1 /*
2  * WPA Supplicant
3  * Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  *
8  * This file implements functions for registering and unregistering
9  * %wpa_supplicant interfaces. In addition, this file contains number of
10  * functions for managing network connections.
11  */
12 
13 #include "includes.h"
14 #ifdef CONFIG_MATCH_IFACE
15 #include <net/if.h>
16 #include <fnmatch.h>
17 #endif /* CONFIG_MATCH_IFACE */
18 
19 #include "common.h"
20 #include "crypto/random.h"
21 #include "crypto/sha1.h"
22 #include "eapol_supp/eapol_supp_sm.h"
23 #include "eap_peer/eap.h"
24 #include "eap_peer/eap_proxy.h"
25 #include "eap_server/eap_methods.h"
26 #include "rsn_supp/wpa.h"
27 #include "eloop.h"
28 #include "config.h"
29 #include "utils/ext_password.h"
30 #include "l2_packet/l2_packet.h"
31 #include "wpa_supplicant_i.h"
32 #include "driver_i.h"
33 #include "ctrl_iface.h"
34 #include "pcsc_funcs.h"
35 #include "common/version.h"
36 #include "rsn_supp/preauth.h"
37 #include "rsn_supp/pmksa_cache.h"
38 #include "common/wpa_ctrl.h"
39 #include "common/ieee802_11_common.h"
40 #include "common/ieee802_11_defs.h"
41 #include "common/hw_features_common.h"
42 #include "common/gas_server.h"
43 #include "common/dpp.h"
44 #include "common/ptksa_cache.h"
45 #include "p2p/p2p.h"
46 #include "fst/fst.h"
47 #include "bssid_ignore.h"
48 #include "wpas_glue.h"
49 #include "wps_supplicant.h"
50 #include "ibss_rsn.h"
51 #include "sme.h"
52 #include "gas_query.h"
53 #include "ap.h"
54 #include "p2p_supplicant.h"
55 #include "wifi_display.h"
56 #include "notify.h"
57 #include "bgscan.h"
58 #include "autoscan.h"
59 #include "bss.h"
60 #include "scan.h"
61 #include "offchannel.h"
62 #include "hs20_supplicant.h"
63 #include "wnm_sta.h"
64 #include "wpas_kay.h"
65 #include "mesh.h"
66 #include "dpp_supplicant.h"
67 #ifdef CONFIG_MESH
68 #include "ap/ap_config.h"
69 #include "ap/hostapd.h"
70 #endif /* CONFIG_MESH */
71 
72 const char *const wpa_supplicant_version =
73 "wpa_supplicant v" VERSION_STR "\n"
74 "Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi> and contributors";
75 
76 const char *const wpa_supplicant_license =
77 "This software may be distributed under the terms of the BSD license.\n"
78 "See README for more details.\n"
79 #ifdef EAP_TLS_OPENSSL
80 "\nThis product includes software developed by the OpenSSL Project\n"
81 "for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
82 #endif /* EAP_TLS_OPENSSL */
83 ;
84 
85 #ifndef CONFIG_NO_STDOUT_DEBUG
86 /* Long text divided into parts in order to fit in C89 strings size limits. */
87 const char *const wpa_supplicant_full_license1 =
88 "";
89 const char *const wpa_supplicant_full_license2 =
90 "This software may be distributed under the terms of the BSD license.\n"
91 "\n"
92 "Redistribution and use in source and binary forms, with or without\n"
93 "modification, are permitted provided that the following conditions are\n"
94 "met:\n"
95 "\n";
96 const char *const wpa_supplicant_full_license3 =
97 "1. Redistributions of source code must retain the above copyright\n"
98 "   notice, this list of conditions and the following disclaimer.\n"
99 "\n"
100 "2. Redistributions in binary form must reproduce the above copyright\n"
101 "   notice, this list of conditions and the following disclaimer in the\n"
102 "   documentation and/or other materials provided with the distribution.\n"
103 "\n";
104 const char *const wpa_supplicant_full_license4 =
105 "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
106 "   names of its contributors may be used to endorse or promote products\n"
107 "   derived from this software without specific prior written permission.\n"
108 "\n"
109 "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
110 "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
111 "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
112 "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
113 const char *const wpa_supplicant_full_license5 =
114 "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
115 "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
116 "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
117 "DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
118 "THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
119 "(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
120 "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
121 "\n";
122 #endif /* CONFIG_NO_STDOUT_DEBUG */
123 
124 
125 static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx, void *timeout_ctx);
126 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
127 static void wpas_update_fils_connect_params(struct wpa_supplicant *wpa_s);
128 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
129 #ifdef CONFIG_OWE
130 static void wpas_update_owe_connect_params(struct wpa_supplicant *wpa_s);
131 #endif /* CONFIG_OWE */
132 
133 
134 #ifdef CONFIG_WEP
135 /* Configure default/group WEP keys for static WEP */
wpa_set_wep_keys(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)136 int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
137 {
138 	int i, set = 0;
139 
140 	for (i = 0; i < NUM_WEP_KEYS; i++) {
141 		if (ssid->wep_key_len[i] == 0)
142 			continue;
143 
144 		set = 1;
145 		wpa_drv_set_key(wpa_s, WPA_ALG_WEP, NULL,
146 				i, i == ssid->wep_tx_keyidx, NULL, 0,
147 				ssid->wep_key[i], ssid->wep_key_len[i],
148 				i == ssid->wep_tx_keyidx ?
149 				KEY_FLAG_GROUP_RX_TX_DEFAULT :
150 				KEY_FLAG_GROUP_RX_TX);
151 	}
152 
153 	return set;
154 }
155 #endif /* CONFIG_WEP */
156 
157 
wpa_supplicant_set_wpa_none_key(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)158 int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
159 				    struct wpa_ssid *ssid)
160 {
161 	u8 key[32];
162 	size_t keylen;
163 	enum wpa_alg alg;
164 	u8 seq[6] = { 0 };
165 	int ret;
166 
167 	/* IBSS/WPA-None uses only one key (Group) for both receiving and
168 	 * sending unicast and multicast packets. */
169 
170 	if (ssid->mode != WPAS_MODE_IBSS) {
171 		wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid mode %d (not "
172 			"IBSS/ad-hoc) for WPA-None", ssid->mode);
173 		return -1;
174 	}
175 
176 	if (!ssid->psk_set) {
177 		wpa_msg(wpa_s, MSG_INFO, "WPA: No PSK configured for "
178 			"WPA-None");
179 		return -1;
180 	}
181 
182 	switch (wpa_s->group_cipher) {
183 	case WPA_CIPHER_CCMP:
184 		os_memcpy(key, ssid->psk, 16);
185 		keylen = 16;
186 		alg = WPA_ALG_CCMP;
187 		break;
188 	case WPA_CIPHER_GCMP:
189 		os_memcpy(key, ssid->psk, 16);
190 		keylen = 16;
191 		alg = WPA_ALG_GCMP;
192 		break;
193 	case WPA_CIPHER_TKIP:
194 		/* WPA-None uses the same Michael MIC key for both TX and RX */
195 		os_memcpy(key, ssid->psk, 16 + 8);
196 		os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
197 		keylen = 32;
198 		alg = WPA_ALG_TKIP;
199 		break;
200 	default:
201 		wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid group cipher %d for "
202 			"WPA-None", wpa_s->group_cipher);
203 		return -1;
204 	}
205 
206 	/* TODO: should actually remember the previously used seq#, both for TX
207 	 * and RX from each STA.. */
208 
209 	ret = wpa_drv_set_key(wpa_s, alg, NULL, 0, 1, seq, 6, key, keylen,
210 			      KEY_FLAG_GROUP_RX_TX_DEFAULT);
211 	os_memset(key, 0, sizeof(key));
212 	return ret;
213 }
214 
215 
wpa_supplicant_timeout(void * eloop_ctx,void * timeout_ctx)216 static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
217 {
218 	struct wpa_supplicant *wpa_s = eloop_ctx;
219 	const u8 *bssid = wpa_s->bssid;
220 	if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
221 	    (wpa_s->wpa_state == WPA_AUTHENTICATING ||
222 	     wpa_s->wpa_state == WPA_ASSOCIATING))
223 		bssid = wpa_s->pending_bssid;
224 	wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
225 		MAC2STR(bssid));
226 	wpa_bssid_ignore_add(wpa_s, bssid);
227 	wpas_notify_auth_timeout(wpa_s);
228 	wpa_sm_notify_disassoc(wpa_s->wpa);
229 	wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
230 	wpa_s->reassociate = 1;
231 
232 	/*
233 	 * If we timed out, the AP or the local radio may be busy.
234 	 * So, wait a second until scanning again.
235 	 */
236 	wpa_supplicant_req_scan(wpa_s, 1, 0);
237 }
238 
239 
240 /**
241  * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
242  * @wpa_s: Pointer to wpa_supplicant data
243  * @sec: Number of seconds after which to time out authentication
244  * @usec: Number of microseconds after which to time out authentication
245  *
246  * This function is used to schedule a timeout for the current authentication
247  * attempt.
248  */
wpa_supplicant_req_auth_timeout(struct wpa_supplicant * wpa_s,int sec,int usec)249 void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
250 				     int sec, int usec)
251 {
252 	if (wpa_s->conf->ap_scan == 0 &&
253 	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
254 		return;
255 
256 	wpa_dbg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
257 		"%d usec", sec, usec);
258 	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
259 	wpa_s->last_auth_timeout_sec = sec;
260 	eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
261 }
262 
263 
264 /*
265  * wpas_auth_timeout_restart - Restart and change timeout for authentication
266  * @wpa_s: Pointer to wpa_supplicant data
267  * @sec_diff: difference in seconds applied to original timeout value
268  */
wpas_auth_timeout_restart(struct wpa_supplicant * wpa_s,int sec_diff)269 void wpas_auth_timeout_restart(struct wpa_supplicant *wpa_s, int sec_diff)
270 {
271 	int new_sec = wpa_s->last_auth_timeout_sec + sec_diff;
272 
273 	if (eloop_is_timeout_registered(wpa_supplicant_timeout, wpa_s, NULL)) {
274 		wpa_dbg(wpa_s, MSG_DEBUG,
275 			"Authentication timeout restart: %d sec", new_sec);
276 		eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
277 		eloop_register_timeout(new_sec, 0, wpa_supplicant_timeout,
278 				       wpa_s, NULL);
279 	}
280 }
281 
282 
283 /**
284  * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
285  * @wpa_s: Pointer to wpa_supplicant data
286  *
287  * This function is used to cancel authentication timeout scheduled with
288  * wpa_supplicant_req_auth_timeout() and it is called when authentication has
289  * been completed.
290  */
wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant * wpa_s)291 void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
292 {
293 	wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
294 	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
295 	wpa_bssid_ignore_del(wpa_s, wpa_s->bssid);
296 	os_free(wpa_s->last_con_fail_realm);
297 	wpa_s->last_con_fail_realm = NULL;
298 	wpa_s->last_con_fail_realm_len = 0;
299 }
300 
301 
302 /**
303  * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
304  * @wpa_s: Pointer to wpa_supplicant data
305  *
306  * This function is used to configure EAPOL state machine based on the selected
307  * authentication mode.
308  */
wpa_supplicant_initiate_eapol(struct wpa_supplicant * wpa_s)309 void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
310 {
311 #ifdef IEEE8021X_EAPOL
312 	struct eapol_config eapol_conf;
313 	struct wpa_ssid *ssid = wpa_s->current_ssid;
314 
315 #ifdef CONFIG_IBSS_RSN
316 	if (ssid->mode == WPAS_MODE_IBSS &&
317 	    wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
318 	    wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
319 		/*
320 		 * RSN IBSS authentication is per-STA and we can disable the
321 		 * per-BSSID EAPOL authentication.
322 		 */
323 		eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
324 		eapol_sm_notify_eap_success(wpa_s->eapol, true);
325 		eapol_sm_notify_eap_fail(wpa_s->eapol, false);
326 		return;
327 	}
328 #endif /* CONFIG_IBSS_RSN */
329 
330 	eapol_sm_notify_eap_success(wpa_s->eapol, false);
331 	eapol_sm_notify_eap_fail(wpa_s->eapol, false);
332 
333 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
334 	    wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
335 		eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
336 	else
337 		eapol_sm_notify_portControl(wpa_s->eapol, Auto);
338 
339 	os_memset(&eapol_conf, 0, sizeof(eapol_conf));
340 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
341 		eapol_conf.accept_802_1x_keys = 1;
342 		eapol_conf.required_keys = 0;
343 		if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
344 			eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
345 		}
346 		if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
347 			eapol_conf.required_keys |=
348 				EAPOL_REQUIRE_KEY_BROADCAST;
349 		}
350 
351 		if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)
352 			eapol_conf.required_keys = 0;
353 	}
354 	eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
355 	eapol_conf.workaround = ssid->eap_workaround;
356 	eapol_conf.eap_disabled =
357 		!wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) &&
358 		wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
359 		wpa_s->key_mgmt != WPA_KEY_MGMT_WPS;
360 	eapol_conf.external_sim = wpa_s->conf->external_sim;
361 
362 #ifdef CONFIG_WPS
363 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
364 		eapol_conf.wps |= EAPOL_LOCAL_WPS_IN_USE;
365 		if (wpa_s->current_bss) {
366 			struct wpabuf *ie;
367 			ie = wpa_bss_get_vendor_ie_multi(wpa_s->current_bss,
368 							 WPS_IE_VENDOR_TYPE);
369 			if (ie) {
370 				if (wps_is_20(ie))
371 					eapol_conf.wps |=
372 						EAPOL_PEER_IS_WPS20_AP;
373 				wpabuf_free(ie);
374 			}
375 		}
376 	}
377 #endif /* CONFIG_WPS */
378 
379 	eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
380 
381 #ifdef CONFIG_MACSEC
382 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE && ssid->mka_psk_set)
383 		ieee802_1x_create_preshared_mka(wpa_s, ssid);
384 	else
385 		ieee802_1x_alloc_kay_sm(wpa_s, ssid);
386 #endif /* CONFIG_MACSEC */
387 #endif /* IEEE8021X_EAPOL */
388 }
389 
390 
391 /**
392  * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
393  * @wpa_s: Pointer to wpa_supplicant data
394  * @ssid: Configuration data for the network
395  *
396  * This function is used to configure WPA state machine and related parameters
397  * to a mode where WPA is not enabled. This is called as part of the
398  * authentication configuration when the selected network does not use WPA.
399  */
wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)400 void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
401 				       struct wpa_ssid *ssid)
402 {
403 #ifdef CONFIG_WEP
404 	int i;
405 #endif /* CONFIG_WEP */
406 
407 	if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
408 		wpa_s->key_mgmt = WPA_KEY_MGMT_WPS;
409 	else if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
410 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
411 	else
412 		wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
413 	wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
414 	wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
415 	wpa_sm_set_ap_rsnxe(wpa_s->wpa, NULL, 0);
416 	wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
417 	wpa_sm_set_assoc_rsnxe(wpa_s->wpa, NULL, 0);
418 	wpa_s->rsnxe_len = 0;
419 	wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
420 	wpa_s->group_cipher = WPA_CIPHER_NONE;
421 	wpa_s->mgmt_group_cipher = 0;
422 
423 #ifdef CONFIG_WEP
424 	for (i = 0; i < NUM_WEP_KEYS; i++) {
425 		if (ssid->wep_key_len[i] > 5) {
426 			wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
427 			wpa_s->group_cipher = WPA_CIPHER_WEP104;
428 			break;
429 		} else if (ssid->wep_key_len[i] > 0) {
430 			wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
431 			wpa_s->group_cipher = WPA_CIPHER_WEP40;
432 			break;
433 		}
434 	}
435 #endif /* CONFIG_WEP */
436 
437 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 0);
438 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
439 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
440 			 wpa_s->pairwise_cipher);
441 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
442 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
443 			 wpa_s->mgmt_group_cipher);
444 
445 	pmksa_cache_clear_current(wpa_s->wpa);
446 }
447 
448 
free_hw_features(struct wpa_supplicant * wpa_s)449 void free_hw_features(struct wpa_supplicant *wpa_s)
450 {
451 	int i;
452 	if (wpa_s->hw.modes == NULL)
453 		return;
454 
455 	for (i = 0; i < wpa_s->hw.num_modes; i++) {
456 		os_free(wpa_s->hw.modes[i].channels);
457 		os_free(wpa_s->hw.modes[i].rates);
458 	}
459 
460 	os_free(wpa_s->hw.modes);
461 	wpa_s->hw.modes = NULL;
462 }
463 
464 
free_bss_tmp_disallowed(struct wpa_supplicant * wpa_s)465 void free_bss_tmp_disallowed(struct wpa_supplicant *wpa_s)
466 {
467 	struct wpa_bss_tmp_disallowed *bss, *prev;
468 
469 	dl_list_for_each_safe(bss, prev, &wpa_s->bss_tmp_disallowed,
470 			      struct wpa_bss_tmp_disallowed, list) {
471 		eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout, wpa_s, bss);
472 		dl_list_del(&bss->list);
473 		os_free(bss);
474 	}
475 }
476 
477 
wpas_flush_fils_hlp_req(struct wpa_supplicant * wpa_s)478 void wpas_flush_fils_hlp_req(struct wpa_supplicant *wpa_s)
479 {
480 	struct fils_hlp_req *req;
481 
482 	while ((req = dl_list_first(&wpa_s->fils_hlp_req, struct fils_hlp_req,
483 				    list)) != NULL) {
484 		dl_list_del(&req->list);
485 		wpabuf_free(req->pkt);
486 		os_free(req);
487 	}
488 }
489 
490 
wpas_clear_disabled_interface(void * eloop_ctx,void * timeout_ctx)491 void wpas_clear_disabled_interface(void *eloop_ctx, void *timeout_ctx)
492 {
493 	struct wpa_supplicant *wpa_s = eloop_ctx;
494 
495 	if (wpa_s->wpa_state != WPA_INTERFACE_DISABLED)
496 		return;
497 	wpa_dbg(wpa_s, MSG_DEBUG, "Clear cached state on disabled interface");
498 	wpa_bss_flush(wpa_s);
499 }
500 
501 
502 #ifdef CONFIG_TESTING_OPTIONS
wpas_clear_driver_signal_override(struct wpa_supplicant * wpa_s)503 void wpas_clear_driver_signal_override(struct wpa_supplicant *wpa_s)
504 {
505 	struct driver_signal_override *dso;
506 
507 	while ((dso = dl_list_first(&wpa_s->drv_signal_override,
508 				    struct driver_signal_override, list))) {
509 		dl_list_del(&dso->list);
510 		os_free(dso);
511 	}
512 }
513 #endif /* CONFIG_TESTING_OPTIONS */
514 
515 
wpa_supplicant_cleanup(struct wpa_supplicant * wpa_s)516 static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
517 {
518 	int i;
519 
520 	bgscan_deinit(wpa_s);
521 	autoscan_deinit(wpa_s);
522 	scard_deinit(wpa_s->scard);
523 	wpa_s->scard = NULL;
524 	wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
525 	eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
526 	l2_packet_deinit(wpa_s->l2);
527 	wpa_s->l2 = NULL;
528 	if (wpa_s->l2_br) {
529 		l2_packet_deinit(wpa_s->l2_br);
530 		wpa_s->l2_br = NULL;
531 	}
532 #ifdef CONFIG_TESTING_OPTIONS
533 	l2_packet_deinit(wpa_s->l2_test);
534 	wpa_s->l2_test = NULL;
535 	os_free(wpa_s->get_pref_freq_list_override);
536 	wpa_s->get_pref_freq_list_override = NULL;
537 	wpabuf_free(wpa_s->last_assoc_req_wpa_ie);
538 	wpa_s->last_assoc_req_wpa_ie = NULL;
539 	os_free(wpa_s->extra_sae_rejected_groups);
540 	wpa_s->extra_sae_rejected_groups = NULL;
541 	wpabuf_free(wpa_s->rsne_override_eapol);
542 	wpa_s->rsne_override_eapol = NULL;
543 	wpabuf_free(wpa_s->rsnxe_override_assoc);
544 	wpa_s->rsnxe_override_assoc = NULL;
545 	wpabuf_free(wpa_s->rsnxe_override_eapol);
546 	wpa_s->rsnxe_override_eapol = NULL;
547 	wpas_clear_driver_signal_override(wpa_s);
548 #endif /* CONFIG_TESTING_OPTIONS */
549 
550 	if (wpa_s->conf != NULL) {
551 		struct wpa_ssid *ssid;
552 		for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
553 			wpas_notify_network_removed(wpa_s, ssid);
554 	}
555 
556 	os_free(wpa_s->confname);
557 	wpa_s->confname = NULL;
558 
559 	os_free(wpa_s->confanother);
560 	wpa_s->confanother = NULL;
561 
562 	os_free(wpa_s->last_con_fail_realm);
563 	wpa_s->last_con_fail_realm = NULL;
564 	wpa_s->last_con_fail_realm_len = 0;
565 
566 	wpa_sm_set_eapol(wpa_s->wpa, NULL);
567 	eapol_sm_deinit(wpa_s->eapol);
568 	wpa_s->eapol = NULL;
569 
570 	rsn_preauth_deinit(wpa_s->wpa);
571 
572 #ifdef CONFIG_TDLS
573 	wpa_tdls_deinit(wpa_s->wpa);
574 #endif /* CONFIG_TDLS */
575 
576 	wmm_ac_clear_saved_tspecs(wpa_s);
577 	pmksa_candidate_free(wpa_s->wpa);
578 	ptksa_cache_deinit(wpa_s->ptksa);
579 	wpa_s->ptksa = NULL;
580 	wpa_sm_deinit(wpa_s->wpa);
581 	wpa_s->wpa = NULL;
582 	wpa_bssid_ignore_clear(wpa_s);
583 
584 #ifdef CONFIG_PASN
585 	wpas_pasn_auth_stop(wpa_s);
586 #endif /* CONFIG_PASN */
587 
588 	wpa_bss_deinit(wpa_s);
589 
590 	wpa_supplicant_cancel_delayed_sched_scan(wpa_s);
591 	wpa_supplicant_cancel_scan(wpa_s);
592 	wpa_supplicant_cancel_auth_timeout(wpa_s);
593 	eloop_cancel_timeout(wpa_supplicant_stop_countermeasures, wpa_s, NULL);
594 #ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
595 	eloop_cancel_timeout(wpa_supplicant_delayed_mic_error_report,
596 			     wpa_s, NULL);
597 #endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
598 
599 	eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
600 	eloop_cancel_timeout(wpas_clear_disabled_interface, wpa_s, NULL);
601 
602 	wpas_wps_deinit(wpa_s);
603 
604 	wpabuf_free(wpa_s->pending_eapol_rx);
605 	wpa_s->pending_eapol_rx = NULL;
606 
607 #ifdef CONFIG_IBSS_RSN
608 	ibss_rsn_deinit(wpa_s->ibss_rsn);
609 	wpa_s->ibss_rsn = NULL;
610 #endif /* CONFIG_IBSS_RSN */
611 
612 	sme_deinit(wpa_s);
613 
614 #ifdef CONFIG_AP
615 	wpa_supplicant_ap_deinit(wpa_s);
616 #endif /* CONFIG_AP */
617 
618 	wpas_p2p_deinit(wpa_s);
619 
620 #ifdef CONFIG_OFFCHANNEL
621 	offchannel_deinit(wpa_s);
622 #endif /* CONFIG_OFFCHANNEL */
623 
624 	wpa_supplicant_cancel_sched_scan(wpa_s);
625 
626 	os_free(wpa_s->next_scan_freqs);
627 	wpa_s->next_scan_freqs = NULL;
628 
629 	os_free(wpa_s->manual_scan_freqs);
630 	wpa_s->manual_scan_freqs = NULL;
631 	os_free(wpa_s->select_network_scan_freqs);
632 	wpa_s->select_network_scan_freqs = NULL;
633 
634 	os_free(wpa_s->manual_sched_scan_freqs);
635 	wpa_s->manual_sched_scan_freqs = NULL;
636 
637 	wpas_mac_addr_rand_scan_clear(wpa_s, MAC_ADDR_RAND_ALL);
638 
639 	/*
640 	 * Need to remove any pending gas-query radio work before the
641 	 * gas_query_deinit() call because gas_query::work has not yet been set
642 	 * for works that have not been started. gas_query_free() will be unable
643 	 * to cancel such pending radio works and once the pending gas-query
644 	 * radio work eventually gets removed, the deinit notification call to
645 	 * gas_query_start_cb() would result in dereferencing freed memory.
646 	 */
647 	if (wpa_s->radio)
648 		radio_remove_works(wpa_s, "gas-query", 0);
649 	gas_query_deinit(wpa_s->gas);
650 	wpa_s->gas = NULL;
651 	gas_server_deinit(wpa_s->gas_server);
652 	wpa_s->gas_server = NULL;
653 
654 	free_hw_features(wpa_s);
655 
656 	ieee802_1x_dealloc_kay_sm(wpa_s);
657 
658 	os_free(wpa_s->bssid_filter);
659 	wpa_s->bssid_filter = NULL;
660 
661 	os_free(wpa_s->disallow_aps_bssid);
662 	wpa_s->disallow_aps_bssid = NULL;
663 	os_free(wpa_s->disallow_aps_ssid);
664 	wpa_s->disallow_aps_ssid = NULL;
665 
666 	wnm_bss_keep_alive_deinit(wpa_s);
667 #ifdef CONFIG_WNM
668 	wnm_deallocate_memory(wpa_s);
669 #endif /* CONFIG_WNM */
670 
671 	ext_password_deinit(wpa_s->ext_pw);
672 	wpa_s->ext_pw = NULL;
673 
674 	wpabuf_free(wpa_s->last_gas_resp);
675 	wpa_s->last_gas_resp = NULL;
676 	wpabuf_free(wpa_s->prev_gas_resp);
677 	wpa_s->prev_gas_resp = NULL;
678 
679 	os_free(wpa_s->last_scan_res);
680 	wpa_s->last_scan_res = NULL;
681 
682 #ifdef CONFIG_HS20
683 	if (wpa_s->drv_priv)
684 		wpa_drv_configure_frame_filters(wpa_s, 0);
685 	hs20_deinit(wpa_s);
686 #endif /* CONFIG_HS20 */
687 
688 	for (i = 0; i < NUM_VENDOR_ELEM_FRAMES; i++) {
689 		wpabuf_free(wpa_s->vendor_elem[i]);
690 		wpa_s->vendor_elem[i] = NULL;
691 	}
692 
693 	wmm_ac_notify_disassoc(wpa_s);
694 
695 	wpa_s->sched_scan_plans_num = 0;
696 	os_free(wpa_s->sched_scan_plans);
697 	wpa_s->sched_scan_plans = NULL;
698 
699 #ifdef CONFIG_MBO
700 	wpa_s->non_pref_chan_num = 0;
701 	os_free(wpa_s->non_pref_chan);
702 	wpa_s->non_pref_chan = NULL;
703 #endif /* CONFIG_MBO */
704 
705 	free_bss_tmp_disallowed(wpa_s);
706 
707 	wpabuf_free(wpa_s->lci);
708 	wpa_s->lci = NULL;
709 	wpas_clear_beacon_rep_data(wpa_s);
710 
711 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
712 #ifdef CONFIG_MESH
713 	{
714 		struct external_pmksa_cache *entry;
715 
716 		while ((entry = dl_list_last(&wpa_s->mesh_external_pmksa_cache,
717 					     struct external_pmksa_cache,
718 					     list)) != NULL) {
719 			dl_list_del(&entry->list);
720 			os_free(entry->pmksa_cache);
721 			os_free(entry);
722 		}
723 	}
724 #endif /* CONFIG_MESH */
725 #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
726 
727 	wpas_flush_fils_hlp_req(wpa_s);
728 
729 	wpabuf_free(wpa_s->ric_ies);
730 	wpa_s->ric_ies = NULL;
731 
732 #ifdef CONFIG_DPP
733 	wpas_dpp_deinit(wpa_s);
734 	dpp_global_deinit(wpa_s->dpp);
735 	wpa_s->dpp = NULL;
736 #endif /* CONFIG_DPP */
737 
738 #ifdef CONFIG_PASN
739 	wpas_pasn_auth_stop(wpa_s);
740 #endif /* CONFIG_PASN */
741 }
742 
743 
744 /**
745  * wpa_clear_keys - Clear keys configured for the driver
746  * @wpa_s: Pointer to wpa_supplicant data
747  * @addr: Previously used BSSID or %NULL if not available
748  *
749  * This function clears the encryption keys that has been previously configured
750  * for the driver.
751  */
wpa_clear_keys(struct wpa_supplicant * wpa_s,const u8 * addr)752 void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
753 {
754 	int i, max = 6;
755 
756 	/* MLME-DELETEKEYS.request */
757 	for (i = 0; i < max; i++) {
758 		if (wpa_s->keys_cleared & BIT(i))
759 			continue;
760 		wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, i, 0, NULL, 0,
761 				NULL, 0, KEY_FLAG_GROUP);
762 	}
763 	/* Pairwise Key ID 1 for Extended Key ID is tracked in bit 15 */
764 	if (~wpa_s->keys_cleared & (BIT(0) | BIT(15)) && addr &&
765 	    !is_zero_ether_addr(addr)) {
766 		if (!(wpa_s->keys_cleared & BIT(0)))
767 			wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL,
768 					0, NULL, 0, KEY_FLAG_PAIRWISE);
769 		if (!(wpa_s->keys_cleared & BIT(15)))
770 			wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 1, 0, NULL,
771 					0, NULL, 0, KEY_FLAG_PAIRWISE);
772 		/* MLME-SETPROTECTION.request(None) */
773 		wpa_drv_mlme_setprotection(
774 			wpa_s, addr,
775 			MLME_SETPROTECTION_PROTECT_TYPE_NONE,
776 			MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
777 	}
778 	wpa_s->keys_cleared = (u32) -1;
779 }
780 
781 
782 /**
783  * wpa_supplicant_state_txt - Get the connection state name as a text string
784  * @state: State (wpa_state; WPA_*)
785  * Returns: The state name as a printable text string
786  */
wpa_supplicant_state_txt(enum wpa_states state)787 const char * wpa_supplicant_state_txt(enum wpa_states state)
788 {
789 	switch (state) {
790 	case WPA_DISCONNECTED:
791 		return "DISCONNECTED";
792 	case WPA_INACTIVE:
793 		return "INACTIVE";
794 	case WPA_INTERFACE_DISABLED:
795 		return "INTERFACE_DISABLED";
796 	case WPA_SCANNING:
797 		return "SCANNING";
798 	case WPA_AUTHENTICATING:
799 		return "AUTHENTICATING";
800 	case WPA_ASSOCIATING:
801 		return "ASSOCIATING";
802 	case WPA_ASSOCIATED:
803 		return "ASSOCIATED";
804 	case WPA_4WAY_HANDSHAKE:
805 		return "4WAY_HANDSHAKE";
806 	case WPA_GROUP_HANDSHAKE:
807 		return "GROUP_HANDSHAKE";
808 	case WPA_COMPLETED:
809 		return "COMPLETED";
810 	default:
811 		return "UNKNOWN";
812 	}
813 }
814 
815 
816 #ifdef CONFIG_BGSCAN
817 
wpa_supplicant_stop_bgscan(struct wpa_supplicant * wpa_s)818 static void wpa_supplicant_stop_bgscan(struct wpa_supplicant *wpa_s)
819 {
820 	if (wpa_s->bgscan_ssid) {
821 		bgscan_deinit(wpa_s);
822 		wpa_s->bgscan_ssid = NULL;
823 	}
824 }
825 
826 
827 /**
828  * wpa_supplicant_reset_bgscan - Reset the bgscan for the current SSID.
829  * @wpa_s: Pointer to the wpa_supplicant data
830  *
831  * Stop, start, or reconfigure the scan parameters depending on the method.
832  */
wpa_supplicant_reset_bgscan(struct wpa_supplicant * wpa_s)833 void wpa_supplicant_reset_bgscan(struct wpa_supplicant *wpa_s)
834 {
835 	const char *name;
836 
837 	if (wpa_s->current_ssid && wpa_s->current_ssid->bgscan)
838 		name = wpa_s->current_ssid->bgscan;
839 	else
840 		name = wpa_s->conf->bgscan;
841 	if (!name || name[0] == '\0') {
842 		wpa_supplicant_stop_bgscan(wpa_s);
843 		return;
844 	}
845 	if (wpas_driver_bss_selection(wpa_s))
846 		return;
847 #ifdef CONFIG_P2P
848 	if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE)
849 		return;
850 #endif /* CONFIG_P2P */
851 
852 	bgscan_deinit(wpa_s);
853 	if (wpa_s->current_ssid) {
854 		if (bgscan_init(wpa_s, wpa_s->current_ssid, name)) {
855 			wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
856 				"bgscan");
857 			/*
858 			 * Live without bgscan; it is only used as a roaming
859 			 * optimization, so the initial connection is not
860 			 * affected.
861 			 */
862 		} else {
863 			struct wpa_scan_results *scan_res;
864 			wpa_s->bgscan_ssid = wpa_s->current_ssid;
865 			scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL,
866 								   0);
867 			if (scan_res) {
868 				bgscan_notify_scan(wpa_s, scan_res);
869 				wpa_scan_results_free(scan_res);
870 			}
871 		}
872 	} else
873 		wpa_s->bgscan_ssid = NULL;
874 }
875 
876 #endif /* CONFIG_BGSCAN */
877 
878 
wpa_supplicant_start_autoscan(struct wpa_supplicant * wpa_s)879 static void wpa_supplicant_start_autoscan(struct wpa_supplicant *wpa_s)
880 {
881 	if (autoscan_init(wpa_s, 0))
882 		wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize autoscan");
883 }
884 
885 
wpa_supplicant_stop_autoscan(struct wpa_supplicant * wpa_s)886 static void wpa_supplicant_stop_autoscan(struct wpa_supplicant *wpa_s)
887 {
888 	autoscan_deinit(wpa_s);
889 }
890 
891 
wpa_supplicant_reinit_autoscan(struct wpa_supplicant * wpa_s)892 void wpa_supplicant_reinit_autoscan(struct wpa_supplicant *wpa_s)
893 {
894 	if (wpa_s->wpa_state == WPA_DISCONNECTED ||
895 	    wpa_s->wpa_state == WPA_SCANNING) {
896 		autoscan_deinit(wpa_s);
897 		wpa_supplicant_start_autoscan(wpa_s);
898 	}
899 }
900 
901 
902 /**
903  * wpa_supplicant_set_state - Set current connection state
904  * @wpa_s: Pointer to wpa_supplicant data
905  * @state: The new connection state
906  *
907  * This function is called whenever the connection state changes, e.g.,
908  * association is completed for WPA/WPA2 4-Way Handshake is started.
909  */
wpa_supplicant_set_state(struct wpa_supplicant * wpa_s,enum wpa_states state)910 void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s,
911 			      enum wpa_states state)
912 {
913 	enum wpa_states old_state = wpa_s->wpa_state;
914 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
915 	bool update_fils_connect_params = false;
916 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
917 
918 	wpa_dbg(wpa_s, MSG_DEBUG, "State: %s -> %s",
919 		wpa_supplicant_state_txt(wpa_s->wpa_state),
920 		wpa_supplicant_state_txt(state));
921 
922 	if (state == WPA_COMPLETED &&
923 	    os_reltime_initialized(&wpa_s->roam_start)) {
924 		os_reltime_age(&wpa_s->roam_start, &wpa_s->roam_time);
925 		wpa_s->roam_start.sec = 0;
926 		wpa_s->roam_start.usec = 0;
927 		wpas_notify_auth_changed(wpa_s);
928 		wpas_notify_roam_time(wpa_s);
929 		wpas_notify_roam_complete(wpa_s);
930 	} else if (state == WPA_DISCONNECTED &&
931 		   os_reltime_initialized(&wpa_s->roam_start)) {
932 		wpa_s->roam_start.sec = 0;
933 		wpa_s->roam_start.usec = 0;
934 		wpa_s->roam_time.sec = 0;
935 		wpa_s->roam_time.usec = 0;
936 		wpas_notify_roam_complete(wpa_s);
937 	}
938 
939 	if (state == WPA_INTERFACE_DISABLED) {
940 		/* Assure normal scan when interface is restored */
941 		wpa_s->normal_scans = 0;
942 	}
943 
944 	if (state == WPA_COMPLETED) {
945 		wpas_connect_work_done(wpa_s);
946 		/* Reinitialize normal_scan counter */
947 		wpa_s->normal_scans = 0;
948 	}
949 
950 #ifdef CONFIG_P2P
951 	/*
952 	 * P2PS client has to reply to Probe Request frames received on the
953 	 * group operating channel. Enable Probe Request frame reporting for
954 	 * P2P connected client in case p2p_cli_probe configuration property is
955 	 * set to 1.
956 	 */
957 	if (wpa_s->conf->p2p_cli_probe && wpa_s->current_ssid &&
958 	    wpa_s->current_ssid->mode == WPAS_MODE_INFRA &&
959 	    wpa_s->current_ssid->p2p_group) {
960 		if (state == WPA_COMPLETED && !wpa_s->p2p_cli_probe) {
961 			wpa_dbg(wpa_s, MSG_DEBUG,
962 				"P2P: Enable CLI Probe Request RX reporting");
963 			wpa_s->p2p_cli_probe =
964 				wpa_drv_probe_req_report(wpa_s, 1) >= 0;
965 		} else if (state != WPA_COMPLETED && wpa_s->p2p_cli_probe) {
966 			wpa_dbg(wpa_s, MSG_DEBUG,
967 				"P2P: Disable CLI Probe Request RX reporting");
968 			wpa_s->p2p_cli_probe = 0;
969 			wpa_drv_probe_req_report(wpa_s, 0);
970 		}
971 	}
972 #endif /* CONFIG_P2P */
973 
974 	if (state != WPA_SCANNING)
975 		wpa_supplicant_notify_scanning(wpa_s, 0);
976 
977 	if (state == WPA_COMPLETED && wpa_s->new_connection) {
978 		struct wpa_ssid *ssid = wpa_s->current_ssid;
979 		int fils_hlp_sent = 0;
980 
981 #ifdef CONFIG_SME
982 		if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
983 		    wpa_auth_alg_fils(wpa_s->sme.auth_alg))
984 			fils_hlp_sent = 1;
985 #endif /* CONFIG_SME */
986 		if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
987 		    wpa_auth_alg_fils(wpa_s->auth_alg))
988 			fils_hlp_sent = 1;
989 
990 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
991 		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
992 			MACSTR " completed [id=%d id_str=%s%s]",
993 			MAC2STR(wpa_s->bssid),
994 			ssid ? ssid->id : -1,
995 			ssid && ssid->id_str ? ssid->id_str : "",
996 			fils_hlp_sent ? " FILS_HLP_SENT" : "");
997 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
998 		wpas_clear_temp_disabled(wpa_s, ssid, 1);
999 		wpa_s->consecutive_conn_failures = 0;
1000 		wpa_s->new_connection = 0;
1001 		wpa_drv_set_operstate(wpa_s, 1);
1002 #ifndef IEEE8021X_EAPOL
1003 		wpa_drv_set_supp_port(wpa_s, 1);
1004 #endif /* IEEE8021X_EAPOL */
1005 		wpa_s->after_wps = 0;
1006 		wpa_s->known_wps_freq = 0;
1007 		wpas_p2p_completed(wpa_s);
1008 
1009 		sme_sched_obss_scan(wpa_s, 1);
1010 
1011 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
1012 		if (!fils_hlp_sent && ssid && ssid->eap.erp)
1013 			update_fils_connect_params = true;
1014 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
1015 #ifdef CONFIG_OWE
1016 		if (ssid && (ssid->key_mgmt & WPA_KEY_MGMT_OWE))
1017 			wpas_update_owe_connect_params(wpa_s);
1018 #endif /* CONFIG_OWE */
1019 #ifdef CONFIG_HS20
1020 		hs20_configure_frame_filters(wpa_s);
1021 #endif
1022 	} else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
1023 		   state == WPA_ASSOCIATED) {
1024 		wpa_s->new_connection = 1;
1025 		wpa_drv_set_operstate(wpa_s, 0);
1026 #ifndef IEEE8021X_EAPOL
1027 		wpa_drv_set_supp_port(wpa_s, 0);
1028 #endif /* IEEE8021X_EAPOL */
1029 		sme_sched_obss_scan(wpa_s, 0);
1030 	}
1031 	wpa_s->wpa_state = state;
1032 
1033 #ifdef CONFIG_BGSCAN
1034 	if (state == WPA_COMPLETED && wpa_s->current_ssid != wpa_s->bgscan_ssid)
1035 		wpa_supplicant_reset_bgscan(wpa_s);
1036 	else if (state < WPA_ASSOCIATED)
1037 		wpa_supplicant_stop_bgscan(wpa_s);
1038 #endif /* CONFIG_BGSCAN */
1039 
1040 	if (state > WPA_SCANNING)
1041 		wpa_supplicant_stop_autoscan(wpa_s);
1042 
1043 	if (state == WPA_DISCONNECTED || state == WPA_INACTIVE)
1044 		wpa_supplicant_start_autoscan(wpa_s);
1045 
1046 	if (old_state >= WPA_ASSOCIATED && wpa_s->wpa_state < WPA_ASSOCIATED)
1047 		wmm_ac_notify_disassoc(wpa_s);
1048 
1049 	if (wpa_s->wpa_state != old_state) {
1050 		wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
1051 
1052 		/*
1053 		 * Notify the P2P Device interface about a state change in one
1054 		 * of the interfaces.
1055 		 */
1056 		wpas_p2p_indicate_state_change(wpa_s);
1057 
1058 		if (wpa_s->wpa_state == WPA_COMPLETED ||
1059 		    old_state == WPA_COMPLETED)
1060 			wpas_notify_auth_changed(wpa_s);
1061 #ifdef CONFIG_DPP2
1062 		if (wpa_s->wpa_state == WPA_COMPLETED)
1063 			wpas_dpp_connected(wpa_s);
1064 #endif /* CONFIG_DPP2 */
1065 	}
1066 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
1067 	if (update_fils_connect_params)
1068 		wpas_update_fils_connect_params(wpa_s);
1069 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
1070 }
1071 
1072 
wpa_supplicant_terminate_proc(struct wpa_global * global)1073 void wpa_supplicant_terminate_proc(struct wpa_global *global)
1074 {
1075 	int pending = 0;
1076 #ifdef CONFIG_WPS
1077 	struct wpa_supplicant *wpa_s = global->ifaces;
1078 	while (wpa_s) {
1079 		struct wpa_supplicant *next = wpa_s->next;
1080 		if (wpas_wps_terminate_pending(wpa_s) == 1)
1081 			pending = 1;
1082 #ifdef CONFIG_P2P
1083 		if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE ||
1084 		    (wpa_s->current_ssid && wpa_s->current_ssid->p2p_group))
1085 			wpas_p2p_disconnect(wpa_s);
1086 #endif /* CONFIG_P2P */
1087 		wpa_s = next;
1088 	}
1089 #endif /* CONFIG_WPS */
1090 	if (pending)
1091 		return;
1092 	eloop_terminate();
1093 }
1094 
1095 
wpa_supplicant_terminate(int sig,void * signal_ctx)1096 static void wpa_supplicant_terminate(int sig, void *signal_ctx)
1097 {
1098 	struct wpa_global *global = signal_ctx;
1099 	wpa_supplicant_terminate_proc(global);
1100 }
1101 
1102 
wpa_supplicant_clear_status(struct wpa_supplicant * wpa_s)1103 void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
1104 {
1105 	enum wpa_states old_state = wpa_s->wpa_state;
1106 	enum wpa_states new_state;
1107 
1108 	if (old_state == WPA_SCANNING)
1109 		new_state = WPA_SCANNING;
1110 	else
1111 		new_state = WPA_DISCONNECTED;
1112 
1113 	wpa_s->pairwise_cipher = 0;
1114 	wpa_s->group_cipher = 0;
1115 	wpa_s->mgmt_group_cipher = 0;
1116 	wpa_s->key_mgmt = 0;
1117 	if (wpa_s->wpa_state != WPA_INTERFACE_DISABLED)
1118 		wpa_supplicant_set_state(wpa_s, new_state);
1119 
1120 	if (wpa_s->wpa_state != old_state)
1121 		wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
1122 }
1123 
1124 
1125 /**
1126  * wpa_supplicant_reload_configuration - Reload configuration data
1127  * @wpa_s: Pointer to wpa_supplicant data
1128  * Returns: 0 on success or -1 if configuration parsing failed
1129  *
1130  * This function can be used to request that the configuration data is reloaded
1131  * (e.g., after configuration file change). This function is reloading
1132  * configuration only for one interface, so this may need to be called multiple
1133  * times if %wpa_supplicant is controlling multiple interfaces and all
1134  * interfaces need reconfiguration.
1135  */
wpa_supplicant_reload_configuration(struct wpa_supplicant * wpa_s)1136 int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
1137 {
1138 	struct wpa_config *conf;
1139 	int reconf_ctrl;
1140 	int old_ap_scan;
1141 
1142 	if (wpa_s->confname == NULL)
1143 		return -1;
1144 	conf = wpa_config_read(wpa_s->confname, NULL);
1145 	if (conf == NULL) {
1146 		wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
1147 			"file '%s' - exiting", wpa_s->confname);
1148 		return -1;
1149 	}
1150 	if (wpa_s->confanother &&
1151 	    !wpa_config_read(wpa_s->confanother, conf)) {
1152 		wpa_msg(wpa_s, MSG_ERROR,
1153 			"Failed to parse the configuration file '%s' - exiting",
1154 			wpa_s->confanother);
1155 		return -1;
1156 	}
1157 
1158 	conf->changed_parameters = (unsigned int) -1;
1159 
1160 	reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
1161 		|| (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
1162 		    os_strcmp(conf->ctrl_interface,
1163 			      wpa_s->conf->ctrl_interface) != 0);
1164 
1165 	if (reconf_ctrl) {
1166 		wpa_supplicant_ctrl_iface_deinit(wpa_s, wpa_s->ctrl_iface);
1167 		wpa_s->ctrl_iface = NULL;
1168 	}
1169 
1170 	eapol_sm_invalidate_cached_session(wpa_s->eapol);
1171 	if (wpa_s->current_ssid) {
1172 		if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
1173 			wpa_s->own_disconnect_req = 1;
1174 		wpa_supplicant_deauthenticate(wpa_s,
1175 					      WLAN_REASON_DEAUTH_LEAVING);
1176 	}
1177 
1178 	/*
1179 	 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
1180 	 * pkcs11_engine_path, pkcs11_module_path, openssl_ciphers.
1181 	 */
1182 	if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
1183 	    wpa_s->key_mgmt == WPA_KEY_MGMT_OWE ||
1184 	    wpa_s->key_mgmt == WPA_KEY_MGMT_DPP) {
1185 		/*
1186 		 * Clear forced success to clear EAP state for next
1187 		 * authentication.
1188 		 */
1189 		eapol_sm_notify_eap_success(wpa_s->eapol, false);
1190 	}
1191 	eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1192 	wpa_sm_set_config(wpa_s->wpa, NULL);
1193 	wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
1194 	wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
1195 	rsn_preauth_deinit(wpa_s->wpa);
1196 
1197 	old_ap_scan = wpa_s->conf->ap_scan;
1198 	wpa_config_free(wpa_s->conf);
1199 	wpa_s->conf = conf;
1200 	if (old_ap_scan != wpa_s->conf->ap_scan)
1201 		wpas_notify_ap_scan_changed(wpa_s);
1202 
1203 	if (reconf_ctrl)
1204 		wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
1205 
1206 	wpa_supplicant_update_config(wpa_s);
1207 
1208 	wpa_supplicant_clear_status(wpa_s);
1209 	if (wpa_supplicant_enabled_networks(wpa_s)) {
1210 		wpa_s->reassociate = 1;
1211 		wpa_supplicant_req_scan(wpa_s, 0, 0);
1212 	}
1213 	wpa_bssid_ignore_clear(wpa_s);
1214 	wpa_dbg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
1215 	return 0;
1216 }
1217 
1218 
wpa_supplicant_reconfig(int sig,void * signal_ctx)1219 static void wpa_supplicant_reconfig(int sig, void *signal_ctx)
1220 {
1221 	struct wpa_global *global = signal_ctx;
1222 	struct wpa_supplicant *wpa_s;
1223 	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
1224 		wpa_dbg(wpa_s, MSG_DEBUG, "Signal %d received - reconfiguring",
1225 			sig);
1226 		if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
1227 			wpa_supplicant_terminate_proc(global);
1228 		}
1229 	}
1230 
1231 	if (wpa_debug_reopen_file() < 0) {
1232 		/* Ignore errors since we cannot really do much to fix this */
1233 		wpa_printf(MSG_DEBUG, "Could not reopen debug log file");
1234 	}
1235 }
1236 
1237 
wpa_supplicant_suites_from_ai(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,struct wpa_ie_data * ie)1238 static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
1239 					 struct wpa_ssid *ssid,
1240 					 struct wpa_ie_data *ie)
1241 {
1242 	int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
1243 	if (ret) {
1244 		if (ret == -2) {
1245 			wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
1246 				"from association info");
1247 		}
1248 		return -1;
1249 	}
1250 
1251 	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set "
1252 		"cipher suites");
1253 	if (!(ie->group_cipher & ssid->group_cipher)) {
1254 		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
1255 			"cipher 0x%x (mask 0x%x) - reject",
1256 			ie->group_cipher, ssid->group_cipher);
1257 		return -1;
1258 	}
1259 	if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
1260 		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
1261 			"cipher 0x%x (mask 0x%x) - reject",
1262 			ie->pairwise_cipher, ssid->pairwise_cipher);
1263 		return -1;
1264 	}
1265 	if (!(ie->key_mgmt & ssid->key_mgmt)) {
1266 		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
1267 			"management 0x%x (mask 0x%x) - reject",
1268 			ie->key_mgmt, ssid->key_mgmt);
1269 		return -1;
1270 	}
1271 
1272 	if (!(ie->capabilities & WPA_CAPABILITY_MFPC) &&
1273 	    wpas_get_ssid_pmf(wpa_s, ssid) == MGMT_FRAME_PROTECTION_REQUIRED) {
1274 		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
1275 			"that does not support management frame protection - "
1276 			"reject");
1277 		return -1;
1278 	}
1279 
1280 	return 0;
1281 }
1282 
1283 
matching_ciphers(struct wpa_ssid * ssid,struct wpa_ie_data * ie,int freq)1284 static int matching_ciphers(struct wpa_ssid *ssid, struct wpa_ie_data *ie,
1285 			    int freq)
1286 {
1287 	if (!ie->has_group)
1288 		ie->group_cipher = wpa_default_rsn_cipher(freq);
1289 	if (!ie->has_pairwise)
1290 		ie->pairwise_cipher = wpa_default_rsn_cipher(freq);
1291 	return (ie->group_cipher & ssid->group_cipher) &&
1292 		(ie->pairwise_cipher & ssid->pairwise_cipher);
1293 }
1294 
1295 
1296 /**
1297  * wpa_supplicant_set_suites - Set authentication and encryption parameters
1298  * @wpa_s: Pointer to wpa_supplicant data
1299  * @bss: Scan results for the selected BSS, or %NULL if not available
1300  * @ssid: Configuration data for the selected network
1301  * @wpa_ie: Buffer for the WPA/RSN IE
1302  * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
1303  * used buffer length in case the functions returns success.
1304  * Returns: 0 on success or -1 on failure
1305  *
1306  * This function is used to configure authentication and encryption parameters
1307  * based on the network configuration and scan result for the selected BSS (if
1308  * available).
1309  */
wpa_supplicant_set_suites(struct wpa_supplicant * wpa_s,struct wpa_bss * bss,struct wpa_ssid * ssid,u8 * wpa_ie,size_t * wpa_ie_len)1310 int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
1311 			      struct wpa_bss *bss, struct wpa_ssid *ssid,
1312 			      u8 *wpa_ie, size_t *wpa_ie_len)
1313 {
1314 	struct wpa_ie_data ie;
1315 	int sel, proto, sae_pwe;
1316 	const u8 *bss_wpa, *bss_rsn, *bss_rsnx, *bss_osen;
1317 
1318 	if (bss) {
1319 		bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
1320 		bss_rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
1321 		bss_rsnx = wpa_bss_get_ie(bss, WLAN_EID_RSNX);
1322 		bss_osen = wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE);
1323 	} else {
1324 		bss_wpa = bss_rsn = bss_rsnx = bss_osen = NULL;
1325 	}
1326 
1327 	if (bss_rsn && (ssid->proto & WPA_PROTO_RSN) &&
1328 	    wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
1329 	    matching_ciphers(ssid, &ie, bss->freq) &&
1330 	    (ie.key_mgmt & ssid->key_mgmt)) {
1331 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
1332 		proto = WPA_PROTO_RSN;
1333 	} else if (bss_wpa && (ssid->proto & WPA_PROTO_WPA) &&
1334 		   wpa_parse_wpa_ie(bss_wpa, 2 + bss_wpa[1], &ie) == 0 &&
1335 		   (ie.group_cipher & ssid->group_cipher) &&
1336 		   (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1337 		   (ie.key_mgmt & ssid->key_mgmt)) {
1338 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
1339 		proto = WPA_PROTO_WPA;
1340 #ifdef CONFIG_HS20
1341 	} else if (bss_osen && (ssid->proto & WPA_PROTO_OSEN) &&
1342 		   wpa_parse_wpa_ie(bss_osen, 2 + bss_osen[1], &ie) == 0 &&
1343 		   (ie.group_cipher & ssid->group_cipher) &&
1344 		   (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1345 		   (ie.key_mgmt & ssid->key_mgmt)) {
1346 		wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: using OSEN");
1347 		proto = WPA_PROTO_OSEN;
1348 	} else if (bss_rsn && (ssid->proto & WPA_PROTO_OSEN) &&
1349 	    wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
1350 	    (ie.group_cipher & ssid->group_cipher) &&
1351 	    (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1352 	    (ie.key_mgmt & ssid->key_mgmt)) {
1353 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using OSEN (within RSN)");
1354 		proto = WPA_PROTO_RSN;
1355 #endif /* CONFIG_HS20 */
1356 	} else if (bss) {
1357 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
1358 		wpa_dbg(wpa_s, MSG_DEBUG,
1359 			"WPA: ssid proto=0x%x pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1360 			ssid->proto, ssid->pairwise_cipher, ssid->group_cipher,
1361 			ssid->key_mgmt);
1362 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: BSS " MACSTR " ssid='%s'%s%s%s",
1363 			MAC2STR(bss->bssid),
1364 			wpa_ssid_txt(bss->ssid, bss->ssid_len),
1365 			bss_wpa ? " WPA" : "",
1366 			bss_rsn ? " RSN" : "",
1367 			bss_osen ? " OSEN" : "");
1368 		if (bss_rsn) {
1369 			wpa_hexdump(MSG_DEBUG, "RSN", bss_rsn, 2 + bss_rsn[1]);
1370 			if (wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie)) {
1371 				wpa_dbg(wpa_s, MSG_DEBUG,
1372 					"Could not parse RSN element");
1373 			} else {
1374 				wpa_dbg(wpa_s, MSG_DEBUG,
1375 					"RSN: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1376 					ie.pairwise_cipher, ie.group_cipher,
1377 					ie.key_mgmt);
1378 			}
1379 		}
1380 		if (bss_wpa) {
1381 			wpa_hexdump(MSG_DEBUG, "WPA", bss_wpa, 2 + bss_wpa[1]);
1382 			if (wpa_parse_wpa_ie(bss_wpa, 2 + bss_wpa[1], &ie)) {
1383 				wpa_dbg(wpa_s, MSG_DEBUG,
1384 					"Could not parse WPA element");
1385 			} else {
1386 				wpa_dbg(wpa_s, MSG_DEBUG,
1387 					"WPA: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1388 					ie.pairwise_cipher, ie.group_cipher,
1389 					ie.key_mgmt);
1390 			}
1391 		}
1392 		return -1;
1393 	} else {
1394 		if (ssid->proto & WPA_PROTO_OSEN)
1395 			proto = WPA_PROTO_OSEN;
1396 		else if (ssid->proto & WPA_PROTO_RSN)
1397 			proto = WPA_PROTO_RSN;
1398 		else
1399 			proto = WPA_PROTO_WPA;
1400 		if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
1401 			os_memset(&ie, 0, sizeof(ie));
1402 			ie.group_cipher = ssid->group_cipher;
1403 			ie.pairwise_cipher = ssid->pairwise_cipher;
1404 			ie.key_mgmt = ssid->key_mgmt;
1405 			ie.mgmt_group_cipher = 0;
1406 			if (ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
1407 				if (ssid->group_mgmt_cipher &
1408 				    WPA_CIPHER_BIP_GMAC_256)
1409 					ie.mgmt_group_cipher =
1410 						WPA_CIPHER_BIP_GMAC_256;
1411 				else if (ssid->group_mgmt_cipher &
1412 					 WPA_CIPHER_BIP_CMAC_256)
1413 					ie.mgmt_group_cipher =
1414 						WPA_CIPHER_BIP_CMAC_256;
1415 				else if (ssid->group_mgmt_cipher &
1416 					 WPA_CIPHER_BIP_GMAC_128)
1417 					ie.mgmt_group_cipher =
1418 						WPA_CIPHER_BIP_GMAC_128;
1419 				else
1420 					ie.mgmt_group_cipher =
1421 						WPA_CIPHER_AES_128_CMAC;
1422 			}
1423 #ifdef CONFIG_OWE
1424 			if ((ssid->key_mgmt & WPA_KEY_MGMT_OWE) &&
1425 			    !ssid->owe_only &&
1426 			    !bss_wpa && !bss_rsn && !bss_osen) {
1427 				wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1428 				wpa_s->wpa_proto = 0;
1429 				*wpa_ie_len = 0;
1430 				return 0;
1431 			}
1432 #endif /* CONFIG_OWE */
1433 			wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Set cipher suites "
1434 				"based on configuration");
1435 		} else
1436 			proto = ie.proto;
1437 	}
1438 
1439 	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected cipher suites: group %d "
1440 		"pairwise %d key_mgmt %d proto %d",
1441 		ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
1442 	if (ssid->ieee80211w) {
1443 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
1444 			ie.mgmt_group_cipher);
1445 	}
1446 
1447 	wpa_s->wpa_proto = proto;
1448 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
1449 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
1450 			 !!(ssid->proto & (WPA_PROTO_RSN | WPA_PROTO_OSEN)));
1451 
1452 	if (bss || !wpa_s->ap_ies_from_associnfo) {
1453 		if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
1454 					 bss_wpa ? 2 + bss_wpa[1] : 0) ||
1455 		    wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
1456 					 bss_rsn ? 2 + bss_rsn[1] : 0) ||
1457 		    wpa_sm_set_ap_rsnxe(wpa_s->wpa, bss_rsnx,
1458 					bss_rsnx ? 2 + bss_rsnx[1] : 0))
1459 			return -1;
1460 	}
1461 
1462 #ifdef CONFIG_NO_WPA
1463 	wpa_s->group_cipher = WPA_CIPHER_NONE;
1464 	wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
1465 #else /* CONFIG_NO_WPA */
1466 	sel = ie.group_cipher & ssid->group_cipher;
1467 	wpa_dbg(wpa_s, MSG_DEBUG,
1468 		"WPA: AP group 0x%x network profile group 0x%x; available group 0x%x",
1469 		ie.group_cipher, ssid->group_cipher, sel);
1470 	wpa_s->group_cipher = wpa_pick_group_cipher(sel);
1471 	if (wpa_s->group_cipher < 0) {
1472 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select group "
1473 			"cipher");
1474 		return -1;
1475 	}
1476 	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK %s",
1477 		wpa_cipher_txt(wpa_s->group_cipher));
1478 
1479 	sel = ie.pairwise_cipher & ssid->pairwise_cipher;
1480 	wpa_dbg(wpa_s, MSG_DEBUG,
1481 		"WPA: AP pairwise 0x%x network profile pairwise 0x%x; available pairwise 0x%x",
1482 		ie.pairwise_cipher, ssid->pairwise_cipher, sel);
1483 	wpa_s->pairwise_cipher = wpa_pick_pairwise_cipher(sel, 1);
1484 	if (wpa_s->pairwise_cipher < 0) {
1485 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select pairwise "
1486 			"cipher");
1487 		return -1;
1488 	}
1489 	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK %s",
1490 		wpa_cipher_txt(wpa_s->pairwise_cipher));
1491 #endif /* CONFIG_NO_WPA */
1492 
1493 	sel = ie.key_mgmt & ssid->key_mgmt;
1494 #ifdef CONFIG_SAE
1495 	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE))
1496 		sel &= ~(WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE);
1497 #endif /* CONFIG_SAE */
1498 #ifdef CONFIG_IEEE80211R
1499 	if (!(wpa_s->drv_flags & (WPA_DRIVER_FLAGS_SME |
1500 				  WPA_DRIVER_FLAGS_UPDATE_FT_IES)))
1501 		sel &= ~WPA_KEY_MGMT_FT;
1502 #endif /* CONFIG_IEEE80211R */
1503 	wpa_dbg(wpa_s, MSG_DEBUG,
1504 		"WPA: AP key_mgmt 0x%x network profile key_mgmt 0x%x; available key_mgmt 0x%x",
1505 		ie.key_mgmt, ssid->key_mgmt, sel);
1506 	if (0) {
1507 #ifdef CONFIG_IEEE80211R
1508 #ifdef CONFIG_SHA384
1509 	} else if ((sel & WPA_KEY_MGMT_FT_IEEE8021X_SHA384) &&
1510 		   os_strcmp(wpa_supplicant_get_eap_mode(wpa_s), "LEAP") != 0) {
1511 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
1512 		wpa_dbg(wpa_s, MSG_DEBUG,
1513 			"WPA: using KEY_MGMT FT/802.1X-SHA384");
1514 		if (!ssid->ft_eap_pmksa_caching &&
1515 		    pmksa_cache_get_current(wpa_s->wpa)) {
1516 			/* PMKSA caching with FT may have interoperability
1517 			 * issues, so disable that case by default for now. */
1518 			wpa_dbg(wpa_s, MSG_DEBUG,
1519 				"WPA: Disable PMKSA caching for FT/802.1X connection");
1520 			pmksa_cache_clear_current(wpa_s->wpa);
1521 		}
1522 #endif /* CONFIG_SHA384 */
1523 #endif /* CONFIG_IEEE80211R */
1524 #ifdef CONFIG_SUITEB192
1525 	} else if (sel & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
1526 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B_192;
1527 		wpa_dbg(wpa_s, MSG_DEBUG,
1528 			"WPA: using KEY_MGMT 802.1X with Suite B (192-bit)");
1529 #endif /* CONFIG_SUITEB192 */
1530 #ifdef CONFIG_SUITEB
1531 	} else if (sel & WPA_KEY_MGMT_IEEE8021X_SUITE_B) {
1532 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B;
1533 		wpa_dbg(wpa_s, MSG_DEBUG,
1534 			"WPA: using KEY_MGMT 802.1X with Suite B");
1535 #endif /* CONFIG_SUITEB */
1536 #ifdef CONFIG_FILS
1537 #ifdef CONFIG_IEEE80211R
1538 	} else if (sel & WPA_KEY_MGMT_FT_FILS_SHA384) {
1539 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384;
1540 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA384");
1541 	} else if (sel & WPA_KEY_MGMT_FT_FILS_SHA256) {
1542 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256;
1543 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA256");
1544 #endif /* CONFIG_IEEE80211R */
1545 	} else if (sel & WPA_KEY_MGMT_FILS_SHA384) {
1546 		wpa_s->key_mgmt = WPA_KEY_MGMT_FILS_SHA384;
1547 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FILS-SHA384");
1548 	} else if (sel & WPA_KEY_MGMT_FILS_SHA256) {
1549 		wpa_s->key_mgmt = WPA_KEY_MGMT_FILS_SHA256;
1550 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FILS-SHA256");
1551 #endif /* CONFIG_FILS */
1552 #ifdef CONFIG_IEEE80211R
1553 	} else if ((sel & WPA_KEY_MGMT_FT_IEEE8021X) &&
1554 		   os_strcmp(wpa_supplicant_get_eap_mode(wpa_s), "LEAP") != 0) {
1555 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
1556 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
1557 		if (!ssid->ft_eap_pmksa_caching &&
1558 		    pmksa_cache_get_current(wpa_s->wpa)) {
1559 			/* PMKSA caching with FT may have interoperability
1560 			 * issues, so disable that case by default for now. */
1561 			wpa_dbg(wpa_s, MSG_DEBUG,
1562 				"WPA: Disable PMKSA caching for FT/802.1X connection");
1563 			pmksa_cache_clear_current(wpa_s->wpa);
1564 		}
1565 #endif /* CONFIG_IEEE80211R */
1566 #ifdef CONFIG_DPP
1567 	} else if (sel & WPA_KEY_MGMT_DPP) {
1568 		wpa_s->key_mgmt = WPA_KEY_MGMT_DPP;
1569 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT DPP");
1570 #endif /* CONFIG_DPP */
1571 #ifdef CONFIG_SAE
1572 	} else if (sel & WPA_KEY_MGMT_FT_SAE) {
1573 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_SAE;
1574 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT FT/SAE");
1575 	} else if (sel & WPA_KEY_MGMT_SAE) {
1576 		wpa_s->key_mgmt = WPA_KEY_MGMT_SAE;
1577 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT SAE");
1578 #endif /* CONFIG_SAE */
1579 #ifdef CONFIG_IEEE80211R
1580 	} else if (sel & WPA_KEY_MGMT_FT_PSK) {
1581 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
1582 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
1583 #endif /* CONFIG_IEEE80211R */
1584 	} else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA256) {
1585 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
1586 		wpa_dbg(wpa_s, MSG_DEBUG,
1587 			"WPA: using KEY_MGMT 802.1X with SHA256");
1588 	} else if (sel & WPA_KEY_MGMT_PSK_SHA256) {
1589 		wpa_s->key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
1590 		wpa_dbg(wpa_s, MSG_DEBUG,
1591 			"WPA: using KEY_MGMT PSK with SHA256");
1592 	} else if (sel & WPA_KEY_MGMT_IEEE8021X) {
1593 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
1594 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
1595 	} else if (sel & WPA_KEY_MGMT_PSK) {
1596 		wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
1597 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
1598 	} else if (sel & WPA_KEY_MGMT_WPA_NONE) {
1599 		wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
1600 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
1601 #ifdef CONFIG_HS20
1602 	} else if (sel & WPA_KEY_MGMT_OSEN) {
1603 		wpa_s->key_mgmt = WPA_KEY_MGMT_OSEN;
1604 		wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: using KEY_MGMT OSEN");
1605 #endif /* CONFIG_HS20 */
1606 #ifdef CONFIG_OWE
1607 	} else if (sel & WPA_KEY_MGMT_OWE) {
1608 		wpa_s->key_mgmt = WPA_KEY_MGMT_OWE;
1609 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT OWE");
1610 #endif /* CONFIG_OWE */
1611 	} else {
1612 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select "
1613 			"authenticated key management type");
1614 		return -1;
1615 	}
1616 
1617 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
1618 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
1619 			 wpa_s->pairwise_cipher);
1620 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
1621 
1622 	if (!(ie.capabilities & WPA_CAPABILITY_MFPC) &&
1623 	    wpas_get_ssid_pmf(wpa_s, ssid) == MGMT_FRAME_PROTECTION_REQUIRED) {
1624 		wpa_msg(wpa_s, MSG_INFO,
1625 			"RSN: Management frame protection required but the selected AP does not enable it");
1626 		return -1;
1627 	}
1628 
1629 	sel = ie.mgmt_group_cipher;
1630 	if (ssid->group_mgmt_cipher)
1631 		sel &= ssid->group_mgmt_cipher;
1632 	if (wpas_get_ssid_pmf(wpa_s, ssid) == NO_MGMT_FRAME_PROTECTION ||
1633 	    !(ie.capabilities & WPA_CAPABILITY_MFPC))
1634 		sel = 0;
1635 	wpa_dbg(wpa_s, MSG_DEBUG,
1636 		"WPA: AP mgmt_group_cipher 0x%x network profile mgmt_group_cipher 0x%x; available mgmt_group_cipher 0x%x",
1637 		ie.mgmt_group_cipher, ssid->group_mgmt_cipher, sel);
1638 	if (sel & WPA_CIPHER_AES_128_CMAC) {
1639 		wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
1640 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1641 			"AES-128-CMAC");
1642 	} else if (sel & WPA_CIPHER_BIP_GMAC_128) {
1643 		wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_GMAC_128;
1644 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1645 			"BIP-GMAC-128");
1646 	} else if (sel & WPA_CIPHER_BIP_GMAC_256) {
1647 		wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_GMAC_256;
1648 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1649 			"BIP-GMAC-256");
1650 	} else if (sel & WPA_CIPHER_BIP_CMAC_256) {
1651 		wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_CMAC_256;
1652 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1653 			"BIP-CMAC-256");
1654 	} else {
1655 		wpa_s->mgmt_group_cipher = 0;
1656 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
1657 	}
1658 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
1659 			 wpa_s->mgmt_group_cipher);
1660 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP,
1661 			 wpas_get_ssid_pmf(wpa_s, ssid));
1662 #ifdef CONFIG_OCV
1663 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) ||
1664 	    (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_OCV))
1665 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCV, ssid->ocv);
1666 #endif /* CONFIG_OCV */
1667 	sae_pwe = wpa_s->conf->sae_pwe;
1668 	if (ssid->sae_password_id && sae_pwe != 3)
1669 		sae_pwe = 1;
1670 	if (bss && is_6ghz_freq(bss->freq)) {
1671 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: force hash-to-element mode for 6GHz BSS.");
1672 		sae_pwe = 1;
1673 	}
1674 #ifdef CONFIG_TESTING_OPTIONS
1675 	if (wpa_s->force_hunting_and_pecking_pwe) {
1676 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: force hunting and pecking mode.");
1677 		sae_pwe = 0;
1678 	}
1679 #endif
1680 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_SAE_PWE, sae_pwe);
1681 #ifdef CONFIG_SAE_PK
1682 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_SAE_PK,
1683 			 wpa_key_mgmt_sae(ssid->key_mgmt) &&
1684 			 ssid->sae_pk != SAE_PK_MODE_DISABLED &&
1685 			 ((ssid->sae_password &&
1686 			   sae_pk_valid_password(ssid->sae_password)) ||
1687 			  (!ssid->sae_password && ssid->passphrase &&
1688 			   sae_pk_valid_password(ssid->passphrase))));
1689 #endif /* CONFIG_SAE_PK */
1690 #ifdef CONFIG_TESTING_OPTIONS
1691 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_FT_RSNXE_USED,
1692 			 wpa_s->ft_rsnxe_used);
1693 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCI_FREQ_EAPOL,
1694 			 wpa_s->oci_freq_override_eapol);
1695 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCI_FREQ_EAPOL_G2,
1696 			 wpa_s->oci_freq_override_eapol_g2);
1697 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCI_FREQ_FT_ASSOC,
1698 			 wpa_s->oci_freq_override_ft_assoc);
1699 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCI_FREQ_FILS_ASSOC,
1700 			 wpa_s->oci_freq_override_fils_assoc);
1701 #endif /* CONFIG_TESTING_OPTIONS */
1702 
1703 	/* Extended Key ID is only supported in infrastructure BSS so far */
1704 	if (ssid->mode == WPAS_MODE_INFRA && wpa_s->conf->extended_key_id &&
1705 	    (ssid->proto & WPA_PROTO_RSN) &&
1706 	    ssid->pairwise_cipher & (WPA_CIPHER_CCMP | WPA_CIPHER_CCMP_256 |
1707 				     WPA_CIPHER_GCMP | WPA_CIPHER_GCMP_256) &&
1708 	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_EXTENDED_KEY_ID)) {
1709 		int use_ext_key_id = 0;
1710 
1711 		wpa_msg(wpa_s, MSG_DEBUG,
1712 			"WPA: Enable Extended Key ID support");
1713 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_EXT_KEY_ID,
1714 				 wpa_s->conf->extended_key_id);
1715 		if (bss_rsn &&
1716 		    wpa_s->conf->extended_key_id &&
1717 		    wpa_s->pairwise_cipher != WPA_CIPHER_TKIP &&
1718 		    (ie.capabilities & WPA_CAPABILITY_EXT_KEY_ID_FOR_UNICAST))
1719 			use_ext_key_id = 1;
1720 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_USE_EXT_KEY_ID,
1721 				 use_ext_key_id);
1722 	} else {
1723 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_EXT_KEY_ID, 0);
1724 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_USE_EXT_KEY_ID, 0);
1725 	}
1726 
1727 	if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
1728 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to generate WPA IE");
1729 		return -1;
1730 	}
1731 
1732 	wpa_s->rsnxe_len = sizeof(wpa_s->rsnxe);
1733 	if (wpa_sm_set_assoc_rsnxe_default(wpa_s->wpa, wpa_s->rsnxe,
1734 					   &wpa_s->rsnxe_len)) {
1735 		wpa_msg(wpa_s, MSG_WARNING, "RSN: Failed to generate RSNXE");
1736 		return -1;
1737 	}
1738 
1739 	if (0) {
1740 #ifdef CONFIG_DPP
1741 	} else if (wpa_s->key_mgmt == WPA_KEY_MGMT_DPP) {
1742 		/* Use PMK from DPP network introduction (PMKSA entry) */
1743 		wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
1744 #ifdef CONFIG_DPP2
1745 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_DPP_PFS, ssid->dpp_pfs);
1746 #endif /* CONFIG_DPP2 */
1747 #endif /* CONFIG_DPP */
1748 	} else if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt)) {
1749 		int psk_set = 0;
1750 		int sae_only;
1751 
1752 		sae_only = (ssid->key_mgmt & (WPA_KEY_MGMT_PSK |
1753 					      WPA_KEY_MGMT_FT_PSK |
1754 					      WPA_KEY_MGMT_PSK_SHA256)) == 0;
1755 
1756 		if (ssid->psk_set && !sae_only) {
1757 			wpa_hexdump_key(MSG_MSGDUMP, "PSK (set in config)",
1758 					ssid->psk, PMK_LEN);
1759 			wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN, NULL,
1760 				       NULL);
1761 			psk_set = 1;
1762 		}
1763 
1764 		if (wpa_key_mgmt_sae(ssid->key_mgmt) &&
1765 		    (ssid->sae_password || ssid->passphrase))
1766 			psk_set = 1;
1767 
1768 #ifndef CONFIG_NO_PBKDF2
1769 		if (bss && ssid->bssid_set && ssid->ssid_len == 0 &&
1770 		    ssid->passphrase && !sae_only) {
1771 			u8 psk[PMK_LEN];
1772 		        pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len,
1773 				    4096, psk, PMK_LEN);
1774 		        wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
1775 					psk, PMK_LEN);
1776 			wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL, NULL);
1777 			psk_set = 1;
1778 			os_memset(psk, 0, sizeof(psk));
1779 		}
1780 #endif /* CONFIG_NO_PBKDF2 */
1781 #ifdef CONFIG_EXT_PASSWORD
1782 		if (ssid->ext_psk && !sae_only) {
1783 			struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
1784 							     ssid->ext_psk);
1785 			char pw_str[64 + 1];
1786 			u8 psk[PMK_LEN];
1787 
1788 			if (pw == NULL) {
1789 				wpa_msg(wpa_s, MSG_INFO, "EXT PW: No PSK "
1790 					"found from external storage");
1791 				return -1;
1792 			}
1793 
1794 			if (wpabuf_len(pw) < 8 || wpabuf_len(pw) > 64) {
1795 				wpa_msg(wpa_s, MSG_INFO, "EXT PW: Unexpected "
1796 					"PSK length %d in external storage",
1797 					(int) wpabuf_len(pw));
1798 				ext_password_free(pw);
1799 				return -1;
1800 			}
1801 
1802 			os_memcpy(pw_str, wpabuf_head(pw), wpabuf_len(pw));
1803 			pw_str[wpabuf_len(pw)] = '\0';
1804 
1805 #ifndef CONFIG_NO_PBKDF2
1806 			if (wpabuf_len(pw) >= 8 && wpabuf_len(pw) < 64 && bss)
1807 			{
1808 				pbkdf2_sha1(pw_str, bss->ssid, bss->ssid_len,
1809 					    4096, psk, PMK_LEN);
1810 				os_memset(pw_str, 0, sizeof(pw_str));
1811 				wpa_hexdump_key(MSG_MSGDUMP, "PSK (from "
1812 						"external passphrase)",
1813 						psk, PMK_LEN);
1814 				wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL,
1815 					       NULL);
1816 				psk_set = 1;
1817 				os_memset(psk, 0, sizeof(psk));
1818 			} else
1819 #endif /* CONFIG_NO_PBKDF2 */
1820 			if (wpabuf_len(pw) == 2 * PMK_LEN) {
1821 				if (hexstr2bin(pw_str, psk, PMK_LEN) < 0) {
1822 					wpa_msg(wpa_s, MSG_INFO, "EXT PW: "
1823 						"Invalid PSK hex string");
1824 					os_memset(pw_str, 0, sizeof(pw_str));
1825 					ext_password_free(pw);
1826 					return -1;
1827 				}
1828 				wpa_hexdump_key(MSG_MSGDUMP,
1829 						"PSK (from external PSK)",
1830 						psk, PMK_LEN);
1831 				wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL,
1832 					       NULL);
1833 				psk_set = 1;
1834 				os_memset(psk, 0, sizeof(psk));
1835 			} else {
1836 				wpa_msg(wpa_s, MSG_INFO, "EXT PW: No suitable "
1837 					"PSK available");
1838 				os_memset(pw_str, 0, sizeof(pw_str));
1839 				ext_password_free(pw);
1840 				return -1;
1841 			}
1842 
1843 			os_memset(pw_str, 0, sizeof(pw_str));
1844 			ext_password_free(pw);
1845 		}
1846 #endif /* CONFIG_EXT_PASSWORD */
1847 
1848 		if (!psk_set) {
1849 			wpa_msg(wpa_s, MSG_INFO,
1850 				"No PSK available for association");
1851 			wpas_auth_failed(wpa_s, "NO_PSK_AVAILABLE");
1852 			return -1;
1853 		}
1854 #ifdef CONFIG_OWE
1855 	} else if (wpa_s->key_mgmt == WPA_KEY_MGMT_OWE) {
1856 		/* OWE Diffie-Hellman exchange in (Re)Association
1857 		 * Request/Response frames set the PMK, so do not override it
1858 		 * here. */
1859 #endif /* CONFIG_OWE */
1860 	} else
1861 		wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
1862 
1863 	if (ssid->mode != WPAS_MODE_IBSS &&
1864 	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED) &&
1865 	    (ssid->wpa_deny_ptk0_rekey == PTK0_REKEY_ALLOW_NEVER ||
1866 	     (ssid->wpa_deny_ptk0_rekey == PTK0_REKEY_ALLOW_LOCAL_OK &&
1867 	      !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAFE_PTK0_REKEYS)))) {
1868 		wpa_msg(wpa_s, MSG_INFO,
1869 			"Disable PTK0 rekey support - replaced with reconnect");
1870 		wpa_s->deny_ptk0_rekey = 1;
1871 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_DENY_PTK0_REKEY, 1);
1872 	} else {
1873 		wpa_s->deny_ptk0_rekey = 0;
1874 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_DENY_PTK0_REKEY, 0);
1875 	}
1876 
1877 	return 0;
1878 }
1879 
1880 
wpas_ext_capab_byte(struct wpa_supplicant * wpa_s,u8 * pos,int idx)1881 static void wpas_ext_capab_byte(struct wpa_supplicant *wpa_s, u8 *pos, int idx)
1882 {
1883 	*pos = 0x00;
1884 
1885 	switch (idx) {
1886 	case 0: /* Bits 0-7 */
1887 		break;
1888 	case 1: /* Bits 8-15 */
1889 		if (wpa_s->conf->coloc_intf_reporting) {
1890 			/* Bit 13 - Collocated Interference Reporting */
1891 			*pos |= 0x20;
1892 		}
1893 		break;
1894 	case 2: /* Bits 16-23 */
1895 #ifdef CONFIG_WNM
1896 		*pos |= 0x02; /* Bit 17 - WNM-Sleep Mode */
1897 		if (!wpa_s->disable_mbo_oce && !wpa_s->conf->disable_btm)
1898 			*pos |= 0x08; /* Bit 19 - BSS Transition */
1899 #endif /* CONFIG_WNM */
1900 		break;
1901 	case 3: /* Bits 24-31 */
1902 #ifdef CONFIG_WNM
1903 		*pos |= 0x02; /* Bit 25 - SSID List */
1904 #endif /* CONFIG_WNM */
1905 #ifdef CONFIG_INTERWORKING
1906 		if (wpa_s->conf->interworking)
1907 			*pos |= 0x80; /* Bit 31 - Interworking */
1908 #endif /* CONFIG_INTERWORKING */
1909 		break;
1910 	case 4: /* Bits 32-39 */
1911 #ifdef CONFIG_INTERWORKING
1912 		if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_QOS_MAPPING)
1913 			*pos |= 0x01; /* Bit 32 - QoS Map */
1914 #endif /* CONFIG_INTERWORKING */
1915 		break;
1916 	case 5: /* Bits 40-47 */
1917 #ifdef CONFIG_HS20
1918 		if (wpa_s->conf->hs20)
1919 			*pos |= 0x40; /* Bit 46 - WNM-Notification */
1920 #endif /* CONFIG_HS20 */
1921 #ifdef CONFIG_MBO
1922 		*pos |= 0x40; /* Bit 46 - WNM-Notification */
1923 #endif /* CONFIG_MBO */
1924 		break;
1925 	case 6: /* Bits 48-55 */
1926 		break;
1927 	case 7: /* Bits 56-63 */
1928 		break;
1929 	case 8: /* Bits 64-71 */
1930 		if (wpa_s->conf->ftm_responder)
1931 			*pos |= 0x40; /* Bit 70 - FTM responder */
1932 		if (wpa_s->conf->ftm_initiator)
1933 			*pos |= 0x80; /* Bit 71 - FTM initiator */
1934 		break;
1935 	case 9: /* Bits 72-79 */
1936 #ifdef CONFIG_FILS
1937 		if (!wpa_s->disable_fils)
1938 			*pos |= 0x01;
1939 #endif /* CONFIG_FILS */
1940 		break;
1941 	case 10: /* Bits 80-87 */
1942 		*pos |= 0x20; /* Bit 85 - Mirrored SCS */
1943 		break;
1944 	}
1945 }
1946 
1947 
wpas_build_ext_capab(struct wpa_supplicant * wpa_s,u8 * buf,size_t buflen)1948 int wpas_build_ext_capab(struct wpa_supplicant *wpa_s, u8 *buf, size_t buflen)
1949 {
1950 	u8 *pos = buf;
1951 	u8 len = 11, i;
1952 
1953 	if (len < wpa_s->extended_capa_len)
1954 		len = wpa_s->extended_capa_len;
1955 	if (buflen < (size_t) len + 2) {
1956 		wpa_printf(MSG_INFO,
1957 			   "Not enough room for building extended capabilities element");
1958 		return -1;
1959 	}
1960 
1961 	*pos++ = WLAN_EID_EXT_CAPAB;
1962 	*pos++ = len;
1963 	for (i = 0; i < len; i++, pos++) {
1964 		wpas_ext_capab_byte(wpa_s, pos, i);
1965 
1966 		if (i < wpa_s->extended_capa_len) {
1967 			*pos &= ~wpa_s->extended_capa_mask[i];
1968 			*pos |= wpa_s->extended_capa[i];
1969 		}
1970 	}
1971 
1972 	while (len > 0 && buf[1 + len] == 0) {
1973 		len--;
1974 		buf[1] = len;
1975 	}
1976 	if (len == 0)
1977 		return 0;
1978 
1979 	return 2 + len;
1980 }
1981 
1982 
wpas_valid_bss(struct wpa_supplicant * wpa_s,struct wpa_bss * test_bss)1983 static int wpas_valid_bss(struct wpa_supplicant *wpa_s,
1984 			  struct wpa_bss *test_bss)
1985 {
1986 	struct wpa_bss *bss;
1987 
1988 	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
1989 		if (bss == test_bss)
1990 			return 1;
1991 	}
1992 
1993 	return 0;
1994 }
1995 
1996 
wpas_valid_ssid(struct wpa_supplicant * wpa_s,struct wpa_ssid * test_ssid)1997 static int wpas_valid_ssid(struct wpa_supplicant *wpa_s,
1998 			   struct wpa_ssid *test_ssid)
1999 {
2000 	struct wpa_ssid *ssid;
2001 
2002 	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
2003 		if (ssid == test_ssid)
2004 			return 1;
2005 	}
2006 
2007 	return 0;
2008 }
2009 
2010 
wpas_valid_bss_ssid(struct wpa_supplicant * wpa_s,struct wpa_bss * test_bss,struct wpa_ssid * test_ssid)2011 int wpas_valid_bss_ssid(struct wpa_supplicant *wpa_s, struct wpa_bss *test_bss,
2012 			struct wpa_ssid *test_ssid)
2013 {
2014 	if (test_bss && !wpas_valid_bss(wpa_s, test_bss))
2015 		return 0;
2016 
2017 	return test_ssid == NULL || wpas_valid_ssid(wpa_s, test_ssid);
2018 }
2019 
2020 
wpas_connect_work_free(struct wpa_connect_work * cwork)2021 void wpas_connect_work_free(struct wpa_connect_work *cwork)
2022 {
2023 	if (cwork == NULL)
2024 		return;
2025 	os_free(cwork);
2026 }
2027 
2028 
wpas_connect_work_done(struct wpa_supplicant * wpa_s)2029 void wpas_connect_work_done(struct wpa_supplicant *wpa_s)
2030 {
2031 	struct wpa_connect_work *cwork;
2032 	struct wpa_radio_work *work = wpa_s->connect_work;
2033 
2034 	if (!work)
2035 		return;
2036 
2037 	wpa_s->connect_work = NULL;
2038 	cwork = work->ctx;
2039 	work->ctx = NULL;
2040 	wpas_connect_work_free(cwork);
2041 	radio_work_done(work);
2042 }
2043 
2044 
wpas_update_random_addr(struct wpa_supplicant * wpa_s,int style)2045 int wpas_update_random_addr(struct wpa_supplicant *wpa_s, int style)
2046 {
2047 	struct os_reltime now;
2048 	u8 addr[ETH_ALEN];
2049 
2050 	os_get_reltime(&now);
2051 	if (wpa_s->last_mac_addr_style == style &&
2052 	    wpa_s->last_mac_addr_change.sec != 0 &&
2053 	    !os_reltime_expired(&now, &wpa_s->last_mac_addr_change,
2054 				wpa_s->conf->rand_addr_lifetime)) {
2055 		wpa_msg(wpa_s, MSG_DEBUG,
2056 			"Previously selected random MAC address has not yet expired");
2057 		return 0;
2058 	}
2059 
2060 	switch (style) {
2061 	case 1:
2062 		if (random_mac_addr(addr) < 0)
2063 			return -1;
2064 		break;
2065 	case 2:
2066 		os_memcpy(addr, wpa_s->perm_addr, ETH_ALEN);
2067 		if (random_mac_addr_keep_oui(addr) < 0)
2068 			return -1;
2069 		break;
2070 	default:
2071 		return -1;
2072 	}
2073 
2074 	if (wpa_drv_set_mac_addr(wpa_s, addr) < 0) {
2075 		wpa_msg(wpa_s, MSG_INFO,
2076 			"Failed to set random MAC address");
2077 		return -1;
2078 	}
2079 
2080 	os_get_reltime(&wpa_s->last_mac_addr_change);
2081 	wpa_s->mac_addr_changed = 1;
2082 	wpa_s->last_mac_addr_style = style;
2083 
2084 	if (wpa_supplicant_update_mac_addr(wpa_s) < 0) {
2085 		wpa_msg(wpa_s, MSG_INFO,
2086 			"Could not update MAC address information");
2087 		return -1;
2088 	}
2089 
2090 	wpa_msg(wpa_s, MSG_DEBUG, "Using random MAC address " MACSTR,
2091 		MAC2STR(addr));
2092 
2093 	return 0;
2094 }
2095 
2096 
wpas_update_random_addr_disassoc(struct wpa_supplicant * wpa_s)2097 int wpas_update_random_addr_disassoc(struct wpa_supplicant *wpa_s)
2098 {
2099 	if (wpa_s->wpa_state >= WPA_AUTHENTICATING ||
2100 	    !wpa_s->conf->preassoc_mac_addr)
2101 		return 0;
2102 
2103 	return wpas_update_random_addr(wpa_s, wpa_s->conf->preassoc_mac_addr);
2104 }
2105 
2106 
wpa_s_setup_sae_pt(struct wpa_config * conf,struct wpa_ssid * ssid)2107 static void wpa_s_setup_sae_pt(struct wpa_config *conf, struct wpa_ssid *ssid)
2108 {
2109 #ifdef CONFIG_SAE
2110 	int *groups = conf->sae_groups;
2111 	int default_groups[] = { 19, 20, 21, 0 };
2112 	const char *password;
2113 
2114 	if (!groups || groups[0] <= 0)
2115 		groups = default_groups;
2116 
2117 	password = ssid->sae_password;
2118 	if (!password)
2119 		password = ssid->passphrase;
2120 
2121 	if (!password ||
2122 	    (conf->sae_pwe == 0 && !ssid->sae_password_id &&
2123 	     !sae_pk_valid_password(password)) ||
2124 	    conf->sae_pwe == 3) {
2125 		/* PT derivation not needed */
2126 		sae_deinit_pt(ssid->pt);
2127 		ssid->pt = NULL;
2128 		return;
2129 	}
2130 
2131 	if (ssid->pt)
2132 		return; /* PT already derived */
2133 	ssid->pt = sae_derive_pt(groups, ssid->ssid, ssid->ssid_len,
2134 				 (const u8 *) password, os_strlen(password),
2135 				 ssid->sae_password_id);
2136 #endif /* CONFIG_SAE */
2137 }
2138 
2139 
wpa_s_clear_sae_rejected(struct wpa_supplicant * wpa_s)2140 static void wpa_s_clear_sae_rejected(struct wpa_supplicant *wpa_s)
2141 {
2142 #if defined(CONFIG_SAE) && defined(CONFIG_SME)
2143 	os_free(wpa_s->sme.sae_rejected_groups);
2144 	wpa_s->sme.sae_rejected_groups = NULL;
2145 #ifdef CONFIG_TESTING_OPTIONS
2146 	if (wpa_s->extra_sae_rejected_groups) {
2147 		int i, *groups = wpa_s->extra_sae_rejected_groups;
2148 
2149 		for (i = 0; groups[i]; i++) {
2150 			wpa_printf(MSG_DEBUG,
2151 				   "TESTING: Indicate rejection of an extra SAE group %d",
2152 				   groups[i]);
2153 			int_array_add_unique(&wpa_s->sme.sae_rejected_groups,
2154 					     groups[i]);
2155 		}
2156 	}
2157 #endif /* CONFIG_TESTING_OPTIONS */
2158 #endif /* CONFIG_SAE && CONFIG_SME */
2159 }
2160 
2161 
wpas_restore_permanent_mac_addr(struct wpa_supplicant * wpa_s)2162 int wpas_restore_permanent_mac_addr(struct wpa_supplicant *wpa_s)
2163 {
2164 	if (wpa_drv_set_mac_addr(wpa_s, NULL) < 0) {
2165 		wpa_msg(wpa_s, MSG_INFO,
2166 			"Could not restore permanent MAC address");
2167 		return -1;
2168 	}
2169 	wpa_s->mac_addr_changed = 0;
2170 	if (wpa_supplicant_update_mac_addr(wpa_s) < 0) {
2171 		wpa_msg(wpa_s, MSG_INFO,
2172 			"Could not update MAC address information");
2173 		return -1;
2174 	}
2175 	wpa_msg(wpa_s, MSG_DEBUG, "Using permanent MAC address");
2176 	return 0;
2177 }
2178 
2179 
2180 static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit);
2181 
2182 /**
2183  * wpa_supplicant_associate - Request association
2184  * @wpa_s: Pointer to wpa_supplicant data
2185  * @bss: Scan results for the selected BSS, or %NULL if not available
2186  * @ssid: Configuration data for the selected network
2187  *
2188  * This function is used to request %wpa_supplicant to associate with a BSS.
2189  */
wpa_supplicant_associate(struct wpa_supplicant * wpa_s,struct wpa_bss * bss,struct wpa_ssid * ssid)2190 void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
2191 			      struct wpa_bss *bss, struct wpa_ssid *ssid)
2192 {
2193 	struct wpa_connect_work *cwork;
2194 	int rand_style;
2195 
2196 	wpa_s->own_disconnect_req = 0;
2197 	wpa_s->own_reconnect_req = 0;
2198 
2199 	/*
2200 	 * If we are starting a new connection, any previously pending EAPOL
2201 	 * RX cannot be valid anymore.
2202 	 */
2203 	wpabuf_free(wpa_s->pending_eapol_rx);
2204 	wpa_s->pending_eapol_rx = NULL;
2205 
2206 	if (ssid->mac_addr == -1)
2207 		rand_style = wpa_s->conf->mac_addr;
2208 	else
2209 		rand_style = ssid->mac_addr;
2210 
2211 	wpa_s->multi_ap_ie = 0;
2212 	wmm_ac_clear_saved_tspecs(wpa_s);
2213 	wpa_s->reassoc_same_bss = 0;
2214 	wpa_s->reassoc_same_ess = 0;
2215 #ifdef CONFIG_TESTING_OPTIONS
2216 	wpa_s->testing_resend_assoc = 0;
2217 #endif /* CONFIG_TESTING_OPTIONS */
2218 
2219 	if (wpa_s->last_ssid == ssid) {
2220 		wpa_dbg(wpa_s, MSG_DEBUG, "Re-association to the same ESS");
2221 		wpa_s->reassoc_same_ess = 1;
2222 		if (wpa_s->current_bss && wpa_s->current_bss == bss) {
2223 			wmm_ac_save_tspecs(wpa_s);
2224 			wpa_s->reassoc_same_bss = 1;
2225 		} else if (wpa_s->current_bss && wpa_s->current_bss != bss) {
2226 			os_get_reltime(&wpa_s->roam_start);
2227 		}
2228 	} else {
2229 #ifdef CONFIG_SAE
2230 		wpa_s_clear_sae_rejected(wpa_s);
2231 		wpa_s_setup_sae_pt(wpa_s->conf, ssid);
2232 #endif /* CONFIG_SAE */
2233 	}
2234 
2235 	if (rand_style > 0 && !wpa_s->reassoc_same_ess) {
2236 		if (wpas_update_random_addr(wpa_s, rand_style) < 0)
2237 			return;
2238 		wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
2239 	} else if (rand_style == 0 && wpa_s->mac_addr_changed) {
2240 		if (wpas_restore_permanent_mac_addr(wpa_s) < 0)
2241 			return;
2242 	}
2243 	wpa_s->last_ssid = ssid;
2244 
2245 #ifdef CONFIG_IBSS_RSN
2246 	ibss_rsn_deinit(wpa_s->ibss_rsn);
2247 	wpa_s->ibss_rsn = NULL;
2248 #else /* CONFIG_IBSS_RSN */
2249 	if (ssid->mode == WPAS_MODE_IBSS &&
2250 	    !(ssid->key_mgmt & (WPA_KEY_MGMT_NONE | WPA_KEY_MGMT_WPA_NONE))) {
2251 		wpa_msg(wpa_s, MSG_INFO,
2252 			"IBSS RSN not supported in the build");
2253 		return;
2254 	}
2255 #endif /* CONFIG_IBSS_RSN */
2256 
2257 	if (ssid->mode == WPAS_MODE_AP || ssid->mode == WPAS_MODE_P2P_GO ||
2258 	    ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION) {
2259 #ifdef CONFIG_AP
2260 		if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP)) {
2261 			wpa_msg(wpa_s, MSG_INFO, "Driver does not support AP "
2262 				"mode");
2263 			return;
2264 		}
2265 		if (wpa_supplicant_create_ap(wpa_s, ssid) < 0) {
2266 			wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
2267 			if (ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION)
2268 				wpas_p2p_ap_setup_failed(wpa_s);
2269 			return;
2270 		}
2271 		wpa_s->current_bss = bss;
2272 #else /* CONFIG_AP */
2273 		wpa_msg(wpa_s, MSG_ERROR, "AP mode support not included in "
2274 			"the build");
2275 #endif /* CONFIG_AP */
2276 		return;
2277 	}
2278 
2279 	if (ssid->mode == WPAS_MODE_MESH) {
2280 #ifdef CONFIG_MESH
2281 		if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_MESH)) {
2282 			wpa_msg(wpa_s, MSG_INFO,
2283 				"Driver does not support mesh mode");
2284 			return;
2285 		}
2286 		if (bss)
2287 			ssid->frequency = bss->freq;
2288 		if (wpa_supplicant_join_mesh(wpa_s, ssid) < 0) {
2289 			wpa_msg(wpa_s, MSG_ERROR, "Could not join mesh");
2290 			return;
2291 		}
2292 		wpa_s->current_bss = bss;
2293 #else /* CONFIG_MESH */
2294 		wpa_msg(wpa_s, MSG_ERROR,
2295 			"mesh mode support not included in the build");
2296 #endif /* CONFIG_MESH */
2297 		return;
2298 	}
2299 
2300 	/*
2301 	 * Set WPA state machine configuration to match the selected network now
2302 	 * so that the information is available before wpas_start_assoc_cb()
2303 	 * gets called. This is needed at least for RSN pre-authentication where
2304 	 * candidate APs are added to a list based on scan result processing
2305 	 * before completion of the first association.
2306 	 */
2307 	wpa_supplicant_rsn_supp_set_config(wpa_s, ssid);
2308 
2309 #ifdef CONFIG_DPP
2310 	if (wpas_dpp_check_connect(wpa_s, ssid, bss) != 0)
2311 		return;
2312 #endif /* CONFIG_DPP */
2313 
2314 #ifdef CONFIG_TDLS
2315 	if (bss)
2316 		wpa_tdls_ap_ies(wpa_s->wpa, wpa_bss_ie_ptr(bss), bss->ie_len);
2317 #endif /* CONFIG_TDLS */
2318 
2319 #ifdef CONFIG_MBO
2320 	wpas_mbo_check_pmf(wpa_s, bss, ssid);
2321 #endif /* CONFIG_MBO */
2322 
2323 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2324 	    ssid->mode == WPAS_MODE_INFRA) {
2325 		sme_authenticate(wpa_s, bss, ssid);
2326 		return;
2327 	}
2328 
2329 	if (wpa_s->connect_work) {
2330 		wpa_dbg(wpa_s, MSG_DEBUG, "Reject wpa_supplicant_associate() call since connect_work exist");
2331 		return;
2332 	}
2333 
2334 	if (radio_work_pending(wpa_s, "connect")) {
2335 		wpa_dbg(wpa_s, MSG_DEBUG, "Reject wpa_supplicant_associate() call since pending work exist");
2336 		return;
2337 	}
2338 
2339 #ifdef CONFIG_SME
2340 	if (ssid->mode == WPAS_MODE_IBSS || ssid->mode == WPAS_MODE_MESH) {
2341 		/* Clear possibly set auth_alg, if any, from last attempt. */
2342 		wpa_s->sme.auth_alg = WPA_AUTH_ALG_OPEN;
2343 	}
2344 #endif /* CONFIG_SME */
2345 
2346 	wpas_abort_ongoing_scan(wpa_s);
2347 
2348 	cwork = os_zalloc(sizeof(*cwork));
2349 	if (cwork == NULL)
2350 		return;
2351 
2352 	cwork->bss = bss;
2353 	cwork->ssid = ssid;
2354 
2355 	if (radio_add_work(wpa_s, bss ? bss->freq : 0, "connect", 1,
2356 			   wpas_start_assoc_cb, cwork) < 0) {
2357 		os_free(cwork);
2358 	}
2359 }
2360 
2361 
bss_is_ibss(struct wpa_bss * bss)2362 static int bss_is_ibss(struct wpa_bss *bss)
2363 {
2364 	return (bss->caps & (IEEE80211_CAP_ESS | IEEE80211_CAP_IBSS)) ==
2365 		IEEE80211_CAP_IBSS;
2366 }
2367 
2368 
drv_supports_vht(struct wpa_supplicant * wpa_s,const struct wpa_ssid * ssid)2369 static int drv_supports_vht(struct wpa_supplicant *wpa_s,
2370 			    const struct wpa_ssid *ssid)
2371 {
2372 	enum hostapd_hw_mode hw_mode;
2373 	struct hostapd_hw_modes *mode = NULL;
2374 	u8 channel;
2375 	int i;
2376 
2377 	hw_mode = ieee80211_freq_to_chan(ssid->frequency, &channel);
2378 	if (hw_mode == NUM_HOSTAPD_MODES)
2379 		return 0;
2380 	for (i = 0; wpa_s->hw.modes && i < wpa_s->hw.num_modes; i++) {
2381 		if (wpa_s->hw.modes[i].mode == hw_mode) {
2382 			mode = &wpa_s->hw.modes[i];
2383 			break;
2384 		}
2385 	}
2386 
2387 	if (!mode)
2388 		return 0;
2389 
2390 	return mode->vht_capab != 0;
2391 }
2392 
2393 
ibss_mesh_setup_freq(struct wpa_supplicant * wpa_s,const struct wpa_ssid * ssid,struct hostapd_freq_params * freq)2394 void ibss_mesh_setup_freq(struct wpa_supplicant *wpa_s,
2395 			  const struct wpa_ssid *ssid,
2396 			  struct hostapd_freq_params *freq)
2397 {
2398 	int ieee80211_mode = wpas_mode_to_ieee80211_mode(ssid->mode);
2399 	enum hostapd_hw_mode hw_mode;
2400 	struct hostapd_hw_modes *mode = NULL;
2401 	int ht40plus[] = { 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157,
2402 			   184, 192 };
2403 	int vht80[] = { 36, 52, 100, 116, 132, 149 };
2404 	struct hostapd_channel_data *pri_chan = NULL, *sec_chan = NULL;
2405 	u8 channel;
2406 	int i, chan_idx, ht40 = -1, res, obss_scan = 1;
2407 	unsigned int j, k;
2408 	struct hostapd_freq_params vht_freq;
2409 	int chwidth, seg0, seg1;
2410 	u32 vht_caps = 0;
2411 	int is_24ghz;
2412 
2413 	freq->freq = ssid->frequency;
2414 
2415 	for (j = 0; j < wpa_s->last_scan_res_used; j++) {
2416 		struct wpa_bss *bss = wpa_s->last_scan_res[j];
2417 
2418 		if (ssid->mode != WPAS_MODE_IBSS)
2419 			break;
2420 
2421 		/* Don't adjust control freq in case of fixed_freq */
2422 		if (ssid->fixed_freq)
2423 			break;
2424 
2425 		if (!bss_is_ibss(bss))
2426 			continue;
2427 
2428 		if (ssid->ssid_len == bss->ssid_len &&
2429 		    os_memcmp(ssid->ssid, bss->ssid, bss->ssid_len) == 0) {
2430 			wpa_printf(MSG_DEBUG,
2431 				   "IBSS already found in scan results, adjust control freq: %d",
2432 				   bss->freq);
2433 			freq->freq = bss->freq;
2434 			obss_scan = 0;
2435 			break;
2436 		}
2437 	}
2438 
2439 	/* For IBSS check HT_IBSS flag */
2440 	if (ssid->mode == WPAS_MODE_IBSS &&
2441 	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_HT_IBSS))
2442 		return;
2443 
2444 	if (wpa_s->group_cipher == WPA_CIPHER_WEP40 ||
2445 	    wpa_s->group_cipher == WPA_CIPHER_WEP104 ||
2446 	    wpa_s->pairwise_cipher == WPA_CIPHER_TKIP) {
2447 		wpa_printf(MSG_DEBUG,
2448 			   "IBSS: WEP/TKIP detected, do not try to enable HT");
2449 		return;
2450 	}
2451 
2452 	hw_mode = ieee80211_freq_to_chan(freq->freq, &channel);
2453 	for (i = 0; wpa_s->hw.modes && i < wpa_s->hw.num_modes; i++) {
2454 		if (wpa_s->hw.modes[i].mode == hw_mode) {
2455 			mode = &wpa_s->hw.modes[i];
2456 			break;
2457 		}
2458 	}
2459 
2460 	if (!mode)
2461 		return;
2462 
2463 	freq->channel = channel;
2464 
2465 	is_24ghz = hw_mode == HOSTAPD_MODE_IEEE80211G ||
2466 		hw_mode == HOSTAPD_MODE_IEEE80211B;
2467 
2468 #ifdef CONFIG_HT_OVERRIDES
2469 	if (ssid->disable_ht) {
2470 		freq->ht_enabled = 0;
2471 		return;
2472 	}
2473 #endif /* CONFIG_HT_OVERRIDES */
2474 
2475 	freq->ht_enabled = ht_supported(mode);
2476 	if (!freq->ht_enabled)
2477 		return;
2478 
2479 	/* Allow HE on 2.4 GHz without VHT: see nl80211_put_freq_params() */
2480 	if (is_24ghz)
2481 		freq->he_enabled = mode->he_capab[ieee80211_mode].he_supported;
2482 #ifdef CONFIG_HE_OVERRIDES
2483 	if (is_24ghz && ssid->disable_he)
2484 		freq->he_enabled = 0;
2485 #endif /* CONFIG_HE_OVERRIDES */
2486 
2487 	/* Setup higher BW only for 5 GHz */
2488 	if (mode->mode != HOSTAPD_MODE_IEEE80211A)
2489 		return;
2490 
2491 	for (chan_idx = 0; chan_idx < mode->num_channels; chan_idx++) {
2492 		pri_chan = &mode->channels[chan_idx];
2493 		if (pri_chan->chan == channel)
2494 			break;
2495 		pri_chan = NULL;
2496 	}
2497 	if (!pri_chan)
2498 		return;
2499 
2500 	/* Check primary channel flags */
2501 	if (pri_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
2502 		return;
2503 
2504 	freq->channel = pri_chan->chan;
2505 
2506 #ifdef CONFIG_HT_OVERRIDES
2507 	if (ssid->disable_ht40) {
2508 #ifdef CONFIG_VHT_OVERRIDES
2509 		if (ssid->disable_vht)
2510 			return;
2511 #endif /* CONFIG_VHT_OVERRIDES */
2512 		goto skip_ht40;
2513 	}
2514 #endif /* CONFIG_HT_OVERRIDES */
2515 
2516 	/* Check/setup HT40+/HT40- */
2517 	for (j = 0; j < ARRAY_SIZE(ht40plus); j++) {
2518 		if (ht40plus[j] == channel) {
2519 			ht40 = 1;
2520 			break;
2521 		}
2522 	}
2523 
2524 	/* Find secondary channel */
2525 	for (i = 0; i < mode->num_channels; i++) {
2526 		sec_chan = &mode->channels[i];
2527 		if (sec_chan->chan == channel + ht40 * 4)
2528 			break;
2529 		sec_chan = NULL;
2530 	}
2531 	if (!sec_chan)
2532 		return;
2533 
2534 	/* Check secondary channel flags */
2535 	if (sec_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
2536 		return;
2537 
2538 	if (ht40 == -1) {
2539 		if (!(pri_chan->flag & HOSTAPD_CHAN_HT40MINUS))
2540 			return;
2541 	} else {
2542 		if (!(pri_chan->flag & HOSTAPD_CHAN_HT40PLUS))
2543 			return;
2544 	}
2545 	freq->sec_channel_offset = ht40;
2546 
2547 	if (obss_scan) {
2548 		struct wpa_scan_results *scan_res;
2549 
2550 		scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL, 0);
2551 		if (scan_res == NULL) {
2552 			/* Back to HT20 */
2553 			freq->sec_channel_offset = 0;
2554 			return;
2555 		}
2556 
2557 		res = check_40mhz_5g(scan_res, pri_chan, sec_chan);
2558 		switch (res) {
2559 		case 0:
2560 			/* Back to HT20 */
2561 			freq->sec_channel_offset = 0;
2562 			break;
2563 		case 1:
2564 			/* Configuration allowed */
2565 			break;
2566 		case 2:
2567 			/* Switch pri/sec channels */
2568 			freq->freq = hw_get_freq(mode, sec_chan->chan);
2569 			freq->sec_channel_offset = -freq->sec_channel_offset;
2570 			freq->channel = sec_chan->chan;
2571 			break;
2572 		default:
2573 			freq->sec_channel_offset = 0;
2574 			break;
2575 		}
2576 
2577 		wpa_scan_results_free(scan_res);
2578 	}
2579 
2580 #ifdef CONFIG_HT_OVERRIDES
2581 skip_ht40:
2582 #endif /* CONFIG_HT_OVERRIDES */
2583 	wpa_printf(MSG_DEBUG,
2584 		   "IBSS/mesh: setup freq channel %d, sec_channel_offset %d",
2585 		   freq->channel, freq->sec_channel_offset);
2586 
2587 	if (!drv_supports_vht(wpa_s, ssid))
2588 		return;
2589 
2590 	/* For IBSS check VHT_IBSS flag */
2591 	if (ssid->mode == WPAS_MODE_IBSS &&
2592 	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_VHT_IBSS))
2593 		return;
2594 
2595 	vht_freq = *freq;
2596 
2597 #ifdef CONFIG_VHT_OVERRIDES
2598 	if (ssid->disable_vht) {
2599 		freq->vht_enabled = 0;
2600 		return;
2601 	}
2602 #endif /* CONFIG_VHT_OVERRIDES */
2603 
2604 	vht_freq.vht_enabled = vht_supported(mode);
2605 	if (!vht_freq.vht_enabled)
2606 		return;
2607 
2608 	/* Enable HE with VHT for 5 GHz */
2609 	freq->he_enabled = mode->he_capab[ieee80211_mode].he_supported;
2610 
2611 	/* setup center_freq1, bandwidth */
2612 	for (j = 0; j < ARRAY_SIZE(vht80); j++) {
2613 		if (freq->channel >= vht80[j] &&
2614 		    freq->channel < vht80[j] + 16)
2615 			break;
2616 	}
2617 
2618 	if (j == ARRAY_SIZE(vht80))
2619 		return;
2620 
2621 	for (i = vht80[j]; i < vht80[j] + 16; i += 4) {
2622 		struct hostapd_channel_data *chan;
2623 
2624 		chan = hw_get_channel_chan(mode, i, NULL);
2625 		if (!chan)
2626 			return;
2627 
2628 		/* Back to HT configuration if channel not usable */
2629 		if (chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
2630 			return;
2631 	}
2632 
2633 	chwidth = CHANWIDTH_80MHZ;
2634 	seg0 = vht80[j] + 6;
2635 	seg1 = 0;
2636 
2637 	if (ssid->max_oper_chwidth == CHANWIDTH_80P80MHZ) {
2638 		/* setup center_freq2, bandwidth */
2639 		for (k = 0; k < ARRAY_SIZE(vht80); k++) {
2640 			/* Only accept 80 MHz segments separated by a gap */
2641 			if (j == k || abs(vht80[j] - vht80[k]) == 16)
2642 				continue;
2643 			for (i = vht80[k]; i < vht80[k] + 16; i += 4) {
2644 				struct hostapd_channel_data *chan;
2645 
2646 				chan = hw_get_channel_chan(mode, i, NULL);
2647 				if (!chan)
2648 					continue;
2649 
2650 				if (chan->flag & (HOSTAPD_CHAN_DISABLED |
2651 						  HOSTAPD_CHAN_NO_IR |
2652 						  HOSTAPD_CHAN_RADAR))
2653 					continue;
2654 
2655 				/* Found a suitable second segment for 80+80 */
2656 				chwidth = CHANWIDTH_80P80MHZ;
2657 				vht_caps |=
2658 					VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ;
2659 				seg1 = vht80[k] + 6;
2660 			}
2661 
2662 			if (chwidth == CHANWIDTH_80P80MHZ)
2663 				break;
2664 		}
2665 	} else if (ssid->max_oper_chwidth == CHANWIDTH_160MHZ) {
2666 		if (freq->freq == 5180) {
2667 			chwidth = CHANWIDTH_160MHZ;
2668 			vht_caps |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
2669 			seg0 = 50;
2670 		} else if (freq->freq == 5520) {
2671 			chwidth = CHANWIDTH_160MHZ;
2672 			vht_caps |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
2673 			seg0 = 114;
2674 		}
2675 	} else if (ssid->max_oper_chwidth == CHANWIDTH_USE_HT) {
2676 		chwidth = CHANWIDTH_USE_HT;
2677 		seg0 = vht80[j] + 2;
2678 #ifdef CONFIG_HT_OVERRIDES
2679 		if (ssid->disable_ht40)
2680 			seg0 = 0;
2681 #endif /* CONFIG_HT_OVERRIDES */
2682 	}
2683 
2684 #ifdef CONFIG_HE_OVERRIDES
2685 	if (ssid->disable_he) {
2686 		vht_freq.he_enabled = 0;
2687 		freq->he_enabled = 0;
2688 	}
2689 #endif /* CONFIG_HE_OVERRIDES */
2690 	if (hostapd_set_freq_params(&vht_freq, mode->mode, freq->freq,
2691 				    freq->channel, ssid->enable_edmg,
2692 				    ssid->edmg_channel, freq->ht_enabled,
2693 				    vht_freq.vht_enabled, freq->he_enabled,
2694 				    freq->sec_channel_offset,
2695 				    chwidth, seg0, seg1, vht_caps,
2696 				    &mode->he_capab[ieee80211_mode]) != 0)
2697 		return;
2698 
2699 	*freq = vht_freq;
2700 
2701 	wpa_printf(MSG_DEBUG, "IBSS: VHT setup freq cf1 %d, cf2 %d, bw %d",
2702 		   freq->center_freq1, freq->center_freq2, freq->bandwidth);
2703 }
2704 
2705 
2706 #ifdef CONFIG_FILS
wpas_add_fils_hlp_req(struct wpa_supplicant * wpa_s,u8 * ie_buf,size_t ie_buf_len)2707 static size_t wpas_add_fils_hlp_req(struct wpa_supplicant *wpa_s, u8 *ie_buf,
2708 				    size_t ie_buf_len)
2709 {
2710 	struct fils_hlp_req *req;
2711 	size_t rem_len, hdr_len, hlp_len, len, ie_len = 0;
2712 	const u8 *pos;
2713 	u8 *buf = ie_buf;
2714 
2715 	dl_list_for_each(req, &wpa_s->fils_hlp_req, struct fils_hlp_req,
2716 			 list) {
2717 		rem_len = ie_buf_len - ie_len;
2718 		pos = wpabuf_head(req->pkt);
2719 		hdr_len = 1 + 2 * ETH_ALEN + 6;
2720 		hlp_len = wpabuf_len(req->pkt);
2721 
2722 		if (rem_len < 2 + hdr_len + hlp_len) {
2723 			wpa_printf(MSG_ERROR,
2724 				   "FILS: Cannot fit HLP - rem_len=%lu to_fill=%lu",
2725 				   (unsigned long) rem_len,
2726 				   (unsigned long) (2 + hdr_len + hlp_len));
2727 			break;
2728 		}
2729 
2730 		len = (hdr_len + hlp_len) > 255 ? 255 : hdr_len + hlp_len;
2731 		/* Element ID */
2732 		*buf++ = WLAN_EID_EXTENSION;
2733 		/* Length */
2734 		*buf++ = len;
2735 		/* Element ID Extension */
2736 		*buf++ = WLAN_EID_EXT_FILS_HLP_CONTAINER;
2737 		/* Destination MAC address */
2738 		os_memcpy(buf, req->dst, ETH_ALEN);
2739 		buf += ETH_ALEN;
2740 		/* Source MAC address */
2741 		os_memcpy(buf, wpa_s->own_addr, ETH_ALEN);
2742 		buf += ETH_ALEN;
2743 		/* LLC/SNAP Header */
2744 		os_memcpy(buf, "\xaa\xaa\x03\x00\x00\x00", 6);
2745 		buf += 6;
2746 		/* HLP Packet */
2747 		os_memcpy(buf, pos, len - hdr_len);
2748 		buf += len - hdr_len;
2749 		pos += len - hdr_len;
2750 
2751 		hlp_len -= len - hdr_len;
2752 		ie_len += 2 + len;
2753 		rem_len -= 2 + len;
2754 
2755 		while (hlp_len) {
2756 			len = (hlp_len > 255) ? 255 : hlp_len;
2757 			if (rem_len < 2 + len)
2758 				break;
2759 			*buf++ = WLAN_EID_FRAGMENT;
2760 			*buf++ = len;
2761 			os_memcpy(buf, pos, len);
2762 			buf += len;
2763 			pos += len;
2764 
2765 			hlp_len -= len;
2766 			ie_len += 2 + len;
2767 			rem_len -= 2 + len;
2768 		}
2769 	}
2770 
2771 	return ie_len;
2772 }
2773 
2774 
wpa_is_fils_supported(struct wpa_supplicant * wpa_s)2775 int wpa_is_fils_supported(struct wpa_supplicant *wpa_s)
2776 {
2777 	return (((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2778 		 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SUPPORT_FILS)) ||
2779 		(!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2780 		 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD)));
2781 }
2782 
2783 
wpa_is_fils_sk_pfs_supported(struct wpa_supplicant * wpa_s)2784 int wpa_is_fils_sk_pfs_supported(struct wpa_supplicant *wpa_s)
2785 {
2786 #ifdef CONFIG_FILS_SK_PFS
2787 	return (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2788 		(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SUPPORT_FILS);
2789 #else /* CONFIG_FILS_SK_PFS */
2790 	return 0;
2791 #endif /* CONFIG_FILS_SK_PFS */
2792 }
2793 
2794 #endif /* CONFIG_FILS */
2795 
2796 
wpas_populate_assoc_ies(struct wpa_supplicant * wpa_s,struct wpa_bss * bss,struct wpa_ssid * ssid,struct wpa_driver_associate_params * params,enum wpa_drv_update_connect_params_mask * mask)2797 static u8 * wpas_populate_assoc_ies(
2798 	struct wpa_supplicant *wpa_s,
2799 	struct wpa_bss *bss, struct wpa_ssid *ssid,
2800 	struct wpa_driver_associate_params *params,
2801 	enum wpa_drv_update_connect_params_mask *mask)
2802 {
2803 	u8 *wpa_ie;
2804 	size_t max_wpa_ie_len = 500;
2805 	size_t wpa_ie_len;
2806 	int algs = WPA_AUTH_ALG_OPEN;
2807 #ifdef CONFIG_MBO
2808 	const u8 *mbo_ie;
2809 #endif
2810 #if defined(CONFIG_SAE) || defined(CONFIG_FILS)
2811 	int pmksa_cached = 0;
2812 #endif /* CONFIG_SAE || CONFIG_FILS */
2813 #ifdef CONFIG_FILS
2814 	const u8 *realm, *username, *rrk;
2815 	size_t realm_len, username_len, rrk_len;
2816 	u16 next_seq_num;
2817 	struct fils_hlp_req *req;
2818 
2819 	dl_list_for_each(req, &wpa_s->fils_hlp_req, struct fils_hlp_req,
2820 			 list) {
2821 		max_wpa_ie_len += 3 + 2 * ETH_ALEN + 6 + wpabuf_len(req->pkt) +
2822 				  2 + 2 * wpabuf_len(req->pkt) / 255;
2823 	}
2824 #endif /* CONFIG_FILS */
2825 
2826 	wpa_ie = os_malloc(max_wpa_ie_len);
2827 	if (!wpa_ie) {
2828 		wpa_printf(MSG_ERROR,
2829 			   "Failed to allocate connect IE buffer for %lu bytes",
2830 			   (unsigned long) max_wpa_ie_len);
2831 		return NULL;
2832 	}
2833 
2834 	if (bss && (wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
2835 		    wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
2836 	    wpa_key_mgmt_wpa(ssid->key_mgmt)) {
2837 		int try_opportunistic;
2838 		const u8 *cache_id = NULL;
2839 
2840 		try_opportunistic = (ssid->proactive_key_caching < 0 ?
2841 				     wpa_s->conf->okc :
2842 				     ssid->proactive_key_caching) &&
2843 			(ssid->proto & WPA_PROTO_RSN);
2844 #ifdef CONFIG_FILS
2845 		if (wpa_key_mgmt_fils(ssid->key_mgmt))
2846 			cache_id = wpa_bss_get_fils_cache_id(bss);
2847 #endif /* CONFIG_FILS */
2848 		if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
2849 					    ssid, try_opportunistic,
2850 					    cache_id, 0) == 0) {
2851 			eapol_sm_notify_pmkid_attempt(wpa_s->eapol);
2852 #if defined(CONFIG_SAE) || defined(CONFIG_FILS)
2853 			pmksa_cached = 1;
2854 #endif /* CONFIG_SAE || CONFIG_FILS */
2855 		}
2856 		wpa_ie_len = max_wpa_ie_len;
2857 		if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
2858 					      wpa_ie, &wpa_ie_len)) {
2859 			wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
2860 				"key management and encryption suites");
2861 			os_free(wpa_ie);
2862 			return NULL;
2863 		}
2864 #ifdef CONFIG_HS20
2865 	} else if (bss && wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE) &&
2866 		   (ssid->key_mgmt & WPA_KEY_MGMT_OSEN)) {
2867 		/* No PMKSA caching, but otherwise similar to RSN/WPA */
2868 		wpa_ie_len = max_wpa_ie_len;
2869 		if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
2870 					      wpa_ie, &wpa_ie_len)) {
2871 			wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
2872 				"key management and encryption suites");
2873 			os_free(wpa_ie);
2874 			return NULL;
2875 		}
2876 #endif /* CONFIG_HS20 */
2877 	} else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && bss &&
2878 		   wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) {
2879 		/*
2880 		 * Both WPA and non-WPA IEEE 802.1X enabled in configuration -
2881 		 * use non-WPA since the scan results did not indicate that the
2882 		 * AP is using WPA or WPA2.
2883 		 */
2884 		wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
2885 		wpa_ie_len = 0;
2886 		wpa_s->wpa_proto = 0;
2887 	} else if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) {
2888 		wpa_ie_len = max_wpa_ie_len;
2889 		if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
2890 					      wpa_ie, &wpa_ie_len)) {
2891 			wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
2892 				"key management and encryption suites (no "
2893 				"scan results)");
2894 			os_free(wpa_ie);
2895 			return NULL;
2896 		}
2897 #ifdef CONFIG_WPS
2898 	} else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
2899 		struct wpabuf *wps_ie;
2900 		wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
2901 		if (wps_ie && wpabuf_len(wps_ie) <= max_wpa_ie_len) {
2902 			wpa_ie_len = wpabuf_len(wps_ie);
2903 			os_memcpy(wpa_ie, wpabuf_head(wps_ie), wpa_ie_len);
2904 		} else
2905 			wpa_ie_len = 0;
2906 		wpabuf_free(wps_ie);
2907 		wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
2908 		if (!bss || (bss->caps & IEEE80211_CAP_PRIVACY))
2909 			params->wps = WPS_MODE_PRIVACY;
2910 		else
2911 			params->wps = WPS_MODE_OPEN;
2912 		wpa_s->wpa_proto = 0;
2913 #endif /* CONFIG_WPS */
2914 	} else {
2915 		wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
2916 		wpa_ie_len = 0;
2917 		wpa_s->wpa_proto = 0;
2918 	}
2919 
2920 #ifdef IEEE8021X_EAPOL
2921 	if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
2922 		if (ssid->leap) {
2923 			if (ssid->non_leap == 0)
2924 				algs = WPA_AUTH_ALG_LEAP;
2925 			else
2926 				algs |= WPA_AUTH_ALG_LEAP;
2927 		}
2928 	}
2929 
2930 #ifdef CONFIG_FILS
2931 	/* Clear FILS association */
2932 	wpa_sm_set_reset_fils_completed(wpa_s->wpa, 0);
2933 
2934 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD) &&
2935 	    ssid->eap.erp && wpa_key_mgmt_fils(wpa_s->key_mgmt) &&
2936 	    eapol_sm_get_erp_info(wpa_s->eapol, &ssid->eap, &username,
2937 				  &username_len, &realm, &realm_len,
2938 				  &next_seq_num, &rrk, &rrk_len) == 0 &&
2939 	    (!wpa_s->last_con_fail_realm ||
2940 	     wpa_s->last_con_fail_realm_len != realm_len ||
2941 	     os_memcmp(wpa_s->last_con_fail_realm, realm, realm_len) != 0)) {
2942 		algs = WPA_AUTH_ALG_FILS;
2943 		params->fils_erp_username = username;
2944 		params->fils_erp_username_len = username_len;
2945 		params->fils_erp_realm = realm;
2946 		params->fils_erp_realm_len = realm_len;
2947 		params->fils_erp_next_seq_num = next_seq_num;
2948 		params->fils_erp_rrk = rrk;
2949 		params->fils_erp_rrk_len = rrk_len;
2950 
2951 		if (mask)
2952 			*mask |= WPA_DRV_UPDATE_FILS_ERP_INFO;
2953 	} else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD) &&
2954 		   ssid->eap.erp && wpa_key_mgmt_fils(wpa_s->key_mgmt) &&
2955 		   pmksa_cached) {
2956 		algs = WPA_AUTH_ALG_FILS;
2957 	}
2958 #endif /* CONFIG_FILS */
2959 #endif /* IEEE8021X_EAPOL */
2960 #ifdef CONFIG_SAE
2961 	if (wpa_s->key_mgmt & (WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE))
2962 		algs = WPA_AUTH_ALG_SAE;
2963 #endif /* CONFIG_SAE */
2964 
2965 	wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
2966 	if (ssid->auth_alg) {
2967 		algs = ssid->auth_alg;
2968 		wpa_dbg(wpa_s, MSG_DEBUG,
2969 			"Overriding auth_alg selection: 0x%x", algs);
2970 	}
2971 
2972 #ifdef CONFIG_SAE
2973 	if (pmksa_cached && algs == WPA_AUTH_ALG_SAE) {
2974 		wpa_dbg(wpa_s, MSG_DEBUG,
2975 			"SAE: Use WPA_AUTH_ALG_OPEN for PMKSA caching attempt");
2976 		algs = WPA_AUTH_ALG_OPEN;
2977 	}
2978 #endif /* CONFIG_SAE */
2979 
2980 #ifdef CONFIG_P2P
2981 	if (wpa_s->global->p2p) {
2982 		u8 *pos;
2983 		size_t len;
2984 		int res;
2985 		pos = wpa_ie + wpa_ie_len;
2986 		len = max_wpa_ie_len - wpa_ie_len;
2987 		res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len,
2988 					    ssid->p2p_group);
2989 		if (res >= 0)
2990 			wpa_ie_len += res;
2991 	}
2992 
2993 	wpa_s->cross_connect_disallowed = 0;
2994 	if (bss) {
2995 		struct wpabuf *p2p;
2996 		p2p = wpa_bss_get_vendor_ie_multi(bss, P2P_IE_VENDOR_TYPE);
2997 		if (p2p) {
2998 			wpa_s->cross_connect_disallowed =
2999 				p2p_get_cross_connect_disallowed(p2p);
3000 			wpabuf_free(p2p);
3001 			wpa_dbg(wpa_s, MSG_DEBUG, "P2P: WLAN AP %s cross "
3002 				"connection",
3003 				wpa_s->cross_connect_disallowed ?
3004 				"disallows" : "allows");
3005 		}
3006 	}
3007 
3008 	os_memset(wpa_s->p2p_ip_addr_info, 0, sizeof(wpa_s->p2p_ip_addr_info));
3009 #endif /* CONFIG_P2P */
3010 
3011 	if (bss) {
3012 		wpa_ie_len += wpas_supp_op_class_ie(wpa_s, ssid, bss,
3013 						    wpa_ie + wpa_ie_len,
3014 						    max_wpa_ie_len -
3015 						    wpa_ie_len);
3016 	}
3017 
3018 	/*
3019 	 * Workaround: Add Extended Capabilities element only if the AP
3020 	 * included this element in Beacon/Probe Response frames. Some older
3021 	 * APs seem to have interoperability issues if this element is
3022 	 * included, so while the standard may require us to include the
3023 	 * element in all cases, it is justifiable to skip it to avoid
3024 	 * interoperability issues.
3025 	 */
3026 	if (ssid->p2p_group)
3027 		wpa_drv_get_ext_capa(wpa_s, WPA_IF_P2P_CLIENT);
3028 	else
3029 		wpa_drv_get_ext_capa(wpa_s, WPA_IF_STATION);
3030 
3031 	if (!bss || wpa_bss_get_ie(bss, WLAN_EID_EXT_CAPAB)) {
3032 		u8 ext_capab[18];
3033 		int ext_capab_len;
3034 		ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab,
3035 						     sizeof(ext_capab));
3036 		if (ext_capab_len > 0 &&
3037 		    wpa_ie_len + ext_capab_len <= max_wpa_ie_len) {
3038 			u8 *pos = wpa_ie;
3039 			if (wpa_ie_len > 0 && pos[0] == WLAN_EID_RSN)
3040 				pos += 2 + pos[1];
3041 			os_memmove(pos + ext_capab_len, pos,
3042 				   wpa_ie_len - (pos - wpa_ie));
3043 			wpa_ie_len += ext_capab_len;
3044 			os_memcpy(pos, ext_capab, ext_capab_len);
3045 		}
3046 	}
3047 
3048 #ifdef CONFIG_HS20
3049 	if (is_hs20_config(wpa_s) && is_hs20_network(wpa_s, ssid, bss)) {
3050 		struct wpabuf *hs20;
3051 
3052 		hs20 = wpabuf_alloc(20 + MAX_ROAMING_CONS_OI_LEN);
3053 		if (hs20) {
3054 			int pps_mo_id = hs20_get_pps_mo_id(wpa_s, ssid);
3055 			size_t len;
3056 
3057 			wpas_hs20_add_indication(hs20, pps_mo_id,
3058 						 get_hs20_version(bss));
3059 			wpas_hs20_add_roam_cons_sel(hs20, ssid);
3060 			len = max_wpa_ie_len - wpa_ie_len;
3061 			if (wpabuf_len(hs20) <= len) {
3062 				os_memcpy(wpa_ie + wpa_ie_len,
3063 					  wpabuf_head(hs20), wpabuf_len(hs20));
3064 				wpa_ie_len += wpabuf_len(hs20);
3065 			}
3066 			wpabuf_free(hs20);
3067 		}
3068 	}
3069 	hs20_configure_frame_filters(wpa_s);
3070 #endif /* CONFIG_HS20 */
3071 
3072 	if (wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ]) {
3073 		struct wpabuf *buf = wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ];
3074 		size_t len;
3075 
3076 		len = max_wpa_ie_len - wpa_ie_len;
3077 		if (wpabuf_len(buf) <= len) {
3078 			os_memcpy(wpa_ie + wpa_ie_len,
3079 				  wpabuf_head(buf), wpabuf_len(buf));
3080 			wpa_ie_len += wpabuf_len(buf);
3081 		}
3082 	}
3083 
3084 #ifdef CONFIG_FST
3085 	if (wpa_s->fst_ies) {
3086 		int fst_ies_len = wpabuf_len(wpa_s->fst_ies);
3087 
3088 		if (wpa_ie_len + fst_ies_len <= max_wpa_ie_len) {
3089 			os_memcpy(wpa_ie + wpa_ie_len,
3090 				  wpabuf_head(wpa_s->fst_ies), fst_ies_len);
3091 			wpa_ie_len += fst_ies_len;
3092 		}
3093 	}
3094 #endif /* CONFIG_FST */
3095 
3096 #ifdef CONFIG_MBO
3097 	mbo_ie = bss ? wpa_bss_get_vendor_ie(bss, MBO_IE_VENDOR_TYPE) : NULL;
3098 	if (!wpa_s->disable_mbo_oce && mbo_ie) {
3099 		int len;
3100 
3101 		len = wpas_mbo_ie(wpa_s, wpa_ie + wpa_ie_len,
3102 				  max_wpa_ie_len - wpa_ie_len,
3103 				  !!mbo_attr_from_mbo_ie(mbo_ie,
3104 							 OCE_ATTR_ID_CAPA_IND));
3105 		if (len >= 0)
3106 			wpa_ie_len += len;
3107 	}
3108 #endif /* CONFIG_MBO */
3109 
3110 #ifdef CONFIG_FILS
3111 	if (algs == WPA_AUTH_ALG_FILS) {
3112 		size_t len;
3113 
3114 		len = wpas_add_fils_hlp_req(wpa_s, wpa_ie + wpa_ie_len,
3115 					    max_wpa_ie_len - wpa_ie_len);
3116 		wpa_ie_len += len;
3117 	}
3118 #endif /* CONFIG_FILS */
3119 
3120 #ifdef CONFIG_OWE
3121 #ifdef CONFIG_TESTING_OPTIONS
3122 	if (get_ie_ext(wpa_ie, wpa_ie_len, WLAN_EID_EXT_OWE_DH_PARAM)) {
3123 		wpa_printf(MSG_INFO, "TESTING: Override OWE DH element");
3124 	} else
3125 #endif /* CONFIG_TESTING_OPTIONS */
3126 	if (algs == WPA_AUTH_ALG_OPEN &&
3127 	    ssid->key_mgmt == WPA_KEY_MGMT_OWE) {
3128 		struct wpabuf *owe_ie;
3129 		u16 group;
3130 
3131 		if (ssid->owe_group) {
3132 			group = ssid->owe_group;
3133 		} else if (wpa_s->assoc_status_code ==
3134 			   WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED) {
3135 			if (wpa_s->last_owe_group == 19)
3136 				group = 20;
3137 			else if (wpa_s->last_owe_group == 20)
3138 				group = 21;
3139 			else
3140 				group = OWE_DH_GROUP;
3141 		} else {
3142 			group = OWE_DH_GROUP;
3143 		}
3144 
3145 		wpa_s->last_owe_group = group;
3146 		wpa_printf(MSG_DEBUG, "OWE: Try to use group %u", group);
3147 		owe_ie = owe_build_assoc_req(wpa_s->wpa, group);
3148 		if (owe_ie &&
3149 		    wpabuf_len(owe_ie) <= max_wpa_ie_len - wpa_ie_len) {
3150 			os_memcpy(wpa_ie + wpa_ie_len,
3151 				  wpabuf_head(owe_ie), wpabuf_len(owe_ie));
3152 			wpa_ie_len += wpabuf_len(owe_ie);
3153 		}
3154 		wpabuf_free(owe_ie);
3155 	}
3156 #endif /* CONFIG_OWE */
3157 
3158 #ifdef CONFIG_DPP2
3159 	if (DPP_VERSION > 1 &&
3160 	    wpa_sm_get_key_mgmt(wpa_s->wpa) == WPA_KEY_MGMT_DPP &&
3161 	    ssid->dpp_netaccesskey &&
3162 	    ssid->dpp_pfs != 2 && !ssid->dpp_pfs_fallback) {
3163 		struct rsn_pmksa_cache_entry *pmksa;
3164 
3165 		pmksa = pmksa_cache_get_current(wpa_s->wpa);
3166 		if (!pmksa || !pmksa->dpp_pfs)
3167 			goto pfs_fail;
3168 
3169 		dpp_pfs_free(wpa_s->dpp_pfs);
3170 		wpa_s->dpp_pfs = dpp_pfs_init(ssid->dpp_netaccesskey,
3171 					      ssid->dpp_netaccesskey_len);
3172 		if (!wpa_s->dpp_pfs) {
3173 			wpa_printf(MSG_DEBUG, "DPP: Could not initialize PFS");
3174 			/* Try to continue without PFS */
3175 			goto pfs_fail;
3176 		}
3177 		if (wpabuf_len(wpa_s->dpp_pfs->ie) <=
3178 		    max_wpa_ie_len - wpa_ie_len) {
3179 			os_memcpy(wpa_ie + wpa_ie_len,
3180 				  wpabuf_head(wpa_s->dpp_pfs->ie),
3181 				  wpabuf_len(wpa_s->dpp_pfs->ie));
3182 			wpa_ie_len += wpabuf_len(wpa_s->dpp_pfs->ie);
3183 		}
3184 	}
3185 pfs_fail:
3186 #endif /* CONFIG_DPP2 */
3187 
3188 #ifdef CONFIG_IEEE80211R
3189 	/*
3190 	 * Add MDIE under these conditions: the network profile allows FT,
3191 	 * the AP supports FT, and the mobility domain ID matches.
3192 	 */
3193 	if (bss && wpa_key_mgmt_ft(wpa_sm_get_key_mgmt(wpa_s->wpa))) {
3194 		const u8 *mdie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
3195 
3196 		if (mdie && mdie[1] >= MOBILITY_DOMAIN_ID_LEN) {
3197 			size_t len = 0;
3198 			const u8 *md = mdie + 2;
3199 			const u8 *wpa_md = wpa_sm_get_ft_md(wpa_s->wpa);
3200 
3201 			if (os_memcmp(md, wpa_md,
3202 				      MOBILITY_DOMAIN_ID_LEN) == 0) {
3203 				/* Add mobility domain IE */
3204 				len = wpa_ft_add_mdie(
3205 					wpa_s->wpa, wpa_ie + wpa_ie_len,
3206 					max_wpa_ie_len - wpa_ie_len, mdie);
3207 				wpa_ie_len += len;
3208 			}
3209 #ifdef CONFIG_SME
3210 			if (len > 0 && wpa_s->sme.ft_used &&
3211 			    wpa_sm_has_ptk(wpa_s->wpa)) {
3212 				wpa_dbg(wpa_s, MSG_DEBUG,
3213 					"SME: Trying to use FT over-the-air");
3214 				algs |= WPA_AUTH_ALG_FT;
3215 			}
3216 #endif /* CONFIG_SME */
3217 		}
3218 	}
3219 #endif /* CONFIG_IEEE80211R */
3220 
3221 #ifdef CONFIG_TESTING_OPTIONS
3222 	if (wpa_s->rsnxe_override_assoc &&
3223 	    wpabuf_len(wpa_s->rsnxe_override_assoc) <=
3224 	    max_wpa_ie_len - wpa_ie_len) {
3225 		wpa_printf(MSG_DEBUG, "TESTING: RSNXE AssocReq override");
3226 		os_memcpy(wpa_ie + wpa_ie_len,
3227 			  wpabuf_head(wpa_s->rsnxe_override_assoc),
3228 			  wpabuf_len(wpa_s->rsnxe_override_assoc));
3229 		wpa_ie_len += wpabuf_len(wpa_s->rsnxe_override_assoc);
3230 	} else
3231 #endif /* CONFIG_TESTING_OPTIONS */
3232 	if (wpa_s->rsnxe_len > 0 &&
3233 	    wpa_s->rsnxe_len <= max_wpa_ie_len - wpa_ie_len) {
3234 		os_memcpy(wpa_ie + wpa_ie_len, wpa_s->rsnxe, wpa_s->rsnxe_len);
3235 		wpa_ie_len += wpa_s->rsnxe_len;
3236 	}
3237 
3238 	if (wpa_bss_ext_capab(bss, WLAN_EXT_CAPAB_MSCS) &&
3239 	    wpa_s->robust_av.valid_config) {
3240 		struct wpabuf *mscs_ie;
3241 		size_t mscs_ie_len, buf_len;
3242 
3243 		buf_len = 3 +	/* MSCS descriptor IE header */
3244 			  1 +	/* Request type */
3245 			  2 +	/* User priority control */
3246 			  4 +	/* Stream timeout */
3247 			  3 +	/* TCLAS Mask IE header */
3248 			  wpa_s->robust_av.frame_classifier_len;
3249 		mscs_ie = wpabuf_alloc(buf_len);
3250 		if (!mscs_ie) {
3251 			wpa_printf(MSG_INFO,
3252 				   "MSCS: Failed to allocate MSCS IE");
3253 			goto mscs_fail;
3254 		}
3255 
3256 		wpas_populate_mscs_descriptor_ie(&wpa_s->robust_av, mscs_ie);
3257 		if ((wpa_ie_len + wpabuf_len(mscs_ie)) <= max_wpa_ie_len) {
3258 			wpa_hexdump_buf(MSG_MSGDUMP, "MSCS IE", mscs_ie);
3259 			mscs_ie_len = wpabuf_len(mscs_ie);
3260 			os_memcpy(wpa_ie + wpa_ie_len, wpabuf_head(mscs_ie),
3261 				  mscs_ie_len);
3262 			wpa_ie_len += mscs_ie_len;
3263 		}
3264 
3265 		wpabuf_free(mscs_ie);
3266 	}
3267 mscs_fail:
3268 
3269 	if (ssid->multi_ap_backhaul_sta) {
3270 		size_t multi_ap_ie_len;
3271 
3272 		multi_ap_ie_len = add_multi_ap_ie(wpa_ie + wpa_ie_len,
3273 						  max_wpa_ie_len - wpa_ie_len,
3274 						  MULTI_AP_BACKHAUL_STA);
3275 		if (multi_ap_ie_len == 0) {
3276 			wpa_printf(MSG_ERROR,
3277 				   "Multi-AP: Failed to build Multi-AP IE");
3278 			os_free(wpa_ie);
3279 			return NULL;
3280 		}
3281 		wpa_ie_len += multi_ap_ie_len;
3282 	}
3283 
3284 	params->wpa_ie = wpa_ie;
3285 	params->wpa_ie_len = wpa_ie_len;
3286 	params->auth_alg = algs;
3287 	if (mask)
3288 		*mask |= WPA_DRV_UPDATE_ASSOC_IES | WPA_DRV_UPDATE_AUTH_TYPE;
3289 
3290 	return wpa_ie;
3291 }
3292 
3293 
3294 #ifdef CONFIG_OWE
wpas_update_owe_connect_params(struct wpa_supplicant * wpa_s)3295 static void wpas_update_owe_connect_params(struct wpa_supplicant *wpa_s)
3296 {
3297 	struct wpa_driver_associate_params params;
3298 	u8 *wpa_ie;
3299 
3300 	os_memset(&params, 0, sizeof(params));
3301 	wpa_ie = wpas_populate_assoc_ies(wpa_s, wpa_s->current_bss,
3302 					 wpa_s->current_ssid, &params, NULL);
3303 	if (!wpa_ie)
3304 		return;
3305 
3306 	wpa_drv_update_connect_params(wpa_s, &params, WPA_DRV_UPDATE_ASSOC_IES);
3307 	os_free(wpa_ie);
3308 }
3309 #endif /* CONFIG_OWE */
3310 
3311 
3312 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
wpas_update_fils_connect_params(struct wpa_supplicant * wpa_s)3313 static void wpas_update_fils_connect_params(struct wpa_supplicant *wpa_s)
3314 {
3315 	struct wpa_driver_associate_params params;
3316 	enum wpa_drv_update_connect_params_mask mask = 0;
3317 	u8 *wpa_ie;
3318 
3319 	if (wpa_s->auth_alg != WPA_AUTH_ALG_OPEN)
3320 		return; /* nothing to do */
3321 
3322 	os_memset(&params, 0, sizeof(params));
3323 	wpa_ie = wpas_populate_assoc_ies(wpa_s, wpa_s->current_bss,
3324 					 wpa_s->current_ssid, &params, &mask);
3325 	if (!wpa_ie)
3326 		return;
3327 
3328 	if (params.auth_alg != WPA_AUTH_ALG_FILS) {
3329 		os_free(wpa_ie);
3330 		return;
3331 	}
3332 
3333 	wpa_s->auth_alg = params.auth_alg;
3334 	wpa_drv_update_connect_params(wpa_s, &params, mask);
3335 	os_free(wpa_ie);
3336 }
3337 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
3338 
3339 
wpa_ie_get_edmg_oper_chans(const u8 * edmg_ie)3340 static u8 wpa_ie_get_edmg_oper_chans(const u8 *edmg_ie)
3341 {
3342 	if (!edmg_ie || edmg_ie[1] < 6)
3343 		return 0;
3344 	return edmg_ie[EDMG_BSS_OPERATING_CHANNELS_OFFSET];
3345 }
3346 
3347 
wpa_ie_get_edmg_oper_chan_width(const u8 * edmg_ie)3348 static u8 wpa_ie_get_edmg_oper_chan_width(const u8 *edmg_ie)
3349 {
3350 	if (!edmg_ie || edmg_ie[1] < 6)
3351 		return 0;
3352 	return edmg_ie[EDMG_OPERATING_CHANNEL_WIDTH_OFFSET];
3353 }
3354 
3355 
3356 /* Returns the intersection of two EDMG configurations.
3357  * Note: The current implementation is limited to CB2 only (CB1 included),
3358  * i.e., the implementation supports up to 2 contiguous channels.
3359  * For supporting non-contiguous (aggregated) channels and for supporting
3360  * CB3 and above, this function will need to be extended.
3361  */
3362 static struct ieee80211_edmg_config
get_edmg_intersection(struct ieee80211_edmg_config a,struct ieee80211_edmg_config b,u8 primary_channel)3363 get_edmg_intersection(struct ieee80211_edmg_config a,
3364 		      struct ieee80211_edmg_config b,
3365 		      u8 primary_channel)
3366 {
3367 	struct ieee80211_edmg_config result;
3368 	int i, contiguous = 0;
3369 	int max_contiguous = 0;
3370 
3371 	result.channels = b.channels & a.channels;
3372 	if (!result.channels) {
3373 		wpa_printf(MSG_DEBUG,
3374 			   "EDMG not possible: cannot intersect channels 0x%x and 0x%x",
3375 			   a.channels, b.channels);
3376 		goto fail;
3377 	}
3378 
3379 	if (!(result.channels & BIT(primary_channel - 1))) {
3380 		wpa_printf(MSG_DEBUG,
3381 			   "EDMG not possible: the primary channel %d is not one of the intersected channels 0x%x",
3382 			   primary_channel, result.channels);
3383 		goto fail;
3384 	}
3385 
3386 	/* Find max contiguous channels */
3387 	for (i = 0; i < 6; i++) {
3388 		if (result.channels & BIT(i))
3389 			contiguous++;
3390 		else
3391 			contiguous = 0;
3392 
3393 		if (contiguous > max_contiguous)
3394 			max_contiguous = contiguous;
3395 	}
3396 
3397 	/* Assuming AP and STA supports ONLY contiguous channels,
3398 	 * bw configuration can have value between 4-7.
3399 	 */
3400 	if ((b.bw_config < a.bw_config))
3401 		result.bw_config = b.bw_config;
3402 	else
3403 		result.bw_config = a.bw_config;
3404 
3405 	if ((max_contiguous >= 2 && result.bw_config < EDMG_BW_CONFIG_5) ||
3406 	    (max_contiguous >= 1 && result.bw_config < EDMG_BW_CONFIG_4)) {
3407 		wpa_printf(MSG_DEBUG,
3408 			   "EDMG not possible: not enough contiguous channels %d for supporting CB1 or CB2",
3409 			   max_contiguous);
3410 		goto fail;
3411 	}
3412 
3413 	return result;
3414 
3415 fail:
3416 	result.channels = 0;
3417 	result.bw_config = 0;
3418 	return result;
3419 }
3420 
3421 
3422 static struct ieee80211_edmg_config
get_supported_edmg(struct wpa_supplicant * wpa_s,struct hostapd_freq_params * freq,struct ieee80211_edmg_config request_edmg)3423 get_supported_edmg(struct wpa_supplicant *wpa_s,
3424 		   struct hostapd_freq_params *freq,
3425 		   struct ieee80211_edmg_config request_edmg)
3426 {
3427 	enum hostapd_hw_mode hw_mode;
3428 	struct hostapd_hw_modes *mode = NULL;
3429 	u8 primary_channel;
3430 
3431 	if (!wpa_s->hw.modes)
3432 		goto fail;
3433 
3434 	hw_mode = ieee80211_freq_to_chan(freq->freq, &primary_channel);
3435 	if (hw_mode == NUM_HOSTAPD_MODES)
3436 		goto fail;
3437 
3438 	mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes, hw_mode, false);
3439 	if (!mode)
3440 		goto fail;
3441 
3442 	return get_edmg_intersection(mode->edmg, request_edmg, primary_channel);
3443 
3444 fail:
3445 	request_edmg.channels = 0;
3446 	request_edmg.bw_config = 0;
3447 	return request_edmg;
3448 }
3449 
3450 
3451 #ifdef CONFIG_MBO
wpas_update_mbo_connect_params(struct wpa_supplicant * wpa_s)3452 void wpas_update_mbo_connect_params(struct wpa_supplicant *wpa_s)
3453 {
3454 	struct wpa_driver_associate_params params;
3455 	u8 *wpa_ie;
3456 
3457 	/*
3458 	 * Update MBO connect params only in case of change of MBO attributes
3459 	 * when connected, if the AP support MBO.
3460 	 */
3461 
3462 	if (wpa_s->wpa_state != WPA_COMPLETED || !wpa_s->current_ssid ||
3463 	    !wpa_s->current_bss ||
3464 	    !wpa_bss_get_vendor_ie(wpa_s->current_bss, MBO_IE_VENDOR_TYPE))
3465 		return;
3466 
3467 	os_memset(&params, 0, sizeof(params));
3468 	wpa_ie = wpas_populate_assoc_ies(wpa_s, wpa_s->current_bss,
3469 					 wpa_s->current_ssid, &params, NULL);
3470 	if (!wpa_ie)
3471 		return;
3472 
3473 	wpa_drv_update_connect_params(wpa_s, &params, WPA_DRV_UPDATE_ASSOC_IES);
3474 	os_free(wpa_ie);
3475 }
3476 #endif /* CONFIG_MBO */
3477 
3478 
wpas_start_assoc_cb(struct wpa_radio_work * work,int deinit)3479 static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
3480 {
3481 	struct wpa_connect_work *cwork = work->ctx;
3482 	struct wpa_bss *bss = cwork->bss;
3483 	struct wpa_ssid *ssid = cwork->ssid;
3484 	struct wpa_supplicant *wpa_s = work->wpa_s;
3485 	u8 *wpa_ie;
3486 	const u8 *edmg_ie_oper;
3487 	int use_crypt, ret, bssid_changed;
3488 	unsigned int cipher_pairwise, cipher_group, cipher_group_mgmt;
3489 	struct wpa_driver_associate_params params;
3490 #if defined(CONFIG_WEP) || defined(IEEE8021X_EAPOL)
3491 	int wep_keys_set = 0;
3492 #endif /* CONFIG_WEP || IEEE8021X_EAPOL */
3493 	int assoc_failed = 0;
3494 	struct wpa_ssid *old_ssid;
3495 	u8 prev_bssid[ETH_ALEN];
3496 #ifdef CONFIG_HT_OVERRIDES
3497 	struct ieee80211_ht_capabilities htcaps;
3498 	struct ieee80211_ht_capabilities htcaps_mask;
3499 #endif /* CONFIG_HT_OVERRIDES */
3500 #ifdef CONFIG_VHT_OVERRIDES
3501        struct ieee80211_vht_capabilities vhtcaps;
3502        struct ieee80211_vht_capabilities vhtcaps_mask;
3503 #endif /* CONFIG_VHT_OVERRIDES */
3504 
3505 	if (deinit) {
3506 		if (work->started) {
3507 			wpa_s->connect_work = NULL;
3508 
3509 			/* cancel possible auth. timeout */
3510 			eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s,
3511 					     NULL);
3512 		}
3513 		wpas_connect_work_free(cwork);
3514 		return;
3515 	}
3516 
3517 	wpa_s->connect_work = work;
3518 
3519 	if (cwork->bss_removed || !wpas_valid_bss_ssid(wpa_s, bss, ssid) ||
3520 	    wpas_network_disabled(wpa_s, ssid)) {
3521 		wpa_dbg(wpa_s, MSG_DEBUG, "BSS/SSID entry for association not valid anymore - drop connection attempt");
3522 		wpas_connect_work_done(wpa_s);
3523 		return;
3524 	}
3525 
3526 	os_memcpy(prev_bssid, wpa_s->bssid, ETH_ALEN);
3527 	os_memset(&params, 0, sizeof(params));
3528 	wpa_s->reassociate = 0;
3529 	wpa_s->eap_expected_failure = 0;
3530 
3531 	/* Starting new association, so clear the possibly used WPA IE from the
3532 	 * previous association. */
3533 	wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
3534 	wpa_sm_set_assoc_rsnxe(wpa_s->wpa, NULL, 0);
3535 	wpa_s->rsnxe_len = 0;
3536 	wpa_s->mscs_setup_done = false;
3537 
3538 	wpa_ie = wpas_populate_assoc_ies(wpa_s, bss, ssid, &params, NULL);
3539 	if (!wpa_ie) {
3540 		wpas_connect_work_done(wpa_s);
3541 		return;
3542 	}
3543 
3544 	if (bss &&
3545 	    (!wpas_driver_bss_selection(wpa_s) || wpas_wps_searching(wpa_s))) {
3546 #ifdef CONFIG_IEEE80211R
3547 		const u8 *ie, *md = NULL;
3548 #endif /* CONFIG_IEEE80211R */
3549 		wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
3550 			" (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
3551 			wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
3552 		bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
3553 		os_memset(wpa_s->bssid, 0, ETH_ALEN);
3554 		os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
3555 		if (bssid_changed)
3556 			wpas_notify_bssid_changed(wpa_s);
3557 #ifdef CONFIG_IEEE80211R
3558 		ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
3559 		if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
3560 			md = ie + 2;
3561 		wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
3562 		if (md) {
3563 			/* Prepare for the next transition */
3564 			wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
3565 		}
3566 #endif /* CONFIG_IEEE80211R */
3567 #ifdef CONFIG_WPS
3568 	} else if ((ssid->ssid == NULL || ssid->ssid_len == 0) &&
3569 		   wpa_s->conf->ap_scan == 2 &&
3570 		   (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
3571 		/* Use ap_scan==1 style network selection to find the network
3572 		 */
3573 		wpas_connect_work_done(wpa_s);
3574 		wpa_s->scan_req = MANUAL_SCAN_REQ;
3575 		wpa_s->reassociate = 1;
3576 		wpa_supplicant_req_scan(wpa_s, 0, 0);
3577 		return;
3578 #endif /* CONFIG_WPS */
3579 	} else {
3580 		wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
3581 			wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
3582 		if (bss)
3583 			os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
3584 		else
3585 			os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
3586 	}
3587 	if (!wpa_s->pno)
3588 		wpa_supplicant_cancel_sched_scan(wpa_s);
3589 
3590 	wpa_supplicant_cancel_scan(wpa_s);
3591 
3592 	wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
3593 	use_crypt = 1;
3594 	cipher_pairwise = wpa_s->pairwise_cipher;
3595 	cipher_group = wpa_s->group_cipher;
3596 	cipher_group_mgmt = wpa_s->mgmt_group_cipher;
3597 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
3598 	    wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
3599 		if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
3600 			use_crypt = 0;
3601 #ifdef CONFIG_WEP
3602 		if (wpa_set_wep_keys(wpa_s, ssid)) {
3603 			use_crypt = 1;
3604 			wep_keys_set = 1;
3605 		}
3606 #endif /* CONFIG_WEP */
3607 	}
3608 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS)
3609 		use_crypt = 0;
3610 
3611 #ifdef IEEE8021X_EAPOL
3612 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
3613 		if ((ssid->eapol_flags &
3614 		     (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
3615 		      EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
3616 		    !wep_keys_set) {
3617 			use_crypt = 0;
3618 		} else {
3619 			/* Assume that dynamic WEP-104 keys will be used and
3620 			 * set cipher suites in order for drivers to expect
3621 			 * encryption. */
3622 			cipher_pairwise = cipher_group = WPA_CIPHER_WEP104;
3623 		}
3624 	}
3625 #endif /* IEEE8021X_EAPOL */
3626 
3627 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
3628 		/* Set the key before (and later after) association */
3629 		wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
3630 	}
3631 
3632 	wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
3633 	if (bss) {
3634 		params.ssid = bss->ssid;
3635 		params.ssid_len = bss->ssid_len;
3636 		if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set ||
3637 		    wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
3638 			wpa_printf(MSG_DEBUG, "Limit connection to BSSID "
3639 				   MACSTR " freq=%u MHz based on scan results "
3640 				   "(bssid_set=%d wps=%d)",
3641 				   MAC2STR(bss->bssid), bss->freq,
3642 				   ssid->bssid_set,
3643 				   wpa_s->key_mgmt == WPA_KEY_MGMT_WPS);
3644 			params.bssid = bss->bssid;
3645 			params.freq.freq = bss->freq;
3646 		}
3647 		params.bssid_hint = bss->bssid;
3648 		params.freq_hint = bss->freq;
3649 		params.pbss = bss_is_pbss(bss);
3650 	} else {
3651 		if (ssid->bssid_hint_set)
3652 			params.bssid_hint = ssid->bssid_hint;
3653 
3654 		params.ssid = ssid->ssid;
3655 		params.ssid_len = ssid->ssid_len;
3656 		params.pbss = (ssid->pbss != 2) ? ssid->pbss : 0;
3657 	}
3658 
3659 	if (ssid->mode == WPAS_MODE_IBSS && ssid->bssid_set &&
3660 	    wpa_s->conf->ap_scan == 2) {
3661 		params.bssid = ssid->bssid;
3662 		params.fixed_bssid = 1;
3663 	}
3664 
3665 	/* Initial frequency for IBSS/mesh */
3666 	if ((ssid->mode == WPAS_MODE_IBSS || ssid->mode == WPAS_MODE_MESH) &&
3667 	    ssid->frequency > 0 && params.freq.freq == 0)
3668 		ibss_mesh_setup_freq(wpa_s, ssid, &params.freq);
3669 
3670 	if (ssid->mode == WPAS_MODE_IBSS) {
3671 		params.fixed_freq = ssid->fixed_freq;
3672 		if (ssid->beacon_int)
3673 			params.beacon_int = ssid->beacon_int;
3674 		else
3675 			params.beacon_int = wpa_s->conf->beacon_int;
3676 	}
3677 
3678 	if (bss && ssid->enable_edmg)
3679 		edmg_ie_oper = wpa_bss_get_ie_ext(bss,
3680 						  WLAN_EID_EXT_EDMG_OPERATION);
3681 	else
3682 		edmg_ie_oper = NULL;
3683 
3684 	if (edmg_ie_oper) {
3685 		params.freq.edmg.channels =
3686 			wpa_ie_get_edmg_oper_chans(edmg_ie_oper);
3687 		params.freq.edmg.bw_config =
3688 			wpa_ie_get_edmg_oper_chan_width(edmg_ie_oper);
3689 		wpa_printf(MSG_DEBUG,
3690 			   "AP supports EDMG channels 0x%x, bw_config %d",
3691 			   params.freq.edmg.channels,
3692 			   params.freq.edmg.bw_config);
3693 
3694 		/* User may ask for specific EDMG channel for EDMG connection
3695 		 * (must be supported by AP)
3696 		 */
3697 		if (ssid->edmg_channel) {
3698 			struct ieee80211_edmg_config configured_edmg;
3699 			enum hostapd_hw_mode hw_mode;
3700 			u8 primary_channel;
3701 
3702 			hw_mode = ieee80211_freq_to_chan(bss->freq,
3703 							 &primary_channel);
3704 			if (hw_mode == NUM_HOSTAPD_MODES)
3705 				goto edmg_fail;
3706 
3707 			hostapd_encode_edmg_chan(ssid->enable_edmg,
3708 						 ssid->edmg_channel,
3709 						 primary_channel,
3710 						 &configured_edmg);
3711 
3712 			if (ieee802_edmg_is_allowed(params.freq.edmg,
3713 						    configured_edmg)) {
3714 				params.freq.edmg = configured_edmg;
3715 				wpa_printf(MSG_DEBUG,
3716 					   "Use EDMG channel %d for connection",
3717 					   ssid->edmg_channel);
3718 			} else {
3719 			edmg_fail:
3720 				params.freq.edmg.channels = 0;
3721 				params.freq.edmg.bw_config = 0;
3722 				wpa_printf(MSG_WARNING,
3723 					   "EDMG channel %d not supported by AP, fallback to DMG",
3724 					   ssid->edmg_channel);
3725 			}
3726 		}
3727 
3728 		if (params.freq.edmg.channels) {
3729 			wpa_printf(MSG_DEBUG,
3730 				   "EDMG before: channels 0x%x, bw_config %d",
3731 				   params.freq.edmg.channels,
3732 				   params.freq.edmg.bw_config);
3733 			params.freq.edmg = get_supported_edmg(wpa_s,
3734 							      &params.freq,
3735 							      params.freq.edmg);
3736 			wpa_printf(MSG_DEBUG,
3737 				   "EDMG after: channels 0x%x, bw_config %d",
3738 				   params.freq.edmg.channels,
3739 				   params.freq.edmg.bw_config);
3740 		}
3741 	}
3742 
3743 	params.pairwise_suite = cipher_pairwise;
3744 	params.group_suite = cipher_group;
3745 	params.mgmt_group_suite = cipher_group_mgmt;
3746 	params.key_mgmt_suite = wpa_s->key_mgmt;
3747 	params.wpa_proto = wpa_s->wpa_proto;
3748 	wpa_s->auth_alg = params.auth_alg;
3749 	params.mode = ssid->mode;
3750 	params.bg_scan_period = ssid->bg_scan_period;
3751 #ifdef CONFIG_WEP
3752 	{
3753 		int i;
3754 
3755 		for (i = 0; i < NUM_WEP_KEYS; i++) {
3756 			if (ssid->wep_key_len[i])
3757 				params.wep_key[i] = ssid->wep_key[i];
3758 			params.wep_key_len[i] = ssid->wep_key_len[i];
3759 		}
3760 		params.wep_tx_keyidx = ssid->wep_tx_keyidx;
3761 	}
3762 #endif /* CONFIG_WEP */
3763 
3764 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) &&
3765 	    (params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
3766 	     params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK)) {
3767 		params.passphrase = ssid->passphrase;
3768 		if (ssid->psk_set)
3769 			params.psk = ssid->psk;
3770 	}
3771 
3772 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X) &&
3773 	    (params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
3774 	     params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
3775 	     params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
3776 	     params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192))
3777 		params.req_handshake_offload = 1;
3778 
3779 	if (wpa_s->conf->key_mgmt_offload) {
3780 		if (params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
3781 		    params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
3782 		    params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
3783 		    params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
3784 			params.req_key_mgmt_offload =
3785 				ssid->proactive_key_caching < 0 ?
3786 				wpa_s->conf->okc : ssid->proactive_key_caching;
3787 		else
3788 			params.req_key_mgmt_offload = 1;
3789 
3790 		if ((params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
3791 		     params.key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256 ||
3792 		     params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK) &&
3793 		    ssid->psk_set)
3794 			params.psk = ssid->psk;
3795 	}
3796 
3797 	params.drop_unencrypted = use_crypt;
3798 
3799 	params.mgmt_frame_protection = wpas_get_ssid_pmf(wpa_s, ssid);
3800 	if (params.mgmt_frame_protection != NO_MGMT_FRAME_PROTECTION && bss) {
3801 		const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
3802 		struct wpa_ie_data ie;
3803 		if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ie) == 0 &&
3804 		    ie.capabilities &
3805 		    (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
3806 			wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected AP supports "
3807 				"MFP: require MFP");
3808 			params.mgmt_frame_protection =
3809 				MGMT_FRAME_PROTECTION_REQUIRED;
3810 #ifdef CONFIG_OWE
3811 		} else if (!rsn && (ssid->key_mgmt & WPA_KEY_MGMT_OWE) &&
3812 			   !ssid->owe_only) {
3813 			params.mgmt_frame_protection = NO_MGMT_FRAME_PROTECTION;
3814 #endif /* CONFIG_OWE */
3815 		}
3816 	}
3817 
3818 	params.p2p = ssid->p2p_group;
3819 
3820 	if (wpa_s->p2pdev->set_sta_uapsd)
3821 		params.uapsd = wpa_s->p2pdev->sta_uapsd;
3822 	else
3823 		params.uapsd = -1;
3824 
3825 #ifdef CONFIG_HT_OVERRIDES
3826 	os_memset(&htcaps, 0, sizeof(htcaps));
3827 	os_memset(&htcaps_mask, 0, sizeof(htcaps_mask));
3828 	params.htcaps = (u8 *) &htcaps;
3829 	params.htcaps_mask = (u8 *) &htcaps_mask;
3830 	wpa_supplicant_apply_ht_overrides(wpa_s, ssid, &params);
3831 #endif /* CONFIG_HT_OVERRIDES */
3832 #ifdef CONFIG_VHT_OVERRIDES
3833 	os_memset(&vhtcaps, 0, sizeof(vhtcaps));
3834 	os_memset(&vhtcaps_mask, 0, sizeof(vhtcaps_mask));
3835 	params.vhtcaps = &vhtcaps;
3836 	params.vhtcaps_mask = &vhtcaps_mask;
3837 	wpa_supplicant_apply_vht_overrides(wpa_s, ssid, &params);
3838 #endif /* CONFIG_VHT_OVERRIDES */
3839 #ifdef CONFIG_HE_OVERRIDES
3840 	wpa_supplicant_apply_he_overrides(wpa_s, ssid, &params);
3841 #endif /* CONFIG_HE_OVERRIDES */
3842 
3843 #ifdef CONFIG_P2P
3844 	/*
3845 	 * If multi-channel concurrency is not supported, check for any
3846 	 * frequency conflict. In case of any frequency conflict, remove the
3847 	 * least prioritized connection.
3848 	 */
3849 	if (wpa_s->num_multichan_concurrent < 2) {
3850 		int freq, num;
3851 		num = get_shared_radio_freqs(wpa_s, &freq, 1);
3852 		if (num > 0 && freq > 0 && freq != params.freq.freq) {
3853 			wpa_printf(MSG_DEBUG,
3854 				   "Assoc conflicting freq found (%d != %d)",
3855 				   freq, params.freq.freq);
3856 			if (wpas_p2p_handle_frequency_conflicts(
3857 				    wpa_s, params.freq.freq, ssid) < 0) {
3858 				wpas_connect_work_done(wpa_s);
3859 				os_free(wpa_ie);
3860 				return;
3861 			}
3862 		}
3863 	}
3864 #endif /* CONFIG_P2P */
3865 
3866 	if (wpa_s->reassoc_same_ess && !is_zero_ether_addr(prev_bssid) &&
3867 	    wpa_s->current_ssid)
3868 		params.prev_bssid = prev_bssid;
3869 
3870 #ifdef CONFIG_SAE
3871 	params.sae_pwe = wpa_s->conf->sae_pwe;
3872 #endif /* CONFIG_SAE */
3873 
3874 	ret = wpa_drv_associate(wpa_s, &params);
3875 	os_free(wpa_ie);
3876 	if (ret < 0) {
3877 		wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
3878 			"failed");
3879 		if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SANE_ERROR_CODES) {
3880 			/*
3881 			 * The driver is known to mean what is saying, so we
3882 			 * can stop right here; the association will not
3883 			 * succeed.
3884 			 */
3885 			wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
3886 			wpa_s->assoc_status_code = WLAN_STATUS_UNSPECIFIED_FAILURE;
3887 			wpas_notify_assoc_status_code(wpa_s, wpa_s->pending_bssid, 0, NULL, 0);
3888 			wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
3889 			os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
3890 			return;
3891 		}
3892 		/* try to continue anyway; new association will be tried again
3893 		 * after timeout */
3894 		assoc_failed = 1;
3895 	}
3896 
3897 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
3898 		/* Set the key after the association just in case association
3899 		 * cleared the previously configured key. */
3900 		wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
3901 		/* No need to timeout authentication since there is no key
3902 		 * management. */
3903 		wpa_supplicant_cancel_auth_timeout(wpa_s);
3904 		wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
3905 #ifdef CONFIG_IBSS_RSN
3906 	} else if (ssid->mode == WPAS_MODE_IBSS &&
3907 		   wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
3908 		   wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
3909 		/*
3910 		 * RSN IBSS authentication is per-STA and we can disable the
3911 		 * per-BSSID authentication.
3912 		 */
3913 		wpa_supplicant_cancel_auth_timeout(wpa_s);
3914 #endif /* CONFIG_IBSS_RSN */
3915 	} else {
3916 		/* Timeout for IEEE 802.11 authentication and association */
3917 		int timeout = 60;
3918 
3919 		if (assoc_failed) {
3920 			/* give IBSS a bit more time */
3921 			timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5;
3922 		} else if (wpa_s->conf->ap_scan == 1) {
3923 			/* give IBSS a bit more time */
3924 			timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
3925 		}
3926 		wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
3927 	}
3928 
3929 #ifdef CONFIG_WEP
3930 	if (wep_keys_set &&
3931 	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC)) {
3932 		/* Set static WEP keys again */
3933 		wpa_set_wep_keys(wpa_s, ssid);
3934 	}
3935 #endif /* CONFIG_WEP */
3936 
3937 	if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
3938 		/*
3939 		 * Do not allow EAP session resumption between different
3940 		 * network configurations.
3941 		 */
3942 		eapol_sm_invalidate_cached_session(wpa_s->eapol);
3943 	}
3944 	old_ssid = wpa_s->current_ssid;
3945 	wpa_s->current_ssid = ssid;
3946 
3947 	if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set) {
3948 		wpa_s->current_bss = bss;
3949 #ifdef CONFIG_HS20
3950 		hs20_configure_frame_filters(wpa_s);
3951 #endif /* CONFIG_HS20 */
3952 	}
3953 
3954 	wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
3955 	wpa_supplicant_initiate_eapol(wpa_s);
3956 	if (old_ssid != wpa_s->current_ssid)
3957 		wpas_notify_network_changed(wpa_s);
3958 }
3959 
3960 
wpa_supplicant_clear_connection(struct wpa_supplicant * wpa_s,const u8 * addr)3961 static void wpa_supplicant_clear_connection(struct wpa_supplicant *wpa_s,
3962 					    const u8 *addr)
3963 {
3964 	struct wpa_ssid *old_ssid;
3965 
3966 	wpas_connect_work_done(wpa_s);
3967 	wpa_clear_keys(wpa_s, addr);
3968 	old_ssid = wpa_s->current_ssid;
3969 	wpa_supplicant_mark_disassoc(wpa_s);
3970 	wpa_sm_set_config(wpa_s->wpa, NULL);
3971 	eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
3972 	if (old_ssid != wpa_s->current_ssid)
3973 		wpas_notify_network_changed(wpa_s);
3974 	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
3975 }
3976 
3977 
3978 /**
3979  * wpa_supplicant_deauthenticate - Deauthenticate the current connection
3980  * @wpa_s: Pointer to wpa_supplicant data
3981  * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
3982  *
3983  * This function is used to request %wpa_supplicant to deauthenticate from the
3984  * current AP.
3985  */
wpa_supplicant_deauthenticate(struct wpa_supplicant * wpa_s,u16 reason_code)3986 void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
3987 				   u16 reason_code)
3988 {
3989 	u8 *addr = NULL;
3990 	union wpa_event_data event;
3991 	int zero_addr = 0;
3992 
3993 	wpa_dbg(wpa_s, MSG_DEBUG, "Request to deauthenticate - bssid=" MACSTR
3994 		" pending_bssid=" MACSTR " reason=%d (%s) state=%s",
3995 		MAC2STR(wpa_s->bssid), MAC2STR(wpa_s->pending_bssid),
3996 		reason_code, reason2str(reason_code),
3997 		wpa_supplicant_state_txt(wpa_s->wpa_state));
3998 
3999 	if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
4000 	    (wpa_s->wpa_state == WPA_AUTHENTICATING ||
4001 	     wpa_s->wpa_state == WPA_ASSOCIATING))
4002 		addr = wpa_s->pending_bssid;
4003 	else if (!is_zero_ether_addr(wpa_s->bssid))
4004 		addr = wpa_s->bssid;
4005 	else if (wpa_s->wpa_state == WPA_ASSOCIATING) {
4006 		/*
4007 		 * When using driver-based BSS selection, we may not know the
4008 		 * BSSID with which we are currently trying to associate. We
4009 		 * need to notify the driver of this disconnection even in such
4010 		 * a case, so use the all zeros address here.
4011 		 */
4012 		addr = wpa_s->bssid;
4013 		zero_addr = 1;
4014 	}
4015 
4016 	if (wpa_s->enabled_4addr_mode && wpa_drv_set_4addr_mode(wpa_s, 0) == 0)
4017 		wpa_s->enabled_4addr_mode = 0;
4018 
4019 #ifdef CONFIG_TDLS
4020 	wpa_tdls_teardown_peers(wpa_s->wpa);
4021 #endif /* CONFIG_TDLS */
4022 
4023 #ifdef CONFIG_MESH
4024 	if (wpa_s->ifmsh) {
4025 		struct mesh_conf *mconf;
4026 
4027 		mconf = wpa_s->ifmsh->mconf;
4028 		wpa_msg(wpa_s, MSG_INFO, MESH_GROUP_REMOVED "%s",
4029 			wpa_s->ifname);
4030 		wpas_notify_mesh_group_removed(wpa_s, mconf->meshid,
4031 					       mconf->meshid_len, reason_code);
4032 		wpa_supplicant_leave_mesh(wpa_s, true);
4033 	}
4034 #endif /* CONFIG_MESH */
4035 
4036 	if (addr) {
4037 		wpa_drv_deauthenticate(wpa_s, addr, reason_code);
4038 		os_memset(&event, 0, sizeof(event));
4039 		event.deauth_info.reason_code = reason_code;
4040 		event.deauth_info.locally_generated = 1;
4041 		wpa_supplicant_event(wpa_s, EVENT_DEAUTH, &event);
4042 		if (zero_addr)
4043 			addr = NULL;
4044 	}
4045 
4046 	wpa_supplicant_clear_connection(wpa_s, addr);
4047 }
4048 
4049 
wpa_supplicant_reconnect(struct wpa_supplicant * wpa_s)4050 void wpa_supplicant_reconnect(struct wpa_supplicant *wpa_s)
4051 {
4052 	wpa_s->own_reconnect_req = 1;
4053 	wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_UNSPECIFIED);
4054 
4055 }
4056 
4057 
wpa_supplicant_enable_one_network(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)4058 static void wpa_supplicant_enable_one_network(struct wpa_supplicant *wpa_s,
4059 					      struct wpa_ssid *ssid)
4060 {
4061 	if (!ssid || !ssid->disabled || ssid->disabled == 2)
4062 		return;
4063 
4064 	ssid->disabled = 0;
4065 	ssid->owe_transition_bss_select_count = 0;
4066 	wpas_clear_temp_disabled(wpa_s, ssid, 1);
4067 	wpas_notify_network_enabled_changed(wpa_s, ssid);
4068 
4069 	/*
4070 	 * Try to reassociate since there is no current configuration and a new
4071 	 * network was made available.
4072 	 */
4073 	if (!wpa_s->current_ssid && !wpa_s->disconnected)
4074 		wpa_s->reassociate = 1;
4075 }
4076 
4077 
4078 /**
4079  * wpa_supplicant_add_network - Add a new network
4080  * @wpa_s: wpa_supplicant structure for a network interface
4081  * Returns: The new network configuration or %NULL if operation failed
4082  *
4083  * This function performs the following operations:
4084  * 1. Adds a new network.
4085  * 2. Send network addition notification.
4086  * 3. Marks the network disabled.
4087  * 4. Set network default parameters.
4088  */
wpa_supplicant_add_network(struct wpa_supplicant * wpa_s)4089 struct wpa_ssid * wpa_supplicant_add_network(struct wpa_supplicant *wpa_s)
4090 {
4091 	struct wpa_ssid *ssid;
4092 
4093 	ssid = wpa_config_add_network(wpa_s->conf);
4094 	if (!ssid)
4095 		return NULL;
4096 	wpas_notify_network_added(wpa_s, ssid);
4097 	ssid->disabled = 1;
4098 	wpa_config_set_network_defaults(ssid);
4099 
4100 	return ssid;
4101 }
4102 
4103 
4104 /**
4105  * wpa_supplicant_remove_network - Remove a configured network based on id
4106  * @wpa_s: wpa_supplicant structure for a network interface
4107  * @id: Unique network id to search for
4108  * Returns: 0 on success, or -1 if the network was not found, -2 if the network
4109  * could not be removed
4110  *
4111  * This function performs the following operations:
4112  * 1. Removes the network.
4113  * 2. Send network removal notification.
4114  * 3. Update internal state machines.
4115  * 4. Stop any running sched scans.
4116  */
wpa_supplicant_remove_network(struct wpa_supplicant * wpa_s,int id)4117 int wpa_supplicant_remove_network(struct wpa_supplicant *wpa_s, int id)
4118 {
4119 	struct wpa_ssid *ssid;
4120 	int was_disabled;
4121 
4122 	ssid = wpa_config_get_network(wpa_s->conf, id);
4123 	if (!ssid)
4124 		return -1;
4125 	wpas_notify_network_removed(wpa_s, ssid);
4126 
4127 	if (wpa_s->last_ssid == ssid)
4128 		wpa_s->last_ssid = NULL;
4129 
4130 	if (ssid == wpa_s->current_ssid || !wpa_s->current_ssid) {
4131 #ifdef CONFIG_SME
4132 		wpa_s->sme.prev_bssid_set = 0;
4133 #endif /* CONFIG_SME */
4134 		/*
4135 		 * Invalidate the EAP session cache if the current or
4136 		 * previously used network is removed.
4137 		 */
4138 		eapol_sm_invalidate_cached_session(wpa_s->eapol);
4139 	}
4140 
4141 	if (ssid == wpa_s->current_ssid) {
4142 		wpa_sm_set_config(wpa_s->wpa, NULL);
4143 		eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
4144 
4145 		if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
4146 			wpa_s->own_disconnect_req = 1;
4147 		wpa_supplicant_deauthenticate(wpa_s,
4148 					      WLAN_REASON_DEAUTH_LEAVING);
4149 	}
4150 
4151 	was_disabled = ssid->disabled;
4152 
4153 	if (wpa_config_remove_network(wpa_s->conf, id) < 0)
4154 		return -2;
4155 
4156 	if (!was_disabled && wpa_s->sched_scanning) {
4157 		wpa_printf(MSG_DEBUG,
4158 			   "Stop ongoing sched_scan to remove network from filters");
4159 		wpa_supplicant_cancel_sched_scan(wpa_s);
4160 		wpa_supplicant_req_scan(wpa_s, 0, 0);
4161 	}
4162 
4163 	return 0;
4164 }
4165 
4166 
4167 /**
4168  * wpa_supplicant_remove_all_networks - Remove all configured networks
4169  * @wpa_s: wpa_supplicant structure for a network interface
4170  * Returns: 0 on success (errors are currently ignored)
4171  *
4172  * This function performs the following operations:
4173  * 1. Remove all networks.
4174  * 2. Send network removal notifications.
4175  * 3. Update internal state machines.
4176  * 4. Stop any running sched scans.
4177  */
wpa_supplicant_remove_all_networks(struct wpa_supplicant * wpa_s)4178 int wpa_supplicant_remove_all_networks(struct wpa_supplicant *wpa_s)
4179 {
4180 	struct wpa_ssid *ssid;
4181 
4182 	if (wpa_s->sched_scanning)
4183 		wpa_supplicant_cancel_sched_scan(wpa_s);
4184 
4185 	eapol_sm_invalidate_cached_session(wpa_s->eapol);
4186 	if (wpa_s->current_ssid) {
4187 #ifdef CONFIG_SME
4188 		wpa_s->sme.prev_bssid_set = 0;
4189 #endif /* CONFIG_SME */
4190 		wpa_sm_set_config(wpa_s->wpa, NULL);
4191 		eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
4192 		if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
4193 			wpa_s->own_disconnect_req = 1;
4194 		wpa_supplicant_deauthenticate(
4195 			wpa_s, WLAN_REASON_DEAUTH_LEAVING);
4196 	}
4197 	ssid = wpa_s->conf->ssid;
4198 	while (ssid) {
4199 		struct wpa_ssid *remove_ssid = ssid;
4200 		int id;
4201 
4202 		id = ssid->id;
4203 		ssid = ssid->next;
4204 		if (wpa_s->last_ssid == remove_ssid)
4205 			wpa_s->last_ssid = NULL;
4206 		wpas_notify_network_removed(wpa_s, remove_ssid);
4207 		wpa_config_remove_network(wpa_s->conf, id);
4208 	}
4209 	return 0;
4210 }
4211 
4212 
4213 /**
4214  * wpa_supplicant_enable_network - Mark a configured network as enabled
4215  * @wpa_s: wpa_supplicant structure for a network interface
4216  * @ssid: wpa_ssid structure for a configured network or %NULL
4217  *
4218  * Enables the specified network or all networks if no network specified.
4219  */
wpa_supplicant_enable_network(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)4220 void wpa_supplicant_enable_network(struct wpa_supplicant *wpa_s,
4221 				   struct wpa_ssid *ssid)
4222 {
4223 	if (ssid == NULL) {
4224 		for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
4225 			wpa_supplicant_enable_one_network(wpa_s, ssid);
4226 	} else
4227 		wpa_supplicant_enable_one_network(wpa_s, ssid);
4228 
4229 	if (wpa_s->reassociate && !wpa_s->disconnected &&
4230 	    (!wpa_s->current_ssid ||
4231 	     wpa_s->wpa_state == WPA_DISCONNECTED ||
4232 	     wpa_s->wpa_state == WPA_SCANNING)) {
4233 		if (wpa_s->sched_scanning) {
4234 			wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan to add "
4235 				   "new network to scan filters");
4236 			wpa_supplicant_cancel_sched_scan(wpa_s);
4237 		}
4238 
4239 		if (wpa_supplicant_fast_associate(wpa_s) != 1) {
4240 			wpa_s->scan_req = NORMAL_SCAN_REQ;
4241 			wpa_supplicant_req_scan(wpa_s, 0, 0);
4242 		}
4243 	}
4244 }
4245 
4246 
4247 /**
4248  * wpa_supplicant_disable_network - Mark a configured network as disabled
4249  * @wpa_s: wpa_supplicant structure for a network interface
4250  * @ssid: wpa_ssid structure for a configured network or %NULL
4251  *
4252  * Disables the specified network or all networks if no network specified.
4253  */
wpa_supplicant_disable_network(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)4254 void wpa_supplicant_disable_network(struct wpa_supplicant *wpa_s,
4255 				    struct wpa_ssid *ssid)
4256 {
4257 	struct wpa_ssid *other_ssid;
4258 	int was_disabled;
4259 
4260 	if (ssid == NULL) {
4261 		if (wpa_s->sched_scanning)
4262 			wpa_supplicant_cancel_sched_scan(wpa_s);
4263 
4264 		for (other_ssid = wpa_s->conf->ssid; other_ssid;
4265 		     other_ssid = other_ssid->next) {
4266 			was_disabled = other_ssid->disabled;
4267 			if (was_disabled == 2)
4268 				continue; /* do not change persistent P2P group
4269 					   * data */
4270 
4271 			other_ssid->disabled = 1;
4272 
4273 			if (was_disabled != other_ssid->disabled)
4274 				wpas_notify_network_enabled_changed(
4275 					wpa_s, other_ssid);
4276 		}
4277 		if (wpa_s->current_ssid) {
4278 			if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
4279 				wpa_s->own_disconnect_req = 1;
4280 			wpa_supplicant_deauthenticate(
4281 				wpa_s, WLAN_REASON_DEAUTH_LEAVING);
4282 		}
4283 	} else if (ssid->disabled != 2) {
4284 		if (ssid == wpa_s->current_ssid) {
4285 			if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
4286 				wpa_s->own_disconnect_req = 1;
4287 			wpa_supplicant_deauthenticate(
4288 				wpa_s, WLAN_REASON_DEAUTH_LEAVING);
4289 		}
4290 
4291 		was_disabled = ssid->disabled;
4292 
4293 		ssid->disabled = 1;
4294 
4295 		if (was_disabled != ssid->disabled) {
4296 			wpas_notify_network_enabled_changed(wpa_s, ssid);
4297 			if (wpa_s->sched_scanning) {
4298 				wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan "
4299 					   "to remove network from filters");
4300 				wpa_supplicant_cancel_sched_scan(wpa_s);
4301 				wpa_supplicant_req_scan(wpa_s, 0, 0);
4302 			}
4303 		}
4304 	}
4305 }
4306 
4307 
4308 /**
4309  * wpa_supplicant_select_network - Attempt association with a network
4310  * @wpa_s: wpa_supplicant structure for a network interface
4311  * @ssid: wpa_ssid structure for a configured network or %NULL for any network
4312  */
wpa_supplicant_select_network(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)4313 void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
4314 				   struct wpa_ssid *ssid)
4315 {
4316 
4317 	struct wpa_ssid *other_ssid;
4318 	int disconnected = 0;
4319 
4320 	if (ssid && ssid != wpa_s->current_ssid && wpa_s->current_ssid) {
4321 		if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
4322 			wpa_s->own_disconnect_req = 1;
4323 		wpa_supplicant_deauthenticate(
4324 			wpa_s, WLAN_REASON_DEAUTH_LEAVING);
4325 		disconnected = 1;
4326 	}
4327 
4328 	if (ssid)
4329 		wpas_clear_temp_disabled(wpa_s, ssid, 1);
4330 
4331 	/*
4332 	 * Mark all other networks disabled or mark all networks enabled if no
4333 	 * network specified.
4334 	 */
4335 	for (other_ssid = wpa_s->conf->ssid; other_ssid;
4336 	     other_ssid = other_ssid->next) {
4337 		int was_disabled = other_ssid->disabled;
4338 		if (was_disabled == 2)
4339 			continue; /* do not change persistent P2P group data */
4340 
4341 		other_ssid->disabled = ssid ? (ssid->id != other_ssid->id) : 0;
4342 		if (was_disabled && !other_ssid->disabled)
4343 			wpas_clear_temp_disabled(wpa_s, other_ssid, 0);
4344 
4345 		if (was_disabled != other_ssid->disabled)
4346 			wpas_notify_network_enabled_changed(wpa_s, other_ssid);
4347 	}
4348 
4349 	if (ssid && ssid == wpa_s->current_ssid && wpa_s->current_ssid &&
4350 	    wpa_s->wpa_state >= WPA_AUTHENTICATING) {
4351 		/* We are already associated with the selected network */
4352 		wpa_printf(MSG_DEBUG, "Already associated with the "
4353 			   "selected network - do nothing");
4354 		return;
4355 	}
4356 
4357 	if (ssid) {
4358 		wpa_s->current_ssid = ssid;
4359 		eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
4360 		wpa_s->connect_without_scan =
4361 			(ssid->mode == WPAS_MODE_MESH) ? ssid : NULL;
4362 
4363 		/*
4364 		 * Don't optimize next scan freqs since a new ESS has been
4365 		 * selected.
4366 		 */
4367 		os_free(wpa_s->next_scan_freqs);
4368 		wpa_s->next_scan_freqs = NULL;
4369 	} else {
4370 		wpa_s->connect_without_scan = NULL;
4371 	}
4372 
4373 	wpa_s->disconnected = 0;
4374 	wpa_s->reassociate = 1;
4375 	wpa_s_clear_sae_rejected(wpa_s);
4376 	wpa_s->last_owe_group = 0;
4377 	if (ssid) {
4378 		ssid->owe_transition_bss_select_count = 0;
4379 		wpa_s_setup_sae_pt(wpa_s->conf, ssid);
4380 	}
4381 
4382 	if (wpa_s->connect_without_scan ||
4383 	    wpa_supplicant_fast_associate(wpa_s) != 1) {
4384 		wpa_s->scan_req = NORMAL_SCAN_REQ;
4385 		wpas_scan_reset_sched_scan(wpa_s);
4386 		wpa_supplicant_req_scan(wpa_s, 0, disconnected ? 100000 : 0);
4387 	}
4388 
4389 	if (ssid)
4390 		wpas_notify_network_selected(wpa_s, ssid);
4391 }
4392 
4393 
4394 /**
4395  * wpas_set_pkcs11_engine_and_module_path - Set PKCS #11 engine and module path
4396  * @wpa_s: wpa_supplicant structure for a network interface
4397  * @pkcs11_engine_path: PKCS #11 engine path or NULL
4398  * @pkcs11_module_path: PKCS #11 module path or NULL
4399  * Returns: 0 on success; -1 on failure
4400  *
4401  * Sets the PKCS #11 engine and module path. Both have to be NULL or a valid
4402  * path. If resetting the EAPOL state machine with the new PKCS #11 engine and
4403  * module path fails the paths will be reset to the default value (NULL).
4404  */
wpas_set_pkcs11_engine_and_module_path(struct wpa_supplicant * wpa_s,const char * pkcs11_engine_path,const char * pkcs11_module_path)4405 int wpas_set_pkcs11_engine_and_module_path(struct wpa_supplicant *wpa_s,
4406 					   const char *pkcs11_engine_path,
4407 					   const char *pkcs11_module_path)
4408 {
4409 	char *pkcs11_engine_path_copy = NULL;
4410 	char *pkcs11_module_path_copy = NULL;
4411 
4412 	if (pkcs11_engine_path != NULL) {
4413 		pkcs11_engine_path_copy = os_strdup(pkcs11_engine_path);
4414 		if (pkcs11_engine_path_copy == NULL)
4415 			return -1;
4416 	}
4417 	if (pkcs11_module_path != NULL) {
4418 		pkcs11_module_path_copy = os_strdup(pkcs11_module_path);
4419 		if (pkcs11_module_path_copy == NULL) {
4420 			os_free(pkcs11_engine_path_copy);
4421 			return -1;
4422 		}
4423 	}
4424 
4425 	os_free(wpa_s->conf->pkcs11_engine_path);
4426 	os_free(wpa_s->conf->pkcs11_module_path);
4427 	wpa_s->conf->pkcs11_engine_path = pkcs11_engine_path_copy;
4428 	wpa_s->conf->pkcs11_module_path = pkcs11_module_path_copy;
4429 
4430 	wpa_sm_set_eapol(wpa_s->wpa, NULL);
4431 	eapol_sm_deinit(wpa_s->eapol);
4432 	wpa_s->eapol = NULL;
4433 	if (wpa_supplicant_init_eapol(wpa_s)) {
4434 		/* Error -> Reset paths to the default value (NULL) once. */
4435 		if (pkcs11_engine_path != NULL && pkcs11_module_path != NULL)
4436 			wpas_set_pkcs11_engine_and_module_path(wpa_s, NULL,
4437 							       NULL);
4438 
4439 		return -1;
4440 	}
4441 	wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
4442 
4443 	return 0;
4444 }
4445 
4446 
4447 /**
4448  * wpa_supplicant_set_ap_scan - Set AP scan mode for interface
4449  * @wpa_s: wpa_supplicant structure for a network interface
4450  * @ap_scan: AP scan mode
4451  * Returns: 0 if succeed or -1 if ap_scan has an invalid value
4452  *
4453  */
wpa_supplicant_set_ap_scan(struct wpa_supplicant * wpa_s,int ap_scan)4454 int wpa_supplicant_set_ap_scan(struct wpa_supplicant *wpa_s, int ap_scan)
4455 {
4456 
4457 	int old_ap_scan;
4458 
4459 	if (ap_scan < 0 || ap_scan > 2)
4460 		return -1;
4461 
4462 	if (ap_scan == 2 && os_strcmp(wpa_s->driver->name, "nl80211") == 0) {
4463 		wpa_printf(MSG_INFO,
4464 			   "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
4465 	}
4466 
4467 #ifdef ANDROID
4468 	if (ap_scan == 2 && ap_scan != wpa_s->conf->ap_scan &&
4469 	    wpa_s->wpa_state >= WPA_ASSOCIATING &&
4470 	    wpa_s->wpa_state < WPA_COMPLETED) {
4471 		wpa_printf(MSG_ERROR, "ap_scan = %d (%d) rejected while "
4472 			   "associating", wpa_s->conf->ap_scan, ap_scan);
4473 		return 0;
4474 	}
4475 #endif /* ANDROID */
4476 
4477 	old_ap_scan = wpa_s->conf->ap_scan;
4478 	wpa_s->conf->ap_scan = ap_scan;
4479 
4480 	if (old_ap_scan != wpa_s->conf->ap_scan)
4481 		wpas_notify_ap_scan_changed(wpa_s);
4482 
4483 	return 0;
4484 }
4485 
4486 
4487 /**
4488  * wpa_supplicant_set_bss_expiration_age - Set BSS entry expiration age
4489  * @wpa_s: wpa_supplicant structure for a network interface
4490  * @expire_age: Expiration age in seconds
4491  * Returns: 0 if succeed or -1 if expire_age has an invalid value
4492  *
4493  */
wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant * wpa_s,unsigned int bss_expire_age)4494 int wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant *wpa_s,
4495 					  unsigned int bss_expire_age)
4496 {
4497 	if (bss_expire_age < 10) {
4498 		wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration age %u",
4499 			bss_expire_age);
4500 		return -1;
4501 	}
4502 	wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration age: %d sec",
4503 		bss_expire_age);
4504 	wpa_s->conf->bss_expiration_age = bss_expire_age;
4505 
4506 	return 0;
4507 }
4508 
4509 
4510 /**
4511  * wpa_supplicant_set_bss_expiration_count - Set BSS entry expiration scan count
4512  * @wpa_s: wpa_supplicant structure for a network interface
4513  * @expire_count: number of scans after which an unseen BSS is reclaimed
4514  * Returns: 0 if succeed or -1 if expire_count has an invalid value
4515  *
4516  */
wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant * wpa_s,unsigned int bss_expire_count)4517 int wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant *wpa_s,
4518 					    unsigned int bss_expire_count)
4519 {
4520 	if (bss_expire_count < 1) {
4521 		wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration count %u",
4522 			bss_expire_count);
4523 		return -1;
4524 	}
4525 	wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration scan count: %u",
4526 		bss_expire_count);
4527 	wpa_s->conf->bss_expiration_scan_count = bss_expire_count;
4528 
4529 	return 0;
4530 }
4531 
4532 
4533 /**
4534  * wpa_supplicant_set_scan_interval - Set scan interval
4535  * @wpa_s: wpa_supplicant structure for a network interface
4536  * @scan_interval: scan interval in seconds
4537  * Returns: 0 if succeed or -1 if scan_interval has an invalid value
4538  *
4539  */
wpa_supplicant_set_scan_interval(struct wpa_supplicant * wpa_s,int scan_interval)4540 int wpa_supplicant_set_scan_interval(struct wpa_supplicant *wpa_s,
4541 				     int scan_interval)
4542 {
4543 	if (scan_interval < 0) {
4544 		wpa_msg(wpa_s, MSG_ERROR, "Invalid scan interval %d",
4545 			scan_interval);
4546 		return -1;
4547 	}
4548 	wpa_msg(wpa_s, MSG_DEBUG, "Setting scan interval: %d sec",
4549 		scan_interval);
4550 	wpa_supplicant_update_scan_int(wpa_s, scan_interval);
4551 
4552 	return 0;
4553 }
4554 
4555 
4556 /**
4557  * wpa_supplicant_set_debug_params - Set global debug params
4558  * @global: wpa_global structure
4559  * @debug_level: debug level
4560  * @debug_timestamp: determines if show timestamp in debug data
4561  * @debug_show_keys: determines if show keys in debug data
4562  * Returns: 0 if succeed or -1 if debug_level has wrong value
4563  */
wpa_supplicant_set_debug_params(struct wpa_global * global,int debug_level,int debug_timestamp,int debug_show_keys)4564 int wpa_supplicant_set_debug_params(struct wpa_global *global, int debug_level,
4565 				    int debug_timestamp, int debug_show_keys)
4566 {
4567 
4568 	int old_level, old_timestamp, old_show_keys;
4569 
4570 	/* check for allowed debuglevels */
4571 	if (debug_level != MSG_EXCESSIVE &&
4572 	    debug_level != MSG_MSGDUMP &&
4573 	    debug_level != MSG_DEBUG &&
4574 	    debug_level != MSG_INFO &&
4575 	    debug_level != MSG_WARNING &&
4576 	    debug_level != MSG_ERROR)
4577 		return -1;
4578 
4579 	old_level = wpa_debug_level;
4580 	old_timestamp = wpa_debug_timestamp;
4581 	old_show_keys = wpa_debug_show_keys;
4582 
4583 	wpa_debug_level = debug_level;
4584 	wpa_debug_timestamp = debug_timestamp ? 1 : 0;
4585 	wpa_debug_show_keys = debug_show_keys ? 1 : 0;
4586 
4587 	if (wpa_debug_level != old_level)
4588 		wpas_notify_debug_level_changed(global);
4589 	if (wpa_debug_timestamp != old_timestamp)
4590 		wpas_notify_debug_timestamp_changed(global);
4591 	if (wpa_debug_show_keys != old_show_keys)
4592 		wpas_notify_debug_show_keys_changed(global);
4593 
4594 	return 0;
4595 }
4596 
4597 
4598 #ifdef CONFIG_OWE
owe_trans_ssid_match(struct wpa_supplicant * wpa_s,const u8 * bssid,const u8 * entry_ssid,size_t entry_ssid_len)4599 static int owe_trans_ssid_match(struct wpa_supplicant *wpa_s, const u8 *bssid,
4600 				const u8 *entry_ssid, size_t entry_ssid_len)
4601 {
4602 	const u8 *owe, *pos, *end;
4603 	u8 ssid_len;
4604 	struct wpa_bss *bss;
4605 
4606 	/* Check network profile SSID aganst the SSID in the
4607 	 * OWE Transition Mode element. */
4608 
4609 	bss = wpa_bss_get_bssid_latest(wpa_s, bssid);
4610 	if (!bss)
4611 		return 0;
4612 
4613 	owe = wpa_bss_get_vendor_ie(bss, OWE_IE_VENDOR_TYPE);
4614 	if (!owe)
4615 		return 0;
4616 
4617 	pos = owe + 6;
4618 	end = owe + 2 + owe[1];
4619 
4620 	if (end - pos < ETH_ALEN + 1)
4621 		return 0;
4622 	pos += ETH_ALEN;
4623 	ssid_len = *pos++;
4624 	if (end - pos < ssid_len || ssid_len > SSID_MAX_LEN)
4625 		return 0;
4626 
4627 	return entry_ssid_len == ssid_len &&
4628 		os_memcmp(pos, entry_ssid, ssid_len) == 0;
4629 }
4630 #endif /* CONFIG_OWE */
4631 
4632 
4633 /**
4634  * wpa_supplicant_get_ssid - Get a pointer to the current network structure
4635  * @wpa_s: Pointer to wpa_supplicant data
4636  * Returns: A pointer to the current network structure or %NULL on failure
4637  */
wpa_supplicant_get_ssid(struct wpa_supplicant * wpa_s)4638 struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
4639 {
4640 	struct wpa_ssid *entry;
4641 	u8 ssid[SSID_MAX_LEN];
4642 	int res;
4643 	size_t ssid_len;
4644 	u8 bssid[ETH_ALEN];
4645 	int wired;
4646 
4647 	res = wpa_drv_get_ssid(wpa_s, ssid);
4648 	if (res < 0) {
4649 		wpa_msg(wpa_s, MSG_WARNING, "Could not read SSID from "
4650 			"driver");
4651 		return NULL;
4652 	}
4653 	ssid_len = res;
4654 
4655 	if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
4656 		wpa_msg(wpa_s, MSG_WARNING, "Could not read BSSID from "
4657 			"driver");
4658 		return NULL;
4659 	}
4660 
4661 	wired = wpa_s->conf->ap_scan == 0 &&
4662 		(wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED);
4663 
4664 	entry = wpa_s->conf->ssid;
4665 	while (entry) {
4666 		if (!wpas_network_disabled(wpa_s, entry) &&
4667 		    ((ssid_len == entry->ssid_len &&
4668 		      (!entry->ssid ||
4669 		       os_memcmp(ssid, entry->ssid, ssid_len) == 0)) ||
4670 		     wired) &&
4671 		    (!entry->bssid_set ||
4672 		     os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
4673 			return entry;
4674 #ifdef CONFIG_WPS
4675 		if (!wpas_network_disabled(wpa_s, entry) &&
4676 		    (entry->key_mgmt & WPA_KEY_MGMT_WPS) &&
4677 		    (entry->ssid == NULL || entry->ssid_len == 0) &&
4678 		    (!entry->bssid_set ||
4679 		     os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
4680 			return entry;
4681 #endif /* CONFIG_WPS */
4682 
4683 #ifdef CONFIG_OWE
4684 		if (!wpas_network_disabled(wpa_s, entry) &&
4685 		    owe_trans_ssid_match(wpa_s, bssid, entry->ssid,
4686 		    entry->ssid_len) &&
4687 		    (!entry->bssid_set ||
4688 		     os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
4689 			return entry;
4690 #endif /* CONFIG_OWE */
4691 
4692 		if (!wpas_network_disabled(wpa_s, entry) && entry->bssid_set &&
4693 		    entry->ssid_len == 0 &&
4694 		    os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0)
4695 			return entry;
4696 
4697 		entry = entry->next;
4698 	}
4699 
4700 	return NULL;
4701 }
4702 
4703 
select_driver(struct wpa_supplicant * wpa_s,int i)4704 static int select_driver(struct wpa_supplicant *wpa_s, int i)
4705 {
4706 	struct wpa_global *global = wpa_s->global;
4707 
4708 	if (wpa_drivers[i]->global_init && global->drv_priv[i] == NULL) {
4709 		global->drv_priv[i] = wpa_drivers[i]->global_init(global);
4710 		if (global->drv_priv[i] == NULL) {
4711 			wpa_printf(MSG_ERROR, "Failed to initialize driver "
4712 				   "'%s'", wpa_drivers[i]->name);
4713 			return -1;
4714 		}
4715 	}
4716 
4717 	wpa_s->driver = wpa_drivers[i];
4718 	wpa_s->global_drv_priv = global->drv_priv[i];
4719 
4720 	return 0;
4721 }
4722 
4723 
wpa_supplicant_set_driver(struct wpa_supplicant * wpa_s,const char * name)4724 static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
4725 				     const char *name)
4726 {
4727 	int i;
4728 	size_t len;
4729 	const char *pos, *driver = name;
4730 
4731 	if (wpa_s == NULL)
4732 		return -1;
4733 
4734 	if (wpa_drivers[0] == NULL) {
4735 		wpa_msg(wpa_s, MSG_ERROR, "No driver interfaces build into "
4736 			"wpa_supplicant");
4737 		return -1;
4738 	}
4739 
4740 	if (name == NULL) {
4741 		/* default to first driver in the list */
4742 		return select_driver(wpa_s, 0);
4743 	}
4744 
4745 	do {
4746 		pos = os_strchr(driver, ',');
4747 		if (pos)
4748 			len = pos - driver;
4749 		else
4750 			len = os_strlen(driver);
4751 
4752 		for (i = 0; wpa_drivers[i]; i++) {
4753 			if (os_strlen(wpa_drivers[i]->name) == len &&
4754 			    os_strncmp(driver, wpa_drivers[i]->name, len) ==
4755 			    0) {
4756 				/* First driver that succeeds wins */
4757 				if (select_driver(wpa_s, i) == 0)
4758 					return 0;
4759 			}
4760 		}
4761 
4762 		driver = pos + 1;
4763 	} while (pos);
4764 
4765 	wpa_msg(wpa_s, MSG_ERROR, "Unsupported driver '%s'", name);
4766 	return -1;
4767 }
4768 
4769 
4770 /**
4771  * wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
4772  * @ctx: Context pointer (wpa_s); this is the ctx variable registered
4773  *	with struct wpa_driver_ops::init()
4774  * @src_addr: Source address of the EAPOL frame
4775  * @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
4776  * @len: Length of the EAPOL data
4777  *
4778  * This function is called for each received EAPOL frame. Most driver
4779  * interfaces rely on more generic OS mechanism for receiving frames through
4780  * l2_packet, but if such a mechanism is not available, the driver wrapper may
4781  * take care of received EAPOL frames and deliver them to the core supplicant
4782  * code by calling this function.
4783  */
wpa_supplicant_rx_eapol(void * ctx,const u8 * src_addr,const u8 * buf,size_t len)4784 void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
4785 			     const u8 *buf, size_t len)
4786 {
4787 	struct wpa_supplicant *wpa_s = ctx;
4788 
4789 	wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
4790 	wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
4791 
4792 #ifdef CONFIG_TESTING_OPTIONS
4793 	if (wpa_s->ignore_auth_resp) {
4794 		wpa_printf(MSG_INFO, "RX EAPOL - ignore_auth_resp active!");
4795 		return;
4796 	}
4797 #endif /* CONFIG_TESTING_OPTIONS */
4798 
4799 	if (wpa_s->wpa_state < WPA_ASSOCIATED ||
4800 	    (wpa_s->last_eapol_matches_bssid &&
4801 #ifdef CONFIG_AP
4802 	     !wpa_s->ap_iface &&
4803 #endif /* CONFIG_AP */
4804 	     os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) != 0)) {
4805 		/*
4806 		 * There is possible race condition between receiving the
4807 		 * association event and the EAPOL frame since they are coming
4808 		 * through different paths from the driver. In order to avoid
4809 		 * issues in trying to process the EAPOL frame before receiving
4810 		 * association information, lets queue it for processing until
4811 		 * the association event is received. This may also be needed in
4812 		 * driver-based roaming case, so also use src_addr != BSSID as a
4813 		 * trigger if we have previously confirmed that the
4814 		 * Authenticator uses BSSID as the src_addr (which is not the
4815 		 * case with wired IEEE 802.1X).
4816 		 */
4817 		wpa_dbg(wpa_s, MSG_DEBUG, "Not associated - Delay processing "
4818 			"of received EAPOL frame (state=%s bssid=" MACSTR ")",
4819 			wpa_supplicant_state_txt(wpa_s->wpa_state),
4820 			MAC2STR(wpa_s->bssid));
4821 		wpabuf_free(wpa_s->pending_eapol_rx);
4822 		wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
4823 		if (wpa_s->pending_eapol_rx) {
4824 			os_get_reltime(&wpa_s->pending_eapol_rx_time);
4825 			os_memcpy(wpa_s->pending_eapol_rx_src, src_addr,
4826 				  ETH_ALEN);
4827 		}
4828 		return;
4829 	}
4830 
4831 	wpa_s->last_eapol_matches_bssid =
4832 		os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) == 0;
4833 
4834 #ifdef CONFIG_AP
4835 	if (wpa_s->ap_iface) {
4836 		wpa_supplicant_ap_rx_eapol(wpa_s, src_addr, buf, len);
4837 		return;
4838 	}
4839 #endif /* CONFIG_AP */
4840 
4841 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
4842 		wpa_dbg(wpa_s, MSG_DEBUG, "Ignored received EAPOL frame since "
4843 			"no key management is configured");
4844 		return;
4845 	}
4846 
4847 	if (wpa_s->eapol_received == 0 &&
4848 	    (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) ||
4849 	     !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
4850 	     wpa_s->wpa_state != WPA_COMPLETED) &&
4851 	    (wpa_s->current_ssid == NULL ||
4852 	     wpa_s->current_ssid->mode != WPAS_MODE_IBSS)) {
4853 		/* Timeout for completing IEEE 802.1X and WPA authentication */
4854 		int timeout = 10;
4855 
4856 		if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
4857 		    wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA ||
4858 		    wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
4859 			/* Use longer timeout for IEEE 802.1X/EAP */
4860 			timeout = 70;
4861 		}
4862 
4863 #ifdef CONFIG_WPS
4864 		if (wpa_s->current_ssid && wpa_s->current_bss &&
4865 		    (wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_WPS) &&
4866 		    eap_is_wps_pin_enrollee(&wpa_s->current_ssid->eap)) {
4867 			/*
4868 			 * Use shorter timeout if going through WPS AP iteration
4869 			 * for PIN config method with an AP that does not
4870 			 * advertise Selected Registrar.
4871 			 */
4872 			struct wpabuf *wps_ie;
4873 
4874 			wps_ie = wpa_bss_get_vendor_ie_multi(
4875 				wpa_s->current_bss, WPS_IE_VENDOR_TYPE);
4876 			if (wps_ie &&
4877 			    !wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1))
4878 				timeout = 10;
4879 			wpabuf_free(wps_ie);
4880 		}
4881 #endif /* CONFIG_WPS */
4882 
4883 		wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
4884 	}
4885 	wpa_s->eapol_received++;
4886 
4887 	if (wpa_s->countermeasures) {
4888 		wpa_msg(wpa_s, MSG_INFO, "WPA: Countermeasures - dropped "
4889 			"EAPOL packet");
4890 		return;
4891 	}
4892 
4893 #ifdef CONFIG_IBSS_RSN
4894 	if (wpa_s->current_ssid &&
4895 	    wpa_s->current_ssid->mode == WPAS_MODE_IBSS) {
4896 		ibss_rsn_rx_eapol(wpa_s->ibss_rsn, src_addr, buf, len);
4897 		return;
4898 	}
4899 #endif /* CONFIG_IBSS_RSN */
4900 
4901 	/* Source address of the incoming EAPOL frame could be compared to the
4902 	 * current BSSID. However, it is possible that a centralized
4903 	 * Authenticator could be using another MAC address than the BSSID of
4904 	 * an AP, so just allow any address to be used for now. The replies are
4905 	 * still sent to the current BSSID (if available), though. */
4906 
4907 	os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
4908 	if (!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) &&
4909 	    wpa_s->key_mgmt != WPA_KEY_MGMT_OWE &&
4910 	    wpa_s->key_mgmt != WPA_KEY_MGMT_DPP &&
4911 	    eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
4912 		return;
4913 	wpa_drv_poll(wpa_s);
4914 	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK))
4915 		wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
4916 	else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
4917 		/*
4918 		 * Set portValid = true here since we are going to skip 4-way
4919 		 * handshake processing which would normally set portValid. We
4920 		 * need this to allow the EAPOL state machines to be completed
4921 		 * without going through EAPOL-Key handshake.
4922 		 */
4923 		eapol_sm_notify_portValid(wpa_s->eapol, true);
4924 	}
4925 }
4926 
4927 
wpas_eapol_needs_l2_packet(struct wpa_supplicant * wpa_s)4928 static int wpas_eapol_needs_l2_packet(struct wpa_supplicant *wpa_s)
4929 {
4930 	return !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_CONTROL_PORT) ||
4931 		!(wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX);
4932 }
4933 
4934 
wpa_supplicant_update_mac_addr(struct wpa_supplicant * wpa_s)4935 int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s)
4936 {
4937 	if ((!wpa_s->p2p_mgmt ||
4938 	     !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)) &&
4939 	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE)) {
4940 		l2_packet_deinit(wpa_s->l2);
4941 		wpa_s->l2 = l2_packet_init(wpa_s->ifname,
4942 					   wpa_drv_get_mac_addr(wpa_s),
4943 					   ETH_P_EAPOL,
4944 					   wpas_eapol_needs_l2_packet(wpa_s) ?
4945 					   wpa_supplicant_rx_eapol : NULL,
4946 					   wpa_s, 0);
4947 		if (wpa_s->l2 == NULL)
4948 			return -1;
4949 
4950 		if (l2_packet_set_packet_filter(wpa_s->l2,
4951 						L2_PACKET_FILTER_PKTTYPE))
4952 			wpa_dbg(wpa_s, MSG_DEBUG,
4953 				"Failed to attach pkt_type filter");
4954 
4955 		if (l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
4956 			wpa_msg(wpa_s, MSG_ERROR,
4957 				"Failed to get own L2 address");
4958 			return -1;
4959 		}
4960 	} else {
4961 		const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
4962 		if (addr)
4963 			os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
4964 	}
4965 
4966 	wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
4967 	wpas_wps_update_mac_addr(wpa_s);
4968 
4969 #ifdef CONFIG_FST
4970 	if (wpa_s->fst)
4971 		fst_update_mac_addr(wpa_s->fst, wpa_s->own_addr);
4972 #endif /* CONFIG_FST */
4973 
4974 	return 0;
4975 }
4976 
4977 
wpa_supplicant_rx_eapol_bridge(void * ctx,const u8 * src_addr,const u8 * buf,size_t len)4978 static void wpa_supplicant_rx_eapol_bridge(void *ctx, const u8 *src_addr,
4979 					   const u8 *buf, size_t len)
4980 {
4981 	struct wpa_supplicant *wpa_s = ctx;
4982 	const struct l2_ethhdr *eth;
4983 
4984 	if (len < sizeof(*eth))
4985 		return;
4986 	eth = (const struct l2_ethhdr *) buf;
4987 
4988 	if (os_memcmp(eth->h_dest, wpa_s->own_addr, ETH_ALEN) != 0 &&
4989 	    !(eth->h_dest[0] & 0x01)) {
4990 		wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
4991 			" (bridge - not for this interface - ignore)",
4992 			MAC2STR(src_addr), MAC2STR(eth->h_dest));
4993 		return;
4994 	}
4995 
4996 	wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
4997 		" (bridge)", MAC2STR(src_addr), MAC2STR(eth->h_dest));
4998 	wpa_supplicant_rx_eapol(wpa_s, src_addr, buf + sizeof(*eth),
4999 				len - sizeof(*eth));
5000 }
5001 
5002 
wpa_supplicant_update_bridge_ifname(struct wpa_supplicant * wpa_s,const char * bridge_ifname)5003 int wpa_supplicant_update_bridge_ifname(struct wpa_supplicant *wpa_s,
5004 					const char *bridge_ifname)
5005 {
5006 	if (wpa_s->wpa_state > WPA_SCANNING)
5007 		return -EBUSY;
5008 
5009 	if (bridge_ifname &&
5010 	    os_strlen(bridge_ifname) >= sizeof(wpa_s->bridge_ifname))
5011 		return -EINVAL;
5012 
5013 	if (!bridge_ifname)
5014 		bridge_ifname = "";
5015 
5016 	if (os_strcmp(wpa_s->bridge_ifname, bridge_ifname) == 0)
5017 		return 0;
5018 
5019 	if (wpa_s->l2_br) {
5020 		l2_packet_deinit(wpa_s->l2_br);
5021 		wpa_s->l2_br = NULL;
5022 	}
5023 
5024 	os_strlcpy(wpa_s->bridge_ifname, bridge_ifname,
5025 		   sizeof(wpa_s->bridge_ifname));
5026 
5027 	if (wpa_s->bridge_ifname[0]) {
5028 		wpa_dbg(wpa_s, MSG_DEBUG,
5029 			"Receiving packets from bridge interface '%s'",
5030 			wpa_s->bridge_ifname);
5031 		wpa_s->l2_br = l2_packet_init_bridge(
5032 			wpa_s->bridge_ifname, wpa_s->ifname, wpa_s->own_addr,
5033 			ETH_P_EAPOL, wpa_supplicant_rx_eapol_bridge, wpa_s, 1);
5034 		if (!wpa_s->l2_br) {
5035 			wpa_msg(wpa_s, MSG_ERROR,
5036 				"Failed to open l2_packet connection for the bridge interface '%s'",
5037 				wpa_s->bridge_ifname);
5038 			goto fail;
5039 		}
5040 	}
5041 
5042 #ifdef CONFIG_TDLS
5043 	if (!wpa_s->p2p_mgmt && wpa_tdls_init(wpa_s->wpa))
5044 		goto fail;
5045 #endif /* CONFIG_TDLS */
5046 
5047 	return 0;
5048 fail:
5049 	wpa_s->bridge_ifname[0] = 0;
5050 	if (wpa_s->l2_br) {
5051 		l2_packet_deinit(wpa_s->l2_br);
5052 		wpa_s->l2_br = NULL;
5053 	}
5054 #ifdef CONFIG_TDLS
5055 	if (!wpa_s->p2p_mgmt)
5056 		wpa_tdls_init(wpa_s->wpa);
5057 #endif /* CONFIG_TDLS */
5058 	return -EIO;
5059 }
5060 
5061 
5062 /**
5063  * wpa_supplicant_driver_init - Initialize driver interface parameters
5064  * @wpa_s: Pointer to wpa_supplicant data
5065  * Returns: 0 on success, -1 on failure
5066  *
5067  * This function is called to initialize driver interface parameters.
5068  * wpa_drv_init() must have been called before this function to initialize the
5069  * driver interface.
5070  */
wpa_supplicant_driver_init(struct wpa_supplicant * wpa_s)5071 int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s)
5072 {
5073 	static int interface_count = 0;
5074 
5075 	if (wpa_supplicant_update_mac_addr(wpa_s) < 0)
5076 		return -1;
5077 
5078 	wpa_dbg(wpa_s, MSG_DEBUG, "Own MAC address: " MACSTR,
5079 		MAC2STR(wpa_s->own_addr));
5080 	os_memcpy(wpa_s->perm_addr, wpa_s->own_addr, ETH_ALEN);
5081 	wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
5082 
5083 	if (wpa_s->bridge_ifname[0] && wpas_eapol_needs_l2_packet(wpa_s)) {
5084 		wpa_dbg(wpa_s, MSG_DEBUG, "Receiving packets from bridge "
5085 			"interface '%s'", wpa_s->bridge_ifname);
5086 		wpa_s->l2_br = l2_packet_init_bridge(
5087 			wpa_s->bridge_ifname, wpa_s->ifname, wpa_s->own_addr,
5088 			ETH_P_EAPOL, wpa_supplicant_rx_eapol_bridge, wpa_s, 1);
5089 		if (wpa_s->l2_br == NULL) {
5090 			wpa_msg(wpa_s, MSG_ERROR, "Failed to open l2_packet "
5091 				"connection for the bridge interface '%s'",
5092 				wpa_s->bridge_ifname);
5093 			return -1;
5094 		}
5095 	}
5096 
5097 	if (wpa_s->conf->ap_scan == 2 &&
5098 	    os_strcmp(wpa_s->driver->name, "nl80211") == 0) {
5099 		wpa_printf(MSG_INFO,
5100 			   "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
5101 	}
5102 
5103 	wpa_clear_keys(wpa_s, NULL);
5104 
5105 	/* Make sure that TKIP countermeasures are not left enabled (could
5106 	 * happen if wpa_supplicant is killed during countermeasures. */
5107 	wpa_drv_set_countermeasures(wpa_s, 0);
5108 
5109 	wpa_dbg(wpa_s, MSG_DEBUG, "RSN: flushing PMKID list in the driver");
5110 	wpa_drv_flush_pmkid(wpa_s);
5111 
5112 	wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
5113 	wpa_s->prev_scan_wildcard = 0;
5114 
5115 	if (wpa_supplicant_enabled_networks(wpa_s)) {
5116 		if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
5117 			wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
5118 			interface_count = 0;
5119 		}
5120 #ifndef ANDROID
5121 		if (!wpa_s->p2p_mgmt &&
5122 		    wpa_supplicant_delayed_sched_scan(wpa_s,
5123 						      interface_count % 3,
5124 						      100000))
5125 			wpa_supplicant_req_scan(wpa_s, interface_count % 3,
5126 						100000);
5127 #endif /* ANDROID */
5128 		interface_count++;
5129 	} else
5130 		wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
5131 
5132 	return 0;
5133 }
5134 
5135 
wpa_supplicant_daemon(const char * pid_file)5136 static int wpa_supplicant_daemon(const char *pid_file)
5137 {
5138 	wpa_printf(MSG_DEBUG, "Daemonize..");
5139 	return os_daemonize(pid_file);
5140 }
5141 
5142 
5143 static struct wpa_supplicant *
wpa_supplicant_alloc(struct wpa_supplicant * parent)5144 wpa_supplicant_alloc(struct wpa_supplicant *parent)
5145 {
5146 	struct wpa_supplicant *wpa_s;
5147 
5148 	wpa_s = os_zalloc(sizeof(*wpa_s));
5149 	if (wpa_s == NULL)
5150 		return NULL;
5151 	wpa_s->scan_req = INITIAL_SCAN_REQ;
5152 	wpa_s->scan_interval = 5;
5153 	wpa_s->new_connection = 1;
5154 	wpa_s->parent = parent ? parent : wpa_s;
5155 	wpa_s->p2pdev = wpa_s->parent;
5156 	wpa_s->sched_scanning = 0;
5157 	wpa_s->setband_mask = WPA_SETBAND_AUTO;
5158 
5159 	dl_list_init(&wpa_s->bss_tmp_disallowed);
5160 	dl_list_init(&wpa_s->fils_hlp_req);
5161 #ifdef CONFIG_TESTING_OPTIONS
5162 	dl_list_init(&wpa_s->drv_signal_override);
5163 #endif /* CONFIG_TESTING_OPTIONS */
5164 
5165 	return wpa_s;
5166 }
5167 
5168 
5169 #ifdef CONFIG_HT_OVERRIDES
5170 
wpa_set_htcap_mcs(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,const char * ht_mcs)5171 static int wpa_set_htcap_mcs(struct wpa_supplicant *wpa_s,
5172 			     struct ieee80211_ht_capabilities *htcaps,
5173 			     struct ieee80211_ht_capabilities *htcaps_mask,
5174 			     const char *ht_mcs)
5175 {
5176 	/* parse ht_mcs into hex array */
5177 	int i;
5178 	const char *tmp = ht_mcs;
5179 	char *end = NULL;
5180 
5181 	/* If ht_mcs is null, do not set anything */
5182 	if (!ht_mcs)
5183 		return 0;
5184 
5185 	/* This is what we are setting in the kernel */
5186 	os_memset(&htcaps->supported_mcs_set, 0, IEEE80211_HT_MCS_MASK_LEN);
5187 
5188 	wpa_msg(wpa_s, MSG_DEBUG, "set_htcap, ht_mcs -:%s:-", ht_mcs);
5189 
5190 	for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
5191 		long v;
5192 
5193 		errno = 0;
5194 		v = strtol(tmp, &end, 16);
5195 
5196 		if (errno == 0) {
5197 			wpa_msg(wpa_s, MSG_DEBUG,
5198 				"htcap value[%i]: %ld end: %p  tmp: %p",
5199 				i, v, end, tmp);
5200 			if (end == tmp)
5201 				break;
5202 
5203 			htcaps->supported_mcs_set[i] = v;
5204 			tmp = end;
5205 		} else {
5206 			wpa_msg(wpa_s, MSG_ERROR,
5207 				"Failed to parse ht-mcs: %s, error: %s\n",
5208 				ht_mcs, strerror(errno));
5209 			return -1;
5210 		}
5211 	}
5212 
5213 	/*
5214 	 * If we were able to parse any values, then set mask for the MCS set.
5215 	 */
5216 	if (i) {
5217 		os_memset(&htcaps_mask->supported_mcs_set, 0xff,
5218 			  IEEE80211_HT_MCS_MASK_LEN - 1);
5219 		/* skip the 3 reserved bits */
5220 		htcaps_mask->supported_mcs_set[IEEE80211_HT_MCS_MASK_LEN - 1] =
5221 			0x1f;
5222 	}
5223 
5224 	return 0;
5225 }
5226 
5227 
wpa_disable_max_amsdu(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int disabled)5228 static int wpa_disable_max_amsdu(struct wpa_supplicant *wpa_s,
5229 				 struct ieee80211_ht_capabilities *htcaps,
5230 				 struct ieee80211_ht_capabilities *htcaps_mask,
5231 				 int disabled)
5232 {
5233 	le16 msk;
5234 
5235 	if (disabled == -1)
5236 		return 0;
5237 
5238 	wpa_msg(wpa_s, MSG_DEBUG, "set_disable_max_amsdu: %d", disabled);
5239 
5240 	msk = host_to_le16(HT_CAP_INFO_MAX_AMSDU_SIZE);
5241 	htcaps_mask->ht_capabilities_info |= msk;
5242 	if (disabled)
5243 		htcaps->ht_capabilities_info &= msk;
5244 	else
5245 		htcaps->ht_capabilities_info |= msk;
5246 
5247 	return 0;
5248 }
5249 
5250 
wpa_set_ampdu_factor(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int factor)5251 static int wpa_set_ampdu_factor(struct wpa_supplicant *wpa_s,
5252 				struct ieee80211_ht_capabilities *htcaps,
5253 				struct ieee80211_ht_capabilities *htcaps_mask,
5254 				int factor)
5255 {
5256 	if (factor == -1)
5257 		return 0;
5258 
5259 	wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_factor: %d", factor);
5260 
5261 	if (factor < 0 || factor > 3) {
5262 		wpa_msg(wpa_s, MSG_ERROR, "ampdu_factor: %d out of range. "
5263 			"Must be 0-3 or -1", factor);
5264 		return -EINVAL;
5265 	}
5266 
5267 	htcaps_mask->a_mpdu_params |= 0x3; /* 2 bits for factor */
5268 	htcaps->a_mpdu_params &= ~0x3;
5269 	htcaps->a_mpdu_params |= factor & 0x3;
5270 
5271 	return 0;
5272 }
5273 
5274 
wpa_set_ampdu_density(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int density)5275 static int wpa_set_ampdu_density(struct wpa_supplicant *wpa_s,
5276 				 struct ieee80211_ht_capabilities *htcaps,
5277 				 struct ieee80211_ht_capabilities *htcaps_mask,
5278 				 int density)
5279 {
5280 	if (density == -1)
5281 		return 0;
5282 
5283 	wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_density: %d", density);
5284 
5285 	if (density < 0 || density > 7) {
5286 		wpa_msg(wpa_s, MSG_ERROR,
5287 			"ampdu_density: %d out of range. Must be 0-7 or -1.",
5288 			density);
5289 		return -EINVAL;
5290 	}
5291 
5292 	htcaps_mask->a_mpdu_params |= 0x1C;
5293 	htcaps->a_mpdu_params &= ~(0x1C);
5294 	htcaps->a_mpdu_params |= (density << 2) & 0x1C;
5295 
5296 	return 0;
5297 }
5298 
5299 
wpa_set_disable_ht40(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int disabled)5300 static int wpa_set_disable_ht40(struct wpa_supplicant *wpa_s,
5301 				struct ieee80211_ht_capabilities *htcaps,
5302 				struct ieee80211_ht_capabilities *htcaps_mask,
5303 				int disabled)
5304 {
5305 	if (disabled)
5306 		wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ht40: %d", disabled);
5307 
5308 	set_disable_ht40(htcaps, disabled);
5309 	set_disable_ht40(htcaps_mask, 0);
5310 
5311 	return 0;
5312 }
5313 
5314 
wpa_set_disable_sgi(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int disabled)5315 static int wpa_set_disable_sgi(struct wpa_supplicant *wpa_s,
5316 			       struct ieee80211_ht_capabilities *htcaps,
5317 			       struct ieee80211_ht_capabilities *htcaps_mask,
5318 			       int disabled)
5319 {
5320 	/* Masking these out disables SGI */
5321 	le16 msk = host_to_le16(HT_CAP_INFO_SHORT_GI20MHZ |
5322 				HT_CAP_INFO_SHORT_GI40MHZ);
5323 
5324 	if (disabled)
5325 		wpa_msg(wpa_s, MSG_DEBUG, "set_disable_sgi: %d", disabled);
5326 
5327 	if (disabled)
5328 		htcaps->ht_capabilities_info &= ~msk;
5329 	else
5330 		htcaps->ht_capabilities_info |= msk;
5331 
5332 	htcaps_mask->ht_capabilities_info |= msk;
5333 
5334 	return 0;
5335 }
5336 
5337 
wpa_set_disable_ldpc(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int disabled)5338 static int wpa_set_disable_ldpc(struct wpa_supplicant *wpa_s,
5339 			       struct ieee80211_ht_capabilities *htcaps,
5340 			       struct ieee80211_ht_capabilities *htcaps_mask,
5341 			       int disabled)
5342 {
5343 	/* Masking these out disables LDPC */
5344 	le16 msk = host_to_le16(HT_CAP_INFO_LDPC_CODING_CAP);
5345 
5346 	if (disabled)
5347 		wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ldpc: %d", disabled);
5348 
5349 	if (disabled)
5350 		htcaps->ht_capabilities_info &= ~msk;
5351 	else
5352 		htcaps->ht_capabilities_info |= msk;
5353 
5354 	htcaps_mask->ht_capabilities_info |= msk;
5355 
5356 	return 0;
5357 }
5358 
5359 
wpa_set_tx_stbc(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int tx_stbc)5360 static int wpa_set_tx_stbc(struct wpa_supplicant *wpa_s,
5361 			   struct ieee80211_ht_capabilities *htcaps,
5362 			   struct ieee80211_ht_capabilities *htcaps_mask,
5363 			   int tx_stbc)
5364 {
5365 	le16 msk = host_to_le16(HT_CAP_INFO_TX_STBC);
5366 
5367 	if (tx_stbc == -1)
5368 		return 0;
5369 
5370 	wpa_msg(wpa_s, MSG_DEBUG, "set_tx_stbc: %d", tx_stbc);
5371 
5372 	if (tx_stbc < 0 || tx_stbc > 1) {
5373 		wpa_msg(wpa_s, MSG_ERROR,
5374 			"tx_stbc: %d out of range. Must be 0-1 or -1", tx_stbc);
5375 		return -EINVAL;
5376 	}
5377 
5378 	htcaps_mask->ht_capabilities_info |= msk;
5379 	htcaps->ht_capabilities_info &= ~msk;
5380 	htcaps->ht_capabilities_info |= (tx_stbc << 7) & msk;
5381 
5382 	return 0;
5383 }
5384 
5385 
wpa_set_rx_stbc(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int rx_stbc)5386 static int wpa_set_rx_stbc(struct wpa_supplicant *wpa_s,
5387 			   struct ieee80211_ht_capabilities *htcaps,
5388 			   struct ieee80211_ht_capabilities *htcaps_mask,
5389 			   int rx_stbc)
5390 {
5391 	le16 msk = host_to_le16(HT_CAP_INFO_RX_STBC_MASK);
5392 
5393 	if (rx_stbc == -1)
5394 		return 0;
5395 
5396 	wpa_msg(wpa_s, MSG_DEBUG, "set_rx_stbc: %d", rx_stbc);
5397 
5398 	if (rx_stbc < 0 || rx_stbc > 3) {
5399 		wpa_msg(wpa_s, MSG_ERROR,
5400 			"rx_stbc: %d out of range. Must be 0-3 or -1", rx_stbc);
5401 		return -EINVAL;
5402 	}
5403 
5404 	htcaps_mask->ht_capabilities_info |= msk;
5405 	htcaps->ht_capabilities_info &= ~msk;
5406 	htcaps->ht_capabilities_info |= (rx_stbc << 8) & msk;
5407 
5408 	return 0;
5409 }
5410 
5411 
wpa_supplicant_apply_ht_overrides(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,struct wpa_driver_associate_params * params)5412 void wpa_supplicant_apply_ht_overrides(
5413 	struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
5414 	struct wpa_driver_associate_params *params)
5415 {
5416 	struct ieee80211_ht_capabilities *htcaps;
5417 	struct ieee80211_ht_capabilities *htcaps_mask;
5418 
5419 	if (!ssid)
5420 		return;
5421 
5422 	params->disable_ht = ssid->disable_ht;
5423 	if (!params->htcaps || !params->htcaps_mask)
5424 		return;
5425 
5426 	htcaps = (struct ieee80211_ht_capabilities *) params->htcaps;
5427 	htcaps_mask = (struct ieee80211_ht_capabilities *) params->htcaps_mask;
5428 	wpa_set_htcap_mcs(wpa_s, htcaps, htcaps_mask, ssid->ht_mcs);
5429 	wpa_disable_max_amsdu(wpa_s, htcaps, htcaps_mask,
5430 			      ssid->disable_max_amsdu);
5431 	wpa_set_ampdu_factor(wpa_s, htcaps, htcaps_mask, ssid->ampdu_factor);
5432 	wpa_set_ampdu_density(wpa_s, htcaps, htcaps_mask, ssid->ampdu_density);
5433 	wpa_set_disable_ht40(wpa_s, htcaps, htcaps_mask, ssid->disable_ht40);
5434 	wpa_set_disable_sgi(wpa_s, htcaps, htcaps_mask, ssid->disable_sgi);
5435 	wpa_set_disable_ldpc(wpa_s, htcaps, htcaps_mask, ssid->disable_ldpc);
5436 	wpa_set_rx_stbc(wpa_s, htcaps, htcaps_mask, ssid->rx_stbc);
5437 	wpa_set_tx_stbc(wpa_s, htcaps, htcaps_mask, ssid->tx_stbc);
5438 
5439 	if (ssid->ht40_intolerant) {
5440 		le16 bit = host_to_le16(HT_CAP_INFO_40MHZ_INTOLERANT);
5441 		htcaps->ht_capabilities_info |= bit;
5442 		htcaps_mask->ht_capabilities_info |= bit;
5443 	}
5444 }
5445 
5446 #endif /* CONFIG_HT_OVERRIDES */
5447 
5448 
5449 #ifdef CONFIG_VHT_OVERRIDES
wpa_supplicant_apply_vht_overrides(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,struct wpa_driver_associate_params * params)5450 void wpa_supplicant_apply_vht_overrides(
5451 	struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
5452 	struct wpa_driver_associate_params *params)
5453 {
5454 	struct ieee80211_vht_capabilities *vhtcaps;
5455 	struct ieee80211_vht_capabilities *vhtcaps_mask;
5456 
5457 	if (!ssid)
5458 		return;
5459 
5460 	params->disable_vht = ssid->disable_vht;
5461 
5462 	vhtcaps = (void *) params->vhtcaps;
5463 	vhtcaps_mask = (void *) params->vhtcaps_mask;
5464 
5465 	if (!vhtcaps || !vhtcaps_mask)
5466 		return;
5467 
5468 	vhtcaps->vht_capabilities_info = host_to_le32(ssid->vht_capa);
5469 	vhtcaps_mask->vht_capabilities_info = host_to_le32(ssid->vht_capa_mask);
5470 
5471 #ifdef CONFIG_HT_OVERRIDES
5472 	if (ssid->disable_sgi) {
5473 		vhtcaps_mask->vht_capabilities_info |= (VHT_CAP_SHORT_GI_80 |
5474 							VHT_CAP_SHORT_GI_160);
5475 		vhtcaps->vht_capabilities_info &= ~(VHT_CAP_SHORT_GI_80 |
5476 						    VHT_CAP_SHORT_GI_160);
5477 		wpa_msg(wpa_s, MSG_DEBUG,
5478 			"disable-sgi override specified, vht-caps: 0x%x",
5479 			vhtcaps->vht_capabilities_info);
5480 	}
5481 
5482 	/* if max ampdu is <= 3, we have to make the HT cap the same */
5483 	if (ssid->vht_capa_mask & VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX) {
5484 		int max_ampdu;
5485 
5486 		max_ampdu = (ssid->vht_capa &
5487 			     VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX) >>
5488 			VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX_SHIFT;
5489 
5490 		max_ampdu = max_ampdu < 3 ? max_ampdu : 3;
5491 		wpa_set_ampdu_factor(wpa_s,
5492 				     (void *) params->htcaps,
5493 				     (void *) params->htcaps_mask,
5494 				     max_ampdu);
5495 	}
5496 #endif /* CONFIG_HT_OVERRIDES */
5497 
5498 #define OVERRIDE_MCS(i)							\
5499 	if (ssid->vht_tx_mcs_nss_ ##i >= 0) {				\
5500 		vhtcaps_mask->vht_supported_mcs_set.tx_map |=		\
5501 			host_to_le16(3 << 2 * (i - 1));			\
5502 		vhtcaps->vht_supported_mcs_set.tx_map |=		\
5503 			host_to_le16(ssid->vht_tx_mcs_nss_ ##i <<	\
5504 				     2 * (i - 1));			\
5505 	}								\
5506 	if (ssid->vht_rx_mcs_nss_ ##i >= 0) {				\
5507 		vhtcaps_mask->vht_supported_mcs_set.rx_map |=		\
5508 			host_to_le16(3 << 2 * (i - 1));			\
5509 		vhtcaps->vht_supported_mcs_set.rx_map |=		\
5510 			host_to_le16(ssid->vht_rx_mcs_nss_ ##i <<	\
5511 				     2 * (i - 1));			\
5512 	}
5513 
5514 	OVERRIDE_MCS(1);
5515 	OVERRIDE_MCS(2);
5516 	OVERRIDE_MCS(3);
5517 	OVERRIDE_MCS(4);
5518 	OVERRIDE_MCS(5);
5519 	OVERRIDE_MCS(6);
5520 	OVERRIDE_MCS(7);
5521 	OVERRIDE_MCS(8);
5522 }
5523 #endif /* CONFIG_VHT_OVERRIDES */
5524 
5525 
5526 #ifdef CONFIG_HE_OVERRIDES
wpa_supplicant_apply_he_overrides(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,struct wpa_driver_associate_params * params)5527 void wpa_supplicant_apply_he_overrides(
5528 	struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
5529 	struct wpa_driver_associate_params *params)
5530 {
5531 	if (!ssid)
5532 		return;
5533 
5534 	params->disable_he = ssid->disable_he;
5535 }
5536 #endif /* CONFIG_HE_OVERRIDES */
5537 
5538 
pcsc_reader_init(struct wpa_supplicant * wpa_s)5539 static int pcsc_reader_init(struct wpa_supplicant *wpa_s)
5540 {
5541 #ifdef PCSC_FUNCS
5542 	size_t len;
5543 
5544 	if (!wpa_s->conf->pcsc_reader)
5545 		return 0;
5546 
5547 	wpa_s->scard = scard_init(wpa_s->conf->pcsc_reader);
5548 	if (!wpa_s->scard)
5549 		return 1;
5550 
5551 	if (wpa_s->conf->pcsc_pin &&
5552 	    scard_set_pin(wpa_s->scard, wpa_s->conf->pcsc_pin) < 0) {
5553 		scard_deinit(wpa_s->scard);
5554 		wpa_s->scard = NULL;
5555 		wpa_msg(wpa_s, MSG_ERROR, "PC/SC PIN validation failed");
5556 		return -1;
5557 	}
5558 
5559 	len = sizeof(wpa_s->imsi) - 1;
5560 	if (scard_get_imsi(wpa_s->scard, wpa_s->imsi, &len)) {
5561 		scard_deinit(wpa_s->scard);
5562 		wpa_s->scard = NULL;
5563 		wpa_msg(wpa_s, MSG_ERROR, "Could not read IMSI");
5564 		return -1;
5565 	}
5566 	wpa_s->imsi[len] = '\0';
5567 
5568 	wpa_s->mnc_len = scard_get_mnc_len(wpa_s->scard);
5569 
5570 	wpa_printf(MSG_DEBUG, "SCARD: IMSI %s (MNC length %d)",
5571 		   wpa_s->imsi, wpa_s->mnc_len);
5572 
5573 	wpa_sm_set_scard_ctx(wpa_s->wpa, wpa_s->scard);
5574 	eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard);
5575 #endif /* PCSC_FUNCS */
5576 
5577 	return 0;
5578 }
5579 
5580 
wpas_init_ext_pw(struct wpa_supplicant * wpa_s)5581 int wpas_init_ext_pw(struct wpa_supplicant *wpa_s)
5582 {
5583 	char *val, *pos;
5584 
5585 	ext_password_deinit(wpa_s->ext_pw);
5586 	wpa_s->ext_pw = NULL;
5587 	eapol_sm_set_ext_pw_ctx(wpa_s->eapol, NULL);
5588 
5589 	if (!wpa_s->conf->ext_password_backend)
5590 		return 0;
5591 
5592 	val = os_strdup(wpa_s->conf->ext_password_backend);
5593 	if (val == NULL)
5594 		return -1;
5595 	pos = os_strchr(val, ':');
5596 	if (pos)
5597 		*pos++ = '\0';
5598 
5599 	wpa_printf(MSG_DEBUG, "EXT PW: Initialize backend '%s'", val);
5600 
5601 	wpa_s->ext_pw = ext_password_init(val, pos);
5602 	os_free(val);
5603 	if (wpa_s->ext_pw == NULL) {
5604 		wpa_printf(MSG_DEBUG, "EXT PW: Failed to initialize backend");
5605 		return -1;
5606 	}
5607 	eapol_sm_set_ext_pw_ctx(wpa_s->eapol, wpa_s->ext_pw);
5608 
5609 	return 0;
5610 }
5611 
5612 
5613 #ifdef CONFIG_FST
5614 
wpas_fst_get_bssid_cb(void * ctx)5615 static const u8 * wpas_fst_get_bssid_cb(void *ctx)
5616 {
5617 	struct wpa_supplicant *wpa_s = ctx;
5618 
5619 	return (is_zero_ether_addr(wpa_s->bssid) ||
5620 		wpa_s->wpa_state != WPA_COMPLETED) ? NULL : wpa_s->bssid;
5621 }
5622 
5623 
wpas_fst_get_channel_info_cb(void * ctx,enum hostapd_hw_mode * hw_mode,u8 * channel)5624 static void wpas_fst_get_channel_info_cb(void *ctx,
5625 					 enum hostapd_hw_mode *hw_mode,
5626 					 u8 *channel)
5627 {
5628 	struct wpa_supplicant *wpa_s = ctx;
5629 
5630 	if (wpa_s->current_bss) {
5631 		*hw_mode = ieee80211_freq_to_chan(wpa_s->current_bss->freq,
5632 						  channel);
5633 	} else if (wpa_s->hw.num_modes) {
5634 		*hw_mode = wpa_s->hw.modes[0].mode;
5635 	} else {
5636 		WPA_ASSERT(0);
5637 		*hw_mode = 0;
5638 	}
5639 }
5640 
5641 
wpas_fst_get_hw_modes(void * ctx,struct hostapd_hw_modes ** modes)5642 static int wpas_fst_get_hw_modes(void *ctx, struct hostapd_hw_modes **modes)
5643 {
5644 	struct wpa_supplicant *wpa_s = ctx;
5645 
5646 	*modes = wpa_s->hw.modes;
5647 	return wpa_s->hw.num_modes;
5648 }
5649 
5650 
wpas_fst_set_ies_cb(void * ctx,const struct wpabuf * fst_ies)5651 static void wpas_fst_set_ies_cb(void *ctx, const struct wpabuf *fst_ies)
5652 {
5653 	struct wpa_supplicant *wpa_s = ctx;
5654 
5655 	wpa_hexdump_buf(MSG_DEBUG, "FST: Set IEs", fst_ies);
5656 	wpa_s->fst_ies = fst_ies;
5657 }
5658 
5659 
wpas_fst_send_action_cb(void * ctx,const u8 * da,struct wpabuf * data)5660 static int wpas_fst_send_action_cb(void *ctx, const u8 *da, struct wpabuf *data)
5661 {
5662 	struct wpa_supplicant *wpa_s = ctx;
5663 
5664 	if (os_memcmp(wpa_s->bssid, da, ETH_ALEN) != 0) {
5665 		wpa_printf(MSG_INFO, "FST:%s:bssid=" MACSTR " != da=" MACSTR,
5666 			   __func__, MAC2STR(wpa_s->bssid), MAC2STR(da));
5667 		return -1;
5668 	}
5669 	return wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
5670 				   wpa_s->own_addr, wpa_s->bssid,
5671 				   wpabuf_head(data), wpabuf_len(data),
5672 				   0);
5673 }
5674 
5675 
wpas_fst_get_mb_ie_cb(void * ctx,const u8 * addr)5676 static const struct wpabuf * wpas_fst_get_mb_ie_cb(void *ctx, const u8 *addr)
5677 {
5678 	struct wpa_supplicant *wpa_s = ctx;
5679 
5680 	WPA_ASSERT(os_memcmp(wpa_s->bssid, addr, ETH_ALEN) == 0);
5681 	return wpa_s->received_mb_ies;
5682 }
5683 
5684 
wpas_fst_update_mb_ie_cb(void * ctx,const u8 * addr,const u8 * buf,size_t size)5685 static void wpas_fst_update_mb_ie_cb(void *ctx, const u8 *addr,
5686 				     const u8 *buf, size_t size)
5687 {
5688 	struct wpa_supplicant *wpa_s = ctx;
5689 	struct mb_ies_info info;
5690 
5691 	WPA_ASSERT(os_memcmp(wpa_s->bssid, addr, ETH_ALEN) == 0);
5692 
5693 	if (!mb_ies_info_by_ies(&info, buf, size)) {
5694 		wpabuf_free(wpa_s->received_mb_ies);
5695 		wpa_s->received_mb_ies = mb_ies_by_info(&info);
5696 	}
5697 }
5698 
5699 
wpas_fst_get_peer_first(void * ctx,struct fst_get_peer_ctx ** get_ctx,bool mb_only)5700 static const u8 * wpas_fst_get_peer_first(void *ctx,
5701 					  struct fst_get_peer_ctx **get_ctx,
5702 					  bool mb_only)
5703 {
5704 	struct wpa_supplicant *wpa_s = ctx;
5705 
5706 	*get_ctx = NULL;
5707 	if (!is_zero_ether_addr(wpa_s->bssid))
5708 		return (wpa_s->received_mb_ies || !mb_only) ?
5709 			wpa_s->bssid : NULL;
5710 	return NULL;
5711 }
5712 
5713 
wpas_fst_get_peer_next(void * ctx,struct fst_get_peer_ctx ** get_ctx,bool mb_only)5714 static const u8 * wpas_fst_get_peer_next(void *ctx,
5715 					 struct fst_get_peer_ctx **get_ctx,
5716 					 bool mb_only)
5717 {
5718 	return NULL;
5719 }
5720 
fst_wpa_supplicant_fill_iface_obj(struct wpa_supplicant * wpa_s,struct fst_wpa_obj * iface_obj)5721 void fst_wpa_supplicant_fill_iface_obj(struct wpa_supplicant *wpa_s,
5722 				       struct fst_wpa_obj *iface_obj)
5723 {
5724 	iface_obj->ctx              = wpa_s;
5725 	iface_obj->get_bssid        = wpas_fst_get_bssid_cb;
5726 	iface_obj->get_channel_info = wpas_fst_get_channel_info_cb;
5727 	iface_obj->get_hw_modes     = wpas_fst_get_hw_modes;
5728 	iface_obj->set_ies          = wpas_fst_set_ies_cb;
5729 	iface_obj->send_action      = wpas_fst_send_action_cb;
5730 	iface_obj->get_mb_ie        = wpas_fst_get_mb_ie_cb;
5731 	iface_obj->update_mb_ie     = wpas_fst_update_mb_ie_cb;
5732 	iface_obj->get_peer_first   = wpas_fst_get_peer_first;
5733 	iface_obj->get_peer_next    = wpas_fst_get_peer_next;
5734 }
5735 #endif /* CONFIG_FST */
5736 
wpas_set_wowlan_triggers(struct wpa_supplicant * wpa_s,const struct wpa_driver_capa * capa)5737 static int wpas_set_wowlan_triggers(struct wpa_supplicant *wpa_s,
5738 				    const struct wpa_driver_capa *capa)
5739 {
5740 	struct wowlan_triggers *triggers;
5741 	int ret = 0;
5742 
5743 	if (!wpa_s->conf->wowlan_triggers)
5744 		return 0;
5745 
5746 	triggers = wpa_get_wowlan_triggers(wpa_s->conf->wowlan_triggers, capa);
5747 	if (triggers) {
5748 		ret = wpa_drv_wowlan(wpa_s, triggers);
5749 		os_free(triggers);
5750 	}
5751 	return ret;
5752 }
5753 
5754 
wpas_freq_to_band(int freq)5755 enum wpa_radio_work_band wpas_freq_to_band(int freq)
5756 {
5757 	if (freq < 3000)
5758 		return BAND_2_4_GHZ;
5759 	if (freq > 50000)
5760 		return BAND_60_GHZ;
5761 	return BAND_5_GHZ;
5762 }
5763 
5764 
wpas_get_bands(struct wpa_supplicant * wpa_s,const int * freqs)5765 unsigned int wpas_get_bands(struct wpa_supplicant *wpa_s, const int *freqs)
5766 {
5767 	int i;
5768 	unsigned int band = 0;
5769 
5770 	if (freqs) {
5771 		/* freqs are specified for the radio work */
5772 		for (i = 0; freqs[i]; i++)
5773 			band |= wpas_freq_to_band(freqs[i]);
5774 	} else {
5775 		/*
5776 		 * freqs are not specified, implies all
5777 		 * the supported freqs by HW
5778 		 */
5779 		for (i = 0; i < wpa_s->hw.num_modes; i++) {
5780 			if (wpa_s->hw.modes[i].num_channels != 0) {
5781 				if (wpa_s->hw.modes[i].mode ==
5782 				    HOSTAPD_MODE_IEEE80211B ||
5783 				    wpa_s->hw.modes[i].mode ==
5784 				    HOSTAPD_MODE_IEEE80211G)
5785 					band |= BAND_2_4_GHZ;
5786 				else if (wpa_s->hw.modes[i].mode ==
5787 					 HOSTAPD_MODE_IEEE80211A)
5788 					band |= BAND_5_GHZ;
5789 				else if (wpa_s->hw.modes[i].mode ==
5790 					 HOSTAPD_MODE_IEEE80211AD)
5791 					band |= BAND_60_GHZ;
5792 				else if (wpa_s->hw.modes[i].mode ==
5793 					 HOSTAPD_MODE_IEEE80211ANY)
5794 					band = BAND_2_4_GHZ | BAND_5_GHZ |
5795 						BAND_60_GHZ;
5796 			}
5797 		}
5798 	}
5799 
5800 	return band;
5801 }
5802 
5803 
radio_add_interface(struct wpa_supplicant * wpa_s,const char * rn)5804 static struct wpa_radio * radio_add_interface(struct wpa_supplicant *wpa_s,
5805 					      const char *rn)
5806 {
5807 	struct wpa_supplicant *iface = wpa_s->global->ifaces;
5808 	struct wpa_radio *radio;
5809 
5810 	while (rn && iface) {
5811 		radio = iface->radio;
5812 		if (radio && os_strcmp(rn, radio->name) == 0) {
5813 			wpa_printf(MSG_DEBUG, "Add interface %s to existing radio %s",
5814 				   wpa_s->ifname, rn);
5815 			dl_list_add(&radio->ifaces, &wpa_s->radio_list);
5816 			return radio;
5817 		}
5818 
5819 		iface = iface->next;
5820 	}
5821 
5822 	wpa_printf(MSG_DEBUG, "Add interface %s to a new radio %s",
5823 		   wpa_s->ifname, rn ? rn : "N/A");
5824 	radio = os_zalloc(sizeof(*radio));
5825 	if (radio == NULL)
5826 		return NULL;
5827 
5828 	if (rn)
5829 		os_strlcpy(radio->name, rn, sizeof(radio->name));
5830 	dl_list_init(&radio->ifaces);
5831 	dl_list_init(&radio->work);
5832 	dl_list_add(&radio->ifaces, &wpa_s->radio_list);
5833 
5834 	return radio;
5835 }
5836 
5837 
radio_work_free(struct wpa_radio_work * work)5838 static void radio_work_free(struct wpa_radio_work *work)
5839 {
5840 	if (work->wpa_s->scan_work == work) {
5841 		/* This should not really happen. */
5842 		wpa_dbg(work->wpa_s, MSG_INFO, "Freeing radio work '%s'@%p (started=%d) that is marked as scan_work",
5843 			work->type, work, work->started);
5844 		work->wpa_s->scan_work = NULL;
5845 	}
5846 
5847 #ifdef CONFIG_P2P
5848 	if (work->wpa_s->p2p_scan_work == work) {
5849 		/* This should not really happen. */
5850 		wpa_dbg(work->wpa_s, MSG_INFO, "Freeing radio work '%s'@%p (started=%d) that is marked as p2p_scan_work",
5851 			work->type, work, work->started);
5852 		work->wpa_s->p2p_scan_work = NULL;
5853 	}
5854 #endif /* CONFIG_P2P */
5855 
5856 	if (work->started) {
5857 		work->wpa_s->radio->num_active_works--;
5858 		wpa_dbg(work->wpa_s, MSG_DEBUG,
5859 			"radio_work_free('%s'@%p): num_active_works --> %u",
5860 			work->type, work,
5861 			work->wpa_s->radio->num_active_works);
5862 	}
5863 
5864 	dl_list_del(&work->list);
5865 	os_free(work);
5866 }
5867 
5868 
radio_work_is_connect(struct wpa_radio_work * work)5869 static int radio_work_is_connect(struct wpa_radio_work *work)
5870 {
5871 	return os_strcmp(work->type, "sme-connect") == 0 ||
5872 		os_strcmp(work->type, "connect") == 0;
5873 }
5874 
5875 
radio_work_is_scan(struct wpa_radio_work * work)5876 static int radio_work_is_scan(struct wpa_radio_work *work)
5877 {
5878 	return os_strcmp(work->type, "scan") == 0 ||
5879 		os_strcmp(work->type, "p2p-scan") == 0;
5880 }
5881 
5882 
radio_work_get_next_work(struct wpa_radio * radio)5883 static struct wpa_radio_work * radio_work_get_next_work(struct wpa_radio *radio)
5884 {
5885 	struct wpa_radio_work *active_work = NULL;
5886 	struct wpa_radio_work *tmp;
5887 
5888 	/* Get the active work to know the type and band. */
5889 	dl_list_for_each(tmp, &radio->work, struct wpa_radio_work, list) {
5890 		if (tmp->started) {
5891 			active_work = tmp;
5892 			break;
5893 		}
5894 	}
5895 
5896 	if (!active_work) {
5897 		/* No active work, start one */
5898 		radio->num_active_works = 0;
5899 		dl_list_for_each(tmp, &radio->work, struct wpa_radio_work,
5900 				 list) {
5901 			if (os_strcmp(tmp->type, "scan") == 0 &&
5902 			    external_scan_running(radio) &&
5903 			    (((struct wpa_driver_scan_params *)
5904 			      tmp->ctx)->only_new_results ||
5905 			     tmp->wpa_s->clear_driver_scan_cache))
5906 				continue;
5907 			return tmp;
5908 		}
5909 		return NULL;
5910 	}
5911 
5912 	if (radio_work_is_connect(active_work)) {
5913 		/*
5914 		 * If the active work is either connect or sme-connect,
5915 		 * do not parallelize them with other radio works.
5916 		 */
5917 		wpa_dbg(active_work->wpa_s, MSG_DEBUG,
5918 			"Do not parallelize radio work with %s",
5919 			active_work->type);
5920 		return NULL;
5921 	}
5922 
5923 	dl_list_for_each(tmp, &radio->work, struct wpa_radio_work, list) {
5924 		if (tmp->started)
5925 			continue;
5926 
5927 		/*
5928 		 * If connect or sme-connect are enqueued, parallelize only
5929 		 * those operations ahead of them in the queue.
5930 		 */
5931 		if (radio_work_is_connect(tmp))
5932 			break;
5933 
5934 		/* Serialize parallel scan and p2p_scan operations on the same
5935 		 * interface since the driver_nl80211 mechanism for tracking
5936 		 * scan cookies does not yet have support for this. */
5937 		if (active_work->wpa_s == tmp->wpa_s &&
5938 		    radio_work_is_scan(active_work) &&
5939 		    radio_work_is_scan(tmp)) {
5940 			wpa_dbg(active_work->wpa_s, MSG_DEBUG,
5941 				"Do not start work '%s' when another work '%s' is already scheduled",
5942 				tmp->type, active_work->type);
5943 			continue;
5944 		}
5945 		/*
5946 		 * Check that the radio works are distinct and
5947 		 * on different bands.
5948 		 */
5949 		if (os_strcmp(active_work->type, tmp->type) != 0 &&
5950 		    (active_work->bands != tmp->bands)) {
5951 			/*
5952 			 * If a scan has to be scheduled through nl80211 scan
5953 			 * interface and if an external scan is already running,
5954 			 * do not schedule the scan since it is likely to get
5955 			 * rejected by kernel.
5956 			 */
5957 			if (os_strcmp(tmp->type, "scan") == 0 &&
5958 			    external_scan_running(radio) &&
5959 			    (((struct wpa_driver_scan_params *)
5960 			      tmp->ctx)->only_new_results ||
5961 			     tmp->wpa_s->clear_driver_scan_cache))
5962 				continue;
5963 
5964 			wpa_dbg(active_work->wpa_s, MSG_DEBUG,
5965 				"active_work:%s new_work:%s",
5966 				active_work->type, tmp->type);
5967 			return tmp;
5968 		}
5969 	}
5970 
5971 	/* Did not find a radio work to schedule in parallel. */
5972 	return NULL;
5973 }
5974 
5975 
radio_start_next_work(void * eloop_ctx,void * timeout_ctx)5976 static void radio_start_next_work(void *eloop_ctx, void *timeout_ctx)
5977 {
5978 	struct wpa_radio *radio = eloop_ctx;
5979 	struct wpa_radio_work *work;
5980 	struct os_reltime now, diff;
5981 	struct wpa_supplicant *wpa_s;
5982 
5983 	work = dl_list_first(&radio->work, struct wpa_radio_work, list);
5984 	if (work == NULL) {
5985 		radio->num_active_works = 0;
5986 		return;
5987 	}
5988 
5989 	wpa_s = dl_list_first(&radio->ifaces, struct wpa_supplicant,
5990 			      radio_list);
5991 
5992 	if (!(wpa_s &&
5993 	      wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS)) {
5994 		if (work->started)
5995 			return; /* already started and still in progress */
5996 
5997 		if (wpa_s && external_scan_running(wpa_s->radio)) {
5998 			wpa_printf(MSG_DEBUG, "Delay radio work start until externally triggered scan completes");
5999 			return;
6000 		}
6001 	} else {
6002 		work = NULL;
6003 		if (radio->num_active_works < MAX_ACTIVE_WORKS) {
6004 			/* get the work to schedule next */
6005 			work = radio_work_get_next_work(radio);
6006 		}
6007 		if (!work)
6008 			return;
6009 	}
6010 
6011 	wpa_s = work->wpa_s;
6012 	os_get_reltime(&now);
6013 	os_reltime_sub(&now, &work->time, &diff);
6014 	wpa_dbg(wpa_s, MSG_DEBUG,
6015 		"Starting radio work '%s'@%p after %ld.%06ld second wait",
6016 		work->type, work, diff.sec, diff.usec);
6017 	work->started = 1;
6018 	work->time = now;
6019 	radio->num_active_works++;
6020 
6021 	work->cb(work, 0);
6022 
6023 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS) &&
6024 	    radio->num_active_works < MAX_ACTIVE_WORKS)
6025 		radio_work_check_next(wpa_s);
6026 }
6027 
6028 
6029 /*
6030  * This function removes both started and pending radio works running on
6031  * the provided interface's radio.
6032  * Prior to the removal of the radio work, its callback (cb) is called with
6033  * deinit set to be 1. Each work's callback is responsible for clearing its
6034  * internal data and restoring to a correct state.
6035  * @wpa_s: wpa_supplicant data
6036  * @type: type of works to be removed
6037  * @remove_all: 1 to remove all the works on this radio, 0 to remove only
6038  * this interface's works.
6039  */
radio_remove_works(struct wpa_supplicant * wpa_s,const char * type,int remove_all)6040 void radio_remove_works(struct wpa_supplicant *wpa_s,
6041 			const char *type, int remove_all)
6042 {
6043 	struct wpa_radio_work *work, *tmp;
6044 	struct wpa_radio *radio = wpa_s->radio;
6045 
6046 	dl_list_for_each_safe(work, tmp, &radio->work, struct wpa_radio_work,
6047 			      list) {
6048 		if (type && os_strcmp(type, work->type) != 0)
6049 			continue;
6050 
6051 		/* skip other ifaces' works */
6052 		if (!remove_all && work->wpa_s != wpa_s)
6053 			continue;
6054 
6055 		wpa_dbg(wpa_s, MSG_DEBUG, "Remove radio work '%s'@%p%s",
6056 			work->type, work, work->started ? " (started)" : "");
6057 		work->cb(work, 1);
6058 		radio_work_free(work);
6059 	}
6060 
6061 	/* in case we removed the started work */
6062 	radio_work_check_next(wpa_s);
6063 }
6064 
6065 
radio_remove_pending_work(struct wpa_supplicant * wpa_s,void * ctx)6066 void radio_remove_pending_work(struct wpa_supplicant *wpa_s, void *ctx)
6067 {
6068 	struct wpa_radio_work *work;
6069 	struct wpa_radio *radio = wpa_s->radio;
6070 
6071 	dl_list_for_each(work, &radio->work, struct wpa_radio_work, list) {
6072 		if (work->ctx != ctx)
6073 			continue;
6074 		wpa_dbg(wpa_s, MSG_DEBUG, "Free pending radio work '%s'@%p%s",
6075 			work->type, work, work->started ? " (started)" : "");
6076 		radio_work_free(work);
6077 		break;
6078 	}
6079 }
6080 
6081 
radio_remove_interface(struct wpa_supplicant * wpa_s)6082 static void radio_remove_interface(struct wpa_supplicant *wpa_s)
6083 {
6084 	struct wpa_radio *radio = wpa_s->radio;
6085 
6086 	if (!radio)
6087 		return;
6088 
6089 	wpa_printf(MSG_DEBUG, "Remove interface %s from radio %s",
6090 		   wpa_s->ifname, radio->name);
6091 	dl_list_del(&wpa_s->radio_list);
6092 	radio_remove_works(wpa_s, NULL, 0);
6093 	/* If the interface that triggered the external scan was removed, the
6094 	 * external scan is no longer running. */
6095 	if (wpa_s == radio->external_scan_req_interface)
6096 		radio->external_scan_req_interface = NULL;
6097 	wpa_s->radio = NULL;
6098 	if (!dl_list_empty(&radio->ifaces))
6099 		return; /* Interfaces remain for this radio */
6100 
6101 	wpa_printf(MSG_DEBUG, "Remove radio %s", radio->name);
6102 	eloop_cancel_timeout(radio_start_next_work, radio, NULL);
6103 	os_free(radio);
6104 }
6105 
6106 
radio_work_check_next(struct wpa_supplicant * wpa_s)6107 void radio_work_check_next(struct wpa_supplicant *wpa_s)
6108 {
6109 	struct wpa_radio *radio = wpa_s->radio;
6110 
6111 	if (dl_list_empty(&radio->work))
6112 		return;
6113 	if (wpa_s->ext_work_in_progress) {
6114 		wpa_printf(MSG_DEBUG,
6115 			   "External radio work in progress - delay start of pending item");
6116 		return;
6117 	}
6118 	eloop_cancel_timeout(radio_start_next_work, radio, NULL);
6119 	eloop_register_timeout(0, 0, radio_start_next_work, radio, NULL);
6120 }
6121 
6122 
6123 /**
6124  * radio_add_work - Add a radio work item
6125  * @wpa_s: Pointer to wpa_supplicant data
6126  * @freq: Frequency of the offchannel operation in MHz or 0
6127  * @type: Unique identifier for each type of work
6128  * @next: Force as the next work to be executed
6129  * @cb: Callback function for indicating when radio is available
6130  * @ctx: Context pointer for the work (work->ctx in cb())
6131  * Returns: 0 on success, -1 on failure
6132  *
6133  * This function is used to request time for an operation that requires
6134  * exclusive radio control. Once the radio is available, the registered callback
6135  * function will be called. radio_work_done() must be called once the exclusive
6136  * radio operation has been completed, so that the radio is freed for other
6137  * operations. The special case of deinit=1 is used to free the context data
6138  * during interface removal. That does not allow the callback function to start
6139  * the radio operation, i.e., it must free any resources allocated for the radio
6140  * work and return.
6141  *
6142  * The @freq parameter can be used to indicate a single channel on which the
6143  * offchannel operation will occur. This may allow multiple radio work
6144  * operations to be performed in parallel if they apply for the same channel.
6145  * Setting this to 0 indicates that the work item may use multiple channels or
6146  * requires exclusive control of the radio.
6147  */
radio_add_work(struct wpa_supplicant * wpa_s,unsigned int freq,const char * type,int next,void (* cb)(struct wpa_radio_work * work,int deinit),void * ctx)6148 int radio_add_work(struct wpa_supplicant *wpa_s, unsigned int freq,
6149 		   const char *type, int next,
6150 		   void (*cb)(struct wpa_radio_work *work, int deinit),
6151 		   void *ctx)
6152 {
6153 	struct wpa_radio *radio = wpa_s->radio;
6154 	struct wpa_radio_work *work;
6155 	int was_empty;
6156 
6157 	work = os_zalloc(sizeof(*work));
6158 	if (work == NULL)
6159 		return -1;
6160 	wpa_dbg(wpa_s, MSG_DEBUG, "Add radio work '%s'@%p", type, work);
6161 	os_get_reltime(&work->time);
6162 	work->freq = freq;
6163 	work->type = type;
6164 	work->wpa_s = wpa_s;
6165 	work->cb = cb;
6166 	work->ctx = ctx;
6167 
6168 	if (freq)
6169 		work->bands = wpas_freq_to_band(freq);
6170 	else if (os_strcmp(type, "scan") == 0 ||
6171 		 os_strcmp(type, "p2p-scan") == 0)
6172 		work->bands = wpas_get_bands(wpa_s,
6173 					     ((struct wpa_driver_scan_params *)
6174 					      ctx)->freqs);
6175 	else
6176 		work->bands = wpas_get_bands(wpa_s, NULL);
6177 
6178 	was_empty = dl_list_empty(&wpa_s->radio->work);
6179 	if (next)
6180 		dl_list_add(&wpa_s->radio->work, &work->list);
6181 	else
6182 		dl_list_add_tail(&wpa_s->radio->work, &work->list);
6183 	if (was_empty) {
6184 		wpa_dbg(wpa_s, MSG_DEBUG, "First radio work item in the queue - schedule start immediately");
6185 		radio_work_check_next(wpa_s);
6186 	} else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS)
6187 		   && radio->num_active_works < MAX_ACTIVE_WORKS) {
6188 		wpa_dbg(wpa_s, MSG_DEBUG,
6189 			"Try to schedule a radio work (num_active_works=%u)",
6190 			radio->num_active_works);
6191 		radio_work_check_next(wpa_s);
6192 	}
6193 
6194 	return 0;
6195 }
6196 
6197 
6198 /**
6199  * radio_work_done - Indicate that a radio work item has been completed
6200  * @work: Completed work
6201  *
6202  * This function is called once the callback function registered with
6203  * radio_add_work() has completed its work.
6204  */
radio_work_done(struct wpa_radio_work * work)6205 void radio_work_done(struct wpa_radio_work *work)
6206 {
6207 	struct wpa_supplicant *wpa_s = work->wpa_s;
6208 	struct os_reltime now, diff;
6209 	unsigned int started = work->started;
6210 
6211 	os_get_reltime(&now);
6212 	os_reltime_sub(&now, &work->time, &diff);
6213 	wpa_dbg(wpa_s, MSG_DEBUG, "Radio work '%s'@%p %s in %ld.%06ld seconds",
6214 		work->type, work, started ? "done" : "canceled",
6215 		diff.sec, diff.usec);
6216 	radio_work_free(work);
6217 	if (started)
6218 		radio_work_check_next(wpa_s);
6219 }
6220 
6221 
6222 struct wpa_radio_work *
radio_work_pending(struct wpa_supplicant * wpa_s,const char * type)6223 radio_work_pending(struct wpa_supplicant *wpa_s, const char *type)
6224 {
6225 	struct wpa_radio_work *work;
6226 	struct wpa_radio *radio = wpa_s->radio;
6227 
6228 	dl_list_for_each(work, &radio->work, struct wpa_radio_work, list) {
6229 		if (work->wpa_s == wpa_s && os_strcmp(work->type, type) == 0)
6230 			return work;
6231 	}
6232 
6233 	return NULL;
6234 }
6235 
6236 
wpas_init_driver(struct wpa_supplicant * wpa_s,const struct wpa_interface * iface)6237 static int wpas_init_driver(struct wpa_supplicant *wpa_s,
6238 			    const struct wpa_interface *iface)
6239 {
6240 	const char *ifname, *driver, *rn;
6241 
6242 	driver = iface->driver;
6243 next_driver:
6244 	if (wpa_supplicant_set_driver(wpa_s, driver) < 0)
6245 		return -1;
6246 
6247 	wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
6248 	if (wpa_s->drv_priv == NULL) {
6249 		const char *pos;
6250 		int level = MSG_ERROR;
6251 
6252 		pos = driver ? os_strchr(driver, ',') : NULL;
6253 		if (pos) {
6254 			wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
6255 				"driver interface - try next driver wrapper");
6256 			driver = pos + 1;
6257 			goto next_driver;
6258 		}
6259 
6260 #ifdef CONFIG_MATCH_IFACE
6261 		if (wpa_s->matched == WPA_IFACE_MATCHED_NULL)
6262 			level = MSG_DEBUG;
6263 #endif /* CONFIG_MATCH_IFACE */
6264 		wpa_msg(wpa_s, level, "Failed to initialize driver interface");
6265 		return -1;
6266 	}
6267 	if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
6268 		wpa_msg(wpa_s, MSG_ERROR, "Driver interface rejected "
6269 			"driver_param '%s'", wpa_s->conf->driver_param);
6270 		return -1;
6271 	}
6272 
6273 	ifname = wpa_drv_get_ifname(wpa_s);
6274 	if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
6275 		wpa_dbg(wpa_s, MSG_DEBUG, "Driver interface replaced "
6276 			"interface name with '%s'", ifname);
6277 		os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
6278 	}
6279 
6280 	rn = wpa_driver_get_radio_name(wpa_s);
6281 	if (rn && rn[0] == '\0')
6282 		rn = NULL;
6283 
6284 	wpa_s->radio = radio_add_interface(wpa_s, rn);
6285 	if (wpa_s->radio == NULL)
6286 		return -1;
6287 
6288 	return 0;
6289 }
6290 
6291 
6292 #ifdef CONFIG_GAS_SERVER
6293 
wpas_gas_server_tx_status(struct wpa_supplicant * wpa_s,unsigned int freq,const u8 * dst,const u8 * src,const u8 * bssid,const u8 * data,size_t data_len,enum offchannel_send_action_result result)6294 static void wpas_gas_server_tx_status(struct wpa_supplicant *wpa_s,
6295 				      unsigned int freq, const u8 *dst,
6296 				      const u8 *src, const u8 *bssid,
6297 				      const u8 *data, size_t data_len,
6298 				      enum offchannel_send_action_result result)
6299 {
6300 	wpa_printf(MSG_DEBUG, "GAS: TX status: freq=%u dst=" MACSTR
6301 		   " result=%s",
6302 		   freq, MAC2STR(dst),
6303 		   result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
6304 		   (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
6305 		    "FAILED"));
6306 	gas_server_tx_status(wpa_s->gas_server, dst, data, data_len,
6307 			     result == OFFCHANNEL_SEND_ACTION_SUCCESS);
6308 }
6309 
6310 
wpas_gas_server_tx(void * ctx,int freq,const u8 * da,struct wpabuf * buf,unsigned int wait_time)6311 static void wpas_gas_server_tx(void *ctx, int freq, const u8 *da,
6312 			       struct wpabuf *buf, unsigned int wait_time)
6313 {
6314 	struct wpa_supplicant *wpa_s = ctx;
6315 	const u8 broadcast[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
6316 
6317 	if (wait_time > wpa_s->max_remain_on_chan)
6318 		wait_time = wpa_s->max_remain_on_chan;
6319 
6320 	offchannel_send_action(wpa_s, freq, da, wpa_s->own_addr, broadcast,
6321 			       wpabuf_head(buf), wpabuf_len(buf),
6322 			       wait_time, wpas_gas_server_tx_status, 0);
6323 }
6324 
6325 #endif /* CONFIG_GAS_SERVER */
6326 
wpa_supplicant_init_iface(struct wpa_supplicant * wpa_s,const struct wpa_interface * iface)6327 static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
6328 				     const struct wpa_interface *iface)
6329 {
6330 	struct wpa_driver_capa capa;
6331 	int capa_res;
6332 	u8 dfs_domain;
6333 
6334 	wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
6335 		   "'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
6336 		   iface->confname ? iface->confname : "N/A",
6337 		   iface->driver ? iface->driver : "default",
6338 		   iface->ctrl_interface ? iface->ctrl_interface : "N/A",
6339 		   iface->bridge_ifname ? iface->bridge_ifname : "N/A");
6340 
6341 	if (iface->confname) {
6342 #ifdef CONFIG_BACKEND_FILE
6343 		wpa_s->confname = os_rel2abs_path(iface->confname);
6344 		if (wpa_s->confname == NULL) {
6345 			wpa_printf(MSG_ERROR, "Failed to get absolute path "
6346 				   "for configuration file '%s'.",
6347 				   iface->confname);
6348 			return -1;
6349 		}
6350 		wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
6351 			   iface->confname, wpa_s->confname);
6352 #else /* CONFIG_BACKEND_FILE */
6353 		wpa_s->confname = os_strdup(iface->confname);
6354 #endif /* CONFIG_BACKEND_FILE */
6355 		wpa_s->conf = wpa_config_read(wpa_s->confname, NULL);
6356 		if (wpa_s->conf == NULL) {
6357 			wpa_printf(MSG_ERROR, "Failed to read or parse "
6358 				   "configuration '%s'.", wpa_s->confname);
6359 			return -1;
6360 		}
6361 		wpa_s->confanother = os_rel2abs_path(iface->confanother);
6362 		if (wpa_s->confanother &&
6363 		    !wpa_config_read(wpa_s->confanother, wpa_s->conf)) {
6364 			wpa_printf(MSG_ERROR,
6365 				   "Failed to read or parse configuration '%s'.",
6366 				   wpa_s->confanother);
6367 			return -1;
6368 		}
6369 
6370 		/*
6371 		 * Override ctrl_interface and driver_param if set on command
6372 		 * line.
6373 		 */
6374 		if (iface->ctrl_interface) {
6375 			os_free(wpa_s->conf->ctrl_interface);
6376 			wpa_s->conf->ctrl_interface =
6377 				os_strdup(iface->ctrl_interface);
6378 		}
6379 
6380 		if (iface->driver_param) {
6381 			os_free(wpa_s->conf->driver_param);
6382 			wpa_s->conf->driver_param =
6383 				os_strdup(iface->driver_param);
6384 		}
6385 
6386 		if (iface->p2p_mgmt && !iface->ctrl_interface) {
6387 			os_free(wpa_s->conf->ctrl_interface);
6388 			wpa_s->conf->ctrl_interface = NULL;
6389 		}
6390 	} else
6391 		wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
6392 						     iface->driver_param);
6393 
6394 	if (wpa_s->conf == NULL) {
6395 		wpa_printf(MSG_ERROR, "\nNo configuration found.");
6396 		return -1;
6397 	}
6398 
6399 	if (iface->ifname == NULL) {
6400 		wpa_printf(MSG_ERROR, "\nInterface name is required.");
6401 		return -1;
6402 	}
6403 	if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
6404 		wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
6405 			   iface->ifname);
6406 		return -1;
6407 	}
6408 	os_strlcpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
6409 #ifdef CONFIG_MATCH_IFACE
6410 	wpa_s->matched = iface->matched;
6411 #endif /* CONFIG_MATCH_IFACE */
6412 
6413 	if (iface->bridge_ifname) {
6414 		if (os_strlen(iface->bridge_ifname) >=
6415 		    sizeof(wpa_s->bridge_ifname)) {
6416 			wpa_printf(MSG_ERROR, "\nToo long bridge interface "
6417 				   "name '%s'.", iface->bridge_ifname);
6418 			return -1;
6419 		}
6420 		os_strlcpy(wpa_s->bridge_ifname, iface->bridge_ifname,
6421 			   sizeof(wpa_s->bridge_ifname));
6422 	}
6423 
6424 	/* RSNA Supplicant Key Management - INITIALIZE */
6425 	eapol_sm_notify_portEnabled(wpa_s->eapol, false);
6426 	eapol_sm_notify_portValid(wpa_s->eapol, false);
6427 
6428 	/* Initialize driver interface and register driver event handler before
6429 	 * L2 receive handler so that association events are processed before
6430 	 * EAPOL-Key packets if both become available for the same select()
6431 	 * call. */
6432 	if (wpas_init_driver(wpa_s, iface) < 0)
6433 		return -1;
6434 
6435 	if (wpa_supplicant_init_wpa(wpa_s) < 0)
6436 		return -1;
6437 
6438 	wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
6439 			  wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
6440 			  NULL);
6441 	wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
6442 
6443 	if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
6444 	    wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
6445 			     wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
6446 		wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
6447 			"dot11RSNAConfigPMKLifetime");
6448 		return -1;
6449 	}
6450 
6451 	if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
6452 	    wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
6453 			     wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
6454 		wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
6455 			"dot11RSNAConfigPMKReauthThreshold");
6456 		return -1;
6457 	}
6458 
6459 	if (wpa_s->conf->dot11RSNAConfigSATimeout &&
6460 	    wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
6461 			     wpa_s->conf->dot11RSNAConfigSATimeout)) {
6462 		wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
6463 			"dot11RSNAConfigSATimeout");
6464 		return -1;
6465 	}
6466 
6467 	wpa_s->hw.modes = wpa_drv_get_hw_feature_data(wpa_s,
6468 						      &wpa_s->hw.num_modes,
6469 						      &wpa_s->hw.flags,
6470 						      &dfs_domain);
6471 	if (wpa_s->hw.modes) {
6472 		u16 i;
6473 
6474 		for (i = 0; i < wpa_s->hw.num_modes; i++) {
6475 			if (wpa_s->hw.modes[i].vht_capab) {
6476 				wpa_s->hw_capab = CAPAB_VHT;
6477 				break;
6478 			}
6479 
6480 			if (wpa_s->hw.modes[i].ht_capab &
6481 			    HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)
6482 				wpa_s->hw_capab = CAPAB_HT40;
6483 			else if (wpa_s->hw.modes[i].ht_capab &&
6484 				 wpa_s->hw_capab == CAPAB_NO_HT_VHT)
6485 				wpa_s->hw_capab = CAPAB_HT;
6486 		}
6487 	}
6488 
6489 	capa_res = wpa_drv_get_capa(wpa_s, &capa);
6490 	if (capa_res == 0) {
6491 		wpa_s->drv_capa_known = 1;
6492 		wpa_s->drv_flags = capa.flags;
6493 		wpa_s->drv_flags2 = capa.flags2;
6494 		wpa_s->drv_enc = capa.enc;
6495 		wpa_s->drv_rrm_flags = capa.rrm_flags;
6496 		wpa_s->probe_resp_offloads = capa.probe_resp_offloads;
6497 		wpa_s->max_scan_ssids = capa.max_scan_ssids;
6498 		wpa_s->max_sched_scan_ssids = capa.max_sched_scan_ssids;
6499 		wpa_s->max_sched_scan_plans = capa.max_sched_scan_plans;
6500 		wpa_s->max_sched_scan_plan_interval =
6501 			capa.max_sched_scan_plan_interval;
6502 		wpa_s->max_sched_scan_plan_iterations =
6503 			capa.max_sched_scan_plan_iterations;
6504 		wpa_s->sched_scan_supported = capa.sched_scan_supported;
6505 		wpa_s->max_match_sets = capa.max_match_sets;
6506 		wpa_s->max_remain_on_chan = capa.max_remain_on_chan;
6507 		wpa_s->max_stations = capa.max_stations;
6508 		wpa_s->extended_capa = capa.extended_capa;
6509 		wpa_s->extended_capa_mask = capa.extended_capa_mask;
6510 		wpa_s->extended_capa_len = capa.extended_capa_len;
6511 		wpa_s->num_multichan_concurrent =
6512 			capa.num_multichan_concurrent;
6513 		wpa_s->wmm_ac_supported = capa.wmm_ac_supported;
6514 
6515 		if (capa.mac_addr_rand_scan_supported)
6516 			wpa_s->mac_addr_rand_supported |= MAC_ADDR_RAND_SCAN;
6517 		if (wpa_s->sched_scan_supported &&
6518 		    capa.mac_addr_rand_sched_scan_supported)
6519 			wpa_s->mac_addr_rand_supported |=
6520 				(MAC_ADDR_RAND_SCHED_SCAN | MAC_ADDR_RAND_PNO);
6521 
6522 		wpa_drv_get_ext_capa(wpa_s, WPA_IF_STATION);
6523 		if (wpa_s->extended_capa &&
6524 		    wpa_s->extended_capa_len >= 3 &&
6525 		    wpa_s->extended_capa[2] & 0x40)
6526 			wpa_s->multi_bss_support = 1;
6527 	}
6528 	if (wpa_s->max_remain_on_chan == 0)
6529 		wpa_s->max_remain_on_chan = 1000;
6530 
6531 	/*
6532 	 * Only take p2p_mgmt parameters when P2P Device is supported.
6533 	 * Doing it here as it determines whether l2_packet_init() will be done
6534 	 * during wpa_supplicant_driver_init().
6535 	 */
6536 	if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)
6537 		wpa_s->p2p_mgmt = iface->p2p_mgmt;
6538 
6539 	if (wpa_s->num_multichan_concurrent == 0)
6540 		wpa_s->num_multichan_concurrent = 1;
6541 
6542 	if (wpa_supplicant_driver_init(wpa_s) < 0)
6543 		return -1;
6544 
6545 #ifdef CONFIG_TDLS
6546 	if (!iface->p2p_mgmt && wpa_tdls_init(wpa_s->wpa))
6547 		return -1;
6548 #endif /* CONFIG_TDLS */
6549 
6550 	if (wpa_s->conf->country[0] && wpa_s->conf->country[1] &&
6551 	    wpa_drv_set_country(wpa_s, wpa_s->conf->country)) {
6552 		wpa_dbg(wpa_s, MSG_DEBUG, "Failed to set country");
6553 		return -1;
6554 	}
6555 
6556 #ifdef CONFIG_FST
6557 	if (wpa_s->conf->fst_group_id) {
6558 		struct fst_iface_cfg cfg;
6559 		struct fst_wpa_obj iface_obj;
6560 
6561 		fst_wpa_supplicant_fill_iface_obj(wpa_s, &iface_obj);
6562 		os_strlcpy(cfg.group_id, wpa_s->conf->fst_group_id,
6563 			   sizeof(cfg.group_id));
6564 		cfg.priority = wpa_s->conf->fst_priority;
6565 		cfg.llt = wpa_s->conf->fst_llt;
6566 
6567 		wpa_s->fst = fst_attach(wpa_s->ifname, wpa_s->own_addr,
6568 					&iface_obj, &cfg);
6569 		if (!wpa_s->fst) {
6570 			wpa_msg(wpa_s, MSG_ERROR,
6571 				"FST: Cannot attach iface %s to group %s",
6572 				wpa_s->ifname, cfg.group_id);
6573 			return -1;
6574 		}
6575 	}
6576 #endif /* CONFIG_FST */
6577 
6578 	if (wpas_wps_init(wpa_s))
6579 		return -1;
6580 
6581 #ifdef CONFIG_GAS_SERVER
6582 	wpa_s->gas_server = gas_server_init(wpa_s, wpas_gas_server_tx);
6583 	if (!wpa_s->gas_server) {
6584 		wpa_printf(MSG_ERROR, "Failed to initialize GAS server");
6585 		return -1;
6586 	}
6587 #endif /* CONFIG_GAS_SERVER */
6588 
6589 #ifdef CONFIG_DPP
6590 	if (wpas_dpp_init(wpa_s) < 0)
6591 		return -1;
6592 #endif /* CONFIG_DPP */
6593 
6594 	if (wpa_supplicant_init_eapol(wpa_s) < 0)
6595 		return -1;
6596 	wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
6597 
6598 	wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
6599 	if (wpa_s->ctrl_iface == NULL) {
6600 		wpa_printf(MSG_ERROR,
6601 			   "Failed to initialize control interface '%s'.\n"
6602 			   "You may have another wpa_supplicant process "
6603 			   "already running or the file was\n"
6604 			   "left by an unclean termination of wpa_supplicant "
6605 			   "in which case you will need\n"
6606 			   "to manually remove this file before starting "
6607 			   "wpa_supplicant again.\n",
6608 			   wpa_s->conf->ctrl_interface);
6609 		return -1;
6610 	}
6611 
6612 	wpa_s->gas = gas_query_init(wpa_s);
6613 	if (wpa_s->gas == NULL) {
6614 		wpa_printf(MSG_ERROR, "Failed to initialize GAS query");
6615 		return -1;
6616 	}
6617 
6618 	if ((!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) ||
6619 	     wpa_s->p2p_mgmt) &&
6620 	    wpas_p2p_init(wpa_s->global, wpa_s) < 0) {
6621 		wpa_msg(wpa_s, MSG_ERROR, "Failed to init P2P");
6622 		return -1;
6623 	}
6624 
6625 	if (wpa_bss_init(wpa_s) < 0)
6626 		return -1;
6627 
6628 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
6629 #ifdef CONFIG_MESH
6630 	dl_list_init(&wpa_s->mesh_external_pmksa_cache);
6631 #endif /* CONFIG_MESH */
6632 #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
6633 
6634 	/*
6635 	 * Set Wake-on-WLAN triggers, if configured.
6636 	 * Note: We don't restore/remove the triggers on shutdown (it doesn't
6637 	 * have effect anyway when the interface is down).
6638 	 */
6639 	if (capa_res == 0 && wpas_set_wowlan_triggers(wpa_s, &capa) < 0)
6640 		return -1;
6641 
6642 #ifdef CONFIG_EAP_PROXY
6643 {
6644 	size_t len;
6645 	wpa_s->mnc_len = eapol_sm_get_eap_proxy_imsi(wpa_s->eapol, -1,
6646 						     wpa_s->imsi, &len);
6647 	if (wpa_s->mnc_len > 0) {
6648 		wpa_s->imsi[len] = '\0';
6649 		wpa_printf(MSG_DEBUG, "eap_proxy: IMSI %s (MNC length %d)",
6650 			   wpa_s->imsi, wpa_s->mnc_len);
6651 	} else {
6652 		wpa_printf(MSG_DEBUG, "eap_proxy: IMSI not available");
6653 	}
6654 }
6655 #endif /* CONFIG_EAP_PROXY */
6656 
6657 	if (pcsc_reader_init(wpa_s) < 0)
6658 		return -1;
6659 
6660 	if (wpas_init_ext_pw(wpa_s) < 0)
6661 		return -1;
6662 
6663 	wpas_rrm_reset(wpa_s);
6664 
6665 	wpas_sched_scan_plans_set(wpa_s, wpa_s->conf->sched_scan_plans);
6666 
6667 #ifdef CONFIG_HS20
6668 	hs20_init(wpa_s);
6669 #endif /* CONFIG_HS20 */
6670 #ifdef CONFIG_MBO
6671 	if (!wpa_s->disable_mbo_oce && wpa_s->conf->oce) {
6672 		if ((wpa_s->conf->oce & OCE_STA) &&
6673 		    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_OCE_STA))
6674 			wpa_s->enable_oce = OCE_STA;
6675 		if ((wpa_s->conf->oce & OCE_STA_CFON) &&
6676 		    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_OCE_STA_CFON)) {
6677 			/* TODO: Need to add STA-CFON support */
6678 			wpa_printf(MSG_ERROR,
6679 				   "OCE STA-CFON feature is not yet supported");
6680 		}
6681 	}
6682 	wpas_mbo_update_non_pref_chan(wpa_s, wpa_s->conf->non_pref_chan);
6683 #endif /* CONFIG_MBO */
6684 
6685 	wpa_supplicant_set_default_scan_ies(wpa_s);
6686 
6687 	return 0;
6688 }
6689 
6690 
wpa_supplicant_deinit_iface(struct wpa_supplicant * wpa_s,int notify,int terminate)6691 static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s,
6692 					int notify, int terminate)
6693 {
6694 	struct wpa_global *global = wpa_s->global;
6695 	struct wpa_supplicant *iface, *prev;
6696 
6697 	if (wpa_s == wpa_s->parent)
6698 		wpas_p2p_group_remove(wpa_s, "*");
6699 
6700 	iface = global->ifaces;
6701 	while (iface) {
6702 		if (iface->p2pdev == wpa_s)
6703 			iface->p2pdev = iface->parent;
6704 		if (iface == wpa_s || iface->parent != wpa_s) {
6705 			iface = iface->next;
6706 			continue;
6707 		}
6708 		wpa_printf(MSG_DEBUG,
6709 			   "Remove remaining child interface %s from parent %s",
6710 			   iface->ifname, wpa_s->ifname);
6711 		prev = iface;
6712 		iface = iface->next;
6713 		wpa_supplicant_remove_iface(global, prev, terminate);
6714 	}
6715 
6716 	wpa_s->disconnected = 1;
6717 	if (wpa_s->drv_priv) {
6718 		/*
6719 		 * Don't deauthenticate if WoWLAN is enable and not explicitly
6720 		 * been configured to disconnect.
6721 		 */
6722 		if (!wpa_drv_get_wowlan(wpa_s) ||
6723 		    wpa_s->conf->wowlan_disconnect_on_deinit) {
6724 			wpa_supplicant_deauthenticate(
6725 				wpa_s, WLAN_REASON_DEAUTH_LEAVING);
6726 
6727 			wpa_drv_set_countermeasures(wpa_s, 0);
6728 			wpa_clear_keys(wpa_s, NULL);
6729 		} else {
6730 			wpa_msg(wpa_s, MSG_INFO,
6731 				"Do not deauthenticate as part of interface deinit since WoWLAN is enabled");
6732 		}
6733 	}
6734 
6735 	wpa_supplicant_cleanup(wpa_s);
6736 	wpas_p2p_deinit_iface(wpa_s);
6737 
6738 	wpas_ctrl_radio_work_flush(wpa_s);
6739 	radio_remove_interface(wpa_s);
6740 
6741 #ifdef CONFIG_FST
6742 	if (wpa_s->fst) {
6743 		fst_detach(wpa_s->fst);
6744 		wpa_s->fst = NULL;
6745 	}
6746 	if (wpa_s->received_mb_ies) {
6747 		wpabuf_free(wpa_s->received_mb_ies);
6748 		wpa_s->received_mb_ies = NULL;
6749 	}
6750 #endif /* CONFIG_FST */
6751 
6752 	if (wpa_s->drv_priv)
6753 		wpa_drv_deinit(wpa_s);
6754 
6755 	if (notify)
6756 		wpas_notify_iface_removed(wpa_s);
6757 
6758 	if (terminate)
6759 		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING);
6760 
6761 	wpa_supplicant_ctrl_iface_deinit(wpa_s, wpa_s->ctrl_iface);
6762 	wpa_s->ctrl_iface = NULL;
6763 
6764 #ifdef CONFIG_MESH
6765 	if (wpa_s->ifmsh) {
6766 		wpa_supplicant_mesh_iface_deinit(wpa_s, wpa_s->ifmsh, true);
6767 		wpa_s->ifmsh = NULL;
6768 	}
6769 #endif /* CONFIG_MESH */
6770 
6771 	if (wpa_s->conf != NULL) {
6772 		wpa_config_free(wpa_s->conf);
6773 		wpa_s->conf = NULL;
6774 	}
6775 
6776 	os_free(wpa_s->ssids_from_scan_req);
6777 	os_free(wpa_s->last_scan_freqs);
6778 
6779 	os_free(wpa_s);
6780 }
6781 
6782 
6783 #ifdef CONFIG_MATCH_IFACE
6784 
6785 /**
6786  * wpa_supplicant_match_iface - Match an interface description to a name
6787  * @global: Pointer to global data from wpa_supplicant_init()
6788  * @ifname: Name of the interface to match
6789  * Returns: Pointer to the created interface description or %NULL on failure
6790  */
wpa_supplicant_match_iface(struct wpa_global * global,const char * ifname)6791 struct wpa_interface * wpa_supplicant_match_iface(struct wpa_global *global,
6792 						  const char *ifname)
6793 {
6794 	int i;
6795 	struct wpa_interface *iface, *miface;
6796 
6797 	for (i = 0; i < global->params.match_iface_count; i++) {
6798 		miface = &global->params.match_ifaces[i];
6799 		if (!miface->ifname ||
6800 		    fnmatch(miface->ifname, ifname, 0) == 0) {
6801 			iface = os_zalloc(sizeof(*iface));
6802 			if (!iface)
6803 				return NULL;
6804 			*iface = *miface;
6805 			if (!miface->ifname)
6806 				iface->matched = WPA_IFACE_MATCHED_NULL;
6807 			else
6808 				iface->matched = WPA_IFACE_MATCHED;
6809 			iface->ifname = ifname;
6810 			return iface;
6811 		}
6812 	}
6813 
6814 	return NULL;
6815 }
6816 
6817 
6818 /**
6819  * wpa_supplicant_match_existing - Match existing interfaces
6820  * @global: Pointer to global data from wpa_supplicant_init()
6821  * Returns: 0 on success, -1 on failure
6822  */
wpa_supplicant_match_existing(struct wpa_global * global)6823 static int wpa_supplicant_match_existing(struct wpa_global *global)
6824 {
6825 	struct if_nameindex *ifi, *ifp;
6826 	struct wpa_supplicant *wpa_s;
6827 	struct wpa_interface *iface;
6828 
6829 	ifp = if_nameindex();
6830 	if (!ifp) {
6831 		wpa_printf(MSG_ERROR, "if_nameindex: %s", strerror(errno));
6832 		return -1;
6833 	}
6834 
6835 	for (ifi = ifp; ifi->if_name; ifi++) {
6836 		wpa_s = wpa_supplicant_get_iface(global, ifi->if_name);
6837 		if (wpa_s)
6838 			continue;
6839 		iface = wpa_supplicant_match_iface(global, ifi->if_name);
6840 		if (iface) {
6841 			wpa_supplicant_add_iface(global, iface, NULL);
6842 			os_free(iface);
6843 		}
6844 	}
6845 
6846 	if_freenameindex(ifp);
6847 	return 0;
6848 }
6849 
6850 #endif /* CONFIG_MATCH_IFACE */
6851 
6852 
6853 /**
6854  * wpa_supplicant_add_iface - Add a new network interface
6855  * @global: Pointer to global data from wpa_supplicant_init()
6856  * @iface: Interface configuration options
6857  * @parent: Parent interface or %NULL to assign new interface as parent
6858  * Returns: Pointer to the created interface or %NULL on failure
6859  *
6860  * This function is used to add new network interfaces for %wpa_supplicant.
6861  * This can be called before wpa_supplicant_run() to add interfaces before the
6862  * main event loop has been started. In addition, new interfaces can be added
6863  * dynamically while %wpa_supplicant is already running. This could happen,
6864  * e.g., when a hotplug network adapter is inserted.
6865  */
wpa_supplicant_add_iface(struct wpa_global * global,struct wpa_interface * iface,struct wpa_supplicant * parent)6866 struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
6867 						 struct wpa_interface *iface,
6868 						 struct wpa_supplicant *parent)
6869 {
6870 	struct wpa_supplicant *wpa_s;
6871 	struct wpa_interface t_iface;
6872 	struct wpa_ssid *ssid;
6873 
6874 	if (global == NULL || iface == NULL)
6875 		return NULL;
6876 
6877 	wpa_s = wpa_supplicant_alloc(parent);
6878 	if (wpa_s == NULL)
6879 		return NULL;
6880 
6881 	wpa_s->global = global;
6882 
6883 	t_iface = *iface;
6884 	if (global->params.override_driver) {
6885 		wpa_printf(MSG_DEBUG, "Override interface parameter: driver "
6886 			   "('%s' -> '%s')",
6887 			   iface->driver, global->params.override_driver);
6888 		t_iface.driver = global->params.override_driver;
6889 	}
6890 	if (global->params.override_ctrl_interface) {
6891 		wpa_printf(MSG_DEBUG, "Override interface parameter: "
6892 			   "ctrl_interface ('%s' -> '%s')",
6893 			   iface->ctrl_interface,
6894 			   global->params.override_ctrl_interface);
6895 		t_iface.ctrl_interface =
6896 			global->params.override_ctrl_interface;
6897 	}
6898 	if (wpa_supplicant_init_iface(wpa_s, &t_iface)) {
6899 		wpa_printf(MSG_DEBUG, "Failed to add interface %s",
6900 			   iface->ifname);
6901 		wpa_supplicant_deinit_iface(wpa_s, 0, 0);
6902 		return NULL;
6903 	}
6904 
6905 	/* Notify the control interfaces about new iface */
6906 	if (wpas_notify_iface_added(wpa_s)) {
6907 		wpa_supplicant_deinit_iface(wpa_s, 1, 0);
6908 		return NULL;
6909 	}
6910 
6911 	/* Notify the control interfaces about new networks for non p2p mgmt
6912 	 * ifaces. */
6913 	if (iface->p2p_mgmt == 0) {
6914 		for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
6915 			wpas_notify_network_added(wpa_s, ssid);
6916 	}
6917 
6918 	wpa_s->next = global->ifaces;
6919 	global->ifaces = wpa_s;
6920 
6921 	wpa_dbg(wpa_s, MSG_DEBUG, "Added interface %s", wpa_s->ifname);
6922 	wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
6923 
6924 #ifdef CONFIG_P2P
6925 	if (wpa_s->global->p2p == NULL &&
6926 	    !wpa_s->global->p2p_disabled && !wpa_s->conf->p2p_disabled &&
6927 	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) &&
6928 	    wpas_p2p_add_p2pdev_interface(
6929 		    wpa_s, wpa_s->global->params.conf_p2p_dev) < 0) {
6930 		wpa_printf(MSG_INFO,
6931 			   "P2P: Failed to enable P2P Device interface");
6932 		/* Try to continue without. P2P will be disabled. */
6933 	}
6934 #endif /* CONFIG_P2P */
6935 
6936 	return wpa_s;
6937 }
6938 
6939 
6940 /**
6941  * wpa_supplicant_remove_iface - Remove a network interface
6942  * @global: Pointer to global data from wpa_supplicant_init()
6943  * @wpa_s: Pointer to the network interface to be removed
6944  * Returns: 0 if interface was removed, -1 if interface was not found
6945  *
6946  * This function can be used to dynamically remove network interfaces from
6947  * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
6948  * addition, this function is used to remove all remaining interfaces when
6949  * %wpa_supplicant is terminated.
6950  */
wpa_supplicant_remove_iface(struct wpa_global * global,struct wpa_supplicant * wpa_s,int terminate)6951 int wpa_supplicant_remove_iface(struct wpa_global *global,
6952 				struct wpa_supplicant *wpa_s,
6953 				int terminate)
6954 {
6955 	struct wpa_supplicant *prev;
6956 #ifdef CONFIG_MESH
6957 	unsigned int mesh_if_created = wpa_s->mesh_if_created;
6958 	char *ifname = NULL;
6959 	struct wpa_supplicant *parent = wpa_s->parent;
6960 #endif /* CONFIG_MESH */
6961 
6962 	/* Remove interface from the global list of interfaces */
6963 	prev = global->ifaces;
6964 	if (prev == wpa_s) {
6965 		global->ifaces = wpa_s->next;
6966 	} else {
6967 		while (prev && prev->next != wpa_s)
6968 			prev = prev->next;
6969 		if (prev == NULL)
6970 			return -1;
6971 		prev->next = wpa_s->next;
6972 	}
6973 
6974 	wpa_dbg(wpa_s, MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
6975 
6976 #ifdef CONFIG_MESH
6977 	if (mesh_if_created) {
6978 		ifname = os_strdup(wpa_s->ifname);
6979 		if (ifname == NULL) {
6980 			wpa_dbg(wpa_s, MSG_ERROR,
6981 				"mesh: Failed to malloc ifname");
6982 			return -1;
6983 		}
6984 	}
6985 #endif /* CONFIG_MESH */
6986 
6987 	if (global->p2p_group_formation == wpa_s)
6988 		global->p2p_group_formation = NULL;
6989 	if (global->p2p_invite_group == wpa_s)
6990 		global->p2p_invite_group = NULL;
6991 	wpa_supplicant_deinit_iface(wpa_s, 1, terminate);
6992 
6993 #ifdef CONFIG_MESH
6994 	if (mesh_if_created) {
6995 		wpa_drv_if_remove(parent, WPA_IF_MESH, ifname);
6996 		os_free(ifname);
6997 	}
6998 #endif /* CONFIG_MESH */
6999 
7000 	return 0;
7001 }
7002 
7003 
7004 /**
7005  * wpa_supplicant_get_eap_mode - Get the current EAP mode
7006  * @wpa_s: Pointer to the network interface
7007  * Returns: Pointer to the eap mode or the string "UNKNOWN" if not found
7008  */
wpa_supplicant_get_eap_mode(struct wpa_supplicant * wpa_s)7009 const char * wpa_supplicant_get_eap_mode(struct wpa_supplicant *wpa_s)
7010 {
7011 	const char *eapol_method;
7012 
7013         if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) == 0 &&
7014             wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
7015 		return "NO-EAP";
7016 	}
7017 
7018 	eapol_method = eapol_sm_get_method_name(wpa_s->eapol);
7019 	if (eapol_method == NULL)
7020 		return "UNKNOWN-EAP";
7021 
7022 	return eapol_method;
7023 }
7024 
7025 
7026 /**
7027  * wpa_supplicant_get_iface - Get a new network interface
7028  * @global: Pointer to global data from wpa_supplicant_init()
7029  * @ifname: Interface name
7030  * Returns: Pointer to the interface or %NULL if not found
7031  */
wpa_supplicant_get_iface(struct wpa_global * global,const char * ifname)7032 struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
7033 						 const char *ifname)
7034 {
7035 	struct wpa_supplicant *wpa_s;
7036 
7037 	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
7038 		if (os_strcmp(wpa_s->ifname, ifname) == 0)
7039 			return wpa_s;
7040 	}
7041 	return NULL;
7042 }
7043 
7044 
7045 #ifndef CONFIG_NO_WPA_MSG
wpa_supplicant_msg_ifname_cb(void * ctx)7046 static const char * wpa_supplicant_msg_ifname_cb(void *ctx)
7047 {
7048 	struct wpa_supplicant *wpa_s = ctx;
7049 	if (wpa_s == NULL)
7050 		return NULL;
7051 	return wpa_s->ifname;
7052 }
7053 #endif /* CONFIG_NO_WPA_MSG */
7054 
7055 
7056 #ifndef WPA_SUPPLICANT_CLEANUP_INTERVAL
7057 #define WPA_SUPPLICANT_CLEANUP_INTERVAL 10
7058 #endif /* WPA_SUPPLICANT_CLEANUP_INTERVAL */
7059 
7060 /* Periodic cleanup tasks */
wpas_periodic(void * eloop_ctx,void * timeout_ctx)7061 static void wpas_periodic(void *eloop_ctx, void *timeout_ctx)
7062 {
7063 	struct wpa_global *global = eloop_ctx;
7064 	struct wpa_supplicant *wpa_s;
7065 
7066 	eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL, 0,
7067 			       wpas_periodic, global, NULL);
7068 
7069 #ifdef CONFIG_P2P
7070 	if (global->p2p)
7071 		p2p_expire_peers(global->p2p);
7072 #endif /* CONFIG_P2P */
7073 
7074 	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
7075 		wpa_bss_flush_by_age(wpa_s, wpa_s->conf->bss_expiration_age);
7076 #ifdef CONFIG_AP
7077 		ap_periodic(wpa_s);
7078 #endif /* CONFIG_AP */
7079 	}
7080 }
7081 
7082 
7083 /**
7084  * wpa_supplicant_init - Initialize %wpa_supplicant
7085  * @params: Parameters for %wpa_supplicant
7086  * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
7087  *
7088  * This function is used to initialize %wpa_supplicant. After successful
7089  * initialization, the returned data pointer can be used to add and remove
7090  * network interfaces, and eventually, to deinitialize %wpa_supplicant.
7091  */
wpa_supplicant_init(struct wpa_params * params)7092 struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
7093 {
7094 	struct wpa_global *global;
7095 	int ret, i;
7096 
7097 	if (params == NULL)
7098 		return NULL;
7099 
7100 #ifdef CONFIG_DRIVER_NDIS
7101 	{
7102 		void driver_ndis_init_ops(void);
7103 		driver_ndis_init_ops();
7104 	}
7105 #endif /* CONFIG_DRIVER_NDIS */
7106 
7107 #ifndef CONFIG_NO_WPA_MSG
7108 	wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
7109 #endif /* CONFIG_NO_WPA_MSG */
7110 
7111 	if (params->wpa_debug_file_path)
7112 		wpa_debug_open_file(params->wpa_debug_file_path);
7113 	if (!params->wpa_debug_file_path && !params->wpa_debug_syslog)
7114 		wpa_debug_setup_stdout();
7115 	if (params->wpa_debug_syslog)
7116 		wpa_debug_open_syslog();
7117 	if (params->wpa_debug_tracing) {
7118 		ret = wpa_debug_open_linux_tracing();
7119 		if (ret) {
7120 			wpa_printf(MSG_ERROR,
7121 				   "Failed to enable trace logging");
7122 			return NULL;
7123 		}
7124 	}
7125 
7126 	ret = eap_register_methods();
7127 	if (ret) {
7128 		wpa_printf(MSG_ERROR, "Failed to register EAP methods");
7129 		if (ret == -2)
7130 			wpa_printf(MSG_ERROR, "Two or more EAP methods used "
7131 				   "the same EAP type.");
7132 		return NULL;
7133 	}
7134 
7135 	global = os_zalloc(sizeof(*global));
7136 	if (global == NULL)
7137 		return NULL;
7138 	dl_list_init(&global->p2p_srv_bonjour);
7139 	dl_list_init(&global->p2p_srv_upnp);
7140 	global->params.daemonize = params->daemonize;
7141 	global->params.wait_for_monitor = params->wait_for_monitor;
7142 	global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
7143 	if (params->pid_file)
7144 		global->params.pid_file = os_strdup(params->pid_file);
7145 	if (params->ctrl_interface)
7146 		global->params.ctrl_interface =
7147 			os_strdup(params->ctrl_interface);
7148 	if (params->ctrl_interface_group)
7149 		global->params.ctrl_interface_group =
7150 			os_strdup(params->ctrl_interface_group);
7151 	if (params->override_driver)
7152 		global->params.override_driver =
7153 			os_strdup(params->override_driver);
7154 	if (params->override_ctrl_interface)
7155 		global->params.override_ctrl_interface =
7156 			os_strdup(params->override_ctrl_interface);
7157 #ifdef CONFIG_MATCH_IFACE
7158 	global->params.match_iface_count = params->match_iface_count;
7159 	if (params->match_iface_count) {
7160 		global->params.match_ifaces =
7161 			os_calloc(params->match_iface_count,
7162 				  sizeof(struct wpa_interface));
7163 		os_memcpy(global->params.match_ifaces,
7164 			  params->match_ifaces,
7165 			  params->match_iface_count *
7166 			  sizeof(struct wpa_interface));
7167 	}
7168 #endif /* CONFIG_MATCH_IFACE */
7169 #ifdef CONFIG_P2P
7170 	if (params->conf_p2p_dev)
7171 		global->params.conf_p2p_dev =
7172 			os_strdup(params->conf_p2p_dev);
7173 #endif /* CONFIG_P2P */
7174 	wpa_debug_level = global->params.wpa_debug_level =
7175 		params->wpa_debug_level;
7176 	wpa_debug_show_keys = global->params.wpa_debug_show_keys =
7177 		params->wpa_debug_show_keys;
7178 	wpa_debug_timestamp = global->params.wpa_debug_timestamp =
7179 		params->wpa_debug_timestamp;
7180 
7181 	wpa_printf(MSG_DEBUG, "wpa_supplicant v%s", VERSION_STR);
7182 
7183 	if (eloop_init()) {
7184 		wpa_printf(MSG_ERROR, "Failed to initialize event loop");
7185 		wpa_supplicant_deinit(global);
7186 		return NULL;
7187 	}
7188 
7189 	random_init(params->entropy_file);
7190 
7191 	global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
7192 	if (global->ctrl_iface == NULL) {
7193 		wpa_supplicant_deinit(global);
7194 		return NULL;
7195 	}
7196 
7197 	if (wpas_notify_supplicant_initialized(global)) {
7198 		wpa_supplicant_deinit(global);
7199 		return NULL;
7200 	}
7201 
7202 	for (i = 0; wpa_drivers[i]; i++)
7203 		global->drv_count++;
7204 	if (global->drv_count == 0) {
7205 		wpa_printf(MSG_ERROR, "No drivers enabled");
7206 		wpa_supplicant_deinit(global);
7207 		return NULL;
7208 	}
7209 	global->drv_priv = os_calloc(global->drv_count, sizeof(void *));
7210 	if (global->drv_priv == NULL) {
7211 		wpa_supplicant_deinit(global);
7212 		return NULL;
7213 	}
7214 
7215 #ifdef CONFIG_WIFI_DISPLAY
7216 	if (wifi_display_init(global) < 0) {
7217 		wpa_printf(MSG_ERROR, "Failed to initialize Wi-Fi Display");
7218 		wpa_supplicant_deinit(global);
7219 		return NULL;
7220 	}
7221 #endif /* CONFIG_WIFI_DISPLAY */
7222 
7223 	eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL, 0,
7224 			       wpas_periodic, global, NULL);
7225 
7226 	return global;
7227 }
7228 
7229 
7230 /**
7231  * wpa_supplicant_run - Run the %wpa_supplicant main event loop
7232  * @global: Pointer to global data from wpa_supplicant_init()
7233  * Returns: 0 after successful event loop run, -1 on failure
7234  *
7235  * This function starts the main event loop and continues running as long as
7236  * there are any remaining events. In most cases, this function is running as
7237  * long as the %wpa_supplicant process in still in use.
7238  */
wpa_supplicant_run(struct wpa_global * global)7239 int wpa_supplicant_run(struct wpa_global *global)
7240 {
7241 	struct wpa_supplicant *wpa_s;
7242 
7243 	if (global->params.daemonize &&
7244 	    (wpa_supplicant_daemon(global->params.pid_file) ||
7245 	     eloop_sock_requeue()))
7246 		return -1;
7247 
7248 #ifdef CONFIG_MATCH_IFACE
7249 	if (wpa_supplicant_match_existing(global))
7250 		return -1;
7251 #endif
7252 
7253 	if (global->params.wait_for_monitor) {
7254 		for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
7255 			if (wpa_s->ctrl_iface && !wpa_s->p2p_mgmt)
7256 				wpa_supplicant_ctrl_iface_wait(
7257 					wpa_s->ctrl_iface);
7258 	}
7259 
7260 	eloop_register_signal_terminate(wpa_supplicant_terminate, global);
7261 	eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
7262 
7263 	eloop_run();
7264 
7265 	return 0;
7266 }
7267 
7268 
7269 /**
7270  * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
7271  * @global: Pointer to global data from wpa_supplicant_init()
7272  *
7273  * This function is called to deinitialize %wpa_supplicant and to free all
7274  * allocated resources. Remaining network interfaces will also be removed.
7275  */
wpa_supplicant_deinit(struct wpa_global * global)7276 void wpa_supplicant_deinit(struct wpa_global *global)
7277 {
7278 	int i;
7279 
7280 	if (global == NULL)
7281 		return;
7282 
7283 	eloop_cancel_timeout(wpas_periodic, global, NULL);
7284 
7285 #ifdef CONFIG_WIFI_DISPLAY
7286 	wifi_display_deinit(global);
7287 #endif /* CONFIG_WIFI_DISPLAY */
7288 
7289 	while (global->ifaces)
7290 		wpa_supplicant_remove_iface(global, global->ifaces, 1);
7291 
7292 	if (global->ctrl_iface)
7293 		wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
7294 
7295 	wpas_notify_supplicant_deinitialized(global);
7296 
7297 	eap_peer_unregister_methods();
7298 #ifdef CONFIG_AP
7299 	eap_server_unregister_methods();
7300 #endif /* CONFIG_AP */
7301 
7302 	for (i = 0; wpa_drivers[i] && global->drv_priv; i++) {
7303 		if (!global->drv_priv[i])
7304 			continue;
7305 		wpa_drivers[i]->global_deinit(global->drv_priv[i]);
7306 	}
7307 	os_free(global->drv_priv);
7308 
7309 	random_deinit();
7310 
7311 	eloop_destroy();
7312 
7313 	if (global->params.pid_file) {
7314 		os_daemonize_terminate(global->params.pid_file);
7315 		os_free(global->params.pid_file);
7316 	}
7317 	os_free(global->params.ctrl_interface);
7318 	os_free(global->params.ctrl_interface_group);
7319 	os_free(global->params.override_driver);
7320 	os_free(global->params.override_ctrl_interface);
7321 #ifdef CONFIG_MATCH_IFACE
7322 	os_free(global->params.match_ifaces);
7323 #endif /* CONFIG_MATCH_IFACE */
7324 #ifdef CONFIG_P2P
7325 	os_free(global->params.conf_p2p_dev);
7326 #endif /* CONFIG_P2P */
7327 
7328 	os_free(global->p2p_disallow_freq.range);
7329 	os_free(global->p2p_go_avoid_freq.range);
7330 	os_free(global->add_psk);
7331 
7332 	os_free(global);
7333 	wpa_debug_close_syslog();
7334 	wpa_debug_close_file();
7335 	wpa_debug_close_linux_tracing();
7336 }
7337 
7338 
wpa_supplicant_update_config(struct wpa_supplicant * wpa_s)7339 void wpa_supplicant_update_config(struct wpa_supplicant *wpa_s)
7340 {
7341 	if ((wpa_s->conf->changed_parameters & CFG_CHANGED_COUNTRY) &&
7342 	    wpa_s->conf->country[0] && wpa_s->conf->country[1]) {
7343 		char country[3];
7344 		country[0] = wpa_s->conf->country[0];
7345 		country[1] = wpa_s->conf->country[1];
7346 		country[2] = '\0';
7347 		if (wpa_drv_set_country(wpa_s, country) < 0) {
7348 			wpa_printf(MSG_ERROR, "Failed to set country code "
7349 				   "'%s'", country);
7350 		}
7351 	}
7352 
7353 	if (wpa_s->conf->changed_parameters & CFG_CHANGED_EXT_PW_BACKEND)
7354 		wpas_init_ext_pw(wpa_s);
7355 
7356 	if (wpa_s->conf->changed_parameters & CFG_CHANGED_SCHED_SCAN_PLANS)
7357 		wpas_sched_scan_plans_set(wpa_s, wpa_s->conf->sched_scan_plans);
7358 
7359 	if (wpa_s->conf->changed_parameters & CFG_CHANGED_WOWLAN_TRIGGERS) {
7360 		struct wpa_driver_capa capa;
7361 		int res = wpa_drv_get_capa(wpa_s, &capa);
7362 
7363 		if (res == 0 && wpas_set_wowlan_triggers(wpa_s, &capa) < 0)
7364 			wpa_printf(MSG_ERROR,
7365 				   "Failed to update wowlan_triggers to '%s'",
7366 				   wpa_s->conf->wowlan_triggers);
7367 	}
7368 
7369 	if (wpa_s->conf->changed_parameters & CFG_CHANGED_DISABLE_BTM)
7370 		wpa_supplicant_set_default_scan_ies(wpa_s);
7371 
7372 #ifdef CONFIG_BGSCAN
7373 	/*
7374 	 * We default to global bgscan parameters only when per-network bgscan
7375 	 * parameters aren't set. Only bother resetting bgscan parameters if
7376 	 * this is the case.
7377 	 */
7378 	if ((wpa_s->conf->changed_parameters & CFG_CHANGED_BGSCAN) &&
7379 	    wpa_s->current_ssid && !wpa_s->current_ssid->bgscan &&
7380 	    wpa_s->wpa_state == WPA_COMPLETED)
7381 		wpa_supplicant_reset_bgscan(wpa_s);
7382 #endif /* CONFIG_BGSCAN */
7383 
7384 #ifdef CONFIG_WPS
7385 	wpas_wps_update_config(wpa_s);
7386 #endif /* CONFIG_WPS */
7387 	wpas_p2p_update_config(wpa_s);
7388 	wpa_s->conf->changed_parameters = 0;
7389 }
7390 
7391 
add_freq(int * freqs,int * num_freqs,int freq)7392 void add_freq(int *freqs, int *num_freqs, int freq)
7393 {
7394 	int i;
7395 
7396 	for (i = 0; i < *num_freqs; i++) {
7397 		if (freqs[i] == freq)
7398 			return;
7399 	}
7400 
7401 	freqs[*num_freqs] = freq;
7402 	(*num_freqs)++;
7403 }
7404 
7405 
get_bss_freqs_in_ess(struct wpa_supplicant * wpa_s)7406 static int * get_bss_freqs_in_ess(struct wpa_supplicant *wpa_s)
7407 {
7408 	struct wpa_bss *bss, *cbss;
7409 	const int max_freqs = 10;
7410 	int *freqs;
7411 	int num_freqs = 0;
7412 
7413 	freqs = os_calloc(max_freqs + 1, sizeof(int));
7414 	if (freqs == NULL)
7415 		return NULL;
7416 
7417 	cbss = wpa_s->current_bss;
7418 
7419 	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
7420 		if (bss == cbss)
7421 			continue;
7422 		if (bss->ssid_len == cbss->ssid_len &&
7423 		    os_memcmp(bss->ssid, cbss->ssid, bss->ssid_len) == 0 &&
7424 		    !wpa_bssid_ignore_is_listed(wpa_s, bss->bssid)) {
7425 			add_freq(freqs, &num_freqs, bss->freq);
7426 			if (num_freqs == max_freqs)
7427 				break;
7428 		}
7429 	}
7430 
7431 	if (num_freqs == 0) {
7432 		os_free(freqs);
7433 		freqs = NULL;
7434 	}
7435 
7436 	return freqs;
7437 }
7438 
7439 
wpas_connection_failed(struct wpa_supplicant * wpa_s,const u8 * bssid)7440 void wpas_connection_failed(struct wpa_supplicant *wpa_s, const u8 *bssid)
7441 {
7442 	int timeout;
7443 	int count;
7444 	int *freqs = NULL;
7445 
7446 	wpas_connect_work_done(wpa_s);
7447 
7448 	/*
7449 	 * Remove possible authentication timeout since the connection failed.
7450 	 */
7451 	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
7452 
7453 	/*
7454 	 * There is no point in ignoring the AP temporarily if this event is
7455 	 * generated based on local request to disconnect.
7456 	 */
7457 	if (wpa_s->own_disconnect_req || wpa_s->own_reconnect_req) {
7458 		wpa_s->own_disconnect_req = 0;
7459 		wpa_dbg(wpa_s, MSG_DEBUG,
7460 			"Ignore connection failure due to local request to disconnect");
7461 		return;
7462 	}
7463 	if (wpa_s->disconnected) {
7464 		wpa_dbg(wpa_s, MSG_DEBUG, "Ignore connection failure "
7465 			"indication since interface has been put into "
7466 			"disconnected state");
7467 		return;
7468 	}
7469 	if (wpa_s->auto_reconnect_disabled) {
7470 		wpa_dbg(wpa_s, MSG_DEBUG, "Ignore connection failure "
7471 			"indication since auto connect is disabled");
7472 		return;
7473 	}
7474 
7475 	/*
7476 	 * Add the failed BSSID into the ignore list and speed up next scan
7477 	 * attempt if there could be other APs that could accept association.
7478 	 */
7479 	count = wpa_bssid_ignore_add(wpa_s, bssid);
7480 	if (count == 1 && wpa_s->current_bss) {
7481 		/*
7482 		 * This BSS was not in the ignore list before. If there is
7483 		 * another BSS available for the same ESS, we should try that
7484 		 * next. Otherwise, we may as well try this one once more
7485 		 * before allowing other, likely worse, ESSes to be considered.
7486 		 */
7487 		freqs = get_bss_freqs_in_ess(wpa_s);
7488 		if (freqs) {
7489 			wpa_dbg(wpa_s, MSG_DEBUG, "Another BSS in this ESS "
7490 				"has been seen; try it next");
7491 			wpa_bssid_ignore_add(wpa_s, bssid);
7492 			/*
7493 			 * On the next scan, go through only the known channels
7494 			 * used in this ESS based on previous scans to speed up
7495 			 * common load balancing use case.
7496 			 */
7497 			os_free(wpa_s->next_scan_freqs);
7498 			wpa_s->next_scan_freqs = freqs;
7499 		}
7500 	}
7501 
7502 	wpa_s->consecutive_conn_failures++;
7503 
7504 	if (wpa_s->consecutive_conn_failures > 3 && wpa_s->current_ssid) {
7505 		wpa_printf(MSG_DEBUG, "Continuous association failures - "
7506 			   "consider temporary network disabling");
7507 		wpas_auth_failed(wpa_s, "CONN_FAILED");
7508 	}
7509 	/*
7510 	 * Multiple consecutive connection failures mean that other APs are
7511 	 * either not available or have already been tried, so we can start
7512 	 * increasing the delay here to avoid constant scanning.
7513 	 */
7514 	switch (wpa_s->consecutive_conn_failures) {
7515 	case 1:
7516 		timeout = 100;
7517 		break;
7518 	case 2:
7519 		timeout = 500;
7520 		break;
7521 	case 3:
7522 		timeout = 1000;
7523 		break;
7524 	case 4:
7525 		timeout = 5000;
7526 		break;
7527 	default:
7528 		timeout = 10000;
7529 		break;
7530 	}
7531 
7532 	wpa_dbg(wpa_s, MSG_DEBUG,
7533 		"Consecutive connection failures: %d --> request scan in %d ms",
7534 		wpa_s->consecutive_conn_failures, timeout);
7535 
7536 	/*
7537 	 * TODO: if more than one possible AP is available in scan results,
7538 	 * could try the other ones before requesting a new scan.
7539 	 */
7540 
7541 	/* speed up the connection attempt with normal scan */
7542 	wpa_s->normal_scans = 0;
7543 	wpa_supplicant_req_scan(wpa_s, timeout / 1000,
7544 				1000 * (timeout % 1000));
7545 }
7546 
7547 
7548 #ifdef CONFIG_FILS
fils_connection_failure(struct wpa_supplicant * wpa_s)7549 void fils_connection_failure(struct wpa_supplicant *wpa_s)
7550 {
7551 	struct wpa_ssid *ssid = wpa_s->current_ssid;
7552 	const u8 *realm, *username, *rrk;
7553 	size_t realm_len, username_len, rrk_len;
7554 	u16 next_seq_num;
7555 
7556 	if (!ssid || !ssid->eap.erp || !wpa_key_mgmt_fils(ssid->key_mgmt) ||
7557 	    eapol_sm_get_erp_info(wpa_s->eapol, &ssid->eap,
7558 				  &username, &username_len,
7559 				  &realm, &realm_len, &next_seq_num,
7560 				  &rrk, &rrk_len) != 0 ||
7561 	    !realm)
7562 		return;
7563 
7564 	wpa_hexdump_ascii(MSG_DEBUG,
7565 			  "FILS: Store last connection failure realm",
7566 			  realm, realm_len);
7567 	os_free(wpa_s->last_con_fail_realm);
7568 	wpa_s->last_con_fail_realm = os_malloc(realm_len);
7569 	if (wpa_s->last_con_fail_realm) {
7570 		wpa_s->last_con_fail_realm_len = realm_len;
7571 		os_memcpy(wpa_s->last_con_fail_realm, realm, realm_len);
7572 	}
7573 }
7574 #endif /* CONFIG_FILS */
7575 
7576 
wpas_driver_bss_selection(struct wpa_supplicant * wpa_s)7577 int wpas_driver_bss_selection(struct wpa_supplicant *wpa_s)
7578 {
7579 	return wpa_s->conf->ap_scan == 2 ||
7580 		(wpa_s->drv_flags & WPA_DRIVER_FLAGS_BSS_SELECTION);
7581 }
7582 
7583 
7584 #if defined(CONFIG_CTRL_IFACE) || defined(CONFIG_CTRL_IFACE_DBUS_NEW) || defined (CONFIG_CTRL_IFACE_HIDL)
wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,const char * field,const char * value)7585 int wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant *wpa_s,
7586 					      struct wpa_ssid *ssid,
7587 					      const char *field,
7588 					      const char *value)
7589 {
7590 #ifdef IEEE8021X_EAPOL
7591 	enum wpa_ctrl_req_type rtype;
7592 
7593 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: response handle field=%s", field);
7594 	wpa_hexdump_ascii_key(MSG_DEBUG, "CTRL_IFACE: response value",
7595 			      (const u8 *) value, os_strlen(value));
7596 
7597 	rtype = wpa_supplicant_ctrl_req_from_string(field);
7598 	return wpa_supplicant_ctrl_rsp_handle(wpa_s, ssid, rtype, value, strlen(value));
7599 #else /* IEEE8021X_EAPOL */
7600 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: IEEE 802.1X not included");
7601 	return -1;
7602 #endif /* IEEE8021X_EAPOL */
7603 }
7604 
wpa_supplicant_ctrl_rsp_handle(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,enum wpa_ctrl_req_type rtype,const char * value,int value_len)7605 int wpa_supplicant_ctrl_rsp_handle(struct wpa_supplicant *wpa_s,
7606 				   struct wpa_ssid *ssid,
7607 				   enum wpa_ctrl_req_type rtype,
7608 				   const char *value, int value_len)
7609 {
7610 #ifdef IEEE8021X_EAPOL
7611 	struct eap_peer_config *eap = &ssid->eap;
7612 	char *identity, *imsi_identity;
7613 
7614 	switch (rtype) {
7615 	case WPA_CTRL_REQ_EAP_IDENTITY:
7616 		os_free(eap->identity);
7617 		os_free(eap->imsi_identity);
7618 		if (value == NULL)
7619 			return -1;
7620 		identity = os_strchr(value, ':');
7621 		if (identity == NULL) {
7622 			/* plain identity */
7623 			eap->identity = (u8 *)os_strdup(value);
7624 			eap->identity_len = os_strlen(value);
7625 		} else {
7626 			/* have both plain identity and encrypted identity */
7627 			imsi_identity = value;
7628 			*identity++ = '\0';
7629 			/* plain identity */
7630 			eap->imsi_identity = (u8 *)dup_binstr(imsi_identity, strlen(imsi_identity));
7631 			eap->imsi_identity_len = strlen(imsi_identity);
7632 			/* encrypted identity */
7633 			eap->identity = (u8 *)dup_binstr(identity,
7634 							 value_len - strlen(imsi_identity) - 1);
7635 			eap->identity_len = value_len - strlen(imsi_identity) - 1;
7636 		}
7637 		eap->pending_req_identity = 0;
7638 		if (ssid == wpa_s->current_ssid)
7639 			wpa_s->reassociate = 1;
7640 		break;
7641 	case WPA_CTRL_REQ_EAP_PASSWORD:
7642 		bin_clear_free(eap->password, eap->password_len);
7643 		eap->password = (u8 *) os_strdup(value);
7644 		eap->password_len = value_len;
7645 		eap->pending_req_password = 0;
7646 		if (ssid == wpa_s->current_ssid)
7647 			wpa_s->reassociate = 1;
7648 		break;
7649 	case WPA_CTRL_REQ_EAP_NEW_PASSWORD:
7650 		bin_clear_free(eap->new_password, eap->new_password_len);
7651 		eap->new_password = (u8 *) os_strdup(value);
7652 		eap->new_password_len = value_len;
7653 		eap->pending_req_new_password = 0;
7654 		if (ssid == wpa_s->current_ssid)
7655 			wpa_s->reassociate = 1;
7656 		break;
7657 	case WPA_CTRL_REQ_EAP_PIN:
7658 		str_clear_free(eap->cert.pin);
7659 		eap->cert.pin = os_strdup(value);
7660 		eap->pending_req_pin = 0;
7661 		if (ssid == wpa_s->current_ssid)
7662 			wpa_s->reassociate = 1;
7663 		break;
7664 	case WPA_CTRL_REQ_EAP_OTP:
7665 		bin_clear_free(eap->otp, eap->otp_len);
7666 		eap->otp = (u8 *) os_strdup(value);
7667 		eap->otp_len = value_len;
7668 		os_free(eap->pending_req_otp);
7669 		eap->pending_req_otp = NULL;
7670 		eap->pending_req_otp_len = 0;
7671 		break;
7672 	case WPA_CTRL_REQ_EAP_PASSPHRASE:
7673 		str_clear_free(eap->cert.private_key_passwd);
7674 		eap->cert.private_key_passwd = os_strdup(value);
7675 		eap->pending_req_passphrase = 0;
7676 		if (ssid == wpa_s->current_ssid)
7677 			wpa_s->reassociate = 1;
7678 		break;
7679 	case WPA_CTRL_REQ_SIM:
7680 		str_clear_free(eap->external_sim_resp);
7681 		eap->external_sim_resp = os_strdup(value);
7682 		eap->pending_req_sim = 0;
7683 		break;
7684 	case WPA_CTRL_REQ_PSK_PASSPHRASE:
7685 		if (wpa_config_set(ssid, "psk", value, 0) < 0)
7686 			return -1;
7687 		ssid->mem_only_psk = 1;
7688 		if (ssid->passphrase)
7689 			wpa_config_update_psk(ssid);
7690 		if (wpa_s->wpa_state == WPA_SCANNING && !wpa_s->scanning)
7691 			wpa_supplicant_req_scan(wpa_s, 0, 0);
7692 		break;
7693 	case WPA_CTRL_REQ_EXT_CERT_CHECK:
7694 		if (eap->pending_ext_cert_check != PENDING_CHECK)
7695 			return -1;
7696 		if (os_strcmp(value, "good") == 0)
7697 			eap->pending_ext_cert_check = EXT_CERT_CHECK_GOOD;
7698 		else if (os_strcmp(value, "bad") == 0)
7699 			eap->pending_ext_cert_check = EXT_CERT_CHECK_BAD;
7700 		else
7701 			return -1;
7702 		break;
7703 	default:
7704 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown type %d", rtype);
7705 		return -1;
7706 	}
7707 
7708 	return 0;
7709 #else /* IEEE8021X_EAPOL */
7710 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: IEEE 802.1X not included");
7711 	return -1;
7712 #endif /* IEEE8021X_EAPOL */
7713 }
7714 #endif /* CONFIG_CTRL_IFACE || CONFIG_CTRL_IFACE_DBUS_NEW || CONFIG_CTRL_IFACE_HIDL */
7715 
7716 
wpas_network_disabled(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)7717 int wpas_network_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
7718 {
7719 #ifdef CONFIG_WEP
7720 	int i;
7721 	unsigned int drv_enc;
7722 #endif /* CONFIG_WEP */
7723 
7724 	if (wpa_s->p2p_mgmt)
7725 		return 1; /* no normal network profiles on p2p_mgmt interface */
7726 
7727 	if (ssid == NULL)
7728 		return 1;
7729 
7730 	if (ssid->disabled)
7731 		return 1;
7732 
7733 #ifdef CONFIG_WEP
7734 	if (wpa_s->drv_capa_known)
7735 		drv_enc = wpa_s->drv_enc;
7736 	else
7737 		drv_enc = (unsigned int) -1;
7738 
7739 	for (i = 0; i < NUM_WEP_KEYS; i++) {
7740 		size_t len = ssid->wep_key_len[i];
7741 		if (len == 0)
7742 			continue;
7743 		if (len == 5 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP40))
7744 			continue;
7745 		if (len == 13 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP104))
7746 			continue;
7747 		if (len == 16 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP128))
7748 			continue;
7749 		return 1; /* invalid WEP key */
7750 	}
7751 #endif /* CONFIG_WEP */
7752 
7753 	if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt) && !ssid->psk_set &&
7754 	    (!ssid->passphrase || ssid->ssid_len != 0) && !ssid->ext_psk &&
7755 	    !(wpa_key_mgmt_sae(ssid->key_mgmt) && ssid->sae_password) &&
7756 	    !ssid->mem_only_psk)
7757 		return 1;
7758 
7759 	return 0;
7760 }
7761 
7762 
wpas_get_ssid_pmf(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)7763 int wpas_get_ssid_pmf(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
7764 {
7765 	if (ssid == NULL || ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT) {
7766 		if (wpa_s->conf->pmf == MGMT_FRAME_PROTECTION_OPTIONAL &&
7767 		    !(wpa_s->drv_enc & WPA_DRIVER_CAPA_ENC_BIP)) {
7768 			/*
7769 			 * Driver does not support BIP -- ignore pmf=1 default
7770 			 * since the connection with PMF would fail and the
7771 			 * configuration does not require PMF to be enabled.
7772 			 */
7773 			return NO_MGMT_FRAME_PROTECTION;
7774 		}
7775 
7776 		if (ssid &&
7777 		    (ssid->key_mgmt &
7778 		     ~(WPA_KEY_MGMT_NONE | WPA_KEY_MGMT_WPS |
7779 		       WPA_KEY_MGMT_IEEE8021X_NO_WPA)) == 0) {
7780 			/*
7781 			 * Do not use the default PMF value for non-RSN networks
7782 			 * since PMF is available only with RSN and pmf=2
7783 			 * configuration would otherwise prevent connections to
7784 			 * all open networks.
7785 			 */
7786 			return NO_MGMT_FRAME_PROTECTION;
7787 		}
7788 
7789 		return wpa_s->conf->pmf;
7790 	}
7791 
7792 	return ssid->ieee80211w;
7793 }
7794 
7795 
wpas_is_p2p_prioritized(struct wpa_supplicant * wpa_s)7796 int wpas_is_p2p_prioritized(struct wpa_supplicant *wpa_s)
7797 {
7798 	if (wpa_s->global->conc_pref == WPA_CONC_PREF_P2P)
7799 		return 1;
7800 	if (wpa_s->global->conc_pref == WPA_CONC_PREF_STA)
7801 		return 0;
7802 	return -1;
7803 }
7804 
7805 
wpas_auth_failed(struct wpa_supplicant * wpa_s,char * reason)7806 void wpas_auth_failed(struct wpa_supplicant *wpa_s, char *reason)
7807 {
7808 	struct wpa_ssid *ssid = wpa_s->current_ssid;
7809 	int dur;
7810 	struct os_reltime now;
7811 
7812 	if (ssid == NULL) {
7813 		wpa_printf(MSG_DEBUG, "Authentication failure but no known "
7814 			   "SSID block");
7815 		return;
7816 	}
7817 
7818 	if (ssid->key_mgmt == WPA_KEY_MGMT_WPS)
7819 		return;
7820 
7821 	ssid->auth_failures++;
7822 
7823 #ifdef CONFIG_P2P
7824 	if (ssid->p2p_group &&
7825 	    (wpa_s->p2p_in_provisioning || wpa_s->show_group_started)) {
7826 		/*
7827 		 * Skip the wait time since there is a short timeout on the
7828 		 * connection to a P2P group.
7829 		 */
7830 		return;
7831 	}
7832 #endif /* CONFIG_P2P */
7833 
7834 	if (ssid->auth_failures > 50)
7835 		dur = 300;
7836 	else if (ssid->auth_failures > 10)
7837 		dur = 120;
7838 	else if (ssid->auth_failures > 5)
7839 		dur = 90;
7840 	else if (ssid->auth_failures > 3)
7841 		dur = 60;
7842 	else if (ssid->auth_failures > 2)
7843 		dur = 30;
7844 	else if (ssid->auth_failures > 1)
7845 		dur = 20;
7846 	else
7847 		dur = 10;
7848 
7849 	if (ssid->auth_failures > 1 &&
7850 	    wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt))
7851 		dur += os_random() % (ssid->auth_failures * 10);
7852 
7853 	os_get_reltime(&now);
7854 	if (now.sec + dur <= ssid->disabled_until.sec)
7855 		return;
7856 
7857 	ssid->disabled_until.sec = now.sec + dur;
7858 
7859 	wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TEMP_DISABLED
7860 		"id=%d ssid=\"%s\" auth_failures=%u duration=%d reason=%s",
7861 		ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
7862 		ssid->auth_failures, dur, reason);
7863 }
7864 
7865 
wpas_clear_temp_disabled(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,int clear_failures)7866 void wpas_clear_temp_disabled(struct wpa_supplicant *wpa_s,
7867 			      struct wpa_ssid *ssid, int clear_failures)
7868 {
7869 	if (ssid == NULL)
7870 		return;
7871 
7872 	if (ssid->disabled_until.sec) {
7873 		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_REENABLED
7874 			"id=%d ssid=\"%s\"",
7875 			ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
7876 	}
7877 	ssid->disabled_until.sec = 0;
7878 	ssid->disabled_until.usec = 0;
7879 	if (clear_failures)
7880 		ssid->auth_failures = 0;
7881 }
7882 
7883 
disallowed_bssid(struct wpa_supplicant * wpa_s,const u8 * bssid)7884 int disallowed_bssid(struct wpa_supplicant *wpa_s, const u8 *bssid)
7885 {
7886 	size_t i;
7887 
7888 	if (wpa_s->disallow_aps_bssid == NULL)
7889 		return 0;
7890 
7891 	for (i = 0; i < wpa_s->disallow_aps_bssid_count; i++) {
7892 		if (os_memcmp(wpa_s->disallow_aps_bssid + i * ETH_ALEN,
7893 			      bssid, ETH_ALEN) == 0)
7894 			return 1;
7895 	}
7896 
7897 	return 0;
7898 }
7899 
7900 
disallowed_ssid(struct wpa_supplicant * wpa_s,const u8 * ssid,size_t ssid_len)7901 int disallowed_ssid(struct wpa_supplicant *wpa_s, const u8 *ssid,
7902 		    size_t ssid_len)
7903 {
7904 	size_t i;
7905 
7906 	if (wpa_s->disallow_aps_ssid == NULL || ssid == NULL)
7907 		return 0;
7908 
7909 	for (i = 0; i < wpa_s->disallow_aps_ssid_count; i++) {
7910 		struct wpa_ssid_value *s = &wpa_s->disallow_aps_ssid[i];
7911 		if (ssid_len == s->ssid_len &&
7912 		    os_memcmp(ssid, s->ssid, ssid_len) == 0)
7913 			return 1;
7914 	}
7915 
7916 	return 0;
7917 }
7918 
7919 
7920 /**
7921  * wpas_request_connection - Request a new connection
7922  * @wpa_s: Pointer to the network interface
7923  *
7924  * This function is used to request a new connection to be found. It will mark
7925  * the interface to allow reassociation and request a new scan to find a
7926  * suitable network to connect to.
7927  */
wpas_request_connection(struct wpa_supplicant * wpa_s)7928 void wpas_request_connection(struct wpa_supplicant *wpa_s)
7929 {
7930 	wpa_s->normal_scans = 0;
7931 	wpa_s->scan_req = NORMAL_SCAN_REQ;
7932 	wpa_supplicant_reinit_autoscan(wpa_s);
7933 	wpa_s->disconnected = 0;
7934 	wpa_s->reassociate = 1;
7935 	wpa_s->last_owe_group = 0;
7936 
7937 	if (wpa_supplicant_fast_associate(wpa_s) != 1)
7938 		wpa_supplicant_req_scan(wpa_s, 0, 0);
7939 	else
7940 		wpa_s->reattach = 0;
7941 }
7942 
7943 
7944 /**
7945  * wpas_request_disconnection - Request disconnection
7946  * @wpa_s: Pointer to the network interface
7947  *
7948  * This function is used to request disconnection from the currently connected
7949  * network. This will stop any ongoing scans and initiate deauthentication.
7950  */
wpas_request_disconnection(struct wpa_supplicant * wpa_s)7951 void wpas_request_disconnection(struct wpa_supplicant *wpa_s)
7952 {
7953 #ifdef CONFIG_SME
7954 	wpa_s->sme.prev_bssid_set = 0;
7955 #endif /* CONFIG_SME */
7956 	wpa_s->reassociate = 0;
7957 	wpa_s->disconnected = 1;
7958 	wpa_supplicant_cancel_sched_scan(wpa_s);
7959 	wpa_supplicant_cancel_scan(wpa_s);
7960 	wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
7961 	eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
7962 	radio_remove_works(wpa_s, "connect", 0);
7963 	radio_remove_works(wpa_s, "sme-connect", 0);
7964 }
7965 
7966 
dump_freq_data(struct wpa_supplicant * wpa_s,const char * title,struct wpa_used_freq_data * freqs_data,unsigned int len)7967 void dump_freq_data(struct wpa_supplicant *wpa_s, const char *title,
7968 		    struct wpa_used_freq_data *freqs_data,
7969 		    unsigned int len)
7970 {
7971 	unsigned int i;
7972 
7973 	wpa_dbg(wpa_s, MSG_DEBUG, "Shared frequencies (len=%u): %s",
7974 		len, title);
7975 	for (i = 0; i < len; i++) {
7976 		struct wpa_used_freq_data *cur = &freqs_data[i];
7977 		wpa_dbg(wpa_s, MSG_DEBUG, "freq[%u]: %d, flags=0x%X",
7978 			i, cur->freq, cur->flags);
7979 	}
7980 }
7981 
7982 
7983 /*
7984  * Find the operating frequencies of any of the virtual interfaces that
7985  * are using the same radio as the current interface, and in addition, get
7986  * information about the interface types that are using the frequency.
7987  */
get_shared_radio_freqs_data(struct wpa_supplicant * wpa_s,struct wpa_used_freq_data * freqs_data,unsigned int len)7988 int get_shared_radio_freqs_data(struct wpa_supplicant *wpa_s,
7989 				struct wpa_used_freq_data *freqs_data,
7990 				unsigned int len)
7991 {
7992 	struct wpa_supplicant *ifs;
7993 	u8 bssid[ETH_ALEN];
7994 	int freq;
7995 	unsigned int idx = 0, i;
7996 
7997 	wpa_dbg(wpa_s, MSG_DEBUG,
7998 		"Determining shared radio frequencies (max len %u)", len);
7999 	os_memset(freqs_data, 0, sizeof(struct wpa_used_freq_data) * len);
8000 
8001 	dl_list_for_each(ifs, &wpa_s->radio->ifaces, struct wpa_supplicant,
8002 			 radio_list) {
8003 		if (idx == len)
8004 			break;
8005 
8006 		if (ifs->current_ssid == NULL || ifs->assoc_freq == 0)
8007 			continue;
8008 
8009 		if (ifs->current_ssid->mode == WPAS_MODE_AP ||
8010 		    ifs->current_ssid->mode == WPAS_MODE_P2P_GO ||
8011 		    ifs->current_ssid->mode == WPAS_MODE_MESH)
8012 			freq = ifs->current_ssid->frequency;
8013 		else if (wpa_drv_get_bssid(ifs, bssid) == 0)
8014 			freq = ifs->assoc_freq;
8015 		else
8016 			continue;
8017 
8018 		/* Hold only distinct freqs */
8019 		for (i = 0; i < idx; i++)
8020 			if (freqs_data[i].freq == freq)
8021 				break;
8022 
8023 		if (i == idx)
8024 			freqs_data[idx++].freq = freq;
8025 
8026 		if (ifs->current_ssid->mode == WPAS_MODE_INFRA) {
8027 			freqs_data[i].flags |= ifs->current_ssid->p2p_group ?
8028 				WPA_FREQ_USED_BY_P2P_CLIENT :
8029 				WPA_FREQ_USED_BY_INFRA_STATION;
8030 		}
8031 	}
8032 
8033 	dump_freq_data(wpa_s, "completed iteration", freqs_data, idx);
8034 	return idx;
8035 }
8036 
8037 
8038 /*
8039  * Find the operating frequencies of any of the virtual interfaces that
8040  * are using the same radio as the current interface.
8041  */
get_shared_radio_freqs(struct wpa_supplicant * wpa_s,int * freq_array,unsigned int len)8042 int get_shared_radio_freqs(struct wpa_supplicant *wpa_s,
8043 			   int *freq_array, unsigned int len)
8044 {
8045 	struct wpa_used_freq_data *freqs_data;
8046 	int num, i;
8047 
8048 	os_memset(freq_array, 0, sizeof(int) * len);
8049 
8050 	freqs_data = os_calloc(len, sizeof(struct wpa_used_freq_data));
8051 	if (!freqs_data)
8052 		return -1;
8053 
8054 	num = get_shared_radio_freqs_data(wpa_s, freqs_data, len);
8055 	for (i = 0; i < num; i++)
8056 		freq_array[i] = freqs_data[i].freq;
8057 
8058 	os_free(freqs_data);
8059 
8060 	return num;
8061 }
8062 
8063 
8064 struct wpa_supplicant *
wpas_vendor_elem(struct wpa_supplicant * wpa_s,enum wpa_vendor_elem_frame frame)8065 wpas_vendor_elem(struct wpa_supplicant *wpa_s, enum wpa_vendor_elem_frame frame)
8066 {
8067 	switch (frame) {
8068 #ifdef CONFIG_P2P
8069 	case VENDOR_ELEM_PROBE_REQ_P2P:
8070 	case VENDOR_ELEM_PROBE_RESP_P2P:
8071 	case VENDOR_ELEM_PROBE_RESP_P2P_GO:
8072 	case VENDOR_ELEM_BEACON_P2P_GO:
8073 	case VENDOR_ELEM_P2P_PD_REQ:
8074 	case VENDOR_ELEM_P2P_PD_RESP:
8075 	case VENDOR_ELEM_P2P_GO_NEG_REQ:
8076 	case VENDOR_ELEM_P2P_GO_NEG_RESP:
8077 	case VENDOR_ELEM_P2P_GO_NEG_CONF:
8078 	case VENDOR_ELEM_P2P_INV_REQ:
8079 	case VENDOR_ELEM_P2P_INV_RESP:
8080 	case VENDOR_ELEM_P2P_ASSOC_REQ:
8081 	case VENDOR_ELEM_P2P_ASSOC_RESP:
8082 		return wpa_s->p2pdev;
8083 #endif /* CONFIG_P2P */
8084 	default:
8085 		return wpa_s;
8086 	}
8087 }
8088 
8089 
wpas_vendor_elem_update(struct wpa_supplicant * wpa_s)8090 void wpas_vendor_elem_update(struct wpa_supplicant *wpa_s)
8091 {
8092 	unsigned int i;
8093 	char buf[30];
8094 
8095 	wpa_printf(MSG_DEBUG, "Update vendor elements");
8096 
8097 	for (i = 0; i < NUM_VENDOR_ELEM_FRAMES; i++) {
8098 		if (wpa_s->vendor_elem[i]) {
8099 			int res;
8100 
8101 			res = os_snprintf(buf, sizeof(buf), "frame[%u]", i);
8102 			if (!os_snprintf_error(sizeof(buf), res)) {
8103 				wpa_hexdump_buf(MSG_DEBUG, buf,
8104 						wpa_s->vendor_elem[i]);
8105 			}
8106 		}
8107 	}
8108 
8109 #ifdef CONFIG_P2P
8110 	if (wpa_s->parent == wpa_s &&
8111 	    wpa_s->global->p2p &&
8112 	    !wpa_s->global->p2p_disabled)
8113 		p2p_set_vendor_elems(wpa_s->global->p2p, wpa_s->vendor_elem);
8114 #endif /* CONFIG_P2P */
8115 }
8116 
8117 
wpas_vendor_elem_remove(struct wpa_supplicant * wpa_s,int frame,const u8 * elem,size_t len)8118 int wpas_vendor_elem_remove(struct wpa_supplicant *wpa_s, int frame,
8119 			    const u8 *elem, size_t len)
8120 {
8121 	u8 *ie, *end;
8122 
8123 	ie = wpabuf_mhead_u8(wpa_s->vendor_elem[frame]);
8124 	end = ie + wpabuf_len(wpa_s->vendor_elem[frame]);
8125 
8126 	for (; ie + 1 < end; ie += 2 + ie[1]) {
8127 		if (ie + len > end)
8128 			break;
8129 		if (os_memcmp(ie, elem, len) != 0)
8130 			continue;
8131 
8132 		if (wpabuf_len(wpa_s->vendor_elem[frame]) == len) {
8133 			wpabuf_free(wpa_s->vendor_elem[frame]);
8134 			wpa_s->vendor_elem[frame] = NULL;
8135 		} else {
8136 			os_memmove(ie, ie + len, end - (ie + len));
8137 			wpa_s->vendor_elem[frame]->used -= len;
8138 		}
8139 		wpas_vendor_elem_update(wpa_s);
8140 		return 0;
8141 	}
8142 
8143 	return -1;
8144 }
8145 
8146 
get_mode(struct hostapd_hw_modes * modes,u16 num_modes,enum hostapd_hw_mode mode,bool is_6ghz)8147 struct hostapd_hw_modes * get_mode(struct hostapd_hw_modes *modes,
8148 				   u16 num_modes, enum hostapd_hw_mode mode,
8149 				   bool is_6ghz)
8150 {
8151 	u16 i;
8152 
8153 	for (i = 0; i < num_modes; i++) {
8154 		if (modes[i].mode != mode ||
8155 		    !modes[i].num_channels || !modes[i].channels)
8156 			continue;
8157 		if ((!is_6ghz && !is_6ghz_freq(modes[i].channels[0].freq)) ||
8158 		    (is_6ghz && is_6ghz_freq(modes[i].channels[0].freq)))
8159 			return &modes[i];
8160 	}
8161 
8162 	return NULL;
8163 }
8164 
8165 
8166 static struct
wpas_get_disallowed_bss(struct wpa_supplicant * wpa_s,const u8 * bssid)8167 wpa_bss_tmp_disallowed * wpas_get_disallowed_bss(struct wpa_supplicant *wpa_s,
8168 						 const u8 *bssid)
8169 {
8170 	struct wpa_bss_tmp_disallowed *bss;
8171 
8172 	dl_list_for_each(bss, &wpa_s->bss_tmp_disallowed,
8173 			 struct wpa_bss_tmp_disallowed, list) {
8174 		if (os_memcmp(bssid, bss->bssid, ETH_ALEN) == 0)
8175 			return bss;
8176 	}
8177 
8178 	return NULL;
8179 }
8180 
8181 
wpa_set_driver_tmp_disallow_list(struct wpa_supplicant * wpa_s)8182 static int wpa_set_driver_tmp_disallow_list(struct wpa_supplicant *wpa_s)
8183 {
8184 	struct wpa_bss_tmp_disallowed *tmp;
8185 	unsigned int num_bssid = 0;
8186 	u8 *bssids;
8187 	int ret;
8188 
8189 	bssids = os_malloc(dl_list_len(&wpa_s->bss_tmp_disallowed) * ETH_ALEN);
8190 	if (!bssids)
8191 		return -1;
8192 	dl_list_for_each(tmp, &wpa_s->bss_tmp_disallowed,
8193 			 struct wpa_bss_tmp_disallowed, list) {
8194 		os_memcpy(&bssids[num_bssid * ETH_ALEN], tmp->bssid,
8195 			  ETH_ALEN);
8196 		num_bssid++;
8197 	}
8198 	ret = wpa_drv_set_bssid_tmp_disallow(wpa_s, num_bssid, bssids);
8199 	os_free(bssids);
8200 	return ret;
8201 }
8202 
8203 
wpa_bss_tmp_disallow_timeout(void * eloop_ctx,void * timeout_ctx)8204 static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx, void *timeout_ctx)
8205 {
8206 	struct wpa_supplicant *wpa_s = eloop_ctx;
8207 	struct wpa_bss_tmp_disallowed *tmp, *bss = timeout_ctx;
8208 
8209 	/* Make sure the bss is not already freed */
8210 	dl_list_for_each(tmp, &wpa_s->bss_tmp_disallowed,
8211 			 struct wpa_bss_tmp_disallowed, list) {
8212 		if (bss == tmp) {
8213 			dl_list_del(&tmp->list);
8214 			os_free(tmp);
8215 			wpa_set_driver_tmp_disallow_list(wpa_s);
8216 			break;
8217 		}
8218 	}
8219 }
8220 
8221 
wpa_bss_tmp_disallow(struct wpa_supplicant * wpa_s,const u8 * bssid,unsigned int sec,int rssi_threshold)8222 void wpa_bss_tmp_disallow(struct wpa_supplicant *wpa_s, const u8 *bssid,
8223 			  unsigned int sec, int rssi_threshold)
8224 {
8225 	struct wpa_bss_tmp_disallowed *bss;
8226 
8227 	bss = wpas_get_disallowed_bss(wpa_s, bssid);
8228 	if (bss) {
8229 		eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout, wpa_s, bss);
8230 		goto finish;
8231 	}
8232 
8233 	bss = os_malloc(sizeof(*bss));
8234 	if (!bss) {
8235 		wpa_printf(MSG_DEBUG,
8236 			   "Failed to allocate memory for temp disallow BSS");
8237 		return;
8238 	}
8239 
8240 	os_memcpy(bss->bssid, bssid, ETH_ALEN);
8241 	dl_list_add(&wpa_s->bss_tmp_disallowed, &bss->list);
8242 	wpa_set_driver_tmp_disallow_list(wpa_s);
8243 
8244 finish:
8245 	bss->rssi_threshold = rssi_threshold;
8246 	eloop_register_timeout(sec, 0, wpa_bss_tmp_disallow_timeout,
8247 			       wpa_s, bss);
8248 }
8249 
8250 
wpa_is_bss_tmp_disallowed(struct wpa_supplicant * wpa_s,struct wpa_bss * bss)8251 int wpa_is_bss_tmp_disallowed(struct wpa_supplicant *wpa_s,
8252 			      struct wpa_bss *bss)
8253 {
8254 	struct wpa_bss_tmp_disallowed *disallowed = NULL, *tmp, *prev;
8255 
8256 	dl_list_for_each_safe(tmp, prev, &wpa_s->bss_tmp_disallowed,
8257 			 struct wpa_bss_tmp_disallowed, list) {
8258 		if (os_memcmp(bss->bssid, tmp->bssid, ETH_ALEN) == 0) {
8259 			disallowed = tmp;
8260 			break;
8261 		}
8262 	}
8263 	if (!disallowed)
8264 		return 0;
8265 
8266 	if (disallowed->rssi_threshold != 0 &&
8267 	    bss->level > disallowed->rssi_threshold)
8268 		return 0;
8269 
8270 	return 1;
8271 }
8272 
8273 
wpas_enable_mac_addr_randomization(struct wpa_supplicant * wpa_s,unsigned int type,const u8 * addr,const u8 * mask)8274 int wpas_enable_mac_addr_randomization(struct wpa_supplicant *wpa_s,
8275 				       unsigned int type, const u8 *addr,
8276 				       const u8 *mask)
8277 {
8278 	if ((addr && !mask) || (!addr && mask)) {
8279 		wpa_printf(MSG_INFO,
8280 			   "MAC_ADDR_RAND_SCAN invalid addr/mask combination");
8281 		return -1;
8282 	}
8283 
8284 	if (addr && mask && (!(mask[0] & 0x01) || (addr[0] & 0x01))) {
8285 		wpa_printf(MSG_INFO,
8286 			   "MAC_ADDR_RAND_SCAN cannot allow multicast address");
8287 		return -1;
8288 	}
8289 
8290 	if (type & MAC_ADDR_RAND_SCAN) {
8291 		if (wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_SCAN,
8292 						addr, mask))
8293 			return -1;
8294 	}
8295 
8296 	if (type & MAC_ADDR_RAND_SCHED_SCAN) {
8297 		if (wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_SCHED_SCAN,
8298 						addr, mask))
8299 			return -1;
8300 
8301 		if (wpa_s->sched_scanning && !wpa_s->pno)
8302 			wpas_scan_restart_sched_scan(wpa_s);
8303 	}
8304 
8305 	if (type & MAC_ADDR_RAND_PNO) {
8306 		if (wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_PNO,
8307 						addr, mask))
8308 			return -1;
8309 
8310 		if (wpa_s->pno) {
8311 			wpas_stop_pno(wpa_s);
8312 			wpas_start_pno(wpa_s);
8313 		}
8314 	}
8315 
8316 	return 0;
8317 }
8318 
8319 
wpas_disable_mac_addr_randomization(struct wpa_supplicant * wpa_s,unsigned int type)8320 int wpas_disable_mac_addr_randomization(struct wpa_supplicant *wpa_s,
8321 					unsigned int type)
8322 {
8323 	wpas_mac_addr_rand_scan_clear(wpa_s, type);
8324 	if (wpa_s->pno) {
8325 		if (type & MAC_ADDR_RAND_PNO) {
8326 			wpas_stop_pno(wpa_s);
8327 			wpas_start_pno(wpa_s);
8328 		}
8329 	} else if (wpa_s->sched_scanning && (type & MAC_ADDR_RAND_SCHED_SCAN)) {
8330 		wpas_scan_restart_sched_scan(wpa_s);
8331 	}
8332 
8333 	return 0;
8334 }
8335 
8336 
wpa_drv_signal_poll(struct wpa_supplicant * wpa_s,struct wpa_signal_info * si)8337 int wpa_drv_signal_poll(struct wpa_supplicant *wpa_s,
8338 			struct wpa_signal_info *si)
8339 {
8340 	int res;
8341 
8342 	if (!wpa_s->driver->signal_poll)
8343 		return -1;
8344 
8345 	res = wpa_s->driver->signal_poll(wpa_s->drv_priv, si);
8346 
8347 #ifdef CONFIG_TESTING_OPTIONS
8348 	if (res == 0) {
8349 		struct driver_signal_override *dso;
8350 
8351 		dl_list_for_each(dso, &wpa_s->drv_signal_override,
8352 				 struct driver_signal_override, list) {
8353 			if (os_memcmp(wpa_s->bssid, dso->bssid,
8354 				      ETH_ALEN) != 0)
8355 				continue;
8356 			wpa_printf(MSG_DEBUG,
8357 				   "Override driver signal_poll information: current_signal: %d->%d avg_signal: %d->%d avg_beacon_signal: %d->%d current_noise: %d->%d",
8358 				   si->current_signal,
8359 				   dso->si_current_signal,
8360 				   si->avg_signal,
8361 				   dso->si_avg_signal,
8362 				   si->avg_beacon_signal,
8363 				   dso->si_avg_beacon_signal,
8364 				   si->current_noise,
8365 				   dso->si_current_noise);
8366 			si->current_signal = dso->si_current_signal;
8367 			si->avg_signal = dso->si_avg_signal;
8368 			si->avg_beacon_signal = dso->si_avg_beacon_signal;
8369 			si->current_noise = dso->si_current_noise;
8370 			break;
8371 		}
8372 	}
8373 #endif /* CONFIG_TESTING_OPTIONS */
8374 
8375 	return res;
8376 }
8377 
8378 
8379 struct wpa_scan_results *
wpa_drv_get_scan_results2(struct wpa_supplicant * wpa_s)8380 wpa_drv_get_scan_results2(struct wpa_supplicant *wpa_s)
8381 {
8382 	struct wpa_scan_results *scan_res;
8383 #ifdef CONFIG_TESTING_OPTIONS
8384 	size_t idx;
8385 #endif /* CONFIG_TESTING_OPTIONS */
8386 
8387 	if (!wpa_s->driver->get_scan_results2)
8388 		return NULL;
8389 
8390 	scan_res = wpa_s->driver->get_scan_results2(wpa_s->drv_priv);
8391 
8392 #ifdef CONFIG_TESTING_OPTIONS
8393 	for (idx = 0; scan_res && idx < scan_res->num; idx++) {
8394 		struct driver_signal_override *dso;
8395 		struct wpa_scan_res *res = scan_res->res[idx];
8396 
8397 		dl_list_for_each(dso, &wpa_s->drv_signal_override,
8398 				 struct driver_signal_override, list) {
8399 			if (os_memcmp(res->bssid, dso->bssid, ETH_ALEN) != 0)
8400 				continue;
8401 			wpa_printf(MSG_DEBUG,
8402 				   "Override driver scan signal level %d->%d for "
8403 				   MACSTR,
8404 				   res->level, dso->scan_level,
8405 				   MAC2STR(res->bssid));
8406 			res->flags |= WPA_SCAN_QUAL_INVALID;
8407 			if (dso->scan_level < 0)
8408 				res->flags |= WPA_SCAN_LEVEL_DBM;
8409 			else
8410 				res->flags &= ~WPA_SCAN_LEVEL_DBM;
8411 			res->level = dso->scan_level;
8412 			break;
8413 		}
8414 	}
8415 #endif /* CONFIG_TESTING_OPTIONS */
8416 
8417 	return scan_res;
8418 }
8419