]>
Commit | Line | Data |
---|---|---|
1 | /* | |
2 | * wpa_supplicant - SME | |
3 | * Copyright (c) 2009-2010, Jouni Malinen <j@w1.fi> | |
4 | * | |
5 | * This software may be distributed under the terms of the BSD license. | |
6 | * See README for more details. | |
7 | */ | |
8 | ||
9 | #include "includes.h" | |
10 | ||
11 | #include "common.h" | |
12 | #include "utils/eloop.h" | |
13 | #include "common/ieee802_11_defs.h" | |
14 | #include "common/ieee802_11_common.h" | |
15 | #include "eapol_supp/eapol_supp_sm.h" | |
16 | #include "common/wpa_common.h" | |
17 | #include "rsn_supp/wpa.h" | |
18 | #include "rsn_supp/pmksa_cache.h" | |
19 | #include "config.h" | |
20 | #include "wpa_supplicant_i.h" | |
21 | #include "driver_i.h" | |
22 | #include "wpas_glue.h" | |
23 | #include "wps_supplicant.h" | |
24 | #include "p2p_supplicant.h" | |
25 | #include "notify.h" | |
26 | #include "bss.h" | |
27 | #include "scan.h" | |
28 | #include "sme.h" | |
29 | #include "hs20_supplicant.h" | |
30 | ||
31 | #define SME_AUTH_TIMEOUT 5 | |
32 | #define SME_ASSOC_TIMEOUT 5 | |
33 | ||
34 | static void sme_auth_timer(void *eloop_ctx, void *timeout_ctx); | |
35 | static void sme_assoc_timer(void *eloop_ctx, void *timeout_ctx); | |
36 | static void sme_obss_scan_timeout(void *eloop_ctx, void *timeout_ctx); | |
37 | #ifdef CONFIG_IEEE80211W | |
38 | static void sme_stop_sa_query(struct wpa_supplicant *wpa_s); | |
39 | #endif /* CONFIG_IEEE80211W */ | |
40 | ||
41 | ||
42 | #ifdef CONFIG_SAE | |
43 | ||
44 | static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s) | |
45 | { | |
46 | struct wpabuf *buf; | |
47 | ||
48 | buf = wpabuf_alloc(4 + 2); | |
49 | if (buf == NULL) | |
50 | return NULL; | |
51 | ||
52 | wpabuf_put_le16(buf, 1); /* Transaction seq# */ | |
53 | wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS); | |
54 | wpabuf_put_le16(buf, 19); /* Finite Cyclic Group */ | |
55 | /* TODO: Anti-Clogging Token (if requested) */ | |
56 | /* TODO: Scalar */ | |
57 | /* TODO: Element */ | |
58 | ||
59 | return buf; | |
60 | } | |
61 | ||
62 | ||
63 | static struct wpabuf * sme_auth_build_sae_confirm(struct wpa_supplicant *wpa_s) | |
64 | { | |
65 | struct wpabuf *buf; | |
66 | ||
67 | buf = wpabuf_alloc(4 + 2); | |
68 | if (buf == NULL) | |
69 | return NULL; | |
70 | ||
71 | wpabuf_put_le16(buf, 2); /* Transaction seq# */ | |
72 | wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS); | |
73 | wpabuf_put_le16(buf, wpa_s->sme.sae_send_confirm); | |
74 | wpa_s->sme.sae_send_confirm++; | |
75 | /* TODO: Confirm */ | |
76 | ||
77 | return buf; | |
78 | } | |
79 | ||
80 | #endif /* CONFIG_SAE */ | |
81 | ||
82 | ||
83 | void sme_send_authentication(struct wpa_supplicant *wpa_s, | |
84 | struct wpa_bss *bss, struct wpa_ssid *ssid, | |
85 | int start) | |
86 | { | |
87 | struct wpa_driver_auth_params params; | |
88 | struct wpa_ssid *old_ssid; | |
89 | #ifdef CONFIG_IEEE80211R | |
90 | const u8 *ie; | |
91 | #endif /* CONFIG_IEEE80211R */ | |
92 | #ifdef CONFIG_IEEE80211R | |
93 | const u8 *md = NULL; | |
94 | #endif /* CONFIG_IEEE80211R */ | |
95 | int i, bssid_changed; | |
96 | struct wpabuf *resp = NULL; | |
97 | ||
98 | if (bss == NULL) { | |
99 | wpa_msg(wpa_s, MSG_ERROR, "SME: No scan result available for " | |
100 | "the network"); | |
101 | return; | |
102 | } | |
103 | ||
104 | wpa_s->current_bss = bss; | |
105 | ||
106 | os_memset(¶ms, 0, sizeof(params)); | |
107 | wpa_s->reassociate = 0; | |
108 | ||
109 | params.freq = bss->freq; | |
110 | params.bssid = bss->bssid; | |
111 | params.ssid = bss->ssid; | |
112 | params.ssid_len = bss->ssid_len; | |
113 | params.p2p = ssid->p2p_group; | |
114 | ||
115 | if (wpa_s->sme.ssid_len != params.ssid_len || | |
116 | os_memcmp(wpa_s->sme.ssid, params.ssid, params.ssid_len) != 0) | |
117 | wpa_s->sme.prev_bssid_set = 0; | |
118 | ||
119 | wpa_s->sme.freq = params.freq; | |
120 | os_memcpy(wpa_s->sme.ssid, params.ssid, params.ssid_len); | |
121 | wpa_s->sme.ssid_len = params.ssid_len; | |
122 | ||
123 | params.auth_alg = WPA_AUTH_ALG_OPEN; | |
124 | #ifdef IEEE8021X_EAPOL | |
125 | if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) { | |
126 | if (ssid->leap) { | |
127 | if (ssid->non_leap == 0) | |
128 | params.auth_alg = WPA_AUTH_ALG_LEAP; | |
129 | else | |
130 | params.auth_alg |= WPA_AUTH_ALG_LEAP; | |
131 | } | |
132 | } | |
133 | #endif /* IEEE8021X_EAPOL */ | |
134 | wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x", | |
135 | params.auth_alg); | |
136 | if (ssid->auth_alg) { | |
137 | params.auth_alg = ssid->auth_alg; | |
138 | wpa_dbg(wpa_s, MSG_DEBUG, "Overriding auth_alg selection: " | |
139 | "0x%x", params.auth_alg); | |
140 | } | |
141 | #ifdef CONFIG_SAE | |
142 | if (wpa_key_mgmt_sae(ssid->key_mgmt)) { | |
143 | const u8 *rsn; | |
144 | struct wpa_ie_data ied; | |
145 | ||
146 | rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN); | |
147 | if (rsn && | |
148 | wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ied) == 0) { | |
149 | if (wpa_key_mgmt_sae(ied.key_mgmt)) { | |
150 | wpa_dbg(wpa_s, MSG_DEBUG, "Using SAE auth_alg"); | |
151 | params.auth_alg = WPA_AUTH_ALG_SAE; | |
152 | } | |
153 | } | |
154 | } | |
155 | #endif /* CONFIG_SAE */ | |
156 | ||
157 | for (i = 0; i < NUM_WEP_KEYS; i++) { | |
158 | if (ssid->wep_key_len[i]) | |
159 | params.wep_key[i] = ssid->wep_key[i]; | |
160 | params.wep_key_len[i] = ssid->wep_key_len[i]; | |
161 | } | |
162 | params.wep_tx_keyidx = ssid->wep_tx_keyidx; | |
163 | ||
164 | bssid_changed = !is_zero_ether_addr(wpa_s->bssid); | |
165 | os_memset(wpa_s->bssid, 0, ETH_ALEN); | |
166 | os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN); | |
167 | if (bssid_changed) | |
168 | wpas_notify_bssid_changed(wpa_s); | |
169 | ||
170 | if ((wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) || | |
171 | wpa_bss_get_ie(bss, WLAN_EID_RSN)) && | |
172 | wpa_key_mgmt_wpa(ssid->key_mgmt)) { | |
173 | int try_opportunistic; | |
174 | try_opportunistic = ssid->proactive_key_caching && | |
175 | (ssid->proto & WPA_PROTO_RSN); | |
176 | if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid, | |
177 | wpa_s->current_ssid, | |
178 | try_opportunistic) == 0) | |
179 | eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1); | |
180 | wpa_s->sme.assoc_req_ie_len = sizeof(wpa_s->sme.assoc_req_ie); | |
181 | if (wpa_supplicant_set_suites(wpa_s, bss, ssid, | |
182 | wpa_s->sme.assoc_req_ie, | |
183 | &wpa_s->sme.assoc_req_ie_len)) { | |
184 | wpa_msg(wpa_s, MSG_WARNING, "SME: Failed to set WPA " | |
185 | "key management and encryption suites"); | |
186 | return; | |
187 | } | |
188 | } else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && | |
189 | wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) { | |
190 | /* | |
191 | * Both WPA and non-WPA IEEE 802.1X enabled in configuration - | |
192 | * use non-WPA since the scan results did not indicate that the | |
193 | * AP is using WPA or WPA2. | |
194 | */ | |
195 | wpa_supplicant_set_non_wpa_policy(wpa_s, ssid); | |
196 | wpa_s->sme.assoc_req_ie_len = 0; | |
197 | } else if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) { | |
198 | wpa_s->sme.assoc_req_ie_len = sizeof(wpa_s->sme.assoc_req_ie); | |
199 | if (wpa_supplicant_set_suites(wpa_s, NULL, ssid, | |
200 | wpa_s->sme.assoc_req_ie, | |
201 | &wpa_s->sme.assoc_req_ie_len)) { | |
202 | wpa_msg(wpa_s, MSG_WARNING, "SME: Failed to set WPA " | |
203 | "key management and encryption suites (no " | |
204 | "scan results)"); | |
205 | return; | |
206 | } | |
207 | #ifdef CONFIG_WPS | |
208 | } else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) { | |
209 | struct wpabuf *wps_ie; | |
210 | wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid)); | |
211 | if (wps_ie && wpabuf_len(wps_ie) <= | |
212 | sizeof(wpa_s->sme.assoc_req_ie)) { | |
213 | wpa_s->sme.assoc_req_ie_len = wpabuf_len(wps_ie); | |
214 | os_memcpy(wpa_s->sme.assoc_req_ie, wpabuf_head(wps_ie), | |
215 | wpa_s->sme.assoc_req_ie_len); | |
216 | } else | |
217 | wpa_s->sme.assoc_req_ie_len = 0; | |
218 | wpabuf_free(wps_ie); | |
219 | wpa_supplicant_set_non_wpa_policy(wpa_s, ssid); | |
220 | #endif /* CONFIG_WPS */ | |
221 | } else { | |
222 | wpa_supplicant_set_non_wpa_policy(wpa_s, ssid); | |
223 | wpa_s->sme.assoc_req_ie_len = 0; | |
224 | } | |
225 | ||
226 | #ifdef CONFIG_IEEE80211R | |
227 | ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN); | |
228 | if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN) | |
229 | md = ie + 2; | |
230 | wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0); | |
231 | if (md) { | |
232 | /* Prepare for the next transition */ | |
233 | wpa_ft_prepare_auth_request(wpa_s->wpa, ie); | |
234 | } | |
235 | ||
236 | if (md && wpa_key_mgmt_ft(ssid->key_mgmt)) { | |
237 | if (wpa_s->sme.assoc_req_ie_len + 5 < | |
238 | sizeof(wpa_s->sme.assoc_req_ie)) { | |
239 | struct rsn_mdie *mdie; | |
240 | u8 *pos = wpa_s->sme.assoc_req_ie + | |
241 | wpa_s->sme.assoc_req_ie_len; | |
242 | *pos++ = WLAN_EID_MOBILITY_DOMAIN; | |
243 | *pos++ = sizeof(*mdie); | |
244 | mdie = (struct rsn_mdie *) pos; | |
245 | os_memcpy(mdie->mobility_domain, md, | |
246 | MOBILITY_DOMAIN_ID_LEN); | |
247 | mdie->ft_capab = md[MOBILITY_DOMAIN_ID_LEN]; | |
248 | wpa_s->sme.assoc_req_ie_len += 5; | |
249 | } | |
250 | ||
251 | if (wpa_s->sme.ft_used && | |
252 | os_memcmp(md, wpa_s->sme.mobility_domain, 2) == 0 && | |
253 | wpa_sm_has_ptk(wpa_s->wpa)) { | |
254 | wpa_dbg(wpa_s, MSG_DEBUG, "SME: Trying to use FT " | |
255 | "over-the-air"); | |
256 | params.auth_alg = WPA_AUTH_ALG_FT; | |
257 | params.ie = wpa_s->sme.ft_ies; | |
258 | params.ie_len = wpa_s->sme.ft_ies_len; | |
259 | } | |
260 | } | |
261 | #endif /* CONFIG_IEEE80211R */ | |
262 | ||
263 | #ifdef CONFIG_IEEE80211W | |
264 | wpa_s->sme.mfp = ssid->ieee80211w; | |
265 | if (ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION) { | |
266 | const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN); | |
267 | struct wpa_ie_data _ie; | |
268 | if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &_ie) == 0 && | |
269 | _ie.capabilities & | |
270 | (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) { | |
271 | wpa_dbg(wpa_s, MSG_DEBUG, "SME: Selected AP supports " | |
272 | "MFP: require MFP"); | |
273 | wpa_s->sme.mfp = MGMT_FRAME_PROTECTION_REQUIRED; | |
274 | } | |
275 | } | |
276 | #endif /* CONFIG_IEEE80211W */ | |
277 | ||
278 | #ifdef CONFIG_P2P | |
279 | if (wpa_s->global->p2p) { | |
280 | u8 *pos; | |
281 | size_t len; | |
282 | int res; | |
283 | pos = wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len; | |
284 | len = sizeof(wpa_s->sme.assoc_req_ie) - | |
285 | wpa_s->sme.assoc_req_ie_len; | |
286 | res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len, | |
287 | ssid->p2p_group); | |
288 | if (res >= 0) | |
289 | wpa_s->sme.assoc_req_ie_len += res; | |
290 | } | |
291 | #endif /* CONFIG_P2P */ | |
292 | ||
293 | #ifdef CONFIG_HS20 | |
294 | if (wpa_s->conf->hs20) { | |
295 | struct wpabuf *hs20; | |
296 | hs20 = wpabuf_alloc(20); | |
297 | if (hs20) { | |
298 | wpas_hs20_add_indication(hs20); | |
299 | os_memcpy(wpa_s->sme.assoc_req_ie + | |
300 | wpa_s->sme.assoc_req_ie_len, | |
301 | wpabuf_head(hs20), wpabuf_len(hs20)); | |
302 | wpa_s->sme.assoc_req_ie_len += wpabuf_len(hs20); | |
303 | wpabuf_free(hs20); | |
304 | } | |
305 | } | |
306 | #endif /* CONFIG_HS20 */ | |
307 | ||
308 | #ifdef CONFIG_INTERWORKING | |
309 | if (wpa_s->conf->interworking) { | |
310 | u8 *pos = wpa_s->sme.assoc_req_ie; | |
311 | if (wpa_s->sme.assoc_req_ie_len > 0 && pos[0] == WLAN_EID_RSN) | |
312 | pos += 2 + pos[1]; | |
313 | os_memmove(pos + 6, pos, | |
314 | wpa_s->sme.assoc_req_ie_len - | |
315 | (pos - wpa_s->sme.assoc_req_ie)); | |
316 | wpa_s->sme.assoc_req_ie_len += 6; | |
317 | *pos++ = WLAN_EID_EXT_CAPAB; | |
318 | *pos++ = 4; | |
319 | *pos++ = 0x00; | |
320 | *pos++ = 0x00; | |
321 | *pos++ = 0x00; | |
322 | *pos++ = 0x80; /* Bit 31 - Interworking */ | |
323 | } | |
324 | #endif /* CONFIG_INTERWORKING */ | |
325 | ||
326 | #ifdef CONFIG_SAE | |
327 | if (params.auth_alg == WPA_AUTH_ALG_SAE) { | |
328 | if (start) | |
329 | resp = sme_auth_build_sae_commit(wpa_s); | |
330 | else | |
331 | resp = sme_auth_build_sae_confirm(wpa_s); | |
332 | if (resp == NULL) | |
333 | return; | |
334 | params.sae_data = wpabuf_head(resp); | |
335 | params.sae_data_len = wpabuf_len(resp); | |
336 | wpa_s->sme.sae_state = start ? SME_SAE_COMMIT : SME_SAE_CONFIRM; | |
337 | } | |
338 | #endif /* CONFIG_SAE */ | |
339 | ||
340 | wpa_supplicant_cancel_sched_scan(wpa_s); | |
341 | wpa_supplicant_cancel_scan(wpa_s); | |
342 | ||
343 | wpa_msg(wpa_s, MSG_INFO, "SME: Trying to authenticate with " MACSTR | |
344 | " (SSID='%s' freq=%d MHz)", MAC2STR(params.bssid), | |
345 | wpa_ssid_txt(params.ssid, params.ssid_len), params.freq); | |
346 | ||
347 | wpa_clear_keys(wpa_s, bss->bssid); | |
348 | wpa_supplicant_set_state(wpa_s, WPA_AUTHENTICATING); | |
349 | old_ssid = wpa_s->current_ssid; | |
350 | wpa_s->current_ssid = ssid; | |
351 | wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid); | |
352 | wpa_supplicant_initiate_eapol(wpa_s); | |
353 | if (old_ssid != wpa_s->current_ssid) | |
354 | wpas_notify_network_changed(wpa_s); | |
355 | ||
356 | wpa_s->sme.auth_alg = params.auth_alg; | |
357 | if (wpa_drv_authenticate(wpa_s, ¶ms) < 0) { | |
358 | wpa_msg(wpa_s, MSG_INFO, "SME: Authentication request to the " | |
359 | "driver failed"); | |
360 | wpas_connection_failed(wpa_s, bss->bssid); | |
361 | wpa_supplicant_mark_disassoc(wpa_s); | |
362 | wpabuf_free(resp); | |
363 | return; | |
364 | } | |
365 | ||
366 | eloop_register_timeout(SME_AUTH_TIMEOUT, 0, sme_auth_timer, wpa_s, | |
367 | NULL); | |
368 | ||
369 | /* | |
370 | * Association will be started based on the authentication event from | |
371 | * the driver. | |
372 | */ | |
373 | ||
374 | wpabuf_free(resp); | |
375 | } | |
376 | ||
377 | ||
378 | void sme_authenticate(struct wpa_supplicant *wpa_s, | |
379 | struct wpa_bss *bss, struct wpa_ssid *ssid) | |
380 | { | |
381 | wpa_s->sme.sae_state = SME_SAE_INIT; | |
382 | wpa_s->sme.sae_send_confirm = 0; | |
383 | sme_send_authentication(wpa_s, bss, ssid, 1); | |
384 | } | |
385 | ||
386 | ||
387 | #ifdef CONFIG_SAE | |
388 | ||
389 | static int sme_sae_process_commit(struct wpa_supplicant *wpa_s, const u8 *data, | |
390 | size_t len) | |
391 | { | |
392 | /* Check Finite Cyclic Group */ | |
393 | if (len < 2) | |
394 | return -1; | |
395 | if (WPA_GET_LE16(data) != 19) { | |
396 | wpa_printf(MSG_DEBUG, "SAE: Unsupported Finite Cyclic Group %u", | |
397 | WPA_GET_LE16(data)); | |
398 | return -1; | |
399 | } | |
400 | ||
401 | /* TODO */ | |
402 | ||
403 | return 0; | |
404 | } | |
405 | ||
406 | ||
407 | static int sme_sae_process_confirm(struct wpa_supplicant *wpa_s, const u8 *data, | |
408 | size_t len) | |
409 | { | |
410 | u16 rc; | |
411 | ||
412 | if (len < 2) | |
413 | return -1; | |
414 | rc = WPA_GET_LE16(data); | |
415 | wpa_printf(MSG_DEBUG, "SAE: peer-send-confirm %u", rc); | |
416 | ||
417 | /* TODO */ | |
418 | return 0; | |
419 | } | |
420 | ||
421 | ||
422 | static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction, | |
423 | u16 status_code, const u8 *data, size_t len) | |
424 | { | |
425 | wpa_dbg(wpa_s, MSG_DEBUG, "SME: SAE authentication transaction %u " | |
426 | "status code %u", auth_transaction, status_code); | |
427 | wpa_hexdump(MSG_DEBUG, "SME: SAE fields", data, len); | |
428 | ||
429 | if (status_code != WLAN_STATUS_SUCCESS) | |
430 | return -1; | |
431 | ||
432 | if (auth_transaction == 1) { | |
433 | wpa_dbg(wpa_s, MSG_DEBUG, "SME SAE commit"); | |
434 | if (wpa_s->current_bss == NULL || | |
435 | wpa_s->current_ssid == NULL) | |
436 | return -1; | |
437 | if (wpa_s->sme.sae_state != SME_SAE_COMMIT) | |
438 | return -1; | |
439 | if (sme_sae_process_commit(wpa_s, data, len) < 0) | |
440 | return -1; | |
441 | sme_send_authentication(wpa_s, wpa_s->current_bss, | |
442 | wpa_s->current_ssid, 0); | |
443 | return 0; | |
444 | } else if (auth_transaction == 2) { | |
445 | wpa_dbg(wpa_s, MSG_DEBUG, "SME SAE confirm"); | |
446 | if (wpa_s->sme.sae_state != SME_SAE_CONFIRM) | |
447 | return -1; | |
448 | if (sme_sae_process_confirm(wpa_s, data, len) < 0) | |
449 | return -1; | |
450 | return 1; | |
451 | } | |
452 | ||
453 | return -1; | |
454 | } | |
455 | #endif /* CONFIG_SAE */ | |
456 | ||
457 | ||
458 | void sme_event_auth(struct wpa_supplicant *wpa_s, union wpa_event_data *data) | |
459 | { | |
460 | struct wpa_ssid *ssid = wpa_s->current_ssid; | |
461 | ||
462 | if (ssid == NULL) { | |
463 | wpa_dbg(wpa_s, MSG_DEBUG, "SME: Ignore authentication event " | |
464 | "when network is not selected"); | |
465 | return; | |
466 | } | |
467 | ||
468 | if (wpa_s->wpa_state != WPA_AUTHENTICATING) { | |
469 | wpa_dbg(wpa_s, MSG_DEBUG, "SME: Ignore authentication event " | |
470 | "when not in authenticating state"); | |
471 | return; | |
472 | } | |
473 | ||
474 | if (os_memcmp(wpa_s->pending_bssid, data->auth.peer, ETH_ALEN) != 0) { | |
475 | wpa_dbg(wpa_s, MSG_DEBUG, "SME: Ignore authentication with " | |
476 | "unexpected peer " MACSTR, | |
477 | MAC2STR(data->auth.peer)); | |
478 | return; | |
479 | } | |
480 | ||
481 | wpa_dbg(wpa_s, MSG_DEBUG, "SME: Authentication response: peer=" MACSTR | |
482 | " auth_type=%d auth_transaction=%d status_code=%d", | |
483 | MAC2STR(data->auth.peer), data->auth.auth_type, | |
484 | data->auth.auth_transaction, data->auth.status_code); | |
485 | wpa_hexdump(MSG_MSGDUMP, "SME: Authentication response IEs", | |
486 | data->auth.ies, data->auth.ies_len); | |
487 | ||
488 | eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL); | |
489 | ||
490 | #ifdef CONFIG_SAE | |
491 | if (data->auth.auth_type == WLAN_AUTH_SAE) { | |
492 | int res; | |
493 | res = sme_sae_auth(wpa_s, data->auth.auth_transaction, | |
494 | data->auth.status_code, data->auth.ies, | |
495 | data->auth.ies_len); | |
496 | if (res < 0) { | |
497 | wpas_connection_failed(wpa_s, wpa_s->pending_bssid); | |
498 | wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); | |
499 | ||
500 | } | |
501 | if (res != 1) | |
502 | return; | |
503 | } | |
504 | #endif /* CONFIG_SAE */ | |
505 | ||
506 | if (data->auth.status_code != WLAN_STATUS_SUCCESS) { | |
507 | wpa_dbg(wpa_s, MSG_DEBUG, "SME: Authentication failed (status " | |
508 | "code %d)", data->auth.status_code); | |
509 | ||
510 | if (data->auth.status_code != | |
511 | WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG || | |
512 | wpa_s->sme.auth_alg == data->auth.auth_type || | |
513 | wpa_s->current_ssid->auth_alg == WPA_AUTH_ALG_LEAP) { | |
514 | wpas_connection_failed(wpa_s, wpa_s->pending_bssid); | |
515 | wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); | |
516 | return; | |
517 | } | |
518 | ||
519 | switch (data->auth.auth_type) { | |
520 | case WLAN_AUTH_OPEN: | |
521 | wpa_s->current_ssid->auth_alg = WPA_AUTH_ALG_SHARED; | |
522 | ||
523 | wpa_dbg(wpa_s, MSG_DEBUG, "SME: Trying SHARED auth"); | |
524 | wpa_supplicant_associate(wpa_s, wpa_s->current_bss, | |
525 | wpa_s->current_ssid); | |
526 | return; | |
527 | ||
528 | case WLAN_AUTH_SHARED_KEY: | |
529 | wpa_s->current_ssid->auth_alg = WPA_AUTH_ALG_LEAP; | |
530 | ||
531 | wpa_dbg(wpa_s, MSG_DEBUG, "SME: Trying LEAP auth"); | |
532 | wpa_supplicant_associate(wpa_s, wpa_s->current_bss, | |
533 | wpa_s->current_ssid); | |
534 | return; | |
535 | ||
536 | default: | |
537 | return; | |
538 | } | |
539 | } | |
540 | ||
541 | #ifdef CONFIG_IEEE80211R | |
542 | if (data->auth.auth_type == WLAN_AUTH_FT) { | |
543 | union wpa_event_data edata; | |
544 | os_memset(&edata, 0, sizeof(edata)); | |
545 | edata.ft_ies.ies = data->auth.ies; | |
546 | edata.ft_ies.ies_len = data->auth.ies_len; | |
547 | os_memcpy(edata.ft_ies.target_ap, data->auth.peer, ETH_ALEN); | |
548 | wpa_supplicant_event(wpa_s, EVENT_FT_RESPONSE, &edata); | |
549 | } | |
550 | #endif /* CONFIG_IEEE80211R */ | |
551 | ||
552 | sme_associate(wpa_s, ssid->mode, data->auth.peer, | |
553 | data->auth.auth_type); | |
554 | } | |
555 | ||
556 | ||
557 | void sme_associate(struct wpa_supplicant *wpa_s, enum wpas_mode mode, | |
558 | const u8 *bssid, u16 auth_type) | |
559 | { | |
560 | struct wpa_driver_associate_params params; | |
561 | struct ieee802_11_elems elems; | |
562 | #ifdef CONFIG_HT_OVERRIDES | |
563 | struct ieee80211_ht_capabilities htcaps; | |
564 | struct ieee80211_ht_capabilities htcaps_mask; | |
565 | #endif /* CONFIG_HT_OVERRIDES */ | |
566 | ||
567 | os_memset(¶ms, 0, sizeof(params)); | |
568 | params.bssid = bssid; | |
569 | params.ssid = wpa_s->sme.ssid; | |
570 | params.ssid_len = wpa_s->sme.ssid_len; | |
571 | params.freq = wpa_s->sme.freq; | |
572 | params.bg_scan_period = wpa_s->current_ssid ? | |
573 | wpa_s->current_ssid->bg_scan_period : -1; | |
574 | params.wpa_ie = wpa_s->sme.assoc_req_ie_len ? | |
575 | wpa_s->sme.assoc_req_ie : NULL; | |
576 | params.wpa_ie_len = wpa_s->sme.assoc_req_ie_len; | |
577 | params.pairwise_suite = cipher_suite2driver(wpa_s->pairwise_cipher); | |
578 | params.group_suite = cipher_suite2driver(wpa_s->group_cipher); | |
579 | #ifdef CONFIG_HT_OVERRIDES | |
580 | os_memset(&htcaps, 0, sizeof(htcaps)); | |
581 | os_memset(&htcaps_mask, 0, sizeof(htcaps_mask)); | |
582 | params.htcaps = (u8 *) &htcaps; | |
583 | params.htcaps_mask = (u8 *) &htcaps_mask; | |
584 | wpa_supplicant_apply_ht_overrides(wpa_s, wpa_s->current_ssid, ¶ms); | |
585 | #endif /* CONFIG_HT_OVERRIDES */ | |
586 | #ifdef CONFIG_IEEE80211R | |
587 | if (auth_type == WLAN_AUTH_FT && wpa_s->sme.ft_ies) { | |
588 | params.wpa_ie = wpa_s->sme.ft_ies; | |
589 | params.wpa_ie_len = wpa_s->sme.ft_ies_len; | |
590 | } | |
591 | #endif /* CONFIG_IEEE80211R */ | |
592 | params.mode = mode; | |
593 | params.mgmt_frame_protection = wpa_s->sme.mfp; | |
594 | if (wpa_s->sme.prev_bssid_set) | |
595 | params.prev_bssid = wpa_s->sme.prev_bssid; | |
596 | ||
597 | wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR | |
598 | " (SSID='%s' freq=%d MHz)", MAC2STR(params.bssid), | |
599 | params.ssid ? wpa_ssid_txt(params.ssid, params.ssid_len) : "", | |
600 | params.freq); | |
601 | ||
602 | wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING); | |
603 | ||
604 | if (params.wpa_ie == NULL || | |
605 | ieee802_11_parse_elems(params.wpa_ie, params.wpa_ie_len, &elems, 0) | |
606 | < 0) { | |
607 | wpa_dbg(wpa_s, MSG_DEBUG, "SME: Could not parse own IEs?!"); | |
608 | os_memset(&elems, 0, sizeof(elems)); | |
609 | } | |
610 | if (elems.rsn_ie) { | |
611 | params.wpa_proto = WPA_PROTO_RSN; | |
612 | wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, elems.rsn_ie - 2, | |
613 | elems.rsn_ie_len + 2); | |
614 | } else if (elems.wpa_ie) { | |
615 | params.wpa_proto = WPA_PROTO_WPA; | |
616 | wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, elems.wpa_ie - 2, | |
617 | elems.wpa_ie_len + 2); | |
618 | } else | |
619 | wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0); | |
620 | if (wpa_s->current_ssid && wpa_s->current_ssid->p2p_group) | |
621 | params.p2p = 1; | |
622 | ||
623 | if (wpa_s->parent->set_sta_uapsd) | |
624 | params.uapsd = wpa_s->parent->sta_uapsd; | |
625 | else | |
626 | params.uapsd = -1; | |
627 | ||
628 | if (wpa_drv_associate(wpa_s, ¶ms) < 0) { | |
629 | wpa_msg(wpa_s, MSG_INFO, "SME: Association request to the " | |
630 | "driver failed"); | |
631 | wpas_connection_failed(wpa_s, wpa_s->pending_bssid); | |
632 | wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); | |
633 | os_memset(wpa_s->pending_bssid, 0, ETH_ALEN); | |
634 | return; | |
635 | } | |
636 | ||
637 | eloop_register_timeout(SME_ASSOC_TIMEOUT, 0, sme_assoc_timer, wpa_s, | |
638 | NULL); | |
639 | } | |
640 | ||
641 | ||
642 | int sme_update_ft_ies(struct wpa_supplicant *wpa_s, const u8 *md, | |
643 | const u8 *ies, size_t ies_len) | |
644 | { | |
645 | if (md == NULL || ies == NULL) { | |
646 | wpa_dbg(wpa_s, MSG_DEBUG, "SME: Remove mobility domain"); | |
647 | os_free(wpa_s->sme.ft_ies); | |
648 | wpa_s->sme.ft_ies = NULL; | |
649 | wpa_s->sme.ft_ies_len = 0; | |
650 | wpa_s->sme.ft_used = 0; | |
651 | return 0; | |
652 | } | |
653 | ||
654 | os_memcpy(wpa_s->sme.mobility_domain, md, MOBILITY_DOMAIN_ID_LEN); | |
655 | wpa_hexdump(MSG_DEBUG, "SME: FT IEs", ies, ies_len); | |
656 | os_free(wpa_s->sme.ft_ies); | |
657 | wpa_s->sme.ft_ies = os_malloc(ies_len); | |
658 | if (wpa_s->sme.ft_ies == NULL) | |
659 | return -1; | |
660 | os_memcpy(wpa_s->sme.ft_ies, ies, ies_len); | |
661 | wpa_s->sme.ft_ies_len = ies_len; | |
662 | return 0; | |
663 | } | |
664 | ||
665 | ||
666 | static void sme_deauth(struct wpa_supplicant *wpa_s) | |
667 | { | |
668 | int bssid_changed; | |
669 | ||
670 | bssid_changed = !is_zero_ether_addr(wpa_s->bssid); | |
671 | ||
672 | if (wpa_drv_deauthenticate(wpa_s, wpa_s->pending_bssid, | |
673 | WLAN_REASON_DEAUTH_LEAVING) < 0) { | |
674 | wpa_msg(wpa_s, MSG_INFO, "SME: Deauth request to the driver " | |
675 | "failed"); | |
676 | } | |
677 | wpa_s->sme.prev_bssid_set = 0; | |
678 | ||
679 | wpas_connection_failed(wpa_s, wpa_s->pending_bssid); | |
680 | wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); | |
681 | os_memset(wpa_s->bssid, 0, ETH_ALEN); | |
682 | os_memset(wpa_s->pending_bssid, 0, ETH_ALEN); | |
683 | if (bssid_changed) | |
684 | wpas_notify_bssid_changed(wpa_s); | |
685 | } | |
686 | ||
687 | ||
688 | void sme_event_assoc_reject(struct wpa_supplicant *wpa_s, | |
689 | union wpa_event_data *data) | |
690 | { | |
691 | wpa_dbg(wpa_s, MSG_DEBUG, "SME: Association with " MACSTR " failed: " | |
692 | "status code %d", MAC2STR(wpa_s->pending_bssid), | |
693 | data->assoc_reject.status_code); | |
694 | ||
695 | eloop_cancel_timeout(sme_assoc_timer, wpa_s, NULL); | |
696 | ||
697 | /* | |
698 | * For now, unconditionally terminate the previous authentication. In | |
699 | * theory, this should not be needed, but mac80211 gets quite confused | |
700 | * if the authentication is left pending.. Some roaming cases might | |
701 | * benefit from using the previous authentication, so this could be | |
702 | * optimized in the future. | |
703 | */ | |
704 | sme_deauth(wpa_s); | |
705 | } | |
706 | ||
707 | ||
708 | void sme_event_auth_timed_out(struct wpa_supplicant *wpa_s, | |
709 | union wpa_event_data *data) | |
710 | { | |
711 | wpa_dbg(wpa_s, MSG_DEBUG, "SME: Authentication timed out"); | |
712 | wpas_connection_failed(wpa_s, wpa_s->pending_bssid); | |
713 | wpa_supplicant_mark_disassoc(wpa_s); | |
714 | } | |
715 | ||
716 | ||
717 | void sme_event_assoc_timed_out(struct wpa_supplicant *wpa_s, | |
718 | union wpa_event_data *data) | |
719 | { | |
720 | wpa_dbg(wpa_s, MSG_DEBUG, "SME: Association timed out"); | |
721 | wpas_connection_failed(wpa_s, wpa_s->pending_bssid); | |
722 | wpa_supplicant_mark_disassoc(wpa_s); | |
723 | } | |
724 | ||
725 | ||
726 | void sme_event_disassoc(struct wpa_supplicant *wpa_s, | |
727 | union wpa_event_data *data) | |
728 | { | |
729 | wpa_dbg(wpa_s, MSG_DEBUG, "SME: Disassociation event received"); | |
730 | if (wpa_s->sme.prev_bssid_set) { | |
731 | /* | |
732 | * cfg80211/mac80211 can get into somewhat confused state if | |
733 | * the AP only disassociates us and leaves us in authenticated | |
734 | * state. For now, force the state to be cleared to avoid | |
735 | * confusing errors if we try to associate with the AP again. | |
736 | */ | |
737 | wpa_dbg(wpa_s, MSG_DEBUG, "SME: Deauthenticate to clear " | |
738 | "driver state"); | |
739 | wpa_drv_deauthenticate(wpa_s, wpa_s->sme.prev_bssid, | |
740 | WLAN_REASON_DEAUTH_LEAVING); | |
741 | } | |
742 | } | |
743 | ||
744 | ||
745 | static void sme_auth_timer(void *eloop_ctx, void *timeout_ctx) | |
746 | { | |
747 | struct wpa_supplicant *wpa_s = eloop_ctx; | |
748 | if (wpa_s->wpa_state == WPA_AUTHENTICATING) { | |
749 | wpa_msg(wpa_s, MSG_DEBUG, "SME: Authentication timeout"); | |
750 | sme_deauth(wpa_s); | |
751 | } | |
752 | } | |
753 | ||
754 | ||
755 | static void sme_assoc_timer(void *eloop_ctx, void *timeout_ctx) | |
756 | { | |
757 | struct wpa_supplicant *wpa_s = eloop_ctx; | |
758 | if (wpa_s->wpa_state == WPA_ASSOCIATING) { | |
759 | wpa_msg(wpa_s, MSG_DEBUG, "SME: Association timeout"); | |
760 | sme_deauth(wpa_s); | |
761 | } | |
762 | } | |
763 | ||
764 | ||
765 | void sme_state_changed(struct wpa_supplicant *wpa_s) | |
766 | { | |
767 | /* Make sure timers are cleaned up appropriately. */ | |
768 | if (wpa_s->wpa_state != WPA_ASSOCIATING) | |
769 | eloop_cancel_timeout(sme_assoc_timer, wpa_s, NULL); | |
770 | if (wpa_s->wpa_state != WPA_AUTHENTICATING) | |
771 | eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL); | |
772 | } | |
773 | ||
774 | ||
775 | void sme_disassoc_while_authenticating(struct wpa_supplicant *wpa_s, | |
776 | const u8 *prev_pending_bssid) | |
777 | { | |
778 | /* | |
779 | * mac80211-workaround to force deauth on failed auth cmd, | |
780 | * requires us to remain in authenticating state to allow the | |
781 | * second authentication attempt to be continued properly. | |
782 | */ | |
783 | wpa_dbg(wpa_s, MSG_DEBUG, "SME: Allow pending authentication " | |
784 | "to proceed after disconnection event"); | |
785 | wpa_supplicant_set_state(wpa_s, WPA_AUTHENTICATING); | |
786 | os_memcpy(wpa_s->pending_bssid, prev_pending_bssid, ETH_ALEN); | |
787 | ||
788 | /* | |
789 | * Re-arm authentication timer in case auth fails for whatever reason. | |
790 | */ | |
791 | eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL); | |
792 | eloop_register_timeout(SME_AUTH_TIMEOUT, 0, sme_auth_timer, wpa_s, | |
793 | NULL); | |
794 | } | |
795 | ||
796 | ||
797 | void sme_deinit(struct wpa_supplicant *wpa_s) | |
798 | { | |
799 | os_free(wpa_s->sme.ft_ies); | |
800 | wpa_s->sme.ft_ies = NULL; | |
801 | wpa_s->sme.ft_ies_len = 0; | |
802 | #ifdef CONFIG_IEEE80211W | |
803 | sme_stop_sa_query(wpa_s); | |
804 | #endif /* CONFIG_IEEE80211W */ | |
805 | ||
806 | eloop_cancel_timeout(sme_assoc_timer, wpa_s, NULL); | |
807 | eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL); | |
808 | eloop_cancel_timeout(sme_obss_scan_timeout, wpa_s, NULL); | |
809 | } | |
810 | ||
811 | ||
812 | static void sme_send_2040_bss_coex(struct wpa_supplicant *wpa_s, | |
813 | const u8 *chan_list, u8 num_channels, | |
814 | u8 num_intol) | |
815 | { | |
816 | struct ieee80211_2040_bss_coex_ie *bc_ie; | |
817 | struct ieee80211_2040_intol_chan_report *ic_report; | |
818 | struct wpabuf *buf; | |
819 | ||
820 | wpa_printf(MSG_DEBUG, "SME: Send 20/40 BSS Coexistence to " MACSTR, | |
821 | MAC2STR(wpa_s->bssid)); | |
822 | ||
823 | buf = wpabuf_alloc(2 + /* action.category + action_code */ | |
824 | sizeof(struct ieee80211_2040_bss_coex_ie) + | |
825 | sizeof(struct ieee80211_2040_intol_chan_report) + | |
826 | num_channels); | |
827 | if (buf == NULL) | |
828 | return; | |
829 | ||
830 | wpabuf_put_u8(buf, WLAN_ACTION_PUBLIC); | |
831 | wpabuf_put_u8(buf, WLAN_PA_20_40_BSS_COEX); | |
832 | ||
833 | bc_ie = wpabuf_put(buf, sizeof(*bc_ie)); | |
834 | bc_ie->element_id = WLAN_EID_20_40_BSS_COEXISTENCE; | |
835 | bc_ie->length = 1; | |
836 | if (num_intol) | |
837 | bc_ie->coex_param |= WLAN_20_40_BSS_COEX_20MHZ_WIDTH_REQ; | |
838 | ||
839 | if (num_channels > 0) { | |
840 | ic_report = wpabuf_put(buf, sizeof(*ic_report)); | |
841 | ic_report->element_id = WLAN_EID_20_40_BSS_INTOLERANT; | |
842 | ic_report->length = num_channels + 1; | |
843 | ic_report->op_class = 0; | |
844 | os_memcpy(wpabuf_put(buf, num_channels), chan_list, | |
845 | num_channels); | |
846 | } | |
847 | ||
848 | if (wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid, | |
849 | wpa_s->own_addr, wpa_s->bssid, | |
850 | wpabuf_head(buf), wpabuf_len(buf), 0) < 0) { | |
851 | wpa_msg(wpa_s, MSG_INFO, | |
852 | "SME: Failed to send 20/40 BSS Coexistence frame"); | |
853 | } | |
854 | ||
855 | wpabuf_free(buf); | |
856 | } | |
857 | ||
858 | ||
859 | /** | |
860 | * enum wpas_band - Frequency band | |
861 | * @WPAS_BAND_2GHZ: 2.4 GHz ISM band | |
862 | * @WPAS_BAND_5GHZ: around 5 GHz band (4.9 - 5.7 GHz) | |
863 | */ | |
864 | enum wpas_band { | |
865 | WPAS_BAND_2GHZ, | |
866 | WPAS_BAND_5GHZ, | |
867 | WPAS_BAND_INVALID | |
868 | }; | |
869 | ||
870 | /** | |
871 | * freq_to_channel - Convert frequency into channel info | |
872 | * @channel: Buffer for returning channel number | |
873 | * Returns: Band (2 or 5 GHz) | |
874 | */ | |
875 | static enum wpas_band freq_to_channel(int freq, u8 *channel) | |
876 | { | |
877 | enum wpas_band band = (freq <= 2484) ? WPAS_BAND_2GHZ : WPAS_BAND_5GHZ; | |
878 | u8 chan = 0; | |
879 | ||
880 | if (freq >= 2412 && freq <= 2472) | |
881 | chan = (freq - 2407) / 5; | |
882 | else if (freq == 2484) | |
883 | chan = 14; | |
884 | else if (freq >= 5180 && freq <= 5805) | |
885 | chan = (freq - 5000) / 5; | |
886 | ||
887 | *channel = chan; | |
888 | return band; | |
889 | } | |
890 | ||
891 | ||
892 | int sme_proc_obss_scan(struct wpa_supplicant *wpa_s) | |
893 | { | |
894 | struct wpa_bss *bss; | |
895 | const u8 *ie; | |
896 | u16 ht_cap; | |
897 | u8 chan_list[P2P_MAX_CHANNELS], channel; | |
898 | u8 num_channels = 0, num_intol = 0, i; | |
899 | ||
900 | if (!wpa_s->sme.sched_obss_scan) | |
901 | return 0; | |
902 | ||
903 | wpa_s->sme.sched_obss_scan = 0; | |
904 | if (!wpa_s->current_bss || wpa_s->wpa_state != WPA_COMPLETED) | |
905 | return 1; | |
906 | ||
907 | /* | |
908 | * Check whether AP uses regulatory triplet or channel triplet in | |
909 | * country info. Right now the operating class of the BSS channel | |
910 | * width trigger event is "unknown" (IEEE Std 802.11-2012 10.15.12), | |
911 | * based on the assumption that operating class triplet is not used in | |
912 | * beacon frame. If the First Channel Number/Operating Extension | |
913 | * Identifier octet has a positive integer value of 201 or greater, | |
914 | * then its operating class triplet. | |
915 | * | |
916 | * TODO: If Supported Operating Classes element is present in beacon | |
917 | * frame, have to lookup operating class in Annex E and fill them in | |
918 | * 2040 coex frame. | |
919 | */ | |
920 | ie = wpa_bss_get_ie(wpa_s->current_bss, WLAN_EID_COUNTRY); | |
921 | if (ie && (ie[1] >= 6) && (ie[5] >= 201)) | |
922 | return 1; | |
923 | ||
924 | os_memset(chan_list, 0, sizeof(chan_list)); | |
925 | ||
926 | dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { | |
927 | /* Skip other band bss */ | |
928 | if (freq_to_channel(bss->freq, &channel) != WPAS_BAND_2GHZ) | |
929 | continue; | |
930 | ||
931 | ie = wpa_bss_get_ie(bss, WLAN_EID_HT_CAP); | |
932 | ht_cap = (ie && (ie[1] == 26)) ? WPA_GET_LE16(ie + 2) : 0; | |
933 | ||
934 | if (!ht_cap || (ht_cap & HT_CAP_INFO_40MHZ_INTOLERANT)) { | |
935 | /* Check whether the channel is already considered */ | |
936 | for (i = 0; i < num_channels; i++) { | |
937 | if (channel == chan_list[i]) | |
938 | break; | |
939 | } | |
940 | if (i != num_channels) | |
941 | continue; | |
942 | ||
943 | if (ht_cap & HT_CAP_INFO_40MHZ_INTOLERANT) | |
944 | num_intol++; | |
945 | ||
946 | chan_list[num_channels++] = channel; | |
947 | } | |
948 | } | |
949 | ||
950 | sme_send_2040_bss_coex(wpa_s, chan_list, num_channels, num_intol); | |
951 | return 1; | |
952 | } | |
953 | ||
954 | ||
955 | static struct hostapd_hw_modes * get_mode(struct hostapd_hw_modes *modes, | |
956 | u16 num_modes, | |
957 | enum hostapd_hw_mode mode) | |
958 | { | |
959 | u16 i; | |
960 | ||
961 | for (i = 0; i < num_modes; i++) { | |
962 | if (modes[i].mode == mode) | |
963 | return &modes[i]; | |
964 | } | |
965 | ||
966 | return NULL; | |
967 | } | |
968 | ||
969 | ||
970 | static void wpa_setband_scan_freqs_list(struct wpa_supplicant *wpa_s, | |
971 | enum hostapd_hw_mode band, | |
972 | struct wpa_driver_scan_params *params) | |
973 | { | |
974 | /* Include only supported channels for the specified band */ | |
975 | struct hostapd_hw_modes *mode; | |
976 | int count, i; | |
977 | ||
978 | mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes, band); | |
979 | if (mode == NULL) { | |
980 | /* No channels supported in this band - use empty list */ | |
981 | params->freqs = os_zalloc(sizeof(int)); | |
982 | return; | |
983 | } | |
984 | ||
985 | params->freqs = os_calloc(mode->num_channels + 1, sizeof(int)); | |
986 | if (params->freqs == NULL) | |
987 | return; | |
988 | for (count = 0, i = 0; i < mode->num_channels; i++) { | |
989 | if (mode->channels[i].flag & HOSTAPD_CHAN_DISABLED) | |
990 | continue; | |
991 | params->freqs[count++] = mode->channels[i].freq; | |
992 | } | |
993 | } | |
994 | ||
995 | ||
996 | static void sme_obss_scan_timeout(void *eloop_ctx, void *timeout_ctx) | |
997 | { | |
998 | struct wpa_supplicant *wpa_s = eloop_ctx; | |
999 | struct wpa_driver_scan_params params; | |
1000 | ||
1001 | if (!wpa_s->current_bss) { | |
1002 | wpa_printf(MSG_DEBUG, "SME OBSS: Ignore scan request"); | |
1003 | return; | |
1004 | } | |
1005 | ||
1006 | os_memset(¶ms, 0, sizeof(params)); | |
1007 | wpa_setband_scan_freqs_list(wpa_s, HOSTAPD_MODE_IEEE80211G, ¶ms); | |
1008 | wpa_printf(MSG_DEBUG, "SME OBSS: Request an OBSS scan"); | |
1009 | ||
1010 | if (wpa_supplicant_trigger_scan(wpa_s, ¶ms)) | |
1011 | wpa_printf(MSG_DEBUG, "SME OBSS: Failed to trigger scan"); | |
1012 | else | |
1013 | wpa_s->sme.sched_obss_scan = 1; | |
1014 | os_free(params.freqs); | |
1015 | ||
1016 | eloop_register_timeout(wpa_s->sme.obss_scan_int, 0, | |
1017 | sme_obss_scan_timeout, wpa_s, NULL); | |
1018 | } | |
1019 | ||
1020 | ||
1021 | void sme_sched_obss_scan(struct wpa_supplicant *wpa_s, int enable) | |
1022 | { | |
1023 | const u8 *ie; | |
1024 | struct wpa_bss *bss = wpa_s->current_bss; | |
1025 | struct wpa_ssid *ssid = wpa_s->current_ssid; | |
1026 | struct hostapd_hw_modes *hw_mode = NULL; | |
1027 | int i; | |
1028 | ||
1029 | eloop_cancel_timeout(sme_obss_scan_timeout, wpa_s, NULL); | |
1030 | wpa_s->sme.sched_obss_scan = 0; | |
1031 | if (!enable) | |
1032 | return; | |
1033 | ||
1034 | if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) || ssid == NULL || | |
1035 | ssid->mode != IEEE80211_MODE_INFRA) | |
1036 | return; /* Not using station SME in wpa_supplicant */ | |
1037 | ||
1038 | if (!wpa_s->hw.modes) | |
1039 | return; | |
1040 | ||
1041 | /* only HT caps in 11g mode are relevant */ | |
1042 | for (i = 0; i < wpa_s->hw.num_modes; i++) { | |
1043 | hw_mode = &wpa_s->hw.modes[i]; | |
1044 | if (hw_mode->mode == HOSTAPD_MODE_IEEE80211G) | |
1045 | break; | |
1046 | } | |
1047 | ||
1048 | /* Driver does not support HT40 for 11g or doesn't have 11g. */ | |
1049 | if (i == wpa_s->hw.num_modes || !hw_mode || | |
1050 | !(hw_mode->ht_capab & HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) | |
1051 | return; | |
1052 | ||
1053 | if (bss == NULL || bss->freq < 2400 || bss->freq > 2500) | |
1054 | return; /* Not associated on 2.4 GHz band */ | |
1055 | ||
1056 | /* Check whether AP supports HT40 */ | |
1057 | ie = wpa_bss_get_ie(wpa_s->current_bss, WLAN_EID_HT_CAP); | |
1058 | if (!ie || ie[1] < 2 || | |
1059 | !(WPA_GET_LE16(ie + 2) & HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)) | |
1060 | return; /* AP does not support HT40 */ | |
1061 | ||
1062 | ie = wpa_bss_get_ie(wpa_s->current_bss, | |
1063 | WLAN_EID_OVERLAPPING_BSS_SCAN_PARAMS); | |
1064 | if (!ie || ie[1] < 14) | |
1065 | return; /* AP does not request OBSS scans */ | |
1066 | ||
1067 | wpa_s->sme.obss_scan_int = WPA_GET_LE16(ie + 6); | |
1068 | if (wpa_s->sme.obss_scan_int < 10) { | |
1069 | wpa_printf(MSG_DEBUG, "SME: Invalid OBSS Scan Interval %u " | |
1070 | "replaced with the minimum 10 sec", | |
1071 | wpa_s->sme.obss_scan_int); | |
1072 | wpa_s->sme.obss_scan_int = 10; | |
1073 | } | |
1074 | wpa_printf(MSG_DEBUG, "SME: OBSS Scan Interval %u sec", | |
1075 | wpa_s->sme.obss_scan_int); | |
1076 | eloop_register_timeout(wpa_s->sme.obss_scan_int, 0, | |
1077 | sme_obss_scan_timeout, wpa_s, NULL); | |
1078 | } | |
1079 | ||
1080 | ||
1081 | #ifdef CONFIG_IEEE80211W | |
1082 | ||
1083 | static const unsigned int sa_query_max_timeout = 1000; | |
1084 | static const unsigned int sa_query_retry_timeout = 201; | |
1085 | ||
1086 | static int sme_check_sa_query_timeout(struct wpa_supplicant *wpa_s) | |
1087 | { | |
1088 | u32 tu; | |
1089 | struct os_time now, passed; | |
1090 | os_get_time(&now); | |
1091 | os_time_sub(&now, &wpa_s->sme.sa_query_start, &passed); | |
1092 | tu = (passed.sec * 1000000 + passed.usec) / 1024; | |
1093 | if (sa_query_max_timeout < tu) { | |
1094 | wpa_dbg(wpa_s, MSG_DEBUG, "SME: SA Query timed out"); | |
1095 | sme_stop_sa_query(wpa_s); | |
1096 | wpa_supplicant_deauthenticate( | |
1097 | wpa_s, WLAN_REASON_PREV_AUTH_NOT_VALID); | |
1098 | return 1; | |
1099 | } | |
1100 | ||
1101 | return 0; | |
1102 | } | |
1103 | ||
1104 | ||
1105 | static void sme_send_sa_query_req(struct wpa_supplicant *wpa_s, | |
1106 | const u8 *trans_id) | |
1107 | { | |
1108 | u8 req[2 + WLAN_SA_QUERY_TR_ID_LEN]; | |
1109 | wpa_dbg(wpa_s, MSG_DEBUG, "SME: Sending SA Query Request to " | |
1110 | MACSTR, MAC2STR(wpa_s->bssid)); | |
1111 | wpa_hexdump(MSG_DEBUG, "SME: SA Query Transaction ID", | |
1112 | trans_id, WLAN_SA_QUERY_TR_ID_LEN); | |
1113 | req[0] = WLAN_ACTION_SA_QUERY; | |
1114 | req[1] = WLAN_SA_QUERY_REQUEST; | |
1115 | os_memcpy(req + 2, trans_id, WLAN_SA_QUERY_TR_ID_LEN); | |
1116 | if (wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid, | |
1117 | wpa_s->own_addr, wpa_s->bssid, | |
1118 | req, sizeof(req), 0) < 0) | |
1119 | wpa_msg(wpa_s, MSG_INFO, "SME: Failed to send SA Query " | |
1120 | "Request"); | |
1121 | } | |
1122 | ||
1123 | ||
1124 | static void sme_sa_query_timer(void *eloop_ctx, void *timeout_ctx) | |
1125 | { | |
1126 | struct wpa_supplicant *wpa_s = eloop_ctx; | |
1127 | unsigned int timeout, sec, usec; | |
1128 | u8 *trans_id, *nbuf; | |
1129 | ||
1130 | if (wpa_s->sme.sa_query_count > 0 && | |
1131 | sme_check_sa_query_timeout(wpa_s)) | |
1132 | return; | |
1133 | ||
1134 | nbuf = os_realloc_array(wpa_s->sme.sa_query_trans_id, | |
1135 | wpa_s->sme.sa_query_count + 1, | |
1136 | WLAN_SA_QUERY_TR_ID_LEN); | |
1137 | if (nbuf == NULL) | |
1138 | return; | |
1139 | if (wpa_s->sme.sa_query_count == 0) { | |
1140 | /* Starting a new SA Query procedure */ | |
1141 | os_get_time(&wpa_s->sme.sa_query_start); | |
1142 | } | |
1143 | trans_id = nbuf + wpa_s->sme.sa_query_count * WLAN_SA_QUERY_TR_ID_LEN; | |
1144 | wpa_s->sme.sa_query_trans_id = nbuf; | |
1145 | wpa_s->sme.sa_query_count++; | |
1146 | ||
1147 | os_get_random(trans_id, WLAN_SA_QUERY_TR_ID_LEN); | |
1148 | ||
1149 | timeout = sa_query_retry_timeout; | |
1150 | sec = ((timeout / 1000) * 1024) / 1000; | |
1151 | usec = (timeout % 1000) * 1024; | |
1152 | eloop_register_timeout(sec, usec, sme_sa_query_timer, wpa_s, NULL); | |
1153 | ||
1154 | wpa_dbg(wpa_s, MSG_DEBUG, "SME: Association SA Query attempt %d", | |
1155 | wpa_s->sme.sa_query_count); | |
1156 | ||
1157 | sme_send_sa_query_req(wpa_s, trans_id); | |
1158 | } | |
1159 | ||
1160 | ||
1161 | static void sme_start_sa_query(struct wpa_supplicant *wpa_s) | |
1162 | { | |
1163 | sme_sa_query_timer(wpa_s, NULL); | |
1164 | } | |
1165 | ||
1166 | ||
1167 | static void sme_stop_sa_query(struct wpa_supplicant *wpa_s) | |
1168 | { | |
1169 | eloop_cancel_timeout(sme_sa_query_timer, wpa_s, NULL); | |
1170 | os_free(wpa_s->sme.sa_query_trans_id); | |
1171 | wpa_s->sme.sa_query_trans_id = NULL; | |
1172 | wpa_s->sme.sa_query_count = 0; | |
1173 | } | |
1174 | ||
1175 | ||
1176 | void sme_event_unprot_disconnect(struct wpa_supplicant *wpa_s, const u8 *sa, | |
1177 | const u8 *da, u16 reason_code) | |
1178 | { | |
1179 | struct wpa_ssid *ssid; | |
1180 | ||
1181 | if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)) | |
1182 | return; | |
1183 | if (wpa_s->wpa_state != WPA_COMPLETED) | |
1184 | return; | |
1185 | ssid = wpa_s->current_ssid; | |
1186 | if (ssid == NULL || ssid->ieee80211w == 0) | |
1187 | return; | |
1188 | if (os_memcmp(sa, wpa_s->bssid, ETH_ALEN) != 0) | |
1189 | return; | |
1190 | if (reason_code != WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA && | |
1191 | reason_code != WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA) | |
1192 | return; | |
1193 | if (wpa_s->sme.sa_query_count > 0) | |
1194 | return; | |
1195 | ||
1196 | wpa_dbg(wpa_s, MSG_DEBUG, "SME: Unprotected disconnect dropped - " | |
1197 | "possible AP/STA state mismatch - trigger SA Query"); | |
1198 | sme_start_sa_query(wpa_s); | |
1199 | } | |
1200 | ||
1201 | ||
1202 | void sme_sa_query_rx(struct wpa_supplicant *wpa_s, const u8 *sa, | |
1203 | const u8 *data, size_t len) | |
1204 | { | |
1205 | int i; | |
1206 | ||
1207 | if (wpa_s->sme.sa_query_trans_id == NULL || | |
1208 | len < 1 + WLAN_SA_QUERY_TR_ID_LEN || | |
1209 | data[0] != WLAN_SA_QUERY_RESPONSE) | |
1210 | return; | |
1211 | wpa_dbg(wpa_s, MSG_DEBUG, "SME: Received SA Query response from " | |
1212 | MACSTR " (trans_id %02x%02x)", MAC2STR(sa), data[1], data[2]); | |
1213 | ||
1214 | if (os_memcmp(sa, wpa_s->bssid, ETH_ALEN) != 0) | |
1215 | return; | |
1216 | ||
1217 | for (i = 0; i < wpa_s->sme.sa_query_count; i++) { | |
1218 | if (os_memcmp(wpa_s->sme.sa_query_trans_id + | |
1219 | i * WLAN_SA_QUERY_TR_ID_LEN, | |
1220 | data + 1, WLAN_SA_QUERY_TR_ID_LEN) == 0) | |
1221 | break; | |
1222 | } | |
1223 | ||
1224 | if (i >= wpa_s->sme.sa_query_count) { | |
1225 | wpa_dbg(wpa_s, MSG_DEBUG, "SME: No matching SA Query " | |
1226 | "transaction identifier found"); | |
1227 | return; | |
1228 | } | |
1229 | ||
1230 | wpa_dbg(wpa_s, MSG_DEBUG, "SME: Reply to pending SA Query received " | |
1231 | "from " MACSTR, MAC2STR(sa)); | |
1232 | sme_stop_sa_query(wpa_s); | |
1233 | } | |
1234 | ||
1235 | #endif /* CONFIG_IEEE80211W */ |