]>
Commit | Line | Data |
---|---|---|
c442055e JM |
1 | /* |
2 | * hostapd / WPA authenticator glue code | |
47b55a3e | 3 | * Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi> |
c442055e | 4 | * |
0f3d578e JM |
5 | * This software may be distributed under the terms of the BSD license. |
6 | * See README for more details. | |
c442055e JM |
7 | */ |
8 | ||
9 | #include "utils/includes.h" | |
10 | ||
11 | #include "utils/common.h" | |
c5fee160 MB |
12 | #include "utils/eloop.h" |
13 | #include "utils/list.h" | |
c442055e | 14 | #include "common/ieee802_11_defs.h" |
47b55a3e | 15 | #include "common/sae.h" |
2c502460 | 16 | #include "common/wpa_ctrl.h" |
f8e09bc5 | 17 | #include "crypto/sha1.h" |
c442055e JM |
18 | #include "eapol_auth/eapol_auth_sm.h" |
19 | #include "eapol_auth/eapol_auth_sm_i.h" | |
20 | #include "eap_server/eap.h" | |
21 | #include "l2_packet/l2_packet.h" | |
50bd8e0a | 22 | #include "eth_p_oui.h" |
6226e38d JM |
23 | #include "hostapd.h" |
24 | #include "ieee802_1x.h" | |
25 | #include "preauth_auth.h" | |
26 | #include "sta_info.h" | |
27 | #include "tkip_countermeasures.h" | |
8b06c1ed JM |
28 | #include "ap_drv_ops.h" |
29 | #include "ap_config.h" | |
1034f67b | 30 | #include "ieee802_11.h" |
d90f10fa | 31 | #include "pmksa_cache_auth.h" |
8b06c1ed | 32 | #include "wpa_auth.h" |
373f6c72 | 33 | #include "wpa_auth_glue.h" |
c442055e JM |
34 | |
35 | ||
36 | static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf, | |
7af092a0 | 37 | struct hostapd_config *iconf, |
c442055e JM |
38 | struct wpa_auth_config *wconf) |
39 | { | |
e36a5894 JM |
40 | int sae_pw_id; |
41 | ||
d28b43f6 | 42 | os_memset(wconf, 0, sizeof(*wconf)); |
c442055e | 43 | wconf->wpa = conf->wpa; |
862aac1f | 44 | wconf->extended_key_id = conf->extended_key_id; |
c442055e JM |
45 | wconf->wpa_key_mgmt = conf->wpa_key_mgmt; |
46 | wconf->wpa_pairwise = conf->wpa_pairwise; | |
47 | wconf->wpa_group = conf->wpa_group; | |
48 | wconf->wpa_group_rekey = conf->wpa_group_rekey; | |
49 | wconf->wpa_strict_rekey = conf->wpa_strict_rekey; | |
50 | wconf->wpa_gmk_rekey = conf->wpa_gmk_rekey; | |
51 | wconf->wpa_ptk_rekey = conf->wpa_ptk_rekey; | |
41f140d3 | 52 | wconf->wpa_group_update_count = conf->wpa_group_update_count; |
6f234c1e JM |
53 | wconf->wpa_disable_eapol_key_retries = |
54 | conf->wpa_disable_eapol_key_retries; | |
41f140d3 | 55 | wconf->wpa_pairwise_update_count = conf->wpa_pairwise_update_count; |
c442055e JM |
56 | wconf->rsn_pairwise = conf->rsn_pairwise; |
57 | wconf->rsn_preauth = conf->rsn_preauth; | |
58 | wconf->eapol_version = conf->eapol_version; | |
524dc5bf JM |
59 | #ifdef CONFIG_MACSEC |
60 | if (wconf->eapol_version > 2) | |
61 | wconf->eapol_version = 2; | |
62 | #endif /* CONFIG_MACSEC */ | |
c442055e | 63 | wconf->wmm_enabled = conf->wmm_enabled; |
721abef9 | 64 | wconf->wmm_uapsd = conf->wmm_uapsd; |
cb465555 | 65 | wconf->disable_pmksa_caching = conf->disable_pmksa_caching; |
875ab60d MV |
66 | #ifdef CONFIG_OCV |
67 | wconf->ocv = conf->ocv; | |
68 | #endif /* CONFIG_OCV */ | |
c442055e | 69 | wconf->okc = conf->okc; |
c442055e | 70 | wconf->ieee80211w = conf->ieee80211w; |
92d407db | 71 | wconf->beacon_prot = conf->beacon_prot; |
8dd9f9cd | 72 | wconf->group_mgmt_cipher = conf->group_mgmt_cipher; |
ba3d435f | 73 | wconf->sae_require_mfp = conf->sae_require_mfp; |
4ec1fd8e | 74 | #ifdef CONFIG_IEEE80211R_AP |
c442055e | 75 | wconf->ssid_len = conf->ssid.ssid_len; |
d6c3067d JM |
76 | if (wconf->ssid_len > SSID_MAX_LEN) |
77 | wconf->ssid_len = SSID_MAX_LEN; | |
c442055e JM |
78 | os_memcpy(wconf->ssid, conf->ssid.ssid, wconf->ssid_len); |
79 | os_memcpy(wconf->mobility_domain, conf->mobility_domain, | |
80 | MOBILITY_DOMAIN_ID_LEN); | |
81 | if (conf->nas_identifier && | |
82 | os_strlen(conf->nas_identifier) <= FT_R0KH_ID_MAX_LEN) { | |
83 | wconf->r0_key_holder_len = os_strlen(conf->nas_identifier); | |
84 | os_memcpy(wconf->r0_key_holder, conf->nas_identifier, | |
85 | wconf->r0_key_holder_len); | |
86 | } | |
87 | os_memcpy(wconf->r1_key_holder, conf->r1_key_holder, FT_R1KH_ID_LEN); | |
88 | wconf->r0_key_lifetime = conf->r0_key_lifetime; | |
3a3e2832 | 89 | wconf->r1_max_key_lifetime = conf->r1_max_key_lifetime; |
c442055e | 90 | wconf->reassociation_deadline = conf->reassociation_deadline; |
3a46cf93 MB |
91 | wconf->rkh_pos_timeout = conf->rkh_pos_timeout; |
92 | wconf->rkh_neg_timeout = conf->rkh_neg_timeout; | |
93 | wconf->rkh_pull_timeout = conf->rkh_pull_timeout; | |
94 | wconf->rkh_pull_retries = conf->rkh_pull_retries; | |
95 | wconf->r0kh_list = &conf->r0kh_list; | |
96 | wconf->r1kh_list = &conf->r1kh_list; | |
c442055e | 97 | wconf->pmk_r1_push = conf->pmk_r1_push; |
d7956add | 98 | wconf->ft_over_ds = conf->ft_over_ds; |
96590564 | 99 | wconf->ft_psk_generate_local = conf->ft_psk_generate_local; |
4ec1fd8e | 100 | #endif /* CONFIG_IEEE80211R_AP */ |
83421850 JM |
101 | #ifdef CONFIG_HS20 |
102 | wconf->disable_gtk = conf->disable_dgaf; | |
a14896e8 JM |
103 | if (conf->osen) { |
104 | wconf->disable_gtk = 1; | |
105 | wconf->wpa = WPA_PROTO_OSEN; | |
106 | wconf->wpa_key_mgmt = WPA_KEY_MGMT_OSEN; | |
107 | wconf->wpa_pairwise = 0; | |
108 | wconf->wpa_group = WPA_CIPHER_CCMP; | |
109 | wconf->rsn_pairwise = WPA_CIPHER_CCMP; | |
110 | wconf->rsn_preauth = 0; | |
111 | wconf->disable_pmksa_caching = 1; | |
a14896e8 | 112 | wconf->ieee80211w = 1; |
a14896e8 | 113 | } |
83421850 | 114 | #endif /* CONFIG_HS20 */ |
7af092a0 JB |
115 | #ifdef CONFIG_TESTING_OPTIONS |
116 | wconf->corrupt_gtk_rekey_mic_probability = | |
117 | iconf->corrupt_gtk_rekey_mic_probability; | |
bc02843e JM |
118 | if (conf->own_ie_override && |
119 | wpabuf_len(conf->own_ie_override) <= MAX_OWN_IE_OVERRIDE) { | |
120 | wconf->own_ie_override_len = wpabuf_len(conf->own_ie_override); | |
121 | os_memcpy(wconf->own_ie_override, | |
122 | wpabuf_head(conf->own_ie_override), | |
123 | wconf->own_ie_override_len); | |
124 | } | |
4d64fd37 JM |
125 | if (conf->rsne_override_eapol && |
126 | wpabuf_len(conf->rsne_override_eapol) <= MAX_OWN_IE_OVERRIDE) { | |
127 | wconf->rsne_override_eapol_set = 1; | |
128 | wconf->rsne_override_eapol_len = | |
129 | wpabuf_len(conf->rsne_override_eapol); | |
130 | os_memcpy(wconf->rsne_override_eapol, | |
131 | wpabuf_head(conf->rsne_override_eapol), | |
132 | wconf->rsne_override_eapol_len); | |
133 | } | |
f2c4b44b JM |
134 | if (conf->rsnxe_override_eapol && |
135 | wpabuf_len(conf->rsnxe_override_eapol) <= MAX_OWN_IE_OVERRIDE) { | |
9128b672 | 136 | wconf->rsnxe_override_eapol_set = 1; |
f2c4b44b JM |
137 | wconf->rsnxe_override_eapol_len = |
138 | wpabuf_len(conf->rsnxe_override_eapol); | |
139 | os_memcpy(wconf->rsnxe_override_eapol, | |
140 | wpabuf_head(conf->rsnxe_override_eapol), | |
141 | wconf->rsnxe_override_eapol_len); | |
142 | } | |
46e147fc JM |
143 | if (conf->rsne_override_ft && |
144 | wpabuf_len(conf->rsne_override_ft) <= MAX_OWN_IE_OVERRIDE) { | |
145 | wconf->rsne_override_ft_set = 1; | |
146 | wconf->rsne_override_ft_len = | |
147 | wpabuf_len(conf->rsne_override_ft); | |
148 | os_memcpy(wconf->rsne_override_ft, | |
149 | wpabuf_head(conf->rsne_override_ft), | |
150 | wconf->rsne_override_ft_len); | |
151 | } | |
152 | if (conf->rsnxe_override_ft && | |
153 | wpabuf_len(conf->rsnxe_override_ft) <= MAX_OWN_IE_OVERRIDE) { | |
154 | wconf->rsnxe_override_ft_set = 1; | |
155 | wconf->rsnxe_override_ft_len = | |
156 | wpabuf_len(conf->rsnxe_override_ft); | |
157 | os_memcpy(wconf->rsnxe_override_ft, | |
158 | wpabuf_head(conf->rsnxe_override_ft), | |
159 | wconf->rsnxe_override_ft_len); | |
160 | } | |
8d84c75f JM |
161 | if (conf->gtk_rsc_override && |
162 | wpabuf_len(conf->gtk_rsc_override) > 0 && | |
163 | wpabuf_len(conf->gtk_rsc_override) <= WPA_KEY_RSC_LEN) { | |
164 | os_memcpy(wconf->gtk_rsc_override, | |
165 | wpabuf_head(conf->gtk_rsc_override), | |
166 | wpabuf_len(conf->gtk_rsc_override)); | |
167 | wconf->gtk_rsc_override_set = 1; | |
168 | } | |
169 | if (conf->igtk_rsc_override && | |
170 | wpabuf_len(conf->igtk_rsc_override) > 0 && | |
171 | wpabuf_len(conf->igtk_rsc_override) <= WPA_KEY_RSC_LEN) { | |
172 | os_memcpy(wconf->igtk_rsc_override, | |
173 | wpabuf_head(conf->igtk_rsc_override), | |
174 | wpabuf_len(conf->igtk_rsc_override)); | |
175 | wconf->igtk_rsc_override_set = 1; | |
176 | } | |
7af092a0 | 177 | #endif /* CONFIG_TESTING_OPTIONS */ |
25ef8529 JM |
178 | #ifdef CONFIG_P2P |
179 | os_memcpy(wconf->ip_addr_go, conf->ip_addr_go, 4); | |
180 | os_memcpy(wconf->ip_addr_mask, conf->ip_addr_mask, 4); | |
181 | os_memcpy(wconf->ip_addr_start, conf->ip_addr_start, 4); | |
182 | os_memcpy(wconf->ip_addr_end, conf->ip_addr_end, 4); | |
183 | #endif /* CONFIG_P2P */ | |
7eace378 JM |
184 | #ifdef CONFIG_FILS |
185 | wconf->fils_cache_id_set = conf->fils_cache_id_set; | |
186 | os_memcpy(wconf->fils_cache_id, conf->fils_cache_id, | |
187 | FILS_CACHE_ID_LEN); | |
188 | #endif /* CONFIG_FILS */ | |
a36e13a7 | 189 | wconf->sae_pwe = conf->sae_pwe; |
e36a5894 | 190 | sae_pw_id = hostapd_sae_pw_id_in_use(conf); |
641d79f1 | 191 | if (sae_pw_id == 2 && wconf->sae_pwe != 3) |
e36a5894 JM |
192 | wconf->sae_pwe = 1; |
193 | else if (sae_pw_id == 1 && wconf->sae_pwe == 0) | |
194 | wconf->sae_pwe = 2; | |
65a44e84 JM |
195 | #ifdef CONFIG_OWE |
196 | wconf->owe_ptk_workaround = conf->owe_ptk_workaround; | |
197 | #endif /* CONFIG_OWE */ | |
82cc0b0c | 198 | wconf->transition_disable = conf->transition_disable; |
7c021dec JM |
199 | #ifdef CONFIG_DPP2 |
200 | wconf->dpp_pfs = conf->dpp_pfs; | |
201 | #endif /* CONFIG_DPP2 */ | |
c442055e JM |
202 | } |
203 | ||
204 | ||
205 | static void hostapd_wpa_auth_logger(void *ctx, const u8 *addr, | |
206 | logger_level level, const char *txt) | |
207 | { | |
208 | #ifndef CONFIG_NO_HOSTAPD_LOGGER | |
209 | struct hostapd_data *hapd = ctx; | |
210 | int hlevel; | |
211 | ||
212 | switch (level) { | |
213 | case LOGGER_WARNING: | |
214 | hlevel = HOSTAPD_LEVEL_WARNING; | |
215 | break; | |
216 | case LOGGER_INFO: | |
217 | hlevel = HOSTAPD_LEVEL_INFO; | |
218 | break; | |
219 | case LOGGER_DEBUG: | |
220 | default: | |
221 | hlevel = HOSTAPD_LEVEL_DEBUG; | |
222 | break; | |
223 | } | |
224 | ||
225 | hostapd_logger(hapd, addr, HOSTAPD_MODULE_WPA, hlevel, "%s", txt); | |
226 | #endif /* CONFIG_NO_HOSTAPD_LOGGER */ | |
227 | } | |
228 | ||
229 | ||
230 | static void hostapd_wpa_auth_disconnect(void *ctx, const u8 *addr, | |
231 | u16 reason) | |
232 | { | |
233 | struct hostapd_data *hapd = ctx; | |
234 | wpa_printf(MSG_DEBUG, "%s: WPA authenticator requests disconnect: " | |
235 | "STA " MACSTR " reason %d", | |
236 | __func__, MAC2STR(addr), reason); | |
237 | ap_sta_disconnect(hapd, NULL, addr, reason); | |
238 | } | |
239 | ||
240 | ||
c772d054 | 241 | static int hostapd_wpa_auth_mic_failure_report(void *ctx, const u8 *addr) |
c442055e JM |
242 | { |
243 | struct hostapd_data *hapd = ctx; | |
c772d054 | 244 | return michael_mic_failure(hapd, addr, 0); |
c442055e JM |
245 | } |
246 | ||
247 | ||
2c502460 JM |
248 | static void hostapd_wpa_auth_psk_failure_report(void *ctx, const u8 *addr) |
249 | { | |
250 | struct hostapd_data *hapd = ctx; | |
251 | wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POSSIBLE_PSK_MISMATCH MACSTR, | |
252 | MAC2STR(addr)); | |
253 | } | |
254 | ||
255 | ||
c442055e JM |
256 | static void hostapd_wpa_auth_set_eapol(void *ctx, const u8 *addr, |
257 | wpa_eapol_variable var, int value) | |
258 | { | |
259 | struct hostapd_data *hapd = ctx; | |
260 | struct sta_info *sta = ap_get_sta(hapd, addr); | |
261 | if (sta == NULL) | |
262 | return; | |
263 | switch (var) { | |
264 | case WPA_EAPOL_portEnabled: | |
265 | ieee802_1x_notify_port_enabled(sta->eapol_sm, value); | |
266 | break; | |
267 | case WPA_EAPOL_portValid: | |
268 | ieee802_1x_notify_port_valid(sta->eapol_sm, value); | |
269 | break; | |
270 | case WPA_EAPOL_authorized: | |
271 | ieee802_1x_set_sta_authorized(hapd, sta, value); | |
272 | break; | |
273 | case WPA_EAPOL_portControl_Auto: | |
274 | if (sta->eapol_sm) | |
275 | sta->eapol_sm->portControl = Auto; | |
276 | break; | |
277 | case WPA_EAPOL_keyRun: | |
278 | if (sta->eapol_sm) | |
279 | sta->eapol_sm->keyRun = value ? TRUE : FALSE; | |
280 | break; | |
281 | case WPA_EAPOL_keyAvailable: | |
282 | if (sta->eapol_sm) | |
283 | sta->eapol_sm->eap_if->eapKeyAvailable = | |
284 | value ? TRUE : FALSE; | |
285 | break; | |
286 | case WPA_EAPOL_keyDone: | |
287 | if (sta->eapol_sm) | |
288 | sta->eapol_sm->keyDone = value ? TRUE : FALSE; | |
289 | break; | |
290 | case WPA_EAPOL_inc_EapolFramesTx: | |
291 | if (sta->eapol_sm) | |
292 | sta->eapol_sm->dot1xAuthEapolFramesTx++; | |
293 | break; | |
294 | } | |
295 | } | |
296 | ||
297 | ||
298 | static int hostapd_wpa_auth_get_eapol(void *ctx, const u8 *addr, | |
299 | wpa_eapol_variable var) | |
300 | { | |
301 | struct hostapd_data *hapd = ctx; | |
302 | struct sta_info *sta = ap_get_sta(hapd, addr); | |
303 | if (sta == NULL || sta->eapol_sm == NULL) | |
304 | return -1; | |
305 | switch (var) { | |
306 | case WPA_EAPOL_keyRun: | |
307 | return sta->eapol_sm->keyRun; | |
308 | case WPA_EAPOL_keyAvailable: | |
309 | return sta->eapol_sm->eap_if->eapKeyAvailable; | |
310 | default: | |
311 | return -1; | |
312 | } | |
313 | } | |
314 | ||
315 | ||
316 | static const u8 * hostapd_wpa_auth_get_psk(void *ctx, const u8 *addr, | |
759fd76b | 317 | const u8 *p2p_dev_addr, |
dbfa691d JM |
318 | const u8 *prev_psk, size_t *psk_len, |
319 | int *vlan_id) | |
c442055e JM |
320 | { |
321 | struct hostapd_data *hapd = ctx; | |
05ab9712 | 322 | struct sta_info *sta = ap_get_sta(hapd, addr); |
47b55a3e JM |
323 | const u8 *psk; |
324 | ||
dbfa691d JM |
325 | if (vlan_id) |
326 | *vlan_id = 0; | |
7a12edd1 JM |
327 | if (psk_len) |
328 | *psk_len = PMK_LEN; | |
329 | ||
47b55a3e JM |
330 | #ifdef CONFIG_SAE |
331 | if (sta && sta->auth_alg == WLAN_AUTH_SAE) { | |
332 | if (!sta->sae || prev_psk) | |
333 | return NULL; | |
334 | return sta->sae->pmk; | |
335 | } | |
e61fea6b JM |
336 | if (sta && wpa_auth_uses_sae(sta->wpa_sm)) { |
337 | wpa_printf(MSG_DEBUG, | |
338 | "No PSK for STA trying to use SAE with PMKSA caching"); | |
339 | return NULL; | |
340 | } | |
47b55a3e JM |
341 | #endif /* CONFIG_SAE */ |
342 | ||
09368515 JM |
343 | #ifdef CONFIG_OWE |
344 | if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) && | |
7a12edd1 JM |
345 | sta && sta->owe_pmk) { |
346 | if (psk_len) | |
347 | *psk_len = sta->owe_pmk_len; | |
09368515 | 348 | return sta->owe_pmk; |
7a12edd1 | 349 | } |
d90f10fa JM |
350 | if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) && sta) { |
351 | struct rsn_pmksa_cache_entry *sa; | |
352 | ||
353 | sa = wpa_auth_sta_get_pmksa(sta->wpa_sm); | |
354 | if (sa && sa->akmp == WPA_KEY_MGMT_OWE) { | |
355 | if (psk_len) | |
356 | *psk_len = sa->pmk_len; | |
357 | return sa->pmk; | |
358 | } | |
359 | } | |
09368515 JM |
360 | #endif /* CONFIG_OWE */ |
361 | ||
dbfa691d JM |
362 | psk = hostapd_get_psk(hapd->conf, addr, p2p_dev_addr, prev_psk, |
363 | vlan_id); | |
59dff51d MB |
364 | /* |
365 | * This is about to iterate over all psks, prev_psk gives the last | |
366 | * returned psk which should not be returned again. | |
5ee56c4e | 367 | * logic list (all hostapd_get_psk; all sta->psk) |
59dff51d | 368 | */ |
5ee56c4e MB |
369 | if (sta && sta->psk && !psk) { |
370 | struct hostapd_sta_wpa_psk_short *pos; | |
dbfa691d JM |
371 | |
372 | if (vlan_id) | |
373 | *vlan_id = 0; | |
5ee56c4e MB |
374 | psk = sta->psk->psk; |
375 | for (pos = sta->psk; pos; pos = pos->next) { | |
f8e09bc5 MB |
376 | if (pos->is_passphrase) { |
377 | pbkdf2_sha1(pos->passphrase, | |
378 | hapd->conf->ssid.ssid, | |
379 | hapd->conf->ssid.ssid_len, 4096, | |
380 | pos->psk, PMK_LEN); | |
381 | pos->is_passphrase = 0; | |
382 | } | |
5ee56c4e MB |
383 | if (pos->psk == prev_psk) { |
384 | psk = pos->next ? pos->next->psk : NULL; | |
385 | break; | |
386 | } | |
387 | } | |
388 | } | |
59dff51d | 389 | return psk; |
c442055e JM |
390 | } |
391 | ||
392 | ||
393 | static int hostapd_wpa_auth_get_msk(void *ctx, const u8 *addr, u8 *msk, | |
394 | size_t *len) | |
395 | { | |
396 | struct hostapd_data *hapd = ctx; | |
397 | const u8 *key; | |
398 | size_t keylen; | |
399 | struct sta_info *sta; | |
400 | ||
401 | sta = ap_get_sta(hapd, addr); | |
400de9b1 BG |
402 | if (sta == NULL) { |
403 | wpa_printf(MSG_DEBUG, "AUTH_GET_MSK: Cannot find STA"); | |
c442055e | 404 | return -1; |
400de9b1 | 405 | } |
c442055e JM |
406 | |
407 | key = ieee802_1x_get_key(sta->eapol_sm, &keylen); | |
400de9b1 BG |
408 | if (key == NULL) { |
409 | wpa_printf(MSG_DEBUG, "AUTH_GET_MSK: Key is null, eapol_sm: %p", | |
410 | sta->eapol_sm); | |
c442055e | 411 | return -1; |
400de9b1 | 412 | } |
c442055e JM |
413 | |
414 | if (keylen > *len) | |
415 | keylen = *len; | |
416 | os_memcpy(msk, key, keylen); | |
417 | *len = keylen; | |
418 | ||
419 | return 0; | |
420 | } | |
421 | ||
422 | ||
71934751 | 423 | static int hostapd_wpa_auth_set_key(void *ctx, int vlan_id, enum wpa_alg alg, |
c442055e | 424 | const u8 *addr, int idx, u8 *key, |
a919a260 | 425 | size_t key_len, enum key_flag key_flag) |
c442055e JM |
426 | { |
427 | struct hostapd_data *hapd = ctx; | |
428 | const char *ifname = hapd->conf->iface; | |
429 | ||
430 | if (vlan_id > 0) { | |
431 | ifname = hostapd_get_vlan_id_ifname(hapd->conf->vlan, vlan_id); | |
99d8c4dc GG |
432 | if (!ifname) { |
433 | if (!(hapd->iface->drv_flags & | |
434 | WPA_DRIVER_FLAGS_VLAN_OFFLOAD)) | |
435 | return -1; | |
436 | ifname = hapd->conf->iface; | |
437 | } | |
c442055e JM |
438 | } |
439 | ||
16579769 | 440 | #ifdef CONFIG_TESTING_OPTIONS |
862aac1f AW |
441 | if (key_flag & KEY_FLAG_MODIFY) { |
442 | /* We are updating an already installed key. Don't overwrite | |
443 | * the already stored key information with zeros. | |
444 | */ | |
445 | } else if (addr && !is_broadcast_ether_addr(addr)) { | |
16579769 JM |
446 | struct sta_info *sta; |
447 | ||
448 | sta = ap_get_sta(hapd, addr); | |
449 | if (sta) { | |
450 | sta->last_tk_alg = alg; | |
451 | sta->last_tk_key_idx = idx; | |
452 | if (key) | |
453 | os_memcpy(sta->last_tk, key, key_len); | |
454 | sta->last_tk_len = key_len; | |
455 | } | |
f8bfc9cb PK |
456 | } else if (alg == WPA_ALG_IGTK || |
457 | alg == WPA_ALG_BIP_GMAC_128 || | |
458 | alg == WPA_ALG_BIP_GMAC_256 || | |
459 | alg == WPA_ALG_BIP_CMAC_256) { | |
16579769 JM |
460 | hapd->last_igtk_alg = alg; |
461 | hapd->last_igtk_key_idx = idx; | |
462 | if (key) | |
463 | os_memcpy(hapd->last_igtk, key, key_len); | |
464 | hapd->last_igtk_len = key_len; | |
16579769 JM |
465 | } else { |
466 | hapd->last_gtk_alg = alg; | |
467 | hapd->last_gtk_key_idx = idx; | |
468 | if (key) | |
469 | os_memcpy(hapd->last_gtk, key, key_len); | |
470 | hapd->last_gtk_len = key_len; | |
471 | } | |
472 | #endif /* CONFIG_TESTING_OPTIONS */ | |
4d3ae54f | 473 | return hostapd_drv_set_key(ifname, hapd, alg, addr, idx, vlan_id, 1, |
a919a260 | 474 | NULL, 0, key, key_len, key_flag); |
c442055e JM |
475 | } |
476 | ||
477 | ||
478 | static int hostapd_wpa_auth_get_seqnum(void *ctx, const u8 *addr, int idx, | |
479 | u8 *seq) | |
480 | { | |
481 | struct hostapd_data *hapd = ctx; | |
482 | return hostapd_get_seqnum(hapd->conf->iface, hapd, addr, idx, seq); | |
483 | } | |
484 | ||
485 | ||
486 | static int hostapd_wpa_auth_send_eapol(void *ctx, const u8 *addr, | |
487 | const u8 *data, size_t data_len, | |
488 | int encrypt) | |
489 | { | |
490 | struct hostapd_data *hapd = ctx; | |
4378fc14 FF |
491 | struct sta_info *sta; |
492 | u32 flags = 0; | |
493 | ||
9d4ff04a JM |
494 | #ifdef CONFIG_TESTING_OPTIONS |
495 | if (hapd->ext_eapol_frame_io) { | |
496 | size_t hex_len = 2 * data_len + 1; | |
497 | char *hex = os_malloc(hex_len); | |
498 | ||
499 | if (hex == NULL) | |
500 | return -1; | |
501 | wpa_snprintf_hex(hex, hex_len, data, data_len); | |
502 | wpa_msg(hapd->msg_ctx, MSG_INFO, "EAPOL-TX " MACSTR " %s", | |
503 | MAC2STR(addr), hex); | |
504 | os_free(hex); | |
505 | return 0; | |
506 | } | |
507 | #endif /* CONFIG_TESTING_OPTIONS */ | |
508 | ||
4378fc14 FF |
509 | sta = ap_get_sta(hapd, addr); |
510 | if (sta) | |
511 | flags = hostapd_sta_flags_to_drv(sta->flags); | |
512 | ||
3acdf771 | 513 | return hostapd_drv_hapd_send_eapol(hapd, addr, data, data_len, |
4378fc14 | 514 | encrypt, flags); |
c442055e JM |
515 | } |
516 | ||
517 | ||
518 | static int hostapd_wpa_auth_for_each_sta( | |
519 | void *ctx, int (*cb)(struct wpa_state_machine *sm, void *ctx), | |
520 | void *cb_ctx) | |
521 | { | |
522 | struct hostapd_data *hapd = ctx; | |
523 | struct sta_info *sta; | |
524 | ||
525 | for (sta = hapd->sta_list; sta; sta = sta->next) { | |
526 | if (sta->wpa_sm && cb(sta->wpa_sm, cb_ctx)) | |
527 | return 1; | |
528 | } | |
529 | return 0; | |
530 | } | |
531 | ||
532 | ||
533 | struct wpa_auth_iface_iter_data { | |
534 | int (*cb)(struct wpa_authenticator *sm, void *ctx); | |
535 | void *cb_ctx; | |
536 | }; | |
537 | ||
538 | static int wpa_auth_iface_iter(struct hostapd_iface *iface, void *ctx) | |
539 | { | |
540 | struct wpa_auth_iface_iter_data *data = ctx; | |
541 | size_t i; | |
542 | for (i = 0; i < iface->num_bss; i++) { | |
03bcb0af JM |
543 | if (iface->bss[i]->wpa_auth && |
544 | data->cb(iface->bss[i]->wpa_auth, data->cb_ctx)) | |
c442055e JM |
545 | return 1; |
546 | } | |
547 | return 0; | |
548 | } | |
549 | ||
550 | ||
551 | static int hostapd_wpa_auth_for_each_auth( | |
552 | void *ctx, int (*cb)(struct wpa_authenticator *sm, void *ctx), | |
553 | void *cb_ctx) | |
554 | { | |
555 | struct hostapd_data *hapd = ctx; | |
556 | struct wpa_auth_iface_iter_data data; | |
3776ac73 JM |
557 | if (hapd->iface->interfaces == NULL || |
558 | hapd->iface->interfaces->for_each_interface == NULL) | |
1b56c26c | 559 | return -1; |
c442055e JM |
560 | data.cb = cb; |
561 | data.cb_ctx = cb_ctx; | |
3776ac73 JM |
562 | return hapd->iface->interfaces->for_each_interface( |
563 | hapd->iface->interfaces, wpa_auth_iface_iter, &data); | |
c442055e JM |
564 | } |
565 | ||
566 | ||
4ec1fd8e | 567 | #ifdef CONFIG_IEEE80211R_AP |
67ccef7e | 568 | |
c5fee160 MB |
569 | struct wpa_ft_rrb_rx_later_data { |
570 | struct dl_list list; | |
571 | u8 addr[ETH_ALEN]; | |
572 | size_t data_len; | |
573 | /* followed by data_len octets of data */ | |
574 | }; | |
575 | ||
576 | static void hostapd_wpa_ft_rrb_rx_later(void *eloop_ctx, void *timeout_ctx) | |
577 | { | |
578 | struct hostapd_data *hapd = eloop_ctx; | |
579 | struct wpa_ft_rrb_rx_later_data *data, *n; | |
580 | ||
581 | dl_list_for_each_safe(data, n, &hapd->l2_queue, | |
582 | struct wpa_ft_rrb_rx_later_data, list) { | |
583 | if (hapd->wpa_auth) { | |
584 | wpa_ft_rrb_rx(hapd->wpa_auth, data->addr, | |
585 | (const u8 *) (data + 1), | |
586 | data->data_len); | |
587 | } | |
588 | dl_list_del(&data->list); | |
589 | os_free(data); | |
590 | } | |
591 | } | |
592 | ||
593 | ||
67ccef7e JM |
594 | struct wpa_auth_ft_iface_iter_data { |
595 | struct hostapd_data *src_hapd; | |
596 | const u8 *dst; | |
597 | const u8 *data; | |
598 | size_t data_len; | |
599 | }; | |
600 | ||
601 | ||
602 | static int hostapd_wpa_auth_ft_iter(struct hostapd_iface *iface, void *ctx) | |
603 | { | |
604 | struct wpa_auth_ft_iface_iter_data *idata = ctx; | |
c5fee160 | 605 | struct wpa_ft_rrb_rx_later_data *data; |
67ccef7e JM |
606 | struct hostapd_data *hapd; |
607 | size_t j; | |
608 | ||
609 | for (j = 0; j < iface->num_bss; j++) { | |
610 | hapd = iface->bss[j]; | |
c5fee160 MB |
611 | if (hapd == idata->src_hapd || |
612 | !hapd->wpa_auth || | |
613 | os_memcmp(hapd->own_addr, idata->dst, ETH_ALEN) != 0) | |
71456dbd | 614 | continue; |
c5fee160 MB |
615 | |
616 | wpa_printf(MSG_DEBUG, | |
617 | "FT: Send RRB data directly to locally managed BSS " | |
618 | MACSTR "@%s -> " MACSTR "@%s", | |
619 | MAC2STR(idata->src_hapd->own_addr), | |
620 | idata->src_hapd->conf->iface, | |
621 | MAC2STR(hapd->own_addr), hapd->conf->iface); | |
622 | ||
623 | /* Defer wpa_ft_rrb_rx() until next eloop step as this is | |
624 | * when it would be triggered when reading from a socket. | |
625 | * This avoids | |
626 | * hapd0:send -> hapd1:recv -> hapd1:send -> hapd0:recv, | |
627 | * that is calling hapd0:recv handler from within | |
628 | * hapd0:send directly. | |
629 | */ | |
630 | data = os_zalloc(sizeof(*data) + idata->data_len); | |
631 | if (!data) | |
67ccef7e | 632 | return 1; |
c5fee160 MB |
633 | |
634 | os_memcpy(data->addr, idata->src_hapd->own_addr, ETH_ALEN); | |
635 | os_memcpy(data + 1, idata->data, idata->data_len); | |
636 | data->data_len = idata->data_len; | |
637 | ||
638 | dl_list_add(&hapd->l2_queue, &data->list); | |
639 | ||
640 | if (!eloop_is_timeout_registered(hostapd_wpa_ft_rrb_rx_later, | |
641 | hapd, NULL)) | |
642 | eloop_register_timeout(0, 0, | |
643 | hostapd_wpa_ft_rrb_rx_later, | |
644 | hapd, NULL); | |
645 | ||
646 | return 1; | |
67ccef7e JM |
647 | } |
648 | ||
649 | return 0; | |
650 | } | |
651 | ||
4ec1fd8e | 652 | #endif /* CONFIG_IEEE80211R_AP */ |
67ccef7e JM |
653 | |
654 | ||
c442055e JM |
655 | static int hostapd_wpa_auth_send_ether(void *ctx, const u8 *dst, u16 proto, |
656 | const u8 *data, size_t data_len) | |
657 | { | |
658 | struct hostapd_data *hapd = ctx; | |
7e031850 JM |
659 | struct l2_ethhdr *buf; |
660 | int ret; | |
c442055e | 661 | |
9d4ff04a JM |
662 | #ifdef CONFIG_TESTING_OPTIONS |
663 | if (hapd->ext_eapol_frame_io && proto == ETH_P_EAPOL) { | |
664 | size_t hex_len = 2 * data_len + 1; | |
665 | char *hex = os_malloc(hex_len); | |
666 | ||
667 | if (hex == NULL) | |
668 | return -1; | |
669 | wpa_snprintf_hex(hex, hex_len, data, data_len); | |
670 | wpa_msg(hapd->msg_ctx, MSG_INFO, "EAPOL-TX " MACSTR " %s", | |
671 | MAC2STR(dst), hex); | |
672 | os_free(hex); | |
673 | return 0; | |
674 | } | |
675 | #endif /* CONFIG_TESTING_OPTIONS */ | |
676 | ||
4ec1fd8e | 677 | #ifdef CONFIG_IEEE80211R_AP |
3776ac73 JM |
678 | if (proto == ETH_P_RRB && hapd->iface->interfaces && |
679 | hapd->iface->interfaces->for_each_interface) { | |
67ccef7e JM |
680 | int res; |
681 | struct wpa_auth_ft_iface_iter_data idata; | |
682 | idata.src_hapd = hapd; | |
683 | idata.dst = dst; | |
684 | idata.data = data; | |
685 | idata.data_len = data_len; | |
3776ac73 JM |
686 | res = hapd->iface->interfaces->for_each_interface( |
687 | hapd->iface->interfaces, hostapd_wpa_auth_ft_iter, | |
688 | &idata); | |
67ccef7e JM |
689 | if (res == 1) |
690 | return data_len; | |
691 | } | |
4ec1fd8e | 692 | #endif /* CONFIG_IEEE80211R_AP */ |
67ccef7e | 693 | |
c442055e JM |
694 | if (hapd->l2 == NULL) |
695 | return -1; | |
7e031850 JM |
696 | |
697 | buf = os_malloc(sizeof(*buf) + data_len); | |
698 | if (buf == NULL) | |
699 | return -1; | |
700 | os_memcpy(buf->h_dest, dst, ETH_ALEN); | |
701 | os_memcpy(buf->h_source, hapd->own_addr, ETH_ALEN); | |
702 | buf->h_proto = host_to_be16(proto); | |
703 | os_memcpy(buf + 1, data, data_len); | |
704 | ret = l2_packet_send(hapd->l2, dst, proto, (u8 *) buf, | |
705 | sizeof(*buf) + data_len); | |
706 | os_free(buf); | |
2683690d | 707 | return ret; |
c442055e JM |
708 | } |
709 | ||
710 | ||
50bd8e0a MB |
711 | #ifdef CONFIG_ETH_P_OUI |
712 | static struct eth_p_oui_ctx * hostapd_wpa_get_oui(struct hostapd_data *hapd, | |
713 | u8 oui_suffix) | |
714 | { | |
715 | switch (oui_suffix) { | |
716 | #ifdef CONFIG_IEEE80211R_AP | |
717 | case FT_PACKET_R0KH_R1KH_PULL: | |
718 | return hapd->oui_pull; | |
719 | case FT_PACKET_R0KH_R1KH_RESP: | |
720 | return hapd->oui_resp; | |
721 | case FT_PACKET_R0KH_R1KH_PUSH: | |
722 | return hapd->oui_push; | |
eefe8630 MB |
723 | case FT_PACKET_R0KH_R1KH_SEQ_REQ: |
724 | return hapd->oui_sreq; | |
725 | case FT_PACKET_R0KH_R1KH_SEQ_RESP: | |
726 | return hapd->oui_sresp; | |
50bd8e0a MB |
727 | #endif /* CONFIG_IEEE80211R_AP */ |
728 | default: | |
729 | return NULL; | |
730 | } | |
731 | } | |
732 | #endif /* CONFIG_ETH_P_OUI */ | |
733 | ||
734 | ||
735 | #ifdef CONFIG_IEEE80211R_AP | |
736 | ||
737 | struct oui_deliver_later_data { | |
738 | struct dl_list list; | |
739 | u8 src_addr[ETH_ALEN]; | |
740 | u8 dst_addr[ETH_ALEN]; | |
741 | size_t data_len; | |
742 | u8 oui_suffix; | |
743 | /* followed by data_len octets of data */ | |
744 | }; | |
745 | ||
746 | static void hostapd_oui_deliver_later(void *eloop_ctx, void *timeout_ctx) | |
747 | { | |
748 | struct hostapd_data *hapd = eloop_ctx; | |
749 | struct oui_deliver_later_data *data, *n; | |
750 | struct eth_p_oui_ctx *oui_ctx; | |
751 | ||
752 | dl_list_for_each_safe(data, n, &hapd->l2_oui_queue, | |
753 | struct oui_deliver_later_data, list) { | |
754 | oui_ctx = hostapd_wpa_get_oui(hapd, data->oui_suffix); | |
a422d9b4 JM |
755 | wpa_printf(MSG_DEBUG, "RRB(%s): %s src=" MACSTR " dst=" MACSTR |
756 | " oui_suffix=%u data_len=%u data=%p", | |
757 | hapd->conf->iface, __func__, | |
758 | MAC2STR(data->src_addr), MAC2STR(data->dst_addr), | |
759 | data->oui_suffix, (unsigned int) data->data_len, | |
760 | data); | |
50bd8e0a MB |
761 | if (hapd->wpa_auth && oui_ctx) { |
762 | eth_p_oui_deliver(oui_ctx, data->src_addr, | |
763 | data->dst_addr, | |
764 | (const u8 *) (data + 1), | |
765 | data->data_len); | |
766 | } | |
767 | dl_list_del(&data->list); | |
768 | os_free(data); | |
769 | } | |
770 | } | |
771 | ||
772 | ||
773 | struct wpa_auth_oui_iface_iter_data { | |
774 | struct hostapd_data *src_hapd; | |
775 | const u8 *dst_addr; | |
776 | const u8 *data; | |
777 | size_t data_len; | |
778 | u8 oui_suffix; | |
779 | }; | |
780 | ||
781 | static int hostapd_wpa_auth_oui_iter(struct hostapd_iface *iface, void *ctx) | |
782 | { | |
783 | struct wpa_auth_oui_iface_iter_data *idata = ctx; | |
784 | struct oui_deliver_later_data *data; | |
3cd4db23 | 785 | struct hostapd_data *hapd, *src_hapd = idata->src_hapd; |
50bd8e0a MB |
786 | size_t j; |
787 | ||
788 | for (j = 0; j < iface->num_bss; j++) { | |
789 | hapd = iface->bss[j]; | |
3cd4db23 JM |
790 | if (hapd == src_hapd) |
791 | continue; /* don't deliver back to same interface */ | |
792 | if (!wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt) || | |
793 | hapd->conf->ssid.ssid_len != | |
794 | src_hapd->conf->ssid.ssid_len || | |
795 | os_memcmp(hapd->conf->ssid.ssid, | |
796 | src_hapd->conf->ssid.ssid, | |
797 | hapd->conf->ssid.ssid_len) != 0 || | |
798 | os_memcmp(hapd->conf->mobility_domain, | |
799 | src_hapd->conf->mobility_domain, | |
c133c785 | 800 | MOBILITY_DOMAIN_ID_LEN) != 0) |
3cd4db23 | 801 | continue; /* no matching FT SSID/mobility domain */ |
50bd8e0a MB |
802 | if (!is_multicast_ether_addr(idata->dst_addr) && |
803 | os_memcmp(hapd->own_addr, idata->dst_addr, ETH_ALEN) != 0) | |
3cd4db23 | 804 | continue; /* destination address does not match */ |
50bd8e0a MB |
805 | |
806 | /* defer eth_p_oui_deliver until next eloop step as this is | |
807 | * when it would be triggerd from reading from sock | |
808 | * This avoids | |
809 | * hapd0:send -> hapd1:recv -> hapd1:send -> hapd0:recv, | |
810 | * that is calling hapd0:recv handler from within | |
811 | * hapd0:send directly. | |
812 | */ | |
813 | data = os_zalloc(sizeof(*data) + idata->data_len); | |
814 | if (!data) | |
815 | return 1; | |
a422d9b4 JM |
816 | wpa_printf(MSG_DEBUG, |
817 | "RRB(%s): local delivery to %s dst=" MACSTR | |
818 | " oui_suffix=%u data_len=%u data=%p", | |
3cd4db23 | 819 | src_hapd->conf->iface, hapd->conf->iface, |
a422d9b4 JM |
820 | MAC2STR(idata->dst_addr), idata->oui_suffix, |
821 | (unsigned int) idata->data_len, data); | |
50bd8e0a | 822 | |
3cd4db23 | 823 | os_memcpy(data->src_addr, src_hapd->own_addr, ETH_ALEN); |
50bd8e0a MB |
824 | os_memcpy(data->dst_addr, idata->dst_addr, ETH_ALEN); |
825 | os_memcpy(data + 1, idata->data, idata->data_len); | |
826 | data->data_len = idata->data_len; | |
827 | data->oui_suffix = idata->oui_suffix; | |
828 | ||
7b1105af | 829 | dl_list_add_tail(&hapd->l2_oui_queue, &data->list); |
50bd8e0a MB |
830 | |
831 | if (!eloop_is_timeout_registered(hostapd_oui_deliver_later, | |
832 | hapd, NULL)) | |
833 | eloop_register_timeout(0, 0, | |
834 | hostapd_oui_deliver_later, | |
835 | hapd, NULL); | |
836 | ||
4834c686 JW |
837 | /* If dst_addr is a multicast address, do not return any |
838 | * non-zero value here. Otherwise, the iteration of | |
839 | * for_each_interface() will be stopped. */ | |
840 | if (!is_multicast_ether_addr(idata->dst_addr)) | |
841 | return 1; | |
50bd8e0a MB |
842 | } |
843 | ||
844 | return 0; | |
845 | } | |
846 | ||
847 | #endif /* CONFIG_IEEE80211R_AP */ | |
848 | ||
849 | ||
850 | static int hostapd_wpa_auth_send_oui(void *ctx, const u8 *dst, u8 oui_suffix, | |
851 | const u8 *data, size_t data_len) | |
852 | { | |
853 | #ifdef CONFIG_ETH_P_OUI | |
854 | struct hostapd_data *hapd = ctx; | |
855 | struct eth_p_oui_ctx *oui_ctx; | |
856 | ||
a422d9b4 JM |
857 | wpa_printf(MSG_DEBUG, "RRB(%s): send to dst=" MACSTR |
858 | " oui_suffix=%u data_len=%u", | |
859 | hapd->conf->iface, MAC2STR(dst), oui_suffix, | |
860 | (unsigned int) data_len); | |
50bd8e0a MB |
861 | #ifdef CONFIG_IEEE80211R_AP |
862 | if (hapd->iface->interfaces && | |
863 | hapd->iface->interfaces->for_each_interface) { | |
864 | struct wpa_auth_oui_iface_iter_data idata; | |
865 | int res; | |
866 | ||
867 | idata.src_hapd = hapd; | |
868 | idata.dst_addr = dst; | |
869 | idata.data = data; | |
870 | idata.data_len = data_len; | |
871 | idata.oui_suffix = oui_suffix; | |
872 | res = hapd->iface->interfaces->for_each_interface( | |
873 | hapd->iface->interfaces, hostapd_wpa_auth_oui_iter, | |
874 | &idata); | |
875 | if (res == 1) | |
876 | return data_len; | |
877 | } | |
878 | #endif /* CONFIG_IEEE80211R_AP */ | |
879 | ||
880 | oui_ctx = hostapd_wpa_get_oui(hapd, oui_suffix); | |
881 | if (!oui_ctx) | |
882 | return -1; | |
883 | ||
884 | return eth_p_oui_send(oui_ctx, hapd->own_addr, dst, data, data_len); | |
885 | #else /* CONFIG_ETH_P_OUI */ | |
886 | return -1; | |
887 | #endif /* CONFIG_ETH_P_OUI */ | |
888 | } | |
889 | ||
890 | ||
bef4d07a MV |
891 | static int hostapd_channel_info(void *ctx, struct wpa_channel_info *ci) |
892 | { | |
893 | struct hostapd_data *hapd = ctx; | |
894 | ||
895 | return hostapd_drv_channel_info(hapd, ci); | |
896 | } | |
897 | ||
1034f67b | 898 | |
dbfa691d JM |
899 | static int hostapd_wpa_auth_update_vlan(void *ctx, const u8 *addr, int vlan_id) |
900 | { | |
901 | #ifndef CONFIG_NO_VLAN | |
902 | struct hostapd_data *hapd = ctx; | |
903 | struct sta_info *sta; | |
dbfa691d JM |
904 | |
905 | sta = ap_get_sta(hapd, addr); | |
906 | if (!sta) | |
907 | return -1; | |
908 | ||
99d8c4dc GG |
909 | if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_VLAN_OFFLOAD)) { |
910 | struct vlan_description vlan_desc; | |
dbfa691d | 911 | |
99d8c4dc GG |
912 | os_memset(&vlan_desc, 0, sizeof(vlan_desc)); |
913 | vlan_desc.notempty = 1; | |
914 | vlan_desc.untagged = vlan_id; | |
915 | if (!hostapd_vlan_valid(hapd->conf->vlan, &vlan_desc)) { | |
916 | wpa_printf(MSG_INFO, | |
917 | "Invalid VLAN ID %d in wpa_psk_file", | |
918 | vlan_id); | |
919 | return -1; | |
920 | } | |
921 | ||
922 | if (ap_sta_set_vlan(hapd, sta, &vlan_desc) < 0) { | |
923 | wpa_printf(MSG_INFO, | |
924 | "Failed to assign VLAN ID %d from wpa_psk_file to " | |
925 | MACSTR, vlan_id, MAC2STR(sta->addr)); | |
926 | return -1; | |
927 | } | |
928 | } else { | |
929 | sta->vlan_id = vlan_id; | |
dbfa691d JM |
930 | } |
931 | ||
932 | wpa_printf(MSG_INFO, | |
933 | "Assigned VLAN ID %d from wpa_psk_file to " MACSTR, | |
934 | vlan_id, MAC2STR(sta->addr)); | |
935 | if ((sta->flags & WLAN_STA_ASSOC) && | |
936 | ap_sta_bind_vlan(hapd, sta) < 0) | |
937 | return -1; | |
938 | #endif /* CONFIG_NO_VLAN */ | |
939 | ||
940 | return 0; | |
941 | } | |
942 | ||
943 | ||
1034f67b MV |
944 | #ifdef CONFIG_OCV |
945 | static int hostapd_get_sta_tx_params(void *ctx, const u8 *addr, | |
946 | int ap_max_chanwidth, int ap_seg1_idx, | |
947 | int *bandwidth, int *seg1_idx) | |
948 | { | |
949 | struct hostapd_data *hapd = ctx; | |
950 | struct sta_info *sta; | |
951 | ||
952 | sta = ap_get_sta(hapd, addr); | |
953 | if (!sta) { | |
954 | hostapd_wpa_auth_logger(hapd, addr, LOGGER_INFO, | |
955 | "Failed to get STA info to validate received OCI"); | |
956 | return -1; | |
957 | } | |
958 | ||
959 | return get_tx_parameters(sta, ap_max_chanwidth, ap_seg1_idx, bandwidth, | |
960 | seg1_idx); | |
961 | } | |
962 | #endif /* CONFIG_OCV */ | |
963 | ||
964 | ||
4ec1fd8e | 965 | #ifdef CONFIG_IEEE80211R_AP |
c442055e JM |
966 | |
967 | static int hostapd_wpa_auth_send_ft_action(void *ctx, const u8 *dst, | |
968 | const u8 *data, size_t data_len) | |
969 | { | |
970 | struct hostapd_data *hapd = ctx; | |
971 | int res; | |
972 | struct ieee80211_mgmt *m; | |
973 | size_t mlen; | |
974 | struct sta_info *sta; | |
975 | ||
976 | sta = ap_get_sta(hapd, dst); | |
977 | if (sta == NULL || sta->wpa_sm == NULL) | |
978 | return -1; | |
979 | ||
980 | m = os_zalloc(sizeof(*m) + data_len); | |
981 | if (m == NULL) | |
982 | return -1; | |
983 | mlen = ((u8 *) &m->u - (u8 *) m) + data_len; | |
984 | m->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, | |
985 | WLAN_FC_STYPE_ACTION); | |
986 | os_memcpy(m->da, dst, ETH_ALEN); | |
987 | os_memcpy(m->sa, hapd->own_addr, ETH_ALEN); | |
988 | os_memcpy(m->bssid, hapd->own_addr, ETH_ALEN); | |
989 | os_memcpy(&m->u, data, data_len); | |
990 | ||
37100274 | 991 | res = hostapd_drv_send_mlme(hapd, (u8 *) m, mlen, 0, NULL, 0, 0); |
c442055e JM |
992 | os_free(m); |
993 | return res; | |
994 | } | |
995 | ||
996 | ||
997 | static struct wpa_state_machine * | |
998 | hostapd_wpa_auth_add_sta(void *ctx, const u8 *sta_addr) | |
999 | { | |
1000 | struct hostapd_data *hapd = ctx; | |
1001 | struct sta_info *sta; | |
df3b2e22 | 1002 | int ret; |
c442055e | 1003 | |
4cf5efec JM |
1004 | wpa_printf(MSG_DEBUG, "Add station entry for " MACSTR |
1005 | " based on WPA authenticator callback", | |
1006 | MAC2STR(sta_addr)); | |
df3b2e22 SSG |
1007 | ret = hostapd_add_sta_node(hapd, sta_addr, WLAN_AUTH_FT); |
1008 | ||
1009 | /* | |
1010 | * The expected return values from hostapd_add_sta_node() are | |
1011 | * 0: successfully added STA entry | |
1012 | * -EOPNOTSUPP: driver or driver wrapper does not support/need this | |
1013 | * operations | |
1014 | * any other negative value: error in adding the STA entry */ | |
1015 | if (ret < 0 && ret != -EOPNOTSUPP) | |
88b32a99 SP |
1016 | return NULL; |
1017 | ||
c442055e JM |
1018 | sta = ap_sta_add(hapd, sta_addr); |
1019 | if (sta == NULL) | |
1020 | return NULL; | |
df3b2e22 | 1021 | if (ret == 0) |
4cf5efec | 1022 | sta->added_unassoc = 1; |
df3b2e22 | 1023 | |
4cf5efec | 1024 | sta->ft_over_ds = 1; |
21c9b690 JM |
1025 | if (sta->wpa_sm) { |
1026 | sta->auth_alg = WLAN_AUTH_FT; | |
c442055e | 1027 | return sta->wpa_sm; |
21c9b690 | 1028 | } |
c442055e | 1029 | |
94ddef3e | 1030 | sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, sta->addr, NULL); |
c442055e JM |
1031 | if (sta->wpa_sm == NULL) { |
1032 | ap_free_sta(hapd, sta); | |
1033 | return NULL; | |
1034 | } | |
1035 | sta->auth_alg = WLAN_AUTH_FT; | |
1036 | ||
1037 | return sta->wpa_sm; | |
1038 | } | |
1039 | ||
1040 | ||
d867e118 JM |
1041 | static int hostapd_wpa_auth_add_sta_ft(void *ctx, const u8 *sta_addr) |
1042 | { | |
1043 | struct hostapd_data *hapd = ctx; | |
1044 | struct sta_info *sta; | |
1045 | ||
1046 | sta = ap_get_sta(hapd, sta_addr); | |
1047 | if (!sta) | |
1048 | return -1; | |
1049 | ||
1050 | if (FULL_AP_CLIENT_STATE_SUPP(hapd->iface->drv_flags) && | |
1051 | (sta->flags & WLAN_STA_MFP) && ap_sta_is_authorized(sta) && | |
1052 | !(hapd->conf->mesh & MESH_ENABLED) && !(sta->added_unassoc)) { | |
1053 | /* We could not do this in handle_auth() since there was a | |
1054 | * PMF-enabled association for the STA and the new | |
1055 | * authentication attempt was not yet fully processed. Now that | |
1056 | * we are ready to configure the TK to the driver, | |
1057 | * authentication has succeeded and we can clean up the driver | |
1058 | * STA entry to avoid issues with any maintained state from the | |
1059 | * previous association. */ | |
1060 | wpa_printf(MSG_DEBUG, | |
1061 | "FT: Remove and re-add driver STA entry after successful FT authentication"); | |
1062 | return ap_sta_re_add(hapd, sta); | |
1063 | } | |
1064 | ||
1065 | return 0; | |
1066 | } | |
1067 | ||
1068 | ||
47a039b0 MB |
1069 | static int hostapd_wpa_auth_set_vlan(void *ctx, const u8 *sta_addr, |
1070 | struct vlan_description *vlan) | |
1071 | { | |
1072 | struct hostapd_data *hapd = ctx; | |
1073 | struct sta_info *sta; | |
1074 | ||
1075 | sta = ap_get_sta(hapd, sta_addr); | |
1076 | if (!sta || !sta->wpa_sm) | |
1077 | return -1; | |
1078 | ||
1079 | if (vlan->notempty && | |
1080 | !hostapd_vlan_valid(hapd->conf->vlan, vlan)) { | |
1081 | hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, | |
1082 | HOSTAPD_LEVEL_INFO, | |
1083 | "Invalid VLAN %d%s received from FT", | |
1084 | vlan->untagged, vlan->tagged[0] ? "+" : ""); | |
1085 | return -1; | |
1086 | } | |
1087 | ||
1088 | if (ap_sta_set_vlan(hapd, sta, vlan) < 0) | |
1089 | return -1; | |
1090 | /* Configure wpa_group for GTK but ignore error due to driver not | |
1091 | * knowing this STA. */ | |
1092 | ap_sta_bind_vlan(hapd, sta); | |
1093 | ||
1094 | if (sta->vlan_id) | |
1095 | hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, | |
1096 | HOSTAPD_LEVEL_INFO, "VLAN ID %d", sta->vlan_id); | |
1097 | ||
1098 | return 0; | |
1099 | } | |
1100 | ||
1101 | ||
1102 | static int hostapd_wpa_auth_get_vlan(void *ctx, const u8 *sta_addr, | |
1103 | struct vlan_description *vlan) | |
1104 | { | |
1105 | struct hostapd_data *hapd = ctx; | |
1106 | struct sta_info *sta; | |
1107 | ||
1108 | sta = ap_get_sta(hapd, sta_addr); | |
1109 | if (!sta) | |
1110 | return -1; | |
1111 | ||
1112 | if (sta->vlan_desc) | |
1113 | *vlan = *sta->vlan_desc; | |
1114 | else | |
1115 | os_memset(vlan, 0, sizeof(*vlan)); | |
1116 | ||
1117 | return 0; | |
1118 | } | |
1119 | ||
1120 | ||
8c345234 MB |
1121 | static int |
1122 | hostapd_wpa_auth_set_identity(void *ctx, const u8 *sta_addr, | |
1123 | const u8 *identity, size_t identity_len) | |
1124 | { | |
1125 | struct hostapd_data *hapd = ctx; | |
1126 | struct sta_info *sta; | |
1127 | ||
1128 | sta = ap_get_sta(hapd, sta_addr); | |
1129 | if (!sta) | |
1130 | return -1; | |
1131 | ||
1132 | os_free(sta->identity); | |
1133 | sta->identity = NULL; | |
1134 | ||
1135 | if (sta->eapol_sm) { | |
1136 | os_free(sta->eapol_sm->identity); | |
1137 | sta->eapol_sm->identity = NULL; | |
1138 | sta->eapol_sm->identity_len = 0; | |
1139 | } | |
1140 | ||
1141 | if (!identity_len) | |
1142 | return 0; | |
1143 | ||
1144 | /* sta->identity is NULL terminated */ | |
1145 | sta->identity = os_zalloc(identity_len + 1); | |
1146 | if (!sta->identity) | |
1147 | return -1; | |
1148 | os_memcpy(sta->identity, identity, identity_len); | |
1149 | ||
1150 | if (sta->eapol_sm) { | |
1151 | sta->eapol_sm->identity = os_zalloc(identity_len); | |
1152 | if (!sta->eapol_sm->identity) | |
1153 | return -1; | |
1154 | os_memcpy(sta->eapol_sm->identity, identity, identity_len); | |
1155 | sta->eapol_sm->identity_len = identity_len; | |
1156 | } | |
1157 | ||
1158 | return 0; | |
1159 | } | |
1160 | ||
1161 | ||
1162 | static size_t | |
1163 | hostapd_wpa_auth_get_identity(void *ctx, const u8 *sta_addr, const u8 **buf) | |
1164 | { | |
1165 | struct hostapd_data *hapd = ctx; | |
1166 | struct sta_info *sta; | |
1167 | size_t len; | |
1168 | char *identity; | |
1169 | ||
1170 | sta = ap_get_sta(hapd, sta_addr); | |
1171 | if (!sta) | |
1172 | return 0; | |
1173 | ||
1174 | *buf = ieee802_1x_get_identity(sta->eapol_sm, &len); | |
1175 | if (*buf && len) | |
1176 | return len; | |
1177 | ||
1178 | if (!sta->identity) { | |
1179 | *buf = NULL; | |
1180 | return 0; | |
1181 | } | |
1182 | ||
1183 | identity = sta->identity; | |
1184 | len = os_strlen(identity); | |
1185 | *buf = (u8 *) identity; | |
1186 | ||
1187 | return len; | |
1188 | } | |
1189 | ||
1190 | ||
1191 | static int | |
1192 | hostapd_wpa_auth_set_radius_cui(void *ctx, const u8 *sta_addr, | |
1193 | const u8 *radius_cui, size_t radius_cui_len) | |
1194 | { | |
1195 | struct hostapd_data *hapd = ctx; | |
1196 | struct sta_info *sta; | |
1197 | ||
1198 | sta = ap_get_sta(hapd, sta_addr); | |
1199 | if (!sta) | |
1200 | return -1; | |
1201 | ||
1202 | os_free(sta->radius_cui); | |
1203 | sta->radius_cui = NULL; | |
1204 | ||
1205 | if (sta->eapol_sm) { | |
1206 | wpabuf_free(sta->eapol_sm->radius_cui); | |
1207 | sta->eapol_sm->radius_cui = NULL; | |
1208 | } | |
1209 | ||
1210 | if (!radius_cui) | |
1211 | return 0; | |
1212 | ||
1213 | /* sta->radius_cui is NULL terminated */ | |
1214 | sta->radius_cui = os_zalloc(radius_cui_len + 1); | |
1215 | if (!sta->radius_cui) | |
1216 | return -1; | |
1217 | os_memcpy(sta->radius_cui, radius_cui, radius_cui_len); | |
1218 | ||
1219 | if (sta->eapol_sm) { | |
1220 | sta->eapol_sm->radius_cui = wpabuf_alloc_copy(radius_cui, | |
1221 | radius_cui_len); | |
1222 | if (!sta->eapol_sm->radius_cui) | |
1223 | return -1; | |
1224 | } | |
1225 | ||
1226 | return 0; | |
1227 | } | |
1228 | ||
1229 | ||
1230 | static size_t | |
1231 | hostapd_wpa_auth_get_radius_cui(void *ctx, const u8 *sta_addr, const u8 **buf) | |
1232 | { | |
1233 | struct hostapd_data *hapd = ctx; | |
1234 | struct sta_info *sta; | |
1235 | struct wpabuf *b; | |
1236 | size_t len; | |
1237 | char *radius_cui; | |
1238 | ||
1239 | sta = ap_get_sta(hapd, sta_addr); | |
1240 | if (!sta) | |
1241 | return 0; | |
1242 | ||
1243 | b = ieee802_1x_get_radius_cui(sta->eapol_sm); | |
1244 | if (b) { | |
1245 | len = wpabuf_len(b); | |
1246 | *buf = wpabuf_head(b); | |
1247 | return len; | |
1248 | } | |
1249 | ||
1250 | if (!sta->radius_cui) { | |
1251 | *buf = NULL; | |
1252 | return 0; | |
1253 | } | |
1254 | ||
1255 | radius_cui = sta->radius_cui; | |
1256 | len = os_strlen(radius_cui); | |
1257 | *buf = (u8 *) radius_cui; | |
1258 | ||
1259 | return len; | |
1260 | } | |
1261 | ||
1262 | ||
3cb286ca MB |
1263 | static void hostapd_wpa_auth_set_session_timeout(void *ctx, const u8 *sta_addr, |
1264 | int session_timeout) | |
1265 | { | |
1266 | struct hostapd_data *hapd = ctx; | |
1267 | struct sta_info *sta; | |
1268 | ||
1269 | sta = ap_get_sta(hapd, sta_addr); | |
1270 | if (!sta) | |
1271 | return; | |
1272 | ||
1273 | if (session_timeout) { | |
1274 | os_get_reltime(&sta->session_timeout); | |
1275 | sta->session_timeout.sec += session_timeout; | |
1276 | sta->session_timeout_set = 1; | |
1277 | ap_sta_session_timeout(hapd, sta, session_timeout); | |
1278 | } else { | |
1279 | sta->session_timeout_set = 0; | |
1280 | ap_sta_no_session_timeout(hapd, sta); | |
1281 | } | |
1282 | } | |
1283 | ||
1284 | ||
1285 | static int hostapd_wpa_auth_get_session_timeout(void *ctx, const u8 *sta_addr) | |
1286 | { | |
1287 | struct hostapd_data *hapd = ctx; | |
1288 | struct sta_info *sta; | |
1289 | struct os_reltime now, remaining; | |
1290 | ||
1291 | sta = ap_get_sta(hapd, sta_addr); | |
1292 | if (!sta || !sta->session_timeout_set) | |
1293 | return 0; | |
1294 | ||
1295 | os_get_reltime(&now); | |
1296 | if (os_reltime_before(&sta->session_timeout, &now)) { | |
1297 | /* already expired, return >0 as timeout was set */ | |
1298 | return 1; | |
1299 | } | |
1300 | ||
1301 | os_reltime_sub(&sta->session_timeout, &now, &remaining); | |
1302 | ||
1303 | return (remaining.sec > 0) ? remaining.sec : 1; | |
1304 | } | |
1305 | ||
1306 | ||
c442055e JM |
1307 | static void hostapd_rrb_receive(void *ctx, const u8 *src_addr, const u8 *buf, |
1308 | size_t len) | |
1309 | { | |
1310 | struct hostapd_data *hapd = ctx; | |
7e031850 JM |
1311 | struct l2_ethhdr *ethhdr; |
1312 | if (len < sizeof(*ethhdr)) | |
1313 | return; | |
1314 | ethhdr = (struct l2_ethhdr *) buf; | |
1315 | wpa_printf(MSG_DEBUG, "FT: RRB received packet " MACSTR " -> " | |
1316 | MACSTR, MAC2STR(ethhdr->h_source), MAC2STR(ethhdr->h_dest)); | |
170c545a MB |
1317 | if (!is_multicast_ether_addr(ethhdr->h_dest) && |
1318 | os_memcmp(hapd->own_addr, ethhdr->h_dest, ETH_ALEN) != 0) | |
1319 | return; | |
7e031850 JM |
1320 | wpa_ft_rrb_rx(hapd->wpa_auth, ethhdr->h_source, buf + sizeof(*ethhdr), |
1321 | len - sizeof(*ethhdr)); | |
c442055e JM |
1322 | } |
1323 | ||
88b32a99 | 1324 | |
50bd8e0a MB |
1325 | static void hostapd_rrb_oui_receive(void *ctx, const u8 *src_addr, |
1326 | const u8 *dst_addr, u8 oui_suffix, | |
1327 | const u8 *buf, size_t len) | |
1328 | { | |
1329 | struct hostapd_data *hapd = ctx; | |
1330 | ||
1331 | wpa_printf(MSG_DEBUG, "FT: RRB received packet " MACSTR " -> " | |
1332 | MACSTR, MAC2STR(src_addr), MAC2STR(dst_addr)); | |
1333 | if (!is_multicast_ether_addr(dst_addr) && | |
1334 | os_memcmp(hapd->own_addr, dst_addr, ETH_ALEN) != 0) | |
1335 | return; | |
1336 | wpa_ft_rrb_oui_rx(hapd->wpa_auth, src_addr, dst_addr, oui_suffix, buf, | |
1337 | len); | |
1338 | } | |
1339 | ||
1340 | ||
88b32a99 SP |
1341 | static int hostapd_wpa_auth_add_tspec(void *ctx, const u8 *sta_addr, |
1342 | u8 *tspec_ie, size_t tspec_ielen) | |
1343 | { | |
1344 | struct hostapd_data *hapd = ctx; | |
1345 | return hostapd_add_tspec(hapd, sta_addr, tspec_ie, tspec_ielen); | |
1346 | } | |
1347 | ||
50bd8e0a MB |
1348 | |
1349 | ||
1350 | static int hostapd_wpa_register_ft_oui(struct hostapd_data *hapd, | |
1351 | const char *ft_iface) | |
1352 | { | |
1353 | hapd->oui_pull = eth_p_oui_register(hapd, ft_iface, | |
1354 | FT_PACKET_R0KH_R1KH_PULL, | |
1355 | hostapd_rrb_oui_receive, hapd); | |
1356 | if (!hapd->oui_pull) | |
1357 | return -1; | |
1358 | ||
1359 | hapd->oui_resp = eth_p_oui_register(hapd, ft_iface, | |
1360 | FT_PACKET_R0KH_R1KH_RESP, | |
1361 | hostapd_rrb_oui_receive, hapd); | |
1362 | if (!hapd->oui_resp) | |
1363 | return -1; | |
1364 | ||
1365 | hapd->oui_push = eth_p_oui_register(hapd, ft_iface, | |
1366 | FT_PACKET_R0KH_R1KH_PUSH, | |
1367 | hostapd_rrb_oui_receive, hapd); | |
1368 | if (!hapd->oui_push) | |
1369 | return -1; | |
1370 | ||
eefe8630 MB |
1371 | hapd->oui_sreq = eth_p_oui_register(hapd, ft_iface, |
1372 | FT_PACKET_R0KH_R1KH_SEQ_REQ, | |
1373 | hostapd_rrb_oui_receive, hapd); | |
1374 | if (!hapd->oui_sreq) | |
1375 | return -1; | |
1376 | ||
1377 | hapd->oui_sresp = eth_p_oui_register(hapd, ft_iface, | |
1378 | FT_PACKET_R0KH_R1KH_SEQ_RESP, | |
1379 | hostapd_rrb_oui_receive, hapd); | |
1380 | if (!hapd->oui_sresp) | |
1381 | return -1; | |
1382 | ||
50bd8e0a MB |
1383 | return 0; |
1384 | } | |
1385 | ||
1386 | ||
1387 | static void hostapd_wpa_unregister_ft_oui(struct hostapd_data *hapd) | |
1388 | { | |
1389 | eth_p_oui_unregister(hapd->oui_pull); | |
1390 | hapd->oui_pull = NULL; | |
1391 | eth_p_oui_unregister(hapd->oui_resp); | |
1392 | hapd->oui_resp = NULL; | |
1393 | eth_p_oui_unregister(hapd->oui_push); | |
1394 | hapd->oui_push = NULL; | |
eefe8630 MB |
1395 | eth_p_oui_unregister(hapd->oui_sreq); |
1396 | hapd->oui_sreq = NULL; | |
1397 | eth_p_oui_unregister(hapd->oui_sresp); | |
1398 | hapd->oui_sresp = NULL; | |
50bd8e0a | 1399 | } |
4ec1fd8e | 1400 | #endif /* CONFIG_IEEE80211R_AP */ |
c442055e JM |
1401 | |
1402 | ||
1403 | int hostapd_setup_wpa(struct hostapd_data *hapd) | |
1404 | { | |
1405 | struct wpa_auth_config _conf; | |
cef8fac0 JB |
1406 | static const struct wpa_auth_callbacks cb = { |
1407 | .logger = hostapd_wpa_auth_logger, | |
1408 | .disconnect = hostapd_wpa_auth_disconnect, | |
1409 | .mic_failure_report = hostapd_wpa_auth_mic_failure_report, | |
1410 | .psk_failure_report = hostapd_wpa_auth_psk_failure_report, | |
1411 | .set_eapol = hostapd_wpa_auth_set_eapol, | |
1412 | .get_eapol = hostapd_wpa_auth_get_eapol, | |
1413 | .get_psk = hostapd_wpa_auth_get_psk, | |
1414 | .get_msk = hostapd_wpa_auth_get_msk, | |
1415 | .set_key = hostapd_wpa_auth_set_key, | |
1416 | .get_seqnum = hostapd_wpa_auth_get_seqnum, | |
1417 | .send_eapol = hostapd_wpa_auth_send_eapol, | |
1418 | .for_each_sta = hostapd_wpa_auth_for_each_sta, | |
1419 | .for_each_auth = hostapd_wpa_auth_for_each_auth, | |
1420 | .send_ether = hostapd_wpa_auth_send_ether, | |
50bd8e0a | 1421 | .send_oui = hostapd_wpa_auth_send_oui, |
bef4d07a | 1422 | .channel_info = hostapd_channel_info, |
dbfa691d | 1423 | .update_vlan = hostapd_wpa_auth_update_vlan, |
1034f67b MV |
1424 | #ifdef CONFIG_OCV |
1425 | .get_sta_tx_params = hostapd_get_sta_tx_params, | |
1426 | #endif /* CONFIG_OCV */ | |
cef8fac0 JB |
1427 | #ifdef CONFIG_IEEE80211R_AP |
1428 | .send_ft_action = hostapd_wpa_auth_send_ft_action, | |
1429 | .add_sta = hostapd_wpa_auth_add_sta, | |
d867e118 | 1430 | .add_sta_ft = hostapd_wpa_auth_add_sta_ft, |
cef8fac0 | 1431 | .add_tspec = hostapd_wpa_auth_add_tspec, |
47a039b0 MB |
1432 | .set_vlan = hostapd_wpa_auth_set_vlan, |
1433 | .get_vlan = hostapd_wpa_auth_get_vlan, | |
8c345234 MB |
1434 | .set_identity = hostapd_wpa_auth_set_identity, |
1435 | .get_identity = hostapd_wpa_auth_get_identity, | |
1436 | .set_radius_cui = hostapd_wpa_auth_set_radius_cui, | |
1437 | .get_radius_cui = hostapd_wpa_auth_get_radius_cui, | |
3cb286ca MB |
1438 | .set_session_timeout = hostapd_wpa_auth_set_session_timeout, |
1439 | .get_session_timeout = hostapd_wpa_auth_get_session_timeout, | |
cef8fac0 JB |
1440 | #endif /* CONFIG_IEEE80211R_AP */ |
1441 | }; | |
c442055e JM |
1442 | const u8 *wpa_ie; |
1443 | size_t wpa_ie_len; | |
1444 | ||
7af092a0 | 1445 | hostapd_wpa_auth_conf(hapd->conf, hapd->iconf, &_conf); |
e4bf4db9 JM |
1446 | if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_EAPOL_TX_STATUS) |
1447 | _conf.tx_status = 1; | |
88b32a99 SP |
1448 | if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_AP_MLME) |
1449 | _conf.ap_mlme = 1; | |
1a7963e3 AW |
1450 | |
1451 | if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_WIRED) && | |
1452 | (hapd->conf->wpa_deny_ptk0_rekey == PTK0_REKEY_ALLOW_NEVER || | |
1453 | (hapd->conf->wpa_deny_ptk0_rekey == PTK0_REKEY_ALLOW_LOCAL_OK && | |
1454 | !(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_SAFE_PTK0_REKEYS)))) { | |
1455 | wpa_msg(hapd->msg_ctx, MSG_INFO, | |
1456 | "Disable PTK0 rekey support - replaced with disconnect"); | |
1457 | _conf.wpa_deny_ptk0_rekey = 1; | |
1458 | } | |
1459 | ||
862aac1f AW |
1460 | if (_conf.extended_key_id && |
1461 | (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_EXTENDED_KEY_ID)) | |
1462 | wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Extended Key ID supported"); | |
1463 | else | |
1464 | _conf.extended_key_id = 0; | |
1465 | ||
cef8fac0 | 1466 | hapd->wpa_auth = wpa_init(hapd->own_addr, &_conf, &cb, hapd); |
c442055e JM |
1467 | if (hapd->wpa_auth == NULL) { |
1468 | wpa_printf(MSG_ERROR, "WPA initialization failed."); | |
1469 | return -1; | |
1470 | } | |
1471 | ||
1472 | if (hostapd_set_privacy(hapd, 1)) { | |
1473 | wpa_printf(MSG_ERROR, "Could not set PrivacyInvoked " | |
1474 | "for interface %s", hapd->conf->iface); | |
1475 | return -1; | |
1476 | } | |
1477 | ||
1478 | wpa_ie = wpa_auth_get_wpa_ie(hapd->wpa_auth, &wpa_ie_len); | |
1479 | if (hostapd_set_generic_elem(hapd, wpa_ie, wpa_ie_len)) { | |
1480 | wpa_printf(MSG_ERROR, "Failed to configure WPA IE for " | |
1481 | "the kernel driver."); | |
1482 | return -1; | |
1483 | } | |
1484 | ||
1485 | if (rsn_preauth_iface_init(hapd)) { | |
1486 | wpa_printf(MSG_ERROR, "Initialization of RSN " | |
1487 | "pre-authentication failed."); | |
1488 | return -1; | |
1489 | } | |
1490 | ||
4ec1fd8e | 1491 | #ifdef CONFIG_IEEE80211R_AP |
b92d2a57 | 1492 | if (!hostapd_drv_none(hapd) && |
66d46406 | 1493 | wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt)) { |
50bd8e0a MB |
1494 | const char *ft_iface; |
1495 | ||
1496 | ft_iface = hapd->conf->bridge[0] ? hapd->conf->bridge : | |
1497 | hapd->conf->iface; | |
1498 | hapd->l2 = l2_packet_init(ft_iface, NULL, ETH_P_RRB, | |
7e031850 | 1499 | hostapd_rrb_receive, hapd, 1); |
ccaabeaa | 1500 | if (!hapd->l2) { |
c442055e JM |
1501 | wpa_printf(MSG_ERROR, "Failed to open l2_packet " |
1502 | "interface"); | |
1503 | return -1; | |
1504 | } | |
50bd8e0a MB |
1505 | |
1506 | if (hostapd_wpa_register_ft_oui(hapd, ft_iface)) { | |
1507 | wpa_printf(MSG_ERROR, | |
1508 | "Failed to open ETH_P_OUI interface"); | |
1509 | return -1; | |
1510 | } | |
c442055e | 1511 | } |
4ec1fd8e | 1512 | #endif /* CONFIG_IEEE80211R_AP */ |
c442055e JM |
1513 | |
1514 | return 0; | |
1515 | ||
1516 | } | |
1517 | ||
1518 | ||
1519 | void hostapd_reconfig_wpa(struct hostapd_data *hapd) | |
1520 | { | |
1521 | struct wpa_auth_config wpa_auth_conf; | |
7af092a0 | 1522 | hostapd_wpa_auth_conf(hapd->conf, hapd->iconf, &wpa_auth_conf); |
c442055e JM |
1523 | wpa_reconfig(hapd->wpa_auth, &wpa_auth_conf); |
1524 | } | |
1525 | ||
1526 | ||
1527 | void hostapd_deinit_wpa(struct hostapd_data *hapd) | |
1528 | { | |
01a17491 | 1529 | ieee80211_tkip_countermeasures_deinit(hapd); |
c442055e JM |
1530 | rsn_preauth_iface_deinit(hapd); |
1531 | if (hapd->wpa_auth) { | |
1532 | wpa_deinit(hapd->wpa_auth); | |
1533 | hapd->wpa_auth = NULL; | |
1534 | ||
1b822f52 | 1535 | if (hapd->drv_priv && hostapd_set_privacy(hapd, 0)) { |
c442055e JM |
1536 | wpa_printf(MSG_DEBUG, "Could not disable " |
1537 | "PrivacyInvoked for interface %s", | |
1538 | hapd->conf->iface); | |
1539 | } | |
1540 | ||
1b822f52 JM |
1541 | if (hapd->drv_priv && |
1542 | hostapd_set_generic_elem(hapd, (u8 *) "", 0)) { | |
c442055e JM |
1543 | wpa_printf(MSG_DEBUG, "Could not remove generic " |
1544 | "information element from interface %s", | |
1545 | hapd->conf->iface); | |
1546 | } | |
1547 | } | |
1548 | ieee802_1x_deinit(hapd); | |
1549 | ||
4ec1fd8e | 1550 | #ifdef CONFIG_IEEE80211R_AP |
c5fee160 MB |
1551 | eloop_cancel_timeout(hostapd_wpa_ft_rrb_rx_later, hapd, ELOOP_ALL_CTX); |
1552 | hostapd_wpa_ft_rrb_rx_later(hapd, NULL); /* flush without delivering */ | |
50bd8e0a MB |
1553 | eloop_cancel_timeout(hostapd_oui_deliver_later, hapd, ELOOP_ALL_CTX); |
1554 | hostapd_oui_deliver_later(hapd, NULL); /* flush without delivering */ | |
c442055e | 1555 | l2_packet_deinit(hapd->l2); |
66f4dd15 | 1556 | hapd->l2 = NULL; |
50bd8e0a | 1557 | hostapd_wpa_unregister_ft_oui(hapd); |
4ec1fd8e | 1558 | #endif /* CONFIG_IEEE80211R_AP */ |
c442055e | 1559 | } |