3 * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
14 * This file implements functions for registering and unregistering
15 * %wpa_supplicant interfaces. In addition, this file contains number of
16 * functions for managing network connections.
26 #include "wpa_supplicant.h"
28 #include "l2_packet.h"
29 #include "wpa_supplicant_i.h"
30 #include "ctrl_iface.h"
31 #include "ctrl_iface_dbus.h"
32 #include "pcsc_funcs.h"
35 #include "pmksa_cache.h"
39 const char *wpa_supplicant_version =
40 "wpa_supplicant v" VERSION_STR "\n"
41 "Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi> and contributors";
43 const char *wpa_supplicant_license =
44 "This program is free software. You can distribute it and/or modify it\n"
45 "under the terms of the GNU General Public License version 2.\n"
47 "Alternatively, this software may be distributed under the terms of the\n"
48 "BSD license. See README and COPYING for more details.\n"
49 #ifdef EAP_TLS_OPENSSL
50 "\nThis product includes software developed by the OpenSSL Project\n"
51 "for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
52 #endif /* EAP_TLS_OPENSSL */
55 #ifndef CONFIG_NO_STDOUT_DEBUG
56 /* Long text divided into parts in order to fit in C89 strings size limits. */
57 const char *wpa_supplicant_full_license1 =
58 "This program is free software; you can redistribute it and/or modify\n"
59 "it under the terms of the GNU General Public License version 2 as\n"
60 "published by the Free Software Foundation.\n"
62 "This program is distributed in the hope that it will be useful,\n"
63 "but WITHOUT ANY WARRANTY; without even the implied warranty of\n"
64 "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n"
65 "GNU General Public License for more details.\n"
67 const char *wpa_supplicant_full_license2 =
68 "You should have received a copy of the GNU General Public License\n"
69 "along with this program; if not, write to the Free Software\n"
70 "Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n"
72 "Alternatively, this software may be distributed under the terms of the\n"
75 "Redistribution and use in source and binary forms, with or without\n"
76 "modification, are permitted provided that the following conditions are\n"
79 const char *wpa_supplicant_full_license3 =
80 "1. Redistributions of source code must retain the above copyright\n"
81 " notice, this list of conditions and the following disclaimer.\n"
83 "2. Redistributions in binary form must reproduce the above copyright\n"
84 " notice, this list of conditions and the following disclaimer in the\n"
85 " documentation and/or other materials provided with the distribution.\n"
87 const char *wpa_supplicant_full_license4 =
88 "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
89 " names of its contributors may be used to endorse or promote products\n"
90 " derived from this software without specific prior written permission.\n"
92 "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
93 "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
94 "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
95 "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
96 const char *wpa_supplicant_full_license5 =
97 "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
98 "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
99 "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
100 "DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
101 "THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
102 "(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
103 "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
105 #endif /* CONFIG_NO_STDOUT_DEBUG */
107 extern struct wpa_driver_ops *wpa_supplicant_drivers[];
109 extern int wpa_debug_use_file;
110 extern int wpa_debug_level;
111 extern int wpa_debug_show_keys;
112 extern int wpa_debug_timestamp;
114 static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx);
116 #if defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA)
117 static u8 * wpa_alloc_eapol(const struct wpa_supplicant *wpa_s, u8 type,
118 const void *data, u16 data_len,
119 size_t *msg_len, void **data_pos)
121 struct ieee802_1x_hdr *hdr;
123 *msg_len = sizeof(*hdr) + data_len;
124 hdr = os_malloc(*msg_len);
128 hdr->version = wpa_s->conf->eapol_version;
130 hdr->length = host_to_be16(data_len);
133 os_memcpy(hdr + 1, data, data_len);
135 os_memset(hdr + 1, 0, data_len);
145 * wpa_ether_send - Send Ethernet frame
146 * @wpa_s: Pointer to wpa_supplicant data
147 * @dest: Destination MAC address
148 * @proto: Ethertype in host byte order
149 * @buf: Frame payload starting from IEEE 802.1X header
150 * @len: Frame payload length
151 * Returns: >=0 on success, <0 on failure
153 static int wpa_ether_send(struct wpa_supplicant *wpa_s, const u8 *dest,
154 u16 proto, const u8 *buf, size_t len)
157 return l2_packet_send(wpa_s->l2, dest, proto, buf, len);
160 return wpa_drv_send_eapol(wpa_s, dest, proto, buf, len);
162 #endif /* IEEE8021X_EAPOL || !CONFIG_NO_WPA */
165 #ifdef IEEE8021X_EAPOL
167 * wpa_supplicant_eapol_send - Send IEEE 802.1X EAPOL packet to Authenticator
168 * @ctx: Pointer to wpa_supplicant data (wpa_s)
169 * @type: IEEE 802.1X packet type (IEEE802_1X_TYPE_*)
170 * @buf: EAPOL payload (after IEEE 802.1X header)
171 * @len: EAPOL payload length
172 * Returns: >=0 on success, <0 on failure
174 * This function adds Ethernet and IEEE 802.1X header and sends the EAPOL frame
175 * to the current Authenticator.
177 static int wpa_supplicant_eapol_send(void *ctx, int type, const u8 *buf,
180 struct wpa_supplicant *wpa_s = ctx;
181 u8 *msg, *dst, bssid[ETH_ALEN];
185 /* TODO: could add l2_packet_sendmsg that allows fragments to avoid
188 if (wpa_s->key_mgmt == WPA_KEY_MGMT_PSK ||
189 wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
190 /* Current SSID is not using IEEE 802.1X/EAP, so drop possible
191 * EAPOL frames (mainly, EAPOL-Start) from EAPOL state
193 wpa_printf(MSG_DEBUG, "WPA: drop TX EAPOL in non-IEEE 802.1X "
194 "mode (type=%d len=%lu)", type,
195 (unsigned long) len);
199 if (pmksa_cache_get_current(wpa_s->wpa) &&
200 type == IEEE802_1X_TYPE_EAPOL_START) {
201 /* Trying to use PMKSA caching - do not send EAPOL-Start frames
202 * since they will trigger full EAPOL authentication. */
203 wpa_printf(MSG_DEBUG, "RSN: PMKSA caching - do not send "
208 if (os_memcmp(wpa_s->bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0)
210 wpa_printf(MSG_DEBUG, "BSSID not set when trying to send an "
212 if (wpa_drv_get_bssid(wpa_s, bssid) == 0 &&
213 os_memcmp(bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) !=
216 wpa_printf(MSG_DEBUG, "Using current BSSID " MACSTR
217 " from the driver as the EAPOL destination",
220 dst = wpa_s->last_eapol_src;
221 wpa_printf(MSG_DEBUG, "Using the source address of the"
222 " last received EAPOL frame " MACSTR " as "
223 "the EAPOL destination",
227 /* BSSID was already set (from (Re)Assoc event, so use it as
228 * the EAPOL destination. */
232 msg = wpa_alloc_eapol(wpa_s, type, buf, len, &msglen, NULL);
236 wpa_hexdump(MSG_MSGDUMP, "TX EAPOL", msg, msglen);
237 res = wpa_ether_send(wpa_s, dst, ETH_P_EAPOL, msg, msglen);
244 * wpa_eapol_set_wep_key - set WEP key for the driver
245 * @ctx: Pointer to wpa_supplicant data (wpa_s)
246 * @unicast: 1 = individual unicast key, 0 = broadcast key
247 * @keyidx: WEP key index (0..3)
248 * @key: Pointer to key data
249 * @keylen: Key length in bytes
250 * Returns: 0 on success or < 0 on error.
252 static int wpa_eapol_set_wep_key(void *ctx, int unicast, int keyidx,
253 const u8 *key, size_t keylen)
255 struct wpa_supplicant *wpa_s = ctx;
256 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
257 int cipher = (keylen == 5) ? WPA_CIPHER_WEP40 :
260 wpa_s->pairwise_cipher = cipher;
262 wpa_s->group_cipher = cipher;
264 return wpa_drv_set_key(wpa_s, WPA_ALG_WEP,
265 unicast ? wpa_s->bssid :
266 (u8 *) "\xff\xff\xff\xff\xff\xff",
267 keyidx, unicast, (u8 *) "", 0, key, keylen);
271 static void wpa_supplicant_aborted_cached(void *ctx)
273 struct wpa_supplicant *wpa_s = ctx;
274 wpa_sm_aborted_cached(wpa_s->wpa);
277 #endif /* IEEE8021X_EAPOL */
280 #if defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA)
281 static void wpa_supplicant_set_config_blob(void *ctx,
282 struct wpa_config_blob *blob)
284 struct wpa_supplicant *wpa_s = ctx;
285 wpa_config_set_blob(wpa_s->conf, blob);
289 static const struct wpa_config_blob *
290 wpa_supplicant_get_config_blob(void *ctx, const char *name)
292 struct wpa_supplicant *wpa_s = ctx;
293 return wpa_config_get_blob(wpa_s->conf, name);
295 #endif /* defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA) */
298 /* Configure default/group WEP key for static WEP */
299 static int wpa_set_wep_key(void *ctx, int set_tx, int keyidx, const u8 *key,
302 struct wpa_supplicant *wpa_s = ctx;
303 return wpa_drv_set_key(wpa_s, WPA_ALG_WEP,
304 (u8 *) "\xff\xff\xff\xff\xff\xff",
305 keyidx, set_tx, (u8 *) "", 0, key, keylen);
309 static int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
310 struct wpa_ssid *ssid)
317 /* IBSS/WPA-None uses only one key (Group) for both receiving and
318 * sending unicast and multicast packets. */
320 if (ssid->mode != IEEE80211_MODE_IBSS) {
321 wpa_printf(MSG_INFO, "WPA: Invalid mode %d (not IBSS/ad-hoc) "
322 "for WPA-None", ssid->mode);
326 if (!ssid->psk_set) {
327 wpa_printf(MSG_INFO, "WPA: No PSK configured for WPA-None");
331 switch (wpa_s->group_cipher) {
332 case WPA_CIPHER_CCMP:
333 os_memcpy(key, ssid->psk, 16);
337 case WPA_CIPHER_TKIP:
338 /* WPA-None uses the same Michael MIC key for both TX and RX */
339 os_memcpy(key, ssid->psk, 16 + 8);
340 os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
345 wpa_printf(MSG_INFO, "WPA: Invalid group cipher %d for "
346 "WPA-None", wpa_s->group_cipher);
350 /* TODO: should actually remember the previously used seq#, both for TX
351 * and RX from each STA.. */
353 return wpa_drv_set_key(wpa_s, alg, (u8 *) "\xff\xff\xff\xff\xff\xff",
354 0, 1, seq, 6, key, keylen);
358 #ifdef IEEE8021X_EAPOL
359 static void wpa_supplicant_notify_eapol_done(void *ctx)
361 struct wpa_supplicant *wpa_s = ctx;
362 wpa_msg(wpa_s, MSG_DEBUG, "WPA: EAPOL processing complete");
363 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X) {
364 wpa_supplicant_set_state(wpa_s, WPA_4WAY_HANDSHAKE);
366 eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL);
367 wpa_supplicant_cancel_auth_timeout(wpa_s);
368 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
371 #endif /* IEEE8021X_EAPOL */
375 * wpa_blacklist_get - Get the blacklist entry for a BSSID
376 * @wpa_s: Pointer to wpa_supplicant data
378 * Returns: Matching blacklist entry for the BSSID or %NULL if not found
380 struct wpa_blacklist * wpa_blacklist_get(struct wpa_supplicant *wpa_s,
383 struct wpa_blacklist *e;
385 e = wpa_s->blacklist;
387 if (os_memcmp(e->bssid, bssid, ETH_ALEN) == 0)
397 * wpa_blacklist_add - Add an BSSID to the blacklist
398 * @wpa_s: Pointer to wpa_supplicant data
399 * @bssid: BSSID to be added to the blacklist
400 * Returns: 0 on success, -1 on failure
402 * This function adds the specified BSSID to the blacklist or increases the
403 * blacklist count if the BSSID was already listed. It should be called when
404 * an association attempt fails either due to the selected BSS rejecting
405 * association or due to timeout.
407 * This blacklist is used to force %wpa_supplicant to go through all available
408 * BSSes before retrying to associate with an BSS that rejected or timed out
409 * association. It does not prevent the listed BSS from being used; it only
410 * changes the order in which they are tried.
412 int wpa_blacklist_add(struct wpa_supplicant *wpa_s, const u8 *bssid)
414 struct wpa_blacklist *e;
416 e = wpa_blacklist_get(wpa_s, bssid);
419 wpa_printf(MSG_DEBUG, "BSSID " MACSTR " blacklist count "
421 MAC2STR(bssid), e->count);
425 e = os_zalloc(sizeof(*e));
428 os_memcpy(e->bssid, bssid, ETH_ALEN);
430 e->next = wpa_s->blacklist;
431 wpa_s->blacklist = e;
432 wpa_printf(MSG_DEBUG, "Added BSSID " MACSTR " into blacklist",
439 static int wpa_blacklist_del(struct wpa_supplicant *wpa_s, const u8 *bssid)
441 struct wpa_blacklist *e, *prev = NULL;
443 e = wpa_s->blacklist;
445 if (os_memcmp(e->bssid, bssid, ETH_ALEN) == 0) {
447 wpa_s->blacklist = e->next;
449 prev->next = e->next;
451 wpa_printf(MSG_DEBUG, "Removed BSSID " MACSTR " from "
452 "blacklist", MAC2STR(bssid));
464 * wpa_blacklist_clear - Clear the blacklist of all entries
465 * @wpa_s: Pointer to wpa_supplicant data
467 void wpa_blacklist_clear(struct wpa_supplicant *wpa_s)
469 struct wpa_blacklist *e, *prev;
471 e = wpa_s->blacklist;
472 wpa_s->blacklist = NULL;
476 wpa_printf(MSG_DEBUG, "Removed BSSID " MACSTR " from "
477 "blacklist (clear)", MAC2STR(prev->bssid));
484 * wpa_supplicant_req_scan - Schedule a scan for neighboring access points
485 * @wpa_s: Pointer to wpa_supplicant data
486 * @sec: Number of seconds after which to scan
487 * @usec: Number of microseconds after which to scan
489 * This function is used to schedule a scan for neighboring access points after
490 * the specified time.
492 void wpa_supplicant_req_scan(struct wpa_supplicant *wpa_s, int sec, int usec)
494 wpa_msg(wpa_s, MSG_DEBUG, "Setting scan request: %d sec %d usec",
496 eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL);
497 eloop_register_timeout(sec, usec, wpa_supplicant_scan, wpa_s, NULL);
502 * wpa_supplicant_cancel_scan - Cancel a scheduled scan request
503 * @wpa_s: Pointer to wpa_supplicant data
505 * This function is used to cancel a scan request scheduled with
506 * wpa_supplicant_req_scan().
508 void wpa_supplicant_cancel_scan(struct wpa_supplicant *wpa_s)
510 wpa_msg(wpa_s, MSG_DEBUG, "Cancelling scan request");
511 eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL);
515 static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
517 struct wpa_supplicant *wpa_s = eloop_ctx;
518 const u8 *bssid = wpa_s->bssid;
519 if (os_memcmp(bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0)
520 bssid = wpa_s->pending_bssid;
521 wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
522 MAC2STR(wpa_s->bssid));
523 wpa_blacklist_add(wpa_s, bssid);
524 wpa_sm_notify_disassoc(wpa_s->wpa);
525 wpa_supplicant_disassociate(wpa_s, REASON_DEAUTH_LEAVING);
526 wpa_s->reassociate = 1;
527 wpa_supplicant_req_scan(wpa_s, 0, 0);
532 * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
533 * @wpa_s: Pointer to wpa_supplicant data
534 * @sec: Number of seconds after which to time out authentication
535 * @usec: Number of microseconds after which to time out authentication
537 * This function is used to schedule a timeout for the current authentication
540 void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
543 if (wpa_s->conf && wpa_s->conf->ap_scan == 0 &&
544 wpa_s->driver && os_strcmp(wpa_s->driver->name, "wired") == 0)
547 wpa_msg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
548 "%d usec", sec, usec);
549 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
550 eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
555 * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
556 * @wpa_s: Pointer to wpa_supplicant data
558 * This function is used to cancel authentication timeout scheduled with
559 * wpa_supplicant_req_auth_timeout() and it is called when authentication has
562 void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
564 wpa_msg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
565 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
566 wpa_blacklist_del(wpa_s, wpa_s->bssid);
571 * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
572 * @wpa_s: Pointer to wpa_supplicant data
574 * This function is used to configure EAPOL state machine based on the selected
575 * authentication mode.
577 void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
579 #ifdef IEEE8021X_EAPOL
580 struct eapol_config eapol_conf;
581 struct wpa_ssid *ssid = wpa_s->current_ssid;
583 if (wpa_s->key_mgmt == WPA_KEY_MGMT_PSK) {
584 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
585 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
587 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
588 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
589 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
591 eapol_sm_notify_portControl(wpa_s->eapol, Auto);
593 os_memset(&eapol_conf, 0, sizeof(eapol_conf));
594 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
595 eapol_conf.accept_802_1x_keys = 1;
596 eapol_conf.required_keys = 0;
597 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
598 eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
600 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
601 eapol_conf.required_keys |=
602 EAPOL_REQUIRE_KEY_BROADCAST;
605 if (wpa_s->conf && wpa_s->driver &&
606 os_strcmp(wpa_s->driver->name, "wired") == 0) {
607 eapol_conf.required_keys = 0;
611 eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
612 eapol_conf.workaround = ssid->eap_workaround;
613 eapol_conf.eap_disabled = wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X &&
614 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA;
615 eapol_sm_notify_config(wpa_s->eapol, ssid, &eapol_conf);
616 #endif /* IEEE8021X_EAPOL */
621 * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
622 * @wpa_s: Pointer to wpa_supplicant data
623 * @ssid: Configuration data for the network
625 * This function is used to configure WPA state machine and related parameters
626 * to a mode where WPA is not enabled. This is called as part of the
627 * authentication configuration when the selected network does not use WPA.
629 void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
630 struct wpa_ssid *ssid)
634 if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
635 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
637 wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
638 wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
639 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
640 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
641 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
642 wpa_s->group_cipher = WPA_CIPHER_NONE;
643 wpa_s->mgmt_group_cipher = 0;
645 for (i = 0; i < NUM_WEP_KEYS; i++) {
646 if (ssid->wep_key_len[i] > 5) {
647 wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
648 wpa_s->group_cipher = WPA_CIPHER_WEP104;
650 } else if (ssid->wep_key_len[i] > 0) {
651 wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
652 wpa_s->group_cipher = WPA_CIPHER_WEP40;
657 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
658 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
659 wpa_s->pairwise_cipher);
660 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
661 #ifdef CONFIG_IEEE80211W
662 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
663 wpa_s->mgmt_group_cipher);
664 #endif /* CONFIG_IEEE80211W */
666 pmksa_cache_clear_current(wpa_s->wpa);
670 static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
672 scard_deinit(wpa_s->scard);
674 wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
675 eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
676 l2_packet_deinit(wpa_s->l2);
679 l2_packet_deinit(wpa_s->l2_br);
683 if (wpa_s->ctrl_iface) {
684 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
685 wpa_s->ctrl_iface = NULL;
687 if (wpa_s->conf != NULL) {
688 wpa_config_free(wpa_s->conf);
692 os_free(wpa_s->confname);
693 wpa_s->confname = NULL;
695 wpa_sm_set_eapol(wpa_s->wpa, NULL);
696 eapol_sm_deinit(wpa_s->eapol);
699 rsn_preauth_deinit(wpa_s->wpa);
701 pmksa_candidate_free(wpa_s->wpa);
702 wpa_sm_deinit(wpa_s->wpa);
704 wpa_blacklist_clear(wpa_s);
706 os_free(wpa_s->scan_results);
707 wpa_s->scan_results = NULL;
708 wpa_s->num_scan_results = 0;
710 wpa_supplicant_cancel_scan(wpa_s);
711 wpa_supplicant_cancel_auth_timeout(wpa_s);
713 ieee80211_sta_deinit(wpa_s);
718 * wpa_clear_keys - Clear keys configured for the driver
719 * @wpa_s: Pointer to wpa_supplicant data
720 * @addr: Previously used BSSID or %NULL if not available
722 * This function clears the encryption keys that has been previously configured
725 void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
727 u8 *bcast = (u8 *) "\xff\xff\xff\xff\xff\xff";
729 if (wpa_s->keys_cleared) {
730 /* Some drivers (e.g., ndiswrapper & NDIS drivers) seem to have
731 * timing issues with keys being cleared just before new keys
732 * are set or just after association or something similar. This
733 * shows up in group key handshake failing often because of the
734 * client not receiving the first encrypted packets correctly.
735 * Skipping some of the extra key clearing steps seems to help
736 * in completing group key handshake more reliably. */
737 wpa_printf(MSG_DEBUG, "No keys have been configured - "
738 "skip key clearing");
742 /* MLME-DELETEKEYS.request */
743 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 0, 0, NULL, 0, NULL, 0);
744 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 1, 0, NULL, 0, NULL, 0);
745 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 2, 0, NULL, 0, NULL, 0);
746 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 3, 0, NULL, 0, NULL, 0);
748 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
750 /* MLME-SETPROTECTION.request(None) */
751 wpa_drv_mlme_setprotection(
753 MLME_SETPROTECTION_PROTECT_TYPE_NONE,
754 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
756 wpa_s->keys_cleared = 1;
761 * wpa_supplicant_state_txt - Get the connection state name as a text string
762 * @state: State (wpa_state; WPA_*)
763 * Returns: The state name as a printable text string
765 const char * wpa_supplicant_state_txt(int state)
768 case WPA_DISCONNECTED:
769 return "DISCONNECTED";
774 case WPA_ASSOCIATING:
775 return "ASSOCIATING";
778 case WPA_4WAY_HANDSHAKE:
779 return "4WAY_HANDSHAKE";
780 case WPA_GROUP_HANDSHAKE:
781 return "GROUP_HANDSHAKE";
791 * wpa_supplicant_set_state - Set current connection state
792 * @wpa_s: Pointer to wpa_supplicant data
793 * @state: The new connection state
795 * This function is called whenever the connection state changes, e.g.,
796 * association is completed for WPA/WPA2 4-Way Handshake is started.
798 void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s, wpa_states state)
800 wpa_printf(MSG_DEBUG, "State: %s -> %s",
801 wpa_supplicant_state_txt(wpa_s->wpa_state),
802 wpa_supplicant_state_txt(state));
804 wpa_supplicant_dbus_notify_state_change(wpa_s, state,
807 if (state == WPA_COMPLETED && wpa_s->new_connection) {
808 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
809 struct wpa_ssid *ssid = wpa_s->current_ssid;
810 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
811 MACSTR " completed %s [id=%d id_str=%s]",
812 MAC2STR(wpa_s->bssid), wpa_s->reassociated_connection ?
813 "(reauth)" : "(auth)",
814 ssid ? ssid->id : -1,
815 ssid && ssid->id_str ? ssid->id_str : "");
816 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
817 wpa_s->new_connection = 0;
818 wpa_s->reassociated_connection = 1;
819 wpa_drv_set_operstate(wpa_s, 1);
820 } else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
821 state == WPA_ASSOCIATED) {
822 wpa_s->new_connection = 1;
823 wpa_drv_set_operstate(wpa_s, 0);
825 wpa_s->wpa_state = state;
830 * wpa_supplicant_get_state - Get the connection state
831 * @wpa_s: Pointer to wpa_supplicant data
832 * Returns: The current connection state (WPA_*)
834 wpa_states wpa_supplicant_get_state(struct wpa_supplicant *wpa_s)
836 return wpa_s->wpa_state;
840 static void wpa_supplicant_terminate(int sig, void *eloop_ctx,
843 struct wpa_global *global = eloop_ctx;
844 struct wpa_supplicant *wpa_s;
845 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
846 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING "- signal %d "
853 static void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
855 wpa_s->pairwise_cipher = 0;
856 wpa_s->group_cipher = 0;
857 wpa_s->mgmt_group_cipher = 0;
859 wpa_s->wpa_state = WPA_DISCONNECTED;
864 * wpa_supplicant_reload_configuration - Reload configuration data
865 * @wpa_s: Pointer to wpa_supplicant data
866 * Returns: 0 on success or -1 if configuration parsing failed
868 * This function can be used to request that the configuration data is reloaded
869 * (e.g., after configuration file change). This function is reloading
870 * configuration only for one interface, so this may need to be called multiple
871 * times if %wpa_supplicant is controlling multiple interfaces and all
872 * interfaces need reconfiguration.
874 int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
876 struct wpa_config *conf;
878 if (wpa_s->confname == NULL)
880 conf = wpa_config_read(wpa_s->confname);
882 wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
883 "file '%s' - exiting", wpa_s->confname);
887 reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
888 || (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
889 os_strcmp(conf->ctrl_interface,
890 wpa_s->conf->ctrl_interface) != 0);
892 if (reconf_ctrl && wpa_s->ctrl_iface) {
893 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
894 wpa_s->ctrl_iface = NULL;
897 eapol_sm_invalidate_cached_session(wpa_s->eapol);
898 wpa_s->current_ssid = NULL;
900 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
901 * pkcs11_engine_path, pkcs11_module_path.
903 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
904 wpa_sm_set_config(wpa_s->wpa, NULL);
905 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
906 rsn_preauth_deinit(wpa_s->wpa);
907 wpa_config_free(wpa_s->conf);
910 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
912 wpa_supplicant_clear_status(wpa_s);
913 wpa_s->reassociate = 1;
914 wpa_supplicant_req_scan(wpa_s, 0, 0);
915 wpa_msg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
920 static void wpa_supplicant_reconfig(int sig, void *eloop_ctx,
923 struct wpa_global *global = eloop_ctx;
924 struct wpa_supplicant *wpa_s;
925 wpa_printf(MSG_DEBUG, "Signal %d received - reconfiguring", sig);
926 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
927 if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
934 static void wpa_supplicant_gen_assoc_event(struct wpa_supplicant *wpa_s)
936 struct wpa_ssid *ssid;
937 union wpa_event_data data;
939 ssid = wpa_supplicant_get_ssid(wpa_s);
943 if (wpa_s->current_ssid == NULL)
944 wpa_s->current_ssid = ssid;
945 wpa_supplicant_initiate_eapol(wpa_s);
946 wpa_printf(MSG_DEBUG, "Already associated with a configured network - "
947 "generating associated event");
948 os_memset(&data, 0, sizeof(data));
949 wpa_supplicant_event(wpa_s, EVENT_ASSOC, &data);
953 static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx)
955 struct wpa_supplicant *wpa_s = eloop_ctx;
956 struct wpa_ssid *ssid;
957 int enabled, scan_req = 0, ret;
959 if (wpa_s->disconnected)
963 ssid = wpa_s->conf->ssid;
965 if (!ssid->disabled) {
971 if (!enabled && !wpa_s->scan_req) {
972 wpa_printf(MSG_DEBUG, "No enabled networks - do not scan");
973 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
976 scan_req = wpa_s->scan_req;
979 if (wpa_s->conf->ap_scan != 0 &&
980 wpa_s->driver && os_strcmp(wpa_s->driver->name, "wired") == 0) {
981 wpa_printf(MSG_DEBUG, "Using wired driver - overriding "
982 "ap_scan configuration");
983 wpa_s->conf->ap_scan = 0;
986 if (wpa_s->conf->ap_scan == 0) {
987 wpa_supplicant_gen_assoc_event(wpa_s);
991 if (wpa_s->wpa_state == WPA_DISCONNECTED ||
992 wpa_s->wpa_state == WPA_INACTIVE)
993 wpa_supplicant_set_state(wpa_s, WPA_SCANNING);
995 ssid = wpa_s->conf->ssid;
996 if (wpa_s->prev_scan_ssid != BROADCAST_SSID_SCAN) {
998 if (ssid == wpa_s->prev_scan_ssid) {
1006 if (!ssid->disabled &&
1007 (ssid->scan_ssid || wpa_s->conf->ap_scan == 2))
1012 if (scan_req != 2 && wpa_s->conf->ap_scan == 2) {
1014 * ap_scan=2 mode - try to associate with each SSID instead of
1015 * scanning for each scan_ssid=1 network.
1018 wpa_printf(MSG_DEBUG, "wpa_supplicant_scan: Reached "
1019 "end of scan list - go back to beginning");
1020 wpa_s->prev_scan_ssid = BROADCAST_SSID_SCAN;
1021 wpa_supplicant_req_scan(wpa_s, 0, 0);
1025 /* Continue from the next SSID on the next attempt. */
1026 wpa_s->prev_scan_ssid = ssid;
1028 /* Start from the beginning of the SSID list. */
1029 wpa_s->prev_scan_ssid = BROADCAST_SSID_SCAN;
1031 wpa_supplicant_associate(wpa_s, NULL, ssid);
1035 wpa_printf(MSG_DEBUG, "Starting AP scan (%s SSID)",
1036 ssid ? "specific": "broadcast");
1038 wpa_hexdump_ascii(MSG_DEBUG, "Scan SSID",
1039 ssid->ssid, ssid->ssid_len);
1040 wpa_s->prev_scan_ssid = ssid;
1042 wpa_s->prev_scan_ssid = BROADCAST_SSID_SCAN;
1044 if (wpa_s->scan_res_tried == 0 && wpa_s->conf->ap_scan == 1) {
1045 wpa_s->scan_res_tried++;
1046 wpa_printf(MSG_DEBUG, "Trying to get current scan results "
1047 "first without requesting a new scan to speed up "
1048 "initial association");
1049 wpa_supplicant_event(wpa_s, EVENT_SCAN_RESULTS, NULL);
1053 if (wpa_s->use_client_mlme) {
1054 ret = ieee80211_sta_req_scan(wpa_s, ssid ? ssid->ssid : NULL,
1055 ssid ? ssid->ssid_len : 0);
1057 ret = wpa_drv_scan(wpa_s, ssid ? ssid->ssid : NULL,
1058 ssid ? ssid->ssid_len : 0);
1061 wpa_printf(MSG_WARNING, "Failed to initiate AP scan.");
1062 wpa_supplicant_req_scan(wpa_s, 10, 0);
1067 static wpa_cipher cipher_suite2driver(int cipher)
1070 case WPA_CIPHER_NONE:
1072 case WPA_CIPHER_WEP40:
1073 return CIPHER_WEP40;
1074 case WPA_CIPHER_WEP104:
1075 return CIPHER_WEP104;
1076 case WPA_CIPHER_CCMP:
1078 case WPA_CIPHER_TKIP:
1085 static wpa_key_mgmt key_mgmt2driver(int key_mgmt)
1088 case WPA_KEY_MGMT_NONE:
1089 return KEY_MGMT_NONE;
1090 case WPA_KEY_MGMT_IEEE8021X_NO_WPA:
1091 return KEY_MGMT_802_1X_NO_WPA;
1092 case WPA_KEY_MGMT_IEEE8021X:
1093 return KEY_MGMT_802_1X;
1094 case WPA_KEY_MGMT_WPA_NONE:
1095 return KEY_MGMT_WPA_NONE;
1096 case WPA_KEY_MGMT_PSK:
1098 return KEY_MGMT_PSK;
1103 static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
1104 struct wpa_ssid *ssid,
1105 struct wpa_ie_data *ie)
1107 int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
1110 wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
1111 "from association info");
1116 wpa_printf(MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set cipher "
1118 if (!(ie->group_cipher & ssid->group_cipher)) {
1119 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
1120 "cipher 0x%x (mask 0x%x) - reject",
1121 ie->group_cipher, ssid->group_cipher);
1124 if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
1125 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
1126 "cipher 0x%x (mask 0x%x) - reject",
1127 ie->pairwise_cipher, ssid->pairwise_cipher);
1130 if (!(ie->key_mgmt & ssid->key_mgmt)) {
1131 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
1132 "management 0x%x (mask 0x%x) - reject",
1133 ie->key_mgmt, ssid->key_mgmt);
1137 #ifdef CONFIG_IEEE80211W
1138 if (!(ie->capabilities & WPA_CAPABILITY_MGMT_FRAME_PROTECTION) &&
1139 ssid->ieee80211w == IEEE80211W_REQUIRED) {
1140 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
1141 "that does not support management frame protection - "
1145 #endif /* CONFIG_IEEE80211W */
1152 * wpa_supplicant_set_suites - Set authentication and encryption parameters
1153 * @wpa_s: Pointer to wpa_supplicant data
1154 * @bss: Scan results for the selected BSS, or %NULL if not available
1155 * @ssid: Configuration data for the selected network
1156 * @wpa_ie: Buffer for the WPA/RSN IE
1157 * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
1158 * used buffer length in case the functions returns success.
1159 * Returns: 0 on success or -1 on failure
1161 * This function is used to configure authentication and encryption parameters
1162 * based on the network configuration and scan result for the selected BSS (if
1165 int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
1166 struct wpa_scan_result *bss,
1167 struct wpa_ssid *ssid,
1168 u8 *wpa_ie, size_t *wpa_ie_len)
1170 struct wpa_ie_data ie;
1173 if (bss && bss->rsn_ie_len && (ssid->proto & WPA_PROTO_RSN) &&
1174 wpa_parse_wpa_ie(bss->rsn_ie, bss->rsn_ie_len, &ie) == 0 &&
1175 (ie.group_cipher & ssid->group_cipher) &&
1176 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1177 (ie.key_mgmt & ssid->key_mgmt)) {
1178 wpa_msg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
1179 proto = WPA_PROTO_RSN;
1180 } else if (bss && bss->wpa_ie_len && (ssid->proto & WPA_PROTO_WPA) &&
1181 wpa_parse_wpa_ie(bss->wpa_ie, bss->wpa_ie_len, &ie) == 0 &&
1182 (ie.group_cipher & ssid->group_cipher) &&
1183 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1184 (ie.key_mgmt & ssid->key_mgmt)) {
1185 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
1186 proto = WPA_PROTO_WPA;
1188 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
1191 if (ssid->proto & WPA_PROTO_RSN)
1192 proto = WPA_PROTO_RSN;
1194 proto = WPA_PROTO_WPA;
1195 if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
1196 os_memset(&ie, 0, sizeof(ie));
1197 ie.group_cipher = ssid->group_cipher;
1198 ie.pairwise_cipher = ssid->pairwise_cipher;
1199 ie.key_mgmt = ssid->key_mgmt;
1200 #ifdef CONFIG_IEEE80211W
1201 ie.mgmt_group_cipher =
1202 ssid->ieee80211w != NO_IEEE80211W ?
1203 WPA_CIPHER_AES_128_CMAC : 0;
1204 #endif /* CONFIG_IEEE80211W */
1205 wpa_printf(MSG_DEBUG, "WPA: Set cipher suites based "
1206 "on configuration");
1211 wpa_printf(MSG_DEBUG, "WPA: Selected cipher suites: group %d "
1212 "pairwise %d key_mgmt %d proto %d",
1213 ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
1214 #ifdef CONFIG_IEEE80211W
1215 if (ssid->ieee80211w) {
1216 wpa_printf(MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
1217 ie.mgmt_group_cipher);
1219 #endif /* CONFIG_IEEE80211W */
1221 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
1223 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss ? bss->wpa_ie : NULL,
1224 bss ? bss->wpa_ie_len : 0) ||
1225 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss ? bss->rsn_ie : NULL,
1226 bss ? bss->rsn_ie_len : 0))
1229 sel = ie.group_cipher & ssid->group_cipher;
1230 if (sel & WPA_CIPHER_CCMP) {
1231 wpa_s->group_cipher = WPA_CIPHER_CCMP;
1232 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK CCMP");
1233 } else if (sel & WPA_CIPHER_TKIP) {
1234 wpa_s->group_cipher = WPA_CIPHER_TKIP;
1235 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK TKIP");
1236 } else if (sel & WPA_CIPHER_WEP104) {
1237 wpa_s->group_cipher = WPA_CIPHER_WEP104;
1238 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK WEP104");
1239 } else if (sel & WPA_CIPHER_WEP40) {
1240 wpa_s->group_cipher = WPA_CIPHER_WEP40;
1241 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK WEP40");
1243 wpa_printf(MSG_WARNING, "WPA: Failed to select group cipher.");
1247 sel = ie.pairwise_cipher & ssid->pairwise_cipher;
1248 if (sel & WPA_CIPHER_CCMP) {
1249 wpa_s->pairwise_cipher = WPA_CIPHER_CCMP;
1250 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK CCMP");
1251 } else if (sel & WPA_CIPHER_TKIP) {
1252 wpa_s->pairwise_cipher = WPA_CIPHER_TKIP;
1253 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK TKIP");
1254 } else if (sel & WPA_CIPHER_NONE) {
1255 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
1256 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK NONE");
1258 wpa_printf(MSG_WARNING, "WPA: Failed to select pairwise "
1263 sel = ie.key_mgmt & ssid->key_mgmt;
1264 if (sel & WPA_KEY_MGMT_IEEE8021X) {
1265 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
1266 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
1267 } else if (sel & WPA_KEY_MGMT_PSK) {
1268 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
1269 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
1270 } else if (sel & WPA_KEY_MGMT_WPA_NONE) {
1271 wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
1272 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
1274 wpa_printf(MSG_WARNING, "WPA: Failed to select authenticated "
1275 "key management type.");
1279 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
1280 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
1281 wpa_s->pairwise_cipher);
1282 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
1284 #ifdef CONFIG_IEEE80211W
1285 sel = ie.mgmt_group_cipher;
1286 if (ssid->ieee80211w == NO_IEEE80211W ||
1287 !(ie.capabilities & WPA_CAPABILITY_MGMT_FRAME_PROTECTION))
1289 if (sel & WPA_CIPHER_AES_128_CMAC) {
1290 wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
1291 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1294 wpa_s->mgmt_group_cipher = 0;
1295 wpa_msg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
1297 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
1298 wpa_s->mgmt_group_cipher);
1299 #endif /* CONFIG_IEEE80211W */
1301 if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
1302 wpa_printf(MSG_WARNING, "WPA: Failed to generate WPA IE.");
1306 if (ssid->key_mgmt & WPA_KEY_MGMT_PSK)
1307 wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN);
1309 wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
1316 * wpa_supplicant_associate - Request association
1317 * @wpa_s: Pointer to wpa_supplicant data
1318 * @bss: Scan results for the selected BSS, or %NULL if not available
1319 * @ssid: Configuration data for the selected network
1321 * This function is used to request %wpa_supplicant to associate with a BSS.
1323 void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
1324 struct wpa_scan_result *bss,
1325 struct wpa_ssid *ssid)
1329 int use_crypt, ret, i;
1330 int algs = AUTH_ALG_OPEN_SYSTEM;
1331 wpa_cipher cipher_pairwise, cipher_group;
1332 struct wpa_driver_associate_params params;
1333 int wep_keys_set = 0;
1334 struct wpa_driver_capa capa;
1335 int assoc_failed = 0;
1337 wpa_s->reassociate = 0;
1339 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
1340 " (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
1341 wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
1342 os_memset(wpa_s->bssid, 0, ETH_ALEN);
1343 os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
1345 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
1346 wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
1347 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
1349 wpa_supplicant_cancel_scan(wpa_s);
1351 /* Starting new association, so clear the possibly used WPA IE from the
1352 * previous association. */
1353 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
1355 #ifdef IEEE8021X_EAPOL
1356 if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1358 if (ssid->non_leap == 0)
1359 algs = AUTH_ALG_LEAP;
1361 algs |= AUTH_ALG_LEAP;
1364 #endif /* IEEE8021X_EAPOL */
1365 wpa_printf(MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
1366 if (ssid->auth_alg) {
1368 if (ssid->auth_alg & WPA_AUTH_ALG_OPEN)
1369 algs |= AUTH_ALG_OPEN_SYSTEM;
1370 if (ssid->auth_alg & WPA_AUTH_ALG_SHARED)
1371 algs |= AUTH_ALG_SHARED_KEY;
1372 if (ssid->auth_alg & WPA_AUTH_ALG_LEAP)
1373 algs |= AUTH_ALG_LEAP;
1374 wpa_printf(MSG_DEBUG, "Overriding auth_alg selection: 0x%x",
1377 wpa_drv_set_auth_alg(wpa_s, algs);
1379 if (bss && (bss->wpa_ie_len || bss->rsn_ie_len) &&
1380 (ssid->key_mgmt & (WPA_KEY_MGMT_IEEE8021X | WPA_KEY_MGMT_PSK))) {
1381 int try_opportunistic;
1382 try_opportunistic = ssid->proactive_key_caching &&
1383 (ssid->proto & WPA_PROTO_RSN);
1384 if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
1385 wpa_s->current_ssid,
1386 try_opportunistic) == 0)
1387 eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1);
1388 wpa_ie_len = sizeof(wpa_ie);
1389 if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
1390 wpa_ie, &wpa_ie_len)) {
1391 wpa_printf(MSG_WARNING, "WPA: Failed to set WPA key "
1392 "management and encryption suites");
1395 } else if (ssid->key_mgmt &
1396 (WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_IEEE8021X |
1397 WPA_KEY_MGMT_WPA_NONE)) {
1398 wpa_ie_len = sizeof(wpa_ie);
1399 if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
1400 wpa_ie, &wpa_ie_len)) {
1401 wpa_printf(MSG_WARNING, "WPA: Failed to set WPA key "
1402 "management and encryption suites (no scan "
1407 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1411 wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
1413 cipher_pairwise = cipher_suite2driver(wpa_s->pairwise_cipher);
1414 cipher_group = cipher_suite2driver(wpa_s->group_cipher);
1415 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
1416 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1417 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
1419 for (i = 0; i < NUM_WEP_KEYS; i++) {
1420 if (ssid->wep_key_len[i]) {
1423 wpa_set_wep_key(wpa_s,
1424 i == ssid->wep_tx_keyidx,
1425 i, ssid->wep_key[i],
1426 ssid->wep_key_len[i]);
1431 #ifdef IEEE8021X_EAPOL
1432 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1433 if ((ssid->eapol_flags &
1434 (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
1435 EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
1439 /* Assume that dynamic WEP-104 keys will be used and
1440 * set cipher suites in order for drivers to expect
1442 cipher_pairwise = cipher_group = CIPHER_WEP104;
1445 #endif /* IEEE8021X_EAPOL */
1447 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1448 /* Set the key before (and later after) association */
1449 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1452 wpa_drv_set_drop_unencrypted(wpa_s, use_crypt);
1453 wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
1454 os_memset(¶ms, 0, sizeof(params));
1456 params.bssid = bss->bssid;
1457 params.ssid = bss->ssid;
1458 params.ssid_len = bss->ssid_len;
1459 params.freq = bss->freq;
1461 params.ssid = ssid->ssid;
1462 params.ssid_len = ssid->ssid_len;
1464 params.wpa_ie = wpa_ie;
1465 params.wpa_ie_len = wpa_ie_len;
1466 params.pairwise_suite = cipher_pairwise;
1467 params.group_suite = cipher_group;
1468 params.key_mgmt_suite = key_mgmt2driver(wpa_s->key_mgmt);
1469 params.auth_alg = algs;
1470 params.mode = ssid->mode;
1471 for (i = 0; i < NUM_WEP_KEYS; i++) {
1472 if (ssid->wep_key_len[i])
1473 params.wep_key[i] = ssid->wep_key[i];
1474 params.wep_key_len[i] = ssid->wep_key_len[i];
1476 params.wep_tx_keyidx = ssid->wep_tx_keyidx;
1478 #ifdef CONFIG_IEEE80211W
1479 switch (ssid->ieee80211w) {
1481 params.mgmt_frame_protection = NO_MGMT_FRAME_PROTECTION;
1483 case IEEE80211W_OPTIONAL:
1484 params.mgmt_frame_protection = MGMT_FRAME_PROTECTION_OPTIONAL;
1486 case IEEE80211W_REQUIRED:
1487 params.mgmt_frame_protection = MGMT_FRAME_PROTECTION_REQUIRED;
1490 #endif /* CONFIG_IEEE80211W */
1492 if (wpa_s->use_client_mlme)
1493 ret = ieee80211_sta_associate(wpa_s, ¶ms);
1495 ret = wpa_drv_associate(wpa_s, ¶ms);
1497 wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
1499 /* try to continue anyway; new association will be tried again
1504 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1505 /* Set the key after the association just in case association
1506 * cleared the previously configured key. */
1507 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1508 /* No need to timeout authentication since there is no key
1510 wpa_supplicant_cancel_auth_timeout(wpa_s);
1511 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
1513 /* Timeout for IEEE 802.11 authentication and association */
1517 else if (wpa_s->conf->ap_scan == 1)
1521 wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
1524 if (wep_keys_set && wpa_drv_get_capa(wpa_s, &capa) == 0 &&
1525 capa.flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC) {
1526 /* Set static WEP keys again */
1528 for (j = 0; j < NUM_WEP_KEYS; j++) {
1529 if (ssid->wep_key_len[j]) {
1530 wpa_set_wep_key(wpa_s,
1531 j == ssid->wep_tx_keyidx,
1532 j, ssid->wep_key[j],
1533 ssid->wep_key_len[j]);
1538 if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
1540 * Do not allow EAP session resumption between different
1541 * network configurations.
1543 eapol_sm_invalidate_cached_session(wpa_s->eapol);
1545 wpa_s->current_ssid = ssid;
1546 wpa_sm_set_config(wpa_s->wpa, wpa_s->current_ssid);
1547 wpa_supplicant_initiate_eapol(wpa_s);
1552 * wpa_supplicant_disassociate - Disassociate the current connection
1553 * @wpa_s: Pointer to wpa_supplicant data
1554 * @reason_code: IEEE 802.11 reason code for the disassociate frame
1556 * This function is used to request %wpa_supplicant to disassociate with the
1559 void wpa_supplicant_disassociate(struct wpa_supplicant *wpa_s,
1563 if (os_memcmp(wpa_s->bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) != 0)
1565 if (wpa_s->use_client_mlme)
1566 ieee80211_sta_disassociate(wpa_s, reason_code);
1568 wpa_drv_disassociate(wpa_s, wpa_s->bssid, reason_code);
1569 addr = wpa_s->bssid;
1571 wpa_clear_keys(wpa_s, addr);
1572 wpa_supplicant_mark_disassoc(wpa_s);
1573 wpa_s->current_ssid = NULL;
1574 wpa_sm_set_config(wpa_s->wpa, NULL);
1575 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1580 * wpa_supplicant_deauthenticate - Deauthenticate the current connection
1581 * @wpa_s: Pointer to wpa_supplicant data
1582 * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
1584 * This function is used to request %wpa_supplicant to disassociate with the
1587 void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
1591 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
1592 if (os_memcmp(wpa_s->bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) != 0)
1594 if (wpa_s->use_client_mlme)
1595 ieee80211_sta_deauthenticate(wpa_s, reason_code);
1597 wpa_drv_deauthenticate(wpa_s, wpa_s->bssid,
1599 addr = wpa_s->bssid;
1601 wpa_clear_keys(wpa_s, addr);
1602 wpa_s->current_ssid = NULL;
1603 wpa_sm_set_config(wpa_s->wpa, NULL);
1604 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1605 eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
1606 eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
1611 * wpa_supplicant_get_scan_results - Get scan results
1612 * @wpa_s: Pointer to wpa_supplicant data
1613 * Returns: 0 on success, -1 on failure
1615 * This function is request the current scan results from the driver and stores
1616 * a local copy of the results in wpa_s->scan_results.
1618 int wpa_supplicant_get_scan_results(struct wpa_supplicant *wpa_s)
1620 #define SCAN_AP_LIMIT 128
1621 struct wpa_scan_result *results, *tmp;
1624 results = os_malloc(SCAN_AP_LIMIT * sizeof(struct wpa_scan_result));
1625 if (results == NULL) {
1626 wpa_printf(MSG_WARNING, "Failed to allocate memory for scan "
1631 if (wpa_s->use_client_mlme) {
1632 num = ieee80211_sta_get_scan_results(wpa_s, results,
1635 num = wpa_drv_get_scan_results(wpa_s, results, SCAN_AP_LIMIT);
1636 wpa_printf(MSG_DEBUG, "Scan results: %d", num);
1638 wpa_printf(MSG_DEBUG, "Failed to get scan results");
1642 if (num > SCAN_AP_LIMIT) {
1643 wpa_printf(MSG_INFO, "Not enough room for all APs (%d < %d)",
1644 num, SCAN_AP_LIMIT);
1645 num = SCAN_AP_LIMIT;
1648 /* Free unneeded memory for unused scan result entries */
1649 tmp = os_realloc(results, num * sizeof(struct wpa_scan_result));
1650 if (tmp || num == 0) {
1654 os_free(wpa_s->scan_results);
1655 wpa_s->scan_results = results;
1656 wpa_s->num_scan_results = num;
1662 #ifndef CONFIG_NO_WPA
1663 static int wpa_get_beacon_ie(struct wpa_supplicant *wpa_s)
1666 struct wpa_scan_result *results, *curr = NULL;
1668 results = wpa_s->scan_results;
1669 if (results == NULL) {
1673 for (i = 0; i < wpa_s->num_scan_results; i++) {
1674 struct wpa_ssid *ssid = wpa_s->current_ssid;
1675 if (os_memcmp(results[i].bssid, wpa_s->bssid, ETH_ALEN) != 0)
1678 ((results[i].ssid_len == ssid->ssid_len &&
1679 os_memcmp(results[i].ssid, ssid->ssid, ssid->ssid_len)
1681 ssid->ssid_len == 0)) {
1688 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, curr->wpa_ie,
1689 curr->wpa_ie_len) ||
1690 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, curr->rsn_ie,
1701 static int wpa_supplicant_get_beacon_ie(void *ctx)
1703 struct wpa_supplicant *wpa_s = ctx;
1704 if (wpa_get_beacon_ie(wpa_s) == 0) {
1708 /* No WPA/RSN IE found in the cached scan results. Try to get updated
1709 * scan results from the driver. */
1710 if (wpa_supplicant_get_scan_results(wpa_s) < 0) {
1714 return wpa_get_beacon_ie(wpa_s);
1716 #endif /* CONFIG_NO_WPA */
1720 * wpa_supplicant_get_ssid - Get a pointer to the current network structure
1721 * @wpa_s: Pointer to wpa_supplicant data
1722 * Returns: A pointer to the current network structure or %NULL on failure
1724 struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
1726 struct wpa_ssid *entry;
1727 u8 ssid[MAX_SSID_LEN];
1733 if (wpa_s->use_client_mlme) {
1734 if (ieee80211_sta_get_ssid(wpa_s, ssid, &ssid_len)) {
1735 wpa_printf(MSG_WARNING, "Could not read SSID from "
1740 res = wpa_drv_get_ssid(wpa_s, ssid);
1742 wpa_printf(MSG_WARNING, "Could not read SSID from "
1749 if (wpa_s->use_client_mlme)
1750 os_memcpy(bssid, wpa_s->bssid, ETH_ALEN);
1751 else if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
1752 wpa_printf(MSG_WARNING, "Could not read BSSID from driver.");
1756 wired = wpa_s->conf->ap_scan == 0 && wpa_s->driver &&
1757 os_strcmp(wpa_s->driver->name, "wired") == 0;
1759 entry = wpa_s->conf->ssid;
1761 if (!entry->disabled &&
1762 ((ssid_len == entry->ssid_len &&
1763 os_memcmp(ssid, entry->ssid, ssid_len) == 0) || wired) &&
1764 (!entry->bssid_set ||
1765 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
1767 entry = entry->next;
1774 #ifndef CONFIG_NO_WPA
1775 static u8 * _wpa_alloc_eapol(void *wpa_s, u8 type,
1776 const void *data, u16 data_len,
1777 size_t *msg_len, void **data_pos)
1779 return wpa_alloc_eapol(wpa_s, type, data, data_len, msg_len, data_pos);
1783 static int _wpa_ether_send(void *wpa_s, const u8 *dest, u16 proto,
1784 const u8 *buf, size_t len)
1786 return wpa_ether_send(wpa_s, dest, proto, buf, len);
1790 static void _wpa_supplicant_req_scan(void *wpa_s, int sec, int usec)
1792 wpa_supplicant_req_scan(wpa_s, sec, usec);
1796 static void _wpa_supplicant_cancel_auth_timeout(void *wpa_s)
1798 wpa_supplicant_cancel_auth_timeout(wpa_s);
1802 static void _wpa_supplicant_set_state(void *wpa_s, wpa_states state)
1804 wpa_supplicant_set_state(wpa_s, state);
1808 static wpa_states _wpa_supplicant_get_state(void *wpa_s)
1810 return wpa_supplicant_get_state(wpa_s);
1814 static void _wpa_supplicant_disassociate(void *wpa_s, int reason_code)
1816 wpa_supplicant_disassociate(wpa_s, reason_code);
1820 static void _wpa_supplicant_deauthenticate(void *wpa_s, int reason_code)
1822 wpa_supplicant_deauthenticate(wpa_s, reason_code);
1826 static struct wpa_ssid * _wpa_supplicant_get_ssid(void *wpa_s)
1828 return wpa_supplicant_get_ssid(wpa_s);
1832 static int wpa_supplicant_get_bssid(void *ctx, u8 *bssid)
1834 struct wpa_supplicant *wpa_s = ctx;
1835 if (wpa_s->use_client_mlme) {
1836 os_memcpy(bssid, wpa_s->bssid, ETH_ALEN);
1839 return wpa_drv_get_bssid(wpa_s, bssid);
1843 static int wpa_supplicant_set_key(void *wpa_s, wpa_alg alg,
1844 const u8 *addr, int key_idx, int set_tx,
1845 const u8 *seq, size_t seq_len,
1846 const u8 *key, size_t key_len)
1848 return wpa_drv_set_key(wpa_s, alg, addr, key_idx, set_tx, seq, seq_len,
1853 static int wpa_supplicant_mlme_setprotection(void *wpa_s, const u8 *addr,
1854 int protection_type,
1857 return wpa_drv_mlme_setprotection(wpa_s, addr, protection_type,
1862 static int wpa_supplicant_add_pmkid(void *wpa_s,
1863 const u8 *bssid, const u8 *pmkid)
1865 return wpa_drv_add_pmkid(wpa_s, bssid, pmkid);
1869 static int wpa_supplicant_remove_pmkid(void *wpa_s,
1870 const u8 *bssid, const u8 *pmkid)
1872 return wpa_drv_remove_pmkid(wpa_s, bssid, pmkid);
1874 #endif /* CONFIG_NO_WPA */
1877 static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
1885 if (wpa_supplicant_drivers[0] == NULL) {
1886 wpa_printf(MSG_ERROR, "No driver interfaces build into "
1892 /* default to first driver in the list */
1893 wpa_s->driver = wpa_supplicant_drivers[0];
1897 for (i = 0; wpa_supplicant_drivers[i]; i++) {
1898 if (os_strcmp(name, wpa_supplicant_drivers[i]->name) == 0) {
1899 wpa_s->driver = wpa_supplicant_drivers[i];
1904 wpa_printf(MSG_ERROR, "Unsupported driver '%s'.\n", name);
1909 void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
1910 const u8 *buf, size_t len)
1912 struct wpa_supplicant *wpa_s = ctx;
1914 wpa_printf(MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
1915 wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
1917 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
1918 wpa_printf(MSG_DEBUG, "Ignored received EAPOL frame since "
1919 "no key management is configured");
1923 if (wpa_s->eapol_received == 0) {
1924 /* Timeout for completing IEEE 802.1X and WPA authentication */
1925 wpa_supplicant_req_auth_timeout(
1927 (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X ||
1928 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) ?
1931 wpa_s->eapol_received++;
1933 if (wpa_s->countermeasures) {
1934 wpa_printf(MSG_INFO, "WPA: Countermeasures - dropped EAPOL "
1939 /* Source address of the incoming EAPOL frame could be compared to the
1940 * current BSSID. However, it is possible that a centralized
1941 * Authenticator could be using another MAC address than the BSSID of
1942 * an AP, so just allow any address to be used for now. The replies are
1943 * still sent to the current BSSID (if available), though. */
1945 os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
1946 if (wpa_s->key_mgmt != WPA_KEY_MGMT_PSK &&
1947 eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
1949 wpa_drv_poll(wpa_s);
1950 wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
1955 * wpa_supplicant_driver_init - Initialize driver interface parameters
1956 * @wpa_s: Pointer to wpa_supplicant data
1957 * @wait_for_interface: 0 = do not wait for the interface (reports a failure if
1958 * the interface is not present), 1 = wait until the interface is available
1959 * Returns: 0 on success, -1 on failure
1961 * This function is called to initialize driver interface parameters.
1962 * wpa_drv_init() must have been called before this function to initialize the
1965 int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s,
1966 int wait_for_interface)
1968 static int interface_count = 0;
1971 if (wpa_s->driver->send_eapol) {
1972 const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
1974 os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
1977 wpa_s->l2 = l2_packet_init(wpa_s->ifname,
1978 wpa_drv_get_mac_addr(wpa_s),
1980 wpa_supplicant_rx_eapol, wpa_s, 0);
1983 else if (!wait_for_interface)
1985 wpa_printf(MSG_DEBUG, "Waiting for interface..");
1989 if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
1990 wpa_printf(MSG_ERROR, "Failed to get own L2 address");
1994 wpa_printf(MSG_DEBUG, "Own MAC address: " MACSTR,
1995 MAC2STR(wpa_s->own_addr));
1997 if (wpa_s->bridge_ifname[0]) {
1998 wpa_printf(MSG_DEBUG, "Receiving packets from bridge interface"
1999 " '%s'", wpa_s->bridge_ifname);
2000 wpa_s->l2_br = l2_packet_init(wpa_s->bridge_ifname,
2003 wpa_supplicant_rx_eapol, wpa_s,
2005 if (wpa_s->l2_br == NULL) {
2006 wpa_printf(MSG_ERROR, "Failed to open l2_packet "
2007 "connection for the bridge interface '%s'",
2008 wpa_s->bridge_ifname);
2013 /* Backwards compatibility call to set_wpa() handler. This is called
2014 * only just after init and just before deinit, so these handler can be
2015 * used to implement same functionality. */
2016 if (wpa_drv_set_wpa(wpa_s, 1) < 0) {
2017 struct wpa_driver_capa capa;
2018 if (wpa_drv_get_capa(wpa_s, &capa) < 0 ||
2019 !(capa.flags & (WPA_DRIVER_CAPA_KEY_MGMT_WPA |
2020 WPA_DRIVER_CAPA_KEY_MGMT_WPA2))) {
2021 wpa_printf(MSG_DEBUG, "Driver does not support WPA.");
2022 /* Continue to allow non-WPA modes to be used. */
2024 wpa_printf(MSG_ERROR, "Failed to enable WPA in the "
2030 wpa_clear_keys(wpa_s, NULL);
2032 /* Make sure that TKIP countermeasures are not left enabled (could
2033 * happen if wpa_supplicant is killed during countermeasures. */
2034 wpa_drv_set_countermeasures(wpa_s, 0);
2036 wpa_drv_set_drop_unencrypted(wpa_s, 1);
2038 wpa_s->prev_scan_ssid = BROADCAST_SSID_SCAN;
2039 wpa_supplicant_req_scan(wpa_s, interface_count, 100000);
2046 static int wpa_supplicant_daemon(const char *pid_file)
2048 wpa_printf(MSG_DEBUG, "Daemonize..");
2049 return os_daemonize(pid_file);
2053 static struct wpa_supplicant * wpa_supplicant_alloc(void)
2055 struct wpa_supplicant *wpa_s;
2057 wpa_s = os_zalloc(sizeof(*wpa_s));
2060 wpa_s->scan_req = 1;
2066 static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
2067 struct wpa_interface *iface)
2069 wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
2070 "'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
2071 iface->confname ? iface->confname : "N/A",
2072 iface->driver ? iface->driver : "default",
2073 iface->ctrl_interface ? iface->ctrl_interface : "N/A",
2074 iface->bridge_ifname ? iface->bridge_ifname : "N/A");
2076 if (wpa_supplicant_set_driver(wpa_s, iface->driver) < 0) {
2080 if (iface->confname) {
2081 #ifdef CONFIG_BACKEND_FILE
2082 wpa_s->confname = os_rel2abs_path(iface->confname);
2083 if (wpa_s->confname == NULL) {
2084 wpa_printf(MSG_ERROR, "Failed to get absolute path "
2085 "for configuration file '%s'.",
2089 wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
2090 iface->confname, wpa_s->confname);
2091 #else /* CONFIG_BACKEND_FILE */
2092 wpa_s->confname = os_strdup(iface->confname);
2093 #endif /* CONFIG_BACKEND_FILE */
2094 wpa_s->conf = wpa_config_read(wpa_s->confname);
2095 if (wpa_s->conf == NULL) {
2096 wpa_printf(MSG_ERROR, "Failed to read or parse "
2097 "configuration '%s'.", wpa_s->confname);
2102 * Override ctrl_interface and driver_param if set on command
2105 if (iface->ctrl_interface) {
2106 os_free(wpa_s->conf->ctrl_interface);
2107 wpa_s->conf->ctrl_interface =
2108 os_strdup(iface->ctrl_interface);
2111 if (iface->driver_param) {
2112 os_free(wpa_s->conf->driver_param);
2113 wpa_s->conf->driver_param =
2114 os_strdup(iface->driver_param);
2117 wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
2118 iface->driver_param);
2120 if (wpa_s->conf == NULL) {
2121 wpa_printf(MSG_ERROR, "\nNo configuration found.");
2125 if (iface->ifname == NULL) {
2126 wpa_printf(MSG_ERROR, "\nInterface name is required.");
2129 if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
2130 wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
2134 os_strncpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
2136 if (iface->bridge_ifname) {
2137 if (os_strlen(iface->bridge_ifname) >=
2138 sizeof(wpa_s->bridge_ifname)) {
2139 wpa_printf(MSG_ERROR, "\nToo long bridge interface "
2140 "name '%s'.", iface->bridge_ifname);
2143 os_strncpy(wpa_s->bridge_ifname, iface->bridge_ifname,
2144 sizeof(wpa_s->bridge_ifname));
2151 static int wpa_supplicant_init_eapol(struct wpa_supplicant *wpa_s)
2153 #ifdef IEEE8021X_EAPOL
2154 struct eapol_ctx *ctx;
2155 ctx = os_zalloc(sizeof(*ctx));
2157 wpa_printf(MSG_ERROR, "Failed to allocate EAPOL context.");
2162 ctx->msg_ctx = wpa_s;
2163 ctx->eapol_send_ctx = wpa_s;
2165 ctx->eapol_done_cb = wpa_supplicant_notify_eapol_done;
2166 ctx->eapol_send = wpa_supplicant_eapol_send;
2167 ctx->set_wep_key = wpa_eapol_set_wep_key;
2168 ctx->set_config_blob = wpa_supplicant_set_config_blob;
2169 ctx->get_config_blob = wpa_supplicant_get_config_blob;
2170 ctx->aborted_cached = wpa_supplicant_aborted_cached;
2171 ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path;
2172 ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path;
2173 ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path;
2174 wpa_s->eapol = eapol_sm_init(ctx);
2175 if (wpa_s->eapol == NULL) {
2177 wpa_printf(MSG_ERROR, "Failed to initialize EAPOL state "
2181 #endif /* IEEE8021X_EAPOL */
2187 static int wpa_supplicant_init_wpa(struct wpa_supplicant *wpa_s)
2189 #ifndef CONFIG_NO_WPA
2190 struct wpa_sm_ctx *ctx;
2191 ctx = os_zalloc(sizeof(*ctx));
2193 wpa_printf(MSG_ERROR, "Failed to allocate WPA context.");
2198 ctx->set_state = _wpa_supplicant_set_state;
2199 ctx->get_state = _wpa_supplicant_get_state;
2200 ctx->req_scan = _wpa_supplicant_req_scan;
2201 ctx->deauthenticate = _wpa_supplicant_deauthenticate;
2202 ctx->disassociate = _wpa_supplicant_disassociate;
2203 ctx->set_key = wpa_supplicant_set_key;
2204 ctx->scan = wpa_supplicant_scan;
2205 ctx->get_ssid = _wpa_supplicant_get_ssid;
2206 ctx->get_bssid = wpa_supplicant_get_bssid;
2207 ctx->ether_send = _wpa_ether_send;
2208 ctx->get_beacon_ie = wpa_supplicant_get_beacon_ie;
2209 ctx->alloc_eapol = _wpa_alloc_eapol;
2210 ctx->cancel_auth_timeout = _wpa_supplicant_cancel_auth_timeout;
2211 ctx->add_pmkid = wpa_supplicant_add_pmkid;
2212 ctx->remove_pmkid = wpa_supplicant_remove_pmkid;
2213 ctx->set_config_blob = wpa_supplicant_set_config_blob;
2214 ctx->get_config_blob = wpa_supplicant_get_config_blob;
2215 ctx->mlme_setprotection = wpa_supplicant_mlme_setprotection;
2217 wpa_s->wpa = wpa_sm_init(ctx);
2218 if (wpa_s->wpa == NULL) {
2219 wpa_printf(MSG_ERROR, "Failed to initialize WPA state "
2223 #endif /* CONFIG_NO_WPA */
2229 static int wpa_supplicant_init_iface2(struct wpa_supplicant *wpa_s,
2230 int wait_for_interface)
2233 struct wpa_driver_capa capa;
2235 wpa_printf(MSG_DEBUG, "Initializing interface (2) '%s'",
2238 if (wpa_supplicant_init_eapol(wpa_s) < 0)
2241 /* RSNA Supplicant Key Management - INITIALIZE */
2242 eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
2243 eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
2245 /* Initialize driver interface and register driver event handler before
2246 * L2 receive handler so that association events are processed before
2247 * EAPOL-Key packets if both become available for the same select()
2249 wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
2250 if (wpa_s->drv_priv == NULL) {
2251 wpa_printf(MSG_ERROR, "Failed to initialize driver interface");
2254 if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
2255 wpa_printf(MSG_ERROR, "Driver interface rejected "
2256 "driver_param '%s'", wpa_s->conf->driver_param);
2260 ifname = wpa_drv_get_ifname(wpa_s);
2261 if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
2262 wpa_printf(MSG_DEBUG, "Driver interface replaced interface "
2263 "name with '%s'", ifname);
2264 os_strncpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
2267 if (wpa_supplicant_init_wpa(wpa_s) < 0)
2270 wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
2271 wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
2273 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
2274 wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
2276 if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
2277 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
2278 wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
2279 wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
2280 "dot11RSNAConfigPMKLifetime");
2284 if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
2285 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
2286 wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
2287 wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
2288 "dot11RSNAConfigPMKReauthThreshold");
2292 if (wpa_s->conf->dot11RSNAConfigSATimeout &&
2293 wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
2294 wpa_s->conf->dot11RSNAConfigSATimeout)) {
2295 wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
2296 "dot11RSNAConfigSATimeout");
2300 if (wpa_supplicant_driver_init(wpa_s, wait_for_interface) < 0) {
2303 wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
2305 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
2306 if (wpa_s->ctrl_iface == NULL) {
2307 wpa_printf(MSG_ERROR,
2308 "Failed to initialize control interface '%s'.\n"
2309 "You may have another wpa_supplicant process "
2310 "already running or the file was\n"
2311 "left by an unclean termination of wpa_supplicant "
2312 "in which case you will need\n"
2313 "to manually remove this file before starting "
2314 "wpa_supplicant again.\n",
2315 wpa_s->conf->ctrl_interface);
2319 if (wpa_drv_get_capa(wpa_s, &capa) == 0 &&
2320 capa.flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME) {
2321 wpa_s->use_client_mlme = 1;
2322 if (ieee80211_sta_init(wpa_s))
2330 static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s)
2332 if (wpa_s->drv_priv) {
2333 wpa_supplicant_deauthenticate(wpa_s, REASON_DEAUTH_LEAVING);
2335 /* Backwards compatibility call to set_wpa() handler. This is
2336 * called only just after init and just before deinit, so these
2337 * handler can be used to implement same functionality. */
2338 if (wpa_drv_set_wpa(wpa_s, 0) < 0) {
2339 wpa_printf(MSG_ERROR, "Failed to disable WPA in the "
2343 wpa_drv_set_drop_unencrypted(wpa_s, 0);
2344 wpa_drv_set_countermeasures(wpa_s, 0);
2345 wpa_clear_keys(wpa_s, NULL);
2348 wpas_dbus_unregister_iface(wpa_s);
2350 wpa_supplicant_cleanup(wpa_s);
2352 if (wpa_s->drv_priv)
2353 wpa_drv_deinit(wpa_s);
2358 * wpa_supplicant_add_iface - Add a new network interface
2359 * @global: Pointer to global data from wpa_supplicant_init()
2360 * @iface: Interface configuration options
2361 * Returns: Pointer to the created interface or %NULL on failure
2363 * This function is used to add new network interfaces for %wpa_supplicant.
2364 * This can be called before wpa_supplicant_run() to add interfaces before the
2365 * main event loop has been started. In addition, new interfaces can be added
2366 * dynamically while %wpa_supplicant is already running. This could happen,
2367 * e.g., when a hotplug network adapter is inserted.
2369 struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
2370 struct wpa_interface *iface)
2372 struct wpa_supplicant *wpa_s;
2374 if (global == NULL || iface == NULL)
2377 wpa_s = wpa_supplicant_alloc();
2381 if (wpa_supplicant_init_iface(wpa_s, iface) ||
2382 wpa_supplicant_init_iface2(wpa_s,
2383 global->params.wait_for_interface)) {
2384 wpa_printf(MSG_DEBUG, "Failed to add interface %s",
2386 wpa_supplicant_deinit_iface(wpa_s);
2391 wpa_s->global = global;
2393 /* Register the interface with the dbus control interface */
2394 if (wpas_dbus_register_iface(wpa_s)) {
2395 wpa_supplicant_deinit_iface(wpa_s);
2400 wpa_s->next = global->ifaces;
2401 global->ifaces = wpa_s;
2403 wpa_printf(MSG_DEBUG, "Added interface %s", wpa_s->ifname);
2410 * wpa_supplicant_remove_iface - Remove a network interface
2411 * @global: Pointer to global data from wpa_supplicant_init()
2412 * @wpa_s: Pointer to the network interface to be removed
2413 * Returns: 0 if interface was removed, -1 if interface was not found
2415 * This function can be used to dynamically remove network interfaces from
2416 * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
2417 * addition, this function is used to remove all remaining interdaces when
2418 * %wpa_supplicant is terminated.
2420 int wpa_supplicant_remove_iface(struct wpa_global *global,
2421 struct wpa_supplicant *wpa_s)
2423 struct wpa_supplicant *prev;
2425 /* Remove interface from the global list of interfaces */
2426 prev = global->ifaces;
2427 if (prev == wpa_s) {
2428 global->ifaces = wpa_s->next;
2430 while (prev && prev->next != wpa_s)
2434 prev->next = wpa_s->next;
2437 wpa_printf(MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
2439 wpa_supplicant_deinit_iface(wpa_s);
2447 * wpa_supplicant_get_iface - Get a new network interface
2448 * @global: Pointer to global data from wpa_supplicant_init()
2449 * @ifname: Interface name
2450 * Returns: Pointer to the interface or %NULL if not found
2452 struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
2455 struct wpa_supplicant *wpa_s;
2457 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
2458 if (os_strcmp(wpa_s->ifname, ifname) == 0)
2466 * wpa_supplicant_init - Initialize %wpa_supplicant
2467 * @params: Parameters for %wpa_supplicant
2468 * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
2470 * This function is used to initialize %wpa_supplicant. After successful
2471 * initialization, the returned data pointer can be used to add and remove
2472 * network interfaces, and eventually, to deinitialize %wpa_supplicant.
2474 struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
2476 struct wpa_global *global;
2482 wpa_debug_use_file = params->wpa_debug_use_file;
2483 wpa_debug_open_file();
2485 ret = eap_peer_register_methods();
2487 wpa_printf(MSG_ERROR, "Failed to register EAP methods");
2489 wpa_printf(MSG_ERROR, "Two or more EAP methods used "
2490 "the same EAP type.");
2494 global = os_zalloc(sizeof(*global));
2497 global->params.daemonize = params->daemonize;
2498 global->params.wait_for_interface = params->wait_for_interface;
2499 global->params.wait_for_monitor = params->wait_for_monitor;
2500 global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
2501 if (params->pid_file)
2502 global->params.pid_file = os_strdup(params->pid_file);
2503 if (params->ctrl_interface)
2504 global->params.ctrl_interface =
2505 os_strdup(params->ctrl_interface);
2506 wpa_debug_level = global->params.wpa_debug_level =
2507 params->wpa_debug_level;
2508 wpa_debug_show_keys = global->params.wpa_debug_show_keys =
2509 params->wpa_debug_show_keys;
2510 wpa_debug_timestamp = global->params.wpa_debug_timestamp =
2511 params->wpa_debug_timestamp;
2512 wpa_debug_use_file = global->params.wpa_debug_use_file =
2513 params->wpa_debug_use_file;
2515 if (eloop_init(global)) {
2516 wpa_printf(MSG_ERROR, "Failed to initialize event loop");
2517 wpa_supplicant_deinit(global);
2521 global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
2522 if (global->ctrl_iface == NULL) {
2523 wpa_supplicant_deinit(global);
2527 if (global->params.dbus_ctrl_interface) {
2528 global->dbus_ctrl_iface =
2529 wpa_supplicant_dbus_ctrl_iface_init(global);
2530 if (global->dbus_ctrl_iface == NULL) {
2531 wpa_supplicant_deinit(global);
2536 if (global->params.wait_for_interface && global->params.daemonize &&
2537 wpa_supplicant_daemon(global->params.pid_file)) {
2538 wpa_supplicant_deinit(global);
2547 * wpa_supplicant_run - Run the %wpa_supplicant main event loop
2548 * @global: Pointer to global data from wpa_supplicant_init()
2549 * Returns: 0 after successful event loop run, -1 on failure
2551 * This function starts the main event loop and continues running as long as
2552 * there are any remaining events. In most cases, this function is running as
2553 * long as the %wpa_supplicant process in still in use.
2555 int wpa_supplicant_run(struct wpa_global *global)
2557 struct wpa_supplicant *wpa_s;
2559 if (!global->params.wait_for_interface && global->params.daemonize &&
2560 wpa_supplicant_daemon(global->params.pid_file))
2563 if (global->params.wait_for_monitor) {
2564 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
2565 if (wpa_s->ctrl_iface)
2566 wpa_supplicant_ctrl_iface_wait(
2570 eloop_register_signal_terminate(wpa_supplicant_terminate, NULL);
2571 eloop_register_signal_reconfig(wpa_supplicant_reconfig, NULL);
2580 * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
2581 * @global: Pointer to global data from wpa_supplicant_init()
2583 * This function is called to deinitialize %wpa_supplicant and to free all
2584 * allocated resources. Remaining network interfaces will also be removed.
2586 void wpa_supplicant_deinit(struct wpa_global *global)
2591 while (global->ifaces)
2592 wpa_supplicant_remove_iface(global, global->ifaces);
2594 if (global->ctrl_iface)
2595 wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
2596 if (global->dbus_ctrl_iface)
2597 wpa_supplicant_dbus_ctrl_iface_deinit(global->dbus_ctrl_iface);
2599 eap_peer_unregister_methods();
2603 if (global->params.pid_file) {
2604 os_daemonize_terminate(global->params.pid_file);
2605 os_free(global->params.pid_file);
2607 os_free(global->params.ctrl_interface);
2610 wpa_debug_close_file();
nant's projects / dragonfly.git / blob