO_LDPC_CODING_CAP);
39a5800f 4656
bbdb5014
JM		 4657 if (disabled)
4658 wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ldpc: %d", disabled);
39a5800f
PK		 4659
4660 if (disabled)
4661 htcaps->ht_capabilities_info &= ~msk;
4662 else
4663 htcaps->ht_capabilities_info |= msk;
4664
4665 htcaps_mask->ht_capabilities_info |= msk;
4666
4667 return 0;
4668}
4669
4670
cdeea70f
SM		 4671static int wpa_set_tx_stbc(struct wpa_supplicant *wpa_s,
4672 struct ieee80211_ht_capabilities *htcaps,
4673 struct ieee80211_ht_capabilities *htcaps_mask,
4674 int tx_stbc)
4675{
4676 le16 msk = host_to_le16(HT_CAP_INFO_TX_STBC);
4677
cdeea70f
SM		 4678 if (tx_stbc == -1)
4679 return 0;
4680
bbdb5014
JM		 4681 wpa_msg(wpa_s, MSG_DEBUG, "set_tx_stbc: %d", tx_stbc);
4682
cdeea70f
SM		 4683 if (tx_stbc < 0 || tx_stbc > 1) {
4684 wpa_msg(wpa_s, MSG_ERROR,
4685 "tx_stbc: %d out of range. Must be 0-1 or -1", tx_stbc);
4686 return -EINVAL;
4687 }
4688
4689 htcaps_mask->ht_capabilities_info |= msk;
4690 htcaps->ht_capabilities_info &= ~msk;
4691 htcaps->ht_capabilities_info |= (tx_stbc << 7) & msk;
4692
4693 return 0;
4694}
4695
4696
4697static int wpa_set_rx_stbc(struct wpa_supplicant *wpa_s,
4698 struct ieee80211_ht_capabilities *htcaps,
4699 struct ieee80211_ht_capabilities *htcaps_mask,
4700 int rx_stbc)
4701{
4702 le16 msk = host_to_le16(HT_CAP_INFO_RX_STBC_MASK);
4703
cdeea70f
SM		 4704 if (rx_stbc == -1)
4705 return 0;
4706
bbdb5014
JM		 4707 wpa_msg(wpa_s, MSG_DEBUG, "set_rx_stbc: %d", rx_stbc);
4708
cdeea70f
SM		 4709 if (rx_stbc < 0 || rx_stbc > 3) {
4710 wpa_msg(wpa_s, MSG_ERROR,
4711 "rx_stbc: %d out of range. Must be 0-3 or -1", rx_stbc);
4712 return -EINVAL;
4713 }
4714
4715 htcaps_mask->ht_capabilities_info |= msk;
4716 htcaps->ht_capabilities_info &= ~msk;
4717 htcaps->ht_capabilities_info |= (rx_stbc << 8) & msk;
4718
4719 return 0;
4720}
4721
4722
80e8a5ee
BG		 4723void wpa_supplicant_apply_ht_overrides(
4724 struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
4725 struct wpa_driver_associate_params *params)
4726{
4727 struct ieee80211_ht_capabilities *htcaps;
4728 struct ieee80211_ht_capabilities *htcaps_mask;
4729
4730 if (!ssid)
4731 return;
4732
4733 params->disable_ht = ssid->disable_ht;
4734 if (!params->htcaps || !params->htcaps_mask)
4735 return;
4736
4737 htcaps = (struct ieee80211_ht_capabilities *) params->htcaps;
4738 htcaps_mask = (struct ieee80211_ht_capabilities *) params->htcaps_mask;
4739 wpa_set_htcap_mcs(wpa_s, htcaps, htcaps_mask, ssid->ht_mcs);
4740 wpa_disable_max_amsdu(wpa_s, htcaps, htcaps_mask,
4741 ssid->disable_max_amsdu);
4742 wpa_set_ampdu_factor(wpa_s, htcaps, htcaps_mask, ssid->ampdu_factor);
4743 wpa_set_ampdu_density(wpa_s, htcaps, htcaps_mask, ssid->ampdu_density);
4744 wpa_set_disable_ht40(wpa_s, htcaps, htcaps_mask, ssid->disable_ht40);
a90497f8 4745 wpa_set_disable_sgi(wpa_s, htcaps, htcaps_mask, ssid->disable_sgi);
39a5800f 4746 wpa_set_disable_ldpc(wpa_s, htcaps, htcaps_mask, ssid->disable_ldpc);
cdeea70f
SM		 4747 wpa_set_rx_stbc(wpa_s, htcaps, htcaps_mask, ssid->rx_stbc);
4748 wpa_set_tx_stbc(wpa_s, htcaps, htcaps_mask, ssid->tx_stbc);
d41cc8cc
JM		 4749
4750 if (ssid->ht40_intolerant) {
5bc28571 4751 le16 bit = host_to_le16(HT_CAP_INFO_40MHZ_INTOLERANT);
d41cc8cc
JM		 4752 htcaps->ht_capabilities_info |= bit;
4753 htcaps_mask->ht_capabilities_info |= bit;
4754 }
80e8a5ee
BG		 4755}
4756
4757#endif /* CONFIG_HT_OVERRIDES */
4758
4759
e9ee8dc3
JB		 4760#ifdef CONFIG_VHT_OVERRIDES
4761void wpa_supplicant_apply_vht_overrides(
4762 struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
4763 struct wpa_driver_associate_params *params)
4764{
4765 struct ieee80211_vht_capabilities *vhtcaps;
4766 struct ieee80211_vht_capabilities *vhtcaps_mask;
4767
4768 if (!ssid)
4769 return;
4770
4771 params->disable_vht = ssid->disable_vht;
4772
4773 vhtcaps = (void *) params->vhtcaps;
4774 vhtcaps_mask = (void *) params->vhtcaps_mask;
4775
4776 if (!vhtcaps || !vhtcaps_mask)
4777 return;
4778
4d8d710f
JM		 4779 vhtcaps->vht_capabilities_info = host_to_le32(ssid->vht_capa);
4780 vhtcaps_mask->vht_capabilities_info = host_to_le32(ssid->vht_capa_mask);
e9ee8dc3 4781
4f560cde 4782#ifdef CONFIG_HT_OVERRIDES
fd83a808
BG		 4783 if (ssid->disable_sgi) {
4784 vhtcaps_mask->vht_capabilities_info |= (VHT_CAP_SHORT_GI_80 |
4785 VHT_CAP_SHORT_GI_160);
4786 vhtcaps->vht_capabilities_info &= ~(VHT_CAP_SHORT_GI_80 |
4787 VHT_CAP_SHORT_GI_160);
4788 wpa_msg(wpa_s, MSG_DEBUG,
4789 "disable-sgi override specified, vht-caps: 0x%x",
4790 vhtcaps->vht_capabilities_info);
4791 }
4792
4f560cde 4793 /* if max ampdu is <= 3, we have to make the HT cap the same */
b0f33467
JM		 4794 if (ssid->vht_capa_mask & VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX) {
4795 int max_ampdu;
4796
4797 max_ampdu = (ssid->vht_capa &
4798 VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX) >>
4799 VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX_SHIFT;
4f560cde
EP		 4800
4801 max_ampdu = max_ampdu < 3 ? max_ampdu : 3;
4802 wpa_set_ampdu_factor(wpa_s,
4803 (void *) params->htcaps,
4804 (void *) params->htcaps_mask,
4805 max_ampdu);
4806 }
4807#endif /* CONFIG_HT_OVERRIDES */
4808
e9ee8dc3
JB		 4809#define OVERRIDE_MCS(i) \
4810 if (ssid->vht_tx_mcs_nss_ ##i >= 0) { \
4811 vhtcaps_mask->vht_supported_mcs_set.tx_map |= \
4d8d710f 4812 host_to_le16(3 << 2 * (i - 1)); \
e9ee8dc3 4813 vhtcaps->vht_supported_mcs_set.tx_map |= \
4d8d710f
JM		 4814 host_to_le16(ssid->vht_tx_mcs_nss_ ##i << \
4815 2 * (i - 1)); \
e9ee8dc3
JB		 4816 } \
4817 if (ssid->vht_rx_mcs_nss_ ##i >= 0) { \
4818 vhtcaps_mask->vht_supported_mcs_set.rx_map |= \
4d8d710f 4819 host_to_le16(3 << 2 * (i - 1)); \
e9ee8dc3 4820 vhtcaps->vht_supported_mcs_set.rx_map |= \
4d8d710f
JM		 4821 host_to_le16(ssid->vht_rx_mcs_nss_ ##i << \
4822 2 * (i - 1)); \
e9ee8dc3
JB		 4823 }
4824
4825 OVERRIDE_MCS(1);
4826 OVERRIDE_MCS(2);
4827 OVERRIDE_MCS(3);
4828 OVERRIDE_MCS(4);
4829 OVERRIDE_MCS(5);
4830 OVERRIDE_MCS(6);
4831 OVERRIDE_MCS(7);
4832 OVERRIDE_MCS(8);
4833}
4834#endif /* CONFIG_VHT_OVERRIDES */
4835
4836
f64adcd7
JM		 4837static int pcsc_reader_init(struct wpa_supplicant *wpa_s)
4838{
4839#ifdef PCSC_FUNCS
4840 size_t len;
4841
4842 if (!wpa_s->conf->pcsc_reader)
4843 return 0;
4844
22cf7d73 4845 wpa_s->scard = scard_init(wpa_s->conf->pcsc_reader);
f64adcd7
JM		 4846 if (!wpa_s->scard)
4847 return 1;
4848
4849 if (wpa_s->conf->pcsc_pin &&
4850 scard_set_pin(wpa_s->scard, wpa_s->conf->pcsc_pin) < 0) {
4851 scard_deinit(wpa_s->scard);
4852 wpa_s->scard = NULL;
4853 wpa_msg(wpa_s, MSG_ERROR, "PC/SC PIN validation failed");
4854 return -1;
4855 }
4856
4857 len = sizeof(wpa_s->imsi) - 1;
4858 if (scard_get_imsi(wpa_s->scard, wpa_s->imsi, &len)) {
4859 scard_deinit(wpa_s->scard);
4860 wpa_s->scard = NULL;
4861 wpa_msg(wpa_s, MSG_ERROR, "Could not read IMSI");
4862 return -1;
4863 }
4864 wpa_s->imsi[len] = '\0';
4865
4866 wpa_s->mnc_len = scard_get_mnc_len(wpa_s->scard);
4867
4868 wpa_printf(MSG_DEBUG, "SCARD: IMSI %s (MNC length %d)",
4869 wpa_s->imsi, wpa_s->mnc_len);
4870
4871 wpa_sm_set_scard_ctx(wpa_s->wpa, wpa_s->scard);
4872 eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard);
4873#endif /* PCSC_FUNCS */
4874
4875 return 0;
4876}
4877
4878
306ae225
JM		 4879int wpas_init_ext_pw(struct wpa_supplicant *wpa_s)
4880{
4881 char *val, *pos;
4882
4883 ext_password_deinit(wpa_s->ext_pw);
4884 wpa_s->ext_pw = NULL;
4885 eapol_sm_set_ext_pw_ctx(wpa_s->eapol, NULL);
4886
4887 if (!wpa_s->conf->ext_password_backend)
4888 return 0;
4889
4890 val = os_strdup(wpa_s->conf->ext_password_backend);
4891 if (val == NULL)
4892 return -1;
4893 pos = os_strchr(val, ':');
4894 if (pos)
4895 *pos++ = '\0';
4896
4897 wpa_printf(MSG_DEBUG, "EXT PW: Initialize backend '%s'", val);
4898
4899 wpa_s->ext_pw = ext_password_init(val, pos);
4900 os_free(val);
4901 if (wpa_s->ext_pw == NULL) {
4902 wpa_printf(MSG_DEBUG, "EXT PW: Failed to initialize backend");
4903 return -1;
4904 }
4905 eapol_sm_set_ext_pw_ctx(wpa_s->eapol, wpa_s->ext_pw);
4906
4907 return 0;
4908}
4909
4910
b36a3a65
AN		 4911#ifdef CONFIG_FST
4912
4913static const u8 * wpas_fst_get_bssid_cb(void *ctx)
4914{
4915 struct wpa_supplicant *wpa_s = ctx;
4916
4917 return (is_zero_ether_addr(wpa_s->bssid) ||
4918 wpa_s->wpa_state != WPA_COMPLETED) ? NULL : wpa_s->bssid;
4919}
4920
4921
4922static void wpas_fst_get_channel_info_cb(void *ctx,
4923 enum hostapd_hw_mode *hw_mode,
4924 u8 *channel)
4925{
4926 struct wpa_supplicant *wpa_s = ctx;
4927
4928 if (wpa_s->current_bss) {
4929 *hw_mode = ieee80211_freq_to_chan(wpa_s->current_bss->freq,
4930 channel);
4931 } else if (wpa_s->hw.num_modes) {
4932 *hw_mode = wpa_s->hw.modes[0].mode;
4933 } else {
4934 WPA_ASSERT(0);
4935 *hw_mode = 0;
4936 }
4937}
4938
4939
4940static int wpas_fst_get_hw_modes(void *ctx, struct hostapd_hw_modes **modes)
4941{
4942 struct wpa_supplicant *wpa_s = ctx;
4943
4944 *modes = wpa_s->hw.modes;
4945 return wpa_s->hw.num_modes;
4946}
4947
4948
84bcb4e7 4949static void wpas_fst_set_ies_cb(void *ctx, const struct wpabuf *fst_ies)
b36a3a65
AN		 4950{
4951 struct wpa_supplicant *wpa_s = ctx;
4952
b7a07937 4953 wpa_hexdump_buf(MSG_DEBUG, "FST: Set IEs", fst_ies);
b36a3a65
AN		 4954 wpa_s->fst_ies = fst_ies;
4955}
4956
4957
4958static int wpas_fst_send_action_cb(void *ctx, const u8 *da, struct wpabuf *data)
4959{
4960 struct wpa_supplicant *wpa_s = ctx;
4961
0da35523
JM		 4962 if (os_memcmp(wpa_s->bssid, da, ETH_ALEN) != 0) {
4963 wpa_printf(MSG_INFO, "FST:%s:bssid=" MACSTR " != da=" MACSTR,
4964 __func__, MAC2STR(wpa_s->bssid), MAC2STR(da));
4965 return -1;
4966 }
b36a3a65 4967 return wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
0da35523
JM		 4968 wpa_s->own_addr, wpa_s->bssid,
4969 wpabuf_head(data), wpabuf_len(data),
b36a3a65
AN		 4970 0);
4971}
4972
4973
a0f04da5 4974static const struct wpabuf * wpas_fst_get_mb_ie_cb(void *ctx, const u8 *addr)
b36a3a65
AN		 4975{
4976 struct wpa_supplicant *wpa_s = ctx;
4977
4978 WPA_ASSERT(os_memcmp(wpa_s->bssid, addr, ETH_ALEN) == 0);
4979 return wpa_s->received_mb_ies;
4980}
4981
4982
4983static void wpas_fst_update_mb_ie_cb(void *ctx, const u8 *addr,
4984 const u8 *buf, size_t size)
4985{
4986 struct wpa_supplicant *wpa_s = ctx;
4987 struct mb_ies_info info;
4988
4989 WPA_ASSERT(os_memcmp(wpa_s->bssid, addr, ETH_ALEN) == 0);
4990
4991 if (!mb_ies_info_by_ies(&info, buf, size)) {
4992 wpabuf_free(wpa_s->received_mb_ies);
4993 wpa_s->received_mb_ies = mb_ies_by_info(&info);
4994 }
4995}
4996
4997
39cdd3a0
JM		 4998static const u8 * wpas_fst_get_peer_first(void *ctx,
4999 struct fst_get_peer_ctx **get_ctx,
5000 Boolean mb_only)
b36a3a65
AN		 5001{
5002 struct wpa_supplicant *wpa_s = ctx;
5003
5004 *get_ctx = NULL;
5005 if (!is_zero_ether_addr(wpa_s->bssid))
5006 return (wpa_s->received_mb_ies || !mb_only) ?
5007 wpa_s->bssid : NULL;
5008 return NULL;
5009}
5010
5011
39cdd3a0
JM		 5012static const u8 * wpas_fst_get_peer_next(void *ctx,
5013 struct fst_get_peer_ctx **get_ctx,
5014 Boolean mb_only)
b36a3a65
AN		 5015{
5016 return NULL;
5017}
5018
5019void fst_wpa_supplicant_fill_iface_obj(struct wpa_supplicant *wpa_s,
5020 struct fst_wpa_obj *iface_obj)
5021{
5022 iface_obj->ctx = wpa_s;
5023 iface_obj->get_bssid = wpas_fst_get_bssid_cb;
5024 iface_obj->get_channel_info = wpas_fst_get_channel_info_cb;
5025 iface_obj->get_hw_modes = wpas_fst_get_hw_modes;
5026 iface_obj->set_ies = wpas_fst_set_ies_cb;
5027 iface_obj->send_action = wpas_fst_send_action_cb;
5028 iface_obj->get_mb_ie = wpas_fst_get_mb_ie_cb;
5029 iface_obj->update_mb_ie = wpas_fst_update_mb_ie_cb;
5030 iface_obj->get_peer_first = wpas_fst_get_peer_first;
5031 iface_obj->get_peer_next = wpas_fst_get_peer_next;
5032}
5033#endif /* CONFIG_FST */
5034
a520bf4a 5035static int wpas_set_wowlan_triggers(struct wpa_supplicant *wpa_s,
6cbdb0c5 5036 const struct wpa_driver_capa *capa)
e4fa8b12 5037{
88cb27c7
DS		 5038 struct wowlan_triggers *triggers;
5039 int ret = 0;
e4fa8b12
EP		 5040
5041 if (!wpa_s->conf->wowlan_triggers)
5042 return 0;
5043
88cb27c7
DS		 5044 triggers = wpa_get_wowlan_triggers(wpa_s->conf->wowlan_triggers, capa);
5045 if (triggers) {
5046 ret = wpa_drv_wowlan(wpa_s, triggers);
5047 os_free(triggers);
e4fa8b12 5048 }
e4fa8b12
EP		 5049 return ret;
5050}
5051
5052
2b6e9f91 5053enum wpa_radio_work_band wpas_freq_to_band(int freq)
e903d32d
KV		 5054{
5055 if (freq < 3000)
5056 return BAND_2_4_GHZ;
5057 if (freq > 50000)
5058 return BAND_60_GHZ;
5059 return BAND_5_GHZ;
5060}
5061
5062
2b6e9f91 5063unsigned int wpas_get_bands(struct wpa_supplicant *wpa_s, const int *freqs)
e903d32d
KV		 5064{
5065 int i;
5066 unsigned int band = 0;
5067
5068 if (freqs) {
5069 /* freqs are specified for the radio work */
5070 for (i = 0; freqs[i]; i++)
5071 band |= wpas_freq_to_band(freqs[i]);
5072 } else {
5073 /*
5074 * freqs are not specified, implies all
5075 * the supported freqs by HW
5076 */
5077 for (i = 0; i < wpa_s->hw.num_modes; i++) {
5078 if (wpa_s->hw.modes[i].num_channels != 0) {
5079 if (wpa_s->hw.modes[i].mode ==
5080 HOSTAPD_MODE_IEEE80211B ||
5081 wpa_s->hw.modes[i].mode ==
5082 HOSTAPD_MODE_IEEE80211G)
5083 band |= BAND_2_4_GHZ;
5084 else if (wpa_s->hw.modes[i].mode ==
5085 HOSTAPD_MODE_IEEE80211A)
5086 band |= BAND_5_GHZ;
5087 else if (wpa_s->hw.modes[i].mode ==
5088 HOSTAPD_MODE_IEEE80211AD)
5089 band |= BAND_60_GHZ;
5090 else if (wpa_s->hw.modes[i].mode ==
5091 HOSTAPD_MODE_IEEE80211ANY)
5092 band = BAND_2_4_GHZ | BAND_5_GHZ |
5093 BAND_60_GHZ;
5094 }
5095 }
5096 }
5097
5098 return band;
5099}
5100
5101
202dec2a
JM		 5102static struct wpa_radio * radio_add_interface(struct wpa_supplicant *wpa_s,
5103 const char *rn)
5104{
5105 struct wpa_supplicant *iface = wpa_s->global->ifaces;
5106 struct wpa_radio *radio;
5107
5108 while (rn && iface) {
5109 radio = iface->radio;
5110 if (radio && os_strcmp(rn, radio->name) == 0) {
5111 wpa_printf(MSG_DEBUG, "Add interface %s to existing radio %s",
5112 wpa_s->ifname, rn);
5113 dl_list_add(&radio->ifaces, &wpa_s->radio_list);
5114 return radio;
5115 }
b154a24e
TB		 5116
5117 iface = iface->next;
202dec2a
JM		 5118 }
5119
5120 wpa_printf(MSG_DEBUG, "Add interface %s to a new radio %s",
5121 wpa_s->ifname, rn ? rn : "N/A");
5122 radio = os_zalloc(sizeof(*radio));
5123 if (radio == NULL)
5124 return NULL;
5125
5126 if (rn)
5127 os_strlcpy(radio->name, rn, sizeof(radio->name));
5128 dl_list_init(&radio->ifaces);
b1ae396f 5129 dl_list_init(&radio->work);
202dec2a
JM		 5130 dl_list_add(&radio->ifaces, &wpa_s->radio_list);
5131
5132 return radio;
5133}
5134
5135
b1ae396f
JM		 5136static void radio_work_free(struct wpa_radio_work *work)
5137{
d12a51b5
JM		 5138 if (work->wpa_s->scan_work == work) {
5139 /* This should not really happen. */
5140 wpa_dbg(work->wpa_s, MSG_INFO, "Freeing radio work '%s'@%p (started=%d) that is marked as scan_work",
5141 work->type, work, work->started);
5142 work->wpa_s->scan_work = NULL;
5143 }
5144
1b5d4714
JM		 5145#ifdef CONFIG_P2P
5146 if (work->wpa_s->p2p_scan_work == work) {
5147 /* This should not really happen. */
5148 wpa_dbg(work->wpa_s, MSG_INFO, "Freeing radio work '%s'@%p (started=%d) that is marked as p2p_scan_work",
5149 work->type, work, work->started);
5150 work->wpa_s->p2p_scan_work = NULL;
5151 }
5152#endif /* CONFIG_P2P */
5153
e903d32d
KV		 5154 if (work->started) {
5155 work->wpa_s->radio->num_active_works--;
5156 wpa_dbg(work->wpa_s, MSG_DEBUG,
7ed5337d 5157 "radio_work_free('%s'@%p): num_active_works --> %u",
e903d32d
KV		 5158 work->type, work,
5159 work->wpa_s->radio->num_active_works);
5160 }
5161
b1ae396f
JM		 5162 dl_list_del(&work->list);
5163 os_free(work);
5164}
5165
5166
4c6f450c
JM		 5167static int radio_work_is_connect(struct wpa_radio_work *work)
5168{
5169 return os_strcmp(work->type, "sme-connect") == 0 ||
5170 os_strcmp(work->type, "connect") == 0;
5171}
5172
5173
85b6b6b6
SD		 5174static int radio_work_is_scan(struct wpa_radio_work *work)
5175{
5176 return os_strcmp(work->type, "scan") == 0 ||
5177 os_strcmp(work->type, "p2p-scan") == 0;
5178}
5179
5180
e903d32d
KV		 5181static struct wpa_radio_work * radio_work_get_next_work(struct wpa_radio *radio)
5182{
5183 struct wpa_radio_work *active_work = NULL;
5184 struct wpa_radio_work *tmp;
5185
5186 /* Get the active work to know the type and band. */
5187 dl_list_for_each(tmp, &radio->work, struct wpa_radio_work, list) {
5188 if (tmp->started) {
5189 active_work = tmp;
5190 break;
5191 }
5192 }
5193
5194 if (!active_work) {
5195 /* No active work, start one */
5196 radio->num_active_works = 0;
5197 dl_list_for_each(tmp, &radio->work, struct wpa_radio_work,
5198 list) {
5199 if (os_strcmp(tmp->type, "scan") == 0 &&
5200 radio->external_scan_running &&
5201 (((struct wpa_driver_scan_params *)
5202 tmp->ctx)->only_new_results ||
5203 tmp->wpa_s->clear_driver_scan_cache))
5204 continue;
5205 return tmp;
5206 }
5207 return NULL;
5208 }
5209
4c6f450c 5210 if (radio_work_is_connect(active_work)) {
e903d32d
KV		 5211 /*
5212 * If the active work is either connect or sme-connect,
5213 * do not parallelize them with other radio works.
5214 */
5215 wpa_dbg(active_work->wpa_s, MSG_DEBUG,
5216 "Do not parallelize radio work with %s",
5217 active_work->type);
5218 return NULL;
5219 }
5220
5221 dl_list_for_each(tmp, &radio->work, struct wpa_radio_work, list) {
5222 if (tmp->started)
5223 continue;
5224
5225 /*
5226 * If connect or sme-connect are enqueued, parallelize only
5227 * those operations ahead of them in the queue.
5228 */
4c6f450c 5229 if (radio_work_is_connect(tmp))
e903d32d
KV		 5230 break;
5231
85b6b6b6
SD		 5232 /* Serialize parallel scan and p2p_scan operations on the same
5233 * interface since the driver_nl80211 mechanism for tracking
5234 * scan cookies does not yet have support for this. */
5235 if (active_work->wpa_s == tmp->wpa_s &&
5236 radio_work_is_scan(active_work) &&
5237 radio_work_is_scan(tmp)) {
5238 wpa_dbg(active_work->wpa_s, MSG_DEBUG,
5239 "Do not start work '%s' when another work '%s' is already scheduled",
5240 tmp->type, active_work->type);
5241 continue;
5242 }
e903d32d
KV		 5243 /*
5244 * Check that the radio works are distinct and
5245 * on different bands.
5246 */
5247 if (os_strcmp(active_work->type, tmp->type) != 0 &&
5248 (active_work->bands != tmp->bands)) {
5249 /*
5250 * If a scan has to be scheduled through nl80211 scan
5251 * interface and if an external scan is already running,
5252 * do not schedule the scan since it is likely to get
5253 * rejected by kernel.
5254 */
5255 if (os_strcmp(tmp->type, "scan") == 0 &&
5256 radio->external_scan_running &&
5257 (((struct wpa_driver_scan_params *)
5258 tmp->ctx)->only_new_results ||
5259 tmp->wpa_s->clear_driver_scan_cache))
5260 continue;
5261
5262 wpa_dbg(active_work->wpa_s, MSG_DEBUG,
5263 "active_work:%s new_work:%s",
5264 active_work->type, tmp->type);
5265 return tmp;
5266 }
5267 }
5268
5269 /* Did not find a radio work to schedule in parallel. */
5270 return NULL;
5271}
5272
5273
b1ae396f
JM		 5274static void radio_start_next_work(void *eloop_ctx, void *timeout_ctx)
5275{
5276 struct wpa_radio *radio = eloop_ctx;
5277 struct wpa_radio_work *work;
5278 struct os_reltime now, diff;
6428d0a7 5279 struct wpa_supplicant *wpa_s;
b1ae396f
JM		 5280
5281 work = dl_list_first(&radio->work, struct wpa_radio_work, list);
e903d32d
KV		 5282 if (work == NULL) {
5283 radio->num_active_works = 0;
b1ae396f 5284 return;
e903d32d 5285 }
b1ae396f 5286
6428d0a7
JM		 5287 wpa_s = dl_list_first(&radio->ifaces, struct wpa_supplicant,
5288 radio_list);
e903d32d
KV		 5289
5290 if (!(wpa_s &&
5291 wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS)) {
5292 if (work->started)
5293 return; /* already started and still in progress */
5294
5295 if (wpa_s && wpa_s->radio->external_scan_running) {
5296 wpa_printf(MSG_DEBUG, "Delay radio work start until externally triggered scan completes");
5297 return;
5298 }
5299 } else {
5300 work = NULL;
5301 if (radio->num_active_works < MAX_ACTIVE_WORKS) {
5302 /* get the work to schedule next */
5303 work = radio_work_get_next_work(radio);
5304 }
5305 if (!work)
5306 return;
6428d0a7
JM		 5307 }
5308
e903d32d 5309 wpa_s = work->wpa_s;
b1ae396f
JM		 5310 os_get_reltime(&now);
5311 os_reltime_sub(&now, &work->time, &diff);
e903d32d
KV		 5312 wpa_dbg(wpa_s, MSG_DEBUG,
5313 "Starting radio work '%s'@%p after %ld.%06ld second wait",
b1ae396f
JM		 5314 work->type, work, diff.sec, diff.usec);
5315 work->started = 1;
5316 work->time = now;
e903d32d
KV		 5317 radio->num_active_works++;
5318
b1ae396f 5319 work->cb(work, 0);
e903d32d
KV		 5320
5321 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS) &&
5322 radio->num_active_works < MAX_ACTIVE_WORKS)
5323 radio_work_check_next(wpa_s);
b1ae396f
JM		 5324}
5325
5326
b3253ebb
AO		 5327/*
5328 * This function removes both started and pending radio works running on
5329 * the provided interface's radio.
5330 * Prior to the removal of the radio work, its callback (cb) is called with
5331 * deinit set to be 1. Each work's callback is responsible for clearing its
5332 * internal data and restoring to a correct state.
5333 * @wpa_s: wpa_supplicant data
5334 * @type: type of works to be removed
5335 * @remove_all: 1 to remove all the works on this radio, 0 to remove only
5336 * this interface's works.
5337 */
5338void radio_remove_works(struct wpa_supplicant *wpa_s,
5339 const char *type, int remove_all)
b1ae396f
JM		 5340{
5341 struct wpa_radio_work *work, *tmp;
5342 struct wpa_radio *radio = wpa_s->radio;
5343
5344 dl_list_for_each_safe(work, tmp, &radio->work, struct wpa_radio_work,
5345 list) {
b3253ebb 5346 if (type && os_strcmp(type, work->type) != 0)
b1ae396f 5347 continue;
b3253ebb
AO		 5348
5349 /* skip other ifaces' works */
5350 if (!remove_all && work->wpa_s != wpa_s)
b1ae396f 5351 continue;
b3253ebb
AO		 5352
5353 wpa_dbg(wpa_s, MSG_DEBUG, "Remove radio work '%s'@%p%s",
5354 work->type, work, work->started ? " (started)" : "");
b1ae396f
JM		 5355 work->cb(work, 1);
5356 radio_work_free(work);
5357 }
b3253ebb
AO		 5358
5359 /* in case we removed the started work */
5360 radio_work_check_next(wpa_s);
b1ae396f
JM		 5361}
5362
5363
6a252ece
JM		 5364void radio_remove_pending_work(struct wpa_supplicant *wpa_s, void *ctx)
5365{
5366 struct wpa_radio_work *work;
5367 struct wpa_radio *radio = wpa_s->radio;
5368
5369 dl_list_for_each(work, &radio->work, struct wpa_radio_work, list) {
5370 if (work->ctx != ctx)
5371 continue;
5372 wpa_dbg(wpa_s, MSG_DEBUG, "Free pending radio work '%s'@%p%s",
5373 work->type, work, work->started ? " (started)" : "");
5374 radio_work_free(work);
5375 break;
5376 }
5377}
5378
5379
202dec2a
JM		 5380static void radio_remove_interface(struct wpa_supplicant *wpa_s)
5381{
5382 struct wpa_radio *radio = wpa_s->radio;
5383
5384 if (!radio)
5385 return;
5386
5387 wpa_printf(MSG_DEBUG, "Remove interface %s from radio %s",
5388 wpa_s->ifname, radio->name);
5389 dl_list_del(&wpa_s->radio_list);
c46235aa
AO		 5390 radio_remove_works(wpa_s, NULL, 0);
5391 wpa_s->radio = NULL;
5392 if (!dl_list_empty(&radio->ifaces))
202dec2a
JM		 5393 return; /* Interfaces remain for this radio */
5394
5395 wpa_printf(MSG_DEBUG, "Remove radio %s", radio->name);
b1ae396f 5396 eloop_cancel_timeout(radio_start_next_work, radio, NULL);
202dec2a
JM		 5397 os_free(radio);
5398}
5399
5400
6428d0a7 5401void radio_work_check_next(struct wpa_supplicant *wpa_s)
b1ae396f
JM		 5402{
5403 struct wpa_radio *radio = wpa_s->radio;
5404
5405 if (dl_list_empty(&radio->work))
5406 return;
e3745228
JM		 5407 if (wpa_s->ext_work_in_progress) {
5408 wpa_printf(MSG_DEBUG,
5409 "External radio work in progress - delay start of pending item");
5410 return;
5411 }
b1ae396f
JM		 5412 eloop_cancel_timeout(radio_start_next_work, radio, NULL);
5413 eloop_register_timeout(0, 0, radio_start_next_work, radio, NULL);
5414}
5415
5416
5417/**
5418 * radio_add_work - Add a radio work item
5419 * @wpa_s: Pointer to wpa_supplicant data
5420 * @freq: Frequency of the offchannel operation in MHz or 0
5421 * @type: Unique identifier for each type of work
5422 * @next: Force as the next work to be executed
5423 * @cb: Callback function for indicating when radio is available
5424 * @ctx: Context pointer for the work (work->ctx in cb())
5425 * Returns: 0 on success, -1 on failure
5426 *
5427 * This function is used to request time for an operation that requires
5428 * exclusive radio control. Once the radio is available, the registered callback
5429 * function will be called. radio_work_done() must be called once the exclusive
5430 * radio operation has been completed, so that the radio is freed for other
5431 * operations. The special case of deinit=1 is used to free the context data
5432 * during interface removal. That does not allow the callback function to start
5433 * the radio operation, i.e., it must free any resources allocated for the radio
5434 * work and return.
5435 *
5436 * The @freq parameter can be used to indicate a single channel on which the
5437 * offchannel operation will occur. This may allow multiple radio work
5438 * operations to be performed in parallel if they apply for the same channel.
5439 * Setting this to 0 indicates that the work item may use multiple channels or
5440 * requires exclusive control of the radio.
5441 */
5442int radio_add_work(struct wpa_supplicant *wpa_s, unsigned int freq,
5443 const char *type, int next,
5444 void (*cb)(struct wpa_radio_work *work, int deinit),
5445 void *ctx)
5446{
e903d32d 5447 struct wpa_radio *radio = wpa_s->radio;
b1ae396f
JM		 5448 struct wpa_radio_work *work;
5449 int was_empty;
5450
5451 work = os_zalloc(sizeof(*work));
5452 if (work == NULL)
5453 return -1;
5454 wpa_dbg(wpa_s, MSG_DEBUG, "Add radio work '%s'@%p", type, work);
5455 os_get_reltime(&work->time);
5456 work->freq = freq;
5457 work->type = type;
5458 work->wpa_s = wpa_s;
5459 work->cb = cb;
5460 work->ctx = ctx;
5461
e903d32d
KV		 5462 if (freq)
5463 work->bands = wpas_freq_to_band(freq);
5464 else if (os_strcmp(type, "scan") == 0 ||
5465 os_strcmp(type, "p2p-scan") == 0)
5466 work->bands = wpas_get_bands(wpa_s,
5467 ((struct wpa_driver_scan_params *)
5468 ctx)->freqs);
5469 else
5470 work->bands = wpas_get_bands(wpa_s, NULL);
5471
b1ae396f
JM		 5472 was_empty = dl_list_empty(&wpa_s->radio->work);
5473 if (next)
5474 dl_list_add(&wpa_s->radio->work, &work->list);
5475 else
5476 dl_list_add_tail(&wpa_s->radio->work, &work->list);
5477 if (was_empty) {
5478 wpa_dbg(wpa_s, MSG_DEBUG, "First radio work item in the queue - schedule start immediately");
5479 radio_work_check_next(wpa_s);
e903d32d
KV		 5480 } else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS)
5481 && radio->num_active_works < MAX_ACTIVE_WORKS) {
5482 wpa_dbg(wpa_s, MSG_DEBUG,
5483 "Try to schedule a radio work (num_active_works=%u)",
5484 radio->num_active_works);
5485 radio_work_check_next(wpa_s);
b1ae396f
JM		 5486 }
5487
5488 return 0;
5489}
5490
5491
5492/**
5493 * radio_work_done - Indicate that a radio work item has been completed
5494 * @work: Completed work
5495 *
5496 * This function is called once the callback function registered with
5497 * radio_add_work() has completed its work.
5498 */
5499void radio_work_done(struct wpa_radio_work *work)
5500{
5501 struct wpa_supplicant *wpa_s = work->wpa_s;
5502 struct os_reltime now, diff;
1f965e62 5503 unsigned int started = work->started;
b1ae396f
JM		 5504
5505 os_get_reltime(&now);
5506 os_reltime_sub(&now, &work->time, &diff);
1f965e62
JM		 5507 wpa_dbg(wpa_s, MSG_DEBUG, "Radio work '%s'@%p %s in %ld.%06ld seconds",
5508 work->type, work, started ? "done" : "canceled",
5509 diff.sec, diff.usec);
b1ae396f 5510 radio_work_free(work);
1f965e62
JM		 5511 if (started)
5512 radio_work_check_next(wpa_s);
b1ae396f
JM		 5513}
5514
5515
a7f5271d
JM		 5516struct wpa_radio_work *
5517radio_work_pending(struct wpa_supplicant *wpa_s, const char *type)
f0e30c84
JM		 5518{
5519 struct wpa_radio_work *work;
5520 struct wpa_radio *radio = wpa_s->radio;
5521
5522 dl_list_for_each(work, &radio->work, struct wpa_radio_work, list) {
5523 if (work->wpa_s == wpa_s && os_strcmp(work->type, type) == 0)
a7f5271d 5524 return work;
f0e30c84
JM		 5525 }
5526
a7f5271d 5527 return NULL;
f0e30c84
JM		 5528}
5529
5530
73c00fd7 5531static int wpas_init_driver(struct wpa_supplicant *wpa_s,
8fb2b357 5532 const struct wpa_interface *iface)
73c00fd7 5533{
202dec2a 5534 const char *ifname, *driver, *rn;
73c00fd7
JM		 5535
5536 driver = iface->driver;
5537next_driver:
5538 if (wpa_supplicant_set_driver(wpa_s, driver) < 0)
5539 return -1;
5540
5541 wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
5542 if (wpa_s->drv_priv == NULL) {
5543 const char *pos;
5544 pos = driver ? os_strchr(driver, ',') : NULL;
5545 if (pos) {
5546 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
5547 "driver interface - try next driver wrapper");
5548 driver = pos + 1;
5549 goto next_driver;
5550 }
5551 wpa_msg(wpa_s, MSG_ERROR, "Failed to initialize driver "
5552 "interface");
5553 return -1;
5554 }
5555 if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
5556 wpa_msg(wpa_s, MSG_ERROR, "Driver interface rejected "
5557 "driver_param '%s'", wpa_s->conf->driver_param);
5558 return -1;
5559 }
5560
5561 ifname = wpa_drv_get_ifname(wpa_s);
5562 if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
5563 wpa_dbg(wpa_s, MSG_DEBUG, "Driver interface replaced "
5564 "interface name with '%s'", ifname);
5565 os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
5566 }
5567
95bf699f 5568 rn = wpa_driver_get_radio_name(wpa_s);
202dec2a
JM		 5569 if (rn && rn[0] == '\0')
5570 rn = NULL;
5571
5572 wpa_s->radio = radio_add_interface(wpa_s, rn);
5573 if (wpa_s->radio == NULL)
5574 return -1;
5575
73c00fd7
JM		 5576 return 0;
5577}
5578
5579
461d39af
JM		 5580#ifdef CONFIG_GAS_SERVER
5581
5582static void wpas_gas_server_tx_status(struct wpa_supplicant *wpa_s,
5583 unsigned int freq, const u8 *dst,
5584 const u8 *src, const u8 *bssid,
5585 const u8 *data, size_t data_len,
5586 enum offchannel_send_action_result result)
5587{
5588 wpa_printf(MSG_DEBUG, "GAS: TX status: freq=%u dst=" MACSTR
5589 " result=%s",
5590 freq, MAC2STR(dst),
5591 result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
5592 (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
5593 "FAILED"));
5594 gas_server_tx_status(wpa_s->gas_server, dst, data, data_len,
5595 result == OFFCHANNEL_SEND_ACTION_SUCCESS);
5596}
5597
5598
5599static void wpas_gas_server_tx(void *ctx, int freq, const u8 *da,
5600 struct wpabuf *buf, unsigned int wait_time)
5601{
5602 struct wpa_supplicant *wpa_s = ctx;
5603 const u8 broadcast[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
5604
5605 if (wait_time > wpa_s->max_remain_on_chan)
5606 wait_time = wpa_s->max_remain_on_chan;
5607
5608 offchannel_send_action(wpa_s, freq, da, wpa_s->own_addr, broadcast,
5609 wpabuf_head(buf), wpabuf_len(buf),
5610 wait_time, wpas_gas_server_tx_status, 0);
5611}
5612
5613#endif /* CONFIG_GAS_SERVER */
5614
6fc6879b 5615static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
8fb2b357 5616 const struct wpa_interface *iface)
6fc6879b 5617{
362f781e 5618 struct wpa_driver_capa capa;
6cbdb0c5 5619 int capa_res;
aa56e36d 5620 u8 dfs_domain;
362f781e 5621
6fc6879b
JM		 5622 wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
5623 "'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
5624 iface->confname ? iface->confname : "N/A",
5625 iface->driver ? iface->driver : "default",
5626 iface->ctrl_interface ? iface->ctrl_interface : "N/A",
5627 iface->bridge_ifname ? iface->bridge_ifname : "N/A");
5628
6fc6879b
JM		 5629 if (iface->confname) {
5630#ifdef CONFIG_BACKEND_FILE
5631 wpa_s->confname = os_rel2abs_path(iface->confname);
5632 if (wpa_s->confname == NULL) {
5633 wpa_printf(MSG_ERROR, "Failed to get absolute path "
5634 "for configuration file '%s'.",
5635 iface->confname);
5636 return -1;
5637 }
5638 wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
5639 iface->confname, wpa_s->confname);
5640#else /* CONFIG_BACKEND_FILE */
5641 wpa_s->confname = os_strdup(iface->confname);
5642#endif /* CONFIG_BACKEND_FILE */
e6304cad 5643 wpa_s->conf = wpa_config_read(wpa_s->confname, NULL);
6fc6879b
JM		 5644 if (wpa_s->conf == NULL) {
5645 wpa_printf(MSG_ERROR, "Failed to read or parse "
5646 "configuration '%s'.", wpa_s->confname);
5647 return -1;
5648 }
e6304cad 5649 wpa_s->confanother = os_rel2abs_path(iface->confanother);
3bd35b68
JM		 5650 if (wpa_s->confanother &&
5651 !wpa_config_read(wpa_s->confanother, wpa_s->conf)) {
5652 wpa_printf(MSG_ERROR,
5653 "Failed to read or parse configuration '%s'.",
5654 wpa_s->confanother);
5655 return -1;
5656 }
6fc6879b
JM		 5657
5658 /*
5659 * Override ctrl_interface and driver_param if set on command
5660 * line.
5661 */
5662 if (iface->ctrl_interface) {
5663 os_free(wpa_s->conf->ctrl_interface);
5664 wpa_s->conf->ctrl_interface =
5665 os_strdup(iface->ctrl_interface);
5666 }
5667
5668 if (iface->driver_param) {
5669 os_free(wpa_s->conf->driver_param);
5670 wpa_s->conf->driver_param =
5671 os_strdup(iface->driver_param);
5672 }
78f79fe5
JM		 5673
5674 if (iface->p2p_mgmt && !iface->ctrl_interface) {
5675 os_free(wpa_s->conf->ctrl_interface);
5676 wpa_s->conf->ctrl_interface = NULL;
5677 }
6fc6879b
JM		 5678 } else
5679 wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
5680 iface->driver_param);
5681
5682 if (wpa_s->conf == NULL) {
5683 wpa_printf(MSG_ERROR, "\nNo configuration found.");
5684 return -1;
5685 }
5686
5687 if (iface->ifname == NULL) {
5688 wpa_printf(MSG_ERROR, "\nInterface name is required.");
5689 return -1;
5690 }
5691 if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
5692 wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
5693 iface->ifname);
5694 return -1;
5695 }
5696 os_strlcpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
5697
5698 if (iface->bridge_ifname) {
5699 if (os_strlen(iface->bridge_ifname) >=
5700 sizeof(wpa_s->bridge_ifname)) {
5701 wpa_printf(MSG_ERROR, "\nToo long bridge interface "
5702 "name '%s'.", iface->bridge_ifname);
5703 return -1;
5704 }
5705 os_strlcpy(wpa_s->bridge_ifname, iface->bridge_ifname,
5706 sizeof(wpa_s->bridge_ifname));
5707 }
5708
6fc6879b
JM		 5709 /* RSNA Supplicant Key Management - INITIALIZE */
5710 eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
5711 eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
5712
5713 /* Initialize driver interface and register driver event handler before
5714 * L2 receive handler so that association events are processed before
5715 * EAPOL-Key packets if both become available for the same select()
5716 * call. */
73c00fd7 5717 if (wpas_init_driver(wpa_s, iface) < 0)
362f781e
JM		 5718 return -1;
5719
6fc6879b
JM		 5720 if (wpa_supplicant_init_wpa(wpa_s) < 0)
5721 return -1;
5722
5723 wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
5724 wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
5725 NULL);
5726 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
5727
5728 if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
5729 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
5730 wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
f049052b
BG		 5731 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
5732 "dot11RSNAConfigPMKLifetime");
6fc6879b
JM		 5733 return -1;
5734 }
5735
5736 if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
5737 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
5738 wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
f049052b 5739 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
6fc6879b
JM		 5740 "dot11RSNAConfigPMKReauthThreshold");
5741 return -1;
5742 }
5743
5744 if (wpa_s->conf->dot11RSNAConfigSATimeout &&
5745 wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
5746 wpa_s->conf->dot11RSNAConfigSATimeout)) {
f049052b
BG		 5747 wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
5748 "dot11RSNAConfigSATimeout");
6fc6879b
JM		 5749 return -1;
5750 }
5751
6bf731e8
CL		 5752 wpa_s->hw.modes = wpa_drv_get_hw_feature_data(wpa_s,
5753 &wpa_s->hw.num_modes,
aa56e36d
VT		 5754 &wpa_s->hw.flags,
5755 &dfs_domain);
a1b790eb
JM		 5756 if (wpa_s->hw.modes) {
5757 u16 i;
5758
5759 for (i = 0; i < wpa_s->hw.num_modes; i++) {
5760 if (wpa_s->hw.modes[i].vht_capab) {
5761 wpa_s->hw_capab = CAPAB_VHT;
5762 break;
5763 }
5764
5765 if (wpa_s->hw.modes[i].ht_capab &
5766 HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)
5767 wpa_s->hw_capab = CAPAB_HT40;
5768 else if (wpa_s->hw.modes[i].ht_capab &&
5769 wpa_s->hw_capab == CAPAB_NO_HT_VHT)
5770 wpa_s->hw_capab = CAPAB_HT;
5771 }
5772 }
6bf731e8 5773
6cbdb0c5
JM		 5774 capa_res = wpa_drv_get_capa(wpa_s, &capa);
5775 if (capa_res == 0) {
c58ab8f2 5776 wpa_s->drv_capa_known = 1;
814782b9 5777 wpa_s->drv_flags = capa.flags;
349493bd 5778 wpa_s->drv_enc = capa.enc;
04ee647d 5779 wpa_s->drv_smps_modes = capa.smps_modes;
f936b73c 5780 wpa_s->drv_rrm_flags = capa.rrm_flags;
4f73d88a 5781 wpa_s->probe_resp_offloads = capa.probe_resp_offloads;
814782b9 5782 wpa_s->max_scan_ssids = capa.max_scan_ssids;
cbdf3507 5783 wpa_s->max_sched_scan_ssids = capa.max_sched_scan_ssids;
32c02261
AS		 5784 wpa_s->max_sched_scan_plans = capa.max_sched_scan_plans;
5785 wpa_s->max_sched_scan_plan_interval =
5786 capa.max_sched_scan_plan_interval;
5787 wpa_s->max_sched_scan_plan_iterations =
5788 capa.max_sched_scan_plan_iterations;
cbdf3507 5789 wpa_s->sched_scan_supported = capa.sched_scan_supported;
b59e6f26 5790 wpa_s->max_match_sets = capa.max_match_sets;
814782b9 5791 wpa_s->max_remain_on_chan = capa.max_remain_on_chan;
c4ea4c5c 5792 wpa_s->max_stations = capa.max_stations;
8cd6b7bc
JB		 5793 wpa_s->extended_capa = capa.extended_capa;
5794 wpa_s->extended_capa_mask = capa.extended_capa_mask;
5795 wpa_s->extended_capa_len = capa.extended_capa_len;
4752147d
IP		 5796 wpa_s->num_multichan_concurrent =
5797 capa.num_multichan_concurrent;
471cd6e1 5798 wpa_s->wmm_ac_supported = capa.wmm_ac_supported;
56c76fa5
IP		 5799
5800 if (capa.mac_addr_rand_scan_supported)
5801 wpa_s->mac_addr_rand_supported |= MAC_ADDR_RAND_SCAN;
5802 if (wpa_s->sched_scan_supported &&
5803 capa.mac_addr_rand_sched_scan_supported)
5804 wpa_s->mac_addr_rand_supported |=
5805 (MAC_ADDR_RAND_SCHED_SCAN | MAC_ADDR_RAND_PNO);
2a93ecc8
JM		 5806
5807 wpa_drv_get_ext_capa(wpa_s, WPA_IF_STATION);
5808 if (wpa_s->extended_capa &&
5809 wpa_s->extended_capa_len >= 3 &&
5810 wpa_s->extended_capa[2] & 0x40)
5811 wpa_s->multi_bss_support = 1;
814782b9
JM		 5812 }
5813 if (wpa_s->max_remain_on_chan == 0)
5814 wpa_s->max_remain_on_chan = 1000;
5815
c68f6200
AS		 5816 /*
5817 * Only take p2p_mgmt parameters when P2P Device is supported.
5818 * Doing it here as it determines whether l2_packet_init() will be done
5819 * during wpa_supplicant_driver_init().
5820 */
5821 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)
5822 wpa_s->p2p_mgmt = iface->p2p_mgmt;
c68f6200 5823
4752147d
IP		 5824 if (wpa_s->num_multichan_concurrent == 0)
5825 wpa_s->num_multichan_concurrent = 1;
5826
6fc6879b
JM		 5827 if (wpa_supplicant_driver_init(wpa_s) < 0)
5828 return -1;
5829
281ff0aa 5830#ifdef CONFIG_TDLS
8fb2b357 5831 if (!iface->p2p_mgmt && wpa_tdls_init(wpa_s->wpa))
281ff0aa
GP		 5832 return -1;
5833#endif /* CONFIG_TDLS */
5834
315ce40a
JM		 5835 if (wpa_s->conf->country[0] && wpa_s->conf->country[1] &&
5836 wpa_drv_set_country(wpa_s, wpa_s->conf->country)) {
f049052b 5837 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to set country");
6d158490
LR		 5838 return -1;
5839 }
5840
b36a3a65
AN		 5841#ifdef CONFIG_FST
5842 if (wpa_s->conf->fst_group_id) {
5843 struct fst_iface_cfg cfg;
5844 struct fst_wpa_obj iface_obj;
5845
5846 fst_wpa_supplicant_fill_iface_obj(wpa_s, &iface_obj);
5847 os_strlcpy(cfg.group_id, wpa_s->conf->fst_group_id,
5848 sizeof(cfg.group_id));
5849 cfg.priority = wpa_s->conf->fst_priority;
5850 cfg.llt = wpa_s->conf->fst_llt;
5851
5852 wpa_s->fst = fst_attach(wpa_s->ifname, wpa_s->own_addr,
5853 &iface_obj, &cfg);
5854 if (!wpa_s->fst) {
5855 wpa_msg(wpa_s, MSG_ERROR,
5856 "FST: Cannot attach iface %s to group %s",
5857 wpa_s->ifname, cfg.group_id);
5858 return -1;
5859 }
5860 }
5861#endif /* CONFIG_FST */
5862
116654ce
JM		 5863 if (wpas_wps_init(wpa_s))
5864 return -1;
5865
461d39af
JM		 5866#ifdef CONFIG_GAS_SERVER
5867 wpa_s->gas_server = gas_server_init(wpa_s, wpas_gas_server_tx);
5868 if (!wpa_s->gas_server) {
5869 wpa_printf(MSG_ERROR, "Failed to initialize GAS server");
5870 return -1;
5871 }
5872#endif /* CONFIG_GAS_SERVER */
5873
be27e185
JM		 5874#ifdef CONFIG_DPP
5875 if (wpas_dpp_init(wpa_s) < 0)
5876 return -1;
5877#endif /* CONFIG_DPP */
5878
6fc6879b
JM		 5879 if (wpa_supplicant_init_eapol(wpa_s) < 0)
5880 return -1;
5881 wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
5882
5883 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
5884 if (wpa_s->ctrl_iface == NULL) {
5885 wpa_printf(MSG_ERROR,
5886 "Failed to initialize control interface '%s'.\n"
5887 "You may have another wpa_supplicant process "
5888 "already running or the file was\n"
5889 "left by an unclean termination of wpa_supplicant "
5890 "in which case you will need\n"
5891 "to manually remove this file before starting "
5892 "wpa_supplicant again.\n",
5893 wpa_s->conf->ctrl_interface);
5894 return -1;
5895 }
5896
04ea7b79
JM		 5897 wpa_s->gas = gas_query_init(wpa_s);
5898 if (wpa_s->gas == NULL) {
5899 wpa_printf(MSG_ERROR, "Failed to initialize GAS query");
5900 return -1;
5901 }
5902
8fb2b357
VV		 5903 if ((!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) ||
5904 wpa_s->p2p_mgmt) &&
5905 wpas_p2p_init(wpa_s->global, wpa_s) < 0) {
f049052b 5906 wpa_msg(wpa_s, MSG_ERROR, "Failed to init P2P");
b22128ef
JM		 5907 return -1;
5908 }
b22128ef 5909
83922c2d
JM		 5910 if (wpa_bss_init(wpa_s) < 0)
5911 return -1;
83922c2d 5912
4d77d80e
MH		 5913#ifdef CONFIG_PMKSA_CACHE_EXTERNAL
5914#ifdef CONFIG_MESH
5915 dl_list_init(&wpa_s->mesh_external_pmksa_cache);
5916#endif /* CONFIG_MESH */
5917#endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
5918
e4fa8b12
EP		 5919 /*
5920 * Set Wake-on-WLAN triggers, if configured.
5921 * Note: We don't restore/remove the triggers on shutdown (it doesn't
5922 * have effect anyway when the interface is down).
5923 */
6cbdb0c5 5924 if (capa_res == 0 && wpas_set_wowlan_triggers(wpa_s, &capa) < 0)
e4fa8b12
EP		 5925 return -1;
5926
ec7b97ab
JM		 5927#ifdef CONFIG_EAP_PROXY
5928{
5929 size_t len;
b5db6e5d
VK		 5930 wpa_s->mnc_len = eapol_sm_get_eap_proxy_imsi(wpa_s->eapol, -1,
5931 wpa_s->imsi, &len);
ec7b97ab
JM		 5932 if (wpa_s->mnc_len > 0) {
5933 wpa_s->imsi[len] = '\0';
5934 wpa_printf(MSG_DEBUG, "eap_proxy: IMSI %s (MNC length %d)",
5935 wpa_s->imsi, wpa_s->mnc_len);
5936 } else {
5937 wpa_printf(MSG_DEBUG, "eap_proxy: IMSI not available");
5938 }
5939}
5940#endif /* CONFIG_EAP_PROXY */
5941
f64adcd7
JM		 5942 if (pcsc_reader_init(wpa_s) < 0)
5943 return -1;
5944
306ae225
JM		 5945 if (wpas_init_ext_pw(wpa_s) < 0)
5946 return -1;
5947
b361d580
AK		 5948 wpas_rrm_reset(wpa_s);
5949
32c02261
AS		 5950 wpas_sched_scan_plans_set(wpa_s, wpa_s->conf->sched_scan_plans);
5951
ca9968a0
JM		 5952#ifdef CONFIG_HS20
5953 hs20_init(wpa_s);
5954#endif /* CONFIG_HS20 */
92c6e2e3 5955#ifdef CONFIG_MBO
332aadb8
AP		 5956 if (wpa_s->conf->oce) {
5957 if ((wpa_s->conf->oce & OCE_STA) &&
5958 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_OCE_STA))
5959 wpa_s->enable_oce = OCE_STA;
5960 if ((wpa_s->conf->oce & OCE_STA_CFON) &&
5961 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_OCE_STA_CFON)) {
5962 /* TODO: Need to add STA-CFON support */
5963 wpa_printf(MSG_ERROR,
5964 "OCE STA-CFON feature is not yet supported");
5965 }
5966 }
92c6e2e3
DS		 5967 wpas_mbo_update_non_pref_chan(wpa_s, wpa_s->conf->non_pref_chan);
5968#endif /* CONFIG_MBO */
ca9968a0 5969
cc9985d1 5970 wpa_supplicant_set_default_scan_ies(wpa_s);
5971
6fc6879b
JM		 5972 return 0;
5973}
5974
5975
2ee055b3 5976static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s,
df509539 5977 int notify, int terminate)
6fc6879b 5978{
26fc96e8
JM		 5979 struct wpa_global *global = wpa_s->global;
5980 struct wpa_supplicant *iface, *prev;
5981
5982 if (wpa_s == wpa_s->parent)
5983 wpas_p2p_group_remove(wpa_s, "*");
5984
5985 iface = global->ifaces;
5986 while (iface) {
96a26ab7
LD		 5987 if (iface->p2pdev == wpa_s)
5988 iface->p2pdev = iface->parent;
26fc96e8
JM		 5989 if (iface == wpa_s || iface->parent != wpa_s) {
5990 iface = iface->next;
5991 continue;
5992 }
5993 wpa_printf(MSG_DEBUG,
5994 "Remove remaining child interface %s from parent %s",
5995 iface->ifname, wpa_s->ifname);
5996 prev = iface;
5997 iface = iface->next;
5998 wpa_supplicant_remove_iface(global, prev, terminate);
5999 }
6000
e679f140 6001 wpa_s->disconnected = 1;
6fc6879b
JM		 6002 if (wpa_s->drv_priv) {
6003 wpa_supplicant_deauthenticate(wpa_s,
6004 WLAN_REASON_DEAUTH_LEAVING);
6005
6fc6879b
JM		 6006 wpa_drv_set_countermeasures(wpa_s, 0);
6007 wpa_clear_keys(wpa_s, NULL);
6008 }
6009
8e56d189 6010 wpa_supplicant_cleanup(wpa_s);
bd10d938 6011 wpas_p2p_deinit_iface(wpa_s);
ab28911d 6012
1f965e62 6013 wpas_ctrl_radio_work_flush(wpa_s);
202dec2a
JM		 6014 radio_remove_interface(wpa_s);
6015
b36a3a65
AN		 6016#ifdef CONFIG_FST
6017 if (wpa_s->fst) {
6018 fst_detach(wpa_s->fst);
6019 wpa_s->fst = NULL;
6020 }
6021 if (wpa_s->received_mb_ies) {
6022 wpabuf_free(wpa_s->received_mb_ies);
6023 wpa_s->received_mb_ies = NULL;
6024 }
6025#endif /* CONFIG_FST */
6026
6fc6879b
JM		 6027 if (wpa_s->drv_priv)
6028 wpa_drv_deinit(wpa_s);
2523ff6e
DS		 6029
6030 if (notify)
6031 wpas_notify_iface_removed(wpa_s);
f0811516
DS		 6032
6033 if (terminate)
6034 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING);
6035
6036 if (wpa_s->ctrl_iface) {
6037 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
6038 wpa_s->ctrl_iface = NULL;
6039 }
6040
603a3f34
JL		 6041#ifdef CONFIG_MESH
6042 if (wpa_s->ifmsh) {
6043 wpa_supplicant_mesh_iface_deinit(wpa_s, wpa_s->ifmsh);
6044 wpa_s->ifmsh = NULL;
6045 }
6046#endif /* CONFIG_MESH */
6047
f0811516
DS		 6048 if (wpa_s->conf != NULL) {
6049 wpa_config_free(wpa_s->conf);
6050 wpa_s->conf = NULL;
6051 }
18e00b5e 6052
a80651d0
KV		 6053 os_free(wpa_s->ssids_from_scan_req);
6054
18e00b5e 6055 os_free(wpa_s);
6fc6879b
JM		 6056}
6057
6058
2e997eec
RM		 6059#ifdef CONFIG_MATCH_IFACE
6060
6061/**
6062 * wpa_supplicant_match_iface - Match an interface description to a name
6063 * @global: Pointer to global data from wpa_supplicant_init()
6064 * @ifname: Name of the interface to match
6065 * Returns: Pointer to the created interface description or %NULL on failure
6066 */
6067struct wpa_interface * wpa_supplicant_match_iface(struct wpa_global *global,
6068 const char *ifname)
6069{
6070 int i;
6071 struct wpa_interface *iface, *miface;
6072
6073 for (i = 0; i < global->params.match_iface_count; i++) {
6074 miface = &global->params.match_ifaces[i];
6075 if (!miface->ifname ||
6076 fnmatch(miface->ifname, ifname, 0) == 0) {
6077 iface = os_zalloc(sizeof(*iface));
6078 if (!iface)
6079 return NULL;
6080 *iface = *miface;
6081 iface->ifname = ifname;
6082 return iface;
6083 }
6084 }
6085
6086 return NULL;
6087}
6088
6089
6090/**
6091 * wpa_supplicant_match_existing - Match existing interfaces
6092 * @global: Pointer to global data from wpa_supplicant_init()
6093 * Returns: 0 on success, -1 on failure
6094 */
6095static int wpa_supplicant_match_existing(struct wpa_global *global)
6096{
6097 struct if_nameindex *ifi, *ifp;
6098 struct wpa_supplicant *wpa_s;
6099 struct wpa_interface *iface;
6100
6101 ifp = if_nameindex();
6102 if (!ifp) {
6103 wpa_printf(MSG_ERROR, "if_nameindex: %s", strerror(errno));
6104 return -1;
6105 }
6106
6107 for (ifi = ifp; ifi->if_name; ifi++) {
6108 wpa_s = wpa_supplicant_get_iface(global, ifi->if_name);
6109 if (wpa_s)
6110 continue;
6111 iface = wpa_supplicant_match_iface(global, ifi->if_name);
6112 if (iface) {
6113 wpa_s = wpa_supplicant_add_iface(global, iface, NULL);
6114 os_free(iface);
6115 if (wpa_s)
6116 wpa_s->matched = 1;
6117 }
6118 }
6119
6120 if_freenameindex(ifp);
6121 return 0;
6122}
6123
6124#endif /* CONFIG_MATCH_IFACE */
6125
6126
6fc6879b
JM		 6127/**
6128 * wpa_supplicant_add_iface - Add a new network interface
6129 * @global: Pointer to global data from wpa_supplicant_init()
6130 * @iface: Interface configuration options
1772d348 6131 * @parent: Parent interface or %NULL to assign new interface as parent
6fc6879b
JM		 6132 * Returns: Pointer to the created interface or %NULL on failure
6133 *
6134 * This function is used to add new network interfaces for %wpa_supplicant.
6135 * This can be called before wpa_supplicant_run() to add interfaces before the
6136 * main event loop has been started. In addition, new interfaces can be added
6137 * dynamically while %wpa_supplicant is already running. This could happen,
6138 * e.g., when a hotplug network adapter is inserted.
6139 */
6140struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
1772d348
JM		 6141 struct wpa_interface *iface,
6142 struct wpa_supplicant *parent)
6fc6879b
JM		 6143{
6144 struct wpa_supplicant *wpa_s;
d27df100 6145 struct wpa_interface t_iface;
8e56d189 6146 struct wpa_ssid *ssid;
6fc6879b
JM		 6147
6148 if (global == NULL || iface == NULL)
6149 return NULL;
6150
1772d348 6151 wpa_s = wpa_supplicant_alloc(parent);
6fc6879b
JM		 6152 if (wpa_s == NULL)
6153 return NULL;
6154
d8222ae3
JM		 6155 wpa_s->global = global;
6156
d27df100
JM		 6157 t_iface = *iface;
6158 if (global->params.override_driver) {
6159 wpa_printf(MSG_DEBUG, "Override interface parameter: driver "
6160 "('%s' -> '%s')",
6161 iface->driver, global->params.override_driver);
6162 t_iface.driver = global->params.override_driver;
6163 }
6164 if (global->params.override_ctrl_interface) {
6165 wpa_printf(MSG_DEBUG, "Override interface parameter: "
6166 "ctrl_interface ('%s' -> '%s')",
6167 iface->ctrl_interface,
6168 global->params.override_ctrl_interface);
6169 t_iface.ctrl_interface =
6170 global->params.override_ctrl_interface;
6171 }
6172 if (wpa_supplicant_init_iface(wpa_s, &t_iface)) {
6fc6879b
JM		 6173 wpa_printf(MSG_DEBUG, "Failed to add interface %s",
6174 iface->ifname);
df509539 6175 wpa_supplicant_deinit_iface(wpa_s, 0, 0);
6fc6879b
JM		 6176 return NULL;
6177 }
6178
21efc940
TB		 6179 if (iface->p2p_mgmt == 0) {
6180 /* Notify the control interfaces about new iface */
6181 if (wpas_notify_iface_added(wpa_s)) {
6182 wpa_supplicant_deinit_iface(wpa_s, 1, 0);
6183 return NULL;
6184 }
1bd3f426 6185
21efc940
TB		 6186 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
6187 wpas_notify_network_added(wpa_s, ssid);
6188 }
8e56d189 6189
6fc6879b
JM		 6190 wpa_s->next = global->ifaces;
6191 global->ifaces = wpa_s;
6192
f049052b 6193 wpa_dbg(wpa_s, MSG_DEBUG, "Added interface %s", wpa_s->ifname);
99218999 6194 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
6fc6879b 6195
c3c4b3ed
JM		 6196#ifdef CONFIG_P2P
6197 if (wpa_s->global->p2p == NULL &&
74802c09 6198 !wpa_s->global->p2p_disabled && !wpa_s->conf->p2p_disabled &&
c3c4b3ed 6199 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) &&
f43c1ae7
IP		 6200 wpas_p2p_add_p2pdev_interface(
6201 wpa_s, wpa_s->global->params.conf_p2p_dev) < 0) {
c3c4b3ed
JM		 6202 wpa_printf(MSG_INFO,
6203 "P2P: Failed to enable P2P Device interface");
6204 /* Try to continue without. P2P will be disabled. */
6205 }
6206#endif /* CONFIG_P2P */
6207
6fc6879b
JM		 6208 return wpa_s;
6209}
6210
6211
6212/**
6213 * wpa_supplicant_remove_iface - Remove a network interface
6214 * @global: Pointer to global data from wpa_supplicant_init()
6215 * @wpa_s: Pointer to the network interface to be removed
6216 * Returns: 0 if interface was removed, -1 if interface was not found
6217 *
6218 * This function can be used to dynamically remove network interfaces from
6219 * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
6220 * addition, this function is used to remove all remaining interfaces when
6221 * %wpa_supplicant is terminated.
6222 */
6223int wpa_supplicant_remove_iface(struct wpa_global *global,
df509539
DS		 6224 struct wpa_supplicant *wpa_s,
6225 int terminate)
6fc6879b
JM		 6226{
6227 struct wpa_supplicant *prev;
5b78493f
MH		 6228#ifdef CONFIG_MESH
6229 unsigned int mesh_if_created = wpa_s->mesh_if_created;
6230 char *ifname = NULL;
9b170991 6231 struct wpa_supplicant *parent = wpa_s->parent;
5b78493f 6232#endif /* CONFIG_MESH */
6fc6879b
JM		 6233
6234 /* Remove interface from the global list of interfaces */
6235 prev = global->ifaces;
6236 if (prev == wpa_s) {
6237 global->ifaces = wpa_s->next;
6238 } else {
6239 while (prev && prev->next != wpa_s)
6240 prev = prev->next;
6241 if (prev == NULL)
6242 return -1;
6243 prev->next = wpa_s->next;
6244 }
6245
f049052b 6246 wpa_dbg(wpa_s, MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
6fc6879b 6247
5b78493f
MH		 6248#ifdef CONFIG_MESH
6249 if (mesh_if_created) {
6250 ifname = os_strdup(wpa_s->ifname);
6251 if (ifname == NULL) {
6252 wpa_dbg(wpa_s, MSG_ERROR,
6253 "mesh: Failed to malloc ifname");
6254 return -1;
6255 }
6256 }
6257#endif /* CONFIG_MESH */
6258
b22128ef
JM		 6259 if (global->p2p_group_formation == wpa_s)
6260 global->p2p_group_formation = NULL;
dbca75f8
JM		 6261 if (global->p2p_invite_group == wpa_s)
6262 global->p2p_invite_group = NULL;
df509539 6263 wpa_supplicant_deinit_iface(wpa_s, 1, terminate);
6fc6879b 6264
5b78493f
MH		 6265#ifdef CONFIG_MESH
6266 if (mesh_if_created) {
9b170991 6267 wpa_drv_if_remove(parent, WPA_IF_MESH, ifname);
5b78493f
MH		 6268 os_free(ifname);
6269 }
6270#endif /* CONFIG_MESH */
6271
6fc6879b
JM		 6272 return 0;
6273}
6274
6275
cf83fb0b
PS		 6276/**
6277 * wpa_supplicant_get_eap_mode - Get the current EAP mode
6278 * @wpa_s: Pointer to the network interface
6279 * Returns: Pointer to the eap mode or the string "UNKNOWN" if not found
6280 */
6281const char * wpa_supplicant_get_eap_mode(struct wpa_supplicant *wpa_s)
6282{
6283 const char *eapol_method;
6284
6285 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) == 0 &&
6286 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
6287 return "NO-EAP";
6288 }
6289
6290 eapol_method = eapol_sm_get_method_name(wpa_s->eapol);
6291 if (eapol_method == NULL)
6292 return "UNKNOWN-EAP";
6293
6294 return eapol_method;
6295}
6296
6297
6fc6879b
JM		 6298/**
6299 * wpa_supplicant_get_iface - Get a new network interface
6300 * @global: Pointer to global data from wpa_supplicant_init()
6301 * @ifname: Interface name
6302 * Returns: Pointer to the interface or %NULL if not found
6303 */
6304struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
6305 const char *ifname)
6306{
6307 struct wpa_supplicant *wpa_s;
6308
6309 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
6310 if (os_strcmp(wpa_s->ifname, ifname) == 0)
6311 return wpa_s;
6312 }
6313 return NULL;
6314}
6315
6316
50b16da1 6317#ifndef CONFIG_NO_WPA_MSG
4f1495ae
BG		 6318static const char * wpa_supplicant_msg_ifname_cb(void *ctx)
6319{
6320 struct wpa_supplicant *wpa_s = ctx;
6321 if (wpa_s == NULL)
6322 return NULL;
6323 return wpa_s->ifname;
6324}
50b16da1 6325#endif /* CONFIG_NO_WPA_MSG */
4f1495ae
BG		 6326
6327
8c0d0ff2
JM		 6328#ifndef WPA_SUPPLICANT_CLEANUP_INTERVAL
6329#define WPA_SUPPLICANT_CLEANUP_INTERVAL 10
6330#endif /* WPA_SUPPLICANT_CLEANUP_INTERVAL */
6331
6332/* Periodic cleanup tasks */
6333static void wpas_periodic(void *eloop_ctx, void *timeout_ctx)
6334{
6335 struct wpa_global *global = eloop_ctx;
6336 struct wpa_supplicant *wpa_s;
6337
6338 eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL, 0,
6339 wpas_periodic, global, NULL);
6340
6341#ifdef CONFIG_P2P
6342 if (global->p2p)
6343 p2p_expire_peers(global->p2p);
6344#endif /* CONFIG_P2P */
6345
3188aaba 6346 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
8c0d0ff2 6347 wpa_bss_flush_by_age(wpa_s, wpa_s->conf->bss_expiration_age);
3188aaba
JM		 6348#ifdef CONFIG_AP
6349 ap_periodic(wpa_s);
6350#endif /* CONFIG_AP */
6351 }
8c0d0ff2
JM		 6352}
6353
6354
6fc6879b
JM		 6355/**
6356 * wpa_supplicant_init - Initialize %wpa_supplicant
6357 * @params: Parameters for %wpa_supplicant
6358 * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
6359 *
6360 * This function is used to initialize %wpa_supplicant. After successful
6361 * initialization, the returned data pointer can be used to add and remove
6362 * network interfaces, and eventually, to deinitialize %wpa_supplicant.
6363 */
6364struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
6365{
6366 struct wpa_global *global;
ac305589 6367 int ret, i;
6fc6879b
JM		 6368
6369 if (params == NULL)
6370 return NULL;
6371
39e7d718
JM		 6372#ifdef CONFIG_DRIVER_NDIS
6373 {
6374 void driver_ndis_init_ops(void);
6375 driver_ndis_init_ops();
6376 }
6377#endif /* CONFIG_DRIVER_NDIS */
6378
50b16da1 6379#ifndef CONFIG_NO_WPA_MSG
4f1495ae 6380 wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
50b16da1 6381#endif /* CONFIG_NO_WPA_MSG */
4f1495ae 6382
f4637fe0
JM		 6383 if (params->wpa_debug_file_path)
6384 wpa_debug_open_file(params->wpa_debug_file_path);
6385 else
6386 wpa_debug_setup_stdout();
daa70d49
SL		 6387 if (params->wpa_debug_syslog)
6388 wpa_debug_open_syslog();
4f68895e
JB		 6389 if (params->wpa_debug_tracing) {
6390 ret = wpa_debug_open_linux_tracing();
6391 if (ret) {
6392 wpa_printf(MSG_ERROR,
6393 "Failed to enable trace logging");
6394 return NULL;
6395 }
6396 }
6fc6879b 6397
12760815 6398 ret = eap_register_methods();
6fc6879b
JM		 6399 if (ret) {
6400 wpa_printf(MSG_ERROR, "Failed to register EAP methods");
6401 if (ret == -2)
6402 wpa_printf(MSG_ERROR, "Two or more EAP methods used "
6403 "the same EAP type.");
6404 return NULL;
6405 }
6406
6407 global = os_zalloc(sizeof(*global));
6408 if (global == NULL)
6409 return NULL;
b22128ef
JM		 6410 dl_list_init(&global->p2p_srv_bonjour);
6411 dl_list_init(&global->p2p_srv_upnp);
6fc6879b
JM		 6412 global->params.daemonize = params->daemonize;
6413 global->params.wait_for_monitor = params->wait_for_monitor;
6414 global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
6415 if (params->pid_file)
6416 global->params.pid_file = os_strdup(params->pid_file);
6417 if (params->ctrl_interface)
6418 global->params.ctrl_interface =
6419 os_strdup(params->ctrl_interface);
29257565
JM		 6420 if (params->ctrl_interface_group)
6421 global->params.ctrl_interface_group =
6422 os_strdup(params->ctrl_interface_group);
d27df100
JM		 6423 if (params->override_driver)
6424 global->params.override_driver =
6425 os_strdup(params->override_driver);
6426 if (params->override_ctrl_interface)
6427 global->params.override_ctrl_interface =
6428 os_strdup(params->override_ctrl_interface);
2e997eec
RM		 6429#ifdef CONFIG_MATCH_IFACE
6430 global->params.match_iface_count = params->match_iface_count;
6431 if (params->match_iface_count) {
6432 global->params.match_ifaces =
6433 os_calloc(params->match_iface_count,
6434 sizeof(struct wpa_interface));
6435 os_memcpy(global->params.match_ifaces,
6436 params->match_ifaces,
6437 params->match_iface_count *
6438 sizeof(struct wpa_interface));
6439 }
6440#endif /* CONFIG_MATCH_IFACE */
d4e59795
G		 6441#ifdef CONFIG_P2P
6442 if (params->conf_p2p_dev)
6443 global->params.conf_p2p_dev =
6444 os_strdup(params->conf_p2p_dev);
6445#endif /* CONFIG_P2P */
6fc6879b
JM		 6446 wpa_debug_level = global->params.wpa_debug_level =
6447 params->wpa_debug_level;
6448 wpa_debug_show_keys = global->params.wpa_debug_show_keys =
6449 params->wpa_debug_show_keys;
6450 wpa_debug_timestamp = global->params.wpa_debug_timestamp =
6451 params->wpa_debug_timestamp;
6452
f19858f5
JM		 6453 wpa_printf(MSG_DEBUG, "wpa_supplicant v" VERSION_STR);
6454
0456ea16 6455 if (eloop_init()) {
6fc6879b
JM		 6456 wpa_printf(MSG_ERROR, "Failed to initialize event loop");
6457 wpa_supplicant_deinit(global);
6458 return NULL;
6459 }
6460
38e24575 6461 random_init(params->entropy_file);
d47fa330 6462
6fc6879b
JM		 6463 global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
6464 if (global->ctrl_iface == NULL) {
6465 wpa_supplicant_deinit(global);
6466 return NULL;
6467 }
6468
dc461de4
WS		 6469 if (wpas_notify_supplicant_initialized(global)) {
6470 wpa_supplicant_deinit(global);
6471 return NULL;
6fc6879b
JM		 6472 }
6473
c5121837 6474 for (i = 0; wpa_drivers[i]; i++)
ac305589
JM		 6475 global->drv_count++;
6476 if (global->drv_count == 0) {
6477 wpa_printf(MSG_ERROR, "No drivers enabled");
6478 wpa_supplicant_deinit(global);
6479 return NULL;
6480 }
faebdeaa 6481 global->drv_priv = os_calloc(global->drv_count, sizeof(void *));
ac305589
JM		 6482 if (global->drv_priv == NULL) {
6483 wpa_supplicant_deinit(global);
6484 return NULL;
6485 }
ac305589 6486
9675ce35
JM		 6487#ifdef CONFIG_WIFI_DISPLAY
6488 if (wifi_display_init(global) < 0) {
6489 wpa_printf(MSG_ERROR, "Failed to initialize Wi-Fi Display");
6490 wpa_supplicant_deinit(global);
6491 return NULL;
6492 }
6493#endif /* CONFIG_WIFI_DISPLAY */
6494
8c0d0ff2
JM		 6495 eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL, 0,
6496 wpas_periodic, global, NULL);
6497
6fc6879b
JM		 6498 return global;
6499}
6500
6501
6502/**
6503 * wpa_supplicant_run - Run the %wpa_supplicant main event loop
6504 * @global: Pointer to global data from wpa_supplicant_init()
6505 * Returns: 0 after successful event loop run, -1 on failure
6506 *
6507 * This function starts the main event loop and continues running as long as
6508 * there are any remaining events. In most cases, this function is running as
6509 * long as the %wpa_supplicant process in still in use.
6510 */
6511int wpa_supplicant_run(struct wpa_global *global)
6512{
6513 struct wpa_supplicant *wpa_s;
6514
6515 if (global->params.daemonize &&
2e69bdd1
RM		 6516 (wpa_supplicant_daemon(global->params.pid_file) ||
6517 eloop_sock_requeue()))
6fc6879b
JM		 6518 return -1;
6519
2e997eec
RM		 6520#ifdef CONFIG_MATCH_IFACE
6521 if (wpa_supplicant_match_existing(global))
6522 return -1;
6523#endif
6524
6fc6879b
JM		 6525 if (global->params.wait_for_monitor) {
6526 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
ede77701 6527 if (wpa_s->ctrl_iface && !wpa_s->p2p_mgmt)
6fc6879b
JM		 6528 wpa_supplicant_ctrl_iface_wait(
6529 wpa_s->ctrl_iface);
6530 }
6531
0456ea16
JM		 6532 eloop_register_signal_terminate(wpa_supplicant_terminate, global);
6533 eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
6fc6879b
JM		 6534
6535 eloop_run();
6536
6537 return 0;
6538}
6539
6540
6541/**
6542 * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
6543 * @global: Pointer to global data from wpa_supplicant_init()
6544 *
6545 * This function is called to deinitialize %wpa_supplicant and to free all
6546 * allocated resources. Remaining network interfaces will also be removed.
6547 */
6548void wpa_supplicant_deinit(struct wpa_global *global)
6549{
ac305589
JM		 6550 int i;
6551
6fc6879b
JM		 6552 if (global == NULL)
6553 return;
6554
8c0d0ff2
JM		 6555 eloop_cancel_timeout(wpas_periodic, global, NULL);
6556
9675ce35
JM		 6557#ifdef CONFIG_WIFI_DISPLAY
6558 wifi_display_deinit(global);
6559#endif /* CONFIG_WIFI_DISPLAY */
b22128ef 6560
6fc6879b 6561 while (global->ifaces)
df509539 6562 wpa_supplicant_remove_iface(global, global->ifaces, 1);
6fc6879b
JM		 6563
6564 if (global->ctrl_iface)
6565 wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
dc461de4
WS		 6566
6567 wpas_notify_supplicant_deinitialized(global);
6fc6879b
JM		 6568
6569 eap_peer_unregister_methods();
3ec97afe
JM		 6570#ifdef CONFIG_AP
6571 eap_server_unregister_methods();
6572#endif /* CONFIG_AP */
6fc6879b 6573
c5121837 6574 for (i = 0; wpa_drivers[i] && global->drv_priv; i++) {
ac305589
JM		 6575 if (!global->drv_priv[i])
6576 continue;
c5121837 6577 wpa_drivers[i]->global_deinit(global->drv_priv[i]);
ac305589
JM		 6578 }
6579 os_free(global->drv_priv);
6580
d47fa330
JM		 6581 random_deinit();
6582
6fc6879b
JM		 6583 eloop_destroy();
6584
6585 if (global->params.pid_file) {
6586 os_daemonize_terminate(global->params.pid_file);
6587 os_free(global->params.pid_file);
6588 }
6589 os_free(global->params.ctrl_interface);
29257565 6590 os_free(global->params.ctrl_interface_group);
d27df100
JM		 6591 os_free(global->params.override_driver);
6592 os_free(global->params.override_ctrl_interface);
2e997eec
RM		 6593#ifdef CONFIG_MATCH_IFACE
6594 os_free(global->params.match_ifaces);
6595#endif /* CONFIG_MATCH_IFACE */
d4e59795
G		 6596#ifdef CONFIG_P2P
6597 os_free(global->params.conf_p2p_dev);
6598#endif /* CONFIG_P2P */
6fc6879b 6599
af8a827b 6600 os_free(global->p2p_disallow_freq.range);
253f2e37 6601 os_free(global->p2p_go_avoid_freq.range);
01a57fe4 6602 os_free(global->add_psk);
6f3bc72b 6603
6fc6879b 6604 os_free(global);
daa70d49 6605 wpa_debug_close_syslog();
6fc6879b 6606 wpa_debug_close_file();
4f68895e 6607 wpa_debug_close_linux_tracing();
6fc6879b 6608}
611aea7d
JM		 6609
6610
6611void wpa_supplicant_update_config(struct wpa_supplicant *wpa_s)
6612{
849b5dc7
JM		 6613 if ((wpa_s->conf->changed_parameters & CFG_CHANGED_COUNTRY) &&
6614 wpa_s->conf->country[0] && wpa_s->conf->country[1]) {
6615 char country[3];
6616 country[0] = wpa_s->conf->country[0];
6617 country[1] = wpa_s->conf->country[1];
6618 country[2] = '\0';
6619 if (wpa_drv_set_country(wpa_s, country) < 0) {
6620 wpa_printf(MSG_ERROR, "Failed to set country code "
6621 "'%s'", country);
6622 }
6623 }
6624
306ae225
JM		 6625 if (wpa_s->conf->changed_parameters & CFG_CHANGED_EXT_PW_BACKEND)
6626 wpas_init_ext_pw(wpa_s);
6627
bea48f77
JM		 6628 if (wpa_s->conf->changed_parameters & CFG_CHANGED_SCHED_SCAN_PLANS)
6629 wpas_sched_scan_plans_set(wpa_s, wpa_s->conf->sched_scan_plans);
6630
3c7863f8
LD		 6631 if (wpa_s->conf->changed_parameters & CFG_CHANGED_WOWLAN_TRIGGERS) {
6632 struct wpa_driver_capa capa;
6633 int res = wpa_drv_get_capa(wpa_s, &capa);
6634
6635 if (res == 0 && wpas_set_wowlan_triggers(wpa_s, &capa) < 0)
6636 wpa_printf(MSG_ERROR,
6637 "Failed to update wowlan_triggers to '%s'",
6638 wpa_s->conf->wowlan_triggers);
6639 }
6640
ef59f987
AB		 6641 if (wpa_s->conf->changed_parameters & CFG_CHANGED_DISABLE_BTM)
6642 wpa_supplicant_set_default_scan_ies(wpa_s);
6643
611aea7d
JM		 6644#ifdef CONFIG_WPS
6645 wpas_wps_update_config(wpa_s);
6646#endif /* CONFIG_WPS */
b22128ef 6647 wpas_p2p_update_config(wpa_s);
611aea7d
JM		 6648 wpa_s->conf->changed_parameters = 0;
6649}
2f9c6aa6
JM		 6650
6651
e1117c1c 6652void add_freq(int *freqs, int *num_freqs, int freq)
0fb337c1
JM		 6653{
6654 int i;
6655
6656 for (i = 0; i < *num_freqs; i++) {
6657 if (freqs[i] == freq)
6658 return;
6659 }
6660
6661 freqs[*num_freqs] = freq;
6662 (*num_freqs)++;
6663}
6664
6665
6666static int * get_bss_freqs_in_ess(struct wpa_supplicant *wpa_s)
6667{
6668 struct wpa_bss *bss, *cbss;
6669 const int max_freqs = 10;
6670 int *freqs;
6671 int num_freqs = 0;
6672
faebdeaa 6673 freqs = os_calloc(max_freqs + 1, sizeof(int));
0fb337c1
JM		 6674 if (freqs == NULL)
6675 return NULL;
6676
6677 cbss = wpa_s->current_bss;
6678
6679 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
6680 if (bss == cbss)
6681 continue;
6682 if (bss->ssid_len == cbss->ssid_len &&
6683 os_memcmp(bss->ssid, cbss->ssid, bss->ssid_len) == 0 &&
6684 wpa_blacklist_get(wpa_s, bss->bssid) == NULL) {
6685 add_freq(freqs, &num_freqs, bss->freq);
6686 if (num_freqs == max_freqs)
6687 break;
6688 }
6689 }
6690
6691 if (num_freqs == 0) {
6692 os_free(freqs);
6693 freqs = NULL;
6694 }
6695
6696 return freqs;
6697}
6698
6699
6700void wpas_connection_failed(struct wpa_supplicant *wpa_s, const u8 *bssid)
6701{
6702 int timeout;
6703 int count;
6704 int *freqs = NULL;
6705
6ac4b15e
JM		 6706 wpas_connect_work_done(wpa_s);
6707
5fd9fb27
JM		 6708 /*
6709 * Remove possible authentication timeout since the connection failed.
6710 */
6711 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
6712
c2805909
JM		 6713 /*
6714 * There is no point in blacklisting the AP if this event is
6715 * generated based on local request to disconnect.
6716 */
6717 if (wpa_s->own_disconnect_req) {
6718 wpa_s->own_disconnect_req = 0;
6719 wpa_dbg(wpa_s, MSG_DEBUG,
6720 "Ignore connection failure due to local request to disconnect");
6721 return;
6722 }
0cdb93fe 6723 if (wpa_s->disconnected) {
0cdb93fe
JM		 6724 wpa_dbg(wpa_s, MSG_DEBUG, "Ignore connection failure "
6725 "indication since interface has been put into "
6726 "disconnected state");
6727 return;
6728 }
6729
0fb337c1
JM		 6730 /*
6731 * Add the failed BSSID into the blacklist and speed up next scan
6732 * attempt if there could be other APs that could accept association.
6733 * The current blacklist count indicates how many times we have tried
6734 * connecting to this AP and multiple attempts mean that other APs are
6735 * either not available or has already been tried, so that we can start
6736 * increasing the delay here to avoid constant scanning.
6737 */
6738 count = wpa_blacklist_add(wpa_s, bssid);
6739 if (count == 1 && wpa_s->current_bss) {
6740 /*
6741 * This BSS was not in the blacklist before. If there is
6742 * another BSS available for the same ESS, we should try that
6743 * next. Otherwise, we may as well try this one once more
6744 * before allowing other, likely worse, ESSes to be considered.
6745 */
6746 freqs = get_bss_freqs_in_ess(wpa_s);
6747 if (freqs) {
f049052b
BG		 6748 wpa_dbg(wpa_s, MSG_DEBUG, "Another BSS in this ESS "
6749 "has been seen; try it next");
0fb337c1
JM		 6750 wpa_blacklist_add(wpa_s, bssid);
6751 /*
6752 * On the next scan, go through only the known channels
6753 * used in this ESS based on previous scans to speed up
6754 * common load balancing use case.
6755 */
6756 os_free(wpa_s->next_scan_freqs);
6757 wpa_s->next_scan_freqs = freqs;
6758 }
6759 }
6760
f1a52633
JM		 6761 /*
6762 * Add previous failure count in case the temporary blacklist was
6763 * cleared due to no other BSSes being available.
6764 */
6765 count += wpa_s->extra_blacklist_count;
6766
dd579704
JM		 6767 if (count > 3 && wpa_s->current_ssid) {
6768 wpa_printf(MSG_DEBUG, "Continuous association failures - "
6769 "consider temporary network disabling");
b19c098e 6770 wpas_auth_failed(wpa_s, "CONN_FAILED");
dd579704
JM		 6771 }
6772
0fb337c1
JM		 6773 switch (count) {
6774 case 1:
6775 timeout = 100;
6776 break;
6777 case 2:
6778 timeout = 500;
6779 break;
6780 case 3:
6781 timeout = 1000;
6782 break;
f1a52633 6783 case 4:
0fb337c1 6784 timeout = 5000;
f1a52633
JM		 6785 break;
6786 default:
6787 timeout = 10000;
6788 break;
0fb337c1
JM		 6789 }
6790
f1a52633
JM		 6791 wpa_dbg(wpa_s, MSG_DEBUG, "Blacklist count %d --> request scan in %d "
6792 "ms", count, timeout);
6793
0fb337c1
JM		 6794 /*
6795 * TODO: if more than one possible AP is available in scan results,
6796 * could try the other ones before requesting a new scan.
6797 */
0a42f1ed
IP		 6798
6799 /* speed up the connection attempt with normal scan */
6800 wpa_s->normal_scans = 0;
0fb337c1
JM		 6801 wpa_supplicant_req_scan(wpa_s, timeout / 1000,
6802 1000 * (timeout % 1000));
6803}
22628eca
JM		 6804
6805
af835d75
AB		 6806#ifdef CONFIG_FILS
6807void fils_connection_failure(struct wpa_supplicant *wpa_s)
6808{
6809 struct wpa_ssid *ssid = wpa_s->current_ssid;
6810 const u8 *realm, *username, *rrk;
6811 size_t realm_len, username_len, rrk_len;
6812 u16 next_seq_num;
6813
6814 if (!ssid || !ssid->eap.erp || !wpa_key_mgmt_fils(ssid->key_mgmt) ||
6815 eapol_sm_get_erp_info(wpa_s->eapol, &ssid->eap,
6816 &username, &username_len,
6817 &realm, &realm_len, &next_seq_num,
6818 &rrk, &rrk_len) != 0 ||
6819 !realm)
6820 return;
6821
6822 wpa_hexdump_ascii(MSG_DEBUG,
6823 "FILS: Store last connection failure realm",
6824 realm, realm_len);
6825 os_free(wpa_s->last_con_fail_realm);
6826 wpa_s->last_con_fail_realm = os_malloc(realm_len);
6827 if (wpa_s->last_con_fail_realm) {
6828 wpa_s->last_con_fail_realm_len = realm_len;
6829 os_memcpy(wpa_s->last_con_fail_realm, realm, realm_len);
6830 }
6831}
6832#endif /* CONFIG_FILS */
6833
6834
22628eca
JM		 6835int wpas_driver_bss_selection(struct wpa_supplicant *wpa_s)
6836{
6837 return wpa_s->conf->ap_scan == 2 ||
6838 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_BSS_SELECTION);
6839}
d2118814
JM		 6840
6841
6842#if defined(CONFIG_CTRL_IFACE) || defined(CONFIG_CTRL_IFACE_DBUS_NEW)
6843int wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant *wpa_s,
6844 struct wpa_ssid *ssid,
6845 const char *field,
6846 const char *value)
6847{
6848#ifdef IEEE8021X_EAPOL
6849 struct eap_peer_config *eap = &ssid->eap;
6850
6851 wpa_printf(MSG_DEBUG, "CTRL_IFACE: response handle field=%s", field);
6852 wpa_hexdump_ascii_key(MSG_DEBUG, "CTRL_IFACE: response value",
6853 (const u8 *) value, os_strlen(value));
6854
6855 switch (wpa_supplicant_ctrl_req_from_string(field)) {
6856 case WPA_CTRL_REQ_EAP_IDENTITY:
6857 os_free(eap->identity);
6858 eap->identity = (u8 *) os_strdup(value);
6859 eap->identity_len = os_strlen(value);
6860 eap->pending_req_identity = 0;
6861 if (ssid == wpa_s->current_ssid)
6862 wpa_s->reassociate = 1;
6863 break;
6864 case WPA_CTRL_REQ_EAP_PASSWORD:
19c48da0 6865 bin_clear_free(eap->password, eap->password_len);
d2118814
JM		 6866 eap->password = (u8 *) os_strdup(value);
6867 eap->password_len = os_strlen(value);
6868 eap->pending_req_password = 0;
6869 if (ssid == wpa_s->current_ssid)
6870 wpa_s->reassociate = 1;
6871 break;
6872 case WPA_CTRL_REQ_EAP_NEW_PASSWORD:
19c48da0 6873 bin_clear_free(eap->new_password, eap->new_password_len);
d2118814
JM		 6874 eap->new_password = (u8 *) os_strdup(value);
6875 eap->new_password_len = os_strlen(value);
6876 eap->pending_req_new_password = 0;
6877 if (ssid == wpa_s->current_ssid)
6878 wpa_s->reassociate = 1;
6879 break;
6880 case WPA_CTRL_REQ_EAP_PIN:
19c48da0 6881 str_clear_free(eap->pin);
d2118814
JM		 6882 eap->pin = os_strdup(value);
6883 eap->pending_req_pin = 0;
6884 if (ssid == wpa_s->current_ssid)
6885 wpa_s->reassociate = 1;
6886 break;
6887 case WPA_CTRL_REQ_EAP_OTP:
19c48da0 6888 bin_clear_free(eap->otp, eap->otp_len);
d2118814
JM		 6889 eap->otp = (u8 *) os_strdup(value);
6890 eap->otp_len = os_strlen(value);
6891 os_free(eap->pending_req_otp);
6892 eap->pending_req_otp = NULL;
6893 eap->pending_req_otp_len = 0;
6894 break;
6895 case WPA_CTRL_REQ_EAP_PASSPHRASE:
19c48da0
JM		 6896 str_clear_free(eap->private_key_passwd);
6897 eap->private_key_passwd = os_strdup(value);
d2118814
JM		 6898 eap->pending_req_passphrase = 0;
6899 if (ssid == wpa_s->current_ssid)
6900 wpa_s->reassociate = 1;
6901 break;
a5d44ac0 6902 case WPA_CTRL_REQ_SIM:
19c48da0 6903 str_clear_free(eap->external_sim_resp);
a5d44ac0 6904 eap->external_sim_resp = os_strdup(value);
ed9b1c16 6905 eap->pending_req_sim = 0;
a5d44ac0 6906 break;
a52410c2
JM		 6907 case WPA_CTRL_REQ_PSK_PASSPHRASE:
6908 if (wpa_config_set(ssid, "psk", value, 0) < 0)
6909 return -1;
6910 ssid->mem_only_psk = 1;
6911 if (ssid->passphrase)
6912 wpa_config_update_psk(ssid);
6913 if (wpa_s->wpa_state == WPA_SCANNING && !wpa_s->scanning)
6914 wpa_supplicant_req_scan(wpa_s, 0, 0);
6915 break;
3c108b75
JM		 6916 case WPA_CTRL_REQ_EXT_CERT_CHECK:
6917 if (eap->pending_ext_cert_check != PENDING_CHECK)
6918 return -1;
6919 if (os_strcmp(value, "good") == 0)
6920 eap->pending_ext_cert_check = EXT_CERT_CHECK_GOOD;
6921 else if (os_strcmp(value, "bad") == 0)
6922 eap->pending_ext_cert_check = EXT_CERT_CHECK_BAD;
6923 else
6924 return -1;
6925 break;
d2118814
JM		 6926 default:
6927 wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown field '%s'", field);
6928 return -1;
6929 }
6930
6931 return 0;
6932#else /* IEEE8021X_EAPOL */
6933 wpa_printf(MSG_DEBUG, "CTRL_IFACE: IEEE 802.1X not included");
6934 return -1;
6935#endif /* IEEE8021X_EAPOL */
6936}
6937#endif /* CONFIG_CTRL_IFACE || CONFIG_CTRL_IFACE_DBUS_NEW */
349493bd
JM		 6938
6939
6940int wpas_network_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
6941{
6942 int i;
6943 unsigned int drv_enc;
6944
44b9ea5b
JM		 6945 if (wpa_s->p2p_mgmt)
6946 return 1; /* no normal network profiles on p2p_mgmt interface */
6947
349493bd
JM		 6948 if (ssid == NULL)
6949 return 1;
6950
6951 if (ssid->disabled)
6952 return 1;
6953
9feadba1 6954 if (wpa_s->drv_capa_known)
349493bd
JM		 6955 drv_enc = wpa_s->drv_enc;
6956 else
6957 drv_enc = (unsigned int) -1;
6958
6959 for (i = 0; i < NUM_WEP_KEYS; i++) {
6960 size_t len = ssid->wep_key_len[i];
6961 if (len == 0)
6962 continue;
6963 if (len == 5 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP40))
6964 continue;
6965 if (len == 13 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP104))
6966 continue;
6967 if (len == 16 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP128))
6968 continue;
6969 return 1; /* invalid WEP key */
6970 }
6971
9173b16f 6972 if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt) && !ssid->psk_set &&
a52410c2 6973 (!ssid->passphrase || ssid->ssid_len != 0) && !ssid->ext_psk &&
a34ca59e 6974 !(wpa_key_mgmt_sae(ssid->key_mgmt) && ssid->sae_password) &&
a52410c2 6975 !ssid->mem_only_psk)
2518aad3
JM		 6976 return 1;
6977
349493bd
JM		 6978 return 0;
6979}
b9cfc09a
JJ		 6980
6981
3f56a2b7
JM		 6982int wpas_get_ssid_pmf(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
6983{
6984#ifdef CONFIG_IEEE80211W
6985 if (ssid == NULL || ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT) {
6986 if (wpa_s->conf->pmf == MGMT_FRAME_PROTECTION_OPTIONAL &&
6987 !(wpa_s->drv_enc & WPA_DRIVER_CAPA_ENC_BIP)) {
6988 /*
6989 * Driver does not support BIP -- ignore pmf=1 default
6990 * since the connection with PMF would fail and the
6991 * configuration does not require PMF to be enabled.
6992 */
6993 return NO_MGMT_FRAME_PROTECTION;
6994 }
6995
22950049
JM		 6996 if (ssid &&
6997 (ssid->key_mgmt &
6998 ~(WPA_KEY_MGMT_NONE | WPA_KEY_MGMT_WPS |
6999 WPA_KEY_MGMT_IEEE8021X_NO_WPA)) == 0) {
7000 /*
7001 * Do not use the default PMF value for non-RSN networks
7002 * since PMF is available only with RSN and pmf=2
7003 * configuration would otherwise prevent connections to
7004 * all open networks.
7005 */
7006 return NO_MGMT_FRAME_PROTECTION;
7007 }
7008
3f56a2b7
JM		 7009 return wpa_s->conf->pmf;
7010 }
7011
7012 return ssid->ieee80211w;
7013#else /* CONFIG_IEEE80211W */
7014 return NO_MGMT_FRAME_PROTECTION;
7015#endif /* CONFIG_IEEE80211W */
7016}
7017
7018
b9cfc09a
JJ		 7019int wpas_is_p2p_prioritized(struct wpa_supplicant *wpa_s)
7020{
7021 if (wpa_s->global->conc_pref == WPA_CONC_PREF_P2P)
7022 return 1;
7023 if (wpa_s->global->conc_pref == WPA_CONC_PREF_STA)
7024 return 0;
7025 return -1;
7026}
00e5e3d5
JM		 7027
7028
b19c098e 7029void wpas_auth_failed(struct wpa_supplicant *wpa_s, char *reason)
00e5e3d5
JM		 7030{
7031 struct wpa_ssid *ssid = wpa_s->current_ssid;
7032 int dur;
4e1eae1d 7033 struct os_reltime now;
00e5e3d5
JM		 7034
7035 if (ssid == NULL) {
7036 wpa_printf(MSG_DEBUG, "Authentication failure but no known "
7037 "SSID block");
7038 return;
7039 }
7040
7041 if (ssid->key_mgmt == WPA_KEY_MGMT_WPS)
7042 return;
7043
7044 ssid->auth_failures++;
cbf41ca7
SL		 7045
7046#ifdef CONFIG_P2P
7047 if (ssid->p2p_group &&
7048 (wpa_s->p2p_in_provisioning || wpa_s->show_group_started)) {
7049 /*
7050 * Skip the wait time since there is a short timeout on the
7051 * connection to a P2P group.
7052 */
7053 return;
7054 }
7055#endif /* CONFIG_P2P */
7056
00e5e3d5
JM		 7057 if (ssid->auth_failures > 50)
7058 dur = 300;
00e5e3d5 7059 else if (ssid->auth_failures > 10)
8a77f1be 7060 dur = 120;
00e5e3d5 7061 else if (ssid->auth_failures > 5)
8a77f1be
JM		 7062 dur = 90;
7063 else if (ssid->auth_failures > 3)
7064 dur = 60;
7065 else if (ssid->auth_failures > 2)
00e5e3d5
JM		 7066 dur = 30;
7067 else if (ssid->auth_failures > 1)
7068 dur = 20;
7069 else
7070 dur = 10;
7071
8a77f1be
JM		 7072 if (ssid->auth_failures > 1 &&
7073 wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt))
7074 dur += os_random() % (ssid->auth_failures * 10);
7075
4e1eae1d 7076 os_get_reltime(&now);
00e5e3d5
JM		 7077 if (now.sec + dur <= ssid->disabled_until.sec)
7078 return;
7079
7080 ssid->disabled_until.sec = now.sec + dur;
7081
7082 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TEMP_DISABLED
b19c098e 7083 "id=%d ssid=\"%s\" auth_failures=%u duration=%d reason=%s",
00e5e3d5 7084 ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
b19c098e 7085 ssid->auth_failures, dur, reason);
00e5e3d5
JM		 7086}
7087
7088
7089void wpas_clear_temp_disabled(struct wpa_supplicant *wpa_s,
7090 struct wpa_ssid *ssid, int clear_failures)
7091{
7092 if (ssid == NULL)
7093 return;
7094
7095 if (ssid->disabled_until.sec) {
7096 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_REENABLED
7097 "id=%d ssid=\"%s\"",
7098 ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
7099 }
7100 ssid->disabled_until.sec = 0;
7101 ssid->disabled_until.usec = 0;
7102 if (clear_failures)
7103 ssid->auth_failures = 0;
7104}
6407f413
JM		 7105
7106
7107int disallowed_bssid(struct wpa_supplicant *wpa_s, const u8 *bssid)
7108{
7109 size_t i;
7110
7111 if (wpa_s->disallow_aps_bssid == NULL)
7112 return 0;
7113
7114 for (i = 0; i < wpa_s->disallow_aps_bssid_count; i++) {
7115 if (os_memcmp(wpa_s->disallow_aps_bssid + i * ETH_ALEN,
7116 bssid, ETH_ALEN) == 0)
7117 return 1;
7118 }
7119
7120 return 0;
7121}
7122
7123
7124int disallowed_ssid(struct wpa_supplicant *wpa_s, const u8 *ssid,
7125 size_t ssid_len)
7126{
7127 size_t i;
7128
7129 if (wpa_s->disallow_aps_ssid == NULL || ssid == NULL)
7130 return 0;
7131
7132 for (i = 0; i < wpa_s->disallow_aps_ssid_count; i++) {
7133 struct wpa_ssid_value *s = &wpa_s->disallow_aps_ssid[i];
7134 if (ssid_len == s->ssid_len &&
7135 os_memcmp(ssid, s->ssid, ssid_len) == 0)
7136 return 1;
7137 }
7138
7139 return 0;
7140}
9796a86c
JM		 7141
7142
7143/**
7144 * wpas_request_connection - Request a new connection
7145 * @wpa_s: Pointer to the network interface
7146 *
7147 * This function is used to request a new connection to be found. It will mark
7148 * the interface to allow reassociation and request a new scan to find a
7149 * suitable network to connect to.
7150 */
7151void wpas_request_connection(struct wpa_supplicant *wpa_s)
7152{
7153 wpa_s->normal_scans = 0;
5214f4fa 7154 wpa_s->scan_req = NORMAL_SCAN_REQ;
9796a86c
JM		 7155 wpa_supplicant_reinit_autoscan(wpa_s);
7156 wpa_s->extra_blacklist_count = 0;
7157 wpa_s->disconnected = 0;
7158 wpa_s->reassociate = 1;
2cb40e9f 7159 wpa_s->last_owe_group = 0;
5e24beae
MH		 7160
7161 if (wpa_supplicant_fast_associate(wpa_s) != 1)
7162 wpa_supplicant_req_scan(wpa_s, 0, 0);
0c5f01fd
B		 7163 else
7164 wpa_s->reattach = 0;
9796a86c 7165}
36b9883d
DG		 7166
7167
5f040be4
RP		 7168/**
7169 * wpas_request_disconnection - Request disconnection
7170 * @wpa_s: Pointer to the network interface
7171 *
7172 * This function is used to request disconnection from the currently connected
7173 * network. This will stop any ongoing scans and initiate deauthentication.
7174 */
7175void wpas_request_disconnection(struct wpa_supplicant *wpa_s)
7176{
7177#ifdef CONFIG_SME
7178 wpa_s->sme.prev_bssid_set = 0;
7179#endif /* CONFIG_SME */
7180 wpa_s->reassociate = 0;
7181 wpa_s->disconnected = 1;
7182 wpa_supplicant_cancel_sched_scan(wpa_s);
7183 wpa_supplicant_cancel_scan(wpa_s);
7184 wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
7185 eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
f5db7750
JM		 7186 radio_remove_works(wpa_s, "connect", 0);
7187 radio_remove_works(wpa_s, "sme-connect", 0);
5f040be4
RP		 7188}
7189
7190
a0c90bb0
IP		 7191void dump_freq_data(struct wpa_supplicant *wpa_s, const char *title,
7192 struct wpa_used_freq_data *freqs_data,
7193 unsigned int len)
7194{
7195 unsigned int i;
7196
7197 wpa_dbg(wpa_s, MSG_DEBUG, "Shared frequencies (len=%u): %s",
7198 len, title);
7199 for (i = 0; i < len; i++) {
7200 struct wpa_used_freq_data *cur = &freqs_data[i];
7201 wpa_dbg(wpa_s, MSG_DEBUG, "freq[%u]: %d, flags=0x%X",
7202 i, cur->freq, cur->flags);
7203 }
7204}
7205
7206
53c5dfc2
IP		 7207/*
7208 * Find the operating frequencies of any of the virtual interfaces that
a0c90bb0
IP		 7209 * are using the same radio as the current interface, and in addition, get
7210 * information about the interface types that are using the frequency.
53c5dfc2 7211 */
a0c90bb0
IP		 7212int get_shared_radio_freqs_data(struct wpa_supplicant *wpa_s,
7213 struct wpa_used_freq_data *freqs_data,
7214 unsigned int len)
53c5dfc2 7215{
53c5dfc2
IP		 7216 struct wpa_supplicant *ifs;
7217 u8 bssid[ETH_ALEN];
7218 int freq;
7219 unsigned int idx = 0, i;
7220
217cf499
JM		 7221 wpa_dbg(wpa_s, MSG_DEBUG,
7222 "Determining shared radio frequencies (max len %u)", len);
a0c90bb0 7223 os_memset(freqs_data, 0, sizeof(struct wpa_used_freq_data) * len);
53c5dfc2 7224
0ad3b9c4
JM		 7225 dl_list_for_each(ifs, &wpa_s->radio->ifaces, struct wpa_supplicant,
7226 radio_list) {
a0c90bb0
IP		 7227 if (idx == len)
7228 break;
7229
53c5dfc2
IP		 7230 if (ifs->current_ssid == NULL || ifs->assoc_freq == 0)
7231 continue;
7232
7233 if (ifs->current_ssid->mode == WPAS_MODE_AP ||
241c3333
MH		 7234 ifs->current_ssid->mode == WPAS_MODE_P2P_GO ||
7235 ifs->current_ssid->mode == WPAS_MODE_MESH)
53c5dfc2
IP		 7236 freq = ifs->current_ssid->frequency;
7237 else if (wpa_drv_get_bssid(ifs, bssid) == 0)
7238 freq = ifs->assoc_freq;
7239 else
7240 continue;
7241
7242 /* Hold only distinct freqs */
7243 for (i = 0; i < idx; i++)
a0c90bb0 7244 if (freqs_data[i].freq == freq)
53c5dfc2
IP		 7245 break;
7246
7247 if (i == idx)
a0c90bb0
IP		 7248 freqs_data[idx++].freq = freq;
7249
7250 if (ifs->current_ssid->mode == WPAS_MODE_INFRA) {
22264b3c 7251 freqs_data[i].flags |= ifs->current_ssid->p2p_group ?
a0c90bb0
IP		 7252 WPA_FREQ_USED_BY_P2P_CLIENT :
7253 WPA_FREQ_USED_BY_INFRA_STATION;
7254 }
53c5dfc2 7255 }
217cf499 7256
a0c90bb0 7257 dump_freq_data(wpa_s, "completed iteration", freqs_data, idx);
53c5dfc2
IP		 7258 return idx;
7259}
a0c90bb0
IP		 7260
7261
7262/*
7263 * Find the operating frequencies of any of the virtual interfaces that
7264 * are using the same radio as the current interface.
7265 */
7266int get_shared_radio_freqs(struct wpa_supplicant *wpa_s,
7267 int *freq_array, unsigned int len)
7268{
7269 struct wpa_used_freq_data *freqs_data;
7270 int num, i;
7271
7272 os_memset(freq_array, 0, sizeof(int) * len);
7273
7274 freqs_data = os_calloc(len, sizeof(struct wpa_used_freq_data));
7275 if (!freqs_data)
7276 return -1;
7277
7278 num = get_shared_radio_freqs_data(wpa_s, freqs_data, len);
7279 for (i = 0; i < num; i++)
7280 freq_array[i] = freqs_data[i].freq;
7281
7282 os_free(freqs_data);
7283
7284 return num;
7285}
b361d580
AK		 7286
7287
af041f99
AA		 7288struct wpa_supplicant *
7289wpas_vendor_elem(struct wpa_supplicant *wpa_s, enum wpa_vendor_elem_frame frame)
7290{
7291 switch (frame) {
7292#ifdef CONFIG_P2P
7293 case VENDOR_ELEM_PROBE_REQ_P2P:
7294 case VENDOR_ELEM_PROBE_RESP_P2P:
7295 case VENDOR_ELEM_PROBE_RESP_P2P_GO:
7296 case VENDOR_ELEM_BEACON_P2P_GO:
7297 case VENDOR_ELEM_P2P_PD_REQ:
7298 case VENDOR_ELEM_P2P_PD_RESP:
7299 case VENDOR_ELEM_P2P_GO_NEG_REQ:
7300 case VENDOR_ELEM_P2P_GO_NEG_RESP:
7301 case VENDOR_ELEM_P2P_GO_NEG_CONF:
7302 case VENDOR_ELEM_P2P_INV_REQ:
7303 case VENDOR_ELEM_P2P_INV_RESP:
7304 case VENDOR_ELEM_P2P_ASSOC_REQ:
7305 case VENDOR_ELEM_P2P_ASSOC_RESP:
ba307f85 7306 return wpa_s->p2pdev;
af041f99
AA		 7307#endif /* CONFIG_P2P */
7308 default:
7309 return wpa_s;
7310 }
7311}
7312
7313
7314void wpas_vendor_elem_update(struct wpa_supplicant *wpa_s)
7315{
7316 unsigned int i;
7317 char buf[30];
7318
7319 wpa_printf(MSG_DEBUG, "Update vendor elements");
7320
7321 for (i = 0; i < NUM_VENDOR_ELEM_FRAMES; i++) {
7322 if (wpa_s->vendor_elem[i]) {
7323 int res;
7324
7325 res = os_snprintf(buf, sizeof(buf), "frame[%u]", i);
7326 if (!os_snprintf_error(sizeof(buf), res)) {
7327 wpa_hexdump_buf(MSG_DEBUG, buf,
7328 wpa_s->vendor_elem[i]);
7329 }
7330 }
7331 }
7332
7333#ifdef CONFIG_P2P
7334 if (wpa_s->parent == wpa_s &&
7335 wpa_s->global->p2p &&
7336 !wpa_s->global->p2p_disabled)
7337 p2p_set_vendor_elems(wpa_s->global->p2p, wpa_s->vendor_elem);
7338#endif /* CONFIG_P2P */
7339}
7340
7341
7342int wpas_vendor_elem_remove(struct wpa_supplicant *wpa_s, int frame,
7343 const u8 *elem, size_t len)
7344{
7345 u8 *ie, *end;
7346
7347 ie = wpabuf_mhead_u8(wpa_s->vendor_elem[frame]);
7348 end = ie + wpabuf_len(wpa_s->vendor_elem[frame]);
7349
7350 for (; ie + 1 < end; ie += 2 + ie[1]) {
7351 if (ie + len > end)
7352 break;
7353 if (os_memcmp(ie, elem, len) != 0)
7354 continue;
7355
7356 if (wpabuf_len(wpa_s->vendor_elem[frame]) == len) {
7357 wpabuf_free(wpa_s->vendor_elem[frame]);
7358 wpa_s->vendor_elem[frame] = NULL;
7359 } else {
7360 os_memmove(ie, ie + len, end - (ie + len));
7361 wpa_s->vendor_elem[frame]->used -= len;
7362 }
7363 wpas_vendor_elem_update(wpa_s);
7364 return 0;
7365 }
7366
7367 return -1;
7368}
ea69d973
AS		 7369
7370
7371struct hostapd_hw_modes * get_mode(struct hostapd_hw_modes *modes,
7372 u16 num_modes, enum hostapd_hw_mode mode)
7373{
7374 u16 i;
7375
7376 for (i = 0; i < num_modes; i++) {
7377 if (modes[i].mode == mode)
7378 return &modes[i];
7379 }
7380
7381 return NULL;
7382}
dd599908
AS		 7383
7384
7385static struct
7386wpa_bss_tmp_disallowed * wpas_get_disallowed_bss(struct wpa_supplicant *wpa_s,
7387 const u8 *bssid)
7388{
7389 struct wpa_bss_tmp_disallowed *bss;
7390
7391 dl_list_for_each(bss, &wpa_s->bss_tmp_disallowed,
7392 struct wpa_bss_tmp_disallowed, list) {
7393 if (os_memcmp(bssid, bss->bssid, ETH_ALEN) == 0)
7394 return bss;
7395 }
7396
7397 return NULL;
7398}
7399
7400
b04854ce
AP		 7401static int wpa_set_driver_tmp_disallow_list(struct wpa_supplicant *wpa_s)
7402{
7403 struct wpa_bss_tmp_disallowed *tmp;
7404 unsigned int num_bssid = 0;
7405 u8 *bssids;
7406 int ret;
7407
7408 bssids = os_malloc(dl_list_len(&wpa_s->bss_tmp_disallowed) * ETH_ALEN);
7409 if (!bssids)
7410 return -1;
7411 dl_list_for_each(tmp, &wpa_s->bss_tmp_disallowed,
7412 struct wpa_bss_tmp_disallowed, list) {
7413 os_memcpy(&bssids[num_bssid * ETH_ALEN], tmp->bssid,
7414 ETH_ALEN);
7415 num_bssid++;
7416 }
7417 ret = wpa_drv_set_bssid_blacklist(wpa_s, num_bssid, bssids);
7418 os_free(bssids);
7419 return ret;
7420}
7421
7422
7423static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx, void *timeout_ctx)
7424{
7425 struct wpa_supplicant *wpa_s = eloop_ctx;
7426 struct wpa_bss_tmp_disallowed *tmp, *bss = timeout_ctx;
7427
7428 /* Make sure the bss is not already freed */
7429 dl_list_for_each(tmp, &wpa_s->bss_tmp_disallowed,
7430 struct wpa_bss_tmp_disallowed, list) {
7431 if (bss == tmp) {
7432 dl_list_del(&tmp->list);
7433 os_free(tmp);
7434 wpa_set_driver_tmp_disallow_list(wpa_s);
7435 break;
7436 }
7437 }
7438}
7439
7440
dd599908 7441void wpa_bss_tmp_disallow(struct wpa_supplicant *wpa_s, const u8 *bssid,
19677b77 7442 unsigned int sec, int rssi_threshold)
dd599908
AS		 7443{
7444 struct wpa_bss_tmp_disallowed *bss;
dd599908
AS		 7445
7446 bss = wpas_get_disallowed_bss(wpa_s, bssid);
7447 if (bss) {
b04854ce 7448 eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout, wpa_s, bss);
19677b77 7449 goto finish;
dd599908
AS		 7450 }
7451
7452 bss = os_malloc(sizeof(*bss));
7453 if (!bss) {
7454 wpa_printf(MSG_DEBUG,
7455 "Failed to allocate memory for temp disallow BSS");
7456 return;
7457 }
7458
dd599908
AS		 7459 os_memcpy(bss->bssid, bssid, ETH_ALEN);
7460 dl_list_add(&wpa_s->bss_tmp_disallowed, &bss->list);
b04854ce 7461 wpa_set_driver_tmp_disallow_list(wpa_s);
19677b77
BL		 7462
7463finish:
7464 bss->rssi_threshold = rssi_threshold;
b04854ce
AP		 7465 eloop_register_timeout(sec, 0, wpa_bss_tmp_disallow_timeout,
7466 wpa_s, bss);
dd599908
AS		 7467}
7468
7469
19677b77
BL		 7470int wpa_is_bss_tmp_disallowed(struct wpa_supplicant *wpa_s,
7471 struct wpa_bss *bss)
dd599908 7472{
19677b77 7473 struct wpa_bss_tmp_disallowed *disallowed = NULL, *tmp, *prev;
dd599908 7474
d010048c
JM		 7475 dl_list_for_each_safe(tmp, prev, &wpa_s->bss_tmp_disallowed,
7476 struct wpa_bss_tmp_disallowed, list) {
19677b77
BL		 7477 if (os_memcmp(bss->bssid, tmp->bssid, ETH_ALEN) == 0) {
7478 disallowed = tmp;
d010048c
JM		 7479 break;
7480 }
7481 }
19677b77
BL		 7482 if (!disallowed)
7483 return 0;
7484
7485 if (disallowed->rssi_threshold != 0 &&
7486 bss->level > disallowed->rssi_threshold)
dd599908
AS		 7487 return 0;
7488
d010048c 7489 return 1;
dd599908 7490}
91b6eba7
EC		 7491
7492
7493int wpas_enable_mac_addr_randomization(struct wpa_supplicant *wpa_s,
7494 unsigned int type, const u8 *addr,
7495 const u8 *mask)
7496{
7497 if ((addr && !mask) || (!addr && mask)) {
7498 wpa_printf(MSG_INFO,
7499 "MAC_ADDR_RAND_SCAN invalid addr/mask combination");
7500 return -1;
7501 }
7502
7503 if (addr && mask && (!(mask[0] & 0x01) || (addr[0] & 0x01))) {
7504 wpa_printf(MSG_INFO,
7505 "MAC_ADDR_RAND_SCAN cannot allow multicast address");
7506 return -1;
7507 }
7508
7509 if (type & MAC_ADDR_RAND_SCAN) {
7510 if (wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_SCAN,
7511 addr, mask))
7512 return -1;
7513 }
7514
7515 if (type & MAC_ADDR_RAND_SCHED_SCAN) {
7516 if (wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_SCHED_SCAN,
7517 addr, mask))
7518 return -1;
7519
7520 if (wpa_s->sched_scanning && !wpa_s->pno)
7521 wpas_scan_restart_sched_scan(wpa_s);
7522 }
7523
7524 if (type & MAC_ADDR_RAND_PNO) {
7525 if (wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_PNO,
7526 addr, mask))
7527 return -1;
7528
7529 if (wpa_s->pno) {
7530 wpas_stop_pno(wpa_s);
7531 wpas_start_pno(wpa_s);
7532 }
7533 }
7534
7535 return 0;
7536}
7537
7538
7539int wpas_disable_mac_addr_randomization(struct wpa_supplicant *wpa_s,
7540 unsigned int type)
7541{
7542 wpas_mac_addr_rand_scan_clear(wpa_s, type);
7543 if (wpa_s->pno) {
7544 if (type & MAC_ADDR_RAND_PNO) {
7545 wpas_stop_pno(wpa_s);
7546 wpas_start_pno(wpa_s);
7547 }
7548 } else if (wpa_s->sched_scanning && (type & MAC_ADDR_RAND_SCHED_SCAN)) {
7549 wpas_scan_restart_sched_scan(wpa_s);
7550 }
7551
7552 return 0;
7553}
Unnamed repository; edit this file 'description' to name the repository.