]> git.ipfire.org Git - thirdparty/hostap.git/blob - src/ap/wpa_auth_glue.c
projects / thirdparty / hostap.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
AP: Support Extended Key ID
[thirdparty/hostap.git] / src / ap / wpa_auth_glue.c
1 /*
2 * hostapd / WPA authenticator glue code
3 * Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9 #include "utils/includes.h"
10
11 #include "utils/common.h"
12 #include "utils/eloop.h"
13 #include "utils/list.h"
14 #include "common/ieee802_11_defs.h"
15 #include "common/sae.h"
16 #include "common/wpa_ctrl.h"
17 #include "crypto/sha1.h"
18 #include "eapol_auth/eapol_auth_sm.h"
19 #include "eapol_auth/eapol_auth_sm_i.h"
20 #include "eap_server/eap.h"
21 #include "l2_packet/l2_packet.h"
22 #include "eth_p_oui.h"
23 #include "hostapd.h"
24 #include "ieee802_1x.h"
25 #include "preauth_auth.h"
26 #include "sta_info.h"
27 #include "tkip_countermeasures.h"
28 #include "ap_drv_ops.h"
29 #include "ap_config.h"
30 #include "ieee802_11.h"
31 #include "pmksa_cache_auth.h"
32 #include "wpa_auth.h"
33 #include "wpa_auth_glue.h"
34
35
36 static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf,
37 struct hostapd_config *iconf,
38 struct wpa_auth_config *wconf)
39 {
40 int sae_pw_id;
41
42 os_memset(wconf, 0, sizeof(*wconf));
43 wconf->wpa = conf->wpa;
44 wconf->extended_key_id = conf->extended_key_id;
45 wconf->wpa_key_mgmt = conf->wpa_key_mgmt;
46 wconf->wpa_pairwise = conf->wpa_pairwise;
47 wconf->wpa_group = conf->wpa_group;
48 wconf->wpa_group_rekey = conf->wpa_group_rekey;
49 wconf->wpa_strict_rekey = conf->wpa_strict_rekey;
50 wconf->wpa_gmk_rekey = conf->wpa_gmk_rekey;
51 wconf->wpa_ptk_rekey = conf->wpa_ptk_rekey;
52 wconf->wpa_group_update_count = conf->wpa_group_update_count;
53 wconf->wpa_disable_eapol_key_retries =
54 conf->wpa_disable_eapol_key_retries;
55 wconf->wpa_pairwise_update_count = conf->wpa_pairwise_update_count;
56 wconf->rsn_pairwise = conf->rsn_pairwise;
57 wconf->rsn_preauth = conf->rsn_preauth;
58 wconf->eapol_version = conf->eapol_version;
59 #ifdef CONFIG_MACSEC
60 if (wconf->eapol_version > 2)
61 wconf->eapol_version = 2;
62 #endif /* CONFIG_MACSEC */
63 wconf->wmm_enabled = conf->wmm_enabled;
64 wconf->wmm_uapsd = conf->wmm_uapsd;
65 wconf->disable_pmksa_caching = conf->disable_pmksa_caching;
66 #ifdef CONFIG_OCV
67 wconf->ocv = conf->ocv;
68 #endif /* CONFIG_OCV */
69 wconf->okc = conf->okc;
70 wconf->ieee80211w = conf->ieee80211w;
71 wconf->beacon_prot = conf->beacon_prot;
72 wconf->group_mgmt_cipher = conf->group_mgmt_cipher;
73 wconf->sae_require_mfp = conf->sae_require_mfp;
74 #ifdef CONFIG_IEEE80211R_AP
75 wconf->ssid_len = conf->ssid.ssid_len;
76 if (wconf->ssid_len > SSID_MAX_LEN)
77 wconf->ssid_len = SSID_MAX_LEN;
78 os_memcpy(wconf->ssid, conf->ssid.ssid, wconf->ssid_len);
79 os_memcpy(wconf->mobility_domain, conf->mobility_domain,
80 MOBILITY_DOMAIN_ID_LEN);
81 if (conf->nas_identifier &&
82 os_strlen(conf->nas_identifier) <= FT_R0KH_ID_MAX_LEN) {
83 wconf->r0_key_holder_len = os_strlen(conf->nas_identifier);
84 os_memcpy(wconf->r0_key_holder, conf->nas_identifier,
85 wconf->r0_key_holder_len);
86 }
87 os_memcpy(wconf->r1_key_holder, conf->r1_key_holder, FT_R1KH_ID_LEN);
88 wconf->r0_key_lifetime = conf->r0_key_lifetime;
89 wconf->r1_max_key_lifetime = conf->r1_max_key_lifetime;
90 wconf->reassociation_deadline = conf->reassociation_deadline;
91 wconf->rkh_pos_timeout = conf->rkh_pos_timeout;
92 wconf->rkh_neg_timeout = conf->rkh_neg_timeout;
93 wconf->rkh_pull_timeout = conf->rkh_pull_timeout;
94 wconf->rkh_pull_retries = conf->rkh_pull_retries;
95 wconf->r0kh_list = &conf->r0kh_list;
96 wconf->r1kh_list = &conf->r1kh_list;
97 wconf->pmk_r1_push = conf->pmk_r1_push;
98 wconf->ft_over_ds = conf->ft_over_ds;
99 wconf->ft_psk_generate_local = conf->ft_psk_generate_local;
100 #endif /* CONFIG_IEEE80211R_AP */
101 #ifdef CONFIG_HS20
102 wconf->disable_gtk = conf->disable_dgaf;
103 if (conf->osen) {
104 wconf->disable_gtk = 1;
105 wconf->wpa = WPA_PROTO_OSEN;
106 wconf->wpa_key_mgmt = WPA_KEY_MGMT_OSEN;
107 wconf->wpa_pairwise = 0;
108 wconf->wpa_group = WPA_CIPHER_CCMP;
109 wconf->rsn_pairwise = WPA_CIPHER_CCMP;
110 wconf->rsn_preauth = 0;
111 wconf->disable_pmksa_caching = 1;
112 wconf->ieee80211w = 1;
113 }
114 #endif /* CONFIG_HS20 */
115 #ifdef CONFIG_TESTING_OPTIONS
116 wconf->corrupt_gtk_rekey_mic_probability =
117 iconf->corrupt_gtk_rekey_mic_probability;
118 if (conf->own_ie_override &&
119 wpabuf_len(conf->own_ie_override) <= MAX_OWN_IE_OVERRIDE) {
120 wconf->own_ie_override_len = wpabuf_len(conf->own_ie_override);
121 os_memcpy(wconf->own_ie_override,
122 wpabuf_head(conf->own_ie_override),
123 wconf->own_ie_override_len);
124 }
125 if (conf->rsne_override_eapol &&
126 wpabuf_len(conf->rsne_override_eapol) <= MAX_OWN_IE_OVERRIDE) {
127 wconf->rsne_override_eapol_set = 1;
128 wconf->rsne_override_eapol_len =
129 wpabuf_len(conf->rsne_override_eapol);
130 os_memcpy(wconf->rsne_override_eapol,
131 wpabuf_head(conf->rsne_override_eapol),
132 wconf->rsne_override_eapol_len);
133 }
134 if (conf->rsnxe_override_eapol &&
135 wpabuf_len(conf->rsnxe_override_eapol) <= MAX_OWN_IE_OVERRIDE) {
136 wconf->rsnxe_override_eapol_set = 1;
137 wconf->rsnxe_override_eapol_len =
138 wpabuf_len(conf->rsnxe_override_eapol);
139 os_memcpy(wconf->rsnxe_override_eapol,
140 wpabuf_head(conf->rsnxe_override_eapol),
141 wconf->rsnxe_override_eapol_len);
142 }
143 if (conf->rsne_override_ft &&
144 wpabuf_len(conf->rsne_override_ft) <= MAX_OWN_IE_OVERRIDE) {
145 wconf->rsne_override_ft_set = 1;
146 wconf->rsne_override_ft_len =
147 wpabuf_len(conf->rsne_override_ft);
148 os_memcpy(wconf->rsne_override_ft,
149 wpabuf_head(conf->rsne_override_ft),
150 wconf->rsne_override_ft_len);
151 }
152 if (conf->rsnxe_override_ft &&
153 wpabuf_len(conf->rsnxe_override_ft) <= MAX_OWN_IE_OVERRIDE) {
154 wconf->rsnxe_override_ft_set = 1;
155 wconf->rsnxe_override_ft_len =
156 wpabuf_len(conf->rsnxe_override_ft);
157 os_memcpy(wconf->rsnxe_override_ft,
158 wpabuf_head(conf->rsnxe_override_ft),
159 wconf->rsnxe_override_ft_len);
160 }
161 if (conf->gtk_rsc_override &&
162 wpabuf_len(conf->gtk_rsc_override) > 0 &&
163 wpabuf_len(conf->gtk_rsc_override) <= WPA_KEY_RSC_LEN) {
164 os_memcpy(wconf->gtk_rsc_override,
165 wpabuf_head(conf->gtk_rsc_override),
166 wpabuf_len(conf->gtk_rsc_override));
167 wconf->gtk_rsc_override_set = 1;
168 }
169 if (conf->igtk_rsc_override &&
170 wpabuf_len(conf->igtk_rsc_override) > 0 &&
171 wpabuf_len(conf->igtk_rsc_override) <= WPA_KEY_RSC_LEN) {
172 os_memcpy(wconf->igtk_rsc_override,
173 wpabuf_head(conf->igtk_rsc_override),
174 wpabuf_len(conf->igtk_rsc_override));
175 wconf->igtk_rsc_override_set = 1;
176 }
177 #endif /* CONFIG_TESTING_OPTIONS */
178 #ifdef CONFIG_P2P
179 os_memcpy(wconf->ip_addr_go, conf->ip_addr_go, 4);
180 os_memcpy(wconf->ip_addr_mask, conf->ip_addr_mask, 4);
181 os_memcpy(wconf->ip_addr_start, conf->ip_addr_start, 4);
182 os_memcpy(wconf->ip_addr_end, conf->ip_addr_end, 4);
183 #endif /* CONFIG_P2P */
184 #ifdef CONFIG_FILS
185 wconf->fils_cache_id_set = conf->fils_cache_id_set;
186 os_memcpy(wconf->fils_cache_id, conf->fils_cache_id,
187 FILS_CACHE_ID_LEN);
188 #endif /* CONFIG_FILS */
189 wconf->sae_pwe = conf->sae_pwe;
190 sae_pw_id = hostapd_sae_pw_id_in_use(conf);
191 if (sae_pw_id == 2 && wconf->sae_pwe != 3)
192 wconf->sae_pwe = 1;
193 else if (sae_pw_id == 1 && wconf->sae_pwe == 0)
194 wconf->sae_pwe = 2;
195 #ifdef CONFIG_OWE
196 wconf->owe_ptk_workaround = conf->owe_ptk_workaround;
197 #endif /* CONFIG_OWE */
198 }
199
200
201 static void hostapd_wpa_auth_logger(void *ctx, const u8 *addr,
202 logger_level level, const char *txt)
203 {
204 #ifndef CONFIG_NO_HOSTAPD_LOGGER
205 struct hostapd_data *hapd = ctx;
206 int hlevel;
207
208 switch (level) {
209 case LOGGER_WARNING:
210 hlevel = HOSTAPD_LEVEL_WARNING;
211 break;
212 case LOGGER_INFO:
213 hlevel = HOSTAPD_LEVEL_INFO;
214 break;
215 case LOGGER_DEBUG:
216 default:
217 hlevel = HOSTAPD_LEVEL_DEBUG;
218 break;
219 }
220
221 hostapd_logger(hapd, addr, HOSTAPD_MODULE_WPA, hlevel, "%s", txt);
222 #endif /* CONFIG_NO_HOSTAPD_LOGGER */
223 }
224
225
226 static void hostapd_wpa_auth_disconnect(void *ctx, const u8 *addr,
227 u16 reason)
228 {
229 struct hostapd_data *hapd = ctx;
230 wpa_printf(MSG_DEBUG, "%s: WPA authenticator requests disconnect: "
231 "STA " MACSTR " reason %d",
232 __func__, MAC2STR(addr), reason);
233 ap_sta_disconnect(hapd, NULL, addr, reason);
234 }
235
236
237 static int hostapd_wpa_auth_mic_failure_report(void *ctx, const u8 *addr)
238 {
239 struct hostapd_data *hapd = ctx;
240 return michael_mic_failure(hapd, addr, 0);
241 }
242
243
244 static void hostapd_wpa_auth_psk_failure_report(void *ctx, const u8 *addr)
245 {
246 struct hostapd_data *hapd = ctx;
247 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POSSIBLE_PSK_MISMATCH MACSTR,
248 MAC2STR(addr));
249 }
250
251
252 static void hostapd_wpa_auth_set_eapol(void *ctx, const u8 *addr,
253 wpa_eapol_variable var, int value)
254 {
255 struct hostapd_data *hapd = ctx;
256 struct sta_info *sta = ap_get_sta(hapd, addr);
257 if (sta == NULL)
258 return;
259 switch (var) {
260 case WPA_EAPOL_portEnabled:
261 ieee802_1x_notify_port_enabled(sta->eapol_sm, value);
262 break;
263 case WPA_EAPOL_portValid:
264 ieee802_1x_notify_port_valid(sta->eapol_sm, value);
265 break;
266 case WPA_EAPOL_authorized:
267 ieee802_1x_set_sta_authorized(hapd, sta, value);
268 break;
269 case WPA_EAPOL_portControl_Auto:
270 if (sta->eapol_sm)
271 sta->eapol_sm->portControl = Auto;
272 break;
273 case WPA_EAPOL_keyRun:
274 if (sta->eapol_sm)
275 sta->eapol_sm->keyRun = value ? TRUE : FALSE;
276 break;
277 case WPA_EAPOL_keyAvailable:
278 if (sta->eapol_sm)
279 sta->eapol_sm->eap_if->eapKeyAvailable =
280 value ? TRUE : FALSE;
281 break;
282 case WPA_EAPOL_keyDone:
283 if (sta->eapol_sm)
284 sta->eapol_sm->keyDone = value ? TRUE : FALSE;
285 break;
286 case WPA_EAPOL_inc_EapolFramesTx:
287 if (sta->eapol_sm)
288 sta->eapol_sm->dot1xAuthEapolFramesTx++;
289 break;
290 }
291 }
292
293
294 static int hostapd_wpa_auth_get_eapol(void *ctx, const u8 *addr,
295 wpa_eapol_variable var)
296 {
297 struct hostapd_data *hapd = ctx;
298 struct sta_info *sta = ap_get_sta(hapd, addr);
299 if (sta == NULL || sta->eapol_sm == NULL)
300 return -1;
301 switch (var) {
302 case WPA_EAPOL_keyRun:
303 return sta->eapol_sm->keyRun;
304 case WPA_EAPOL_keyAvailable:
305 return sta->eapol_sm->eap_if->eapKeyAvailable;
306 default:
307 return -1;
308 }
309 }
310
311
312 static const u8 * hostapd_wpa_auth_get_psk(void *ctx, const u8 *addr,
313 const u8 *p2p_dev_addr,
314 const u8 *prev_psk, size_t *psk_len,
315 int *vlan_id)
316 {
317 struct hostapd_data *hapd = ctx;
318 struct sta_info *sta = ap_get_sta(hapd, addr);
319 const u8 *psk;
320
321 if (vlan_id)
322 *vlan_id = 0;
323 if (psk_len)
324 *psk_len = PMK_LEN;
325
326 #ifdef CONFIG_SAE
327 if (sta && sta->auth_alg == WLAN_AUTH_SAE) {
328 if (!sta->sae || prev_psk)
329 return NULL;
330 return sta->sae->pmk;
331 }
332 if (sta && wpa_auth_uses_sae(sta->wpa_sm)) {
333 wpa_printf(MSG_DEBUG,
334 "No PSK for STA trying to use SAE with PMKSA caching");
335 return NULL;
336 }
337 #endif /* CONFIG_SAE */
338
339 #ifdef CONFIG_OWE
340 if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) &&
341 sta && sta->owe_pmk) {
342 if (psk_len)
343 *psk_len = sta->owe_pmk_len;
344 return sta->owe_pmk;
345 }
346 if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) && sta) {
347 struct rsn_pmksa_cache_entry *sa;
348
349 sa = wpa_auth_sta_get_pmksa(sta->wpa_sm);
350 if (sa && sa->akmp == WPA_KEY_MGMT_OWE) {
351 if (psk_len)
352 *psk_len = sa->pmk_len;
353 return sa->pmk;
354 }
355 }
356 #endif /* CONFIG_OWE */
357
358 psk = hostapd_get_psk(hapd->conf, addr, p2p_dev_addr, prev_psk,
359 vlan_id);
360 /*
361 * This is about to iterate over all psks, prev_psk gives the last
362 * returned psk which should not be returned again.
363 * logic list (all hostapd_get_psk; all sta->psk)
364 */
365 if (sta && sta->psk && !psk) {
366 struct hostapd_sta_wpa_psk_short *pos;
367
368 if (vlan_id)
369 *vlan_id = 0;
370 psk = sta->psk->psk;
371 for (pos = sta->psk; pos; pos = pos->next) {
372 if (pos->is_passphrase) {
373 pbkdf2_sha1(pos->passphrase,
374 hapd->conf->ssid.ssid,
375 hapd->conf->ssid.ssid_len, 4096,
376 pos->psk, PMK_LEN);
377 pos->is_passphrase = 0;
378 }
379 if (pos->psk == prev_psk) {
380 psk = pos->next ? pos->next->psk : NULL;
381 break;
382 }
383 }
384 }
385 return psk;
386 }
387
388
389 static int hostapd_wpa_auth_get_msk(void *ctx, const u8 *addr, u8 *msk,
390 size_t *len)
391 {
392 struct hostapd_data *hapd = ctx;
393 const u8 *key;
394 size_t keylen;
395 struct sta_info *sta;
396
397 sta = ap_get_sta(hapd, addr);
398 if (sta == NULL) {
399 wpa_printf(MSG_DEBUG, "AUTH_GET_MSK: Cannot find STA");
400 return -1;
401 }
402
403 key = ieee802_1x_get_key(sta->eapol_sm, &keylen);
404 if (key == NULL) {
405 wpa_printf(MSG_DEBUG, "AUTH_GET_MSK: Key is null, eapol_sm: %p",
406 sta->eapol_sm);
407 return -1;
408 }
409
410 if (keylen > *len)
411 keylen = *len;
412 os_memcpy(msk, key, keylen);
413 *len = keylen;
414
415 return 0;
416 }
417
418
419 static int hostapd_wpa_auth_set_key(void *ctx, int vlan_id, enum wpa_alg alg,
420 const u8 *addr, int idx, u8 *key,
421 size_t key_len, enum key_flag key_flag)
422 {
423 struct hostapd_data *hapd = ctx;
424 const char *ifname = hapd->conf->iface;
425
426 if (vlan_id > 0) {
427 ifname = hostapd_get_vlan_id_ifname(hapd->conf->vlan, vlan_id);
428 if (!ifname) {
429 if (!(hapd->iface->drv_flags &
430 WPA_DRIVER_FLAGS_VLAN_OFFLOAD))
431 return -1;
432 ifname = hapd->conf->iface;
433 }
434 }
435
436 #ifdef CONFIG_TESTING_OPTIONS
437 if (key_flag & KEY_FLAG_MODIFY) {
438 /* We are updating an already installed key. Don't overwrite
439 * the already stored key information with zeros.
440 */
441 } else if (addr && !is_broadcast_ether_addr(addr)) {
442 struct sta_info *sta;
443
444 sta = ap_get_sta(hapd, addr);
445 if (sta) {
446 sta->last_tk_alg = alg;
447 sta->last_tk_key_idx = idx;
448 if (key)
449 os_memcpy(sta->last_tk, key, key_len);
450 sta->last_tk_len = key_len;
451 }
452 } else if (alg == WPA_ALG_IGTK ||
453 alg == WPA_ALG_BIP_GMAC_128 ||
454 alg == WPA_ALG_BIP_GMAC_256 ||
455 alg == WPA_ALG_BIP_CMAC_256) {
456 hapd->last_igtk_alg = alg;
457 hapd->last_igtk_key_idx = idx;
458 if (key)
459 os_memcpy(hapd->last_igtk, key, key_len);
460 hapd->last_igtk_len = key_len;
461 } else {
462 hapd->last_gtk_alg = alg;
463 hapd->last_gtk_key_idx = idx;
464 if (key)
465 os_memcpy(hapd->last_gtk, key, key_len);
466 hapd->last_gtk_len = key_len;
467 }
468 #endif /* CONFIG_TESTING_OPTIONS */
469 return hostapd_drv_set_key(ifname, hapd, alg, addr, idx, vlan_id, 1,
470 NULL, 0, key, key_len, key_flag);
471 }
472
473
474 static int hostapd_wpa_auth_get_seqnum(void *ctx, const u8 *addr, int idx,
475 u8 *seq)
476 {
477 struct hostapd_data *hapd = ctx;
478 return hostapd_get_seqnum(hapd->conf->iface, hapd, addr, idx, seq);
479 }
480
481
482 static int hostapd_wpa_auth_send_eapol(void *ctx, const u8 *addr,
483 const u8 *data, size_t data_len,
484 int encrypt)
485 {
486 struct hostapd_data *hapd = ctx;
487 struct sta_info *sta;
488 u32 flags = 0;
489
490 #ifdef CONFIG_TESTING_OPTIONS
491 if (hapd->ext_eapol_frame_io) {
492 size_t hex_len = 2 * data_len + 1;
493 char *hex = os_malloc(hex_len);
494
495 if (hex == NULL)
496 return -1;
497 wpa_snprintf_hex(hex, hex_len, data, data_len);
498 wpa_msg(hapd->msg_ctx, MSG_INFO, "EAPOL-TX " MACSTR " %s",
499 MAC2STR(addr), hex);
500 os_free(hex);
501 return 0;
502 }
503 #endif /* CONFIG_TESTING_OPTIONS */
504
505 sta = ap_get_sta(hapd, addr);
506 if (sta)
507 flags = hostapd_sta_flags_to_drv(sta->flags);
508
509 return hostapd_drv_hapd_send_eapol(hapd, addr, data, data_len,
510 encrypt, flags);
511 }
512
513
514 static int hostapd_wpa_auth_for_each_sta(
515 void *ctx, int (*cb)(struct wpa_state_machine *sm, void *ctx),
516 void *cb_ctx)
517 {
518 struct hostapd_data *hapd = ctx;
519 struct sta_info *sta;
520
521 for (sta = hapd->sta_list; sta; sta = sta->next) {
522 if (sta->wpa_sm && cb(sta->wpa_sm, cb_ctx))
523 return 1;
524 }
525 return 0;
526 }
527
528
529 struct wpa_auth_iface_iter_data {
530 int (*cb)(struct wpa_authenticator *sm, void *ctx);
531 void *cb_ctx;
532 };
533
534 static int wpa_auth_iface_iter(struct hostapd_iface *iface, void *ctx)
535 {
536 struct wpa_auth_iface_iter_data *data = ctx;
537 size_t i;
538 for (i = 0; i < iface->num_bss; i++) {
539 if (iface->bss[i]->wpa_auth &&
540 data->cb(iface->bss[i]->wpa_auth, data->cb_ctx))
541 return 1;
542 }
543 return 0;
544 }
545
546
547 static int hostapd_wpa_auth_for_each_auth(
548 void *ctx, int (*cb)(struct wpa_authenticator *sm, void *ctx),
549 void *cb_ctx)
550 {
551 struct hostapd_data *hapd = ctx;
552 struct wpa_auth_iface_iter_data data;
553 if (hapd->iface->interfaces == NULL ||
554 hapd->iface->interfaces->for_each_interface == NULL)
555 return -1;
556 data.cb = cb;
557 data.cb_ctx = cb_ctx;
558 return hapd->iface->interfaces->for_each_interface(
559 hapd->iface->interfaces, wpa_auth_iface_iter, &data);
560 }
561
562
563 #ifdef CONFIG_IEEE80211R_AP
564
565 struct wpa_ft_rrb_rx_later_data {
566 struct dl_list list;
567 u8 addr[ETH_ALEN];
568 size_t data_len;
569 /* followed by data_len octets of data */
570 };
571
572 static void hostapd_wpa_ft_rrb_rx_later(void *eloop_ctx, void *timeout_ctx)
573 {
574 struct hostapd_data *hapd = eloop_ctx;
575 struct wpa_ft_rrb_rx_later_data *data, *n;
576
577 dl_list_for_each_safe(data, n, &hapd->l2_queue,
578 struct wpa_ft_rrb_rx_later_data, list) {
579 if (hapd->wpa_auth) {
580 wpa_ft_rrb_rx(hapd->wpa_auth, data->addr,
581 (const u8 *) (data + 1),
582 data->data_len);
583 }
584 dl_list_del(&data->list);
585 os_free(data);
586 }
587 }
588
589
590 struct wpa_auth_ft_iface_iter_data {
591 struct hostapd_data *src_hapd;
592 const u8 *dst;
593 const u8 *data;
594 size_t data_len;
595 };
596
597
598 static int hostapd_wpa_auth_ft_iter(struct hostapd_iface *iface, void *ctx)
599 {
600 struct wpa_auth_ft_iface_iter_data *idata = ctx;
601 struct wpa_ft_rrb_rx_later_data *data;
602 struct hostapd_data *hapd;
603 size_t j;
604
605 for (j = 0; j < iface->num_bss; j++) {
606 hapd = iface->bss[j];
607 if (hapd == idata->src_hapd ||
608 !hapd->wpa_auth ||
609 os_memcmp(hapd->own_addr, idata->dst, ETH_ALEN) != 0)
610 continue;
611
612 wpa_printf(MSG_DEBUG,
613 "FT: Send RRB data directly to locally managed BSS "
614 MACSTR "@%s -> " MACSTR "@%s",
615 MAC2STR(idata->src_hapd->own_addr),
616 idata->src_hapd->conf->iface,
617 MAC2STR(hapd->own_addr), hapd->conf->iface);
618
619 /* Defer wpa_ft_rrb_rx() until next eloop step as this is
620 * when it would be triggered when reading from a socket.
621 * This avoids
622 * hapd0:send -> hapd1:recv -> hapd1:send -> hapd0:recv,
623 * that is calling hapd0:recv handler from within
624 * hapd0:send directly.
625 */
626 data = os_zalloc(sizeof(*data) + idata->data_len);
627 if (!data)
628 return 1;
629
630 os_memcpy(data->addr, idata->src_hapd->own_addr, ETH_ALEN);
631 os_memcpy(data + 1, idata->data, idata->data_len);
632 data->data_len = idata->data_len;
633
634 dl_list_add(&hapd->l2_queue, &data->list);
635
636 if (!eloop_is_timeout_registered(hostapd_wpa_ft_rrb_rx_later,
637 hapd, NULL))
638 eloop_register_timeout(0, 0,
639 hostapd_wpa_ft_rrb_rx_later,
640 hapd, NULL);
641
642 return 1;
643 }
644
645 return 0;
646 }
647
648 #endif /* CONFIG_IEEE80211R_AP */
649
650
651 static int hostapd_wpa_auth_send_ether(void *ctx, const u8 *dst, u16 proto,
652 const u8 *data, size_t data_len)
653 {
654 struct hostapd_data *hapd = ctx;
655 struct l2_ethhdr *buf;
656 int ret;
657
658 #ifdef CONFIG_TESTING_OPTIONS
659 if (hapd->ext_eapol_frame_io && proto == ETH_P_EAPOL) {
660 size_t hex_len = 2 * data_len + 1;
661 char *hex = os_malloc(hex_len);
662
663 if (hex == NULL)
664 return -1;
665 wpa_snprintf_hex(hex, hex_len, data, data_len);
666 wpa_msg(hapd->msg_ctx, MSG_INFO, "EAPOL-TX " MACSTR " %s",
667 MAC2STR(dst), hex);
668 os_free(hex);
669 return 0;
670 }
671 #endif /* CONFIG_TESTING_OPTIONS */
672
673 #ifdef CONFIG_IEEE80211R_AP
674 if (proto == ETH_P_RRB && hapd->iface->interfaces &&
675 hapd->iface->interfaces->for_each_interface) {
676 int res;
677 struct wpa_auth_ft_iface_iter_data idata;
678 idata.src_hapd = hapd;
679 idata.dst = dst;
680 idata.data = data;
681 idata.data_len = data_len;
682 res = hapd->iface->interfaces->for_each_interface(
683 hapd->iface->interfaces, hostapd_wpa_auth_ft_iter,
684 &idata);
685 if (res == 1)
686 return data_len;
687 }
688 #endif /* CONFIG_IEEE80211R_AP */
689
690 if (hapd->l2 == NULL)
691 return -1;
692
693 buf = os_malloc(sizeof(*buf) + data_len);
694 if (buf == NULL)
695 return -1;
696 os_memcpy(buf->h_dest, dst, ETH_ALEN);
697 os_memcpy(buf->h_source, hapd->own_addr, ETH_ALEN);
698 buf->h_proto = host_to_be16(proto);
699 os_memcpy(buf + 1, data, data_len);
700 ret = l2_packet_send(hapd->l2, dst, proto, (u8 *) buf,
701 sizeof(*buf) + data_len);
702 os_free(buf);
703 return ret;
704 }
705
706
707 #ifdef CONFIG_ETH_P_OUI
708 static struct eth_p_oui_ctx * hostapd_wpa_get_oui(struct hostapd_data *hapd,
709 u8 oui_suffix)
710 {
711 switch (oui_suffix) {
712 #ifdef CONFIG_IEEE80211R_AP
713 case FT_PACKET_R0KH_R1KH_PULL:
714 return hapd->oui_pull;
715 case FT_PACKET_R0KH_R1KH_RESP:
716 return hapd->oui_resp;
717 case FT_PACKET_R0KH_R1KH_PUSH:
718 return hapd->oui_push;
719 case FT_PACKET_R0KH_R1KH_SEQ_REQ:
720 return hapd->oui_sreq;
721 case FT_PACKET_R0KH_R1KH_SEQ_RESP:
722 return hapd->oui_sresp;
723 #endif /* CONFIG_IEEE80211R_AP */
724 default:
725 return NULL;
726 }
727 }
728 #endif /* CONFIG_ETH_P_OUI */
729
730
731 #ifdef CONFIG_IEEE80211R_AP
732
733 struct oui_deliver_later_data {
734 struct dl_list list;
735 u8 src_addr[ETH_ALEN];
736 u8 dst_addr[ETH_ALEN];
737 size_t data_len;
738 u8 oui_suffix;
739 /* followed by data_len octets of data */
740 };
741
742 static void hostapd_oui_deliver_later(void *eloop_ctx, void *timeout_ctx)
743 {
744 struct hostapd_data *hapd = eloop_ctx;
745 struct oui_deliver_later_data *data, *n;
746 struct eth_p_oui_ctx *oui_ctx;
747
748 dl_list_for_each_safe(data, n, &hapd->l2_oui_queue,
749 struct oui_deliver_later_data, list) {
750 oui_ctx = hostapd_wpa_get_oui(hapd, data->oui_suffix);
751 wpa_printf(MSG_DEBUG, "RRB(%s): %s src=" MACSTR " dst=" MACSTR
752 " oui_suffix=%u data_len=%u data=%p",
753 hapd->conf->iface, __func__,
754 MAC2STR(data->src_addr), MAC2STR(data->dst_addr),
755 data->oui_suffix, (unsigned int) data->data_len,
756 data);
757 if (hapd->wpa_auth && oui_ctx) {
758 eth_p_oui_deliver(oui_ctx, data->src_addr,
759 data->dst_addr,
760 (const u8 *) (data + 1),
761 data->data_len);
762 }
763 dl_list_del(&data->list);
764 os_free(data);
765 }
766 }
767
768
769 struct wpa_auth_oui_iface_iter_data {
770 struct hostapd_data *src_hapd;
771 const u8 *dst_addr;
772 const u8 *data;
773 size_t data_len;
774 u8 oui_suffix;
775 };
776
777 static int hostapd_wpa_auth_oui_iter(struct hostapd_iface *iface, void *ctx)
778 {
779 struct wpa_auth_oui_iface_iter_data *idata = ctx;
780 struct oui_deliver_later_data *data;
781 struct hostapd_data *hapd, *src_hapd = idata->src_hapd;
782 size_t j;
783
784 for (j = 0; j < iface->num_bss; j++) {
785 hapd = iface->bss[j];
786 if (hapd == src_hapd)
787 continue; /* don't deliver back to same interface */
788 if (!wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt) ||
789 hapd->conf->ssid.ssid_len !=
790 src_hapd->conf->ssid.ssid_len ||
791 os_memcmp(hapd->conf->ssid.ssid,
792 src_hapd->conf->ssid.ssid,
793 hapd->conf->ssid.ssid_len) != 0 ||
794 os_memcmp(hapd->conf->mobility_domain,
795 src_hapd->conf->mobility_domain,
796 MOBILITY_DOMAIN_ID_LEN) != 0)
797 continue; /* no matching FT SSID/mobility domain */
798 if (!is_multicast_ether_addr(idata->dst_addr) &&
799 os_memcmp(hapd->own_addr, idata->dst_addr, ETH_ALEN) != 0)
800 continue; /* destination address does not match */
801
802 /* defer eth_p_oui_deliver until next eloop step as this is
803 * when it would be triggerd from reading from sock
804 * This avoids
805 * hapd0:send -> hapd1:recv -> hapd1:send -> hapd0:recv,
806 * that is calling hapd0:recv handler from within
807 * hapd0:send directly.
808 */
809 data = os_zalloc(sizeof(*data) + idata->data_len);
810 if (!data)
811 return 1;
812 wpa_printf(MSG_DEBUG,
813 "RRB(%s): local delivery to %s dst=" MACSTR
814 " oui_suffix=%u data_len=%u data=%p",
815 src_hapd->conf->iface, hapd->conf->iface,
816 MAC2STR(idata->dst_addr), idata->oui_suffix,
817 (unsigned int) idata->data_len, data);
818
819 os_memcpy(data->src_addr, src_hapd->own_addr, ETH_ALEN);
820 os_memcpy(data->dst_addr, idata->dst_addr, ETH_ALEN);
821 os_memcpy(data + 1, idata->data, idata->data_len);
822 data->data_len = idata->data_len;
823 data->oui_suffix = idata->oui_suffix;
824
825 dl_list_add_tail(&hapd->l2_oui_queue, &data->list);
826
827 if (!eloop_is_timeout_registered(hostapd_oui_deliver_later,
828 hapd, NULL))
829 eloop_register_timeout(0, 0,
830 hostapd_oui_deliver_later,
831 hapd, NULL);
832
833 /* If dst_addr is a multicast address, do not return any
834 * non-zero value here. Otherwise, the iteration of
835 * for_each_interface() will be stopped. */
836 if (!is_multicast_ether_addr(idata->dst_addr))
837 return 1;
838 }
839
840 return 0;
841 }
842
843 #endif /* CONFIG_IEEE80211R_AP */
844
845
846 static int hostapd_wpa_auth_send_oui(void *ctx, const u8 *dst, u8 oui_suffix,
847 const u8 *data, size_t data_len)
848 {
849 #ifdef CONFIG_ETH_P_OUI
850 struct hostapd_data *hapd = ctx;
851 struct eth_p_oui_ctx *oui_ctx;
852
853 wpa_printf(MSG_DEBUG, "RRB(%s): send to dst=" MACSTR
854 " oui_suffix=%u data_len=%u",
855 hapd->conf->iface, MAC2STR(dst), oui_suffix,
856 (unsigned int) data_len);
857 #ifdef CONFIG_IEEE80211R_AP
858 if (hapd->iface->interfaces &&
859 hapd->iface->interfaces->for_each_interface) {
860 struct wpa_auth_oui_iface_iter_data idata;
861 int res;
862
863 idata.src_hapd = hapd;
864 idata.dst_addr = dst;
865 idata.data = data;
866 idata.data_len = data_len;
867 idata.oui_suffix = oui_suffix;
868 res = hapd->iface->interfaces->for_each_interface(
869 hapd->iface->interfaces, hostapd_wpa_auth_oui_iter,
870 &idata);
871 if (res == 1)
872 return data_len;
873 }
874 #endif /* CONFIG_IEEE80211R_AP */
875
876 oui_ctx = hostapd_wpa_get_oui(hapd, oui_suffix);
877 if (!oui_ctx)
878 return -1;
879
880 return eth_p_oui_send(oui_ctx, hapd->own_addr, dst, data, data_len);
881 #else /* CONFIG_ETH_P_OUI */
882 return -1;
883 #endif /* CONFIG_ETH_P_OUI */
884 }
885
886
887 static int hostapd_channel_info(void *ctx, struct wpa_channel_info *ci)
888 {
889 struct hostapd_data *hapd = ctx;
890
891 return hostapd_drv_channel_info(hapd, ci);
892 }
893
894
895 static int hostapd_wpa_auth_update_vlan(void *ctx, const u8 *addr, int vlan_id)
896 {
897 #ifndef CONFIG_NO_VLAN
898 struct hostapd_data *hapd = ctx;
899 struct sta_info *sta;
900
901 sta = ap_get_sta(hapd, addr);
902 if (!sta)
903 return -1;
904
905 if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_VLAN_OFFLOAD)) {
906 struct vlan_description vlan_desc;
907
908 os_memset(&vlan_desc, 0, sizeof(vlan_desc));
909 vlan_desc.notempty = 1;
910 vlan_desc.untagged = vlan_id;
911 if (!hostapd_vlan_valid(hapd->conf->vlan, &vlan_desc)) {
912 wpa_printf(MSG_INFO,
913 "Invalid VLAN ID %d in wpa_psk_file",
914 vlan_id);
915 return -1;
916 }
917
918 if (ap_sta_set_vlan(hapd, sta, &vlan_desc) < 0) {
919 wpa_printf(MSG_INFO,
920 "Failed to assign VLAN ID %d from wpa_psk_file to "
921 MACSTR, vlan_id, MAC2STR(sta->addr));
922 return -1;
923 }
924 } else {
925 sta->vlan_id = vlan_id;
926 }
927
928 wpa_printf(MSG_INFO,
929 "Assigned VLAN ID %d from wpa_psk_file to " MACSTR,
930 vlan_id, MAC2STR(sta->addr));
931 if ((sta->flags & WLAN_STA_ASSOC) &&
932 ap_sta_bind_vlan(hapd, sta) < 0)
933 return -1;
934 #endif /* CONFIG_NO_VLAN */
935
936 return 0;
937 }
938
939
940 #ifdef CONFIG_OCV
941 static int hostapd_get_sta_tx_params(void *ctx, const u8 *addr,
942 int ap_max_chanwidth, int ap_seg1_idx,
943 int *bandwidth, int *seg1_idx)
944 {
945 struct hostapd_data *hapd = ctx;
946 struct sta_info *sta;
947
948 sta = ap_get_sta(hapd, addr);
949 if (!sta) {
950 hostapd_wpa_auth_logger(hapd, addr, LOGGER_INFO,
951 "Failed to get STA info to validate received OCI");
952 return -1;
953 }
954
955 return get_tx_parameters(sta, ap_max_chanwidth, ap_seg1_idx, bandwidth,
956 seg1_idx);
957 }
958 #endif /* CONFIG_OCV */
959
960
961 #ifdef CONFIG_IEEE80211R_AP
962
963 static int hostapd_wpa_auth_send_ft_action(void *ctx, const u8 *dst,
964 const u8 *data, size_t data_len)
965 {
966 struct hostapd_data *hapd = ctx;
967 int res;
968 struct ieee80211_mgmt *m;
969 size_t mlen;
970 struct sta_info *sta;
971
972 sta = ap_get_sta(hapd, dst);
973 if (sta == NULL || sta->wpa_sm == NULL)
974 return -1;
975
976 m = os_zalloc(sizeof(*m) + data_len);
977 if (m == NULL)
978 return -1;
979 mlen = ((u8 *) &m->u - (u8 *) m) + data_len;
980 m->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
981 WLAN_FC_STYPE_ACTION);
982 os_memcpy(m->da, dst, ETH_ALEN);
983 os_memcpy(m->sa, hapd->own_addr, ETH_ALEN);
984 os_memcpy(m->bssid, hapd->own_addr, ETH_ALEN);
985 os_memcpy(&m->u, data, data_len);
986
987 res = hostapd_drv_send_mlme(hapd, (u8 *) m, mlen, 0, NULL, 0, 0);
988 os_free(m);
989 return res;
990 }
991
992
993 static struct wpa_state_machine *
994 hostapd_wpa_auth_add_sta(void *ctx, const u8 *sta_addr)
995 {
996 struct hostapd_data *hapd = ctx;
997 struct sta_info *sta;
998 int ret;
999
1000 wpa_printf(MSG_DEBUG, "Add station entry for " MACSTR
1001 " based on WPA authenticator callback",
1002 MAC2STR(sta_addr));
1003 ret = hostapd_add_sta_node(hapd, sta_addr, WLAN_AUTH_FT);
1004
1005 /*
1006 * The expected return values from hostapd_add_sta_node() are
1007 * 0: successfully added STA entry
1008 * -EOPNOTSUPP: driver or driver wrapper does not support/need this
1009 * operations
1010 * any other negative value: error in adding the STA entry */
1011 if (ret < 0 && ret != -EOPNOTSUPP)
1012 return NULL;
1013
1014 sta = ap_sta_add(hapd, sta_addr);
1015 if (sta == NULL)
1016 return NULL;
1017 if (ret == 0)
1018 sta->added_unassoc = 1;
1019
1020 sta->ft_over_ds = 1;
1021 if (sta->wpa_sm) {
1022 sta->auth_alg = WLAN_AUTH_FT;
1023 return sta->wpa_sm;
1024 }
1025
1026 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, sta->addr, NULL);
1027 if (sta->wpa_sm == NULL) {
1028 ap_free_sta(hapd, sta);
1029 return NULL;
1030 }
1031 sta->auth_alg = WLAN_AUTH_FT;
1032
1033 return sta->wpa_sm;
1034 }
1035
1036
1037 static int hostapd_wpa_auth_set_vlan(void *ctx, const u8 *sta_addr,
1038 struct vlan_description *vlan)
1039 {
1040 struct hostapd_data *hapd = ctx;
1041 struct sta_info *sta;
1042
1043 sta = ap_get_sta(hapd, sta_addr);
1044 if (!sta || !sta->wpa_sm)
1045 return -1;
1046
1047 if (vlan->notempty &&
1048 !hostapd_vlan_valid(hapd->conf->vlan, vlan)) {
1049 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1050 HOSTAPD_LEVEL_INFO,
1051 "Invalid VLAN %d%s received from FT",
1052 vlan->untagged, vlan->tagged[0] ? "+" : "");
1053 return -1;
1054 }
1055
1056 if (ap_sta_set_vlan(hapd, sta, vlan) < 0)
1057 return -1;
1058 /* Configure wpa_group for GTK but ignore error due to driver not
1059 * knowing this STA. */
1060 ap_sta_bind_vlan(hapd, sta);
1061
1062 if (sta->vlan_id)
1063 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
1064 HOSTAPD_LEVEL_INFO, "VLAN ID %d", sta->vlan_id);
1065
1066 return 0;
1067 }
1068
1069
1070 static int hostapd_wpa_auth_get_vlan(void *ctx, const u8 *sta_addr,
1071 struct vlan_description *vlan)
1072 {
1073 struct hostapd_data *hapd = ctx;
1074 struct sta_info *sta;
1075
1076 sta = ap_get_sta(hapd, sta_addr);
1077 if (!sta)
1078 return -1;
1079
1080 if (sta->vlan_desc)
1081 *vlan = *sta->vlan_desc;
1082 else
1083 os_memset(vlan, 0, sizeof(*vlan));
1084
1085 return 0;
1086 }
1087
1088
1089 static int
1090 hostapd_wpa_auth_set_identity(void *ctx, const u8 *sta_addr,
1091 const u8 *identity, size_t identity_len)
1092 {
1093 struct hostapd_data *hapd = ctx;
1094 struct sta_info *sta;
1095
1096 sta = ap_get_sta(hapd, sta_addr);
1097 if (!sta)
1098 return -1;
1099
1100 os_free(sta->identity);
1101 sta->identity = NULL;
1102
1103 if (sta->eapol_sm) {
1104 os_free(sta->eapol_sm->identity);
1105 sta->eapol_sm->identity = NULL;
1106 sta->eapol_sm->identity_len = 0;
1107 }
1108
1109 if (!identity_len)
1110 return 0;
1111
1112 /* sta->identity is NULL terminated */
1113 sta->identity = os_zalloc(identity_len + 1);
1114 if (!sta->identity)
1115 return -1;
1116 os_memcpy(sta->identity, identity, identity_len);
1117
1118 if (sta->eapol_sm) {
1119 sta->eapol_sm->identity = os_zalloc(identity_len);
1120 if (!sta->eapol_sm->identity)
1121 return -1;
1122 os_memcpy(sta->eapol_sm->identity, identity, identity_len);
1123 sta->eapol_sm->identity_len = identity_len;
1124 }
1125
1126 return 0;
1127 }
1128
1129
1130 static size_t
1131 hostapd_wpa_auth_get_identity(void *ctx, const u8 *sta_addr, const u8 **buf)
1132 {
1133 struct hostapd_data *hapd = ctx;
1134 struct sta_info *sta;
1135 size_t len;
1136 char *identity;
1137
1138 sta = ap_get_sta(hapd, sta_addr);
1139 if (!sta)
1140 return 0;
1141
1142 *buf = ieee802_1x_get_identity(sta->eapol_sm, &len);
1143 if (*buf && len)
1144 return len;
1145
1146 if (!sta->identity) {
1147 *buf = NULL;
1148 return 0;
1149 }
1150
1151 identity = sta->identity;
1152 len = os_strlen(identity);
1153 *buf = (u8 *) identity;
1154
1155 return len;
1156 }
1157
1158
1159 static int
1160 hostapd_wpa_auth_set_radius_cui(void *ctx, const u8 *sta_addr,
1161 const u8 *radius_cui, size_t radius_cui_len)
1162 {
1163 struct hostapd_data *hapd = ctx;
1164 struct sta_info *sta;
1165
1166 sta = ap_get_sta(hapd, sta_addr);
1167 if (!sta)
1168 return -1;
1169
1170 os_free(sta->radius_cui);
1171 sta->radius_cui = NULL;
1172
1173 if (sta->eapol_sm) {
1174 wpabuf_free(sta->eapol_sm->radius_cui);
1175 sta->eapol_sm->radius_cui = NULL;
1176 }
1177
1178 if (!radius_cui)
1179 return 0;
1180
1181 /* sta->radius_cui is NULL terminated */
1182 sta->radius_cui = os_zalloc(radius_cui_len + 1);
1183 if (!sta->radius_cui)
1184 return -1;
1185 os_memcpy(sta->radius_cui, radius_cui, radius_cui_len);
1186
1187 if (sta->eapol_sm) {
1188 sta->eapol_sm->radius_cui = wpabuf_alloc_copy(radius_cui,
1189 radius_cui_len);
1190 if (!sta->eapol_sm->radius_cui)
1191 return -1;
1192 }
1193
1194 return 0;
1195 }
1196
1197
1198 static size_t
1199 hostapd_wpa_auth_get_radius_cui(void *ctx, const u8 *sta_addr, const u8 **buf)
1200 {
1201 struct hostapd_data *hapd = ctx;
1202 struct sta_info *sta;
1203 struct wpabuf *b;
1204 size_t len;
1205 char *radius_cui;
1206
1207 sta = ap_get_sta(hapd, sta_addr);
1208 if (!sta)
1209 return 0;
1210
1211 b = ieee802_1x_get_radius_cui(sta->eapol_sm);
1212 if (b) {
1213 len = wpabuf_len(b);
1214 *buf = wpabuf_head(b);
1215 return len;
1216 }
1217
1218 if (!sta->radius_cui) {
1219 *buf = NULL;
1220 return 0;
1221 }
1222
1223 radius_cui = sta->radius_cui;
1224 len = os_strlen(radius_cui);
1225 *buf = (u8 *) radius_cui;
1226
1227 return len;
1228 }
1229
1230
1231 static void hostapd_wpa_auth_set_session_timeout(void *ctx, const u8 *sta_addr,
1232 int session_timeout)
1233 {
1234 struct hostapd_data *hapd = ctx;
1235 struct sta_info *sta;
1236
1237 sta = ap_get_sta(hapd, sta_addr);
1238 if (!sta)
1239 return;
1240
1241 if (session_timeout) {
1242 os_get_reltime(&sta->session_timeout);
1243 sta->session_timeout.sec += session_timeout;
1244 sta->session_timeout_set = 1;
1245 ap_sta_session_timeout(hapd, sta, session_timeout);
1246 } else {
1247 sta->session_timeout_set = 0;
1248 ap_sta_no_session_timeout(hapd, sta);
1249 }
1250 }
1251
1252
1253 static int hostapd_wpa_auth_get_session_timeout(void *ctx, const u8 *sta_addr)
1254 {
1255 struct hostapd_data *hapd = ctx;
1256 struct sta_info *sta;
1257 struct os_reltime now, remaining;
1258
1259 sta = ap_get_sta(hapd, sta_addr);
1260 if (!sta || !sta->session_timeout_set)
1261 return 0;
1262
1263 os_get_reltime(&now);
1264 if (os_reltime_before(&sta->session_timeout, &now)) {
1265 /* already expired, return >0 as timeout was set */
1266 return 1;
1267 }
1268
1269 os_reltime_sub(&sta->session_timeout, &now, &remaining);
1270
1271 return (remaining.sec > 0) ? remaining.sec : 1;
1272 }
1273
1274
1275 static void hostapd_rrb_receive(void *ctx, const u8 *src_addr, const u8 *buf,
1276 size_t len)
1277 {
1278 struct hostapd_data *hapd = ctx;
1279 struct l2_ethhdr *ethhdr;
1280 if (len < sizeof(*ethhdr))
1281 return;
1282 ethhdr = (struct l2_ethhdr *) buf;
1283 wpa_printf(MSG_DEBUG, "FT: RRB received packet " MACSTR " -> "
1284 MACSTR, MAC2STR(ethhdr->h_source), MAC2STR(ethhdr->h_dest));
1285 if (!is_multicast_ether_addr(ethhdr->h_dest) &&
1286 os_memcmp(hapd->own_addr, ethhdr->h_dest, ETH_ALEN) != 0)
1287 return;
1288 wpa_ft_rrb_rx(hapd->wpa_auth, ethhdr->h_source, buf + sizeof(*ethhdr),
1289 len - sizeof(*ethhdr));
1290 }
1291
1292
1293 static void hostapd_rrb_oui_receive(void *ctx, const u8 *src_addr,
1294 const u8 *dst_addr, u8 oui_suffix,
1295 const u8 *buf, size_t len)
1296 {
1297 struct hostapd_data *hapd = ctx;
1298
1299 wpa_printf(MSG_DEBUG, "FT: RRB received packet " MACSTR " -> "
1300 MACSTR, MAC2STR(src_addr), MAC2STR(dst_addr));
1301 if (!is_multicast_ether_addr(dst_addr) &&
1302 os_memcmp(hapd->own_addr, dst_addr, ETH_ALEN) != 0)
1303 return;
1304 wpa_ft_rrb_oui_rx(hapd->wpa_auth, src_addr, dst_addr, oui_suffix, buf,
1305 len);
1306 }
1307
1308
1309 static int hostapd_wpa_auth_add_tspec(void *ctx, const u8 *sta_addr,
1310 u8 *tspec_ie, size_t tspec_ielen)
1311 {
1312 struct hostapd_data *hapd = ctx;
1313 return hostapd_add_tspec(hapd, sta_addr, tspec_ie, tspec_ielen);
1314 }
1315
1316
1317
1318 static int hostapd_wpa_register_ft_oui(struct hostapd_data *hapd,
1319 const char *ft_iface)
1320 {
1321 hapd->oui_pull = eth_p_oui_register(hapd, ft_iface,
1322 FT_PACKET_R0KH_R1KH_PULL,
1323 hostapd_rrb_oui_receive, hapd);
1324 if (!hapd->oui_pull)
1325 return -1;
1326
1327 hapd->oui_resp = eth_p_oui_register(hapd, ft_iface,
1328 FT_PACKET_R0KH_R1KH_RESP,
1329 hostapd_rrb_oui_receive, hapd);
1330 if (!hapd->oui_resp)
1331 return -1;
1332
1333 hapd->oui_push = eth_p_oui_register(hapd, ft_iface,
1334 FT_PACKET_R0KH_R1KH_PUSH,
1335 hostapd_rrb_oui_receive, hapd);
1336 if (!hapd->oui_push)
1337 return -1;
1338
1339 hapd->oui_sreq = eth_p_oui_register(hapd, ft_iface,
1340 FT_PACKET_R0KH_R1KH_SEQ_REQ,
1341 hostapd_rrb_oui_receive, hapd);
1342 if (!hapd->oui_sreq)
1343 return -1;
1344
1345 hapd->oui_sresp = eth_p_oui_register(hapd, ft_iface,
1346 FT_PACKET_R0KH_R1KH_SEQ_RESP,
1347 hostapd_rrb_oui_receive, hapd);
1348 if (!hapd->oui_sresp)
1349 return -1;
1350
1351 return 0;
1352 }
1353
1354
1355 static void hostapd_wpa_unregister_ft_oui(struct hostapd_data *hapd)
1356 {
1357 eth_p_oui_unregister(hapd->oui_pull);
1358 hapd->oui_pull = NULL;
1359 eth_p_oui_unregister(hapd->oui_resp);
1360 hapd->oui_resp = NULL;
1361 eth_p_oui_unregister(hapd->oui_push);
1362 hapd->oui_push = NULL;
1363 eth_p_oui_unregister(hapd->oui_sreq);
1364 hapd->oui_sreq = NULL;
1365 eth_p_oui_unregister(hapd->oui_sresp);
1366 hapd->oui_sresp = NULL;
1367 }
1368 #endif /* CONFIG_IEEE80211R_AP */
1369
1370
1371 int hostapd_setup_wpa(struct hostapd_data *hapd)
1372 {
1373 struct wpa_auth_config _conf;
1374 static const struct wpa_auth_callbacks cb = {
1375 .logger = hostapd_wpa_auth_logger,
1376 .disconnect = hostapd_wpa_auth_disconnect,
1377 .mic_failure_report = hostapd_wpa_auth_mic_failure_report,
1378 .psk_failure_report = hostapd_wpa_auth_psk_failure_report,
1379 .set_eapol = hostapd_wpa_auth_set_eapol,
1380 .get_eapol = hostapd_wpa_auth_get_eapol,
1381 .get_psk = hostapd_wpa_auth_get_psk,
1382 .get_msk = hostapd_wpa_auth_get_msk,
1383 .set_key = hostapd_wpa_auth_set_key,
1384 .get_seqnum = hostapd_wpa_auth_get_seqnum,
1385 .send_eapol = hostapd_wpa_auth_send_eapol,
1386 .for_each_sta = hostapd_wpa_auth_for_each_sta,
1387 .for_each_auth = hostapd_wpa_auth_for_each_auth,
1388 .send_ether = hostapd_wpa_auth_send_ether,
1389 .send_oui = hostapd_wpa_auth_send_oui,
1390 .channel_info = hostapd_channel_info,
1391 .update_vlan = hostapd_wpa_auth_update_vlan,
1392 #ifdef CONFIG_OCV
1393 .get_sta_tx_params = hostapd_get_sta_tx_params,
1394 #endif /* CONFIG_OCV */
1395 #ifdef CONFIG_IEEE80211R_AP
1396 .send_ft_action = hostapd_wpa_auth_send_ft_action,
1397 .add_sta = hostapd_wpa_auth_add_sta,
1398 .add_tspec = hostapd_wpa_auth_add_tspec,
1399 .set_vlan = hostapd_wpa_auth_set_vlan,
1400 .get_vlan = hostapd_wpa_auth_get_vlan,
1401 .set_identity = hostapd_wpa_auth_set_identity,
1402 .get_identity = hostapd_wpa_auth_get_identity,
1403 .set_radius_cui = hostapd_wpa_auth_set_radius_cui,
1404 .get_radius_cui = hostapd_wpa_auth_get_radius_cui,
1405 .set_session_timeout = hostapd_wpa_auth_set_session_timeout,
1406 .get_session_timeout = hostapd_wpa_auth_get_session_timeout,
1407 #endif /* CONFIG_IEEE80211R_AP */
1408 };
1409 const u8 *wpa_ie;
1410 size_t wpa_ie_len;
1411
1412 hostapd_wpa_auth_conf(hapd->conf, hapd->iconf, &_conf);
1413 if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_EAPOL_TX_STATUS)
1414 _conf.tx_status = 1;
1415 if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_AP_MLME)
1416 _conf.ap_mlme = 1;
1417
1418 if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_WIRED) &&
1419 (hapd->conf->wpa_deny_ptk0_rekey == PTK0_REKEY_ALLOW_NEVER ||
1420 (hapd->conf->wpa_deny_ptk0_rekey == PTK0_REKEY_ALLOW_LOCAL_OK &&
1421 !(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_SAFE_PTK0_REKEYS)))) {
1422 wpa_msg(hapd->msg_ctx, MSG_INFO,
1423 "Disable PTK0 rekey support - replaced with disconnect");
1424 _conf.wpa_deny_ptk0_rekey = 1;
1425 }
1426
1427 if (_conf.extended_key_id &&
1428 (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_EXTENDED_KEY_ID))
1429 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Extended Key ID supported");
1430 else
1431 _conf.extended_key_id = 0;
1432
1433 hapd->wpa_auth = wpa_init(hapd->own_addr, &_conf, &cb, hapd);
1434 if (hapd->wpa_auth == NULL) {
1435 wpa_printf(MSG_ERROR, "WPA initialization failed.");
1436 return -1;
1437 }
1438
1439 if (hostapd_set_privacy(hapd, 1)) {
1440 wpa_printf(MSG_ERROR, "Could not set PrivacyInvoked "
1441 "for interface %s", hapd->conf->iface);
1442 return -1;
1443 }
1444
1445 wpa_ie = wpa_auth_get_wpa_ie(hapd->wpa_auth, &wpa_ie_len);
1446 if (hostapd_set_generic_elem(hapd, wpa_ie, wpa_ie_len)) {
1447 wpa_printf(MSG_ERROR, "Failed to configure WPA IE for "
1448 "the kernel driver.");
1449 return -1;
1450 }
1451
1452 if (rsn_preauth_iface_init(hapd)) {
1453 wpa_printf(MSG_ERROR, "Initialization of RSN "
1454 "pre-authentication failed.");
1455 return -1;
1456 }
1457
1458 #ifdef CONFIG_IEEE80211R_AP
1459 if (!hostapd_drv_none(hapd) &&
1460 wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt)) {
1461 const char *ft_iface;
1462
1463 ft_iface = hapd->conf->bridge[0] ? hapd->conf->bridge :
1464 hapd->conf->iface;
1465 hapd->l2 = l2_packet_init(ft_iface, NULL, ETH_P_RRB,
1466 hostapd_rrb_receive, hapd, 1);
1467 if (!hapd->l2) {
1468 wpa_printf(MSG_ERROR, "Failed to open l2_packet "
1469 "interface");
1470 return -1;
1471 }
1472
1473 if (hostapd_wpa_register_ft_oui(hapd, ft_iface)) {
1474 wpa_printf(MSG_ERROR,
1475 "Failed to open ETH_P_OUI interface");
1476 return -1;
1477 }
1478 }
1479 #endif /* CONFIG_IEEE80211R_AP */
1480
1481 return 0;
1482
1483 }
1484
1485
1486 void hostapd_reconfig_wpa(struct hostapd_data *hapd)
1487 {
1488 struct wpa_auth_config wpa_auth_conf;
1489 hostapd_wpa_auth_conf(hapd->conf, hapd->iconf, &wpa_auth_conf);
1490 wpa_reconfig(hapd->wpa_auth, &wpa_auth_conf);
1491 }
1492
1493
1494 void hostapd_deinit_wpa(struct hostapd_data *hapd)
1495 {
1496 ieee80211_tkip_countermeasures_deinit(hapd);
1497 rsn_preauth_iface_deinit(hapd);
1498 if (hapd->wpa_auth) {
1499 wpa_deinit(hapd->wpa_auth);
1500 hapd->wpa_auth = NULL;
1501
1502 if (hapd->drv_priv && hostapd_set_privacy(hapd, 0)) {
1503 wpa_printf(MSG_DEBUG, "Could not disable "
1504 "PrivacyInvoked for interface %s",
1505 hapd->conf->iface);
1506 }
1507
1508 if (hapd->drv_priv &&
1509 hostapd_set_generic_elem(hapd, (u8 *) "", 0)) {
1510 wpa_printf(MSG_DEBUG, "Could not remove generic "
1511 "information element from interface %s",
1512 hapd->conf->iface);
1513 }
1514 }
1515 ieee802_1x_deinit(hapd);
1516
1517 #ifdef CONFIG_IEEE80211R_AP
1518 eloop_cancel_timeout(hostapd_wpa_ft_rrb_rx_later, hapd, ELOOP_ALL_CTX);
1519 hostapd_wpa_ft_rrb_rx_later(hapd, NULL); /* flush without delivering */
1520 eloop_cancel_timeout(hostapd_oui_deliver_later, hapd, ELOOP_ALL_CTX);
1521 hostapd_oui_deliver_later(hapd, NULL); /* flush without delivering */
1522 l2_packet_deinit(hapd->l2);
1523 hapd->l2 = NULL;
1524 hostapd_wpa_unregister_ft_oui(hapd);
1525 #endif /* CONFIG_IEEE80211R_AP */
1526 }
Unnamed repository; edit this file 'description' to name the repository.