src/ap/wnm_ap.c

   1 /*
   2  * hostapd - WNM
   3  * Copyright (c) 2011-2012, Qualcomm Atheros, Inc.
   4  *
   5  * This software may be distributed under the terms of the BSD license.
   6  * See README for more details.
   7  */
   8
   9 #include "utils/includes.h"
  10
  11 #include "utils/common.h"
  12 #include "common/ieee802_11_defs.h"
  13 #include "ap/hostapd.h"
  14 #include "ap/sta_info.h"
  15 #include "ap/ap_config.h"
  16 #include "ap/ap_drv_ops.h"
  17 #include "ap/wpa_auth.h"
  18 #include "wnm_ap.h"
  19
  20 #define MAX_TFS_IE_LEN  1024
  21
  22
  23 /* get the TFS IE from driver */
  24 static int ieee80211_11_get_tfs_ie(struct hostapd_data *hapd, const u8 *addr,
  25                                    u8 *buf, u16 *buf_len, enum wnm_oper oper)
  26 {
  27         wpa_printf(MSG_DEBUG, "%s: TFS get operation %d", __func__, oper);
  28
  29         return hostapd_drv_wnm_oper(hapd, oper, addr, buf, buf_len);
  30 }
  31
  32
  33 /* set the TFS IE to driver */
  34 static int ieee80211_11_set_tfs_ie(struct hostapd_data *hapd, const u8 *addr,
  35                                    u8 *buf, u16 *buf_len, enum wnm_oper oper)
  36 {
  37         wpa_printf(MSG_DEBUG, "%s: TFS set operation %d", __func__, oper);
  38
  39         return hostapd_drv_wnm_oper(hapd, oper, addr, buf, buf_len);
  40 }
  41
  42
  43 /* MLME-SLEEPMODE.response */
  44 static int ieee802_11_send_wnmsleep_resp(struct hostapd_data *hapd,
  45                                          const u8 *addr, u8 dialog_token,
  46                                          u8 action_type, u16 intval)
  47 {
  48         struct ieee80211_mgmt *mgmt;
  49         int res;
  50         size_t len;
  51         size_t gtk_elem_len = 0;
  52         size_t igtk_elem_len = 0;
  53         struct wnm_sleep_element wnmsleep_ie;
  54         u8 *wnmtfs_ie;
  55         u8 wnmsleep_ie_len;
  56         u16 wnmtfs_ie_len;
  57         u8 *pos;
  58         struct sta_info *sta;
  59         enum wnm_oper tfs_oper = action_type == WNM_SLEEP_MODE_ENTER ?
  60                 WNM_SLEEP_TFS_RESP_IE_ADD : WNM_SLEEP_TFS_RESP_IE_NONE;
  61
  62         sta = ap_get_sta(hapd, addr);
  63         if (sta == NULL) {
  64                 wpa_printf(MSG_DEBUG, "%s: station not found", __func__);
  65                 return -EINVAL;
  66         }
  67
  68         /* WNM-Sleep Mode IE */
  69         os_memset(&wnmsleep_ie, 0, sizeof(struct wnm_sleep_element));
  70         wnmsleep_ie_len = sizeof(struct wnm_sleep_element);
  71         wnmsleep_ie.eid = WLAN_EID_WNMSLEEP;
  72         wnmsleep_ie.len = wnmsleep_ie_len - 2;
  73         wnmsleep_ie.action_type = action_type;
  74         wnmsleep_ie.status = WNM_STATUS_SLEEP_ACCEPT;
  75         wnmsleep_ie.intval = intval;
  76
  77         /* TFS IE(s) */
  78         wnmtfs_ie = os_zalloc(MAX_TFS_IE_LEN);
  79         if (wnmtfs_ie == NULL)
  80                 return -1;
  81         if (ieee80211_11_get_tfs_ie(hapd, addr, wnmtfs_ie, &wnmtfs_ie_len,
  82                                     tfs_oper)) {
  83                 wnmtfs_ie_len = 0;
  84                 os_free(wnmtfs_ie);
  85                 wnmtfs_ie = NULL;
  86         }
  87
  88 #define MAX_GTK_SUBELEM_LEN 45
  89 #define MAX_IGTK_SUBELEM_LEN 26
  90         mgmt = os_zalloc(sizeof(*mgmt) + wnmsleep_ie_len +
  91                          MAX_GTK_SUBELEM_LEN + MAX_IGTK_SUBELEM_LEN);
  92         if (mgmt == NULL) {
  93                 wpa_printf(MSG_DEBUG, "MLME: Failed to allocate buffer for "
  94                            "WNM-Sleep Response action frame");
  95                 return -1;
  96         }
  97         os_memcpy(mgmt->da, addr, ETH_ALEN);
  98         os_memcpy(mgmt->sa, hapd->own_addr, ETH_ALEN);
  99         os_memcpy(mgmt->bssid, hapd->own_addr, ETH_ALEN);
 100         mgmt->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
 101                                            WLAN_FC_STYPE_ACTION);
 102         mgmt->u.action.category = WLAN_ACTION_WNM;
 103         mgmt->u.action.u.wnm_sleep_resp.action = WNM_SLEEP_MODE_RESP;
 104         mgmt->u.action.u.wnm_sleep_resp.dialogtoken = dialog_token;
 105         pos = (u8 *)mgmt->u.action.u.wnm_sleep_resp.variable;
 106         /* add key data if MFP is enabled */
 107         if (!wpa_auth_uses_mfp(sta->wpa_sm) ||
 108             action_type != WNM_SLEEP_MODE_EXIT) {
 109                 mgmt->u.action.u.wnm_sleep_resp.keydata_len = 0;
 110         } else {
 111                 gtk_elem_len = wpa_wnmsleep_gtk_subelem(sta->wpa_sm, pos);
 112                 pos += gtk_elem_len;
 113                 wpa_printf(MSG_DEBUG, "Pass 4, gtk_len = %d",
 114                            (int) gtk_elem_len);
 115 #ifdef CONFIG_IEEE80211W
 116                 res = wpa_wnmsleep_igtk_subelem(sta->wpa_sm, pos);
 117                 if (res < 0) {
 118                         os_free(wnmtfs_ie);
 119                         os_free(mgmt);
 120                         return -1;
 121                 }
 122                 igtk_elem_len = res;
 123                 pos += igtk_elem_len;
 124                 wpa_printf(MSG_DEBUG, "Pass 4 igtk_len = %d",
 125                            (int) igtk_elem_len);
 126 #endif /* CONFIG_IEEE80211W */
 127
 128                 WPA_PUT_LE16((u8 *)
 129                              &mgmt->u.action.u.wnm_sleep_resp.keydata_len,
 130                              gtk_elem_len + igtk_elem_len);
 131         }
 132         os_memcpy(pos, &wnmsleep_ie, wnmsleep_ie_len);
 133         /* copy TFS IE here */
 134         pos += wnmsleep_ie_len;
 135         if (wnmtfs_ie)
 136                 os_memcpy(pos, wnmtfs_ie, wnmtfs_ie_len);
 137
 138         len = 1 + sizeof(mgmt->u.action.u.wnm_sleep_resp) + gtk_elem_len +
 139                 igtk_elem_len + wnmsleep_ie_len + wnmtfs_ie_len;
 140
 141         /* In driver, response frame should be forced to sent when STA is in
 142          * PS mode */
 143         res = hostapd_drv_send_action(hapd, hapd->iface->freq, 0,
 144                                       mgmt->da, &mgmt->u.action.category, len);
 145
 146         if (!res) {
 147                 wpa_printf(MSG_DEBUG, "Successfully send WNM-Sleep Response "
 148                            "frame");
 149
 150                 /* when entering wnmsleep
 151                  * 1. pause the node in driver
 152                  * 2. mark the node so that AP won't update GTK/IGTK during
 153                  * WNM Sleep
 154                  */
 155                 if (wnmsleep_ie.status == WNM_STATUS_SLEEP_ACCEPT &&
 156                     wnmsleep_ie.action_type == WNM_SLEEP_MODE_ENTER) {
 157                         hostapd_drv_wnm_oper(hapd, WNM_SLEEP_ENTER_CONFIRM,
 158                                              addr, NULL, NULL);
 159                         wpa_set_wnmsleep(sta->wpa_sm, 1);
 160                 }
 161                 /* when exiting wnmsleep
 162                  * 1. unmark the node
 163                  * 2. start GTK/IGTK update if MFP is not used
 164                  * 3. unpause the node in driver
 165                  */
 166                 if ((wnmsleep_ie.status == WNM_STATUS_SLEEP_ACCEPT ||
 167                      wnmsleep_ie.status ==
 168                      WNM_STATUS_SLEEP_EXIT_ACCEPT_GTK_UPDATE) &&
 169                     wnmsleep_ie.action_type == WNM_SLEEP_MODE_EXIT) {
 170                         wpa_set_wnmsleep(sta->wpa_sm, 0);
 171                         hostapd_drv_wnm_oper(hapd, WNM_SLEEP_EXIT_CONFIRM,
 172                                              addr, NULL, NULL);
 173                         if (!wpa_auth_uses_mfp(sta->wpa_sm))
 174                                 wpa_wnmsleep_rekey_gtk(sta->wpa_sm);
 175                 }
 176         } else
 177                 wpa_printf(MSG_DEBUG, "Fail to send WNM-Sleep Response frame");
 178
 179 #undef MAX_GTK_SUBELEM_LEN
 180 #undef MAX_IGTK_SUBELEM_LEN
 181         os_free(wnmtfs_ie);
 182         os_free(mgmt);
 183         return res;
 184 }
 185
 186
 187 static void ieee802_11_rx_wnmsleep_req(struct hostapd_data *hapd,
 188                                        const u8 *addr, const u8 *frm, int len)
 189 {
 190         /* Dialog Token [1] | WNM-Sleep Mode IE | TFS Response IE */
 191         const u8 *pos = frm;
 192         u8 dialog_token;
 193         struct wnm_sleep_element *wnmsleep_ie = NULL;
 194         /* multiple TFS Req IE (assuming consecutive) */
 195         u8 *tfsreq_ie_start = NULL;
 196         u8 *tfsreq_ie_end = NULL;
 197         u16 tfsreq_ie_len = 0;
 198
 199         dialog_token = *pos++;
 200         while (pos + 1 < frm + len) {
 201                 u8 ie_len = pos[1];
 202                 if (pos + 2 + ie_len > frm + len)
 203                         break;
 204                 if (*pos == WLAN_EID_WNMSLEEP)
 205                         wnmsleep_ie = (struct wnm_sleep_element *) pos;
 206                 else if (*pos == WLAN_EID_TFS_REQ) {
 207                         if (!tfsreq_ie_start)
 208                                 tfsreq_ie_start = (u8 *) pos;
 209                         tfsreq_ie_end = (u8 *) pos;
 210                 } else
 211                         wpa_printf(MSG_DEBUG, "WNM: EID %d not recognized",
 212                                    *pos);
 213                 pos += ie_len + 2;
 214         }
 215
 216         if (!wnmsleep_ie) {
 217                 wpa_printf(MSG_DEBUG, "No WNM-Sleep IE found");
 218                 return;
 219         }
 220
 221         if (wnmsleep_ie->action_type == WNM_SLEEP_MODE_ENTER &&
 222             tfsreq_ie_start && tfsreq_ie_end &&
 223             tfsreq_ie_end - tfsreq_ie_start >= 0) {
 224                 tfsreq_ie_len = (tfsreq_ie_end + tfsreq_ie_end[1] + 2) -
 225                         tfsreq_ie_start;
 226                 wpa_printf(MSG_DEBUG, "TFS Req IE(s) found");
 227                 /* pass the TFS Req IE(s) to driver for processing */
 228                 if (ieee80211_11_set_tfs_ie(hapd, addr, tfsreq_ie_start,
 229                                             &tfsreq_ie_len,
 230                                             WNM_SLEEP_TFS_REQ_IE_SET))
 231                         wpa_printf(MSG_DEBUG, "Fail to set TFS Req IE");
 232         }
 233
 234         ieee802_11_send_wnmsleep_resp(hapd, addr, dialog_token,
 235                                       wnmsleep_ie->action_type,
 236                                       wnmsleep_ie->intval);
 237
 238         if (wnmsleep_ie->action_type == WNM_SLEEP_MODE_EXIT) {
 239                 /* clear the tfs after sending the resp frame */
 240                 ieee80211_11_set_tfs_ie(hapd, addr, tfsreq_ie_start,
 241                                         &tfsreq_ie_len, WNM_SLEEP_TFS_IE_DEL);
 242         }
 243 }
 244
 245
 246 int ieee802_11_rx_wnm_action_ap(struct hostapd_data *hapd,
 247                                 struct rx_action *action)
 248 {
 249         if (action->len < 1 || action->data == NULL)
 250                 return -1;
 251
 252         switch (action->data[0]) {
 253         case WNM_BSS_TRANS_MGMT_QUERY:
 254                 wpa_printf(MSG_DEBUG, "WNM: BSS Transition Management Query");
 255                 /* TODO */
 256                 return -1;
 257         case WNM_BSS_TRANS_MGMT_RESP:
 258                 wpa_printf(MSG_DEBUG, "WNM: BSS Transition Management "
 259                            "Response");
 260                 /* TODO */
 261                 return -1;
 262         case WNM_SLEEP_MODE_REQ:
 263                 ieee802_11_rx_wnmsleep_req(hapd, action->sa, action->data + 1,
 264                                            action->len - 1);
 265                 return 0;
 266         }
 267
 268         wpa_printf(MSG_DEBUG, "WNM: Unsupported WNM Action %u from " MACSTR,
 269                    action->data[0], MAC2STR(action->sa));
 270         return -1;
 271 }