DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Add SME support (separate authentication and association)

Browse source 
This can be used, e.g., with mac80211-based Linux drivers with
nl80211. This allows over-the-air FT protocol to be used (IEEE
802.11r).

Since the nl80211 interface needed for this is very recent (added
today  into wireless-testing.git), driver_nl80211.c has backwards
compatibility code that uses WEXT for association if the kernel does
not support the new commands. This compatibility code can be
disabled by defining NO_WEXT_COMPAT. That code will also be removed
at  some point to clean up driver_nl80211.c.
This commit is contained in:
Jouni Malinen 2009-03-20 22:26:41 +02:00 committed by Jouni Malinen
parent b21fab69fd
commit c2a0407851
15 changed files with 1023 additions and 67 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/common/defs.h
View file

@ -128,6 +128,16 @@ typedef enum {
*/
WPA_SCANNING,
/**
* WPA_AUTHENTICATING - Trying to authenticate with a BSS/SSID
*
* This state is entered when wpa_supplicant has found a suitable BSS
* to authenticate with and the driver is configured to try to
* authenticate with this BSS. This state is used only with drivers
* that use wpa_supplicant as the SME.
*/
WPA_AUTHENTICATING,
/**
* WPA_ASSOCIATING - Trying to associate with a BSS/SSID
*

70
src/drivers/driver.h
View file

@ -22,6 +22,7 @@
#define AUTH_ALG_OPEN_SYSTEM 0x01
#define AUTH_ALG_SHARED_KEY 0x02
#define AUTH_ALG_LEAP 0x04
#define AUTH_ALG_FT 0x08
#define IEEE80211_MODE_INFRA 0
#define IEEE80211_MODE_IBSS 1
@ -189,6 +190,20 @@ struct wpa_driver_scan_params {
size_t extra_ies_len;
};
/**
* struct wpa_driver_auth_params - Authentication parameters
* Data for struct wpa_driver_ops::authenticate().
*/
struct wpa_driver_auth_params {
int freq;
const u8 *bssid;
const u8 *ssid;
size_t ssid_len;
int auth_alg;
const u8 *ie;
size_t ie_len;
};
/**
* struct wpa_driver_associate_params - Association parameters
* Data for struct wpa_driver_ops::associate().
@ -369,6 +384,9 @@ struct wpa_driver_capa {
* struct wpa_driver_ops::set_key using alg = WPA_ALG_PMK */
#define WPA_DRIVER_FLAGS_4WAY_HANDSHAKE 0x00000008
#define WPA_DRIVER_FLAGS_WIRED 0x00000010
/* Driver provides separate commands for authentication and association (SME in
* wpa_supplicant). */
#define WPA_DRIVER_FLAGS_SME 0x00000020
unsigned int flags;
int max_scan_ssids;
@ -1083,6 +1101,21 @@ struct wpa_driver_ops {
* results with wpa_driver_get_scan_results2().
*/
int (*scan2)(void *priv, struct wpa_driver_scan_params *params);
/**
* authenticate - Request driver to authenticate
* @priv: private driver interface data
* @params: authentication parameters
* Returns: 0 on success, -1 on failure
*
* This is an optional function that can be used with drivers that
* support separate authentication and association steps, i.e., when
* wpa_supplicant can act as the SME. If not implemented, associate()
* function is expected to take care of IEEE 802.11 authentication,
* too.
*/
int (*authenticate)(void *priv,
struct wpa_driver_auth_params *params);
};
/**
@ -1108,7 +1141,9 @@ typedef enum wpa_event_type {
*
* This event should be called when association is lost either due to
* receiving deauthenticate or disassociate frame from the AP or when
* sending either of these frames to the current AP.
* sending either of these frames to the current AP. If the driver
* supports separate deauthentication event, EVENT_DISASSOC should only
* be used for disassociation and EVENT_DEAUTH for deauthentication.
*/
EVENT_DISASSOC,
@ -1216,7 +1251,27 @@ typedef enum wpa_event_type {
* event starts RSN authentication with the other STA to authenticate
* the STA and set up encryption keys with it.
*/
EVENT_IBSS_RSN_START
EVENT_IBSS_RSN_START,
/**
* EVENT_AUTH - Authentication result
*
* This event should be called when authentication attempt has been
* completed. This is only used if the driver supports separate
* authentication step (struct wpa_driver_ops::authenticate).
* Information about authentication result is included in
* union wpa_event_data::auth.
*/
EVENT_AUTH,
/**
* EVENT_DEAUTH - Authentication lost
*
* This event should be called when authentication is lost either due
* to receiving deauthenticate frame from the AP or when sending that
* frame to the current AP.
*/
EVENT_DEAUTH
} wpa_event_type;
@ -1354,6 +1409,17 @@ union wpa_event_data {
struct ibss_rsn_start {
u8 peer[ETH_ALEN];
} ibss_rsn_start;
/**
* struct auth_info - Data for EVENT_AUTH events
*/
struct auth_info {
u8 peer[ETH_ALEN];
u16 auth_type;
u16 status_code;
const u8 *ies;
size_t ies_len;
} auth;
};
/**

3
src/drivers/driver_ndis.c
View file

@ -3214,5 +3214,6 @@ const struct wpa_driver_ops wpa_driver_ndis_ops = {
NULL /* global_deinit */,
NULL /* init2 */,
wpa_driver_ndis_get_interfaces,
NULL /* scan2 */
NULL /* scan2 */,
NULL /* authenticate */
};

430
src/drivers/driver_nl80211.c
View file

@ -47,6 +47,16 @@
#endif
#ifndef NO_WEXT_COMPAT
/*
* Fall back to WEXT association, if the kernel does not support nl80211 MLME
* commands. This is temporary backwards compatibility version that will be
* removed at some point.
*/
#define WEXT_COMPAT
#endif /* NO_WEXT_COMPAT */
struct wpa_driver_nl80211_data {
void *ctx;
int wext_event_sock;
@ -54,17 +64,20 @@ struct wpa_driver_nl80211_data {
char ifname[IFNAMSIZ + 1];
int ifindex;
int if_removed;
u8 *assoc_req_ies;
size_t assoc_req_ies_len;
u8 *assoc_resp_ies;
size_t assoc_resp_ies_len;
struct wpa_driver_capa capa;
int has_capability;
int we_version_compiled;
#ifdef WEXT_COMPAT
u8 *assoc_req_ies;
size_t assoc_req_ies_len;
u8 *assoc_resp_ies;
size_t assoc_resp_ies_len;
/* for set_auth_alg fallback */
int use_crypt;
int auth_alg_fallback;
#endif /* WEXT_COMPAT */
int operstate;
@ -81,6 +94,9 @@ struct wpa_driver_nl80211_data {
int monitor_sock; /* socket for monitor */
int monitor_ifidx;
#endif /* CONFIG_CLIENT_MLME */
u8 bssid[ETH_ALEN];
int associated;
};
@ -300,19 +316,27 @@ static int wpa_driver_nl80211_set_auth_param(
static int wpa_driver_nl80211_get_bssid(void *priv, u8 *bssid)
{
struct wpa_driver_nl80211_data *drv = priv;
struct iwreq iwr;
int ret = 0;
#ifdef WEXT_COMPAT
if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME)) {
struct iwreq iwr;
int ret = 0;
os_memset(&iwr, 0, sizeof(iwr));
os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
os_memset(&iwr, 0, sizeof(iwr));
os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
if (ioctl(drv->ioctl_sock, SIOCGIWAP, &iwr) < 0) {
perror("ioctl[SIOCGIWAP]");
ret = -1;
if (ioctl(drv->ioctl_sock, SIOCGIWAP, &iwr) < 0) {
perror("ioctl[SIOCGIWAP]");
ret = -1;
}
os_memcpy(bssid, iwr.u.ap_addr.sa_data, ETH_ALEN);
return ret;
}
os_memcpy(bssid, iwr.u.ap_addr.sa_data, ETH_ALEN);
return ret;
#endif /* WEXT_COMPAT */
if (!drv->associated)
return -1;
os_memcpy(bssid, drv->bssid, ETH_ALEN);
return 0;
}
@ -431,6 +455,7 @@ static int wpa_driver_nl80211_set_freq(void *priv, int freq)
}
#ifdef WEXT_COMPAT
static void
wpa_driver_nl80211_event_wireless_custom(void *ctx, char *custom)
{
@ -501,6 +526,7 @@ wpa_driver_nl80211_event_wireless_custom(void *ctx, char *custom)
#endif /* CONFIG_PEERKEY */
}
}
#endif /* WEXT_COMPAT */
static int wpa_driver_nl80211_event_wireless_michaelmicfailure(
@ -553,6 +579,7 @@ static int wpa_driver_nl80211_event_wireless_pmkidcand(
}
#ifdef WEXT_COMPAT
static int wpa_driver_nl80211_event_wireless_assocreqie(
struct wpa_driver_nl80211_data *drv, const char *ev, int len)
{
@ -619,13 +646,17 @@ static void wpa_driver_nl80211_event_assoc_ies(struct wpa_driver_nl80211_data *d
os_free(data.assoc_info.req_ies);
os_free(data.assoc_info.resp_ies);
}
#endif /* WEXT_COMPAT */
static void wpa_driver_nl80211_event_wireless(struct wpa_driver_nl80211_data *drv,
void *ctx, char *data, int len)
{
struct iw_event iwe_buf, *iwe = &iwe_buf;
char *pos, *end, *custom, *buf;
char *pos, *end, *custom;
#ifdef WEXT_COMPAT
char *buf;
#endif /* WEXT_COMPAT */
pos = data;
end = data + len;
@ -657,7 +688,10 @@ static void wpa_driver_nl80211_event_wireless(struct wpa_driver_nl80211_data *dr
}
switch (iwe->cmd) {
#ifdef WEXT_COMPAT
case SIOCGIWAP:
if (drv->capa.flags & WPA_DRIVER_FLAGS_SME)
break;
wpa_printf(MSG_DEBUG, "Wireless event: new AP: "
MACSTR,
MAC2STR((u8 *) iwe->u.ap_addr.sa_data));
@ -678,11 +712,15 @@ static void wpa_driver_nl80211_event_wireless(struct wpa_driver_nl80211_data *dr
wpa_supplicant_event(ctx, EVENT_ASSOC, NULL);
}
break;
#endif /* WEXT_COMPAT */
case IWEVMICHAELMICFAILURE:
wpa_driver_nl80211_event_wireless_michaelmicfailure(
ctx, custom, iwe->u.data.length);
break;
#ifdef WEXT_COMPAT
case IWEVCUSTOM:
if (drv->capa.flags & WPA_DRIVER_FLAGS_SME)
break;
if (custom + iwe->u.data.length > end)
return;
buf = os_malloc(iwe->u.data.length + 1);
@ -694,13 +732,18 @@ static void wpa_driver_nl80211_event_wireless(struct wpa_driver_nl80211_data *dr
os_free(buf);
break;
case IWEVASSOCREQIE:
if (drv->capa.flags & WPA_DRIVER_FLAGS_SME)
break;
wpa_driver_nl80211_event_wireless_assocreqie(
drv, custom, iwe->u.data.length);
break;
case IWEVASSOCRESPIE:
if (drv->capa.flags & WPA_DRIVER_FLAGS_SME)
break;
wpa_driver_nl80211_event_wireless_assocrespie(
drv, custom, iwe->u.data.length);
break;
#endif /* WEXT_COMPAT */
case IWEVPMKIDCAND:
wpa_driver_nl80211_event_wireless_pmkidcand(
drv, custom, iwe->u.data.length);
@ -961,6 +1004,103 @@ static int no_seq_check(struct nl_msg *msg, void *arg)
}
static void mlme_event_auth(struct wpa_driver_nl80211_data *drv,
const u8 *frame, size_t len)
{
const struct ieee80211_mgmt *mgmt;
union wpa_event_data event;
mgmt = (const struct ieee80211_mgmt *) frame;
if (len < 24 + sizeof(mgmt->u.auth)) {
wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
"frame");
return;
}
os_memset(&event, 0, sizeof(event));
os_memcpy(event.auth.peer, mgmt->sa, ETH_ALEN);
event.auth.auth_type = le_to_host16(mgmt->u.auth.auth_alg);
event.auth.status_code = le_to_host16(mgmt->u.auth.status_code);
if (len > 24 + sizeof(mgmt->u.auth)) {
event.auth.ies = mgmt->u.auth.variable;
event.auth.ies_len = len - 24 - sizeof(mgmt->u.auth);
}
wpa_supplicant_event(drv->ctx, EVENT_AUTH, &event);
}
static void mlme_event_assoc(struct wpa_driver_nl80211_data *drv,
const u8 *frame, size_t len)
{
const struct ieee80211_mgmt *mgmt;
union wpa_event_data event;
u16 status;
mgmt = (const struct ieee80211_mgmt *) frame;
if (len < 24 + sizeof(mgmt->u.assoc_resp)) {
wpa_printf(MSG_DEBUG, "nl80211: Too short association event "
"frame");
return;
}
status = le_to_host16(mgmt->u.assoc_resp.status_code);
if (status != WLAN_STATUS_SUCCESS) {
wpa_printf(MSG_DEBUG, "nl80211: Association failed: status "
"code %d", status);
/* TODO: notify SME so that things like SA Query and comeback
* time can be implemented */
return;
}
drv->associated = 1;
os_memcpy(drv->bssid, mgmt->sa, ETH_ALEN);
os_memset(&event, 0, sizeof(event));
if (len > 24 + sizeof(mgmt->u.assoc_resp)) {
event.assoc_info.resp_ies = (u8 *) mgmt->u.assoc_resp.variable;
event.assoc_info.resp_ies_len =
len - 24 - sizeof(mgmt->u.assoc_req);
}
wpa_supplicant_event(drv->ctx, EVENT_ASSOC, &event);
}
static void mlme_event(struct wpa_driver_nl80211_data *drv,
enum nl80211_commands cmd, struct nlattr *frame)
{
if (frame == NULL) {
wpa_printf(MSG_DEBUG, "nl80211: MLME event %d without frame "
"data", cmd);
return;
}
wpa_printf(MSG_DEBUG, "nl80211: MLME event %d", cmd);
wpa_hexdump(MSG_MSGDUMP, "nl80211: MLME event frame",
nla_data(frame), nla_len(frame));
switch (cmd) {
case NL80211_CMD_AUTHENTICATE:
mlme_event_auth(drv, nla_data(frame), nla_len(frame));
break;
case NL80211_CMD_ASSOCIATE:
mlme_event_assoc(drv, nla_data(frame), nla_len(frame));
break;
case NL80211_CMD_DEAUTHENTICATE:
drv->associated = 0;
wpa_supplicant_event(drv->ctx, EVENT_DEAUTH, NULL);
break;
case NL80211_CMD_DISASSOCIATE:
drv->associated = 0;
wpa_supplicant_event(drv->ctx, EVENT_DISASSOC, NULL);
break;
default:
break;
}
}
static int process_event(struct nl_msg *msg, void *arg)
{
struct wpa_driver_nl80211_data *drv = arg;
@ -998,9 +1138,15 @@ static int process_event(struct nl_msg *msg, void *arg)
drv->ctx);
wpa_supplicant_event(drv->ctx, EVENT_SCAN_RESULTS, NULL);
break;
case NL80211_CMD_AUTHENTICATE:
case NL80211_CMD_ASSOCIATE:
case NL80211_CMD_DEAUTHENTICATE:
case NL80211_CMD_DISASSOCIATE:
mlme_event(drv, gnlh->cmd, tb[NL80211_ATTR_FRAME]);
break;
default:
wpa_printf(MSG_DEBUG, "nl0211: Ignored unknown event (cmd=%d)",
gnlh->cmd);
wpa_printf(MSG_DEBUG, "nl80211: Ignored unknown event "
"(cmd=%d)", gnlh->cmd);
break;
}
@ -1490,6 +1636,28 @@ static void * wpa_driver_nl80211_init(void *ctx, const char *ifname)
ret, strerror(-ret));
goto err4;
}
ret = nl_get_multicast_id(drv, "nl80211", "mlme");
if (ret >= 0)
ret = nl_socket_add_membership(drv->nl_handle, ret);
#ifdef WEXT_COMPAT
if (ret < 0) {
wpa_printf(MSG_DEBUG, "nl80211: Could not add multicast "
"membership for mlme events: %d (%s)",
ret, strerror(-ret));
/* Use WEXT for association request */
} else
drv->capa.flags |= WPA_DRIVER_FLAGS_SME;
#else /* WEXT_COMPAT */
if (ret < 0) {
wpa_printf(MSG_ERROR, "nl80211: Could not add multicast "
"membership for mlme events: %d (%s)",
ret, strerror(-ret));
goto err4;
}
drv->capa.flags |= WPA_DRIVER_FLAGS_SME;
#endif /* WEXT_COMPAT */
eloop_register_read_sock(nl_socket_get_fd(drv->nl_handle),
wpa_driver_nl80211_event_receive, drv, ctx);
@ -1622,8 +1790,10 @@ static void wpa_driver_nl80211_deinit(void *priv)
close(drv->wext_event_sock);
close(drv->ioctl_sock);
#ifdef WEXT_COMPAT
os_free(drv->assoc_req_ies);
os_free(drv->assoc_resp_ies);
#endif /* WEXT_COMPAT */
eloop_unregister_read_sock(nl_socket_get_fd(drv->nl_handle));
genl_family_put(drv->nl80211);
@ -1902,14 +2072,18 @@ static int wpa_driver_nl80211_get_range(void *priv)
}
#ifdef WEXT_COMPAT
static int wpa_driver_nl80211_set_wpa(void *priv, int enabled)
{
struct wpa_driver_nl80211_data *drv = priv;
if (drv->capa.flags & WPA_DRIVER_FLAGS_SME)
return 0;
wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
return wpa_driver_nl80211_set_auth_param(drv, IW_AUTH_WPA_ENABLED,
enabled);
}
#endif /* WEXT_COMPAT */
static int wpa_driver_nl80211_set_key(void *priv, wpa_alg alg,
@ -1999,15 +2173,19 @@ nla_put_failure:
}
#ifdef WEXT_COMPAT
static int wpa_driver_nl80211_set_countermeasures(void *priv,
int enabled)
{
struct wpa_driver_nl80211_data *drv = priv;
if (drv->capa.flags & WPA_DRIVER_FLAGS_SME)
return 0;
wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
return wpa_driver_nl80211_set_auth_param(drv,
IW_AUTH_TKIP_COUNTERMEASURES,
enabled);
}
#endif /* WEXT_COMPAT */
static int wpa_driver_nl80211_set_drop_unencrypted(void *priv,
@ -2015,14 +2193,18 @@ static int wpa_driver_nl80211_set_drop_unencrypted(void *priv,
{
struct wpa_driver_nl80211_data *drv = priv;
wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
#ifdef WEXT_COMPAT
drv->use_crypt = enabled;
#endif /* WEXT_COMPAT */
return wpa_driver_nl80211_set_auth_param(drv, IW_AUTH_DROP_UNENCRYPTED,
enabled);
}
static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
const u8 *addr, int cmd, int reason_code)
#ifdef WEXT_COMPAT
static int wpa_driver_nl80211_mlme_wext(struct wpa_driver_nl80211_data *drv,
const u8 *addr, int cmd,
int reason_code)
{
struct iwreq iwr;
struct iw_mlme mlme;
@ -2045,27 +2227,73 @@ static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
return ret;
}
#endif /* WEXT_COMPAT */
static int wpa_driver_nl80211_mlme(struct wpa_driver_nl80211_data *drv,
const u8 *addr, int cmd, u16 reason_code)
{
int ret = -1;
struct nl_msg *msg;
msg = nlmsg_alloc();
if (!msg)
return -1;
genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0, cmd, 0);
NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
NLA_PUT_U16(msg, NL80211_ATTR_REASON_CODE, reason_code);
NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, addr);
ret = send_and_recv_msgs(drv, msg, NULL, NULL);
msg = NULL;
if (ret) {
wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d "
"(%s)", ret, strerror(-ret));
goto nla_put_failure;
}
ret = 0;
nla_put_failure:
nlmsg_free(msg);
return ret;
}
static int wpa_driver_nl80211_deauthenticate(void *priv, const u8 *addr,
int reason_code)
int reason_code)
{
struct wpa_driver_nl80211_data *drv = priv;
wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
return wpa_driver_nl80211_mlme(drv, addr, IW_MLME_DEAUTH, reason_code);
wpa_printf(MSG_DEBUG, "%s", __func__);
#ifdef WEXT_COMPAT
if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME))
return wpa_driver_nl80211_mlme_wext(drv, addr, IW_MLME_DEAUTH,
reason_code);
#endif /* WEXT_COMPAT */
return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DEAUTHENTICATE,
reason_code);
}
static int wpa_driver_nl80211_disassociate(void *priv, const u8 *addr,
int reason_code)
int reason_code)
{
struct wpa_driver_nl80211_data *drv = priv;
wpa_printf(MSG_DEBUG, "%s", __FUNCTION__);
return wpa_driver_nl80211_mlme(drv, addr, IW_MLME_DISASSOC,
reason_code);
wpa_printf(MSG_DEBUG, "%s", __func__);
#ifdef WEXT_COMPAT
if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME))
return wpa_driver_nl80211_mlme_wext(drv, addr,
IW_MLME_DISASSOC,
reason_code);
#endif /* WEXT_COMPAT */
return wpa_driver_nl80211_mlme(drv, addr, NL80211_CMD_DISASSOCIATE,
reason_code);
}
#ifdef WEXT_COMPAT
static int wpa_driver_nl80211_set_gen_ie(void *priv, const u8 *ie,
size_t ie_len)
{
@ -2073,6 +2301,8 @@ static int wpa_driver_nl80211_set_gen_ie(void *priv, const u8 *ie,
struct iwreq iwr;
int ret = 0;
if (drv->capa.flags & WPA_DRIVER_FLAGS_SME)
return 0;
os_memset(&iwr, 0, sizeof(iwr));
os_strlcpy(iwr.ifr_name, drv->ifname, IFNAMSIZ);
iwr.u.data.pointer = (caddr_t) ie;
@ -2164,7 +2394,7 @@ wpa_driver_nl80211_auth_alg_fallback(struct wpa_driver_nl80211_data *drv,
}
static int wpa_driver_nl80211_associate(
static int wpa_driver_nl80211_associate_wext(
void *priv, struct wpa_driver_associate_params *params)
{
struct wpa_driver_nl80211_data *drv = priv;
@ -2251,6 +2481,9 @@ static int wpa_driver_nl80211_set_auth_alg(void *priv, int auth_alg)
struct wpa_driver_nl80211_data *drv = priv;
int algs = 0, res;
if (drv->capa.flags & WPA_DRIVER_FLAGS_SME)
return 0;
if (auth_alg & AUTH_ALG_OPEN_SYSTEM)
algs |= IW_AUTH_ALG_OPEN_SYSTEM;
if (auth_alg & AUTH_ALG_SHARED_KEY)
@ -2267,6 +2500,140 @@ static int wpa_driver_nl80211_set_auth_alg(void *priv, int auth_alg)
drv->auth_alg_fallback = res == -2;
return res;
}
#endif /* WEXT_COMPAT */
static int wpa_driver_nl80211_authenticate(
void *priv, struct wpa_driver_auth_params *params)
{
struct wpa_driver_nl80211_data *drv = priv;
int ret = -1;
struct nl_msg *msg;
enum nl80211_auth_type type;
drv->associated = 0;
msg = nlmsg_alloc();
if (!msg)
return -1;
wpa_printf(MSG_DEBUG, "nl80211: Authenticate (ifindex=%d)",
drv->ifindex);
genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
NL80211_CMD_AUTHENTICATE, 0);
NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
if (params->bssid) {
wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
MAC2STR(params->bssid));
NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
}
if (params->freq) {
wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
}
if (params->ssid) {
wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
params->ssid, params->ssid_len);
NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
params->ssid);
}
wpa_hexdump(MSG_DEBUG, " * IEs", params->ie, params->ie_len);
if (params->ie)
NLA_PUT(msg, NL80211_ATTR_IE, params->ie_len, params->ie);
/*
* TODO: if multiple auth_alg options enabled, try them one by one if
* the AP rejects authentication due to unknown auth alg
*/
if (params->auth_alg & AUTH_ALG_OPEN_SYSTEM)
type = NL80211_AUTHTYPE_OPEN_SYSTEM;
else if (params->auth_alg & AUTH_ALG_SHARED_KEY)
type = NL80211_AUTHTYPE_SHARED_KEY;
else if (params->auth_alg & AUTH_ALG_LEAP)
type = NL80211_AUTHTYPE_NETWORK_EAP;
else if (params->auth_alg & AUTH_ALG_FT)
type = NL80211_AUTHTYPE_FT;
else
goto nla_put_failure;
wpa_printf(MSG_DEBUG, " * Auth Type %d", type);
NLA_PUT_U32(msg, NL80211_ATTR_AUTH_TYPE, type);
ret = send_and_recv_msgs(drv, msg, NULL, NULL);
msg = NULL;
if (ret) {
wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d "
"(%s)", ret, strerror(-ret));
goto nla_put_failure;
}
ret = 0;
wpa_printf(MSG_DEBUG, "nl80211: Authentication request send "
"successfully");
nla_put_failure:
nlmsg_free(msg);
return ret;
}
static int wpa_driver_nl80211_associate(
void *priv, struct wpa_driver_associate_params *params)
{
struct wpa_driver_nl80211_data *drv = priv;
int ret = -1;
struct nl_msg *msg;
#ifdef WEXT_COMPAT
if (!(drv->capa.flags & WPA_DRIVER_FLAGS_SME))
return wpa_driver_nl80211_associate_wext(drv, params);
#endif /* WEXT_COMPAT */
drv->associated = 0;
msg = nlmsg_alloc();
if (!msg)
return -1;
wpa_printf(MSG_DEBUG, "nl80211: Associate (ifindex=%d)",
drv->ifindex);
genlmsg_put(msg, 0, 0, genl_family_get_id(drv->nl80211), 0, 0,
NL80211_CMD_ASSOCIATE, 0);
NLA_PUT_U32(msg, NL80211_ATTR_IFINDEX, drv->ifindex);
if (params->bssid) {
wpa_printf(MSG_DEBUG, " * bssid=" MACSTR,
MAC2STR(params->bssid));
NLA_PUT(msg, NL80211_ATTR_MAC, ETH_ALEN, params->bssid);
}
if (params->freq) {
wpa_printf(MSG_DEBUG, " * freq=%d", params->freq);
NLA_PUT_U32(msg, NL80211_ATTR_WIPHY_FREQ, params->freq);
}
if (params->ssid) {
wpa_hexdump_ascii(MSG_DEBUG, " * SSID",
params->ssid, params->ssid_len);
NLA_PUT(msg, NL80211_ATTR_SSID, params->ssid_len,
params->ssid);
}
wpa_hexdump(MSG_DEBUG, " * IEs", params->wpa_ie, params->wpa_ie_len);
if (params->wpa_ie)
NLA_PUT(msg, NL80211_ATTR_IE, params->wpa_ie_len,
params->wpa_ie);
ret = send_and_recv_msgs(drv, msg, NULL, NULL);
msg = NULL;
if (ret) {
wpa_printf(MSG_DEBUG, "nl80211: MLME command failed: ret=%d "
"(%s)", ret, strerror(-ret));
goto nla_put_failure;
}
ret = 0;
wpa_printf(MSG_DEBUG, "nl80211: Association request send "
"successfully");
nla_put_failure:
nlmsg_free(msg);
return ret;
}
/**
@ -2765,17 +3132,15 @@ const struct wpa_driver_ops wpa_driver_nl80211_ops = {
.desc = "Linux nl80211/cfg80211",
.get_bssid = wpa_driver_nl80211_get_bssid,
.get_ssid = wpa_driver_nl80211_get_ssid,
.set_wpa = wpa_driver_nl80211_set_wpa,
.set_key = wpa_driver_nl80211_set_key,
.set_countermeasures = wpa_driver_nl80211_set_countermeasures,
.set_drop_unencrypted = wpa_driver_nl80211_set_drop_unencrypted,
.scan2 = wpa_driver_nl80211_scan,
.get_scan_results2 = wpa_driver_nl80211_get_scan_results,
.deauthenticate = wpa_driver_nl80211_deauthenticate,
.disassociate = wpa_driver_nl80211_disassociate,
.set_mode = wpa_driver_nl80211_set_mode,
.authenticate = wpa_driver_nl80211_authenticate,
.associate = wpa_driver_nl80211_associate,
.set_auth_alg = wpa_driver_nl80211_set_auth_alg,
.init = wpa_driver_nl80211_init,
.deinit = wpa_driver_nl80211_deinit,
.set_param = wpa_driver_nl80211_set_param,
@ -2794,4 +3159,9 @@ const struct wpa_driver_ops wpa_driver_nl80211_ops = {
.mlme_add_sta = wpa_driver_nl80211_mlme_add_sta,
.mlme_remove_sta = wpa_driver_nl80211_mlme_remove_sta,
#endif /* CONFIG_CLIENT_MLME */
#ifdef WEXT_COMPAT
.set_wpa = wpa_driver_nl80211_set_wpa,
.set_countermeasures = wpa_driver_nl80211_set_countermeasures,
.set_auth_alg = wpa_driver_nl80211_set_auth_alg,
#endif /* WEXT_COMPAT */
};

3
src/drivers/driver_privsep.c
View file

@ -810,7 +810,8 @@ struct wpa_driver_ops wpa_driver_privsep_ops = {
NULL /* global_deinit */,
NULL /* init2 */,
NULL /* get_interfaces */,
NULL /* scan2 */
NULL /* scan2 */,
NULL /* authenticate */
};

3
src/drivers/driver_test.c
View file

@ -1326,5 +1326,6 @@ const struct wpa_driver_ops wpa_driver_test_ops = {
wpa_driver_test_global_deinit,
wpa_driver_test_init2,
wpa_driver_test_get_interfaces,
wpa_driver_test_scan
wpa_driver_test_scan,
NULL /* authenticate */
};

4
wpa_supplicant/ChangeLog
View file

@ -18,6 +18,10 @@ ChangeLog for wpa_supplicant
fix wired IEEE 802.1X authentication
* fixed IEEE 802.11r key derivation function to match with the standard
(note: this breaks interoperability with previous version) [Bug 303]
* added better support for drivers that allow separate authentication
and association commands (e.g., mac80211-based Linux drivers with
nl80211; SME in wpa_supplicant); this allows over-the-air FT protocol
to be used (IEEE 802.11r)
2009-01-06 - v0.6.7
* added support for Wi-Fi Protected Setup (WPS)

6
wpa_supplicant/Makefile
View file

@ -138,6 +138,7 @@ LIBS += -lnl
ifdef CONFIG_CLIENT_MLME
OBJS_d += ../src/utils/radiotap.o
endif
NEED_SME=y
endif
ifdef CONFIG_DRIVER_PRISM54
@ -1035,6 +1036,11 @@ ifdef NEED_BASE64
OBJS += ../src/utils/base64.o
endif
ifdef NEED_SME
OBJS += sme.o
CFLAGS += -DCONFIG_SME
endif
ifdef CONFIG_CLIENT_MLME
OBJS += mlme.o ../src/common/ieee802_11_common.o
CFLAGS += -DCONFIG_CLIENT_MLME

83
wpa_supplicant/events.c
View file

@ -33,6 +33,7 @@
#include "wpas_glue.h"
#include "wps_supplicant.h"
#include "ibss_rsn.h"
#include "sme.h"
static int wpa_supplicant_select_config(struct wpa_supplicant *wpa_s)
@ -708,11 +709,58 @@ req_scan:
#endif /* CONFIG_NO_SCAN_PROCESSING */
#ifdef CONFIG_IEEE80211R
static void wpa_assoc_set_ft_params(struct wpa_supplicant *wpa_s,
const u8 *ftie, const u8 *mdie)
{
const u8 *mobility_domain = NULL;
const u8 *r0kh_id = NULL;
size_t r0kh_id_len = 0;
const u8 *r1kh_id = NULL;
struct rsn_ftie *hdr;
const u8 *pos, *end;
if (mdie == NULL || ftie == NULL)
return;
if (mdie[1] >= MOBILITY_DOMAIN_ID_LEN) {
mobility_domain = mdie + 2;
#ifdef CONFIG_SME
wpa_s->sme.ft_used = 1;
os_memcpy(wpa_s->sme.mobility_domain, mobility_domain, 2);
#endif /* CONFIG_SME */
}
if (ftie[1] >= sizeof(struct rsn_ftie)) {
end = ftie + 2 + ftie[1];
hdr = (struct rsn_ftie *) (ftie + 2);
pos = (const u8 *) (hdr + 1);
while (pos + 1 < end) {
if (pos + 2 + pos[1] > end)
break;
if (pos[0] == FTIE_SUBELEM_R1KH_ID &&
pos[1] == FT_R1KH_ID_LEN)
r1kh_id = pos + 2;
else if (pos[0] == FTIE_SUBELEM_R0KH_ID &&
pos[1] >= 1 && pos[1] <= FT_R0KH_ID_MAX_LEN) {
r0kh_id = pos + 2;
r0kh_id_len = pos[1];
}
pos += 2 + pos[1];
}
}
wpa_sm_set_ft_params(wpa_s->wpa, mobility_domain, r0kh_id,
r0kh_id_len, r1kh_id);
}
#endif /* CONFIG_IEEE80211R */
static void wpa_supplicant_event_associnfo(struct wpa_supplicant *wpa_s,
union wpa_event_data *data)
{
int l, len, found = 0, wpa_found, rsn_found;
u8 *p;
const u8 *p;
#ifdef CONFIG_IEEE80211R
const u8 *mdie = NULL, *ftie = NULL;
#endif /* CONFIG_IEEE80211R */
wpa_printf(MSG_DEBUG, "Association info event");
if (data->assoc_info.req_ies)
@ -752,6 +800,29 @@ static void wpa_supplicant_event_associnfo(struct wpa_supplicant *wpa_s,
if (!found && data->assoc_info.req_ies)
wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
#ifdef CONFIG_IEEE80211R
p = data->assoc_info.resp_ies;
l = data->assoc_info.resp_ies_len;
/* Go through the IEs and make a copy of the WPA/RSN IE, if present. */
while (p && l >= 2) {
len = p[1] + 2;
if (len > l) {
wpa_hexdump(MSG_DEBUG, "Truncated IE in assoc_info",
p, l);
break;
}
if (p[0] == WLAN_EID_FAST_BSS_TRANSITION)
ftie = p;
else if (p[0] == WLAN_EID_MOBILITY_DOMAIN)
mdie = p;
l -= len;
p += len;
}
wpa_assoc_set_ft_params(wpa_s, ftie, mdie);
#endif /* CONFIG_IEEE80211R */
/* WPA/RSN IE from Beacon/ProbeResp */
p = data->assoc_info.beacon_ies;
l = data->assoc_info.beacon_ies_len;
@ -802,9 +873,9 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
wpa_supplicant_event_associnfo(wpa_s, data);
wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATED);
if (wpa_s->use_client_mlme)
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
os_memcpy(bssid, wpa_s->bssid, ETH_ALEN);
if (wpa_s->use_client_mlme ||
if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME) ||
(wpa_drv_get_bssid(wpa_s, bssid) >= 0 &&
os_memcmp(bssid, wpa_s->bssid, ETH_ALEN) != 0)) {
wpa_msg(wpa_s, MSG_DEBUG, "Associated to a new BSS: BSSID="
@ -859,7 +930,7 @@ static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
}
wpa_supplicant_cancel_scan(wpa_s);
if (wpa_s->driver_4way_handshake &&
if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) &&
wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) {
/*
* We are done; the driver will take care of RSN 4-way
@ -1113,9 +1184,13 @@ void wpa_supplicant_event(void *ctx, wpa_event_type event,
struct wpa_supplicant *wpa_s = ctx;
switch (event) {
case EVENT_AUTH:
sme_event_auth(wpa_s, data);
break;
case EVENT_ASSOC:
wpa_supplicant_event_assoc(wpa_s, data);
break;
case EVENT_DEAUTH:
case EVENT_DISASSOC:
wpa_supplicant_event_disassoc(wpa_s);
break;

11
wpa_supplicant/scan.c
View file

@ -129,7 +129,8 @@ static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx)
return;
}
if (wpa_s->conf->ap_scan != 0 && wpa_s->drv_wired) {
if (wpa_s->conf->ap_scan != 0 &&
(wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)) {
wpa_printf(MSG_DEBUG, "Using wired authentication - "
"overriding ap_scan configuration");
wpa_s->conf->ap_scan = 0;
@ -140,7 +141,8 @@ static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx)
return;
}
if (wpa_s->use_client_mlme || wpa_s->conf->ap_scan == 2)
if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME) ||
wpa_s->conf->ap_scan == 2)
max_ssids = 1;
else {
max_ssids = wpa_s->max_scan_ssids;
@ -153,7 +155,8 @@ static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx)
#endif /* CONFIG_WPS */
if (wpa_s->scan_res_tried == 0 && wpa_s->conf->ap_scan == 1 &&
!wpa_s->use_client_mlme && wps != 2) {
!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME) &&
wps != 2) {
wpa_s->scan_res_tried++;
wpa_printf(MSG_DEBUG, "Trying to get current scan results "
"first without requesting a new scan to speed up "
@ -242,7 +245,7 @@ static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx)
}
#endif /* CONFIG_WPS */
if (wpa_s->use_client_mlme) {
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME) {
ieee80211_sta_set_probe_req_ie(wpa_s, params.extra_ies,
params.extra_ies_len);
ret = ieee80211_sta_req_scan(wpa_s, params.ssids[0].ssid,

337
wpa_supplicant/sme.c Normal file
View file

@ -0,0 +1,337 @@
/*
* wpa_supplicant - SME
* Copyright (c) 2009, Jouni Malinen <j@w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* Alternatively, this software may be distributed under the terms of BSD
* license.
*
* See README and COPYING for more details.
*/
#include "includes.h"
#include "common.h"
#include "drivers/driver.h"
#include "ieee802_11_defs.h"
#include "eapol_supp/eapol_supp_sm.h"
#include "wpa_common.h"
#include "wpa.h"
#include "pmksa_cache.h"
#include "config.h"
#include "wpa_supplicant_i.h"
#include "wpas_glue.h"
#include "wps_supplicant.h"
#include "sme.h"
void sme_authenticate(struct wpa_supplicant *wpa_s,
struct wpa_scan_res *bss, struct wpa_ssid *ssid)
{
struct wpa_driver_auth_params params;
const u8 *ie;
#ifdef CONFIG_IEEE80211R
const u8 *md = NULL;
#endif /* CONFIG_IEEE80211R */
if (bss == NULL) {
wpa_printf(MSG_ERROR, "SME: No scan result available for the "
"network");
return;
}
os_memset(&params, 0, sizeof(params));
wpa_s->reassociate = 0;
params.freq = bss->freq;
params.bssid = bss->bssid;
ie = wpa_scan_get_ie(bss, WLAN_EID_SSID);
if (ie == NULL) {
wpa_printf(MSG_ERROR, "SME: SSID not available for the BSS");
return;
}
params.ssid = ie + 2;
params.ssid_len = ie[1];
wpa_s->sme.freq = params.freq;
os_memcpy(wpa_s->sme.ssid, params.ssid, params.ssid_len);
wpa_s->sme.ssid_len = params.ssid_len;
params.auth_alg = AUTH_ALG_OPEN_SYSTEM;
#ifdef IEEE8021X_EAPOL
if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
if (ssid->leap) {
if (ssid->non_leap == 0)
params.auth_alg = AUTH_ALG_LEAP;
else
params.auth_alg |= AUTH_ALG_LEAP;
}
}
#endif /* IEEE8021X_EAPOL */
wpa_printf(MSG_DEBUG, "Automatic auth_alg selection: 0x%x",
params.auth_alg);
if (ssid->auth_alg) {
params.auth_alg = 0;
if (ssid->auth_alg & WPA_AUTH_ALG_OPEN)
params.auth_alg |= AUTH_ALG_OPEN_SYSTEM;
if (ssid->auth_alg & WPA_AUTH_ALG_SHARED)
params.auth_alg |= AUTH_ALG_SHARED_KEY;
if (ssid->auth_alg & WPA_AUTH_ALG_LEAP)
params.auth_alg |= AUTH_ALG_LEAP;
wpa_printf(MSG_DEBUG, "Overriding auth_alg selection: 0x%x",
params.auth_alg);
}
os_memset(wpa_s->bssid, 0, ETH_ALEN);
os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
if (bss && (wpa_scan_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
wpa_scan_get_ie(bss, WLAN_EID_RSN)) &&
(ssid->key_mgmt & (WPA_KEY_MGMT_IEEE8021X | WPA_KEY_MGMT_PSK |
WPA_KEY_MGMT_FT_IEEE8021X |
WPA_KEY_MGMT_FT_PSK |
WPA_KEY_MGMT_IEEE8021X_SHA256 |
WPA_KEY_MGMT_PSK_SHA256))) {
int try_opportunistic;
try_opportunistic = ssid->proactive_key_caching &&
(ssid->proto & WPA_PROTO_RSN);
if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
wpa_s->current_ssid,
try_opportunistic) == 0)
eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1);
wpa_s->sme.assoc_req_ie_len = sizeof(wpa_s->sme.assoc_req_ie);
if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
wpa_s->sme.assoc_req_ie,
&wpa_s->sme.assoc_req_ie_len)) {
wpa_printf(MSG_WARNING, "SME: Failed to set WPA key "
"management and encryption suites");
return;
}
} else if (ssid->key_mgmt &
(WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_IEEE8021X |
WPA_KEY_MGMT_WPA_NONE | WPA_KEY_MGMT_FT_PSK |
WPA_KEY_MGMT_FT_IEEE8021X | WPA_KEY_MGMT_PSK_SHA256 |
WPA_KEY_MGMT_IEEE8021X_SHA256)) {
wpa_s->sme.assoc_req_ie_len = sizeof(wpa_s->sme.assoc_req_ie);
if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
wpa_s->sme.assoc_req_ie,
&wpa_s->sme.assoc_req_ie_len)) {
wpa_printf(MSG_WARNING, "SME: Failed to set WPA key "
"management and encryption suites (no scan "
"results)");
return;
}
#ifdef CONFIG_WPS
} else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
struct wpabuf *wps_ie;
wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
if (wps_ie && wpabuf_len(wps_ie) <=
sizeof(wpa_s->sme.assoc_req_ie)) {
wpa_s->sme.assoc_req_ie_len = wpabuf_len(wps_ie);
os_memcpy(wpa_s->sme.assoc_req_ie, wpabuf_head(wps_ie),
wpa_s->sme.assoc_req_ie_len);
} else
wpa_s->sme.assoc_req_ie_len = 0;
wpabuf_free(wps_ie);
wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
#endif /* CONFIG_WPS */
} else {
wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
wpa_s->sme.assoc_req_ie_len = 0;
}
#ifdef CONFIG_IEEE80211R
ie = wpa_scan_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
md = ie + 2;
wpa_sm_set_ft_params(wpa_s->wpa, md, NULL, 0, NULL);
if (md) {
/* Prepare for the next transition */
wpa_ft_prepare_auth_request(wpa_s->wpa);
}
if (md && ssid->key_mgmt & (WPA_KEY_MGMT_FT_PSK |
WPA_KEY_MGMT_FT_IEEE8021X)) {
if (wpa_s->sme.assoc_req_ie_len + 5 <
sizeof(wpa_s->sme.assoc_req_ie)) {
struct rsn_mdie *mdie;
u8 *pos = wpa_s->sme.assoc_req_ie +
wpa_s->sme.assoc_req_ie_len;
*pos++ = WLAN_EID_MOBILITY_DOMAIN;
*pos++ = sizeof(*mdie);
mdie = (struct rsn_mdie *) pos;
os_memcpy(mdie->mobility_domain, md,
MOBILITY_DOMAIN_ID_LEN);
mdie->ft_capab = 0;
wpa_s->sme.assoc_req_ie_len += 5;
}
if (wpa_s->sme.ft_used &&
os_memcmp(md, wpa_s->sme.mobility_domain, 2) == 0) {
wpa_printf(MSG_DEBUG, "SME: Trying to use FT "
"over-the-air");
params.auth_alg = AUTH_ALG_FT;
params.ie = wpa_s->sme.ft_ies;
params.ie_len = wpa_s->sme.ft_ies_len;
}
}
#endif /* CONFIG_IEEE80211R */
#ifdef CONFIG_IEEE80211W
switch (ssid->ieee80211w) {
case NO_IEEE80211W:
wpa_s->sme.mfp = NO_MGMT_FRAME_PROTECTION;
break;
case IEEE80211W_OPTIONAL:
wpa_s->sme.mfp = MGMT_FRAME_PROTECTION_OPTIONAL;
break;
case IEEE80211W_REQUIRED:
wpa_s->sme.mfp = MGMT_FRAME_PROTECTION_REQUIRED;
break;
}
if (ssid->ieee80211w != NO_IEEE80211W && bss) {
const u8 *rsn = wpa_scan_get_ie(bss, WLAN_EID_RSN);
struct wpa_ie_data _ie;
if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &_ie) == 0 &&
_ie.capabilities &
(WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
wpa_printf(MSG_DEBUG, "WPA: Selected AP supports MFP: "
"require MFP");
wpa_s->sme.mfp = MGMT_FRAME_PROTECTION_REQUIRED;
}
}
#endif /* CONFIG_IEEE80211W */
wpa_supplicant_cancel_scan(wpa_s);
wpa_msg(wpa_s, MSG_INFO, "Trying to authenticate with " MACSTR
" (SSID='%s' freq=%d MHz)", MAC2STR(params.bssid),
wpa_ssid_txt(params.ssid, params.ssid_len), params.freq);
wpa_clear_keys(wpa_s, bss->bssid);
wpa_supplicant_set_state(wpa_s, WPA_AUTHENTICATING);
wpa_s->current_ssid = ssid;
wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
wpa_supplicant_initiate_eapol(wpa_s);
if (wpa_drv_authenticate(wpa_s, &params) < 0) {
wpa_msg(wpa_s, MSG_INFO, "Authentication request to the "
"driver failed");
return;
}
/* TODO: add timeout on authentication */
/*
* Association will be started based on the authentication event from
* the driver.
*/
}
void sme_event_auth(struct wpa_supplicant *wpa_s, union wpa_event_data *data)
{
struct wpa_driver_associate_params params;
struct wpa_ssid *ssid = wpa_s->current_ssid;
if (ssid == NULL) {
wpa_printf(MSG_DEBUG, "SME: Ignore authentication event when "
"network is not selected");
return;
}
if (wpa_s->wpa_state != WPA_AUTHENTICATING) {
wpa_printf(MSG_DEBUG, "SME: Ignore authentication event when "
"not in authenticating state");
return;
}
if (os_memcmp(wpa_s->pending_bssid, data->auth.peer, ETH_ALEN) != 0) {
wpa_printf(MSG_DEBUG, "SME: Ignore authentication with "
"unexpected peer " MACSTR,
MAC2STR(data->auth.peer));
return;
}
wpa_printf(MSG_DEBUG, "SME: Authentication response: peer=" MACSTR
" auth_type=%d status_code=%d",
MAC2STR(data->auth.peer), data->auth.auth_type,
data->auth.status_code);
wpa_hexdump(MSG_MSGDUMP, "SME: Authentication response IEs",
data->auth.ies, data->auth.ies_len);
if (data->auth.status_code != WLAN_STATUS_SUCCESS) {
wpa_printf(MSG_DEBUG, "SME: Authentication failed (status "
"code %d)", data->auth.status_code);
return;
}
#ifdef CONFIG_IEEE80211R
if (data->auth.auth_type == WLAN_AUTH_FT) {
union wpa_event_data edata;
os_memset(&edata, 0, sizeof(edata));
edata.ft_ies.ies = data->auth.ies;
edata.ft_ies.ies_len = data->auth.ies_len;
os_memcpy(edata.ft_ies.target_ap, data->auth.peer, ETH_ALEN);
wpa_supplicant_event(wpa_s, EVENT_FT_RESPONSE, &edata);
}
#endif /* CONFIG_IEEE80211R */
os_memset(&params, 0, sizeof(params));
params.bssid = data->auth.peer;
params.ssid = wpa_s->sme.ssid;
params.ssid_len = wpa_s->sme.ssid_len;
params.freq = wpa_s->sme.freq;
params.wpa_ie = wpa_s->sme.assoc_req_ie_len ?
wpa_s->sme.assoc_req_ie : NULL;
params.wpa_ie_len = wpa_s->sme.assoc_req_ie_len;
#ifdef CONFIG_IEEE80211R
if (data->auth.auth_type == WLAN_AUTH_FT && wpa_s->sme.ft_ies) {
params.wpa_ie = wpa_s->sme.ft_ies;
params.wpa_ie_len = wpa_s->sme.ft_ies_len;
}
#endif /* CONFIG_IEEE80211R */
params.mode = ssid->mode;
params.mgmt_frame_protection = wpa_s->sme.mfp;
wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
" (SSID='%s' freq=%d MHz)", MAC2STR(params.bssid),
params.ssid ? wpa_ssid_txt(params.ssid, params.ssid_len) : "",
params.freq);
wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
if (wpa_drv_associate(wpa_s, &params) < 0) {
wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
"failed");
return;
}
/* TODO: add timeout on association */
}
int sme_update_ft_ies(struct wpa_supplicant *wpa_s, const u8 *md,
const u8 *ies, size_t ies_len)
{
if (md == NULL || ies == NULL) {
wpa_printf(MSG_DEBUG, "SME: Remove mobility domain");
os_free(wpa_s->sme.ft_ies);
wpa_s->sme.ft_ies = NULL;
wpa_s->sme.ft_ies_len = 0;
wpa_s->sme.ft_used = 0;
return 0;
}
os_memcpy(wpa_s->sme.mobility_domain, md, MOBILITY_DOMAIN_ID_LEN);
wpa_hexdump(MSG_DEBUG, "SME: FT IEs", ies, ies_len);
os_free(wpa_s->sme.ft_ies);
wpa_s->sme.ft_ies = os_malloc(ies_len);
if (wpa_s->sme.ft_ies == NULL)
return -1;
os_memcpy(wpa_s->sme.ft_ies, ies, ies_len);
wpa_s->sme.ft_ies_len = ies_len;
return 0;
}

46
wpa_supplicant/sme.h Normal file
View file

@ -0,0 +1,46 @@
/*
* wpa_supplicant - SME
* Copyright (c) 2009, Jouni Malinen <j@w1.fi>
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 as
* published by the Free Software Foundation.
*
* Alternatively, this software may be distributed under the terms of BSD
* license.
*
* See README and COPYING for more details.
*/
#ifndef SME_H
#define SME_H
#ifdef CONFIG_SME
void sme_authenticate(struct wpa_supplicant *wpa_s,
struct wpa_scan_res *bss, struct wpa_ssid *ssid);
void sme_event_auth(struct wpa_supplicant *wpa_s, union wpa_event_data *data);
int sme_update_ft_ies(struct wpa_supplicant *wpa_s, const u8 *md,
const u8 *ies, size_t ies_len);
#else /* CONFIG_SME */
static inline void sme_authenticate(struct wpa_supplicant *wpa_s,
struct wpa_scan_res *bss,
struct wpa_ssid *ssid)
{
}
static inline void sme_event_auth(struct wpa_supplicant *wpa_s,
union wpa_event_data *data)
{
}
static inline int sme_update_ft_ies(struct wpa_supplicant *wpa_s, const u8 *md,
const u8 *ies, size_t ies_len)
{
return -1;
}
#endif /* CONFIG_SME */
#endif /* SME_H */

46
wpa_supplicant/wpa_supplicant.c
View file

@ -40,6 +40,7 @@
#include "wpas_glue.h"
#include "wps_supplicant.h"
#include "ibss_rsn.h"
#include "sme.h"
const char *wpa_supplicant_version =
"wpa_supplicant v" VERSION_STR "\n"
@ -211,7 +212,8 @@ static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
int sec, int usec)
{
if (wpa_s->conf && wpa_s->conf->ap_scan == 0 && wpa_s->drv_wired)
if (wpa_s->conf && wpa_s->conf->ap_scan == 0 &&
(wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
return;
wpa_msg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
@ -286,7 +288,7 @@ void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
EAPOL_REQUIRE_KEY_BROADCAST;
}
if (wpa_s->conf && wpa_s->drv_wired)
if (wpa_s->conf && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
eapol_conf.required_keys = 0;
}
if (wpa_s->conf)
@ -404,6 +406,12 @@ static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
ibss_rsn_deinit(wpa_s->ibss_rsn);
wpa_s->ibss_rsn = NULL;
#endif /* CONFIG_IBSS_RSN */
#ifdef CONFIG_SME
os_free(wpa_s->sme.ft_ies);
wpa_s->sme.ft_ies = NULL;
wpa_s->sme.ft_ies_len = 0;
#endif /* CONFIG_SME */
}
@ -464,6 +472,8 @@ const char * wpa_supplicant_state_txt(int state)
return "INACTIVE";
case WPA_SCANNING:
return "SCANNING";
case WPA_AUTHENTICATING:
return "AUTHENTICATING";
case WPA_ASSOCIATING:
return "ASSOCIATING";
case WPA_ASSOCIATED:
@ -930,6 +940,11 @@ void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
struct wpa_driver_capa capa;
int assoc_failed = 0;
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) {
sme_authenticate(wpa_s, bss, ssid);
return;
}
wpa_s->reassociate = 0;
if (bss) {
#ifdef CONFIG_IEEE80211R
@ -1119,7 +1134,7 @@ void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
}
params.wep_tx_keyidx = ssid->wep_tx_keyidx;
if (wpa_s->driver_4way_handshake &&
if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) &&
(params.key_mgmt_suite == KEY_MGMT_PSK ||
params.key_mgmt_suite == KEY_MGMT_FT_PSK)) {
params.passphrase = ssid->passphrase;
@ -1153,7 +1168,7 @@ void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
}
#endif /* CONFIG_IEEE80211W */
if (wpa_s->use_client_mlme)
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
ret = ieee80211_sta_associate(wpa_s, &params);
else
ret = wpa_drv_associate(wpa_s, &params);
@ -1231,7 +1246,7 @@ void wpa_supplicant_disassociate(struct wpa_supplicant *wpa_s,
{
u8 *addr = NULL;
if (!is_zero_ether_addr(wpa_s->bssid)) {
if (wpa_s->use_client_mlme)
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
ieee80211_sta_disassociate(wpa_s, reason_code);
else
wpa_drv_disassociate(wpa_s, wpa_s->bssid, reason_code);
@ -1259,7 +1274,7 @@ void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
u8 *addr = NULL;
wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
if (!is_zero_ether_addr(wpa_s->bssid)) {
if (wpa_s->use_client_mlme)
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
ieee80211_sta_deauthenticate(wpa_s, reason_code);
else
wpa_drv_deauthenticate(wpa_s, wpa_s->bssid,
@ -1395,7 +1410,7 @@ int wpa_supplicant_get_scan_results(struct wpa_supplicant *wpa_s)
{
int ret;
if (wpa_s->use_client_mlme) {
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME) {
wpa_scan_results_free(wpa_s->scan_res);
wpa_s->scan_res = ieee80211_sta_get_scan_results(wpa_s);
if (wpa_s->scan_res == NULL) {
@ -1436,7 +1451,7 @@ struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
u8 bssid[ETH_ALEN];
int wired;
if (wpa_s->use_client_mlme) {
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME) {
if (ieee80211_sta_get_ssid(wpa_s, ssid, &ssid_len)) {
wpa_printf(MSG_WARNING, "Could not read SSID from "
"MLME.");
@ -1452,14 +1467,15 @@ struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
ssid_len = res;
}
if (wpa_s->use_client_mlme)
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
os_memcpy(bssid, wpa_s->bssid, ETH_ALEN);
else if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
wpa_printf(MSG_WARNING, "Could not read BSSID from driver.");
return NULL;
}
wired = wpa_s->conf->ap_scan == 0 && wpa_s->drv_wired;
wired = wpa_s->conf->ap_scan == 0 &&
(wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED);
entry = wpa_s->conf->ssid;
while (entry) {
@ -1540,7 +1556,7 @@ void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
}
if (wpa_s->eapol_received == 0 &&
(!wpa_s->driver_4way_handshake ||
(!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE) ||
!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
wpa_s->wpa_state != WPA_COMPLETED)) {
/* Timeout for completing IEEE 802.1X and WPA authentication */
@ -1578,7 +1594,7 @@ void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
return;
wpa_drv_poll(wpa_s);
if (!wpa_s->driver_4way_handshake)
if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
/*
@ -1897,16 +1913,12 @@ next_driver:
}
if (wpa_drv_get_capa(wpa_s, &capa) == 0) {
wpa_s->drv_flags = capa.flags;
if (capa.flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME) {
wpa_s->use_client_mlme = 1;
if (ieee80211_sta_init(wpa_s))
return -1;
}
if (capa.flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE)
wpa_s->driver_4way_handshake = 1;
wpa_s->max_scan_ssids = capa.max_scan_ssids;
if (capa.flags & WPA_DRIVER_FLAGS_WIRED)
wpa_s->drv_wired = 1;
}
#ifdef CONFIG_IBSS_RSN

27
wpa_supplicant/wpa_supplicant_i.h
View file

@ -311,7 +311,6 @@ struct wpa_supplicant {
int mgmt_group_cipher;
void *drv_priv; /* private data used by driver_ops */
int drv_wired;
struct wpa_ssid *prev_scan_ssid; /* previously scanned SSID;
* NULL = not yet initialized (start
@ -355,8 +354,7 @@ struct wpa_supplicant {
int scan_runs; /* number of scan runs since WPS was started */
struct wpa_client_mlme mlme;
int use_client_mlme;
int driver_4way_handshake;
unsigned int drv_flags;
int max_scan_ssids;
int pending_mic_error_report;
@ -368,6 +366,21 @@ struct wpa_supplicant {
int blacklist_cleared;
struct ibss_rsn *ibss_rsn;
#ifdef CONFIG_SME
struct {
u8 ssid[32];
size_t ssid_len;
int freq;
u8 assoc_req_ie[80];
size_t assoc_req_ie_len;
int mfp;
int ft_used;
u8 mobility_domain[2];
u8 *ft_ies;
size_t ft_ies_len;
} sme;
#endif /* CONFIG_SME */
};
@ -492,6 +505,14 @@ static inline int wpa_drv_set_mode(struct wpa_supplicant *wpa_s, int mode)
return 0;
}
static inline int wpa_drv_authenticate(struct wpa_supplicant *wpa_s,
struct wpa_driver_auth_params *params)
{
if (wpa_s->driver->authenticate)
return wpa_s->driver->authenticate(wpa_s->drv_priv, params);
return -1;
}
static inline int wpa_drv_associate(struct wpa_supplicant *wpa_s,
struct wpa_driver_associate_params *params)
{

11
wpa_supplicant/wpas_glue.c
View file

@ -24,6 +24,7 @@
#include "wpa_supplicant_i.h"
#include "pmksa_cache.h"
#include "mlme.h"
#include "sme.h"
#include "ieee802_11_defs.h"
#include "wpa_ctrl.h"
#include "wpas_glue.h"
@ -241,7 +242,7 @@ static void wpa_supplicant_eapol_cb(struct eapol_sm *eapol, int success,
wpa_supplicant_req_auth_timeout(wpa_s, 2, 0);
}
if (!success || !wpa_s->driver_4way_handshake)
if (!success || !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
return;
if (!wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt))
@ -423,7 +424,7 @@ static void * wpa_supplicant_get_network_ctx(void *wpa_s)
static int wpa_supplicant_get_bssid(void *ctx, u8 *bssid)
{
struct wpa_supplicant *wpa_s = ctx;
if (wpa_s->use_client_mlme) {
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME) {
os_memcpy(bssid, wpa_s->bssid, ETH_ALEN);
return 0;
}
@ -474,8 +475,10 @@ static int wpa_supplicant_update_ft_ies(void *ctx, const u8 *md,
const u8 *ies, size_t ies_len)
{
struct wpa_supplicant *wpa_s = ctx;
if (wpa_s->use_client_mlme)
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
return ieee80211_sta_update_ft_ies(wpa_s, md, ies, ies_len);
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)
return sme_update_ft_ies(wpa_s, md, ies, ies_len);
return wpa_drv_update_ft_ies(wpa_s, md, ies, ies_len);
}
@ -485,7 +488,7 @@ static int wpa_supplicant_send_ft_action(void *ctx, u8 action,
const u8 *ies, size_t ies_len)
{
struct wpa_supplicant *wpa_s = ctx;
if (wpa_s->use_client_mlme)
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
return ieee80211_sta_send_ft_action(wpa_s, action, target_ap,
ies, ies_len);
return wpa_drv_send_ft_action(wpa_s, action, target_ap, ies, ies_len);