Merge branch 'vendor/WPA_SUPPLICANT'
[dragonfly.git] / contrib / wpa_supplicant / wpa_supplicant / wpa_supplicant.c
1 /*
2  * WPA Supplicant
3  * Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  *
8  * This file implements functions for registering and unregistering
9  * %wpa_supplicant interfaces. In addition, this file contains number of
10  * functions for managing network connections.
11  */
12
13 #include "includes.h"
14 #ifdef CONFIG_MATCH_IFACE
15 #include <net/if.h>
16 #include <fnmatch.h>
17 #endif /* CONFIG_MATCH_IFACE */
18
19 #include "common.h"
20 #include "crypto/random.h"
21 #include "crypto/sha1.h"
22 #include "eapol_supp/eapol_supp_sm.h"
23 #include "eap_peer/eap.h"
24 #include "eap_peer/eap_proxy.h"
25 #include "eap_server/eap_methods.h"
26 #include "rsn_supp/wpa.h"
27 #include "eloop.h"
28 #include "config.h"
29 #include "utils/ext_password.h"
30 #include "l2_packet/l2_packet.h"
31 #include "wpa_supplicant_i.h"
32 #include "driver_i.h"
33 #include "ctrl_iface.h"
34 #include "pcsc_funcs.h"
35 #include "common/version.h"
36 #include "rsn_supp/preauth.h"
37 #include "rsn_supp/pmksa_cache.h"
38 #include "common/wpa_ctrl.h"
39 #include "common/ieee802_11_common.h"
40 #include "common/ieee802_11_defs.h"
41 #include "common/hw_features_common.h"
42 #include "common/gas_server.h"
43 #include "common/dpp.h"
44 #include "p2p/p2p.h"
45 #include "fst/fst.h"
46 #include "blacklist.h"
47 #include "wpas_glue.h"
48 #include "wps_supplicant.h"
49 #include "ibss_rsn.h"
50 #include "sme.h"
51 #include "gas_query.h"
52 #include "ap.h"
53 #include "p2p_supplicant.h"
54 #include "wifi_display.h"
55 #include "notify.h"
56 #include "bgscan.h"
57 #include "autoscan.h"
58 #include "bss.h"
59 #include "scan.h"
60 #include "offchannel.h"
61 #include "hs20_supplicant.h"
62 #include "wnm_sta.h"
63 #include "wpas_kay.h"
64 #include "mesh.h"
65 #include "dpp_supplicant.h"
66 #ifdef CONFIG_MESH
67 #include "ap/ap_config.h"
68 #include "ap/hostapd.h"
69 #endif /* CONFIG_MESH */
70
71 const char *const wpa_supplicant_version =
72 "wpa_supplicant v" VERSION_STR "\n"
73 "Copyright (c) 2003-2019, Jouni Malinen <j@w1.fi> and contributors";
74
75 const char *const wpa_supplicant_license =
76 "This software may be distributed under the terms of the BSD license.\n"
77 "See README for more details.\n"
78 #ifdef EAP_TLS_OPENSSL
79 "\nThis product includes software developed by the OpenSSL Project\n"
80 "for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
81 #endif /* EAP_TLS_OPENSSL */
82 ;
83
84 #ifndef CONFIG_NO_STDOUT_DEBUG
85 /* Long text divided into parts in order to fit in C89 strings size limits. */
86 const char *const wpa_supplicant_full_license1 =
87 "";
88 const char *const wpa_supplicant_full_license2 =
89 "This software may be distributed under the terms of the BSD license.\n"
90 "\n"
91 "Redistribution and use in source and binary forms, with or without\n"
92 "modification, are permitted provided that the following conditions are\n"
93 "met:\n"
94 "\n";
95 const char *const wpa_supplicant_full_license3 =
96 "1. Redistributions of source code must retain the above copyright\n"
97 "   notice, this list of conditions and the following disclaimer.\n"
98 "\n"
99 "2. Redistributions in binary form must reproduce the above copyright\n"
100 "   notice, this list of conditions and the following disclaimer in the\n"
101 "   documentation and/or other materials provided with the distribution.\n"
102 "\n";
103 const char *const wpa_supplicant_full_license4 =
104 "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
105 "   names of its contributors may be used to endorse or promote products\n"
106 "   derived from this software without specific prior written permission.\n"
107 "\n"
108 "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
109 "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
110 "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
111 "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
112 const char *const wpa_supplicant_full_license5 =
113 "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
114 "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
115 "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
116 "DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
117 "THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
118 "(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
119 "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
120 "\n";
121 #endif /* CONFIG_NO_STDOUT_DEBUG */
122
123
124 static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx, void *timeout_ctx);
125 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
126 static void wpas_update_fils_connect_params(struct wpa_supplicant *wpa_s);
127 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
128
129
130 /* Configure default/group WEP keys for static WEP */
131 int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
132 {
133         int i, set = 0;
134
135         for (i = 0; i < NUM_WEP_KEYS; i++) {
136                 if (ssid->wep_key_len[i] == 0)
137                         continue;
138
139                 set = 1;
140                 wpa_drv_set_key(wpa_s, WPA_ALG_WEP, NULL,
141                                 i, i == ssid->wep_tx_keyidx, NULL, 0,
142                                 ssid->wep_key[i], ssid->wep_key_len[i]);
143         }
144
145         return set;
146 }
147
148
149 int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
150                                     struct wpa_ssid *ssid)
151 {
152         u8 key[32];
153         size_t keylen;
154         enum wpa_alg alg;
155         u8 seq[6] = { 0 };
156         int ret;
157
158         /* IBSS/WPA-None uses only one key (Group) for both receiving and
159          * sending unicast and multicast packets. */
160
161         if (ssid->mode != WPAS_MODE_IBSS) {
162                 wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid mode %d (not "
163                         "IBSS/ad-hoc) for WPA-None", ssid->mode);
164                 return -1;
165         }
166
167         if (!ssid->psk_set) {
168                 wpa_msg(wpa_s, MSG_INFO, "WPA: No PSK configured for "
169                         "WPA-None");
170                 return -1;
171         }
172
173         switch (wpa_s->group_cipher) {
174         case WPA_CIPHER_CCMP:
175                 os_memcpy(key, ssid->psk, 16);
176                 keylen = 16;
177                 alg = WPA_ALG_CCMP;
178                 break;
179         case WPA_CIPHER_GCMP:
180                 os_memcpy(key, ssid->psk, 16);
181                 keylen = 16;
182                 alg = WPA_ALG_GCMP;
183                 break;
184         case WPA_CIPHER_TKIP:
185                 /* WPA-None uses the same Michael MIC key for both TX and RX */
186                 os_memcpy(key, ssid->psk, 16 + 8);
187                 os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
188                 keylen = 32;
189                 alg = WPA_ALG_TKIP;
190                 break;
191         default:
192                 wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid group cipher %d for "
193                         "WPA-None", wpa_s->group_cipher);
194                 return -1;
195         }
196
197         /* TODO: should actually remember the previously used seq#, both for TX
198          * and RX from each STA.. */
199
200         ret = wpa_drv_set_key(wpa_s, alg, NULL, 0, 1, seq, 6, key, keylen);
201         os_memset(key, 0, sizeof(key));
202         return ret;
203 }
204
205
206 static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
207 {
208         struct wpa_supplicant *wpa_s = eloop_ctx;
209         const u8 *bssid = wpa_s->bssid;
210         if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
211             (wpa_s->wpa_state == WPA_AUTHENTICATING ||
212              wpa_s->wpa_state == WPA_ASSOCIATING))
213                 bssid = wpa_s->pending_bssid;
214         wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
215                 MAC2STR(bssid));
216         wpa_blacklist_add(wpa_s, bssid);
217         wpa_sm_notify_disassoc(wpa_s->wpa);
218         wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
219         wpa_s->reassociate = 1;
220
221         /*
222          * If we timed out, the AP or the local radio may be busy.
223          * So, wait a second until scanning again.
224          */
225         wpa_supplicant_req_scan(wpa_s, 1, 0);
226 }
227
228
229 /**
230  * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
231  * @wpa_s: Pointer to wpa_supplicant data
232  * @sec: Number of seconds after which to time out authentication
233  * @usec: Number of microseconds after which to time out authentication
234  *
235  * This function is used to schedule a timeout for the current authentication
236  * attempt.
237  */
238 void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
239                                      int sec, int usec)
240 {
241         if (wpa_s->conf->ap_scan == 0 &&
242             (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
243                 return;
244
245         wpa_dbg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
246                 "%d usec", sec, usec);
247         eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
248         wpa_s->last_auth_timeout_sec = sec;
249         eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
250 }
251
252
253 /*
254  * wpas_auth_timeout_restart - Restart and change timeout for authentication
255  * @wpa_s: Pointer to wpa_supplicant data
256  * @sec_diff: difference in seconds applied to original timeout value
257  */
258 void wpas_auth_timeout_restart(struct wpa_supplicant *wpa_s, int sec_diff)
259 {
260         int new_sec = wpa_s->last_auth_timeout_sec + sec_diff;
261
262         if (eloop_is_timeout_registered(wpa_supplicant_timeout, wpa_s, NULL)) {
263                 wpa_dbg(wpa_s, MSG_DEBUG,
264                         "Authentication timeout restart: %d sec", new_sec);
265                 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
266                 eloop_register_timeout(new_sec, 0, wpa_supplicant_timeout,
267                                        wpa_s, NULL);
268         }
269 }
270
271
272 /**
273  * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
274  * @wpa_s: Pointer to wpa_supplicant data
275  *
276  * This function is used to cancel authentication timeout scheduled with
277  * wpa_supplicant_req_auth_timeout() and it is called when authentication has
278  * been completed.
279  */
280 void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
281 {
282         wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
283         eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
284         wpa_blacklist_del(wpa_s, wpa_s->bssid);
285         os_free(wpa_s->last_con_fail_realm);
286         wpa_s->last_con_fail_realm = NULL;
287         wpa_s->last_con_fail_realm_len = 0;
288 }
289
290
291 /**
292  * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
293  * @wpa_s: Pointer to wpa_supplicant data
294  *
295  * This function is used to configure EAPOL state machine based on the selected
296  * authentication mode.
297  */
298 void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
299 {
300 #ifdef IEEE8021X_EAPOL
301         struct eapol_config eapol_conf;
302         struct wpa_ssid *ssid = wpa_s->current_ssid;
303
304 #ifdef CONFIG_IBSS_RSN
305         if (ssid->mode == WPAS_MODE_IBSS &&
306             wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
307             wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
308                 /*
309                  * RSN IBSS authentication is per-STA and we can disable the
310                  * per-BSSID EAPOL authentication.
311                  */
312                 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
313                 eapol_sm_notify_eap_success(wpa_s->eapol, TRUE);
314                 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
315                 return;
316         }
317 #endif /* CONFIG_IBSS_RSN */
318
319         eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
320         eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
321
322         if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
323             wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
324                 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
325         else
326                 eapol_sm_notify_portControl(wpa_s->eapol, Auto);
327
328         os_memset(&eapol_conf, 0, sizeof(eapol_conf));
329         if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
330                 eapol_conf.accept_802_1x_keys = 1;
331                 eapol_conf.required_keys = 0;
332                 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
333                         eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
334                 }
335                 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
336                         eapol_conf.required_keys |=
337                                 EAPOL_REQUIRE_KEY_BROADCAST;
338                 }
339
340                 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)
341                         eapol_conf.required_keys = 0;
342         }
343         eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
344         eapol_conf.workaround = ssid->eap_workaround;
345         eapol_conf.eap_disabled =
346                 !wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) &&
347                 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
348                 wpa_s->key_mgmt != WPA_KEY_MGMT_WPS;
349         eapol_conf.external_sim = wpa_s->conf->external_sim;
350
351 #ifdef CONFIG_WPS
352         if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
353                 eapol_conf.wps |= EAPOL_LOCAL_WPS_IN_USE;
354                 if (wpa_s->current_bss) {
355                         struct wpabuf *ie;
356                         ie = wpa_bss_get_vendor_ie_multi(wpa_s->current_bss,
357                                                          WPS_IE_VENDOR_TYPE);
358                         if (ie) {
359                                 if (wps_is_20(ie))
360                                         eapol_conf.wps |=
361                                                 EAPOL_PEER_IS_WPS20_AP;
362                                 wpabuf_free(ie);
363                         }
364                 }
365         }
366 #endif /* CONFIG_WPS */
367
368         eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
369
370 #ifdef CONFIG_MACSEC
371         if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE && ssid->mka_psk_set)
372                 ieee802_1x_create_preshared_mka(wpa_s, ssid);
373         else
374                 ieee802_1x_alloc_kay_sm(wpa_s, ssid);
375 #endif /* CONFIG_MACSEC */
376 #endif /* IEEE8021X_EAPOL */
377 }
378
379
380 /**
381  * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
382  * @wpa_s: Pointer to wpa_supplicant data
383  * @ssid: Configuration data for the network
384  *
385  * This function is used to configure WPA state machine and related parameters
386  * to a mode where WPA is not enabled. This is called as part of the
387  * authentication configuration when the selected network does not use WPA.
388  */
389 void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
390                                        struct wpa_ssid *ssid)
391 {
392         int i;
393
394         if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
395                 wpa_s->key_mgmt = WPA_KEY_MGMT_WPS;
396         else if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
397                 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
398         else
399                 wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
400         wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
401         wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
402         wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
403         wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
404         wpa_s->group_cipher = WPA_CIPHER_NONE;
405         wpa_s->mgmt_group_cipher = 0;
406
407         for (i = 0; i < NUM_WEP_KEYS; i++) {
408                 if (ssid->wep_key_len[i] > 5) {
409                         wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
410                         wpa_s->group_cipher = WPA_CIPHER_WEP104;
411                         break;
412                 } else if (ssid->wep_key_len[i] > 0) {
413                         wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
414                         wpa_s->group_cipher = WPA_CIPHER_WEP40;
415                         break;
416                 }
417         }
418
419         wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 0);
420         wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
421         wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
422                          wpa_s->pairwise_cipher);
423         wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
424 #ifdef CONFIG_IEEE80211W
425         wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
426                          wpa_s->mgmt_group_cipher);
427 #endif /* CONFIG_IEEE80211W */
428
429         pmksa_cache_clear_current(wpa_s->wpa);
430 }
431
432
433 void free_hw_features(struct wpa_supplicant *wpa_s)
434 {
435         int i;
436         if (wpa_s->hw.modes == NULL)
437                 return;
438
439         for (i = 0; i < wpa_s->hw.num_modes; i++) {
440                 os_free(wpa_s->hw.modes[i].channels);
441                 os_free(wpa_s->hw.modes[i].rates);
442         }
443
444         os_free(wpa_s->hw.modes);
445         wpa_s->hw.modes = NULL;
446 }
447
448
449 void free_bss_tmp_disallowed(struct wpa_supplicant *wpa_s)
450 {
451         struct wpa_bss_tmp_disallowed *bss, *prev;
452
453         dl_list_for_each_safe(bss, prev, &wpa_s->bss_tmp_disallowed,
454                               struct wpa_bss_tmp_disallowed, list) {
455                 eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout, wpa_s, bss);
456                 dl_list_del(&bss->list);
457                 os_free(bss);
458         }
459 }
460
461
462 void wpas_flush_fils_hlp_req(struct wpa_supplicant *wpa_s)
463 {
464         struct fils_hlp_req *req;
465
466         while ((req = dl_list_first(&wpa_s->fils_hlp_req, struct fils_hlp_req,
467                                     list)) != NULL) {
468                 dl_list_del(&req->list);
469                 wpabuf_free(req->pkt);
470                 os_free(req);
471         }
472 }
473
474
475 static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
476 {
477         int i;
478
479         bgscan_deinit(wpa_s);
480         autoscan_deinit(wpa_s);
481         scard_deinit(wpa_s->scard);
482         wpa_s->scard = NULL;
483         wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
484         eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
485         l2_packet_deinit(wpa_s->l2);
486         wpa_s->l2 = NULL;
487         if (wpa_s->l2_br) {
488                 l2_packet_deinit(wpa_s->l2_br);
489                 wpa_s->l2_br = NULL;
490         }
491 #ifdef CONFIG_TESTING_OPTIONS
492         l2_packet_deinit(wpa_s->l2_test);
493         wpa_s->l2_test = NULL;
494         os_free(wpa_s->get_pref_freq_list_override);
495         wpa_s->get_pref_freq_list_override = NULL;
496         wpabuf_free(wpa_s->last_assoc_req_wpa_ie);
497         wpa_s->last_assoc_req_wpa_ie = NULL;
498 #endif /* CONFIG_TESTING_OPTIONS */
499
500         if (wpa_s->conf != NULL) {
501                 struct wpa_ssid *ssid;
502                 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
503                         wpas_notify_network_removed(wpa_s, ssid);
504         }
505
506         os_free(wpa_s->confname);
507         wpa_s->confname = NULL;
508
509         os_free(wpa_s->confanother);
510         wpa_s->confanother = NULL;
511
512         os_free(wpa_s->last_con_fail_realm);
513         wpa_s->last_con_fail_realm = NULL;
514         wpa_s->last_con_fail_realm_len = 0;
515
516         wpa_sm_set_eapol(wpa_s->wpa, NULL);
517         eapol_sm_deinit(wpa_s->eapol);
518         wpa_s->eapol = NULL;
519
520         rsn_preauth_deinit(wpa_s->wpa);
521
522 #ifdef CONFIG_TDLS
523         wpa_tdls_deinit(wpa_s->wpa);
524 #endif /* CONFIG_TDLS */
525
526         wmm_ac_clear_saved_tspecs(wpa_s);
527         pmksa_candidate_free(wpa_s->wpa);
528         wpa_sm_deinit(wpa_s->wpa);
529         wpa_s->wpa = NULL;
530         wpa_blacklist_clear(wpa_s);
531
532         wpa_bss_deinit(wpa_s);
533
534         wpa_supplicant_cancel_delayed_sched_scan(wpa_s);
535         wpa_supplicant_cancel_scan(wpa_s);
536         wpa_supplicant_cancel_auth_timeout(wpa_s);
537         eloop_cancel_timeout(wpa_supplicant_stop_countermeasures, wpa_s, NULL);
538 #ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
539         eloop_cancel_timeout(wpa_supplicant_delayed_mic_error_report,
540                              wpa_s, NULL);
541 #endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
542
543         eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
544
545         wpas_wps_deinit(wpa_s);
546
547         wpabuf_free(wpa_s->pending_eapol_rx);
548         wpa_s->pending_eapol_rx = NULL;
549
550 #ifdef CONFIG_IBSS_RSN
551         ibss_rsn_deinit(wpa_s->ibss_rsn);
552         wpa_s->ibss_rsn = NULL;
553 #endif /* CONFIG_IBSS_RSN */
554
555         sme_deinit(wpa_s);
556
557 #ifdef CONFIG_AP
558         wpa_supplicant_ap_deinit(wpa_s);
559 #endif /* CONFIG_AP */
560
561         wpas_p2p_deinit(wpa_s);
562
563 #ifdef CONFIG_OFFCHANNEL
564         offchannel_deinit(wpa_s);
565 #endif /* CONFIG_OFFCHANNEL */
566
567         wpa_supplicant_cancel_sched_scan(wpa_s);
568
569         os_free(wpa_s->next_scan_freqs);
570         wpa_s->next_scan_freqs = NULL;
571
572         os_free(wpa_s->manual_scan_freqs);
573         wpa_s->manual_scan_freqs = NULL;
574         os_free(wpa_s->select_network_scan_freqs);
575         wpa_s->select_network_scan_freqs = NULL;
576
577         os_free(wpa_s->manual_sched_scan_freqs);
578         wpa_s->manual_sched_scan_freqs = NULL;
579
580         wpas_mac_addr_rand_scan_clear(wpa_s, MAC_ADDR_RAND_ALL);
581
582         /*
583          * Need to remove any pending gas-query radio work before the
584          * gas_query_deinit() call because gas_query::work has not yet been set
585          * for works that have not been started. gas_query_free() will be unable
586          * to cancel such pending radio works and once the pending gas-query
587          * radio work eventually gets removed, the deinit notification call to
588          * gas_query_start_cb() would result in dereferencing freed memory.
589          */
590         if (wpa_s->radio)
591                 radio_remove_works(wpa_s, "gas-query", 0);
592         gas_query_deinit(wpa_s->gas);
593         wpa_s->gas = NULL;
594         gas_server_deinit(wpa_s->gas_server);
595         wpa_s->gas_server = NULL;
596
597         free_hw_features(wpa_s);
598
599         ieee802_1x_dealloc_kay_sm(wpa_s);
600
601         os_free(wpa_s->bssid_filter);
602         wpa_s->bssid_filter = NULL;
603
604         os_free(wpa_s->disallow_aps_bssid);
605         wpa_s->disallow_aps_bssid = NULL;
606         os_free(wpa_s->disallow_aps_ssid);
607         wpa_s->disallow_aps_ssid = NULL;
608
609         wnm_bss_keep_alive_deinit(wpa_s);
610 #ifdef CONFIG_WNM
611         wnm_deallocate_memory(wpa_s);
612 #endif /* CONFIG_WNM */
613
614         ext_password_deinit(wpa_s->ext_pw);
615         wpa_s->ext_pw = NULL;
616
617         wpabuf_free(wpa_s->last_gas_resp);
618         wpa_s->last_gas_resp = NULL;
619         wpabuf_free(wpa_s->prev_gas_resp);
620         wpa_s->prev_gas_resp = NULL;
621
622         os_free(wpa_s->last_scan_res);
623         wpa_s->last_scan_res = NULL;
624
625 #ifdef CONFIG_HS20
626         if (wpa_s->drv_priv)
627                 wpa_drv_configure_frame_filters(wpa_s, 0);
628         hs20_deinit(wpa_s);
629 #endif /* CONFIG_HS20 */
630
631         for (i = 0; i < NUM_VENDOR_ELEM_FRAMES; i++) {
632                 wpabuf_free(wpa_s->vendor_elem[i]);
633                 wpa_s->vendor_elem[i] = NULL;
634         }
635
636         wmm_ac_notify_disassoc(wpa_s);
637
638         wpa_s->sched_scan_plans_num = 0;
639         os_free(wpa_s->sched_scan_plans);
640         wpa_s->sched_scan_plans = NULL;
641
642 #ifdef CONFIG_MBO
643         wpa_s->non_pref_chan_num = 0;
644         os_free(wpa_s->non_pref_chan);
645         wpa_s->non_pref_chan = NULL;
646 #endif /* CONFIG_MBO */
647
648         free_bss_tmp_disallowed(wpa_s);
649
650         wpabuf_free(wpa_s->lci);
651         wpa_s->lci = NULL;
652         wpas_clear_beacon_rep_data(wpa_s);
653
654 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
655 #ifdef CONFIG_MESH
656         {
657                 struct external_pmksa_cache *entry;
658
659                 while ((entry = dl_list_last(&wpa_s->mesh_external_pmksa_cache,
660                                              struct external_pmksa_cache,
661                                              list)) != NULL) {
662                         dl_list_del(&entry->list);
663                         os_free(entry->pmksa_cache);
664                         os_free(entry);
665                 }
666         }
667 #endif /* CONFIG_MESH */
668 #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
669
670         wpas_flush_fils_hlp_req(wpa_s);
671
672         wpabuf_free(wpa_s->ric_ies);
673         wpa_s->ric_ies = NULL;
674
675 #ifdef CONFIG_DPP
676         wpas_dpp_deinit(wpa_s);
677         dpp_global_deinit(wpa_s->dpp);
678         wpa_s->dpp = NULL;
679 #endif /* CONFIG_DPP */
680 }
681
682
683 /**
684  * wpa_clear_keys - Clear keys configured for the driver
685  * @wpa_s: Pointer to wpa_supplicant data
686  * @addr: Previously used BSSID or %NULL if not available
687  *
688  * This function clears the encryption keys that has been previously configured
689  * for the driver.
690  */
691 void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
692 {
693         int i, max;
694
695 #ifdef CONFIG_IEEE80211W
696         max = 6;
697 #else /* CONFIG_IEEE80211W */
698         max = 4;
699 #endif /* CONFIG_IEEE80211W */
700
701         /* MLME-DELETEKEYS.request */
702         for (i = 0; i < max; i++) {
703                 if (wpa_s->keys_cleared & BIT(i))
704                         continue;
705                 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, NULL, i, 0, NULL, 0,
706                                 NULL, 0);
707         }
708         if (!(wpa_s->keys_cleared & BIT(0)) && addr &&
709             !is_zero_ether_addr(addr)) {
710                 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
711                                 0);
712                 /* MLME-SETPROTECTION.request(None) */
713                 wpa_drv_mlme_setprotection(
714                         wpa_s, addr,
715                         MLME_SETPROTECTION_PROTECT_TYPE_NONE,
716                         MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
717         }
718         wpa_s->keys_cleared = (u32) -1;
719 }
720
721
722 /**
723  * wpa_supplicant_state_txt - Get the connection state name as a text string
724  * @state: State (wpa_state; WPA_*)
725  * Returns: The state name as a printable text string
726  */
727 const char * wpa_supplicant_state_txt(enum wpa_states state)
728 {
729         switch (state) {
730         case WPA_DISCONNECTED:
731                 return "DISCONNECTED";
732         case WPA_INACTIVE:
733                 return "INACTIVE";
734         case WPA_INTERFACE_DISABLED:
735                 return "INTERFACE_DISABLED";
736         case WPA_SCANNING:
737                 return "SCANNING";
738         case WPA_AUTHENTICATING:
739                 return "AUTHENTICATING";
740         case WPA_ASSOCIATING:
741                 return "ASSOCIATING";
742         case WPA_ASSOCIATED:
743                 return "ASSOCIATED";
744         case WPA_4WAY_HANDSHAKE:
745                 return "4WAY_HANDSHAKE";
746         case WPA_GROUP_HANDSHAKE:
747                 return "GROUP_HANDSHAKE";
748         case WPA_COMPLETED:
749                 return "COMPLETED";
750         default:
751                 return "UNKNOWN";
752         }
753 }
754
755
756 #ifdef CONFIG_BGSCAN
757
758 static void wpa_supplicant_start_bgscan(struct wpa_supplicant *wpa_s)
759 {
760         const char *name;
761
762         if (wpa_s->current_ssid && wpa_s->current_ssid->bgscan)
763                 name = wpa_s->current_ssid->bgscan;
764         else
765                 name = wpa_s->conf->bgscan;
766         if (name == NULL || name[0] == '\0')
767                 return;
768         if (wpas_driver_bss_selection(wpa_s))
769                 return;
770         if (wpa_s->current_ssid == wpa_s->bgscan_ssid)
771                 return;
772 #ifdef CONFIG_P2P
773         if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE)
774                 return;
775 #endif /* CONFIG_P2P */
776
777         bgscan_deinit(wpa_s);
778         if (wpa_s->current_ssid) {
779                 if (bgscan_init(wpa_s, wpa_s->current_ssid, name)) {
780                         wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
781                                 "bgscan");
782                         /*
783                          * Live without bgscan; it is only used as a roaming
784                          * optimization, so the initial connection is not
785                          * affected.
786                          */
787                 } else {
788                         struct wpa_scan_results *scan_res;
789                         wpa_s->bgscan_ssid = wpa_s->current_ssid;
790                         scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL,
791                                                                    0);
792                         if (scan_res) {
793                                 bgscan_notify_scan(wpa_s, scan_res);
794                                 wpa_scan_results_free(scan_res);
795                         }
796                 }
797         } else
798                 wpa_s->bgscan_ssid = NULL;
799 }
800
801
802 static void wpa_supplicant_stop_bgscan(struct wpa_supplicant *wpa_s)
803 {
804         if (wpa_s->bgscan_ssid != NULL) {
805                 bgscan_deinit(wpa_s);
806                 wpa_s->bgscan_ssid = NULL;
807         }
808 }
809
810 #endif /* CONFIG_BGSCAN */
811
812
813 static void wpa_supplicant_start_autoscan(struct wpa_supplicant *wpa_s)
814 {
815         if (autoscan_init(wpa_s, 0))
816                 wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize autoscan");
817 }
818
819
820 static void wpa_supplicant_stop_autoscan(struct wpa_supplicant *wpa_s)
821 {
822         autoscan_deinit(wpa_s);
823 }
824
825
826 void wpa_supplicant_reinit_autoscan(struct wpa_supplicant *wpa_s)
827 {
828         if (wpa_s->wpa_state == WPA_DISCONNECTED ||
829             wpa_s->wpa_state == WPA_SCANNING) {
830                 autoscan_deinit(wpa_s);
831                 wpa_supplicant_start_autoscan(wpa_s);
832         }
833 }
834
835
836 /**
837  * wpa_supplicant_set_state - Set current connection state
838  * @wpa_s: Pointer to wpa_supplicant data
839  * @state: The new connection state
840  *
841  * This function is called whenever the connection state changes, e.g.,
842  * association is completed for WPA/WPA2 4-Way Handshake is started.
843  */
844 void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s,
845                               enum wpa_states state)
846 {
847         enum wpa_states old_state = wpa_s->wpa_state;
848
849         wpa_dbg(wpa_s, MSG_DEBUG, "State: %s -> %s",
850                 wpa_supplicant_state_txt(wpa_s->wpa_state),
851                 wpa_supplicant_state_txt(state));
852
853         if (state == WPA_COMPLETED &&
854             os_reltime_initialized(&wpa_s->roam_start)) {
855                 os_reltime_age(&wpa_s->roam_start, &wpa_s->roam_time);
856                 wpa_s->roam_start.sec = 0;
857                 wpa_s->roam_start.usec = 0;
858                 wpas_notify_auth_changed(wpa_s);
859                 wpas_notify_roam_time(wpa_s);
860                 wpas_notify_roam_complete(wpa_s);
861         } else if (state == WPA_DISCONNECTED &&
862                    os_reltime_initialized(&wpa_s->roam_start)) {
863                 wpa_s->roam_start.sec = 0;
864                 wpa_s->roam_start.usec = 0;
865                 wpa_s->roam_time.sec = 0;
866                 wpa_s->roam_time.usec = 0;
867                 wpas_notify_roam_complete(wpa_s);
868         }
869
870         if (state == WPA_INTERFACE_DISABLED) {
871                 /* Assure normal scan when interface is restored */
872                 wpa_s->normal_scans = 0;
873         }
874
875         if (state == WPA_COMPLETED) {
876                 wpas_connect_work_done(wpa_s);
877                 /* Reinitialize normal_scan counter */
878                 wpa_s->normal_scans = 0;
879         }
880
881 #ifdef CONFIG_P2P
882         /*
883          * P2PS client has to reply to Probe Request frames received on the
884          * group operating channel. Enable Probe Request frame reporting for
885          * P2P connected client in case p2p_cli_probe configuration property is
886          * set to 1.
887          */
888         if (wpa_s->conf->p2p_cli_probe && wpa_s->current_ssid &&
889             wpa_s->current_ssid->mode == WPAS_MODE_INFRA &&
890             wpa_s->current_ssid->p2p_group) {
891                 if (state == WPA_COMPLETED && !wpa_s->p2p_cli_probe) {
892                         wpa_dbg(wpa_s, MSG_DEBUG,
893                                 "P2P: Enable CLI Probe Request RX reporting");
894                         wpa_s->p2p_cli_probe =
895                                 wpa_drv_probe_req_report(wpa_s, 1) >= 0;
896                 } else if (state != WPA_COMPLETED && wpa_s->p2p_cli_probe) {
897                         wpa_dbg(wpa_s, MSG_DEBUG,
898                                 "P2P: Disable CLI Probe Request RX reporting");
899                         wpa_s->p2p_cli_probe = 0;
900                         wpa_drv_probe_req_report(wpa_s, 0);
901                 }
902         }
903 #endif /* CONFIG_P2P */
904
905         if (state != WPA_SCANNING)
906                 wpa_supplicant_notify_scanning(wpa_s, 0);
907
908         if (state == WPA_COMPLETED && wpa_s->new_connection) {
909                 struct wpa_ssid *ssid = wpa_s->current_ssid;
910                 int fils_hlp_sent = 0;
911
912 #ifdef CONFIG_SME
913                 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
914                     wpa_auth_alg_fils(wpa_s->sme.auth_alg))
915                         fils_hlp_sent = 1;
916 #endif /* CONFIG_SME */
917                 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
918                     wpa_auth_alg_fils(wpa_s->auth_alg))
919                         fils_hlp_sent = 1;
920
921 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
922                 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
923                         MACSTR " completed [id=%d id_str=%s%s]",
924                         MAC2STR(wpa_s->bssid),
925                         ssid ? ssid->id : -1,
926                         ssid && ssid->id_str ? ssid->id_str : "",
927                         fils_hlp_sent ? " FILS_HLP_SENT" : "");
928 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
929                 wpas_clear_temp_disabled(wpa_s, ssid, 1);
930                 wpa_blacklist_clear(wpa_s);
931                 wpa_s->extra_blacklist_count = 0;
932                 wpa_s->new_connection = 0;
933                 wpa_drv_set_operstate(wpa_s, 1);
934 #ifndef IEEE8021X_EAPOL
935                 wpa_drv_set_supp_port(wpa_s, 1);
936 #endif /* IEEE8021X_EAPOL */
937                 wpa_s->after_wps = 0;
938                 wpa_s->known_wps_freq = 0;
939                 wpas_p2p_completed(wpa_s);
940
941                 sme_sched_obss_scan(wpa_s, 1);
942
943 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
944                 if (!fils_hlp_sent && ssid && ssid->eap.erp)
945                         wpas_update_fils_connect_params(wpa_s);
946 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
947         } else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
948                    state == WPA_ASSOCIATED) {
949                 wpa_s->new_connection = 1;
950                 wpa_drv_set_operstate(wpa_s, 0);
951 #ifndef IEEE8021X_EAPOL
952                 wpa_drv_set_supp_port(wpa_s, 0);
953 #endif /* IEEE8021X_EAPOL */
954                 sme_sched_obss_scan(wpa_s, 0);
955         }
956         wpa_s->wpa_state = state;
957
958 #ifdef CONFIG_BGSCAN
959         if (state == WPA_COMPLETED)
960                 wpa_supplicant_start_bgscan(wpa_s);
961         else if (state < WPA_ASSOCIATED)
962                 wpa_supplicant_stop_bgscan(wpa_s);
963 #endif /* CONFIG_BGSCAN */
964
965         if (state > WPA_SCANNING)
966                 wpa_supplicant_stop_autoscan(wpa_s);
967
968         if (state == WPA_DISCONNECTED || state == WPA_INACTIVE)
969                 wpa_supplicant_start_autoscan(wpa_s);
970
971         if (old_state >= WPA_ASSOCIATED && wpa_s->wpa_state < WPA_ASSOCIATED)
972                 wmm_ac_notify_disassoc(wpa_s);
973
974         if (wpa_s->wpa_state != old_state) {
975                 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
976
977                 /*
978                  * Notify the P2P Device interface about a state change in one
979                  * of the interfaces.
980                  */
981                 wpas_p2p_indicate_state_change(wpa_s);
982
983                 if (wpa_s->wpa_state == WPA_COMPLETED ||
984                     old_state == WPA_COMPLETED)
985                         wpas_notify_auth_changed(wpa_s);
986         }
987 }
988
989
990 void wpa_supplicant_terminate_proc(struct wpa_global *global)
991 {
992         int pending = 0;
993 #ifdef CONFIG_WPS
994         struct wpa_supplicant *wpa_s = global->ifaces;
995         while (wpa_s) {
996                 struct wpa_supplicant *next = wpa_s->next;
997                 if (wpas_wps_terminate_pending(wpa_s) == 1)
998                         pending = 1;
999 #ifdef CONFIG_P2P
1000                 if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE ||
1001                     (wpa_s->current_ssid && wpa_s->current_ssid->p2p_group))
1002                         wpas_p2p_disconnect(wpa_s);
1003 #endif /* CONFIG_P2P */
1004                 wpa_s = next;
1005         }
1006 #endif /* CONFIG_WPS */
1007         if (pending)
1008                 return;
1009         eloop_terminate();
1010 }
1011
1012
1013 static void wpa_supplicant_terminate(int sig, void *signal_ctx)
1014 {
1015         struct wpa_global *global = signal_ctx;
1016         wpa_supplicant_terminate_proc(global);
1017 }
1018
1019
1020 void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
1021 {
1022         enum wpa_states old_state = wpa_s->wpa_state;
1023
1024         wpa_s->pairwise_cipher = 0;
1025         wpa_s->group_cipher = 0;
1026         wpa_s->mgmt_group_cipher = 0;
1027         wpa_s->key_mgmt = 0;
1028         if (wpa_s->wpa_state != WPA_INTERFACE_DISABLED)
1029                 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
1030
1031         if (wpa_s->wpa_state != old_state)
1032                 wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
1033 }
1034
1035
1036 /**
1037  * wpa_supplicant_reload_configuration - Reload configuration data
1038  * @wpa_s: Pointer to wpa_supplicant data
1039  * Returns: 0 on success or -1 if configuration parsing failed
1040  *
1041  * This function can be used to request that the configuration data is reloaded
1042  * (e.g., after configuration file change). This function is reloading
1043  * configuration only for one interface, so this may need to be called multiple
1044  * times if %wpa_supplicant is controlling multiple interfaces and all
1045  * interfaces need reconfiguration.
1046  */
1047 int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
1048 {
1049         struct wpa_config *conf;
1050         int reconf_ctrl;
1051         int old_ap_scan;
1052
1053         if (wpa_s->confname == NULL)
1054                 return -1;
1055         conf = wpa_config_read(wpa_s->confname, NULL);
1056         if (conf == NULL) {
1057                 wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
1058                         "file '%s' - exiting", wpa_s->confname);
1059                 return -1;
1060         }
1061         if (wpa_s->confanother &&
1062             !wpa_config_read(wpa_s->confanother, conf)) {
1063                 wpa_msg(wpa_s, MSG_ERROR,
1064                         "Failed to parse the configuration file '%s' - exiting",
1065                         wpa_s->confanother);
1066                 return -1;
1067         }
1068
1069         conf->changed_parameters = (unsigned int) -1;
1070
1071         reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
1072                 || (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
1073                     os_strcmp(conf->ctrl_interface,
1074                               wpa_s->conf->ctrl_interface) != 0);
1075
1076         if (reconf_ctrl && wpa_s->ctrl_iface) {
1077                 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
1078                 wpa_s->ctrl_iface = NULL;
1079         }
1080
1081         eapol_sm_invalidate_cached_session(wpa_s->eapol);
1082         if (wpa_s->current_ssid) {
1083                 if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
1084                         wpa_s->own_disconnect_req = 1;
1085                 wpa_supplicant_deauthenticate(wpa_s,
1086                                               WLAN_REASON_DEAUTH_LEAVING);
1087         }
1088
1089         /*
1090          * TODO: should notify EAPOL SM about changes in opensc_engine_path,
1091          * pkcs11_engine_path, pkcs11_module_path, openssl_ciphers.
1092          */
1093         if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
1094             wpa_s->key_mgmt == WPA_KEY_MGMT_OWE ||
1095             wpa_s->key_mgmt == WPA_KEY_MGMT_DPP) {
1096                 /*
1097                  * Clear forced success to clear EAP state for next
1098                  * authentication.
1099                  */
1100                 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
1101         }
1102         eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1103         wpa_sm_set_config(wpa_s->wpa, NULL);
1104         wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
1105         wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
1106         rsn_preauth_deinit(wpa_s->wpa);
1107
1108         old_ap_scan = wpa_s->conf->ap_scan;
1109         wpa_config_free(wpa_s->conf);
1110         wpa_s->conf = conf;
1111         if (old_ap_scan != wpa_s->conf->ap_scan)
1112                 wpas_notify_ap_scan_changed(wpa_s);
1113
1114         if (reconf_ctrl)
1115                 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
1116
1117         wpa_supplicant_update_config(wpa_s);
1118
1119         wpa_supplicant_clear_status(wpa_s);
1120         if (wpa_supplicant_enabled_networks(wpa_s)) {
1121                 wpa_s->reassociate = 1;
1122                 wpa_supplicant_req_scan(wpa_s, 0, 0);
1123         }
1124         wpa_dbg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
1125         return 0;
1126 }
1127
1128
1129 static void wpa_supplicant_reconfig(int sig, void *signal_ctx)
1130 {
1131         struct wpa_global *global = signal_ctx;
1132         struct wpa_supplicant *wpa_s;
1133         for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
1134                 wpa_dbg(wpa_s, MSG_DEBUG, "Signal %d received - reconfiguring",
1135                         sig);
1136                 if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
1137                         wpa_supplicant_terminate_proc(global);
1138                 }
1139         }
1140
1141         if (wpa_debug_reopen_file() < 0) {
1142                 /* Ignore errors since we cannot really do much to fix this */
1143                 wpa_printf(MSG_DEBUG, "Could not reopen debug log file");
1144         }
1145 }
1146
1147
1148 static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
1149                                          struct wpa_ssid *ssid,
1150                                          struct wpa_ie_data *ie)
1151 {
1152         int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
1153         if (ret) {
1154                 if (ret == -2) {
1155                         wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
1156                                 "from association info");
1157                 }
1158                 return -1;
1159         }
1160
1161         wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set "
1162                 "cipher suites");
1163         if (!(ie->group_cipher & ssid->group_cipher)) {
1164                 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
1165                         "cipher 0x%x (mask 0x%x) - reject",
1166                         ie->group_cipher, ssid->group_cipher);
1167                 return -1;
1168         }
1169         if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
1170                 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
1171                         "cipher 0x%x (mask 0x%x) - reject",
1172                         ie->pairwise_cipher, ssid->pairwise_cipher);
1173                 return -1;
1174         }
1175         if (!(ie->key_mgmt & ssid->key_mgmt)) {
1176                 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
1177                         "management 0x%x (mask 0x%x) - reject",
1178                         ie->key_mgmt, ssid->key_mgmt);
1179                 return -1;
1180         }
1181
1182 #ifdef CONFIG_IEEE80211W
1183         if (!(ie->capabilities & WPA_CAPABILITY_MFPC) &&
1184             wpas_get_ssid_pmf(wpa_s, ssid) == MGMT_FRAME_PROTECTION_REQUIRED) {
1185                 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
1186                         "that does not support management frame protection - "
1187                         "reject");
1188                 return -1;
1189         }
1190 #endif /* CONFIG_IEEE80211W */
1191
1192         return 0;
1193 }
1194
1195
1196 static int matching_ciphers(struct wpa_ssid *ssid, struct wpa_ie_data *ie,
1197                             int freq)
1198 {
1199         if (!ie->has_group)
1200                 ie->group_cipher = wpa_default_rsn_cipher(freq);
1201         if (!ie->has_pairwise)
1202                 ie->pairwise_cipher = wpa_default_rsn_cipher(freq);
1203         return (ie->group_cipher & ssid->group_cipher) &&
1204                 (ie->pairwise_cipher & ssid->pairwise_cipher);
1205 }
1206
1207
1208 /**
1209  * wpa_supplicant_set_suites - Set authentication and encryption parameters
1210  * @wpa_s: Pointer to wpa_supplicant data
1211  * @bss: Scan results for the selected BSS, or %NULL if not available
1212  * @ssid: Configuration data for the selected network
1213  * @wpa_ie: Buffer for the WPA/RSN IE
1214  * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
1215  * used buffer length in case the functions returns success.
1216  * Returns: 0 on success or -1 on failure
1217  *
1218  * This function is used to configure authentication and encryption parameters
1219  * based on the network configuration and scan result for the selected BSS (if
1220  * available).
1221  */
1222 int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
1223                               struct wpa_bss *bss, struct wpa_ssid *ssid,
1224                               u8 *wpa_ie, size_t *wpa_ie_len)
1225 {
1226         struct wpa_ie_data ie;
1227         int sel, proto;
1228         const u8 *bss_wpa, *bss_rsn, *bss_osen;
1229
1230         if (bss) {
1231                 bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
1232                 bss_rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
1233                 bss_osen = wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE);
1234         } else
1235                 bss_wpa = bss_rsn = bss_osen = NULL;
1236
1237         if (bss_rsn && (ssid->proto & WPA_PROTO_RSN) &&
1238             wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
1239             matching_ciphers(ssid, &ie, bss->freq) &&
1240             (ie.key_mgmt & ssid->key_mgmt)) {
1241                 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
1242                 proto = WPA_PROTO_RSN;
1243         } else if (bss_wpa && (ssid->proto & WPA_PROTO_WPA) &&
1244                    wpa_parse_wpa_ie(bss_wpa, 2 + bss_wpa[1], &ie) == 0 &&
1245                    (ie.group_cipher & ssid->group_cipher) &&
1246                    (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1247                    (ie.key_mgmt & ssid->key_mgmt)) {
1248                 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
1249                 proto = WPA_PROTO_WPA;
1250 #ifdef CONFIG_HS20
1251         } else if (bss_osen && (ssid->proto & WPA_PROTO_OSEN) &&
1252                    wpa_parse_wpa_ie(bss_osen, 2 + bss_osen[1], &ie) == 0 &&
1253                    (ie.group_cipher & ssid->group_cipher) &&
1254                    (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1255                    (ie.key_mgmt & ssid->key_mgmt)) {
1256                 wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: using OSEN");
1257                 proto = WPA_PROTO_OSEN;
1258         } else if (bss_rsn && (ssid->proto & WPA_PROTO_OSEN) &&
1259             wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
1260             (ie.group_cipher & ssid->group_cipher) &&
1261             (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1262             (ie.key_mgmt & ssid->key_mgmt)) {
1263                 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using OSEN (within RSN)");
1264                 proto = WPA_PROTO_RSN;
1265 #endif /* CONFIG_HS20 */
1266         } else if (bss) {
1267                 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
1268                 wpa_dbg(wpa_s, MSG_DEBUG,
1269                         "WPA: ssid proto=0x%x pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1270                         ssid->proto, ssid->pairwise_cipher, ssid->group_cipher,
1271                         ssid->key_mgmt);
1272                 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: BSS " MACSTR " ssid='%s'%s%s%s",
1273                         MAC2STR(bss->bssid),
1274                         wpa_ssid_txt(bss->ssid, bss->ssid_len),
1275                         bss_wpa ? " WPA" : "",
1276                         bss_rsn ? " RSN" : "",
1277                         bss_osen ? " OSEN" : "");
1278                 if (bss_rsn) {
1279                         wpa_hexdump(MSG_DEBUG, "RSN", bss_rsn, 2 + bss_rsn[1]);
1280                         if (wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie)) {
1281                                 wpa_dbg(wpa_s, MSG_DEBUG,
1282                                         "Could not parse RSN element");
1283                         } else {
1284                                 wpa_dbg(wpa_s, MSG_DEBUG,
1285                                         "RSN: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1286                                         ie.pairwise_cipher, ie.group_cipher,
1287                                         ie.key_mgmt);
1288                         }
1289                 }
1290                 if (bss_wpa) {
1291                         wpa_hexdump(MSG_DEBUG, "WPA", bss_wpa, 2 + bss_wpa[1]);
1292                         if (wpa_parse_wpa_ie(bss_wpa, 2 + bss_wpa[1], &ie)) {
1293                                 wpa_dbg(wpa_s, MSG_DEBUG,
1294                                         "Could not parse WPA element");
1295                         } else {
1296                                 wpa_dbg(wpa_s, MSG_DEBUG,
1297                                         "WPA: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1298                                         ie.pairwise_cipher, ie.group_cipher,
1299                                         ie.key_mgmt);
1300                         }
1301                 }
1302                 return -1;
1303         } else {
1304                 if (ssid->proto & WPA_PROTO_OSEN)
1305                         proto = WPA_PROTO_OSEN;
1306                 else if (ssid->proto & WPA_PROTO_RSN)
1307                         proto = WPA_PROTO_RSN;
1308                 else
1309                         proto = WPA_PROTO_WPA;
1310                 if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
1311                         os_memset(&ie, 0, sizeof(ie));
1312                         ie.group_cipher = ssid->group_cipher;
1313                         ie.pairwise_cipher = ssid->pairwise_cipher;
1314                         ie.key_mgmt = ssid->key_mgmt;
1315 #ifdef CONFIG_IEEE80211W
1316                         ie.mgmt_group_cipher = 0;
1317                         if (ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
1318                                 if (ssid->group_mgmt_cipher &
1319                                     WPA_CIPHER_BIP_GMAC_256)
1320                                         ie.mgmt_group_cipher =
1321                                                 WPA_CIPHER_BIP_GMAC_256;
1322                                 else if (ssid->group_mgmt_cipher &
1323                                          WPA_CIPHER_BIP_CMAC_256)
1324                                         ie.mgmt_group_cipher =
1325                                                 WPA_CIPHER_BIP_CMAC_256;
1326                                 else if (ssid->group_mgmt_cipher &
1327                                          WPA_CIPHER_BIP_GMAC_128)
1328                                         ie.mgmt_group_cipher =
1329                                                 WPA_CIPHER_BIP_GMAC_128;
1330                                 else
1331                                         ie.mgmt_group_cipher =
1332                                                 WPA_CIPHER_AES_128_CMAC;
1333                         }
1334 #endif /* CONFIG_IEEE80211W */
1335 #ifdef CONFIG_OWE
1336                         if ((ssid->key_mgmt & WPA_KEY_MGMT_OWE) &&
1337                             !ssid->owe_only &&
1338                             !bss_wpa && !bss_rsn && !bss_osen) {
1339                                 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1340                                 wpa_s->wpa_proto = 0;
1341                                 *wpa_ie_len = 0;
1342                                 return 0;
1343                         }
1344 #endif /* CONFIG_OWE */
1345                         wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Set cipher suites "
1346                                 "based on configuration");
1347                 } else
1348                         proto = ie.proto;
1349         }
1350
1351         wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected cipher suites: group %d "
1352                 "pairwise %d key_mgmt %d proto %d",
1353                 ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
1354 #ifdef CONFIG_IEEE80211W
1355         if (ssid->ieee80211w) {
1356                 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
1357                         ie.mgmt_group_cipher);
1358         }
1359 #endif /* CONFIG_IEEE80211W */
1360
1361         wpa_s->wpa_proto = proto;
1362         wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
1363         wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
1364                          !!(ssid->proto & (WPA_PROTO_RSN | WPA_PROTO_OSEN)));
1365
1366         if (bss || !wpa_s->ap_ies_from_associnfo) {
1367                 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
1368                                          bss_wpa ? 2 + bss_wpa[1] : 0) ||
1369                     wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
1370                                          bss_rsn ? 2 + bss_rsn[1] : 0))
1371                         return -1;
1372         }
1373
1374 #ifdef CONFIG_NO_WPA
1375         wpa_s->group_cipher = WPA_CIPHER_NONE;
1376         wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
1377 #else /* CONFIG_NO_WPA */
1378         sel = ie.group_cipher & ssid->group_cipher;
1379         wpa_dbg(wpa_s, MSG_DEBUG,
1380                 "WPA: AP group 0x%x network profile group 0x%x; available group 0x%x",
1381                 ie.group_cipher, ssid->group_cipher, sel);
1382         wpa_s->group_cipher = wpa_pick_group_cipher(sel);
1383         if (wpa_s->group_cipher < 0) {
1384                 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select group "
1385                         "cipher");
1386                 return -1;
1387         }
1388         wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK %s",
1389                 wpa_cipher_txt(wpa_s->group_cipher));
1390
1391         sel = ie.pairwise_cipher & ssid->pairwise_cipher;
1392         wpa_dbg(wpa_s, MSG_DEBUG,
1393                 "WPA: AP pairwise 0x%x network profile pairwise 0x%x; available pairwise 0x%x",
1394                 ie.pairwise_cipher, ssid->pairwise_cipher, sel);
1395         wpa_s->pairwise_cipher = wpa_pick_pairwise_cipher(sel, 1);
1396         if (wpa_s->pairwise_cipher < 0) {
1397                 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select pairwise "
1398                         "cipher");
1399                 return -1;
1400         }
1401         wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK %s",
1402                 wpa_cipher_txt(wpa_s->pairwise_cipher));
1403 #endif /* CONFIG_NO_WPA */
1404
1405         sel = ie.key_mgmt & ssid->key_mgmt;
1406         wpa_dbg(wpa_s, MSG_DEBUG,
1407                 "WPA: AP key_mgmt 0x%x network profile key_mgmt 0x%x; available key_mgmt 0x%x",
1408                 ie.key_mgmt, ssid->key_mgmt, sel);
1409 #ifdef CONFIG_SAE
1410         if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE))
1411                 sel &= ~(WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE);
1412 #endif /* CONFIG_SAE */
1413         if (0) {
1414 #ifdef CONFIG_IEEE80211R
1415 #ifdef CONFIG_SHA384
1416         } else if (sel & WPA_KEY_MGMT_FT_IEEE8021X_SHA384) {
1417                 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
1418                 wpa_dbg(wpa_s, MSG_DEBUG,
1419                         "WPA: using KEY_MGMT FT/802.1X-SHA384");
1420                 if (!ssid->ft_eap_pmksa_caching &&
1421                     pmksa_cache_get_current(wpa_s->wpa)) {
1422                         /* PMKSA caching with FT may have interoperability
1423                          * issues, so disable that case by default for now. */
1424                         wpa_dbg(wpa_s, MSG_DEBUG,
1425                                 "WPA: Disable PMKSA caching for FT/802.1X connection");
1426                         pmksa_cache_clear_current(wpa_s->wpa);
1427                 }
1428 #endif /* CONFIG_SHA384 */
1429 #endif /* CONFIG_IEEE80211R */
1430 #ifdef CONFIG_SUITEB192
1431         } else if (sel & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
1432                 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B_192;
1433                 wpa_dbg(wpa_s, MSG_DEBUG,
1434                         "WPA: using KEY_MGMT 802.1X with Suite B (192-bit)");
1435 #endif /* CONFIG_SUITEB192 */
1436 #ifdef CONFIG_SUITEB
1437         } else if (sel & WPA_KEY_MGMT_IEEE8021X_SUITE_B) {
1438                 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B;
1439                 wpa_dbg(wpa_s, MSG_DEBUG,
1440                         "WPA: using KEY_MGMT 802.1X with Suite B");
1441 #endif /* CONFIG_SUITEB */
1442 #ifdef CONFIG_FILS
1443 #ifdef CONFIG_IEEE80211R
1444         } else if (sel & WPA_KEY_MGMT_FT_FILS_SHA384) {
1445                 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384;
1446                 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA384");
1447         } else if (sel & WPA_KEY_MGMT_FT_FILS_SHA256) {
1448                 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256;
1449                 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA256");
1450 #endif /* CONFIG_IEEE80211R */
1451         } else if (sel & WPA_KEY_MGMT_FILS_SHA384) {
1452                 wpa_s->key_mgmt = WPA_KEY_MGMT_FILS_SHA384;
1453                 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FILS-SHA384");
1454         } else if (sel & WPA_KEY_MGMT_FILS_SHA256) {
1455                 wpa_s->key_mgmt = WPA_KEY_MGMT_FILS_SHA256;
1456                 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FILS-SHA256");
1457 #endif /* CONFIG_FILS */
1458 #ifdef CONFIG_IEEE80211R
1459         } else if (sel & WPA_KEY_MGMT_FT_IEEE8021X) {
1460                 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
1461                 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
1462                 if (!ssid->ft_eap_pmksa_caching &&
1463                     pmksa_cache_get_current(wpa_s->wpa)) {
1464                         /* PMKSA caching with FT may have interoperability
1465                          * issues, so disable that case by default for now. */
1466                         wpa_dbg(wpa_s, MSG_DEBUG,
1467                                 "WPA: Disable PMKSA caching for FT/802.1X connection");
1468                         pmksa_cache_clear_current(wpa_s->wpa);
1469                 }
1470 #endif /* CONFIG_IEEE80211R */
1471 #ifdef CONFIG_DPP
1472         } else if (sel & WPA_KEY_MGMT_DPP) {
1473                 wpa_s->key_mgmt = WPA_KEY_MGMT_DPP;
1474                 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT DPP");
1475 #endif /* CONFIG_DPP */
1476 #ifdef CONFIG_SAE
1477         } else if (sel & WPA_KEY_MGMT_FT_SAE) {
1478                 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_SAE;
1479                 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT FT/SAE");
1480         } else if (sel & WPA_KEY_MGMT_SAE) {
1481                 wpa_s->key_mgmt = WPA_KEY_MGMT_SAE;
1482                 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT SAE");
1483 #endif /* CONFIG_SAE */
1484 #ifdef CONFIG_IEEE80211R
1485         } else if (sel & WPA_KEY_MGMT_FT_PSK) {
1486                 wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
1487                 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
1488 #endif /* CONFIG_IEEE80211R */
1489 #ifdef CONFIG_IEEE80211W
1490         } else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA256) {
1491                 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
1492                 wpa_dbg(wpa_s, MSG_DEBUG,
1493                         "WPA: using KEY_MGMT 802.1X with SHA256");
1494         } else if (sel & WPA_KEY_MGMT_PSK_SHA256) {
1495                 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
1496                 wpa_dbg(wpa_s, MSG_DEBUG,
1497                         "WPA: using KEY_MGMT PSK with SHA256");
1498 #endif /* CONFIG_IEEE80211W */
1499         } else if (sel & WPA_KEY_MGMT_IEEE8021X) {
1500                 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
1501                 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
1502         } else if (sel & WPA_KEY_MGMT_PSK) {
1503                 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
1504                 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
1505         } else if (sel & WPA_KEY_MGMT_WPA_NONE) {
1506                 wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
1507                 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
1508 #ifdef CONFIG_HS20
1509         } else if (sel & WPA_KEY_MGMT_OSEN) {
1510                 wpa_s->key_mgmt = WPA_KEY_MGMT_OSEN;
1511                 wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: using KEY_MGMT OSEN");
1512 #endif /* CONFIG_HS20 */
1513 #ifdef CONFIG_OWE
1514         } else if (sel & WPA_KEY_MGMT_OWE) {
1515                 wpa_s->key_mgmt = WPA_KEY_MGMT_OWE;
1516                 wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT OWE");
1517 #endif /* CONFIG_OWE */
1518         } else {
1519                 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select "
1520                         "authenticated key management type");
1521                 return -1;
1522         }
1523
1524         wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
1525         wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
1526                          wpa_s->pairwise_cipher);
1527         wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
1528
1529 #ifdef CONFIG_IEEE80211W
1530         sel = ie.mgmt_group_cipher;
1531         if (ssid->group_mgmt_cipher)
1532                 sel &= ssid->group_mgmt_cipher;
1533         if (wpas_get_ssid_pmf(wpa_s, ssid) == NO_MGMT_FRAME_PROTECTION ||
1534             !(ie.capabilities & WPA_CAPABILITY_MFPC))
1535                 sel = 0;
1536         wpa_dbg(wpa_s, MSG_DEBUG,
1537                 "WPA: AP mgmt_group_cipher 0x%x network profile mgmt_group_cipher 0x%x; available mgmt_group_cipher 0x%x",
1538                 ie.mgmt_group_cipher, ssid->group_mgmt_cipher, sel);
1539         if (sel & WPA_CIPHER_AES_128_CMAC) {
1540                 wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
1541                 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1542                         "AES-128-CMAC");
1543         } else if (sel & WPA_CIPHER_BIP_GMAC_128) {
1544                 wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_GMAC_128;
1545                 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1546                         "BIP-GMAC-128");
1547         } else if (sel & WPA_CIPHER_BIP_GMAC_256) {
1548                 wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_GMAC_256;
1549                 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1550                         "BIP-GMAC-256");
1551         } else if (sel & WPA_CIPHER_BIP_CMAC_256) {
1552                 wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_CMAC_256;
1553                 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1554                         "BIP-CMAC-256");
1555         } else {
1556                 wpa_s->mgmt_group_cipher = 0;
1557                 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
1558         }
1559         wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
1560                          wpa_s->mgmt_group_cipher);
1561         wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP,
1562                          wpas_get_ssid_pmf(wpa_s, ssid));
1563 #endif /* CONFIG_IEEE80211W */
1564 #ifdef CONFIG_OCV
1565         wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCV, ssid->ocv);
1566 #endif /* CONFIG_OCV */
1567
1568         if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
1569                 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to generate WPA IE");
1570                 return -1;
1571         }
1572
1573         if (0) {
1574 #ifdef CONFIG_DPP
1575         } else if (wpa_s->key_mgmt == WPA_KEY_MGMT_DPP) {
1576                 /* Use PMK from DPP network introduction (PMKSA entry) */
1577                 wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
1578 #endif /* CONFIG_DPP */
1579         } else if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt)) {
1580                 int psk_set = 0;
1581                 int sae_only;
1582
1583                 sae_only = (ssid->key_mgmt & (WPA_KEY_MGMT_PSK |
1584                                               WPA_KEY_MGMT_FT_PSK |
1585                                               WPA_KEY_MGMT_PSK_SHA256)) == 0;
1586
1587                 if (ssid->psk_set && !sae_only) {
1588                         wpa_hexdump_key(MSG_MSGDUMP, "PSK (set in config)",
1589                                         ssid->psk, PMK_LEN);
1590                         wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN, NULL,
1591                                        NULL);
1592                         psk_set = 1;
1593                 }
1594
1595                 if (wpa_key_mgmt_sae(ssid->key_mgmt) &&
1596                     (ssid->sae_password || ssid->passphrase))
1597                         psk_set = 1;
1598
1599 #ifndef CONFIG_NO_PBKDF2
1600                 if (bss && ssid->bssid_set && ssid->ssid_len == 0 &&
1601                     ssid->passphrase && !sae_only) {
1602                         u8 psk[PMK_LEN];
1603                         pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len,
1604                                     4096, psk, PMK_LEN);
1605                         wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
1606                                         psk, PMK_LEN);
1607                         wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL, NULL);
1608                         psk_set = 1;
1609                         os_memset(psk, 0, sizeof(psk));
1610                 }
1611 #endif /* CONFIG_NO_PBKDF2 */
1612 #ifdef CONFIG_EXT_PASSWORD
1613                 if (ssid->ext_psk && !sae_only) {
1614                         struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
1615                                                              ssid->ext_psk);
1616                         char pw_str[64 + 1];
1617                         u8 psk[PMK_LEN];
1618
1619                         if (pw == NULL) {
1620                                 wpa_msg(wpa_s, MSG_INFO, "EXT PW: No PSK "
1621                                         "found from external storage");
1622                                 return -1;
1623                         }
1624
1625                         if (wpabuf_len(pw) < 8 || wpabuf_len(pw) > 64) {
1626                                 wpa_msg(wpa_s, MSG_INFO, "EXT PW: Unexpected "
1627                                         "PSK length %d in external storage",
1628                                         (int) wpabuf_len(pw));
1629                                 ext_password_free(pw);
1630                                 return -1;
1631                         }
1632
1633                         os_memcpy(pw_str, wpabuf_head(pw), wpabuf_len(pw));
1634                         pw_str[wpabuf_len(pw)] = '\0';
1635
1636 #ifndef CONFIG_NO_PBKDF2
1637                         if (wpabuf_len(pw) >= 8 && wpabuf_len(pw) < 64 && bss)
1638                         {
1639                                 pbkdf2_sha1(pw_str, bss->ssid, bss->ssid_len,
1640                                             4096, psk, PMK_LEN);
1641                                 os_memset(pw_str, 0, sizeof(pw_str));
1642                                 wpa_hexdump_key(MSG_MSGDUMP, "PSK (from "
1643                                                 "external passphrase)",
1644                                                 psk, PMK_LEN);
1645                                 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL,
1646                                                NULL);
1647                                 psk_set = 1;
1648                                 os_memset(psk, 0, sizeof(psk));
1649                         } else
1650 #endif /* CONFIG_NO_PBKDF2 */
1651                         if (wpabuf_len(pw) == 2 * PMK_LEN) {
1652                                 if (hexstr2bin(pw_str, psk, PMK_LEN) < 0) {
1653                                         wpa_msg(wpa_s, MSG_INFO, "EXT PW: "
1654                                                 "Invalid PSK hex string");
1655                                         os_memset(pw_str, 0, sizeof(pw_str));
1656                                         ext_password_free(pw);
1657                                         return -1;
1658                                 }
1659                                 wpa_hexdump_key(MSG_MSGDUMP,
1660                                                 "PSK (from external PSK)",
1661                                                 psk, PMK_LEN);
1662                                 wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL,
1663                                                NULL);
1664                                 psk_set = 1;
1665                                 os_memset(psk, 0, sizeof(psk));
1666                         } else {
1667                                 wpa_msg(wpa_s, MSG_INFO, "EXT PW: No suitable "
1668                                         "PSK available");
1669                                 os_memset(pw_str, 0, sizeof(pw_str));
1670                                 ext_password_free(pw);
1671                                 return -1;
1672                         }
1673
1674                         os_memset(pw_str, 0, sizeof(pw_str));
1675                         ext_password_free(pw);
1676                 }
1677 #endif /* CONFIG_EXT_PASSWORD */
1678
1679                 if (!psk_set) {
1680                         wpa_msg(wpa_s, MSG_INFO,
1681                                 "No PSK available for association");
1682                         wpas_auth_failed(wpa_s, "NO_PSK_AVAILABLE");
1683                         return -1;
1684                 }
1685 #ifdef CONFIG_OWE
1686         } else if (wpa_s->key_mgmt == WPA_KEY_MGMT_OWE) {
1687                 /* OWE Diffie-Hellman exchange in (Re)Association
1688                  * Request/Response frames set the PMK, so do not override it
1689                  * here. */
1690 #endif /* CONFIG_OWE */
1691         } else
1692                 wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
1693
1694         return 0;
1695 }
1696
1697
1698 static void wpas_ext_capab_byte(struct wpa_supplicant *wpa_s, u8 *pos, int idx)
1699 {
1700         *pos = 0x00;
1701
1702         switch (idx) {
1703         case 0: /* Bits 0-7 */
1704                 break;
1705         case 1: /* Bits 8-15 */
1706                 if (wpa_s->conf->coloc_intf_reporting) {
1707                         /* Bit 13 - Collocated Interference Reporting */
1708                         *pos |= 0x20;
1709                 }
1710                 break;
1711         case 2: /* Bits 16-23 */
1712 #ifdef CONFIG_WNM
1713                 *pos |= 0x02; /* Bit 17 - WNM-Sleep Mode */
1714                 if (!wpa_s->conf->disable_btm)
1715                         *pos |= 0x08; /* Bit 19 - BSS Transition */
1716 #endif /* CONFIG_WNM */
1717                 break;
1718         case 3: /* Bits 24-31 */
1719 #ifdef CONFIG_WNM
1720                 *pos |= 0x02; /* Bit 25 - SSID List */
1721 #endif /* CONFIG_WNM */
1722 #ifdef CONFIG_INTERWORKING
1723                 if (wpa_s->conf->interworking)
1724                         *pos |= 0x80; /* Bit 31 - Interworking */
1725 #endif /* CONFIG_INTERWORKING */
1726                 break;
1727         case 4: /* Bits 32-39 */
1728 #ifdef CONFIG_INTERWORKING
1729                 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_QOS_MAPPING)
1730                         *pos |= 0x01; /* Bit 32 - QoS Map */
1731 #endif /* CONFIG_INTERWORKING */
1732                 break;
1733         case 5: /* Bits 40-47 */
1734 #ifdef CONFIG_HS20
1735                 if (wpa_s->conf->hs20)
1736                         *pos |= 0x40; /* Bit 46 - WNM-Notification */
1737 #endif /* CONFIG_HS20 */
1738 #ifdef CONFIG_MBO
1739                 *pos |= 0x40; /* Bit 46 - WNM-Notification */
1740 #endif /* CONFIG_MBO */
1741                 break;
1742         case 6: /* Bits 48-55 */
1743                 break;
1744         case 7: /* Bits 56-63 */
1745                 break;
1746         case 8: /* Bits 64-71 */
1747                 if (wpa_s->conf->ftm_responder)
1748                         *pos |= 0x40; /* Bit 70 - FTM responder */
1749                 if (wpa_s->conf->ftm_initiator)
1750                         *pos |= 0x80; /* Bit 71 - FTM initiator */
1751                 break;
1752         case 9: /* Bits 72-79 */
1753 #ifdef CONFIG_FILS
1754                 if (!wpa_s->disable_fils)
1755                         *pos |= 0x01;
1756 #endif /* CONFIG_FILS */
1757                 break;
1758         }
1759 }
1760
1761
1762 int wpas_build_ext_capab(struct wpa_supplicant *wpa_s, u8 *buf, size_t buflen)
1763 {
1764         u8 *pos = buf;
1765         u8 len = 10, i;
1766
1767         if (len < wpa_s->extended_capa_len)
1768                 len = wpa_s->extended_capa_len;
1769         if (buflen < (size_t) len + 2) {
1770                 wpa_printf(MSG_INFO,
1771                            "Not enough room for building extended capabilities element");
1772                 return -1;
1773         }
1774
1775         *pos++ = WLAN_EID_EXT_CAPAB;
1776         *pos++ = len;
1777         for (i = 0; i < len; i++, pos++) {
1778                 wpas_ext_capab_byte(wpa_s, pos, i);
1779
1780                 if (i < wpa_s->extended_capa_len) {
1781                         *pos &= ~wpa_s->extended_capa_mask[i];
1782                         *pos |= wpa_s->extended_capa[i];
1783                 }
1784         }
1785
1786         while (len > 0 && buf[1 + len] == 0) {
1787                 len--;
1788                 buf[1] = len;
1789         }
1790         if (len == 0)
1791                 return 0;
1792
1793         return 2 + len;
1794 }
1795
1796
1797 static int wpas_valid_bss(struct wpa_supplicant *wpa_s,
1798                           struct wpa_bss *test_bss)
1799 {
1800         struct wpa_bss *bss;
1801
1802         dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
1803                 if (bss == test_bss)
1804                         return 1;
1805         }
1806
1807         return 0;
1808 }
1809
1810
1811 static int wpas_valid_ssid(struct wpa_supplicant *wpa_s,
1812                            struct wpa_ssid *test_ssid)
1813 {
1814         struct wpa_ssid *ssid;
1815
1816         for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
1817                 if (ssid == test_ssid)
1818                         return 1;
1819         }
1820
1821         return 0;
1822 }
1823
1824
1825 int wpas_valid_bss_ssid(struct wpa_supplicant *wpa_s, struct wpa_bss *test_bss,
1826                         struct wpa_ssid *test_ssid)
1827 {
1828         if (test_bss && !wpas_valid_bss(wpa_s, test_bss))
1829                 return 0;
1830
1831         return test_ssid == NULL || wpas_valid_ssid(wpa_s, test_ssid);
1832 }
1833
1834
1835 void wpas_connect_work_free(struct wpa_connect_work *cwork)
1836 {
1837         if (cwork == NULL)
1838                 return;
1839         os_free(cwork);
1840 }
1841
1842
1843 void wpas_connect_work_done(struct wpa_supplicant *wpa_s)
1844 {
1845         struct wpa_connect_work *cwork;
1846         struct wpa_radio_work *work = wpa_s->connect_work;
1847
1848         if (!work)
1849                 return;
1850
1851         wpa_s->connect_work = NULL;
1852         cwork = work->ctx;
1853         work->ctx = NULL;
1854         wpas_connect_work_free(cwork);
1855         radio_work_done(work);
1856 }
1857
1858
1859 int wpas_update_random_addr(struct wpa_supplicant *wpa_s, int style)
1860 {
1861         struct os_reltime now;
1862         u8 addr[ETH_ALEN];
1863
1864         os_get_reltime(&now);
1865         if (wpa_s->last_mac_addr_style == style &&
1866             wpa_s->last_mac_addr_change.sec != 0 &&
1867             !os_reltime_expired(&now, &wpa_s->last_mac_addr_change,
1868                                 wpa_s->conf->rand_addr_lifetime)) {
1869                 wpa_msg(wpa_s, MSG_DEBUG,
1870                         "Previously selected random MAC address has not yet expired");
1871                 return 0;
1872         }
1873
1874         switch (style) {
1875         case 1:
1876                 if (random_mac_addr(addr) < 0)
1877                         return -1;
1878                 break;
1879         case 2:
1880                 os_memcpy(addr, wpa_s->perm_addr, ETH_ALEN);
1881                 if (random_mac_addr_keep_oui(addr) < 0)
1882                         return -1;
1883                 break;
1884         default:
1885                 return -1;
1886         }
1887
1888         if (wpa_drv_set_mac_addr(wpa_s, addr) < 0) {
1889                 wpa_msg(wpa_s, MSG_INFO,
1890                         "Failed to set random MAC address");
1891                 return -1;
1892         }
1893
1894         os_get_reltime(&wpa_s->last_mac_addr_change);
1895         wpa_s->mac_addr_changed = 1;
1896         wpa_s->last_mac_addr_style = style;
1897
1898         if (wpa_supplicant_update_mac_addr(wpa_s) < 0) {
1899                 wpa_msg(wpa_s, MSG_INFO,
1900                         "Could not update MAC address information");
1901                 return -1;
1902         }
1903
1904         wpa_msg(wpa_s, MSG_DEBUG, "Using random MAC address " MACSTR,
1905                 MAC2STR(addr));
1906
1907         return 0;
1908 }
1909
1910
1911 int wpas_update_random_addr_disassoc(struct wpa_supplicant *wpa_s)
1912 {
1913         if (wpa_s->wpa_state >= WPA_AUTHENTICATING ||
1914             !wpa_s->conf->preassoc_mac_addr)
1915                 return 0;
1916
1917         return wpas_update_random_addr(wpa_s, wpa_s->conf->preassoc_mac_addr);
1918 }
1919
1920
1921 static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit);
1922
1923 /**
1924  * wpa_supplicant_associate - Request association
1925  * @wpa_s: Pointer to wpa_supplicant data
1926  * @bss: Scan results for the selected BSS, or %NULL if not available
1927  * @ssid: Configuration data for the selected network
1928  *
1929  * This function is used to request %wpa_supplicant to associate with a BSS.
1930  */
1931 void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
1932                               struct wpa_bss *bss, struct wpa_ssid *ssid)
1933 {
1934         struct wpa_connect_work *cwork;
1935         int rand_style;
1936
1937         wpa_s->own_disconnect_req = 0;
1938
1939         /*
1940          * If we are starting a new connection, any previously pending EAPOL
1941          * RX cannot be valid anymore.
1942          */
1943         wpabuf_free(wpa_s->pending_eapol_rx);
1944         wpa_s->pending_eapol_rx = NULL;
1945
1946         if (ssid->mac_addr == -1)
1947                 rand_style = wpa_s->conf->mac_addr;
1948         else
1949                 rand_style = ssid->mac_addr;
1950
1951         wmm_ac_clear_saved_tspecs(wpa_s);
1952         wpa_s->reassoc_same_bss = 0;
1953         wpa_s->reassoc_same_ess = 0;
1954 #ifdef CONFIG_TESTING_OPTIONS
1955         wpa_s->testing_resend_assoc = 0;
1956 #endif /* CONFIG_TESTING_OPTIONS */
1957
1958         if (wpa_s->last_ssid == ssid) {
1959                 wpa_dbg(wpa_s, MSG_DEBUG, "Re-association to the same ESS");
1960                 wpa_s->reassoc_same_ess = 1;
1961                 if (wpa_s->current_bss && wpa_s->current_bss == bss) {
1962                         wmm_ac_save_tspecs(wpa_s);
1963                         wpa_s->reassoc_same_bss = 1;
1964                 } else if (wpa_s->current_bss && wpa_s->current_bss != bss) {
1965                         os_get_reltime(&wpa_s->roam_start);
1966                 }
1967         }
1968
1969         if (rand_style > 0 && !wpa_s->reassoc_same_ess) {
1970                 if (wpas_update_random_addr(wpa_s, rand_style) < 0)
1971                         return;
1972                 wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
1973         } else if (rand_style == 0 && wpa_s->mac_addr_changed) {
1974                 if (wpa_drv_set_mac_addr(wpa_s, NULL) < 0) {
1975                         wpa_msg(wpa_s, MSG_INFO,
1976                                 "Could not restore permanent MAC address");
1977                         return;
1978                 }
1979                 wpa_s->mac_addr_changed = 0;
1980                 if (wpa_supplicant_update_mac_addr(wpa_s) < 0) {
1981                         wpa_msg(wpa_s, MSG_INFO,
1982                                 "Could not update MAC address information");
1983                         return;
1984                 }
1985                 wpa_msg(wpa_s, MSG_DEBUG, "Using permanent MAC address");
1986         }
1987         wpa_s->last_ssid = ssid;
1988
1989 #ifdef CONFIG_IBSS_RSN
1990         ibss_rsn_deinit(wpa_s->ibss_rsn);
1991         wpa_s->ibss_rsn = NULL;
1992 #else /* CONFIG_IBSS_RSN */
1993         if (ssid->mode == WPAS_MODE_IBSS &&
1994             !(ssid->key_mgmt & (WPA_KEY_MGMT_NONE | WPA_KEY_MGMT_WPA_NONE))) {
1995                 wpa_msg(wpa_s, MSG_INFO,
1996                         "IBSS RSN not supported in the build");
1997                 return;
1998         }
1999 #endif /* CONFIG_IBSS_RSN */
2000
2001         if (ssid->mode == WPAS_MODE_AP || ssid->mode == WPAS_MODE_P2P_GO ||
2002             ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION) {
2003 #ifdef CONFIG_AP
2004                 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP)) {
2005                         wpa_msg(wpa_s, MSG_INFO, "Driver does not support AP "
2006                                 "mode");
2007                         return;
2008                 }
2009                 if (wpa_supplicant_create_ap(wpa_s, ssid) < 0) {
2010                         wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
2011                         if (ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION)
2012                                 wpas_p2p_ap_setup_failed(wpa_s);
2013                         return;
2014                 }
2015                 wpa_s->current_bss = bss;
2016 #else /* CONFIG_AP */
2017                 wpa_msg(wpa_s, MSG_ERROR, "AP mode support not included in "
2018                         "the build");
2019 #endif /* CONFIG_AP */
2020                 return;
2021         }
2022
2023         if (ssid->mode == WPAS_MODE_MESH) {
2024 #ifdef CONFIG_MESH
2025                 if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_MESH)) {
2026                         wpa_msg(wpa_s, MSG_INFO,
2027                                 "Driver does not support mesh mode");
2028                         return;
2029                 }
2030                 if (bss)
2031                         ssid->frequency = bss->freq;
2032                 if (wpa_supplicant_join_mesh(wpa_s, ssid) < 0) {
2033                         wpa_msg(wpa_s, MSG_ERROR, "Could not join mesh");
2034                         return;
2035                 }
2036                 wpa_s->current_bss = bss;
2037                 wpa_msg(wpa_s, MSG_INFO, MESH_GROUP_STARTED "ssid=\"%s\" id=%d",
2038                         wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
2039                         ssid->id);
2040                 wpas_notify_mesh_group_started(wpa_s, ssid);
2041 #else /* CONFIG_MESH */
2042                 wpa_msg(wpa_s, MSG_ERROR,
2043                         "mesh mode support not included in the build");
2044 #endif /* CONFIG_MESH */
2045                 return;
2046         }
2047
2048         /*
2049          * Set WPA state machine configuration to match the selected network now
2050          * so that the information is available before wpas_start_assoc_cb()
2051          * gets called. This is needed at least for RSN pre-authentication where
2052          * candidate APs are added to a list based on scan result processing
2053          * before completion of the first association.
2054          */
2055         wpa_supplicant_rsn_supp_set_config(wpa_s, ssid);
2056
2057 #ifdef CONFIG_DPP
2058         if (wpas_dpp_check_connect(wpa_s, ssid, bss) != 0)
2059                 return;
2060 #endif /* CONFIG_DPP */
2061
2062 #ifdef CONFIG_TDLS
2063         if (bss)
2064                 wpa_tdls_ap_ies(wpa_s->wpa, (const u8 *) (bss + 1),
2065                                 bss->ie_len);
2066 #endif /* CONFIG_TDLS */
2067
2068         if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2069             ssid->mode == WPAS_MODE_INFRA) {
2070                 sme_authenticate(wpa_s, bss, ssid);
2071                 return;
2072         }
2073
2074         if (wpa_s->connect_work) {
2075                 wpa_dbg(wpa_s, MSG_DEBUG, "Reject wpa_supplicant_associate() call since connect_work exist");
2076                 return;
2077         }
2078
2079         if (radio_work_pending(wpa_s, "connect")) {
2080                 wpa_dbg(wpa_s, MSG_DEBUG, "Reject wpa_supplicant_associate() call since pending work exist");
2081                 return;
2082         }
2083
2084 #ifdef CONFIG_SME
2085         if (ssid->mode == WPAS_MODE_IBSS || ssid->mode == WPAS_MODE_MESH) {
2086                 /* Clear possibly set auth_alg, if any, from last attempt. */
2087                 wpa_s->sme.auth_alg = WPA_AUTH_ALG_OPEN;
2088         }
2089 #endif /* CONFIG_SME */
2090
2091         wpas_abort_ongoing_scan(wpa_s);
2092
2093         cwork = os_zalloc(sizeof(*cwork));
2094         if (cwork == NULL)
2095                 return;
2096
2097         cwork->bss = bss;
2098         cwork->ssid = ssid;
2099
2100         if (radio_add_work(wpa_s, bss ? bss->freq : 0, "connect", 1,
2101                            wpas_start_assoc_cb, cwork) < 0) {
2102                 os_free(cwork);
2103         }
2104 }
2105
2106
2107 static int bss_is_ibss(struct wpa_bss *bss)
2108 {
2109         return (bss->caps & (IEEE80211_CAP_ESS | IEEE80211_CAP_IBSS)) ==
2110                 IEEE80211_CAP_IBSS;
2111 }
2112
2113
2114 static int drv_supports_vht(struct wpa_supplicant *wpa_s,
2115                             const struct wpa_ssid *ssid)
2116 {
2117         enum hostapd_hw_mode hw_mode;
2118         struct hostapd_hw_modes *mode = NULL;
2119         u8 channel;
2120         int i;
2121
2122         hw_mode = ieee80211_freq_to_chan(ssid->frequency, &channel);
2123         if (hw_mode == NUM_HOSTAPD_MODES)
2124                 return 0;
2125         for (i = 0; wpa_s->hw.modes && i < wpa_s->hw.num_modes; i++) {
2126                 if (wpa_s->hw.modes[i].mode == hw_mode) {
2127                         mode = &wpa_s->hw.modes[i];
2128                         break;
2129                 }
2130         }
2131
2132         if (!mode)
2133                 return 0;
2134
2135         return mode->vht_capab != 0;
2136 }
2137
2138
2139 void ibss_mesh_setup_freq(struct wpa_supplicant *wpa_s,
2140                           const struct wpa_ssid *ssid,
2141                           struct hostapd_freq_params *freq)
2142 {
2143         int ieee80211_mode = wpas_mode_to_ieee80211_mode(ssid->mode);
2144         enum hostapd_hw_mode hw_mode;
2145         struct hostapd_hw_modes *mode = NULL;
2146         int ht40plus[] = { 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157,
2147                            184, 192 };
2148         int vht80[] = { 36, 52, 100, 116, 132, 149 };
2149         struct hostapd_channel_data *pri_chan = NULL, *sec_chan = NULL;
2150         u8 channel;
2151         int i, chan_idx, ht40 = -1, res, obss_scan = 1;
2152         unsigned int j, k;
2153         struct hostapd_freq_params vht_freq;
2154         int chwidth, seg0, seg1;
2155         u32 vht_caps = 0;
2156
2157         freq->freq = ssid->frequency;
2158
2159         for (j = 0; j < wpa_s->last_scan_res_used; j++) {
2160                 struct wpa_bss *bss = wpa_s->last_scan_res[j];
2161
2162                 if (ssid->mode != WPAS_MODE_IBSS)
2163                         break;
2164
2165                 /* Don't adjust control freq in case of fixed_freq */
2166                 if (ssid->fixed_freq)
2167                         break;
2168
2169                 if (!bss_is_ibss(bss))
2170                         continue;
2171
2172                 if (ssid->ssid_len == bss->ssid_len &&
2173                     os_memcmp(ssid->ssid, bss->ssid, bss->ssid_len) == 0) {
2174                         wpa_printf(MSG_DEBUG,
2175                                    "IBSS already found in scan results, adjust control freq: %d",
2176                                    bss->freq);
2177                         freq->freq = bss->freq;
2178                         obss_scan = 0;
2179                         break;
2180                 }
2181         }
2182
2183         /* For IBSS check HT_IBSS flag */
2184         if (ssid->mode == WPAS_MODE_IBSS &&
2185             !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_HT_IBSS))
2186                 return;
2187
2188         if (wpa_s->group_cipher == WPA_CIPHER_WEP40 ||
2189             wpa_s->group_cipher == WPA_CIPHER_WEP104 ||
2190             wpa_s->pairwise_cipher == WPA_CIPHER_TKIP) {
2191                 wpa_printf(MSG_DEBUG,
2192                            "IBSS: WEP/TKIP detected, do not try to enable HT");
2193                 return;
2194         }
2195
2196         hw_mode = ieee80211_freq_to_chan(freq->freq, &channel);
2197         for (i = 0; wpa_s->hw.modes && i < wpa_s->hw.num_modes; i++) {
2198                 if (wpa_s->hw.modes[i].mode == hw_mode) {
2199                         mode = &wpa_s->hw.modes[i];
2200                         break;
2201                 }
2202         }
2203
2204         if (!mode)
2205                 return;
2206
2207         /* HE can work without HT + VHT */
2208         freq->he_enabled = mode->he_capab[ieee80211_mode].he_supported;
2209
2210 #ifdef CONFIG_HT_OVERRIDES
2211         if (ssid->disable_ht) {
2212                 freq->ht_enabled = 0;
2213                 return;
2214         }
2215 #endif /* CONFIG_HT_OVERRIDES */
2216
2217         freq->ht_enabled = ht_supported(mode);
2218         if (!freq->ht_enabled)
2219                 return;
2220
2221         /* Setup higher BW only for 5 GHz */
2222         if (mode->mode != HOSTAPD_MODE_IEEE80211A)
2223                 return;
2224
2225         for (chan_idx = 0; chan_idx < mode->num_channels; chan_idx++) {
2226                 pri_chan = &mode->channels[chan_idx];
2227                 if (pri_chan->chan == channel)
2228                         break;
2229                 pri_chan = NULL;
2230         }
2231         if (!pri_chan)
2232                 return;
2233
2234         /* Check primary channel flags */
2235         if (pri_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
2236                 return;
2237
2238         freq->channel = pri_chan->chan;
2239
2240 #ifdef CONFIG_HT_OVERRIDES
2241         if (ssid->disable_ht40) {
2242                 if (ssid->disable_vht)
2243                         return;
2244                 goto skip_ht40;
2245         }
2246 #endif /* CONFIG_HT_OVERRIDES */
2247
2248         /* Check/setup HT40+/HT40- */
2249         for (j = 0; j < ARRAY_SIZE(ht40plus); j++) {
2250                 if (ht40plus[j] == channel) {
2251                         ht40 = 1;
2252                         break;
2253                 }
2254         }
2255
2256         /* Find secondary channel */
2257         for (i = 0; i < mode->num_channels; i++) {
2258                 sec_chan = &mode->channels[i];
2259                 if (sec_chan->chan == channel + ht40 * 4)
2260                         break;
2261                 sec_chan = NULL;
2262         }
2263         if (!sec_chan)
2264                 return;
2265
2266         /* Check secondary channel flags */
2267         if (sec_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
2268                 return;
2269
2270         if (ht40 == -1) {
2271                 if (!(pri_chan->flag & HOSTAPD_CHAN_HT40MINUS))
2272                         return;
2273         } else {
2274                 if (!(pri_chan->flag & HOSTAPD_CHAN_HT40PLUS))
2275                         return;
2276         }
2277         freq->sec_channel_offset = ht40;
2278
2279         if (obss_scan) {
2280                 struct wpa_scan_results *scan_res;
2281
2282                 scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL, 0);
2283                 if (scan_res == NULL) {
2284                         /* Back to HT20 */
2285                         freq->sec_channel_offset = 0;
2286                         return;
2287                 }
2288
2289                 res = check_40mhz_5g(mode, scan_res, pri_chan->chan,
2290                                      sec_chan->chan);
2291                 switch (res) {
2292                 case 0:
2293                         /* Back to HT20 */
2294                         freq->sec_channel_offset = 0;
2295                         break;
2296                 case 1:
2297                         /* Configuration allowed */
2298                         break;
2299                 case 2:
2300                         /* Switch pri/sec channels */
2301                         freq->freq = hw_get_freq(mode, sec_chan->chan);
2302                         freq->sec_channel_offset = -freq->sec_channel_offset;
2303                         freq->channel = sec_chan->chan;
2304                         break;
2305                 default:
2306                         freq->sec_channel_offset = 0;
2307                         break;
2308                 }
2309
2310                 wpa_scan_results_free(scan_res);
2311         }
2312
2313 #ifdef CONFIG_HT_OVERRIDES
2314 skip_ht40:
2315 #endif /* CONFIG_HT_OVERRIDES */
2316         wpa_printf(MSG_DEBUG,
2317                    "IBSS/mesh: setup freq channel %d, sec_channel_offset %d",
2318                    freq->channel, freq->sec_channel_offset);
2319
2320         if (!drv_supports_vht(wpa_s, ssid))
2321                 return;
2322
2323         /* For IBSS check VHT_IBSS flag */
2324         if (ssid->mode == WPAS_MODE_IBSS &&
2325             !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_VHT_IBSS))
2326                 return;
2327
2328         vht_freq = *freq;
2329
2330 #ifdef CONFIG_VHT_OVERRIDES
2331         if (ssid->disable_vht) {
2332                 freq->vht_enabled = 0;
2333                 return;
2334         }
2335 #endif /* CONFIG_VHT_OVERRIDES */
2336
2337         vht_freq.vht_enabled = vht_supported(mode);
2338         if (!vht_freq.vht_enabled)
2339                 return;
2340
2341         /* setup center_freq1, bandwidth */
2342         for (j = 0; j < ARRAY_SIZE(vht80); j++) {
2343                 if (freq->channel >= vht80[j] &&
2344                     freq->channel < vht80[j] + 16)
2345                         break;
2346         }
2347
2348         if (j == ARRAY_SIZE(vht80))
2349                 return;
2350
2351         for (i = vht80[j]; i < vht80[j] + 16; i += 4) {
2352                 struct hostapd_channel_data *chan;
2353
2354                 chan = hw_get_channel_chan(mode, i, NULL);
2355                 if (!chan)
2356                         return;
2357
2358                 /* Back to HT configuration if channel not usable */
2359                 if (chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
2360                         return;
2361         }
2362
2363         chwidth = CHANWIDTH_80MHZ;
2364         seg0 = vht80[j] + 6;
2365         seg1 = 0;
2366
2367         if (ssid->max_oper_chwidth == CHANWIDTH_80P80MHZ) {
2368                 /* setup center_freq2, bandwidth */
2369                 for (k = 0; k < ARRAY_SIZE(vht80); k++) {
2370                         /* Only accept 80 MHz segments separated by a gap */
2371                         if (j == k || abs(vht80[j] - vht80[k]) == 16)
2372                                 continue;
2373                         for (i = vht80[k]; i < vht80[k] + 16; i += 4) {
2374                                 struct hostapd_channel_data *chan;
2375
2376                                 chan = hw_get_channel_chan(mode, i, NULL);
2377                                 if (!chan)
2378                                         continue;
2379
2380                                 if (chan->flag & (HOSTAPD_CHAN_DISABLED |
2381                                                   HOSTAPD_CHAN_NO_IR |
2382                                                   HOSTAPD_CHAN_RADAR))
2383                                         continue;
2384
2385                                 /* Found a suitable second segment for 80+80 */
2386                                 chwidth = CHANWIDTH_80P80MHZ;
2387                                 vht_caps |=
2388                                         VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ;
2389                                 seg1 = vht80[k] + 6;
2390                         }
2391
2392                         if (chwidth == CHANWIDTH_80P80MHZ)
2393                                 break;
2394                 }
2395         } else if (ssid->max_oper_chwidth == CHANWIDTH_160MHZ) {
2396                 if (freq->freq == 5180) {
2397                         chwidth = CHANWIDTH_160MHZ;
2398                         vht_caps |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
2399                         seg0 = 50;
2400                 } else if (freq->freq == 5520) {
2401                         chwidth = CHANWIDTH_160MHZ;
2402                         vht_caps |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
2403                         seg0 = 114;
2404                 }
2405         } else if (ssid->max_oper_chwidth == CHANWIDTH_USE_HT) {
2406                 chwidth = CHANWIDTH_USE_HT;
2407                 seg0 = vht80[j] + 2;
2408 #ifdef CONFIG_HT_OVERRIDES
2409                 if (ssid->disable_ht40)
2410                         seg0 = 0;
2411 #endif /* CONFIG_HT_OVERRIDES */
2412         }
2413
2414         if (hostapd_set_freq_params(&vht_freq, mode->mode, freq->freq,
2415                                     freq->channel, freq->ht_enabled,
2416                                     vht_freq.vht_enabled, freq->he_enabled,
2417                                     freq->sec_channel_offset,
2418                                     chwidth, seg0, seg1, vht_caps,
2419                                     &mode->he_capab[ieee80211_mode]) != 0)
2420                 return;
2421
2422         *freq = vht_freq;
2423
2424         wpa_printf(MSG_DEBUG, "IBSS: VHT setup freq cf1 %d, cf2 %d, bw %d",
2425                    freq->center_freq1, freq->center_freq2, freq->bandwidth);
2426 }
2427
2428
2429 #ifdef CONFIG_FILS
2430 static size_t wpas_add_fils_hlp_req(struct wpa_supplicant *wpa_s, u8 *ie_buf,
2431                                     size_t ie_buf_len)
2432 {
2433         struct fils_hlp_req *req;
2434         size_t rem_len, hdr_len, hlp_len, len, ie_len = 0;
2435         const u8 *pos;
2436         u8 *buf = ie_buf;
2437
2438         dl_list_for_each(req, &wpa_s->fils_hlp_req, struct fils_hlp_req,
2439                          list) {
2440                 rem_len = ie_buf_len - ie_len;
2441                 pos = wpabuf_head(req->pkt);
2442                 hdr_len = 1 + 2 * ETH_ALEN + 6;
2443                 hlp_len = wpabuf_len(req->pkt);
2444
2445                 if (rem_len < 2 + hdr_len + hlp_len) {
2446                         wpa_printf(MSG_ERROR,
2447                                    "FILS: Cannot fit HLP - rem_len=%lu to_fill=%lu",
2448                                    (unsigned long) rem_len,
2449                                    (unsigned long) (2 + hdr_len + hlp_len));
2450                         break;
2451                 }
2452
2453                 len = (hdr_len + hlp_len) > 255 ? 255 : hdr_len + hlp_len;
2454                 /* Element ID */
2455                 *buf++ = WLAN_EID_EXTENSION;
2456                 /* Length */
2457                 *buf++ = len;
2458                 /* Element ID Extension */
2459                 *buf++ = WLAN_EID_EXT_FILS_HLP_CONTAINER;
2460                 /* Destination MAC address */
2461                 os_memcpy(buf, req->dst, ETH_ALEN);
2462                 buf += ETH_ALEN;
2463                 /* Source MAC address */
2464                 os_memcpy(buf, wpa_s->own_addr, ETH_ALEN);
2465                 buf += ETH_ALEN;
2466                 /* LLC/SNAP Header */
2467                 os_memcpy(buf, "\xaa\xaa\x03\x00\x00\x00", 6);
2468                 buf += 6;
2469                 /* HLP Packet */
2470                 os_memcpy(buf, pos, len - hdr_len);
2471                 buf += len - hdr_len;
2472                 pos += len - hdr_len;
2473
2474                 hlp_len -= len - hdr_len;
2475                 ie_len += 2 + len;
2476                 rem_len -= 2 + len;
2477
2478                 while (hlp_len) {
2479                         len = (hlp_len > 255) ? 255 : hlp_len;
2480                         if (rem_len < 2 + len)
2481                                 break;
2482                         *buf++ = WLAN_EID_FRAGMENT;
2483                         *buf++ = len;
2484                         os_memcpy(buf, pos, len);
2485                         buf += len;
2486                         pos += len;
2487
2488                         hlp_len -= len;
2489                         ie_len += 2 + len;
2490                         rem_len -= 2 + len;
2491                 }
2492         }
2493
2494         return ie_len;
2495 }
2496
2497
2498 int wpa_is_fils_supported(struct wpa_supplicant *wpa_s)
2499 {
2500         return (((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2501                  (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SUPPORT_FILS)) ||
2502                 (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2503                  (wpa_s->drv_flags & WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD)));
2504 }
2505
2506
2507 int wpa_is_fils_sk_pfs_supported(struct wpa_supplicant *wpa_s)
2508 {
2509 #ifdef CONFIG_FILS_SK_PFS
2510         return (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2511                 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SUPPORT_FILS);
2512 #else /* CONFIG_FILS_SK_PFS */
2513         return 0;
2514 #endif /* CONFIG_FILS_SK_PFS */
2515 }
2516
2517 #endif /* CONFIG_FILS */
2518
2519
2520 static u8 * wpas_populate_assoc_ies(
2521         struct wpa_supplicant *wpa_s,
2522         struct wpa_bss *bss, struct wpa_ssid *ssid,
2523         struct wpa_driver_associate_params *params,
2524         enum wpa_drv_update_connect_params_mask *mask)
2525 {
2526         u8 *wpa_ie;
2527         size_t max_wpa_ie_len = 500;
2528         size_t wpa_ie_len;
2529         int algs = WPA_AUTH_ALG_OPEN;
2530 #ifdef CONFIG_MBO
2531         const u8 *mbo_ie;
2532 #endif
2533 #ifdef CONFIG_SAE
2534         int sae_pmksa_cached = 0;
2535 #endif /* CONFIG_SAE */
2536 #ifdef CONFIG_FILS
2537         const u8 *realm, *username, *rrk;
2538         size_t realm_len, username_len, rrk_len;
2539         u16 next_seq_num;
2540         struct fils_hlp_req *req;
2541
2542         dl_list_for_each(req, &wpa_s->fils_hlp_req, struct fils_hlp_req,
2543                          list) {
2544                 max_wpa_ie_len += 3 + 2 * ETH_ALEN + 6 + wpabuf_len(req->pkt) +
2545                                   2 + 2 * wpabuf_len(req->pkt) / 255;
2546         }
2547 #endif /* CONFIG_FILS */
2548
2549         wpa_ie = os_malloc(max_wpa_ie_len);
2550         if (!wpa_ie) {
2551                 wpa_printf(MSG_ERROR,
2552                            "Failed to allocate connect IE buffer for %lu bytes",
2553                            (unsigned long) max_wpa_ie_len);
2554                 return NULL;
2555         }
2556
2557         if (bss && (wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
2558                     wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
2559             wpa_key_mgmt_wpa(ssid->key_mgmt)) {
2560                 int try_opportunistic;
2561                 const u8 *cache_id = NULL;
2562
2563                 try_opportunistic = (ssid->proactive_key_caching < 0 ?
2564                                      wpa_s->conf->okc :
2565                                      ssid->proactive_key_caching) &&
2566                         (ssid->proto & WPA_PROTO_RSN);
2567 #ifdef CONFIG_FILS
2568                 if (wpa_key_mgmt_fils(ssid->key_mgmt))
2569                         cache_id = wpa_bss_get_fils_cache_id(bss);
2570 #endif /* CONFIG_FILS */
2571                 if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
2572                                             ssid, try_opportunistic,
2573                                             cache_id, 0) == 0) {
2574                         eapol_sm_notify_pmkid_attempt(wpa_s->eapol);
2575 #ifdef CONFIG_SAE
2576                         sae_pmksa_cached = 1;
2577 #endif /* CONFIG_SAE */
2578                 }
2579                 wpa_ie_len = max_wpa_ie_len;
2580                 if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
2581                                               wpa_ie, &wpa_ie_len)) {
2582                         wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
2583                                 "key management and encryption suites");
2584                         os_free(wpa_ie);
2585                         return NULL;
2586                 }
2587 #ifdef CONFIG_HS20
2588         } else if (bss && wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE) &&
2589                    (ssid->key_mgmt & WPA_KEY_MGMT_OSEN)) {
2590                 /* No PMKSA caching, but otherwise similar to RSN/WPA */
2591                 wpa_ie_len = max_wpa_ie_len;
2592                 if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
2593                                               wpa_ie, &wpa_ie_len)) {
2594                         wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
2595                                 "key management and encryption suites");
2596                         os_free(wpa_ie);
2597                         return NULL;
2598                 }
2599 #endif /* CONFIG_HS20 */
2600         } else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && bss &&
2601                    wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) {
2602                 /*
2603                  * Both WPA and non-WPA IEEE 802.1X enabled in configuration -
2604                  * use non-WPA since the scan results did not indicate that the
2605                  * AP is using WPA or WPA2.
2606                  */
2607                 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
2608                 wpa_ie_len = 0;
2609                 wpa_s->wpa_proto = 0;
2610         } else if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) {
2611                 wpa_ie_len = max_wpa_ie_len;
2612                 if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
2613                                               wpa_ie, &wpa_ie_len)) {
2614                         wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
2615                                 "key management and encryption suites (no "
2616                                 "scan results)");
2617                         os_free(wpa_ie);
2618                         return NULL;
2619                 }
2620 #ifdef CONFIG_WPS
2621         } else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
2622                 struct wpabuf *wps_ie;
2623                 wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
2624                 if (wps_ie && wpabuf_len(wps_ie) <= max_wpa_ie_len) {
2625                         wpa_ie_len = wpabuf_len(wps_ie);
2626                         os_memcpy(wpa_ie, wpabuf_head(wps_ie), wpa_ie_len);
2627                 } else
2628                         wpa_ie_len = 0;
2629                 wpabuf_free(wps_ie);
2630                 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
2631                 if (!bss || (bss->caps & IEEE80211_CAP_PRIVACY))
2632                         params->wps = WPS_MODE_PRIVACY;
2633                 else
2634                         params->wps = WPS_MODE_OPEN;
2635                 wpa_s->wpa_proto = 0;
2636 #endif /* CONFIG_WPS */
2637         } else {
2638                 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
2639                 wpa_ie_len = 0;
2640                 wpa_s->wpa_proto = 0;
2641         }
2642
2643 #ifdef IEEE8021X_EAPOL
2644         if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
2645                 if (ssid->leap) {
2646                         if (ssid->non_leap == 0)
2647                                 algs = WPA_AUTH_ALG_LEAP;
2648                         else
2649                                 algs |= WPA_AUTH_ALG_LEAP;
2650                 }
2651         }
2652
2653 #ifdef CONFIG_FILS
2654         /* Clear FILS association */
2655         wpa_sm_set_reset_fils_completed(wpa_s->wpa, 0);
2656
2657         if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD) &&
2658             ssid->eap.erp && wpa_key_mgmt_fils(wpa_s->key_mgmt) &&
2659             eapol_sm_get_erp_info(wpa_s->eapol, &ssid->eap, &username,
2660                                   &username_len, &realm, &realm_len,
2661                                   &next_seq_num, &rrk, &rrk_len) == 0 &&
2662             (!wpa_s->last_con_fail_realm ||
2663              wpa_s->last_con_fail_realm_len != realm_len ||
2664              os_memcmp(wpa_s->last_con_fail_realm, realm, realm_len) != 0)) {
2665                 algs = WPA_AUTH_ALG_FILS;
2666                 params->fils_erp_username = username;
2667                 params->fils_erp_username_len = username_len;
2668                 params->fils_erp_realm = realm;
2669                 params->fils_erp_realm_len = realm_len;
2670                 params->fils_erp_next_seq_num = next_seq_num;
2671                 params->fils_erp_rrk = rrk;
2672                 params->fils_erp_rrk_len = rrk_len;
2673
2674                 if (mask)
2675                         *mask |= WPA_DRV_UPDATE_FILS_ERP_INFO;
2676         }
2677 #endif /* CONFIG_FILS */
2678 #endif /* IEEE8021X_EAPOL */
2679 #ifdef CONFIG_SAE
2680         if (wpa_s->key_mgmt & (WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE))
2681                 algs = WPA_AUTH_ALG_SAE;
2682 #endif /* CONFIG_SAE */
2683
2684         wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
2685         if (ssid->auth_alg) {
2686                 algs = ssid->auth_alg;
2687                 wpa_dbg(wpa_s, MSG_DEBUG,
2688                         "Overriding auth_alg selection: 0x%x", algs);
2689         }
2690
2691 #ifdef CONFIG_SAE
2692         if (sae_pmksa_cached && algs == WPA_AUTH_ALG_SAE) {
2693                 wpa_dbg(wpa_s, MSG_DEBUG,
2694                         "SAE: Use WPA_AUTH_ALG_OPEN for PMKSA caching attempt");
2695                 algs = WPA_AUTH_ALG_OPEN;
2696         }
2697 #endif /* CONFIG_SAE */
2698
2699 #ifdef CONFIG_P2P
2700         if (wpa_s->global->p2p) {
2701                 u8 *pos;
2702                 size_t len;
2703                 int res;
2704                 pos = wpa_ie + wpa_ie_len;
2705                 len = max_wpa_ie_len - wpa_ie_len;
2706                 res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len,
2707                                             ssid->p2p_group);
2708                 if (res >= 0)
2709                         wpa_ie_len += res;
2710         }
2711
2712         wpa_s->cross_connect_disallowed = 0;
2713         if (bss) {
2714                 struct wpabuf *p2p;
2715                 p2p = wpa_bss_get_vendor_ie_multi(bss, P2P_IE_VENDOR_TYPE);
2716                 if (p2p) {
2717                         wpa_s->cross_connect_disallowed =
2718                                 p2p_get_cross_connect_disallowed(p2p);
2719                         wpabuf_free(p2p);
2720                         wpa_dbg(wpa_s, MSG_DEBUG, "P2P: WLAN AP %s cross "
2721                                 "connection",
2722                                 wpa_s->cross_connect_disallowed ?
2723                                 "disallows" : "allows");
2724                 }
2725         }
2726
2727         os_memset(wpa_s->p2p_ip_addr_info, 0, sizeof(wpa_s->p2p_ip_addr_info));
2728 #endif /* CONFIG_P2P */
2729
2730         if (bss) {
2731                 wpa_ie_len += wpas_supp_op_class_ie(wpa_s, ssid, bss->freq,
2732                                                     wpa_ie + wpa_ie_len,
2733                                                     max_wpa_ie_len -
2734                                                     wpa_ie_len);
2735         }
2736
2737         /*
2738          * Workaround: Add Extended Capabilities element only if the AP
2739          * included this element in Beacon/Probe Response frames. Some older
2740          * APs seem to have interoperability issues if this element is
2741          * included, so while the standard may require us to include the
2742          * element in all cases, it is justifiable to skip it to avoid
2743          * interoperability issues.
2744          */
2745         if (ssid->p2p_group)
2746                 wpa_drv_get_ext_capa(wpa_s, WPA_IF_P2P_CLIENT);
2747         else
2748                 wpa_drv_get_ext_capa(wpa_s, WPA_IF_STATION);
2749
2750         if (!bss || wpa_bss_get_ie(bss, WLAN_EID_EXT_CAPAB)) {
2751                 u8 ext_capab[18];
2752                 int ext_capab_len;
2753                 ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab,
2754                                                      sizeof(ext_capab));
2755                 if (ext_capab_len > 0 &&
2756                     wpa_ie_len + ext_capab_len <= max_wpa_ie_len) {
2757                         u8 *pos = wpa_ie;
2758                         if (wpa_ie_len > 0 && pos[0] == WLAN_EID_RSN)
2759                                 pos += 2 + pos[1];
2760                         os_memmove(pos + ext_capab_len, pos,
2761                                    wpa_ie_len - (pos - wpa_ie));
2762                         wpa_ie_len += ext_capab_len;
2763                         os_memcpy(pos, ext_capab, ext_capab_len);
2764                 }
2765         }
2766
2767 #ifdef CONFIG_HS20
2768         if (is_hs20_network(wpa_s, ssid, bss)) {
2769                 struct wpabuf *hs20;
2770
2771                 hs20 = wpabuf_alloc(20 + MAX_ROAMING_CONS_OI_LEN);
2772                 if (hs20) {
2773                         int pps_mo_id = hs20_get_pps_mo_id(wpa_s, ssid);
2774                         size_t len;
2775
2776                         wpas_hs20_add_indication(hs20, pps_mo_id,
2777                                                  get_hs20_version(bss));
2778                         wpas_hs20_add_roam_cons_sel(hs20, ssid);
2779                         len = max_wpa_ie_len - wpa_ie_len;
2780                         if (wpabuf_len(hs20) <= len) {
2781                                 os_memcpy(wpa_ie + wpa_ie_len,
2782                                           wpabuf_head(hs20), wpabuf_len(hs20));
2783                                 wpa_ie_len += wpabuf_len(hs20);
2784                         }
2785                         wpabuf_free(hs20);
2786
2787                         hs20_configure_frame_filters(wpa_s);
2788                 }
2789         }
2790 #endif /* CONFIG_HS20 */
2791
2792         if (wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ]) {
2793                 struct wpabuf *buf = wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ];
2794                 size_t len;
2795
2796                 len = max_wpa_ie_len - wpa_ie_len;
2797                 if (wpabuf_len(buf) <= len) {
2798                         os_memcpy(wpa_ie + wpa_ie_len,
2799                                   wpabuf_head(buf), wpabuf_len(buf));
2800                         wpa_ie_len += wpabuf_len(buf);
2801                 }
2802         }
2803
2804 #ifdef CONFIG_FST
2805         if (wpa_s->fst_ies) {
2806                 int fst_ies_len = wpabuf_len(wpa_s->fst_ies);
2807
2808                 if (wpa_ie_len + fst_ies_len <= max_wpa_ie_len) {
2809                         os_memcpy(wpa_ie + wpa_ie_len,
2810                                   wpabuf_head(wpa_s->fst_ies), fst_ies_len);
2811                         wpa_ie_len += fst_ies_len;
2812                 }
2813         }
2814 #endif /* CONFIG_FST */
2815
2816 #ifdef CONFIG_MBO
2817         mbo_ie = bss ? wpa_bss_get_vendor_ie(bss, MBO_IE_VENDOR_TYPE) : NULL;
2818         if (mbo_ie) {
2819                 int len;
2820
2821                 len = wpas_mbo_ie(wpa_s, wpa_ie + wpa_ie_len,
2822                                   max_wpa_ie_len - wpa_ie_len,
2823                                   !!mbo_attr_from_mbo_ie(mbo_ie,
2824                                                          OCE_ATTR_ID_CAPA_IND));
2825                 if (len >= 0)
2826                         wpa_ie_len += len;
2827         }
2828 #endif /* CONFIG_MBO */
2829
2830 #ifdef CONFIG_FILS
2831         if (algs == WPA_AUTH_ALG_FILS) {
2832                 size_t len;
2833
2834                 len = wpas_add_fils_hlp_req(wpa_s, wpa_ie + wpa_ie_len,
2835                                             max_wpa_ie_len - wpa_ie_len);
2836                 wpa_ie_len += len;
2837         }
2838 #endif /* CONFIG_FILS */
2839
2840 #ifdef CONFIG_OWE
2841 #ifdef CONFIG_TESTING_OPTIONS
2842         if (get_ie_ext(wpa_ie, wpa_ie_len, WLAN_EID_EXT_OWE_DH_PARAM)) {
2843                 wpa_printf(MSG_INFO, "TESTING: Override OWE DH element");
2844         } else
2845 #endif /* CONFIG_TESTING_OPTIONS */
2846         if (algs == WPA_AUTH_ALG_OPEN &&
2847             ssid->key_mgmt == WPA_KEY_MGMT_OWE) {
2848                 struct wpabuf *owe_ie;
2849                 u16 group;
2850
2851                 if (ssid->owe_group) {
2852                         group = ssid->owe_group;
2853                 } else if (wpa_s->assoc_status_code ==
2854                            WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED) {
2855                         if (wpa_s->last_owe_group == 19)
2856                                 group = 20;
2857                         else if (wpa_s->last_owe_group == 20)
2858                                 group = 21;
2859                         else
2860                                 group = OWE_DH_GROUP;
2861                 } else {
2862                         group = OWE_DH_GROUP;
2863                 }
2864
2865                 wpa_s->last_owe_group = group;
2866                 wpa_printf(MSG_DEBUG, "OWE: Try to use group %u", group);
2867                 owe_ie = owe_build_assoc_req(wpa_s->wpa, group);
2868                 if (owe_ie &&
2869                     wpabuf_len(owe_ie) <= max_wpa_ie_len - wpa_ie_len) {
2870                         os_memcpy(wpa_ie + wpa_ie_len,
2871                                   wpabuf_head(owe_ie), wpabuf_len(owe_ie));
2872                         wpa_ie_len += wpabuf_len(owe_ie);
2873                 }
2874                 wpabuf_free(owe_ie);
2875         }
2876 #endif /* CONFIG_OWE */
2877
2878 #ifdef CONFIG_DPP2
2879         if (wpa_sm_get_key_mgmt(wpa_s->wpa) == WPA_KEY_MGMT_DPP &&
2880             ssid->dpp_netaccesskey) {
2881                 dpp_pfs_free(wpa_s->dpp_pfs);
2882                 wpa_s->dpp_pfs = dpp_pfs_init(ssid->dpp_netaccesskey,
2883                                               ssid->dpp_netaccesskey_len);
2884                 if (!wpa_s->dpp_pfs) {
2885                         wpa_printf(MSG_DEBUG, "DPP: Could not initialize PFS");
2886                         /* Try to continue without PFS */
2887                         goto pfs_fail;
2888                 }
2889                 if (wpabuf_len(wpa_s->dpp_pfs->ie) <=
2890                     max_wpa_ie_len - wpa_ie_len) {
2891                         os_memcpy(wpa_ie + wpa_ie_len,
2892                                   wpabuf_head(wpa_s->dpp_pfs->ie),
2893                                   wpabuf_len(wpa_s->dpp_pfs->ie));
2894                         wpa_ie_len += wpabuf_len(wpa_s->dpp_pfs->ie);
2895                 }
2896         }
2897 pfs_fail:
2898 #endif /* CONFIG_DPP2 */
2899
2900 #ifdef CONFIG_IEEE80211R
2901         /*
2902          * Add MDIE under these conditions: the network profile allows FT,
2903          * the AP supports FT, and the mobility domain ID matches.
2904          */
2905         if (bss && wpa_key_mgmt_ft(wpa_sm_get_key_mgmt(wpa_s->wpa))) {
2906                 const u8 *mdie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
2907
2908                 if (mdie && mdie[1] >= MOBILITY_DOMAIN_ID_LEN) {
2909                         size_t len = 0;
2910                         const u8 *md = mdie + 2;
2911                         const u8 *wpa_md = wpa_sm_get_ft_md(wpa_s->wpa);
2912
2913                         if (os_memcmp(md, wpa_md,
2914                                       MOBILITY_DOMAIN_ID_LEN) == 0) {
2915                                 /* Add mobility domain IE */
2916                                 len = wpa_ft_add_mdie(
2917                                         wpa_s->wpa, wpa_ie + wpa_ie_len,
2918                                         max_wpa_ie_len - wpa_ie_len, mdie);
2919                                 wpa_ie_len += len;
2920                         }
2921 #ifdef CONFIG_SME
2922                         if (len > 0 && wpa_s->sme.ft_used &&
2923                             wpa_sm_has_ptk(wpa_s->wpa)) {
2924                                 wpa_dbg(wpa_s, MSG_DEBUG,
2925                                         "SME: Trying to use FT over-the-air");
2926                                 algs |= WPA_AUTH_ALG_FT;
2927                         }
2928 #endif /* CONFIG_SME */
2929                 }
2930         }
2931 #endif /* CONFIG_IEEE80211R */
2932
2933         if (ssid->multi_ap_backhaul_sta) {
2934                 size_t multi_ap_ie_len;
2935
2936                 multi_ap_ie_len = add_multi_ap_ie(wpa_ie + wpa_ie_len,
2937                                                   max_wpa_ie_len - wpa_ie_len,
2938                                                   MULTI_AP_BACKHAUL_STA);
2939                 if (multi_ap_ie_len == 0) {
2940                         wpa_printf(MSG_ERROR,
2941                                    "Multi-AP: Failed to build Multi-AP IE");
2942                         os_free(wpa_ie);
2943                         return NULL;
2944                 }
2945                 wpa_ie_len += multi_ap_ie_len;
2946         }
2947
2948         params->wpa_ie = wpa_ie;
2949         params->wpa_ie_len = wpa_ie_len;
2950         params->auth_alg = algs;
2951         if (mask)
2952                 *mask |= WPA_DRV_UPDATE_ASSOC_IES | WPA_DRV_UPDATE_AUTH_TYPE;
2953
2954         return wpa_ie;
2955 }
2956
2957
2958 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
2959 static void wpas_update_fils_connect_params(struct wpa_supplicant *wpa_s)
2960 {
2961         struct wpa_driver_associate_params params;
2962         enum wpa_drv_update_connect_params_mask mask = 0;
2963         u8 *wpa_ie;
2964
2965         if (wpa_s->auth_alg != WPA_AUTH_ALG_OPEN)
2966                 return; /* nothing to do */
2967
2968         os_memset(&params, 0, sizeof(params));
2969         wpa_ie = wpas_populate_assoc_ies(wpa_s, wpa_s->current_bss,
2970                                          wpa_s->current_ssid, &params, &mask);
2971         if (!wpa_ie)
2972                 return;
2973
2974         if (params.auth_alg != WPA_AUTH_ALG_FILS) {
2975                 os_free(wpa_ie);
2976                 return;
2977         }
2978
2979         wpa_s->auth_alg = params.auth_alg;
2980         wpa_drv_update_connect_params(wpa_s, &params, mask);
2981         os_free(wpa_ie);
2982 }
2983 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
2984
2985
2986 #ifdef CONFIG_MBO
2987 void wpas_update_mbo_connect_params(struct wpa_supplicant *wpa_s)
2988 {
2989         struct wpa_driver_associate_params params;
2990         u8 *wpa_ie;
2991
2992         /*
2993          * Update MBO connect params only in case of change of MBO attributes
2994          * when connected, if the AP support MBO.
2995          */
2996
2997         if (wpa_s->wpa_state != WPA_COMPLETED || !wpa_s->current_ssid ||
2998             !wpa_s->current_bss ||
2999             !wpa_bss_get_vendor_ie(wpa_s->current_bss, MBO_IE_VENDOR_TYPE))
3000                 return;
3001
3002         os_memset(&params, 0, sizeof(params));
3003         wpa_ie = wpas_populate_assoc_ies(wpa_s, wpa_s->current_bss,
3004                                          wpa_s->current_ssid, &params, NULL);
3005         if (!wpa_ie)
3006                 return;
3007
3008         wpa_drv_update_connect_params(wpa_s, &params, WPA_DRV_UPDATE_ASSOC_IES);
3009         os_free(wpa_ie);
3010 }
3011 #endif /* CONFIG_MBO */
3012
3013
3014 static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
3015 {
3016         struct wpa_connect_work *cwork = work->ctx;
3017         struct wpa_bss *bss = cwork->bss;
3018         struct wpa_ssid *ssid = cwork->ssid;
3019         struct wpa_supplicant *wpa_s = work->wpa_s;
3020         u8 *wpa_ie;
3021         int use_crypt, ret, i, bssid_changed;
3022         unsigned int cipher_pairwise, cipher_group, cipher_group_mgmt;
3023         struct wpa_driver_associate_params params;
3024         int wep_keys_set = 0;
3025         int assoc_failed = 0;
3026         struct wpa_ssid *old_ssid;
3027         u8 prev_bssid[ETH_ALEN];
3028 #ifdef CONFIG_HT_OVERRIDES
3029         struct ieee80211_ht_capabilities htcaps;
3030         struct ieee80211_ht_capabilities htcaps_mask;
3031 #endif /* CONFIG_HT_OVERRIDES */
3032 #ifdef CONFIG_VHT_OVERRIDES
3033        struct ieee80211_vht_capabilities vhtcaps;
3034        struct ieee80211_vht_capabilities vhtcaps_mask;
3035 #endif /* CONFIG_VHT_OVERRIDES */
3036
3037         if (deinit) {
3038                 if (work->started) {
3039                         wpa_s->connect_work = NULL;
3040
3041                         /* cancel possible auth. timeout */
3042                         eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s,
3043                                              NULL);
3044                 }
3045                 wpas_connect_work_free(cwork);
3046                 return;
3047         }
3048
3049         wpa_s->connect_work = work;
3050
3051         if (cwork->bss_removed || !wpas_valid_bss_ssid(wpa_s, bss, ssid) ||
3052             wpas_network_disabled(wpa_s, ssid)) {
3053                 wpa_dbg(wpa_s, MSG_DEBUG, "BSS/SSID entry for association not valid anymore - drop connection attempt");
3054                 wpas_connect_work_done(wpa_s);
3055                 return;
3056         }
3057
3058         os_memcpy(prev_bssid, wpa_s->bssid, ETH_ALEN);
3059         os_memset(&params, 0, sizeof(params));
3060         wpa_s->reassociate = 0;
3061         wpa_s->eap_expected_failure = 0;
3062         if (bss &&
3063             (!wpas_driver_bss_selection(wpa_s) || wpas_wps_searching(wpa_s))) {
3064 #ifdef CONFIG_IEEE80211R
3065                 const u8 *ie, *md = NULL;
3066 #endif /* CONFIG_IEEE80211R */
3067                 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
3068                         " (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
3069                         wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
3070                 bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
3071                 os_memset(wpa_s->bssid, 0, ETH_ALEN);
3072                 os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
3073                 if (bssid_changed)
3074                         wpas_notify_bssid_changed(wpa_s);
3075 #ifdef CONFIG_IEEE80211R
3076                 ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
3077                 if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
3078                         md = ie + 2;
3079                 wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
3080                 if (md) {
3081                         /* Prepare for the next transition */
3082                         wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
3083                 }
3084 #endif /* CONFIG_IEEE80211R */
3085 #ifdef CONFIG_WPS
3086         } else if ((ssid->ssid == NULL || ssid->ssid_len == 0) &&
3087                    wpa_s->conf->ap_scan == 2 &&
3088                    (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
3089                 /* Use ap_scan==1 style network selection to find the network
3090                  */
3091                 wpas_connect_work_done(wpa_s);
3092                 wpa_s->scan_req = MANUAL_SCAN_REQ;
3093                 wpa_s->reassociate = 1;
3094                 wpa_supplicant_req_scan(wpa_s, 0, 0);
3095                 return;
3096 #endif /* CONFIG_WPS */
3097         } else {
3098                 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
3099                         wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
3100                 if (bss)
3101                         os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
3102                 else
3103                         os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
3104         }
3105         if (!wpa_s->pno)
3106                 wpa_supplicant_cancel_sched_scan(wpa_s);
3107
3108         wpa_supplicant_cancel_scan(wpa_s);
3109
3110         /* Starting new association, so clear the possibly used WPA IE from the
3111          * previous association. */
3112         wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
3113
3114         wpa_ie = wpas_populate_assoc_ies(wpa_s, bss, ssid, &params, NULL);
3115         if (!wpa_ie) {
3116                 wpas_connect_work_done(wpa_s);
3117                 return;
3118         }
3119
3120         wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
3121         use_crypt = 1;
3122         cipher_pairwise = wpa_s->pairwise_cipher;
3123         cipher_group = wpa_s->group_cipher;
3124         cipher_group_mgmt = wpa_s->mgmt_group_cipher;
3125         if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
3126             wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
3127                 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
3128                         use_crypt = 0;
3129                 if (wpa_set_wep_keys(wpa_s, ssid)) {
3130                         use_crypt = 1;
3131                         wep_keys_set = 1;
3132                 }
3133         }
3134         if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS)
3135                 use_crypt = 0;
3136
3137 #ifdef IEEE8021X_EAPOL
3138         if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
3139                 if ((ssid->eapol_flags &
3140                      (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
3141                       EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
3142                     !wep_keys_set) {
3143                         use_crypt = 0;
3144                 } else {
3145                         /* Assume that dynamic WEP-104 keys will be used and
3146                          * set cipher suites in order for drivers to expect
3147                          * encryption. */
3148                         cipher_pairwise = cipher_group = WPA_CIPHER_WEP104;
3149                 }
3150         }
3151 #endif /* IEEE8021X_EAPOL */
3152
3153         if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
3154                 /* Set the key before (and later after) association */
3155                 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
3156         }
3157
3158         wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
3159         if (bss) {
3160                 params.ssid = bss->ssid;
3161                 params.ssid_len = bss->ssid_len;
3162                 if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set ||
3163                     wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
3164                         wpa_printf(MSG_DEBUG, "Limit connection to BSSID "
3165                                    MACSTR " freq=%u MHz based on scan results "
3166                                    "(bssid_set=%d wps=%d)",
3167                                    MAC2STR(bss->bssid), bss->freq,
3168                                    ssid->bssid_set,
3169                                    wpa_s->key_mgmt == WPA_KEY_MGMT_WPS);
3170                         params.bssid = bss->bssid;
3171                         params.freq.freq = bss->freq;
3172                 }
3173                 params.bssid_hint = bss->bssid;
3174                 params.freq_hint = bss->freq;
3175                 params.pbss = bss_is_pbss(bss);
3176         } else {
3177                 if (ssid->bssid_hint_set)
3178                         params.bssid_hint = ssid->bssid_hint;
3179
3180                 params.ssid = ssid->ssid;
3181                 params.ssid_len = ssid->ssid_len;
3182                 params.pbss = (ssid->pbss != 2) ? ssid->pbss : 0;
3183         }
3184
3185         if (ssid->mode == WPAS_MODE_IBSS && ssid->bssid_set &&
3186             wpa_s->conf->ap_scan == 2) {
3187                 params.bssid = ssid->bssid;
3188                 params.fixed_bssid = 1;
3189         }
3190
3191         /* Initial frequency for IBSS/mesh */
3192         if ((ssid->mode == WPAS_MODE_IBSS || ssid->mode == WPAS_MODE_MESH) &&
3193             ssid->frequency > 0 && params.freq.freq == 0)
3194                 ibss_mesh_setup_freq(wpa_s, ssid, &params.freq);
3195
3196         if (ssid->mode == WPAS_MODE_IBSS) {
3197                 params.fixed_freq = ssid->fixed_freq;
3198                 if (ssid->beacon_int)
3199                         params.beacon_int = ssid->beacon_int;
3200                 else
3201                         params.beacon_int = wpa_s->conf->beacon_int;
3202         }
3203
3204         params.pairwise_suite = cipher_pairwise;
3205         params.group_suite = cipher_group;
3206         params.mgmt_group_suite = cipher_group_mgmt;
3207         params.key_mgmt_suite = wpa_s->key_mgmt;
3208         params.wpa_proto = wpa_s->wpa_proto;
3209         wpa_s->auth_alg = params.auth_alg;
3210         params.mode = ssid->mode;
3211         params.bg_scan_period = ssid->bg_scan_period;
3212         for (i = 0; i < NUM_WEP_KEYS; i++) {
3213                 if (ssid->wep_key_len[i])
3214                         params.wep_key[i] = ssid->wep_key[i];
3215                 params.wep_key_len[i] = ssid->wep_key_len[i];
3216         }
3217         params.wep_tx_keyidx = ssid->wep_tx_keyidx;
3218
3219         if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) &&
3220             (params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
3221              params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK)) {
3222                 params.passphrase = ssid->passphrase;
3223                 if (ssid->psk_set)
3224                         params.psk = ssid->psk;
3225         }
3226
3227         if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X) &&
3228             (params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
3229              params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
3230              params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
3231              params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192))
3232                 params.req_handshake_offload = 1;
3233
3234         if (wpa_s->conf->key_mgmt_offload) {
3235                 if (params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
3236                     params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
3237                     params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
3238                     params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
3239                         params.req_key_mgmt_offload =
3240                                 ssid->proactive_key_caching < 0 ?
3241                                 wpa_s->conf->okc : ssid->proactive_key_caching;
3242                 else
3243                         params.req_key_mgmt_offload = 1;
3244
3245                 if ((params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
3246                      params.key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256 ||
3247                      params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK) &&
3248                     ssid->psk_set)
3249                         params.psk = ssid->psk;
3250         }
3251
3252         params.drop_unencrypted = use_crypt;
3253
3254 #ifdef CONFIG_IEEE80211W
3255         params.mgmt_frame_protection = wpas_get_ssid_pmf(wpa_s, ssid);
3256         if (params.mgmt_frame_protection != NO_MGMT_FRAME_PROTECTION && bss) {
3257                 const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
3258                 struct wpa_ie_data ie;
3259                 if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ie) == 0 &&
3260                     ie.capabilities &
3261                     (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
3262                         wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected AP supports "
3263                                 "MFP: require MFP");
3264                         params.mgmt_frame_protection =
3265                                 MGMT_FRAME_PROTECTION_REQUIRED;
3266 #ifdef CONFIG_OWE
3267                 } else if (!rsn && (ssid->key_mgmt & WPA_KEY_MGMT_OWE) &&
3268                            !ssid->owe_only) {
3269                         params.mgmt_frame_protection = NO_MGMT_FRAME_PROTECTION;
3270 #endif /* CONFIG_OWE */
3271                 }
3272         }
3273 #endif /* CONFIG_IEEE80211W */
3274
3275         params.p2p = ssid->p2p_group;
3276
3277         if (wpa_s->p2pdev->set_sta_uapsd)
3278                 params.uapsd = wpa_s->p2pdev->sta_uapsd;
3279         else
3280                 params.uapsd = -1;
3281
3282 #ifdef CONFIG_HT_OVERRIDES
3283         os_memset(&htcaps, 0, sizeof(htcaps));
3284         os_memset(&htcaps_mask, 0, sizeof(htcaps_mask));
3285         params.htcaps = (u8 *) &htcaps;
3286         params.htcaps_mask = (u8 *) &htcaps_mask;
3287         wpa_supplicant_apply_ht_overrides(wpa_s, ssid, &params);
3288 #endif /* CONFIG_HT_OVERRIDES */
3289 #ifdef CONFIG_VHT_OVERRIDES
3290         os_memset(&vhtcaps, 0, sizeof(vhtcaps));
3291         os_memset(&vhtcaps_mask, 0, sizeof(vhtcaps_mask));
3292         params.vhtcaps = &vhtcaps;
3293         params.vhtcaps_mask = &vhtcaps_mask;
3294         wpa_supplicant_apply_vht_overrides(wpa_s, ssid, &params);
3295 #endif /* CONFIG_VHT_OVERRIDES */
3296
3297 #ifdef CONFIG_P2P
3298         /*
3299          * If multi-channel concurrency is not supported, check for any
3300          * frequency conflict. In case of any frequency conflict, remove the
3301          * least prioritized connection.
3302          */
3303         if (wpa_s->num_multichan_concurrent < 2) {
3304                 int freq, num;
3305                 num = get_shared_radio_freqs(wpa_s, &freq, 1);
3306                 if (num > 0 && freq > 0 && freq != params.freq.freq) {
3307                         wpa_printf(MSG_DEBUG,
3308                                    "Assoc conflicting freq found (%d != %d)",
3309                                    freq, params.freq.freq);
3310                         if (wpas_p2p_handle_frequency_conflicts(
3311                                     wpa_s, params.freq.freq, ssid) < 0) {
3312                                 wpas_connect_work_done(wpa_s);
3313                                 os_free(wpa_ie);
3314                                 return;
3315                         }
3316                 }
3317         }
3318 #endif /* CONFIG_P2P */
3319
3320         if (wpa_s->reassoc_same_ess && !is_zero_ether_addr(prev_bssid) &&
3321             wpa_s->current_ssid)
3322                 params.prev_bssid = prev_bssid;
3323
3324         ret = wpa_drv_associate(wpa_s, &params);
3325         os_free(wpa_ie);
3326         if (ret < 0) {
3327                 wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
3328                         "failed");
3329                 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SANE_ERROR_CODES) {
3330                         /*
3331                          * The driver is known to mean what is saying, so we
3332                          * can stop right here; the association will not
3333                          * succeed.
3334                          */
3335                         wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
3336                         wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
3337                         os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
3338                         return;
3339                 }
3340                 /* try to continue anyway; new association will be tried again
3341                  * after timeout */
3342                 assoc_failed = 1;
3343         }
3344
3345         if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
3346                 /* Set the key after the association just in case association
3347                  * cleared the previously configured key. */
3348                 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
3349                 /* No need to timeout authentication since there is no key
3350                  * management. */
3351                 wpa_supplicant_cancel_auth_timeout(wpa_s);
3352                 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
3353 #ifdef CONFIG_IBSS_RSN
3354         } else if (ssid->mode == WPAS_MODE_IBSS &&
3355                    wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
3356                    wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
3357                 /*
3358                  * RSN IBSS authentication is per-STA and we can disable the
3359                  * per-BSSID authentication.
3360                  */
3361                 wpa_supplicant_cancel_auth_timeout(wpa_s);
3362 #endif /* CONFIG_IBSS_RSN */
3363         } else {
3364                 /* Timeout for IEEE 802.11 authentication and association */
3365                 int timeout = 60;
3366
3367                 if (assoc_failed) {
3368                         /* give IBSS a bit more time */
3369                         timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5;
3370                 } else if (wpa_s->conf->ap_scan == 1) {
3371                         /* give IBSS a bit more time */
3372                         timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
3373                 }
3374                 wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
3375         }
3376
3377         if (wep_keys_set &&
3378             (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC)) {
3379                 /* Set static WEP keys again */
3380                 wpa_set_wep_keys(wpa_s, ssid);
3381         }
3382
3383         if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
3384                 /*
3385                  * Do not allow EAP session resumption between different
3386                  * network configurations.
3387                  */
3388                 eapol_sm_invalidate_cached_session(wpa_s->eapol);
3389         }
3390         old_ssid = wpa_s->current_ssid;
3391         wpa_s->current_ssid = ssid;
3392
3393         if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set) {
3394                 wpa_s->current_bss = bss;
3395 #ifdef CONFIG_HS20
3396                 hs20_configure_frame_filters(wpa_s);
3397 #endif /* CONFIG_HS20 */
3398         }
3399
3400         wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
3401         wpa_supplicant_initiate_eapol(wpa_s);
3402         if (old_ssid != wpa_s->current_ssid)
3403                 wpas_notify_network_changed(wpa_s);
3404 }
3405
3406
3407 static void wpa_supplicant_clear_connection(struct wpa_supplicant *wpa_s,
3408                                             const u8 *addr)
3409 {
3410         struct wpa_ssid *old_ssid;
3411
3412         wpas_connect_work_done(wpa_s);
3413         wpa_clear_keys(wpa_s, addr);
3414         old_ssid = wpa_s->current_ssid;
3415         wpa_supplicant_mark_disassoc(wpa_s);
3416         wpa_sm_set_config(wpa_s->wpa, NULL);
3417         eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
3418         if (old_ssid != wpa_s->current_ssid)
3419                 wpas_notify_network_changed(wpa_s);
3420         eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
3421 }
3422
3423
3424 /**
3425  * wpa_supplicant_deauthenticate - Deauthenticate the current connection
3426  * @wpa_s: Pointer to wpa_supplicant data
3427  * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
3428  *
3429  * This function is used to request %wpa_supplicant to deauthenticate from the
3430  * current AP.
3431  */
3432 void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
3433                                    u16 reason_code)
3434 {
3435         u8 *addr = NULL;
3436         union wpa_event_data event;
3437         int zero_addr = 0;
3438
3439         wpa_dbg(wpa_s, MSG_DEBUG, "Request to deauthenticate - bssid=" MACSTR
3440                 " pending_bssid=" MACSTR " reason=%d (%s) state=%s",
3441                 MAC2STR(wpa_s->bssid), MAC2STR(wpa_s->pending_bssid),
3442                 reason_code, reason2str(reason_code),
3443                 wpa_supplicant_state_txt(wpa_s->wpa_state));
3444
3445         if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
3446             (wpa_s->wpa_state == WPA_AUTHENTICATING ||
3447              wpa_s->wpa_state == WPA_ASSOCIATING))
3448                 addr = wpa_s->pending_bssid;
3449         else if (!is_zero_ether_addr(wpa_s->bssid))
3450                 addr = wpa_s->bssid;
3451         else if (wpa_s->wpa_state == WPA_ASSOCIATING) {
3452                 /*
3453                  * When using driver-based BSS selection, we may not know the
3454                  * BSSID with which we are currently trying to associate. We
3455                  * need to notify the driver of this disconnection even in such
3456                  * a case, so use the all zeros address here.
3457                  */
3458                 addr = wpa_s->bssid;
3459                 zero_addr = 1;
3460         }
3461
3462         if (wpa_s->enabled_4addr_mode && wpa_drv_set_4addr_mode(wpa_s, 0) == 0)
3463                 wpa_s->enabled_4addr_mode = 0;
3464
3465 #ifdef CONFIG_TDLS
3466         wpa_tdls_teardown_peers(wpa_s->wpa);
3467 #endif /* CONFIG_TDLS */
3468
3469 #ifdef CONFIG_MESH
3470         if (wpa_s->ifmsh) {
3471                 struct mesh_conf *mconf;
3472
3473                 mconf = wpa_s->ifmsh->mconf;
3474                 wpa_msg(wpa_s, MSG_INFO, MESH_GROUP_REMOVED "%s",
3475                         wpa_s->ifname);
3476                 wpas_notify_mesh_group_removed(wpa_s, mconf->meshid,
3477                                                mconf->meshid_len, reason_code);
3478                 wpa_supplicant_leave_mesh(wpa_s);
3479         }
3480 #endif /* CONFIG_MESH */
3481
3482         if (addr) {
3483                 wpa_drv_deauthenticate(wpa_s, addr, reason_code);
3484                 os_memset(&event, 0, sizeof(event));
3485                 event.deauth_info.reason_code = reason_code;