2 * WPA Supplicant - Glue code to setup EAPOL and RSN modules
3 * Copyright (c) 2003-2008, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
18 #include "eapol_supp/eapol_supp_sm.h"
22 #include "l2_packet/l2_packet.h"
23 #include "wpa_common.h"
24 #include "wpa_supplicant_i.h"
25 #include "pmksa_cache.h"
27 #include "ieee802_11_defs.h"
29 #include "wpas_glue.h"
32 #ifndef CONFIG_NO_CONFIG_BLOBS
33 #if defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA)
34 static void wpa_supplicant_set_config_blob(void *ctx
,
35 struct wpa_config_blob
*blob
)
37 struct wpa_supplicant
*wpa_s
= ctx
;
38 wpa_config_set_blob(wpa_s
->conf
, blob
);
39 if (wpa_s
->conf
->update_config
) {
40 int ret
= wpa_config_write(wpa_s
->confname
, wpa_s
->conf
);
42 wpa_printf(MSG_DEBUG
, "Failed to update config after "
49 static const struct wpa_config_blob
*
50 wpa_supplicant_get_config_blob(void *ctx
, const char *name
)
52 struct wpa_supplicant
*wpa_s
= ctx
;
53 return wpa_config_get_blob(wpa_s
->conf
, name
);
55 #endif /* defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA) */
56 #endif /* CONFIG_NO_CONFIG_BLOBS */
59 #if defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA)
60 static u8
* wpa_alloc_eapol(const struct wpa_supplicant
*wpa_s
, u8 type
,
61 const void *data
, u16 data_len
,
62 size_t *msg_len
, void **data_pos
)
64 struct ieee802_1x_hdr
*hdr
;
66 *msg_len
= sizeof(*hdr
) + data_len
;
67 hdr
= os_malloc(*msg_len
);
71 hdr
->version
= wpa_s
->conf
->eapol_version
;
73 hdr
->length
= host_to_be16(data_len
);
76 os_memcpy(hdr
+ 1, data
, data_len
);
78 os_memset(hdr
+ 1, 0, data_len
);
88 * wpa_ether_send - Send Ethernet frame
89 * @wpa_s: Pointer to wpa_supplicant data
90 * @dest: Destination MAC address
91 * @proto: Ethertype in host byte order
92 * @buf: Frame payload starting from IEEE 802.1X header
93 * @len: Frame payload length
94 * Returns: >=0 on success, <0 on failure
96 static int wpa_ether_send(struct wpa_supplicant
*wpa_s
, const u8
*dest
,
97 u16 proto
, const u8
*buf
, size_t len
)
100 return l2_packet_send(wpa_s
->l2
, dest
, proto
, buf
, len
);
103 return wpa_drv_send_eapol(wpa_s
, dest
, proto
, buf
, len
);
105 #endif /* IEEE8021X_EAPOL || !CONFIG_NO_WPA */
108 #ifdef IEEE8021X_EAPOL
111 * wpa_supplicant_eapol_send - Send IEEE 802.1X EAPOL packet to Authenticator
112 * @ctx: Pointer to wpa_supplicant data (wpa_s)
113 * @type: IEEE 802.1X packet type (IEEE802_1X_TYPE_*)
114 * @buf: EAPOL payload (after IEEE 802.1X header)
115 * @len: EAPOL payload length
116 * Returns: >=0 on success, <0 on failure
118 * This function adds Ethernet and IEEE 802.1X header and sends the EAPOL frame
119 * to the current Authenticator.
121 static int wpa_supplicant_eapol_send(void *ctx
, int type
, const u8
*buf
,
124 struct wpa_supplicant
*wpa_s
= ctx
;
125 u8
*msg
, *dst
, bssid
[ETH_ALEN
];
129 /* TODO: could add l2_packet_sendmsg that allows fragments to avoid
132 if (wpa_key_mgmt_wpa_psk(wpa_s
->key_mgmt
) ||
133 wpa_s
->key_mgmt
== WPA_KEY_MGMT_NONE
) {
134 /* Current SSID is not using IEEE 802.1X/EAP, so drop possible
135 * EAPOL frames (mainly, EAPOL-Start) from EAPOL state
137 wpa_printf(MSG_DEBUG
, "WPA: drop TX EAPOL in non-IEEE 802.1X "
138 "mode (type=%d len=%lu)", type
,
139 (unsigned long) len
);
143 if (pmksa_cache_get_current(wpa_s
->wpa
) &&
144 type
== IEEE802_1X_TYPE_EAPOL_START
) {
145 /* Trying to use PMKSA caching - do not send EAPOL-Start frames
146 * since they will trigger full EAPOL authentication. */
147 wpa_printf(MSG_DEBUG
, "RSN: PMKSA caching - do not send "
152 if (is_zero_ether_addr(wpa_s
->bssid
)) {
153 wpa_printf(MSG_DEBUG
, "BSSID not set when trying to send an "
155 if (wpa_drv_get_bssid(wpa_s
, bssid
) == 0 &&
156 !is_zero_ether_addr(bssid
)) {
158 wpa_printf(MSG_DEBUG
, "Using current BSSID " MACSTR
159 " from the driver as the EAPOL destination",
162 dst
= wpa_s
->last_eapol_src
;
163 wpa_printf(MSG_DEBUG
, "Using the source address of the"
164 " last received EAPOL frame " MACSTR
" as "
165 "the EAPOL destination",
169 /* BSSID was already set (from (Re)Assoc event, so use it as
170 * the EAPOL destination. */
174 msg
= wpa_alloc_eapol(wpa_s
, type
, buf
, len
, &msglen
, NULL
);
178 wpa_printf(MSG_DEBUG
, "TX EAPOL: dst=" MACSTR
, MAC2STR(dst
));
179 wpa_hexdump(MSG_MSGDUMP
, "TX EAPOL", msg
, msglen
);
180 res
= wpa_ether_send(wpa_s
, dst
, ETH_P_EAPOL
, msg
, msglen
);
187 * wpa_eapol_set_wep_key - set WEP key for the driver
188 * @ctx: Pointer to wpa_supplicant data (wpa_s)
189 * @unicast: 1 = individual unicast key, 0 = broadcast key
190 * @keyidx: WEP key index (0..3)
191 * @key: Pointer to key data
192 * @keylen: Key length in bytes
193 * Returns: 0 on success or < 0 on error.
195 static int wpa_eapol_set_wep_key(void *ctx
, int unicast
, int keyidx
,
196 const u8
*key
, size_t keylen
)
198 struct wpa_supplicant
*wpa_s
= ctx
;
199 if (wpa_s
->key_mgmt
== WPA_KEY_MGMT_IEEE8021X_NO_WPA
) {
200 int cipher
= (keylen
== 5) ? WPA_CIPHER_WEP40
:
203 wpa_s
->pairwise_cipher
= cipher
;
205 wpa_s
->group_cipher
= cipher
;
207 return wpa_drv_set_key(wpa_s
, WPA_ALG_WEP
,
208 unicast
? wpa_s
->bssid
:
209 (u8
*) "\xff\xff\xff\xff\xff\xff",
210 keyidx
, unicast
, (u8
*) "", 0, key
, keylen
);
214 static void wpa_supplicant_aborted_cached(void *ctx
)
216 struct wpa_supplicant
*wpa_s
= ctx
;
217 wpa_sm_aborted_cached(wpa_s
->wpa
);
221 static void wpa_supplicant_eapol_cb(struct eapol_sm
*eapol
, int success
,
224 struct wpa_supplicant
*wpa_s
= ctx
;
228 wpa_printf(MSG_DEBUG
, "EAPOL authentication completed %ssuccessfully",
229 success
? "" : "un");
233 * Make sure we do not get stuck here waiting for long EAPOL
234 * timeout if the AP does not disconnect in case of
235 * authentication failure.
237 wpa_supplicant_req_auth_timeout(wpa_s
, 2, 0);
240 if (!success
|| !wpa_s
->driver_4way_handshake
)
243 if (!wpa_key_mgmt_wpa_ieee8021x(wpa_s
->key_mgmt
))
246 wpa_printf(MSG_DEBUG
, "Configure PMK for driver-based RSN 4-way "
250 res
= eapol_sm_get_key(eapol
, pmk
, PMK_LEN
);
253 * EAP-LEAP is an exception from other EAP methods: it
254 * uses only 16-byte PMK.
256 res
= eapol_sm_get_key(eapol
, pmk
, 16);
261 wpa_printf(MSG_DEBUG
, "Failed to get PMK from EAPOL state "
266 if (wpa_drv_set_key(wpa_s
, WPA_ALG_PMK
, NULL
, 0, 0, NULL
, 0, pmk
,
268 wpa_printf(MSG_DEBUG
, "Failed to set PMK to the driver");
271 wpa_supplicant_cancel_scan(wpa_s
);
272 wpa_supplicant_cancel_auth_timeout(wpa_s
);
273 wpa_supplicant_set_state(wpa_s
, WPA_COMPLETED
);
278 static void wpa_supplicant_notify_eapol_done(void *ctx
)
280 struct wpa_supplicant
*wpa_s
= ctx
;
281 wpa_msg(wpa_s
, MSG_DEBUG
, "WPA: EAPOL processing complete");
282 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s
->key_mgmt
)) {
283 wpa_supplicant_set_state(wpa_s
, WPA_4WAY_HANDSHAKE
);
285 wpa_supplicant_cancel_auth_timeout(wpa_s
);
286 wpa_supplicant_set_state(wpa_s
, WPA_COMPLETED
);
290 #endif /* IEEE8021X_EAPOL */
293 #ifndef CONFIG_NO_WPA
295 static int wpa_get_beacon_ie(struct wpa_supplicant
*wpa_s
)
299 struct wpa_scan_res
*curr
= NULL
;
300 struct wpa_ssid
*ssid
= wpa_s
->current_ssid
;
303 if (wpa_s
->scan_res
== NULL
)
306 for (i
= 0; i
< wpa_s
->scan_res
->num
; i
++) {
307 struct wpa_scan_res
*r
= wpa_s
->scan_res
->res
[i
];
308 if (os_memcmp(r
->bssid
, wpa_s
->bssid
, ETH_ALEN
) != 0)
310 ie
= wpa_scan_get_ie(r
, WLAN_EID_SSID
);
312 ((ie
&& ie
[1] == ssid
->ssid_len
&&
313 os_memcmp(ie
+ 2, ssid
->ssid
, ssid
->ssid_len
) == 0) ||
314 ssid
->ssid_len
== 0)) {
321 ie
= wpa_scan_get_vendor_ie(curr
, WPA_IE_VENDOR_TYPE
);
322 if (wpa_sm_set_ap_wpa_ie(wpa_s
->wpa
, ie
, ie
? 2 + ie
[1] : 0))
325 ie
= wpa_scan_get_ie(curr
, WLAN_EID_RSN
);
326 if (wpa_sm_set_ap_rsn_ie(wpa_s
->wpa
, ie
, ie
? 2 + ie
[1] : 0))
336 static int wpa_supplicant_get_beacon_ie(void *ctx
)
338 struct wpa_supplicant
*wpa_s
= ctx
;
339 if (wpa_get_beacon_ie(wpa_s
) == 0) {
343 /* No WPA/RSN IE found in the cached scan results. Try to get updated
344 * scan results from the driver. */
345 if (wpa_supplicant_get_scan_results(wpa_s
) < 0) {
349 return wpa_get_beacon_ie(wpa_s
);
353 static u8
* _wpa_alloc_eapol(void *wpa_s
, u8 type
,
354 const void *data
, u16 data_len
,
355 size_t *msg_len
, void **data_pos
)
357 return wpa_alloc_eapol(wpa_s
, type
, data
, data_len
, msg_len
, data_pos
);
361 static int _wpa_ether_send(void *wpa_s
, const u8
*dest
, u16 proto
,
362 const u8
*buf
, size_t len
)
364 return wpa_ether_send(wpa_s
, dest
, proto
, buf
, len
);
368 static void _wpa_supplicant_cancel_auth_timeout(void *wpa_s
)
370 wpa_supplicant_cancel_auth_timeout(wpa_s
);
374 static void _wpa_supplicant_set_state(void *wpa_s
, wpa_states state
)
376 wpa_supplicant_set_state(wpa_s
, state
);
381 * wpa_supplicant_get_state - Get the connection state
382 * @wpa_s: Pointer to wpa_supplicant data
383 * Returns: The current connection state (WPA_*)
385 static wpa_states
wpa_supplicant_get_state(struct wpa_supplicant
*wpa_s
)
387 return wpa_s
->wpa_state
;
391 static wpa_states
_wpa_supplicant_get_state(void *wpa_s
)
393 return wpa_supplicant_get_state(wpa_s
);
397 static void _wpa_supplicant_disassociate(void *wpa_s
, int reason_code
)
399 wpa_supplicant_disassociate(wpa_s
, reason_code
);
400 /* Schedule a scan to make sure we continue looking for networks */
401 wpa_supplicant_req_scan(wpa_s
, 0, 0);
405 static void _wpa_supplicant_deauthenticate(void *wpa_s
, int reason_code
)
407 wpa_supplicant_deauthenticate(wpa_s
, reason_code
);
408 /* Schedule a scan to make sure we continue looking for networks */
409 wpa_supplicant_req_scan(wpa_s
, 0, 0);
413 static void * wpa_supplicant_get_network_ctx(void *wpa_s
)
415 return wpa_supplicant_get_ssid(wpa_s
);
419 static int wpa_supplicant_get_bssid(void *ctx
, u8
*bssid
)
421 struct wpa_supplicant
*wpa_s
= ctx
;
422 if (wpa_s
->use_client_mlme
) {
423 os_memcpy(bssid
, wpa_s
->bssid
, ETH_ALEN
);
426 return wpa_drv_get_bssid(wpa_s
, bssid
);
430 static int wpa_supplicant_set_key(void *wpa_s
, wpa_alg alg
,
431 const u8
*addr
, int key_idx
, int set_tx
,
432 const u8
*seq
, size_t seq_len
,
433 const u8
*key
, size_t key_len
)
435 return wpa_drv_set_key(wpa_s
, alg
, addr
, key_idx
, set_tx
, seq
, seq_len
,
440 static int wpa_supplicant_mlme_setprotection(void *wpa_s
, const u8
*addr
,
444 return wpa_drv_mlme_setprotection(wpa_s
, addr
, protection_type
,
449 static int wpa_supplicant_add_pmkid(void *wpa_s
,
450 const u8
*bssid
, const u8
*pmkid
)
452 return wpa_drv_add_pmkid(wpa_s
, bssid
, pmkid
);
456 static int wpa_supplicant_remove_pmkid(void *wpa_s
,
457 const u8
*bssid
, const u8
*pmkid
)
459 return wpa_drv_remove_pmkid(wpa_s
, bssid
, pmkid
);
463 #ifdef CONFIG_IEEE80211R
464 static int wpa_supplicant_update_ft_ies(void *ctx
, const u8
*md
,
465 const u8
*ies
, size_t ies_len
)
467 struct wpa_supplicant
*wpa_s
= ctx
;
468 if (wpa_s
->use_client_mlme
)
469 return ieee80211_sta_update_ft_ies(wpa_s
, md
, ies
, ies_len
);
470 return wpa_drv_update_ft_ies(wpa_s
, md
, ies
, ies_len
);
474 static int wpa_supplicant_send_ft_action(void *ctx
, u8 action
,
476 const u8
*ies
, size_t ies_len
)
478 struct wpa_supplicant
*wpa_s
= ctx
;
479 if (wpa_s
->use_client_mlme
)
480 return ieee80211_sta_send_ft_action(wpa_s
, action
, target_ap
,
482 return wpa_drv_send_ft_action(wpa_s
, action
, target_ap
, ies
, ies_len
);
484 #endif /* CONFIG_IEEE80211R */
486 #endif /* CONFIG_NO_WPA */
489 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
490 static void wpa_supplicant_eap_param_needed(void *ctx
, const char *field
,
493 struct wpa_supplicant
*wpa_s
= ctx
;
494 struct wpa_ssid
*ssid
= wpa_s
->current_ssid
;
502 buflen
= 100 + os_strlen(txt
) + ssid
->ssid_len
;
503 buf
= os_malloc(buflen
);
506 len
= os_snprintf(buf
, buflen
,
507 WPA_CTRL_REQ
"%s-%d:%s needed for SSID ",
508 field
, ssid
->id
, txt
);
509 if (len
< 0 || (size_t) len
>= buflen
) {
513 if (ssid
->ssid
&& buflen
> len
+ ssid
->ssid_len
) {
514 os_memcpy(buf
+ len
, ssid
->ssid
, ssid
->ssid_len
);
515 len
+= ssid
->ssid_len
;
518 buf
[buflen
- 1] = '\0';
519 wpa_msg(wpa_s
, MSG_INFO
, "%s", buf
);
522 #else /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
523 #define wpa_supplicant_eap_param_needed NULL
524 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
527 int wpa_supplicant_init_eapol(struct wpa_supplicant
*wpa_s
)
529 #ifdef IEEE8021X_EAPOL
530 struct eapol_ctx
*ctx
;
531 ctx
= os_zalloc(sizeof(*ctx
));
533 wpa_printf(MSG_ERROR
, "Failed to allocate EAPOL context.");
538 ctx
->msg_ctx
= wpa_s
;
539 ctx
->eapol_send_ctx
= wpa_s
;
541 ctx
->eapol_done_cb
= wpa_supplicant_notify_eapol_done
;
542 ctx
->eapol_send
= wpa_supplicant_eapol_send
;
543 ctx
->set_wep_key
= wpa_eapol_set_wep_key
;
544 ctx
->set_config_blob
= wpa_supplicant_set_config_blob
;
545 ctx
->get_config_blob
= wpa_supplicant_get_config_blob
;
546 ctx
->aborted_cached
= wpa_supplicant_aborted_cached
;
547 #ifdef EAP_TLS_OPENSSL
548 ctx
->opensc_engine_path
= wpa_s
->conf
->opensc_engine_path
;
549 ctx
->pkcs11_engine_path
= wpa_s
->conf
->pkcs11_engine_path
;
550 ctx
->pkcs11_module_path
= wpa_s
->conf
->pkcs11_module_path
;
551 #endif /* EAP_TLS_OPENSSL */
552 ctx
->eap_param_needed
= wpa_supplicant_eap_param_needed
;
553 ctx
->cb
= wpa_supplicant_eapol_cb
;
555 wpa_s
->eapol
= eapol_sm_init(ctx
);
556 if (wpa_s
->eapol
== NULL
) {
558 wpa_printf(MSG_ERROR
, "Failed to initialize EAPOL state "
562 #endif /* IEEE8021X_EAPOL */
568 int wpa_supplicant_init_wpa(struct wpa_supplicant
*wpa_s
)
570 #ifndef CONFIG_NO_WPA
571 struct wpa_sm_ctx
*ctx
;
572 ctx
= os_zalloc(sizeof(*ctx
));
574 wpa_printf(MSG_ERROR
, "Failed to allocate WPA context.");
579 ctx
->set_state
= _wpa_supplicant_set_state
;
580 ctx
->get_state
= _wpa_supplicant_get_state
;
581 ctx
->deauthenticate
= _wpa_supplicant_deauthenticate
;
582 ctx
->disassociate
= _wpa_supplicant_disassociate
;
583 ctx
->set_key
= wpa_supplicant_set_key
;
584 ctx
->get_network_ctx
= wpa_supplicant_get_network_ctx
;
585 ctx
->get_bssid
= wpa_supplicant_get_bssid
;
586 ctx
->ether_send
= _wpa_ether_send
;
587 ctx
->get_beacon_ie
= wpa_supplicant_get_beacon_ie
;
588 ctx
->alloc_eapol
= _wpa_alloc_eapol
;
589 ctx
->cancel_auth_timeout
= _wpa_supplicant_cancel_auth_timeout
;
590 ctx
->add_pmkid
= wpa_supplicant_add_pmkid
;
591 ctx
->remove_pmkid
= wpa_supplicant_remove_pmkid
;
592 #ifndef CONFIG_NO_CONFIG_BLOBS
593 ctx
->set_config_blob
= wpa_supplicant_set_config_blob
;
594 ctx
->get_config_blob
= wpa_supplicant_get_config_blob
;
595 #endif /* CONFIG_NO_CONFIG_BLOBS */
596 ctx
->mlme_setprotection
= wpa_supplicant_mlme_setprotection
;
597 #ifdef CONFIG_IEEE80211R
598 ctx
->update_ft_ies
= wpa_supplicant_update_ft_ies
;
599 ctx
->send_ft_action
= wpa_supplicant_send_ft_action
;
600 #endif /* CONFIG_IEEE80211R */
602 wpa_s
->wpa
= wpa_sm_init(ctx
);
603 if (wpa_s
->wpa
== NULL
) {
604 wpa_printf(MSG_ERROR
, "Failed to initialize WPA state "
608 #endif /* CONFIG_NO_WPA */
614 void wpa_supplicant_rsn_supp_set_config(struct wpa_supplicant
*wpa_s
,
615 struct wpa_ssid
*ssid
)
617 struct rsn_supp_config conf
;
619 os_memset(&conf
, 0, sizeof(conf
));
620 conf
.network_ctx
= ssid
;
621 conf
.peerkey_enabled
= ssid
->peerkey
;
622 conf
.allowed_pairwise_cipher
= ssid
->pairwise_cipher
;
623 #ifdef IEEE8021X_EAPOL
624 conf
.eap_workaround
= ssid
->eap_workaround
;
625 conf
.eap_conf_ctx
= &ssid
->eap
;
626 #endif /* IEEE8021X_EAPOL */
627 conf
.ssid
= ssid
->ssid
;
628 conf
.ssid_len
= ssid
->ssid_len
;
629 conf
.wpa_ptk_rekey
= ssid
->wpa_ptk_rekey
;
631 wpa_sm_set_config(wpa_s
->wpa
, ssid
? &conf
: NULL
);