1 /* 2 * WPA Supplicant - Glue code to setup EAPOL and RSN modules 3 * Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "includes.h" 10 11 #include "common.h" 12 #include "eapol_supp/eapol_supp_sm.h" 13 #include "eap_peer/eap.h" 14 #include "rsn_supp/wpa.h" 15 #include "eloop.h" 16 #include "config.h" 17 #include "l2_packet/l2_packet.h" 18 #include "common/wpa_common.h" 19 #include "common/ptksa_cache.h" 20 #include "wpa_supplicant_i.h" 21 #include "driver_i.h" 22 #include "rsn_supp/pmksa_cache.h" 23 #include "sme.h" 24 #include "common/ieee802_11_defs.h" 25 #include "common/wpa_ctrl.h" 26 #include "wpas_glue.h" 27 #include "wps_supplicant.h" 28 #include "bss.h" 29 #include "scan.h" 30 #include "notify.h" 31 #include "wpas_kay.h" 32 33 34 #ifndef CONFIG_NO_CONFIG_BLOBS 35 #if defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA) wpa_supplicant_set_config_blob(void * ctx,struct wpa_config_blob * blob)36 static void wpa_supplicant_set_config_blob(void *ctx, 37 struct wpa_config_blob *blob) 38 { 39 struct wpa_supplicant *wpa_s = ctx; 40 wpa_config_set_blob(wpa_s->conf, blob); 41 if (wpa_s->conf->update_config) { 42 int ret = wpa_config_write(wpa_s->confname, wpa_s->conf); 43 if (ret) { 44 wpa_printf(MSG_DEBUG, "Failed to update config after " 45 "blob set"); 46 } 47 } 48 } 49 50 51 static const struct wpa_config_blob * wpa_supplicant_get_config_blob(void * ctx,const char * name)52 wpa_supplicant_get_config_blob(void *ctx, const char *name) 53 { 54 struct wpa_supplicant *wpa_s = ctx; 55 return wpa_config_get_blob(wpa_s->conf, name); 56 } 57 #endif /* defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA) */ 58 #endif /* CONFIG_NO_CONFIG_BLOBS */ 59 60 61 #if defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA) wpa_alloc_eapol(const struct wpa_supplicant * wpa_s,u8 type,const void * data,u16 data_len,size_t * msg_len,void ** data_pos)62 static u8 * wpa_alloc_eapol(const struct wpa_supplicant *wpa_s, u8 type, 63 const void *data, u16 data_len, 64 size_t *msg_len, void **data_pos) 65 { 66 struct ieee802_1x_hdr *hdr; 67 68 *msg_len = sizeof(*hdr) + data_len; 69 hdr = os_malloc(*msg_len); 70 if (hdr == NULL) 71 return NULL; 72 73 hdr->version = wpa_s->conf->eapol_version; 74 hdr->type = type; 75 hdr->length = host_to_be16(data_len); 76 77 if (data) 78 os_memcpy(hdr + 1, data, data_len); 79 else 80 os_memset(hdr + 1, 0, data_len); 81 82 if (data_pos) 83 *data_pos = hdr + 1; 84 85 return (u8 *) hdr; 86 } 87 88 89 /** 90 * wpa_ether_send - Send Ethernet frame 91 * @wpa_s: Pointer to wpa_supplicant data 92 * @dest: Destination MAC address 93 * @proto: Ethertype in host byte order 94 * @buf: Frame payload starting from IEEE 802.1X header 95 * @len: Frame payload length 96 * Returns: >=0 on success, <0 on failure 97 */ wpa_ether_send(struct wpa_supplicant * wpa_s,const u8 * dest,u16 proto,const u8 * buf,size_t len)98 int wpa_ether_send(struct wpa_supplicant *wpa_s, const u8 *dest, 99 u16 proto, const u8 *buf, size_t len) 100 { 101 #ifdef CONFIG_TESTING_OPTIONS 102 if (wpa_s->ext_eapol_frame_io && proto == ETH_P_EAPOL) { 103 size_t hex_len = 2 * len + 1; 104 char *hex = os_malloc(hex_len); 105 106 if (hex == NULL) 107 return -1; 108 wpa_snprintf_hex(hex, hex_len, buf, len); 109 wpa_msg(wpa_s, MSG_INFO, "EAPOL-TX " MACSTR " %s", 110 MAC2STR(dest), hex); 111 os_free(hex); 112 return 0; 113 } 114 #endif /* CONFIG_TESTING_OPTIONS */ 115 116 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_CONTROL_PORT) { 117 int encrypt = wpa_s->wpa && 118 wpa_sm_has_ptk_installed(wpa_s->wpa); 119 120 return wpa_drv_tx_control_port(wpa_s, dest, proto, buf, len, 121 !encrypt); 122 } 123 124 if (wpa_s->l2) { 125 return l2_packet_send(wpa_s->l2, dest, proto, buf, len); 126 } 127 128 return -1; 129 } 130 #endif /* IEEE8021X_EAPOL || !CONFIG_NO_WPA */ 131 132 133 #ifdef IEEE8021X_EAPOL 134 135 /** 136 * wpa_supplicant_eapol_send - Send IEEE 802.1X EAPOL packet to Authenticator 137 * @ctx: Pointer to wpa_supplicant data (wpa_s) 138 * @type: IEEE 802.1X packet type (IEEE802_1X_TYPE_*) 139 * @buf: EAPOL payload (after IEEE 802.1X header) 140 * @len: EAPOL payload length 141 * Returns: >=0 on success, <0 on failure 142 * 143 * This function adds Ethernet and IEEE 802.1X header and sends the EAPOL frame 144 * to the current Authenticator. 145 */ wpa_supplicant_eapol_send(void * ctx,int type,const u8 * buf,size_t len)146 static int wpa_supplicant_eapol_send(void *ctx, int type, const u8 *buf, 147 size_t len) 148 { 149 struct wpa_supplicant *wpa_s = ctx; 150 u8 *msg, *dst, bssid[ETH_ALEN]; 151 struct driver_sta_mlo_info drv_mlo; 152 size_t msglen; 153 int res; 154 155 /* TODO: could add l2_packet_sendmsg that allows fragments to avoid 156 * extra copy here */ 157 158 if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) || 159 wpa_s->key_mgmt == WPA_KEY_MGMT_OWE || 160 wpa_s->key_mgmt == WPA_KEY_MGMT_DPP || 161 wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) { 162 /* Current SSID is not using IEEE 802.1X/EAP, so drop possible 163 * EAPOL frames (mainly, EAPOL-Start) from EAPOL state 164 * machines. */ 165 wpa_printf(MSG_DEBUG, "WPA: drop TX EAPOL in non-IEEE 802.1X " 166 "mode (type=%d len=%lu)", type, 167 (unsigned long) len); 168 return -1; 169 } 170 171 if (pmksa_cache_get_current(wpa_s->wpa) && 172 type == IEEE802_1X_TYPE_EAPOL_START) { 173 /* 174 * We were trying to use PMKSA caching and sending EAPOL-Start 175 * would abort that and trigger full EAPOL authentication. 176 * However, we've already waited for the AP/Authenticator to 177 * start 4-way handshake or EAP authentication, and apparently 178 * it has not done so since the startWhen timer has reached zero 179 * to get the state machine sending EAPOL-Start. This is not 180 * really supposed to happen, but an interoperability issue with 181 * a deployed AP has been identified where the connection fails 182 * due to that AP failing to operate correctly if PMKID is 183 * included in the Association Request frame. To work around 184 * this, assume PMKSA caching failed and try to initiate full 185 * EAP authentication. 186 */ 187 if (!wpa_s->current_ssid || 188 wpa_s->current_ssid->eap_workaround) { 189 wpa_printf(MSG_DEBUG, 190 "RSN: Timeout on waiting for the AP to initiate 4-way handshake for PMKSA caching or EAP authentication - try to force it to start EAP authentication"); 191 } else { 192 wpa_printf(MSG_DEBUG, 193 "RSN: PMKSA caching - do not send EAPOL-Start"); 194 return -1; 195 } 196 } 197 198 if (is_zero_ether_addr(wpa_s->bssid)) { 199 wpa_printf(MSG_DEBUG, "BSSID not set when trying to send an " 200 "EAPOL frame"); 201 os_memset(&drv_mlo, 0, sizeof(drv_mlo)); 202 if (wpa_drv_get_bssid(wpa_s, bssid) == 0 && 203 (!wpa_s->valid_links || 204 wpas_drv_get_sta_mlo_info(wpa_s, &drv_mlo) == 0) && 205 !is_zero_ether_addr(bssid)) { 206 dst = drv_mlo.valid_links ? drv_mlo.ap_mld_addr : bssid; 207 wpa_printf(MSG_DEBUG, "Using current %s " MACSTR 208 " from the driver as the EAPOL destination", 209 drv_mlo.valid_links ? "AP MLD MAC address" : 210 "BSSID", 211 MAC2STR(dst)); 212 } else { 213 dst = wpa_s->last_eapol_src; 214 wpa_printf(MSG_DEBUG, "Using the source address of the" 215 " last received EAPOL frame " MACSTR " as " 216 "the EAPOL destination", 217 MAC2STR(dst)); 218 } 219 } else { 220 /* BSSID was already set (from (Re)Assoc event, so use BSSID or 221 * AP MLD MAC address (in the case of MLO connection) as the 222 * EAPOL destination. */ 223 dst = wpa_s->valid_links ? wpa_s->ap_mld_addr : wpa_s->bssid; 224 } 225 226 msg = wpa_alloc_eapol(wpa_s, type, buf, len, &msglen, NULL); 227 if (msg == NULL) 228 return -1; 229 230 wpa_printf(MSG_DEBUG, "TX EAPOL: dst=" MACSTR, MAC2STR(dst)); 231 wpa_hexdump(MSG_MSGDUMP, "TX EAPOL", msg, msglen); 232 res = wpa_ether_send(wpa_s, dst, ETH_P_EAPOL, msg, msglen); 233 os_free(msg); 234 return res; 235 } 236 237 238 #ifdef CONFIG_WEP 239 /** 240 * wpa_eapol_set_wep_key - set WEP key for the driver 241 * @ctx: Pointer to wpa_supplicant data (wpa_s) 242 * @unicast: 1 = individual unicast key, 0 = broadcast key 243 * @keyidx: WEP key index (0..3) 244 * @key: Pointer to key data 245 * @keylen: Key length in bytes 246 * Returns: 0 on success or < 0 on error. 247 */ wpa_eapol_set_wep_key(void * ctx,int unicast,int keyidx,const u8 * key,size_t keylen)248 static int wpa_eapol_set_wep_key(void *ctx, int unicast, int keyidx, 249 const u8 *key, size_t keylen) 250 { 251 struct wpa_supplicant *wpa_s = ctx; 252 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) { 253 int cipher = (keylen == 5) ? WPA_CIPHER_WEP40 : 254 WPA_CIPHER_WEP104; 255 if (unicast) 256 wpa_s->pairwise_cipher = cipher; 257 else 258 wpa_s->group_cipher = cipher; 259 } 260 return wpa_drv_set_key(wpa_s, -1, WPA_ALG_WEP, 261 unicast ? wpa_s->bssid : NULL, 262 keyidx, unicast, NULL, 0, key, keylen, 263 unicast ? KEY_FLAG_PAIRWISE_RX_TX : 264 KEY_FLAG_GROUP_RX_TX_DEFAULT); 265 } 266 #endif /* CONFIG_WEP */ 267 268 wpa_supplicant_aborted_cached(void * ctx)269 static void wpa_supplicant_aborted_cached(void *ctx) 270 { 271 struct wpa_supplicant *wpa_s = ctx; 272 wpa_sm_aborted_cached(wpa_s->wpa); 273 } 274 275 result_str(enum eapol_supp_result result)276 static const char * result_str(enum eapol_supp_result result) 277 { 278 switch (result) { 279 case EAPOL_SUPP_RESULT_FAILURE: 280 return "FAILURE"; 281 case EAPOL_SUPP_RESULT_SUCCESS: 282 return "SUCCESS"; 283 case EAPOL_SUPP_RESULT_EXPECTED_FAILURE: 284 return "EXPECTED_FAILURE"; 285 } 286 return "?"; 287 } 288 289 wpa_supplicant_eapol_cb(struct eapol_sm * eapol,enum eapol_supp_result result,void * ctx)290 static void wpa_supplicant_eapol_cb(struct eapol_sm *eapol, 291 enum eapol_supp_result result, 292 void *ctx) 293 { 294 struct wpa_supplicant *wpa_s = ctx; 295 int res, pmk_len; 296 u8 pmk[PMK_LEN_MAX]; 297 298 wpa_printf(MSG_DEBUG, "EAPOL authentication completed - result=%s", 299 result_str(result)); 300 301 if (wpas_wps_eapol_cb(wpa_s) > 0) 302 return; 303 304 wpa_s->eap_expected_failure = result == 305 EAPOL_SUPP_RESULT_EXPECTED_FAILURE; 306 307 if (result != EAPOL_SUPP_RESULT_SUCCESS) { 308 int timeout = 2; 309 /* 310 * Make sure we do not get stuck here waiting for long EAPOL 311 * timeout if the AP does not disconnect in case of 312 * authentication failure. 313 */ 314 if (wpa_s->eapol_failed) { 315 wpa_printf(MSG_DEBUG, 316 "EAPOL authentication failed again and AP did not disconnect us"); 317 timeout = 0; 318 } 319 wpa_s->eapol_failed = 1; 320 wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0); 321 } else { 322 wpa_s->eapol_failed = 0; 323 ieee802_1x_notify_create_actor(wpa_s, wpa_s->last_eapol_src); 324 } 325 326 if (result != EAPOL_SUPP_RESULT_SUCCESS || 327 !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X)) 328 return; 329 330 if (!wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) 331 return; 332 333 wpa_printf(MSG_DEBUG, "Configure PMK for driver-based RSN 4-way " 334 "handshake"); 335 336 if (wpa_key_mgmt_sha384(wpa_s->key_mgmt)) 337 pmk_len = PMK_LEN_SUITE_B_192; 338 else 339 pmk_len = PMK_LEN; 340 341 if (wpa_key_mgmt_ft(wpa_s->key_mgmt)) { 342 #ifdef CONFIG_IEEE80211R 343 u8 buf[2 * PMK_LEN]; 344 wpa_printf(MSG_DEBUG, "RSN: Use FT XXKey as PMK for " 345 "driver-based 4-way hs and FT"); 346 res = eapol_sm_get_key(eapol, buf, 2 * PMK_LEN); 347 if (res == 0) { 348 if (wpa_key_mgmt_sha384(wpa_s->key_mgmt)) 349 os_memcpy(pmk, buf, pmk_len); 350 else 351 os_memcpy(pmk, buf + PMK_LEN, PMK_LEN); 352 os_memset(buf, 0, sizeof(buf)); 353 } 354 #else /* CONFIG_IEEE80211R */ 355 res = -1; 356 #endif /* CONFIG_IEEE80211R */ 357 } else { 358 res = eapol_sm_get_key(eapol, pmk, pmk_len); 359 if (res) { 360 /* 361 * EAP-LEAP is an exception from other EAP methods: it 362 * uses only 16-byte PMK. 363 */ 364 res = eapol_sm_get_key(eapol, pmk, 16); 365 pmk_len = 16; 366 } 367 } 368 369 if (res) { 370 wpa_printf(MSG_DEBUG, "Failed to get PMK from EAPOL state " 371 "machines"); 372 return; 373 } 374 375 wpa_hexdump_key(MSG_DEBUG, "RSN: Configure PMK for driver-based 4-way " 376 "handshake", pmk, pmk_len); 377 378 if (wpa_drv_set_key(wpa_s, -1, 0, NULL, 0, 0, NULL, 0, pmk, 379 pmk_len, KEY_FLAG_PMK)) { 380 wpa_printf(MSG_DEBUG, "Failed to set PMK to the driver"); 381 } 382 383 wpa_supplicant_cancel_scan(wpa_s); 384 wpa_supplicant_cancel_auth_timeout(wpa_s); 385 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED); 386 387 } 388 389 wpa_supplicant_notify_eapol_done(void * ctx)390 static void wpa_supplicant_notify_eapol_done(void *ctx) 391 { 392 struct wpa_supplicant *wpa_s = ctx; 393 wpa_msg(wpa_s, MSG_DEBUG, "WPA: EAPOL processing complete"); 394 if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) { 395 wpa_supplicant_set_state(wpa_s, WPA_4WAY_HANDSHAKE); 396 } else { 397 wpa_supplicant_cancel_auth_timeout(wpa_s); 398 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED); 399 } 400 } 401 402 #endif /* IEEE8021X_EAPOL */ 403 404 405 #ifndef CONFIG_NO_WPA 406 wpa_get_beacon_ie(struct wpa_supplicant * wpa_s)407 static int wpa_get_beacon_ie(struct wpa_supplicant *wpa_s) 408 { 409 int ret = 0; 410 struct wpa_bss *curr = NULL, *bss; 411 struct wpa_ssid *ssid = wpa_s->current_ssid; 412 const u8 *ie; 413 414 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) { 415 if (!ether_addr_equal(bss->bssid, wpa_s->bssid)) 416 continue; 417 if (ssid == NULL || 418 ((bss->ssid_len == ssid->ssid_len && 419 os_memcmp(bss->ssid, ssid->ssid, ssid->ssid_len) == 0) || 420 ssid->ssid_len == 0)) { 421 curr = bss; 422 break; 423 } 424 #ifdef CONFIG_OWE 425 if (ssid && (ssid->key_mgmt & WPA_KEY_MGMT_OWE) && 426 (bss->flags & WPA_BSS_OWE_TRANSITION)) { 427 curr = bss; 428 break; 429 } 430 #endif /* CONFIG_OWE */ 431 } 432 433 if (curr) { 434 ie = wpa_bss_get_vendor_ie(curr, WPA_IE_VENDOR_TYPE); 435 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0)) 436 ret = -1; 437 438 ie = wpa_bss_get_ie(curr, WLAN_EID_RSN); 439 if (wpa_sm_set_ap_rsn_ie(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0)) 440 ret = -1; 441 442 ie = wpa_bss_get_ie(curr, WLAN_EID_RSNX); 443 if (wpa_sm_set_ap_rsnxe(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0)) 444 ret = -1; 445 446 ie = wpa_bss_get_vendor_ie(curr, RSNE_OVERRIDE_IE_VENDOR_TYPE); 447 if (wpa_sm_set_ap_rsne_override(wpa_s->wpa, ie, 448 ie ? 2 + ie[1] : 0)) 449 ret = -1; 450 451 ie = wpa_bss_get_vendor_ie(curr, 452 RSNE_OVERRIDE_2_IE_VENDOR_TYPE); 453 if (wpa_sm_set_ap_rsne_override_2(wpa_s->wpa, ie, 454 ie ? 2 + ie[1] : 0)) 455 ret = -1; 456 457 ie = wpa_bss_get_vendor_ie(curr, RSNXE_OVERRIDE_IE_VENDOR_TYPE); 458 if (wpa_sm_set_ap_rsnxe_override(wpa_s->wpa, ie, 459 ie ? 2 + ie[1] : 0)) 460 ret = -1; 461 } else { 462 ret = -1; 463 } 464 465 return ret; 466 } 467 468 wpa_supplicant_get_beacon_ie(void * ctx)469 static int wpa_supplicant_get_beacon_ie(void *ctx) 470 { 471 struct wpa_supplicant *wpa_s = ctx; 472 if (wpa_get_beacon_ie(wpa_s) == 0) { 473 return 0; 474 } 475 476 /* No WPA/RSN IE found in the cached scan results. Try to get updated 477 * scan results from the driver. */ 478 if (wpa_supplicant_update_scan_results(wpa_s, wpa_s->bssid) < 0) 479 return -1; 480 481 return wpa_get_beacon_ie(wpa_s); 482 } 483 484 _wpa_alloc_eapol(void * wpa_s,u8 type,const void * data,u16 data_len,size_t * msg_len,void ** data_pos)485 static u8 * _wpa_alloc_eapol(void *wpa_s, u8 type, 486 const void *data, u16 data_len, 487 size_t *msg_len, void **data_pos) 488 { 489 return wpa_alloc_eapol(wpa_s, type, data, data_len, msg_len, data_pos); 490 } 491 492 _wpa_ether_send(void * wpa_s,const u8 * dest,u16 proto,const u8 * buf,size_t len)493 static int _wpa_ether_send(void *wpa_s, const u8 *dest, u16 proto, 494 const u8 *buf, size_t len) 495 { 496 return wpa_ether_send(wpa_s, dest, proto, buf, len); 497 } 498 499 _wpa_supplicant_cancel_auth_timeout(void * wpa_s)500 static void _wpa_supplicant_cancel_auth_timeout(void *wpa_s) 501 { 502 wpa_supplicant_cancel_auth_timeout(wpa_s); 503 } 504 505 _wpa_supplicant_set_state(void * wpa_s,enum wpa_states state)506 static void _wpa_supplicant_set_state(void *wpa_s, enum wpa_states state) 507 { 508 wpa_supplicant_set_state(wpa_s, state); 509 } 510 511 512 /** 513 * wpa_supplicant_get_state - Get the connection state 514 * @wpa_s: Pointer to wpa_supplicant data 515 * Returns: The current connection state (WPA_*) 516 */ wpa_supplicant_get_state(struct wpa_supplicant * wpa_s)517 static enum wpa_states wpa_supplicant_get_state(struct wpa_supplicant *wpa_s) 518 { 519 return wpa_s->wpa_state; 520 } 521 522 _wpa_supplicant_get_state(void * wpa_s)523 static enum wpa_states _wpa_supplicant_get_state(void *wpa_s) 524 { 525 return wpa_supplicant_get_state(wpa_s); 526 } 527 528 _wpa_supplicant_deauthenticate(void * wpa_s,u16 reason_code)529 static void _wpa_supplicant_deauthenticate(void *wpa_s, u16 reason_code) 530 { 531 wpa_supplicant_deauthenticate(wpa_s, reason_code); 532 /* Schedule a scan to make sure we continue looking for networks */ 533 wpa_supplicant_req_scan(wpa_s, 5, 0); 534 } 535 536 _wpa_supplicant_reconnect(void * wpa_s)537 static void _wpa_supplicant_reconnect(void *wpa_s) 538 { 539 wpa_supplicant_reconnect(wpa_s); 540 } 541 542 wpa_supplicant_get_network_ctx(void * wpa_s)543 static void * wpa_supplicant_get_network_ctx(void *wpa_s) 544 { 545 return wpa_supplicant_get_ssid(wpa_s); 546 } 547 548 wpa_supplicant_get_bssid(void * ctx,u8 * bssid)549 static int wpa_supplicant_get_bssid(void *ctx, u8 *bssid) 550 { 551 struct wpa_supplicant *wpa_s = ctx; 552 return wpa_drv_get_bssid(wpa_s, bssid); 553 } 554 555 wpa_supplicant_set_key(void * _wpa_s,int link_id,enum wpa_alg alg,const u8 * addr,int key_idx,int set_tx,const u8 * seq,size_t seq_len,const u8 * key,size_t key_len,enum key_flag key_flag)556 static int wpa_supplicant_set_key(void *_wpa_s, int link_id, enum wpa_alg alg, 557 const u8 *addr, int key_idx, int set_tx, 558 const u8 *seq, size_t seq_len, 559 const u8 *key, size_t key_len, 560 enum key_flag key_flag) 561 { 562 struct wpa_supplicant *wpa_s = _wpa_s; 563 int ret; 564 565 if (alg == WPA_ALG_TKIP && key_idx == 0 && key_len == 32) { 566 /* Clear the MIC error counter when setting a new PTK. */ 567 wpa_s->mic_errors_seen = 0; 568 } 569 #ifdef CONFIG_TESTING_GET_GTK 570 if (key_idx > 0 && addr && is_broadcast_ether_addr(addr) && 571 alg != WPA_ALG_NONE && key_len <= sizeof(wpa_s->last_gtk)) { 572 os_memcpy(wpa_s->last_gtk, key, key_len); 573 wpa_s->last_gtk_len = key_len; 574 } 575 #endif /* CONFIG_TESTING_GET_GTK */ 576 #ifdef CONFIG_TESTING_OPTIONS 577 if (addr && !is_broadcast_ether_addr(addr) && 578 !(key_flag & KEY_FLAG_MODIFY)) { 579 wpa_s->last_tk_alg = alg; 580 os_memcpy(wpa_s->last_tk_addr, addr, ETH_ALEN); 581 wpa_s->last_tk_key_idx = key_idx; 582 if (key) 583 os_memcpy(wpa_s->last_tk, key, key_len); 584 wpa_s->last_tk_len = key_len; 585 } 586 #endif /* CONFIG_TESTING_OPTIONS */ 587 588 ret = wpa_drv_set_key(wpa_s, link_id, alg, addr, key_idx, set_tx, seq, 589 seq_len, key, key_len, key_flag); 590 if (ret == 0 && (key_idx == 6 || key_idx == 7) && 591 alg != WPA_ALG_NONE && key_len > 0) 592 wpa_s->bigtk_set = true; 593 594 return ret; 595 } 596 597 wpa_supplicant_mlme_setprotection(void * wpa_s,const u8 * addr,int protection_type,int key_type)598 static int wpa_supplicant_mlme_setprotection(void *wpa_s, const u8 *addr, 599 int protection_type, 600 int key_type) 601 { 602 return wpa_drv_mlme_setprotection(wpa_s, addr, protection_type, 603 key_type); 604 } 605 606 wpas_get_network_ctx(struct wpa_supplicant * wpa_s,void * network_ctx)607 static struct wpa_ssid * wpas_get_network_ctx(struct wpa_supplicant *wpa_s, 608 void *network_ctx) 609 { 610 struct wpa_ssid *ssid; 611 612 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 613 if (network_ctx == ssid) 614 return ssid; 615 } 616 617 return NULL; 618 } 619 620 wpa_supplicant_add_pmkid(void * _wpa_s,void * network_ctx,const u8 * bssid,const u8 * pmkid,const u8 * fils_cache_id,const u8 * pmk,size_t pmk_len,u32 pmk_lifetime,u8 pmk_reauth_threshold,int akmp)621 static int wpa_supplicant_add_pmkid(void *_wpa_s, void *network_ctx, 622 const u8 *bssid, const u8 *pmkid, 623 const u8 *fils_cache_id, 624 const u8 *pmk, size_t pmk_len, 625 u32 pmk_lifetime, u8 pmk_reauth_threshold, 626 int akmp) 627 { 628 struct wpa_supplicant *wpa_s = _wpa_s; 629 struct wpa_ssid *ssid; 630 struct wpa_pmkid_params params; 631 632 os_memset(¶ms, 0, sizeof(params)); 633 ssid = wpas_get_network_ctx(wpa_s, network_ctx); 634 if (ssid) { 635 wpa_msg(wpa_s, MSG_INFO, PMKSA_CACHE_ADDED MACSTR " %d", 636 MAC2STR(bssid), ssid->id); 637 if ((akmp == WPA_KEY_MGMT_FT_IEEE8021X || 638 akmp == WPA_KEY_MGMT_FT_IEEE8021X_SHA384) && 639 !ssid->ft_eap_pmksa_caching) { 640 /* Since we will not be using PMKSA caching for FT-EAP 641 * within wpa_supplicant to avoid known interop issues 642 * with APs, do not add this PMKID to the driver either 643 * so that we won't be hitting those interop issues 644 * with driver-based RSNE generation. */ 645 wpa_printf(MSG_DEBUG, 646 "FT: Do not add PMKID entry to the driver since FT-EAP PMKSA caching is not enabled in configuration"); 647 return 0; 648 } 649 } 650 if (ssid && fils_cache_id) { 651 params.ssid = ssid->ssid; 652 params.ssid_len = ssid->ssid_len; 653 params.fils_cache_id = fils_cache_id; 654 } else { 655 params.bssid = bssid; 656 } 657 658 params.pmkid = pmkid; 659 params.pmk = pmk; 660 params.pmk_len = pmk_len; 661 params.pmk_lifetime = pmk_lifetime; 662 params.pmk_reauth_threshold = pmk_reauth_threshold; 663 664 return wpa_drv_add_pmkid(wpa_s, ¶ms); 665 } 666 667 wpa_supplicant_remove_pmkid(void * _wpa_s,void * network_ctx,const u8 * bssid,const u8 * pmkid,const u8 * fils_cache_id)668 static int wpa_supplicant_remove_pmkid(void *_wpa_s, void *network_ctx, 669 const u8 *bssid, const u8 *pmkid, 670 const u8 *fils_cache_id) 671 { 672 struct wpa_supplicant *wpa_s = _wpa_s; 673 struct wpa_ssid *ssid; 674 struct wpa_pmkid_params params; 675 676 os_memset(¶ms, 0, sizeof(params)); 677 ssid = wpas_get_network_ctx(wpa_s, network_ctx); 678 if (ssid) 679 wpa_msg(wpa_s, MSG_INFO, PMKSA_CACHE_REMOVED MACSTR " %d", 680 MAC2STR(bssid), ssid->id); 681 if (ssid && fils_cache_id) { 682 params.ssid = ssid->ssid; 683 params.ssid_len = ssid->ssid_len; 684 params.fils_cache_id = fils_cache_id; 685 } else { 686 params.bssid = bssid; 687 } 688 689 params.pmkid = pmkid; 690 691 return wpa_drv_remove_pmkid(wpa_s, ¶ms); 692 } 693 694 695 #ifdef CONFIG_IEEE80211R wpa_supplicant_update_ft_ies(void * ctx,const u8 * md,const u8 * ies,size_t ies_len)696 static int wpa_supplicant_update_ft_ies(void *ctx, const u8 *md, 697 const u8 *ies, size_t ies_len) 698 { 699 struct wpa_supplicant *wpa_s = ctx; 700 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) 701 return sme_update_ft_ies(wpa_s, md, ies, ies_len); 702 return wpa_drv_update_ft_ies(wpa_s, md, ies, ies_len); 703 } 704 705 wpa_supplicant_send_ft_action(void * ctx,u8 action,const u8 * target_ap,const u8 * ies,size_t ies_len)706 static int wpa_supplicant_send_ft_action(void *ctx, u8 action, 707 const u8 *target_ap, 708 const u8 *ies, size_t ies_len) 709 { 710 struct wpa_supplicant *wpa_s = ctx; 711 int ret; 712 u8 *data, *pos; 713 size_t data_len; 714 715 if (action != 1) { 716 wpa_printf(MSG_ERROR, "Unsupported send_ft_action action %d", 717 action); 718 return -1; 719 } 720 721 /* 722 * Action frame payload: 723 * Category[1] = 6 (Fast BSS Transition) 724 * Action[1] = 1 (Fast BSS Transition Request) 725 * STA Address 726 * Target AP Address 727 * FT IEs 728 */ 729 730 data_len = 2 + 2 * ETH_ALEN + ies_len; 731 data = os_malloc(data_len); 732 if (data == NULL) 733 return -1; 734 pos = data; 735 *pos++ = 0x06; /* FT Action category */ 736 *pos++ = action; 737 os_memcpy(pos, wpa_s->own_addr, ETH_ALEN); 738 pos += ETH_ALEN; 739 os_memcpy(pos, target_ap, ETH_ALEN); 740 pos += ETH_ALEN; 741 os_memcpy(pos, ies, ies_len); 742 743 ret = wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, 744 wpa_s->bssid, wpa_s->own_addr, wpa_s->bssid, 745 data, data_len, 0); 746 os_free(data); 747 748 return ret; 749 } 750 751 wpa_supplicant_mark_authenticated(void * ctx,const u8 * target_ap)752 static int wpa_supplicant_mark_authenticated(void *ctx, const u8 *target_ap) 753 { 754 struct wpa_supplicant *wpa_s = ctx; 755 struct wpa_driver_auth_params params; 756 struct wpa_bss *bss; 757 758 bss = wpa_bss_get_bssid(wpa_s, target_ap); 759 if (bss == NULL) 760 return -1; 761 762 os_memset(¶ms, 0, sizeof(params)); 763 params.bssid = target_ap; 764 params.freq = bss->freq; 765 params.ssid = bss->ssid; 766 params.ssid_len = bss->ssid_len; 767 params.auth_alg = WPA_AUTH_ALG_FT; 768 params.local_state_change = 1; 769 return wpa_drv_authenticate(wpa_s, ¶ms); 770 } 771 #endif /* CONFIG_IEEE80211R */ 772 773 774 #ifdef CONFIG_TDLS 775 wpa_supplicant_tdls_get_capa(void * ctx,int * tdls_supported,int * tdls_ext_setup,int * tdls_chan_switch)776 static int wpa_supplicant_tdls_get_capa(void *ctx, int *tdls_supported, 777 int *tdls_ext_setup, 778 int *tdls_chan_switch) 779 { 780 struct wpa_supplicant *wpa_s = ctx; 781 782 *tdls_supported = 0; 783 *tdls_ext_setup = 0; 784 *tdls_chan_switch = 0; 785 786 if (!wpa_s->drv_capa_known) 787 return -1; 788 789 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT) 790 *tdls_supported = 1; 791 792 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_TDLS_EXTERNAL_SETUP) 793 *tdls_ext_setup = 1; 794 795 if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_TDLS_CHANNEL_SWITCH) 796 *tdls_chan_switch = 1; 797 798 return 0; 799 } 800 801 wpa_supplicant_send_tdls_mgmt(void * ctx,const u8 * dst,u8 action_code,u8 dialog_token,u16 status_code,u32 peer_capab,int initiator,const u8 * buf,size_t len,int link_id)802 static int wpa_supplicant_send_tdls_mgmt(void *ctx, const u8 *dst, 803 u8 action_code, u8 dialog_token, 804 u16 status_code, u32 peer_capab, 805 int initiator, const u8 *buf, 806 size_t len, int link_id) 807 { 808 struct wpa_supplicant *wpa_s = ctx; 809 return wpa_drv_send_tdls_mgmt(wpa_s, dst, action_code, dialog_token, 810 status_code, peer_capab, initiator, buf, 811 len, link_id); 812 } 813 814 wpa_supplicant_tdls_oper(void * ctx,int oper,const u8 * peer)815 static int wpa_supplicant_tdls_oper(void *ctx, int oper, const u8 *peer) 816 { 817 struct wpa_supplicant *wpa_s = ctx; 818 return wpa_drv_tdls_oper(wpa_s, oper, peer); 819 } 820 821 wpa_supplicant_tdls_peer_addset(void * ctx,const u8 * peer,int add,u16 aid,u16 capability,const u8 * supp_rates,size_t supp_rates_len,const struct ieee80211_ht_capabilities * ht_capab,const struct ieee80211_vht_capabilities * vht_capab,const struct ieee80211_he_capabilities * he_capab,size_t he_capab_len,const struct ieee80211_he_6ghz_band_cap * he_6ghz_he_capab,u8 qosinfo,int wmm,const u8 * ext_capab,size_t ext_capab_len,const u8 * supp_channels,size_t supp_channels_len,const u8 * supp_oper_classes,size_t supp_oper_classes_len,const struct ieee80211_eht_capabilities * eht_capab,size_t eht_capab_len,int mld_link_id)822 static int wpa_supplicant_tdls_peer_addset( 823 void *ctx, const u8 *peer, int add, u16 aid, u16 capability, 824 const u8 *supp_rates, size_t supp_rates_len, 825 const struct ieee80211_ht_capabilities *ht_capab, 826 const struct ieee80211_vht_capabilities *vht_capab, 827 const struct ieee80211_he_capabilities *he_capab, 828 size_t he_capab_len, 829 const struct ieee80211_he_6ghz_band_cap *he_6ghz_he_capab, 830 u8 qosinfo, int wmm, const u8 *ext_capab, size_t ext_capab_len, 831 const u8 *supp_channels, size_t supp_channels_len, 832 const u8 *supp_oper_classes, size_t supp_oper_classes_len, 833 const struct ieee80211_eht_capabilities *eht_capab, 834 size_t eht_capab_len, int mld_link_id) 835 { 836 struct wpa_supplicant *wpa_s = ctx; 837 struct hostapd_sta_add_params params; 838 839 os_memset(¶ms, 0, sizeof(params)); 840 841 params.addr = peer; 842 params.aid = aid; 843 params.capability = capability; 844 params.flags = WPA_STA_TDLS_PEER | WPA_STA_AUTHORIZED; 845 846 /* 847 * Don't rely only on qosinfo for WMM capability. It may be 0 even when 848 * present. Allow the WMM IE to also indicate QoS support. 849 */ 850 if (wmm || qosinfo) 851 params.flags |= WPA_STA_WMM; 852 853 params.ht_capabilities = ht_capab; 854 params.vht_capabilities = vht_capab; 855 params.he_capab = he_capab; 856 params.he_capab_len = he_capab_len; 857 params.he_6ghz_capab = he_6ghz_he_capab; 858 params.qosinfo = qosinfo; 859 params.listen_interval = 0; 860 params.supp_rates = supp_rates; 861 params.supp_rates_len = supp_rates_len; 862 params.set = !add; 863 params.ext_capab = ext_capab; 864 params.ext_capab_len = ext_capab_len; 865 params.supp_channels = supp_channels; 866 params.supp_channels_len = supp_channels_len; 867 params.supp_oper_classes = supp_oper_classes; 868 params.supp_oper_classes_len = supp_oper_classes_len; 869 params.eht_capab = eht_capab; 870 params.eht_capab_len = eht_capab_len; 871 params.mld_link_id = mld_link_id; 872 873 return wpa_drv_sta_add(wpa_s, ¶ms); 874 } 875 876 wpa_supplicant_tdls_enable_channel_switch(void * ctx,const u8 * addr,u8 oper_class,const struct hostapd_freq_params * params)877 static int wpa_supplicant_tdls_enable_channel_switch( 878 void *ctx, const u8 *addr, u8 oper_class, 879 const struct hostapd_freq_params *params) 880 { 881 struct wpa_supplicant *wpa_s = ctx; 882 883 return wpa_drv_tdls_enable_channel_switch(wpa_s, addr, oper_class, 884 params); 885 } 886 887 wpa_supplicant_tdls_disable_channel_switch(void * ctx,const u8 * addr)888 static int wpa_supplicant_tdls_disable_channel_switch(void *ctx, const u8 *addr) 889 { 890 struct wpa_supplicant *wpa_s = ctx; 891 892 return wpa_drv_tdls_disable_channel_switch(wpa_s, addr); 893 } 894 895 #endif /* CONFIG_TDLS */ 896 897 #endif /* CONFIG_NO_WPA */ 898 899 wpa_supplicant_ctrl_req_from_string(const char * field)900 enum wpa_ctrl_req_type wpa_supplicant_ctrl_req_from_string(const char *field) 901 { 902 if (os_strcmp(field, "IDENTITY") == 0) 903 return WPA_CTRL_REQ_EAP_IDENTITY; 904 else if (os_strcmp(field, "PASSWORD") == 0) 905 return WPA_CTRL_REQ_EAP_PASSWORD; 906 else if (os_strcmp(field, "NEW_PASSWORD") == 0) 907 return WPA_CTRL_REQ_EAP_NEW_PASSWORD; 908 else if (os_strcmp(field, "PIN") == 0) 909 return WPA_CTRL_REQ_EAP_PIN; 910 else if (os_strcmp(field, "OTP") == 0) 911 return WPA_CTRL_REQ_EAP_OTP; 912 else if (os_strcmp(field, "PASSPHRASE") == 0) 913 return WPA_CTRL_REQ_EAP_PASSPHRASE; 914 else if (os_strcmp(field, "SIM") == 0) 915 return WPA_CTRL_REQ_SIM; 916 else if (os_strcmp(field, "PSK_PASSPHRASE") == 0) 917 return WPA_CTRL_REQ_PSK_PASSPHRASE; 918 else if (os_strcmp(field, "EXT_CERT_CHECK") == 0) 919 return WPA_CTRL_REQ_EXT_CERT_CHECK; 920 return WPA_CTRL_REQ_UNKNOWN; 921 } 922 923 wpa_supplicant_ctrl_req_to_string(enum wpa_ctrl_req_type field,const char * default_txt,const char ** txt)924 const char * wpa_supplicant_ctrl_req_to_string(enum wpa_ctrl_req_type field, 925 const char *default_txt, 926 const char **txt) 927 { 928 const char *ret = NULL; 929 930 *txt = default_txt; 931 932 switch (field) { 933 case WPA_CTRL_REQ_EAP_IDENTITY: 934 *txt = "Identity"; 935 ret = "IDENTITY"; 936 break; 937 case WPA_CTRL_REQ_EAP_PASSWORD: 938 *txt = "Password"; 939 ret = "PASSWORD"; 940 break; 941 case WPA_CTRL_REQ_EAP_NEW_PASSWORD: 942 *txt = "New Password"; 943 ret = "NEW_PASSWORD"; 944 break; 945 case WPA_CTRL_REQ_EAP_PIN: 946 *txt = "PIN"; 947 ret = "PIN"; 948 break; 949 case WPA_CTRL_REQ_EAP_OTP: 950 ret = "OTP"; 951 break; 952 case WPA_CTRL_REQ_EAP_PASSPHRASE: 953 *txt = "Private key passphrase"; 954 ret = "PASSPHRASE"; 955 break; 956 case WPA_CTRL_REQ_SIM: 957 ret = "SIM"; 958 break; 959 case WPA_CTRL_REQ_PSK_PASSPHRASE: 960 *txt = "PSK or passphrase"; 961 ret = "PSK_PASSPHRASE"; 962 break; 963 case WPA_CTRL_REQ_EXT_CERT_CHECK: 964 *txt = "External server certificate validation"; 965 ret = "EXT_CERT_CHECK"; 966 break; 967 default: 968 break; 969 } 970 971 /* txt needs to be something */ 972 if (*txt == NULL) { 973 wpa_printf(MSG_WARNING, "No message for request %d", field); 974 ret = NULL; 975 } 976 977 return ret; 978 } 979 980 wpas_send_ctrl_req(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,const char * field_name,const char * txt)981 void wpas_send_ctrl_req(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid, 982 const char *field_name, const char *txt) 983 { 984 wpa_msg(wpa_s, MSG_INFO, WPA_CTRL_REQ "%s-%d:%s needed for SSID %s", 985 field_name, ssid->id, txt, 986 wpa_ssid_txt(ssid->ssid, ssid->ssid_len)); 987 } 988 989 990 #ifdef IEEE8021X_EAPOL 991 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG) wpa_supplicant_eap_param_needed(void * ctx,enum wpa_ctrl_req_type field,const char * default_txt)992 static void wpa_supplicant_eap_param_needed(void *ctx, 993 enum wpa_ctrl_req_type field, 994 const char *default_txt) 995 { 996 struct wpa_supplicant *wpa_s = ctx; 997 struct wpa_ssid *ssid = wpa_s->current_ssid; 998 const char *field_name, *txt = NULL; 999 1000 if (ssid == NULL) 1001 return; 1002 1003 if (field == WPA_CTRL_REQ_EXT_CERT_CHECK) 1004 ssid->eap.pending_ext_cert_check = PENDING_CHECK; 1005 wpas_notify_network_request(wpa_s, ssid, field, default_txt); 1006 1007 field_name = wpa_supplicant_ctrl_req_to_string(field, default_txt, 1008 &txt); 1009 if (field_name == NULL) { 1010 wpa_printf(MSG_WARNING, "Unhandled EAP param %d needed", 1011 field); 1012 return; 1013 } 1014 1015 wpas_notify_eap_status(wpa_s, "eap parameter needed", field_name); 1016 1017 wpas_send_ctrl_req(wpa_s, ssid, field_name, txt); 1018 } 1019 #else /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */ 1020 #define wpa_supplicant_eap_param_needed NULL 1021 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */ 1022 1023 1024 #ifdef CONFIG_EAP_PROXY 1025 wpa_supplicant_eap_proxy_cb(void * ctx)1026 static void wpa_supplicant_eap_proxy_cb(void *ctx) 1027 { 1028 struct wpa_supplicant *wpa_s = ctx; 1029 size_t len; 1030 1031 wpa_s->mnc_len = eapol_sm_get_eap_proxy_imsi(wpa_s->eapol, -1, 1032 wpa_s->imsi, &len); 1033 if (wpa_s->mnc_len > 0) { 1034 wpa_s->imsi[len] = '\0'; 1035 wpa_printf(MSG_DEBUG, "eap_proxy: IMSI %s (MNC length %d)", 1036 wpa_s->imsi, wpa_s->mnc_len); 1037 } else { 1038 wpa_printf(MSG_DEBUG, "eap_proxy: IMSI not available"); 1039 } 1040 } 1041 1042 wpa_sm_sim_state_error_handler(struct wpa_supplicant * wpa_s)1043 static void wpa_sm_sim_state_error_handler(struct wpa_supplicant *wpa_s) 1044 { 1045 int i; 1046 struct wpa_ssid *ssid; 1047 const struct eap_method_type *eap_methods; 1048 1049 if (!wpa_s->conf) 1050 return; 1051 1052 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) { 1053 eap_methods = ssid->eap.eap_methods; 1054 if (!eap_methods) 1055 continue; 1056 1057 for (i = 0; eap_methods[i].method != EAP_TYPE_NONE; i++) { 1058 if (eap_methods[i].vendor == EAP_VENDOR_IETF && 1059 (eap_methods[i].method == EAP_TYPE_SIM || 1060 eap_methods[i].method == EAP_TYPE_AKA || 1061 eap_methods[i].method == EAP_TYPE_AKA_PRIME)) { 1062 wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid); 1063 break; 1064 } 1065 } 1066 } 1067 } 1068 1069 1070 static void wpa_supplicant_eap_proxy_notify_sim_status(void * ctx,enum eap_proxy_sim_state sim_state)1071 wpa_supplicant_eap_proxy_notify_sim_status(void *ctx, 1072 enum eap_proxy_sim_state sim_state) 1073 { 1074 struct wpa_supplicant *wpa_s = ctx; 1075 1076 wpa_printf(MSG_DEBUG, "eap_proxy: SIM card status %u", sim_state); 1077 switch (sim_state) { 1078 case SIM_STATE_ERROR: 1079 wpa_sm_sim_state_error_handler(wpa_s); 1080 break; 1081 default: 1082 wpa_printf(MSG_DEBUG, "eap_proxy: SIM card status unknown"); 1083 break; 1084 } 1085 } 1086 1087 #endif /* CONFIG_EAP_PROXY */ 1088 1089 wpa_supplicant_port_cb(void * ctx,int authorized)1090 static void wpa_supplicant_port_cb(void *ctx, int authorized) 1091 { 1092 struct wpa_supplicant *wpa_s = ctx; 1093 #ifdef CONFIG_AP 1094 if (wpa_s->ap_iface) { 1095 wpa_printf(MSG_DEBUG, "AP mode active - skip EAPOL Supplicant " 1096 "port status: %s", 1097 authorized ? "Authorized" : "Unauthorized"); 1098 return; 1099 } 1100 #endif /* CONFIG_AP */ 1101 wpa_printf(MSG_DEBUG, "EAPOL: Supplicant port status: %s", 1102 authorized ? "Authorized" : "Unauthorized"); 1103 wpa_drv_set_supp_port(wpa_s, authorized); 1104 } 1105 1106 wpa_supplicant_cert_cb(void * ctx,struct tls_cert_data * cert,const char * cert_hash)1107 static void wpa_supplicant_cert_cb(void *ctx, struct tls_cert_data *cert, 1108 const char *cert_hash) 1109 { 1110 struct wpa_supplicant *wpa_s = ctx; 1111 1112 wpas_notify_certification(wpa_s, cert, cert_hash); 1113 } 1114 1115 wpa_supplicant_status_cb(void * ctx,const char * status,const char * parameter)1116 static void wpa_supplicant_status_cb(void *ctx, const char *status, 1117 const char *parameter) 1118 { 1119 struct wpa_supplicant *wpa_s = ctx; 1120 1121 wpas_notify_eap_status(wpa_s, status, parameter); 1122 } 1123 1124 wpa_supplicant_eap_error_cb(void * ctx,int error_code)1125 static void wpa_supplicant_eap_error_cb(void *ctx, int error_code) 1126 { 1127 struct wpa_supplicant *wpa_s = ctx; 1128 1129 wpas_notify_eap_error(wpa_s, error_code); 1130 } 1131 1132 wpa_supplicant_eap_auth_start_cb(void * ctx)1133 static int wpa_supplicant_eap_auth_start_cb(void *ctx) 1134 { 1135 struct wpa_supplicant *wpa_s = ctx; 1136 1137 if (!wpa_s->new_connection && wpa_s->deny_ptk0_rekey && 1138 !wpa_sm_ext_key_id_active(wpa_s->wpa)) { 1139 wpa_msg(wpa_s, MSG_INFO, 1140 "WPA: PTK0 rekey not allowed, reconnecting"); 1141 wpa_supplicant_reconnect(wpa_s); 1142 return -1; 1143 } 1144 return 0; 1145 } 1146 1147 wpa_supplicant_set_anon_id(void * ctx,const u8 * id,size_t len)1148 static void wpa_supplicant_set_anon_id(void *ctx, const u8 *id, size_t len) 1149 { 1150 struct wpa_supplicant *wpa_s = ctx; 1151 char *str; 1152 int res; 1153 1154 wpa_hexdump_ascii(MSG_DEBUG, "EAP method updated anonymous_identity", 1155 id, len); 1156 1157 if (wpa_s->current_ssid == NULL) 1158 return; 1159 1160 if (id == NULL) { 1161 if (wpa_config_set(wpa_s->current_ssid, "anonymous_identity", 1162 "NULL", 0) < 0) 1163 return; 1164 } else { 1165 str = os_malloc(len * 2 + 1); 1166 if (str == NULL) 1167 return; 1168 wpa_snprintf_hex(str, len * 2 + 1, id, len); 1169 res = wpa_config_set(wpa_s->current_ssid, "anonymous_identity", 1170 str, 0); 1171 os_free(str); 1172 if (res < 0) 1173 return; 1174 } 1175 1176 if (wpa_s->conf->update_config) { 1177 res = wpa_config_write(wpa_s->confname, wpa_s->conf); 1178 if (res) { 1179 wpa_printf(MSG_DEBUG, "Failed to update config after " 1180 "anonymous_id update"); 1181 } 1182 } 1183 } 1184 1185 wpas_encryption_required(void * ctx)1186 static bool wpas_encryption_required(void *ctx) 1187 { 1188 struct wpa_supplicant *wpa_s = ctx; 1189 1190 return wpa_s->wpa && 1191 wpa_sm_has_ptk_installed(wpa_s->wpa) && 1192 wpa_sm_pmf_enabled(wpa_s->wpa); 1193 } 1194 1195 #endif /* IEEE8021X_EAPOL */ 1196 1197 wpa_supplicant_init_eapol(struct wpa_supplicant * wpa_s)1198 int wpa_supplicant_init_eapol(struct wpa_supplicant *wpa_s) 1199 { 1200 #ifdef IEEE8021X_EAPOL 1201 struct eapol_ctx *ctx; 1202 ctx = os_zalloc(sizeof(*ctx)); 1203 if (ctx == NULL) { 1204 wpa_printf(MSG_ERROR, "Failed to allocate EAPOL context."); 1205 return -1; 1206 } 1207 1208 ctx->ctx = wpa_s; 1209 ctx->msg_ctx = wpa_s; 1210 ctx->eapol_send_ctx = wpa_s; 1211 ctx->preauth = 0; 1212 ctx->eapol_done_cb = wpa_supplicant_notify_eapol_done; 1213 ctx->eapol_send = wpa_supplicant_eapol_send; 1214 #ifdef CONFIG_WEP 1215 ctx->set_wep_key = wpa_eapol_set_wep_key; 1216 #endif /* CONFIG_WEP */ 1217 #ifndef CONFIG_NO_CONFIG_BLOBS 1218 ctx->set_config_blob = wpa_supplicant_set_config_blob; 1219 ctx->get_config_blob = wpa_supplicant_get_config_blob; 1220 #endif /* CONFIG_NO_CONFIG_BLOBS */ 1221 ctx->aborted_cached = wpa_supplicant_aborted_cached; 1222 #ifndef CONFIG_OPENSC_ENGINE_PATH 1223 ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path; 1224 #endif /* CONFIG_OPENSC_ENGINE_PATH */ 1225 #ifndef CONFIG_PKCS11_ENGINE_PATH 1226 ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path; 1227 #endif /* CONFIG_PKCS11_ENGINE_PATH */ 1228 #ifndef CONFIG_PKCS11_MODULE_PATH 1229 ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path; 1230 #endif /* CONFIG_PKCS11_MODULE_PATH */ 1231 ctx->openssl_ciphers = wpa_s->conf->openssl_ciphers; 1232 ctx->wps = wpa_s->wps; 1233 ctx->eap_param_needed = wpa_supplicant_eap_param_needed; 1234 #ifdef CONFIG_EAP_PROXY 1235 ctx->eap_proxy_cb = wpa_supplicant_eap_proxy_cb; 1236 ctx->eap_proxy_notify_sim_status = 1237 wpa_supplicant_eap_proxy_notify_sim_status; 1238 #endif /* CONFIG_EAP_PROXY */ 1239 ctx->port_cb = wpa_supplicant_port_cb; 1240 ctx->cb = wpa_supplicant_eapol_cb; 1241 ctx->cert_cb = wpa_supplicant_cert_cb; 1242 ctx->cert_in_cb = wpa_s->conf->cert_in_cb; 1243 ctx->status_cb = wpa_supplicant_status_cb; 1244 ctx->eap_error_cb = wpa_supplicant_eap_error_cb; 1245 ctx->confirm_auth_cb = wpa_supplicant_eap_auth_start_cb; 1246 ctx->set_anon_id = wpa_supplicant_set_anon_id; 1247 ctx->encryption_required = wpas_encryption_required; 1248 ctx->cb_ctx = wpa_s; 1249 wpa_s->eapol = eapol_sm_init(ctx); 1250 if (wpa_s->eapol == NULL) { 1251 os_free(ctx); 1252 wpa_printf(MSG_ERROR, "Failed to initialize EAPOL state " 1253 "machines."); 1254 return -1; 1255 } 1256 #endif /* IEEE8021X_EAPOL */ 1257 1258 return 0; 1259 } 1260 1261 1262 #ifndef CONFIG_NO_WPA 1263 wpa_supplicant_set_rekey_offload(void * ctx,const u8 * kek,size_t kek_len,const u8 * kck,size_t kck_len,const u8 * replay_ctr)1264 static void wpa_supplicant_set_rekey_offload(void *ctx, 1265 const u8 *kek, size_t kek_len, 1266 const u8 *kck, size_t kck_len, 1267 const u8 *replay_ctr) 1268 { 1269 struct wpa_supplicant *wpa_s = ctx; 1270 1271 wpa_drv_set_rekey_info(wpa_s, kek, kek_len, kck, kck_len, replay_ctr); 1272 } 1273 1274 wpa_supplicant_key_mgmt_set_pmk(void * ctx,const u8 * pmk,size_t pmk_len)1275 static int wpa_supplicant_key_mgmt_set_pmk(void *ctx, const u8 *pmk, 1276 size_t pmk_len) 1277 { 1278 struct wpa_supplicant *wpa_s = ctx; 1279 1280 if (wpa_s->conf->key_mgmt_offload && 1281 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_KEY_MGMT_OFFLOAD)) 1282 return wpa_drv_set_key(wpa_s, -1, 0, NULL, 0, 0, 1283 NULL, 0, pmk, pmk_len, KEY_FLAG_PMK); 1284 else 1285 return 0; 1286 } 1287 1288 wpa_supplicant_fils_hlp_rx(void * ctx,const u8 * dst,const u8 * src,const u8 * pkt,size_t pkt_len)1289 static void wpa_supplicant_fils_hlp_rx(void *ctx, const u8 *dst, const u8 *src, 1290 const u8 *pkt, size_t pkt_len) 1291 { 1292 struct wpa_supplicant *wpa_s = ctx; 1293 char *hex; 1294 size_t hexlen; 1295 1296 hexlen = pkt_len * 2 + 1; 1297 hex = os_malloc(hexlen); 1298 if (!hex) 1299 return; 1300 wpa_snprintf_hex(hex, hexlen, pkt, pkt_len); 1301 wpa_msg(wpa_s, MSG_INFO, FILS_HLP_RX "dst=" MACSTR " src=" MACSTR 1302 " frame=%s", MAC2STR(dst), MAC2STR(src), hex); 1303 os_free(hex); 1304 } 1305 1306 wpa_supplicant_channel_info(void * _wpa_s,struct wpa_channel_info * ci)1307 static int wpa_supplicant_channel_info(void *_wpa_s, 1308 struct wpa_channel_info *ci) 1309 { 1310 struct wpa_supplicant *wpa_s = _wpa_s; 1311 1312 return wpa_drv_channel_info(wpa_s, ci); 1313 } 1314 1315 disable_wpa_wpa2(struct wpa_ssid * ssid)1316 static void disable_wpa_wpa2(struct wpa_ssid *ssid) 1317 { 1318 ssid->proto &= ~WPA_PROTO_WPA; 1319 ssid->proto |= WPA_PROTO_RSN; 1320 ssid->key_mgmt &= ~(WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_FT_PSK | 1321 WPA_KEY_MGMT_PSK_SHA256); 1322 ssid->group_cipher &= ~WPA_CIPHER_TKIP; 1323 if (!(ssid->group_cipher & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP | 1324 WPA_CIPHER_GCMP_256 | WPA_CIPHER_CCMP_256))) 1325 ssid->group_cipher |= WPA_CIPHER_CCMP; 1326 ssid->ieee80211w = MGMT_FRAME_PROTECTION_REQUIRED; 1327 } 1328 1329 wpas_transition_disable(struct wpa_supplicant * wpa_s,u8 bitmap)1330 void wpas_transition_disable(struct wpa_supplicant *wpa_s, u8 bitmap) 1331 { 1332 struct wpa_ssid *ssid; 1333 int changed = 0; 1334 1335 wpa_msg(wpa_s, MSG_INFO, TRANSITION_DISABLE "%02x", bitmap); 1336 1337 ssid = wpa_s->current_ssid; 1338 if (!ssid) 1339 return; 1340 1341 #ifdef CONFIG_SAE 1342 if ((bitmap & TRANSITION_DISABLE_WPA3_PERSONAL) && 1343 wpa_key_mgmt_sae(wpa_s->key_mgmt) && 1344 wpa_key_mgmt_sae(ssid->key_mgmt) && 1345 (ssid->ieee80211w != MGMT_FRAME_PROTECTION_REQUIRED || 1346 (ssid->group_cipher & WPA_CIPHER_TKIP))) { 1347 wpa_printf(MSG_DEBUG, 1348 "WPA3-Personal transition mode disabled based on AP notification"); 1349 disable_wpa_wpa2(ssid); 1350 changed = 1; 1351 } 1352 1353 if ((bitmap & TRANSITION_DISABLE_SAE_PK) && 1354 wpa_key_mgmt_sae(wpa_s->key_mgmt) && 1355 #ifdef CONFIG_SME 1356 wpa_s->sme.sae.state == SAE_ACCEPTED && 1357 wpa_s->sme.sae.pk && 1358 #endif /* CONFIG_SME */ 1359 wpa_key_mgmt_sae(ssid->key_mgmt) && 1360 (ssid->sae_pk != SAE_PK_MODE_ONLY || 1361 ssid->ieee80211w != MGMT_FRAME_PROTECTION_REQUIRED || 1362 (ssid->group_cipher & WPA_CIPHER_TKIP))) { 1363 wpa_printf(MSG_DEBUG, 1364 "SAE-PK: SAE authentication without PK disabled based on AP notification"); 1365 disable_wpa_wpa2(ssid); 1366 ssid->sae_pk = SAE_PK_MODE_ONLY; 1367 changed = 1; 1368 } 1369 #endif /* CONFIG_SAE */ 1370 1371 if ((bitmap & TRANSITION_DISABLE_WPA3_ENTERPRISE) && 1372 wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) && 1373 (ssid->key_mgmt & (WPA_KEY_MGMT_IEEE8021X | 1374 WPA_KEY_MGMT_FT_IEEE8021X | 1375 WPA_KEY_MGMT_IEEE8021X_SHA256 | 1376 WPA_KEY_MGMT_IEEE8021X_SHA384)) && 1377 (ssid->ieee80211w != MGMT_FRAME_PROTECTION_REQUIRED || 1378 (ssid->group_cipher & WPA_CIPHER_TKIP))) { 1379 disable_wpa_wpa2(ssid); 1380 changed = 1; 1381 } 1382 1383 if ((bitmap & TRANSITION_DISABLE_ENHANCED_OPEN) && 1384 wpa_s->key_mgmt == WPA_KEY_MGMT_OWE && 1385 (ssid->key_mgmt & WPA_KEY_MGMT_OWE) && 1386 !ssid->owe_only) { 1387 ssid->owe_only = 1; 1388 changed = 1; 1389 } 1390 1391 if (!changed) 1392 return; 1393 1394 #ifndef CONFIG_NO_CONFIG_WRITE 1395 if (wpa_s->conf->update_config && 1396 wpa_config_write(wpa_s->confname, wpa_s->conf)) 1397 wpa_printf(MSG_DEBUG, "Failed to update configuration"); 1398 #endif /* CONFIG_NO_CONFIG_WRITE */ 1399 } 1400 1401 wpa_supplicant_transition_disable(void * _wpa_s,u8 bitmap)1402 static void wpa_supplicant_transition_disable(void *_wpa_s, u8 bitmap) 1403 { 1404 struct wpa_supplicant *wpa_s = _wpa_s; 1405 wpas_transition_disable(wpa_s, bitmap); 1406 } 1407 1408 wpa_supplicant_store_ptk(void * ctx,const u8 * addr,int cipher,u32 life_time,const struct wpa_ptk * ptk)1409 static void wpa_supplicant_store_ptk(void *ctx, const u8 *addr, int cipher, 1410 u32 life_time, const struct wpa_ptk *ptk) 1411 { 1412 struct wpa_supplicant *wpa_s = ctx; 1413 1414 ptksa_cache_add(wpa_s->ptksa, wpa_s->own_addr, addr, cipher, life_time, 1415 ptk, NULL, NULL, 0); 1416 } 1417 1418 1419 #ifdef CONFIG_PASN wpa_supplicant_set_ltf_keyseed(void * _wpa_s,const u8 * own_addr,const u8 * peer_addr,size_t ltf_keyseed_len,const u8 * ltf_keyseed)1420 static int wpa_supplicant_set_ltf_keyseed(void *_wpa_s, const u8 *own_addr, 1421 const u8 *peer_addr, 1422 size_t ltf_keyseed_len, 1423 const u8 *ltf_keyseed) 1424 { 1425 struct wpa_supplicant *wpa_s = _wpa_s; 1426 1427 return wpa_drv_set_secure_ranging_ctx(wpa_s, own_addr, peer_addr, 0, 0, 1428 NULL, ltf_keyseed_len, 1429 ltf_keyseed, 0); 1430 } 1431 #endif /* CONFIG_PASN */ 1432 1433 1434 static void wpa_supplicant_notify_pmksa_cache_entry(void * _wpa_s,struct rsn_pmksa_cache_entry * entry)1435 wpa_supplicant_notify_pmksa_cache_entry(void *_wpa_s, 1436 struct rsn_pmksa_cache_entry *entry) 1437 { 1438 struct wpa_supplicant *wpa_s = _wpa_s; 1439 1440 wpas_notify_pmk_cache_added(wpa_s, entry); 1441 } 1442 1443 wpa_supplicant_ssid_verified(void * _wpa_s)1444 static void wpa_supplicant_ssid_verified(void *_wpa_s) 1445 { 1446 struct wpa_supplicant *wpa_s = _wpa_s; 1447 1448 wpa_s->ssid_verified = true; 1449 wpa_msg(wpa_s, MSG_INFO, "RSN: SSID matched expected value"); 1450 } 1451 1452 #endif /* CONFIG_NO_WPA */ 1453 1454 wpa_supplicant_init_wpa(struct wpa_supplicant * wpa_s)1455 int wpa_supplicant_init_wpa(struct wpa_supplicant *wpa_s) 1456 { 1457 #ifndef CONFIG_NO_WPA 1458 struct wpa_sm_ctx *ctx; 1459 1460 wpa_s->ptksa = ptksa_cache_init(); 1461 if (!wpa_s->ptksa) { 1462 wpa_printf(MSG_ERROR, "Failed to allocate PTKSA"); 1463 return -1; 1464 } 1465 1466 ctx = os_zalloc(sizeof(*ctx)); 1467 if (ctx == NULL) { 1468 wpa_printf(MSG_ERROR, "Failed to allocate WPA context."); 1469 1470 ptksa_cache_deinit(wpa_s->ptksa); 1471 wpa_s->ptksa = NULL; 1472 1473 return -1; 1474 } 1475 1476 ctx->ctx = wpa_s; 1477 ctx->msg_ctx = wpa_s; 1478 ctx->set_state = _wpa_supplicant_set_state; 1479 ctx->get_state = _wpa_supplicant_get_state; 1480 ctx->deauthenticate = _wpa_supplicant_deauthenticate; 1481 ctx->reconnect = _wpa_supplicant_reconnect; 1482 ctx->set_key = wpa_supplicant_set_key; 1483 ctx->get_network_ctx = wpa_supplicant_get_network_ctx; 1484 ctx->get_bssid = wpa_supplicant_get_bssid; 1485 ctx->ether_send = _wpa_ether_send; 1486 ctx->get_beacon_ie = wpa_supplicant_get_beacon_ie; 1487 ctx->alloc_eapol = _wpa_alloc_eapol; 1488 ctx->cancel_auth_timeout = _wpa_supplicant_cancel_auth_timeout; 1489 ctx->add_pmkid = wpa_supplicant_add_pmkid; 1490 ctx->remove_pmkid = wpa_supplicant_remove_pmkid; 1491 #ifndef CONFIG_NO_CONFIG_BLOBS 1492 ctx->set_config_blob = wpa_supplicant_set_config_blob; 1493 ctx->get_config_blob = wpa_supplicant_get_config_blob; 1494 #endif /* CONFIG_NO_CONFIG_BLOBS */ 1495 ctx->mlme_setprotection = wpa_supplicant_mlme_setprotection; 1496 #ifdef CONFIG_IEEE80211R 1497 ctx->update_ft_ies = wpa_supplicant_update_ft_ies; 1498 ctx->send_ft_action = wpa_supplicant_send_ft_action; 1499 ctx->mark_authenticated = wpa_supplicant_mark_authenticated; 1500 #endif /* CONFIG_IEEE80211R */ 1501 #ifdef CONFIG_TDLS 1502 ctx->tdls_get_capa = wpa_supplicant_tdls_get_capa; 1503 ctx->send_tdls_mgmt = wpa_supplicant_send_tdls_mgmt; 1504 ctx->tdls_oper = wpa_supplicant_tdls_oper; 1505 ctx->tdls_peer_addset = wpa_supplicant_tdls_peer_addset; 1506 ctx->tdls_enable_channel_switch = 1507 wpa_supplicant_tdls_enable_channel_switch; 1508 ctx->tdls_disable_channel_switch = 1509 wpa_supplicant_tdls_disable_channel_switch; 1510 #endif /* CONFIG_TDLS */ 1511 ctx->set_rekey_offload = wpa_supplicant_set_rekey_offload; 1512 ctx->key_mgmt_set_pmk = wpa_supplicant_key_mgmt_set_pmk; 1513 ctx->fils_hlp_rx = wpa_supplicant_fils_hlp_rx; 1514 ctx->channel_info = wpa_supplicant_channel_info; 1515 ctx->transition_disable = wpa_supplicant_transition_disable; 1516 ctx->store_ptk = wpa_supplicant_store_ptk; 1517 #ifdef CONFIG_PASN 1518 ctx->set_ltf_keyseed = wpa_supplicant_set_ltf_keyseed; 1519 #endif /* CONFIG_PASN */ 1520 ctx->notify_pmksa_cache_entry = wpa_supplicant_notify_pmksa_cache_entry; 1521 ctx->ssid_verified = wpa_supplicant_ssid_verified; 1522 1523 wpa_s->wpa = wpa_sm_init(ctx); 1524 if (wpa_s->wpa == NULL) { 1525 wpa_printf(MSG_ERROR, 1526 "Failed to initialize WPA state machine"); 1527 os_free(ctx); 1528 ptksa_cache_deinit(wpa_s->ptksa); 1529 wpa_s->ptksa = NULL; 1530 return -1; 1531 } 1532 #endif /* CONFIG_NO_WPA */ 1533 1534 return 0; 1535 } 1536 1537 wpa_supplicant_rsn_supp_set_config(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)1538 void wpa_supplicant_rsn_supp_set_config(struct wpa_supplicant *wpa_s, 1539 struct wpa_ssid *ssid) 1540 { 1541 struct rsn_supp_config conf; 1542 if (ssid) { 1543 os_memset(&conf, 0, sizeof(conf)); 1544 conf.network_ctx = ssid; 1545 conf.allowed_pairwise_cipher = ssid->pairwise_cipher; 1546 #ifdef IEEE8021X_EAPOL 1547 conf.proactive_key_caching = ssid->proactive_key_caching < 0 ? 1548 wpa_s->conf->okc : ssid->proactive_key_caching; 1549 conf.eap_workaround = ssid->eap_workaround; 1550 conf.eap_conf_ctx = &ssid->eap; 1551 #endif /* IEEE8021X_EAPOL */ 1552 conf.ssid = ssid->ssid; 1553 conf.ssid_len = ssid->ssid_len; 1554 conf.wpa_ptk_rekey = ssid->wpa_ptk_rekey; 1555 conf.wpa_deny_ptk0_rekey = ssid->wpa_deny_ptk0_rekey; 1556 conf.owe_ptk_workaround = ssid->owe_ptk_workaround; 1557 #ifdef CONFIG_P2P 1558 if (ssid->p2p_group && wpa_s->current_bss && 1559 !wpa_s->p2p_disable_ip_addr_req) { 1560 struct wpabuf *p2p; 1561 p2p = wpa_bss_get_vendor_ie_multi(wpa_s->current_bss, 1562 P2P_IE_VENDOR_TYPE); 1563 if (p2p) { 1564 u8 group_capab; 1565 group_capab = p2p_get_group_capab(p2p); 1566 if (group_capab & 1567 P2P_GROUP_CAPAB_IP_ADDR_ALLOCATION) 1568 conf.p2p = 1; 1569 wpabuf_free(p2p); 1570 } 1571 } 1572 #endif /* CONFIG_P2P */ 1573 conf.wpa_rsc_relaxation = wpa_s->conf->wpa_rsc_relaxation; 1574 #ifdef CONFIG_FILS 1575 if (wpa_key_mgmt_fils(wpa_s->key_mgmt)) 1576 conf.fils_cache_id = 1577 wpa_bss_get_fils_cache_id(wpa_s->current_bss); 1578 #endif /* CONFIG_FILS */ 1579 if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_BEACON_PROTECTION) || 1580 (wpa_s->drv_flags2 & 1581 WPA_DRIVER_FLAGS2_BEACON_PROTECTION_CLIENT)) 1582 conf.beacon_prot = ssid->beacon_prot; 1583 1584 #ifdef CONFIG_PASN 1585 #ifdef CONFIG_TESTING_OPTIONS 1586 conf.force_kdk_derivation = wpa_s->conf->force_kdk_derivation; 1587 #endif /* CONFIG_TESTING_OPTIONS */ 1588 #endif /* CONFIG_PASN */ 1589 } 1590 wpa_sm_set_config(wpa_s->wpa, ssid ? &conf : NULL); 1591 } 1592