2
* WPA Supplicant - Driver event processing
3
* Copyright (c) 2003-2008, Jouni Malinen <j@w1.fi>
5
* This program is free software; you can redistribute it and/or modify
6
* it under the terms of the GNU General Public License version 2 as
7
* published by the Free Software Foundation.
9
* Alternatively, this software may be distributed under the terms of BSD
12
* See README and COPYING for more details.
18
#include "eapol_supp/eapol_supp_sm.h"
21
#include "drivers/driver.h"
23
#include "l2_packet/l2_packet.h"
24
#include "wpa_supplicant_i.h"
25
#include "pcsc_funcs.h"
27
#include "pmksa_cache.h"
29
#include "eap_peer/eap.h"
30
#include "ctrl_iface_dbus.h"
31
#include "ieee802_11_defs.h"
32
#include "blacklist.h"
33
#include "wpas_glue.h"
36
static int wpa_supplicant_select_config(struct wpa_supplicant *wpa_s)
38
struct wpa_ssid *ssid;
40
if (wpa_s->conf->ap_scan == 1 && wpa_s->current_ssid)
43
wpa_printf(MSG_DEBUG, "Select network based on association "
45
ssid = wpa_supplicant_get_ssid(wpa_s);
47
wpa_printf(MSG_INFO, "No network configuration found for the "
53
wpa_printf(MSG_DEBUG, "Selected network is disabled");
57
wpa_printf(MSG_DEBUG, "Network configuration found for the current "
59
if (ssid->key_mgmt & (WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_IEEE8021X |
60
WPA_KEY_MGMT_WPA_NONE |
61
WPA_KEY_MGMT_FT_PSK | WPA_KEY_MGMT_FT_IEEE8021X))
64
size_t wpa_ie_len = sizeof(wpa_ie);
65
wpa_supplicant_set_suites(wpa_s, NULL, ssid,
68
wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
71
if (wpa_s->current_ssid && wpa_s->current_ssid != ssid)
72
eapol_sm_invalidate_cached_session(wpa_s->eapol);
73
wpa_s->current_ssid = ssid;
74
wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
75
wpa_supplicant_initiate_eapol(wpa_s);
81
static void wpa_supplicant_stop_countermeasures(void *eloop_ctx,
84
struct wpa_supplicant *wpa_s = eloop_ctx;
86
if (wpa_s->countermeasures) {
87
wpa_s->countermeasures = 0;
88
wpa_drv_set_countermeasures(wpa_s, 0);
89
wpa_msg(wpa_s, MSG_INFO, "WPA: TKIP countermeasures stopped");
90
wpa_supplicant_req_scan(wpa_s, 0, 0);
95
void wpa_supplicant_mark_disassoc(struct wpa_supplicant *wpa_s)
97
wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
98
os_memset(wpa_s->bssid, 0, ETH_ALEN);
99
os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
100
eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
101
eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
102
if (wpa_s->key_mgmt == WPA_KEY_MGMT_PSK ||
103
wpa_s->key_mgmt == WPA_KEY_MGMT_FT_PSK)
104
eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
105
wpa_s->ap_ies_from_associnfo = 0;
109
static void wpa_find_assoc_pmkid(struct wpa_supplicant *wpa_s)
111
struct wpa_ie_data ie;
115
if (wpa_sm_parse_own_wpa_ie(wpa_s->wpa, &ie) < 0 ||
119
for (i = 0; i < ie.num_pmkid; i++) {
120
pmksa_set = pmksa_cache_set_current(wpa_s->wpa,
121
ie.pmkid + i * PMKID_LEN,
123
if (pmksa_set == 0) {
124
eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1);
129
wpa_printf(MSG_DEBUG, "RSN: PMKID from assoc IE %sfound from PMKSA "
130
"cache", pmksa_set == 0 ? "" : "not ");
134
static void wpa_supplicant_event_pmkid_candidate(struct wpa_supplicant *wpa_s,
135
union wpa_event_data *data)
138
wpa_printf(MSG_DEBUG, "RSN: No data in PMKID candidate event");
141
wpa_printf(MSG_DEBUG, "RSN: PMKID candidate event - bssid=" MACSTR
142
" index=%d preauth=%d",
143
MAC2STR(data->pmkid_candidate.bssid),
144
data->pmkid_candidate.index,
145
data->pmkid_candidate.preauth);
147
pmksa_candidate_add(wpa_s->wpa, data->pmkid_candidate.bssid,
148
data->pmkid_candidate.index,
149
data->pmkid_candidate.preauth);
153
static int wpa_supplicant_dynamic_keys(struct wpa_supplicant *wpa_s)
155
if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
156
wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
159
#ifdef IEEE8021X_EAPOL
160
if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
161
wpa_s->current_ssid &&
162
!(wpa_s->current_ssid->eapol_flags &
163
(EAPOL_FLAG_REQUIRE_KEY_UNICAST |
164
EAPOL_FLAG_REQUIRE_KEY_BROADCAST))) {
165
/* IEEE 802.1X, but not using dynamic WEP keys (i.e., either
166
* plaintext or static WEP keys). */
169
#endif /* IEEE8021X_EAPOL */
176
* wpa_supplicant_scard_init - Initialize SIM/USIM access with PC/SC
177
* @wpa_s: pointer to wpa_supplicant data
178
* @ssid: Configuration data for the network
179
* Returns: 0 on success, -1 on failure
181
* This function is called when starting authentication with a network that is
182
* configured to use PC/SC for SIM/USIM access (EAP-SIM or EAP-AKA).
184
int wpa_supplicant_scard_init(struct wpa_supplicant *wpa_s,
185
struct wpa_ssid *ssid)
187
#ifdef IEEE8021X_EAPOL
188
int aka = 0, sim = 0, type;
190
if (ssid->eap.pcsc == NULL || wpa_s->scard != NULL)
193
if (ssid->eap.eap_methods == NULL) {
197
struct eap_method_type *eap = ssid->eap.eap_methods;
198
while (eap->vendor != EAP_VENDOR_IETF ||
199
eap->method != EAP_TYPE_NONE) {
200
if (eap->vendor == EAP_VENDOR_IETF) {
201
if (eap->method == EAP_TYPE_SIM)
203
else if (eap->method == EAP_TYPE_AKA)
210
if (eap_peer_get_eap_method(EAP_VENDOR_IETF, EAP_TYPE_SIM) == NULL)
212
if (eap_peer_get_eap_method(EAP_VENDOR_IETF, EAP_TYPE_AKA) == NULL)
216
wpa_printf(MSG_DEBUG, "Selected network is configured to use "
217
"SIM, but neither EAP-SIM nor EAP-AKA are enabled");
221
wpa_printf(MSG_DEBUG, "Selected network is configured to use SIM "
222
"(sim=%d aka=%d) - initialize PCSC", sim, aka);
224
type = SCARD_TRY_BOTH;
226
type = SCARD_USIM_ONLY;
228
type = SCARD_GSM_SIM_ONLY;
230
wpa_s->scard = scard_init(type);
231
if (wpa_s->scard == NULL) {
232
wpa_printf(MSG_WARNING, "Failed to initialize SIM "
236
wpa_sm_set_scard_ctx(wpa_s->wpa, wpa_s->scard);
237
eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard);
238
#endif /* IEEE8021X_EAPOL */
244
#ifndef CONFIG_NO_SCAN_PROCESSING
245
static int wpa_supplicant_match_privacy(struct wpa_scan_res *bss,
246
struct wpa_ssid *ssid)
250
if (ssid->mixed_cell)
253
for (i = 0; i < NUM_WEP_KEYS; i++) {
254
if (ssid->wep_key_len[i]) {
259
#ifdef IEEE8021X_EAPOL
260
if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) &&
261
ssid->eapol_flags & (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
262
EAPOL_FLAG_REQUIRE_KEY_BROADCAST))
264
#endif /* IEEE8021X_EAPOL */
266
if (bss->caps & IEEE80211_CAP_PRIVACY)
272
static int wpa_supplicant_ssid_bss_match(struct wpa_ssid *ssid,
273
struct wpa_scan_res *bss)
275
struct wpa_ie_data ie;
277
const u8 *rsn_ie, *wpa_ie;
279
rsn_ie = wpa_scan_get_ie(bss, WLAN_EID_RSN);
280
while ((ssid->proto & WPA_PROTO_RSN) && rsn_ie) {
283
if (wpa_parse_wpa_ie(rsn_ie, 2 + rsn_ie[1], &ie)) {
284
wpa_printf(MSG_DEBUG, " skip RSN IE - parse failed");
287
if (!(ie.proto & ssid->proto)) {
288
wpa_printf(MSG_DEBUG, " skip RSN IE - proto "
293
if (!(ie.pairwise_cipher & ssid->pairwise_cipher)) {
294
wpa_printf(MSG_DEBUG, " skip RSN IE - PTK cipher "
299
if (!(ie.group_cipher & ssid->group_cipher)) {
300
wpa_printf(MSG_DEBUG, " skip RSN IE - GTK cipher "
305
if (!(ie.key_mgmt & ssid->key_mgmt)) {
306
wpa_printf(MSG_DEBUG, " skip RSN IE - key mgmt "
311
#ifdef CONFIG_IEEE80211W
312
if (!(ie.capabilities & WPA_CAPABILITY_MGMT_FRAME_PROTECTION)
313
&& ssid->ieee80211w == IEEE80211W_REQUIRED) {
314
wpa_printf(MSG_DEBUG, " skip RSN IE - no mgmt frame "
318
#endif /* CONFIG_IEEE80211W */
320
wpa_printf(MSG_DEBUG, " selected based on RSN IE");
324
wpa_ie = wpa_scan_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
325
while ((ssid->proto & WPA_PROTO_WPA) && wpa_ie) {
328
if (wpa_parse_wpa_ie(wpa_ie, 2 + wpa_ie[1], &ie)) {
329
wpa_printf(MSG_DEBUG, " skip WPA IE - parse failed");
332
if (!(ie.proto & ssid->proto)) {
333
wpa_printf(MSG_DEBUG, " skip WPA IE - proto "
338
if (!(ie.pairwise_cipher & ssid->pairwise_cipher)) {
339
wpa_printf(MSG_DEBUG, " skip WPA IE - PTK cipher "
344
if (!(ie.group_cipher & ssid->group_cipher)) {
345
wpa_printf(MSG_DEBUG, " skip WPA IE - GTK cipher "
350
if (!(ie.key_mgmt & ssid->key_mgmt)) {
351
wpa_printf(MSG_DEBUG, " skip WPA IE - key mgmt "
356
wpa_printf(MSG_DEBUG, " selected based on WPA IE");
360
if (proto_match == 0)
361
wpa_printf(MSG_DEBUG, " skip - no WPA/RSN proto match");
367
static struct wpa_scan_res *
368
wpa_supplicant_select_bss(struct wpa_supplicant *wpa_s, struct wpa_ssid *group,
369
struct wpa_ssid **selected_ssid)
371
struct wpa_ssid *ssid;
372
struct wpa_scan_res *bss, *selected = NULL;
374
struct wpa_blacklist *e;
377
wpa_printf(MSG_DEBUG, "Selecting BSS from priority group %d",
382
/* First, try to find WPA-enabled AP */
383
wpa_printf(MSG_DEBUG, "Try to find WPA-enabled AP");
384
for (i = 0; i < wpa_s->scan_res->num && !selected; i++) {
386
u8 wpa_ie_len, rsn_ie_len, ssid_len;
387
bss = wpa_s->scan_res->res[i];
389
ie = wpa_scan_get_ie(bss, WLAN_EID_SSID);
390
ssid_ = ie ? ie + 2 : (u8 *) "";
391
ssid_len = ie ? ie[1] : 0;
393
ie = wpa_scan_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
394
wpa_ie_len = ie ? ie[1] : 0;
396
ie = wpa_scan_get_ie(bss, WLAN_EID_RSN);
397
rsn_ie_len = ie ? ie[1] : 0;
399
wpa_printf(MSG_DEBUG, "%d: " MACSTR " ssid='%s' "
400
"wpa_ie_len=%u rsn_ie_len=%u caps=0x%x",
401
(int) i, MAC2STR(bss->bssid),
402
wpa_ssid_txt(ssid_, ssid_len),
403
wpa_ie_len, rsn_ie_len, bss->caps);
404
e = wpa_blacklist_get(wpa_s, bss->bssid);
405
if (e && e->count > 1) {
406
wpa_printf(MSG_DEBUG, " skip - blacklisted");
410
if (wpa_ie_len == 0 && rsn_ie_len == 0) {
411
wpa_printf(MSG_DEBUG, " skip - no WPA/RSN IE");
415
for (ssid = group; ssid; ssid = ssid->pnext) {
416
if (ssid->disabled) {
417
wpa_printf(MSG_DEBUG, " skip - disabled");
420
if (ssid_len != ssid->ssid_len ||
421
os_memcmp(ssid_, ssid->ssid, ssid_len) != 0) {
422
wpa_printf(MSG_DEBUG, " skip - "
426
if (ssid->bssid_set &&
427
os_memcmp(bss->bssid, ssid->bssid, ETH_ALEN) != 0)
429
wpa_printf(MSG_DEBUG, " skip - "
433
if (wpa_supplicant_ssid_bss_match(ssid, bss)) {
435
*selected_ssid = ssid;
436
wpa_printf(MSG_DEBUG, " selected WPA AP "
439
wpa_ssid_txt(ssid_, ssid_len));
445
/* If no WPA-enabled AP found, try to find non-WPA AP, if configuration
447
wpa_printf(MSG_DEBUG, "Try to find non-WPA AP");
448
for (i = 0; i < wpa_s->scan_res->num && !selected; i++) {
450
u8 wpa_ie_len, rsn_ie_len, ssid_len;
451
bss = wpa_s->scan_res->res[i];
453
ie = wpa_scan_get_ie(bss, WLAN_EID_SSID);
454
ssid_ = ie ? ie + 2 : (u8 *) "";
455
ssid_len = ie ? ie[1] : 0;
457
ie = wpa_scan_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
458
wpa_ie_len = ie ? ie[1] : 0;
460
ie = wpa_scan_get_ie(bss, WLAN_EID_RSN);
461
rsn_ie_len = ie ? ie[1] : 0;
463
wpa_printf(MSG_DEBUG, "%d: " MACSTR " ssid='%s' "
464
"wpa_ie_len=%u rsn_ie_len=%u caps=0x%x",
465
(int) i, MAC2STR(bss->bssid),
466
wpa_ssid_txt(ssid_, ssid_len),
467
wpa_ie_len, rsn_ie_len, bss->caps);
468
e = wpa_blacklist_get(wpa_s, bss->bssid);
469
if (e && e->count > 1) {
470
wpa_printf(MSG_DEBUG, " skip - blacklisted");
473
for (ssid = group; ssid; ssid = ssid->pnext) {
474
if (ssid->disabled) {
475
wpa_printf(MSG_DEBUG, " skip - disabled");
478
if (ssid->ssid_len != 0 &&
479
(ssid_len != ssid->ssid_len ||
480
os_memcmp(ssid_, ssid->ssid, ssid_len) != 0)) {
481
wpa_printf(MSG_DEBUG, " skip - "
486
if (ssid->bssid_set &&
487
os_memcmp(bss->bssid, ssid->bssid, ETH_ALEN) != 0)
489
wpa_printf(MSG_DEBUG, " skip - "
494
if (!(ssid->key_mgmt & WPA_KEY_MGMT_NONE) &&
495
!(ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA))
497
wpa_printf(MSG_DEBUG, " skip - "
498
"non-WPA network not allowed");
502
if ((ssid->key_mgmt &
503
(WPA_KEY_MGMT_IEEE8021X | WPA_KEY_MGMT_PSK)) &&
504
(wpa_ie_len != 0 || rsn_ie_len != 0)) {
505
wpa_printf(MSG_DEBUG, " skip - "
510
if (!wpa_supplicant_match_privacy(bss, ssid)) {
511
wpa_printf(MSG_DEBUG, " skip - "
516
if (bss->caps & IEEE80211_CAP_IBSS) {
517
wpa_printf(MSG_DEBUG, " skip - "
518
"IBSS (adhoc) network");
523
*selected_ssid = ssid;
524
wpa_printf(MSG_DEBUG, " selected non-WPA AP "
527
wpa_ssid_txt(ssid_, ssid_len));
536
static void wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s)
539
struct wpa_scan_res *selected = NULL;
540
struct wpa_ssid *ssid = NULL;
542
if (wpa_supplicant_get_scan_results(wpa_s) < 0) {
543
if (wpa_s->conf->ap_scan == 2)
545
wpa_printf(MSG_DEBUG, "Failed to get scan results - try "
551
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS);
553
wpa_supplicant_dbus_notify_scan_results(wpa_s);
555
if (wpa_s->conf->ap_scan == 2 || wpa_s->disconnected)
558
while (selected == NULL) {
559
for (prio = 0; prio < wpa_s->conf->num_prio; prio++) {
560
selected = wpa_supplicant_select_bss(
561
wpa_s, wpa_s->conf->pssid[prio], &ssid);
566
if (selected == NULL && wpa_s->blacklist) {
567
wpa_printf(MSG_DEBUG, "No APs found - clear blacklist "
569
wpa_blacklist_clear(wpa_s);
570
} else if (selected == NULL) {
576
/* Do not trigger new association unless the BSSID has changed
577
* or if reassociation is requested. If we are in process of
578
* associating with the selected BSSID, do not trigger new
580
if (wpa_s->reassociate ||
581
(os_memcmp(selected->bssid, wpa_s->bssid, ETH_ALEN) != 0 &&
582
(wpa_s->wpa_state != WPA_ASSOCIATING ||
583
os_memcmp(selected->bssid, wpa_s->pending_bssid,
585
if (wpa_supplicant_scard_init(wpa_s, ssid)) {
586
wpa_supplicant_req_scan(wpa_s, 10, 0);
589
wpa_supplicant_associate(wpa_s, selected, ssid);
591
wpa_printf(MSG_DEBUG, "Already associated with the "
594
rsn_preauth_scan_results(wpa_s->wpa, wpa_s->scan_res);
596
wpa_printf(MSG_DEBUG, "No suitable AP found.");
604
if (wpa_s->scan_res_tried == 1 && wpa_s->conf->ap_scan == 1) {
606
* Quick recovery if the initial scan results were not
607
* complete when fetched before the first scan request.
609
wpa_s->scan_res_tried++;
612
wpa_supplicant_req_scan(wpa_s, timeout, 0);
614
#endif /* CONFIG_NO_SCAN_PROCESSING */
617
static void wpa_supplicant_event_associnfo(struct wpa_supplicant *wpa_s,
618
union wpa_event_data *data)
620
int l, len, found = 0, wpa_found, rsn_found;
623
wpa_printf(MSG_DEBUG, "Association info event");
624
if (data->assoc_info.req_ies)
625
wpa_hexdump(MSG_DEBUG, "req_ies", data->assoc_info.req_ies,
626
data->assoc_info.req_ies_len);
627
if (data->assoc_info.resp_ies)
628
wpa_hexdump(MSG_DEBUG, "resp_ies", data->assoc_info.resp_ies,
629
data->assoc_info.resp_ies_len);
630
if (data->assoc_info.beacon_ies)
631
wpa_hexdump(MSG_DEBUG, "beacon_ies",
632
data->assoc_info.beacon_ies,
633
data->assoc_info.beacon_ies_len);
635
p = data->assoc_info.req_ies;
636
l = data->assoc_info.req_ies_len;
638
/* Go through the IEs and make a copy of the WPA/RSN IE, if present. */
639
while (p && l >= 2) {
642
wpa_hexdump(MSG_DEBUG, "Truncated IE in assoc_info",
646
if ((p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 6 &&
647
(os_memcmp(&p[2], "\x00\x50\xF2\x01\x01\x00", 6) == 0)) ||
648
(p[0] == WLAN_EID_RSN && p[1] >= 2)) {
649
if (wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, p, len))
652
wpa_find_assoc_pmkid(wpa_s);
658
if (!found && data->assoc_info.req_ies)
659
wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
661
/* WPA/RSN IE from Beacon/ProbeResp */
662
p = data->assoc_info.beacon_ies;
663
l = data->assoc_info.beacon_ies_len;
665
/* Go through the IEs and make a copy of the WPA/RSN IEs, if present.
667
wpa_found = rsn_found = 0;
668
while (p && l >= 2) {
671
wpa_hexdump(MSG_DEBUG, "Truncated IE in beacon_ies",
676
p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 6 &&
677
os_memcmp(&p[2], "\x00\x50\xF2\x01\x01\x00", 6) == 0) {
679
wpa_sm_set_ap_wpa_ie(wpa_s->wpa, p, len);
683
p[0] == WLAN_EID_RSN && p[1] >= 2) {
685
wpa_sm_set_ap_rsn_ie(wpa_s->wpa, p, len);
692
if (!wpa_found && data->assoc_info.beacon_ies)
693
wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
694
if (!rsn_found && data->assoc_info.beacon_ies)
695
wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
696
if (wpa_found || rsn_found)
697
wpa_s->ap_ies_from_associnfo = 1;
701
static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s,
702
union wpa_event_data *data)
705
int ft_completed = wpa_ft_is_completed(wpa_s->wpa);
708
wpa_supplicant_event_associnfo(wpa_s, data);
710
wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATED);
711
if (wpa_s->use_client_mlme)
712
os_memcpy(bssid, wpa_s->bssid, ETH_ALEN);
713
if (wpa_s->use_client_mlme ||
714
(wpa_drv_get_bssid(wpa_s, bssid) >= 0 &&
715
os_memcmp(bssid, wpa_s->bssid, ETH_ALEN) != 0)) {
716
wpa_msg(wpa_s, MSG_DEBUG, "Associated to a new BSS: BSSID="
717
MACSTR, MAC2STR(bssid));
718
os_memcpy(wpa_s->bssid, bssid, ETH_ALEN);
719
os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
720
if (wpa_supplicant_dynamic_keys(wpa_s) && !ft_completed) {
721
wpa_clear_keys(wpa_s, bssid);
723
if (wpa_supplicant_select_config(wpa_s) < 0) {
724
wpa_supplicant_disassociate(
725
wpa_s, WLAN_REASON_DEAUTH_LEAVING);
730
wpa_msg(wpa_s, MSG_INFO, "Associated with " MACSTR, MAC2STR(bssid));
731
if (wpa_s->current_ssid) {
732
/* When using scanning (ap_scan=1), SIM PC/SC interface can be
733
* initialized before association, but for other modes,
734
* initialize PC/SC here, if the current configuration needs
735
* smartcard or SIM/USIM. */
736
wpa_supplicant_scard_init(wpa_s, wpa_s->current_ssid);
738
wpa_sm_notify_assoc(wpa_s->wpa, bssid);
739
l2_packet_notify_auth_start(wpa_s->l2);
742
* Set portEnabled first to FALSE in order to get EAP state machine out
743
* of the SUCCESS state and eapSuccess cleared. Without this, EAPOL PAE
744
* state machine may transit to AUTHENTICATING state based on obsolete
745
* eapSuccess and then trigger BE_AUTH to SUCCESS and PAE to
746
* AUTHENTICATED without ever giving chance to EAP state machine to
750
eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
751
eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
753
if (wpa_s->key_mgmt == WPA_KEY_MGMT_PSK ||
754
wpa_s->key_mgmt == WPA_KEY_MGMT_FT_PSK || ft_completed)
755
eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
756
/* 802.1X::portControl = Auto */
757
eapol_sm_notify_portEnabled(wpa_s->eapol, TRUE);
758
wpa_s->eapol_received = 0;
759
if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
760
wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
761
wpa_supplicant_cancel_auth_timeout(wpa_s);
762
wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
763
} else if (!ft_completed) {
764
/* Timeout for receiving the first EAPOL packet */
765
wpa_supplicant_req_auth_timeout(wpa_s, 10, 0);
767
wpa_supplicant_cancel_scan(wpa_s);
769
if (wpa_s->driver_4way_handshake &&
770
(wpa_s->key_mgmt == WPA_KEY_MGMT_PSK ||
771
wpa_s->key_mgmt == WPA_KEY_MGMT_FT_PSK)) {
773
* We are done; the driver will take care of RSN 4-way
776
wpa_supplicant_cancel_auth_timeout(wpa_s);
777
wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
778
eapol_sm_notify_portValid(wpa_s->eapol, TRUE);
779
eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
784
static void wpa_supplicant_event_disassoc(struct wpa_supplicant *wpa_s)
788
if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
790
* At least Host AP driver and a Prism3 card seemed to be
791
* generating streams of disconnected events when configuring
792
* IBSS for WPA-None. Ignore them for now.
794
wpa_printf(MSG_DEBUG, "Disconnect event - ignore in "
795
"IBSS/WPA-None mode");
799
if (wpa_s->wpa_state == WPA_4WAY_HANDSHAKE &&
800
(wpa_s->key_mgmt == WPA_KEY_MGMT_PSK ||
801
wpa_s->key_mgmt == WPA_KEY_MGMT_FT_PSK)) {
802
wpa_msg(wpa_s, MSG_INFO, "WPA: 4-Way Handshake failed - "
803
"pre-shared key may be incorrect");
805
if (wpa_s->wpa_state >= WPA_ASSOCIATED)
806
wpa_supplicant_req_scan(wpa_s, 0, 100000);
807
bssid = wpa_s->bssid;
808
if (os_memcmp(bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0)
809
bssid = wpa_s->pending_bssid;
810
wpa_blacklist_add(wpa_s, bssid);
811
wpa_sm_notify_disassoc(wpa_s->wpa);
812
wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DISCONNECTED "- Disconnect event - "
814
if (wpa_supplicant_dynamic_keys(wpa_s)) {
815
wpa_s->keys_cleared = 0;
816
wpa_clear_keys(wpa_s, wpa_s->bssid);
818
wpa_supplicant_mark_disassoc(wpa_s);
823
wpa_supplicant_event_michael_mic_failure(struct wpa_supplicant *wpa_s,
824
union wpa_event_data *data)
829
wpa_msg(wpa_s, MSG_WARNING, "Michael MIC failure detected");
830
pairwise = (data && data->michael_mic_failure.unicast);
831
wpa_sm_key_request(wpa_s->wpa, 1, pairwise);
833
if (wpa_s->last_michael_mic_error &&
834
t.sec - wpa_s->last_michael_mic_error <= 60) {
835
/* initialize countermeasures */
836
wpa_s->countermeasures = 1;
837
wpa_msg(wpa_s, MSG_WARNING, "TKIP countermeasures started");
840
* Need to wait for completion of request frame. We do not get
841
* any callback for the message completion, so just wait a
842
* short while and hope for the best. */
845
wpa_drv_set_countermeasures(wpa_s, 1);
846
wpa_supplicant_deauthenticate(wpa_s,
847
WLAN_REASON_MICHAEL_MIC_FAILURE);
848
eloop_cancel_timeout(wpa_supplicant_stop_countermeasures,
850
eloop_register_timeout(60, 0,
851
wpa_supplicant_stop_countermeasures,
853
/* TODO: mark the AP rejected for 60 second. STA is
854
* allowed to associate with another AP.. */
856
wpa_s->last_michael_mic_error = t.sec;
861
wpa_supplicant_event_interface_status(struct wpa_supplicant *wpa_s,
862
union wpa_event_data *data)
864
if (os_strcmp(wpa_s->ifname, data->interface_status.ifname) != 0)
867
switch (data->interface_status.ievent) {
868
case EVENT_INTERFACE_ADDED:
869
if (!wpa_s->interface_removed)
871
wpa_s->interface_removed = 0;
872
wpa_printf(MSG_DEBUG, "Configured interface was added.");
873
if (wpa_supplicant_driver_init(wpa_s) < 0) {
874
wpa_printf(MSG_INFO, "Failed to initialize the driver "
875
"after interface was added.");
878
case EVENT_INTERFACE_REMOVED:
879
wpa_printf(MSG_DEBUG, "Configured interface was removed.");
880
wpa_s->interface_removed = 1;
881
wpa_supplicant_mark_disassoc(wpa_s);
882
l2_packet_deinit(wpa_s->l2);
889
#ifdef CONFIG_PEERKEY
891
wpa_supplicant_event_stkstart(struct wpa_supplicant *wpa_s,
892
union wpa_event_data *data)
896
wpa_sm_stkstart(wpa_s->wpa, data->stkstart.peer);
898
#endif /* CONFIG_PEERKEY */
901
#ifdef CONFIG_IEEE80211R
903
wpa_supplicant_event_ft_response(struct wpa_supplicant *wpa_s,
904
union wpa_event_data *data)
909
if (wpa_ft_process_response(wpa_s->wpa, data->ft_ies.ies,
910
data->ft_ies.ies_len,
911
data->ft_ies.ft_action,
912
data->ft_ies.target_ap) < 0) {
913
/* TODO: prevent MLME/driver from trying to associate? */
916
#endif /* CONFIG_IEEE80211R */
919
void wpa_supplicant_event(void *ctx, wpa_event_type event,
920
union wpa_event_data *data)
922
struct wpa_supplicant *wpa_s = ctx;
926
wpa_supplicant_event_assoc(wpa_s, data);
929
wpa_supplicant_event_disassoc(wpa_s);
931
case EVENT_MICHAEL_MIC_FAILURE:
932
wpa_supplicant_event_michael_mic_failure(wpa_s, data);
934
#ifndef CONFIG_NO_SCAN_PROCESSING
935
case EVENT_SCAN_RESULTS:
936
wpa_supplicant_event_scan_results(wpa_s);
938
#endif /* CONFIG_NO_SCAN_PROCESSING */
939
case EVENT_ASSOCINFO:
940
wpa_supplicant_event_associnfo(wpa_s, data);
942
case EVENT_INTERFACE_STATUS:
943
wpa_supplicant_event_interface_status(wpa_s, data);
945
case EVENT_PMKID_CANDIDATE:
946
wpa_supplicant_event_pmkid_candidate(wpa_s, data);
948
#ifdef CONFIG_PEERKEY
950
wpa_supplicant_event_stkstart(wpa_s, data);
952
#endif /* CONFIG_PEERKEY */
953
#ifdef CONFIG_IEEE80211R
954
case EVENT_FT_RESPONSE:
955
wpa_supplicant_event_ft_response(wpa_s, data);
957
#endif /* CONFIG_IEEE80211R */
959
wpa_printf(MSG_INFO, "Unknown event %d", event);