#include "common.h"
#include "eapol_supp/eapol_supp_sm.h"
-#include "wpa.h"
+#include "rsn_supp/wpa.h"
#include "eloop.h"
#include "config.h"
#include "l2_packet/l2_packet.h"
-#include "wpa_common.h"
+#include "common/wpa_common.h"
#include "wpa_supplicant_i.h"
#include "driver_i.h"
-#include "pmksa_cache.h"
-#include "mlme.h"
+#include "rsn_supp/pmksa_cache.h"
#include "sme.h"
-#include "ieee802_11_defs.h"
-#include "wpa_ctrl.h"
+#include "common/ieee802_11_defs.h"
+#include "common/wpa_ctrl.h"
#include "wpas_glue.h"
#include "wps_supplicant.h"
+#include "bss.h"
+#include "scan.h"
+#include "notify.h"
#ifndef CONFIG_NO_CONFIG_BLOBS
wpa_s->group_cipher = cipher;
}
return wpa_drv_set_key(wpa_s, WPA_ALG_WEP,
- unicast ? wpa_s->bssid :
- (u8 *) "\xff\xff\xff\xff\xff\xff",
- keyidx, unicast, (u8 *) "", 0, key, keylen);
+ unicast ? wpa_s->bssid : NULL,
+ keyidx, unicast, NULL, 0, key, keylen);
}
"handshake");
pmk_len = PMK_LEN;
- res = eapol_sm_get_key(eapol, pmk, PMK_LEN);
- if (res) {
- /*
- * EAP-LEAP is an exception from other EAP methods: it
- * uses only 16-byte PMK.
- */
- res = eapol_sm_get_key(eapol, pmk, 16);
- pmk_len = 16;
+ if (wpa_key_mgmt_ft(wpa_s->key_mgmt)) {
+#ifdef CONFIG_IEEE80211R
+ u8 buf[2 * PMK_LEN];
+ wpa_printf(MSG_DEBUG, "RSN: Use FT XXKey as PMK for "
+ "driver-based 4-way hs and FT");
+ res = eapol_sm_get_key(eapol, buf, 2 * PMK_LEN);
+ if (res == 0) {
+ os_memcpy(pmk, buf + PMK_LEN, PMK_LEN);
+ os_memset(buf, 0, sizeof(buf));
+ }
+#else /* CONFIG_IEEE80211R */
+ res = -1;
+#endif /* CONFIG_IEEE80211R */
+ } else {
+ res = eapol_sm_get_key(eapol, pmk, PMK_LEN);
+ if (res) {
+ /*
+ * EAP-LEAP is an exception from other EAP methods: it
+ * uses only 16-byte PMK.
+ */
+ res = eapol_sm_get_key(eapol, pmk, 16);
+ pmk_len = 16;
+ }
}
if (res) {
return;
}
+ wpa_hexdump_key(MSG_DEBUG, "RSN: Configure PMK for driver-based 4-way "
+ "handshake", pmk, pmk_len);
+
if (wpa_drv_set_key(wpa_s, WPA_ALG_PMK, NULL, 0, 0, NULL, 0, pmk,
pmk_len)) {
wpa_printf(MSG_DEBUG, "Failed to set PMK to the driver");
static int wpa_get_beacon_ie(struct wpa_supplicant *wpa_s)
{
- size_t i;
int ret = 0;
- struct wpa_scan_res *curr = NULL;
+ struct wpa_bss *curr = NULL, *bss;
struct wpa_ssid *ssid = wpa_s->current_ssid;
const u8 *ie;
- if (wpa_s->scan_res == NULL)
- return -1;
-
- for (i = 0; i < wpa_s->scan_res->num; i++) {
- struct wpa_scan_res *r = wpa_s->scan_res->res[i];
- if (os_memcmp(r->bssid, wpa_s->bssid, ETH_ALEN) != 0)
+ dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
+ if (os_memcmp(bss->bssid, wpa_s->bssid, ETH_ALEN) != 0)
continue;
- ie = wpa_scan_get_ie(r, WLAN_EID_SSID);
if (ssid == NULL ||
- ((ie && ie[1] == ssid->ssid_len &&
- os_memcmp(ie + 2, ssid->ssid, ssid->ssid_len) == 0) ||
+ ((bss->ssid_len == ssid->ssid_len &&
+ os_memcmp(bss->ssid, ssid->ssid, ssid->ssid_len) == 0) ||
ssid->ssid_len == 0)) {
- curr = r;
+ curr = bss;
break;
}
}
if (curr) {
- ie = wpa_scan_get_vendor_ie(curr, WPA_IE_VENDOR_TYPE);
+ ie = wpa_bss_get_vendor_ie(curr, WPA_IE_VENDOR_TYPE);
if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0))
ret = -1;
- ie = wpa_scan_get_ie(curr, WLAN_EID_RSN);
+ ie = wpa_bss_get_ie(curr, WLAN_EID_RSN);
if (wpa_sm_set_ap_rsn_ie(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0))
ret = -1;
} else {
/* No WPA/RSN IE found in the cached scan results. Try to get updated
* scan results from the driver. */
- if (wpa_supplicant_get_scan_results(wpa_s) < 0) {
+ if (wpa_supplicant_update_scan_results(wpa_s) < 0)
return -1;
- }
return wpa_get_beacon_ie(wpa_s);
}
}
-static void _wpa_supplicant_set_state(void *wpa_s, wpa_states state)
+static void _wpa_supplicant_set_state(void *wpa_s, enum wpa_states state)
{
wpa_supplicant_set_state(wpa_s, state);
}
* @wpa_s: Pointer to wpa_supplicant data
* Returns: The current connection state (WPA_*)
*/
-static wpa_states wpa_supplicant_get_state(struct wpa_supplicant *wpa_s)
+static enum wpa_states wpa_supplicant_get_state(struct wpa_supplicant *wpa_s)
{
return wpa_s->wpa_state;
}
-static wpa_states _wpa_supplicant_get_state(void *wpa_s)
+static enum wpa_states _wpa_supplicant_get_state(void *wpa_s)
{
return wpa_supplicant_get_state(wpa_s);
}
{
wpa_supplicant_disassociate(wpa_s, reason_code);
/* Schedule a scan to make sure we continue looking for networks */
- wpa_supplicant_req_scan(wpa_s, 0, 0);
+ wpa_supplicant_req_scan(wpa_s, 5, 0);
}
{
wpa_supplicant_deauthenticate(wpa_s, reason_code);
/* Schedule a scan to make sure we continue looking for networks */
- wpa_supplicant_req_scan(wpa_s, 0, 0);
+ wpa_supplicant_req_scan(wpa_s, 5, 0);
}
static int wpa_supplicant_get_bssid(void *ctx, u8 *bssid)
{
struct wpa_supplicant *wpa_s = ctx;
- if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME) {
- os_memcpy(bssid, wpa_s->bssid, ETH_ALEN);
- return 0;
- }
return wpa_drv_get_bssid(wpa_s, bssid);
}
-static int wpa_supplicant_set_key(void *_wpa_s, wpa_alg alg,
+static int wpa_supplicant_set_key(void *_wpa_s, enum wpa_alg alg,
const u8 *addr, int key_idx, int set_tx,
const u8 *seq, size_t seq_len,
const u8 *key, size_t key_len)
const u8 *ies, size_t ies_len)
{
struct wpa_supplicant *wpa_s = ctx;
- if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
- return ieee80211_sta_update_ft_ies(wpa_s, md, ies, ies_len);
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)
return sme_update_ft_ies(wpa_s, md, ies, ies_len);
return wpa_drv_update_ft_ies(wpa_s, md, ies, ies_len);
const u8 *ies, size_t ies_len)
{
struct wpa_supplicant *wpa_s = ctx;
- if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)
- return ieee80211_sta_send_ft_action(wpa_s, action, target_ap,
- ies, ies_len);
return wpa_drv_send_ft_action(wpa_s, action, target_ap, ies, ies_len);
}
+
+
+static int wpa_supplicant_mark_authenticated(void *ctx, const u8 *target_ap)
+{
+ struct wpa_supplicant *wpa_s = ctx;
+ struct wpa_driver_auth_params params;
+ struct wpa_bss *bss;
+
+ bss = wpa_bss_get_bssid(wpa_s, target_ap);
+ if (bss == NULL)
+ return -1;
+
+ os_memset(¶ms, 0, sizeof(params));
+ params.bssid = target_ap;
+ params.freq = bss->freq;
+ params.ssid = bss->ssid;
+ params.ssid_len = bss->ssid_len;
+ params.auth_alg = WPA_AUTH_ALG_FT;
+ params.local_state_change = 1;
+ return wpa_drv_authenticate(wpa_s, ¶ms);
+}
#endif /* CONFIG_IEEE80211R */
#endif /* CONFIG_NO_WPA */
+#ifdef CONFIG_TDLS
+
+static int wpa_supplicant_tdls_get_capa(void *ctx, int *tdls_supported,
+ int *tdls_ext_setup)
+{
+ struct wpa_supplicant *wpa_s = ctx;
+
+ *tdls_supported = 0;
+ *tdls_ext_setup = 0;
+
+ if (!wpa_s->drv_capa_known)
+ return -1;
+
+ if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)
+ *tdls_supported = 1;
+
+ if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_TDLS_EXTERNAL_SETUP)
+ *tdls_ext_setup = 1;
+
+ return 0;
+}
+
+
+static int wpa_supplicant_send_tdls_mgmt(void *ctx, const u8 *dst,
+ u8 action_code, u8 dialog_token,
+ u16 status_code, const u8 *buf,
+ size_t len)
+{
+ struct wpa_supplicant *wpa_s = ctx;
+ return wpa_drv_send_tdls_mgmt(wpa_s, dst, action_code, dialog_token,
+ status_code, buf, len);
+}
+
+
+static int wpa_supplicant_tdls_oper(void *ctx, int oper, const u8 *peer)
+{
+ struct wpa_supplicant *wpa_s = ctx;
+ return wpa_drv_tdls_oper(wpa_s, oper, peer);
+}
+
+
+static int wpa_supplicant_tdls_peer_addset(
+ void *ctx, const u8 *peer, int add, u16 capability,
+ const u8 *supp_rates, size_t supp_rates_len)
+{
+ struct wpa_supplicant *wpa_s = ctx;
+ struct hostapd_sta_add_params params;
+
+ params.addr = peer;
+ params.aid = 1;
+ params.capability = capability;
+ params.flags = WPA_STA_TDLS_PEER | WPA_STA_AUTHORIZED;
+ params.ht_capabilities = NULL;
+ params.listen_interval = 0;
+ params.supp_rates = supp_rates;
+ params.supp_rates_len = supp_rates_len;
+ params.set = !add;
+
+ return wpa_drv_sta_add(wpa_s, ¶ms);
+}
+
+#endif /* CONFIG_TDLS */
+
+
+#ifdef IEEE8021X_EAPOL
#if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
static void wpa_supplicant_eap_param_needed(void *ctx, const char *field,
const char *txt)
#endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
+static void wpa_supplicant_port_cb(void *ctx, int authorized)
+{
+ struct wpa_supplicant *wpa_s = ctx;
+#ifdef CONFIG_AP
+ if (wpa_s->ap_iface) {
+ wpa_printf(MSG_DEBUG, "AP mode active - skip EAPOL Supplicant "
+ "port status: %s",
+ authorized ? "Authorized" : "Unauthorized");
+ return;
+ }
+#endif /* CONFIG_AP */
+ wpa_printf(MSG_DEBUG, "EAPOL: Supplicant port status: %s",
+ authorized ? "Authorized" : "Unauthorized");
+ wpa_drv_set_supp_port(wpa_s, authorized);
+}
+
+
+static void wpa_supplicant_cert_cb(void *ctx, int depth, const char *subject,
+ const char *cert_hash,
+ const struct wpabuf *cert)
+{
+ struct wpa_supplicant *wpa_s = ctx;
+
+ wpas_notify_certification(wpa_s, depth, subject, cert_hash, cert);
+}
+#endif /* IEEE8021X_EAPOL */
+
+
int wpa_supplicant_init_eapol(struct wpa_supplicant *wpa_s)
{
#ifdef IEEE8021X_EAPOL
ctx->set_config_blob = wpa_supplicant_set_config_blob;
ctx->get_config_blob = wpa_supplicant_get_config_blob;
ctx->aborted_cached = wpa_supplicant_aborted_cached;
-#ifdef EAP_TLS_OPENSSL
ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path;
ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path;
ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path;
-#endif /* EAP_TLS_OPENSSL */
ctx->wps = wpa_s->wps;
ctx->eap_param_needed = wpa_supplicant_eap_param_needed;
+ ctx->port_cb = wpa_supplicant_port_cb;
ctx->cb = wpa_supplicant_eapol_cb;
+ ctx->cert_cb = wpa_supplicant_cert_cb;
ctx->cb_ctx = wpa_s;
wpa_s->eapol = eapol_sm_init(ctx);
if (wpa_s->eapol == NULL) {
}
+static void wpa_supplicant_set_rekey_offload(void *ctx, const u8 *kek,
+ const u8 *kck,
+ const u8 *replay_ctr)
+{
+ struct wpa_supplicant *wpa_s = ctx;
+
+ wpa_drv_set_rekey_info(wpa_s, kek, kck, replay_ctr);
+}
+
+
int wpa_supplicant_init_wpa(struct wpa_supplicant *wpa_s)
{
#ifndef CONFIG_NO_WPA
#ifdef CONFIG_IEEE80211R
ctx->update_ft_ies = wpa_supplicant_update_ft_ies;
ctx->send_ft_action = wpa_supplicant_send_ft_action;
+ ctx->mark_authenticated = wpa_supplicant_mark_authenticated;
#endif /* CONFIG_IEEE80211R */
+#ifdef CONFIG_TDLS
+ ctx->tdls_get_capa = wpa_supplicant_tdls_get_capa;
+ ctx->send_tdls_mgmt = wpa_supplicant_send_tdls_mgmt;
+ ctx->tdls_oper = wpa_supplicant_tdls_oper;
+ ctx->tdls_peer_addset = wpa_supplicant_tdls_peer_addset;
+#endif /* CONFIG_TDLS */
+ ctx->set_rekey_offload = wpa_supplicant_set_rekey_offload;
wpa_s->wpa = wpa_sm_init(ctx);
if (wpa_s->wpa == NULL) {
conf.peerkey_enabled = ssid->peerkey;
conf.allowed_pairwise_cipher = ssid->pairwise_cipher;
#ifdef IEEE8021X_EAPOL
+ conf.proactive_key_caching = ssid->proactive_key_caching;
conf.eap_workaround = ssid->eap_workaround;
conf.eap_conf_ctx = &ssid->eap;
#endif /* IEEE8021X_EAPOL */
projects / mech_eap.git / blobdiff