src/ap/wpa_auth_glue.c

   1 /*
   2  * hostapd / WPA authenticator glue code
   3  * Copyright (c) 2002-2009, Jouni Malinen <j@w1.fi>
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License version 2 as
   7  * published by the Free Software Foundation.
   8  *
   9  * Alternatively, this software may be distributed under the terms of BSD
  10  * license.
  11  *
  12  * See README and COPYING for more details.
  13  */
  14
  15 #include "utils/includes.h"
  16
  17 #include "utils/common.h"
  18 #include "common/ieee802_11_defs.h"
  19 #include "eapol_auth/eapol_auth_sm.h"
  20 #include "eapol_auth/eapol_auth_sm_i.h"
  21 #include "eap_server/eap.h"
  22 #include "l2_packet/l2_packet.h"
  23 #include "drivers/driver.h"
  24 #include "hostapd.h"
  25 #include "ieee802_1x.h"
  26 #include "preauth_auth.h"
  27 #include "sta_info.h"
  28 #include "tkip_countermeasures.h"
  29 #include "ap_drv_ops.h"
  30 #include "ap_config.h"
  31 #include "wpa_auth.h"
  32
  33
  34 static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf,
  35                                   struct wpa_auth_config *wconf)
  36 {
  37         wconf->wpa = conf->wpa;
  38         wconf->wpa_key_mgmt = conf->wpa_key_mgmt;
  39         wconf->wpa_pairwise = conf->wpa_pairwise;
  40         wconf->wpa_group = conf->wpa_group;
  41         wconf->wpa_group_rekey = conf->wpa_group_rekey;
  42         wconf->wpa_strict_rekey = conf->wpa_strict_rekey;
  43         wconf->wpa_gmk_rekey = conf->wpa_gmk_rekey;
  44         wconf->wpa_ptk_rekey = conf->wpa_ptk_rekey;
  45         wconf->rsn_pairwise = conf->rsn_pairwise;
  46         wconf->rsn_preauth = conf->rsn_preauth;
  47         wconf->eapol_version = conf->eapol_version;
  48         wconf->peerkey = conf->peerkey;
  49         wconf->wmm_enabled = conf->wmm_enabled;
  50         wconf->wmm_uapsd = conf->wmm_uapsd;
  51         wconf->okc = conf->okc;
  52 #ifdef CONFIG_IEEE80211W
  53         wconf->ieee80211w = conf->ieee80211w;
  54 #endif /* CONFIG_IEEE80211W */
  55 #ifdef CONFIG_IEEE80211R
  56         wconf->ssid_len = conf->ssid.ssid_len;
  57         if (wconf->ssid_len > SSID_LEN)
  58                 wconf->ssid_len = SSID_LEN;
  59         os_memcpy(wconf->ssid, conf->ssid.ssid, wconf->ssid_len);
  60         os_memcpy(wconf->mobility_domain, conf->mobility_domain,
  61                   MOBILITY_DOMAIN_ID_LEN);
  62         if (conf->nas_identifier &&
  63             os_strlen(conf->nas_identifier) <= FT_R0KH_ID_MAX_LEN) {
  64                 wconf->r0_key_holder_len = os_strlen(conf->nas_identifier);
  65                 os_memcpy(wconf->r0_key_holder, conf->nas_identifier,
  66                           wconf->r0_key_holder_len);
  67         }
  68         os_memcpy(wconf->r1_key_holder, conf->r1_key_holder, FT_R1KH_ID_LEN);
  69         wconf->r0_key_lifetime = conf->r0_key_lifetime;
  70         wconf->reassociation_deadline = conf->reassociation_deadline;
  71         wconf->r0kh_list = conf->r0kh_list;
  72         wconf->r1kh_list = conf->r1kh_list;
  73         wconf->pmk_r1_push = conf->pmk_r1_push;
  74 #endif /* CONFIG_IEEE80211R */
  75 }
  76
  77
  78 static void hostapd_wpa_auth_logger(void *ctx, const u8 *addr,
  79                                     logger_level level, const char *txt)
  80 {
  81 #ifndef CONFIG_NO_HOSTAPD_LOGGER
  82         struct hostapd_data *hapd = ctx;
  83         int hlevel;
  84
  85         switch (level) {
  86         case LOGGER_WARNING:
  87                 hlevel = HOSTAPD_LEVEL_WARNING;
  88                 break;
  89         case LOGGER_INFO:
  90                 hlevel = HOSTAPD_LEVEL_INFO;
  91                 break;
  92         case LOGGER_DEBUG:
  93         default:
  94                 hlevel = HOSTAPD_LEVEL_DEBUG;
  95                 break;
  96         }
  97
  98         hostapd_logger(hapd, addr, HOSTAPD_MODULE_WPA, hlevel, "%s", txt);
  99 #endif /* CONFIG_NO_HOSTAPD_LOGGER */
 100 }
 101
 102
 103 static void hostapd_wpa_auth_disconnect(void *ctx, const u8 *addr,
 104                                         u16 reason)
 105 {
 106         struct hostapd_data *hapd = ctx;
 107         wpa_printf(MSG_DEBUG, "%s: WPA authenticator requests disconnect: "
 108                    "STA " MACSTR " reason %d",
 109                    __func__, MAC2STR(addr), reason);
 110         ap_sta_disconnect(hapd, NULL, addr, reason);
 111 }
 112
 113
 114 static void hostapd_wpa_auth_mic_failure_report(void *ctx, const u8 *addr)
 115 {
 116         struct hostapd_data *hapd = ctx;
 117         michael_mic_failure(hapd, addr, 0);
 118 }
 119
 120
 121 static void hostapd_wpa_auth_set_eapol(void *ctx, const u8 *addr,
 122                                        wpa_eapol_variable var, int value)
 123 {
 124         struct hostapd_data *hapd = ctx;
 125         struct sta_info *sta = ap_get_sta(hapd, addr);
 126         if (sta == NULL)
 127                 return;
 128         switch (var) {
 129         case WPA_EAPOL_portEnabled:
 130                 ieee802_1x_notify_port_enabled(sta->eapol_sm, value);
 131                 break;
 132         case WPA_EAPOL_portValid:
 133                 ieee802_1x_notify_port_valid(sta->eapol_sm, value);
 134                 break;
 135         case WPA_EAPOL_authorized:
 136                 ieee802_1x_set_sta_authorized(hapd, sta, value);
 137                 break;
 138         case WPA_EAPOL_portControl_Auto:
 139                 if (sta->eapol_sm)
 140                         sta->eapol_sm->portControl = Auto;
 141                 break;
 142         case WPA_EAPOL_keyRun:
 143                 if (sta->eapol_sm)
 144                         sta->eapol_sm->keyRun = value ? TRUE : FALSE;
 145                 break;
 146         case WPA_EAPOL_keyAvailable:
 147                 if (sta->eapol_sm)
 148                         sta->eapol_sm->eap_if->eapKeyAvailable =
 149                                 value ? TRUE : FALSE;
 150                 break;
 151         case WPA_EAPOL_keyDone:
 152                 if (sta->eapol_sm)
 153                         sta->eapol_sm->keyDone = value ? TRUE : FALSE;
 154                 break;
 155         case WPA_EAPOL_inc_EapolFramesTx:
 156                 if (sta->eapol_sm)
 157                         sta->eapol_sm->dot1xAuthEapolFramesTx++;
 158                 break;
 159         }
 160 }
 161
 162
 163 static int hostapd_wpa_auth_get_eapol(void *ctx, const u8 *addr,
 164                                       wpa_eapol_variable var)
 165 {
 166         struct hostapd_data *hapd = ctx;
 167         struct sta_info *sta = ap_get_sta(hapd, addr);
 168         if (sta == NULL || sta->eapol_sm == NULL)
 169                 return -1;
 170         switch (var) {
 171         case WPA_EAPOL_keyRun:
 172                 return sta->eapol_sm->keyRun;
 173         case WPA_EAPOL_keyAvailable:
 174                 return sta->eapol_sm->eap_if->eapKeyAvailable;
 175         default:
 176                 return -1;
 177         }
 178 }
 179
 180
 181 static const u8 * hostapd_wpa_auth_get_psk(void *ctx, const u8 *addr,
 182                                            const u8 *prev_psk)
 183 {
 184         struct hostapd_data *hapd = ctx;
 185         return hostapd_get_psk(hapd->conf, addr, prev_psk);
 186 }
 187
 188
 189 static int hostapd_wpa_auth_get_msk(void *ctx, const u8 *addr, u8 *msk,
 190                                     size_t *len)
 191 {
 192         struct hostapd_data *hapd = ctx;
 193         const u8 *key;
 194         size_t keylen;
 195         struct sta_info *sta;
 196
 197         sta = ap_get_sta(hapd, addr);
 198         if (sta == NULL)
 199                 return -1;
 200
 201         key = ieee802_1x_get_key(sta->eapol_sm, &keylen);
 202         if (key == NULL)
 203                 return -1;
 204
 205         if (keylen > *len)
 206                 keylen = *len;
 207         os_memcpy(msk, key, keylen);
 208         *len = keylen;
 209
 210         return 0;
 211 }
 212
 213
 214 static int hostapd_wpa_auth_set_key(void *ctx, int vlan_id, enum wpa_alg alg,
 215                                     const u8 *addr, int idx, u8 *key,
 216                                     size_t key_len)
 217 {
 218         struct hostapd_data *hapd = ctx;
 219         const char *ifname = hapd->conf->iface;
 220
 221         if (vlan_id > 0) {
 222                 ifname = hostapd_get_vlan_id_ifname(hapd->conf->vlan, vlan_id);
 223                 if (ifname == NULL)
 224                         return -1;
 225         }
 226
 227         return hapd->drv.set_key(ifname, hapd, alg, addr, idx, 1, NULL, 0,
 228                                  key, key_len);
 229 }
 230
 231
 232 static int hostapd_wpa_auth_get_seqnum(void *ctx, const u8 *addr, int idx,
 233                                        u8 *seq)
 234 {
 235         struct hostapd_data *hapd = ctx;
 236         return hostapd_get_seqnum(hapd->conf->iface, hapd, addr, idx, seq);
 237 }
 238
 239
 240 static int hostapd_wpa_auth_send_eapol(void *ctx, const u8 *addr,
 241                                        const u8 *data, size_t data_len,
 242                                        int encrypt)
 243 {
 244         struct hostapd_data *hapd = ctx;
 245         return hapd->drv.send_eapol(hapd, addr, data, data_len, encrypt);
 246 }
 247
 248
 249 static int hostapd_wpa_auth_for_each_sta(
 250         void *ctx, int (*cb)(struct wpa_state_machine *sm, void *ctx),
 251         void *cb_ctx)
 252 {
 253         struct hostapd_data *hapd = ctx;
 254         struct sta_info *sta;
 255
 256         for (sta = hapd->sta_list; sta; sta = sta->next) {
 257                 if (sta->wpa_sm && cb(sta->wpa_sm, cb_ctx))
 258                         return 1;
 259         }
 260         return 0;
 261 }
 262
 263
 264 struct wpa_auth_iface_iter_data {
 265         int (*cb)(struct wpa_authenticator *sm, void *ctx);
 266         void *cb_ctx;
 267 };
 268
 269 static int wpa_auth_iface_iter(struct hostapd_iface *iface, void *ctx)
 270 {
 271         struct wpa_auth_iface_iter_data *data = ctx;
 272         size_t i;
 273         for (i = 0; i < iface->num_bss; i++) {
 274                 if (iface->bss[i]->wpa_auth &&
 275                     data->cb(iface->bss[i]->wpa_auth, data->cb_ctx))
 276                         return 1;
 277         }
 278         return 0;
 279 }
 280
 281
 282 static int hostapd_wpa_auth_for_each_auth(
 283         void *ctx, int (*cb)(struct wpa_authenticator *sm, void *ctx),
 284         void *cb_ctx)
 285 {
 286         struct hostapd_data *hapd = ctx;
 287         struct wpa_auth_iface_iter_data data;
 288         if (hapd->iface->for_each_interface == NULL)
 289                 return -1;
 290         data.cb = cb;
 291         data.cb_ctx = cb_ctx;
 292         return hapd->iface->for_each_interface(hapd->iface->interfaces,
 293                                                wpa_auth_iface_iter, &data);
 294 }
 295
 296
 297 static int hostapd_wpa_auth_send_ether(void *ctx, const u8 *dst, u16 proto,
 298                                        const u8 *data, size_t data_len)
 299 {
 300         struct hostapd_data *hapd = ctx;
 301
 302         if (hapd->driver && hapd->driver->send_ether)
 303                 return hapd->driver->send_ether(hapd->drv_priv, dst,
 304                                                 hapd->own_addr, proto,
 305                                                 data, data_len);
 306         if (hapd->l2 == NULL)
 307                 return -1;
 308         return l2_packet_send(hapd->l2, dst, proto, data, data_len);
 309 }
 310
 311
 312 #ifdef CONFIG_IEEE80211R
 313
 314 static int hostapd_wpa_auth_send_ft_action(void *ctx, const u8 *dst,
 315                                            const u8 *data, size_t data_len)
 316 {
 317         struct hostapd_data *hapd = ctx;
 318         int res;
 319         struct ieee80211_mgmt *m;
 320         size_t mlen;
 321         struct sta_info *sta;
 322
 323         sta = ap_get_sta(hapd, dst);
 324         if (sta == NULL || sta->wpa_sm == NULL)
 325                 return -1;
 326
 327         m = os_zalloc(sizeof(*m) + data_len);
 328         if (m == NULL)
 329                 return -1;
 330         mlen = ((u8 *) &m->u - (u8 *) m) + data_len;
 331         m->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT,
 332                                         WLAN_FC_STYPE_ACTION);
 333         os_memcpy(m->da, dst, ETH_ALEN);
 334         os_memcpy(m->sa, hapd->own_addr, ETH_ALEN);
 335         os_memcpy(m->bssid, hapd->own_addr, ETH_ALEN);
 336         os_memcpy(&m->u, data, data_len);
 337
 338         res = hapd->drv.send_mgmt_frame(hapd, (u8 *) m, mlen);
 339         os_free(m);
 340         return res;
 341 }
 342
 343
 344 static struct wpa_state_machine *
 345 hostapd_wpa_auth_add_sta(void *ctx, const u8 *sta_addr)
 346 {
 347         struct hostapd_data *hapd = ctx;
 348         struct sta_info *sta;
 349
 350         sta = ap_sta_add(hapd, sta_addr);
 351         if (sta == NULL)
 352                 return NULL;
 353         if (sta->wpa_sm) {
 354                 sta->auth_alg = WLAN_AUTH_FT;
 355                 return sta->wpa_sm;
 356         }
 357
 358         sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, sta->addr);
 359         if (sta->wpa_sm == NULL) {
 360                 ap_free_sta(hapd, sta);
 361                 return NULL;
 362         }
 363         sta->auth_alg = WLAN_AUTH_FT;
 364
 365         return sta->wpa_sm;
 366 }
 367
 368
 369 static void hostapd_rrb_receive(void *ctx, const u8 *src_addr, const u8 *buf,
 370                                 size_t len)
 371 {
 372         struct hostapd_data *hapd = ctx;
 373         wpa_ft_rrb_rx(hapd->wpa_auth, src_addr, buf, len);
 374 }
 375
 376 #endif /* CONFIG_IEEE80211R */
 377
 378
 379 int hostapd_setup_wpa(struct hostapd_data *hapd)
 380 {
 381         struct wpa_auth_config _conf;
 382         struct wpa_auth_callbacks cb;
 383         const u8 *wpa_ie;
 384         size_t wpa_ie_len;
 385
 386         hostapd_wpa_auth_conf(hapd->conf, &_conf);
 387         os_memset(&cb, 0, sizeof(cb));
 388         cb.ctx = hapd;
 389         cb.logger = hostapd_wpa_auth_logger;
 390         cb.disconnect = hostapd_wpa_auth_disconnect;
 391         cb.mic_failure_report = hostapd_wpa_auth_mic_failure_report;
 392         cb.set_eapol = hostapd_wpa_auth_set_eapol;
 393         cb.get_eapol = hostapd_wpa_auth_get_eapol;
 394         cb.get_psk = hostapd_wpa_auth_get_psk;
 395         cb.get_msk = hostapd_wpa_auth_get_msk;
 396         cb.set_key = hostapd_wpa_auth_set_key;
 397         cb.get_seqnum = hostapd_wpa_auth_get_seqnum;
 398         cb.send_eapol = hostapd_wpa_auth_send_eapol;
 399         cb.for_each_sta = hostapd_wpa_auth_for_each_sta;
 400         cb.for_each_auth = hostapd_wpa_auth_for_each_auth;
 401         cb.send_ether = hostapd_wpa_auth_send_ether;
 402 #ifdef CONFIG_IEEE80211R
 403         cb.send_ft_action = hostapd_wpa_auth_send_ft_action;
 404         cb.add_sta = hostapd_wpa_auth_add_sta;
 405 #endif /* CONFIG_IEEE80211R */
 406         hapd->wpa_auth = wpa_init(hapd->own_addr, &_conf, &cb);
 407         if (hapd->wpa_auth == NULL) {
 408                 wpa_printf(MSG_ERROR, "WPA initialization failed.");
 409                 return -1;
 410         }
 411
 412         if (hostapd_set_privacy(hapd, 1)) {
 413                 wpa_printf(MSG_ERROR, "Could not set PrivacyInvoked "
 414                            "for interface %s", hapd->conf->iface);
 415                 return -1;
 416         }
 417
 418         wpa_ie = wpa_auth_get_wpa_ie(hapd->wpa_auth, &wpa_ie_len);
 419         if (hostapd_set_generic_elem(hapd, wpa_ie, wpa_ie_len)) {
 420                 wpa_printf(MSG_ERROR, "Failed to configure WPA IE for "
 421                            "the kernel driver.");
 422                 return -1;
 423         }
 424
 425         if (rsn_preauth_iface_init(hapd)) {
 426                 wpa_printf(MSG_ERROR, "Initialization of RSN "
 427                            "pre-authentication failed.");
 428                 return -1;
 429         }
 430
 431 #ifdef CONFIG_IEEE80211R
 432         if (!hostapd_drv_none(hapd)) {
 433                 hapd->l2 = l2_packet_init(hapd->conf->bridge[0] ?
 434                                           hapd->conf->bridge :
 435                                           hapd->conf->iface, NULL, ETH_P_RRB,
 436                                           hostapd_rrb_receive, hapd, 0);
 437                 if (hapd->l2 == NULL &&
 438                     (hapd->driver == NULL ||
 439                      hapd->driver->send_ether == NULL)) {
 440                         wpa_printf(MSG_ERROR, "Failed to open l2_packet "
 441                                    "interface");
 442                         return -1;
 443                 }
 444         }
 445 #endif /* CONFIG_IEEE80211R */
 446
 447         return 0;
 448
 449 }
 450
 451
 452 void hostapd_reconfig_wpa(struct hostapd_data *hapd)
 453 {
 454         struct wpa_auth_config wpa_auth_conf;
 455         hostapd_wpa_auth_conf(hapd->conf, &wpa_auth_conf);
 456         wpa_reconfig(hapd->wpa_auth, &wpa_auth_conf);
 457 }
 458
 459
 460 void hostapd_deinit_wpa(struct hostapd_data *hapd)
 461 {
 462         rsn_preauth_iface_deinit(hapd);
 463         if (hapd->wpa_auth) {
 464                 wpa_deinit(hapd->wpa_auth);
 465                 hapd->wpa_auth = NULL;
 466
 467                 if (hostapd_set_privacy(hapd, 0)) {
 468                         wpa_printf(MSG_DEBUG, "Could not disable "
 469                                    "PrivacyInvoked for interface %s",
 470                                    hapd->conf->iface);
 471                 }
 472
 473                 if (hostapd_set_generic_elem(hapd, (u8 *) "", 0)) {
 474                         wpa_printf(MSG_DEBUG, "Could not remove generic "
 475                                    "information element from interface %s",
 476                                    hapd->conf->iface);
 477                 }
 478         }
 479         ieee802_1x_deinit(hapd);
 480
 481 #ifdef CONFIG_IEEE80211R
 482         l2_packet_deinit(hapd->l2);
 483 #endif /* CONFIG_IEEE80211R */
 484 }