int rsn_preauth_init(struct wpa_supplicant *wpa_s, u8 *dst)
{
struct eapol_config eapol_conf;
struct eapol_ctx *ctx;
if (wpa_s->preauth_eapol)
return -1;
wpa_msg(wpa_s, MSG_DEBUG, "RSN: starting pre-authentication with "
MACSTR, MAC2STR(dst));
wpa_s->l2_preauth = l2_packet_init(wpa_s->ifname,
wpa_drv_get_mac_addr(wpa_s),
ETH_P_RSN_PREAUTH,
rsn_preauth_receive, wpa_s);
if (wpa_s->l2_preauth == NULL) {
wpa_printf(MSG_WARNING, "RSN: Failed to initialize L2 packet "
"processing for pre-authentication");
return -2;
}
ctx = malloc(sizeof(*ctx));
if (ctx == NULL) {
wpa_printf(MSG_WARNING, "Failed to allocate EAPOL context.");
return -4;
}
memset(ctx, 0, sizeof(*ctx));
ctx->ctx = wpa_s;
ctx->preauth = 1;
ctx->cb = rsn_preauth_eapol_cb;
ctx->cb_ctx = wpa_s;
ctx->scard_ctx = wpa_s->scard;
ctx->eapol_done_cb = wpa_supplicant_notify_eapol_done;
ctx->eapol_send = wpa_eapol_send_preauth;
wpa_s->preauth_eapol = eapol_sm_init(ctx);
if (wpa_s->preauth_eapol == NULL) {
free(ctx);
wpa_printf(MSG_WARNING, "RSN: Failed to initialize EAPOL "
"state machines for pre-authentication");
return -3;
}
memset(&eapol_conf, 0, sizeof(eapol_conf));
eapol_conf.accept_802_1x_keys = 0;
eapol_conf.required_keys = 0;
eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
if (wpa_s->current_ssid)
eapol_conf.workaround = wpa_s->current_ssid->eap_workaround;
eapol_sm_notify_config(wpa_s->preauth_eapol, wpa_s->current_ssid,
&eapol_conf);
memcpy(wpa_s->preauth_bssid, dst, ETH_ALEN);
eapol_sm_notify_portValid(wpa_s->preauth_eapol, TRUE);
/* 802.1X::portControl = Auto */
eapol_sm_notify_portEnabled(wpa_s->preauth_eapol, TRUE);
eloop_register_timeout(60, 0, rsn_preauth_timeout, wpa_s, NULL);
return 0;
}
static void wpas_clear_wps(struct wpa_supplicant *wpa_s)
{
int id;
struct wpa_ssid *ssid, *remove_ssid = NULL, *prev_current;
prev_current = wpa_s->current_ssid;
eloop_cancel_timeout(wpas_wps_timeout, wpa_s, NULL);
/* Remove any existing WPS network from configuration */
ssid = wpa_s->conf->ssid;
while (ssid) {
if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
if (ssid == wpa_s->current_ssid) {
wpa_s->current_ssid = NULL;
if (ssid != NULL)
wpas_notify_network_changed(wpa_s);
}
id = ssid->id;
remove_ssid = ssid;
} else
id = -1;
ssid = ssid->next;
if (id >= 0) {
if (prev_current == remove_ssid) {
wpa_sm_set_config(wpa_s->wpa, NULL);
eapol_sm_notify_config(wpa_s->eapol, NULL,
NULL);
}
wpas_notify_network_removed(wpa_s, remove_ssid);
wpa_config_remove_network(wpa_s->conf, id);
}
}
}
static int test_eapol(struct eapol_test_data *e, struct wpa_supplicant *wpa_s,
struct wpa_ssid *ssid)
{
struct eapol_config eapol_conf;
struct eapol_ctx *ctx;
ctx = os_zalloc(sizeof(*ctx));
if (ctx == NULL) {
printf("Failed to allocate EAPOL context.\n");
return -1;
}
ctx->ctx = e;
ctx->msg_ctx = wpa_s;
ctx->scard_ctx = wpa_s->scard;
ctx->cb = eapol_sm_cb;
ctx->cb_ctx = e;
ctx->eapol_send_ctx = wpa_s;
ctx->preauth = 0;
ctx->eapol_done_cb = eapol_test_eapol_done_cb;
ctx->eapol_send = eapol_test_eapol_send;
ctx->set_config_blob = eapol_test_set_config_blob;
ctx->get_config_blob = eapol_test_get_config_blob;
ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path;
ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path;
ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path;
ctx->openssl_ciphers = wpa_s->conf->openssl_ciphers;
ctx->eap_param_needed = eapol_test_eap_param_needed;
ctx->cert_cb = eapol_test_cert_cb;
ctx->cert_in_cb = 1;
ctx->set_anon_id = eapol_test_set_anon_id;
wpa_s->eapol = eapol_sm_init(ctx);
if (wpa_s->eapol == NULL) {
os_free(ctx);
printf("Failed to initialize EAPOL state machines.\n");
return -1;
}
wpa_s->current_ssid = ssid;
os_memset(&eapol_conf, 0, sizeof(eapol_conf));
eapol_conf.accept_802_1x_keys = 1;
eapol_conf.required_keys = 0;
eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
eapol_conf.workaround = ssid->eap_workaround;
eapol_conf.external_sim = wpa_s->conf->external_sim;
eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard);
eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
/* 802.1X::portControl = Auto */
eapol_sm_notify_portEnabled(wpa_s->eapol, TRUE);
return 0;
}
static int test_eapol(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
{
struct eapol_config eapol_conf;
struct eapol_ctx *ctx;
ctx = malloc(sizeof(*ctx));
if (ctx == NULL) {
printf("Failed to allocate EAPOL context.\n");
return -1;
}
memset(ctx, 0, sizeof(*ctx));
ctx->ctx = wpa_s;
ctx->msg_ctx = wpa_s;
ctx->scard_ctx = wpa_s->scard;
ctx->cb = eapol_sm_cb;
ctx->cb_ctx = wpa_s;
ctx->preauth = 0;
ctx->eapol_done_cb = eapol_test_eapol_done_cb;
ctx->eapol_send = eapol_test_eapol_send;
wpa_s->eapol = eapol_sm_init(ctx);
if (wpa_s->eapol == NULL) {
free(ctx);
printf("Failed to initialize EAPOL state machines.\n");
return -1;
}
wpa_s->current_ssid = ssid;
memset(&eapol_conf, 0, sizeof(eapol_conf));
eapol_conf.accept_802_1x_keys = 1;
eapol_conf.required_keys = 0;
eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
eapol_conf.workaround = ssid->eap_workaround;
eapol_sm_notify_config(wpa_s->eapol, ssid, &eapol_conf);
eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard);
eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
/* 802.1X::portControl = Auto */
eapol_sm_notify_portEnabled(wpa_s->eapol, TRUE);
return 0;
}
void wpa_supplicant_ap_deinit(struct wpa_supplicant *wpa_s)
{
#ifdef CONFIG_WPS
eloop_cancel_timeout(wpas_wps_ap_pin_timeout, wpa_s, NULL);
#endif /* CONFIG_WPS */
if (wpa_s->ap_iface == NULL)
return;
wpa_s->current_ssid = NULL;
eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
wpa_s->assoc_freq = 0;
#ifdef CONFIG_P2P
if (wpa_s->ap_iface->bss)
wpa_s->ap_iface->bss[0]->p2p_group = NULL;
wpas_p2p_group_deinit(wpa_s);
#endif /* CONFIG_P2P */
hostapd_interface_deinit(wpa_s->ap_iface);
hostapd_interface_free(wpa_s->ap_iface);
wpa_s->ap_iface = NULL;
wpa_drv_deinit_ap(wpa_s);
}
void wpa_supplicant_ap_deinit(struct wpa_supplicant *wpa_s)
{
#ifdef CONFIG_WPS
eloop_cancel_timeout(wpas_wps_ap_pin_timeout, wpa_s, NULL);
#endif /* CONFIG_WPS */
if (wpa_s->ap_iface == NULL)
return;
wpa_s->current_ssid = NULL;
eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
wpa_s->assoc_freq = 0;
wpas_p2p_ap_deinit(wpa_s);
wpa_s->ap_iface->driver_ap_teardown =
!!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP_TEARDOWN_SUPPORT);
hostapd_interface_deinit(wpa_s->ap_iface);
hostapd_interface_free(wpa_s->ap_iface);
wpa_s->ap_iface = NULL;
wpa_drv_deinit_ap(wpa_s);
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DISCONNECTED "bssid=" MACSTR
" reason=%d locally_generated=1",
MAC2STR(wpa_s->own_addr), WLAN_REASON_DEAUTH_LEAVING);
}
int wpa_supplicant_create_ap(struct wpa_supplicant *wpa_s,
struct wpa_ssid *ssid)
{
struct wpa_driver_associate_params params;
struct hostapd_iface *hapd_iface;
struct hostapd_config *conf;
size_t i;
if (ssid->ssid == NULL || ssid->ssid_len == 0) {
wpa_printf(MSG_ERROR, "No SSID configured for AP mode");
return -1;
}
wpa_supplicant_ap_deinit(wpa_s);
wpa_printf(MSG_DEBUG, "Setting up AP (SSID='%s')",
wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
os_memset(¶ms, 0, sizeof(params));
params.ssid = ssid->ssid;
params.ssid_len = ssid->ssid_len;
switch (ssid->mode) {
case WPAS_MODE_AP:
case WPAS_MODE_P2P_GO:
case WPAS_MODE_P2P_GROUP_FORMATION:
params.mode = IEEE80211_MODE_AP;
break;
default:
return -1;
}
if (ssid->frequency == 0)
ssid->frequency = 2462; /* default channel 11 */
params.freq.freq = ssid->frequency;
params.wpa_proto = ssid->proto;
if (ssid->key_mgmt & WPA_KEY_MGMT_PSK)
wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
else
wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
params.key_mgmt_suite = wpa_s->key_mgmt;
wpa_s->pairwise_cipher = wpa_pick_pairwise_cipher(ssid->pairwise_cipher,
1);
if (wpa_s->pairwise_cipher < 0) {
wpa_printf(MSG_WARNING, "WPA: Failed to select pairwise "
"cipher.");
return -1;
}
params.pairwise_suite = wpa_s->pairwise_cipher;
params.group_suite = params.pairwise_suite;
#ifdef CONFIG_P2P
if (ssid->mode == WPAS_MODE_P2P_GO ||
ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION)
params.p2p = 1;
#endif /* CONFIG_P2P */
if (wpa_s->p2pdev->set_ap_uapsd)
params.uapsd = wpa_s->p2pdev->ap_uapsd;
else if (params.p2p && (wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP_UAPSD))
params.uapsd = 1; /* mandatory for P2P GO */
else
params.uapsd = -1;
if (ieee80211_is_dfs(params.freq.freq))
params.freq.freq = 0; /* set channel after CAC */
if (params.p2p)
wpa_drv_get_ext_capa(wpa_s, WPA_IF_P2P_GO);
else
wpa_drv_get_ext_capa(wpa_s, WPA_IF_AP_BSS);
if (wpa_drv_associate(wpa_s, ¶ms) < 0) {
wpa_msg(wpa_s, MSG_INFO, "Failed to start AP functionality");
return -1;
}
wpa_s->ap_iface = hapd_iface = hostapd_alloc_iface();
if (hapd_iface == NULL)
return -1;
hapd_iface->owner = wpa_s;
hapd_iface->drv_flags = wpa_s->drv_flags;
hapd_iface->smps_modes = wpa_s->drv_smps_modes;
hapd_iface->probe_resp_offloads = wpa_s->probe_resp_offloads;
hapd_iface->extended_capa = wpa_s->extended_capa;
hapd_iface->extended_capa_mask = wpa_s->extended_capa_mask;
hapd_iface->extended_capa_len = wpa_s->extended_capa_len;
wpa_s->ap_iface->conf = conf = hostapd_config_defaults();
if (conf == NULL) {
wpa_supplicant_ap_deinit(wpa_s);
return -1;
}
/* Use the maximum oper channel width if it's given. */
if (ssid->max_oper_chwidth)
conf->vht_oper_chwidth = ssid->max_oper_chwidth;
ieee80211_freq_to_chan(ssid->vht_center_freq2,
&conf->vht_oper_centr_freq_seg1_idx);
os_memcpy(wpa_s->ap_iface->conf->wmm_ac_params,
wpa_s->conf->wmm_ac_params,
sizeof(wpa_s->conf->wmm_ac_params));
if (params.uapsd > 0) {
conf->bss[0]->wmm_enabled = 1;
conf->bss[0]->wmm_uapsd = 1;
}
if (wpa_supplicant_conf_ap(wpa_s, ssid, conf)) {
wpa_printf(MSG_ERROR, "Failed to create AP configuration");
wpa_supplicant_ap_deinit(wpa_s);
return -1;
}
#ifdef CONFIG_P2P
if (ssid->mode == WPAS_MODE_P2P_GO)
conf->bss[0]->p2p = P2P_ENABLED | P2P_GROUP_OWNER;
else if (ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION)
conf->bss[0]->p2p = P2P_ENABLED | P2P_GROUP_OWNER |
P2P_GROUP_FORMATION;
#endif /* CONFIG_P2P */
hapd_iface->num_bss = conf->num_bss;
hapd_iface->bss = os_calloc(conf->num_bss,
sizeof(struct hostapd_data *));
if (hapd_iface->bss == NULL) {
wpa_supplicant_ap_deinit(wpa_s);
return -1;
}
for (i = 0; i < conf->num_bss; i++) {
hapd_iface->bss[i] =
hostapd_alloc_bss_data(hapd_iface, conf,
conf->bss[i]);
if (hapd_iface->bss[i] == NULL) {
wpa_supplicant_ap_deinit(wpa_s);
return -1;
}
hapd_iface->bss[i]->msg_ctx = wpa_s;
hapd_iface->bss[i]->msg_ctx_parent = wpa_s->p2pdev;
hapd_iface->bss[i]->public_action_cb = ap_public_action_rx;
hapd_iface->bss[i]->public_action_cb_ctx = wpa_s;
hapd_iface->bss[i]->vendor_action_cb = ap_vendor_action_rx;
hapd_iface->bss[i]->vendor_action_cb_ctx = wpa_s;
hostapd_register_probereq_cb(hapd_iface->bss[i],
ap_probe_req_rx, wpa_s);
hapd_iface->bss[i]->wps_reg_success_cb = ap_wps_reg_success_cb;
hapd_iface->bss[i]->wps_reg_success_cb_ctx = wpa_s;
hapd_iface->bss[i]->wps_event_cb = ap_wps_event_cb;
hapd_iface->bss[i]->wps_event_cb_ctx = wpa_s;
hapd_iface->bss[i]->sta_authorized_cb = ap_sta_authorized_cb;
hapd_iface->bss[i]->sta_authorized_cb_ctx = wpa_s;
#ifdef CONFIG_P2P
hapd_iface->bss[i]->new_psk_cb = ap_new_psk_cb;
hapd_iface->bss[i]->new_psk_cb_ctx = wpa_s;
hapd_iface->bss[i]->p2p = wpa_s->global->p2p;
hapd_iface->bss[i]->p2p_group = wpas_p2p_group_init(wpa_s,
ssid);
#endif /* CONFIG_P2P */
hapd_iface->bss[i]->setup_complete_cb = wpas_ap_configured_cb;
hapd_iface->bss[i]->setup_complete_cb_ctx = wpa_s;
#ifdef CONFIG_TESTING_OPTIONS
hapd_iface->bss[i]->ext_eapol_frame_io =
wpa_s->ext_eapol_frame_io;
#endif /* CONFIG_TESTING_OPTIONS */
}
os_memcpy(hapd_iface->bss[0]->own_addr, wpa_s->own_addr, ETH_ALEN);
hapd_iface->bss[0]->driver = wpa_s->driver;
hapd_iface->bss[0]->drv_priv = wpa_s->drv_priv;
wpa_s->current_ssid = ssid;
eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
os_memcpy(wpa_s->bssid, wpa_s->own_addr, ETH_ALEN);
wpa_s->assoc_freq = ssid->frequency;
if (hostapd_setup_interface(wpa_s->ap_iface)) {
wpa_printf(MSG_ERROR, "Failed to initialize AP interface");
wpa_supplicant_ap_deinit(wpa_s);
return -1;
}
return 0;
}
/**
* rsn_preauth_init - Start new RSN pre-authentication
* @sm: Pointer to WPA state machine data from wpa_sm_init()
* @dst: Authenticator address (BSSID) with which to preauthenticate
* @eap_conf: Current EAP configuration
* Returns: 0 on success, -1 on another pre-authentication is in progress,
* -2 on layer 2 packet initialization failure, -3 on EAPOL state machine
* initialization failure, -4 on memory allocation failure
*
* This function request an RSN pre-authentication with a given destination
* address. This is usually called for PMKSA candidates found from scan results
* or from driver reports. In addition, ctrl_iface PREAUTH command can trigger
* pre-authentication.
*/
int rsn_preauth_init(struct wpa_sm *sm, const u8 *dst,
struct eap_peer_config *eap_conf)
{
struct eapol_config eapol_conf;
struct eapol_ctx *ctx;
if (sm->preauth_eapol)
return -1;
wpa_msg(sm->ctx->ctx, MSG_DEBUG, "RSN: starting pre-authentication "
"with " MACSTR, MAC2STR(dst));
sm->l2_preauth = l2_packet_init(sm->ifname, sm->own_addr,
ETH_P_RSN_PREAUTH,
rsn_preauth_receive, sm, 0);
if (sm->l2_preauth == NULL) {
wpa_printf(MSG_WARNING, "RSN: Failed to initialize L2 packet "
"processing for pre-authentication");
return -2;
}
if (sm->bridge_ifname) {
sm->l2_preauth_br = l2_packet_init(sm->bridge_ifname,
sm->own_addr,
ETH_P_RSN_PREAUTH,
rsn_preauth_receive, sm, 0);
if (sm->l2_preauth_br == NULL) {
wpa_printf(MSG_WARNING, "RSN: Failed to initialize L2 "
"packet processing (bridge) for "
"pre-authentication");
return -2;
}
}
ctx = os_zalloc(sizeof(*ctx));
if (ctx == NULL) {
wpa_printf(MSG_WARNING, "Failed to allocate EAPOL context.");
return -4;
}
ctx->ctx = sm->ctx->ctx;
ctx->msg_ctx = sm->ctx->ctx;
ctx->preauth = 1;
ctx->cb = rsn_preauth_eapol_cb;
ctx->cb_ctx = sm;
ctx->scard_ctx = sm->scard_ctx;
ctx->eapol_send = rsn_preauth_eapol_send;
ctx->eapol_send_ctx = sm;
ctx->set_config_blob = sm->ctx->set_config_blob;
ctx->get_config_blob = sm->ctx->get_config_blob;
sm->preauth_eapol = eapol_sm_init(ctx);
if (sm->preauth_eapol == NULL) {
os_free(ctx);
wpa_printf(MSG_WARNING, "RSN: Failed to initialize EAPOL "
"state machines for pre-authentication");
return -3;
}
os_memset(&eapol_conf, 0, sizeof(eapol_conf));
eapol_conf.accept_802_1x_keys = 0;
eapol_conf.required_keys = 0;
eapol_conf.fast_reauth = sm->fast_reauth;
eapol_conf.workaround = sm->eap_workaround;
eapol_sm_notify_config(sm->preauth_eapol, eap_conf, &eapol_conf);
/*
* Use a shorter startPeriod with preauthentication since the first
* preauth EAPOL-Start frame may end up being dropped due to race
* condition in the AP between the data receive and key configuration
* after the 4-Way Handshake.
*/
eapol_sm_configure(sm->preauth_eapol, -1, -1, 5, 6);
os_memcpy(sm->preauth_bssid, dst, ETH_ALEN);
eapol_sm_notify_portValid(sm->preauth_eapol, TRUE);
/* 802.1X::portControl = Auto */
eapol_sm_notify_portEnabled(sm->preauth_eapol, TRUE);
eloop_register_timeout(sm->dot11RSNAConfigSATimeout, 0,
rsn_preauth_timeout, sm, NULL);
return 0;
}