2009-03-20 21:26:41 +01:00
|
|
|
/*
|
|
|
|
* wpa_supplicant - SME
|
2024-01-21 11:17:07 +01:00
|
|
|
* Copyright (c) 2009-2024, Jouni Malinen <j@w1.fi>
|
2009-03-20 21:26:41 +01:00
|
|
|
*
|
2012-02-11 15:46:35 +01:00
|
|
|
* This software may be distributed under the terms of the BSD license.
|
|
|
|
* See README for more details.
|
2009-03-20 21:26:41 +01:00
|
|
|
*/
|
|
|
|
|
|
|
|
#include "includes.h"
|
|
|
|
|
|
|
|
#include "common.h"
|
2010-12-19 10:58:00 +01:00
|
|
|
#include "utils/eloop.h"
|
2022-09-17 06:21:02 +02:00
|
|
|
#include "utils/ext_password.h"
|
2009-11-29 16:51:55 +01:00
|
|
|
#include "common/ieee802_11_defs.h"
|
2010-04-07 09:31:06 +02:00
|
|
|
#include "common/ieee802_11_common.h"
|
OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.
On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.
Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.
As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-08-06 21:46:34 +02:00
|
|
|
#include "common/ocv.h"
|
2009-03-20 21:26:41 +01:00
|
|
|
#include "eapol_supp/eapol_supp_sm.h"
|
2009-11-29 16:51:55 +01:00
|
|
|
#include "common/wpa_common.h"
|
2012-12-30 20:48:19 +01:00
|
|
|
#include "common/sae.h"
|
2019-03-17 22:51:53 +01:00
|
|
|
#include "common/dpp.h"
|
2009-11-29 17:28:08 +01:00
|
|
|
#include "rsn_supp/wpa.h"
|
|
|
|
#include "rsn_supp/pmksa_cache.h"
|
2009-03-20 21:26:41 +01:00
|
|
|
#include "config.h"
|
|
|
|
#include "wpa_supplicant_i.h"
|
2009-03-26 19:37:05 +01:00
|
|
|
#include "driver_i.h"
|
2009-03-20 21:26:41 +01:00
|
|
|
#include "wpas_glue.h"
|
|
|
|
#include "wps_supplicant.h"
|
2010-07-18 23:30:25 +02:00
|
|
|
#include "p2p_supplicant.h"
|
2009-09-13 19:53:32 +02:00
|
|
|
#include "notify.h"
|
2010-01-02 15:16:02 +01:00
|
|
|
#include "bss.h"
|
2023-11-21 00:51:28 +01:00
|
|
|
#include "bssid_ignore.h"
|
2010-01-03 17:48:11 +01:00
|
|
|
#include "scan.h"
|
2009-03-20 21:26:41 +01:00
|
|
|
#include "sme.h"
|
2011-10-03 17:10:23 +02:00
|
|
|
#include "hs20_supplicant.h"
|
2009-03-20 21:26:41 +01:00
|
|
|
|
2011-02-24 15:59:46 +01:00
|
|
|
#define SME_AUTH_TIMEOUT 5
|
|
|
|
#define SME_ASSOC_TIMEOUT 5
|
|
|
|
|
|
|
|
static void sme_auth_timer(void *eloop_ctx, void *timeout_ctx);
|
|
|
|
static void sme_assoc_timer(void *eloop_ctx, void *timeout_ctx);
|
2012-05-03 11:13:43 +02:00
|
|
|
static void sme_obss_scan_timeout(void *eloop_ctx, void *timeout_ctx);
|
2011-02-24 15:59:46 +01:00
|
|
|
static void sme_stop_sa_query(struct wpa_supplicant *wpa_s);
|
|
|
|
|
|
|
|
|
2012-09-30 18:51:07 +02:00
|
|
|
#ifdef CONFIG_SAE
|
|
|
|
|
2013-01-01 15:23:47 +01:00
|
|
|
static int index_within_array(const int *array, int idx)
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
for (i = 0; i < idx; i++) {
|
2013-11-02 17:07:49 +01:00
|
|
|
if (array[i] <= 0)
|
2013-01-01 15:23:47 +01:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2022-11-27 23:06:16 +01:00
|
|
|
static int sme_set_sae_group(struct wpa_supplicant *wpa_s, bool external)
|
2013-01-01 15:23:47 +01:00
|
|
|
{
|
|
|
|
int *groups = wpa_s->conf->sae_groups;
|
2019-03-05 16:23:58 +01:00
|
|
|
int default_groups[] = { 19, 20, 21, 0 };
|
2013-01-01 15:23:47 +01:00
|
|
|
|
2013-11-02 17:07:49 +01:00
|
|
|
if (!groups || groups[0] <= 0)
|
2013-01-01 15:23:47 +01:00
|
|
|
groups = default_groups;
|
|
|
|
|
|
|
|
/* Configuration may have changed, so validate current index */
|
|
|
|
if (!index_within_array(groups, wpa_s->sme.sae_group_index))
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
for (;;) {
|
|
|
|
int group = groups[wpa_s->sme.sae_group_index];
|
2015-06-20 22:29:57 +02:00
|
|
|
if (group <= 0)
|
2013-01-01 15:23:47 +01:00
|
|
|
break;
|
|
|
|
if (sae_set_group(&wpa_s->sme.sae, group) == 0) {
|
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "SME: Selected SAE group %d",
|
|
|
|
wpa_s->sme.sae.group);
|
2022-11-27 23:06:16 +01:00
|
|
|
wpa_s->sme.sae.akmp = external ?
|
|
|
|
wpa_s->sme.ext_auth_key_mgmt : wpa_s->key_mgmt;
|
2018-11-30 16:56:56 +01:00
|
|
|
return 0;
|
2013-01-01 15:23:47 +01:00
|
|
|
}
|
|
|
|
wpa_s->sme.sae_group_index++;
|
|
|
|
}
|
|
|
|
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2012-12-30 21:06:11 +01:00
|
|
|
static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
|
|
|
|
struct wpa_ssid *ssid,
|
2022-12-06 10:46:09 +01:00
|
|
|
const u8 *bssid,
|
|
|
|
const u8 *mld_addr,
|
|
|
|
int external,
|
2020-05-30 22:30:42 +02:00
|
|
|
int reuse, int *ret_use_pt,
|
|
|
|
bool *ret_use_pk)
|
2012-09-30 18:51:07 +02:00
|
|
|
{
|
|
|
|
struct wpabuf *buf;
|
2012-12-31 15:58:36 +01:00
|
|
|
size_t len;
|
2022-09-17 06:21:02 +02:00
|
|
|
char *password = NULL;
|
2019-09-06 14:40:39 +02:00
|
|
|
struct wpa_bss *bss;
|
|
|
|
int use_pt = 0;
|
2020-05-30 22:30:42 +02:00
|
|
|
bool use_pk = false;
|
|
|
|
u8 rsnxe_capa = 0;
|
2022-11-27 23:06:16 +01:00
|
|
|
int key_mgmt = external ? wpa_s->sme.ext_auth_key_mgmt :
|
|
|
|
wpa_s->key_mgmt;
|
2022-12-06 10:46:09 +01:00
|
|
|
const u8 *addr = mld_addr ? mld_addr : bssid;
|
2019-09-06 14:40:39 +02:00
|
|
|
|
|
|
|
if (ret_use_pt)
|
|
|
|
*ret_use_pt = 0;
|
2020-05-30 22:30:42 +02:00
|
|
|
if (ret_use_pk)
|
|
|
|
*ret_use_pk = false;
|
2012-09-30 18:51:07 +02:00
|
|
|
|
2017-09-02 01:12:44 +02:00
|
|
|
#ifdef CONFIG_TESTING_OPTIONS
|
|
|
|
if (wpa_s->sae_commit_override) {
|
|
|
|
wpa_printf(MSG_DEBUG, "SAE: TESTING - commit override");
|
|
|
|
buf = wpabuf_alloc(4 + wpabuf_len(wpa_s->sae_commit_override));
|
|
|
|
if (!buf)
|
2022-09-17 06:21:02 +02:00
|
|
|
goto fail;
|
2019-03-29 22:04:35 +01:00
|
|
|
if (!external) {
|
|
|
|
wpabuf_put_le16(buf, 1); /* Transaction seq# */
|
|
|
|
wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS);
|
|
|
|
}
|
2017-09-02 01:12:44 +02:00
|
|
|
wpabuf_put_buf(buf, wpa_s->sae_commit_override);
|
|
|
|
return buf;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_TESTING_OPTIONS */
|
|
|
|
|
2022-09-17 06:21:02 +02:00
|
|
|
if (ssid->sae_password) {
|
|
|
|
password = os_strdup(ssid->sae_password);
|
|
|
|
if (!password) {
|
|
|
|
wpa_dbg(wpa_s, MSG_INFO,
|
|
|
|
"SAE: Failed to allocate password");
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (!password && ssid->passphrase) {
|
|
|
|
password = os_strdup(ssid->passphrase);
|
|
|
|
if (!password) {
|
|
|
|
wpa_dbg(wpa_s, MSG_INFO,
|
|
|
|
"SAE: Failed to allocate password");
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (!password && ssid->ext_psk) {
|
|
|
|
struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
|
|
|
|
ssid->ext_psk);
|
|
|
|
|
|
|
|
if (!pw) {
|
|
|
|
wpa_msg(wpa_s, MSG_INFO,
|
|
|
|
"SAE: No password found from external storage");
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
password = os_malloc(wpabuf_len(pw) + 1);
|
|
|
|
if (!password) {
|
|
|
|
wpa_dbg(wpa_s, MSG_INFO,
|
|
|
|
"SAE: Failed to allocate password");
|
|
|
|
goto fail;
|
|
|
|
}
|
|
|
|
os_memcpy(password, wpabuf_head(pw), wpabuf_len(pw));
|
|
|
|
password[wpabuf_len(pw)] = '\0';
|
|
|
|
ext_password_free(pw);
|
|
|
|
}
|
2017-10-11 22:09:16 +02:00
|
|
|
if (!password) {
|
2012-12-30 21:06:11 +01:00
|
|
|
wpa_printf(MSG_DEBUG, "SAE: No password available");
|
2022-09-17 06:21:02 +02:00
|
|
|
goto fail;
|
2012-12-30 21:06:11 +01:00
|
|
|
}
|
|
|
|
|
2019-03-03 15:23:19 +01:00
|
|
|
if (reuse && wpa_s->sme.sae.tmp &&
|
Use ether_addr_equal() to compare whether two MAC addresses are equal
This was done with spatch using the following semantic patch and minor
manual edits to clean up coding style and avoid compiler warnings in
driver_wext.c:
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) == 0
+ ether_addr_equal(a, b)
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) != 0
+ !ether_addr_equal(a, b)
@@
expression a,b;
@@
- !os_memcmp(a, b, ETH_ALEN)
+ ether_addr_equal(a, b)
Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-13 22:15:36 +01:00
|
|
|
ether_addr_equal(addr, wpa_s->sme.sae.tmp->bssid)) {
|
2019-03-03 15:23:19 +01:00
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"SAE: Reuse previously generated PWE on a retry with the same AP");
|
2020-06-06 11:08:37 +02:00
|
|
|
use_pt = wpa_s->sme.sae.h2e;
|
|
|
|
use_pk = wpa_s->sme.sae.pk;
|
2019-03-03 15:23:19 +01:00
|
|
|
goto reuse_data;
|
|
|
|
}
|
2022-11-27 23:06:16 +01:00
|
|
|
if (sme_set_sae_group(wpa_s, external) < 0) {
|
2013-01-01 15:23:47 +01:00
|
|
|
wpa_printf(MSG_DEBUG, "SAE: Failed to select group");
|
2022-09-17 06:21:02 +02:00
|
|
|
goto fail;
|
2013-01-01 15:23:47 +01:00
|
|
|
}
|
2013-01-01 10:29:53 +01:00
|
|
|
|
2020-05-30 22:30:42 +02:00
|
|
|
bss = wpa_bss_get_bssid_latest(wpa_s, bssid);
|
2021-12-07 09:25:24 +01:00
|
|
|
if (!bss) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"SAE: BSS not available, update scan result to get BSS");
|
2024-03-20 10:20:43 +01:00
|
|
|
wpa_supplicant_update_scan_results(wpa_s, bssid);
|
2021-12-07 09:25:24 +01:00
|
|
|
bss = wpa_bss_get_bssid_latest(wpa_s, bssid);
|
|
|
|
}
|
2020-05-30 22:30:42 +02:00
|
|
|
if (bss) {
|
|
|
|
const u8 *rsnxe;
|
|
|
|
|
|
|
|
rsnxe = wpa_bss_get_ie(bss, WLAN_EID_RSNX);
|
|
|
|
if (rsnxe && rsnxe[1] >= 1)
|
|
|
|
rsnxe_capa = rsnxe[2];
|
|
|
|
}
|
|
|
|
|
2022-11-29 19:36:15 +01:00
|
|
|
if (ssid->sae_password_id &&
|
|
|
|
wpa_s->conf->sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK)
|
2020-01-20 20:15:04 +01:00
|
|
|
use_pt = 1;
|
2022-11-27 23:06:16 +01:00
|
|
|
if (wpa_key_mgmt_sae_ext_key(key_mgmt) &&
|
2022-11-29 19:36:15 +01:00
|
|
|
wpa_s->conf->sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK)
|
2022-07-24 21:20:58 +02:00
|
|
|
use_pt = 1;
|
2023-01-30 22:07:21 +01:00
|
|
|
if (bss && is_6ghz_freq(bss->freq) &&
|
|
|
|
wpa_s->conf->sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK)
|
|
|
|
use_pt = 1;
|
2020-05-30 22:30:42 +02:00
|
|
|
#ifdef CONFIG_SAE_PK
|
|
|
|
if ((rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_PK)) &&
|
2020-06-07 10:53:26 +02:00
|
|
|
ssid->sae_pk != SAE_PK_MODE_DISABLED &&
|
2020-08-06 23:47:15 +02:00
|
|
|
((ssid->sae_password &&
|
|
|
|
sae_pk_valid_password(ssid->sae_password)) ||
|
|
|
|
(!ssid->sae_password && ssid->passphrase &&
|
|
|
|
sae_pk_valid_password(ssid->passphrase)))) {
|
2020-05-30 22:30:42 +02:00
|
|
|
use_pt = 1;
|
|
|
|
use_pk = true;
|
|
|
|
}
|
2020-06-06 10:42:59 +02:00
|
|
|
|
2020-06-07 10:53:26 +02:00
|
|
|
if (ssid->sae_pk == SAE_PK_MODE_ONLY && !use_pk) {
|
2020-06-06 10:42:59 +02:00
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"SAE: Cannot use PK with the selected AP");
|
2022-09-17 06:21:02 +02:00
|
|
|
goto fail;
|
2020-06-06 10:42:59 +02:00
|
|
|
}
|
2020-05-30 22:30:42 +02:00
|
|
|
#endif /* CONFIG_SAE_PK */
|
2020-01-20 20:15:04 +01:00
|
|
|
|
2022-11-29 19:36:15 +01:00
|
|
|
if (use_pt || wpa_s->conf->sae_pwe == SAE_PWE_HASH_TO_ELEMENT ||
|
|
|
|
wpa_s->conf->sae_pwe == SAE_PWE_BOTH) {
|
2020-05-30 22:30:42 +02:00
|
|
|
use_pt = !!(rsnxe_capa & BIT(WLAN_RSNX_CAPAB_SAE_H2E));
|
2019-09-06 14:40:39 +02:00
|
|
|
|
2022-11-29 19:36:15 +01:00
|
|
|
if ((wpa_s->conf->sae_pwe == SAE_PWE_HASH_TO_ELEMENT ||
|
|
|
|
ssid->sae_password_id ||
|
2022-11-27 23:06:16 +01:00
|
|
|
wpa_key_mgmt_sae_ext_key(key_mgmt)) &&
|
2022-11-29 19:36:15 +01:00
|
|
|
wpa_s->conf->sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK &&
|
2020-01-20 20:15:04 +01:00
|
|
|
!use_pt) {
|
2019-09-06 14:40:39 +02:00
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"SAE: Cannot use H2E with the selected AP");
|
2022-09-17 06:21:02 +02:00
|
|
|
goto fail;
|
2019-09-06 14:40:39 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2023-01-30 22:09:53 +01:00
|
|
|
if (use_pt && !ssid->pt)
|
|
|
|
wpa_s_setup_sae_pt(wpa_s->conf, ssid, true);
|
2019-09-06 14:40:39 +02:00
|
|
|
if (use_pt &&
|
|
|
|
sae_prepare_commit_pt(&wpa_s->sme.sae, ssid->pt,
|
2022-12-06 10:46:09 +01:00
|
|
|
wpa_s->own_addr, addr,
|
2020-05-30 22:30:42 +02:00
|
|
|
wpa_s->sme.sae_rejected_groups, NULL) < 0)
|
2022-09-17 06:21:02 +02:00
|
|
|
goto fail;
|
2019-09-06 14:40:39 +02:00
|
|
|
if (!use_pt &&
|
2023-12-15 15:23:59 +01:00
|
|
|
sae_prepare_commit(wpa_s->own_addr, addr,
|
2017-10-11 22:09:16 +02:00
|
|
|
(u8 *) password, os_strlen(password),
|
2012-12-30 21:06:11 +01:00
|
|
|
&wpa_s->sme.sae) < 0) {
|
|
|
|
wpa_printf(MSG_DEBUG, "SAE: Could not pick PWE");
|
2022-09-17 06:21:02 +02:00
|
|
|
goto fail;
|
2012-12-30 21:06:11 +01:00
|
|
|
}
|
2020-05-30 22:30:42 +02:00
|
|
|
if (wpa_s->sme.sae.tmp) {
|
2022-12-06 10:46:09 +01:00
|
|
|
os_memcpy(wpa_s->sme.sae.tmp->bssid, addr, ETH_ALEN);
|
2020-05-30 22:30:42 +02:00
|
|
|
if (use_pt && use_pk)
|
2020-06-06 11:08:37 +02:00
|
|
|
wpa_s->sme.sae.pk = 1;
|
2020-05-30 22:30:42 +02:00
|
|
|
#ifdef CONFIG_SAE_PK
|
|
|
|
os_memcpy(wpa_s->sme.sae.tmp->own_addr, wpa_s->own_addr,
|
|
|
|
ETH_ALEN);
|
2022-12-06 10:46:09 +01:00
|
|
|
os_memcpy(wpa_s->sme.sae.tmp->peer_addr, addr, ETH_ALEN);
|
2020-05-30 22:30:42 +02:00
|
|
|
sae_pk_set_password(&wpa_s->sme.sae, password);
|
|
|
|
#endif /* CONFIG_SAE_PK */
|
|
|
|
}
|
2012-12-30 21:06:11 +01:00
|
|
|
|
2019-03-03 15:23:19 +01:00
|
|
|
reuse_data:
|
2020-01-20 19:27:06 +01:00
|
|
|
len = wpa_s->sme.sae_token ? 3 + wpabuf_len(wpa_s->sme.sae_token) : 0;
|
2018-05-19 16:28:01 +02:00
|
|
|
if (ssid->sae_password_id)
|
|
|
|
len += 4 + os_strlen(ssid->sae_password_id);
|
2012-12-31 15:58:36 +01:00
|
|
|
buf = wpabuf_alloc(4 + SAE_COMMIT_MAX_LEN + len);
|
2012-09-30 18:51:07 +02:00
|
|
|
if (buf == NULL)
|
2022-09-17 06:21:02 +02:00
|
|
|
goto fail;
|
2018-02-01 12:31:28 +01:00
|
|
|
if (!external) {
|
|
|
|
wpabuf_put_le16(buf, 1); /* Transaction seq# */
|
2020-05-30 22:30:42 +02:00
|
|
|
if (use_pk)
|
|
|
|
wpabuf_put_le16(buf, WLAN_STATUS_SAE_PK);
|
|
|
|
else if (use_pt)
|
|
|
|
wpabuf_put_le16(buf, WLAN_STATUS_SAE_HASH_TO_ELEMENT);
|
|
|
|
else
|
|
|
|
wpabuf_put_le16(buf,WLAN_STATUS_SUCCESS);
|
2018-02-01 12:31:28 +01:00
|
|
|
}
|
2020-03-08 15:59:42 +01:00
|
|
|
if (sae_write_commit(&wpa_s->sme.sae, buf, wpa_s->sme.sae_token,
|
|
|
|
ssid->sae_password_id) < 0) {
|
|
|
|
wpabuf_free(buf);
|
2022-09-17 06:21:02 +02:00
|
|
|
goto fail;
|
2020-03-08 15:59:42 +01:00
|
|
|
}
|
2019-09-06 14:40:39 +02:00
|
|
|
if (ret_use_pt)
|
|
|
|
*ret_use_pt = use_pt;
|
2020-05-30 22:30:42 +02:00
|
|
|
if (ret_use_pk)
|
|
|
|
*ret_use_pk = use_pk;
|
2012-09-30 18:51:07 +02:00
|
|
|
|
2022-09-17 06:21:02 +02:00
|
|
|
str_clear_free(password);
|
2012-09-30 18:51:07 +02:00
|
|
|
return buf;
|
2022-09-17 06:21:02 +02:00
|
|
|
|
|
|
|
fail:
|
|
|
|
str_clear_free(password);
|
|
|
|
return NULL;
|
2012-09-30 18:51:07 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2018-02-01 12:31:28 +01:00
|
|
|
static struct wpabuf * sme_auth_build_sae_confirm(struct wpa_supplicant *wpa_s,
|
|
|
|
int external)
|
2012-09-30 18:51:07 +02:00
|
|
|
{
|
|
|
|
struct wpabuf *buf;
|
|
|
|
|
2012-12-30 21:28:57 +01:00
|
|
|
buf = wpabuf_alloc(4 + SAE_CONFIRM_MAX_LEN);
|
2012-09-30 18:51:07 +02:00
|
|
|
if (buf == NULL)
|
|
|
|
return NULL;
|
|
|
|
|
2018-02-01 12:31:28 +01:00
|
|
|
if (!external) {
|
|
|
|
wpabuf_put_le16(buf, 2); /* Transaction seq# */
|
|
|
|
wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS);
|
|
|
|
}
|
2012-12-30 21:28:57 +01:00
|
|
|
sae_write_confirm(&wpa_s->sme.sae, buf);
|
2012-09-30 18:51:07 +02:00
|
|
|
|
|
|
|
return buf;
|
|
|
|
}
|
|
|
|
|
|
|
|
#endif /* CONFIG_SAE */
|
|
|
|
|
|
|
|
|
2014-11-05 09:42:48 +01:00
|
|
|
/**
|
|
|
|
* sme_auth_handle_rrm - Handle RRM aspects of current authentication attempt
|
|
|
|
* @wpa_s: Pointer to wpa_supplicant data
|
|
|
|
* @bss: Pointer to the bss which is the target of authentication attempt
|
|
|
|
*/
|
|
|
|
static void sme_auth_handle_rrm(struct wpa_supplicant *wpa_s,
|
|
|
|
struct wpa_bss *bss)
|
|
|
|
{
|
|
|
|
const u8 rrm_ie_len = 5;
|
|
|
|
u8 *pos;
|
|
|
|
const u8 *rrm_ie;
|
|
|
|
|
|
|
|
wpa_s->rrm.rrm_used = 0;
|
|
|
|
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"RRM: Determining whether RRM can be used - device support: 0x%x",
|
|
|
|
wpa_s->drv_rrm_flags);
|
|
|
|
|
|
|
|
rrm_ie = wpa_bss_get_ie(bss, WLAN_EID_RRM_ENABLED_CAPABILITIES);
|
|
|
|
if (!rrm_ie || !(bss->caps & IEEE80211_CAP_RRM)) {
|
|
|
|
wpa_printf(MSG_DEBUG, "RRM: No RRM in network");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2016-04-06 18:42:17 +02:00
|
|
|
if (!((wpa_s->drv_rrm_flags &
|
|
|
|
WPA_DRIVER_FLAGS_DS_PARAM_SET_IE_IN_PROBES) &&
|
|
|
|
(wpa_s->drv_rrm_flags & WPA_DRIVER_FLAGS_QUIET)) &&
|
|
|
|
!(wpa_s->drv_rrm_flags & WPA_DRIVER_FLAGS_SUPPORT_RRM)) {
|
2014-11-05 09:42:48 +01:00
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"RRM: Insufficient RRM support in driver - do not use RRM");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2014-11-25 00:07:16 +01:00
|
|
|
if (sizeof(wpa_s->sme.assoc_req_ie) <
|
|
|
|
wpa_s->sme.assoc_req_ie_len + rrm_ie_len + 2) {
|
2014-11-05 09:42:48 +01:00
|
|
|
wpa_printf(MSG_INFO,
|
|
|
|
"RRM: Unable to use RRM, no room for RRM IE");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
wpa_printf(MSG_DEBUG, "RRM: Adding RRM IE to Association Request");
|
|
|
|
pos = wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len;
|
|
|
|
os_memset(pos, 0, 2 + rrm_ie_len);
|
|
|
|
*pos++ = WLAN_EID_RRM_ENABLED_CAPABILITIES;
|
|
|
|
*pos++ = rrm_ie_len;
|
2014-11-05 09:42:56 +01:00
|
|
|
|
2020-10-18 19:28:23 +02:00
|
|
|
/* Set supported capabilities flags */
|
2014-11-05 09:42:56 +01:00
|
|
|
if (wpa_s->drv_rrm_flags & WPA_DRIVER_FLAGS_TX_POWER_INSERTION)
|
|
|
|
*pos |= WLAN_RRM_CAPS_LINK_MEASUREMENT;
|
|
|
|
|
2017-01-02 22:04:02 +01:00
|
|
|
*pos |= WLAN_RRM_CAPS_BEACON_REPORT_PASSIVE |
|
|
|
|
WLAN_RRM_CAPS_BEACON_REPORT_ACTIVE |
|
|
|
|
WLAN_RRM_CAPS_BEACON_REPORT_TABLE;
|
2016-12-28 14:06:47 +01:00
|
|
|
|
2016-04-06 18:42:13 +02:00
|
|
|
if (wpa_s->lci)
|
|
|
|
pos[1] |= WLAN_RRM_CAPS_LCI_MEASUREMENT;
|
|
|
|
|
2014-11-05 09:42:48 +01:00
|
|
|
wpa_s->sme.assoc_req_ie_len += rrm_ie_len + 2;
|
|
|
|
wpa_s->rrm.rrm_used = 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2023-06-12 21:59:50 +02:00
|
|
|
static void wpas_ml_handle_removed_links(struct wpa_supplicant *wpa_s,
|
|
|
|
struct wpa_bss *bss)
|
|
|
|
{
|
|
|
|
u16 removed_links = wpa_bss_parse_reconf_ml_element(wpa_s, bss);
|
|
|
|
|
|
|
|
wpa_s->valid_links &= ~removed_links;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2023-11-21 00:51:19 +01:00
|
|
|
#ifdef CONFIG_TESTING_OPTIONS
|
|
|
|
static struct wpa_bss * wpas_ml_connect_pref(struct wpa_supplicant *wpa_s,
|
|
|
|
struct wpa_bss *bss)
|
|
|
|
{
|
|
|
|
unsigned int low, high, i;
|
|
|
|
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"MLD: valid_links=%d, band_pref=%u, bssid_pref=" MACSTR,
|
|
|
|
wpa_s->valid_links,
|
|
|
|
wpa_s->conf->mld_connect_band_pref,
|
|
|
|
MAC2STR(wpa_s->conf->mld_connect_bssid_pref));
|
|
|
|
|
|
|
|
/* Check if there are more than one link */
|
|
|
|
if (!(wpa_s->valid_links & (wpa_s->valid_links - 1)))
|
|
|
|
return bss;
|
|
|
|
|
|
|
|
if (!is_zero_ether_addr(wpa_s->conf->mld_connect_bssid_pref)) {
|
2024-02-20 14:18:12 +01:00
|
|
|
for_each_link(wpa_s->valid_links, i) {
|
2023-11-21 00:51:19 +01:00
|
|
|
if (wpa_s->mlo_assoc_link_id == i)
|
|
|
|
continue;
|
|
|
|
|
Use ether_addr_equal() to compare whether two MAC addresses are equal
This was done with spatch using the following semantic patch and minor
manual edits to clean up coding style and avoid compiler warnings in
driver_wext.c:
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) == 0
+ ether_addr_equal(a, b)
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) != 0
+ !ether_addr_equal(a, b)
@@
expression a,b;
@@
- !os_memcmp(a, b, ETH_ALEN)
+ ether_addr_equal(a, b)
Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-13 22:15:36 +01:00
|
|
|
if (ether_addr_equal(
|
|
|
|
wpa_s->links[i].bssid,
|
|
|
|
wpa_s->conf->mld_connect_bssid_pref))
|
2023-11-21 00:51:19 +01:00
|
|
|
goto found;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (wpa_s->conf->mld_connect_band_pref == MLD_CONNECT_BAND_PREF_AUTO)
|
|
|
|
return bss;
|
|
|
|
|
|
|
|
switch (wpa_s->conf->mld_connect_band_pref) {
|
|
|
|
case MLD_CONNECT_BAND_PREF_2GHZ:
|
|
|
|
low = 2412;
|
|
|
|
high = 2472;
|
|
|
|
break;
|
|
|
|
case MLD_CONNECT_BAND_PREF_5GHZ:
|
|
|
|
low = 5180;
|
|
|
|
high = 5985;
|
|
|
|
break;
|
|
|
|
case MLD_CONNECT_BAND_PREF_6GHZ:
|
|
|
|
low = 5955;
|
|
|
|
high = 7125;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
return bss;
|
|
|
|
}
|
|
|
|
|
2024-02-20 14:18:12 +01:00
|
|
|
for_each_link(wpa_s->valid_links, i) {
|
2023-11-21 00:51:19 +01:00
|
|
|
if (wpa_s->mlo_assoc_link_id == i)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
if (wpa_s->links[i].freq >= low && wpa_s->links[i].freq <= high)
|
|
|
|
goto found;
|
|
|
|
}
|
|
|
|
|
|
|
|
found:
|
|
|
|
if (i == MAX_NUM_MLD_LINKS) {
|
|
|
|
wpa_printf(MSG_DEBUG, "MLD: No match for connect/band pref");
|
|
|
|
return bss;
|
|
|
|
}
|
|
|
|
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"MLD: Change BSS for connect: " MACSTR " -> " MACSTR,
|
|
|
|
MAC2STR(wpa_s->links[wpa_s->mlo_assoc_link_id].bssid),
|
|
|
|
MAC2STR(wpa_s->links[i].bssid));
|
|
|
|
|
|
|
|
/* Get the BSS entry and do the switch */
|
|
|
|
bss = wpa_bss_get_bssid(wpa_s, wpa_s->links[i].bssid);
|
|
|
|
wpa_s->mlo_assoc_link_id = i;
|
|
|
|
|
|
|
|
return bss;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_TESTING_OPTIONS */
|
|
|
|
|
|
|
|
|
2023-12-28 14:19:23 +01:00
|
|
|
static int wpas_sme_ml_auth(struct wpa_supplicant *wpa_s,
|
|
|
|
union wpa_event_data *data,
|
|
|
|
int ie_offset)
|
2022-12-06 10:46:06 +01:00
|
|
|
{
|
|
|
|
struct ieee802_11_elems elems;
|
|
|
|
const u8 *mld_addr;
|
2023-05-09 15:53:21 +02:00
|
|
|
u16 status_code = data->auth.status_code;
|
2022-12-06 10:46:06 +01:00
|
|
|
|
|
|
|
if (!wpa_s->valid_links)
|
2023-12-28 14:19:23 +01:00
|
|
|
return 0;
|
2022-12-06 10:46:06 +01:00
|
|
|
|
|
|
|
if (ieee802_11_parse_elems(data->auth.ies + ie_offset,
|
|
|
|
data->auth.ies_len - ie_offset,
|
2023-04-13 00:21:15 +02:00
|
|
|
&elems, 0) == ParseFailed) {
|
2022-12-06 10:46:06 +01:00
|
|
|
wpa_printf(MSG_DEBUG, "MLD: Failed parsing elements");
|
2024-04-08 15:06:59 +02:00
|
|
|
return -1;
|
2022-12-06 10:46:06 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
if (!elems.basic_mle || !elems.basic_mle_len) {
|
|
|
|
wpa_printf(MSG_DEBUG, "MLD: No ML element in authentication");
|
2023-05-09 15:53:21 +02:00
|
|
|
if (status_code == WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ ||
|
|
|
|
status_code == WLAN_STATUS_SUCCESS ||
|
|
|
|
status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT ||
|
|
|
|
status_code == WLAN_STATUS_SAE_PK)
|
2024-04-08 15:06:59 +02:00
|
|
|
return -1;
|
2023-05-09 15:53:21 +02:00
|
|
|
/* Accept missing Multi-Link element in failed authentication
|
|
|
|
* cases. */
|
2023-12-28 14:19:23 +01:00
|
|
|
return 0;
|
2022-12-06 10:46:06 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
mld_addr = get_basic_mle_mld_addr(elems.basic_mle, elems.basic_mle_len);
|
|
|
|
if (!mld_addr)
|
2024-04-08 15:06:59 +02:00
|
|
|
return -1;
|
2022-12-06 10:46:06 +01:00
|
|
|
|
|
|
|
wpa_printf(MSG_DEBUG, "MLD: mld_address=" MACSTR, MAC2STR(mld_addr));
|
|
|
|
|
Use ether_addr_equal() to compare whether two MAC addresses are equal
This was done with spatch using the following semantic patch and minor
manual edits to clean up coding style and avoid compiler warnings in
driver_wext.c:
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) == 0
+ ether_addr_equal(a, b)
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) != 0
+ !ether_addr_equal(a, b)
@@
expression a,b;
@@
- !os_memcmp(a, b, ETH_ALEN)
+ ether_addr_equal(a, b)
Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-13 22:15:36 +01:00
|
|
|
if (!ether_addr_equal(wpa_s->ap_mld_addr, mld_addr)) {
|
2022-12-06 10:46:06 +01:00
|
|
|
wpa_printf(MSG_DEBUG, "MLD: Unexpected MLD address (expected "
|
|
|
|
MACSTR ")", MAC2STR(wpa_s->ap_mld_addr));
|
2024-04-08 15:06:59 +02:00
|
|
|
return -1;
|
2022-12-06 10:46:06 +01:00
|
|
|
}
|
|
|
|
|
2023-12-28 14:19:23 +01:00
|
|
|
return 0;
|
2022-12-06 10:46:06 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2023-11-21 00:51:20 +01:00
|
|
|
static void wpas_sme_set_mlo_links(struct wpa_supplicant *wpa_s,
|
|
|
|
struct wpa_bss *bss)
|
|
|
|
{
|
2024-02-20 14:18:15 +01:00
|
|
|
u8 i;
|
2023-11-21 00:51:20 +01:00
|
|
|
|
|
|
|
wpa_s->valid_links = 0;
|
2024-02-20 14:18:15 +01:00
|
|
|
wpa_s->mlo_assoc_link_id = bss->mld_link_id;
|
2023-11-21 00:51:20 +01:00
|
|
|
|
2024-02-20 14:18:15 +01:00
|
|
|
for_each_link(bss->valid_links, i) {
|
2023-11-21 00:51:20 +01:00
|
|
|
const u8 *bssid = bss->mld_links[i].bssid;
|
|
|
|
|
2024-02-20 14:18:15 +01:00
|
|
|
wpa_s->valid_links |= BIT(i);
|
|
|
|
os_memcpy(wpa_s->links[i].bssid, bssid, ETH_ALEN);
|
|
|
|
wpa_s->links[i].freq = bss->mld_links[i].freq;
|
|
|
|
wpa_s->links[i].disabled = bss->mld_links[i].disabled;
|
|
|
|
|
|
|
|
if (bss->mld_link_id == i)
|
|
|
|
wpa_s->links[i].bss = bss;
|
|
|
|
else
|
|
|
|
wpa_s->links[i].bss = wpa_bss_get_bssid(wpa_s, bssid);
|
2023-11-21 00:51:20 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2012-11-25 14:47:43 +01:00
|
|
|
static void sme_send_authentication(struct wpa_supplicant *wpa_s,
|
|
|
|
struct wpa_bss *bss, struct wpa_ssid *ssid,
|
|
|
|
int start)
|
2009-03-20 21:26:41 +01:00
|
|
|
{
|
|
|
|
struct wpa_driver_auth_params params;
|
2009-09-13 19:53:32 +02:00
|
|
|
struct wpa_ssid *old_ssid;
|
2010-01-03 12:05:54 +01:00
|
|
|
#ifdef CONFIG_IEEE80211R
|
2009-03-20 21:26:41 +01:00
|
|
|
const u8 *ie;
|
2010-01-03 12:05:54 +01:00
|
|
|
#endif /* CONFIG_IEEE80211R */
|
2017-04-02 12:22:52 +02:00
|
|
|
#if defined(CONFIG_IEEE80211R) || defined(CONFIG_FILS)
|
2009-03-20 21:26:41 +01:00
|
|
|
const u8 *md = NULL;
|
2017-04-02 12:22:52 +02:00
|
|
|
#endif /* CONFIG_IEEE80211R || CONFIG_FILS */
|
2020-02-29 15:52:39 +01:00
|
|
|
int bssid_changed;
|
2012-09-30 18:51:07 +02:00
|
|
|
struct wpabuf *resp = NULL;
|
2014-06-07 15:33:28 +02:00
|
|
|
u8 ext_capab[18];
|
2012-12-22 18:17:15 +01:00
|
|
|
int ext_capab_len;
|
2015-02-19 15:35:39 +01:00
|
|
|
int skip_auth;
|
2018-08-23 15:52:32 +02:00
|
|
|
u8 *wpa_ie;
|
|
|
|
size_t wpa_ie_len;
|
2018-08-26 19:45:04 +02:00
|
|
|
#ifdef CONFIG_MBO
|
|
|
|
const u8 *mbo_ie;
|
|
|
|
#endif /* CONFIG_MBO */
|
2020-03-20 20:45:22 +01:00
|
|
|
int omit_rsnxe = 0;
|
2009-03-20 21:26:41 +01:00
|
|
|
|
|
|
|
if (bss == NULL) {
|
2011-02-10 19:14:46 +01:00
|
|
|
wpa_msg(wpa_s, MSG_ERROR, "SME: No scan result available for "
|
|
|
|
"the network");
|
2014-01-03 15:50:32 +01:00
|
|
|
wpas_connect_work_done(wpa_s);
|
2009-03-20 21:26:41 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2023-11-21 00:51:19 +01:00
|
|
|
os_memset(¶ms, 0, sizeof(params));
|
2023-11-21 00:51:20 +01:00
|
|
|
|
|
|
|
if ((wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_MLO) &&
|
|
|
|
!wpa_bss_parse_basic_ml_element(wpa_s, bss, wpa_s->ap_mld_addr,
|
2023-11-21 00:51:37 +01:00
|
|
|
NULL, ssid, NULL) &&
|
2024-02-20 14:18:15 +01:00
|
|
|
bss->valid_links) {
|
2023-11-21 00:51:19 +01:00
|
|
|
wpa_printf(MSG_DEBUG, "MLD: In authentication");
|
2023-11-21 00:51:20 +01:00
|
|
|
wpas_sme_set_mlo_links(wpa_s, bss);
|
|
|
|
|
2023-11-21 00:51:19 +01:00
|
|
|
#ifdef CONFIG_TESTING_OPTIONS
|
|
|
|
bss = wpas_ml_connect_pref(wpa_s, bss);
|
|
|
|
|
|
|
|
if (wpa_s->conf->mld_force_single_link) {
|
|
|
|
wpa_printf(MSG_DEBUG, "MLD: Force single link");
|
|
|
|
wpa_s->valid_links = BIT(wpa_s->mlo_assoc_link_id);
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_TESTING_OPTIONS */
|
|
|
|
params.mld = true;
|
|
|
|
params.mld_link_id = wpa_s->mlo_assoc_link_id;
|
|
|
|
params.ap_mld_addr = wpa_s->ap_mld_addr;
|
|
|
|
wpas_ml_handle_removed_links(wpa_s, bss);
|
|
|
|
}
|
|
|
|
|
2015-02-19 15:35:39 +01:00
|
|
|
skip_auth = wpa_s->conf->reassoc_same_bss_optim &&
|
|
|
|
wpa_s->reassoc_same_bss;
|
2010-01-02 15:59:19 +01:00
|
|
|
wpa_s->current_bss = bss;
|
|
|
|
|
2009-03-20 21:26:41 +01:00
|
|
|
wpa_s->reassociate = 0;
|
|
|
|
|
|
|
|
params.freq = bss->freq;
|
|
|
|
params.bssid = bss->bssid;
|
2010-01-02 15:16:02 +01:00
|
|
|
params.ssid = bss->ssid;
|
|
|
|
params.ssid_len = bss->ssid_len;
|
2011-07-17 19:25:58 +02:00
|
|
|
params.p2p = ssid->p2p_group;
|
2009-03-20 21:26:41 +01:00
|
|
|
|
2009-11-17 18:25:05 +01:00
|
|
|
if (wpa_s->sme.ssid_len != params.ssid_len ||
|
|
|
|
os_memcmp(wpa_s->sme.ssid, params.ssid, params.ssid_len) != 0)
|
|
|
|
wpa_s->sme.prev_bssid_set = 0;
|
|
|
|
|
2009-03-20 21:26:41 +01:00
|
|
|
wpa_s->sme.freq = params.freq;
|
|
|
|
os_memcpy(wpa_s->sme.ssid, params.ssid, params.ssid_len);
|
|
|
|
wpa_s->sme.ssid_len = params.ssid_len;
|
|
|
|
|
2010-01-03 20:14:40 +01:00
|
|
|
params.auth_alg = WPA_AUTH_ALG_OPEN;
|
2009-03-20 21:26:41 +01:00
|
|
|
#ifdef IEEE8021X_EAPOL
|
|
|
|
if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
|
|
|
|
if (ssid->leap) {
|
|
|
|
if (ssid->non_leap == 0)
|
2010-01-03 20:14:40 +01:00
|
|
|
params.auth_alg = WPA_AUTH_ALG_LEAP;
|
2009-03-20 21:26:41 +01:00
|
|
|
else
|
2010-01-03 20:14:40 +01:00
|
|
|
params.auth_alg |= WPA_AUTH_ALG_LEAP;
|
2009-03-20 21:26:41 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* IEEE8021X_EAPOL */
|
2011-02-10 19:14:46 +01:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x",
|
|
|
|
params.auth_alg);
|
2009-03-20 21:26:41 +01:00
|
|
|
if (ssid->auth_alg) {
|
2010-01-03 20:14:40 +01:00
|
|
|
params.auth_alg = ssid->auth_alg;
|
2011-02-10 19:14:46 +01:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "Overriding auth_alg selection: "
|
|
|
|
"0x%x", params.auth_alg);
|
2009-03-20 21:26:41 +01:00
|
|
|
}
|
2012-09-30 18:51:07 +02:00
|
|
|
#ifdef CONFIG_SAE
|
2014-10-18 12:02:02 +02:00
|
|
|
wpa_s->sme.sae_pmksa_caching = 0;
|
2012-09-30 18:51:07 +02:00
|
|
|
if (wpa_key_mgmt_sae(ssid->key_mgmt)) {
|
|
|
|
const u8 *rsn;
|
|
|
|
struct wpa_ie_data ied;
|
|
|
|
|
|
|
|
rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
|
2014-12-22 12:49:52 +01:00
|
|
|
if (!rsn) {
|
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG,
|
|
|
|
"SAE enabled, but target BSS does not advertise RSN");
|
2019-03-16 16:15:09 +01:00
|
|
|
#ifdef CONFIG_DPP
|
|
|
|
} else if (wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ied) == 0 &&
|
|
|
|
(ssid->key_mgmt & WPA_KEY_MGMT_DPP) &&
|
|
|
|
(ied.key_mgmt & WPA_KEY_MGMT_DPP)) {
|
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "Prefer DPP over SAE when both are enabled");
|
|
|
|
#endif /* CONFIG_DPP */
|
2014-12-22 12:49:52 +01:00
|
|
|
} else if (wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ied) == 0 &&
|
|
|
|
wpa_key_mgmt_sae(ied.key_mgmt)) {
|
2022-10-25 21:35:10 +02:00
|
|
|
if (wpas_is_sae_avoided(wpa_s, ssid, &ied)) {
|
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG,
|
|
|
|
"SAE enabled, but disallowing SAE auth_alg without PMF");
|
|
|
|
} else {
|
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "Using SAE auth_alg");
|
|
|
|
params.auth_alg = WPA_AUTH_ALG_SAE;
|
|
|
|
}
|
2014-12-22 12:49:52 +01:00
|
|
|
} else {
|
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG,
|
|
|
|
"SAE enabled, but target BSS does not advertise SAE AKM for RSN");
|
2012-09-30 18:51:07 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_SAE */
|
2009-03-20 21:26:41 +01:00
|
|
|
|
2020-02-29 15:52:39 +01:00
|
|
|
#ifdef CONFIG_WEP
|
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
|
|
|
for (i = 0; i < NUM_WEP_KEYS; i++) {
|
|
|
|
if (ssid->wep_key_len[i])
|
|
|
|
params.wep_key[i] = ssid->wep_key[i];
|
|
|
|
params.wep_key_len[i] = ssid->wep_key_len[i];
|
|
|
|
}
|
|
|
|
params.wep_tx_keyidx = ssid->wep_tx_keyidx;
|
2009-04-04 15:58:16 +02:00
|
|
|
}
|
2020-02-29 15:52:39 +01:00
|
|
|
#endif /* CONFIG_WEP */
|
2009-04-04 15:58:16 +02:00
|
|
|
|
2010-01-10 20:31:54 +01:00
|
|
|
if ((wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
|
|
|
|
wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
|
2011-11-24 21:46:14 +01:00
|
|
|
wpa_key_mgmt_wpa(ssid->key_mgmt)) {
|
2009-03-20 21:26:41 +01:00
|
|
|
int try_opportunistic;
|
2017-02-21 11:22:19 +01:00
|
|
|
const u8 *cache_id = NULL;
|
|
|
|
|
2012-11-12 19:07:53 +01:00
|
|
|
try_opportunistic = (ssid->proactive_key_caching < 0 ?
|
|
|
|
wpa_s->conf->okc :
|
|
|
|
ssid->proactive_key_caching) &&
|
2009-03-20 21:26:41 +01:00
|
|
|
(ssid->proto & WPA_PROTO_RSN);
|
2017-02-21 11:22:19 +01:00
|
|
|
#ifdef CONFIG_FILS
|
|
|
|
if (wpa_key_mgmt_fils(ssid->key_mgmt))
|
|
|
|
cache_id = wpa_bss_get_fils_cache_id(bss);
|
|
|
|
#endif /* CONFIG_FILS */
|
2022-12-06 10:46:09 +01:00
|
|
|
if (pmksa_cache_set_current(wpa_s->wpa, NULL,
|
|
|
|
params.mld ? params.ap_mld_addr :
|
|
|
|
bss->bssid,
|
2009-03-20 21:26:41 +01:00
|
|
|
wpa_s->current_ssid,
|
2018-04-08 19:06:40 +02:00
|
|
|
try_opportunistic, cache_id,
|
2023-09-27 06:55:34 +02:00
|
|
|
0, false) == 0)
|
2015-01-28 00:26:14 +01:00
|
|
|
eapol_sm_notify_pmkid_attempt(wpa_s->eapol);
|
2009-03-20 21:26:41 +01:00
|
|
|
wpa_s->sme.assoc_req_ie_len = sizeof(wpa_s->sme.assoc_req_ie);
|
|
|
|
if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
|
|
|
|
wpa_s->sme.assoc_req_ie,
|
2022-10-20 11:15:18 +02:00
|
|
|
&wpa_s->sme.assoc_req_ie_len,
|
|
|
|
false)) {
|
2011-02-10 19:14:46 +01:00
|
|
|
wpa_msg(wpa_s, MSG_WARNING, "SME: Failed to set WPA "
|
|
|
|
"key management and encryption suites");
|
2014-01-03 15:50:32 +01:00
|
|
|
wpas_connect_work_done(wpa_s);
|
2009-03-20 21:26:41 +01:00
|
|
|
return;
|
|
|
|
}
|
2018-11-09 17:07:16 +01:00
|
|
|
#ifdef CONFIG_HS20
|
|
|
|
} else if (wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE) &&
|
|
|
|
(ssid->key_mgmt & WPA_KEY_MGMT_OSEN)) {
|
|
|
|
/* No PMKSA caching, but otherwise similar to RSN/WPA */
|
|
|
|
wpa_s->sme.assoc_req_ie_len = sizeof(wpa_s->sme.assoc_req_ie);
|
|
|
|
if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
|
|
|
|
wpa_s->sme.assoc_req_ie,
|
2022-10-20 11:15:18 +02:00
|
|
|
&wpa_s->sme.assoc_req_ie_len,
|
|
|
|
false)) {
|
2018-11-09 17:07:16 +01:00
|
|
|
wpa_msg(wpa_s, MSG_WARNING, "SME: Failed to set WPA "
|
|
|
|
"key management and encryption suites");
|
|
|
|
wpas_connect_work_done(wpa_s);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_HS20 */
|
2012-08-15 18:34:04 +02:00
|
|
|
} else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) &&
|
|
|
|
wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) {
|
|
|
|
/*
|
|
|
|
* Both WPA and non-WPA IEEE 802.1X enabled in configuration -
|
|
|
|
* use non-WPA since the scan results did not indicate that the
|
|
|
|
* AP is using WPA or WPA2.
|
|
|
|
*/
|
|
|
|
wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
|
|
|
|
wpa_s->sme.assoc_req_ie_len = 0;
|
2011-11-24 21:46:14 +01:00
|
|
|
} else if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) {
|
2009-03-20 21:26:41 +01:00
|
|
|
wpa_s->sme.assoc_req_ie_len = sizeof(wpa_s->sme.assoc_req_ie);
|
|
|
|
if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
|
|
|
|
wpa_s->sme.assoc_req_ie,
|
2022-10-20 11:15:18 +02:00
|
|
|
&wpa_s->sme.assoc_req_ie_len,
|
|
|
|
false)) {
|
2011-02-10 19:14:46 +01:00
|
|
|
wpa_msg(wpa_s, MSG_WARNING, "SME: Failed to set WPA "
|
|
|
|
"key management and encryption suites (no "
|
|
|
|
"scan results)");
|
2014-01-03 15:50:32 +01:00
|
|
|
wpas_connect_work_done(wpa_s);
|
2009-03-20 21:26:41 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
#ifdef CONFIG_WPS
|
|
|
|
} else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
|
|
|
|
struct wpabuf *wps_ie;
|
|
|
|
wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
|
|
|
|
if (wps_ie && wpabuf_len(wps_ie) <=
|
|
|
|
sizeof(wpa_s->sme.assoc_req_ie)) {
|
|
|
|
wpa_s->sme.assoc_req_ie_len = wpabuf_len(wps_ie);
|
|
|
|
os_memcpy(wpa_s->sme.assoc_req_ie, wpabuf_head(wps_ie),
|
|
|
|
wpa_s->sme.assoc_req_ie_len);
|
|
|
|
} else
|
|
|
|
wpa_s->sme.assoc_req_ie_len = 0;
|
|
|
|
wpabuf_free(wps_ie);
|
|
|
|
wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
|
|
|
|
#endif /* CONFIG_WPS */
|
|
|
|
} else {
|
|
|
|
wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
|
|
|
|
wpa_s->sme.assoc_req_ie_len = 0;
|
|
|
|
}
|
|
|
|
|
2018-08-23 15:52:32 +02:00
|
|
|
/* In case the WPA vendor IE is used, it should be placed after all the
|
|
|
|
* non-vendor IEs, as the lower layer expects the IEs to be ordered as
|
|
|
|
* defined in the standard. Store the WPA IE so it can later be
|
|
|
|
* inserted at the correct location.
|
|
|
|
*/
|
|
|
|
wpa_ie = NULL;
|
|
|
|
wpa_ie_len = 0;
|
|
|
|
if (wpa_s->wpa_proto == WPA_PROTO_WPA) {
|
|
|
|
wpa_ie = os_memdup(wpa_s->sme.assoc_req_ie,
|
|
|
|
wpa_s->sme.assoc_req_ie_len);
|
|
|
|
if (wpa_ie) {
|
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Storing WPA IE");
|
|
|
|
|
|
|
|
wpa_ie_len = wpa_s->sme.assoc_req_ie_len;
|
|
|
|
wpa_s->sme.assoc_req_ie_len = 0;
|
|
|
|
} else {
|
|
|
|
wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed copy WPA IE");
|
|
|
|
wpas_connect_work_done(wpa_s);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2009-03-20 21:26:41 +01:00
|
|
|
#ifdef CONFIG_IEEE80211R
|
2010-01-02 15:16:02 +01:00
|
|
|
ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
|
2009-03-20 21:26:41 +01:00
|
|
|
if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
|
|
|
|
md = ie + 2;
|
2010-04-10 10:36:35 +02:00
|
|
|
wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
|
2019-03-26 05:29:34 +01:00
|
|
|
if (md && (!wpa_key_mgmt_ft(ssid->key_mgmt) ||
|
|
|
|
!wpa_key_mgmt_ft(wpa_s->key_mgmt)))
|
|
|
|
md = NULL;
|
2009-03-20 21:26:41 +01:00
|
|
|
if (md) {
|
|
|
|
/* Prepare for the next transition */
|
2010-04-09 15:26:20 +02:00
|
|
|
wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
|
2009-03-20 21:26:41 +01:00
|
|
|
}
|
|
|
|
|
2017-04-02 12:22:52 +02:00
|
|
|
if (md) {
|
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "SME: FT mobility domain %02x%02x",
|
|
|
|
md[0], md[1]);
|
|
|
|
|
2020-03-20 20:45:22 +01:00
|
|
|
omit_rsnxe = !wpa_bss_get_ie(bss, WLAN_EID_RSNX);
|
2009-03-20 21:26:41 +01:00
|
|
|
if (wpa_s->sme.assoc_req_ie_len + 5 <
|
|
|
|
sizeof(wpa_s->sme.assoc_req_ie)) {
|
|
|
|
struct rsn_mdie *mdie;
|
|
|
|
u8 *pos = wpa_s->sme.assoc_req_ie +
|
|
|
|
wpa_s->sme.assoc_req_ie_len;
|
|
|
|
*pos++ = WLAN_EID_MOBILITY_DOMAIN;
|
|
|
|
*pos++ = sizeof(*mdie);
|
|
|
|
mdie = (struct rsn_mdie *) pos;
|
|
|
|
os_memcpy(mdie->mobility_domain, md,
|
|
|
|
MOBILITY_DOMAIN_ID_LEN);
|
2010-04-09 15:41:57 +02:00
|
|
|
mdie->ft_capab = md[MOBILITY_DOMAIN_ID_LEN];
|
2009-03-20 21:26:41 +01:00
|
|
|
wpa_s->sme.assoc_req_ie_len += 5;
|
|
|
|
}
|
|
|
|
|
2019-01-04 19:28:56 +01:00
|
|
|
if (wpa_s->sme.prev_bssid_set && wpa_s->sme.ft_used &&
|
2010-04-10 21:39:49 +02:00
|
|
|
os_memcmp(md, wpa_s->sme.mobility_domain, 2) == 0 &&
|
2022-11-08 22:43:43 +01:00
|
|
|
wpa_sm_has_ft_keys(wpa_s->wpa, md)) {
|
2011-02-10 19:14:46 +01:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "SME: Trying to use FT "
|
|
|
|
"over-the-air");
|
2010-01-03 20:14:40 +01:00
|
|
|
params.auth_alg = WPA_AUTH_ALG_FT;
|
2009-03-20 21:26:41 +01:00
|
|
|
params.ie = wpa_s->sme.ft_ies;
|
|
|
|
params.ie_len = wpa_s->sme.ft_ies_len;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_IEEE80211R */
|
|
|
|
|
2015-01-26 16:40:22 +01:00
|
|
|
wpa_s->sme.mfp = wpas_get_ssid_pmf(wpa_s, ssid);
|
2012-11-24 21:21:29 +01:00
|
|
|
if (wpa_s->sme.mfp != NO_MGMT_FRAME_PROTECTION) {
|
2010-01-02 15:16:02 +01:00
|
|
|
const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
|
2009-03-20 21:26:41 +01:00
|
|
|
struct wpa_ie_data _ie;
|
|
|
|
if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &_ie) == 0 &&
|
|
|
|
_ie.capabilities &
|
|
|
|
(WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
|
2011-02-10 19:14:46 +01:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "SME: Selected AP supports "
|
|
|
|
"MFP: require MFP");
|
2009-03-20 21:26:41 +01:00
|
|
|
wpa_s->sme.mfp = MGMT_FRAME_PROTECTION_REQUIRED;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2010-07-18 23:30:25 +02:00
|
|
|
#ifdef CONFIG_P2P
|
|
|
|
if (wpa_s->global->p2p) {
|
|
|
|
u8 *pos;
|
|
|
|
size_t len;
|
|
|
|
int res;
|
|
|
|
pos = wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len;
|
|
|
|
len = sizeof(wpa_s->sme.assoc_req_ie) -
|
|
|
|
wpa_s->sme.assoc_req_ie_len;
|
2011-07-17 19:52:49 +02:00
|
|
|
res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len,
|
|
|
|
ssid->p2p_group);
|
2010-07-18 23:30:25 +02:00
|
|
|
if (res >= 0)
|
|
|
|
wpa_s->sme.assoc_req_ie_len += res;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_P2P */
|
|
|
|
|
2014-11-16 16:28:53 +01:00
|
|
|
#ifdef CONFIG_FST
|
|
|
|
if (wpa_s->fst_ies) {
|
|
|
|
int fst_ies_len = wpabuf_len(wpa_s->fst_ies);
|
|
|
|
|
|
|
|
if (wpa_s->sme.assoc_req_ie_len + fst_ies_len <=
|
|
|
|
sizeof(wpa_s->sme.assoc_req_ie)) {
|
|
|
|
os_memcpy(wpa_s->sme.assoc_req_ie +
|
|
|
|
wpa_s->sme.assoc_req_ie_len,
|
|
|
|
wpabuf_head(wpa_s->fst_ies),
|
|
|
|
fst_ies_len);
|
|
|
|
wpa_s->sme.assoc_req_ie_len += fst_ies_len;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_FST */
|
|
|
|
|
2016-02-15 15:53:48 +01:00
|
|
|
sme_auth_handle_rrm(wpa_s, bss);
|
|
|
|
|
2023-11-27 20:03:58 +01:00
|
|
|
#ifndef CONFIG_NO_RRM
|
2016-12-02 09:54:39 +01:00
|
|
|
wpa_s->sme.assoc_req_ie_len += wpas_supp_op_class_ie(
|
2020-03-10 07:37:33 +01:00
|
|
|
wpa_s, ssid, bss,
|
2016-12-02 09:54:39 +01:00
|
|
|
wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len,
|
|
|
|
sizeof(wpa_s->sme.assoc_req_ie) - wpa_s->sme.assoc_req_ie_len);
|
2023-11-27 20:03:58 +01:00
|
|
|
#endif /* CONFIG_NO_RRM */
|
2016-02-15 15:53:34 +01:00
|
|
|
|
2016-04-12 10:01:42 +02:00
|
|
|
if (params.p2p)
|
|
|
|
wpa_drv_get_ext_capa(wpa_s, WPA_IF_P2P_CLIENT);
|
|
|
|
else
|
|
|
|
wpa_drv_get_ext_capa(wpa_s, WPA_IF_STATION);
|
|
|
|
|
2014-06-07 15:33:28 +02:00
|
|
|
ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab,
|
2023-04-26 15:22:02 +02:00
|
|
|
sizeof(ext_capab), bss);
|
2012-12-22 18:17:15 +01:00
|
|
|
if (ext_capab_len > 0) {
|
2011-10-16 18:04:46 +02:00
|
|
|
u8 *pos = wpa_s->sme.assoc_req_ie;
|
|
|
|
if (wpa_s->sme.assoc_req_ie_len > 0 && pos[0] == WLAN_EID_RSN)
|
|
|
|
pos += 2 + pos[1];
|
2012-12-22 18:17:15 +01:00
|
|
|
os_memmove(pos + ext_capab_len, pos,
|
2011-10-16 18:04:46 +02:00
|
|
|
wpa_s->sme.assoc_req_ie_len -
|
|
|
|
(pos - wpa_s->sme.assoc_req_ie));
|
2012-12-22 18:17:15 +01:00
|
|
|
wpa_s->sme.assoc_req_ie_len += ext_capab_len;
|
|
|
|
os_memcpy(pos, ext_capab, ext_capab_len);
|
2011-10-16 18:04:46 +02:00
|
|
|
}
|
|
|
|
|
2024-05-29 18:40:27 +02:00
|
|
|
if (ssid->max_idle && wpa_s->sme.assoc_req_ie_len + 5 <=
|
|
|
|
sizeof(wpa_s->sme.assoc_req_ie)) {
|
|
|
|
u8 *pos = wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len;
|
|
|
|
|
|
|
|
*pos++ = WLAN_EID_BSS_MAX_IDLE_PERIOD;
|
|
|
|
*pos++ = 3;
|
|
|
|
WPA_PUT_LE16(pos, ssid->max_idle);
|
|
|
|
pos += 2;
|
|
|
|
*pos = 0; /* Idle Options */
|
|
|
|
wpa_s->sme.assoc_req_ie_len += 5;
|
|
|
|
}
|
|
|
|
|
2019-12-07 11:54:54 +01:00
|
|
|
#ifdef CONFIG_TESTING_OPTIONS
|
|
|
|
if (wpa_s->rsnxe_override_assoc &&
|
|
|
|
wpabuf_len(wpa_s->rsnxe_override_assoc) <=
|
|
|
|
sizeof(wpa_s->sme.assoc_req_ie) - wpa_s->sme.assoc_req_ie_len) {
|
|
|
|
wpa_printf(MSG_DEBUG, "TESTING: RSNXE AssocReq override");
|
|
|
|
os_memcpy(wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len,
|
|
|
|
wpabuf_head(wpa_s->rsnxe_override_assoc),
|
|
|
|
wpabuf_len(wpa_s->rsnxe_override_assoc));
|
|
|
|
wpa_s->sme.assoc_req_ie_len +=
|
|
|
|
wpabuf_len(wpa_s->rsnxe_override_assoc);
|
|
|
|
} else
|
|
|
|
#endif /* CONFIG_TESTING_OPTIONS */
|
2019-10-17 15:54:05 +02:00
|
|
|
if (wpa_s->rsnxe_len > 0 &&
|
|
|
|
wpa_s->rsnxe_len <=
|
2020-03-20 20:45:22 +01:00
|
|
|
sizeof(wpa_s->sme.assoc_req_ie) - wpa_s->sme.assoc_req_ie_len &&
|
|
|
|
!omit_rsnxe) {
|
2019-10-17 15:54:05 +02:00
|
|
|
os_memcpy(wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len,
|
|
|
|
wpa_s->rsnxe, wpa_s->rsnxe_len);
|
|
|
|
wpa_s->sme.assoc_req_ie_len += wpa_s->rsnxe_len;
|
|
|
|
}
|
|
|
|
|
2016-02-15 15:53:48 +01:00
|
|
|
#ifdef CONFIG_HS20
|
|
|
|
if (is_hs20_network(wpa_s, ssid, bss)) {
|
|
|
|
struct wpabuf *hs20;
|
|
|
|
|
2018-04-17 16:22:56 +02:00
|
|
|
hs20 = wpabuf_alloc(20 + MAX_ROAMING_CONS_OI_LEN);
|
2016-02-15 15:53:48 +01:00
|
|
|
if (hs20) {
|
|
|
|
int pps_mo_id = hs20_get_pps_mo_id(wpa_s, ssid);
|
|
|
|
size_t len;
|
|
|
|
|
2018-12-07 23:51:04 +01:00
|
|
|
wpas_hs20_add_indication(hs20, pps_mo_id,
|
|
|
|
get_hs20_version(bss));
|
2018-04-17 16:22:56 +02:00
|
|
|
wpas_hs20_add_roam_cons_sel(hs20, ssid);
|
2016-02-15 15:53:48 +01:00
|
|
|
len = sizeof(wpa_s->sme.assoc_req_ie) -
|
|
|
|
wpa_s->sme.assoc_req_ie_len;
|
|
|
|
if (wpabuf_len(hs20) <= len) {
|
|
|
|
os_memcpy(wpa_s->sme.assoc_req_ie +
|
|
|
|
wpa_s->sme.assoc_req_ie_len,
|
|
|
|
wpabuf_head(hs20), wpabuf_len(hs20));
|
|
|
|
wpa_s->sme.assoc_req_ie_len += wpabuf_len(hs20);
|
|
|
|
}
|
|
|
|
wpabuf_free(hs20);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_HS20 */
|
|
|
|
|
2018-08-23 15:52:32 +02:00
|
|
|
if (wpa_ie) {
|
|
|
|
size_t len;
|
|
|
|
|
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Reinsert WPA IE");
|
|
|
|
|
|
|
|
len = sizeof(wpa_s->sme.assoc_req_ie) -
|
|
|
|
wpa_s->sme.assoc_req_ie_len;
|
|
|
|
|
|
|
|
if (len > wpa_ie_len) {
|
|
|
|
os_memcpy(wpa_s->sme.assoc_req_ie +
|
|
|
|
wpa_s->sme.assoc_req_ie_len,
|
|
|
|
wpa_ie, wpa_ie_len);
|
|
|
|
wpa_s->sme.assoc_req_ie_len += wpa_ie_len;
|
|
|
|
} else {
|
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Failed to add WPA IE");
|
|
|
|
}
|
|
|
|
|
|
|
|
os_free(wpa_ie);
|
|
|
|
}
|
|
|
|
|
2015-01-13 23:50:58 +01:00
|
|
|
if (wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ]) {
|
|
|
|
struct wpabuf *buf = wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ];
|
|
|
|
size_t len;
|
|
|
|
|
|
|
|
len = sizeof(wpa_s->sme.assoc_req_ie) -
|
|
|
|
wpa_s->sme.assoc_req_ie_len;
|
|
|
|
if (wpabuf_len(buf) <= len) {
|
|
|
|
os_memcpy(wpa_s->sme.assoc_req_ie +
|
|
|
|
wpa_s->sme.assoc_req_ie_len,
|
|
|
|
wpabuf_head(buf), wpabuf_len(buf));
|
|
|
|
wpa_s->sme.assoc_req_ie_len += wpabuf_len(buf);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-02-15 15:53:24 +01:00
|
|
|
#ifdef CONFIG_MBO
|
2018-08-26 19:45:04 +02:00
|
|
|
mbo_ie = wpa_bss_get_vendor_ie(bss, MBO_IE_VENDOR_TYPE);
|
2019-09-11 12:35:22 +02:00
|
|
|
if (!wpa_s->disable_mbo_oce && mbo_ie) {
|
2016-02-15 15:53:34 +01:00
|
|
|
int len;
|
2016-02-15 15:53:24 +01:00
|
|
|
|
2016-02-15 15:53:34 +01:00
|
|
|
len = wpas_mbo_ie(wpa_s, wpa_s->sme.assoc_req_ie +
|
|
|
|
wpa_s->sme.assoc_req_ie_len,
|
|
|
|
sizeof(wpa_s->sme.assoc_req_ie) -
|
2018-08-26 19:45:04 +02:00
|
|
|
wpa_s->sme.assoc_req_ie_len,
|
|
|
|
!!mbo_attr_from_mbo_ie(mbo_ie,
|
|
|
|
OCE_ATTR_ID_CAPA_IND));
|
2016-02-15 15:53:34 +01:00
|
|
|
if (len >= 0)
|
|
|
|
wpa_s->sme.assoc_req_ie_len += len;
|
2016-02-15 15:53:24 +01:00
|
|
|
}
|
|
|
|
#endif /* CONFIG_MBO */
|
|
|
|
|
2012-09-30 18:51:07 +02:00
|
|
|
#ifdef CONFIG_SAE
|
2015-02-19 15:35:39 +01:00
|
|
|
if (!skip_auth && params.auth_alg == WPA_AUTH_ALG_SAE &&
|
2022-12-06 10:46:09 +01:00
|
|
|
pmksa_cache_set_current(wpa_s->wpa, NULL,
|
|
|
|
params.mld ? params.ap_mld_addr :
|
|
|
|
bss->bssid,
|
|
|
|
ssid, 0,
|
2019-03-27 03:03:12 +01:00
|
|
|
NULL,
|
2022-07-24 21:05:37 +02:00
|
|
|
wpa_key_mgmt_sae(wpa_s->key_mgmt) ?
|
|
|
|
wpa_s->key_mgmt :
|
2023-09-27 06:55:34 +02:00
|
|
|
(int) WPA_KEY_MGMT_SAE, false) == 0) {
|
2014-10-18 12:02:02 +02:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG,
|
|
|
|
"PMKSA cache entry found - try to use PMKSA caching instead of new SAE authentication");
|
2018-04-08 18:55:52 +02:00
|
|
|
wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
|
2014-10-18 12:02:02 +02:00
|
|
|
params.auth_alg = WPA_AUTH_ALG_OPEN;
|
|
|
|
wpa_s->sme.sae_pmksa_caching = 1;
|
|
|
|
}
|
|
|
|
|
2015-02-19 15:35:39 +01:00
|
|
|
if (!skip_auth && params.auth_alg == WPA_AUTH_ALG_SAE) {
|
2012-09-30 18:51:07 +02:00
|
|
|
if (start)
|
2012-12-30 21:06:11 +01:00
|
|
|
resp = sme_auth_build_sae_commit(wpa_s, ssid,
|
2022-12-06 10:46:09 +01:00
|
|
|
bss->bssid,
|
|
|
|
params.mld ?
|
|
|
|
params.ap_mld_addr :
|
|
|
|
NULL, 0,
|
2020-05-30 22:30:42 +02:00
|
|
|
start == 2, NULL,
|
|
|
|
NULL);
|
2012-09-30 18:51:07 +02:00
|
|
|
else
|
2018-02-01 12:31:28 +01:00
|
|
|
resp = sme_auth_build_sae_confirm(wpa_s, 0);
|
2014-01-03 15:50:32 +01:00
|
|
|
if (resp == NULL) {
|
2023-11-21 00:51:25 +01:00
|
|
|
wpas_connection_failed(wpa_s, bss->bssid, NULL);
|
2012-09-30 18:51:07 +02:00
|
|
|
return;
|
2014-01-03 15:50:32 +01:00
|
|
|
}
|
2016-10-22 16:11:11 +02:00
|
|
|
params.auth_data = wpabuf_head(resp);
|
|
|
|
params.auth_data_len = wpabuf_len(resp);
|
2012-12-31 10:05:42 +01:00
|
|
|
wpa_s->sme.sae.state = start ? SAE_COMMITTED : SAE_CONFIRMED;
|
2012-09-30 18:51:07 +02:00
|
|
|
}
|
|
|
|
#endif /* CONFIG_SAE */
|
|
|
|
|
2020-01-03 17:06:01 +01:00
|
|
|
bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
|
|
|
|
os_memset(wpa_s->bssid, 0, ETH_ALEN);
|
|
|
|
os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
|
|
|
|
if (bssid_changed)
|
|
|
|
wpas_notify_bssid_changed(wpa_s);
|
|
|
|
|
2015-09-04 14:32:07 +02:00
|
|
|
old_ssid = wpa_s->current_ssid;
|
|
|
|
wpa_s->current_ssid = ssid;
|
|
|
|
wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
|
2024-06-19 00:07:36 +02:00
|
|
|
wpa_sm_set_ssid(wpa_s->wpa, bss->ssid, bss->ssid_len);
|
2015-09-04 14:32:07 +02:00
|
|
|
wpa_supplicant_initiate_eapol(wpa_s);
|
|
|
|
|
|
|
|
#ifdef CONFIG_FILS
|
|
|
|
/* TODO: FILS operations can in some cases be done between different
|
|
|
|
* network_ctx (i.e., same credentials can be used with multiple
|
|
|
|
* networks). */
|
|
|
|
if (params.auth_alg == WPA_AUTH_ALG_OPEN &&
|
|
|
|
wpa_key_mgmt_fils(ssid->key_mgmt)) {
|
2017-03-12 21:59:52 +01:00
|
|
|
const u8 *indic;
|
|
|
|
u16 fils_info;
|
2018-07-27 10:25:27 +02:00
|
|
|
const u8 *realm, *username, *rrk;
|
|
|
|
size_t realm_len, username_len, rrk_len;
|
|
|
|
u16 next_seq_num;
|
2017-03-12 21:59:52 +01:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Check FILS Indication element (FILS Information field) bits
|
|
|
|
* indicating supported authentication algorithms against local
|
|
|
|
* configuration (ssid->fils_dh_group). Try to use FILS
|
|
|
|
* authentication only if the AP supports the combination in the
|
|
|
|
* network profile. */
|
|
|
|
indic = wpa_bss_get_ie(bss, WLAN_EID_FILS_INDICATION);
|
|
|
|
if (!indic || indic[1] < 2) {
|
|
|
|
wpa_printf(MSG_DEBUG, "SME: " MACSTR
|
|
|
|
" does not include FILS Indication element - cannot use FILS authentication with it",
|
|
|
|
MAC2STR(bss->bssid));
|
|
|
|
goto no_fils;
|
|
|
|
}
|
|
|
|
|
|
|
|
fils_info = WPA_GET_LE16(indic + 2);
|
|
|
|
if (ssid->fils_dh_group == 0 && !(fils_info & BIT(9))) {
|
|
|
|
wpa_printf(MSG_DEBUG, "SME: " MACSTR
|
|
|
|
" does not support FILS SK without PFS - cannot use FILS authentication with it",
|
|
|
|
MAC2STR(bss->bssid));
|
|
|
|
goto no_fils;
|
|
|
|
}
|
|
|
|
if (ssid->fils_dh_group != 0 && !(fils_info & BIT(10))) {
|
|
|
|
wpa_printf(MSG_DEBUG, "SME: " MACSTR
|
|
|
|
" does not support FILS SK with PFS - cannot use FILS authentication with it",
|
|
|
|
MAC2STR(bss->bssid));
|
|
|
|
goto no_fils;
|
|
|
|
}
|
|
|
|
|
2018-07-27 10:25:27 +02:00
|
|
|
if (wpa_s->last_con_fail_realm &&
|
|
|
|
eapol_sm_get_erp_info(wpa_s->eapol, &ssid->eap,
|
|
|
|
&username, &username_len,
|
|
|
|
&realm, &realm_len, &next_seq_num,
|
|
|
|
&rrk, &rrk_len) == 0 &&
|
|
|
|
realm && realm_len == wpa_s->last_con_fail_realm_len &&
|
|
|
|
os_memcmp(realm, wpa_s->last_con_fail_realm,
|
|
|
|
realm_len) == 0) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"SME: FILS authentication for this realm failed last time - try to regenerate ERP key hierarchy");
|
|
|
|
goto no_fils;
|
|
|
|
}
|
|
|
|
|
2022-12-06 10:46:09 +01:00
|
|
|
if (pmksa_cache_set_current(wpa_s->wpa, NULL,
|
|
|
|
params.mld ? params.ap_mld_addr :
|
|
|
|
bss->bssid,
|
2017-02-21 11:22:19 +01:00
|
|
|
ssid, 0,
|
2018-04-08 19:06:40 +02:00
|
|
|
wpa_bss_get_fils_cache_id(bss),
|
2023-09-27 06:55:34 +02:00
|
|
|
0, false) == 0)
|
2015-09-04 14:32:07 +02:00
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"SME: Try to use FILS with PMKSA caching");
|
2017-04-02 12:22:52 +02:00
|
|
|
resp = fils_build_auth(wpa_s->wpa, ssid->fils_dh_group, md);
|
2015-09-04 14:32:07 +02:00
|
|
|
if (resp) {
|
2017-03-12 21:45:35 +01:00
|
|
|
int auth_alg;
|
|
|
|
|
|
|
|
if (ssid->fils_dh_group)
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"SME: Try to use FILS SK authentication with PFS (DH Group %u)",
|
|
|
|
ssid->fils_dh_group);
|
|
|
|
else
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"SME: Try to use FILS SK authentication without PFS");
|
|
|
|
auth_alg = ssid->fils_dh_group ?
|
|
|
|
WPA_AUTH_ALG_FILS_SK_PFS : WPA_AUTH_ALG_FILS;
|
|
|
|
params.auth_alg = auth_alg;
|
2015-09-04 14:32:07 +02:00
|
|
|
params.auth_data = wpabuf_head(resp);
|
|
|
|
params.auth_data_len = wpabuf_len(resp);
|
2017-03-12 21:45:35 +01:00
|
|
|
wpa_s->sme.auth_alg = auth_alg;
|
2015-09-04 14:32:07 +02:00
|
|
|
}
|
|
|
|
}
|
2017-03-12 21:59:52 +01:00
|
|
|
no_fils:
|
2015-09-04 14:32:07 +02:00
|
|
|
#endif /* CONFIG_FILS */
|
|
|
|
|
2011-09-27 21:21:31 +02:00
|
|
|
wpa_supplicant_cancel_sched_scan(wpa_s);
|
2009-03-20 21:26:41 +01:00
|
|
|
wpa_supplicant_cancel_scan(wpa_s);
|
|
|
|
|
2011-02-10 19:14:46 +01:00
|
|
|
wpa_msg(wpa_s, MSG_INFO, "SME: Trying to authenticate with " MACSTR
|
2009-03-20 21:26:41 +01:00
|
|
|
" (SSID='%s' freq=%d MHz)", MAC2STR(params.bssid),
|
|
|
|
wpa_ssid_txt(params.ssid, params.ssid_len), params.freq);
|
|
|
|
|
2020-04-23 23:51:11 +02:00
|
|
|
eapol_sm_notify_portValid(wpa_s->eapol, false);
|
2009-03-20 21:26:41 +01:00
|
|
|
wpa_clear_keys(wpa_s, bss->bssid);
|
|
|
|
wpa_supplicant_set_state(wpa_s, WPA_AUTHENTICATING);
|
2009-09-13 19:53:32 +02:00
|
|
|
if (old_ssid != wpa_s->current_ssid)
|
|
|
|
wpas_notify_network_changed(wpa_s);
|
2009-03-20 21:26:41 +01:00
|
|
|
|
2016-04-06 16:14:41 +02:00
|
|
|
#ifdef CONFIG_HS20
|
|
|
|
hs20_configure_frame_filters(wpa_s);
|
|
|
|
#endif /* CONFIG_HS20 */
|
|
|
|
|
2014-04-24 07:45:40 +02:00
|
|
|
#ifdef CONFIG_P2P
|
|
|
|
/*
|
|
|
|
* If multi-channel concurrency is not supported, check for any
|
|
|
|
* frequency conflict. In case of any frequency conflict, remove the
|
|
|
|
* least prioritized connection.
|
|
|
|
*/
|
|
|
|
if (wpa_s->num_multichan_concurrent < 2) {
|
|
|
|
int freq, num;
|
2022-11-04 22:18:02 +01:00
|
|
|
num = get_shared_radio_freqs(wpa_s, &freq, 1, false);
|
2014-04-24 07:45:40 +02:00
|
|
|
if (num > 0 && freq > 0 && freq != params.freq) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"Conflicting frequency found (%d != %d)",
|
|
|
|
freq, params.freq);
|
|
|
|
if (wpas_p2p_handle_frequency_conflicts(wpa_s,
|
|
|
|
params.freq,
|
|
|
|
ssid) < 0) {
|
2023-11-21 00:51:25 +01:00
|
|
|
wpas_connection_failed(wpa_s, bss->bssid, NULL);
|
2014-04-24 07:45:40 +02:00
|
|
|
wpa_supplicant_mark_disassoc(wpa_s);
|
|
|
|
wpabuf_free(resp);
|
|
|
|
wpas_connect_work_done(wpa_s);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_P2P */
|
|
|
|
|
2015-02-19 15:35:39 +01:00
|
|
|
if (skip_auth) {
|
|
|
|
wpa_msg(wpa_s, MSG_DEBUG,
|
|
|
|
"SME: Skip authentication step on reassoc-to-same-BSS");
|
|
|
|
wpabuf_free(resp);
|
|
|
|
sme_associate(wpa_s, ssid->mode, bss->bssid, WLAN_AUTH_OPEN);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2010-03-13 20:13:18 +01:00
|
|
|
wpa_s->sme.auth_alg = params.auth_alg;
|
2009-03-20 21:26:41 +01:00
|
|
|
if (wpa_drv_authenticate(wpa_s, ¶ms) < 0) {
|
2011-02-10 19:14:46 +01:00
|
|
|
wpa_msg(wpa_s, MSG_INFO, "SME: Authentication request to the "
|
2009-03-20 21:26:41 +01:00
|
|
|
"driver failed");
|
2023-11-21 00:51:25 +01:00
|
|
|
wpas_connection_failed(wpa_s, bss->bssid, NULL);
|
2012-01-29 16:44:31 +01:00
|
|
|
wpa_supplicant_mark_disassoc(wpa_s);
|
2012-09-30 18:51:07 +02:00
|
|
|
wpabuf_free(resp);
|
2014-01-03 15:50:32 +01:00
|
|
|
wpas_connect_work_done(wpa_s);
|
2009-03-20 21:26:41 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2011-02-24 15:59:46 +01:00
|
|
|
eloop_register_timeout(SME_AUTH_TIMEOUT, 0, sme_auth_timer, wpa_s,
|
|
|
|
NULL);
|
2009-03-20 21:26:41 +01:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Association will be started based on the authentication event from
|
|
|
|
* the driver.
|
|
|
|
*/
|
2012-09-30 18:51:07 +02:00
|
|
|
|
|
|
|
wpabuf_free(resp);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2014-01-03 15:50:32 +01:00
|
|
|
static void sme_auth_start_cb(struct wpa_radio_work *work, int deinit)
|
|
|
|
{
|
|
|
|
struct wpa_connect_work *cwork = work->ctx;
|
|
|
|
struct wpa_supplicant *wpa_s = work->wpa_s;
|
|
|
|
|
2021-03-06 02:43:44 +01:00
|
|
|
wpa_s->roam_in_progress = false;
|
2022-01-05 02:35:13 +01:00
|
|
|
#ifdef CONFIG_WNM
|
|
|
|
wpa_s->bss_trans_mgmt_in_progress = false;
|
|
|
|
#endif /* CONFIG_WNM */
|
2021-03-06 02:43:44 +01:00
|
|
|
|
2014-01-03 15:50:32 +01:00
|
|
|
if (deinit) {
|
2014-02-13 10:24:00 +01:00
|
|
|
if (work->started)
|
|
|
|
wpa_s->connect_work = NULL;
|
|
|
|
|
2014-01-03 15:50:32 +01:00
|
|
|
wpas_connect_work_free(cwork);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
wpa_s->connect_work = work;
|
|
|
|
|
2014-10-27 23:19:24 +01:00
|
|
|
if (cwork->bss_removed ||
|
2015-08-10 21:12:59 +02:00
|
|
|
!wpas_valid_bss_ssid(wpa_s, cwork->bss, cwork->ssid) ||
|
|
|
|
wpas_network_disabled(wpa_s, cwork->ssid)) {
|
2014-01-03 15:50:32 +01:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "SME: BSS/SSID entry for authentication not valid anymore - drop connection attempt");
|
|
|
|
wpas_connect_work_done(wpa_s);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2016-10-22 21:48:25 +02:00
|
|
|
/* Starting new connection, so clear the possibly used WPA IE from the
|
|
|
|
* previous association. */
|
|
|
|
wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
|
2019-10-17 15:54:05 +02:00
|
|
|
wpa_sm_set_assoc_rsnxe(wpa_s->wpa, NULL, 0);
|
|
|
|
wpa_s->rsnxe_len = 0;
|
2016-10-22 21:48:25 +02:00
|
|
|
|
2014-01-03 15:50:32 +01:00
|
|
|
sme_send_authentication(wpa_s, cwork->bss, cwork->ssid, 1);
|
2022-07-28 10:19:42 +02:00
|
|
|
wpas_notify_auth_changed(wpa_s);
|
2014-01-03 15:50:32 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2012-09-30 18:51:07 +02:00
|
|
|
void sme_authenticate(struct wpa_supplicant *wpa_s,
|
|
|
|
struct wpa_bss *bss, struct wpa_ssid *ssid)
|
|
|
|
{
|
2014-01-03 15:50:32 +01:00
|
|
|
struct wpa_connect_work *cwork;
|
|
|
|
|
|
|
|
if (bss == NULL || ssid == NULL)
|
|
|
|
return;
|
|
|
|
if (wpa_s->connect_work) {
|
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "SME: Reject sme_authenticate() call since connect_work exist");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2021-03-06 02:43:44 +01:00
|
|
|
if (wpa_s->roam_in_progress) {
|
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG,
|
|
|
|
"SME: Reject sme_authenticate() in favor of explicit roam request");
|
|
|
|
return;
|
|
|
|
}
|
2022-01-05 02:35:13 +01:00
|
|
|
#ifdef CONFIG_WNM
|
|
|
|
if (wpa_s->bss_trans_mgmt_in_progress) {
|
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG,
|
|
|
|
"SME: Reject sme_authenticate() in favor of BSS transition management request");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_WNM */
|
2014-02-24 14:22:35 +01:00
|
|
|
if (radio_work_pending(wpa_s, "sme-connect")) {
|
2014-03-27 07:58:33 +01:00
|
|
|
/*
|
|
|
|
* The previous sme-connect work might no longer be valid due to
|
|
|
|
* the fact that the BSS list was updated. In addition, it makes
|
|
|
|
* sense to adhere to the 'newer' decision.
|
|
|
|
*/
|
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG,
|
|
|
|
"SME: Remove previous pending sme-connect");
|
|
|
|
radio_remove_works(wpa_s, "sme-connect", 0);
|
2014-02-24 14:22:35 +01:00
|
|
|
}
|
|
|
|
|
2015-10-19 16:00:34 +02:00
|
|
|
wpas_abort_ongoing_scan(wpa_s);
|
|
|
|
|
2014-01-03 15:50:32 +01:00
|
|
|
cwork = os_zalloc(sizeof(*cwork));
|
|
|
|
if (cwork == NULL)
|
|
|
|
return;
|
|
|
|
cwork->bss = bss;
|
|
|
|
cwork->ssid = ssid;
|
|
|
|
cwork->sme = 1;
|
|
|
|
|
2012-12-30 20:48:19 +01:00
|
|
|
#ifdef CONFIG_SAE
|
2012-12-31 10:05:42 +01:00
|
|
|
wpa_s->sme.sae.state = SAE_NOTHING;
|
2012-12-30 20:48:19 +01:00
|
|
|
wpa_s->sme.sae.send_confirm = 0;
|
2013-11-02 17:07:49 +01:00
|
|
|
wpa_s->sme.sae_group_index = 0;
|
2012-12-30 20:48:19 +01:00
|
|
|
#endif /* CONFIG_SAE */
|
2014-01-03 15:50:32 +01:00
|
|
|
|
|
|
|
if (radio_add_work(wpa_s, bss->freq, "sme-connect", 1,
|
|
|
|
sme_auth_start_cb, cwork) < 0)
|
|
|
|
wpas_connect_work_free(cwork);
|
2009-03-20 21:26:41 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2012-09-30 18:51:07 +02:00
|
|
|
#ifdef CONFIG_SAE
|
2012-10-06 18:30:54 +02:00
|
|
|
|
2022-10-19 16:14:06 +02:00
|
|
|
#define WPA_AUTH_FRAME_ML_IE_LEN (6 + ETH_ALEN)
|
|
|
|
|
|
|
|
static void wpa_auth_ml_ie(struct wpabuf *buf, const u8 *mld_addr)
|
|
|
|
{
|
|
|
|
|
|
|
|
wpabuf_put_u8(buf, WLAN_EID_EXTENSION);
|
|
|
|
wpabuf_put_u8(buf, 4 + ETH_ALEN);
|
|
|
|
wpabuf_put_u8(buf, WLAN_EID_EXT_MULTI_LINK);
|
|
|
|
|
|
|
|
/* Basic Multi-Link element Control field */
|
|
|
|
wpabuf_put_u8(buf, 0x0);
|
|
|
|
wpabuf_put_u8(buf, 0x0);
|
|
|
|
|
|
|
|
/* Common Info */
|
|
|
|
wpabuf_put_u8(buf, 0x7); /* length = Length field + MLD MAC address */
|
|
|
|
wpabuf_put_data(buf, mld_addr, ETH_ALEN);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2018-02-01 12:31:28 +01:00
|
|
|
static int sme_external_auth_build_buf(struct wpabuf *buf,
|
|
|
|
struct wpabuf *params,
|
|
|
|
const u8 *sa, const u8 *da,
|
2019-09-06 14:40:39 +02:00
|
|
|
u16 auth_transaction, u16 seq_num,
|
2022-10-19 16:14:06 +02:00
|
|
|
u16 status_code, const u8 *mld_addr)
|
2018-02-01 12:31:28 +01:00
|
|
|
{
|
|
|
|
struct ieee80211_mgmt *resp;
|
|
|
|
|
|
|
|
resp = wpabuf_put(buf, offsetof(struct ieee80211_mgmt,
|
|
|
|
u.auth.variable));
|
|
|
|
|
|
|
|
resp->frame_control = host_to_le16((WLAN_FC_TYPE_MGMT << 2) |
|
|
|
|
(WLAN_FC_STYPE_AUTH << 4));
|
|
|
|
os_memcpy(resp->da, da, ETH_ALEN);
|
|
|
|
os_memcpy(resp->sa, sa, ETH_ALEN);
|
|
|
|
os_memcpy(resp->bssid, da, ETH_ALEN);
|
2018-11-30 16:26:26 +01:00
|
|
|
resp->u.auth.auth_alg = host_to_le16(WLAN_AUTH_SAE);
|
|
|
|
resp->seq_ctrl = host_to_le16(seq_num << 4);
|
|
|
|
resp->u.auth.auth_transaction = host_to_le16(auth_transaction);
|
2019-09-06 14:40:39 +02:00
|
|
|
resp->u.auth.status_code = host_to_le16(status_code);
|
2018-02-01 12:31:28 +01:00
|
|
|
if (params)
|
|
|
|
wpabuf_put_buf(buf, params);
|
|
|
|
|
2022-10-19 16:14:06 +02:00
|
|
|
if (mld_addr)
|
|
|
|
wpa_auth_ml_ie(buf, mld_addr);
|
|
|
|
|
2018-02-01 12:31:28 +01:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2019-05-16 11:21:36 +02:00
|
|
|
static int sme_external_auth_send_sae_commit(struct wpa_supplicant *wpa_s,
|
|
|
|
const u8 *bssid,
|
|
|
|
struct wpa_ssid *ssid)
|
2018-02-01 12:31:28 +01:00
|
|
|
{
|
|
|
|
struct wpabuf *resp, *buf;
|
2019-09-06 14:40:39 +02:00
|
|
|
int use_pt;
|
2020-05-30 22:30:42 +02:00
|
|
|
bool use_pk;
|
|
|
|
u16 status;
|
2018-02-01 12:31:28 +01:00
|
|
|
|
2022-10-19 16:14:06 +02:00
|
|
|
resp = sme_auth_build_sae_commit(wpa_s, ssid, bssid,
|
|
|
|
wpa_s->sme.ext_ml_auth ?
|
|
|
|
wpa_s->sme.ext_auth_ap_mld_addr : NULL,
|
2022-12-06 10:46:09 +01:00
|
|
|
1, 0, &use_pt, &use_pk);
|
2019-05-16 11:21:36 +02:00
|
|
|
if (!resp) {
|
|
|
|
wpa_printf(MSG_DEBUG, "SAE: Failed to build SAE commit");
|
|
|
|
return -1;
|
|
|
|
}
|
2018-02-01 12:31:28 +01:00
|
|
|
|
|
|
|
wpa_s->sme.sae.state = SAE_COMMITTED;
|
2022-10-19 16:14:06 +02:00
|
|
|
buf = wpabuf_alloc(4 + SAE_COMMIT_MAX_LEN + wpabuf_len(resp) +
|
|
|
|
(wpa_s->sme.ext_ml_auth ? WPA_AUTH_FRAME_ML_IE_LEN :
|
|
|
|
0));
|
2018-02-01 12:31:28 +01:00
|
|
|
if (!buf) {
|
|
|
|
wpabuf_free(resp);
|
2019-05-16 11:21:36 +02:00
|
|
|
return -1;
|
2018-02-01 12:31:28 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
wpa_s->sme.seq_num++;
|
2020-05-30 22:30:42 +02:00
|
|
|
if (use_pk)
|
|
|
|
status = WLAN_STATUS_SAE_PK;
|
|
|
|
else if (use_pt)
|
|
|
|
status = WLAN_STATUS_SAE_HASH_TO_ELEMENT;
|
|
|
|
else
|
|
|
|
status = WLAN_STATUS_SUCCESS;
|
2018-02-01 12:31:28 +01:00
|
|
|
sme_external_auth_build_buf(buf, resp, wpa_s->own_addr,
|
2022-10-19 16:14:06 +02:00
|
|
|
wpa_s->sme.ext_ml_auth ?
|
|
|
|
wpa_s->sme.ext_auth_ap_mld_addr : bssid, 1,
|
|
|
|
wpa_s->sme.seq_num, status,
|
|
|
|
wpa_s->sme.ext_ml_auth ?
|
|
|
|
wpa_s->own_addr : NULL);
|
2020-02-24 10:14:27 +01:00
|
|
|
wpa_drv_send_mlme(wpa_s, wpabuf_head(buf), wpabuf_len(buf), 1, 0, 0);
|
2018-02-01 12:31:28 +01:00
|
|
|
wpabuf_free(resp);
|
|
|
|
wpabuf_free(buf);
|
2019-05-16 11:21:36 +02:00
|
|
|
|
|
|
|
return 0;
|
2018-02-01 12:31:28 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void sme_send_external_auth_status(struct wpa_supplicant *wpa_s,
|
|
|
|
u16 status)
|
|
|
|
{
|
|
|
|
struct external_auth params;
|
|
|
|
|
2022-08-08 13:33:38 +02:00
|
|
|
wpa_s->sme.ext_auth_wpa_ssid = NULL;
|
2018-02-01 12:31:28 +01:00
|
|
|
os_memset(¶ms, 0, sizeof(params));
|
|
|
|
params.status = status;
|
2019-04-28 15:24:32 +02:00
|
|
|
params.ssid = wpa_s->sme.ext_auth_ssid;
|
|
|
|
params.ssid_len = wpa_s->sme.ext_auth_ssid_len;
|
|
|
|
params.bssid = wpa_s->sme.ext_auth_bssid;
|
2019-08-16 07:18:45 +02:00
|
|
|
if (wpa_s->conf->sae_pmkid_in_assoc && status == WLAN_STATUS_SUCCESS)
|
|
|
|
params.pmkid = wpa_s->sme.sae.pmkid;
|
2018-02-01 12:31:28 +01:00
|
|
|
wpa_drv_send_external_auth_status(wpa_s, ¶ms);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2019-05-16 11:21:36 +02:00
|
|
|
static int sme_handle_external_auth_start(struct wpa_supplicant *wpa_s,
|
|
|
|
union wpa_event_data *data)
|
2018-02-01 12:31:28 +01:00
|
|
|
{
|
|
|
|
struct wpa_ssid *ssid;
|
|
|
|
size_t ssid_str_len = data->external_auth.ssid_len;
|
2019-04-12 19:38:08 +02:00
|
|
|
const u8 *ssid_str = data->external_auth.ssid;
|
2018-02-01 12:31:28 +01:00
|
|
|
|
2022-08-08 13:33:38 +02:00
|
|
|
wpa_s->sme.ext_auth_wpa_ssid = NULL;
|
2018-02-01 12:31:28 +01:00
|
|
|
/* Get the SSID conf from the ssid string obtained */
|
|
|
|
for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
|
|
|
|
if (!wpas_network_disabled(wpa_s, ssid) &&
|
|
|
|
ssid_str_len == ssid->ssid_len &&
|
2018-11-26 12:47:37 +01:00
|
|
|
os_memcmp(ssid_str, ssid->ssid, ssid_str_len) == 0 &&
|
2022-09-13 04:12:03 +02:00
|
|
|
wpa_key_mgmt_sae(ssid->key_mgmt)) {
|
2022-08-08 12:18:53 +02:00
|
|
|
/* Make sure PT is derived */
|
2023-01-30 22:09:53 +01:00
|
|
|
wpa_s_setup_sae_pt(wpa_s->conf, ssid, false);
|
2022-08-08 13:33:38 +02:00
|
|
|
wpa_s->sme.ext_auth_wpa_ssid = ssid;
|
2018-02-01 12:31:28 +01:00
|
|
|
break;
|
2022-08-08 12:18:53 +02:00
|
|
|
}
|
2018-02-01 12:31:28 +01:00
|
|
|
}
|
2019-05-16 11:21:36 +02:00
|
|
|
if (!ssid ||
|
|
|
|
sme_external_auth_send_sae_commit(wpa_s, data->external_auth.bssid,
|
|
|
|
ssid) < 0)
|
|
|
|
return -1;
|
|
|
|
|
|
|
|
return 0;
|
2018-02-01 12:31:28 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void sme_external_auth_send_sae_confirm(struct wpa_supplicant *wpa_s,
|
|
|
|
const u8 *da)
|
|
|
|
{
|
|
|
|
struct wpabuf *resp, *buf;
|
|
|
|
|
|
|
|
resp = sme_auth_build_sae_confirm(wpa_s, 1);
|
|
|
|
if (!resp) {
|
|
|
|
wpa_printf(MSG_DEBUG, "SAE: Confirm message buf alloc failure");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
wpa_s->sme.sae.state = SAE_CONFIRMED;
|
2022-10-19 16:14:06 +02:00
|
|
|
buf = wpabuf_alloc(4 + SAE_CONFIRM_MAX_LEN + wpabuf_len(resp) +
|
|
|
|
(wpa_s->sme.ext_ml_auth ? WPA_AUTH_FRAME_ML_IE_LEN :
|
|
|
|
0));
|
2018-02-01 12:31:28 +01:00
|
|
|
if (!buf) {
|
|
|
|
wpa_printf(MSG_DEBUG, "SAE: Auth Confirm buf alloc failure");
|
|
|
|
wpabuf_free(resp);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
wpa_s->sme.seq_num++;
|
|
|
|
sme_external_auth_build_buf(buf, resp, wpa_s->own_addr,
|
2019-09-06 14:40:39 +02:00
|
|
|
da, 2, wpa_s->sme.seq_num,
|
2022-10-19 16:14:06 +02:00
|
|
|
WLAN_STATUS_SUCCESS,
|
|
|
|
wpa_s->sme.ext_ml_auth ?
|
|
|
|
wpa_s->own_addr : NULL);
|
|
|
|
|
2020-02-24 10:14:27 +01:00
|
|
|
wpa_drv_send_mlme(wpa_s, wpabuf_head(buf), wpabuf_len(buf), 1, 0, 0);
|
2018-02-01 12:31:28 +01:00
|
|
|
wpabuf_free(resp);
|
|
|
|
wpabuf_free(buf);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2022-11-27 23:06:16 +01:00
|
|
|
static bool is_sae_key_mgmt_suite(struct wpa_supplicant *wpa_s, u32 suite)
|
2022-10-16 17:25:11 +02:00
|
|
|
{
|
|
|
|
/* suite is supposed to be the selector value in host byte order with
|
|
|
|
* the OUI in three most significant octets. However, the initial
|
|
|
|
* implementation swapped that byte order and did not work with drivers
|
|
|
|
* that followed the expected byte order. Keep a workaround here to
|
|
|
|
* match that initial implementation so that already deployed use cases
|
|
|
|
* remain functional. */
|
2022-11-27 23:06:16 +01:00
|
|
|
if (RSN_SELECTOR_GET(&suite) == RSN_AUTH_KEY_MGMT_SAE) {
|
|
|
|
/* Old drivers which follow initial implementation send SAE AKM
|
|
|
|
* for both SAE and FT-SAE connections. In that case, determine
|
|
|
|
* the actual AKM from wpa_s->key_mgmt. */
|
|
|
|
wpa_s->sme.ext_auth_key_mgmt = wpa_s->key_mgmt;
|
2022-10-16 17:25:11 +02:00
|
|
|
return true;
|
2022-11-27 23:06:16 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
if (suite == RSN_AUTH_KEY_MGMT_SAE)
|
|
|
|
wpa_s->sme.ext_auth_key_mgmt = WPA_KEY_MGMT_SAE;
|
|
|
|
else if (suite == RSN_AUTH_KEY_MGMT_FT_SAE)
|
|
|
|
wpa_s->sme.ext_auth_key_mgmt = WPA_KEY_MGMT_FT_SAE;
|
|
|
|
else if (suite == RSN_AUTH_KEY_MGMT_SAE_EXT_KEY)
|
|
|
|
wpa_s->sme.ext_auth_key_mgmt = WPA_KEY_MGMT_SAE_EXT_KEY;
|
|
|
|
else if (suite == RSN_AUTH_KEY_MGMT_FT_SAE_EXT_KEY)
|
|
|
|
wpa_s->sme.ext_auth_key_mgmt = WPA_KEY_MGMT_FT_SAE_EXT_KEY;
|
|
|
|
else
|
|
|
|
return false;
|
2022-10-16 17:25:11 +02:00
|
|
|
|
2022-11-27 23:06:16 +01:00
|
|
|
return true;
|
2022-10-16 17:25:11 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2018-02-01 12:31:28 +01:00
|
|
|
void sme_external_auth_trigger(struct wpa_supplicant *wpa_s,
|
|
|
|
union wpa_event_data *data)
|
|
|
|
{
|
2022-11-27 23:06:16 +01:00
|
|
|
if (!is_sae_key_mgmt_suite(wpa_s, data->external_auth.key_mgmt_suite))
|
2018-02-01 12:31:28 +01:00
|
|
|
return;
|
|
|
|
|
|
|
|
if (data->external_auth.action == EXT_AUTH_START) {
|
2019-04-28 15:24:32 +02:00
|
|
|
if (!data->external_auth.bssid || !data->external_auth.ssid)
|
|
|
|
return;
|
|
|
|
os_memcpy(wpa_s->sme.ext_auth_bssid, data->external_auth.bssid,
|
|
|
|
ETH_ALEN);
|
|
|
|
os_memcpy(wpa_s->sme.ext_auth_ssid, data->external_auth.ssid,
|
|
|
|
data->external_auth.ssid_len);
|
|
|
|
wpa_s->sme.ext_auth_ssid_len = data->external_auth.ssid_len;
|
2022-10-19 16:14:06 +02:00
|
|
|
if (data->external_auth.mld_addr) {
|
|
|
|
wpa_s->sme.ext_ml_auth = true;
|
|
|
|
os_memcpy(wpa_s->sme.ext_auth_ap_mld_addr,
|
|
|
|
data->external_auth.mld_addr, ETH_ALEN);
|
|
|
|
} else {
|
|
|
|
wpa_s->sme.ext_ml_auth = false;
|
|
|
|
}
|
2018-02-01 12:31:28 +01:00
|
|
|
wpa_s->sme.seq_num = 0;
|
|
|
|
wpa_s->sme.sae.state = SAE_NOTHING;
|
|
|
|
wpa_s->sme.sae.send_confirm = 0;
|
|
|
|
wpa_s->sme.sae_group_index = 0;
|
2019-05-16 11:21:36 +02:00
|
|
|
if (sme_handle_external_auth_start(wpa_s, data) < 0)
|
|
|
|
sme_send_external_auth_status(wpa_s,
|
|
|
|
WLAN_STATUS_UNSPECIFIED_FAILURE);
|
2018-02-01 12:31:28 +01:00
|
|
|
} else if (data->external_auth.action == EXT_AUTH_ABORT) {
|
|
|
|
/* Report failure to driver for the wrong trigger */
|
|
|
|
sme_send_external_auth_status(wpa_s,
|
|
|
|
WLAN_STATUS_UNSPECIFIED_FAILURE);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2019-09-06 14:40:39 +02:00
|
|
|
static int sme_sae_is_group_enabled(struct wpa_supplicant *wpa_s, int group)
|
|
|
|
{
|
|
|
|
int *groups = wpa_s->conf->sae_groups;
|
|
|
|
int default_groups[] = { 19, 20, 21, 0 };
|
|
|
|
int i;
|
|
|
|
|
|
|
|
if (!groups)
|
|
|
|
groups = default_groups;
|
|
|
|
|
|
|
|
for (i = 0; groups[i] > 0; i++) {
|
|
|
|
if (groups[i] == group)
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static int sme_check_sae_rejected_groups(struct wpa_supplicant *wpa_s,
|
|
|
|
const struct wpabuf *groups)
|
|
|
|
{
|
2024-07-09 22:33:38 +02:00
|
|
|
size_t i, count, len;
|
2019-09-06 14:40:39 +02:00
|
|
|
const u8 *pos;
|
|
|
|
|
|
|
|
if (!groups)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
pos = wpabuf_head(groups);
|
2024-07-09 22:33:38 +02:00
|
|
|
len = wpabuf_len(groups);
|
|
|
|
if (len & 1) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"SAE: Invalid length of the Rejected Groups element payload: %zu",
|
|
|
|
len);
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
count = len / 2;
|
2019-09-06 14:40:39 +02:00
|
|
|
for (i = 0; i < count; i++) {
|
|
|
|
int enabled;
|
|
|
|
u16 group;
|
|
|
|
|
|
|
|
group = WPA_GET_LE16(pos);
|
|
|
|
pos += 2;
|
|
|
|
enabled = sme_sae_is_group_enabled(wpa_s, group);
|
|
|
|
wpa_printf(MSG_DEBUG, "SAE: Rejected group %u is %s",
|
|
|
|
group, enabled ? "enabled" : "disabled");
|
|
|
|
if (enabled)
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2022-10-19 16:14:06 +02:00
|
|
|
static int sme_external_ml_auth(struct wpa_supplicant *wpa_s,
|
2023-05-09 15:53:21 +02:00
|
|
|
const u8 *data, size_t len, int ie_offset,
|
|
|
|
u16 status_code)
|
2022-10-19 16:14:06 +02:00
|
|
|
{
|
|
|
|
struct ieee802_11_elems elems;
|
|
|
|
const u8 *mld_addr;
|
|
|
|
|
|
|
|
if (ieee802_11_parse_elems(data + ie_offset, len - ie_offset,
|
2023-04-13 00:21:15 +02:00
|
|
|
&elems, 0) == ParseFailed) {
|
2022-10-19 16:14:06 +02:00
|
|
|
wpa_printf(MSG_DEBUG, "MLD: Failed parsing elements");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!elems.basic_mle || !elems.basic_mle_len) {
|
|
|
|
wpa_printf(MSG_DEBUG, "MLD: No ML element in authentication");
|
2023-05-09 15:53:21 +02:00
|
|
|
if (status_code == WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ ||
|
|
|
|
status_code == WLAN_STATUS_SUCCESS ||
|
|
|
|
status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT ||
|
|
|
|
status_code == WLAN_STATUS_SAE_PK)
|
|
|
|
return -1;
|
|
|
|
/* Accept missing Multi-Link element in failed authentication
|
|
|
|
* cases. */
|
|
|
|
return 0;
|
2022-10-19 16:14:06 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
mld_addr = get_basic_mle_mld_addr(elems.basic_mle, elems.basic_mle_len);
|
|
|
|
if (!mld_addr) {
|
|
|
|
wpa_printf(MSG_DEBUG, "MLD: No MLD address in ML element");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
wpa_printf(MSG_DEBUG, "MLD: mld_address=" MACSTR, MAC2STR(mld_addr));
|
|
|
|
|
Use ether_addr_equal() to compare whether two MAC addresses are equal
This was done with spatch using the following semantic patch and minor
manual edits to clean up coding style and avoid compiler warnings in
driver_wext.c:
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) == 0
+ ether_addr_equal(a, b)
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) != 0
+ !ether_addr_equal(a, b)
@@
expression a,b;
@@
- !os_memcmp(a, b, ETH_ALEN)
+ ether_addr_equal(a, b)
Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-13 22:15:36 +01:00
|
|
|
if (!ether_addr_equal(wpa_s->sme.ext_auth_ap_mld_addr, mld_addr)) {
|
2022-10-19 16:14:06 +02:00
|
|
|
wpa_printf(MSG_DEBUG, "MLD: Unexpected MLD address (expected "
|
2023-04-13 00:52:51 +02:00
|
|
|
MACSTR ")",
|
|
|
|
MAC2STR(wpa_s->sme.ext_auth_ap_mld_addr));
|
2022-10-19 16:14:06 +02:00
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2012-09-30 18:51:07 +02:00
|
|
|
static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
|
2018-02-01 12:31:28 +01:00
|
|
|
u16 status_code, const u8 *data, size_t len,
|
2022-12-06 10:46:05 +01:00
|
|
|
int external, const u8 *sa, int *ie_offset)
|
2012-09-30 18:51:07 +02:00
|
|
|
{
|
2014-11-25 03:04:41 +01:00
|
|
|
int *groups;
|
|
|
|
|
2012-09-30 18:51:07 +02:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "SME: SAE authentication transaction %u "
|
|
|
|
"status code %u", auth_transaction, status_code);
|
|
|
|
|
2012-12-31 15:58:36 +01:00
|
|
|
if (auth_transaction == 1 &&
|
|
|
|
status_code == WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ &&
|
|
|
|
wpa_s->sme.sae.state == SAE_COMMITTED &&
|
2022-08-08 13:33:38 +02:00
|
|
|
((external && wpa_s->sme.ext_auth_wpa_ssid) ||
|
|
|
|
(!external && wpa_s->current_bss && wpa_s->current_ssid))) {
|
2019-03-05 16:23:58 +01:00
|
|
|
int default_groups[] = { 19, 20, 21, 0 };
|
2014-11-25 03:04:41 +01:00
|
|
|
u16 group;
|
2020-01-20 19:27:06 +01:00
|
|
|
const u8 *token_pos;
|
|
|
|
size_t token_len;
|
|
|
|
int h2e = 0;
|
2014-11-25 03:04:41 +01:00
|
|
|
|
|
|
|
groups = wpa_s->conf->sae_groups;
|
|
|
|
if (!groups || groups[0] <= 0)
|
|
|
|
groups = default_groups;
|
|
|
|
|
2020-01-20 19:27:06 +01:00
|
|
|
wpa_hexdump(MSG_DEBUG, "SME: SAE anti-clogging token request",
|
|
|
|
data, len);
|
2014-11-25 03:04:41 +01:00
|
|
|
if (len < sizeof(le16)) {
|
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG,
|
|
|
|
"SME: Too short SAE anti-clogging token request");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
group = WPA_GET_LE16(data);
|
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG,
|
|
|
|
"SME: SAE anti-clogging token requested (group %u)",
|
|
|
|
group);
|
|
|
|
if (sae_group_allowed(&wpa_s->sme.sae, groups, group) !=
|
|
|
|
WLAN_STATUS_SUCCESS) {
|
|
|
|
wpa_dbg(wpa_s, MSG_ERROR,
|
|
|
|
"SME: SAE group %u of anti-clogging request is invalid",
|
|
|
|
group);
|
|
|
|
return -1;
|
|
|
|
}
|
2012-12-31 15:58:36 +01:00
|
|
|
wpabuf_free(wpa_s->sme.sae_token);
|
2020-01-20 19:27:06 +01:00
|
|
|
token_pos = data + sizeof(le16);
|
|
|
|
token_len = len - sizeof(le16);
|
2020-06-06 11:08:37 +02:00
|
|
|
h2e = wpa_s->sme.sae.h2e;
|
2020-01-20 19:27:06 +01:00
|
|
|
if (h2e) {
|
2022-05-08 16:14:34 +02:00
|
|
|
u8 id, elen, extid;
|
|
|
|
|
2020-01-20 19:27:06 +01:00
|
|
|
if (token_len < 3) {
|
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG,
|
|
|
|
"SME: Too short SAE anti-clogging token container");
|
|
|
|
return -1;
|
|
|
|
}
|
2022-05-08 16:14:34 +02:00
|
|
|
id = *token_pos++;
|
|
|
|
elen = *token_pos++;
|
|
|
|
extid = *token_pos++;
|
|
|
|
if (id != WLAN_EID_EXTENSION ||
|
|
|
|
elen == 0 || elen > token_len - 2 ||
|
|
|
|
extid != WLAN_EID_EXT_ANTI_CLOGGING_TOKEN) {
|
2020-01-20 19:27:06 +01:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG,
|
|
|
|
"SME: Invalid SAE anti-clogging token container header");
|
|
|
|
return -1;
|
|
|
|
}
|
2022-05-08 16:14:34 +02:00
|
|
|
token_len = elen - 1;
|
2020-01-20 19:27:06 +01:00
|
|
|
}
|
2022-12-06 10:46:05 +01:00
|
|
|
|
2022-10-19 16:14:06 +02:00
|
|
|
*ie_offset = token_pos + token_len - data;
|
2022-12-06 10:46:05 +01:00
|
|
|
|
2020-01-20 19:27:06 +01:00
|
|
|
wpa_s->sme.sae_token = wpabuf_alloc_copy(token_pos, token_len);
|
2022-11-30 16:05:43 +01:00
|
|
|
if (!wpa_s->sme.sae_token) {
|
|
|
|
wpa_dbg(wpa_s, MSG_ERROR,
|
|
|
|
"SME: Failed to allocate SAE token");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2020-01-20 19:27:06 +01:00
|
|
|
wpa_hexdump_buf(MSG_DEBUG, "SME: Requested anti-clogging token",
|
|
|
|
wpa_s->sme.sae_token);
|
2022-10-19 16:14:06 +02:00
|
|
|
if (!external) {
|
2018-02-01 12:31:28 +01:00
|
|
|
sme_send_authentication(wpa_s, wpa_s->current_bss,
|
2019-03-03 15:23:19 +01:00
|
|
|
wpa_s->current_ssid, 2);
|
2022-10-19 16:14:06 +02:00
|
|
|
} else {
|
|
|
|
if (wpa_s->sme.ext_ml_auth &&
|
2023-05-09 15:53:21 +02:00
|
|
|
sme_external_ml_auth(wpa_s, data, len, *ie_offset,
|
|
|
|
status_code))
|
2022-10-19 16:14:06 +02:00
|
|
|
return -1;
|
|
|
|
|
2018-02-01 12:31:28 +01:00
|
|
|
sme_external_auth_send_sae_commit(
|
2019-04-28 15:24:32 +02:00
|
|
|
wpa_s, wpa_s->sme.ext_auth_bssid,
|
2022-08-08 13:33:38 +02:00
|
|
|
wpa_s->sme.ext_auth_wpa_ssid);
|
2022-10-19 16:14:06 +02:00
|
|
|
}
|
2012-12-31 15:58:36 +01:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2013-01-01 15:23:47 +01:00
|
|
|
if (auth_transaction == 1 &&
|
|
|
|
status_code == WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED &&
|
|
|
|
wpa_s->sme.sae.state == SAE_COMMITTED &&
|
2022-08-08 13:33:38 +02:00
|
|
|
((external && wpa_s->sme.ext_auth_wpa_ssid) ||
|
|
|
|
(!external && wpa_s->current_bss && wpa_s->current_ssid))) {
|
2013-01-01 15:23:47 +01:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "SME: SAE group not supported");
|
2019-09-06 14:40:39 +02:00
|
|
|
int_array_add_unique(&wpa_s->sme.sae_rejected_groups,
|
|
|
|
wpa_s->sme.sae.group);
|
2013-01-01 15:23:47 +01:00
|
|
|
wpa_s->sme.sae_group_index++;
|
2022-11-27 23:06:16 +01:00
|
|
|
if (sme_set_sae_group(wpa_s, external) < 0)
|
2013-01-01 15:23:47 +01:00
|
|
|
return -1; /* no other groups enabled */
|
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "SME: Try next enabled SAE group");
|
2022-10-19 16:14:06 +02:00
|
|
|
if (!external) {
|
2018-02-01 12:31:28 +01:00
|
|
|
sme_send_authentication(wpa_s, wpa_s->current_bss,
|
|
|
|
wpa_s->current_ssid, 1);
|
2022-10-19 16:14:06 +02:00
|
|
|
} else {
|
|
|
|
if (wpa_s->sme.ext_ml_auth &&
|
2023-05-09 15:53:21 +02:00
|
|
|
sme_external_ml_auth(wpa_s, data, len, *ie_offset,
|
|
|
|
status_code))
|
2022-10-19 16:14:06 +02:00
|
|
|
return -1;
|
|
|
|
|
2018-02-01 12:31:28 +01:00
|
|
|
sme_external_auth_send_sae_commit(
|
2019-04-28 15:24:32 +02:00
|
|
|
wpa_s, wpa_s->sme.ext_auth_bssid,
|
2022-08-08 13:33:38 +02:00
|
|
|
wpa_s->sme.ext_auth_wpa_ssid);
|
2022-10-19 16:14:06 +02:00
|
|
|
}
|
2013-01-01 15:23:47 +01:00
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
2018-05-19 16:28:01 +02:00
|
|
|
if (auth_transaction == 1 &&
|
|
|
|
status_code == WLAN_STATUS_UNKNOWN_PASSWORD_IDENTIFIER) {
|
|
|
|
const u8 *bssid = sa ? sa : wpa_s->pending_bssid;
|
|
|
|
|
|
|
|
wpa_msg(wpa_s, MSG_INFO,
|
|
|
|
WPA_EVENT_SAE_UNKNOWN_PASSWORD_IDENTIFIER MACSTR,
|
|
|
|
MAC2STR(bssid));
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2019-09-06 14:40:39 +02:00
|
|
|
if (status_code != WLAN_STATUS_SUCCESS &&
|
2020-05-30 22:30:42 +02:00
|
|
|
status_code != WLAN_STATUS_SAE_HASH_TO_ELEMENT &&
|
2021-07-14 12:03:05 +02:00
|
|
|
status_code != WLAN_STATUS_SAE_PK) {
|
|
|
|
const u8 *bssid = sa ? sa : wpa_s->pending_bssid;
|
|
|
|
|
|
|
|
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_AUTH_REJECT MACSTR
|
|
|
|
" auth_type=%u auth_transaction=%u status_code=%u",
|
|
|
|
MAC2STR(bssid), WLAN_AUTH_SAE,
|
|
|
|
auth_transaction, status_code);
|
2022-04-26 08:52:37 +02:00
|
|
|
return -2;
|
2021-07-14 12:03:05 +02:00
|
|
|
}
|
2012-09-30 18:51:07 +02:00
|
|
|
|
|
|
|
if (auth_transaction == 1) {
|
2015-06-23 21:30:15 +02:00
|
|
|
u16 res;
|
|
|
|
|
2014-11-25 03:04:41 +01:00
|
|
|
groups = wpa_s->conf->sae_groups;
|
2013-11-02 17:07:49 +01:00
|
|
|
|
2012-09-30 18:51:07 +02:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "SME SAE commit");
|
2022-08-08 13:33:38 +02:00
|
|
|
if ((external && !wpa_s->sme.ext_auth_wpa_ssid) ||
|
|
|
|
(!external &&
|
|
|
|
(!wpa_s->current_bss || !wpa_s->current_ssid)))
|
2012-09-30 18:51:07 +02:00
|
|
|
return -1;
|
2019-10-27 13:35:04 +01:00
|
|
|
if (wpa_s->sme.sae.state != SAE_COMMITTED) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"SAE: Ignore commit message while waiting for confirm");
|
|
|
|
return 0;
|
|
|
|
}
|
2020-06-06 11:08:37 +02:00
|
|
|
if (wpa_s->sme.sae.h2e && status_code == WLAN_STATUS_SUCCESS) {
|
2020-02-08 02:36:13 +01:00
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"SAE: Unexpected use of status code 0 in SAE commit when H2E was expected");
|
|
|
|
return -1;
|
|
|
|
}
|
2020-06-06 11:08:37 +02:00
|
|
|
if ((!wpa_s->sme.sae.h2e || wpa_s->sme.sae.pk) &&
|
2020-02-08 02:36:13 +01:00
|
|
|
status_code == WLAN_STATUS_SAE_HASH_TO_ELEMENT) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"SAE: Unexpected use of status code for H2E in SAE commit when H2E was not expected");
|
|
|
|
return -1;
|
|
|
|
}
|
2020-06-06 11:08:37 +02:00
|
|
|
if (!wpa_s->sme.sae.pk &&
|
2020-05-30 22:30:42 +02:00
|
|
|
status_code == WLAN_STATUS_SAE_PK) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"SAE: Unexpected use of status code for PK in SAE commit when PK was not expected");
|
|
|
|
return -1;
|
|
|
|
}
|
2020-02-08 02:36:13 +01:00
|
|
|
|
2013-11-02 17:07:49 +01:00
|
|
|
if (groups && groups[0] <= 0)
|
|
|
|
groups = NULL;
|
2015-06-23 21:30:15 +02:00
|
|
|
res = sae_parse_commit(&wpa_s->sme.sae, data, len, NULL, NULL,
|
2019-09-07 17:33:02 +02:00
|
|
|
groups, status_code ==
|
2020-05-30 22:30:42 +02:00
|
|
|
WLAN_STATUS_SAE_HASH_TO_ELEMENT ||
|
2022-12-06 10:46:05 +01:00
|
|
|
status_code == WLAN_STATUS_SAE_PK,
|
|
|
|
ie_offset);
|
2015-06-23 21:30:15 +02:00
|
|
|
if (res == SAE_SILENTLY_DISCARD) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"SAE: Drop commit message due to reflection attack");
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
if (res != WLAN_STATUS_SUCCESS)
|
2012-10-06 18:30:54 +02:00
|
|
|
return -1;
|
2012-12-30 21:16:18 +01:00
|
|
|
|
2019-09-06 14:40:39 +02:00
|
|
|
if (wpa_s->sme.sae.tmp &&
|
|
|
|
sme_check_sae_rejected_groups(
|
|
|
|
wpa_s,
|
2019-12-06 23:28:13 +01:00
|
|
|
wpa_s->sme.sae.tmp->peer_rejected_groups))
|
2019-09-06 14:40:39 +02:00
|
|
|
return -1;
|
|
|
|
|
2012-12-30 21:16:18 +01:00
|
|
|
if (sae_process_commit(&wpa_s->sme.sae) < 0) {
|
|
|
|
wpa_printf(MSG_DEBUG, "SAE: Failed to process peer "
|
|
|
|
"commit");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
|
2012-12-31 15:58:36 +01:00
|
|
|
wpabuf_free(wpa_s->sme.sae_token);
|
|
|
|
wpa_s->sme.sae_token = NULL;
|
2022-10-19 16:14:06 +02:00
|
|
|
if (!external) {
|
2018-02-01 12:31:28 +01:00
|
|
|
sme_send_authentication(wpa_s, wpa_s->current_bss,
|
|
|
|
wpa_s->current_ssid, 0);
|
2022-10-19 16:14:06 +02:00
|
|
|
} else {
|
|
|
|
if (wpa_s->sme.ext_ml_auth &&
|
2023-05-09 15:53:21 +02:00
|
|
|
sme_external_ml_auth(wpa_s, data, len, *ie_offset,
|
|
|
|
status_code))
|
2022-10-19 16:14:06 +02:00
|
|
|
return -1;
|
|
|
|
|
2018-02-01 12:31:28 +01:00
|
|
|
sme_external_auth_send_sae_confirm(wpa_s, sa);
|
2022-10-19 16:14:06 +02:00
|
|
|
}
|
2012-09-30 18:51:07 +02:00
|
|
|
return 0;
|
|
|
|
} else if (auth_transaction == 2) {
|
2019-09-06 14:40:39 +02:00
|
|
|
if (status_code != WLAN_STATUS_SUCCESS)
|
|
|
|
return -1;
|
2012-09-30 18:51:07 +02:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "SME SAE confirm");
|
2012-12-31 10:05:42 +01:00
|
|
|
if (wpa_s->sme.sae.state != SAE_CONFIRMED)
|
2012-10-06 18:30:54 +02:00
|
|
|
return -1;
|
2022-12-06 10:46:05 +01:00
|
|
|
if (sae_check_confirm(&wpa_s->sme.sae, data, len,
|
|
|
|
ie_offset) < 0)
|
2012-10-06 18:30:54 +02:00
|
|
|
return -1;
|
2022-10-19 16:14:06 +02:00
|
|
|
if (external && wpa_s->sme.ext_ml_auth &&
|
2023-05-09 15:53:21 +02:00
|
|
|
sme_external_ml_auth(wpa_s, data, len, *ie_offset,
|
|
|
|
status_code))
|
2022-10-19 16:14:06 +02:00
|
|
|
return -1;
|
|
|
|
|
2012-12-31 10:05:42 +01:00
|
|
|
wpa_s->sme.sae.state = SAE_ACCEPTED;
|
2013-01-06 18:06:59 +01:00
|
|
|
sae_clear_temp_data(&wpa_s->sme.sae);
|
2024-07-07 11:11:06 +02:00
|
|
|
wpa_s_clear_sae_rejected(wpa_s);
|
2018-02-01 12:31:28 +01:00
|
|
|
|
|
|
|
if (external) {
|
|
|
|
/* Report success to driver */
|
|
|
|
sme_send_external_auth_status(wpa_s,
|
|
|
|
WLAN_STATUS_SUCCESS);
|
|
|
|
}
|
|
|
|
|
2012-09-30 18:51:07 +02:00
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
return -1;
|
|
|
|
}
|
2018-02-01 12:31:28 +01:00
|
|
|
|
|
|
|
|
2019-08-16 07:08:10 +02:00
|
|
|
static int sme_sae_set_pmk(struct wpa_supplicant *wpa_s, const u8 *bssid)
|
2019-08-14 16:49:23 +02:00
|
|
|
{
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"SME: SAE completed - setting PMK for 4-way handshake");
|
2022-07-24 21:15:52 +02:00
|
|
|
wpa_sm_set_pmk(wpa_s->wpa, wpa_s->sme.sae.pmk, wpa_s->sme.sae.pmk_len,
|
2019-08-16 07:08:10 +02:00
|
|
|
wpa_s->sme.sae.pmkid, bssid);
|
2019-08-14 16:49:23 +02:00
|
|
|
if (wpa_s->conf->sae_pmkid_in_assoc) {
|
|
|
|
/* Update the own RSNE contents now that we have set the PMK
|
|
|
|
* and added a PMKSA cache entry based on the successfully
|
|
|
|
* completed SAE exchange. In practice, this will add the PMKID
|
|
|
|
* into RSNE. */
|
|
|
|
if (wpa_s->sme.assoc_req_ie_len + 2 + PMKID_LEN >
|
|
|
|
sizeof(wpa_s->sme.assoc_req_ie)) {
|
|
|
|
wpa_msg(wpa_s, MSG_WARNING,
|
|
|
|
"RSN: Not enough room for inserting own PMKID into RSNE");
|
|
|
|
return -1;
|
|
|
|
}
|
|
|
|
if (wpa_insert_pmkid(wpa_s->sme.assoc_req_ie,
|
|
|
|
&wpa_s->sme.assoc_req_ie_len,
|
2024-02-03 19:13:46 +01:00
|
|
|
wpa_s->sme.sae.pmkid, true) < 0)
|
2019-08-14 16:49:23 +02:00
|
|
|
return -1;
|
|
|
|
wpa_hexdump(MSG_DEBUG,
|
|
|
|
"SME: Updated Association Request IEs",
|
|
|
|
wpa_s->sme.assoc_req_ie,
|
|
|
|
wpa_s->sme.assoc_req_ie_len);
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2018-02-01 12:31:28 +01:00
|
|
|
void sme_external_auth_mgmt_rx(struct wpa_supplicant *wpa_s,
|
|
|
|
const u8 *auth_frame, size_t len)
|
|
|
|
{
|
|
|
|
const struct ieee80211_mgmt *header;
|
|
|
|
size_t auth_length;
|
|
|
|
|
|
|
|
header = (const struct ieee80211_mgmt *) auth_frame;
|
|
|
|
auth_length = IEEE80211_HDRLEN + sizeof(header->u.auth);
|
|
|
|
|
|
|
|
if (len < auth_length) {
|
|
|
|
/* Notify failure to the driver */
|
|
|
|
sme_send_external_auth_status(wpa_s,
|
|
|
|
WLAN_STATUS_UNSPECIFIED_FAILURE);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2018-11-30 16:26:26 +01:00
|
|
|
if (le_to_host16(header->u.auth.auth_alg) == WLAN_AUTH_SAE) {
|
2018-02-01 12:31:28 +01:00
|
|
|
int res;
|
2022-10-19 16:14:06 +02:00
|
|
|
int ie_offset = 0;
|
2018-02-01 12:31:28 +01:00
|
|
|
|
2018-11-30 16:26:26 +01:00
|
|
|
res = sme_sae_auth(
|
|
|
|
wpa_s, le_to_host16(header->u.auth.auth_transaction),
|
|
|
|
le_to_host16(header->u.auth.status_code),
|
|
|
|
header->u.auth.variable,
|
2022-10-19 16:14:06 +02:00
|
|
|
len - auth_length, 1, header->sa, &ie_offset);
|
2018-02-01 12:31:28 +01:00
|
|
|
if (res < 0) {
|
|
|
|
/* Notify failure to the driver */
|
|
|
|
sme_send_external_auth_status(
|
2022-04-26 08:52:37 +02:00
|
|
|
wpa_s,
|
|
|
|
res == -2 ?
|
|
|
|
le_to_host16(header->u.auth.status_code) :
|
|
|
|
WLAN_STATUS_UNSPECIFIED_FAILURE);
|
2018-02-01 12:31:28 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
if (res != 1)
|
|
|
|
return;
|
|
|
|
|
2022-10-19 16:14:06 +02:00
|
|
|
if (sme_sae_set_pmk(wpa_s,
|
|
|
|
wpa_s->sme.ext_ml_auth ?
|
|
|
|
wpa_s->sme.ext_auth_ap_mld_addr :
|
|
|
|
wpa_s->sme.ext_auth_bssid) < 0)
|
2019-08-14 16:49:23 +02:00
|
|
|
return;
|
2018-02-01 12:31:28 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2012-09-30 18:51:07 +02:00
|
|
|
#endif /* CONFIG_SAE */
|
|
|
|
|
|
|
|
|
2009-03-20 21:26:41 +01:00
|
|
|
void sme_event_auth(struct wpa_supplicant *wpa_s, union wpa_event_data *data)
|
|
|
|
{
|
|
|
|
struct wpa_ssid *ssid = wpa_s->current_ssid;
|
2022-12-06 10:46:06 +01:00
|
|
|
int ie_offset = 0;
|
2009-03-20 21:26:41 +01:00
|
|
|
|
|
|
|
if (ssid == NULL) {
|
2011-02-10 19:14:46 +01:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "SME: Ignore authentication event "
|
|
|
|
"when network is not selected");
|
2009-03-20 21:26:41 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (wpa_s->wpa_state != WPA_AUTHENTICATING) {
|
2011-02-10 19:14:46 +01:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "SME: Ignore authentication event "
|
|
|
|
"when not in authenticating state");
|
2009-03-20 21:26:41 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
Use ether_addr_equal() to compare whether two MAC addresses are equal
This was done with spatch using the following semantic patch and minor
manual edits to clean up coding style and avoid compiler warnings in
driver_wext.c:
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) == 0
+ ether_addr_equal(a, b)
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) != 0
+ !ether_addr_equal(a, b)
@@
expression a,b;
@@
- !os_memcmp(a, b, ETH_ALEN)
+ ether_addr_equal(a, b)
Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-13 22:15:36 +01:00
|
|
|
if (!ether_addr_equal(wpa_s->pending_bssid, data->auth.peer) &&
|
2022-12-06 10:46:08 +01:00
|
|
|
!(wpa_s->valid_links &&
|
Use ether_addr_equal() to compare whether two MAC addresses are equal
This was done with spatch using the following semantic patch and minor
manual edits to clean up coding style and avoid compiler warnings in
driver_wext.c:
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) == 0
+ ether_addr_equal(a, b)
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) != 0
+ !ether_addr_equal(a, b)
@@
expression a,b;
@@
- !os_memcmp(a, b, ETH_ALEN)
+ ether_addr_equal(a, b)
Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-13 22:15:36 +01:00
|
|
|
ether_addr_equal(wpa_s->ap_mld_addr, data->auth.peer))) {
|
2011-02-10 19:14:46 +01:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "SME: Ignore authentication with "
|
|
|
|
"unexpected peer " MACSTR,
|
|
|
|
MAC2STR(data->auth.peer));
|
2009-03-20 21:26:41 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2011-02-10 19:14:46 +01:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "SME: Authentication response: peer=" MACSTR
|
2012-09-30 18:51:07 +02:00
|
|
|
" auth_type=%d auth_transaction=%d status_code=%d",
|
2011-02-10 19:14:46 +01:00
|
|
|
MAC2STR(data->auth.peer), data->auth.auth_type,
|
2012-09-30 18:51:07 +02:00
|
|
|
data->auth.auth_transaction, data->auth.status_code);
|
2009-03-20 21:26:41 +01:00
|
|
|
wpa_hexdump(MSG_MSGDUMP, "SME: Authentication response IEs",
|
|
|
|
data->auth.ies, data->auth.ies_len);
|
|
|
|
|
2011-02-24 15:59:46 +01:00
|
|
|
eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL);
|
|
|
|
|
2012-09-30 18:51:07 +02:00
|
|
|
#ifdef CONFIG_SAE
|
|
|
|
if (data->auth.auth_type == WLAN_AUTH_SAE) {
|
2022-12-06 10:46:09 +01:00
|
|
|
const u8 *addr = wpa_s->pending_bssid;
|
2012-10-06 18:30:54 +02:00
|
|
|
int res;
|
2022-12-06 10:46:09 +01:00
|
|
|
|
2012-10-06 18:30:54 +02:00
|
|
|
res = sme_sae_auth(wpa_s, data->auth.auth_transaction,
|
|
|
|
data->auth.status_code, data->auth.ies,
|
2022-12-06 10:46:05 +01:00
|
|
|
data->auth.ies_len, 0, data->auth.peer,
|
2022-12-06 10:46:06 +01:00
|
|
|
&ie_offset);
|
2012-10-06 18:30:54 +02:00
|
|
|
if (res < 0) {
|
2023-11-21 00:51:25 +01:00
|
|
|
wpas_connection_failed(wpa_s, wpa_s->pending_bssid,
|
|
|
|
NULL);
|
2012-10-06 18:30:54 +02:00
|
|
|
wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
|
|
|
|
|
2024-07-07 10:52:36 +02:00
|
|
|
if (wpa_s->sme.sae_rejected_groups &&
|
|
|
|
ssid->disabled_until.sec) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"SME: Clear SAE state with rejected groups due to continuous failures");
|
|
|
|
wpa_s_clear_sae_rejected(wpa_s);
|
|
|
|
}
|
2012-10-06 18:30:54 +02:00
|
|
|
}
|
|
|
|
if (res != 1)
|
2012-09-30 18:51:07 +02:00
|
|
|
return;
|
2012-12-30 21:35:59 +01:00
|
|
|
|
2022-12-06 10:46:09 +01:00
|
|
|
if (wpa_s->valid_links)
|
|
|
|
addr = wpa_s->ap_mld_addr;
|
|
|
|
|
|
|
|
if (sme_sae_set_pmk(wpa_s, addr) < 0)
|
2019-08-14 16:49:23 +02:00
|
|
|
return;
|
2012-09-30 18:51:07 +02:00
|
|
|
}
|
|
|
|
#endif /* CONFIG_SAE */
|
|
|
|
|
2009-03-20 21:26:41 +01:00
|
|
|
if (data->auth.status_code != WLAN_STATUS_SUCCESS) {
|
2015-09-05 17:33:35 +02:00
|
|
|
char *ie_txt = NULL;
|
|
|
|
|
|
|
|
if (data->auth.ies && data->auth.ies_len) {
|
|
|
|
size_t buflen = 2 * data->auth.ies_len + 1;
|
|
|
|
ie_txt = os_malloc(buflen);
|
|
|
|
if (ie_txt) {
|
|
|
|
wpa_snprintf_hex(ie_txt, buflen, data->auth.ies,
|
|
|
|
data->auth.ies_len);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_AUTH_REJECT MACSTR
|
2017-02-10 10:49:36 +01:00
|
|
|
" auth_type=%u auth_transaction=%u status_code=%u%s%s",
|
2015-09-05 17:33:35 +02:00
|
|
|
MAC2STR(data->auth.peer), data->auth.auth_type,
|
|
|
|
data->auth.auth_transaction, data->auth.status_code,
|
2017-02-10 10:49:36 +01:00
|
|
|
ie_txt ? " ie=" : "",
|
|
|
|
ie_txt ? ie_txt : "");
|
2015-09-05 17:33:35 +02:00
|
|
|
os_free(ie_txt);
|
2010-08-17 15:39:33 +02:00
|
|
|
|
2018-07-27 10:25:27 +02:00
|
|
|
#ifdef CONFIG_FILS
|
|
|
|
if (wpa_s->sme.auth_alg == WPA_AUTH_ALG_FILS ||
|
|
|
|
wpa_s->sme.auth_alg == WPA_AUTH_ALG_FILS_SK_PFS)
|
|
|
|
fils_connection_failure(wpa_s);
|
|
|
|
#endif /* CONFIG_FILS */
|
|
|
|
|
2010-08-17 15:39:33 +02:00
|
|
|
if (data->auth.status_code !=
|
|
|
|
WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG ||
|
|
|
|
wpa_s->sme.auth_alg == data->auth.auth_type ||
|
2010-11-25 21:00:04 +01:00
|
|
|
wpa_s->current_ssid->auth_alg == WPA_AUTH_ALG_LEAP) {
|
2023-11-21 00:51:25 +01:00
|
|
|
wpas_connection_failed(wpa_s, wpa_s->pending_bssid,
|
|
|
|
NULL);
|
2012-06-25 13:23:25 +02:00
|
|
|
wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
|
2010-08-17 15:39:33 +02:00
|
|
|
return;
|
2010-11-25 21:00:04 +01:00
|
|
|
}
|
2010-08-17 15:39:33 +02:00
|
|
|
|
2014-01-31 22:31:26 +01:00
|
|
|
wpas_connect_work_done(wpa_s);
|
|
|
|
|
2010-08-17 15:39:33 +02:00
|
|
|
switch (data->auth.auth_type) {
|
|
|
|
case WLAN_AUTH_OPEN:
|
|
|
|
wpa_s->current_ssid->auth_alg = WPA_AUTH_ALG_SHARED;
|
|
|
|
|
2011-02-10 19:14:46 +01:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "SME: Trying SHARED auth");
|
2010-08-17 15:39:33 +02:00
|
|
|
wpa_supplicant_associate(wpa_s, wpa_s->current_bss,
|
|
|
|
wpa_s->current_ssid);
|
|
|
|
return;
|
|
|
|
|
|
|
|
case WLAN_AUTH_SHARED_KEY:
|
|
|
|
wpa_s->current_ssid->auth_alg = WPA_AUTH_ALG_LEAP;
|
|
|
|
|
2011-02-10 19:14:46 +01:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "SME: Trying LEAP auth");
|
2010-08-17 15:39:33 +02:00
|
|
|
wpa_supplicant_associate(wpa_s, wpa_s->current_bss,
|
|
|
|
wpa_s->current_ssid);
|
|
|
|
return;
|
|
|
|
|
|
|
|
default:
|
|
|
|
return;
|
|
|
|
}
|
2009-03-20 21:26:41 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
#ifdef CONFIG_IEEE80211R
|
|
|
|
if (data->auth.auth_type == WLAN_AUTH_FT) {
|
2017-02-18 20:14:10 +01:00
|
|
|
const u8 *ric_ies = NULL;
|
|
|
|
size_t ric_ies_len = 0;
|
|
|
|
|
|
|
|
if (wpa_s->ric_ies) {
|
|
|
|
ric_ies = wpabuf_head(wpa_s->ric_ies);
|
|
|
|
ric_ies_len = wpabuf_len(wpa_s->ric_ies);
|
|
|
|
}
|
2015-06-20 16:36:58 +02:00
|
|
|
if (wpa_ft_process_response(wpa_s->wpa, data->auth.ies,
|
|
|
|
data->auth.ies_len, 0,
|
2017-02-18 20:14:10 +01:00
|
|
|
data->auth.peer,
|
|
|
|
ric_ies, ric_ies_len) < 0) {
|
2015-06-20 16:36:58 +02:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG,
|
|
|
|
"SME: FT Authentication response processing failed");
|
|
|
|
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DISCONNECTED "bssid="
|
|
|
|
MACSTR
|
|
|
|
" reason=%d locally_generated=1",
|
|
|
|
MAC2STR(wpa_s->pending_bssid),
|
|
|
|
WLAN_REASON_DEAUTH_LEAVING);
|
2023-11-21 00:51:25 +01:00
|
|
|
wpas_connection_failed(wpa_s, wpa_s->pending_bssid,
|
|
|
|
NULL);
|
2015-06-20 16:36:58 +02:00
|
|
|
wpa_supplicant_mark_disassoc(wpa_s);
|
|
|
|
return;
|
|
|
|
}
|
2009-03-20 21:26:41 +01:00
|
|
|
}
|
|
|
|
#endif /* CONFIG_IEEE80211R */
|
|
|
|
|
2015-09-07 23:14:13 +02:00
|
|
|
#ifdef CONFIG_FILS
|
2017-03-12 21:45:35 +01:00
|
|
|
if (data->auth.auth_type == WLAN_AUTH_FILS_SK ||
|
|
|
|
data->auth.auth_type == WLAN_AUTH_FILS_SK_PFS) {
|
|
|
|
u16 expect_auth_type;
|
|
|
|
|
|
|
|
expect_auth_type = wpa_s->sme.auth_alg ==
|
|
|
|
WPA_AUTH_ALG_FILS_SK_PFS ? WLAN_AUTH_FILS_SK_PFS :
|
|
|
|
WLAN_AUTH_FILS_SK;
|
|
|
|
if (data->auth.auth_type != expect_auth_type) {
|
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG,
|
|
|
|
"SME: FILS Authentication response used different auth alg (%u; expected %u)",
|
|
|
|
data->auth.auth_type, expect_auth_type);
|
|
|
|
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DISCONNECTED "bssid="
|
|
|
|
MACSTR
|
|
|
|
" reason=%d locally_generated=1",
|
|
|
|
MAC2STR(wpa_s->pending_bssid),
|
|
|
|
WLAN_REASON_DEAUTH_LEAVING);
|
2023-11-21 00:51:25 +01:00
|
|
|
wpas_connection_failed(wpa_s, wpa_s->pending_bssid,
|
|
|
|
NULL);
|
2017-03-12 21:45:35 +01:00
|
|
|
wpa_supplicant_mark_disassoc(wpa_s);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2017-02-21 11:25:02 +01:00
|
|
|
if (fils_process_auth(wpa_s->wpa, wpa_s->pending_bssid,
|
|
|
|
data->auth.ies, data->auth.ies_len) < 0) {
|
2015-09-07 23:14:13 +02:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG,
|
|
|
|
"SME: FILS Authentication response processing failed");
|
|
|
|
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DISCONNECTED "bssid="
|
|
|
|
MACSTR
|
|
|
|
" reason=%d locally_generated=1",
|
|
|
|
MAC2STR(wpa_s->pending_bssid),
|
|
|
|
WLAN_REASON_DEAUTH_LEAVING);
|
2023-11-21 00:51:25 +01:00
|
|
|
wpas_connection_failed(wpa_s, wpa_s->pending_bssid,
|
|
|
|
NULL);
|
2015-09-07 23:14:13 +02:00
|
|
|
wpa_supplicant_mark_disassoc(wpa_s);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_FILS */
|
|
|
|
|
2022-12-06 10:46:06 +01:00
|
|
|
/* TODO: Support additional auth_type values as well */
|
2023-12-28 14:19:23 +01:00
|
|
|
if ((data->auth.auth_type == WLAN_AUTH_OPEN ||
|
|
|
|
data->auth.auth_type == WLAN_AUTH_SAE) &&
|
|
|
|
wpas_sme_ml_auth(wpa_s, data, ie_offset) < 0) {
|
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG,
|
|
|
|
"MLD: Failed to parse ML Authentication frame");
|
|
|
|
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DISCONNECTED "bssid=" MACSTR
|
|
|
|
" reason=%d locally_generated=1",
|
|
|
|
MAC2STR(wpa_s->pending_bssid),
|
|
|
|
WLAN_REASON_DEAUTH_LEAVING);
|
|
|
|
wpas_connection_failed(wpa_s, wpa_s->pending_bssid, NULL);
|
2024-04-08 15:06:57 +02:00
|
|
|
wpa_supplicant_deauthenticate(wpa_s,
|
|
|
|
WLAN_REASON_DEAUTH_LEAVING);
|
2024-04-08 15:06:59 +02:00
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"MLD: Authentication - clearing MLD state");
|
|
|
|
wpas_reset_mlo_info(wpa_s);
|
2023-12-28 14:19:23 +01:00
|
|
|
return;
|
|
|
|
}
|
2022-12-06 10:46:06 +01:00
|
|
|
|
2010-03-13 16:14:41 +01:00
|
|
|
sme_associate(wpa_s, ssid->mode, data->auth.peer,
|
|
|
|
data->auth.auth_type);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2017-05-07 11:00:27 +02:00
|
|
|
#ifdef CONFIG_IEEE80211R
|
|
|
|
static void remove_ie(u8 *buf, size_t *len, u8 eid)
|
|
|
|
{
|
|
|
|
u8 *pos, *next, *end;
|
|
|
|
|
|
|
|
pos = (u8 *) get_ie(buf, *len, eid);
|
|
|
|
if (pos) {
|
|
|
|
next = pos + 2 + pos[1];
|
|
|
|
end = buf + *len;
|
|
|
|
*len -= 2 + pos[1];
|
|
|
|
os_memmove(pos, next, end - next);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_IEEE80211R */
|
|
|
|
|
|
|
|
|
2010-03-13 16:14:41 +01:00
|
|
|
void sme_associate(struct wpa_supplicant *wpa_s, enum wpas_mode mode,
|
|
|
|
const u8 *bssid, u16 auth_type)
|
|
|
|
{
|
|
|
|
struct wpa_driver_associate_params params;
|
2010-04-07 09:31:06 +02:00
|
|
|
struct ieee802_11_elems elems;
|
2020-05-01 16:20:33 +02:00
|
|
|
struct wpa_ssid *ssid = wpa_s->current_ssid;
|
2015-09-08 19:58:53 +02:00
|
|
|
#ifdef CONFIG_FILS
|
|
|
|
u8 nonces[2 * FILS_NONCE_LEN];
|
|
|
|
#endif /* CONFIG_FILS */
|
2012-01-29 20:01:31 +01:00
|
|
|
#ifdef CONFIG_HT_OVERRIDES
|
|
|
|
struct ieee80211_ht_capabilities htcaps;
|
|
|
|
struct ieee80211_ht_capabilities htcaps_mask;
|
|
|
|
#endif /* CONFIG_HT_OVERRIDES */
|
2013-03-10 17:04:39 +01:00
|
|
|
#ifdef CONFIG_VHT_OVERRIDES
|
|
|
|
struct ieee80211_vht_capabilities vhtcaps;
|
|
|
|
struct ieee80211_vht_capabilities vhtcaps_mask;
|
|
|
|
#endif /* CONFIG_VHT_OVERRIDES */
|
2010-03-13 16:14:41 +01:00
|
|
|
|
2009-03-20 21:26:41 +01:00
|
|
|
os_memset(¶ms, 0, sizeof(params));
|
2015-09-08 19:58:53 +02:00
|
|
|
|
SME: Handle PMF association comeback when not handled in driver
In associations using PMF (IEEE 802.11w/MFP), the infrastructure
implements SA teardown protection by rejecting an (Re)Association
Request frame from an already-associated client. The AP responds with
error 30 (Association request rejected temporarily) to instruct the
(potentially spoofing) client to back off, while it issues an SA Query
procedure to the already-associated client. If the client can respond to
it within the back-off period, it considers the new association to be a
spoof attempt.
However, there are cases where a legitimate client might need to
handle this error response - consider if the STA has deauthenticated,
but the AP cannot hear it (out of range). If the MFP STA has deleted
its keys, it cannot respond to the SA Query procedure.
This association comeback process has commonly been implemented in the
driver, e.g., within mac80211 in case of the Linux drivers that use SME
in userspace. However, there are drivers that do not implement this
functionality. Extended wpa_supplicant to cover such cases as well.
The current implementation interprets this association error as a true
error, and will either add the BSS to the list of ignored BSSIDs, or
continue to try other BSSes. This can cause wpa_supplicant to back off
trying to reconnect for progressively longer intervals, depending on the
infrastructure's configured comeback timeout.
Allow wpa_supplicant to interpret the error, searching for the Timeout
Interval element in the (Re)Association Response frame and starting a
timer in the SME layer to re-associate after the timeout. This can be a
long delay (1-4 seconds in my experience), but it is likely much shorter
than bouncing between nearby BSSes.
This does not change behavior for drivers that implement association
comeback timer internally since they do not report the temporary
association rejection status code to user space.
Signed-off-by: Harry Bock <hbock@zebra.com>
2024-01-10 20:09:09 +01:00
|
|
|
/* Save auth type, in case we need to retry after comeback timer. */
|
|
|
|
wpa_s->sme.assoc_auth_type = auth_type;
|
|
|
|
|
2015-09-08 19:58:53 +02:00
|
|
|
#ifdef CONFIG_FILS
|
2017-03-12 21:45:35 +01:00
|
|
|
if (auth_type == WLAN_AUTH_FILS_SK ||
|
|
|
|
auth_type == WLAN_AUTH_FILS_SK_PFS) {
|
2015-09-08 19:58:53 +02:00
|
|
|
struct wpabuf *buf;
|
|
|
|
const u8 *snonce, *anonce;
|
2017-01-29 13:07:20 +01:00
|
|
|
const unsigned int max_hlp = 20;
|
|
|
|
struct wpabuf *hlp[max_hlp];
|
|
|
|
unsigned int i, num_hlp = 0;
|
|
|
|
struct fils_hlp_req *req;
|
|
|
|
|
|
|
|
dl_list_for_each(req, &wpa_s->fils_hlp_req, struct fils_hlp_req,
|
|
|
|
list) {
|
|
|
|
hlp[num_hlp] = wpabuf_alloc(2 * ETH_ALEN + 6 +
|
|
|
|
wpabuf_len(req->pkt));
|
|
|
|
if (!hlp[num_hlp])
|
|
|
|
break;
|
|
|
|
wpabuf_put_data(hlp[num_hlp], req->dst, ETH_ALEN);
|
|
|
|
wpabuf_put_data(hlp[num_hlp], wpa_s->own_addr,
|
|
|
|
ETH_ALEN);
|
|
|
|
wpabuf_put_data(hlp[num_hlp],
|
|
|
|
"\xaa\xaa\x03\x00\x00\x00", 6);
|
|
|
|
wpabuf_put_buf(hlp[num_hlp], req->pkt);
|
|
|
|
num_hlp++;
|
|
|
|
if (num_hlp >= max_hlp)
|
|
|
|
break;
|
|
|
|
}
|
2015-09-08 19:58:53 +02:00
|
|
|
|
|
|
|
buf = fils_build_assoc_req(wpa_s->wpa, ¶ms.fils_kek,
|
|
|
|
¶ms.fils_kek_len, &snonce,
|
2017-01-29 13:07:20 +01:00
|
|
|
&anonce,
|
|
|
|
(const struct wpabuf **) hlp,
|
|
|
|
num_hlp);
|
|
|
|
for (i = 0; i < num_hlp; i++)
|
|
|
|
wpabuf_free(hlp[i]);
|
2015-09-08 19:58:53 +02:00
|
|
|
if (!buf)
|
|
|
|
return;
|
2017-05-07 11:00:27 +02:00
|
|
|
wpa_hexdump(MSG_DEBUG, "FILS: assoc_req before FILS elements",
|
|
|
|
wpa_s->sme.assoc_req_ie,
|
|
|
|
wpa_s->sme.assoc_req_ie_len);
|
|
|
|
#ifdef CONFIG_IEEE80211R
|
|
|
|
if (wpa_key_mgmt_ft(wpa_s->key_mgmt)) {
|
|
|
|
/* Remove RSNE and MDE to allow them to be overridden
|
|
|
|
* with FILS+FT specific values from
|
|
|
|
* fils_build_assoc_req(). */
|
|
|
|
remove_ie(wpa_s->sme.assoc_req_ie,
|
|
|
|
&wpa_s->sme.assoc_req_ie_len,
|
|
|
|
WLAN_EID_RSN);
|
|
|
|
wpa_hexdump(MSG_DEBUG,
|
|
|
|
"FILS: assoc_req after RSNE removal",
|
|
|
|
wpa_s->sme.assoc_req_ie,
|
|
|
|
wpa_s->sme.assoc_req_ie_len);
|
|
|
|
remove_ie(wpa_s->sme.assoc_req_ie,
|
|
|
|
&wpa_s->sme.assoc_req_ie_len,
|
|
|
|
WLAN_EID_MOBILITY_DOMAIN);
|
|
|
|
wpa_hexdump(MSG_DEBUG,
|
|
|
|
"FILS: assoc_req after MDE removal",
|
|
|
|
wpa_s->sme.assoc_req_ie,
|
|
|
|
wpa_s->sme.assoc_req_ie_len);
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_IEEE80211R */
|
2015-09-08 19:58:53 +02:00
|
|
|
/* TODO: Make wpa_s->sme.assoc_req_ie use dynamic allocation */
|
|
|
|
if (wpa_s->sme.assoc_req_ie_len + wpabuf_len(buf) >
|
|
|
|
sizeof(wpa_s->sme.assoc_req_ie)) {
|
|
|
|
wpa_printf(MSG_ERROR,
|
|
|
|
"FILS: Not enough buffer room for own AssocReq elements");
|
|
|
|
wpabuf_free(buf);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
os_memcpy(wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len,
|
|
|
|
wpabuf_head(buf), wpabuf_len(buf));
|
|
|
|
wpa_s->sme.assoc_req_ie_len += wpabuf_len(buf);
|
|
|
|
wpabuf_free(buf);
|
2017-05-07 11:00:27 +02:00
|
|
|
wpa_hexdump(MSG_DEBUG, "FILS: assoc_req after FILS elements",
|
|
|
|
wpa_s->sme.assoc_req_ie,
|
|
|
|
wpa_s->sme.assoc_req_ie_len);
|
2015-09-08 19:58:53 +02:00
|
|
|
|
|
|
|
os_memcpy(nonces, snonce, FILS_NONCE_LEN);
|
|
|
|
os_memcpy(nonces + FILS_NONCE_LEN, anonce, FILS_NONCE_LEN);
|
|
|
|
params.fils_nonces = nonces;
|
|
|
|
params.fils_nonces_len = sizeof(nonces);
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_FILS */
|
|
|
|
|
2017-03-12 10:53:21 +01:00
|
|
|
#ifdef CONFIG_OWE
|
2017-10-10 17:26:29 +02:00
|
|
|
#ifdef CONFIG_TESTING_OPTIONS
|
|
|
|
if (get_ie_ext(wpa_s->sme.assoc_req_ie, wpa_s->sme.assoc_req_ie_len,
|
|
|
|
WLAN_EID_EXT_OWE_DH_PARAM)) {
|
|
|
|
wpa_printf(MSG_INFO, "TESTING: Override OWE DH element");
|
|
|
|
} else
|
|
|
|
#endif /* CONFIG_TESTING_OPTIONS */
|
2017-03-12 10:53:21 +01:00
|
|
|
if (auth_type == WLAN_AUTH_OPEN &&
|
|
|
|
wpa_s->key_mgmt == WPA_KEY_MGMT_OWE) {
|
|
|
|
struct wpabuf *owe_ie;
|
2017-12-27 20:06:02 +01:00
|
|
|
u16 group;
|
2017-03-12 10:53:21 +01:00
|
|
|
|
2020-05-01 16:20:33 +02:00
|
|
|
if (ssid && ssid->owe_group) {
|
|
|
|
group = ssid->owe_group;
|
2018-11-01 12:03:21 +01:00
|
|
|
} else if (wpa_s->assoc_status_code ==
|
|
|
|
WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED) {
|
2017-12-27 20:06:02 +01:00
|
|
|
if (wpa_s->last_owe_group == 19)
|
|
|
|
group = 20;
|
|
|
|
else if (wpa_s->last_owe_group == 20)
|
|
|
|
group = 21;
|
|
|
|
else
|
|
|
|
group = OWE_DH_GROUP;
|
2018-11-01 12:03:21 +01:00
|
|
|
} else {
|
|
|
|
group = OWE_DH_GROUP;
|
2017-12-27 20:06:02 +01:00
|
|
|
}
|
2018-11-01 12:03:21 +01:00
|
|
|
|
2017-12-27 20:06:02 +01:00
|
|
|
wpa_s->last_owe_group = group;
|
|
|
|
wpa_printf(MSG_DEBUG, "OWE: Try to use group %u", group);
|
2017-10-08 15:39:08 +02:00
|
|
|
owe_ie = owe_build_assoc_req(wpa_s->wpa, group);
|
2017-03-12 10:53:21 +01:00
|
|
|
if (!owe_ie) {
|
|
|
|
wpa_printf(MSG_ERROR,
|
|
|
|
"OWE: Failed to build IE for Association Request frame");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
if (wpa_s->sme.assoc_req_ie_len + wpabuf_len(owe_ie) >
|
|
|
|
sizeof(wpa_s->sme.assoc_req_ie)) {
|
|
|
|
wpa_printf(MSG_ERROR,
|
|
|
|
"OWE: Not enough buffer room for own Association Request frame elements");
|
|
|
|
wpabuf_free(owe_ie);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
os_memcpy(wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len,
|
|
|
|
wpabuf_head(owe_ie), wpabuf_len(owe_ie));
|
|
|
|
wpa_s->sme.assoc_req_ie_len += wpabuf_len(owe_ie);
|
|
|
|
wpabuf_free(owe_ie);
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_OWE */
|
|
|
|
|
2019-03-17 22:51:53 +01:00
|
|
|
#ifdef CONFIG_DPP2
|
2020-05-01 20:07:42 +02:00
|
|
|
if (DPP_VERSION > 1 && wpa_s->key_mgmt == WPA_KEY_MGMT_DPP && ssid &&
|
2020-05-01 16:20:33 +02:00
|
|
|
ssid->dpp_netaccesskey && ssid->dpp_pfs != 2 &&
|
|
|
|
!ssid->dpp_pfs_fallback) {
|
2020-05-01 16:30:03 +02:00
|
|
|
struct rsn_pmksa_cache_entry *pmksa;
|
|
|
|
|
|
|
|
pmksa = pmksa_cache_get_current(wpa_s->wpa);
|
|
|
|
if (!pmksa || !pmksa->dpp_pfs)
|
|
|
|
goto pfs_fail;
|
|
|
|
|
2019-03-17 22:51:53 +01:00
|
|
|
dpp_pfs_free(wpa_s->dpp_pfs);
|
|
|
|
wpa_s->dpp_pfs = dpp_pfs_init(ssid->dpp_netaccesskey,
|
|
|
|
ssid->dpp_netaccesskey_len);
|
|
|
|
if (!wpa_s->dpp_pfs) {
|
|
|
|
wpa_printf(MSG_DEBUG, "DPP: Could not initialize PFS");
|
|
|
|
/* Try to continue without PFS */
|
|
|
|
goto pfs_fail;
|
|
|
|
}
|
|
|
|
if (wpa_s->sme.assoc_req_ie_len +
|
|
|
|
wpabuf_len(wpa_s->dpp_pfs->ie) >
|
|
|
|
sizeof(wpa_s->sme.assoc_req_ie)) {
|
|
|
|
wpa_printf(MSG_ERROR,
|
|
|
|
"DPP: Not enough buffer room for own Association Request frame elements");
|
|
|
|
dpp_pfs_free(wpa_s->dpp_pfs);
|
|
|
|
wpa_s->dpp_pfs = NULL;
|
|
|
|
goto pfs_fail;
|
|
|
|
}
|
|
|
|
os_memcpy(wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len,
|
|
|
|
wpabuf_head(wpa_s->dpp_pfs->ie),
|
|
|
|
wpabuf_len(wpa_s->dpp_pfs->ie));
|
|
|
|
wpa_s->sme.assoc_req_ie_len += wpabuf_len(wpa_s->dpp_pfs->ie);
|
|
|
|
}
|
|
|
|
pfs_fail:
|
|
|
|
#endif /* CONFIG_DPP2 */
|
|
|
|
|
2023-11-27 20:03:58 +01:00
|
|
|
#ifndef CONFIG_NO_ROBUST_AV
|
2020-08-04 20:33:24 +02:00
|
|
|
wpa_s->mscs_setup_done = false;
|
2021-02-06 10:00:09 +01:00
|
|
|
if (wpa_bss_ext_capab(wpa_s->current_bss, WLAN_EXT_CAPAB_MSCS) &&
|
|
|
|
wpa_s->robust_av.valid_config) {
|
2020-06-16 16:51:30 +02:00
|
|
|
struct wpabuf *mscs_ie;
|
|
|
|
size_t mscs_ie_len, buf_len, *wpa_ie_len, max_ie_len;
|
|
|
|
|
|
|
|
buf_len = 3 + /* MSCS descriptor IE header */
|
|
|
|
1 + /* Request type */
|
|
|
|
2 + /* User priority control */
|
|
|
|
4 + /* Stream timeout */
|
|
|
|
3 + /* TCLAS Mask IE header */
|
|
|
|
wpa_s->robust_av.frame_classifier_len;
|
|
|
|
mscs_ie = wpabuf_alloc(buf_len);
|
|
|
|
if (!mscs_ie) {
|
|
|
|
wpa_printf(MSG_INFO,
|
|
|
|
"MSCS: Failed to allocate MSCS IE");
|
|
|
|
goto mscs_fail;
|
|
|
|
}
|
|
|
|
|
|
|
|
wpa_ie_len = &wpa_s->sme.assoc_req_ie_len;
|
|
|
|
max_ie_len = sizeof(wpa_s->sme.assoc_req_ie);
|
|
|
|
wpas_populate_mscs_descriptor_ie(&wpa_s->robust_av, mscs_ie);
|
|
|
|
if ((*wpa_ie_len + wpabuf_len(mscs_ie)) <= max_ie_len) {
|
2020-08-19 11:30:32 +02:00
|
|
|
wpa_hexdump_buf(MSG_MSGDUMP, "MSCS IE", mscs_ie);
|
2020-06-16 16:51:30 +02:00
|
|
|
mscs_ie_len = wpabuf_len(mscs_ie);
|
|
|
|
os_memcpy(wpa_s->sme.assoc_req_ie + *wpa_ie_len,
|
|
|
|
wpabuf_head(mscs_ie), mscs_ie_len);
|
|
|
|
*wpa_ie_len += mscs_ie_len;
|
|
|
|
}
|
|
|
|
|
|
|
|
wpabuf_free(mscs_ie);
|
|
|
|
}
|
|
|
|
mscs_fail:
|
2023-11-27 20:03:58 +01:00
|
|
|
#endif /* CONFIG_NO_ROBUST_AV */
|
2020-06-16 16:51:30 +02:00
|
|
|
|
2020-05-01 16:20:33 +02:00
|
|
|
if (ssid && ssid->multi_ap_backhaul_sta) {
|
2018-12-05 11:23:53 +01:00
|
|
|
size_t multi_ap_ie_len;
|
2024-02-26 13:48:21 +01:00
|
|
|
struct multi_ap_params multi_ap = { 0 };
|
|
|
|
|
|
|
|
multi_ap.capability = MULTI_AP_BACKHAUL_STA;
|
2024-02-26 13:48:21 +01:00
|
|
|
multi_ap.profile = ssid->multi_ap_profile;
|
2018-12-05 11:23:53 +01:00
|
|
|
|
|
|
|
multi_ap_ie_len = add_multi_ap_ie(
|
|
|
|
wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len,
|
|
|
|
sizeof(wpa_s->sme.assoc_req_ie) -
|
|
|
|
wpa_s->sme.assoc_req_ie_len,
|
2024-02-26 13:48:21 +01:00
|
|
|
&multi_ap);
|
2018-12-05 11:23:53 +01:00
|
|
|
if (multi_ap_ie_len == 0) {
|
|
|
|
wpa_printf(MSG_ERROR,
|
|
|
|
"Multi-AP: Failed to build Multi-AP IE");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
wpa_s->sme.assoc_req_ie_len += multi_ap_ie_len;
|
|
|
|
}
|
|
|
|
|
2010-03-13 16:14:41 +01:00
|
|
|
params.bssid = bssid;
|
2009-03-20 21:26:41 +01:00
|
|
|
params.ssid = wpa_s->sme.ssid;
|
|
|
|
params.ssid_len = wpa_s->sme.ssid_len;
|
2014-10-01 09:52:53 +02:00
|
|
|
params.freq.freq = wpa_s->sme.freq;
|
2020-05-01 16:20:33 +02:00
|
|
|
params.bg_scan_period = ssid ? ssid->bg_scan_period : -1;
|
2009-03-20 21:26:41 +01:00
|
|
|
params.wpa_ie = wpa_s->sme.assoc_req_ie_len ?
|
|
|
|
wpa_s->sme.assoc_req_ie : NULL;
|
|
|
|
params.wpa_ie_len = wpa_s->sme.assoc_req_ie_len;
|
2018-12-01 19:10:54 +01:00
|
|
|
wpa_hexdump(MSG_DEBUG, "SME: Association Request IEs",
|
|
|
|
params.wpa_ie, params.wpa_ie_len);
|
2013-12-30 18:33:39 +01:00
|
|
|
params.pairwise_suite = wpa_s->pairwise_cipher;
|
|
|
|
params.group_suite = wpa_s->group_cipher;
|
2017-09-26 16:36:33 +02:00
|
|
|
params.mgmt_group_suite = wpa_s->mgmt_group_cipher;
|
2014-03-25 16:57:54 +01:00
|
|
|
params.key_mgmt_suite = wpa_s->key_mgmt;
|
|
|
|
params.wpa_proto = wpa_s->wpa_proto;
|
2012-01-29 20:01:31 +01:00
|
|
|
#ifdef CONFIG_HT_OVERRIDES
|
|
|
|
os_memset(&htcaps, 0, sizeof(htcaps));
|
|
|
|
os_memset(&htcaps_mask, 0, sizeof(htcaps_mask));
|
|
|
|
params.htcaps = (u8 *) &htcaps;
|
|
|
|
params.htcaps_mask = (u8 *) &htcaps_mask;
|
2020-05-01 16:20:33 +02:00
|
|
|
wpa_supplicant_apply_ht_overrides(wpa_s, ssid, ¶ms);
|
2012-01-29 20:01:31 +01:00
|
|
|
#endif /* CONFIG_HT_OVERRIDES */
|
2013-03-10 17:04:39 +01:00
|
|
|
#ifdef CONFIG_VHT_OVERRIDES
|
|
|
|
os_memset(&vhtcaps, 0, sizeof(vhtcaps));
|
|
|
|
os_memset(&vhtcaps_mask, 0, sizeof(vhtcaps_mask));
|
|
|
|
params.vhtcaps = &vhtcaps;
|
|
|
|
params.vhtcaps_mask = &vhtcaps_mask;
|
2020-05-01 16:20:33 +02:00
|
|
|
wpa_supplicant_apply_vht_overrides(wpa_s, ssid, ¶ms);
|
2013-03-10 17:04:39 +01:00
|
|
|
#endif /* CONFIG_VHT_OVERRIDES */
|
2020-03-09 11:53:50 +01:00
|
|
|
#ifdef CONFIG_HE_OVERRIDES
|
2020-05-01 16:20:33 +02:00
|
|
|
wpa_supplicant_apply_he_overrides(wpa_s, ssid, ¶ms);
|
2020-03-09 11:53:50 +01:00
|
|
|
#endif /* CONFIG_HE_OVERRIDES */
|
2022-10-17 10:12:17 +02:00
|
|
|
wpa_supplicant_apply_eht_overrides(wpa_s, ssid, ¶ms);
|
2009-03-20 21:26:41 +01:00
|
|
|
#ifdef CONFIG_IEEE80211R
|
2018-12-01 19:10:54 +01:00
|
|
|
if (auth_type == WLAN_AUTH_FT && wpa_s->sme.ft_ies &&
|
|
|
|
get_ie(wpa_s->sme.ft_ies, wpa_s->sme.ft_ies_len,
|
|
|
|
WLAN_EID_RIC_DATA)) {
|
|
|
|
/* There seems to be a pretty inconvenient bug in the Linux
|
|
|
|
* kernel IE splitting functionality when RIC is used. For now,
|
|
|
|
* skip correct behavior in IE construction here (i.e., drop the
|
|
|
|
* additional non-FT-specific IEs) to avoid kernel issues. This
|
|
|
|
* is fine since RIC is used only for testing purposes in the
|
|
|
|
* current implementation. */
|
|
|
|
wpa_printf(MSG_INFO,
|
|
|
|
"SME: Linux kernel workaround - do not try to include additional IEs with RIC");
|
2009-03-20 21:26:41 +01:00
|
|
|
params.wpa_ie = wpa_s->sme.ft_ies;
|
|
|
|
params.wpa_ie_len = wpa_s->sme.ft_ies_len;
|
2018-12-01 19:10:54 +01:00
|
|
|
} else if (auth_type == WLAN_AUTH_FT && wpa_s->sme.ft_ies) {
|
|
|
|
const u8 *rm_en, *pos, *end;
|
|
|
|
size_t rm_en_len = 0;
|
|
|
|
u8 *rm_en_dup = NULL, *wpos;
|
|
|
|
|
|
|
|
/* Remove RSNE, MDE, FTE to allow them to be overridden with
|
|
|
|
* FT specific values */
|
|
|
|
remove_ie(wpa_s->sme.assoc_req_ie,
|
|
|
|
&wpa_s->sme.assoc_req_ie_len,
|
|
|
|
WLAN_EID_RSN);
|
|
|
|
remove_ie(wpa_s->sme.assoc_req_ie,
|
|
|
|
&wpa_s->sme.assoc_req_ie_len,
|
|
|
|
WLAN_EID_MOBILITY_DOMAIN);
|
|
|
|
remove_ie(wpa_s->sme.assoc_req_ie,
|
|
|
|
&wpa_s->sme.assoc_req_ie_len,
|
|
|
|
WLAN_EID_FAST_BSS_TRANSITION);
|
|
|
|
rm_en = get_ie(wpa_s->sme.assoc_req_ie,
|
|
|
|
wpa_s->sme.assoc_req_ie_len,
|
|
|
|
WLAN_EID_RRM_ENABLED_CAPABILITIES);
|
|
|
|
if (rm_en) {
|
|
|
|
/* Need to remove RM Enabled Capabilities element as
|
|
|
|
* well temporarily, so that it can be placed between
|
|
|
|
* RSNE and MDE. */
|
|
|
|
rm_en_len = 2 + rm_en[1];
|
|
|
|
rm_en_dup = os_memdup(rm_en, rm_en_len);
|
|
|
|
remove_ie(wpa_s->sme.assoc_req_ie,
|
|
|
|
&wpa_s->sme.assoc_req_ie_len,
|
|
|
|
WLAN_EID_RRM_ENABLED_CAPABILITIES);
|
|
|
|
}
|
|
|
|
wpa_hexdump(MSG_DEBUG,
|
|
|
|
"SME: Association Request IEs after FT IE removal",
|
|
|
|
wpa_s->sme.assoc_req_ie,
|
|
|
|
wpa_s->sme.assoc_req_ie_len);
|
|
|
|
if (wpa_s->sme.assoc_req_ie_len + wpa_s->sme.ft_ies_len +
|
|
|
|
rm_en_len > sizeof(wpa_s->sme.assoc_req_ie)) {
|
|
|
|
wpa_printf(MSG_ERROR,
|
|
|
|
"SME: Not enough buffer room for FT IEs in Association Request frame");
|
|
|
|
os_free(rm_en_dup);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
os_memmove(wpa_s->sme.assoc_req_ie + wpa_s->sme.ft_ies_len +
|
|
|
|
rm_en_len,
|
|
|
|
wpa_s->sme.assoc_req_ie,
|
|
|
|
wpa_s->sme.assoc_req_ie_len);
|
|
|
|
pos = wpa_s->sme.ft_ies;
|
|
|
|
end = pos + wpa_s->sme.ft_ies_len;
|
|
|
|
wpos = wpa_s->sme.assoc_req_ie;
|
|
|
|
if (*pos == WLAN_EID_RSN) {
|
|
|
|
os_memcpy(wpos, pos, 2 + pos[1]);
|
|
|
|
wpos += 2 + pos[1];
|
|
|
|
pos += 2 + pos[1];
|
|
|
|
}
|
|
|
|
if (rm_en_dup) {
|
|
|
|
os_memcpy(wpos, rm_en_dup, rm_en_len);
|
|
|
|
wpos += rm_en_len;
|
|
|
|
os_free(rm_en_dup);
|
|
|
|
}
|
|
|
|
os_memcpy(wpos, pos, end - pos);
|
|
|
|
wpa_s->sme.assoc_req_ie_len += wpa_s->sme.ft_ies_len +
|
|
|
|
rm_en_len;
|
|
|
|
params.wpa_ie = wpa_s->sme.assoc_req_ie;
|
|
|
|
params.wpa_ie_len = wpa_s->sme.assoc_req_ie_len;
|
|
|
|
wpa_hexdump(MSG_DEBUG,
|
|
|
|
"SME: Association Request IEs after FT override",
|
|
|
|
params.wpa_ie, params.wpa_ie_len);
|
2009-03-20 21:26:41 +01:00
|
|
|
}
|
|
|
|
#endif /* CONFIG_IEEE80211R */
|
2010-03-13 16:14:41 +01:00
|
|
|
params.mode = mode;
|
2009-03-20 21:26:41 +01:00
|
|
|
params.mgmt_frame_protection = wpa_s->sme.mfp;
|
2014-11-05 09:42:48 +01:00
|
|
|
params.rrm_used = wpa_s->rrm.rrm_used;
|
2009-11-17 18:25:05 +01:00
|
|
|
if (wpa_s->sme.prev_bssid_set)
|
|
|
|
params.prev_bssid = wpa_s->sme.prev_bssid;
|
2009-03-20 21:26:41 +01:00
|
|
|
|
|
|
|
wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
|
|
|
|
" (SSID='%s' freq=%d MHz)", MAC2STR(params.bssid),
|
|
|
|
params.ssid ? wpa_ssid_txt(params.ssid, params.ssid_len) : "",
|
2014-10-01 09:52:53 +02:00
|
|
|
params.freq.freq);
|
2009-03-20 21:26:41 +01:00
|
|
|
|
|
|
|
wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
|
|
|
|
|
2010-04-11 11:19:02 +02:00
|
|
|
if (params.wpa_ie == NULL ||
|
|
|
|
ieee802_11_parse_elems(params.wpa_ie, params.wpa_ie_len, &elems, 0)
|
2010-04-07 09:31:06 +02:00
|
|
|
< 0) {
|
2011-02-10 19:14:46 +01:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "SME: Could not parse own IEs?!");
|
2010-04-07 09:31:06 +02:00
|
|
|
os_memset(&elems, 0, sizeof(elems));
|
|
|
|
}
|
2011-09-02 19:40:23 +02:00
|
|
|
if (elems.rsn_ie) {
|
|
|
|
params.wpa_proto = WPA_PROTO_RSN;
|
2010-04-07 09:31:06 +02:00
|
|
|
wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, elems.rsn_ie - 2,
|
|
|
|
elems.rsn_ie_len + 2);
|
2011-09-02 19:40:23 +02:00
|
|
|
} else if (elems.wpa_ie) {
|
|
|
|
params.wpa_proto = WPA_PROTO_WPA;
|
2010-04-07 09:31:06 +02:00
|
|
|
wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, elems.wpa_ie - 2,
|
|
|
|
elems.wpa_ie_len + 2);
|
2013-07-23 20:24:05 +02:00
|
|
|
} else if (elems.osen) {
|
|
|
|
params.wpa_proto = WPA_PROTO_OSEN;
|
|
|
|
wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, elems.osen - 2,
|
|
|
|
elems.osen_len + 2);
|
2011-09-02 19:40:23 +02:00
|
|
|
} else
|
2010-04-07 09:31:06 +02:00
|
|
|
wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
|
2019-10-17 15:54:05 +02:00
|
|
|
if (elems.rsnxe)
|
|
|
|
wpa_sm_set_assoc_rsnxe(wpa_s->wpa, elems.rsnxe - 2,
|
|
|
|
elems.rsnxe_len + 2);
|
|
|
|
else
|
|
|
|
wpa_sm_set_assoc_rsnxe(wpa_s->wpa, NULL, 0);
|
2020-05-01 16:20:33 +02:00
|
|
|
if (ssid && ssid->p2p_group)
|
2010-07-18 23:30:25 +02:00
|
|
|
params.p2p = 1;
|
2010-04-07 09:31:06 +02:00
|
|
|
|
2016-01-24 16:36:49 +01:00
|
|
|
if (wpa_s->p2pdev->set_sta_uapsd)
|
|
|
|
params.uapsd = wpa_s->p2pdev->sta_uapsd;
|
2010-07-28 19:18:52 +02:00
|
|
|
else
|
|
|
|
params.uapsd = -1;
|
|
|
|
|
2022-12-06 10:46:07 +01:00
|
|
|
if (wpa_s->valid_links) {
|
|
|
|
unsigned int i;
|
|
|
|
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"MLD: In association. assoc_link_id=%u, valid_links=0x%x",
|
|
|
|
wpa_s->mlo_assoc_link_id, wpa_s->valid_links);
|
|
|
|
|
|
|
|
params.mld_params.mld_addr = wpa_s->ap_mld_addr;
|
|
|
|
params.mld_params.valid_links = wpa_s->valid_links;
|
|
|
|
params.mld_params.assoc_link_id = wpa_s->mlo_assoc_link_id;
|
2024-02-20 14:18:12 +01:00
|
|
|
for_each_link(wpa_s->valid_links, i) {
|
2022-12-06 10:46:07 +01:00
|
|
|
params.mld_params.mld_links[i].bssid =
|
|
|
|
wpa_s->links[i].bssid;
|
|
|
|
params.mld_params.mld_links[i].freq =
|
|
|
|
wpa_s->links[i].freq;
|
2023-12-21 12:08:20 +01:00
|
|
|
params.mld_params.mld_links[i].disabled =
|
|
|
|
wpa_s->links[i].disabled;
|
2022-12-06 10:46:07 +01:00
|
|
|
|
2023-12-21 12:08:20 +01:00
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"MLD: id=%u, freq=%d, disabled=%u, " MACSTR,
|
2022-12-06 10:46:07 +01:00
|
|
|
i, wpa_s->links[i].freq,
|
2023-12-21 12:08:20 +01:00
|
|
|
wpa_s->links[i].disabled,
|
2022-12-06 10:46:07 +01:00
|
|
|
MAC2STR(wpa_s->links[i].bssid));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2009-03-20 21:26:41 +01:00
|
|
|
if (wpa_drv_associate(wpa_s, ¶ms) < 0) {
|
2023-11-21 00:51:28 +01:00
|
|
|
unsigned int n_failed_links = 0;
|
|
|
|
int i;
|
|
|
|
|
2011-02-10 19:14:46 +01:00
|
|
|
wpa_msg(wpa_s, MSG_INFO, "SME: Association request to the "
|
|
|
|
"driver failed");
|
2023-11-21 00:51:28 +01:00
|
|
|
|
|
|
|
/* Prepare list of failed links for error report */
|
|
|
|
for (i = 0; i < MAX_NUM_MLD_LINKS; i++) {
|
|
|
|
if (!(wpa_s->valid_links & BIT(i)) ||
|
|
|
|
wpa_s->mlo_assoc_link_id == i ||
|
|
|
|
!params.mld_params.mld_links[i].error)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
wpa_bssid_ignore_add(wpa_s, wpa_s->links[i].bssid);
|
|
|
|
n_failed_links++;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (n_failed_links) {
|
|
|
|
/* Deauth and connect (possibly to the same AP MLD) */
|
|
|
|
wpa_drv_deauthenticate(wpa_s, wpa_s->ap_mld_addr,
|
|
|
|
WLAN_REASON_DEAUTH_LEAVING);
|
|
|
|
wpas_connect_work_done(wpa_s);
|
|
|
|
wpa_supplicant_mark_disassoc(wpa_s);
|
|
|
|
wpas_request_connection(wpa_s);
|
|
|
|
} else {
|
|
|
|
wpas_connection_failed(wpa_s, wpa_s->pending_bssid,
|
|
|
|
NULL);
|
|
|
|
wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
|
|
|
|
os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
|
|
|
|
}
|
2009-03-20 21:26:41 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2011-02-24 15:59:46 +01:00
|
|
|
eloop_register_timeout(SME_ASSOC_TIMEOUT, 0, sme_assoc_timer, wpa_s,
|
|
|
|
NULL);
|
2017-10-15 22:25:55 +02:00
|
|
|
|
|
|
|
#ifdef CONFIG_TESTING_OPTIONS
|
|
|
|
wpabuf_free(wpa_s->last_assoc_req_wpa_ie);
|
|
|
|
wpa_s->last_assoc_req_wpa_ie = NULL;
|
|
|
|
if (params.wpa_ie)
|
|
|
|
wpa_s->last_assoc_req_wpa_ie =
|
|
|
|
wpabuf_alloc_copy(params.wpa_ie, params.wpa_ie_len);
|
|
|
|
#endif /* CONFIG_TESTING_OPTIONS */
|
2009-03-20 21:26:41 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
int sme_update_ft_ies(struct wpa_supplicant *wpa_s, const u8 *md,
|
|
|
|
const u8 *ies, size_t ies_len)
|
|
|
|
{
|
|
|
|
if (md == NULL || ies == NULL) {
|
2011-02-10 19:14:46 +01:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "SME: Remove mobility domain");
|
2009-03-20 21:26:41 +01:00
|
|
|
os_free(wpa_s->sme.ft_ies);
|
|
|
|
wpa_s->sme.ft_ies = NULL;
|
|
|
|
wpa_s->sme.ft_ies_len = 0;
|
|
|
|
wpa_s->sme.ft_used = 0;
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
os_memcpy(wpa_s->sme.mobility_domain, md, MOBILITY_DOMAIN_ID_LEN);
|
|
|
|
wpa_hexdump(MSG_DEBUG, "SME: FT IEs", ies, ies_len);
|
|
|
|
os_free(wpa_s->sme.ft_ies);
|
2017-03-07 10:17:23 +01:00
|
|
|
wpa_s->sme.ft_ies = os_memdup(ies, ies_len);
|
2009-03-20 21:26:41 +01:00
|
|
|
if (wpa_s->sme.ft_ies == NULL)
|
|
|
|
return -1;
|
|
|
|
wpa_s->sme.ft_ies_len = ies_len;
|
|
|
|
return 0;
|
|
|
|
}
|
2009-04-01 16:10:36 +02:00
|
|
|
|
|
|
|
|
2023-11-21 00:51:25 +01:00
|
|
|
static void sme_deauth(struct wpa_supplicant *wpa_s, const u8 **link_bssids)
|
2009-04-01 16:10:36 +02:00
|
|
|
{
|
2009-09-13 19:53:32 +02:00
|
|
|
int bssid_changed;
|
2023-11-21 00:51:40 +01:00
|
|
|
const u8 *bssid;
|
2009-09-13 19:53:32 +02:00
|
|
|
|
|
|
|
bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
|
2009-10-31 22:21:43 +01:00
|
|
|
|
2023-11-21 00:51:40 +01:00
|
|
|
if (wpa_s->valid_links)
|
|
|
|
bssid = wpa_s->ap_mld_addr;
|
|
|
|
else
|
|
|
|
bssid = wpa_s->pending_bssid;
|
|
|
|
|
|
|
|
if (wpa_drv_deauthenticate(wpa_s, bssid,
|
2009-10-31 22:21:43 +01:00
|
|
|
WLAN_REASON_DEAUTH_LEAVING) < 0) {
|
2011-02-10 19:14:46 +01:00
|
|
|
wpa_msg(wpa_s, MSG_INFO, "SME: Deauth request to the driver "
|
|
|
|
"failed");
|
2009-10-31 22:21:43 +01:00
|
|
|
}
|
2009-11-17 18:25:05 +01:00
|
|
|
wpa_s->sme.prev_bssid_set = 0;
|
2009-10-31 22:21:43 +01:00
|
|
|
|
2023-11-21 00:51:25 +01:00
|
|
|
wpas_connection_failed(wpa_s, wpa_s->pending_bssid, link_bssids);
|
2009-10-31 22:21:43 +01:00
|
|
|
wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
|
2009-04-01 16:10:36 +02:00
|
|
|
os_memset(wpa_s->bssid, 0, ETH_ALEN);
|
|
|
|
os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
|
2009-09-13 19:53:32 +02:00
|
|
|
if (bssid_changed)
|
|
|
|
wpas_notify_bssid_changed(wpa_s);
|
2009-04-01 16:10:36 +02:00
|
|
|
}
|
2009-04-23 23:08:24 +02:00
|
|
|
|
|
|
|
|
SME: Handle PMF association comeback when not handled in driver
In associations using PMF (IEEE 802.11w/MFP), the infrastructure
implements SA teardown protection by rejecting an (Re)Association
Request frame from an already-associated client. The AP responds with
error 30 (Association request rejected temporarily) to instruct the
(potentially spoofing) client to back off, while it issues an SA Query
procedure to the already-associated client. If the client can respond to
it within the back-off period, it considers the new association to be a
spoof attempt.
However, there are cases where a legitimate client might need to
handle this error response - consider if the STA has deauthenticated,
but the AP cannot hear it (out of range). If the MFP STA has deleted
its keys, it cannot respond to the SA Query procedure.
This association comeback process has commonly been implemented in the
driver, e.g., within mac80211 in case of the Linux drivers that use SME
in userspace. However, there are drivers that do not implement this
functionality. Extended wpa_supplicant to cover such cases as well.
The current implementation interprets this association error as a true
error, and will either add the BSS to the list of ignored BSSIDs, or
continue to try other BSSes. This can cause wpa_supplicant to back off
trying to reconnect for progressively longer intervals, depending on the
infrastructure's configured comeback timeout.
Allow wpa_supplicant to interpret the error, searching for the Timeout
Interval element in the (Re)Association Response frame and starting a
timer in the SME layer to re-associate after the timeout. This can be a
long delay (1-4 seconds in my experience), but it is likely much shorter
than bouncing between nearby BSSes.
This does not change behavior for drivers that implement association
comeback timer internally since they do not report the temporary
association rejection status code to user space.
Signed-off-by: Harry Bock <hbock@zebra.com>
2024-01-10 20:09:09 +01:00
|
|
|
static void sme_assoc_comeback_timer(void *eloop_ctx, void *timeout_ctx)
|
|
|
|
{
|
|
|
|
struct wpa_supplicant *wpa_s = eloop_ctx;
|
|
|
|
|
|
|
|
if (!wpa_s->current_bss || !wpa_s->current_ssid) {
|
|
|
|
wpa_msg(wpa_s, MSG_DEBUG,
|
|
|
|
"SME: Comeback timeout expired; SSID/BSSID cleared; ignoring");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
wpa_msg(wpa_s, MSG_DEBUG,
|
|
|
|
"SME: Comeback timeout expired; retry associating with "
|
|
|
|
MACSTR "; mode=%d auth_type=%u",
|
|
|
|
MAC2STR(wpa_s->current_bss->bssid),
|
|
|
|
wpa_s->current_ssid->mode,
|
|
|
|
wpa_s->sme.assoc_auth_type);
|
|
|
|
|
|
|
|
/* Authentication state was completed already; just try association
|
|
|
|
* again. */
|
|
|
|
sme_associate(wpa_s, wpa_s->current_ssid->mode,
|
|
|
|
wpa_s->current_bss->bssid,
|
|
|
|
wpa_s->sme.assoc_auth_type);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static bool sme_try_assoc_comeback(struct wpa_supplicant *wpa_s,
|
|
|
|
union wpa_event_data *data)
|
|
|
|
{
|
|
|
|
struct ieee802_11_elems elems;
|
|
|
|
u32 timeout_interval;
|
|
|
|
unsigned long comeback_usec;
|
2024-01-21 11:17:07 +01:00
|
|
|
u8 type = WLAN_TIMEOUT_ASSOC_COMEBACK;
|
|
|
|
|
|
|
|
#ifdef CONFIG_TESTING_OPTIONS
|
|
|
|
if (wpa_s->test_assoc_comeback_type != -1)
|
|
|
|
type = wpa_s->test_assoc_comeback_type;
|
|
|
|
#endif /* CONFIG_TESTING_OPTIONS */
|
SME: Handle PMF association comeback when not handled in driver
In associations using PMF (IEEE 802.11w/MFP), the infrastructure
implements SA teardown protection by rejecting an (Re)Association
Request frame from an already-associated client. The AP responds with
error 30 (Association request rejected temporarily) to instruct the
(potentially spoofing) client to back off, while it issues an SA Query
procedure to the already-associated client. If the client can respond to
it within the back-off period, it considers the new association to be a
spoof attempt.
However, there are cases where a legitimate client might need to
handle this error response - consider if the STA has deauthenticated,
but the AP cannot hear it (out of range). If the MFP STA has deleted
its keys, it cannot respond to the SA Query procedure.
This association comeback process has commonly been implemented in the
driver, e.g., within mac80211 in case of the Linux drivers that use SME
in userspace. However, there are drivers that do not implement this
functionality. Extended wpa_supplicant to cover such cases as well.
The current implementation interprets this association error as a true
error, and will either add the BSS to the list of ignored BSSIDs, or
continue to try other BSSes. This can cause wpa_supplicant to back off
trying to reconnect for progressively longer intervals, depending on the
infrastructure's configured comeback timeout.
Allow wpa_supplicant to interpret the error, searching for the Timeout
Interval element in the (Re)Association Response frame and starting a
timer in the SME layer to re-associate after the timeout. This can be a
long delay (1-4 seconds in my experience), but it is likely much shorter
than bouncing between nearby BSSes.
This does not change behavior for drivers that implement association
comeback timer internally since they do not report the temporary
association rejection status code to user space.
Signed-off-by: Harry Bock <hbock@zebra.com>
2024-01-10 20:09:09 +01:00
|
|
|
|
|
|
|
if (ieee802_11_parse_elems(data->assoc_reject.resp_ies,
|
|
|
|
data->assoc_reject.resp_ies_len,
|
|
|
|
&elems, 0) == ParseFailed) {
|
|
|
|
wpa_msg(wpa_s, MSG_INFO,
|
|
|
|
"SME: Temporary assoc reject: failed to parse (Re)Association Response frame elements");
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!elems.timeout_int) {
|
|
|
|
wpa_msg(wpa_s, MSG_INFO,
|
|
|
|
"SME: Temporary assoc reject: missing timeout interval IE");
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
2024-01-21 11:17:07 +01:00
|
|
|
if (elems.timeout_int[0] != type) {
|
SME: Handle PMF association comeback when not handled in driver
In associations using PMF (IEEE 802.11w/MFP), the infrastructure
implements SA teardown protection by rejecting an (Re)Association
Request frame from an already-associated client. The AP responds with
error 30 (Association request rejected temporarily) to instruct the
(potentially spoofing) client to back off, while it issues an SA Query
procedure to the already-associated client. If the client can respond to
it within the back-off period, it considers the new association to be a
spoof attempt.
However, there are cases where a legitimate client might need to
handle this error response - consider if the STA has deauthenticated,
but the AP cannot hear it (out of range). If the MFP STA has deleted
its keys, it cannot respond to the SA Query procedure.
This association comeback process has commonly been implemented in the
driver, e.g., within mac80211 in case of the Linux drivers that use SME
in userspace. However, there are drivers that do not implement this
functionality. Extended wpa_supplicant to cover such cases as well.
The current implementation interprets this association error as a true
error, and will either add the BSS to the list of ignored BSSIDs, or
continue to try other BSSes. This can cause wpa_supplicant to back off
trying to reconnect for progressively longer intervals, depending on the
infrastructure's configured comeback timeout.
Allow wpa_supplicant to interpret the error, searching for the Timeout
Interval element in the (Re)Association Response frame and starting a
timer in the SME layer to re-associate after the timeout. This can be a
long delay (1-4 seconds in my experience), but it is likely much shorter
than bouncing between nearby BSSes.
This does not change behavior for drivers that implement association
comeback timer internally since they do not report the temporary
association rejection status code to user space.
Signed-off-by: Harry Bock <hbock@zebra.com>
2024-01-10 20:09:09 +01:00
|
|
|
wpa_msg(wpa_s, MSG_INFO,
|
|
|
|
"SME: Temporary assoc reject: missing association comeback time");
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
timeout_interval = WPA_GET_LE32(&elems.timeout_int[1]);
|
|
|
|
if (timeout_interval > 60000) {
|
|
|
|
/* This is unprotected information and there is no point in
|
|
|
|
* getting stuck waiting for very long duration based on it */
|
|
|
|
wpa_msg(wpa_s, MSG_DEBUG,
|
|
|
|
"SME: Ignore overly long association comeback interval: %u TUs",
|
|
|
|
timeout_interval);
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
wpa_msg(wpa_s, MSG_DEBUG, "SME: Association comeback interval: %u TUs",
|
|
|
|
timeout_interval);
|
|
|
|
|
|
|
|
comeback_usec = timeout_interval * 1024;
|
|
|
|
eloop_register_timeout(comeback_usec / 1000000, comeback_usec % 1000000,
|
|
|
|
sme_assoc_comeback_timer, wpa_s, NULL);
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-02-24 15:59:46 +01:00
|
|
|
void sme_event_assoc_reject(struct wpa_supplicant *wpa_s,
|
2023-11-21 00:51:25 +01:00
|
|
|
union wpa_event_data *data,
|
|
|
|
const u8 **link_bssids)
|
2011-02-24 15:59:46 +01:00
|
|
|
{
|
SME: Handle PMF association comeback when not handled in driver
In associations using PMF (IEEE 802.11w/MFP), the infrastructure
implements SA teardown protection by rejecting an (Re)Association
Request frame from an already-associated client. The AP responds with
error 30 (Association request rejected temporarily) to instruct the
(potentially spoofing) client to back off, while it issues an SA Query
procedure to the already-associated client. If the client can respond to
it within the back-off period, it considers the new association to be a
spoof attempt.
However, there are cases where a legitimate client might need to
handle this error response - consider if the STA has deauthenticated,
but the AP cannot hear it (out of range). If the MFP STA has deleted
its keys, it cannot respond to the SA Query procedure.
This association comeback process has commonly been implemented in the
driver, e.g., within mac80211 in case of the Linux drivers that use SME
in userspace. However, there are drivers that do not implement this
functionality. Extended wpa_supplicant to cover such cases as well.
The current implementation interprets this association error as a true
error, and will either add the BSS to the list of ignored BSSIDs, or
continue to try other BSSes. This can cause wpa_supplicant to back off
trying to reconnect for progressively longer intervals, depending on the
infrastructure's configured comeback timeout.
Allow wpa_supplicant to interpret the error, searching for the Timeout
Interval element in the (Re)Association Response frame and starting a
timer in the SME layer to re-associate after the timeout. This can be a
long delay (1-4 seconds in my experience), but it is likely much shorter
than bouncing between nearby BSSes.
This does not change behavior for drivers that implement association
comeback timer internally since they do not report the temporary
association rejection status code to user space.
Signed-off-by: Harry Bock <hbock@zebra.com>
2024-01-10 20:09:09 +01:00
|
|
|
const u8 *bssid;
|
|
|
|
|
|
|
|
if (wpa_s->valid_links)
|
|
|
|
bssid = wpa_s->ap_mld_addr;
|
|
|
|
else
|
|
|
|
bssid = wpa_s->pending_bssid;
|
|
|
|
|
2011-02-24 15:59:46 +01:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "SME: Association with " MACSTR " failed: "
|
|
|
|
"status code %d", MAC2STR(wpa_s->pending_bssid),
|
|
|
|
data->assoc_reject.status_code);
|
|
|
|
|
|
|
|
eloop_cancel_timeout(sme_assoc_timer, wpa_s, NULL);
|
SME: Handle PMF association comeback when not handled in driver
In associations using PMF (IEEE 802.11w/MFP), the infrastructure
implements SA teardown protection by rejecting an (Re)Association
Request frame from an already-associated client. The AP responds with
error 30 (Association request rejected temporarily) to instruct the
(potentially spoofing) client to back off, while it issues an SA Query
procedure to the already-associated client. If the client can respond to
it within the back-off period, it considers the new association to be a
spoof attempt.
However, there are cases where a legitimate client might need to
handle this error response - consider if the STA has deauthenticated,
but the AP cannot hear it (out of range). If the MFP STA has deleted
its keys, it cannot respond to the SA Query procedure.
This association comeback process has commonly been implemented in the
driver, e.g., within mac80211 in case of the Linux drivers that use SME
in userspace. However, there are drivers that do not implement this
functionality. Extended wpa_supplicant to cover such cases as well.
The current implementation interprets this association error as a true
error, and will either add the BSS to the list of ignored BSSIDs, or
continue to try other BSSes. This can cause wpa_supplicant to back off
trying to reconnect for progressively longer intervals, depending on the
infrastructure's configured comeback timeout.
Allow wpa_supplicant to interpret the error, searching for the Timeout
Interval element in the (Re)Association Response frame and starting a
timer in the SME layer to re-associate after the timeout. This can be a
long delay (1-4 seconds in my experience), but it is likely much shorter
than bouncing between nearby BSSes.
This does not change behavior for drivers that implement association
comeback timer internally since they do not report the temporary
association rejection status code to user space.
Signed-off-by: Harry Bock <hbock@zebra.com>
2024-01-10 20:09:09 +01:00
|
|
|
eloop_cancel_timeout(sme_assoc_comeback_timer, wpa_s, NULL);
|
|
|
|
|
|
|
|
/* Authentication phase has been completed at this point. Check whether
|
|
|
|
* the AP rejected association temporarily due to still holding a
|
|
|
|
* security associationis with us (MFP). If so, we must wait for the
|
|
|
|
* AP's association comeback timeout period before associating again. */
|
|
|
|
if (data->assoc_reject.status_code ==
|
|
|
|
WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY) {
|
|
|
|
wpa_msg(wpa_s, MSG_DEBUG,
|
|
|
|
"SME: Temporary association reject from BSS " MACSTR,
|
|
|
|
MAC2STR(bssid));
|
|
|
|
if (sme_try_assoc_comeback(wpa_s, data)) {
|
|
|
|
/* Break out early; comeback error is not a failure. */
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
2011-02-24 15:59:46 +01:00
|
|
|
|
2014-10-18 12:02:02 +02:00
|
|
|
#ifdef CONFIG_SAE
|
|
|
|
if (wpa_s->sme.sae_pmksa_caching && wpa_s->current_ssid &&
|
|
|
|
wpa_key_mgmt_sae(wpa_s->current_ssid->key_mgmt)) {
|
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG,
|
|
|
|
"PMKSA caching attempt rejected - drop PMKSA cache entry and fall back to SAE authentication");
|
|
|
|
wpa_sm_aborted_cached(wpa_s->wpa);
|
|
|
|
wpa_sm_pmksa_cache_flush(wpa_s->wpa, wpa_s->current_ssid);
|
|
|
|
if (wpa_s->current_bss) {
|
|
|
|
struct wpa_bss *bss = wpa_s->current_bss;
|
|
|
|
struct wpa_ssid *ssid = wpa_s->current_ssid;
|
|
|
|
|
2023-11-21 00:51:40 +01:00
|
|
|
wpa_drv_deauthenticate(wpa_s, bssid,
|
2014-10-18 12:02:02 +02:00
|
|
|
WLAN_REASON_DEAUTH_LEAVING);
|
|
|
|
wpas_connect_work_done(wpa_s);
|
|
|
|
wpa_supplicant_mark_disassoc(wpa_s);
|
|
|
|
wpa_supplicant_connect(wpa_s, bss, ssid);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_SAE */
|
|
|
|
|
2022-11-20 07:00:36 +01:00
|
|
|
#ifdef CONFIG_DPP
|
|
|
|
if (wpa_s->current_ssid &&
|
|
|
|
wpa_s->current_ssid->key_mgmt == WPA_KEY_MGMT_DPP &&
|
|
|
|
!data->assoc_reject.timed_out &&
|
|
|
|
data->assoc_reject.status_code == WLAN_STATUS_INVALID_PMKID) {
|
|
|
|
struct rsn_pmksa_cache_entry *pmksa;
|
|
|
|
|
|
|
|
pmksa = pmksa_cache_get_current(wpa_s->wpa);
|
|
|
|
if (pmksa) {
|
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG,
|
|
|
|
"DPP: Drop PMKSA cache entry for the BSS due to invalid PMKID report");
|
|
|
|
wpa_sm_pmksa_cache_remove(wpa_s->wpa, pmksa);
|
|
|
|
}
|
|
|
|
wpa_sm_aborted_cached(wpa_s->wpa);
|
|
|
|
if (wpa_s->current_bss) {
|
|
|
|
struct wpa_bss *bss = wpa_s->current_bss;
|
|
|
|
struct wpa_ssid *ssid = wpa_s->current_ssid;
|
|
|
|
|
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG,
|
|
|
|
"DPP: Try network introduction again");
|
|
|
|
wpas_connect_work_done(wpa_s);
|
|
|
|
wpa_supplicant_mark_disassoc(wpa_s);
|
|
|
|
wpa_supplicant_connect(wpa_s, bss, ssid);
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_DPP */
|
|
|
|
|
2011-02-24 15:59:46 +01:00
|
|
|
/*
|
|
|
|
* For now, unconditionally terminate the previous authentication. In
|
|
|
|
* theory, this should not be needed, but mac80211 gets quite confused
|
|
|
|
* if the authentication is left pending.. Some roaming cases might
|
|
|
|
* benefit from using the previous authentication, so this could be
|
|
|
|
* optimized in the future.
|
|
|
|
*/
|
2023-11-21 00:51:25 +01:00
|
|
|
sme_deauth(wpa_s, link_bssids);
|
2011-02-24 15:59:46 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2009-04-23 23:08:24 +02:00
|
|
|
void sme_event_auth_timed_out(struct wpa_supplicant *wpa_s,
|
|
|
|
union wpa_event_data *data)
|
|
|
|
{
|
2011-02-10 19:14:46 +01:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "SME: Authentication timed out");
|
2023-11-21 00:51:25 +01:00
|
|
|
wpas_connection_failed(wpa_s, wpa_s->pending_bssid, NULL);
|
2012-01-29 16:44:31 +01:00
|
|
|
wpa_supplicant_mark_disassoc(wpa_s);
|
2009-04-23 23:08:24 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void sme_event_assoc_timed_out(struct wpa_supplicant *wpa_s,
|
|
|
|
union wpa_event_data *data)
|
|
|
|
{
|
2011-02-10 19:14:46 +01:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "SME: Association timed out");
|
2023-11-21 00:51:25 +01:00
|
|
|
wpas_connection_failed(wpa_s, wpa_s->pending_bssid, NULL);
|
2009-04-23 23:08:24 +02:00
|
|
|
wpa_supplicant_mark_disassoc(wpa_s);
|
|
|
|
}
|
2009-12-02 16:26:28 +01:00
|
|
|
|
|
|
|
|
|
|
|
void sme_event_disassoc(struct wpa_supplicant *wpa_s,
|
2013-07-21 15:40:40 +02:00
|
|
|
struct disassoc_info *info)
|
2009-12-02 16:26:28 +01:00
|
|
|
{
|
2011-02-10 19:14:46 +01:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "SME: Disassociation event received");
|
2011-10-22 21:45:38 +02:00
|
|
|
if (wpa_s->sme.prev_bssid_set) {
|
2009-12-02 16:26:28 +01:00
|
|
|
/*
|
|
|
|
* cfg80211/mac80211 can get into somewhat confused state if
|
|
|
|
* the AP only disassociates us and leaves us in authenticated
|
|
|
|
* state. For now, force the state to be cleared to avoid
|
|
|
|
* confusing errors if we try to associate with the AP again.
|
|
|
|
*/
|
2011-02-10 19:14:46 +01:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "SME: Deauthenticate to clear "
|
|
|
|
"driver state");
|
2010-08-18 20:23:26 +02:00
|
|
|
wpa_drv_deauthenticate(wpa_s, wpa_s->sme.prev_bssid,
|
2009-12-02 16:26:28 +01:00
|
|
|
WLAN_REASON_DEAUTH_LEAVING);
|
|
|
|
}
|
|
|
|
}
|
2010-12-19 10:58:00 +01:00
|
|
|
|
|
|
|
|
2011-02-24 15:59:46 +01:00
|
|
|
static void sme_auth_timer(void *eloop_ctx, void *timeout_ctx)
|
|
|
|
{
|
|
|
|
struct wpa_supplicant *wpa_s = eloop_ctx;
|
|
|
|
if (wpa_s->wpa_state == WPA_AUTHENTICATING) {
|
|
|
|
wpa_msg(wpa_s, MSG_DEBUG, "SME: Authentication timeout");
|
2023-11-21 00:51:25 +01:00
|
|
|
sme_deauth(wpa_s, NULL);
|
2011-02-24 15:59:46 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void sme_assoc_timer(void *eloop_ctx, void *timeout_ctx)
|
|
|
|
{
|
|
|
|
struct wpa_supplicant *wpa_s = eloop_ctx;
|
|
|
|
if (wpa_s->wpa_state == WPA_ASSOCIATING) {
|
|
|
|
wpa_msg(wpa_s, MSG_DEBUG, "SME: Association timeout");
|
2023-11-21 00:51:25 +01:00
|
|
|
sme_deauth(wpa_s, NULL);
|
2011-02-24 15:59:46 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void sme_state_changed(struct wpa_supplicant *wpa_s)
|
|
|
|
{
|
|
|
|
/* Make sure timers are cleaned up appropriately. */
|
SME: Handle PMF association comeback when not handled in driver
In associations using PMF (IEEE 802.11w/MFP), the infrastructure
implements SA teardown protection by rejecting an (Re)Association
Request frame from an already-associated client. The AP responds with
error 30 (Association request rejected temporarily) to instruct the
(potentially spoofing) client to back off, while it issues an SA Query
procedure to the already-associated client. If the client can respond to
it within the back-off period, it considers the new association to be a
spoof attempt.
However, there are cases where a legitimate client might need to
handle this error response - consider if the STA has deauthenticated,
but the AP cannot hear it (out of range). If the MFP STA has deleted
its keys, it cannot respond to the SA Query procedure.
This association comeback process has commonly been implemented in the
driver, e.g., within mac80211 in case of the Linux drivers that use SME
in userspace. However, there are drivers that do not implement this
functionality. Extended wpa_supplicant to cover such cases as well.
The current implementation interprets this association error as a true
error, and will either add the BSS to the list of ignored BSSIDs, or
continue to try other BSSes. This can cause wpa_supplicant to back off
trying to reconnect for progressively longer intervals, depending on the
infrastructure's configured comeback timeout.
Allow wpa_supplicant to interpret the error, searching for the Timeout
Interval element in the (Re)Association Response frame and starting a
timer in the SME layer to re-associate after the timeout. This can be a
long delay (1-4 seconds in my experience), but it is likely much shorter
than bouncing between nearby BSSes.
This does not change behavior for drivers that implement association
comeback timer internally since they do not report the temporary
association rejection status code to user space.
Signed-off-by: Harry Bock <hbock@zebra.com>
2024-01-10 20:09:09 +01:00
|
|
|
if (wpa_s->wpa_state != WPA_ASSOCIATING) {
|
2011-02-24 15:59:46 +01:00
|
|
|
eloop_cancel_timeout(sme_assoc_timer, wpa_s, NULL);
|
SME: Handle PMF association comeback when not handled in driver
In associations using PMF (IEEE 802.11w/MFP), the infrastructure
implements SA teardown protection by rejecting an (Re)Association
Request frame from an already-associated client. The AP responds with
error 30 (Association request rejected temporarily) to instruct the
(potentially spoofing) client to back off, while it issues an SA Query
procedure to the already-associated client. If the client can respond to
it within the back-off period, it considers the new association to be a
spoof attempt.
However, there are cases where a legitimate client might need to
handle this error response - consider if the STA has deauthenticated,
but the AP cannot hear it (out of range). If the MFP STA has deleted
its keys, it cannot respond to the SA Query procedure.
This association comeback process has commonly been implemented in the
driver, e.g., within mac80211 in case of the Linux drivers that use SME
in userspace. However, there are drivers that do not implement this
functionality. Extended wpa_supplicant to cover such cases as well.
The current implementation interprets this association error as a true
error, and will either add the BSS to the list of ignored BSSIDs, or
continue to try other BSSes. This can cause wpa_supplicant to back off
trying to reconnect for progressively longer intervals, depending on the
infrastructure's configured comeback timeout.
Allow wpa_supplicant to interpret the error, searching for the Timeout
Interval element in the (Re)Association Response frame and starting a
timer in the SME layer to re-associate after the timeout. This can be a
long delay (1-4 seconds in my experience), but it is likely much shorter
than bouncing between nearby BSSes.
This does not change behavior for drivers that implement association
comeback timer internally since they do not report the temporary
association rejection status code to user space.
Signed-off-by: Harry Bock <hbock@zebra.com>
2024-01-10 20:09:09 +01:00
|
|
|
eloop_cancel_timeout(sme_assoc_comeback_timer, wpa_s, NULL);
|
|
|
|
}
|
2011-02-24 15:59:46 +01:00
|
|
|
if (wpa_s->wpa_state != WPA_AUTHENTICATING)
|
|
|
|
eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2014-12-29 17:40:10 +01:00
|
|
|
void sme_clear_on_disassoc(struct wpa_supplicant *wpa_s)
|
|
|
|
{
|
|
|
|
wpa_s->sme.prev_bssid_set = 0;
|
|
|
|
#ifdef CONFIG_SAE
|
|
|
|
wpabuf_free(wpa_s->sme.sae_token);
|
|
|
|
wpa_s->sme.sae_token = NULL;
|
|
|
|
sae_clear_data(&wpa_s->sme.sae);
|
|
|
|
#endif /* CONFIG_SAE */
|
|
|
|
#ifdef CONFIG_IEEE80211R
|
2018-04-30 12:42:04 +02:00
|
|
|
if (wpa_s->sme.ft_ies || wpa_s->sme.ft_used)
|
2014-12-29 17:40:10 +01:00
|
|
|
sme_update_ft_ies(wpa_s, NULL, NULL, 0);
|
|
|
|
#endif /* CONFIG_IEEE80211R */
|
2019-04-03 17:17:14 +02:00
|
|
|
sme_stop_sa_query(wpa_s);
|
2014-12-29 17:40:10 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-02-24 15:59:46 +01:00
|
|
|
void sme_deinit(struct wpa_supplicant *wpa_s)
|
|
|
|
{
|
2014-12-29 17:40:10 +01:00
|
|
|
sme_clear_on_disassoc(wpa_s);
|
2019-09-06 14:40:39 +02:00
|
|
|
#ifdef CONFIG_SAE
|
|
|
|
os_free(wpa_s->sme.sae_rejected_groups);
|
|
|
|
wpa_s->sme.sae_rejected_groups = NULL;
|
|
|
|
#endif /* CONFIG_SAE */
|
2011-02-24 15:59:46 +01:00
|
|
|
|
|
|
|
eloop_cancel_timeout(sme_assoc_timer, wpa_s, NULL);
|
|
|
|
eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL);
|
2012-05-03 11:13:43 +02:00
|
|
|
eloop_cancel_timeout(sme_obss_scan_timeout, wpa_s, NULL);
|
SME: Handle PMF association comeback when not handled in driver
In associations using PMF (IEEE 802.11w/MFP), the infrastructure
implements SA teardown protection by rejecting an (Re)Association
Request frame from an already-associated client. The AP responds with
error 30 (Association request rejected temporarily) to instruct the
(potentially spoofing) client to back off, while it issues an SA Query
procedure to the already-associated client. If the client can respond to
it within the back-off period, it considers the new association to be a
spoof attempt.
However, there are cases where a legitimate client might need to
handle this error response - consider if the STA has deauthenticated,
but the AP cannot hear it (out of range). If the MFP STA has deleted
its keys, it cannot respond to the SA Query procedure.
This association comeback process has commonly been implemented in the
driver, e.g., within mac80211 in case of the Linux drivers that use SME
in userspace. However, there are drivers that do not implement this
functionality. Extended wpa_supplicant to cover such cases as well.
The current implementation interprets this association error as a true
error, and will either add the BSS to the list of ignored BSSIDs, or
continue to try other BSSes. This can cause wpa_supplicant to back off
trying to reconnect for progressively longer intervals, depending on the
infrastructure's configured comeback timeout.
Allow wpa_supplicant to interpret the error, searching for the Timeout
Interval element in the (Re)Association Response frame and starting a
timer in the SME layer to re-associate after the timeout. This can be a
long delay (1-4 seconds in my experience), but it is likely much shorter
than bouncing between nearby BSSes.
This does not change behavior for drivers that implement association
comeback timer internally since they do not report the temporary
association rejection status code to user space.
Signed-off-by: Harry Bock <hbock@zebra.com>
2024-01-10 20:09:09 +01:00
|
|
|
eloop_cancel_timeout(sme_assoc_comeback_timer, wpa_s, NULL);
|
2012-05-03 11:13:43 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void sme_send_2040_bss_coex(struct wpa_supplicant *wpa_s,
|
|
|
|
const u8 *chan_list, u8 num_channels,
|
|
|
|
u8 num_intol)
|
|
|
|
{
|
|
|
|
struct ieee80211_2040_bss_coex_ie *bc_ie;
|
|
|
|
struct ieee80211_2040_intol_chan_report *ic_report;
|
|
|
|
struct wpabuf *buf;
|
|
|
|
|
2014-03-23 22:56:50 +01:00
|
|
|
wpa_printf(MSG_DEBUG, "SME: Send 20/40 BSS Coexistence to " MACSTR
|
|
|
|
" (num_channels=%u num_intol=%u)",
|
|
|
|
MAC2STR(wpa_s->bssid), num_channels, num_intol);
|
|
|
|
wpa_hexdump(MSG_DEBUG, "SME: 20/40 BSS Intolerant Channels",
|
|
|
|
chan_list, num_channels);
|
2012-05-03 11:13:43 +02:00
|
|
|
|
|
|
|
buf = wpabuf_alloc(2 + /* action.category + action_code */
|
|
|
|
sizeof(struct ieee80211_2040_bss_coex_ie) +
|
|
|
|
sizeof(struct ieee80211_2040_intol_chan_report) +
|
|
|
|
num_channels);
|
|
|
|
if (buf == NULL)
|
|
|
|
return;
|
|
|
|
|
|
|
|
wpabuf_put_u8(buf, WLAN_ACTION_PUBLIC);
|
|
|
|
wpabuf_put_u8(buf, WLAN_PA_20_40_BSS_COEX);
|
|
|
|
|
|
|
|
bc_ie = wpabuf_put(buf, sizeof(*bc_ie));
|
|
|
|
bc_ie->element_id = WLAN_EID_20_40_BSS_COEXISTENCE;
|
|
|
|
bc_ie->length = 1;
|
|
|
|
if (num_intol)
|
|
|
|
bc_ie->coex_param |= WLAN_20_40_BSS_COEX_20MHZ_WIDTH_REQ;
|
|
|
|
|
|
|
|
if (num_channels > 0) {
|
|
|
|
ic_report = wpabuf_put(buf, sizeof(*ic_report));
|
|
|
|
ic_report->element_id = WLAN_EID_20_40_BSS_INTOLERANT;
|
|
|
|
ic_report->length = num_channels + 1;
|
|
|
|
ic_report->op_class = 0;
|
|
|
|
os_memcpy(wpabuf_put(buf, num_channels), chan_list,
|
|
|
|
num_channels);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
|
|
|
|
wpa_s->own_addr, wpa_s->bssid,
|
|
|
|
wpabuf_head(buf), wpabuf_len(buf), 0) < 0) {
|
|
|
|
wpa_msg(wpa_s, MSG_INFO,
|
|
|
|
"SME: Failed to send 20/40 BSS Coexistence frame");
|
|
|
|
}
|
|
|
|
|
|
|
|
wpabuf_free(buf);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2021-12-10 18:59:22 +01:00
|
|
|
int sme_proc_obss_scan(struct wpa_supplicant *wpa_s)
|
2012-05-03 11:13:43 +02:00
|
|
|
{
|
2021-12-10 18:59:22 +01:00
|
|
|
struct wpa_bss *bss;
|
2012-05-03 11:13:43 +02:00
|
|
|
const u8 *ie;
|
2021-12-10 18:59:22 +01:00
|
|
|
u16 ht_cap;
|
2012-05-03 11:13:43 +02:00
|
|
|
u8 chan_list[P2P_MAX_CHANNELS], channel;
|
|
|
|
u8 num_channels = 0, num_intol = 0, i;
|
|
|
|
|
|
|
|
if (!wpa_s->sme.sched_obss_scan)
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
wpa_s->sme.sched_obss_scan = 0;
|
|
|
|
if (!wpa_s->current_bss || wpa_s->wpa_state != WPA_COMPLETED)
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Check whether AP uses regulatory triplet or channel triplet in
|
|
|
|
* country info. Right now the operating class of the BSS channel
|
|
|
|
* width trigger event is "unknown" (IEEE Std 802.11-2012 10.15.12),
|
|
|
|
* based on the assumption that operating class triplet is not used in
|
|
|
|
* beacon frame. If the First Channel Number/Operating Extension
|
|
|
|
* Identifier octet has a positive integer value of 201 or greater,
|
|
|
|
* then its operating class triplet.
|
|
|
|
*
|
|
|
|
* TODO: If Supported Operating Classes element is present in beacon
|
|
|
|
* frame, have to lookup operating class in Annex E and fill them in
|
|
|
|
* 2040 coex frame.
|
|
|
|
*/
|
|
|
|
ie = wpa_bss_get_ie(wpa_s->current_bss, WLAN_EID_COUNTRY);
|
|
|
|
if (ie && (ie[1] >= 6) && (ie[5] >= 201))
|
|
|
|
return 1;
|
|
|
|
|
|
|
|
os_memset(chan_list, 0, sizeof(chan_list));
|
|
|
|
|
2021-12-10 18:59:22 +01:00
|
|
|
dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
|
2019-03-19 13:35:56 +01:00
|
|
|
/* Skip other band bss */
|
2021-12-10 18:59:22 +01:00
|
|
|
enum hostapd_hw_mode mode;
|
2013-04-27 20:27:15 +02:00
|
|
|
mode = ieee80211_freq_to_chan(bss->freq, &channel);
|
|
|
|
if (mode != HOSTAPD_MODE_IEEE80211G &&
|
|
|
|
mode != HOSTAPD_MODE_IEEE80211B)
|
2012-05-03 11:13:43 +02:00
|
|
|
continue;
|
|
|
|
|
2021-12-10 18:59:22 +01:00
|
|
|
ie = wpa_bss_get_ie(bss, WLAN_EID_HT_CAP);
|
|
|
|
ht_cap = (ie && (ie[1] == 26)) ? WPA_GET_LE16(ie + 2) : 0;
|
|
|
|
wpa_printf(MSG_DEBUG, "SME OBSS scan BSS " MACSTR
|
|
|
|
" freq=%u chan=%u ht_cap=0x%x",
|
|
|
|
MAC2STR(bss->bssid), bss->freq, channel, ht_cap);
|
|
|
|
|
|
|
|
if (!ht_cap || (ht_cap & HT_CAP_INFO_40MHZ_INTOLERANT)) {
|
|
|
|
if (ht_cap & HT_CAP_INFO_40MHZ_INTOLERANT)
|
2014-03-23 22:54:50 +01:00
|
|
|
num_intol++;
|
|
|
|
|
2012-05-03 11:13:43 +02:00
|
|
|
/* Check whether the channel is already considered */
|
|
|
|
for (i = 0; i < num_channels; i++) {
|
|
|
|
if (channel == chan_list[i])
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
if (i != num_channels)
|
|
|
|
continue;
|
|
|
|
|
|
|
|
chan_list[num_channels++] = channel;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
sme_send_2040_bss_coex(wpa_s, chan_list, num_channels, num_intol);
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2014-12-22 21:07:03 +01:00
|
|
|
static void wpa_obss_scan_freqs_list(struct wpa_supplicant *wpa_s,
|
|
|
|
struct wpa_driver_scan_params *params)
|
2012-05-03 14:51:18 +02:00
|
|
|
{
|
2014-12-22 21:07:03 +01:00
|
|
|
/* Include only affected channels */
|
2012-05-03 14:51:18 +02:00
|
|
|
struct hostapd_hw_modes *mode;
|
|
|
|
int count, i;
|
2014-12-22 21:07:03 +01:00
|
|
|
int start, end;
|
2012-05-03 14:51:18 +02:00
|
|
|
|
2014-12-22 21:07:03 +01:00
|
|
|
mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes,
|
2020-12-11 16:18:09 +01:00
|
|
|
HOSTAPD_MODE_IEEE80211G, false);
|
2012-05-03 14:51:18 +02:00
|
|
|
if (mode == NULL) {
|
|
|
|
/* No channels supported in this band - use empty list */
|
|
|
|
params->freqs = os_zalloc(sizeof(int));
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2014-12-22 21:07:03 +01:00
|
|
|
if (wpa_s->sme.ht_sec_chan == HT_SEC_CHAN_UNKNOWN &&
|
|
|
|
wpa_s->current_bss) {
|
|
|
|
const u8 *ie;
|
|
|
|
|
|
|
|
ie = wpa_bss_get_ie(wpa_s->current_bss, WLAN_EID_HT_OPERATION);
|
|
|
|
if (ie && ie[1] >= 2) {
|
|
|
|
u8 o;
|
|
|
|
|
|
|
|
o = ie[3] & HT_INFO_HT_PARAM_SECONDARY_CHNL_OFF_MASK;
|
|
|
|
if (o == HT_INFO_HT_PARAM_SECONDARY_CHNL_ABOVE)
|
|
|
|
wpa_s->sme.ht_sec_chan = HT_SEC_CHAN_ABOVE;
|
|
|
|
else if (o == HT_INFO_HT_PARAM_SECONDARY_CHNL_BELOW)
|
|
|
|
wpa_s->sme.ht_sec_chan = HT_SEC_CHAN_BELOW;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
start = wpa_s->assoc_freq - 10;
|
|
|
|
end = wpa_s->assoc_freq + 10;
|
|
|
|
switch (wpa_s->sme.ht_sec_chan) {
|
|
|
|
case HT_SEC_CHAN_UNKNOWN:
|
|
|
|
/* HT40+ possible on channels 1..9 */
|
|
|
|
if (wpa_s->assoc_freq <= 2452)
|
|
|
|
start -= 20;
|
|
|
|
/* HT40- possible on channels 5-13 */
|
|
|
|
if (wpa_s->assoc_freq >= 2432)
|
|
|
|
end += 20;
|
|
|
|
break;
|
|
|
|
case HT_SEC_CHAN_ABOVE:
|
|
|
|
end += 20;
|
|
|
|
break;
|
|
|
|
case HT_SEC_CHAN_BELOW:
|
|
|
|
start -= 20;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"OBSS: assoc_freq %d possible affected range %d-%d",
|
|
|
|
wpa_s->assoc_freq, start, end);
|
|
|
|
|
2012-08-13 19:44:21 +02:00
|
|
|
params->freqs = os_calloc(mode->num_channels + 1, sizeof(int));
|
2012-05-03 14:51:18 +02:00
|
|
|
if (params->freqs == NULL)
|
|
|
|
return;
|
|
|
|
for (count = 0, i = 0; i < mode->num_channels; i++) {
|
2014-12-22 21:07:03 +01:00
|
|
|
int freq;
|
|
|
|
|
2012-05-03 14:51:18 +02:00
|
|
|
if (mode->channels[i].flag & HOSTAPD_CHAN_DISABLED)
|
|
|
|
continue;
|
2014-12-22 21:07:03 +01:00
|
|
|
freq = mode->channels[i].freq;
|
|
|
|
if (freq - 10 >= end || freq + 10 <= start)
|
|
|
|
continue; /* not affected */
|
|
|
|
params->freqs[count++] = freq;
|
2012-05-03 14:51:18 +02:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2012-05-03 11:13:43 +02:00
|
|
|
static void sme_obss_scan_timeout(void *eloop_ctx, void *timeout_ctx)
|
|
|
|
{
|
|
|
|
struct wpa_supplicant *wpa_s = eloop_ctx;
|
|
|
|
struct wpa_driver_scan_params params;
|
|
|
|
|
|
|
|
if (!wpa_s->current_bss) {
|
|
|
|
wpa_printf(MSG_DEBUG, "SME OBSS: Ignore scan request");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
os_memset(¶ms, 0, sizeof(params));
|
2014-12-22 21:07:03 +01:00
|
|
|
wpa_obss_scan_freqs_list(wpa_s, ¶ms);
|
2014-06-04 11:21:40 +02:00
|
|
|
params.low_priority = 1;
|
2012-05-03 11:13:43 +02:00
|
|
|
wpa_printf(MSG_DEBUG, "SME OBSS: Request an OBSS scan");
|
|
|
|
|
2023-06-03 00:15:11 +02:00
|
|
|
if (wpa_supplicant_trigger_scan(wpa_s, ¶ms, true, false))
|
2012-05-03 11:13:43 +02:00
|
|
|
wpa_printf(MSG_DEBUG, "SME OBSS: Failed to trigger scan");
|
|
|
|
else
|
|
|
|
wpa_s->sme.sched_obss_scan = 1;
|
2012-05-03 14:51:18 +02:00
|
|
|
os_free(params.freqs);
|
2012-05-03 11:13:43 +02:00
|
|
|
|
|
|
|
eloop_register_timeout(wpa_s->sme.obss_scan_int, 0,
|
|
|
|
sme_obss_scan_timeout, wpa_s, NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void sme_sched_obss_scan(struct wpa_supplicant *wpa_s, int enable)
|
|
|
|
{
|
|
|
|
const u8 *ie;
|
|
|
|
struct wpa_bss *bss = wpa_s->current_bss;
|
|
|
|
struct wpa_ssid *ssid = wpa_s->current_ssid;
|
2012-08-11 16:08:54 +02:00
|
|
|
struct hostapd_hw_modes *hw_mode = NULL;
|
|
|
|
int i;
|
2012-05-03 11:13:43 +02:00
|
|
|
|
|
|
|
eloop_cancel_timeout(sme_obss_scan_timeout, wpa_s, NULL);
|
|
|
|
wpa_s->sme.sched_obss_scan = 0;
|
2014-12-22 21:07:03 +01:00
|
|
|
wpa_s->sme.ht_sec_chan = HT_SEC_CHAN_UNKNOWN;
|
2012-05-03 11:13:43 +02:00
|
|
|
if (!enable)
|
|
|
|
return;
|
|
|
|
|
2012-11-24 17:08:48 +01:00
|
|
|
/*
|
|
|
|
* Schedule OBSS scan if driver is using station SME in wpa_supplicant
|
|
|
|
* or it expects OBSS scan to be performed by wpa_supplicant.
|
|
|
|
*/
|
|
|
|
if (!((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) ||
|
|
|
|
(wpa_s->drv_flags & WPA_DRIVER_FLAGS_OBSS_SCAN)) ||
|
2019-06-14 16:49:19 +02:00
|
|
|
ssid == NULL || ssid->mode != WPAS_MODE_INFRA)
|
2012-11-24 17:08:48 +01:00
|
|
|
return;
|
2012-05-03 11:13:43 +02:00
|
|
|
|
2021-12-09 14:08:56 +01:00
|
|
|
#ifdef CONFIG_HT_OVERRIDES
|
|
|
|
/* No need for OBSS scan if HT40 is explicitly disabled */
|
|
|
|
if (ssid->disable_ht40)
|
|
|
|
return;
|
|
|
|
#endif /* CONFIG_HT_OVERRIDES */
|
|
|
|
|
2012-08-11 16:08:54 +02:00
|
|
|
if (!wpa_s->hw.modes)
|
|
|
|
return;
|
|
|
|
|
|
|
|
/* only HT caps in 11g mode are relevant */
|
|
|
|
for (i = 0; i < wpa_s->hw.num_modes; i++) {
|
|
|
|
hw_mode = &wpa_s->hw.modes[i];
|
|
|
|
if (hw_mode->mode == HOSTAPD_MODE_IEEE80211G)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Driver does not support HT40 for 11g or doesn't have 11g. */
|
|
|
|
if (i == wpa_s->hw.num_modes || !hw_mode ||
|
|
|
|
!(hw_mode->ht_capab & HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET))
|
|
|
|
return;
|
2012-05-03 11:13:43 +02:00
|
|
|
|
|
|
|
if (bss == NULL || bss->freq < 2400 || bss->freq > 2500)
|
|
|
|
return; /* Not associated on 2.4 GHz band */
|
|
|
|
|
|
|
|
/* Check whether AP supports HT40 */
|
|
|
|
ie = wpa_bss_get_ie(wpa_s->current_bss, WLAN_EID_HT_CAP);
|
|
|
|
if (!ie || ie[1] < 2 ||
|
|
|
|
!(WPA_GET_LE16(ie + 2) & HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET))
|
|
|
|
return; /* AP does not support HT40 */
|
|
|
|
|
|
|
|
ie = wpa_bss_get_ie(wpa_s->current_bss,
|
|
|
|
WLAN_EID_OVERLAPPING_BSS_SCAN_PARAMS);
|
|
|
|
if (!ie || ie[1] < 14)
|
|
|
|
return; /* AP does not request OBSS scans */
|
|
|
|
|
|
|
|
wpa_s->sme.obss_scan_int = WPA_GET_LE16(ie + 6);
|
|
|
|
if (wpa_s->sme.obss_scan_int < 10) {
|
|
|
|
wpa_printf(MSG_DEBUG, "SME: Invalid OBSS Scan Interval %u "
|
|
|
|
"replaced with the minimum 10 sec",
|
|
|
|
wpa_s->sme.obss_scan_int);
|
|
|
|
wpa_s->sme.obss_scan_int = 10;
|
|
|
|
}
|
|
|
|
wpa_printf(MSG_DEBUG, "SME: OBSS Scan Interval %u sec",
|
|
|
|
wpa_s->sme.obss_scan_int);
|
|
|
|
eloop_register_timeout(wpa_s->sme.obss_scan_int, 0,
|
|
|
|
sme_obss_scan_timeout, wpa_s, NULL);
|
2011-02-24 15:59:46 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
2010-12-19 10:58:00 +01:00
|
|
|
static const unsigned int sa_query_max_timeout = 1000;
|
|
|
|
static const unsigned int sa_query_retry_timeout = 201;
|
2018-08-06 21:46:35 +02:00
|
|
|
static const unsigned int sa_query_ch_switch_max_delay = 5000; /* in usec */
|
2010-12-19 10:58:00 +01:00
|
|
|
|
|
|
|
static int sme_check_sa_query_timeout(struct wpa_supplicant *wpa_s)
|
|
|
|
{
|
|
|
|
u32 tu;
|
2013-12-16 21:08:27 +01:00
|
|
|
struct os_reltime now, passed;
|
|
|
|
os_get_reltime(&now);
|
|
|
|
os_reltime_sub(&now, &wpa_s->sme.sa_query_start, &passed);
|
2010-12-19 10:58:00 +01:00
|
|
|
tu = (passed.sec * 1000000 + passed.usec) / 1024;
|
|
|
|
if (sa_query_max_timeout < tu) {
|
2011-02-10 19:14:46 +01:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "SME: SA Query timed out");
|
2010-12-19 10:58:00 +01:00
|
|
|
sme_stop_sa_query(wpa_s);
|
|
|
|
wpa_supplicant_deauthenticate(
|
|
|
|
wpa_s, WLAN_REASON_PREV_AUTH_NOT_VALID);
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void sme_send_sa_query_req(struct wpa_supplicant *wpa_s,
|
|
|
|
const u8 *trans_id)
|
|
|
|
{
|
OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.
On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.
Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.
As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-08-06 21:46:34 +02:00
|
|
|
u8 req[2 + WLAN_SA_QUERY_TR_ID_LEN + OCV_OCI_EXTENDED_LEN];
|
|
|
|
u8 req_len = 2 + WLAN_SA_QUERY_TR_ID_LEN;
|
|
|
|
|
2011-02-10 19:14:46 +01:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "SME: Sending SA Query Request to "
|
|
|
|
MACSTR, MAC2STR(wpa_s->bssid));
|
2010-12-19 10:58:00 +01:00
|
|
|
wpa_hexdump(MSG_DEBUG, "SME: SA Query Transaction ID",
|
|
|
|
trans_id, WLAN_SA_QUERY_TR_ID_LEN);
|
|
|
|
req[0] = WLAN_ACTION_SA_QUERY;
|
|
|
|
req[1] = WLAN_SA_QUERY_REQUEST;
|
|
|
|
os_memcpy(req + 2, trans_id, WLAN_SA_QUERY_TR_ID_LEN);
|
OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.
On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.
Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.
As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-08-06 21:46:34 +02:00
|
|
|
|
|
|
|
#ifdef CONFIG_OCV
|
|
|
|
if (wpa_sm_ocv_enabled(wpa_s->wpa)) {
|
|
|
|
struct wpa_channel_info ci;
|
|
|
|
|
|
|
|
if (wpa_drv_channel_info(wpa_s, &ci) != 0) {
|
|
|
|
wpa_printf(MSG_WARNING,
|
|
|
|
"Failed to get channel info for OCI element in SA Query Request frame");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2020-05-08 19:59:04 +02:00
|
|
|
#ifdef CONFIG_TESTING_OPTIONS
|
|
|
|
if (wpa_s->oci_freq_override_saquery_req) {
|
|
|
|
wpa_printf(MSG_INFO,
|
|
|
|
"TEST: Override SA Query Request OCI frequency %d -> %d MHz",
|
|
|
|
ci.frequency,
|
|
|
|
wpa_s->oci_freq_override_saquery_req);
|
|
|
|
ci.frequency = wpa_s->oci_freq_override_saquery_req;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_TESTING_OPTIONS */
|
|
|
|
|
OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.
On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.
Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.
As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-08-06 21:46:34 +02:00
|
|
|
if (ocv_insert_extended_oci(&ci, req + req_len) < 0)
|
|
|
|
return;
|
|
|
|
|
|
|
|
req_len += OCV_OCI_EXTENDED_LEN;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_OCV */
|
|
|
|
|
2010-12-29 12:59:17 +01:00
|
|
|
if (wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
|
2010-12-19 10:58:00 +01:00
|
|
|
wpa_s->own_addr, wpa_s->bssid,
|
OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.
On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.
Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.
As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-08-06 21:46:34 +02:00
|
|
|
req, req_len, 0) < 0)
|
2011-02-10 19:14:46 +01:00
|
|
|
wpa_msg(wpa_s, MSG_INFO, "SME: Failed to send SA Query "
|
|
|
|
"Request");
|
2010-12-19 10:58:00 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void sme_sa_query_timer(void *eloop_ctx, void *timeout_ctx)
|
|
|
|
{
|
|
|
|
struct wpa_supplicant *wpa_s = eloop_ctx;
|
|
|
|
unsigned int timeout, sec, usec;
|
|
|
|
u8 *trans_id, *nbuf;
|
|
|
|
|
|
|
|
if (wpa_s->sme.sa_query_count > 0 &&
|
|
|
|
sme_check_sa_query_timeout(wpa_s))
|
|
|
|
return;
|
|
|
|
|
2012-08-13 20:21:23 +02:00
|
|
|
nbuf = os_realloc_array(wpa_s->sme.sa_query_trans_id,
|
|
|
|
wpa_s->sme.sa_query_count + 1,
|
|
|
|
WLAN_SA_QUERY_TR_ID_LEN);
|
2016-07-17 23:57:34 +02:00
|
|
|
if (nbuf == NULL) {
|
|
|
|
sme_stop_sa_query(wpa_s);
|
2010-12-19 10:58:00 +01:00
|
|
|
return;
|
2016-07-17 23:57:34 +02:00
|
|
|
}
|
2010-12-19 10:58:00 +01:00
|
|
|
if (wpa_s->sme.sa_query_count == 0) {
|
|
|
|
/* Starting a new SA Query procedure */
|
2013-12-16 21:08:27 +01:00
|
|
|
os_get_reltime(&wpa_s->sme.sa_query_start);
|
2010-12-19 10:58:00 +01:00
|
|
|
}
|
|
|
|
trans_id = nbuf + wpa_s->sme.sa_query_count * WLAN_SA_QUERY_TR_ID_LEN;
|
|
|
|
wpa_s->sme.sa_query_trans_id = nbuf;
|
|
|
|
wpa_s->sme.sa_query_count++;
|
|
|
|
|
2014-09-07 17:27:42 +02:00
|
|
|
if (os_get_random(trans_id, WLAN_SA_QUERY_TR_ID_LEN) < 0) {
|
|
|
|
wpa_printf(MSG_DEBUG, "Could not generate SA Query ID");
|
2016-07-17 23:57:34 +02:00
|
|
|
sme_stop_sa_query(wpa_s);
|
2014-09-07 17:27:42 +02:00
|
|
|
return;
|
|
|
|
}
|
2010-12-19 10:58:00 +01:00
|
|
|
|
|
|
|
timeout = sa_query_retry_timeout;
|
|
|
|
sec = ((timeout / 1000) * 1024) / 1000;
|
|
|
|
usec = (timeout % 1000) * 1024;
|
|
|
|
eloop_register_timeout(sec, usec, sme_sa_query_timer, wpa_s, NULL);
|
|
|
|
|
2011-02-10 19:14:46 +01:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "SME: Association SA Query attempt %d",
|
|
|
|
wpa_s->sme.sa_query_count);
|
2010-12-19 10:58:00 +01:00
|
|
|
|
|
|
|
sme_send_sa_query_req(wpa_s, trans_id);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void sme_start_sa_query(struct wpa_supplicant *wpa_s)
|
|
|
|
{
|
|
|
|
sme_sa_query_timer(wpa_s, NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2011-11-18 20:53:36 +01:00
|
|
|
static void sme_stop_sa_query(struct wpa_supplicant *wpa_s)
|
2010-12-19 10:58:00 +01:00
|
|
|
{
|
2019-04-15 23:42:09 +02:00
|
|
|
if (wpa_s->sme.sa_query_trans_id)
|
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "SME: Stop SA Query");
|
2010-12-19 10:58:00 +01:00
|
|
|
eloop_cancel_timeout(sme_sa_query_timer, wpa_s, NULL);
|
|
|
|
os_free(wpa_s->sme.sa_query_trans_id);
|
|
|
|
wpa_s->sme.sa_query_trans_id = NULL;
|
|
|
|
wpa_s->sme.sa_query_count = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
void sme_event_unprot_disconnect(struct wpa_supplicant *wpa_s, const u8 *sa,
|
|
|
|
const u8 *da, u16 reason_code)
|
|
|
|
{
|
|
|
|
struct wpa_ssid *ssid;
|
2014-06-19 19:56:32 +02:00
|
|
|
struct os_reltime now;
|
2010-12-19 10:58:00 +01:00
|
|
|
|
|
|
|
if (wpa_s->wpa_state != WPA_COMPLETED)
|
|
|
|
return;
|
|
|
|
ssid = wpa_s->current_ssid;
|
2015-01-26 16:40:22 +01:00
|
|
|
if (wpas_get_ssid_pmf(wpa_s, ssid) == NO_MGMT_FRAME_PROTECTION)
|
2010-12-19 10:58:00 +01:00
|
|
|
return;
|
Use ether_addr_equal() to compare whether two MAC addresses are equal
This was done with spatch using the following semantic patch and minor
manual edits to clean up coding style and avoid compiler warnings in
driver_wext.c:
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) == 0
+ ether_addr_equal(a, b)
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) != 0
+ !ether_addr_equal(a, b)
@@
expression a,b;
@@
- !os_memcmp(a, b, ETH_ALEN)
+ ether_addr_equal(a, b)
Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-13 22:15:36 +01:00
|
|
|
if (!ether_addr_equal(sa, wpa_s->bssid))
|
2010-12-19 10:58:00 +01:00
|
|
|
return;
|
|
|
|
if (reason_code != WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA &&
|
|
|
|
reason_code != WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA)
|
|
|
|
return;
|
|
|
|
if (wpa_s->sme.sa_query_count > 0)
|
|
|
|
return;
|
2020-03-21 17:12:02 +01:00
|
|
|
#ifdef CONFIG_TESTING_OPTIONS
|
|
|
|
if (wpa_s->disable_sa_query)
|
|
|
|
return;
|
|
|
|
#endif /* CONFIG_TESTING_OPTIONS */
|
2010-12-19 10:58:00 +01:00
|
|
|
|
2014-06-19 19:56:32 +02:00
|
|
|
os_get_reltime(&now);
|
|
|
|
if (wpa_s->sme.last_unprot_disconnect.sec &&
|
|
|
|
!os_reltime_expired(&now, &wpa_s->sme.last_unprot_disconnect, 10))
|
|
|
|
return; /* limit SA Query procedure frequency */
|
|
|
|
wpa_s->sme.last_unprot_disconnect = now;
|
|
|
|
|
2011-02-10 19:14:46 +01:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "SME: Unprotected disconnect dropped - "
|
|
|
|
"possible AP/STA state mismatch - trigger SA Query");
|
2010-12-19 10:58:00 +01:00
|
|
|
sme_start_sa_query(wpa_s);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2018-08-06 21:46:35 +02:00
|
|
|
void sme_event_ch_switch(struct wpa_supplicant *wpa_s)
|
|
|
|
{
|
|
|
|
unsigned int usec;
|
|
|
|
u32 _rand;
|
|
|
|
|
|
|
|
if (wpa_s->wpa_state != WPA_COMPLETED ||
|
|
|
|
!wpa_sm_ocv_enabled(wpa_s->wpa))
|
|
|
|
return;
|
|
|
|
|
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG,
|
|
|
|
"SME: Channel switch completed - trigger new SA Query to verify new operating channel");
|
|
|
|
sme_stop_sa_query(wpa_s);
|
|
|
|
|
|
|
|
if (os_get_random((u8 *) &_rand, sizeof(_rand)) < 0)
|
|
|
|
_rand = os_random();
|
|
|
|
usec = _rand % (sa_query_ch_switch_max_delay + 1);
|
|
|
|
eloop_register_timeout(0, usec, sme_sa_query_timer, wpa_s, NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.
On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.
Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.
As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-08-06 21:46:34 +02:00
|
|
|
static void sme_process_sa_query_request(struct wpa_supplicant *wpa_s,
|
|
|
|
const u8 *sa, const u8 *data,
|
|
|
|
size_t len)
|
|
|
|
{
|
|
|
|
u8 resp[2 + WLAN_SA_QUERY_TR_ID_LEN + OCV_OCI_EXTENDED_LEN];
|
|
|
|
u8 resp_len = 2 + WLAN_SA_QUERY_TR_ID_LEN;
|
|
|
|
|
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "SME: Sending SA Query Response to "
|
|
|
|
MACSTR, MAC2STR(wpa_s->bssid));
|
|
|
|
|
|
|
|
resp[0] = WLAN_ACTION_SA_QUERY;
|
|
|
|
resp[1] = WLAN_SA_QUERY_RESPONSE;
|
|
|
|
os_memcpy(resp + 2, data + 1, WLAN_SA_QUERY_TR_ID_LEN);
|
|
|
|
|
|
|
|
#ifdef CONFIG_OCV
|
|
|
|
if (wpa_sm_ocv_enabled(wpa_s->wpa)) {
|
|
|
|
struct wpa_channel_info ci;
|
|
|
|
|
|
|
|
if (wpa_drv_channel_info(wpa_s, &ci) != 0) {
|
|
|
|
wpa_printf(MSG_WARNING,
|
|
|
|
"Failed to get channel info for OCI element in SA Query Response frame");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2020-05-08 19:59:04 +02:00
|
|
|
#ifdef CONFIG_TESTING_OPTIONS
|
|
|
|
if (wpa_s->oci_freq_override_saquery_resp) {
|
|
|
|
wpa_printf(MSG_INFO,
|
|
|
|
"TEST: Override SA Query Response OCI frequency %d -> %d MHz",
|
|
|
|
ci.frequency,
|
|
|
|
wpa_s->oci_freq_override_saquery_resp);
|
|
|
|
ci.frequency = wpa_s->oci_freq_override_saquery_resp;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_TESTING_OPTIONS */
|
|
|
|
|
OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.
On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.
Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.
As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-08-06 21:46:34 +02:00
|
|
|
if (ocv_insert_extended_oci(&ci, resp + resp_len) < 0)
|
|
|
|
return;
|
|
|
|
|
|
|
|
resp_len += OCV_OCI_EXTENDED_LEN;
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_OCV */
|
|
|
|
|
|
|
|
if (wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
|
|
|
|
wpa_s->own_addr, wpa_s->bssid,
|
|
|
|
resp, resp_len, 0) < 0)
|
|
|
|
wpa_msg(wpa_s, MSG_INFO,
|
|
|
|
"SME: Failed to send SA Query Response");
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
static void sme_process_sa_query_response(struct wpa_supplicant *wpa_s,
|
|
|
|
const u8 *sa, const u8 *data,
|
|
|
|
size_t len)
|
2010-12-19 10:58:00 +01:00
|
|
|
{
|
|
|
|
int i;
|
|
|
|
|
OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.
On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.
Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.
As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-08-06 21:46:34 +02:00
|
|
|
if (!wpa_s->sme.sa_query_trans_id)
|
2010-12-19 10:58:00 +01:00
|
|
|
return;
|
OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.
On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.
Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.
As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-08-06 21:46:34 +02:00
|
|
|
|
2011-02-10 19:14:46 +01:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "SME: Received SA Query response from "
|
|
|
|
MACSTR " (trans_id %02x%02x)", MAC2STR(sa), data[1], data[2]);
|
2010-12-19 10:58:00 +01:00
|
|
|
|
Use ether_addr_equal() to compare whether two MAC addresses are equal
This was done with spatch using the following semantic patch and minor
manual edits to clean up coding style and avoid compiler warnings in
driver_wext.c:
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) == 0
+ ether_addr_equal(a, b)
@@
expression a,b;
@@
- os_memcmp(a, b, ETH_ALEN) != 0
+ !ether_addr_equal(a, b)
@@
expression a,b;
@@
- !os_memcmp(a, b, ETH_ALEN)
+ ether_addr_equal(a, b)
Signed-off-by: Jouni Malinen <j@w1.fi>
2024-01-13 22:15:36 +01:00
|
|
|
if (!ether_addr_equal(sa, wpa_s->bssid))
|
2010-12-19 10:58:00 +01:00
|
|
|
return;
|
|
|
|
|
|
|
|
for (i = 0; i < wpa_s->sme.sa_query_count; i++) {
|
|
|
|
if (os_memcmp(wpa_s->sme.sa_query_trans_id +
|
|
|
|
i * WLAN_SA_QUERY_TR_ID_LEN,
|
|
|
|
data + 1, WLAN_SA_QUERY_TR_ID_LEN) == 0)
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (i >= wpa_s->sme.sa_query_count) {
|
2011-02-10 19:14:46 +01:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "SME: No matching SA Query "
|
|
|
|
"transaction identifier found");
|
2010-12-19 10:58:00 +01:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
2011-02-10 19:14:46 +01:00
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "SME: Reply to pending SA Query received "
|
|
|
|
"from " MACSTR, MAC2STR(sa));
|
2010-12-19 10:58:00 +01:00
|
|
|
sme_stop_sa_query(wpa_s);
|
|
|
|
}
|
|
|
|
|
OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.
On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.
Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.
As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-08-06 21:46:34 +02:00
|
|
|
|
2021-02-16 10:34:50 +01:00
|
|
|
void sme_sa_query_rx(struct wpa_supplicant *wpa_s, const u8 *da, const u8 *sa,
|
OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.
On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.
Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.
As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-08-06 21:46:34 +02:00
|
|
|
const u8 *data, size_t len)
|
|
|
|
{
|
|
|
|
if (len < 1 + WLAN_SA_QUERY_TR_ID_LEN)
|
|
|
|
return;
|
2021-02-16 10:34:50 +01:00
|
|
|
if (is_multicast_ether_addr(da)) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"IEEE 802.11: Ignore group-addressed SA Query frame (A1=" MACSTR " A2=" MACSTR ")",
|
|
|
|
MAC2STR(da), MAC2STR(sa));
|
|
|
|
return;
|
|
|
|
}
|
OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.
On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.
Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.
As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-08-06 21:46:34 +02:00
|
|
|
|
|
|
|
wpa_dbg(wpa_s, MSG_DEBUG, "SME: Received SA Query frame from "
|
|
|
|
MACSTR " (trans_id %02x%02x)", MAC2STR(sa), data[1], data[2]);
|
|
|
|
|
|
|
|
#ifdef CONFIG_OCV
|
|
|
|
if (wpa_sm_ocv_enabled(wpa_s->wpa)) {
|
|
|
|
struct ieee802_11_elems elems;
|
|
|
|
struct wpa_channel_info ci;
|
|
|
|
|
|
|
|
if (ieee802_11_parse_elems(data + 1 + WLAN_SA_QUERY_TR_ID_LEN,
|
|
|
|
len - 1 - WLAN_SA_QUERY_TR_ID_LEN,
|
|
|
|
&elems, 1) == ParseFailed) {
|
|
|
|
wpa_printf(MSG_DEBUG,
|
|
|
|
"SA Query: Failed to parse elements");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (wpa_drv_channel_info(wpa_s, &ci) != 0) {
|
|
|
|
wpa_printf(MSG_WARNING,
|
|
|
|
"Failed to get channel info to validate received OCI in SA Query Action frame");
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (ocv_verify_tx_params(elems.oci, elems.oci_len, &ci,
|
|
|
|
channel_width_to_int(ci.chanwidth),
|
2020-09-02 20:55:28 +02:00
|
|
|
ci.seg1_idx) != OCI_SUCCESS) {
|
2020-05-29 23:24:15 +02:00
|
|
|
wpa_msg(wpa_s, MSG_INFO, OCV_FAILURE "addr=" MACSTR
|
|
|
|
" frame=saquery%s error=%s",
|
|
|
|
MAC2STR(sa), data[0] == WLAN_SA_QUERY_REQUEST ?
|
|
|
|
"req" : "resp", ocv_errorstr);
|
OCV: Include and verify OCI in SA Query frames
Include an OCI element in SA Query Request and Response frames if OCV
has been negotiated.
On Linux, a kernel patch is needed to let clients correctly handle SA
Query Requests that contain an OCI element. Without this patch, the
kernel will reply to the SA Query Request itself, without verifying the
included OCI. Additionally, the SA Query Response sent by the kernel
will not include an OCI element. The correct operation of the AP does
not require a kernel patch.
Without the corresponding kernel patch, SA Query Requests sent by the
client are still valid, meaning they do include an OCI element.
Note that an AP does not require any kernel patches. In other words, SA
Query frames sent and received by the AP are properly handled, even
without a kernel patch.
As a result, the kernel patch is only required to make the client properly
process and respond to a SA Query Request from the AP. Without this
patch, the client will send a SA Query Response without an OCI element,
causing the AP to silently ignore the response and eventually disconnect
the client from the network if OCV has been negotiated to be used.
Signed-off-by: Mathy Vanhoef <Mathy.Vanhoef@cs.kuleuven.be>
2018-08-06 21:46:34 +02:00
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* CONFIG_OCV */
|
|
|
|
|
|
|
|
if (data[0] == WLAN_SA_QUERY_REQUEST)
|
|
|
|
sme_process_sa_query_request(wpa_s, sa, data, len);
|
|
|
|
else if (data[0] == WLAN_SA_QUERY_RESPONSE)
|
|
|
|
sme_process_sa_query_response(wpa_s, sa, data, len);
|
|
|
|
}
|