]> git.ipfire.org Git - thirdparty/hostap.git/blob - src/ap/wpa_auth_glue.c
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
FT: Replace inter-AP protocol with use of OUI Extended Ethertype
[thirdparty/hostap.git] / src / ap / wpa_auth_glue.c
1 /*
2 * hostapd / WPA authenticator glue code
3 * Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #include "utils/common.h"
12 #include "utils/eloop.h"
13 #include "utils/list.h"
14 #include "common/ieee802_11_defs.h"
15 #include "common/sae.h"
16 #include "common/wpa_ctrl.h"
17 #include "crypto/sha1.h"
18 #include "eapol_auth/eapol_auth_sm.h"
19 #include "eapol_auth/eapol_auth_sm_i.h"
20 #include "eap_server/eap.h"
21 #include "l2_packet/l2_packet.h"
22 #include "eth_p_oui.h"
23 #include "hostapd.h"
24 #include "ieee802_1x.h"
25 #include "preauth_auth.h"
26 #include "sta_info.h"
27 #include "tkip_countermeasures.h"
28 #include "ap_drv_ops.h"
29 #include "ap_config.h"
30 #include "wpa_auth.h"
31 #include "wpa_auth_glue.h"
32
33
34 static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf,
35 struct hostapd_config *iconf,
36 struct wpa_auth_config *wconf)
37 {
38 os_memset(wconf, 0, sizeof(*wconf));
39 wconf->wpa = conf->wpa;
40 wconf->wpa_key_mgmt = conf->wpa_key_mgmt;
41 wconf->wpa_pairwise = conf->wpa_pairwise;
42 wconf->wpa_group = conf->wpa_group;
43 wconf->wpa_group_rekey = conf->wpa_group_rekey;
44 wconf->wpa_strict_rekey = conf->wpa_strict_rekey;
45 wconf->wpa_gmk_rekey = conf->wpa_gmk_rekey;
46 wconf->wpa_ptk_rekey = conf->wpa_ptk_rekey;
47 wconf->wpa_group_update_count = conf->wpa_group_update_count;
48 wconf->wpa_pairwise_update_count = conf->wpa_pairwise_update_count;
49 wconf->rsn_pairwise = conf->rsn_pairwise;
50 wconf->rsn_preauth = conf->rsn_preauth;
51 wconf->eapol_version = conf->eapol_version;
52 wconf->peerkey = conf->peerkey;
53 wconf->wmm_enabled = conf->wmm_enabled;
54 wconf->wmm_uapsd = conf->wmm_uapsd;
55 wconf->disable_pmksa_caching = conf->disable_pmksa_caching;
56 wconf->okc = conf->okc;
57 #ifdef CONFIG_IEEE80211W
58 wconf->ieee80211w = conf->ieee80211w;
59 wconf->group_mgmt_cipher = conf->group_mgmt_cipher;
60 #endif /* CONFIG_IEEE80211W */
61 #ifdef CONFIG_IEEE80211R_AP
62 wconf->ssid_len = conf->ssid.ssid_len;
63 if (wconf->ssid_len > SSID_MAX_LEN)
64 wconf->ssid_len = SSID_MAX_LEN;
65 os_memcpy(wconf->ssid, conf->ssid.ssid, wconf->ssid_len);
66 os_memcpy(wconf->mobility_domain, conf->mobility_domain,
67 MOBILITY_DOMAIN_ID_LEN);
68 if (conf->nas_identifier &&
69 os_strlen(conf->nas_identifier) <= FT_R0KH_ID_MAX_LEN) {
70 wconf->r0_key_holder_len = os_strlen(conf->nas_identifier);
71 os_memcpy(wconf->r0_key_holder, conf->nas_identifier,
72 wconf->r0_key_holder_len);
73 }
74 os_memcpy(wconf->r1_key_holder, conf->r1_key_holder, FT_R1KH_ID_LEN);
75 wconf->r0_key_lifetime = conf->r0_key_lifetime;
76 wconf->reassociation_deadline = conf->reassociation_deadline;
77 wconf->r0kh_list = conf->r0kh_list;
78 wconf->r1kh_list = conf->r1kh_list;
79 wconf->pmk_r1_push = conf->pmk_r1_push;
80 wconf->ft_over_ds = conf->ft_over_ds;
81 wconf->ft_psk_generate_local = conf->ft_psk_generate_local;
82 #endif /* CONFIG_IEEE80211R_AP */
83 #ifdef CONFIG_HS20
84 wconf->disable_gtk = conf->disable_dgaf;
85 if (conf->osen) {
86 wconf->disable_gtk = 1;
87 wconf->wpa = WPA_PROTO_OSEN;
88 wconf->wpa_key_mgmt = WPA_KEY_MGMT_OSEN;
89 wconf->wpa_pairwise = 0;
90 wconf->wpa_group = WPA_CIPHER_CCMP;
91 wconf->rsn_pairwise = WPA_CIPHER_CCMP;
92 wconf->rsn_preauth = 0;
93 wconf->disable_pmksa_caching = 1;
94 #ifdef CONFIG_IEEE80211W
95 wconf->ieee80211w = 1;
96 #endif /* CONFIG_IEEE80211W */
97 }
98 #endif /* CONFIG_HS20 */
99 #ifdef CONFIG_TESTING_OPTIONS
100 wconf->corrupt_gtk_rekey_mic_probability =
101 iconf->corrupt_gtk_rekey_mic_probability;
102 if (conf->own_ie_override &&
103 wpabuf_len(conf->own_ie_override) <= MAX_OWN_IE_OVERRIDE) {
104 wconf->own_ie_override_len = wpabuf_len(conf->own_ie_override);
105 os_memcpy(wconf->own_ie_override,
106 wpabuf_head(conf->own_ie_override),
107 wconf->own_ie_override_len);
108 }
109 #endif /* CONFIG_TESTING_OPTIONS */
110 #ifdef CONFIG_P2P
111 os_memcpy(wconf->ip_addr_go, conf->ip_addr_go, 4);
112 os_memcpy(wconf->ip_addr_mask, conf->ip_addr_mask, 4);
113 os_memcpy(wconf->ip_addr_start, conf->ip_addr_start, 4);
114 os_memcpy(wconf->ip_addr_end, conf->ip_addr_end, 4);
115 #endif /* CONFIG_P2P */
116 #ifdef CONFIG_FILS
117 wconf->fils_cache_id_set = conf->fils_cache_id_set;
118 os_memcpy(wconf->fils_cache_id, conf->fils_cache_id,
119 FILS_CACHE_ID_LEN);
120 #endif /* CONFIG_FILS */
121 }
122
123
124 static void hostapd_wpa_auth_logger(void *ctx, const u8 *addr,
125 logger_level level, const char *txt)
126 {
127 #ifndef CONFIG_NO_HOSTAPD_LOGGER
128 struct hostapd_data *hapd = ctx;
129 int hlevel;
130
131 switch (level) {
132 case LOGGER_WARNING:
133 hlevel = HOSTAPD_LEVEL_WARNING;
134 break;
135 case LOGGER_INFO:
136 hlevel = HOSTAPD_LEVEL_INFO;
137 break;
138 case LOGGER_DEBUG:
139 default:
140 hlevel = HOSTAPD_LEVEL_DEBUG;
141 break;
142 }
143
144 hostapd_logger(hapd, addr, HOSTAPD_MODULE_WPA, hlevel, "%s", txt);
145 #endif /* CONFIG_NO_HOSTAPD_LOGGER */
146 }
147
148
149 static void hostapd_wpa_auth_disconnect(void *ctx, const u8 *addr,
150 u16 reason)
151 {
152 struct hostapd_data *hapd = ctx;
153 wpa_printf(MSG_DEBUG, "%s: WPA authenticator requests disconnect: "
154 "STA " MACSTR " reason %d",
155 __func__, MAC2STR(addr), reason);
156 ap_sta_disconnect(hapd, NULL, addr, reason);
157 }
158
159
160 static int hostapd_wpa_auth_mic_failure_report(void *ctx, const u8 *addr)
161 {
162 struct hostapd_data *hapd = ctx;
163 return michael_mic_failure(hapd, addr, 0);
164 }
165
166
167 static void hostapd_wpa_auth_psk_failure_report(void *ctx, const u8 *addr)
168 {
169 struct hostapd_data *hapd = ctx;
170 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POSSIBLE_PSK_MISMATCH MACSTR,
171 MAC2STR(addr));
172 }
173
174
175 static void hostapd_wpa_auth_set_eapol(void *ctx, const u8 *addr,
176 wpa_eapol_variable var, int value)
177 {
178 struct hostapd_data *hapd = ctx;
179 struct sta_info *sta = ap_get_sta(hapd, addr);
180 if (sta == NULL)
181 return;
182 switch (var) {
183 case WPA_EAPOL_portEnabled:
184 ieee802_1x_notify_port_enabled(sta->eapol_sm, value);
185 break;
186 case WPA_EAPOL_portValid:
187 ieee802_1x_notify_port_valid(sta->eapol_sm, value);
188 break;
189 case WPA_EAPOL_authorized:
190 ieee802_1x_set_sta_authorized(hapd, sta, value);
191 break;
192 case WPA_EAPOL_portControl_Auto:
193 if (sta->eapol_sm)
194 sta->eapol_sm->portControl = Auto;
195 break;
196 case WPA_EAPOL_keyRun:
197 if (sta->eapol_sm)
198 sta->eapol_sm->keyRun = value ? TRUE : FALSE;
199 break;
200 case WPA_EAPOL_keyAvailable:
201 if (sta->eapol_sm)
202 sta->eapol_sm->eap_if->eapKeyAvailable =
203 value ? TRUE : FALSE;
204 break;
205 case WPA_EAPOL_keyDone:
206 if (sta->eapol_sm)
207 sta->eapol_sm->keyDone = value ? TRUE : FALSE;
208 break;
209 case WPA_EAPOL_inc_EapolFramesTx:
210 if (sta->eapol_sm)
211 sta->eapol_sm->dot1xAuthEapolFramesTx++;
212 break;
213 }
214 }
215
216
217 static int hostapd_wpa_auth_get_eapol(void *ctx, const u8 *addr,
218 wpa_eapol_variable var)
219 {
220 struct hostapd_data *hapd = ctx;
221 struct sta_info *sta = ap_get_sta(hapd, addr);
222 if (sta == NULL || sta->eapol_sm == NULL)
223 return -1;
224 switch (var) {
225 case WPA_EAPOL_keyRun:
226 return sta->eapol_sm->keyRun;
227 case WPA_EAPOL_keyAvailable:
228 return sta->eapol_sm->eap_if->eapKeyAvailable;
229 default:
230 return -1;
231 }
232 }
233
234
235 static const u8 * hostapd_wpa_auth_get_psk(void *ctx, const u8 *addr,
236 const u8 *p2p_dev_addr,
237 const u8 *prev_psk)
238 {
239 struct hostapd_data *hapd = ctx;
240 struct sta_info *sta = ap_get_sta(hapd, addr);
241 const u8 *psk;
242
243 #ifdef CONFIG_SAE
244 if (sta && sta->auth_alg == WLAN_AUTH_SAE) {
245 if (!sta->sae || prev_psk)
246 return NULL;
247 return sta->sae->pmk;
248 }
249 #endif /* CONFIG_SAE */
250
251 #ifdef CONFIG_OWE
252 if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) &&
253 sta && sta->owe_pmk)
254 return sta->owe_pmk;
255 #endif /* CONFIG_OWE */
256
257 psk = hostapd_get_psk(hapd->conf, addr, p2p_dev_addr, prev_psk);
258 /*
259 * This is about to iterate over all psks, prev_psk gives the last
260 * returned psk which should not be returned again.
261 * logic list (all hostapd_get_psk; all sta->psk)
262 */
263 if (sta && sta->psk && !psk) {
264 struct hostapd_sta_wpa_psk_short *pos;
265 psk = sta->psk->psk;
266 for (pos = sta->psk; pos; pos = pos->next) {
267 if (pos->is_passphrase) {
268 pbkdf2_sha1(pos->passphrase,
269 hapd->conf->ssid.ssid,
270 hapd->conf->ssid.ssid_len, 4096,
271 pos->psk, PMK_LEN);
272 pos->is_passphrase = 0;
273 }
274 if (pos->psk == prev_psk) {
275 psk = pos->next ? pos->next->psk : NULL;
276 break;
277 }
278 }
279 }
280 return psk;
281 }
282
283
284 static int hostapd_wpa_auth_get_msk(void *ctx, const u8 *addr, u8 *msk,
285 size_t *len)
286 {
287 struct hostapd_data *hapd = ctx;
288 const u8 *key;
289 size_t keylen;
290 struct sta_info *sta;
291
292 sta = ap_get_sta(hapd, addr);
293 if (sta == NULL) {
294 wpa_printf(MSG_DEBUG, "AUTH_GET_MSK: Cannot find STA");
295 return -1;
296 }
297
298 key = ieee802_1x_get_key(sta->eapol_sm, &keylen);
299 if (key == NULL) {
300 wpa_printf(MSG_DEBUG, "AUTH_GET_MSK: Key is null, eapol_sm: %p",
301 sta->eapol_sm);
302 return -1;
303 }
304
305 if (keylen > *len)
306 keylen = *len;
307 os_memcpy(msk, key, keylen);
308 *len = keylen;
309
310 return 0;
311 }
312
313
314 static int hostapd_wpa_auth_set_key(void *ctx, int vlan_id, enum wpa_alg alg,
315 const u8 *addr, int idx, u8 *key,
316 size_t key_len)
317 {
318 struct hostapd_data *hapd = ctx;
319 const char *ifname = hapd->conf->iface;
320
321 if (vlan_id > 0) {
322 ifname = hostapd_get_vlan_id_ifname(hapd->conf->vlan, vlan_id);
323 if (ifname == NULL)
324 return -1;
325 }
326
327 return hostapd_drv_set_key(ifname, hapd, alg, addr, idx, 1, NULL, 0,
328 key, key_len);
329 }
330
331
332 static int hostapd_wpa_auth_get_seqnum(void *ctx, const u8 *addr, int idx,
333 u8 *seq)
334 {
335 struct hostapd_data *hapd = ctx;
336 return hostapd_get_seqnum(hapd->conf->iface, hapd, addr, idx, seq);
337 }
338
339
340 static int hostapd_wpa_auth_send_eapol(void *ctx, const u8 *addr,
341 const u8 *data, size_t data_len,
342 int encrypt)
343 {
344 struct hostapd_data *hapd = ctx;
345 struct sta_info *sta;
346 u32 flags = 0;
347
348 #ifdef CONFIG_TESTING_OPTIONS
349 if (hapd->ext_eapol_frame_io) {
350 size_t hex_len = 2 * data_len + 1;
351 char *hex = os_malloc(hex_len);
352
353 if (hex == NULL)
354 return -1;
355 wpa_snprintf_hex(hex, hex_len, data, data_len);
356 wpa_msg(hapd->msg_ctx, MSG_INFO, "EAPOL-TX " MACSTR " %s",
357 MAC2STR(addr), hex);
358 os_free(hex);
359 return 0;
360 }
361 #endif /* CONFIG_TESTING_OPTIONS */
362
363 sta = ap_get_sta(hapd, addr);
364 if (sta)
365 flags = hostapd_sta_flags_to_drv(sta->flags);
366
367 return hostapd_drv_hapd_send_eapol(hapd, addr, data, data_len,
368 encrypt, flags);
369 }
370
371
372 static int hostapd_wpa_auth_for_each_sta(
373 void *ctx, int (*cb)(struct wpa_state_machine *sm, void *ctx),
374 void *cb_ctx)
375 {
376 struct hostapd_data *hapd = ctx;
377 struct sta_info *sta;
378
379 for (sta = hapd->sta_list; sta; sta = sta->next) {
380 if (sta->wpa_sm && cb(sta->wpa_sm, cb_ctx))
381 return 1;
382 }
383 return 0;
384 }
385
386
387 struct wpa_auth_iface_iter_data {
388 int (*cb)(struct wpa_authenticator *sm, void *ctx);
389 void *cb_ctx;
390 };
391
392 static int wpa_auth_iface_iter(struct hostapd_iface *iface, void *ctx)
393 {
394 struct wpa_auth_iface_iter_data *data = ctx;
395 size_t i;
396 for (i = 0; i < iface->num_bss; i++) {
397 if (iface->bss[i]->wpa_auth &&
398 data->cb(iface->bss[i]->wpa_auth, data->cb_ctx))
399 return 1;
400 }
401 return 0;
402 }
403
404
405 static int hostapd_wpa_auth_for_each_auth(
406 void *ctx, int (*cb)(struct wpa_authenticator *sm, void *ctx),
407 void *cb_ctx)
408 {
409 struct hostapd_data *hapd = ctx;
410 struct wpa_auth_iface_iter_data data;
411 if (hapd->iface->interfaces == NULL ||
412 hapd->iface->interfaces->for_each_interface == NULL)
413 return -1;
414 data.cb = cb;
415 data.cb_ctx = cb_ctx;
416 return hapd->iface->interfaces->for_each_interface(
417 hapd->iface->interfaces, wpa_auth_iface_iter, &data);
418 }
419
420
421 #ifdef CONFIG_IEEE80211R_AP
422
423 struct wpa_ft_rrb_rx_later_data {
424 struct dl_list list;
425 u8 addr[ETH_ALEN];
426 size_t data_len;
427 /* followed by data_len octets of data */
428 };
429
430 static void hostapd_wpa_ft_rrb_rx_later(void *eloop_ctx, void *timeout_ctx)
431 {
432 struct hostapd_data *hapd = eloop_ctx;
433 struct wpa_ft_rrb_rx_later_data *data, *n;
434
435 dl_list_for_each_safe(data, n, &hapd->l2_queue,
436 struct wpa_ft_rrb_rx_later_data, list) {
437 if (hapd->wpa_auth) {
438 wpa_ft_rrb_rx(hapd->wpa_auth, data->addr,
439 (const u8 *) (data + 1),
440 data->data_len);
441 }
442 dl_list_del(&data->list);
443 os_free(data);
444 }
445 }
446
447
448 struct wpa_auth_ft_iface_iter_data {
449 struct hostapd_data *src_hapd;
450 const u8 *dst;
451 const u8 *data;
452 size_t data_len;
453 };
454
455
456 static int hostapd_wpa_auth_ft_iter(struct hostapd_iface *iface, void *ctx)
457 {
458 struct wpa_auth_ft_iface_iter_data *idata = ctx;
459 struct wpa_ft_rrb_rx_later_data *data;
460 struct hostapd_data *hapd;
461 size_t j;
462
463 for (j = 0; j < iface->num_bss; j++) {
464 hapd = iface->bss[j];
465 if (hapd == idata->src_hapd ||
466 !hapd->wpa_auth ||
467 os_memcmp(hapd->own_addr, idata->dst, ETH_ALEN) != 0)
468 continue;
469
470 wpa_printf(MSG_DEBUG,
471 "FT: Send RRB data directly to locally managed BSS "
472 MACSTR "@%s -> " MACSTR "@%s",
473 MAC2STR(idata->src_hapd->own_addr),
474 idata->src_hapd->conf->iface,
475 MAC2STR(hapd->own_addr), hapd->conf->iface);
476
477 /* Defer wpa_ft_rrb_rx() until next eloop step as this is
478 * when it would be triggered when reading from a socket.
479 * This avoids
480 * hapd0:send -> hapd1:recv -> hapd1:send -> hapd0:recv,
481 * that is calling hapd0:recv handler from within
482 * hapd0:send directly.
483 */
484 data = os_zalloc(sizeof(*data) + idata->data_len);
485 if (!data)
486 return 1;
487
488 os_memcpy(data->addr, idata->src_hapd->own_addr, ETH_ALEN);
489 os_memcpy(data + 1, idata->data, idata->data_len);
490 data->data_len = idata->data_len;
491
492 dl_list_add(&hapd->l2_queue, &data->list);
493
494 if (!eloop_is_timeout_registered(hostapd_wpa_ft_rrb_rx_later,
495 hapd, NULL))
496 eloop_register_timeout(0, 0,
497 hostapd_wpa_ft_rrb_rx_later,
498 hapd, NULL);
499
500 return 1;
501 }
502
503 return 0;
504 }
505
506 #endif /* CONFIG_IEEE80211R_AP */
507
508
509 static int hostapd_wpa_auth_send_ether(void *ctx, const u8 *dst, u16 proto,
510 const u8 *data, size_t data_len)
511 {
512 struct hostapd_data *hapd = ctx;
513 struct l2_ethhdr *buf;
514 int ret;
515
516 #ifdef CONFIG_TESTING_OPTIONS
517 if (hapd->ext_eapol_frame_io && proto == ETH_P_EAPOL) {
518 size_t hex_len = 2 * data_len + 1;
519 char *hex = os_malloc(hex_len);
520
521 if (hex == NULL)
522 return -1;
523 wpa_snprintf_hex(hex, hex_len, data, data_len);
524 wpa_msg(hapd->msg_ctx, MSG_INFO, "EAPOL-TX " MACSTR " %s",
525 MAC2STR(dst), hex);
526 os_free(hex);
527 return 0;
528 }
529 #endif /* CONFIG_TESTING_OPTIONS */
530
531 #ifdef CONFIG_IEEE80211R_AP
532 if (proto == ETH_P_RRB && hapd->iface->interfaces &&
533 hapd->iface->interfaces->for_each_interface) {
534 int res;
535 struct wpa_auth_ft_iface_iter_data idata;
536 idata.src_hapd = hapd;
537 idata.dst = dst;
538 idata.data = data;
539 idata.data_len = data_len;
540 res = hapd->iface->interfaces->for_each_interface(
541 hapd->iface->interfaces, hostapd_wpa_auth_ft_iter,
542 &idata);
543 if (res == 1)
544 return data_len;
545 }
546 #endif /* CONFIG_IEEE80211R_AP */
547
548 if (hapd->driver && hapd->driver->send_ether)
549 return hapd->driver->send_ether(hapd->drv_priv, dst,
550 hapd->own_addr, proto,
551 data, data_len);
552 if (hapd->l2 == NULL)
553 return -1;
554
555 buf = os_malloc(sizeof(*buf) + data_len);
556 if (buf == NULL)
557 return -1;
558 os_memcpy(buf->h_dest, dst, ETH_ALEN);
559 os_memcpy(buf->h_source, hapd->own_addr, ETH_ALEN);
560 buf->h_proto = host_to_be16(proto);
561 os_memcpy(buf + 1, data, data_len);
562 ret = l2_packet_send(hapd->l2, dst, proto, (u8 *) buf,
563 sizeof(*buf) + data_len);
564 os_free(buf);
565 return ret;
566 }
567
568
569 #ifdef CONFIG_ETH_P_OUI
570 static struct eth_p_oui_ctx * hostapd_wpa_get_oui(struct hostapd_data *hapd,
571 u8 oui_suffix)
572 {
573 switch (oui_suffix) {
574 #ifdef CONFIG_IEEE80211R_AP
575 case FT_PACKET_R0KH_R1KH_PULL:
576 return hapd->oui_pull;
577 case FT_PACKET_R0KH_R1KH_RESP:
578 return hapd->oui_resp;
579 case FT_PACKET_R0KH_R1KH_PUSH:
580 return hapd->oui_push;
581 #endif /* CONFIG_IEEE80211R_AP */
582 default:
583 return NULL;
584 }
585 }
586 #endif /* CONFIG_ETH_P_OUI */
587
588
589 #ifdef CONFIG_IEEE80211R_AP
590
591 struct oui_deliver_later_data {
592 struct dl_list list;
593 u8 src_addr[ETH_ALEN];
594 u8 dst_addr[ETH_ALEN];
595 size_t data_len;
596 u8 oui_suffix;
597 /* followed by data_len octets of data */
598 };
599
600 static void hostapd_oui_deliver_later(void *eloop_ctx, void *timeout_ctx)
601 {
602 struct hostapd_data *hapd = eloop_ctx;
603 struct oui_deliver_later_data *data, *n;
604 struct eth_p_oui_ctx *oui_ctx;
605
606 dl_list_for_each_safe(data, n, &hapd->l2_oui_queue,
607 struct oui_deliver_later_data, list) {
608 oui_ctx = hostapd_wpa_get_oui(hapd, data->oui_suffix);
609 if (hapd->wpa_auth && oui_ctx) {
610 eth_p_oui_deliver(oui_ctx, data->src_addr,
611 data->dst_addr,
612 (const u8 *) (data + 1),
613 data->data_len);
614 }
615 dl_list_del(&data->list);
616 os_free(data);
617 }
618 }
619
620
621 struct wpa_auth_oui_iface_iter_data {
622 struct hostapd_data *src_hapd;
623 const u8 *dst_addr;
624 const u8 *data;
625 size_t data_len;
626 u8 oui_suffix;
627 };
628
629 static int hostapd_wpa_auth_oui_iter(struct hostapd_iface *iface, void *ctx)
630 {
631 struct wpa_auth_oui_iface_iter_data *idata = ctx;
632 struct oui_deliver_later_data *data;
633 struct hostapd_data *hapd;
634 size_t j;
635
636 for (j = 0; j < iface->num_bss; j++) {
637 hapd = iface->bss[j];
638 if (hapd == idata->src_hapd)
639 continue;
640 if (!is_multicast_ether_addr(idata->dst_addr) &&
641 os_memcmp(hapd->own_addr, idata->dst_addr, ETH_ALEN) != 0)
642 continue;
643
644 /* defer eth_p_oui_deliver until next eloop step as this is
645 * when it would be triggerd from reading from sock
646 * This avoids
647 * hapd0:send -> hapd1:recv -> hapd1:send -> hapd0:recv,
648 * that is calling hapd0:recv handler from within
649 * hapd0:send directly.
650 */
651 data = os_zalloc(sizeof(*data) + idata->data_len);
652 if (!data)
653 return 1;
654
655 os_memcpy(data->src_addr, idata->src_hapd->own_addr, ETH_ALEN);
656 os_memcpy(data->dst_addr, idata->dst_addr, ETH_ALEN);
657 os_memcpy(data + 1, idata->data, idata->data_len);
658 data->data_len = idata->data_len;
659 data->oui_suffix = idata->oui_suffix;
660
661 dl_list_add(&hapd->l2_oui_queue, &data->list);
662
663 if (!eloop_is_timeout_registered(hostapd_oui_deliver_later,
664 hapd, NULL))
665 eloop_register_timeout(0, 0,
666 hostapd_oui_deliver_later,
667 hapd, NULL);
668
669 return 1;
670 }
671
672 return 0;
673 }
674
675 #endif /* CONFIG_IEEE80211R_AP */
676
677
678 static int hostapd_wpa_auth_send_oui(void *ctx, const u8 *dst, u8 oui_suffix,
679 const u8 *data, size_t data_len)
680 {
681 #ifdef CONFIG_ETH_P_OUI
682 struct hostapd_data *hapd = ctx;
683 struct eth_p_oui_ctx *oui_ctx;
684
685 #ifdef CONFIG_IEEE80211R_AP
686 if (hapd->iface->interfaces &&
687 hapd->iface->interfaces->for_each_interface) {
688 struct wpa_auth_oui_iface_iter_data idata;
689 int res;
690
691 idata.src_hapd = hapd;
692 idata.dst_addr = dst;
693 idata.data = data;
694 idata.data_len = data_len;
695 idata.oui_suffix = oui_suffix;
696 res = hapd->iface->interfaces->for_each_interface(
697 hapd->iface->interfaces, hostapd_wpa_auth_oui_iter,
698 &idata);
699 if (res == 1)
700 return data_len;
701 }
702 #endif /* CONFIG_IEEE80211R_AP */
703
704 oui_ctx = hostapd_wpa_get_oui(hapd, oui_suffix);
705 if (!oui_ctx)
706 return -1;
707
708 return eth_p_oui_send(oui_ctx, hapd->own_addr, dst, data, data_len);
709 #else /* CONFIG_ETH_P_OUI */
710 return -1;
711 #endif /* CONFIG_ETH_P_OUI */
712 }
713
714
715 #ifdef CONFIG_IEEE80211R_AP
716
717 static int hostapd_wpa_auth_send_ft_action(void *ctx, const u8 *dst,
718 const u8 *data, size_t data_len)
719 {
720 struct hostapd_data *hapd = ctx;
721 int res;
722 struct ieee80211_mgmt *m;
723 size_t mlen;
724 struct sta_info *sta;
725
726 sta = ap_get_sta(hapd, dst);
727 if (sta == NULL || sta->wpa_sm == NULL)
728 return -1;
729
730 m = os_zalloc(sizeof(*m) + data_len);
731 if (m == NULL)
732 return -1;
733 mlen = ((u8 *) &m->u - (u8 *) m) + data_len;
734 m->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
735 WLAN_FC_STYPE_ACTION);
736 os_memcpy(m->da, dst, ETH_ALEN);
737 os_memcpy(m->sa, hapd->own_addr, ETH_ALEN);
738 os_memcpy(m->bssid, hapd->own_addr, ETH_ALEN);
739 os_memcpy(&m->u, data, data_len);
740
741 res = hostapd_drv_send_mlme(hapd, (u8 *) m, mlen, 0);
742 os_free(m);
743 return res;
744 }
745
746
747 static struct wpa_state_machine *
748 hostapd_wpa_auth_add_sta(void *ctx, const u8 *sta_addr)
749 {
750 struct hostapd_data *hapd = ctx;
751 struct sta_info *sta;
752
753 if (hostapd_add_sta_node(hapd, sta_addr, WLAN_AUTH_FT) < 0)
754 return NULL;
755
756 sta = ap_sta_add(hapd, sta_addr);
757 if (sta == NULL)
758 return NULL;
759 if (sta->wpa_sm) {
760 sta->auth_alg = WLAN_AUTH_FT;
761 return sta->wpa_sm;
762 }
763
764 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, sta->addr, NULL);
765 if (sta->wpa_sm == NULL) {
766 ap_free_sta(hapd, sta);
767 return NULL;
768 }
769 sta->auth_alg = WLAN_AUTH_FT;
770
771 return sta->wpa_sm;
772 }
773
774
775 static void hostapd_rrb_receive(void *ctx, const u8 *src_addr, const u8 *buf,
776 size_t len)
777 {
778 struct hostapd_data *hapd = ctx;
779 struct l2_ethhdr *ethhdr;
780 if (len < sizeof(*ethhdr))
781 return;
782 ethhdr = (struct l2_ethhdr *) buf;
783 wpa_printf(MSG_DEBUG, "FT: RRB received packet " MACSTR " -> "
784 MACSTR, MAC2STR(ethhdr->h_source), MAC2STR(ethhdr->h_dest));
785 if (!is_multicast_ether_addr(ethhdr->h_dest) &&
786 os_memcmp(hapd->own_addr, ethhdr->h_dest, ETH_ALEN) != 0)
787 return;
788 wpa_ft_rrb_rx(hapd->wpa_auth, ethhdr->h_source, buf + sizeof(*ethhdr),
789 len - sizeof(*ethhdr));
790 }
791
792
793 static void hostapd_rrb_oui_receive(void *ctx, const u8 *src_addr,
794 const u8 *dst_addr, u8 oui_suffix,
795 const u8 *buf, size_t len)
796 {
797 struct hostapd_data *hapd = ctx;
798
799 wpa_printf(MSG_DEBUG, "FT: RRB received packet " MACSTR " -> "
800 MACSTR, MAC2STR(src_addr), MAC2STR(dst_addr));
801 if (!is_multicast_ether_addr(dst_addr) &&
802 os_memcmp(hapd->own_addr, dst_addr, ETH_ALEN) != 0)
803 return;
804 wpa_ft_rrb_oui_rx(hapd->wpa_auth, src_addr, dst_addr, oui_suffix, buf,
805 len);
806 }
807
808
809 static int hostapd_wpa_auth_add_tspec(void *ctx, const u8 *sta_addr,
810 u8 *tspec_ie, size_t tspec_ielen)
811 {
812 struct hostapd_data *hapd = ctx;
813 return hostapd_add_tspec(hapd, sta_addr, tspec_ie, tspec_ielen);
814 }
815
816
817
818 static int hostapd_wpa_register_ft_oui(struct hostapd_data *hapd,
819 const char *ft_iface)
820 {
821 hapd->oui_pull = eth_p_oui_register(hapd, ft_iface,
822 FT_PACKET_R0KH_R1KH_PULL,
823 hostapd_rrb_oui_receive, hapd);
824 if (!hapd->oui_pull)
825 return -1;
826
827 hapd->oui_resp = eth_p_oui_register(hapd, ft_iface,
828 FT_PACKET_R0KH_R1KH_RESP,
829 hostapd_rrb_oui_receive, hapd);
830 if (!hapd->oui_resp)
831 return -1;
832
833 hapd->oui_push = eth_p_oui_register(hapd, ft_iface,
834 FT_PACKET_R0KH_R1KH_PUSH,
835 hostapd_rrb_oui_receive, hapd);
836 if (!hapd->oui_push)
837 return -1;
838
839 return 0;
840 }
841
842
843 static void hostapd_wpa_unregister_ft_oui(struct hostapd_data *hapd)
844 {
845 eth_p_oui_unregister(hapd->oui_pull);
846 hapd->oui_pull = NULL;
847 eth_p_oui_unregister(hapd->oui_resp);
848 hapd->oui_resp = NULL;
849 eth_p_oui_unregister(hapd->oui_push);
850 hapd->oui_push = NULL;
851 }
852 #endif /* CONFIG_IEEE80211R_AP */
853
854
855 int hostapd_setup_wpa(struct hostapd_data *hapd)
856 {
857 struct wpa_auth_config _conf;
858 static const struct wpa_auth_callbacks cb = {
859 .logger = hostapd_wpa_auth_logger,
860 .disconnect = hostapd_wpa_auth_disconnect,
861 .mic_failure_report = hostapd_wpa_auth_mic_failure_report,
862 .psk_failure_report = hostapd_wpa_auth_psk_failure_report,
863 .set_eapol = hostapd_wpa_auth_set_eapol,
864 .get_eapol = hostapd_wpa_auth_get_eapol,
865 .get_psk = hostapd_wpa_auth_get_psk,
866 .get_msk = hostapd_wpa_auth_get_msk,
867 .set_key = hostapd_wpa_auth_set_key,
868 .get_seqnum = hostapd_wpa_auth_get_seqnum,
869 .send_eapol = hostapd_wpa_auth_send_eapol,
870 .for_each_sta = hostapd_wpa_auth_for_each_sta,
871 .for_each_auth = hostapd_wpa_auth_for_each_auth,
872 .send_ether = hostapd_wpa_auth_send_ether,
873 .send_oui = hostapd_wpa_auth_send_oui,
874 #ifdef CONFIG_IEEE80211R_AP
875 .send_ft_action = hostapd_wpa_auth_send_ft_action,
876 .add_sta = hostapd_wpa_auth_add_sta,
877 .add_tspec = hostapd_wpa_auth_add_tspec,
878 #endif /* CONFIG_IEEE80211R_AP */
879 };
880 const u8 *wpa_ie;
881 size_t wpa_ie_len;
882
883 hostapd_wpa_auth_conf(hapd->conf, hapd->iconf, &_conf);
884 if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_EAPOL_TX_STATUS)
885 _conf.tx_status = 1;
886 if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_AP_MLME)
887 _conf.ap_mlme = 1;
888 hapd->wpa_auth = wpa_init(hapd->own_addr, &_conf, &cb, hapd);
889 if (hapd->wpa_auth == NULL) {
890 wpa_printf(MSG_ERROR, "WPA initialization failed.");
891 return -1;
892 }
893
894 if (hostapd_set_privacy(hapd, 1)) {
895 wpa_printf(MSG_ERROR, "Could not set PrivacyInvoked "
896 "for interface %s", hapd->conf->iface);
897 return -1;
898 }
899
900 wpa_ie = wpa_auth_get_wpa_ie(hapd->wpa_auth, &wpa_ie_len);
901 if (hostapd_set_generic_elem(hapd, wpa_ie, wpa_ie_len)) {
902 wpa_printf(MSG_ERROR, "Failed to configure WPA IE for "
903 "the kernel driver.");
904 return -1;
905 }
906
907 if (rsn_preauth_iface_init(hapd)) {
908 wpa_printf(MSG_ERROR, "Initialization of RSN "
909 "pre-authentication failed.");
910 return -1;
911 }
912
913 #ifdef CONFIG_IEEE80211R_AP
914 if (!hostapd_drv_none(hapd) &&
915 wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt)) {
916 const char *ft_iface;
917
918 ft_iface = hapd->conf->bridge[0] ? hapd->conf->bridge :
919 hapd->conf->iface;
920 hapd->l2 = l2_packet_init(ft_iface, NULL, ETH_P_RRB,
921 hostapd_rrb_receive, hapd, 1);
922 if (hapd->l2 == NULL &&
923 (hapd->driver == NULL ||
924 hapd->driver->send_ether == NULL)) {
925 wpa_printf(MSG_ERROR, "Failed to open l2_packet "
926 "interface");
927 return -1;
928 }
929
930 if (hostapd_wpa_register_ft_oui(hapd, ft_iface)) {
931 wpa_printf(MSG_ERROR,
932 "Failed to open ETH_P_OUI interface");
933 return -1;
934 }
935 }
936 #endif /* CONFIG_IEEE80211R_AP */
937
938 return 0;
939
940 }
941
942
943 void hostapd_reconfig_wpa(struct hostapd_data *hapd)
944 {
945 struct wpa_auth_config wpa_auth_conf;
946 hostapd_wpa_auth_conf(hapd->conf, hapd->iconf, &wpa_auth_conf);
947 wpa_reconfig(hapd->wpa_auth, &wpa_auth_conf);
948 }
949
950
951 void hostapd_deinit_wpa(struct hostapd_data *hapd)
952 {
953 ieee80211_tkip_countermeasures_deinit(hapd);
954 rsn_preauth_iface_deinit(hapd);
955 if (hapd->wpa_auth) {
956 wpa_deinit(hapd->wpa_auth);
957 hapd->wpa_auth = NULL;
958
959 if (hapd->drv_priv && hostapd_set_privacy(hapd, 0)) {
960 wpa_printf(MSG_DEBUG, "Could not disable "
961 "PrivacyInvoked for interface %s",
962 hapd->conf->iface);
963 }
964
965 if (hapd->drv_priv &&
966 hostapd_set_generic_elem(hapd, (u8 *) "", 0)) {
967 wpa_printf(MSG_DEBUG, "Could not remove generic "
968 "information element from interface %s",
969 hapd->conf->iface);
970 }
971 }
972 ieee802_1x_deinit(hapd);
973
974 #ifdef CONFIG_IEEE80211R_AP
975 eloop_cancel_timeout(hostapd_wpa_ft_rrb_rx_later, hapd, ELOOP_ALL_CTX);
976 hostapd_wpa_ft_rrb_rx_later(hapd, NULL); /* flush without delivering */
977 eloop_cancel_timeout(hostapd_oui_deliver_later, hapd, ELOOP_ALL_CTX);
978 hostapd_oui_deliver_later(hapd, NULL); /* flush without delivering */
979 l2_packet_deinit(hapd->l2);
980 hapd->l2 = NULL;
981 hostapd_wpa_unregister_ft_oui(hapd);
982 #endif /* CONFIG_IEEE80211R_AP */
983 }
Unnamed repository; edit this file 'description' to name the repository.