3 * Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi>
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License version 2 as
7 * published by the Free Software Foundation.
9 * Alternatively, this software may be distributed under the terms of BSD
12 * See README and COPYING for more details.
14 * This file implements functions for registering and unregistering
15 * %wpa_supplicant interfaces. In addition, this file contains number of
16 * functions for managing network connections.
28 #include "wpa_supplicant.h"
30 #include "l2_packet.h"
31 #include "wpa_supplicant_i.h"
32 #include "ctrl_iface.h"
33 #include "ctrl_iface_dbus.h"
34 #include "pcsc_funcs.h"
37 #include "pmksa_cache.h"
41 const char *wpa_supplicant_version =
42 "wpa_supplicant v" VERSION_STR "\n"
43 "Copyright (c) 2003-2007, Jouni Malinen <j@w1.fi> and contributors";
45 const char *wpa_supplicant_license =
46 "This program is free software. You can distribute it and/or modify it\n"
47 "under the terms of the GNU General Public License version 2.\n"
49 "Alternatively, this software may be distributed under the terms of the\n"
50 "BSD license. See README and COPYING for more details.\n"
51 #ifdef EAP_TLS_OPENSSL
52 "\nThis product includes software developed by the OpenSSL Project\n"
53 "for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
54 #endif /* EAP_TLS_OPENSSL */
57 #ifndef CONFIG_NO_STDOUT_DEBUG
58 /* Long text divided into parts in order to fit in C89 strings size limits. */
59 const char *wpa_supplicant_full_license1 =
60 "This program is free software; you can redistribute it and/or modify\n"
61 "it under the terms of the GNU General Public License version 2 as\n"
62 "published by the Free Software Foundation.\n"
64 "This program is distributed in the hope that it will be useful,\n"
65 "but WITHOUT ANY WARRANTY; without even the implied warranty of\n"
66 "MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n"
67 "GNU General Public License for more details.\n"
69 const char *wpa_supplicant_full_license2 =
70 "You should have received a copy of the GNU General Public License\n"
71 "along with this program; if not, write to the Free Software\n"
72 "Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA\n"
74 "Alternatively, this software may be distributed under the terms of the\n"
77 "Redistribution and use in source and binary forms, with or without\n"
78 "modification, are permitted provided that the following conditions are\n"
81 const char *wpa_supplicant_full_license3 =
82 "1. Redistributions of source code must retain the above copyright\n"
83 " notice, this list of conditions and the following disclaimer.\n"
85 "2. Redistributions in binary form must reproduce the above copyright\n"
86 " notice, this list of conditions and the following disclaimer in the\n"
87 " documentation and/or other materials provided with the distribution.\n"
89 const char *wpa_supplicant_full_license4 =
90 "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
91 " names of its contributors may be used to endorse or promote products\n"
92 " derived from this software without specific prior written permission.\n"
94 "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
95 "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
96 "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
97 "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
98 const char *wpa_supplicant_full_license5 =
99 "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
100 "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
101 "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
102 "DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
103 "THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
104 "(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
105 "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
107 #endif /* CONFIG_NO_STDOUT_DEBUG */
109 extern struct wpa_driver_ops *wpa_supplicant_drivers[];
111 extern int wpa_debug_use_file;
112 extern int wpa_debug_level;
113 extern int wpa_debug_show_keys;
114 extern int wpa_debug_timestamp;
116 static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx);
118 #if defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA)
119 static u8 * wpa_alloc_eapol(const struct wpa_supplicant *wpa_s, u8 type,
120 const void *data, u16 data_len,
121 size_t *msg_len, void **data_pos)
123 struct ieee802_1x_hdr *hdr;
125 *msg_len = sizeof(*hdr) + data_len;
126 hdr = os_malloc(*msg_len);
130 hdr->version = wpa_s->conf->eapol_version;
132 hdr->length = host_to_be16(data_len);
135 os_memcpy(hdr + 1, data, data_len);
137 os_memset(hdr + 1, 0, data_len);
147 * wpa_ether_send - Send Ethernet frame
148 * @wpa_s: Pointer to wpa_supplicant data
149 * @dest: Destination MAC address
150 * @proto: Ethertype in host byte order
151 * @buf: Frame payload starting from IEEE 802.1X header
152 * @len: Frame payload length
153 * Returns: >=0 on success, <0 on failure
155 static int wpa_ether_send(struct wpa_supplicant *wpa_s, const u8 *dest,
156 u16 proto, const u8 *buf, size_t len)
159 return l2_packet_send(wpa_s->l2, dest, proto, buf, len);
162 return wpa_drv_send_eapol(wpa_s, dest, proto, buf, len);
164 #endif /* IEEE8021X_EAPOL || !CONFIG_NO_WPA */
167 #ifdef IEEE8021X_EAPOL
169 * wpa_supplicant_eapol_send - Send IEEE 802.1X EAPOL packet to Authenticator
170 * @ctx: Pointer to wpa_supplicant data (wpa_s)
171 * @type: IEEE 802.1X packet type (IEEE802_1X_TYPE_*)
172 * @buf: EAPOL payload (after IEEE 802.1X header)
173 * @len: EAPOL payload length
174 * Returns: >=0 on success, <0 on failure
176 * This function adds Ethernet and IEEE 802.1X header and sends the EAPOL frame
177 * to the current Authenticator.
179 static int wpa_supplicant_eapol_send(void *ctx, int type, const u8 *buf,
182 struct wpa_supplicant *wpa_s = ctx;
183 u8 *msg, *dst, bssid[ETH_ALEN];
187 /* TODO: could add l2_packet_sendmsg that allows fragments to avoid
190 if (wpa_s->key_mgmt == WPA_KEY_MGMT_PSK ||
191 wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
192 /* Current SSID is not using IEEE 802.1X/EAP, so drop possible
193 * EAPOL frames (mainly, EAPOL-Start) from EAPOL state
195 wpa_printf(MSG_DEBUG, "WPA: drop TX EAPOL in non-IEEE 802.1X "
196 "mode (type=%d len=%lu)", type,
197 (unsigned long) len);
201 if (pmksa_cache_get_current(wpa_s->wpa) &&
202 type == IEEE802_1X_TYPE_EAPOL_START) {
203 /* Trying to use PMKSA caching - do not send EAPOL-Start frames
204 * since they will trigger full EAPOL authentication. */
205 wpa_printf(MSG_DEBUG, "RSN: PMKSA caching - do not send "
210 if (os_memcmp(wpa_s->bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0)
212 wpa_printf(MSG_DEBUG, "BSSID not set when trying to send an "
214 if (wpa_drv_get_bssid(wpa_s, bssid) == 0 &&
215 os_memcmp(bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) !=
218 wpa_printf(MSG_DEBUG, "Using current BSSID " MACSTR
219 " from the driver as the EAPOL destination",
222 dst = wpa_s->last_eapol_src;
223 wpa_printf(MSG_DEBUG, "Using the source address of the"
224 " last received EAPOL frame " MACSTR " as "
225 "the EAPOL destination",
229 /* BSSID was already set (from (Re)Assoc event, so use it as
230 * the EAPOL destination. */
234 msg = wpa_alloc_eapol(wpa_s, type, buf, len, &msglen, NULL);
238 wpa_hexdump(MSG_MSGDUMP, "TX EAPOL", msg, msglen);
239 res = wpa_ether_send(wpa_s, dst, ETH_P_EAPOL, msg, msglen);
246 * wpa_eapol_set_wep_key - set WEP key for the driver
247 * @ctx: Pointer to wpa_supplicant data (wpa_s)
248 * @unicast: 1 = individual unicast key, 0 = broadcast key
249 * @keyidx: WEP key index (0..3)
250 * @key: Pointer to key data
251 * @keylen: Key length in bytes
252 * Returns: 0 on success or < 0 on error.
254 static int wpa_eapol_set_wep_key(void *ctx, int unicast, int keyidx,
255 const u8 *key, size_t keylen)
257 struct wpa_supplicant *wpa_s = ctx;
258 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
259 int cipher = (keylen == 5) ? WPA_CIPHER_WEP40 :
262 wpa_s->pairwise_cipher = cipher;
264 wpa_s->group_cipher = cipher;
266 return wpa_drv_set_key(wpa_s, WPA_ALG_WEP,
267 unicast ? wpa_s->bssid :
268 (u8 *) "\xff\xff\xff\xff\xff\xff",
269 keyidx, unicast, (u8 *) "", 0, key, keylen);
273 static void wpa_supplicant_aborted_cached(void *ctx)
275 struct wpa_supplicant *wpa_s = ctx;
276 wpa_sm_aborted_cached(wpa_s->wpa);
279 #endif /* IEEE8021X_EAPOL */
282 #if defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA)
283 static void wpa_supplicant_set_config_blob(void *ctx,
284 struct wpa_config_blob *blob)
286 struct wpa_supplicant *wpa_s = ctx;
287 wpa_config_set_blob(wpa_s->conf, blob);
291 static const struct wpa_config_blob *
292 wpa_supplicant_get_config_blob(void *ctx, const char *name)
294 struct wpa_supplicant *wpa_s = ctx;
295 return wpa_config_get_blob(wpa_s->conf, name);
297 #endif /* defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA) */
300 /* Configure default/group WEP key for static WEP */
301 static int wpa_set_wep_key(void *ctx, int set_tx, int keyidx, const u8 *key,
304 struct wpa_supplicant *wpa_s = ctx;
305 return wpa_drv_set_key(wpa_s, WPA_ALG_WEP,
306 (u8 *) "\xff\xff\xff\xff\xff\xff",
307 keyidx, set_tx, (u8 *) "", 0, key, keylen);
311 static int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
312 struct wpa_ssid *ssid)
319 /* IBSS/WPA-None uses only one key (Group) for both receiving and
320 * sending unicast and multicast packets. */
322 if (ssid->mode != IEEE80211_MODE_IBSS) {
323 wpa_printf(MSG_INFO, "WPA: Invalid mode %d (not IBSS/ad-hoc) "
324 "for WPA-None", ssid->mode);
328 if (!ssid->psk_set) {
329 wpa_printf(MSG_INFO, "WPA: No PSK configured for WPA-None");
333 switch (wpa_s->group_cipher) {
334 case WPA_CIPHER_CCMP:
335 os_memcpy(key, ssid->psk, 16);
339 case WPA_CIPHER_TKIP:
340 /* WPA-None uses the same Michael MIC key for both TX and RX */
341 os_memcpy(key, ssid->psk, 16 + 8);
342 os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
347 wpa_printf(MSG_INFO, "WPA: Invalid group cipher %d for "
348 "WPA-None", wpa_s->group_cipher);
352 /* TODO: should actually remember the previously used seq#, both for TX
353 * and RX from each STA.. */
355 return wpa_drv_set_key(wpa_s, alg, (u8 *) "\xff\xff\xff\xff\xff\xff",
356 0, 1, seq, 6, key, keylen);
360 #ifdef IEEE8021X_EAPOL
361 static void wpa_supplicant_notify_eapol_done(void *ctx)
363 struct wpa_supplicant *wpa_s = ctx;
364 wpa_msg(wpa_s, MSG_DEBUG, "WPA: EAPOL processing complete");
365 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X) {
366 wpa_supplicant_set_state(wpa_s, WPA_4WAY_HANDSHAKE);
368 eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL);
369 wpa_supplicant_cancel_auth_timeout(wpa_s);
370 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
373 #endif /* IEEE8021X_EAPOL */
377 * wpa_blacklist_get - Get the blacklist entry for a BSSID
378 * @wpa_s: Pointer to wpa_supplicant data
380 * Returns: Matching blacklist entry for the BSSID or %NULL if not found
382 struct wpa_blacklist * wpa_blacklist_get(struct wpa_supplicant *wpa_s,
385 struct wpa_blacklist *e;
387 e = wpa_s->blacklist;
389 if (os_memcmp(e->bssid, bssid, ETH_ALEN) == 0)
399 * wpa_blacklist_add - Add an BSSID to the blacklist
400 * @wpa_s: Pointer to wpa_supplicant data
401 * @bssid: BSSID to be added to the blacklist
402 * Returns: 0 on success, -1 on failure
404 * This function adds the specified BSSID to the blacklist or increases the
405 * blacklist count if the BSSID was already listed. It should be called when
406 * an association attempt fails either due to the selected BSS rejecting
407 * association or due to timeout.
409 * This blacklist is used to force %wpa_supplicant to go through all available
410 * BSSes before retrying to associate with an BSS that rejected or timed out
411 * association. It does not prevent the listed BSS from being used; it only
412 * changes the order in which they are tried.
414 int wpa_blacklist_add(struct wpa_supplicant *wpa_s, const u8 *bssid)
416 struct wpa_blacklist *e;
418 e = wpa_blacklist_get(wpa_s, bssid);
421 wpa_printf(MSG_DEBUG, "BSSID " MACSTR " blacklist count "
423 MAC2STR(bssid), e->count);
427 e = os_zalloc(sizeof(*e));
430 os_memcpy(e->bssid, bssid, ETH_ALEN);
432 e->next = wpa_s->blacklist;
433 wpa_s->blacklist = e;
434 wpa_printf(MSG_DEBUG, "Added BSSID " MACSTR " into blacklist",
441 static int wpa_blacklist_del(struct wpa_supplicant *wpa_s, const u8 *bssid)
443 struct wpa_blacklist *e, *prev = NULL;
445 e = wpa_s->blacklist;
447 if (os_memcmp(e->bssid, bssid, ETH_ALEN) == 0) {
449 wpa_s->blacklist = e->next;
451 prev->next = e->next;
453 wpa_printf(MSG_DEBUG, "Removed BSSID " MACSTR " from "
454 "blacklist", MAC2STR(bssid));
466 * wpa_blacklist_clear - Clear the blacklist of all entries
467 * @wpa_s: Pointer to wpa_supplicant data
469 void wpa_blacklist_clear(struct wpa_supplicant *wpa_s)
471 struct wpa_blacklist *e, *prev;
473 e = wpa_s->blacklist;
474 wpa_s->blacklist = NULL;
478 wpa_printf(MSG_DEBUG, "Removed BSSID " MACSTR " from "
479 "blacklist (clear)", MAC2STR(prev->bssid));
486 * wpa_supplicant_req_scan - Schedule a scan for neighboring access points
487 * @wpa_s: Pointer to wpa_supplicant data
488 * @sec: Number of seconds after which to scan
489 * @usec: Number of microseconds after which to scan
491 * This function is used to schedule a scan for neighboring access points after
492 * the specified time.
494 void wpa_supplicant_req_scan(struct wpa_supplicant *wpa_s, int sec, int usec)
496 wpa_msg(wpa_s, MSG_DEBUG, "Setting scan request: %d sec %d usec",
498 eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL);
499 eloop_register_timeout(sec, usec, wpa_supplicant_scan, wpa_s, NULL);
504 * wpa_supplicant_cancel_scan - Cancel a scheduled scan request
505 * @wpa_s: Pointer to wpa_supplicant data
507 * This function is used to cancel a scan request scheduled with
508 * wpa_supplicant_req_scan().
510 void wpa_supplicant_cancel_scan(struct wpa_supplicant *wpa_s)
512 wpa_msg(wpa_s, MSG_DEBUG, "Cancelling scan request");
513 eloop_cancel_timeout(wpa_supplicant_scan, wpa_s, NULL);
517 static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
519 struct wpa_supplicant *wpa_s = eloop_ctx;
520 const u8 *bssid = wpa_s->bssid;
521 if (os_memcmp(bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0)
522 bssid = wpa_s->pending_bssid;
523 wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
524 MAC2STR(wpa_s->bssid));
525 wpa_blacklist_add(wpa_s, bssid);
526 wpa_sm_notify_disassoc(wpa_s->wpa);
527 wpa_supplicant_disassociate(wpa_s, REASON_DEAUTH_LEAVING);
528 wpa_s->reassociate = 1;
529 wpa_supplicant_req_scan(wpa_s, 0, 0);
534 * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
535 * @wpa_s: Pointer to wpa_supplicant data
536 * @sec: Number of seconds after which to time out authentication
537 * @usec: Number of microseconds after which to time out authentication
539 * This function is used to schedule a timeout for the current authentication
542 void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
545 if (wpa_s->conf && wpa_s->conf->ap_scan == 0 &&
546 wpa_s->driver && os_strcmp(wpa_s->driver->name, "wired") == 0)
549 wpa_msg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
550 "%d usec", sec, usec);
551 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
552 eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
557 * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
558 * @wpa_s: Pointer to wpa_supplicant data
560 * This function is used to cancel authentication timeout scheduled with
561 * wpa_supplicant_req_auth_timeout() and it is called when authentication has
564 void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
566 wpa_msg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
567 eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
568 wpa_blacklist_del(wpa_s, wpa_s->bssid);
573 * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
574 * @wpa_s: Pointer to wpa_supplicant data
576 * This function is used to configure EAPOL state machine based on the selected
577 * authentication mode.
579 void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
581 #ifdef IEEE8021X_EAPOL
582 struct eapol_config eapol_conf;
583 struct wpa_ssid *ssid = wpa_s->current_ssid;
585 if (wpa_s->key_mgmt == WPA_KEY_MGMT_PSK) {
586 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE);
587 eapol_sm_notify_eap_fail(wpa_s->eapol, FALSE);
589 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
590 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
591 eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
593 eapol_sm_notify_portControl(wpa_s->eapol, Auto);
595 os_memset(&eapol_conf, 0, sizeof(eapol_conf));
596 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
597 eapol_conf.accept_802_1x_keys = 1;
598 eapol_conf.required_keys = 0;
599 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
600 eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
602 if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
603 eapol_conf.required_keys |=
604 EAPOL_REQUIRE_KEY_BROADCAST;
607 if (wpa_s->conf && wpa_s->driver &&
608 os_strcmp(wpa_s->driver->name, "wired") == 0) {
609 eapol_conf.required_keys = 0;
613 eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
614 eapol_conf.workaround = ssid->eap_workaround;
615 eapol_conf.eap_disabled = wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X &&
616 wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA;
617 eapol_sm_notify_config(wpa_s->eapol, ssid, &eapol_conf);
618 #endif /* IEEE8021X_EAPOL */
623 * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
624 * @wpa_s: Pointer to wpa_supplicant data
625 * @ssid: Configuration data for the network
627 * This function is used to configure WPA state machine and related parameters
628 * to a mode where WPA is not enabled. This is called as part of the
629 * authentication configuration when the selected network does not use WPA.
631 void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
632 struct wpa_ssid *ssid)
636 if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
637 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
639 wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
640 wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
641 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
642 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
643 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
644 wpa_s->group_cipher = WPA_CIPHER_NONE;
645 wpa_s->mgmt_group_cipher = 0;
647 for (i = 0; i < NUM_WEP_KEYS; i++) {
648 if (ssid->wep_key_len[i] > 5) {
649 wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
650 wpa_s->group_cipher = WPA_CIPHER_WEP104;
652 } else if (ssid->wep_key_len[i] > 0) {
653 wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
654 wpa_s->group_cipher = WPA_CIPHER_WEP40;
659 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
660 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
661 wpa_s->pairwise_cipher);
662 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
663 #ifdef CONFIG_IEEE80211W
664 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
665 wpa_s->mgmt_group_cipher);
666 #endif /* CONFIG_IEEE80211W */
668 pmksa_cache_clear_current(wpa_s->wpa);
672 static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
674 scard_deinit(wpa_s->scard);
676 wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
677 eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
678 l2_packet_deinit(wpa_s->l2);
681 l2_packet_deinit(wpa_s->l2_br);
685 if (wpa_s->ctrl_iface) {
686 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
687 wpa_s->ctrl_iface = NULL;
689 if (wpa_s->conf != NULL) {
690 wpa_config_free(wpa_s->conf);
694 os_free(wpa_s->confname);
695 wpa_s->confname = NULL;
697 wpa_sm_set_eapol(wpa_s->wpa, NULL);
698 eapol_sm_deinit(wpa_s->eapol);
701 rsn_preauth_deinit(wpa_s->wpa);
703 pmksa_candidate_free(wpa_s->wpa);
704 wpa_sm_deinit(wpa_s->wpa);
706 wpa_blacklist_clear(wpa_s);
708 os_free(wpa_s->scan_results);
709 wpa_s->scan_results = NULL;
710 wpa_s->num_scan_results = 0;
712 wpa_supplicant_cancel_scan(wpa_s);
713 wpa_supplicant_cancel_auth_timeout(wpa_s);
715 ieee80211_sta_deinit(wpa_s);
720 * wpa_clear_keys - Clear keys configured for the driver
721 * @wpa_s: Pointer to wpa_supplicant data
722 * @addr: Previously used BSSID or %NULL if not available
724 * This function clears the encryption keys that has been previously configured
727 void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
729 u8 *bcast = (u8 *) "\xff\xff\xff\xff\xff\xff";
731 if (wpa_s->keys_cleared) {
732 /* Some drivers (e.g., ndiswrapper & NDIS drivers) seem to have
733 * timing issues with keys being cleared just before new keys
734 * are set or just after association or something similar. This
735 * shows up in group key handshake failing often because of the
736 * client not receiving the first encrypted packets correctly.
737 * Skipping some of the extra key clearing steps seems to help
738 * in completing group key handshake more reliably. */
739 wpa_printf(MSG_DEBUG, "No keys have been configured - "
740 "skip key clearing");
744 /* MLME-DELETEKEYS.request */
745 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 0, 0, NULL, 0, NULL, 0);
746 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 1, 0, NULL, 0, NULL, 0);
747 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 2, 0, NULL, 0, NULL, 0);
748 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, bcast, 3, 0, NULL, 0, NULL, 0);
750 wpa_drv_set_key(wpa_s, WPA_ALG_NONE, addr, 0, 0, NULL, 0, NULL,
752 /* MLME-SETPROTECTION.request(None) */
753 wpa_drv_mlme_setprotection(
755 MLME_SETPROTECTION_PROTECT_TYPE_NONE,
756 MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
758 wpa_s->keys_cleared = 1;
763 * wpa_supplicant_state_txt - Get the connection state name as a text string
764 * @state: State (wpa_state; WPA_*)
765 * Returns: The state name as a printable text string
767 const char * wpa_supplicant_state_txt(int state)
770 case WPA_DISCONNECTED:
771 return "DISCONNECTED";
776 case WPA_ASSOCIATING:
777 return "ASSOCIATING";
780 case WPA_4WAY_HANDSHAKE:
781 return "4WAY_HANDSHAKE";
782 case WPA_GROUP_HANDSHAKE:
783 return "GROUP_HANDSHAKE";
793 * wpa_supplicant_set_state - Set current connection state
794 * @wpa_s: Pointer to wpa_supplicant data
795 * @state: The new connection state
797 * This function is called whenever the connection state changes, e.g.,
798 * association is completed for WPA/WPA2 4-Way Handshake is started.
800 void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s, wpa_states state)
802 wpa_printf(MSG_DEBUG, "State: %s -> %s",
803 wpa_supplicant_state_txt(wpa_s->wpa_state),
804 wpa_supplicant_state_txt(state));
806 wpa_supplicant_dbus_notify_state_change(wpa_s, state,
809 if (state == WPA_COMPLETED && wpa_s->new_connection) {
810 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
811 struct wpa_ssid *ssid = wpa_s->current_ssid;
812 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
813 MACSTR " completed %s [id=%d id_str=%s]",
814 MAC2STR(wpa_s->bssid), wpa_s->reassociated_connection ?
815 "(reauth)" : "(auth)",
816 ssid ? ssid->id : -1,
817 ssid && ssid->id_str ? ssid->id_str : "");
818 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
819 wpa_s->new_connection = 0;
820 wpa_s->reassociated_connection = 1;
821 wpa_drv_set_operstate(wpa_s, 1);
822 } else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
823 state == WPA_ASSOCIATED) {
824 wpa_s->new_connection = 1;
825 wpa_drv_set_operstate(wpa_s, 0);
827 wpa_s->wpa_state = state;
832 * wpa_supplicant_get_state - Get the connection state
833 * @wpa_s: Pointer to wpa_supplicant data
834 * Returns: The current connection state (WPA_*)
836 wpa_states wpa_supplicant_get_state(struct wpa_supplicant *wpa_s)
838 return wpa_s->wpa_state;
842 static void wpa_supplicant_terminate(int sig, void *eloop_ctx,
845 struct wpa_global *global = eloop_ctx;
846 struct wpa_supplicant *wpa_s;
847 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
848 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING "- signal %d "
855 static void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
857 wpa_s->pairwise_cipher = 0;
858 wpa_s->group_cipher = 0;
859 wpa_s->mgmt_group_cipher = 0;
861 wpa_s->wpa_state = WPA_DISCONNECTED;
866 * wpa_supplicant_reload_configuration - Reload configuration data
867 * @wpa_s: Pointer to wpa_supplicant data
868 * Returns: 0 on success or -1 if configuration parsing failed
870 * This function can be used to request that the configuration data is reloaded
871 * (e.g., after configuration file change). This function is reloading
872 * configuration only for one interface, so this may need to be called multiple
873 * times if %wpa_supplicant is controlling multiple interfaces and all
874 * interfaces need reconfiguration.
876 int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
878 struct wpa_config *conf;
880 if (wpa_s->confname == NULL)
882 conf = wpa_config_read(wpa_s->confname);
884 wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
885 "file '%s' - exiting", wpa_s->confname);
889 reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
890 || (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
891 os_strcmp(conf->ctrl_interface,
892 wpa_s->conf->ctrl_interface) != 0);
894 if (reconf_ctrl && wpa_s->ctrl_iface) {
895 wpa_supplicant_ctrl_iface_deinit(wpa_s->ctrl_iface);
896 wpa_s->ctrl_iface = NULL;
899 eapol_sm_invalidate_cached_session(wpa_s->eapol);
900 wpa_s->current_ssid = NULL;
902 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
903 * pkcs11_engine_path, pkcs11_module_path.
905 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
906 wpa_sm_set_config(wpa_s->wpa, NULL);
907 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
908 rsn_preauth_deinit(wpa_s->wpa);
909 wpa_config_free(wpa_s->conf);
912 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
914 wpa_supplicant_clear_status(wpa_s);
915 wpa_s->reassociate = 1;
916 wpa_supplicant_req_scan(wpa_s, 0, 0);
917 wpa_msg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
922 static void wpa_supplicant_reconfig(int sig, void *eloop_ctx,
925 struct wpa_global *global = eloop_ctx;
926 struct wpa_supplicant *wpa_s;
927 wpa_printf(MSG_DEBUG, "Signal %d received - reconfiguring", sig);
928 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
929 if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
936 static void wpa_supplicant_gen_assoc_event(struct wpa_supplicant *wpa_s)
938 struct wpa_ssid *ssid;
939 union wpa_event_data data;
941 ssid = wpa_supplicant_get_ssid(wpa_s);
945 if (wpa_s->current_ssid == NULL)
946 wpa_s->current_ssid = ssid;
947 wpa_supplicant_initiate_eapol(wpa_s);
948 wpa_printf(MSG_DEBUG, "Already associated with a configured network - "
949 "generating associated event");
950 os_memset(&data, 0, sizeof(data));
951 wpa_supplicant_event(wpa_s, EVENT_ASSOC, &data);
955 static void wpa_supplicant_scan(void *eloop_ctx, void *timeout_ctx)
957 struct wpa_supplicant *wpa_s = eloop_ctx;
958 struct wpa_ssid *ssid;
959 int enabled, scan_req = 0, ret;
961 if (wpa_s->disconnected)
965 ssid = wpa_s->conf->ssid;
967 if (!ssid->disabled) {
973 if (!enabled && !wpa_s->scan_req) {
974 wpa_printf(MSG_DEBUG, "No enabled networks - do not scan");
975 wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
978 scan_req = wpa_s->scan_req;
981 if (wpa_s->conf->ap_scan != 0 &&
982 wpa_s->driver && os_strcmp(wpa_s->driver->name, "wired") == 0) {
983 wpa_printf(MSG_DEBUG, "Using wired driver - overriding "
984 "ap_scan configuration");
985 wpa_s->conf->ap_scan = 0;
988 if (wpa_s->conf->ap_scan == 0) {
989 wpa_supplicant_gen_assoc_event(wpa_s);
993 if (wpa_s->wpa_state == WPA_DISCONNECTED ||
994 wpa_s->wpa_state == WPA_INACTIVE)
995 wpa_supplicant_set_state(wpa_s, WPA_SCANNING);
997 ssid = wpa_s->conf->ssid;
998 if (wpa_s->prev_scan_ssid != BROADCAST_SSID_SCAN) {
1000 if (ssid == wpa_s->prev_scan_ssid) {
1008 if (!ssid->disabled &&
1009 (ssid->scan_ssid || wpa_s->conf->ap_scan == 2))
1014 if (scan_req != 2 && wpa_s->conf->ap_scan == 2) {
1016 * ap_scan=2 mode - try to associate with each SSID instead of
1017 * scanning for each scan_ssid=1 network.
1020 wpa_printf(MSG_DEBUG, "wpa_supplicant_scan: Reached "
1021 "end of scan list - go back to beginning");
1022 wpa_s->prev_scan_ssid = BROADCAST_SSID_SCAN;
1023 wpa_supplicant_req_scan(wpa_s, 0, 0);
1027 /* Continue from the next SSID on the next attempt. */
1028 wpa_s->prev_scan_ssid = ssid;
1030 /* Start from the beginning of the SSID list. */
1031 wpa_s->prev_scan_ssid = BROADCAST_SSID_SCAN;
1033 wpa_supplicant_associate(wpa_s, NULL, ssid);
1037 wpa_printf(MSG_DEBUG, "Starting AP scan (%s SSID)",
1038 ssid ? "specific": "broadcast");
1040 wpa_hexdump_ascii(MSG_DEBUG, "Scan SSID",
1041 ssid->ssid, ssid->ssid_len);
1042 wpa_s->prev_scan_ssid = ssid;
1044 wpa_s->prev_scan_ssid = BROADCAST_SSID_SCAN;
1046 if (wpa_s->scan_res_tried == 0 && wpa_s->conf->ap_scan == 1) {
1047 wpa_s->scan_res_tried++;
1048 wpa_printf(MSG_DEBUG, "Trying to get current scan results "
1049 "first without requesting a new scan to speed up "
1050 "initial association");
1051 wpa_supplicant_event(wpa_s, EVENT_SCAN_RESULTS, NULL);
1055 if (wpa_s->use_client_mlme) {
1056 ret = ieee80211_sta_req_scan(wpa_s, ssid ? ssid->ssid : NULL,
1057 ssid ? ssid->ssid_len : 0);
1059 ret = wpa_drv_scan(wpa_s, ssid ? ssid->ssid : NULL,
1060 ssid ? ssid->ssid_len : 0);
1063 wpa_printf(MSG_WARNING, "Failed to initiate AP scan.");
1064 wpa_supplicant_req_scan(wpa_s, 10, 0);
1069 static wpa_cipher cipher_suite2driver(int cipher)
1072 case WPA_CIPHER_NONE:
1074 case WPA_CIPHER_WEP40:
1075 return CIPHER_WEP40;
1076 case WPA_CIPHER_WEP104:
1077 return CIPHER_WEP104;
1078 case WPA_CIPHER_CCMP:
1080 case WPA_CIPHER_TKIP:
1087 static wpa_key_mgmt key_mgmt2driver(int key_mgmt)
1090 case WPA_KEY_MGMT_NONE:
1091 return KEY_MGMT_NONE;
1092 case WPA_KEY_MGMT_IEEE8021X_NO_WPA:
1093 return KEY_MGMT_802_1X_NO_WPA;
1094 case WPA_KEY_MGMT_IEEE8021X:
1095 return KEY_MGMT_802_1X;
1096 case WPA_KEY_MGMT_WPA_NONE:
1097 return KEY_MGMT_WPA_NONE;
1098 case WPA_KEY_MGMT_PSK:
1100 return KEY_MGMT_PSK;
1105 static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
1106 struct wpa_ssid *ssid,
1107 struct wpa_ie_data *ie)
1109 int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
1112 wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
1113 "from association info");
1118 wpa_printf(MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set cipher "
1120 if (!(ie->group_cipher & ssid->group_cipher)) {
1121 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
1122 "cipher 0x%x (mask 0x%x) - reject",
1123 ie->group_cipher, ssid->group_cipher);
1126 if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
1127 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
1128 "cipher 0x%x (mask 0x%x) - reject",
1129 ie->pairwise_cipher, ssid->pairwise_cipher);
1132 if (!(ie->key_mgmt & ssid->key_mgmt)) {
1133 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
1134 "management 0x%x (mask 0x%x) - reject",
1135 ie->key_mgmt, ssid->key_mgmt);
1139 #ifdef CONFIG_IEEE80211W
1140 if (!(ie->capabilities & WPA_CAPABILITY_MGMT_FRAME_PROTECTION) &&
1141 ssid->ieee80211w == IEEE80211W_REQUIRED) {
1142 wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
1143 "that does not support management frame protection - "
1147 #endif /* CONFIG_IEEE80211W */
1154 * wpa_supplicant_set_suites - Set authentication and encryption parameters
1155 * @wpa_s: Pointer to wpa_supplicant data
1156 * @bss: Scan results for the selected BSS, or %NULL if not available
1157 * @ssid: Configuration data for the selected network
1158 * @wpa_ie: Buffer for the WPA/RSN IE
1159 * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
1160 * used buffer length in case the functions returns success.
1161 * Returns: 0 on success or -1 on failure
1163 * This function is used to configure authentication and encryption parameters
1164 * based on the network configuration and scan result for the selected BSS (if
1167 int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
1168 struct wpa_scan_result *bss,
1169 struct wpa_ssid *ssid,
1170 u8 *wpa_ie, size_t *wpa_ie_len)
1172 struct wpa_ie_data ie;
1175 if (bss && bss->rsn_ie_len && (ssid->proto & WPA_PROTO_RSN) &&
1176 wpa_parse_wpa_ie(bss->rsn_ie, bss->rsn_ie_len, &ie) == 0 &&
1177 (ie.group_cipher & ssid->group_cipher) &&
1178 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1179 (ie.key_mgmt & ssid->key_mgmt)) {
1180 wpa_msg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
1181 proto = WPA_PROTO_RSN;
1182 } else if (bss && bss->wpa_ie_len && (ssid->proto & WPA_PROTO_WPA) &&
1183 wpa_parse_wpa_ie(bss->wpa_ie, bss->wpa_ie_len, &ie) == 0 &&
1184 (ie.group_cipher & ssid->group_cipher) &&
1185 (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1186 (ie.key_mgmt & ssid->key_mgmt)) {
1187 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
1188 proto = WPA_PROTO_WPA;
1190 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
1193 if (ssid->proto & WPA_PROTO_RSN)
1194 proto = WPA_PROTO_RSN;
1196 proto = WPA_PROTO_WPA;
1197 if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
1198 os_memset(&ie, 0, sizeof(ie));
1199 ie.group_cipher = ssid->group_cipher;
1200 ie.pairwise_cipher = ssid->pairwise_cipher;
1201 ie.key_mgmt = ssid->key_mgmt;
1202 #ifdef CONFIG_IEEE80211W
1203 ie.mgmt_group_cipher =
1204 ssid->ieee80211w != NO_IEEE80211W ?
1205 WPA_CIPHER_AES_128_CMAC : 0;
1206 #endif /* CONFIG_IEEE80211W */
1207 wpa_printf(MSG_DEBUG, "WPA: Set cipher suites based "
1208 "on configuration");
1213 wpa_printf(MSG_DEBUG, "WPA: Selected cipher suites: group %d "
1214 "pairwise %d key_mgmt %d proto %d",
1215 ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
1216 #ifdef CONFIG_IEEE80211W
1217 if (ssid->ieee80211w) {
1218 wpa_printf(MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
1219 ie.mgmt_group_cipher);
1221 #endif /* CONFIG_IEEE80211W */
1223 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
1225 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss ? bss->wpa_ie : NULL,
1226 bss ? bss->wpa_ie_len : 0) ||
1227 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss ? bss->rsn_ie : NULL,
1228 bss ? bss->rsn_ie_len : 0))
1231 sel = ie.group_cipher & ssid->group_cipher;
1232 if (sel & WPA_CIPHER_CCMP) {
1233 wpa_s->group_cipher = WPA_CIPHER_CCMP;
1234 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK CCMP");
1235 } else if (sel & WPA_CIPHER_TKIP) {
1236 wpa_s->group_cipher = WPA_CIPHER_TKIP;
1237 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK TKIP");
1238 } else if (sel & WPA_CIPHER_WEP104) {
1239 wpa_s->group_cipher = WPA_CIPHER_WEP104;
1240 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK WEP104");
1241 } else if (sel & WPA_CIPHER_WEP40) {
1242 wpa_s->group_cipher = WPA_CIPHER_WEP40;
1243 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using GTK WEP40");
1245 wpa_printf(MSG_WARNING, "WPA: Failed to select group cipher.");
1249 sel = ie.pairwise_cipher & ssid->pairwise_cipher;
1250 if (sel & WPA_CIPHER_CCMP) {
1251 wpa_s->pairwise_cipher = WPA_CIPHER_CCMP;
1252 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK CCMP");
1253 } else if (sel & WPA_CIPHER_TKIP) {
1254 wpa_s->pairwise_cipher = WPA_CIPHER_TKIP;
1255 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK TKIP");
1256 } else if (sel & WPA_CIPHER_NONE) {
1257 wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
1258 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using PTK NONE");
1260 wpa_printf(MSG_WARNING, "WPA: Failed to select pairwise "
1265 sel = ie.key_mgmt & ssid->key_mgmt;
1266 if (sel & WPA_KEY_MGMT_IEEE8021X) {
1267 wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
1268 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
1269 } else if (sel & WPA_KEY_MGMT_PSK) {
1270 wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
1271 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
1272 } else if (sel & WPA_KEY_MGMT_WPA_NONE) {
1273 wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
1274 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
1276 wpa_printf(MSG_WARNING, "WPA: Failed to select authenticated "
1277 "key management type.");
1281 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
1282 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
1283 wpa_s->pairwise_cipher);
1284 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
1286 #ifdef CONFIG_IEEE80211W
1287 sel = ie.mgmt_group_cipher;
1288 if (ssid->ieee80211w == NO_IEEE80211W ||
1289 !(ie.capabilities & WPA_CAPABILITY_MGMT_FRAME_PROTECTION))
1291 if (sel & WPA_CIPHER_AES_128_CMAC) {
1292 wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
1293 wpa_msg(wpa_s, MSG_DEBUG, "WPA: using MGMT group cipher "
1296 wpa_s->mgmt_group_cipher = 0;
1297 wpa_msg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
1299 wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
1300 wpa_s->mgmt_group_cipher);
1301 #endif /* CONFIG_IEEE80211W */
1303 if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
1304 wpa_printf(MSG_WARNING, "WPA: Failed to generate WPA IE.");
1308 if (ssid->key_mgmt & WPA_KEY_MGMT_PSK)
1309 wpa_sm_set_pmk(wpa_s->wpa, ssid->psk, PMK_LEN);
1311 wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
1318 * wpa_supplicant_associate - Request association
1319 * @wpa_s: Pointer to wpa_supplicant data
1320 * @bss: Scan results for the selected BSS, or %NULL if not available
1321 * @ssid: Configuration data for the selected network
1323 * This function is used to request %wpa_supplicant to associate with a BSS.
1325 void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
1326 struct wpa_scan_result *bss,
1327 struct wpa_ssid *ssid)
1331 int use_crypt, ret, i;
1332 int algs = AUTH_ALG_OPEN_SYSTEM;
1333 wpa_cipher cipher_pairwise, cipher_group;
1334 struct wpa_driver_associate_params params;
1335 int wep_keys_set = 0;
1336 struct wpa_driver_capa capa;
1337 int assoc_failed = 0;
1339 wpa_s->reassociate = 0;
1341 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
1342 " (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
1343 wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
1344 os_memset(wpa_s->bssid, 0, ETH_ALEN);
1345 os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
1347 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
1348 wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
1349 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
1351 wpa_supplicant_cancel_scan(wpa_s);
1353 /* Starting new association, so clear the possibly used WPA IE from the
1354 * previous association. */
1355 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
1357 #ifdef IEEE8021X_EAPOL
1358 if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1360 if (ssid->non_leap == 0)
1361 algs = AUTH_ALG_LEAP;
1363 algs |= AUTH_ALG_LEAP;
1366 #endif /* IEEE8021X_EAPOL */
1367 wpa_printf(MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
1368 if (ssid->auth_alg) {
1370 if (ssid->auth_alg & WPA_AUTH_ALG_OPEN)
1371 algs |= AUTH_ALG_OPEN_SYSTEM;
1372 if (ssid->auth_alg & WPA_AUTH_ALG_SHARED)
1373 algs |= AUTH_ALG_SHARED_KEY;
1374 if (ssid->auth_alg & WPA_AUTH_ALG_LEAP)
1375 algs |= AUTH_ALG_LEAP;
1376 wpa_printf(MSG_DEBUG, "Overriding auth_alg selection: 0x%x",
1379 wpa_drv_set_auth_alg(wpa_s, algs);
1381 if (bss && (bss->wpa_ie_len || bss->rsn_ie_len) &&
1382 (ssid->key_mgmt & (WPA_KEY_MGMT_IEEE8021X | WPA_KEY_MGMT_PSK))) {
1383 int try_opportunistic;
1384 try_opportunistic = ssid->proactive_key_caching &&
1385 (ssid->proto & WPA_PROTO_RSN);
1386 if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
1387 wpa_s->current_ssid,
1388 try_opportunistic) == 0)
1389 eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1);
1390 wpa_ie_len = sizeof(wpa_ie);
1391 if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
1392 wpa_ie, &wpa_ie_len)) {
1393 wpa_printf(MSG_WARNING, "WPA: Failed to set WPA key "
1394 "management and encryption suites");
1397 } else if (ssid->key_mgmt &
1398 (WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_IEEE8021X |
1399 WPA_KEY_MGMT_WPA_NONE)) {
1400 wpa_ie_len = sizeof(wpa_ie);
1401 if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
1402 wpa_ie, &wpa_ie_len)) {
1403 wpa_printf(MSG_WARNING, "WPA: Failed to set WPA key "
1404 "management and encryption suites (no scan "
1409 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1413 wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
1415 cipher_pairwise = cipher_suite2driver(wpa_s->pairwise_cipher);
1416 cipher_group = cipher_suite2driver(wpa_s->group_cipher);
1417 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
1418 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1419 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
1421 for (i = 0; i < NUM_WEP_KEYS; i++) {
1422 if (ssid->wep_key_len[i]) {
1425 wpa_set_wep_key(wpa_s,
1426 i == ssid->wep_tx_keyidx,
1427 i, ssid->wep_key[i],
1428 ssid->wep_key_len[i]);
1433 #ifdef IEEE8021X_EAPOL
1434 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
1435 if ((ssid->eapol_flags &
1436 (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
1437 EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
1441 /* Assume that dynamic WEP-104 keys will be used and
1442 * set cipher suites in order for drivers to expect
1444 cipher_pairwise = cipher_group = CIPHER_WEP104;
1447 #endif /* IEEE8021X_EAPOL */
1449 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1450 /* Set the key before (and later after) association */
1451 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1454 wpa_drv_set_drop_unencrypted(wpa_s, use_crypt);
1455 wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
1456 os_memset(¶ms, 0, sizeof(params));
1458 params.bssid = bss->bssid;
1459 params.ssid = bss->ssid;
1460 params.ssid_len = bss->ssid_len;
1461 params.freq = bss->freq;
1463 params.ssid = ssid->ssid;
1464 params.ssid_len = ssid->ssid_len;
1466 params.wpa_ie = wpa_ie;
1467 params.wpa_ie_len = wpa_ie_len;
1468 params.pairwise_suite = cipher_pairwise;
1469 params.group_suite = cipher_group;
1470 params.key_mgmt_suite = key_mgmt2driver(wpa_s->key_mgmt);
1471 params.auth_alg = algs;
1472 params.mode = ssid->mode;
1473 for (i = 0; i < NUM_WEP_KEYS; i++) {
1474 if (ssid->wep_key_len[i])
1475 params.wep_key[i] = ssid->wep_key[i];
1476 params.wep_key_len[i] = ssid->wep_key_len[i];
1478 params.wep_tx_keyidx = ssid->wep_tx_keyidx;
1480 #ifdef CONFIG_IEEE80211W
1481 switch (ssid->ieee80211w) {
1483 params.mgmt_frame_protection = NO_MGMT_FRAME_PROTECTION;
1485 case IEEE80211W_OPTIONAL:
1486 params.mgmt_frame_protection = MGMT_FRAME_PROTECTION_OPTIONAL;
1488 case IEEE80211W_REQUIRED:
1489 params.mgmt_frame_protection = MGMT_FRAME_PROTECTION_REQUIRED;
1492 #endif /* CONFIG_IEEE80211W */
1494 if (wpa_s->use_client_mlme)
1495 ret = ieee80211_sta_associate(wpa_s, ¶ms);
1497 ret = wpa_drv_associate(wpa_s, ¶ms);
1499 wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
1501 /* try to continue anyway; new association will be tried again
1506 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
1507 /* Set the key after the association just in case association
1508 * cleared the previously configured key. */
1509 wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
1510 /* No need to timeout authentication since there is no key
1512 wpa_supplicant_cancel_auth_timeout(wpa_s);
1513 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
1515 /* Timeout for IEEE 802.11 authentication and association */
1519 else if (wpa_s->conf->ap_scan == 1)
1523 wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
1526 if (wep_keys_set && wpa_drv_get_capa(wpa_s, &capa) == 0 &&
1527 capa.flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC) {
1528 /* Set static WEP keys again */
1530 for (j = 0; j < NUM_WEP_KEYS; j++) {
1531 if (ssid->wep_key_len[j]) {
1532 wpa_set_wep_key(wpa_s,
1533 j == ssid->wep_tx_keyidx,
1534 j, ssid->wep_key[j],
1535 ssid->wep_key_len[j]);
1540 if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
1542 * Do not allow EAP session resumption between different
1543 * network configurations.
1545 eapol_sm_invalidate_cached_session(wpa_s->eapol);
1547 wpa_s->current_ssid = ssid;
1548 wpa_sm_set_config(wpa_s->wpa, wpa_s->current_ssid);
1549 wpa_supplicant_initiate_eapol(wpa_s);
1554 * wpa_supplicant_disassociate - Disassociate the current connection
1555 * @wpa_s: Pointer to wpa_supplicant data
1556 * @reason_code: IEEE 802.11 reason code for the disassociate frame
1558 * This function is used to request %wpa_supplicant to disassociate with the
1561 void wpa_supplicant_disassociate(struct wpa_supplicant *wpa_s,
1565 if (os_memcmp(wpa_s->bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) != 0)
1567 if (wpa_s->use_client_mlme)
1568 ieee80211_sta_disassociate(wpa_s, reason_code);
1570 wpa_drv_disassociate(wpa_s, wpa_s->bssid, reason_code);
1571 addr = wpa_s->bssid;
1573 wpa_clear_keys(wpa_s, addr);
1574 wpa_supplicant_mark_disassoc(wpa_s);
1575 wpa_s->current_ssid = NULL;
1576 wpa_sm_set_config(wpa_s->wpa, NULL);
1577 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1582 * wpa_supplicant_deauthenticate - Deauthenticate the current connection
1583 * @wpa_s: Pointer to wpa_supplicant data
1584 * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
1586 * This function is used to request %wpa_supplicant to disassociate with the
1589 void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
1593 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
1594 if (os_memcmp(wpa_s->bssid, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) != 0)
1596 if (wpa_s->use_client_mlme)
1597 ieee80211_sta_deauthenticate(wpa_s, reason_code);
1599 wpa_drv_deauthenticate(wpa_s, wpa_s->bssid,
1601 addr = wpa_s->bssid;
1603 wpa_clear_keys(wpa_s, addr);
1604 wpa_s->current_ssid = NULL;
1605 wpa_sm_set_config(wpa_s->wpa, NULL);
1606 eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1607 eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
1608 eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
1613 * wpa_supplicant_get_scan_results - Get scan results
1614 * @wpa_s: Pointer to wpa_supplicant data
1615 * Returns: 0 on success, -1 on failure
1617 * This function is request the current scan results from the driver and stores
1618 * a local copy of the results in wpa_s->scan_results.
1620 int wpa_supplicant_get_scan_results(struct wpa_supplicant *wpa_s)
1622 #define SCAN_AP_LIMIT 128
1623 struct wpa_scan_result *results, *tmp;
1626 results = os_malloc(SCAN_AP_LIMIT * sizeof(struct wpa_scan_result));
1627 if (results == NULL) {
1628 wpa_printf(MSG_WARNING, "Failed to allocate memory for scan "
1633 if (wpa_s->use_client_mlme) {
1634 num = ieee80211_sta_get_scan_results(wpa_s, results,
1637 num = wpa_drv_get_scan_results(wpa_s, results, SCAN_AP_LIMIT);
1638 wpa_printf(MSG_DEBUG, "Scan results: %d", num);
1640 wpa_printf(MSG_DEBUG, "Failed to get scan results");
1644 if (num > SCAN_AP_LIMIT) {
1645 wpa_printf(MSG_INFO, "Not enough room for all APs (%d < %d)",
1646 num, SCAN_AP_LIMIT);
1647 num = SCAN_AP_LIMIT;
1650 /* Free unneeded memory for unused scan result entries */
1651 tmp = os_realloc(results, num * sizeof(struct wpa_scan_result));
1652 if (tmp || num == 0) {
1656 os_free(wpa_s->scan_results);
1657 wpa_s->scan_results = results;
1658 wpa_s->num_scan_results = num;
1664 #ifndef CONFIG_NO_WPA
1665 static int wpa_get_beacon_ie(struct wpa_supplicant *wpa_s)
1668 struct wpa_scan_result *results, *curr = NULL;
1670 results = wpa_s->scan_results;
1671 if (results == NULL) {
1675 for (i = 0; i < wpa_s->num_scan_results; i++) {
1676 struct wpa_ssid *ssid = wpa_s->current_ssid;
1677 if (os_memcmp(results[i].bssid, wpa_s->bssid, ETH_ALEN) != 0)
1680 ((results[i].ssid_len == ssid->ssid_len &&
1681 os_memcmp(results[i].ssid, ssid->ssid, ssid->ssid_len)
1683 ssid->ssid_len == 0)) {
1690 if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, curr->wpa_ie,
1691 curr->wpa_ie_len) ||
1692 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, curr->rsn_ie,
1703 static int wpa_supplicant_get_beacon_ie(void *ctx)
1705 struct wpa_supplicant *wpa_s = ctx;
1706 if (wpa_get_beacon_ie(wpa_s) == 0) {
1710 /* No WPA/RSN IE found in the cached scan results. Try to get updated
1711 * scan results from the driver. */
1712 if (wpa_supplicant_get_scan_results(wpa_s) < 0) {
1716 return wpa_get_beacon_ie(wpa_s);
1718 #endif /* CONFIG_NO_WPA */
1722 * wpa_supplicant_get_ssid - Get a pointer to the current network structure
1723 * @wpa_s: Pointer to wpa_supplicant data
1724 * Returns: A pointer to the current network structure or %NULL on failure
1726 struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
1728 struct wpa_ssid *entry;
1729 u8 ssid[MAX_SSID_LEN];
1735 if (wpa_s->use_client_mlme) {
1736 if (ieee80211_sta_get_ssid(wpa_s, ssid, &ssid_len)) {
1737 wpa_printf(MSG_WARNING, "Could not read SSID from "
1742 res = wpa_drv_get_ssid(wpa_s, ssid);
1744 wpa_printf(MSG_WARNING, "Could not read SSID from "
1751 if (wpa_s->use_client_mlme)
1752 os_memcpy(bssid, wpa_s->bssid, ETH_ALEN);
1753 else if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
1754 wpa_printf(MSG_WARNING, "Could not read BSSID from driver.");
1758 wired = wpa_s->conf->ap_scan == 0 && wpa_s->driver &&
1759 os_strcmp(wpa_s->driver->name, "wired") == 0;
1761 entry = wpa_s->conf->ssid;
1763 if (!entry->disabled &&
1764 ((ssid_len == entry->ssid_len &&
1765 os_memcmp(ssid, entry->ssid, ssid_len) == 0) || wired) &&
1766 (!entry->bssid_set ||
1767 os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
1769 entry = entry->next;
1776 #ifndef CONFIG_NO_WPA
1777 static u8 * _wpa_alloc_eapol(void *wpa_s, u8 type,
1778 const void *data, u16 data_len,
1779 size_t *msg_len, void **data_pos)
1781 return wpa_alloc_eapol(wpa_s, type, data, data_len, msg_len, data_pos);
1785 static int _wpa_ether_send(void *wpa_s, const u8 *dest, u16 proto,
1786 const u8 *buf, size_t len)
1788 return wpa_ether_send(wpa_s, dest, proto, buf, len);
1792 static void _wpa_supplicant_req_scan(void *wpa_s, int sec, int usec)
1794 wpa_supplicant_req_scan(wpa_s, sec, usec);
1798 static void _wpa_supplicant_cancel_auth_timeout(void *wpa_s)
1800 wpa_supplicant_cancel_auth_timeout(wpa_s);
1804 static void _wpa_supplicant_set_state(void *wpa_s, wpa_states state)
1806 wpa_supplicant_set_state(wpa_s, state);
1810 static wpa_states _wpa_supplicant_get_state(void *wpa_s)
1812 return wpa_supplicant_get_state(wpa_s);
1816 static void _wpa_supplicant_disassociate(void *wpa_s, int reason_code)
1818 wpa_supplicant_disassociate(wpa_s, reason_code);
1822 static void _wpa_supplicant_deauthenticate(void *wpa_s, int reason_code)
1824 wpa_supplicant_deauthenticate(wpa_s, reason_code);
1828 static struct wpa_ssid * _wpa_supplicant_get_ssid(void *wpa_s)
1830 return wpa_supplicant_get_ssid(wpa_s);
1834 static int wpa_supplicant_get_bssid(void *ctx, u8 *bssid)
1836 struct wpa_supplicant *wpa_s = ctx;
1837 if (wpa_s->use_client_mlme) {
1838 os_memcpy(bssid, wpa_s->bssid, ETH_ALEN);
1841 return wpa_drv_get_bssid(wpa_s, bssid);
1845 static int wpa_supplicant_set_key(void *wpa_s, wpa_alg alg,
1846 const u8 *addr, int key_idx, int set_tx,
1847 const u8 *seq, size_t seq_len,
1848 const u8 *key, size_t key_len)
1850 return wpa_drv_set_key(wpa_s, alg, addr, key_idx, set_tx, seq, seq_len,
1855 static int wpa_supplicant_mlme_setprotection(void *wpa_s, const u8 *addr,
1856 int protection_type,
1859 return wpa_drv_mlme_setprotection(wpa_s, addr, protection_type,
1864 static int wpa_supplicant_add_pmkid(void *wpa_s,
1865 const u8 *bssid, const u8 *pmkid)
1867 return wpa_drv_add_pmkid(wpa_s, bssid, pmkid);
1871 static int wpa_supplicant_remove_pmkid(void *wpa_s,
1872 const u8 *bssid, const u8 *pmkid)
1874 return wpa_drv_remove_pmkid(wpa_s, bssid, pmkid);
1876 #endif /* CONFIG_NO_WPA */
1879 static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
1887 if (wpa_supplicant_drivers[0] == NULL) {
1888 wpa_printf(MSG_ERROR, "No driver interfaces build into "
1894 /* default to first driver in the list */
1895 wpa_s->driver = wpa_supplicant_drivers[0];
1899 for (i = 0; wpa_supplicant_drivers[i]; i++) {
1900 if (os_strcmp(name, wpa_supplicant_drivers[i]->name) == 0) {
1901 wpa_s->driver = wpa_supplicant_drivers[i];
1906 wpa_printf(MSG_ERROR, "Unsupported driver '%s'.\n", name);
1911 void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
1912 const u8 *buf, size_t len)
1914 struct wpa_supplicant *wpa_s = ctx;
1916 wpa_printf(MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
1917 wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
1919 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
1920 wpa_printf(MSG_DEBUG, "Ignored received EAPOL frame since "
1921 "no key management is configured");
1925 if (wpa_s->eapol_received == 0) {
1926 /* Timeout for completing IEEE 802.1X and WPA authentication */
1927 wpa_supplicant_req_auth_timeout(
1929 (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X ||
1930 wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) ?
1933 wpa_s->eapol_received++;
1935 if (wpa_s->countermeasures) {
1936 wpa_printf(MSG_INFO, "WPA: Countermeasures - dropped EAPOL "
1941 /* Source address of the incoming EAPOL frame could be compared to the
1942 * current BSSID. However, it is possible that a centralized
1943 * Authenticator could be using another MAC address than the BSSID of
1944 * an AP, so just allow any address to be used for now. The replies are
1945 * still sent to the current BSSID (if available), though. */
1947 os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
1948 if (wpa_s->key_mgmt != WPA_KEY_MGMT_PSK &&
1949 eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len) > 0)
1951 wpa_drv_poll(wpa_s);
1952 wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len);
1957 * wpa_supplicant_driver_init - Initialize driver interface parameters
1958 * @wpa_s: Pointer to wpa_supplicant data
1959 * @wait_for_interface: 0 = do not wait for the interface (reports a failure if
1960 * the interface is not present), 1 = wait until the interface is available
1961 * Returns: 0 on success, -1 on failure
1963 * This function is called to initialize driver interface parameters.
1964 * wpa_drv_init() must have been called before this function to initialize the
1967 int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s,
1968 int wait_for_interface)
1970 static int interface_count = 0;
1973 if (wpa_s->driver->send_eapol) {
1974 const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
1976 os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
1979 wpa_s->l2 = l2_packet_init(wpa_s->ifname,
1980 wpa_drv_get_mac_addr(wpa_s),
1982 wpa_supplicant_rx_eapol, wpa_s, 0);
1985 else if (!wait_for_interface)
1987 wpa_printf(MSG_DEBUG, "Waiting for interface..");
1991 if (wpa_s->l2 && l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
1992 wpa_printf(MSG_ERROR, "Failed to get own L2 address");
1996 wpa_printf(MSG_DEBUG, "Own MAC address: " MACSTR,
1997 MAC2STR(wpa_s->own_addr));
1999 if (wpa_s->bridge_ifname[0]) {
2000 wpa_printf(MSG_DEBUG, "Receiving packets from bridge interface"
2001 " '%s'", wpa_s->bridge_ifname);
2002 wpa_s->l2_br = l2_packet_init(wpa_s->bridge_ifname,
2005 wpa_supplicant_rx_eapol, wpa_s,
2007 if (wpa_s->l2_br == NULL) {
2008 wpa_printf(MSG_ERROR, "Failed to open l2_packet "
2009 "connection for the bridge interface '%s'",
2010 wpa_s->bridge_ifname);
2015 /* Backwards compatibility call to set_wpa() handler. This is called
2016 * only just after init and just before deinit, so these handler can be
2017 * used to implement same functionality. */
2018 if (wpa_drv_set_wpa(wpa_s, 1) < 0) {
2019 struct wpa_driver_capa capa;
2020 if (wpa_drv_get_capa(wpa_s, &capa) < 0 ||
2021 !(capa.flags & (WPA_DRIVER_CAPA_KEY_MGMT_WPA |
2022 WPA_DRIVER_CAPA_KEY_MGMT_WPA2))) {
2023 wpa_printf(MSG_DEBUG, "Driver does not support WPA.");
2024 /* Continue to allow non-WPA modes to be used. */
2026 wpa_printf(MSG_ERROR, "Failed to enable WPA in the "
2032 wpa_clear_keys(wpa_s, NULL);
2034 /* Make sure that TKIP countermeasures are not left enabled (could
2035 * happen if wpa_supplicant is killed during countermeasures. */
2036 wpa_drv_set_countermeasures(wpa_s, 0);
2038 wpa_drv_set_drop_unencrypted(wpa_s, 1);
2040 wpa_s->prev_scan_ssid = BROADCAST_SSID_SCAN;
2041 wpa_supplicant_req_scan(wpa_s, interface_count, 100000);
2048 static int wpa_supplicant_daemon(const char *pid_file)
2050 wpa_printf(MSG_DEBUG, "Daemonize..");
2051 return os_daemonize(pid_file);
2055 static struct wpa_supplicant * wpa_supplicant_alloc(void)
2057 struct wpa_supplicant *wpa_s;
2059 wpa_s = os_zalloc(sizeof(*wpa_s));
2062 wpa_s->scan_req = 1;
2068 static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
2069 struct wpa_interface *iface)
2071 wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
2072 "'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
2073 iface->confname ? iface->confname : "N/A",
2074 iface->driver ? iface->driver : "default",
2075 iface->ctrl_interface ? iface->ctrl_interface : "N/A",
2076 iface->bridge_ifname ? iface->bridge_ifname : "N/A");
2078 if (wpa_supplicant_set_driver(wpa_s, iface->driver) < 0) {
2082 if (iface->confname) {
2083 #ifdef CONFIG_BACKEND_FILE
2084 wpa_s->confname = os_rel2abs_path(iface->confname);
2085 if (wpa_s->confname == NULL) {
2086 wpa_printf(MSG_ERROR, "Failed to get absolute path "
2087 "for configuration file '%s'.",
2091 wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
2092 iface->confname, wpa_s->confname);
2093 #else /* CONFIG_BACKEND_FILE */
2094 wpa_s->confname = os_strdup(iface->confname);
2095 #endif /* CONFIG_BACKEND_FILE */
2096 wpa_s->conf = wpa_config_read(wpa_s->confname);
2097 if (wpa_s->conf == NULL) {
2098 wpa_printf(MSG_ERROR, "Failed to read or parse "
2099 "configuration '%s'.", wpa_s->confname);
2104 * Override ctrl_interface and driver_param if set on command
2107 if (iface->ctrl_interface) {
2108 os_free(wpa_s->conf->ctrl_interface);
2109 wpa_s->conf->ctrl_interface =
2110 os_strdup(iface->ctrl_interface);
2113 if (iface->driver_param) {
2114 os_free(wpa_s->conf->driver_param);
2115 wpa_s->conf->driver_param =
2116 os_strdup(iface->driver_param);
2119 wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
2120 iface->driver_param);
2122 if (wpa_s->conf == NULL) {
2123 wpa_printf(MSG_ERROR, "\nNo configuration found.");
2127 if (iface->ifname == NULL) {
2128 wpa_printf(MSG_ERROR, "\nInterface name is required.");
2131 if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
2132 wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
2136 os_strncpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
2138 if (iface->bridge_ifname) {
2139 if (os_strlen(iface->bridge_ifname) >=
2140 sizeof(wpa_s->bridge_ifname)) {
2141 wpa_printf(MSG_ERROR, "\nToo long bridge interface "
2142 "name '%s'.", iface->bridge_ifname);
2145 os_strncpy(wpa_s->bridge_ifname, iface->bridge_ifname,
2146 sizeof(wpa_s->bridge_ifname));
2153 static int wpa_supplicant_init_eapol(struct wpa_supplicant *wpa_s)
2155 #ifdef IEEE8021X_EAPOL
2156 struct eapol_ctx *ctx;
2157 ctx = os_zalloc(sizeof(*ctx));
2159 wpa_printf(MSG_ERROR, "Failed to allocate EAPOL context.");
2164 ctx->msg_ctx = wpa_s;
2165 ctx->eapol_send_ctx = wpa_s;
2167 ctx->eapol_done_cb = wpa_supplicant_notify_eapol_done;
2168 ctx->eapol_send = wpa_supplicant_eapol_send;
2169 ctx->set_wep_key = wpa_eapol_set_wep_key;
2170 ctx->set_config_blob = wpa_supplicant_set_config_blob;
2171 ctx->get_config_blob = wpa_supplicant_get_config_blob;
2172 ctx->aborted_cached = wpa_supplicant_aborted_cached;
2173 ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path;
2174 ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path;
2175 ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path;
2176 wpa_s->eapol = eapol_sm_init(ctx);
2177 if (wpa_s->eapol == NULL) {
2179 wpa_printf(MSG_ERROR, "Failed to initialize EAPOL state "
2183 #endif /* IEEE8021X_EAPOL */
2189 static int wpa_supplicant_init_wpa(struct wpa_supplicant *wpa_s)
2191 #ifndef CONFIG_NO_WPA
2192 struct wpa_sm_ctx *ctx;
2193 ctx = os_zalloc(sizeof(*ctx));
2195 wpa_printf(MSG_ERROR, "Failed to allocate WPA context.");
2200 ctx->set_state = _wpa_supplicant_set_state;
2201 ctx->get_state = _wpa_supplicant_get_state;
2202 ctx->req_scan = _wpa_supplicant_req_scan;
2203 ctx->deauthenticate = _wpa_supplicant_deauthenticate;
2204 ctx->disassociate = _wpa_supplicant_disassociate;
2205 ctx->set_key = wpa_supplicant_set_key;
2206 ctx->scan = wpa_supplicant_scan;
2207 ctx->get_ssid = _wpa_supplicant_get_ssid;
2208 ctx->get_bssid = wpa_supplicant_get_bssid;
2209 ctx->ether_send = _wpa_ether_send;
2210 ctx->get_beacon_ie = wpa_supplicant_get_beacon_ie;
2211 ctx->alloc_eapol = _wpa_alloc_eapol;
2212 ctx->cancel_auth_timeout = _wpa_supplicant_cancel_auth_timeout;
2213 ctx->add_pmkid = wpa_supplicant_add_pmkid;
2214 ctx->remove_pmkid = wpa_supplicant_remove_pmkid;
2215 ctx->set_config_blob = wpa_supplicant_set_config_blob;
2216 ctx->get_config_blob = wpa_supplicant_get_config_blob;
2217 ctx->mlme_setprotection = wpa_supplicant_mlme_setprotection;
2219 wpa_s->wpa = wpa_sm_init(ctx);
2220 if (wpa_s->wpa == NULL) {
2221 wpa_printf(MSG_ERROR, "Failed to initialize WPA state "
2225 #endif /* CONFIG_NO_WPA */
2231 static int wpa_supplicant_init_iface2(struct wpa_supplicant *wpa_s,
2232 int wait_for_interface)
2235 struct wpa_driver_capa capa;
2237 wpa_printf(MSG_DEBUG, "Initializing interface (2) '%s'",
2240 if (wpa_supplicant_init_eapol(wpa_s) < 0)
2243 /* RSNA Supplicant Key Management - INITIALIZE */
2244 eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE);
2245 eapol_sm_notify_portValid(wpa_s->eapol, FALSE);
2247 /* Initialize driver interface and register driver event handler before
2248 * L2 receive handler so that association events are processed before
2249 * EAPOL-Key packets if both become available for the same select()
2251 wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
2252 if (wpa_s->drv_priv == NULL) {
2253 wpa_printf(MSG_ERROR, "Failed to initialize driver interface");
2256 if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
2257 wpa_printf(MSG_ERROR, "Driver interface rejected "
2258 "driver_param '%s'", wpa_s->conf->driver_param);
2262 ifname = wpa_drv_get_ifname(wpa_s);
2263 if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
2264 wpa_printf(MSG_DEBUG, "Driver interface replaced interface "
2265 "name with '%s'", ifname);
2266 os_strncpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
2269 if (wpa_supplicant_init_wpa(wpa_s) < 0)
2272 wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
2273 wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
2275 wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
2276 wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
2278 if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
2279 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
2280 wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
2281 wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
2282 "dot11RSNAConfigPMKLifetime");
2286 if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
2287 wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
2288 wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
2289 wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
2290 "dot11RSNAConfigPMKReauthThreshold");
2294 if (wpa_s->conf->dot11RSNAConfigSATimeout &&
2295 wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
2296 wpa_s->conf->dot11RSNAConfigSATimeout)) {
2297 wpa_printf(MSG_ERROR, "Invalid WPA parameter value for "
2298 "dot11RSNAConfigSATimeout");
2302 if (wpa_supplicant_driver_init(wpa_s, wait_for_interface) < 0) {
2305 wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
2307 wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
2308 if (wpa_s->ctrl_iface == NULL) {
2309 wpa_printf(MSG_ERROR,
2310 "Failed to initialize control interface '%s'.\n"
2311 "You may have another wpa_supplicant process "
2312 "already running or the file was\n"
2313 "left by an unclean termination of wpa_supplicant "
2314 "in which case you will need\n"
2315 "to manually remove this file before starting "
2316 "wpa_supplicant again.\n",
2317 wpa_s->conf->ctrl_interface);
2321 if (wpa_drv_get_capa(wpa_s, &capa) == 0 &&
2322 capa.flags & WPA_DRIVER_FLAGS_USER_SPACE_MLME) {
2323 wpa_s->use_client_mlme = 1;
2324 if (ieee80211_sta_init(wpa_s))
2332 static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s)
2334 if (wpa_s->drv_priv) {
2335 wpa_supplicant_deauthenticate(wpa_s, REASON_DEAUTH_LEAVING);
2337 /* Backwards compatibility call to set_wpa() handler. This is
2338 * called only just after init and just before deinit, so these
2339 * handler can be used to implement same functionality. */
2340 if (wpa_drv_set_wpa(wpa_s, 0) < 0) {
2341 wpa_printf(MSG_ERROR, "Failed to disable WPA in the "
2345 wpa_drv_set_drop_unencrypted(wpa_s, 0);
2346 wpa_drv_set_countermeasures(wpa_s, 0);
2347 wpa_clear_keys(wpa_s, NULL);
2350 wpas_dbus_unregister_iface(wpa_s);
2352 wpa_supplicant_cleanup(wpa_s);
2354 if (wpa_s->drv_priv)
2355 wpa_drv_deinit(wpa_s);
2360 * wpa_supplicant_add_iface - Add a new network interface
2361 * @global: Pointer to global data from wpa_supplicant_init()
2362 * @iface: Interface configuration options
2363 * Returns: Pointer to the created interface or %NULL on failure
2365 * This function is used to add new network interfaces for %wpa_supplicant.
2366 * This can be called before wpa_supplicant_run() to add interfaces before the
2367 * main event loop has been started. In addition, new interfaces can be added
2368 * dynamically while %wpa_supplicant is already running. This could happen,
2369 * e.g., when a hotplug network adapter is inserted.
2371 struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
2372 struct wpa_interface *iface)
2374 struct wpa_supplicant *wpa_s;
2376 if (global == NULL || iface == NULL)
2379 wpa_s = wpa_supplicant_alloc();
2383 if (wpa_supplicant_init_iface(wpa_s, iface) ||
2384 wpa_supplicant_init_iface2(wpa_s,
2385 global->params.wait_for_interface)) {
2386 wpa_printf(MSG_DEBUG, "Failed to add interface %s",
2388 wpa_supplicant_deinit_iface(wpa_s);
2393 wpa_s->global = global;
2395 /* Register the interface with the dbus control interface */
2396 if (wpas_dbus_register_iface(wpa_s)) {
2397 wpa_supplicant_deinit_iface(wpa_s);
2402 wpa_s->next = global->ifaces;
2403 global->ifaces = wpa_s;
2405 wpa_printf(MSG_DEBUG, "Added interface %s", wpa_s->ifname);
2412 * wpa_supplicant_remove_iface - Remove a network interface
2413 * @global: Pointer to global data from wpa_supplicant_init()
2414 * @wpa_s: Pointer to the network interface to be removed
2415 * Returns: 0 if interface was removed, -1 if interface was not found
2417 * This function can be used to dynamically remove network interfaces from
2418 * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
2419 * addition, this function is used to remove all remaining interdaces when
2420 * %wpa_supplicant is terminated.
2422 int wpa_supplicant_remove_iface(struct wpa_global *global,
2423 struct wpa_supplicant *wpa_s)
2425 struct wpa_supplicant *prev;
2427 /* Remove interface from the global list of interfaces */
2428 prev = global->ifaces;
2429 if (prev == wpa_s) {
2430 global->ifaces = wpa_s->next;
2432 while (prev && prev->next != wpa_s)
2436 prev->next = wpa_s->next;
2439 wpa_printf(MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
2441 wpa_supplicant_deinit_iface(wpa_s);
2449 * wpa_supplicant_get_iface - Get a new network interface
2450 * @global: Pointer to global data from wpa_supplicant_init()
2451 * @ifname: Interface name
2452 * Returns: Pointer to the interface or %NULL if not found
2454 struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
2457 struct wpa_supplicant *wpa_s;
2459 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
2460 if (os_strcmp(wpa_s->ifname, ifname) == 0)
2468 * wpa_supplicant_init - Initialize %wpa_supplicant
2469 * @params: Parameters for %wpa_supplicant
2470 * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
2472 * This function is used to initialize %wpa_supplicant. After successful
2473 * initialization, the returned data pointer can be used to add and remove
2474 * network interfaces, and eventually, to deinitialize %wpa_supplicant.
2476 struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
2478 struct wpa_global *global;
2484 wpa_debug_use_file = params->wpa_debug_use_file;
2485 wpa_debug_open_file();
2487 ret = eap_peer_register_methods();
2489 wpa_printf(MSG_ERROR, "Failed to register EAP methods");
2491 wpa_printf(MSG_ERROR, "Two or more EAP methods used "
2492 "the same EAP type.");
2496 global = os_zalloc(sizeof(*global));
2499 global->params.daemonize = params->daemonize;
2500 global->params.wait_for_interface = params->wait_for_interface;
2501 global->params.wait_for_monitor = params->wait_for_monitor;
2502 global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
2503 if (params->pid_file)
2504 global->params.pid_file = os_strdup(params->pid_file);
2505 if (params->ctrl_interface)
2506 global->params.ctrl_interface =
2507 os_strdup(params->ctrl_interface);
2508 wpa_debug_level = global->params.wpa_debug_level =
2509 params->wpa_debug_level;
2510 wpa_debug_show_keys = global->params.wpa_debug_show_keys =
2511 params->wpa_debug_show_keys;
2512 wpa_debug_timestamp = global->params.wpa_debug_timestamp =
2513 params->wpa_debug_timestamp;
2514 wpa_debug_use_file = global->params.wpa_debug_use_file =
2515 params->wpa_debug_use_file;
2517 if (eloop_init(global)) {
2518 wpa_printf(MSG_ERROR, "Failed to initialize event loop");
2519 wpa_supplicant_deinit(global);
2523 global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
2524 if (global->ctrl_iface == NULL) {
2525 wpa_supplicant_deinit(global);
2529 if (global->params.dbus_ctrl_interface) {
2530 global->dbus_ctrl_iface =
2531 wpa_supplicant_dbus_ctrl_iface_init(global);
2532 if (global->dbus_ctrl_iface == NULL) {
2533 wpa_supplicant_deinit(global);
2538 if (global->params.wait_for_interface && global->params.daemonize &&
2539 wpa_supplicant_daemon(global->params.pid_file)) {
2540 wpa_supplicant_deinit(global);
2549 * wpa_supplicant_run - Run the %wpa_supplicant main event loop
2550 * @global: Pointer to global data from wpa_supplicant_init()
2551 * Returns: 0 after successful event loop run, -1 on failure
2553 * This function starts the main event loop and continues running as long as
2554 * there are any remaining events. In most cases, this function is running as
2555 * long as the %wpa_supplicant process in still in use.
2557 int wpa_supplicant_run(struct wpa_global *global)
2559 struct wpa_supplicant *wpa_s;
2561 if (!global->params.wait_for_interface && global->params.daemonize &&
2562 wpa_supplicant_daemon(global->params.pid_file))
2565 if (global->params.wait_for_monitor) {
2566 for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
2567 if (wpa_s->ctrl_iface)
2568 wpa_supplicant_ctrl_iface_wait(
2572 eloop_register_signal_terminate(wpa_supplicant_terminate, NULL);
2573 eloop_register_signal_reconfig(wpa_supplicant_reconfig, NULL);
2582 * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
2583 * @global: Pointer to global data from wpa_supplicant_init()
2585 * This function is called to deinitialize %wpa_supplicant and to free all
2586 * allocated resources. Remaining network interfaces will also be removed.
2588 void wpa_supplicant_deinit(struct wpa_global *global)
2593 while (global->ifaces)
2594 wpa_supplicant_remove_iface(global, global->ifaces);
2596 if (global->ctrl_iface)
2597 wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
2598 if (global->dbus_ctrl_iface)
2599 wpa_supplicant_dbus_ctrl_iface_deinit(global->dbus_ctrl_iface);
2601 eap_peer_unregister_methods();
2605 if (global->params.pid_file) {
2606 os_daemonize_terminate(global->params.pid_file);
2607 os_free(global->params.pid_file);
2609 os_free(global->params.ctrl_interface);
2612 wpa_debug_close_file();