]> git.ipfire.org Git - thirdparty/hostap.git/blob - src/ap/ieee802_11.c
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Remove unnecessary copying of SSID and BSSID for external_auth
[thirdparty/hostap.git] / src / ap / ieee802_11.c
1 /*
2 * hostapd / IEEE 802.11 Management
3 * Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #ifndef CONFIG_NATIVE_WINDOWS
12
13 #include "utils/common.h"
14 #include "utils/eloop.h"
15 #include "crypto/crypto.h"
16 #include "crypto/sha256.h"
17 #include "crypto/sha384.h"
18 #include "crypto/sha512.h"
19 #include "crypto/random.h"
20 #include "common/ieee802_11_defs.h"
21 #include "common/ieee802_11_common.h"
22 #include "common/wpa_ctrl.h"
23 #include "common/sae.h"
24 #include "common/dpp.h"
25 #include "common/ocv.h"
26 #include "radius/radius.h"
27 #include "radius/radius_client.h"
28 #include "p2p/p2p.h"
29 #include "wps/wps.h"
30 #include "fst/fst.h"
31 #include "hostapd.h"
32 #include "beacon.h"
33 #include "ieee802_11_auth.h"
34 #include "sta_info.h"
35 #include "ieee802_1x.h"
36 #include "wpa_auth.h"
37 #include "pmksa_cache_auth.h"
38 #include "wmm.h"
39 #include "ap_list.h"
40 #include "accounting.h"
41 #include "ap_config.h"
42 #include "ap_mlme.h"
43 #include "p2p_hostapd.h"
44 #include "ap_drv_ops.h"
45 #include "wnm_ap.h"
46 #include "hw_features.h"
47 #include "ieee802_11.h"
48 #include "dfs.h"
49 #include "mbo_ap.h"
50 #include "rrm.h"
51 #include "taxonomy.h"
52 #include "fils_hlp.h"
53 #include "dpp_hostapd.h"
54 #include "gas_query_ap.h"
55
56
57 #ifdef CONFIG_FILS
58 static struct wpabuf *
59 prepare_auth_resp_fils(struct hostapd_data *hapd,
60 struct sta_info *sta, u16 *resp,
61 struct rsn_pmksa_cache_entry *pmksa,
62 struct wpabuf *erp_resp,
63 const u8 *msk, size_t msk_len,
64 int *is_pub);
65 #endif /* CONFIG_FILS */
66 static void handle_auth(struct hostapd_data *hapd,
67 const struct ieee80211_mgmt *mgmt, size_t len,
68 int rssi, int from_queue);
69
70
71 u8 * hostapd_eid_multi_ap(struct hostapd_data *hapd, u8 *eid)
72 {
73 u8 multi_ap_val = 0;
74
75 if (!hapd->conf->multi_ap)
76 return eid;
77 if (hapd->conf->multi_ap & BACKHAUL_BSS)
78 multi_ap_val |= MULTI_AP_BACKHAUL_BSS;
79 if (hapd->conf->multi_ap & FRONTHAUL_BSS)
80 multi_ap_val |= MULTI_AP_FRONTHAUL_BSS;
81
82 return eid + add_multi_ap_ie(eid, 9, multi_ap_val);
83 }
84
85
86 u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid)
87 {
88 u8 *pos = eid;
89 int i, num, count;
90
91 if (hapd->iface->current_rates == NULL)
92 return eid;
93
94 *pos++ = WLAN_EID_SUPP_RATES;
95 num = hapd->iface->num_rates;
96 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht)
97 num++;
98 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht)
99 num++;
100 if (num > 8) {
101 /* rest of the rates are encoded in Extended supported
102 * rates element */
103 num = 8;
104 }
105
106 *pos++ = num;
107 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num;
108 i++) {
109 count++;
110 *pos = hapd->iface->current_rates[i].rate / 5;
111 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC)
112 *pos |= 0x80;
113 pos++;
114 }
115
116 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht && count < 8) {
117 count++;
118 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY;
119 }
120
121 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht && count < 8) {
122 count++;
123 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY;
124 }
125
126 return pos;
127 }
128
129
130 u8 * hostapd_eid_ext_supp_rates(struct hostapd_data *hapd, u8 *eid)
131 {
132 u8 *pos = eid;
133 int i, num, count;
134
135 if (hapd->iface->current_rates == NULL)
136 return eid;
137
138 num = hapd->iface->num_rates;
139 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht)
140 num++;
141 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht)
142 num++;
143 if (num <= 8)
144 return eid;
145 num -= 8;
146
147 *pos++ = WLAN_EID_EXT_SUPP_RATES;
148 *pos++ = num;
149 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num + 8;
150 i++) {
151 count++;
152 if (count <= 8)
153 continue; /* already in SuppRates IE */
154 *pos = hapd->iface->current_rates[i].rate / 5;
155 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC)
156 *pos |= 0x80;
157 pos++;
158 }
159
160 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) {
161 count++;
162 if (count > 8)
163 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY;
164 }
165
166 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) {
167 count++;
168 if (count > 8)
169 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY;
170 }
171
172 return pos;
173 }
174
175
176 u16 hostapd_own_capab_info(struct hostapd_data *hapd)
177 {
178 int capab = WLAN_CAPABILITY_ESS;
179 int privacy;
180 int dfs;
181 int i;
182
183 /* Check if any of configured channels require DFS */
184 dfs = hostapd_is_dfs_required(hapd->iface);
185 if (dfs < 0) {
186 wpa_printf(MSG_WARNING, "Failed to check if DFS is required; ret=%d",
187 dfs);
188 dfs = 0;
189 }
190
191 if (hapd->iface->num_sta_no_short_preamble == 0 &&
192 hapd->iconf->preamble == SHORT_PREAMBLE)
193 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
194
195 privacy = hapd->conf->ssid.wep.keys_set;
196
197 if (hapd->conf->ieee802_1x &&
198 (hapd->conf->default_wep_key_len ||
199 hapd->conf->individual_wep_key_len))
200 privacy = 1;
201
202 if (hapd->conf->wpa)
203 privacy = 1;
204
205 #ifdef CONFIG_HS20
206 if (hapd->conf->osen)
207 privacy = 1;
208 #endif /* CONFIG_HS20 */
209
210 if (privacy)
211 capab |= WLAN_CAPABILITY_PRIVACY;
212
213 if (hapd->iface->current_mode &&
214 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G &&
215 hapd->iface->num_sta_no_short_slot_time == 0)
216 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
217
218 /*
219 * Currently, Spectrum Management capability bit is set when directly
220 * requested in configuration by spectrum_mgmt_required or when AP is
221 * running on DFS channel.
222 * TODO: Also consider driver support for TPC to set Spectrum Mgmt bit
223 */
224 if (hapd->iface->current_mode &&
225 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211A &&
226 (hapd->iconf->spectrum_mgmt_required || dfs))
227 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
228
229 for (i = 0; i < RRM_CAPABILITIES_IE_LEN; i++) {
230 if (hapd->conf->radio_measurements[i]) {
231 capab |= IEEE80211_CAP_RRM;
232 break;
233 }
234 }
235
236 return capab;
237 }
238
239
240 #ifndef CONFIG_NO_RC4
241 static u16 auth_shared_key(struct hostapd_data *hapd, struct sta_info *sta,
242 u16 auth_transaction, const u8 *challenge,
243 int iswep)
244 {
245 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
246 HOSTAPD_LEVEL_DEBUG,
247 "authentication (shared key, transaction %d)",
248 auth_transaction);
249
250 if (auth_transaction == 1) {
251 if (!sta->challenge) {
252 /* Generate a pseudo-random challenge */
253 u8 key[8];
254
255 sta->challenge = os_zalloc(WLAN_AUTH_CHALLENGE_LEN);
256 if (sta->challenge == NULL)
257 return WLAN_STATUS_UNSPECIFIED_FAILURE;
258
259 if (os_get_random(key, sizeof(key)) < 0) {
260 os_free(sta->challenge);
261 sta->challenge = NULL;
262 return WLAN_STATUS_UNSPECIFIED_FAILURE;
263 }
264
265 rc4_skip(key, sizeof(key), 0,
266 sta->challenge, WLAN_AUTH_CHALLENGE_LEN);
267 }
268 return 0;
269 }
270
271 if (auth_transaction != 3)
272 return WLAN_STATUS_UNSPECIFIED_FAILURE;
273
274 /* Transaction 3 */
275 if (!iswep || !sta->challenge || !challenge ||
276 os_memcmp_const(sta->challenge, challenge,
277 WLAN_AUTH_CHALLENGE_LEN)) {
278 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
279 HOSTAPD_LEVEL_INFO,
280 "shared key authentication - invalid "
281 "challenge-response");
282 return WLAN_STATUS_CHALLENGE_FAIL;
283 }
284
285 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
286 HOSTAPD_LEVEL_DEBUG,
287 "authentication OK (shared key)");
288 sta->flags |= WLAN_STA_AUTH;
289 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
290 os_free(sta->challenge);
291 sta->challenge = NULL;
292
293 return 0;
294 }
295 #endif /* CONFIG_NO_RC4 */
296
297
298 static int send_auth_reply(struct hostapd_data *hapd,
299 const u8 *dst, const u8 *bssid,
300 u16 auth_alg, u16 auth_transaction, u16 resp,
301 const u8 *ies, size_t ies_len, const char *dbg)
302 {
303 struct ieee80211_mgmt *reply;
304 u8 *buf;
305 size_t rlen;
306 int reply_res = WLAN_STATUS_UNSPECIFIED_FAILURE;
307
308 rlen = IEEE80211_HDRLEN + sizeof(reply->u.auth) + ies_len;
309 buf = os_zalloc(rlen);
310 if (buf == NULL)
311 return -1;
312
313 reply = (struct ieee80211_mgmt *) buf;
314 reply->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
315 WLAN_FC_STYPE_AUTH);
316 os_memcpy(reply->da, dst, ETH_ALEN);
317 os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN);
318 os_memcpy(reply->bssid, bssid, ETH_ALEN);
319
320 reply->u.auth.auth_alg = host_to_le16(auth_alg);
321 reply->u.auth.auth_transaction = host_to_le16(auth_transaction);
322 reply->u.auth.status_code = host_to_le16(resp);
323
324 if (ies && ies_len)
325 os_memcpy(reply->u.auth.variable, ies, ies_len);
326
327 wpa_printf(MSG_DEBUG, "authentication reply: STA=" MACSTR
328 " auth_alg=%d auth_transaction=%d resp=%d (IE len=%lu) (dbg=%s)",
329 MAC2STR(dst), auth_alg, auth_transaction,
330 resp, (unsigned long) ies_len, dbg);
331 if (hostapd_drv_send_mlme(hapd, reply, rlen, 0) < 0)
332 wpa_printf(MSG_INFO, "send_auth_reply: send failed");
333 else
334 reply_res = WLAN_STATUS_SUCCESS;
335
336 os_free(buf);
337
338 return reply_res;
339 }
340
341
342 #ifdef CONFIG_IEEE80211R_AP
343 static void handle_auth_ft_finish(void *ctx, const u8 *dst, const u8 *bssid,
344 u16 auth_transaction, u16 status,
345 const u8 *ies, size_t ies_len)
346 {
347 struct hostapd_data *hapd = ctx;
348 struct sta_info *sta;
349 int reply_res;
350
351 reply_res = send_auth_reply(hapd, dst, bssid, WLAN_AUTH_FT,
352 auth_transaction, status, ies, ies_len,
353 "auth-ft-finish");
354
355 sta = ap_get_sta(hapd, dst);
356 if (sta == NULL)
357 return;
358
359 if (sta->added_unassoc && (reply_res != WLAN_STATUS_SUCCESS ||
360 status != WLAN_STATUS_SUCCESS)) {
361 hostapd_drv_sta_remove(hapd, sta->addr);
362 sta->added_unassoc = 0;
363 return;
364 }
365
366 if (status != WLAN_STATUS_SUCCESS)
367 return;
368
369 hostapd_logger(hapd, dst, HOSTAPD_MODULE_IEEE80211,
370 HOSTAPD_LEVEL_DEBUG, "authentication OK (FT)");
371 sta->flags |= WLAN_STA_AUTH;
372 mlme_authenticate_indication(hapd, sta);
373 }
374 #endif /* CONFIG_IEEE80211R_AP */
375
376
377 #ifdef CONFIG_SAE
378
379 static void sae_set_state(struct sta_info *sta, enum sae_state state,
380 const char *reason)
381 {
382 wpa_printf(MSG_DEBUG, "SAE: State %s -> %s for peer " MACSTR " (%s)",
383 sae_state_txt(sta->sae->state), sae_state_txt(state),
384 MAC2STR(sta->addr), reason);
385 sta->sae->state = state;
386 }
387
388
389 static struct wpabuf * auth_build_sae_commit(struct hostapd_data *hapd,
390 struct sta_info *sta, int update)
391 {
392 struct wpabuf *buf;
393 const char *password = NULL;
394 struct sae_password_entry *pw;
395 const char *rx_id = NULL;
396
397 if (sta->sae->tmp)
398 rx_id = sta->sae->tmp->pw_id;
399
400 for (pw = hapd->conf->sae_passwords; pw; pw = pw->next) {
401 if (!is_broadcast_ether_addr(pw->peer_addr) &&
402 os_memcmp(pw->peer_addr, sta->addr, ETH_ALEN) != 0)
403 continue;
404 if ((rx_id && !pw->identifier) || (!rx_id && pw->identifier))
405 continue;
406 if (rx_id && pw->identifier &&
407 os_strcmp(rx_id, pw->identifier) != 0)
408 continue;
409 password = pw->password;
410 break;
411 }
412 if (!password)
413 password = hapd->conf->ssid.wpa_passphrase;
414 if (!password) {
415 wpa_printf(MSG_DEBUG, "SAE: No password available");
416 return NULL;
417 }
418
419 if (update &&
420 sae_prepare_commit(hapd->own_addr, sta->addr,
421 (u8 *) password, os_strlen(password), rx_id,
422 sta->sae) < 0) {
423 wpa_printf(MSG_DEBUG, "SAE: Could not pick PWE");
424 return NULL;
425 }
426
427 if (pw && pw->vlan_id) {
428 if (!sta->sae->tmp) {
429 wpa_printf(MSG_INFO,
430 "SAE: No temporary data allocated - cannot store VLAN ID");
431 return NULL;
432 }
433 sta->sae->tmp->vlan_id = pw->vlan_id;
434 }
435
436 buf = wpabuf_alloc(SAE_COMMIT_MAX_LEN +
437 (rx_id ? 3 + os_strlen(rx_id) : 0));
438 if (buf == NULL)
439 return NULL;
440 sae_write_commit(sta->sae, buf, sta->sae->tmp ?
441 sta->sae->tmp->anti_clogging_token : NULL, rx_id);
442
443 return buf;
444 }
445
446
447 static struct wpabuf * auth_build_sae_confirm(struct hostapd_data *hapd,
448 struct sta_info *sta)
449 {
450 struct wpabuf *buf;
451
452 buf = wpabuf_alloc(SAE_CONFIRM_MAX_LEN);
453 if (buf == NULL)
454 return NULL;
455
456 sae_write_confirm(sta->sae, buf);
457
458 return buf;
459 }
460
461
462 static int auth_sae_send_commit(struct hostapd_data *hapd,
463 struct sta_info *sta,
464 const u8 *bssid, int update)
465 {
466 struct wpabuf *data;
467 int reply_res;
468
469 data = auth_build_sae_commit(hapd, sta, update);
470 if (!data && sta->sae->tmp && sta->sae->tmp->pw_id)
471 return WLAN_STATUS_UNKNOWN_PASSWORD_IDENTIFIER;
472 if (data == NULL)
473 return WLAN_STATUS_UNSPECIFIED_FAILURE;
474
475 reply_res = send_auth_reply(hapd, sta->addr, bssid, WLAN_AUTH_SAE, 1,
476 WLAN_STATUS_SUCCESS, wpabuf_head(data),
477 wpabuf_len(data), "sae-send-commit");
478
479 wpabuf_free(data);
480
481 return reply_res;
482 }
483
484
485 static int auth_sae_send_confirm(struct hostapd_data *hapd,
486 struct sta_info *sta,
487 const u8 *bssid)
488 {
489 struct wpabuf *data;
490 int reply_res;
491
492 data = auth_build_sae_confirm(hapd, sta);
493 if (data == NULL)
494 return WLAN_STATUS_UNSPECIFIED_FAILURE;
495
496 reply_res = send_auth_reply(hapd, sta->addr, bssid, WLAN_AUTH_SAE, 2,
497 WLAN_STATUS_SUCCESS, wpabuf_head(data),
498 wpabuf_len(data), "sae-send-confirm");
499
500 wpabuf_free(data);
501
502 return reply_res;
503 }
504
505
506 static int use_sae_anti_clogging(struct hostapd_data *hapd)
507 {
508 struct sta_info *sta;
509 unsigned int open = 0;
510
511 if (hapd->conf->sae_anti_clogging_threshold == 0)
512 return 1;
513
514 for (sta = hapd->sta_list; sta; sta = sta->next) {
515 if (!sta->sae)
516 continue;
517 if (sta->sae->state != SAE_COMMITTED &&
518 sta->sae->state != SAE_CONFIRMED)
519 continue;
520 open++;
521 if (open >= hapd->conf->sae_anti_clogging_threshold)
522 return 1;
523 }
524
525 /* In addition to already existing open SAE sessions, check whether
526 * there are enough pending commit messages in the processing queue to
527 * potentially result in too many open sessions. */
528 if (open + dl_list_len(&hapd->sae_commit_queue) >=
529 hapd->conf->sae_anti_clogging_threshold)
530 return 1;
531
532 return 0;
533 }
534
535
536 static u8 sae_token_hash(struct hostapd_data *hapd, const u8 *addr)
537 {
538 u8 hash[SHA256_MAC_LEN];
539
540 hmac_sha256(hapd->sae_token_key, sizeof(hapd->sae_token_key),
541 addr, ETH_ALEN, hash);
542 return hash[0];
543 }
544
545
546 static int check_sae_token(struct hostapd_data *hapd, const u8 *addr,
547 const u8 *token, size_t token_len)
548 {
549 u8 mac[SHA256_MAC_LEN];
550 const u8 *addrs[2];
551 size_t len[2];
552 u16 token_idx;
553 u8 idx;
554
555 if (token_len != SHA256_MAC_LEN)
556 return -1;
557 idx = sae_token_hash(hapd, addr);
558 token_idx = hapd->sae_pending_token_idx[idx];
559 if (token_idx == 0 || token_idx != WPA_GET_BE16(token)) {
560 wpa_printf(MSG_DEBUG, "SAE: Invalid anti-clogging token from "
561 MACSTR " - token_idx 0x%04x, expected 0x%04x",
562 MAC2STR(addr), WPA_GET_BE16(token), token_idx);
563 return -1;
564 }
565
566 addrs[0] = addr;
567 len[0] = ETH_ALEN;
568 addrs[1] = token;
569 len[1] = 2;
570 if (hmac_sha256_vector(hapd->sae_token_key, sizeof(hapd->sae_token_key),
571 2, addrs, len, mac) < 0 ||
572 os_memcmp_const(token + 2, &mac[2], SHA256_MAC_LEN - 2) != 0)
573 return -1;
574
575 hapd->sae_pending_token_idx[idx] = 0; /* invalidate used token */
576
577 return 0;
578 }
579
580
581 static struct wpabuf * auth_build_token_req(struct hostapd_data *hapd,
582 int group, const u8 *addr)
583 {
584 struct wpabuf *buf;
585 u8 *token;
586 struct os_reltime now;
587 u8 idx[2];
588 const u8 *addrs[2];
589 size_t len[2];
590 u8 p_idx;
591 u16 token_idx;
592
593 os_get_reltime(&now);
594 if (!os_reltime_initialized(&hapd->last_sae_token_key_update) ||
595 os_reltime_expired(&now, &hapd->last_sae_token_key_update, 60) ||
596 hapd->sae_token_idx == 0xffff) {
597 if (random_get_bytes(hapd->sae_token_key,
598 sizeof(hapd->sae_token_key)) < 0)
599 return NULL;
600 wpa_hexdump(MSG_DEBUG, "SAE: Updated token key",
601 hapd->sae_token_key, sizeof(hapd->sae_token_key));
602 hapd->last_sae_token_key_update = now;
603 hapd->sae_token_idx = 0;
604 os_memset(hapd->sae_pending_token_idx, 0,
605 sizeof(hapd->sae_pending_token_idx));
606 }
607
608 buf = wpabuf_alloc(sizeof(le16) + SHA256_MAC_LEN);
609 if (buf == NULL)
610 return NULL;
611
612 wpabuf_put_le16(buf, group); /* Finite Cyclic Group */
613
614 p_idx = sae_token_hash(hapd, addr);
615 token_idx = hapd->sae_pending_token_idx[p_idx];
616 if (!token_idx) {
617 hapd->sae_token_idx++;
618 token_idx = hapd->sae_token_idx;
619 hapd->sae_pending_token_idx[p_idx] = token_idx;
620 }
621 WPA_PUT_BE16(idx, token_idx);
622 token = wpabuf_put(buf, SHA256_MAC_LEN);
623 addrs[0] = addr;
624 len[0] = ETH_ALEN;
625 addrs[1] = idx;
626 len[1] = sizeof(idx);
627 if (hmac_sha256_vector(hapd->sae_token_key, sizeof(hapd->sae_token_key),
628 2, addrs, len, token) < 0) {
629 wpabuf_free(buf);
630 return NULL;
631 }
632 WPA_PUT_BE16(token, token_idx);
633
634 return buf;
635 }
636
637
638 static int sae_check_big_sync(struct hostapd_data *hapd, struct sta_info *sta)
639 {
640 if (sta->sae->sync > hapd->conf->sae_sync) {
641 sae_set_state(sta, SAE_NOTHING, "Sync > dot11RSNASAESync");
642 sta->sae->sync = 0;
643 return -1;
644 }
645 return 0;
646 }
647
648
649 static void auth_sae_retransmit_timer(void *eloop_ctx, void *eloop_data)
650 {
651 struct hostapd_data *hapd = eloop_ctx;
652 struct sta_info *sta = eloop_data;
653 int ret;
654
655 if (sae_check_big_sync(hapd, sta))
656 return;
657 sta->sae->sync++;
658 wpa_printf(MSG_DEBUG, "SAE: Auth SAE retransmit timer for " MACSTR
659 " (sync=%d state=%s)",
660 MAC2STR(sta->addr), sta->sae->sync,
661 sae_state_txt(sta->sae->state));
662
663 switch (sta->sae->state) {
664 case SAE_COMMITTED:
665 ret = auth_sae_send_commit(hapd, sta, hapd->own_addr, 0);
666 eloop_register_timeout(0,
667 hapd->dot11RSNASAERetransPeriod * 1000,
668 auth_sae_retransmit_timer, hapd, sta);
669 break;
670 case SAE_CONFIRMED:
671 ret = auth_sae_send_confirm(hapd, sta, hapd->own_addr);
672 eloop_register_timeout(0,
673 hapd->dot11RSNASAERetransPeriod * 1000,
674 auth_sae_retransmit_timer, hapd, sta);
675 break;
676 default:
677 ret = -1;
678 break;
679 }
680
681 if (ret != WLAN_STATUS_SUCCESS)
682 wpa_printf(MSG_INFO, "SAE: Failed to retransmit: ret=%d", ret);
683 }
684
685
686 void sae_clear_retransmit_timer(struct hostapd_data *hapd, struct sta_info *sta)
687 {
688 eloop_cancel_timeout(auth_sae_retransmit_timer, hapd, sta);
689 }
690
691
692 static void sae_set_retransmit_timer(struct hostapd_data *hapd,
693 struct sta_info *sta)
694 {
695 if (!(hapd->conf->mesh & MESH_ENABLED))
696 return;
697
698 eloop_cancel_timeout(auth_sae_retransmit_timer, hapd, sta);
699 eloop_register_timeout(0, hapd->dot11RSNASAERetransPeriod * 1000,
700 auth_sae_retransmit_timer, hapd, sta);
701 }
702
703
704 static void sae_sme_send_external_auth_status(struct hostapd_data *hapd,
705 struct sta_info *sta, u16 status)
706 {
707 struct external_auth params;
708
709 os_memset(&params, 0, sizeof(params));
710 params.status = status;
711 params.bssid = sta->addr;
712 if (status == WLAN_STATUS_SUCCESS && sta->sae)
713 params.pmkid = sta->sae->pmkid;
714
715 hostapd_drv_send_external_auth_status(hapd, &params);
716 }
717
718
719 void sae_accept_sta(struct hostapd_data *hapd, struct sta_info *sta)
720 {
721 #ifndef CONFIG_NO_VLAN
722 struct vlan_description vlan_desc;
723
724 if (sta->sae->tmp && sta->sae->tmp->vlan_id > 0) {
725 wpa_printf(MSG_DEBUG, "SAE: Assign STA " MACSTR
726 " to VLAN ID %d",
727 MAC2STR(sta->addr), sta->sae->tmp->vlan_id);
728
729 os_memset(&vlan_desc, 0, sizeof(vlan_desc));
730 vlan_desc.notempty = 1;
731 vlan_desc.untagged = sta->sae->tmp->vlan_id;
732 if (!hostapd_vlan_valid(hapd->conf->vlan, &vlan_desc)) {
733 wpa_printf(MSG_INFO,
734 "Invalid VLAN ID %d in sae_password",
735 sta->sae->tmp->vlan_id);
736 return;
737 }
738
739 if (ap_sta_set_vlan(hapd, sta, &vlan_desc) < 0 ||
740 ap_sta_bind_vlan(hapd, sta) < 0) {
741 wpa_printf(MSG_INFO,
742 "Failed to assign VLAN ID %d from sae_password to "
743 MACSTR, sta->sae->tmp->vlan_id,
744 MAC2STR(sta->addr));
745 return;
746 }
747 }
748 #endif /* CONFIG_NO_VLAN */
749
750 sta->flags |= WLAN_STA_AUTH;
751 sta->auth_alg = WLAN_AUTH_SAE;
752 mlme_authenticate_indication(hapd, sta);
753 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
754 sae_set_state(sta, SAE_ACCEPTED, "Accept Confirm");
755 wpa_auth_pmksa_add_sae(hapd->wpa_auth, sta->addr,
756 sta->sae->pmk, sta->sae->pmkid);
757 sae_sme_send_external_auth_status(hapd, sta, WLAN_STATUS_SUCCESS);
758 }
759
760
761 static int sae_sm_step(struct hostapd_data *hapd, struct sta_info *sta,
762 const u8 *bssid, u8 auth_transaction, int allow_reuse)
763 {
764 int ret;
765
766 if (auth_transaction != 1 && auth_transaction != 2)
767 return WLAN_STATUS_UNSPECIFIED_FAILURE;
768
769 wpa_printf(MSG_DEBUG, "SAE: Peer " MACSTR " state=%s auth_trans=%u",
770 MAC2STR(sta->addr), sae_state_txt(sta->sae->state),
771 auth_transaction);
772 switch (sta->sae->state) {
773 case SAE_NOTHING:
774 if (auth_transaction == 1) {
775 ret = auth_sae_send_commit(hapd, sta, bssid,
776 !allow_reuse);
777 if (ret)
778 return ret;
779 sae_set_state(sta, SAE_COMMITTED, "Sent Commit");
780
781 if (sae_process_commit(sta->sae) < 0)
782 return WLAN_STATUS_UNSPECIFIED_FAILURE;
783
784 /*
785 * In mesh case, both Commit and Confirm can be sent
786 * immediately. In infrastructure BSS, only a single
787 * Authentication frame (Commit) is expected from the AP
788 * here and the second one (Confirm) will be sent once
789 * the STA has sent its second Authentication frame
790 * (Confirm).
791 */
792 if (hapd->conf->mesh & MESH_ENABLED) {
793 /*
794 * Send both Commit and Confirm immediately
795 * based on SAE finite state machine
796 * Nothing -> Confirm transition.
797 */
798 ret = auth_sae_send_confirm(hapd, sta, bssid);
799 if (ret)
800 return ret;
801 sae_set_state(sta, SAE_CONFIRMED,
802 "Sent Confirm (mesh)");
803 } else {
804 /*
805 * For infrastructure BSS, send only the Commit
806 * message now to get alternating sequence of
807 * Authentication frames between the AP and STA.
808 * Confirm will be sent in
809 * Committed -> Confirmed/Accepted transition
810 * when receiving Confirm from STA.
811 */
812 }
813 sta->sae->sync = 0;
814 sae_set_retransmit_timer(hapd, sta);
815 } else {
816 hostapd_logger(hapd, sta->addr,
817 HOSTAPD_MODULE_IEEE80211,
818 HOSTAPD_LEVEL_DEBUG,
819 "SAE confirm before commit");
820 }
821 break;
822 case SAE_COMMITTED:
823 sae_clear_retransmit_timer(hapd, sta);
824 if (auth_transaction == 1) {
825 if (sae_process_commit(sta->sae) < 0)
826 return WLAN_STATUS_UNSPECIFIED_FAILURE;
827
828 ret = auth_sae_send_confirm(hapd, sta, bssid);
829 if (ret)
830 return ret;
831 sae_set_state(sta, SAE_CONFIRMED, "Sent Confirm");
832 sta->sae->sync = 0;
833 sae_set_retransmit_timer(hapd, sta);
834 } else if (hapd->conf->mesh & MESH_ENABLED) {
835 /*
836 * In mesh case, follow SAE finite state machine and
837 * send Commit now, if sync count allows.
838 */
839 if (sae_check_big_sync(hapd, sta))
840 return WLAN_STATUS_SUCCESS;
841 sta->sae->sync++;
842
843 ret = auth_sae_send_commit(hapd, sta, bssid, 0);
844 if (ret)
845 return ret;
846
847 sae_set_retransmit_timer(hapd, sta);
848 } else {
849 /*
850 * For instructure BSS, send the postponed Confirm from
851 * Nothing -> Confirmed transition that was reduced to
852 * Nothing -> Committed above.
853 */
854 ret = auth_sae_send_confirm(hapd, sta, bssid);
855 if (ret)
856 return ret;
857
858 sae_set_state(sta, SAE_CONFIRMED, "Sent Confirm");
859
860 /*
861 * Since this was triggered on Confirm RX, run another
862 * step to get to Accepted without waiting for
863 * additional events.
864 */
865 return sae_sm_step(hapd, sta, bssid, auth_transaction,
866 0);
867 }
868 break;
869 case SAE_CONFIRMED:
870 sae_clear_retransmit_timer(hapd, sta);
871 if (auth_transaction == 1) {
872 if (sae_check_big_sync(hapd, sta))
873 return WLAN_STATUS_SUCCESS;
874 sta->sae->sync++;
875
876 ret = auth_sae_send_commit(hapd, sta, bssid, 1);
877 if (ret)
878 return ret;
879
880 if (sae_process_commit(sta->sae) < 0)
881 return WLAN_STATUS_UNSPECIFIED_FAILURE;
882
883 ret = auth_sae_send_confirm(hapd, sta, bssid);
884 if (ret)
885 return ret;
886
887 sae_set_retransmit_timer(hapd, sta);
888 } else {
889 sta->sae->send_confirm = 0xffff;
890 sae_accept_sta(hapd, sta);
891 }
892 break;
893 case SAE_ACCEPTED:
894 if (auth_transaction == 1 &&
895 (hapd->conf->mesh & MESH_ENABLED)) {
896 wpa_printf(MSG_DEBUG, "SAE: remove the STA (" MACSTR
897 ") doing reauthentication",
898 MAC2STR(sta->addr));
899 ap_free_sta(hapd, sta);
900 wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr);
901 } else if (auth_transaction == 1) {
902 wpa_printf(MSG_DEBUG, "SAE: Start reauthentication");
903 ret = auth_sae_send_commit(hapd, sta, bssid, 1);
904 if (ret)
905 return ret;
906 sae_set_state(sta, SAE_COMMITTED, "Sent Commit");
907
908 if (sae_process_commit(sta->sae) < 0)
909 return WLAN_STATUS_UNSPECIFIED_FAILURE;
910 sta->sae->sync = 0;
911 sae_set_retransmit_timer(hapd, sta);
912 } else {
913 if (sae_check_big_sync(hapd, sta))
914 return WLAN_STATUS_SUCCESS;
915 sta->sae->sync++;
916
917 ret = auth_sae_send_confirm(hapd, sta, bssid);
918 sae_clear_temp_data(sta->sae);
919 if (ret)
920 return ret;
921 }
922 break;
923 default:
924 wpa_printf(MSG_ERROR, "SAE: invalid state %d",
925 sta->sae->state);
926 return WLAN_STATUS_UNSPECIFIED_FAILURE;
927 }
928 return WLAN_STATUS_SUCCESS;
929 }
930
931
932 static void sae_pick_next_group(struct hostapd_data *hapd, struct sta_info *sta)
933 {
934 struct sae_data *sae = sta->sae;
935 int i, *groups = hapd->conf->sae_groups;
936 int default_groups[] = { 19, 0 };
937
938 if (sae->state != SAE_COMMITTED)
939 return;
940
941 wpa_printf(MSG_DEBUG, "SAE: Previously selected group: %d", sae->group);
942
943 if (!groups)
944 groups = default_groups;
945 for (i = 0; groups[i] > 0; i++) {
946 if (sae->group == groups[i])
947 break;
948 }
949
950 if (groups[i] <= 0) {
951 wpa_printf(MSG_DEBUG,
952 "SAE: Previously selected group not found from the current configuration");
953 return;
954 }
955
956 for (;;) {
957 i++;
958 if (groups[i] <= 0) {
959 wpa_printf(MSG_DEBUG,
960 "SAE: No alternative group enabled");
961 return;
962 }
963
964 if (sae_set_group(sae, groups[i]) < 0)
965 continue;
966
967 break;
968 }
969 wpa_printf(MSG_DEBUG, "SAE: Selected new group: %d", groups[i]);
970 }
971
972
973 static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
974 const struct ieee80211_mgmt *mgmt, size_t len,
975 u16 auth_transaction, u16 status_code)
976 {
977 int resp = WLAN_STATUS_SUCCESS;
978 struct wpabuf *data = NULL;
979 int *groups = hapd->conf->sae_groups;
980 int default_groups[] = { 19, 0 };
981 const u8 *pos, *end;
982
983 if (!groups)
984 groups = default_groups;
985
986 #ifdef CONFIG_TESTING_OPTIONS
987 if (hapd->conf->sae_reflection_attack && auth_transaction == 1) {
988 wpa_printf(MSG_DEBUG, "SAE: TESTING - reflection attack");
989 pos = mgmt->u.auth.variable;
990 end = ((const u8 *) mgmt) + len;
991 send_auth_reply(hapd, mgmt->sa, mgmt->bssid, WLAN_AUTH_SAE,
992 auth_transaction, resp, pos, end - pos,
993 "auth-sae-reflection-attack");
994 goto remove_sta;
995 }
996
997 if (hapd->conf->sae_commit_override && auth_transaction == 1) {
998 wpa_printf(MSG_DEBUG, "SAE: TESTING - commit override");
999 send_auth_reply(hapd, mgmt->sa, mgmt->bssid, WLAN_AUTH_SAE,
1000 auth_transaction, resp,
1001 wpabuf_head(hapd->conf->sae_commit_override),
1002 wpabuf_len(hapd->conf->sae_commit_override),
1003 "sae-commit-override");
1004 goto remove_sta;
1005 }
1006 #endif /* CONFIG_TESTING_OPTIONS */
1007 if (!sta->sae) {
1008 if (auth_transaction != 1 ||
1009 status_code != WLAN_STATUS_SUCCESS) {
1010 resp = -1;
1011 goto remove_sta;
1012 }
1013 sta->sae = os_zalloc(sizeof(*sta->sae));
1014 if (!sta->sae) {
1015 resp = -1;
1016 goto remove_sta;
1017 }
1018 sae_set_state(sta, SAE_NOTHING, "Init");
1019 sta->sae->sync = 0;
1020 }
1021
1022 if (sta->mesh_sae_pmksa_caching) {
1023 wpa_printf(MSG_DEBUG,
1024 "SAE: Cancel use of mesh PMKSA caching because peer starts SAE authentication");
1025 wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr);
1026 sta->mesh_sae_pmksa_caching = 0;
1027 }
1028
1029 if (auth_transaction == 1) {
1030 const u8 *token = NULL;
1031 size_t token_len = 0;
1032 int allow_reuse = 0;
1033
1034 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1035 HOSTAPD_LEVEL_DEBUG,
1036 "start SAE authentication (RX commit, status=%u)",
1037 status_code);
1038
1039 if ((hapd->conf->mesh & MESH_ENABLED) &&
1040 status_code == WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ &&
1041 sta->sae->tmp) {
1042 pos = mgmt->u.auth.variable;
1043 end = ((const u8 *) mgmt) + len;
1044 if (pos + sizeof(le16) > end) {
1045 wpa_printf(MSG_ERROR,
1046 "SAE: Too short anti-clogging token request");
1047 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1048 goto reply;
1049 }
1050 resp = sae_group_allowed(sta->sae, groups,
1051 WPA_GET_LE16(pos));
1052 if (resp != WLAN_STATUS_SUCCESS) {
1053 wpa_printf(MSG_ERROR,
1054 "SAE: Invalid group in anti-clogging token request");
1055 goto reply;
1056 }
1057 pos += sizeof(le16);
1058
1059 wpabuf_free(sta->sae->tmp->anti_clogging_token);
1060 sta->sae->tmp->anti_clogging_token =
1061 wpabuf_alloc_copy(pos, end - pos);
1062 if (sta->sae->tmp->anti_clogging_token == NULL) {
1063 wpa_printf(MSG_ERROR,
1064 "SAE: Failed to alloc for anti-clogging token");
1065 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1066 goto remove_sta;
1067 }
1068
1069 /*
1070 * IEEE Std 802.11-2012, 11.3.8.6.4: If the Status code
1071 * is 76, a new Commit Message shall be constructed
1072 * with the Anti-Clogging Token from the received
1073 * Authentication frame, and the commit-scalar and
1074 * COMMIT-ELEMENT previously sent.
1075 */
1076 resp = auth_sae_send_commit(hapd, sta, mgmt->bssid, 0);
1077 if (resp != WLAN_STATUS_SUCCESS) {
1078 wpa_printf(MSG_ERROR,
1079 "SAE: Failed to send commit message");
1080 goto remove_sta;
1081 }
1082 sae_set_state(sta, SAE_COMMITTED,
1083 "Sent Commit (anti-clogging token case in mesh)");
1084 sta->sae->sync = 0;
1085 sae_set_retransmit_timer(hapd, sta);
1086 return;
1087 }
1088
1089 if ((hapd->conf->mesh & MESH_ENABLED) &&
1090 status_code ==
1091 WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED &&
1092 sta->sae->tmp) {
1093 wpa_printf(MSG_DEBUG,
1094 "SAE: Peer did not accept our SAE group");
1095 sae_pick_next_group(hapd, sta);
1096 goto remove_sta;
1097 }
1098
1099 if (status_code != WLAN_STATUS_SUCCESS)
1100 goto remove_sta;
1101
1102 if (!(hapd->conf->mesh & MESH_ENABLED) &&
1103 sta->sae->state == SAE_COMMITTED) {
1104 /* This is needed in the infrastructure BSS case to
1105 * address a sequence where a STA entry may remain in
1106 * hostapd across two attempts to do SAE authentication
1107 * by the same STA. The second attempt may end up trying
1108 * to use a different group and that would not be
1109 * allowed if we remain in Committed state with the
1110 * previously set parameters. */
1111 pos = mgmt->u.auth.variable;
1112 end = ((const u8 *) mgmt) + len;
1113 if (end - pos >= (int) sizeof(le16) &&
1114 sae_group_allowed(sta->sae, groups,
1115 WPA_GET_LE16(pos)) ==
1116 WLAN_STATUS_SUCCESS) {
1117 /* Do not waste resources deriving the same PWE
1118 * again since the same group is reused. */
1119 sae_set_state(sta, SAE_NOTHING,
1120 "Allow previous PWE to be reused");
1121 allow_reuse = 1;
1122 } else {
1123 sae_set_state(sta, SAE_NOTHING,
1124 "Clear existing state to allow restart");
1125 sae_clear_data(sta->sae);
1126 }
1127 }
1128
1129 resp = sae_parse_commit(sta->sae, mgmt->u.auth.variable,
1130 ((const u8 *) mgmt) + len -
1131 mgmt->u.auth.variable, &token,
1132 &token_len, groups);
1133 if (resp == SAE_SILENTLY_DISCARD) {
1134 wpa_printf(MSG_DEBUG,
1135 "SAE: Drop commit message from " MACSTR " due to reflection attack",
1136 MAC2STR(sta->addr));
1137 goto remove_sta;
1138 }
1139
1140 if (resp == WLAN_STATUS_UNKNOWN_PASSWORD_IDENTIFIER) {
1141 wpa_msg(hapd->msg_ctx, MSG_INFO,
1142 WPA_EVENT_SAE_UNKNOWN_PASSWORD_IDENTIFIER
1143 MACSTR, MAC2STR(sta->addr));
1144 sae_clear_retransmit_timer(hapd, sta);
1145 sae_set_state(sta, SAE_NOTHING,
1146 "Unknown Password Identifier");
1147 goto remove_sta;
1148 }
1149
1150 if (token && check_sae_token(hapd, sta->addr, token, token_len)
1151 < 0) {
1152 wpa_printf(MSG_DEBUG, "SAE: Drop commit message with "
1153 "incorrect token from " MACSTR,
1154 MAC2STR(sta->addr));
1155 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1156 goto remove_sta;
1157 }
1158
1159 if (resp != WLAN_STATUS_SUCCESS)
1160 goto reply;
1161
1162 if (!token && use_sae_anti_clogging(hapd) && !allow_reuse) {
1163 wpa_printf(MSG_DEBUG,
1164 "SAE: Request anti-clogging token from "
1165 MACSTR, MAC2STR(sta->addr));
1166 data = auth_build_token_req(hapd, sta->sae->group,
1167 sta->addr);
1168 resp = WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ;
1169 if (hapd->conf->mesh & MESH_ENABLED)
1170 sae_set_state(sta, SAE_NOTHING,
1171 "Request anti-clogging token case in mesh");
1172 goto reply;
1173 }
1174
1175 resp = sae_sm_step(hapd, sta, mgmt->bssid, auth_transaction,
1176 allow_reuse);
1177 } else if (auth_transaction == 2) {
1178 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1179 HOSTAPD_LEVEL_DEBUG,
1180 "SAE authentication (RX confirm, status=%u)",
1181 status_code);
1182 if (status_code != WLAN_STATUS_SUCCESS)
1183 goto remove_sta;
1184 if (sta->sae->state >= SAE_CONFIRMED ||
1185 !(hapd->conf->mesh & MESH_ENABLED)) {
1186 const u8 *var;
1187 size_t var_len;
1188 u16 peer_send_confirm;
1189
1190 var = mgmt->u.auth.variable;
1191 var_len = ((u8 *) mgmt) + len - mgmt->u.auth.variable;
1192 if (var_len < 2) {
1193 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1194 goto reply;
1195 }
1196
1197 peer_send_confirm = WPA_GET_LE16(var);
1198
1199 if (sta->sae->state == SAE_ACCEPTED &&
1200 (peer_send_confirm <= sta->sae->rc ||
1201 peer_send_confirm == 0xffff)) {
1202 wpa_printf(MSG_DEBUG,
1203 "SAE: Silently ignore unexpected Confirm from peer "
1204 MACSTR
1205 " (peer-send-confirm=%u Rc=%u)",
1206 MAC2STR(sta->addr),
1207 peer_send_confirm, sta->sae->rc);
1208 return;
1209 }
1210
1211 if (sae_check_confirm(sta->sae, var, var_len) < 0) {
1212 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1213 goto reply;
1214 }
1215 sta->sae->rc = peer_send_confirm;
1216 }
1217 resp = sae_sm_step(hapd, sta, mgmt->bssid, auth_transaction, 0);
1218 } else {
1219 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1220 HOSTAPD_LEVEL_DEBUG,
1221 "unexpected SAE authentication transaction %u (status=%u)",
1222 auth_transaction, status_code);
1223 if (status_code != WLAN_STATUS_SUCCESS)
1224 goto remove_sta;
1225 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION;
1226 }
1227
1228 reply:
1229 if (resp != WLAN_STATUS_SUCCESS) {
1230 pos = mgmt->u.auth.variable;
1231 end = ((const u8 *) mgmt) + len;
1232
1233 /* Copy the Finite Cyclic Group field from the request if we
1234 * rejected it as unsupported group. */
1235 if (resp == WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED &&
1236 !data && end - pos >= 2)
1237 data = wpabuf_alloc_copy(pos, 2);
1238
1239 sae_sme_send_external_auth_status(hapd, sta, resp);
1240 send_auth_reply(hapd, mgmt->sa, mgmt->bssid, WLAN_AUTH_SAE,
1241 auth_transaction, resp,
1242 data ? wpabuf_head(data) : (u8 *) "",
1243 data ? wpabuf_len(data) : 0, "auth-sae");
1244 }
1245
1246 remove_sta:
1247 if (sta->added_unassoc && (resp != WLAN_STATUS_SUCCESS ||
1248 status_code != WLAN_STATUS_SUCCESS)) {
1249 hostapd_drv_sta_remove(hapd, sta->addr);
1250 sta->added_unassoc = 0;
1251 }
1252 wpabuf_free(data);
1253 }
1254
1255
1256 /**
1257 * auth_sae_init_committed - Send COMMIT and start SAE in committed state
1258 * @hapd: BSS data for the device initiating the authentication
1259 * @sta: the peer to which commit authentication frame is sent
1260 *
1261 * This function implements Init event handling (IEEE Std 802.11-2012,
1262 * 11.3.8.6.3) in which initial COMMIT message is sent. Prior to calling, the
1263 * sta->sae structure should be initialized appropriately via a call to
1264 * sae_prepare_commit().
1265 */
1266 int auth_sae_init_committed(struct hostapd_data *hapd, struct sta_info *sta)
1267 {
1268 int ret;
1269
1270 if (!sta->sae || !sta->sae->tmp)
1271 return -1;
1272
1273 if (sta->sae->state != SAE_NOTHING)
1274 return -1;
1275
1276 ret = auth_sae_send_commit(hapd, sta, hapd->own_addr, 0);
1277 if (ret)
1278 return -1;
1279
1280 sae_set_state(sta, SAE_COMMITTED, "Init and sent commit");
1281 sta->sae->sync = 0;
1282 sae_set_retransmit_timer(hapd, sta);
1283
1284 return 0;
1285 }
1286
1287
1288 void auth_sae_process_commit(void *eloop_ctx, void *user_ctx)
1289 {
1290 struct hostapd_data *hapd = eloop_ctx;
1291 struct hostapd_sae_commit_queue *q;
1292 unsigned int queue_len;
1293
1294 q = dl_list_first(&hapd->sae_commit_queue,
1295 struct hostapd_sae_commit_queue, list);
1296 if (!q)
1297 return;
1298 wpa_printf(MSG_DEBUG,
1299 "SAE: Process next available message from queue");
1300 dl_list_del(&q->list);
1301 handle_auth(hapd, (const struct ieee80211_mgmt *) q->msg, q->len,
1302 q->rssi, 1);
1303 os_free(q);
1304
1305 if (eloop_is_timeout_registered(auth_sae_process_commit, hapd, NULL))
1306 return;
1307 queue_len = dl_list_len(&hapd->sae_commit_queue);
1308 eloop_register_timeout(0, queue_len * 10000, auth_sae_process_commit,
1309 hapd, NULL);
1310 }
1311
1312
1313 static void auth_sae_queue(struct hostapd_data *hapd,
1314 const struct ieee80211_mgmt *mgmt, size_t len,
1315 int rssi)
1316 {
1317 struct hostapd_sae_commit_queue *q, *q2;
1318 unsigned int queue_len;
1319 const struct ieee80211_mgmt *mgmt2;
1320
1321 queue_len = dl_list_len(&hapd->sae_commit_queue);
1322 if (queue_len >= 15) {
1323 wpa_printf(MSG_DEBUG,
1324 "SAE: No more room in message queue - drop the new frame from "
1325 MACSTR, MAC2STR(mgmt->sa));
1326 return;
1327 }
1328
1329 wpa_printf(MSG_DEBUG, "SAE: Queue Authentication message from "
1330 MACSTR " for processing (queue_len %u)", MAC2STR(mgmt->sa),
1331 queue_len);
1332 q = os_zalloc(sizeof(*q) + len);
1333 if (!q)
1334 return;
1335 q->rssi = rssi;
1336 q->len = len;
1337 os_memcpy(q->msg, mgmt, len);
1338
1339 /* Check whether there is already a queued Authentication frame from the
1340 * same station with the same transaction number and if so, replace that
1341 * queue entry with the new one. This avoids issues with a peer that
1342 * sends multiple times (e.g., due to frequent SAE retries). There is no
1343 * point in us trying to process the old attempts after a new one has
1344 * obsoleted them. */
1345 dl_list_for_each(q2, &hapd->sae_commit_queue,
1346 struct hostapd_sae_commit_queue, list) {
1347 mgmt2 = (const struct ieee80211_mgmt *) q2->msg;
1348 if (os_memcmp(mgmt->sa, mgmt2->sa, ETH_ALEN) == 0 &&
1349 mgmt->u.auth.auth_transaction ==
1350 mgmt2->u.auth.auth_transaction) {
1351 wpa_printf(MSG_DEBUG,
1352 "SAE: Replace queued message from same STA with same transaction number");
1353 dl_list_add(&q2->list, &q->list);
1354 dl_list_del(&q2->list);
1355 os_free(q2);
1356 goto queued;
1357 }
1358 }
1359
1360 /* No pending identical entry, so add to the end of the queue */
1361 dl_list_add_tail(&hapd->sae_commit_queue, &q->list);
1362
1363 queued:
1364 if (eloop_is_timeout_registered(auth_sae_process_commit, hapd, NULL))
1365 return;
1366 eloop_register_timeout(0, queue_len * 10000, auth_sae_process_commit,
1367 hapd, NULL);
1368 }
1369
1370
1371 static int auth_sae_queued_addr(struct hostapd_data *hapd, const u8 *addr)
1372 {
1373 struct hostapd_sae_commit_queue *q;
1374 const struct ieee80211_mgmt *mgmt;
1375
1376 dl_list_for_each(q, &hapd->sae_commit_queue,
1377 struct hostapd_sae_commit_queue, list) {
1378 mgmt = (const struct ieee80211_mgmt *) q->msg;
1379 if (os_memcmp(addr, mgmt->sa, ETH_ALEN) == 0)
1380 return 1;
1381 }
1382
1383 return 0;
1384 }
1385
1386 #endif /* CONFIG_SAE */
1387
1388
1389 static u16 wpa_res_to_status_code(int res)
1390 {
1391 if (res == WPA_INVALID_GROUP)
1392 return WLAN_STATUS_GROUP_CIPHER_NOT_VALID;
1393 if (res == WPA_INVALID_PAIRWISE)
1394 return WLAN_STATUS_PAIRWISE_CIPHER_NOT_VALID;
1395 if (res == WPA_INVALID_AKMP)
1396 return WLAN_STATUS_AKMP_NOT_VALID;
1397 if (res == WPA_ALLOC_FAIL)
1398 return WLAN_STATUS_UNSPECIFIED_FAILURE;
1399 #ifdef CONFIG_IEEE80211W
1400 if (res == WPA_MGMT_FRAME_PROTECTION_VIOLATION)
1401 return WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION;
1402 if (res == WPA_INVALID_MGMT_GROUP_CIPHER)
1403 return WLAN_STATUS_CIPHER_REJECTED_PER_POLICY;
1404 #endif /* CONFIG_IEEE80211W */
1405 if (res == WPA_INVALID_MDIE)
1406 return WLAN_STATUS_INVALID_MDIE;
1407 if (res == WPA_INVALID_PMKID)
1408 return WLAN_STATUS_INVALID_PMKID;
1409 if (res != WPA_IE_OK)
1410 return WLAN_STATUS_INVALID_IE;
1411 return WLAN_STATUS_SUCCESS;
1412 }
1413
1414
1415 #ifdef CONFIG_FILS
1416
1417 static void handle_auth_fils_finish(struct hostapd_data *hapd,
1418 struct sta_info *sta, u16 resp,
1419 struct wpabuf *data, int pub);
1420
1421 void handle_auth_fils(struct hostapd_data *hapd, struct sta_info *sta,
1422 const u8 *pos, size_t len, u16 auth_alg,
1423 u16 auth_transaction, u16 status_code,
1424 void (*cb)(struct hostapd_data *hapd,
1425 struct sta_info *sta, u16 resp,
1426 struct wpabuf *data, int pub))
1427 {
1428 u16 resp = WLAN_STATUS_SUCCESS;
1429 const u8 *end;
1430 struct ieee802_11_elems elems;
1431 int res;
1432 struct wpa_ie_data rsn;
1433 struct rsn_pmksa_cache_entry *pmksa = NULL;
1434
1435 if (auth_transaction != 1 || status_code != WLAN_STATUS_SUCCESS)
1436 return;
1437
1438 end = pos + len;
1439
1440 wpa_hexdump(MSG_DEBUG, "FILS: Authentication frame fields",
1441 pos, end - pos);
1442
1443 /* TODO: FILS PK */
1444 #ifdef CONFIG_FILS_SK_PFS
1445 if (auth_alg == WLAN_AUTH_FILS_SK_PFS) {
1446 u16 group;
1447 struct wpabuf *pub;
1448 size_t elem_len;
1449
1450 /* Using FILS PFS */
1451
1452 /* Finite Cyclic Group */
1453 if (end - pos < 2) {
1454 wpa_printf(MSG_DEBUG,
1455 "FILS: No room for Finite Cyclic Group");
1456 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1457 goto fail;
1458 }
1459 group = WPA_GET_LE16(pos);
1460 pos += 2;
1461 if (group != hapd->conf->fils_dh_group) {
1462 wpa_printf(MSG_DEBUG,
1463 "FILS: Unsupported Finite Cyclic Group: %u (expected %u)",
1464 group, hapd->conf->fils_dh_group);
1465 resp = WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED;
1466 goto fail;
1467 }
1468
1469 crypto_ecdh_deinit(sta->fils_ecdh);
1470 sta->fils_ecdh = crypto_ecdh_init(group);
1471 if (!sta->fils_ecdh) {
1472 wpa_printf(MSG_INFO,
1473 "FILS: Could not initialize ECDH with group %d",
1474 group);
1475 resp = WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED;
1476 goto fail;
1477 }
1478
1479 pub = crypto_ecdh_get_pubkey(sta->fils_ecdh, 1);
1480 if (!pub) {
1481 wpa_printf(MSG_DEBUG,
1482 "FILS: Failed to derive ECDH public key");
1483 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1484 goto fail;
1485 }
1486 elem_len = wpabuf_len(pub);
1487 wpabuf_free(pub);
1488
1489 /* Element */
1490 if ((size_t) (end - pos) < elem_len) {
1491 wpa_printf(MSG_DEBUG, "FILS: No room for Element");
1492 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1493 goto fail;
1494 }
1495
1496 wpabuf_free(sta->fils_g_sta);
1497 sta->fils_g_sta = wpabuf_alloc_copy(pos, elem_len);
1498 wpabuf_clear_free(sta->fils_dh_ss);
1499 sta->fils_dh_ss = crypto_ecdh_set_peerkey(sta->fils_ecdh, 1,
1500 pos, elem_len);
1501 if (!sta->fils_dh_ss) {
1502 wpa_printf(MSG_DEBUG, "FILS: ECDH operation failed");
1503 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1504 goto fail;
1505 }
1506 wpa_hexdump_buf_key(MSG_DEBUG, "FILS: DH_SS", sta->fils_dh_ss);
1507 pos += elem_len;
1508 } else {
1509 crypto_ecdh_deinit(sta->fils_ecdh);
1510 sta->fils_ecdh = NULL;
1511 wpabuf_clear_free(sta->fils_dh_ss);
1512 sta->fils_dh_ss = NULL;
1513 }
1514 #endif /* CONFIG_FILS_SK_PFS */
1515
1516 wpa_hexdump(MSG_DEBUG, "FILS: Remaining IEs", pos, end - pos);
1517 if (ieee802_11_parse_elems(pos, end - pos, &elems, 1) == ParseFailed) {
1518 wpa_printf(MSG_DEBUG, "FILS: Could not parse elements");
1519 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1520 goto fail;
1521 }
1522
1523 /* RSNE */
1524 wpa_hexdump(MSG_DEBUG, "FILS: RSN element",
1525 elems.rsn_ie, elems.rsn_ie_len);
1526 if (!elems.rsn_ie ||
1527 wpa_parse_wpa_ie_rsn(elems.rsn_ie - 2, elems.rsn_ie_len + 2,
1528 &rsn) < 0) {
1529 wpa_printf(MSG_DEBUG, "FILS: No valid RSN element");
1530 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1531 goto fail;
1532 }
1533
1534 if (!sta->wpa_sm)
1535 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, sta->addr,
1536 NULL);
1537 if (!sta->wpa_sm) {
1538 wpa_printf(MSG_DEBUG,
1539 "FILS: Failed to initialize RSN state machine");
1540 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1541 goto fail;
1542 }
1543
1544 res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm,
1545 hapd->iface->freq,
1546 elems.rsn_ie - 2, elems.rsn_ie_len + 2,
1547 elems.mdie, elems.mdie_len, NULL, 0);
1548 resp = wpa_res_to_status_code(res);
1549 if (resp != WLAN_STATUS_SUCCESS)
1550 goto fail;
1551
1552 if (!elems.fils_nonce) {
1553 wpa_printf(MSG_DEBUG, "FILS: No FILS Nonce field");
1554 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1555 goto fail;
1556 }
1557 wpa_hexdump(MSG_DEBUG, "FILS: SNonce", elems.fils_nonce,
1558 FILS_NONCE_LEN);
1559 os_memcpy(sta->fils_snonce, elems.fils_nonce, FILS_NONCE_LEN);
1560
1561 /* PMKID List */
1562 if (rsn.pmkid && rsn.num_pmkid > 0) {
1563 u8 num;
1564 const u8 *pmkid;
1565
1566 wpa_hexdump(MSG_DEBUG, "FILS: PMKID List",
1567 rsn.pmkid, rsn.num_pmkid * PMKID_LEN);
1568
1569 pmkid = rsn.pmkid;
1570 num = rsn.num_pmkid;
1571 while (num) {
1572 wpa_hexdump(MSG_DEBUG, "FILS: PMKID", pmkid, PMKID_LEN);
1573 pmksa = wpa_auth_pmksa_get(hapd->wpa_auth, sta->addr,
1574 pmkid);
1575 if (pmksa)
1576 break;
1577 pmksa = wpa_auth_pmksa_get_fils_cache_id(hapd->wpa_auth,
1578 sta->addr,
1579 pmkid);
1580 if (pmksa)
1581 break;
1582 pmkid += PMKID_LEN;
1583 num--;
1584 }
1585 }
1586 if (pmksa && wpa_auth_sta_key_mgmt(sta->wpa_sm) != pmksa->akmp) {
1587 wpa_printf(MSG_DEBUG,
1588 "FILS: Matching PMKSA cache entry has different AKMP (0x%x != 0x%x) - ignore",
1589 wpa_auth_sta_key_mgmt(sta->wpa_sm), pmksa->akmp);
1590 pmksa = NULL;
1591 }
1592 if (pmksa)
1593 wpa_printf(MSG_DEBUG, "FILS: Found matching PMKSA cache entry");
1594
1595 /* FILS Session */
1596 if (!elems.fils_session) {
1597 wpa_printf(MSG_DEBUG, "FILS: No FILS Session element");
1598 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1599 goto fail;
1600 }
1601 wpa_hexdump(MSG_DEBUG, "FILS: FILS Session", elems.fils_session,
1602 FILS_SESSION_LEN);
1603 os_memcpy(sta->fils_session, elems.fils_session, FILS_SESSION_LEN);
1604
1605 /* FILS Wrapped Data */
1606 if (elems.fils_wrapped_data) {
1607 wpa_hexdump(MSG_DEBUG, "FILS: Wrapped Data",
1608 elems.fils_wrapped_data,
1609 elems.fils_wrapped_data_len);
1610 if (!pmksa) {
1611 #ifndef CONFIG_NO_RADIUS
1612 if (!sta->eapol_sm) {
1613 sta->eapol_sm =
1614 ieee802_1x_alloc_eapol_sm(hapd, sta);
1615 }
1616 wpa_printf(MSG_DEBUG,
1617 "FILS: Forward EAP-Initiate/Re-auth to authentication server");
1618 ieee802_1x_encapsulate_radius(
1619 hapd, sta, elems.fils_wrapped_data,
1620 elems.fils_wrapped_data_len);
1621 sta->fils_pending_cb = cb;
1622 wpa_printf(MSG_DEBUG,
1623 "FILS: Will send Authentication frame once the response from authentication server is available");
1624 sta->flags |= WLAN_STA_PENDING_FILS_ERP;
1625 /* Calculate pending PMKID here so that we do not need
1626 * to maintain a copy of the EAP-Initiate/Reauth
1627 * message. */
1628 if (fils_pmkid_erp(wpa_auth_sta_key_mgmt(sta->wpa_sm),
1629 elems.fils_wrapped_data,
1630 elems.fils_wrapped_data_len,
1631 sta->fils_erp_pmkid) == 0)
1632 sta->fils_erp_pmkid_set = 1;
1633 return;
1634 #else /* CONFIG_NO_RADIUS */
1635 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1636 goto fail;
1637 #endif /* CONFIG_NO_RADIUS */
1638 }
1639 }
1640
1641 fail:
1642 if (cb) {
1643 struct wpabuf *data;
1644 int pub = 0;
1645
1646 data = prepare_auth_resp_fils(hapd, sta, &resp, pmksa, NULL,
1647 NULL, 0, &pub);
1648 if (!data) {
1649 wpa_printf(MSG_DEBUG,
1650 "%s: prepare_auth_resp_fils() returned failure",
1651 __func__);
1652 }
1653
1654 cb(hapd, sta, resp, data, pub);
1655 }
1656 }
1657
1658
1659 static struct wpabuf *
1660 prepare_auth_resp_fils(struct hostapd_data *hapd,
1661 struct sta_info *sta, u16 *resp,
1662 struct rsn_pmksa_cache_entry *pmksa,
1663 struct wpabuf *erp_resp,
1664 const u8 *msk, size_t msk_len,
1665 int *is_pub)
1666 {
1667 u8 fils_nonce[FILS_NONCE_LEN];
1668 size_t ielen;
1669 struct wpabuf *data = NULL;
1670 const u8 *ie;
1671 u8 *ie_buf = NULL;
1672 const u8 *pmk = NULL;
1673 size_t pmk_len = 0;
1674 u8 pmk_buf[PMK_LEN_MAX];
1675 struct wpabuf *pub = NULL;
1676
1677 if (*resp != WLAN_STATUS_SUCCESS)
1678 goto fail;
1679
1680 ie = wpa_auth_get_wpa_ie(hapd->wpa_auth, &ielen);
1681 if (!ie) {
1682 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1683 goto fail;
1684 }
1685
1686 if (pmksa) {
1687 /* Add PMKID of the selected PMKSA into RSNE */
1688 ie_buf = os_malloc(ielen + 2 + 2 + PMKID_LEN);
1689 if (!ie_buf) {
1690 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1691 goto fail;
1692 }
1693
1694 os_memcpy(ie_buf, ie, ielen);
1695 if (wpa_insert_pmkid(ie_buf, &ielen, pmksa->pmkid) < 0) {
1696 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1697 goto fail;
1698 }
1699 ie = ie_buf;
1700 }
1701
1702 if (random_get_bytes(fils_nonce, FILS_NONCE_LEN) < 0) {
1703 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1704 goto fail;
1705 }
1706 wpa_hexdump(MSG_DEBUG, "RSN: Generated FILS Nonce",
1707 fils_nonce, FILS_NONCE_LEN);
1708
1709 #ifdef CONFIG_FILS_SK_PFS
1710 if (sta->fils_dh_ss && sta->fils_ecdh) {
1711 pub = crypto_ecdh_get_pubkey(sta->fils_ecdh, 1);
1712 if (!pub) {
1713 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1714 goto fail;
1715 }
1716 }
1717 #endif /* CONFIG_FILS_SK_PFS */
1718
1719 data = wpabuf_alloc(1000 + ielen + (pub ? wpabuf_len(pub) : 0));
1720 if (!data) {
1721 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1722 goto fail;
1723 }
1724
1725 /* TODO: FILS PK */
1726 #ifdef CONFIG_FILS_SK_PFS
1727 if (pub) {
1728 /* Finite Cyclic Group */
1729 wpabuf_put_le16(data, hapd->conf->fils_dh_group);
1730
1731 /* Element */
1732 wpabuf_put_buf(data, pub);
1733 }
1734 #endif /* CONFIG_FILS_SK_PFS */
1735
1736 /* RSNE */
1737 wpabuf_put_data(data, ie, ielen);
1738
1739 /* MDE when using FILS+FT (already included in ie,ielen with RSNE) */
1740
1741 #ifdef CONFIG_IEEE80211R_AP
1742 if (wpa_key_mgmt_ft(wpa_auth_sta_key_mgmt(sta->wpa_sm))) {
1743 /* FTE[R1KH-ID,R0KH-ID] when using FILS+FT */
1744 int res;
1745 int use_sha384 = wpa_key_mgmt_sha384(
1746 wpa_auth_sta_key_mgmt(sta->wpa_sm));
1747
1748 res = wpa_auth_write_fte(hapd->wpa_auth, use_sha384,
1749 wpabuf_put(data, 0),
1750 wpabuf_tailroom(data));
1751 if (res < 0) {
1752 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1753 goto fail;
1754 }
1755 wpabuf_put(data, res);
1756 }
1757 #endif /* CONFIG_IEEE80211R_AP */
1758
1759 /* FILS Nonce */
1760 wpabuf_put_u8(data, WLAN_EID_EXTENSION); /* Element ID */
1761 wpabuf_put_u8(data, 1 + FILS_NONCE_LEN); /* Length */
1762 /* Element ID Extension */
1763 wpabuf_put_u8(data, WLAN_EID_EXT_FILS_NONCE);
1764 wpabuf_put_data(data, fils_nonce, FILS_NONCE_LEN);
1765
1766 /* FILS Session */
1767 wpabuf_put_u8(data, WLAN_EID_EXTENSION); /* Element ID */
1768 wpabuf_put_u8(data, 1 + FILS_SESSION_LEN); /* Length */
1769 /* Element ID Extension */
1770 wpabuf_put_u8(data, WLAN_EID_EXT_FILS_SESSION);
1771 wpabuf_put_data(data, sta->fils_session, FILS_SESSION_LEN);
1772
1773 /* FILS Wrapped Data */
1774 if (!pmksa && erp_resp) {
1775 wpabuf_put_u8(data, WLAN_EID_EXTENSION); /* Element ID */
1776 wpabuf_put_u8(data, 1 + wpabuf_len(erp_resp)); /* Length */
1777 /* Element ID Extension */
1778 wpabuf_put_u8(data, WLAN_EID_EXT_FILS_WRAPPED_DATA);
1779 wpabuf_put_buf(data, erp_resp);
1780
1781 if (fils_rmsk_to_pmk(wpa_auth_sta_key_mgmt(sta->wpa_sm),
1782 msk, msk_len, sta->fils_snonce, fils_nonce,
1783 sta->fils_dh_ss ?
1784 wpabuf_head(sta->fils_dh_ss) : NULL,
1785 sta->fils_dh_ss ?
1786 wpabuf_len(sta->fils_dh_ss) : 0,
1787 pmk_buf, &pmk_len)) {
1788 wpa_printf(MSG_DEBUG, "FILS: Failed to derive PMK");
1789 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1790 wpabuf_free(data);
1791 data = NULL;
1792 goto fail;
1793 }
1794 pmk = pmk_buf;
1795
1796 /* Don't use DHss in PTK derivation if PMKSA caching is not
1797 * used. */
1798 wpabuf_clear_free(sta->fils_dh_ss);
1799 sta->fils_dh_ss = NULL;
1800
1801 if (sta->fils_erp_pmkid_set) {
1802 /* TODO: get PMKLifetime from WPA parameters */
1803 unsigned int dot11RSNAConfigPMKLifetime = 43200;
1804 int session_timeout;
1805
1806 session_timeout = dot11RSNAConfigPMKLifetime;
1807 if (sta->session_timeout_set) {
1808 struct os_reltime now, diff;
1809
1810 os_get_reltime(&now);
1811 os_reltime_sub(&sta->session_timeout, &now,
1812 &diff);
1813 session_timeout = diff.sec;
1814 }
1815
1816 sta->fils_erp_pmkid_set = 0;
1817 if (!hapd->conf->disable_pmksa_caching &&
1818 wpa_auth_pmksa_add2(
1819 hapd->wpa_auth, sta->addr,
1820 pmk, pmk_len,
1821 sta->fils_erp_pmkid,
1822 session_timeout,
1823 wpa_auth_sta_key_mgmt(sta->wpa_sm)) < 0) {
1824 wpa_printf(MSG_ERROR,
1825 "FILS: Failed to add PMKSA cache entry based on ERP");
1826 }
1827 }
1828 } else if (pmksa) {
1829 pmk = pmksa->pmk;
1830 pmk_len = pmksa->pmk_len;
1831 }
1832
1833 if (!pmk) {
1834 wpa_printf(MSG_DEBUG, "FILS: No PMK available");
1835 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1836 wpabuf_free(data);
1837 data = NULL;
1838 goto fail;
1839 }
1840
1841 if (fils_auth_pmk_to_ptk(sta->wpa_sm, pmk, pmk_len,
1842 sta->fils_snonce, fils_nonce,
1843 sta->fils_dh_ss ?
1844 wpabuf_head(sta->fils_dh_ss) : NULL,
1845 sta->fils_dh_ss ?
1846 wpabuf_len(sta->fils_dh_ss) : 0,
1847 sta->fils_g_sta, pub) < 0) {
1848 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
1849 wpabuf_free(data);
1850 data = NULL;
1851 goto fail;
1852 }
1853
1854 fail:
1855 if (is_pub)
1856 *is_pub = pub != NULL;
1857 os_free(ie_buf);
1858 wpabuf_free(pub);
1859 wpabuf_clear_free(sta->fils_dh_ss);
1860 sta->fils_dh_ss = NULL;
1861 #ifdef CONFIG_FILS_SK_PFS
1862 crypto_ecdh_deinit(sta->fils_ecdh);
1863 sta->fils_ecdh = NULL;
1864 #endif /* CONFIG_FILS_SK_PFS */
1865 return data;
1866 }
1867
1868
1869 static void handle_auth_fils_finish(struct hostapd_data *hapd,
1870 struct sta_info *sta, u16 resp,
1871 struct wpabuf *data, int pub)
1872 {
1873 u16 auth_alg;
1874
1875 auth_alg = (pub ||
1876 resp == WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED) ?
1877 WLAN_AUTH_FILS_SK_PFS : WLAN_AUTH_FILS_SK;
1878 send_auth_reply(hapd, sta->addr, hapd->own_addr, auth_alg, 2, resp,
1879 data ? wpabuf_head(data) : (u8 *) "",
1880 data ? wpabuf_len(data) : 0, "auth-fils-finish");
1881 wpabuf_free(data);
1882
1883 if (resp == WLAN_STATUS_SUCCESS) {
1884 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1885 HOSTAPD_LEVEL_DEBUG,
1886 "authentication OK (FILS)");
1887 sta->flags |= WLAN_STA_AUTH;
1888 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
1889 sta->auth_alg = pub ? WLAN_AUTH_FILS_SK_PFS : WLAN_AUTH_FILS_SK;
1890 mlme_authenticate_indication(hapd, sta);
1891 }
1892 }
1893
1894
1895 void ieee802_11_finish_fils_auth(struct hostapd_data *hapd,
1896 struct sta_info *sta, int success,
1897 struct wpabuf *erp_resp,
1898 const u8 *msk, size_t msk_len)
1899 {
1900 struct wpabuf *data;
1901 int pub = 0;
1902 u16 resp;
1903
1904 sta->flags &= ~WLAN_STA_PENDING_FILS_ERP;
1905
1906 if (!sta->fils_pending_cb)
1907 return;
1908 resp = success ? WLAN_STATUS_SUCCESS : WLAN_STATUS_UNSPECIFIED_FAILURE;
1909 data = prepare_auth_resp_fils(hapd, sta, &resp, NULL, erp_resp,
1910 msk, msk_len, &pub);
1911 if (!data) {
1912 wpa_printf(MSG_DEBUG,
1913 "%s: prepare_auth_resp_fils() returned failure",
1914 __func__);
1915 }
1916 sta->fils_pending_cb(hapd, sta, resp, data, pub);
1917 }
1918
1919 #endif /* CONFIG_FILS */
1920
1921
1922 int
1923 ieee802_11_allowed_address(struct hostapd_data *hapd, const u8 *addr,
1924 const u8 *msg, size_t len, u32 *session_timeout,
1925 u32 *acct_interim_interval,
1926 struct vlan_description *vlan_id,
1927 struct hostapd_sta_wpa_psk_short **psk,
1928 char **identity, char **radius_cui, int is_probe_req)
1929 {
1930 int res;
1931
1932 os_memset(vlan_id, 0, sizeof(*vlan_id));
1933 res = hostapd_allowed_address(hapd, addr, msg, len,
1934 session_timeout, acct_interim_interval,
1935 vlan_id, psk, identity, radius_cui,
1936 is_probe_req);
1937
1938 if (res == HOSTAPD_ACL_REJECT) {
1939 if (!is_probe_req)
1940 wpa_printf(MSG_DEBUG,
1941 "Station " MACSTR
1942 " not allowed to authenticate",
1943 MAC2STR(addr));
1944 return HOSTAPD_ACL_REJECT;
1945 }
1946
1947 if (res == HOSTAPD_ACL_PENDING) {
1948 wpa_printf(MSG_DEBUG, "Authentication frame from " MACSTR
1949 " waiting for an external authentication",
1950 MAC2STR(addr));
1951 /* Authentication code will re-send the authentication frame
1952 * after it has received (and cached) information from the
1953 * external source. */
1954 return HOSTAPD_ACL_PENDING;
1955 }
1956
1957 return res;
1958 }
1959
1960
1961 static int
1962 ieee802_11_set_radius_info(struct hostapd_data *hapd, struct sta_info *sta,
1963 int res, u32 session_timeout,
1964 u32 acct_interim_interval,
1965 struct vlan_description *vlan_id,
1966 struct hostapd_sta_wpa_psk_short **psk,
1967 char **identity, char **radius_cui)
1968 {
1969 if (vlan_id->notempty &&
1970 !hostapd_vlan_valid(hapd->conf->vlan, vlan_id)) {
1971 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
1972 HOSTAPD_LEVEL_INFO,
1973 "Invalid VLAN %d%s received from RADIUS server",
1974 vlan_id->untagged,
1975 vlan_id->tagged[0] ? "+" : "");
1976 return -1;
1977 }
1978 if (ap_sta_set_vlan(hapd, sta, vlan_id) < 0)
1979 return -1;
1980 if (sta->vlan_id)
1981 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
1982 HOSTAPD_LEVEL_INFO, "VLAN ID %d", sta->vlan_id);
1983
1984 hostapd_free_psk_list(sta->psk);
1985 if (hapd->conf->wpa_psk_radius != PSK_RADIUS_IGNORED) {
1986 sta->psk = *psk;
1987 *psk = NULL;
1988 } else {
1989 sta->psk = NULL;
1990 }
1991
1992 os_free(sta->identity);
1993 sta->identity = *identity;
1994 *identity = NULL;
1995
1996 os_free(sta->radius_cui);
1997 sta->radius_cui = *radius_cui;
1998 *radius_cui = NULL;
1999
2000 if (hapd->conf->acct_interim_interval == 0 && acct_interim_interval)
2001 sta->acct_interim_interval = acct_interim_interval;
2002 if (res == HOSTAPD_ACL_ACCEPT_TIMEOUT) {
2003 sta->session_timeout_set = 1;
2004 os_get_reltime(&sta->session_timeout);
2005 sta->session_timeout.sec += session_timeout;
2006 ap_sta_session_timeout(hapd, sta, session_timeout);
2007 } else {
2008 sta->session_timeout_set = 0;
2009 ap_sta_no_session_timeout(hapd, sta);
2010 }
2011
2012 return 0;
2013 }
2014
2015
2016 static void handle_auth(struct hostapd_data *hapd,
2017 const struct ieee80211_mgmt *mgmt, size_t len,
2018 int rssi, int from_queue)
2019 {
2020 u16 auth_alg, auth_transaction, status_code;
2021 u16 resp = WLAN_STATUS_SUCCESS;
2022 struct sta_info *sta = NULL;
2023 int res, reply_res;
2024 u16 fc;
2025 const u8 *challenge = NULL;
2026 u32 session_timeout, acct_interim_interval;
2027 struct vlan_description vlan_id;
2028 struct hostapd_sta_wpa_psk_short *psk = NULL;
2029 u8 resp_ies[2 + WLAN_AUTH_CHALLENGE_LEN];
2030 size_t resp_ies_len = 0;
2031 char *identity = NULL;
2032 char *radius_cui = NULL;
2033 u16 seq_ctrl;
2034
2035 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
2036 wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)",
2037 (unsigned long) len);
2038 return;
2039 }
2040
2041 #ifdef CONFIG_TESTING_OPTIONS
2042 if (hapd->iconf->ignore_auth_probability > 0.0 &&
2043 drand48() < hapd->iconf->ignore_auth_probability) {
2044 wpa_printf(MSG_INFO,
2045 "TESTING: ignoring auth frame from " MACSTR,
2046 MAC2STR(mgmt->sa));
2047 return;
2048 }
2049 #endif /* CONFIG_TESTING_OPTIONS */
2050
2051 auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
2052 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction);
2053 status_code = le_to_host16(mgmt->u.auth.status_code);
2054 fc = le_to_host16(mgmt->frame_control);
2055 seq_ctrl = le_to_host16(mgmt->seq_ctrl);
2056
2057 if (len >= IEEE80211_HDRLEN + sizeof(mgmt->u.auth) +
2058 2 + WLAN_AUTH_CHALLENGE_LEN &&
2059 mgmt->u.auth.variable[0] == WLAN_EID_CHALLENGE &&
2060 mgmt->u.auth.variable[1] == WLAN_AUTH_CHALLENGE_LEN)
2061 challenge = &mgmt->u.auth.variable[2];
2062
2063 wpa_printf(MSG_DEBUG, "authentication: STA=" MACSTR " auth_alg=%d "
2064 "auth_transaction=%d status_code=%d wep=%d%s "
2065 "seq_ctrl=0x%x%s%s",
2066 MAC2STR(mgmt->sa), auth_alg, auth_transaction,
2067 status_code, !!(fc & WLAN_FC_ISWEP),
2068 challenge ? " challenge" : "",
2069 seq_ctrl, (fc & WLAN_FC_RETRY) ? " retry" : "",
2070 from_queue ? " (from queue)" : "");
2071
2072 #ifdef CONFIG_NO_RC4
2073 if (auth_alg == WLAN_AUTH_SHARED_KEY) {
2074 wpa_printf(MSG_INFO,
2075 "Unsupported authentication algorithm (%d)",
2076 auth_alg);
2077 resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG;
2078 goto fail;
2079 }
2080 #endif /* CONFIG_NO_RC4 */
2081
2082 if (hapd->tkip_countermeasures) {
2083 wpa_printf(MSG_DEBUG,
2084 "Ongoing TKIP countermeasures (Michael MIC failure) - reject authentication");
2085 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
2086 goto fail;
2087 }
2088
2089 if (!(((hapd->conf->auth_algs & WPA_AUTH_ALG_OPEN) &&
2090 auth_alg == WLAN_AUTH_OPEN) ||
2091 #ifdef CONFIG_IEEE80211R_AP
2092 (hapd->conf->wpa && wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt) &&
2093 auth_alg == WLAN_AUTH_FT) ||
2094 #endif /* CONFIG_IEEE80211R_AP */
2095 #ifdef CONFIG_SAE
2096 (hapd->conf->wpa && wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt) &&
2097 auth_alg == WLAN_AUTH_SAE) ||
2098 #endif /* CONFIG_SAE */
2099 #ifdef CONFIG_FILS
2100 (hapd->conf->wpa && wpa_key_mgmt_fils(hapd->conf->wpa_key_mgmt) &&
2101 auth_alg == WLAN_AUTH_FILS_SK) ||
2102 (hapd->conf->wpa && wpa_key_mgmt_fils(hapd->conf->wpa_key_mgmt) &&
2103 hapd->conf->fils_dh_group &&
2104 auth_alg == WLAN_AUTH_FILS_SK_PFS) ||
2105 #endif /* CONFIG_FILS */
2106 ((hapd->conf->auth_algs & WPA_AUTH_ALG_SHARED) &&
2107 auth_alg == WLAN_AUTH_SHARED_KEY))) {
2108 wpa_printf(MSG_INFO, "Unsupported authentication algorithm (%d)",
2109 auth_alg);
2110 resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG;
2111 goto fail;
2112 }
2113
2114 if (!(auth_transaction == 1 || auth_alg == WLAN_AUTH_SAE ||
2115 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 3))) {
2116 wpa_printf(MSG_INFO, "Unknown authentication transaction number (%d)",
2117 auth_transaction);
2118 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION;
2119 goto fail;
2120 }
2121
2122 if (os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) {
2123 wpa_printf(MSG_INFO, "Station " MACSTR " not allowed to authenticate",
2124 MAC2STR(mgmt->sa));
2125 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
2126 goto fail;
2127 }
2128
2129 if (hapd->conf->no_auth_if_seen_on) {
2130 struct hostapd_data *other;
2131
2132 other = sta_track_seen_on(hapd->iface, mgmt->sa,
2133 hapd->conf->no_auth_if_seen_on);
2134 if (other) {
2135 u8 *pos;
2136 u32 info;
2137 u8 op_class, channel, phytype;
2138
2139 wpa_printf(MSG_DEBUG, "%s: Reject authentication from "
2140 MACSTR " since STA has been seen on %s",
2141 hapd->conf->iface, MAC2STR(mgmt->sa),
2142 hapd->conf->no_auth_if_seen_on);
2143
2144 resp = WLAN_STATUS_REJECTED_WITH_SUGGESTED_BSS_TRANSITION;
2145 pos = &resp_ies[0];
2146 *pos++ = WLAN_EID_NEIGHBOR_REPORT;
2147 *pos++ = 13;
2148 os_memcpy(pos, other->own_addr, ETH_ALEN);
2149 pos += ETH_ALEN;
2150 info = 0; /* TODO: BSSID Information */
2151 WPA_PUT_LE32(pos, info);
2152 pos += 4;
2153 if (other->iconf->hw_mode == HOSTAPD_MODE_IEEE80211AD)
2154 phytype = 8; /* dmg */
2155 else if (other->iconf->ieee80211ac)
2156 phytype = 9; /* vht */
2157 else if (other->iconf->ieee80211n)
2158 phytype = 7; /* ht */
2159 else if (other->iconf->hw_mode ==
2160 HOSTAPD_MODE_IEEE80211A)
2161 phytype = 4; /* ofdm */
2162 else if (other->iconf->hw_mode ==
2163 HOSTAPD_MODE_IEEE80211G)
2164 phytype = 6; /* erp */
2165 else
2166 phytype = 5; /* hrdsss */
2167 if (ieee80211_freq_to_channel_ext(
2168 hostapd_hw_get_freq(other,
2169 other->iconf->channel),
2170 other->iconf->secondary_channel,
2171 other->iconf->ieee80211ac,
2172 &op_class, &channel) == NUM_HOSTAPD_MODES) {
2173 op_class = 0;
2174 channel = other->iconf->channel;
2175 }
2176 *pos++ = op_class;
2177 *pos++ = channel;
2178 *pos++ = phytype;
2179 resp_ies_len = pos - &resp_ies[0];
2180 goto fail;
2181 }
2182 }
2183
2184 res = ieee802_11_allowed_address(
2185 hapd, mgmt->sa, (const u8 *) mgmt, len, &session_timeout,
2186 &acct_interim_interval, &vlan_id, &psk, &identity, &radius_cui,
2187 0);
2188 if (res == HOSTAPD_ACL_REJECT) {
2189 wpa_msg(hapd->msg_ctx, MSG_DEBUG,
2190 "Ignore Authentication frame from " MACSTR
2191 " due to ACL reject", MAC2STR(mgmt->sa));
2192 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
2193 goto fail;
2194 }
2195 if (res == HOSTAPD_ACL_PENDING)
2196 return;
2197
2198 #ifdef CONFIG_SAE
2199 if (auth_alg == WLAN_AUTH_SAE && !from_queue &&
2200 (auth_transaction == 1 ||
2201 (auth_transaction == 2 && auth_sae_queued_addr(hapd, mgmt->sa)))) {
2202 /* Handle SAE Authentication commit message through a queue to
2203 * provide more control for postponing the needed heavy
2204 * processing under a possible DoS attack scenario. In addition,
2205 * queue SAE Authentication confirm message if there happens to
2206 * be a queued commit message from the same peer. This is needed
2207 * to avoid reordering Authentication frames within the same
2208 * SAE exchange. */
2209 auth_sae_queue(hapd, mgmt, len, rssi);
2210 return;
2211 }
2212 #endif /* CONFIG_SAE */
2213
2214 sta = ap_get_sta(hapd, mgmt->sa);
2215 if (sta) {
2216 sta->flags &= ~WLAN_STA_PENDING_FILS_ERP;
2217 sta->ft_over_ds = 0;
2218 if ((fc & WLAN_FC_RETRY) &&
2219 sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ &&
2220 sta->last_seq_ctrl == seq_ctrl &&
2221 sta->last_subtype == WLAN_FC_STYPE_AUTH) {
2222 hostapd_logger(hapd, sta->addr,
2223 HOSTAPD_MODULE_IEEE80211,
2224 HOSTAPD_LEVEL_DEBUG,
2225 "Drop repeated authentication frame seq_ctrl=0x%x",
2226 seq_ctrl);
2227 return;
2228 }
2229 #ifdef CONFIG_MESH
2230 if ((hapd->conf->mesh & MESH_ENABLED) &&
2231 sta->plink_state == PLINK_BLOCKED) {
2232 wpa_printf(MSG_DEBUG, "Mesh peer " MACSTR
2233 " is blocked - drop Authentication frame",
2234 MAC2STR(mgmt->sa));
2235 return;
2236 }
2237 #endif /* CONFIG_MESH */
2238 } else {
2239 #ifdef CONFIG_MESH
2240 if (hapd->conf->mesh & MESH_ENABLED) {
2241 /* if the mesh peer is not available, we don't do auth.
2242 */
2243 wpa_printf(MSG_DEBUG, "Mesh peer " MACSTR
2244 " not yet known - drop Authentication frame",
2245 MAC2STR(mgmt->sa));
2246 /*
2247 * Save a copy of the frame so that it can be processed
2248 * if a new peer entry is added shortly after this.
2249 */
2250 wpabuf_free(hapd->mesh_pending_auth);
2251 hapd->mesh_pending_auth = wpabuf_alloc_copy(mgmt, len);
2252 os_get_reltime(&hapd->mesh_pending_auth_time);
2253 return;
2254 }
2255 #endif /* CONFIG_MESH */
2256
2257 sta = ap_sta_add(hapd, mgmt->sa);
2258 if (!sta) {
2259 wpa_printf(MSG_DEBUG, "ap_sta_add() failed");
2260 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
2261 goto fail;
2262 }
2263 }
2264 sta->last_seq_ctrl = seq_ctrl;
2265 sta->last_subtype = WLAN_FC_STYPE_AUTH;
2266 #ifdef CONFIG_MBO
2267 sta->auth_rssi = rssi;
2268 #endif /* CONFIG_MBO */
2269
2270 res = ieee802_11_set_radius_info(
2271 hapd, sta, res, session_timeout, acct_interim_interval,
2272 &vlan_id, &psk, &identity, &radius_cui);
2273 if (res) {
2274 wpa_printf(MSG_DEBUG, "ieee802_11_set_radius_info() failed");
2275 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
2276 goto fail;
2277 }
2278
2279 sta->flags &= ~WLAN_STA_PREAUTH;
2280 ieee802_1x_notify_pre_auth(sta->eapol_sm, 0);
2281
2282 /*
2283 * If the driver supports full AP client state, add a station to the
2284 * driver before sending authentication reply to make sure the driver
2285 * has resources, and not to go through the entire authentication and
2286 * association handshake, and fail it at the end.
2287 *
2288 * If this is not the first transaction, in a multi-step authentication
2289 * algorithm, the station already exists in the driver
2290 * (sta->added_unassoc = 1) so skip it.
2291 *
2292 * In mesh mode, the station was already added to the driver when the
2293 * NEW_PEER_CANDIDATE event is received.
2294 *
2295 * If PMF was negotiated for the existing association, skip this to
2296 * avoid dropping the STA entry and the associated keys. This is needed
2297 * to allow the original connection work until the attempt can complete
2298 * (re)association, so that unprotected Authentication frame cannot be
2299 * used to bypass PMF protection.
2300 */
2301 if (FULL_AP_CLIENT_STATE_SUPP(hapd->iface->drv_flags) &&
2302 (!(sta->flags & WLAN_STA_MFP) || !ap_sta_is_authorized(sta)) &&
2303 !(hapd->conf->mesh & MESH_ENABLED) &&
2304 !(sta->added_unassoc)) {
2305 /*
2306 * If a station that is already associated to the AP, is trying
2307 * to authenticate again, remove the STA entry, in order to make
2308 * sure the STA PS state gets cleared and configuration gets
2309 * updated. To handle this, station's added_unassoc flag is
2310 * cleared once the station has completed association.
2311 */
2312 ap_sta_set_authorized(hapd, sta, 0);
2313 hostapd_drv_sta_remove(hapd, sta->addr);
2314 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_AUTH |
2315 WLAN_STA_AUTHORIZED);
2316
2317 if (hostapd_sta_add(hapd, sta->addr, 0, 0, NULL, 0, 0,
2318 NULL, NULL, sta->flags, 0, 0, 0, 0)) {
2319 hostapd_logger(hapd, sta->addr,
2320 HOSTAPD_MODULE_IEEE80211,
2321 HOSTAPD_LEVEL_NOTICE,
2322 "Could not add STA to kernel driver");
2323 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
2324 goto fail;
2325 }
2326
2327 sta->added_unassoc = 1;
2328 }
2329
2330 switch (auth_alg) {
2331 case WLAN_AUTH_OPEN:
2332 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2333 HOSTAPD_LEVEL_DEBUG,
2334 "authentication OK (open system)");
2335 sta->flags |= WLAN_STA_AUTH;
2336 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
2337 sta->auth_alg = WLAN_AUTH_OPEN;
2338 mlme_authenticate_indication(hapd, sta);
2339 break;
2340 #ifndef CONFIG_NO_RC4
2341 case WLAN_AUTH_SHARED_KEY:
2342 resp = auth_shared_key(hapd, sta, auth_transaction, challenge,
2343 fc & WLAN_FC_ISWEP);
2344 if (resp != 0)
2345 wpa_printf(MSG_DEBUG,
2346 "auth_shared_key() failed: status=%d", resp);
2347 sta->auth_alg = WLAN_AUTH_SHARED_KEY;
2348 mlme_authenticate_indication(hapd, sta);
2349 if (sta->challenge && auth_transaction == 1) {
2350 resp_ies[0] = WLAN_EID_CHALLENGE;
2351 resp_ies[1] = WLAN_AUTH_CHALLENGE_LEN;
2352 os_memcpy(resp_ies + 2, sta->challenge,
2353 WLAN_AUTH_CHALLENGE_LEN);
2354 resp_ies_len = 2 + WLAN_AUTH_CHALLENGE_LEN;
2355 }
2356 break;
2357 #endif /* CONFIG_NO_RC4 */
2358 #ifdef CONFIG_IEEE80211R_AP
2359 case WLAN_AUTH_FT:
2360 sta->auth_alg = WLAN_AUTH_FT;
2361 if (sta->wpa_sm == NULL)
2362 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
2363 sta->addr, NULL);
2364 if (sta->wpa_sm == NULL) {
2365 wpa_printf(MSG_DEBUG, "FT: Failed to initialize WPA "
2366 "state machine");
2367 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
2368 goto fail;
2369 }
2370 wpa_ft_process_auth(sta->wpa_sm, mgmt->bssid,
2371 auth_transaction, mgmt->u.auth.variable,
2372 len - IEEE80211_HDRLEN -
2373 sizeof(mgmt->u.auth),
2374 handle_auth_ft_finish, hapd);
2375 /* handle_auth_ft_finish() callback will complete auth. */
2376 return;
2377 #endif /* CONFIG_IEEE80211R_AP */
2378 #ifdef CONFIG_SAE
2379 case WLAN_AUTH_SAE:
2380 #ifdef CONFIG_MESH
2381 if (status_code == WLAN_STATUS_SUCCESS &&
2382 hapd->conf->mesh & MESH_ENABLED) {
2383 if (sta->wpa_sm == NULL)
2384 sta->wpa_sm =
2385 wpa_auth_sta_init(hapd->wpa_auth,
2386 sta->addr, NULL);
2387 if (sta->wpa_sm == NULL) {
2388 wpa_printf(MSG_DEBUG,
2389 "SAE: Failed to initialize WPA state machine");
2390 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
2391 goto fail;
2392 }
2393 }
2394 #endif /* CONFIG_MESH */
2395 handle_auth_sae(hapd, sta, mgmt, len, auth_transaction,
2396 status_code);
2397 return;
2398 #endif /* CONFIG_SAE */
2399 #ifdef CONFIG_FILS
2400 case WLAN_AUTH_FILS_SK:
2401 case WLAN_AUTH_FILS_SK_PFS:
2402 handle_auth_fils(hapd, sta, mgmt->u.auth.variable,
2403 len - IEEE80211_HDRLEN - sizeof(mgmt->u.auth),
2404 auth_alg, auth_transaction, status_code,
2405 handle_auth_fils_finish);
2406 return;
2407 #endif /* CONFIG_FILS */
2408 }
2409
2410 fail:
2411 os_free(identity);
2412 os_free(radius_cui);
2413 hostapd_free_psk_list(psk);
2414
2415 reply_res = send_auth_reply(hapd, mgmt->sa, mgmt->bssid, auth_alg,
2416 auth_transaction + 1, resp, resp_ies,
2417 resp_ies_len, "handle-auth");
2418
2419 if (sta && sta->added_unassoc && (resp != WLAN_STATUS_SUCCESS ||
2420 reply_res != WLAN_STATUS_SUCCESS)) {
2421 hostapd_drv_sta_remove(hapd, sta->addr);
2422 sta->added_unassoc = 0;
2423 }
2424 }
2425
2426
2427 int hostapd_get_aid(struct hostapd_data *hapd, struct sta_info *sta)
2428 {
2429 int i, j = 32, aid;
2430
2431 /* get a unique AID */
2432 if (sta->aid > 0) {
2433 wpa_printf(MSG_DEBUG, " old AID %d", sta->aid);
2434 return 0;
2435 }
2436
2437 if (TEST_FAIL())
2438 return -1;
2439
2440 for (i = 0; i < AID_WORDS; i++) {
2441 if (hapd->sta_aid[i] == (u32) -1)
2442 continue;
2443 for (j = 0; j < 32; j++) {
2444 if (!(hapd->sta_aid[i] & BIT(j)))
2445 break;
2446 }
2447 if (j < 32)
2448 break;
2449 }
2450 if (j == 32)
2451 return -1;
2452 aid = i * 32 + j + 1;
2453 if (aid > 2007)
2454 return -1;
2455
2456 sta->aid = aid;
2457 hapd->sta_aid[i] |= BIT(j);
2458 wpa_printf(MSG_DEBUG, " new AID %d", sta->aid);
2459 return 0;
2460 }
2461
2462
2463 static u16 check_ssid(struct hostapd_data *hapd, struct sta_info *sta,
2464 const u8 *ssid_ie, size_t ssid_ie_len)
2465 {
2466 if (ssid_ie == NULL)
2467 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2468
2469 if (ssid_ie_len != hapd->conf->ssid.ssid_len ||
2470 os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0) {
2471 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2472 HOSTAPD_LEVEL_INFO,
2473 "Station tried to associate with unknown SSID "
2474 "'%s'", wpa_ssid_txt(ssid_ie, ssid_ie_len));
2475 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2476 }
2477
2478 return WLAN_STATUS_SUCCESS;
2479 }
2480
2481
2482 static u16 check_wmm(struct hostapd_data *hapd, struct sta_info *sta,
2483 const u8 *wmm_ie, size_t wmm_ie_len)
2484 {
2485 sta->flags &= ~WLAN_STA_WMM;
2486 sta->qosinfo = 0;
2487 if (wmm_ie && hapd->conf->wmm_enabled) {
2488 struct wmm_information_element *wmm;
2489
2490 if (!hostapd_eid_wmm_valid(hapd, wmm_ie, wmm_ie_len)) {
2491 hostapd_logger(hapd, sta->addr,
2492 HOSTAPD_MODULE_WPA,
2493 HOSTAPD_LEVEL_DEBUG,
2494 "invalid WMM element in association "
2495 "request");
2496 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2497 }
2498
2499 sta->flags |= WLAN_STA_WMM;
2500 wmm = (struct wmm_information_element *) wmm_ie;
2501 sta->qosinfo = wmm->qos_info;
2502 }
2503 return WLAN_STATUS_SUCCESS;
2504 }
2505
2506 static u16 check_multi_ap(struct hostapd_data *hapd, struct sta_info *sta,
2507 const u8 *multi_ap_ie, size_t multi_ap_len)
2508 {
2509 u8 multi_ap_value = 0;
2510
2511 sta->flags &= ~WLAN_STA_MULTI_AP;
2512
2513 if (!hapd->conf->multi_ap)
2514 return WLAN_STATUS_SUCCESS;
2515
2516 if (multi_ap_ie) {
2517 const u8 *multi_ap_subelem;
2518
2519 multi_ap_subelem = get_ie(multi_ap_ie + 4,
2520 multi_ap_len - 4,
2521 MULTI_AP_SUB_ELEM_TYPE);
2522 if (multi_ap_subelem && multi_ap_subelem[1] == 1) {
2523 multi_ap_value = multi_ap_subelem[2];
2524 } else {
2525 hostapd_logger(hapd, sta->addr,
2526 HOSTAPD_MODULE_IEEE80211,
2527 HOSTAPD_LEVEL_INFO,
2528 "Multi-AP IE has missing or invalid Multi-AP subelement");
2529 return WLAN_STATUS_INVALID_IE;
2530 }
2531 }
2532
2533 if (multi_ap_value && multi_ap_value != MULTI_AP_BACKHAUL_STA)
2534 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2535 HOSTAPD_LEVEL_INFO,
2536 "Multi-AP IE with unexpected value 0x%02x",
2537 multi_ap_value);
2538
2539 if (!(multi_ap_value & MULTI_AP_BACKHAUL_STA)) {
2540 if (hapd->conf->multi_ap & FRONTHAUL_BSS)
2541 return WLAN_STATUS_SUCCESS;
2542
2543 hostapd_logger(hapd, sta->addr,
2544 HOSTAPD_MODULE_IEEE80211,
2545 HOSTAPD_LEVEL_INFO,
2546 "Non-Multi-AP STA tries to associate with backhaul-only BSS");
2547 return WLAN_STATUS_ASSOC_DENIED_UNSPEC;
2548 }
2549
2550 if (!(hapd->conf->multi_ap & BACKHAUL_BSS))
2551 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2552 HOSTAPD_LEVEL_DEBUG,
2553 "Backhaul STA tries to associate with fronthaul-only BSS");
2554
2555 sta->flags |= WLAN_STA_MULTI_AP;
2556 return WLAN_STATUS_SUCCESS;
2557 }
2558
2559
2560 static u16 copy_supp_rates(struct hostapd_data *hapd, struct sta_info *sta,
2561 struct ieee802_11_elems *elems)
2562 {
2563 /* Supported rates not used in IEEE 802.11ad/DMG */
2564 if (hapd->iface->current_mode &&
2565 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD)
2566 return WLAN_STATUS_SUCCESS;
2567
2568 if (!elems->supp_rates) {
2569 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2570 HOSTAPD_LEVEL_DEBUG,
2571 "No supported rates element in AssocReq");
2572 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2573 }
2574
2575 if (elems->supp_rates_len + elems->ext_supp_rates_len >
2576 sizeof(sta->supported_rates)) {
2577 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2578 HOSTAPD_LEVEL_DEBUG,
2579 "Invalid supported rates element length %d+%d",
2580 elems->supp_rates_len,
2581 elems->ext_supp_rates_len);
2582 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2583 }
2584
2585 sta->supported_rates_len = merge_byte_arrays(
2586 sta->supported_rates, sizeof(sta->supported_rates),
2587 elems->supp_rates, elems->supp_rates_len,
2588 elems->ext_supp_rates, elems->ext_supp_rates_len);
2589
2590 return WLAN_STATUS_SUCCESS;
2591 }
2592
2593
2594 static u16 check_ext_capab(struct hostapd_data *hapd, struct sta_info *sta,
2595 const u8 *ext_capab_ie, size_t ext_capab_ie_len)
2596 {
2597 #ifdef CONFIG_INTERWORKING
2598 /* check for QoS Map support */
2599 if (ext_capab_ie_len >= 5) {
2600 if (ext_capab_ie[4] & 0x01)
2601 sta->qos_map_enabled = 1;
2602 }
2603 #endif /* CONFIG_INTERWORKING */
2604
2605 if (ext_capab_ie_len > 0) {
2606 sta->ecsa_supported = !!(ext_capab_ie[0] & BIT(2));
2607 os_free(sta->ext_capability);
2608 sta->ext_capability = os_malloc(1 + ext_capab_ie_len);
2609 if (sta->ext_capability) {
2610 sta->ext_capability[0] = ext_capab_ie_len;
2611 os_memcpy(sta->ext_capability + 1, ext_capab_ie,
2612 ext_capab_ie_len);
2613 }
2614 }
2615
2616 return WLAN_STATUS_SUCCESS;
2617 }
2618
2619
2620 #ifdef CONFIG_OWE
2621
2622 static int owe_group_supported(struct hostapd_data *hapd, u16 group)
2623 {
2624 int i;
2625 int *groups = hapd->conf->owe_groups;
2626
2627 if (group != 19 && group != 20 && group != 21)
2628 return 0;
2629
2630 if (!groups)
2631 return 1;
2632
2633 for (i = 0; groups[i] > 0; i++) {
2634 if (groups[i] == group)
2635 return 1;
2636 }
2637
2638 return 0;
2639 }
2640
2641
2642 static u16 owe_process_assoc_req(struct hostapd_data *hapd,
2643 struct sta_info *sta, const u8 *owe_dh,
2644 u8 owe_dh_len)
2645 {
2646 struct wpabuf *secret, *pub, *hkey;
2647 int res;
2648 u8 prk[SHA512_MAC_LEN], pmkid[SHA512_MAC_LEN];
2649 const char *info = "OWE Key Generation";
2650 const u8 *addr[2];
2651 size_t len[2];
2652 u16 group;
2653 size_t hash_len, prime_len;
2654
2655 if (wpa_auth_sta_get_pmksa(sta->wpa_sm)) {
2656 wpa_printf(MSG_DEBUG, "OWE: Using PMKSA caching");
2657 return WLAN_STATUS_SUCCESS;
2658 }
2659
2660 group = WPA_GET_LE16(owe_dh);
2661 if (!owe_group_supported(hapd, group)) {
2662 wpa_printf(MSG_DEBUG, "OWE: Unsupported DH group %u", group);
2663 return WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED;
2664 }
2665 if (group == 19)
2666 prime_len = 32;
2667 else if (group == 20)
2668 prime_len = 48;
2669 else if (group == 21)
2670 prime_len = 66;
2671 else
2672 return WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED;
2673
2674 crypto_ecdh_deinit(sta->owe_ecdh);
2675 sta->owe_ecdh = crypto_ecdh_init(group);
2676 if (!sta->owe_ecdh)
2677 return WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED;
2678 sta->owe_group = group;
2679
2680 secret = crypto_ecdh_set_peerkey(sta->owe_ecdh, 0, owe_dh + 2,
2681 owe_dh_len - 2);
2682 secret = wpabuf_zeropad(secret, prime_len);
2683 if (!secret) {
2684 wpa_printf(MSG_DEBUG, "OWE: Invalid peer DH public key");
2685 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2686 }
2687 wpa_hexdump_buf_key(MSG_DEBUG, "OWE: DH shared secret", secret);
2688
2689 /* prk = HKDF-extract(C | A | group, z) */
2690
2691 pub = crypto_ecdh_get_pubkey(sta->owe_ecdh, 0);
2692 if (!pub) {
2693 wpabuf_clear_free(secret);
2694 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2695 }
2696
2697 /* PMKID = Truncate-128(Hash(C | A)) */
2698 addr[0] = owe_dh + 2;
2699 len[0] = owe_dh_len - 2;
2700 addr[1] = wpabuf_head(pub);
2701 len[1] = wpabuf_len(pub);
2702 if (group == 19) {
2703 res = sha256_vector(2, addr, len, pmkid);
2704 hash_len = SHA256_MAC_LEN;
2705 } else if (group == 20) {
2706 res = sha384_vector(2, addr, len, pmkid);
2707 hash_len = SHA384_MAC_LEN;
2708 } else if (group == 21) {
2709 res = sha512_vector(2, addr, len, pmkid);
2710 hash_len = SHA512_MAC_LEN;
2711 } else {
2712 wpabuf_free(pub);
2713 wpabuf_clear_free(secret);
2714 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2715 }
2716 pub = wpabuf_zeropad(pub, prime_len);
2717 if (res < 0 || !pub) {
2718 wpabuf_free(pub);
2719 wpabuf_clear_free(secret);
2720 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2721 }
2722
2723 hkey = wpabuf_alloc(owe_dh_len - 2 + wpabuf_len(pub) + 2);
2724 if (!hkey) {
2725 wpabuf_free(pub);
2726 wpabuf_clear_free(secret);
2727 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2728 }
2729
2730 wpabuf_put_data(hkey, owe_dh + 2, owe_dh_len - 2); /* C */
2731 wpabuf_put_buf(hkey, pub); /* A */
2732 wpabuf_free(pub);
2733 wpabuf_put_le16(hkey, group); /* group */
2734 if (group == 19)
2735 res = hmac_sha256(wpabuf_head(hkey), wpabuf_len(hkey),
2736 wpabuf_head(secret), wpabuf_len(secret), prk);
2737 else if (group == 20)
2738 res = hmac_sha384(wpabuf_head(hkey), wpabuf_len(hkey),
2739 wpabuf_head(secret), wpabuf_len(secret), prk);
2740 else if (group == 21)
2741 res = hmac_sha512(wpabuf_head(hkey), wpabuf_len(hkey),
2742 wpabuf_head(secret), wpabuf_len(secret), prk);
2743 wpabuf_clear_free(hkey);
2744 wpabuf_clear_free(secret);
2745 if (res < 0)
2746 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2747
2748 wpa_hexdump_key(MSG_DEBUG, "OWE: prk", prk, hash_len);
2749
2750 /* PMK = HKDF-expand(prk, "OWE Key Generation", n) */
2751
2752 os_free(sta->owe_pmk);
2753 sta->owe_pmk = os_malloc(hash_len);
2754 if (!sta->owe_pmk) {
2755 os_memset(prk, 0, SHA512_MAC_LEN);
2756 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2757 }
2758
2759 if (group == 19)
2760 res = hmac_sha256_kdf(prk, hash_len, NULL, (const u8 *) info,
2761 os_strlen(info), sta->owe_pmk, hash_len);
2762 else if (group == 20)
2763 res = hmac_sha384_kdf(prk, hash_len, NULL, (const u8 *) info,
2764 os_strlen(info), sta->owe_pmk, hash_len);
2765 else if (group == 21)
2766 res = hmac_sha512_kdf(prk, hash_len, NULL, (const u8 *) info,
2767 os_strlen(info), sta->owe_pmk, hash_len);
2768 os_memset(prk, 0, SHA512_MAC_LEN);
2769 if (res < 0) {
2770 os_free(sta->owe_pmk);
2771 sta->owe_pmk = NULL;
2772 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2773 }
2774 sta->owe_pmk_len = hash_len;
2775
2776 wpa_hexdump_key(MSG_DEBUG, "OWE: PMK", sta->owe_pmk, sta->owe_pmk_len);
2777 wpa_hexdump(MSG_DEBUG, "OWE: PMKID", pmkid, PMKID_LEN);
2778 wpa_auth_pmksa_add2(hapd->wpa_auth, sta->addr, sta->owe_pmk,
2779 sta->owe_pmk_len, pmkid, 0, WPA_KEY_MGMT_OWE);
2780
2781 return WLAN_STATUS_SUCCESS;
2782 }
2783
2784 #endif /* CONFIG_OWE */
2785
2786
2787 static u16 check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta,
2788 const u8 *ies, size_t ies_len, int reassoc)
2789 {
2790 struct ieee802_11_elems elems;
2791 u16 resp;
2792 const u8 *wpa_ie;
2793 size_t wpa_ie_len;
2794 const u8 *p2p_dev_addr = NULL;
2795
2796 if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed) {
2797 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2798 HOSTAPD_LEVEL_INFO, "Station sent an invalid "
2799 "association request");
2800 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2801 }
2802
2803 resp = check_ssid(hapd, sta, elems.ssid, elems.ssid_len);
2804 if (resp != WLAN_STATUS_SUCCESS)
2805 return resp;
2806 resp = check_wmm(hapd, sta, elems.wmm, elems.wmm_len);
2807 if (resp != WLAN_STATUS_SUCCESS)
2808 return resp;
2809 resp = check_ext_capab(hapd, sta, elems.ext_capab, elems.ext_capab_len);
2810 if (resp != WLAN_STATUS_SUCCESS)
2811 return resp;
2812 resp = copy_supp_rates(hapd, sta, &elems);
2813 if (resp != WLAN_STATUS_SUCCESS)
2814 return resp;
2815
2816 resp = check_multi_ap(hapd, sta, elems.multi_ap, elems.multi_ap_len);
2817 if (resp != WLAN_STATUS_SUCCESS)
2818 return resp;
2819
2820 #ifdef CONFIG_IEEE80211N
2821 resp = copy_sta_ht_capab(hapd, sta, elems.ht_capabilities);
2822 if (resp != WLAN_STATUS_SUCCESS)
2823 return resp;
2824 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht &&
2825 !(sta->flags & WLAN_STA_HT)) {
2826 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2827 HOSTAPD_LEVEL_INFO, "Station does not support "
2828 "mandatory HT PHY - reject association");
2829 return WLAN_STATUS_ASSOC_DENIED_NO_HT;
2830 }
2831 #endif /* CONFIG_IEEE80211N */
2832
2833 #ifdef CONFIG_IEEE80211AC
2834 if (hapd->iconf->ieee80211ac) {
2835 resp = copy_sta_vht_capab(hapd, sta, elems.vht_capabilities);
2836 if (resp != WLAN_STATUS_SUCCESS)
2837 return resp;
2838
2839 resp = copy_sta_vht_oper(hapd, sta, elems.vht_operation);
2840 if (resp != WLAN_STATUS_SUCCESS)
2841 return resp;
2842
2843 resp = set_sta_vht_opmode(hapd, sta, elems.vht_opmode_notif);
2844 if (resp != WLAN_STATUS_SUCCESS)
2845 return resp;
2846 }
2847
2848 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht &&
2849 !(sta->flags & WLAN_STA_VHT)) {
2850 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2851 HOSTAPD_LEVEL_INFO, "Station does not support "
2852 "mandatory VHT PHY - reject association");
2853 return WLAN_STATUS_ASSOC_DENIED_NO_VHT;
2854 }
2855
2856 if (hapd->conf->vendor_vht && !elems.vht_capabilities) {
2857 resp = copy_sta_vendor_vht(hapd, sta, elems.vendor_vht,
2858 elems.vendor_vht_len);
2859 if (resp != WLAN_STATUS_SUCCESS)
2860 return resp;
2861 }
2862 #endif /* CONFIG_IEEE80211AC */
2863
2864 #ifdef CONFIG_P2P
2865 if (elems.p2p) {
2866 wpabuf_free(sta->p2p_ie);
2867 sta->p2p_ie = ieee802_11_vendor_ie_concat(ies, ies_len,
2868 P2P_IE_VENDOR_TYPE);
2869 if (sta->p2p_ie)
2870 p2p_dev_addr = p2p_get_go_dev_addr(sta->p2p_ie);
2871 } else {
2872 wpabuf_free(sta->p2p_ie);
2873 sta->p2p_ie = NULL;
2874 }
2875 #endif /* CONFIG_P2P */
2876
2877 if ((hapd->conf->wpa & WPA_PROTO_RSN) && elems.rsn_ie) {
2878 wpa_ie = elems.rsn_ie;
2879 wpa_ie_len = elems.rsn_ie_len;
2880 } else if ((hapd->conf->wpa & WPA_PROTO_WPA) &&
2881 elems.wpa_ie) {
2882 wpa_ie = elems.wpa_ie;
2883 wpa_ie_len = elems.wpa_ie_len;
2884 } else {
2885 wpa_ie = NULL;
2886 wpa_ie_len = 0;
2887 }
2888
2889 #ifdef CONFIG_WPS
2890 sta->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS | WLAN_STA_WPS2);
2891 if (hapd->conf->wps_state && elems.wps_ie) {
2892 wpa_printf(MSG_DEBUG, "STA included WPS IE in (Re)Association "
2893 "Request - assume WPS is used");
2894 sta->flags |= WLAN_STA_WPS;
2895 wpabuf_free(sta->wps_ie);
2896 sta->wps_ie = ieee802_11_vendor_ie_concat(ies, ies_len,
2897 WPS_IE_VENDOR_TYPE);
2898 if (sta->wps_ie && wps_is_20(sta->wps_ie)) {
2899 wpa_printf(MSG_DEBUG, "WPS: STA supports WPS 2.0");
2900 sta->flags |= WLAN_STA_WPS2;
2901 }
2902 wpa_ie = NULL;
2903 wpa_ie_len = 0;
2904 if (sta->wps_ie && wps_validate_assoc_req(sta->wps_ie) < 0) {
2905 wpa_printf(MSG_DEBUG, "WPS: Invalid WPS IE in "
2906 "(Re)Association Request - reject");
2907 return WLAN_STATUS_INVALID_IE;
2908 }
2909 } else if (hapd->conf->wps_state && wpa_ie == NULL) {
2910 wpa_printf(MSG_DEBUG, "STA did not include WPA/RSN IE in "
2911 "(Re)Association Request - possible WPS use");
2912 sta->flags |= WLAN_STA_MAYBE_WPS;
2913 } else
2914 #endif /* CONFIG_WPS */
2915 if (hapd->conf->wpa && wpa_ie == NULL) {
2916 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
2917 HOSTAPD_LEVEL_INFO,
2918 "No WPA/RSN IE in association request");
2919 return WLAN_STATUS_INVALID_IE;
2920 }
2921
2922 if (hapd->conf->wpa && wpa_ie) {
2923 int res;
2924 wpa_ie -= 2;
2925 wpa_ie_len += 2;
2926 if (sta->wpa_sm == NULL)
2927 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
2928 sta->addr,
2929 p2p_dev_addr);
2930 if (sta->wpa_sm == NULL) {
2931 wpa_printf(MSG_WARNING, "Failed to initialize WPA "
2932 "state machine");
2933 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2934 }
2935 wpa_auth_set_auth_alg(sta->wpa_sm, sta->auth_alg);
2936 res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm,
2937 hapd->iface->freq,
2938 wpa_ie, wpa_ie_len,
2939 elems.mdie, elems.mdie_len,
2940 elems.owe_dh, elems.owe_dh_len);
2941 resp = wpa_res_to_status_code(res);
2942 if (resp != WLAN_STATUS_SUCCESS)
2943 return resp;
2944 #ifdef CONFIG_IEEE80211W
2945 if ((sta->flags & (WLAN_STA_ASSOC | WLAN_STA_MFP)) ==
2946 (WLAN_STA_ASSOC | WLAN_STA_MFP) &&
2947 !sta->sa_query_timed_out &&
2948 sta->sa_query_count > 0)
2949 ap_check_sa_query_timeout(hapd, sta);
2950 if ((sta->flags & (WLAN_STA_ASSOC | WLAN_STA_MFP)) ==
2951 (WLAN_STA_ASSOC | WLAN_STA_MFP) &&
2952 !sta->sa_query_timed_out &&
2953 (!reassoc || sta->auth_alg != WLAN_AUTH_FT)) {
2954 /*
2955 * STA has already been associated with MFP and SA
2956 * Query timeout has not been reached. Reject the
2957 * association attempt temporarily and start SA Query,
2958 * if one is not pending.
2959 */
2960
2961 if (sta->sa_query_count == 0)
2962 ap_sta_start_sa_query(hapd, sta);
2963
2964 return WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY;
2965 }
2966
2967 if (wpa_auth_uses_mfp(sta->wpa_sm))
2968 sta->flags |= WLAN_STA_MFP;
2969 else
2970 sta->flags &= ~WLAN_STA_MFP;
2971 #endif /* CONFIG_IEEE80211W */
2972
2973 #ifdef CONFIG_IEEE80211R_AP
2974 if (sta->auth_alg == WLAN_AUTH_FT) {
2975 if (!reassoc) {
2976 wpa_printf(MSG_DEBUG, "FT: " MACSTR " tried "
2977 "to use association (not "
2978 "re-association) with FT auth_alg",
2979 MAC2STR(sta->addr));
2980 return WLAN_STATUS_UNSPECIFIED_FAILURE;
2981 }
2982
2983 resp = wpa_ft_validate_reassoc(sta->wpa_sm, ies,
2984 ies_len);
2985 if (resp != WLAN_STATUS_SUCCESS)
2986 return resp;
2987 }
2988 #endif /* CONFIG_IEEE80211R_AP */
2989
2990 #ifdef CONFIG_SAE
2991 if (wpa_auth_uses_sae(sta->wpa_sm) && sta->sae &&
2992 sta->sae->state == SAE_ACCEPTED)
2993 wpa_auth_add_sae_pmkid(sta->wpa_sm, sta->sae->pmkid);
2994
2995 if (wpa_auth_uses_sae(sta->wpa_sm) &&
2996 sta->auth_alg == WLAN_AUTH_OPEN) {
2997 struct rsn_pmksa_cache_entry *sa;
2998 sa = wpa_auth_sta_get_pmksa(sta->wpa_sm);
2999 if (!sa || sa->akmp != WPA_KEY_MGMT_SAE) {
3000 wpa_printf(MSG_DEBUG,
3001 "SAE: No PMKSA cache entry found for "
3002 MACSTR, MAC2STR(sta->addr));
3003 return WLAN_STATUS_INVALID_PMKID;
3004 }
3005 wpa_printf(MSG_DEBUG, "SAE: " MACSTR
3006 " using PMKSA caching", MAC2STR(sta->addr));
3007 } else if (wpa_auth_uses_sae(sta->wpa_sm) &&
3008 sta->auth_alg != WLAN_AUTH_SAE &&
3009 !(sta->auth_alg == WLAN_AUTH_FT &&
3010 wpa_auth_uses_ft_sae(sta->wpa_sm))) {
3011 wpa_printf(MSG_DEBUG, "SAE: " MACSTR " tried to use "
3012 "SAE AKM after non-SAE auth_alg %u",
3013 MAC2STR(sta->addr), sta->auth_alg);
3014 return WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG;
3015 }
3016 #endif /* CONFIG_SAE */
3017
3018 #ifdef CONFIG_OWE
3019 if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) &&
3020 wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE &&
3021 elems.owe_dh) {
3022 resp = owe_process_assoc_req(hapd, sta, elems.owe_dh,
3023 elems.owe_dh_len);
3024 if (resp != WLAN_STATUS_SUCCESS)
3025 return resp;
3026 }
3027 #endif /* CONFIG_OWE */
3028
3029 #ifdef CONFIG_DPP2
3030 dpp_pfs_free(sta->dpp_pfs);
3031 sta->dpp_pfs = NULL;
3032
3033 if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_DPP) &&
3034 hapd->conf->dpp_netaccesskey && sta->wpa_sm &&
3035 wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_DPP &&
3036 elems.owe_dh) {
3037 sta->dpp_pfs = dpp_pfs_init(
3038 wpabuf_head(hapd->conf->dpp_netaccesskey),
3039 wpabuf_len(hapd->conf->dpp_netaccesskey));
3040 if (!sta->dpp_pfs) {
3041 wpa_printf(MSG_DEBUG,
3042 "DPP: Could not initialize PFS");
3043 /* Try to continue without PFS */
3044 goto pfs_fail;
3045 }
3046
3047 if (dpp_pfs_process(sta->dpp_pfs, elems.owe_dh,
3048 elems.owe_dh_len) < 0) {
3049 dpp_pfs_free(sta->dpp_pfs);
3050 sta->dpp_pfs = NULL;
3051 return WLAN_STATUS_UNSPECIFIED_FAILURE;
3052 }
3053 }
3054
3055 wpa_auth_set_dpp_z(sta->wpa_sm, sta->dpp_pfs ?
3056 sta->dpp_pfs->secret : NULL);
3057 pfs_fail:
3058 #endif /* CONFIG_DPP2 */
3059
3060 #ifdef CONFIG_IEEE80211N
3061 if ((sta->flags & (WLAN_STA_HT | WLAN_STA_VHT)) &&
3062 wpa_auth_get_pairwise(sta->wpa_sm) == WPA_CIPHER_TKIP) {
3063 hostapd_logger(hapd, sta->addr,
3064 HOSTAPD_MODULE_IEEE80211,
3065 HOSTAPD_LEVEL_INFO,
3066 "Station tried to use TKIP with HT "
3067 "association");
3068 return WLAN_STATUS_CIPHER_REJECTED_PER_POLICY;
3069 }
3070 #endif /* CONFIG_IEEE80211N */
3071 #ifdef CONFIG_HS20
3072 } else if (hapd->conf->osen) {
3073 if (elems.osen == NULL) {
3074 hostapd_logger(
3075 hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
3076 HOSTAPD_LEVEL_INFO,
3077 "No HS 2.0 OSEN element in association request");
3078 return WLAN_STATUS_INVALID_IE;
3079 }
3080
3081 wpa_printf(MSG_DEBUG, "HS 2.0: OSEN association");
3082 if (sta->wpa_sm == NULL)
3083 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
3084 sta->addr, NULL);
3085 if (sta->wpa_sm == NULL) {
3086 wpa_printf(MSG_WARNING, "Failed to initialize WPA "
3087 "state machine");
3088 return WLAN_STATUS_UNSPECIFIED_FAILURE;
3089 }
3090 if (wpa_validate_osen(hapd->wpa_auth, sta->wpa_sm,
3091 elems.osen - 2, elems.osen_len + 2) < 0)
3092 return WLAN_STATUS_INVALID_IE;
3093 #endif /* CONFIG_HS20 */
3094 } else
3095 wpa_auth_sta_no_wpa(sta->wpa_sm);
3096
3097 #ifdef CONFIG_P2P
3098 p2p_group_notif_assoc(hapd->p2p_group, sta->addr, ies, ies_len);
3099 #endif /* CONFIG_P2P */
3100
3101 #ifdef CONFIG_HS20
3102 wpabuf_free(sta->hs20_ie);
3103 if (elems.hs20 && elems.hs20_len > 4) {
3104 int release;
3105
3106 sta->hs20_ie = wpabuf_alloc_copy(elems.hs20 + 4,
3107 elems.hs20_len - 4);
3108 release = ((elems.hs20[4] >> 4) & 0x0f) + 1;
3109 if (release >= 2 && !wpa_auth_uses_mfp(sta->wpa_sm)) {
3110 wpa_printf(MSG_DEBUG,
3111 "HS 2.0: PMF not negotiated by release %d station "
3112 MACSTR, release, MAC2STR(sta->addr));
3113 return WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION;
3114 }
3115 } else {
3116 sta->hs20_ie = NULL;
3117 }
3118
3119 wpabuf_free(sta->roaming_consortium);
3120 if (elems.roaming_cons_sel)
3121 sta->roaming_consortium = wpabuf_alloc_copy(
3122 elems.roaming_cons_sel + 4,
3123 elems.roaming_cons_sel_len - 4);
3124 else
3125 sta->roaming_consortium = NULL;
3126 #endif /* CONFIG_HS20 */
3127
3128 #ifdef CONFIG_FST
3129 wpabuf_free(sta->mb_ies);
3130 if (hapd->iface->fst)
3131 sta->mb_ies = mb_ies_by_info(&elems.mb_ies);
3132 else
3133 sta->mb_ies = NULL;
3134 #endif /* CONFIG_FST */
3135
3136 #ifdef CONFIG_MBO
3137 mbo_ap_check_sta_assoc(hapd, sta, &elems);
3138
3139 if (hapd->conf->mbo_enabled && (hapd->conf->wpa & 2) &&
3140 elems.mbo && sta->cell_capa && !(sta->flags & WLAN_STA_MFP) &&
3141 hapd->conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
3142 wpa_printf(MSG_INFO,
3143 "MBO: Reject WPA2 association without PMF");
3144 return WLAN_STATUS_UNSPECIFIED_FAILURE;
3145 }
3146 #endif /* CONFIG_MBO */
3147
3148 #if defined(CONFIG_FILS) && defined(CONFIG_OCV)
3149 if (wpa_auth_uses_ocv(sta->wpa_sm) &&
3150 (sta->auth_alg == WLAN_AUTH_FILS_SK ||
3151 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
3152 sta->auth_alg == WLAN_AUTH_FILS_PK)) {
3153 struct wpa_channel_info ci;
3154 int tx_chanwidth;
3155 int tx_seg1_idx;
3156
3157 if (hostapd_drv_channel_info(hapd, &ci) != 0) {
3158 wpa_printf(MSG_WARNING,
3159 "Failed to get channel info to validate received OCI in FILS (Re)Association Request frame");
3160 return WLAN_STATUS_UNSPECIFIED_FAILURE;
3161 }
3162
3163 if (get_sta_tx_parameters(sta->wpa_sm,
3164 channel_width_to_int(ci.chanwidth),
3165 ci.seg1_idx, &tx_chanwidth,
3166 &tx_seg1_idx) < 0)
3167 return WLAN_STATUS_UNSPECIFIED_FAILURE;
3168
3169 if (ocv_verify_tx_params(elems.oci, elems.oci_len, &ci,
3170 tx_chanwidth, tx_seg1_idx) != 0) {
3171 wpa_printf(MSG_WARNING, "FILS: %s", ocv_errorstr);
3172 return WLAN_STATUS_UNSPECIFIED_FAILURE;
3173 }
3174 }
3175 #endif /* CONFIG_FILS && CONFIG_OCV */
3176
3177 ap_copy_sta_supp_op_classes(sta, elems.supp_op_classes,
3178 elems.supp_op_classes_len);
3179
3180 if ((sta->capability & WLAN_CAPABILITY_RADIO_MEASUREMENT) &&
3181 elems.rrm_enabled &&
3182 elems.rrm_enabled_len >= sizeof(sta->rrm_enabled_capa))
3183 os_memcpy(sta->rrm_enabled_capa, elems.rrm_enabled,
3184 sizeof(sta->rrm_enabled_capa));
3185
3186 if (elems.power_capab) {
3187 sta->min_tx_power = elems.power_capab[0];
3188 sta->max_tx_power = elems.power_capab[1];
3189 sta->power_capab = 1;
3190 } else {
3191 sta->power_capab = 0;
3192 }
3193
3194 return WLAN_STATUS_SUCCESS;
3195 }
3196
3197
3198 static void send_deauth(struct hostapd_data *hapd, const u8 *addr,
3199 u16 reason_code)
3200 {
3201 int send_len;
3202 struct ieee80211_mgmt reply;
3203
3204 os_memset(&reply, 0, sizeof(reply));
3205 reply.frame_control =
3206 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_DEAUTH);
3207 os_memcpy(reply.da, addr, ETH_ALEN);
3208 os_memcpy(reply.sa, hapd->own_addr, ETH_ALEN);
3209 os_memcpy(reply.bssid, hapd->own_addr, ETH_ALEN);
3210
3211 send_len = IEEE80211_HDRLEN + sizeof(reply.u.deauth);
3212 reply.u.deauth.reason_code = host_to_le16(reason_code);
3213
3214 if (hostapd_drv_send_mlme(hapd, &reply, send_len, 0) < 0)
3215 wpa_printf(MSG_INFO, "Failed to send deauth: %s",
3216 strerror(errno));
3217 }
3218
3219
3220 static int add_associated_sta(struct hostapd_data *hapd,
3221 struct sta_info *sta, int reassoc)
3222 {
3223 struct ieee80211_ht_capabilities ht_cap;
3224 struct ieee80211_vht_capabilities vht_cap;
3225 int set = 1;
3226
3227 /*
3228 * Remove the STA entry to ensure the STA PS state gets cleared and
3229 * configuration gets updated. This is relevant for cases, such as
3230 * FT-over-the-DS, where a station re-associates back to the same AP but
3231 * skips the authentication flow, or if working with a driver that
3232 * does not support full AP client state.
3233 *
3234 * Skip this if the STA has already completed FT reassociation and the
3235 * TK has been configured since the TX/RX PN must not be reset to 0 for
3236 * the same key.
3237 *
3238 * FT-over-the-DS has a special case where the STA entry (and as such,
3239 * the TK) has not yet been configured to the driver depending on which
3240 * driver interface is used. For that case, allow add-STA operation to
3241 * be used (instead of set-STA). This is needed to allow mac80211-based
3242 * drivers to accept the STA parameter configuration. Since this is
3243 * after a new FT-over-DS exchange, a new TK has been derived, so key
3244 * reinstallation is not a concern for this case.
3245 */
3246 wpa_printf(MSG_DEBUG, "Add associated STA " MACSTR
3247 " (added_unassoc=%d auth_alg=%u ft_over_ds=%u reassoc=%d authorized=%d ft_tk=%d fils_tk=%d)",
3248 MAC2STR(sta->addr), sta->added_unassoc, sta->auth_alg,
3249 sta->ft_over_ds, reassoc,
3250 !!(sta->flags & WLAN_STA_AUTHORIZED),
3251 wpa_auth_sta_ft_tk_already_set(sta->wpa_sm),
3252 wpa_auth_sta_fils_tk_already_set(sta->wpa_sm));
3253
3254 if (!sta->added_unassoc &&
3255 (!(sta->flags & WLAN_STA_AUTHORIZED) ||
3256 (reassoc && sta->ft_over_ds && sta->auth_alg == WLAN_AUTH_FT) ||
3257 (!wpa_auth_sta_ft_tk_already_set(sta->wpa_sm) &&
3258 !wpa_auth_sta_fils_tk_already_set(sta->wpa_sm)))) {
3259 hostapd_drv_sta_remove(hapd, sta->addr);
3260 wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
3261 set = 0;
3262
3263 /* Do not allow the FT-over-DS exception to be used more than
3264 * once per authentication exchange to guarantee a new TK is
3265 * used here */
3266 sta->ft_over_ds = 0;
3267 }
3268
3269 #ifdef CONFIG_IEEE80211N
3270 if (sta->flags & WLAN_STA_HT)
3271 hostapd_get_ht_capab(hapd, sta->ht_capabilities, &ht_cap);
3272 #endif /* CONFIG_IEEE80211N */
3273 #ifdef CONFIG_IEEE80211AC
3274 if (sta->flags & WLAN_STA_VHT)
3275 hostapd_get_vht_capab(hapd, sta->vht_capabilities, &vht_cap);
3276 #endif /* CONFIG_IEEE80211AC */
3277
3278 /*
3279 * Add the station with forced WLAN_STA_ASSOC flag. The sta->flags
3280 * will be set when the ACK frame for the (Re)Association Response frame
3281 * is processed (TX status driver event).
3282 */
3283 if (hostapd_sta_add(hapd, sta->addr, sta->aid, sta->capability,
3284 sta->supported_rates, sta->supported_rates_len,
3285 sta->listen_interval,
3286 sta->flags & WLAN_STA_HT ? &ht_cap : NULL,
3287 sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
3288 sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
3289 sta->vht_opmode, sta->p2p_ie ? 1 : 0,
3290 set)) {
3291 hostapd_logger(hapd, sta->addr,
3292 HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
3293 "Could not %s STA to kernel driver",
3294 set ? "set" : "add");
3295
3296 if (sta->added_unassoc) {
3297 hostapd_drv_sta_remove(hapd, sta->addr);
3298 sta->added_unassoc = 0;
3299 }
3300
3301 return -1;
3302 }
3303
3304 sta->added_unassoc = 0;
3305
3306 return 0;
3307 }
3308
3309
3310 static u16 send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta,
3311 const u8 *addr, u16 status_code, int reassoc,
3312 const u8 *ies, size_t ies_len, int rssi)
3313 {
3314 int send_len;
3315 u8 *buf;
3316 size_t buflen;
3317 struct ieee80211_mgmt *reply;
3318 u8 *p;
3319 u16 res = WLAN_STATUS_SUCCESS;
3320
3321 buflen = sizeof(struct ieee80211_mgmt) + 1024;
3322 #ifdef CONFIG_FILS
3323 if (sta && sta->fils_hlp_resp)
3324 buflen += wpabuf_len(sta->fils_hlp_resp);
3325 #endif /* CONFIG_FILS */
3326 #ifdef CONFIG_OWE
3327 if (sta && (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE))
3328 buflen += 150;
3329 #endif /* CONFIG_OWE */
3330 #ifdef CONFIG_DPP2
3331 if (sta && sta->dpp_pfs)
3332 buflen += 5 + sta->dpp_pfs->curve->prime_len;
3333 #endif /* CONFIG_DPP2 */
3334 buf = os_zalloc(buflen);
3335 if (!buf) {
3336 res = WLAN_STATUS_UNSPECIFIED_FAILURE;
3337 goto done;
3338 }
3339 reply = (struct ieee80211_mgmt *) buf;
3340 reply->frame_control =
3341 IEEE80211_FC(WLAN_FC_TYPE_MGMT,
3342 (reassoc ? WLAN_FC_STYPE_REASSOC_RESP :
3343 WLAN_FC_STYPE_ASSOC_RESP));
3344 os_memcpy(reply->da, addr, ETH_ALEN);
3345 os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN);
3346 os_memcpy(reply->bssid, hapd->own_addr, ETH_ALEN);
3347
3348 send_len = IEEE80211_HDRLEN;
3349 send_len += sizeof(reply->u.assoc_resp);
3350 reply->u.assoc_resp.capab_info =
3351 host_to_le16(hostapd_own_capab_info(hapd));
3352 reply->u.assoc_resp.status_code = host_to_le16(status_code);
3353
3354 reply->u.assoc_resp.aid = host_to_le16((sta ? sta->aid : 0) |
3355 BIT(14) | BIT(15));
3356 /* Supported rates */
3357 p = hostapd_eid_supp_rates(hapd, reply->u.assoc_resp.variable);
3358 /* Extended supported rates */
3359 p = hostapd_eid_ext_supp_rates(hapd, p);
3360
3361 #ifdef CONFIG_MBO
3362 if (status_code == WLAN_STATUS_DENIED_POOR_CHANNEL_CONDITIONS &&
3363 rssi != 0) {
3364 int delta = hapd->iconf->rssi_reject_assoc_rssi - rssi;
3365
3366 p = hostapd_eid_mbo_rssi_assoc_rej(hapd, p, buf + buflen - p,
3367 delta);
3368 }
3369 #endif /* CONFIG_MBO */
3370
3371 #ifdef CONFIG_IEEE80211R_AP
3372 if (sta && status_code == WLAN_STATUS_SUCCESS) {
3373 /* IEEE 802.11r: Mobility Domain Information, Fast BSS
3374 * Transition Information, RSN, [RIC Response] */
3375 p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, p,
3376 buf + buflen - p,
3377 sta->auth_alg, ies, ies_len);
3378 if (!p) {
3379 wpa_printf(MSG_DEBUG,
3380 "FT: Failed to write AssocResp IEs");
3381 res = WLAN_STATUS_UNSPECIFIED_FAILURE;
3382 goto done;
3383 }
3384 }
3385 #endif /* CONFIG_IEEE80211R_AP */
3386
3387 #ifdef CONFIG_OWE
3388 if (sta && status_code == WLAN_STATUS_SUCCESS &&
3389 (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE))
3390 p = wpa_auth_write_assoc_resp_owe(sta->wpa_sm, p,
3391 buf + buflen - p,
3392 ies, ies_len);
3393 #endif /* CONFIG_OWE */
3394
3395 #ifdef CONFIG_IEEE80211W
3396 if (sta && status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY)
3397 p = hostapd_eid_assoc_comeback_time(hapd, sta, p);
3398 #endif /* CONFIG_IEEE80211W */
3399
3400 #ifdef CONFIG_IEEE80211N
3401 p = hostapd_eid_ht_capabilities(hapd, p);
3402 p = hostapd_eid_ht_operation(hapd, p);
3403 #endif /* CONFIG_IEEE80211N */
3404
3405 #ifdef CONFIG_IEEE80211AC
3406 if (hapd->iconf->ieee80211ac && !hapd->conf->disable_11ac) {
3407 u32 nsts = 0, sta_nsts;
3408
3409 if (sta && hapd->conf->use_sta_nsts && sta->vht_capabilities) {
3410 struct ieee80211_vht_capabilities *capa;
3411
3412 nsts = (hapd->iface->conf->vht_capab >>
3413 VHT_CAP_BEAMFORMEE_STS_OFFSET) & 7;
3414 capa = sta->vht_capabilities;
3415 sta_nsts = (le_to_host32(capa->vht_capabilities_info) >>
3416 VHT_CAP_BEAMFORMEE_STS_OFFSET) & 7;
3417
3418 if (nsts < sta_nsts)
3419 nsts = 0;
3420 else
3421 nsts = sta_nsts;
3422 }
3423 p = hostapd_eid_vht_capabilities(hapd, p, nsts);
3424 p = hostapd_eid_vht_operation(hapd, p);
3425 }
3426 #endif /* CONFIG_IEEE80211AC */
3427
3428 p = hostapd_eid_ext_capab(hapd, p);
3429 p = hostapd_eid_bss_max_idle_period(hapd, p);
3430 if (sta && sta->qos_map_enabled)
3431 p = hostapd_eid_qos_map_set(hapd, p);
3432
3433 #ifdef CONFIG_FST
3434 if (hapd->iface->fst_ies) {
3435 os_memcpy(p, wpabuf_head(hapd->iface->fst_ies),
3436 wpabuf_len(hapd->iface->fst_ies));
3437 p += wpabuf_len(hapd->iface->fst_ies);
3438 }
3439 #endif /* CONFIG_FST */
3440
3441 #ifdef CONFIG_OWE
3442 if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) &&
3443 sta && sta->owe_ecdh && status_code == WLAN_STATUS_SUCCESS &&
3444 wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE) {
3445 struct wpabuf *pub;
3446
3447 pub = crypto_ecdh_get_pubkey(sta->owe_ecdh, 0);
3448 if (!pub) {
3449 res = WLAN_STATUS_UNSPECIFIED_FAILURE;
3450 goto done;
3451 }
3452 /* OWE Diffie-Hellman Parameter element */
3453 *p++ = WLAN_EID_EXTENSION; /* Element ID */
3454 *p++ = 1 + 2 + wpabuf_len(pub); /* Length */
3455 *p++ = WLAN_EID_EXT_OWE_DH_PARAM; /* Element ID Extension */
3456 WPA_PUT_LE16(p, sta->owe_group);
3457 p += 2;
3458 os_memcpy(p, wpabuf_head(pub), wpabuf_len(pub));
3459 p += wpabuf_len(pub);
3460 wpabuf_free(pub);
3461 }
3462 #endif /* CONFIG_OWE */
3463
3464 #ifdef CONFIG_DPP2
3465 if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_DPP) &&
3466 sta && sta->dpp_pfs && status_code == WLAN_STATUS_SUCCESS &&
3467 wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_DPP) {
3468 os_memcpy(p, wpabuf_head(sta->dpp_pfs->ie),
3469 wpabuf_len(sta->dpp_pfs->ie));
3470 p += wpabuf_len(sta->dpp_pfs->ie);
3471 }
3472 #endif /* CONFIG_DPP2 */
3473
3474 #ifdef CONFIG_IEEE80211AC
3475 if (sta && hapd->conf->vendor_vht && (sta->flags & WLAN_STA_VENDOR_VHT))
3476 p = hostapd_eid_vendor_vht(hapd, p);
3477 #endif /* CONFIG_IEEE80211AC */
3478
3479 if (sta && (sta->flags & WLAN_STA_WMM))
3480 p = hostapd_eid_wmm(hapd, p);
3481
3482 #ifdef CONFIG_WPS
3483 if (sta &&
3484 ((sta->flags & WLAN_STA_WPS) ||
3485 ((sta->flags & WLAN_STA_MAYBE_WPS) && hapd->conf->wpa))) {
3486 struct wpabuf *wps = wps_build_assoc_resp_ie();
3487 if (wps) {
3488 os_memcpy(p, wpabuf_head(wps), wpabuf_len(wps));
3489 p += wpabuf_len(wps);
3490 wpabuf_free(wps);
3491 }
3492 }
3493 #endif /* CONFIG_WPS */
3494
3495 if (sta && (sta->flags & WLAN_STA_MULTI_AP))
3496 p = hostapd_eid_multi_ap(hapd, p);
3497
3498 #ifdef CONFIG_P2P
3499 if (sta && sta->p2p_ie && hapd->p2p_group) {
3500 struct wpabuf *p2p_resp_ie;
3501 enum p2p_status_code status;
3502 switch (status_code) {
3503 case WLAN_STATUS_SUCCESS:
3504 status = P2P_SC_SUCCESS;
3505 break;
3506 case WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA:
3507 status = P2P_SC_FAIL_LIMIT_REACHED;
3508 break;
3509 default:
3510 status = P2P_SC_FAIL_INVALID_PARAMS;
3511 break;
3512 }
3513 p2p_resp_ie = p2p_group_assoc_resp_ie(hapd->p2p_group, status);
3514 if (p2p_resp_ie) {
3515 os_memcpy(p, wpabuf_head(p2p_resp_ie),
3516 wpabuf_len(p2p_resp_ie));
3517 p += wpabuf_len(p2p_resp_ie);
3518 wpabuf_free(p2p_resp_ie);
3519 }
3520 }
3521 #endif /* CONFIG_P2P */
3522
3523 #ifdef CONFIG_P2P_MANAGER
3524 if (hapd->conf->p2p & P2P_MANAGE)
3525 p = hostapd_eid_p2p_manage(hapd, p);
3526 #endif /* CONFIG_P2P_MANAGER */
3527
3528 p = hostapd_eid_mbo(hapd, p, buf + buflen - p);
3529
3530 if (hapd->conf->assocresp_elements &&
3531 (size_t) (buf + buflen - p) >=
3532 wpabuf_len(hapd->conf->assocresp_elements)) {
3533 os_memcpy(p, wpabuf_head(hapd->conf->assocresp_elements),
3534 wpabuf_len(hapd->conf->assocresp_elements));
3535 p += wpabuf_len(hapd->conf->assocresp_elements);
3536 }
3537
3538 send_len += p - reply->u.assoc_resp.variable;
3539
3540 #ifdef CONFIG_FILS
3541 if (sta &&
3542 (sta->auth_alg == WLAN_AUTH_FILS_SK ||
3543 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
3544 sta->auth_alg == WLAN_AUTH_FILS_PK) &&
3545 status_code == WLAN_STATUS_SUCCESS) {
3546 struct ieee802_11_elems elems;
3547
3548 if (ieee802_11_parse_elems(ies, ies_len, &elems, 0) ==
3549 ParseFailed || !elems.fils_session) {
3550 res = WLAN_STATUS_UNSPECIFIED_FAILURE;
3551 goto done;
3552 }
3553
3554 /* FILS Session */
3555 *p++ = WLAN_EID_EXTENSION; /* Element ID */
3556 *p++ = 1 + FILS_SESSION_LEN; /* Length */
3557 *p++ = WLAN_EID_EXT_FILS_SESSION; /* Element ID Extension */
3558 os_memcpy(p, elems.fils_session, FILS_SESSION_LEN);
3559 send_len += 2 + 1 + FILS_SESSION_LEN;
3560
3561 send_len = fils_encrypt_assoc(sta->wpa_sm, buf, send_len,
3562 buflen, sta->fils_hlp_resp);
3563 if (send_len < 0) {
3564 res = WLAN_STATUS_UNSPECIFIED_FAILURE;
3565 goto done;
3566 }
3567 }
3568 #endif /* CONFIG_FILS */
3569
3570 if (hostapd_drv_send_mlme(hapd, reply, send_len, 0) < 0) {
3571 wpa_printf(MSG_INFO, "Failed to send assoc resp: %s",
3572 strerror(errno));
3573 res = WLAN_STATUS_UNSPECIFIED_FAILURE;
3574 }
3575
3576 done:
3577 os_free(buf);
3578 return res;
3579 }
3580
3581
3582 #ifdef CONFIG_OWE
3583 u8 * owe_assoc_req_process(struct hostapd_data *hapd, struct sta_info *sta,
3584 const u8 *owe_dh, u8 owe_dh_len,
3585 u8 *owe_buf, size_t owe_buf_len, u16 *reason)
3586 {
3587 #ifdef CONFIG_TESTING_OPTIONS
3588 if (hapd->conf->own_ie_override) {
3589 wpa_printf(MSG_DEBUG, "OWE: Using IE override");
3590 *reason = WLAN_STATUS_SUCCESS;
3591 return wpa_auth_write_assoc_resp_owe(sta->wpa_sm, owe_buf,
3592 owe_buf_len, NULL, 0);
3593 }
3594 #endif /* CONFIG_TESTING_OPTIONS */
3595
3596 if (wpa_auth_sta_get_pmksa(sta->wpa_sm)) {
3597 wpa_printf(MSG_DEBUG, "OWE: Using PMKSA caching");
3598 owe_buf = wpa_auth_write_assoc_resp_owe(sta->wpa_sm, owe_buf,
3599 owe_buf_len, NULL, 0);
3600 *reason = WLAN_STATUS_SUCCESS;
3601 return owe_buf;
3602 }
3603
3604 *reason = owe_process_assoc_req(hapd, sta, owe_dh, owe_dh_len);
3605 if (*reason != WLAN_STATUS_SUCCESS)
3606 return NULL;
3607
3608 owe_buf = wpa_auth_write_assoc_resp_owe(sta->wpa_sm, owe_buf,
3609 owe_buf_len, NULL, 0);
3610
3611 if (sta->owe_ecdh && owe_buf) {
3612 struct wpabuf *pub;
3613
3614 pub = crypto_ecdh_get_pubkey(sta->owe_ecdh, 0);
3615 if (!pub) {
3616 *reason = WLAN_STATUS_UNSPECIFIED_FAILURE;
3617 return owe_buf;
3618 }
3619
3620 /* OWE Diffie-Hellman Parameter element */
3621 *owe_buf++ = WLAN_EID_EXTENSION; /* Element ID */
3622 *owe_buf++ = 1 + 2 + wpabuf_len(pub); /* Length */
3623 *owe_buf++ = WLAN_EID_EXT_OWE_DH_PARAM; /* Element ID Extension
3624 */
3625 WPA_PUT_LE16(owe_buf, sta->owe_group);
3626 owe_buf += 2;
3627 os_memcpy(owe_buf, wpabuf_head(pub), wpabuf_len(pub));
3628 owe_buf += wpabuf_len(pub);
3629 wpabuf_free(pub);
3630 }
3631
3632 return owe_buf;
3633 }
3634 #endif /* CONFIG_OWE */
3635
3636
3637 #ifdef CONFIG_FILS
3638
3639 void fils_hlp_finish_assoc(struct hostapd_data *hapd, struct sta_info *sta)
3640 {
3641 u16 reply_res;
3642
3643 wpa_printf(MSG_DEBUG, "FILS: Finish association with " MACSTR,
3644 MAC2STR(sta->addr));
3645 eloop_cancel_timeout(fils_hlp_timeout, hapd, sta);
3646 if (!sta->fils_pending_assoc_req)
3647 return;
3648 reply_res = send_assoc_resp(hapd, sta, sta->addr, WLAN_STATUS_SUCCESS,
3649 sta->fils_pending_assoc_is_reassoc,
3650 sta->fils_pending_assoc_req,
3651 sta->fils_pending_assoc_req_len, 0);
3652 os_free(sta->fils_pending_assoc_req);
3653 sta->fils_pending_assoc_req = NULL;
3654 sta->fils_pending_assoc_req_len = 0;
3655 wpabuf_free(sta->fils_hlp_resp);
3656 sta->fils_hlp_resp = NULL;
3657 wpabuf_free(sta->hlp_dhcp_discover);
3658 sta->hlp_dhcp_discover = NULL;
3659
3660 /*
3661 * Remove the station in case transmission of a success response fails.
3662 * At this point the station was already added associated to the driver.
3663 */
3664 if (reply_res != WLAN_STATUS_SUCCESS)
3665 hostapd_drv_sta_remove(hapd, sta->addr);
3666 }
3667
3668
3669 void fils_hlp_timeout(void *eloop_ctx, void *eloop_data)
3670 {
3671 struct hostapd_data *hapd = eloop_ctx;
3672 struct sta_info *sta = eloop_data;
3673
3674 wpa_printf(MSG_DEBUG,
3675 "FILS: HLP response timeout - continue with association response for "
3676 MACSTR, MAC2STR(sta->addr));
3677 if (sta->fils_drv_assoc_finish)
3678 hostapd_notify_assoc_fils_finish(hapd, sta);
3679 else
3680 fils_hlp_finish_assoc(hapd, sta);
3681 }
3682
3683 #endif /* CONFIG_FILS */
3684
3685
3686 static void handle_assoc(struct hostapd_data *hapd,
3687 const struct ieee80211_mgmt *mgmt, size_t len,
3688 int reassoc, int rssi)
3689 {
3690 u16 capab_info, listen_interval, seq_ctrl, fc;
3691 u16 resp = WLAN_STATUS_SUCCESS, reply_res;
3692 const u8 *pos;
3693 int left, i;
3694 struct sta_info *sta;
3695 u8 *tmp = NULL;
3696 struct hostapd_sta_wpa_psk_short *psk = NULL;
3697 char *identity = NULL;
3698 char *radius_cui = NULL;
3699 #ifdef CONFIG_FILS
3700 int delay_assoc = 0;
3701 #endif /* CONFIG_FILS */
3702
3703 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) :
3704 sizeof(mgmt->u.assoc_req))) {
3705 wpa_printf(MSG_INFO, "handle_assoc(reassoc=%d) - too short payload (len=%lu)",
3706 reassoc, (unsigned long) len);
3707 return;
3708 }
3709
3710 #ifdef CONFIG_TESTING_OPTIONS
3711 if (reassoc) {
3712 if (hapd->iconf->ignore_reassoc_probability > 0.0 &&
3713 drand48() < hapd->iconf->ignore_reassoc_probability) {
3714 wpa_printf(MSG_INFO,
3715 "TESTING: ignoring reassoc request from "
3716 MACSTR, MAC2STR(mgmt->sa));
3717 return;
3718 }
3719 } else {
3720 if (hapd->iconf->ignore_assoc_probability > 0.0 &&
3721 drand48() < hapd->iconf->ignore_assoc_probability) {
3722 wpa_printf(MSG_INFO,
3723 "TESTING: ignoring assoc request from "
3724 MACSTR, MAC2STR(mgmt->sa));
3725 return;
3726 }
3727 }
3728 #endif /* CONFIG_TESTING_OPTIONS */
3729
3730 fc = le_to_host16(mgmt->frame_control);
3731 seq_ctrl = le_to_host16(mgmt->seq_ctrl);
3732
3733 if (reassoc) {
3734 capab_info = le_to_host16(mgmt->u.reassoc_req.capab_info);
3735 listen_interval = le_to_host16(
3736 mgmt->u.reassoc_req.listen_interval);
3737 wpa_printf(MSG_DEBUG, "reassociation request: STA=" MACSTR
3738 " capab_info=0x%02x listen_interval=%d current_ap="
3739 MACSTR " seq_ctrl=0x%x%s",
3740 MAC2STR(mgmt->sa), capab_info, listen_interval,
3741 MAC2STR(mgmt->u.reassoc_req.current_ap),
3742 seq_ctrl, (fc & WLAN_FC_RETRY) ? " retry" : "");
3743 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.reassoc_req));
3744 pos = mgmt->u.reassoc_req.variable;
3745 } else {
3746 capab_info = le_to_host16(mgmt->u.assoc_req.capab_info);
3747 listen_interval = le_to_host16(
3748 mgmt->u.assoc_req.listen_interval);
3749 wpa_printf(MSG_DEBUG, "association request: STA=" MACSTR
3750 " capab_info=0x%02x listen_interval=%d "
3751 "seq_ctrl=0x%x%s",
3752 MAC2STR(mgmt->sa), capab_info, listen_interval,
3753 seq_ctrl, (fc & WLAN_FC_RETRY) ? " retry" : "");
3754 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.assoc_req));
3755 pos = mgmt->u.assoc_req.variable;
3756 }
3757
3758 sta = ap_get_sta(hapd, mgmt->sa);
3759 #ifdef CONFIG_IEEE80211R_AP
3760 if (sta && sta->auth_alg == WLAN_AUTH_FT &&
3761 (sta->flags & WLAN_STA_AUTH) == 0) {
3762 wpa_printf(MSG_DEBUG, "FT: Allow STA " MACSTR " to associate "
3763 "prior to authentication since it is using "
3764 "over-the-DS FT", MAC2STR(mgmt->sa));
3765
3766 /*
3767 * Mark station as authenticated, to avoid adding station
3768 * entry in the driver as associated and not authenticated
3769 */
3770 sta->flags |= WLAN_STA_AUTH;
3771 } else
3772 #endif /* CONFIG_IEEE80211R_AP */
3773 if (sta == NULL || (sta->flags & WLAN_STA_AUTH) == 0) {
3774 if (hapd->iface->current_mode &&
3775 hapd->iface->current_mode->mode ==
3776 HOSTAPD_MODE_IEEE80211AD) {
3777 int acl_res;
3778 u32 session_timeout, acct_interim_interval;
3779 struct vlan_description vlan_id;
3780
3781 acl_res = ieee802_11_allowed_address(
3782 hapd, mgmt->sa, (const u8 *) mgmt, len,
3783 &session_timeout, &acct_interim_interval,
3784 &vlan_id, &psk, &identity, &radius_cui, 0);
3785 if (acl_res == HOSTAPD_ACL_REJECT) {
3786 wpa_msg(hapd->msg_ctx, MSG_DEBUG,
3787 "Ignore Association Request frame from "
3788 MACSTR " due to ACL reject",
3789 MAC2STR(mgmt->sa));
3790 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
3791 goto fail;
3792 }
3793 if (acl_res == HOSTAPD_ACL_PENDING)
3794 return;
3795
3796 /* DMG/IEEE 802.11ad does not use authentication.
3797 * Allocate sta entry upon association. */
3798 sta = ap_sta_add(hapd, mgmt->sa);
3799 if (!sta) {
3800 hostapd_logger(hapd, mgmt->sa,
3801 HOSTAPD_MODULE_IEEE80211,
3802 HOSTAPD_LEVEL_INFO,
3803 "Failed to add STA");
3804 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
3805 goto fail;
3806 }
3807
3808 acl_res = ieee802_11_set_radius_info(
3809 hapd, sta, acl_res, session_timeout,
3810 acct_interim_interval, &vlan_id, &psk,
3811 &identity, &radius_cui);
3812 if (acl_res) {
3813 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
3814 goto fail;
3815 }
3816
3817 hostapd_logger(hapd, sta->addr,
3818 HOSTAPD_MODULE_IEEE80211,
3819 HOSTAPD_LEVEL_DEBUG,
3820 "Skip authentication for DMG/IEEE 802.11ad");
3821 sta->flags |= WLAN_STA_AUTH;
3822 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
3823 sta->auth_alg = WLAN_AUTH_OPEN;
3824 } else {
3825 hostapd_logger(hapd, mgmt->sa,
3826 HOSTAPD_MODULE_IEEE80211,
3827 HOSTAPD_LEVEL_INFO,
3828 "Station tried to associate before authentication (aid=%d flags=0x%x)",
3829 sta ? sta->aid : -1,
3830 sta ? sta->flags : 0);
3831 send_deauth(hapd, mgmt->sa,
3832 WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA);
3833 return;
3834 }
3835 }
3836
3837 if ((fc & WLAN_FC_RETRY) &&
3838 sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ &&
3839 sta->last_seq_ctrl == seq_ctrl &&
3840 sta->last_subtype == (reassoc ? WLAN_FC_STYPE_REASSOC_REQ :
3841 WLAN_FC_STYPE_ASSOC_REQ)) {
3842 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
3843 HOSTAPD_LEVEL_DEBUG,
3844 "Drop repeated association frame seq_ctrl=0x%x",
3845 seq_ctrl);
3846 return;
3847 }
3848 sta->last_seq_ctrl = seq_ctrl;
3849 sta->last_subtype = reassoc ? WLAN_FC_STYPE_REASSOC_REQ :
3850 WLAN_FC_STYPE_ASSOC_REQ;
3851
3852 if (hapd->tkip_countermeasures) {
3853 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
3854 goto fail;
3855 }
3856
3857 if (listen_interval > hapd->conf->max_listen_interval) {
3858 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
3859 HOSTAPD_LEVEL_DEBUG,
3860 "Too large Listen Interval (%d)",
3861 listen_interval);
3862 resp = WLAN_STATUS_ASSOC_DENIED_LISTEN_INT_TOO_LARGE;
3863 goto fail;
3864 }
3865
3866 #ifdef CONFIG_MBO
3867 if (hapd->conf->mbo_enabled && hapd->mbo_assoc_disallow) {
3868 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
3869 goto fail;
3870 }
3871
3872 if (hapd->iconf->rssi_reject_assoc_rssi && rssi &&
3873 rssi < hapd->iconf->rssi_reject_assoc_rssi &&
3874 (sta->auth_rssi == 0 ||
3875 sta->auth_rssi < hapd->iconf->rssi_reject_assoc_rssi)) {
3876 resp = WLAN_STATUS_DENIED_POOR_CHANNEL_CONDITIONS;
3877 goto fail;
3878 }
3879 #endif /* CONFIG_MBO */
3880
3881 /*
3882 * sta->capability is used in check_assoc_ies() for RRM enabled
3883 * capability element.
3884 */
3885 sta->capability = capab_info;
3886
3887 #ifdef CONFIG_FILS
3888 if (sta->auth_alg == WLAN_AUTH_FILS_SK ||
3889 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
3890 sta->auth_alg == WLAN_AUTH_FILS_PK) {
3891 int res;
3892
3893 /* The end of the payload is encrypted. Need to decrypt it
3894 * before parsing. */
3895
3896 tmp = os_memdup(pos, left);
3897 if (!tmp) {
3898 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
3899 goto fail;
3900 }
3901
3902 res = fils_decrypt_assoc(sta->wpa_sm, sta->fils_session, mgmt,
3903 len, tmp, left);
3904 if (res < 0) {
3905 resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
3906 goto fail;
3907 }
3908 pos = tmp;
3909 left = res;
3910 }
3911 #endif /* CONFIG_FILS */
3912
3913 /* followed by SSID and Supported rates; and HT capabilities if 802.11n
3914 * is used */
3915 resp = check_assoc_ies(hapd, sta, pos, left, reassoc);
3916 if (resp != WLAN_STATUS_SUCCESS)
3917 goto fail;
3918
3919 if (hostapd_get_aid(hapd, sta) < 0) {
3920 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
3921 HOSTAPD_LEVEL_INFO, "No room for more AIDs");
3922 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
3923 goto fail;
3924 }
3925
3926 sta->listen_interval = listen_interval;
3927
3928 if (hapd->iface->current_mode &&
3929 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G)
3930 sta->flags |= WLAN_STA_NONERP;
3931 for (i = 0; i < sta->supported_rates_len; i++) {
3932 if ((sta->supported_rates[i] & 0x7f) > 22) {
3933 sta->flags &= ~WLAN_STA_NONERP;
3934 break;
3935 }
3936 }
3937 if (sta->flags & WLAN_STA_NONERP && !sta->nonerp_set) {
3938 sta->nonerp_set = 1;
3939 hapd->iface->num_sta_non_erp++;
3940 if (hapd->iface->num_sta_non_erp == 1)
3941 ieee802_11_set_beacons(hapd->iface);
3942 }
3943
3944 if (!(sta->capability & WLAN_CAPABILITY_SHORT_SLOT_TIME) &&
3945 !sta->no_short_slot_time_set) {
3946 sta->no_short_slot_time_set = 1;
3947 hapd->iface->num_sta_no_short_slot_time++;
3948 if (hapd->iface->current_mode &&
3949 hapd->iface->current_mode->mode ==
3950 HOSTAPD_MODE_IEEE80211G &&
3951 hapd->iface->num_sta_no_short_slot_time == 1)
3952 ieee802_11_set_beacons(hapd->iface);
3953 }
3954
3955 if (sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE)
3956 sta->flags |= WLAN_STA_SHORT_PREAMBLE;
3957 else
3958 sta->flags &= ~WLAN_STA_SHORT_PREAMBLE;
3959
3960 if (!(sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE) &&
3961 !sta->no_short_preamble_set) {
3962 sta->no_short_preamble_set = 1;
3963 hapd->iface->num_sta_no_short_preamble++;
3964 if (hapd->iface->current_mode &&
3965 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G
3966 && hapd->iface->num_sta_no_short_preamble == 1)
3967 ieee802_11_set_beacons(hapd->iface);
3968 }
3969
3970 #ifdef CONFIG_IEEE80211N
3971 update_ht_state(hapd, sta);
3972 #endif /* CONFIG_IEEE80211N */
3973
3974 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
3975 HOSTAPD_LEVEL_DEBUG,
3976 "association OK (aid %d)", sta->aid);
3977 /* Station will be marked associated, after it acknowledges AssocResp
3978 */
3979 sta->flags |= WLAN_STA_ASSOC_REQ_OK;
3980
3981 #ifdef CONFIG_IEEE80211W
3982 if ((sta->flags & WLAN_STA_MFP) && sta->sa_query_timed_out) {
3983 wpa_printf(MSG_DEBUG, "Allowing %sassociation after timed out "
3984 "SA Query procedure", reassoc ? "re" : "");
3985 /* TODO: Send a protected Disassociate frame to the STA using
3986 * the old key and Reason Code "Previous Authentication no
3987 * longer valid". Make sure this is only sent protected since
3988 * unprotected frame would be received by the STA that is now
3989 * trying to associate.
3990 */
3991 }
3992 #endif /* CONFIG_IEEE80211W */
3993
3994 /* Make sure that the previously registered inactivity timer will not
3995 * remove the STA immediately. */
3996 sta->timeout_next = STA_NULLFUNC;
3997
3998 #ifdef CONFIG_TAXONOMY
3999 taxonomy_sta_info_assoc_req(hapd, sta, pos, left);
4000 #endif /* CONFIG_TAXONOMY */
4001
4002 sta->pending_wds_enable = 0;
4003
4004 #ifdef CONFIG_FILS
4005 if (sta->auth_alg == WLAN_AUTH_FILS_SK ||
4006 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
4007 sta->auth_alg == WLAN_AUTH_FILS_PK) {
4008 if (fils_process_hlp(hapd, sta, pos, left) > 0)
4009 delay_assoc = 1;
4010 }
4011 #endif /* CONFIG_FILS */
4012
4013 fail:
4014 os_free(identity);
4015 os_free(radius_cui);
4016 hostapd_free_psk_list(psk);
4017
4018 /*
4019 * In case of a successful response, add the station to the driver.
4020 * Otherwise, the kernel may ignore Data frames before we process the
4021 * ACK frame (TX status). In case of a failure, this station will be
4022 * removed.
4023 *
4024 * Note that this is not compliant with the IEEE 802.11 standard that
4025 * states that a non-AP station should transition into the
4026 * authenticated/associated state only after the station acknowledges
4027 * the (Re)Association Response frame. However, still do this as:
4028 *
4029 * 1. In case the station does not acknowledge the (Re)Association
4030 * Response frame, it will be removed.
4031 * 2. Data frames will be dropped in the kernel until the station is
4032 * set into authorized state, and there are no significant known
4033 * issues with processing other non-Data Class 3 frames during this
4034 * window.
4035 */
4036 if (resp == WLAN_STATUS_SUCCESS && sta &&
4037 add_associated_sta(hapd, sta, reassoc))
4038 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
4039
4040 #ifdef CONFIG_FILS
4041 if (sta && delay_assoc && resp == WLAN_STATUS_SUCCESS &&
4042 eloop_is_timeout_registered(fils_hlp_timeout, hapd, sta) &&
4043 sta->fils_pending_assoc_req) {
4044 /* Do not reschedule fils_hlp_timeout in case the station
4045 * retransmits (Re)Association Request frame while waiting for
4046 * the previously started FILS HLP wait, so that the timeout can
4047 * be determined from the first pending attempt. */
4048 wpa_printf(MSG_DEBUG,
4049 "FILS: Continue waiting for HLP processing before sending (Re)Association Response frame to "
4050 MACSTR, MAC2STR(sta->addr));
4051 os_free(tmp);
4052 return;
4053 }
4054 if (sta) {
4055 eloop_cancel_timeout(fils_hlp_timeout, hapd, sta);
4056 os_free(sta->fils_pending_assoc_req);
4057 sta->fils_pending_assoc_req = NULL;
4058 sta->fils_pending_assoc_req_len = 0;
4059 wpabuf_free(sta->fils_hlp_resp);
4060 sta->fils_hlp_resp = NULL;
4061 }
4062 if (sta && delay_assoc && resp == WLAN_STATUS_SUCCESS) {
4063 sta->fils_pending_assoc_req = tmp;
4064 sta->fils_pending_assoc_req_len = left;
4065 sta->fils_pending_assoc_is_reassoc = reassoc;
4066 sta->fils_drv_assoc_finish = 0;
4067 wpa_printf(MSG_DEBUG,
4068 "FILS: Waiting for HLP processing before sending (Re)Association Response frame to "
4069 MACSTR, MAC2STR(sta->addr));
4070 eloop_cancel_timeout(fils_hlp_timeout, hapd, sta);
4071 eloop_register_timeout(0, hapd->conf->fils_hlp_wait_time * 1024,
4072 fils_hlp_timeout, hapd, sta);
4073 return;
4074 }
4075 #endif /* CONFIG_FILS */
4076
4077 reply_res = send_assoc_resp(hapd, sta, mgmt->sa, resp, reassoc, pos,
4078 left, rssi);
4079 os_free(tmp);
4080
4081 /*
4082 * Remove the station in case tranmission of a success response fails
4083 * (the STA was added associated to the driver) or if the station was
4084 * previously added unassociated.
4085 */
4086 if (sta && ((reply_res != WLAN_STATUS_SUCCESS &&
4087 resp == WLAN_STATUS_SUCCESS) || sta->added_unassoc)) {
4088 hostapd_drv_sta_remove(hapd, sta->addr);
4089 sta->added_unassoc = 0;
4090 }
4091 }
4092
4093
4094 static void handle_disassoc(struct hostapd_data *hapd,
4095 const struct ieee80211_mgmt *mgmt, size_t len)
4096 {
4097 struct sta_info *sta;
4098
4099 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.disassoc)) {
4100 wpa_printf(MSG_INFO, "handle_disassoc - too short payload (len=%lu)",
4101 (unsigned long) len);
4102 return;
4103 }
4104
4105 wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d",
4106 MAC2STR(mgmt->sa),
4107 le_to_host16(mgmt->u.disassoc.reason_code));
4108
4109 sta = ap_get_sta(hapd, mgmt->sa);
4110 if (sta == NULL) {
4111 wpa_printf(MSG_INFO, "Station " MACSTR " trying to disassociate, but it is not associated",
4112 MAC2STR(mgmt->sa));
4113 return;
4114 }
4115
4116 ap_sta_set_authorized(hapd, sta, 0);
4117 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
4118 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK);
4119 wpa_auth_sm_event(sta->wpa_sm, WPA_DISASSOC);
4120 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
4121 HOSTAPD_LEVEL_INFO, "disassociated");
4122 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST;
4123 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
4124 /* Stop Accounting and IEEE 802.1X sessions, but leave the STA
4125 * authenticated. */
4126 accounting_sta_stop(hapd, sta);
4127 ieee802_1x_free_station(hapd, sta);
4128 if (sta->ipaddr)
4129 hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr);
4130 ap_sta_ip6addr_del(hapd, sta);
4131 hostapd_drv_sta_remove(hapd, sta->addr);
4132 sta->added_unassoc = 0;
4133
4134 if (sta->timeout_next == STA_NULLFUNC ||
4135 sta->timeout_next == STA_DISASSOC) {
4136 sta->timeout_next = STA_DEAUTH;
4137 eloop_cancel_timeout(ap_handle_timer, hapd, sta);
4138 eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer,
4139 hapd, sta);
4140 }
4141
4142 mlme_disassociate_indication(
4143 hapd, sta, le_to_host16(mgmt->u.disassoc.reason_code));
4144
4145 /* DMG/IEEE 802.11ad does not use deauthication. Deallocate sta upon
4146 * disassociation. */
4147 if (hapd->iface->current_mode &&
4148 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) {
4149 sta->flags &= ~WLAN_STA_AUTH;
4150 wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH);
4151 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
4152 HOSTAPD_LEVEL_DEBUG, "deauthenticated");
4153 ap_free_sta(hapd, sta);
4154 }
4155 }
4156
4157
4158 static void handle_deauth(struct hostapd_data *hapd,
4159 const struct ieee80211_mgmt *mgmt, size_t len)
4160 {
4161 struct sta_info *sta;
4162
4163 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.deauth)) {
4164 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "handle_deauth - too short "
4165 "payload (len=%lu)", (unsigned long) len);
4166 return;
4167 }
4168
4169 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "deauthentication: STA=" MACSTR
4170 " reason_code=%d",
4171 MAC2STR(mgmt->sa), le_to_host16(mgmt->u.deauth.reason_code));
4172
4173 sta = ap_get_sta(hapd, mgmt->sa);
4174 if (sta == NULL) {
4175 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR " trying "
4176 "to deauthenticate, but it is not authenticated",
4177 MAC2STR(mgmt->sa));
4178 return;
4179 }
4180
4181 ap_sta_set_authorized(hapd, sta, 0);
4182 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
4183 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC |
4184 WLAN_STA_ASSOC_REQ_OK);
4185 wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH);
4186 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
4187 HOSTAPD_LEVEL_DEBUG, "deauthenticated");
4188 mlme_deauthenticate_indication(
4189 hapd, sta, le_to_host16(mgmt->u.deauth.reason_code));
4190 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST;
4191 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
4192 ap_free_sta(hapd, sta);
4193 }
4194
4195
4196 static void handle_beacon(struct hostapd_data *hapd,
4197 const struct ieee80211_mgmt *mgmt, size_t len,
4198 struct hostapd_frame_info *fi)
4199 {
4200 struct ieee802_11_elems elems;
4201
4202 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.beacon)) {
4203 wpa_printf(MSG_INFO, "handle_beacon - too short payload (len=%lu)",
4204 (unsigned long) len);
4205 return;
4206 }
4207
4208 (void) ieee802_11_parse_elems(mgmt->u.beacon.variable,
4209 len - (IEEE80211_HDRLEN +
4210 sizeof(mgmt->u.beacon)), &elems,
4211 0);
4212
4213 ap_list_process_beacon(hapd->iface, mgmt, &elems, fi);
4214 }
4215
4216
4217 #ifdef CONFIG_IEEE80211W
4218 static int robust_action_frame(u8 category)
4219 {
4220 return category != WLAN_ACTION_PUBLIC &&
4221 category != WLAN_ACTION_HT;
4222 }
4223 #endif /* CONFIG_IEEE80211W */
4224
4225
4226 static int handle_action(struct hostapd_data *hapd,
4227 const struct ieee80211_mgmt *mgmt, size_t len,
4228 unsigned int freq)
4229 {
4230 struct sta_info *sta;
4231 u8 *action __maybe_unused;
4232
4233 if (len < IEEE80211_HDRLEN + 2 + 1) {
4234 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
4235 HOSTAPD_LEVEL_DEBUG,
4236 "handle_action - too short payload (len=%lu)",
4237 (unsigned long) len);
4238 return 0;
4239 }
4240
4241 action = (u8 *) &mgmt->u.action.u;
4242 wpa_printf(MSG_DEBUG, "RX_ACTION category %u action %u sa " MACSTR
4243 " da " MACSTR " len %d freq %u",
4244 mgmt->u.action.category, *action,
4245 MAC2STR(mgmt->sa), MAC2STR(mgmt->da), (int) len, freq);
4246
4247 sta = ap_get_sta(hapd, mgmt->sa);
4248
4249 if (mgmt->u.action.category != WLAN_ACTION_PUBLIC &&
4250 (sta == NULL || !(sta->flags & WLAN_STA_ASSOC))) {
4251 wpa_printf(MSG_DEBUG, "IEEE 802.11: Ignored Action "
4252 "frame (category=%u) from unassociated STA " MACSTR,
4253 mgmt->u.action.category, MAC2STR(mgmt->sa));
4254 return 0;
4255 }
4256
4257 #ifdef CONFIG_IEEE80211W
4258 if (sta && (sta->flags & WLAN_STA_MFP) &&
4259 !(mgmt->frame_control & host_to_le16(WLAN_FC_ISWEP)) &&
4260 robust_action_frame(mgmt->u.action.category)) {
4261 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
4262 HOSTAPD_LEVEL_DEBUG,
4263 "Dropped unprotected Robust Action frame from "
4264 "an MFP STA");
4265 return 0;
4266 }
4267 #endif /* CONFIG_IEEE80211W */
4268
4269 if (sta) {
4270 u16 fc = le_to_host16(mgmt->frame_control);
4271 u16 seq_ctrl = le_to_host16(mgmt->seq_ctrl);
4272
4273 if ((fc & WLAN_FC_RETRY) &&
4274 sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ &&
4275 sta->last_seq_ctrl == seq_ctrl &&
4276 sta->last_subtype == WLAN_FC_STYPE_ACTION) {
4277 hostapd_logger(hapd, sta->addr,
4278 HOSTAPD_MODULE_IEEE80211,
4279 HOSTAPD_LEVEL_DEBUG,
4280 "Drop repeated action frame seq_ctrl=0x%x",
4281 seq_ctrl);
4282 return 1;
4283 }
4284
4285 sta->last_seq_ctrl = seq_ctrl;
4286 sta->last_subtype = WLAN_FC_STYPE_ACTION;
4287 }
4288
4289 switch (mgmt->u.action.category) {
4290 #ifdef CONFIG_IEEE80211R_AP
4291 case WLAN_ACTION_FT:
4292 if (!sta ||
4293 wpa_ft_action_rx(sta->wpa_sm, (u8 *) &mgmt->u.action,
4294 len - IEEE80211_HDRLEN))
4295 break;
4296 return 1;
4297 #endif /* CONFIG_IEEE80211R_AP */
4298 case WLAN_ACTION_WMM:
4299 hostapd_wmm_action(hapd, mgmt, len);
4300 return 1;
4301 #ifdef CONFIG_IEEE80211W
4302 case WLAN_ACTION_SA_QUERY:
4303 ieee802_11_sa_query_action(hapd, mgmt, len);
4304 return 1;
4305 #endif /* CONFIG_IEEE80211W */
4306 #ifdef CONFIG_WNM_AP
4307 case WLAN_ACTION_WNM:
4308 ieee802_11_rx_wnm_action_ap(hapd, mgmt, len);
4309 return 1;
4310 #endif /* CONFIG_WNM_AP */
4311 #ifdef CONFIG_FST
4312 case WLAN_ACTION_FST:
4313 if (hapd->iface->fst)
4314 fst_rx_action(hapd->iface->fst, mgmt, len);
4315 else
4316 wpa_printf(MSG_DEBUG,
4317 "FST: Ignore FST Action frame - no FST attached");
4318 return 1;
4319 #endif /* CONFIG_FST */
4320 case WLAN_ACTION_PUBLIC:
4321 case WLAN_ACTION_PROTECTED_DUAL:
4322 #ifdef CONFIG_IEEE80211N
4323 if (len >= IEEE80211_HDRLEN + 2 &&
4324 mgmt->u.action.u.public_action.action ==
4325 WLAN_PA_20_40_BSS_COEX) {
4326 hostapd_2040_coex_action(hapd, mgmt, len);
4327 return 1;
4328 }
4329 #endif /* CONFIG_IEEE80211N */
4330 #ifdef CONFIG_DPP
4331 if (len >= IEEE80211_HDRLEN + 6 &&
4332 mgmt->u.action.u.vs_public_action.action ==
4333 WLAN_PA_VENDOR_SPECIFIC &&
4334 WPA_GET_BE24(mgmt->u.action.u.vs_public_action.oui) ==
4335 OUI_WFA &&
4336 mgmt->u.action.u.vs_public_action.variable[0] ==
4337 DPP_OUI_TYPE) {
4338 const u8 *pos, *end;
4339
4340 pos = mgmt->u.action.u.vs_public_action.oui;
4341 end = ((const u8 *) mgmt) + len;
4342 hostapd_dpp_rx_action(hapd, mgmt->sa, pos, end - pos,
4343 freq);
4344 return 1;
4345 }
4346 if (len >= IEEE80211_HDRLEN + 2 &&
4347 (mgmt->u.action.u.public_action.action ==
4348 WLAN_PA_GAS_INITIAL_RESP ||
4349 mgmt->u.action.u.public_action.action ==
4350 WLAN_PA_GAS_COMEBACK_RESP)) {
4351 const u8 *pos, *end;
4352
4353 pos = &mgmt->u.action.u.public_action.action;
4354 end = ((const u8 *) mgmt) + len;
4355 gas_query_ap_rx(hapd->gas, mgmt->sa,
4356 mgmt->u.action.category,
4357 pos, end - pos, hapd->iface->freq);
4358 return 1;
4359 }
4360 #endif /* CONFIG_DPP */
4361 if (hapd->public_action_cb) {
4362 hapd->public_action_cb(hapd->public_action_cb_ctx,
4363 (u8 *) mgmt, len,
4364 hapd->iface->freq);
4365 }
4366 if (hapd->public_action_cb2) {
4367 hapd->public_action_cb2(hapd->public_action_cb2_ctx,
4368 (u8 *) mgmt, len,
4369 hapd->iface->freq);
4370 }
4371 if (hapd->public_action_cb || hapd->public_action_cb2)
4372 return 1;
4373 break;
4374 case WLAN_ACTION_VENDOR_SPECIFIC:
4375 if (hapd->vendor_action_cb) {
4376 if (hapd->vendor_action_cb(hapd->vendor_action_cb_ctx,
4377 (u8 *) mgmt, len,
4378 hapd->iface->freq) == 0)
4379 return 1;
4380 }
4381 break;
4382 case WLAN_ACTION_RADIO_MEASUREMENT:
4383 hostapd_handle_radio_measurement(hapd, (const u8 *) mgmt, len);
4384 return 1;
4385 }
4386
4387 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
4388 HOSTAPD_LEVEL_DEBUG,
4389 "handle_action - unknown action category %d or invalid "
4390 "frame",
4391 mgmt->u.action.category);
4392 if (!is_multicast_ether_addr(mgmt->da) &&
4393 !(mgmt->u.action.category & 0x80) &&
4394 !is_multicast_ether_addr(mgmt->sa)) {
4395 struct ieee80211_mgmt *resp;
4396
4397 /*
4398 * IEEE 802.11-REVma/D9.0 - 7.3.1.11
4399 * Return the Action frame to the source without change
4400 * except that MSB of the Category set to 1.
4401 */
4402 wpa_printf(MSG_DEBUG, "IEEE 802.11: Return unknown Action "
4403 "frame back to sender");
4404 resp = os_memdup(mgmt, len);
4405 if (resp == NULL)
4406 return 0;
4407 os_memcpy(resp->da, resp->sa, ETH_ALEN);
4408 os_memcpy(resp->sa, hapd->own_addr, ETH_ALEN);
4409 os_memcpy(resp->bssid, hapd->own_addr, ETH_ALEN);
4410 resp->u.action.category |= 0x80;
4411
4412 if (hostapd_drv_send_mlme(hapd, resp, len, 0) < 0) {
4413 wpa_printf(MSG_ERROR, "IEEE 802.11: Failed to send "
4414 "Action frame");
4415 }
4416 os_free(resp);
4417 }
4418
4419 return 1;
4420 }
4421
4422
4423 /**
4424 * ieee802_11_mgmt - process incoming IEEE 802.11 management frames
4425 * @hapd: hostapd BSS data structure (the BSS to which the management frame was
4426 * sent to)
4427 * @buf: management frame data (starting from IEEE 802.11 header)
4428 * @len: length of frame data in octets
4429 * @fi: meta data about received frame (signal level, etc.)
4430 *
4431 * Process all incoming IEEE 802.11 management frames. This will be called for
4432 * each frame received from the kernel driver through wlan#ap interface. In
4433 * addition, it can be called to re-inserted pending frames (e.g., when using
4434 * external RADIUS server as an MAC ACL).
4435 */
4436 int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
4437 struct hostapd_frame_info *fi)
4438 {
4439 struct ieee80211_mgmt *mgmt;
4440 u16 fc, stype;
4441 int ret = 0;
4442 unsigned int freq;
4443 int ssi_signal = fi ? fi->ssi_signal : 0;
4444
4445 if (len < 24)
4446 return 0;
4447
4448 if (fi && fi->freq)
4449 freq = fi->freq;
4450 else
4451 freq = hapd->iface->freq;
4452
4453 mgmt = (struct ieee80211_mgmt *) buf;
4454 fc = le_to_host16(mgmt->frame_control);
4455 stype = WLAN_FC_GET_STYPE(fc);
4456
4457 if (stype == WLAN_FC_STYPE_BEACON) {
4458 handle_beacon(hapd, mgmt, len, fi);
4459 return 1;
4460 }
4461
4462 if (!is_broadcast_ether_addr(mgmt->bssid) &&
4463 #ifdef CONFIG_P2P
4464 /* Invitation responses can be sent with the peer MAC as BSSID */
4465 !((hapd->conf->p2p & P2P_GROUP_OWNER) &&
4466 stype == WLAN_FC_STYPE_ACTION) &&
4467 #endif /* CONFIG_P2P */
4468 #ifdef CONFIG_MESH
4469 !(hapd->conf->mesh & MESH_ENABLED) &&
4470 #endif /* CONFIG_MESH */
4471 os_memcmp(mgmt->bssid, hapd->own_addr, ETH_ALEN) != 0) {
4472 wpa_printf(MSG_INFO, "MGMT: BSSID=" MACSTR " not our address",
4473 MAC2STR(mgmt->bssid));
4474 return 0;
4475 }
4476
4477
4478 if (stype == WLAN_FC_STYPE_PROBE_REQ) {
4479 handle_probe_req(hapd, mgmt, len, ssi_signal);
4480 return 1;
4481 }
4482
4483 if ((!is_broadcast_ether_addr(mgmt->da) ||
4484 stype != WLAN_FC_STYPE_ACTION) &&
4485 os_memcmp(mgmt->da, hapd->own_addr, ETH_ALEN) != 0) {
4486 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
4487 HOSTAPD_LEVEL_DEBUG,
4488 "MGMT: DA=" MACSTR " not our address",
4489 MAC2STR(mgmt->da));
4490 return 0;
4491 }
4492
4493 if (hapd->iconf->track_sta_max_num)
4494 sta_track_add(hapd->iface, mgmt->sa, ssi_signal);
4495
4496 switch (stype) {
4497 case WLAN_FC_STYPE_AUTH:
4498 wpa_printf(MSG_DEBUG, "mgmt::auth");
4499 handle_auth(hapd, mgmt, len, ssi_signal, 0);
4500 ret = 1;
4501 break;
4502 case WLAN_FC_STYPE_ASSOC_REQ:
4503 wpa_printf(MSG_DEBUG, "mgmt::assoc_req");
4504 handle_assoc(hapd, mgmt, len, 0, ssi_signal);
4505 ret = 1;
4506 break;
4507 case WLAN_FC_STYPE_REASSOC_REQ:
4508 wpa_printf(MSG_DEBUG, "mgmt::reassoc_req");
4509 handle_assoc(hapd, mgmt, len, 1, ssi_signal);
4510 ret = 1;
4511 break;
4512 case WLAN_FC_STYPE_DISASSOC:
4513 wpa_printf(MSG_DEBUG, "mgmt::disassoc");
4514 handle_disassoc(hapd, mgmt, len);
4515 ret = 1;
4516 break;
4517 case WLAN_FC_STYPE_DEAUTH:
4518 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "mgmt::deauth");
4519 handle_deauth(hapd, mgmt, len);
4520 ret = 1;
4521 break;
4522 case WLAN_FC_STYPE_ACTION:
4523 wpa_printf(MSG_DEBUG, "mgmt::action");
4524 ret = handle_action(hapd, mgmt, len, freq);
4525 break;
4526 default:
4527 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
4528 HOSTAPD_LEVEL_DEBUG,
4529 "unknown mgmt frame subtype %d", stype);
4530 break;
4531 }
4532
4533 return ret;
4534 }
4535
4536
4537 static void handle_auth_cb(struct hostapd_data *hapd,
4538 const struct ieee80211_mgmt *mgmt,
4539 size_t len, int ok)
4540 {
4541 u16 auth_alg, auth_transaction, status_code;
4542 struct sta_info *sta;
4543
4544 sta = ap_get_sta(hapd, mgmt->da);
4545 if (!sta) {
4546 wpa_printf(MSG_DEBUG, "handle_auth_cb: STA " MACSTR
4547 " not found",
4548 MAC2STR(mgmt->da));
4549 return;
4550 }
4551
4552 auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
4553 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction);
4554 status_code = le_to_host16(mgmt->u.auth.status_code);
4555
4556 if (!ok) {
4557 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211,
4558 HOSTAPD_LEVEL_NOTICE,
4559 "did not acknowledge authentication response");
4560 goto fail;
4561 }
4562
4563 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
4564 wpa_printf(MSG_INFO, "handle_auth_cb - too short payload (len=%lu)",
4565 (unsigned long) len);
4566 goto fail;
4567 }
4568
4569 if (status_code == WLAN_STATUS_SUCCESS &&
4570 ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 2) ||
4571 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 4))) {
4572 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
4573 HOSTAPD_LEVEL_INFO, "authenticated");
4574 sta->flags |= WLAN_STA_AUTH;
4575 if (sta->added_unassoc)
4576 hostapd_set_sta_flags(hapd, sta);
4577 return;
4578 }
4579
4580 fail:
4581 if (status_code != WLAN_STATUS_SUCCESS && sta->added_unassoc) {
4582 hostapd_drv_sta_remove(hapd, sta->addr);
4583 sta->added_unassoc = 0;
4584 }
4585 }
4586
4587
4588 static void hostapd_set_wds_encryption(struct hostapd_data *hapd,
4589 struct sta_info *sta,
4590 char *ifname_wds)
4591 {
4592 int i;
4593 struct hostapd_ssid *ssid = &hapd->conf->ssid;
4594
4595 if (hapd->conf->ieee802_1x || hapd->conf->wpa)
4596 return;
4597
4598 for (i = 0; i < 4; i++) {
4599 if (ssid->wep.key[i] &&
4600 hostapd_drv_set_key(ifname_wds, hapd, WPA_ALG_WEP, NULL, i,
4601 i == ssid->wep.idx, NULL, 0,
4602 ssid->wep.key[i], ssid->wep.len[i])) {
4603 wpa_printf(MSG_WARNING,
4604 "Could not set WEP keys for WDS interface; %s",
4605 ifname_wds);
4606 break;
4607 }
4608 }
4609 }
4610
4611
4612 static void handle_assoc_cb(struct hostapd_data *hapd,
4613 const struct ieee80211_mgmt *mgmt,
4614 size_t len, int reassoc, int ok)
4615 {
4616 u16 status;
4617 struct sta_info *sta;
4618 int new_assoc = 1;
4619
4620 sta = ap_get_sta(hapd, mgmt->da);
4621 if (!sta) {
4622 wpa_printf(MSG_INFO, "handle_assoc_cb: STA " MACSTR " not found",
4623 MAC2STR(mgmt->da));
4624 return;
4625 }
4626
4627 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_resp) :
4628 sizeof(mgmt->u.assoc_resp))) {
4629 wpa_printf(MSG_INFO,
4630 "handle_assoc_cb(reassoc=%d) - too short payload (len=%lu)",
4631 reassoc, (unsigned long) len);
4632 hostapd_drv_sta_remove(hapd, sta->addr);
4633 return;
4634 }
4635
4636 if (reassoc)
4637 status = le_to_host16(mgmt->u.reassoc_resp.status_code);
4638 else
4639 status = le_to_host16(mgmt->u.assoc_resp.status_code);
4640
4641 if (!ok) {
4642 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211,
4643 HOSTAPD_LEVEL_DEBUG,
4644 "did not acknowledge association response");
4645 sta->flags &= ~WLAN_STA_ASSOC_REQ_OK;
4646 /* The STA is added only in case of SUCCESS */
4647 if (status == WLAN_STATUS_SUCCESS)
4648 hostapd_drv_sta_remove(hapd, sta->addr);
4649
4650 return;
4651 }
4652
4653 if (status != WLAN_STATUS_SUCCESS)
4654 return;
4655
4656 /* Stop previous accounting session, if one is started, and allocate
4657 * new session id for the new session. */
4658 accounting_sta_stop(hapd, sta);
4659
4660 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
4661 HOSTAPD_LEVEL_INFO,
4662 "associated (aid %d)",
4663 sta->aid);
4664
4665 if (sta->flags & WLAN_STA_ASSOC)
4666 new_assoc = 0;
4667 sta->flags |= WLAN_STA_ASSOC;
4668 sta->flags &= ~WLAN_STA_WNM_SLEEP_MODE;
4669 if ((!hapd->conf->ieee802_1x && !hapd->conf->wpa &&
4670 !hapd->conf->osen) ||
4671 sta->auth_alg == WLAN_AUTH_FILS_SK ||
4672 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
4673 sta->auth_alg == WLAN_AUTH_FILS_PK ||
4674 sta->auth_alg == WLAN_AUTH_FT) {
4675 /*
4676 * Open, static WEP, FT protocol, or FILS; no separate
4677 * authorization step.
4678 */
4679 ap_sta_set_authorized(hapd, sta, 1);
4680 }
4681
4682 if (reassoc)
4683 mlme_reassociate_indication(hapd, sta);
4684 else
4685 mlme_associate_indication(hapd, sta);
4686
4687 #ifdef CONFIG_IEEE80211W
4688 sta->sa_query_timed_out = 0;
4689 #endif /* CONFIG_IEEE80211W */
4690
4691 if (sta->eapol_sm == NULL) {
4692 /*
4693 * This STA does not use RADIUS server for EAP authentication,
4694 * so bind it to the selected VLAN interface now, since the
4695 * interface selection is not going to change anymore.
4696 */
4697 if (ap_sta_bind_vlan(hapd, sta) < 0)
4698 return;
4699 } else if (sta->vlan_id) {
4700 /* VLAN ID already set (e.g., by PMKSA caching), so bind STA */
4701 if (ap_sta_bind_vlan(hapd, sta) < 0)
4702 return;
4703 }
4704
4705 hostapd_set_sta_flags(hapd, sta);
4706
4707 if (!(sta->flags & WLAN_STA_WDS) && sta->pending_wds_enable) {
4708 wpa_printf(MSG_DEBUG, "Enable 4-address WDS mode for STA "
4709 MACSTR " based on pending request",
4710 MAC2STR(sta->addr));
4711 sta->pending_wds_enable = 0;
4712 sta->flags |= WLAN_STA_WDS;
4713 }
4714
4715 if (sta->flags & (WLAN_STA_WDS | WLAN_STA_MULTI_AP)) {
4716 int ret;
4717 char ifname_wds[IFNAMSIZ + 1];
4718
4719 wpa_printf(MSG_DEBUG, "Reenable 4-address WDS mode for STA "
4720 MACSTR " (aid %u)",
4721 MAC2STR(sta->addr), sta->aid);
4722 ret = hostapd_set_wds_sta(hapd, ifname_wds, sta->addr,
4723 sta->aid, 1);
4724 if (!ret)
4725 hostapd_set_wds_encryption(hapd, sta, ifname_wds);
4726 }
4727
4728 if (sta->auth_alg == WLAN_AUTH_FT)
4729 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC_FT);
4730 else
4731 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC);
4732 hapd->new_assoc_sta_cb(hapd, sta, !new_assoc);
4733 ieee802_1x_notify_port_enabled(sta->eapol_sm, 1);
4734
4735 #ifdef CONFIG_FILS
4736 if ((sta->auth_alg == WLAN_AUTH_FILS_SK ||
4737 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
4738 sta->auth_alg == WLAN_AUTH_FILS_PK) &&
4739 fils_set_tk(sta->wpa_sm) < 0) {
4740 wpa_printf(MSG_DEBUG, "FILS: TK configuration failed");
4741 ap_sta_disconnect(hapd, sta, sta->addr,
4742 WLAN_REASON_UNSPECIFIED);
4743 return;
4744 }
4745 #endif /* CONFIG_FILS */
4746
4747 if (sta->pending_eapol_rx) {
4748 struct os_reltime now, age;
4749
4750 os_get_reltime(&now);
4751 os_reltime_sub(&now, &sta->pending_eapol_rx->rx_time, &age);
4752 if (age.sec == 0 && age.usec < 200000) {
4753 wpa_printf(MSG_DEBUG,
4754 "Process pending EAPOL frame that was received from " MACSTR " just before association notification",
4755 MAC2STR(sta->addr));
4756 ieee802_1x_receive(
4757 hapd, mgmt->da,
4758 wpabuf_head(sta->pending_eapol_rx->buf),
4759 wpabuf_len(sta->pending_eapol_rx->buf));
4760 }
4761 wpabuf_free(sta->pending_eapol_rx->buf);
4762 os_free(sta->pending_eapol_rx);
4763 sta->pending_eapol_rx = NULL;
4764 }
4765 }
4766
4767
4768 static void handle_deauth_cb(struct hostapd_data *hapd,
4769 const struct ieee80211_mgmt *mgmt,
4770 size_t len, int ok)
4771 {
4772 struct sta_info *sta;
4773 if (is_multicast_ether_addr(mgmt->da))
4774 return;
4775 sta = ap_get_sta(hapd, mgmt->da);
4776 if (!sta) {
4777 wpa_printf(MSG_DEBUG, "handle_deauth_cb: STA " MACSTR
4778 " not found", MAC2STR(mgmt->da));
4779 return;
4780 }
4781 if (ok)
4782 wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged deauth",
4783 MAC2STR(sta->addr));
4784 else
4785 wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge "
4786 "deauth", MAC2STR(sta->addr));
4787
4788 ap_sta_deauth_cb(hapd, sta);
4789 }
4790
4791
4792 static void handle_disassoc_cb(struct hostapd_data *hapd,
4793 const struct ieee80211_mgmt *mgmt,
4794 size_t len, int ok)
4795 {
4796 struct sta_info *sta;
4797 if (is_multicast_ether_addr(mgmt->da))
4798 return;
4799 sta = ap_get_sta(hapd, mgmt->da);
4800 if (!sta) {
4801 wpa_printf(MSG_DEBUG, "handle_disassoc_cb: STA " MACSTR
4802 " not found", MAC2STR(mgmt->da));
4803 return;
4804 }
4805 if (ok)
4806 wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged disassoc",
4807 MAC2STR(sta->addr));
4808 else
4809 wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge "
4810 "disassoc", MAC2STR(sta->addr));
4811
4812 ap_sta_disassoc_cb(hapd, sta);
4813 }
4814
4815
4816 static void handle_action_cb(struct hostapd_data *hapd,
4817 const struct ieee80211_mgmt *mgmt,
4818 size_t len, int ok)
4819 {
4820 struct sta_info *sta;
4821 const struct rrm_measurement_report_element *report;
4822
4823 if (is_multicast_ether_addr(mgmt->da))
4824 return;
4825 #ifdef CONFIG_DPP
4826 if (len >= IEEE80211_HDRLEN + 6 &&
4827 mgmt->u.action.category == WLAN_ACTION_PUBLIC &&
4828 mgmt->u.action.u.vs_public_action.action ==
4829 WLAN_PA_VENDOR_SPECIFIC &&
4830 WPA_GET_BE24(mgmt->u.action.u.vs_public_action.oui) ==
4831 OUI_WFA &&
4832 mgmt->u.action.u.vs_public_action.variable[0] ==
4833 DPP_OUI_TYPE) {
4834 const u8 *pos, *end;
4835
4836 pos = &mgmt->u.action.u.vs_public_action.variable[1];
4837 end = ((const u8 *) mgmt) + len;
4838 hostapd_dpp_tx_status(hapd, mgmt->da, pos, end - pos, ok);
4839 return;
4840 }
4841 if (len >= IEEE80211_HDRLEN + 2 &&
4842 mgmt->u.action.category == WLAN_ACTION_PUBLIC &&
4843 (mgmt->u.action.u.public_action.action ==
4844 WLAN_PA_GAS_INITIAL_REQ ||
4845 mgmt->u.action.u.public_action.action ==
4846 WLAN_PA_GAS_COMEBACK_REQ)) {
4847 const u8 *pos, *end;
4848
4849 pos = mgmt->u.action.u.public_action.variable;
4850 end = ((const u8 *) mgmt) + len;
4851 gas_query_ap_tx_status(hapd->gas, mgmt->da, pos, end - pos, ok);
4852 return;
4853 }
4854 #endif /* CONFIG_DPP */
4855 sta = ap_get_sta(hapd, mgmt->da);
4856 if (!sta) {
4857 wpa_printf(MSG_DEBUG, "handle_action_cb: STA " MACSTR
4858 " not found", MAC2STR(mgmt->da));
4859 return;
4860 }
4861
4862 if (len < 24 + 5 + sizeof(*report))
4863 return;
4864 report = (const struct rrm_measurement_report_element *)
4865 &mgmt->u.action.u.rrm.variable[2];
4866 if (mgmt->u.action.category == WLAN_ACTION_RADIO_MEASUREMENT &&
4867 mgmt->u.action.u.rrm.action == WLAN_RRM_RADIO_MEASUREMENT_REQUEST &&
4868 report->eid == WLAN_EID_MEASURE_REQUEST &&
4869 report->len >= 3 &&
4870 report->type == MEASURE_TYPE_BEACON)
4871 hostapd_rrm_beacon_req_tx_status(hapd, mgmt, len, ok);
4872 }
4873
4874
4875 /**
4876 * ieee802_11_mgmt_cb - Process management frame TX status callback
4877 * @hapd: hostapd BSS data structure (the BSS from which the management frame
4878 * was sent from)
4879 * @buf: management frame data (starting from IEEE 802.11 header)
4880 * @len: length of frame data in octets
4881 * @stype: management frame subtype from frame control field
4882 * @ok: Whether the frame was ACK'ed
4883 */
4884 void ieee802_11_mgmt_cb(struct hostapd_data *hapd, const u8 *buf, size_t len,
4885 u16 stype, int ok)
4886 {
4887 const struct ieee80211_mgmt *mgmt;
4888 mgmt = (const struct ieee80211_mgmt *) buf;
4889
4890 #ifdef CONFIG_TESTING_OPTIONS
4891 if (hapd->ext_mgmt_frame_handling) {
4892 size_t hex_len = 2 * len + 1;
4893 char *hex = os_malloc(hex_len);
4894
4895 if (hex) {
4896 wpa_snprintf_hex(hex, hex_len, buf, len);
4897 wpa_msg(hapd->msg_ctx, MSG_INFO,
4898 "MGMT-TX-STATUS stype=%u ok=%d buf=%s",
4899 stype, ok, hex);
4900 os_free(hex);
4901 }
4902 return;
4903 }
4904 #endif /* CONFIG_TESTING_OPTIONS */
4905
4906 switch (stype) {
4907 case WLAN_FC_STYPE_AUTH:
4908 wpa_printf(MSG_DEBUG, "mgmt::auth cb");
4909 handle_auth_cb(hapd, mgmt, len, ok);
4910 break;
4911 case WLAN_FC_STYPE_ASSOC_RESP:
4912 wpa_printf(MSG_DEBUG, "mgmt::assoc_resp cb");
4913 handle_assoc_cb(hapd, mgmt, len, 0, ok);
4914 break;
4915 case WLAN_FC_STYPE_REASSOC_RESP:
4916 wpa_printf(MSG_DEBUG, "mgmt::reassoc_resp cb");
4917 handle_assoc_cb(hapd, mgmt, len, 1, ok);
4918 break;
4919 case WLAN_FC_STYPE_PROBE_RESP:
4920 wpa_printf(MSG_EXCESSIVE, "mgmt::proberesp cb ok=%d", ok);
4921 break;
4922 case WLAN_FC_STYPE_DEAUTH:
4923 wpa_printf(MSG_DEBUG, "mgmt::deauth cb");
4924 handle_deauth_cb(hapd, mgmt, len, ok);
4925 break;
4926 case WLAN_FC_STYPE_DISASSOC:
4927 wpa_printf(MSG_DEBUG, "mgmt::disassoc cb");
4928 handle_disassoc_cb(hapd, mgmt, len, ok);
4929 break;
4930 case WLAN_FC_STYPE_ACTION:
4931 wpa_printf(MSG_DEBUG, "mgmt::action cb ok=%d", ok);
4932 handle_action_cb(hapd, mgmt, len, ok);
4933 break;
4934 default:
4935 wpa_printf(MSG_INFO, "unknown mgmt cb frame subtype %d", stype);
4936 break;
4937 }
4938 }
4939
4940
4941 int ieee802_11_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen)
4942 {
4943 /* TODO */
4944 return 0;
4945 }
4946
4947
4948 int ieee802_11_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta,
4949 char *buf, size_t buflen)
4950 {
4951 /* TODO */
4952 return 0;
4953 }
4954
4955
4956 void hostapd_tx_status(struct hostapd_data *hapd, const u8 *addr,
4957 const u8 *buf, size_t len, int ack)
4958 {
4959 struct sta_info *sta;
4960 struct hostapd_iface *iface = hapd->iface;
4961
4962 sta = ap_get_sta(hapd, addr);
4963 if (sta == NULL && iface->num_bss > 1) {
4964 size_t j;
4965 for (j = 0; j < iface->num_bss; j++) {
4966 hapd = iface->bss[j];
4967 sta = ap_get_sta(hapd, addr);
4968 if (sta)
4969 break;
4970 }
4971 }
4972 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC))
4973 return;
4974 if (sta->flags & WLAN_STA_PENDING_POLL) {
4975 wpa_printf(MSG_DEBUG, "STA " MACSTR " %s pending "
4976 "activity poll", MAC2STR(sta->addr),
4977 ack ? "ACKed" : "did not ACK");
4978 if (ack)
4979 sta->flags &= ~WLAN_STA_PENDING_POLL;
4980 }
4981
4982 ieee802_1x_tx_status(hapd, sta, buf, len, ack);
4983 }
4984
4985
4986 void hostapd_eapol_tx_status(struct hostapd_data *hapd, const u8 *dst,
4987 const u8 *data, size_t len, int ack)
4988 {
4989 struct sta_info *sta;
4990 struct hostapd_iface *iface = hapd->iface;
4991
4992 sta = ap_get_sta(hapd, dst);
4993 if (sta == NULL && iface->num_bss > 1) {
4994 size_t j;
4995 for (j = 0; j < iface->num_bss; j++) {
4996 hapd = iface->bss[j];
4997 sta = ap_get_sta(hapd, dst);
4998 if (sta)
4999 break;
5000 }
5001 }
5002 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) {
5003 wpa_printf(MSG_DEBUG, "Ignore TX status for Data frame to STA "
5004 MACSTR " that is not currently associated",
5005 MAC2STR(dst));
5006 return;
5007 }
5008
5009 ieee802_1x_eapol_tx_status(hapd, sta, data, len, ack);
5010 }
5011
5012
5013 void hostapd_client_poll_ok(struct hostapd_data *hapd, const u8 *addr)
5014 {
5015 struct sta_info *sta;
5016 struct hostapd_iface *iface = hapd->iface;
5017
5018 sta = ap_get_sta(hapd, addr);
5019 if (sta == NULL && iface->num_bss > 1) {
5020 size_t j;
5021 for (j = 0; j < iface->num_bss; j++) {
5022 hapd = iface->bss[j];
5023 sta = ap_get_sta(hapd, addr);
5024 if (sta)
5025 break;
5026 }
5027 }
5028 if (sta == NULL)
5029 return;
5030 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POLL_OK MACSTR,
5031 MAC2STR(sta->addr));
5032 if (!(sta->flags & WLAN_STA_PENDING_POLL))
5033 return;
5034
5035 wpa_printf(MSG_DEBUG, "STA " MACSTR " ACKed pending "
5036 "activity poll", MAC2STR(sta->addr));
5037 sta->flags &= ~WLAN_STA_PENDING_POLL;
5038 }
5039
5040
5041 void ieee802_11_rx_from_unknown(struct hostapd_data *hapd, const u8 *src,
5042 int wds)
5043 {
5044 struct sta_info *sta;
5045
5046 sta = ap_get_sta(hapd, src);
5047 if (sta &&
5048 ((sta->flags & WLAN_STA_ASSOC) ||
5049 ((sta->flags & WLAN_STA_ASSOC_REQ_OK) && wds))) {
5050 if (!hapd->conf->wds_sta)
5051 return;
5052
5053 if ((sta->flags & (WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK)) ==
5054 WLAN_STA_ASSOC_REQ_OK) {
5055 wpa_printf(MSG_DEBUG,
5056 "Postpone 4-address WDS mode enabling for STA "
5057 MACSTR " since TX status for AssocResp is not yet known",
5058 MAC2STR(sta->addr));
5059 sta->pending_wds_enable = 1;
5060 return;
5061 }
5062
5063 if (wds && !(sta->flags & WLAN_STA_WDS)) {
5064 int ret;
5065 char ifname_wds[IFNAMSIZ + 1];
5066
5067 wpa_printf(MSG_DEBUG, "Enable 4-address WDS mode for "
5068 "STA " MACSTR " (aid %u)",
5069 MAC2STR(sta->addr), sta->aid);
5070 sta->flags |= WLAN_STA_WDS;
5071 ret = hostapd_set_wds_sta(hapd, ifname_wds,
5072 sta->addr, sta->aid, 1);
5073 if (!ret)
5074 hostapd_set_wds_encryption(hapd, sta,
5075 ifname_wds);
5076 }
5077 return;
5078 }
5079
5080 wpa_printf(MSG_DEBUG, "Data/PS-poll frame from not associated STA "
5081 MACSTR, MAC2STR(src));
5082 if (is_multicast_ether_addr(src)) {
5083 /* Broadcast bit set in SA?! Ignore the frame silently. */
5084 return;
5085 }
5086
5087 if (sta && (sta->flags & WLAN_STA_ASSOC_REQ_OK)) {
5088 wpa_printf(MSG_DEBUG, "Association Response to the STA has "
5089 "already been sent, but no TX status yet known - "
5090 "ignore Class 3 frame issue with " MACSTR,
5091 MAC2STR(src));
5092 return;
5093 }
5094
5095 if (sta && (sta->flags & WLAN_STA_AUTH))
5096 hostapd_drv_sta_disassoc(
5097 hapd, src,
5098 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
5099 else
5100 hostapd_drv_sta_deauth(
5101 hapd, src,
5102 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
5103 }
5104
5105
5106 #endif /* CONFIG_NATIVE_WINDOWS */
Unnamed repository; edit this file 'description' to name the repository.