3
* Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
5
* This program is free software; you can redistribute it and/or modify
6
* it under the terms of the GNU General Public License version 2 as
7
* published by the Free Software Foundation.
9
* Alternatively, this software may be distributed under the terms of BSD
12
* See README and COPYING for more details.
14
* This file implements functions for registering and unregistering
15
* %wpa_supplicant interfaces. In addition, this file contains number of
16
* functions for managing network connections.
26
#include "wpa_supplicant.h"
28
#include "l2_packet.h"
29
#include "wpa_supplicant_i.h"
30
#include "ctrl_iface.h"
31
#include "ctrl_iface_dbus.h"
32
#include "pcsc_funcs.h"
35
#include "pmksa_cache.h"
39
const char *wpa_supplicant_version =
40
"wpa_supplicant v" VERSION_STR "\n"
41
"Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi> and contributors";
43
const char *wpa_supplicant_license =
44
"This program is free software. You can distribute it and/or modify it\n"
45
"under the terms of the GNU General Public License version 2.\n"
47
"Alternatively, this software may be distributed under the terms of the\n"
48
"BSD license. See README and COPYING for more details.\n"
49
#ifdef EAP_TLS_OPENSSL
50
"\nThis product includes software developed by the OpenSSL Project\n"
51
"for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
52
#endif /* EAP_TLS_OPENSSL */
55
#ifndef CONFIG_NO_STDOUT_DEBUG
56
/* Long text divided into parts in order to fit in C89 strings size limits. */
57
const char *wpa_supplicant_full_license1 =
58
"This program is free software; you can redistribute it and/or modify\n"
59
"it under the terms of the GNU General Public License version 2 as\n"
60
"published by the Free Software Foundation.\n"
62
"This program is distributed in the hope that it will be useful,\n"
63
"but WITHOUT ANY WARRANTY; without even the implied warranty of\n"
64
"MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n"
65
"GNU General Public License for more details.\n"
67
const char *wpa_supplicant_full_license2 =
68
"You should have received a copy of the GNU General Public License\n"
69
"along with this program; if not, write to the Free Software\n"
70
"Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n"
72
"Alternatively, this software may be distributed under the terms of the\n"
75
"Redistribution and use in source and binary forms, with or without\n"
76
"modification, are permitted provided that the following conditions are\n"
79
const char *wpa_supplicant_full_license3 =
80
"1. Redistributions of source code must retain the above copyright\n"
81
" notice, this list of conditions and the following disclaimer.\n"
83
"2. Redistributions in binary form must reproduce the above copyright\n"
84
" notice, this list of conditions and the following disclaimer in the\n"
85
" documentation and/or other materials provided with the distribution.\n"
87
const char *wpa_supplicant_full_license4 =
88
"3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
89
" names of its contributors may be used to endorse or promote products\n"
90
" derived from this software without specific prior written permission.\n"
92
"THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
93
"\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
94
"LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
95
"A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
96
const char *wpa_supplicant_full_license5 =
97
"OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
98
"SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
99
"LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
100
"DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
101
"THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
102
"(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
103
"OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
105
#endif /* CONFIG_NO_STDOUT_DEBUG */
107
extern struct wpa_driver_ops *wpa_supplicant_drivers[];
109
extern int wpa_debug_use_file;
110
extern int wpa_debug_level;
111
extern int wpa_debug_show_keys;
112
extern int wpa_debug_timestamp;
114
static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx);
116
#if defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA)
117
static u8 * wpa_alloc_eapol(const struct wpa_supplicant *wpa_s, u8 type,
118
const void *data, u16 data_len,
119
size_t *msg_len, void **data_pos)
121
struct ieee802_1x_hdr *hdr;
123
*msg_len = sizeof(*hdr) + data_len;
124
hdr = os_malloc(*msg_len);
128
hdr->version = wpa_s->conf->eapol_version;
130
hdr->length = host_to_be16(data_len);
133
os_memcpy(hdr + 1, data, data_len);
135
os_memset(hdr + 1, 0, data_len);
145
* wpa_ether_send - Send Ethernet frame
146
* @wpa_s: Pointer to wpa_supplicant data
147
* @dest: Destination MAC address
148
* @proto: Ethertype in host byte order
149
* @buf: Frame payload starting from IEEE 802.1X header
150
* @len: Frame payload length
151
* Returns: >=0 on success, <0 on failure
153
static int wpa_ether_send(struct wpa_supplicant *wpa_s, const u8 *dest,
154
u16 proto, const u8 *buf, size_t len)
157
return l2_packet_send(wpa_s->l2, dest, proto, buf, len);
160
return wpa_drv_send_eapol(wpa_s, dest, proto, buf, len);
162
#endif /* IEEE8021X_EAPOL || !CONFIG_NO_WPA */
165
#ifdef IEEE8021X_EAPOL
167
* wpa_supplicant_eapol_send - Send IEEE 802.1X EAPOL packet to Authenticator
168
* @ctx: Pointer to wpa_supplicant data (wpa_s)
169
* @type: IEEE 802.1X packet type (IEEE802_1X_TYPE_*)
170
* @buf: EAPOL payload (after IEEE 802.1X header)
171
* @len: EAPOL payload length
172
* Returns: >=0 on success, <0 on failure
174
* This function adds Ethernet and IEEE 802.1X header and sends the EAPOL frame
175
* to the current Authenticator.
177
static int wpa_supplicant_eapol_send(void *ctx, int type, const u8 *buf,
180
struct wpa_supplicant *wpa_s = ctx;
181
u8 *msg, *dst, bssid[ETH_ALEN];
185
/* TODO: could add l2_packet_sendmsg that allows fragments to avoid
188
if (wpa_s->key_mgmt == WPA_KEY_MGMT_PSK ||
189
wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
190
/* Current SSID is not using IEEE 802.1X/EAP, so drop possible
191
* EAPOL frames (mainly, EAPOL-Start) from EAPOL state
193
wpa_printf(MSG_DEBUG, "WPA: drop TX EAPOL in non-IEEE 802.1X "
194
"mode (type=%d len=%lu)", type,
195
(unsigned long) len);
199
if (pmksa_cache_get_current(wpa_s->wpa) &&
200
type == IEEE802_1X_TYPE_EAPOL_START) {
201
/* Trying to use PMKSA caching - do not send EAPOL-Start frames
202
* since they will trigger full EAPOL authentication. */
203
wpa_printf(MSG_DEBUG, "RSN: PMKSA caching - do not send "
208
if (os_memcmp(wpa_s->bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0)
210
wpa_printf(MSG_DEBUG, "BSSID not set when trying to send an "
212
if (wpa_drv_get_bssid(wpa_s, bssid) == 0 &&
213
os_memcmp(bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) !=
216
wpa_printf(MSG_DEBUG, "Using current BSSID " MACSTR
217
" from the driver as the EAPOL destination",
220
dst = wpa_s->last_eapol_src;
221
wpa_printf(MSG_DEBUG, "Using the source address of the"
222
" last received EAPOL frame " MACSTR " as "
223
"the EAPOL destination",
227
/* BSSID was already set (from (Re)Assoc event, so use it as
228
* the EAPOL destination. */
232
msg = wpa_alloc_eapol(wpa_s, type, buf, len, &msglen, NULL);
236
wpa_hexdump(MSG_MSGDUMP, "TX EAPOL", msg, msglen);
237
res = wpa_ether_send(wpa_s, dst, ETH_P_EAPOL, msg, msglen);
244
* wpa_eapol_set_wep_key - set WEP key for the driver
245
* @ctx: Pointer to wpa_supplicant data (wpa_s)
246
* @unicast: 1 = individual unicast key, 0 = broadcast key
247
* @keyidx: WEP key index (0..3)
248
* @key: Pointer to key data
249
* @keylen: Key length in bytes
250
* Returns: 0 on success or < 0 on error.
252
static int wpa_eapol_set_wep_key(void *ctx, int unicast, int keyidx,
253
const u8 *key, size_t keylen)
255
struct wpa_supplicant *wpa_s = ctx;
256
if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
257
int cipher = (keylen == 5) ? WPA_CIPHER_WEP40 :
260
wpa_s->pairwise_cipher = cipher;
262
wpa_s->group_cipher = cipher;
264
return wpa_drv_set_key(wpa_s, WPA_ALG_WEP,
265
unicast ? wpa_s->bssid :
266
(u8 *) "\xff\xff\xff\xff\xff\xff",
267
keyidx, unicast, (u8 *) "", 0, key, keylen);
271
static void wpa_supplicant_aborted_cached(void *ctx)
273
struct wpa_supplicant *wpa_s = ctx;
274
wpa_sm_aborted_cached(wpa_s->wpa);
277
#endif /* IEEE8021X_EAPOL */
280
#if defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA)
281
static void wpa_supplicant_set_config_blob(void *ctx,
282
struct wpa_config_blob *blob)
284
struct wpa_supplicant *wpa_s = ctx;
285
wpa_config_set_blob(wpa_s->conf, blob);
289
static const struct wpa_config_blob *
290
wpa_supplicant_get_config_blob(void *ctx, const char *name)
292
struct wpa_supplicant *wpa_s = ctx;
293
return wpa_config_get_blob(wpa_s->conf, name);
295
#endif /* defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA) */
298
/* Configure default/group WEP key for static WEP */
299
static int wpa_set_wep_key(void *ctx, int set_tx, int keyidx, const u8 *key,
302
struct wpa_supplicant *wpa_s = ctx;
303
return wpa_drv_set_key(wpa_s, WPA_ALG_WEP,
304
(u8 *) "\xff\xff\xff\xff\xff\xff",
305
keyidx, set_tx, (u8 *) "", 0, key, keylen);
309
static int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
310
struct wpa_ssid *ssid)
317
/* IBSS/WPA-None uses only one key (Group) for both receiving and
318
* sending unicast and multicast packets. */
320
if (ssid->mode != IEEE80211_MODE_IBSS) {
321
wpa_printf(MSG_INFO, "WPA: Invalid mode %d (not IBSS/ad-hoc) "
322
"for WPA-None", ssid->mode);
326
if (!ssid->psk_set) {
327
wpa_printf(MSG_INFO, "WPA: No PSK configured for WPA-None");
331
switch (wpa_s->group_cipher) {
332
case WPA_CIPHER_CCMP:
333
os_memcpy(key, ssid->psk, 16);
337
case WPA_CIPHER_TKIP:
338
/* WPA-None uses the same Michael MIC key for both TX and RX */
339
os_memcpy(key, ssid->psk, 16 + 8);
340
os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
345
wpa_printf(MSG_INFO, "WPA: Invalid group cipher %d for "
346
"WPA-None", wpa_s->group_cipher);
350
/* TODO: should actually remember the previously used seq#, both for TX
351
* and RX from each STA.. */
353
return wpa_drv_set_key(wpa_s, alg, (u8 *) "\xff\xff\xff\xff\xff\xff",
354
0, 1, seq, 6, key, keylen);
358
#ifdef IEEE8021X_EAPOL
359
static void wpa_supplicant_notify_eapol_done(void *ctx)
361
struct wpa_supplicant *wpa_s = ctx;
362
wpa_msg(wpa_s, MSG_DEBUG, "WPA: EAPOL processing complete");
363
if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X) {
364
wpa_supplicant_set_state(wpa_s, WPA_4WAY_HANDSHAKE);
366
eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL);
367
wpa_supplicant_cancel_auth_timeout(wpa_s);
368
wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
371
#endif /* IEEE8021X_EAPOL */
375
* wpa_blacklist_get - Get the blacklist entry for a BSSID
376
* @wpa_s: Pointer to wpa_supplicant data
378
* Returns: Matching blacklist entry for the BSSID or %NULL if not found
380
struct wpa_blacklist * wpa_blacklist_get(struct wpa_supplicant *wpa_s,
383
struct wpa_blacklist *e;
385
e = wpa_s->blacklist;
387
if (os_memcmp(e->bssid, bssid, ETH_ALEN) == 0)
397
* wpa_blacklist_add - Add an BSSID to the blacklist
398
* @wpa_s: Pointer to wpa_supplicant data
399
* @bssid: BSSID to be added to the blacklist
400
* Returns: 0 on success, -1 on failure
402
* This function adds the specified BSSID to the blacklist or increases the
403
* blacklist count if the BSSID was already listed. It should be called when
404
* an association attempt fails either due to the selected BSS rejecting
405
* association or due to timeout.
407
* This blacklist is used to force %wpa_supplicant to go through all available
408
* BSSes before retrying to associate with an BSS that rejected or timed out
409
* association. It does not prevent the listed BSS from being used; it only
410
* changes the order in which they are tried.
412
int wpa_blacklist_add(struct wpa_supplicant *wpa_s, const u8 *bssid)
414
struct wpa_blacklist *e;
416
e = wpa_blacklist_get(wpa_s, bssid);
419
wpa_printf(MSG_DEBUG, "BSSID " MACSTR " blacklist count "
421
MAC2STR(bssid), e->count);
425
e = os_zalloc(sizeof(*e));
428
os_memcpy(e->bssid, bssid, ETH_ALEN);
430
e->next = wpa_s->blacklist;
431
wpa_s->blacklist = e;
432
wpa_printf(MSG_DEBUG, "Added BSSID " MACSTR " into blacklist",
439
static int wpa_blacklist_del(struct wpa_supplicant *wpa_s, const u8 *bssid)
441
struct wpa_blacklist *e, *prev = NULL;
443
e = wpa_s->blacklist;
445
if (os_memcmp(e->bssid, bssid, ETH_ALEN) == 0) {
447
wpa_s->blacklist = e->next;
449
prev->next = e->next;
451
wpa_printf(MSG_DEBUG, "Removed BSSID " MACSTR " from "
452
"blacklist", MAC2STR(bssid));
464
* wpa_blacklist_clear - Clear the blacklist of all entries
465
* @wpa_s: Pointer to wpa_supplicant data
467
void wpa_blacklist_clear(struct wpa_supplicant *wpa_s)
469
struct wpa_blacklist *e, *prev;
471
e = wpa_s->blacklist;
472
wpa_s->blacklist = NULL;
476
wpa_printf(MSG_DEBUG, "Removed BSSID " MACSTR " from "
477
"blacklist (clear)", MAC2STR(prev->bssid));
484
* wpa_supplicant_req_scan - Schedule a scan for neighboring access points
485
* @wpa_s: Pointer to wpa_supplicant data
486
* @sec: Number of seconds after which to scan
487
* @usec: Number of microseconds after which to scan
489
* This function is used to schedule a scan for neighboring access points after
490
* the specified time.
492
void wpa_supplicant_req_scan(struct wpa_supplicant *wpa_s, int sec, int usec)
494
wpa_msg(wpa_s, MSG_DEBUG, "Setting scan request: %d sec %d usec",
496
eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL);
497
eloop_register_timeout(sec, usec, wpa_supplicant_scan, wpa_s, NULL);
502
* wpa_supplicant_cancel_scan - Cancel a scheduled scan request
503
* @wpa_s: Pointer to wpa_supplicant data
505
* This function is used to cancel a scan request scheduled with
506
* wpa_supplicant_req_scan().
508
void wpa_supplicant_cancel_scan(struct wpa_supplicant *wpa_s)
510
wpa_msg(wpa_s, MSG_DEBUG, "Cancelling scan request");
511
eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL);
515
static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
517
struct wpa_supplicant *wpa_s = eloop_ctx;
518
const u8 *bssid = wpa_s->bssid;
519
if (os_memcmp(bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0)
520
bssid = wpa_s->pending_bssid;
521
wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
522
MAC2STR(wpa_s->bssid));
523
wpa_blacklist_add(wpa_s, bssid);
524
wpa_sm_notify_disassoc(wpa_s->wpa);
525
wpa_supplicant_disassociate(wpa_s, REASON_DEAUTH_LEAVING);
526
wpa_s->reassociate = 1;
527
wpa_supplicant_req_scan(wpa_s, 0, 0);
532
* wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
533
* @wpa_s: Pointer to wpa_supplicant data
534
* @sec: Number of seconds after which to time out authentication
535
* @usec: Number of microseconds after which to time out authentication
537
* This function is used to schedule a timeout for the current authentication
540
void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
543
if (wpa_s->conf && wpa_s->conf->ap_scan == 0 &&
544
wpa_s->driver && os_strcmp(wpa_s->driver->name, "wired") == 0)
547
wpa_msg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
548
"%d usec", sec, usec);
549
eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
550
eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
555
* wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
556
* @wpa_s: Pointer to wpa_supplicant data
558
* This function is used to cancel authentication timeout scheduled with
559
* wpa_supplicant_req_auth_timeout() and it is called when authentication has
562
void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
564
wpa_msg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
565
eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
566
wpa_blacklist_del(wpa_s, wpa_s->bssid);
571
* wpa_supplicant_initiate_eapol - Configure EAPOL state machine
572
* @wpa_s: Pointer to wpa_supplicant data
574
* This function is used to configure EAPOL state machine based on the selected
575
* authentication mode.
577
void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
579
#ifdef IEEE8021X_EAPOL
580
struct eapol_config eapol_conf;
581
struct wpa_ssid *ssid = wpa_s->current_ssid;
583
if (wpa_s->key_mgmt == WPA_KEY_MGMT_PSK) {
584
eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
585
eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
587
if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
588
wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
589
eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
591
eapol_sm_notify_portControl(wpa_s->eapol, Auto);
593
os_memset(&eapol_conf, 0, sizeof(eapol_conf));
594
if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
595
eapol_conf.accept_802_1x_keys = 1;
596
eapol_conf.required_keys = 0;
597
if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
598
eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
600
if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
601
eapol_conf.required_keys |=
602
EAPOL_REQUIRE_KEY_BROADCAST;
605
if (wpa_s->conf && wpa_s->driver &&
606
os_strcmp(wpa_s->driver->name, "wired") == 0) {
607
eapol_conf.required_keys = 0;
611
eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
612
eapol_conf.workaround = ssid->eap_workaround;
613
eapol_conf.eap_disabled = wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X &&
614
wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA;
615
eapol_sm_notify_config(wpa_s->eapol, ssid, &eapol_conf);
616
#endif /* IEEE8021X_EAPOL */
621
* wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
622
* @wpa_s: Pointer to wpa_supplicant data
623
* @ssid: Configuration data for the network
625
* This function is used to configure WPA state machine and related parameters
626
* to a mode where WPA is not enabled. This is called as part of the
627
* authentication configuration when the selected network does not use WPA.
629
void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
630
struct wpa_ssid *ssid)
634
if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
635
wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
637
wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
638
wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
639
wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
640
wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
641
wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
642
wpa_s->group_cipher = WPA_CIPHER_NONE;
643
wpa_s->mgmt_group_cipher = 0;
645
for (i = 0; i < NUM_WEP_KEYS; i++) {
646
if (ssid->wep_key_len[i] > 5) {
647
wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
648
wpa_s->group_cipher = WPA_CIPHER_WEP104;
650
} else if (ssid->wep_key_len[i] > 0) {
651
wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
652
wpa_s->group_cipher = WPA_CIPHER_WEP40;
657
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
658
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
659
wpa_s->pairwise_cipher);
660
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
661
#ifdef CONFIG_IEEE80211W
662
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
663
wpa_s->mgmt_group_cipher);
664
#endif /* CONFIG_IEEE80211W */
666
pmksa_cache_clear_current(wpa_s->wpa);
670
static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
672
scard_deinit(wpa_s->scard);
674
wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
675
eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
676
l2_packet_deinit(wpa_s->l2);
679
l2_packet_deinit(wpa_s->l2_br);
683
if (wpa_s->ctrl_iface) {
684
wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
685
wpa_s->ctrl_iface = NULL;
687
if (wpa_s->conf != NULL) {
688
wpa_config_free(wpa_s->conf);
692
os_free(wpa_s->confname);
693
wpa_s->confname = NULL;
695
wpa_sm_set_eapol(wpa_s->wpa, NULL);
696
eapol_sm_deinit(wpa_s->eapol);
699
rsn_preauth_deinit(wpa_s->wpa);
701
pmksa_candidate_free(wpa_s->wpa);
702
wpa_sm_deinit(wpa_s->wpa);
704
wpa_blacklist_clear(wpa_s);
706
os_free(wpa_s->scan_results);
707
wpa_s->scan_results = NULL;
708
wpa_s->num_scan_results = 0;
710
wpa_supplicant_cancel_scan(wpa_s);
711
wpa_supplicant_cancel_auth_timeout(wpa_s);
713
ieee80211_sta_deinit(wpa_s);
718
* wpa_clear_keys - Clear keys configured for the driver
719
* @wpa_s: Pointer to wpa_supplicant data
720
* @addr: Previously used BSSID or %NULL if not available
722
* This function clears the encryption keys that has been previously configured
725
void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
727
u8 *bcast = (u8 *) "\xff\xff\xff\xff\xff\xff";
729
if (wpa_s->keys_cleared) {
730
/* Some drivers (e.g., ndiswrapper & NDIS drivers) seem to have
731
* timing issues with keys being cleared just before new keys
732
* are set or just after association or something similar. This
733
* shows up in group key handshake failing often because of the
734
* client not receiving the first encrypted packets correctly.
735
* Skipping some of the extra key clearing steps seems to help
736
* in completing group key handshake more reliably. */
737
wpa_printf(MSG_DEBUG, "No keys have been configured - "
738
"skip key clearing");
742
/* MLME-DELETEKEYS.request */
743
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 0, 0, NULL, 0, NULL, 0);
744
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 1, 0, NULL, 0, NULL, 0);
745
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 2, 0, NULL, 0, NULL, 0);
746
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 3, 0, NULL, 0, NULL, 0);
748
wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
750
/* MLME-SETPROTECTION.request(None) */
751
wpa_drv_mlme_setprotection(
753
MLME_SETPROTECTION_PROTECT_TYPE_NONE,
754
MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
756
wpa_s->keys_cleared = 1;
761
* wpa_supplicant_state_txt - Get the connection state name as a text string
762
* @state: State (wpa_state; WPA_*)
763
* Returns: The state name as a printable text string
765
const char * wpa_supplicant_state_txt(int state)
768
case WPA_DISCONNECTED:
769
return "DISCONNECTED";
774
case WPA_ASSOCIATING:
775
return "ASSOCIATING";
778
case WPA_4WAY_HANDSHAKE:
779
return "4WAY_HANDSHAKE";
780
case WPA_GROUP_HANDSHAKE:
781
return "GROUP_HANDSHAKE";
791
* wpa_supplicant_set_state - Set current connection state
792
* @wpa_s: Pointer to wpa_supplicant data
793
* @state: The new connection state
795
* This function is called whenever the connection state changes, e.g.,
796
* association is completed for WPA/WPA2 4-Way Handshake is started.
798
void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s, wpa_states state)
800
wpa_printf(MSG_DEBUG, "State: %s -> %s",
801
wpa_supplicant_state_txt(wpa_s->wpa_state),
802
wpa_supplicant_state_txt(state));
804
wpa_supplicant_dbus_notify_state_change(wpa_s, state,
807
if (state == WPA_COMPLETED && wpa_s->new_connection) {
808
#if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
809
struct wpa_ssid *ssid = wpa_s->current_ssid;
810
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
811
MACSTR " completed %s [id=%d id_str=%s]",
812
MAC2STR(wpa_s->bssid), wpa_s->reassociated_connection ?
813
"(reauth)" : "(auth)",
814
ssid ? ssid->id : -1,
815
ssid && ssid->id_str ? ssid->id_str : "");
816
#endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
817
wpa_s->new_connection = 0;
818
wpa_s->reassociated_connection = 1;
819
wpa_drv_set_operstate(wpa_s, 1);
820
} else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
821
state == WPA_ASSOCIATED) {
822
wpa_s->new_connection = 1;
823
wpa_drv_set_operstate(wpa_s, 0);
825
wpa_s->wpa_state = state;
830
* wpa_supplicant_get_state - Get the connection state
831
* @wpa_s: Pointer to wpa_supplicant data
832
* Returns: The current connection state (WPA_*)
834
wpa_states wpa_supplicant_get_state(struct wpa_supplicant *wpa_s)
836
return wpa_s->wpa_state;
840
static void wpa_supplicant_terminate(int sig, void *eloop_ctx,
843
struct wpa_global *global = eloop_ctx;
844
struct wpa_supplicant *wpa_s;
845
for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
846
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING "- signal %d "
853
static void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
855
wpa_s->pairwise_cipher = 0;
856
wpa_s->group_cipher = 0;
857
wpa_s->mgmt_group_cipher = 0;
859
wpa_s->wpa_state = WPA_DISCONNECTED;
864
* wpa_supplicant_reload_configuration - Reload configuration data
865
* @wpa_s: Pointer to wpa_supplicant data
866
* Returns: 0 on success or -1 if configuration parsing failed
868
* This function can be used to request that the configuration data is reloaded
869
* (e.g., after configuration file change). This function is reloading
870
* configuration only for one interface, so this may need to be called multiple
871
* times if %wpa_supplicant is controlling multiple interfaces and all
872
* interfaces need reconfiguration.
874
int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
876
struct wpa_config *conf;
878
if (wpa_s->confname == NULL)
880
conf = wpa_config_read(wpa_s->confname);
882
wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
883
"file '%s' - exiting", wpa_s->confname);
887
reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
888
|| (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
889
os_strcmp(conf->ctrl_interface,
890
wpa_s->conf->ctrl_interface) != 0);
892
if (reconf_ctrl && wpa_s->ctrl_iface) {
893
wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
894
wpa_s->ctrl_iface = NULL;
897
eapol_sm_invalidate_cached_session(wpa_s->eapol);
898
wpa_s->current_ssid = NULL;
900
* TODO: should notify EAPOL SM about changes in opensc_engine_path,
901
* pkcs11_engine_path, pkcs11_module_path.
903
eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
904
wpa_sm_set_config(wpa_s->wpa, NULL);
905
wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
906
rsn_preauth_deinit(wpa_s->wpa);
907
wpa_config_free(wpa_s->conf);
910
wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
912
wpa_supplicant_clear_status(wpa_s);
913
wpa_s->reassociate = 1;
914
wpa_supplicant_req_scan(wpa_s, 0, 0);
915
wpa_msg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
920
static void wpa_supplicant_reconfig(int sig, void *eloop_ctx,
923
struct wpa_global *global = eloop_ctx;
924
struct wpa_supplicant *wpa_s;
925
wpa_printf(MSG_DEBUG, "Signal %d received - reconfiguring", sig);
926
for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
927
if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
934
static void wpa_supplicant_gen_assoc_event(struct wpa_supplicant *wpa_s)
936
struct wpa_ssid *ssid;
937
union wpa_event_data data;
939
ssid = wpa_supplicant_get_ssid(wpa_s);
943
if (wpa_s->current_ssid == NULL)
944
wpa_s->current_ssid = ssid;
945
wpa_supplicant_initiate_eapol(wpa_s);
946
wpa_printf(MSG_DEBUG, "Already associated with a configured network - "
947
"generating associated event");
948
os_memset(&data, 0, sizeof(data));
949
wpa_supplicant_event(wpa_s, EVENT_ASSOC, &data);
953
static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx)
955
struct wpa_supplicant *wpa_s = eloop_ctx;
956
struct wpa_ssid *ssid;
957
int enabled, scan_req = 0, ret;
959
if (wpa_s->disconnected)
963
ssid = wpa_s->conf->ssid;
965
if (!ssid->disabled) {
971
if (!enabled && !wpa_s->scan_req) {
972
wpa_printf(MSG_DEBUG, "No enabled networks - do not scan");
973
wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
976
scan_req = wpa_s->scan_req;
979
if (wpa_s->conf->ap_scan != 0 &&
980
wpa_s->driver && os_strcmp(wpa_s->driver->name, "wired") == 0) {
981
wpa_printf(MSG_DEBUG, "Using wired driver - overriding "
982
"ap_scan configuration");
983
wpa_s->conf->ap_scan = 0;
986
if (wpa_s->conf->ap_scan == 0) {
987
wpa_supplicant_gen_assoc_event(wpa_s);
991
if (wpa_s->wpa_state == WPA_DISCONNECTED ||
992
wpa_s->wpa_state == WPA_INACTIVE)
993
wpa_supplicant_set_state(wpa_s, WPA_SCANNING);
995
ssid = wpa_s->conf->ssid;
996
if (wpa_s->prev_scan_ssid != BROADCAST_SSID_SCAN) {
998
if (ssid == wpa_s->prev_scan_ssid) {
1006
if (!ssid->disabled &&
1007
(ssid->scan_ssid || wpa_s->conf->ap_scan == 2))
1012
if (scan_req != 2 && wpa_s->conf->ap_scan == 2) {
1014
* ap_scan=2 mode - try to associate with each SSID instead of
1015
* scanning for each scan_ssid=1 network.
1018
wpa_printf(MSG_DEBUG, "wpa_supplicant_scan: Reached "
1019
"end of scan list - go back to beginning");
1020
wpa_s->prev_scan_ssid = BROADCAST_SSID_SCAN;
1021
wpa_supplicant_req_scan(wpa_s, 0, 0);
1025
/* Continue from the next SSID on the next attempt. */
1026
wpa_s->prev_scan_ssid = ssid;
1028
/* Start from the beginning of the SSID list. */
1029
wpa_s->prev_scan_ssid = BROADCAST_SSID_SCAN;
1031
wpa_supplicant_associate(wpa_s, NULL, ssid);
1035
wpa_printf(MSG_DEBUG, "Starting AP scan (%s SSID)",
1036
ssid ? "specific": "broadcast");
1038
wpa_hexdump_ascii(MSG_DEBUG, "Scan SSID",
1039
ssid->ssid, ssid->ssid_len);
1040
wpa_s->prev_scan_ssid = ssid;
1042
wpa_s->prev_scan_ssid = BROADCAST_SSID_SCAN;
1044
if (wpa_s->scan_res_tried == 0 && wpa_s->conf->ap_scan == 1) {
1045
wpa_s->scan_res_tried++;
1046
wpa_printf(MSG_DEBUG, "Trying to get current scan results "
1047
"first without requesting a new scan to speed up "
1048
"initial association");
1049
wpa_supplicant_event(wpa_s, EVENT_SCAN_RESULTS, NULL);
1053
if (wpa_s->use_client_mlme) {
1054
ret = ieee80211_sta_req_scan(wpa_s, ssid ? ssid->ssid : NULL,
1055
ssid ? ssid->ssid_len : 0);
1057
ret = wpa_drv_scan(wpa_s, ssid ? ssid->ssid : NULL,
1058
ssid ? ssid->ssid_len : 0);
1061
wpa_printf(MSG_WARNING, "Failed to initiate AP scan.");
1062
wpa_supplicant_req_scan(wpa_s, 10, 0);
1067
static wpa_cipher cipher_suite2driver(int cipher)
1070
case WPA_CIPHER_NONE:
1072
case WPA_CIPHER_WEP40:
1073
return CIPHER_WEP40;
1074
case WPA_CIPHER_WEP104:
1075
return CIPHER_WEP104;
1076
case WPA_CIPHER_CCMP:
1078
case WPA_CIPHER_TKIP:
1085
static wpa_key_mgmt key_mgmt2driver(int key_mgmt)
1088
case WPA_KEY_MGMT_NONE:
1089
return KEY_MGMT_NONE;
1090
case WPA_KEY_MGMT_IEEE8021X_NO_WPA:
1091
return KEY_MGMT_802_1X_NO_WPA;
1092
case WPA_KEY_MGMT_IEEE8021X:
1093
return KEY_MGMT_802_1X;
1094
case WPA_KEY_MGMT_WPA_NONE:
1095
return KEY_MGMT_WPA_NONE;
1096
case WPA_KEY_MGMT_PSK:
1098
return KEY_MGMT_PSK;
1103
static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
1104
struct wpa_ssid *ssid,
1105
struct wpa_ie_data *ie)
1107
int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
1110
wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
1111
"from association info");
1116
wpa_printf(MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set cipher "
1118
if (!(ie->group_cipher & ssid->group_cipher)) {
1119
wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
1120
"cipher 0x%x (mask 0x%x) - reject",
1121
ie->group_cipher, ssid->group_cipher);
1124
if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
1125
wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
1126
"cipher 0x%x (mask 0x%x) - reject",
1127
ie->pairwise_cipher, ssid->pairwise_cipher);
1130
if (!(ie->key_mgmt & ssid->key_mgmt)) {
1131
wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
1132
"management 0x%x (mask 0x%x) - reject",
1133
ie->key_mgmt, ssid->key_mgmt);
1137
#ifdef CONFIG_IEEE80211W
1138
if (!(ie->capabilities & WPA_CAPABILITY_MGMT_FRAME_PROTECTION) &&
1139
ssid->ieee80211w == IEEE80211W_REQUIRED) {
1140
wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
1141
"that does not support management frame protection - "
1145
#endif /* CONFIG_IEEE80211W */
1152
* wpa_supplicant_set_suites - Set authentication and encryption parameters
1153
* @wpa_s: Pointer to wpa_supplicant data
1154
* @bss: Scan results for the selected BSS, or %NULL if not available
1155
* @ssid: Configuration data for the selected network
1156
* @wpa_ie: Buffer for the WPA/RSN IE
1157
* @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
1158
* used buffer length in case the functions returns success.
1159
* Returns: 0 on success or -1 on failure
1161
* This function is used to configure authentication and encryption parameters
1162
* based on the network configuration and scan result for the selected BSS (if
1165
int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
1166
struct wpa_scan_result *bss,
1167
struct wpa_ssid *ssid,
1168
u8 *wpa_ie, size_t *wpa_ie_len)
1170
struct wpa_ie_data ie;
1173
if (bss && bss->rsn_ie_len && (ssid->proto & WPA_PROTO_RSN) &&
1174
wpa_parse_wpa_ie(bss->rsn_ie, bss->rsn_ie_len, &ie) == 0 &&
1175
(ie.group_cipher & ssid->group_cipher) &&
1176
(ie.pairwise_cipher & ssid->pairwise_cipher) &&
1177
(ie.key_mgmt & ssid->key_mgmt)) {
1178
wpa_msg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
1179
proto = WPA_PROTO_RSN;
1180
} else if (bss && bss->wpa_ie_len && (ssid->proto & WPA_PROTO_WPA) &&
1181
wpa_parse_wpa_ie(bss->wpa_ie, bss->wpa_ie_len, &ie) == 0 &&
1182
(ie.group_cipher & ssid->group_cipher) &&
1183
(ie.pairwise_cipher & ssid->pairwise_cipher) &&
1184
(ie.key_mgmt & ssid->key_mgmt)) {
1185
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
1186
proto = WPA_PROTO_WPA;
1188
wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
1191
if (ssid->proto & WPA_PROTO_RSN)
1192
proto = WPA_PROTO_RSN;
1194
proto = WPA_PROTO_WPA;
1195
if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
1196
os_memset(&ie, 0, sizeof(ie));
1197
ie.group_cipher = ssid->group_cipher;
1198
ie.pairwise_cipher = ssid->pairwise_cipher;
1199
ie.key_mgmt = ssid->key_mgmt;
1200
#ifdef CONFIG_IEEE80211W
1201
ie.mgmt_group_cipher =
1202
ssid->ieee80211w != NO_IEEE80211W ?
1203
WPA_CIPHER_AES_128_CMAC : 0;
1204
#endif /* CONFIG_IEEE80211W */
1205
wpa_printf(MSG_DEBUG, "WPA: Set cipher suites based "
1206
"on configuration");
1211
wpa_printf(MSG_DEBUG, "WPA: Selected cipher suites: group %d "
1212
"pairwise %d key_mgmt %d proto %d",
1213
ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
1214
#ifdef CONFIG_IEEE80211W
1215
if (ssid->ieee80211w) {
1216
wpa_printf(MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
1217
ie.mgmt_group_cipher);
1219
#endif /* CONFIG_IEEE80211W */
1221
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
1223
if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss ? bss->wpa_ie : NULL,
1224
bss ? bss->wpa_ie_len : 0) ||
1225
wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss ? bss->rsn_ie : NULL,
1226
bss ? bss->rsn_ie_len : 0))
1229
sel = ie.group_cipher & ssid->group_cipher;
1230
if (sel & WPA_CIPHER_CCMP) {
1231
wpa_s->group_cipher = WPA_CIPHER_CCMP;
1232
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK CCMP");
1233
} else if (sel & WPA_CIPHER_TKIP) {
1234
wpa_s->group_cipher = WPA_CIPHER_TKIP;
1235
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK TKIP");
1236
} else if (sel & WPA_CIPHER_WEP104) {
1237
wpa_s->group_cipher = WPA_CIPHER_WEP104;
1238
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK WEP104");
1239
} else if (sel & WPA_CIPHER_WEP40) {
1240
wpa_s->group_cipher = WPA_CIPHER_WEP40;
1241
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK WEP40");
1243
wpa_printf(MSG_WARNING, "WPA: Failed to select group cipher.");
1247
sel = ie.pairwise_cipher & ssid->pairwise_cipher;
1248
if (sel & WPA_CIPHER_CCMP) {
1249
wpa_s->pairwise_cipher = WPA_CIPHER_CCMP;
1250
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK CCMP");
1251
} else if (sel & WPA_CIPHER_TKIP) {
1252
wpa_s->pairwise_cipher = WPA_CIPHER_TKIP;
1253
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK TKIP");
1254
} else if (sel & WPA_CIPHER_NONE) {
1255
wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
1256
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK NONE");
1258
wpa_printf(MSG_WARNING, "WPA: Failed to select pairwise "
1263
sel = ie.key_mgmt & ssid->key_mgmt;
1264
if (sel & WPA_KEY_MGMT_IEEE8021X) {
1265
wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
1266
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
1267
} else if (sel & WPA_KEY_MGMT_PSK) {
1268
wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
1269
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
1270
} else if (sel & WPA_KEY_MGMT_WPA_NONE) {
1271
wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
1272
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
1274
wpa_printf(MSG_WARNING, "WPA: Failed to select authenticated "
1275
"key management type.");
1279
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
1280
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
1281
wpa_s->pairwise_cipher);
1282
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
1284
#ifdef CONFIG_IEEE80211W
1285
sel = ie.mgmt_group_cipher;
1286
if (ssid->ieee80211w == NO_IEEE80211W ||
1287
!(ie.capabilities & WPA_CAPABILITY_MGMT_FRAME_PROTECTION))
1289
if (sel & WPA_CIPHER_AES_128_CMAC) {
1290
wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
1291
wpa_msg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1294
wpa_s->mgmt_group_cipher = 0;
1295
wpa_msg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
1297
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
1298
wpa_s->mgmt_group_cipher);
1299
#endif /* CONFIG_IEEE80211W */
1301
if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
1302
wpa_printf(MSG_WARNING, "WPA: Failed to generate WPA IE.");
1306
if (ssid->key_mgmt & WPA_KEY_MGMT_PSK)
1307
wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN);
1309
wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
1316
* wpa_supplicant_associate - Request association
1317
* @wpa_s: Pointer to wpa_supplicant data
1318
* @bss: Scan results for the selected BSS, or %NULL if not available
1319
* @ssid: Configuration data for the selected network
1321
* This function is used to request %wpa_supplicant to associate with a BSS.
1323
void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
1324
struct wpa_scan_result *bss,
1325
struct wpa_ssid *ssid)
1329
int use_crypt, ret, i;
1330
int algs = AUTH_ALG_OPEN_SYSTEM;
1331
wpa_cipher cipher_pairwise, cipher_group;
1332
struct wpa_driver_associate_params params;
1333
int wep_keys_set = 0;
1334
struct wpa_driver_capa capa;
1335
int assoc_failed = 0;
1337
wpa_s->reassociate = 0;
1339
wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
1340
" (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
1341
wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
1342
os_memset(wpa_s->bssid, 0, ETH_ALEN);
1343
os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
1345
wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
1346
wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
1347
os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
1349
wpa_supplicant_cancel_scan(wpa_s);
1351
/* Starting new association, so clear the possibly used WPA IE from the
1352
* previous association. */
1353
wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
1355
#ifdef IEEE8021X_EAPOL
1356
if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1358
if (ssid->non_leap == 0)
1359
algs = AUTH_ALG_LEAP;
1361
algs |= AUTH_ALG_LEAP;
1364
#endif /* IEEE8021X_EAPOL */
1365
wpa_printf(MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
1366
if (ssid->auth_alg) {
1368
if (ssid->auth_alg & WPA_AUTH_ALG_OPEN)
1369
algs |= AUTH_ALG_OPEN_SYSTEM;
1370
if (ssid->auth_alg & WPA_AUTH_ALG_SHARED)
1371
algs |= AUTH_ALG_SHARED_KEY;
1372
if (ssid->auth_alg & WPA_AUTH_ALG_LEAP)
1373
algs |= AUTH_ALG_LEAP;
1374
wpa_printf(MSG_DEBUG, "Overriding auth_alg selection: 0x%x",
1377
wpa_drv_set_auth_alg(wpa_s, algs);
1379
if (bss && (bss->wpa_ie_len || bss->rsn_ie_len) &&
1380
(ssid->key_mgmt & (WPA_KEY_MGMT_IEEE8021X | WPA_KEY_MGMT_PSK))) {
1381
int try_opportunistic;
1382
try_opportunistic = ssid->proactive_key_caching &&
1383
(ssid->proto & WPA_PROTO_RSN);
1384
if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
1385
wpa_s->current_ssid,
1386
try_opportunistic) == 0)
1387
eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1);
1388
wpa_ie_len = sizeof(wpa_ie);
1389
if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
1390
wpa_ie, &wpa_ie_len)) {
1391
wpa_printf(MSG_WARNING, "WPA: Failed to set WPA key "
1392
"management and encryption suites");
1395
} else if (ssid->key_mgmt &
1396
(WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_IEEE8021X |
1397
WPA_KEY_MGMT_WPA_NONE)) {
1398
wpa_ie_len = sizeof(wpa_ie);
1399
if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
1400
wpa_ie, &wpa_ie_len)) {
1401
wpa_printf(MSG_WARNING, "WPA: Failed to set WPA key "
1402
"management and encryption suites (no scan "
1407
wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1411
wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
1413
cipher_pairwise = cipher_suite2driver(wpa_s->pairwise_cipher);
1414
cipher_group = cipher_suite2driver(wpa_s->group_cipher);
1415
if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
1416
wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1417
if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
1419
for (i = 0; i < NUM_WEP_KEYS; i++) {
1420
if (ssid->wep_key_len[i]) {
1423
wpa_set_wep_key(wpa_s,
1424
i == ssid->wep_tx_keyidx,
1425
i, ssid->wep_key[i],
1426
ssid->wep_key_len[i]);
1431
#ifdef IEEE8021X_EAPOL
1432
if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1433
if ((ssid->eapol_flags &
1434
(EAPOL_FLAG_REQUIRE_KEY_UNICAST |
1435
EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
1439
/* Assume that dynamic WEP-104 keys will be used and
1440
* set cipher suites in order for drivers to expect
1442
cipher_pairwise = cipher_group = CIPHER_WEP104;
1445
#endif /* IEEE8021X_EAPOL */
1447
if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1448
/* Set the key before (and later after) association */
1449
wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1452
wpa_drv_set_drop_unencrypted(wpa_s, use_crypt);
1453
wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
1454
os_memset(¶ms, 0, sizeof(params));
1456
params.bssid = bss->bssid;
1457
params.ssid = bss->ssid;
1458
params.ssid_len = bss->ssid_len;
1459
params.freq = bss->freq;
1461
params.ssid = ssid->ssid;
1462
params.ssid_len = ssid->ssid_len;
1464
params.wpa_ie = wpa_ie;
1465
params.wpa_ie_len = wpa_ie_len;
1466
params.pairwise_suite = cipher_pairwise;
1467
params.group_suite = cipher_group;
1468
params.key_mgmt_suite = key_mgmt2driver(wpa_s->key_mgmt);
1469
params.auth_alg = algs;
1470
params.mode = ssid->mode;
1471
for (i = 0; i < NUM_WEP_KEYS; i++) {
1472
if (ssid->wep_key_len[i])
1473
params.wep_key[i] = ssid->wep_key[i];
1474
params.wep_key_len[i] = ssid->wep_key_len[i];
1476
params.wep_tx_keyidx = ssid->wep_tx_keyidx;
1478
#ifdef CONFIG_IEEE80211W
1479
switch (ssid->ieee80211w) {
1481
params.mgmt_frame_protection = NO_MGMT_FRAME_PROTECTION;
1483
case IEEE80211W_OPTIONAL:
1484
params.mgmt_frame_protection = MGMT_FRAME_PROTECTION_OPTIONAL;
1486
case IEEE80211W_REQUIRED:
1487
params.mgmt_frame_protection = MGMT_FRAME_PROTECTION_REQUIRED;
1490
#endif /* CONFIG_IEEE80211W */
1492
if (wpa_s->use_client_mlme)
1493
ret = ieee80211_sta_associate(wpa_s, ¶ms);
1495
ret = wpa_drv_associate(wpa_s, ¶ms);
1497
wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
1499
/* try to continue anyway; new association will be tried again
1504
if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1505
/* Set the key after the association just in case association
1506
* cleared the previously configured key. */
1507
wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1508
/* No need to timeout authentication since there is no key
1510
wpa_supplicant_cancel_auth_timeout(wpa_s);
1511
wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
1513
/* Timeout for IEEE 802.11 authentication and association */
1517
else if (wpa_s->conf->ap_scan == 1)
1521
wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
1524
if (wep_keys_set && wpa_drv_get_capa(wpa_s, &capa) == 0 &&
1525
capa.flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC) {
1526
/* Set static WEP keys again */
1528
for (j = 0; j < NUM_WEP_KEYS; j++) {
1529
if (ssid->wep_key_len[j]) {
1530
wpa_set_wep_key(wpa_s,
1531
j == ssid->wep_tx_keyidx,
1532
j, ssid->wep_key[j],
1533
ssid->wep_key_len[j]);
1538
if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
1540
* Do not allow EAP session resumption between different
1541
* network configurations.
1543
eapol_sm_invalidate_cached_session(wpa_s->eapol);
1545
wpa_s->current_ssid = ssid;
1546
wpa_sm_set_config(wpa_s->wpa, wpa_s->current_ssid);
1547
wpa_supplicant_initiate_eapol(wpa_s);
1552
* wpa_supplicant_disassociate - Disassociate the current connection
1553
* @wpa_s: Pointer to wpa_supplicant data
1554
* @reason_code: IEEE 802.11 reason code for the disassociate frame
1556
* This function is used to request %wpa_supplicant to disassociate with the
1559
void wpa_supplicant_disassociate(struct wpa_supplicant *wpa_s,
1563
if (os_memcmp(wpa_s->bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) != 0)
1565
if (wpa_s->use_client_mlme)
1566
ieee80211_sta_disassociate(wpa_s, reason_code);
1568
wpa_drv_disassociate(wpa_s, wpa_s->bssid, reason_code);
1569
addr = wpa_s->bssid;
1571
wpa_clear_keys(wpa_s, addr);
1572
wpa_supplicant_mark_disassoc(wpa_s);
1573
wpa_s->current_ssid = NULL;
1574
wpa_sm_set_config(wpa_s->wpa, NULL);
1575
eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1580
* wpa_supplicant_deauthenticate - Deauthenticate the current connection
1581
* @wpa_s: Pointer to wpa_supplicant data
1582
* @reason_code: IEEE 802.11 reason code for the deauthenticate frame
1584
* This function is used to request %wpa_supplicant to disassociate with the
1587
void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
1591
wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
1592
if (os_memcmp(wpa_s->bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) != 0)
1594
if (wpa_s->use_client_mlme)
1595
ieee80211_sta_deauthenticate(wpa_s, reason_code);
1597
wpa_drv_deauthenticate(wpa_s, wpa_s->bssid,
1599
addr = wpa_s->bssid;
1601
wpa_clear_keys(wpa_s, addr);
1602
wpa_s->current_ssid = NULL;
1603
wpa_sm_set_config(wpa_s->wpa, NULL);
1604
eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1605
eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
1606
eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
1611
* wpa_supplicant_get_scan_results - Get scan results
1612
* @wpa_s: Pointer to wpa_supplicant data
1613
* Returns: 0 on success, -1 on failure
1615
* This function is request the current scan results from the driver and stores
1616
* a local copy of the results in wpa_s->scan_results.
1618
int wpa_supplicant_get_scan_results(struct wpa_supplicant *wpa_s)
1620
#define SCAN_AP_LIMIT 128
1621
struct wpa_scan_result *results, *tmp;
1624
results = os_malloc(SCAN_AP_LIMIT * sizeof(struct wpa_scan_result));
1625
if (results == NULL) {
1626
wpa_printf(MSG_WARNING, "Failed to allocate memory for scan "
1631
if (wpa_s->use_client_mlme) {
1632
num = ieee80211_sta_get_scan_results(wpa_s, results,
1635
num = wpa_drv_get_scan_results(wpa_s, results, SCAN_AP_LIMIT);
1636
wpa_printf(MSG_DEBUG, "Scan results: %d", num);
1638
wpa_printf(MSG_DEBUG, "Failed to get scan results");
1642
if (num > SCAN_AP_LIMIT) {
1643
wpa_printf(MSG_INFO, "Not enough room for all APs (%d < %d)",
1644
num, SCAN_AP_LIMIT);
1645
num = SCAN_AP_LIMIT;
1648
/* Free unneeded memory for unused scan result entries */
1649
tmp = os_realloc(results, num * sizeof(struct wpa_scan_result));
1650
if (tmp || num == 0) {
1654
os_free(wpa_s->scan_results);
1655
wpa_s->scan_results = results;
1656
wpa_s->num_scan_results = num;
1662
#ifndef CONFIG_NO_WPA
1663
static int wpa_get_beacon_ie(struct wpa_supplicant *wpa_s)
1666
struct wpa_scan_result *results, *curr = NULL;
1668
results = wpa_s->scan_results;
1669
if (results == NULL) {
1673
for (i = 0; i < wpa_s->num_scan_results; i++) {
1674
struct wpa_ssid *ssid = wpa_s->current_ssid;
1675
if (os_memcmp(results[i].bssid, wpa_s->bssid, ETH_ALEN) != 0)
1678
((results[i].ssid_len == ssid->ssid_len &&
1679
os_memcmp(results[i].ssid, ssid->ssid, ssid->ssid_len)
1681
ssid->ssid_len == 0)) {
1688
if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, curr->wpa_ie,
1689
curr->wpa_ie_len) ||
1690
wpa_sm_set_ap_rsn_ie(wpa_s->wpa, curr->rsn_ie,
1701
static int wpa_supplicant_get_beacon_ie(void *ctx)
1703
struct wpa_supplicant *wpa_s = ctx;
1704
if (wpa_get_beacon_ie(wpa_s) == 0) {
1708
/* No WPA/RSN IE found in the cached scan results. Try to get updated
1709
* scan results from the driver. */
1710
if (wpa_supplicant_get_scan_results(wpa_s) < 0) {
1714
return wpa_get_beacon_ie(wpa_s);
1716
#endif /* CONFIG_NO_WPA */
1720
* wpa_supplicant_get_ssid - Get a pointer to the current network structure
1721
* @wpa_s: Pointer to wpa_supplicant data
1722
* Returns: A pointer to the current network structure or %NULL on failure
1724
struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
1726
struct wpa_ssid *entry;
1727
u8 ssid[MAX_SSID_LEN];
1733
if (wpa_s->use_client_mlme) {
1734
if (ieee80211_sta_get_ssid(wpa_s, ssid, &ssid_len)) {
1735
wpa_printf(MSG_WARNING, "Could not read SSID from "
1740
res = wpa_drv_get_ssid(wpa_s, ssid);
1742
wpa_printf(MSG_WARNING, "Could not read SSID from "
1749
if (wpa_s->use_client_mlme)
1750
os_memcpy(bssid, wpa_s->bssid, ETH_ALEN);
1751
else if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
1752
wpa_printf(MSG_WARNING, "Could not read BSSID from driver.");
1756
wired = wpa_s->conf->ap_scan == 0 && wpa_s->driver &&
1757
os_strcmp(wpa_s->driver->name, "wired") == 0;
1759
entry = wpa_s->conf->ssid;
1761
if (!entry->disabled &&
1762
((ssid_len == entry->ssid_len &&
1763
os_memcmp(ssid, entry->ssid, ssid_len) == 0) || wired) &&
1764
(!entry->bssid_set ||
1765
os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
1767
entry = entry->next;
1774
#ifndef CONFIG_NO_WPA
1775
static u8 * _wpa_alloc_eapol(void *wpa_s, u8 type,
1776
const void *data, u16 data_len,
1777
size_t *msg_len, void **data_pos)
1779
return wpa_alloc_eapol(wpa_s, type, data, data_len, msg_len, data_pos);
1783
static int _wpa_ether_send(void *wpa_s, const u8 *dest, u16 proto,
1784
const u8 *buf, size_t len)
1786
return wpa_ether_send(wpa_s, dest, proto, buf, len);
1790
static void _wpa_supplicant_req_scan(void *wpa_s, int sec, int usec)
1792
wpa_supplicant_req_scan(wpa_s, sec, usec);
1796
static void _wpa_supplicant_cancel_auth_timeout(void *wpa_s)
1798
wpa_supplicant_cancel_auth_timeout(wpa_s);
1802
static void _wpa_supplicant_set_state(void *wpa_s, wpa_states state)
1804
wpa_supplicant_set_state(wpa_s, state);
1808
static wpa_states _wpa_supplicant_get_state(void *wpa_s)
1810
return wpa_supplicant_get_state(wpa_s);
1814
static void _wpa_supplicant_disassociate(void *wpa_s, int reason_code)
1816
wpa_supplicant_disassociate(wpa_s, reason_code);
1820
static void _wpa_supplicant_deauthenticate(void *wpa_s, int reason_code)
1822
wpa_supplicant_deauthenticate(wpa_s, reason_code);
1826
static struct wpa_ssid * _wpa_supplicant_get_ssid(void *wpa_s)
1828
return wpa_supplicant_get_ssid(wpa_s);
1832
static int wpa_supplicant_get_bssid(void *ctx, u8 *bssid)
1834
struct wpa_supplicant *wpa_s = ctx;
1835
if (wpa_s->use_client_mlme) {
1836
os_memcpy(bssid, wpa_s->bssid, ETH_ALEN);
1839
return wpa_drv_get_bssid(wpa_s, bssid);
1843
static int wpa_supplicant_set_key(void *wpa_s, wpa_alg alg,
1844
const u8 *addr, int key_idx, int set_tx,
1845
const u8 *seq, size_t seq_len,
1846
const u8 *key, size_t key_len)
1848
return wpa_drv_set_key(wpa_s, alg, addr, key_idx, set_tx, seq, seq_len,
1853
static int wpa_supplicant_mlme_setprotection(void *wpa_s, const u8 *addr,
1854
int protection_type,
1857
return wpa_drv_mlme_setprotection(wpa_s, addr, protection_type,
1862
static int wpa_supplicant_add_pmkid(void *wpa_s,
1863
const u8 *bssid, const u8 *pmkid)
1865
return wpa_drv_add_pmkid(wpa_s, bssid, pmkid);
1869
static int wpa_supplicant_remove_pmkid(void *wpa_s,
1870
const u8 *bssid, const u8 *pmkid)
1872
return wpa_drv_remove_pmkid(wpa_s, bssid, pmkid);
1874
#endif /* CONFIG_NO_WPA */
1877
static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
1885
if (wpa_supplicant_drivers[0] == NULL) {
1886
wpa_printf(MSG_ERROR, "No driver interfaces build into "
1892
/* default to first driver in the list */
1893
wpa_s->driver = wpa_supplicant_drivers[0];
1897
for (i = 0; wpa_supplicant_drivers[i]; i++) {
1898
if (os_strcmp(name, wpa_supplicant_drivers[i]->name) == 0) {
1899
wpa_s->driver = wpa_supplicant_drivers[i];
1904
wpa_printf(MSG_ERROR, "Unsupported driver '%s'.\n", name);
1909
void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
1910
const u8 *buf, size_t len)
1912
struct wpa_supplicant *wpa_s = ctx;
1914
wpa_printf(MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
1915
wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
1917
if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
1918
wpa_printf(MSG_DEBUG, "Ignored received EAPOL frame since "
1919
"no key management is configured");
1923
if (wpa_s->eapol_received == 0) {
1924
/* Timeout for completing IEEE 802.1X and WPA authentication */
1925
wpa_supplicant_req_auth_timeout(
1927
(wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X ||
1928
wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) ?
1931
wpa_s->eapol_received++;
1933
if (wpa_s->countermeasures) {
1934
wpa_printf(MSG_INFO, "WPA: Countermeasures - dropped EAPOL "
1939
/* Source address of the incoming EAPOL frame could be compared to the
1940
* current BSSID. However, it is possible that a centralized
1941
* Authenticator could be using another MAC address than the BSSID of
1942
* an AP, so just allow any address to be used for now. The replies are
1943
* still sent to the current BSSID (if available), though. */
1945
os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
1946
if (wpa_s->key_mgmt != WPA_KEY_MGMT_PSK &&
1947
eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
1949
wpa_drv_poll(wpa_s);
1950
wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
1955
* wpa_supplicant_driver_init - Initialize driver interface parameters
1956
* @wpa_s: Pointer to wpa_supplicant data
1957
* @wait_for_interface: 0 = do not wait for the interface (reports a failure if
1958
* the interface is not present), 1 = wait until the interface is available
1959
* Returns: 0 on success, -1 on failure
1961
* This function is called to initialize driver interface parameters.
1962
* wpa_drv_init() must have been called before this function to initialize the
1965
int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s,
1966
int wait_for_interface)
1968
static int interface_count = 0;
1971
if (wpa_s->driver->send_eapol) {
1972
const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
1974
os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
1977
wpa_s->l2 = l2_packet_init(wpa_s->ifname,
1978
wpa_drv_get_mac_addr(wpa_s),
1980
wpa_supplicant_rx_eapol, wpa_s, 0);
1983
else if (!wait_for_interface)
1985
wpa_printf(MSG_DEBUG, "Waiting for interface..");
1989
if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
1990
wpa_printf(MSG_ERROR, "Failed to get own L2 address");
1994
wpa_printf(MSG_DEBUG, "Own MAC address: " MACSTR,
1995
MAC2STR(wpa_s->own_addr));
1997
if (wpa_s->bridge_ifname[0]) {
1998
wpa_printf(MSG_DEBUG, "Receiving packets from bridge interface"
1999
" '%s'", wpa_s->bridge_ifname);
2000
wpa_s->l2_br = l2_packet_init(wpa_s->bridge_ifname,
2003
wpa_supplicant_rx_eapol, wpa_s,
2005
if (wpa_s->l2_br == NULL) {
2006
wpa_printf(MSG_ERROR, "Failed to open l2_packet "
2007
"connection for the bridge interface '%s'",
2008
wpa_s->bridge_ifname);
2013
/* Backwards compatibility call to set_wpa() handler. This is called
2014
* only just after init and just before deinit, so these handler can be
2015
* used to implement same functionality. */
2016
if (wpa_drv_set_wpa(wpa_s, 1) < 0) {
2017
struct wpa_driver_capa capa;
2018
if (wpa_drv_get_capa(wpa_s, &capa) < 0 ||
2019
!(capa.flags & (WPA_DRIVER_CAPA_KEY_MGMT_WPA |
2020
WPA_DRIVER_CAPA_KEY_MGMT_WPA2))) {
2021
wpa_printf(MSG_DEBUG, "Driver does not support WPA.");
2022
/* Continue to allow non-WPA modes to be used. */
2024
wpa_printf(MSG_ERROR, "Failed to enable WPA in the "
2030
wpa_clear_keys(wpa_s, NULL);
2032
/* Make sure that TKIP countermeasures are not left enabled (could
2033
* happen if wpa_supplicant is killed during countermeasures. */
2034
wpa_drv_set_countermeasures(wpa_s, 0);
2036
wpa_drv_set_drop_unencrypted(wpa_s, 1);
2038
wpa_s->prev_scan_ssid = BROADCAST_SSID_SCAN;
2039
wpa_supplicant_req_scan(wpa_s, interface_count, 100000);
2046
static int wpa_supplicant_daemon(const char *pid_file)
2048
wpa_printf(MSG_DEBUG, "Daemonize..");
2049
return os_daemonize(pid_file);
2053
static struct wpa_supplicant * wpa_supplicant_alloc(void)
2055
struct wpa_supplicant *wpa_s;
2057
wpa_s = os_zalloc(sizeof(*wpa_s));
2060
wpa_s->scan_req = 1;
2066
static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
2067
struct wpa_interface *iface)
2069
wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
2070
"'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
2071
iface->confname ? iface->confname : "N/A",
2072
iface->driver ? iface->driver : "default",
2073
iface->ctrl_interface ? iface->ctrl_interface : "N/A",
2074
iface->bridge_ifname ? iface->bridge_ifname : "N/A");
2076
if (wpa_supplicant_set_driver(wpa_s, iface->driver) < 0) {
2080
if (iface->confname) {
2081
#ifdef CONFIG_BACKEND_FILE
2082
wpa_s->confname = os_rel2abs_path(iface->confname);
2083
if (wpa_s->confname == NULL) {
2084
wpa_printf(MSG_ERROR, "Failed to get absolute path "
2085
"for configuration file '%s'.",
2089
wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
2090
iface->confname, wpa_s->confname);
2091
#else /* CONFIG_BACKEND_FILE */
2092
wpa_s->confname = os_strdup(iface->confname);
2093
#endif /* CONFIG_BACKEND_FILE */
2094
wpa_s->conf = wpa_config_read(wpa_s->confname);
2095
if (wpa_s->conf == NULL) {
2096
wpa_printf(MSG_ERROR, "Failed to read or parse "
2097
"configuration '%s'.", wpa_s->confname);
2102
* Override ctrl_interface and driver_param if set on command
2105
if (iface->ctrl_interface) {
2106
os_free(wpa_s->conf->ctrl_interface);
2107
wpa_s->conf->ctrl_interface =
2108
os_strdup(iface->ctrl_interface);
2111
if (iface->driver_param) {
2112
os_free(wpa_s->conf->driver_param);
2113
wpa_s->conf->driver_param =
2114
os_strdup(iface->driver_param);
2117
wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
2118
iface->driver_param);
2120
if (wpa_s->conf == NULL) {
2121
wpa_printf(MSG_ERROR, "\nNo configuration found.");
2125
if (iface->ifname == NULL) {
2126
wpa_printf(MSG_ERROR, "\nInterface name is required.");
2129
if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
2130
wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
2134
os_strncpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
2136
if (iface->bridge_ifname) {
2137
if (os_strlen(iface->bridge_ifname) >=
2138
sizeof(wpa_s->bridge_ifname)) {
2139
wpa_printf(MSG_ERROR, "\nToo long bridge interface "
2140
"name '%s'.", iface->bridge_ifname);
2143
os_strncpy(wpa_s->bridge_ifname, iface->bridge_ifname,
2144
sizeof(wpa_s->bridge_ifname));
2151
static int wpa_supplicant_init_eapol(struct wpa_supplicant *wpa_s)
2153
#ifdef IEEE8021X_EAPOL
2154
struct eapol_ctx *ctx;
2155
ctx = os_zalloc(sizeof(*ctx));
2157
wpa_printf(MSG_ERROR, "Failed to allocate EAPOL context.");
2162
ctx->msg_ctx = wpa_s;
2163
ctx->eapol_send_ctx = wpa_s;
2165
ctx->eapol_done_cb = wpa_supplicant_notify_eapol_done;
2166
ctx->eapol_send = wpa_supplicant_eapol_send;
2167
ctx->set_wep_key = wpa_eapol_set_wep_key;
2168
ctx->set_config_blob = wpa_supplicant_set_config_blob;
2169
ctx->get_config_blob = wpa_supplicant_get_config_blob;
2170
ctx->aborted_cached = wpa_supplicant_aborted_cached;
2171
ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path;
2172
ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path;
2173
ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path;
2174
wpa_s->eapol = eapol_sm_init(ctx);
2175
if (wpa_s->eapol == NULL) {
2177
wpa_printf(MSG_ERROR, "Failed to initialize EAPOL state "
2181
#endif /* IEEE8021X_EAPOL */
2187
static int wpa_supplicant_init_wpa(struct wpa_supplicant *wpa_s)
2189
#ifndef CONFIG_NO_WPA
2190
struct wpa_sm_ctx *ctx;
2191
ctx = os_zalloc(sizeof(*ctx));
2193
wpa_printf(MSG_ERROR, "Failed to allocate WPA context.");
2198
ctx->set_state = _wpa_supplicant_set_state;
2199
ctx->get_state = _wpa_supplicant_get_state;
2200
ctx->req_scan = _wpa_supplicant_req_scan;
2201
ctx->deauthenticate = _wpa_supplicant_deauthenticate;
2202
ctx->disassociate = _wpa_supplicant_disassociate;
2203
ctx->set_key = wpa_supplicant_set_key;
2204
ctx->scan = wpa_supplicant_scan;
2205
ctx->get_ssid = _wpa_supplicant_get_ssid;
2206
ctx->get_bssid = wpa_supplicant_get_bssid;
2207
ctx->ether_send = _wpa_ether_send;
2208
ctx->get_beacon_ie = wpa_supplicant_get_beacon_ie;
2209
ctx->alloc_eapol = _wpa_alloc_eapol;
2210
ctx->cancel_auth_timeout = _wpa_supplicant_cancel_auth_timeout;
2211
ctx->add_pmkid = wpa_supplicant_add_pmkid;
2212
ctx->remove_pmkid = wpa_supplicant_remove_pmkid;
2213
ctx->set_config_blob = wpa_supplicant_set_config_blob;
2214
ctx->get_config_blob = wpa_supplicant_get_config_blob;
2215
ctx->mlme_setprotection = wpa_supplicant_mlme_setprotection;
2217
wpa_s->wpa = wpa_sm_init(ctx);
2218
if (wpa_s->wpa == NULL) {
2219
wpa_printf(MSG_ERROR, "Failed to initialize WPA state "
2223
#endif /* CONFIG_NO_WPA */
2229
static int wpa_supplicant_init_iface2(struct wpa_supplicant *wpa_s,
2230
int wait_for_interface)
2233
struct wpa_driver_capa capa;
2235
wpa_printf(MSG_DEBUG, "Initializing interface (2) '%s'",
2238
if (wpa_supplicant_init_eapol(wpa_s) < 0)
2241
/* RSNA Supplicant Key Management - INITIALIZE */
2242
eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
2243
eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
2245
/* Initialize driver interface and register driver event handler before
2246
* L2 receive handler so that association events are processed before
2247
* EAPOL-Key packets if both become available for the same select()
2249
wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
2250
if (wpa_s->drv_priv == NULL) {
2251
wpa_printf(MSG_ERROR, "Failed to initialize driver interface");
2254
if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
2255
wpa_printf(MSG_ERROR, "Driver interface rejected "
2256
"driver_param '%s'", wpa_s->conf->driver_param);
2260
ifname = wpa_drv_get_ifname(wpa_s);
2261
if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
2262
wpa_printf(MSG_DEBUG, "Driver interface replaced interface "
2263
"name with '%s'", ifname);
2264
os_strncpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
2267
if (wpa_supplicant_init_wpa(wpa_s) < 0)
2270
wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
2271
wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
2273
wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
2274
wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
2276
if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
2277
wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
2278
wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
2279
wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
2280
"dot11RSNAConfigPMKLifetime");
2284
if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
2285
wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
2286
wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
2287
wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
2288
"dot11RSNAConfigPMKReauthThreshold");
2292
if (wpa_s->conf->dot11RSNAConfigSATimeout &&
2293
wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
2294
wpa_s->conf->dot11RSNAConfigSATimeout)) {
2295
wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
2296
"dot11RSNAConfigSATimeout");
2300
if (wpa_supplicant_driver_init(wpa_s, wait_for_interface) < 0) {
2303
wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
2305
wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
2306
if (wpa_s->ctrl_iface == NULL) {
2307
wpa_printf(MSG_ERROR,
2308
"Failed to initialize control interface '%s'.\n"
2309
"You may have another wpa_supplicant process "
2310
"already running or the file was\n"
2311
"left by an unclean termination of wpa_supplicant "
2312
"in which case you will need\n"
2313
"to manually remove this file before starting "
2314
"wpa_supplicant again.\n",
2315
wpa_s->conf->ctrl_interface);
2319
if (wpa_drv_get_capa(wpa_s, &capa) == 0 &&
2320
capa.flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME) {
2321
wpa_s->use_client_mlme = 1;
2322
if (ieee80211_sta_init(wpa_s))
2330
static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s)
2332
if (wpa_s->drv_priv) {
2333
wpa_supplicant_deauthenticate(wpa_s, REASON_DEAUTH_LEAVING);
2335
/* Backwards compatibility call to set_wpa() handler. This is
2336
* called only just after init and just before deinit, so these
2337
* handler can be used to implement same functionality. */
2338
if (wpa_drv_set_wpa(wpa_s, 0) < 0) {
2339
wpa_printf(MSG_ERROR, "Failed to disable WPA in the "
2343
wpa_drv_set_drop_unencrypted(wpa_s, 0);
2344
wpa_drv_set_countermeasures(wpa_s, 0);
2345
wpa_clear_keys(wpa_s, NULL);
2348
wpas_dbus_unregister_iface(wpa_s);
2350
wpa_supplicant_cleanup(wpa_s);
2352
if (wpa_s->drv_priv)
2353
wpa_drv_deinit(wpa_s);
2358
* wpa_supplicant_add_iface - Add a new network interface
2359
* @global: Pointer to global data from wpa_supplicant_init()
2360
* @iface: Interface configuration options
2361
* Returns: Pointer to the created interface or %NULL on failure
2363
* This function is used to add new network interfaces for %wpa_supplicant.
2364
* This can be called before wpa_supplicant_run() to add interfaces before the
2365
* main event loop has been started. In addition, new interfaces can be added
2366
* dynamically while %wpa_supplicant is already running. This could happen,
2367
* e.g., when a hotplug network adapter is inserted.
2369
struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
2370
struct wpa_interface *iface)
2372
struct wpa_supplicant *wpa_s;
2374
if (global == NULL || iface == NULL)
2377
wpa_s = wpa_supplicant_alloc();
2381
if (wpa_supplicant_init_iface(wpa_s, iface) ||
2382
wpa_supplicant_init_iface2(wpa_s,
2383
global->params.wait_for_interface)) {
2384
wpa_printf(MSG_DEBUG, "Failed to add interface %s",
2386
wpa_supplicant_deinit_iface(wpa_s);
2391
wpa_s->global = global;
2393
/* Register the interface with the dbus control interface */
2394
if (wpas_dbus_register_iface(wpa_s)) {
2395
wpa_supplicant_deinit_iface(wpa_s);
2400
wpa_s->next = global->ifaces;
2401
global->ifaces = wpa_s;
2403
wpa_printf(MSG_DEBUG, "Added interface %s", wpa_s->ifname);
2410
* wpa_supplicant_remove_iface - Remove a network interface
2411
* @global: Pointer to global data from wpa_supplicant_init()
2412
* @wpa_s: Pointer to the network interface to be removed
2413
* Returns: 0 if interface was removed, -1 if interface was not found
2415
* This function can be used to dynamically remove network interfaces from
2416
* %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
2417
* addition, this function is used to remove all remaining interdaces when
2418
* %wpa_supplicant is terminated.
2420
int wpa_supplicant_remove_iface(struct wpa_global *global,
2421
struct wpa_supplicant *wpa_s)
2423
struct wpa_supplicant *prev;
2425
/* Remove interface from the global list of interfaces */
2426
prev = global->ifaces;
2427
if (prev == wpa_s) {
2428
global->ifaces = wpa_s->next;
2430
while (prev && prev->next != wpa_s)
2434
prev->next = wpa_s->next;
2437
wpa_printf(MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
2439
wpa_supplicant_deinit_iface(wpa_s);
2447
* wpa_supplicant_get_iface - Get a new network interface
2448
* @global: Pointer to global data from wpa_supplicant_init()
2449
* @ifname: Interface name
2450
* Returns: Pointer to the interface or %NULL if not found
2452
struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
2455
struct wpa_supplicant *wpa_s;
2457
for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
2458
if (os_strcmp(wpa_s->ifname, ifname) == 0)
2466
* wpa_supplicant_init - Initialize %wpa_supplicant
2467
* @params: Parameters for %wpa_supplicant
2468
* Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
2470
* This function is used to initialize %wpa_supplicant. After successful
2471
* initialization, the returned data pointer can be used to add and remove
2472
* network interfaces, and eventually, to deinitialize %wpa_supplicant.
2474
struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
2476
struct wpa_global *global;
2482
wpa_debug_use_file = params->wpa_debug_use_file;
2483
wpa_debug_open_file();
2485
ret = eap_peer_register_methods();
2487
wpa_printf(MSG_ERROR, "Failed to register EAP methods");
2489
wpa_printf(MSG_ERROR, "Two or more EAP methods used "
2490
"the same EAP type.");
2494
global = os_zalloc(sizeof(*global));
2497
global->params.daemonize = params->daemonize;
2498
global->params.wait_for_interface = params->wait_for_interface;
2499
global->params.wait_for_monitor = params->wait_for_monitor;
2500
global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
2501
if (params->pid_file)
2502
global->params.pid_file = os_strdup(params->pid_file);
2503
if (params->ctrl_interface)
2504
global->params.ctrl_interface =
2505
os_strdup(params->ctrl_interface);
2506
wpa_debug_level = global->params.wpa_debug_level =
2507
params->wpa_debug_level;
2508
wpa_debug_show_keys = global->params.wpa_debug_show_keys =
2509
params->wpa_debug_show_keys;
2510
wpa_debug_timestamp = global->params.wpa_debug_timestamp =
2511
params->wpa_debug_timestamp;
2512
wpa_debug_use_file = global->params.wpa_debug_use_file =
2513
params->wpa_debug_use_file;
2515
if (eloop_init(global)) {
2516
wpa_printf(MSG_ERROR, "Failed to initialize event loop");
2517
wpa_supplicant_deinit(global);
2521
global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
2522
if (global->ctrl_iface == NULL) {
2523
wpa_supplicant_deinit(global);
2527
if (global->params.dbus_ctrl_interface) {
2528
global->dbus_ctrl_iface =
2529
wpa_supplicant_dbus_ctrl_iface_init(global);
2530
if (global->dbus_ctrl_iface == NULL) {
2531
wpa_supplicant_deinit(global);
2536
if (global->params.wait_for_interface && global->params.daemonize &&
2537
wpa_supplicant_daemon(global->params.pid_file)) {
2538
wpa_supplicant_deinit(global);
2547
* wpa_supplicant_run - Run the %wpa_supplicant main event loop
2548
* @global: Pointer to global data from wpa_supplicant_init()
2549
* Returns: 0 after successful event loop run, -1 on failure
2551
* This function starts the main event loop and continues running as long as
2552
* there are any remaining events. In most cases, this function is running as
2553
* long as the %wpa_supplicant process in still in use.
2555
int wpa_supplicant_run(struct wpa_global *global)
2557
struct wpa_supplicant *wpa_s;
2559
if (!global->params.wait_for_interface && global->params.daemonize &&
2560
wpa_supplicant_daemon(global->params.pid_file))
2563
if (global->params.wait_for_monitor) {
2564
for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
2565
if (wpa_s->ctrl_iface)
2566
wpa_supplicant_ctrl_iface_wait(
2570
eloop_register_signal_terminate(wpa_supplicant_terminate, NULL);
2571
eloop_register_signal_reconfig(wpa_supplicant_reconfig, NULL);
2580
* wpa_supplicant_deinit - Deinitialize %wpa_supplicant
2581
* @global: Pointer to global data from wpa_supplicant_init()
2583
* This function is called to deinitialize %wpa_supplicant and to free all
2584
* allocated resources. Remaining network interfaces will also be removed.
2586
void wpa_supplicant_deinit(struct wpa_global *global)
2591
while (global->ifaces)
2592
wpa_supplicant_remove_iface(global, global->ifaces);
2594
if (global->ctrl_iface)
2595
wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
2596
if (global->dbus_ctrl_iface)
2597
wpa_supplicant_dbus_ctrl_iface_deinit(global->dbus_ctrl_iface);
2599
eap_peer_unregister_methods();
2603
if (global->params.pid_file) {
2604
os_daemonize_terminate(global->params.pid_file);
2605
os_free(global->params.pid_file);
2607
os_free(global->params.ctrl_interface);
2610
wpa_debug_close_file();