2 * WPA Supplicant - Glue code to setup EAPOL and RSN modules
3 * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi>
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
12 #include "eapol_supp/eapol_supp_sm.h"
13 #include "rsn_supp/wpa.h"
16 #include "l2_packet/l2_packet.h"
17 #include "common/wpa_common.h"
18 #include "wpa_supplicant_i.h"
20 #include "rsn_supp/pmksa_cache.h"
22 #include "common/ieee802_11_defs.h"
23 #include "common/wpa_ctrl.h"
24 #include "wpas_glue.h"
25 #include "wps_supplicant.h"
32 #ifndef CONFIG_NO_CONFIG_BLOBS
33 #if defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA)
34 static void wpa_supplicant_set_config_blob(void *ctx
,
35 struct wpa_config_blob
*blob
)
37 struct wpa_supplicant
*wpa_s
= ctx
;
38 wpa_config_set_blob(wpa_s
->conf
, blob
);
39 if (wpa_s
->conf
->update_config
) {
40 int ret
= wpa_config_write(wpa_s
->confname
, wpa_s
->conf
);
42 wpa_printf(MSG_DEBUG
, "Failed to update config after "
49 static const struct wpa_config_blob
*
50 wpa_supplicant_get_config_blob(void *ctx
, const char *name
)
52 struct wpa_supplicant
*wpa_s
= ctx
;
53 return wpa_config_get_blob(wpa_s
->conf
, name
);
55 #endif /* defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA) */
56 #endif /* CONFIG_NO_CONFIG_BLOBS */
59 #if defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA)
60 static u8
* wpa_alloc_eapol(const struct wpa_supplicant
*wpa_s
, u8 type
,
61 const void *data
, u16 data_len
,
62 size_t *msg_len
, void **data_pos
)
64 struct ieee802_1x_hdr
*hdr
;
66 *msg_len
= sizeof(*hdr
) + data_len
;
67 hdr
= os_malloc(*msg_len
);
71 hdr
->version
= wpa_s
->conf
->eapol_version
;
73 hdr
->length
= host_to_be16(data_len
);
76 os_memcpy(hdr
+ 1, data
, data_len
);
78 os_memset(hdr
+ 1, 0, data_len
);
88 * wpa_ether_send - Send Ethernet frame
89 * @wpa_s: Pointer to wpa_supplicant data
90 * @dest: Destination MAC address
91 * @proto: Ethertype in host byte order
92 * @buf: Frame payload starting from IEEE 802.1X header
93 * @len: Frame payload length
94 * Returns: >=0 on success, <0 on failure
96 static int wpa_ether_send(struct wpa_supplicant
*wpa_s
, const u8
*dest
,
97 u16 proto
, const u8
*buf
, size_t len
)
99 #ifdef CONFIG_TESTING_OPTIONS
100 if (wpa_s
->ext_eapol_frame_io
&& proto
== ETH_P_EAPOL
) {
101 size_t hex_len
= 2 * len
+ 1;
102 char *hex
= os_malloc(hex_len
);
106 wpa_snprintf_hex(hex
, hex_len
, buf
, len
);
107 wpa_msg(wpa_s
, MSG_INFO
, "EAPOL-TX " MACSTR
" %s",
112 #endif /* CONFIG_TESTING_OPTIONS */
115 return l2_packet_send(wpa_s
->l2
, dest
, proto
, buf
, len
);
120 #endif /* IEEE8021X_EAPOL || !CONFIG_NO_WPA */
123 #ifdef IEEE8021X_EAPOL
126 * wpa_supplicant_eapol_send - Send IEEE 802.1X EAPOL packet to Authenticator
127 * @ctx: Pointer to wpa_supplicant data (wpa_s)
128 * @type: IEEE 802.1X packet type (IEEE802_1X_TYPE_*)
129 * @buf: EAPOL payload (after IEEE 802.1X header)
130 * @len: EAPOL payload length
131 * Returns: >=0 on success, <0 on failure
133 * This function adds Ethernet and IEEE 802.1X header and sends the EAPOL frame
134 * to the current Authenticator.
136 static int wpa_supplicant_eapol_send(void *ctx
, int type
, const u8
*buf
,
139 struct wpa_supplicant
*wpa_s
= ctx
;
140 u8
*msg
, *dst
, bssid
[ETH_ALEN
];
144 /* TODO: could add l2_packet_sendmsg that allows fragments to avoid
147 if (wpa_key_mgmt_wpa_psk(wpa_s
->key_mgmt
) ||
148 wpa_s
->key_mgmt
== WPA_KEY_MGMT_NONE
) {
149 /* Current SSID is not using IEEE 802.1X/EAP, so drop possible
150 * EAPOL frames (mainly, EAPOL-Start) from EAPOL state
152 wpa_printf(MSG_DEBUG
, "WPA: drop TX EAPOL in non-IEEE 802.1X "
153 "mode (type=%d len=%lu)", type
,
154 (unsigned long) len
);
158 if (pmksa_cache_get_current(wpa_s
->wpa
) &&
159 type
== IEEE802_1X_TYPE_EAPOL_START
) {
161 * We were trying to use PMKSA caching and sending EAPOL-Start
162 * would abort that and trigger full EAPOL authentication.
163 * However, we've already waited for the AP/Authenticator to
164 * start 4-way handshake or EAP authentication, and apparently
165 * it has not done so since the startWhen timer has reached zero
166 * to get the state machine sending EAPOL-Start. This is not
167 * really supposed to happen, but an interoperability issue with
168 * a deployed AP has been identified where the connection fails
169 * due to that AP failing to operate correctly if PMKID is
170 * included in the Association Request frame. To work around
171 * this, assume PMKSA caching failed and try to initiate full
172 * EAP authentication.
174 if (!wpa_s
->current_ssid
||
175 wpa_s
->current_ssid
->eap_workaround
) {
176 wpa_printf(MSG_DEBUG
,
177 "RSN: Timeout on waiting for the AP to initiate 4-way handshake for PMKSA caching or EAP authentication - try to force it to start EAP authentication");
179 wpa_printf(MSG_DEBUG
,
180 "RSN: PMKSA caching - do not send EAPOL-Start");
185 if (is_zero_ether_addr(wpa_s
->bssid
)) {
186 wpa_printf(MSG_DEBUG
, "BSSID not set when trying to send an "
188 if (wpa_drv_get_bssid(wpa_s
, bssid
) == 0 &&
189 !is_zero_ether_addr(bssid
)) {
191 wpa_printf(MSG_DEBUG
, "Using current BSSID " MACSTR
192 " from the driver as the EAPOL destination",
195 dst
= wpa_s
->last_eapol_src
;
196 wpa_printf(MSG_DEBUG
, "Using the source address of the"
197 " last received EAPOL frame " MACSTR
" as "
198 "the EAPOL destination",
202 /* BSSID was already set (from (Re)Assoc event, so use it as
203 * the EAPOL destination. */
207 msg
= wpa_alloc_eapol(wpa_s
, type
, buf
, len
, &msglen
, NULL
);
211 wpa_printf(MSG_DEBUG
, "TX EAPOL: dst=" MACSTR
, MAC2STR(dst
));
212 wpa_hexdump(MSG_MSGDUMP
, "TX EAPOL", msg
, msglen
);
213 res
= wpa_ether_send(wpa_s
, dst
, ETH_P_EAPOL
, msg
, msglen
);
220 * wpa_eapol_set_wep_key - set WEP key for the driver
221 * @ctx: Pointer to wpa_supplicant data (wpa_s)
222 * @unicast: 1 = individual unicast key, 0 = broadcast key
223 * @keyidx: WEP key index (0..3)
224 * @key: Pointer to key data
225 * @keylen: Key length in bytes
226 * Returns: 0 on success or < 0 on error.
228 static int wpa_eapol_set_wep_key(void *ctx
, int unicast
, int keyidx
,
229 const u8
*key
, size_t keylen
)
231 struct wpa_supplicant
*wpa_s
= ctx
;
232 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_IEEE8021X_NO_WPA
) {
233 int cipher
= (keylen
== 5) ? WPA_CIPHER_WEP40
:
236 wpa_s
->pairwise_cipher
= cipher
;
238 wpa_s
->group_cipher
= cipher
;
240 return wpa_drv_set_key(wpa_s
, WPA_ALG_WEP
,
241 unicast
? wpa_s
->bssid
: NULL
,
242 keyidx
, unicast
, NULL
, 0, key
, keylen
);
246 static void wpa_supplicant_aborted_cached(void *ctx
)
248 struct wpa_supplicant
*wpa_s
= ctx
;
249 wpa_sm_aborted_cached(wpa_s
->wpa
);
253 static const char * result_str(enum eapol_supp_result result
)
256 case EAPOL_SUPP_RESULT_FAILURE
:
258 case EAPOL_SUPP_RESULT_SUCCESS
:
260 case EAPOL_SUPP_RESULT_EXPECTED_FAILURE
:
261 return "EXPECTED_FAILURE";
267 static void wpa_supplicant_eapol_cb(struct eapol_sm
*eapol
,
268 enum eapol_supp_result result
,
271 struct wpa_supplicant
*wpa_s
= ctx
;
275 wpa_printf(MSG_DEBUG
, "EAPOL authentication completed - result=%s",
278 if (wpas_wps_eapol_cb(wpa_s
) > 0)
281 wpa_s
->eap_expected_failure
= result
==
282 EAPOL_SUPP_RESULT_EXPECTED_FAILURE
;
284 if (result
!= EAPOL_SUPP_RESULT_SUCCESS
) {
286 * Make sure we do not get stuck here waiting for long EAPOL
287 * timeout if the AP does not disconnect in case of
288 * authentication failure.
290 wpa_supplicant_req_auth_timeout(wpa_s
, 2, 0);
292 ieee802_1x_notify_create_actor(wpa_s
, wpa_s
->last_eapol_src
);
295 if (result
!= EAPOL_SUPP_RESULT_SUCCESS
||
296 !(wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_4WAY_HANDSHAKE
))
299 if (!wpa_key_mgmt_wpa_ieee8021x(wpa_s
->key_mgmt
))
302 wpa_printf(MSG_DEBUG
, "Configure PMK for driver-based RSN 4-way "
306 if (wpa_key_mgmt_ft(wpa_s
->key_mgmt
)) {
307 #ifdef CONFIG_IEEE80211R
309 wpa_printf(MSG_DEBUG
, "RSN: Use FT XXKey as PMK for "
310 "driver-based 4-way hs and FT");
311 res
= eapol_sm_get_key(eapol
, buf
, 2 * PMK_LEN
);
313 os_memcpy(pmk
, buf
+ PMK_LEN
, PMK_LEN
);
314 os_memset(buf
, 0, sizeof(buf
));
316 #else /* CONFIG_IEEE80211R */
318 #endif /* CONFIG_IEEE80211R */
320 res
= eapol_sm_get_key(eapol
, pmk
, PMK_LEN
);
323 * EAP-LEAP is an exception from other EAP methods: it
324 * uses only 16-byte PMK.
326 res
= eapol_sm_get_key(eapol
, pmk
, 16);
332 wpa_printf(MSG_DEBUG
, "Failed to get PMK from EAPOL state "
337 wpa_hexdump_key(MSG_DEBUG
, "RSN: Configure PMK for driver-based 4-way "
338 "handshake", pmk
, pmk_len
);
340 if (wpa_drv_set_key(wpa_s
, WPA_ALG_PMK
, NULL
, 0, 0, NULL
, 0, pmk
,
342 wpa_printf(MSG_DEBUG
, "Failed to set PMK to the driver");
345 wpa_supplicant_cancel_scan(wpa_s
);
346 wpa_supplicant_cancel_auth_timeout(wpa_s
);
347 wpa_supplicant_set_state(wpa_s
, WPA_COMPLETED
);
352 static void wpa_supplicant_notify_eapol_done(void *ctx
)
354 struct wpa_supplicant
*wpa_s
= ctx
;
355 wpa_msg(wpa_s
, MSG_DEBUG
, "WPA: EAPOL processing complete");
356 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s
->key_mgmt
)) {
357 wpa_supplicant_set_state(wpa_s
, WPA_4WAY_HANDSHAKE
);
359 wpa_supplicant_cancel_auth_timeout(wpa_s
);
360 wpa_supplicant_set_state(wpa_s
, WPA_COMPLETED
);
364 #endif /* IEEE8021X_EAPOL */
367 #ifndef CONFIG_NO_WPA
369 static int wpa_get_beacon_ie(struct wpa_supplicant
*wpa_s
)
372 struct wpa_bss
*curr
= NULL
, *bss
;
373 struct wpa_ssid
*ssid
= wpa_s
->current_ssid
;
376 dl_list_for_each(bss
, &wpa_s
->bss
, struct wpa_bss
, list
) {
377 if (os_memcmp(bss
->bssid
, wpa_s
->bssid
, ETH_ALEN
) != 0)
380 ((bss
->ssid_len
== ssid
->ssid_len
&&
381 os_memcmp(bss
->ssid
, ssid
->ssid
, ssid
->ssid_len
) == 0) ||
382 ssid
->ssid_len
== 0)) {
389 ie
= wpa_bss_get_vendor_ie(curr
, WPA_IE_VENDOR_TYPE
);
390 if (wpa_sm_set_ap_wpa_ie(wpa_s
->wpa
, ie
, ie
? 2 + ie
[1] : 0))
393 ie
= wpa_bss_get_ie(curr
, WLAN_EID_RSN
);
394 if (wpa_sm_set_ap_rsn_ie(wpa_s
->wpa
, ie
, ie
? 2 + ie
[1] : 0))
404 static int wpa_supplicant_get_beacon_ie(void *ctx
)
406 struct wpa_supplicant
*wpa_s
= ctx
;
407 if (wpa_get_beacon_ie(wpa_s
) == 0) {
411 /* No WPA/RSN IE found in the cached scan results. Try to get updated
412 * scan results from the driver. */
413 if (wpa_supplicant_update_scan_results(wpa_s
) < 0)
416 return wpa_get_beacon_ie(wpa_s
);
420 static u8
* _wpa_alloc_eapol(void *wpa_s
, u8 type
,
421 const void *data
, u16 data_len
,
422 size_t *msg_len
, void **data_pos
)
424 return wpa_alloc_eapol(wpa_s
, type
, data
, data_len
, msg_len
, data_pos
);
428 static int _wpa_ether_send(void *wpa_s
, const u8
*dest
, u16 proto
,
429 const u8
*buf
, size_t len
)
431 return wpa_ether_send(wpa_s
, dest
, proto
, buf
, len
);
435 static void _wpa_supplicant_cancel_auth_timeout(void *wpa_s
)
437 wpa_supplicant_cancel_auth_timeout(wpa_s
);
441 static void _wpa_supplicant_set_state(void *wpa_s
, enum wpa_states state
)
443 wpa_supplicant_set_state(wpa_s
, state
);
448 * wpa_supplicant_get_state - Get the connection state
449 * @wpa_s: Pointer to wpa_supplicant data
450 * Returns: The current connection state (WPA_*)
452 static enum wpa_states
wpa_supplicant_get_state(struct wpa_supplicant
*wpa_s
)
454 return wpa_s
->wpa_state
;
458 static enum wpa_states
_wpa_supplicant_get_state(void *wpa_s
)
460 return wpa_supplicant_get_state(wpa_s
);
464 static void _wpa_supplicant_deauthenticate(void *wpa_s
, int reason_code
)
466 wpa_supplicant_deauthenticate(wpa_s
, reason_code
);
467 /* Schedule a scan to make sure we continue looking for networks */
468 wpa_supplicant_req_scan(wpa_s
, 5, 0);
472 static void * wpa_supplicant_get_network_ctx(void *wpa_s
)
474 return wpa_supplicant_get_ssid(wpa_s
);
478 static int wpa_supplicant_get_bssid(void *ctx
, u8
*bssid
)
480 struct wpa_supplicant
*wpa_s
= ctx
;
481 return wpa_drv_get_bssid(wpa_s
, bssid
);
485 static int wpa_supplicant_set_key(void *_wpa_s
, enum wpa_alg alg
,
486 const u8
*addr
, int key_idx
, int set_tx
,
487 const u8
*seq
, size_t seq_len
,
488 const u8
*key
, size_t key_len
)
490 struct wpa_supplicant
*wpa_s
= _wpa_s
;
491 if (alg
== WPA_ALG_TKIP
&& key_idx
== 0 && key_len
== 32) {
492 /* Clear the MIC error counter when setting a new PTK. */
493 wpa_s
->mic_errors_seen
= 0;
495 #ifdef CONFIG_TESTING_GET_GTK
496 if (key_idx
> 0 && addr
&& is_broadcast_ether_addr(addr
) &&
497 alg
!= WPA_ALG_NONE
&& key_len
<= sizeof(wpa_s
->last_gtk
)) {
498 os_memcpy(wpa_s
->last_gtk
, key
, key_len
);
499 wpa_s
->last_gtk_len
= key_len
;
501 #endif /* CONFIG_TESTING_GET_GTK */
502 return wpa_drv_set_key(wpa_s
, alg
, addr
, key_idx
, set_tx
, seq
, seq_len
,
507 static int wpa_supplicant_mlme_setprotection(void *wpa_s
, const u8
*addr
,
511 return wpa_drv_mlme_setprotection(wpa_s
, addr
, protection_type
,
516 static int wpa_supplicant_add_pmkid(void *wpa_s
,
517 const u8
*bssid
, const u8
*pmkid
)
519 return wpa_drv_add_pmkid(wpa_s
, bssid
, pmkid
);
523 static int wpa_supplicant_remove_pmkid(void *wpa_s
,
524 const u8
*bssid
, const u8
*pmkid
)
526 return wpa_drv_remove_pmkid(wpa_s
, bssid
, pmkid
);
530 #ifdef CONFIG_IEEE80211R
531 static int wpa_supplicant_update_ft_ies(void *ctx
, const u8
*md
,
532 const u8
*ies
, size_t ies_len
)
534 struct wpa_supplicant
*wpa_s
= ctx
;
535 if (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_SME
)
536 return sme_update_ft_ies(wpa_s
, md
, ies
, ies_len
);
537 return wpa_drv_update_ft_ies(wpa_s
, md
, ies
, ies_len
);
541 static int wpa_supplicant_send_ft_action(void *ctx
, u8 action
,
543 const u8
*ies
, size_t ies_len
)
545 struct wpa_supplicant
*wpa_s
= ctx
;
551 wpa_printf(MSG_ERROR
, "Unsupported send_ft_action action %d",
557 * Action frame payload:
558 * Category[1] = 6 (Fast BSS Transition)
559 * Action[1] = 1 (Fast BSS Transition Request)
565 data_len
= 2 + 2 * ETH_ALEN
+ ies_len
;
566 data
= os_malloc(data_len
);
570 *pos
++ = 0x06; /* FT Action category */
572 os_memcpy(pos
, wpa_s
->own_addr
, ETH_ALEN
);
574 os_memcpy(pos
, target_ap
, ETH_ALEN
);
576 os_memcpy(pos
, ies
, ies_len
);
578 ret
= wpa_drv_send_action(wpa_s
, wpa_s
->assoc_freq
, 0,
579 wpa_s
->bssid
, wpa_s
->own_addr
, wpa_s
->bssid
,
587 static int wpa_supplicant_mark_authenticated(void *ctx
, const u8
*target_ap
)
589 struct wpa_supplicant
*wpa_s
= ctx
;
590 struct wpa_driver_auth_params params
;
593 bss
= wpa_bss_get_bssid(wpa_s
, target_ap
);
597 os_memset(¶ms
, 0, sizeof(params
));
598 params
.bssid
= target_ap
;
599 params
.freq
= bss
->freq
;
600 params
.ssid
= bss
->ssid
;
601 params
.ssid_len
= bss
->ssid_len
;
602 params
.auth_alg
= WPA_AUTH_ALG_FT
;
603 params
.local_state_change
= 1;
604 return wpa_drv_authenticate(wpa_s
, ¶ms
);
606 #endif /* CONFIG_IEEE80211R */
611 static int wpa_supplicant_tdls_get_capa(void *ctx
, int *tdls_supported
,
613 int *tdls_chan_switch
)
615 struct wpa_supplicant
*wpa_s
= ctx
;
619 *tdls_chan_switch
= 0;
621 if (!wpa_s
->drv_capa_known
)
624 if (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_TDLS_SUPPORT
)
627 if (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_TDLS_EXTERNAL_SETUP
)
630 if (wpa_s
->drv_flags
& WPA_DRIVER_FLAGS_TDLS_CHANNEL_SWITCH
)
631 *tdls_chan_switch
= 1;
637 static int wpa_supplicant_send_tdls_mgmt(void *ctx
, const u8
*dst
,
638 u8 action_code
, u8 dialog_token
,
639 u16 status_code
, u32 peer_capab
,
640 int initiator
, const u8
*buf
,
643 struct wpa_supplicant
*wpa_s
= ctx
;
644 return wpa_drv_send_tdls_mgmt(wpa_s
, dst
, action_code
, dialog_token
,
645 status_code
, peer_capab
, initiator
, buf
,
650 static int wpa_supplicant_tdls_oper(void *ctx
, int oper
, const u8
*peer
)
652 struct wpa_supplicant
*wpa_s
= ctx
;
653 return wpa_drv_tdls_oper(wpa_s
, oper
, peer
);
657 static int wpa_supplicant_tdls_peer_addset(
658 void *ctx
, const u8
*peer
, int add
, u16 aid
, u16 capability
,
659 const u8
*supp_rates
, size_t supp_rates_len
,
660 const struct ieee80211_ht_capabilities
*ht_capab
,
661 const struct ieee80211_vht_capabilities
*vht_capab
,
662 u8 qosinfo
, int wmm
, const u8
*ext_capab
, size_t ext_capab_len
,
663 const u8
*supp_channels
, size_t supp_channels_len
,
664 const u8
*supp_oper_classes
, size_t supp_oper_classes_len
)
666 struct wpa_supplicant
*wpa_s
= ctx
;
667 struct hostapd_sta_add_params params
;
669 os_memset(¶ms
, 0, sizeof(params
));
673 params
.capability
= capability
;
674 params
.flags
= WPA_STA_TDLS_PEER
| WPA_STA_AUTHORIZED
;
677 * Don't rely only on qosinfo for WMM capability. It may be 0 even when
678 * present. Allow the WMM IE to also indicate QoS support.
681 params
.flags
|= WPA_STA_WMM
;
683 params
.ht_capabilities
= ht_capab
;
684 params
.vht_capabilities
= vht_capab
;
685 params
.qosinfo
= qosinfo
;
686 params
.listen_interval
= 0;
687 params
.supp_rates
= supp_rates
;
688 params
.supp_rates_len
= supp_rates_len
;
690 params
.ext_capab
= ext_capab
;
691 params
.ext_capab_len
= ext_capab_len
;
692 params
.supp_channels
= supp_channels
;
693 params
.supp_channels_len
= supp_channels_len
;
694 params
.supp_oper_classes
= supp_oper_classes
;
695 params
.supp_oper_classes_len
= supp_oper_classes_len
;
697 return wpa_drv_sta_add(wpa_s
, ¶ms
);
700 #endif /* CONFIG_TDLS */
702 #endif /* CONFIG_NO_WPA */
705 enum wpa_ctrl_req_type
wpa_supplicant_ctrl_req_from_string(const char *field
)
707 if (os_strcmp(field
, "IDENTITY") == 0)
708 return WPA_CTRL_REQ_EAP_IDENTITY
;
709 else if (os_strcmp(field
, "PASSWORD") == 0)
710 return WPA_CTRL_REQ_EAP_PASSWORD
;
711 else if (os_strcmp(field
, "NEW_PASSWORD") == 0)
712 return WPA_CTRL_REQ_EAP_NEW_PASSWORD
;
713 else if (os_strcmp(field
, "PIN") == 0)
714 return WPA_CTRL_REQ_EAP_PIN
;
715 else if (os_strcmp(field
, "OTP") == 0)
716 return WPA_CTRL_REQ_EAP_OTP
;
717 else if (os_strcmp(field
, "PASSPHRASE") == 0)
718 return WPA_CTRL_REQ_EAP_PASSPHRASE
;
719 else if (os_strcmp(field
, "SIM") == 0)
720 return WPA_CTRL_REQ_SIM
;
721 return WPA_CTRL_REQ_UNKNOWN
;
725 const char * wpa_supplicant_ctrl_req_to_string(enum wpa_ctrl_req_type field
,
726 const char *default_txt
,
729 const char *ret
= NULL
;
734 case WPA_CTRL_REQ_EAP_IDENTITY
:
738 case WPA_CTRL_REQ_EAP_PASSWORD
:
742 case WPA_CTRL_REQ_EAP_NEW_PASSWORD
:
743 *txt
= "New Password";
744 ret
= "NEW_PASSWORD";
746 case WPA_CTRL_REQ_EAP_PIN
:
750 case WPA_CTRL_REQ_EAP_OTP
:
753 case WPA_CTRL_REQ_EAP_PASSPHRASE
:
754 *txt
= "Private key passphrase";
757 case WPA_CTRL_REQ_SIM
:
764 /* txt needs to be something */
766 wpa_printf(MSG_WARNING
, "No message for request %d", field
);
773 #ifdef IEEE8021X_EAPOL
774 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
775 static void wpa_supplicant_eap_param_needed(void *ctx
,
776 enum wpa_ctrl_req_type field
,
777 const char *default_txt
)
779 struct wpa_supplicant
*wpa_s
= ctx
;
780 struct wpa_ssid
*ssid
= wpa_s
->current_ssid
;
781 const char *field_name
, *txt
= NULL
;
789 wpas_notify_network_request(wpa_s
, ssid
, field
, default_txt
);
791 field_name
= wpa_supplicant_ctrl_req_to_string(field
, default_txt
,
793 if (field_name
== NULL
) {
794 wpa_printf(MSG_WARNING
, "Unhandled EAP param %d needed",
799 wpas_notify_eap_status(wpa_s
, "eap parameter needed", field_name
);
801 buflen
= 100 + os_strlen(txt
) + ssid
->ssid_len
;
802 buf
= os_malloc(buflen
);
805 len
= os_snprintf(buf
, buflen
,
806 WPA_CTRL_REQ
"%s-%d:%s needed for SSID ",
807 field_name
, ssid
->id
, txt
);
808 if (os_snprintf_error(buflen
, len
)) {
812 if (ssid
->ssid
&& buflen
> len
+ ssid
->ssid_len
) {
813 os_memcpy(buf
+ len
, ssid
->ssid
, ssid
->ssid_len
);
814 len
+= ssid
->ssid_len
;
817 buf
[buflen
- 1] = '\0';
818 wpa_msg(wpa_s
, MSG_INFO
, "%s", buf
);
821 #else /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
822 #define wpa_supplicant_eap_param_needed NULL
823 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
826 static void wpa_supplicant_port_cb(void *ctx
, int authorized
)
828 struct wpa_supplicant
*wpa_s
= ctx
;
830 if (wpa_s
->ap_iface
) {
831 wpa_printf(MSG_DEBUG
, "AP mode active - skip EAPOL Supplicant "
833 authorized
? "Authorized" : "Unauthorized");
836 #endif /* CONFIG_AP */
837 wpa_printf(MSG_DEBUG
, "EAPOL: Supplicant port status: %s",
838 authorized
? "Authorized" : "Unauthorized");
839 wpa_drv_set_supp_port(wpa_s
, authorized
);
843 static void wpa_supplicant_cert_cb(void *ctx
, int depth
, const char *subject
,
844 const char *cert_hash
,
845 const struct wpabuf
*cert
)
847 struct wpa_supplicant
*wpa_s
= ctx
;
849 wpas_notify_certification(wpa_s
, depth
, subject
, cert_hash
, cert
);
853 static void wpa_supplicant_status_cb(void *ctx
, const char *status
,
854 const char *parameter
)
856 struct wpa_supplicant
*wpa_s
= ctx
;
858 wpas_notify_eap_status(wpa_s
, status
, parameter
);
862 static void wpa_supplicant_set_anon_id(void *ctx
, const u8
*id
, size_t len
)
864 struct wpa_supplicant
*wpa_s
= ctx
;
868 wpa_hexdump_ascii(MSG_DEBUG
, "EAP method updated anonymous_identity",
871 if (wpa_s
->current_ssid
== NULL
)
875 if (wpa_config_set(wpa_s
->current_ssid
, "anonymous_identity",
879 str
= os_malloc(len
* 2 + 1);
882 wpa_snprintf_hex(str
, len
* 2 + 1, id
, len
);
883 res
= wpa_config_set(wpa_s
->current_ssid
, "anonymous_identity",
890 if (wpa_s
->conf
->update_config
) {
891 res
= wpa_config_write(wpa_s
->confname
, wpa_s
->conf
);
893 wpa_printf(MSG_DEBUG
, "Failed to update config after "
894 "anonymous_id update");
898 #endif /* IEEE8021X_EAPOL */
901 int wpa_supplicant_init_eapol(struct wpa_supplicant
*wpa_s
)
903 #ifdef IEEE8021X_EAPOL
904 struct eapol_ctx
*ctx
;
905 ctx
= os_zalloc(sizeof(*ctx
));
907 wpa_printf(MSG_ERROR
, "Failed to allocate EAPOL context.");
912 ctx
->msg_ctx
= wpa_s
;
913 ctx
->eapol_send_ctx
= wpa_s
;
915 ctx
->eapol_done_cb
= wpa_supplicant_notify_eapol_done
;
916 ctx
->eapol_send
= wpa_supplicant_eapol_send
;
917 ctx
->set_wep_key
= wpa_eapol_set_wep_key
;
918 #ifndef CONFIG_NO_CONFIG_BLOBS
919 ctx
->set_config_blob
= wpa_supplicant_set_config_blob
;
920 ctx
->get_config_blob
= wpa_supplicant_get_config_blob
;
921 #endif /* CONFIG_NO_CONFIG_BLOBS */
922 ctx
->aborted_cached
= wpa_supplicant_aborted_cached
;
923 ctx
->opensc_engine_path
= wpa_s
->conf
->opensc_engine_path
;
924 ctx
->pkcs11_engine_path
= wpa_s
->conf
->pkcs11_engine_path
;
925 ctx
->pkcs11_module_path
= wpa_s
->conf
->pkcs11_module_path
;
926 ctx
->openssl_ciphers
= wpa_s
->conf
->openssl_ciphers
;
927 ctx
->wps
= wpa_s
->wps
;
928 ctx
->eap_param_needed
= wpa_supplicant_eap_param_needed
;
929 ctx
->port_cb
= wpa_supplicant_port_cb
;
930 ctx
->cb
= wpa_supplicant_eapol_cb
;
931 ctx
->cert_cb
= wpa_supplicant_cert_cb
;
932 ctx
->status_cb
= wpa_supplicant_status_cb
;
933 ctx
->set_anon_id
= wpa_supplicant_set_anon_id
;
935 wpa_s
->eapol
= eapol_sm_init(ctx
);
936 if (wpa_s
->eapol
== NULL
) {
938 wpa_printf(MSG_ERROR
, "Failed to initialize EAPOL state "
942 #endif /* IEEE8021X_EAPOL */
948 #ifndef CONFIG_NO_WPA
949 static void wpa_supplicant_set_rekey_offload(void *ctx
, const u8
*kek
,
951 const u8
*replay_ctr
)
953 struct wpa_supplicant
*wpa_s
= ctx
;
955 wpa_drv_set_rekey_info(wpa_s
, kek
, kck
, replay_ctr
);
957 #endif /* CONFIG_NO_WPA */
960 static int wpa_supplicant_key_mgmt_set_pmk(void *ctx
, const u8
*pmk
,
963 struct wpa_supplicant
*wpa_s
= ctx
;
965 if (wpa_s
->conf
->key_mgmt_offload
)
966 return wpa_drv_set_key(wpa_s
, WPA_ALG_PMK
, NULL
, 0, 0,
967 NULL
, 0, pmk
, pmk_len
);
973 int wpa_supplicant_init_wpa(struct wpa_supplicant
*wpa_s
)
975 #ifndef CONFIG_NO_WPA
976 struct wpa_sm_ctx
*ctx
;
977 ctx
= os_zalloc(sizeof(*ctx
));
979 wpa_printf(MSG_ERROR
, "Failed to allocate WPA context.");
984 ctx
->msg_ctx
= wpa_s
;
985 ctx
->set_state
= _wpa_supplicant_set_state
;
986 ctx
->get_state
= _wpa_supplicant_get_state
;
987 ctx
->deauthenticate
= _wpa_supplicant_deauthenticate
;
988 ctx
->set_key
= wpa_supplicant_set_key
;
989 ctx
->get_network_ctx
= wpa_supplicant_get_network_ctx
;
990 ctx
->get_bssid
= wpa_supplicant_get_bssid
;
991 ctx
->ether_send
= _wpa_ether_send
;
992 ctx
->get_beacon_ie
= wpa_supplicant_get_beacon_ie
;
993 ctx
->alloc_eapol
= _wpa_alloc_eapol
;
994 ctx
->cancel_auth_timeout
= _wpa_supplicant_cancel_auth_timeout
;
995 ctx
->add_pmkid
= wpa_supplicant_add_pmkid
;
996 ctx
->remove_pmkid
= wpa_supplicant_remove_pmkid
;
997 #ifndef CONFIG_NO_CONFIG_BLOBS
998 ctx
->set_config_blob
= wpa_supplicant_set_config_blob
;
999 ctx
->get_config_blob
= wpa_supplicant_get_config_blob
;
1000 #endif /* CONFIG_NO_CONFIG_BLOBS */
1001 ctx
->mlme_setprotection
= wpa_supplicant_mlme_setprotection
;
1002 #ifdef CONFIG_IEEE80211R
1003 ctx
->update_ft_ies
= wpa_supplicant_update_ft_ies
;
1004 ctx
->send_ft_action
= wpa_supplicant_send_ft_action
;
1005 ctx
->mark_authenticated
= wpa_supplicant_mark_authenticated
;
1006 #endif /* CONFIG_IEEE80211R */
1008 ctx
->tdls_get_capa
= wpa_supplicant_tdls_get_capa
;
1009 ctx
->send_tdls_mgmt
= wpa_supplicant_send_tdls_mgmt
;
1010 ctx
->tdls_oper
= wpa_supplicant_tdls_oper
;
1011 ctx
->tdls_peer_addset
= wpa_supplicant_tdls_peer_addset
;
1012 #endif /* CONFIG_TDLS */
1013 ctx
->set_rekey_offload
= wpa_supplicant_set_rekey_offload
;
1014 ctx
->key_mgmt_set_pmk
= wpa_supplicant_key_mgmt_set_pmk
;
1016 wpa_s
->wpa
= wpa_sm_init(ctx
);
1017 if (wpa_s
->wpa
== NULL
) {
1018 wpa_printf(MSG_ERROR
, "Failed to initialize WPA state "
1022 #endif /* CONFIG_NO_WPA */
1028 void wpa_supplicant_rsn_supp_set_config(struct wpa_supplicant
*wpa_s
,
1029 struct wpa_ssid
*ssid
)
1031 struct rsn_supp_config conf
;
1033 os_memset(&conf
, 0, sizeof(conf
));
1034 conf
.network_ctx
= ssid
;
1035 conf
.peerkey_enabled
= ssid
->peerkey
;
1036 conf
.allowed_pairwise_cipher
= ssid
->pairwise_cipher
;
1037 #ifdef IEEE8021X_EAPOL
1038 conf
.proactive_key_caching
= ssid
->proactive_key_caching
< 0 ?
1039 wpa_s
->conf
->okc
: ssid
->proactive_key_caching
;
1040 conf
.eap_workaround
= ssid
->eap_workaround
;
1041 conf
.eap_conf_ctx
= &ssid
->eap
;
1042 #endif /* IEEE8021X_EAPOL */
1043 conf
.ssid
= ssid
->ssid
;
1044 conf
.ssid_len
= ssid
->ssid_len
;
1045 conf
.wpa_ptk_rekey
= ssid
->wpa_ptk_rekey
;
1047 if (ssid
->p2p_group
&& wpa_s
->current_bss
&&
1048 !wpa_s
->p2p_disable_ip_addr_req
) {
1050 p2p
= wpa_bss_get_vendor_ie_multi(wpa_s
->current_bss
,
1051 P2P_IE_VENDOR_TYPE
);
1054 group_capab
= p2p_get_group_capab(p2p
);
1056 P2P_GROUP_CAPAB_IP_ADDR_ALLOCATION
)
1061 #endif /* CONFIG_P2P */
1063 wpa_sm_set_config(wpa_s
->wpa
, ssid
? &conf
: NULL
);