sme.c 22 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747
  1. /*
  2. * wpa_supplicant - SME
  3. * Copyright (c) 2009-2010, Jouni Malinen <j@w1.fi>
  4. *
  5. * This program is free software; you can redistribute it and/or modify
  6. * it under the terms of the GNU General Public License version 2 as
  7. * published by the Free Software Foundation.
  8. *
  9. * Alternatively, this software may be distributed under the terms of BSD
  10. * license.
  11. *
  12. * See README and COPYING for more details.
  13. */
  14. #include "includes.h"
  15. #include "common.h"
  16. #include "utils/eloop.h"
  17. #include "common/ieee802_11_defs.h"
  18. #include "common/ieee802_11_common.h"
  19. #include "eapol_supp/eapol_supp_sm.h"
  20. #include "common/wpa_common.h"
  21. #include "rsn_supp/wpa.h"
  22. #include "rsn_supp/pmksa_cache.h"
  23. #include "config.h"
  24. #include "wpa_supplicant_i.h"
  25. #include "driver_i.h"
  26. #include "wpas_glue.h"
  27. #include "wps_supplicant.h"
  28. #include "p2p_supplicant.h"
  29. #include "notify.h"
  30. #include "blacklist.h"
  31. #include "bss.h"
  32. #include "scan.h"
  33. #include "sme.h"
  34. #define SME_AUTH_TIMEOUT 5
  35. #define SME_ASSOC_TIMEOUT 5
  36. static void sme_auth_timer(void *eloop_ctx, void *timeout_ctx);
  37. static void sme_assoc_timer(void *eloop_ctx, void *timeout_ctx);
  38. #ifdef CONFIG_IEEE80211W
  39. static void sme_stop_sa_query(struct wpa_supplicant *wpa_s);
  40. #endif /* CONFIG_IEEE80211W */
  41. void sme_authenticate(struct wpa_supplicant *wpa_s,
  42. struct wpa_bss *bss, struct wpa_ssid *ssid)
  43. {
  44. struct wpa_driver_auth_params params;
  45. struct wpa_ssid *old_ssid;
  46. #ifdef CONFIG_IEEE80211R
  47. const u8 *ie;
  48. #endif /* CONFIG_IEEE80211R */
  49. #ifdef CONFIG_IEEE80211R
  50. const u8 *md = NULL;
  51. #endif /* CONFIG_IEEE80211R */
  52. int i, bssid_changed;
  53. if (bss == NULL) {
  54. wpa_msg(wpa_s, MSG_ERROR, "SME: No scan result available for "
  55. "the network");
  56. return;
  57. }
  58. wpa_s->current_bss = bss;
  59. os_memset(&params, 0, sizeof(params));
  60. wpa_s->reassociate = 0;
  61. params.freq = bss->freq;
  62. params.bssid = bss->bssid;
  63. params.ssid = bss->ssid;
  64. params.ssid_len = bss->ssid_len;
  65. params.p2p = ssid->p2p_group;
  66. if (wpa_s->sme.ssid_len != params.ssid_len ||
  67. os_memcmp(wpa_s->sme.ssid, params.ssid, params.ssid_len) != 0)
  68. wpa_s->sme.prev_bssid_set = 0;
  69. wpa_s->sme.freq = params.freq;
  70. os_memcpy(wpa_s->sme.ssid, params.ssid, params.ssid_len);
  71. wpa_s->sme.ssid_len = params.ssid_len;
  72. params.auth_alg = WPA_AUTH_ALG_OPEN;
  73. #ifdef IEEE8021X_EAPOL
  74. if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
  75. if (ssid->leap) {
  76. if (ssid->non_leap == 0)
  77. params.auth_alg = WPA_AUTH_ALG_LEAP;
  78. else
  79. params.auth_alg |= WPA_AUTH_ALG_LEAP;
  80. }
  81. }
  82. #endif /* IEEE8021X_EAPOL */
  83. wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x",
  84. params.auth_alg);
  85. if (ssid->auth_alg) {
  86. params.auth_alg = ssid->auth_alg;
  87. wpa_dbg(wpa_s, MSG_DEBUG, "Overriding auth_alg selection: "
  88. "0x%x", params.auth_alg);
  89. }
  90. for (i = 0; i < NUM_WEP_KEYS; i++) {
  91. if (ssid->wep_key_len[i])
  92. params.wep_key[i] = ssid->wep_key[i];
  93. params.wep_key_len[i] = ssid->wep_key_len[i];
  94. }
  95. params.wep_tx_keyidx = ssid->wep_tx_keyidx;
  96. bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
  97. os_memset(wpa_s->bssid, 0, ETH_ALEN);
  98. os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
  99. if (bssid_changed)
  100. wpas_notify_bssid_changed(wpa_s);
  101. if ((wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
  102. wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
  103. (ssid->key_mgmt & (WPA_KEY_MGMT_IEEE8021X | WPA_KEY_MGMT_PSK |
  104. WPA_KEY_MGMT_FT_IEEE8021X |
  105. WPA_KEY_MGMT_FT_PSK |
  106. WPA_KEY_MGMT_IEEE8021X_SHA256 |
  107. WPA_KEY_MGMT_PSK_SHA256))) {
  108. int try_opportunistic;
  109. try_opportunistic = ssid->proactive_key_caching &&
  110. (ssid->proto & WPA_PROTO_RSN);
  111. if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
  112. wpa_s->current_ssid,
  113. try_opportunistic) == 0)
  114. eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1);
  115. wpa_s->sme.assoc_req_ie_len = sizeof(wpa_s->sme.assoc_req_ie);
  116. if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
  117. wpa_s->sme.assoc_req_ie,
  118. &wpa_s->sme.assoc_req_ie_len)) {
  119. wpa_msg(wpa_s, MSG_WARNING, "SME: Failed to set WPA "
  120. "key management and encryption suites");
  121. return;
  122. }
  123. } else if (ssid->key_mgmt &
  124. (WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_IEEE8021X |
  125. WPA_KEY_MGMT_WPA_NONE | WPA_KEY_MGMT_FT_PSK |
  126. WPA_KEY_MGMT_FT_IEEE8021X | WPA_KEY_MGMT_PSK_SHA256 |
  127. WPA_KEY_MGMT_IEEE8021X_SHA256)) {
  128. wpa_s->sme.assoc_req_ie_len = sizeof(wpa_s->sme.assoc_req_ie);
  129. if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
  130. wpa_s->sme.assoc_req_ie,
  131. &wpa_s->sme.assoc_req_ie_len)) {
  132. wpa_msg(wpa_s, MSG_WARNING, "SME: Failed to set WPA "
  133. "key management and encryption suites (no "
  134. "scan results)");
  135. return;
  136. }
  137. #ifdef CONFIG_WPS
  138. } else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
  139. struct wpabuf *wps_ie;
  140. wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
  141. if (wps_ie && wpabuf_len(wps_ie) <=
  142. sizeof(wpa_s->sme.assoc_req_ie)) {
  143. wpa_s->sme.assoc_req_ie_len = wpabuf_len(wps_ie);
  144. os_memcpy(wpa_s->sme.assoc_req_ie, wpabuf_head(wps_ie),
  145. wpa_s->sme.assoc_req_ie_len);
  146. } else
  147. wpa_s->sme.assoc_req_ie_len = 0;
  148. wpabuf_free(wps_ie);
  149. wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
  150. #endif /* CONFIG_WPS */
  151. } else {
  152. wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
  153. wpa_s->sme.assoc_req_ie_len = 0;
  154. }
  155. #ifdef CONFIG_IEEE80211R
  156. ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
  157. if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
  158. md = ie + 2;
  159. wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
  160. if (md) {
  161. /* Prepare for the next transition */
  162. wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
  163. }
  164. if (md && ssid->key_mgmt & (WPA_KEY_MGMT_FT_PSK |
  165. WPA_KEY_MGMT_FT_IEEE8021X)) {
  166. if (wpa_s->sme.assoc_req_ie_len + 5 <
  167. sizeof(wpa_s->sme.assoc_req_ie)) {
  168. struct rsn_mdie *mdie;
  169. u8 *pos = wpa_s->sme.assoc_req_ie +
  170. wpa_s->sme.assoc_req_ie_len;
  171. *pos++ = WLAN_EID_MOBILITY_DOMAIN;
  172. *pos++ = sizeof(*mdie);
  173. mdie = (struct rsn_mdie *) pos;
  174. os_memcpy(mdie->mobility_domain, md,
  175. MOBILITY_DOMAIN_ID_LEN);
  176. mdie->ft_capab = md[MOBILITY_DOMAIN_ID_LEN];
  177. wpa_s->sme.assoc_req_ie_len += 5;
  178. }
  179. if (wpa_s->sme.ft_used &&
  180. os_memcmp(md, wpa_s->sme.mobility_domain, 2) == 0 &&
  181. wpa_sm_has_ptk(wpa_s->wpa)) {
  182. wpa_dbg(wpa_s, MSG_DEBUG, "SME: Trying to use FT "
  183. "over-the-air");
  184. params.auth_alg = WPA_AUTH_ALG_FT;
  185. params.ie = wpa_s->sme.ft_ies;
  186. params.ie_len = wpa_s->sme.ft_ies_len;
  187. }
  188. }
  189. #endif /* CONFIG_IEEE80211R */
  190. #ifdef CONFIG_IEEE80211W
  191. wpa_s->sme.mfp = ssid->ieee80211w;
  192. if (ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
  193. const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
  194. struct wpa_ie_data _ie;
  195. if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &_ie) == 0 &&
  196. _ie.capabilities &
  197. (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
  198. wpa_dbg(wpa_s, MSG_DEBUG, "SME: Selected AP supports "
  199. "MFP: require MFP");
  200. wpa_s->sme.mfp = MGMT_FRAME_PROTECTION_REQUIRED;
  201. }
  202. }
  203. #endif /* CONFIG_IEEE80211W */
  204. #ifdef CONFIG_P2P
  205. if (wpa_s->global->p2p) {
  206. u8 *pos;
  207. size_t len;
  208. int res;
  209. pos = wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len;
  210. len = sizeof(wpa_s->sme.assoc_req_ie) -
  211. wpa_s->sme.assoc_req_ie_len;
  212. res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len,
  213. ssid->p2p_group);
  214. if (res >= 0)
  215. wpa_s->sme.assoc_req_ie_len += res;
  216. }
  217. #endif /* CONFIG_P2P */
  218. wpa_supplicant_cancel_scan(wpa_s);
  219. wpa_msg(wpa_s, MSG_INFO, "SME: Trying to authenticate with " MACSTR
  220. " (SSID='%s' freq=%d MHz)", MAC2STR(params.bssid),
  221. wpa_ssid_txt(params.ssid, params.ssid_len), params.freq);
  222. wpa_clear_keys(wpa_s, bss->bssid);
  223. wpa_supplicant_set_state(wpa_s, WPA_AUTHENTICATING);
  224. old_ssid = wpa_s->current_ssid;
  225. wpa_s->current_ssid = ssid;
  226. wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
  227. wpa_supplicant_initiate_eapol(wpa_s);
  228. if (old_ssid != wpa_s->current_ssid)
  229. wpas_notify_network_changed(wpa_s);
  230. wpa_s->sme.auth_alg = params.auth_alg;
  231. if (wpa_drv_authenticate(wpa_s, &params) < 0) {
  232. wpa_msg(wpa_s, MSG_INFO, "SME: Authentication request to the "
  233. "driver failed");
  234. wpa_supplicant_req_scan(wpa_s, 1, 0);
  235. return;
  236. }
  237. eloop_register_timeout(SME_AUTH_TIMEOUT, 0, sme_auth_timer, wpa_s,
  238. NULL);
  239. /*
  240. * Association will be started based on the authentication event from
  241. * the driver.
  242. */
  243. }
  244. void sme_event_auth(struct wpa_supplicant *wpa_s, union wpa_event_data *data)
  245. {
  246. struct wpa_ssid *ssid = wpa_s->current_ssid;
  247. if (ssid == NULL) {
  248. wpa_dbg(wpa_s, MSG_DEBUG, "SME: Ignore authentication event "
  249. "when network is not selected");
  250. return;
  251. }
  252. if (wpa_s->wpa_state != WPA_AUTHENTICATING) {
  253. wpa_dbg(wpa_s, MSG_DEBUG, "SME: Ignore authentication event "
  254. "when not in authenticating state");
  255. return;
  256. }
  257. if (os_memcmp(wpa_s->pending_bssid, data->auth.peer, ETH_ALEN) != 0) {
  258. wpa_dbg(wpa_s, MSG_DEBUG, "SME: Ignore authentication with "
  259. "unexpected peer " MACSTR,
  260. MAC2STR(data->auth.peer));
  261. return;
  262. }
  263. wpa_dbg(wpa_s, MSG_DEBUG, "SME: Authentication response: peer=" MACSTR
  264. " auth_type=%d status_code=%d",
  265. MAC2STR(data->auth.peer), data->auth.auth_type,
  266. data->auth.status_code);
  267. wpa_hexdump(MSG_MSGDUMP, "SME: Authentication response IEs",
  268. data->auth.ies, data->auth.ies_len);
  269. eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL);
  270. if (data->auth.status_code != WLAN_STATUS_SUCCESS) {
  271. wpa_dbg(wpa_s, MSG_DEBUG, "SME: Authentication failed (status "
  272. "code %d)", data->auth.status_code);
  273. if (data->auth.status_code !=
  274. WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG ||
  275. wpa_s->sme.auth_alg == data->auth.auth_type ||
  276. wpa_s->current_ssid->auth_alg == WPA_AUTH_ALG_LEAP) {
  277. wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
  278. return;
  279. }
  280. switch (data->auth.auth_type) {
  281. case WLAN_AUTH_OPEN:
  282. wpa_s->current_ssid->auth_alg = WPA_AUTH_ALG_SHARED;
  283. wpa_dbg(wpa_s, MSG_DEBUG, "SME: Trying SHARED auth");
  284. wpa_supplicant_associate(wpa_s, wpa_s->current_bss,
  285. wpa_s->current_ssid);
  286. return;
  287. case WLAN_AUTH_SHARED_KEY:
  288. wpa_s->current_ssid->auth_alg = WPA_AUTH_ALG_LEAP;
  289. wpa_dbg(wpa_s, MSG_DEBUG, "SME: Trying LEAP auth");
  290. wpa_supplicant_associate(wpa_s, wpa_s->current_bss,
  291. wpa_s->current_ssid);
  292. return;
  293. default:
  294. return;
  295. }
  296. }
  297. #ifdef CONFIG_IEEE80211R
  298. if (data->auth.auth_type == WLAN_AUTH_FT) {
  299. union wpa_event_data edata;
  300. os_memset(&edata, 0, sizeof(edata));
  301. edata.ft_ies.ies = data->auth.ies;
  302. edata.ft_ies.ies_len = data->auth.ies_len;
  303. os_memcpy(edata.ft_ies.target_ap, data->auth.peer, ETH_ALEN);
  304. wpa_supplicant_event(wpa_s, EVENT_FT_RESPONSE, &edata);
  305. }
  306. #endif /* CONFIG_IEEE80211R */
  307. sme_associate(wpa_s, ssid->mode, data->auth.peer,
  308. data->auth.auth_type);
  309. }
  310. void sme_associate(struct wpa_supplicant *wpa_s, enum wpas_mode mode,
  311. const u8 *bssid, u16 auth_type)
  312. {
  313. struct wpa_driver_associate_params params;
  314. struct ieee802_11_elems elems;
  315. os_memset(&params, 0, sizeof(params));
  316. params.bssid = bssid;
  317. params.ssid = wpa_s->sme.ssid;
  318. params.ssid_len = wpa_s->sme.ssid_len;
  319. params.freq = wpa_s->sme.freq;
  320. params.wpa_ie = wpa_s->sme.assoc_req_ie_len ?
  321. wpa_s->sme.assoc_req_ie : NULL;
  322. params.wpa_ie_len = wpa_s->sme.assoc_req_ie_len;
  323. params.pairwise_suite = cipher_suite2driver(wpa_s->pairwise_cipher);
  324. params.group_suite = cipher_suite2driver(wpa_s->group_cipher);
  325. #ifdef CONFIG_IEEE80211R
  326. if (auth_type == WLAN_AUTH_FT && wpa_s->sme.ft_ies) {
  327. params.wpa_ie = wpa_s->sme.ft_ies;
  328. params.wpa_ie_len = wpa_s->sme.ft_ies_len;
  329. }
  330. #endif /* CONFIG_IEEE80211R */
  331. params.mode = mode;
  332. params.mgmt_frame_protection = wpa_s->sme.mfp;
  333. if (wpa_s->sme.prev_bssid_set)
  334. params.prev_bssid = wpa_s->sme.prev_bssid;
  335. wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
  336. " (SSID='%s' freq=%d MHz)", MAC2STR(params.bssid),
  337. params.ssid ? wpa_ssid_txt(params.ssid, params.ssid_len) : "",
  338. params.freq);
  339. wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
  340. if (params.wpa_ie == NULL ||
  341. ieee802_11_parse_elems(params.wpa_ie, params.wpa_ie_len, &elems, 0)
  342. < 0) {
  343. wpa_dbg(wpa_s, MSG_DEBUG, "SME: Could not parse own IEs?!");
  344. os_memset(&elems, 0, sizeof(elems));
  345. }
  346. if (elems.rsn_ie)
  347. wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, elems.rsn_ie - 2,
  348. elems.rsn_ie_len + 2);
  349. else if (elems.wpa_ie)
  350. wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, elems.wpa_ie - 2,
  351. elems.wpa_ie_len + 2);
  352. else
  353. wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
  354. if (wpa_s->current_ssid && wpa_s->current_ssid->p2p_group)
  355. params.p2p = 1;
  356. if (wpa_s->parent->set_sta_uapsd)
  357. params.uapsd = wpa_s->parent->sta_uapsd;
  358. else
  359. params.uapsd = -1;
  360. if (wpa_drv_associate(wpa_s, &params) < 0) {
  361. wpa_msg(wpa_s, MSG_INFO, "SME: Association request to the "
  362. "driver failed");
  363. wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
  364. os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
  365. return;
  366. }
  367. eloop_register_timeout(SME_ASSOC_TIMEOUT, 0, sme_assoc_timer, wpa_s,
  368. NULL);
  369. }
  370. int sme_update_ft_ies(struct wpa_supplicant *wpa_s, const u8 *md,
  371. const u8 *ies, size_t ies_len)
  372. {
  373. if (md == NULL || ies == NULL) {
  374. wpa_dbg(wpa_s, MSG_DEBUG, "SME: Remove mobility domain");
  375. os_free(wpa_s->sme.ft_ies);
  376. wpa_s->sme.ft_ies = NULL;
  377. wpa_s->sme.ft_ies_len = 0;
  378. wpa_s->sme.ft_used = 0;
  379. return 0;
  380. }
  381. os_memcpy(wpa_s->sme.mobility_domain, md, MOBILITY_DOMAIN_ID_LEN);
  382. wpa_hexdump(MSG_DEBUG, "SME: FT IEs", ies, ies_len);
  383. os_free(wpa_s->sme.ft_ies);
  384. wpa_s->sme.ft_ies = os_malloc(ies_len);
  385. if (wpa_s->sme.ft_ies == NULL)
  386. return -1;
  387. os_memcpy(wpa_s->sme.ft_ies, ies, ies_len);
  388. wpa_s->sme.ft_ies_len = ies_len;
  389. return 0;
  390. }
  391. static void sme_deauth(struct wpa_supplicant *wpa_s)
  392. {
  393. int bssid_changed;
  394. bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
  395. if (wpa_drv_deauthenticate(wpa_s, wpa_s->pending_bssid,
  396. WLAN_REASON_DEAUTH_LEAVING) < 0) {
  397. wpa_msg(wpa_s, MSG_INFO, "SME: Deauth request to the driver "
  398. "failed");
  399. }
  400. wpa_s->sme.prev_bssid_set = 0;
  401. wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
  402. wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
  403. os_memset(wpa_s->bssid, 0, ETH_ALEN);
  404. os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
  405. if (bssid_changed)
  406. wpas_notify_bssid_changed(wpa_s);
  407. }
  408. void sme_event_assoc_reject(struct wpa_supplicant *wpa_s,
  409. union wpa_event_data *data)
  410. {
  411. wpa_dbg(wpa_s, MSG_DEBUG, "SME: Association with " MACSTR " failed: "
  412. "status code %d", MAC2STR(wpa_s->pending_bssid),
  413. data->assoc_reject.status_code);
  414. eloop_cancel_timeout(sme_assoc_timer, wpa_s, NULL);
  415. /*
  416. * For now, unconditionally terminate the previous authentication. In
  417. * theory, this should not be needed, but mac80211 gets quite confused
  418. * if the authentication is left pending.. Some roaming cases might
  419. * benefit from using the previous authentication, so this could be
  420. * optimized in the future.
  421. */
  422. sme_deauth(wpa_s);
  423. }
  424. void sme_event_auth_timed_out(struct wpa_supplicant *wpa_s,
  425. union wpa_event_data *data)
  426. {
  427. wpa_dbg(wpa_s, MSG_DEBUG, "SME: Authentication timed out");
  428. wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
  429. }
  430. void sme_event_assoc_timed_out(struct wpa_supplicant *wpa_s,
  431. union wpa_event_data *data)
  432. {
  433. wpa_dbg(wpa_s, MSG_DEBUG, "SME: Association timed out");
  434. wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
  435. wpa_supplicant_mark_disassoc(wpa_s);
  436. }
  437. void sme_event_disassoc(struct wpa_supplicant *wpa_s,
  438. union wpa_event_data *data)
  439. {
  440. wpa_dbg(wpa_s, MSG_DEBUG, "SME: Disassociation event received");
  441. if (wpa_s->sme.prev_bssid_set &&
  442. !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME)) {
  443. /*
  444. * cfg80211/mac80211 can get into somewhat confused state if
  445. * the AP only disassociates us and leaves us in authenticated
  446. * state. For now, force the state to be cleared to avoid
  447. * confusing errors if we try to associate with the AP again.
  448. */
  449. wpa_dbg(wpa_s, MSG_DEBUG, "SME: Deauthenticate to clear "
  450. "driver state");
  451. wpa_drv_deauthenticate(wpa_s, wpa_s->sme.prev_bssid,
  452. WLAN_REASON_DEAUTH_LEAVING);
  453. }
  454. }
  455. static void sme_auth_timer(void *eloop_ctx, void *timeout_ctx)
  456. {
  457. struct wpa_supplicant *wpa_s = eloop_ctx;
  458. if (wpa_s->wpa_state == WPA_AUTHENTICATING) {
  459. wpa_msg(wpa_s, MSG_DEBUG, "SME: Authentication timeout");
  460. sme_deauth(wpa_s);
  461. }
  462. }
  463. static void sme_assoc_timer(void *eloop_ctx, void *timeout_ctx)
  464. {
  465. struct wpa_supplicant *wpa_s = eloop_ctx;
  466. if (wpa_s->wpa_state == WPA_ASSOCIATING) {
  467. wpa_msg(wpa_s, MSG_DEBUG, "SME: Association timeout");
  468. sme_deauth(wpa_s);
  469. }
  470. }
  471. void sme_state_changed(struct wpa_supplicant *wpa_s)
  472. {
  473. /* Make sure timers are cleaned up appropriately. */
  474. if (wpa_s->wpa_state != WPA_ASSOCIATING)
  475. eloop_cancel_timeout(sme_assoc_timer, wpa_s, NULL);
  476. if (wpa_s->wpa_state != WPA_AUTHENTICATING)
  477. eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL);
  478. }
  479. void sme_disassoc_while_authenticating(struct wpa_supplicant *wpa_s,
  480. const u8 *prev_pending_bssid)
  481. {
  482. /*
  483. * mac80211-workaround to force deauth on failed auth cmd,
  484. * requires us to remain in authenticating state to allow the
  485. * second authentication attempt to be continued properly.
  486. */
  487. wpa_dbg(wpa_s, MSG_DEBUG, "SME: Allow pending authentication "
  488. "to proceed after disconnection event");
  489. wpa_supplicant_set_state(wpa_s, WPA_AUTHENTICATING);
  490. os_memcpy(wpa_s->pending_bssid, prev_pending_bssid, ETH_ALEN);
  491. /*
  492. * Re-arm authentication timer in case auth fails for whatever reason.
  493. */
  494. eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL);
  495. eloop_register_timeout(SME_AUTH_TIMEOUT, 0, sme_auth_timer, wpa_s,
  496. NULL);
  497. }
  498. void sme_deinit(struct wpa_supplicant *wpa_s)
  499. {
  500. os_free(wpa_s->sme.ft_ies);
  501. wpa_s->sme.ft_ies = NULL;
  502. wpa_s->sme.ft_ies_len = 0;
  503. #ifdef CONFIG_IEEE80211W
  504. sme_stop_sa_query(wpa_s);
  505. #endif /* CONFIG_IEEE80211W */
  506. eloop_cancel_timeout(sme_assoc_timer, wpa_s, NULL);
  507. eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL);
  508. }
  509. #ifdef CONFIG_IEEE80211W
  510. static const unsigned int sa_query_max_timeout = 1000;
  511. static const unsigned int sa_query_retry_timeout = 201;
  512. static int sme_check_sa_query_timeout(struct wpa_supplicant *wpa_s)
  513. {
  514. u32 tu;
  515. struct os_time now, passed;
  516. os_get_time(&now);
  517. os_time_sub(&now, &wpa_s->sme.sa_query_start, &passed);
  518. tu = (passed.sec * 1000000 + passed.usec) / 1024;
  519. if (sa_query_max_timeout < tu) {
  520. wpa_dbg(wpa_s, MSG_DEBUG, "SME: SA Query timed out");
  521. sme_stop_sa_query(wpa_s);
  522. wpa_supplicant_deauthenticate(
  523. wpa_s, WLAN_REASON_PREV_AUTH_NOT_VALID);
  524. return 1;
  525. }
  526. return 0;
  527. }
  528. static void sme_send_sa_query_req(struct wpa_supplicant *wpa_s,
  529. const u8 *trans_id)
  530. {
  531. u8 req[2 + WLAN_SA_QUERY_TR_ID_LEN];
  532. wpa_dbg(wpa_s, MSG_DEBUG, "SME: Sending SA Query Request to "
  533. MACSTR, MAC2STR(wpa_s->bssid));
  534. wpa_hexdump(MSG_DEBUG, "SME: SA Query Transaction ID",
  535. trans_id, WLAN_SA_QUERY_TR_ID_LEN);
  536. req[0] = WLAN_ACTION_SA_QUERY;
  537. req[1] = WLAN_SA_QUERY_REQUEST;
  538. os_memcpy(req + 2, trans_id, WLAN_SA_QUERY_TR_ID_LEN);
  539. if (wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
  540. wpa_s->own_addr, wpa_s->bssid,
  541. req, sizeof(req)) < 0)
  542. wpa_msg(wpa_s, MSG_INFO, "SME: Failed to send SA Query "
  543. "Request");
  544. }
  545. static void sme_sa_query_timer(void *eloop_ctx, void *timeout_ctx)
  546. {
  547. struct wpa_supplicant *wpa_s = eloop_ctx;
  548. unsigned int timeout, sec, usec;
  549. u8 *trans_id, *nbuf;
  550. if (wpa_s->sme.sa_query_count > 0 &&
  551. sme_check_sa_query_timeout(wpa_s))
  552. return;
  553. nbuf = os_realloc(wpa_s->sme.sa_query_trans_id,
  554. (wpa_s->sme.sa_query_count + 1) *
  555. WLAN_SA_QUERY_TR_ID_LEN);
  556. if (nbuf == NULL)
  557. return;
  558. if (wpa_s->sme.sa_query_count == 0) {
  559. /* Starting a new SA Query procedure */
  560. os_get_time(&wpa_s->sme.sa_query_start);
  561. }
  562. trans_id = nbuf + wpa_s->sme.sa_query_count * WLAN_SA_QUERY_TR_ID_LEN;
  563. wpa_s->sme.sa_query_trans_id = nbuf;
  564. wpa_s->sme.sa_query_count++;
  565. os_get_random(trans_id, WLAN_SA_QUERY_TR_ID_LEN);
  566. timeout = sa_query_retry_timeout;
  567. sec = ((timeout / 1000) * 1024) / 1000;
  568. usec = (timeout % 1000) * 1024;
  569. eloop_register_timeout(sec, usec, sme_sa_query_timer, wpa_s, NULL);
  570. wpa_dbg(wpa_s, MSG_DEBUG, "SME: Association SA Query attempt %d",
  571. wpa_s->sme.sa_query_count);
  572. sme_send_sa_query_req(wpa_s, trans_id);
  573. }
  574. static void sme_start_sa_query(struct wpa_supplicant *wpa_s)
  575. {
  576. sme_sa_query_timer(wpa_s, NULL);
  577. }
  578. void sme_stop_sa_query(struct wpa_supplicant *wpa_s)
  579. {
  580. eloop_cancel_timeout(sme_sa_query_timer, wpa_s, NULL);
  581. os_free(wpa_s->sme.sa_query_trans_id);
  582. wpa_s->sme.sa_query_trans_id = NULL;
  583. wpa_s->sme.sa_query_count = 0;
  584. }
  585. void sme_event_unprot_disconnect(struct wpa_supplicant *wpa_s, const u8 *sa,
  586. const u8 *da, u16 reason_code)
  587. {
  588. struct wpa_ssid *ssid;
  589. if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME))
  590. return;
  591. if (wpa_s->wpa_state != WPA_COMPLETED)
  592. return;
  593. ssid = wpa_s->current_ssid;
  594. if (ssid == NULL || ssid->ieee80211w == 0)
  595. return;
  596. if (os_memcmp(sa, wpa_s->bssid, ETH_ALEN) != 0)
  597. return;
  598. if (reason_code != WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA &&
  599. reason_code != WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA)
  600. return;
  601. if (wpa_s->sme.sa_query_count > 0)
  602. return;
  603. wpa_dbg(wpa_s, MSG_DEBUG, "SME: Unprotected disconnect dropped - "
  604. "possible AP/STA state mismatch - trigger SA Query");
  605. sme_start_sa_query(wpa_s);
  606. }
  607. void sme_sa_query_rx(struct wpa_supplicant *wpa_s, const u8 *sa,
  608. const u8 *data, size_t len)
  609. {
  610. int i;
  611. if (wpa_s->sme.sa_query_trans_id == NULL ||
  612. len < 1 + WLAN_SA_QUERY_TR_ID_LEN ||
  613. data[0] != WLAN_SA_QUERY_RESPONSE)
  614. return;
  615. wpa_dbg(wpa_s, MSG_DEBUG, "SME: Received SA Query response from "
  616. MACSTR " (trans_id %02x%02x)", MAC2STR(sa), data[1], data[2]);
  617. if (os_memcmp(sa, wpa_s->bssid, ETH_ALEN) != 0)
  618. return;
  619. for (i = 0; i < wpa_s->sme.sa_query_count; i++) {
  620. if (os_memcmp(wpa_s->sme.sa_query_trans_id +
  621. i * WLAN_SA_QUERY_TR_ID_LEN,
  622. data + 1, WLAN_SA_QUERY_TR_ID_LEN) == 0)
  623. break;
  624. }
  625. if (i >= wpa_s->sme.sa_query_count) {
  626. wpa_dbg(wpa_s, MSG_DEBUG, "SME: No matching SA Query "
  627. "transaction identifier found");
  628. return;
  629. }
  630. wpa_dbg(wpa_s, MSG_DEBUG, "SME: Reply to pending SA Query received "
  631. "from " MACSTR, MAC2STR(sa));
  632. sme_stop_sa_query(wpa_s);
  633. }
  634. #endif /* CONFIG_IEEE80211W */