2008-02-28 02:34:43 +01:00
|
|
|
/*
|
|
|
|
* hostapd / IEEE 802.11 Management
|
2017-01-01 23:54:44 +01:00
|
|
|
* Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi>
|
2008-02-28 02:34:43 +01:00
|
|
|
*
|
2012-02-11 15:46:35 +01:00
|
|
|
* This software may be distributed under the terms of the BSD license.
|
|
|
|
* See README for more details.
|
2008-02-28 02:34:43 +01:00
|
|
|
*/
|
|
|
|
|
2009-12-25 00:12:50 +01:00
|
|
|
#include "utils/includes.h"
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
#ifndef CONFIG_NATIVE_WINDOWS
|
|
|
|
|
2009-12-25 00:12:50 +01:00
|
|
|
#include "utils/common.h"
|
|
|
|
#include "utils/eloop.h"
|
2009-11-29 22:04:43 +01:00
|
|
|
#include "crypto/crypto.h"
|
2012-12-31 15:58:36 +01:00
|
|
|
#include "crypto/sha256.h"
|
2017-10-08 15:37:32 +02:00
|
|
|
#include "crypto/sha384.h"
|
|
|
|
#include "crypto/sha512.h"
|
2012-12-31 15:58:36 +01:00
|
|
|
#include "crypto/random.h"
|
2009-12-25 23:31:51 +01:00
|
|
|
#include "common/ieee802_11_defs.h"
|
|
|
|
#include "common/ieee802_11_common.h"
|
2009-11-29 22:04:43 +01:00
|
|
|
#include "common/wpa_ctrl.h"
|
2012-12-30 20:48:19 +01:00
|
|
|
#include "common/sae.h"
|
2019-03-17 22:51:53 +01:00
|
|
|
#include "common/dpp.h"
|
2018-08-06 21:46:36 +02:00
|
|
|
#include "common/ocv.h"
|
2019-05-29 11:11:48 +02:00
|
|
|
#include "common/wpa_common.h"
|
2020-05-25 19:46:32 +02:00
|
|
|
#include "common/wpa_ctrl.h"
|
2020-12-16 12:00:32 +01:00
|
|
|
#include "common/ptksa_cache.h"
|
2009-11-29 22:04:43 +01:00
|
|
|
#include "radius/radius.h"
|
|
|
|
#include "radius/radius_client.h"
|
2010-07-18 23:30:25 +02:00
|
|
|
#include "p2p/p2p.h"
|
2010-05-26 17:46:08 +02:00
|
|
|
#include "wps/wps.h"
|
2015-01-21 14:30:48 +01:00
|
|
|
#include "fst/fst.h"
|
2008-02-28 02:34:43 +01:00
|
|
|
#include "hostapd.h"
|
|
|
|
#include "beacon.h"
|
|
|
|
#include "ieee802_11_auth.h"
|
|
|
|
#include "sta_info.h"
|
|
|
|
#include "ieee802_1x.h"
|
2009-12-25 23:05:40 +01:00
|
|
|
#include "wpa_auth.h"
|
2014-10-18 12:00:29 +02:00
|
|
|
#include "pmksa_cache_auth.h"
|
2009-12-25 00:12:50 +01:00
|
|
|
#include "wmm.h"
|
2008-02-28 02:34:43 +01:00
|
|
|
#include "ap_list.h"
|
|
|
|
#include "accounting.h"
|
2009-12-25 23:05:40 +01:00
|
|
|
#include "ap_config.h"
|
|
|
|
#include "ap_mlme.h"
|
2010-10-08 17:16:07 +02:00
|
|
|
#include "p2p_hostapd.h"
|
2010-11-24 14:19:50 +01:00
|
|
|
#include "ap_drv_ops.h"
|
2012-12-16 18:16:17 +01:00
|
|
|
#include "wnm_ap.h"
|
2015-09-05 18:00:03 +02:00
|
|
|
#include "hw_features.h"
|
2009-12-25 23:05:40 +01:00
|
|
|
#include "ieee802_11.h"
|
2014-02-21 14:42:18 +01:00
|
|
|
#include "dfs.h"
|
2016-02-22 12:03:28 +01:00
|
|
|
#include "mbo_ap.h"
|
2016-04-06 18:42:09 +02:00
|
|
|
#include "rrm.h"
|
Passive Client Taxonomy
Implement the signature mechanism described in the paper
"Passive Taxonomy of Wifi Clients using MLME Frame Contents"
published by Denton Gentry and Avery Pennarun.
http://research.google.com/pubs/pub45429.html
https://arxiv.org/abs/1608.01725
This involves:
1. Add a CONFIG_TAXONOMY compile option. Enabling taxonomy incurs
a memory overhead of up to several kilobytes per associated
station.
2. If enabled, store the Probe Request and (Re)Associate Request frame in
struct sta_info.
3. Implement code to extract the ID of each Information Element,
plus selected fields and bitmasks from certain IEs, into a
descriptive text string. This is done in a new source file,
src/ap/taxonomy.c.
4. Implement a "signature qq:rr:ss:tt:uu:vv" command
in hostapd_cli to retrieve the signature.
Signatures take the form of a text string. For example, a signature
for the Nexus 5X is:
wifi4|probe:0,1,127,45,191,htcap:01ef,htagg:03,htmcs:0000ffff,vhtcap:338061b2,
vhtrxmcs:030cfffa,vhttxmcs:030cfffa,extcap:00000a0201000040|assoc:0,1,48,45,
221(0050f2,2),191,127,htcap:01ef,htagg:03,htmcs:0000ffff,vhtcap:339071b2,
vhtrxmcs:030cfffa,vhttxmcs:030cfffa,extcap:0000000000000040
Signed-off-by: dgentry@google.com (Denton Gentry)
Signed-off-by: denny@geekhold.com (Denton Gentry)
Signed-off-by: rofrankel@google.com (Richard Frankel)
Signed-off-by: richard@frankel.tv (Richard Frankel)
2016-08-15 06:42:48 +02:00
|
|
|
#include "taxonomy.h"
|
2017-01-31 13:00:12 +01:00
|
|
|
#include "fils_hlp.h"
|
2017-06-15 21:16:45 +02:00
|
|
|
#include "dpp_hostapd.h"
|
|
|
|
#include "gas_query_ap.h"
|
2022-10-07 17:03:25 +02:00
|
|
|
#include "comeback_token.h"
|
2022-09-19 12:42:49 +02:00
|
|
|
#include "pasn/pasn_common.h"
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
|
2017-04-21 17:42:00 +02:00
|
|
|
#ifdef CONFIG_FILS
|
|
|
|
static struct wpabuf *
|
|
|
|
prepare_auth_resp_fils(struct hostapd_data *hapd,
|
|
|
|
struct sta_info *sta, u16 *resp,
|
|
|
|
struct rsn_pmksa_cache_entry *pmksa,
|
|
|
|
struct wpabuf *erp_resp,
|
|
|
|
const u8 *msk, size_t msk_len,
|
|
|
|
int *is_pub);
|
|
|
|
#endif /* CONFIG_FILS */
|
2020-12-16 12:00:56 +01:00
|
|
|
|
|
|
|
#ifdef CONFIG_PASN
|
|
|
|
#ifdef CONFIG_FILS
|
|
|
|
|
|
|
|
static void pasn_fils_auth_resp(struct hostapd_data *hapd,
|
|
|
|
struct sta_info *sta, u16 status,
|
|
|
|
struct wpabuf *erp_resp,
|
|
|
|
const u8 *msk, size_t msk_len);
|
|
|
|
|
|
|
|
#endif /* CONFIG_FILS */
|
|
|
|
#endif /* CONFIG_PASN */
|
|
|
|
|
2019-03-01 18:54:51 +01:00
|
|
|
static void handle_auth(struct hostapd_data *hapd,
|
|
|
|
const struct ieee80211_mgmt *mgmt, size_t len,
|
|
|
|
int rssi, int from_queue);
|
2023-05-22 21:33:45 +02:00
|
|
|
static int add_associated_sta(struct hostapd_data *hapd,
|
|
|
|
struct sta_info *sta, int reassoc);
|
2017-04-21 17:42:00 +02:00
|
|
|
|
2018-12-05 11:23:51 +01:00
|
|
|
|
|
|
|
u8 * hostapd_eid_multi_ap(struct hostapd_data *hapd, u8 *eid)
|
|
|
|
{
|
|
|
|
u8 multi_ap_val = 0;
|
|
|
|
|
|
|
|
if (!hapd->conf->multi_ap)
|
|
|
|
return eid;
|
|
|
|
if (hapd->conf->multi_ap & BACKHAUL_BSS)
|
|
|
|
multi_ap_val |= MULTI_AP_BACKHAUL_BSS;
|
|
|
|
if (hapd->conf->multi_ap & FRONTHAUL_BSS)
|
|
|
|
multi_ap_val |= MULTI_AP_FRONTHAUL_BSS;
|
|
|
|
|
|
|
|
return eid + add_multi_ap_ie(eid, 9, multi_ap_val);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid)
|
|
|
|
{
|
|
|
|
u8 *pos = eid;
|
|
|
|
int i, num, count;
|
2020-01-20 20:15:04 +01:00
|
|
|
int h2e_required;
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
if (hapd->iface->current_rates == NULL)
|
|
|
|
return eid;
|
|
|
|
|
|
|
|
*pos++ = WLAN_EID_SUPP_RATES;
|
|
|
|
num = hapd->iface->num_rates;
|
2011-02-09 14:08:47 +01:00
|
|
|
if (hapd->iconf->ieee80211n && hapd->iconf->require_ht)
|
|
|
|
num++;
|
2012-11-24 16:27:16 +01:00
|
|
|
if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht)
|
|
|
|
num++;
|
2022-12-04 10:49:32 +01:00
|
|
|
#ifdef CONFIG_IEEE80211AX
|
|
|
|
if (hapd->iconf->ieee80211ax && hapd->iconf->require_he)
|
|
|
|
num++;
|
|
|
|
#endif /* CONFIG_IEEE80211AX */
|
2022-11-29 19:36:15 +01:00
|
|
|
h2e_required = (hapd->conf->sae_pwe == SAE_PWE_HASH_TO_ELEMENT ||
|
2020-01-20 20:15:04 +01:00
|
|
|
hostapd_sae_pw_id_in_use(hapd->conf) == 2) &&
|
2022-11-29 19:36:15 +01:00
|
|
|
hapd->conf->sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK &&
|
2020-01-20 20:15:04 +01:00
|
|
|
wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt);
|
|
|
|
if (h2e_required)
|
2019-09-05 10:54:47 +02:00
|
|
|
num++;
|
2008-02-28 02:34:43 +01:00
|
|
|
if (num > 8) {
|
|
|
|
/* rest of the rates are encoded in Extended supported
|
|
|
|
* rates element */
|
|
|
|
num = 8;
|
|
|
|
}
|
|
|
|
|
|
|
|
*pos++ = num;
|
|
|
|
for (i = 0, count = 0; i < hapd->iface->num_rates && count < num;
|
|
|
|
i++) {
|
|
|
|
count++;
|
|
|
|
*pos = hapd->iface->current_rates[i].rate / 5;
|
|
|
|
if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC)
|
|
|
|
*pos |= 0x80;
|
|
|
|
pos++;
|
|
|
|
}
|
|
|
|
|
2012-11-24 16:27:16 +01:00
|
|
|
if (hapd->iconf->ieee80211n && hapd->iconf->require_ht && count < 8) {
|
|
|
|
count++;
|
2011-02-09 14:08:47 +01:00
|
|
|
*pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY;
|
2012-11-24 16:27:16 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht && count < 8) {
|
|
|
|
count++;
|
|
|
|
*pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY;
|
|
|
|
}
|
2011-02-09 14:08:47 +01:00
|
|
|
|
2022-12-04 10:49:32 +01:00
|
|
|
#ifdef CONFIG_IEEE80211AX
|
|
|
|
if (hapd->iconf->ieee80211ax && hapd->iconf->require_he && count < 8) {
|
|
|
|
count++;
|
|
|
|
*pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HE_PHY;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_IEEE80211AX */
|
|
|
|
|
2020-01-20 20:15:04 +01:00
|
|
|
if (h2e_required && count < 8) {
|
2019-09-05 10:54:47 +02:00
|
|
|
count++;
|
|
|
|
*pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_SAE_H2E_ONLY;
|
|
|
|
}
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
return pos;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
u8 * hostapd_eid_ext_supp_rates(struct hostapd_data *hapd, u8 *eid)
|
|
|
|
{
|
|
|
|
u8 *pos = eid;
|
|
|
|
int i, num, count;
|
2020-01-20 20:15:04 +01:00
|
|
|
int h2e_required;
|
2008-02-28 02:34:43 +01:00
|
|
|
|
2022-12-01 04:18:37 +01:00
|
|
|
hapd->conf->xrates_supported = false;
|
2008-02-28 02:34:43 +01:00
|
|
|
if (hapd->iface->current_rates == NULL)
|
|
|
|
return eid;
|
|
|
|
|
|
|
|
num = hapd->iface->num_rates;
|
2011-02-09 14:08:47 +01:00
|
|
|
if (hapd->iconf->ieee80211n && hapd->iconf->require_ht)
|
|
|
|
num++;
|
2012-11-24 16:27:16 +01:00
|
|
|
if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht)
|
|
|
|
num++;
|
2022-12-04 10:49:32 +01:00
|
|
|
#ifdef CONFIG_IEEE80211AX
|
|
|
|
if (hapd->iconf->ieee80211ax && hapd->iconf->require_he)
|
|
|
|
num++;
|
|
|
|
#endif /* CONFIG_IEEE80211AX */
|
2022-11-29 19:36:15 +01:00
|
|
|
h2e_required = (hapd->conf->sae_pwe == SAE_PWE_HASH_TO_ELEMENT ||
|
2020-01-20 20:15:04 +01:00
|
|
|
hostapd_sae_pw_id_in_use(hapd->conf) == 2) &&
|
2022-11-29 19:36:15 +01:00
|
|
|
hapd->conf->sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK &&
|
2020-01-20 20:15:04 +01:00
|
|
|
wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt);
|
|
|
|
if (h2e_required)
|
2019-09-05 10:54:47 +02:00
|
|
|
num++;
|
2008-02-28 02:34:43 +01:00
|
|
|
if (num <= 8)
|
|
|
|
return eid;
|
|
|
|
num -= 8;
|
|
|
|
|
|
|
|
*pos++ = WLAN_EID_EXT_SUPP_RATES;
|
|
|
|
*pos++ = num;
|
|
|
|
for (i = 0, count = 0; i < hapd->iface->num_rates && count < num + 8;
|
|
|
|
i++) {
|
|
|
|
count++;
|
|
|
|
if (count <= 8)
|
|
|
|
continue; /* already in SuppRates IE */
|
|
|
|
*pos = hapd->iface->current_rates[i].rate / 5;
|
|
|
|
if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC)
|
|
|
|
*pos |= 0x80;
|
|
|
|
pos++;
|
|
|
|
}
|
|
|
|
|
2012-11-24 16:27:16 +01:00
|
|
|
if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) {
|
|
|
|
count++;
|
|
|
|
if (count > 8)
|
|
|
|
*pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) {
|
|
|
|
count++;
|
|
|
|
if (count > 8)
|
|
|
|
*pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY;
|
|
|
|
}
|
2011-02-09 14:08:47 +01:00
|
|
|
|
2022-12-04 10:49:32 +01:00
|
|
|
#ifdef CONFIG_IEEE80211AX
|
|
|
|
if (hapd->iconf->ieee80211ax && hapd->iconf->require_he) {
|
|
|
|
count++;
|
|
|
|
if (count > 8)
|
|
|
|
*pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HE_PHY;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_IEEE80211AX */
|
|
|
|
|
2020-01-20 20:15:04 +01:00
|
|
|
if (h2e_required) {
|
2019-09-05 10:54:47 +02:00
|
|
|
count++;
|
|
|
|
if (count > 8)
|
|
|
|
*pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_SAE_H2E_ONLY;
|
|
|
|
}
|
|
|
|
|
2022-12-01 04:18:37 +01:00
|
|
|
hapd->conf->xrates_supported = true;
|
2008-02-28 02:34:43 +01:00
|
|
|
return pos;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2020-01-24 17:24:53 +01:00
|
|
|
u8 * hostapd_eid_rm_enabled_capab(struct hostapd_data *hapd, u8 *eid,
|
|
|
|
size_t len)
|
|
|
|
{
|
|
|
|
size_t i;
|
|
|
|
|
|
|
|
for (i = 0; i < RRM_CAPABILITIES_IE_LEN; i++) {
|
|
|
|
if (hapd->conf->radio_measurements[i])
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (i == RRM_CAPABILITIES_IE_LEN || len < 2 + RRM_CAPABILITIES_IE_LEN)
|
|
|
|
return eid;
|
|
|
|
|
|
|
|
*eid++ = WLAN_EID_RRM_ENABLED_CAPABILITIES;
|
|
|
|
*eid++ = RRM_CAPABILITIES_IE_LEN;
|
|
|
|
os_memcpy(eid, hapd->conf->radio_measurements, RRM_CAPABILITIES_IE_LEN);
|
|
|
|
|
|
|
|
return eid + RRM_CAPABILITIES_IE_LEN;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-04-20 23:33:25 +02:00
|
|
|
u16 hostapd_own_capab_info(struct hostapd_data *hapd)
|
2008-02-28 02:34:43 +01:00
|
|
|
{
|
|
|
|
int capab = WLAN_CAPABILITY_ESS;
|
2020-02-29 15:52:39 +01:00
|
|
|
int privacy = 0;
|
2014-02-21 14:42:18 +01:00
|
|
|
int dfs;
|
2016-04-06 18:42:06 +02:00
|
|
|
int i;
|
2014-02-21 14:42:18 +01:00
|
|
|
|
|
|
|
/* Check if any of configured channels require DFS */
|
|
|
|
dfs = hostapd_is_dfs_required(hapd->iface);
|
|
|
|
if (dfs < 0) {
|
|
|
|
wpa_printf(MSG_WARNING, "Failed to check if DFS is required; ret=%d",
|
|
|
|
dfs);
|
|
|
|
dfs = 0;
|
|
|
|
}
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
if (hapd->iface->num_sta_no_short_preamble == 0 &&
|
|
|
|
hapd->iconf->preamble == SHORT_PREAMBLE)
|
|
|
|
capab |= WLAN_CAPABILITY_SHORT_PREAMBLE;
|
|
|
|
|
2020-02-29 15:52:39 +01:00
|
|
|
#ifdef CONFIG_WEP
|
2008-02-28 02:34:43 +01:00
|
|
|
privacy = hapd->conf->ssid.wep.keys_set;
|
|
|
|
|
|
|
|
if (hapd->conf->ieee802_1x &&
|
|
|
|
(hapd->conf->default_wep_key_len ||
|
|
|
|
hapd->conf->individual_wep_key_len))
|
|
|
|
privacy = 1;
|
2020-02-29 15:52:39 +01:00
|
|
|
#endif /* CONFIG_WEP */
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
if (hapd->conf->wpa)
|
|
|
|
privacy = 1;
|
|
|
|
|
2013-07-23 20:25:21 +02:00
|
|
|
#ifdef CONFIG_HS20
|
|
|
|
if (hapd->conf->osen)
|
|
|
|
privacy = 1;
|
|
|
|
#endif /* CONFIG_HS20 */
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
if (privacy)
|
|
|
|
capab |= WLAN_CAPABILITY_PRIVACY;
|
|
|
|
|
|
|
|
if (hapd->iface->current_mode &&
|
|
|
|
hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G &&
|
|
|
|
hapd->iface->num_sta_no_short_slot_time == 0)
|
|
|
|
capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME;
|
|
|
|
|
2014-02-21 14:42:18 +01:00
|
|
|
/*
|
|
|
|
* Currently, Spectrum Management capability bit is set when directly
|
|
|
|
* requested in configuration by spectrum_mgmt_required or when AP is
|
|
|
|
* running on DFS channel.
|
|
|
|
* TODO: Also consider driver support for TPC to set Spectrum Mgmt bit
|
|
|
|
*/
|
|
|
|
if (hapd->iface->current_mode &&
|
|
|
|
hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211A &&
|
|
|
|
(hapd->iconf->spectrum_mgmt_required || dfs))
|
|
|
|
capab |= WLAN_CAPABILITY_SPECTRUM_MGMT;
|
|
|
|
|
2016-04-06 18:42:06 +02:00
|
|
|
for (i = 0; i < RRM_CAPABILITIES_IE_LEN; i++) {
|
|
|
|
if (hapd->conf->radio_measurements[i]) {
|
|
|
|
capab |= IEEE80211_CAP_RRM;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
2014-12-12 19:45:31 +01:00
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
return capab;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2020-02-29 15:52:39 +01:00
|
|
|
#ifdef CONFIG_WEP
|
2015-08-01 22:37:07 +02:00
|
|
|
#ifndef CONFIG_NO_RC4
|
2008-02-28 02:34:43 +01:00
|
|
|
static u16 auth_shared_key(struct hostapd_data *hapd, struct sta_info *sta,
|
2009-12-13 22:25:30 +01:00
|
|
|
u16 auth_transaction, const u8 *challenge,
|
|
|
|
int iswep)
|
2008-02-28 02:34:43 +01:00
|
|
|
{
|
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
|
|
|
"authentication (shared key, transaction %d)",
|
|
|
|
auth_transaction);
|
|
|
|
|
|
|
|
if (auth_transaction == 1) {
|
|
|
|
if (!sta->challenge) {
|
|
|
|
/* Generate a pseudo-random challenge */
|
|
|
|
u8 key[8];
|
2016-02-09 15:43:21 +01:00
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
sta->challenge = os_zalloc(WLAN_AUTH_CHALLENGE_LEN);
|
|
|
|
if (sta->challenge == NULL)
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
|
2016-02-09 15:43:21 +01:00
|
|
|
if (os_get_random(key, sizeof(key)) < 0) {
|
|
|
|
os_free(sta->challenge);
|
|
|
|
sta->challenge = NULL;
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
}
|
|
|
|
|
2009-08-16 18:57:50 +02:00
|
|
|
rc4_skip(key, sizeof(key), 0,
|
|
|
|
sta->challenge, WLAN_AUTH_CHALLENGE_LEN);
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (auth_transaction != 3)
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
|
|
|
|
/* Transaction 3 */
|
|
|
|
if (!iswep || !sta->challenge || !challenge ||
|
2014-06-29 19:27:45 +02:00
|
|
|
os_memcmp_const(sta->challenge, challenge,
|
|
|
|
WLAN_AUTH_CHALLENGE_LEN)) {
|
2008-02-28 02:34:43 +01:00
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_INFO,
|
|
|
|
"shared key authentication - invalid "
|
|
|
|
"challenge-response");
|
|
|
|
return WLAN_STATUS_CHALLENGE_FAIL;
|
|
|
|
}
|
|
|
|
|
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
|
|
|
"authentication OK (shared key)");
|
|
|
|
sta->flags |= WLAN_STA_AUTH;
|
|
|
|
wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
|
|
|
|
os_free(sta->challenge);
|
|
|
|
sta->challenge = NULL;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
2015-08-01 22:37:07 +02:00
|
|
|
#endif /* CONFIG_NO_RC4 */
|
2020-02-29 15:52:39 +01:00
|
|
|
#endif /* CONFIG_WEP */
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
|
2020-01-08 19:52:26 +01:00
|
|
|
static int send_auth_reply(struct hostapd_data *hapd, struct sta_info *sta,
|
2016-02-16 10:54:32 +01:00
|
|
|
const u8 *dst, const u8 *bssid,
|
|
|
|
u16 auth_alg, u16 auth_transaction, u16 resp,
|
2017-12-07 18:14:49 +01:00
|
|
|
const u8 *ies, size_t ies_len, const char *dbg)
|
2008-02-28 02:34:43 +01:00
|
|
|
{
|
|
|
|
struct ieee80211_mgmt *reply;
|
|
|
|
u8 *buf;
|
|
|
|
size_t rlen;
|
2016-02-16 10:54:32 +01:00
|
|
|
int reply_res = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
2023-05-22 21:33:42 +02:00
|
|
|
const u8 *sa = hapd->own_addr;
|
|
|
|
struct wpabuf *ml_resp = NULL;
|
|
|
|
|
|
|
|
#ifdef CONFIG_IEEE80211BE
|
|
|
|
/*
|
|
|
|
* Once a non-AP MLD is added to the driver, the addressing should use
|
|
|
|
* the MLD MAC address. Thus, use the MLD address instead of translating
|
|
|
|
* the addresses.
|
|
|
|
*/
|
2024-01-21 17:45:28 +01:00
|
|
|
if (ap_sta_is_mld(hapd, sta)) {
|
2023-05-22 21:33:42 +02:00
|
|
|
sa = hapd->mld_addr;
|
|
|
|
|
|
|
|
ml_resp = hostapd_ml_auth_resp(hapd);
|
|
|
|
if (!ml_resp)
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
rlen = IEEE80211_HDRLEN + sizeof(reply->u.auth) + ies_len;
|
2023-05-22 21:33:42 +02:00
|
|
|
if (ml_resp)
|
|
|
|
rlen += wpabuf_len(ml_resp);
|
2008-02-28 02:34:43 +01:00
|
|
|
buf = os_zalloc(rlen);
|
2023-05-22 21:33:42 +02:00
|
|
|
if (!buf) {
|
|
|
|
wpabuf_free(ml_resp);
|
2016-02-16 10:54:32 +01:00
|
|
|
return -1;
|
2023-05-22 21:33:42 +02:00
|
|
|
}
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
reply = (struct ieee80211_mgmt *) buf;
|
|
|
|
reply->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
|
|
|
|
WLAN_FC_STYPE_AUTH);
|
|
|
|
os_memcpy(reply->da, dst, ETH_ALEN);
|
2023-05-22 21:33:42 +02:00
|
|
|
os_memcpy(reply->sa, sa, ETH_ALEN);
|
2008-02-28 02:34:43 +01:00
|
|
|
os_memcpy(reply->bssid, bssid, ETH_ALEN);
|
|
|
|
|
|
|
|
reply->u.auth.auth_alg = host_to_le16(auth_alg);
|
|
|
|
reply->u.auth.auth_transaction = host_to_le16(auth_transaction);
|
|
|
|
reply->u.auth.status_code = host_to_le16(resp);
|
|
|
|
|
|
|
|
if (ies && ies_len)
|
|
|
|
os_memcpy(reply->u.auth.variable, ies, ies_len);
|
|
|
|
|
2023-05-22 21:33:42 +02:00
|
|
|
#ifdef CONFIG_IEEE80211BE
|
|
|
|
if (ml_resp)
|
|
|
|
os_memcpy(reply->u.auth.variable + ies_len,
|
|
|
|
wpabuf_head(ml_resp), wpabuf_len(ml_resp));
|
|
|
|
|
|
|
|
wpabuf_free(ml_resp);
|
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
wpa_printf(MSG_DEBUG, "authentication reply: STA=" MACSTR
|
2017-12-07 18:14:49 +01:00
|
|
|
" auth_alg=%d auth_transaction=%d resp=%d (IE len=%lu) (dbg=%s)",
|
2008-02-28 02:34:43 +01:00
|
|
|
MAC2STR(dst), auth_alg, auth_transaction,
|
2017-12-07 18:14:49 +01:00
|
|
|
resp, (unsigned long) ies_len, dbg);
|
2020-01-08 19:52:26 +01:00
|
|
|
#ifdef CONFIG_TESTING_OPTIONS
|
|
|
|
#ifdef CONFIG_SAE
|
|
|
|
if (hapd->conf->sae_confirm_immediate == 2 &&
|
|
|
|
auth_alg == WLAN_AUTH_SAE) {
|
2020-03-08 15:32:47 +01:00
|
|
|
if (auth_transaction == 1 && sta &&
|
2020-01-08 19:52:26 +01:00
|
|
|
(resp == WLAN_STATUS_SUCCESS ||
|
2020-05-30 22:30:42 +02:00
|
|
|
resp == WLAN_STATUS_SAE_HASH_TO_ELEMENT ||
|
|
|
|
resp == WLAN_STATUS_SAE_PK)) {
|
2020-01-08 19:52:26 +01:00
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"TESTING: Postpone SAE Commit transmission until Confirm is ready");
|
|
|
|
os_free(sta->sae_postponed_commit);
|
|
|
|
sta->sae_postponed_commit = buf;
|
|
|
|
sta->sae_postponed_commit_len = rlen;
|
|
|
|
return WLAN_STATUS_SUCCESS;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (auth_transaction == 2 && sta && sta->sae_postponed_commit) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"TESTING: Send postponed SAE Commit first, immediately followed by SAE Confirm");
|
|
|
|
if (hostapd_drv_send_mlme(hapd,
|
|
|
|
sta->sae_postponed_commit,
|
|
|
|
sta->sae_postponed_commit_len,
|
|
|
|
0, NULL, 0, 0) < 0)
|
|
|
|
wpa_printf(MSG_INFO, "send_auth_reply: send failed");
|
|
|
|
os_free(sta->sae_postponed_commit);
|
|
|
|
sta->sae_postponed_commit = NULL;
|
|
|
|
sta->sae_postponed_commit_len = 0;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_SAE */
|
|
|
|
#endif /* CONFIG_TESTING_OPTIONS */
|
2020-01-03 12:34:37 +01:00
|
|
|
if (hostapd_drv_send_mlme(hapd, reply, rlen, 0, NULL, 0, 0) < 0)
|
2016-02-16 10:54:32 +01:00
|
|
|
wpa_printf(MSG_INFO, "send_auth_reply: send failed");
|
|
|
|
else
|
|
|
|
reply_res = WLAN_STATUS_SUCCESS;
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
os_free(buf);
|
2016-02-16 10:54:32 +01:00
|
|
|
|
|
|
|
return reply_res;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2016-10-27 14:18:32 +02:00
|
|
|
#ifdef CONFIG_IEEE80211R_AP
|
2008-02-28 02:34:43 +01:00
|
|
|
static void handle_auth_ft_finish(void *ctx, const u8 *dst, const u8 *bssid,
|
|
|
|
u16 auth_transaction, u16 status,
|
|
|
|
const u8 *ies, size_t ies_len)
|
|
|
|
{
|
|
|
|
struct hostapd_data *hapd = ctx;
|
|
|
|
struct sta_info *sta;
|
2016-02-16 10:54:32 +01:00
|
|
|
int reply_res;
|
2008-02-28 02:34:43 +01:00
|
|
|
|
2020-01-08 19:52:26 +01:00
|
|
|
reply_res = send_auth_reply(hapd, NULL, dst, bssid, WLAN_AUTH_FT,
|
2017-12-07 18:14:49 +01:00
|
|
|
auth_transaction, status, ies, ies_len,
|
|
|
|
"auth-ft-finish");
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
sta = ap_get_sta(hapd, dst);
|
|
|
|
if (sta == NULL)
|
|
|
|
return;
|
|
|
|
|
2016-02-16 10:54:32 +01:00
|
|
|
if (sta->added_unassoc && (reply_res != WLAN_STATUS_SUCCESS ||
|
|
|
|
status != WLAN_STATUS_SUCCESS)) {
|
|
|
|
hostapd_drv_sta_remove(hapd, sta->addr);
|
|
|
|
sta->added_unassoc = 0;
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (status != WLAN_STATUS_SUCCESS)
|
|
|
|
return;
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
hostapd_logger(hapd, dst, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG, "authentication OK (FT)");
|
|
|
|
sta->flags |= WLAN_STA_AUTH;
|
|
|
|
mlme_authenticate_indication(hapd, sta);
|
|
|
|
}
|
2016-10-27 14:18:32 +02:00
|
|
|
#endif /* CONFIG_IEEE80211R_AP */
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
|
2012-09-30 18:51:07 +02:00
|
|
|
#ifdef CONFIG_SAE
|
2012-10-06 18:30:54 +02:00
|
|
|
|
2017-12-26 23:07:42 +01:00
|
|
|
static void sae_set_state(struct sta_info *sta, enum sae_state state,
|
|
|
|
const char *reason)
|
|
|
|
{
|
|
|
|
wpa_printf(MSG_DEBUG, "SAE: State %s -> %s for peer " MACSTR " (%s)",
|
|
|
|
sae_state_txt(sta->sae->state), sae_state_txt(state),
|
|
|
|
MAC2STR(sta->addr), reason);
|
|
|
|
sta->sae->state = state;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2023-11-10 15:23:06 +01:00
|
|
|
const char * sae_get_password(struct hostapd_data *hapd,
|
|
|
|
struct sta_info *sta,
|
|
|
|
const char *rx_id,
|
|
|
|
struct sae_password_entry **pw_entry,
|
|
|
|
struct sae_pt **s_pt,
|
|
|
|
const struct sae_pk **s_pk)
|
2020-12-16 12:00:53 +01:00
|
|
|
{
|
|
|
|
const char *password = NULL;
|
|
|
|
struct sae_password_entry *pw;
|
|
|
|
struct sae_pt *pt = NULL;
|
|
|
|
const struct sae_pk *pk = NULL;
|
2022-02-19 21:25:30 +01:00
|
|
|
struct hostapd_sta_wpa_psk_short *psk = NULL;
|
2020-12-16 12:00:53 +01:00
|
|
|
|
|
|
|
for (pw = hapd->conf->sae_passwords; pw; pw = pw->next) {
|
|
|
|
if (!is_broadcast_ether_addr(pw->peer_addr) &&
|
2023-11-10 15:23:06 +01:00
|
|
|
(!sta ||
|
Use ether_addr_equal() to compare whether two MAC addresses are equal
This was done with spatch using the following semantic patch and minor
manual edits to clean up coding style and avoid compiler warnings in
driver_wext.c:
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) == 0
+ ether_addr_equal(a, b)
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) != 0
+ !ether_addr_equal(a, b)
@@
expression a,b;
@@
- !os_memcmp(a, b, ETH_ALEN)
+ ether_addr_equal(a, b)
Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-13 22:15:36 +01:00
|
|
|
!ether_addr_equal(pw->peer_addr, sta->addr)))
|
2020-12-16 12:00:53 +01:00
|
|
|
continue;
|
|
|
|
if ((rx_id && !pw->identifier) || (!rx_id && pw->identifier))
|
|
|
|
continue;
|
|
|
|
if (rx_id && pw->identifier &&
|
|
|
|
os_strcmp(rx_id, pw->identifier) != 0)
|
|
|
|
continue;
|
|
|
|
password = pw->password;
|
|
|
|
pt = pw->pt;
|
|
|
|
if (!(hapd->conf->mesh & MESH_ENABLED))
|
|
|
|
pk = pw->pk;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (!password) {
|
|
|
|
password = hapd->conf->ssid.wpa_passphrase;
|
|
|
|
pt = hapd->conf->ssid.pt;
|
|
|
|
}
|
|
|
|
|
2023-11-10 15:23:06 +01:00
|
|
|
if (!password && sta) {
|
2022-02-19 21:25:30 +01:00
|
|
|
for (psk = sta->psk; psk; psk = psk->next) {
|
|
|
|
if (psk->is_passphrase) {
|
|
|
|
password = psk->passphrase;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-12-16 12:00:53 +01:00
|
|
|
if (pw_entry)
|
|
|
|
*pw_entry = pw;
|
|
|
|
if (s_pt)
|
|
|
|
*s_pt = pt;
|
|
|
|
if (s_pk)
|
|
|
|
*s_pk = pk;
|
|
|
|
|
|
|
|
return password;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2014-09-01 06:23:30 +02:00
|
|
|
static struct wpabuf * auth_build_sae_commit(struct hostapd_data *hapd,
|
2019-10-25 14:54:11 +02:00
|
|
|
struct sta_info *sta, int update,
|
|
|
|
int status_code)
|
2012-10-06 18:30:54 +02:00
|
|
|
{
|
|
|
|
struct wpabuf *buf;
|
2018-05-19 16:28:01 +02:00
|
|
|
const char *password = NULL;
|
|
|
|
struct sae_password_entry *pw;
|
|
|
|
const char *rx_id = NULL;
|
2019-09-06 14:51:37 +02:00
|
|
|
int use_pt = 0;
|
|
|
|
struct sae_pt *pt = NULL;
|
2020-05-30 22:30:42 +02:00
|
|
|
const struct sae_pk *pk = NULL;
|
2023-05-22 21:34:07 +02:00
|
|
|
const u8 *own_addr = hapd->own_addr;
|
|
|
|
|
|
|
|
#ifdef CONFIG_IEEE80211BE
|
2024-01-21 17:45:28 +01:00
|
|
|
if (ap_sta_is_mld(hapd, sta))
|
2023-05-22 21:34:07 +02:00
|
|
|
own_addr = hapd->mld_addr;
|
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
2012-10-06 18:30:54 +02:00
|
|
|
|
2019-09-06 14:51:37 +02:00
|
|
|
if (sta->sae->tmp) {
|
2018-05-19 16:28:01 +02:00
|
|
|
rx_id = sta->sae->tmp->pw_id;
|
2020-06-06 11:08:37 +02:00
|
|
|
use_pt = sta->sae->h2e;
|
2020-05-30 22:30:42 +02:00
|
|
|
#ifdef CONFIG_SAE_PK
|
2023-05-22 21:34:07 +02:00
|
|
|
os_memcpy(sta->sae->tmp->own_addr, own_addr, ETH_ALEN);
|
2020-05-30 22:30:42 +02:00
|
|
|
os_memcpy(sta->sae->tmp->peer_addr, sta->addr, ETH_ALEN);
|
|
|
|
#endif /* CONFIG_SAE_PK */
|
2019-09-06 14:51:37 +02:00
|
|
|
}
|
2018-05-19 16:28:01 +02:00
|
|
|
|
2022-11-29 19:36:15 +01:00
|
|
|
if (rx_id && hapd->conf->sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK)
|
2020-01-20 20:15:04 +01:00
|
|
|
use_pt = 1;
|
|
|
|
else if (status_code == WLAN_STATUS_SUCCESS)
|
2019-10-25 14:54:11 +02:00
|
|
|
use_pt = 0;
|
2020-05-30 22:30:42 +02:00
|
|
|
else if (status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT ||
|
|
|
|
status_code == WLAN_STATUS_SAE_PK)
|
2019-10-25 14:54:11 +02:00
|
|
|
use_pt = 1;
|
|
|
|
|
2020-12-16 12:00:53 +01:00
|
|
|
password = sae_get_password(hapd, sta, rx_id, &pw, &pt, &pk);
|
2019-09-06 14:51:37 +02:00
|
|
|
if (!password || (use_pt && !pt)) {
|
2012-12-30 21:16:18 +01:00
|
|
|
wpa_printf(MSG_DEBUG, "SAE: No password available");
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
|
2019-09-06 14:51:37 +02:00
|
|
|
if (update && use_pt &&
|
2023-05-22 21:34:07 +02:00
|
|
|
sae_prepare_commit_pt(sta->sae, pt, own_addr, sta->addr,
|
2020-05-30 22:30:42 +02:00
|
|
|
NULL, pk) < 0)
|
2019-09-06 14:51:37 +02:00
|
|
|
return NULL;
|
|
|
|
|
|
|
|
if (update && !use_pt &&
|
2023-05-22 21:34:07 +02:00
|
|
|
sae_prepare_commit(own_addr, sta->addr,
|
2021-04-09 21:17:29 +02:00
|
|
|
(u8 *) password, os_strlen(password),
|
2012-12-30 21:06:11 +01:00
|
|
|
sta->sae) < 0) {
|
|
|
|
wpa_printf(MSG_DEBUG, "SAE: Could not pick PWE");
|
2012-10-06 18:30:54 +02:00
|
|
|
return NULL;
|
2012-12-30 21:06:11 +01:00
|
|
|
}
|
2012-10-06 18:30:54 +02:00
|
|
|
|
2019-02-17 16:22:37 +01:00
|
|
|
if (pw && pw->vlan_id) {
|
|
|
|
if (!sta->sae->tmp) {
|
|
|
|
wpa_printf(MSG_INFO,
|
|
|
|
"SAE: No temporary data allocated - cannot store VLAN ID");
|
|
|
|
return NULL;
|
|
|
|
}
|
|
|
|
sta->sae->tmp->vlan_id = pw->vlan_id;
|
|
|
|
}
|
|
|
|
|
2018-05-19 16:28:01 +02:00
|
|
|
buf = wpabuf_alloc(SAE_COMMIT_MAX_LEN +
|
|
|
|
(rx_id ? 3 + os_strlen(rx_id) : 0));
|
2020-03-08 15:59:42 +01:00
|
|
|
if (buf &&
|
|
|
|
sae_write_commit(sta->sae, buf, sta->sae->tmp ?
|
|
|
|
sta->sae->tmp->anti_clogging_token : NULL,
|
|
|
|
rx_id) < 0) {
|
|
|
|
wpabuf_free(buf);
|
|
|
|
buf = NULL;
|
|
|
|
}
|
2012-10-06 18:30:54 +02:00
|
|
|
|
|
|
|
return buf;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static struct wpabuf * auth_build_sae_confirm(struct hostapd_data *hapd,
|
|
|
|
struct sta_info *sta)
|
|
|
|
{
|
|
|
|
struct wpabuf *buf;
|
|
|
|
|
2012-12-30 21:28:57 +01:00
|
|
|
buf = wpabuf_alloc(SAE_CONFIRM_MAX_LEN);
|
2012-10-06 18:30:54 +02:00
|
|
|
if (buf == NULL)
|
|
|
|
return NULL;
|
|
|
|
|
2020-06-08 13:00:28 +02:00
|
|
|
#ifdef CONFIG_SAE_PK
|
|
|
|
#ifdef CONFIG_TESTING_OPTIONS
|
|
|
|
if (sta->sae->tmp)
|
|
|
|
sta->sae->tmp->omit_pk_elem = hapd->conf->sae_pk_omit;
|
|
|
|
#endif /* CONFIG_TESTING_OPTIONS */
|
|
|
|
#endif /* CONFIG_SAE_PK */
|
|
|
|
|
2020-05-30 22:30:42 +02:00
|
|
|
if (sae_write_confirm(sta->sae, buf) < 0) {
|
|
|
|
wpabuf_free(buf);
|
|
|
|
return NULL;
|
|
|
|
}
|
2012-10-06 18:30:54 +02:00
|
|
|
|
|
|
|
return buf;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2014-09-01 06:23:30 +02:00
|
|
|
static int auth_sae_send_commit(struct hostapd_data *hapd,
|
|
|
|
struct sta_info *sta,
|
2019-10-25 14:54:11 +02:00
|
|
|
const u8 *bssid, int update, int status_code)
|
2014-09-01 06:23:30 +02:00
|
|
|
{
|
|
|
|
struct wpabuf *data;
|
2016-02-16 10:54:32 +01:00
|
|
|
int reply_res;
|
2019-09-06 14:51:37 +02:00
|
|
|
u16 status;
|
2014-09-01 06:23:30 +02:00
|
|
|
|
2019-10-25 14:54:11 +02:00
|
|
|
data = auth_build_sae_commit(hapd, sta, update, status_code);
|
2018-05-19 16:28:01 +02:00
|
|
|
if (!data && sta->sae->tmp && sta->sae->tmp->pw_id)
|
|
|
|
return WLAN_STATUS_UNKNOWN_PASSWORD_IDENTIFIER;
|
2014-09-01 06:23:30 +02:00
|
|
|
if (data == NULL)
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
|
2020-06-06 11:08:37 +02:00
|
|
|
if (sta->sae->tmp && sta->sae->pk)
|
2020-05-30 22:30:42 +02:00
|
|
|
status = WLAN_STATUS_SAE_PK;
|
2020-06-06 11:08:37 +02:00
|
|
|
else if (sta->sae->tmp && sta->sae->h2e)
|
2020-05-30 22:30:42 +02:00
|
|
|
status = WLAN_STATUS_SAE_HASH_TO_ELEMENT;
|
|
|
|
else
|
|
|
|
status = WLAN_STATUS_SUCCESS;
|
2020-06-08 13:00:28 +02:00
|
|
|
#ifdef CONFIG_TESTING_OPTIONS
|
|
|
|
if (hapd->conf->sae_commit_status >= 0 &&
|
|
|
|
hapd->conf->sae_commit_status != status) {
|
|
|
|
wpa_printf(MSG_INFO,
|
|
|
|
"TESTING: Override SAE commit status code %u --> %d",
|
|
|
|
status, hapd->conf->sae_commit_status);
|
|
|
|
status = hapd->conf->sae_commit_status;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_TESTING_OPTIONS */
|
2020-01-08 19:52:26 +01:00
|
|
|
reply_res = send_auth_reply(hapd, sta, sta->addr, bssid,
|
|
|
|
WLAN_AUTH_SAE, 1,
|
2019-09-06 14:51:37 +02:00
|
|
|
status, wpabuf_head(data),
|
2017-12-07 18:14:49 +01:00
|
|
|
wpabuf_len(data), "sae-send-commit");
|
2014-09-01 06:23:30 +02:00
|
|
|
|
|
|
|
wpabuf_free(data);
|
|
|
|
|
2016-02-16 10:54:32 +01:00
|
|
|
return reply_res;
|
2014-09-01 06:23:30 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int auth_sae_send_confirm(struct hostapd_data *hapd,
|
|
|
|
struct sta_info *sta,
|
|
|
|
const u8 *bssid)
|
|
|
|
{
|
|
|
|
struct wpabuf *data;
|
2016-02-16 10:54:32 +01:00
|
|
|
int reply_res;
|
2014-09-01 06:23:30 +02:00
|
|
|
|
|
|
|
data = auth_build_sae_confirm(hapd, sta);
|
|
|
|
if (data == NULL)
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
|
2020-01-08 19:52:26 +01:00
|
|
|
reply_res = send_auth_reply(hapd, sta, sta->addr, bssid,
|
|
|
|
WLAN_AUTH_SAE, 2,
|
2016-02-16 10:54:32 +01:00
|
|
|
WLAN_STATUS_SUCCESS, wpabuf_head(data),
|
2017-12-07 18:14:49 +01:00
|
|
|
wpabuf_len(data), "sae-send-confirm");
|
2014-09-01 06:23:30 +02:00
|
|
|
|
|
|
|
wpabuf_free(data);
|
|
|
|
|
2016-02-16 10:54:32 +01:00
|
|
|
return reply_res;
|
2014-09-01 06:23:30 +02:00
|
|
|
}
|
|
|
|
|
2021-03-15 13:57:06 +01:00
|
|
|
#endif /* CONFIG_SAE */
|
|
|
|
|
|
|
|
|
|
|
|
#if defined(CONFIG_SAE) || defined(CONFIG_PASN)
|
2014-09-01 06:23:30 +02:00
|
|
|
|
2021-03-15 13:57:05 +01:00
|
|
|
static int use_anti_clogging(struct hostapd_data *hapd)
|
2012-12-31 15:58:36 +01:00
|
|
|
{
|
|
|
|
struct sta_info *sta;
|
|
|
|
unsigned int open = 0;
|
|
|
|
|
2021-03-15 13:57:05 +01:00
|
|
|
if (hapd->conf->anti_clogging_threshold == 0)
|
2012-12-31 15:58:36 +01:00
|
|
|
return 1;
|
|
|
|
|
|
|
|
for (sta = hapd->sta_list; sta; sta = sta->next) {
|
2021-03-15 13:57:06 +01:00
|
|
|
#ifdef CONFIG_SAE
|
2021-03-21 12:55:08 +01:00
|
|
|
if (sta->sae &&
|
|
|
|
(sta->sae->state == SAE_COMMITTED ||
|
|
|
|
sta->sae->state == SAE_CONFIRMED))
|
|
|
|
open++;
|
2021-03-15 13:57:06 +01:00
|
|
|
#endif /* CONFIG_SAE */
|
2021-03-21 12:55:08 +01:00
|
|
|
#ifdef CONFIG_PASN
|
|
|
|
if (sta->pasn && sta->pasn->ecdh)
|
|
|
|
open++;
|
|
|
|
#endif /* CONFIG_PASN */
|
2021-03-15 13:57:05 +01:00
|
|
|
if (open >= hapd->conf->anti_clogging_threshold)
|
2012-12-31 15:58:36 +01:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
2021-03-15 13:57:06 +01:00
|
|
|
#ifdef CONFIG_SAE
|
2019-03-01 18:54:51 +01:00
|
|
|
/* In addition to already existing open SAE sessions, check whether
|
|
|
|
* there are enough pending commit messages in the processing queue to
|
|
|
|
* potentially result in too many open sessions. */
|
|
|
|
if (open + dl_list_len(&hapd->sae_commit_queue) >=
|
2021-03-15 13:57:05 +01:00
|
|
|
hapd->conf->anti_clogging_threshold)
|
2019-03-01 18:54:51 +01:00
|
|
|
return 1;
|
2021-03-15 13:57:06 +01:00
|
|
|
#endif /* CONFIG_SAE */
|
2019-03-01 18:54:51 +01:00
|
|
|
|
2012-12-31 15:58:36 +01:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2021-03-15 13:57:06 +01:00
|
|
|
#endif /* defined(CONFIG_SAE) || defined(CONFIG_PASN) */
|
|
|
|
|
|
|
|
|
|
|
|
#ifdef CONFIG_SAE
|
2012-12-31 15:58:36 +01:00
|
|
|
|
2017-12-26 11:46:22 +01:00
|
|
|
static int sae_check_big_sync(struct hostapd_data *hapd, struct sta_info *sta)
|
2015-01-07 07:10:57 +01:00
|
|
|
{
|
2017-12-26 11:46:22 +01:00
|
|
|
if (sta->sae->sync > hapd->conf->sae_sync) {
|
2017-12-26 23:07:42 +01:00
|
|
|
sae_set_state(sta, SAE_NOTHING, "Sync > dot11RSNASAESync");
|
2015-01-07 07:10:57 +01:00
|
|
|
sta->sae->sync = 0;
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void auth_sae_retransmit_timer(void *eloop_ctx, void *eloop_data)
|
|
|
|
{
|
|
|
|
struct hostapd_data *hapd = eloop_ctx;
|
|
|
|
struct sta_info *sta = eloop_data;
|
|
|
|
int ret;
|
|
|
|
|
2017-12-26 11:46:22 +01:00
|
|
|
if (sae_check_big_sync(hapd, sta))
|
2015-01-07 07:10:57 +01:00
|
|
|
return;
|
|
|
|
sta->sae->sync++;
|
2016-05-30 20:14:08 +02:00
|
|
|
wpa_printf(MSG_DEBUG, "SAE: Auth SAE retransmit timer for " MACSTR
|
2017-12-26 23:07:42 +01:00
|
|
|
" (sync=%d state=%s)",
|
|
|
|
MAC2STR(sta->addr), sta->sae->sync,
|
|
|
|
sae_state_txt(sta->sae->state));
|
2015-01-07 07:10:57 +01:00
|
|
|
|
|
|
|
switch (sta->sae->state) {
|
|
|
|
case SAE_COMMITTED:
|
2019-10-25 14:54:11 +02:00
|
|
|
ret = auth_sae_send_commit(hapd, sta, hapd->own_addr, 0, -1);
|
2015-07-08 15:41:36 +02:00
|
|
|
eloop_register_timeout(0,
|
|
|
|
hapd->dot11RSNASAERetransPeriod * 1000,
|
2015-01-07 07:10:57 +01:00
|
|
|
auth_sae_retransmit_timer, hapd, sta);
|
|
|
|
break;
|
|
|
|
case SAE_CONFIRMED:
|
|
|
|
ret = auth_sae_send_confirm(hapd, sta, hapd->own_addr);
|
2015-07-08 15:41:36 +02:00
|
|
|
eloop_register_timeout(0,
|
|
|
|
hapd->dot11RSNASAERetransPeriod * 1000,
|
2015-01-07 07:10:57 +01:00
|
|
|
auth_sae_retransmit_timer, hapd, sta);
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
ret = -1;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (ret != WLAN_STATUS_SUCCESS)
|
|
|
|
wpa_printf(MSG_INFO, "SAE: Failed to retransmit: ret=%d", ret);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void sae_clear_retransmit_timer(struct hostapd_data *hapd, struct sta_info *sta)
|
|
|
|
{
|
|
|
|
eloop_cancel_timeout(auth_sae_retransmit_timer, hapd, sta);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void sae_set_retransmit_timer(struct hostapd_data *hapd,
|
|
|
|
struct sta_info *sta)
|
|
|
|
{
|
|
|
|
if (!(hapd->conf->mesh & MESH_ENABLED))
|
|
|
|
return;
|
|
|
|
|
|
|
|
eloop_cancel_timeout(auth_sae_retransmit_timer, hapd, sta);
|
2015-07-08 15:41:36 +02:00
|
|
|
eloop_register_timeout(0, hapd->dot11RSNASAERetransPeriod * 1000,
|
2015-01-07 07:10:57 +01:00
|
|
|
auth_sae_retransmit_timer, hapd, sta);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2019-03-18 10:34:04 +01:00
|
|
|
static void sae_sme_send_external_auth_status(struct hostapd_data *hapd,
|
|
|
|
struct sta_info *sta, u16 status)
|
|
|
|
{
|
|
|
|
struct external_auth params;
|
|
|
|
|
|
|
|
os_memset(¶ms, 0, sizeof(params));
|
|
|
|
params.status = status;
|
2023-04-17 16:04:44 +02:00
|
|
|
|
|
|
|
#ifdef CONFIG_IEEE80211BE
|
2024-01-21 17:45:28 +01:00
|
|
|
if (ap_sta_is_mld(hapd, sta))
|
2023-04-17 16:04:44 +02:00
|
|
|
params.bssid =
|
|
|
|
sta->mld_info.links[sta->mld_assoc_link_id].peer_addr;
|
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
|
|
|
if (!params.bssid)
|
|
|
|
params.bssid = sta->addr;
|
|
|
|
|
2019-05-16 11:31:14 +02:00
|
|
|
if (status == WLAN_STATUS_SUCCESS && sta->sae &&
|
|
|
|
!hapd->conf->disable_pmksa_caching)
|
2019-03-18 10:34:04 +01:00
|
|
|
params.pmkid = sta->sae->pmkid;
|
|
|
|
|
|
|
|
hostapd_drv_send_external_auth_status(hapd, ¶ms);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2016-03-09 10:16:14 +01:00
|
|
|
void sae_accept_sta(struct hostapd_data *hapd, struct sta_info *sta)
|
|
|
|
{
|
2019-02-17 16:22:37 +01:00
|
|
|
#ifndef CONFIG_NO_VLAN
|
|
|
|
struct vlan_description vlan_desc;
|
|
|
|
|
|
|
|
if (sta->sae->tmp && sta->sae->tmp->vlan_id > 0) {
|
|
|
|
wpa_printf(MSG_DEBUG, "SAE: Assign STA " MACSTR
|
|
|
|
" to VLAN ID %d",
|
|
|
|
MAC2STR(sta->addr), sta->sae->tmp->vlan_id);
|
|
|
|
|
2023-11-29 10:27:42 +01:00
|
|
|
if (!(hapd->iface->drv_flags & WPA_DRIVER_FLAGS_VLAN_OFFLOAD)) {
|
|
|
|
os_memset(&vlan_desc, 0, sizeof(vlan_desc));
|
|
|
|
vlan_desc.notempty = 1;
|
|
|
|
vlan_desc.untagged = sta->sae->tmp->vlan_id;
|
|
|
|
if (!hostapd_vlan_valid(hapd->conf->vlan, &vlan_desc)) {
|
|
|
|
wpa_printf(MSG_INFO,
|
|
|
|
"Invalid VLAN ID %d in sae_password",
|
|
|
|
sta->sae->tmp->vlan_id);
|
|
|
|
return;
|
|
|
|
}
|
2019-02-17 16:22:37 +01:00
|
|
|
|
2023-11-29 10:27:42 +01:00
|
|
|
if (ap_sta_set_vlan(hapd, sta, &vlan_desc) < 0 ||
|
|
|
|
ap_sta_bind_vlan(hapd, sta) < 0) {
|
|
|
|
wpa_printf(MSG_INFO,
|
|
|
|
"Failed to assign VLAN ID %d from sae_password to "
|
|
|
|
MACSTR, sta->sae->tmp->vlan_id,
|
|
|
|
MAC2STR(sta->addr));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
sta->vlan_id = sta->sae->tmp->vlan_id;
|
2019-02-17 16:22:37 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_NO_VLAN */
|
|
|
|
|
2016-03-09 10:16:14 +01:00
|
|
|
sta->flags |= WLAN_STA_AUTH;
|
|
|
|
sta->auth_alg = WLAN_AUTH_SAE;
|
|
|
|
mlme_authenticate_indication(hapd, sta);
|
|
|
|
wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
|
2017-12-26 23:07:42 +01:00
|
|
|
sae_set_state(sta, SAE_ACCEPTED, "Accept Confirm");
|
2020-02-05 01:06:27 +01:00
|
|
|
crypto_bignum_deinit(sta->sae->peer_commit_scalar_accepted, 0);
|
|
|
|
sta->sae->peer_commit_scalar_accepted = sta->sae->peer_commit_scalar;
|
|
|
|
sta->sae->peer_commit_scalar = NULL;
|
2016-03-09 10:16:14 +01:00
|
|
|
wpa_auth_pmksa_add_sae(hapd->wpa_auth, sta->addr,
|
2022-07-24 21:15:52 +02:00
|
|
|
sta->sae->pmk, sta->sae->pmk_len,
|
|
|
|
sta->sae->pmkid, sta->sae->akmp);
|
2019-03-18 10:34:04 +01:00
|
|
|
sae_sme_send_external_auth_status(hapd, sta, WLAN_STATUS_SUCCESS);
|
2016-03-09 10:16:14 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2014-09-01 06:23:30 +02:00
|
|
|
static int sae_sm_step(struct hostapd_data *hapd, struct sta_info *sta,
|
2019-09-06 14:51:37 +02:00
|
|
|
const u8 *bssid, u16 auth_transaction, u16 status_code,
|
|
|
|
int allow_reuse, int *sta_removed)
|
2014-09-01 06:23:30 +02:00
|
|
|
{
|
|
|
|
int ret;
|
|
|
|
|
2019-04-15 21:09:12 +02:00
|
|
|
*sta_removed = 0;
|
|
|
|
|
2014-09-01 06:23:30 +02:00
|
|
|
if (auth_transaction != 1 && auth_transaction != 2)
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
|
2017-12-26 23:07:42 +01:00
|
|
|
wpa_printf(MSG_DEBUG, "SAE: Peer " MACSTR " state=%s auth_trans=%u",
|
|
|
|
MAC2STR(sta->addr), sae_state_txt(sta->sae->state),
|
|
|
|
auth_transaction);
|
2014-09-01 06:23:30 +02:00
|
|
|
switch (sta->sae->state) {
|
|
|
|
case SAE_NOTHING:
|
|
|
|
if (auth_transaction == 1) {
|
2020-05-30 22:30:42 +02:00
|
|
|
if (sta->sae->tmp) {
|
2020-06-06 11:08:37 +02:00
|
|
|
sta->sae->h2e =
|
2020-05-30 22:30:42 +02:00
|
|
|
(status_code ==
|
|
|
|
WLAN_STATUS_SAE_HASH_TO_ELEMENT ||
|
|
|
|
status_code == WLAN_STATUS_SAE_PK);
|
2020-06-06 11:08:37 +02:00
|
|
|
sta->sae->pk =
|
2020-05-30 22:30:42 +02:00
|
|
|
status_code == WLAN_STATUS_SAE_PK;
|
|
|
|
}
|
2019-03-03 15:56:14 +01:00
|
|
|
ret = auth_sae_send_commit(hapd, sta, bssid,
|
2019-10-25 14:54:11 +02:00
|
|
|
!allow_reuse, status_code);
|
2014-09-01 06:23:30 +02:00
|
|
|
if (ret)
|
|
|
|
return ret;
|
2017-12-26 23:07:42 +01:00
|
|
|
sae_set_state(sta, SAE_COMMITTED, "Sent Commit");
|
2014-09-01 06:23:30 +02:00
|
|
|
|
|
|
|
if (sae_process_commit(sta->sae) < 0)
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
|
|
|
|
/*
|
2019-10-10 14:38:26 +02:00
|
|
|
* In mesh case, both Commit and Confirm are sent
|
|
|
|
* immediately. In infrastructure BSS, by default, only
|
|
|
|
* a single Authentication frame (Commit) is expected
|
|
|
|
* from the AP here and the second one (Confirm) will
|
|
|
|
* be sent once the STA has sent its second
|
|
|
|
* Authentication frame (Confirm). This behavior can be
|
|
|
|
* overridden with explicit configuration so that the
|
|
|
|
* infrastructure BSS case sends both frames together.
|
2014-09-01 06:23:30 +02:00
|
|
|
*/
|
2019-10-10 14:38:26 +02:00
|
|
|
if ((hapd->conf->mesh & MESH_ENABLED) ||
|
|
|
|
hapd->conf->sae_confirm_immediate) {
|
2014-09-01 06:23:30 +02:00
|
|
|
/*
|
|
|
|
* Send both Commit and Confirm immediately
|
|
|
|
* based on SAE finite state machine
|
|
|
|
* Nothing -> Confirm transition.
|
|
|
|
*/
|
|
|
|
ret = auth_sae_send_confirm(hapd, sta, bssid);
|
|
|
|
if (ret)
|
|
|
|
return ret;
|
2017-12-26 23:07:42 +01:00
|
|
|
sae_set_state(sta, SAE_CONFIRMED,
|
|
|
|
"Sent Confirm (mesh)");
|
2014-09-01 06:23:30 +02:00
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* For infrastructure BSS, send only the Commit
|
|
|
|
* message now to get alternating sequence of
|
|
|
|
* Authentication frames between the AP and STA.
|
|
|
|
* Confirm will be sent in
|
2016-09-30 12:06:36 +02:00
|
|
|
* Committed -> Confirmed/Accepted transition
|
2014-09-01 06:23:30 +02:00
|
|
|
* when receiving Confirm from STA.
|
|
|
|
*/
|
|
|
|
}
|
2015-01-07 07:10:57 +01:00
|
|
|
sta->sae->sync = 0;
|
|
|
|
sae_set_retransmit_timer(hapd, sta);
|
2014-09-01 06:23:30 +02:00
|
|
|
} else {
|
|
|
|
hostapd_logger(hapd, sta->addr,
|
|
|
|
HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
|
|
|
"SAE confirm before commit");
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
case SAE_COMMITTED:
|
2015-01-07 07:10:57 +01:00
|
|
|
sae_clear_retransmit_timer(hapd, sta);
|
2014-09-01 06:23:30 +02:00
|
|
|
if (auth_transaction == 1) {
|
|
|
|
if (sae_process_commit(sta->sae) < 0)
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
|
|
|
|
ret = auth_sae_send_confirm(hapd, sta, bssid);
|
|
|
|
if (ret)
|
|
|
|
return ret;
|
2017-12-26 23:07:42 +01:00
|
|
|
sae_set_state(sta, SAE_CONFIRMED, "Sent Confirm");
|
2015-01-07 07:10:57 +01:00
|
|
|
sta->sae->sync = 0;
|
|
|
|
sae_set_retransmit_timer(hapd, sta);
|
2014-09-01 06:23:30 +02:00
|
|
|
} else if (hapd->conf->mesh & MESH_ENABLED) {
|
|
|
|
/*
|
|
|
|
* In mesh case, follow SAE finite state machine and
|
2015-01-07 07:10:57 +01:00
|
|
|
* send Commit now, if sync count allows.
|
2014-09-01 06:23:30 +02:00
|
|
|
*/
|
2017-12-26 11:46:22 +01:00
|
|
|
if (sae_check_big_sync(hapd, sta))
|
2015-01-07 07:10:57 +01:00
|
|
|
return WLAN_STATUS_SUCCESS;
|
|
|
|
sta->sae->sync++;
|
|
|
|
|
2019-10-25 14:54:11 +02:00
|
|
|
ret = auth_sae_send_commit(hapd, sta, bssid, 0,
|
|
|
|
status_code);
|
2014-09-01 06:23:30 +02:00
|
|
|
if (ret)
|
|
|
|
return ret;
|
2015-01-07 07:10:57 +01:00
|
|
|
|
|
|
|
sae_set_retransmit_timer(hapd, sta);
|
2014-09-01 06:23:30 +02:00
|
|
|
} else {
|
|
|
|
/*
|
|
|
|
* For instructure BSS, send the postponed Confirm from
|
|
|
|
* Nothing -> Confirmed transition that was reduced to
|
|
|
|
* Nothing -> Committed above.
|
|
|
|
*/
|
|
|
|
ret = auth_sae_send_confirm(hapd, sta, bssid);
|
|
|
|
if (ret)
|
|
|
|
return ret;
|
|
|
|
|
2017-12-26 23:07:42 +01:00
|
|
|
sae_set_state(sta, SAE_CONFIRMED, "Sent Confirm");
|
2014-09-01 06:23:30 +02:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Since this was triggered on Confirm RX, run another
|
|
|
|
* step to get to Accepted without waiting for
|
|
|
|
* additional events.
|
|
|
|
*/
|
2019-03-03 15:56:14 +01:00
|
|
|
return sae_sm_step(hapd, sta, bssid, auth_transaction,
|
2019-09-06 14:51:37 +02:00
|
|
|
WLAN_STATUS_SUCCESS, 0, sta_removed);
|
2014-09-01 06:23:30 +02:00
|
|
|
}
|
|
|
|
break;
|
|
|
|
case SAE_CONFIRMED:
|
2015-01-07 07:10:57 +01:00
|
|
|
sae_clear_retransmit_timer(hapd, sta);
|
2014-09-01 06:23:30 +02:00
|
|
|
if (auth_transaction == 1) {
|
2017-12-26 11:46:22 +01:00
|
|
|
if (sae_check_big_sync(hapd, sta))
|
2015-01-07 07:10:57 +01:00
|
|
|
return WLAN_STATUS_SUCCESS;
|
|
|
|
sta->sae->sync++;
|
|
|
|
|
2019-10-25 14:54:11 +02:00
|
|
|
ret = auth_sae_send_commit(hapd, sta, bssid, 1,
|
|
|
|
status_code);
|
2014-09-01 06:23:30 +02:00
|
|
|
if (ret)
|
|
|
|
return ret;
|
|
|
|
|
|
|
|
if (sae_process_commit(sta->sae) < 0)
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
|
|
|
|
ret = auth_sae_send_confirm(hapd, sta, bssid);
|
|
|
|
if (ret)
|
|
|
|
return ret;
|
2015-01-07 07:10:57 +01:00
|
|
|
|
|
|
|
sae_set_retransmit_timer(hapd, sta);
|
2014-09-01 06:23:30 +02:00
|
|
|
} else {
|
2017-12-27 11:17:44 +01:00
|
|
|
sta->sae->send_confirm = 0xffff;
|
2016-03-09 10:16:14 +01:00
|
|
|
sae_accept_sta(hapd, sta);
|
2014-09-01 06:23:30 +02:00
|
|
|
}
|
|
|
|
break;
|
|
|
|
case SAE_ACCEPTED:
|
2018-06-06 00:22:01 +02:00
|
|
|
if (auth_transaction == 1 &&
|
|
|
|
(hapd->conf->mesh & MESH_ENABLED)) {
|
2014-09-01 06:23:30 +02:00
|
|
|
wpa_printf(MSG_DEBUG, "SAE: remove the STA (" MACSTR
|
|
|
|
") doing reauthentication",
|
|
|
|
MAC2STR(sta->addr));
|
2016-03-09 10:16:14 +01:00
|
|
|
wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr);
|
2019-04-15 20:57:58 +02:00
|
|
|
ap_free_sta(hapd, sta);
|
2019-04-15 21:09:12 +02:00
|
|
|
*sta_removed = 1;
|
2018-06-06 00:22:01 +02:00
|
|
|
} else if (auth_transaction == 1) {
|
|
|
|
wpa_printf(MSG_DEBUG, "SAE: Start reauthentication");
|
2019-10-25 14:54:11 +02:00
|
|
|
ret = auth_sae_send_commit(hapd, sta, bssid, 1,
|
|
|
|
status_code);
|
2018-06-06 00:22:01 +02:00
|
|
|
if (ret)
|
|
|
|
return ret;
|
|
|
|
sae_set_state(sta, SAE_COMMITTED, "Sent Commit");
|
|
|
|
|
|
|
|
if (sae_process_commit(sta->sae) < 0)
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
sta->sae->sync = 0;
|
|
|
|
sae_set_retransmit_timer(hapd, sta);
|
2014-09-01 06:23:30 +02:00
|
|
|
} else {
|
2017-12-26 11:46:22 +01:00
|
|
|
if (sae_check_big_sync(hapd, sta))
|
2015-01-07 07:10:57 +01:00
|
|
|
return WLAN_STATUS_SUCCESS;
|
|
|
|
sta->sae->sync++;
|
|
|
|
|
2014-09-01 06:23:30 +02:00
|
|
|
ret = auth_sae_send_confirm(hapd, sta, bssid);
|
|
|
|
sae_clear_temp_data(sta->sae);
|
|
|
|
if (ret)
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
wpa_printf(MSG_ERROR, "SAE: invalid state %d",
|
|
|
|
sta->sae->state);
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
}
|
|
|
|
return WLAN_STATUS_SUCCESS;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2016-05-30 20:14:08 +02:00
|
|
|
static void sae_pick_next_group(struct hostapd_data *hapd, struct sta_info *sta)
|
|
|
|
{
|
|
|
|
struct sae_data *sae = sta->sae;
|
|
|
|
int i, *groups = hapd->conf->sae_groups;
|
2019-03-05 16:18:11 +01:00
|
|
|
int default_groups[] = { 19, 0 };
|
2016-05-30 20:14:08 +02:00
|
|
|
|
|
|
|
if (sae->state != SAE_COMMITTED)
|
|
|
|
return;
|
|
|
|
|
|
|
|
wpa_printf(MSG_DEBUG, "SAE: Previously selected group: %d", sae->group);
|
|
|
|
|
2019-03-05 16:18:11 +01:00
|
|
|
if (!groups)
|
|
|
|
groups = default_groups;
|
|
|
|
for (i = 0; groups[i] > 0; i++) {
|
2016-05-30 20:14:08 +02:00
|
|
|
if (sae->group == groups[i])
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2019-03-05 16:18:11 +01:00
|
|
|
if (groups[i] <= 0) {
|
2016-05-30 20:14:08 +02:00
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"SAE: Previously selected group not found from the current configuration");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
for (;;) {
|
|
|
|
i++;
|
|
|
|
if (groups[i] <= 0) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"SAE: No alternative group enabled");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (sae_set_group(sae, groups[i]) < 0)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
wpa_printf(MSG_DEBUG, "SAE: Selected new group: %d", groups[i]);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2019-09-06 14:51:37 +02:00
|
|
|
static int sae_status_success(struct hostapd_data *hapd, u16 status_code)
|
|
|
|
{
|
2022-11-29 19:36:15 +01:00
|
|
|
enum sae_pwe sae_pwe = hapd->conf->sae_pwe;
|
2020-01-20 20:15:04 +01:00
|
|
|
int id_in_use;
|
2020-10-19 22:35:00 +02:00
|
|
|
bool sae_pk = false;
|
2020-01-20 20:15:04 +01:00
|
|
|
|
|
|
|
id_in_use = hostapd_sae_pw_id_in_use(hapd->conf);
|
2022-11-29 19:36:15 +01:00
|
|
|
if (id_in_use == 2 && sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK)
|
|
|
|
sae_pwe = SAE_PWE_HASH_TO_ELEMENT;
|
|
|
|
else if (id_in_use == 1 && sae_pwe == SAE_PWE_HUNT_AND_PECK)
|
|
|
|
sae_pwe = SAE_PWE_BOTH;
|
2020-05-30 22:30:42 +02:00
|
|
|
#ifdef CONFIG_SAE_PK
|
2020-10-19 22:35:00 +02:00
|
|
|
sae_pk = hostapd_sae_pk_in_use(hapd->conf);
|
2022-11-29 19:36:15 +01:00
|
|
|
if (sae_pwe == SAE_PWE_HUNT_AND_PECK && sae_pk)
|
|
|
|
sae_pwe = SAE_PWE_BOTH;
|
2020-05-30 22:30:42 +02:00
|
|
|
#endif /* CONFIG_SAE_PK */
|
2022-11-29 19:36:15 +01:00
|
|
|
if (sae_pwe == SAE_PWE_HUNT_AND_PECK &&
|
2022-07-24 21:20:58 +02:00
|
|
|
(hapd->conf->wpa_key_mgmt &
|
|
|
|
(WPA_KEY_MGMT_SAE_EXT_KEY | WPA_KEY_MGMT_FT_SAE_EXT_KEY)))
|
2022-11-29 19:36:15 +01:00
|
|
|
sae_pwe = SAE_PWE_BOTH;
|
2020-01-20 20:15:04 +01:00
|
|
|
|
2022-11-29 19:36:15 +01:00
|
|
|
return ((sae_pwe == SAE_PWE_HUNT_AND_PECK ||
|
|
|
|
sae_pwe == SAE_PWE_FORCE_HUNT_AND_PECK) &&
|
2019-09-06 14:51:37 +02:00
|
|
|
status_code == WLAN_STATUS_SUCCESS) ||
|
2022-11-29 19:36:15 +01:00
|
|
|
(sae_pwe == SAE_PWE_HASH_TO_ELEMENT &&
|
2020-05-30 22:30:42 +02:00
|
|
|
(status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT ||
|
2020-10-19 22:35:00 +02:00
|
|
|
(sae_pk && status_code == WLAN_STATUS_SAE_PK))) ||
|
2022-11-29 19:36:15 +01:00
|
|
|
(sae_pwe == SAE_PWE_BOTH &&
|
2019-09-06 14:51:37 +02:00
|
|
|
(status_code == WLAN_STATUS_SUCCESS ||
|
2020-05-30 22:30:42 +02:00
|
|
|
status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT ||
|
2020-10-19 22:35:00 +02:00
|
|
|
(sae_pk && status_code == WLAN_STATUS_SAE_PK)));
|
2019-09-06 14:51:37 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2019-09-06 14:51:37 +02:00
|
|
|
static int sae_is_group_enabled(struct hostapd_data *hapd, int group)
|
|
|
|
{
|
|
|
|
int *groups = hapd->conf->sae_groups;
|
|
|
|
int default_groups[] = { 19, 0 };
|
|
|
|
int i;
|
|
|
|
|
|
|
|
if (!groups)
|
|
|
|
groups = default_groups;
|
|
|
|
|
|
|
|
for (i = 0; groups[i] > 0; i++) {
|
|
|
|
if (groups[i] == group)
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int check_sae_rejected_groups(struct hostapd_data *hapd,
|
2020-06-09 21:32:38 +02:00
|
|
|
struct sae_data *sae)
|
2019-09-06 14:51:37 +02:00
|
|
|
{
|
2020-05-30 22:30:42 +02:00
|
|
|
const struct wpabuf *groups;
|
2019-09-06 14:51:37 +02:00
|
|
|
size_t i, count;
|
|
|
|
const u8 *pos;
|
|
|
|
|
2020-05-30 22:30:42 +02:00
|
|
|
if (!sae->tmp)
|
|
|
|
return 0;
|
|
|
|
groups = sae->tmp->peer_rejected_groups;
|
2019-09-06 14:51:37 +02:00
|
|
|
if (!groups)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
pos = wpabuf_head(groups);
|
|
|
|
count = wpabuf_len(groups) / 2;
|
|
|
|
for (i = 0; i < count; i++) {
|
|
|
|
int enabled;
|
|
|
|
u16 group;
|
|
|
|
|
|
|
|
group = WPA_GET_LE16(pos);
|
|
|
|
pos += 2;
|
|
|
|
enabled = sae_is_group_enabled(hapd, group);
|
2020-06-09 21:32:38 +02:00
|
|
|
wpa_printf(MSG_DEBUG, "SAE: Rejected group %u is %s",
|
|
|
|
group, enabled ? "enabled" : "disabled");
|
2019-09-06 14:51:37 +02:00
|
|
|
if (enabled)
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2012-09-30 18:51:07 +02:00
|
|
|
static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta,
|
|
|
|
const struct ieee80211_mgmt *mgmt, size_t len,
|
2014-12-14 22:52:02 +01:00
|
|
|
u16 auth_transaction, u16 status_code)
|
2012-09-30 18:51:07 +02:00
|
|
|
{
|
2016-02-16 10:54:32 +01:00
|
|
|
int resp = WLAN_STATUS_SUCCESS;
|
2012-12-30 20:54:16 +01:00
|
|
|
struct wpabuf *data = NULL;
|
2019-03-05 16:18:11 +01:00
|
|
|
int *groups = hapd->conf->sae_groups;
|
|
|
|
int default_groups[] = { 19, 0 };
|
2019-03-08 15:21:03 +01:00
|
|
|
const u8 *pos, *end;
|
2019-04-15 21:09:12 +02:00
|
|
|
int sta_removed = 0;
|
2021-02-08 03:49:17 +01:00
|
|
|
bool success_status;
|
2019-03-05 16:18:11 +01:00
|
|
|
|
|
|
|
if (!groups)
|
|
|
|
groups = default_groups;
|
2012-09-30 18:51:07 +02:00
|
|
|
|
2017-09-02 00:31:47 +02:00
|
|
|
#ifdef CONFIG_TESTING_OPTIONS
|
|
|
|
if (hapd->conf->sae_reflection_attack && auth_transaction == 1) {
|
|
|
|
wpa_printf(MSG_DEBUG, "SAE: TESTING - reflection attack");
|
|
|
|
pos = mgmt->u.auth.variable;
|
|
|
|
end = ((const u8 *) mgmt) + len;
|
2020-08-25 17:48:06 +02:00
|
|
|
resp = status_code;
|
2023-12-21 12:38:06 +01:00
|
|
|
send_auth_reply(hapd, sta, sta->addr, mgmt->bssid,
|
|
|
|
WLAN_AUTH_SAE,
|
2017-12-07 18:14:49 +01:00
|
|
|
auth_transaction, resp, pos, end - pos,
|
|
|
|
"auth-sae-reflection-attack");
|
2017-09-02 00:31:47 +02:00
|
|
|
goto remove_sta;
|
|
|
|
}
|
2017-09-02 00:52:15 +02:00
|
|
|
|
|
|
|
if (hapd->conf->sae_commit_override && auth_transaction == 1) {
|
|
|
|
wpa_printf(MSG_DEBUG, "SAE: TESTING - commit override");
|
2023-12-21 12:38:06 +01:00
|
|
|
send_auth_reply(hapd, sta, sta->addr, mgmt->bssid,
|
|
|
|
WLAN_AUTH_SAE,
|
2017-09-02 00:52:15 +02:00
|
|
|
auth_transaction, resp,
|
|
|
|
wpabuf_head(hapd->conf->sae_commit_override),
|
2017-12-07 18:14:49 +01:00
|
|
|
wpabuf_len(hapd->conf->sae_commit_override),
|
|
|
|
"sae-commit-override");
|
2017-09-02 00:52:15 +02:00
|
|
|
goto remove_sta;
|
|
|
|
}
|
2017-09-02 00:31:47 +02:00
|
|
|
#endif /* CONFIG_TESTING_OPTIONS */
|
2012-12-30 20:48:19 +01:00
|
|
|
if (!sta->sae) {
|
2016-02-16 10:54:32 +01:00
|
|
|
if (auth_transaction != 1 ||
|
2019-09-06 14:51:37 +02:00
|
|
|
!sae_status_success(hapd, status_code)) {
|
2019-12-06 16:26:57 +01:00
|
|
|
wpa_printf(MSG_DEBUG, "SAE: Unexpected Status Code %u",
|
|
|
|
status_code);
|
|
|
|
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto reply;
|
2016-02-16 10:54:32 +01:00
|
|
|
}
|
2012-12-30 20:48:19 +01:00
|
|
|
sta->sae = os_zalloc(sizeof(*sta->sae));
|
2016-02-16 10:54:32 +01:00
|
|
|
if (!sta->sae) {
|
|
|
|
resp = -1;
|
|
|
|
goto remove_sta;
|
|
|
|
}
|
2017-12-26 23:07:42 +01:00
|
|
|
sae_set_state(sta, SAE_NOTHING, "Init");
|
2015-01-07 07:10:57 +01:00
|
|
|
sta->sae->sync = 0;
|
2012-12-30 20:48:19 +01:00
|
|
|
}
|
|
|
|
|
2016-03-09 10:16:14 +01:00
|
|
|
if (sta->mesh_sae_pmksa_caching) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"SAE: Cancel use of mesh PMKSA caching because peer starts SAE authentication");
|
|
|
|
wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr);
|
|
|
|
sta->mesh_sae_pmksa_caching = 0;
|
|
|
|
}
|
|
|
|
|
2012-09-30 18:51:07 +02:00
|
|
|
if (auth_transaction == 1) {
|
2019-03-08 15:21:03 +01:00
|
|
|
const u8 *token = NULL;
|
2012-12-31 15:58:36 +01:00
|
|
|
size_t token_len = 0;
|
2019-03-03 15:56:14 +01:00
|
|
|
int allow_reuse = 0;
|
|
|
|
|
2012-09-30 18:51:07 +02:00
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
2019-04-18 20:03:21 +02:00
|
|
|
"start SAE authentication (RX commit, status=%u (%s))",
|
|
|
|
status_code, status2str(status_code));
|
2014-11-25 03:04:40 +01:00
|
|
|
|
|
|
|
if ((hapd->conf->mesh & MESH_ENABLED) &&
|
2014-12-14 22:52:02 +01:00
|
|
|
status_code == WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ &&
|
|
|
|
sta->sae->tmp) {
|
2014-11-25 03:04:41 +01:00
|
|
|
pos = mgmt->u.auth.variable;
|
|
|
|
end = ((const u8 *) mgmt) + len;
|
|
|
|
if (pos + sizeof(le16) > end) {
|
|
|
|
wpa_printf(MSG_ERROR,
|
|
|
|
"SAE: Too short anti-clogging token request");
|
|
|
|
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto reply;
|
|
|
|
}
|
2019-03-05 16:18:11 +01:00
|
|
|
resp = sae_group_allowed(sta->sae, groups,
|
2014-11-25 03:04:41 +01:00
|
|
|
WPA_GET_LE16(pos));
|
|
|
|
if (resp != WLAN_STATUS_SUCCESS) {
|
|
|
|
wpa_printf(MSG_ERROR,
|
|
|
|
"SAE: Invalid group in anti-clogging token request");
|
|
|
|
goto reply;
|
|
|
|
}
|
|
|
|
pos += sizeof(le16);
|
|
|
|
|
2014-11-25 03:04:40 +01:00
|
|
|
wpabuf_free(sta->sae->tmp->anti_clogging_token);
|
|
|
|
sta->sae->tmp->anti_clogging_token =
|
2014-11-25 03:04:41 +01:00
|
|
|
wpabuf_alloc_copy(pos, end - pos);
|
2014-11-25 03:04:40 +01:00
|
|
|
if (sta->sae->tmp->anti_clogging_token == NULL) {
|
|
|
|
wpa_printf(MSG_ERROR,
|
|
|
|
"SAE: Failed to alloc for anti-clogging token");
|
2016-02-16 10:54:32 +01:00
|
|
|
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto remove_sta;
|
2014-11-25 03:04:40 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* IEEE Std 802.11-2012, 11.3.8.6.4: If the Status code
|
|
|
|
* is 76, a new Commit Message shall be constructed
|
|
|
|
* with the Anti-Clogging Token from the received
|
|
|
|
* Authentication frame, and the commit-scalar and
|
|
|
|
* COMMIT-ELEMENT previously sent.
|
|
|
|
*/
|
2019-10-25 14:54:11 +02:00
|
|
|
resp = auth_sae_send_commit(hapd, sta, mgmt->bssid, 0,
|
|
|
|
status_code);
|
2016-02-16 10:54:32 +01:00
|
|
|
if (resp != WLAN_STATUS_SUCCESS) {
|
2014-11-25 03:04:40 +01:00
|
|
|
wpa_printf(MSG_ERROR,
|
|
|
|
"SAE: Failed to send commit message");
|
2016-02-16 10:54:32 +01:00
|
|
|
goto remove_sta;
|
2014-11-25 03:04:40 +01:00
|
|
|
}
|
2017-12-26 23:07:42 +01:00
|
|
|
sae_set_state(sta, SAE_COMMITTED,
|
|
|
|
"Sent Commit (anti-clogging token case in mesh)");
|
2015-01-07 07:10:57 +01:00
|
|
|
sta->sae->sync = 0;
|
|
|
|
sae_set_retransmit_timer(hapd, sta);
|
2014-11-25 03:04:40 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2016-05-30 20:14:08 +02:00
|
|
|
if ((hapd->conf->mesh & MESH_ENABLED) &&
|
|
|
|
status_code ==
|
|
|
|
WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED &&
|
|
|
|
sta->sae->tmp) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"SAE: Peer did not accept our SAE group");
|
|
|
|
sae_pick_next_group(hapd, sta);
|
|
|
|
goto remove_sta;
|
|
|
|
}
|
|
|
|
|
2019-09-06 14:51:37 +02:00
|
|
|
if (!sae_status_success(hapd, status_code))
|
2016-02-16 10:54:32 +01:00
|
|
|
goto remove_sta;
|
2014-12-14 22:52:02 +01:00
|
|
|
|
2018-06-20 12:04:31 +02:00
|
|
|
if (!(hapd->conf->mesh & MESH_ENABLED) &&
|
|
|
|
sta->sae->state == SAE_COMMITTED) {
|
|
|
|
/* This is needed in the infrastructure BSS case to
|
|
|
|
* address a sequence where a STA entry may remain in
|
|
|
|
* hostapd across two attempts to do SAE authentication
|
|
|
|
* by the same STA. The second attempt may end up trying
|
|
|
|
* to use a different group and that would not be
|
|
|
|
* allowed if we remain in Committed state with the
|
|
|
|
* previously set parameters. */
|
2019-03-03 15:56:14 +01:00
|
|
|
pos = mgmt->u.auth.variable;
|
|
|
|
end = ((const u8 *) mgmt) + len;
|
|
|
|
if (end - pos >= (int) sizeof(le16) &&
|
|
|
|
sae_group_allowed(sta->sae, groups,
|
|
|
|
WPA_GET_LE16(pos)) ==
|
|
|
|
WLAN_STATUS_SUCCESS) {
|
|
|
|
/* Do not waste resources deriving the same PWE
|
|
|
|
* again since the same group is reused. */
|
|
|
|
sae_set_state(sta, SAE_NOTHING,
|
|
|
|
"Allow previous PWE to be reused");
|
|
|
|
allow_reuse = 1;
|
|
|
|
} else {
|
|
|
|
sae_set_state(sta, SAE_NOTHING,
|
|
|
|
"Clear existing state to allow restart");
|
|
|
|
sae_clear_data(sta->sae);
|
|
|
|
}
|
2018-06-20 12:04:31 +02:00
|
|
|
}
|
|
|
|
|
2012-12-30 21:16:18 +01:00
|
|
|
resp = sae_parse_commit(sta->sae, mgmt->u.auth.variable,
|
|
|
|
((const u8 *) mgmt) + len -
|
2012-12-31 15:58:36 +01:00
|
|
|
mgmt->u.auth.variable, &token,
|
2019-09-07 17:33:02 +02:00
|
|
|
&token_len, groups, status_code ==
|
2020-05-30 22:30:42 +02:00
|
|
|
WLAN_STATUS_SAE_HASH_TO_ELEMENT ||
|
2022-12-06 10:46:05 +01:00
|
|
|
status_code == WLAN_STATUS_SAE_PK,
|
|
|
|
NULL);
|
2015-06-23 21:30:15 +02:00
|
|
|
if (resp == SAE_SILENTLY_DISCARD) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"SAE: Drop commit message from " MACSTR " due to reflection attack",
|
|
|
|
MAC2STR(sta->addr));
|
2016-02-16 10:54:32 +01:00
|
|
|
goto remove_sta;
|
2015-06-23 21:30:15 +02:00
|
|
|
}
|
2018-05-19 16:28:01 +02:00
|
|
|
|
|
|
|
if (resp == WLAN_STATUS_UNKNOWN_PASSWORD_IDENTIFIER) {
|
|
|
|
wpa_msg(hapd->msg_ctx, MSG_INFO,
|
|
|
|
WPA_EVENT_SAE_UNKNOWN_PASSWORD_IDENTIFIER
|
|
|
|
MACSTR, MAC2STR(sta->addr));
|
|
|
|
sae_clear_retransmit_timer(hapd, sta);
|
|
|
|
sae_set_state(sta, SAE_NOTHING,
|
|
|
|
"Unknown Password Identifier");
|
|
|
|
goto remove_sta;
|
|
|
|
}
|
|
|
|
|
2021-03-15 13:57:05 +01:00
|
|
|
if (token &&
|
2022-10-07 14:40:49 +02:00
|
|
|
check_comeback_token(hapd->comeback_key,
|
|
|
|
hapd->comeback_pending_idx, sta->addr,
|
|
|
|
token, token_len)
|
2012-12-31 15:58:36 +01:00
|
|
|
< 0) {
|
|
|
|
wpa_printf(MSG_DEBUG, "SAE: Drop commit message with "
|
|
|
|
"incorrect token from " MACSTR,
|
|
|
|
MAC2STR(sta->addr));
|
2016-02-16 10:54:32 +01:00
|
|
|
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto remove_sta;
|
2012-12-31 15:58:36 +01:00
|
|
|
}
|
|
|
|
|
2014-09-01 06:23:30 +02:00
|
|
|
if (resp != WLAN_STATUS_SUCCESS)
|
|
|
|
goto reply;
|
|
|
|
|
2020-06-09 21:32:38 +02:00
|
|
|
if (check_sae_rejected_groups(hapd, sta->sae)) {
|
2019-09-06 14:51:37 +02:00
|
|
|
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
2019-12-06 23:39:46 +01:00
|
|
|
goto reply;
|
2019-09-06 14:51:37 +02:00
|
|
|
}
|
|
|
|
|
2021-03-15 13:57:05 +01:00
|
|
|
if (!token && use_anti_clogging(hapd) && !allow_reuse) {
|
2020-01-20 19:27:06 +01:00
|
|
|
int h2e = 0;
|
|
|
|
|
2014-09-01 06:23:30 +02:00
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"SAE: Request anti-clogging token from "
|
|
|
|
MACSTR, MAC2STR(sta->addr));
|
2020-01-20 19:27:06 +01:00
|
|
|
if (sta->sae->tmp)
|
2020-06-06 11:08:37 +02:00
|
|
|
h2e = sta->sae->h2e;
|
2020-05-30 22:30:42 +02:00
|
|
|
if (status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT ||
|
|
|
|
status_code == WLAN_STATUS_SAE_PK)
|
2020-01-20 19:27:06 +01:00
|
|
|
h2e = 1;
|
2022-10-07 14:40:49 +02:00
|
|
|
data = auth_build_token_req(
|
|
|
|
&hapd->last_comeback_key_update,
|
|
|
|
hapd->comeback_key,
|
|
|
|
hapd->comeback_idx,
|
|
|
|
hapd->comeback_pending_idx,
|
|
|
|
sizeof(hapd->comeback_pending_idx),
|
|
|
|
sta->sae->group,
|
|
|
|
sta->addr, h2e);
|
2014-09-01 06:23:30 +02:00
|
|
|
resp = WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ;
|
2014-11-25 03:04:40 +01:00
|
|
|
if (hapd->conf->mesh & MESH_ENABLED)
|
2017-12-26 23:07:42 +01:00
|
|
|
sae_set_state(sta, SAE_NOTHING,
|
|
|
|
"Request anti-clogging token case in mesh");
|
2014-09-01 06:23:30 +02:00
|
|
|
goto reply;
|
2012-12-30 20:54:16 +01:00
|
|
|
}
|
2014-09-01 06:23:30 +02:00
|
|
|
|
2019-03-03 15:56:14 +01:00
|
|
|
resp = sae_sm_step(hapd, sta, mgmt->bssid, auth_transaction,
|
2019-09-06 14:51:37 +02:00
|
|
|
status_code, allow_reuse, &sta_removed);
|
2012-09-30 18:51:07 +02:00
|
|
|
} else if (auth_transaction == 2) {
|
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
2019-04-18 20:03:21 +02:00
|
|
|
"SAE authentication (RX confirm, status=%u (%s))",
|
|
|
|
status_code, status2str(status_code));
|
2014-12-14 22:52:02 +01:00
|
|
|
if (status_code != WLAN_STATUS_SUCCESS)
|
2016-02-16 10:54:32 +01:00
|
|
|
goto remove_sta;
|
2014-09-01 06:23:30 +02:00
|
|
|
if (sta->sae->state >= SAE_CONFIRMED ||
|
|
|
|
!(hapd->conf->mesh & MESH_ENABLED)) {
|
2017-12-27 11:14:41 +01:00
|
|
|
const u8 *var;
|
|
|
|
size_t var_len;
|
|
|
|
u16 peer_send_confirm;
|
|
|
|
|
|
|
|
var = mgmt->u.auth.variable;
|
|
|
|
var_len = ((u8 *) mgmt) + len - mgmt->u.auth.variable;
|
|
|
|
if (var_len < 2) {
|
|
|
|
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto reply;
|
|
|
|
}
|
|
|
|
|
|
|
|
peer_send_confirm = WPA_GET_LE16(var);
|
|
|
|
|
|
|
|
if (sta->sae->state == SAE_ACCEPTED &&
|
|
|
|
(peer_send_confirm <= sta->sae->rc ||
|
|
|
|
peer_send_confirm == 0xffff)) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"SAE: Silently ignore unexpected Confirm from peer "
|
|
|
|
MACSTR
|
|
|
|
" (peer-send-confirm=%u Rc=%u)",
|
|
|
|
MAC2STR(sta->addr),
|
|
|
|
peer_send_confirm, sta->sae->rc);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2022-12-06 10:46:05 +01:00
|
|
|
if (sae_check_confirm(sta->sae, var, var_len,
|
|
|
|
NULL) < 0) {
|
2022-11-23 13:15:16 +01:00
|
|
|
resp = WLAN_STATUS_CHALLENGE_FAIL;
|
2014-09-01 06:23:30 +02:00
|
|
|
goto reply;
|
2013-01-06 18:06:59 +01:00
|
|
|
}
|
2017-12-27 11:14:41 +01:00
|
|
|
sta->sae->rc = peer_send_confirm;
|
2012-10-06 18:30:54 +02:00
|
|
|
}
|
2019-09-06 14:51:37 +02:00
|
|
|
resp = sae_sm_step(hapd, sta, mgmt->bssid, auth_transaction,
|
|
|
|
status_code, 0, &sta_removed);
|
2012-09-30 18:51:07 +02:00
|
|
|
} else {
|
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
2019-04-18 20:03:21 +02:00
|
|
|
"unexpected SAE authentication transaction %u (status=%u (%s))",
|
|
|
|
auth_transaction, status_code,
|
|
|
|
status2str(status_code));
|
2014-12-14 22:52:02 +01:00
|
|
|
if (status_code != WLAN_STATUS_SUCCESS)
|
2016-02-16 10:54:32 +01:00
|
|
|
goto remove_sta;
|
2012-09-30 18:51:07 +02:00
|
|
|
resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION;
|
|
|
|
}
|
|
|
|
|
2014-09-01 06:23:30 +02:00
|
|
|
reply:
|
2019-04-15 21:09:12 +02:00
|
|
|
if (!sta_removed && resp != WLAN_STATUS_SUCCESS) {
|
2019-03-08 15:21:03 +01:00
|
|
|
pos = mgmt->u.auth.variable;
|
|
|
|
end = ((const u8 *) mgmt) + len;
|
|
|
|
|
|
|
|
/* Copy the Finite Cyclic Group field from the request if we
|
|
|
|
* rejected it as unsupported group. */
|
|
|
|
if (resp == WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED &&
|
|
|
|
!data && end - pos >= 2)
|
|
|
|
data = wpabuf_alloc_copy(pos, 2);
|
|
|
|
|
2019-03-18 10:34:04 +01:00
|
|
|
sae_sme_send_external_auth_status(hapd, sta, resp);
|
2023-12-21 12:38:06 +01:00
|
|
|
send_auth_reply(hapd, sta, sta->addr, mgmt->bssid,
|
|
|
|
WLAN_AUTH_SAE,
|
2014-09-01 06:23:30 +02:00
|
|
|
auth_transaction, resp,
|
|
|
|
data ? wpabuf_head(data) : (u8 *) "",
|
2017-12-07 18:14:49 +01:00
|
|
|
data ? wpabuf_len(data) : 0, "auth-sae");
|
2014-09-01 06:23:30 +02:00
|
|
|
}
|
2016-02-16 10:54:32 +01:00
|
|
|
|
|
|
|
remove_sta:
|
2021-02-08 03:49:17 +01:00
|
|
|
if (auth_transaction == 1)
|
|
|
|
success_status = sae_status_success(hapd, status_code);
|
|
|
|
else
|
|
|
|
success_status = status_code == WLAN_STATUS_SUCCESS;
|
2019-04-15 21:09:12 +02:00
|
|
|
if (!sta_removed && sta->added_unassoc &&
|
2021-02-08 03:49:17 +01:00
|
|
|
(resp != WLAN_STATUS_SUCCESS || !success_status)) {
|
2016-02-16 10:54:32 +01:00
|
|
|
hostapd_drv_sta_remove(hapd, sta->addr);
|
|
|
|
sta->added_unassoc = 0;
|
|
|
|
}
|
2012-10-06 18:30:54 +02:00
|
|
|
wpabuf_free(data);
|
2012-09-30 18:51:07 +02:00
|
|
|
}
|
2015-01-07 07:10:56 +01:00
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* auth_sae_init_committed - Send COMMIT and start SAE in committed state
|
|
|
|
* @hapd: BSS data for the device initiating the authentication
|
|
|
|
* @sta: the peer to which commit authentication frame is sent
|
|
|
|
*
|
|
|
|
* This function implements Init event handling (IEEE Std 802.11-2012,
|
|
|
|
* 11.3.8.6.3) in which initial COMMIT message is sent. Prior to calling, the
|
|
|
|
* sta->sae structure should be initialized appropriately via a call to
|
|
|
|
* sae_prepare_commit().
|
|
|
|
*/
|
|
|
|
int auth_sae_init_committed(struct hostapd_data *hapd, struct sta_info *sta)
|
|
|
|
{
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
if (!sta->sae || !sta->sae->tmp)
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
if (sta->sae->state != SAE_NOTHING)
|
|
|
|
return -1;
|
|
|
|
|
2019-10-25 14:54:11 +02:00
|
|
|
ret = auth_sae_send_commit(hapd, sta, hapd->own_addr, 0, -1);
|
2015-01-07 07:10:56 +01:00
|
|
|
if (ret)
|
|
|
|
return -1;
|
|
|
|
|
2017-12-26 23:07:42 +01:00
|
|
|
sae_set_state(sta, SAE_COMMITTED, "Init and sent commit");
|
2015-01-07 07:10:57 +01:00
|
|
|
sta->sae->sync = 0;
|
|
|
|
sae_set_retransmit_timer(hapd, sta);
|
2015-01-07 07:10:56 +01:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2019-03-01 18:54:51 +01:00
|
|
|
|
|
|
|
void auth_sae_process_commit(void *eloop_ctx, void *user_ctx)
|
|
|
|
{
|
|
|
|
struct hostapd_data *hapd = eloop_ctx;
|
|
|
|
struct hostapd_sae_commit_queue *q;
|
|
|
|
unsigned int queue_len;
|
|
|
|
|
|
|
|
q = dl_list_first(&hapd->sae_commit_queue,
|
|
|
|
struct hostapd_sae_commit_queue, list);
|
|
|
|
if (!q)
|
|
|
|
return;
|
|
|
|
wpa_printf(MSG_DEBUG,
|
2019-03-14 23:03:29 +01:00
|
|
|
"SAE: Process next available message from queue");
|
2019-03-01 18:54:51 +01:00
|
|
|
dl_list_del(&q->list);
|
|
|
|
handle_auth(hapd, (const struct ieee80211_mgmt *) q->msg, q->len,
|
|
|
|
q->rssi, 1);
|
|
|
|
os_free(q);
|
|
|
|
|
|
|
|
if (eloop_is_timeout_registered(auth_sae_process_commit, hapd, NULL))
|
|
|
|
return;
|
|
|
|
queue_len = dl_list_len(&hapd->sae_commit_queue);
|
2019-03-14 23:08:37 +01:00
|
|
|
eloop_register_timeout(0, queue_len * 10000, auth_sae_process_commit,
|
2019-03-01 18:54:51 +01:00
|
|
|
hapd, NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2019-03-14 23:03:29 +01:00
|
|
|
static void auth_sae_queue(struct hostapd_data *hapd,
|
|
|
|
const struct ieee80211_mgmt *mgmt, size_t len,
|
|
|
|
int rssi)
|
2019-03-01 18:54:51 +01:00
|
|
|
{
|
2019-03-14 23:03:29 +01:00
|
|
|
struct hostapd_sae_commit_queue *q, *q2;
|
2019-03-01 18:54:51 +01:00
|
|
|
unsigned int queue_len;
|
2019-03-14 23:03:29 +01:00
|
|
|
const struct ieee80211_mgmt *mgmt2;
|
2019-03-01 18:54:51 +01:00
|
|
|
|
|
|
|
queue_len = dl_list_len(&hapd->sae_commit_queue);
|
|
|
|
if (queue_len >= 15) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
2019-03-14 23:03:29 +01:00
|
|
|
"SAE: No more room in message queue - drop the new frame from "
|
2019-03-01 18:54:51 +01:00
|
|
|
MACSTR, MAC2STR(mgmt->sa));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2019-03-14 23:03:29 +01:00
|
|
|
wpa_printf(MSG_DEBUG, "SAE: Queue Authentication message from "
|
|
|
|
MACSTR " for processing (queue_len %u)", MAC2STR(mgmt->sa),
|
|
|
|
queue_len);
|
2019-03-01 18:54:51 +01:00
|
|
|
q = os_zalloc(sizeof(*q) + len);
|
|
|
|
if (!q)
|
|
|
|
return;
|
|
|
|
q->rssi = rssi;
|
|
|
|
q->len = len;
|
|
|
|
os_memcpy(q->msg, mgmt, len);
|
2019-03-14 23:03:29 +01:00
|
|
|
|
|
|
|
/* Check whether there is already a queued Authentication frame from the
|
|
|
|
* same station with the same transaction number and if so, replace that
|
|
|
|
* queue entry with the new one. This avoids issues with a peer that
|
|
|
|
* sends multiple times (e.g., due to frequent SAE retries). There is no
|
|
|
|
* point in us trying to process the old attempts after a new one has
|
|
|
|
* obsoleted them. */
|
|
|
|
dl_list_for_each(q2, &hapd->sae_commit_queue,
|
|
|
|
struct hostapd_sae_commit_queue, list) {
|
|
|
|
mgmt2 = (const struct ieee80211_mgmt *) q2->msg;
|
Use ether_addr_equal() to compare whether two MAC addresses are equal
This was done with spatch using the following semantic patch and minor
manual edits to clean up coding style and avoid compiler warnings in
driver_wext.c:
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) == 0
+ ether_addr_equal(a, b)
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) != 0
+ !ether_addr_equal(a, b)
@@
expression a,b;
@@
- !os_memcmp(a, b, ETH_ALEN)
+ ether_addr_equal(a, b)
Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-13 22:15:36 +01:00
|
|
|
if (ether_addr_equal(mgmt->sa, mgmt2->sa) &&
|
2019-03-14 23:03:29 +01:00
|
|
|
mgmt->u.auth.auth_transaction ==
|
|
|
|
mgmt2->u.auth.auth_transaction) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"SAE: Replace queued message from same STA with same transaction number");
|
|
|
|
dl_list_add(&q2->list, &q->list);
|
|
|
|
dl_list_del(&q2->list);
|
|
|
|
os_free(q2);
|
|
|
|
goto queued;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* No pending identical entry, so add to the end of the queue */
|
2019-03-01 18:54:51 +01:00
|
|
|
dl_list_add_tail(&hapd->sae_commit_queue, &q->list);
|
2019-03-14 23:03:29 +01:00
|
|
|
|
|
|
|
queued:
|
2019-03-01 18:54:51 +01:00
|
|
|
if (eloop_is_timeout_registered(auth_sae_process_commit, hapd, NULL))
|
|
|
|
return;
|
2019-03-14 23:08:37 +01:00
|
|
|
eloop_register_timeout(0, queue_len * 10000, auth_sae_process_commit,
|
2019-03-01 18:54:51 +01:00
|
|
|
hapd, NULL);
|
|
|
|
}
|
|
|
|
|
2019-03-14 23:03:29 +01:00
|
|
|
|
|
|
|
static int auth_sae_queued_addr(struct hostapd_data *hapd, const u8 *addr)
|
|
|
|
{
|
|
|
|
struct hostapd_sae_commit_queue *q;
|
|
|
|
const struct ieee80211_mgmt *mgmt;
|
|
|
|
|
|
|
|
dl_list_for_each(q, &hapd->sae_commit_queue,
|
|
|
|
struct hostapd_sae_commit_queue, list) {
|
|
|
|
mgmt = (const struct ieee80211_mgmt *) q->msg;
|
Use ether_addr_equal() to compare whether two MAC addresses are equal
This was done with spatch using the following semantic patch and minor
manual edits to clean up coding style and avoid compiler warnings in
driver_wext.c:
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) == 0
+ ether_addr_equal(a, b)
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) != 0
+ !ether_addr_equal(a, b)
@@
expression a,b;
@@
- !os_memcmp(a, b, ETH_ALEN)
+ ether_addr_equal(a, b)
Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-13 22:15:36 +01:00
|
|
|
if (ether_addr_equal(addr, mgmt->sa))
|
2019-03-14 23:03:29 +01:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2012-09-30 18:51:07 +02:00
|
|
|
#endif /* CONFIG_SAE */
|
|
|
|
|
|
|
|
|
2020-03-28 11:22:28 +01:00
|
|
|
static u16 wpa_res_to_status_code(enum wpa_validate_result res)
|
2015-09-04 23:04:21 +02:00
|
|
|
{
|
2020-03-28 11:22:28 +01:00
|
|
|
switch (res) {
|
|
|
|
case WPA_IE_OK:
|
|
|
|
return WLAN_STATUS_SUCCESS;
|
|
|
|
case WPA_INVALID_IE:
|
|
|
|
return WLAN_STATUS_INVALID_IE;
|
|
|
|
case WPA_INVALID_GROUP:
|
2015-09-04 23:04:21 +02:00
|
|
|
return WLAN_STATUS_GROUP_CIPHER_NOT_VALID;
|
2020-03-28 11:22:28 +01:00
|
|
|
case WPA_INVALID_PAIRWISE:
|
2015-09-04 23:04:21 +02:00
|
|
|
return WLAN_STATUS_PAIRWISE_CIPHER_NOT_VALID;
|
2020-03-28 11:22:28 +01:00
|
|
|
case WPA_INVALID_AKMP:
|
2015-09-04 23:04:21 +02:00
|
|
|
return WLAN_STATUS_AKMP_NOT_VALID;
|
2020-03-28 11:22:28 +01:00
|
|
|
case WPA_NOT_ENABLED:
|
|
|
|
return WLAN_STATUS_INVALID_IE;
|
|
|
|
case WPA_ALLOC_FAIL:
|
2015-09-04 23:04:21 +02:00
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
2020-03-28 11:22:28 +01:00
|
|
|
case WPA_MGMT_FRAME_PROTECTION_VIOLATION:
|
2015-09-04 23:04:21 +02:00
|
|
|
return WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION;
|
2020-03-28 11:22:28 +01:00
|
|
|
case WPA_INVALID_MGMT_GROUP_CIPHER:
|
2018-01-12 00:12:00 +01:00
|
|
|
return WLAN_STATUS_CIPHER_REJECTED_PER_POLICY;
|
2020-03-28 11:22:28 +01:00
|
|
|
case WPA_INVALID_MDIE:
|
2015-09-04 23:04:21 +02:00
|
|
|
return WLAN_STATUS_INVALID_MDIE;
|
2020-03-28 11:22:28 +01:00
|
|
|
case WPA_INVALID_PROTO:
|
2015-09-04 23:04:21 +02:00
|
|
|
return WLAN_STATUS_INVALID_IE;
|
2020-03-28 11:22:28 +01:00
|
|
|
case WPA_INVALID_PMKID:
|
|
|
|
return WLAN_STATUS_INVALID_PMKID;
|
2020-03-28 11:33:48 +01:00
|
|
|
case WPA_DENIED_OTHER_REASON:
|
|
|
|
return WLAN_STATUS_ASSOC_DENIED_UNSPEC;
|
2020-03-28 11:22:28 +01:00
|
|
|
}
|
|
|
|
return WLAN_STATUS_INVALID_IE;
|
2015-09-04 23:04:21 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-09-04 23:04:21 +02:00
|
|
|
#ifdef CONFIG_FILS
|
|
|
|
|
|
|
|
static void handle_auth_fils_finish(struct hostapd_data *hapd,
|
|
|
|
struct sta_info *sta, u16 resp,
|
2017-04-21 17:42:00 +02:00
|
|
|
struct wpabuf *data, int pub);
|
|
|
|
|
|
|
|
void handle_auth_fils(struct hostapd_data *hapd, struct sta_info *sta,
|
|
|
|
const u8 *pos, size_t len, u16 auth_alg,
|
|
|
|
u16 auth_transaction, u16 status_code,
|
|
|
|
void (*cb)(struct hostapd_data *hapd,
|
|
|
|
struct sta_info *sta, u16 resp,
|
|
|
|
struct wpabuf *data, int pub))
|
2015-09-04 23:04:21 +02:00
|
|
|
{
|
|
|
|
u16 resp = WLAN_STATUS_SUCCESS;
|
2017-04-23 17:24:38 +02:00
|
|
|
const u8 *end;
|
2015-09-04 23:04:21 +02:00
|
|
|
struct ieee802_11_elems elems;
|
2020-03-28 11:22:28 +01:00
|
|
|
enum wpa_validate_result res;
|
2015-09-04 23:04:21 +02:00
|
|
|
struct wpa_ie_data rsn;
|
|
|
|
struct rsn_pmksa_cache_entry *pmksa = NULL;
|
|
|
|
|
|
|
|
if (auth_transaction != 1 || status_code != WLAN_STATUS_SUCCESS)
|
|
|
|
return;
|
|
|
|
|
2017-04-23 17:24:38 +02:00
|
|
|
end = pos + len;
|
2015-09-04 23:04:21 +02:00
|
|
|
|
|
|
|
wpa_hexdump(MSG_DEBUG, "FILS: Authentication frame fields",
|
|
|
|
pos, end - pos);
|
|
|
|
|
2017-03-12 21:40:56 +01:00
|
|
|
/* TODO: FILS PK */
|
|
|
|
#ifdef CONFIG_FILS_SK_PFS
|
|
|
|
if (auth_alg == WLAN_AUTH_FILS_SK_PFS) {
|
|
|
|
u16 group;
|
|
|
|
struct wpabuf *pub;
|
|
|
|
size_t elem_len;
|
|
|
|
|
|
|
|
/* Using FILS PFS */
|
|
|
|
|
|
|
|
/* Finite Cyclic Group */
|
|
|
|
if (end - pos < 2) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"FILS: No room for Finite Cyclic Group");
|
|
|
|
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
group = WPA_GET_LE16(pos);
|
|
|
|
pos += 2;
|
|
|
|
if (group != hapd->conf->fils_dh_group) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"FILS: Unsupported Finite Cyclic Group: %u (expected %u)",
|
|
|
|
group, hapd->conf->fils_dh_group);
|
|
|
|
resp = WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
crypto_ecdh_deinit(sta->fils_ecdh);
|
|
|
|
sta->fils_ecdh = crypto_ecdh_init(group);
|
|
|
|
if (!sta->fils_ecdh) {
|
|
|
|
wpa_printf(MSG_INFO,
|
|
|
|
"FILS: Could not initialize ECDH with group %d",
|
|
|
|
group);
|
|
|
|
resp = WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
pub = crypto_ecdh_get_pubkey(sta->fils_ecdh, 1);
|
|
|
|
if (!pub) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"FILS: Failed to derive ECDH public key");
|
|
|
|
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
elem_len = wpabuf_len(pub);
|
|
|
|
wpabuf_free(pub);
|
|
|
|
|
|
|
|
/* Element */
|
|
|
|
if ((size_t) (end - pos) < elem_len) {
|
|
|
|
wpa_printf(MSG_DEBUG, "FILS: No room for Element");
|
|
|
|
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
2017-05-07 16:04:08 +02:00
|
|
|
wpabuf_free(sta->fils_g_sta);
|
|
|
|
sta->fils_g_sta = wpabuf_alloc_copy(pos, elem_len);
|
2017-03-12 21:40:56 +01:00
|
|
|
wpabuf_clear_free(sta->fils_dh_ss);
|
|
|
|
sta->fils_dh_ss = crypto_ecdh_set_peerkey(sta->fils_ecdh, 1,
|
|
|
|
pos, elem_len);
|
|
|
|
if (!sta->fils_dh_ss) {
|
|
|
|
wpa_printf(MSG_DEBUG, "FILS: ECDH operation failed");
|
|
|
|
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
wpa_hexdump_buf_key(MSG_DEBUG, "FILS: DH_SS", sta->fils_dh_ss);
|
|
|
|
pos += elem_len;
|
|
|
|
} else {
|
|
|
|
crypto_ecdh_deinit(sta->fils_ecdh);
|
|
|
|
sta->fils_ecdh = NULL;
|
|
|
|
wpabuf_clear_free(sta->fils_dh_ss);
|
|
|
|
sta->fils_dh_ss = NULL;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_FILS_SK_PFS */
|
2015-09-04 23:04:21 +02:00
|
|
|
|
|
|
|
wpa_hexdump(MSG_DEBUG, "FILS: Remaining IEs", pos, end - pos);
|
|
|
|
if (ieee802_11_parse_elems(pos, end - pos, &elems, 1) == ParseFailed) {
|
|
|
|
wpa_printf(MSG_DEBUG, "FILS: Could not parse elements");
|
|
|
|
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* RSNE */
|
|
|
|
wpa_hexdump(MSG_DEBUG, "FILS: RSN element",
|
|
|
|
elems.rsn_ie, elems.rsn_ie_len);
|
|
|
|
if (!elems.rsn_ie ||
|
|
|
|
wpa_parse_wpa_ie_rsn(elems.rsn_ie - 2, elems.rsn_ie_len + 2,
|
|
|
|
&rsn) < 0) {
|
|
|
|
wpa_printf(MSG_DEBUG, "FILS: No valid RSN element");
|
|
|
|
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!sta->wpa_sm)
|
|
|
|
sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, sta->addr,
|
|
|
|
NULL);
|
|
|
|
if (!sta->wpa_sm) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"FILS: Failed to initialize RSN state machine");
|
|
|
|
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm,
|
2019-02-06 11:33:35 +01:00
|
|
|
hapd->iface->freq,
|
2015-09-04 23:04:21 +02:00
|
|
|
elems.rsn_ie - 2, elems.rsn_ie_len + 2,
|
2019-10-17 23:11:24 +02:00
|
|
|
elems.rsnxe ? elems.rsnxe - 2 : NULL,
|
|
|
|
elems.rsnxe ? elems.rsnxe_len + 2 : 0,
|
2017-03-12 00:26:43 +01:00
|
|
|
elems.mdie, elems.mdie_len, NULL, 0);
|
2015-09-04 23:04:21 +02:00
|
|
|
resp = wpa_res_to_status_code(res);
|
|
|
|
if (resp != WLAN_STATUS_SUCCESS)
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
if (!elems.fils_nonce) {
|
|
|
|
wpa_printf(MSG_DEBUG, "FILS: No FILS Nonce field");
|
|
|
|
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
wpa_hexdump(MSG_DEBUG, "FILS: SNonce", elems.fils_nonce,
|
|
|
|
FILS_NONCE_LEN);
|
|
|
|
os_memcpy(sta->fils_snonce, elems.fils_nonce, FILS_NONCE_LEN);
|
|
|
|
|
|
|
|
/* PMKID List */
|
|
|
|
if (rsn.pmkid && rsn.num_pmkid > 0) {
|
|
|
|
u8 num;
|
|
|
|
const u8 *pmkid;
|
|
|
|
|
|
|
|
wpa_hexdump(MSG_DEBUG, "FILS: PMKID List",
|
|
|
|
rsn.pmkid, rsn.num_pmkid * PMKID_LEN);
|
|
|
|
|
|
|
|
pmkid = rsn.pmkid;
|
|
|
|
num = rsn.num_pmkid;
|
|
|
|
while (num) {
|
|
|
|
wpa_hexdump(MSG_DEBUG, "FILS: PMKID", pmkid, PMKID_LEN);
|
|
|
|
pmksa = wpa_auth_pmksa_get(hapd->wpa_auth, sta->addr,
|
|
|
|
pmkid);
|
|
|
|
if (pmksa)
|
|
|
|
break;
|
2017-02-21 11:18:58 +01:00
|
|
|
pmksa = wpa_auth_pmksa_get_fils_cache_id(hapd->wpa_auth,
|
|
|
|
sta->addr,
|
|
|
|
pmkid);
|
|
|
|
if (pmksa)
|
|
|
|
break;
|
2015-09-04 23:04:21 +02:00
|
|
|
pmkid += PMKID_LEN;
|
|
|
|
num--;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (pmksa && wpa_auth_sta_key_mgmt(sta->wpa_sm) != pmksa->akmp) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"FILS: Matching PMKSA cache entry has different AKMP (0x%x != 0x%x) - ignore",
|
|
|
|
wpa_auth_sta_key_mgmt(sta->wpa_sm), pmksa->akmp);
|
|
|
|
pmksa = NULL;
|
|
|
|
}
|
|
|
|
if (pmksa)
|
|
|
|
wpa_printf(MSG_DEBUG, "FILS: Found matching PMKSA cache entry");
|
|
|
|
|
|
|
|
/* FILS Session */
|
|
|
|
if (!elems.fils_session) {
|
|
|
|
wpa_printf(MSG_DEBUG, "FILS: No FILS Session element");
|
|
|
|
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
wpa_hexdump(MSG_DEBUG, "FILS: FILS Session", elems.fils_session,
|
|
|
|
FILS_SESSION_LEN);
|
|
|
|
os_memcpy(sta->fils_session, elems.fils_session, FILS_SESSION_LEN);
|
|
|
|
|
2020-02-24 10:14:32 +01:00
|
|
|
/* Wrapped Data */
|
|
|
|
if (elems.wrapped_data) {
|
2015-09-04 23:04:21 +02:00
|
|
|
wpa_hexdump(MSG_DEBUG, "FILS: Wrapped Data",
|
2020-02-24 10:14:32 +01:00
|
|
|
elems.wrapped_data,
|
|
|
|
elems.wrapped_data_len);
|
2015-09-04 23:04:21 +02:00
|
|
|
if (!pmksa) {
|
|
|
|
#ifndef CONFIG_NO_RADIUS
|
|
|
|
if (!sta->eapol_sm) {
|
|
|
|
sta->eapol_sm =
|
|
|
|
ieee802_1x_alloc_eapol_sm(hapd, sta);
|
|
|
|
}
|
|
|
|
wpa_printf(MSG_DEBUG,
|
2017-07-05 16:29:44 +02:00
|
|
|
"FILS: Forward EAP-Initiate/Re-auth to authentication server");
|
2015-09-04 23:04:21 +02:00
|
|
|
ieee802_1x_encapsulate_radius(
|
2020-02-24 10:14:32 +01:00
|
|
|
hapd, sta, elems.wrapped_data,
|
|
|
|
elems.wrapped_data_len);
|
2017-04-21 17:42:00 +02:00
|
|
|
sta->fils_pending_cb = cb;
|
2015-09-04 23:04:21 +02:00
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"FILS: Will send Authentication frame once the response from authentication server is available");
|
|
|
|
sta->flags |= WLAN_STA_PENDING_FILS_ERP;
|
2017-07-05 16:52:23 +02:00
|
|
|
/* Calculate pending PMKID here so that we do not need
|
|
|
|
* to maintain a copy of the EAP-Initiate/Reauth
|
|
|
|
* message. */
|
|
|
|
if (fils_pmkid_erp(wpa_auth_sta_key_mgmt(sta->wpa_sm),
|
2020-02-24 10:14:32 +01:00
|
|
|
elems.wrapped_data,
|
|
|
|
elems.wrapped_data_len,
|
2017-07-05 16:52:23 +02:00
|
|
|
sta->fils_erp_pmkid) == 0)
|
|
|
|
sta->fils_erp_pmkid_set = 1;
|
2015-09-04 23:04:21 +02:00
|
|
|
return;
|
|
|
|
#else /* CONFIG_NO_RADIUS */
|
|
|
|
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto fail;
|
|
|
|
#endif /* CONFIG_NO_RADIUS */
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
fail:
|
2017-04-21 17:42:00 +02:00
|
|
|
if (cb) {
|
|
|
|
struct wpabuf *data;
|
|
|
|
int pub = 0;
|
|
|
|
|
|
|
|
data = prepare_auth_resp_fils(hapd, sta, &resp, pmksa, NULL,
|
|
|
|
NULL, 0, &pub);
|
|
|
|
if (!data) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"%s: prepare_auth_resp_fils() returned failure",
|
|
|
|
__func__);
|
|
|
|
}
|
|
|
|
|
|
|
|
cb(hapd, sta, resp, data, pub);
|
|
|
|
}
|
2015-09-04 23:04:21 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2017-04-21 17:42:00 +02:00
|
|
|
static struct wpabuf *
|
|
|
|
prepare_auth_resp_fils(struct hostapd_data *hapd,
|
|
|
|
struct sta_info *sta, u16 *resp,
|
|
|
|
struct rsn_pmksa_cache_entry *pmksa,
|
|
|
|
struct wpabuf *erp_resp,
|
|
|
|
const u8 *msk, size_t msk_len,
|
|
|
|
int *is_pub)
|
2015-09-04 23:04:21 +02:00
|
|
|
{
|
|
|
|
u8 fils_nonce[FILS_NONCE_LEN];
|
|
|
|
size_t ielen;
|
|
|
|
struct wpabuf *data = NULL;
|
|
|
|
const u8 *ie;
|
|
|
|
u8 *ie_buf = NULL;
|
|
|
|
const u8 *pmk = NULL;
|
|
|
|
size_t pmk_len = 0;
|
2017-01-13 20:06:21 +01:00
|
|
|
u8 pmk_buf[PMK_LEN_MAX];
|
2017-03-12 21:40:56 +01:00
|
|
|
struct wpabuf *pub = NULL;
|
2015-09-04 23:04:21 +02:00
|
|
|
|
2017-04-21 17:42:00 +02:00
|
|
|
if (*resp != WLAN_STATUS_SUCCESS)
|
2015-09-04 23:04:21 +02:00
|
|
|
goto fail;
|
|
|
|
|
|
|
|
ie = wpa_auth_get_wpa_ie(hapd->wpa_auth, &ielen);
|
|
|
|
if (!ie) {
|
2017-04-21 17:42:00 +02:00
|
|
|
*resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
2015-09-04 23:04:21 +02:00
|
|
|
goto fail;
|
|
|
|
}
|
2017-04-21 17:42:00 +02:00
|
|
|
|
2015-09-04 23:04:21 +02:00
|
|
|
if (pmksa) {
|
|
|
|
/* Add PMKID of the selected PMKSA into RSNE */
|
|
|
|
ie_buf = os_malloc(ielen + 2 + 2 + PMKID_LEN);
|
|
|
|
if (!ie_buf) {
|
2017-04-21 17:42:00 +02:00
|
|
|
*resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
2015-09-04 23:04:21 +02:00
|
|
|
goto fail;
|
|
|
|
}
|
2017-04-21 17:42:00 +02:00
|
|
|
|
2015-09-04 23:04:21 +02:00
|
|
|
os_memcpy(ie_buf, ie, ielen);
|
|
|
|
if (wpa_insert_pmkid(ie_buf, &ielen, pmksa->pmkid) < 0) {
|
2017-04-21 17:42:00 +02:00
|
|
|
*resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
2015-09-04 23:04:21 +02:00
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
ie = ie_buf;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (random_get_bytes(fils_nonce, FILS_NONCE_LEN) < 0) {
|
2017-04-21 17:42:00 +02:00
|
|
|
*resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
2015-09-04 23:04:21 +02:00
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
wpa_hexdump(MSG_DEBUG, "RSN: Generated FILS Nonce",
|
|
|
|
fils_nonce, FILS_NONCE_LEN);
|
|
|
|
|
2017-03-12 21:40:56 +01:00
|
|
|
#ifdef CONFIG_FILS_SK_PFS
|
|
|
|
if (sta->fils_dh_ss && sta->fils_ecdh) {
|
|
|
|
pub = crypto_ecdh_get_pubkey(sta->fils_ecdh, 1);
|
|
|
|
if (!pub) {
|
2017-04-21 17:42:00 +02:00
|
|
|
*resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
2017-03-12 21:40:56 +01:00
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_FILS_SK_PFS */
|
|
|
|
|
|
|
|
data = wpabuf_alloc(1000 + ielen + (pub ? wpabuf_len(pub) : 0));
|
2015-09-04 23:04:21 +02:00
|
|
|
if (!data) {
|
2017-04-21 17:42:00 +02:00
|
|
|
*resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
2015-09-04 23:04:21 +02:00
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
2017-03-12 21:40:56 +01:00
|
|
|
/* TODO: FILS PK */
|
|
|
|
#ifdef CONFIG_FILS_SK_PFS
|
|
|
|
if (pub) {
|
|
|
|
/* Finite Cyclic Group */
|
|
|
|
wpabuf_put_le16(data, hapd->conf->fils_dh_group);
|
|
|
|
|
|
|
|
/* Element */
|
|
|
|
wpabuf_put_buf(data, pub);
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_FILS_SK_PFS */
|
2015-09-04 23:04:21 +02:00
|
|
|
|
|
|
|
/* RSNE */
|
|
|
|
wpabuf_put_data(data, ie, ielen);
|
|
|
|
|
2017-04-02 21:38:48 +02:00
|
|
|
/* MDE when using FILS+FT (already included in ie,ielen with RSNE) */
|
|
|
|
|
|
|
|
#ifdef CONFIG_IEEE80211R_AP
|
|
|
|
if (wpa_key_mgmt_ft(wpa_auth_sta_key_mgmt(sta->wpa_sm))) {
|
|
|
|
/* FTE[R1KH-ID,R0KH-ID] when using FILS+FT */
|
|
|
|
int res;
|
|
|
|
|
2022-10-16 15:51:12 +02:00
|
|
|
res = wpa_auth_write_fte(hapd->wpa_auth, sta->wpa_sm,
|
2018-06-05 00:31:43 +02:00
|
|
|
wpabuf_put(data, 0),
|
2017-04-02 21:38:48 +02:00
|
|
|
wpabuf_tailroom(data));
|
|
|
|
if (res < 0) {
|
2017-04-21 17:42:00 +02:00
|
|
|
*resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
2017-04-02 21:38:48 +02:00
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
wpabuf_put(data, res);
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_IEEE80211R_AP */
|
2015-09-04 23:04:21 +02:00
|
|
|
|
|
|
|
/* FILS Nonce */
|
|
|
|
wpabuf_put_u8(data, WLAN_EID_EXTENSION); /* Element ID */
|
|
|
|
wpabuf_put_u8(data, 1 + FILS_NONCE_LEN); /* Length */
|
|
|
|
/* Element ID Extension */
|
|
|
|
wpabuf_put_u8(data, WLAN_EID_EXT_FILS_NONCE);
|
|
|
|
wpabuf_put_data(data, fils_nonce, FILS_NONCE_LEN);
|
|
|
|
|
|
|
|
/* FILS Session */
|
|
|
|
wpabuf_put_u8(data, WLAN_EID_EXTENSION); /* Element ID */
|
|
|
|
wpabuf_put_u8(data, 1 + FILS_SESSION_LEN); /* Length */
|
|
|
|
/* Element ID Extension */
|
|
|
|
wpabuf_put_u8(data, WLAN_EID_EXT_FILS_SESSION);
|
|
|
|
wpabuf_put_data(data, sta->fils_session, FILS_SESSION_LEN);
|
|
|
|
|
2020-02-24 10:14:32 +01:00
|
|
|
/* Wrapped Data */
|
2015-09-04 23:04:21 +02:00
|
|
|
if (!pmksa && erp_resp) {
|
|
|
|
wpabuf_put_u8(data, WLAN_EID_EXTENSION); /* Element ID */
|
|
|
|
wpabuf_put_u8(data, 1 + wpabuf_len(erp_resp)); /* Length */
|
|
|
|
/* Element ID Extension */
|
2020-02-24 10:14:32 +01:00
|
|
|
wpabuf_put_u8(data, WLAN_EID_EXT_WRAPPED_DATA);
|
2015-09-04 23:04:21 +02:00
|
|
|
wpabuf_put_buf(data, erp_resp);
|
|
|
|
|
2017-01-13 20:06:21 +01:00
|
|
|
if (fils_rmsk_to_pmk(wpa_auth_sta_key_mgmt(sta->wpa_sm),
|
|
|
|
msk, msk_len, sta->fils_snonce, fils_nonce,
|
2017-03-12 21:40:56 +01:00
|
|
|
sta->fils_dh_ss ?
|
|
|
|
wpabuf_head(sta->fils_dh_ss) : NULL,
|
|
|
|
sta->fils_dh_ss ?
|
|
|
|
wpabuf_len(sta->fils_dh_ss) : 0,
|
|
|
|
pmk_buf, &pmk_len)) {
|
2017-01-13 20:06:21 +01:00
|
|
|
wpa_printf(MSG_DEBUG, "FILS: Failed to derive PMK");
|
2017-04-21 17:42:00 +02:00
|
|
|
*resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
2017-01-13 20:06:21 +01:00
|
|
|
wpabuf_free(data);
|
|
|
|
data = NULL;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
pmk = pmk_buf;
|
2017-07-05 16:52:23 +02:00
|
|
|
|
2017-09-13 20:36:05 +02:00
|
|
|
/* Don't use DHss in PTK derivation if PMKSA caching is not
|
|
|
|
* used. */
|
|
|
|
wpabuf_clear_free(sta->fils_dh_ss);
|
|
|
|
sta->fils_dh_ss = NULL;
|
|
|
|
|
2017-07-05 16:52:23 +02:00
|
|
|
if (sta->fils_erp_pmkid_set) {
|
|
|
|
/* TODO: get PMKLifetime from WPA parameters */
|
|
|
|
unsigned int dot11RSNAConfigPMKLifetime = 43200;
|
2017-05-18 15:21:56 +02:00
|
|
|
int session_timeout;
|
|
|
|
|
|
|
|
session_timeout = dot11RSNAConfigPMKLifetime;
|
|
|
|
if (sta->session_timeout_set) {
|
|
|
|
struct os_reltime now, diff;
|
|
|
|
|
|
|
|
os_get_reltime(&now);
|
|
|
|
os_reltime_sub(&sta->session_timeout, &now,
|
|
|
|
&diff);
|
|
|
|
session_timeout = diff.sec;
|
|
|
|
}
|
2017-07-05 16:52:23 +02:00
|
|
|
|
|
|
|
sta->fils_erp_pmkid_set = 0;
|
2019-04-17 21:52:23 +02:00
|
|
|
wpa_auth_add_fils_pmk_pmkid(sta->wpa_sm, pmk, pmk_len,
|
|
|
|
sta->fils_erp_pmkid);
|
2019-03-13 15:34:48 +01:00
|
|
|
if (!hapd->conf->disable_pmksa_caching &&
|
|
|
|
wpa_auth_pmksa_add2(
|
2017-07-05 16:52:23 +02:00
|
|
|
hapd->wpa_auth, sta->addr,
|
|
|
|
pmk, pmk_len,
|
|
|
|
sta->fils_erp_pmkid,
|
2017-05-18 15:21:56 +02:00
|
|
|
session_timeout,
|
2023-11-21 00:51:43 +01:00
|
|
|
wpa_auth_sta_key_mgmt(sta->wpa_sm),
|
|
|
|
NULL) < 0) {
|
2017-07-05 16:52:23 +02:00
|
|
|
wpa_printf(MSG_ERROR,
|
|
|
|
"FILS: Failed to add PMKSA cache entry based on ERP");
|
|
|
|
}
|
|
|
|
}
|
2015-09-04 23:04:21 +02:00
|
|
|
} else if (pmksa) {
|
|
|
|
pmk = pmksa->pmk;
|
|
|
|
pmk_len = pmksa->pmk_len;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!pmk) {
|
|
|
|
wpa_printf(MSG_DEBUG, "FILS: No PMK available");
|
2017-04-21 17:42:00 +02:00
|
|
|
*resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
2015-09-04 23:04:21 +02:00
|
|
|
wpabuf_free(data);
|
|
|
|
data = NULL;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (fils_auth_pmk_to_ptk(sta->wpa_sm, pmk, pmk_len,
|
2017-05-07 16:04:08 +02:00
|
|
|
sta->fils_snonce, fils_nonce,
|
2017-09-13 20:36:05 +02:00
|
|
|
sta->fils_dh_ss ?
|
|
|
|
wpabuf_head(sta->fils_dh_ss) : NULL,
|
|
|
|
sta->fils_dh_ss ?
|
|
|
|
wpabuf_len(sta->fils_dh_ss) : 0,
|
2017-05-07 16:04:08 +02:00
|
|
|
sta->fils_g_sta, pub) < 0) {
|
2017-04-21 17:42:00 +02:00
|
|
|
*resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
2015-09-04 23:04:21 +02:00
|
|
|
wpabuf_free(data);
|
|
|
|
data = NULL;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
fail:
|
2017-04-21 17:42:00 +02:00
|
|
|
if (is_pub)
|
|
|
|
*is_pub = pub != NULL;
|
|
|
|
os_free(ie_buf);
|
|
|
|
wpabuf_free(pub);
|
|
|
|
wpabuf_clear_free(sta->fils_dh_ss);
|
|
|
|
sta->fils_dh_ss = NULL;
|
|
|
|
#ifdef CONFIG_FILS_SK_PFS
|
|
|
|
crypto_ecdh_deinit(sta->fils_ecdh);
|
|
|
|
sta->fils_ecdh = NULL;
|
|
|
|
#endif /* CONFIG_FILS_SK_PFS */
|
|
|
|
return data;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void handle_auth_fils_finish(struct hostapd_data *hapd,
|
|
|
|
struct sta_info *sta, u16 resp,
|
2017-04-21 17:42:00 +02:00
|
|
|
struct wpabuf *data, int pub)
|
2017-04-21 17:42:00 +02:00
|
|
|
{
|
|
|
|
u16 auth_alg;
|
|
|
|
|
2017-03-12 21:40:56 +01:00
|
|
|
auth_alg = (pub ||
|
|
|
|
resp == WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED) ?
|
|
|
|
WLAN_AUTH_FILS_SK_PFS : WLAN_AUTH_FILS_SK;
|
2020-01-08 19:52:26 +01:00
|
|
|
send_auth_reply(hapd, sta, sta->addr, hapd->own_addr, auth_alg, 2, resp,
|
2015-09-04 23:04:21 +02:00
|
|
|
data ? wpabuf_head(data) : (u8 *) "",
|
2017-12-07 18:14:49 +01:00
|
|
|
data ? wpabuf_len(data) : 0, "auth-fils-finish");
|
2015-09-04 23:04:21 +02:00
|
|
|
wpabuf_free(data);
|
|
|
|
|
|
|
|
if (resp == WLAN_STATUS_SUCCESS) {
|
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
|
|
|
"authentication OK (FILS)");
|
|
|
|
sta->flags |= WLAN_STA_AUTH;
|
|
|
|
wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
|
2017-03-12 21:40:56 +01:00
|
|
|
sta->auth_alg = pub ? WLAN_AUTH_FILS_SK_PFS : WLAN_AUTH_FILS_SK;
|
2015-09-04 23:04:21 +02:00
|
|
|
mlme_authenticate_indication(hapd, sta);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void ieee802_11_finish_fils_auth(struct hostapd_data *hapd,
|
|
|
|
struct sta_info *sta, int success,
|
|
|
|
struct wpabuf *erp_resp,
|
|
|
|
const u8 *msk, size_t msk_len)
|
|
|
|
{
|
2017-04-21 17:42:00 +02:00
|
|
|
u16 resp;
|
2020-12-16 12:00:56 +01:00
|
|
|
u32 flags = sta->flags;
|
2017-04-21 17:42:00 +02:00
|
|
|
|
2020-12-16 12:00:56 +01:00
|
|
|
sta->flags &= ~(WLAN_STA_PENDING_FILS_ERP |
|
|
|
|
WLAN_STA_PENDING_PASN_FILS_ERP);
|
2017-04-21 17:42:00 +02:00
|
|
|
|
|
|
|
resp = success ? WLAN_STATUS_SUCCESS : WLAN_STATUS_UNSPECIFIED_FAILURE;
|
2020-12-16 12:00:56 +01:00
|
|
|
|
|
|
|
if (flags & WLAN_STA_PENDING_FILS_ERP) {
|
|
|
|
struct wpabuf *data;
|
|
|
|
int pub = 0;
|
|
|
|
|
|
|
|
if (!sta->fils_pending_cb)
|
|
|
|
return;
|
|
|
|
|
|
|
|
data = prepare_auth_resp_fils(hapd, sta, &resp, NULL, erp_resp,
|
|
|
|
msk, msk_len, &pub);
|
|
|
|
if (!data) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"%s: prepare_auth_resp_fils() failure",
|
|
|
|
__func__);
|
|
|
|
}
|
|
|
|
sta->fils_pending_cb(hapd, sta, resp, data, pub);
|
|
|
|
#ifdef CONFIG_PASN
|
|
|
|
} else if (flags & WLAN_STA_PENDING_PASN_FILS_ERP) {
|
|
|
|
pasn_fils_auth_resp(hapd, sta, resp, erp_resp,
|
|
|
|
msk, msk_len);
|
|
|
|
#endif /* CONFIG_PASN */
|
2017-04-21 17:42:00 +02:00
|
|
|
}
|
2015-09-04 23:04:21 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
#endif /* CONFIG_FILS */
|
|
|
|
|
|
|
|
|
2019-12-29 22:24:10 +01:00
|
|
|
static int ieee802_11_allowed_address(struct hostapd_data *hapd, const u8 *addr,
|
|
|
|
const u8 *msg, size_t len,
|
|
|
|
struct radius_sta *info)
|
2017-01-17 13:51:02 +01:00
|
|
|
{
|
|
|
|
int res;
|
|
|
|
|
2019-12-29 22:24:10 +01:00
|
|
|
res = hostapd_allowed_address(hapd, addr, msg, len, info, 0);
|
2017-01-17 13:51:02 +01:00
|
|
|
|
|
|
|
if (res == HOSTAPD_ACL_REJECT) {
|
2019-12-29 22:24:10 +01:00
|
|
|
wpa_printf(MSG_DEBUG, "Station " MACSTR
|
|
|
|
" not allowed to authenticate",
|
|
|
|
MAC2STR(addr));
|
2017-01-17 13:51:02 +01:00
|
|
|
return HOSTAPD_ACL_REJECT;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (res == HOSTAPD_ACL_PENDING) {
|
|
|
|
wpa_printf(MSG_DEBUG, "Authentication frame from " MACSTR
|
|
|
|
" waiting for an external authentication",
|
|
|
|
MAC2STR(addr));
|
|
|
|
/* Authentication code will re-send the authentication frame
|
|
|
|
* after it has received (and cached) information from the
|
|
|
|
* external source. */
|
|
|
|
return HOSTAPD_ACL_PENDING;
|
|
|
|
}
|
|
|
|
|
|
|
|
return res;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2022-04-02 12:12:43 +02:00
|
|
|
int ieee802_11_set_radius_info(struct hostapd_data *hapd, struct sta_info *sta,
|
|
|
|
int res, struct radius_sta *info)
|
2017-01-17 13:51:02 +01:00
|
|
|
{
|
2019-04-28 13:14:57 +02:00
|
|
|
u32 session_timeout = info->session_timeout;
|
|
|
|
u32 acct_interim_interval = info->acct_interim_interval;
|
|
|
|
struct vlan_description *vlan_id = &info->vlan_id;
|
2019-04-28 13:14:57 +02:00
|
|
|
struct hostapd_sta_wpa_psk_short *psk = info->psk;
|
|
|
|
char *identity = info->identity;
|
|
|
|
char *radius_cui = info->radius_cui;
|
2019-04-28 13:14:57 +02:00
|
|
|
|
2017-01-17 13:51:02 +01:00
|
|
|
if (vlan_id->notempty &&
|
|
|
|
!hostapd_vlan_valid(hapd->conf->vlan, vlan_id)) {
|
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
|
|
|
|
HOSTAPD_LEVEL_INFO,
|
|
|
|
"Invalid VLAN %d%s received from RADIUS server",
|
|
|
|
vlan_id->untagged,
|
|
|
|
vlan_id->tagged[0] ? "+" : "");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
if (ap_sta_set_vlan(hapd, sta, vlan_id) < 0)
|
|
|
|
return -1;
|
|
|
|
if (sta->vlan_id)
|
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS,
|
|
|
|
HOSTAPD_LEVEL_INFO, "VLAN ID %d", sta->vlan_id);
|
|
|
|
|
|
|
|
hostapd_free_psk_list(sta->psk);
|
2019-04-28 13:14:57 +02:00
|
|
|
if (hapd->conf->wpa_psk_radius != PSK_RADIUS_IGNORED)
|
|
|
|
hostapd_copy_psk_list(&sta->psk, psk);
|
|
|
|
else
|
2017-01-17 13:51:02 +01:00
|
|
|
sta->psk = NULL;
|
|
|
|
|
2017-05-18 15:21:54 +02:00
|
|
|
os_free(sta->identity);
|
2019-04-28 13:14:57 +02:00
|
|
|
if (identity)
|
|
|
|
sta->identity = os_strdup(identity);
|
|
|
|
else
|
|
|
|
sta->identity = NULL;
|
2017-05-18 15:21:54 +02:00
|
|
|
|
|
|
|
os_free(sta->radius_cui);
|
2019-04-28 13:14:57 +02:00
|
|
|
if (radius_cui)
|
|
|
|
sta->radius_cui = os_strdup(radius_cui);
|
|
|
|
else
|
|
|
|
sta->radius_cui = NULL;
|
2017-01-17 13:51:02 +01:00
|
|
|
|
|
|
|
if (hapd->conf->acct_interim_interval == 0 && acct_interim_interval)
|
|
|
|
sta->acct_interim_interval = acct_interim_interval;
|
2017-05-18 15:21:56 +02:00
|
|
|
if (res == HOSTAPD_ACL_ACCEPT_TIMEOUT) {
|
|
|
|
sta->session_timeout_set = 1;
|
|
|
|
os_get_reltime(&sta->session_timeout);
|
|
|
|
sta->session_timeout.sec += session_timeout;
|
2017-01-17 13:51:02 +01:00
|
|
|
ap_sta_session_timeout(hapd, sta, session_timeout);
|
2017-05-18 15:21:56 +02:00
|
|
|
} else {
|
|
|
|
sta->session_timeout_set = 0;
|
2017-01-17 13:51:02 +01:00
|
|
|
ap_sta_no_session_timeout(hapd, sta);
|
2017-05-18 15:21:56 +02:00
|
|
|
}
|
2017-01-17 13:51:02 +01:00
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2020-12-16 12:00:32 +01:00
|
|
|
#ifdef CONFIG_PASN
|
2020-12-16 12:00:56 +01:00
|
|
|
#ifdef CONFIG_FILS
|
|
|
|
|
|
|
|
static void pasn_fils_auth_resp(struct hostapd_data *hapd,
|
|
|
|
struct sta_info *sta, u16 status,
|
|
|
|
struct wpabuf *erp_resp,
|
|
|
|
const u8 *msk, size_t msk_len)
|
|
|
|
{
|
2022-11-03 09:02:06 +01:00
|
|
|
struct pasn_data *pasn = sta->pasn;
|
2022-09-19 12:42:49 +02:00
|
|
|
struct pasn_fils *fils = &pasn->fils;
|
2020-12-16 12:00:56 +01:00
|
|
|
u8 pmk[PMK_LEN_MAX];
|
|
|
|
size_t pmk_len;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
wpa_printf(MSG_DEBUG, "PASN: FILS: Handle AS response - status=%u",
|
|
|
|
status);
|
|
|
|
|
|
|
|
if (status != WLAN_STATUS_SUCCESS)
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
if (!pasn->secret) {
|
|
|
|
wpa_printf(MSG_DEBUG, "PASN: FILS: Missing secret");
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (random_get_bytes(fils->anonce, FILS_NONCE_LEN) < 0) {
|
|
|
|
wpa_printf(MSG_DEBUG, "PASN: FILS: Failed to get ANonce");
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
wpa_hexdump(MSG_DEBUG, "RSN: Generated FILS ANonce",
|
|
|
|
fils->anonce, FILS_NONCE_LEN);
|
|
|
|
|
|
|
|
ret = fils_rmsk_to_pmk(pasn->akmp, msk, msk_len, fils->nonce,
|
|
|
|
fils->anonce, NULL, 0, pmk, &pmk_len);
|
|
|
|
if (ret) {
|
|
|
|
wpa_printf(MSG_DEBUG, "FILS: Failed to derive PMK");
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
ret = pasn_pmk_to_ptk(pmk, pmk_len, sta->addr, hapd->own_addr,
|
|
|
|
wpabuf_head(pasn->secret),
|
|
|
|
wpabuf_len(pasn->secret),
|
|
|
|
&sta->pasn->ptk, sta->pasn->akmp,
|
2021-04-08 11:06:20 +02:00
|
|
|
sta->pasn->cipher, sta->pasn->kdk_len);
|
2020-12-16 12:00:56 +01:00
|
|
|
if (ret) {
|
|
|
|
wpa_printf(MSG_DEBUG, "PASN: FILS: Failed to derive PTK");
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
2022-07-07 22:14:54 +02:00
|
|
|
if (pasn->secure_ltf) {
|
|
|
|
ret = wpa_ltf_keyseed(&pasn->ptk, pasn->akmp, pasn->cipher);
|
|
|
|
if (ret) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"PASN: FILS: Failed to derive LTF keyseed");
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2020-12-16 12:00:56 +01:00
|
|
|
wpa_printf(MSG_DEBUG, "PASN: PTK successfully derived");
|
|
|
|
|
|
|
|
wpabuf_free(pasn->secret);
|
|
|
|
pasn->secret = NULL;
|
|
|
|
|
|
|
|
fils->erp_resp = erp_resp;
|
2022-09-20 08:17:00 +02:00
|
|
|
ret = handle_auth_pasn_resp(sta->pasn, hapd->own_addr, sta->addr, NULL,
|
|
|
|
WLAN_STATUS_SUCCESS);
|
2020-12-16 12:00:56 +01:00
|
|
|
fils->erp_resp = NULL;
|
|
|
|
|
|
|
|
if (ret) {
|
|
|
|
wpa_printf(MSG_DEBUG, "PASN: FILS: Failed to send response");
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
fils->state = PASN_FILS_STATE_COMPLETE;
|
|
|
|
return;
|
|
|
|
fail:
|
|
|
|
ap_free_sta(hapd, sta);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int pasn_wd_handle_fils(struct hostapd_data *hapd, struct sta_info *sta,
|
|
|
|
struct wpabuf *wd)
|
|
|
|
{
|
2021-02-28 10:37:09 +01:00
|
|
|
#ifdef CONFIG_NO_RADIUS
|
|
|
|
wpa_printf(MSG_DEBUG, "PASN: FILS: RADIUS is not configured. Fail");
|
|
|
|
return -1;
|
|
|
|
#else /* CONFIG_NO_RADIUS */
|
2022-11-03 09:02:06 +01:00
|
|
|
struct pasn_data *pasn = sta->pasn;
|
2022-09-19 12:42:49 +02:00
|
|
|
struct pasn_fils *fils = &pasn->fils;
|
2020-12-16 12:00:56 +01:00
|
|
|
struct ieee802_11_elems elems;
|
|
|
|
struct wpa_ie_data rsne_data;
|
|
|
|
struct wpabuf *fils_wd;
|
|
|
|
const u8 *data;
|
|
|
|
size_t buf_len;
|
|
|
|
u16 alg, seq, status;
|
|
|
|
int ret;
|
|
|
|
|
|
|
|
if (fils->state != PASN_FILS_STATE_NONE) {
|
|
|
|
wpa_printf(MSG_DEBUG, "PASN: FILS: Not expecting wrapped data");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!wd) {
|
|
|
|
wpa_printf(MSG_DEBUG, "PASN: FILS: No wrapped data");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
data = wpabuf_head_u8(wd);
|
|
|
|
buf_len = wpabuf_len(wd);
|
|
|
|
|
|
|
|
if (buf_len < 6) {
|
2021-08-20 11:39:04 +02:00
|
|
|
wpa_printf(MSG_DEBUG, "PASN: FILS: Buffer too short. len=%zu",
|
2020-12-16 12:00:56 +01:00
|
|
|
buf_len);
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
alg = WPA_GET_LE16(data);
|
|
|
|
seq = WPA_GET_LE16(data + 2);
|
|
|
|
status = WPA_GET_LE16(data + 4);
|
|
|
|
|
|
|
|
wpa_printf(MSG_DEBUG, "PASN: FILS: alg=%u, seq=%u, status=%u",
|
|
|
|
alg, seq, status);
|
|
|
|
|
|
|
|
if (alg != WLAN_AUTH_FILS_SK || seq != 1 ||
|
|
|
|
status != WLAN_STATUS_SUCCESS) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"PASN: FILS: Dropping peer authentication");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
data += 6;
|
|
|
|
buf_len -= 6;
|
|
|
|
|
|
|
|
if (ieee802_11_parse_elems(data, buf_len, &elems, 1) == ParseFailed) {
|
|
|
|
wpa_printf(MSG_DEBUG, "PASN: FILS: Could not parse elements");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!elems.rsn_ie || !elems.fils_nonce || !elems.fils_nonce ||
|
2022-11-06 12:29:34 +01:00
|
|
|
!elems.wrapped_data || !elems.fils_session) {
|
2020-12-16 12:00:56 +01:00
|
|
|
wpa_printf(MSG_DEBUG, "PASN: FILS: Missing IEs");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
ret = wpa_parse_wpa_ie_rsn(elems.rsn_ie - 2, elems.rsn_ie_len + 2,
|
|
|
|
&rsne_data);
|
|
|
|
if (ret) {
|
2022-11-06 16:11:35 +01:00
|
|
|
wpa_printf(MSG_DEBUG, "PASN: FILS: Failed parsing RSNE");
|
2020-12-16 12:00:56 +01:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
ret = wpa_pasn_validate_rsne(&rsne_data);
|
|
|
|
if (ret) {
|
|
|
|
wpa_printf(MSG_DEBUG, "PASN: FILS: Failed validating RSNE");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (rsne_data.num_pmkid) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"PASN: FILS: Not expecting PMKID in RSNE");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
wpa_hexdump(MSG_DEBUG, "PASN: FILS: Nonce", elems.fils_nonce,
|
|
|
|
FILS_NONCE_LEN);
|
|
|
|
os_memcpy(fils->nonce, elems.fils_nonce, FILS_NONCE_LEN);
|
|
|
|
|
|
|
|
wpa_hexdump(MSG_DEBUG, "PASN: FILS: Session", elems.fils_session,
|
|
|
|
FILS_SESSION_LEN);
|
|
|
|
os_memcpy(fils->session, elems.fils_session, FILS_SESSION_LEN);
|
|
|
|
|
2023-11-21 00:51:18 +01:00
|
|
|
fils_wd = ieee802_11_defrag(elems.wrapped_data, elems.wrapped_data_len,
|
|
|
|
true);
|
2020-12-16 12:00:56 +01:00
|
|
|
|
|
|
|
if (!fils_wd) {
|
|
|
|
wpa_printf(MSG_DEBUG, "PASN: FILS: Missing wrapped data");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!sta->eapol_sm)
|
|
|
|
sta->eapol_sm = ieee802_1x_alloc_eapol_sm(hapd, sta);
|
|
|
|
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"PASN: FILS: Forward EAP-Initiate/Re-auth to AS");
|
|
|
|
|
|
|
|
ieee802_1x_encapsulate_radius(hapd, sta, wpabuf_head(fils_wd),
|
|
|
|
wpabuf_len(fils_wd));
|
|
|
|
|
|
|
|
sta->flags |= WLAN_STA_PENDING_PASN_FILS_ERP;
|
|
|
|
|
|
|
|
fils->state = PASN_FILS_STATE_PENDING_AS;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Calculate pending PMKID here so that we do not need to maintain a
|
|
|
|
* copy of the EAP-Initiate/Reautt message.
|
|
|
|
*/
|
|
|
|
fils_pmkid_erp(pasn->akmp, wpabuf_head(fils_wd), wpabuf_len(fils_wd),
|
|
|
|
fils->erp_pmkid);
|
|
|
|
|
|
|
|
wpabuf_free(fils_wd);
|
|
|
|
return 0;
|
2021-02-28 10:37:09 +01:00
|
|
|
#endif /* CONFIG_NO_RADIUS */
|
2020-12-16 12:00:56 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
#endif /* CONFIG_FILS */
|
|
|
|
|
|
|
|
|
2022-10-07 15:31:38 +02:00
|
|
|
static int hapd_pasn_send_mlme(void *ctx, const u8 *data, size_t data_len,
|
|
|
|
int noack, unsigned int freq, unsigned int wait)
|
|
|
|
{
|
|
|
|
struct hostapd_data *hapd = ctx;
|
|
|
|
|
|
|
|
return hostapd_drv_send_mlme(hapd, data, data_len, 0, NULL, 0, 0);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2022-09-29 00:31:00 +02:00
|
|
|
static void hapd_initialize_pasn(struct hostapd_data *hapd,
|
|
|
|
struct sta_info *sta)
|
|
|
|
{
|
2022-11-03 09:02:06 +01:00
|
|
|
struct pasn_data *pasn = sta->pasn;
|
2022-09-29 00:31:00 +02:00
|
|
|
|
|
|
|
pasn->cb_ctx = hapd;
|
2022-10-07 15:31:38 +02:00
|
|
|
pasn->send_mgmt = hapd_pasn_send_mlme;
|
2022-09-20 08:17:00 +02:00
|
|
|
pasn->pasn_groups = hapd->conf->pasn_groups;
|
2023-05-17 06:50:38 +02:00
|
|
|
pasn->noauth = hapd->conf->pasn_noauth;
|
2022-09-29 00:31:00 +02:00
|
|
|
pasn->wpa_key_mgmt = hapd->conf->wpa_key_mgmt;
|
|
|
|
pasn->rsn_pairwise = hapd->conf->rsn_pairwise;
|
|
|
|
pasn->derive_kdk = hapd->iface->drv_flags2 &
|
|
|
|
WPA_DRIVER_FLAGS2_SEC_LTF_AP;
|
|
|
|
#ifdef CONFIG_TESTING_OPTIONS
|
|
|
|
pasn->corrupt_mic = hapd->conf->pasn_corrupt_mic;
|
|
|
|
if (hapd->conf->force_kdk_derivation)
|
|
|
|
pasn->derive_kdk = true;
|
|
|
|
#endif /* CONFIG_TESTING_OPTIONS */
|
2022-09-20 08:17:00 +02:00
|
|
|
pasn->use_anti_clogging = use_anti_clogging(hapd);
|
2022-09-29 00:31:00 +02:00
|
|
|
pasn->password = sae_get_password(hapd, sta, NULL, NULL, &pasn->pt,
|
|
|
|
NULL);
|
2022-09-20 08:17:00 +02:00
|
|
|
pasn->rsn_ie = wpa_auth_get_wpa_ie(hapd->wpa_auth, &pasn->rsn_ie_len);
|
|
|
|
pasn->rsnxe_ie = hostapd_wpa_ie(hapd, WLAN_EID_RSNX);
|
2022-09-29 00:31:00 +02:00
|
|
|
pasn->disable_pmksa_caching = hapd->conf->disable_pmksa_caching;
|
|
|
|
pasn->pmksa = wpa_auth_get_pmksa_cache(hapd->wpa_auth);
|
2022-09-20 08:17:00 +02:00
|
|
|
|
|
|
|
pasn->comeback_after = hapd->conf->pasn_comeback_after;
|
|
|
|
pasn->comeback_idx = hapd->comeback_idx;
|
|
|
|
pasn->comeback_key = hapd->comeback_key;
|
|
|
|
pasn->comeback_pending_idx = hapd->comeback_pending_idx;
|
2022-11-04 11:45:31 +01:00
|
|
|
os_memcpy(pasn->bssid, hapd->own_addr, ETH_ALEN);
|
2022-09-29 00:31:00 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2022-07-07 22:14:54 +02:00
|
|
|
static int pasn_set_keys_from_cache(struct hostapd_data *hapd,
|
|
|
|
const u8 *own_addr, const u8 *sta_addr,
|
|
|
|
int cipher, int akmp)
|
|
|
|
{
|
|
|
|
struct ptksa_cache_entry *entry;
|
|
|
|
|
|
|
|
entry = ptksa_cache_get(hapd->ptksa, sta_addr, cipher);
|
|
|
|
if (!entry) {
|
|
|
|
wpa_printf(MSG_DEBUG, "PASN: peer " MACSTR
|
|
|
|
" not present in PTKSA cache", MAC2STR(sta_addr));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
Use ether_addr_equal() to compare whether two MAC addresses are equal
This was done with spatch using the following semantic patch and minor
manual edits to clean up coding style and avoid compiler warnings in
driver_wext.c:
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) == 0
+ ether_addr_equal(a, b)
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) != 0
+ !ether_addr_equal(a, b)
@@
expression a,b;
@@
- !os_memcmp(a, b, ETH_ALEN)
+ ether_addr_equal(a, b)
Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-13 22:15:36 +01:00
|
|
|
if (!ether_addr_equal(entry->own_addr, own_addr)) {
|
2022-07-07 22:14:54 +02:00
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"PASN: own addr " MACSTR " and PTKSA entry own addr "
|
|
|
|
MACSTR " differ",
|
|
|
|
MAC2STR(own_addr), MAC2STR(entry->own_addr));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
wpa_printf(MSG_DEBUG, "PASN: " MACSTR " present in PTKSA cache",
|
|
|
|
MAC2STR(sta_addr));
|
|
|
|
hostapd_drv_set_secure_ranging_ctx(hapd, own_addr, sta_addr, cipher,
|
|
|
|
entry->ptk.tk_len, entry->ptk.tk,
|
|
|
|
entry->ptk.ltf_keyseed_len,
|
|
|
|
entry->ptk.ltf_keyseed, 0);
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2022-09-20 08:17:00 +02:00
|
|
|
static void hapd_pasn_update_params(struct hostapd_data *hapd,
|
|
|
|
struct sta_info *sta,
|
|
|
|
const struct ieee80211_mgmt *mgmt,
|
|
|
|
size_t len)
|
|
|
|
{
|
2022-11-03 09:02:06 +01:00
|
|
|
struct pasn_data *pasn = sta->pasn;
|
2022-09-20 08:17:00 +02:00
|
|
|
struct ieee802_11_elems elems;
|
|
|
|
struct wpa_ie_data rsn_data;
|
2024-01-10 13:02:48 +01:00
|
|
|
#ifdef CONFIG_FILS
|
2022-09-20 08:17:00 +02:00
|
|
|
struct wpa_pasn_params_data pasn_params;
|
|
|
|
struct wpabuf *wrapped_data = NULL;
|
2024-01-10 13:02:48 +01:00
|
|
|
#endif /* CONFIG_FILS */
|
2022-09-20 08:17:00 +02:00
|
|
|
|
|
|
|
if (ieee802_11_parse_elems(mgmt->u.auth.variable,
|
|
|
|
len - offsetof(struct ieee80211_mgmt,
|
|
|
|
u.auth.variable),
|
|
|
|
&elems, 0) == ParseFailed) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"PASN: Failed parsing Authentication frame");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2022-11-06 12:29:34 +01:00
|
|
|
if (!elems.rsn_ie ||
|
|
|
|
wpa_parse_wpa_ie_rsn(elems.rsn_ie - 2, elems.rsn_ie_len + 2,
|
2022-09-20 08:17:00 +02:00
|
|
|
&rsn_data)) {
|
2022-11-06 16:11:35 +01:00
|
|
|
wpa_printf(MSG_DEBUG, "PASN: Failed parsing RSNE");
|
2022-09-20 08:17:00 +02:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!(rsn_data.key_mgmt & pasn->wpa_key_mgmt) ||
|
|
|
|
!(rsn_data.pairwise_cipher & pasn->rsn_pairwise)) {
|
|
|
|
wpa_printf(MSG_DEBUG, "PASN: Mismatch in AKMP/cipher");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
pasn->akmp = rsn_data.key_mgmt;
|
|
|
|
pasn->cipher = rsn_data.pairwise_cipher;
|
|
|
|
|
|
|
|
if (wpa_key_mgmt_ft(pasn->akmp) && rsn_data.num_pmkid) {
|
|
|
|
#ifdef CONFIG_IEEE80211R_AP
|
|
|
|
pasn->pmk_r1_len = 0;
|
|
|
|
wpa_ft_fetch_pmk_r1(hapd->wpa_auth, sta->addr,
|
|
|
|
rsn_data.pmkid,
|
|
|
|
pasn->pmk_r1, &pasn->pmk_r1_len, NULL,
|
|
|
|
NULL, NULL, NULL,
|
|
|
|
NULL, NULL, NULL);
|
|
|
|
#endif /* CONFIG_IEEE80211R_AP */
|
|
|
|
}
|
|
|
|
#ifdef CONFIG_FILS
|
|
|
|
if (pasn->akmp != WPA_KEY_MGMT_FILS_SHA256 &&
|
|
|
|
pasn->akmp != WPA_KEY_MGMT_FILS_SHA384)
|
|
|
|
return;
|
2022-11-06 12:29:34 +01:00
|
|
|
if (!elems.pasn_params ||
|
|
|
|
wpa_pasn_parse_parameter_ie(elems.pasn_params - 3,
|
2022-09-20 08:17:00 +02:00
|
|
|
elems.pasn_params_len + 3,
|
|
|
|
false, &pasn_params)) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"PASN: Failed validation of PASN Parameters element");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
if (pasn_params.wrapped_data_format != WPA_PASN_WRAPPED_DATA_NO) {
|
2023-11-21 00:51:18 +01:00
|
|
|
wrapped_data = ieee802_11_defrag(elems.wrapped_data,
|
|
|
|
elems.wrapped_data_len, true);
|
2022-09-20 08:17:00 +02:00
|
|
|
if (!wrapped_data) {
|
|
|
|
wpa_printf(MSG_DEBUG, "PASN: Missing wrapped data");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
if (pasn_wd_handle_fils(hapd, sta, wrapped_data))
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"PASN: Failed processing FILS wrapped data");
|
|
|
|
else
|
|
|
|
pasn->fils_wd_valid = true;
|
|
|
|
}
|
|
|
|
wpabuf_free(wrapped_data);
|
|
|
|
#endif /* CONFIG_FILS */
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2020-12-16 12:00:32 +01:00
|
|
|
static void handle_auth_pasn(struct hostapd_data *hapd, struct sta_info *sta,
|
|
|
|
const struct ieee80211_mgmt *mgmt, size_t len,
|
|
|
|
u16 trans_seq, u16 status)
|
|
|
|
{
|
|
|
|
if (hapd->conf->wpa != WPA_PROTO_RSN) {
|
|
|
|
wpa_printf(MSG_INFO, "PASN: RSN is not configured");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
wpa_printf(MSG_INFO, "PASN authentication: sta=" MACSTR,
|
|
|
|
MAC2STR(sta->addr));
|
|
|
|
|
|
|
|
if (trans_seq == 1) {
|
|
|
|
if (sta->pasn) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"PASN: Not expecting transaction == 1");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (status != WLAN_STATUS_SUCCESS) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"PASN: Failure status in transaction == 1");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
sta->pasn = os_zalloc(sizeof(*sta->pasn));
|
|
|
|
if (!sta->pasn) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"PASN: Failed to allocate PASN context");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2022-09-29 00:31:00 +02:00
|
|
|
hapd_initialize_pasn(hapd, sta);
|
2022-09-20 08:17:00 +02:00
|
|
|
|
|
|
|
hapd_pasn_update_params(hapd, sta, mgmt, len);
|
|
|
|
if (handle_auth_pasn_1(sta->pasn, hapd->own_addr,
|
|
|
|
sta->addr, mgmt, len) < 0)
|
|
|
|
ap_free_sta(hapd, sta);
|
2020-12-16 12:00:32 +01:00
|
|
|
} else if (trans_seq == 3) {
|
|
|
|
if (!sta->pasn) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"PASN: Not expecting transaction == 3");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (status != WLAN_STATUS_SUCCESS) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"PASN: Failure status in transaction == 3");
|
|
|
|
ap_free_sta_pasn(hapd, sta);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2022-09-20 08:17:00 +02:00
|
|
|
if (handle_auth_pasn_3(sta->pasn, hapd->own_addr,
|
|
|
|
sta->addr, mgmt, len) == 0) {
|
|
|
|
ptksa_cache_add(hapd->ptksa, hapd->own_addr, sta->addr,
|
|
|
|
sta->pasn->cipher, 43200,
|
2022-09-21 06:44:55 +02:00
|
|
|
&sta->pasn->ptk, NULL, NULL,
|
|
|
|
sta->pasn->akmp);
|
2022-09-20 08:17:00 +02:00
|
|
|
|
|
|
|
pasn_set_keys_from_cache(hapd, hapd->own_addr,
|
|
|
|
sta->addr, sta->pasn->cipher,
|
|
|
|
sta->pasn->akmp);
|
|
|
|
}
|
|
|
|
ap_free_sta(hapd, sta);
|
2020-12-16 12:00:32 +01:00
|
|
|
} else {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"PASN: Invalid transaction %u - ignore", trans_seq);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
#endif /* CONFIG_PASN */
|
|
|
|
|
|
|
|
|
2009-12-13 22:25:30 +01:00
|
|
|
static void handle_auth(struct hostapd_data *hapd,
|
2019-01-01 17:17:02 +01:00
|
|
|
const struct ieee80211_mgmt *mgmt, size_t len,
|
2019-03-01 18:54:51 +01:00
|
|
|
int rssi, int from_queue)
|
2008-02-28 02:34:43 +01:00
|
|
|
{
|
|
|
|
u16 auth_alg, auth_transaction, status_code;
|
|
|
|
u16 resp = WLAN_STATUS_SUCCESS;
|
|
|
|
struct sta_info *sta = NULL;
|
2016-02-16 10:54:32 +01:00
|
|
|
int res, reply_res;
|
2008-02-28 02:34:43 +01:00
|
|
|
u16 fc;
|
2009-12-13 22:25:30 +01:00
|
|
|
const u8 *challenge = NULL;
|
2008-02-28 02:34:43 +01:00
|
|
|
u8 resp_ies[2 + WLAN_AUTH_CHALLENGE_LEN];
|
|
|
|
size_t resp_ies_len = 0;
|
2014-11-05 09:50:34 +01:00
|
|
|
u16 seq_ctrl;
|
2019-04-28 13:14:57 +02:00
|
|
|
struct radius_sta rad_info;
|
2023-05-22 21:33:42 +02:00
|
|
|
const u8 *dst, *sa, *bssid;
|
|
|
|
bool mld_sta = false;
|
2019-04-28 13:14:57 +02:00
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
|
2013-11-02 11:51:30 +01:00
|
|
|
wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)",
|
|
|
|
(unsigned long) len);
|
2008-02-28 02:34:43 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2013-04-23 16:51:28 +02:00
|
|
|
#ifdef CONFIG_TESTING_OPTIONS
|
2014-04-26 10:09:29 +02:00
|
|
|
if (hapd->iconf->ignore_auth_probability > 0.0 &&
|
2013-04-23 16:51:28 +02:00
|
|
|
drand48() < hapd->iconf->ignore_auth_probability) {
|
|
|
|
wpa_printf(MSG_INFO,
|
|
|
|
"TESTING: ignoring auth frame from " MACSTR,
|
|
|
|
MAC2STR(mgmt->sa));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_TESTING_OPTIONS */
|
|
|
|
|
2023-05-22 21:33:42 +02:00
|
|
|
sa = mgmt->sa;
|
|
|
|
#ifdef CONFIG_IEEE80211BE
|
|
|
|
/*
|
|
|
|
* Handle MLO authentication before the station is added to hostapd and
|
|
|
|
* the driver so that the station MLD MAC address would be used in both
|
|
|
|
* hostapd and the driver.
|
|
|
|
*/
|
|
|
|
sa = hostapd_process_ml_auth(hapd, mgmt, len);
|
|
|
|
if (sa)
|
|
|
|
mld_sta = true;
|
|
|
|
else
|
|
|
|
sa = mgmt->sa;
|
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
|
|
|
|
auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction);
|
|
|
|
status_code = le_to_host16(mgmt->u.auth.status_code);
|
|
|
|
fc = le_to_host16(mgmt->frame_control);
|
2014-11-05 09:50:34 +01:00
|
|
|
seq_ctrl = le_to_host16(mgmt->seq_ctrl);
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
if (len >= IEEE80211_HDRLEN + sizeof(mgmt->u.auth) +
|
|
|
|
2 + WLAN_AUTH_CHALLENGE_LEN &&
|
|
|
|
mgmt->u.auth.variable[0] == WLAN_EID_CHALLENGE &&
|
|
|
|
mgmt->u.auth.variable[1] == WLAN_AUTH_CHALLENGE_LEN)
|
|
|
|
challenge = &mgmt->u.auth.variable[2];
|
|
|
|
|
|
|
|
wpa_printf(MSG_DEBUG, "authentication: STA=" MACSTR " auth_alg=%d "
|
2014-11-05 09:50:34 +01:00
|
|
|
"auth_transaction=%d status_code=%d wep=%d%s "
|
2019-03-01 18:54:51 +01:00
|
|
|
"seq_ctrl=0x%x%s%s",
|
2023-05-22 21:33:42 +02:00
|
|
|
MAC2STR(sa), auth_alg, auth_transaction,
|
2008-02-28 02:34:43 +01:00
|
|
|
status_code, !!(fc & WLAN_FC_ISWEP),
|
2014-11-05 09:50:34 +01:00
|
|
|
challenge ? " challenge" : "",
|
2019-03-01 18:54:51 +01:00
|
|
|
seq_ctrl, (fc & WLAN_FC_RETRY) ? " retry" : "",
|
|
|
|
from_queue ? " (from queue)" : "");
|
2008-02-28 02:34:43 +01:00
|
|
|
|
2015-08-01 22:37:07 +02:00
|
|
|
#ifdef CONFIG_NO_RC4
|
|
|
|
if (auth_alg == WLAN_AUTH_SHARED_KEY) {
|
|
|
|
wpa_printf(MSG_INFO,
|
|
|
|
"Unsupported authentication algorithm (%d)",
|
|
|
|
auth_alg);
|
|
|
|
resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_NO_RC4 */
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
if (hapd->tkip_countermeasures) {
|
2017-12-07 18:14:49 +01:00
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"Ongoing TKIP countermeasures (Michael MIC failure) - reject authentication");
|
2017-11-03 09:49:45 +01:00
|
|
|
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
2008-02-28 02:34:43 +01:00
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!(((hapd->conf->auth_algs & WPA_AUTH_ALG_OPEN) &&
|
|
|
|
auth_alg == WLAN_AUTH_OPEN) ||
|
2016-10-27 14:18:32 +02:00
|
|
|
#ifdef CONFIG_IEEE80211R_AP
|
2011-11-24 21:46:14 +01:00
|
|
|
(hapd->conf->wpa && wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt) &&
|
2008-02-28 02:34:43 +01:00
|
|
|
auth_alg == WLAN_AUTH_FT) ||
|
2016-10-27 14:18:32 +02:00
|
|
|
#endif /* CONFIG_IEEE80211R_AP */
|
2012-09-30 18:51:07 +02:00
|
|
|
#ifdef CONFIG_SAE
|
|
|
|
(hapd->conf->wpa && wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt) &&
|
|
|
|
auth_alg == WLAN_AUTH_SAE) ||
|
|
|
|
#endif /* CONFIG_SAE */
|
2015-09-04 23:04:21 +02:00
|
|
|
#ifdef CONFIG_FILS
|
|
|
|
(hapd->conf->wpa && wpa_key_mgmt_fils(hapd->conf->wpa_key_mgmt) &&
|
|
|
|
auth_alg == WLAN_AUTH_FILS_SK) ||
|
2017-03-12 21:40:56 +01:00
|
|
|
(hapd->conf->wpa && wpa_key_mgmt_fils(hapd->conf->wpa_key_mgmt) &&
|
|
|
|
hapd->conf->fils_dh_group &&
|
|
|
|
auth_alg == WLAN_AUTH_FILS_SK_PFS) ||
|
2015-09-04 23:04:21 +02:00
|
|
|
#endif /* CONFIG_FILS */
|
2020-12-16 12:00:32 +01:00
|
|
|
#ifdef CONFIG_PASN
|
|
|
|
(hapd->conf->wpa &&
|
|
|
|
(hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_PASN) &&
|
|
|
|
auth_alg == WLAN_AUTH_PASN) ||
|
|
|
|
#endif /* CONFIG_PASN */
|
2008-02-28 02:34:43 +01:00
|
|
|
((hapd->conf->auth_algs & WPA_AUTH_ALG_SHARED) &&
|
|
|
|
auth_alg == WLAN_AUTH_SHARED_KEY))) {
|
2013-11-02 11:51:30 +01:00
|
|
|
wpa_printf(MSG_INFO, "Unsupported authentication algorithm (%d)",
|
|
|
|
auth_alg);
|
2008-02-28 02:34:43 +01:00
|
|
|
resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
2012-09-30 18:51:07 +02:00
|
|
|
if (!(auth_transaction == 1 || auth_alg == WLAN_AUTH_SAE ||
|
2020-12-16 12:00:32 +01:00
|
|
|
#ifdef CONFIG_PASN
|
|
|
|
(auth_alg == WLAN_AUTH_PASN && auth_transaction == 3) ||
|
|
|
|
#endif /* CONFIG_PASN */
|
2008-02-28 02:34:43 +01:00
|
|
|
(auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 3))) {
|
2013-11-02 11:51:30 +01:00
|
|
|
wpa_printf(MSG_INFO, "Unknown authentication transaction number (%d)",
|
|
|
|
auth_transaction);
|
2008-02-28 02:34:43 +01:00
|
|
|
resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
Use ether_addr_equal() to compare whether two MAC addresses are equal
This was done with spatch using the following semantic patch and minor
manual edits to clean up coding style and avoid compiler warnings in
driver_wext.c:
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) == 0
+ ether_addr_equal(a, b)
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) != 0
+ !ether_addr_equal(a, b)
@@
expression a,b;
@@
- !os_memcmp(a, b, ETH_ALEN)
+ ether_addr_equal(a, b)
Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-13 22:15:36 +01:00
|
|
|
if (ether_addr_equal(mgmt->sa, hapd->own_addr)) {
|
2013-11-02 11:51:30 +01:00
|
|
|
wpa_printf(MSG_INFO, "Station " MACSTR " not allowed to authenticate",
|
2023-05-22 21:33:42 +02:00
|
|
|
MAC2STR(sa));
|
|
|
|
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (mld_sta &&
|
Use ether_addr_equal() to compare whether two MAC addresses are equal
This was done with spatch using the following semantic patch and minor
manual edits to clean up coding style and avoid compiler warnings in
driver_wext.c:
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) == 0
+ ether_addr_equal(a, b)
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) != 0
+ !ether_addr_equal(a, b)
@@
expression a,b;
@@
- !os_memcmp(a, b, ETH_ALEN)
+ ether_addr_equal(a, b)
Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-13 22:15:36 +01:00
|
|
|
(ether_addr_equal(sa, hapd->own_addr) ||
|
|
|
|
ether_addr_equal(sa, hapd->mld_addr))) {
|
2023-05-22 21:33:42 +02:00
|
|
|
wpa_printf(MSG_INFO,
|
|
|
|
"Station " MACSTR " not allowed to authenticate",
|
|
|
|
MAC2STR(sa));
|
2008-02-28 02:34:43 +01:00
|
|
|
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
2015-09-05 18:00:03 +02:00
|
|
|
if (hapd->conf->no_auth_if_seen_on) {
|
|
|
|
struct hostapd_data *other;
|
|
|
|
|
2023-05-22 21:33:42 +02:00
|
|
|
other = sta_track_seen_on(hapd->iface, sa,
|
2015-09-05 18:00:03 +02:00
|
|
|
hapd->conf->no_auth_if_seen_on);
|
|
|
|
if (other) {
|
|
|
|
u8 *pos;
|
|
|
|
u32 info;
|
|
|
|
u8 op_class, channel, phytype;
|
|
|
|
|
|
|
|
wpa_printf(MSG_DEBUG, "%s: Reject authentication from "
|
|
|
|
MACSTR " since STA has been seen on %s",
|
2023-05-22 21:33:42 +02:00
|
|
|
hapd->conf->iface, MAC2STR(sa),
|
2015-09-05 18:00:03 +02:00
|
|
|
hapd->conf->no_auth_if_seen_on);
|
|
|
|
|
|
|
|
resp = WLAN_STATUS_REJECTED_WITH_SUGGESTED_BSS_TRANSITION;
|
|
|
|
pos = &resp_ies[0];
|
|
|
|
*pos++ = WLAN_EID_NEIGHBOR_REPORT;
|
|
|
|
*pos++ = 13;
|
|
|
|
os_memcpy(pos, other->own_addr, ETH_ALEN);
|
|
|
|
pos += ETH_ALEN;
|
|
|
|
info = 0; /* TODO: BSSID Information */
|
|
|
|
WPA_PUT_LE32(pos, info);
|
|
|
|
pos += 4;
|
|
|
|
if (other->iconf->hw_mode == HOSTAPD_MODE_IEEE80211AD)
|
|
|
|
phytype = 8; /* dmg */
|
|
|
|
else if (other->iconf->ieee80211ac)
|
|
|
|
phytype = 9; /* vht */
|
|
|
|
else if (other->iconf->ieee80211n)
|
|
|
|
phytype = 7; /* ht */
|
|
|
|
else if (other->iconf->hw_mode ==
|
|
|
|
HOSTAPD_MODE_IEEE80211A)
|
|
|
|
phytype = 4; /* ofdm */
|
|
|
|
else if (other->iconf->hw_mode ==
|
|
|
|
HOSTAPD_MODE_IEEE80211G)
|
|
|
|
phytype = 6; /* erp */
|
|
|
|
else
|
|
|
|
phytype = 5; /* hrdsss */
|
|
|
|
if (ieee80211_freq_to_channel_ext(
|
|
|
|
hostapd_hw_get_freq(other,
|
|
|
|
other->iconf->channel),
|
|
|
|
other->iconf->secondary_channel,
|
|
|
|
other->iconf->ieee80211ac,
|
|
|
|
&op_class, &channel) == NUM_HOSTAPD_MODES) {
|
|
|
|
op_class = 0;
|
|
|
|
channel = other->iconf->channel;
|
|
|
|
}
|
|
|
|
*pos++ = op_class;
|
|
|
|
*pos++ = channel;
|
|
|
|
*pos++ = phytype;
|
|
|
|
resp_ies_len = pos - &resp_ies[0];
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-05-22 21:33:42 +02:00
|
|
|
res = ieee802_11_allowed_address(hapd, sa, (const u8 *) mgmt, len,
|
2019-12-29 22:24:10 +01:00
|
|
|
&rad_info);
|
2008-02-28 02:34:43 +01:00
|
|
|
if (res == HOSTAPD_ACL_REJECT) {
|
2018-02-14 14:43:56 +01:00
|
|
|
wpa_msg(hapd->msg_ctx, MSG_DEBUG,
|
|
|
|
"Ignore Authentication frame from " MACSTR
|
2023-05-22 21:33:42 +02:00
|
|
|
" due to ACL reject", MAC2STR(sa));
|
2008-02-28 02:34:43 +01:00
|
|
|
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto fail;
|
|
|
|
}
|
2017-01-17 13:51:02 +01:00
|
|
|
if (res == HOSTAPD_ACL_PENDING)
|
2008-02-28 02:34:43 +01:00
|
|
|
return;
|
|
|
|
|
2019-03-01 18:54:51 +01:00
|
|
|
#ifdef CONFIG_SAE
|
2019-03-14 23:03:29 +01:00
|
|
|
if (auth_alg == WLAN_AUTH_SAE && !from_queue &&
|
|
|
|
(auth_transaction == 1 ||
|
2023-05-22 21:33:42 +02:00
|
|
|
(auth_transaction == 2 && auth_sae_queued_addr(hapd, sa)))) {
|
2019-03-01 18:54:51 +01:00
|
|
|
/* Handle SAE Authentication commit message through a queue to
|
|
|
|
* provide more control for postponing the needed heavy
|
2019-03-14 23:03:29 +01:00
|
|
|
* processing under a possible DoS attack scenario. In addition,
|
|
|
|
* queue SAE Authentication confirm message if there happens to
|
|
|
|
* be a queued commit message from the same peer. This is needed
|
|
|
|
* to avoid reordering Authentication frames within the same
|
|
|
|
* SAE exchange. */
|
|
|
|
auth_sae_queue(hapd, mgmt, len, rssi);
|
2019-03-01 18:54:51 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_SAE */
|
|
|
|
|
2023-05-22 21:33:42 +02:00
|
|
|
sta = ap_get_sta(hapd, sa);
|
2014-11-05 09:50:34 +01:00
|
|
|
if (sta) {
|
2015-09-04 23:04:21 +02:00
|
|
|
sta->flags &= ~WLAN_STA_PENDING_FILS_ERP;
|
2019-01-04 21:58:56 +01:00
|
|
|
sta->ft_over_ds = 0;
|
2014-11-05 09:50:34 +01:00
|
|
|
if ((fc & WLAN_FC_RETRY) &&
|
|
|
|
sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ &&
|
|
|
|
sta->last_seq_ctrl == seq_ctrl &&
|
|
|
|
sta->last_subtype == WLAN_FC_STYPE_AUTH) {
|
|
|
|
hostapd_logger(hapd, sta->addr,
|
|
|
|
HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
|
|
|
"Drop repeated authentication frame seq_ctrl=0x%x",
|
|
|
|
seq_ctrl);
|
|
|
|
return;
|
|
|
|
}
|
2016-02-17 11:48:53 +01:00
|
|
|
#ifdef CONFIG_MESH
|
|
|
|
if ((hapd->conf->mesh & MESH_ENABLED) &&
|
|
|
|
sta->plink_state == PLINK_BLOCKED) {
|
|
|
|
wpa_printf(MSG_DEBUG, "Mesh peer " MACSTR
|
|
|
|
" is blocked - drop Authentication frame",
|
2023-05-22 21:33:42 +02:00
|
|
|
MAC2STR(sa));
|
2016-02-17 11:48:53 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_MESH */
|
2020-12-16 12:00:32 +01:00
|
|
|
#ifdef CONFIG_PASN
|
|
|
|
if (auth_alg == WLAN_AUTH_PASN &&
|
|
|
|
(sta->flags & WLAN_STA_ASSOC)) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"PASN: auth: Existing station: " MACSTR,
|
|
|
|
MAC2STR(sta->addr));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_PASN */
|
2014-11-05 09:50:34 +01:00
|
|
|
} else {
|
2014-09-01 06:23:30 +02:00
|
|
|
#ifdef CONFIG_MESH
|
2014-11-05 09:50:34 +01:00
|
|
|
if (hapd->conf->mesh & MESH_ENABLED) {
|
|
|
|
/* if the mesh peer is not available, we don't do auth.
|
|
|
|
*/
|
2014-12-23 12:44:38 +01:00
|
|
|
wpa_printf(MSG_DEBUG, "Mesh peer " MACSTR
|
2016-02-17 11:48:53 +01:00
|
|
|
" not yet known - drop Authentication frame",
|
2023-05-22 21:33:42 +02:00
|
|
|
MAC2STR(sa));
|
2014-12-23 12:44:38 +01:00
|
|
|
/*
|
|
|
|
* Save a copy of the frame so that it can be processed
|
|
|
|
* if a new peer entry is added shortly after this.
|
|
|
|
*/
|
|
|
|
wpabuf_free(hapd->mesh_pending_auth);
|
|
|
|
hapd->mesh_pending_auth = wpabuf_alloc_copy(mgmt, len);
|
|
|
|
os_get_reltime(&hapd->mesh_pending_auth_time);
|
2014-09-01 06:23:30 +02:00
|
|
|
return;
|
2014-11-05 09:50:34 +01:00
|
|
|
}
|
2014-09-01 06:23:30 +02:00
|
|
|
#endif /* CONFIG_MESH */
|
2014-11-05 09:50:34 +01:00
|
|
|
|
2023-05-22 21:33:42 +02:00
|
|
|
sta = ap_sta_add(hapd, sa);
|
2014-09-01 06:23:30 +02:00
|
|
|
if (!sta) {
|
2017-12-07 18:14:49 +01:00
|
|
|
wpa_printf(MSG_DEBUG, "ap_sta_add() failed");
|
2014-09-01 06:23:30 +02:00
|
|
|
resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
|
|
|
|
goto fail;
|
|
|
|
}
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
2023-05-22 21:33:42 +02:00
|
|
|
|
|
|
|
#ifdef CONFIG_IEEE80211BE
|
|
|
|
if (auth_transaction == 1) {
|
2024-01-21 20:06:18 +01:00
|
|
|
ap_sta_free_sta_profile(&sta->mld_info);
|
2023-05-22 21:33:42 +02:00
|
|
|
os_memset(&sta->mld_info, 0, sizeof(sta->mld_info));
|
|
|
|
|
|
|
|
if (mld_sta) {
|
|
|
|
u8 link_id = hapd->mld_link_id;
|
|
|
|
|
2024-01-21 18:06:36 +01:00
|
|
|
ap_sta_set_mld(sta, true);
|
2023-05-22 21:33:42 +02:00
|
|
|
sta->mld_assoc_link_id = link_id;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Set the MLD address as the station address and the
|
|
|
|
* station addresses.
|
|
|
|
*/
|
|
|
|
os_memcpy(sta->mld_info.common_info.mld_addr, sa,
|
|
|
|
ETH_ALEN);
|
|
|
|
os_memcpy(sta->mld_info.links[link_id].peer_addr,
|
|
|
|
mgmt->sa, ETH_ALEN);
|
|
|
|
os_memcpy(sta->mld_info.links[link_id].local_addr,
|
|
|
|
hapd->own_addr, ETH_ALEN);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
|
|
|
|
2014-11-05 09:50:34 +01:00
|
|
|
sta->last_seq_ctrl = seq_ctrl;
|
|
|
|
sta->last_subtype = WLAN_FC_STYPE_AUTH;
|
2019-01-01 17:17:02 +01:00
|
|
|
#ifdef CONFIG_MBO
|
|
|
|
sta->auth_rssi = rssi;
|
|
|
|
#endif /* CONFIG_MBO */
|
2008-02-28 02:34:43 +01:00
|
|
|
|
2019-04-28 13:14:57 +02:00
|
|
|
res = ieee802_11_set_radius_info(hapd, sta, res, &rad_info);
|
2017-01-17 13:51:02 +01:00
|
|
|
if (res) {
|
2017-12-07 18:14:49 +01:00
|
|
|
wpa_printf(MSG_DEBUG, "ieee802_11_set_radius_info() failed");
|
2016-01-21 14:52:00 +01:00
|
|
|
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto fail;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
2012-08-19 13:20:10 +02:00
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
sta->flags &= ~WLAN_STA_PREAUTH;
|
|
|
|
ieee802_1x_notify_pre_auth(sta->eapol_sm, 0);
|
|
|
|
|
2016-02-16 10:54:32 +01:00
|
|
|
/*
|
|
|
|
* If the driver supports full AP client state, add a station to the
|
|
|
|
* driver before sending authentication reply to make sure the driver
|
|
|
|
* has resources, and not to go through the entire authentication and
|
|
|
|
* association handshake, and fail it at the end.
|
|
|
|
*
|
|
|
|
* If this is not the first transaction, in a multi-step authentication
|
|
|
|
* algorithm, the station already exists in the driver
|
|
|
|
* (sta->added_unassoc = 1) so skip it.
|
|
|
|
*
|
|
|
|
* In mesh mode, the station was already added to the driver when the
|
|
|
|
* NEW_PEER_CANDIDATE event is received.
|
2016-11-29 15:15:31 +01:00
|
|
|
*
|
|
|
|
* If PMF was negotiated for the existing association, skip this to
|
|
|
|
* avoid dropping the STA entry and the associated keys. This is needed
|
|
|
|
* to allow the original connection work until the attempt can complete
|
|
|
|
* (re)association, so that unprotected Authentication frame cannot be
|
|
|
|
* used to bypass PMF protection.
|
2020-12-16 12:00:32 +01:00
|
|
|
*
|
|
|
|
* PASN authentication does not require adding/removing station to the
|
|
|
|
* driver so skip this flow in case of PASN authentication.
|
2016-02-16 10:54:32 +01:00
|
|
|
*/
|
|
|
|
if (FULL_AP_CLIENT_STATE_SUPP(hapd->iface->drv_flags) &&
|
2016-11-29 15:15:31 +01:00
|
|
|
(!(sta->flags & WLAN_STA_MFP) || !ap_sta_is_authorized(sta)) &&
|
2016-02-16 10:54:32 +01:00
|
|
|
!(hapd->conf->mesh & MESH_ENABLED) &&
|
2020-12-16 12:00:32 +01:00
|
|
|
!(sta->added_unassoc) && auth_alg != WLAN_AUTH_PASN) {
|
2020-04-04 20:50:37 +02:00
|
|
|
if (ap_sta_re_add(hapd, sta) < 0) {
|
2016-02-16 10:54:32 +01:00
|
|
|
resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
switch (auth_alg) {
|
|
|
|
case WLAN_AUTH_OPEN:
|
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
|
|
|
"authentication OK (open system)");
|
|
|
|
sta->flags |= WLAN_STA_AUTH;
|
|
|
|
wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
|
|
|
|
sta->auth_alg = WLAN_AUTH_OPEN;
|
|
|
|
mlme_authenticate_indication(hapd, sta);
|
|
|
|
break;
|
2020-02-29 15:52:39 +01:00
|
|
|
#ifdef CONFIG_WEP
|
2015-08-01 22:37:07 +02:00
|
|
|
#ifndef CONFIG_NO_RC4
|
2008-02-28 02:34:43 +01:00
|
|
|
case WLAN_AUTH_SHARED_KEY:
|
|
|
|
resp = auth_shared_key(hapd, sta, auth_transaction, challenge,
|
|
|
|
fc & WLAN_FC_ISWEP);
|
2017-12-07 18:14:49 +01:00
|
|
|
if (resp != 0)
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"auth_shared_key() failed: status=%d", resp);
|
2008-02-28 02:34:43 +01:00
|
|
|
sta->auth_alg = WLAN_AUTH_SHARED_KEY;
|
|
|
|
mlme_authenticate_indication(hapd, sta);
|
|
|
|
if (sta->challenge && auth_transaction == 1) {
|
|
|
|
resp_ies[0] = WLAN_EID_CHALLENGE;
|
|
|
|
resp_ies[1] = WLAN_AUTH_CHALLENGE_LEN;
|
|
|
|
os_memcpy(resp_ies + 2, sta->challenge,
|
|
|
|
WLAN_AUTH_CHALLENGE_LEN);
|
|
|
|
resp_ies_len = 2 + WLAN_AUTH_CHALLENGE_LEN;
|
|
|
|
}
|
|
|
|
break;
|
2015-08-01 22:37:07 +02:00
|
|
|
#endif /* CONFIG_NO_RC4 */
|
2020-02-29 15:52:39 +01:00
|
|
|
#endif /* CONFIG_WEP */
|
2016-10-27 14:18:32 +02:00
|
|
|
#ifdef CONFIG_IEEE80211R_AP
|
2008-02-28 02:34:43 +01:00
|
|
|
case WLAN_AUTH_FT:
|
|
|
|
sta->auth_alg = WLAN_AUTH_FT;
|
|
|
|
if (sta->wpa_sm == NULL)
|
|
|
|
sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
|
2013-09-01 10:05:19 +02:00
|
|
|
sta->addr, NULL);
|
2008-02-28 02:34:43 +01:00
|
|
|
if (sta->wpa_sm == NULL) {
|
|
|
|
wpa_printf(MSG_DEBUG, "FT: Failed to initialize WPA "
|
|
|
|
"state machine");
|
|
|
|
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
wpa_ft_process_auth(sta->wpa_sm, mgmt->bssid,
|
|
|
|
auth_transaction, mgmt->u.auth.variable,
|
|
|
|
len - IEEE80211_HDRLEN -
|
|
|
|
sizeof(mgmt->u.auth),
|
|
|
|
handle_auth_ft_finish, hapd);
|
|
|
|
/* handle_auth_ft_finish() callback will complete auth. */
|
|
|
|
return;
|
2016-10-27 14:18:32 +02:00
|
|
|
#endif /* CONFIG_IEEE80211R_AP */
|
2012-09-30 18:51:07 +02:00
|
|
|
#ifdef CONFIG_SAE
|
|
|
|
case WLAN_AUTH_SAE:
|
2014-09-01 06:23:30 +02:00
|
|
|
#ifdef CONFIG_MESH
|
2014-12-14 22:52:02 +01:00
|
|
|
if (status_code == WLAN_STATUS_SUCCESS &&
|
|
|
|
hapd->conf->mesh & MESH_ENABLED) {
|
2014-09-01 06:23:30 +02:00
|
|
|
if (sta->wpa_sm == NULL)
|
|
|
|
sta->wpa_sm =
|
|
|
|
wpa_auth_sta_init(hapd->wpa_auth,
|
|
|
|
sta->addr, NULL);
|
|
|
|
if (sta->wpa_sm == NULL) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"SAE: Failed to initialize WPA state machine");
|
|
|
|
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_MESH */
|
2014-12-14 22:52:02 +01:00
|
|
|
handle_auth_sae(hapd, sta, mgmt, len, auth_transaction,
|
|
|
|
status_code);
|
2012-09-30 18:51:07 +02:00
|
|
|
return;
|
|
|
|
#endif /* CONFIG_SAE */
|
2015-09-04 23:04:21 +02:00
|
|
|
#ifdef CONFIG_FILS
|
|
|
|
case WLAN_AUTH_FILS_SK:
|
2017-03-12 21:40:56 +01:00
|
|
|
case WLAN_AUTH_FILS_SK_PFS:
|
2017-04-23 17:24:38 +02:00
|
|
|
handle_auth_fils(hapd, sta, mgmt->u.auth.variable,
|
|
|
|
len - IEEE80211_HDRLEN - sizeof(mgmt->u.auth),
|
2017-04-21 17:42:00 +02:00
|
|
|
auth_alg, auth_transaction, status_code,
|
|
|
|
handle_auth_fils_finish);
|
2015-09-04 23:04:21 +02:00
|
|
|
return;
|
|
|
|
#endif /* CONFIG_FILS */
|
2020-12-16 12:00:32 +01:00
|
|
|
#ifdef CONFIG_PASN
|
|
|
|
case WLAN_AUTH_PASN:
|
|
|
|
handle_auth_pasn(hapd, sta, mgmt, len, auth_transaction,
|
|
|
|
status_code);
|
|
|
|
return;
|
|
|
|
#endif /* CONFIG_PASN */
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
fail:
|
2023-05-22 21:33:42 +02:00
|
|
|
dst = mgmt->sa;
|
|
|
|
bssid = mgmt->bssid;
|
|
|
|
|
|
|
|
#ifdef CONFIG_IEEE80211BE
|
|
|
|
/*
|
|
|
|
* Once a non-AP MLD is added to the driver, the addressing should use
|
|
|
|
* the MLD MAC address. It is the responsibility of the driver to
|
|
|
|
* handle the translations.
|
|
|
|
*/
|
2024-01-21 17:45:28 +01:00
|
|
|
if (ap_sta_is_mld(hapd, sta)) {
|
2023-05-22 21:33:42 +02:00
|
|
|
dst = sta->addr;
|
|
|
|
bssid = hapd->mld_addr;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
|
|
|
|
|
|
|
reply_res = send_auth_reply(hapd, sta, dst, bssid, auth_alg,
|
2021-07-14 08:59:26 +02:00
|
|
|
auth_alg == WLAN_AUTH_SAE ?
|
|
|
|
auth_transaction : auth_transaction + 1,
|
|
|
|
resp, resp_ies, resp_ies_len,
|
|
|
|
"handle-auth");
|
2016-02-16 10:54:32 +01:00
|
|
|
|
|
|
|
if (sta && sta->added_unassoc && (resp != WLAN_STATUS_SUCCESS ||
|
|
|
|
reply_res != WLAN_STATUS_SUCCESS)) {
|
|
|
|
hostapd_drv_sta_remove(hapd, sta->addr);
|
|
|
|
sta->added_unassoc = 0;
|
|
|
|
}
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2022-12-01 04:18:36 +01:00
|
|
|
static u8 hostapd_max_bssid_indicator(struct hostapd_data *hapd)
|
|
|
|
{
|
|
|
|
size_t num_bss_nontx;
|
|
|
|
u8 max_bssid_ind = 0;
|
|
|
|
|
|
|
|
if (!hapd->iconf->mbssid || hapd->iface->num_bss <= 1)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
num_bss_nontx = hapd->iface->num_bss - 1;
|
|
|
|
while (num_bss_nontx > 0) {
|
|
|
|
max_bssid_ind++;
|
|
|
|
num_bss_nontx >>= 1;
|
|
|
|
}
|
|
|
|
return max_bssid_ind;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2023-05-22 21:33:44 +02:00
|
|
|
static u32 hostapd_get_aid_word(struct hostapd_data *hapd,
|
|
|
|
struct sta_info *sta, int i)
|
|
|
|
{
|
|
|
|
#ifdef CONFIG_IEEE80211BE
|
|
|
|
u32 aid_word = 0;
|
|
|
|
|
|
|
|
/* Do not assign an AID that is in use on any of the affiliated links
|
|
|
|
* when finding an AID for a non-AP MLD. */
|
|
|
|
if (hapd->conf->mld_ap) {
|
|
|
|
int j;
|
|
|
|
|
|
|
|
for (j = 0; j < MAX_NUM_MLD_LINKS; j++) {
|
|
|
|
struct hostapd_data *link_bss;
|
|
|
|
|
|
|
|
if (!sta->mld_info.links[j].valid)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
link_bss = hostapd_mld_get_link_bss(hapd, j);
|
|
|
|
if (!link_bss) {
|
|
|
|
/* This shouldn't happen, just skip */
|
|
|
|
wpa_printf(MSG_ERROR,
|
|
|
|
"MLD: Failed to get link BSS for AID");
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
aid_word |= link_bss->sta_aid[i];
|
|
|
|
}
|
|
|
|
|
|
|
|
return aid_word;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
|
|
|
|
|
|
|
return hapd->sta_aid[i];
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2015-10-05 14:16:40 +02:00
|
|
|
int hostapd_get_aid(struct hostapd_data *hapd, struct sta_info *sta)
|
2009-03-25 14:35:00 +01:00
|
|
|
{
|
2009-03-25 14:54:25 +01:00
|
|
|
int i, j = 32, aid;
|
|
|
|
|
2023-08-03 14:33:55 +02:00
|
|
|
/* Transmitted and non-transmitted BSSIDs share the same AID pool, so
|
|
|
|
* use the shared storage in the transmitted BSS to find the next
|
|
|
|
* available value. */
|
|
|
|
hapd = hostapd_mbssid_get_tx_bss(hapd);
|
|
|
|
|
2009-03-25 14:35:00 +01:00
|
|
|
/* get a unique AID */
|
|
|
|
if (sta->aid > 0) {
|
|
|
|
wpa_printf(MSG_DEBUG, " old AID %d", sta->aid);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2016-06-28 19:44:26 +02:00
|
|
|
if (TEST_FAIL())
|
|
|
|
return -1;
|
|
|
|
|
2009-03-25 14:54:25 +01:00
|
|
|
for (i = 0; i < AID_WORDS; i++) {
|
2023-05-22 21:33:44 +02:00
|
|
|
u32 aid_word = hostapd_get_aid_word(hapd, sta, i);
|
|
|
|
|
|
|
|
if (aid_word == (u32) -1)
|
2009-03-25 14:54:25 +01:00
|
|
|
continue;
|
|
|
|
for (j = 0; j < 32; j++) {
|
2023-05-22 21:33:44 +02:00
|
|
|
if (!(aid_word & BIT(j)))
|
2009-03-25 14:54:25 +01:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (j < 32)
|
2009-03-25 14:35:00 +01:00
|
|
|
break;
|
|
|
|
}
|
2009-03-25 14:54:25 +01:00
|
|
|
if (j == 32)
|
|
|
|
return -1;
|
2022-12-01 04:18:42 +01:00
|
|
|
aid = i * 32 + j + (1 << hostapd_max_bssid_indicator(hapd));
|
2009-03-25 14:54:25 +01:00
|
|
|
if (aid > 2007)
|
|
|
|
return -1;
|
2009-03-25 14:35:00 +01:00
|
|
|
|
2009-03-25 14:54:25 +01:00
|
|
|
sta->aid = aid;
|
|
|
|
hapd->sta_aid[i] |= BIT(j);
|
2009-03-25 14:35:00 +01:00
|
|
|
wpa_printf(MSG_DEBUG, " new AID %d", sta->aid);
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2009-11-29 21:14:57 +01:00
|
|
|
static u16 check_ssid(struct hostapd_data *hapd, struct sta_info *sta,
|
|
|
|
const u8 *ssid_ie, size_t ssid_ie_len)
|
2008-02-28 02:34:43 +01:00
|
|
|
{
|
2009-11-29 21:14:57 +01:00
|
|
|
if (ssid_ie == NULL)
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
2008-02-28 02:34:43 +01:00
|
|
|
|
2009-11-29 21:14:57 +01:00
|
|
|
if (ssid_ie_len != hapd->conf->ssid.ssid_len ||
|
|
|
|
os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0) {
|
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_INFO,
|
|
|
|
"Station tried to associate with unknown SSID "
|
2014-01-31 21:20:41 +01:00
|
|
|
"'%s'", wpa_ssid_txt(ssid_ie, ssid_ie_len));
|
2009-11-29 21:14:57 +01:00
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
2008-02-28 02:54:06 +01:00
|
|
|
}
|
|
|
|
|
2009-11-29 21:14:57 +01:00
|
|
|
return WLAN_STATUS_SUCCESS;
|
|
|
|
}
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
|
2009-11-29 21:14:57 +01:00
|
|
|
static u16 check_wmm(struct hostapd_data *hapd, struct sta_info *sta,
|
|
|
|
const u8 *wmm_ie, size_t wmm_ie_len)
|
|
|
|
{
|
2009-03-04 11:33:24 +01:00
|
|
|
sta->flags &= ~WLAN_STA_WMM;
|
2011-12-17 11:38:06 +01:00
|
|
|
sta->qosinfo = 0;
|
2009-11-29 21:14:57 +01:00
|
|
|
if (wmm_ie && hapd->conf->wmm_enabled) {
|
2011-12-17 10:55:14 +01:00
|
|
|
struct wmm_information_element *wmm;
|
|
|
|
|
2011-12-17 11:41:00 +01:00
|
|
|
if (!hostapd_eid_wmm_valid(hapd, wmm_ie, wmm_ie_len)) {
|
2008-02-28 02:34:43 +01:00
|
|
|
hostapd_logger(hapd, sta->addr,
|
|
|
|
HOSTAPD_MODULE_WPA,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
2009-03-04 11:33:24 +01:00
|
|
|
"invalid WMM element in association "
|
2008-02-28 02:34:43 +01:00
|
|
|
"request");
|
2011-12-17 10:55:14 +01:00
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
}
|
|
|
|
|
|
|
|
sta->flags |= WLAN_STA_WMM;
|
|
|
|
wmm = (struct wmm_information_element *) wmm_ie;
|
2011-12-17 11:38:06 +01:00
|
|
|
sta->qosinfo = wmm->qos_info;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
2009-11-29 21:14:57 +01:00
|
|
|
return WLAN_STATUS_SUCCESS;
|
|
|
|
}
|
2008-02-28 02:34:43 +01:00
|
|
|
|
2018-12-05 11:23:51 +01:00
|
|
|
static u16 check_multi_ap(struct hostapd_data *hapd, struct sta_info *sta,
|
|
|
|
const u8 *multi_ap_ie, size_t multi_ap_len)
|
|
|
|
{
|
|
|
|
u8 multi_ap_value = 0;
|
|
|
|
|
|
|
|
sta->flags &= ~WLAN_STA_MULTI_AP;
|
|
|
|
|
|
|
|
if (!hapd->conf->multi_ap)
|
|
|
|
return WLAN_STATUS_SUCCESS;
|
|
|
|
|
|
|
|
if (multi_ap_ie) {
|
|
|
|
const u8 *multi_ap_subelem;
|
|
|
|
|
|
|
|
multi_ap_subelem = get_ie(multi_ap_ie + 4,
|
|
|
|
multi_ap_len - 4,
|
|
|
|
MULTI_AP_SUB_ELEM_TYPE);
|
|
|
|
if (multi_ap_subelem && multi_ap_subelem[1] == 1) {
|
|
|
|
multi_ap_value = multi_ap_subelem[2];
|
|
|
|
} else {
|
|
|
|
hostapd_logger(hapd, sta->addr,
|
|
|
|
HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_INFO,
|
|
|
|
"Multi-AP IE has missing or invalid Multi-AP subelement");
|
|
|
|
return WLAN_STATUS_INVALID_IE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
Multi-AP: Don't reject backhaul STA on fronthaul BSS
The Multi-AP specification only specifies that information elements have
to be added to the Association Request and Association Response frame;
it doesn't specify anything about what should be done in case they are
missing. Previously, we rejected non-backhaul associations on a
backhaul-only BSS, and non-fronthaul associations on a fronthaul-only
BSS.
However, this makes WPS fail when fronthaul and backhaul are separate
SSIDs. Indeed, WPS for the backhaul link is performed on the *fronthaul*
SSID. Thus, the Association Request frmae used for WPS *will* contain
the Multi-AP IE indicating a backhaul STA. Rejecting that association
makes WPS fail.
Therefore, accept a multi-AP backhaul STA Association Request frame on a
fronthaul-only BSS. Still issue a warning about it, but only at level
DEBUG intead of INFO. Also change the condition checking to make it
clearer.
While we're at it, also fix the handling of unexpected bits in the
Multi-AP IE. 4 bits are reserved in the specification, so these
certainly have to be ignored. The specification also doesn't say that
setting one of the other bits is not allowed. Therefore, only report
unexpected values in the Multi-AP IE, don't reject because of it. Note
that a malformed IE (containing more than one byte) still triggers a
rejection.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-02-12 15:35:23 +01:00
|
|
|
if (multi_ap_value && multi_ap_value != MULTI_AP_BACKHAUL_STA)
|
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_INFO,
|
|
|
|
"Multi-AP IE with unexpected value 0x%02x",
|
|
|
|
multi_ap_value);
|
2018-12-05 11:23:51 +01:00
|
|
|
|
Multi-AP: Don't reject backhaul STA on fronthaul BSS
The Multi-AP specification only specifies that information elements have
to be added to the Association Request and Association Response frame;
it doesn't specify anything about what should be done in case they are
missing. Previously, we rejected non-backhaul associations on a
backhaul-only BSS, and non-fronthaul associations on a fronthaul-only
BSS.
However, this makes WPS fail when fronthaul and backhaul are separate
SSIDs. Indeed, WPS for the backhaul link is performed on the *fronthaul*
SSID. Thus, the Association Request frmae used for WPS *will* contain
the Multi-AP IE indicating a backhaul STA. Rejecting that association
makes WPS fail.
Therefore, accept a multi-AP backhaul STA Association Request frame on a
fronthaul-only BSS. Still issue a warning about it, but only at level
DEBUG intead of INFO. Also change the condition checking to make it
clearer.
While we're at it, also fix the handling of unexpected bits in the
Multi-AP IE. 4 bits are reserved in the specification, so these
certainly have to be ignored. The specification also doesn't say that
setting one of the other bits is not allowed. Therefore, only report
unexpected values in the Multi-AP IE, don't reject because of it. Note
that a malformed IE (containing more than one byte) still triggers a
rejection.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-02-12 15:35:23 +01:00
|
|
|
if (!(multi_ap_value & MULTI_AP_BACKHAUL_STA)) {
|
|
|
|
if (hapd->conf->multi_ap & FRONTHAUL_BSS)
|
|
|
|
return WLAN_STATUS_SUCCESS;
|
2018-12-05 11:23:51 +01:00
|
|
|
|
Multi-AP: Don't reject backhaul STA on fronthaul BSS
The Multi-AP specification only specifies that information elements have
to be added to the Association Request and Association Response frame;
it doesn't specify anything about what should be done in case they are
missing. Previously, we rejected non-backhaul associations on a
backhaul-only BSS, and non-fronthaul associations on a fronthaul-only
BSS.
However, this makes WPS fail when fronthaul and backhaul are separate
SSIDs. Indeed, WPS for the backhaul link is performed on the *fronthaul*
SSID. Thus, the Association Request frmae used for WPS *will* contain
the Multi-AP IE indicating a backhaul STA. Rejecting that association
makes WPS fail.
Therefore, accept a multi-AP backhaul STA Association Request frame on a
fronthaul-only BSS. Still issue a warning about it, but only at level
DEBUG intead of INFO. Also change the condition checking to make it
clearer.
While we're at it, also fix the handling of unexpected bits in the
Multi-AP IE. 4 bits are reserved in the specification, so these
certainly have to be ignored. The specification also doesn't say that
setting one of the other bits is not allowed. Therefore, only report
unexpected values in the Multi-AP IE, don't reject because of it. Note
that a malformed IE (containing more than one byte) still triggers a
rejection.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-02-12 15:35:23 +01:00
|
|
|
hostapd_logger(hapd, sta->addr,
|
|
|
|
HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_INFO,
|
|
|
|
"Non-Multi-AP STA tries to associate with backhaul-only BSS");
|
|
|
|
return WLAN_STATUS_ASSOC_DENIED_UNSPEC;
|
2018-12-05 11:23:51 +01:00
|
|
|
}
|
|
|
|
|
Multi-AP: Don't reject backhaul STA on fronthaul BSS
The Multi-AP specification only specifies that information elements have
to be added to the Association Request and Association Response frame;
it doesn't specify anything about what should be done in case they are
missing. Previously, we rejected non-backhaul associations on a
backhaul-only BSS, and non-fronthaul associations on a fronthaul-only
BSS.
However, this makes WPS fail when fronthaul and backhaul are separate
SSIDs. Indeed, WPS for the backhaul link is performed on the *fronthaul*
SSID. Thus, the Association Request frmae used for WPS *will* contain
the Multi-AP IE indicating a backhaul STA. Rejecting that association
makes WPS fail.
Therefore, accept a multi-AP backhaul STA Association Request frame on a
fronthaul-only BSS. Still issue a warning about it, but only at level
DEBUG intead of INFO. Also change the condition checking to make it
clearer.
While we're at it, also fix the handling of unexpected bits in the
Multi-AP IE. 4 bits are reserved in the specification, so these
certainly have to be ignored. The specification also doesn't say that
setting one of the other bits is not allowed. Therefore, only report
unexpected values in the Multi-AP IE, don't reject because of it. Note
that a malformed IE (containing more than one byte) still triggers a
rejection.
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2019-02-12 15:35:23 +01:00
|
|
|
if (!(hapd->conf->multi_ap & BACKHAUL_BSS))
|
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
|
|
|
"Backhaul STA tries to associate with fronthaul-only BSS");
|
|
|
|
|
|
|
|
sta->flags |= WLAN_STA_MULTI_AP;
|
|
|
|
return WLAN_STATUS_SUCCESS;
|
2018-12-05 11:23:51 +01:00
|
|
|
}
|
|
|
|
|
2009-11-29 21:14:57 +01:00
|
|
|
|
|
|
|
static u16 copy_supp_rates(struct hostapd_data *hapd, struct sta_info *sta,
|
|
|
|
struct ieee802_11_elems *elems)
|
|
|
|
{
|
2016-12-20 16:04:43 +01:00
|
|
|
/* Supported rates not used in IEEE 802.11ad/DMG */
|
|
|
|
if (hapd->iface->current_mode &&
|
|
|
|
hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD)
|
|
|
|
return WLAN_STATUS_SUCCESS;
|
|
|
|
|
2009-11-29 21:14:57 +01:00
|
|
|
if (!elems->supp_rates) {
|
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
2008-02-28 02:34:43 +01:00
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
|
|
|
"No supported rates element in AssocReq");
|
2009-11-29 21:14:57 +01:00
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
2012-08-19 16:52:41 +02:00
|
|
|
if (elems->supp_rates_len + elems->ext_supp_rates_len >
|
|
|
|
sizeof(sta->supported_rates)) {
|
2009-11-29 21:14:57 +01:00
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
2008-02-28 02:34:43 +01:00
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
2012-08-19 16:52:41 +02:00
|
|
|
"Invalid supported rates element length %d+%d",
|
|
|
|
elems->supp_rates_len,
|
|
|
|
elems->ext_supp_rates_len);
|
2009-11-29 21:14:57 +01:00
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
2012-08-19 16:52:41 +02:00
|
|
|
sta->supported_rates_len = merge_byte_arrays(
|
|
|
|
sta->supported_rates, sizeof(sta->supported_rates),
|
|
|
|
elems->supp_rates, elems->supp_rates_len,
|
|
|
|
elems->ext_supp_rates, elems->ext_supp_rates_len);
|
2008-02-28 02:34:43 +01:00
|
|
|
|
2009-11-29 21:14:57 +01:00
|
|
|
return WLAN_STATUS_SUCCESS;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2017-03-12 00:26:43 +01:00
|
|
|
#ifdef CONFIG_OWE
|
2017-10-10 18:00:57 +02:00
|
|
|
|
|
|
|
static int owe_group_supported(struct hostapd_data *hapd, u16 group)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
int *groups = hapd->conf->owe_groups;
|
|
|
|
|
|
|
|
if (group != 19 && group != 20 && group != 21)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
if (!groups)
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
for (i = 0; groups[i] > 0; i++) {
|
|
|
|
if (groups[i] == group)
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2017-10-09 11:08:12 +02:00
|
|
|
static u16 owe_process_assoc_req(struct hostapd_data *hapd,
|
|
|
|
struct sta_info *sta, const u8 *owe_dh,
|
2017-03-12 00:26:43 +01:00
|
|
|
u8 owe_dh_len)
|
|
|
|
{
|
|
|
|
struct wpabuf *secret, *pub, *hkey;
|
|
|
|
int res;
|
2017-10-08 15:37:32 +02:00
|
|
|
u8 prk[SHA512_MAC_LEN], pmkid[SHA512_MAC_LEN];
|
2017-03-12 00:26:43 +01:00
|
|
|
const char *info = "OWE Key Generation";
|
|
|
|
const u8 *addr[2];
|
|
|
|
size_t len[2];
|
2017-10-08 15:37:32 +02:00
|
|
|
u16 group;
|
|
|
|
size_t hash_len, prime_len;
|
|
|
|
|
2017-10-09 11:08:12 +02:00
|
|
|
if (wpa_auth_sta_get_pmksa(sta->wpa_sm)) {
|
|
|
|
wpa_printf(MSG_DEBUG, "OWE: Using PMKSA caching");
|
|
|
|
return WLAN_STATUS_SUCCESS;
|
|
|
|
}
|
|
|
|
|
2017-10-08 15:37:32 +02:00
|
|
|
group = WPA_GET_LE16(owe_dh);
|
2017-10-10 18:00:57 +02:00
|
|
|
if (!owe_group_supported(hapd, group)) {
|
|
|
|
wpa_printf(MSG_DEBUG, "OWE: Unsupported DH group %u", group);
|
|
|
|
return WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED;
|
|
|
|
}
|
2017-10-08 15:37:32 +02:00
|
|
|
if (group == 19)
|
|
|
|
prime_len = 32;
|
|
|
|
else if (group == 20)
|
|
|
|
prime_len = 48;
|
|
|
|
else if (group == 21)
|
|
|
|
prime_len = 66;
|
|
|
|
else
|
2017-03-12 00:26:43 +01:00
|
|
|
return WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED;
|
|
|
|
|
2022-04-02 16:15:41 +02:00
|
|
|
if (sta->owe_group == group && sta->owe_ecdh) {
|
|
|
|
/* This is a workaround for mac80211 behavior of retransmitting
|
|
|
|
* the Association Request frames multiple times if the link
|
|
|
|
* layer retries (i.e., seq# remains same) fail. The mac80211
|
|
|
|
* initiated retransmission will use a different seq# and as
|
|
|
|
* such, will go through duplicate detection. If we were to
|
|
|
|
* change our DH key for that attempt, there would be two
|
|
|
|
* different DH shared secrets and the STA would likely select
|
|
|
|
* the wrong one. */
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"OWE: Try to reuse own previous DH key since the STA tried to go through OWE association again");
|
|
|
|
} else {
|
|
|
|
crypto_ecdh_deinit(sta->owe_ecdh);
|
|
|
|
sta->owe_ecdh = crypto_ecdh_init(group);
|
|
|
|
}
|
2017-03-12 00:26:43 +01:00
|
|
|
if (!sta->owe_ecdh)
|
|
|
|
return WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED;
|
2017-10-08 15:37:32 +02:00
|
|
|
sta->owe_group = group;
|
2017-03-12 00:26:43 +01:00
|
|
|
|
|
|
|
secret = crypto_ecdh_set_peerkey(sta->owe_ecdh, 0, owe_dh + 2,
|
|
|
|
owe_dh_len - 2);
|
2017-10-08 15:37:32 +02:00
|
|
|
secret = wpabuf_zeropad(secret, prime_len);
|
2017-03-12 00:26:43 +01:00
|
|
|
if (!secret) {
|
|
|
|
wpa_printf(MSG_DEBUG, "OWE: Invalid peer DH public key");
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
}
|
|
|
|
wpa_hexdump_buf_key(MSG_DEBUG, "OWE: DH shared secret", secret);
|
|
|
|
|
|
|
|
/* prk = HKDF-extract(C | A | group, z) */
|
|
|
|
|
|
|
|
pub = crypto_ecdh_get_pubkey(sta->owe_ecdh, 0);
|
|
|
|
if (!pub) {
|
|
|
|
wpabuf_clear_free(secret);
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* PMKID = Truncate-128(Hash(C | A)) */
|
|
|
|
addr[0] = owe_dh + 2;
|
|
|
|
len[0] = owe_dh_len - 2;
|
|
|
|
addr[1] = wpabuf_head(pub);
|
|
|
|
len[1] = wpabuf_len(pub);
|
2017-10-08 15:37:32 +02:00
|
|
|
if (group == 19) {
|
|
|
|
res = sha256_vector(2, addr, len, pmkid);
|
|
|
|
hash_len = SHA256_MAC_LEN;
|
|
|
|
} else if (group == 20) {
|
|
|
|
res = sha384_vector(2, addr, len, pmkid);
|
|
|
|
hash_len = SHA384_MAC_LEN;
|
|
|
|
} else if (group == 21) {
|
|
|
|
res = sha512_vector(2, addr, len, pmkid);
|
|
|
|
hash_len = SHA512_MAC_LEN;
|
|
|
|
} else {
|
|
|
|
wpabuf_free(pub);
|
|
|
|
wpabuf_clear_free(secret);
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
}
|
|
|
|
pub = wpabuf_zeropad(pub, prime_len);
|
|
|
|
if (res < 0 || !pub) {
|
2017-03-12 00:26:43 +01:00
|
|
|
wpabuf_free(pub);
|
|
|
|
wpabuf_clear_free(secret);
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
}
|
|
|
|
|
|
|
|
hkey = wpabuf_alloc(owe_dh_len - 2 + wpabuf_len(pub) + 2);
|
|
|
|
if (!hkey) {
|
|
|
|
wpabuf_free(pub);
|
|
|
|
wpabuf_clear_free(secret);
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
}
|
|
|
|
|
|
|
|
wpabuf_put_data(hkey, owe_dh + 2, owe_dh_len - 2); /* C */
|
|
|
|
wpabuf_put_buf(hkey, pub); /* A */
|
|
|
|
wpabuf_free(pub);
|
2017-10-08 15:37:32 +02:00
|
|
|
wpabuf_put_le16(hkey, group); /* group */
|
|
|
|
if (group == 19)
|
|
|
|
res = hmac_sha256(wpabuf_head(hkey), wpabuf_len(hkey),
|
|
|
|
wpabuf_head(secret), wpabuf_len(secret), prk);
|
|
|
|
else if (group == 20)
|
|
|
|
res = hmac_sha384(wpabuf_head(hkey), wpabuf_len(hkey),
|
|
|
|
wpabuf_head(secret), wpabuf_len(secret), prk);
|
|
|
|
else if (group == 21)
|
|
|
|
res = hmac_sha512(wpabuf_head(hkey), wpabuf_len(hkey),
|
|
|
|
wpabuf_head(secret), wpabuf_len(secret), prk);
|
2017-03-12 00:26:43 +01:00
|
|
|
wpabuf_clear_free(hkey);
|
|
|
|
wpabuf_clear_free(secret);
|
|
|
|
if (res < 0)
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
|
2017-10-08 15:37:32 +02:00
|
|
|
wpa_hexdump_key(MSG_DEBUG, "OWE: prk", prk, hash_len);
|
2017-03-12 00:26:43 +01:00
|
|
|
|
|
|
|
/* PMK = HKDF-expand(prk, "OWE Key Generation", n) */
|
|
|
|
|
|
|
|
os_free(sta->owe_pmk);
|
2017-10-08 15:37:32 +02:00
|
|
|
sta->owe_pmk = os_malloc(hash_len);
|
2017-03-12 00:26:43 +01:00
|
|
|
if (!sta->owe_pmk) {
|
2017-10-08 15:37:32 +02:00
|
|
|
os_memset(prk, 0, SHA512_MAC_LEN);
|
2017-03-12 00:26:43 +01:00
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
}
|
|
|
|
|
2017-10-08 15:37:32 +02:00
|
|
|
if (group == 19)
|
|
|
|
res = hmac_sha256_kdf(prk, hash_len, NULL, (const u8 *) info,
|
|
|
|
os_strlen(info), sta->owe_pmk, hash_len);
|
|
|
|
else if (group == 20)
|
|
|
|
res = hmac_sha384_kdf(prk, hash_len, NULL, (const u8 *) info,
|
|
|
|
os_strlen(info), sta->owe_pmk, hash_len);
|
|
|
|
else if (group == 21)
|
|
|
|
res = hmac_sha512_kdf(prk, hash_len, NULL, (const u8 *) info,
|
|
|
|
os_strlen(info), sta->owe_pmk, hash_len);
|
|
|
|
os_memset(prk, 0, SHA512_MAC_LEN);
|
2017-03-12 00:26:43 +01:00
|
|
|
if (res < 0) {
|
|
|
|
os_free(sta->owe_pmk);
|
|
|
|
sta->owe_pmk = NULL;
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
}
|
2017-10-08 15:37:32 +02:00
|
|
|
sta->owe_pmk_len = hash_len;
|
2017-03-12 00:26:43 +01:00
|
|
|
|
2017-10-08 15:37:32 +02:00
|
|
|
wpa_hexdump_key(MSG_DEBUG, "OWE: PMK", sta->owe_pmk, sta->owe_pmk_len);
|
2017-03-12 00:26:43 +01:00
|
|
|
wpa_hexdump(MSG_DEBUG, "OWE: PMKID", pmkid, PMKID_LEN);
|
2017-10-09 11:08:12 +02:00
|
|
|
wpa_auth_pmksa_add2(hapd->wpa_auth, sta->addr, sta->owe_pmk,
|
2023-11-21 00:51:43 +01:00
|
|
|
sta->owe_pmk_len, pmkid, 0, WPA_KEY_MGMT_OWE, NULL);
|
2017-03-12 00:26:43 +01:00
|
|
|
|
|
|
|
return WLAN_STATUS_SUCCESS;
|
|
|
|
}
|
2017-10-10 18:00:57 +02:00
|
|
|
|
2019-05-29 11:11:48 +02:00
|
|
|
|
|
|
|
u16 owe_validate_request(struct hostapd_data *hapd, const u8 *peer,
|
|
|
|
const u8 *rsn_ie, size_t rsn_ie_len,
|
|
|
|
const u8 *owe_dh, size_t owe_dh_len)
|
|
|
|
{
|
|
|
|
struct wpa_ie_data data;
|
|
|
|
int res;
|
|
|
|
|
|
|
|
if (!rsn_ie || rsn_ie_len < 2) {
|
|
|
|
wpa_printf(MSG_DEBUG, "OWE: Invalid RSNE from " MACSTR,
|
|
|
|
MAC2STR(peer));
|
|
|
|
return WLAN_STATUS_INVALID_IE;
|
|
|
|
}
|
|
|
|
rsn_ie -= 2;
|
|
|
|
rsn_ie_len += 2;
|
|
|
|
|
|
|
|
res = wpa_parse_wpa_ie_rsn(rsn_ie, rsn_ie_len, &data);
|
|
|
|
if (res) {
|
|
|
|
wpa_printf(MSG_DEBUG, "Failed to parse RSNE from " MACSTR
|
|
|
|
" (res=%d)", MAC2STR(peer), res);
|
|
|
|
wpa_hexdump(MSG_DEBUG, "RSNE", rsn_ie, rsn_ie_len);
|
|
|
|
return wpa_res_to_status_code(res);
|
|
|
|
}
|
|
|
|
if (!(data.key_mgmt & WPA_KEY_MGMT_OWE)) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"OWE: Unexpected key mgmt 0x%x from " MACSTR,
|
|
|
|
(unsigned int) data.key_mgmt, MAC2STR(peer));
|
|
|
|
return WLAN_STATUS_AKMP_NOT_VALID;
|
|
|
|
}
|
|
|
|
if (!owe_dh) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"OWE: No Diffie-Hellman Parameter element from "
|
|
|
|
MACSTR, MAC2STR(peer));
|
|
|
|
return WLAN_STATUS_AKMP_NOT_VALID;
|
|
|
|
}
|
|
|
|
|
|
|
|
return WLAN_STATUS_SUCCESS;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
u16 owe_process_rsn_ie(struct hostapd_data *hapd,
|
|
|
|
struct sta_info *sta,
|
|
|
|
const u8 *rsn_ie, size_t rsn_ie_len,
|
2023-03-06 11:49:04 +01:00
|
|
|
const u8 *owe_dh, size_t owe_dh_len,
|
|
|
|
const u8 *link_addr)
|
2019-05-29 11:11:48 +02:00
|
|
|
{
|
|
|
|
u16 status;
|
|
|
|
u8 *owe_buf, ie[256 * 2];
|
|
|
|
size_t ie_len = 0;
|
2020-03-28 11:22:28 +01:00
|
|
|
enum wpa_validate_result res;
|
2019-05-29 11:11:48 +02:00
|
|
|
|
|
|
|
if (!rsn_ie || rsn_ie_len < 2) {
|
|
|
|
wpa_printf(MSG_DEBUG, "OWE: No RSNE in (Re)AssocReq");
|
|
|
|
status = WLAN_STATUS_INVALID_IE;
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!sta->wpa_sm)
|
|
|
|
sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, sta->addr,
|
|
|
|
NULL);
|
|
|
|
if (!sta->wpa_sm) {
|
|
|
|
wpa_printf(MSG_WARNING,
|
|
|
|
"OWE: Failed to initialize WPA state machine");
|
|
|
|
status = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto end;
|
|
|
|
}
|
2023-03-06 11:49:04 +01:00
|
|
|
#ifdef CONFIG_IEEE80211BE
|
2024-01-21 17:45:28 +01:00
|
|
|
if (ap_sta_is_mld(hapd, sta))
|
2023-03-06 11:49:04 +01:00
|
|
|
wpa_auth_set_ml_info(sta->wpa_sm, hapd->mld_addr,
|
|
|
|
sta->mld_assoc_link_id, &sta->mld_info);
|
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
2019-05-29 11:11:48 +02:00
|
|
|
rsn_ie -= 2;
|
|
|
|
rsn_ie_len += 2;
|
|
|
|
res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm,
|
|
|
|
hapd->iface->freq, rsn_ie, rsn_ie_len,
|
2019-10-17 23:11:24 +02:00
|
|
|
NULL, 0, NULL, 0, owe_dh, owe_dh_len);
|
2019-05-29 11:11:48 +02:00
|
|
|
status = wpa_res_to_status_code(res);
|
|
|
|
if (status != WLAN_STATUS_SUCCESS)
|
|
|
|
goto end;
|
|
|
|
status = owe_process_assoc_req(hapd, sta, owe_dh, owe_dh_len);
|
|
|
|
if (status != WLAN_STATUS_SUCCESS)
|
|
|
|
goto end;
|
|
|
|
owe_buf = wpa_auth_write_assoc_resp_owe(sta->wpa_sm, ie, sizeof(ie),
|
|
|
|
NULL, 0);
|
|
|
|
if (!owe_buf) {
|
|
|
|
status = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (sta->owe_ecdh) {
|
|
|
|
struct wpabuf *pub;
|
|
|
|
|
|
|
|
pub = crypto_ecdh_get_pubkey(sta->owe_ecdh, 0);
|
|
|
|
if (!pub) {
|
|
|
|
status = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto end;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* OWE Diffie-Hellman Parameter element */
|
|
|
|
*owe_buf++ = WLAN_EID_EXTENSION; /* Element ID */
|
|
|
|
*owe_buf++ = 1 + 2 + wpabuf_len(pub); /* Length */
|
|
|
|
*owe_buf++ = WLAN_EID_EXT_OWE_DH_PARAM; /* Element ID Extension
|
|
|
|
*/
|
|
|
|
WPA_PUT_LE16(owe_buf, sta->owe_group);
|
|
|
|
owe_buf += 2;
|
|
|
|
os_memcpy(owe_buf, wpabuf_head(pub), wpabuf_len(pub));
|
|
|
|
owe_buf += wpabuf_len(pub);
|
|
|
|
wpabuf_free(pub);
|
|
|
|
sta->external_dh_updated = 1;
|
|
|
|
}
|
|
|
|
ie_len = owe_buf - ie;
|
|
|
|
|
|
|
|
end:
|
|
|
|
wpa_printf(MSG_DEBUG, "OWE: Update status %d, ie len %d for peer "
|
|
|
|
MACSTR, status, (unsigned int) ie_len,
|
2023-03-06 11:49:04 +01:00
|
|
|
MAC2STR(link_addr ? link_addr : sta->addr));
|
|
|
|
hostapd_drv_update_dh_ie(hapd, link_addr ? link_addr : sta->addr,
|
|
|
|
status,
|
2019-05-29 11:11:48 +02:00
|
|
|
status == WLAN_STATUS_SUCCESS ? ie : NULL,
|
|
|
|
ie_len);
|
|
|
|
|
|
|
|
return status;
|
|
|
|
}
|
|
|
|
|
2017-03-12 00:26:43 +01:00
|
|
|
#endif /* CONFIG_OWE */
|
|
|
|
|
|
|
|
|
2020-10-06 14:07:01 +02:00
|
|
|
static bool check_sa_query(struct hostapd_data *hapd, struct sta_info *sta,
|
|
|
|
int reassoc)
|
|
|
|
{
|
|
|
|
if ((sta->flags &
|
|
|
|
(WLAN_STA_ASSOC | WLAN_STA_MFP | WLAN_STA_AUTHORIZED)) !=
|
|
|
|
(WLAN_STA_ASSOC | WLAN_STA_MFP | WLAN_STA_AUTHORIZED))
|
|
|
|
return false;
|
|
|
|
|
|
|
|
if (!sta->sa_query_timed_out && sta->sa_query_count > 0)
|
|
|
|
ap_check_sa_query_timeout(hapd, sta);
|
|
|
|
|
|
|
|
if (!sta->sa_query_timed_out &&
|
|
|
|
(!reassoc || sta->auth_alg != WLAN_AUTH_FT)) {
|
|
|
|
/*
|
|
|
|
* STA has already been associated with MFP and SA Query timeout
|
|
|
|
* has not been reached. Reject the association attempt
|
|
|
|
* temporarily and start SA Query, if one is not pending.
|
|
|
|
*/
|
|
|
|
if (sta->sa_query_count == 0)
|
|
|
|
ap_sta_start_sa_query(hapd, sta);
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2023-02-16 00:08:30 +01:00
|
|
|
static int __check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta,
|
|
|
|
const u8 *ies, size_t ies_len,
|
2023-05-22 21:33:45 +02:00
|
|
|
struct ieee802_11_elems *elems, int reassoc,
|
|
|
|
bool link)
|
2009-11-29 21:14:57 +01:00
|
|
|
{
|
2020-04-14 12:46:00 +02:00
|
|
|
int resp;
|
2009-12-13 22:11:11 +01:00
|
|
|
const u8 *wpa_ie;
|
2009-11-29 21:14:57 +01:00
|
|
|
size_t wpa_ie_len;
|
2013-09-01 10:05:19 +02:00
|
|
|
const u8 *p2p_dev_addr = NULL;
|
2009-11-29 21:14:57 +01:00
|
|
|
|
2023-02-16 00:08:30 +01:00
|
|
|
resp = check_ssid(hapd, sta, elems->ssid, elems->ssid_len);
|
2009-11-29 21:14:57 +01:00
|
|
|
if (resp != WLAN_STATUS_SUCCESS)
|
|
|
|
return resp;
|
2023-02-16 00:08:30 +01:00
|
|
|
resp = check_wmm(hapd, sta, elems->wmm, elems->wmm_len);
|
2013-07-24 11:28:20 +02:00
|
|
|
if (resp != WLAN_STATUS_SUCCESS)
|
|
|
|
return resp;
|
2023-02-16 00:08:30 +01:00
|
|
|
resp = check_ext_capab(hapd, sta, elems->ext_capab,
|
|
|
|
elems->ext_capab_len);
|
2009-11-29 21:14:57 +01:00
|
|
|
if (resp != WLAN_STATUS_SUCCESS)
|
|
|
|
return resp;
|
2023-02-16 00:08:30 +01:00
|
|
|
resp = copy_supp_rates(hapd, sta, elems);
|
2009-11-29 21:14:57 +01:00
|
|
|
if (resp != WLAN_STATUS_SUCCESS)
|
|
|
|
return resp;
|
2018-12-05 11:23:51 +01:00
|
|
|
|
2023-02-16 00:08:30 +01:00
|
|
|
resp = check_multi_ap(hapd, sta, elems->multi_ap, elems->multi_ap_len);
|
2018-12-05 11:23:51 +01:00
|
|
|
if (resp != WLAN_STATUS_SUCCESS)
|
|
|
|
return resp;
|
|
|
|
|
2023-02-16 00:08:30 +01:00
|
|
|
resp = copy_sta_ht_capab(hapd, sta, elems->ht_capabilities);
|
2009-11-29 21:14:57 +01:00
|
|
|
if (resp != WLAN_STATUS_SUCCESS)
|
|
|
|
return resp;
|
2011-02-09 14:08:47 +01:00
|
|
|
if (hapd->iconf->ieee80211n && hapd->iconf->require_ht &&
|
|
|
|
!(sta->flags & WLAN_STA_HT)) {
|
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_INFO, "Station does not support "
|
|
|
|
"mandatory HT PHY - reject association");
|
|
|
|
return WLAN_STATUS_ASSOC_DENIED_NO_HT;
|
|
|
|
}
|
2009-11-29 21:14:57 +01:00
|
|
|
|
2012-08-10 18:49:18 +02:00
|
|
|
#ifdef CONFIG_IEEE80211AC
|
2015-09-22 15:56:00 +02:00
|
|
|
if (hapd->iconf->ieee80211ac) {
|
2023-02-16 00:08:30 +01:00
|
|
|
resp = copy_sta_vht_capab(hapd, sta, elems->vht_capabilities);
|
2015-09-22 15:56:00 +02:00
|
|
|
if (resp != WLAN_STATUS_SUCCESS)
|
|
|
|
return resp;
|
2014-02-10 13:43:05 +01:00
|
|
|
|
2023-04-26 20:15:25 +02:00
|
|
|
resp = set_sta_vht_opmode(hapd, sta, elems->opmode_notif);
|
2015-09-22 15:56:00 +02:00
|
|
|
if (resp != WLAN_STATUS_SUCCESS)
|
|
|
|
return resp;
|
|
|
|
}
|
2014-02-10 13:43:05 +01:00
|
|
|
|
2012-08-10 18:53:24 +02:00
|
|
|
if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht &&
|
|
|
|
!(sta->flags & WLAN_STA_VHT)) {
|
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_INFO, "Station does not support "
|
|
|
|
"mandatory VHT PHY - reject association");
|
2013-12-24 20:19:45 +01:00
|
|
|
return WLAN_STATUS_ASSOC_DENIED_NO_VHT;
|
2012-08-10 18:53:24 +02:00
|
|
|
}
|
2014-11-10 16:12:29 +01:00
|
|
|
|
2023-02-16 00:08:30 +01:00
|
|
|
if (hapd->conf->vendor_vht && !elems->vht_capabilities) {
|
|
|
|
resp = copy_sta_vendor_vht(hapd, sta, elems->vendor_vht,
|
|
|
|
elems->vendor_vht_len);
|
2014-11-10 16:12:29 +01:00
|
|
|
if (resp != WLAN_STATUS_SUCCESS)
|
|
|
|
return resp;
|
|
|
|
}
|
2012-08-10 18:49:18 +02:00
|
|
|
#endif /* CONFIG_IEEE80211AC */
|
2019-05-20 09:55:05 +02:00
|
|
|
#ifdef CONFIG_IEEE80211AX
|
2020-06-30 16:23:46 +02:00
|
|
|
if (hapd->iconf->ieee80211ax && !hapd->conf->disable_11ax) {
|
2019-06-14 16:49:20 +02:00
|
|
|
resp = copy_sta_he_capab(hapd, sta, IEEE80211_MODE_AP,
|
2023-02-16 00:08:30 +01:00
|
|
|
elems->he_capabilities,
|
|
|
|
elems->he_capabilities_len);
|
2019-05-20 09:55:05 +02:00
|
|
|
if (resp != WLAN_STATUS_SUCCESS)
|
|
|
|
return resp;
|
2022-12-04 10:49:32 +01:00
|
|
|
|
|
|
|
if (hapd->iconf->require_he && !(sta->flags & WLAN_STA_HE)) {
|
|
|
|
hostapd_logger(hapd, sta->addr,
|
|
|
|
HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_INFO,
|
|
|
|
"Station does not support mandatory HE PHY - reject association");
|
|
|
|
return WLAN_STATUS_DENIED_HE_NOT_SUPPORTED;
|
|
|
|
}
|
|
|
|
|
2020-04-25 00:45:41 +02:00
|
|
|
if (is_6ghz_op_class(hapd->iconf->op_class)) {
|
2020-06-02 08:14:28 +02:00
|
|
|
if (!(sta->flags & WLAN_STA_HE)) {
|
|
|
|
hostapd_logger(hapd, sta->addr,
|
|
|
|
HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_INFO,
|
|
|
|
"Station does not support mandatory HE PHY - reject association");
|
|
|
|
return WLAN_STATUS_DENIED_HE_NOT_SUPPORTED;
|
|
|
|
}
|
2020-04-25 00:45:41 +02:00
|
|
|
resp = copy_sta_he_6ghz_capab(hapd, sta,
|
2023-02-16 00:08:30 +01:00
|
|
|
elems->he_6ghz_band_cap);
|
2020-04-25 00:45:41 +02:00
|
|
|
if (resp != WLAN_STATUS_SUCCESS)
|
|
|
|
return resp;
|
|
|
|
}
|
2019-05-20 09:55:05 +02:00
|
|
|
}
|
|
|
|
#endif /* CONFIG_IEEE80211AX */
|
2022-04-19 20:04:12 +02:00
|
|
|
#ifdef CONFIG_IEEE80211BE
|
|
|
|
if (hapd->iconf->ieee80211be && !hapd->conf->disable_11be) {
|
|
|
|
resp = copy_sta_eht_capab(hapd, sta, IEEE80211_MODE_AP,
|
2023-02-16 00:08:30 +01:00
|
|
|
elems->he_capabilities,
|
|
|
|
elems->he_capabilities_len,
|
|
|
|
elems->eht_capabilities,
|
|
|
|
elems->eht_capabilities_len);
|
2022-04-19 20:04:12 +02:00
|
|
|
if (resp != WLAN_STATUS_SUCCESS)
|
|
|
|
return resp;
|
2023-05-22 21:33:45 +02:00
|
|
|
|
|
|
|
if (!link) {
|
|
|
|
resp = hostapd_process_ml_assoc_req(hapd, elems, sta);
|
|
|
|
if (resp != WLAN_STATUS_SUCCESS)
|
|
|
|
return resp;
|
|
|
|
}
|
2022-04-19 20:04:12 +02:00
|
|
|
}
|
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
2012-08-10 18:49:18 +02:00
|
|
|
|
2013-09-01 10:05:19 +02:00
|
|
|
#ifdef CONFIG_P2P
|
2023-02-16 00:08:30 +01:00
|
|
|
if (elems->p2p && ies && ies_len) {
|
2013-09-01 10:05:19 +02:00
|
|
|
wpabuf_free(sta->p2p_ie);
|
|
|
|
sta->p2p_ie = ieee802_11_vendor_ie_concat(ies, ies_len,
|
|
|
|
P2P_IE_VENDOR_TYPE);
|
|
|
|
if (sta->p2p_ie)
|
|
|
|
p2p_dev_addr = p2p_get_go_dev_addr(sta->p2p_ie);
|
|
|
|
} else {
|
|
|
|
wpabuf_free(sta->p2p_ie);
|
|
|
|
sta->p2p_ie = NULL;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_P2P */
|
|
|
|
|
2023-02-16 00:08:30 +01:00
|
|
|
if ((hapd->conf->wpa & WPA_PROTO_RSN) && elems->rsn_ie) {
|
|
|
|
wpa_ie = elems->rsn_ie;
|
|
|
|
wpa_ie_len = elems->rsn_ie_len;
|
2008-02-28 02:34:43 +01:00
|
|
|
} else if ((hapd->conf->wpa & WPA_PROTO_WPA) &&
|
2023-02-16 00:08:30 +01:00
|
|
|
elems->wpa_ie) {
|
|
|
|
wpa_ie = elems->wpa_ie;
|
|
|
|
wpa_ie_len = elems->wpa_ie_len;
|
2008-02-28 02:34:43 +01:00
|
|
|
} else {
|
|
|
|
wpa_ie = NULL;
|
|
|
|
wpa_ie_len = 0;
|
|
|
|
}
|
2009-11-29 21:14:57 +01:00
|
|
|
|
2008-11-23 18:34:26 +01:00
|
|
|
#ifdef CONFIG_WPS
|
2011-08-28 18:16:59 +02:00
|
|
|
sta->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS | WLAN_STA_WPS2);
|
2023-02-16 00:08:30 +01:00
|
|
|
if (hapd->conf->wps_state && elems->wps_ie && ies && ies_len) {
|
2010-04-15 11:55:34 +02:00
|
|
|
wpa_printf(MSG_DEBUG, "STA included WPS IE in (Re)Association "
|
|
|
|
"Request - assume WPS is used");
|
|
|
|
sta->flags |= WLAN_STA_WPS;
|
|
|
|
wpabuf_free(sta->wps_ie);
|
2010-05-26 17:17:13 +02:00
|
|
|
sta->wps_ie = ieee802_11_vendor_ie_concat(ies, ies_len,
|
|
|
|
WPS_IE_VENDOR_TYPE);
|
2011-08-28 18:16:59 +02:00
|
|
|
if (sta->wps_ie && wps_is_20(sta->wps_ie)) {
|
|
|
|
wpa_printf(MSG_DEBUG, "WPS: STA supports WPS 2.0");
|
|
|
|
sta->flags |= WLAN_STA_WPS2;
|
|
|
|
}
|
2010-04-15 11:55:34 +02:00
|
|
|
wpa_ie = NULL;
|
|
|
|
wpa_ie_len = 0;
|
2010-05-26 16:16:14 +02:00
|
|
|
if (sta->wps_ie && wps_validate_assoc_req(sta->wps_ie) < 0) {
|
|
|
|
wpa_printf(MSG_DEBUG, "WPS: Invalid WPS IE in "
|
|
|
|
"(Re)Association Request - reject");
|
|
|
|
return WLAN_STATUS_INVALID_IE;
|
|
|
|
}
|
2010-04-15 11:55:34 +02:00
|
|
|
} else if (hapd->conf->wps_state && wpa_ie == NULL) {
|
|
|
|
wpa_printf(MSG_DEBUG, "STA did not include WPA/RSN IE in "
|
|
|
|
"(Re)Association Request - possible WPS use");
|
|
|
|
sta->flags |= WLAN_STA_MAYBE_WPS;
|
2008-11-23 18:34:26 +01:00
|
|
|
} else
|
|
|
|
#endif /* CONFIG_WPS */
|
2008-02-28 02:34:43 +01:00
|
|
|
if (hapd->conf->wpa && wpa_ie == NULL) {
|
2009-11-29 21:14:57 +01:00
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_INFO,
|
|
|
|
"No WPA/RSN IE in association request");
|
|
|
|
return WLAN_STATUS_INVALID_IE;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
if (hapd->conf->wpa && wpa_ie) {
|
2020-03-28 11:22:28 +01:00
|
|
|
enum wpa_validate_result res;
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
wpa_ie -= 2;
|
|
|
|
wpa_ie_len += 2;
|
2023-05-22 21:33:59 +02:00
|
|
|
|
|
|
|
if (!sta->wpa_sm) {
|
|
|
|
#ifdef CONFIG_IEEE80211BE
|
|
|
|
struct mld_info *info = &sta->mld_info;
|
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
|
2013-09-01 10:05:19 +02:00
|
|
|
sta->addr,
|
|
|
|
p2p_dev_addr);
|
2023-05-22 21:33:59 +02:00
|
|
|
|
|
|
|
if (!sta->wpa_sm) {
|
|
|
|
wpa_printf(MSG_WARNING,
|
|
|
|
"Failed to initialize RSN state machine");
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
}
|
|
|
|
|
|
|
|
#ifdef CONFIG_IEEE80211BE
|
2024-01-21 17:45:28 +01:00
|
|
|
if (ap_sta_is_mld(hapd, sta)) {
|
2023-05-22 21:33:59 +02:00
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"MLD: Set ML info in RSN Authenticator");
|
|
|
|
wpa_auth_set_ml_info(sta->wpa_sm,
|
|
|
|
hapd->mld_addr,
|
|
|
|
sta->mld_assoc_link_id,
|
|
|
|
info);
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
2023-05-22 21:33:59 +02:00
|
|
|
|
2019-03-13 16:24:29 +01:00
|
|
|
wpa_auth_set_auth_alg(sta->wpa_sm, sta->auth_alg);
|
2008-02-28 02:34:43 +01:00
|
|
|
res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm,
|
2019-02-06 11:33:35 +01:00
|
|
|
hapd->iface->freq,
|
2008-02-28 02:34:43 +01:00
|
|
|
wpa_ie, wpa_ie_len,
|
2023-02-16 00:08:30 +01:00
|
|
|
elems->rsnxe ? elems->rsnxe - 2 :
|
|
|
|
NULL,
|
|
|
|
elems->rsnxe ? elems->rsnxe_len + 2 :
|
|
|
|
0,
|
|
|
|
elems->mdie, elems->mdie_len,
|
|
|
|
elems->owe_dh, elems->owe_dh_len);
|
2015-09-04 23:04:21 +02:00
|
|
|
resp = wpa_res_to_status_code(res);
|
2008-02-28 02:34:43 +01:00
|
|
|
if (resp != WLAN_STATUS_SUCCESS)
|
2009-11-29 21:14:57 +01:00
|
|
|
return resp;
|
2008-08-31 10:04:47 +02:00
|
|
|
|
2008-06-17 10:21:11 +02:00
|
|
|
if (wpa_auth_uses_mfp(sta->wpa_sm))
|
|
|
|
sta->flags |= WLAN_STA_MFP;
|
|
|
|
else
|
|
|
|
sta->flags &= ~WLAN_STA_MFP;
|
2008-02-28 02:34:43 +01:00
|
|
|
|
2016-10-27 14:18:32 +02:00
|
|
|
#ifdef CONFIG_IEEE80211R_AP
|
2008-02-28 02:34:43 +01:00
|
|
|
if (sta->auth_alg == WLAN_AUTH_FT) {
|
|
|
|
if (!reassoc) {
|
|
|
|
wpa_printf(MSG_DEBUG, "FT: " MACSTR " tried "
|
|
|
|
"to use association (not "
|
|
|
|
"re-association) with FT auth_alg",
|
|
|
|
MAC2STR(sta->addr));
|
2009-11-29 21:14:57 +01:00
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
2009-11-29 21:14:57 +01:00
|
|
|
resp = wpa_ft_validate_reassoc(sta->wpa_sm, ies,
|
|
|
|
ies_len);
|
2008-02-28 02:34:43 +01:00
|
|
|
if (resp != WLAN_STATUS_SUCCESS)
|
2009-11-29 21:14:57 +01:00
|
|
|
return resp;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
2016-10-27 14:18:32 +02:00
|
|
|
#endif /* CONFIG_IEEE80211R_AP */
|
2009-11-29 21:14:57 +01:00
|
|
|
|
2023-05-22 21:34:08 +02:00
|
|
|
if (link)
|
|
|
|
goto skip_sae_owe;
|
2012-09-30 18:51:07 +02:00
|
|
|
#ifdef CONFIG_SAE
|
2018-03-23 16:45:44 +01:00
|
|
|
if (wpa_auth_uses_sae(sta->wpa_sm) && sta->sae &&
|
|
|
|
sta->sae->state == SAE_ACCEPTED)
|
|
|
|
wpa_auth_add_sae_pmkid(sta->wpa_sm, sta->sae->pmkid);
|
|
|
|
|
2012-09-30 18:51:07 +02:00
|
|
|
if (wpa_auth_uses_sae(sta->wpa_sm) &&
|
2014-10-18 12:00:29 +02:00
|
|
|
sta->auth_alg == WLAN_AUTH_OPEN) {
|
|
|
|
struct rsn_pmksa_cache_entry *sa;
|
|
|
|
sa = wpa_auth_sta_get_pmksa(sta->wpa_sm);
|
2022-07-24 21:05:37 +02:00
|
|
|
if (!sa || !wpa_key_mgmt_sae(sa->akmp)) {
|
2014-10-18 12:00:29 +02:00
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"SAE: No PMKSA cache entry found for "
|
|
|
|
MACSTR, MAC2STR(sta->addr));
|
|
|
|
return WLAN_STATUS_INVALID_PMKID;
|
|
|
|
}
|
|
|
|
wpa_printf(MSG_DEBUG, "SAE: " MACSTR
|
|
|
|
" using PMKSA caching", MAC2STR(sta->addr));
|
|
|
|
} else if (wpa_auth_uses_sae(sta->wpa_sm) &&
|
|
|
|
sta->auth_alg != WLAN_AUTH_SAE &&
|
|
|
|
!(sta->auth_alg == WLAN_AUTH_FT &&
|
|
|
|
wpa_auth_uses_ft_sae(sta->wpa_sm))) {
|
2012-09-30 18:51:07 +02:00
|
|
|
wpa_printf(MSG_DEBUG, "SAE: " MACSTR " tried to use "
|
|
|
|
"SAE AKM after non-SAE auth_alg %u",
|
|
|
|
MAC2STR(sta->addr), sta->auth_alg);
|
|
|
|
return WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG;
|
|
|
|
}
|
2019-10-18 11:38:11 +02:00
|
|
|
|
2022-11-29 19:36:15 +01:00
|
|
|
if (hapd->conf->sae_pwe == SAE_PWE_BOTH &&
|
2019-10-18 11:38:11 +02:00
|
|
|
sta->auth_alg == WLAN_AUTH_SAE &&
|
2020-06-06 11:08:37 +02:00
|
|
|
sta->sae && !sta->sae->h2e &&
|
2023-02-16 00:08:30 +01:00
|
|
|
ieee802_11_rsnx_capab_len(elems->rsnxe, elems->rsnxe_len,
|
2021-04-10 11:43:38 +02:00
|
|
|
WLAN_RSNX_CAPAB_SAE_H2E)) {
|
2019-10-18 11:38:11 +02:00
|
|
|
wpa_printf(MSG_INFO, "SAE: " MACSTR
|
|
|
|
" indicates support for SAE H2E, but did not use it",
|
|
|
|
MAC2STR(sta->addr));
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
}
|
2012-09-30 18:51:07 +02:00
|
|
|
#endif /* CONFIG_SAE */
|
|
|
|
|
2017-03-12 00:26:43 +01:00
|
|
|
#ifdef CONFIG_OWE
|
|
|
|
if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) &&
|
|
|
|
wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE &&
|
2023-02-16 00:08:30 +01:00
|
|
|
elems->owe_dh) {
|
|
|
|
resp = owe_process_assoc_req(hapd, sta, elems->owe_dh,
|
|
|
|
elems->owe_dh_len);
|
2017-03-12 00:26:43 +01:00
|
|
|
if (resp != WLAN_STATUS_SUCCESS)
|
|
|
|
return resp;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_OWE */
|
2023-05-22 21:34:08 +02:00
|
|
|
skip_sae_owe:
|
2017-03-12 00:26:43 +01:00
|
|
|
|
2019-03-17 22:51:53 +01:00
|
|
|
#ifdef CONFIG_DPP2
|
|
|
|
dpp_pfs_free(sta->dpp_pfs);
|
|
|
|
sta->dpp_pfs = NULL;
|
|
|
|
|
2020-05-01 20:07:42 +02:00
|
|
|
if (DPP_VERSION > 1 &&
|
|
|
|
(hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_DPP) &&
|
2019-03-17 22:51:53 +01:00
|
|
|
hapd->conf->dpp_netaccesskey && sta->wpa_sm &&
|
|
|
|
wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_DPP &&
|
2023-02-16 00:08:30 +01:00
|
|
|
elems->owe_dh) {
|
2019-03-17 22:51:53 +01:00
|
|
|
sta->dpp_pfs = dpp_pfs_init(
|
|
|
|
wpabuf_head(hapd->conf->dpp_netaccesskey),
|
|
|
|
wpabuf_len(hapd->conf->dpp_netaccesskey));
|
|
|
|
if (!sta->dpp_pfs) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"DPP: Could not initialize PFS");
|
|
|
|
/* Try to continue without PFS */
|
|
|
|
goto pfs_fail;
|
|
|
|
}
|
|
|
|
|
2023-02-16 00:08:30 +01:00
|
|
|
if (dpp_pfs_process(sta->dpp_pfs, elems->owe_dh,
|
|
|
|
elems->owe_dh_len) < 0) {
|
2019-03-17 22:51:53 +01:00
|
|
|
dpp_pfs_free(sta->dpp_pfs);
|
|
|
|
sta->dpp_pfs = NULL;
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
wpa_auth_set_dpp_z(sta->wpa_sm, sta->dpp_pfs ?
|
|
|
|
sta->dpp_pfs->secret : NULL);
|
|
|
|
pfs_fail:
|
|
|
|
#endif /* CONFIG_DPP2 */
|
|
|
|
|
2012-08-11 09:53:03 +02:00
|
|
|
if ((sta->flags & (WLAN_STA_HT | WLAN_STA_VHT)) &&
|
2008-12-22 13:05:53 +01:00
|
|
|
wpa_auth_get_pairwise(sta->wpa_sm) == WPA_CIPHER_TKIP) {
|
2009-11-29 21:14:57 +01:00
|
|
|
hostapd_logger(hapd, sta->addr,
|
|
|
|
HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_INFO,
|
|
|
|
"Station tried to use TKIP with HT "
|
|
|
|
"association");
|
|
|
|
return WLAN_STATUS_CIPHER_REJECTED_PER_POLICY;
|
2008-12-22 13:05:53 +01:00
|
|
|
}
|
2013-07-23 20:25:21 +02:00
|
|
|
#ifdef CONFIG_HS20
|
|
|
|
} else if (hapd->conf->osen) {
|
2023-02-16 00:08:30 +01:00
|
|
|
if (!elems->osen) {
|
2013-07-23 20:25:21 +02:00
|
|
|
hostapd_logger(
|
|
|
|
hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_INFO,
|
|
|
|
"No HS 2.0 OSEN element in association request");
|
|
|
|
return WLAN_STATUS_INVALID_IE;
|
|
|
|
}
|
|
|
|
|
|
|
|
wpa_printf(MSG_DEBUG, "HS 2.0: OSEN association");
|
|
|
|
if (sta->wpa_sm == NULL)
|
|
|
|
sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth,
|
|
|
|
sta->addr, NULL);
|
|
|
|
if (sta->wpa_sm == NULL) {
|
|
|
|
wpa_printf(MSG_WARNING, "Failed to initialize WPA "
|
|
|
|
"state machine");
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
}
|
|
|
|
if (wpa_validate_osen(hapd->wpa_auth, sta->wpa_sm,
|
2023-02-16 00:08:30 +01:00
|
|
|
elems->osen - 2, elems->osen_len + 2) < 0)
|
2013-07-23 20:25:21 +02:00
|
|
|
return WLAN_STATUS_INVALID_IE;
|
|
|
|
#endif /* CONFIG_HS20 */
|
2008-11-30 16:22:51 +01:00
|
|
|
} else
|
|
|
|
wpa_auth_sta_no_wpa(sta->wpa_sm);
|
2008-02-28 02:34:43 +01:00
|
|
|
|
2010-07-18 23:30:25 +02:00
|
|
|
#ifdef CONFIG_P2P
|
2010-10-19 17:10:28 +02:00
|
|
|
p2p_group_notif_assoc(hapd->p2p_group, sta->addr, ies, ies_len);
|
2010-07-18 23:30:25 +02:00
|
|
|
#endif /* CONFIG_P2P */
|
|
|
|
|
2012-11-21 23:19:17 +01:00
|
|
|
#ifdef CONFIG_HS20
|
|
|
|
wpabuf_free(sta->hs20_ie);
|
2023-02-16 00:08:30 +01:00
|
|
|
if (elems->hs20 && elems->hs20_len > 4) {
|
2018-12-08 11:20:33 +01:00
|
|
|
int release;
|
|
|
|
|
2023-02-16 00:08:30 +01:00
|
|
|
sta->hs20_ie = wpabuf_alloc_copy(elems->hs20 + 4,
|
|
|
|
elems->hs20_len - 4);
|
|
|
|
release = ((elems->hs20[4] >> 4) & 0x0f) + 1;
|
2019-08-30 14:22:42 +02:00
|
|
|
if (release >= 2 && !wpa_auth_uses_mfp(sta->wpa_sm) &&
|
|
|
|
hapd->conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
|
2018-12-08 11:20:33 +01:00
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"HS 2.0: PMF not negotiated by release %d station "
|
|
|
|
MACSTR, release, MAC2STR(sta->addr));
|
|
|
|
return WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION;
|
|
|
|
}
|
|
|
|
} else {
|
2012-11-21 23:19:17 +01:00
|
|
|
sta->hs20_ie = NULL;
|
2018-12-08 11:20:33 +01:00
|
|
|
}
|
2018-04-17 12:08:31 +02:00
|
|
|
|
|
|
|
wpabuf_free(sta->roaming_consortium);
|
2023-02-16 00:08:30 +01:00
|
|
|
if (elems->roaming_cons_sel)
|
2018-04-17 12:08:31 +02:00
|
|
|
sta->roaming_consortium = wpabuf_alloc_copy(
|
2023-02-16 00:08:30 +01:00
|
|
|
elems->roaming_cons_sel + 4,
|
|
|
|
elems->roaming_cons_sel_len - 4);
|
2018-04-17 12:08:31 +02:00
|
|
|
else
|
|
|
|
sta->roaming_consortium = NULL;
|
2012-11-21 23:19:17 +01:00
|
|
|
#endif /* CONFIG_HS20 */
|
|
|
|
|
2015-01-21 14:30:48 +01:00
|
|
|
#ifdef CONFIG_FST
|
|
|
|
wpabuf_free(sta->mb_ies);
|
|
|
|
if (hapd->iface->fst)
|
2023-02-16 00:08:30 +01:00
|
|
|
sta->mb_ies = mb_ies_by_info(&elems->mb_ies);
|
2015-01-21 14:30:48 +01:00
|
|
|
else
|
|
|
|
sta->mb_ies = NULL;
|
|
|
|
#endif /* CONFIG_FST */
|
|
|
|
|
2016-02-22 15:39:24 +01:00
|
|
|
#ifdef CONFIG_MBO
|
2023-02-16 00:08:30 +01:00
|
|
|
mbo_ap_check_sta_assoc(hapd, sta, elems);
|
2016-02-22 12:03:28 +01:00
|
|
|
|
2016-02-22 15:39:24 +01:00
|
|
|
if (hapd->conf->mbo_enabled && (hapd->conf->wpa & 2) &&
|
2023-02-16 00:08:30 +01:00
|
|
|
elems->mbo && sta->cell_capa && !(sta->flags & WLAN_STA_MFP) &&
|
2016-02-22 15:39:24 +01:00
|
|
|
hapd->conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
|
|
|
|
wpa_printf(MSG_INFO,
|
|
|
|
"MBO: Reject WPA2 association without PMF");
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_MBO */
|
|
|
|
|
2018-08-06 21:46:36 +02:00
|
|
|
#if defined(CONFIG_FILS) && defined(CONFIG_OCV)
|
|
|
|
if (wpa_auth_uses_ocv(sta->wpa_sm) &&
|
|
|
|
(sta->auth_alg == WLAN_AUTH_FILS_SK ||
|
|
|
|
sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
|
|
|
|
sta->auth_alg == WLAN_AUTH_FILS_PK)) {
|
|
|
|
struct wpa_channel_info ci;
|
|
|
|
int tx_chanwidth;
|
|
|
|
int tx_seg1_idx;
|
2020-10-07 09:21:58 +02:00
|
|
|
enum oci_verify_result res;
|
2018-08-06 21:46:36 +02:00
|
|
|
|
|
|
|
if (hostapd_drv_channel_info(hapd, &ci) != 0) {
|
|
|
|
wpa_printf(MSG_WARNING,
|
|
|
|
"Failed to get channel info to validate received OCI in FILS (Re)Association Request frame");
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (get_sta_tx_parameters(sta->wpa_sm,
|
|
|
|
channel_width_to_int(ci.chanwidth),
|
|
|
|
ci.seg1_idx, &tx_chanwidth,
|
|
|
|
&tx_seg1_idx) < 0)
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
|
2023-02-16 00:08:30 +01:00
|
|
|
res = ocv_verify_tx_params(elems->oci, elems->oci_len, &ci,
|
2020-10-07 09:21:58 +02:00
|
|
|
tx_chanwidth, tx_seg1_idx);
|
|
|
|
if (wpa_auth_uses_ocv(sta->wpa_sm) == 2 &&
|
|
|
|
res == OCI_NOT_FOUND) {
|
|
|
|
/* Work around misbehaving STAs */
|
|
|
|
wpa_printf(MSG_INFO,
|
|
|
|
"FILS: Disable OCV with a STA that does not send OCI");
|
|
|
|
wpa_auth_set_ocv(sta->wpa_sm, 0);
|
|
|
|
} else if (res != OCI_SUCCESS) {
|
2020-05-25 17:33:00 +02:00
|
|
|
wpa_printf(MSG_WARNING, "FILS: OCV failed: %s",
|
|
|
|
ocv_errorstr);
|
2020-05-25 19:46:32 +02:00
|
|
|
wpa_msg(hapd->msg_ctx, MSG_INFO, OCV_FAILURE "addr="
|
|
|
|
MACSTR " frame=fils-reassoc-req error=%s",
|
|
|
|
MAC2STR(sta->addr), ocv_errorstr);
|
2018-08-06 21:46:36 +02:00
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_FILS && CONFIG_OCV */
|
|
|
|
|
2023-02-16 00:08:30 +01:00
|
|
|
ap_copy_sta_supp_op_classes(sta, elems->supp_op_classes,
|
|
|
|
elems->supp_op_classes_len);
|
2016-02-24 11:20:31 +01:00
|
|
|
|
2016-04-06 18:42:10 +02:00
|
|
|
if ((sta->capability & WLAN_CAPABILITY_RADIO_MEASUREMENT) &&
|
2023-02-16 00:08:30 +01:00
|
|
|
elems->rrm_enabled &&
|
|
|
|
elems->rrm_enabled_len >= sizeof(sta->rrm_enabled_capa))
|
|
|
|
os_memcpy(sta->rrm_enabled_capa, elems->rrm_enabled,
|
2016-04-06 18:42:10 +02:00
|
|
|
sizeof(sta->rrm_enabled_capa));
|
|
|
|
|
2023-02-16 00:08:30 +01:00
|
|
|
if (elems->power_capab) {
|
|
|
|
sta->min_tx_power = elems->power_capab[0];
|
|
|
|
sta->max_tx_power = elems->power_capab[1];
|
2017-10-06 17:03:25 +02:00
|
|
|
sta->power_capab = 1;
|
|
|
|
} else {
|
|
|
|
sta->power_capab = 0;
|
|
|
|
}
|
|
|
|
|
2009-11-29 21:14:57 +01:00
|
|
|
return WLAN_STATUS_SUCCESS;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2023-02-16 00:08:30 +01:00
|
|
|
static int check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta,
|
|
|
|
const u8 *ies, size_t ies_len, int reassoc)
|
|
|
|
{
|
|
|
|
struct ieee802_11_elems elems;
|
|
|
|
|
|
|
|
if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed) {
|
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_INFO,
|
|
|
|
"Station sent an invalid association request");
|
|
|
|
return WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
}
|
|
|
|
|
2023-05-22 21:33:45 +02:00
|
|
|
return __check_assoc_ies(hapd, sta, ies, ies_len, &elems, reassoc,
|
|
|
|
false);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
#ifdef CONFIG_IEEE80211BE
|
|
|
|
|
2024-01-21 20:06:18 +01:00
|
|
|
static void ieee80211_ml_build_assoc_resp(struct hostapd_data *hapd,
|
|
|
|
struct mld_link_info *link)
|
2023-05-22 21:33:45 +02:00
|
|
|
{
|
2024-01-21 20:06:18 +01:00
|
|
|
u8 buf[EHT_ML_MAX_STA_PROF_LEN];
|
2023-05-22 21:33:45 +02:00
|
|
|
u8 *p = buf;
|
2024-01-21 20:06:18 +01:00
|
|
|
size_t buflen = sizeof(buf);
|
2023-05-22 21:33:45 +02:00
|
|
|
|
|
|
|
/* Capability Info */
|
|
|
|
WPA_PUT_LE16(p, hostapd_own_capab_info(hapd));
|
|
|
|
p += 2;
|
|
|
|
|
|
|
|
/* Status Code */
|
2024-01-21 20:06:18 +01:00
|
|
|
WPA_PUT_LE16(p, link->status);
|
2023-05-22 21:33:45 +02:00
|
|
|
p += 2;
|
|
|
|
|
2024-01-21 20:06:18 +01:00
|
|
|
if (link->status != WLAN_STATUS_SUCCESS)
|
|
|
|
goto out;
|
2023-05-22 21:33:45 +02:00
|
|
|
|
|
|
|
/* AID is not included */
|
|
|
|
p = hostapd_eid_supp_rates(hapd, p);
|
|
|
|
p = hostapd_eid_ext_supp_rates(hapd, p);
|
|
|
|
p = hostapd_eid_rm_enabled_capab(hapd, p, buf + buflen - p);
|
|
|
|
p = hostapd_eid_ht_capabilities(hapd, p);
|
|
|
|
p = hostapd_eid_ht_operation(hapd, p);
|
|
|
|
|
|
|
|
if (hapd->iconf->ieee80211ac && !hapd->conf->disable_11ac) {
|
|
|
|
p = hostapd_eid_vht_capabilities(hapd, p, 0);
|
|
|
|
p = hostapd_eid_vht_operation(hapd, p);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (hapd->iconf->ieee80211ax && !hapd->conf->disable_11ax) {
|
|
|
|
p = hostapd_eid_he_capab(hapd, p, IEEE80211_MODE_AP);
|
|
|
|
p = hostapd_eid_he_operation(hapd, p);
|
|
|
|
p = hostapd_eid_spatial_reuse(hapd, p);
|
|
|
|
p = hostapd_eid_he_mu_edca_parameter_set(hapd, p);
|
|
|
|
p = hostapd_eid_he_6ghz_band_cap(hapd, p);
|
|
|
|
if (hapd->iconf->ieee80211be && !hapd->conf->disable_11be) {
|
|
|
|
p = hostapd_eid_eht_capab(hapd, p, IEEE80211_MODE_AP);
|
|
|
|
p = hostapd_eid_eht_operation(hapd, p);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
p = hostapd_eid_ext_capab(hapd, p, false);
|
|
|
|
p = hostapd_eid_mbo(hapd, p, buf + buflen - p);
|
|
|
|
p = hostapd_eid_wmm(hapd, p);
|
|
|
|
|
|
|
|
if (hapd->conf->assocresp_elements &&
|
|
|
|
(size_t) (buf + buflen - p) >=
|
|
|
|
wpabuf_len(hapd->conf->assocresp_elements)) {
|
|
|
|
os_memcpy(p, wpabuf_head(hapd->conf->assocresp_elements),
|
|
|
|
wpabuf_len(hapd->conf->assocresp_elements));
|
|
|
|
p += wpabuf_len(hapd->conf->assocresp_elements);
|
|
|
|
}
|
|
|
|
|
2024-01-21 20:06:18 +01:00
|
|
|
out:
|
|
|
|
os_free(link->resp_sta_profile);
|
|
|
|
link->resp_sta_profile = os_memdup(buf, p - buf);
|
|
|
|
link->resp_sta_profile_len = link->resp_sta_profile ? p - buf : 0;
|
2023-05-22 21:33:45 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void ieee80211_ml_process_link(struct hostapd_data *hapd,
|
|
|
|
struct sta_info *origin_sta,
|
|
|
|
struct mld_link_info *link,
|
|
|
|
const u8 *ies, size_t ies_len,
|
|
|
|
bool reassoc)
|
|
|
|
{
|
|
|
|
struct ieee802_11_elems elems;
|
|
|
|
struct wpabuf *mlbuf = NULL;
|
|
|
|
struct sta_info *sta = NULL;
|
|
|
|
u16 status = WLAN_STATUS_SUCCESS;
|
2024-01-21 20:06:18 +01:00
|
|
|
int i;
|
2023-05-22 21:33:45 +02:00
|
|
|
|
|
|
|
wpa_printf(MSG_DEBUG, "MLD: link: link_id=%u, peer=" MACSTR,
|
|
|
|
hapd->mld_link_id, MAC2STR(link->peer_addr));
|
|
|
|
|
|
|
|
if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed) {
|
|
|
|
wpa_printf(MSG_DEBUG, "MLD: link: Element parsing failed");
|
|
|
|
status = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
sta = ap_get_sta(hapd, origin_sta->addr);
|
|
|
|
if (sta) {
|
|
|
|
wpa_printf(MSG_INFO, "MLD: link: Station already exists");
|
|
|
|
status = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
sta = NULL;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
sta = ap_sta_add(hapd, origin_sta->addr);
|
|
|
|
if (!sta) {
|
|
|
|
wpa_printf(MSG_DEBUG, "MLD: link: ap_sta_add() failed");
|
|
|
|
status = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
2023-11-21 00:51:18 +01:00
|
|
|
mlbuf = ieee802_11_defrag(elems.basic_mle, elems.basic_mle_len, true);
|
2023-05-22 21:33:45 +02:00
|
|
|
if (!mlbuf)
|
|
|
|
goto out;
|
|
|
|
|
|
|
|
if (ieee802_11_parse_link_assoc_req(ies, ies_len, &elems, mlbuf,
|
|
|
|
hapd->mld_link_id, true) ==
|
|
|
|
ParseFailed) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"MLD: link: Failed to parse association request Multi-Link element");
|
|
|
|
status = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
|
|
|
sta->flags |= origin_sta->flags | WLAN_STA_ASSOC_REQ_OK;
|
|
|
|
status = __check_assoc_ies(hapd, sta, NULL, 0, &elems, reassoc, true);
|
|
|
|
if (status != WLAN_STATUS_SUCCESS) {
|
|
|
|
wpa_printf(MSG_DEBUG, "MLD: link: Element check failed");
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
|
2024-01-21 18:06:36 +01:00
|
|
|
ap_sta_set_mld(sta, true);
|
2023-05-22 21:33:45 +02:00
|
|
|
sta->mld_assoc_link_id = origin_sta->mld_assoc_link_id;
|
|
|
|
|
|
|
|
os_memcpy(&sta->mld_info, &origin_sta->mld_info, sizeof(sta->mld_info));
|
2024-01-21 20:06:18 +01:00
|
|
|
for (i = 0; i < MAX_NUM_MLD_LINKS; i++) {
|
|
|
|
struct mld_link_info *li = &sta->mld_info.links[i];
|
|
|
|
|
|
|
|
li->resp_sta_profile = NULL;
|
|
|
|
li->resp_sta_profile_len = 0;
|
|
|
|
}
|
2023-05-22 21:33:45 +02:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Get the AID from the station on which the association was performed,
|
|
|
|
* and mark it as used.
|
|
|
|
*/
|
|
|
|
sta->aid = origin_sta->aid;
|
|
|
|
if (sta->aid == 0) {
|
|
|
|
wpa_printf(MSG_DEBUG, "MLD: link: No AID assigned");
|
|
|
|
status = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto out;
|
|
|
|
}
|
|
|
|
hapd->sta_aid[(sta->aid - 1) / 32] |= BIT((sta->aid - 1) % 32);
|
|
|
|
sta->listen_interval = origin_sta->listen_interval;
|
2023-11-03 09:14:24 +01:00
|
|
|
if (update_ht_state(hapd, sta) > 0)
|
|
|
|
ieee802_11_update_beacons(hapd->iface);
|
2023-05-22 21:33:45 +02:00
|
|
|
|
|
|
|
/* RSN Authenticator should always be the one on the original station */
|
|
|
|
wpa_auth_sta_deinit(sta->wpa_sm);
|
|
|
|
sta->wpa_sm = NULL;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Do not initialize the EAPOL state machine.
|
|
|
|
* TODO: Maybe it is needed?
|
|
|
|
*/
|
|
|
|
sta->eapol_sm = NULL;
|
|
|
|
|
|
|
|
wpa_printf(MSG_DEBUG, "MLD: link=%u, association OK (aid=%u)",
|
|
|
|
hapd->mld_link_id, sta->aid);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Get RSNE and RSNXE for the current BSS as they are required by the
|
|
|
|
* Authenticator.
|
|
|
|
*/
|
|
|
|
link->rsne = hostapd_wpa_ie(hapd, WLAN_EID_RSN);
|
|
|
|
link->rsnxe = hostapd_wpa_ie(hapd, WLAN_EID_RSNX);
|
|
|
|
|
|
|
|
sta->flags |= WLAN_STA_AUTH | WLAN_STA_ASSOC_REQ_OK;
|
|
|
|
|
|
|
|
/* TODO: What other processing is required? */
|
|
|
|
|
|
|
|
if (add_associated_sta(hapd, sta, reassoc))
|
|
|
|
status = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
|
|
|
|
out:
|
|
|
|
wpabuf_free(mlbuf);
|
|
|
|
link->status = status;
|
|
|
|
|
|
|
|
wpa_printf(MSG_DEBUG, "MLD: link: status=%u", status);
|
|
|
|
if (sta && status != WLAN_STATUS_SUCCESS)
|
|
|
|
ap_free_sta(hapd, sta);
|
|
|
|
|
2024-01-21 20:06:18 +01:00
|
|
|
ieee80211_ml_build_assoc_resp(hapd, link);
|
2023-05-22 21:33:45 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2023-05-22 21:33:49 +02:00
|
|
|
bool hostapd_is_mld_ap(struct hostapd_data *hapd)
|
2023-05-22 21:33:45 +02:00
|
|
|
{
|
|
|
|
if (!hapd->conf->mld_ap)
|
|
|
|
return false;
|
|
|
|
|
|
|
|
if (!hapd->iface || !hapd->iface->interfaces ||
|
|
|
|
hapd->iface->interfaces->count <= 1)
|
|
|
|
return false;
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
|
|
|
|
|
|
|
|
|
|
|
static void hostapd_process_assoc_ml_info(struct hostapd_data *hapd,
|
|
|
|
struct sta_info *sta,
|
|
|
|
const u8 *ies, size_t ies_len,
|
2023-11-21 00:51:26 +01:00
|
|
|
bool reassoc, int tx_link_status)
|
2023-05-22 21:33:45 +02:00
|
|
|
{
|
|
|
|
#ifdef CONFIG_IEEE80211BE
|
|
|
|
unsigned int i, j;
|
|
|
|
|
|
|
|
if (!hostapd_is_mld_ap(hapd))
|
|
|
|
return;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* This is not really needed, but make the interaction with the RSN
|
|
|
|
* Authenticator more consistent
|
|
|
|
*/
|
|
|
|
sta->mld_info.links[hapd->mld_link_id].rsne =
|
|
|
|
hostapd_wpa_ie(hapd, WLAN_EID_RSN);
|
|
|
|
sta->mld_info.links[hapd->mld_link_id].rsnxe =
|
|
|
|
hostapd_wpa_ie(hapd, WLAN_EID_RSNX);
|
|
|
|
|
|
|
|
for (i = 0; i < MAX_NUM_MLD_LINKS; i++) {
|
|
|
|
struct hostapd_iface *iface = NULL;
|
|
|
|
struct mld_link_info *link = &sta->mld_info.links[i];
|
|
|
|
|
|
|
|
if (!link->valid)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
for (j = 0; j < hapd->iface->interfaces->count; j++) {
|
|
|
|
iface = hapd->iface->interfaces->iface[j];
|
|
|
|
|
|
|
|
if (hapd->iface == iface)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
if (iface->bss[0]->conf->mld_ap &&
|
|
|
|
hapd->conf->mld_id == iface->bss[0]->conf->mld_id &&
|
|
|
|
i == iface->bss[0]->mld_link_id)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
2023-11-21 00:51:26 +01:00
|
|
|
if (!iface || j == hapd->iface->interfaces->count ||
|
|
|
|
TEST_FAIL()) {
|
2023-05-22 21:33:45 +02:00
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"MLD: No link match for link_id=%u", i);
|
|
|
|
|
|
|
|
link->status = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
2024-01-21 20:06:18 +01:00
|
|
|
ieee80211_ml_build_assoc_resp(hapd, link);
|
2023-11-21 00:51:26 +01:00
|
|
|
} else if (tx_link_status != WLAN_STATUS_SUCCESS) {
|
|
|
|
/* TX link rejected the connection */
|
|
|
|
link->status = WLAN_STATUS_DENIED_TX_LINK_NOT_ACCEPTED;
|
2024-01-21 20:06:18 +01:00
|
|
|
ieee80211_ml_build_assoc_resp(hapd, link);
|
2023-05-22 21:33:45 +02:00
|
|
|
} else {
|
|
|
|
ieee80211_ml_process_link(iface->bss[0], sta, link,
|
|
|
|
ies, ies_len, reassoc);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
2023-02-16 00:08:30 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2009-11-29 21:14:57 +01:00
|
|
|
static void send_deauth(struct hostapd_data *hapd, const u8 *addr,
|
|
|
|
u16 reason_code)
|
|
|
|
{
|
|
|
|
int send_len;
|
|
|
|
struct ieee80211_mgmt reply;
|
|
|
|
|
|
|
|
os_memset(&reply, 0, sizeof(reply));
|
|
|
|
reply.frame_control =
|
|
|
|
IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_DEAUTH);
|
|
|
|
os_memcpy(reply.da, addr, ETH_ALEN);
|
|
|
|
os_memcpy(reply.sa, hapd->own_addr, ETH_ALEN);
|
|
|
|
os_memcpy(reply.bssid, hapd->own_addr, ETH_ALEN);
|
|
|
|
|
|
|
|
send_len = IEEE80211_HDRLEN + sizeof(reply.u.deauth);
|
|
|
|
reply.u.deauth.reason_code = host_to_le16(reason_code);
|
|
|
|
|
2020-01-03 12:34:37 +01:00
|
|
|
if (hostapd_drv_send_mlme(hapd, &reply, send_len, 0, NULL, 0, 0) < 0)
|
2009-11-29 21:14:57 +01:00
|
|
|
wpa_printf(MSG_INFO, "Failed to send deauth: %s",
|
|
|
|
strerror(errno));
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2016-02-16 10:54:33 +01:00
|
|
|
static int add_associated_sta(struct hostapd_data *hapd,
|
2019-01-04 21:58:56 +01:00
|
|
|
struct sta_info *sta, int reassoc)
|
2016-02-16 10:54:33 +01:00
|
|
|
{
|
|
|
|
struct ieee80211_ht_capabilities ht_cap;
|
|
|
|
struct ieee80211_vht_capabilities vht_cap;
|
2019-05-20 09:55:05 +02:00
|
|
|
struct ieee80211_he_capabilities he_cap;
|
2022-04-19 20:04:13 +02:00
|
|
|
struct ieee80211_eht_capabilities eht_cap;
|
2017-07-14 15:15:35 +02:00
|
|
|
int set = 1;
|
2023-05-22 21:33:43 +02:00
|
|
|
const u8 *mld_link_addr = NULL;
|
|
|
|
bool mld_link_sta = false;
|
|
|
|
|
|
|
|
#ifdef CONFIG_IEEE80211BE
|
2024-01-21 17:45:28 +01:00
|
|
|
if (ap_sta_is_mld(hapd, sta)) {
|
2023-05-22 21:33:43 +02:00
|
|
|
u8 mld_link_id = hapd->mld_link_id;
|
|
|
|
|
|
|
|
mld_link_sta = sta->mld_assoc_link_id != mld_link_id;
|
|
|
|
mld_link_addr = sta->mld_info.links[mld_link_id].peer_addr;
|
|
|
|
|
|
|
|
if (hapd->mld_link_id != sta->mld_assoc_link_id)
|
|
|
|
set = 0;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
2016-02-16 10:54:33 +01:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Remove the STA entry to ensure the STA PS state gets cleared and
|
|
|
|
* configuration gets updated. This is relevant for cases, such as
|
|
|
|
* FT-over-the-DS, where a station re-associates back to the same AP but
|
|
|
|
* skips the authentication flow, or if working with a driver that
|
|
|
|
* does not support full AP client state.
|
2017-07-14 15:15:35 +02:00
|
|
|
*
|
|
|
|
* Skip this if the STA has already completed FT reassociation and the
|
|
|
|
* TK has been configured since the TX/RX PN must not be reset to 0 for
|
|
|
|
* the same key.
|
2019-01-04 21:58:56 +01:00
|
|
|
*
|
|
|
|
* FT-over-the-DS has a special case where the STA entry (and as such,
|
|
|
|
* the TK) has not yet been configured to the driver depending on which
|
|
|
|
* driver interface is used. For that case, allow add-STA operation to
|
|
|
|
* be used (instead of set-STA). This is needed to allow mac80211-based
|
|
|
|
* drivers to accept the STA parameter configuration. Since this is
|
|
|
|
* after a new FT-over-DS exchange, a new TK has been derived, so key
|
|
|
|
* reinstallation is not a concern for this case.
|
2016-02-16 10:54:33 +01:00
|
|
|
*/
|
2019-01-04 21:58:56 +01:00
|
|
|
wpa_printf(MSG_DEBUG, "Add associated STA " MACSTR
|
|
|
|
" (added_unassoc=%d auth_alg=%u ft_over_ds=%u reassoc=%d authorized=%d ft_tk=%d fils_tk=%d)",
|
|
|
|
MAC2STR(sta->addr), sta->added_unassoc, sta->auth_alg,
|
|
|
|
sta->ft_over_ds, reassoc,
|
|
|
|
!!(sta->flags & WLAN_STA_AUTHORIZED),
|
|
|
|
wpa_auth_sta_ft_tk_already_set(sta->wpa_sm),
|
|
|
|
wpa_auth_sta_fils_tk_already_set(sta->wpa_sm));
|
|
|
|
|
2023-05-22 21:33:43 +02:00
|
|
|
if (!mld_link_sta && !sta->added_unassoc &&
|
2017-07-14 15:15:35 +02:00
|
|
|
(!(sta->flags & WLAN_STA_AUTHORIZED) ||
|
2019-01-04 21:58:56 +01:00
|
|
|
(reassoc && sta->ft_over_ds && sta->auth_alg == WLAN_AUTH_FT) ||
|
2017-08-25 15:24:18 +02:00
|
|
|
(!wpa_auth_sta_ft_tk_already_set(sta->wpa_sm) &&
|
|
|
|
!wpa_auth_sta_fils_tk_already_set(sta->wpa_sm)))) {
|
2016-02-16 10:54:33 +01:00
|
|
|
hostapd_drv_sta_remove(hapd, sta->addr);
|
2017-07-14 15:15:35 +02:00
|
|
|
wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED);
|
|
|
|
set = 0;
|
2019-01-04 21:58:56 +01:00
|
|
|
|
|
|
|
/* Do not allow the FT-over-DS exception to be used more than
|
|
|
|
* once per authentication exchange to guarantee a new TK is
|
|
|
|
* used here */
|
|
|
|
sta->ft_over_ds = 0;
|
2017-07-14 15:15:35 +02:00
|
|
|
}
|
2016-02-16 10:54:33 +01:00
|
|
|
|
|
|
|
if (sta->flags & WLAN_STA_HT)
|
|
|
|
hostapd_get_ht_capab(hapd, sta->ht_capabilities, &ht_cap);
|
|
|
|
#ifdef CONFIG_IEEE80211AC
|
|
|
|
if (sta->flags & WLAN_STA_VHT)
|
|
|
|
hostapd_get_vht_capab(hapd, sta->vht_capabilities, &vht_cap);
|
|
|
|
#endif /* CONFIG_IEEE80211AC */
|
2019-05-20 09:55:05 +02:00
|
|
|
#ifdef CONFIG_IEEE80211AX
|
|
|
|
if (sta->flags & WLAN_STA_HE) {
|
|
|
|
hostapd_get_he_capab(hapd, sta->he_capab, &he_cap,
|
|
|
|
sta->he_capab_len);
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_IEEE80211AX */
|
2022-04-19 20:04:13 +02:00
|
|
|
#ifdef CONFIG_IEEE80211BE
|
|
|
|
if (sta->flags & WLAN_STA_EHT)
|
|
|
|
hostapd_get_eht_capab(hapd, sta->eht_capab, &eht_cap,
|
|
|
|
sta->eht_capab_len);
|
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
2016-02-16 10:54:33 +01:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Add the station with forced WLAN_STA_ASSOC flag. The sta->flags
|
|
|
|
* will be set when the ACK frame for the (Re)Association Response frame
|
|
|
|
* is processed (TX status driver event).
|
|
|
|
*/
|
|
|
|
if (hostapd_sta_add(hapd, sta->addr, sta->aid, sta->capability,
|
|
|
|
sta->supported_rates, sta->supported_rates_len,
|
|
|
|
sta->listen_interval,
|
|
|
|
sta->flags & WLAN_STA_HT ? &ht_cap : NULL,
|
|
|
|
sta->flags & WLAN_STA_VHT ? &vht_cap : NULL,
|
2019-05-20 09:55:05 +02:00
|
|
|
sta->flags & WLAN_STA_HE ? &he_cap : NULL,
|
|
|
|
sta->flags & WLAN_STA_HE ? sta->he_capab_len : 0,
|
2022-04-19 20:04:13 +02:00
|
|
|
sta->flags & WLAN_STA_EHT ? &eht_cap : NULL,
|
|
|
|
sta->flags & WLAN_STA_EHT ? sta->eht_capab_len : 0,
|
2020-04-25 00:45:41 +02:00
|
|
|
sta->he_6ghz_capab,
|
2016-02-16 10:54:33 +01:00
|
|
|
sta->flags | WLAN_STA_ASSOC, sta->qosinfo,
|
2016-04-07 12:31:01 +02:00
|
|
|
sta->vht_opmode, sta->p2p_ie ? 1 : 0,
|
2023-05-22 21:33:43 +02:00
|
|
|
set, mld_link_addr, mld_link_sta)) {
|
2016-02-16 10:54:33 +01:00
|
|
|
hostapd_logger(hapd, sta->addr,
|
|
|
|
HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE,
|
|
|
|
"Could not %s STA to kernel driver",
|
2017-07-14 15:15:35 +02:00
|
|
|
set ? "set" : "add");
|
2016-02-16 10:54:33 +01:00
|
|
|
|
|
|
|
if (sta->added_unassoc) {
|
|
|
|
hostapd_drv_sta_remove(hapd, sta->addr);
|
|
|
|
sta->added_unassoc = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
sta->added_unassoc = 0;
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2016-02-16 10:54:32 +01:00
|
|
|
static u16 send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta,
|
2016-12-26 20:00:51 +01:00
|
|
|
const u8 *addr, u16 status_code, int reassoc,
|
2020-03-20 20:56:44 +01:00
|
|
|
const u8 *ies, size_t ies_len, int rssi,
|
2023-11-21 00:51:42 +01:00
|
|
|
int omit_rsnxe, bool allow_mld_addr_trans)
|
2009-11-29 21:14:57 +01:00
|
|
|
{
|
|
|
|
int send_len;
|
2017-01-31 13:38:44 +01:00
|
|
|
u8 *buf;
|
|
|
|
size_t buflen;
|
2009-11-29 21:14:57 +01:00
|
|
|
struct ieee80211_mgmt *reply;
|
|
|
|
u8 *p;
|
2017-01-31 13:38:44 +01:00
|
|
|
u16 res = WLAN_STATUS_SUCCESS;
|
2023-05-22 21:33:46 +02:00
|
|
|
const u8 *sa = hapd->own_addr;
|
2009-11-29 21:14:57 +01:00
|
|
|
|
2017-01-31 13:38:44 +01:00
|
|
|
buflen = sizeof(struct ieee80211_mgmt) + 1024;
|
|
|
|
#ifdef CONFIG_FILS
|
2017-02-05 15:40:15 +01:00
|
|
|
if (sta && sta->fils_hlp_resp)
|
2017-01-31 13:38:44 +01:00
|
|
|
buflen += wpabuf_len(sta->fils_hlp_resp);
|
2019-05-22 16:26:55 +02:00
|
|
|
if (sta)
|
|
|
|
buflen += 150;
|
2017-01-31 13:38:44 +01:00
|
|
|
#endif /* CONFIG_FILS */
|
2017-03-12 00:26:43 +01:00
|
|
|
#ifdef CONFIG_OWE
|
|
|
|
if (sta && (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE))
|
2017-10-08 12:49:45 +02:00
|
|
|
buflen += 150;
|
2017-03-12 00:26:43 +01:00
|
|
|
#endif /* CONFIG_OWE */
|
2019-03-17 22:51:53 +01:00
|
|
|
#ifdef CONFIG_DPP2
|
|
|
|
if (sta && sta->dpp_pfs)
|
|
|
|
buflen += 5 + sta->dpp_pfs->curve->prime_len;
|
|
|
|
#endif /* CONFIG_DPP2 */
|
2022-04-19 20:04:08 +02:00
|
|
|
#ifdef CONFIG_IEEE80211BE
|
2022-04-19 20:04:09 +02:00
|
|
|
if (hapd->iconf->ieee80211be && !hapd->conf->disable_11be) {
|
2022-04-19 20:04:08 +02:00
|
|
|
buflen += hostapd_eid_eht_capab_len(hapd, IEEE80211_MODE_AP);
|
2022-04-19 20:04:09 +02:00
|
|
|
buflen += 3 + sizeof(struct ieee80211_eht_operation);
|
2023-03-14 05:59:18 +01:00
|
|
|
if (hapd->iconf->punct_bitmap)
|
|
|
|
buflen += EHT_OPER_DISABLED_SUBCHAN_BITMAP_SIZE;
|
2022-04-19 20:04:09 +02:00
|
|
|
}
|
2022-04-19 20:04:08 +02:00
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
|
|
|
|
2017-01-31 13:38:44 +01:00
|
|
|
buf = os_zalloc(buflen);
|
|
|
|
if (!buf) {
|
|
|
|
res = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto done;
|
|
|
|
}
|
2009-11-29 21:14:57 +01:00
|
|
|
reply = (struct ieee80211_mgmt *) buf;
|
|
|
|
reply->frame_control =
|
|
|
|
IEEE80211_FC(WLAN_FC_TYPE_MGMT,
|
|
|
|
(reassoc ? WLAN_FC_STYPE_REASSOC_RESP :
|
|
|
|
WLAN_FC_STYPE_ASSOC_RESP));
|
2023-05-22 21:33:46 +02:00
|
|
|
|
|
|
|
#ifdef CONFIG_IEEE80211BE
|
|
|
|
/*
|
|
|
|
* Once a non-AP MLD is added to the driver, the addressing should use
|
|
|
|
* MLD MAC address.
|
|
|
|
*/
|
2024-01-21 17:45:28 +01:00
|
|
|
if (ap_sta_is_mld(hapd, sta) && allow_mld_addr_trans)
|
2023-05-22 21:33:46 +02:00
|
|
|
sa = hapd->mld_addr;
|
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
|
|
|
|
2016-12-26 20:00:51 +01:00
|
|
|
os_memcpy(reply->da, addr, ETH_ALEN);
|
2023-05-22 21:33:46 +02:00
|
|
|
os_memcpy(reply->sa, sa, ETH_ALEN);
|
|
|
|
os_memcpy(reply->bssid, sa, ETH_ALEN);
|
2009-11-29 21:14:57 +01:00
|
|
|
|
|
|
|
send_len = IEEE80211_HDRLEN;
|
|
|
|
send_len += sizeof(reply->u.assoc_resp);
|
|
|
|
reply->u.assoc_resp.capab_info =
|
2015-04-20 23:33:25 +02:00
|
|
|
host_to_le16(hostapd_own_capab_info(hapd));
|
2009-11-29 21:14:57 +01:00
|
|
|
reply->u.assoc_resp.status_code = host_to_le16(status_code);
|
2016-12-26 20:00:51 +01:00
|
|
|
|
|
|
|
reply->u.assoc_resp.aid = host_to_le16((sta ? sta->aid : 0) |
|
|
|
|
BIT(14) | BIT(15));
|
2009-11-29 21:14:57 +01:00
|
|
|
/* Supported rates */
|
|
|
|
p = hostapd_eid_supp_rates(hapd, reply->u.assoc_resp.variable);
|
|
|
|
/* Extended supported rates */
|
|
|
|
p = hostapd_eid_ext_supp_rates(hapd, p);
|
|
|
|
|
2020-01-24 17:24:53 +01:00
|
|
|
/* Radio measurement capabilities */
|
|
|
|
p = hostapd_eid_rm_enabled_capab(hapd, p, buf + buflen - p);
|
|
|
|
|
2017-08-21 18:43:53 +02:00
|
|
|
#ifdef CONFIG_MBO
|
|
|
|
if (status_code == WLAN_STATUS_DENIED_POOR_CHANNEL_CONDITIONS &&
|
|
|
|
rssi != 0) {
|
|
|
|
int delta = hapd->iconf->rssi_reject_assoc_rssi - rssi;
|
|
|
|
|
|
|
|
p = hostapd_eid_mbo_rssi_assoc_rej(hapd, p, buf + buflen - p,
|
|
|
|
delta);
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_MBO */
|
|
|
|
|
2016-10-27 14:18:32 +02:00
|
|
|
#ifdef CONFIG_IEEE80211R_AP
|
2016-12-26 20:00:51 +01:00
|
|
|
if (sta && status_code == WLAN_STATUS_SUCCESS) {
|
2009-11-29 21:14:57 +01:00
|
|
|
/* IEEE 802.11r: Mobility Domain Information, Fast BSS
|
|
|
|
* Transition Information, RSN, [RIC Response] */
|
|
|
|
p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, p,
|
2017-01-31 13:38:44 +01:00
|
|
|
buf + buflen - p,
|
2020-03-20 20:56:44 +01:00
|
|
|
sta->auth_alg, ies, ies_len,
|
|
|
|
omit_rsnxe);
|
2018-06-05 20:09:43 +02:00
|
|
|
if (!p) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"FT: Failed to write AssocResp IEs");
|
|
|
|
res = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto done;
|
|
|
|
}
|
2009-11-29 21:14:57 +01:00
|
|
|
}
|
2016-10-27 14:18:32 +02:00
|
|
|
#endif /* CONFIG_IEEE80211R_AP */
|
2019-05-22 16:26:55 +02:00
|
|
|
#ifdef CONFIG_FILS
|
|
|
|
if (sta && status_code == WLAN_STATUS_SUCCESS &&
|
|
|
|
(sta->auth_alg == WLAN_AUTH_FILS_SK ||
|
|
|
|
sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
|
|
|
|
sta->auth_alg == WLAN_AUTH_FILS_PK))
|
|
|
|
p = wpa_auth_write_assoc_resp_fils(sta->wpa_sm, p,
|
|
|
|
buf + buflen - p,
|
|
|
|
ies, ies_len);
|
|
|
|
#endif /* CONFIG_FILS */
|
2009-11-29 21:14:57 +01:00
|
|
|
|
2017-10-08 12:49:45 +02:00
|
|
|
#ifdef CONFIG_OWE
|
2018-12-02 19:21:21 +01:00
|
|
|
if (sta && status_code == WLAN_STATUS_SUCCESS &&
|
|
|
|
(hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE))
|
2017-10-08 12:49:45 +02:00
|
|
|
p = wpa_auth_write_assoc_resp_owe(sta->wpa_sm, p,
|
|
|
|
buf + buflen - p,
|
|
|
|
ies, ies_len);
|
|
|
|
#endif /* CONFIG_OWE */
|
|
|
|
|
2016-12-26 20:00:51 +01:00
|
|
|
if (sta && status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY)
|
2009-11-29 21:14:57 +01:00
|
|
|
p = hostapd_eid_assoc_comeback_time(hapd, sta, p);
|
|
|
|
|
2010-05-02 09:53:01 +02:00
|
|
|
p = hostapd_eid_ht_capabilities(hapd, p);
|
|
|
|
p = hostapd_eid_ht_operation(hapd, p);
|
|
|
|
|
2012-08-10 18:51:17 +02:00
|
|
|
#ifdef CONFIG_IEEE80211AC
|
2019-06-19 14:49:13 +02:00
|
|
|
if (hapd->iconf->ieee80211ac && !hapd->conf->disable_11ac &&
|
|
|
|
!is_6ghz_op_class(hapd->iconf->op_class)) {
|
2016-08-31 16:15:47 +02:00
|
|
|
u32 nsts = 0, sta_nsts;
|
|
|
|
|
2016-12-26 20:00:51 +01:00
|
|
|
if (sta && hapd->conf->use_sta_nsts && sta->vht_capabilities) {
|
2016-08-31 16:15:47 +02:00
|
|
|
struct ieee80211_vht_capabilities *capa;
|
|
|
|
|
|
|
|
nsts = (hapd->iface->conf->vht_capab >>
|
|
|
|
VHT_CAP_BEAMFORMEE_STS_OFFSET) & 7;
|
|
|
|
capa = sta->vht_capabilities;
|
|
|
|
sta_nsts = (le_to_host32(capa->vht_capabilities_info) >>
|
|
|
|
VHT_CAP_BEAMFORMEE_STS_OFFSET) & 7;
|
|
|
|
|
|
|
|
if (nsts < sta_nsts)
|
|
|
|
nsts = 0;
|
|
|
|
else
|
|
|
|
nsts = sta_nsts;
|
|
|
|
}
|
|
|
|
p = hostapd_eid_vht_capabilities(hapd, p, nsts);
|
2014-11-10 16:12:29 +01:00
|
|
|
p = hostapd_eid_vht_operation(hapd, p);
|
|
|
|
}
|
2012-08-10 18:51:17 +02:00
|
|
|
#endif /* CONFIG_IEEE80211AC */
|
|
|
|
|
2019-05-20 09:55:05 +02:00
|
|
|
#ifdef CONFIG_IEEE80211AX
|
2020-06-30 16:23:46 +02:00
|
|
|
if (hapd->iconf->ieee80211ax && !hapd->conf->disable_11ax) {
|
2019-06-14 16:49:20 +02:00
|
|
|
p = hostapd_eid_he_capab(hapd, p, IEEE80211_MODE_AP);
|
2019-05-20 09:55:05 +02:00
|
|
|
p = hostapd_eid_he_operation(hapd, p);
|
2022-03-21 12:10:31 +01:00
|
|
|
p = hostapd_eid_cca(hapd, p);
|
2019-05-20 09:55:05 +02:00
|
|
|
p = hostapd_eid_spatial_reuse(hapd, p);
|
|
|
|
p = hostapd_eid_he_mu_edca_parameter_set(hapd, p);
|
2020-04-25 00:45:37 +02:00
|
|
|
p = hostapd_eid_he_6ghz_band_cap(hapd, p);
|
2019-05-20 09:55:05 +02:00
|
|
|
}
|
|
|
|
#endif /* CONFIG_IEEE80211AX */
|
|
|
|
|
2022-12-01 04:18:39 +01:00
|
|
|
p = hostapd_eid_ext_capab(hapd, p, false);
|
2012-05-28 02:35:00 +02:00
|
|
|
p = hostapd_eid_bss_max_idle_period(hapd, p);
|
2016-12-26 20:00:51 +01:00
|
|
|
if (sta && sta->qos_map_enabled)
|
2013-07-24 11:28:20 +02:00
|
|
|
p = hostapd_eid_qos_map_set(hapd, p);
|
2011-01-28 18:21:59 +01:00
|
|
|
|
2015-01-21 14:30:48 +01:00
|
|
|
#ifdef CONFIG_FST
|
|
|
|
if (hapd->iface->fst_ies) {
|
|
|
|
os_memcpy(p, wpabuf_head(hapd->iface->fst_ies),
|
|
|
|
wpabuf_len(hapd->iface->fst_ies));
|
|
|
|
p += wpabuf_len(hapd->iface->fst_ies);
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_FST */
|
|
|
|
|
2020-03-14 22:30:27 +01:00
|
|
|
#ifdef CONFIG_TESTING_OPTIONS
|
|
|
|
if (hapd->conf->rsnxe_override_ft &&
|
|
|
|
buf + buflen - p >=
|
|
|
|
(long int) wpabuf_len(hapd->conf->rsnxe_override_ft) &&
|
|
|
|
sta && sta->auth_alg == WLAN_AUTH_FT) {
|
|
|
|
wpa_printf(MSG_DEBUG, "TESTING: RSNXE FT override");
|
|
|
|
os_memcpy(p, wpabuf_head(hapd->conf->rsnxe_override_ft),
|
|
|
|
wpabuf_len(hapd->conf->rsnxe_override_ft));
|
|
|
|
p += wpabuf_len(hapd->conf->rsnxe_override_ft);
|
|
|
|
goto rsnxe_done;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_TESTING_OPTIONS */
|
2020-03-20 20:56:44 +01:00
|
|
|
if (!omit_rsnxe)
|
|
|
|
p = hostapd_eid_rsnxe(hapd, p, buf + buflen - p);
|
2020-03-14 22:30:27 +01:00
|
|
|
#ifdef CONFIG_TESTING_OPTIONS
|
|
|
|
rsnxe_done:
|
|
|
|
#endif /* CONFIG_TESTING_OPTIONS */
|
2019-10-18 14:49:32 +02:00
|
|
|
|
2022-04-19 20:04:08 +02:00
|
|
|
#ifdef CONFIG_IEEE80211BE
|
2022-04-19 20:04:09 +02:00
|
|
|
if (hapd->iconf->ieee80211be && !hapd->conf->disable_11be) {
|
2023-05-22 21:33:46 +02:00
|
|
|
if (hapd->conf->mld_ap)
|
2023-11-21 00:51:23 +01:00
|
|
|
p = hostapd_eid_eht_ml_assoc(hapd, sta, p);
|
2022-04-19 20:04:08 +02:00
|
|
|
p = hostapd_eid_eht_capab(hapd, p, IEEE80211_MODE_AP);
|
2022-04-19 20:04:09 +02:00
|
|
|
p = hostapd_eid_eht_operation(hapd, p);
|
|
|
|
}
|
2022-04-19 20:04:08 +02:00
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
|
|
|
|
2019-03-18 10:48:53 +01:00
|
|
|
#ifdef CONFIG_OWE
|
|
|
|
if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) &&
|
|
|
|
sta && sta->owe_ecdh && status_code == WLAN_STATUS_SUCCESS &&
|
2020-08-19 11:06:39 +02:00
|
|
|
wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE &&
|
|
|
|
!wpa_auth_sta_get_pmksa(sta->wpa_sm)) {
|
2019-03-18 10:48:53 +01:00
|
|
|
struct wpabuf *pub;
|
|
|
|
|
|
|
|
pub = crypto_ecdh_get_pubkey(sta->owe_ecdh, 0);
|
|
|
|
if (!pub) {
|
|
|
|
res = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto done;
|
|
|
|
}
|
|
|
|
/* OWE Diffie-Hellman Parameter element */
|
|
|
|
*p++ = WLAN_EID_EXTENSION; /* Element ID */
|
|
|
|
*p++ = 1 + 2 + wpabuf_len(pub); /* Length */
|
|
|
|
*p++ = WLAN_EID_EXT_OWE_DH_PARAM; /* Element ID Extension */
|
|
|
|
WPA_PUT_LE16(p, sta->owe_group);
|
|
|
|
p += 2;
|
|
|
|
os_memcpy(p, wpabuf_head(pub), wpabuf_len(pub));
|
|
|
|
p += wpabuf_len(pub);
|
|
|
|
wpabuf_free(pub);
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_OWE */
|
|
|
|
|
2019-03-17 22:51:53 +01:00
|
|
|
#ifdef CONFIG_DPP2
|
2020-05-01 20:07:42 +02:00
|
|
|
if (DPP_VERSION > 1 && (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_DPP) &&
|
2019-03-17 22:51:53 +01:00
|
|
|
sta && sta->dpp_pfs && status_code == WLAN_STATUS_SUCCESS &&
|
|
|
|
wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_DPP) {
|
|
|
|
os_memcpy(p, wpabuf_head(sta->dpp_pfs->ie),
|
|
|
|
wpabuf_len(sta->dpp_pfs->ie));
|
|
|
|
p += wpabuf_len(sta->dpp_pfs->ie);
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_DPP2 */
|
|
|
|
|
2014-11-10 16:12:29 +01:00
|
|
|
#ifdef CONFIG_IEEE80211AC
|
2016-12-26 20:00:51 +01:00
|
|
|
if (sta && hapd->conf->vendor_vht && (sta->flags & WLAN_STA_VENDOR_VHT))
|
2014-11-10 16:12:29 +01:00
|
|
|
p = hostapd_eid_vendor_vht(hapd, p);
|
|
|
|
#endif /* CONFIG_IEEE80211AC */
|
|
|
|
|
2016-12-26 20:00:51 +01:00
|
|
|
if (sta && (sta->flags & WLAN_STA_WMM))
|
2010-05-02 09:53:01 +02:00
|
|
|
p = hostapd_eid_wmm(hapd, p);
|
|
|
|
|
2010-05-26 17:46:08 +02:00
|
|
|
#ifdef CONFIG_WPS
|
2016-12-26 20:00:51 +01:00
|
|
|
if (sta &&
|
|
|
|
((sta->flags & WLAN_STA_WPS) ||
|
|
|
|
((sta->flags & WLAN_STA_MAYBE_WPS) && hapd->conf->wpa))) {
|
2010-05-26 17:46:08 +02:00
|
|
|
struct wpabuf *wps = wps_build_assoc_resp_ie();
|
|
|
|
if (wps) {
|
|
|
|
os_memcpy(p, wpabuf_head(wps), wpabuf_len(wps));
|
|
|
|
p += wpabuf_len(wps);
|
|
|
|
wpabuf_free(wps);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_WPS */
|
|
|
|
|
2018-12-05 11:23:51 +01:00
|
|
|
if (sta && (sta->flags & WLAN_STA_MULTI_AP))
|
|
|
|
p = hostapd_eid_multi_ap(hapd, p);
|
|
|
|
|
2010-07-18 23:30:25 +02:00
|
|
|
#ifdef CONFIG_P2P
|
2016-12-26 20:00:51 +01:00
|
|
|
if (sta && sta->p2p_ie && hapd->p2p_group) {
|
2010-07-18 23:30:25 +02:00
|
|
|
struct wpabuf *p2p_resp_ie;
|
|
|
|
enum p2p_status_code status;
|
|
|
|
switch (status_code) {
|
|
|
|
case WLAN_STATUS_SUCCESS:
|
|
|
|
status = P2P_SC_SUCCESS;
|
|
|
|
break;
|
|
|
|
case WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA:
|
|
|
|
status = P2P_SC_FAIL_LIMIT_REACHED;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
status = P2P_SC_FAIL_INVALID_PARAMS;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
p2p_resp_ie = p2p_group_assoc_resp_ie(hapd->p2p_group, status);
|
|
|
|
if (p2p_resp_ie) {
|
|
|
|
os_memcpy(p, wpabuf_head(p2p_resp_ie),
|
|
|
|
wpabuf_len(p2p_resp_ie));
|
|
|
|
p += wpabuf_len(p2p_resp_ie);
|
|
|
|
wpabuf_free(p2p_resp_ie);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_P2P */
|
|
|
|
|
2010-07-18 23:30:26 +02:00
|
|
|
#ifdef CONFIG_P2P_MANAGER
|
|
|
|
if (hapd->conf->p2p & P2P_MANAGE)
|
|
|
|
p = hostapd_eid_p2p_manage(hapd, p);
|
|
|
|
#endif /* CONFIG_P2P_MANAGER */
|
|
|
|
|
2017-01-31 13:38:44 +01:00
|
|
|
p = hostapd_eid_mbo(hapd, p, buf + buflen - p);
|
2016-02-15 15:53:52 +01:00
|
|
|
|
2016-04-20 06:04:17 +02:00
|
|
|
if (hapd->conf->assocresp_elements &&
|
2017-01-31 13:38:44 +01:00
|
|
|
(size_t) (buf + buflen - p) >=
|
2016-04-20 06:04:17 +02:00
|
|
|
wpabuf_len(hapd->conf->assocresp_elements)) {
|
|
|
|
os_memcpy(p, wpabuf_head(hapd->conf->assocresp_elements),
|
|
|
|
wpabuf_len(hapd->conf->assocresp_elements));
|
|
|
|
p += wpabuf_len(hapd->conf->assocresp_elements);
|
|
|
|
}
|
|
|
|
|
2009-11-29 21:14:57 +01:00
|
|
|
send_len += p - reply->u.assoc_resp.variable;
|
|
|
|
|
2015-09-09 14:43:53 +02:00
|
|
|
#ifdef CONFIG_FILS
|
2016-12-26 20:00:51 +01:00
|
|
|
if (sta &&
|
|
|
|
(sta->auth_alg == WLAN_AUTH_FILS_SK ||
|
2015-09-09 14:43:53 +02:00
|
|
|
sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
|
|
|
|
sta->auth_alg == WLAN_AUTH_FILS_PK) &&
|
|
|
|
status_code == WLAN_STATUS_SUCCESS) {
|
|
|
|
struct ieee802_11_elems elems;
|
|
|
|
|
|
|
|
if (ieee802_11_parse_elems(ies, ies_len, &elems, 0) ==
|
2017-01-31 13:38:44 +01:00
|
|
|
ParseFailed || !elems.fils_session) {
|
|
|
|
res = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto done;
|
|
|
|
}
|
2015-09-09 14:43:53 +02:00
|
|
|
|
|
|
|
/* FILS Session */
|
|
|
|
*p++ = WLAN_EID_EXTENSION; /* Element ID */
|
|
|
|
*p++ = 1 + FILS_SESSION_LEN; /* Length */
|
|
|
|
*p++ = WLAN_EID_EXT_FILS_SESSION; /* Element ID Extension */
|
|
|
|
os_memcpy(p, elems.fils_session, FILS_SESSION_LEN);
|
|
|
|
send_len += 2 + 1 + FILS_SESSION_LEN;
|
|
|
|
|
|
|
|
send_len = fils_encrypt_assoc(sta->wpa_sm, buf, send_len,
|
2017-01-31 13:38:44 +01:00
|
|
|
buflen, sta->fils_hlp_resp);
|
|
|
|
if (send_len < 0) {
|
|
|
|
res = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto done;
|
|
|
|
}
|
2015-09-09 14:43:53 +02:00
|
|
|
}
|
|
|
|
#endif /* CONFIG_FILS */
|
|
|
|
|
2020-01-03 12:34:37 +01:00
|
|
|
if (hostapd_drv_send_mlme(hapd, reply, send_len, 0, NULL, 0, 0) < 0) {
|
2009-11-29 21:14:57 +01:00
|
|
|
wpa_printf(MSG_INFO, "Failed to send assoc resp: %s",
|
|
|
|
strerror(errno));
|
2017-01-31 13:38:44 +01:00
|
|
|
res = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
2016-02-16 10:54:32 +01:00
|
|
|
}
|
|
|
|
|
2017-01-31 13:38:44 +01:00
|
|
|
done:
|
|
|
|
os_free(buf);
|
|
|
|
return res;
|
2009-11-29 21:14:57 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2017-10-30 22:24:42 +01:00
|
|
|
#ifdef CONFIG_OWE
|
2018-02-06 19:27:41 +01:00
|
|
|
u8 * owe_assoc_req_process(struct hostapd_data *hapd, struct sta_info *sta,
|
|
|
|
const u8 *owe_dh, u8 owe_dh_len,
|
2020-02-13 09:51:23 +01:00
|
|
|
u8 *owe_buf, size_t owe_buf_len, u16 *status)
|
2017-10-30 22:24:42 +01:00
|
|
|
{
|
2018-02-12 12:57:12 +01:00
|
|
|
#ifdef CONFIG_TESTING_OPTIONS
|
|
|
|
if (hapd->conf->own_ie_override) {
|
|
|
|
wpa_printf(MSG_DEBUG, "OWE: Using IE override");
|
2020-02-13 09:51:23 +01:00
|
|
|
*status = WLAN_STATUS_SUCCESS;
|
2018-02-12 12:57:12 +01:00
|
|
|
return wpa_auth_write_assoc_resp_owe(sta->wpa_sm, owe_buf,
|
|
|
|
owe_buf_len, NULL, 0);
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_TESTING_OPTIONS */
|
|
|
|
|
2018-01-30 12:24:39 +01:00
|
|
|
if (wpa_auth_sta_get_pmksa(sta->wpa_sm)) {
|
|
|
|
wpa_printf(MSG_DEBUG, "OWE: Using PMKSA caching");
|
|
|
|
owe_buf = wpa_auth_write_assoc_resp_owe(sta->wpa_sm, owe_buf,
|
|
|
|
owe_buf_len, NULL, 0);
|
2020-02-13 09:51:23 +01:00
|
|
|
*status = WLAN_STATUS_SUCCESS;
|
2019-05-29 11:11:48 +02:00
|
|
|
return owe_buf;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (sta->owe_pmk && sta->external_dh_updated) {
|
|
|
|
wpa_printf(MSG_DEBUG, "OWE: Using previously derived PMK");
|
2020-02-13 09:51:23 +01:00
|
|
|
*status = WLAN_STATUS_SUCCESS;
|
2018-01-30 12:24:39 +01:00
|
|
|
return owe_buf;
|
|
|
|
}
|
|
|
|
|
2020-02-13 09:51:23 +01:00
|
|
|
*status = owe_process_assoc_req(hapd, sta, owe_dh, owe_dh_len);
|
|
|
|
if (*status != WLAN_STATUS_SUCCESS)
|
2017-10-30 22:24:42 +01:00
|
|
|
return NULL;
|
|
|
|
|
2018-02-06 19:22:53 +01:00
|
|
|
owe_buf = wpa_auth_write_assoc_resp_owe(sta->wpa_sm, owe_buf,
|
|
|
|
owe_buf_len, NULL, 0);
|
|
|
|
|
2018-03-05 06:29:18 +01:00
|
|
|
if (sta->owe_ecdh && owe_buf) {
|
2018-02-06 19:25:41 +01:00
|
|
|
struct wpabuf *pub;
|
|
|
|
|
|
|
|
pub = crypto_ecdh_get_pubkey(sta->owe_ecdh, 0);
|
|
|
|
if (!pub) {
|
2020-02-13 09:51:23 +01:00
|
|
|
*status = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
2018-02-06 19:25:41 +01:00
|
|
|
return owe_buf;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* OWE Diffie-Hellman Parameter element */
|
|
|
|
*owe_buf++ = WLAN_EID_EXTENSION; /* Element ID */
|
|
|
|
*owe_buf++ = 1 + 2 + wpabuf_len(pub); /* Length */
|
|
|
|
*owe_buf++ = WLAN_EID_EXT_OWE_DH_PARAM; /* Element ID Extension
|
|
|
|
*/
|
|
|
|
WPA_PUT_LE16(owe_buf, sta->owe_group);
|
|
|
|
owe_buf += 2;
|
|
|
|
os_memcpy(owe_buf, wpabuf_head(pub), wpabuf_len(pub));
|
|
|
|
owe_buf += wpabuf_len(pub);
|
|
|
|
wpabuf_free(pub);
|
|
|
|
}
|
|
|
|
|
2017-10-30 22:24:42 +01:00
|
|
|
return owe_buf;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_OWE */
|
|
|
|
|
|
|
|
|
2017-01-31 13:38:44 +01:00
|
|
|
#ifdef CONFIG_FILS
|
|
|
|
|
|
|
|
void fils_hlp_finish_assoc(struct hostapd_data *hapd, struct sta_info *sta)
|
|
|
|
{
|
|
|
|
u16 reply_res;
|
|
|
|
|
|
|
|
wpa_printf(MSG_DEBUG, "FILS: Finish association with " MACSTR,
|
|
|
|
MAC2STR(sta->addr));
|
|
|
|
eloop_cancel_timeout(fils_hlp_timeout, hapd, sta);
|
|
|
|
if (!sta->fils_pending_assoc_req)
|
|
|
|
return;
|
|
|
|
reply_res = send_assoc_resp(hapd, sta, sta->addr, WLAN_STATUS_SUCCESS,
|
|
|
|
sta->fils_pending_assoc_is_reassoc,
|
|
|
|
sta->fils_pending_assoc_req,
|
2023-11-21 00:51:42 +01:00
|
|
|
sta->fils_pending_assoc_req_len, 0, 0,
|
|
|
|
true);
|
2017-01-31 13:38:44 +01:00
|
|
|
os_free(sta->fils_pending_assoc_req);
|
|
|
|
sta->fils_pending_assoc_req = NULL;
|
|
|
|
sta->fils_pending_assoc_req_len = 0;
|
|
|
|
wpabuf_free(sta->fils_hlp_resp);
|
|
|
|
sta->fils_hlp_resp = NULL;
|
|
|
|
wpabuf_free(sta->hlp_dhcp_discover);
|
|
|
|
sta->hlp_dhcp_discover = NULL;
|
|
|
|
|
|
|
|
/*
|
2017-08-21 18:36:21 +02:00
|
|
|
* Remove the station in case transmission of a success response fails.
|
|
|
|
* At this point the station was already added associated to the driver.
|
2017-01-31 13:38:44 +01:00
|
|
|
*/
|
2017-08-21 18:36:21 +02:00
|
|
|
if (reply_res != WLAN_STATUS_SUCCESS)
|
2017-01-31 13:38:44 +01:00
|
|
|
hostapd_drv_sta_remove(hapd, sta->addr);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void fils_hlp_timeout(void *eloop_ctx, void *eloop_data)
|
|
|
|
{
|
|
|
|
struct hostapd_data *hapd = eloop_ctx;
|
|
|
|
struct sta_info *sta = eloop_data;
|
|
|
|
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"FILS: HLP response timeout - continue with association response for "
|
|
|
|
MACSTR, MAC2STR(sta->addr));
|
2017-07-06 12:57:54 +02:00
|
|
|
if (sta->fils_drv_assoc_finish)
|
|
|
|
hostapd_notify_assoc_fils_finish(hapd, sta);
|
|
|
|
else
|
|
|
|
fils_hlp_finish_assoc(hapd, sta);
|
2017-01-31 13:38:44 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
#endif /* CONFIG_FILS */
|
|
|
|
|
|
|
|
|
2023-11-21 00:51:42 +01:00
|
|
|
#ifdef CONFIG_IEEE80211BE
|
|
|
|
static struct sta_info * handle_mlo_translate(struct hostapd_data *hapd,
|
|
|
|
const struct ieee80211_mgmt *mgmt,
|
|
|
|
size_t len, bool reassoc,
|
|
|
|
struct hostapd_data **assoc_hapd)
|
|
|
|
{
|
|
|
|
struct sta_info *sta;
|
|
|
|
struct ieee802_11_elems elems;
|
|
|
|
u8 mld_addr[ETH_ALEN];
|
|
|
|
const u8 *pos;
|
|
|
|
|
|
|
|
if (!hapd->iconf->ieee80211be || hapd->conf->disable_11be)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
if (reassoc) {
|
|
|
|
len -= IEEE80211_HDRLEN + sizeof(mgmt->u.reassoc_req);
|
|
|
|
pos = mgmt->u.reassoc_req.variable;
|
|
|
|
} else {
|
|
|
|
len -= IEEE80211_HDRLEN + sizeof(mgmt->u.assoc_req);
|
|
|
|
pos = mgmt->u.assoc_req.variable;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (ieee802_11_parse_elems(pos, len, &elems, 1) == ParseFailed)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
if (hostapd_process_ml_assoc_req_addr(hapd, elems.basic_mle,
|
|
|
|
elems.basic_mle_len,
|
|
|
|
mld_addr))
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
sta = ap_get_sta(hapd, mld_addr);
|
|
|
|
if (!sta)
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
wpa_printf(MSG_DEBUG, "MLD: assoc: mld=" MACSTR ", link=" MACSTR,
|
|
|
|
MAC2STR(mld_addr), MAC2STR(mgmt->sa));
|
|
|
|
|
|
|
|
return hostapd_ml_get_assoc_sta(hapd, sta, assoc_hapd);
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
|
|
|
|
|
|
|
|
2009-11-29 21:14:57 +01:00
|
|
|
static void handle_assoc(struct hostapd_data *hapd,
|
2009-12-13 22:25:30 +01:00
|
|
|
const struct ieee80211_mgmt *mgmt, size_t len,
|
2017-08-21 18:43:53 +02:00
|
|
|
int reassoc, int rssi)
|
2009-11-29 21:14:57 +01:00
|
|
|
{
|
2014-11-05 09:50:34 +01:00
|
|
|
u16 capab_info, listen_interval, seq_ctrl, fc;
|
2020-04-14 12:46:00 +02:00
|
|
|
int resp = WLAN_STATUS_SUCCESS;
|
2020-07-20 18:52:01 +02:00
|
|
|
u16 reply_res = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
2009-12-13 22:25:30 +01:00
|
|
|
const u8 *pos;
|
2009-11-29 21:14:57 +01:00
|
|
|
int left, i;
|
|
|
|
struct sta_info *sta;
|
2015-09-09 00:27:22 +02:00
|
|
|
u8 *tmp = NULL;
|
2017-01-31 13:38:44 +01:00
|
|
|
#ifdef CONFIG_FILS
|
|
|
|
int delay_assoc = 0;
|
|
|
|
#endif /* CONFIG_FILS */
|
2020-03-20 20:56:44 +01:00
|
|
|
int omit_rsnxe = 0;
|
2023-11-03 09:14:24 +01:00
|
|
|
bool set_beacon = false;
|
2023-11-21 00:51:42 +01:00
|
|
|
bool mld_addrs_not_translated = false;
|
2009-11-29 21:14:57 +01:00
|
|
|
|
|
|
|
if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) :
|
|
|
|
sizeof(mgmt->u.assoc_req))) {
|
2013-11-02 11:51:30 +01:00
|
|
|
wpa_printf(MSG_INFO, "handle_assoc(reassoc=%d) - too short payload (len=%lu)",
|
|
|
|
reassoc, (unsigned long) len);
|
2009-11-29 21:14:57 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2013-04-23 16:51:28 +02:00
|
|
|
#ifdef CONFIG_TESTING_OPTIONS
|
|
|
|
if (reassoc) {
|
2014-04-26 10:09:29 +02:00
|
|
|
if (hapd->iconf->ignore_reassoc_probability > 0.0 &&
|
2013-04-23 16:51:28 +02:00
|
|
|
drand48() < hapd->iconf->ignore_reassoc_probability) {
|
|
|
|
wpa_printf(MSG_INFO,
|
|
|
|
"TESTING: ignoring reassoc request from "
|
|
|
|
MACSTR, MAC2STR(mgmt->sa));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
} else {
|
2014-04-26 10:09:29 +02:00
|
|
|
if (hapd->iconf->ignore_assoc_probability > 0.0 &&
|
2013-04-23 16:51:28 +02:00
|
|
|
drand48() < hapd->iconf->ignore_assoc_probability) {
|
|
|
|
wpa_printf(MSG_INFO,
|
|
|
|
"TESTING: ignoring assoc request from "
|
|
|
|
MACSTR, MAC2STR(mgmt->sa));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_TESTING_OPTIONS */
|
|
|
|
|
2014-11-05 09:50:34 +01:00
|
|
|
fc = le_to_host16(mgmt->frame_control);
|
|
|
|
seq_ctrl = le_to_host16(mgmt->seq_ctrl);
|
|
|
|
|
2009-11-29 21:14:57 +01:00
|
|
|
if (reassoc) {
|
|
|
|
capab_info = le_to_host16(mgmt->u.reassoc_req.capab_info);
|
|
|
|
listen_interval = le_to_host16(
|
|
|
|
mgmt->u.reassoc_req.listen_interval);
|
|
|
|
wpa_printf(MSG_DEBUG, "reassociation request: STA=" MACSTR
|
|
|
|
" capab_info=0x%02x listen_interval=%d current_ap="
|
2014-11-05 09:50:34 +01:00
|
|
|
MACSTR " seq_ctrl=0x%x%s",
|
2009-11-29 21:14:57 +01:00
|
|
|
MAC2STR(mgmt->sa), capab_info, listen_interval,
|
2014-11-05 09:50:34 +01:00
|
|
|
MAC2STR(mgmt->u.reassoc_req.current_ap),
|
|
|
|
seq_ctrl, (fc & WLAN_FC_RETRY) ? " retry" : "");
|
2009-11-29 21:14:57 +01:00
|
|
|
left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.reassoc_req));
|
|
|
|
pos = mgmt->u.reassoc_req.variable;
|
|
|
|
} else {
|
|
|
|
capab_info = le_to_host16(mgmt->u.assoc_req.capab_info);
|
|
|
|
listen_interval = le_to_host16(
|
|
|
|
mgmt->u.assoc_req.listen_interval);
|
|
|
|
wpa_printf(MSG_DEBUG, "association request: STA=" MACSTR
|
2014-11-05 09:50:34 +01:00
|
|
|
" capab_info=0x%02x listen_interval=%d "
|
|
|
|
"seq_ctrl=0x%x%s",
|
|
|
|
MAC2STR(mgmt->sa), capab_info, listen_interval,
|
|
|
|
seq_ctrl, (fc & WLAN_FC_RETRY) ? " retry" : "");
|
2009-11-29 21:14:57 +01:00
|
|
|
left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.assoc_req));
|
|
|
|
pos = mgmt->u.assoc_req.variable;
|
|
|
|
}
|
|
|
|
|
|
|
|
sta = ap_get_sta(hapd, mgmt->sa);
|
2023-11-21 00:51:42 +01:00
|
|
|
|
|
|
|
#ifdef CONFIG_IEEE80211BE
|
|
|
|
/*
|
|
|
|
* It is possible that the association frame is from an associated
|
|
|
|
* non-AP MLD station, that tries to re-associate using different link
|
|
|
|
* addresses. In such a case, try to find the station based on the AP
|
|
|
|
* MLD MAC address.
|
|
|
|
*/
|
|
|
|
if (!sta) {
|
|
|
|
struct hostapd_data *assoc_hapd;
|
|
|
|
|
|
|
|
sta = handle_mlo_translate(hapd, mgmt, len, reassoc,
|
|
|
|
&assoc_hapd);
|
|
|
|
if (sta) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"MLD: Switching to assoc hapd/station");
|
|
|
|
hapd = assoc_hapd;
|
|
|
|
mld_addrs_not_translated = true;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
|
|
|
|
2016-10-27 14:18:32 +02:00
|
|
|
#ifdef CONFIG_IEEE80211R_AP
|
2009-11-29 21:14:57 +01:00
|
|
|
if (sta && sta->auth_alg == WLAN_AUTH_FT &&
|
|
|
|
(sta->flags & WLAN_STA_AUTH) == 0) {
|
|
|
|
wpa_printf(MSG_DEBUG, "FT: Allow STA " MACSTR " to associate "
|
|
|
|
"prior to authentication since it is using "
|
|
|
|
"over-the-DS FT", MAC2STR(mgmt->sa));
|
2016-02-16 10:54:32 +01:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Mark station as authenticated, to avoid adding station
|
|
|
|
* entry in the driver as associated and not authenticated
|
|
|
|
*/
|
|
|
|
sta->flags |= WLAN_STA_AUTH;
|
2009-11-29 21:14:57 +01:00
|
|
|
} else
|
2016-10-27 14:18:32 +02:00
|
|
|
#endif /* CONFIG_IEEE80211R_AP */
|
2009-11-29 21:14:57 +01:00
|
|
|
if (sta == NULL || (sta->flags & WLAN_STA_AUTH) == 0) {
|
2016-12-26 20:00:51 +01:00
|
|
|
if (hapd->iface->current_mode &&
|
|
|
|
hapd->iface->current_mode->mode ==
|
|
|
|
HOSTAPD_MODE_IEEE80211AD) {
|
2017-01-17 13:51:02 +01:00
|
|
|
int acl_res;
|
2019-04-28 13:14:57 +02:00
|
|
|
struct radius_sta info;
|
2017-01-17 13:51:02 +01:00
|
|
|
|
2019-04-28 13:14:57 +02:00
|
|
|
acl_res = ieee802_11_allowed_address(hapd, mgmt->sa,
|
|
|
|
(const u8 *) mgmt,
|
2019-12-29 22:24:10 +01:00
|
|
|
len, &info);
|
2017-01-17 13:51:02 +01:00
|
|
|
if (acl_res == HOSTAPD_ACL_REJECT) {
|
2018-02-14 14:43:56 +01:00
|
|
|
wpa_msg(hapd->msg_ctx, MSG_DEBUG,
|
|
|
|
"Ignore Association Request frame from "
|
|
|
|
MACSTR " due to ACL reject",
|
|
|
|
MAC2STR(mgmt->sa));
|
2017-01-17 13:51:02 +01:00
|
|
|
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
if (acl_res == HOSTAPD_ACL_PENDING)
|
|
|
|
return;
|
|
|
|
|
2016-12-26 20:00:51 +01:00
|
|
|
/* DMG/IEEE 802.11ad does not use authentication.
|
|
|
|
* Allocate sta entry upon association. */
|
|
|
|
sta = ap_sta_add(hapd, mgmt->sa);
|
|
|
|
if (!sta) {
|
|
|
|
hostapd_logger(hapd, mgmt->sa,
|
|
|
|
HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_INFO,
|
|
|
|
"Failed to add STA");
|
|
|
|
resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
2017-01-17 13:51:02 +01:00
|
|
|
acl_res = ieee802_11_set_radius_info(
|
2019-04-28 13:14:57 +02:00
|
|
|
hapd, sta, acl_res, &info);
|
2017-01-17 13:51:02 +01:00
|
|
|
if (acl_res) {
|
|
|
|
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
2016-12-26 20:00:51 +01:00
|
|
|
hostapd_logger(hapd, sta->addr,
|
|
|
|
HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
|
|
|
"Skip authentication for DMG/IEEE 802.11ad");
|
|
|
|
sta->flags |= WLAN_STA_AUTH;
|
|
|
|
wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH);
|
|
|
|
sta->auth_alg = WLAN_AUTH_OPEN;
|
|
|
|
} else {
|
|
|
|
hostapd_logger(hapd, mgmt->sa,
|
|
|
|
HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_INFO,
|
|
|
|
"Station tried to associate before authentication (aid=%d flags=0x%x)",
|
|
|
|
sta ? sta->aid : -1,
|
|
|
|
sta ? sta->flags : 0);
|
|
|
|
send_deauth(hapd, mgmt->sa,
|
|
|
|
WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA);
|
|
|
|
return;
|
|
|
|
}
|
2009-11-29 21:14:57 +01:00
|
|
|
}
|
|
|
|
|
2014-11-05 09:50:34 +01:00
|
|
|
if ((fc & WLAN_FC_RETRY) &&
|
|
|
|
sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ &&
|
|
|
|
sta->last_seq_ctrl == seq_ctrl &&
|
2017-01-14 00:04:31 +01:00
|
|
|
sta->last_subtype == (reassoc ? WLAN_FC_STYPE_REASSOC_REQ :
|
|
|
|
WLAN_FC_STYPE_ASSOC_REQ)) {
|
2014-11-05 09:50:34 +01:00
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
|
|
|
"Drop repeated association frame seq_ctrl=0x%x",
|
|
|
|
seq_ctrl);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
sta->last_seq_ctrl = seq_ctrl;
|
|
|
|
sta->last_subtype = reassoc ? WLAN_FC_STYPE_REASSOC_REQ :
|
|
|
|
WLAN_FC_STYPE_ASSOC_REQ;
|
|
|
|
|
2009-11-29 21:14:57 +01:00
|
|
|
if (hapd->tkip_countermeasures) {
|
2017-11-03 09:49:45 +01:00
|
|
|
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
2009-11-29 21:14:57 +01:00
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (listen_interval > hapd->conf->max_listen_interval) {
|
|
|
|
hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
|
|
|
"Too large Listen Interval (%d)",
|
|
|
|
listen_interval);
|
|
|
|
resp = WLAN_STATUS_ASSOC_DENIED_LISTEN_INT_TOO_LARGE;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
2016-02-15 15:53:52 +01:00
|
|
|
#ifdef CONFIG_MBO
|
|
|
|
if (hapd->conf->mbo_enabled && hapd->mbo_assoc_disallow) {
|
|
|
|
resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
|
|
|
|
goto fail;
|
|
|
|
}
|
2017-08-21 18:43:53 +02:00
|
|
|
|
|
|
|
if (hapd->iconf->rssi_reject_assoc_rssi && rssi &&
|
2019-01-01 17:17:02 +01:00
|
|
|
rssi < hapd->iconf->rssi_reject_assoc_rssi &&
|
|
|
|
(sta->auth_rssi == 0 ||
|
|
|
|
sta->auth_rssi < hapd->iconf->rssi_reject_assoc_rssi)) {
|
2017-08-21 18:43:53 +02:00
|
|
|
resp = WLAN_STATUS_DENIED_POOR_CHANNEL_CONDITIONS;
|
|
|
|
goto fail;
|
|
|
|
}
|
2016-02-15 15:53:52 +01:00
|
|
|
#endif /* CONFIG_MBO */
|
|
|
|
|
2023-10-28 10:31:42 +02:00
|
|
|
if (hapd->conf->wpa && check_sa_query(hapd, sta, reassoc)) {
|
|
|
|
resp = WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
2016-04-06 18:42:10 +02:00
|
|
|
/*
|
|
|
|
* sta->capability is used in check_assoc_ies() for RRM enabled
|
|
|
|
* capability element.
|
|
|
|
*/
|
|
|
|
sta->capability = capab_info;
|
|
|
|
|
2015-09-09 00:27:22 +02:00
|
|
|
#ifdef CONFIG_FILS
|
|
|
|
if (sta->auth_alg == WLAN_AUTH_FILS_SK ||
|
|
|
|
sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
|
|
|
|
sta->auth_alg == WLAN_AUTH_FILS_PK) {
|
2017-11-24 11:21:18 +01:00
|
|
|
int res;
|
|
|
|
|
2015-09-09 00:27:22 +02:00
|
|
|
/* The end of the payload is encrypted. Need to decrypt it
|
|
|
|
* before parsing. */
|
|
|
|
|
2017-03-07 10:17:23 +01:00
|
|
|
tmp = os_memdup(pos, left);
|
2015-09-09 00:27:22 +02:00
|
|
|
if (!tmp) {
|
|
|
|
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
2017-11-24 11:21:18 +01:00
|
|
|
res = fils_decrypt_assoc(sta->wpa_sm, sta->fils_session, mgmt,
|
|
|
|
len, tmp, left);
|
|
|
|
if (res < 0) {
|
2015-09-09 00:27:22 +02:00
|
|
|
resp = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
pos = tmp;
|
2017-11-24 11:21:18 +01:00
|
|
|
left = res;
|
2015-09-09 00:27:22 +02:00
|
|
|
}
|
|
|
|
#endif /* CONFIG_FILS */
|
|
|
|
|
2009-11-29 21:14:57 +01:00
|
|
|
/* followed by SSID and Supported rates; and HT capabilities if 802.11n
|
|
|
|
* is used */
|
|
|
|
resp = check_assoc_ies(hapd, sta, pos, left, reassoc);
|
|
|
|
if (resp != WLAN_STATUS_SUCCESS)
|
|
|
|
goto fail;
|
2020-03-20 20:56:44 +01:00
|
|
|
omit_rsnxe = !get_ie(pos, left, WLAN_EID_RSNX);
|
2009-11-29 21:14:57 +01:00
|
|
|
|
|
|
|
if (hostapd_get_aid(hapd, sta) < 0) {
|
|
|
|
hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_INFO, "No room for more AIDs");
|
|
|
|
resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
sta->listen_interval = listen_interval;
|
|
|
|
|
2017-10-30 22:17:05 +01:00
|
|
|
if (hapd->iface->current_mode &&
|
|
|
|
hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G)
|
2008-02-28 02:34:43 +01:00
|
|
|
sta->flags |= WLAN_STA_NONERP;
|
|
|
|
for (i = 0; i < sta->supported_rates_len; i++) {
|
|
|
|
if ((sta->supported_rates[i] & 0x7f) > 22) {
|
|
|
|
sta->flags &= ~WLAN_STA_NONERP;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (sta->flags & WLAN_STA_NONERP && !sta->nonerp_set) {
|
|
|
|
sta->nonerp_set = 1;
|
|
|
|
hapd->iface->num_sta_non_erp++;
|
|
|
|
if (hapd->iface->num_sta_non_erp == 1)
|
2023-11-03 09:14:24 +01:00
|
|
|
set_beacon = true;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
if (!(sta->capability & WLAN_CAPABILITY_SHORT_SLOT_TIME) &&
|
|
|
|
!sta->no_short_slot_time_set) {
|
|
|
|
sta->no_short_slot_time_set = 1;
|
|
|
|
hapd->iface->num_sta_no_short_slot_time++;
|
2017-10-30 22:17:05 +01:00
|
|
|
if (hapd->iface->current_mode &&
|
|
|
|
hapd->iface->current_mode->mode ==
|
2008-02-28 02:34:43 +01:00
|
|
|
HOSTAPD_MODE_IEEE80211G &&
|
|
|
|
hapd->iface->num_sta_no_short_slot_time == 1)
|
2023-11-03 09:14:24 +01:00
|
|
|
set_beacon = true;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
if (sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE)
|
|
|
|
sta->flags |= WLAN_STA_SHORT_PREAMBLE;
|
|
|
|
else
|
|
|
|
sta->flags &= ~WLAN_STA_SHORT_PREAMBLE;
|
|
|
|
|
|
|
|
if (!(sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE) &&
|
|
|
|
!sta->no_short_preamble_set) {
|
|
|
|
sta->no_short_preamble_set = 1;
|
|
|
|
hapd->iface->num_sta_no_short_preamble++;
|
2017-10-30 22:17:05 +01:00
|
|
|
if (hapd->iface->current_mode &&
|
|
|
|
hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G
|
2008-02-28 02:34:43 +01:00
|
|
|
&& hapd->iface->num_sta_no_short_preamble == 1)
|
2023-11-03 09:14:24 +01:00
|
|
|
set_beacon = true;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
2023-11-03 09:14:24 +01:00
|
|
|
if (update_ht_state(hapd, sta) > 0)
|
|
|
|
set_beacon = true;
|
2008-08-21 17:18:38 +02:00
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
|
|
|
"association OK (aid %d)", sta->aid);
|
|
|
|
/* Station will be marked associated, after it acknowledges AssocResp
|
|
|
|
*/
|
2011-04-15 18:26:28 +02:00
|
|
|
sta->flags |= WLAN_STA_ASSOC_REQ_OK;
|
2008-02-28 02:34:43 +01:00
|
|
|
|
2008-12-26 14:56:30 +01:00
|
|
|
if ((sta->flags & WLAN_STA_MFP) && sta->sa_query_timed_out) {
|
|
|
|
wpa_printf(MSG_DEBUG, "Allowing %sassociation after timed out "
|
|
|
|
"SA Query procedure", reassoc ? "re" : "");
|
|
|
|
/* TODO: Send a protected Disassociate frame to the STA using
|
|
|
|
* the old key and Reason Code "Previous Authentication no
|
|
|
|
* longer valid". Make sure this is only sent protected since
|
|
|
|
* unprotected frame would be received by the STA that is now
|
|
|
|
* trying to associate.
|
|
|
|
*/
|
|
|
|
}
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
/* Make sure that the previously registered inactivity timer will not
|
|
|
|
* remove the STA immediately. */
|
|
|
|
sta->timeout_next = STA_NULLFUNC;
|
|
|
|
|
Passive Client Taxonomy
Implement the signature mechanism described in the paper
"Passive Taxonomy of Wifi Clients using MLME Frame Contents"
published by Denton Gentry and Avery Pennarun.
http://research.google.com/pubs/pub45429.html
https://arxiv.org/abs/1608.01725
This involves:
1. Add a CONFIG_TAXONOMY compile option. Enabling taxonomy incurs
a memory overhead of up to several kilobytes per associated
station.
2. If enabled, store the Probe Request and (Re)Associate Request frame in
struct sta_info.
3. Implement code to extract the ID of each Information Element,
plus selected fields and bitmasks from certain IEs, into a
descriptive text string. This is done in a new source file,
src/ap/taxonomy.c.
4. Implement a "signature qq:rr:ss:tt:uu:vv" command
in hostapd_cli to retrieve the signature.
Signatures take the form of a text string. For example, a signature
for the Nexus 5X is:
wifi4|probe:0,1,127,45,191,htcap:01ef,htagg:03,htmcs:0000ffff,vhtcap:338061b2,
vhtrxmcs:030cfffa,vhttxmcs:030cfffa,extcap:00000a0201000040|assoc:0,1,48,45,
221(0050f2,2),191,127,htcap:01ef,htagg:03,htmcs:0000ffff,vhtcap:339071b2,
vhtrxmcs:030cfffa,vhttxmcs:030cfffa,extcap:0000000000000040
Signed-off-by: dgentry@google.com (Denton Gentry)
Signed-off-by: denny@geekhold.com (Denton Gentry)
Signed-off-by: rofrankel@google.com (Richard Frankel)
Signed-off-by: richard@frankel.tv (Richard Frankel)
2016-08-15 06:42:48 +02:00
|
|
|
#ifdef CONFIG_TAXONOMY
|
|
|
|
taxonomy_sta_info_assoc_req(hapd, sta, pos, left);
|
|
|
|
#endif /* CONFIG_TAXONOMY */
|
|
|
|
|
2016-12-20 00:30:09 +01:00
|
|
|
sta->pending_wds_enable = 0;
|
|
|
|
|
2017-01-29 13:09:51 +01:00
|
|
|
#ifdef CONFIG_FILS
|
|
|
|
if (sta->auth_alg == WLAN_AUTH_FILS_SK ||
|
|
|
|
sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
|
2017-01-31 13:38:44 +01:00
|
|
|
sta->auth_alg == WLAN_AUTH_FILS_PK) {
|
|
|
|
if (fils_process_hlp(hapd, sta, pos, left) > 0)
|
|
|
|
delay_assoc = 1;
|
|
|
|
}
|
2017-01-29 13:09:51 +01:00
|
|
|
#endif /* CONFIG_FILS */
|
|
|
|
|
2023-11-03 09:14:24 +01:00
|
|
|
if (set_beacon)
|
|
|
|
ieee802_11_set_beacons(hapd->iface);
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
fail:
|
2017-01-17 13:51:02 +01:00
|
|
|
|
2016-02-16 10:54:33 +01:00
|
|
|
/*
|
|
|
|
* In case of a successful response, add the station to the driver.
|
|
|
|
* Otherwise, the kernel may ignore Data frames before we process the
|
|
|
|
* ACK frame (TX status). In case of a failure, this station will be
|
|
|
|
* removed.
|
|
|
|
*
|
|
|
|
* Note that this is not compliant with the IEEE 802.11 standard that
|
|
|
|
* states that a non-AP station should transition into the
|
|
|
|
* authenticated/associated state only after the station acknowledges
|
|
|
|
* the (Re)Association Response frame. However, still do this as:
|
|
|
|
*
|
|
|
|
* 1. In case the station does not acknowledge the (Re)Association
|
|
|
|
* Response frame, it will be removed.
|
|
|
|
* 2. Data frames will be dropped in the kernel until the station is
|
|
|
|
* set into authorized state, and there are no significant known
|
|
|
|
* issues with processing other non-Data Class 3 frames during this
|
|
|
|
* window.
|
|
|
|
*/
|
2023-12-16 23:12:59 +01:00
|
|
|
if (sta)
|
|
|
|
hostapd_process_assoc_ml_info(hapd, sta, pos, left, reassoc,
|
|
|
|
resp);
|
2023-05-22 21:33:45 +02:00
|
|
|
|
2019-01-04 21:58:56 +01:00
|
|
|
if (resp == WLAN_STATUS_SUCCESS && sta &&
|
|
|
|
add_associated_sta(hapd, sta, reassoc))
|
2016-02-16 10:54:33 +01:00
|
|
|
resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA;
|
|
|
|
|
2017-01-31 13:38:44 +01:00
|
|
|
#ifdef CONFIG_FILS
|
2018-12-07 15:03:40 +01:00
|
|
|
if (sta && delay_assoc && resp == WLAN_STATUS_SUCCESS &&
|
|
|
|
eloop_is_timeout_registered(fils_hlp_timeout, hapd, sta) &&
|
|
|
|
sta->fils_pending_assoc_req) {
|
|
|
|
/* Do not reschedule fils_hlp_timeout in case the station
|
|
|
|
* retransmits (Re)Association Request frame while waiting for
|
|
|
|
* the previously started FILS HLP wait, so that the timeout can
|
|
|
|
* be determined from the first pending attempt. */
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"FILS: Continue waiting for HLP processing before sending (Re)Association Response frame to "
|
|
|
|
MACSTR, MAC2STR(sta->addr));
|
|
|
|
os_free(tmp);
|
|
|
|
return;
|
|
|
|
}
|
2017-01-31 13:38:44 +01:00
|
|
|
if (sta) {
|
|
|
|
eloop_cancel_timeout(fils_hlp_timeout, hapd, sta);
|
|
|
|
os_free(sta->fils_pending_assoc_req);
|
|
|
|
sta->fils_pending_assoc_req = NULL;
|
|
|
|
sta->fils_pending_assoc_req_len = 0;
|
|
|
|
wpabuf_free(sta->fils_hlp_resp);
|
|
|
|
sta->fils_hlp_resp = NULL;
|
|
|
|
}
|
|
|
|
if (sta && delay_assoc && resp == WLAN_STATUS_SUCCESS) {
|
|
|
|
sta->fils_pending_assoc_req = tmp;
|
|
|
|
sta->fils_pending_assoc_req_len = left;
|
|
|
|
sta->fils_pending_assoc_is_reassoc = reassoc;
|
2017-07-06 12:57:54 +02:00
|
|
|
sta->fils_drv_assoc_finish = 0;
|
2017-01-31 13:38:44 +01:00
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"FILS: Waiting for HLP processing before sending (Re)Association Response frame to "
|
|
|
|
MACSTR, MAC2STR(sta->addr));
|
|
|
|
eloop_cancel_timeout(fils_hlp_timeout, hapd, sta);
|
|
|
|
eloop_register_timeout(0, hapd->conf->fils_hlp_wait_time * 1024,
|
|
|
|
fils_hlp_timeout, hapd, sta);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_FILS */
|
|
|
|
|
2020-04-14 12:46:00 +02:00
|
|
|
if (resp >= 0)
|
2023-11-21 00:51:42 +01:00
|
|
|
reply_res = send_assoc_resp(hapd,
|
|
|
|
mld_addrs_not_translated ?
|
|
|
|
NULL : sta,
|
|
|
|
mgmt->sa, resp, reassoc,
|
|
|
|
pos, left, rssi, omit_rsnxe,
|
|
|
|
!mld_addrs_not_translated);
|
2015-09-09 00:27:22 +02:00
|
|
|
os_free(tmp);
|
2016-02-16 10:54:33 +01:00
|
|
|
|
|
|
|
/*
|
2020-09-22 22:31:20 +02:00
|
|
|
* Remove the station in case transmission of a success response fails
|
2016-02-16 10:54:33 +01:00
|
|
|
* (the STA was added associated to the driver) or if the station was
|
|
|
|
* previously added unassociated.
|
|
|
|
*/
|
2016-12-26 20:00:51 +01:00
|
|
|
if (sta && ((reply_res != WLAN_STATUS_SUCCESS &&
|
|
|
|
resp == WLAN_STATUS_SUCCESS) || sta->added_unassoc)) {
|
2016-02-16 10:54:32 +01:00
|
|
|
hostapd_drv_sta_remove(hapd, sta->addr);
|
|
|
|
sta->added_unassoc = 0;
|
|
|
|
}
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2023-05-22 21:33:48 +02:00
|
|
|
static void hostapd_deauth_sta(struct hostapd_data *hapd,
|
|
|
|
struct sta_info *sta,
|
|
|
|
const struct ieee80211_mgmt *mgmt)
|
2008-02-28 02:34:43 +01:00
|
|
|
{
|
2023-05-22 21:33:48 +02:00
|
|
|
wpa_msg(hapd->msg_ctx, MSG_DEBUG,
|
|
|
|
"deauthentication: STA=" MACSTR " reason_code=%d",
|
2023-05-22 21:33:48 +02:00
|
|
|
MAC2STR(mgmt->sa), le_to_host16(mgmt->u.deauth.reason_code));
|
|
|
|
|
|
|
|
ap_sta_set_authorized(hapd, sta, 0);
|
|
|
|
sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
|
|
|
|
sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC |
|
|
|
|
WLAN_STA_ASSOC_REQ_OK);
|
|
|
|
hostapd_set_sta_flags(hapd, sta);
|
|
|
|
wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH);
|
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG, "deauthenticated");
|
|
|
|
mlme_deauthenticate_indication(
|
|
|
|
hapd, sta, le_to_host16(mgmt->u.deauth.reason_code));
|
|
|
|
sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST;
|
|
|
|
ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
|
|
|
|
ap_free_sta(hapd, sta);
|
|
|
|
}
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
|
2023-05-22 21:33:48 +02:00
|
|
|
static void hostapd_disassoc_sta(struct hostapd_data *hapd,
|
|
|
|
struct sta_info *sta,
|
|
|
|
const struct ieee80211_mgmt *mgmt)
|
|
|
|
{
|
2023-05-22 21:33:48 +02:00
|
|
|
wpa_msg(hapd->msg_ctx, MSG_DEBUG,
|
|
|
|
"disassocation: STA=" MACSTR " reason_code=%d",
|
|
|
|
MAC2STR(mgmt->sa), le_to_host16(mgmt->u.disassoc.reason_code));
|
2008-02-28 02:34:43 +01:00
|
|
|
|
2011-11-03 21:17:41 +01:00
|
|
|
ap_sta_set_authorized(hapd, sta, 0);
|
2014-11-05 09:50:34 +01:00
|
|
|
sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ;
|
2011-04-15 18:26:28 +02:00
|
|
|
sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK);
|
2020-03-18 11:41:46 +01:00
|
|
|
hostapd_set_sta_flags(hapd, sta);
|
2008-02-28 02:34:43 +01:00
|
|
|
wpa_auth_sm_event(sta->wpa_sm, WPA_DISASSOC);
|
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_INFO, "disassociated");
|
|
|
|
sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST;
|
|
|
|
ieee802_1x_notify_port_enabled(sta->eapol_sm, 0);
|
|
|
|
/* Stop Accounting and IEEE 802.1X sessions, but leave the STA
|
|
|
|
* authenticated. */
|
|
|
|
accounting_sta_stop(hapd, sta);
|
2015-12-31 20:46:08 +01:00
|
|
|
ieee802_1x_free_station(hapd, sta);
|
AP: Add support for Proxy ARP, DHCP snooping mechanism
Proxy ARP allows the AP devices to keep track of the hardware address to
IP address mapping of the STA devices within the BSS. When a request for
such information is made (i.e., ARP request, Neighbor Solicitation), the
AP will respond on behalf of the STA device within the BSS. Such
requests could originate from a device within the BSS or also from the
bridge. In the process of the AP replying to the request (i.e., ARP
reply, Neighbor Advertisement), the AP will drop the original request
frame. The relevant STA will not even know that such information was
ever requested.
This feature is a requirement for Hotspot 2.0, and is defined in IEEE
Std 802.11-2012, 10.23.13. While the Proxy ARP support code mainly
resides in the kernel bridge code, in order to optimize the performance
and simplify kernel implementation, the DHCP snooping code was added to
the hostapd.
Signed-off-by: Kyeyoon Park <kyeyoonp@qca.qualcomm.com>
2014-09-26 07:32:55 +02:00
|
|
|
if (sta->ipaddr)
|
2014-11-06 01:15:46 +01:00
|
|
|
hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr);
|
2014-11-01 07:33:41 +01:00
|
|
|
ap_sta_ip6addr_del(hapd, sta);
|
2010-11-24 14:36:02 +01:00
|
|
|
hostapd_drv_sta_remove(hapd, sta->addr);
|
2016-02-16 10:54:32 +01:00
|
|
|
sta->added_unassoc = 0;
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
if (sta->timeout_next == STA_NULLFUNC ||
|
|
|
|
sta->timeout_next == STA_DISASSOC) {
|
|
|
|
sta->timeout_next = STA_DEAUTH;
|
|
|
|
eloop_cancel_timeout(ap_handle_timer, hapd, sta);
|
|
|
|
eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer,
|
|
|
|
hapd, sta);
|
|
|
|
}
|
|
|
|
|
|
|
|
mlme_disassociate_indication(
|
|
|
|
hapd, sta, le_to_host16(mgmt->u.disassoc.reason_code));
|
2016-12-26 20:00:51 +01:00
|
|
|
|
|
|
|
/* DMG/IEEE 802.11ad does not use deauthication. Deallocate sta upon
|
|
|
|
* disassociation. */
|
|
|
|
if (hapd->iface->current_mode &&
|
|
|
|
hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) {
|
|
|
|
sta->flags &= ~WLAN_STA_AUTH;
|
|
|
|
wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH);
|
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG, "deauthenticated");
|
|
|
|
ap_free_sta(hapd, sta);
|
|
|
|
}
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2023-05-22 21:33:48 +02:00
|
|
|
static bool hostapd_ml_handle_disconnect(struct hostapd_data *hapd,
|
|
|
|
struct sta_info *sta,
|
|
|
|
const struct ieee80211_mgmt *mgmt,
|
|
|
|
bool disassoc)
|
|
|
|
{
|
|
|
|
#ifdef CONFIG_IEEE80211BE
|
|
|
|
struct hostapd_data *assoc_hapd, *tmp_hapd;
|
|
|
|
struct sta_info *assoc_sta;
|
|
|
|
unsigned int i, link_id;
|
|
|
|
|
|
|
|
if (!hostapd_is_mld_ap(hapd))
|
|
|
|
return false;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Get the station on which the association was performed, as it holds
|
|
|
|
* the information about all the other links.
|
|
|
|
*/
|
|
|
|
assoc_sta = hostapd_ml_get_assoc_sta(hapd, sta, &assoc_hapd);
|
2023-12-25 18:42:59 +01:00
|
|
|
if (!assoc_sta)
|
|
|
|
return false;
|
2023-05-22 21:33:48 +02:00
|
|
|
|
|
|
|
for (link_id = 0; link_id < MAX_NUM_MLD_LINKS; link_id++) {
|
|
|
|
for (i = 0; i < assoc_hapd->iface->interfaces->count; i++) {
|
|
|
|
struct sta_info *tmp_sta;
|
|
|
|
|
|
|
|
if (!assoc_sta->mld_info.links[link_id].valid)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
tmp_hapd =
|
|
|
|
assoc_hapd->iface->interfaces->iface[i]->bss[0];
|
|
|
|
|
|
|
|
if (!tmp_hapd->conf->mld_ap ||
|
|
|
|
assoc_hapd->conf->mld_id != tmp_hapd->conf->mld_id)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
for (tmp_sta = tmp_hapd->sta_list; tmp_sta;
|
|
|
|
tmp_sta = tmp_sta->next) {
|
|
|
|
/*
|
|
|
|
* Remove the station on which the association
|
|
|
|
* was done only after all other link stations
|
|
|
|
* are removed. Since there is only a single
|
|
|
|
* station per struct hostapd_hapd with the
|
|
|
|
* same association link simply break out from
|
|
|
|
* the loop.
|
|
|
|
*/
|
|
|
|
if (tmp_sta == assoc_sta)
|
|
|
|
break;
|
|
|
|
|
|
|
|
if (tmp_sta->mld_assoc_link_id !=
|
|
|
|
assoc_sta->mld_assoc_link_id ||
|
|
|
|
tmp_sta->aid != assoc_sta->aid)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
if (!disassoc)
|
|
|
|
hostapd_deauth_sta(tmp_hapd, tmp_sta,
|
|
|
|
mgmt);
|
|
|
|
else
|
|
|
|
hostapd_disassoc_sta(tmp_hapd, tmp_sta,
|
|
|
|
mgmt);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Remove the station on which the association was performed. */
|
|
|
|
if (!disassoc)
|
|
|
|
hostapd_deauth_sta(assoc_hapd, assoc_sta, mgmt);
|
|
|
|
else
|
|
|
|
hostapd_disassoc_sta(assoc_hapd, assoc_sta, mgmt);
|
|
|
|
|
|
|
|
return true;
|
|
|
|
#else /* CONFIG_IEEE80211BE */
|
|
|
|
return false;
|
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2023-05-22 21:33:48 +02:00
|
|
|
static void handle_disassoc(struct hostapd_data *hapd,
|
|
|
|
const struct ieee80211_mgmt *mgmt, size_t len)
|
|
|
|
{
|
|
|
|
struct sta_info *sta;
|
|
|
|
|
|
|
|
if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.disassoc)) {
|
2023-05-22 21:33:48 +02:00
|
|
|
wpa_msg(hapd->msg_ctx, MSG_DEBUG,
|
2023-05-22 21:33:48 +02:00
|
|
|
"handle_disassoc - too short payload (len=%lu)",
|
|
|
|
(unsigned long) len);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
sta = ap_get_sta(hapd, mgmt->sa);
|
2023-05-22 21:33:48 +02:00
|
|
|
if (!sta) {
|
|
|
|
wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR
|
|
|
|
" trying to disassociate, but it is not associated",
|
|
|
|
MAC2STR(mgmt->sa));
|
2023-05-22 21:33:48 +02:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2023-05-22 21:33:48 +02:00
|
|
|
if (hostapd_ml_handle_disconnect(hapd, sta, mgmt, true))
|
|
|
|
return;
|
|
|
|
|
2023-05-22 21:33:48 +02:00
|
|
|
hostapd_disassoc_sta(hapd, sta, mgmt);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
static void handle_deauth(struct hostapd_data *hapd,
|
2009-12-13 22:05:39 +01:00
|
|
|
const struct ieee80211_mgmt *mgmt, size_t len)
|
2008-02-28 02:34:43 +01:00
|
|
|
{
|
|
|
|
struct sta_info *sta;
|
|
|
|
|
|
|
|
if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.deauth)) {
|
2023-05-22 21:33:48 +02:00
|
|
|
wpa_msg(hapd->msg_ctx, MSG_DEBUG,
|
|
|
|
"handle_deauth - too short payload (len=%lu)",
|
|
|
|
(unsigned long) len);
|
2008-02-28 02:34:43 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2021-03-15 13:57:10 +01:00
|
|
|
/* Clear the PTKSA cache entries for PASN */
|
|
|
|
ptksa_cache_flush(hapd->ptksa, mgmt->sa, WPA_CIPHER_NONE);
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
sta = ap_get_sta(hapd, mgmt->sa);
|
2023-05-22 21:33:48 +02:00
|
|
|
if (!sta) {
|
|
|
|
wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR
|
|
|
|
" trying to deauthenticate, but it is not authenticated",
|
2011-02-24 16:44:45 +01:00
|
|
|
MAC2STR(mgmt->sa));
|
2008-02-28 02:34:43 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2023-05-22 21:33:48 +02:00
|
|
|
if (hostapd_ml_handle_disconnect(hapd, sta, mgmt, false))
|
|
|
|
return;
|
|
|
|
|
2023-05-22 21:33:48 +02:00
|
|
|
hostapd_deauth_sta(hapd, sta, mgmt);
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void handle_beacon(struct hostapd_data *hapd,
|
2009-12-13 22:25:30 +01:00
|
|
|
const struct ieee80211_mgmt *mgmt, size_t len,
|
2008-02-28 02:34:43 +01:00
|
|
|
struct hostapd_frame_info *fi)
|
|
|
|
{
|
|
|
|
struct ieee802_11_elems elems;
|
|
|
|
|
|
|
|
if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.beacon)) {
|
2013-11-02 11:51:30 +01:00
|
|
|
wpa_printf(MSG_INFO, "handle_beacon - too short payload (len=%lu)",
|
|
|
|
(unsigned long) len);
|
2008-02-28 02:34:43 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2008-10-29 20:33:46 +01:00
|
|
|
(void) ieee802_11_parse_elems(mgmt->u.beacon.variable,
|
2008-02-28 02:34:43 +01:00
|
|
|
len - (IEEE80211_HDRLEN +
|
|
|
|
sizeof(mgmt->u.beacon)), &elems,
|
|
|
|
0);
|
|
|
|
|
|
|
|
ap_list_process_beacon(hapd->iface, mgmt, &elems, fi);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2009-05-08 11:51:28 +02:00
|
|
|
static int robust_action_frame(u8 category)
|
|
|
|
{
|
|
|
|
return category != WLAN_ACTION_PUBLIC &&
|
|
|
|
category != WLAN_ACTION_HT;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2013-12-29 09:18:49 +01:00
|
|
|
static int handle_action(struct hostapd_data *hapd,
|
2018-01-08 02:37:48 +01:00
|
|
|
const struct ieee80211_mgmt *mgmt, size_t len,
|
|
|
|
unsigned int freq)
|
2008-02-28 02:34:43 +01:00
|
|
|
{
|
2009-05-08 11:51:28 +02:00
|
|
|
struct sta_info *sta;
|
2018-12-01 12:19:47 +01:00
|
|
|
u8 *action __maybe_unused;
|
2009-05-08 11:51:28 +02:00
|
|
|
|
2018-12-01 12:19:47 +01:00
|
|
|
if (len < IEEE80211_HDRLEN + 2 + 1) {
|
2008-02-28 02:34:43 +01:00
|
|
|
hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
|
|
|
"handle_action - too short payload (len=%lu)",
|
|
|
|
(unsigned long) len);
|
2013-12-29 09:18:49 +01:00
|
|
|
return 0;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
2018-12-01 12:19:47 +01:00
|
|
|
action = (u8 *) &mgmt->u.action.u;
|
|
|
|
wpa_printf(MSG_DEBUG, "RX_ACTION category %u action %u sa " MACSTR
|
|
|
|
" da " MACSTR " len %d freq %u",
|
|
|
|
mgmt->u.action.category, *action,
|
|
|
|
MAC2STR(mgmt->sa), MAC2STR(mgmt->da), (int) len, freq);
|
|
|
|
|
|
|
|
sta = ap_get_sta(hapd, mgmt->sa);
|
|
|
|
|
2012-12-16 18:16:17 +01:00
|
|
|
if (mgmt->u.action.category != WLAN_ACTION_PUBLIC &&
|
|
|
|
(sta == NULL || !(sta->flags & WLAN_STA_ASSOC))) {
|
|
|
|
wpa_printf(MSG_DEBUG, "IEEE 802.11: Ignored Action "
|
|
|
|
"frame (category=%u) from unassociated STA " MACSTR,
|
2017-02-11 11:08:12 +01:00
|
|
|
mgmt->u.action.category, MAC2STR(mgmt->sa));
|
2013-12-29 09:18:49 +01:00
|
|
|
return 0;
|
2012-12-16 18:16:17 +01:00
|
|
|
}
|
|
|
|
|
2009-05-08 11:51:28 +02:00
|
|
|
if (sta && (sta->flags & WLAN_STA_MFP) &&
|
2014-01-23 09:24:21 +01:00
|
|
|
!(mgmt->frame_control & host_to_le16(WLAN_FC_ISWEP)) &&
|
|
|
|
robust_action_frame(mgmt->u.action.category)) {
|
2009-05-08 11:51:28 +02:00
|
|
|
hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
|
|
|
"Dropped unprotected Robust Action frame from "
|
|
|
|
"an MFP STA");
|
2013-12-29 09:18:49 +01:00
|
|
|
return 0;
|
2009-05-08 11:51:28 +02:00
|
|
|
}
|
|
|
|
|
2014-11-05 09:50:34 +01:00
|
|
|
if (sta) {
|
|
|
|
u16 fc = le_to_host16(mgmt->frame_control);
|
|
|
|
u16 seq_ctrl = le_to_host16(mgmt->seq_ctrl);
|
|
|
|
|
|
|
|
if ((fc & WLAN_FC_RETRY) &&
|
|
|
|
sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ &&
|
|
|
|
sta->last_seq_ctrl == seq_ctrl &&
|
|
|
|
sta->last_subtype == WLAN_FC_STYPE_ACTION) {
|
|
|
|
hostapd_logger(hapd, sta->addr,
|
|
|
|
HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
|
|
|
"Drop repeated action frame seq_ctrl=0x%x",
|
|
|
|
seq_ctrl);
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
sta->last_seq_ctrl = seq_ctrl;
|
|
|
|
sta->last_subtype = WLAN_FC_STYPE_ACTION;
|
|
|
|
}
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
switch (mgmt->u.action.category) {
|
2016-10-27 14:18:32 +02:00
|
|
|
#ifdef CONFIG_IEEE80211R_AP
|
2008-02-28 02:34:43 +01:00
|
|
|
case WLAN_ACTION_FT:
|
2014-04-26 10:51:19 +02:00
|
|
|
if (!sta ||
|
|
|
|
wpa_ft_action_rx(sta->wpa_sm, (u8 *) &mgmt->u.action,
|
2008-02-28 02:34:43 +01:00
|
|
|
len - IEEE80211_HDRLEN))
|
|
|
|
break;
|
2013-12-29 09:18:49 +01:00
|
|
|
return 1;
|
2016-10-27 14:18:32 +02:00
|
|
|
#endif /* CONFIG_IEEE80211R_AP */
|
2008-08-31 10:06:58 +02:00
|
|
|
case WLAN_ACTION_WMM:
|
2009-03-04 11:33:24 +01:00
|
|
|
hostapd_wmm_action(hapd, mgmt, len);
|
2013-12-29 09:18:49 +01:00
|
|
|
return 1;
|
2008-12-26 10:46:21 +01:00
|
|
|
case WLAN_ACTION_SA_QUERY:
|
2019-03-09 11:40:05 +01:00
|
|
|
ieee802_11_sa_query_action(hapd, mgmt, len);
|
|
|
|
return 1;
|
2017-06-12 08:29:27 +02:00
|
|
|
#ifdef CONFIG_WNM_AP
|
2012-12-16 18:16:17 +01:00
|
|
|
case WLAN_ACTION_WNM:
|
2013-12-29 10:22:23 +01:00
|
|
|
ieee802_11_rx_wnm_action_ap(hapd, mgmt, len);
|
|
|
|
return 1;
|
2017-06-12 08:29:27 +02:00
|
|
|
#endif /* CONFIG_WNM_AP */
|
2015-01-21 14:30:48 +01:00
|
|
|
#ifdef CONFIG_FST
|
|
|
|
case WLAN_ACTION_FST:
|
|
|
|
if (hapd->iface->fst)
|
|
|
|
fst_rx_action(hapd->iface->fst, mgmt, len);
|
2015-07-25 22:20:33 +02:00
|
|
|
else
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"FST: Ignore FST Action frame - no FST attached");
|
2015-01-21 14:30:48 +01:00
|
|
|
return 1;
|
|
|
|
#endif /* CONFIG_FST */
|
2010-04-11 19:33:33 +02:00
|
|
|
case WLAN_ACTION_PUBLIC:
|
2014-01-23 10:15:28 +01:00
|
|
|
case WLAN_ACTION_PROTECTED_DUAL:
|
2015-05-03 15:24:01 +02:00
|
|
|
if (len >= IEEE80211_HDRLEN + 2 &&
|
|
|
|
mgmt->u.action.u.public_action.action ==
|
2014-04-14 20:21:40 +02:00
|
|
|
WLAN_PA_20_40_BSS_COEX) {
|
|
|
|
hostapd_2040_coex_action(hapd, mgmt, len);
|
2017-05-29 13:13:37 +02:00
|
|
|
return 1;
|
2014-04-14 20:21:40 +02:00
|
|
|
}
|
2017-06-15 21:16:45 +02:00
|
|
|
#ifdef CONFIG_DPP
|
|
|
|
if (len >= IEEE80211_HDRLEN + 6 &&
|
|
|
|
mgmt->u.action.u.vs_public_action.action ==
|
|
|
|
WLAN_PA_VENDOR_SPECIFIC &&
|
|
|
|
WPA_GET_BE24(mgmt->u.action.u.vs_public_action.oui) ==
|
|
|
|
OUI_WFA &&
|
|
|
|
mgmt->u.action.u.vs_public_action.variable[0] ==
|
|
|
|
DPP_OUI_TYPE) {
|
|
|
|
const u8 *pos, *end;
|
|
|
|
|
2017-10-18 21:51:30 +02:00
|
|
|
pos = mgmt->u.action.u.vs_public_action.oui;
|
2017-06-15 21:16:45 +02:00
|
|
|
end = ((const u8 *) mgmt) + len;
|
|
|
|
hostapd_dpp_rx_action(hapd, mgmt->sa, pos, end - pos,
|
2018-01-08 02:37:48 +01:00
|
|
|
freq);
|
2017-06-15 21:16:45 +02:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
if (len >= IEEE80211_HDRLEN + 2 &&
|
|
|
|
(mgmt->u.action.u.public_action.action ==
|
|
|
|
WLAN_PA_GAS_INITIAL_RESP ||
|
|
|
|
mgmt->u.action.u.public_action.action ==
|
|
|
|
WLAN_PA_GAS_COMEBACK_RESP)) {
|
|
|
|
const u8 *pos, *end;
|
|
|
|
|
|
|
|
pos = &mgmt->u.action.u.public_action.action;
|
|
|
|
end = ((const u8 *) mgmt) + len;
|
2022-12-21 07:35:12 +01:00
|
|
|
if (gas_query_ap_rx(hapd->gas, mgmt->sa,
|
|
|
|
mgmt->u.action.category,
|
|
|
|
pos, end - pos, freq) == 0)
|
|
|
|
return 1;
|
2017-06-15 21:16:45 +02:00
|
|
|
}
|
|
|
|
#endif /* CONFIG_DPP */
|
2010-04-11 19:33:33 +02:00
|
|
|
if (hapd->public_action_cb) {
|
|
|
|
hapd->public_action_cb(hapd->public_action_cb_ctx,
|
2022-01-05 06:04:24 +01:00
|
|
|
(u8 *) mgmt, len, freq);
|
2010-04-11 19:33:33 +02:00
|
|
|
}
|
2013-02-04 14:38:35 +01:00
|
|
|
if (hapd->public_action_cb2) {
|
2013-02-16 18:15:05 +01:00
|
|
|
hapd->public_action_cb2(hapd->public_action_cb2_ctx,
|
2022-01-05 06:04:24 +01:00
|
|
|
(u8 *) mgmt, len, freq);
|
2013-02-04 14:38:35 +01:00
|
|
|
}
|
|
|
|
if (hapd->public_action_cb || hapd->public_action_cb2)
|
2013-12-29 09:18:49 +01:00
|
|
|
return 1;
|
2010-04-11 19:33:33 +02:00
|
|
|
break;
|
2010-07-18 23:30:25 +02:00
|
|
|
case WLAN_ACTION_VENDOR_SPECIFIC:
|
|
|
|
if (hapd->vendor_action_cb) {
|
|
|
|
if (hapd->vendor_action_cb(hapd->vendor_action_cb_ctx,
|
2022-01-05 06:04:24 +01:00
|
|
|
(u8 *) mgmt, len, freq) == 0)
|
2013-12-29 09:18:49 +01:00
|
|
|
return 1;
|
2010-07-18 23:30:25 +02:00
|
|
|
}
|
|
|
|
break;
|
2023-11-27 20:03:58 +01:00
|
|
|
#ifndef CONFIG_NO_RRM
|
2016-04-06 18:42:09 +02:00
|
|
|
case WLAN_ACTION_RADIO_MEASUREMENT:
|
|
|
|
hostapd_handle_radio_measurement(hapd, (const u8 *) mgmt, len);
|
|
|
|
return 1;
|
2023-11-27 20:03:58 +01:00
|
|
|
#endif /* CONFIG_NO_RRM */
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
|
|
|
"handle_action - unknown action category %d or invalid "
|
|
|
|
"frame",
|
|
|
|
mgmt->u.action.category);
|
2016-08-16 15:06:59 +02:00
|
|
|
if (!is_multicast_ether_addr(mgmt->da) &&
|
|
|
|
!(mgmt->u.action.category & 0x80) &&
|
|
|
|
!is_multicast_ether_addr(mgmt->sa)) {
|
2009-12-13 22:25:30 +01:00
|
|
|
struct ieee80211_mgmt *resp;
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
/*
|
|
|
|
* IEEE 802.11-REVma/D9.0 - 7.3.1.11
|
|
|
|
* Return the Action frame to the source without change
|
|
|
|
* except that MSB of the Category set to 1.
|
|
|
|
*/
|
|
|
|
wpa_printf(MSG_DEBUG, "IEEE 802.11: Return unknown Action "
|
|
|
|
"frame back to sender");
|
2017-03-07 10:17:23 +01:00
|
|
|
resp = os_memdup(mgmt, len);
|
2009-12-13 22:25:30 +01:00
|
|
|
if (resp == NULL)
|
2013-12-29 09:18:49 +01:00
|
|
|
return 0;
|
2009-12-13 22:25:30 +01:00
|
|
|
os_memcpy(resp->da, resp->sa, ETH_ALEN);
|
|
|
|
os_memcpy(resp->sa, hapd->own_addr, ETH_ALEN);
|
|
|
|
os_memcpy(resp->bssid, hapd->own_addr, ETH_ALEN);
|
|
|
|
resp->u.action.category |= 0x80;
|
|
|
|
|
2020-01-03 12:34:37 +01:00
|
|
|
if (hostapd_drv_send_mlme(hapd, resp, len, 0, NULL, 0, 0) < 0) {
|
2012-08-19 17:34:16 +02:00
|
|
|
wpa_printf(MSG_ERROR, "IEEE 802.11: Failed to send "
|
|
|
|
"Action frame");
|
|
|
|
}
|
2009-12-13 22:25:30 +01:00
|
|
|
os_free(resp);
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
2013-12-29 09:18:49 +01:00
|
|
|
|
|
|
|
return 1;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2020-11-30 12:10:46 +01:00
|
|
|
/**
|
|
|
|
* notify_mgmt_frame - Notify of Management frames on the control interface
|
|
|
|
* @hapd: hostapd BSS data structure (the BSS to which the Management frame was
|
|
|
|
* sent to)
|
|
|
|
* @buf: Management frame data (starting from the IEEE 802.11 header)
|
|
|
|
* @len: Length of frame data in octets
|
|
|
|
*
|
|
|
|
* Notify the control interface of any received Management frame.
|
|
|
|
*/
|
|
|
|
static void notify_mgmt_frame(struct hostapd_data *hapd, const u8 *buf,
|
|
|
|
size_t len)
|
|
|
|
{
|
|
|
|
|
|
|
|
int hex_len = len * 2 + 1;
|
|
|
|
char *hex = os_malloc(hex_len);
|
|
|
|
|
|
|
|
if (hex) {
|
|
|
|
wpa_snprintf_hex(hex, hex_len, buf, len);
|
|
|
|
wpa_msg_ctrl(hapd->msg_ctx, MSG_INFO,
|
|
|
|
AP_MGMT_FRAME_RECEIVED "buf=%s", hex);
|
|
|
|
os_free(hex);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
/**
|
|
|
|
* ieee802_11_mgmt - process incoming IEEE 802.11 management frames
|
|
|
|
* @hapd: hostapd BSS data structure (the BSS to which the management frame was
|
|
|
|
* sent to)
|
|
|
|
* @buf: management frame data (starting from IEEE 802.11 header)
|
|
|
|
* @len: length of frame data in octets
|
2009-01-02 21:28:04 +01:00
|
|
|
* @fi: meta data about received frame (signal level, etc.)
|
2008-02-28 02:34:43 +01:00
|
|
|
*
|
|
|
|
* Process all incoming IEEE 802.11 management frames. This will be called for
|
|
|
|
* each frame received from the kernel driver through wlan#ap interface. In
|
|
|
|
* addition, it can be called to re-inserted pending frames (e.g., when using
|
|
|
|
* external RADIUS server as an MAC ACL).
|
|
|
|
*/
|
2013-12-29 09:18:49 +01:00
|
|
|
int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len,
|
|
|
|
struct hostapd_frame_info *fi)
|
2008-02-28 02:34:43 +01:00
|
|
|
{
|
2009-12-13 22:05:39 +01:00
|
|
|
struct ieee80211_mgmt *mgmt;
|
|
|
|
u16 fc, stype;
|
2013-12-29 09:18:49 +01:00
|
|
|
int ret = 0;
|
2018-01-08 02:37:48 +01:00
|
|
|
unsigned int freq;
|
2018-02-07 11:34:41 +01:00
|
|
|
int ssi_signal = fi ? fi->ssi_signal : 0;
|
2009-12-13 22:05:39 +01:00
|
|
|
|
2011-01-17 11:21:29 +01:00
|
|
|
if (len < 24)
|
2013-12-29 09:18:49 +01:00
|
|
|
return 0;
|
2011-01-17 11:21:29 +01:00
|
|
|
|
2018-01-08 02:37:48 +01:00
|
|
|
if (fi && fi->freq)
|
|
|
|
freq = fi->freq;
|
|
|
|
else
|
|
|
|
freq = hapd->iface->freq;
|
|
|
|
|
2009-12-13 22:05:39 +01:00
|
|
|
mgmt = (struct ieee80211_mgmt *) buf;
|
|
|
|
fc = le_to_host16(mgmt->frame_control);
|
|
|
|
stype = WLAN_FC_GET_STYPE(fc);
|
2008-02-28 02:34:43 +01:00
|
|
|
|
2019-08-29 10:52:04 +02:00
|
|
|
if (is_multicast_ether_addr(mgmt->sa) ||
|
|
|
|
is_zero_ether_addr(mgmt->sa) ||
|
Use ether_addr_equal() to compare whether two MAC addresses are equal
This was done with spatch using the following semantic patch and minor
manual edits to clean up coding style and avoid compiler warnings in
driver_wext.c:
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) == 0
+ ether_addr_equal(a, b)
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) != 0
+ !ether_addr_equal(a, b)
@@
expression a,b;
@@
- !os_memcmp(a, b, ETH_ALEN)
+ ether_addr_equal(a, b)
Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-13 22:15:36 +01:00
|
|
|
ether_addr_equal(mgmt->sa, hapd->own_addr)) {
|
2019-08-29 10:52:04 +02:00
|
|
|
/* Do not process any frames with unexpected/invalid SA so that
|
|
|
|
* we do not add any state for unexpected STA addresses or end
|
|
|
|
* up sending out frames to unexpected destination. */
|
|
|
|
wpa_printf(MSG_DEBUG, "MGMT: Invalid SA=" MACSTR
|
|
|
|
" in received frame - ignore this frame silently",
|
|
|
|
MAC2STR(mgmt->sa));
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
if (stype == WLAN_FC_STYPE_BEACON) {
|
|
|
|
handle_beacon(hapd, mgmt, len, fi);
|
2013-12-29 09:18:49 +01:00
|
|
|
return 1;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
2016-08-05 13:31:54 +02:00
|
|
|
if (!is_broadcast_ether_addr(mgmt->bssid) &&
|
2011-12-04 11:10:11 +01:00
|
|
|
#ifdef CONFIG_P2P
|
|
|
|
/* Invitation responses can be sent with the peer MAC as BSSID */
|
|
|
|
!((hapd->conf->p2p & P2P_GROUP_OWNER) &&
|
|
|
|
stype == WLAN_FC_STYPE_ACTION) &&
|
|
|
|
#endif /* CONFIG_P2P */
|
2014-09-01 06:23:30 +02:00
|
|
|
#ifdef CONFIG_MESH
|
|
|
|
!(hapd->conf->mesh & MESH_ENABLED) &&
|
|
|
|
#endif /* CONFIG_MESH */
|
2023-05-22 21:33:40 +02:00
|
|
|
#ifdef CONFIG_IEEE80211BE
|
|
|
|
!(hapd->conf->mld_ap &&
|
Use ether_addr_equal() to compare whether two MAC addresses are equal
This was done with spatch using the following semantic patch and minor
manual edits to clean up coding style and avoid compiler warnings in
driver_wext.c:
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) == 0
+ ether_addr_equal(a, b)
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) != 0
+ !ether_addr_equal(a, b)
@@
expression a,b;
@@
- !os_memcmp(a, b, ETH_ALEN)
+ ether_addr_equal(a, b)
Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-13 22:15:36 +01:00
|
|
|
ether_addr_equal(hapd->mld_addr, mgmt->bssid)) &&
|
2023-05-22 21:33:40 +02:00
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
Use ether_addr_equal() to compare whether two MAC addresses are equal
This was done with spatch using the following semantic patch and minor
manual edits to clean up coding style and avoid compiler warnings in
driver_wext.c:
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) == 0
+ ether_addr_equal(a, b)
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) != 0
+ !ether_addr_equal(a, b)
@@
expression a,b;
@@
- !os_memcmp(a, b, ETH_ALEN)
+ ether_addr_equal(a, b)
Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-13 22:15:36 +01:00
|
|
|
!ether_addr_equal(mgmt->bssid, hapd->own_addr)) {
|
2013-11-02 11:51:30 +01:00
|
|
|
wpa_printf(MSG_INFO, "MGMT: BSSID=" MACSTR " not our address",
|
|
|
|
MAC2STR(mgmt->bssid));
|
2013-12-29 09:18:49 +01:00
|
|
|
return 0;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
2020-05-16 11:16:34 +02:00
|
|
|
if (hapd->iface->state != HAPD_IFACE_ENABLED) {
|
|
|
|
wpa_printf(MSG_DEBUG, "MGMT: Ignore management frame while interface is not enabled (SA=" MACSTR " DA=" MACSTR " subtype=%u)",
|
|
|
|
MAC2STR(mgmt->sa), MAC2STR(mgmt->da), stype);
|
|
|
|
return 1;
|
|
|
|
}
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
if (stype == WLAN_FC_STYPE_PROBE_REQ) {
|
2018-02-07 11:34:41 +01:00
|
|
|
handle_probe_req(hapd, mgmt, len, ssi_signal);
|
2013-12-29 09:18:49 +01:00
|
|
|
return 1;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
2017-07-02 11:36:48 +02:00
|
|
|
if ((!is_broadcast_ether_addr(mgmt->da) ||
|
|
|
|
stype != WLAN_FC_STYPE_ACTION) &&
|
2023-05-22 21:33:40 +02:00
|
|
|
#ifdef CONFIG_IEEE80211BE
|
|
|
|
!(hapd->conf->mld_ap &&
|
Use ether_addr_equal() to compare whether two MAC addresses are equal
This was done with spatch using the following semantic patch and minor
manual edits to clean up coding style and avoid compiler warnings in
driver_wext.c:
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) == 0
+ ether_addr_equal(a, b)
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) != 0
+ !ether_addr_equal(a, b)
@@
expression a,b;
@@
- !os_memcmp(a, b, ETH_ALEN)
+ ether_addr_equal(a, b)
Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-13 22:15:36 +01:00
|
|
|
ether_addr_equal(hapd->mld_addr, mgmt->bssid)) &&
|
2023-05-22 21:33:40 +02:00
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
Use ether_addr_equal() to compare whether two MAC addresses are equal
This was done with spatch using the following semantic patch and minor
manual edits to clean up coding style and avoid compiler warnings in
driver_wext.c:
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) == 0
+ ether_addr_equal(a, b)
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) != 0
+ !ether_addr_equal(a, b)
@@
expression a,b;
@@
- !os_memcmp(a, b, ETH_ALEN)
+ ether_addr_equal(a, b)
Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-13 22:15:36 +01:00
|
|
|
!ether_addr_equal(mgmt->da, hapd->own_addr)) {
|
2008-02-28 02:34:43 +01:00
|
|
|
hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
|
|
|
"MGMT: DA=" MACSTR " not our address",
|
|
|
|
MAC2STR(mgmt->da));
|
2013-12-29 09:18:49 +01:00
|
|
|
return 0;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
2015-09-05 18:38:06 +02:00
|
|
|
if (hapd->iconf->track_sta_max_num)
|
2018-02-07 11:34:41 +01:00
|
|
|
sta_track_add(hapd->iface, mgmt->sa, ssi_signal);
|
2015-09-05 18:38:06 +02:00
|
|
|
|
2020-11-30 12:10:46 +01:00
|
|
|
if (hapd->conf->notify_mgmt_frames)
|
|
|
|
notify_mgmt_frame(hapd, buf, len);
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
switch (stype) {
|
|
|
|
case WLAN_FC_STYPE_AUTH:
|
|
|
|
wpa_printf(MSG_DEBUG, "mgmt::auth");
|
2019-03-01 18:54:51 +01:00
|
|
|
handle_auth(hapd, mgmt, len, ssi_signal, 0);
|
2013-12-29 09:18:49 +01:00
|
|
|
ret = 1;
|
2008-02-28 02:34:43 +01:00
|
|
|
break;
|
|
|
|
case WLAN_FC_STYPE_ASSOC_REQ:
|
|
|
|
wpa_printf(MSG_DEBUG, "mgmt::assoc_req");
|
2017-08-21 18:43:53 +02:00
|
|
|
handle_assoc(hapd, mgmt, len, 0, ssi_signal);
|
2013-12-29 09:18:49 +01:00
|
|
|
ret = 1;
|
2008-02-28 02:34:43 +01:00
|
|
|
break;
|
|
|
|
case WLAN_FC_STYPE_REASSOC_REQ:
|
|
|
|
wpa_printf(MSG_DEBUG, "mgmt::reassoc_req");
|
2017-08-21 18:43:53 +02:00
|
|
|
handle_assoc(hapd, mgmt, len, 1, ssi_signal);
|
2013-12-29 09:18:49 +01:00
|
|
|
ret = 1;
|
2008-02-28 02:34:43 +01:00
|
|
|
break;
|
|
|
|
case WLAN_FC_STYPE_DISASSOC:
|
|
|
|
wpa_printf(MSG_DEBUG, "mgmt::disassoc");
|
|
|
|
handle_disassoc(hapd, mgmt, len);
|
2013-12-29 09:18:49 +01:00
|
|
|
ret = 1;
|
2008-02-28 02:34:43 +01:00
|
|
|
break;
|
|
|
|
case WLAN_FC_STYPE_DEAUTH:
|
2011-11-03 21:04:17 +01:00
|
|
|
wpa_msg(hapd->msg_ctx, MSG_DEBUG, "mgmt::deauth");
|
2008-02-28 02:34:43 +01:00
|
|
|
handle_deauth(hapd, mgmt, len);
|
2013-12-29 09:18:49 +01:00
|
|
|
ret = 1;
|
2008-02-28 02:34:43 +01:00
|
|
|
break;
|
|
|
|
case WLAN_FC_STYPE_ACTION:
|
|
|
|
wpa_printf(MSG_DEBUG, "mgmt::action");
|
2018-01-08 02:37:48 +01:00
|
|
|
ret = handle_action(hapd, mgmt, len, freq);
|
2008-02-28 02:34:43 +01:00
|
|
|
break;
|
|
|
|
default:
|
|
|
|
hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
|
|
|
"unknown mgmt frame subtype %d", stype);
|
|
|
|
break;
|
|
|
|
}
|
2013-12-29 09:18:49 +01:00
|
|
|
|
|
|
|
return ret;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void handle_auth_cb(struct hostapd_data *hapd,
|
2009-12-13 22:05:39 +01:00
|
|
|
const struct ieee80211_mgmt *mgmt,
|
2008-02-28 02:34:43 +01:00
|
|
|
size_t len, int ok)
|
|
|
|
{
|
|
|
|
u16 auth_alg, auth_transaction, status_code;
|
|
|
|
struct sta_info *sta;
|
2021-02-08 03:49:17 +01:00
|
|
|
bool success_status;
|
2008-02-28 02:34:43 +01:00
|
|
|
|
2016-02-16 10:54:32 +01:00
|
|
|
sta = ap_get_sta(hapd, mgmt->da);
|
|
|
|
if (!sta) {
|
2018-10-14 19:03:55 +02:00
|
|
|
wpa_printf(MSG_DEBUG, "handle_auth_cb: STA " MACSTR
|
|
|
|
" not found",
|
2016-02-16 10:54:32 +01:00
|
|
|
MAC2STR(mgmt->da));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2021-02-22 23:30:09 +01:00
|
|
|
if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) {
|
|
|
|
wpa_printf(MSG_INFO, "handle_auth_cb - too short payload (len=%lu)",
|
|
|
|
(unsigned long) len);
|
|
|
|
auth_alg = 0;
|
|
|
|
auth_transaction = 0;
|
|
|
|
status_code = WLAN_STATUS_UNSPECIFIED_FAILURE;
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
2016-02-16 10:54:32 +01:00
|
|
|
auth_alg = le_to_host16(mgmt->u.auth.auth_alg);
|
|
|
|
auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction);
|
|
|
|
status_code = le_to_host16(mgmt->u.auth.status_code);
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
if (!ok) {
|
|
|
|
hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_NOTICE,
|
|
|
|
"did not acknowledge authentication response");
|
2016-02-16 10:54:32 +01:00
|
|
|
goto fail;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
if (status_code == WLAN_STATUS_SUCCESS &&
|
|
|
|
((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 2) ||
|
|
|
|
(auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 4))) {
|
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_INFO, "authenticated");
|
|
|
|
sta->flags |= WLAN_STA_AUTH;
|
2016-02-16 10:54:32 +01:00
|
|
|
if (sta->added_unassoc)
|
|
|
|
hostapd_set_sta_flags(hapd, sta);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
fail:
|
2021-02-08 03:49:17 +01:00
|
|
|
success_status = status_code == WLAN_STATUS_SUCCESS;
|
|
|
|
#ifdef CONFIG_SAE
|
|
|
|
if (auth_alg == WLAN_AUTH_SAE && auth_transaction == 1)
|
|
|
|
success_status = sae_status_success(hapd, status_code);
|
|
|
|
#endif /* CONFIG_SAE */
|
|
|
|
if (!success_status && sta->added_unassoc) {
|
2016-02-16 10:54:32 +01:00
|
|
|
hostapd_drv_sta_remove(hapd, sta->addr);
|
|
|
|
sta->added_unassoc = 0;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2013-07-20 16:41:22 +02:00
|
|
|
static void hostapd_set_wds_encryption(struct hostapd_data *hapd,
|
|
|
|
struct sta_info *sta,
|
|
|
|
char *ifname_wds)
|
|
|
|
{
|
2020-02-29 15:52:39 +01:00
|
|
|
#ifdef CONFIG_WEP
|
2013-07-20 16:41:22 +02:00
|
|
|
int i;
|
2015-04-20 23:33:25 +02:00
|
|
|
struct hostapd_ssid *ssid = &hapd->conf->ssid;
|
2013-07-20 16:41:22 +02:00
|
|
|
|
|
|
|
if (hapd->conf->ieee802_1x || hapd->conf->wpa)
|
|
|
|
return;
|
|
|
|
|
|
|
|
for (i = 0; i < 4; i++) {
|
|
|
|
if (ssid->wep.key[i] &&
|
|
|
|
hostapd_drv_set_key(ifname_wds, hapd, WPA_ALG_WEP, NULL, i,
|
2019-12-05 11:38:47 +01:00
|
|
|
0, i == ssid->wep.idx, NULL, 0,
|
2020-01-04 23:10:04 +01:00
|
|
|
ssid->wep.key[i], ssid->wep.len[i],
|
|
|
|
i == ssid->wep.idx ?
|
|
|
|
KEY_FLAG_GROUP_RX_TX_DEFAULT :
|
|
|
|
KEY_FLAG_GROUP_RX_TX)) {
|
2013-07-20 16:41:22 +02:00
|
|
|
wpa_printf(MSG_WARNING,
|
|
|
|
"Could not set WEP keys for WDS interface; %s",
|
|
|
|
ifname_wds);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
2020-02-29 15:52:39 +01:00
|
|
|
#endif /* CONFIG_WEP */
|
2013-07-20 16:41:22 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2023-05-22 21:33:47 +02:00
|
|
|
#ifdef CONFIG_IEEE80211BE
|
|
|
|
static void ieee80211_ml_link_sta_assoc_cb(struct hostapd_data *hapd,
|
|
|
|
struct sta_info *sta,
|
|
|
|
struct mld_link_info *link,
|
|
|
|
bool ok)
|
|
|
|
{
|
2023-12-17 13:09:57 +01:00
|
|
|
bool updated = false;
|
|
|
|
|
2023-05-22 21:33:47 +02:00
|
|
|
if (!ok) {
|
|
|
|
hostapd_logger(hapd, link->peer_addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
|
|
|
"did not acknowledge association response");
|
|
|
|
sta->flags &= ~WLAN_STA_ASSOC_REQ_OK;
|
|
|
|
|
|
|
|
/* The STA is added only in case of SUCCESS */
|
|
|
|
if (link->status == WLAN_STATUS_SUCCESS)
|
|
|
|
hostapd_drv_sta_remove(hapd, sta->addr);
|
|
|
|
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (link->status != WLAN_STATUS_SUCCESS)
|
|
|
|
return;
|
|
|
|
|
|
|
|
sta->flags |= WLAN_STA_ASSOC;
|
|
|
|
sta->flags &= ~WLAN_STA_WNM_SLEEP_MODE;
|
|
|
|
|
|
|
|
if (!hapd->conf->ieee802_1x && !hapd->conf->wpa)
|
2023-12-17 13:09:57 +01:00
|
|
|
updated = ap_sta_set_authorized_flag(hapd, sta, 1);
|
2023-05-22 21:33:47 +02:00
|
|
|
|
|
|
|
hostapd_set_sta_flags(hapd, sta);
|
2023-12-17 13:09:57 +01:00
|
|
|
if (updated)
|
|
|
|
ap_sta_set_authorized_event(hapd, sta, 1);
|
2023-05-22 21:33:47 +02:00
|
|
|
|
|
|
|
/*
|
|
|
|
* TODOs:
|
|
|
|
* - IEEE 802.1X port enablement is not needed as done on the station
|
|
|
|
* doing the connection.
|
|
|
|
* - Not handling accounting
|
|
|
|
* - Need to handle VLAN configuration
|
|
|
|
*/
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
|
|
|
|
|
|
|
|
|
|
|
static void hostapd_ml_handle_assoc_cb(struct hostapd_data *hapd,
|
|
|
|
struct sta_info *sta, bool ok)
|
|
|
|
{
|
|
|
|
#ifdef CONFIG_IEEE80211BE
|
|
|
|
unsigned int i, link_id;
|
|
|
|
|
|
|
|
if (!hostapd_is_mld_ap(hapd))
|
|
|
|
return;
|
|
|
|
|
|
|
|
for (link_id = 0; link_id < MAX_NUM_MLD_LINKS; link_id++) {
|
|
|
|
struct mld_link_info *link = &sta->mld_info.links[link_id];
|
|
|
|
|
|
|
|
if (!link->valid)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
for (i = 0; i < hapd->iface->interfaces->count; i++) {
|
|
|
|
struct sta_info *tmp_sta;
|
|
|
|
struct hostapd_data *tmp_hapd =
|
|
|
|
hapd->iface->interfaces->iface[i]->bss[0];
|
|
|
|
|
2024-01-13 11:16:51 +01:00
|
|
|
if (!tmp_hapd->conf->mld_ap ||
|
2023-05-22 21:33:47 +02:00
|
|
|
hapd->conf->mld_id != tmp_hapd->conf->mld_id)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
for (tmp_sta = tmp_hapd->sta_list; tmp_sta;
|
|
|
|
tmp_sta = tmp_sta->next) {
|
|
|
|
if (tmp_sta == sta ||
|
|
|
|
tmp_sta->mld_assoc_link_id !=
|
|
|
|
sta->mld_assoc_link_id ||
|
|
|
|
tmp_sta->aid != sta->aid)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
ieee80211_ml_link_sta_assoc_cb(tmp_hapd,
|
|
|
|
tmp_sta, link,
|
|
|
|
ok);
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
static void handle_assoc_cb(struct hostapd_data *hapd,
|
2009-12-13 22:05:39 +01:00
|
|
|
const struct ieee80211_mgmt *mgmt,
|
2008-02-28 02:34:43 +01:00
|
|
|
size_t len, int reassoc, int ok)
|
|
|
|
{
|
|
|
|
u16 status;
|
|
|
|
struct sta_info *sta;
|
|
|
|
int new_assoc = 1;
|
|
|
|
|
|
|
|
sta = ap_get_sta(hapd, mgmt->da);
|
|
|
|
if (!sta) {
|
2013-11-02 11:51:30 +01:00
|
|
|
wpa_printf(MSG_INFO, "handle_assoc_cb: STA " MACSTR " not found",
|
|
|
|
MAC2STR(mgmt->da));
|
2008-02-28 02:34:43 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2023-05-22 21:33:47 +02:00
|
|
|
#ifdef CONFIG_IEEE80211BE
|
2024-01-21 17:45:28 +01:00
|
|
|
if (ap_sta_is_mld(hapd, sta) &&
|
2023-05-22 21:33:47 +02:00
|
|
|
hapd->mld_link_id != sta->mld_assoc_link_id) {
|
|
|
|
/* See ieee80211_ml_link_sta_assoc_cb() for the MLD case */
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"%s: MLD: ignore on link station (%d != %d)",
|
|
|
|
__func__, hapd->mld_link_id, sta->mld_assoc_link_id);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
|
|
|
|
2016-02-16 10:54:32 +01:00
|
|
|
if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_resp) :
|
|
|
|
sizeof(mgmt->u.assoc_resp))) {
|
|
|
|
wpa_printf(MSG_INFO,
|
|
|
|
"handle_assoc_cb(reassoc=%d) - too short payload (len=%lu)",
|
|
|
|
reassoc, (unsigned long) len);
|
2016-02-16 10:54:33 +01:00
|
|
|
hostapd_drv_sta_remove(hapd, sta->addr);
|
|
|
|
return;
|
2016-02-16 10:54:32 +01:00
|
|
|
}
|
|
|
|
|
2016-02-16 10:54:33 +01:00
|
|
|
if (reassoc)
|
|
|
|
status = le_to_host16(mgmt->u.reassoc_resp.status_code);
|
|
|
|
else
|
|
|
|
status = le_to_host16(mgmt->u.assoc_resp.status_code);
|
|
|
|
|
2012-09-23 12:23:16 +02:00
|
|
|
if (!ok) {
|
|
|
|
hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_DEBUG,
|
|
|
|
"did not acknowledge association response");
|
|
|
|
sta->flags &= ~WLAN_STA_ASSOC_REQ_OK;
|
2016-02-16 10:54:33 +01:00
|
|
|
/* The STA is added only in case of SUCCESS */
|
|
|
|
if (status == WLAN_STATUS_SUCCESS)
|
|
|
|
hostapd_drv_sta_remove(hapd, sta->addr);
|
2012-09-23 12:23:16 +02:00
|
|
|
|
2023-05-22 21:33:47 +02:00
|
|
|
goto handle_ml;
|
2016-02-16 10:54:33 +01:00
|
|
|
}
|
2012-09-23 12:23:16 +02:00
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
if (status != WLAN_STATUS_SUCCESS)
|
2023-05-22 21:33:47 +02:00
|
|
|
goto handle_ml;
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
/* Stop previous accounting session, if one is started, and allocate
|
|
|
|
* new session id for the new session. */
|
|
|
|
accounting_sta_stop(hapd, sta);
|
|
|
|
|
|
|
|
hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211,
|
|
|
|
HOSTAPD_LEVEL_INFO,
|
2008-11-23 10:12:17 +01:00
|
|
|
"associated (aid %d)",
|
|
|
|
sta->aid);
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
if (sta->flags & WLAN_STA_ASSOC)
|
|
|
|
new_assoc = 0;
|
|
|
|
sta->flags |= WLAN_STA_ASSOC;
|
2013-12-27 18:06:52 +01:00
|
|
|
sta->flags &= ~WLAN_STA_WNM_SLEEP_MODE;
|
2015-09-09 17:56:57 +02:00
|
|
|
if ((!hapd->conf->ieee802_1x && !hapd->conf->wpa &&
|
|
|
|
!hapd->conf->osen) ||
|
|
|
|
sta->auth_alg == WLAN_AUTH_FILS_SK ||
|
|
|
|
sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
|
|
|
|
sta->auth_alg == WLAN_AUTH_FILS_PK ||
|
2010-03-13 20:43:00 +01:00
|
|
|
sta->auth_alg == WLAN_AUTH_FT) {
|
|
|
|
/*
|
2015-09-09 17:56:57 +02:00
|
|
|
* Open, static WEP, FT protocol, or FILS; no separate
|
|
|
|
* authorization step.
|
2010-03-13 20:43:00 +01:00
|
|
|
*/
|
2011-02-02 15:52:32 +01:00
|
|
|
ap_sta_set_authorized(hapd, sta, 1);
|
2009-04-03 19:40:07 +02:00
|
|
|
}
|
2008-02-28 02:34:43 +01:00
|
|
|
|
|
|
|
if (reassoc)
|
|
|
|
mlme_reassociate_indication(hapd, sta);
|
|
|
|
else
|
|
|
|
mlme_associate_indication(hapd, sta);
|
|
|
|
|
2008-12-26 10:46:21 +01:00
|
|
|
sta->sa_query_timed_out = 0;
|
2008-08-31 10:04:47 +02:00
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
if (sta->eapol_sm == NULL) {
|
|
|
|
/*
|
|
|
|
* This STA does not use RADIUS server for EAP authentication,
|
|
|
|
* so bind it to the selected VLAN interface now, since the
|
|
|
|
* interface selection is not going to change anymore.
|
|
|
|
*/
|
Remove VLAN interface on STA free
Currently, vlan_remove_dynamic() is only called when the station VLAN ID
is changed (ap_sta_bind_vlan), but not when the station is freed. So
dynamic VLAN interfaces are not removed actually except within 1x
reauthentification VLAN ID change, although most of the code is already
there.
This patch fixes this by calling vlan_remove_dynamic() in ap_free_sta().
It cannot just use sta->vlan_id for this, as this might have been
changed without calling ap_sta_bind_vlan() (ap/ieee802_11.c:handle_auth
fetches from RADIUS cache for WPA-PSK), thus reference counting might
not have been updated. Additionally, reference counting might get wrong
due to old_vlanid = 0 being passed unconditionally, thus increasing the
reference counter multiple times.
So tracking the currently assigned (i.e., dynamic_vlan counter
increased) VLAN is done in a new variable sta->vlan_id_bound. Therefore,
the old_vlan_id argument of ap_sta_bind_vlan() is no longer needed and
setting the VLAN for the sta in driver happens unconditionally.
Additionally, vlan->dynamic_vlan is only incremented when it actually
is a dynamic VLAN.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2015-04-10 14:49:50 +02:00
|
|
|
if (ap_sta_bind_vlan(hapd, sta) < 0)
|
2023-05-22 21:33:47 +02:00
|
|
|
goto handle_ml;
|
2008-02-28 02:34:43 +01:00
|
|
|
} else if (sta->vlan_id) {
|
|
|
|
/* VLAN ID already set (e.g., by PMKSA caching), so bind STA */
|
Remove VLAN interface on STA free
Currently, vlan_remove_dynamic() is only called when the station VLAN ID
is changed (ap_sta_bind_vlan), but not when the station is freed. So
dynamic VLAN interfaces are not removed actually except within 1x
reauthentification VLAN ID change, although most of the code is already
there.
This patch fixes this by calling vlan_remove_dynamic() in ap_free_sta().
It cannot just use sta->vlan_id for this, as this might have been
changed without calling ap_sta_bind_vlan() (ap/ieee802_11.c:handle_auth
fetches from RADIUS cache for WPA-PSK), thus reference counting might
not have been updated. Additionally, reference counting might get wrong
due to old_vlanid = 0 being passed unconditionally, thus increasing the
reference counter multiple times.
So tracking the currently assigned (i.e., dynamic_vlan counter
increased) VLAN is done in a new variable sta->vlan_id_bound. Therefore,
the old_vlan_id argument of ap_sta_bind_vlan() is no longer needed and
setting the VLAN for the sta in driver happens unconditionally.
Additionally, vlan->dynamic_vlan is only incremented when it actually
is a dynamic VLAN.
Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2015-04-10 14:49:50 +02:00
|
|
|
if (ap_sta_bind_vlan(hapd, sta) < 0)
|
2023-05-22 21:33:47 +02:00
|
|
|
goto handle_ml;
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
2009-05-11 12:49:57 +02:00
|
|
|
|
2010-11-24 15:50:06 +01:00
|
|
|
hostapd_set_sta_flags(hapd, sta);
|
2008-02-28 02:34:43 +01:00
|
|
|
|
2016-12-20 00:30:09 +01:00
|
|
|
if (!(sta->flags & WLAN_STA_WDS) && sta->pending_wds_enable) {
|
|
|
|
wpa_printf(MSG_DEBUG, "Enable 4-address WDS mode for STA "
|
|
|
|
MACSTR " based on pending request",
|
|
|
|
MAC2STR(sta->addr));
|
|
|
|
sta->pending_wds_enable = 0;
|
|
|
|
sta->flags |= WLAN_STA_WDS;
|
|
|
|
}
|
|
|
|
|
2023-05-20 08:36:07 +02:00
|
|
|
/* WPS not supported on backhaul BSS. Disable 4addr mode on fronthaul */
|
|
|
|
if ((sta->flags & WLAN_STA_WDS) ||
|
|
|
|
(sta->flags & WLAN_STA_MULTI_AP &&
|
2023-10-18 11:21:38 +02:00
|
|
|
(hapd->conf->multi_ap & BACKHAUL_BSS) &&
|
2023-05-20 08:36:07 +02:00
|
|
|
!(sta->flags & WLAN_STA_WPS))) {
|
2016-12-02 11:51:16 +01:00
|
|
|
int ret;
|
|
|
|
char ifname_wds[IFNAMSIZ + 1];
|
|
|
|
|
|
|
|
wpa_printf(MSG_DEBUG, "Reenable 4-address WDS mode for STA "
|
|
|
|
MACSTR " (aid %u)",
|
|
|
|
MAC2STR(sta->addr), sta->aid);
|
|
|
|
ret = hostapd_set_wds_sta(hapd, ifname_wds, sta->addr,
|
|
|
|
sta->aid, 1);
|
|
|
|
if (!ret)
|
|
|
|
hostapd_set_wds_encryption(hapd, sta, ifname_wds);
|
|
|
|
}
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
if (sta->auth_alg == WLAN_AUTH_FT)
|
|
|
|
wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC_FT);
|
|
|
|
else
|
|
|
|
wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC);
|
2009-12-24 22:42:13 +01:00
|
|
|
hapd->new_assoc_sta_cb(hapd, sta, !new_assoc);
|
2008-02-28 02:34:43 +01:00
|
|
|
ieee802_1x_notify_port_enabled(sta->eapol_sm, 1);
|
2016-03-06 10:29:16 +01:00
|
|
|
|
2015-09-09 18:32:44 +02:00
|
|
|
#ifdef CONFIG_FILS
|
|
|
|
if ((sta->auth_alg == WLAN_AUTH_FILS_SK ||
|
|
|
|
sta->auth_alg == WLAN_AUTH_FILS_SK_PFS ||
|
|
|
|
sta->auth_alg == WLAN_AUTH_FILS_PK) &&
|
|
|
|
fils_set_tk(sta->wpa_sm) < 0) {
|
|
|
|
wpa_printf(MSG_DEBUG, "FILS: TK configuration failed");
|
|
|
|
ap_sta_disconnect(hapd, sta, sta->addr,
|
|
|
|
WLAN_REASON_UNSPECIFIED);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_FILS */
|
|
|
|
|
2016-03-06 10:29:16 +01:00
|
|
|
if (sta->pending_eapol_rx) {
|
|
|
|
struct os_reltime now, age;
|
|
|
|
|
|
|
|
os_get_reltime(&now);
|
|
|
|
os_reltime_sub(&now, &sta->pending_eapol_rx->rx_time, &age);
|
|
|
|
if (age.sec == 0 && age.usec < 200000) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"Process pending EAPOL frame that was received from " MACSTR " just before association notification",
|
|
|
|
MAC2STR(sta->addr));
|
|
|
|
ieee802_1x_receive(
|
|
|
|
hapd, mgmt->da,
|
|
|
|
wpabuf_head(sta->pending_eapol_rx->buf),
|
2022-05-06 23:38:35 +02:00
|
|
|
wpabuf_len(sta->pending_eapol_rx->buf),
|
|
|
|
sta->pending_eapol_rx->encrypted);
|
2016-03-06 10:29:16 +01:00
|
|
|
}
|
|
|
|
wpabuf_free(sta->pending_eapol_rx->buf);
|
|
|
|
os_free(sta->pending_eapol_rx);
|
|
|
|
sta->pending_eapol_rx = NULL;
|
|
|
|
}
|
2023-05-22 21:33:47 +02:00
|
|
|
|
|
|
|
handle_ml:
|
|
|
|
hostapd_ml_handle_assoc_cb(hapd, sta, ok);
|
2008-02-28 02:34:43 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-08-28 22:07:02 +02:00
|
|
|
static void handle_deauth_cb(struct hostapd_data *hapd,
|
|
|
|
const struct ieee80211_mgmt *mgmt,
|
|
|
|
size_t len, int ok)
|
|
|
|
{
|
|
|
|
struct sta_info *sta;
|
2016-08-16 15:06:59 +02:00
|
|
|
if (is_multicast_ether_addr(mgmt->da))
|
2011-08-28 22:07:02 +02:00
|
|
|
return;
|
|
|
|
sta = ap_get_sta(hapd, mgmt->da);
|
|
|
|
if (!sta) {
|
|
|
|
wpa_printf(MSG_DEBUG, "handle_deauth_cb: STA " MACSTR
|
|
|
|
" not found", MAC2STR(mgmt->da));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
if (ok)
|
|
|
|
wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged deauth",
|
|
|
|
MAC2STR(sta->addr));
|
|
|
|
else
|
|
|
|
wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge "
|
|
|
|
"deauth", MAC2STR(sta->addr));
|
|
|
|
|
|
|
|
ap_sta_deauth_cb(hapd, sta);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void handle_disassoc_cb(struct hostapd_data *hapd,
|
|
|
|
const struct ieee80211_mgmt *mgmt,
|
|
|
|
size_t len, int ok)
|
|
|
|
{
|
|
|
|
struct sta_info *sta;
|
2016-08-16 15:06:59 +02:00
|
|
|
if (is_multicast_ether_addr(mgmt->da))
|
2011-08-28 22:07:02 +02:00
|
|
|
return;
|
|
|
|
sta = ap_get_sta(hapd, mgmt->da);
|
|
|
|
if (!sta) {
|
|
|
|
wpa_printf(MSG_DEBUG, "handle_disassoc_cb: STA " MACSTR
|
|
|
|
" not found", MAC2STR(mgmt->da));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
if (ok)
|
|
|
|
wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged disassoc",
|
|
|
|
MAC2STR(sta->addr));
|
|
|
|
else
|
|
|
|
wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge "
|
|
|
|
"disassoc", MAC2STR(sta->addr));
|
|
|
|
|
|
|
|
ap_sta_disassoc_cb(hapd, sta);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2017-01-01 23:54:44 +01:00
|
|
|
static void handle_action_cb(struct hostapd_data *hapd,
|
|
|
|
const struct ieee80211_mgmt *mgmt,
|
|
|
|
size_t len, int ok)
|
|
|
|
{
|
|
|
|
struct sta_info *sta;
|
2023-11-27 20:03:58 +01:00
|
|
|
#ifndef CONFIG_NO_RRM
|
2017-01-07 21:23:13 +01:00
|
|
|
const struct rrm_measurement_report_element *report;
|
2023-11-27 20:03:58 +01:00
|
|
|
#endif /* CONFIG_NO_RRM */
|
2017-01-01 23:54:44 +01:00
|
|
|
|
2017-06-15 21:16:45 +02:00
|
|
|
#ifdef CONFIG_DPP
|
|
|
|
if (len >= IEEE80211_HDRLEN + 6 &&
|
|
|
|
mgmt->u.action.category == WLAN_ACTION_PUBLIC &&
|
|
|
|
mgmt->u.action.u.vs_public_action.action ==
|
|
|
|
WLAN_PA_VENDOR_SPECIFIC &&
|
|
|
|
WPA_GET_BE24(mgmt->u.action.u.vs_public_action.oui) ==
|
|
|
|
OUI_WFA &&
|
|
|
|
mgmt->u.action.u.vs_public_action.variable[0] ==
|
|
|
|
DPP_OUI_TYPE) {
|
|
|
|
const u8 *pos, *end;
|
|
|
|
|
|
|
|
pos = &mgmt->u.action.u.vs_public_action.variable[1];
|
|
|
|
end = ((const u8 *) mgmt) + len;
|
|
|
|
hostapd_dpp_tx_status(hapd, mgmt->da, pos, end - pos, ok);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
if (len >= IEEE80211_HDRLEN + 2 &&
|
|
|
|
mgmt->u.action.category == WLAN_ACTION_PUBLIC &&
|
|
|
|
(mgmt->u.action.u.public_action.action ==
|
|
|
|
WLAN_PA_GAS_INITIAL_REQ ||
|
|
|
|
mgmt->u.action.u.public_action.action ==
|
|
|
|
WLAN_PA_GAS_COMEBACK_REQ)) {
|
|
|
|
const u8 *pos, *end;
|
|
|
|
|
|
|
|
pos = mgmt->u.action.u.public_action.variable;
|
|
|
|
end = ((const u8 *) mgmt) + len;
|
|
|
|
gas_query_ap_tx_status(hapd->gas, mgmt->da, pos, end - pos, ok);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_DPP */
|
2022-01-24 19:28:13 +01:00
|
|
|
if (is_multicast_ether_addr(mgmt->da))
|
|
|
|
return;
|
2017-01-01 23:54:44 +01:00
|
|
|
sta = ap_get_sta(hapd, mgmt->da);
|
|
|
|
if (!sta) {
|
|
|
|
wpa_printf(MSG_DEBUG, "handle_action_cb: STA " MACSTR
|
|
|
|
" not found", MAC2STR(mgmt->da));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2022-11-21 21:53:07 +01:00
|
|
|
#ifdef CONFIG_HS20
|
|
|
|
if (ok && len >= IEEE80211_HDRLEN + 2 &&
|
|
|
|
mgmt->u.action.category == WLAN_ACTION_WNM &&
|
|
|
|
mgmt->u.action.u.vs_public_action.action == WNM_NOTIFICATION_REQ &&
|
|
|
|
sta->hs20_deauth_on_ack) {
|
|
|
|
wpa_printf(MSG_DEBUG, "HS 2.0: Deauthenticate STA " MACSTR
|
|
|
|
" on acknowledging the WNM-Notification",
|
|
|
|
MAC2STR(sta->addr));
|
|
|
|
ap_sta_session_timeout(hapd, sta, 0);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_HS20 */
|
|
|
|
|
2023-11-27 20:03:58 +01:00
|
|
|
#ifndef CONFIG_NO_RRM
|
2017-01-07 21:23:13 +01:00
|
|
|
if (len < 24 + 5 + sizeof(*report))
|
2017-01-01 23:54:44 +01:00
|
|
|
return;
|
2017-01-07 21:23:13 +01:00
|
|
|
report = (const struct rrm_measurement_report_element *)
|
|
|
|
&mgmt->u.action.u.rrm.variable[2];
|
2017-01-01 23:54:44 +01:00
|
|
|
if (mgmt->u.action.category == WLAN_ACTION_RADIO_MEASUREMENT &&
|
2017-01-07 21:23:13 +01:00
|
|
|
mgmt->u.action.u.rrm.action == WLAN_RRM_RADIO_MEASUREMENT_REQUEST &&
|
|
|
|
report->eid == WLAN_EID_MEASURE_REQUEST &&
|
|
|
|
report->len >= 3 &&
|
|
|
|
report->type == MEASURE_TYPE_BEACON)
|
2017-01-01 23:54:44 +01:00
|
|
|
hostapd_rrm_beacon_req_tx_status(hapd, mgmt, len, ok);
|
2023-11-27 20:03:58 +01:00
|
|
|
#endif /* CONFIG_NO_RRM */
|
2017-01-01 23:54:44 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2009-01-08 15:33:00 +01:00
|
|
|
/**
|
|
|
|
* ieee802_11_mgmt_cb - Process management frame TX status callback
|
|
|
|
* @hapd: hostapd BSS data structure (the BSS from which the management frame
|
|
|
|
* was sent from)
|
|
|
|
* @buf: management frame data (starting from IEEE 802.11 header)
|
|
|
|
* @len: length of frame data in octets
|
|
|
|
* @stype: management frame subtype from frame control field
|
|
|
|
* @ok: Whether the frame was ACK'ed
|
|
|
|
*/
|
2009-12-13 22:05:39 +01:00
|
|
|
void ieee802_11_mgmt_cb(struct hostapd_data *hapd, const u8 *buf, size_t len,
|
2008-02-28 02:34:43 +01:00
|
|
|
u16 stype, int ok)
|
|
|
|
{
|
2009-12-13 22:05:39 +01:00
|
|
|
const struct ieee80211_mgmt *mgmt;
|
|
|
|
mgmt = (const struct ieee80211_mgmt *) buf;
|
2008-02-28 02:34:43 +01:00
|
|
|
|
2013-12-26 07:35:22 +01:00
|
|
|
#ifdef CONFIG_TESTING_OPTIONS
|
|
|
|
if (hapd->ext_mgmt_frame_handling) {
|
2017-08-04 12:14:57 +02:00
|
|
|
size_t hex_len = 2 * len + 1;
|
|
|
|
char *hex = os_malloc(hex_len);
|
|
|
|
|
|
|
|
if (hex) {
|
|
|
|
wpa_snprintf_hex(hex, hex_len, buf, len);
|
|
|
|
wpa_msg(hapd->msg_ctx, MSG_INFO,
|
|
|
|
"MGMT-TX-STATUS stype=%u ok=%d buf=%s",
|
|
|
|
stype, ok, hex);
|
|
|
|
os_free(hex);
|
|
|
|
}
|
2013-12-26 07:35:22 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_TESTING_OPTIONS */
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
switch (stype) {
|
|
|
|
case WLAN_FC_STYPE_AUTH:
|
|
|
|
wpa_printf(MSG_DEBUG, "mgmt::auth cb");
|
|
|
|
handle_auth_cb(hapd, mgmt, len, ok);
|
|
|
|
break;
|
|
|
|
case WLAN_FC_STYPE_ASSOC_RESP:
|
|
|
|
wpa_printf(MSG_DEBUG, "mgmt::assoc_resp cb");
|
|
|
|
handle_assoc_cb(hapd, mgmt, len, 0, ok);
|
|
|
|
break;
|
|
|
|
case WLAN_FC_STYPE_REASSOC_RESP:
|
|
|
|
wpa_printf(MSG_DEBUG, "mgmt::reassoc_resp cb");
|
|
|
|
handle_assoc_cb(hapd, mgmt, len, 1, ok);
|
|
|
|
break;
|
|
|
|
case WLAN_FC_STYPE_PROBE_RESP:
|
2016-02-09 08:16:56 +01:00
|
|
|
wpa_printf(MSG_EXCESSIVE, "mgmt::proberesp cb ok=%d", ok);
|
2008-02-28 02:34:43 +01:00
|
|
|
break;
|
|
|
|
case WLAN_FC_STYPE_DEAUTH:
|
2011-08-28 22:07:02 +02:00
|
|
|
wpa_printf(MSG_DEBUG, "mgmt::deauth cb");
|
|
|
|
handle_deauth_cb(hapd, mgmt, len, ok);
|
|
|
|
break;
|
|
|
|
case WLAN_FC_STYPE_DISASSOC:
|
|
|
|
wpa_printf(MSG_DEBUG, "mgmt::disassoc cb");
|
|
|
|
handle_disassoc_cb(hapd, mgmt, len, ok);
|
2008-02-28 02:34:43 +01:00
|
|
|
break;
|
2008-08-31 10:04:47 +02:00
|
|
|
case WLAN_FC_STYPE_ACTION:
|
2016-02-09 08:16:56 +01:00
|
|
|
wpa_printf(MSG_DEBUG, "mgmt::action cb ok=%d", ok);
|
2017-01-01 23:54:44 +01:00
|
|
|
handle_action_cb(hapd, mgmt, len, ok);
|
2008-08-31 10:04:47 +02:00
|
|
|
break;
|
2008-02-28 02:34:43 +01:00
|
|
|
default:
|
2013-11-02 11:51:30 +01:00
|
|
|
wpa_printf(MSG_INFO, "unknown mgmt cb frame subtype %d", stype);
|
2008-02-28 02:34:43 +01:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int ieee802_11_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen)
|
|
|
|
{
|
|
|
|
/* TODO */
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int ieee802_11_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta,
|
|
|
|
char *buf, size_t buflen)
|
|
|
|
{
|
|
|
|
/* TODO */
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2009-12-13 22:05:39 +01:00
|
|
|
|
|
|
|
void hostapd_tx_status(struct hostapd_data *hapd, const u8 *addr,
|
|
|
|
const u8 *buf, size_t len, int ack)
|
|
|
|
{
|
|
|
|
struct sta_info *sta;
|
|
|
|
struct hostapd_iface *iface = hapd->iface;
|
|
|
|
|
|
|
|
sta = ap_get_sta(hapd, addr);
|
|
|
|
if (sta == NULL && iface->num_bss > 1) {
|
|
|
|
size_t j;
|
|
|
|
for (j = 0; j < iface->num_bss; j++) {
|
|
|
|
hapd = iface->bss[j];
|
|
|
|
sta = ap_get_sta(hapd, addr);
|
|
|
|
if (sta)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
2012-02-14 20:04:14 +01:00
|
|
|
if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC))
|
2009-12-13 22:05:39 +01:00
|
|
|
return;
|
|
|
|
if (sta->flags & WLAN_STA_PENDING_POLL) {
|
|
|
|
wpa_printf(MSG_DEBUG, "STA " MACSTR " %s pending "
|
|
|
|
"activity poll", MAC2STR(sta->addr),
|
|
|
|
ack ? "ACKed" : "did not ACK");
|
|
|
|
if (ack)
|
|
|
|
sta->flags &= ~WLAN_STA_PENDING_POLL;
|
|
|
|
}
|
|
|
|
|
|
|
|
ieee802_1x_tx_status(hapd, sta, buf, len, ack);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-11-19 12:00:30 +01:00
|
|
|
void hostapd_eapol_tx_status(struct hostapd_data *hapd, const u8 *dst,
|
|
|
|
const u8 *data, size_t len, int ack)
|
|
|
|
{
|
|
|
|
struct sta_info *sta;
|
|
|
|
struct hostapd_iface *iface = hapd->iface;
|
|
|
|
|
|
|
|
sta = ap_get_sta(hapd, dst);
|
|
|
|
if (sta == NULL && iface->num_bss > 1) {
|
|
|
|
size_t j;
|
|
|
|
for (j = 0; j < iface->num_bss; j++) {
|
|
|
|
hapd = iface->bss[j];
|
|
|
|
sta = ap_get_sta(hapd, dst);
|
|
|
|
if (sta)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
2012-02-04 11:18:56 +01:00
|
|
|
if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) {
|
|
|
|
wpa_printf(MSG_DEBUG, "Ignore TX status for Data frame to STA "
|
|
|
|
MACSTR " that is not currently associated",
|
|
|
|
MAC2STR(dst));
|
2011-11-19 12:00:30 +01:00
|
|
|
return;
|
2012-02-04 11:18:56 +01:00
|
|
|
}
|
2011-11-19 12:00:30 +01:00
|
|
|
|
|
|
|
ieee802_1x_eapol_tx_status(hapd, sta, data, len, ack);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-10-20 20:03:08 +02:00
|
|
|
void hostapd_client_poll_ok(struct hostapd_data *hapd, const u8 *addr)
|
|
|
|
{
|
|
|
|
struct sta_info *sta;
|
|
|
|
struct hostapd_iface *iface = hapd->iface;
|
|
|
|
|
|
|
|
sta = ap_get_sta(hapd, addr);
|
|
|
|
if (sta == NULL && iface->num_bss > 1) {
|
|
|
|
size_t j;
|
|
|
|
for (j = 0; j < iface->num_bss; j++) {
|
|
|
|
hapd = iface->bss[j];
|
|
|
|
sta = ap_get_sta(hapd, addr);
|
|
|
|
if (sta)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (sta == NULL)
|
|
|
|
return;
|
2016-04-08 18:37:08 +02:00
|
|
|
wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POLL_OK MACSTR,
|
|
|
|
MAC2STR(sta->addr));
|
2011-10-20 20:03:08 +02:00
|
|
|
if (!(sta->flags & WLAN_STA_PENDING_POLL))
|
|
|
|
return;
|
|
|
|
|
|
|
|
wpa_printf(MSG_DEBUG, "STA " MACSTR " ACKed pending "
|
|
|
|
"activity poll", MAC2STR(sta->addr));
|
|
|
|
sta->flags &= ~WLAN_STA_PENDING_POLL;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2009-12-24 10:46:22 +01:00
|
|
|
void ieee802_11_rx_from_unknown(struct hostapd_data *hapd, const u8 *src,
|
|
|
|
int wds)
|
2009-12-13 22:05:39 +01:00
|
|
|
{
|
|
|
|
struct sta_info *sta;
|
|
|
|
|
|
|
|
sta = ap_get_sta(hapd, src);
|
2016-12-20 00:30:09 +01:00
|
|
|
if (sta &&
|
|
|
|
((sta->flags & WLAN_STA_ASSOC) ||
|
|
|
|
((sta->flags & WLAN_STA_ASSOC_REQ_OK) && wds))) {
|
2012-09-23 12:25:49 +02:00
|
|
|
if (!hapd->conf->wds_sta)
|
|
|
|
return;
|
|
|
|
|
2016-12-20 00:30:09 +01:00
|
|
|
if ((sta->flags & (WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK)) ==
|
|
|
|
WLAN_STA_ASSOC_REQ_OK) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"Postpone 4-address WDS mode enabling for STA "
|
|
|
|
MACSTR " since TX status for AssocResp is not yet known",
|
|
|
|
MAC2STR(sta->addr));
|
|
|
|
sta->pending_wds_enable = 1;
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2009-12-24 10:46:22 +01:00
|
|
|
if (wds && !(sta->flags & WLAN_STA_WDS)) {
|
2013-07-20 16:41:22 +02:00
|
|
|
int ret;
|
|
|
|
char ifname_wds[IFNAMSIZ + 1];
|
|
|
|
|
2009-12-24 10:46:22 +01:00
|
|
|
wpa_printf(MSG_DEBUG, "Enable 4-address WDS mode for "
|
|
|
|
"STA " MACSTR " (aid %u)",
|
|
|
|
MAC2STR(sta->addr), sta->aid);
|
|
|
|
sta->flags |= WLAN_STA_WDS;
|
2013-07-20 16:41:22 +02:00
|
|
|
ret = hostapd_set_wds_sta(hapd, ifname_wds,
|
|
|
|
sta->addr, sta->aid, 1);
|
|
|
|
if (!ret)
|
|
|
|
hostapd_set_wds_encryption(hapd, sta,
|
|
|
|
ifname_wds);
|
2009-12-24 10:46:22 +01:00
|
|
|
}
|
2009-12-13 22:05:39 +01:00
|
|
|
return;
|
2009-12-24 10:46:22 +01:00
|
|
|
}
|
2009-12-13 22:05:39 +01:00
|
|
|
|
|
|
|
wpa_printf(MSG_DEBUG, "Data/PS-poll frame from not associated STA "
|
|
|
|
MACSTR, MAC2STR(src));
|
2019-09-11 15:01:57 +02:00
|
|
|
if (is_multicast_ether_addr(src) || is_zero_ether_addr(src) ||
|
Use ether_addr_equal() to compare whether two MAC addresses are equal
This was done with spatch using the following semantic patch and minor
manual edits to clean up coding style and avoid compiler warnings in
driver_wext.c:
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) == 0
+ ether_addr_equal(a, b)
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) != 0
+ !ether_addr_equal(a, b)
@@
expression a,b;
@@
- !os_memcmp(a, b, ETH_ALEN)
+ ether_addr_equal(a, b)
Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-13 22:15:36 +01:00
|
|
|
ether_addr_equal(src, hapd->own_addr)) {
|
2019-09-11 15:01:57 +02:00
|
|
|
/* Broadcast bit set in SA or unexpected SA?! Ignore the frame
|
|
|
|
* silently. */
|
2010-12-05 02:40:36 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2011-04-15 18:26:28 +02:00
|
|
|
if (sta && (sta->flags & WLAN_STA_ASSOC_REQ_OK)) {
|
|
|
|
wpa_printf(MSG_DEBUG, "Association Response to the STA has "
|
|
|
|
"already been sent, but no TX status yet known - "
|
|
|
|
"ignore Class 3 frame issue with " MACSTR,
|
|
|
|
MAC2STR(src));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2009-12-13 22:05:39 +01:00
|
|
|
if (sta && (sta->flags & WLAN_STA_AUTH))
|
2010-11-24 14:36:02 +01:00
|
|
|
hostapd_drv_sta_disassoc(
|
2009-12-13 22:05:39 +01:00
|
|
|
hapd, src,
|
|
|
|
WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
|
|
|
|
else
|
2010-11-24 14:36:02 +01:00
|
|
|
hostapd_drv_sta_deauth(
|
2009-12-13 22:05:39 +01:00
|
|
|
hapd, src,
|
|
|
|
WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2022-04-08 01:56:54 +02:00
|
|
|
static u8 * hostapd_add_tpe_info(u8 *eid, u8 tx_pwr_count,
|
|
|
|
enum max_tx_pwr_interpretation tx_pwr_intrpn,
|
|
|
|
u8 tx_pwr_cat, u8 tx_pwr)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
*eid++ = WLAN_EID_TRANSMIT_POWER_ENVELOPE; /* Element ID */
|
|
|
|
*eid++ = 2 + tx_pwr_count; /* Length */
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Transmit Power Information field
|
|
|
|
* bits 0-2 : Maximum Transmit Power Count
|
|
|
|
* bits 3-5 : Maximum Transmit Power Interpretation
|
|
|
|
* bits 6-7 : Maximum Transmit Power Category
|
|
|
|
*/
|
|
|
|
*eid++ = tx_pwr_count | (tx_pwr_intrpn << 3) | (tx_pwr_cat << 6);
|
|
|
|
|
|
|
|
/* Maximum Transmit Power field */
|
|
|
|
for (i = 0; i <= tx_pwr_count; i++)
|
|
|
|
*eid++ = tx_pwr;
|
|
|
|
|
|
|
|
return eid;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
* TODO: Extract power limits from channel data after 6G regulatory
|
|
|
|
* support.
|
|
|
|
*/
|
|
|
|
#define REG_PSD_MAX_TXPOWER_FOR_DEFAULT_CLIENT (-1) /* dBm/MHz */
|
|
|
|
#define REG_PSD_MAX_TXPOWER_FOR_SUBORDINATE_CLIENT 5 /* dBm/MHz */
|
|
|
|
|
2021-02-10 12:07:17 +01:00
|
|
|
u8 * hostapd_eid_txpower_envelope(struct hostapd_data *hapd, u8 *eid)
|
|
|
|
{
|
|
|
|
struct hostapd_iface *iface = hapd->iface;
|
|
|
|
struct hostapd_config *iconf = iface->conf;
|
|
|
|
struct hostapd_hw_modes *mode = iface->current_mode;
|
|
|
|
struct hostapd_channel_data *chan;
|
|
|
|
int dfs, i;
|
|
|
|
u8 channel, tx_pwr_count, local_pwr_constraint;
|
|
|
|
int max_tx_power;
|
|
|
|
u8 tx_pwr;
|
|
|
|
|
|
|
|
if (!mode)
|
|
|
|
return eid;
|
|
|
|
|
|
|
|
if (ieee80211_freq_to_chan(iface->freq, &channel) == NUM_HOSTAPD_MODES)
|
|
|
|
return eid;
|
|
|
|
|
|
|
|
for (i = 0; i < mode->num_channels; i++) {
|
|
|
|
if (mode->channels[i].freq == iface->freq)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (i == mode->num_channels)
|
|
|
|
return eid;
|
|
|
|
|
2022-04-08 01:56:54 +02:00
|
|
|
#ifdef CONFIG_IEEE80211AX
|
|
|
|
/* IEEE Std 802.11ax-2021, Annex E.2.7 (6 GHz band in the United
|
|
|
|
* States): An AP that is an Indoor Access Point per regulatory rules
|
|
|
|
* shall send at least two Transmit Power Envelope elements in Beacon
|
|
|
|
* and Probe Response frames as follows:
|
|
|
|
* - Maximum Transmit Power Category subfield = Default;
|
|
|
|
* Unit interpretation = Regulatory client EIRP PSD
|
|
|
|
* - Maximum Transmit Power Category subfield = Subordinate Device;
|
|
|
|
* Unit interpretation = Regulatory client EIRP PSD
|
|
|
|
*/
|
|
|
|
if (is_6ghz_op_class(iconf->op_class)) {
|
|
|
|
enum max_tx_pwr_interpretation tx_pwr_intrpn;
|
|
|
|
|
|
|
|
/* Same Maximum Transmit Power for all 20 MHz bands */
|
|
|
|
tx_pwr_count = 0;
|
|
|
|
tx_pwr_intrpn = REGULATORY_CLIENT_EIRP_PSD;
|
|
|
|
|
|
|
|
/* Default Transmit Power Envelope for Global Operating Class */
|
2023-12-22 10:04:18 +01:00
|
|
|
if (hapd->iconf->reg_def_cli_eirp_psd != -1)
|
|
|
|
tx_pwr = hapd->iconf->reg_def_cli_eirp_psd;
|
|
|
|
else
|
|
|
|
tx_pwr = REG_PSD_MAX_TXPOWER_FOR_DEFAULT_CLIENT * 2;
|
|
|
|
|
2022-04-08 01:56:54 +02:00
|
|
|
eid = hostapd_add_tpe_info(eid, tx_pwr_count, tx_pwr_intrpn,
|
|
|
|
REG_DEFAULT_CLIENT, tx_pwr);
|
|
|
|
|
|
|
|
/* Indoor Access Point must include an additional TPE for
|
|
|
|
* subordinate devices */
|
2024-01-04 10:04:20 +01:00
|
|
|
if (he_reg_is_indoor(iconf->he_6ghz_reg_pwr_type)) {
|
2022-04-08 01:56:54 +02:00
|
|
|
/* TODO: Extract PSD limits from channel data */
|
2023-12-22 10:04:18 +01:00
|
|
|
if (hapd->iconf->reg_sub_cli_eirp_psd != -1)
|
|
|
|
tx_pwr = hapd->iconf->reg_sub_cli_eirp_psd;
|
|
|
|
else
|
|
|
|
tx_pwr = REG_PSD_MAX_TXPOWER_FOR_SUBORDINATE_CLIENT * 2;
|
2022-04-08 01:56:54 +02:00
|
|
|
eid = hostapd_add_tpe_info(eid, tx_pwr_count,
|
|
|
|
tx_pwr_intrpn,
|
|
|
|
REG_SUBORDINATE_CLIENT,
|
|
|
|
tx_pwr);
|
|
|
|
}
|
|
|
|
|
2023-12-22 10:04:22 +01:00
|
|
|
if (iconf->reg_def_cli_eirp != -1 &&
|
2023-12-22 19:57:53 +01:00
|
|
|
he_reg_is_sp(iconf->he_6ghz_reg_pwr_type))
|
2023-12-22 10:04:22 +01:00
|
|
|
eid = hostapd_add_tpe_info(
|
|
|
|
eid, tx_pwr_count, REGULATORY_CLIENT_EIRP,
|
|
|
|
REG_DEFAULT_CLIENT,
|
|
|
|
hapd->iconf->reg_def_cli_eirp);
|
|
|
|
|
2022-04-08 01:56:54 +02:00
|
|
|
return eid;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_IEEE80211AX */
|
|
|
|
|
2021-02-10 12:07:18 +01:00
|
|
|
switch (hostapd_get_oper_chwidth(iconf)) {
|
2022-05-13 18:17:40 +02:00
|
|
|
case CONF_OPER_CHWIDTH_USE_HT:
|
2021-02-10 12:07:17 +01:00
|
|
|
if (iconf->secondary_channel == 0) {
|
|
|
|
/* Max Transmit Power count = 0 (20 MHz) */
|
|
|
|
tx_pwr_count = 0;
|
|
|
|
} else {
|
|
|
|
/* Max Transmit Power count = 1 (20, 40 MHz) */
|
|
|
|
tx_pwr_count = 1;
|
|
|
|
}
|
|
|
|
break;
|
2022-05-13 18:17:40 +02:00
|
|
|
case CONF_OPER_CHWIDTH_80MHZ:
|
2021-02-10 12:07:17 +01:00
|
|
|
/* Max Transmit Power count = 2 (20, 40, and 80 MHz) */
|
|
|
|
tx_pwr_count = 2;
|
|
|
|
break;
|
2022-05-13 18:17:40 +02:00
|
|
|
case CONF_OPER_CHWIDTH_80P80MHZ:
|
|
|
|
case CONF_OPER_CHWIDTH_160MHZ:
|
2021-02-10 12:07:17 +01:00
|
|
|
/* Max Transmit Power count = 3 (20, 40, 80, 160/80+80 MHz) */
|
|
|
|
tx_pwr_count = 3;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
return eid;
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Below local_pwr_constraint logic is referred from
|
|
|
|
* hostapd_eid_pwr_constraint.
|
|
|
|
*
|
|
|
|
* Check if DFS is required by regulatory.
|
|
|
|
*/
|
|
|
|
dfs = hostapd_is_dfs_required(hapd->iface);
|
|
|
|
if (dfs < 0)
|
|
|
|
dfs = 0;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* In order to meet regulations when TPC is not implemented using
|
|
|
|
* a transmit power that is below the legal maximum (including any
|
|
|
|
* mitigation factor) should help. In this case, indicate 3 dB below
|
|
|
|
* maximum allowed transmit power.
|
|
|
|
*/
|
|
|
|
if (hapd->iconf->local_pwr_constraint == -1)
|
|
|
|
local_pwr_constraint = (dfs == 0) ? 0 : 3;
|
|
|
|
else
|
|
|
|
local_pwr_constraint = hapd->iconf->local_pwr_constraint;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* A STA that is not an AP shall use a transmit power less than or
|
|
|
|
* equal to the local maximum transmit power level for the channel.
|
|
|
|
* The local maximum transmit power can be calculated from the formula:
|
|
|
|
* local max TX pwr = max TX pwr - local pwr constraint
|
|
|
|
* Where max TX pwr is maximum transmit power level specified for
|
|
|
|
* channel in Country element and local pwr constraint is specified
|
|
|
|
* for channel in this Power Constraint element.
|
|
|
|
*/
|
|
|
|
chan = &mode->channels[i];
|
|
|
|
max_tx_power = chan->max_tx_power - local_pwr_constraint;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Local Maximum Transmit power is encoded as two's complement
|
|
|
|
* with a 0.5 dB step.
|
|
|
|
*/
|
|
|
|
max_tx_power *= 2; /* in 0.5 dB steps */
|
|
|
|
if (max_tx_power > 127) {
|
|
|
|
/* 63.5 has special meaning of 63.5 dBm or higher */
|
|
|
|
max_tx_power = 127;
|
|
|
|
}
|
|
|
|
if (max_tx_power < -128)
|
|
|
|
max_tx_power = -128;
|
|
|
|
if (max_tx_power < 0)
|
|
|
|
tx_pwr = 0x80 + max_tx_power + 128;
|
|
|
|
else
|
|
|
|
tx_pwr = max_tx_power;
|
|
|
|
|
2022-04-08 01:56:54 +02:00
|
|
|
return hostapd_add_tpe_info(eid, tx_pwr_count, LOCAL_EIRP,
|
|
|
|
0 /* Reserved for bands other than 6 GHz */,
|
|
|
|
tx_pwr);
|
2021-02-10 12:07:17 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2020-05-18 15:57:15 +02:00
|
|
|
u8 * hostapd_eid_wb_chsw_wrapper(struct hostapd_data *hapd, u8 *eid)
|
|
|
|
{
|
2023-09-27 09:22:03 +02:00
|
|
|
u8 bw, chan1 = 0, chan2 = 0;
|
2020-05-18 15:57:15 +02:00
|
|
|
int freq1;
|
|
|
|
|
|
|
|
if (!hapd->cs_freq_params.channel ||
|
2020-05-18 15:57:16 +02:00
|
|
|
(!hapd->cs_freq_params.vht_enabled &&
|
2022-04-19 20:04:17 +02:00
|
|
|
!hapd->cs_freq_params.he_enabled &&
|
|
|
|
!hapd->cs_freq_params.eht_enabled))
|
2020-05-18 15:57:15 +02:00
|
|
|
return eid;
|
|
|
|
|
2023-09-27 09:22:03 +02:00
|
|
|
/* bandwidth: 0: 40, 1: 80, 160, 80+80, 4: 320 as per
|
|
|
|
* IEEE P802.11-REVme/D4.0, 9.4.2.159 and Table 9-314. */
|
2020-05-18 15:57:15 +02:00
|
|
|
switch (hapd->cs_freq_params.bandwidth) {
|
|
|
|
case 40:
|
|
|
|
bw = 0;
|
|
|
|
break;
|
|
|
|
case 80:
|
2023-09-27 09:22:03 +02:00
|
|
|
bw = 1;
|
2020-05-18 15:57:15 +02:00
|
|
|
break;
|
|
|
|
case 160:
|
2023-09-27 09:22:03 +02:00
|
|
|
bw = 1;
|
2020-05-18 15:57:15 +02:00
|
|
|
break;
|
2023-04-03 03:34:57 +02:00
|
|
|
case 320:
|
|
|
|
bw = 4;
|
|
|
|
break;
|
2020-05-18 15:57:15 +02:00
|
|
|
default:
|
|
|
|
/* not valid VHT bandwidth or not in CSA */
|
|
|
|
return eid;
|
|
|
|
}
|
|
|
|
|
|
|
|
freq1 = hapd->cs_freq_params.center_freq1 ?
|
|
|
|
hapd->cs_freq_params.center_freq1 :
|
|
|
|
hapd->cs_freq_params.freq;
|
|
|
|
if (ieee80211_freq_to_chan(freq1, &chan1) !=
|
|
|
|
HOSTAPD_MODE_IEEE80211A)
|
|
|
|
return eid;
|
|
|
|
|
|
|
|
if (hapd->cs_freq_params.center_freq2 &&
|
|
|
|
ieee80211_freq_to_chan(hapd->cs_freq_params.center_freq2,
|
|
|
|
&chan2) != HOSTAPD_MODE_IEEE80211A)
|
|
|
|
return eid;
|
|
|
|
|
2023-04-26 20:15:25 +02:00
|
|
|
*eid++ = WLAN_EID_CHANNEL_SWITCH_WRAPPER;
|
2020-05-18 15:57:15 +02:00
|
|
|
*eid++ = 5; /* Length of Channel Switch Wrapper */
|
2023-04-26 20:15:25 +02:00
|
|
|
*eid++ = WLAN_EID_WIDE_BW_CHSWITCH;
|
2020-05-18 15:57:15 +02:00
|
|
|
*eid++ = 3; /* Length of Wide Bandwidth Channel Switch element */
|
|
|
|
*eid++ = bw; /* New Channel Width */
|
2023-09-27 09:22:03 +02:00
|
|
|
if (hapd->cs_freq_params.bandwidth == 160) {
|
|
|
|
/* Update the CCFS0 and CCFS1 values in the element based on
|
|
|
|
* IEEE P802.11-REVme/D4.0, Table 9-314 */
|
|
|
|
|
|
|
|
/* CCFS1 - The channel center frequency index of the 160 MHz
|
|
|
|
* channel. */
|
|
|
|
chan2 = chan1;
|
|
|
|
|
|
|
|
/* CCFS0 - The channel center frequency index of the 80 MHz
|
|
|
|
* channel segment that contains the primary channel. */
|
|
|
|
if (hapd->cs_freq_params.channel < chan1)
|
|
|
|
chan1 -= 8;
|
|
|
|
else
|
|
|
|
chan1 += 8;
|
|
|
|
}
|
2020-05-18 15:57:15 +02:00
|
|
|
*eid++ = chan1; /* New Channel Center Frequency Segment 0 */
|
|
|
|
*eid++ = chan2; /* New Channel Center Frequency Segment 1 */
|
|
|
|
|
|
|
|
return eid;
|
|
|
|
}
|
|
|
|
|
2021-07-28 01:42:20 +02:00
|
|
|
|
|
|
|
static size_t hostapd_eid_nr_db_len(struct hostapd_data *hapd,
|
|
|
|
size_t *current_len)
|
|
|
|
{
|
|
|
|
struct hostapd_neighbor_entry *nr;
|
|
|
|
size_t total_len = 0, len = *current_len;
|
|
|
|
|
|
|
|
dl_list_for_each(nr, &hapd->nr_db, struct hostapd_neighbor_entry,
|
|
|
|
list) {
|
|
|
|
if (!nr->nr || wpabuf_len(nr->nr) < 12)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
if (nr->short_ssid == hapd->conf->ssid.short_ssid)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
/* Start a new element */
|
|
|
|
if (!len ||
|
|
|
|
len + RNR_TBTT_HEADER_LEN + RNR_TBTT_INFO_LEN > 255) {
|
|
|
|
len = RNR_HEADER_LEN;
|
|
|
|
total_len += RNR_HEADER_LEN;
|
|
|
|
}
|
|
|
|
|
|
|
|
len += RNR_TBTT_HEADER_LEN + RNR_TBTT_INFO_LEN;
|
|
|
|
total_len += RNR_TBTT_HEADER_LEN + RNR_TBTT_INFO_LEN;
|
|
|
|
}
|
|
|
|
|
|
|
|
*current_len = len;
|
|
|
|
return total_len;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2023-04-04 19:58:59 +02:00
|
|
|
struct mbssid_ie_profiles {
|
|
|
|
u8 start;
|
|
|
|
u8 end;
|
|
|
|
};
|
|
|
|
|
|
|
|
static size_t
|
|
|
|
hostapd_eid_rnr_iface_len(struct hostapd_data *hapd,
|
|
|
|
struct hostapd_data *reporting_hapd,
|
|
|
|
size_t *current_len,
|
|
|
|
struct mbssid_ie_profiles *skip_profiles)
|
2021-07-28 01:42:21 +02:00
|
|
|
{
|
|
|
|
size_t total_len = 0, len = *current_len;
|
|
|
|
int tbtt_count = 0;
|
|
|
|
size_t i, start = 0;
|
2023-05-22 21:33:37 +02:00
|
|
|
bool ap_mld = false;
|
|
|
|
|
|
|
|
#ifdef CONFIG_IEEE80211BE
|
|
|
|
ap_mld = !!hapd->conf->mld_ap;
|
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
2021-07-28 01:42:21 +02:00
|
|
|
|
|
|
|
while (start < hapd->iface->num_bss) {
|
|
|
|
if (!len ||
|
2023-11-02 12:53:11 +01:00
|
|
|
len + RNR_TBTT_HEADER_LEN + RNR_TBTT_INFO_LEN > 255 ||
|
|
|
|
tbtt_count >= RNR_TBTT_INFO_COUNT_MAX) {
|
2021-07-28 01:42:21 +02:00
|
|
|
len = RNR_HEADER_LEN;
|
|
|
|
total_len += RNR_HEADER_LEN;
|
2023-11-02 12:53:11 +01:00
|
|
|
tbtt_count = 0;
|
2021-07-28 01:42:21 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
len += RNR_TBTT_HEADER_LEN;
|
|
|
|
total_len += RNR_TBTT_HEADER_LEN;
|
|
|
|
|
|
|
|
for (i = start; i < hapd->iface->num_bss; i++) {
|
|
|
|
struct hostapd_data *bss = hapd->iface->bss[i];
|
|
|
|
|
|
|
|
if (!bss || !bss->conf || !bss->started)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
if (bss == reporting_hapd ||
|
|
|
|
bss->conf->ignore_broadcast_ssid)
|
|
|
|
continue;
|
|
|
|
|
2023-04-04 19:58:59 +02:00
|
|
|
if (skip_profiles &&
|
|
|
|
i >= skip_profiles->start && i < skip_profiles->end)
|
|
|
|
continue;
|
|
|
|
|
2021-07-28 01:42:21 +02:00
|
|
|
if (len + RNR_TBTT_INFO_LEN > 255 ||
|
|
|
|
tbtt_count >= RNR_TBTT_INFO_COUNT_MAX)
|
|
|
|
break;
|
|
|
|
|
2023-05-22 21:33:37 +02:00
|
|
|
if (!ap_mld) {
|
|
|
|
len += RNR_TBTT_INFO_LEN;
|
|
|
|
total_len += RNR_TBTT_INFO_LEN;
|
|
|
|
} else {
|
|
|
|
len += RNR_TBTT_INFO_MLD_LEN;
|
|
|
|
total_len += RNR_TBTT_INFO_MLD_LEN;
|
|
|
|
}
|
2021-07-28 01:42:21 +02:00
|
|
|
tbtt_count++;
|
|
|
|
}
|
|
|
|
start = i;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!tbtt_count)
|
|
|
|
total_len = 0;
|
|
|
|
else
|
|
|
|
*current_len = len;
|
|
|
|
|
|
|
|
return total_len;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2021-07-28 01:42:22 +02:00
|
|
|
enum colocation_mode {
|
|
|
|
NO_COLOCATED_6GHZ,
|
|
|
|
STANDALONE_6GHZ,
|
|
|
|
COLOCATED_6GHZ,
|
|
|
|
COLOCATED_LOWER_BAND,
|
|
|
|
};
|
|
|
|
|
|
|
|
static enum colocation_mode get_colocation_mode(struct hostapd_data *hapd)
|
|
|
|
{
|
|
|
|
u8 i;
|
|
|
|
bool is_6ghz = is_6ghz_op_class(hapd->iconf->op_class);
|
|
|
|
|
|
|
|
if (!hapd->iface || !hapd->iface->interfaces)
|
|
|
|
return NO_COLOCATED_6GHZ;
|
|
|
|
|
|
|
|
if (is_6ghz && hapd->iface->interfaces->count == 1)
|
|
|
|
return STANDALONE_6GHZ;
|
|
|
|
|
|
|
|
for (i = 0; i < hapd->iface->interfaces->count; i++) {
|
|
|
|
struct hostapd_iface *iface;
|
|
|
|
bool is_colocated_6ghz;
|
|
|
|
|
|
|
|
iface = hapd->iface->interfaces->iface[i];
|
|
|
|
if (iface == hapd->iface || !iface || !iface->conf)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
is_colocated_6ghz = is_6ghz_op_class(iface->conf->op_class);
|
|
|
|
if (!is_6ghz && is_colocated_6ghz)
|
|
|
|
return COLOCATED_LOWER_BAND;
|
|
|
|
if (is_6ghz && !is_colocated_6ghz)
|
|
|
|
return COLOCATED_6GHZ;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (is_6ghz)
|
|
|
|
return STANDALONE_6GHZ;
|
|
|
|
|
|
|
|
return NO_COLOCATED_6GHZ;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2023-05-22 21:33:37 +02:00
|
|
|
static size_t hostapd_eid_rnr_multi_iface_len(struct hostapd_data *hapd,
|
|
|
|
size_t *current_len)
|
2021-07-28 01:42:22 +02:00
|
|
|
{
|
|
|
|
struct hostapd_iface *iface;
|
|
|
|
size_t len = 0;
|
|
|
|
size_t i;
|
|
|
|
|
|
|
|
if (!hapd->iface || !hapd->iface->interfaces)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
for (i = 0; i < hapd->iface->interfaces->count; i++) {
|
|
|
|
iface = hapd->iface->interfaces->iface[i];
|
2023-05-22 21:33:37 +02:00
|
|
|
bool ap_mld = false;
|
|
|
|
|
|
|
|
#ifdef CONFIG_IEEE80211BE
|
|
|
|
if (hapd->conf->mld_ap && iface->bss[0]->conf->mld_ap &&
|
|
|
|
hapd->conf->mld_id == iface->bss[0]->conf->mld_id)
|
|
|
|
ap_mld = true;
|
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
2021-07-28 01:42:22 +02:00
|
|
|
|
|
|
|
if (iface == hapd->iface ||
|
2023-05-22 21:33:37 +02:00
|
|
|
!(is_6ghz_op_class(iface->conf->op_class) || ap_mld))
|
2021-07-28 01:42:22 +02:00
|
|
|
continue;
|
|
|
|
|
|
|
|
len += hostapd_eid_rnr_iface_len(iface->bss[0], hapd,
|
2023-04-04 19:58:59 +02:00
|
|
|
current_len, NULL);
|
2021-07-28 01:42:22 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
return len;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2021-07-28 01:42:20 +02:00
|
|
|
size_t hostapd_eid_rnr_len(struct hostapd_data *hapd, u32 type)
|
|
|
|
{
|
|
|
|
size_t total_len = 0, current_len = 0;
|
2021-07-28 01:42:22 +02:00
|
|
|
enum colocation_mode mode = get_colocation_mode(hapd);
|
2023-05-22 21:33:37 +02:00
|
|
|
bool ap_mld = false;
|
|
|
|
|
|
|
|
#ifdef CONFIG_IEEE80211BE
|
|
|
|
ap_mld = !!hapd->conf->mld_ap;
|
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
2021-07-28 01:42:20 +02:00
|
|
|
|
|
|
|
switch (type) {
|
|
|
|
case WLAN_FC_STYPE_BEACON:
|
|
|
|
if (hapd->conf->rnr)
|
|
|
|
total_len += hostapd_eid_nr_db_len(hapd, ¤t_len);
|
2021-07-28 01:42:21 +02:00
|
|
|
/* fallthrough */
|
|
|
|
|
|
|
|
case WLAN_FC_STYPE_PROBE_RESP:
|
2023-05-22 21:33:37 +02:00
|
|
|
if (mode == COLOCATED_LOWER_BAND || ap_mld)
|
|
|
|
total_len +=
|
|
|
|
hostapd_eid_rnr_multi_iface_len(hapd,
|
|
|
|
¤t_len);
|
2021-07-28 01:42:22 +02:00
|
|
|
|
2023-04-04 19:58:58 +02:00
|
|
|
if (hapd->conf->rnr && hapd->iface->num_bss > 1 &&
|
|
|
|
!hapd->iconf->mbssid)
|
2021-07-28 01:42:21 +02:00
|
|
|
total_len += hostapd_eid_rnr_iface_len(hapd, hapd,
|
2023-04-04 19:58:59 +02:00
|
|
|
¤t_len,
|
|
|
|
NULL);
|
2021-07-28 01:42:20 +02:00
|
|
|
break;
|
|
|
|
|
2021-07-28 01:42:22 +02:00
|
|
|
case WLAN_FC_STYPE_ACTION:
|
|
|
|
if (hapd->iface->num_bss > 1 && mode == STANDALONE_6GHZ)
|
|
|
|
total_len += hostapd_eid_rnr_iface_len(hapd, hapd,
|
2023-04-04 19:58:59 +02:00
|
|
|
¤t_len,
|
|
|
|
NULL);
|
2021-07-28 01:42:22 +02:00
|
|
|
break;
|
|
|
|
|
2021-07-28 01:42:20 +02:00
|
|
|
default:
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
return total_len;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static u8 * hostapd_eid_nr_db(struct hostapd_data *hapd, u8 *eid,
|
|
|
|
size_t *current_len)
|
|
|
|
{
|
|
|
|
struct hostapd_neighbor_entry *nr;
|
|
|
|
size_t len = *current_len;
|
|
|
|
u8 *size_offset = (eid - len) + 1;
|
|
|
|
|
|
|
|
dl_list_for_each(nr, &hapd->nr_db, struct hostapd_neighbor_entry,
|
|
|
|
list) {
|
|
|
|
if (!nr->nr || wpabuf_len(nr->nr) < 12)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
if (nr->short_ssid == hapd->conf->ssid.short_ssid)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
/* Start a new element */
|
|
|
|
if (!len ||
|
|
|
|
len + RNR_TBTT_HEADER_LEN + RNR_TBTT_INFO_LEN > 255) {
|
|
|
|
*eid++ = WLAN_EID_REDUCED_NEIGHBOR_REPORT;
|
|
|
|
size_offset = eid++;
|
|
|
|
len = RNR_HEADER_LEN;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* TBTT Information Header subfield (2 octets) */
|
|
|
|
*eid++ = 0;
|
|
|
|
/* TBTT Information Length */
|
|
|
|
*eid++ = RNR_TBTT_INFO_LEN;
|
|
|
|
/* Operating Class */
|
|
|
|
*eid++ = wpabuf_head_u8(nr->nr)[10];
|
|
|
|
/* Channel Number */
|
|
|
|
*eid++ = wpabuf_head_u8(nr->nr)[11];
|
|
|
|
len += RNR_TBTT_HEADER_LEN;
|
|
|
|
/* TBTT Information Set */
|
|
|
|
/* TBTT Information field */
|
|
|
|
/* Neighbor AP TBTT Offset */
|
|
|
|
*eid++ = RNR_NEIGHBOR_AP_OFFSET_UNKNOWN;
|
|
|
|
/* BSSID */
|
|
|
|
os_memcpy(eid, nr->bssid, ETH_ALEN);
|
|
|
|
eid += ETH_ALEN;
|
|
|
|
/* Short SSID */
|
|
|
|
os_memcpy(eid, &nr->short_ssid, 4);
|
|
|
|
eid += 4;
|
|
|
|
/* BSS parameters */
|
|
|
|
*eid++ = nr->bss_parameters;
|
|
|
|
/* 20 MHz PSD */
|
2023-12-22 10:04:20 +01:00
|
|
|
*eid++ = RNR_20_MHZ_PSD_MAX_TXPOWER;
|
2021-07-28 01:42:20 +02:00
|
|
|
len += RNR_TBTT_INFO_LEN;
|
|
|
|
*size_offset = (eid - size_offset) - 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
*current_len = len;
|
|
|
|
return eid;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2023-12-22 15:17:20 +01:00
|
|
|
static bool hostapd_eid_rnr_bss(struct hostapd_data *hapd,
|
|
|
|
struct hostapd_data *reporting_hapd,
|
|
|
|
struct mbssid_ie_profiles *skip_profiles,
|
|
|
|
size_t i, u8 *tbtt_count, size_t *len,
|
|
|
|
u8 **pos)
|
|
|
|
{
|
|
|
|
struct hostapd_iface *iface = hapd->iface;
|
|
|
|
struct hostapd_data *bss = iface->bss[i];
|
|
|
|
u8 bss_param = 0;
|
|
|
|
bool ap_mld = false;
|
|
|
|
u8 *eid = *pos;
|
|
|
|
|
|
|
|
#ifdef CONFIG_IEEE80211BE
|
|
|
|
ap_mld = !!hapd->conf->mld_ap;
|
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
|
|
|
|
|
|
|
if (!bss || !bss->conf || !bss->started ||
|
|
|
|
bss == reporting_hapd || bss->conf->ignore_broadcast_ssid)
|
|
|
|
return false;
|
|
|
|
|
|
|
|
if (skip_profiles
|
|
|
|
&& i >= skip_profiles->start && i < skip_profiles->end)
|
|
|
|
return false;
|
|
|
|
|
|
|
|
if (*len + RNR_TBTT_INFO_LEN > 255 ||
|
|
|
|
*tbtt_count >= RNR_TBTT_INFO_COUNT_MAX)
|
|
|
|
return true;
|
|
|
|
|
|
|
|
*eid++ = RNR_NEIGHBOR_AP_OFFSET_UNKNOWN;
|
|
|
|
os_memcpy(eid, bss->own_addr, ETH_ALEN);
|
|
|
|
eid += ETH_ALEN;
|
|
|
|
os_memcpy(eid, &bss->conf->ssid.short_ssid, 4);
|
|
|
|
eid += 4;
|
|
|
|
if (bss->conf->ssid.short_ssid == reporting_hapd->conf->ssid.short_ssid)
|
|
|
|
bss_param |= RNR_BSS_PARAM_SAME_SSID;
|
|
|
|
|
|
|
|
if (iface->conf->mbssid != MBSSID_DISABLED && iface->num_bss > 1) {
|
|
|
|
bss_param |= RNR_BSS_PARAM_MULTIPLE_BSSID;
|
|
|
|
if (bss == hostapd_mbssid_get_tx_bss(hapd))
|
|
|
|
bss_param |= RNR_BSS_PARAM_TRANSMITTED_BSSID;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (is_6ghz_op_class(hapd->iconf->op_class) &&
|
|
|
|
bss->conf->unsol_bcast_probe_resp_interval)
|
|
|
|
bss_param |= RNR_BSS_PARAM_UNSOLIC_PROBE_RESP_ACTIVE;
|
|
|
|
|
|
|
|
bss_param |= RNR_BSS_PARAM_CO_LOCATED;
|
|
|
|
|
|
|
|
*eid++ = bss_param;
|
2023-12-22 10:04:20 +01:00
|
|
|
*eid++ = RNR_20_MHZ_PSD_MAX_TXPOWER;
|
2023-12-22 15:17:20 +01:00
|
|
|
|
|
|
|
if (!ap_mld) {
|
|
|
|
*len += RNR_TBTT_INFO_LEN;
|
|
|
|
} else {
|
|
|
|
#ifdef CONFIG_IEEE80211BE
|
2023-12-25 10:57:09 +01:00
|
|
|
u8 param_ch = hapd->eht_mld_bss_param_change;
|
|
|
|
|
2023-12-22 15:17:20 +01:00
|
|
|
if (reporting_hapd->conf->mld_ap &&
|
|
|
|
bss->conf->mld_id == reporting_hapd->conf->mld_id)
|
|
|
|
*eid++ = 0;
|
|
|
|
else
|
|
|
|
*eid++ = hapd->conf->mld_id;
|
|
|
|
|
2023-12-25 10:57:09 +01:00
|
|
|
*eid++ = hapd->mld_link_id | ((param_ch & 0xF) << 4);
|
|
|
|
*eid = (param_ch >> 4) & 0xF;
|
2023-12-22 15:17:20 +01:00
|
|
|
#ifdef CONFIG_TESTING_OPTIONS
|
|
|
|
if (hapd->conf->mld_indicate_disabled)
|
|
|
|
*eid |= RNR_TBTT_INFO_MLD_PARAM2_LINK_DISABLED;
|
|
|
|
#endif /* CONFIG_TESTING_OPTIONS */
|
|
|
|
eid++;
|
|
|
|
|
|
|
|
*len += RNR_TBTT_INFO_MLD_LEN;
|
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
|
|
|
}
|
|
|
|
|
|
|
|
(*tbtt_count)++;
|
|
|
|
*pos = eid;
|
|
|
|
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2021-07-28 01:42:21 +02:00
|
|
|
static u8 * hostapd_eid_rnr_iface(struct hostapd_data *hapd,
|
|
|
|
struct hostapd_data *reporting_hapd,
|
2023-04-04 19:58:59 +02:00
|
|
|
u8 *eid, size_t *current_len,
|
|
|
|
struct mbssid_ie_profiles *skip_profiles)
|
2021-07-28 01:42:21 +02:00
|
|
|
{
|
|
|
|
struct hostapd_iface *iface = hapd->iface;
|
|
|
|
size_t i, start = 0;
|
|
|
|
size_t len = *current_len;
|
|
|
|
u8 *tbtt_count_pos, *eid_start = eid, *size_offset = (eid - len) + 1;
|
2023-12-22 15:17:20 +01:00
|
|
|
u8 tbtt_count = 0, op_class, channel;
|
2023-05-22 21:33:37 +02:00
|
|
|
bool ap_mld = false;
|
|
|
|
|
|
|
|
#ifdef CONFIG_IEEE80211BE
|
|
|
|
ap_mld = !!hapd->conf->mld_ap;
|
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
2021-07-28 01:42:21 +02:00
|
|
|
|
|
|
|
if (!(iface->drv_flags & WPA_DRIVER_FLAGS_AP_CSA) || !iface->freq)
|
|
|
|
return eid;
|
|
|
|
|
|
|
|
if (ieee80211_freq_to_channel_ext(iface->freq,
|
|
|
|
hapd->iconf->secondary_channel,
|
|
|
|
hostapd_get_oper_chwidth(hapd->iconf),
|
|
|
|
&op_class, &channel) ==
|
|
|
|
NUM_HOSTAPD_MODES)
|
|
|
|
return eid;
|
|
|
|
|
|
|
|
while (start < iface->num_bss) {
|
|
|
|
if (!len ||
|
2023-11-02 12:53:11 +01:00
|
|
|
len + RNR_TBTT_HEADER_LEN + RNR_TBTT_INFO_LEN > 255 ||
|
|
|
|
tbtt_count >= RNR_TBTT_INFO_COUNT_MAX) {
|
2021-07-28 01:42:21 +02:00
|
|
|
eid_start = eid;
|
|
|
|
*eid++ = WLAN_EID_REDUCED_NEIGHBOR_REPORT;
|
|
|
|
size_offset = eid++;
|
|
|
|
len = RNR_HEADER_LEN;
|
|
|
|
tbtt_count = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
tbtt_count_pos = eid++;
|
2023-05-22 21:33:37 +02:00
|
|
|
*eid++ = ap_mld ? RNR_TBTT_INFO_MLD_LEN : RNR_TBTT_INFO_LEN;
|
2021-07-28 01:42:21 +02:00
|
|
|
*eid++ = op_class;
|
|
|
|
*eid++ = hapd->iconf->channel;
|
|
|
|
len += RNR_TBTT_HEADER_LEN;
|
|
|
|
|
|
|
|
for (i = start; i < iface->num_bss; i++) {
|
2023-12-22 15:17:20 +01:00
|
|
|
if (hostapd_eid_rnr_bss(hapd, reporting_hapd,
|
|
|
|
skip_profiles, i,
|
|
|
|
&tbtt_count, &len, &eid))
|
2021-07-28 01:42:21 +02:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
start = i;
|
|
|
|
*tbtt_count_pos = RNR_TBTT_INFO_COUNT(tbtt_count - 1);
|
|
|
|
*size_offset = (eid - size_offset) - 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (tbtt_count == 0)
|
|
|
|
return eid_start;
|
|
|
|
|
|
|
|
*current_len = len;
|
|
|
|
return eid;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2023-05-22 21:33:37 +02:00
|
|
|
static u8 * hostapd_eid_rnr_multi_iface(struct hostapd_data *hapd, u8 *eid,
|
|
|
|
size_t *current_len)
|
2021-07-28 01:42:22 +02:00
|
|
|
{
|
|
|
|
struct hostapd_iface *iface;
|
|
|
|
size_t i;
|
|
|
|
|
|
|
|
if (!hapd->iface || !hapd->iface->interfaces)
|
|
|
|
return eid;
|
|
|
|
|
|
|
|
for (i = 0; i < hapd->iface->interfaces->count; i++) {
|
|
|
|
iface = hapd->iface->interfaces->iface[i];
|
2023-05-22 21:33:37 +02:00
|
|
|
bool ap_mld = false;
|
|
|
|
|
|
|
|
#ifdef CONFIG_IEEE80211BE
|
|
|
|
if (hapd->conf->mld_ap && iface->bss[0]->conf->mld_ap &&
|
|
|
|
hapd->conf->mld_id == iface->bss[0]->conf->mld_id)
|
|
|
|
ap_mld = true;
|
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
2021-07-28 01:42:22 +02:00
|
|
|
|
|
|
|
if (iface == hapd->iface ||
|
2023-05-22 21:33:37 +02:00
|
|
|
!(is_6ghz_op_class(iface->conf->op_class) || ap_mld))
|
2021-07-28 01:42:22 +02:00
|
|
|
continue;
|
|
|
|
|
|
|
|
eid = hostapd_eid_rnr_iface(iface->bss[0], hapd, eid,
|
2023-04-04 19:58:59 +02:00
|
|
|
current_len, NULL);
|
2021-07-28 01:42:22 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
return eid;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2021-07-28 01:42:20 +02:00
|
|
|
u8 * hostapd_eid_rnr(struct hostapd_data *hapd, u8 *eid, u32 type)
|
|
|
|
{
|
|
|
|
u8 *eid_start = eid;
|
|
|
|
size_t current_len = 0;
|
2021-07-28 01:42:22 +02:00
|
|
|
enum colocation_mode mode = get_colocation_mode(hapd);
|
2023-05-22 21:33:37 +02:00
|
|
|
bool ap_mld = false;
|
|
|
|
|
|
|
|
#ifdef CONFIG_IEEE80211BE
|
|
|
|
ap_mld = !!hapd->conf->mld_ap;
|
|
|
|
#endif /* CONFIG_IEEE80211BE */
|
2021-07-28 01:42:20 +02:00
|
|
|
|
|
|
|
switch (type) {
|
|
|
|
case WLAN_FC_STYPE_BEACON:
|
|
|
|
if (hapd->conf->rnr)
|
|
|
|
eid = hostapd_eid_nr_db(hapd, eid, ¤t_len);
|
2021-07-28 01:42:21 +02:00
|
|
|
/* fallthrough */
|
|
|
|
|
|
|
|
case WLAN_FC_STYPE_PROBE_RESP:
|
2023-05-22 21:33:37 +02:00
|
|
|
if (mode == COLOCATED_LOWER_BAND || ap_mld)
|
|
|
|
eid = hostapd_eid_rnr_multi_iface(hapd, eid,
|
|
|
|
¤t_len);
|
2021-07-28 01:42:22 +02:00
|
|
|
|
2023-04-04 19:58:58 +02:00
|
|
|
if (hapd->conf->rnr && hapd->iface->num_bss > 1 &&
|
|
|
|
!hapd->iconf->mbssid)
|
2021-07-28 01:42:21 +02:00
|
|
|
eid = hostapd_eid_rnr_iface(hapd, hapd, eid,
|
2023-04-04 19:58:59 +02:00
|
|
|
¤t_len, NULL);
|
2021-07-28 01:42:20 +02:00
|
|
|
break;
|
|
|
|
|
2021-07-28 01:42:22 +02:00
|
|
|
case WLAN_FC_STYPE_ACTION:
|
|
|
|
if (hapd->iface->num_bss > 1 && mode == STANDALONE_6GHZ)
|
2023-12-12 17:56:31 +01:00
|
|
|
eid = hostapd_eid_rnr_iface(hapd, hapd, eid,
|
2023-04-04 19:58:59 +02:00
|
|
|
¤t_len, NULL);
|
2021-07-28 01:42:22 +02:00
|
|
|
break;
|
|
|
|
|
2021-07-28 01:42:20 +02:00
|
|
|
default:
|
|
|
|
return eid_start;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (eid == eid_start + 2)
|
|
|
|
return eid_start;
|
|
|
|
|
|
|
|
return eid;
|
|
|
|
}
|
|
|
|
|
2022-12-01 04:18:36 +01:00
|
|
|
|
2022-12-01 04:18:41 +01:00
|
|
|
static bool mbssid_known_bss(unsigned int i, const u8 *known_bss,
|
|
|
|
size_t known_bss_len)
|
|
|
|
{
|
|
|
|
if (!known_bss || known_bss_len <= i / 8)
|
|
|
|
return false;
|
|
|
|
known_bss = &known_bss[i / 8];
|
|
|
|
return *known_bss & (u8) (BIT(i % 8));
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2022-12-01 04:18:36 +01:00
|
|
|
static size_t hostapd_eid_mbssid_elem_len(struct hostapd_data *hapd,
|
2022-12-01 04:18:41 +01:00
|
|
|
u32 frame_type, size_t *bss_index,
|
|
|
|
const u8 *known_bss,
|
|
|
|
size_t known_bss_len)
|
2022-12-01 04:18:36 +01:00
|
|
|
{
|
2022-12-01 04:18:37 +01:00
|
|
|
struct hostapd_data *tx_bss = hostapd_mbssid_get_tx_bss(hapd);
|
2023-11-14 05:57:59 +01:00
|
|
|
size_t len, i;
|
|
|
|
|
|
|
|
/* Element ID: 1 octet
|
|
|
|
* Length: 1 octet
|
|
|
|
* MaxBSSID Indicator: 1 octet
|
|
|
|
* Optional Subelements: vatiable
|
|
|
|
*
|
|
|
|
* Total fixed length: 3 octets
|
|
|
|
*
|
|
|
|
* 1 octet in len for the MaxBSSID Indicator field.
|
|
|
|
*/
|
|
|
|
len = 1;
|
2022-12-01 04:18:36 +01:00
|
|
|
|
|
|
|
for (i = *bss_index; i < hapd->iface->num_bss; i++) {
|
|
|
|
struct hostapd_data *bss = hapd->iface->bss[i];
|
2022-12-01 04:18:37 +01:00
|
|
|
const u8 *auth, *rsn = NULL, *rsnx = NULL;
|
2022-12-01 04:18:36 +01:00
|
|
|
size_t nontx_profile_len, auth_len;
|
2022-12-01 04:18:37 +01:00
|
|
|
u8 ie_count = 0;
|
2022-12-01 04:18:36 +01:00
|
|
|
|
2022-12-01 04:18:41 +01:00
|
|
|
if (!bss || !bss->conf || !bss->started ||
|
|
|
|
mbssid_known_bss(i, known_bss, known_bss_len))
|
2022-12-01 04:18:36 +01:00
|
|
|
continue;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Sublement ID: 1 octet
|
|
|
|
* Length: 1 octet
|
|
|
|
* Nontransmitted capabilities: 4 octets
|
|
|
|
* SSID element: 2 + variable
|
|
|
|
* Multiple BSSID Index Element: 3 octets (+2 octets in beacons)
|
|
|
|
* Fixed length = 1 + 1 + 4 + 2 + 3 = 11
|
|
|
|
*/
|
|
|
|
nontx_profile_len = 11 + bss->conf->ssid.ssid_len;
|
|
|
|
|
|
|
|
if (frame_type == WLAN_FC_STYPE_BEACON)
|
|
|
|
nontx_profile_len += 2;
|
|
|
|
|
|
|
|
auth = wpa_auth_get_wpa_ie(bss->wpa_auth, &auth_len);
|
|
|
|
if (auth) {
|
|
|
|
rsn = get_ie(auth, auth_len, WLAN_EID_RSN);
|
|
|
|
if (rsn)
|
|
|
|
nontx_profile_len += 2 + rsn[1];
|
|
|
|
|
|
|
|
rsnx = get_ie(auth, auth_len, WLAN_EID_RSNX);
|
|
|
|
if (rsnx)
|
|
|
|
nontx_profile_len += 2 + rsnx[1];
|
|
|
|
}
|
2022-12-01 04:18:37 +01:00
|
|
|
if (!rsn && hostapd_wpa_ie(tx_bss, WLAN_EID_RSN))
|
|
|
|
ie_count++;
|
|
|
|
if (!rsnx && hostapd_wpa_ie(tx_bss, WLAN_EID_RSNX))
|
|
|
|
ie_count++;
|
|
|
|
if (bss->conf->xrates_supported)
|
|
|
|
nontx_profile_len += 8;
|
|
|
|
else if (hapd->conf->xrates_supported)
|
|
|
|
ie_count++;
|
|
|
|
if (ie_count)
|
|
|
|
nontx_profile_len += 4 + ie_count;
|
2022-12-01 04:18:36 +01:00
|
|
|
|
|
|
|
if (len + nontx_profile_len > 255)
|
|
|
|
break;
|
|
|
|
|
|
|
|
len += nontx_profile_len;
|
|
|
|
}
|
|
|
|
|
|
|
|
*bss_index = i;
|
2023-11-14 05:57:59 +01:00
|
|
|
|
|
|
|
/* Add 2 octets to get the full size of the element */
|
|
|
|
return len + 2;
|
2022-12-01 04:18:36 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
size_t hostapd_eid_mbssid_len(struct hostapd_data *hapd, u32 frame_type,
|
2022-12-01 04:18:41 +01:00
|
|
|
u8 *elem_count, const u8 *known_bss,
|
2023-04-04 19:58:59 +02:00
|
|
|
size_t known_bss_len, size_t *rnr_len)
|
2022-12-01 04:18:36 +01:00
|
|
|
{
|
|
|
|
size_t len = 0, bss_index = 1;
|
|
|
|
|
|
|
|
if (!hapd->iconf->mbssid || hapd->iface->num_bss <= 1 ||
|
|
|
|
(frame_type != WLAN_FC_STYPE_BEACON &&
|
|
|
|
frame_type != WLAN_FC_STYPE_PROBE_RESP))
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
if (frame_type == WLAN_FC_STYPE_BEACON) {
|
|
|
|
if (!elem_count) {
|
|
|
|
wpa_printf(MSG_INFO,
|
|
|
|
"MBSSID: Insufficient data for Beacon frames");
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
*elem_count = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
while (bss_index < hapd->iface->num_bss) {
|
2023-04-04 19:58:59 +02:00
|
|
|
size_t rnr_count = bss_index;
|
|
|
|
|
2022-12-01 04:18:36 +01:00
|
|
|
len += hostapd_eid_mbssid_elem_len(hapd, frame_type,
|
2022-12-01 04:18:41 +01:00
|
|
|
&bss_index, known_bss,
|
|
|
|
known_bss_len);
|
2022-12-01 04:18:36 +01:00
|
|
|
|
|
|
|
if (frame_type == WLAN_FC_STYPE_BEACON)
|
|
|
|
*elem_count += 1;
|
2023-04-04 19:58:59 +02:00
|
|
|
if (hapd->iconf->mbssid == ENHANCED_MBSSID_ENABLED && rnr_len) {
|
|
|
|
size_t rnr_cur_len = 0;
|
|
|
|
struct mbssid_ie_profiles skip_profiles = {
|
|
|
|
rnr_count, bss_index
|
|
|
|
};
|
|
|
|
|
|
|
|
*rnr_len += hostapd_eid_rnr_iface_len(
|
|
|
|
hapd, hostapd_mbssid_get_tx_bss(hapd),
|
|
|
|
&rnr_cur_len, &skip_profiles);
|
|
|
|
}
|
2022-12-01 04:18:36 +01:00
|
|
|
}
|
2023-04-04 19:58:59 +02:00
|
|
|
|
|
|
|
if (hapd->iconf->mbssid == ENHANCED_MBSSID_ENABLED && rnr_len)
|
|
|
|
*rnr_len += hostapd_eid_rnr_len(hapd, frame_type);
|
|
|
|
|
2022-12-01 04:18:36 +01:00
|
|
|
return len;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static u8 * hostapd_eid_mbssid_elem(struct hostapd_data *hapd, u8 *eid, u8 *end,
|
|
|
|
u32 frame_type, u8 max_bssid_indicator,
|
2022-12-01 04:18:41 +01:00
|
|
|
size_t *bss_index, u8 elem_count,
|
|
|
|
const u8 *known_bss, size_t known_bss_len)
|
2022-12-01 04:18:36 +01:00
|
|
|
{
|
2022-12-01 04:18:37 +01:00
|
|
|
struct hostapd_data *tx_bss = hostapd_mbssid_get_tx_bss(hapd);
|
2022-12-01 04:18:36 +01:00
|
|
|
size_t i;
|
|
|
|
u8 *eid_len_offset, *max_bssid_indicator_offset;
|
|
|
|
|
|
|
|
*eid++ = WLAN_EID_MULTIPLE_BSSID;
|
|
|
|
eid_len_offset = eid++;
|
|
|
|
max_bssid_indicator_offset = eid++;
|
|
|
|
|
|
|
|
for (i = *bss_index; i < hapd->iface->num_bss; i++) {
|
|
|
|
struct hostapd_data *bss = hapd->iface->bss[i];
|
|
|
|
struct hostapd_bss_config *conf;
|
|
|
|
u8 *eid_len_pos, *nontx_bss_start = eid;
|
2022-12-01 04:18:37 +01:00
|
|
|
const u8 *auth, *rsn = NULL, *rsnx = NULL;
|
|
|
|
u8 ie_count = 0, non_inherit_ie[3];
|
2022-12-01 04:18:36 +01:00
|
|
|
size_t auth_len = 0;
|
|
|
|
u16 capab_info;
|
|
|
|
|
2022-12-01 04:18:41 +01:00
|
|
|
if (!bss || !bss->conf || !bss->started ||
|
|
|
|
mbssid_known_bss(i, known_bss, known_bss_len))
|
2022-12-01 04:18:36 +01:00
|
|
|
continue;
|
|
|
|
conf = bss->conf;
|
|
|
|
|
|
|
|
*eid++ = WLAN_MBSSID_SUBELEMENT_NONTRANSMITTED_BSSID_PROFILE;
|
|
|
|
eid_len_pos = eid++;
|
|
|
|
|
|
|
|
capab_info = hostapd_own_capab_info(bss);
|
|
|
|
*eid++ = WLAN_EID_NONTRANSMITTED_BSSID_CAPA;
|
|
|
|
*eid++ = sizeof(capab_info);
|
|
|
|
WPA_PUT_LE16(eid, capab_info);
|
|
|
|
eid += sizeof(capab_info);
|
|
|
|
|
|
|
|
*eid++ = WLAN_EID_SSID;
|
|
|
|
*eid++ = conf->ssid.ssid_len;
|
|
|
|
os_memcpy(eid, conf->ssid.ssid, conf->ssid.ssid_len);
|
|
|
|
eid += conf->ssid.ssid_len;
|
|
|
|
|
|
|
|
*eid++ = WLAN_EID_MULTIPLE_BSSID_INDEX;
|
|
|
|
if (frame_type == WLAN_FC_STYPE_BEACON) {
|
|
|
|
*eid++ = 3;
|
|
|
|
*eid++ = i; /* BSSID Index */
|
|
|
|
if (hapd->iconf->mbssid == ENHANCED_MBSSID_ENABLED &&
|
|
|
|
(conf->dtim_period % elem_count))
|
|
|
|
conf->dtim_period = elem_count;
|
|
|
|
*eid++ = conf->dtim_period;
|
2023-11-07 09:44:28 +01:00
|
|
|
/* The driver is expected to update the DTIM Count
|
|
|
|
* field for each BSS that corresponds to a
|
|
|
|
* nontransmitted BSSID. The value is initialized to
|
|
|
|
* 0 here so that the DTIM count would be somewhat
|
|
|
|
* functional even if the driver were not to update
|
|
|
|
* this. */
|
|
|
|
*eid++ = 0; /* DTIM Count */
|
2022-12-01 04:18:36 +01:00
|
|
|
} else {
|
|
|
|
/* Probe Request frame does not include DTIM Period and
|
|
|
|
* DTIM Count fields. */
|
|
|
|
*eid++ = 1;
|
|
|
|
*eid++ = i; /* BSSID Index */
|
|
|
|
}
|
|
|
|
|
|
|
|
auth = wpa_auth_get_wpa_ie(bss->wpa_auth, &auth_len);
|
|
|
|
if (auth) {
|
|
|
|
rsn = get_ie(auth, auth_len, WLAN_EID_RSN);
|
|
|
|
if (rsn) {
|
|
|
|
os_memcpy(eid, rsn, 2 + rsn[1]);
|
|
|
|
eid += 2 + rsn[1];
|
|
|
|
}
|
|
|
|
|
|
|
|
rsnx = get_ie(auth, auth_len, WLAN_EID_RSNX);
|
|
|
|
if (rsnx) {
|
|
|
|
os_memcpy(eid, rsnx, 2 + rsnx[1]);
|
|
|
|
eid += 2 + rsnx[1];
|
|
|
|
}
|
|
|
|
}
|
2023-12-21 12:19:36 +01:00
|
|
|
/* List of Element ID values in increasing order */
|
2022-12-01 04:18:37 +01:00
|
|
|
if (!rsn && hostapd_wpa_ie(tx_bss, WLAN_EID_RSN))
|
|
|
|
non_inherit_ie[ie_count++] = WLAN_EID_RSN;
|
|
|
|
if (hapd->conf->xrates_supported &&
|
|
|
|
!bss->conf->xrates_supported)
|
|
|
|
non_inherit_ie[ie_count++] = WLAN_EID_EXT_SUPP_RATES;
|
2023-12-21 12:19:36 +01:00
|
|
|
if (!rsnx && hostapd_wpa_ie(tx_bss, WLAN_EID_RSNX))
|
|
|
|
non_inherit_ie[ie_count++] = WLAN_EID_RSNX;
|
2022-12-01 04:18:37 +01:00
|
|
|
if (ie_count) {
|
|
|
|
*eid++ = WLAN_EID_EXTENSION;
|
2023-10-31 14:51:30 +01:00
|
|
|
*eid++ = 2 + ie_count + 1;
|
2022-12-01 04:18:37 +01:00
|
|
|
*eid++ = WLAN_EID_EXT_NON_INHERITANCE;
|
|
|
|
*eid++ = ie_count;
|
|
|
|
os_memcpy(eid, non_inherit_ie, ie_count);
|
|
|
|
eid += ie_count;
|
2023-10-31 14:51:30 +01:00
|
|
|
*eid++ = 0; /* No Element ID Extension List */
|
2022-12-01 04:18:37 +01:00
|
|
|
}
|
2022-12-01 04:18:36 +01:00
|
|
|
|
|
|
|
*eid_len_pos = (eid - eid_len_pos) - 1;
|
|
|
|
|
|
|
|
if (((eid - eid_len_offset) - 1) > 255) {
|
|
|
|
eid = nontx_bss_start;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
*bss_index = i;
|
|
|
|
*max_bssid_indicator_offset = max_bssid_indicator;
|
|
|
|
if (*max_bssid_indicator_offset < 1)
|
|
|
|
*max_bssid_indicator_offset = 1;
|
|
|
|
*eid_len_offset = (eid - eid_len_offset) - 1;
|
|
|
|
return eid;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
u8 * hostapd_eid_mbssid(struct hostapd_data *hapd, u8 *eid, u8 *end,
|
|
|
|
unsigned int frame_stype, u8 elem_count,
|
2022-12-01 04:18:41 +01:00
|
|
|
u8 **elem_offset,
|
2023-04-04 19:58:59 +02:00
|
|
|
const u8 *known_bss, size_t known_bss_len, u8 *rnr_eid,
|
|
|
|
u8 *rnr_count, u8 **rnr_offset, size_t rnr_len)
|
2022-12-01 04:18:36 +01:00
|
|
|
{
|
2023-04-04 19:58:59 +02:00
|
|
|
size_t bss_index = 1, cur_len = 0;
|
|
|
|
u8 elem_index = 0, *rnr_start_eid = rnr_eid;
|
|
|
|
bool add_rnr;
|
2022-12-01 04:18:36 +01:00
|
|
|
|
|
|
|
if (!hapd->iconf->mbssid || hapd->iface->num_bss <= 1 ||
|
|
|
|
(frame_stype != WLAN_FC_STYPE_BEACON &&
|
|
|
|
frame_stype != WLAN_FC_STYPE_PROBE_RESP))
|
|
|
|
return eid;
|
|
|
|
|
|
|
|
if (frame_stype == WLAN_FC_STYPE_BEACON && !elem_offset) {
|
|
|
|
wpa_printf(MSG_INFO,
|
|
|
|
"MBSSID: Insufficient data for Beacon frames");
|
|
|
|
return eid;
|
|
|
|
}
|
|
|
|
|
2023-04-04 19:58:59 +02:00
|
|
|
add_rnr = hapd->iconf->mbssid == ENHANCED_MBSSID_ENABLED &&
|
|
|
|
frame_stype == WLAN_FC_STYPE_BEACON &&
|
|
|
|
rnr_eid && rnr_count && rnr_offset && rnr_len;
|
|
|
|
|
2022-12-01 04:18:36 +01:00
|
|
|
while (bss_index < hapd->iface->num_bss) {
|
2023-04-04 19:58:59 +02:00
|
|
|
unsigned int rnr_start_count = bss_index;
|
|
|
|
|
2022-12-01 04:18:36 +01:00
|
|
|
if (frame_stype == WLAN_FC_STYPE_BEACON) {
|
|
|
|
if (elem_index == elem_count) {
|
|
|
|
wpa_printf(MSG_WARNING,
|
|
|
|
"MBSSID: Larger number of elements than there is room in the provided array");
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
elem_offset[elem_index] = eid;
|
|
|
|
elem_index = elem_index + 1;
|
|
|
|
}
|
|
|
|
eid = hostapd_eid_mbssid_elem(hapd, eid, end, frame_stype,
|
|
|
|
hostapd_max_bssid_indicator(hapd),
|
2022-12-01 04:18:41 +01:00
|
|
|
&bss_index, elem_count,
|
|
|
|
known_bss, known_bss_len);
|
2023-04-04 19:58:59 +02:00
|
|
|
|
|
|
|
if (add_rnr) {
|
|
|
|
struct mbssid_ie_profiles skip_profiles = {
|
|
|
|
rnr_start_count, bss_index
|
|
|
|
};
|
|
|
|
|
|
|
|
rnr_offset[*rnr_count] = rnr_eid;
|
|
|
|
*rnr_count = *rnr_count + 1;
|
|
|
|
cur_len = 0;
|
|
|
|
rnr_eid = hostapd_eid_rnr_iface(
|
|
|
|
hapd, hostapd_mbssid_get_tx_bss(hapd),
|
|
|
|
rnr_eid, &cur_len, &skip_profiles);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (add_rnr && (size_t) (rnr_eid - rnr_start_eid) < rnr_len) {
|
|
|
|
rnr_offset[*rnr_count] = rnr_eid;
|
|
|
|
*rnr_count = *rnr_count + 1;
|
|
|
|
cur_len = 0;
|
|
|
|
|
|
|
|
if (hapd->conf->rnr)
|
|
|
|
rnr_eid = hostapd_eid_nr_db(hapd, rnr_eid, &cur_len);
|
|
|
|
if (get_colocation_mode(hapd) == COLOCATED_LOWER_BAND)
|
2023-05-22 21:33:37 +02:00
|
|
|
rnr_eid = hostapd_eid_rnr_multi_iface(hapd, rnr_eid,
|
|
|
|
&cur_len);
|
2022-12-01 04:18:36 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
return eid;
|
|
|
|
}
|
|
|
|
|
2023-03-14 05:59:17 +01:00
|
|
|
|
|
|
|
static void punct_update_legacy_bw_80(u8 bitmap, u8 pri_chan, u8 *seg0)
|
|
|
|
{
|
|
|
|
u8 first_chan = *seg0 - 6, sec_chan;
|
|
|
|
|
|
|
|
switch (bitmap) {
|
|
|
|
case 0x6:
|
|
|
|
*seg0 = 0;
|
|
|
|
return;
|
|
|
|
case 0x8:
|
|
|
|
case 0x4:
|
|
|
|
case 0x2:
|
|
|
|
case 0x1:
|
|
|
|
case 0xC:
|
|
|
|
case 0x3:
|
|
|
|
if (pri_chan < *seg0)
|
|
|
|
*seg0 -= 4;
|
|
|
|
else
|
|
|
|
*seg0 += 4;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (pri_chan < *seg0)
|
|
|
|
sec_chan = pri_chan + 4;
|
|
|
|
else
|
|
|
|
sec_chan = pri_chan - 4;
|
|
|
|
|
|
|
|
if (bitmap & BIT((sec_chan - first_chan) / 4))
|
|
|
|
*seg0 = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void punct_update_legacy_bw_160(u8 bitmap, u8 pri,
|
|
|
|
enum oper_chan_width *width, u8 *seg0)
|
|
|
|
{
|
|
|
|
if (pri < *seg0) {
|
|
|
|
*seg0 -= 8;
|
|
|
|
if (bitmap & 0x0F) {
|
|
|
|
*width = 0;
|
|
|
|
punct_update_legacy_bw_80(bitmap & 0xF, pri, seg0);
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
*seg0 += 8;
|
|
|
|
if (bitmap & 0xF0) {
|
|
|
|
*width = 0;
|
|
|
|
punct_update_legacy_bw_80((bitmap & 0xF0) >> 4, pri,
|
|
|
|
seg0);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void punct_update_legacy_bw(u16 bitmap, u8 pri, enum oper_chan_width *width,
|
|
|
|
u8 *seg0, u8 *seg1)
|
|
|
|
{
|
|
|
|
if (*width == CONF_OPER_CHWIDTH_80MHZ && (bitmap & 0xF)) {
|
|
|
|
*width = CONF_OPER_CHWIDTH_USE_HT;
|
|
|
|
punct_update_legacy_bw_80(bitmap & 0xF, pri, seg0);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (*width == CONF_OPER_CHWIDTH_160MHZ && (bitmap & 0xFF)) {
|
|
|
|
*width = CONF_OPER_CHWIDTH_80MHZ;
|
|
|
|
*seg1 = 0;
|
|
|
|
punct_update_legacy_bw_160(bitmap & 0xFF, pri, width, seg0);
|
|
|
|
}
|
|
|
|
|
|
|
|
/* TODO: 320 MHz */
|
|
|
|
}
|
|
|
|
|
2008-02-28 02:34:43 +01:00
|
|
|
#endif /* CONFIG_NATIVE_WINDOWS */
|