]> git.ipfire.org Git - thirdparty/hostap.git/blob - src/ap/ieee802_11.c
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
hostapd: Add extended capabilities into STA command
[thirdparty/hostap.git] / src / ap / ieee802_11.c
1 /*
2 * hostapd / IEEE 802.11 Management
3 * Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #ifndef CONFIG_NATIVE_WINDOWS
12
13 #include "utils/common.h"
14 #include "utils/eloop.h"
15 #include "crypto/crypto.h"
16 #include "crypto/sha256.h"
17 #include "crypto/sha384.h"
18 #include "crypto/sha512.h"
19 #include "crypto/random.h"
20 #include "common/ieee802_11_defs.h"
21 #include "common/ieee802_11_common.h"
22 #include "common/wpa_ctrl.h"
23 #include "common/sae.h"
24 #include "radius/radius.h"
25 #include "radius/radius_client.h"
26 #include "p2p/p2p.h"
27 #include "wps/wps.h"
28 #include "fst/fst.h"
29 #include "hostapd.h"
30 #include "beacon.h"
31 #include "ieee802_11_auth.h"
32 #include "sta_info.h"
33 #include "ieee802_1x.h"
34 #include "wpa_auth.h"
35 #include "pmksa_cache_auth.h"
36 #include "wmm.h"
37 #include "ap_list.h"
38 #include "accounting.h"
39 #include "ap_config.h"
40 #include "ap_mlme.h"
41 #include "p2p_hostapd.h"
42 #include "ap_drv_ops.h"
43 #include "wnm_ap.h"
44 #include "hw_features.h"
45 #include "ieee802_11.h"
46 #include "dfs.h"
47 #include "mbo_ap.h"
48 #include "rrm.h"
49 #include "taxonomy.h"
50 #include "fils_hlp.h"
51 #include "dpp_hostapd.h"
52 #include "gas_query_ap.h"
53
54
55 #ifdef CONFIG_FILS
56 static struct wpabuf *
57 prepare_auth_resp_fils(struct hostapd_data *hapd,
58 struct sta_info *sta, u16 *resp,
59 struct rsn_pmksa_cache_entry *pmksa,
60 struct wpabuf *erp_resp,
61 const u8 *msk, size_t msk_len,
62 int *is_pub);
63 #endif /* CONFIG_FILS */
64
65 u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid)
66 {
67 u8 *pos = eid;
68 int i, num, count;
69
70 if (hapd->iface->current_rates == NULL)
71 return eid;
72
73 *pos++ = WLAN_EID_SUPP_RATES;
74 num = hapd->iface->num_rates;
75 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht)
76 num++;
77 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht)
78 num++;
79 if (num > 8) {
80 /* rest of the rates are encoded in Extended supported
81 * rates element */
82 num = 8;
83 }
84
85 *pos++ = num;
86 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num;
87 i++) {
88 count++;
89 *pos = hapd->iface->current_rates[i].rate / 5;
90 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC)
91 *pos |= 0x80;
92 pos++;
93 }
94
95 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht && count < 8) {
96 count++;
97 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY;
98 }
99
100 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht && count < 8) {
101 count++;
102 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY;
103 }
104
105 return pos;
106 }
107
108
109 u8 * hostapd_eid_ext_supp_rates(struct hostapd_data *hapd, u8 *eid)
110 {
111 u8 *pos = eid;
112 int i, num, count;
113
114 if (hapd->iface->current_rates == NULL)
115 return eid;
116
117 num = hapd->iface->num_rates;
118 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht)
119 num++;
120 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht)
121 num++;
122 if (num <= 8)
123 return eid;
124 num -= 8;
125
126 *pos++ = WLAN_EID_EXT_SUPP_RATES;
127 *pos++ = num;
128 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num + 8;
129 i++) {
130 count++;
131 if (count <= 8)
132 continue; /* already in SuppRates IE */
133 *pos = hapd->iface->current_rates[i].rate / 5;
134 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC)
135 *pos |= 0x80;
136 pos++;
137 }
138
139 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) {
140 count++;
141 if (count > 8)
142 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY;
143 }
144
145 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) {
146 count++;
147 if (count > 8)
148 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY;
149 }
150
151 return pos;
152 }
153
154
155 u16 hostapd_own_capab_info(struct hostapd_data *hapd)
156 {
157 int capab = WLAN_CAPABILITY_ESS;
158 int privacy;
159 int dfs;
160 int i;
161
162 /* Check if any of configured channels require DFS */
163 dfs = hostapd_is_dfs_required(hapd->iface);
164 if (dfs < 0) {
165 wpa_printf(MSG_WARNING, "Failed to check if DFS is required; ret=%d",
166 dfs);
167 dfs = 0;
168 }
169
170 if (hapd->iface->num_sta_no_short_preamble == 0 &&
171 hapd->iconf->preamble == SHORT_PREAMBLE)
172 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
173
174 privacy = hapd->conf->ssid.wep.keys_set;
175
176 if (hapd->conf->ieee802_1x &&
177 (hapd->conf->default_wep_key_len ||
178 hapd->conf->individual_wep_key_len))
179 privacy = 1;
180
181 if (hapd->conf->wpa)
182 privacy = 1;
183
184 #ifdef CONFIG_HS20
185 if (hapd->conf->osen)
186 privacy = 1;
187 #endif /* CONFIG_HS20 */
188
189 if (privacy)
190 capab |= WLAN_CAPABILITY_PRIVACY;
191
192 if (hapd->iface->current_mode &&
193 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G &&
194 hapd->iface->num_sta_no_short_slot_time == 0)
195 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
196
197 /*
198 * Currently, Spectrum Management capability bit is set when directly
199 * requested in configuration by spectrum_mgmt_required or when AP is
200 * running on DFS channel.
201 * TODO: Also consider driver support for TPC to set Spectrum Mgmt bit
202 */
203 if (hapd->iface->current_mode &&
204 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211A &&
205 (hapd->iconf->spectrum_mgmt_required || dfs))
206 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
207
208 for (i = 0; i < RRM_CAPABILITIES_IE_LEN; i++) {
209 if (hapd->conf->radio_measurements[i]) {
210 capab |= IEEE80211_CAP_RRM;
211 break;
212 }
213 }
214
215 return capab;
216 }
217
218
219 #ifndef CONFIG_NO_RC4
220 static u16 auth_shared_key(struct hostapd_data *hapd, struct sta_info *sta,
221 u16 auth_transaction, const u8 *challenge,
222 int iswep)
223 {
224 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
225 HOSTAPD_LEVEL_DEBUG,
226 "authentication (shared key, transaction %d)",
227 auth_transaction);
228
229 if (auth_transaction == 1) {
230 if (!sta->challenge) {
231 /* Generate a pseudo-random challenge */
232 u8 key[8];
233
234 sta->challenge = os_zalloc(WLAN_AUTH_CHALLENGE_LEN);
235 if (sta->challenge == NULL)
236 return WLAN_STATUS_UNSPECIFIED_FAILURE;
237
238 if (os_get_random(key, sizeof(key)) < 0) {
239 os_free(sta->challenge);
240 sta->challenge = NULL;
241 return WLAN_STATUS_UNSPECIFIED_FAILURE;
242 }
243
244 rc4_skip(key, sizeof(key), 0,
245 sta->challenge, WLAN_AUTH_CHALLENGE_LEN);
246 }
247 return 0;
248 }
249
250 if (auth_transaction != 3)
251 return WLAN_STATUS_UNSPECIFIED_FAILURE;
252
253 /* Transaction 3 */
254 if (!iswep || !sta->challenge || !challenge ||
255 os_memcmp_const(sta->challenge, challenge,
256 WLAN_AUTH_CHALLENGE_LEN)) {
257 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
258 HOSTAPD_LEVEL_INFO,
259 "shared key authentication - invalid "
260 "challenge-response");
261 return WLAN_STATUS_CHALLENGE_FAIL;
262 }
263
264 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
265 HOSTAPD_LEVEL_DEBUG,
266 "authentication OK (shared key)");
267 sta->flags |= WLAN_STA_AUTH;
268 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
269 os_free(sta->challenge);
270 sta->challenge = NULL;
271
272 return 0;
273 }
274 #endif /* CONFIG_NO_RC4 */
275
276
277 static int send_auth_reply(struct hostapd_data *hapd,
278 const u8 *dst, const u8 *bssid,
279 u16 auth_alg, u16 auth_transaction, u16 resp,
280 const u8 *ies, size_t ies_len)
281 {
282 struct ieee80211_mgmt *reply;
283 u8 *buf;
284 size_t rlen;
285 int reply_res = WLAN_STATUS_UNSPECIFIED_FAILURE;
286
287 rlen = IEEE80211_HDRLEN + sizeof(reply->u.auth) + ies_len;
288 buf = os_zalloc(rlen);
289 if (buf == NULL)
290 return -1;
291
292 reply = (struct ieee80211_mgmt *) buf;
293 reply->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
294 WLAN_FC_STYPE_AUTH);
295 os_memcpy(reply->da, dst, ETH_ALEN);
296 os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN);
297 os_memcpy(reply->bssid, bssid, ETH_ALEN);
298
299 reply->u.auth.auth_alg = host_to_le16(auth_alg);
300 reply->u.auth.auth_transaction = host_to_le16(auth_transaction);
301 reply->u.auth.status_code = host_to_le16(resp);
302
303 if (ies && ies_len)
304 os_memcpy(reply->u.auth.variable, ies, ies_len);
305
306 wpa_printf(MSG_DEBUG, "authentication reply: STA=" MACSTR
307 " auth_alg=%d auth_transaction=%d resp=%d (IE len=%lu)",
308 MAC2STR(dst), auth_alg, auth_transaction,
309 resp, (unsigned long) ies_len);
310 if (hostapd_drv_send_mlme(hapd, reply, rlen, 0) < 0)
311 wpa_printf(MSG_INFO, "send_auth_reply: send failed");
312 else
313 reply_res = WLAN_STATUS_SUCCESS;
314
315 os_free(buf);
316
317 return reply_res;
318 }
319
320
321 #ifdef CONFIG_IEEE80211R_AP
322 static void handle_auth_ft_finish(void *ctx, const u8 *dst, const u8 *bssid,
323 u16 auth_transaction, u16 status,
324 const u8 *ies, size_t ies_len)
325 {
326 struct hostapd_data *hapd = ctx;
327 struct sta_info *sta;
328 int reply_res;
329
330 reply_res = send_auth_reply(hapd, dst, bssid, WLAN_AUTH_FT,
331 auth_transaction, status, ies, ies_len);
332
333 sta = ap_get_sta(hapd, dst);
334 if (sta == NULL)
335 return;
336
337 if (sta->added_unassoc && (reply_res != WLAN_STATUS_SUCCESS ||
338 status != WLAN_STATUS_SUCCESS)) {
339 hostapd_drv_sta_remove(hapd, sta->addr);
340 sta->added_unassoc = 0;
341 return;
342 }
343
344 if (status != WLAN_STATUS_SUCCESS)
345 return;
346
347 hostapd_logger(hapd, dst, HOSTAPD_MODULE_IEEE80211,
348 HOSTAPD_LEVEL_DEBUG, "authentication OK (FT)");
349 sta->flags |= WLAN_STA_AUTH;
350 mlme_authenticate_indication(hapd, sta);
351 }
352 #endif /* CONFIG_IEEE80211R_AP */
353
354
355 #ifdef CONFIG_SAE
356
357 #define dot11RSNASAESync 5 /* attempts */
358
359
360 static struct wpabuf * auth_build_sae_commit(struct hostapd_data *hapd,
361 struct sta_info *sta, int update)
362 {
363 struct wpabuf *buf;
364 const char *password;
365
366 password = hapd->conf->sae_password;
367 if (!password)
368 password = hapd->conf->ssid.wpa_passphrase;
369 if (!password) {
370 wpa_printf(MSG_DEBUG, "SAE: No password available");
371 return NULL;
372 }
373
374 if (update &&
375 sae_prepare_commit(hapd->own_addr, sta->addr,
376 (u8 *) password, os_strlen(password),
377 sta->sae) < 0) {
378 wpa_printf(MSG_DEBUG, "SAE: Could not pick PWE");
379 return NULL;
380 }
381
382 buf = wpabuf_alloc(SAE_COMMIT_MAX_LEN);
383 if (buf == NULL)
384 return NULL;
385 sae_write_commit(sta->sae, buf, sta->sae->tmp ?
386 sta->sae->tmp->anti_clogging_token : NULL);
387
388 return buf;
389 }
390
391
392 static struct wpabuf * auth_build_sae_confirm(struct hostapd_data *hapd,
393 struct sta_info *sta)
394 {
395 struct wpabuf *buf;
396
397 buf = wpabuf_alloc(SAE_CONFIRM_MAX_LEN);
398 if (buf == NULL)
399 return NULL;
400
401 sae_write_confirm(sta->sae, buf);
402
403 return buf;
404 }
405
406
407 static int auth_sae_send_commit(struct hostapd_data *hapd,
408 struct sta_info *sta,
409 const u8 *bssid, int update)
410 {
411 struct wpabuf *data;
412 int reply_res;
413
414 data = auth_build_sae_commit(hapd, sta, update);
415 if (data == NULL)
416 return WLAN_STATUS_UNSPECIFIED_FAILURE;
417
418 reply_res = send_auth_reply(hapd, sta->addr, bssid, WLAN_AUTH_SAE, 1,
419 WLAN_STATUS_SUCCESS, wpabuf_head(data),
420 wpabuf_len(data));
421
422 wpabuf_free(data);
423
424 return reply_res;
425 }
426
427
428 static int auth_sae_send_confirm(struct hostapd_data *hapd,
429 struct sta_info *sta,
430 const u8 *bssid)
431 {
432 struct wpabuf *data;
433 int reply_res;
434
435 data = auth_build_sae_confirm(hapd, sta);
436 if (data == NULL)
437 return WLAN_STATUS_UNSPECIFIED_FAILURE;
438
439 reply_res = send_auth_reply(hapd, sta->addr, bssid, WLAN_AUTH_SAE, 2,
440 WLAN_STATUS_SUCCESS, wpabuf_head(data),
441 wpabuf_len(data));
442
443 wpabuf_free(data);
444
445 return reply_res;
446 }
447
448
449 static int use_sae_anti_clogging(struct hostapd_data *hapd)
450 {
451 struct sta_info *sta;
452 unsigned int open = 0;
453
454 if (hapd->conf->sae_anti_clogging_threshold == 0)
455 return 1;
456
457 for (sta = hapd->sta_list; sta; sta = sta->next) {
458 if (!sta->sae)
459 continue;
460 if (sta->sae->state != SAE_COMMITTED &&
461 sta->sae->state != SAE_CONFIRMED)
462 continue;
463 open++;
464 if (open >= hapd->conf->sae_anti_clogging_threshold)
465 return 1;
466 }
467
468 return 0;
469 }
470
471
472 static int check_sae_token(struct hostapd_data *hapd, const u8 *addr,
473 const u8 *token, size_t token_len)
474 {
475 u8 mac[SHA256_MAC_LEN];
476
477 if (token_len != SHA256_MAC_LEN)
478 return -1;
479 if (hmac_sha256(hapd->sae_token_key, sizeof(hapd->sae_token_key),
480 addr, ETH_ALEN, mac) < 0 ||
481 os_memcmp_const(token, mac, SHA256_MAC_LEN) != 0)
482 return -1;
483
484 return 0;
485 }
486
487
488 static struct wpabuf * auth_build_token_req(struct hostapd_data *hapd,
489 int group, const u8 *addr)
490 {
491 struct wpabuf *buf;
492 u8 *token;
493 struct os_reltime now;
494
495 os_get_reltime(&now);
496 if (!os_reltime_initialized(&hapd->last_sae_token_key_update) ||
497 os_reltime_expired(&now, &hapd->last_sae_token_key_update, 60)) {
498 if (random_get_bytes(hapd->sae_token_key,
499 sizeof(hapd->sae_token_key)) < 0)
500 return NULL;
501 wpa_hexdump(MSG_DEBUG, "SAE: Updated token key",
502 hapd->sae_token_key, sizeof(hapd->sae_token_key));
503 hapd->last_sae_token_key_update = now;
504 }
505
506 buf = wpabuf_alloc(sizeof(le16) + SHA256_MAC_LEN);
507 if (buf == NULL)
508 return NULL;
509
510 wpabuf_put_le16(buf, group); /* Finite Cyclic Group */
511
512 token = wpabuf_put(buf, SHA256_MAC_LEN);
513 hmac_sha256(hapd->sae_token_key, sizeof(hapd->sae_token_key),
514 addr, ETH_ALEN, token);
515
516 return buf;
517 }
518
519
520 static int sae_check_big_sync(struct sta_info *sta)
521 {
522 if (sta->sae->sync > dot11RSNASAESync) {
523 sta->sae->state = SAE_NOTHING;
524 sta->sae->sync = 0;
525 return -1;
526 }
527 return 0;
528 }
529
530
531 static void auth_sae_retransmit_timer(void *eloop_ctx, void *eloop_data)
532 {
533 struct hostapd_data *hapd = eloop_ctx;
534 struct sta_info *sta = eloop_data;
535 int ret;
536
537 if (sae_check_big_sync(sta))
538 return;
539 sta->sae->sync++;
540 wpa_printf(MSG_DEBUG, "SAE: Auth SAE retransmit timer for " MACSTR
541 " (sync=%d state=%d)",
542 MAC2STR(sta->addr), sta->sae->sync, sta->sae->state);
543
544 switch (sta->sae->state) {
545 case SAE_COMMITTED:
546 ret = auth_sae_send_commit(hapd, sta, hapd->own_addr, 0);
547 eloop_register_timeout(0,
548 hapd->dot11RSNASAERetransPeriod * 1000,
549 auth_sae_retransmit_timer, hapd, sta);
550 break;
551 case SAE_CONFIRMED:
552 ret = auth_sae_send_confirm(hapd, sta, hapd->own_addr);
553 eloop_register_timeout(0,
554 hapd->dot11RSNASAERetransPeriod * 1000,
555 auth_sae_retransmit_timer, hapd, sta);
556 break;
557 default:
558 ret = -1;
559 break;
560 }
561
562 if (ret != WLAN_STATUS_SUCCESS)
563 wpa_printf(MSG_INFO, "SAE: Failed to retransmit: ret=%d", ret);
564 }
565
566
567 void sae_clear_retransmit_timer(struct hostapd_data *hapd, struct sta_info *sta)
568 {
569 eloop_cancel_timeout(auth_sae_retransmit_timer, hapd, sta);
570 }
571
572
573 static void sae_set_retransmit_timer(struct hostapd_data *hapd,
574 struct sta_info *sta)
575 {
576 if (!(hapd->conf->mesh & MESH_ENABLED))
577 return;
578
579 eloop_cancel_timeout(auth_sae_retransmit_timer, hapd, sta);
580 eloop_register_timeout(0, hapd->dot11RSNASAERetransPeriod * 1000,
581 auth_sae_retransmit_timer, hapd, sta);
582 }
583
584
585 void sae_accept_sta(struct hostapd_data *hapd, struct sta_info *sta)
586 {
587 sta->flags |= WLAN_STA_AUTH;
588 sta->auth_alg = WLAN_AUTH_SAE;
589 mlme_authenticate_indication(hapd, sta);
590 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
591 sta->sae->state = SAE_ACCEPTED;
592 wpa_auth_pmksa_add_sae(hapd->wpa_auth, sta->addr,
593 sta->sae->pmk, sta->sae->pmkid);
594 }
595
596
597 static int sae_sm_step(struct hostapd_data *hapd, struct sta_info *sta,
598 const u8 *bssid, u8 auth_transaction)
599 {
600 int ret;
601
602 if (auth_transaction != 1 && auth_transaction != 2)
603 return WLAN_STATUS_UNSPECIFIED_FAILURE;
604
605 switch (sta->sae->state) {
606 case SAE_NOTHING:
607 if (auth_transaction == 1) {
608 ret = auth_sae_send_commit(hapd, sta, bssid, 1);
609 if (ret)
610 return ret;
611 sta->sae->state = SAE_COMMITTED;
612
613 if (sae_process_commit(sta->sae) < 0)
614 return WLAN_STATUS_UNSPECIFIED_FAILURE;
615
616 /*
617 * In mesh case, both Commit and Confirm can be sent
618 * immediately. In infrastructure BSS, only a single
619 * Authentication frame (Commit) is expected from the AP
620 * here and the second one (Confirm) will be sent once
621 * the STA has sent its second Authentication frame
622 * (Confirm).
623 */
624 if (hapd->conf->mesh & MESH_ENABLED) {
625 /*
626 * Send both Commit and Confirm immediately
627 * based on SAE finite state machine
628 * Nothing -> Confirm transition.
629 */
630 ret = auth_sae_send_confirm(hapd, sta, bssid);
631 if (ret)
632 return ret;
633 sta->sae->state = SAE_CONFIRMED;
634 } else {
635 /*
636 * For infrastructure BSS, send only the Commit
637 * message now to get alternating sequence of
638 * Authentication frames between the AP and STA.
639 * Confirm will be sent in
640 * Committed -> Confirmed/Accepted transition
641 * when receiving Confirm from STA.
642 */
643 }
644 sta->sae->sync = 0;
645 sae_set_retransmit_timer(hapd, sta);
646 } else {
647 hostapd_logger(hapd, sta->addr,
648 HOSTAPD_MODULE_IEEE80211,
649 HOSTAPD_LEVEL_DEBUG,
650 "SAE confirm before commit");
651 }
652 break;
653 case SAE_COMMITTED:
654 sae_clear_retransmit_timer(hapd, sta);
655 if (auth_transaction == 1) {
656 if (sae_process_commit(sta->sae) < 0)
657 return WLAN_STATUS_UNSPECIFIED_FAILURE;
658
659 ret = auth_sae_send_confirm(hapd, sta, bssid);
660 if (ret)
661 return ret;
662 sta->sae->state = SAE_CONFIRMED;
663 sta->sae->sync = 0;
664 sae_set_retransmit_timer(hapd, sta);
665 } else if (hapd->conf->mesh & MESH_ENABLED) {
666 /*
667 * In mesh case, follow SAE finite state machine and
668 * send Commit now, if sync count allows.
669 */
670 if (sae_check_big_sync(sta))
671 return WLAN_STATUS_SUCCESS;
672 sta->sae->sync++;
673
674 ret = auth_sae_send_commit(hapd, sta, bssid, 0);
675 if (ret)
676 return ret;
677
678 sae_set_retransmit_timer(hapd, sta);
679 } else {
680 /*
681 * For instructure BSS, send the postponed Confirm from
682 * Nothing -> Confirmed transition that was reduced to
683 * Nothing -> Committed above.
684 */
685 ret = auth_sae_send_confirm(hapd, sta, bssid);
686 if (ret)
687 return ret;
688
689 sta->sae->state = SAE_CONFIRMED;
690
691 /*
692 * Since this was triggered on Confirm RX, run another
693 * step to get to Accepted without waiting for
694 * additional events.
695 */
696 return sae_sm_step(hapd, sta, bssid, auth_transaction);
697 }
698 break;
699 case SAE_CONFIRMED:
700 sae_clear_retransmit_timer(hapd, sta);
701 if (auth_transaction == 1) {
702 if (sae_check_big_sync(sta))
703 return WLAN_STATUS_SUCCESS;
704 sta->sae->sync++;
705
706 ret = auth_sae_send_commit(hapd, sta, bssid, 1);
707 if (ret)
708 return ret;
709
710 if (sae_process_commit(sta->sae) < 0)
711 return WLAN_STATUS_UNSPECIFIED_FAILURE;
712
713 ret = auth_sae_send_confirm(hapd, sta, bssid);
714 if (ret)
715 return ret;
716
717 sae_set_retransmit_timer(hapd, sta);
718 } else {
719 sae_accept_sta(hapd, sta);
720 }
721 break;
722 case SAE_ACCEPTED:
723 if (auth_transaction == 1) {
724 wpa_printf(MSG_DEBUG, "SAE: remove the STA (" MACSTR
725 ") doing reauthentication",
726 MAC2STR(sta->addr));
727 ap_free_sta(hapd, sta);
728 wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr);
729 } else {
730 if (sae_check_big_sync(sta))
731 return WLAN_STATUS_SUCCESS;
732 sta->sae->sync++;
733
734 ret = auth_sae_send_confirm(hapd, sta, bssid);
735 sae_clear_temp_data(sta->sae);
736 if (ret)
737 return ret;
738 }
739 break;
740 default:
741 wpa_printf(MSG_ERROR, "SAE: invalid state %d",
742 sta->sae->state);
743 return WLAN_STATUS_UNSPECIFIED_FAILURE;
744 }
745 return WLAN_STATUS_SUCCESS;
746 }
747
748
749 static void sae_pick_next_group(struct hostapd_data *hapd, struct sta_info *sta)
750 {
751 struct sae_data *sae = sta->sae;
752 int i, *groups = hapd->conf->sae_groups;
753
754 if (sae->state != SAE_COMMITTED)
755 return;
756
757 wpa_printf(MSG_DEBUG, "SAE: Previously selected group: %d", sae->group);
758
759 for (i = 0; groups && groups[i] > 0; i++) {
760 if (sae->group == groups[i])
761 break;
762 }
763
764 if (!groups || groups[i] <= 0) {
765 wpa_printf(MSG_DEBUG,
766 "SAE: Previously selected group not found from the current configuration");
767 return;
768 }
769
770 for (;;) {
771 i++;
772 if (groups[i] <= 0) {
773 wpa_printf(MSG_DEBUG,
774 "SAE: No alternative group enabled");
775 return;
776 }
777
778 if (sae_set_group(sae, groups[i]) < 0)
779 continue;
780
781 break;
782 }
783 wpa_printf(MSG_DEBUG, "SAE: Selected new group: %d", groups[i]);
784 }
785
786
787 static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
788 const struct ieee80211_mgmt *mgmt, size_t len,
789 u16 auth_transaction, u16 status_code)
790 {
791 int resp = WLAN_STATUS_SUCCESS;
792 struct wpabuf *data = NULL;
793
794 #ifdef CONFIG_TESTING_OPTIONS
795 if (hapd->conf->sae_reflection_attack && auth_transaction == 1) {
796 const u8 *pos, *end;
797
798 wpa_printf(MSG_DEBUG, "SAE: TESTING - reflection attack");
799 pos = mgmt->u.auth.variable;
800 end = ((const u8 *) mgmt) + len;
801 send_auth_reply(hapd, mgmt->sa, mgmt->bssid, WLAN_AUTH_SAE,
802 auth_transaction, resp, pos, end - pos);
803 goto remove_sta;
804 }
805
806 if (hapd->conf->sae_commit_override && auth_transaction == 1) {
807 wpa_printf(MSG_DEBUG, "SAE: TESTING - commit override");
808 send_auth_reply(hapd, mgmt->sa, mgmt->bssid, WLAN_AUTH_SAE,
809 auth_transaction, resp,
810 wpabuf_head(hapd->conf->sae_commit_override),
811 wpabuf_len(hapd->conf->sae_commit_override));
812 goto remove_sta;
813 }
814 #endif /* CONFIG_TESTING_OPTIONS */
815 if (!sta->sae) {
816 if (auth_transaction != 1 ||
817 status_code != WLAN_STATUS_SUCCESS) {
818 resp = -1;
819 goto remove_sta;
820 }
821 sta->sae = os_zalloc(sizeof(*sta->sae));
822 if (!sta->sae) {
823 resp = -1;
824 goto remove_sta;
825 }
826 sta->sae->state = SAE_NOTHING;
827 sta->sae->sync = 0;
828 }
829
830 if (sta->mesh_sae_pmksa_caching) {
831 wpa_printf(MSG_DEBUG,
832 "SAE: Cancel use of mesh PMKSA caching because peer starts SAE authentication");
833 wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr);
834 sta->mesh_sae_pmksa_caching = 0;
835 }
836
837 if (auth_transaction == 1) {
838 const u8 *token = NULL, *pos, *end;
839 size_t token_len = 0;
840 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
841 HOSTAPD_LEVEL_DEBUG,
842 "start SAE authentication (RX commit, status=%u)",
843 status_code);
844
845 if ((hapd->conf->mesh & MESH_ENABLED) &&
846 status_code == WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ &&
847 sta->sae->tmp) {
848 pos = mgmt->u.auth.variable;
849 end = ((const u8 *) mgmt) + len;
850 if (pos + sizeof(le16) > end) {
851 wpa_printf(MSG_ERROR,
852 "SAE: Too short anti-clogging token request");
853 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
854 goto reply;
855 }
856 resp = sae_group_allowed(sta->sae,
857 hapd->conf->sae_groups,
858 WPA_GET_LE16(pos));
859 if (resp != WLAN_STATUS_SUCCESS) {
860 wpa_printf(MSG_ERROR,
861 "SAE: Invalid group in anti-clogging token request");
862 goto reply;
863 }
864 pos += sizeof(le16);
865
866 wpabuf_free(sta->sae->tmp->anti_clogging_token);
867 sta->sae->tmp->anti_clogging_token =
868 wpabuf_alloc_copy(pos, end - pos);
869 if (sta->sae->tmp->anti_clogging_token == NULL) {
870 wpa_printf(MSG_ERROR,
871 "SAE: Failed to alloc for anti-clogging token");
872 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
873 goto remove_sta;
874 }
875
876 /*
877 * IEEE Std 802.11-2012, 11.3.8.6.4: If the Status code
878 * is 76, a new Commit Message shall be constructed
879 * with the Anti-Clogging Token from the received
880 * Authentication frame, and the commit-scalar and
881 * COMMIT-ELEMENT previously sent.
882 */
883 resp = auth_sae_send_commit(hapd, sta, mgmt->bssid, 0);
884 if (resp != WLAN_STATUS_SUCCESS) {
885 wpa_printf(MSG_ERROR,
886 "SAE: Failed to send commit message");
887 goto remove_sta;
888 }
889 sta->sae->state = SAE_COMMITTED;
890 sta->sae->sync = 0;
891 sae_set_retransmit_timer(hapd, sta);
892 return;
893 }
894
895 if ((hapd->conf->mesh & MESH_ENABLED) &&
896 status_code ==
897 WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED &&
898 sta->sae->tmp) {
899 wpa_printf(MSG_DEBUG,
900 "SAE: Peer did not accept our SAE group");
901 sae_pick_next_group(hapd, sta);
902 goto remove_sta;
903 }
904
905 if (status_code != WLAN_STATUS_SUCCESS)
906 goto remove_sta;
907
908 resp = sae_parse_commit(sta->sae, mgmt->u.auth.variable,
909 ((const u8 *) mgmt) + len -
910 mgmt->u.auth.variable, &token,
911 &token_len, hapd->conf->sae_groups);
912 if (resp == SAE_SILENTLY_DISCARD) {
913 wpa_printf(MSG_DEBUG,
914 "SAE: Drop commit message from " MACSTR " due to reflection attack",
915 MAC2STR(sta->addr));
916 goto remove_sta;
917 }
918 if (token && check_sae_token(hapd, sta->addr, token, token_len)
919 < 0) {
920 wpa_printf(MSG_DEBUG, "SAE: Drop commit message with "
921 "incorrect token from " MACSTR,
922 MAC2STR(sta->addr));
923 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
924 goto remove_sta;
925 }
926
927 if (resp != WLAN_STATUS_SUCCESS)
928 goto reply;
929
930 if (!token && use_sae_anti_clogging(hapd)) {
931 wpa_printf(MSG_DEBUG,
932 "SAE: Request anti-clogging token from "
933 MACSTR, MAC2STR(sta->addr));
934 data = auth_build_token_req(hapd, sta->sae->group,
935 sta->addr);
936 resp = WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ;
937 if (hapd->conf->mesh & MESH_ENABLED)
938 sta->sae->state = SAE_NOTHING;
939 goto reply;
940 }
941
942 resp = sae_sm_step(hapd, sta, mgmt->bssid, auth_transaction);
943 } else if (auth_transaction == 2) {
944 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
945 HOSTAPD_LEVEL_DEBUG,
946 "SAE authentication (RX confirm, status=%u)",
947 status_code);
948 if (status_code != WLAN_STATUS_SUCCESS)
949 goto remove_sta;
950 if (sta->sae->state >= SAE_CONFIRMED ||
951 !(hapd->conf->mesh & MESH_ENABLED)) {
952 if (sae_check_confirm(sta->sae, mgmt->u.auth.variable,
953 ((u8 *) mgmt) + len -
954 mgmt->u.auth.variable) < 0) {
955 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
956 goto reply;
957 }
958 }
959 resp = sae_sm_step(hapd, sta, mgmt->bssid, auth_transaction);
960 } else {
961 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
962 HOSTAPD_LEVEL_DEBUG,
963 "unexpected SAE authentication transaction %u (status=%u)",
964 auth_transaction, status_code);
965 if (status_code != WLAN_STATUS_SUCCESS)
966 goto remove_sta;
967 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION;
968 }
969
970 reply:
971 if (resp != WLAN_STATUS_SUCCESS) {
972 send_auth_reply(hapd, mgmt->sa, mgmt->bssid, WLAN_AUTH_SAE,
973 auth_transaction, resp,
974 data ? wpabuf_head(data) : (u8 *) "",
975 data ? wpabuf_len(data) : 0);
976 }
977
978 remove_sta:
979 if (sta->added_unassoc && (resp != WLAN_STATUS_SUCCESS ||
980 status_code != WLAN_STATUS_SUCCESS)) {
981 hostapd_drv_sta_remove(hapd, sta->addr);
982 sta->added_unassoc = 0;
983 }
984 wpabuf_free(data);
985 }
986
987
988 /**
989 * auth_sae_init_committed - Send COMMIT and start SAE in committed state
990 * @hapd: BSS data for the device initiating the authentication
991 * @sta: the peer to which commit authentication frame is sent
992 *
993 * This function implements Init event handling (IEEE Std 802.11-2012,
994 * 11.3.8.6.3) in which initial COMMIT message is sent. Prior to calling, the
995 * sta->sae structure should be initialized appropriately via a call to
996 * sae_prepare_commit().
997 */
998 int auth_sae_init_committed(struct hostapd_data *hapd, struct sta_info *sta)
999 {
1000 int ret;
1001
1002 if (!sta->sae || !sta->sae->tmp)
1003 return -1;
1004
1005 if (sta->sae->state != SAE_NOTHING)
1006 return -1;
1007
1008 ret = auth_sae_send_commit(hapd, sta, hapd->own_addr, 0);
1009 if (ret)
1010 return -1;
1011
1012 sta->sae->state = SAE_COMMITTED;
1013 sta->sae->sync = 0;
1014 sae_set_retransmit_timer(hapd, sta);
1015
1016 return 0;
1017 }
1018
1019 #endif /* CONFIG_SAE */
1020
1021
1022 static u16 wpa_res_to_status_code(int res)
1023 {
1024 if (res == WPA_INVALID_GROUP)
1025 return WLAN_STATUS_GROUP_CIPHER_NOT_VALID;
1026 if (res == WPA_INVALID_PAIRWISE)
1027 return WLAN_STATUS_PAIRWISE_CIPHER_NOT_VALID;
1028 if (res == WPA_INVALID_AKMP)
1029 return WLAN_STATUS_AKMP_NOT_VALID;
1030 if (res == WPA_ALLOC_FAIL)
1031 return WLAN_STATUS_UNSPECIFIED_FAILURE;
1032 #ifdef CONFIG_IEEE80211W
1033 if (res == WPA_MGMT_FRAME_PROTECTION_VIOLATION)
1034 return WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION;
1035 if (res == WPA_INVALID_MGMT_GROUP_CIPHER)
1036 return WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION;
1037 #endif /* CONFIG_IEEE80211W */
1038 if (res == WPA_INVALID_MDIE)
1039 return WLAN_STATUS_INVALID_MDIE;
1040 if (res == WPA_INVALID_PMKID)
1041 return WLAN_STATUS_INVALID_PMKID;
1042 if (res != WPA_IE_OK)
1043 return WLAN_STATUS_INVALID_IE;
1044 return WLAN_STATUS_SUCCESS;
1045 }
1046
1047
1048 #ifdef CONFIG_FILS
1049
1050 static void handle_auth_fils_finish(struct hostapd_data *hapd,
1051 struct sta_info *sta, u16 resp,
1052 struct wpabuf *data, int pub);
1053
1054 void handle_auth_fils(struct hostapd_data *hapd, struct sta_info *sta,
1055 const u8 *pos, size_t len, u16 auth_alg,
1056 u16 auth_transaction, u16 status_code,
1057 void (*cb)(struct hostapd_data *hapd,
1058 struct sta_info *sta, u16 resp,
1059 struct wpabuf *data, int pub))
1060 {
1061 u16 resp = WLAN_STATUS_SUCCESS;
1062 const u8 *end;
1063 struct ieee802_11_elems elems;
1064 int res;
1065 struct wpa_ie_data rsn;
1066 struct rsn_pmksa_cache_entry *pmksa = NULL;
1067
1068 if (auth_transaction != 1 || status_code != WLAN_STATUS_SUCCESS)
1069 return;
1070
1071 end = pos + len;
1072
1073 wpa_hexdump(MSG_DEBUG, "FILS: Authentication frame fields",
1074 pos, end - pos);
1075
1076 /* TODO: FILS PK */
1077 #ifdef CONFIG_FILS_SK_PFS
1078 if (auth_alg == WLAN_AUTH_FILS_SK_PFS) {
1079 u16 group;
1080 struct wpabuf *pub;
1081 size_t elem_len;
1082
1083 /* Using FILS PFS */
1084
1085 /* Finite Cyclic Group */
1086 if (end - pos < 2) {
1087 wpa_printf(MSG_DEBUG,
1088 "FILS: No room for Finite Cyclic Group");
1089 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1090 goto fail;
1091 }
1092 group = WPA_GET_LE16(pos);
1093 pos += 2;
1094 if (group != hapd->conf->fils_dh_group) {
1095 wpa_printf(MSG_DEBUG,
1096 "FILS: Unsupported Finite Cyclic Group: %u (expected %u)",
1097 group, hapd->conf->fils_dh_group);
1098 resp = WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED;
1099 goto fail;
1100 }
1101
1102 crypto_ecdh_deinit(sta->fils_ecdh);
1103 sta->fils_ecdh = crypto_ecdh_init(group);
1104 if (!sta->fils_ecdh) {
1105 wpa_printf(MSG_INFO,
1106 "FILS: Could not initialize ECDH with group %d",
1107 group);
1108 resp = WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED;
1109 goto fail;
1110 }
1111
1112 pub = crypto_ecdh_get_pubkey(sta->fils_ecdh, 1);
1113 if (!pub) {
1114 wpa_printf(MSG_DEBUG,
1115 "FILS: Failed to derive ECDH public key");
1116 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1117 goto fail;
1118 }
1119 elem_len = wpabuf_len(pub);
1120 wpabuf_free(pub);
1121
1122 /* Element */
1123 if ((size_t) (end - pos) < elem_len) {
1124 wpa_printf(MSG_DEBUG, "FILS: No room for Element");
1125 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1126 goto fail;
1127 }
1128
1129 wpabuf_free(sta->fils_g_sta);
1130 sta->fils_g_sta = wpabuf_alloc_copy(pos, elem_len);
1131 wpabuf_clear_free(sta->fils_dh_ss);
1132 sta->fils_dh_ss = crypto_ecdh_set_peerkey(sta->fils_ecdh, 1,
1133 pos, elem_len);
1134 if (!sta->fils_dh_ss) {
1135 wpa_printf(MSG_DEBUG, "FILS: ECDH operation failed");
1136 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1137 goto fail;
1138 }
1139 wpa_hexdump_buf_key(MSG_DEBUG, "FILS: DH_SS", sta->fils_dh_ss);
1140 pos += elem_len;
1141 } else {
1142 crypto_ecdh_deinit(sta->fils_ecdh);
1143 sta->fils_ecdh = NULL;
1144 wpabuf_clear_free(sta->fils_dh_ss);
1145 sta->fils_dh_ss = NULL;
1146 }
1147 #endif /* CONFIG_FILS_SK_PFS */
1148
1149 wpa_hexdump(MSG_DEBUG, "FILS: Remaining IEs", pos, end - pos);
1150 if (ieee802_11_parse_elems(pos, end - pos, &elems, 1) == ParseFailed) {
1151 wpa_printf(MSG_DEBUG, "FILS: Could not parse elements");
1152 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1153 goto fail;
1154 }
1155
1156 /* RSNE */
1157 wpa_hexdump(MSG_DEBUG, "FILS: RSN element",
1158 elems.rsn_ie, elems.rsn_ie_len);
1159 if (!elems.rsn_ie ||
1160 wpa_parse_wpa_ie_rsn(elems.rsn_ie - 2, elems.rsn_ie_len + 2,
1161 &rsn) < 0) {
1162 wpa_printf(MSG_DEBUG, "FILS: No valid RSN element");
1163 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1164 goto fail;
1165 }
1166
1167 if (!sta->wpa_sm)
1168 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, sta->addr,
1169 NULL);
1170 if (!sta->wpa_sm) {
1171 wpa_printf(MSG_DEBUG,
1172 "FILS: Failed to initialize RSN state machine");
1173 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1174 goto fail;
1175 }
1176
1177 res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm,
1178 elems.rsn_ie - 2, elems.rsn_ie_len + 2,
1179 elems.mdie, elems.mdie_len, NULL, 0);
1180 resp = wpa_res_to_status_code(res);
1181 if (resp != WLAN_STATUS_SUCCESS)
1182 goto fail;
1183
1184 if (!elems.fils_nonce) {
1185 wpa_printf(MSG_DEBUG, "FILS: No FILS Nonce field");
1186 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1187 goto fail;
1188 }
1189 wpa_hexdump(MSG_DEBUG, "FILS: SNonce", elems.fils_nonce,
1190 FILS_NONCE_LEN);
1191 os_memcpy(sta->fils_snonce, elems.fils_nonce, FILS_NONCE_LEN);
1192
1193 /* PMKID List */
1194 if (rsn.pmkid && rsn.num_pmkid > 0) {
1195 u8 num;
1196 const u8 *pmkid;
1197
1198 wpa_hexdump(MSG_DEBUG, "FILS: PMKID List",
1199 rsn.pmkid, rsn.num_pmkid * PMKID_LEN);
1200
1201 pmkid = rsn.pmkid;
1202 num = rsn.num_pmkid;
1203 while (num) {
1204 wpa_hexdump(MSG_DEBUG, "FILS: PMKID", pmkid, PMKID_LEN);
1205 pmksa = wpa_auth_pmksa_get(hapd->wpa_auth, sta->addr,
1206 pmkid);
1207 if (pmksa)
1208 break;
1209 pmksa = wpa_auth_pmksa_get_fils_cache_id(hapd->wpa_auth,
1210 sta->addr,
1211 pmkid);
1212 if (pmksa)
1213 break;
1214 pmkid += PMKID_LEN;
1215 num--;
1216 }
1217 }
1218 if (pmksa && wpa_auth_sta_key_mgmt(sta->wpa_sm) != pmksa->akmp) {
1219 wpa_printf(MSG_DEBUG,
1220 "FILS: Matching PMKSA cache entry has different AKMP (0x%x != 0x%x) - ignore",
1221 wpa_auth_sta_key_mgmt(sta->wpa_sm), pmksa->akmp);
1222 pmksa = NULL;
1223 }
1224 if (pmksa)
1225 wpa_printf(MSG_DEBUG, "FILS: Found matching PMKSA cache entry");
1226
1227 /* FILS Session */
1228 if (!elems.fils_session) {
1229 wpa_printf(MSG_DEBUG, "FILS: No FILS Session element");
1230 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1231 goto fail;
1232 }
1233 wpa_hexdump(MSG_DEBUG, "FILS: FILS Session", elems.fils_session,
1234 FILS_SESSION_LEN);
1235 os_memcpy(sta->fils_session, elems.fils_session, FILS_SESSION_LEN);
1236
1237 /* FILS Wrapped Data */
1238 if (elems.fils_wrapped_data) {
1239 wpa_hexdump(MSG_DEBUG, "FILS: Wrapped Data",
1240 elems.fils_wrapped_data,
1241 elems.fils_wrapped_data_len);
1242 if (!pmksa) {
1243 #ifndef CONFIG_NO_RADIUS
1244 if (!sta->eapol_sm) {
1245 sta->eapol_sm =
1246 ieee802_1x_alloc_eapol_sm(hapd, sta);
1247 }
1248 wpa_printf(MSG_DEBUG,
1249 "FILS: Forward EAP-Initiate/Re-auth to authentication server");
1250 ieee802_1x_encapsulate_radius(
1251 hapd, sta, elems.fils_wrapped_data,
1252 elems.fils_wrapped_data_len);
1253 sta->fils_pending_cb = cb;
1254 wpa_printf(MSG_DEBUG,
1255 "FILS: Will send Authentication frame once the response from authentication server is available");
1256 sta->flags |= WLAN_STA_PENDING_FILS_ERP;
1257 /* Calculate pending PMKID here so that we do not need
1258 * to maintain a copy of the EAP-Initiate/Reauth
1259 * message. */
1260 if (fils_pmkid_erp(wpa_auth_sta_key_mgmt(sta->wpa_sm),
1261 elems.fils_wrapped_data,
1262 elems.fils_wrapped_data_len,
1263 sta->fils_erp_pmkid) == 0)
1264 sta->fils_erp_pmkid_set = 1;
1265 return;
1266 #else /* CONFIG_NO_RADIUS */
1267 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1268 goto fail;
1269 #endif /* CONFIG_NO_RADIUS */
1270 }
1271 }
1272
1273 fail:
1274 if (cb) {
1275 struct wpabuf *data;
1276 int pub = 0;
1277
1278 data = prepare_auth_resp_fils(hapd, sta, &resp, pmksa, NULL,
1279 NULL, 0, &pub);
1280 if (!data) {
1281 wpa_printf(MSG_DEBUG,
1282 "%s: prepare_auth_resp_fils() returned failure",
1283 __func__);
1284 }
1285
1286 cb(hapd, sta, resp, data, pub);
1287 }
1288 }
1289
1290
1291 static struct wpabuf *
1292 prepare_auth_resp_fils(struct hostapd_data *hapd,
1293 struct sta_info *sta, u16 *resp,
1294 struct rsn_pmksa_cache_entry *pmksa,
1295 struct wpabuf *erp_resp,
1296 const u8 *msk, size_t msk_len,
1297 int *is_pub)
1298 {
1299 u8 fils_nonce[FILS_NONCE_LEN];
1300 size_t ielen;
1301 struct wpabuf *data = NULL;
1302 const u8 *ie;
1303 u8 *ie_buf = NULL;
1304 const u8 *pmk = NULL;
1305 size_t pmk_len = 0;
1306 u8 pmk_buf[PMK_LEN_MAX];
1307 struct wpabuf *pub = NULL;
1308
1309 if (*resp != WLAN_STATUS_SUCCESS)
1310 goto fail;
1311
1312 ie = wpa_auth_get_wpa_ie(hapd->wpa_auth, &ielen);
1313 if (!ie) {
1314 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1315 goto fail;
1316 }
1317
1318 if (pmksa) {
1319 /* Add PMKID of the selected PMKSA into RSNE */
1320 ie_buf = os_malloc(ielen + 2 + 2 + PMKID_LEN);
1321 if (!ie_buf) {
1322 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1323 goto fail;
1324 }
1325
1326 os_memcpy(ie_buf, ie, ielen);
1327 if (wpa_insert_pmkid(ie_buf, &ielen, pmksa->pmkid) < 0) {
1328 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1329 goto fail;
1330 }
1331 ie = ie_buf;
1332 }
1333
1334 if (random_get_bytes(fils_nonce, FILS_NONCE_LEN) < 0) {
1335 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1336 goto fail;
1337 }
1338 wpa_hexdump(MSG_DEBUG, "RSN: Generated FILS Nonce",
1339 fils_nonce, FILS_NONCE_LEN);
1340
1341 #ifdef CONFIG_FILS_SK_PFS
1342 if (sta->fils_dh_ss && sta->fils_ecdh) {
1343 pub = crypto_ecdh_get_pubkey(sta->fils_ecdh, 1);
1344 if (!pub) {
1345 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1346 goto fail;
1347 }
1348 }
1349 #endif /* CONFIG_FILS_SK_PFS */
1350
1351 data = wpabuf_alloc(1000 + ielen + (pub ? wpabuf_len(pub) : 0));
1352 if (!data) {
1353 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1354 goto fail;
1355 }
1356
1357 /* TODO: FILS PK */
1358 #ifdef CONFIG_FILS_SK_PFS
1359 if (pub) {
1360 /* Finite Cyclic Group */
1361 wpabuf_put_le16(data, hapd->conf->fils_dh_group);
1362
1363 /* Element */
1364 wpabuf_put_buf(data, pub);
1365 }
1366 #endif /* CONFIG_FILS_SK_PFS */
1367
1368 /* RSNE */
1369 wpabuf_put_data(data, ie, ielen);
1370
1371 /* MDE when using FILS+FT (already included in ie,ielen with RSNE) */
1372
1373 #ifdef CONFIG_IEEE80211R_AP
1374 if (wpa_key_mgmt_ft(wpa_auth_sta_key_mgmt(sta->wpa_sm))) {
1375 /* FTE[R1KH-ID,R0KH-ID] when using FILS+FT */
1376 int res;
1377
1378 res = wpa_auth_write_fte(hapd->wpa_auth, wpabuf_put(data, 0),
1379 wpabuf_tailroom(data));
1380 if (res < 0) {
1381 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1382 goto fail;
1383 }
1384 wpabuf_put(data, res);
1385 }
1386 #endif /* CONFIG_IEEE80211R_AP */
1387
1388 /* FILS Nonce */
1389 wpabuf_put_u8(data, WLAN_EID_EXTENSION); /* Element ID */
1390 wpabuf_put_u8(data, 1 + FILS_NONCE_LEN); /* Length */
1391 /* Element ID Extension */
1392 wpabuf_put_u8(data, WLAN_EID_EXT_FILS_NONCE);
1393 wpabuf_put_data(data, fils_nonce, FILS_NONCE_LEN);
1394
1395 /* FILS Session */
1396 wpabuf_put_u8(data, WLAN_EID_EXTENSION); /* Element ID */
1397 wpabuf_put_u8(data, 1 + FILS_SESSION_LEN); /* Length */
1398 /* Element ID Extension */
1399 wpabuf_put_u8(data, WLAN_EID_EXT_FILS_SESSION);
1400 wpabuf_put_data(data, sta->fils_session, FILS_SESSION_LEN);
1401
1402 /* FILS Wrapped Data */
1403 if (!pmksa && erp_resp) {
1404 wpabuf_put_u8(data, WLAN_EID_EXTENSION); /* Element ID */
1405 wpabuf_put_u8(data, 1 + wpabuf_len(erp_resp)); /* Length */
1406 /* Element ID Extension */
1407 wpabuf_put_u8(data, WLAN_EID_EXT_FILS_WRAPPED_DATA);
1408 wpabuf_put_buf(data, erp_resp);
1409
1410 if (fils_rmsk_to_pmk(wpa_auth_sta_key_mgmt(sta->wpa_sm),
1411 msk, msk_len, sta->fils_snonce, fils_nonce,
1412 sta->fils_dh_ss ?
1413 wpabuf_head(sta->fils_dh_ss) : NULL,
1414 sta->fils_dh_ss ?
1415 wpabuf_len(sta->fils_dh_ss) : 0,
1416 pmk_buf, &pmk_len)) {
1417 wpa_printf(MSG_DEBUG, "FILS: Failed to derive PMK");
1418 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1419 wpabuf_free(data);
1420 data = NULL;
1421 goto fail;
1422 }
1423 pmk = pmk_buf;
1424
1425 /* Don't use DHss in PTK derivation if PMKSA caching is not
1426 * used. */
1427 wpabuf_clear_free(sta->fils_dh_ss);
1428 sta->fils_dh_ss = NULL;
1429
1430 if (sta->fils_erp_pmkid_set) {
1431 /* TODO: get PMKLifetime from WPA parameters */
1432 unsigned int dot11RSNAConfigPMKLifetime = 43200;
1433
1434 sta->fils_erp_pmkid_set = 0;
1435 if (wpa_auth_pmksa_add2(
1436 hapd->wpa_auth, sta->addr,
1437 pmk, pmk_len,
1438 sta->fils_erp_pmkid,
1439 sta->session_timeout_set ?
1440 sta->session_timeout :
1441 dot11RSNAConfigPMKLifetime,
1442 wpa_auth_sta_key_mgmt(sta->wpa_sm)) < 0) {
1443 wpa_printf(MSG_ERROR,
1444 "FILS: Failed to add PMKSA cache entry based on ERP");
1445 }
1446 }
1447 } else if (pmksa) {
1448 pmk = pmksa->pmk;
1449 pmk_len = pmksa->pmk_len;
1450 }
1451
1452 if (!pmk) {
1453 wpa_printf(MSG_DEBUG, "FILS: No PMK available");
1454 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1455 wpabuf_free(data);
1456 data = NULL;
1457 goto fail;
1458 }
1459
1460 if (fils_auth_pmk_to_ptk(sta->wpa_sm, pmk, pmk_len,
1461 sta->fils_snonce, fils_nonce,
1462 sta->fils_dh_ss ?
1463 wpabuf_head(sta->fils_dh_ss) : NULL,
1464 sta->fils_dh_ss ?
1465 wpabuf_len(sta->fils_dh_ss) : 0,
1466 sta->fils_g_sta, pub) < 0) {
1467 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1468 wpabuf_free(data);
1469 data = NULL;
1470 goto fail;
1471 }
1472
1473 fail:
1474 if (is_pub)
1475 *is_pub = pub != NULL;
1476 os_free(ie_buf);
1477 wpabuf_free(pub);
1478 wpabuf_clear_free(sta->fils_dh_ss);
1479 sta->fils_dh_ss = NULL;
1480 #ifdef CONFIG_FILS_SK_PFS
1481 crypto_ecdh_deinit(sta->fils_ecdh);
1482 sta->fils_ecdh = NULL;
1483 #endif /* CONFIG_FILS_SK_PFS */
1484 return data;
1485 }
1486
1487
1488 static void handle_auth_fils_finish(struct hostapd_data *hapd,
1489 struct sta_info *sta, u16 resp,
1490 struct wpabuf *data, int pub)
1491 {
1492 u16 auth_alg;
1493
1494 auth_alg = (pub ||
1495 resp == WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED) ?
1496 WLAN_AUTH_FILS_SK_PFS : WLAN_AUTH_FILS_SK;
1497 send_auth_reply(hapd, sta->addr, hapd->own_addr, auth_alg, 2, resp,
1498 data ? wpabuf_head(data) : (u8 *) "",
1499 data ? wpabuf_len(data) : 0);
1500 wpabuf_free(data);
1501
1502 if (resp == WLAN_STATUS_SUCCESS) {
1503 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1504 HOSTAPD_LEVEL_DEBUG,
1505 "authentication OK (FILS)");
1506 sta->flags |= WLAN_STA_AUTH;
1507 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
1508 sta->auth_alg = pub ? WLAN_AUTH_FILS_SK_PFS : WLAN_AUTH_FILS_SK;
1509 mlme_authenticate_indication(hapd, sta);
1510 }
1511 }
1512
1513
1514 void ieee802_11_finish_fils_auth(struct hostapd_data *hapd,
1515 struct sta_info *sta, int success,
1516 struct wpabuf *erp_resp,
1517 const u8 *msk, size_t msk_len)
1518 {
1519 struct wpabuf *data;
1520 int pub = 0;
1521 u16 resp;
1522
1523 sta->flags &= ~WLAN_STA_PENDING_FILS_ERP;
1524
1525 if (!sta->fils_pending_cb)
1526 return;
1527 resp = success ? WLAN_STATUS_SUCCESS : WLAN_STATUS_UNSPECIFIED_FAILURE;
1528 data = prepare_auth_resp_fils(hapd, sta, &resp, NULL, erp_resp,
1529 msk, msk_len, &pub);
1530 if (!data) {
1531 wpa_printf(MSG_DEBUG,
1532 "%s: prepare_auth_resp_fils() returned failure",
1533 __func__);
1534 }
1535 sta->fils_pending_cb(hapd, sta, resp, data, pub);
1536 }
1537
1538 #endif /* CONFIG_FILS */
1539
1540
1541 static int
1542 ieee802_11_allowed_address(struct hostapd_data *hapd, const u8 *addr,
1543 const u8 *msg, size_t len, u32 *session_timeout,
1544 u32 *acct_interim_interval,
1545 struct vlan_description *vlan_id,
1546 struct hostapd_sta_wpa_psk_short **psk,
1547 char **identity, char **radius_cui)
1548 {
1549 int res;
1550
1551 os_memset(vlan_id, 0, sizeof(*vlan_id));
1552 res = hostapd_allowed_address(hapd, addr, msg, len,
1553 session_timeout, acct_interim_interval,
1554 vlan_id, psk, identity, radius_cui);
1555
1556 if (res == HOSTAPD_ACL_REJECT) {
1557 wpa_printf(MSG_INFO,
1558 "Station " MACSTR " not allowed to authenticate",
1559 MAC2STR(addr));
1560 return HOSTAPD_ACL_REJECT;
1561 }
1562
1563 if (res == HOSTAPD_ACL_PENDING) {
1564 wpa_printf(MSG_DEBUG, "Authentication frame from " MACSTR
1565 " waiting for an external authentication",
1566 MAC2STR(addr));
1567 /* Authentication code will re-send the authentication frame
1568 * after it has received (and cached) information from the
1569 * external source. */
1570 return HOSTAPD_ACL_PENDING;
1571 }
1572
1573 return res;
1574 }
1575
1576
1577 static int
1578 ieee802_11_set_radius_info(struct hostapd_data *hapd, struct sta_info *sta,
1579 int res, u32 session_timeout,
1580 u32 acct_interim_interval,
1581 struct vlan_description *vlan_id,
1582 struct hostapd_sta_wpa_psk_short **psk,
1583 char **identity, char **radius_cui)
1584 {
1585 if (vlan_id->notempty &&
1586 !hostapd_vlan_valid(hapd->conf->vlan, vlan_id)) {
1587 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
1588 HOSTAPD_LEVEL_INFO,
1589 "Invalid VLAN %d%s received from RADIUS server",
1590 vlan_id->untagged,
1591 vlan_id->tagged[0] ? "+" : "");
1592 return -1;
1593 }
1594 if (ap_sta_set_vlan(hapd, sta, vlan_id) < 0)
1595 return -1;
1596 if (sta->vlan_id)
1597 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
1598 HOSTAPD_LEVEL_INFO, "VLAN ID %d", sta->vlan_id);
1599
1600 hostapd_free_psk_list(sta->psk);
1601 if (hapd->conf->wpa_psk_radius != PSK_RADIUS_IGNORED) {
1602 sta->psk = *psk;
1603 *psk = NULL;
1604 } else {
1605 sta->psk = NULL;
1606 }
1607
1608 sta->identity = *identity;
1609 *identity = NULL;
1610 sta->radius_cui = *radius_cui;
1611 *radius_cui = NULL;
1612
1613 if (hapd->conf->acct_interim_interval == 0 && acct_interim_interval)
1614 sta->acct_interim_interval = acct_interim_interval;
1615 if (res == HOSTAPD_ACL_ACCEPT_TIMEOUT)
1616 ap_sta_session_timeout(hapd, sta, session_timeout);
1617 else
1618 ap_sta_no_session_timeout(hapd, sta);
1619
1620 return 0;
1621 }
1622
1623
1624 static void handle_auth(struct hostapd_data *hapd,
1625 const struct ieee80211_mgmt *mgmt, size_t len)
1626 {
1627 u16 auth_alg, auth_transaction, status_code;
1628 u16 resp = WLAN_STATUS_SUCCESS;
1629 struct sta_info *sta = NULL;
1630 int res, reply_res;
1631 u16 fc;
1632 const u8 *challenge = NULL;
1633 u32 session_timeout, acct_interim_interval;
1634 struct vlan_description vlan_id;
1635 struct hostapd_sta_wpa_psk_short *psk = NULL;
1636 u8 resp_ies[2 + WLAN_AUTH_CHALLENGE_LEN];
1637 size_t resp_ies_len = 0;
1638 char *identity = NULL;
1639 char *radius_cui = NULL;
1640 u16 seq_ctrl;
1641
1642 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
1643 wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)",
1644 (unsigned long) len);
1645 return;
1646 }
1647
1648 #ifdef CONFIG_TESTING_OPTIONS
1649 if (hapd->iconf->ignore_auth_probability > 0.0 &&
1650 drand48() < hapd->iconf->ignore_auth_probability) {
1651 wpa_printf(MSG_INFO,
1652 "TESTING: ignoring auth frame from " MACSTR,
1653 MAC2STR(mgmt->sa));
1654 return;
1655 }
1656 #endif /* CONFIG_TESTING_OPTIONS */
1657
1658 auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
1659 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction);
1660 status_code = le_to_host16(mgmt->u.auth.status_code);
1661 fc = le_to_host16(mgmt->frame_control);
1662 seq_ctrl = le_to_host16(mgmt->seq_ctrl);
1663
1664 if (len >= IEEE80211_HDRLEN + sizeof(mgmt->u.auth) +
1665 2 + WLAN_AUTH_CHALLENGE_LEN &&
1666 mgmt->u.auth.variable[0] == WLAN_EID_CHALLENGE &&
1667 mgmt->u.auth.variable[1] == WLAN_AUTH_CHALLENGE_LEN)
1668 challenge = &mgmt->u.auth.variable[2];
1669
1670 wpa_printf(MSG_DEBUG, "authentication: STA=" MACSTR " auth_alg=%d "
1671 "auth_transaction=%d status_code=%d wep=%d%s "
1672 "seq_ctrl=0x%x%s",
1673 MAC2STR(mgmt->sa), auth_alg, auth_transaction,
1674 status_code, !!(fc & WLAN_FC_ISWEP),
1675 challenge ? " challenge" : "",
1676 seq_ctrl, (fc & WLAN_FC_RETRY) ? " retry" : "");
1677
1678 #ifdef CONFIG_NO_RC4
1679 if (auth_alg == WLAN_AUTH_SHARED_KEY) {
1680 wpa_printf(MSG_INFO,
1681 "Unsupported authentication algorithm (%d)",
1682 auth_alg);
1683 resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG;
1684 goto fail;
1685 }
1686 #endif /* CONFIG_NO_RC4 */
1687
1688 if (hapd->tkip_countermeasures) {
1689 resp = WLAN_REASON_MICHAEL_MIC_FAILURE;
1690 goto fail;
1691 }
1692
1693 if (!(((hapd->conf->auth_algs & WPA_AUTH_ALG_OPEN) &&
1694 auth_alg == WLAN_AUTH_OPEN) ||
1695 #ifdef CONFIG_IEEE80211R_AP
1696 (hapd->conf->wpa && wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt) &&
1697 auth_alg == WLAN_AUTH_FT) ||
1698 #endif /* CONFIG_IEEE80211R_AP */
1699 #ifdef CONFIG_SAE
1700 (hapd->conf->wpa && wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt) &&
1701 auth_alg == WLAN_AUTH_SAE) ||
1702 #endif /* CONFIG_SAE */
1703 #ifdef CONFIG_FILS
1704 (hapd->conf->wpa && wpa_key_mgmt_fils(hapd->conf->wpa_key_mgmt) &&
1705 auth_alg == WLAN_AUTH_FILS_SK) ||
1706 (hapd->conf->wpa && wpa_key_mgmt_fils(hapd->conf->wpa_key_mgmt) &&
1707 hapd->conf->fils_dh_group &&
1708 auth_alg == WLAN_AUTH_FILS_SK_PFS) ||
1709 #endif /* CONFIG_FILS */
1710 ((hapd->conf->auth_algs & WPA_AUTH_ALG_SHARED) &&
1711 auth_alg == WLAN_AUTH_SHARED_KEY))) {
1712 wpa_printf(MSG_INFO, "Unsupported authentication algorithm (%d)",
1713 auth_alg);
1714 resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG;
1715 goto fail;
1716 }
1717
1718 if (!(auth_transaction == 1 || auth_alg == WLAN_AUTH_SAE ||
1719 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 3))) {
1720 wpa_printf(MSG_INFO, "Unknown authentication transaction number (%d)",
1721 auth_transaction);
1722 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION;
1723 goto fail;
1724 }
1725
1726 if (os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
1727 wpa_printf(MSG_INFO, "Station " MACSTR " not allowed to authenticate",
1728 MAC2STR(mgmt->sa));
1729 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1730 goto fail;
1731 }
1732
1733 if (hapd->conf->no_auth_if_seen_on) {
1734 struct hostapd_data *other;
1735
1736 other = sta_track_seen_on(hapd->iface, mgmt->sa,
1737 hapd->conf->no_auth_if_seen_on);
1738 if (other) {
1739 u8 *pos;
1740 u32 info;
1741 u8 op_class, channel, phytype;
1742
1743 wpa_printf(MSG_DEBUG, "%s: Reject authentication from "
1744 MACSTR " since STA has been seen on %s",
1745 hapd->conf->iface, MAC2STR(mgmt->sa),
1746 hapd->conf->no_auth_if_seen_on);
1747
1748 resp = WLAN_STATUS_REJECTED_WITH_SUGGESTED_BSS_TRANSITION;
1749 pos = &resp_ies[0];
1750 *pos++ = WLAN_EID_NEIGHBOR_REPORT;
1751 *pos++ = 13;
1752 os_memcpy(pos, other->own_addr, ETH_ALEN);
1753 pos += ETH_ALEN;
1754 info = 0; /* TODO: BSSID Information */
1755 WPA_PUT_LE32(pos, info);
1756 pos += 4;
1757 if (other->iconf->hw_mode == HOSTAPD_MODE_IEEE80211AD)
1758 phytype = 8; /* dmg */
1759 else if (other->iconf->ieee80211ac)
1760 phytype = 9; /* vht */
1761 else if (other->iconf->ieee80211n)
1762 phytype = 7; /* ht */
1763 else if (other->iconf->hw_mode ==
1764 HOSTAPD_MODE_IEEE80211A)
1765 phytype = 4; /* ofdm */
1766 else if (other->iconf->hw_mode ==
1767 HOSTAPD_MODE_IEEE80211G)
1768 phytype = 6; /* erp */
1769 else
1770 phytype = 5; /* hrdsss */
1771 if (ieee80211_freq_to_channel_ext(
1772 hostapd_hw_get_freq(other,
1773 other->iconf->channel),
1774 other->iconf->secondary_channel,
1775 other->iconf->ieee80211ac,
1776 &op_class, &channel) == NUM_HOSTAPD_MODES) {
1777 op_class = 0;
1778 channel = other->iconf->channel;
1779 }
1780 *pos++ = op_class;
1781 *pos++ = channel;
1782 *pos++ = phytype;
1783 resp_ies_len = pos - &resp_ies[0];
1784 goto fail;
1785 }
1786 }
1787
1788 res = ieee802_11_allowed_address(
1789 hapd, mgmt->sa, (const u8 *) mgmt, len, &session_timeout,
1790 &acct_interim_interval, &vlan_id, &psk, &identity, &radius_cui);
1791 if (res == HOSTAPD_ACL_REJECT) {
1792 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1793 goto fail;
1794 }
1795 if (res == HOSTAPD_ACL_PENDING)
1796 return;
1797
1798 sta = ap_get_sta(hapd, mgmt->sa);
1799 if (sta) {
1800 sta->flags &= ~WLAN_STA_PENDING_FILS_ERP;
1801 if ((fc & WLAN_FC_RETRY) &&
1802 sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ &&
1803 sta->last_seq_ctrl == seq_ctrl &&
1804 sta->last_subtype == WLAN_FC_STYPE_AUTH) {
1805 hostapd_logger(hapd, sta->addr,
1806 HOSTAPD_MODULE_IEEE80211,
1807 HOSTAPD_LEVEL_DEBUG,
1808 "Drop repeated authentication frame seq_ctrl=0x%x",
1809 seq_ctrl);
1810 return;
1811 }
1812 #ifdef CONFIG_MESH
1813 if ((hapd->conf->mesh & MESH_ENABLED) &&
1814 sta->plink_state == PLINK_BLOCKED) {
1815 wpa_printf(MSG_DEBUG, "Mesh peer " MACSTR
1816 " is blocked - drop Authentication frame",
1817 MAC2STR(mgmt->sa));
1818 return;
1819 }
1820 #endif /* CONFIG_MESH */
1821 } else {
1822 #ifdef CONFIG_MESH
1823 if (hapd->conf->mesh & MESH_ENABLED) {
1824 /* if the mesh peer is not available, we don't do auth.
1825 */
1826 wpa_printf(MSG_DEBUG, "Mesh peer " MACSTR
1827 " not yet known - drop Authentication frame",
1828 MAC2STR(mgmt->sa));
1829 /*
1830 * Save a copy of the frame so that it can be processed
1831 * if a new peer entry is added shortly after this.
1832 */
1833 wpabuf_free(hapd->mesh_pending_auth);
1834 hapd->mesh_pending_auth = wpabuf_alloc_copy(mgmt, len);
1835 os_get_reltime(&hapd->mesh_pending_auth_time);
1836 return;
1837 }
1838 #endif /* CONFIG_MESH */
1839
1840 sta = ap_sta_add(hapd, mgmt->sa);
1841 if (!sta) {
1842 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
1843 goto fail;
1844 }
1845 }
1846 sta->last_seq_ctrl = seq_ctrl;
1847 sta->last_subtype = WLAN_FC_STYPE_AUTH;
1848
1849 res = ieee802_11_set_radius_info(
1850 hapd, sta, res, session_timeout, acct_interim_interval,
1851 &vlan_id, &psk, &identity, &radius_cui);
1852 if (res) {
1853 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1854 goto fail;
1855 }
1856
1857 sta->flags &= ~WLAN_STA_PREAUTH;
1858 ieee802_1x_notify_pre_auth(sta->eapol_sm, 0);
1859
1860 /*
1861 * If the driver supports full AP client state, add a station to the
1862 * driver before sending authentication reply to make sure the driver
1863 * has resources, and not to go through the entire authentication and
1864 * association handshake, and fail it at the end.
1865 *
1866 * If this is not the first transaction, in a multi-step authentication
1867 * algorithm, the station already exists in the driver
1868 * (sta->added_unassoc = 1) so skip it.
1869 *
1870 * In mesh mode, the station was already added to the driver when the
1871 * NEW_PEER_CANDIDATE event is received.
1872 *
1873 * If PMF was negotiated for the existing association, skip this to
1874 * avoid dropping the STA entry and the associated keys. This is needed
1875 * to allow the original connection work until the attempt can complete
1876 * (re)association, so that unprotected Authentication frame cannot be
1877 * used to bypass PMF protection.
1878 */
1879 if (FULL_AP_CLIENT_STATE_SUPP(hapd->iface->drv_flags) &&
1880 (!(sta->flags & WLAN_STA_MFP) || !ap_sta_is_authorized(sta)) &&
1881 !(hapd->conf->mesh & MESH_ENABLED) &&
1882 !(sta->added_unassoc)) {
1883 /*
1884 * If a station that is already associated to the AP, is trying
1885 * to authenticate again, remove the STA entry, in order to make
1886 * sure the STA PS state gets cleared and configuration gets
1887 * updated. To handle this, station's added_unassoc flag is
1888 * cleared once the station has completed association.
1889 */
1890 hostapd_drv_sta_remove(hapd, sta->addr);
1891 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_AUTH |
1892 WLAN_STA_AUTHORIZED);
1893
1894 if (hostapd_sta_add(hapd, sta->addr, 0, 0, NULL, 0, 0,
1895 NULL, NULL, sta->flags, 0, 0, 0, 0)) {
1896 hostapd_logger(hapd, sta->addr,
1897 HOSTAPD_MODULE_IEEE80211,
1898 HOSTAPD_LEVEL_NOTICE,
1899 "Could not add STA to kernel driver");
1900 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
1901 goto fail;
1902 }
1903
1904 sta->added_unassoc = 1;
1905 }
1906
1907 switch (auth_alg) {
1908 case WLAN_AUTH_OPEN:
1909 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1910 HOSTAPD_LEVEL_DEBUG,
1911 "authentication OK (open system)");
1912 sta->flags |= WLAN_STA_AUTH;
1913 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
1914 sta->auth_alg = WLAN_AUTH_OPEN;
1915 mlme_authenticate_indication(hapd, sta);
1916 break;
1917 #ifndef CONFIG_NO_RC4
1918 case WLAN_AUTH_SHARED_KEY:
1919 resp = auth_shared_key(hapd, sta, auth_transaction, challenge,
1920 fc & WLAN_FC_ISWEP);
1921 sta->auth_alg = WLAN_AUTH_SHARED_KEY;
1922 mlme_authenticate_indication(hapd, sta);
1923 if (sta->challenge && auth_transaction == 1) {
1924 resp_ies[0] = WLAN_EID_CHALLENGE;
1925 resp_ies[1] = WLAN_AUTH_CHALLENGE_LEN;
1926 os_memcpy(resp_ies + 2, sta->challenge,
1927 WLAN_AUTH_CHALLENGE_LEN);
1928 resp_ies_len = 2 + WLAN_AUTH_CHALLENGE_LEN;
1929 }
1930 break;
1931 #endif /* CONFIG_NO_RC4 */
1932 #ifdef CONFIG_IEEE80211R_AP
1933 case WLAN_AUTH_FT:
1934 sta->auth_alg = WLAN_AUTH_FT;
1935 if (sta->wpa_sm == NULL)
1936 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
1937 sta->addr, NULL);
1938 if (sta->wpa_sm == NULL) {
1939 wpa_printf(MSG_DEBUG, "FT: Failed to initialize WPA "
1940 "state machine");
1941 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1942 goto fail;
1943 }
1944 wpa_ft_process_auth(sta->wpa_sm, mgmt->bssid,
1945 auth_transaction, mgmt->u.auth.variable,
1946 len - IEEE80211_HDRLEN -
1947 sizeof(mgmt->u.auth),
1948 handle_auth_ft_finish, hapd);
1949 /* handle_auth_ft_finish() callback will complete auth. */
1950 return;
1951 #endif /* CONFIG_IEEE80211R_AP */
1952 #ifdef CONFIG_SAE
1953 case WLAN_AUTH_SAE:
1954 #ifdef CONFIG_MESH
1955 if (status_code == WLAN_STATUS_SUCCESS &&
1956 hapd->conf->mesh & MESH_ENABLED) {
1957 if (sta->wpa_sm == NULL)
1958 sta->wpa_sm =
1959 wpa_auth_sta_init(hapd->wpa_auth,
1960 sta->addr, NULL);
1961 if (sta->wpa_sm == NULL) {
1962 wpa_printf(MSG_DEBUG,
1963 "SAE: Failed to initialize WPA state machine");
1964 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1965 goto fail;
1966 }
1967 }
1968 #endif /* CONFIG_MESH */
1969 handle_auth_sae(hapd, sta, mgmt, len, auth_transaction,
1970 status_code);
1971 return;
1972 #endif /* CONFIG_SAE */
1973 #ifdef CONFIG_FILS
1974 case WLAN_AUTH_FILS_SK:
1975 case WLAN_AUTH_FILS_SK_PFS:
1976 handle_auth_fils(hapd, sta, mgmt->u.auth.variable,
1977 len - IEEE80211_HDRLEN - sizeof(mgmt->u.auth),
1978 auth_alg, auth_transaction, status_code,
1979 handle_auth_fils_finish);
1980 return;
1981 #endif /* CONFIG_FILS */
1982 }
1983
1984 fail:
1985 os_free(identity);
1986 os_free(radius_cui);
1987 hostapd_free_psk_list(psk);
1988
1989 reply_res = send_auth_reply(hapd, mgmt->sa, mgmt->bssid, auth_alg,
1990 auth_transaction + 1, resp, resp_ies,
1991 resp_ies_len);
1992
1993 if (sta && sta->added_unassoc && (resp != WLAN_STATUS_SUCCESS ||
1994 reply_res != WLAN_STATUS_SUCCESS)) {
1995 hostapd_drv_sta_remove(hapd, sta->addr);
1996 sta->added_unassoc = 0;
1997 }
1998 }
1999
2000
2001 int hostapd_get_aid(struct hostapd_data *hapd, struct sta_info *sta)
2002 {
2003 int i, j = 32, aid;
2004
2005 /* get a unique AID */
2006 if (sta->aid > 0) {
2007 wpa_printf(MSG_DEBUG, " old AID %d", sta->aid);
2008 return 0;
2009 }
2010
2011 if (TEST_FAIL())
2012 return -1;
2013
2014 for (i = 0; i < AID_WORDS; i++) {
2015 if (hapd->sta_aid[i] == (u32) -1)
2016 continue;
2017 for (j = 0; j < 32; j++) {
2018 if (!(hapd->sta_aid[i] & BIT(j)))
2019 break;
2020 }
2021 if (j < 32)
2022 break;
2023 }
2024 if (j == 32)
2025 return -1;
2026 aid = i * 32 + j + 1;
2027 if (aid > 2007)
2028 return -1;
2029
2030 sta->aid = aid;
2031 hapd->sta_aid[i] |= BIT(j);
2032 wpa_printf(MSG_DEBUG, " new AID %d", sta->aid);
2033 return 0;
2034 }
2035
2036
2037 static u16 check_ssid(struct hostapd_data *hapd, struct sta_info *sta,
2038 const u8 *ssid_ie, size_t ssid_ie_len)
2039 {
2040 if (ssid_ie == NULL)
2041 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2042
2043 if (ssid_ie_len != hapd->conf->ssid.ssid_len ||
2044 os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0) {
2045 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2046 HOSTAPD_LEVEL_INFO,
2047 "Station tried to associate with unknown SSID "
2048 "'%s'", wpa_ssid_txt(ssid_ie, ssid_ie_len));
2049 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2050 }
2051
2052 return WLAN_STATUS_SUCCESS;
2053 }
2054
2055
2056 static u16 check_wmm(struct hostapd_data *hapd, struct sta_info *sta,
2057 const u8 *wmm_ie, size_t wmm_ie_len)
2058 {
2059 sta->flags &= ~WLAN_STA_WMM;
2060 sta->qosinfo = 0;
2061 if (wmm_ie && hapd->conf->wmm_enabled) {
2062 struct wmm_information_element *wmm;
2063
2064 if (!hostapd_eid_wmm_valid(hapd, wmm_ie, wmm_ie_len)) {
2065 hostapd_logger(hapd, sta->addr,
2066 HOSTAPD_MODULE_WPA,
2067 HOSTAPD_LEVEL_DEBUG,
2068 "invalid WMM element in association "
2069 "request");
2070 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2071 }
2072
2073 sta->flags |= WLAN_STA_WMM;
2074 wmm = (struct wmm_information_element *) wmm_ie;
2075 sta->qosinfo = wmm->qos_info;
2076 }
2077 return WLAN_STATUS_SUCCESS;
2078 }
2079
2080
2081 static u16 copy_supp_rates(struct hostapd_data *hapd, struct sta_info *sta,
2082 struct ieee802_11_elems *elems)
2083 {
2084 /* Supported rates not used in IEEE 802.11ad/DMG */
2085 if (hapd->iface->current_mode &&
2086 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD)
2087 return WLAN_STATUS_SUCCESS;
2088
2089 if (!elems->supp_rates) {
2090 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2091 HOSTAPD_LEVEL_DEBUG,
2092 "No supported rates element in AssocReq");
2093 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2094 }
2095
2096 if (elems->supp_rates_len + elems->ext_supp_rates_len >
2097 sizeof(sta->supported_rates)) {
2098 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2099 HOSTAPD_LEVEL_DEBUG,
2100 "Invalid supported rates element length %d+%d",
2101 elems->supp_rates_len,
2102 elems->ext_supp_rates_len);
2103 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2104 }
2105
2106 sta->supported_rates_len = merge_byte_arrays(
2107 sta->supported_rates, sizeof(sta->supported_rates),
2108 elems->supp_rates, elems->supp_rates_len,
2109 elems->ext_supp_rates, elems->ext_supp_rates_len);
2110
2111 return WLAN_STATUS_SUCCESS;
2112 }
2113
2114
2115 static u16 check_ext_capab(struct hostapd_data *hapd, struct sta_info *sta,
2116 const u8 *ext_capab_ie, size_t ext_capab_ie_len)
2117 {
2118 #ifdef CONFIG_INTERWORKING
2119 /* check for QoS Map support */
2120 if (ext_capab_ie_len >= 5) {
2121 if (ext_capab_ie[4] & 0x01)
2122 sta->qos_map_enabled = 1;
2123 }
2124 #endif /* CONFIG_INTERWORKING */
2125
2126 if (ext_capab_ie_len > 0) {
2127 sta->ecsa_supported = !!(ext_capab_ie[0] & BIT(2));
2128 os_free(sta->ext_capability);
2129 sta->ext_capability = os_malloc(1 + ext_capab_ie_len);
2130 if (sta->ext_capability) {
2131 sta->ext_capability[0] = ext_capab_ie_len;
2132 os_memcpy(sta->ext_capability + 1, ext_capab_ie,
2133 ext_capab_ie_len);
2134 }
2135 }
2136
2137 return WLAN_STATUS_SUCCESS;
2138 }
2139
2140
2141 #ifdef CONFIG_OWE
2142
2143 static int owe_group_supported(struct hostapd_data *hapd, u16 group)
2144 {
2145 int i;
2146 int *groups = hapd->conf->owe_groups;
2147
2148 if (group != 19 && group != 20 && group != 21)
2149 return 0;
2150
2151 if (!groups)
2152 return 1;
2153
2154 for (i = 0; groups[i] > 0; i++) {
2155 if (groups[i] == group)
2156 return 1;
2157 }
2158
2159 return 0;
2160 }
2161
2162
2163 static u16 owe_process_assoc_req(struct hostapd_data *hapd,
2164 struct sta_info *sta, const u8 *owe_dh,
2165 u8 owe_dh_len)
2166 {
2167 struct wpabuf *secret, *pub, *hkey;
2168 int res;
2169 u8 prk[SHA512_MAC_LEN], pmkid[SHA512_MAC_LEN];
2170 const char *info = "OWE Key Generation";
2171 const u8 *addr[2];
2172 size_t len[2];
2173 u16 group;
2174 size_t hash_len, prime_len;
2175
2176 if (wpa_auth_sta_get_pmksa(sta->wpa_sm)) {
2177 wpa_printf(MSG_DEBUG, "OWE: Using PMKSA caching");
2178 return WLAN_STATUS_SUCCESS;
2179 }
2180
2181 group = WPA_GET_LE16(owe_dh);
2182 if (!owe_group_supported(hapd, group)) {
2183 wpa_printf(MSG_DEBUG, "OWE: Unsupported DH group %u", group);
2184 return WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED;
2185 }
2186 if (group == 19)
2187 prime_len = 32;
2188 else if (group == 20)
2189 prime_len = 48;
2190 else if (group == 21)
2191 prime_len = 66;
2192 else
2193 return WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED;
2194
2195 crypto_ecdh_deinit(sta->owe_ecdh);
2196 sta->owe_ecdh = crypto_ecdh_init(group);
2197 if (!sta->owe_ecdh)
2198 return WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED;
2199 sta->owe_group = group;
2200
2201 secret = crypto_ecdh_set_peerkey(sta->owe_ecdh, 0, owe_dh + 2,
2202 owe_dh_len - 2);
2203 secret = wpabuf_zeropad(secret, prime_len);
2204 if (!secret) {
2205 wpa_printf(MSG_DEBUG, "OWE: Invalid peer DH public key");
2206 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2207 }
2208 wpa_hexdump_buf_key(MSG_DEBUG, "OWE: DH shared secret", secret);
2209
2210 /* prk = HKDF-extract(C | A | group, z) */
2211
2212 pub = crypto_ecdh_get_pubkey(sta->owe_ecdh, 0);
2213 if (!pub) {
2214 wpabuf_clear_free(secret);
2215 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2216 }
2217
2218 /* PMKID = Truncate-128(Hash(C | A)) */
2219 addr[0] = owe_dh + 2;
2220 len[0] = owe_dh_len - 2;
2221 addr[1] = wpabuf_head(pub);
2222 len[1] = wpabuf_len(pub);
2223 if (group == 19) {
2224 res = sha256_vector(2, addr, len, pmkid);
2225 hash_len = SHA256_MAC_LEN;
2226 } else if (group == 20) {
2227 res = sha384_vector(2, addr, len, pmkid);
2228 hash_len = SHA384_MAC_LEN;
2229 } else if (group == 21) {
2230 res = sha512_vector(2, addr, len, pmkid);
2231 hash_len = SHA512_MAC_LEN;
2232 } else {
2233 wpabuf_free(pub);
2234 wpabuf_clear_free(secret);
2235 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2236 }
2237 pub = wpabuf_zeropad(pub, prime_len);
2238 if (res < 0 || !pub) {
2239 wpabuf_free(pub);
2240 wpabuf_clear_free(secret);
2241 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2242 }
2243
2244 hkey = wpabuf_alloc(owe_dh_len - 2 + wpabuf_len(pub) + 2);
2245 if (!hkey) {
2246 wpabuf_free(pub);
2247 wpabuf_clear_free(secret);
2248 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2249 }
2250
2251 wpabuf_put_data(hkey, owe_dh + 2, owe_dh_len - 2); /* C */
2252 wpabuf_put_buf(hkey, pub); /* A */
2253 wpabuf_free(pub);
2254 wpabuf_put_le16(hkey, group); /* group */
2255 if (group == 19)
2256 res = hmac_sha256(wpabuf_head(hkey), wpabuf_len(hkey),
2257 wpabuf_head(secret), wpabuf_len(secret), prk);
2258 else if (group == 20)
2259 res = hmac_sha384(wpabuf_head(hkey), wpabuf_len(hkey),
2260 wpabuf_head(secret), wpabuf_len(secret), prk);
2261 else if (group == 21)
2262 res = hmac_sha512(wpabuf_head(hkey), wpabuf_len(hkey),
2263 wpabuf_head(secret), wpabuf_len(secret), prk);
2264 wpabuf_clear_free(hkey);
2265 wpabuf_clear_free(secret);
2266 if (res < 0)
2267 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2268
2269 wpa_hexdump_key(MSG_DEBUG, "OWE: prk", prk, hash_len);
2270
2271 /* PMK = HKDF-expand(prk, "OWE Key Generation", n) */
2272
2273 os_free(sta->owe_pmk);
2274 sta->owe_pmk = os_malloc(hash_len);
2275 if (!sta->owe_pmk) {
2276 os_memset(prk, 0, SHA512_MAC_LEN);
2277 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2278 }
2279
2280 if (group == 19)
2281 res = hmac_sha256_kdf(prk, hash_len, NULL, (const u8 *) info,
2282 os_strlen(info), sta->owe_pmk, hash_len);
2283 else if (group == 20)
2284 res = hmac_sha384_kdf(prk, hash_len, NULL, (const u8 *) info,
2285 os_strlen(info), sta->owe_pmk, hash_len);
2286 else if (group == 21)
2287 res = hmac_sha512_kdf(prk, hash_len, NULL, (const u8 *) info,
2288 os_strlen(info), sta->owe_pmk, hash_len);
2289 os_memset(prk, 0, SHA512_MAC_LEN);
2290 if (res < 0) {
2291 os_free(sta->owe_pmk);
2292 sta->owe_pmk = NULL;
2293 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2294 }
2295 sta->owe_pmk_len = hash_len;
2296
2297 wpa_hexdump_key(MSG_DEBUG, "OWE: PMK", sta->owe_pmk, sta->owe_pmk_len);
2298 wpa_hexdump(MSG_DEBUG, "OWE: PMKID", pmkid, PMKID_LEN);
2299 wpa_auth_pmksa_add2(hapd->wpa_auth, sta->addr, sta->owe_pmk,
2300 sta->owe_pmk_len, pmkid, 0, WPA_KEY_MGMT_OWE);
2301
2302 return WLAN_STATUS_SUCCESS;
2303 }
2304
2305 #endif /* CONFIG_OWE */
2306
2307
2308 static u16 check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta,
2309 const u8 *ies, size_t ies_len, int reassoc)
2310 {
2311 struct ieee802_11_elems elems;
2312 u16 resp;
2313 const u8 *wpa_ie;
2314 size_t wpa_ie_len;
2315 const u8 *p2p_dev_addr = NULL;
2316
2317 if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed) {
2318 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2319 HOSTAPD_LEVEL_INFO, "Station sent an invalid "
2320 "association request");
2321 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2322 }
2323
2324 resp = check_ssid(hapd, sta, elems.ssid, elems.ssid_len);
2325 if (resp != WLAN_STATUS_SUCCESS)
2326 return resp;
2327 resp = check_wmm(hapd, sta, elems.wmm, elems.wmm_len);
2328 if (resp != WLAN_STATUS_SUCCESS)
2329 return resp;
2330 resp = check_ext_capab(hapd, sta, elems.ext_capab, elems.ext_capab_len);
2331 if (resp != WLAN_STATUS_SUCCESS)
2332 return resp;
2333 resp = copy_supp_rates(hapd, sta, &elems);
2334 if (resp != WLAN_STATUS_SUCCESS)
2335 return resp;
2336 #ifdef CONFIG_IEEE80211N
2337 resp = copy_sta_ht_capab(hapd, sta, elems.ht_capabilities);
2338 if (resp != WLAN_STATUS_SUCCESS)
2339 return resp;
2340 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht &&
2341 !(sta->flags & WLAN_STA_HT)) {
2342 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2343 HOSTAPD_LEVEL_INFO, "Station does not support "
2344 "mandatory HT PHY - reject association");
2345 return WLAN_STATUS_ASSOC_DENIED_NO_HT;
2346 }
2347 #endif /* CONFIG_IEEE80211N */
2348
2349 #ifdef CONFIG_IEEE80211AC
2350 if (hapd->iconf->ieee80211ac) {
2351 resp = copy_sta_vht_capab(hapd, sta, elems.vht_capabilities);
2352 if (resp != WLAN_STATUS_SUCCESS)
2353 return resp;
2354
2355 resp = set_sta_vht_opmode(hapd, sta, elems.vht_opmode_notif);
2356 if (resp != WLAN_STATUS_SUCCESS)
2357 return resp;
2358 }
2359
2360 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht &&
2361 !(sta->flags & WLAN_STA_VHT)) {
2362 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2363 HOSTAPD_LEVEL_INFO, "Station does not support "
2364 "mandatory VHT PHY - reject association");
2365 return WLAN_STATUS_ASSOC_DENIED_NO_VHT;
2366 }
2367
2368 if (hapd->conf->vendor_vht && !elems.vht_capabilities) {
2369 resp = copy_sta_vendor_vht(hapd, sta, elems.vendor_vht,
2370 elems.vendor_vht_len);
2371 if (resp != WLAN_STATUS_SUCCESS)
2372 return resp;
2373 }
2374 #endif /* CONFIG_IEEE80211AC */
2375
2376 #ifdef CONFIG_P2P
2377 if (elems.p2p) {
2378 wpabuf_free(sta->p2p_ie);
2379 sta->p2p_ie = ieee802_11_vendor_ie_concat(ies, ies_len,
2380 P2P_IE_VENDOR_TYPE);
2381 if (sta->p2p_ie)
2382 p2p_dev_addr = p2p_get_go_dev_addr(sta->p2p_ie);
2383 } else {
2384 wpabuf_free(sta->p2p_ie);
2385 sta->p2p_ie = NULL;
2386 }
2387 #endif /* CONFIG_P2P */
2388
2389 if ((hapd->conf->wpa & WPA_PROTO_RSN) && elems.rsn_ie) {
2390 wpa_ie = elems.rsn_ie;
2391 wpa_ie_len = elems.rsn_ie_len;
2392 } else if ((hapd->conf->wpa & WPA_PROTO_WPA) &&
2393 elems.wpa_ie) {
2394 wpa_ie = elems.wpa_ie;
2395 wpa_ie_len = elems.wpa_ie_len;
2396 } else {
2397 wpa_ie = NULL;
2398 wpa_ie_len = 0;
2399 }
2400
2401 #ifdef CONFIG_WPS
2402 sta->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS | WLAN_STA_WPS2);
2403 if (hapd->conf->wps_state && elems.wps_ie) {
2404 wpa_printf(MSG_DEBUG, "STA included WPS IE in (Re)Association "
2405 "Request - assume WPS is used");
2406 sta->flags |= WLAN_STA_WPS;
2407 wpabuf_free(sta->wps_ie);
2408 sta->wps_ie = ieee802_11_vendor_ie_concat(ies, ies_len,
2409 WPS_IE_VENDOR_TYPE);
2410 if (sta->wps_ie && wps_is_20(sta->wps_ie)) {
2411 wpa_printf(MSG_DEBUG, "WPS: STA supports WPS 2.0");
2412 sta->flags |= WLAN_STA_WPS2;
2413 }
2414 wpa_ie = NULL;
2415 wpa_ie_len = 0;
2416 if (sta->wps_ie && wps_validate_assoc_req(sta->wps_ie) < 0) {
2417 wpa_printf(MSG_DEBUG, "WPS: Invalid WPS IE in "
2418 "(Re)Association Request - reject");
2419 return WLAN_STATUS_INVALID_IE;
2420 }
2421 } else if (hapd->conf->wps_state && wpa_ie == NULL) {
2422 wpa_printf(MSG_DEBUG, "STA did not include WPA/RSN IE in "
2423 "(Re)Association Request - possible WPS use");
2424 sta->flags |= WLAN_STA_MAYBE_WPS;
2425 } else
2426 #endif /* CONFIG_WPS */
2427 if (hapd->conf->wpa && wpa_ie == NULL) {
2428 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2429 HOSTAPD_LEVEL_INFO,
2430 "No WPA/RSN IE in association request");
2431 return WLAN_STATUS_INVALID_IE;
2432 }
2433
2434 if (hapd->conf->wpa && wpa_ie) {
2435 int res;
2436 wpa_ie -= 2;
2437 wpa_ie_len += 2;
2438 if (sta->wpa_sm == NULL)
2439 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
2440 sta->addr,
2441 p2p_dev_addr);
2442 if (sta->wpa_sm == NULL) {
2443 wpa_printf(MSG_WARNING, "Failed to initialize WPA "
2444 "state machine");
2445 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2446 }
2447 res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm,
2448 wpa_ie, wpa_ie_len,
2449 elems.mdie, elems.mdie_len,
2450 elems.owe_dh, elems.owe_dh_len);
2451 resp = wpa_res_to_status_code(res);
2452 if (resp != WLAN_STATUS_SUCCESS)
2453 return resp;
2454 #ifdef CONFIG_IEEE80211W
2455 if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out &&
2456 sta->sa_query_count > 0)
2457 ap_check_sa_query_timeout(hapd, sta);
2458 if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out &&
2459 (!reassoc || sta->auth_alg != WLAN_AUTH_FT)) {
2460 /*
2461 * STA has already been associated with MFP and SA
2462 * Query timeout has not been reached. Reject the
2463 * association attempt temporarily and start SA Query,
2464 * if one is not pending.
2465 */
2466
2467 if (sta->sa_query_count == 0)
2468 ap_sta_start_sa_query(hapd, sta);
2469
2470 return WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY;
2471 }
2472
2473 if (wpa_auth_uses_mfp(sta->wpa_sm))
2474 sta->flags |= WLAN_STA_MFP;
2475 else
2476 sta->flags &= ~WLAN_STA_MFP;
2477 #endif /* CONFIG_IEEE80211W */
2478
2479 #ifdef CONFIG_IEEE80211R_AP
2480 if (sta->auth_alg == WLAN_AUTH_FT) {
2481 if (!reassoc) {
2482 wpa_printf(MSG_DEBUG, "FT: " MACSTR " tried "
2483 "to use association (not "
2484 "re-association) with FT auth_alg",
2485 MAC2STR(sta->addr));
2486 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2487 }
2488
2489 resp = wpa_ft_validate_reassoc(sta->wpa_sm, ies,
2490 ies_len);
2491 if (resp != WLAN_STATUS_SUCCESS)
2492 return resp;
2493 }
2494 #endif /* CONFIG_IEEE80211R_AP */
2495
2496 #ifdef CONFIG_SAE
2497 if (wpa_auth_uses_sae(sta->wpa_sm) &&
2498 sta->auth_alg == WLAN_AUTH_OPEN) {
2499 struct rsn_pmksa_cache_entry *sa;
2500 sa = wpa_auth_sta_get_pmksa(sta->wpa_sm);
2501 if (!sa || sa->akmp != WPA_KEY_MGMT_SAE) {
2502 wpa_printf(MSG_DEBUG,
2503 "SAE: No PMKSA cache entry found for "
2504 MACSTR, MAC2STR(sta->addr));
2505 return WLAN_STATUS_INVALID_PMKID;
2506 }
2507 wpa_printf(MSG_DEBUG, "SAE: " MACSTR
2508 " using PMKSA caching", MAC2STR(sta->addr));
2509 } else if (wpa_auth_uses_sae(sta->wpa_sm) &&
2510 sta->auth_alg != WLAN_AUTH_SAE &&
2511 !(sta->auth_alg == WLAN_AUTH_FT &&
2512 wpa_auth_uses_ft_sae(sta->wpa_sm))) {
2513 wpa_printf(MSG_DEBUG, "SAE: " MACSTR " tried to use "
2514 "SAE AKM after non-SAE auth_alg %u",
2515 MAC2STR(sta->addr), sta->auth_alg);
2516 return WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG;
2517 }
2518 #endif /* CONFIG_SAE */
2519
2520 #ifdef CONFIG_OWE
2521 if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) &&
2522 wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE &&
2523 elems.owe_dh) {
2524 resp = owe_process_assoc_req(hapd, sta, elems.owe_dh,
2525 elems.owe_dh_len);
2526 if (resp != WLAN_STATUS_SUCCESS)
2527 return resp;
2528 }
2529 #endif /* CONFIG_OWE */
2530
2531 #ifdef CONFIG_IEEE80211N
2532 if ((sta->flags & (WLAN_STA_HT | WLAN_STA_VHT)) &&
2533 wpa_auth_get_pairwise(sta->wpa_sm) == WPA_CIPHER_TKIP) {
2534 hostapd_logger(hapd, sta->addr,
2535 HOSTAPD_MODULE_IEEE80211,
2536 HOSTAPD_LEVEL_INFO,
2537 "Station tried to use TKIP with HT "
2538 "association");
2539 return WLAN_STATUS_CIPHER_REJECTED_PER_POLICY;
2540 }
2541 #endif /* CONFIG_IEEE80211N */
2542 #ifdef CONFIG_HS20
2543 } else if (hapd->conf->osen) {
2544 if (elems.osen == NULL) {
2545 hostapd_logger(
2546 hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2547 HOSTAPD_LEVEL_INFO,
2548 "No HS 2.0 OSEN element in association request");
2549 return WLAN_STATUS_INVALID_IE;
2550 }
2551
2552 wpa_printf(MSG_DEBUG, "HS 2.0: OSEN association");
2553 if (sta->wpa_sm == NULL)
2554 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
2555 sta->addr, NULL);
2556 if (sta->wpa_sm == NULL) {
2557 wpa_printf(MSG_WARNING, "Failed to initialize WPA "
2558 "state machine");
2559 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2560 }
2561 if (wpa_validate_osen(hapd->wpa_auth, sta->wpa_sm,
2562 elems.osen - 2, elems.osen_len + 2) < 0)
2563 return WLAN_STATUS_INVALID_IE;
2564 #endif /* CONFIG_HS20 */
2565 } else
2566 wpa_auth_sta_no_wpa(sta->wpa_sm);
2567
2568 #ifdef CONFIG_P2P
2569 p2p_group_notif_assoc(hapd->p2p_group, sta->addr, ies, ies_len);
2570 #endif /* CONFIG_P2P */
2571
2572 #ifdef CONFIG_HS20
2573 wpabuf_free(sta->hs20_ie);
2574 if (elems.hs20 && elems.hs20_len > 4) {
2575 sta->hs20_ie = wpabuf_alloc_copy(elems.hs20 + 4,
2576 elems.hs20_len - 4);
2577 } else
2578 sta->hs20_ie = NULL;
2579 #endif /* CONFIG_HS20 */
2580
2581 #ifdef CONFIG_FST
2582 wpabuf_free(sta->mb_ies);
2583 if (hapd->iface->fst)
2584 sta->mb_ies = mb_ies_by_info(&elems.mb_ies);
2585 else
2586 sta->mb_ies = NULL;
2587 #endif /* CONFIG_FST */
2588
2589 #ifdef CONFIG_MBO
2590 mbo_ap_check_sta_assoc(hapd, sta, &elems);
2591
2592 if (hapd->conf->mbo_enabled && (hapd->conf->wpa & 2) &&
2593 elems.mbo && sta->cell_capa && !(sta->flags & WLAN_STA_MFP) &&
2594 hapd->conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
2595 wpa_printf(MSG_INFO,
2596 "MBO: Reject WPA2 association without PMF");
2597 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2598 }
2599 #endif /* CONFIG_MBO */
2600
2601 ap_copy_sta_supp_op_classes(sta, elems.supp_op_classes,
2602 elems.supp_op_classes_len);
2603
2604 if ((sta->capability & WLAN_CAPABILITY_RADIO_MEASUREMENT) &&
2605 elems.rrm_enabled &&
2606 elems.rrm_enabled_len >= sizeof(sta->rrm_enabled_capa))
2607 os_memcpy(sta->rrm_enabled_capa, elems.rrm_enabled,
2608 sizeof(sta->rrm_enabled_capa));
2609
2610 if (elems.power_capab) {
2611 sta->min_tx_power = elems.power_capab[0];
2612 sta->max_tx_power = elems.power_capab[1];
2613 sta->power_capab = 1;
2614 } else {
2615 sta->power_capab = 0;
2616 }
2617
2618 return WLAN_STATUS_SUCCESS;
2619 }
2620
2621
2622 static void send_deauth(struct hostapd_data *hapd, const u8 *addr,
2623 u16 reason_code)
2624 {
2625 int send_len;
2626 struct ieee80211_mgmt reply;
2627
2628 os_memset(&reply, 0, sizeof(reply));
2629 reply.frame_control =
2630 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_DEAUTH);
2631 os_memcpy(reply.da, addr, ETH_ALEN);
2632 os_memcpy(reply.sa, hapd->own_addr, ETH_ALEN);
2633 os_memcpy(reply.bssid, hapd->own_addr, ETH_ALEN);
2634
2635 send_len = IEEE80211_HDRLEN + sizeof(reply.u.deauth);
2636 reply.u.deauth.reason_code = host_to_le16(reason_code);
2637
2638 if (hostapd_drv_send_mlme(hapd, &reply, send_len, 0) < 0)
2639 wpa_printf(MSG_INFO, "Failed to send deauth: %s",
2640 strerror(errno));
2641 }
2642
2643
2644 static int add_associated_sta(struct hostapd_data *hapd,
2645 struct sta_info *sta)
2646 {
2647 struct ieee80211_ht_capabilities ht_cap;
2648 struct ieee80211_vht_capabilities vht_cap;
2649 int set = 1;
2650
2651 /*
2652 * Remove the STA entry to ensure the STA PS state gets cleared and
2653 * configuration gets updated. This is relevant for cases, such as
2654 * FT-over-the-DS, where a station re-associates back to the same AP but
2655 * skips the authentication flow, or if working with a driver that
2656 * does not support full AP client state.
2657 *
2658 * Skip this if the STA has already completed FT reassociation and the
2659 * TK has been configured since the TX/RX PN must not be reset to 0 for
2660 * the same key.
2661 */
2662 if (!sta->added_unassoc &&
2663 (!(sta->flags & WLAN_STA_AUTHORIZED) ||
2664 (!wpa_auth_sta_ft_tk_already_set(sta->wpa_sm) &&
2665 !wpa_auth_sta_fils_tk_already_set(sta->wpa_sm)))) {
2666 hostapd_drv_sta_remove(hapd, sta->addr);
2667 wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
2668 set = 0;
2669 }
2670
2671 #ifdef CONFIG_IEEE80211N
2672 if (sta->flags & WLAN_STA_HT)
2673 hostapd_get_ht_capab(hapd, sta->ht_capabilities, &ht_cap);
2674 #endif /* CONFIG_IEEE80211N */
2675 #ifdef CONFIG_IEEE80211AC
2676 if (sta->flags & WLAN_STA_VHT)
2677 hostapd_get_vht_capab(hapd, sta->vht_capabilities, &vht_cap);
2678 #endif /* CONFIG_IEEE80211AC */
2679
2680 /*
2681 * Add the station with forced WLAN_STA_ASSOC flag. The sta->flags
2682 * will be set when the ACK frame for the (Re)Association Response frame
2683 * is processed (TX status driver event).
2684 */
2685 if (hostapd_sta_add(hapd, sta->addr, sta->aid, sta->capability,
2686 sta->supported_rates, sta->supported_rates_len,
2687 sta->listen_interval,
2688 sta->flags & WLAN_STA_HT ? &ht_cap : NULL,
2689 sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
2690 sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
2691 sta->vht_opmode, sta->p2p_ie ? 1 : 0,
2692 set)) {
2693 hostapd_logger(hapd, sta->addr,
2694 HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
2695 "Could not %s STA to kernel driver",
2696 set ? "set" : "add");
2697
2698 if (sta->added_unassoc) {
2699 hostapd_drv_sta_remove(hapd, sta->addr);
2700 sta->added_unassoc = 0;
2701 }
2702
2703 return -1;
2704 }
2705
2706 sta->added_unassoc = 0;
2707
2708 return 0;
2709 }
2710
2711
2712 static u16 send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta,
2713 const u8 *addr, u16 status_code, int reassoc,
2714 const u8 *ies, size_t ies_len)
2715 {
2716 int send_len;
2717 u8 *buf;
2718 size_t buflen;
2719 struct ieee80211_mgmt *reply;
2720 u8 *p;
2721 u16 res = WLAN_STATUS_SUCCESS;
2722
2723 buflen = sizeof(struct ieee80211_mgmt) + 1024;
2724 #ifdef CONFIG_FILS
2725 if (sta && sta->fils_hlp_resp)
2726 buflen += wpabuf_len(sta->fils_hlp_resp);
2727 #endif /* CONFIG_FILS */
2728 #ifdef CONFIG_OWE
2729 if (sta && (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE))
2730 buflen += 150;
2731 #endif /* CONFIG_OWE */
2732 buf = os_zalloc(buflen);
2733 if (!buf) {
2734 res = WLAN_STATUS_UNSPECIFIED_FAILURE;
2735 goto done;
2736 }
2737 reply = (struct ieee80211_mgmt *) buf;
2738 reply->frame_control =
2739 IEEE80211_FC(WLAN_FC_TYPE_MGMT,
2740 (reassoc ? WLAN_FC_STYPE_REASSOC_RESP :
2741 WLAN_FC_STYPE_ASSOC_RESP));
2742 os_memcpy(reply->da, addr, ETH_ALEN);
2743 os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN);
2744 os_memcpy(reply->bssid, hapd->own_addr, ETH_ALEN);
2745
2746 send_len = IEEE80211_HDRLEN;
2747 send_len += sizeof(reply->u.assoc_resp);
2748 reply->u.assoc_resp.capab_info =
2749 host_to_le16(hostapd_own_capab_info(hapd));
2750 reply->u.assoc_resp.status_code = host_to_le16(status_code);
2751
2752 reply->u.assoc_resp.aid = host_to_le16((sta ? sta->aid : 0) |
2753 BIT(14) | BIT(15));
2754 /* Supported rates */
2755 p = hostapd_eid_supp_rates(hapd, reply->u.assoc_resp.variable);
2756 /* Extended supported rates */
2757 p = hostapd_eid_ext_supp_rates(hapd, p);
2758
2759 #ifdef CONFIG_IEEE80211R_AP
2760 if (sta && status_code == WLAN_STATUS_SUCCESS) {
2761 /* IEEE 802.11r: Mobility Domain Information, Fast BSS
2762 * Transition Information, RSN, [RIC Response] */
2763 p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, p,
2764 buf + buflen - p,
2765 sta->auth_alg, ies, ies_len);
2766 }
2767 #endif /* CONFIG_IEEE80211R_AP */
2768
2769 #ifdef CONFIG_OWE
2770 if (sta && (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE))
2771 p = wpa_auth_write_assoc_resp_owe(sta->wpa_sm, p,
2772 buf + buflen - p,
2773 ies, ies_len);
2774 #endif /* CONFIG_OWE */
2775
2776 #ifdef CONFIG_IEEE80211W
2777 if (sta && status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY)
2778 p = hostapd_eid_assoc_comeback_time(hapd, sta, p);
2779 #endif /* CONFIG_IEEE80211W */
2780
2781 #ifdef CONFIG_IEEE80211N
2782 p = hostapd_eid_ht_capabilities(hapd, p);
2783 p = hostapd_eid_ht_operation(hapd, p);
2784 #endif /* CONFIG_IEEE80211N */
2785
2786 #ifdef CONFIG_IEEE80211AC
2787 if (hapd->iconf->ieee80211ac && !hapd->conf->disable_11ac) {
2788 u32 nsts = 0, sta_nsts;
2789
2790 if (sta && hapd->conf->use_sta_nsts && sta->vht_capabilities) {
2791 struct ieee80211_vht_capabilities *capa;
2792
2793 nsts = (hapd->iface->conf->vht_capab >>
2794 VHT_CAP_BEAMFORMEE_STS_OFFSET) & 7;
2795 capa = sta->vht_capabilities;
2796 sta_nsts = (le_to_host32(capa->vht_capabilities_info) >>
2797 VHT_CAP_BEAMFORMEE_STS_OFFSET) & 7;
2798
2799 if (nsts < sta_nsts)
2800 nsts = 0;
2801 else
2802 nsts = sta_nsts;
2803 }
2804 p = hostapd_eid_vht_capabilities(hapd, p, nsts);
2805 p = hostapd_eid_vht_operation(hapd, p);
2806 }
2807 #endif /* CONFIG_IEEE80211AC */
2808
2809 p = hostapd_eid_ext_capab(hapd, p);
2810 p = hostapd_eid_bss_max_idle_period(hapd, p);
2811 if (sta && sta->qos_map_enabled)
2812 p = hostapd_eid_qos_map_set(hapd, p);
2813
2814 #ifdef CONFIG_FST
2815 if (hapd->iface->fst_ies) {
2816 os_memcpy(p, wpabuf_head(hapd->iface->fst_ies),
2817 wpabuf_len(hapd->iface->fst_ies));
2818 p += wpabuf_len(hapd->iface->fst_ies);
2819 }
2820 #endif /* CONFIG_FST */
2821
2822 #ifdef CONFIG_IEEE80211AC
2823 if (sta && hapd->conf->vendor_vht && (sta->flags & WLAN_STA_VENDOR_VHT))
2824 p = hostapd_eid_vendor_vht(hapd, p);
2825 #endif /* CONFIG_IEEE80211AC */
2826
2827 if (sta && (sta->flags & WLAN_STA_WMM))
2828 p = hostapd_eid_wmm(hapd, p);
2829
2830 #ifdef CONFIG_WPS
2831 if (sta &&
2832 ((sta->flags & WLAN_STA_WPS) ||
2833 ((sta->flags & WLAN_STA_MAYBE_WPS) && hapd->conf->wpa))) {
2834 struct wpabuf *wps = wps_build_assoc_resp_ie();
2835 if (wps) {
2836 os_memcpy(p, wpabuf_head(wps), wpabuf_len(wps));
2837 p += wpabuf_len(wps);
2838 wpabuf_free(wps);
2839 }
2840 }
2841 #endif /* CONFIG_WPS */
2842
2843 #ifdef CONFIG_P2P
2844 if (sta && sta->p2p_ie && hapd->p2p_group) {
2845 struct wpabuf *p2p_resp_ie;
2846 enum p2p_status_code status;
2847 switch (status_code) {
2848 case WLAN_STATUS_SUCCESS:
2849 status = P2P_SC_SUCCESS;
2850 break;
2851 case WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA:
2852 status = P2P_SC_FAIL_LIMIT_REACHED;
2853 break;
2854 default:
2855 status = P2P_SC_FAIL_INVALID_PARAMS;
2856 break;
2857 }
2858 p2p_resp_ie = p2p_group_assoc_resp_ie(hapd->p2p_group, status);
2859 if (p2p_resp_ie) {
2860 os_memcpy(p, wpabuf_head(p2p_resp_ie),
2861 wpabuf_len(p2p_resp_ie));
2862 p += wpabuf_len(p2p_resp_ie);
2863 wpabuf_free(p2p_resp_ie);
2864 }
2865 }
2866 #endif /* CONFIG_P2P */
2867
2868 #ifdef CONFIG_P2P_MANAGER
2869 if (hapd->conf->p2p & P2P_MANAGE)
2870 p = hostapd_eid_p2p_manage(hapd, p);
2871 #endif /* CONFIG_P2P_MANAGER */
2872
2873 p = hostapd_eid_mbo(hapd, p, buf + buflen - p);
2874
2875 if (hapd->conf->assocresp_elements &&
2876 (size_t) (buf + buflen - p) >=
2877 wpabuf_len(hapd->conf->assocresp_elements)) {
2878 os_memcpy(p, wpabuf_head(hapd->conf->assocresp_elements),
2879 wpabuf_len(hapd->conf->assocresp_elements));
2880 p += wpabuf_len(hapd->conf->assocresp_elements);
2881 }
2882
2883 send_len += p - reply->u.assoc_resp.variable;
2884
2885 #ifdef CONFIG_FILS
2886 if (sta &&
2887 (sta->auth_alg == WLAN_AUTH_FILS_SK ||
2888 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
2889 sta->auth_alg == WLAN_AUTH_FILS_PK) &&
2890 status_code == WLAN_STATUS_SUCCESS) {
2891 struct ieee802_11_elems elems;
2892
2893 if (ieee802_11_parse_elems(ies, ies_len, &elems, 0) ==
2894 ParseFailed || !elems.fils_session) {
2895 res = WLAN_STATUS_UNSPECIFIED_FAILURE;
2896 goto done;
2897 }
2898
2899 /* FILS Session */
2900 *p++ = WLAN_EID_EXTENSION; /* Element ID */
2901 *p++ = 1 + FILS_SESSION_LEN; /* Length */
2902 *p++ = WLAN_EID_EXT_FILS_SESSION; /* Element ID Extension */
2903 os_memcpy(p, elems.fils_session, FILS_SESSION_LEN);
2904 send_len += 2 + 1 + FILS_SESSION_LEN;
2905
2906 send_len = fils_encrypt_assoc(sta->wpa_sm, buf, send_len,
2907 buflen, sta->fils_hlp_resp);
2908 if (send_len < 0) {
2909 res = WLAN_STATUS_UNSPECIFIED_FAILURE;
2910 goto done;
2911 }
2912 }
2913 #endif /* CONFIG_FILS */
2914
2915 #ifdef CONFIG_OWE
2916 if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) &&
2917 sta && sta->owe_ecdh &&
2918 wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE) {
2919 struct wpabuf *pub;
2920
2921 pub = crypto_ecdh_get_pubkey(sta->owe_ecdh, 0);
2922 if (!pub) {
2923 res = WLAN_STATUS_UNSPECIFIED_FAILURE;
2924 goto done;
2925 }
2926 /* OWE Diffie-Hellman Parameter element */
2927 *p++ = WLAN_EID_EXTENSION; /* Element ID */
2928 *p++ = 1 + 2 + wpabuf_len(pub); /* Length */
2929 *p++ = WLAN_EID_EXT_OWE_DH_PARAM; /* Element ID Extension */
2930 WPA_PUT_LE16(p, sta->owe_group);
2931 p += 2;
2932 os_memcpy(p, wpabuf_head(pub), wpabuf_len(pub));
2933 p += wpabuf_len(pub);
2934 send_len += 3 + 2 + wpabuf_len(pub);
2935 wpabuf_free(pub);
2936 }
2937 #endif /* CONFIG_OWE */
2938
2939 if (hostapd_drv_send_mlme(hapd, reply, send_len, 0) < 0) {
2940 wpa_printf(MSG_INFO, "Failed to send assoc resp: %s",
2941 strerror(errno));
2942 res = WLAN_STATUS_UNSPECIFIED_FAILURE;
2943 }
2944
2945 done:
2946 os_free(buf);
2947 return res;
2948 }
2949
2950
2951 #ifdef CONFIG_OWE
2952 u8 * owe_auth_req_process(struct hostapd_data *hapd, struct sta_info *sta,
2953 const u8 *owe_dh, u8 owe_dh_len,
2954 u8 *owe_buf, u16 *reason)
2955 {
2956 struct wpabuf *pub;
2957
2958 *reason = owe_process_assoc_req(hapd, sta, owe_dh, owe_dh_len);
2959 if (*reason != WLAN_STATUS_SUCCESS)
2960 return NULL;
2961 pub = crypto_ecdh_get_pubkey(sta->owe_ecdh, 0);
2962 if (!pub) {
2963 *reason = WLAN_STATUS_UNSPECIFIED_FAILURE;
2964 return NULL;
2965 }
2966
2967 /* OWE Diffie-Hellman Parameter element */
2968 *owe_buf++ = WLAN_EID_EXTENSION; /* Element ID */
2969 *owe_buf++ = 1 + 2 + wpabuf_len(pub); /* Length */
2970 *owe_buf++ = WLAN_EID_EXT_OWE_DH_PARAM; /* Element ID Extension */
2971 WPA_PUT_LE16(owe_buf, OWE_DH_GROUP);
2972 owe_buf += 2;
2973 os_memcpy(owe_buf, wpabuf_head(pub), wpabuf_len(pub));
2974 owe_buf += wpabuf_len(pub);
2975 wpabuf_free(pub);
2976 *reason = WLAN_STATUS_SUCCESS;
2977 return owe_buf;
2978 }
2979 #endif /* CONFIG_OWE */
2980
2981
2982 #ifdef CONFIG_FILS
2983
2984 void fils_hlp_finish_assoc(struct hostapd_data *hapd, struct sta_info *sta)
2985 {
2986 u16 reply_res;
2987
2988 wpa_printf(MSG_DEBUG, "FILS: Finish association with " MACSTR,
2989 MAC2STR(sta->addr));
2990 eloop_cancel_timeout(fils_hlp_timeout, hapd, sta);
2991 if (!sta->fils_pending_assoc_req)
2992 return;
2993 reply_res = send_assoc_resp(hapd, sta, sta->addr, WLAN_STATUS_SUCCESS,
2994 sta->fils_pending_assoc_is_reassoc,
2995 sta->fils_pending_assoc_req,
2996 sta->fils_pending_assoc_req_len);
2997 os_free(sta->fils_pending_assoc_req);
2998 sta->fils_pending_assoc_req = NULL;
2999 sta->fils_pending_assoc_req_len = 0;
3000 wpabuf_free(sta->fils_hlp_resp);
3001 sta->fils_hlp_resp = NULL;
3002 wpabuf_free(sta->hlp_dhcp_discover);
3003 sta->hlp_dhcp_discover = NULL;
3004
3005 /*
3006 * Remove the station in case transmission of a success response fails.
3007 * At this point the station was already added associated to the driver.
3008 */
3009 if (reply_res != WLAN_STATUS_SUCCESS)
3010 hostapd_drv_sta_remove(hapd, sta->addr);
3011 }
3012
3013
3014 void fils_hlp_timeout(void *eloop_ctx, void *eloop_data)
3015 {
3016 struct hostapd_data *hapd = eloop_ctx;
3017 struct sta_info *sta = eloop_data;
3018
3019 wpa_printf(MSG_DEBUG,
3020 "FILS: HLP response timeout - continue with association response for "
3021 MACSTR, MAC2STR(sta->addr));
3022 if (sta->fils_drv_assoc_finish)
3023 hostapd_notify_assoc_fils_finish(hapd, sta);
3024 else
3025 fils_hlp_finish_assoc(hapd, sta);
3026 }
3027
3028 #endif /* CONFIG_FILS */
3029
3030
3031 static void handle_assoc(struct hostapd_data *hapd,
3032 const struct ieee80211_mgmt *mgmt, size_t len,
3033 int reassoc)
3034 {
3035 u16 capab_info, listen_interval, seq_ctrl, fc;
3036 u16 resp = WLAN_STATUS_SUCCESS, reply_res;
3037 const u8 *pos;
3038 int left, i;
3039 struct sta_info *sta;
3040 u8 *tmp = NULL;
3041 struct hostapd_sta_wpa_psk_short *psk = NULL;
3042 char *identity = NULL;
3043 char *radius_cui = NULL;
3044 #ifdef CONFIG_FILS
3045 int delay_assoc = 0;
3046 #endif /* CONFIG_FILS */
3047
3048 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) :
3049 sizeof(mgmt->u.assoc_req))) {
3050 wpa_printf(MSG_INFO, "handle_assoc(reassoc=%d) - too short payload (len=%lu)",
3051 reassoc, (unsigned long) len);
3052 return;
3053 }
3054
3055 #ifdef CONFIG_TESTING_OPTIONS
3056 if (reassoc) {
3057 if (hapd->iconf->ignore_reassoc_probability > 0.0 &&
3058 drand48() < hapd->iconf->ignore_reassoc_probability) {
3059 wpa_printf(MSG_INFO,
3060 "TESTING: ignoring reassoc request from "
3061 MACSTR, MAC2STR(mgmt->sa));
3062 return;
3063 }
3064 } else {
3065 if (hapd->iconf->ignore_assoc_probability > 0.0 &&
3066 drand48() < hapd->iconf->ignore_assoc_probability) {
3067 wpa_printf(MSG_INFO,
3068 "TESTING: ignoring assoc request from "
3069 MACSTR, MAC2STR(mgmt->sa));
3070 return;
3071 }
3072 }
3073 #endif /* CONFIG_TESTING_OPTIONS */
3074
3075 fc = le_to_host16(mgmt->frame_control);
3076 seq_ctrl = le_to_host16(mgmt->seq_ctrl);
3077
3078 if (reassoc) {
3079 capab_info = le_to_host16(mgmt->u.reassoc_req.capab_info);
3080 listen_interval = le_to_host16(
3081 mgmt->u.reassoc_req.listen_interval);
3082 wpa_printf(MSG_DEBUG, "reassociation request: STA=" MACSTR
3083 " capab_info=0x%02x listen_interval=%d current_ap="
3084 MACSTR " seq_ctrl=0x%x%s",
3085 MAC2STR(mgmt->sa), capab_info, listen_interval,
3086 MAC2STR(mgmt->u.reassoc_req.current_ap),
3087 seq_ctrl, (fc & WLAN_FC_RETRY) ? " retry" : "");
3088 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.reassoc_req));
3089 pos = mgmt->u.reassoc_req.variable;
3090 } else {
3091 capab_info = le_to_host16(mgmt->u.assoc_req.capab_info);
3092 listen_interval = le_to_host16(
3093 mgmt->u.assoc_req.listen_interval);
3094 wpa_printf(MSG_DEBUG, "association request: STA=" MACSTR
3095 " capab_info=0x%02x listen_interval=%d "
3096 "seq_ctrl=0x%x%s",
3097 MAC2STR(mgmt->sa), capab_info, listen_interval,
3098 seq_ctrl, (fc & WLAN_FC_RETRY) ? " retry" : "");
3099 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.assoc_req));
3100 pos = mgmt->u.assoc_req.variable;
3101 }
3102
3103 sta = ap_get_sta(hapd, mgmt->sa);
3104 #ifdef CONFIG_IEEE80211R_AP
3105 if (sta && sta->auth_alg == WLAN_AUTH_FT &&
3106 (sta->flags & WLAN_STA_AUTH) == 0) {
3107 wpa_printf(MSG_DEBUG, "FT: Allow STA " MACSTR " to associate "
3108 "prior to authentication since it is using "
3109 "over-the-DS FT", MAC2STR(mgmt->sa));
3110
3111 /*
3112 * Mark station as authenticated, to avoid adding station
3113 * entry in the driver as associated and not authenticated
3114 */
3115 sta->flags |= WLAN_STA_AUTH;
3116 } else
3117 #endif /* CONFIG_IEEE80211R_AP */
3118 if (sta == NULL || (sta->flags & WLAN_STA_AUTH) == 0) {
3119 if (hapd->iface->current_mode &&
3120 hapd->iface->current_mode->mode ==
3121 HOSTAPD_MODE_IEEE80211AD) {
3122 int acl_res;
3123 u32 session_timeout, acct_interim_interval;
3124 struct vlan_description vlan_id;
3125
3126 acl_res = ieee802_11_allowed_address(
3127 hapd, mgmt->sa, (const u8 *) mgmt, len,
3128 &session_timeout, &acct_interim_interval,
3129 &vlan_id, &psk, &identity, &radius_cui);
3130 if (acl_res == HOSTAPD_ACL_REJECT) {
3131 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
3132 goto fail;
3133 }
3134 if (acl_res == HOSTAPD_ACL_PENDING)
3135 return;
3136
3137 /* DMG/IEEE 802.11ad does not use authentication.
3138 * Allocate sta entry upon association. */
3139 sta = ap_sta_add(hapd, mgmt->sa);
3140 if (!sta) {
3141 hostapd_logger(hapd, mgmt->sa,
3142 HOSTAPD_MODULE_IEEE80211,
3143 HOSTAPD_LEVEL_INFO,
3144 "Failed to add STA");
3145 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
3146 goto fail;
3147 }
3148
3149 acl_res = ieee802_11_set_radius_info(
3150 hapd, sta, acl_res, session_timeout,
3151 acct_interim_interval, &vlan_id, &psk,
3152 &identity, &radius_cui);
3153 if (acl_res) {
3154 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
3155 goto fail;
3156 }
3157
3158 hostapd_logger(hapd, sta->addr,
3159 HOSTAPD_MODULE_IEEE80211,
3160 HOSTAPD_LEVEL_DEBUG,
3161 "Skip authentication for DMG/IEEE 802.11ad");
3162 sta->flags |= WLAN_STA_AUTH;
3163 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
3164 sta->auth_alg = WLAN_AUTH_OPEN;
3165 } else {
3166 hostapd_logger(hapd, mgmt->sa,
3167 HOSTAPD_MODULE_IEEE80211,
3168 HOSTAPD_LEVEL_INFO,
3169 "Station tried to associate before authentication (aid=%d flags=0x%x)",
3170 sta ? sta->aid : -1,
3171 sta ? sta->flags : 0);
3172 send_deauth(hapd, mgmt->sa,
3173 WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA);
3174 return;
3175 }
3176 }
3177
3178 if ((fc & WLAN_FC_RETRY) &&
3179 sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ &&
3180 sta->last_seq_ctrl == seq_ctrl &&
3181 sta->last_subtype == (reassoc ? WLAN_FC_STYPE_REASSOC_REQ :
3182 WLAN_FC_STYPE_ASSOC_REQ)) {
3183 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
3184 HOSTAPD_LEVEL_DEBUG,
3185 "Drop repeated association frame seq_ctrl=0x%x",
3186 seq_ctrl);
3187 return;
3188 }
3189 sta->last_seq_ctrl = seq_ctrl;
3190 sta->last_subtype = reassoc ? WLAN_FC_STYPE_REASSOC_REQ :
3191 WLAN_FC_STYPE_ASSOC_REQ;
3192
3193 if (hapd->tkip_countermeasures) {
3194 resp = WLAN_REASON_MICHAEL_MIC_FAILURE;
3195 goto fail;
3196 }
3197
3198 if (listen_interval > hapd->conf->max_listen_interval) {
3199 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
3200 HOSTAPD_LEVEL_DEBUG,
3201 "Too large Listen Interval (%d)",
3202 listen_interval);
3203 resp = WLAN_STATUS_ASSOC_DENIED_LISTEN_INT_TOO_LARGE;
3204 goto fail;
3205 }
3206
3207 #ifdef CONFIG_MBO
3208 if (hapd->conf->mbo_enabled && hapd->mbo_assoc_disallow) {
3209 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
3210 goto fail;
3211 }
3212 #endif /* CONFIG_MBO */
3213
3214 /*
3215 * sta->capability is used in check_assoc_ies() for RRM enabled
3216 * capability element.
3217 */
3218 sta->capability = capab_info;
3219
3220 #ifdef CONFIG_FILS
3221 if (sta->auth_alg == WLAN_AUTH_FILS_SK ||
3222 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
3223 sta->auth_alg == WLAN_AUTH_FILS_PK) {
3224 /* The end of the payload is encrypted. Need to decrypt it
3225 * before parsing. */
3226
3227 tmp = os_memdup(pos, left);
3228 if (!tmp) {
3229 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
3230 goto fail;
3231 }
3232
3233 left = fils_decrypt_assoc(sta->wpa_sm, sta->fils_session, mgmt,
3234 len, tmp, left);
3235 if (left < 0) {
3236 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
3237 goto fail;
3238 }
3239 pos = tmp;
3240 }
3241 #endif /* CONFIG_FILS */
3242
3243 /* followed by SSID and Supported rates; and HT capabilities if 802.11n
3244 * is used */
3245 resp = check_assoc_ies(hapd, sta, pos, left, reassoc);
3246 if (resp != WLAN_STATUS_SUCCESS)
3247 goto fail;
3248
3249 if (hostapd_get_aid(hapd, sta) < 0) {
3250 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
3251 HOSTAPD_LEVEL_INFO, "No room for more AIDs");
3252 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
3253 goto fail;
3254 }
3255
3256 sta->listen_interval = listen_interval;
3257
3258 if (hapd->iface->current_mode &&
3259 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G)
3260 sta->flags |= WLAN_STA_NONERP;
3261 for (i = 0; i < sta->supported_rates_len; i++) {
3262 if ((sta->supported_rates[i] & 0x7f) > 22) {
3263 sta->flags &= ~WLAN_STA_NONERP;
3264 break;
3265 }
3266 }
3267 if (sta->flags & WLAN_STA_NONERP && !sta->nonerp_set) {
3268 sta->nonerp_set = 1;
3269 hapd->iface->num_sta_non_erp++;
3270 if (hapd->iface->num_sta_non_erp == 1)
3271 ieee802_11_set_beacons(hapd->iface);
3272 }
3273
3274 if (!(sta->capability & WLAN_CAPABILITY_SHORT_SLOT_TIME) &&
3275 !sta->no_short_slot_time_set) {
3276 sta->no_short_slot_time_set = 1;
3277 hapd->iface->num_sta_no_short_slot_time++;
3278 if (hapd->iface->current_mode &&
3279 hapd->iface->current_mode->mode ==
3280 HOSTAPD_MODE_IEEE80211G &&
3281 hapd->iface->num_sta_no_short_slot_time == 1)
3282 ieee802_11_set_beacons(hapd->iface);
3283 }
3284
3285 if (sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE)
3286 sta->flags |= WLAN_STA_SHORT_PREAMBLE;
3287 else
3288 sta->flags &= ~WLAN_STA_SHORT_PREAMBLE;
3289
3290 if (!(sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE) &&
3291 !sta->no_short_preamble_set) {
3292 sta->no_short_preamble_set = 1;
3293 hapd->iface->num_sta_no_short_preamble++;
3294 if (hapd->iface->current_mode &&
3295 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G
3296 && hapd->iface->num_sta_no_short_preamble == 1)
3297 ieee802_11_set_beacons(hapd->iface);
3298 }
3299
3300 #ifdef CONFIG_IEEE80211N
3301 update_ht_state(hapd, sta);
3302 #endif /* CONFIG_IEEE80211N */
3303
3304 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
3305 HOSTAPD_LEVEL_DEBUG,
3306 "association OK (aid %d)", sta->aid);
3307 /* Station will be marked associated, after it acknowledges AssocResp
3308 */
3309 sta->flags |= WLAN_STA_ASSOC_REQ_OK;
3310
3311 #ifdef CONFIG_IEEE80211W
3312 if ((sta->flags & WLAN_STA_MFP) && sta->sa_query_timed_out) {
3313 wpa_printf(MSG_DEBUG, "Allowing %sassociation after timed out "
3314 "SA Query procedure", reassoc ? "re" : "");
3315 /* TODO: Send a protected Disassociate frame to the STA using
3316 * the old key and Reason Code "Previous Authentication no
3317 * longer valid". Make sure this is only sent protected since
3318 * unprotected frame would be received by the STA that is now
3319 * trying to associate.
3320 */
3321 }
3322 #endif /* CONFIG_IEEE80211W */
3323
3324 /* Make sure that the previously registered inactivity timer will not
3325 * remove the STA immediately. */
3326 sta->timeout_next = STA_NULLFUNC;
3327
3328 #ifdef CONFIG_TAXONOMY
3329 taxonomy_sta_info_assoc_req(hapd, sta, pos, left);
3330 #endif /* CONFIG_TAXONOMY */
3331
3332 sta->pending_wds_enable = 0;
3333
3334 #ifdef CONFIG_FILS
3335 if (sta->auth_alg == WLAN_AUTH_FILS_SK ||
3336 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
3337 sta->auth_alg == WLAN_AUTH_FILS_PK) {
3338 if (fils_process_hlp(hapd, sta, pos, left) > 0)
3339 delay_assoc = 1;
3340 }
3341 #endif /* CONFIG_FILS */
3342
3343 fail:
3344 os_free(identity);
3345 os_free(radius_cui);
3346 hostapd_free_psk_list(psk);
3347
3348 /*
3349 * In case of a successful response, add the station to the driver.
3350 * Otherwise, the kernel may ignore Data frames before we process the
3351 * ACK frame (TX status). In case of a failure, this station will be
3352 * removed.
3353 *
3354 * Note that this is not compliant with the IEEE 802.11 standard that
3355 * states that a non-AP station should transition into the
3356 * authenticated/associated state only after the station acknowledges
3357 * the (Re)Association Response frame. However, still do this as:
3358 *
3359 * 1. In case the station does not acknowledge the (Re)Association
3360 * Response frame, it will be removed.
3361 * 2. Data frames will be dropped in the kernel until the station is
3362 * set into authorized state, and there are no significant known
3363 * issues with processing other non-Data Class 3 frames during this
3364 * window.
3365 */
3366 if (resp == WLAN_STATUS_SUCCESS && sta && add_associated_sta(hapd, sta))
3367 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
3368
3369 #ifdef CONFIG_FILS
3370 if (sta) {
3371 eloop_cancel_timeout(fils_hlp_timeout, hapd, sta);
3372 os_free(sta->fils_pending_assoc_req);
3373 sta->fils_pending_assoc_req = NULL;
3374 sta->fils_pending_assoc_req_len = 0;
3375 wpabuf_free(sta->fils_hlp_resp);
3376 sta->fils_hlp_resp = NULL;
3377 }
3378 if (sta && delay_assoc && resp == WLAN_STATUS_SUCCESS) {
3379 sta->fils_pending_assoc_req = tmp;
3380 sta->fils_pending_assoc_req_len = left;
3381 sta->fils_pending_assoc_is_reassoc = reassoc;
3382 sta->fils_drv_assoc_finish = 0;
3383 wpa_printf(MSG_DEBUG,
3384 "FILS: Waiting for HLP processing before sending (Re)Association Response frame to "
3385 MACSTR, MAC2STR(sta->addr));
3386 eloop_cancel_timeout(fils_hlp_timeout, hapd, sta);
3387 eloop_register_timeout(0, hapd->conf->fils_hlp_wait_time * 1024,
3388 fils_hlp_timeout, hapd, sta);
3389 return;
3390 }
3391 #endif /* CONFIG_FILS */
3392
3393 reply_res = send_assoc_resp(hapd, sta, mgmt->sa, resp, reassoc, pos,
3394 left);
3395 os_free(tmp);
3396
3397 /*
3398 * Remove the station in case tranmission of a success response fails
3399 * (the STA was added associated to the driver) or if the station was
3400 * previously added unassociated.
3401 */
3402 if (sta && ((reply_res != WLAN_STATUS_SUCCESS &&
3403 resp == WLAN_STATUS_SUCCESS) || sta->added_unassoc)) {
3404 hostapd_drv_sta_remove(hapd, sta->addr);
3405 sta->added_unassoc = 0;
3406 }
3407 }
3408
3409
3410 static void handle_disassoc(struct hostapd_data *hapd,
3411 const struct ieee80211_mgmt *mgmt, size_t len)
3412 {
3413 struct sta_info *sta;
3414
3415 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.disassoc)) {
3416 wpa_printf(MSG_INFO, "handle_disassoc - too short payload (len=%lu)",
3417 (unsigned long) len);
3418 return;
3419 }
3420
3421 wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d",
3422 MAC2STR(mgmt->sa),
3423 le_to_host16(mgmt->u.disassoc.reason_code));
3424
3425 sta = ap_get_sta(hapd, mgmt->sa);
3426 if (sta == NULL) {
3427 wpa_printf(MSG_INFO, "Station " MACSTR " trying to disassociate, but it is not associated",
3428 MAC2STR(mgmt->sa));
3429 return;
3430 }
3431
3432 ap_sta_set_authorized(hapd, sta, 0);
3433 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
3434 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK);
3435 wpa_auth_sm_event(sta->wpa_sm, WPA_DISASSOC);
3436 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
3437 HOSTAPD_LEVEL_INFO, "disassociated");
3438 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST;
3439 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
3440 /* Stop Accounting and IEEE 802.1X sessions, but leave the STA
3441 * authenticated. */
3442 accounting_sta_stop(hapd, sta);
3443 ieee802_1x_free_station(hapd, sta);
3444 if (sta->ipaddr)
3445 hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr);
3446 ap_sta_ip6addr_del(hapd, sta);
3447 hostapd_drv_sta_remove(hapd, sta->addr);
3448 sta->added_unassoc = 0;
3449
3450 if (sta->timeout_next == STA_NULLFUNC ||
3451 sta->timeout_next == STA_DISASSOC) {
3452 sta->timeout_next = STA_DEAUTH;
3453 eloop_cancel_timeout(ap_handle_timer, hapd, sta);
3454 eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer,
3455 hapd, sta);
3456 }
3457
3458 mlme_disassociate_indication(
3459 hapd, sta, le_to_host16(mgmt->u.disassoc.reason_code));
3460
3461 /* DMG/IEEE 802.11ad does not use deauthication. Deallocate sta upon
3462 * disassociation. */
3463 if (hapd->iface->current_mode &&
3464 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) {
3465 sta->flags &= ~WLAN_STA_AUTH;
3466 wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH);
3467 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
3468 HOSTAPD_LEVEL_DEBUG, "deauthenticated");
3469 ap_free_sta(hapd, sta);
3470 }
3471 }
3472
3473
3474 static void handle_deauth(struct hostapd_data *hapd,
3475 const struct ieee80211_mgmt *mgmt, size_t len)
3476 {
3477 struct sta_info *sta;
3478
3479 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.deauth)) {
3480 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "handle_deauth - too short "
3481 "payload (len=%lu)", (unsigned long) len);
3482 return;
3483 }
3484
3485 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "deauthentication: STA=" MACSTR
3486 " reason_code=%d",
3487 MAC2STR(mgmt->sa), le_to_host16(mgmt->u.deauth.reason_code));
3488
3489 sta = ap_get_sta(hapd, mgmt->sa);
3490 if (sta == NULL) {
3491 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR " trying "
3492 "to deauthenticate, but it is not authenticated",
3493 MAC2STR(mgmt->sa));
3494 return;
3495 }
3496
3497 ap_sta_set_authorized(hapd, sta, 0);
3498 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
3499 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC |
3500 WLAN_STA_ASSOC_REQ_OK);
3501 wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH);
3502 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
3503 HOSTAPD_LEVEL_DEBUG, "deauthenticated");
3504 mlme_deauthenticate_indication(
3505 hapd, sta, le_to_host16(mgmt->u.deauth.reason_code));
3506 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST;
3507 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
3508 ap_free_sta(hapd, sta);
3509 }
3510
3511
3512 static void handle_beacon(struct hostapd_data *hapd,
3513 const struct ieee80211_mgmt *mgmt, size_t len,
3514 struct hostapd_frame_info *fi)
3515 {
3516 struct ieee802_11_elems elems;
3517
3518 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.beacon)) {
3519 wpa_printf(MSG_INFO, "handle_beacon - too short payload (len=%lu)",
3520 (unsigned long) len);
3521 return;
3522 }
3523
3524 (void) ieee802_11_parse_elems(mgmt->u.beacon.variable,
3525 len - (IEEE80211_HDRLEN +
3526 sizeof(mgmt->u.beacon)), &elems,
3527 0);
3528
3529 ap_list_process_beacon(hapd->iface, mgmt, &elems, fi);
3530 }
3531
3532
3533 #ifdef CONFIG_IEEE80211W
3534
3535 static int hostapd_sa_query_action(struct hostapd_data *hapd,
3536 const struct ieee80211_mgmt *mgmt,
3537 size_t len)
3538 {
3539 const u8 *end;
3540
3541 end = mgmt->u.action.u.sa_query_resp.trans_id +
3542 WLAN_SA_QUERY_TR_ID_LEN;
3543 if (((u8 *) mgmt) + len < end) {
3544 wpa_printf(MSG_DEBUG, "IEEE 802.11: Too short SA Query Action "
3545 "frame (len=%lu)", (unsigned long) len);
3546 return 0;
3547 }
3548
3549 ieee802_11_sa_query_action(hapd, mgmt->sa,
3550 mgmt->u.action.u.sa_query_resp.action,
3551 mgmt->u.action.u.sa_query_resp.trans_id);
3552 return 1;
3553 }
3554
3555
3556 static int robust_action_frame(u8 category)
3557 {
3558 return category != WLAN_ACTION_PUBLIC &&
3559 category != WLAN_ACTION_HT;
3560 }
3561 #endif /* CONFIG_IEEE80211W */
3562
3563
3564 static int handle_action(struct hostapd_data *hapd,
3565 const struct ieee80211_mgmt *mgmt, size_t len)
3566 {
3567 struct sta_info *sta;
3568 sta = ap_get_sta(hapd, mgmt->sa);
3569
3570 if (len < IEEE80211_HDRLEN + 1) {
3571 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
3572 HOSTAPD_LEVEL_DEBUG,
3573 "handle_action - too short payload (len=%lu)",
3574 (unsigned long) len);
3575 return 0;
3576 }
3577
3578 if (mgmt->u.action.category != WLAN_ACTION_PUBLIC &&
3579 (sta == NULL || !(sta->flags & WLAN_STA_ASSOC))) {
3580 wpa_printf(MSG_DEBUG, "IEEE 802.11: Ignored Action "
3581 "frame (category=%u) from unassociated STA " MACSTR,
3582 mgmt->u.action.category, MAC2STR(mgmt->sa));
3583 return 0;
3584 }
3585
3586 #ifdef CONFIG_IEEE80211W
3587 if (sta && (sta->flags & WLAN_STA_MFP) &&
3588 !(mgmt->frame_control & host_to_le16(WLAN_FC_ISWEP)) &&
3589 robust_action_frame(mgmt->u.action.category)) {
3590 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
3591 HOSTAPD_LEVEL_DEBUG,
3592 "Dropped unprotected Robust Action frame from "
3593 "an MFP STA");
3594 return 0;
3595 }
3596 #endif /* CONFIG_IEEE80211W */
3597
3598 if (sta) {
3599 u16 fc = le_to_host16(mgmt->frame_control);
3600 u16 seq_ctrl = le_to_host16(mgmt->seq_ctrl);
3601
3602 if ((fc & WLAN_FC_RETRY) &&
3603 sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ &&
3604 sta->last_seq_ctrl == seq_ctrl &&
3605 sta->last_subtype == WLAN_FC_STYPE_ACTION) {
3606 hostapd_logger(hapd, sta->addr,
3607 HOSTAPD_MODULE_IEEE80211,
3608 HOSTAPD_LEVEL_DEBUG,
3609 "Drop repeated action frame seq_ctrl=0x%x",
3610 seq_ctrl);
3611 return 1;
3612 }
3613
3614 sta->last_seq_ctrl = seq_ctrl;
3615 sta->last_subtype = WLAN_FC_STYPE_ACTION;
3616 }
3617
3618 switch (mgmt->u.action.category) {
3619 #ifdef CONFIG_IEEE80211R_AP
3620 case WLAN_ACTION_FT:
3621 if (!sta ||
3622 wpa_ft_action_rx(sta->wpa_sm, (u8 *) &mgmt->u.action,
3623 len - IEEE80211_HDRLEN))
3624 break;
3625 return 1;
3626 #endif /* CONFIG_IEEE80211R_AP */
3627 case WLAN_ACTION_WMM:
3628 hostapd_wmm_action(hapd, mgmt, len);
3629 return 1;
3630 #ifdef CONFIG_IEEE80211W
3631 case WLAN_ACTION_SA_QUERY:
3632 return hostapd_sa_query_action(hapd, mgmt, len);
3633 #endif /* CONFIG_IEEE80211W */
3634 #ifdef CONFIG_WNM_AP
3635 case WLAN_ACTION_WNM:
3636 ieee802_11_rx_wnm_action_ap(hapd, mgmt, len);
3637 return 1;
3638 #endif /* CONFIG_WNM_AP */
3639 #ifdef CONFIG_FST
3640 case WLAN_ACTION_FST:
3641 if (hapd->iface->fst)
3642 fst_rx_action(hapd->iface->fst, mgmt, len);
3643 else
3644 wpa_printf(MSG_DEBUG,
3645 "FST: Ignore FST Action frame - no FST attached");
3646 return 1;
3647 #endif /* CONFIG_FST */
3648 case WLAN_ACTION_PUBLIC:
3649 case WLAN_ACTION_PROTECTED_DUAL:
3650 #ifdef CONFIG_IEEE80211N
3651 if (len >= IEEE80211_HDRLEN + 2 &&
3652 mgmt->u.action.u.public_action.action ==
3653 WLAN_PA_20_40_BSS_COEX) {
3654 wpa_printf(MSG_DEBUG,
3655 "HT20/40 coex mgmt frame received from STA "
3656 MACSTR, MAC2STR(mgmt->sa));
3657 hostapd_2040_coex_action(hapd, mgmt, len);
3658 return 1;
3659 }
3660 #endif /* CONFIG_IEEE80211N */
3661 #ifdef CONFIG_DPP
3662 if (len >= IEEE80211_HDRLEN + 6 &&
3663 mgmt->u.action.u.vs_public_action.action ==
3664 WLAN_PA_VENDOR_SPECIFIC &&
3665 WPA_GET_BE24(mgmt->u.action.u.vs_public_action.oui) ==
3666 OUI_WFA &&
3667 mgmt->u.action.u.vs_public_action.variable[0] ==
3668 DPP_OUI_TYPE) {
3669 const u8 *pos, *end;
3670
3671 pos = mgmt->u.action.u.vs_public_action.oui;
3672 end = ((const u8 *) mgmt) + len;
3673 hostapd_dpp_rx_action(hapd, mgmt->sa, pos, end - pos,
3674 hapd->iface->freq);
3675 return 1;
3676 }
3677 if (len >= IEEE80211_HDRLEN + 2 &&
3678 (mgmt->u.action.u.public_action.action ==
3679 WLAN_PA_GAS_INITIAL_RESP ||
3680 mgmt->u.action.u.public_action.action ==
3681 WLAN_PA_GAS_COMEBACK_RESP)) {
3682 const u8 *pos, *end;
3683
3684 pos = &mgmt->u.action.u.public_action.action;
3685 end = ((const u8 *) mgmt) + len;
3686 gas_query_ap_rx(hapd->gas, mgmt->sa,
3687 mgmt->u.action.category,
3688 pos, end - pos, hapd->iface->freq);
3689 return 1;
3690 }
3691 #endif /* CONFIG_DPP */
3692 if (hapd->public_action_cb) {
3693 hapd->public_action_cb(hapd->public_action_cb_ctx,
3694 (u8 *) mgmt, len,
3695 hapd->iface->freq);
3696 }
3697 if (hapd->public_action_cb2) {
3698 hapd->public_action_cb2(hapd->public_action_cb2_ctx,
3699 (u8 *) mgmt, len,
3700 hapd->iface->freq);
3701 }
3702 if (hapd->public_action_cb || hapd->public_action_cb2)
3703 return 1;
3704 break;
3705 case WLAN_ACTION_VENDOR_SPECIFIC:
3706 if (hapd->vendor_action_cb) {
3707 if (hapd->vendor_action_cb(hapd->vendor_action_cb_ctx,
3708 (u8 *) mgmt, len,
3709 hapd->iface->freq) == 0)
3710 return 1;
3711 }
3712 break;
3713 case WLAN_ACTION_RADIO_MEASUREMENT:
3714 hostapd_handle_radio_measurement(hapd, (const u8 *) mgmt, len);
3715 return 1;
3716 }
3717
3718 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
3719 HOSTAPD_LEVEL_DEBUG,
3720 "handle_action - unknown action category %d or invalid "
3721 "frame",
3722 mgmt->u.action.category);
3723 if (!is_multicast_ether_addr(mgmt->da) &&
3724 !(mgmt->u.action.category & 0x80) &&
3725 !is_multicast_ether_addr(mgmt->sa)) {
3726 struct ieee80211_mgmt *resp;
3727
3728 /*
3729 * IEEE 802.11-REVma/D9.0 - 7.3.1.11
3730 * Return the Action frame to the source without change
3731 * except that MSB of the Category set to 1.
3732 */
3733 wpa_printf(MSG_DEBUG, "IEEE 802.11: Return unknown Action "
3734 "frame back to sender");
3735 resp = os_memdup(mgmt, len);
3736 if (resp == NULL)
3737 return 0;
3738 os_memcpy(resp->da, resp->sa, ETH_ALEN);
3739 os_memcpy(resp->sa, hapd->own_addr, ETH_ALEN);
3740 os_memcpy(resp->bssid, hapd->own_addr, ETH_ALEN);
3741 resp->u.action.category |= 0x80;
3742
3743 if (hostapd_drv_send_mlme(hapd, resp, len, 0) < 0) {
3744 wpa_printf(MSG_ERROR, "IEEE 802.11: Failed to send "
3745 "Action frame");
3746 }
3747 os_free(resp);
3748 }
3749
3750 return 1;
3751 }
3752
3753
3754 /**
3755 * ieee802_11_mgmt - process incoming IEEE 802.11 management frames
3756 * @hapd: hostapd BSS data structure (the BSS to which the management frame was
3757 * sent to)
3758 * @buf: management frame data (starting from IEEE 802.11 header)
3759 * @len: length of frame data in octets
3760 * @fi: meta data about received frame (signal level, etc.)
3761 *
3762 * Process all incoming IEEE 802.11 management frames. This will be called for
3763 * each frame received from the kernel driver through wlan#ap interface. In
3764 * addition, it can be called to re-inserted pending frames (e.g., when using
3765 * external RADIUS server as an MAC ACL).
3766 */
3767 int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
3768 struct hostapd_frame_info *fi)
3769 {
3770 struct ieee80211_mgmt *mgmt;
3771 u16 fc, stype;
3772 int ret = 0;
3773
3774 if (len < 24)
3775 return 0;
3776
3777 mgmt = (struct ieee80211_mgmt *) buf;
3778 fc = le_to_host16(mgmt->frame_control);
3779 stype = WLAN_FC_GET_STYPE(fc);
3780
3781 if (stype == WLAN_FC_STYPE_BEACON) {
3782 handle_beacon(hapd, mgmt, len, fi);
3783 return 1;
3784 }
3785
3786 if (!is_broadcast_ether_addr(mgmt->bssid) &&
3787 #ifdef CONFIG_P2P
3788 /* Invitation responses can be sent with the peer MAC as BSSID */
3789 !((hapd->conf->p2p & P2P_GROUP_OWNER) &&
3790 stype == WLAN_FC_STYPE_ACTION) &&
3791 #endif /* CONFIG_P2P */
3792 #ifdef CONFIG_MESH
3793 !(hapd->conf->mesh & MESH_ENABLED) &&
3794 #endif /* CONFIG_MESH */
3795 os_memcmp(mgmt->bssid, hapd->own_addr, ETH_ALEN) != 0) {
3796 wpa_printf(MSG_INFO, "MGMT: BSSID=" MACSTR " not our address",
3797 MAC2STR(mgmt->bssid));
3798 return 0;
3799 }
3800
3801
3802 if (stype == WLAN_FC_STYPE_PROBE_REQ) {
3803 handle_probe_req(hapd, mgmt, len, fi->ssi_signal);
3804 return 1;
3805 }
3806
3807 if ((!is_broadcast_ether_addr(mgmt->da) ||
3808 stype != WLAN_FC_STYPE_ACTION) &&
3809 os_memcmp(mgmt->da, hapd->own_addr, ETH_ALEN) != 0) {
3810 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
3811 HOSTAPD_LEVEL_DEBUG,
3812 "MGMT: DA=" MACSTR " not our address",
3813 MAC2STR(mgmt->da));
3814 return 0;
3815 }
3816
3817 if (hapd->iconf->track_sta_max_num)
3818 sta_track_add(hapd->iface, mgmt->sa, fi->ssi_signal);
3819
3820 switch (stype) {
3821 case WLAN_FC_STYPE_AUTH:
3822 wpa_printf(MSG_DEBUG, "mgmt::auth");
3823 handle_auth(hapd, mgmt, len);
3824 ret = 1;
3825 break;
3826 case WLAN_FC_STYPE_ASSOC_REQ:
3827 wpa_printf(MSG_DEBUG, "mgmt::assoc_req");
3828 handle_assoc(hapd, mgmt, len, 0);
3829 ret = 1;
3830 break;
3831 case WLAN_FC_STYPE_REASSOC_REQ:
3832 wpa_printf(MSG_DEBUG, "mgmt::reassoc_req");
3833 handle_assoc(hapd, mgmt, len, 1);
3834 ret = 1;
3835 break;
3836 case WLAN_FC_STYPE_DISASSOC:
3837 wpa_printf(MSG_DEBUG, "mgmt::disassoc");
3838 handle_disassoc(hapd, mgmt, len);
3839 ret = 1;
3840 break;
3841 case WLAN_FC_STYPE_DEAUTH:
3842 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "mgmt::deauth");
3843 handle_deauth(hapd, mgmt, len);
3844 ret = 1;
3845 break;
3846 case WLAN_FC_STYPE_ACTION:
3847 wpa_printf(MSG_DEBUG, "mgmt::action");
3848 ret = handle_action(hapd, mgmt, len);
3849 break;
3850 default:
3851 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
3852 HOSTAPD_LEVEL_DEBUG,
3853 "unknown mgmt frame subtype %d", stype);
3854 break;
3855 }
3856
3857 return ret;
3858 }
3859
3860
3861 static void handle_auth_cb(struct hostapd_data *hapd,
3862 const struct ieee80211_mgmt *mgmt,
3863 size_t len, int ok)
3864 {
3865 u16 auth_alg, auth_transaction, status_code;
3866 struct sta_info *sta;
3867
3868 sta = ap_get_sta(hapd, mgmt->da);
3869 if (!sta) {
3870 wpa_printf(MSG_INFO, "handle_auth_cb: STA " MACSTR " not found",
3871 MAC2STR(mgmt->da));
3872 return;
3873 }
3874
3875 auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
3876 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction);
3877 status_code = le_to_host16(mgmt->u.auth.status_code);
3878
3879 if (!ok) {
3880 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211,
3881 HOSTAPD_LEVEL_NOTICE,
3882 "did not acknowledge authentication response");
3883 goto fail;
3884 }
3885
3886 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
3887 wpa_printf(MSG_INFO, "handle_auth_cb - too short payload (len=%lu)",
3888 (unsigned long) len);
3889 goto fail;
3890 }
3891
3892 if (status_code == WLAN_STATUS_SUCCESS &&
3893 ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 2) ||
3894 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 4))) {
3895 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
3896 HOSTAPD_LEVEL_INFO, "authenticated");
3897 sta->flags |= WLAN_STA_AUTH;
3898 if (sta->added_unassoc)
3899 hostapd_set_sta_flags(hapd, sta);
3900 return;
3901 }
3902
3903 fail:
3904 if (status_code != WLAN_STATUS_SUCCESS && sta->added_unassoc) {
3905 hostapd_drv_sta_remove(hapd, sta->addr);
3906 sta->added_unassoc = 0;
3907 }
3908 }
3909
3910
3911 static void hostapd_set_wds_encryption(struct hostapd_data *hapd,
3912 struct sta_info *sta,
3913 char *ifname_wds)
3914 {
3915 int i;
3916 struct hostapd_ssid *ssid = &hapd->conf->ssid;
3917
3918 if (hapd->conf->ieee802_1x || hapd->conf->wpa)
3919 return;
3920
3921 for (i = 0; i < 4; i++) {
3922 if (ssid->wep.key[i] &&
3923 hostapd_drv_set_key(ifname_wds, hapd, WPA_ALG_WEP, NULL, i,
3924 i == ssid->wep.idx, NULL, 0,
3925 ssid->wep.key[i], ssid->wep.len[i])) {
3926 wpa_printf(MSG_WARNING,
3927 "Could not set WEP keys for WDS interface; %s",
3928 ifname_wds);
3929 break;
3930 }
3931 }
3932 }
3933
3934
3935 static void handle_assoc_cb(struct hostapd_data *hapd,
3936 const struct ieee80211_mgmt *mgmt,
3937 size_t len, int reassoc, int ok)
3938 {
3939 u16 status;
3940 struct sta_info *sta;
3941 int new_assoc = 1;
3942
3943 sta = ap_get_sta(hapd, mgmt->da);
3944 if (!sta) {
3945 wpa_printf(MSG_INFO, "handle_assoc_cb: STA " MACSTR " not found",
3946 MAC2STR(mgmt->da));
3947 return;
3948 }
3949
3950 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_resp) :
3951 sizeof(mgmt->u.assoc_resp))) {
3952 wpa_printf(MSG_INFO,
3953 "handle_assoc_cb(reassoc=%d) - too short payload (len=%lu)",
3954 reassoc, (unsigned long) len);
3955 hostapd_drv_sta_remove(hapd, sta->addr);
3956 return;
3957 }
3958
3959 if (reassoc)
3960 status = le_to_host16(mgmt->u.reassoc_resp.status_code);
3961 else
3962 status = le_to_host16(mgmt->u.assoc_resp.status_code);
3963
3964 if (!ok) {
3965 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211,
3966 HOSTAPD_LEVEL_DEBUG,
3967 "did not acknowledge association response");
3968 sta->flags &= ~WLAN_STA_ASSOC_REQ_OK;
3969 /* The STA is added only in case of SUCCESS */
3970 if (status == WLAN_STATUS_SUCCESS)
3971 hostapd_drv_sta_remove(hapd, sta->addr);
3972
3973 return;
3974 }
3975
3976 if (status != WLAN_STATUS_SUCCESS)
3977 return;
3978
3979 /* Stop previous accounting session, if one is started, and allocate
3980 * new session id for the new session. */
3981 accounting_sta_stop(hapd, sta);
3982
3983 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
3984 HOSTAPD_LEVEL_INFO,
3985 "associated (aid %d)",
3986 sta->aid);
3987
3988 if (sta->flags & WLAN_STA_ASSOC)
3989 new_assoc = 0;
3990 sta->flags |= WLAN_STA_ASSOC;
3991 sta->flags &= ~WLAN_STA_WNM_SLEEP_MODE;
3992 if ((!hapd->conf->ieee802_1x && !hapd->conf->wpa &&
3993 !hapd->conf->osen) ||
3994 sta->auth_alg == WLAN_AUTH_FILS_SK ||
3995 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
3996 sta->auth_alg == WLAN_AUTH_FILS_PK ||
3997 sta->auth_alg == WLAN_AUTH_FT) {
3998 /*
3999 * Open, static WEP, FT protocol, or FILS; no separate
4000 * authorization step.
4001 */
4002 ap_sta_set_authorized(hapd, sta, 1);
4003 }
4004
4005 if (reassoc)
4006 mlme_reassociate_indication(hapd, sta);
4007 else
4008 mlme_associate_indication(hapd, sta);
4009
4010 #ifdef CONFIG_IEEE80211W
4011 sta->sa_query_timed_out = 0;
4012 #endif /* CONFIG_IEEE80211W */
4013
4014 if (sta->eapol_sm == NULL) {
4015 /*
4016 * This STA does not use RADIUS server for EAP authentication,
4017 * so bind it to the selected VLAN interface now, since the
4018 * interface selection is not going to change anymore.
4019 */
4020 if (ap_sta_bind_vlan(hapd, sta) < 0)
4021 return;
4022 } else if (sta->vlan_id) {
4023 /* VLAN ID already set (e.g., by PMKSA caching), so bind STA */
4024 if (ap_sta_bind_vlan(hapd, sta) < 0)
4025 return;
4026 }
4027
4028 hostapd_set_sta_flags(hapd, sta);
4029
4030 if (!(sta->flags & WLAN_STA_WDS) && sta->pending_wds_enable) {
4031 wpa_printf(MSG_DEBUG, "Enable 4-address WDS mode for STA "
4032 MACSTR " based on pending request",
4033 MAC2STR(sta->addr));
4034 sta->pending_wds_enable = 0;
4035 sta->flags |= WLAN_STA_WDS;
4036 }
4037
4038 if (sta->flags & WLAN_STA_WDS) {
4039 int ret;
4040 char ifname_wds[IFNAMSIZ + 1];
4041
4042 wpa_printf(MSG_DEBUG, "Reenable 4-address WDS mode for STA "
4043 MACSTR " (aid %u)",
4044 MAC2STR(sta->addr), sta->aid);
4045 ret = hostapd_set_wds_sta(hapd, ifname_wds, sta->addr,
4046 sta->aid, 1);
4047 if (!ret)
4048 hostapd_set_wds_encryption(hapd, sta, ifname_wds);
4049 }
4050
4051 if (sta->auth_alg == WLAN_AUTH_FT)
4052 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC_FT);
4053 else
4054 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC);
4055 hapd->new_assoc_sta_cb(hapd, sta, !new_assoc);
4056 ieee802_1x_notify_port_enabled(sta->eapol_sm, 1);
4057
4058 #ifdef CONFIG_FILS
4059 if ((sta->auth_alg == WLAN_AUTH_FILS_SK ||
4060 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
4061 sta->auth_alg == WLAN_AUTH_FILS_PK) &&
4062 fils_set_tk(sta->wpa_sm) < 0) {
4063 wpa_printf(MSG_DEBUG, "FILS: TK configuration failed");
4064 ap_sta_disconnect(hapd, sta, sta->addr,
4065 WLAN_REASON_UNSPECIFIED);
4066 return;
4067 }
4068 #endif /* CONFIG_FILS */
4069
4070 if (sta->pending_eapol_rx) {
4071 struct os_reltime now, age;
4072
4073 os_get_reltime(&now);
4074 os_reltime_sub(&now, &sta->pending_eapol_rx->rx_time, &age);
4075 if (age.sec == 0 && age.usec < 200000) {
4076 wpa_printf(MSG_DEBUG,
4077 "Process pending EAPOL frame that was received from " MACSTR " just before association notification",
4078 MAC2STR(sta->addr));
4079 ieee802_1x_receive(
4080 hapd, mgmt->da,
4081 wpabuf_head(sta->pending_eapol_rx->buf),
4082 wpabuf_len(sta->pending_eapol_rx->buf));
4083 }
4084 wpabuf_free(sta->pending_eapol_rx->buf);
4085 os_free(sta->pending_eapol_rx);
4086 sta->pending_eapol_rx = NULL;
4087 }
4088 }
4089
4090
4091 static void handle_deauth_cb(struct hostapd_data *hapd,
4092 const struct ieee80211_mgmt *mgmt,
4093 size_t len, int ok)
4094 {
4095 struct sta_info *sta;
4096 if (is_multicast_ether_addr(mgmt->da))
4097 return;
4098 sta = ap_get_sta(hapd, mgmt->da);
4099 if (!sta) {
4100 wpa_printf(MSG_DEBUG, "handle_deauth_cb: STA " MACSTR
4101 " not found", MAC2STR(mgmt->da));
4102 return;
4103 }
4104 if (ok)
4105 wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged deauth",
4106 MAC2STR(sta->addr));
4107 else
4108 wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge "
4109 "deauth", MAC2STR(sta->addr));
4110
4111 ap_sta_deauth_cb(hapd, sta);
4112 }
4113
4114
4115 static void handle_disassoc_cb(struct hostapd_data *hapd,
4116 const struct ieee80211_mgmt *mgmt,
4117 size_t len, int ok)
4118 {
4119 struct sta_info *sta;
4120 if (is_multicast_ether_addr(mgmt->da))
4121 return;
4122 sta = ap_get_sta(hapd, mgmt->da);
4123 if (!sta) {
4124 wpa_printf(MSG_DEBUG, "handle_disassoc_cb: STA " MACSTR
4125 " not found", MAC2STR(mgmt->da));
4126 return;
4127 }
4128 if (ok)
4129 wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged disassoc",
4130 MAC2STR(sta->addr));
4131 else
4132 wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge "
4133 "disassoc", MAC2STR(sta->addr));
4134
4135 ap_sta_disassoc_cb(hapd, sta);
4136 }
4137
4138
4139 static void handle_action_cb(struct hostapd_data *hapd,
4140 const struct ieee80211_mgmt *mgmt,
4141 size_t len, int ok)
4142 {
4143 struct sta_info *sta;
4144 const struct rrm_measurement_report_element *report;
4145
4146 if (is_multicast_ether_addr(mgmt->da))
4147 return;
4148 #ifdef CONFIG_DPP
4149 if (len >= IEEE80211_HDRLEN + 6 &&
4150 mgmt->u.action.category == WLAN_ACTION_PUBLIC &&
4151 mgmt->u.action.u.vs_public_action.action ==
4152 WLAN_PA_VENDOR_SPECIFIC &&
4153 WPA_GET_BE24(mgmt->u.action.u.vs_public_action.oui) ==
4154 OUI_WFA &&
4155 mgmt->u.action.u.vs_public_action.variable[0] ==
4156 DPP_OUI_TYPE) {
4157 const u8 *pos, *end;
4158
4159 pos = &mgmt->u.action.u.vs_public_action.variable[1];
4160 end = ((const u8 *) mgmt) + len;
4161 hostapd_dpp_tx_status(hapd, mgmt->da, pos, end - pos, ok);
4162 return;
4163 }
4164 if (len >= IEEE80211_HDRLEN + 2 &&
4165 mgmt->u.action.category == WLAN_ACTION_PUBLIC &&
4166 (mgmt->u.action.u.public_action.action ==
4167 WLAN_PA_GAS_INITIAL_REQ ||
4168 mgmt->u.action.u.public_action.action ==
4169 WLAN_PA_GAS_COMEBACK_REQ)) {
4170 const u8 *pos, *end;
4171
4172 pos = mgmt->u.action.u.public_action.variable;
4173 end = ((const u8 *) mgmt) + len;
4174 gas_query_ap_tx_status(hapd->gas, mgmt->da, pos, end - pos, ok);
4175 return;
4176 }
4177 #endif /* CONFIG_DPP */
4178 sta = ap_get_sta(hapd, mgmt->da);
4179 if (!sta) {
4180 wpa_printf(MSG_DEBUG, "handle_action_cb: STA " MACSTR
4181 " not found", MAC2STR(mgmt->da));
4182 return;
4183 }
4184
4185 if (len < 24 + 5 + sizeof(*report))
4186 return;
4187 report = (const struct rrm_measurement_report_element *)
4188 &mgmt->u.action.u.rrm.variable[2];
4189 if (mgmt->u.action.category == WLAN_ACTION_RADIO_MEASUREMENT &&
4190 mgmt->u.action.u.rrm.action == WLAN_RRM_RADIO_MEASUREMENT_REQUEST &&
4191 report->eid == WLAN_EID_MEASURE_REQUEST &&
4192 report->len >= 3 &&
4193 report->type == MEASURE_TYPE_BEACON)
4194 hostapd_rrm_beacon_req_tx_status(hapd, mgmt, len, ok);
4195 }
4196
4197
4198 /**
4199 * ieee802_11_mgmt_cb - Process management frame TX status callback
4200 * @hapd: hostapd BSS data structure (the BSS from which the management frame
4201 * was sent from)
4202 * @buf: management frame data (starting from IEEE 802.11 header)
4203 * @len: length of frame data in octets
4204 * @stype: management frame subtype from frame control field
4205 * @ok: Whether the frame was ACK'ed
4206 */
4207 void ieee802_11_mgmt_cb(struct hostapd_data *hapd, const u8 *buf, size_t len,
4208 u16 stype, int ok)
4209 {
4210 const struct ieee80211_mgmt *mgmt;
4211 mgmt = (const struct ieee80211_mgmt *) buf;
4212
4213 #ifdef CONFIG_TESTING_OPTIONS
4214 if (hapd->ext_mgmt_frame_handling) {
4215 size_t hex_len = 2 * len + 1;
4216 char *hex = os_malloc(hex_len);
4217
4218 if (hex) {
4219 wpa_snprintf_hex(hex, hex_len, buf, len);
4220 wpa_msg(hapd->msg_ctx, MSG_INFO,
4221 "MGMT-TX-STATUS stype=%u ok=%d buf=%s",
4222 stype, ok, hex);
4223 os_free(hex);
4224 }
4225 return;
4226 }
4227 #endif /* CONFIG_TESTING_OPTIONS */
4228
4229 switch (stype) {
4230 case WLAN_FC_STYPE_AUTH:
4231 wpa_printf(MSG_DEBUG, "mgmt::auth cb");
4232 handle_auth_cb(hapd, mgmt, len, ok);
4233 break;
4234 case WLAN_FC_STYPE_ASSOC_RESP:
4235 wpa_printf(MSG_DEBUG, "mgmt::assoc_resp cb");
4236 handle_assoc_cb(hapd, mgmt, len, 0, ok);
4237 break;
4238 case WLAN_FC_STYPE_REASSOC_RESP:
4239 wpa_printf(MSG_DEBUG, "mgmt::reassoc_resp cb");
4240 handle_assoc_cb(hapd, mgmt, len, 1, ok);
4241 break;
4242 case WLAN_FC_STYPE_PROBE_RESP:
4243 wpa_printf(MSG_EXCESSIVE, "mgmt::proberesp cb ok=%d", ok);
4244 break;
4245 case WLAN_FC_STYPE_DEAUTH:
4246 wpa_printf(MSG_DEBUG, "mgmt::deauth cb");
4247 handle_deauth_cb(hapd, mgmt, len, ok);
4248 break;
4249 case WLAN_FC_STYPE_DISASSOC:
4250 wpa_printf(MSG_DEBUG, "mgmt::disassoc cb");
4251 handle_disassoc_cb(hapd, mgmt, len, ok);
4252 break;
4253 case WLAN_FC_STYPE_ACTION:
4254 wpa_printf(MSG_DEBUG, "mgmt::action cb ok=%d", ok);
4255 handle_action_cb(hapd, mgmt, len, ok);
4256 break;
4257 default:
4258 wpa_printf(MSG_INFO, "unknown mgmt cb frame subtype %d", stype);
4259 break;
4260 }
4261 }
4262
4263
4264 int ieee802_11_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen)
4265 {
4266 /* TODO */
4267 return 0;
4268 }
4269
4270
4271 int ieee802_11_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta,
4272 char *buf, size_t buflen)
4273 {
4274 /* TODO */
4275 return 0;
4276 }
4277
4278
4279 void hostapd_tx_status(struct hostapd_data *hapd, const u8 *addr,
4280 const u8 *buf, size_t len, int ack)
4281 {
4282 struct sta_info *sta;
4283 struct hostapd_iface *iface = hapd->iface;
4284
4285 sta = ap_get_sta(hapd, addr);
4286 if (sta == NULL && iface->num_bss > 1) {
4287 size_t j;
4288 for (j = 0; j < iface->num_bss; j++) {
4289 hapd = iface->bss[j];
4290 sta = ap_get_sta(hapd, addr);
4291 if (sta)
4292 break;
4293 }
4294 }
4295 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC))
4296 return;
4297 if (sta->flags & WLAN_STA_PENDING_POLL) {
4298 wpa_printf(MSG_DEBUG, "STA " MACSTR " %s pending "
4299 "activity poll", MAC2STR(sta->addr),
4300 ack ? "ACKed" : "did not ACK");
4301 if (ack)
4302 sta->flags &= ~WLAN_STA_PENDING_POLL;
4303 }
4304
4305 ieee802_1x_tx_status(hapd, sta, buf, len, ack);
4306 }
4307
4308
4309 void hostapd_eapol_tx_status(struct hostapd_data *hapd, const u8 *dst,
4310 const u8 *data, size_t len, int ack)
4311 {
4312 struct sta_info *sta;
4313 struct hostapd_iface *iface = hapd->iface;
4314
4315 sta = ap_get_sta(hapd, dst);
4316 if (sta == NULL && iface->num_bss > 1) {
4317 size_t j;
4318 for (j = 0; j < iface->num_bss; j++) {
4319 hapd = iface->bss[j];
4320 sta = ap_get_sta(hapd, dst);
4321 if (sta)
4322 break;
4323 }
4324 }
4325 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) {
4326 wpa_printf(MSG_DEBUG, "Ignore TX status for Data frame to STA "
4327 MACSTR " that is not currently associated",
4328 MAC2STR(dst));
4329 return;
4330 }
4331
4332 ieee802_1x_eapol_tx_status(hapd, sta, data, len, ack);
4333 }
4334
4335
4336 void hostapd_client_poll_ok(struct hostapd_data *hapd, const u8 *addr)
4337 {
4338 struct sta_info *sta;
4339 struct hostapd_iface *iface = hapd->iface;
4340
4341 sta = ap_get_sta(hapd, addr);
4342 if (sta == NULL && iface->num_bss > 1) {
4343 size_t j;
4344 for (j = 0; j < iface->num_bss; j++) {
4345 hapd = iface->bss[j];
4346 sta = ap_get_sta(hapd, addr);
4347 if (sta)
4348 break;
4349 }
4350 }
4351 if (sta == NULL)
4352 return;
4353 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POLL_OK MACSTR,
4354 MAC2STR(sta->addr));
4355 if (!(sta->flags & WLAN_STA_PENDING_POLL))
4356 return;
4357
4358 wpa_printf(MSG_DEBUG, "STA " MACSTR " ACKed pending "
4359 "activity poll", MAC2STR(sta->addr));
4360 sta->flags &= ~WLAN_STA_PENDING_POLL;
4361 }
4362
4363
4364 void ieee802_11_rx_from_unknown(struct hostapd_data *hapd, const u8 *src,
4365 int wds)
4366 {
4367 struct sta_info *sta;
4368
4369 sta = ap_get_sta(hapd, src);
4370 if (sta &&
4371 ((sta->flags & WLAN_STA_ASSOC) ||
4372 ((sta->flags & WLAN_STA_ASSOC_REQ_OK) && wds))) {
4373 if (!hapd->conf->wds_sta)
4374 return;
4375
4376 if ((sta->flags & (WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK)) ==
4377 WLAN_STA_ASSOC_REQ_OK) {
4378 wpa_printf(MSG_DEBUG,
4379 "Postpone 4-address WDS mode enabling for STA "
4380 MACSTR " since TX status for AssocResp is not yet known",
4381 MAC2STR(sta->addr));
4382 sta->pending_wds_enable = 1;
4383 return;
4384 }
4385
4386 if (wds && !(sta->flags & WLAN_STA_WDS)) {
4387 int ret;
4388 char ifname_wds[IFNAMSIZ + 1];
4389
4390 wpa_printf(MSG_DEBUG, "Enable 4-address WDS mode for "
4391 "STA " MACSTR " (aid %u)",
4392 MAC2STR(sta->addr), sta->aid);
4393 sta->flags |= WLAN_STA_WDS;
4394 ret = hostapd_set_wds_sta(hapd, ifname_wds,
4395 sta->addr, sta->aid, 1);
4396 if (!ret)
4397 hostapd_set_wds_encryption(hapd, sta,
4398 ifname_wds);
4399 }
4400 return;
4401 }
4402
4403 wpa_printf(MSG_DEBUG, "Data/PS-poll frame from not associated STA "
4404 MACSTR, MAC2STR(src));
4405 if (is_multicast_ether_addr(src)) {
4406 /* Broadcast bit set in SA?! Ignore the frame silently. */
4407 return;
4408 }
4409
4410 if (sta && (sta->flags & WLAN_STA_ASSOC_REQ_OK)) {
4411 wpa_printf(MSG_DEBUG, "Association Response to the STA has "
4412 "already been sent, but no TX status yet known - "
4413 "ignore Class 3 frame issue with " MACSTR,
4414 MAC2STR(src));
4415 return;
4416 }
4417
4418 if (sta && (sta->flags & WLAN_STA_AUTH))
4419 hostapd_drv_sta_disassoc(
4420 hapd, src,
4421 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
4422 else
4423 hostapd_drv_sta_deauth(
4424 hapd, src,
4425 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
4426 }
4427
4428
4429 #endif /* CONFIG_NATIVE_WINDOWS */
Unnamed repository; edit this file 'description' to name the repository.