]> git.ipfire.org Git - thirdparty/hostap.git/blob - src/ap/ieee802_11.c
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
HS 2.0: Copy Roaming Consortium OI from (Re)AssocReq to Access-Request
[thirdparty/hostap.git] / src / ap / ieee802_11.c
1 /*
2 * hostapd / IEEE 802.11 Management
3 * Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #ifndef CONFIG_NATIVE_WINDOWS
12
13 #include "utils/common.h"
14 #include "utils/eloop.h"
15 #include "crypto/crypto.h"
16 #include "crypto/sha256.h"
17 #include "crypto/sha384.h"
18 #include "crypto/sha512.h"
19 #include "crypto/random.h"
20 #include "common/ieee802_11_defs.h"
21 #include "common/ieee802_11_common.h"
22 #include "common/wpa_ctrl.h"
23 #include "common/sae.h"
24 #include "radius/radius.h"
25 #include "radius/radius_client.h"
26 #include "p2p/p2p.h"
27 #include "wps/wps.h"
28 #include "fst/fst.h"
29 #include "hostapd.h"
30 #include "beacon.h"
31 #include "ieee802_11_auth.h"
32 #include "sta_info.h"
33 #include "ieee802_1x.h"
34 #include "wpa_auth.h"
35 #include "pmksa_cache_auth.h"
36 #include "wmm.h"
37 #include "ap_list.h"
38 #include "accounting.h"
39 #include "ap_config.h"
40 #include "ap_mlme.h"
41 #include "p2p_hostapd.h"
42 #include "ap_drv_ops.h"
43 #include "wnm_ap.h"
44 #include "hw_features.h"
45 #include "ieee802_11.h"
46 #include "dfs.h"
47 #include "mbo_ap.h"
48 #include "rrm.h"
49 #include "taxonomy.h"
50 #include "fils_hlp.h"
51 #include "dpp_hostapd.h"
52 #include "gas_query_ap.h"
53
54
55 #ifdef CONFIG_FILS
56 static struct wpabuf *
57 prepare_auth_resp_fils(struct hostapd_data *hapd,
58 struct sta_info *sta, u16 *resp,
59 struct rsn_pmksa_cache_entry *pmksa,
60 struct wpabuf *erp_resp,
61 const u8 *msk, size_t msk_len,
62 int *is_pub);
63 #endif /* CONFIG_FILS */
64
65 u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid)
66 {
67 u8 *pos = eid;
68 int i, num, count;
69
70 if (hapd->iface->current_rates == NULL)
71 return eid;
72
73 *pos++ = WLAN_EID_SUPP_RATES;
74 num = hapd->iface->num_rates;
75 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht)
76 num++;
77 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht)
78 num++;
79 if (num > 8) {
80 /* rest of the rates are encoded in Extended supported
81 * rates element */
82 num = 8;
83 }
84
85 *pos++ = num;
86 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num;
87 i++) {
88 count++;
89 *pos = hapd->iface->current_rates[i].rate / 5;
90 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC)
91 *pos |= 0x80;
92 pos++;
93 }
94
95 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht && count < 8) {
96 count++;
97 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY;
98 }
99
100 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht && count < 8) {
101 count++;
102 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY;
103 }
104
105 return pos;
106 }
107
108
109 u8 * hostapd_eid_ext_supp_rates(struct hostapd_data *hapd, u8 *eid)
110 {
111 u8 *pos = eid;
112 int i, num, count;
113
114 if (hapd->iface->current_rates == NULL)
115 return eid;
116
117 num = hapd->iface->num_rates;
118 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht)
119 num++;
120 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht)
121 num++;
122 if (num <= 8)
123 return eid;
124 num -= 8;
125
126 *pos++ = WLAN_EID_EXT_SUPP_RATES;
127 *pos++ = num;
128 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num + 8;
129 i++) {
130 count++;
131 if (count <= 8)
132 continue; /* already in SuppRates IE */
133 *pos = hapd->iface->current_rates[i].rate / 5;
134 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC)
135 *pos |= 0x80;
136 pos++;
137 }
138
139 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) {
140 count++;
141 if (count > 8)
142 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY;
143 }
144
145 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) {
146 count++;
147 if (count > 8)
148 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY;
149 }
150
151 return pos;
152 }
153
154
155 u16 hostapd_own_capab_info(struct hostapd_data *hapd)
156 {
157 int capab = WLAN_CAPABILITY_ESS;
158 int privacy;
159 int dfs;
160 int i;
161
162 /* Check if any of configured channels require DFS */
163 dfs = hostapd_is_dfs_required(hapd->iface);
164 if (dfs < 0) {
165 wpa_printf(MSG_WARNING, "Failed to check if DFS is required; ret=%d",
166 dfs);
167 dfs = 0;
168 }
169
170 if (hapd->iface->num_sta_no_short_preamble == 0 &&
171 hapd->iconf->preamble == SHORT_PREAMBLE)
172 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
173
174 privacy = hapd->conf->ssid.wep.keys_set;
175
176 if (hapd->conf->ieee802_1x &&
177 (hapd->conf->default_wep_key_len ||
178 hapd->conf->individual_wep_key_len))
179 privacy = 1;
180
181 if (hapd->conf->wpa)
182 privacy = 1;
183
184 #ifdef CONFIG_HS20
185 if (hapd->conf->osen)
186 privacy = 1;
187 #endif /* CONFIG_HS20 */
188
189 if (privacy)
190 capab |= WLAN_CAPABILITY_PRIVACY;
191
192 if (hapd->iface->current_mode &&
193 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G &&
194 hapd->iface->num_sta_no_short_slot_time == 0)
195 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
196
197 /*
198 * Currently, Spectrum Management capability bit is set when directly
199 * requested in configuration by spectrum_mgmt_required or when AP is
200 * running on DFS channel.
201 * TODO: Also consider driver support for TPC to set Spectrum Mgmt bit
202 */
203 if (hapd->iface->current_mode &&
204 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211A &&
205 (hapd->iconf->spectrum_mgmt_required || dfs))
206 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
207
208 for (i = 0; i < RRM_CAPABILITIES_IE_LEN; i++) {
209 if (hapd->conf->radio_measurements[i]) {
210 capab |= IEEE80211_CAP_RRM;
211 break;
212 }
213 }
214
215 return capab;
216 }
217
218
219 #ifndef CONFIG_NO_RC4
220 static u16 auth_shared_key(struct hostapd_data *hapd, struct sta_info *sta,
221 u16 auth_transaction, const u8 *challenge,
222 int iswep)
223 {
224 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
225 HOSTAPD_LEVEL_DEBUG,
226 "authentication (shared key, transaction %d)",
227 auth_transaction);
228
229 if (auth_transaction == 1) {
230 if (!sta->challenge) {
231 /* Generate a pseudo-random challenge */
232 u8 key[8];
233
234 sta->challenge = os_zalloc(WLAN_AUTH_CHALLENGE_LEN);
235 if (sta->challenge == NULL)
236 return WLAN_STATUS_UNSPECIFIED_FAILURE;
237
238 if (os_get_random(key, sizeof(key)) < 0) {
239 os_free(sta->challenge);
240 sta->challenge = NULL;
241 return WLAN_STATUS_UNSPECIFIED_FAILURE;
242 }
243
244 rc4_skip(key, sizeof(key), 0,
245 sta->challenge, WLAN_AUTH_CHALLENGE_LEN);
246 }
247 return 0;
248 }
249
250 if (auth_transaction != 3)
251 return WLAN_STATUS_UNSPECIFIED_FAILURE;
252
253 /* Transaction 3 */
254 if (!iswep || !sta->challenge || !challenge ||
255 os_memcmp_const(sta->challenge, challenge,
256 WLAN_AUTH_CHALLENGE_LEN)) {
257 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
258 HOSTAPD_LEVEL_INFO,
259 "shared key authentication - invalid "
260 "challenge-response");
261 return WLAN_STATUS_CHALLENGE_FAIL;
262 }
263
264 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
265 HOSTAPD_LEVEL_DEBUG,
266 "authentication OK (shared key)");
267 sta->flags |= WLAN_STA_AUTH;
268 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
269 os_free(sta->challenge);
270 sta->challenge = NULL;
271
272 return 0;
273 }
274 #endif /* CONFIG_NO_RC4 */
275
276
277 static int send_auth_reply(struct hostapd_data *hapd,
278 const u8 *dst, const u8 *bssid,
279 u16 auth_alg, u16 auth_transaction, u16 resp,
280 const u8 *ies, size_t ies_len, const char *dbg)
281 {
282 struct ieee80211_mgmt *reply;
283 u8 *buf;
284 size_t rlen;
285 int reply_res = WLAN_STATUS_UNSPECIFIED_FAILURE;
286
287 rlen = IEEE80211_HDRLEN + sizeof(reply->u.auth) + ies_len;
288 buf = os_zalloc(rlen);
289 if (buf == NULL)
290 return -1;
291
292 reply = (struct ieee80211_mgmt *) buf;
293 reply->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
294 WLAN_FC_STYPE_AUTH);
295 os_memcpy(reply->da, dst, ETH_ALEN);
296 os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN);
297 os_memcpy(reply->bssid, bssid, ETH_ALEN);
298
299 reply->u.auth.auth_alg = host_to_le16(auth_alg);
300 reply->u.auth.auth_transaction = host_to_le16(auth_transaction);
301 reply->u.auth.status_code = host_to_le16(resp);
302
303 if (ies && ies_len)
304 os_memcpy(reply->u.auth.variable, ies, ies_len);
305
306 wpa_printf(MSG_DEBUG, "authentication reply: STA=" MACSTR
307 " auth_alg=%d auth_transaction=%d resp=%d (IE len=%lu) (dbg=%s)",
308 MAC2STR(dst), auth_alg, auth_transaction,
309 resp, (unsigned long) ies_len, dbg);
310 if (hostapd_drv_send_mlme(hapd, reply, rlen, 0) < 0)
311 wpa_printf(MSG_INFO, "send_auth_reply: send failed");
312 else
313 reply_res = WLAN_STATUS_SUCCESS;
314
315 os_free(buf);
316
317 return reply_res;
318 }
319
320
321 #ifdef CONFIG_IEEE80211R_AP
322 static void handle_auth_ft_finish(void *ctx, const u8 *dst, const u8 *bssid,
323 u16 auth_transaction, u16 status,
324 const u8 *ies, size_t ies_len)
325 {
326 struct hostapd_data *hapd = ctx;
327 struct sta_info *sta;
328 int reply_res;
329
330 reply_res = send_auth_reply(hapd, dst, bssid, WLAN_AUTH_FT,
331 auth_transaction, status, ies, ies_len,
332 "auth-ft-finish");
333
334 sta = ap_get_sta(hapd, dst);
335 if (sta == NULL)
336 return;
337
338 if (sta->added_unassoc && (reply_res != WLAN_STATUS_SUCCESS ||
339 status != WLAN_STATUS_SUCCESS)) {
340 hostapd_drv_sta_remove(hapd, sta->addr);
341 sta->added_unassoc = 0;
342 return;
343 }
344
345 if (status != WLAN_STATUS_SUCCESS)
346 return;
347
348 hostapd_logger(hapd, dst, HOSTAPD_MODULE_IEEE80211,
349 HOSTAPD_LEVEL_DEBUG, "authentication OK (FT)");
350 sta->flags |= WLAN_STA_AUTH;
351 mlme_authenticate_indication(hapd, sta);
352 }
353 #endif /* CONFIG_IEEE80211R_AP */
354
355
356 #ifdef CONFIG_SAE
357
358 static void sae_set_state(struct sta_info *sta, enum sae_state state,
359 const char *reason)
360 {
361 wpa_printf(MSG_DEBUG, "SAE: State %s -> %s for peer " MACSTR " (%s)",
362 sae_state_txt(sta->sae->state), sae_state_txt(state),
363 MAC2STR(sta->addr), reason);
364 sta->sae->state = state;
365 }
366
367
368 static struct wpabuf * auth_build_sae_commit(struct hostapd_data *hapd,
369 struct sta_info *sta, int update)
370 {
371 struct wpabuf *buf;
372 const char *password;
373
374 password = hapd->conf->sae_password;
375 if (!password)
376 password = hapd->conf->ssid.wpa_passphrase;
377 if (!password) {
378 wpa_printf(MSG_DEBUG, "SAE: No password available");
379 return NULL;
380 }
381
382 if (update &&
383 sae_prepare_commit(hapd->own_addr, sta->addr,
384 (u8 *) password, os_strlen(password),
385 sta->sae) < 0) {
386 wpa_printf(MSG_DEBUG, "SAE: Could not pick PWE");
387 return NULL;
388 }
389
390 buf = wpabuf_alloc(SAE_COMMIT_MAX_LEN);
391 if (buf == NULL)
392 return NULL;
393 sae_write_commit(sta->sae, buf, sta->sae->tmp ?
394 sta->sae->tmp->anti_clogging_token : NULL);
395
396 return buf;
397 }
398
399
400 static struct wpabuf * auth_build_sae_confirm(struct hostapd_data *hapd,
401 struct sta_info *sta)
402 {
403 struct wpabuf *buf;
404
405 buf = wpabuf_alloc(SAE_CONFIRM_MAX_LEN);
406 if (buf == NULL)
407 return NULL;
408
409 sae_write_confirm(sta->sae, buf);
410
411 return buf;
412 }
413
414
415 static int auth_sae_send_commit(struct hostapd_data *hapd,
416 struct sta_info *sta,
417 const u8 *bssid, int update)
418 {
419 struct wpabuf *data;
420 int reply_res;
421
422 data = auth_build_sae_commit(hapd, sta, update);
423 if (data == NULL)
424 return WLAN_STATUS_UNSPECIFIED_FAILURE;
425
426 reply_res = send_auth_reply(hapd, sta->addr, bssid, WLAN_AUTH_SAE, 1,
427 WLAN_STATUS_SUCCESS, wpabuf_head(data),
428 wpabuf_len(data), "sae-send-commit");
429
430 wpabuf_free(data);
431
432 return reply_res;
433 }
434
435
436 static int auth_sae_send_confirm(struct hostapd_data *hapd,
437 struct sta_info *sta,
438 const u8 *bssid)
439 {
440 struct wpabuf *data;
441 int reply_res;
442
443 data = auth_build_sae_confirm(hapd, sta);
444 if (data == NULL)
445 return WLAN_STATUS_UNSPECIFIED_FAILURE;
446
447 reply_res = send_auth_reply(hapd, sta->addr, bssid, WLAN_AUTH_SAE, 2,
448 WLAN_STATUS_SUCCESS, wpabuf_head(data),
449 wpabuf_len(data), "sae-send-confirm");
450
451 wpabuf_free(data);
452
453 return reply_res;
454 }
455
456
457 static int use_sae_anti_clogging(struct hostapd_data *hapd)
458 {
459 struct sta_info *sta;
460 unsigned int open = 0;
461
462 if (hapd->conf->sae_anti_clogging_threshold == 0)
463 return 1;
464
465 for (sta = hapd->sta_list; sta; sta = sta->next) {
466 if (!sta->sae)
467 continue;
468 if (sta->sae->state != SAE_COMMITTED &&
469 sta->sae->state != SAE_CONFIRMED)
470 continue;
471 open++;
472 if (open >= hapd->conf->sae_anti_clogging_threshold)
473 return 1;
474 }
475
476 return 0;
477 }
478
479
480 static int check_sae_token(struct hostapd_data *hapd, const u8 *addr,
481 const u8 *token, size_t token_len)
482 {
483 u8 mac[SHA256_MAC_LEN];
484
485 if (token_len != SHA256_MAC_LEN)
486 return -1;
487 if (hmac_sha256(hapd->sae_token_key, sizeof(hapd->sae_token_key),
488 addr, ETH_ALEN, mac) < 0 ||
489 os_memcmp_const(token, mac, SHA256_MAC_LEN) != 0)
490 return -1;
491
492 return 0;
493 }
494
495
496 static struct wpabuf * auth_build_token_req(struct hostapd_data *hapd,
497 int group, const u8 *addr)
498 {
499 struct wpabuf *buf;
500 u8 *token;
501 struct os_reltime now;
502
503 os_get_reltime(&now);
504 if (!os_reltime_initialized(&hapd->last_sae_token_key_update) ||
505 os_reltime_expired(&now, &hapd->last_sae_token_key_update, 60)) {
506 if (random_get_bytes(hapd->sae_token_key,
507 sizeof(hapd->sae_token_key)) < 0)
508 return NULL;
509 wpa_hexdump(MSG_DEBUG, "SAE: Updated token key",
510 hapd->sae_token_key, sizeof(hapd->sae_token_key));
511 hapd->last_sae_token_key_update = now;
512 }
513
514 buf = wpabuf_alloc(sizeof(le16) + SHA256_MAC_LEN);
515 if (buf == NULL)
516 return NULL;
517
518 wpabuf_put_le16(buf, group); /* Finite Cyclic Group */
519
520 token = wpabuf_put(buf, SHA256_MAC_LEN);
521 hmac_sha256(hapd->sae_token_key, sizeof(hapd->sae_token_key),
522 addr, ETH_ALEN, token);
523
524 return buf;
525 }
526
527
528 static int sae_check_big_sync(struct hostapd_data *hapd, struct sta_info *sta)
529 {
530 if (sta->sae->sync > hapd->conf->sae_sync) {
531 sae_set_state(sta, SAE_NOTHING, "Sync > dot11RSNASAESync");
532 sta->sae->sync = 0;
533 return -1;
534 }
535 return 0;
536 }
537
538
539 static void auth_sae_retransmit_timer(void *eloop_ctx, void *eloop_data)
540 {
541 struct hostapd_data *hapd = eloop_ctx;
542 struct sta_info *sta = eloop_data;
543 int ret;
544
545 if (sae_check_big_sync(hapd, sta))
546 return;
547 sta->sae->sync++;
548 wpa_printf(MSG_DEBUG, "SAE: Auth SAE retransmit timer for " MACSTR
549 " (sync=%d state=%s)",
550 MAC2STR(sta->addr), sta->sae->sync,
551 sae_state_txt(sta->sae->state));
552
553 switch (sta->sae->state) {
554 case SAE_COMMITTED:
555 ret = auth_sae_send_commit(hapd, sta, hapd->own_addr, 0);
556 eloop_register_timeout(0,
557 hapd->dot11RSNASAERetransPeriod * 1000,
558 auth_sae_retransmit_timer, hapd, sta);
559 break;
560 case SAE_CONFIRMED:
561 ret = auth_sae_send_confirm(hapd, sta, hapd->own_addr);
562 eloop_register_timeout(0,
563 hapd->dot11RSNASAERetransPeriod * 1000,
564 auth_sae_retransmit_timer, hapd, sta);
565 break;
566 default:
567 ret = -1;
568 break;
569 }
570
571 if (ret != WLAN_STATUS_SUCCESS)
572 wpa_printf(MSG_INFO, "SAE: Failed to retransmit: ret=%d", ret);
573 }
574
575
576 void sae_clear_retransmit_timer(struct hostapd_data *hapd, struct sta_info *sta)
577 {
578 eloop_cancel_timeout(auth_sae_retransmit_timer, hapd, sta);
579 }
580
581
582 static void sae_set_retransmit_timer(struct hostapd_data *hapd,
583 struct sta_info *sta)
584 {
585 if (!(hapd->conf->mesh & MESH_ENABLED))
586 return;
587
588 eloop_cancel_timeout(auth_sae_retransmit_timer, hapd, sta);
589 eloop_register_timeout(0, hapd->dot11RSNASAERetransPeriod * 1000,
590 auth_sae_retransmit_timer, hapd, sta);
591 }
592
593
594 void sae_accept_sta(struct hostapd_data *hapd, struct sta_info *sta)
595 {
596 sta->flags |= WLAN_STA_AUTH;
597 sta->auth_alg = WLAN_AUTH_SAE;
598 mlme_authenticate_indication(hapd, sta);
599 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
600 sae_set_state(sta, SAE_ACCEPTED, "Accept Confirm");
601 wpa_auth_pmksa_add_sae(hapd->wpa_auth, sta->addr,
602 sta->sae->pmk, sta->sae->pmkid);
603 }
604
605
606 static int sae_sm_step(struct hostapd_data *hapd, struct sta_info *sta,
607 const u8 *bssid, u8 auth_transaction)
608 {
609 int ret;
610
611 if (auth_transaction != 1 && auth_transaction != 2)
612 return WLAN_STATUS_UNSPECIFIED_FAILURE;
613
614 wpa_printf(MSG_DEBUG, "SAE: Peer " MACSTR " state=%s auth_trans=%u",
615 MAC2STR(sta->addr), sae_state_txt(sta->sae->state),
616 auth_transaction);
617 switch (sta->sae->state) {
618 case SAE_NOTHING:
619 if (auth_transaction == 1) {
620 ret = auth_sae_send_commit(hapd, sta, bssid, 1);
621 if (ret)
622 return ret;
623 sae_set_state(sta, SAE_COMMITTED, "Sent Commit");
624
625 if (sae_process_commit(sta->sae) < 0)
626 return WLAN_STATUS_UNSPECIFIED_FAILURE;
627
628 /*
629 * In mesh case, both Commit and Confirm can be sent
630 * immediately. In infrastructure BSS, only a single
631 * Authentication frame (Commit) is expected from the AP
632 * here and the second one (Confirm) will be sent once
633 * the STA has sent its second Authentication frame
634 * (Confirm).
635 */
636 if (hapd->conf->mesh & MESH_ENABLED) {
637 /*
638 * Send both Commit and Confirm immediately
639 * based on SAE finite state machine
640 * Nothing -> Confirm transition.
641 */
642 ret = auth_sae_send_confirm(hapd, sta, bssid);
643 if (ret)
644 return ret;
645 sae_set_state(sta, SAE_CONFIRMED,
646 "Sent Confirm (mesh)");
647 } else {
648 /*
649 * For infrastructure BSS, send only the Commit
650 * message now to get alternating sequence of
651 * Authentication frames between the AP and STA.
652 * Confirm will be sent in
653 * Committed -> Confirmed/Accepted transition
654 * when receiving Confirm from STA.
655 */
656 }
657 sta->sae->sync = 0;
658 sae_set_retransmit_timer(hapd, sta);
659 } else {
660 hostapd_logger(hapd, sta->addr,
661 HOSTAPD_MODULE_IEEE80211,
662 HOSTAPD_LEVEL_DEBUG,
663 "SAE confirm before commit");
664 }
665 break;
666 case SAE_COMMITTED:
667 sae_clear_retransmit_timer(hapd, sta);
668 if (auth_transaction == 1) {
669 if (sae_process_commit(sta->sae) < 0)
670 return WLAN_STATUS_UNSPECIFIED_FAILURE;
671
672 ret = auth_sae_send_confirm(hapd, sta, bssid);
673 if (ret)
674 return ret;
675 sae_set_state(sta, SAE_CONFIRMED, "Sent Confirm");
676 sta->sae->sync = 0;
677 sae_set_retransmit_timer(hapd, sta);
678 } else if (hapd->conf->mesh & MESH_ENABLED) {
679 /*
680 * In mesh case, follow SAE finite state machine and
681 * send Commit now, if sync count allows.
682 */
683 if (sae_check_big_sync(hapd, sta))
684 return WLAN_STATUS_SUCCESS;
685 sta->sae->sync++;
686
687 ret = auth_sae_send_commit(hapd, sta, bssid, 0);
688 if (ret)
689 return ret;
690
691 sae_set_retransmit_timer(hapd, sta);
692 } else {
693 /*
694 * For instructure BSS, send the postponed Confirm from
695 * Nothing -> Confirmed transition that was reduced to
696 * Nothing -> Committed above.
697 */
698 ret = auth_sae_send_confirm(hapd, sta, bssid);
699 if (ret)
700 return ret;
701
702 sae_set_state(sta, SAE_CONFIRMED, "Sent Confirm");
703
704 /*
705 * Since this was triggered on Confirm RX, run another
706 * step to get to Accepted without waiting for
707 * additional events.
708 */
709 return sae_sm_step(hapd, sta, bssid, auth_transaction);
710 }
711 break;
712 case SAE_CONFIRMED:
713 sae_clear_retransmit_timer(hapd, sta);
714 if (auth_transaction == 1) {
715 if (sae_check_big_sync(hapd, sta))
716 return WLAN_STATUS_SUCCESS;
717 sta->sae->sync++;
718
719 ret = auth_sae_send_commit(hapd, sta, bssid, 1);
720 if (ret)
721 return ret;
722
723 if (sae_process_commit(sta->sae) < 0)
724 return WLAN_STATUS_UNSPECIFIED_FAILURE;
725
726 ret = auth_sae_send_confirm(hapd, sta, bssid);
727 if (ret)
728 return ret;
729
730 sae_set_retransmit_timer(hapd, sta);
731 } else {
732 sta->sae->send_confirm = 0xffff;
733 sae_accept_sta(hapd, sta);
734 }
735 break;
736 case SAE_ACCEPTED:
737 if (auth_transaction == 1) {
738 wpa_printf(MSG_DEBUG, "SAE: remove the STA (" MACSTR
739 ") doing reauthentication",
740 MAC2STR(sta->addr));
741 ap_free_sta(hapd, sta);
742 wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr);
743 } else {
744 if (sae_check_big_sync(hapd, sta))
745 return WLAN_STATUS_SUCCESS;
746 sta->sae->sync++;
747
748 ret = auth_sae_send_confirm(hapd, sta, bssid);
749 sae_clear_temp_data(sta->sae);
750 if (ret)
751 return ret;
752 }
753 break;
754 default:
755 wpa_printf(MSG_ERROR, "SAE: invalid state %d",
756 sta->sae->state);
757 return WLAN_STATUS_UNSPECIFIED_FAILURE;
758 }
759 return WLAN_STATUS_SUCCESS;
760 }
761
762
763 static void sae_pick_next_group(struct hostapd_data *hapd, struct sta_info *sta)
764 {
765 struct sae_data *sae = sta->sae;
766 int i, *groups = hapd->conf->sae_groups;
767
768 if (sae->state != SAE_COMMITTED)
769 return;
770
771 wpa_printf(MSG_DEBUG, "SAE: Previously selected group: %d", sae->group);
772
773 for (i = 0; groups && groups[i] > 0; i++) {
774 if (sae->group == groups[i])
775 break;
776 }
777
778 if (!groups || groups[i] <= 0) {
779 wpa_printf(MSG_DEBUG,
780 "SAE: Previously selected group not found from the current configuration");
781 return;
782 }
783
784 for (;;) {
785 i++;
786 if (groups[i] <= 0) {
787 wpa_printf(MSG_DEBUG,
788 "SAE: No alternative group enabled");
789 return;
790 }
791
792 if (sae_set_group(sae, groups[i]) < 0)
793 continue;
794
795 break;
796 }
797 wpa_printf(MSG_DEBUG, "SAE: Selected new group: %d", groups[i]);
798 }
799
800
801 static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
802 const struct ieee80211_mgmt *mgmt, size_t len,
803 u16 auth_transaction, u16 status_code)
804 {
805 int resp = WLAN_STATUS_SUCCESS;
806 struct wpabuf *data = NULL;
807
808 #ifdef CONFIG_TESTING_OPTIONS
809 if (hapd->conf->sae_reflection_attack && auth_transaction == 1) {
810 const u8 *pos, *end;
811
812 wpa_printf(MSG_DEBUG, "SAE: TESTING - reflection attack");
813 pos = mgmt->u.auth.variable;
814 end = ((const u8 *) mgmt) + len;
815 send_auth_reply(hapd, mgmt->sa, mgmt->bssid, WLAN_AUTH_SAE,
816 auth_transaction, resp, pos, end - pos,
817 "auth-sae-reflection-attack");
818 goto remove_sta;
819 }
820
821 if (hapd->conf->sae_commit_override && auth_transaction == 1) {
822 wpa_printf(MSG_DEBUG, "SAE: TESTING - commit override");
823 send_auth_reply(hapd, mgmt->sa, mgmt->bssid, WLAN_AUTH_SAE,
824 auth_transaction, resp,
825 wpabuf_head(hapd->conf->sae_commit_override),
826 wpabuf_len(hapd->conf->sae_commit_override),
827 "sae-commit-override");
828 goto remove_sta;
829 }
830 #endif /* CONFIG_TESTING_OPTIONS */
831 if (!sta->sae) {
832 if (auth_transaction != 1 ||
833 status_code != WLAN_STATUS_SUCCESS) {
834 resp = -1;
835 goto remove_sta;
836 }
837 sta->sae = os_zalloc(sizeof(*sta->sae));
838 if (!sta->sae) {
839 resp = -1;
840 goto remove_sta;
841 }
842 sae_set_state(sta, SAE_NOTHING, "Init");
843 sta->sae->sync = 0;
844 }
845
846 if (sta->mesh_sae_pmksa_caching) {
847 wpa_printf(MSG_DEBUG,
848 "SAE: Cancel use of mesh PMKSA caching because peer starts SAE authentication");
849 wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr);
850 sta->mesh_sae_pmksa_caching = 0;
851 }
852
853 if (auth_transaction == 1) {
854 const u8 *token = NULL, *pos, *end;
855 size_t token_len = 0;
856 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
857 HOSTAPD_LEVEL_DEBUG,
858 "start SAE authentication (RX commit, status=%u)",
859 status_code);
860
861 if ((hapd->conf->mesh & MESH_ENABLED) &&
862 status_code == WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ &&
863 sta->sae->tmp) {
864 pos = mgmt->u.auth.variable;
865 end = ((const u8 *) mgmt) + len;
866 if (pos + sizeof(le16) > end) {
867 wpa_printf(MSG_ERROR,
868 "SAE: Too short anti-clogging token request");
869 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
870 goto reply;
871 }
872 resp = sae_group_allowed(sta->sae,
873 hapd->conf->sae_groups,
874 WPA_GET_LE16(pos));
875 if (resp != WLAN_STATUS_SUCCESS) {
876 wpa_printf(MSG_ERROR,
877 "SAE: Invalid group in anti-clogging token request");
878 goto reply;
879 }
880 pos += sizeof(le16);
881
882 wpabuf_free(sta->sae->tmp->anti_clogging_token);
883 sta->sae->tmp->anti_clogging_token =
884 wpabuf_alloc_copy(pos, end - pos);
885 if (sta->sae->tmp->anti_clogging_token == NULL) {
886 wpa_printf(MSG_ERROR,
887 "SAE: Failed to alloc for anti-clogging token");
888 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
889 goto remove_sta;
890 }
891
892 /*
893 * IEEE Std 802.11-2012, 11.3.8.6.4: If the Status code
894 * is 76, a new Commit Message shall be constructed
895 * with the Anti-Clogging Token from the received
896 * Authentication frame, and the commit-scalar and
897 * COMMIT-ELEMENT previously sent.
898 */
899 resp = auth_sae_send_commit(hapd, sta, mgmt->bssid, 0);
900 if (resp != WLAN_STATUS_SUCCESS) {
901 wpa_printf(MSG_ERROR,
902 "SAE: Failed to send commit message");
903 goto remove_sta;
904 }
905 sae_set_state(sta, SAE_COMMITTED,
906 "Sent Commit (anti-clogging token case in mesh)");
907 sta->sae->sync = 0;
908 sae_set_retransmit_timer(hapd, sta);
909 return;
910 }
911
912 if ((hapd->conf->mesh & MESH_ENABLED) &&
913 status_code ==
914 WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED &&
915 sta->sae->tmp) {
916 wpa_printf(MSG_DEBUG,
917 "SAE: Peer did not accept our SAE group");
918 sae_pick_next_group(hapd, sta);
919 goto remove_sta;
920 }
921
922 if (status_code != WLAN_STATUS_SUCCESS)
923 goto remove_sta;
924
925 resp = sae_parse_commit(sta->sae, mgmt->u.auth.variable,
926 ((const u8 *) mgmt) + len -
927 mgmt->u.auth.variable, &token,
928 &token_len, hapd->conf->sae_groups);
929 if (resp == SAE_SILENTLY_DISCARD) {
930 wpa_printf(MSG_DEBUG,
931 "SAE: Drop commit message from " MACSTR " due to reflection attack",
932 MAC2STR(sta->addr));
933 goto remove_sta;
934 }
935 if (token && check_sae_token(hapd, sta->addr, token, token_len)
936 < 0) {
937 wpa_printf(MSG_DEBUG, "SAE: Drop commit message with "
938 "incorrect token from " MACSTR,
939 MAC2STR(sta->addr));
940 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
941 goto remove_sta;
942 }
943
944 if (resp != WLAN_STATUS_SUCCESS)
945 goto reply;
946
947 if (!token && use_sae_anti_clogging(hapd)) {
948 wpa_printf(MSG_DEBUG,
949 "SAE: Request anti-clogging token from "
950 MACSTR, MAC2STR(sta->addr));
951 data = auth_build_token_req(hapd, sta->sae->group,
952 sta->addr);
953 resp = WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ;
954 if (hapd->conf->mesh & MESH_ENABLED)
955 sae_set_state(sta, SAE_NOTHING,
956 "Request anti-clogging token case in mesh");
957 goto reply;
958 }
959
960 resp = sae_sm_step(hapd, sta, mgmt->bssid, auth_transaction);
961 } else if (auth_transaction == 2) {
962 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
963 HOSTAPD_LEVEL_DEBUG,
964 "SAE authentication (RX confirm, status=%u)",
965 status_code);
966 if (status_code != WLAN_STATUS_SUCCESS)
967 goto remove_sta;
968 if (sta->sae->state >= SAE_CONFIRMED ||
969 !(hapd->conf->mesh & MESH_ENABLED)) {
970 const u8 *var;
971 size_t var_len;
972 u16 peer_send_confirm;
973
974 var = mgmt->u.auth.variable;
975 var_len = ((u8 *) mgmt) + len - mgmt->u.auth.variable;
976 if (var_len < 2) {
977 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
978 goto reply;
979 }
980
981 peer_send_confirm = WPA_GET_LE16(var);
982
983 if (sta->sae->state == SAE_ACCEPTED &&
984 (peer_send_confirm <= sta->sae->rc ||
985 peer_send_confirm == 0xffff)) {
986 wpa_printf(MSG_DEBUG,
987 "SAE: Silently ignore unexpected Confirm from peer "
988 MACSTR
989 " (peer-send-confirm=%u Rc=%u)",
990 MAC2STR(sta->addr),
991 peer_send_confirm, sta->sae->rc);
992 return;
993 }
994
995 if (sae_check_confirm(sta->sae, var, var_len) < 0) {
996 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
997 goto reply;
998 }
999 sta->sae->rc = peer_send_confirm;
1000 }
1001 resp = sae_sm_step(hapd, sta, mgmt->bssid, auth_transaction);
1002 } else {
1003 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1004 HOSTAPD_LEVEL_DEBUG,
1005 "unexpected SAE authentication transaction %u (status=%u)",
1006 auth_transaction, status_code);
1007 if (status_code != WLAN_STATUS_SUCCESS)
1008 goto remove_sta;
1009 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION;
1010 }
1011
1012 reply:
1013 if (resp != WLAN_STATUS_SUCCESS) {
1014 send_auth_reply(hapd, mgmt->sa, mgmt->bssid, WLAN_AUTH_SAE,
1015 auth_transaction, resp,
1016 data ? wpabuf_head(data) : (u8 *) "",
1017 data ? wpabuf_len(data) : 0, "auth-sae");
1018 }
1019
1020 remove_sta:
1021 if (sta->added_unassoc && (resp != WLAN_STATUS_SUCCESS ||
1022 status_code != WLAN_STATUS_SUCCESS)) {
1023 hostapd_drv_sta_remove(hapd, sta->addr);
1024 sta->added_unassoc = 0;
1025 }
1026 wpabuf_free(data);
1027 }
1028
1029
1030 /**
1031 * auth_sae_init_committed - Send COMMIT and start SAE in committed state
1032 * @hapd: BSS data for the device initiating the authentication
1033 * @sta: the peer to which commit authentication frame is sent
1034 *
1035 * This function implements Init event handling (IEEE Std 802.11-2012,
1036 * 11.3.8.6.3) in which initial COMMIT message is sent. Prior to calling, the
1037 * sta->sae structure should be initialized appropriately via a call to
1038 * sae_prepare_commit().
1039 */
1040 int auth_sae_init_committed(struct hostapd_data *hapd, struct sta_info *sta)
1041 {
1042 int ret;
1043
1044 if (!sta->sae || !sta->sae->tmp)
1045 return -1;
1046
1047 if (sta->sae->state != SAE_NOTHING)
1048 return -1;
1049
1050 ret = auth_sae_send_commit(hapd, sta, hapd->own_addr, 0);
1051 if (ret)
1052 return -1;
1053
1054 sae_set_state(sta, SAE_COMMITTED, "Init and sent commit");
1055 sta->sae->sync = 0;
1056 sae_set_retransmit_timer(hapd, sta);
1057
1058 return 0;
1059 }
1060
1061 #endif /* CONFIG_SAE */
1062
1063
1064 static u16 wpa_res_to_status_code(int res)
1065 {
1066 if (res == WPA_INVALID_GROUP)
1067 return WLAN_STATUS_GROUP_CIPHER_NOT_VALID;
1068 if (res == WPA_INVALID_PAIRWISE)
1069 return WLAN_STATUS_PAIRWISE_CIPHER_NOT_VALID;
1070 if (res == WPA_INVALID_AKMP)
1071 return WLAN_STATUS_AKMP_NOT_VALID;
1072 if (res == WPA_ALLOC_FAIL)
1073 return WLAN_STATUS_UNSPECIFIED_FAILURE;
1074 #ifdef CONFIG_IEEE80211W
1075 if (res == WPA_MGMT_FRAME_PROTECTION_VIOLATION)
1076 return WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION;
1077 if (res == WPA_INVALID_MGMT_GROUP_CIPHER)
1078 return WLAN_STATUS_CIPHER_REJECTED_PER_POLICY;
1079 #endif /* CONFIG_IEEE80211W */
1080 if (res == WPA_INVALID_MDIE)
1081 return WLAN_STATUS_INVALID_MDIE;
1082 if (res == WPA_INVALID_PMKID)
1083 return WLAN_STATUS_INVALID_PMKID;
1084 if (res != WPA_IE_OK)
1085 return WLAN_STATUS_INVALID_IE;
1086 return WLAN_STATUS_SUCCESS;
1087 }
1088
1089
1090 #ifdef CONFIG_FILS
1091
1092 static void handle_auth_fils_finish(struct hostapd_data *hapd,
1093 struct sta_info *sta, u16 resp,
1094 struct wpabuf *data, int pub);
1095
1096 void handle_auth_fils(struct hostapd_data *hapd, struct sta_info *sta,
1097 const u8 *pos, size_t len, u16 auth_alg,
1098 u16 auth_transaction, u16 status_code,
1099 void (*cb)(struct hostapd_data *hapd,
1100 struct sta_info *sta, u16 resp,
1101 struct wpabuf *data, int pub))
1102 {
1103 u16 resp = WLAN_STATUS_SUCCESS;
1104 const u8 *end;
1105 struct ieee802_11_elems elems;
1106 int res;
1107 struct wpa_ie_data rsn;
1108 struct rsn_pmksa_cache_entry *pmksa = NULL;
1109
1110 if (auth_transaction != 1 || status_code != WLAN_STATUS_SUCCESS)
1111 return;
1112
1113 end = pos + len;
1114
1115 wpa_hexdump(MSG_DEBUG, "FILS: Authentication frame fields",
1116 pos, end - pos);
1117
1118 /* TODO: FILS PK */
1119 #ifdef CONFIG_FILS_SK_PFS
1120 if (auth_alg == WLAN_AUTH_FILS_SK_PFS) {
1121 u16 group;
1122 struct wpabuf *pub;
1123 size_t elem_len;
1124
1125 /* Using FILS PFS */
1126
1127 /* Finite Cyclic Group */
1128 if (end - pos < 2) {
1129 wpa_printf(MSG_DEBUG,
1130 "FILS: No room for Finite Cyclic Group");
1131 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1132 goto fail;
1133 }
1134 group = WPA_GET_LE16(pos);
1135 pos += 2;
1136 if (group != hapd->conf->fils_dh_group) {
1137 wpa_printf(MSG_DEBUG,
1138 "FILS: Unsupported Finite Cyclic Group: %u (expected %u)",
1139 group, hapd->conf->fils_dh_group);
1140 resp = WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED;
1141 goto fail;
1142 }
1143
1144 crypto_ecdh_deinit(sta->fils_ecdh);
1145 sta->fils_ecdh = crypto_ecdh_init(group);
1146 if (!sta->fils_ecdh) {
1147 wpa_printf(MSG_INFO,
1148 "FILS: Could not initialize ECDH with group %d",
1149 group);
1150 resp = WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED;
1151 goto fail;
1152 }
1153
1154 pub = crypto_ecdh_get_pubkey(sta->fils_ecdh, 1);
1155 if (!pub) {
1156 wpa_printf(MSG_DEBUG,
1157 "FILS: Failed to derive ECDH public key");
1158 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1159 goto fail;
1160 }
1161 elem_len = wpabuf_len(pub);
1162 wpabuf_free(pub);
1163
1164 /* Element */
1165 if ((size_t) (end - pos) < elem_len) {
1166 wpa_printf(MSG_DEBUG, "FILS: No room for Element");
1167 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1168 goto fail;
1169 }
1170
1171 wpabuf_free(sta->fils_g_sta);
1172 sta->fils_g_sta = wpabuf_alloc_copy(pos, elem_len);
1173 wpabuf_clear_free(sta->fils_dh_ss);
1174 sta->fils_dh_ss = crypto_ecdh_set_peerkey(sta->fils_ecdh, 1,
1175 pos, elem_len);
1176 if (!sta->fils_dh_ss) {
1177 wpa_printf(MSG_DEBUG, "FILS: ECDH operation failed");
1178 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1179 goto fail;
1180 }
1181 wpa_hexdump_buf_key(MSG_DEBUG, "FILS: DH_SS", sta->fils_dh_ss);
1182 pos += elem_len;
1183 } else {
1184 crypto_ecdh_deinit(sta->fils_ecdh);
1185 sta->fils_ecdh = NULL;
1186 wpabuf_clear_free(sta->fils_dh_ss);
1187 sta->fils_dh_ss = NULL;
1188 }
1189 #endif /* CONFIG_FILS_SK_PFS */
1190
1191 wpa_hexdump(MSG_DEBUG, "FILS: Remaining IEs", pos, end - pos);
1192 if (ieee802_11_parse_elems(pos, end - pos, &elems, 1) == ParseFailed) {
1193 wpa_printf(MSG_DEBUG, "FILS: Could not parse elements");
1194 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1195 goto fail;
1196 }
1197
1198 /* RSNE */
1199 wpa_hexdump(MSG_DEBUG, "FILS: RSN element",
1200 elems.rsn_ie, elems.rsn_ie_len);
1201 if (!elems.rsn_ie ||
1202 wpa_parse_wpa_ie_rsn(elems.rsn_ie - 2, elems.rsn_ie_len + 2,
1203 &rsn) < 0) {
1204 wpa_printf(MSG_DEBUG, "FILS: No valid RSN element");
1205 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1206 goto fail;
1207 }
1208
1209 if (!sta->wpa_sm)
1210 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, sta->addr,
1211 NULL);
1212 if (!sta->wpa_sm) {
1213 wpa_printf(MSG_DEBUG,
1214 "FILS: Failed to initialize RSN state machine");
1215 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1216 goto fail;
1217 }
1218
1219 res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm,
1220 elems.rsn_ie - 2, elems.rsn_ie_len + 2,
1221 elems.mdie, elems.mdie_len, NULL, 0);
1222 resp = wpa_res_to_status_code(res);
1223 if (resp != WLAN_STATUS_SUCCESS)
1224 goto fail;
1225
1226 if (!elems.fils_nonce) {
1227 wpa_printf(MSG_DEBUG, "FILS: No FILS Nonce field");
1228 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1229 goto fail;
1230 }
1231 wpa_hexdump(MSG_DEBUG, "FILS: SNonce", elems.fils_nonce,
1232 FILS_NONCE_LEN);
1233 os_memcpy(sta->fils_snonce, elems.fils_nonce, FILS_NONCE_LEN);
1234
1235 /* PMKID List */
1236 if (rsn.pmkid && rsn.num_pmkid > 0) {
1237 u8 num;
1238 const u8 *pmkid;
1239
1240 wpa_hexdump(MSG_DEBUG, "FILS: PMKID List",
1241 rsn.pmkid, rsn.num_pmkid * PMKID_LEN);
1242
1243 pmkid = rsn.pmkid;
1244 num = rsn.num_pmkid;
1245 while (num) {
1246 wpa_hexdump(MSG_DEBUG, "FILS: PMKID", pmkid, PMKID_LEN);
1247 pmksa = wpa_auth_pmksa_get(hapd->wpa_auth, sta->addr,
1248 pmkid);
1249 if (pmksa)
1250 break;
1251 pmksa = wpa_auth_pmksa_get_fils_cache_id(hapd->wpa_auth,
1252 sta->addr,
1253 pmkid);
1254 if (pmksa)
1255 break;
1256 pmkid += PMKID_LEN;
1257 num--;
1258 }
1259 }
1260 if (pmksa && wpa_auth_sta_key_mgmt(sta->wpa_sm) != pmksa->akmp) {
1261 wpa_printf(MSG_DEBUG,
1262 "FILS: Matching PMKSA cache entry has different AKMP (0x%x != 0x%x) - ignore",
1263 wpa_auth_sta_key_mgmt(sta->wpa_sm), pmksa->akmp);
1264 pmksa = NULL;
1265 }
1266 if (pmksa)
1267 wpa_printf(MSG_DEBUG, "FILS: Found matching PMKSA cache entry");
1268
1269 /* FILS Session */
1270 if (!elems.fils_session) {
1271 wpa_printf(MSG_DEBUG, "FILS: No FILS Session element");
1272 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1273 goto fail;
1274 }
1275 wpa_hexdump(MSG_DEBUG, "FILS: FILS Session", elems.fils_session,
1276 FILS_SESSION_LEN);
1277 os_memcpy(sta->fils_session, elems.fils_session, FILS_SESSION_LEN);
1278
1279 /* FILS Wrapped Data */
1280 if (elems.fils_wrapped_data) {
1281 wpa_hexdump(MSG_DEBUG, "FILS: Wrapped Data",
1282 elems.fils_wrapped_data,
1283 elems.fils_wrapped_data_len);
1284 if (!pmksa) {
1285 #ifndef CONFIG_NO_RADIUS
1286 if (!sta->eapol_sm) {
1287 sta->eapol_sm =
1288 ieee802_1x_alloc_eapol_sm(hapd, sta);
1289 }
1290 wpa_printf(MSG_DEBUG,
1291 "FILS: Forward EAP-Initiate/Re-auth to authentication server");
1292 ieee802_1x_encapsulate_radius(
1293 hapd, sta, elems.fils_wrapped_data,
1294 elems.fils_wrapped_data_len);
1295 sta->fils_pending_cb = cb;
1296 wpa_printf(MSG_DEBUG,
1297 "FILS: Will send Authentication frame once the response from authentication server is available");
1298 sta->flags |= WLAN_STA_PENDING_FILS_ERP;
1299 /* Calculate pending PMKID here so that we do not need
1300 * to maintain a copy of the EAP-Initiate/Reauth
1301 * message. */
1302 if (fils_pmkid_erp(wpa_auth_sta_key_mgmt(sta->wpa_sm),
1303 elems.fils_wrapped_data,
1304 elems.fils_wrapped_data_len,
1305 sta->fils_erp_pmkid) == 0)
1306 sta->fils_erp_pmkid_set = 1;
1307 return;
1308 #else /* CONFIG_NO_RADIUS */
1309 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1310 goto fail;
1311 #endif /* CONFIG_NO_RADIUS */
1312 }
1313 }
1314
1315 fail:
1316 if (cb) {
1317 struct wpabuf *data;
1318 int pub = 0;
1319
1320 data = prepare_auth_resp_fils(hapd, sta, &resp, pmksa, NULL,
1321 NULL, 0, &pub);
1322 if (!data) {
1323 wpa_printf(MSG_DEBUG,
1324 "%s: prepare_auth_resp_fils() returned failure",
1325 __func__);
1326 }
1327
1328 cb(hapd, sta, resp, data, pub);
1329 }
1330 }
1331
1332
1333 static struct wpabuf *
1334 prepare_auth_resp_fils(struct hostapd_data *hapd,
1335 struct sta_info *sta, u16 *resp,
1336 struct rsn_pmksa_cache_entry *pmksa,
1337 struct wpabuf *erp_resp,
1338 const u8 *msk, size_t msk_len,
1339 int *is_pub)
1340 {
1341 u8 fils_nonce[FILS_NONCE_LEN];
1342 size_t ielen;
1343 struct wpabuf *data = NULL;
1344 const u8 *ie;
1345 u8 *ie_buf = NULL;
1346 const u8 *pmk = NULL;
1347 size_t pmk_len = 0;
1348 u8 pmk_buf[PMK_LEN_MAX];
1349 struct wpabuf *pub = NULL;
1350
1351 if (*resp != WLAN_STATUS_SUCCESS)
1352 goto fail;
1353
1354 ie = wpa_auth_get_wpa_ie(hapd->wpa_auth, &ielen);
1355 if (!ie) {
1356 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1357 goto fail;
1358 }
1359
1360 if (pmksa) {
1361 /* Add PMKID of the selected PMKSA into RSNE */
1362 ie_buf = os_malloc(ielen + 2 + 2 + PMKID_LEN);
1363 if (!ie_buf) {
1364 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1365 goto fail;
1366 }
1367
1368 os_memcpy(ie_buf, ie, ielen);
1369 if (wpa_insert_pmkid(ie_buf, &ielen, pmksa->pmkid) < 0) {
1370 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1371 goto fail;
1372 }
1373 ie = ie_buf;
1374 }
1375
1376 if (random_get_bytes(fils_nonce, FILS_NONCE_LEN) < 0) {
1377 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1378 goto fail;
1379 }
1380 wpa_hexdump(MSG_DEBUG, "RSN: Generated FILS Nonce",
1381 fils_nonce, FILS_NONCE_LEN);
1382
1383 #ifdef CONFIG_FILS_SK_PFS
1384 if (sta->fils_dh_ss && sta->fils_ecdh) {
1385 pub = crypto_ecdh_get_pubkey(sta->fils_ecdh, 1);
1386 if (!pub) {
1387 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1388 goto fail;
1389 }
1390 }
1391 #endif /* CONFIG_FILS_SK_PFS */
1392
1393 data = wpabuf_alloc(1000 + ielen + (pub ? wpabuf_len(pub) : 0));
1394 if (!data) {
1395 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1396 goto fail;
1397 }
1398
1399 /* TODO: FILS PK */
1400 #ifdef CONFIG_FILS_SK_PFS
1401 if (pub) {
1402 /* Finite Cyclic Group */
1403 wpabuf_put_le16(data, hapd->conf->fils_dh_group);
1404
1405 /* Element */
1406 wpabuf_put_buf(data, pub);
1407 }
1408 #endif /* CONFIG_FILS_SK_PFS */
1409
1410 /* RSNE */
1411 wpabuf_put_data(data, ie, ielen);
1412
1413 /* MDE when using FILS+FT (already included in ie,ielen with RSNE) */
1414
1415 #ifdef CONFIG_IEEE80211R_AP
1416 if (wpa_key_mgmt_ft(wpa_auth_sta_key_mgmt(sta->wpa_sm))) {
1417 /* FTE[R1KH-ID,R0KH-ID] when using FILS+FT */
1418 int res;
1419
1420 res = wpa_auth_write_fte(hapd->wpa_auth, wpabuf_put(data, 0),
1421 wpabuf_tailroom(data));
1422 if (res < 0) {
1423 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1424 goto fail;
1425 }
1426 wpabuf_put(data, res);
1427 }
1428 #endif /* CONFIG_IEEE80211R_AP */
1429
1430 /* FILS Nonce */
1431 wpabuf_put_u8(data, WLAN_EID_EXTENSION); /* Element ID */
1432 wpabuf_put_u8(data, 1 + FILS_NONCE_LEN); /* Length */
1433 /* Element ID Extension */
1434 wpabuf_put_u8(data, WLAN_EID_EXT_FILS_NONCE);
1435 wpabuf_put_data(data, fils_nonce, FILS_NONCE_LEN);
1436
1437 /* FILS Session */
1438 wpabuf_put_u8(data, WLAN_EID_EXTENSION); /* Element ID */
1439 wpabuf_put_u8(data, 1 + FILS_SESSION_LEN); /* Length */
1440 /* Element ID Extension */
1441 wpabuf_put_u8(data, WLAN_EID_EXT_FILS_SESSION);
1442 wpabuf_put_data(data, sta->fils_session, FILS_SESSION_LEN);
1443
1444 /* FILS Wrapped Data */
1445 if (!pmksa && erp_resp) {
1446 wpabuf_put_u8(data, WLAN_EID_EXTENSION); /* Element ID */
1447 wpabuf_put_u8(data, 1 + wpabuf_len(erp_resp)); /* Length */
1448 /* Element ID Extension */
1449 wpabuf_put_u8(data, WLAN_EID_EXT_FILS_WRAPPED_DATA);
1450 wpabuf_put_buf(data, erp_resp);
1451
1452 if (fils_rmsk_to_pmk(wpa_auth_sta_key_mgmt(sta->wpa_sm),
1453 msk, msk_len, sta->fils_snonce, fils_nonce,
1454 sta->fils_dh_ss ?
1455 wpabuf_head(sta->fils_dh_ss) : NULL,
1456 sta->fils_dh_ss ?
1457 wpabuf_len(sta->fils_dh_ss) : 0,
1458 pmk_buf, &pmk_len)) {
1459 wpa_printf(MSG_DEBUG, "FILS: Failed to derive PMK");
1460 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1461 wpabuf_free(data);
1462 data = NULL;
1463 goto fail;
1464 }
1465 pmk = pmk_buf;
1466
1467 /* Don't use DHss in PTK derivation if PMKSA caching is not
1468 * used. */
1469 wpabuf_clear_free(sta->fils_dh_ss);
1470 sta->fils_dh_ss = NULL;
1471
1472 if (sta->fils_erp_pmkid_set) {
1473 /* TODO: get PMKLifetime from WPA parameters */
1474 unsigned int dot11RSNAConfigPMKLifetime = 43200;
1475 int session_timeout;
1476
1477 session_timeout = dot11RSNAConfigPMKLifetime;
1478 if (sta->session_timeout_set) {
1479 struct os_reltime now, diff;
1480
1481 os_get_reltime(&now);
1482 os_reltime_sub(&sta->session_timeout, &now,
1483 &diff);
1484 session_timeout = diff.sec;
1485 }
1486
1487 sta->fils_erp_pmkid_set = 0;
1488 if (wpa_auth_pmksa_add2(
1489 hapd->wpa_auth, sta->addr,
1490 pmk, pmk_len,
1491 sta->fils_erp_pmkid,
1492 session_timeout,
1493 wpa_auth_sta_key_mgmt(sta->wpa_sm)) < 0) {
1494 wpa_printf(MSG_ERROR,
1495 "FILS: Failed to add PMKSA cache entry based on ERP");
1496 }
1497 }
1498 } else if (pmksa) {
1499 pmk = pmksa->pmk;
1500 pmk_len = pmksa->pmk_len;
1501 }
1502
1503 if (!pmk) {
1504 wpa_printf(MSG_DEBUG, "FILS: No PMK available");
1505 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1506 wpabuf_free(data);
1507 data = NULL;
1508 goto fail;
1509 }
1510
1511 if (fils_auth_pmk_to_ptk(sta->wpa_sm, pmk, pmk_len,
1512 sta->fils_snonce, fils_nonce,
1513 sta->fils_dh_ss ?
1514 wpabuf_head(sta->fils_dh_ss) : NULL,
1515 sta->fils_dh_ss ?
1516 wpabuf_len(sta->fils_dh_ss) : 0,
1517 sta->fils_g_sta, pub) < 0) {
1518 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1519 wpabuf_free(data);
1520 data = NULL;
1521 goto fail;
1522 }
1523
1524 fail:
1525 if (is_pub)
1526 *is_pub = pub != NULL;
1527 os_free(ie_buf);
1528 wpabuf_free(pub);
1529 wpabuf_clear_free(sta->fils_dh_ss);
1530 sta->fils_dh_ss = NULL;
1531 #ifdef CONFIG_FILS_SK_PFS
1532 crypto_ecdh_deinit(sta->fils_ecdh);
1533 sta->fils_ecdh = NULL;
1534 #endif /* CONFIG_FILS_SK_PFS */
1535 return data;
1536 }
1537
1538
1539 static void handle_auth_fils_finish(struct hostapd_data *hapd,
1540 struct sta_info *sta, u16 resp,
1541 struct wpabuf *data, int pub)
1542 {
1543 u16 auth_alg;
1544
1545 auth_alg = (pub ||
1546 resp == WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED) ?
1547 WLAN_AUTH_FILS_SK_PFS : WLAN_AUTH_FILS_SK;
1548 send_auth_reply(hapd, sta->addr, hapd->own_addr, auth_alg, 2, resp,
1549 data ? wpabuf_head(data) : (u8 *) "",
1550 data ? wpabuf_len(data) : 0, "auth-fils-finish");
1551 wpabuf_free(data);
1552
1553 if (resp == WLAN_STATUS_SUCCESS) {
1554 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1555 HOSTAPD_LEVEL_DEBUG,
1556 "authentication OK (FILS)");
1557 sta->flags |= WLAN_STA_AUTH;
1558 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
1559 sta->auth_alg = pub ? WLAN_AUTH_FILS_SK_PFS : WLAN_AUTH_FILS_SK;
1560 mlme_authenticate_indication(hapd, sta);
1561 }
1562 }
1563
1564
1565 void ieee802_11_finish_fils_auth(struct hostapd_data *hapd,
1566 struct sta_info *sta, int success,
1567 struct wpabuf *erp_resp,
1568 const u8 *msk, size_t msk_len)
1569 {
1570 struct wpabuf *data;
1571 int pub = 0;
1572 u16 resp;
1573
1574 sta->flags &= ~WLAN_STA_PENDING_FILS_ERP;
1575
1576 if (!sta->fils_pending_cb)
1577 return;
1578 resp = success ? WLAN_STATUS_SUCCESS : WLAN_STATUS_UNSPECIFIED_FAILURE;
1579 data = prepare_auth_resp_fils(hapd, sta, &resp, NULL, erp_resp,
1580 msk, msk_len, &pub);
1581 if (!data) {
1582 wpa_printf(MSG_DEBUG,
1583 "%s: prepare_auth_resp_fils() returned failure",
1584 __func__);
1585 }
1586 sta->fils_pending_cb(hapd, sta, resp, data, pub);
1587 }
1588
1589 #endif /* CONFIG_FILS */
1590
1591
1592 int
1593 ieee802_11_allowed_address(struct hostapd_data *hapd, const u8 *addr,
1594 const u8 *msg, size_t len, u32 *session_timeout,
1595 u32 *acct_interim_interval,
1596 struct vlan_description *vlan_id,
1597 struct hostapd_sta_wpa_psk_short **psk,
1598 char **identity, char **radius_cui, int is_probe_req)
1599 {
1600 int res;
1601
1602 os_memset(vlan_id, 0, sizeof(*vlan_id));
1603 res = hostapd_allowed_address(hapd, addr, msg, len,
1604 session_timeout, acct_interim_interval,
1605 vlan_id, psk, identity, radius_cui,
1606 is_probe_req);
1607
1608 if (res == HOSTAPD_ACL_REJECT) {
1609 wpa_printf(MSG_INFO,
1610 "Station " MACSTR " not allowed to authenticate",
1611 MAC2STR(addr));
1612 return HOSTAPD_ACL_REJECT;
1613 }
1614
1615 if (res == HOSTAPD_ACL_PENDING) {
1616 wpa_printf(MSG_DEBUG, "Authentication frame from " MACSTR
1617 " waiting for an external authentication",
1618 MAC2STR(addr));
1619 /* Authentication code will re-send the authentication frame
1620 * after it has received (and cached) information from the
1621 * external source. */
1622 return HOSTAPD_ACL_PENDING;
1623 }
1624
1625 return res;
1626 }
1627
1628
1629 static int
1630 ieee802_11_set_radius_info(struct hostapd_data *hapd, struct sta_info *sta,
1631 int res, u32 session_timeout,
1632 u32 acct_interim_interval,
1633 struct vlan_description *vlan_id,
1634 struct hostapd_sta_wpa_psk_short **psk,
1635 char **identity, char **radius_cui)
1636 {
1637 if (vlan_id->notempty &&
1638 !hostapd_vlan_valid(hapd->conf->vlan, vlan_id)) {
1639 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
1640 HOSTAPD_LEVEL_INFO,
1641 "Invalid VLAN %d%s received from RADIUS server",
1642 vlan_id->untagged,
1643 vlan_id->tagged[0] ? "+" : "");
1644 return -1;
1645 }
1646 if (ap_sta_set_vlan(hapd, sta, vlan_id) < 0)
1647 return -1;
1648 if (sta->vlan_id)
1649 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
1650 HOSTAPD_LEVEL_INFO, "VLAN ID %d", sta->vlan_id);
1651
1652 hostapd_free_psk_list(sta->psk);
1653 if (hapd->conf->wpa_psk_radius != PSK_RADIUS_IGNORED) {
1654 sta->psk = *psk;
1655 *psk = NULL;
1656 } else {
1657 sta->psk = NULL;
1658 }
1659
1660 os_free(sta->identity);
1661 sta->identity = *identity;
1662 *identity = NULL;
1663
1664 os_free(sta->radius_cui);
1665 sta->radius_cui = *radius_cui;
1666 *radius_cui = NULL;
1667
1668 if (hapd->conf->acct_interim_interval == 0 && acct_interim_interval)
1669 sta->acct_interim_interval = acct_interim_interval;
1670 if (res == HOSTAPD_ACL_ACCEPT_TIMEOUT) {
1671 sta->session_timeout_set = 1;
1672 os_get_reltime(&sta->session_timeout);
1673 sta->session_timeout.sec += session_timeout;
1674 ap_sta_session_timeout(hapd, sta, session_timeout);
1675 } else {
1676 sta->session_timeout_set = 0;
1677 ap_sta_no_session_timeout(hapd, sta);
1678 }
1679
1680 return 0;
1681 }
1682
1683
1684 static void handle_auth(struct hostapd_data *hapd,
1685 const struct ieee80211_mgmt *mgmt, size_t len)
1686 {
1687 u16 auth_alg, auth_transaction, status_code;
1688 u16 resp = WLAN_STATUS_SUCCESS;
1689 struct sta_info *sta = NULL;
1690 int res, reply_res;
1691 u16 fc;
1692 const u8 *challenge = NULL;
1693 u32 session_timeout, acct_interim_interval;
1694 struct vlan_description vlan_id;
1695 struct hostapd_sta_wpa_psk_short *psk = NULL;
1696 u8 resp_ies[2 + WLAN_AUTH_CHALLENGE_LEN];
1697 size_t resp_ies_len = 0;
1698 char *identity = NULL;
1699 char *radius_cui = NULL;
1700 u16 seq_ctrl;
1701
1702 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
1703 wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)",
1704 (unsigned long) len);
1705 return;
1706 }
1707
1708 #ifdef CONFIG_TESTING_OPTIONS
1709 if (hapd->iconf->ignore_auth_probability > 0.0 &&
1710 drand48() < hapd->iconf->ignore_auth_probability) {
1711 wpa_printf(MSG_INFO,
1712 "TESTING: ignoring auth frame from " MACSTR,
1713 MAC2STR(mgmt->sa));
1714 return;
1715 }
1716 #endif /* CONFIG_TESTING_OPTIONS */
1717
1718 auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
1719 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction);
1720 status_code = le_to_host16(mgmt->u.auth.status_code);
1721 fc = le_to_host16(mgmt->frame_control);
1722 seq_ctrl = le_to_host16(mgmt->seq_ctrl);
1723
1724 if (len >= IEEE80211_HDRLEN + sizeof(mgmt->u.auth) +
1725 2 + WLAN_AUTH_CHALLENGE_LEN &&
1726 mgmt->u.auth.variable[0] == WLAN_EID_CHALLENGE &&
1727 mgmt->u.auth.variable[1] == WLAN_AUTH_CHALLENGE_LEN)
1728 challenge = &mgmt->u.auth.variable[2];
1729
1730 wpa_printf(MSG_DEBUG, "authentication: STA=" MACSTR " auth_alg=%d "
1731 "auth_transaction=%d status_code=%d wep=%d%s "
1732 "seq_ctrl=0x%x%s",
1733 MAC2STR(mgmt->sa), auth_alg, auth_transaction,
1734 status_code, !!(fc & WLAN_FC_ISWEP),
1735 challenge ? " challenge" : "",
1736 seq_ctrl, (fc & WLAN_FC_RETRY) ? " retry" : "");
1737
1738 #ifdef CONFIG_NO_RC4
1739 if (auth_alg == WLAN_AUTH_SHARED_KEY) {
1740 wpa_printf(MSG_INFO,
1741 "Unsupported authentication algorithm (%d)",
1742 auth_alg);
1743 resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG;
1744 goto fail;
1745 }
1746 #endif /* CONFIG_NO_RC4 */
1747
1748 if (hapd->tkip_countermeasures) {
1749 wpa_printf(MSG_DEBUG,
1750 "Ongoing TKIP countermeasures (Michael MIC failure) - reject authentication");
1751 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1752 goto fail;
1753 }
1754
1755 if (!(((hapd->conf->auth_algs & WPA_AUTH_ALG_OPEN) &&
1756 auth_alg == WLAN_AUTH_OPEN) ||
1757 #ifdef CONFIG_IEEE80211R_AP
1758 (hapd->conf->wpa && wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt) &&
1759 auth_alg == WLAN_AUTH_FT) ||
1760 #endif /* CONFIG_IEEE80211R_AP */
1761 #ifdef CONFIG_SAE
1762 (hapd->conf->wpa && wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt) &&
1763 auth_alg == WLAN_AUTH_SAE) ||
1764 #endif /* CONFIG_SAE */
1765 #ifdef CONFIG_FILS
1766 (hapd->conf->wpa && wpa_key_mgmt_fils(hapd->conf->wpa_key_mgmt) &&
1767 auth_alg == WLAN_AUTH_FILS_SK) ||
1768 (hapd->conf->wpa && wpa_key_mgmt_fils(hapd->conf->wpa_key_mgmt) &&
1769 hapd->conf->fils_dh_group &&
1770 auth_alg == WLAN_AUTH_FILS_SK_PFS) ||
1771 #endif /* CONFIG_FILS */
1772 ((hapd->conf->auth_algs & WPA_AUTH_ALG_SHARED) &&
1773 auth_alg == WLAN_AUTH_SHARED_KEY))) {
1774 wpa_printf(MSG_INFO, "Unsupported authentication algorithm (%d)",
1775 auth_alg);
1776 resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG;
1777 goto fail;
1778 }
1779
1780 if (!(auth_transaction == 1 || auth_alg == WLAN_AUTH_SAE ||
1781 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 3))) {
1782 wpa_printf(MSG_INFO, "Unknown authentication transaction number (%d)",
1783 auth_transaction);
1784 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION;
1785 goto fail;
1786 }
1787
1788 if (os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
1789 wpa_printf(MSG_INFO, "Station " MACSTR " not allowed to authenticate",
1790 MAC2STR(mgmt->sa));
1791 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1792 goto fail;
1793 }
1794
1795 if (hapd->conf->no_auth_if_seen_on) {
1796 struct hostapd_data *other;
1797
1798 other = sta_track_seen_on(hapd->iface, mgmt->sa,
1799 hapd->conf->no_auth_if_seen_on);
1800 if (other) {
1801 u8 *pos;
1802 u32 info;
1803 u8 op_class, channel, phytype;
1804
1805 wpa_printf(MSG_DEBUG, "%s: Reject authentication from "
1806 MACSTR " since STA has been seen on %s",
1807 hapd->conf->iface, MAC2STR(mgmt->sa),
1808 hapd->conf->no_auth_if_seen_on);
1809
1810 resp = WLAN_STATUS_REJECTED_WITH_SUGGESTED_BSS_TRANSITION;
1811 pos = &resp_ies[0];
1812 *pos++ = WLAN_EID_NEIGHBOR_REPORT;
1813 *pos++ = 13;
1814 os_memcpy(pos, other->own_addr, ETH_ALEN);
1815 pos += ETH_ALEN;
1816 info = 0; /* TODO: BSSID Information */
1817 WPA_PUT_LE32(pos, info);
1818 pos += 4;
1819 if (other->iconf->hw_mode == HOSTAPD_MODE_IEEE80211AD)
1820 phytype = 8; /* dmg */
1821 else if (other->iconf->ieee80211ac)
1822 phytype = 9; /* vht */
1823 else if (other->iconf->ieee80211n)
1824 phytype = 7; /* ht */
1825 else if (other->iconf->hw_mode ==
1826 HOSTAPD_MODE_IEEE80211A)
1827 phytype = 4; /* ofdm */
1828 else if (other->iconf->hw_mode ==
1829 HOSTAPD_MODE_IEEE80211G)
1830 phytype = 6; /* erp */
1831 else
1832 phytype = 5; /* hrdsss */
1833 if (ieee80211_freq_to_channel_ext(
1834 hostapd_hw_get_freq(other,
1835 other->iconf->channel),
1836 other->iconf->secondary_channel,
1837 other->iconf->ieee80211ac,
1838 &op_class, &channel) == NUM_HOSTAPD_MODES) {
1839 op_class = 0;
1840 channel = other->iconf->channel;
1841 }
1842 *pos++ = op_class;
1843 *pos++ = channel;
1844 *pos++ = phytype;
1845 resp_ies_len = pos - &resp_ies[0];
1846 goto fail;
1847 }
1848 }
1849
1850 res = ieee802_11_allowed_address(
1851 hapd, mgmt->sa, (const u8 *) mgmt, len, &session_timeout,
1852 &acct_interim_interval, &vlan_id, &psk, &identity, &radius_cui,
1853 0);
1854 if (res == HOSTAPD_ACL_REJECT) {
1855 wpa_msg(hapd->msg_ctx, MSG_DEBUG,
1856 "Ignore Authentication frame from " MACSTR
1857 " due to ACL reject", MAC2STR(mgmt->sa));
1858 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1859 goto fail;
1860 }
1861 if (res == HOSTAPD_ACL_PENDING)
1862 return;
1863
1864 sta = ap_get_sta(hapd, mgmt->sa);
1865 if (sta) {
1866 sta->flags &= ~WLAN_STA_PENDING_FILS_ERP;
1867 if ((fc & WLAN_FC_RETRY) &&
1868 sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ &&
1869 sta->last_seq_ctrl == seq_ctrl &&
1870 sta->last_subtype == WLAN_FC_STYPE_AUTH) {
1871 hostapd_logger(hapd, sta->addr,
1872 HOSTAPD_MODULE_IEEE80211,
1873 HOSTAPD_LEVEL_DEBUG,
1874 "Drop repeated authentication frame seq_ctrl=0x%x",
1875 seq_ctrl);
1876 return;
1877 }
1878 #ifdef CONFIG_MESH
1879 if ((hapd->conf->mesh & MESH_ENABLED) &&
1880 sta->plink_state == PLINK_BLOCKED) {
1881 wpa_printf(MSG_DEBUG, "Mesh peer " MACSTR
1882 " is blocked - drop Authentication frame",
1883 MAC2STR(mgmt->sa));
1884 return;
1885 }
1886 #endif /* CONFIG_MESH */
1887 } else {
1888 #ifdef CONFIG_MESH
1889 if (hapd->conf->mesh & MESH_ENABLED) {
1890 /* if the mesh peer is not available, we don't do auth.
1891 */
1892 wpa_printf(MSG_DEBUG, "Mesh peer " MACSTR
1893 " not yet known - drop Authentication frame",
1894 MAC2STR(mgmt->sa));
1895 /*
1896 * Save a copy of the frame so that it can be processed
1897 * if a new peer entry is added shortly after this.
1898 */
1899 wpabuf_free(hapd->mesh_pending_auth);
1900 hapd->mesh_pending_auth = wpabuf_alloc_copy(mgmt, len);
1901 os_get_reltime(&hapd->mesh_pending_auth_time);
1902 return;
1903 }
1904 #endif /* CONFIG_MESH */
1905
1906 sta = ap_sta_add(hapd, mgmt->sa);
1907 if (!sta) {
1908 wpa_printf(MSG_DEBUG, "ap_sta_add() failed");
1909 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
1910 goto fail;
1911 }
1912 }
1913 sta->last_seq_ctrl = seq_ctrl;
1914 sta->last_subtype = WLAN_FC_STYPE_AUTH;
1915
1916 res = ieee802_11_set_radius_info(
1917 hapd, sta, res, session_timeout, acct_interim_interval,
1918 &vlan_id, &psk, &identity, &radius_cui);
1919 if (res) {
1920 wpa_printf(MSG_DEBUG, "ieee802_11_set_radius_info() failed");
1921 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1922 goto fail;
1923 }
1924
1925 sta->flags &= ~WLAN_STA_PREAUTH;
1926 ieee802_1x_notify_pre_auth(sta->eapol_sm, 0);
1927
1928 /*
1929 * If the driver supports full AP client state, add a station to the
1930 * driver before sending authentication reply to make sure the driver
1931 * has resources, and not to go through the entire authentication and
1932 * association handshake, and fail it at the end.
1933 *
1934 * If this is not the first transaction, in a multi-step authentication
1935 * algorithm, the station already exists in the driver
1936 * (sta->added_unassoc = 1) so skip it.
1937 *
1938 * In mesh mode, the station was already added to the driver when the
1939 * NEW_PEER_CANDIDATE event is received.
1940 *
1941 * If PMF was negotiated for the existing association, skip this to
1942 * avoid dropping the STA entry and the associated keys. This is needed
1943 * to allow the original connection work until the attempt can complete
1944 * (re)association, so that unprotected Authentication frame cannot be
1945 * used to bypass PMF protection.
1946 */
1947 if (FULL_AP_CLIENT_STATE_SUPP(hapd->iface->drv_flags) &&
1948 (!(sta->flags & WLAN_STA_MFP) || !ap_sta_is_authorized(sta)) &&
1949 !(hapd->conf->mesh & MESH_ENABLED) &&
1950 !(sta->added_unassoc)) {
1951 /*
1952 * If a station that is already associated to the AP, is trying
1953 * to authenticate again, remove the STA entry, in order to make
1954 * sure the STA PS state gets cleared and configuration gets
1955 * updated. To handle this, station's added_unassoc flag is
1956 * cleared once the station has completed association.
1957 */
1958 hostapd_drv_sta_remove(hapd, sta->addr);
1959 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_AUTH |
1960 WLAN_STA_AUTHORIZED);
1961
1962 if (hostapd_sta_add(hapd, sta->addr, 0, 0, NULL, 0, 0,
1963 NULL, NULL, sta->flags, 0, 0, 0, 0)) {
1964 hostapd_logger(hapd, sta->addr,
1965 HOSTAPD_MODULE_IEEE80211,
1966 HOSTAPD_LEVEL_NOTICE,
1967 "Could not add STA to kernel driver");
1968 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
1969 goto fail;
1970 }
1971
1972 sta->added_unassoc = 1;
1973 }
1974
1975 switch (auth_alg) {
1976 case WLAN_AUTH_OPEN:
1977 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1978 HOSTAPD_LEVEL_DEBUG,
1979 "authentication OK (open system)");
1980 sta->flags |= WLAN_STA_AUTH;
1981 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
1982 sta->auth_alg = WLAN_AUTH_OPEN;
1983 mlme_authenticate_indication(hapd, sta);
1984 break;
1985 #ifndef CONFIG_NO_RC4
1986 case WLAN_AUTH_SHARED_KEY:
1987 resp = auth_shared_key(hapd, sta, auth_transaction, challenge,
1988 fc & WLAN_FC_ISWEP);
1989 if (resp != 0)
1990 wpa_printf(MSG_DEBUG,
1991 "auth_shared_key() failed: status=%d", resp);
1992 sta->auth_alg = WLAN_AUTH_SHARED_KEY;
1993 mlme_authenticate_indication(hapd, sta);
1994 if (sta->challenge && auth_transaction == 1) {
1995 resp_ies[0] = WLAN_EID_CHALLENGE;
1996 resp_ies[1] = WLAN_AUTH_CHALLENGE_LEN;
1997 os_memcpy(resp_ies + 2, sta->challenge,
1998 WLAN_AUTH_CHALLENGE_LEN);
1999 resp_ies_len = 2 + WLAN_AUTH_CHALLENGE_LEN;
2000 }
2001 break;
2002 #endif /* CONFIG_NO_RC4 */
2003 #ifdef CONFIG_IEEE80211R_AP
2004 case WLAN_AUTH_FT:
2005 sta->auth_alg = WLAN_AUTH_FT;
2006 if (sta->wpa_sm == NULL)
2007 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
2008 sta->addr, NULL);
2009 if (sta->wpa_sm == NULL) {
2010 wpa_printf(MSG_DEBUG, "FT: Failed to initialize WPA "
2011 "state machine");
2012 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
2013 goto fail;
2014 }
2015 wpa_ft_process_auth(sta->wpa_sm, mgmt->bssid,
2016 auth_transaction, mgmt->u.auth.variable,
2017 len - IEEE80211_HDRLEN -
2018 sizeof(mgmt->u.auth),
2019 handle_auth_ft_finish, hapd);
2020 /* handle_auth_ft_finish() callback will complete auth. */
2021 return;
2022 #endif /* CONFIG_IEEE80211R_AP */
2023 #ifdef CONFIG_SAE
2024 case WLAN_AUTH_SAE:
2025 #ifdef CONFIG_MESH
2026 if (status_code == WLAN_STATUS_SUCCESS &&
2027 hapd->conf->mesh & MESH_ENABLED) {
2028 if (sta->wpa_sm == NULL)
2029 sta->wpa_sm =
2030 wpa_auth_sta_init(hapd->wpa_auth,
2031 sta->addr, NULL);
2032 if (sta->wpa_sm == NULL) {
2033 wpa_printf(MSG_DEBUG,
2034 "SAE: Failed to initialize WPA state machine");
2035 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
2036 goto fail;
2037 }
2038 }
2039 #endif /* CONFIG_MESH */
2040 handle_auth_sae(hapd, sta, mgmt, len, auth_transaction,
2041 status_code);
2042 return;
2043 #endif /* CONFIG_SAE */
2044 #ifdef CONFIG_FILS
2045 case WLAN_AUTH_FILS_SK:
2046 case WLAN_AUTH_FILS_SK_PFS:
2047 handle_auth_fils(hapd, sta, mgmt->u.auth.variable,
2048 len - IEEE80211_HDRLEN - sizeof(mgmt->u.auth),
2049 auth_alg, auth_transaction, status_code,
2050 handle_auth_fils_finish);
2051 return;
2052 #endif /* CONFIG_FILS */
2053 }
2054
2055 fail:
2056 os_free(identity);
2057 os_free(radius_cui);
2058 hostapd_free_psk_list(psk);
2059
2060 reply_res = send_auth_reply(hapd, mgmt->sa, mgmt->bssid, auth_alg,
2061 auth_transaction + 1, resp, resp_ies,
2062 resp_ies_len, "handle-auth");
2063
2064 if (sta && sta->added_unassoc && (resp != WLAN_STATUS_SUCCESS ||
2065 reply_res != WLAN_STATUS_SUCCESS)) {
2066 hostapd_drv_sta_remove(hapd, sta->addr);
2067 sta->added_unassoc = 0;
2068 }
2069 }
2070
2071
2072 int hostapd_get_aid(struct hostapd_data *hapd, struct sta_info *sta)
2073 {
2074 int i, j = 32, aid;
2075
2076 /* get a unique AID */
2077 if (sta->aid > 0) {
2078 wpa_printf(MSG_DEBUG, " old AID %d", sta->aid);
2079 return 0;
2080 }
2081
2082 if (TEST_FAIL())
2083 return -1;
2084
2085 for (i = 0; i < AID_WORDS; i++) {
2086 if (hapd->sta_aid[i] == (u32) -1)
2087 continue;
2088 for (j = 0; j < 32; j++) {
2089 if (!(hapd->sta_aid[i] & BIT(j)))
2090 break;
2091 }
2092 if (j < 32)
2093 break;
2094 }
2095 if (j == 32)
2096 return -1;
2097 aid = i * 32 + j + 1;
2098 if (aid > 2007)
2099 return -1;
2100
2101 sta->aid = aid;
2102 hapd->sta_aid[i] |= BIT(j);
2103 wpa_printf(MSG_DEBUG, " new AID %d", sta->aid);
2104 return 0;
2105 }
2106
2107
2108 static u16 check_ssid(struct hostapd_data *hapd, struct sta_info *sta,
2109 const u8 *ssid_ie, size_t ssid_ie_len)
2110 {
2111 if (ssid_ie == NULL)
2112 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2113
2114 if (ssid_ie_len != hapd->conf->ssid.ssid_len ||
2115 os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0) {
2116 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2117 HOSTAPD_LEVEL_INFO,
2118 "Station tried to associate with unknown SSID "
2119 "'%s'", wpa_ssid_txt(ssid_ie, ssid_ie_len));
2120 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2121 }
2122
2123 return WLAN_STATUS_SUCCESS;
2124 }
2125
2126
2127 static u16 check_wmm(struct hostapd_data *hapd, struct sta_info *sta,
2128 const u8 *wmm_ie, size_t wmm_ie_len)
2129 {
2130 sta->flags &= ~WLAN_STA_WMM;
2131 sta->qosinfo = 0;
2132 if (wmm_ie && hapd->conf->wmm_enabled) {
2133 struct wmm_information_element *wmm;
2134
2135 if (!hostapd_eid_wmm_valid(hapd, wmm_ie, wmm_ie_len)) {
2136 hostapd_logger(hapd, sta->addr,
2137 HOSTAPD_MODULE_WPA,
2138 HOSTAPD_LEVEL_DEBUG,
2139 "invalid WMM element in association "
2140 "request");
2141 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2142 }
2143
2144 sta->flags |= WLAN_STA_WMM;
2145 wmm = (struct wmm_information_element *) wmm_ie;
2146 sta->qosinfo = wmm->qos_info;
2147 }
2148 return WLAN_STATUS_SUCCESS;
2149 }
2150
2151
2152 static u16 copy_supp_rates(struct hostapd_data *hapd, struct sta_info *sta,
2153 struct ieee802_11_elems *elems)
2154 {
2155 /* Supported rates not used in IEEE 802.11ad/DMG */
2156 if (hapd->iface->current_mode &&
2157 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD)
2158 return WLAN_STATUS_SUCCESS;
2159
2160 if (!elems->supp_rates) {
2161 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2162 HOSTAPD_LEVEL_DEBUG,
2163 "No supported rates element in AssocReq");
2164 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2165 }
2166
2167 if (elems->supp_rates_len + elems->ext_supp_rates_len >
2168 sizeof(sta->supported_rates)) {
2169 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2170 HOSTAPD_LEVEL_DEBUG,
2171 "Invalid supported rates element length %d+%d",
2172 elems->supp_rates_len,
2173 elems->ext_supp_rates_len);
2174 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2175 }
2176
2177 sta->supported_rates_len = merge_byte_arrays(
2178 sta->supported_rates, sizeof(sta->supported_rates),
2179 elems->supp_rates, elems->supp_rates_len,
2180 elems->ext_supp_rates, elems->ext_supp_rates_len);
2181
2182 return WLAN_STATUS_SUCCESS;
2183 }
2184
2185
2186 static u16 check_ext_capab(struct hostapd_data *hapd, struct sta_info *sta,
2187 const u8 *ext_capab_ie, size_t ext_capab_ie_len)
2188 {
2189 #ifdef CONFIG_INTERWORKING
2190 /* check for QoS Map support */
2191 if (ext_capab_ie_len >= 5) {
2192 if (ext_capab_ie[4] & 0x01)
2193 sta->qos_map_enabled = 1;
2194 }
2195 #endif /* CONFIG_INTERWORKING */
2196
2197 if (ext_capab_ie_len > 0) {
2198 sta->ecsa_supported = !!(ext_capab_ie[0] & BIT(2));
2199 os_free(sta->ext_capability);
2200 sta->ext_capability = os_malloc(1 + ext_capab_ie_len);
2201 if (sta->ext_capability) {
2202 sta->ext_capability[0] = ext_capab_ie_len;
2203 os_memcpy(sta->ext_capability + 1, ext_capab_ie,
2204 ext_capab_ie_len);
2205 }
2206 }
2207
2208 return WLAN_STATUS_SUCCESS;
2209 }
2210
2211
2212 #ifdef CONFIG_OWE
2213
2214 static int owe_group_supported(struct hostapd_data *hapd, u16 group)
2215 {
2216 int i;
2217 int *groups = hapd->conf->owe_groups;
2218
2219 if (group != 19 && group != 20 && group != 21)
2220 return 0;
2221
2222 if (!groups)
2223 return 1;
2224
2225 for (i = 0; groups[i] > 0; i++) {
2226 if (groups[i] == group)
2227 return 1;
2228 }
2229
2230 return 0;
2231 }
2232
2233
2234 static u16 owe_process_assoc_req(struct hostapd_data *hapd,
2235 struct sta_info *sta, const u8 *owe_dh,
2236 u8 owe_dh_len)
2237 {
2238 struct wpabuf *secret, *pub, *hkey;
2239 int res;
2240 u8 prk[SHA512_MAC_LEN], pmkid[SHA512_MAC_LEN];
2241 const char *info = "OWE Key Generation";
2242 const u8 *addr[2];
2243 size_t len[2];
2244 u16 group;
2245 size_t hash_len, prime_len;
2246
2247 if (wpa_auth_sta_get_pmksa(sta->wpa_sm)) {
2248 wpa_printf(MSG_DEBUG, "OWE: Using PMKSA caching");
2249 return WLAN_STATUS_SUCCESS;
2250 }
2251
2252 group = WPA_GET_LE16(owe_dh);
2253 if (!owe_group_supported(hapd, group)) {
2254 wpa_printf(MSG_DEBUG, "OWE: Unsupported DH group %u", group);
2255 return WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED;
2256 }
2257 if (group == 19)
2258 prime_len = 32;
2259 else if (group == 20)
2260 prime_len = 48;
2261 else if (group == 21)
2262 prime_len = 66;
2263 else
2264 return WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED;
2265
2266 crypto_ecdh_deinit(sta->owe_ecdh);
2267 sta->owe_ecdh = crypto_ecdh_init(group);
2268 if (!sta->owe_ecdh)
2269 return WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED;
2270 sta->owe_group = group;
2271
2272 secret = crypto_ecdh_set_peerkey(sta->owe_ecdh, 0, owe_dh + 2,
2273 owe_dh_len - 2);
2274 secret = wpabuf_zeropad(secret, prime_len);
2275 if (!secret) {
2276 wpa_printf(MSG_DEBUG, "OWE: Invalid peer DH public key");
2277 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2278 }
2279 wpa_hexdump_buf_key(MSG_DEBUG, "OWE: DH shared secret", secret);
2280
2281 /* prk = HKDF-extract(C | A | group, z) */
2282
2283 pub = crypto_ecdh_get_pubkey(sta->owe_ecdh, 0);
2284 if (!pub) {
2285 wpabuf_clear_free(secret);
2286 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2287 }
2288
2289 /* PMKID = Truncate-128(Hash(C | A)) */
2290 addr[0] = owe_dh + 2;
2291 len[0] = owe_dh_len - 2;
2292 addr[1] = wpabuf_head(pub);
2293 len[1] = wpabuf_len(pub);
2294 if (group == 19) {
2295 res = sha256_vector(2, addr, len, pmkid);
2296 hash_len = SHA256_MAC_LEN;
2297 } else if (group == 20) {
2298 res = sha384_vector(2, addr, len, pmkid);
2299 hash_len = SHA384_MAC_LEN;
2300 } else if (group == 21) {
2301 res = sha512_vector(2, addr, len, pmkid);
2302 hash_len = SHA512_MAC_LEN;
2303 } else {
2304 wpabuf_free(pub);
2305 wpabuf_clear_free(secret);
2306 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2307 }
2308 pub = wpabuf_zeropad(pub, prime_len);
2309 if (res < 0 || !pub) {
2310 wpabuf_free(pub);
2311 wpabuf_clear_free(secret);
2312 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2313 }
2314
2315 hkey = wpabuf_alloc(owe_dh_len - 2 + wpabuf_len(pub) + 2);
2316 if (!hkey) {
2317 wpabuf_free(pub);
2318 wpabuf_clear_free(secret);
2319 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2320 }
2321
2322 wpabuf_put_data(hkey, owe_dh + 2, owe_dh_len - 2); /* C */
2323 wpabuf_put_buf(hkey, pub); /* A */
2324 wpabuf_free(pub);
2325 wpabuf_put_le16(hkey, group); /* group */
2326 if (group == 19)
2327 res = hmac_sha256(wpabuf_head(hkey), wpabuf_len(hkey),
2328 wpabuf_head(secret), wpabuf_len(secret), prk);
2329 else if (group == 20)
2330 res = hmac_sha384(wpabuf_head(hkey), wpabuf_len(hkey),
2331 wpabuf_head(secret), wpabuf_len(secret), prk);
2332 else if (group == 21)
2333 res = hmac_sha512(wpabuf_head(hkey), wpabuf_len(hkey),
2334 wpabuf_head(secret), wpabuf_len(secret), prk);
2335 wpabuf_clear_free(hkey);
2336 wpabuf_clear_free(secret);
2337 if (res < 0)
2338 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2339
2340 wpa_hexdump_key(MSG_DEBUG, "OWE: prk", prk, hash_len);
2341
2342 /* PMK = HKDF-expand(prk, "OWE Key Generation", n) */
2343
2344 os_free(sta->owe_pmk);
2345 sta->owe_pmk = os_malloc(hash_len);
2346 if (!sta->owe_pmk) {
2347 os_memset(prk, 0, SHA512_MAC_LEN);
2348 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2349 }
2350
2351 if (group == 19)
2352 res = hmac_sha256_kdf(prk, hash_len, NULL, (const u8 *) info,
2353 os_strlen(info), sta->owe_pmk, hash_len);
2354 else if (group == 20)
2355 res = hmac_sha384_kdf(prk, hash_len, NULL, (const u8 *) info,
2356 os_strlen(info), sta->owe_pmk, hash_len);
2357 else if (group == 21)
2358 res = hmac_sha512_kdf(prk, hash_len, NULL, (const u8 *) info,
2359 os_strlen(info), sta->owe_pmk, hash_len);
2360 os_memset(prk, 0, SHA512_MAC_LEN);
2361 if (res < 0) {
2362 os_free(sta->owe_pmk);
2363 sta->owe_pmk = NULL;
2364 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2365 }
2366 sta->owe_pmk_len = hash_len;
2367
2368 wpa_hexdump_key(MSG_DEBUG, "OWE: PMK", sta->owe_pmk, sta->owe_pmk_len);
2369 wpa_hexdump(MSG_DEBUG, "OWE: PMKID", pmkid, PMKID_LEN);
2370 wpa_auth_pmksa_add2(hapd->wpa_auth, sta->addr, sta->owe_pmk,
2371 sta->owe_pmk_len, pmkid, 0, WPA_KEY_MGMT_OWE);
2372
2373 return WLAN_STATUS_SUCCESS;
2374 }
2375
2376 #endif /* CONFIG_OWE */
2377
2378
2379 static u16 check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta,
2380 const u8 *ies, size_t ies_len, int reassoc)
2381 {
2382 struct ieee802_11_elems elems;
2383 u16 resp;
2384 const u8 *wpa_ie;
2385 size_t wpa_ie_len;
2386 const u8 *p2p_dev_addr = NULL;
2387
2388 if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed) {
2389 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2390 HOSTAPD_LEVEL_INFO, "Station sent an invalid "
2391 "association request");
2392 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2393 }
2394
2395 resp = check_ssid(hapd, sta, elems.ssid, elems.ssid_len);
2396 if (resp != WLAN_STATUS_SUCCESS)
2397 return resp;
2398 resp = check_wmm(hapd, sta, elems.wmm, elems.wmm_len);
2399 if (resp != WLAN_STATUS_SUCCESS)
2400 return resp;
2401 resp = check_ext_capab(hapd, sta, elems.ext_capab, elems.ext_capab_len);
2402 if (resp != WLAN_STATUS_SUCCESS)
2403 return resp;
2404 resp = copy_supp_rates(hapd, sta, &elems);
2405 if (resp != WLAN_STATUS_SUCCESS)
2406 return resp;
2407 #ifdef CONFIG_IEEE80211N
2408 resp = copy_sta_ht_capab(hapd, sta, elems.ht_capabilities);
2409 if (resp != WLAN_STATUS_SUCCESS)
2410 return resp;
2411 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht &&
2412 !(sta->flags & WLAN_STA_HT)) {
2413 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2414 HOSTAPD_LEVEL_INFO, "Station does not support "
2415 "mandatory HT PHY - reject association");
2416 return WLAN_STATUS_ASSOC_DENIED_NO_HT;
2417 }
2418 #endif /* CONFIG_IEEE80211N */
2419
2420 #ifdef CONFIG_IEEE80211AC
2421 if (hapd->iconf->ieee80211ac) {
2422 resp = copy_sta_vht_capab(hapd, sta, elems.vht_capabilities);
2423 if (resp != WLAN_STATUS_SUCCESS)
2424 return resp;
2425
2426 resp = set_sta_vht_opmode(hapd, sta, elems.vht_opmode_notif);
2427 if (resp != WLAN_STATUS_SUCCESS)
2428 return resp;
2429 }
2430
2431 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht &&
2432 !(sta->flags & WLAN_STA_VHT)) {
2433 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2434 HOSTAPD_LEVEL_INFO, "Station does not support "
2435 "mandatory VHT PHY - reject association");
2436 return WLAN_STATUS_ASSOC_DENIED_NO_VHT;
2437 }
2438
2439 if (hapd->conf->vendor_vht && !elems.vht_capabilities) {
2440 resp = copy_sta_vendor_vht(hapd, sta, elems.vendor_vht,
2441 elems.vendor_vht_len);
2442 if (resp != WLAN_STATUS_SUCCESS)
2443 return resp;
2444 }
2445 #endif /* CONFIG_IEEE80211AC */
2446
2447 #ifdef CONFIG_P2P
2448 if (elems.p2p) {
2449 wpabuf_free(sta->p2p_ie);
2450 sta->p2p_ie = ieee802_11_vendor_ie_concat(ies, ies_len,
2451 P2P_IE_VENDOR_TYPE);
2452 if (sta->p2p_ie)
2453 p2p_dev_addr = p2p_get_go_dev_addr(sta->p2p_ie);
2454 } else {
2455 wpabuf_free(sta->p2p_ie);
2456 sta->p2p_ie = NULL;
2457 }
2458 #endif /* CONFIG_P2P */
2459
2460 if ((hapd->conf->wpa & WPA_PROTO_RSN) && elems.rsn_ie) {
2461 wpa_ie = elems.rsn_ie;
2462 wpa_ie_len = elems.rsn_ie_len;
2463 } else if ((hapd->conf->wpa & WPA_PROTO_WPA) &&
2464 elems.wpa_ie) {
2465 wpa_ie = elems.wpa_ie;
2466 wpa_ie_len = elems.wpa_ie_len;
2467 } else {
2468 wpa_ie = NULL;
2469 wpa_ie_len = 0;
2470 }
2471
2472 #ifdef CONFIG_WPS
2473 sta->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS | WLAN_STA_WPS2);
2474 if (hapd->conf->wps_state && elems.wps_ie) {
2475 wpa_printf(MSG_DEBUG, "STA included WPS IE in (Re)Association "
2476 "Request - assume WPS is used");
2477 sta->flags |= WLAN_STA_WPS;
2478 wpabuf_free(sta->wps_ie);
2479 sta->wps_ie = ieee802_11_vendor_ie_concat(ies, ies_len,
2480 WPS_IE_VENDOR_TYPE);
2481 if (sta->wps_ie && wps_is_20(sta->wps_ie)) {
2482 wpa_printf(MSG_DEBUG, "WPS: STA supports WPS 2.0");
2483 sta->flags |= WLAN_STA_WPS2;
2484 }
2485 wpa_ie = NULL;
2486 wpa_ie_len = 0;
2487 if (sta->wps_ie && wps_validate_assoc_req(sta->wps_ie) < 0) {
2488 wpa_printf(MSG_DEBUG, "WPS: Invalid WPS IE in "
2489 "(Re)Association Request - reject");
2490 return WLAN_STATUS_INVALID_IE;
2491 }
2492 } else if (hapd->conf->wps_state && wpa_ie == NULL) {
2493 wpa_printf(MSG_DEBUG, "STA did not include WPA/RSN IE in "
2494 "(Re)Association Request - possible WPS use");
2495 sta->flags |= WLAN_STA_MAYBE_WPS;
2496 } else
2497 #endif /* CONFIG_WPS */
2498 if (hapd->conf->wpa && wpa_ie == NULL) {
2499 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2500 HOSTAPD_LEVEL_INFO,
2501 "No WPA/RSN IE in association request");
2502 return WLAN_STATUS_INVALID_IE;
2503 }
2504
2505 if (hapd->conf->wpa && wpa_ie) {
2506 int res;
2507 wpa_ie -= 2;
2508 wpa_ie_len += 2;
2509 if (sta->wpa_sm == NULL)
2510 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
2511 sta->addr,
2512 p2p_dev_addr);
2513 if (sta->wpa_sm == NULL) {
2514 wpa_printf(MSG_WARNING, "Failed to initialize WPA "
2515 "state machine");
2516 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2517 }
2518 res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm,
2519 wpa_ie, wpa_ie_len,
2520 elems.mdie, elems.mdie_len,
2521 elems.owe_dh, elems.owe_dh_len);
2522 resp = wpa_res_to_status_code(res);
2523 if (resp != WLAN_STATUS_SUCCESS)
2524 return resp;
2525 #ifdef CONFIG_IEEE80211W
2526 if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out &&
2527 sta->sa_query_count > 0)
2528 ap_check_sa_query_timeout(hapd, sta);
2529 if ((sta->flags & WLAN_STA_MFP) && !sta->sa_query_timed_out &&
2530 (!reassoc || sta->auth_alg != WLAN_AUTH_FT)) {
2531 /*
2532 * STA has already been associated with MFP and SA
2533 * Query timeout has not been reached. Reject the
2534 * association attempt temporarily and start SA Query,
2535 * if one is not pending.
2536 */
2537
2538 if (sta->sa_query_count == 0)
2539 ap_sta_start_sa_query(hapd, sta);
2540
2541 return WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY;
2542 }
2543
2544 if (wpa_auth_uses_mfp(sta->wpa_sm))
2545 sta->flags |= WLAN_STA_MFP;
2546 else
2547 sta->flags &= ~WLAN_STA_MFP;
2548 #endif /* CONFIG_IEEE80211W */
2549
2550 #ifdef CONFIG_IEEE80211R_AP
2551 if (sta->auth_alg == WLAN_AUTH_FT) {
2552 if (!reassoc) {
2553 wpa_printf(MSG_DEBUG, "FT: " MACSTR " tried "
2554 "to use association (not "
2555 "re-association) with FT auth_alg",
2556 MAC2STR(sta->addr));
2557 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2558 }
2559
2560 resp = wpa_ft_validate_reassoc(sta->wpa_sm, ies,
2561 ies_len);
2562 if (resp != WLAN_STATUS_SUCCESS)
2563 return resp;
2564 }
2565 #endif /* CONFIG_IEEE80211R_AP */
2566
2567 #ifdef CONFIG_SAE
2568 if (wpa_auth_uses_sae(sta->wpa_sm) && sta->sae &&
2569 sta->sae->state == SAE_ACCEPTED)
2570 wpa_auth_add_sae_pmkid(sta->wpa_sm, sta->sae->pmkid);
2571
2572 if (wpa_auth_uses_sae(sta->wpa_sm) &&
2573 sta->auth_alg == WLAN_AUTH_OPEN) {
2574 struct rsn_pmksa_cache_entry *sa;
2575 sa = wpa_auth_sta_get_pmksa(sta->wpa_sm);
2576 if (!sa || sa->akmp != WPA_KEY_MGMT_SAE) {
2577 wpa_printf(MSG_DEBUG,
2578 "SAE: No PMKSA cache entry found for "
2579 MACSTR, MAC2STR(sta->addr));
2580 return WLAN_STATUS_INVALID_PMKID;
2581 }
2582 wpa_printf(MSG_DEBUG, "SAE: " MACSTR
2583 " using PMKSA caching", MAC2STR(sta->addr));
2584 } else if (wpa_auth_uses_sae(sta->wpa_sm) &&
2585 sta->auth_alg != WLAN_AUTH_SAE &&
2586 !(sta->auth_alg == WLAN_AUTH_FT &&
2587 wpa_auth_uses_ft_sae(sta->wpa_sm))) {
2588 wpa_printf(MSG_DEBUG, "SAE: " MACSTR " tried to use "
2589 "SAE AKM after non-SAE auth_alg %u",
2590 MAC2STR(sta->addr), sta->auth_alg);
2591 return WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG;
2592 }
2593 #endif /* CONFIG_SAE */
2594
2595 #ifdef CONFIG_OWE
2596 if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) &&
2597 wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE &&
2598 elems.owe_dh) {
2599 resp = owe_process_assoc_req(hapd, sta, elems.owe_dh,
2600 elems.owe_dh_len);
2601 if (resp != WLAN_STATUS_SUCCESS)
2602 return resp;
2603 }
2604 #endif /* CONFIG_OWE */
2605
2606 #ifdef CONFIG_IEEE80211N
2607 if ((sta->flags & (WLAN_STA_HT | WLAN_STA_VHT)) &&
2608 wpa_auth_get_pairwise(sta->wpa_sm) == WPA_CIPHER_TKIP) {
2609 hostapd_logger(hapd, sta->addr,
2610 HOSTAPD_MODULE_IEEE80211,
2611 HOSTAPD_LEVEL_INFO,
2612 "Station tried to use TKIP with HT "
2613 "association");
2614 return WLAN_STATUS_CIPHER_REJECTED_PER_POLICY;
2615 }
2616 #endif /* CONFIG_IEEE80211N */
2617 #ifdef CONFIG_HS20
2618 } else if (hapd->conf->osen) {
2619 if (elems.osen == NULL) {
2620 hostapd_logger(
2621 hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2622 HOSTAPD_LEVEL_INFO,
2623 "No HS 2.0 OSEN element in association request");
2624 return WLAN_STATUS_INVALID_IE;
2625 }
2626
2627 wpa_printf(MSG_DEBUG, "HS 2.0: OSEN association");
2628 if (sta->wpa_sm == NULL)
2629 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
2630 sta->addr, NULL);
2631 if (sta->wpa_sm == NULL) {
2632 wpa_printf(MSG_WARNING, "Failed to initialize WPA "
2633 "state machine");
2634 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2635 }
2636 if (wpa_validate_osen(hapd->wpa_auth, sta->wpa_sm,
2637 elems.osen - 2, elems.osen_len + 2) < 0)
2638 return WLAN_STATUS_INVALID_IE;
2639 #endif /* CONFIG_HS20 */
2640 } else
2641 wpa_auth_sta_no_wpa(sta->wpa_sm);
2642
2643 #ifdef CONFIG_P2P
2644 p2p_group_notif_assoc(hapd->p2p_group, sta->addr, ies, ies_len);
2645 #endif /* CONFIG_P2P */
2646
2647 #ifdef CONFIG_HS20
2648 wpabuf_free(sta->hs20_ie);
2649 if (elems.hs20 && elems.hs20_len > 4) {
2650 sta->hs20_ie = wpabuf_alloc_copy(elems.hs20 + 4,
2651 elems.hs20_len - 4);
2652 } else
2653 sta->hs20_ie = NULL;
2654
2655 wpabuf_free(sta->roaming_consortium);
2656 if (elems.roaming_cons_sel)
2657 sta->roaming_consortium = wpabuf_alloc_copy(
2658 elems.roaming_cons_sel + 4,
2659 elems.roaming_cons_sel_len - 4);
2660 else
2661 sta->roaming_consortium = NULL;
2662 #endif /* CONFIG_HS20 */
2663
2664 #ifdef CONFIG_FST
2665 wpabuf_free(sta->mb_ies);
2666 if (hapd->iface->fst)
2667 sta->mb_ies = mb_ies_by_info(&elems.mb_ies);
2668 else
2669 sta->mb_ies = NULL;
2670 #endif /* CONFIG_FST */
2671
2672 #ifdef CONFIG_MBO
2673 mbo_ap_check_sta_assoc(hapd, sta, &elems);
2674
2675 if (hapd->conf->mbo_enabled && (hapd->conf->wpa & 2) &&
2676 elems.mbo && sta->cell_capa && !(sta->flags & WLAN_STA_MFP) &&
2677 hapd->conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
2678 wpa_printf(MSG_INFO,
2679 "MBO: Reject WPA2 association without PMF");
2680 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2681 }
2682 #endif /* CONFIG_MBO */
2683
2684 ap_copy_sta_supp_op_classes(sta, elems.supp_op_classes,
2685 elems.supp_op_classes_len);
2686
2687 if ((sta->capability & WLAN_CAPABILITY_RADIO_MEASUREMENT) &&
2688 elems.rrm_enabled &&
2689 elems.rrm_enabled_len >= sizeof(sta->rrm_enabled_capa))
2690 os_memcpy(sta->rrm_enabled_capa, elems.rrm_enabled,
2691 sizeof(sta->rrm_enabled_capa));
2692
2693 if (elems.power_capab) {
2694 sta->min_tx_power = elems.power_capab[0];
2695 sta->max_tx_power = elems.power_capab[1];
2696 sta->power_capab = 1;
2697 } else {
2698 sta->power_capab = 0;
2699 }
2700
2701 return WLAN_STATUS_SUCCESS;
2702 }
2703
2704
2705 static void send_deauth(struct hostapd_data *hapd, const u8 *addr,
2706 u16 reason_code)
2707 {
2708 int send_len;
2709 struct ieee80211_mgmt reply;
2710
2711 os_memset(&reply, 0, sizeof(reply));
2712 reply.frame_control =
2713 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_DEAUTH);
2714 os_memcpy(reply.da, addr, ETH_ALEN);
2715 os_memcpy(reply.sa, hapd->own_addr, ETH_ALEN);
2716 os_memcpy(reply.bssid, hapd->own_addr, ETH_ALEN);
2717
2718 send_len = IEEE80211_HDRLEN + sizeof(reply.u.deauth);
2719 reply.u.deauth.reason_code = host_to_le16(reason_code);
2720
2721 if (hostapd_drv_send_mlme(hapd, &reply, send_len, 0) < 0)
2722 wpa_printf(MSG_INFO, "Failed to send deauth: %s",
2723 strerror(errno));
2724 }
2725
2726
2727 static int add_associated_sta(struct hostapd_data *hapd,
2728 struct sta_info *sta)
2729 {
2730 struct ieee80211_ht_capabilities ht_cap;
2731 struct ieee80211_vht_capabilities vht_cap;
2732 int set = 1;
2733
2734 /*
2735 * Remove the STA entry to ensure the STA PS state gets cleared and
2736 * configuration gets updated. This is relevant for cases, such as
2737 * FT-over-the-DS, where a station re-associates back to the same AP but
2738 * skips the authentication flow, or if working with a driver that
2739 * does not support full AP client state.
2740 *
2741 * Skip this if the STA has already completed FT reassociation and the
2742 * TK has been configured since the TX/RX PN must not be reset to 0 for
2743 * the same key.
2744 */
2745 if (!sta->added_unassoc &&
2746 (!(sta->flags & WLAN_STA_AUTHORIZED) ||
2747 (!wpa_auth_sta_ft_tk_already_set(sta->wpa_sm) &&
2748 !wpa_auth_sta_fils_tk_already_set(sta->wpa_sm)))) {
2749 hostapd_drv_sta_remove(hapd, sta->addr);
2750 wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
2751 set = 0;
2752 }
2753
2754 #ifdef CONFIG_IEEE80211N
2755 if (sta->flags & WLAN_STA_HT)
2756 hostapd_get_ht_capab(hapd, sta->ht_capabilities, &ht_cap);
2757 #endif /* CONFIG_IEEE80211N */
2758 #ifdef CONFIG_IEEE80211AC
2759 if (sta->flags & WLAN_STA_VHT)
2760 hostapd_get_vht_capab(hapd, sta->vht_capabilities, &vht_cap);
2761 #endif /* CONFIG_IEEE80211AC */
2762
2763 /*
2764 * Add the station with forced WLAN_STA_ASSOC flag. The sta->flags
2765 * will be set when the ACK frame for the (Re)Association Response frame
2766 * is processed (TX status driver event).
2767 */
2768 if (hostapd_sta_add(hapd, sta->addr, sta->aid, sta->capability,
2769 sta->supported_rates, sta->supported_rates_len,
2770 sta->listen_interval,
2771 sta->flags & WLAN_STA_HT ? &ht_cap : NULL,
2772 sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
2773 sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
2774 sta->vht_opmode, sta->p2p_ie ? 1 : 0,
2775 set)) {
2776 hostapd_logger(hapd, sta->addr,
2777 HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
2778 "Could not %s STA to kernel driver",
2779 set ? "set" : "add");
2780
2781 if (sta->added_unassoc) {
2782 hostapd_drv_sta_remove(hapd, sta->addr);
2783 sta->added_unassoc = 0;
2784 }
2785
2786 return -1;
2787 }
2788
2789 sta->added_unassoc = 0;
2790
2791 return 0;
2792 }
2793
2794
2795 static u16 send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta,
2796 const u8 *addr, u16 status_code, int reassoc,
2797 const u8 *ies, size_t ies_len)
2798 {
2799 int send_len;
2800 u8 *buf;
2801 size_t buflen;
2802 struct ieee80211_mgmt *reply;
2803 u8 *p;
2804 u16 res = WLAN_STATUS_SUCCESS;
2805
2806 buflen = sizeof(struct ieee80211_mgmt) + 1024;
2807 #ifdef CONFIG_FILS
2808 if (sta && sta->fils_hlp_resp)
2809 buflen += wpabuf_len(sta->fils_hlp_resp);
2810 #endif /* CONFIG_FILS */
2811 #ifdef CONFIG_OWE
2812 if (sta && (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE))
2813 buflen += 150;
2814 #endif /* CONFIG_OWE */
2815 buf = os_zalloc(buflen);
2816 if (!buf) {
2817 res = WLAN_STATUS_UNSPECIFIED_FAILURE;
2818 goto done;
2819 }
2820 reply = (struct ieee80211_mgmt *) buf;
2821 reply->frame_control =
2822 IEEE80211_FC(WLAN_FC_TYPE_MGMT,
2823 (reassoc ? WLAN_FC_STYPE_REASSOC_RESP :
2824 WLAN_FC_STYPE_ASSOC_RESP));
2825 os_memcpy(reply->da, addr, ETH_ALEN);
2826 os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN);
2827 os_memcpy(reply->bssid, hapd->own_addr, ETH_ALEN);
2828
2829 send_len = IEEE80211_HDRLEN;
2830 send_len += sizeof(reply->u.assoc_resp);
2831 reply->u.assoc_resp.capab_info =
2832 host_to_le16(hostapd_own_capab_info(hapd));
2833 reply->u.assoc_resp.status_code = host_to_le16(status_code);
2834
2835 reply->u.assoc_resp.aid = host_to_le16((sta ? sta->aid : 0) |
2836 BIT(14) | BIT(15));
2837 /* Supported rates */
2838 p = hostapd_eid_supp_rates(hapd, reply->u.assoc_resp.variable);
2839 /* Extended supported rates */
2840 p = hostapd_eid_ext_supp_rates(hapd, p);
2841
2842 #ifdef CONFIG_IEEE80211R_AP
2843 if (sta && status_code == WLAN_STATUS_SUCCESS) {
2844 /* IEEE 802.11r: Mobility Domain Information, Fast BSS
2845 * Transition Information, RSN, [RIC Response] */
2846 p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, p,
2847 buf + buflen - p,
2848 sta->auth_alg, ies, ies_len);
2849 }
2850 #endif /* CONFIG_IEEE80211R_AP */
2851
2852 #ifdef CONFIG_OWE
2853 if (sta && (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE))
2854 p = wpa_auth_write_assoc_resp_owe(sta->wpa_sm, p,
2855 buf + buflen - p,
2856 ies, ies_len);
2857 #endif /* CONFIG_OWE */
2858
2859 #ifdef CONFIG_IEEE80211W
2860 if (sta && status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY)
2861 p = hostapd_eid_assoc_comeback_time(hapd, sta, p);
2862 #endif /* CONFIG_IEEE80211W */
2863
2864 #ifdef CONFIG_IEEE80211N
2865 p = hostapd_eid_ht_capabilities(hapd, p);
2866 p = hostapd_eid_ht_operation(hapd, p);
2867 #endif /* CONFIG_IEEE80211N */
2868
2869 #ifdef CONFIG_IEEE80211AC
2870 if (hapd->iconf->ieee80211ac && !hapd->conf->disable_11ac) {
2871 u32 nsts = 0, sta_nsts;
2872
2873 if (sta && hapd->conf->use_sta_nsts && sta->vht_capabilities) {
2874 struct ieee80211_vht_capabilities *capa;
2875
2876 nsts = (hapd->iface->conf->vht_capab >>
2877 VHT_CAP_BEAMFORMEE_STS_OFFSET) & 7;
2878 capa = sta->vht_capabilities;
2879 sta_nsts = (le_to_host32(capa->vht_capabilities_info) >>
2880 VHT_CAP_BEAMFORMEE_STS_OFFSET) & 7;
2881
2882 if (nsts < sta_nsts)
2883 nsts = 0;
2884 else
2885 nsts = sta_nsts;
2886 }
2887 p = hostapd_eid_vht_capabilities(hapd, p, nsts);
2888 p = hostapd_eid_vht_operation(hapd, p);
2889 }
2890 #endif /* CONFIG_IEEE80211AC */
2891
2892 p = hostapd_eid_ext_capab(hapd, p);
2893 p = hostapd_eid_bss_max_idle_period(hapd, p);
2894 if (sta && sta->qos_map_enabled)
2895 p = hostapd_eid_qos_map_set(hapd, p);
2896
2897 #ifdef CONFIG_FST
2898 if (hapd->iface->fst_ies) {
2899 os_memcpy(p, wpabuf_head(hapd->iface->fst_ies),
2900 wpabuf_len(hapd->iface->fst_ies));
2901 p += wpabuf_len(hapd->iface->fst_ies);
2902 }
2903 #endif /* CONFIG_FST */
2904
2905 #ifdef CONFIG_IEEE80211AC
2906 if (sta && hapd->conf->vendor_vht && (sta->flags & WLAN_STA_VENDOR_VHT))
2907 p = hostapd_eid_vendor_vht(hapd, p);
2908 #endif /* CONFIG_IEEE80211AC */
2909
2910 if (sta && (sta->flags & WLAN_STA_WMM))
2911 p = hostapd_eid_wmm(hapd, p);
2912
2913 #ifdef CONFIG_WPS
2914 if (sta &&
2915 ((sta->flags & WLAN_STA_WPS) ||
2916 ((sta->flags & WLAN_STA_MAYBE_WPS) && hapd->conf->wpa))) {
2917 struct wpabuf *wps = wps_build_assoc_resp_ie();
2918 if (wps) {
2919 os_memcpy(p, wpabuf_head(wps), wpabuf_len(wps));
2920 p += wpabuf_len(wps);
2921 wpabuf_free(wps);
2922 }
2923 }
2924 #endif /* CONFIG_WPS */
2925
2926 #ifdef CONFIG_P2P
2927 if (sta && sta->p2p_ie && hapd->p2p_group) {
2928 struct wpabuf *p2p_resp_ie;
2929 enum p2p_status_code status;
2930 switch (status_code) {
2931 case WLAN_STATUS_SUCCESS:
2932 status = P2P_SC_SUCCESS;
2933 break;
2934 case WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA:
2935 status = P2P_SC_FAIL_LIMIT_REACHED;
2936 break;
2937 default:
2938 status = P2P_SC_FAIL_INVALID_PARAMS;
2939 break;
2940 }
2941 p2p_resp_ie = p2p_group_assoc_resp_ie(hapd->p2p_group, status);
2942 if (p2p_resp_ie) {
2943 os_memcpy(p, wpabuf_head(p2p_resp_ie),
2944 wpabuf_len(p2p_resp_ie));
2945 p += wpabuf_len(p2p_resp_ie);
2946 wpabuf_free(p2p_resp_ie);
2947 }
2948 }
2949 #endif /* CONFIG_P2P */
2950
2951 #ifdef CONFIG_P2P_MANAGER
2952 if (hapd->conf->p2p & P2P_MANAGE)
2953 p = hostapd_eid_p2p_manage(hapd, p);
2954 #endif /* CONFIG_P2P_MANAGER */
2955
2956 p = hostapd_eid_mbo(hapd, p, buf + buflen - p);
2957
2958 if (hapd->conf->assocresp_elements &&
2959 (size_t) (buf + buflen - p) >=
2960 wpabuf_len(hapd->conf->assocresp_elements)) {
2961 os_memcpy(p, wpabuf_head(hapd->conf->assocresp_elements),
2962 wpabuf_len(hapd->conf->assocresp_elements));
2963 p += wpabuf_len(hapd->conf->assocresp_elements);
2964 }
2965
2966 send_len += p - reply->u.assoc_resp.variable;
2967
2968 #ifdef CONFIG_FILS
2969 if (sta &&
2970 (sta->auth_alg == WLAN_AUTH_FILS_SK ||
2971 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
2972 sta->auth_alg == WLAN_AUTH_FILS_PK) &&
2973 status_code == WLAN_STATUS_SUCCESS) {
2974 struct ieee802_11_elems elems;
2975
2976 if (ieee802_11_parse_elems(ies, ies_len, &elems, 0) ==
2977 ParseFailed || !elems.fils_session) {
2978 res = WLAN_STATUS_UNSPECIFIED_FAILURE;
2979 goto done;
2980 }
2981
2982 /* FILS Session */
2983 *p++ = WLAN_EID_EXTENSION; /* Element ID */
2984 *p++ = 1 + FILS_SESSION_LEN; /* Length */
2985 *p++ = WLAN_EID_EXT_FILS_SESSION; /* Element ID Extension */
2986 os_memcpy(p, elems.fils_session, FILS_SESSION_LEN);
2987 send_len += 2 + 1 + FILS_SESSION_LEN;
2988
2989 send_len = fils_encrypt_assoc(sta->wpa_sm, buf, send_len,
2990 buflen, sta->fils_hlp_resp);
2991 if (send_len < 0) {
2992 res = WLAN_STATUS_UNSPECIFIED_FAILURE;
2993 goto done;
2994 }
2995 }
2996 #endif /* CONFIG_FILS */
2997
2998 #ifdef CONFIG_OWE
2999 if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) &&
3000 sta && sta->owe_ecdh &&
3001 wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE) {
3002 struct wpabuf *pub;
3003
3004 pub = crypto_ecdh_get_pubkey(sta->owe_ecdh, 0);
3005 if (!pub) {
3006 res = WLAN_STATUS_UNSPECIFIED_FAILURE;
3007 goto done;
3008 }
3009 /* OWE Diffie-Hellman Parameter element */
3010 *p++ = WLAN_EID_EXTENSION; /* Element ID */
3011 *p++ = 1 + 2 + wpabuf_len(pub); /* Length */
3012 *p++ = WLAN_EID_EXT_OWE_DH_PARAM; /* Element ID Extension */
3013 WPA_PUT_LE16(p, sta->owe_group);
3014 p += 2;
3015 os_memcpy(p, wpabuf_head(pub), wpabuf_len(pub));
3016 p += wpabuf_len(pub);
3017 send_len += 3 + 2 + wpabuf_len(pub);
3018 wpabuf_free(pub);
3019 }
3020 #endif /* CONFIG_OWE */
3021
3022 if (hostapd_drv_send_mlme(hapd, reply, send_len, 0) < 0) {
3023 wpa_printf(MSG_INFO, "Failed to send assoc resp: %s",
3024 strerror(errno));
3025 res = WLAN_STATUS_UNSPECIFIED_FAILURE;
3026 }
3027
3028 done:
3029 os_free(buf);
3030 return res;
3031 }
3032
3033
3034 #ifdef CONFIG_OWE
3035 u8 * owe_assoc_req_process(struct hostapd_data *hapd, struct sta_info *sta,
3036 const u8 *owe_dh, u8 owe_dh_len,
3037 u8 *owe_buf, size_t owe_buf_len, u16 *reason)
3038 {
3039 #ifdef CONFIG_TESTING_OPTIONS
3040 if (hapd->conf->own_ie_override) {
3041 wpa_printf(MSG_DEBUG, "OWE: Using IE override");
3042 *reason = WLAN_STATUS_SUCCESS;
3043 return wpa_auth_write_assoc_resp_owe(sta->wpa_sm, owe_buf,
3044 owe_buf_len, NULL, 0);
3045 }
3046 #endif /* CONFIG_TESTING_OPTIONS */
3047
3048 if (wpa_auth_sta_get_pmksa(sta->wpa_sm)) {
3049 wpa_printf(MSG_DEBUG, "OWE: Using PMKSA caching");
3050 owe_buf = wpa_auth_write_assoc_resp_owe(sta->wpa_sm, owe_buf,
3051 owe_buf_len, NULL, 0);
3052 *reason = WLAN_STATUS_SUCCESS;
3053 return owe_buf;
3054 }
3055
3056 *reason = owe_process_assoc_req(hapd, sta, owe_dh, owe_dh_len);
3057 if (*reason != WLAN_STATUS_SUCCESS)
3058 return NULL;
3059
3060 owe_buf = wpa_auth_write_assoc_resp_owe(sta->wpa_sm, owe_buf,
3061 owe_buf_len, NULL, 0);
3062
3063 if (sta->owe_ecdh && owe_buf) {
3064 struct wpabuf *pub;
3065
3066 pub = crypto_ecdh_get_pubkey(sta->owe_ecdh, 0);
3067 if (!pub) {
3068 *reason = WLAN_STATUS_UNSPECIFIED_FAILURE;
3069 return owe_buf;
3070 }
3071
3072 /* OWE Diffie-Hellman Parameter element */
3073 *owe_buf++ = WLAN_EID_EXTENSION; /* Element ID */
3074 *owe_buf++ = 1 + 2 + wpabuf_len(pub); /* Length */
3075 *owe_buf++ = WLAN_EID_EXT_OWE_DH_PARAM; /* Element ID Extension
3076 */
3077 WPA_PUT_LE16(owe_buf, sta->owe_group);
3078 owe_buf += 2;
3079 os_memcpy(owe_buf, wpabuf_head(pub), wpabuf_len(pub));
3080 owe_buf += wpabuf_len(pub);
3081 wpabuf_free(pub);
3082 }
3083
3084 return owe_buf;
3085 }
3086 #endif /* CONFIG_OWE */
3087
3088
3089 #ifdef CONFIG_FILS
3090
3091 void fils_hlp_finish_assoc(struct hostapd_data *hapd, struct sta_info *sta)
3092 {
3093 u16 reply_res;
3094
3095 wpa_printf(MSG_DEBUG, "FILS: Finish association with " MACSTR,
3096 MAC2STR(sta->addr));
3097 eloop_cancel_timeout(fils_hlp_timeout, hapd, sta);
3098 if (!sta->fils_pending_assoc_req)
3099 return;
3100 reply_res = send_assoc_resp(hapd, sta, sta->addr, WLAN_STATUS_SUCCESS,
3101 sta->fils_pending_assoc_is_reassoc,
3102 sta->fils_pending_assoc_req,
3103 sta->fils_pending_assoc_req_len);
3104 os_free(sta->fils_pending_assoc_req);
3105 sta->fils_pending_assoc_req = NULL;
3106 sta->fils_pending_assoc_req_len = 0;
3107 wpabuf_free(sta->fils_hlp_resp);
3108 sta->fils_hlp_resp = NULL;
3109 wpabuf_free(sta->hlp_dhcp_discover);
3110 sta->hlp_dhcp_discover = NULL;
3111
3112 /*
3113 * Remove the station in case transmission of a success response fails.
3114 * At this point the station was already added associated to the driver.
3115 */
3116 if (reply_res != WLAN_STATUS_SUCCESS)
3117 hostapd_drv_sta_remove(hapd, sta->addr);
3118 }
3119
3120
3121 void fils_hlp_timeout(void *eloop_ctx, void *eloop_data)
3122 {
3123 struct hostapd_data *hapd = eloop_ctx;
3124 struct sta_info *sta = eloop_data;
3125
3126 wpa_printf(MSG_DEBUG,
3127 "FILS: HLP response timeout - continue with association response for "
3128 MACSTR, MAC2STR(sta->addr));
3129 if (sta->fils_drv_assoc_finish)
3130 hostapd_notify_assoc_fils_finish(hapd, sta);
3131 else
3132 fils_hlp_finish_assoc(hapd, sta);
3133 }
3134
3135 #endif /* CONFIG_FILS */
3136
3137
3138 static void handle_assoc(struct hostapd_data *hapd,
3139 const struct ieee80211_mgmt *mgmt, size_t len,
3140 int reassoc)
3141 {
3142 u16 capab_info, listen_interval, seq_ctrl, fc;
3143 u16 resp = WLAN_STATUS_SUCCESS, reply_res;
3144 const u8 *pos;
3145 int left, i;
3146 struct sta_info *sta;
3147 u8 *tmp = NULL;
3148 struct hostapd_sta_wpa_psk_short *psk = NULL;
3149 char *identity = NULL;
3150 char *radius_cui = NULL;
3151 #ifdef CONFIG_FILS
3152 int delay_assoc = 0;
3153 #endif /* CONFIG_FILS */
3154
3155 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) :
3156 sizeof(mgmt->u.assoc_req))) {
3157 wpa_printf(MSG_INFO, "handle_assoc(reassoc=%d) - too short payload (len=%lu)",
3158 reassoc, (unsigned long) len);
3159 return;
3160 }
3161
3162 #ifdef CONFIG_TESTING_OPTIONS
3163 if (reassoc) {
3164 if (hapd->iconf->ignore_reassoc_probability > 0.0 &&
3165 drand48() < hapd->iconf->ignore_reassoc_probability) {
3166 wpa_printf(MSG_INFO,
3167 "TESTING: ignoring reassoc request from "
3168 MACSTR, MAC2STR(mgmt->sa));
3169 return;
3170 }
3171 } else {
3172 if (hapd->iconf->ignore_assoc_probability > 0.0 &&
3173 drand48() < hapd->iconf->ignore_assoc_probability) {
3174 wpa_printf(MSG_INFO,
3175 "TESTING: ignoring assoc request from "
3176 MACSTR, MAC2STR(mgmt->sa));
3177 return;
3178 }
3179 }
3180 #endif /* CONFIG_TESTING_OPTIONS */
3181
3182 fc = le_to_host16(mgmt->frame_control);
3183 seq_ctrl = le_to_host16(mgmt->seq_ctrl);
3184
3185 if (reassoc) {
3186 capab_info = le_to_host16(mgmt->u.reassoc_req.capab_info);
3187 listen_interval = le_to_host16(
3188 mgmt->u.reassoc_req.listen_interval);
3189 wpa_printf(MSG_DEBUG, "reassociation request: STA=" MACSTR
3190 " capab_info=0x%02x listen_interval=%d current_ap="
3191 MACSTR " seq_ctrl=0x%x%s",
3192 MAC2STR(mgmt->sa), capab_info, listen_interval,
3193 MAC2STR(mgmt->u.reassoc_req.current_ap),
3194 seq_ctrl, (fc & WLAN_FC_RETRY) ? " retry" : "");
3195 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.reassoc_req));
3196 pos = mgmt->u.reassoc_req.variable;
3197 } else {
3198 capab_info = le_to_host16(mgmt->u.assoc_req.capab_info);
3199 listen_interval = le_to_host16(
3200 mgmt->u.assoc_req.listen_interval);
3201 wpa_printf(MSG_DEBUG, "association request: STA=" MACSTR
3202 " capab_info=0x%02x listen_interval=%d "
3203 "seq_ctrl=0x%x%s",
3204 MAC2STR(mgmt->sa), capab_info, listen_interval,
3205 seq_ctrl, (fc & WLAN_FC_RETRY) ? " retry" : "");
3206 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.assoc_req));
3207 pos = mgmt->u.assoc_req.variable;
3208 }
3209
3210 sta = ap_get_sta(hapd, mgmt->sa);
3211 #ifdef CONFIG_IEEE80211R_AP
3212 if (sta && sta->auth_alg == WLAN_AUTH_FT &&
3213 (sta->flags & WLAN_STA_AUTH) == 0) {
3214 wpa_printf(MSG_DEBUG, "FT: Allow STA " MACSTR " to associate "
3215 "prior to authentication since it is using "
3216 "over-the-DS FT", MAC2STR(mgmt->sa));
3217
3218 /*
3219 * Mark station as authenticated, to avoid adding station
3220 * entry in the driver as associated and not authenticated
3221 */
3222 sta->flags |= WLAN_STA_AUTH;
3223 } else
3224 #endif /* CONFIG_IEEE80211R_AP */
3225 if (sta == NULL || (sta->flags & WLAN_STA_AUTH) == 0) {
3226 if (hapd->iface->current_mode &&
3227 hapd->iface->current_mode->mode ==
3228 HOSTAPD_MODE_IEEE80211AD) {
3229 int acl_res;
3230 u32 session_timeout, acct_interim_interval;
3231 struct vlan_description vlan_id;
3232
3233 acl_res = ieee802_11_allowed_address(
3234 hapd, mgmt->sa, (const u8 *) mgmt, len,
3235 &session_timeout, &acct_interim_interval,
3236 &vlan_id, &psk, &identity, &radius_cui, 0);
3237 if (acl_res == HOSTAPD_ACL_REJECT) {
3238 wpa_msg(hapd->msg_ctx, MSG_DEBUG,
3239 "Ignore Association Request frame from "
3240 MACSTR " due to ACL reject",
3241 MAC2STR(mgmt->sa));
3242 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
3243 goto fail;
3244 }
3245 if (acl_res == HOSTAPD_ACL_PENDING)
3246 return;
3247
3248 /* DMG/IEEE 802.11ad does not use authentication.
3249 * Allocate sta entry upon association. */
3250 sta = ap_sta_add(hapd, mgmt->sa);
3251 if (!sta) {
3252 hostapd_logger(hapd, mgmt->sa,
3253 HOSTAPD_MODULE_IEEE80211,
3254 HOSTAPD_LEVEL_INFO,
3255 "Failed to add STA");
3256 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
3257 goto fail;
3258 }
3259
3260 acl_res = ieee802_11_set_radius_info(
3261 hapd, sta, acl_res, session_timeout,
3262 acct_interim_interval, &vlan_id, &psk,
3263 &identity, &radius_cui);
3264 if (acl_res) {
3265 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
3266 goto fail;
3267 }
3268
3269 hostapd_logger(hapd, sta->addr,
3270 HOSTAPD_MODULE_IEEE80211,
3271 HOSTAPD_LEVEL_DEBUG,
3272 "Skip authentication for DMG/IEEE 802.11ad");
3273 sta->flags |= WLAN_STA_AUTH;
3274 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
3275 sta->auth_alg = WLAN_AUTH_OPEN;
3276 } else {
3277 hostapd_logger(hapd, mgmt->sa,
3278 HOSTAPD_MODULE_IEEE80211,
3279 HOSTAPD_LEVEL_INFO,
3280 "Station tried to associate before authentication (aid=%d flags=0x%x)",
3281 sta ? sta->aid : -1,
3282 sta ? sta->flags : 0);
3283 send_deauth(hapd, mgmt->sa,
3284 WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA);
3285 return;
3286 }
3287 }
3288
3289 if ((fc & WLAN_FC_RETRY) &&
3290 sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ &&
3291 sta->last_seq_ctrl == seq_ctrl &&
3292 sta->last_subtype == (reassoc ? WLAN_FC_STYPE_REASSOC_REQ :
3293 WLAN_FC_STYPE_ASSOC_REQ)) {
3294 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
3295 HOSTAPD_LEVEL_DEBUG,
3296 "Drop repeated association frame seq_ctrl=0x%x",
3297 seq_ctrl);
3298 return;
3299 }
3300 sta->last_seq_ctrl = seq_ctrl;
3301 sta->last_subtype = reassoc ? WLAN_FC_STYPE_REASSOC_REQ :
3302 WLAN_FC_STYPE_ASSOC_REQ;
3303
3304 if (hapd->tkip_countermeasures) {
3305 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
3306 goto fail;
3307 }
3308
3309 if (listen_interval > hapd->conf->max_listen_interval) {
3310 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
3311 HOSTAPD_LEVEL_DEBUG,
3312 "Too large Listen Interval (%d)",
3313 listen_interval);
3314 resp = WLAN_STATUS_ASSOC_DENIED_LISTEN_INT_TOO_LARGE;
3315 goto fail;
3316 }
3317
3318 #ifdef CONFIG_MBO
3319 if (hapd->conf->mbo_enabled && hapd->mbo_assoc_disallow) {
3320 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
3321 goto fail;
3322 }
3323 #endif /* CONFIG_MBO */
3324
3325 /*
3326 * sta->capability is used in check_assoc_ies() for RRM enabled
3327 * capability element.
3328 */
3329 sta->capability = capab_info;
3330
3331 #ifdef CONFIG_FILS
3332 if (sta->auth_alg == WLAN_AUTH_FILS_SK ||
3333 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
3334 sta->auth_alg == WLAN_AUTH_FILS_PK) {
3335 int res;
3336
3337 /* The end of the payload is encrypted. Need to decrypt it
3338 * before parsing. */
3339
3340 tmp = os_memdup(pos, left);
3341 if (!tmp) {
3342 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
3343 goto fail;
3344 }
3345
3346 res = fils_decrypt_assoc(sta->wpa_sm, sta->fils_session, mgmt,
3347 len, tmp, left);
3348 if (res < 0) {
3349 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
3350 goto fail;
3351 }
3352 pos = tmp;
3353 left = res;
3354 }
3355 #endif /* CONFIG_FILS */
3356
3357 /* followed by SSID and Supported rates; and HT capabilities if 802.11n
3358 * is used */
3359 resp = check_assoc_ies(hapd, sta, pos, left, reassoc);
3360 if (resp != WLAN_STATUS_SUCCESS)
3361 goto fail;
3362
3363 if (hostapd_get_aid(hapd, sta) < 0) {
3364 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
3365 HOSTAPD_LEVEL_INFO, "No room for more AIDs");
3366 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
3367 goto fail;
3368 }
3369
3370 sta->listen_interval = listen_interval;
3371
3372 if (hapd->iface->current_mode &&
3373 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G)
3374 sta->flags |= WLAN_STA_NONERP;
3375 for (i = 0; i < sta->supported_rates_len; i++) {
3376 if ((sta->supported_rates[i] & 0x7f) > 22) {
3377 sta->flags &= ~WLAN_STA_NONERP;
3378 break;
3379 }
3380 }
3381 if (sta->flags & WLAN_STA_NONERP && !sta->nonerp_set) {
3382 sta->nonerp_set = 1;
3383 hapd->iface->num_sta_non_erp++;
3384 if (hapd->iface->num_sta_non_erp == 1)
3385 ieee802_11_set_beacons(hapd->iface);
3386 }
3387
3388 if (!(sta->capability & WLAN_CAPABILITY_SHORT_SLOT_TIME) &&
3389 !sta->no_short_slot_time_set) {
3390 sta->no_short_slot_time_set = 1;
3391 hapd->iface->num_sta_no_short_slot_time++;
3392 if (hapd->iface->current_mode &&
3393 hapd->iface->current_mode->mode ==
3394 HOSTAPD_MODE_IEEE80211G &&
3395 hapd->iface->num_sta_no_short_slot_time == 1)
3396 ieee802_11_set_beacons(hapd->iface);
3397 }
3398
3399 if (sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE)
3400 sta->flags |= WLAN_STA_SHORT_PREAMBLE;
3401 else
3402 sta->flags &= ~WLAN_STA_SHORT_PREAMBLE;
3403
3404 if (!(sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE) &&
3405 !sta->no_short_preamble_set) {
3406 sta->no_short_preamble_set = 1;
3407 hapd->iface->num_sta_no_short_preamble++;
3408 if (hapd->iface->current_mode &&
3409 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G
3410 && hapd->iface->num_sta_no_short_preamble == 1)
3411 ieee802_11_set_beacons(hapd->iface);
3412 }
3413
3414 #ifdef CONFIG_IEEE80211N
3415 update_ht_state(hapd, sta);
3416 #endif /* CONFIG_IEEE80211N */
3417
3418 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
3419 HOSTAPD_LEVEL_DEBUG,
3420 "association OK (aid %d)", sta->aid);
3421 /* Station will be marked associated, after it acknowledges AssocResp
3422 */
3423 sta->flags |= WLAN_STA_ASSOC_REQ_OK;
3424
3425 #ifdef CONFIG_IEEE80211W
3426 if ((sta->flags & WLAN_STA_MFP) && sta->sa_query_timed_out) {
3427 wpa_printf(MSG_DEBUG, "Allowing %sassociation after timed out "
3428 "SA Query procedure", reassoc ? "re" : "");
3429 /* TODO: Send a protected Disassociate frame to the STA using
3430 * the old key and Reason Code "Previous Authentication no
3431 * longer valid". Make sure this is only sent protected since
3432 * unprotected frame would be received by the STA that is now
3433 * trying to associate.
3434 */
3435 }
3436 #endif /* CONFIG_IEEE80211W */
3437
3438 /* Make sure that the previously registered inactivity timer will not
3439 * remove the STA immediately. */
3440 sta->timeout_next = STA_NULLFUNC;
3441
3442 #ifdef CONFIG_TAXONOMY
3443 taxonomy_sta_info_assoc_req(hapd, sta, pos, left);
3444 #endif /* CONFIG_TAXONOMY */
3445
3446 sta->pending_wds_enable = 0;
3447
3448 #ifdef CONFIG_FILS
3449 if (sta->auth_alg == WLAN_AUTH_FILS_SK ||
3450 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
3451 sta->auth_alg == WLAN_AUTH_FILS_PK) {
3452 if (fils_process_hlp(hapd, sta, pos, left) > 0)
3453 delay_assoc = 1;
3454 }
3455 #endif /* CONFIG_FILS */
3456
3457 fail:
3458 os_free(identity);
3459 os_free(radius_cui);
3460 hostapd_free_psk_list(psk);
3461
3462 /*
3463 * In case of a successful response, add the station to the driver.
3464 * Otherwise, the kernel may ignore Data frames before we process the
3465 * ACK frame (TX status). In case of a failure, this station will be
3466 * removed.
3467 *
3468 * Note that this is not compliant with the IEEE 802.11 standard that
3469 * states that a non-AP station should transition into the
3470 * authenticated/associated state only after the station acknowledges
3471 * the (Re)Association Response frame. However, still do this as:
3472 *
3473 * 1. In case the station does not acknowledge the (Re)Association
3474 * Response frame, it will be removed.
3475 * 2. Data frames will be dropped in the kernel until the station is
3476 * set into authorized state, and there are no significant known
3477 * issues with processing other non-Data Class 3 frames during this
3478 * window.
3479 */
3480 if (resp == WLAN_STATUS_SUCCESS && sta && add_associated_sta(hapd, sta))
3481 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
3482
3483 #ifdef CONFIG_FILS
3484 if (sta) {
3485 eloop_cancel_timeout(fils_hlp_timeout, hapd, sta);
3486 os_free(sta->fils_pending_assoc_req);
3487 sta->fils_pending_assoc_req = NULL;
3488 sta->fils_pending_assoc_req_len = 0;
3489 wpabuf_free(sta->fils_hlp_resp);
3490 sta->fils_hlp_resp = NULL;
3491 }
3492 if (sta && delay_assoc && resp == WLAN_STATUS_SUCCESS) {
3493 sta->fils_pending_assoc_req = tmp;
3494 sta->fils_pending_assoc_req_len = left;
3495 sta->fils_pending_assoc_is_reassoc = reassoc;
3496 sta->fils_drv_assoc_finish = 0;
3497 wpa_printf(MSG_DEBUG,
3498 "FILS: Waiting for HLP processing before sending (Re)Association Response frame to "
3499 MACSTR, MAC2STR(sta->addr));
3500 eloop_cancel_timeout(fils_hlp_timeout, hapd, sta);
3501 eloop_register_timeout(0, hapd->conf->fils_hlp_wait_time * 1024,
3502 fils_hlp_timeout, hapd, sta);
3503 return;
3504 }
3505 #endif /* CONFIG_FILS */
3506
3507 reply_res = send_assoc_resp(hapd, sta, mgmt->sa, resp, reassoc, pos,
3508 left);
3509 os_free(tmp);
3510
3511 /*
3512 * Remove the station in case tranmission of a success response fails
3513 * (the STA was added associated to the driver) or if the station was
3514 * previously added unassociated.
3515 */
3516 if (sta && ((reply_res != WLAN_STATUS_SUCCESS &&
3517 resp == WLAN_STATUS_SUCCESS) || sta->added_unassoc)) {
3518 hostapd_drv_sta_remove(hapd, sta->addr);
3519 sta->added_unassoc = 0;
3520 }
3521 }
3522
3523
3524 static void handle_disassoc(struct hostapd_data *hapd,
3525 const struct ieee80211_mgmt *mgmt, size_t len)
3526 {
3527 struct sta_info *sta;
3528
3529 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.disassoc)) {
3530 wpa_printf(MSG_INFO, "handle_disassoc - too short payload (len=%lu)",
3531 (unsigned long) len);
3532 return;
3533 }
3534
3535 wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d",
3536 MAC2STR(mgmt->sa),
3537 le_to_host16(mgmt->u.disassoc.reason_code));
3538
3539 sta = ap_get_sta(hapd, mgmt->sa);
3540 if (sta == NULL) {
3541 wpa_printf(MSG_INFO, "Station " MACSTR " trying to disassociate, but it is not associated",
3542 MAC2STR(mgmt->sa));
3543 return;
3544 }
3545
3546 ap_sta_set_authorized(hapd, sta, 0);
3547 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
3548 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK);
3549 wpa_auth_sm_event(sta->wpa_sm, WPA_DISASSOC);
3550 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
3551 HOSTAPD_LEVEL_INFO, "disassociated");
3552 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST;
3553 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
3554 /* Stop Accounting and IEEE 802.1X sessions, but leave the STA
3555 * authenticated. */
3556 accounting_sta_stop(hapd, sta);
3557 ieee802_1x_free_station(hapd, sta);
3558 if (sta->ipaddr)
3559 hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr);
3560 ap_sta_ip6addr_del(hapd, sta);
3561 hostapd_drv_sta_remove(hapd, sta->addr);
3562 sta->added_unassoc = 0;
3563
3564 if (sta->timeout_next == STA_NULLFUNC ||
3565 sta->timeout_next == STA_DISASSOC) {
3566 sta->timeout_next = STA_DEAUTH;
3567 eloop_cancel_timeout(ap_handle_timer, hapd, sta);
3568 eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer,
3569 hapd, sta);
3570 }
3571
3572 mlme_disassociate_indication(
3573 hapd, sta, le_to_host16(mgmt->u.disassoc.reason_code));
3574
3575 /* DMG/IEEE 802.11ad does not use deauthication. Deallocate sta upon
3576 * disassociation. */
3577 if (hapd->iface->current_mode &&
3578 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) {
3579 sta->flags &= ~WLAN_STA_AUTH;
3580 wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH);
3581 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
3582 HOSTAPD_LEVEL_DEBUG, "deauthenticated");
3583 ap_free_sta(hapd, sta);
3584 }
3585 }
3586
3587
3588 static void handle_deauth(struct hostapd_data *hapd,
3589 const struct ieee80211_mgmt *mgmt, size_t len)
3590 {
3591 struct sta_info *sta;
3592
3593 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.deauth)) {
3594 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "handle_deauth - too short "
3595 "payload (len=%lu)", (unsigned long) len);
3596 return;
3597 }
3598
3599 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "deauthentication: STA=" MACSTR
3600 " reason_code=%d",
3601 MAC2STR(mgmt->sa), le_to_host16(mgmt->u.deauth.reason_code));
3602
3603 sta = ap_get_sta(hapd, mgmt->sa);
3604 if (sta == NULL) {
3605 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR " trying "
3606 "to deauthenticate, but it is not authenticated",
3607 MAC2STR(mgmt->sa));
3608 return;
3609 }
3610
3611 ap_sta_set_authorized(hapd, sta, 0);
3612 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
3613 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC |
3614 WLAN_STA_ASSOC_REQ_OK);
3615 wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH);
3616 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
3617 HOSTAPD_LEVEL_DEBUG, "deauthenticated");
3618 mlme_deauthenticate_indication(
3619 hapd, sta, le_to_host16(mgmt->u.deauth.reason_code));
3620 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST;
3621 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
3622 ap_free_sta(hapd, sta);
3623 }
3624
3625
3626 static void handle_beacon(struct hostapd_data *hapd,
3627 const struct ieee80211_mgmt *mgmt, size_t len,
3628 struct hostapd_frame_info *fi)
3629 {
3630 struct ieee802_11_elems elems;
3631
3632 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.beacon)) {
3633 wpa_printf(MSG_INFO, "handle_beacon - too short payload (len=%lu)",
3634 (unsigned long) len);
3635 return;
3636 }
3637
3638 (void) ieee802_11_parse_elems(mgmt->u.beacon.variable,
3639 len - (IEEE80211_HDRLEN +
3640 sizeof(mgmt->u.beacon)), &elems,
3641 0);
3642
3643 ap_list_process_beacon(hapd->iface, mgmt, &elems, fi);
3644 }
3645
3646
3647 #ifdef CONFIG_IEEE80211W
3648
3649 static int hostapd_sa_query_action(struct hostapd_data *hapd,
3650 const struct ieee80211_mgmt *mgmt,
3651 size_t len)
3652 {
3653 const u8 *end;
3654
3655 end = mgmt->u.action.u.sa_query_resp.trans_id +
3656 WLAN_SA_QUERY_TR_ID_LEN;
3657 if (((u8 *) mgmt) + len < end) {
3658 wpa_printf(MSG_DEBUG, "IEEE 802.11: Too short SA Query Action "
3659 "frame (len=%lu)", (unsigned long) len);
3660 return 0;
3661 }
3662
3663 ieee802_11_sa_query_action(hapd, mgmt->sa,
3664 mgmt->u.action.u.sa_query_resp.action,
3665 mgmt->u.action.u.sa_query_resp.trans_id);
3666 return 1;
3667 }
3668
3669
3670 static int robust_action_frame(u8 category)
3671 {
3672 return category != WLAN_ACTION_PUBLIC &&
3673 category != WLAN_ACTION_HT;
3674 }
3675 #endif /* CONFIG_IEEE80211W */
3676
3677
3678 static int handle_action(struct hostapd_data *hapd,
3679 const struct ieee80211_mgmt *mgmt, size_t len,
3680 unsigned int freq)
3681 {
3682 struct sta_info *sta;
3683 sta = ap_get_sta(hapd, mgmt->sa);
3684
3685 if (len < IEEE80211_HDRLEN + 1) {
3686 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
3687 HOSTAPD_LEVEL_DEBUG,
3688 "handle_action - too short payload (len=%lu)",
3689 (unsigned long) len);
3690 return 0;
3691 }
3692
3693 if (mgmt->u.action.category != WLAN_ACTION_PUBLIC &&
3694 (sta == NULL || !(sta->flags & WLAN_STA_ASSOC))) {
3695 wpa_printf(MSG_DEBUG, "IEEE 802.11: Ignored Action "
3696 "frame (category=%u) from unassociated STA " MACSTR,
3697 mgmt->u.action.category, MAC2STR(mgmt->sa));
3698 return 0;
3699 }
3700
3701 #ifdef CONFIG_IEEE80211W
3702 if (sta && (sta->flags & WLAN_STA_MFP) &&
3703 !(mgmt->frame_control & host_to_le16(WLAN_FC_ISWEP)) &&
3704 robust_action_frame(mgmt->u.action.category)) {
3705 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
3706 HOSTAPD_LEVEL_DEBUG,
3707 "Dropped unprotected Robust Action frame from "
3708 "an MFP STA");
3709 return 0;
3710 }
3711 #endif /* CONFIG_IEEE80211W */
3712
3713 if (sta) {
3714 u16 fc = le_to_host16(mgmt->frame_control);
3715 u16 seq_ctrl = le_to_host16(mgmt->seq_ctrl);
3716
3717 if ((fc & WLAN_FC_RETRY) &&
3718 sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ &&
3719 sta->last_seq_ctrl == seq_ctrl &&
3720 sta->last_subtype == WLAN_FC_STYPE_ACTION) {
3721 hostapd_logger(hapd, sta->addr,
3722 HOSTAPD_MODULE_IEEE80211,
3723 HOSTAPD_LEVEL_DEBUG,
3724 "Drop repeated action frame seq_ctrl=0x%x",
3725 seq_ctrl);
3726 return 1;
3727 }
3728
3729 sta->last_seq_ctrl = seq_ctrl;
3730 sta->last_subtype = WLAN_FC_STYPE_ACTION;
3731 }
3732
3733 switch (mgmt->u.action.category) {
3734 #ifdef CONFIG_IEEE80211R_AP
3735 case WLAN_ACTION_FT:
3736 if (!sta ||
3737 wpa_ft_action_rx(sta->wpa_sm, (u8 *) &mgmt->u.action,
3738 len - IEEE80211_HDRLEN))
3739 break;
3740 return 1;
3741 #endif /* CONFIG_IEEE80211R_AP */
3742 case WLAN_ACTION_WMM:
3743 hostapd_wmm_action(hapd, mgmt, len);
3744 return 1;
3745 #ifdef CONFIG_IEEE80211W
3746 case WLAN_ACTION_SA_QUERY:
3747 return hostapd_sa_query_action(hapd, mgmt, len);
3748 #endif /* CONFIG_IEEE80211W */
3749 #ifdef CONFIG_WNM_AP
3750 case WLAN_ACTION_WNM:
3751 ieee802_11_rx_wnm_action_ap(hapd, mgmt, len);
3752 return 1;
3753 #endif /* CONFIG_WNM_AP */
3754 #ifdef CONFIG_FST
3755 case WLAN_ACTION_FST:
3756 if (hapd->iface->fst)
3757 fst_rx_action(hapd->iface->fst, mgmt, len);
3758 else
3759 wpa_printf(MSG_DEBUG,
3760 "FST: Ignore FST Action frame - no FST attached");
3761 return 1;
3762 #endif /* CONFIG_FST */
3763 case WLAN_ACTION_PUBLIC:
3764 case WLAN_ACTION_PROTECTED_DUAL:
3765 #ifdef CONFIG_IEEE80211N
3766 if (len >= IEEE80211_HDRLEN + 2 &&
3767 mgmt->u.action.u.public_action.action ==
3768 WLAN_PA_20_40_BSS_COEX) {
3769 hostapd_2040_coex_action(hapd, mgmt, len);
3770 return 1;
3771 }
3772 #endif /* CONFIG_IEEE80211N */
3773 #ifdef CONFIG_DPP
3774 if (len >= IEEE80211_HDRLEN + 6 &&
3775 mgmt->u.action.u.vs_public_action.action ==
3776 WLAN_PA_VENDOR_SPECIFIC &&
3777 WPA_GET_BE24(mgmt->u.action.u.vs_public_action.oui) ==
3778 OUI_WFA &&
3779 mgmt->u.action.u.vs_public_action.variable[0] ==
3780 DPP_OUI_TYPE) {
3781 const u8 *pos, *end;
3782
3783 pos = mgmt->u.action.u.vs_public_action.oui;
3784 end = ((const u8 *) mgmt) + len;
3785 hostapd_dpp_rx_action(hapd, mgmt->sa, pos, end - pos,
3786 freq);
3787 return 1;
3788 }
3789 if (len >= IEEE80211_HDRLEN + 2 &&
3790 (mgmt->u.action.u.public_action.action ==
3791 WLAN_PA_GAS_INITIAL_RESP ||
3792 mgmt->u.action.u.public_action.action ==
3793 WLAN_PA_GAS_COMEBACK_RESP)) {
3794 const u8 *pos, *end;
3795
3796 pos = &mgmt->u.action.u.public_action.action;
3797 end = ((const u8 *) mgmt) + len;
3798 gas_query_ap_rx(hapd->gas, mgmt->sa,
3799 mgmt->u.action.category,
3800 pos, end - pos, hapd->iface->freq);
3801 return 1;
3802 }
3803 #endif /* CONFIG_DPP */
3804 if (hapd->public_action_cb) {
3805 hapd->public_action_cb(hapd->public_action_cb_ctx,
3806 (u8 *) mgmt, len,
3807 hapd->iface->freq);
3808 }
3809 if (hapd->public_action_cb2) {
3810 hapd->public_action_cb2(hapd->public_action_cb2_ctx,
3811 (u8 *) mgmt, len,
3812 hapd->iface->freq);
3813 }
3814 if (hapd->public_action_cb || hapd->public_action_cb2)
3815 return 1;
3816 break;
3817 case WLAN_ACTION_VENDOR_SPECIFIC:
3818 if (hapd->vendor_action_cb) {
3819 if (hapd->vendor_action_cb(hapd->vendor_action_cb_ctx,
3820 (u8 *) mgmt, len,
3821 hapd->iface->freq) == 0)
3822 return 1;
3823 }
3824 break;
3825 case WLAN_ACTION_RADIO_MEASUREMENT:
3826 hostapd_handle_radio_measurement(hapd, (const u8 *) mgmt, len);
3827 return 1;
3828 }
3829
3830 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
3831 HOSTAPD_LEVEL_DEBUG,
3832 "handle_action - unknown action category %d or invalid "
3833 "frame",
3834 mgmt->u.action.category);
3835 if (!is_multicast_ether_addr(mgmt->da) &&
3836 !(mgmt->u.action.category & 0x80) &&
3837 !is_multicast_ether_addr(mgmt->sa)) {
3838 struct ieee80211_mgmt *resp;
3839
3840 /*
3841 * IEEE 802.11-REVma/D9.0 - 7.3.1.11
3842 * Return the Action frame to the source without change
3843 * except that MSB of the Category set to 1.
3844 */
3845 wpa_printf(MSG_DEBUG, "IEEE 802.11: Return unknown Action "
3846 "frame back to sender");
3847 resp = os_memdup(mgmt, len);
3848 if (resp == NULL)
3849 return 0;
3850 os_memcpy(resp->da, resp->sa, ETH_ALEN);
3851 os_memcpy(resp->sa, hapd->own_addr, ETH_ALEN);
3852 os_memcpy(resp->bssid, hapd->own_addr, ETH_ALEN);
3853 resp->u.action.category |= 0x80;
3854
3855 if (hostapd_drv_send_mlme(hapd, resp, len, 0) < 0) {
3856 wpa_printf(MSG_ERROR, "IEEE 802.11: Failed to send "
3857 "Action frame");
3858 }
3859 os_free(resp);
3860 }
3861
3862 return 1;
3863 }
3864
3865
3866 /**
3867 * ieee802_11_mgmt - process incoming IEEE 802.11 management frames
3868 * @hapd: hostapd BSS data structure (the BSS to which the management frame was
3869 * sent to)
3870 * @buf: management frame data (starting from IEEE 802.11 header)
3871 * @len: length of frame data in octets
3872 * @fi: meta data about received frame (signal level, etc.)
3873 *
3874 * Process all incoming IEEE 802.11 management frames. This will be called for
3875 * each frame received from the kernel driver through wlan#ap interface. In
3876 * addition, it can be called to re-inserted pending frames (e.g., when using
3877 * external RADIUS server as an MAC ACL).
3878 */
3879 int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
3880 struct hostapd_frame_info *fi)
3881 {
3882 struct ieee80211_mgmt *mgmt;
3883 u16 fc, stype;
3884 int ret = 0;
3885 unsigned int freq;
3886 int ssi_signal = fi ? fi->ssi_signal : 0;
3887
3888 if (len < 24)
3889 return 0;
3890
3891 if (fi && fi->freq)
3892 freq = fi->freq;
3893 else
3894 freq = hapd->iface->freq;
3895
3896 mgmt = (struct ieee80211_mgmt *) buf;
3897 fc = le_to_host16(mgmt->frame_control);
3898 stype = WLAN_FC_GET_STYPE(fc);
3899
3900 if (stype == WLAN_FC_STYPE_BEACON) {
3901 handle_beacon(hapd, mgmt, len, fi);
3902 return 1;
3903 }
3904
3905 if (!is_broadcast_ether_addr(mgmt->bssid) &&
3906 #ifdef CONFIG_P2P
3907 /* Invitation responses can be sent with the peer MAC as BSSID */
3908 !((hapd->conf->p2p & P2P_GROUP_OWNER) &&
3909 stype == WLAN_FC_STYPE_ACTION) &&
3910 #endif /* CONFIG_P2P */
3911 #ifdef CONFIG_MESH
3912 !(hapd->conf->mesh & MESH_ENABLED) &&
3913 #endif /* CONFIG_MESH */
3914 os_memcmp(mgmt->bssid, hapd->own_addr, ETH_ALEN) != 0) {
3915 wpa_printf(MSG_INFO, "MGMT: BSSID=" MACSTR " not our address",
3916 MAC2STR(mgmt->bssid));
3917 return 0;
3918 }
3919
3920
3921 if (stype == WLAN_FC_STYPE_PROBE_REQ) {
3922 handle_probe_req(hapd, mgmt, len, ssi_signal);
3923 return 1;
3924 }
3925
3926 if ((!is_broadcast_ether_addr(mgmt->da) ||
3927 stype != WLAN_FC_STYPE_ACTION) &&
3928 os_memcmp(mgmt->da, hapd->own_addr, ETH_ALEN) != 0) {
3929 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
3930 HOSTAPD_LEVEL_DEBUG,
3931 "MGMT: DA=" MACSTR " not our address",
3932 MAC2STR(mgmt->da));
3933 return 0;
3934 }
3935
3936 if (hapd->iconf->track_sta_max_num)
3937 sta_track_add(hapd->iface, mgmt->sa, ssi_signal);
3938
3939 switch (stype) {
3940 case WLAN_FC_STYPE_AUTH:
3941 wpa_printf(MSG_DEBUG, "mgmt::auth");
3942 handle_auth(hapd, mgmt, len);
3943 ret = 1;
3944 break;
3945 case WLAN_FC_STYPE_ASSOC_REQ:
3946 wpa_printf(MSG_DEBUG, "mgmt::assoc_req");
3947 handle_assoc(hapd, mgmt, len, 0);
3948 ret = 1;
3949 break;
3950 case WLAN_FC_STYPE_REASSOC_REQ:
3951 wpa_printf(MSG_DEBUG, "mgmt::reassoc_req");
3952 handle_assoc(hapd, mgmt, len, 1);
3953 ret = 1;
3954 break;
3955 case WLAN_FC_STYPE_DISASSOC:
3956 wpa_printf(MSG_DEBUG, "mgmt::disassoc");
3957 handle_disassoc(hapd, mgmt, len);
3958 ret = 1;
3959 break;
3960 case WLAN_FC_STYPE_DEAUTH:
3961 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "mgmt::deauth");
3962 handle_deauth(hapd, mgmt, len);
3963 ret = 1;
3964 break;
3965 case WLAN_FC_STYPE_ACTION:
3966 wpa_printf(MSG_DEBUG, "mgmt::action");
3967 ret = handle_action(hapd, mgmt, len, freq);
3968 break;
3969 default:
3970 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
3971 HOSTAPD_LEVEL_DEBUG,
3972 "unknown mgmt frame subtype %d", stype);
3973 break;
3974 }
3975
3976 return ret;
3977 }
3978
3979
3980 static void handle_auth_cb(struct hostapd_data *hapd,
3981 const struct ieee80211_mgmt *mgmt,
3982 size_t len, int ok)
3983 {
3984 u16 auth_alg, auth_transaction, status_code;
3985 struct sta_info *sta;
3986
3987 sta = ap_get_sta(hapd, mgmt->da);
3988 if (!sta) {
3989 wpa_printf(MSG_INFO, "handle_auth_cb: STA " MACSTR " not found",
3990 MAC2STR(mgmt->da));
3991 return;
3992 }
3993
3994 auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
3995 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction);
3996 status_code = le_to_host16(mgmt->u.auth.status_code);
3997
3998 if (!ok) {
3999 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211,
4000 HOSTAPD_LEVEL_NOTICE,
4001 "did not acknowledge authentication response");
4002 goto fail;
4003 }
4004
4005 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
4006 wpa_printf(MSG_INFO, "handle_auth_cb - too short payload (len=%lu)",
4007 (unsigned long) len);
4008 goto fail;
4009 }
4010
4011 if (status_code == WLAN_STATUS_SUCCESS &&
4012 ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 2) ||
4013 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 4))) {
4014 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
4015 HOSTAPD_LEVEL_INFO, "authenticated");
4016 sta->flags |= WLAN_STA_AUTH;
4017 if (sta->added_unassoc)
4018 hostapd_set_sta_flags(hapd, sta);
4019 return;
4020 }
4021
4022 fail:
4023 if (status_code != WLAN_STATUS_SUCCESS && sta->added_unassoc) {
4024 hostapd_drv_sta_remove(hapd, sta->addr);
4025 sta->added_unassoc = 0;
4026 }
4027 }
4028
4029
4030 static void hostapd_set_wds_encryption(struct hostapd_data *hapd,
4031 struct sta_info *sta,
4032 char *ifname_wds)
4033 {
4034 int i;
4035 struct hostapd_ssid *ssid = &hapd->conf->ssid;
4036
4037 if (hapd->conf->ieee802_1x || hapd->conf->wpa)
4038 return;
4039
4040 for (i = 0; i < 4; i++) {
4041 if (ssid->wep.key[i] &&
4042 hostapd_drv_set_key(ifname_wds, hapd, WPA_ALG_WEP, NULL, i,
4043 i == ssid->wep.idx, NULL, 0,
4044 ssid->wep.key[i], ssid->wep.len[i])) {
4045 wpa_printf(MSG_WARNING,
4046 "Could not set WEP keys for WDS interface; %s",
4047 ifname_wds);
4048 break;
4049 }
4050 }
4051 }
4052
4053
4054 static void handle_assoc_cb(struct hostapd_data *hapd,
4055 const struct ieee80211_mgmt *mgmt,
4056 size_t len, int reassoc, int ok)
4057 {
4058 u16 status;
4059 struct sta_info *sta;
4060 int new_assoc = 1;
4061
4062 sta = ap_get_sta(hapd, mgmt->da);
4063 if (!sta) {
4064 wpa_printf(MSG_INFO, "handle_assoc_cb: STA " MACSTR " not found",
4065 MAC2STR(mgmt->da));
4066 return;
4067 }
4068
4069 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_resp) :
4070 sizeof(mgmt->u.assoc_resp))) {
4071 wpa_printf(MSG_INFO,
4072 "handle_assoc_cb(reassoc=%d) - too short payload (len=%lu)",
4073 reassoc, (unsigned long) len);
4074 hostapd_drv_sta_remove(hapd, sta->addr);
4075 return;
4076 }
4077
4078 if (reassoc)
4079 status = le_to_host16(mgmt->u.reassoc_resp.status_code);
4080 else
4081 status = le_to_host16(mgmt->u.assoc_resp.status_code);
4082
4083 if (!ok) {
4084 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211,
4085 HOSTAPD_LEVEL_DEBUG,
4086 "did not acknowledge association response");
4087 sta->flags &= ~WLAN_STA_ASSOC_REQ_OK;
4088 /* The STA is added only in case of SUCCESS */
4089 if (status == WLAN_STATUS_SUCCESS)
4090 hostapd_drv_sta_remove(hapd, sta->addr);
4091
4092 return;
4093 }
4094
4095 if (status != WLAN_STATUS_SUCCESS)
4096 return;
4097
4098 /* Stop previous accounting session, if one is started, and allocate
4099 * new session id for the new session. */
4100 accounting_sta_stop(hapd, sta);
4101
4102 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
4103 HOSTAPD_LEVEL_INFO,
4104 "associated (aid %d)",
4105 sta->aid);
4106
4107 if (sta->flags & WLAN_STA_ASSOC)
4108 new_assoc = 0;
4109 sta->flags |= WLAN_STA_ASSOC;
4110 sta->flags &= ~WLAN_STA_WNM_SLEEP_MODE;
4111 if ((!hapd->conf->ieee802_1x && !hapd->conf->wpa &&
4112 !hapd->conf->osen) ||
4113 sta->auth_alg == WLAN_AUTH_FILS_SK ||
4114 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
4115 sta->auth_alg == WLAN_AUTH_FILS_PK ||
4116 sta->auth_alg == WLAN_AUTH_FT) {
4117 /*
4118 * Open, static WEP, FT protocol, or FILS; no separate
4119 * authorization step.
4120 */
4121 ap_sta_set_authorized(hapd, sta, 1);
4122 }
4123
4124 if (reassoc)
4125 mlme_reassociate_indication(hapd, sta);
4126 else
4127 mlme_associate_indication(hapd, sta);
4128
4129 #ifdef CONFIG_IEEE80211W
4130 sta->sa_query_timed_out = 0;
4131 #endif /* CONFIG_IEEE80211W */
4132
4133 if (sta->eapol_sm == NULL) {
4134 /*
4135 * This STA does not use RADIUS server for EAP authentication,
4136 * so bind it to the selected VLAN interface now, since the
4137 * interface selection is not going to change anymore.
4138 */
4139 if (ap_sta_bind_vlan(hapd, sta) < 0)
4140 return;
4141 } else if (sta->vlan_id) {
4142 /* VLAN ID already set (e.g., by PMKSA caching), so bind STA */
4143 if (ap_sta_bind_vlan(hapd, sta) < 0)
4144 return;
4145 }
4146
4147 hostapd_set_sta_flags(hapd, sta);
4148
4149 if (!(sta->flags & WLAN_STA_WDS) && sta->pending_wds_enable) {
4150 wpa_printf(MSG_DEBUG, "Enable 4-address WDS mode for STA "
4151 MACSTR " based on pending request",
4152 MAC2STR(sta->addr));
4153 sta->pending_wds_enable = 0;
4154 sta->flags |= WLAN_STA_WDS;
4155 }
4156
4157 if (sta->flags & WLAN_STA_WDS) {
4158 int ret;
4159 char ifname_wds[IFNAMSIZ + 1];
4160
4161 wpa_printf(MSG_DEBUG, "Reenable 4-address WDS mode for STA "
4162 MACSTR " (aid %u)",
4163 MAC2STR(sta->addr), sta->aid);
4164 ret = hostapd_set_wds_sta(hapd, ifname_wds, sta->addr,
4165 sta->aid, 1);
4166 if (!ret)
4167 hostapd_set_wds_encryption(hapd, sta, ifname_wds);
4168 }
4169
4170 if (sta->auth_alg == WLAN_AUTH_FT)
4171 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC_FT);
4172 else
4173 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC);
4174 hapd->new_assoc_sta_cb(hapd, sta, !new_assoc);
4175 ieee802_1x_notify_port_enabled(sta->eapol_sm, 1);
4176
4177 #ifdef CONFIG_FILS
4178 if ((sta->auth_alg == WLAN_AUTH_FILS_SK ||
4179 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
4180 sta->auth_alg == WLAN_AUTH_FILS_PK) &&
4181 fils_set_tk(sta->wpa_sm) < 0) {
4182 wpa_printf(MSG_DEBUG, "FILS: TK configuration failed");
4183 ap_sta_disconnect(hapd, sta, sta->addr,
4184 WLAN_REASON_UNSPECIFIED);
4185 return;
4186 }
4187 #endif /* CONFIG_FILS */
4188
4189 if (sta->pending_eapol_rx) {
4190 struct os_reltime now, age;
4191
4192 os_get_reltime(&now);
4193 os_reltime_sub(&now, &sta->pending_eapol_rx->rx_time, &age);
4194 if (age.sec == 0 && age.usec < 200000) {
4195 wpa_printf(MSG_DEBUG,
4196 "Process pending EAPOL frame that was received from " MACSTR " just before association notification",
4197 MAC2STR(sta->addr));
4198 ieee802_1x_receive(
4199 hapd, mgmt->da,
4200 wpabuf_head(sta->pending_eapol_rx->buf),
4201 wpabuf_len(sta->pending_eapol_rx->buf));
4202 }
4203 wpabuf_free(sta->pending_eapol_rx->buf);
4204 os_free(sta->pending_eapol_rx);
4205 sta->pending_eapol_rx = NULL;
4206 }
4207 }
4208
4209
4210 static void handle_deauth_cb(struct hostapd_data *hapd,
4211 const struct ieee80211_mgmt *mgmt,
4212 size_t len, int ok)
4213 {
4214 struct sta_info *sta;
4215 if (is_multicast_ether_addr(mgmt->da))
4216 return;
4217 sta = ap_get_sta(hapd, mgmt->da);
4218 if (!sta) {
4219 wpa_printf(MSG_DEBUG, "handle_deauth_cb: STA " MACSTR
4220 " not found", MAC2STR(mgmt->da));
4221 return;
4222 }
4223 if (ok)
4224 wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged deauth",
4225 MAC2STR(sta->addr));
4226 else
4227 wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge "
4228 "deauth", MAC2STR(sta->addr));
4229
4230 ap_sta_deauth_cb(hapd, sta);
4231 }
4232
4233
4234 static void handle_disassoc_cb(struct hostapd_data *hapd,
4235 const struct ieee80211_mgmt *mgmt,
4236 size_t len, int ok)
4237 {
4238 struct sta_info *sta;
4239 if (is_multicast_ether_addr(mgmt->da))
4240 return;
4241 sta = ap_get_sta(hapd, mgmt->da);
4242 if (!sta) {
4243 wpa_printf(MSG_DEBUG, "handle_disassoc_cb: STA " MACSTR
4244 " not found", MAC2STR(mgmt->da));
4245 return;
4246 }
4247 if (ok)
4248 wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged disassoc",
4249 MAC2STR(sta->addr));
4250 else
4251 wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge "
4252 "disassoc", MAC2STR(sta->addr));
4253
4254 ap_sta_disassoc_cb(hapd, sta);
4255 }
4256
4257
4258 static void handle_action_cb(struct hostapd_data *hapd,
4259 const struct ieee80211_mgmt *mgmt,
4260 size_t len, int ok)
4261 {
4262 struct sta_info *sta;
4263 const struct rrm_measurement_report_element *report;
4264
4265 if (is_multicast_ether_addr(mgmt->da))
4266 return;
4267 #ifdef CONFIG_DPP
4268 if (len >= IEEE80211_HDRLEN + 6 &&
4269 mgmt->u.action.category == WLAN_ACTION_PUBLIC &&
4270 mgmt->u.action.u.vs_public_action.action ==
4271 WLAN_PA_VENDOR_SPECIFIC &&
4272 WPA_GET_BE24(mgmt->u.action.u.vs_public_action.oui) ==
4273 OUI_WFA &&
4274 mgmt->u.action.u.vs_public_action.variable[0] ==
4275 DPP_OUI_TYPE) {
4276 const u8 *pos, *end;
4277
4278 pos = &mgmt->u.action.u.vs_public_action.variable[1];
4279 end = ((const u8 *) mgmt) + len;
4280 hostapd_dpp_tx_status(hapd, mgmt->da, pos, end - pos, ok);
4281 return;
4282 }
4283 if (len >= IEEE80211_HDRLEN + 2 &&
4284 mgmt->u.action.category == WLAN_ACTION_PUBLIC &&
4285 (mgmt->u.action.u.public_action.action ==
4286 WLAN_PA_GAS_INITIAL_REQ ||
4287 mgmt->u.action.u.public_action.action ==
4288 WLAN_PA_GAS_COMEBACK_REQ)) {
4289 const u8 *pos, *end;
4290
4291 pos = mgmt->u.action.u.public_action.variable;
4292 end = ((const u8 *) mgmt) + len;
4293 gas_query_ap_tx_status(hapd->gas, mgmt->da, pos, end - pos, ok);
4294 return;
4295 }
4296 #endif /* CONFIG_DPP */
4297 sta = ap_get_sta(hapd, mgmt->da);
4298 if (!sta) {
4299 wpa_printf(MSG_DEBUG, "handle_action_cb: STA " MACSTR
4300 " not found", MAC2STR(mgmt->da));
4301 return;
4302 }
4303
4304 if (len < 24 + 5 + sizeof(*report))
4305 return;
4306 report = (const struct rrm_measurement_report_element *)
4307 &mgmt->u.action.u.rrm.variable[2];
4308 if (mgmt->u.action.category == WLAN_ACTION_RADIO_MEASUREMENT &&
4309 mgmt->u.action.u.rrm.action == WLAN_RRM_RADIO_MEASUREMENT_REQUEST &&
4310 report->eid == WLAN_EID_MEASURE_REQUEST &&
4311 report->len >= 3 &&
4312 report->type == MEASURE_TYPE_BEACON)
4313 hostapd_rrm_beacon_req_tx_status(hapd, mgmt, len, ok);
4314 }
4315
4316
4317 /**
4318 * ieee802_11_mgmt_cb - Process management frame TX status callback
4319 * @hapd: hostapd BSS data structure (the BSS from which the management frame
4320 * was sent from)
4321 * @buf: management frame data (starting from IEEE 802.11 header)
4322 * @len: length of frame data in octets
4323 * @stype: management frame subtype from frame control field
4324 * @ok: Whether the frame was ACK'ed
4325 */
4326 void ieee802_11_mgmt_cb(struct hostapd_data *hapd, const u8 *buf, size_t len,
4327 u16 stype, int ok)
4328 {
4329 const struct ieee80211_mgmt *mgmt;
4330 mgmt = (const struct ieee80211_mgmt *) buf;
4331
4332 #ifdef CONFIG_TESTING_OPTIONS
4333 if (hapd->ext_mgmt_frame_handling) {
4334 size_t hex_len = 2 * len + 1;
4335 char *hex = os_malloc(hex_len);
4336
4337 if (hex) {
4338 wpa_snprintf_hex(hex, hex_len, buf, len);
4339 wpa_msg(hapd->msg_ctx, MSG_INFO,
4340 "MGMT-TX-STATUS stype=%u ok=%d buf=%s",
4341 stype, ok, hex);
4342 os_free(hex);
4343 }
4344 return;
4345 }
4346 #endif /* CONFIG_TESTING_OPTIONS */
4347
4348 switch (stype) {
4349 case WLAN_FC_STYPE_AUTH:
4350 wpa_printf(MSG_DEBUG, "mgmt::auth cb");
4351 handle_auth_cb(hapd, mgmt, len, ok);
4352 break;
4353 case WLAN_FC_STYPE_ASSOC_RESP:
4354 wpa_printf(MSG_DEBUG, "mgmt::assoc_resp cb");
4355 handle_assoc_cb(hapd, mgmt, len, 0, ok);
4356 break;
4357 case WLAN_FC_STYPE_REASSOC_RESP:
4358 wpa_printf(MSG_DEBUG, "mgmt::reassoc_resp cb");
4359 handle_assoc_cb(hapd, mgmt, len, 1, ok);
4360 break;
4361 case WLAN_FC_STYPE_PROBE_RESP:
4362 wpa_printf(MSG_EXCESSIVE, "mgmt::proberesp cb ok=%d", ok);
4363 break;
4364 case WLAN_FC_STYPE_DEAUTH:
4365 wpa_printf(MSG_DEBUG, "mgmt::deauth cb");
4366 handle_deauth_cb(hapd, mgmt, len, ok);
4367 break;
4368 case WLAN_FC_STYPE_DISASSOC:
4369 wpa_printf(MSG_DEBUG, "mgmt::disassoc cb");
4370 handle_disassoc_cb(hapd, mgmt, len, ok);
4371 break;
4372 case WLAN_FC_STYPE_ACTION:
4373 wpa_printf(MSG_DEBUG, "mgmt::action cb ok=%d", ok);
4374 handle_action_cb(hapd, mgmt, len, ok);
4375 break;
4376 default:
4377 wpa_printf(MSG_INFO, "unknown mgmt cb frame subtype %d", stype);
4378 break;
4379 }
4380 }
4381
4382
4383 int ieee802_11_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen)
4384 {
4385 /* TODO */
4386 return 0;
4387 }
4388
4389
4390 int ieee802_11_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta,
4391 char *buf, size_t buflen)
4392 {
4393 /* TODO */
4394 return 0;
4395 }
4396
4397
4398 void hostapd_tx_status(struct hostapd_data *hapd, const u8 *addr,
4399 const u8 *buf, size_t len, int ack)
4400 {
4401 struct sta_info *sta;
4402 struct hostapd_iface *iface = hapd->iface;
4403
4404 sta = ap_get_sta(hapd, addr);
4405 if (sta == NULL && iface->num_bss > 1) {
4406 size_t j;
4407 for (j = 0; j < iface->num_bss; j++) {
4408 hapd = iface->bss[j];
4409 sta = ap_get_sta(hapd, addr);
4410 if (sta)
4411 break;
4412 }
4413 }
4414 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC))
4415 return;
4416 if (sta->flags & WLAN_STA_PENDING_POLL) {
4417 wpa_printf(MSG_DEBUG, "STA " MACSTR " %s pending "
4418 "activity poll", MAC2STR(sta->addr),
4419 ack ? "ACKed" : "did not ACK");
4420 if (ack)
4421 sta->flags &= ~WLAN_STA_PENDING_POLL;
4422 }
4423
4424 ieee802_1x_tx_status(hapd, sta, buf, len, ack);
4425 }
4426
4427
4428 void hostapd_eapol_tx_status(struct hostapd_data *hapd, const u8 *dst,
4429 const u8 *data, size_t len, int ack)
4430 {
4431 struct sta_info *sta;
4432 struct hostapd_iface *iface = hapd->iface;
4433
4434 sta = ap_get_sta(hapd, dst);
4435 if (sta == NULL && iface->num_bss > 1) {
4436 size_t j;
4437 for (j = 0; j < iface->num_bss; j++) {
4438 hapd = iface->bss[j];
4439 sta = ap_get_sta(hapd, dst);
4440 if (sta)
4441 break;
4442 }
4443 }
4444 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) {
4445 wpa_printf(MSG_DEBUG, "Ignore TX status for Data frame to STA "
4446 MACSTR " that is not currently associated",
4447 MAC2STR(dst));
4448 return;
4449 }
4450
4451 ieee802_1x_eapol_tx_status(hapd, sta, data, len, ack);
4452 }
4453
4454
4455 void hostapd_client_poll_ok(struct hostapd_data *hapd, const u8 *addr)
4456 {
4457 struct sta_info *sta;
4458 struct hostapd_iface *iface = hapd->iface;
4459
4460 sta = ap_get_sta(hapd, addr);
4461 if (sta == NULL && iface->num_bss > 1) {
4462 size_t j;
4463 for (j = 0; j < iface->num_bss; j++) {
4464 hapd = iface->bss[j];
4465 sta = ap_get_sta(hapd, addr);
4466 if (sta)
4467 break;
4468 }
4469 }
4470 if (sta == NULL)
4471 return;
4472 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POLL_OK MACSTR,
4473 MAC2STR(sta->addr));
4474 if (!(sta->flags & WLAN_STA_PENDING_POLL))
4475 return;
4476
4477 wpa_printf(MSG_DEBUG, "STA " MACSTR " ACKed pending "
4478 "activity poll", MAC2STR(sta->addr));
4479 sta->flags &= ~WLAN_STA_PENDING_POLL;
4480 }
4481
4482
4483 void ieee802_11_rx_from_unknown(struct hostapd_data *hapd, const u8 *src,
4484 int wds)
4485 {
4486 struct sta_info *sta;
4487
4488 sta = ap_get_sta(hapd, src);
4489 if (sta &&
4490 ((sta->flags & WLAN_STA_ASSOC) ||
4491 ((sta->flags & WLAN_STA_ASSOC_REQ_OK) && wds))) {
4492 if (!hapd->conf->wds_sta)
4493 return;
4494
4495 if ((sta->flags & (WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK)) ==
4496 WLAN_STA_ASSOC_REQ_OK) {
4497 wpa_printf(MSG_DEBUG,
4498 "Postpone 4-address WDS mode enabling for STA "
4499 MACSTR " since TX status for AssocResp is not yet known",
4500 MAC2STR(sta->addr));
4501 sta->pending_wds_enable = 1;
4502 return;
4503 }
4504
4505 if (wds && !(sta->flags & WLAN_STA_WDS)) {
4506 int ret;
4507 char ifname_wds[IFNAMSIZ + 1];
4508
4509 wpa_printf(MSG_DEBUG, "Enable 4-address WDS mode for "
4510 "STA " MACSTR " (aid %u)",
4511 MAC2STR(sta->addr), sta->aid);
4512 sta->flags |= WLAN_STA_WDS;
4513 ret = hostapd_set_wds_sta(hapd, ifname_wds,
4514 sta->addr, sta->aid, 1);
4515 if (!ret)
4516 hostapd_set_wds_encryption(hapd, sta,
4517 ifname_wds);
4518 }
4519 return;
4520 }
4521
4522 wpa_printf(MSG_DEBUG, "Data/PS-poll frame from not associated STA "
4523 MACSTR, MAC2STR(src));
4524 if (is_multicast_ether_addr(src)) {
4525 /* Broadcast bit set in SA?! Ignore the frame silently. */
4526 return;
4527 }
4528
4529 if (sta && (sta->flags & WLAN_STA_ASSOC_REQ_OK)) {
4530 wpa_printf(MSG_DEBUG, "Association Response to the STA has "
4531 "already been sent, but no TX status yet known - "
4532 "ignore Class 3 frame issue with " MACSTR,
4533 MAC2STR(src));
4534 return;
4535 }
4536
4537 if (sta && (sta->flags & WLAN_STA_AUTH))
4538 hostapd_drv_sta_disassoc(
4539 hapd, src,
4540 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
4541 else
4542 hostapd_drv_sta_deauth(
4543 hapd, src,
4544 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
4545 }
4546
4547
4548 #endif /* CONFIG_NATIVE_WINDOWS */
Unnamed repository; edit this file 'description' to name the repository.