3
* Copyright (c) 2009-2010, Jouni Malinen <j@w1.fi>
5
* This program is free software; you can redistribute it and/or modify
6
* it under the terms of the GNU General Public License version 2 as
7
* published by the Free Software Foundation.
9
* Alternatively, this software may be distributed under the terms of BSD
12
* See README and COPYING for more details.
18
#include "utils/eloop.h"
19
#include "common/ieee802_11_defs.h"
20
#include "common/ieee802_11_common.h"
21
#include "eapol_supp/eapol_supp_sm.h"
22
#include "common/wpa_common.h"
23
#include "rsn_supp/wpa.h"
24
#include "rsn_supp/pmksa_cache.h"
26
#include "wpa_supplicant_i.h"
28
#include "wpas_glue.h"
29
#include "wps_supplicant.h"
31
#include "blacklist.h"
36
#define SME_AUTH_TIMEOUT 5
37
#define SME_ASSOC_TIMEOUT 5
39
static void sme_auth_timer(void *eloop_ctx, void *timeout_ctx);
40
static void sme_assoc_timer(void *eloop_ctx, void *timeout_ctx);
43
void sme_authenticate(struct wpa_supplicant *wpa_s,
44
struct wpa_bss *bss, struct wpa_ssid *ssid)
46
struct wpa_driver_auth_params params;
47
struct wpa_ssid *old_ssid;
48
#ifdef CONFIG_IEEE80211R
50
#endif /* CONFIG_IEEE80211R */
51
#ifdef CONFIG_IEEE80211R
53
#endif /* CONFIG_IEEE80211R */
57
wpa_printf(MSG_ERROR, "SME: No scan result available for the "
62
wpa_s->current_bss = bss;
64
os_memset(¶ms, 0, sizeof(params));
65
wpa_s->reassociate = 0;
67
params.freq = bss->freq;
68
params.bssid = bss->bssid;
69
params.ssid = bss->ssid;
70
params.ssid_len = bss->ssid_len;
72
if (wpa_s->sme.ssid_len != params.ssid_len ||
73
os_memcmp(wpa_s->sme.ssid, params.ssid, params.ssid_len) != 0)
74
wpa_s->sme.prev_bssid_set = 0;
76
wpa_s->sme.freq = params.freq;
77
os_memcpy(wpa_s->sme.ssid, params.ssid, params.ssid_len);
78
wpa_s->sme.ssid_len = params.ssid_len;
80
params.auth_alg = WPA_AUTH_ALG_OPEN;
81
#ifdef IEEE8021X_EAPOL
82
if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
84
if (ssid->non_leap == 0)
85
params.auth_alg = WPA_AUTH_ALG_LEAP;
87
params.auth_alg |= WPA_AUTH_ALG_LEAP;
90
#endif /* IEEE8021X_EAPOL */
91
wpa_printf(MSG_DEBUG, "Automatic auth_alg selection: 0x%x",
94
params.auth_alg = ssid->auth_alg;
95
wpa_printf(MSG_DEBUG, "Overriding auth_alg selection: 0x%x",
99
for (i = 0; i < NUM_WEP_KEYS; i++) {
100
if (ssid->wep_key_len[i])
101
params.wep_key[i] = ssid->wep_key[i];
102
params.wep_key_len[i] = ssid->wep_key_len[i];
104
params.wep_tx_keyidx = ssid->wep_tx_keyidx;
106
bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
107
os_memset(wpa_s->bssid, 0, ETH_ALEN);
108
os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
110
wpas_notify_bssid_changed(wpa_s);
112
if ((wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
113
wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
114
(ssid->key_mgmt & (WPA_KEY_MGMT_IEEE8021X | WPA_KEY_MGMT_PSK |
115
WPA_KEY_MGMT_FT_IEEE8021X |
116
WPA_KEY_MGMT_FT_PSK |
117
WPA_KEY_MGMT_IEEE8021X_SHA256 |
118
WPA_KEY_MGMT_PSK_SHA256))) {
119
int try_opportunistic;
120
try_opportunistic = ssid->proactive_key_caching &&
121
(ssid->proto & WPA_PROTO_RSN);
122
if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
124
try_opportunistic) == 0)
125
eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1);
126
wpa_s->sme.assoc_req_ie_len = sizeof(wpa_s->sme.assoc_req_ie);
127
if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
128
wpa_s->sme.assoc_req_ie,
129
&wpa_s->sme.assoc_req_ie_len)) {
130
wpa_printf(MSG_WARNING, "SME: Failed to set WPA key "
131
"management and encryption suites");
134
} else if (ssid->key_mgmt &
135
(WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_IEEE8021X |
136
WPA_KEY_MGMT_WPA_NONE | WPA_KEY_MGMT_FT_PSK |
137
WPA_KEY_MGMT_FT_IEEE8021X | WPA_KEY_MGMT_PSK_SHA256 |
138
WPA_KEY_MGMT_IEEE8021X_SHA256)) {
139
wpa_s->sme.assoc_req_ie_len = sizeof(wpa_s->sme.assoc_req_ie);
140
if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
141
wpa_s->sme.assoc_req_ie,
142
&wpa_s->sme.assoc_req_ie_len)) {
143
wpa_printf(MSG_WARNING, "SME: Failed to set WPA key "
144
"management and encryption suites (no scan "
149
} else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
150
struct wpabuf *wps_ie;
151
wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
152
if (wps_ie && wpabuf_len(wps_ie) <=
153
sizeof(wpa_s->sme.assoc_req_ie)) {
154
wpa_s->sme.assoc_req_ie_len = wpabuf_len(wps_ie);
155
os_memcpy(wpa_s->sme.assoc_req_ie, wpabuf_head(wps_ie),
156
wpa_s->sme.assoc_req_ie_len);
158
wpa_s->sme.assoc_req_ie_len = 0;
160
wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
161
#endif /* CONFIG_WPS */
163
wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
164
wpa_s->sme.assoc_req_ie_len = 0;
167
#ifdef CONFIG_IEEE80211R
168
ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
169
if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
171
wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
173
/* Prepare for the next transition */
174
wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
177
if (md && ssid->key_mgmt & (WPA_KEY_MGMT_FT_PSK |
178
WPA_KEY_MGMT_FT_IEEE8021X)) {
179
if (wpa_s->sme.assoc_req_ie_len + 5 <
180
sizeof(wpa_s->sme.assoc_req_ie)) {
181
struct rsn_mdie *mdie;
182
u8 *pos = wpa_s->sme.assoc_req_ie +
183
wpa_s->sme.assoc_req_ie_len;
184
*pos++ = WLAN_EID_MOBILITY_DOMAIN;
185
*pos++ = sizeof(*mdie);
186
mdie = (struct rsn_mdie *) pos;
187
os_memcpy(mdie->mobility_domain, md,
188
MOBILITY_DOMAIN_ID_LEN);
189
mdie->ft_capab = md[MOBILITY_DOMAIN_ID_LEN];
190
wpa_s->sme.assoc_req_ie_len += 5;
193
if (wpa_s->sme.ft_used &&
194
os_memcmp(md, wpa_s->sme.mobility_domain, 2) == 0 &&
195
wpa_sm_has_ptk(wpa_s->wpa)) {
196
wpa_printf(MSG_DEBUG, "SME: Trying to use FT "
198
params.auth_alg = WPA_AUTH_ALG_FT;
199
params.ie = wpa_s->sme.ft_ies;
200
params.ie_len = wpa_s->sme.ft_ies_len;
203
#endif /* CONFIG_IEEE80211R */
205
#ifdef CONFIG_IEEE80211W
206
wpa_s->sme.mfp = ssid->ieee80211w;
207
if (ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
208
const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
209
struct wpa_ie_data _ie;
210
if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &_ie) == 0 &&
212
(WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
213
wpa_printf(MSG_DEBUG, "WPA: Selected AP supports MFP: "
215
wpa_s->sme.mfp = MGMT_FRAME_PROTECTION_REQUIRED;
218
#endif /* CONFIG_IEEE80211W */
220
wpa_supplicant_cancel_scan(wpa_s);
222
wpa_msg(wpa_s, MSG_INFO, "Trying to authenticate with " MACSTR
223
" (SSID='%s' freq=%d MHz)", MAC2STR(params.bssid),
224
wpa_ssid_txt(params.ssid, params.ssid_len), params.freq);
226
wpa_clear_keys(wpa_s, bss->bssid);
227
wpa_supplicant_set_state(wpa_s, WPA_AUTHENTICATING);
228
old_ssid = wpa_s->current_ssid;
229
wpa_s->current_ssid = ssid;
230
wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
231
wpa_supplicant_initiate_eapol(wpa_s);
232
if (old_ssid != wpa_s->current_ssid)
233
wpas_notify_network_changed(wpa_s);
235
wpa_s->sme.auth_alg = params.auth_alg;
236
if (wpa_drv_authenticate(wpa_s, ¶ms) < 0) {
237
wpa_msg(wpa_s, MSG_INFO, "Authentication request to the "
239
wpa_supplicant_req_scan(wpa_s, 1, 0);
243
eloop_register_timeout(SME_AUTH_TIMEOUT, 0, sme_auth_timer, wpa_s,
247
* Association will be started based on the authentication event from
253
void sme_event_auth(struct wpa_supplicant *wpa_s, union wpa_event_data *data)
255
struct wpa_ssid *ssid = wpa_s->current_ssid;
258
wpa_printf(MSG_DEBUG, "SME: Ignore authentication event when "
259
"network is not selected");
263
if (wpa_s->wpa_state != WPA_AUTHENTICATING) {
264
wpa_printf(MSG_DEBUG, "SME: Ignore authentication event when "
265
"not in authenticating state");
269
if (os_memcmp(wpa_s->pending_bssid, data->auth.peer, ETH_ALEN) != 0) {
270
wpa_printf(MSG_DEBUG, "SME: Ignore authentication with "
271
"unexpected peer " MACSTR,
272
MAC2STR(data->auth.peer));
276
wpa_printf(MSG_DEBUG, "SME: Authentication response: peer=" MACSTR
277
" auth_type=%d status_code=%d",
278
MAC2STR(data->auth.peer), data->auth.auth_type,
279
data->auth.status_code);
280
wpa_hexdump(MSG_MSGDUMP, "SME: Authentication response IEs",
281
data->auth.ies, data->auth.ies_len);
283
eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL);
285
if (data->auth.status_code != WLAN_STATUS_SUCCESS) {
286
wpa_printf(MSG_DEBUG, "SME: Authentication failed (status "
287
"code %d)", data->auth.status_code);
289
if (data->auth.status_code !=
290
WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG ||
291
wpa_s->sme.auth_alg == data->auth.auth_type ||
292
wpa_s->current_ssid->auth_alg == WPA_AUTH_ALG_LEAP) {
293
wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
297
switch (data->auth.auth_type) {
299
wpa_s->current_ssid->auth_alg = WPA_AUTH_ALG_SHARED;
301
wpa_printf(MSG_DEBUG, "SME: Trying SHARED auth");
302
wpa_supplicant_associate(wpa_s, wpa_s->current_bss,
303
wpa_s->current_ssid);
306
case WLAN_AUTH_SHARED_KEY:
307
wpa_s->current_ssid->auth_alg = WPA_AUTH_ALG_LEAP;
309
wpa_printf(MSG_DEBUG, "SME: Trying LEAP auth");
310
wpa_supplicant_associate(wpa_s, wpa_s->current_bss,
311
wpa_s->current_ssid);
319
#ifdef CONFIG_IEEE80211R
320
if (data->auth.auth_type == WLAN_AUTH_FT) {
321
union wpa_event_data edata;
322
os_memset(&edata, 0, sizeof(edata));
323
edata.ft_ies.ies = data->auth.ies;
324
edata.ft_ies.ies_len = data->auth.ies_len;
325
os_memcpy(edata.ft_ies.target_ap, data->auth.peer, ETH_ALEN);
326
wpa_supplicant_event(wpa_s, EVENT_FT_RESPONSE, &edata);
328
#endif /* CONFIG_IEEE80211R */
330
sme_associate(wpa_s, ssid->mode, data->auth.peer,
331
data->auth.auth_type);
335
void sme_associate(struct wpa_supplicant *wpa_s, enum wpas_mode mode,
336
const u8 *bssid, u16 auth_type)
338
struct wpa_driver_associate_params params;
339
struct ieee802_11_elems elems;
341
os_memset(¶ms, 0, sizeof(params));
342
params.bssid = bssid;
343
params.ssid = wpa_s->sme.ssid;
344
params.ssid_len = wpa_s->sme.ssid_len;
345
params.freq = wpa_s->sme.freq;
346
params.wpa_ie = wpa_s->sme.assoc_req_ie_len ?
347
wpa_s->sme.assoc_req_ie : NULL;
348
params.wpa_ie_len = wpa_s->sme.assoc_req_ie_len;
349
#ifdef CONFIG_IEEE80211R
350
if (auth_type == WLAN_AUTH_FT && wpa_s->sme.ft_ies) {
351
params.wpa_ie = wpa_s->sme.ft_ies;
352
params.wpa_ie_len = wpa_s->sme.ft_ies_len;
354
#endif /* CONFIG_IEEE80211R */
356
params.mgmt_frame_protection = wpa_s->sme.mfp;
357
if (wpa_s->sme.prev_bssid_set)
358
params.prev_bssid = wpa_s->sme.prev_bssid;
360
wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
361
" (SSID='%s' freq=%d MHz)", MAC2STR(params.bssid),
362
params.ssid ? wpa_ssid_txt(params.ssid, params.ssid_len) : "",
365
wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
367
if (params.wpa_ie == NULL ||
368
ieee802_11_parse_elems(params.wpa_ie, params.wpa_ie_len, &elems, 0)
370
wpa_printf(MSG_DEBUG, "SME: Could not parse own IEs?!");
371
os_memset(&elems, 0, sizeof(elems));
374
wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, elems.rsn_ie - 2,
375
elems.rsn_ie_len + 2);
376
else if (elems.wpa_ie)
377
wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, elems.wpa_ie - 2,
378
elems.wpa_ie_len + 2);
380
wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
382
if (wpa_drv_associate(wpa_s, ¶ms) < 0) {
383
wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
385
wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
386
os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
390
eloop_register_timeout(SME_ASSOC_TIMEOUT, 0, sme_assoc_timer, wpa_s,
395
int sme_update_ft_ies(struct wpa_supplicant *wpa_s, const u8 *md,
396
const u8 *ies, size_t ies_len)
398
if (md == NULL || ies == NULL) {
399
wpa_printf(MSG_DEBUG, "SME: Remove mobility domain");
400
os_free(wpa_s->sme.ft_ies);
401
wpa_s->sme.ft_ies = NULL;
402
wpa_s->sme.ft_ies_len = 0;
403
wpa_s->sme.ft_used = 0;
407
os_memcpy(wpa_s->sme.mobility_domain, md, MOBILITY_DOMAIN_ID_LEN);
408
wpa_hexdump(MSG_DEBUG, "SME: FT IEs", ies, ies_len);
409
os_free(wpa_s->sme.ft_ies);
410
wpa_s->sme.ft_ies = os_malloc(ies_len);
411
if (wpa_s->sme.ft_ies == NULL)
413
os_memcpy(wpa_s->sme.ft_ies, ies, ies_len);
414
wpa_s->sme.ft_ies_len = ies_len;
419
static void sme_deauth(struct wpa_supplicant *wpa_s)
423
bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
425
if (wpa_drv_deauthenticate(wpa_s, wpa_s->pending_bssid,
426
WLAN_REASON_DEAUTH_LEAVING) < 0) {
427
wpa_msg(wpa_s, MSG_INFO,
428
"Deauth request to the driver failed");
430
wpa_s->sme.prev_bssid_set = 0;
432
wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
433
wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
434
os_memset(wpa_s->bssid, 0, ETH_ALEN);
435
os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
437
wpas_notify_bssid_changed(wpa_s);
441
void sme_event_assoc_reject(struct wpa_supplicant *wpa_s,
442
union wpa_event_data *data)
444
wpa_printf(MSG_DEBUG, "SME: Association with " MACSTR " failed: "
445
"status code %d", MAC2STR(wpa_s->pending_bssid),
446
data->assoc_reject.status_code);
448
eloop_cancel_timeout(sme_assoc_timer, wpa_s, NULL);
451
* For now, unconditionally terminate the previous authentication. In
452
* theory, this should not be needed, but mac80211 gets quite confused
453
* if the authentication is left pending.. Some roaming cases might
454
* benefit from using the previous authentication, so this could be
455
* optimized in the future.
461
void sme_event_auth_timed_out(struct wpa_supplicant *wpa_s,
462
union wpa_event_data *data)
464
wpa_printf(MSG_DEBUG, "SME: Authentication timed out");
465
wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
469
void sme_event_assoc_timed_out(struct wpa_supplicant *wpa_s,
470
union wpa_event_data *data)
472
wpa_printf(MSG_DEBUG, "SME: Association timed out");
473
wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
474
wpa_supplicant_mark_disassoc(wpa_s);
478
void sme_event_disassoc(struct wpa_supplicant *wpa_s,
479
union wpa_event_data *data)
481
wpa_printf(MSG_DEBUG, "SME: Disassociation event received");
482
if (wpa_s->sme.prev_bssid_set &&
483
!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)) {
485
* cfg80211/mac80211 can get into somewhat confused state if
486
* the AP only disassociates us and leaves us in authenticated
487
* state. For now, force the state to be cleared to avoid
488
* confusing errors if we try to associate with the AP again.
490
wpa_printf(MSG_DEBUG, "SME: Deauthenticate to clear driver "
492
wpa_drv_deauthenticate(wpa_s, wpa_s->sme.prev_bssid,
493
WLAN_REASON_DEAUTH_LEAVING);
498
static void sme_auth_timer(void *eloop_ctx, void *timeout_ctx)
500
struct wpa_supplicant *wpa_s = eloop_ctx;
501
if (wpa_s->wpa_state == WPA_AUTHENTICATING) {
502
wpa_msg(wpa_s, MSG_DEBUG, "SME: Authentication timeout");
508
static void sme_assoc_timer(void *eloop_ctx, void *timeout_ctx)
510
struct wpa_supplicant *wpa_s = eloop_ctx;
511
if (wpa_s->wpa_state == WPA_ASSOCIATING) {
512
wpa_msg(wpa_s, MSG_DEBUG, "SME: Association timeout");
518
void sme_state_changed(struct wpa_supplicant *wpa_s)
520
/* Make sure timers are cleaned up appropriately. */
521
if (wpa_s->wpa_state != WPA_ASSOCIATING)
522
eloop_cancel_timeout(sme_assoc_timer, wpa_s, NULL);
523
if (wpa_s->wpa_state != WPA_AUTHENTICATING)
524
eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL);
528
void sme_disassoc_while_authenticating(struct wpa_supplicant *wpa_s,
529
const u8 *prev_pending_bssid)
532
* mac80211-workaround to force deauth on failed auth cmd,
533
* requires us to remain in authenticating state to allow the
534
* second authentication attempt to be continued properly.
536
wpa_printf(MSG_DEBUG, "SME: Allow pending authentication "
537
"to proceed after disconnection event");
538
wpa_supplicant_set_state(wpa_s, WPA_AUTHENTICATING);
539
os_memcpy(wpa_s->pending_bssid, prev_pending_bssid, ETH_ALEN);
542
* Re-arm authentication timer in case auth fails for whatever reason.
544
eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL);
545
eloop_register_timeout(SME_AUTH_TIMEOUT, 0, sme_auth_timer, wpa_s,
550
void sme_deinit(struct wpa_supplicant *wpa_s)
552
os_free(wpa_s->sme.ft_ies);
553
wpa_s->sme.ft_ies = NULL;
554
wpa_s->sme.ft_ies_len = 0;
556
eloop_cancel_timeout(sme_assoc_timer, wpa_s, NULL);
557
eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL);