1 /* 2 * hostapd / IEEE 802.11 Management 3 * Copyright (c) 2002-2017, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #ifndef CONFIG_NATIVE_WINDOWS 12 13 #include "utils/common.h" 14 #include "utils/eloop.h" 15 #include "crypto/crypto.h" 16 #include "crypto/sha256.h" 17 #include "crypto/sha384.h" 18 #include "crypto/sha512.h" 19 #include "crypto/random.h" 20 #include "common/ieee802_11_defs.h" 21 #include "common/ieee802_11_common.h" 22 #include "common/wpa_ctrl.h" 23 #include "common/sae.h" 24 #include "radius/radius.h" 25 #include "radius/radius_client.h" 26 #include "p2p/p2p.h" 27 #include "wps/wps.h" 28 #include "fst/fst.h" 29 #include "hostapd.h" 30 #include "beacon.h" 31 #include "ieee802_11_auth.h" 32 #include "sta_info.h" 33 #include "ieee802_1x.h" 34 #include "wpa_auth.h" 35 #include "pmksa_cache_auth.h" 36 #include "wmm.h" 37 #include "ap_list.h" 38 #include "accounting.h" 39 #include "ap_config.h" 40 #include "ap_mlme.h" 41 #include "p2p_hostapd.h" 42 #include "ap_drv_ops.h" 43 #include "wnm_ap.h" 44 #include "hw_features.h" 45 #include "ieee802_11.h" 46 #include "dfs.h" 47 #include "mbo_ap.h" 48 #include "rrm.h" 49 #include "taxonomy.h" 50 #include "fils_hlp.h" 51 #include "dpp_hostapd.h" 52 #include "gas_query_ap.h" 53 54 55 #ifdef CONFIG_FILS 56 static struct wpabuf * 57 prepare_auth_resp_fils(struct hostapd_data *hapd, 58 struct sta_info *sta, u16 *resp, 59 struct rsn_pmksa_cache_entry *pmksa, 60 struct wpabuf *erp_resp, 61 const u8 *msk, size_t msk_len, 62 int *is_pub); 63 #endif /* CONFIG_FILS */ 64 65 u8 * hostapd_eid_supp_rates(struct hostapd_data *hapd, u8 *eid) 66 { 67 u8 *pos = eid; 68 int i, num, count; 69 70 if (hapd->iface->current_rates == NULL) 71 return eid; 72 73 *pos++ = WLAN_EID_SUPP_RATES; 74 num = hapd->iface->num_rates; 75 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) 76 num++; 77 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) 78 num++; 79 if (num > 8) { 80 /* rest of the rates are encoded in Extended supported 81 * rates element */ 82 num = 8; 83 } 84 85 *pos++ = num; 86 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num; 87 i++) { 88 count++; 89 *pos = hapd->iface->current_rates[i].rate / 5; 90 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC) 91 *pos |= 0x80; 92 pos++; 93 } 94 95 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht && count < 8) { 96 count++; 97 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY; 98 } 99 100 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht && count < 8) { 101 count++; 102 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY; 103 } 104 105 return pos; 106 } 107 108 109 u8 * hostapd_eid_ext_supp_rates(struct hostapd_data *hapd, u8 *eid) 110 { 111 u8 *pos = eid; 112 int i, num, count; 113 114 if (hapd->iface->current_rates == NULL) 115 return eid; 116 117 num = hapd->iface->num_rates; 118 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) 119 num++; 120 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) 121 num++; 122 if (num <= 8) 123 return eid; 124 num -= 8; 125 126 *pos++ = WLAN_EID_EXT_SUPP_RATES; 127 *pos++ = num; 128 for (i = 0, count = 0; i < hapd->iface->num_rates && count < num + 8; 129 i++) { 130 count++; 131 if (count <= 8) 132 continue; /* already in SuppRates IE */ 133 *pos = hapd->iface->current_rates[i].rate / 5; 134 if (hapd->iface->current_rates[i].flags & HOSTAPD_RATE_BASIC) 135 *pos |= 0x80; 136 pos++; 137 } 138 139 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht) { 140 count++; 141 if (count > 8) 142 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_HT_PHY; 143 } 144 145 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht) { 146 count++; 147 if (count > 8) 148 *pos++ = 0x80 | BSS_MEMBERSHIP_SELECTOR_VHT_PHY; 149 } 150 151 return pos; 152 } 153 154 155 u16 hostapd_own_capab_info(struct hostapd_data *hapd) 156 { 157 int capab = WLAN_CAPABILITY_ESS; 158 int privacy; 159 int dfs; 160 int i; 161 162 /* Check if any of configured channels require DFS */ 163 dfs = hostapd_is_dfs_required(hapd->iface); 164 if (dfs < 0) { 165 wpa_printf(MSG_WARNING, "Failed to check if DFS is required; ret=%d", 166 dfs); 167 dfs = 0; 168 } 169 170 if (hapd->iface->num_sta_no_short_preamble == 0 && 171 hapd->iconf->preamble == SHORT_PREAMBLE) 172 capab |= WLAN_CAPABILITY_SHORT_PREAMBLE; 173 174 privacy = hapd->conf->ssid.wep.keys_set; 175 176 if (hapd->conf->ieee802_1x && 177 (hapd->conf->default_wep_key_len || 178 hapd->conf->individual_wep_key_len)) 179 privacy = 1; 180 181 if (hapd->conf->wpa) 182 privacy = 1; 183 184 #ifdef CONFIG_HS20 185 if (hapd->conf->osen) 186 privacy = 1; 187 #endif /* CONFIG_HS20 */ 188 189 if (privacy) 190 capab |= WLAN_CAPABILITY_PRIVACY; 191 192 if (hapd->iface->current_mode && 193 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G && 194 hapd->iface->num_sta_no_short_slot_time == 0) 195 capab |= WLAN_CAPABILITY_SHORT_SLOT_TIME; 196 197 /* 198 * Currently, Spectrum Management capability bit is set when directly 199 * requested in configuration by spectrum_mgmt_required or when AP is 200 * running on DFS channel. 201 * TODO: Also consider driver support for TPC to set Spectrum Mgmt bit 202 */ 203 if (hapd->iface->current_mode && 204 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211A && 205 (hapd->iconf->spectrum_mgmt_required || dfs)) 206 capab |= WLAN_CAPABILITY_SPECTRUM_MGMT; 207 208 for (i = 0; i < RRM_CAPABILITIES_IE_LEN; i++) { 209 if (hapd->conf->radio_measurements[i]) { 210 capab |= IEEE80211_CAP_RRM; 211 break; 212 } 213 } 214 215 return capab; 216 } 217 218 219 #ifndef CONFIG_NO_RC4 220 static u16 auth_shared_key(struct hostapd_data *hapd, struct sta_info *sta, 221 u16 auth_transaction, const u8 *challenge, 222 int iswep) 223 { 224 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 225 HOSTAPD_LEVEL_DEBUG, 226 "authentication (shared key, transaction %d)", 227 auth_transaction); 228 229 if (auth_transaction == 1) { 230 if (!sta->challenge) { 231 /* Generate a pseudo-random challenge */ 232 u8 key[8]; 233 234 sta->challenge = os_zalloc(WLAN_AUTH_CHALLENGE_LEN); 235 if (sta->challenge == NULL) 236 return WLAN_STATUS_UNSPECIFIED_FAILURE; 237 238 if (os_get_random(key, sizeof(key)) < 0) { 239 os_free(sta->challenge); 240 sta->challenge = NULL; 241 return WLAN_STATUS_UNSPECIFIED_FAILURE; 242 } 243 244 rc4_skip(key, sizeof(key), 0, 245 sta->challenge, WLAN_AUTH_CHALLENGE_LEN); 246 } 247 return 0; 248 } 249 250 if (auth_transaction != 3) 251 return WLAN_STATUS_UNSPECIFIED_FAILURE; 252 253 /* Transaction 3 */ 254 if (!iswep || !sta->challenge || !challenge || 255 os_memcmp_const(sta->challenge, challenge, 256 WLAN_AUTH_CHALLENGE_LEN)) { 257 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 258 HOSTAPD_LEVEL_INFO, 259 "shared key authentication - invalid " 260 "challenge-response"); 261 return WLAN_STATUS_CHALLENGE_FAIL; 262 } 263 264 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 265 HOSTAPD_LEVEL_DEBUG, 266 "authentication OK (shared key)"); 267 sta->flags |= WLAN_STA_AUTH; 268 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); 269 os_free(sta->challenge); 270 sta->challenge = NULL; 271 272 return 0; 273 } 274 #endif /* CONFIG_NO_RC4 */ 275 276 277 static int send_auth_reply(struct hostapd_data *hapd, 278 const u8 *dst, const u8 *bssid, 279 u16 auth_alg, u16 auth_transaction, u16 resp, 280 const u8 *ies, size_t ies_len, const char *dbg) 281 { 282 struct ieee80211_mgmt *reply; 283 u8 *buf; 284 size_t rlen; 285 int reply_res = WLAN_STATUS_UNSPECIFIED_FAILURE; 286 287 rlen = IEEE80211_HDRLEN + sizeof(reply->u.auth) + ies_len; 288 buf = os_zalloc(rlen); 289 if (buf == NULL) 290 return -1; 291 292 reply = (struct ieee80211_mgmt *) buf; 293 reply->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 294 WLAN_FC_STYPE_AUTH); 295 os_memcpy(reply->da, dst, ETH_ALEN); 296 os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN); 297 os_memcpy(reply->bssid, bssid, ETH_ALEN); 298 299 reply->u.auth.auth_alg = host_to_le16(auth_alg); 300 reply->u.auth.auth_transaction = host_to_le16(auth_transaction); 301 reply->u.auth.status_code = host_to_le16(resp); 302 303 if (ies && ies_len) 304 os_memcpy(reply->u.auth.variable, ies, ies_len); 305 306 wpa_printf(MSG_DEBUG, "authentication reply: STA=" MACSTR 307 " auth_alg=%d auth_transaction=%d resp=%d (IE len=%lu) (dbg=%s)", 308 MAC2STR(dst), auth_alg, auth_transaction, 309 resp, (unsigned long) ies_len, dbg); 310 if (hostapd_drv_send_mlme(hapd, reply, rlen, 0) < 0) 311 wpa_printf(MSG_INFO, "send_auth_reply: send failed"); 312 else 313 reply_res = WLAN_STATUS_SUCCESS; 314 315 os_free(buf); 316 317 return reply_res; 318 } 319 320 321 #ifdef CONFIG_IEEE80211R_AP 322 static void handle_auth_ft_finish(void *ctx, const u8 *dst, const u8 *bssid, 323 u16 auth_transaction, u16 status, 324 const u8 *ies, size_t ies_len) 325 { 326 struct hostapd_data *hapd = ctx; 327 struct sta_info *sta; 328 int reply_res; 329 330 reply_res = send_auth_reply(hapd, dst, bssid, WLAN_AUTH_FT, 331 auth_transaction, status, ies, ies_len, 332 "auth-ft-finish"); 333 334 sta = ap_get_sta(hapd, dst); 335 if (sta == NULL) 336 return; 337 338 if (sta->added_unassoc && (reply_res != WLAN_STATUS_SUCCESS || 339 status != WLAN_STATUS_SUCCESS)) { 340 hostapd_drv_sta_remove(hapd, sta->addr); 341 sta->added_unassoc = 0; 342 return; 343 } 344 345 if (status != WLAN_STATUS_SUCCESS) 346 return; 347 348 hostapd_logger(hapd, dst, HOSTAPD_MODULE_IEEE80211, 349 HOSTAPD_LEVEL_DEBUG, "authentication OK (FT)"); 350 sta->flags |= WLAN_STA_AUTH; 351 mlme_authenticate_indication(hapd, sta); 352 } 353 #endif /* CONFIG_IEEE80211R_AP */ 354 355 356 #ifdef CONFIG_SAE 357 358 static void sae_set_state(struct sta_info *sta, enum sae_state state, 359 const char *reason) 360 { 361 wpa_printf(MSG_DEBUG, "SAE: State %s -> %s for peer " MACSTR " (%s)", 362 sae_state_txt(sta->sae->state), sae_state_txt(state), 363 MAC2STR(sta->addr), reason); 364 sta->sae->state = state; 365 } 366 367 368 static struct wpabuf * auth_build_sae_commit(struct hostapd_data *hapd, 369 struct sta_info *sta, int update) 370 { 371 struct wpabuf *buf; 372 const char *password = NULL; 373 struct sae_password_entry *pw; 374 const char *rx_id = NULL; 375 376 if (sta->sae->tmp) 377 rx_id = sta->sae->tmp->pw_id; 378 379 for (pw = hapd->conf->sae_passwords; pw; pw = pw->next) { 380 if (!is_broadcast_ether_addr(pw->peer_addr) && 381 os_memcmp(pw->peer_addr, sta->addr, ETH_ALEN) != 0) 382 continue; 383 if ((rx_id && !pw->identifier) || (!rx_id && pw->identifier)) 384 continue; 385 if (rx_id && pw->identifier && 386 os_strcmp(rx_id, pw->identifier) != 0) 387 continue; 388 password = pw->password; 389 break; 390 } 391 if (!password) 392 password = hapd->conf->ssid.wpa_passphrase; 393 if (!password) { 394 wpa_printf(MSG_DEBUG, "SAE: No password available"); 395 return NULL; 396 } 397 398 if (update && 399 sae_prepare_commit(hapd->own_addr, sta->addr, 400 (u8 *) password, os_strlen(password), rx_id, 401 sta->sae) < 0) { 402 wpa_printf(MSG_DEBUG, "SAE: Could not pick PWE"); 403 return NULL; 404 } 405 406 buf = wpabuf_alloc(SAE_COMMIT_MAX_LEN + 407 (rx_id ? 3 + os_strlen(rx_id) : 0)); 408 if (buf == NULL) 409 return NULL; 410 sae_write_commit(sta->sae, buf, sta->sae->tmp ? 411 sta->sae->tmp->anti_clogging_token : NULL, rx_id); 412 413 return buf; 414 } 415 416 417 static struct wpabuf * auth_build_sae_confirm(struct hostapd_data *hapd, 418 struct sta_info *sta) 419 { 420 struct wpabuf *buf; 421 422 buf = wpabuf_alloc(SAE_CONFIRM_MAX_LEN); 423 if (buf == NULL) 424 return NULL; 425 426 sae_write_confirm(sta->sae, buf); 427 428 return buf; 429 } 430 431 432 static int auth_sae_send_commit(struct hostapd_data *hapd, 433 struct sta_info *sta, 434 const u8 *bssid, int update) 435 { 436 struct wpabuf *data; 437 int reply_res; 438 439 data = auth_build_sae_commit(hapd, sta, update); 440 if (!data && sta->sae->tmp && sta->sae->tmp->pw_id) 441 return WLAN_STATUS_UNKNOWN_PASSWORD_IDENTIFIER; 442 if (data == NULL) 443 return WLAN_STATUS_UNSPECIFIED_FAILURE; 444 445 reply_res = send_auth_reply(hapd, sta->addr, bssid, WLAN_AUTH_SAE, 1, 446 WLAN_STATUS_SUCCESS, wpabuf_head(data), 447 wpabuf_len(data), "sae-send-commit"); 448 449 wpabuf_free(data); 450 451 return reply_res; 452 } 453 454 455 static int auth_sae_send_confirm(struct hostapd_data *hapd, 456 struct sta_info *sta, 457 const u8 *bssid) 458 { 459 struct wpabuf *data; 460 int reply_res; 461 462 data = auth_build_sae_confirm(hapd, sta); 463 if (data == NULL) 464 return WLAN_STATUS_UNSPECIFIED_FAILURE; 465 466 reply_res = send_auth_reply(hapd, sta->addr, bssid, WLAN_AUTH_SAE, 2, 467 WLAN_STATUS_SUCCESS, wpabuf_head(data), 468 wpabuf_len(data), "sae-send-confirm"); 469 470 wpabuf_free(data); 471 472 return reply_res; 473 } 474 475 476 static int use_sae_anti_clogging(struct hostapd_data *hapd) 477 { 478 struct sta_info *sta; 479 unsigned int open = 0; 480 481 if (hapd->conf->sae_anti_clogging_threshold == 0) 482 return 1; 483 484 for (sta = hapd->sta_list; sta; sta = sta->next) { 485 if (!sta->sae) 486 continue; 487 if (sta->sae->state != SAE_COMMITTED && 488 sta->sae->state != SAE_CONFIRMED) 489 continue; 490 open++; 491 if (open >= hapd->conf->sae_anti_clogging_threshold) 492 return 1; 493 } 494 495 return 0; 496 } 497 498 499 static int check_sae_token(struct hostapd_data *hapd, const u8 *addr, 500 const u8 *token, size_t token_len) 501 { 502 u8 mac[SHA256_MAC_LEN]; 503 504 if (token_len != SHA256_MAC_LEN) 505 return -1; 506 if (hmac_sha256(hapd->sae_token_key, sizeof(hapd->sae_token_key), 507 addr, ETH_ALEN, mac) < 0 || 508 os_memcmp_const(token, mac, SHA256_MAC_LEN) != 0) 509 return -1; 510 511 return 0; 512 } 513 514 515 static struct wpabuf * auth_build_token_req(struct hostapd_data *hapd, 516 int group, const u8 *addr) 517 { 518 struct wpabuf *buf; 519 u8 *token; 520 struct os_reltime now; 521 522 os_get_reltime(&now); 523 if (!os_reltime_initialized(&hapd->last_sae_token_key_update) || 524 os_reltime_expired(&now, &hapd->last_sae_token_key_update, 60)) { 525 if (random_get_bytes(hapd->sae_token_key, 526 sizeof(hapd->sae_token_key)) < 0) 527 return NULL; 528 wpa_hexdump(MSG_DEBUG, "SAE: Updated token key", 529 hapd->sae_token_key, sizeof(hapd->sae_token_key)); 530 hapd->last_sae_token_key_update = now; 531 } 532 533 buf = wpabuf_alloc(sizeof(le16) + SHA256_MAC_LEN); 534 if (buf == NULL) 535 return NULL; 536 537 wpabuf_put_le16(buf, group); /* Finite Cyclic Group */ 538 539 token = wpabuf_put(buf, SHA256_MAC_LEN); 540 hmac_sha256(hapd->sae_token_key, sizeof(hapd->sae_token_key), 541 addr, ETH_ALEN, token); 542 543 return buf; 544 } 545 546 547 static int sae_check_big_sync(struct hostapd_data *hapd, struct sta_info *sta) 548 { 549 if (sta->sae->sync > hapd->conf->sae_sync) { 550 sae_set_state(sta, SAE_NOTHING, "Sync > dot11RSNASAESync"); 551 sta->sae->sync = 0; 552 return -1; 553 } 554 return 0; 555 } 556 557 558 static void auth_sae_retransmit_timer(void *eloop_ctx, void *eloop_data) 559 { 560 struct hostapd_data *hapd = eloop_ctx; 561 struct sta_info *sta = eloop_data; 562 int ret; 563 564 if (sae_check_big_sync(hapd, sta)) 565 return; 566 sta->sae->sync++; 567 wpa_printf(MSG_DEBUG, "SAE: Auth SAE retransmit timer for " MACSTR 568 " (sync=%d state=%s)", 569 MAC2STR(sta->addr), sta->sae->sync, 570 sae_state_txt(sta->sae->state)); 571 572 switch (sta->sae->state) { 573 case SAE_COMMITTED: 574 ret = auth_sae_send_commit(hapd, sta, hapd->own_addr, 0); 575 eloop_register_timeout(0, 576 hapd->dot11RSNASAERetransPeriod * 1000, 577 auth_sae_retransmit_timer, hapd, sta); 578 break; 579 case SAE_CONFIRMED: 580 ret = auth_sae_send_confirm(hapd, sta, hapd->own_addr); 581 eloop_register_timeout(0, 582 hapd->dot11RSNASAERetransPeriod * 1000, 583 auth_sae_retransmit_timer, hapd, sta); 584 break; 585 default: 586 ret = -1; 587 break; 588 } 589 590 if (ret != WLAN_STATUS_SUCCESS) 591 wpa_printf(MSG_INFO, "SAE: Failed to retransmit: ret=%d", ret); 592 } 593 594 595 void sae_clear_retransmit_timer(struct hostapd_data *hapd, struct sta_info *sta) 596 { 597 eloop_cancel_timeout(auth_sae_retransmit_timer, hapd, sta); 598 } 599 600 601 static void sae_set_retransmit_timer(struct hostapd_data *hapd, 602 struct sta_info *sta) 603 { 604 if (!(hapd->conf->mesh & MESH_ENABLED)) 605 return; 606 607 eloop_cancel_timeout(auth_sae_retransmit_timer, hapd, sta); 608 eloop_register_timeout(0, hapd->dot11RSNASAERetransPeriod * 1000, 609 auth_sae_retransmit_timer, hapd, sta); 610 } 611 612 613 void sae_accept_sta(struct hostapd_data *hapd, struct sta_info *sta) 614 { 615 sta->flags |= WLAN_STA_AUTH; 616 sta->auth_alg = WLAN_AUTH_SAE; 617 mlme_authenticate_indication(hapd, sta); 618 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); 619 sae_set_state(sta, SAE_ACCEPTED, "Accept Confirm"); 620 wpa_auth_pmksa_add_sae(hapd->wpa_auth, sta->addr, 621 sta->sae->pmk, sta->sae->pmkid); 622 } 623 624 625 static int sae_sm_step(struct hostapd_data *hapd, struct sta_info *sta, 626 const u8 *bssid, u8 auth_transaction) 627 { 628 int ret; 629 630 if (auth_transaction != 1 && auth_transaction != 2) 631 return WLAN_STATUS_UNSPECIFIED_FAILURE; 632 633 wpa_printf(MSG_DEBUG, "SAE: Peer " MACSTR " state=%s auth_trans=%u", 634 MAC2STR(sta->addr), sae_state_txt(sta->sae->state), 635 auth_transaction); 636 switch (sta->sae->state) { 637 case SAE_NOTHING: 638 if (auth_transaction == 1) { 639 ret = auth_sae_send_commit(hapd, sta, bssid, 1); 640 if (ret) 641 return ret; 642 sae_set_state(sta, SAE_COMMITTED, "Sent Commit"); 643 644 if (sae_process_commit(sta->sae) < 0) 645 return WLAN_STATUS_UNSPECIFIED_FAILURE; 646 647 /* 648 * In mesh case, both Commit and Confirm can be sent 649 * immediately. In infrastructure BSS, only a single 650 * Authentication frame (Commit) is expected from the AP 651 * here and the second one (Confirm) will be sent once 652 * the STA has sent its second Authentication frame 653 * (Confirm). 654 */ 655 if (hapd->conf->mesh & MESH_ENABLED) { 656 /* 657 * Send both Commit and Confirm immediately 658 * based on SAE finite state machine 659 * Nothing -> Confirm transition. 660 */ 661 ret = auth_sae_send_confirm(hapd, sta, bssid); 662 if (ret) 663 return ret; 664 sae_set_state(sta, SAE_CONFIRMED, 665 "Sent Confirm (mesh)"); 666 } else { 667 /* 668 * For infrastructure BSS, send only the Commit 669 * message now to get alternating sequence of 670 * Authentication frames between the AP and STA. 671 * Confirm will be sent in 672 * Committed -> Confirmed/Accepted transition 673 * when receiving Confirm from STA. 674 */ 675 } 676 sta->sae->sync = 0; 677 sae_set_retransmit_timer(hapd, sta); 678 } else { 679 hostapd_logger(hapd, sta->addr, 680 HOSTAPD_MODULE_IEEE80211, 681 HOSTAPD_LEVEL_DEBUG, 682 "SAE confirm before commit"); 683 } 684 break; 685 case SAE_COMMITTED: 686 sae_clear_retransmit_timer(hapd, sta); 687 if (auth_transaction == 1) { 688 if (sae_process_commit(sta->sae) < 0) 689 return WLAN_STATUS_UNSPECIFIED_FAILURE; 690 691 ret = auth_sae_send_confirm(hapd, sta, bssid); 692 if (ret) 693 return ret; 694 sae_set_state(sta, SAE_CONFIRMED, "Sent Confirm"); 695 sta->sae->sync = 0; 696 sae_set_retransmit_timer(hapd, sta); 697 } else if (hapd->conf->mesh & MESH_ENABLED) { 698 /* 699 * In mesh case, follow SAE finite state machine and 700 * send Commit now, if sync count allows. 701 */ 702 if (sae_check_big_sync(hapd, sta)) 703 return WLAN_STATUS_SUCCESS; 704 sta->sae->sync++; 705 706 ret = auth_sae_send_commit(hapd, sta, bssid, 0); 707 if (ret) 708 return ret; 709 710 sae_set_retransmit_timer(hapd, sta); 711 } else { 712 /* 713 * For instructure BSS, send the postponed Confirm from 714 * Nothing -> Confirmed transition that was reduced to 715 * Nothing -> Committed above. 716 */ 717 ret = auth_sae_send_confirm(hapd, sta, bssid); 718 if (ret) 719 return ret; 720 721 sae_set_state(sta, SAE_CONFIRMED, "Sent Confirm"); 722 723 /* 724 * Since this was triggered on Confirm RX, run another 725 * step to get to Accepted without waiting for 726 * additional events. 727 */ 728 return sae_sm_step(hapd, sta, bssid, auth_transaction); 729 } 730 break; 731 case SAE_CONFIRMED: 732 sae_clear_retransmit_timer(hapd, sta); 733 if (auth_transaction == 1) { 734 if (sae_check_big_sync(hapd, sta)) 735 return WLAN_STATUS_SUCCESS; 736 sta->sae->sync++; 737 738 ret = auth_sae_send_commit(hapd, sta, bssid, 1); 739 if (ret) 740 return ret; 741 742 if (sae_process_commit(sta->sae) < 0) 743 return WLAN_STATUS_UNSPECIFIED_FAILURE; 744 745 ret = auth_sae_send_confirm(hapd, sta, bssid); 746 if (ret) 747 return ret; 748 749 sae_set_retransmit_timer(hapd, sta); 750 } else { 751 sta->sae->send_confirm = 0xffff; 752 sae_accept_sta(hapd, sta); 753 } 754 break; 755 case SAE_ACCEPTED: 756 if (auth_transaction == 1 && 757 (hapd->conf->mesh & MESH_ENABLED)) { 758 wpa_printf(MSG_DEBUG, "SAE: remove the STA (" MACSTR 759 ") doing reauthentication", 760 MAC2STR(sta->addr)); 761 ap_free_sta(hapd, sta); 762 wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr); 763 } else if (auth_transaction == 1) { 764 wpa_printf(MSG_DEBUG, "SAE: Start reauthentication"); 765 ret = auth_sae_send_commit(hapd, sta, bssid, 1); 766 if (ret) 767 return ret; 768 sae_set_state(sta, SAE_COMMITTED, "Sent Commit"); 769 770 if (sae_process_commit(sta->sae) < 0) 771 return WLAN_STATUS_UNSPECIFIED_FAILURE; 772 sta->sae->sync = 0; 773 sae_set_retransmit_timer(hapd, sta); 774 } else { 775 if (sae_check_big_sync(hapd, sta)) 776 return WLAN_STATUS_SUCCESS; 777 sta->sae->sync++; 778 779 ret = auth_sae_send_confirm(hapd, sta, bssid); 780 sae_clear_temp_data(sta->sae); 781 if (ret) 782 return ret; 783 } 784 break; 785 default: 786 wpa_printf(MSG_ERROR, "SAE: invalid state %d", 787 sta->sae->state); 788 return WLAN_STATUS_UNSPECIFIED_FAILURE; 789 } 790 return WLAN_STATUS_SUCCESS; 791 } 792 793 794 static void sae_pick_next_group(struct hostapd_data *hapd, struct sta_info *sta) 795 { 796 struct sae_data *sae = sta->sae; 797 int i, *groups = hapd->conf->sae_groups; 798 799 if (sae->state != SAE_COMMITTED) 800 return; 801 802 wpa_printf(MSG_DEBUG, "SAE: Previously selected group: %d", sae->group); 803 804 for (i = 0; groups && groups[i] > 0; i++) { 805 if (sae->group == groups[i]) 806 break; 807 } 808 809 if (!groups || groups[i] <= 0) { 810 wpa_printf(MSG_DEBUG, 811 "SAE: Previously selected group not found from the current configuration"); 812 return; 813 } 814 815 for (;;) { 816 i++; 817 if (groups[i] <= 0) { 818 wpa_printf(MSG_DEBUG, 819 "SAE: No alternative group enabled"); 820 return; 821 } 822 823 if (sae_set_group(sae, groups[i]) < 0) 824 continue; 825 826 break; 827 } 828 wpa_printf(MSG_DEBUG, "SAE: Selected new group: %d", groups[i]); 829 } 830 831 832 static void handle_auth_sae(struct hostapd_data *hapd, struct sta_info *sta, 833 const struct ieee80211_mgmt *mgmt, size_t len, 834 u16 auth_transaction, u16 status_code) 835 { 836 int resp = WLAN_STATUS_SUCCESS; 837 struct wpabuf *data = NULL; 838 839 #ifdef CONFIG_TESTING_OPTIONS 840 if (hapd->conf->sae_reflection_attack && auth_transaction == 1) { 841 const u8 *pos, *end; 842 843 wpa_printf(MSG_DEBUG, "SAE: TESTING - reflection attack"); 844 pos = mgmt->u.auth.variable; 845 end = ((const u8 *) mgmt) + len; 846 send_auth_reply(hapd, mgmt->sa, mgmt->bssid, WLAN_AUTH_SAE, 847 auth_transaction, resp, pos, end - pos, 848 "auth-sae-reflection-attack"); 849 goto remove_sta; 850 } 851 852 if (hapd->conf->sae_commit_override && auth_transaction == 1) { 853 wpa_printf(MSG_DEBUG, "SAE: TESTING - commit override"); 854 send_auth_reply(hapd, mgmt->sa, mgmt->bssid, WLAN_AUTH_SAE, 855 auth_transaction, resp, 856 wpabuf_head(hapd->conf->sae_commit_override), 857 wpabuf_len(hapd->conf->sae_commit_override), 858 "sae-commit-override"); 859 goto remove_sta; 860 } 861 #endif /* CONFIG_TESTING_OPTIONS */ 862 if (!sta->sae) { 863 if (auth_transaction != 1 || 864 status_code != WLAN_STATUS_SUCCESS) { 865 resp = -1; 866 goto remove_sta; 867 } 868 sta->sae = os_zalloc(sizeof(*sta->sae)); 869 if (!sta->sae) { 870 resp = -1; 871 goto remove_sta; 872 } 873 sae_set_state(sta, SAE_NOTHING, "Init"); 874 sta->sae->sync = 0; 875 } 876 877 if (sta->mesh_sae_pmksa_caching) { 878 wpa_printf(MSG_DEBUG, 879 "SAE: Cancel use of mesh PMKSA caching because peer starts SAE authentication"); 880 wpa_auth_pmksa_remove(hapd->wpa_auth, sta->addr); 881 sta->mesh_sae_pmksa_caching = 0; 882 } 883 884 if (auth_transaction == 1) { 885 const u8 *token = NULL, *pos, *end; 886 size_t token_len = 0; 887 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 888 HOSTAPD_LEVEL_DEBUG, 889 "start SAE authentication (RX commit, status=%u)", 890 status_code); 891 892 if ((hapd->conf->mesh & MESH_ENABLED) && 893 status_code == WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ && 894 sta->sae->tmp) { 895 pos = mgmt->u.auth.variable; 896 end = ((const u8 *) mgmt) + len; 897 if (pos + sizeof(le16) > end) { 898 wpa_printf(MSG_ERROR, 899 "SAE: Too short anti-clogging token request"); 900 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 901 goto reply; 902 } 903 resp = sae_group_allowed(sta->sae, 904 hapd->conf->sae_groups, 905 WPA_GET_LE16(pos)); 906 if (resp != WLAN_STATUS_SUCCESS) { 907 wpa_printf(MSG_ERROR, 908 "SAE: Invalid group in anti-clogging token request"); 909 goto reply; 910 } 911 pos += sizeof(le16); 912 913 wpabuf_free(sta->sae->tmp->anti_clogging_token); 914 sta->sae->tmp->anti_clogging_token = 915 wpabuf_alloc_copy(pos, end - pos); 916 if (sta->sae->tmp->anti_clogging_token == NULL) { 917 wpa_printf(MSG_ERROR, 918 "SAE: Failed to alloc for anti-clogging token"); 919 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 920 goto remove_sta; 921 } 922 923 /* 924 * IEEE Std 802.11-2012, 11.3.8.6.4: If the Status code 925 * is 76, a new Commit Message shall be constructed 926 * with the Anti-Clogging Token from the received 927 * Authentication frame, and the commit-scalar and 928 * COMMIT-ELEMENT previously sent. 929 */ 930 resp = auth_sae_send_commit(hapd, sta, mgmt->bssid, 0); 931 if (resp != WLAN_STATUS_SUCCESS) { 932 wpa_printf(MSG_ERROR, 933 "SAE: Failed to send commit message"); 934 goto remove_sta; 935 } 936 sae_set_state(sta, SAE_COMMITTED, 937 "Sent Commit (anti-clogging token case in mesh)"); 938 sta->sae->sync = 0; 939 sae_set_retransmit_timer(hapd, sta); 940 return; 941 } 942 943 if ((hapd->conf->mesh & MESH_ENABLED) && 944 status_code == 945 WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED && 946 sta->sae->tmp) { 947 wpa_printf(MSG_DEBUG, 948 "SAE: Peer did not accept our SAE group"); 949 sae_pick_next_group(hapd, sta); 950 goto remove_sta; 951 } 952 953 if (status_code != WLAN_STATUS_SUCCESS) 954 goto remove_sta; 955 956 if (!(hapd->conf->mesh & MESH_ENABLED) && 957 sta->sae->state == SAE_COMMITTED) { 958 /* This is needed in the infrastructure BSS case to 959 * address a sequence where a STA entry may remain in 960 * hostapd across two attempts to do SAE authentication 961 * by the same STA. The second attempt may end up trying 962 * to use a different group and that would not be 963 * allowed if we remain in Committed state with the 964 * previously set parameters. */ 965 sae_set_state(sta, SAE_NOTHING, 966 "Clear existing state to allow restart"); 967 sae_clear_data(sta->sae); 968 } 969 970 resp = sae_parse_commit(sta->sae, mgmt->u.auth.variable, 971 ((const u8 *) mgmt) + len - 972 mgmt->u.auth.variable, &token, 973 &token_len, hapd->conf->sae_groups); 974 if (resp == SAE_SILENTLY_DISCARD) { 975 wpa_printf(MSG_DEBUG, 976 "SAE: Drop commit message from " MACSTR " due to reflection attack", 977 MAC2STR(sta->addr)); 978 goto remove_sta; 979 } 980 981 if (resp == WLAN_STATUS_UNKNOWN_PASSWORD_IDENTIFIER) { 982 wpa_msg(hapd->msg_ctx, MSG_INFO, 983 WPA_EVENT_SAE_UNKNOWN_PASSWORD_IDENTIFIER 984 MACSTR, MAC2STR(sta->addr)); 985 sae_clear_retransmit_timer(hapd, sta); 986 sae_set_state(sta, SAE_NOTHING, 987 "Unknown Password Identifier"); 988 goto remove_sta; 989 } 990 991 if (token && check_sae_token(hapd, sta->addr, token, token_len) 992 < 0) { 993 wpa_printf(MSG_DEBUG, "SAE: Drop commit message with " 994 "incorrect token from " MACSTR, 995 MAC2STR(sta->addr)); 996 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 997 goto remove_sta; 998 } 999 1000 if (resp != WLAN_STATUS_SUCCESS) 1001 goto reply; 1002 1003 if (!token && use_sae_anti_clogging(hapd)) { 1004 wpa_printf(MSG_DEBUG, 1005 "SAE: Request anti-clogging token from " 1006 MACSTR, MAC2STR(sta->addr)); 1007 data = auth_build_token_req(hapd, sta->sae->group, 1008 sta->addr); 1009 resp = WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ; 1010 if (hapd->conf->mesh & MESH_ENABLED) 1011 sae_set_state(sta, SAE_NOTHING, 1012 "Request anti-clogging token case in mesh"); 1013 goto reply; 1014 } 1015 1016 resp = sae_sm_step(hapd, sta, mgmt->bssid, auth_transaction); 1017 } else if (auth_transaction == 2) { 1018 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1019 HOSTAPD_LEVEL_DEBUG, 1020 "SAE authentication (RX confirm, status=%u)", 1021 status_code); 1022 if (status_code != WLAN_STATUS_SUCCESS) 1023 goto remove_sta; 1024 if (sta->sae->state >= SAE_CONFIRMED || 1025 !(hapd->conf->mesh & MESH_ENABLED)) { 1026 const u8 *var; 1027 size_t var_len; 1028 u16 peer_send_confirm; 1029 1030 var = mgmt->u.auth.variable; 1031 var_len = ((u8 *) mgmt) + len - mgmt->u.auth.variable; 1032 if (var_len < 2) { 1033 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1034 goto reply; 1035 } 1036 1037 peer_send_confirm = WPA_GET_LE16(var); 1038 1039 if (sta->sae->state == SAE_ACCEPTED && 1040 (peer_send_confirm <= sta->sae->rc || 1041 peer_send_confirm == 0xffff)) { 1042 wpa_printf(MSG_DEBUG, 1043 "SAE: Silently ignore unexpected Confirm from peer " 1044 MACSTR 1045 " (peer-send-confirm=%u Rc=%u)", 1046 MAC2STR(sta->addr), 1047 peer_send_confirm, sta->sae->rc); 1048 return; 1049 } 1050 1051 if (sae_check_confirm(sta->sae, var, var_len) < 0) { 1052 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1053 goto reply; 1054 } 1055 sta->sae->rc = peer_send_confirm; 1056 } 1057 resp = sae_sm_step(hapd, sta, mgmt->bssid, auth_transaction); 1058 } else { 1059 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1060 HOSTAPD_LEVEL_DEBUG, 1061 "unexpected SAE authentication transaction %u (status=%u)", 1062 auth_transaction, status_code); 1063 if (status_code != WLAN_STATUS_SUCCESS) 1064 goto remove_sta; 1065 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 1066 } 1067 1068 reply: 1069 if (resp != WLAN_STATUS_SUCCESS) { 1070 send_auth_reply(hapd, mgmt->sa, mgmt->bssid, WLAN_AUTH_SAE, 1071 auth_transaction, resp, 1072 data ? wpabuf_head(data) : (u8 *) "", 1073 data ? wpabuf_len(data) : 0, "auth-sae"); 1074 } 1075 1076 remove_sta: 1077 if (sta->added_unassoc && (resp != WLAN_STATUS_SUCCESS || 1078 status_code != WLAN_STATUS_SUCCESS)) { 1079 hostapd_drv_sta_remove(hapd, sta->addr); 1080 sta->added_unassoc = 0; 1081 } 1082 wpabuf_free(data); 1083 } 1084 1085 1086 /** 1087 * auth_sae_init_committed - Send COMMIT and start SAE in committed state 1088 * @hapd: BSS data for the device initiating the authentication 1089 * @sta: the peer to which commit authentication frame is sent 1090 * 1091 * This function implements Init event handling (IEEE Std 802.11-2012, 1092 * 11.3.8.6.3) in which initial COMMIT message is sent. Prior to calling, the 1093 * sta->sae structure should be initialized appropriately via a call to 1094 * sae_prepare_commit(). 1095 */ 1096 int auth_sae_init_committed(struct hostapd_data *hapd, struct sta_info *sta) 1097 { 1098 int ret; 1099 1100 if (!sta->sae || !sta->sae->tmp) 1101 return -1; 1102 1103 if (sta->sae->state != SAE_NOTHING) 1104 return -1; 1105 1106 ret = auth_sae_send_commit(hapd, sta, hapd->own_addr, 0); 1107 if (ret) 1108 return -1; 1109 1110 sae_set_state(sta, SAE_COMMITTED, "Init and sent commit"); 1111 sta->sae->sync = 0; 1112 sae_set_retransmit_timer(hapd, sta); 1113 1114 return 0; 1115 } 1116 1117 #endif /* CONFIG_SAE */ 1118 1119 1120 static u16 wpa_res_to_status_code(int res) 1121 { 1122 if (res == WPA_INVALID_GROUP) 1123 return WLAN_STATUS_GROUP_CIPHER_NOT_VALID; 1124 if (res == WPA_INVALID_PAIRWISE) 1125 return WLAN_STATUS_PAIRWISE_CIPHER_NOT_VALID; 1126 if (res == WPA_INVALID_AKMP) 1127 return WLAN_STATUS_AKMP_NOT_VALID; 1128 if (res == WPA_ALLOC_FAIL) 1129 return WLAN_STATUS_UNSPECIFIED_FAILURE; 1130 #ifdef CONFIG_IEEE80211W 1131 if (res == WPA_MGMT_FRAME_PROTECTION_VIOLATION) 1132 return WLAN_STATUS_ROBUST_MGMT_FRAME_POLICY_VIOLATION; 1133 if (res == WPA_INVALID_MGMT_GROUP_CIPHER) 1134 return WLAN_STATUS_CIPHER_REJECTED_PER_POLICY; 1135 #endif /* CONFIG_IEEE80211W */ 1136 if (res == WPA_INVALID_MDIE) 1137 return WLAN_STATUS_INVALID_MDIE; 1138 if (res == WPA_INVALID_PMKID) 1139 return WLAN_STATUS_INVALID_PMKID; 1140 if (res != WPA_IE_OK) 1141 return WLAN_STATUS_INVALID_IE; 1142 return WLAN_STATUS_SUCCESS; 1143 } 1144 1145 1146 #ifdef CONFIG_FILS 1147 1148 static void handle_auth_fils_finish(struct hostapd_data *hapd, 1149 struct sta_info *sta, u16 resp, 1150 struct wpabuf *data, int pub); 1151 1152 void handle_auth_fils(struct hostapd_data *hapd, struct sta_info *sta, 1153 const u8 *pos, size_t len, u16 auth_alg, 1154 u16 auth_transaction, u16 status_code, 1155 void (*cb)(struct hostapd_data *hapd, 1156 struct sta_info *sta, u16 resp, 1157 struct wpabuf *data, int pub)) 1158 { 1159 u16 resp = WLAN_STATUS_SUCCESS; 1160 const u8 *end; 1161 struct ieee802_11_elems elems; 1162 int res; 1163 struct wpa_ie_data rsn; 1164 struct rsn_pmksa_cache_entry *pmksa = NULL; 1165 1166 if (auth_transaction != 1 || status_code != WLAN_STATUS_SUCCESS) 1167 return; 1168 1169 end = pos + len; 1170 1171 wpa_hexdump(MSG_DEBUG, "FILS: Authentication frame fields", 1172 pos, end - pos); 1173 1174 /* TODO: FILS PK */ 1175 #ifdef CONFIG_FILS_SK_PFS 1176 if (auth_alg == WLAN_AUTH_FILS_SK_PFS) { 1177 u16 group; 1178 struct wpabuf *pub; 1179 size_t elem_len; 1180 1181 /* Using FILS PFS */ 1182 1183 /* Finite Cyclic Group */ 1184 if (end - pos < 2) { 1185 wpa_printf(MSG_DEBUG, 1186 "FILS: No room for Finite Cyclic Group"); 1187 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1188 goto fail; 1189 } 1190 group = WPA_GET_LE16(pos); 1191 pos += 2; 1192 if (group != hapd->conf->fils_dh_group) { 1193 wpa_printf(MSG_DEBUG, 1194 "FILS: Unsupported Finite Cyclic Group: %u (expected %u)", 1195 group, hapd->conf->fils_dh_group); 1196 resp = WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED; 1197 goto fail; 1198 } 1199 1200 crypto_ecdh_deinit(sta->fils_ecdh); 1201 sta->fils_ecdh = crypto_ecdh_init(group); 1202 if (!sta->fils_ecdh) { 1203 wpa_printf(MSG_INFO, 1204 "FILS: Could not initialize ECDH with group %d", 1205 group); 1206 resp = WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED; 1207 goto fail; 1208 } 1209 1210 pub = crypto_ecdh_get_pubkey(sta->fils_ecdh, 1); 1211 if (!pub) { 1212 wpa_printf(MSG_DEBUG, 1213 "FILS: Failed to derive ECDH public key"); 1214 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1215 goto fail; 1216 } 1217 elem_len = wpabuf_len(pub); 1218 wpabuf_free(pub); 1219 1220 /* Element */ 1221 if ((size_t) (end - pos) < elem_len) { 1222 wpa_printf(MSG_DEBUG, "FILS: No room for Element"); 1223 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1224 goto fail; 1225 } 1226 1227 wpabuf_free(sta->fils_g_sta); 1228 sta->fils_g_sta = wpabuf_alloc_copy(pos, elem_len); 1229 wpabuf_clear_free(sta->fils_dh_ss); 1230 sta->fils_dh_ss = crypto_ecdh_set_peerkey(sta->fils_ecdh, 1, 1231 pos, elem_len); 1232 if (!sta->fils_dh_ss) { 1233 wpa_printf(MSG_DEBUG, "FILS: ECDH operation failed"); 1234 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1235 goto fail; 1236 } 1237 wpa_hexdump_buf_key(MSG_DEBUG, "FILS: DH_SS", sta->fils_dh_ss); 1238 pos += elem_len; 1239 } else { 1240 crypto_ecdh_deinit(sta->fils_ecdh); 1241 sta->fils_ecdh = NULL; 1242 wpabuf_clear_free(sta->fils_dh_ss); 1243 sta->fils_dh_ss = NULL; 1244 } 1245 #endif /* CONFIG_FILS_SK_PFS */ 1246 1247 wpa_hexdump(MSG_DEBUG, "FILS: Remaining IEs", pos, end - pos); 1248 if (ieee802_11_parse_elems(pos, end - pos, &elems, 1) == ParseFailed) { 1249 wpa_printf(MSG_DEBUG, "FILS: Could not parse elements"); 1250 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1251 goto fail; 1252 } 1253 1254 /* RSNE */ 1255 wpa_hexdump(MSG_DEBUG, "FILS: RSN element", 1256 elems.rsn_ie, elems.rsn_ie_len); 1257 if (!elems.rsn_ie || 1258 wpa_parse_wpa_ie_rsn(elems.rsn_ie - 2, elems.rsn_ie_len + 2, 1259 &rsn) < 0) { 1260 wpa_printf(MSG_DEBUG, "FILS: No valid RSN element"); 1261 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1262 goto fail; 1263 } 1264 1265 if (!sta->wpa_sm) 1266 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, sta->addr, 1267 NULL); 1268 if (!sta->wpa_sm) { 1269 wpa_printf(MSG_DEBUG, 1270 "FILS: Failed to initialize RSN state machine"); 1271 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1272 goto fail; 1273 } 1274 1275 res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm, 1276 elems.rsn_ie - 2, elems.rsn_ie_len + 2, 1277 elems.mdie, elems.mdie_len, NULL, 0); 1278 resp = wpa_res_to_status_code(res); 1279 if (resp != WLAN_STATUS_SUCCESS) 1280 goto fail; 1281 1282 if (!elems.fils_nonce) { 1283 wpa_printf(MSG_DEBUG, "FILS: No FILS Nonce field"); 1284 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1285 goto fail; 1286 } 1287 wpa_hexdump(MSG_DEBUG, "FILS: SNonce", elems.fils_nonce, 1288 FILS_NONCE_LEN); 1289 os_memcpy(sta->fils_snonce, elems.fils_nonce, FILS_NONCE_LEN); 1290 1291 /* PMKID List */ 1292 if (rsn.pmkid && rsn.num_pmkid > 0) { 1293 u8 num; 1294 const u8 *pmkid; 1295 1296 wpa_hexdump(MSG_DEBUG, "FILS: PMKID List", 1297 rsn.pmkid, rsn.num_pmkid * PMKID_LEN); 1298 1299 pmkid = rsn.pmkid; 1300 num = rsn.num_pmkid; 1301 while (num) { 1302 wpa_hexdump(MSG_DEBUG, "FILS: PMKID", pmkid, PMKID_LEN); 1303 pmksa = wpa_auth_pmksa_get(hapd->wpa_auth, sta->addr, 1304 pmkid); 1305 if (pmksa) 1306 break; 1307 pmksa = wpa_auth_pmksa_get_fils_cache_id(hapd->wpa_auth, 1308 sta->addr, 1309 pmkid); 1310 if (pmksa) 1311 break; 1312 pmkid += PMKID_LEN; 1313 num--; 1314 } 1315 } 1316 if (pmksa && wpa_auth_sta_key_mgmt(sta->wpa_sm) != pmksa->akmp) { 1317 wpa_printf(MSG_DEBUG, 1318 "FILS: Matching PMKSA cache entry has different AKMP (0x%x != 0x%x) - ignore", 1319 wpa_auth_sta_key_mgmt(sta->wpa_sm), pmksa->akmp); 1320 pmksa = NULL; 1321 } 1322 if (pmksa) 1323 wpa_printf(MSG_DEBUG, "FILS: Found matching PMKSA cache entry"); 1324 1325 /* FILS Session */ 1326 if (!elems.fils_session) { 1327 wpa_printf(MSG_DEBUG, "FILS: No FILS Session element"); 1328 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1329 goto fail; 1330 } 1331 wpa_hexdump(MSG_DEBUG, "FILS: FILS Session", elems.fils_session, 1332 FILS_SESSION_LEN); 1333 os_memcpy(sta->fils_session, elems.fils_session, FILS_SESSION_LEN); 1334 1335 /* FILS Wrapped Data */ 1336 if (elems.fils_wrapped_data) { 1337 wpa_hexdump(MSG_DEBUG, "FILS: Wrapped Data", 1338 elems.fils_wrapped_data, 1339 elems.fils_wrapped_data_len); 1340 if (!pmksa) { 1341 #ifndef CONFIG_NO_RADIUS 1342 if (!sta->eapol_sm) { 1343 sta->eapol_sm = 1344 ieee802_1x_alloc_eapol_sm(hapd, sta); 1345 } 1346 wpa_printf(MSG_DEBUG, 1347 "FILS: Forward EAP-Initiate/Re-auth to authentication server"); 1348 ieee802_1x_encapsulate_radius( 1349 hapd, sta, elems.fils_wrapped_data, 1350 elems.fils_wrapped_data_len); 1351 sta->fils_pending_cb = cb; 1352 wpa_printf(MSG_DEBUG, 1353 "FILS: Will send Authentication frame once the response from authentication server is available"); 1354 sta->flags |= WLAN_STA_PENDING_FILS_ERP; 1355 /* Calculate pending PMKID here so that we do not need 1356 * to maintain a copy of the EAP-Initiate/Reauth 1357 * message. */ 1358 if (fils_pmkid_erp(wpa_auth_sta_key_mgmt(sta->wpa_sm), 1359 elems.fils_wrapped_data, 1360 elems.fils_wrapped_data_len, 1361 sta->fils_erp_pmkid) == 0) 1362 sta->fils_erp_pmkid_set = 1; 1363 return; 1364 #else /* CONFIG_NO_RADIUS */ 1365 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1366 goto fail; 1367 #endif /* CONFIG_NO_RADIUS */ 1368 } 1369 } 1370 1371 fail: 1372 if (cb) { 1373 struct wpabuf *data; 1374 int pub = 0; 1375 1376 data = prepare_auth_resp_fils(hapd, sta, &resp, pmksa, NULL, 1377 NULL, 0, &pub); 1378 if (!data) { 1379 wpa_printf(MSG_DEBUG, 1380 "%s: prepare_auth_resp_fils() returned failure", 1381 __func__); 1382 } 1383 1384 cb(hapd, sta, resp, data, pub); 1385 } 1386 } 1387 1388 1389 static struct wpabuf * 1390 prepare_auth_resp_fils(struct hostapd_data *hapd, 1391 struct sta_info *sta, u16 *resp, 1392 struct rsn_pmksa_cache_entry *pmksa, 1393 struct wpabuf *erp_resp, 1394 const u8 *msk, size_t msk_len, 1395 int *is_pub) 1396 { 1397 u8 fils_nonce[FILS_NONCE_LEN]; 1398 size_t ielen; 1399 struct wpabuf *data = NULL; 1400 const u8 *ie; 1401 u8 *ie_buf = NULL; 1402 const u8 *pmk = NULL; 1403 size_t pmk_len = 0; 1404 u8 pmk_buf[PMK_LEN_MAX]; 1405 struct wpabuf *pub = NULL; 1406 1407 if (*resp != WLAN_STATUS_SUCCESS) 1408 goto fail; 1409 1410 ie = wpa_auth_get_wpa_ie(hapd->wpa_auth, &ielen); 1411 if (!ie) { 1412 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1413 goto fail; 1414 } 1415 1416 if (pmksa) { 1417 /* Add PMKID of the selected PMKSA into RSNE */ 1418 ie_buf = os_malloc(ielen + 2 + 2 + PMKID_LEN); 1419 if (!ie_buf) { 1420 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1421 goto fail; 1422 } 1423 1424 os_memcpy(ie_buf, ie, ielen); 1425 if (wpa_insert_pmkid(ie_buf, &ielen, pmksa->pmkid) < 0) { 1426 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1427 goto fail; 1428 } 1429 ie = ie_buf; 1430 } 1431 1432 if (random_get_bytes(fils_nonce, FILS_NONCE_LEN) < 0) { 1433 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1434 goto fail; 1435 } 1436 wpa_hexdump(MSG_DEBUG, "RSN: Generated FILS Nonce", 1437 fils_nonce, FILS_NONCE_LEN); 1438 1439 #ifdef CONFIG_FILS_SK_PFS 1440 if (sta->fils_dh_ss && sta->fils_ecdh) { 1441 pub = crypto_ecdh_get_pubkey(sta->fils_ecdh, 1); 1442 if (!pub) { 1443 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1444 goto fail; 1445 } 1446 } 1447 #endif /* CONFIG_FILS_SK_PFS */ 1448 1449 data = wpabuf_alloc(1000 + ielen + (pub ? wpabuf_len(pub) : 0)); 1450 if (!data) { 1451 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1452 goto fail; 1453 } 1454 1455 /* TODO: FILS PK */ 1456 #ifdef CONFIG_FILS_SK_PFS 1457 if (pub) { 1458 /* Finite Cyclic Group */ 1459 wpabuf_put_le16(data, hapd->conf->fils_dh_group); 1460 1461 /* Element */ 1462 wpabuf_put_buf(data, pub); 1463 } 1464 #endif /* CONFIG_FILS_SK_PFS */ 1465 1466 /* RSNE */ 1467 wpabuf_put_data(data, ie, ielen); 1468 1469 /* MDE when using FILS+FT (already included in ie,ielen with RSNE) */ 1470 1471 #ifdef CONFIG_IEEE80211R_AP 1472 if (wpa_key_mgmt_ft(wpa_auth_sta_key_mgmt(sta->wpa_sm))) { 1473 /* FTE[R1KH-ID,R0KH-ID] when using FILS+FT */ 1474 int res; 1475 int use_sha384 = wpa_key_mgmt_sha384( 1476 wpa_auth_sta_key_mgmt(sta->wpa_sm)); 1477 1478 res = wpa_auth_write_fte(hapd->wpa_auth, use_sha384, 1479 wpabuf_put(data, 0), 1480 wpabuf_tailroom(data)); 1481 if (res < 0) { 1482 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1483 goto fail; 1484 } 1485 wpabuf_put(data, res); 1486 } 1487 #endif /* CONFIG_IEEE80211R_AP */ 1488 1489 /* FILS Nonce */ 1490 wpabuf_put_u8(data, WLAN_EID_EXTENSION); /* Element ID */ 1491 wpabuf_put_u8(data, 1 + FILS_NONCE_LEN); /* Length */ 1492 /* Element ID Extension */ 1493 wpabuf_put_u8(data, WLAN_EID_EXT_FILS_NONCE); 1494 wpabuf_put_data(data, fils_nonce, FILS_NONCE_LEN); 1495 1496 /* FILS Session */ 1497 wpabuf_put_u8(data, WLAN_EID_EXTENSION); /* Element ID */ 1498 wpabuf_put_u8(data, 1 + FILS_SESSION_LEN); /* Length */ 1499 /* Element ID Extension */ 1500 wpabuf_put_u8(data, WLAN_EID_EXT_FILS_SESSION); 1501 wpabuf_put_data(data, sta->fils_session, FILS_SESSION_LEN); 1502 1503 /* FILS Wrapped Data */ 1504 if (!pmksa && erp_resp) { 1505 wpabuf_put_u8(data, WLAN_EID_EXTENSION); /* Element ID */ 1506 wpabuf_put_u8(data, 1 + wpabuf_len(erp_resp)); /* Length */ 1507 /* Element ID Extension */ 1508 wpabuf_put_u8(data, WLAN_EID_EXT_FILS_WRAPPED_DATA); 1509 wpabuf_put_buf(data, erp_resp); 1510 1511 if (fils_rmsk_to_pmk(wpa_auth_sta_key_mgmt(sta->wpa_sm), 1512 msk, msk_len, sta->fils_snonce, fils_nonce, 1513 sta->fils_dh_ss ? 1514 wpabuf_head(sta->fils_dh_ss) : NULL, 1515 sta->fils_dh_ss ? 1516 wpabuf_len(sta->fils_dh_ss) : 0, 1517 pmk_buf, &pmk_len)) { 1518 wpa_printf(MSG_DEBUG, "FILS: Failed to derive PMK"); 1519 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1520 wpabuf_free(data); 1521 data = NULL; 1522 goto fail; 1523 } 1524 pmk = pmk_buf; 1525 1526 /* Don't use DHss in PTK derivation if PMKSA caching is not 1527 * used. */ 1528 wpabuf_clear_free(sta->fils_dh_ss); 1529 sta->fils_dh_ss = NULL; 1530 1531 if (sta->fils_erp_pmkid_set) { 1532 /* TODO: get PMKLifetime from WPA parameters */ 1533 unsigned int dot11RSNAConfigPMKLifetime = 43200; 1534 int session_timeout; 1535 1536 session_timeout = dot11RSNAConfigPMKLifetime; 1537 if (sta->session_timeout_set) { 1538 struct os_reltime now, diff; 1539 1540 os_get_reltime(&now); 1541 os_reltime_sub(&sta->session_timeout, &now, 1542 &diff); 1543 session_timeout = diff.sec; 1544 } 1545 1546 sta->fils_erp_pmkid_set = 0; 1547 if (wpa_auth_pmksa_add2( 1548 hapd->wpa_auth, sta->addr, 1549 pmk, pmk_len, 1550 sta->fils_erp_pmkid, 1551 session_timeout, 1552 wpa_auth_sta_key_mgmt(sta->wpa_sm)) < 0) { 1553 wpa_printf(MSG_ERROR, 1554 "FILS: Failed to add PMKSA cache entry based on ERP"); 1555 } 1556 } 1557 } else if (pmksa) { 1558 pmk = pmksa->pmk; 1559 pmk_len = pmksa->pmk_len; 1560 } 1561 1562 if (!pmk) { 1563 wpa_printf(MSG_DEBUG, "FILS: No PMK available"); 1564 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1565 wpabuf_free(data); 1566 data = NULL; 1567 goto fail; 1568 } 1569 1570 if (fils_auth_pmk_to_ptk(sta->wpa_sm, pmk, pmk_len, 1571 sta->fils_snonce, fils_nonce, 1572 sta->fils_dh_ss ? 1573 wpabuf_head(sta->fils_dh_ss) : NULL, 1574 sta->fils_dh_ss ? 1575 wpabuf_len(sta->fils_dh_ss) : 0, 1576 sta->fils_g_sta, pub) < 0) { 1577 *resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1578 wpabuf_free(data); 1579 data = NULL; 1580 goto fail; 1581 } 1582 1583 fail: 1584 if (is_pub) 1585 *is_pub = pub != NULL; 1586 os_free(ie_buf); 1587 wpabuf_free(pub); 1588 wpabuf_clear_free(sta->fils_dh_ss); 1589 sta->fils_dh_ss = NULL; 1590 #ifdef CONFIG_FILS_SK_PFS 1591 crypto_ecdh_deinit(sta->fils_ecdh); 1592 sta->fils_ecdh = NULL; 1593 #endif /* CONFIG_FILS_SK_PFS */ 1594 return data; 1595 } 1596 1597 1598 static void handle_auth_fils_finish(struct hostapd_data *hapd, 1599 struct sta_info *sta, u16 resp, 1600 struct wpabuf *data, int pub) 1601 { 1602 u16 auth_alg; 1603 1604 auth_alg = (pub || 1605 resp == WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED) ? 1606 WLAN_AUTH_FILS_SK_PFS : WLAN_AUTH_FILS_SK; 1607 send_auth_reply(hapd, sta->addr, hapd->own_addr, auth_alg, 2, resp, 1608 data ? wpabuf_head(data) : (u8 *) "", 1609 data ? wpabuf_len(data) : 0, "auth-fils-finish"); 1610 wpabuf_free(data); 1611 1612 if (resp == WLAN_STATUS_SUCCESS) { 1613 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 1614 HOSTAPD_LEVEL_DEBUG, 1615 "authentication OK (FILS)"); 1616 sta->flags |= WLAN_STA_AUTH; 1617 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); 1618 sta->auth_alg = pub ? WLAN_AUTH_FILS_SK_PFS : WLAN_AUTH_FILS_SK; 1619 mlme_authenticate_indication(hapd, sta); 1620 } 1621 } 1622 1623 1624 void ieee802_11_finish_fils_auth(struct hostapd_data *hapd, 1625 struct sta_info *sta, int success, 1626 struct wpabuf *erp_resp, 1627 const u8 *msk, size_t msk_len) 1628 { 1629 struct wpabuf *data; 1630 int pub = 0; 1631 u16 resp; 1632 1633 sta->flags &= ~WLAN_STA_PENDING_FILS_ERP; 1634 1635 if (!sta->fils_pending_cb) 1636 return; 1637 resp = success ? WLAN_STATUS_SUCCESS : WLAN_STATUS_UNSPECIFIED_FAILURE; 1638 data = prepare_auth_resp_fils(hapd, sta, &resp, NULL, erp_resp, 1639 msk, msk_len, &pub); 1640 if (!data) { 1641 wpa_printf(MSG_DEBUG, 1642 "%s: prepare_auth_resp_fils() returned failure", 1643 __func__); 1644 } 1645 sta->fils_pending_cb(hapd, sta, resp, data, pub); 1646 } 1647 1648 #endif /* CONFIG_FILS */ 1649 1650 1651 int 1652 ieee802_11_allowed_address(struct hostapd_data *hapd, const u8 *addr, 1653 const u8 *msg, size_t len, u32 *session_timeout, 1654 u32 *acct_interim_interval, 1655 struct vlan_description *vlan_id, 1656 struct hostapd_sta_wpa_psk_short **psk, 1657 char **identity, char **radius_cui, int is_probe_req) 1658 { 1659 int res; 1660 1661 os_memset(vlan_id, 0, sizeof(*vlan_id)); 1662 res = hostapd_allowed_address(hapd, addr, msg, len, 1663 session_timeout, acct_interim_interval, 1664 vlan_id, psk, identity, radius_cui, 1665 is_probe_req); 1666 1667 if (res == HOSTAPD_ACL_REJECT) { 1668 if (!is_probe_req) 1669 wpa_printf(MSG_DEBUG, 1670 "Station " MACSTR 1671 " not allowed to authenticate", 1672 MAC2STR(addr)); 1673 return HOSTAPD_ACL_REJECT; 1674 } 1675 1676 if (res == HOSTAPD_ACL_PENDING) { 1677 wpa_printf(MSG_DEBUG, "Authentication frame from " MACSTR 1678 " waiting for an external authentication", 1679 MAC2STR(addr)); 1680 /* Authentication code will re-send the authentication frame 1681 * after it has received (and cached) information from the 1682 * external source. */ 1683 return HOSTAPD_ACL_PENDING; 1684 } 1685 1686 return res; 1687 } 1688 1689 1690 static int 1691 ieee802_11_set_radius_info(struct hostapd_data *hapd, struct sta_info *sta, 1692 int res, u32 session_timeout, 1693 u32 acct_interim_interval, 1694 struct vlan_description *vlan_id, 1695 struct hostapd_sta_wpa_psk_short **psk, 1696 char **identity, char **radius_cui) 1697 { 1698 if (vlan_id->notempty && 1699 !hostapd_vlan_valid(hapd->conf->vlan, vlan_id)) { 1700 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS, 1701 HOSTAPD_LEVEL_INFO, 1702 "Invalid VLAN %d%s received from RADIUS server", 1703 vlan_id->untagged, 1704 vlan_id->tagged[0] ? "+" : ""); 1705 return -1; 1706 } 1707 if (ap_sta_set_vlan(hapd, sta, vlan_id) < 0) 1708 return -1; 1709 if (sta->vlan_id) 1710 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_RADIUS, 1711 HOSTAPD_LEVEL_INFO, "VLAN ID %d", sta->vlan_id); 1712 1713 hostapd_free_psk_list(sta->psk); 1714 if (hapd->conf->wpa_psk_radius != PSK_RADIUS_IGNORED) { 1715 sta->psk = *psk; 1716 *psk = NULL; 1717 } else { 1718 sta->psk = NULL; 1719 } 1720 1721 os_free(sta->identity); 1722 sta->identity = *identity; 1723 *identity = NULL; 1724 1725 os_free(sta->radius_cui); 1726 sta->radius_cui = *radius_cui; 1727 *radius_cui = NULL; 1728 1729 if (hapd->conf->acct_interim_interval == 0 && acct_interim_interval) 1730 sta->acct_interim_interval = acct_interim_interval; 1731 if (res == HOSTAPD_ACL_ACCEPT_TIMEOUT) { 1732 sta->session_timeout_set = 1; 1733 os_get_reltime(&sta->session_timeout); 1734 sta->session_timeout.sec += session_timeout; 1735 ap_sta_session_timeout(hapd, sta, session_timeout); 1736 } else { 1737 sta->session_timeout_set = 0; 1738 ap_sta_no_session_timeout(hapd, sta); 1739 } 1740 1741 return 0; 1742 } 1743 1744 1745 static void handle_auth(struct hostapd_data *hapd, 1746 const struct ieee80211_mgmt *mgmt, size_t len) 1747 { 1748 u16 auth_alg, auth_transaction, status_code; 1749 u16 resp = WLAN_STATUS_SUCCESS; 1750 struct sta_info *sta = NULL; 1751 int res, reply_res; 1752 u16 fc; 1753 const u8 *challenge = NULL; 1754 u32 session_timeout, acct_interim_interval; 1755 struct vlan_description vlan_id; 1756 struct hostapd_sta_wpa_psk_short *psk = NULL; 1757 u8 resp_ies[2 + WLAN_AUTH_CHALLENGE_LEN]; 1758 size_t resp_ies_len = 0; 1759 char *identity = NULL; 1760 char *radius_cui = NULL; 1761 u16 seq_ctrl; 1762 1763 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) { 1764 wpa_printf(MSG_INFO, "handle_auth - too short payload (len=%lu)", 1765 (unsigned long) len); 1766 return; 1767 } 1768 1769 #ifdef CONFIG_TESTING_OPTIONS 1770 if (hapd->iconf->ignore_auth_probability > 0.0 && 1771 drand48() < hapd->iconf->ignore_auth_probability) { 1772 wpa_printf(MSG_INFO, 1773 "TESTING: ignoring auth frame from " MACSTR, 1774 MAC2STR(mgmt->sa)); 1775 return; 1776 } 1777 #endif /* CONFIG_TESTING_OPTIONS */ 1778 1779 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 1780 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction); 1781 status_code = le_to_host16(mgmt->u.auth.status_code); 1782 fc = le_to_host16(mgmt->frame_control); 1783 seq_ctrl = le_to_host16(mgmt->seq_ctrl); 1784 1785 if (len >= IEEE80211_HDRLEN + sizeof(mgmt->u.auth) + 1786 2 + WLAN_AUTH_CHALLENGE_LEN && 1787 mgmt->u.auth.variable[0] == WLAN_EID_CHALLENGE && 1788 mgmt->u.auth.variable[1] == WLAN_AUTH_CHALLENGE_LEN) 1789 challenge = &mgmt->u.auth.variable[2]; 1790 1791 wpa_printf(MSG_DEBUG, "authentication: STA=" MACSTR " auth_alg=%d " 1792 "auth_transaction=%d status_code=%d wep=%d%s " 1793 "seq_ctrl=0x%x%s", 1794 MAC2STR(mgmt->sa), auth_alg, auth_transaction, 1795 status_code, !!(fc & WLAN_FC_ISWEP), 1796 challenge ? " challenge" : "", 1797 seq_ctrl, (fc & WLAN_FC_RETRY) ? " retry" : ""); 1798 1799 #ifdef CONFIG_NO_RC4 1800 if (auth_alg == WLAN_AUTH_SHARED_KEY) { 1801 wpa_printf(MSG_INFO, 1802 "Unsupported authentication algorithm (%d)", 1803 auth_alg); 1804 resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG; 1805 goto fail; 1806 } 1807 #endif /* CONFIG_NO_RC4 */ 1808 1809 if (hapd->tkip_countermeasures) { 1810 wpa_printf(MSG_DEBUG, 1811 "Ongoing TKIP countermeasures (Michael MIC failure) - reject authentication"); 1812 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1813 goto fail; 1814 } 1815 1816 if (!(((hapd->conf->auth_algs & WPA_AUTH_ALG_OPEN) && 1817 auth_alg == WLAN_AUTH_OPEN) || 1818 #ifdef CONFIG_IEEE80211R_AP 1819 (hapd->conf->wpa && wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt) && 1820 auth_alg == WLAN_AUTH_FT) || 1821 #endif /* CONFIG_IEEE80211R_AP */ 1822 #ifdef CONFIG_SAE 1823 (hapd->conf->wpa && wpa_key_mgmt_sae(hapd->conf->wpa_key_mgmt) && 1824 auth_alg == WLAN_AUTH_SAE) || 1825 #endif /* CONFIG_SAE */ 1826 #ifdef CONFIG_FILS 1827 (hapd->conf->wpa && wpa_key_mgmt_fils(hapd->conf->wpa_key_mgmt) && 1828 auth_alg == WLAN_AUTH_FILS_SK) || 1829 (hapd->conf->wpa && wpa_key_mgmt_fils(hapd->conf->wpa_key_mgmt) && 1830 hapd->conf->fils_dh_group && 1831 auth_alg == WLAN_AUTH_FILS_SK_PFS) || 1832 #endif /* CONFIG_FILS */ 1833 ((hapd->conf->auth_algs & WPA_AUTH_ALG_SHARED) && 1834 auth_alg == WLAN_AUTH_SHARED_KEY))) { 1835 wpa_printf(MSG_INFO, "Unsupported authentication algorithm (%d)", 1836 auth_alg); 1837 resp = WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG; 1838 goto fail; 1839 } 1840 1841 if (!(auth_transaction == 1 || auth_alg == WLAN_AUTH_SAE || 1842 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 3))) { 1843 wpa_printf(MSG_INFO, "Unknown authentication transaction number (%d)", 1844 auth_transaction); 1845 resp = WLAN_STATUS_UNKNOWN_AUTH_TRANSACTION; 1846 goto fail; 1847 } 1848 1849 if (os_memcmp(mgmt->sa, hapd->own_addr, ETH_ALEN) == 0) { 1850 wpa_printf(MSG_INFO, "Station " MACSTR " not allowed to authenticate", 1851 MAC2STR(mgmt->sa)); 1852 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1853 goto fail; 1854 } 1855 1856 if (hapd->conf->no_auth_if_seen_on) { 1857 struct hostapd_data *other; 1858 1859 other = sta_track_seen_on(hapd->iface, mgmt->sa, 1860 hapd->conf->no_auth_if_seen_on); 1861 if (other) { 1862 u8 *pos; 1863 u32 info; 1864 u8 op_class, channel, phytype; 1865 1866 wpa_printf(MSG_DEBUG, "%s: Reject authentication from " 1867 MACSTR " since STA has been seen on %s", 1868 hapd->conf->iface, MAC2STR(mgmt->sa), 1869 hapd->conf->no_auth_if_seen_on); 1870 1871 resp = WLAN_STATUS_REJECTED_WITH_SUGGESTED_BSS_TRANSITION; 1872 pos = &resp_ies[0]; 1873 *pos++ = WLAN_EID_NEIGHBOR_REPORT; 1874 *pos++ = 13; 1875 os_memcpy(pos, other->own_addr, ETH_ALEN); 1876 pos += ETH_ALEN; 1877 info = 0; /* TODO: BSSID Information */ 1878 WPA_PUT_LE32(pos, info); 1879 pos += 4; 1880 if (other->iconf->hw_mode == HOSTAPD_MODE_IEEE80211AD) 1881 phytype = 8; /* dmg */ 1882 else if (other->iconf->ieee80211ac) 1883 phytype = 9; /* vht */ 1884 else if (other->iconf->ieee80211n) 1885 phytype = 7; /* ht */ 1886 else if (other->iconf->hw_mode == 1887 HOSTAPD_MODE_IEEE80211A) 1888 phytype = 4; /* ofdm */ 1889 else if (other->iconf->hw_mode == 1890 HOSTAPD_MODE_IEEE80211G) 1891 phytype = 6; /* erp */ 1892 else 1893 phytype = 5; /* hrdsss */ 1894 if (ieee80211_freq_to_channel_ext( 1895 hostapd_hw_get_freq(other, 1896 other->iconf->channel), 1897 other->iconf->secondary_channel, 1898 other->iconf->ieee80211ac, 1899 &op_class, &channel) == NUM_HOSTAPD_MODES) { 1900 op_class = 0; 1901 channel = other->iconf->channel; 1902 } 1903 *pos++ = op_class; 1904 *pos++ = channel; 1905 *pos++ = phytype; 1906 resp_ies_len = pos - &resp_ies[0]; 1907 goto fail; 1908 } 1909 } 1910 1911 res = ieee802_11_allowed_address( 1912 hapd, mgmt->sa, (const u8 *) mgmt, len, &session_timeout, 1913 &acct_interim_interval, &vlan_id, &psk, &identity, &radius_cui, 1914 0); 1915 if (res == HOSTAPD_ACL_REJECT) { 1916 wpa_msg(hapd->msg_ctx, MSG_DEBUG, 1917 "Ignore Authentication frame from " MACSTR 1918 " due to ACL reject", MAC2STR(mgmt->sa)); 1919 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1920 goto fail; 1921 } 1922 if (res == HOSTAPD_ACL_PENDING) 1923 return; 1924 1925 sta = ap_get_sta(hapd, mgmt->sa); 1926 if (sta) { 1927 sta->flags &= ~WLAN_STA_PENDING_FILS_ERP; 1928 if ((fc & WLAN_FC_RETRY) && 1929 sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ && 1930 sta->last_seq_ctrl == seq_ctrl && 1931 sta->last_subtype == WLAN_FC_STYPE_AUTH) { 1932 hostapd_logger(hapd, sta->addr, 1933 HOSTAPD_MODULE_IEEE80211, 1934 HOSTAPD_LEVEL_DEBUG, 1935 "Drop repeated authentication frame seq_ctrl=0x%x", 1936 seq_ctrl); 1937 return; 1938 } 1939 #ifdef CONFIG_MESH 1940 if ((hapd->conf->mesh & MESH_ENABLED) && 1941 sta->plink_state == PLINK_BLOCKED) { 1942 wpa_printf(MSG_DEBUG, "Mesh peer " MACSTR 1943 " is blocked - drop Authentication frame", 1944 MAC2STR(mgmt->sa)); 1945 return; 1946 } 1947 #endif /* CONFIG_MESH */ 1948 } else { 1949 #ifdef CONFIG_MESH 1950 if (hapd->conf->mesh & MESH_ENABLED) { 1951 /* if the mesh peer is not available, we don't do auth. 1952 */ 1953 wpa_printf(MSG_DEBUG, "Mesh peer " MACSTR 1954 " not yet known - drop Authentication frame", 1955 MAC2STR(mgmt->sa)); 1956 /* 1957 * Save a copy of the frame so that it can be processed 1958 * if a new peer entry is added shortly after this. 1959 */ 1960 wpabuf_free(hapd->mesh_pending_auth); 1961 hapd->mesh_pending_auth = wpabuf_alloc_copy(mgmt, len); 1962 os_get_reltime(&hapd->mesh_pending_auth_time); 1963 return; 1964 } 1965 #endif /* CONFIG_MESH */ 1966 1967 sta = ap_sta_add(hapd, mgmt->sa); 1968 if (!sta) { 1969 wpa_printf(MSG_DEBUG, "ap_sta_add() failed"); 1970 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 1971 goto fail; 1972 } 1973 } 1974 sta->last_seq_ctrl = seq_ctrl; 1975 sta->last_subtype = WLAN_FC_STYPE_AUTH; 1976 1977 res = ieee802_11_set_radius_info( 1978 hapd, sta, res, session_timeout, acct_interim_interval, 1979 &vlan_id, &psk, &identity, &radius_cui); 1980 if (res) { 1981 wpa_printf(MSG_DEBUG, "ieee802_11_set_radius_info() failed"); 1982 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 1983 goto fail; 1984 } 1985 1986 sta->flags &= ~WLAN_STA_PREAUTH; 1987 ieee802_1x_notify_pre_auth(sta->eapol_sm, 0); 1988 1989 /* 1990 * If the driver supports full AP client state, add a station to the 1991 * driver before sending authentication reply to make sure the driver 1992 * has resources, and not to go through the entire authentication and 1993 * association handshake, and fail it at the end. 1994 * 1995 * If this is not the first transaction, in a multi-step authentication 1996 * algorithm, the station already exists in the driver 1997 * (sta->added_unassoc = 1) so skip it. 1998 * 1999 * In mesh mode, the station was already added to the driver when the 2000 * NEW_PEER_CANDIDATE event is received. 2001 * 2002 * If PMF was negotiated for the existing association, skip this to 2003 * avoid dropping the STA entry and the associated keys. This is needed 2004 * to allow the original connection work until the attempt can complete 2005 * (re)association, so that unprotected Authentication frame cannot be 2006 * used to bypass PMF protection. 2007 */ 2008 if (FULL_AP_CLIENT_STATE_SUPP(hapd->iface->drv_flags) && 2009 (!(sta->flags & WLAN_STA_MFP) || !ap_sta_is_authorized(sta)) && 2010 !(hapd->conf->mesh & MESH_ENABLED) && 2011 !(sta->added_unassoc)) { 2012 /* 2013 * If a station that is already associated to the AP, is trying 2014 * to authenticate again, remove the STA entry, in order to make 2015 * sure the STA PS state gets cleared and configuration gets 2016 * updated. To handle this, station's added_unassoc flag is 2017 * cleared once the station has completed association. 2018 */ 2019 ap_sta_set_authorized(hapd, sta, 0); 2020 hostapd_drv_sta_remove(hapd, sta->addr); 2021 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_AUTH | 2022 WLAN_STA_AUTHORIZED); 2023 2024 if (hostapd_sta_add(hapd, sta->addr, 0, 0, NULL, 0, 0, 2025 NULL, NULL, sta->flags, 0, 0, 0, 0)) { 2026 hostapd_logger(hapd, sta->addr, 2027 HOSTAPD_MODULE_IEEE80211, 2028 HOSTAPD_LEVEL_NOTICE, 2029 "Could not add STA to kernel driver"); 2030 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 2031 goto fail; 2032 } 2033 2034 sta->added_unassoc = 1; 2035 } 2036 2037 switch (auth_alg) { 2038 case WLAN_AUTH_OPEN: 2039 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 2040 HOSTAPD_LEVEL_DEBUG, 2041 "authentication OK (open system)"); 2042 sta->flags |= WLAN_STA_AUTH; 2043 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); 2044 sta->auth_alg = WLAN_AUTH_OPEN; 2045 mlme_authenticate_indication(hapd, sta); 2046 break; 2047 #ifndef CONFIG_NO_RC4 2048 case WLAN_AUTH_SHARED_KEY: 2049 resp = auth_shared_key(hapd, sta, auth_transaction, challenge, 2050 fc & WLAN_FC_ISWEP); 2051 if (resp != 0) 2052 wpa_printf(MSG_DEBUG, 2053 "auth_shared_key() failed: status=%d", resp); 2054 sta->auth_alg = WLAN_AUTH_SHARED_KEY; 2055 mlme_authenticate_indication(hapd, sta); 2056 if (sta->challenge && auth_transaction == 1) { 2057 resp_ies[0] = WLAN_EID_CHALLENGE; 2058 resp_ies[1] = WLAN_AUTH_CHALLENGE_LEN; 2059 os_memcpy(resp_ies + 2, sta->challenge, 2060 WLAN_AUTH_CHALLENGE_LEN); 2061 resp_ies_len = 2 + WLAN_AUTH_CHALLENGE_LEN; 2062 } 2063 break; 2064 #endif /* CONFIG_NO_RC4 */ 2065 #ifdef CONFIG_IEEE80211R_AP 2066 case WLAN_AUTH_FT: 2067 sta->auth_alg = WLAN_AUTH_FT; 2068 if (sta->wpa_sm == NULL) 2069 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, 2070 sta->addr, NULL); 2071 if (sta->wpa_sm == NULL) { 2072 wpa_printf(MSG_DEBUG, "FT: Failed to initialize WPA " 2073 "state machine"); 2074 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 2075 goto fail; 2076 } 2077 wpa_ft_process_auth(sta->wpa_sm, mgmt->bssid, 2078 auth_transaction, mgmt->u.auth.variable, 2079 len - IEEE80211_HDRLEN - 2080 sizeof(mgmt->u.auth), 2081 handle_auth_ft_finish, hapd); 2082 /* handle_auth_ft_finish() callback will complete auth. */ 2083 return; 2084 #endif /* CONFIG_IEEE80211R_AP */ 2085 #ifdef CONFIG_SAE 2086 case WLAN_AUTH_SAE: 2087 #ifdef CONFIG_MESH 2088 if (status_code == WLAN_STATUS_SUCCESS && 2089 hapd->conf->mesh & MESH_ENABLED) { 2090 if (sta->wpa_sm == NULL) 2091 sta->wpa_sm = 2092 wpa_auth_sta_init(hapd->wpa_auth, 2093 sta->addr, NULL); 2094 if (sta->wpa_sm == NULL) { 2095 wpa_printf(MSG_DEBUG, 2096 "SAE: Failed to initialize WPA state machine"); 2097 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 2098 goto fail; 2099 } 2100 } 2101 #endif /* CONFIG_MESH */ 2102 handle_auth_sae(hapd, sta, mgmt, len, auth_transaction, 2103 status_code); 2104 return; 2105 #endif /* CONFIG_SAE */ 2106 #ifdef CONFIG_FILS 2107 case WLAN_AUTH_FILS_SK: 2108 case WLAN_AUTH_FILS_SK_PFS: 2109 handle_auth_fils(hapd, sta, mgmt->u.auth.variable, 2110 len - IEEE80211_HDRLEN - sizeof(mgmt->u.auth), 2111 auth_alg, auth_transaction, status_code, 2112 handle_auth_fils_finish); 2113 return; 2114 #endif /* CONFIG_FILS */ 2115 } 2116 2117 fail: 2118 os_free(identity); 2119 os_free(radius_cui); 2120 hostapd_free_psk_list(psk); 2121 2122 reply_res = send_auth_reply(hapd, mgmt->sa, mgmt->bssid, auth_alg, 2123 auth_transaction + 1, resp, resp_ies, 2124 resp_ies_len, "handle-auth"); 2125 2126 if (sta && sta->added_unassoc && (resp != WLAN_STATUS_SUCCESS || 2127 reply_res != WLAN_STATUS_SUCCESS)) { 2128 hostapd_drv_sta_remove(hapd, sta->addr); 2129 sta->added_unassoc = 0; 2130 } 2131 } 2132 2133 2134 int hostapd_get_aid(struct hostapd_data *hapd, struct sta_info *sta) 2135 { 2136 int i, j = 32, aid; 2137 2138 /* get a unique AID */ 2139 if (sta->aid > 0) { 2140 wpa_printf(MSG_DEBUG, " old AID %d", sta->aid); 2141 return 0; 2142 } 2143 2144 if (TEST_FAIL()) 2145 return -1; 2146 2147 for (i = 0; i < AID_WORDS; i++) { 2148 if (hapd->sta_aid[i] == (u32) -1) 2149 continue; 2150 for (j = 0; j < 32; j++) { 2151 if (!(hapd->sta_aid[i] & BIT(j))) 2152 break; 2153 } 2154 if (j < 32) 2155 break; 2156 } 2157 if (j == 32) 2158 return -1; 2159 aid = i * 32 + j + 1; 2160 if (aid > 2007) 2161 return -1; 2162 2163 sta->aid = aid; 2164 hapd->sta_aid[i] |= BIT(j); 2165 wpa_printf(MSG_DEBUG, " new AID %d", sta->aid); 2166 return 0; 2167 } 2168 2169 2170 static u16 check_ssid(struct hostapd_data *hapd, struct sta_info *sta, 2171 const u8 *ssid_ie, size_t ssid_ie_len) 2172 { 2173 if (ssid_ie == NULL) 2174 return WLAN_STATUS_UNSPECIFIED_FAILURE; 2175 2176 if (ssid_ie_len != hapd->conf->ssid.ssid_len || 2177 os_memcmp(ssid_ie, hapd->conf->ssid.ssid, ssid_ie_len) != 0) { 2178 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 2179 HOSTAPD_LEVEL_INFO, 2180 "Station tried to associate with unknown SSID " 2181 "'%s'", wpa_ssid_txt(ssid_ie, ssid_ie_len)); 2182 return WLAN_STATUS_UNSPECIFIED_FAILURE; 2183 } 2184 2185 return WLAN_STATUS_SUCCESS; 2186 } 2187 2188 2189 static u16 check_wmm(struct hostapd_data *hapd, struct sta_info *sta, 2190 const u8 *wmm_ie, size_t wmm_ie_len) 2191 { 2192 sta->flags &= ~WLAN_STA_WMM; 2193 sta->qosinfo = 0; 2194 if (wmm_ie && hapd->conf->wmm_enabled) { 2195 struct wmm_information_element *wmm; 2196 2197 if (!hostapd_eid_wmm_valid(hapd, wmm_ie, wmm_ie_len)) { 2198 hostapd_logger(hapd, sta->addr, 2199 HOSTAPD_MODULE_WPA, 2200 HOSTAPD_LEVEL_DEBUG, 2201 "invalid WMM element in association " 2202 "request"); 2203 return WLAN_STATUS_UNSPECIFIED_FAILURE; 2204 } 2205 2206 sta->flags |= WLAN_STA_WMM; 2207 wmm = (struct wmm_information_element *) wmm_ie; 2208 sta->qosinfo = wmm->qos_info; 2209 } 2210 return WLAN_STATUS_SUCCESS; 2211 } 2212 2213 2214 static u16 copy_supp_rates(struct hostapd_data *hapd, struct sta_info *sta, 2215 struct ieee802_11_elems *elems) 2216 { 2217 /* Supported rates not used in IEEE 802.11ad/DMG */ 2218 if (hapd->iface->current_mode && 2219 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) 2220 return WLAN_STATUS_SUCCESS; 2221 2222 if (!elems->supp_rates) { 2223 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 2224 HOSTAPD_LEVEL_DEBUG, 2225 "No supported rates element in AssocReq"); 2226 return WLAN_STATUS_UNSPECIFIED_FAILURE; 2227 } 2228 2229 if (elems->supp_rates_len + elems->ext_supp_rates_len > 2230 sizeof(sta->supported_rates)) { 2231 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 2232 HOSTAPD_LEVEL_DEBUG, 2233 "Invalid supported rates element length %d+%d", 2234 elems->supp_rates_len, 2235 elems->ext_supp_rates_len); 2236 return WLAN_STATUS_UNSPECIFIED_FAILURE; 2237 } 2238 2239 sta->supported_rates_len = merge_byte_arrays( 2240 sta->supported_rates, sizeof(sta->supported_rates), 2241 elems->supp_rates, elems->supp_rates_len, 2242 elems->ext_supp_rates, elems->ext_supp_rates_len); 2243 2244 return WLAN_STATUS_SUCCESS; 2245 } 2246 2247 2248 static u16 check_ext_capab(struct hostapd_data *hapd, struct sta_info *sta, 2249 const u8 *ext_capab_ie, size_t ext_capab_ie_len) 2250 { 2251 #ifdef CONFIG_INTERWORKING 2252 /* check for QoS Map support */ 2253 if (ext_capab_ie_len >= 5) { 2254 if (ext_capab_ie[4] & 0x01) 2255 sta->qos_map_enabled = 1; 2256 } 2257 #endif /* CONFIG_INTERWORKING */ 2258 2259 if (ext_capab_ie_len > 0) { 2260 sta->ecsa_supported = !!(ext_capab_ie[0] & BIT(2)); 2261 os_free(sta->ext_capability); 2262 sta->ext_capability = os_malloc(1 + ext_capab_ie_len); 2263 if (sta->ext_capability) { 2264 sta->ext_capability[0] = ext_capab_ie_len; 2265 os_memcpy(sta->ext_capability + 1, ext_capab_ie, 2266 ext_capab_ie_len); 2267 } 2268 } 2269 2270 return WLAN_STATUS_SUCCESS; 2271 } 2272 2273 2274 #ifdef CONFIG_OWE 2275 2276 static int owe_group_supported(struct hostapd_data *hapd, u16 group) 2277 { 2278 int i; 2279 int *groups = hapd->conf->owe_groups; 2280 2281 if (group != 19 && group != 20 && group != 21) 2282 return 0; 2283 2284 if (!groups) 2285 return 1; 2286 2287 for (i = 0; groups[i] > 0; i++) { 2288 if (groups[i] == group) 2289 return 1; 2290 } 2291 2292 return 0; 2293 } 2294 2295 2296 static u16 owe_process_assoc_req(struct hostapd_data *hapd, 2297 struct sta_info *sta, const u8 *owe_dh, 2298 u8 owe_dh_len) 2299 { 2300 struct wpabuf *secret, *pub, *hkey; 2301 int res; 2302 u8 prk[SHA512_MAC_LEN], pmkid[SHA512_MAC_LEN]; 2303 const char *info = "OWE Key Generation"; 2304 const u8 *addr[2]; 2305 size_t len[2]; 2306 u16 group; 2307 size_t hash_len, prime_len; 2308 2309 if (wpa_auth_sta_get_pmksa(sta->wpa_sm)) { 2310 wpa_printf(MSG_DEBUG, "OWE: Using PMKSA caching"); 2311 return WLAN_STATUS_SUCCESS; 2312 } 2313 2314 group = WPA_GET_LE16(owe_dh); 2315 if (!owe_group_supported(hapd, group)) { 2316 wpa_printf(MSG_DEBUG, "OWE: Unsupported DH group %u", group); 2317 return WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED; 2318 } 2319 if (group == 19) 2320 prime_len = 32; 2321 else if (group == 20) 2322 prime_len = 48; 2323 else if (group == 21) 2324 prime_len = 66; 2325 else 2326 return WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED; 2327 2328 crypto_ecdh_deinit(sta->owe_ecdh); 2329 sta->owe_ecdh = crypto_ecdh_init(group); 2330 if (!sta->owe_ecdh) 2331 return WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED; 2332 sta->owe_group = group; 2333 2334 secret = crypto_ecdh_set_peerkey(sta->owe_ecdh, 0, owe_dh + 2, 2335 owe_dh_len - 2); 2336 secret = wpabuf_zeropad(secret, prime_len); 2337 if (!secret) { 2338 wpa_printf(MSG_DEBUG, "OWE: Invalid peer DH public key"); 2339 return WLAN_STATUS_UNSPECIFIED_FAILURE; 2340 } 2341 wpa_hexdump_buf_key(MSG_DEBUG, "OWE: DH shared secret", secret); 2342 2343 /* prk = HKDF-extract(C | A | group, z) */ 2344 2345 pub = crypto_ecdh_get_pubkey(sta->owe_ecdh, 0); 2346 if (!pub) { 2347 wpabuf_clear_free(secret); 2348 return WLAN_STATUS_UNSPECIFIED_FAILURE; 2349 } 2350 2351 /* PMKID = Truncate-128(Hash(C | A)) */ 2352 addr[0] = owe_dh + 2; 2353 len[0] = owe_dh_len - 2; 2354 addr[1] = wpabuf_head(pub); 2355 len[1] = wpabuf_len(pub); 2356 if (group == 19) { 2357 res = sha256_vector(2, addr, len, pmkid); 2358 hash_len = SHA256_MAC_LEN; 2359 } else if (group == 20) { 2360 res = sha384_vector(2, addr, len, pmkid); 2361 hash_len = SHA384_MAC_LEN; 2362 } else if (group == 21) { 2363 res = sha512_vector(2, addr, len, pmkid); 2364 hash_len = SHA512_MAC_LEN; 2365 } else { 2366 wpabuf_free(pub); 2367 wpabuf_clear_free(secret); 2368 return WLAN_STATUS_UNSPECIFIED_FAILURE; 2369 } 2370 pub = wpabuf_zeropad(pub, prime_len); 2371 if (res < 0 || !pub) { 2372 wpabuf_free(pub); 2373 wpabuf_clear_free(secret); 2374 return WLAN_STATUS_UNSPECIFIED_FAILURE; 2375 } 2376 2377 hkey = wpabuf_alloc(owe_dh_len - 2 + wpabuf_len(pub) + 2); 2378 if (!hkey) { 2379 wpabuf_free(pub); 2380 wpabuf_clear_free(secret); 2381 return WLAN_STATUS_UNSPECIFIED_FAILURE; 2382 } 2383 2384 wpabuf_put_data(hkey, owe_dh + 2, owe_dh_len - 2); /* C */ 2385 wpabuf_put_buf(hkey, pub); /* A */ 2386 wpabuf_free(pub); 2387 wpabuf_put_le16(hkey, group); /* group */ 2388 if (group == 19) 2389 res = hmac_sha256(wpabuf_head(hkey), wpabuf_len(hkey), 2390 wpabuf_head(secret), wpabuf_len(secret), prk); 2391 else if (group == 20) 2392 res = hmac_sha384(wpabuf_head(hkey), wpabuf_len(hkey), 2393 wpabuf_head(secret), wpabuf_len(secret), prk); 2394 else if (group == 21) 2395 res = hmac_sha512(wpabuf_head(hkey), wpabuf_len(hkey), 2396 wpabuf_head(secret), wpabuf_len(secret), prk); 2397 wpabuf_clear_free(hkey); 2398 wpabuf_clear_free(secret); 2399 if (res < 0) 2400 return WLAN_STATUS_UNSPECIFIED_FAILURE; 2401 2402 wpa_hexdump_key(MSG_DEBUG, "OWE: prk", prk, hash_len); 2403 2404 /* PMK = HKDF-expand(prk, "OWE Key Generation", n) */ 2405 2406 os_free(sta->owe_pmk); 2407 sta->owe_pmk = os_malloc(hash_len); 2408 if (!sta->owe_pmk) { 2409 os_memset(prk, 0, SHA512_MAC_LEN); 2410 return WLAN_STATUS_UNSPECIFIED_FAILURE; 2411 } 2412 2413 if (group == 19) 2414 res = hmac_sha256_kdf(prk, hash_len, NULL, (const u8 *) info, 2415 os_strlen(info), sta->owe_pmk, hash_len); 2416 else if (group == 20) 2417 res = hmac_sha384_kdf(prk, hash_len, NULL, (const u8 *) info, 2418 os_strlen(info), sta->owe_pmk, hash_len); 2419 else if (group == 21) 2420 res = hmac_sha512_kdf(prk, hash_len, NULL, (const u8 *) info, 2421 os_strlen(info), sta->owe_pmk, hash_len); 2422 os_memset(prk, 0, SHA512_MAC_LEN); 2423 if (res < 0) { 2424 os_free(sta->owe_pmk); 2425 sta->owe_pmk = NULL; 2426 return WLAN_STATUS_UNSPECIFIED_FAILURE; 2427 } 2428 sta->owe_pmk_len = hash_len; 2429 2430 wpa_hexdump_key(MSG_DEBUG, "OWE: PMK", sta->owe_pmk, sta->owe_pmk_len); 2431 wpa_hexdump(MSG_DEBUG, "OWE: PMKID", pmkid, PMKID_LEN); 2432 wpa_auth_pmksa_add2(hapd->wpa_auth, sta->addr, sta->owe_pmk, 2433 sta->owe_pmk_len, pmkid, 0, WPA_KEY_MGMT_OWE); 2434 2435 return WLAN_STATUS_SUCCESS; 2436 } 2437 2438 #endif /* CONFIG_OWE */ 2439 2440 2441 static u16 check_assoc_ies(struct hostapd_data *hapd, struct sta_info *sta, 2442 const u8 *ies, size_t ies_len, int reassoc) 2443 { 2444 struct ieee802_11_elems elems; 2445 u16 resp; 2446 const u8 *wpa_ie; 2447 size_t wpa_ie_len; 2448 const u8 *p2p_dev_addr = NULL; 2449 2450 if (ieee802_11_parse_elems(ies, ies_len, &elems, 1) == ParseFailed) { 2451 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 2452 HOSTAPD_LEVEL_INFO, "Station sent an invalid " 2453 "association request"); 2454 return WLAN_STATUS_UNSPECIFIED_FAILURE; 2455 } 2456 2457 resp = check_ssid(hapd, sta, elems.ssid, elems.ssid_len); 2458 if (resp != WLAN_STATUS_SUCCESS) 2459 return resp; 2460 resp = check_wmm(hapd, sta, elems.wmm, elems.wmm_len); 2461 if (resp != WLAN_STATUS_SUCCESS) 2462 return resp; 2463 resp = check_ext_capab(hapd, sta, elems.ext_capab, elems.ext_capab_len); 2464 if (resp != WLAN_STATUS_SUCCESS) 2465 return resp; 2466 resp = copy_supp_rates(hapd, sta, &elems); 2467 if (resp != WLAN_STATUS_SUCCESS) 2468 return resp; 2469 #ifdef CONFIG_IEEE80211N 2470 resp = copy_sta_ht_capab(hapd, sta, elems.ht_capabilities); 2471 if (resp != WLAN_STATUS_SUCCESS) 2472 return resp; 2473 if (hapd->iconf->ieee80211n && hapd->iconf->require_ht && 2474 !(sta->flags & WLAN_STA_HT)) { 2475 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 2476 HOSTAPD_LEVEL_INFO, "Station does not support " 2477 "mandatory HT PHY - reject association"); 2478 return WLAN_STATUS_ASSOC_DENIED_NO_HT; 2479 } 2480 #endif /* CONFIG_IEEE80211N */ 2481 2482 #ifdef CONFIG_IEEE80211AC 2483 if (hapd->iconf->ieee80211ac) { 2484 resp = copy_sta_vht_capab(hapd, sta, elems.vht_capabilities); 2485 if (resp != WLAN_STATUS_SUCCESS) 2486 return resp; 2487 2488 resp = set_sta_vht_opmode(hapd, sta, elems.vht_opmode_notif); 2489 if (resp != WLAN_STATUS_SUCCESS) 2490 return resp; 2491 } 2492 2493 if (hapd->iconf->ieee80211ac && hapd->iconf->require_vht && 2494 !(sta->flags & WLAN_STA_VHT)) { 2495 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 2496 HOSTAPD_LEVEL_INFO, "Station does not support " 2497 "mandatory VHT PHY - reject association"); 2498 return WLAN_STATUS_ASSOC_DENIED_NO_VHT; 2499 } 2500 2501 if (hapd->conf->vendor_vht && !elems.vht_capabilities) { 2502 resp = copy_sta_vendor_vht(hapd, sta, elems.vendor_vht, 2503 elems.vendor_vht_len); 2504 if (resp != WLAN_STATUS_SUCCESS) 2505 return resp; 2506 } 2507 #endif /* CONFIG_IEEE80211AC */ 2508 2509 #ifdef CONFIG_P2P 2510 if (elems.p2p) { 2511 wpabuf_free(sta->p2p_ie); 2512 sta->p2p_ie = ieee802_11_vendor_ie_concat(ies, ies_len, 2513 P2P_IE_VENDOR_TYPE); 2514 if (sta->p2p_ie) 2515 p2p_dev_addr = p2p_get_go_dev_addr(sta->p2p_ie); 2516 } else { 2517 wpabuf_free(sta->p2p_ie); 2518 sta->p2p_ie = NULL; 2519 } 2520 #endif /* CONFIG_P2P */ 2521 2522 if ((hapd->conf->wpa & WPA_PROTO_RSN) && elems.rsn_ie) { 2523 wpa_ie = elems.rsn_ie; 2524 wpa_ie_len = elems.rsn_ie_len; 2525 } else if ((hapd->conf->wpa & WPA_PROTO_WPA) && 2526 elems.wpa_ie) { 2527 wpa_ie = elems.wpa_ie; 2528 wpa_ie_len = elems.wpa_ie_len; 2529 } else { 2530 wpa_ie = NULL; 2531 wpa_ie_len = 0; 2532 } 2533 2534 #ifdef CONFIG_WPS 2535 sta->flags &= ~(WLAN_STA_WPS | WLAN_STA_MAYBE_WPS | WLAN_STA_WPS2); 2536 if (hapd->conf->wps_state && elems.wps_ie) { 2537 wpa_printf(MSG_DEBUG, "STA included WPS IE in (Re)Association " 2538 "Request - assume WPS is used"); 2539 sta->flags |= WLAN_STA_WPS; 2540 wpabuf_free(sta->wps_ie); 2541 sta->wps_ie = ieee802_11_vendor_ie_concat(ies, ies_len, 2542 WPS_IE_VENDOR_TYPE); 2543 if (sta->wps_ie && wps_is_20(sta->wps_ie)) { 2544 wpa_printf(MSG_DEBUG, "WPS: STA supports WPS 2.0"); 2545 sta->flags |= WLAN_STA_WPS2; 2546 } 2547 wpa_ie = NULL; 2548 wpa_ie_len = 0; 2549 if (sta->wps_ie && wps_validate_assoc_req(sta->wps_ie) < 0) { 2550 wpa_printf(MSG_DEBUG, "WPS: Invalid WPS IE in " 2551 "(Re)Association Request - reject"); 2552 return WLAN_STATUS_INVALID_IE; 2553 } 2554 } else if (hapd->conf->wps_state && wpa_ie == NULL) { 2555 wpa_printf(MSG_DEBUG, "STA did not include WPA/RSN IE in " 2556 "(Re)Association Request - possible WPS use"); 2557 sta->flags |= WLAN_STA_MAYBE_WPS; 2558 } else 2559 #endif /* CONFIG_WPS */ 2560 if (hapd->conf->wpa && wpa_ie == NULL) { 2561 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 2562 HOSTAPD_LEVEL_INFO, 2563 "No WPA/RSN IE in association request"); 2564 return WLAN_STATUS_INVALID_IE; 2565 } 2566 2567 if (hapd->conf->wpa && wpa_ie) { 2568 int res; 2569 wpa_ie -= 2; 2570 wpa_ie_len += 2; 2571 if (sta->wpa_sm == NULL) 2572 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, 2573 sta->addr, 2574 p2p_dev_addr); 2575 if (sta->wpa_sm == NULL) { 2576 wpa_printf(MSG_WARNING, "Failed to initialize WPA " 2577 "state machine"); 2578 return WLAN_STATUS_UNSPECIFIED_FAILURE; 2579 } 2580 res = wpa_validate_wpa_ie(hapd->wpa_auth, sta->wpa_sm, 2581 wpa_ie, wpa_ie_len, 2582 elems.mdie, elems.mdie_len, 2583 elems.owe_dh, elems.owe_dh_len); 2584 resp = wpa_res_to_status_code(res); 2585 if (resp != WLAN_STATUS_SUCCESS) 2586 return resp; 2587 #ifdef CONFIG_IEEE80211W 2588 if ((sta->flags & (WLAN_STA_ASSOC | WLAN_STA_MFP)) == 2589 (WLAN_STA_ASSOC | WLAN_STA_MFP) && 2590 !sta->sa_query_timed_out && 2591 sta->sa_query_count > 0) 2592 ap_check_sa_query_timeout(hapd, sta); 2593 if ((sta->flags & (WLAN_STA_ASSOC | WLAN_STA_MFP)) == 2594 (WLAN_STA_ASSOC | WLAN_STA_MFP) && 2595 !sta->sa_query_timed_out && 2596 (!reassoc || sta->auth_alg != WLAN_AUTH_FT)) { 2597 /* 2598 * STA has already been associated with MFP and SA 2599 * Query timeout has not been reached. Reject the 2600 * association attempt temporarily and start SA Query, 2601 * if one is not pending. 2602 */ 2603 2604 if (sta->sa_query_count == 0) 2605 ap_sta_start_sa_query(hapd, sta); 2606 2607 return WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY; 2608 } 2609 2610 if (wpa_auth_uses_mfp(sta->wpa_sm)) 2611 sta->flags |= WLAN_STA_MFP; 2612 else 2613 sta->flags &= ~WLAN_STA_MFP; 2614 #endif /* CONFIG_IEEE80211W */ 2615 2616 #ifdef CONFIG_IEEE80211R_AP 2617 if (sta->auth_alg == WLAN_AUTH_FT) { 2618 if (!reassoc) { 2619 wpa_printf(MSG_DEBUG, "FT: " MACSTR " tried " 2620 "to use association (not " 2621 "re-association) with FT auth_alg", 2622 MAC2STR(sta->addr)); 2623 return WLAN_STATUS_UNSPECIFIED_FAILURE; 2624 } 2625 2626 resp = wpa_ft_validate_reassoc(sta->wpa_sm, ies, 2627 ies_len); 2628 if (resp != WLAN_STATUS_SUCCESS) 2629 return resp; 2630 } 2631 #endif /* CONFIG_IEEE80211R_AP */ 2632 2633 #ifdef CONFIG_SAE 2634 if (wpa_auth_uses_sae(sta->wpa_sm) && sta->sae && 2635 sta->sae->state == SAE_ACCEPTED) 2636 wpa_auth_add_sae_pmkid(sta->wpa_sm, sta->sae->pmkid); 2637 2638 if (wpa_auth_uses_sae(sta->wpa_sm) && 2639 sta->auth_alg == WLAN_AUTH_OPEN) { 2640 struct rsn_pmksa_cache_entry *sa; 2641 sa = wpa_auth_sta_get_pmksa(sta->wpa_sm); 2642 if (!sa || sa->akmp != WPA_KEY_MGMT_SAE) { 2643 wpa_printf(MSG_DEBUG, 2644 "SAE: No PMKSA cache entry found for " 2645 MACSTR, MAC2STR(sta->addr)); 2646 return WLAN_STATUS_INVALID_PMKID; 2647 } 2648 wpa_printf(MSG_DEBUG, "SAE: " MACSTR 2649 " using PMKSA caching", MAC2STR(sta->addr)); 2650 } else if (wpa_auth_uses_sae(sta->wpa_sm) && 2651 sta->auth_alg != WLAN_AUTH_SAE && 2652 !(sta->auth_alg == WLAN_AUTH_FT && 2653 wpa_auth_uses_ft_sae(sta->wpa_sm))) { 2654 wpa_printf(MSG_DEBUG, "SAE: " MACSTR " tried to use " 2655 "SAE AKM after non-SAE auth_alg %u", 2656 MAC2STR(sta->addr), sta->auth_alg); 2657 return WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG; 2658 } 2659 #endif /* CONFIG_SAE */ 2660 2661 #ifdef CONFIG_OWE 2662 if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) && 2663 wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE && 2664 elems.owe_dh) { 2665 resp = owe_process_assoc_req(hapd, sta, elems.owe_dh, 2666 elems.owe_dh_len); 2667 if (resp != WLAN_STATUS_SUCCESS) 2668 return resp; 2669 } 2670 #endif /* CONFIG_OWE */ 2671 2672 #ifdef CONFIG_IEEE80211N 2673 if ((sta->flags & (WLAN_STA_HT | WLAN_STA_VHT)) && 2674 wpa_auth_get_pairwise(sta->wpa_sm) == WPA_CIPHER_TKIP) { 2675 hostapd_logger(hapd, sta->addr, 2676 HOSTAPD_MODULE_IEEE80211, 2677 HOSTAPD_LEVEL_INFO, 2678 "Station tried to use TKIP with HT " 2679 "association"); 2680 return WLAN_STATUS_CIPHER_REJECTED_PER_POLICY; 2681 } 2682 #endif /* CONFIG_IEEE80211N */ 2683 #ifdef CONFIG_HS20 2684 } else if (hapd->conf->osen) { 2685 if (elems.osen == NULL) { 2686 hostapd_logger( 2687 hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 2688 HOSTAPD_LEVEL_INFO, 2689 "No HS 2.0 OSEN element in association request"); 2690 return WLAN_STATUS_INVALID_IE; 2691 } 2692 2693 wpa_printf(MSG_DEBUG, "HS 2.0: OSEN association"); 2694 if (sta->wpa_sm == NULL) 2695 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, 2696 sta->addr, NULL); 2697 if (sta->wpa_sm == NULL) { 2698 wpa_printf(MSG_WARNING, "Failed to initialize WPA " 2699 "state machine"); 2700 return WLAN_STATUS_UNSPECIFIED_FAILURE; 2701 } 2702 if (wpa_validate_osen(hapd->wpa_auth, sta->wpa_sm, 2703 elems.osen - 2, elems.osen_len + 2) < 0) 2704 return WLAN_STATUS_INVALID_IE; 2705 #endif /* CONFIG_HS20 */ 2706 } else 2707 wpa_auth_sta_no_wpa(sta->wpa_sm); 2708 2709 #ifdef CONFIG_P2P 2710 p2p_group_notif_assoc(hapd->p2p_group, sta->addr, ies, ies_len); 2711 #endif /* CONFIG_P2P */ 2712 2713 #ifdef CONFIG_HS20 2714 wpabuf_free(sta->hs20_ie); 2715 if (elems.hs20 && elems.hs20_len > 4) { 2716 sta->hs20_ie = wpabuf_alloc_copy(elems.hs20 + 4, 2717 elems.hs20_len - 4); 2718 } else 2719 sta->hs20_ie = NULL; 2720 2721 wpabuf_free(sta->roaming_consortium); 2722 if (elems.roaming_cons_sel) 2723 sta->roaming_consortium = wpabuf_alloc_copy( 2724 elems.roaming_cons_sel + 4, 2725 elems.roaming_cons_sel_len - 4); 2726 else 2727 sta->roaming_consortium = NULL; 2728 #endif /* CONFIG_HS20 */ 2729 2730 #ifdef CONFIG_FST 2731 wpabuf_free(sta->mb_ies); 2732 if (hapd->iface->fst) 2733 sta->mb_ies = mb_ies_by_info(&elems.mb_ies); 2734 else 2735 sta->mb_ies = NULL; 2736 #endif /* CONFIG_FST */ 2737 2738 #ifdef CONFIG_MBO 2739 mbo_ap_check_sta_assoc(hapd, sta, &elems); 2740 2741 if (hapd->conf->mbo_enabled && (hapd->conf->wpa & 2) && 2742 elems.mbo && sta->cell_capa && !(sta->flags & WLAN_STA_MFP) && 2743 hapd->conf->ieee80211w != NO_MGMT_FRAME_PROTECTION) { 2744 wpa_printf(MSG_INFO, 2745 "MBO: Reject WPA2 association without PMF"); 2746 return WLAN_STATUS_UNSPECIFIED_FAILURE; 2747 } 2748 #endif /* CONFIG_MBO */ 2749 2750 ap_copy_sta_supp_op_classes(sta, elems.supp_op_classes, 2751 elems.supp_op_classes_len); 2752 2753 if ((sta->capability & WLAN_CAPABILITY_RADIO_MEASUREMENT) && 2754 elems.rrm_enabled && 2755 elems.rrm_enabled_len >= sizeof(sta->rrm_enabled_capa)) 2756 os_memcpy(sta->rrm_enabled_capa, elems.rrm_enabled, 2757 sizeof(sta->rrm_enabled_capa)); 2758 2759 if (elems.power_capab) { 2760 sta->min_tx_power = elems.power_capab[0]; 2761 sta->max_tx_power = elems.power_capab[1]; 2762 sta->power_capab = 1; 2763 } else { 2764 sta->power_capab = 0; 2765 } 2766 2767 return WLAN_STATUS_SUCCESS; 2768 } 2769 2770 2771 static void send_deauth(struct hostapd_data *hapd, const u8 *addr, 2772 u16 reason_code) 2773 { 2774 int send_len; 2775 struct ieee80211_mgmt reply; 2776 2777 os_memset(&reply, 0, sizeof(reply)); 2778 reply.frame_control = 2779 IEEE80211_FC(WLAN_FC_TYPE_MGMT, WLAN_FC_STYPE_DEAUTH); 2780 os_memcpy(reply.da, addr, ETH_ALEN); 2781 os_memcpy(reply.sa, hapd->own_addr, ETH_ALEN); 2782 os_memcpy(reply.bssid, hapd->own_addr, ETH_ALEN); 2783 2784 send_len = IEEE80211_HDRLEN + sizeof(reply.u.deauth); 2785 reply.u.deauth.reason_code = host_to_le16(reason_code); 2786 2787 if (hostapd_drv_send_mlme(hapd, &reply, send_len, 0) < 0) 2788 wpa_printf(MSG_INFO, "Failed to send deauth: %s", 2789 strerror(errno)); 2790 } 2791 2792 2793 static int add_associated_sta(struct hostapd_data *hapd, 2794 struct sta_info *sta) 2795 { 2796 struct ieee80211_ht_capabilities ht_cap; 2797 struct ieee80211_vht_capabilities vht_cap; 2798 int set = 1; 2799 2800 /* 2801 * Remove the STA entry to ensure the STA PS state gets cleared and 2802 * configuration gets updated. This is relevant for cases, such as 2803 * FT-over-the-DS, where a station re-associates back to the same AP but 2804 * skips the authentication flow, or if working with a driver that 2805 * does not support full AP client state. 2806 * 2807 * Skip this if the STA has already completed FT reassociation and the 2808 * TK has been configured since the TX/RX PN must not be reset to 0 for 2809 * the same key. 2810 */ 2811 if (!sta->added_unassoc && 2812 (!(sta->flags & WLAN_STA_AUTHORIZED) || 2813 (!wpa_auth_sta_ft_tk_already_set(sta->wpa_sm) && 2814 !wpa_auth_sta_fils_tk_already_set(sta->wpa_sm)))) { 2815 hostapd_drv_sta_remove(hapd, sta->addr); 2816 wpa_auth_sm_event(sta->wpa_sm, WPA_DRV_STA_REMOVED); 2817 set = 0; 2818 } 2819 2820 #ifdef CONFIG_IEEE80211N 2821 if (sta->flags & WLAN_STA_HT) 2822 hostapd_get_ht_capab(hapd, sta->ht_capabilities, &ht_cap); 2823 #endif /* CONFIG_IEEE80211N */ 2824 #ifdef CONFIG_IEEE80211AC 2825 if (sta->flags & WLAN_STA_VHT) 2826 hostapd_get_vht_capab(hapd, sta->vht_capabilities, &vht_cap); 2827 #endif /* CONFIG_IEEE80211AC */ 2828 2829 /* 2830 * Add the station with forced WLAN_STA_ASSOC flag. The sta->flags 2831 * will be set when the ACK frame for the (Re)Association Response frame 2832 * is processed (TX status driver event). 2833 */ 2834 if (hostapd_sta_add(hapd, sta->addr, sta->aid, sta->capability, 2835 sta->supported_rates, sta->supported_rates_len, 2836 sta->listen_interval, 2837 sta->flags & WLAN_STA_HT ? &ht_cap : NULL, 2838 sta->flags & WLAN_STA_VHT ? &vht_cap : NULL, 2839 sta->flags | WLAN_STA_ASSOC, sta->qosinfo, 2840 sta->vht_opmode, sta->p2p_ie ? 1 : 0, 2841 set)) { 2842 hostapd_logger(hapd, sta->addr, 2843 HOSTAPD_MODULE_IEEE80211, HOSTAPD_LEVEL_NOTICE, 2844 "Could not %s STA to kernel driver", 2845 set ? "set" : "add"); 2846 2847 if (sta->added_unassoc) { 2848 hostapd_drv_sta_remove(hapd, sta->addr); 2849 sta->added_unassoc = 0; 2850 } 2851 2852 return -1; 2853 } 2854 2855 sta->added_unassoc = 0; 2856 2857 return 0; 2858 } 2859 2860 2861 static u16 send_assoc_resp(struct hostapd_data *hapd, struct sta_info *sta, 2862 const u8 *addr, u16 status_code, int reassoc, 2863 const u8 *ies, size_t ies_len) 2864 { 2865 int send_len; 2866 u8 *buf; 2867 size_t buflen; 2868 struct ieee80211_mgmt *reply; 2869 u8 *p; 2870 u16 res = WLAN_STATUS_SUCCESS; 2871 2872 buflen = sizeof(struct ieee80211_mgmt) + 1024; 2873 #ifdef CONFIG_FILS 2874 if (sta && sta->fils_hlp_resp) 2875 buflen += wpabuf_len(sta->fils_hlp_resp); 2876 #endif /* CONFIG_FILS */ 2877 #ifdef CONFIG_OWE 2878 if (sta && (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE)) 2879 buflen += 150; 2880 #endif /* CONFIG_OWE */ 2881 buf = os_zalloc(buflen); 2882 if (!buf) { 2883 res = WLAN_STATUS_UNSPECIFIED_FAILURE; 2884 goto done; 2885 } 2886 reply = (struct ieee80211_mgmt *) buf; 2887 reply->frame_control = 2888 IEEE80211_FC(WLAN_FC_TYPE_MGMT, 2889 (reassoc ? WLAN_FC_STYPE_REASSOC_RESP : 2890 WLAN_FC_STYPE_ASSOC_RESP)); 2891 os_memcpy(reply->da, addr, ETH_ALEN); 2892 os_memcpy(reply->sa, hapd->own_addr, ETH_ALEN); 2893 os_memcpy(reply->bssid, hapd->own_addr, ETH_ALEN); 2894 2895 send_len = IEEE80211_HDRLEN; 2896 send_len += sizeof(reply->u.assoc_resp); 2897 reply->u.assoc_resp.capab_info = 2898 host_to_le16(hostapd_own_capab_info(hapd)); 2899 reply->u.assoc_resp.status_code = host_to_le16(status_code); 2900 2901 reply->u.assoc_resp.aid = host_to_le16((sta ? sta->aid : 0) | 2902 BIT(14) | BIT(15)); 2903 /* Supported rates */ 2904 p = hostapd_eid_supp_rates(hapd, reply->u.assoc_resp.variable); 2905 /* Extended supported rates */ 2906 p = hostapd_eid_ext_supp_rates(hapd, p); 2907 2908 #ifdef CONFIG_IEEE80211R_AP 2909 if (sta && status_code == WLAN_STATUS_SUCCESS) { 2910 /* IEEE 802.11r: Mobility Domain Information, Fast BSS 2911 * Transition Information, RSN, [RIC Response] */ 2912 p = wpa_sm_write_assoc_resp_ies(sta->wpa_sm, p, 2913 buf + buflen - p, 2914 sta->auth_alg, ies, ies_len); 2915 if (!p) { 2916 wpa_printf(MSG_DEBUG, 2917 "FT: Failed to write AssocResp IEs"); 2918 res = WLAN_STATUS_UNSPECIFIED_FAILURE; 2919 goto done; 2920 } 2921 } 2922 #endif /* CONFIG_IEEE80211R_AP */ 2923 2924 #ifdef CONFIG_OWE 2925 if (sta && status_code == WLAN_STATUS_SUCCESS && 2926 (hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE)) 2927 p = wpa_auth_write_assoc_resp_owe(sta->wpa_sm, p, 2928 buf + buflen - p, 2929 ies, ies_len); 2930 #endif /* CONFIG_OWE */ 2931 2932 #ifdef CONFIG_IEEE80211W 2933 if (sta && status_code == WLAN_STATUS_ASSOC_REJECTED_TEMPORARILY) 2934 p = hostapd_eid_assoc_comeback_time(hapd, sta, p); 2935 #endif /* CONFIG_IEEE80211W */ 2936 2937 #ifdef CONFIG_IEEE80211N 2938 p = hostapd_eid_ht_capabilities(hapd, p); 2939 p = hostapd_eid_ht_operation(hapd, p); 2940 #endif /* CONFIG_IEEE80211N */ 2941 2942 #ifdef CONFIG_IEEE80211AC 2943 if (hapd->iconf->ieee80211ac && !hapd->conf->disable_11ac) { 2944 u32 nsts = 0, sta_nsts; 2945 2946 if (sta && hapd->conf->use_sta_nsts && sta->vht_capabilities) { 2947 struct ieee80211_vht_capabilities *capa; 2948 2949 nsts = (hapd->iface->conf->vht_capab >> 2950 VHT_CAP_BEAMFORMEE_STS_OFFSET) & 7; 2951 capa = sta->vht_capabilities; 2952 sta_nsts = (le_to_host32(capa->vht_capabilities_info) >> 2953 VHT_CAP_BEAMFORMEE_STS_OFFSET) & 7; 2954 2955 if (nsts < sta_nsts) 2956 nsts = 0; 2957 else 2958 nsts = sta_nsts; 2959 } 2960 p = hostapd_eid_vht_capabilities(hapd, p, nsts); 2961 p = hostapd_eid_vht_operation(hapd, p); 2962 } 2963 #endif /* CONFIG_IEEE80211AC */ 2964 2965 p = hostapd_eid_ext_capab(hapd, p); 2966 p = hostapd_eid_bss_max_idle_period(hapd, p); 2967 if (sta && sta->qos_map_enabled) 2968 p = hostapd_eid_qos_map_set(hapd, p); 2969 2970 #ifdef CONFIG_FST 2971 if (hapd->iface->fst_ies) { 2972 os_memcpy(p, wpabuf_head(hapd->iface->fst_ies), 2973 wpabuf_len(hapd->iface->fst_ies)); 2974 p += wpabuf_len(hapd->iface->fst_ies); 2975 } 2976 #endif /* CONFIG_FST */ 2977 2978 #ifdef CONFIG_IEEE80211AC 2979 if (sta && hapd->conf->vendor_vht && (sta->flags & WLAN_STA_VENDOR_VHT)) 2980 p = hostapd_eid_vendor_vht(hapd, p); 2981 #endif /* CONFIG_IEEE80211AC */ 2982 2983 if (sta && (sta->flags & WLAN_STA_WMM)) 2984 p = hostapd_eid_wmm(hapd, p); 2985 2986 #ifdef CONFIG_WPS 2987 if (sta && 2988 ((sta->flags & WLAN_STA_WPS) || 2989 ((sta->flags & WLAN_STA_MAYBE_WPS) && hapd->conf->wpa))) { 2990 struct wpabuf *wps = wps_build_assoc_resp_ie(); 2991 if (wps) { 2992 os_memcpy(p, wpabuf_head(wps), wpabuf_len(wps)); 2993 p += wpabuf_len(wps); 2994 wpabuf_free(wps); 2995 } 2996 } 2997 #endif /* CONFIG_WPS */ 2998 2999 #ifdef CONFIG_P2P 3000 if (sta && sta->p2p_ie && hapd->p2p_group) { 3001 struct wpabuf *p2p_resp_ie; 3002 enum p2p_status_code status; 3003 switch (status_code) { 3004 case WLAN_STATUS_SUCCESS: 3005 status = P2P_SC_SUCCESS; 3006 break; 3007 case WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA: 3008 status = P2P_SC_FAIL_LIMIT_REACHED; 3009 break; 3010 default: 3011 status = P2P_SC_FAIL_INVALID_PARAMS; 3012 break; 3013 } 3014 p2p_resp_ie = p2p_group_assoc_resp_ie(hapd->p2p_group, status); 3015 if (p2p_resp_ie) { 3016 os_memcpy(p, wpabuf_head(p2p_resp_ie), 3017 wpabuf_len(p2p_resp_ie)); 3018 p += wpabuf_len(p2p_resp_ie); 3019 wpabuf_free(p2p_resp_ie); 3020 } 3021 } 3022 #endif /* CONFIG_P2P */ 3023 3024 #ifdef CONFIG_P2P_MANAGER 3025 if (hapd->conf->p2p & P2P_MANAGE) 3026 p = hostapd_eid_p2p_manage(hapd, p); 3027 #endif /* CONFIG_P2P_MANAGER */ 3028 3029 p = hostapd_eid_mbo(hapd, p, buf + buflen - p); 3030 3031 if (hapd->conf->assocresp_elements && 3032 (size_t) (buf + buflen - p) >= 3033 wpabuf_len(hapd->conf->assocresp_elements)) { 3034 os_memcpy(p, wpabuf_head(hapd->conf->assocresp_elements), 3035 wpabuf_len(hapd->conf->assocresp_elements)); 3036 p += wpabuf_len(hapd->conf->assocresp_elements); 3037 } 3038 3039 send_len += p - reply->u.assoc_resp.variable; 3040 3041 #ifdef CONFIG_FILS 3042 if (sta && 3043 (sta->auth_alg == WLAN_AUTH_FILS_SK || 3044 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS || 3045 sta->auth_alg == WLAN_AUTH_FILS_PK) && 3046 status_code == WLAN_STATUS_SUCCESS) { 3047 struct ieee802_11_elems elems; 3048 3049 if (ieee802_11_parse_elems(ies, ies_len, &elems, 0) == 3050 ParseFailed || !elems.fils_session) { 3051 res = WLAN_STATUS_UNSPECIFIED_FAILURE; 3052 goto done; 3053 } 3054 3055 /* FILS Session */ 3056 *p++ = WLAN_EID_EXTENSION; /* Element ID */ 3057 *p++ = 1 + FILS_SESSION_LEN; /* Length */ 3058 *p++ = WLAN_EID_EXT_FILS_SESSION; /* Element ID Extension */ 3059 os_memcpy(p, elems.fils_session, FILS_SESSION_LEN); 3060 send_len += 2 + 1 + FILS_SESSION_LEN; 3061 3062 send_len = fils_encrypt_assoc(sta->wpa_sm, buf, send_len, 3063 buflen, sta->fils_hlp_resp); 3064 if (send_len < 0) { 3065 res = WLAN_STATUS_UNSPECIFIED_FAILURE; 3066 goto done; 3067 } 3068 } 3069 #endif /* CONFIG_FILS */ 3070 3071 #ifdef CONFIG_OWE 3072 if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) && 3073 sta && sta->owe_ecdh && status_code == WLAN_STATUS_SUCCESS && 3074 wpa_auth_sta_key_mgmt(sta->wpa_sm) == WPA_KEY_MGMT_OWE) { 3075 struct wpabuf *pub; 3076 3077 pub = crypto_ecdh_get_pubkey(sta->owe_ecdh, 0); 3078 if (!pub) { 3079 res = WLAN_STATUS_UNSPECIFIED_FAILURE; 3080 goto done; 3081 } 3082 /* OWE Diffie-Hellman Parameter element */ 3083 *p++ = WLAN_EID_EXTENSION; /* Element ID */ 3084 *p++ = 1 + 2 + wpabuf_len(pub); /* Length */ 3085 *p++ = WLAN_EID_EXT_OWE_DH_PARAM; /* Element ID Extension */ 3086 WPA_PUT_LE16(p, sta->owe_group); 3087 p += 2; 3088 os_memcpy(p, wpabuf_head(pub), wpabuf_len(pub)); 3089 p += wpabuf_len(pub); 3090 send_len += 3 + 2 + wpabuf_len(pub); 3091 wpabuf_free(pub); 3092 } 3093 #endif /* CONFIG_OWE */ 3094 3095 if (hostapd_drv_send_mlme(hapd, reply, send_len, 0) < 0) { 3096 wpa_printf(MSG_INFO, "Failed to send assoc resp: %s", 3097 strerror(errno)); 3098 res = WLAN_STATUS_UNSPECIFIED_FAILURE; 3099 } 3100 3101 done: 3102 os_free(buf); 3103 return res; 3104 } 3105 3106 3107 #ifdef CONFIG_OWE 3108 u8 * owe_assoc_req_process(struct hostapd_data *hapd, struct sta_info *sta, 3109 const u8 *owe_dh, u8 owe_dh_len, 3110 u8 *owe_buf, size_t owe_buf_len, u16 *reason) 3111 { 3112 #ifdef CONFIG_TESTING_OPTIONS 3113 if (hapd->conf->own_ie_override) { 3114 wpa_printf(MSG_DEBUG, "OWE: Using IE override"); 3115 *reason = WLAN_STATUS_SUCCESS; 3116 return wpa_auth_write_assoc_resp_owe(sta->wpa_sm, owe_buf, 3117 owe_buf_len, NULL, 0); 3118 } 3119 #endif /* CONFIG_TESTING_OPTIONS */ 3120 3121 if (wpa_auth_sta_get_pmksa(sta->wpa_sm)) { 3122 wpa_printf(MSG_DEBUG, "OWE: Using PMKSA caching"); 3123 owe_buf = wpa_auth_write_assoc_resp_owe(sta->wpa_sm, owe_buf, 3124 owe_buf_len, NULL, 0); 3125 *reason = WLAN_STATUS_SUCCESS; 3126 return owe_buf; 3127 } 3128 3129 *reason = owe_process_assoc_req(hapd, sta, owe_dh, owe_dh_len); 3130 if (*reason != WLAN_STATUS_SUCCESS) 3131 return NULL; 3132 3133 owe_buf = wpa_auth_write_assoc_resp_owe(sta->wpa_sm, owe_buf, 3134 owe_buf_len, NULL, 0); 3135 3136 if (sta->owe_ecdh && owe_buf) { 3137 struct wpabuf *pub; 3138 3139 pub = crypto_ecdh_get_pubkey(sta->owe_ecdh, 0); 3140 if (!pub) { 3141 *reason = WLAN_STATUS_UNSPECIFIED_FAILURE; 3142 return owe_buf; 3143 } 3144 3145 /* OWE Diffie-Hellman Parameter element */ 3146 *owe_buf++ = WLAN_EID_EXTENSION; /* Element ID */ 3147 *owe_buf++ = 1 + 2 + wpabuf_len(pub); /* Length */ 3148 *owe_buf++ = WLAN_EID_EXT_OWE_DH_PARAM; /* Element ID Extension 3149 */ 3150 WPA_PUT_LE16(owe_buf, sta->owe_group); 3151 owe_buf += 2; 3152 os_memcpy(owe_buf, wpabuf_head(pub), wpabuf_len(pub)); 3153 owe_buf += wpabuf_len(pub); 3154 wpabuf_free(pub); 3155 } 3156 3157 return owe_buf; 3158 } 3159 #endif /* CONFIG_OWE */ 3160 3161 3162 #ifdef CONFIG_FILS 3163 3164 void fils_hlp_finish_assoc(struct hostapd_data *hapd, struct sta_info *sta) 3165 { 3166 u16 reply_res; 3167 3168 wpa_printf(MSG_DEBUG, "FILS: Finish association with " MACSTR, 3169 MAC2STR(sta->addr)); 3170 eloop_cancel_timeout(fils_hlp_timeout, hapd, sta); 3171 if (!sta->fils_pending_assoc_req) 3172 return; 3173 reply_res = send_assoc_resp(hapd, sta, sta->addr, WLAN_STATUS_SUCCESS, 3174 sta->fils_pending_assoc_is_reassoc, 3175 sta->fils_pending_assoc_req, 3176 sta->fils_pending_assoc_req_len); 3177 os_free(sta->fils_pending_assoc_req); 3178 sta->fils_pending_assoc_req = NULL; 3179 sta->fils_pending_assoc_req_len = 0; 3180 wpabuf_free(sta->fils_hlp_resp); 3181 sta->fils_hlp_resp = NULL; 3182 wpabuf_free(sta->hlp_dhcp_discover); 3183 sta->hlp_dhcp_discover = NULL; 3184 3185 /* 3186 * Remove the station in case transmission of a success response fails. 3187 * At this point the station was already added associated to the driver. 3188 */ 3189 if (reply_res != WLAN_STATUS_SUCCESS) 3190 hostapd_drv_sta_remove(hapd, sta->addr); 3191 } 3192 3193 3194 void fils_hlp_timeout(void *eloop_ctx, void *eloop_data) 3195 { 3196 struct hostapd_data *hapd = eloop_ctx; 3197 struct sta_info *sta = eloop_data; 3198 3199 wpa_printf(MSG_DEBUG, 3200 "FILS: HLP response timeout - continue with association response for " 3201 MACSTR, MAC2STR(sta->addr)); 3202 if (sta->fils_drv_assoc_finish) 3203 hostapd_notify_assoc_fils_finish(hapd, sta); 3204 else 3205 fils_hlp_finish_assoc(hapd, sta); 3206 } 3207 3208 #endif /* CONFIG_FILS */ 3209 3210 3211 static void handle_assoc(struct hostapd_data *hapd, 3212 const struct ieee80211_mgmt *mgmt, size_t len, 3213 int reassoc) 3214 { 3215 u16 capab_info, listen_interval, seq_ctrl, fc; 3216 u16 resp = WLAN_STATUS_SUCCESS, reply_res; 3217 const u8 *pos; 3218 int left, i; 3219 struct sta_info *sta; 3220 u8 *tmp = NULL; 3221 struct hostapd_sta_wpa_psk_short *psk = NULL; 3222 char *identity = NULL; 3223 char *radius_cui = NULL; 3224 #ifdef CONFIG_FILS 3225 int delay_assoc = 0; 3226 #endif /* CONFIG_FILS */ 3227 3228 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_req) : 3229 sizeof(mgmt->u.assoc_req))) { 3230 wpa_printf(MSG_INFO, "handle_assoc(reassoc=%d) - too short payload (len=%lu)", 3231 reassoc, (unsigned long) len); 3232 return; 3233 } 3234 3235 #ifdef CONFIG_TESTING_OPTIONS 3236 if (reassoc) { 3237 if (hapd->iconf->ignore_reassoc_probability > 0.0 && 3238 drand48() < hapd->iconf->ignore_reassoc_probability) { 3239 wpa_printf(MSG_INFO, 3240 "TESTING: ignoring reassoc request from " 3241 MACSTR, MAC2STR(mgmt->sa)); 3242 return; 3243 } 3244 } else { 3245 if (hapd->iconf->ignore_assoc_probability > 0.0 && 3246 drand48() < hapd->iconf->ignore_assoc_probability) { 3247 wpa_printf(MSG_INFO, 3248 "TESTING: ignoring assoc request from " 3249 MACSTR, MAC2STR(mgmt->sa)); 3250 return; 3251 } 3252 } 3253 #endif /* CONFIG_TESTING_OPTIONS */ 3254 3255 fc = le_to_host16(mgmt->frame_control); 3256 seq_ctrl = le_to_host16(mgmt->seq_ctrl); 3257 3258 if (reassoc) { 3259 capab_info = le_to_host16(mgmt->u.reassoc_req.capab_info); 3260 listen_interval = le_to_host16( 3261 mgmt->u.reassoc_req.listen_interval); 3262 wpa_printf(MSG_DEBUG, "reassociation request: STA=" MACSTR 3263 " capab_info=0x%02x listen_interval=%d current_ap=" 3264 MACSTR " seq_ctrl=0x%x%s", 3265 MAC2STR(mgmt->sa), capab_info, listen_interval, 3266 MAC2STR(mgmt->u.reassoc_req.current_ap), 3267 seq_ctrl, (fc & WLAN_FC_RETRY) ? " retry" : ""); 3268 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.reassoc_req)); 3269 pos = mgmt->u.reassoc_req.variable; 3270 } else { 3271 capab_info = le_to_host16(mgmt->u.assoc_req.capab_info); 3272 listen_interval = le_to_host16( 3273 mgmt->u.assoc_req.listen_interval); 3274 wpa_printf(MSG_DEBUG, "association request: STA=" MACSTR 3275 " capab_info=0x%02x listen_interval=%d " 3276 "seq_ctrl=0x%x%s", 3277 MAC2STR(mgmt->sa), capab_info, listen_interval, 3278 seq_ctrl, (fc & WLAN_FC_RETRY) ? " retry" : ""); 3279 left = len - (IEEE80211_HDRLEN + sizeof(mgmt->u.assoc_req)); 3280 pos = mgmt->u.assoc_req.variable; 3281 } 3282 3283 sta = ap_get_sta(hapd, mgmt->sa); 3284 #ifdef CONFIG_IEEE80211R_AP 3285 if (sta && sta->auth_alg == WLAN_AUTH_FT && 3286 (sta->flags & WLAN_STA_AUTH) == 0) { 3287 wpa_printf(MSG_DEBUG, "FT: Allow STA " MACSTR " to associate " 3288 "prior to authentication since it is using " 3289 "over-the-DS FT", MAC2STR(mgmt->sa)); 3290 3291 /* 3292 * Mark station as authenticated, to avoid adding station 3293 * entry in the driver as associated and not authenticated 3294 */ 3295 sta->flags |= WLAN_STA_AUTH; 3296 } else 3297 #endif /* CONFIG_IEEE80211R_AP */ 3298 if (sta == NULL || (sta->flags & WLAN_STA_AUTH) == 0) { 3299 if (hapd->iface->current_mode && 3300 hapd->iface->current_mode->mode == 3301 HOSTAPD_MODE_IEEE80211AD) { 3302 int acl_res; 3303 u32 session_timeout, acct_interim_interval; 3304 struct vlan_description vlan_id; 3305 3306 acl_res = ieee802_11_allowed_address( 3307 hapd, mgmt->sa, (const u8 *) mgmt, len, 3308 &session_timeout, &acct_interim_interval, 3309 &vlan_id, &psk, &identity, &radius_cui, 0); 3310 if (acl_res == HOSTAPD_ACL_REJECT) { 3311 wpa_msg(hapd->msg_ctx, MSG_DEBUG, 3312 "Ignore Association Request frame from " 3313 MACSTR " due to ACL reject", 3314 MAC2STR(mgmt->sa)); 3315 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 3316 goto fail; 3317 } 3318 if (acl_res == HOSTAPD_ACL_PENDING) 3319 return; 3320 3321 /* DMG/IEEE 802.11ad does not use authentication. 3322 * Allocate sta entry upon association. */ 3323 sta = ap_sta_add(hapd, mgmt->sa); 3324 if (!sta) { 3325 hostapd_logger(hapd, mgmt->sa, 3326 HOSTAPD_MODULE_IEEE80211, 3327 HOSTAPD_LEVEL_INFO, 3328 "Failed to add STA"); 3329 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 3330 goto fail; 3331 } 3332 3333 acl_res = ieee802_11_set_radius_info( 3334 hapd, sta, acl_res, session_timeout, 3335 acct_interim_interval, &vlan_id, &psk, 3336 &identity, &radius_cui); 3337 if (acl_res) { 3338 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 3339 goto fail; 3340 } 3341 3342 hostapd_logger(hapd, sta->addr, 3343 HOSTAPD_MODULE_IEEE80211, 3344 HOSTAPD_LEVEL_DEBUG, 3345 "Skip authentication for DMG/IEEE 802.11ad"); 3346 sta->flags |= WLAN_STA_AUTH; 3347 wpa_auth_sm_event(sta->wpa_sm, WPA_AUTH); 3348 sta->auth_alg = WLAN_AUTH_OPEN; 3349 } else { 3350 hostapd_logger(hapd, mgmt->sa, 3351 HOSTAPD_MODULE_IEEE80211, 3352 HOSTAPD_LEVEL_INFO, 3353 "Station tried to associate before authentication (aid=%d flags=0x%x)", 3354 sta ? sta->aid : -1, 3355 sta ? sta->flags : 0); 3356 send_deauth(hapd, mgmt->sa, 3357 WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA); 3358 return; 3359 } 3360 } 3361 3362 if ((fc & WLAN_FC_RETRY) && 3363 sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ && 3364 sta->last_seq_ctrl == seq_ctrl && 3365 sta->last_subtype == (reassoc ? WLAN_FC_STYPE_REASSOC_REQ : 3366 WLAN_FC_STYPE_ASSOC_REQ)) { 3367 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 3368 HOSTAPD_LEVEL_DEBUG, 3369 "Drop repeated association frame seq_ctrl=0x%x", 3370 seq_ctrl); 3371 return; 3372 } 3373 sta->last_seq_ctrl = seq_ctrl; 3374 sta->last_subtype = reassoc ? WLAN_FC_STYPE_REASSOC_REQ : 3375 WLAN_FC_STYPE_ASSOC_REQ; 3376 3377 if (hapd->tkip_countermeasures) { 3378 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 3379 goto fail; 3380 } 3381 3382 if (listen_interval > hapd->conf->max_listen_interval) { 3383 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 3384 HOSTAPD_LEVEL_DEBUG, 3385 "Too large Listen Interval (%d)", 3386 listen_interval); 3387 resp = WLAN_STATUS_ASSOC_DENIED_LISTEN_INT_TOO_LARGE; 3388 goto fail; 3389 } 3390 3391 #ifdef CONFIG_MBO 3392 if (hapd->conf->mbo_enabled && hapd->mbo_assoc_disallow) { 3393 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 3394 goto fail; 3395 } 3396 #endif /* CONFIG_MBO */ 3397 3398 /* 3399 * sta->capability is used in check_assoc_ies() for RRM enabled 3400 * capability element. 3401 */ 3402 sta->capability = capab_info; 3403 3404 #ifdef CONFIG_FILS 3405 if (sta->auth_alg == WLAN_AUTH_FILS_SK || 3406 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS || 3407 sta->auth_alg == WLAN_AUTH_FILS_PK) { 3408 int res; 3409 3410 /* The end of the payload is encrypted. Need to decrypt it 3411 * before parsing. */ 3412 3413 tmp = os_memdup(pos, left); 3414 if (!tmp) { 3415 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 3416 goto fail; 3417 } 3418 3419 res = fils_decrypt_assoc(sta->wpa_sm, sta->fils_session, mgmt, 3420 len, tmp, left); 3421 if (res < 0) { 3422 resp = WLAN_STATUS_UNSPECIFIED_FAILURE; 3423 goto fail; 3424 } 3425 pos = tmp; 3426 left = res; 3427 } 3428 #endif /* CONFIG_FILS */ 3429 3430 /* followed by SSID and Supported rates; and HT capabilities if 802.11n 3431 * is used */ 3432 resp = check_assoc_ies(hapd, sta, pos, left, reassoc); 3433 if (resp != WLAN_STATUS_SUCCESS) 3434 goto fail; 3435 3436 if (hostapd_get_aid(hapd, sta) < 0) { 3437 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 3438 HOSTAPD_LEVEL_INFO, "No room for more AIDs"); 3439 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 3440 goto fail; 3441 } 3442 3443 sta->listen_interval = listen_interval; 3444 3445 if (hapd->iface->current_mode && 3446 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G) 3447 sta->flags |= WLAN_STA_NONERP; 3448 for (i = 0; i < sta->supported_rates_len; i++) { 3449 if ((sta->supported_rates[i] & 0x7f) > 22) { 3450 sta->flags &= ~WLAN_STA_NONERP; 3451 break; 3452 } 3453 } 3454 if (sta->flags & WLAN_STA_NONERP && !sta->nonerp_set) { 3455 sta->nonerp_set = 1; 3456 hapd->iface->num_sta_non_erp++; 3457 if (hapd->iface->num_sta_non_erp == 1) 3458 ieee802_11_set_beacons(hapd->iface); 3459 } 3460 3461 if (!(sta->capability & WLAN_CAPABILITY_SHORT_SLOT_TIME) && 3462 !sta->no_short_slot_time_set) { 3463 sta->no_short_slot_time_set = 1; 3464 hapd->iface->num_sta_no_short_slot_time++; 3465 if (hapd->iface->current_mode && 3466 hapd->iface->current_mode->mode == 3467 HOSTAPD_MODE_IEEE80211G && 3468 hapd->iface->num_sta_no_short_slot_time == 1) 3469 ieee802_11_set_beacons(hapd->iface); 3470 } 3471 3472 if (sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE) 3473 sta->flags |= WLAN_STA_SHORT_PREAMBLE; 3474 else 3475 sta->flags &= ~WLAN_STA_SHORT_PREAMBLE; 3476 3477 if (!(sta->capability & WLAN_CAPABILITY_SHORT_PREAMBLE) && 3478 !sta->no_short_preamble_set) { 3479 sta->no_short_preamble_set = 1; 3480 hapd->iface->num_sta_no_short_preamble++; 3481 if (hapd->iface->current_mode && 3482 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211G 3483 && hapd->iface->num_sta_no_short_preamble == 1) 3484 ieee802_11_set_beacons(hapd->iface); 3485 } 3486 3487 #ifdef CONFIG_IEEE80211N 3488 update_ht_state(hapd, sta); 3489 #endif /* CONFIG_IEEE80211N */ 3490 3491 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 3492 HOSTAPD_LEVEL_DEBUG, 3493 "association OK (aid %d)", sta->aid); 3494 /* Station will be marked associated, after it acknowledges AssocResp 3495 */ 3496 sta->flags |= WLAN_STA_ASSOC_REQ_OK; 3497 3498 #ifdef CONFIG_IEEE80211W 3499 if ((sta->flags & WLAN_STA_MFP) && sta->sa_query_timed_out) { 3500 wpa_printf(MSG_DEBUG, "Allowing %sassociation after timed out " 3501 "SA Query procedure", reassoc ? "re" : ""); 3502 /* TODO: Send a protected Disassociate frame to the STA using 3503 * the old key and Reason Code "Previous Authentication no 3504 * longer valid". Make sure this is only sent protected since 3505 * unprotected frame would be received by the STA that is now 3506 * trying to associate. 3507 */ 3508 } 3509 #endif /* CONFIG_IEEE80211W */ 3510 3511 /* Make sure that the previously registered inactivity timer will not 3512 * remove the STA immediately. */ 3513 sta->timeout_next = STA_NULLFUNC; 3514 3515 #ifdef CONFIG_TAXONOMY 3516 taxonomy_sta_info_assoc_req(hapd, sta, pos, left); 3517 #endif /* CONFIG_TAXONOMY */ 3518 3519 sta->pending_wds_enable = 0; 3520 3521 #ifdef CONFIG_FILS 3522 if (sta->auth_alg == WLAN_AUTH_FILS_SK || 3523 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS || 3524 sta->auth_alg == WLAN_AUTH_FILS_PK) { 3525 if (fils_process_hlp(hapd, sta, pos, left) > 0) 3526 delay_assoc = 1; 3527 } 3528 #endif /* CONFIG_FILS */ 3529 3530 fail: 3531 os_free(identity); 3532 os_free(radius_cui); 3533 hostapd_free_psk_list(psk); 3534 3535 /* 3536 * In case of a successful response, add the station to the driver. 3537 * Otherwise, the kernel may ignore Data frames before we process the 3538 * ACK frame (TX status). In case of a failure, this station will be 3539 * removed. 3540 * 3541 * Note that this is not compliant with the IEEE 802.11 standard that 3542 * states that a non-AP station should transition into the 3543 * authenticated/associated state only after the station acknowledges 3544 * the (Re)Association Response frame. However, still do this as: 3545 * 3546 * 1. In case the station does not acknowledge the (Re)Association 3547 * Response frame, it will be removed. 3548 * 2. Data frames will be dropped in the kernel until the station is 3549 * set into authorized state, and there are no significant known 3550 * issues with processing other non-Data Class 3 frames during this 3551 * window. 3552 */ 3553 if (resp == WLAN_STATUS_SUCCESS && sta && add_associated_sta(hapd, sta)) 3554 resp = WLAN_STATUS_AP_UNABLE_TO_HANDLE_NEW_STA; 3555 3556 #ifdef CONFIG_FILS 3557 if (sta) { 3558 eloop_cancel_timeout(fils_hlp_timeout, hapd, sta); 3559 os_free(sta->fils_pending_assoc_req); 3560 sta->fils_pending_assoc_req = NULL; 3561 sta->fils_pending_assoc_req_len = 0; 3562 wpabuf_free(sta->fils_hlp_resp); 3563 sta->fils_hlp_resp = NULL; 3564 } 3565 if (sta && delay_assoc && resp == WLAN_STATUS_SUCCESS) { 3566 sta->fils_pending_assoc_req = tmp; 3567 sta->fils_pending_assoc_req_len = left; 3568 sta->fils_pending_assoc_is_reassoc = reassoc; 3569 sta->fils_drv_assoc_finish = 0; 3570 wpa_printf(MSG_DEBUG, 3571 "FILS: Waiting for HLP processing before sending (Re)Association Response frame to " 3572 MACSTR, MAC2STR(sta->addr)); 3573 eloop_cancel_timeout(fils_hlp_timeout, hapd, sta); 3574 eloop_register_timeout(0, hapd->conf->fils_hlp_wait_time * 1024, 3575 fils_hlp_timeout, hapd, sta); 3576 return; 3577 } 3578 #endif /* CONFIG_FILS */ 3579 3580 reply_res = send_assoc_resp(hapd, sta, mgmt->sa, resp, reassoc, pos, 3581 left); 3582 os_free(tmp); 3583 3584 /* 3585 * Remove the station in case tranmission of a success response fails 3586 * (the STA was added associated to the driver) or if the station was 3587 * previously added unassociated. 3588 */ 3589 if (sta && ((reply_res != WLAN_STATUS_SUCCESS && 3590 resp == WLAN_STATUS_SUCCESS) || sta->added_unassoc)) { 3591 hostapd_drv_sta_remove(hapd, sta->addr); 3592 sta->added_unassoc = 0; 3593 } 3594 } 3595 3596 3597 static void handle_disassoc(struct hostapd_data *hapd, 3598 const struct ieee80211_mgmt *mgmt, size_t len) 3599 { 3600 struct sta_info *sta; 3601 3602 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.disassoc)) { 3603 wpa_printf(MSG_INFO, "handle_disassoc - too short payload (len=%lu)", 3604 (unsigned long) len); 3605 return; 3606 } 3607 3608 wpa_printf(MSG_DEBUG, "disassocation: STA=" MACSTR " reason_code=%d", 3609 MAC2STR(mgmt->sa), 3610 le_to_host16(mgmt->u.disassoc.reason_code)); 3611 3612 sta = ap_get_sta(hapd, mgmt->sa); 3613 if (sta == NULL) { 3614 wpa_printf(MSG_INFO, "Station " MACSTR " trying to disassociate, but it is not associated", 3615 MAC2STR(mgmt->sa)); 3616 return; 3617 } 3618 3619 ap_sta_set_authorized(hapd, sta, 0); 3620 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ; 3621 sta->flags &= ~(WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK); 3622 wpa_auth_sm_event(sta->wpa_sm, WPA_DISASSOC); 3623 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 3624 HOSTAPD_LEVEL_INFO, "disassociated"); 3625 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST; 3626 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 3627 /* Stop Accounting and IEEE 802.1X sessions, but leave the STA 3628 * authenticated. */ 3629 accounting_sta_stop(hapd, sta); 3630 ieee802_1x_free_station(hapd, sta); 3631 if (sta->ipaddr) 3632 hostapd_drv_br_delete_ip_neigh(hapd, 4, (u8 *) &sta->ipaddr); 3633 ap_sta_ip6addr_del(hapd, sta); 3634 hostapd_drv_sta_remove(hapd, sta->addr); 3635 sta->added_unassoc = 0; 3636 3637 if (sta->timeout_next == STA_NULLFUNC || 3638 sta->timeout_next == STA_DISASSOC) { 3639 sta->timeout_next = STA_DEAUTH; 3640 eloop_cancel_timeout(ap_handle_timer, hapd, sta); 3641 eloop_register_timeout(AP_DEAUTH_DELAY, 0, ap_handle_timer, 3642 hapd, sta); 3643 } 3644 3645 mlme_disassociate_indication( 3646 hapd, sta, le_to_host16(mgmt->u.disassoc.reason_code)); 3647 3648 /* DMG/IEEE 802.11ad does not use deauthication. Deallocate sta upon 3649 * disassociation. */ 3650 if (hapd->iface->current_mode && 3651 hapd->iface->current_mode->mode == HOSTAPD_MODE_IEEE80211AD) { 3652 sta->flags &= ~WLAN_STA_AUTH; 3653 wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH); 3654 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 3655 HOSTAPD_LEVEL_DEBUG, "deauthenticated"); 3656 ap_free_sta(hapd, sta); 3657 } 3658 } 3659 3660 3661 static void handle_deauth(struct hostapd_data *hapd, 3662 const struct ieee80211_mgmt *mgmt, size_t len) 3663 { 3664 struct sta_info *sta; 3665 3666 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.deauth)) { 3667 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "handle_deauth - too short " 3668 "payload (len=%lu)", (unsigned long) len); 3669 return; 3670 } 3671 3672 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "deauthentication: STA=" MACSTR 3673 " reason_code=%d", 3674 MAC2STR(mgmt->sa), le_to_host16(mgmt->u.deauth.reason_code)); 3675 3676 sta = ap_get_sta(hapd, mgmt->sa); 3677 if (sta == NULL) { 3678 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "Station " MACSTR " trying " 3679 "to deauthenticate, but it is not authenticated", 3680 MAC2STR(mgmt->sa)); 3681 return; 3682 } 3683 3684 ap_sta_set_authorized(hapd, sta, 0); 3685 sta->last_seq_ctrl = WLAN_INVALID_MGMT_SEQ; 3686 sta->flags &= ~(WLAN_STA_AUTH | WLAN_STA_ASSOC | 3687 WLAN_STA_ASSOC_REQ_OK); 3688 wpa_auth_sm_event(sta->wpa_sm, WPA_DEAUTH); 3689 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 3690 HOSTAPD_LEVEL_DEBUG, "deauthenticated"); 3691 mlme_deauthenticate_indication( 3692 hapd, sta, le_to_host16(mgmt->u.deauth.reason_code)); 3693 sta->acct_terminate_cause = RADIUS_ACCT_TERMINATE_CAUSE_USER_REQUEST; 3694 ieee802_1x_notify_port_enabled(sta->eapol_sm, 0); 3695 ap_free_sta(hapd, sta); 3696 } 3697 3698 3699 static void handle_beacon(struct hostapd_data *hapd, 3700 const struct ieee80211_mgmt *mgmt, size_t len, 3701 struct hostapd_frame_info *fi) 3702 { 3703 struct ieee802_11_elems elems; 3704 3705 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.beacon)) { 3706 wpa_printf(MSG_INFO, "handle_beacon - too short payload (len=%lu)", 3707 (unsigned long) len); 3708 return; 3709 } 3710 3711 (void) ieee802_11_parse_elems(mgmt->u.beacon.variable, 3712 len - (IEEE80211_HDRLEN + 3713 sizeof(mgmt->u.beacon)), &elems, 3714 0); 3715 3716 ap_list_process_beacon(hapd->iface, mgmt, &elems, fi); 3717 } 3718 3719 3720 #ifdef CONFIG_IEEE80211W 3721 3722 static int hostapd_sa_query_action(struct hostapd_data *hapd, 3723 const struct ieee80211_mgmt *mgmt, 3724 size_t len) 3725 { 3726 const u8 *end; 3727 3728 end = mgmt->u.action.u.sa_query_resp.trans_id + 3729 WLAN_SA_QUERY_TR_ID_LEN; 3730 if (((u8 *) mgmt) + len < end) { 3731 wpa_printf(MSG_DEBUG, "IEEE 802.11: Too short SA Query Action " 3732 "frame (len=%lu)", (unsigned long) len); 3733 return 0; 3734 } 3735 3736 ieee802_11_sa_query_action(hapd, mgmt->sa, 3737 mgmt->u.action.u.sa_query_resp.action, 3738 mgmt->u.action.u.sa_query_resp.trans_id); 3739 return 1; 3740 } 3741 3742 3743 static int robust_action_frame(u8 category) 3744 { 3745 return category != WLAN_ACTION_PUBLIC && 3746 category != WLAN_ACTION_HT; 3747 } 3748 #endif /* CONFIG_IEEE80211W */ 3749 3750 3751 static int handle_action(struct hostapd_data *hapd, 3752 const struct ieee80211_mgmt *mgmt, size_t len, 3753 unsigned int freq) 3754 { 3755 struct sta_info *sta; 3756 u8 *action __maybe_unused; 3757 3758 if (len < IEEE80211_HDRLEN + 2 + 1) { 3759 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 3760 HOSTAPD_LEVEL_DEBUG, 3761 "handle_action - too short payload (len=%lu)", 3762 (unsigned long) len); 3763 return 0; 3764 } 3765 3766 action = (u8 *) &mgmt->u.action.u; 3767 wpa_printf(MSG_DEBUG, "RX_ACTION category %u action %u sa " MACSTR 3768 " da " MACSTR " len %d freq %u", 3769 mgmt->u.action.category, *action, 3770 MAC2STR(mgmt->sa), MAC2STR(mgmt->da), (int) len, freq); 3771 3772 sta = ap_get_sta(hapd, mgmt->sa); 3773 3774 if (mgmt->u.action.category != WLAN_ACTION_PUBLIC && 3775 (sta == NULL || !(sta->flags & WLAN_STA_ASSOC))) { 3776 wpa_printf(MSG_DEBUG, "IEEE 802.11: Ignored Action " 3777 "frame (category=%u) from unassociated STA " MACSTR, 3778 mgmt->u.action.category, MAC2STR(mgmt->sa)); 3779 return 0; 3780 } 3781 3782 #ifdef CONFIG_IEEE80211W 3783 if (sta && (sta->flags & WLAN_STA_MFP) && 3784 !(mgmt->frame_control & host_to_le16(WLAN_FC_ISWEP)) && 3785 robust_action_frame(mgmt->u.action.category)) { 3786 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 3787 HOSTAPD_LEVEL_DEBUG, 3788 "Dropped unprotected Robust Action frame from " 3789 "an MFP STA"); 3790 return 0; 3791 } 3792 #endif /* CONFIG_IEEE80211W */ 3793 3794 if (sta) { 3795 u16 fc = le_to_host16(mgmt->frame_control); 3796 u16 seq_ctrl = le_to_host16(mgmt->seq_ctrl); 3797 3798 if ((fc & WLAN_FC_RETRY) && 3799 sta->last_seq_ctrl != WLAN_INVALID_MGMT_SEQ && 3800 sta->last_seq_ctrl == seq_ctrl && 3801 sta->last_subtype == WLAN_FC_STYPE_ACTION) { 3802 hostapd_logger(hapd, sta->addr, 3803 HOSTAPD_MODULE_IEEE80211, 3804 HOSTAPD_LEVEL_DEBUG, 3805 "Drop repeated action frame seq_ctrl=0x%x", 3806 seq_ctrl); 3807 return 1; 3808 } 3809 3810 sta->last_seq_ctrl = seq_ctrl; 3811 sta->last_subtype = WLAN_FC_STYPE_ACTION; 3812 } 3813 3814 switch (mgmt->u.action.category) { 3815 #ifdef CONFIG_IEEE80211R_AP 3816 case WLAN_ACTION_FT: 3817 if (!sta || 3818 wpa_ft_action_rx(sta->wpa_sm, (u8 *) &mgmt->u.action, 3819 len - IEEE80211_HDRLEN)) 3820 break; 3821 return 1; 3822 #endif /* CONFIG_IEEE80211R_AP */ 3823 case WLAN_ACTION_WMM: 3824 hostapd_wmm_action(hapd, mgmt, len); 3825 return 1; 3826 #ifdef CONFIG_IEEE80211W 3827 case WLAN_ACTION_SA_QUERY: 3828 return hostapd_sa_query_action(hapd, mgmt, len); 3829 #endif /* CONFIG_IEEE80211W */ 3830 #ifdef CONFIG_WNM_AP 3831 case WLAN_ACTION_WNM: 3832 ieee802_11_rx_wnm_action_ap(hapd, mgmt, len); 3833 return 1; 3834 #endif /* CONFIG_WNM_AP */ 3835 #ifdef CONFIG_FST 3836 case WLAN_ACTION_FST: 3837 if (hapd->iface->fst) 3838 fst_rx_action(hapd->iface->fst, mgmt, len); 3839 else 3840 wpa_printf(MSG_DEBUG, 3841 "FST: Ignore FST Action frame - no FST attached"); 3842 return 1; 3843 #endif /* CONFIG_FST */ 3844 case WLAN_ACTION_PUBLIC: 3845 case WLAN_ACTION_PROTECTED_DUAL: 3846 #ifdef CONFIG_IEEE80211N 3847 if (len >= IEEE80211_HDRLEN + 2 && 3848 mgmt->u.action.u.public_action.action == 3849 WLAN_PA_20_40_BSS_COEX) { 3850 hostapd_2040_coex_action(hapd, mgmt, len); 3851 return 1; 3852 } 3853 #endif /* CONFIG_IEEE80211N */ 3854 #ifdef CONFIG_DPP 3855 if (len >= IEEE80211_HDRLEN + 6 && 3856 mgmt->u.action.u.vs_public_action.action == 3857 WLAN_PA_VENDOR_SPECIFIC && 3858 WPA_GET_BE24(mgmt->u.action.u.vs_public_action.oui) == 3859 OUI_WFA && 3860 mgmt->u.action.u.vs_public_action.variable[0] == 3861 DPP_OUI_TYPE) { 3862 const u8 *pos, *end; 3863 3864 pos = mgmt->u.action.u.vs_public_action.oui; 3865 end = ((const u8 *) mgmt) + len; 3866 hostapd_dpp_rx_action(hapd, mgmt->sa, pos, end - pos, 3867 freq); 3868 return 1; 3869 } 3870 if (len >= IEEE80211_HDRLEN + 2 && 3871 (mgmt->u.action.u.public_action.action == 3872 WLAN_PA_GAS_INITIAL_RESP || 3873 mgmt->u.action.u.public_action.action == 3874 WLAN_PA_GAS_COMEBACK_RESP)) { 3875 const u8 *pos, *end; 3876 3877 pos = &mgmt->u.action.u.public_action.action; 3878 end = ((const u8 *) mgmt) + len; 3879 gas_query_ap_rx(hapd->gas, mgmt->sa, 3880 mgmt->u.action.category, 3881 pos, end - pos, hapd->iface->freq); 3882 return 1; 3883 } 3884 #endif /* CONFIG_DPP */ 3885 if (hapd->public_action_cb) { 3886 hapd->public_action_cb(hapd->public_action_cb_ctx, 3887 (u8 *) mgmt, len, 3888 hapd->iface->freq); 3889 } 3890 if (hapd->public_action_cb2) { 3891 hapd->public_action_cb2(hapd->public_action_cb2_ctx, 3892 (u8 *) mgmt, len, 3893 hapd->iface->freq); 3894 } 3895 if (hapd->public_action_cb || hapd->public_action_cb2) 3896 return 1; 3897 break; 3898 case WLAN_ACTION_VENDOR_SPECIFIC: 3899 if (hapd->vendor_action_cb) { 3900 if (hapd->vendor_action_cb(hapd->vendor_action_cb_ctx, 3901 (u8 *) mgmt, len, 3902 hapd->iface->freq) == 0) 3903 return 1; 3904 } 3905 break; 3906 case WLAN_ACTION_RADIO_MEASUREMENT: 3907 hostapd_handle_radio_measurement(hapd, (const u8 *) mgmt, len); 3908 return 1; 3909 } 3910 3911 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 3912 HOSTAPD_LEVEL_DEBUG, 3913 "handle_action - unknown action category %d or invalid " 3914 "frame", 3915 mgmt->u.action.category); 3916 if (!is_multicast_ether_addr(mgmt->da) && 3917 !(mgmt->u.action.category & 0x80) && 3918 !is_multicast_ether_addr(mgmt->sa)) { 3919 struct ieee80211_mgmt *resp; 3920 3921 /* 3922 * IEEE 802.11-REVma/D9.0 - 7.3.1.11 3923 * Return the Action frame to the source without change 3924 * except that MSB of the Category set to 1. 3925 */ 3926 wpa_printf(MSG_DEBUG, "IEEE 802.11: Return unknown Action " 3927 "frame back to sender"); 3928 resp = os_memdup(mgmt, len); 3929 if (resp == NULL) 3930 return 0; 3931 os_memcpy(resp->da, resp->sa, ETH_ALEN); 3932 os_memcpy(resp->sa, hapd->own_addr, ETH_ALEN); 3933 os_memcpy(resp->bssid, hapd->own_addr, ETH_ALEN); 3934 resp->u.action.category |= 0x80; 3935 3936 if (hostapd_drv_send_mlme(hapd, resp, len, 0) < 0) { 3937 wpa_printf(MSG_ERROR, "IEEE 802.11: Failed to send " 3938 "Action frame"); 3939 } 3940 os_free(resp); 3941 } 3942 3943 return 1; 3944 } 3945 3946 3947 /** 3948 * ieee802_11_mgmt - process incoming IEEE 802.11 management frames 3949 * @hapd: hostapd BSS data structure (the BSS to which the management frame was 3950 * sent to) 3951 * @buf: management frame data (starting from IEEE 802.11 header) 3952 * @len: length of frame data in octets 3953 * @fi: meta data about received frame (signal level, etc.) 3954 * 3955 * Process all incoming IEEE 802.11 management frames. This will be called for 3956 * each frame received from the kernel driver through wlan#ap interface. In 3957 * addition, it can be called to re-inserted pending frames (e.g., when using 3958 * external RADIUS server as an MAC ACL). 3959 */ 3960 int ieee802_11_mgmt(struct hostapd_data *hapd, const u8 *buf, size_t len, 3961 struct hostapd_frame_info *fi) 3962 { 3963 struct ieee80211_mgmt *mgmt; 3964 u16 fc, stype; 3965 int ret = 0; 3966 unsigned int freq; 3967 int ssi_signal = fi ? fi->ssi_signal : 0; 3968 3969 if (len < 24) 3970 return 0; 3971 3972 if (fi && fi->freq) 3973 freq = fi->freq; 3974 else 3975 freq = hapd->iface->freq; 3976 3977 mgmt = (struct ieee80211_mgmt *) buf; 3978 fc = le_to_host16(mgmt->frame_control); 3979 stype = WLAN_FC_GET_STYPE(fc); 3980 3981 if (stype == WLAN_FC_STYPE_BEACON) { 3982 handle_beacon(hapd, mgmt, len, fi); 3983 return 1; 3984 } 3985 3986 if (!is_broadcast_ether_addr(mgmt->bssid) && 3987 #ifdef CONFIG_P2P 3988 /* Invitation responses can be sent with the peer MAC as BSSID */ 3989 !((hapd->conf->p2p & P2P_GROUP_OWNER) && 3990 stype == WLAN_FC_STYPE_ACTION) && 3991 #endif /* CONFIG_P2P */ 3992 #ifdef CONFIG_MESH 3993 !(hapd->conf->mesh & MESH_ENABLED) && 3994 #endif /* CONFIG_MESH */ 3995 os_memcmp(mgmt->bssid, hapd->own_addr, ETH_ALEN) != 0) { 3996 wpa_printf(MSG_INFO, "MGMT: BSSID=" MACSTR " not our address", 3997 MAC2STR(mgmt->bssid)); 3998 return 0; 3999 } 4000 4001 4002 if (stype == WLAN_FC_STYPE_PROBE_REQ) { 4003 handle_probe_req(hapd, mgmt, len, ssi_signal); 4004 return 1; 4005 } 4006 4007 if ((!is_broadcast_ether_addr(mgmt->da) || 4008 stype != WLAN_FC_STYPE_ACTION) && 4009 os_memcmp(mgmt->da, hapd->own_addr, ETH_ALEN) != 0) { 4010 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 4011 HOSTAPD_LEVEL_DEBUG, 4012 "MGMT: DA=" MACSTR " not our address", 4013 MAC2STR(mgmt->da)); 4014 return 0; 4015 } 4016 4017 if (hapd->iconf->track_sta_max_num) 4018 sta_track_add(hapd->iface, mgmt->sa, ssi_signal); 4019 4020 switch (stype) { 4021 case WLAN_FC_STYPE_AUTH: 4022 wpa_printf(MSG_DEBUG, "mgmt::auth"); 4023 handle_auth(hapd, mgmt, len); 4024 ret = 1; 4025 break; 4026 case WLAN_FC_STYPE_ASSOC_REQ: 4027 wpa_printf(MSG_DEBUG, "mgmt::assoc_req"); 4028 handle_assoc(hapd, mgmt, len, 0); 4029 ret = 1; 4030 break; 4031 case WLAN_FC_STYPE_REASSOC_REQ: 4032 wpa_printf(MSG_DEBUG, "mgmt::reassoc_req"); 4033 handle_assoc(hapd, mgmt, len, 1); 4034 ret = 1; 4035 break; 4036 case WLAN_FC_STYPE_DISASSOC: 4037 wpa_printf(MSG_DEBUG, "mgmt::disassoc"); 4038 handle_disassoc(hapd, mgmt, len); 4039 ret = 1; 4040 break; 4041 case WLAN_FC_STYPE_DEAUTH: 4042 wpa_msg(hapd->msg_ctx, MSG_DEBUG, "mgmt::deauth"); 4043 handle_deauth(hapd, mgmt, len); 4044 ret = 1; 4045 break; 4046 case WLAN_FC_STYPE_ACTION: 4047 wpa_printf(MSG_DEBUG, "mgmt::action"); 4048 ret = handle_action(hapd, mgmt, len, freq); 4049 break; 4050 default: 4051 hostapd_logger(hapd, mgmt->sa, HOSTAPD_MODULE_IEEE80211, 4052 HOSTAPD_LEVEL_DEBUG, 4053 "unknown mgmt frame subtype %d", stype); 4054 break; 4055 } 4056 4057 return ret; 4058 } 4059 4060 4061 static void handle_auth_cb(struct hostapd_data *hapd, 4062 const struct ieee80211_mgmt *mgmt, 4063 size_t len, int ok) 4064 { 4065 u16 auth_alg, auth_transaction, status_code; 4066 struct sta_info *sta; 4067 4068 sta = ap_get_sta(hapd, mgmt->da); 4069 if (!sta) { 4070 wpa_printf(MSG_DEBUG, "handle_auth_cb: STA " MACSTR 4071 " not found", 4072 MAC2STR(mgmt->da)); 4073 return; 4074 } 4075 4076 auth_alg = le_to_host16(mgmt->u.auth.auth_alg); 4077 auth_transaction = le_to_host16(mgmt->u.auth.auth_transaction); 4078 status_code = le_to_host16(mgmt->u.auth.status_code); 4079 4080 if (!ok) { 4081 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211, 4082 HOSTAPD_LEVEL_NOTICE, 4083 "did not acknowledge authentication response"); 4084 goto fail; 4085 } 4086 4087 if (len < IEEE80211_HDRLEN + sizeof(mgmt->u.auth)) { 4088 wpa_printf(MSG_INFO, "handle_auth_cb - too short payload (len=%lu)", 4089 (unsigned long) len); 4090 goto fail; 4091 } 4092 4093 if (status_code == WLAN_STATUS_SUCCESS && 4094 ((auth_alg == WLAN_AUTH_OPEN && auth_transaction == 2) || 4095 (auth_alg == WLAN_AUTH_SHARED_KEY && auth_transaction == 4))) { 4096 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 4097 HOSTAPD_LEVEL_INFO, "authenticated"); 4098 sta->flags |= WLAN_STA_AUTH; 4099 if (sta->added_unassoc) 4100 hostapd_set_sta_flags(hapd, sta); 4101 return; 4102 } 4103 4104 fail: 4105 if (status_code != WLAN_STATUS_SUCCESS && sta->added_unassoc) { 4106 hostapd_drv_sta_remove(hapd, sta->addr); 4107 sta->added_unassoc = 0; 4108 } 4109 } 4110 4111 4112 static void hostapd_set_wds_encryption(struct hostapd_data *hapd, 4113 struct sta_info *sta, 4114 char *ifname_wds) 4115 { 4116 int i; 4117 struct hostapd_ssid *ssid = &hapd->conf->ssid; 4118 4119 if (hapd->conf->ieee802_1x || hapd->conf->wpa) 4120 return; 4121 4122 for (i = 0; i < 4; i++) { 4123 if (ssid->wep.key[i] && 4124 hostapd_drv_set_key(ifname_wds, hapd, WPA_ALG_WEP, NULL, i, 4125 i == ssid->wep.idx, NULL, 0, 4126 ssid->wep.key[i], ssid->wep.len[i])) { 4127 wpa_printf(MSG_WARNING, 4128 "Could not set WEP keys for WDS interface; %s", 4129 ifname_wds); 4130 break; 4131 } 4132 } 4133 } 4134 4135 4136 static void handle_assoc_cb(struct hostapd_data *hapd, 4137 const struct ieee80211_mgmt *mgmt, 4138 size_t len, int reassoc, int ok) 4139 { 4140 u16 status; 4141 struct sta_info *sta; 4142 int new_assoc = 1; 4143 4144 sta = ap_get_sta(hapd, mgmt->da); 4145 if (!sta) { 4146 wpa_printf(MSG_INFO, "handle_assoc_cb: STA " MACSTR " not found", 4147 MAC2STR(mgmt->da)); 4148 return; 4149 } 4150 4151 if (len < IEEE80211_HDRLEN + (reassoc ? sizeof(mgmt->u.reassoc_resp) : 4152 sizeof(mgmt->u.assoc_resp))) { 4153 wpa_printf(MSG_INFO, 4154 "handle_assoc_cb(reassoc=%d) - too short payload (len=%lu)", 4155 reassoc, (unsigned long) len); 4156 hostapd_drv_sta_remove(hapd, sta->addr); 4157 return; 4158 } 4159 4160 if (reassoc) 4161 status = le_to_host16(mgmt->u.reassoc_resp.status_code); 4162 else 4163 status = le_to_host16(mgmt->u.assoc_resp.status_code); 4164 4165 if (!ok) { 4166 hostapd_logger(hapd, mgmt->da, HOSTAPD_MODULE_IEEE80211, 4167 HOSTAPD_LEVEL_DEBUG, 4168 "did not acknowledge association response"); 4169 sta->flags &= ~WLAN_STA_ASSOC_REQ_OK; 4170 /* The STA is added only in case of SUCCESS */ 4171 if (status == WLAN_STATUS_SUCCESS) 4172 hostapd_drv_sta_remove(hapd, sta->addr); 4173 4174 return; 4175 } 4176 4177 if (status != WLAN_STATUS_SUCCESS) 4178 return; 4179 4180 /* Stop previous accounting session, if one is started, and allocate 4181 * new session id for the new session. */ 4182 accounting_sta_stop(hapd, sta); 4183 4184 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 4185 HOSTAPD_LEVEL_INFO, 4186 "associated (aid %d)", 4187 sta->aid); 4188 4189 if (sta->flags & WLAN_STA_ASSOC) 4190 new_assoc = 0; 4191 sta->flags |= WLAN_STA_ASSOC; 4192 sta->flags &= ~WLAN_STA_WNM_SLEEP_MODE; 4193 if ((!hapd->conf->ieee802_1x && !hapd->conf->wpa && 4194 !hapd->conf->osen) || 4195 sta->auth_alg == WLAN_AUTH_FILS_SK || 4196 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS || 4197 sta->auth_alg == WLAN_AUTH_FILS_PK || 4198 sta->auth_alg == WLAN_AUTH_FT) { 4199 /* 4200 * Open, static WEP, FT protocol, or FILS; no separate 4201 * authorization step. 4202 */ 4203 ap_sta_set_authorized(hapd, sta, 1); 4204 } 4205 4206 if (reassoc) 4207 mlme_reassociate_indication(hapd, sta); 4208 else 4209 mlme_associate_indication(hapd, sta); 4210 4211 #ifdef CONFIG_IEEE80211W 4212 sta->sa_query_timed_out = 0; 4213 #endif /* CONFIG_IEEE80211W */ 4214 4215 if (sta->eapol_sm == NULL) { 4216 /* 4217 * This STA does not use RADIUS server for EAP authentication, 4218 * so bind it to the selected VLAN interface now, since the 4219 * interface selection is not going to change anymore. 4220 */ 4221 if (ap_sta_bind_vlan(hapd, sta) < 0) 4222 return; 4223 } else if (sta->vlan_id) { 4224 /* VLAN ID already set (e.g., by PMKSA caching), so bind STA */ 4225 if (ap_sta_bind_vlan(hapd, sta) < 0) 4226 return; 4227 } 4228 4229 hostapd_set_sta_flags(hapd, sta); 4230 4231 if (!(sta->flags & WLAN_STA_WDS) && sta->pending_wds_enable) { 4232 wpa_printf(MSG_DEBUG, "Enable 4-address WDS mode for STA " 4233 MACSTR " based on pending request", 4234 MAC2STR(sta->addr)); 4235 sta->pending_wds_enable = 0; 4236 sta->flags |= WLAN_STA_WDS; 4237 } 4238 4239 if (sta->flags & WLAN_STA_WDS) { 4240 int ret; 4241 char ifname_wds[IFNAMSIZ + 1]; 4242 4243 wpa_printf(MSG_DEBUG, "Reenable 4-address WDS mode for STA " 4244 MACSTR " (aid %u)", 4245 MAC2STR(sta->addr), sta->aid); 4246 ret = hostapd_set_wds_sta(hapd, ifname_wds, sta->addr, 4247 sta->aid, 1); 4248 if (!ret) 4249 hostapd_set_wds_encryption(hapd, sta, ifname_wds); 4250 } 4251 4252 if (sta->auth_alg == WLAN_AUTH_FT) 4253 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC_FT); 4254 else 4255 wpa_auth_sm_event(sta->wpa_sm, WPA_ASSOC); 4256 hapd->new_assoc_sta_cb(hapd, sta, !new_assoc); 4257 ieee802_1x_notify_port_enabled(sta->eapol_sm, 1); 4258 4259 #ifdef CONFIG_FILS 4260 if ((sta->auth_alg == WLAN_AUTH_FILS_SK || 4261 sta->auth_alg == WLAN_AUTH_FILS_SK_PFS || 4262 sta->auth_alg == WLAN_AUTH_FILS_PK) && 4263 fils_set_tk(sta->wpa_sm) < 0) { 4264 wpa_printf(MSG_DEBUG, "FILS: TK configuration failed"); 4265 ap_sta_disconnect(hapd, sta, sta->addr, 4266 WLAN_REASON_UNSPECIFIED); 4267 return; 4268 } 4269 #endif /* CONFIG_FILS */ 4270 4271 if (sta->pending_eapol_rx) { 4272 struct os_reltime now, age; 4273 4274 os_get_reltime(&now); 4275 os_reltime_sub(&now, &sta->pending_eapol_rx->rx_time, &age); 4276 if (age.sec == 0 && age.usec < 200000) { 4277 wpa_printf(MSG_DEBUG, 4278 "Process pending EAPOL frame that was received from " MACSTR " just before association notification", 4279 MAC2STR(sta->addr)); 4280 ieee802_1x_receive( 4281 hapd, mgmt->da, 4282 wpabuf_head(sta->pending_eapol_rx->buf), 4283 wpabuf_len(sta->pending_eapol_rx->buf)); 4284 } 4285 wpabuf_free(sta->pending_eapol_rx->buf); 4286 os_free(sta->pending_eapol_rx); 4287 sta->pending_eapol_rx = NULL; 4288 } 4289 } 4290 4291 4292 static void handle_deauth_cb(struct hostapd_data *hapd, 4293 const struct ieee80211_mgmt *mgmt, 4294 size_t len, int ok) 4295 { 4296 struct sta_info *sta; 4297 if (is_multicast_ether_addr(mgmt->da)) 4298 return; 4299 sta = ap_get_sta(hapd, mgmt->da); 4300 if (!sta) { 4301 wpa_printf(MSG_DEBUG, "handle_deauth_cb: STA " MACSTR 4302 " not found", MAC2STR(mgmt->da)); 4303 return; 4304 } 4305 if (ok) 4306 wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged deauth", 4307 MAC2STR(sta->addr)); 4308 else 4309 wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge " 4310 "deauth", MAC2STR(sta->addr)); 4311 4312 ap_sta_deauth_cb(hapd, sta); 4313 } 4314 4315 4316 static void handle_disassoc_cb(struct hostapd_data *hapd, 4317 const struct ieee80211_mgmt *mgmt, 4318 size_t len, int ok) 4319 { 4320 struct sta_info *sta; 4321 if (is_multicast_ether_addr(mgmt->da)) 4322 return; 4323 sta = ap_get_sta(hapd, mgmt->da); 4324 if (!sta) { 4325 wpa_printf(MSG_DEBUG, "handle_disassoc_cb: STA " MACSTR 4326 " not found", MAC2STR(mgmt->da)); 4327 return; 4328 } 4329 if (ok) 4330 wpa_printf(MSG_DEBUG, "STA " MACSTR " acknowledged disassoc", 4331 MAC2STR(sta->addr)); 4332 else 4333 wpa_printf(MSG_DEBUG, "STA " MACSTR " did not acknowledge " 4334 "disassoc", MAC2STR(sta->addr)); 4335 4336 ap_sta_disassoc_cb(hapd, sta); 4337 } 4338 4339 4340 static void handle_action_cb(struct hostapd_data *hapd, 4341 const struct ieee80211_mgmt *mgmt, 4342 size_t len, int ok) 4343 { 4344 struct sta_info *sta; 4345 const struct rrm_measurement_report_element *report; 4346 4347 if (is_multicast_ether_addr(mgmt->da)) 4348 return; 4349 #ifdef CONFIG_DPP 4350 if (len >= IEEE80211_HDRLEN + 6 && 4351 mgmt->u.action.category == WLAN_ACTION_PUBLIC && 4352 mgmt->u.action.u.vs_public_action.action == 4353 WLAN_PA_VENDOR_SPECIFIC && 4354 WPA_GET_BE24(mgmt->u.action.u.vs_public_action.oui) == 4355 OUI_WFA && 4356 mgmt->u.action.u.vs_public_action.variable[0] == 4357 DPP_OUI_TYPE) { 4358 const u8 *pos, *end; 4359 4360 pos = &mgmt->u.action.u.vs_public_action.variable[1]; 4361 end = ((const u8 *) mgmt) + len; 4362 hostapd_dpp_tx_status(hapd, mgmt->da, pos, end - pos, ok); 4363 return; 4364 } 4365 if (len >= IEEE80211_HDRLEN + 2 && 4366 mgmt->u.action.category == WLAN_ACTION_PUBLIC && 4367 (mgmt->u.action.u.public_action.action == 4368 WLAN_PA_GAS_INITIAL_REQ || 4369 mgmt->u.action.u.public_action.action == 4370 WLAN_PA_GAS_COMEBACK_REQ)) { 4371 const u8 *pos, *end; 4372 4373 pos = mgmt->u.action.u.public_action.variable; 4374 end = ((const u8 *) mgmt) + len; 4375 gas_query_ap_tx_status(hapd->gas, mgmt->da, pos, end - pos, ok); 4376 return; 4377 } 4378 #endif /* CONFIG_DPP */ 4379 sta = ap_get_sta(hapd, mgmt->da); 4380 if (!sta) { 4381 wpa_printf(MSG_DEBUG, "handle_action_cb: STA " MACSTR 4382 " not found", MAC2STR(mgmt->da)); 4383 return; 4384 } 4385 4386 if (len < 24 + 5 + sizeof(*report)) 4387 return; 4388 report = (const struct rrm_measurement_report_element *) 4389 &mgmt->u.action.u.rrm.variable[2]; 4390 if (mgmt->u.action.category == WLAN_ACTION_RADIO_MEASUREMENT && 4391 mgmt->u.action.u.rrm.action == WLAN_RRM_RADIO_MEASUREMENT_REQUEST && 4392 report->eid == WLAN_EID_MEASURE_REQUEST && 4393 report->len >= 3 && 4394 report->type == MEASURE_TYPE_BEACON) 4395 hostapd_rrm_beacon_req_tx_status(hapd, mgmt, len, ok); 4396 } 4397 4398 4399 /** 4400 * ieee802_11_mgmt_cb - Process management frame TX status callback 4401 * @hapd: hostapd BSS data structure (the BSS from which the management frame 4402 * was sent from) 4403 * @buf: management frame data (starting from IEEE 802.11 header) 4404 * @len: length of frame data in octets 4405 * @stype: management frame subtype from frame control field 4406 * @ok: Whether the frame was ACK'ed 4407 */ 4408 void ieee802_11_mgmt_cb(struct hostapd_data *hapd, const u8 *buf, size_t len, 4409 u16 stype, int ok) 4410 { 4411 const struct ieee80211_mgmt *mgmt; 4412 mgmt = (const struct ieee80211_mgmt *) buf; 4413 4414 #ifdef CONFIG_TESTING_OPTIONS 4415 if (hapd->ext_mgmt_frame_handling) { 4416 size_t hex_len = 2 * len + 1; 4417 char *hex = os_malloc(hex_len); 4418 4419 if (hex) { 4420 wpa_snprintf_hex(hex, hex_len, buf, len); 4421 wpa_msg(hapd->msg_ctx, MSG_INFO, 4422 "MGMT-TX-STATUS stype=%u ok=%d buf=%s", 4423 stype, ok, hex); 4424 os_free(hex); 4425 } 4426 return; 4427 } 4428 #endif /* CONFIG_TESTING_OPTIONS */ 4429 4430 switch (stype) { 4431 case WLAN_FC_STYPE_AUTH: 4432 wpa_printf(MSG_DEBUG, "mgmt::auth cb"); 4433 handle_auth_cb(hapd, mgmt, len, ok); 4434 break; 4435 case WLAN_FC_STYPE_ASSOC_RESP: 4436 wpa_printf(MSG_DEBUG, "mgmt::assoc_resp cb"); 4437 handle_assoc_cb(hapd, mgmt, len, 0, ok); 4438 break; 4439 case WLAN_FC_STYPE_REASSOC_RESP: 4440 wpa_printf(MSG_DEBUG, "mgmt::reassoc_resp cb"); 4441 handle_assoc_cb(hapd, mgmt, len, 1, ok); 4442 break; 4443 case WLAN_FC_STYPE_PROBE_RESP: 4444 wpa_printf(MSG_EXCESSIVE, "mgmt::proberesp cb ok=%d", ok); 4445 break; 4446 case WLAN_FC_STYPE_DEAUTH: 4447 wpa_printf(MSG_DEBUG, "mgmt::deauth cb"); 4448 handle_deauth_cb(hapd, mgmt, len, ok); 4449 break; 4450 case WLAN_FC_STYPE_DISASSOC: 4451 wpa_printf(MSG_DEBUG, "mgmt::disassoc cb"); 4452 handle_disassoc_cb(hapd, mgmt, len, ok); 4453 break; 4454 case WLAN_FC_STYPE_ACTION: 4455 wpa_printf(MSG_DEBUG, "mgmt::action cb ok=%d", ok); 4456 handle_action_cb(hapd, mgmt, len, ok); 4457 break; 4458 default: 4459 wpa_printf(MSG_INFO, "unknown mgmt cb frame subtype %d", stype); 4460 break; 4461 } 4462 } 4463 4464 4465 int ieee802_11_get_mib(struct hostapd_data *hapd, char *buf, size_t buflen) 4466 { 4467 /* TODO */ 4468 return 0; 4469 } 4470 4471 4472 int ieee802_11_get_mib_sta(struct hostapd_data *hapd, struct sta_info *sta, 4473 char *buf, size_t buflen) 4474 { 4475 /* TODO */ 4476 return 0; 4477 } 4478 4479 4480 void hostapd_tx_status(struct hostapd_data *hapd, const u8 *addr, 4481 const u8 *buf, size_t len, int ack) 4482 { 4483 struct sta_info *sta; 4484 struct hostapd_iface *iface = hapd->iface; 4485 4486 sta = ap_get_sta(hapd, addr); 4487 if (sta == NULL && iface->num_bss > 1) { 4488 size_t j; 4489 for (j = 0; j < iface->num_bss; j++) { 4490 hapd = iface->bss[j]; 4491 sta = ap_get_sta(hapd, addr); 4492 if (sta) 4493 break; 4494 } 4495 } 4496 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) 4497 return; 4498 if (sta->flags & WLAN_STA_PENDING_POLL) { 4499 wpa_printf(MSG_DEBUG, "STA " MACSTR " %s pending " 4500 "activity poll", MAC2STR(sta->addr), 4501 ack ? "ACKed" : "did not ACK"); 4502 if (ack) 4503 sta->flags &= ~WLAN_STA_PENDING_POLL; 4504 } 4505 4506 ieee802_1x_tx_status(hapd, sta, buf, len, ack); 4507 } 4508 4509 4510 void hostapd_eapol_tx_status(struct hostapd_data *hapd, const u8 *dst, 4511 const u8 *data, size_t len, int ack) 4512 { 4513 struct sta_info *sta; 4514 struct hostapd_iface *iface = hapd->iface; 4515 4516 sta = ap_get_sta(hapd, dst); 4517 if (sta == NULL && iface->num_bss > 1) { 4518 size_t j; 4519 for (j = 0; j < iface->num_bss; j++) { 4520 hapd = iface->bss[j]; 4521 sta = ap_get_sta(hapd, dst); 4522 if (sta) 4523 break; 4524 } 4525 } 4526 if (sta == NULL || !(sta->flags & WLAN_STA_ASSOC)) { 4527 wpa_printf(MSG_DEBUG, "Ignore TX status for Data frame to STA " 4528 MACSTR " that is not currently associated", 4529 MAC2STR(dst)); 4530 return; 4531 } 4532 4533 ieee802_1x_eapol_tx_status(hapd, sta, data, len, ack); 4534 } 4535 4536 4537 void hostapd_client_poll_ok(struct hostapd_data *hapd, const u8 *addr) 4538 { 4539 struct sta_info *sta; 4540 struct hostapd_iface *iface = hapd->iface; 4541 4542 sta = ap_get_sta(hapd, addr); 4543 if (sta == NULL && iface->num_bss > 1) { 4544 size_t j; 4545 for (j = 0; j < iface->num_bss; j++) { 4546 hapd = iface->bss[j]; 4547 sta = ap_get_sta(hapd, addr); 4548 if (sta) 4549 break; 4550 } 4551 } 4552 if (sta == NULL) 4553 return; 4554 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POLL_OK MACSTR, 4555 MAC2STR(sta->addr)); 4556 if (!(sta->flags & WLAN_STA_PENDING_POLL)) 4557 return; 4558 4559 wpa_printf(MSG_DEBUG, "STA " MACSTR " ACKed pending " 4560 "activity poll", MAC2STR(sta->addr)); 4561 sta->flags &= ~WLAN_STA_PENDING_POLL; 4562 } 4563 4564 4565 void ieee802_11_rx_from_unknown(struct hostapd_data *hapd, const u8 *src, 4566 int wds) 4567 { 4568 struct sta_info *sta; 4569 4570 sta = ap_get_sta(hapd, src); 4571 if (sta && 4572 ((sta->flags & WLAN_STA_ASSOC) || 4573 ((sta->flags & WLAN_STA_ASSOC_REQ_OK) && wds))) { 4574 if (!hapd->conf->wds_sta) 4575 return; 4576 4577 if ((sta->flags & (WLAN_STA_ASSOC | WLAN_STA_ASSOC_REQ_OK)) == 4578 WLAN_STA_ASSOC_REQ_OK) { 4579 wpa_printf(MSG_DEBUG, 4580 "Postpone 4-address WDS mode enabling for STA " 4581 MACSTR " since TX status for AssocResp is not yet known", 4582 MAC2STR(sta->addr)); 4583 sta->pending_wds_enable = 1; 4584 return; 4585 } 4586 4587 if (wds && !(sta->flags & WLAN_STA_WDS)) { 4588 int ret; 4589 char ifname_wds[IFNAMSIZ + 1]; 4590 4591 wpa_printf(MSG_DEBUG, "Enable 4-address WDS mode for " 4592 "STA " MACSTR " (aid %u)", 4593 MAC2STR(sta->addr), sta->aid); 4594 sta->flags |= WLAN_STA_WDS; 4595 ret = hostapd_set_wds_sta(hapd, ifname_wds, 4596 sta->addr, sta->aid, 1); 4597 if (!ret) 4598 hostapd_set_wds_encryption(hapd, sta, 4599 ifname_wds); 4600 } 4601 return; 4602 } 4603 4604 wpa_printf(MSG_DEBUG, "Data/PS-poll frame from not associated STA " 4605 MACSTR, MAC2STR(src)); 4606 if (is_multicast_ether_addr(src)) { 4607 /* Broadcast bit set in SA?! Ignore the frame silently. */ 4608 return; 4609 } 4610 4611 if (sta && (sta->flags & WLAN_STA_ASSOC_REQ_OK)) { 4612 wpa_printf(MSG_DEBUG, "Association Response to the STA has " 4613 "already been sent, but no TX status yet known - " 4614 "ignore Class 3 frame issue with " MACSTR, 4615 MAC2STR(src)); 4616 return; 4617 } 4618 4619 if (sta && (sta->flags & WLAN_STA_AUTH)) 4620 hostapd_drv_sta_disassoc( 4621 hapd, src, 4622 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA); 4623 else 4624 hostapd_drv_sta_deauth( 4625 hapd, src, 4626 WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA); 4627 } 4628 4629 4630 #endif /* CONFIG_NATIVE_WINDOWS */ 4631