1 /*
2  * WPA Supplicant
3  * Copyright (c) 2003-2022, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  *
8  * This file implements functions for registering and unregistering
9  * %wpa_supplicant interfaces. In addition, this file contains number of
10  * functions for managing network connections.
11  */
12 #ifdef __ZEPHYR__
13 #include <supp_events.h>
14 #endif /* __ZEPHYR__ */
15 
16 #include "includes.h"
17 #ifdef CONFIG_MATCH_IFACE
18 #include <net/if.h>
19 #include <fnmatch.h>
20 #endif /* CONFIG_MATCH_IFACE */
21 
22 #include "common.h"
23 #include "crypto/random.h"
24 #include "crypto/sha1.h"
25 #include "eapol_supp/eapol_supp_sm.h"
26 #include "eap_peer/eap.h"
27 #include "eap_peer/eap_proxy.h"
28 #include "eap_server/eap_methods.h"
29 #include "rsn_supp/wpa.h"
30 #include "eloop.h"
31 #include "config.h"
32 #include "utils/ext_password.h"
33 #include "l2_packet/l2_packet.h"
34 #include "wpa_supplicant_i.h"
35 #include "driver_i.h"
36 #include "ctrl_iface.h"
37 #include "pcsc_funcs.h"
38 #include "common/version.h"
39 #include "rsn_supp/preauth.h"
40 #include "rsn_supp/pmksa_cache.h"
41 #include "common/wpa_ctrl.h"
42 #include "common/ieee802_11_common.h"
43 #include "common/ieee802_11_defs.h"
44 #include "common/hw_features_common.h"
45 #include "common/gas_server.h"
46 #include "common/dpp.h"
47 #include "common/ptksa_cache.h"
48 #include "p2p/p2p.h"
49 #include "fst/fst.h"
50 #include "bssid_ignore.h"
51 #include "wpas_glue.h"
52 #include "wps_supplicant.h"
53 #include "ibss_rsn.h"
54 #include "sme.h"
55 #include "gas_query.h"
56 #include "ap.h"
57 #include "p2p_supplicant.h"
58 #include "wifi_display.h"
59 #include "notify.h"
60 #include "bgscan.h"
61 #include "autoscan.h"
62 #include "bss.h"
63 #include "scan.h"
64 #include "offchannel.h"
65 #include "hs20_supplicant.h"
66 #include "wnm_sta.h"
67 #include "wpas_kay.h"
68 #include "mesh.h"
69 #include "dpp_supplicant.h"
70 #ifdef CONFIG_MESH
71 #include "ap/ap_config.h"
72 #include "ap/hostapd.h"
73 #endif /* CONFIG_MESH */
74 
75 const char *const wpa_supplicant_version =
76 "wpa_supplicant v" VERSION_STR "\n"
77 "Copyright (c) 2003-2024, Jouni Malinen <j@w1.fi> and contributors";
78 
79 const char *const wpa_supplicant_license =
80 "This software may be distributed under the terms of the BSD license.\n"
81 "See README for more details.\n"
82 #ifdef EAP_TLS_OPENSSL
83 "\nThis product includes software developed by the OpenSSL Project\n"
84 "for use in the OpenSSL Toolkit (http://www.openssl.org/)\n"
85 #endif /* EAP_TLS_OPENSSL */
86 ;
87 
88 #ifndef CONFIG_NO_STDOUT_DEBUG
89 /* Long text divided into parts in order to fit in C89 strings size limits. */
90 const char *const wpa_supplicant_full_license1 =
91 "";
92 const char *const wpa_supplicant_full_license2 =
93 "This software may be distributed under the terms of the BSD license.\n"
94 "\n"
95 "Redistribution and use in source and binary forms, with or without\n"
96 "modification, are permitted provided that the following conditions are\n"
97 "met:\n"
98 "\n";
99 const char *const wpa_supplicant_full_license3 =
100 "1. Redistributions of source code must retain the above copyright\n"
101 "   notice, this list of conditions and the following disclaimer.\n"
102 "\n"
103 "2. Redistributions in binary form must reproduce the above copyright\n"
104 "   notice, this list of conditions and the following disclaimer in the\n"
105 "   documentation and/or other materials provided with the distribution.\n"
106 "\n";
107 const char *const wpa_supplicant_full_license4 =
108 "3. Neither the name(s) of the above-listed copyright holder(s) nor the\n"
109 "   names of its contributors may be used to endorse or promote products\n"
110 "   derived from this software without specific prior written permission.\n"
111 "\n"
112 "THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS\n"
113 "\"AS IS\" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT\n"
114 "LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR\n"
115 "A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT\n";
116 const char *const wpa_supplicant_full_license5 =
117 "OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n"
118 "SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT\n"
119 "LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n"
120 "DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n"
121 "THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n"
122 "(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE\n"
123 "OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n"
124 "\n";
125 #endif /* CONFIG_NO_STDOUT_DEBUG */
126 
127 
128 static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx, void *timeout_ctx);
129 static void wpas_verify_ssid_beacon(void *eloop_ctx, void *timeout_ctx);
130 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
131 static void wpas_update_fils_connect_params(struct wpa_supplicant *wpa_s);
132 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
133 #ifdef CONFIG_OWE
134 static void wpas_update_owe_connect_params(struct wpa_supplicant *wpa_s);
135 #endif /* CONFIG_OWE */
136 
137 
138 #ifdef CONFIG_WEP
139 /* Configure default/group WEP keys for static WEP */
wpa_set_wep_keys(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)140 int wpa_set_wep_keys(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
141 {
142 	int i, set = 0;
143 
144 	for (i = 0; i < NUM_WEP_KEYS; i++) {
145 		if (ssid->wep_key_len[i] == 0)
146 			continue;
147 
148 		set = 1;
149 		wpa_drv_set_key(wpa_s, -1, WPA_ALG_WEP, NULL,
150 				i, i == ssid->wep_tx_keyidx, NULL, 0,
151 				ssid->wep_key[i], ssid->wep_key_len[i],
152 				i == ssid->wep_tx_keyidx ?
153 				KEY_FLAG_GROUP_RX_TX_DEFAULT :
154 				KEY_FLAG_GROUP_RX_TX);
155 	}
156 
157 	return set;
158 }
159 #endif /* CONFIG_WEP */
160 
161 
wpa_supplicant_set_wpa_none_key(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)162 int wpa_supplicant_set_wpa_none_key(struct wpa_supplicant *wpa_s,
163 				    struct wpa_ssid *ssid)
164 {
165 	u8 key[32];
166 	size_t keylen;
167 	enum wpa_alg alg;
168 	u8 seq[6] = { 0 };
169 	int ret;
170 
171 	/* IBSS/WPA-None uses only one key (Group) for both receiving and
172 	 * sending unicast and multicast packets. */
173 
174 	if (ssid->mode != WPAS_MODE_IBSS) {
175 		wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid mode %d (not "
176 			"IBSS/ad-hoc) for WPA-None", ssid->mode);
177 		return -1;
178 	}
179 
180 	if (!ssid->psk_set) {
181 		wpa_msg(wpa_s, MSG_INFO, "WPA: No PSK configured for "
182 			"WPA-None");
183 		return -1;
184 	}
185 
186 	switch (wpa_s->group_cipher) {
187 	case WPA_CIPHER_CCMP:
188 		os_memcpy(key, ssid->psk, 16);
189 		keylen = 16;
190 		alg = WPA_ALG_CCMP;
191 		break;
192 	case WPA_CIPHER_GCMP:
193 		os_memcpy(key, ssid->psk, 16);
194 		keylen = 16;
195 		alg = WPA_ALG_GCMP;
196 		break;
197 	case WPA_CIPHER_TKIP:
198 		/* WPA-None uses the same Michael MIC key for both TX and RX */
199 		os_memcpy(key, ssid->psk, 16 + 8);
200 		os_memcpy(key + 16 + 8, ssid->psk + 16, 8);
201 		keylen = 32;
202 		alg = WPA_ALG_TKIP;
203 		break;
204 	default:
205 		wpa_msg(wpa_s, MSG_INFO, "WPA: Invalid group cipher %d for "
206 			"WPA-None", wpa_s->group_cipher);
207 		return -1;
208 	}
209 
210 	/* TODO: should actually remember the previously used seq#, both for TX
211 	 * and RX from each STA.. */
212 
213 	ret = wpa_drv_set_key(wpa_s, -1, alg, NULL, 0, 1, seq, 6, key, keylen,
214 			      KEY_FLAG_GROUP_RX_TX_DEFAULT);
215 	os_memset(key, 0, sizeof(key));
216 	return ret;
217 }
218 
219 
wpa_supplicant_timeout(void * eloop_ctx,void * timeout_ctx)220 static void wpa_supplicant_timeout(void *eloop_ctx, void *timeout_ctx)
221 {
222 	struct wpa_supplicant *wpa_s = eloop_ctx;
223 	const u8 *bssid = wpa_s->bssid;
224 	if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
225 	    (wpa_s->wpa_state == WPA_AUTHENTICATING ||
226 	     wpa_s->wpa_state == WPA_ASSOCIATING))
227 		bssid = wpa_s->pending_bssid;
228 	wpa_msg(wpa_s, MSG_INFO, "Authentication with " MACSTR " timed out.",
229 		MAC2STR(bssid));
230 	wpa_bssid_ignore_add(wpa_s, bssid);
231 	wpa_sm_notify_disassoc(wpa_s->wpa);
232 	wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
233 	wpa_s->reassociate = 1;
234 
235 	/*
236 	 * If we timed out, the AP or the local radio may be busy.
237 	 * So, wait a second until scanning again.
238 	 */
239 	wpa_supplicant_req_scan(wpa_s, 1, 0);
240 }
241 
242 
243 /**
244  * wpa_supplicant_req_auth_timeout - Schedule a timeout for authentication
245  * @wpa_s: Pointer to wpa_supplicant data
246  * @sec: Number of seconds after which to time out authentication
247  * @usec: Number of microseconds after which to time out authentication
248  *
249  * This function is used to schedule a timeout for the current authentication
250  * attempt.
251  */
wpa_supplicant_req_auth_timeout(struct wpa_supplicant * wpa_s,int sec,int usec)252 void wpa_supplicant_req_auth_timeout(struct wpa_supplicant *wpa_s,
253 				     int sec, int usec)
254 {
255 	if (wpa_s->conf->ap_scan == 0 &&
256 	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED))
257 		return;
258 
259 	wpa_dbg(wpa_s, MSG_DEBUG, "Setting authentication timeout: %d sec "
260 		"%d usec", sec, usec);
261 	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
262 	wpa_s->last_auth_timeout_sec = sec;
263 	eloop_register_timeout(sec, usec, wpa_supplicant_timeout, wpa_s, NULL);
264 }
265 
266 
267 /*
268  * wpas_auth_timeout_restart - Restart and change timeout for authentication
269  * @wpa_s: Pointer to wpa_supplicant data
270  * @sec_diff: difference in seconds applied to original timeout value
271  */
wpas_auth_timeout_restart(struct wpa_supplicant * wpa_s,int sec_diff)272 void wpas_auth_timeout_restart(struct wpa_supplicant *wpa_s, int sec_diff)
273 {
274 	int new_sec = wpa_s->last_auth_timeout_sec + sec_diff;
275 
276 	if (eloop_is_timeout_registered(wpa_supplicant_timeout, wpa_s, NULL)) {
277 		wpa_dbg(wpa_s, MSG_DEBUG,
278 			"Authentication timeout restart: %d sec", new_sec);
279 		eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
280 		eloop_register_timeout(new_sec, 0, wpa_supplicant_timeout,
281 				       wpa_s, NULL);
282 	}
283 }
284 
285 
286 /**
287  * wpa_supplicant_cancel_auth_timeout - Cancel authentication timeout
288  * @wpa_s: Pointer to wpa_supplicant data
289  *
290  * This function is used to cancel authentication timeout scheduled with
291  * wpa_supplicant_req_auth_timeout() and it is called when authentication has
292  * been completed.
293  */
wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant * wpa_s)294 void wpa_supplicant_cancel_auth_timeout(struct wpa_supplicant *wpa_s)
295 {
296 	wpa_dbg(wpa_s, MSG_DEBUG, "Cancelling authentication timeout");
297 	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
298 	wpa_bssid_ignore_del(wpa_s, wpa_s->bssid);
299 	os_free(wpa_s->last_con_fail_realm);
300 	wpa_s->last_con_fail_realm = NULL;
301 	wpa_s->last_con_fail_realm_len = 0;
302 }
303 
304 
305 /**
306  * wpa_supplicant_initiate_eapol - Configure EAPOL state machine
307  * @wpa_s: Pointer to wpa_supplicant data
308  *
309  * This function is used to configure EAPOL state machine based on the selected
310  * authentication mode.
311  */
wpa_supplicant_initiate_eapol(struct wpa_supplicant * wpa_s)312 void wpa_supplicant_initiate_eapol(struct wpa_supplicant *wpa_s)
313 {
314 #ifdef IEEE8021X_EAPOL
315 	struct eapol_config eapol_conf;
316 	struct wpa_ssid *ssid = wpa_s->current_ssid;
317 
318 #ifdef CONFIG_IBSS_RSN
319 	if (ssid->mode == WPAS_MODE_IBSS &&
320 	    wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
321 	    wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
322 		/*
323 		 * RSN IBSS authentication is per-STA and we can disable the
324 		 * per-BSSID EAPOL authentication.
325 		 */
326 		eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
327 		eapol_sm_notify_eap_success(wpa_s->eapol, true);
328 		eapol_sm_notify_eap_fail(wpa_s->eapol, false);
329 		return;
330 	}
331 #endif /* CONFIG_IBSS_RSN */
332 
333 	eapol_sm_notify_eap_success(wpa_s->eapol, false);
334 	eapol_sm_notify_eap_fail(wpa_s->eapol, false);
335 
336 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
337 	    wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE)
338 		eapol_sm_notify_portControl(wpa_s->eapol, ForceAuthorized);
339 	else
340 		eapol_sm_notify_portControl(wpa_s->eapol, Auto);
341 
342 	os_memset(&eapol_conf, 0, sizeof(eapol_conf));
343 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
344 		eapol_conf.accept_802_1x_keys = 1;
345 		eapol_conf.required_keys = 0;
346 		if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_UNICAST) {
347 			eapol_conf.required_keys |= EAPOL_REQUIRE_KEY_UNICAST;
348 		}
349 		if (ssid->eapol_flags & EAPOL_FLAG_REQUIRE_KEY_BROADCAST) {
350 			eapol_conf.required_keys |=
351 				EAPOL_REQUIRE_KEY_BROADCAST;
352 		}
353 
354 		if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED)
355 			eapol_conf.required_keys = 0;
356 	}
357 	eapol_conf.fast_reauth = wpa_s->conf->fast_reauth;
358 	eapol_conf.workaround = ssid->eap_workaround;
359 	eapol_conf.eap_disabled =
360 		!wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) &&
361 		wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA &&
362 		wpa_s->key_mgmt != WPA_KEY_MGMT_WPS;
363 	eapol_conf.external_sim = wpa_s->conf->external_sim;
364 
365 #ifdef CONFIG_WPS
366 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
367 		eapol_conf.wps |= EAPOL_LOCAL_WPS_IN_USE;
368 		if (wpa_s->current_bss) {
369 			struct wpabuf *ie;
370 			ie = wpa_bss_get_vendor_ie_multi(wpa_s->current_bss,
371 							 WPS_IE_VENDOR_TYPE);
372 			if (ie) {
373 				if (wps_is_20(ie))
374 					eapol_conf.wps |=
375 						EAPOL_PEER_IS_WPS20_AP;
376 				wpabuf_free(ie);
377 			}
378 		}
379 	}
380 #endif /* CONFIG_WPS */
381 
382 	eapol_sm_notify_config(wpa_s->eapol, &ssid->eap, &eapol_conf);
383 
384 #ifdef CONFIG_MACSEC
385 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE && ssid->mka_psk_set)
386 		ieee802_1x_create_preshared_mka(wpa_s, ssid);
387 	else
388 		ieee802_1x_alloc_kay_sm(wpa_s, ssid);
389 #endif /* CONFIG_MACSEC */
390 #endif /* IEEE8021X_EAPOL */
391 }
392 
393 
394 /**
395  * wpa_supplicant_set_non_wpa_policy - Set WPA parameters to non-WPA mode
396  * @wpa_s: Pointer to wpa_supplicant data
397  * @ssid: Configuration data for the network
398  *
399  * This function is used to configure WPA state machine and related parameters
400  * to a mode where WPA is not enabled. This is called as part of the
401  * authentication configuration when the selected network does not use WPA.
402  */
wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)403 void wpa_supplicant_set_non_wpa_policy(struct wpa_supplicant *wpa_s,
404 				       struct wpa_ssid *ssid)
405 {
406 #ifdef CONFIG_WEP
407 	int i;
408 #endif /* CONFIG_WEP */
409 
410 	if (ssid->key_mgmt & WPA_KEY_MGMT_WPS)
411 		wpa_s->key_mgmt = WPA_KEY_MGMT_WPS;
412 	else if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)
413 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
414 	else
415 		wpa_s->key_mgmt = WPA_KEY_MGMT_NONE;
416 	wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0);
417 	wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0);
418 	wpa_sm_set_ap_rsnxe(wpa_s->wpa, NULL, 0);
419 	wpa_sm_set_ap_rsne_override(wpa_s->wpa, NULL, 0);
420 	wpa_sm_set_ap_rsne_override_2(wpa_s->wpa, NULL, 0);
421 	wpa_sm_set_ap_rsnxe_override(wpa_s->wpa, NULL, 0);
422 	wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
423 	wpa_sm_set_assoc_rsnxe(wpa_s->wpa, NULL, 0);
424 	wpa_s->rsnxe_len = 0;
425 	wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
426 	wpa_s->group_cipher = WPA_CIPHER_NONE;
427 	wpa_s->mgmt_group_cipher = 0;
428 
429 #ifdef CONFIG_WEP
430 	for (i = 0; i < NUM_WEP_KEYS; i++) {
431 		if (ssid->wep_key_len[i] > 5) {
432 			wpa_s->pairwise_cipher = WPA_CIPHER_WEP104;
433 			wpa_s->group_cipher = WPA_CIPHER_WEP104;
434 			break;
435 		} else if (ssid->wep_key_len[i] > 0) {
436 			wpa_s->pairwise_cipher = WPA_CIPHER_WEP40;
437 			wpa_s->group_cipher = WPA_CIPHER_WEP40;
438 			break;
439 		}
440 	}
441 #endif /* CONFIG_WEP */
442 
443 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED, 0);
444 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
445 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
446 			 wpa_s->pairwise_cipher);
447 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
448 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
449 			 wpa_s->mgmt_group_cipher);
450 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_SSID_PROTECTION, 0);
451 
452 	pmksa_cache_clear_current(wpa_s->wpa);
453 }
454 
455 
free_hw_features(struct wpa_supplicant * wpa_s)456 void free_hw_features(struct wpa_supplicant *wpa_s)
457 {
458 	int i;
459 	if (wpa_s->hw.modes == NULL)
460 		return;
461 
462 	for (i = 0; i < wpa_s->hw.num_modes; i++) {
463 		os_free(wpa_s->hw.modes[i].channels);
464 		os_free(wpa_s->hw.modes[i].rates);
465 	}
466 
467 	os_free(wpa_s->hw.modes);
468 	wpa_s->hw.modes = NULL;
469 }
470 
471 
remove_bss_tmp_disallowed_entry(struct wpa_supplicant * wpa_s,struct wpa_bss_tmp_disallowed * bss)472 static void remove_bss_tmp_disallowed_entry(struct wpa_supplicant *wpa_s,
473 					    struct wpa_bss_tmp_disallowed *bss)
474 {
475 	eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout, wpa_s, bss);
476 	dl_list_del(&bss->list);
477 	os_free(bss);
478 }
479 
480 
free_bss_tmp_disallowed(struct wpa_supplicant * wpa_s)481 void free_bss_tmp_disallowed(struct wpa_supplicant *wpa_s)
482 {
483 	struct wpa_bss_tmp_disallowed *bss, *prev;
484 
485 	dl_list_for_each_safe(bss, prev, &wpa_s->bss_tmp_disallowed,
486 			      struct wpa_bss_tmp_disallowed, list)
487 		remove_bss_tmp_disallowed_entry(wpa_s, bss);
488 }
489 
490 
wpas_flush_fils_hlp_req(struct wpa_supplicant * wpa_s)491 void wpas_flush_fils_hlp_req(struct wpa_supplicant *wpa_s)
492 {
493 	struct fils_hlp_req *req;
494 
495 	while ((req = dl_list_first(&wpa_s->fils_hlp_req, struct fils_hlp_req,
496 				    list)) != NULL) {
497 		dl_list_del(&req->list);
498 		wpabuf_free(req->pkt);
499 		os_free(req);
500 	}
501 }
502 
503 
wpas_clear_disabled_interface(void * eloop_ctx,void * timeout_ctx)504 void wpas_clear_disabled_interface(void *eloop_ctx, void *timeout_ctx)
505 {
506 	struct wpa_supplicant *wpa_s = eloop_ctx;
507 
508 	if (wpa_s->wpa_state != WPA_INTERFACE_DISABLED)
509 		return;
510 	wpa_dbg(wpa_s, MSG_DEBUG, "Clear cached state on disabled interface");
511 	wpa_bss_flush(wpa_s);
512 }
513 
514 
515 #ifdef CONFIG_TESTING_OPTIONS
wpas_clear_driver_signal_override(struct wpa_supplicant * wpa_s)516 void wpas_clear_driver_signal_override(struct wpa_supplicant *wpa_s)
517 {
518 	struct driver_signal_override *dso;
519 
520 	while ((dso = dl_list_first(&wpa_s->drv_signal_override,
521 				    struct driver_signal_override, list))) {
522 		dl_list_del(&dso->list);
523 		os_free(dso);
524 	}
525 }
526 #endif /* CONFIG_TESTING_OPTIONS */
527 
528 
wpa_supplicant_cleanup(struct wpa_supplicant * wpa_s)529 static void wpa_supplicant_cleanup(struct wpa_supplicant *wpa_s)
530 {
531 	int i;
532 
533 	bgscan_deinit(wpa_s);
534 	autoscan_deinit(wpa_s);
535 	scard_deinit(wpa_s->scard);
536 	wpa_s->scard = NULL;
537 	wpa_sm_set_scard_ctx(wpa_s->wpa, NULL);
538 	eapol_sm_register_scard_ctx(wpa_s->eapol, NULL);
539 	l2_packet_deinit(wpa_s->l2);
540 	wpa_s->l2 = NULL;
541 	if (wpa_s->l2_br) {
542 		l2_packet_deinit(wpa_s->l2_br);
543 		wpa_s->l2_br = NULL;
544 	}
545 #ifdef CONFIG_TESTING_OPTIONS
546 	l2_packet_deinit(wpa_s->l2_test);
547 	wpa_s->l2_test = NULL;
548 	os_free(wpa_s->get_pref_freq_list_override);
549 	wpa_s->get_pref_freq_list_override = NULL;
550 	wpabuf_free(wpa_s->last_assoc_req_wpa_ie);
551 	wpa_s->last_assoc_req_wpa_ie = NULL;
552 	os_free(wpa_s->extra_sae_rejected_groups);
553 	wpa_s->extra_sae_rejected_groups = NULL;
554 	wpabuf_free(wpa_s->rsne_override_eapol);
555 	wpa_s->rsne_override_eapol = NULL;
556 	wpabuf_free(wpa_s->rsnxe_override_assoc);
557 	wpa_s->rsnxe_override_assoc = NULL;
558 	wpabuf_free(wpa_s->rsnxe_override_eapol);
559 	wpa_s->rsnxe_override_eapol = NULL;
560 	wpas_clear_driver_signal_override(wpa_s);
561 #endif /* CONFIG_TESTING_OPTIONS */
562 
563 	if (wpa_s->conf != NULL) {
564 		struct wpa_ssid *ssid;
565 		for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
566 			wpas_notify_network_removed(wpa_s, ssid);
567 	}
568 
569 	os_free(wpa_s->confname);
570 	wpa_s->confname = NULL;
571 
572 	os_free(wpa_s->confanother);
573 	wpa_s->confanother = NULL;
574 
575 	os_free(wpa_s->last_con_fail_realm);
576 	wpa_s->last_con_fail_realm = NULL;
577 	wpa_s->last_con_fail_realm_len = 0;
578 
579 	wpa_sm_set_eapol(wpa_s->wpa, NULL);
580 	eapol_sm_deinit(wpa_s->eapol);
581 	wpa_s->eapol = NULL;
582 
583 	rsn_preauth_deinit(wpa_s->wpa);
584 
585 #ifdef CONFIG_TDLS
586 	wpa_tdls_deinit(wpa_s->wpa);
587 #endif /* CONFIG_TDLS */
588 
589 #ifndef CONFIG_NO_WMM_AC
590 	wmm_ac_clear_saved_tspecs(wpa_s);
591 #endif /* ! CONFIG_NO_WMM_AC */
592 	pmksa_candidate_free(wpa_s->wpa);
593 	ptksa_cache_deinit(wpa_s->ptksa);
594 	wpa_s->ptksa = NULL;
595 	wpa_sm_deinit(wpa_s->wpa);
596 	wpa_s->wpa = NULL;
597 	wpa_bssid_ignore_clear(wpa_s);
598 
599 #ifdef CONFIG_PASN
600 	wpas_pasn_auth_stop(wpa_s);
601 #endif /* CONFIG_PASN */
602 
603 	wpa_bss_deinit(wpa_s);
604 
605 	wpa_supplicant_cancel_delayed_sched_scan(wpa_s);
606 	wpa_supplicant_cancel_scan(wpa_s);
607 	wpa_supplicant_cancel_auth_timeout(wpa_s);
608 	eloop_cancel_timeout(wpa_supplicant_stop_countermeasures, wpa_s, NULL);
609 #ifdef CONFIG_DELAYED_MIC_ERROR_REPORT
610 	eloop_cancel_timeout(wpa_supplicant_delayed_mic_error_report,
611 			     wpa_s, NULL);
612 #endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */
613 
614 	eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
615 	eloop_cancel_timeout(wpas_clear_disabled_interface, wpa_s, NULL);
616 	eloop_cancel_timeout(wpas_verify_ssid_beacon, wpa_s, NULL);
617 
618 	wpas_wps_deinit(wpa_s);
619 
620 	wpabuf_free(wpa_s->pending_eapol_rx);
621 	wpa_s->pending_eapol_rx = NULL;
622 
623 #ifdef CONFIG_IBSS_RSN
624 	ibss_rsn_deinit(wpa_s->ibss_rsn);
625 	wpa_s->ibss_rsn = NULL;
626 #endif /* CONFIG_IBSS_RSN */
627 
628 	sme_deinit(wpa_s);
629 
630 #ifdef CONFIG_AP
631 	wpa_supplicant_ap_deinit(wpa_s);
632 #endif /* CONFIG_AP */
633 
634 	wpas_p2p_deinit(wpa_s);
635 
636 #ifdef CONFIG_OFFCHANNEL
637 	offchannel_deinit(wpa_s);
638 #endif /* CONFIG_OFFCHANNEL */
639 
640 	wpa_supplicant_cancel_sched_scan(wpa_s);
641 
642 	os_free(wpa_s->next_scan_freqs);
643 	wpa_s->next_scan_freqs = NULL;
644 
645 	os_free(wpa_s->manual_scan_freqs);
646 	wpa_s->manual_scan_freqs = NULL;
647 	os_free(wpa_s->select_network_scan_freqs);
648 	wpa_s->select_network_scan_freqs = NULL;
649 
650 	os_free(wpa_s->manual_sched_scan_freqs);
651 	wpa_s->manual_sched_scan_freqs = NULL;
652 
653 	wpas_mac_addr_rand_scan_clear(wpa_s, MAC_ADDR_RAND_ALL);
654 
655 	/*
656 	 * Need to remove any pending gas-query radio work before the
657 	 * gas_query_deinit() call because gas_query::work has not yet been set
658 	 * for works that have not been started. gas_query_free() will be unable
659 	 * to cancel such pending radio works and once the pending gas-query
660 	 * radio work eventually gets removed, the deinit notification call to
661 	 * gas_query_start_cb() would result in dereferencing freed memory.
662 	 */
663 	if (wpa_s->radio)
664 		radio_remove_works(wpa_s, "gas-query", 0);
665 	gas_query_deinit(wpa_s->gas);
666 	wpa_s->gas = NULL;
667 	gas_server_deinit(wpa_s->gas_server);
668 	wpa_s->gas_server = NULL;
669 
670 	free_hw_features(wpa_s);
671 
672 	ieee802_1x_dealloc_kay_sm(wpa_s);
673 
674 	os_free(wpa_s->bssid_filter);
675 	wpa_s->bssid_filter = NULL;
676 
677 	os_free(wpa_s->disallow_aps_bssid);
678 	wpa_s->disallow_aps_bssid = NULL;
679 	os_free(wpa_s->disallow_aps_ssid);
680 	wpa_s->disallow_aps_ssid = NULL;
681 
682 	wnm_bss_keep_alive_deinit(wpa_s);
683 	wnm_btm_reset(wpa_s);
684 
685 	ext_password_deinit(wpa_s->ext_pw);
686 	wpa_s->ext_pw = NULL;
687 
688 	wpabuf_free(wpa_s->last_gas_resp);
689 	wpa_s->last_gas_resp = NULL;
690 	wpabuf_free(wpa_s->prev_gas_resp);
691 	wpa_s->prev_gas_resp = NULL;
692 
693 	os_free(wpa_s->last_scan_res);
694 	wpa_s->last_scan_res = NULL;
695 
696 #ifdef CONFIG_HS20
697 	if (wpa_s->drv_priv)
698 		wpa_drv_configure_frame_filters(wpa_s, 0);
699 	hs20_deinit(wpa_s);
700 #endif /* CONFIG_HS20 */
701 
702 	for (i = 0; i < NUM_VENDOR_ELEM_FRAMES; i++) {
703 		wpabuf_free(wpa_s->vendor_elem[i]);
704 		wpa_s->vendor_elem[i] = NULL;
705 	}
706 #ifndef CONFIG_NO_WMM_AC
707 	wmm_ac_notify_disassoc(wpa_s);
708 #endif /* ! CONFIG_NO_WMM_AC */
709 	wpa_s->sched_scan_plans_num = 0;
710 	os_free(wpa_s->sched_scan_plans);
711 	wpa_s->sched_scan_plans = NULL;
712 
713 #ifdef CONFIG_MBO
714 	wpa_s->non_pref_chan_num = 0;
715 	os_free(wpa_s->non_pref_chan);
716 	wpa_s->non_pref_chan = NULL;
717 #endif /* CONFIG_MBO */
718 
719 	free_bss_tmp_disallowed(wpa_s);
720 
721 	wpabuf_free(wpa_s->lci);
722 	wpa_s->lci = NULL;
723 #ifndef CONFIG_NO_RRM
724 	wpas_clear_beacon_rep_data(wpa_s);
725 #endif /* ! CONFIG_NO_RRM */
726 
727 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
728 #ifdef CONFIG_MESH
729 	{
730 		struct external_pmksa_cache *entry;
731 
732 		while ((entry = dl_list_last(&wpa_s->mesh_external_pmksa_cache,
733 					     struct external_pmksa_cache,
734 					     list)) != NULL) {
735 			dl_list_del(&entry->list);
736 			os_free(entry->pmksa_cache);
737 			os_free(entry);
738 		}
739 	}
740 #endif /* CONFIG_MESH */
741 #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
742 
743 	wpas_flush_fils_hlp_req(wpa_s);
744 
745 	wpabuf_free(wpa_s->ric_ies);
746 	wpa_s->ric_ies = NULL;
747 
748 #ifdef CONFIG_DPP
749 	wpas_dpp_deinit(wpa_s);
750 	dpp_global_deinit(wpa_s->dpp);
751 	wpa_s->dpp = NULL;
752 #endif /* CONFIG_DPP */
753 
754 #ifdef CONFIG_PASN
755 	wpas_pasn_auth_stop(wpa_s);
756 #endif /* CONFIG_PASN */
757 #ifdef CONFIG_ROBUST_AV
758 	wpas_scs_deinit(wpa_s);
759 	wpas_dscp_deinit(wpa_s);
760 #endif /* CONFIG_ROBUST_AV */
761 }
762 
763 
764 /**
765  * wpa_clear_keys - Clear keys configured for the driver
766  * @wpa_s: Pointer to wpa_supplicant data
767  * @addr: Previously used BSSID or %NULL if not available
768  *
769  * This function clears the encryption keys that has been previously configured
770  * for the driver.
771  */
wpa_clear_keys(struct wpa_supplicant * wpa_s,const u8 * addr)772 void wpa_clear_keys(struct wpa_supplicant *wpa_s, const u8 *addr)
773 {
774 	int i, max = 6;
775 
776 	/* MLME-DELETEKEYS.request */
777 	for (i = 0; i < max; i++) {
778 		if (wpa_s->keys_cleared & BIT(i))
779 			continue;
780 		wpa_drv_set_key(wpa_s, -1, WPA_ALG_NONE, NULL, i, 0, NULL, 0,
781 				NULL, 0, KEY_FLAG_GROUP);
782 	}
783 	/* Pairwise Key ID 1 for Extended Key ID is tracked in bit 15 */
784 	if (~wpa_s->keys_cleared & (BIT(0) | BIT(15)) && addr &&
785 	    !is_zero_ether_addr(addr)) {
786 		if (!(wpa_s->keys_cleared & BIT(0)))
787 			wpa_drv_set_key(wpa_s, -1, WPA_ALG_NONE, addr, 0, 0, NULL,
788 					0, NULL, 0, KEY_FLAG_PAIRWISE);
789 		if (!(wpa_s->keys_cleared & BIT(15)))
790 			wpa_drv_set_key(wpa_s, -1, WPA_ALG_NONE, addr, 1, 0, NULL,
791 					0, NULL, 0, KEY_FLAG_PAIRWISE);
792 		/* MLME-SETPROTECTION.request(None) */
793 		wpa_drv_mlme_setprotection(
794 			wpa_s, addr,
795 			MLME_SETPROTECTION_PROTECT_TYPE_NONE,
796 			MLME_SETPROTECTION_KEY_TYPE_PAIRWISE);
797 	}
798 	wpa_s->keys_cleared = (u32) -1;
799 }
800 
801 
802 /**
803  * wpa_supplicant_state_txt - Get the connection state name as a text string
804  * @state: State (wpa_state; WPA_*)
805  * Returns: The state name as a printable text string
806  */
wpa_supplicant_state_txt(enum wpa_states state)807 const char * wpa_supplicant_state_txt(enum wpa_states state)
808 {
809 	switch (state) {
810 	case WPA_DISCONNECTED:
811 		return "DISCONNECTED";
812 	case WPA_INACTIVE:
813 		return "INACTIVE";
814 	case WPA_INTERFACE_DISABLED:
815 		return "INTERFACE_DISABLED";
816 	case WPA_SCANNING:
817 		return "SCANNING";
818 	case WPA_AUTHENTICATING:
819 		return "AUTHENTICATING";
820 	case WPA_ASSOCIATING:
821 		return "ASSOCIATING";
822 	case WPA_ASSOCIATED:
823 		return "ASSOCIATED";
824 	case WPA_4WAY_HANDSHAKE:
825 		return "4WAY_HANDSHAKE";
826 	case WPA_GROUP_HANDSHAKE:
827 		return "GROUP_HANDSHAKE";
828 	case WPA_COMPLETED:
829 		return "COMPLETED";
830 	default:
831 		return "UNKNOWN";
832 	}
833 }
834 
835 
836 #ifdef CONFIG_BGSCAN
837 
wpa_supplicant_stop_bgscan(struct wpa_supplicant * wpa_s)838 static void wpa_supplicant_stop_bgscan(struct wpa_supplicant *wpa_s)
839 {
840 	if (wpa_s->bgscan_ssid) {
841 		bgscan_deinit(wpa_s);
842 		wpa_s->bgscan_ssid = NULL;
843 	}
844 }
845 
846 
847 /**
848  * wpa_supplicant_reset_bgscan - Reset the bgscan for the current SSID.
849  * @wpa_s: Pointer to the wpa_supplicant data
850  *
851  * Stop, start, or reconfigure the scan parameters depending on the method.
852  */
wpa_supplicant_reset_bgscan(struct wpa_supplicant * wpa_s)853 void wpa_supplicant_reset_bgscan(struct wpa_supplicant *wpa_s)
854 {
855 	const char *name;
856 
857 	if (wpa_s->current_ssid && wpa_s->current_ssid->bgscan)
858 		name = wpa_s->current_ssid->bgscan;
859 	else
860 		name = wpa_s->conf->bgscan;
861 	if (!name || name[0] == '\0') {
862 		wpa_supplicant_stop_bgscan(wpa_s);
863 		return;
864 	}
865 	if (wpas_driver_bss_selection(wpa_s))
866 		return;
867 #ifdef CONFIG_P2P
868 	if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE)
869 		return;
870 #endif /* CONFIG_P2P */
871 
872 	bgscan_deinit(wpa_s);
873 	if (wpa_s->current_ssid) {
874 		if (bgscan_init(wpa_s, wpa_s->current_ssid, name)) {
875 			wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
876 				"bgscan");
877 			/*
878 			 * Live without bgscan; it is only used as a roaming
879 			 * optimization, so the initial connection is not
880 			 * affected.
881 			 */
882 		} else {
883 			struct wpa_scan_results *scan_res;
884 			wpa_s->bgscan_ssid = wpa_s->current_ssid;
885 			scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL,
886 								   0);
887 			if (scan_res) {
888 				bgscan_notify_scan(wpa_s, scan_res);
889 				wpa_scan_results_free(scan_res);
890 			}
891 		}
892 	} else
893 		wpa_s->bgscan_ssid = NULL;
894 }
895 
896 #endif /* CONFIG_BGSCAN */
897 
898 
wpa_supplicant_start_autoscan(struct wpa_supplicant * wpa_s)899 static void wpa_supplicant_start_autoscan(struct wpa_supplicant *wpa_s)
900 {
901 	if (autoscan_init(wpa_s, 0))
902 		wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize autoscan");
903 }
904 
905 
wpa_supplicant_stop_autoscan(struct wpa_supplicant * wpa_s)906 static void wpa_supplicant_stop_autoscan(struct wpa_supplicant *wpa_s)
907 {
908 	autoscan_deinit(wpa_s);
909 }
910 
911 
wpa_supplicant_reinit_autoscan(struct wpa_supplicant * wpa_s)912 void wpa_supplicant_reinit_autoscan(struct wpa_supplicant *wpa_s)
913 {
914 	if (wpa_s->wpa_state == WPA_DISCONNECTED ||
915 	    wpa_s->wpa_state == WPA_SCANNING) {
916 		autoscan_deinit(wpa_s);
917 		wpa_supplicant_start_autoscan(wpa_s);
918 	}
919 }
920 
wpas_verify_ssid_beacon(void * eloop_ctx,void * timeout_ctx)921 static void wpas_verify_ssid_beacon(void *eloop_ctx, void *timeout_ctx)
922 {
923 	struct wpa_supplicant *wpa_s = eloop_ctx;
924 	struct wpa_bss *bss;
925 	const u8 *ssid;
926 	size_t ssid_len;
927 
928 	if (!wpa_s->current_ssid || !wpa_s->current_bss)
929 		return;
930 
931 	ssid = wpa_s->current_bss->ssid;
932 	ssid_len = wpa_s->current_bss->ssid_len;
933 
934 	if (wpa_s->current_ssid->ssid_len &&
935 	    (wpa_s->current_ssid->ssid_len != ssid_len ||
936 	     os_memcmp(wpa_s->current_ssid->ssid, ssid, ssid_len) != 0))
937 		return;
938 
939 	if (wpa_s->wpa_state < WPA_4WAY_HANDSHAKE ||
940 	    !wpa_s->bigtk_set || wpa_s->ssid_verified)
941 		return;
942 
943 	wpa_printf(MSG_DEBUG,
944 		   "SSID not yet verified; check if the driver has received a verified Beacon frame");
945 	if (wpa_supplicant_update_scan_results(wpa_s, wpa_s->bssid) < 0)
946 		return;
947 
948 	bss = wpa_bss_get_bssid_latest(wpa_s, wpa_s->bssid);
949 	if (!bss)
950 		return;
951 	wpa_printf(MSG_DEBUG, "The current beacon time stamp: 0x%llx",
952 		   (long long unsigned int) bss->tsf);
953 	if (bss->tsf > wpa_s->first_beacon_tsf) {
954 		const u8 *ie;
955 
956 		wpa_printf(MSG_DEBUG,
957 			   "Verified Beacon frame has been received");
958 		wpa_s->beacons_checked++;
959 
960 		ie = wpa_bss_get_ie_beacon(bss, WLAN_EID_SSID);
961 		if (ie && ie[1] == ssid_len &&
962 		    os_memcmp(&ie[2], ssid, ssid_len) == 0) {
963 			wpa_printf(MSG_DEBUG,
964 				   "SSID verified based on a Beacon frame and beacon protection");
965 			wpa_s->ssid_verified = true;
966 			return;
967 		}
968 
969 		/* TODO: Multiple BSSID element */
970 	}
971 
972 	if (wpa_s->beacons_checked < 16)
973 		eloop_register_timeout(1, 0, wpas_verify_ssid_beacon,
974 				       wpa_s, NULL);
975 }
976 
977 
wpas_verify_ssid_beacon_prot(struct wpa_supplicant * wpa_s)978 static void wpas_verify_ssid_beacon_prot(struct wpa_supplicant *wpa_s)
979 {
980 	struct wpa_bss *bss;
981 
982 	wpa_printf(MSG_DEBUG,
983 		   "SSID not yet verified; try to verify using beacon protection");
984 	/* Fetch the current scan result which is likely based on not yet
985 	 * verified payload since the current BIGTK was just received. Any
986 	 * newer update in the future with a larger timestamp value is an
987 	 * indication that a verified Beacon frame has been received. */
988 	if (wpa_supplicant_update_scan_results(wpa_s, wpa_s->bssid) < 0)
989 		return;
990 
991 	bss = wpa_bss_get_bssid_latest(wpa_s, wpa_s->bssid);
992 	if (!bss)
993 		return;
994 	wpa_printf(MSG_DEBUG, "The initial beacon time stamp: 0x%llx",
995 		   (long long unsigned int) bss->tsf);
996 	wpa_s->first_beacon_tsf = bss->tsf;
997 	wpa_s->beacons_checked = 0;
998 	eloop_cancel_timeout(wpas_verify_ssid_beacon, wpa_s, NULL);
999 	eloop_register_timeout(1, 0, wpas_verify_ssid_beacon, wpa_s, NULL);
1000 }
1001 
1002 /**
1003  * wpa_supplicant_set_state - Set current connection state
1004  * @wpa_s: Pointer to wpa_supplicant data
1005  * @state: The new connection state
1006  *
1007  * This function is called whenever the connection state changes, e.g.,
1008  * association is completed for WPA/WPA2 4-Way Handshake is started.
1009  */
wpa_supplicant_set_state(struct wpa_supplicant * wpa_s,enum wpa_states state)1010 void wpa_supplicant_set_state(struct wpa_supplicant *wpa_s,
1011 			      enum wpa_states state)
1012 {
1013 	enum wpa_states old_state = wpa_s->wpa_state;
1014 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
1015 	bool update_fils_connect_params = false;
1016 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
1017 
1018 	wpa_dbg(wpa_s, MSG_DEBUG, "State: %s -> %s",
1019 		wpa_supplicant_state_txt(wpa_s->wpa_state),
1020 		wpa_supplicant_state_txt(state));
1021 
1022 	if (state == WPA_COMPLETED &&
1023 	    os_reltime_initialized(&wpa_s->roam_start)) {
1024 		os_reltime_age(&wpa_s->roam_start, &wpa_s->roam_time);
1025 		wpa_s->roam_start.sec = 0;
1026 		wpa_s->roam_start.usec = 0;
1027 		wpas_notify_auth_changed(wpa_s);
1028 		wpas_notify_roam_time(wpa_s);
1029 		wpas_notify_roam_complete(wpa_s);
1030 	} else if (state == WPA_DISCONNECTED &&
1031 		   os_reltime_initialized(&wpa_s->roam_start)) {
1032 		wpa_s->roam_start.sec = 0;
1033 		wpa_s->roam_start.usec = 0;
1034 		wpa_s->roam_time.sec = 0;
1035 		wpa_s->roam_time.usec = 0;
1036 		wpas_notify_roam_complete(wpa_s);
1037 	}
1038 
1039 	if (state == WPA_INTERFACE_DISABLED) {
1040 		/* Assure normal scan when interface is restored */
1041 		wpa_s->normal_scans = 0;
1042 	}
1043 
1044 	if (state == WPA_COMPLETED) {
1045 		wpas_connect_work_done(wpa_s);
1046 		/* Reinitialize normal_scan counter */
1047 		wpa_s->normal_scans = 0;
1048 	}
1049 
1050 #ifdef CONFIG_P2P
1051 	/*
1052 	 * P2PS client has to reply to Probe Request frames received on the
1053 	 * group operating channel. Enable Probe Request frame reporting for
1054 	 * P2P connected client in case p2p_cli_probe configuration property is
1055 	 * set to 1.
1056 	 */
1057 	if (wpa_s->conf->p2p_cli_probe && wpa_s->current_ssid &&
1058 	    wpa_s->current_ssid->mode == WPAS_MODE_INFRA &&
1059 	    wpa_s->current_ssid->p2p_group) {
1060 		if (state == WPA_COMPLETED && !wpa_s->p2p_cli_probe) {
1061 			wpa_dbg(wpa_s, MSG_DEBUG,
1062 				"P2P: Enable CLI Probe Request RX reporting");
1063 			wpa_s->p2p_cli_probe =
1064 				wpa_drv_probe_req_report(wpa_s, 1) >= 0;
1065 		} else if (state != WPA_COMPLETED && wpa_s->p2p_cli_probe) {
1066 			wpa_dbg(wpa_s, MSG_DEBUG,
1067 				"P2P: Disable CLI Probe Request RX reporting");
1068 			wpa_s->p2p_cli_probe = 0;
1069 			wpa_drv_probe_req_report(wpa_s, 0);
1070 		}
1071 	}
1072 #endif /* CONFIG_P2P */
1073 
1074 	if (state != WPA_SCANNING)
1075 		wpa_supplicant_notify_scanning(wpa_s, 0);
1076 
1077 	if (state == WPA_COMPLETED && wpa_s->new_connection) {
1078 		struct wpa_ssid *ssid = wpa_s->current_ssid;
1079 		int fils_hlp_sent = 0;
1080 
1081 #ifdef CONFIG_SME
1082 		if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
1083 		    wpa_auth_alg_fils(wpa_s->sme.auth_alg))
1084 			fils_hlp_sent = 1;
1085 #endif /* CONFIG_SME */
1086 		if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
1087 		    wpa_auth_alg_fils(wpa_s->auth_alg))
1088 			fils_hlp_sent = 1;
1089 
1090 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
1091 		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_CONNECTED "- Connection to "
1092 			MACSTR " completed [id=%d id_str=%s%s]",
1093 			MAC2STR(wpa_s->bssid),
1094 			ssid ? ssid->id : -1,
1095 			ssid && ssid->id_str ? ssid->id_str : "",
1096 			fils_hlp_sent ? " FILS_HLP_SENT" : "");
1097 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
1098 		wpas_clear_temp_disabled(wpa_s, ssid, 1);
1099 		wpa_s->consecutive_conn_failures = 0;
1100 		wpa_s->new_connection = 0;
1101 		wpa_drv_set_operstate(wpa_s, 1);
1102 #ifndef IEEE8021X_EAPOL
1103 		wpa_drv_set_supp_port(wpa_s, 1);
1104 #endif /* IEEE8021X_EAPOL */
1105 		wpa_s->after_wps = 0;
1106 		wpa_s->known_wps_freq = 0;
1107 		wpas_p2p_completed(wpa_s);
1108 
1109 		sme_sched_obss_scan(wpa_s, 1);
1110 
1111 #ifdef __ZEPHYR__
1112 		supplicant_send_wifi_mgmt_conn_event(wpa_s, 0);
1113 #endif /* __ZEPHYR__ */
1114 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
1115 		if (!fils_hlp_sent && ssid && ssid->eap.erp)
1116 			update_fils_connect_params = true;
1117 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
1118 #ifdef CONFIG_OWE
1119 		if (ssid && (ssid->key_mgmt & WPA_KEY_MGMT_OWE))
1120 			wpas_update_owe_connect_params(wpa_s);
1121 #endif /* CONFIG_OWE */
1122 	} else if (state == WPA_DISCONNECTED || state == WPA_ASSOCIATING ||
1123 		   state == WPA_ASSOCIATED) {
1124 		wpa_s->new_connection = 1;
1125 		wpa_drv_set_operstate(wpa_s, 0);
1126 #ifndef IEEE8021X_EAPOL
1127 		wpa_drv_set_supp_port(wpa_s, 0);
1128 #endif /* IEEE8021X_EAPOL */
1129 		sme_sched_obss_scan(wpa_s, 0);
1130 	}
1131 	wpa_s->wpa_state = state;
1132 
1133 #ifdef CONFIG_BGSCAN
1134 	if (state == WPA_COMPLETED && wpa_s->current_ssid != wpa_s->bgscan_ssid)
1135 		wpa_supplicant_reset_bgscan(wpa_s);
1136 	else if (state < WPA_ASSOCIATED)
1137 		wpa_supplicant_stop_bgscan(wpa_s);
1138 #endif /* CONFIG_BGSCAN */
1139 
1140 	if (state > WPA_SCANNING)
1141 		wpa_supplicant_stop_autoscan(wpa_s);
1142 
1143 	if (state == WPA_DISCONNECTED || state == WPA_INACTIVE)
1144 		wpa_supplicant_start_autoscan(wpa_s);
1145 
1146 #ifndef CONFIG_NO_WMM_AC
1147 	if (old_state >= WPA_ASSOCIATED && wpa_s->wpa_state < WPA_ASSOCIATED)
1148 		wmm_ac_notify_disassoc(wpa_s);
1149 #endif /* ! CONFIG_NO_WMM_AC */
1150 	if (wpa_s->wpa_state != old_state) {
1151 		wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
1152 
1153 		/*
1154 		 * Notify the P2P Device interface about a state change in one
1155 		 * of the interfaces.
1156 		 */
1157 		wpas_p2p_indicate_state_change(wpa_s);
1158 
1159 		if (wpa_s->wpa_state == WPA_COMPLETED ||
1160 		    old_state == WPA_COMPLETED)
1161 			wpas_notify_auth_changed(wpa_s);
1162 #ifdef CONFIG_DPP2
1163 		if (wpa_s->wpa_state == WPA_COMPLETED)
1164 			wpas_dpp_connected(wpa_s);
1165 #endif /* CONFIG_DPP2 */
1166 
1167 		if (wpa_s->wpa_state == WPA_COMPLETED &&
1168 		    wpa_s->bigtk_set && !wpa_s->ssid_verified)
1169 			wpas_verify_ssid_beacon_prot(wpa_s);
1170 	}
1171 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
1172 	if (update_fils_connect_params)
1173 		wpas_update_fils_connect_params(wpa_s);
1174 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
1175 }
1176 
1177 
wpa_supplicant_terminate_proc(struct wpa_global * global)1178 void wpa_supplicant_terminate_proc(struct wpa_global *global)
1179 {
1180 	int pending = 0;
1181 #ifdef CONFIG_WPS
1182 	struct wpa_supplicant *wpa_s = global->ifaces;
1183 	while (wpa_s) {
1184 		struct wpa_supplicant *next = wpa_s->next;
1185 		if (wpas_wps_terminate_pending(wpa_s) == 1)
1186 			pending = 1;
1187 #ifdef CONFIG_P2P
1188 		if (wpa_s->p2p_group_interface != NOT_P2P_GROUP_INTERFACE ||
1189 		    (wpa_s->current_ssid && wpa_s->current_ssid->p2p_group))
1190 			wpas_p2p_disconnect(wpa_s);
1191 #endif /* CONFIG_P2P */
1192 		wpa_s = next;
1193 	}
1194 #endif /* CONFIG_WPS */
1195 	if (pending)
1196 		return;
1197 	eloop_terminate();
1198 }
1199 
1200 
wpa_supplicant_terminate(int sig,void * signal_ctx)1201 static void wpa_supplicant_terminate(int sig, void *signal_ctx)
1202 {
1203 	struct wpa_global *global = signal_ctx;
1204 	wpa_supplicant_terminate_proc(global);
1205 }
1206 
1207 
wpa_supplicant_clear_status(struct wpa_supplicant * wpa_s)1208 void wpa_supplicant_clear_status(struct wpa_supplicant *wpa_s)
1209 {
1210 	enum wpa_states old_state = wpa_s->wpa_state;
1211 	enum wpa_states new_state;
1212 
1213 	if (old_state == WPA_SCANNING)
1214 		new_state = WPA_SCANNING;
1215 	else
1216 		new_state = WPA_DISCONNECTED;
1217 
1218 	wpa_s->pairwise_cipher = 0;
1219 	wpa_s->group_cipher = 0;
1220 	wpa_s->mgmt_group_cipher = 0;
1221 	wpa_s->key_mgmt = 0;
1222 	if (wpa_s->wpa_state != WPA_INTERFACE_DISABLED)
1223 		wpa_supplicant_set_state(wpa_s, new_state);
1224 
1225 	if (wpa_s->wpa_state != old_state)
1226 		wpas_notify_state_changed(wpa_s, wpa_s->wpa_state, old_state);
1227 }
1228 
1229 
1230 /**
1231  * wpa_supplicant_reload_configuration - Reload configuration data
1232  * @wpa_s: Pointer to wpa_supplicant data
1233  * Returns: 0 on success or -1 if configuration parsing failed
1234  *
1235  * This function can be used to request that the configuration data is reloaded
1236  * (e.g., after configuration file change). This function is reloading
1237  * configuration only for one interface, so this may need to be called multiple
1238  * times if %wpa_supplicant is controlling multiple interfaces and all
1239  * interfaces need reconfiguration.
1240  */
wpa_supplicant_reload_configuration(struct wpa_supplicant * wpa_s)1241 int wpa_supplicant_reload_configuration(struct wpa_supplicant *wpa_s)
1242 {
1243 	struct wpa_config *conf;
1244 	int reconf_ctrl;
1245 	int old_ap_scan;
1246 
1247 	if (wpa_s->confname == NULL)
1248 		return -1;
1249 	conf = wpa_config_read(wpa_s->confname, NULL, false);
1250 	if (conf == NULL) {
1251 		wpa_msg(wpa_s, MSG_ERROR, "Failed to parse the configuration "
1252 			"file '%s' - exiting", wpa_s->confname);
1253 		return -1;
1254 	}
1255 	if (wpa_s->confanother &&
1256 	    !wpa_config_read(wpa_s->confanother, conf, true)) {
1257 		wpa_msg(wpa_s, MSG_ERROR,
1258 			"Failed to parse the configuration file '%s' - exiting",
1259 			wpa_s->confanother);
1260 		os_free(conf);
1261 		return -1;
1262 	}
1263 
1264 	conf->changed_parameters = (unsigned int) -1;
1265 
1266 	reconf_ctrl = !!conf->ctrl_interface != !!wpa_s->conf->ctrl_interface
1267 		|| (conf->ctrl_interface && wpa_s->conf->ctrl_interface &&
1268 		    os_strcmp(conf->ctrl_interface,
1269 			      wpa_s->conf->ctrl_interface) != 0);
1270 
1271 	if (reconf_ctrl) {
1272 		wpa_supplicant_ctrl_iface_deinit(wpa_s, wpa_s->ctrl_iface);
1273 		wpa_s->ctrl_iface = NULL;
1274 	}
1275 
1276 	eapol_sm_invalidate_cached_session(wpa_s->eapol);
1277 	if (wpa_s->current_ssid) {
1278 		if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
1279 			wpa_s->own_disconnect_req = 1;
1280 		wpa_supplicant_deauthenticate(wpa_s,
1281 					      WLAN_REASON_DEAUTH_LEAVING);
1282 	}
1283 
1284 	/*
1285 	 * TODO: should notify EAPOL SM about changes in opensc_engine_path,
1286 	 * pkcs11_engine_path, pkcs11_module_path, openssl_ciphers.
1287 	 */
1288 	if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
1289 	    wpa_s->key_mgmt == WPA_KEY_MGMT_OWE ||
1290 	    wpa_s->key_mgmt == WPA_KEY_MGMT_DPP) {
1291 		/*
1292 		 * Clear forced success to clear EAP state for next
1293 		 * authentication.
1294 		 */
1295 		eapol_sm_notify_eap_success(wpa_s->eapol, false);
1296 	}
1297 	eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
1298 	wpa_sm_set_config(wpa_s->wpa, NULL);
1299 	wpa_sm_pmksa_cache_flush(wpa_s->wpa, NULL);
1300 	wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
1301 	rsn_preauth_deinit(wpa_s->wpa);
1302 
1303 	old_ap_scan = wpa_s->conf->ap_scan;
1304 	wpa_config_free(wpa_s->conf);
1305 	wpa_s->conf = conf;
1306 	if (old_ap_scan != wpa_s->conf->ap_scan)
1307 		wpas_notify_ap_scan_changed(wpa_s);
1308 
1309 	if (reconf_ctrl)
1310 		wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
1311 
1312 	wpa_supplicant_update_config(wpa_s);
1313 
1314 	wpa_supplicant_clear_status(wpa_s);
1315 	if (wpa_supplicant_enabled_networks(wpa_s)) {
1316 		wpa_s->reassociate = 1;
1317 		wpa_supplicant_req_scan(wpa_s, 0, 0);
1318 	}
1319 	wpa_bssid_ignore_clear(wpa_s);
1320 	wpa_dbg(wpa_s, MSG_DEBUG, "Reconfiguration completed");
1321 	return 0;
1322 }
1323 
1324 
wpa_supplicant_reconfig(int sig,void * signal_ctx)1325 static void wpa_supplicant_reconfig(int sig, void *signal_ctx)
1326 {
1327 	struct wpa_global *global = signal_ctx;
1328 	struct wpa_supplicant *wpa_s;
1329 	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
1330 		wpa_dbg(wpa_s, MSG_DEBUG, "Signal %d received - reconfiguring",
1331 			sig);
1332 		if (wpa_supplicant_reload_configuration(wpa_s) < 0) {
1333 			wpa_supplicant_terminate_proc(global);
1334 		}
1335 	}
1336 
1337 	if (wpa_debug_reopen_file() < 0) {
1338 		/* Ignore errors since we cannot really do much to fix this */
1339 		wpa_printf(MSG_DEBUG, "Could not reopen debug log file");
1340 	}
1341 }
1342 
1343 
wpa_supplicant_suites_from_ai(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,struct wpa_ie_data * ie)1344 static int wpa_supplicant_suites_from_ai(struct wpa_supplicant *wpa_s,
1345 					 struct wpa_ssid *ssid,
1346 					 struct wpa_ie_data *ie)
1347 {
1348 	int ret = wpa_sm_parse_own_wpa_ie(wpa_s->wpa, ie);
1349 	if (ret) {
1350 		if (ret == -2) {
1351 			wpa_msg(wpa_s, MSG_INFO, "WPA: Failed to parse WPA IE "
1352 				"from association info");
1353 		}
1354 		return -1;
1355 	}
1356 
1357 	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Using WPA IE from AssocReq to set "
1358 		"cipher suites");
1359 	if (!(ie->group_cipher & ssid->group_cipher)) {
1360 		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled group "
1361 			"cipher 0x%x (mask 0x%x) - reject",
1362 			ie->group_cipher, ssid->group_cipher);
1363 		return -1;
1364 	}
1365 	if (!(ie->pairwise_cipher & ssid->pairwise_cipher)) {
1366 		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled pairwise "
1367 			"cipher 0x%x (mask 0x%x) - reject",
1368 			ie->pairwise_cipher, ssid->pairwise_cipher);
1369 		return -1;
1370 	}
1371 	if (!(ie->key_mgmt & ssid->key_mgmt)) {
1372 		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver used disabled key "
1373 			"management 0x%x (mask 0x%x) - reject",
1374 			ie->key_mgmt, ssid->key_mgmt);
1375 		return -1;
1376 	}
1377 
1378 	if (!(ie->capabilities & WPA_CAPABILITY_MFPC) &&
1379 	    wpas_get_ssid_pmf(wpa_s, ssid) == MGMT_FRAME_PROTECTION_REQUIRED) {
1380 		wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
1381 			"that does not support management frame protection - "
1382 			"reject");
1383 		return -1;
1384 	}
1385 
1386 	return 0;
1387 }
1388 
1389 
matching_ciphers(struct wpa_ssid * ssid,struct wpa_ie_data * ie,int freq)1390 static int matching_ciphers(struct wpa_ssid *ssid, struct wpa_ie_data *ie,
1391 			    int freq)
1392 {
1393 	if (!ie->has_group)
1394 		ie->group_cipher = wpa_default_rsn_cipher(freq);
1395 	if (!ie->has_pairwise)
1396 		ie->pairwise_cipher = wpa_default_rsn_cipher(freq);
1397 	return (ie->group_cipher & ssid->group_cipher) &&
1398 		(ie->pairwise_cipher & ssid->pairwise_cipher);
1399 }
1400 
1401 
wpas_set_mgmt_group_cipher(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,struct wpa_ie_data * ie)1402 void wpas_set_mgmt_group_cipher(struct wpa_supplicant *wpa_s,
1403 				struct wpa_ssid *ssid, struct wpa_ie_data *ie)
1404 {
1405 	int sel;
1406 
1407 	sel = ie->mgmt_group_cipher;
1408 	if (ssid->group_mgmt_cipher)
1409 		sel &= ssid->group_mgmt_cipher;
1410 	if (wpas_get_ssid_pmf(wpa_s, ssid) == NO_MGMT_FRAME_PROTECTION ||
1411 	    !(ie->capabilities & WPA_CAPABILITY_MFPC))
1412 		sel = 0;
1413 	wpa_dbg(wpa_s, MSG_DEBUG,
1414 		"WPA: AP mgmt_group_cipher 0x%x network profile mgmt_group_cipher 0x%x; available mgmt_group_cipher 0x%x",
1415 		ie->mgmt_group_cipher, ssid->group_mgmt_cipher, sel);
1416 	if (sel & WPA_CIPHER_AES_128_CMAC) {
1417 		wpa_s->mgmt_group_cipher = WPA_CIPHER_AES_128_CMAC;
1418 		wpa_dbg(wpa_s, MSG_DEBUG,
1419 			"WPA: using MGMT group cipher AES-128-CMAC");
1420 	} else if (sel & WPA_CIPHER_BIP_GMAC_128) {
1421 		wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_GMAC_128;
1422 		wpa_dbg(wpa_s, MSG_DEBUG,
1423 			"WPA: using MGMT group cipher BIP-GMAC-128");
1424 	} else if (sel & WPA_CIPHER_BIP_GMAC_256) {
1425 		wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_GMAC_256;
1426 		wpa_dbg(wpa_s, MSG_DEBUG,
1427 			"WPA: using MGMT group cipher BIP-GMAC-256");
1428 	} else if (sel & WPA_CIPHER_BIP_CMAC_256) {
1429 		wpa_s->mgmt_group_cipher = WPA_CIPHER_BIP_CMAC_256;
1430 		wpa_dbg(wpa_s, MSG_DEBUG,
1431 			"WPA: using MGMT group cipher BIP-CMAC-256");
1432 	} else {
1433 		wpa_s->mgmt_group_cipher = 0;
1434 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: not using MGMT group cipher");
1435 	}
1436 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
1437 			 wpa_s->mgmt_group_cipher);
1438 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP,
1439 			 wpas_get_ssid_pmf(wpa_s, ssid));
1440 }
1441 
1442 /**
1443  * wpa_supplicant_get_psk - Get PSK from config or external database
1444  * @wpa_s: Pointer to wpa_supplicant data
1445  * @bss: Scan results for the selected BSS, or %NULL if not available
1446  * @ssid: Configuration data for the selected network
1447  * @psk: Buffer for the PSK
1448  * Returns: 0 on success or -1 if configuration parsing failed
1449  *
1450  * This function obtains the PSK for a network, either included inline in the
1451  * config or retrieved from an external database.
1452  */
wpa_supplicant_get_psk(struct wpa_supplicant * wpa_s,struct wpa_bss * bss,struct wpa_ssid * ssid,u8 * psk)1453 static int wpa_supplicant_get_psk(struct wpa_supplicant *wpa_s,
1454 				  struct wpa_bss *bss, struct wpa_ssid *ssid,
1455 				  u8 *psk)
1456 {
1457 	if (ssid->psk_set) {
1458 		wpa_hexdump_key(MSG_MSGDUMP, "PSK (set in config)",
1459 				ssid->psk, PMK_LEN);
1460 		os_memcpy(psk, ssid->psk, PMK_LEN);
1461 		return 0;
1462 	}
1463 
1464 #ifndef CONFIG_NO_PBKDF2
1465 	if (bss && ssid->bssid_set && ssid->ssid_len == 0 && ssid->passphrase) {
1466 		if (pbkdf2_sha1(ssid->passphrase, bss->ssid, bss->ssid_len,
1467 				4096, psk, PMK_LEN) != 0) {
1468 			wpa_msg(wpa_s, MSG_WARNING, "Error in pbkdf2_sha1()");
1469 			return -1;
1470 		}
1471 		wpa_hexdump_key(MSG_MSGDUMP, "PSK (from passphrase)",
1472 				psk, PMK_LEN);
1473 		return 0;
1474 	}
1475 #endif /* CONFIG_NO_PBKDF2 */
1476 
1477 #ifdef CONFIG_EXT_PASSWORD
1478 	if (ssid->ext_psk) {
1479 		struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
1480 						     ssid->ext_psk);
1481 		char pw_str[64 + 1];
1482 
1483 		if (!pw) {
1484 			wpa_msg(wpa_s, MSG_INFO,
1485 				"EXT PW: No PSK found from external storage");
1486 			return -1;
1487 		}
1488 
1489 		if (wpabuf_len(pw) < 8 || wpabuf_len(pw) > 64) {
1490 			wpa_msg(wpa_s, MSG_INFO,
1491 				"EXT PW: Unexpected PSK length %d in external storage",
1492 				(int) wpabuf_len(pw));
1493 			ext_password_free(pw);
1494 			return -1;
1495 		}
1496 
1497 		os_memcpy(pw_str, wpabuf_head(pw), wpabuf_len(pw));
1498 		pw_str[wpabuf_len(pw)] = '\0';
1499 
1500 #ifndef CONFIG_NO_PBKDF2
1501 		if (wpabuf_len(pw) >= 8 && wpabuf_len(pw) < 64 && bss)
1502 		{
1503 			if (pbkdf2_sha1(pw_str, bss->ssid, bss->ssid_len,
1504 					4096, psk, PMK_LEN) != 0) {
1505 				wpa_msg(wpa_s, MSG_WARNING,
1506 					"Error in pbkdf2_sha1()");
1507 				forced_memzero(pw_str, sizeof(pw_str));
1508 				ext_password_free(pw);
1509 				return -1;
1510 			}
1511 			wpa_hexdump_key(MSG_MSGDUMP,
1512 					"PSK (from external passphrase)",
1513 					psk, PMK_LEN);
1514 		} else
1515 #endif /* CONFIG_NO_PBKDF2 */
1516 		if (wpabuf_len(pw) == 2 * PMK_LEN) {
1517 			if (hexstr2bin(pw_str, psk, PMK_LEN) < 0) {
1518 				wpa_msg(wpa_s, MSG_INFO,
1519 					"EXT PW: Invalid PSK hex string");
1520 				forced_memzero(pw_str, sizeof(pw_str));
1521 				ext_password_free(pw);
1522 				return -1;
1523 			}
1524 			wpa_hexdump_key(MSG_MSGDUMP, "PSK (from external PSK)",
1525 					psk, PMK_LEN);
1526 		} else {
1527 			wpa_msg(wpa_s, MSG_INFO,
1528 				"EXT PW: No suitable PSK available");
1529 			forced_memzero(pw_str, sizeof(pw_str));
1530 			ext_password_free(pw);
1531 			return -1;
1532 		}
1533 
1534 		forced_memzero(pw_str, sizeof(pw_str));
1535 		ext_password_free(pw);
1536 
1537 		return 0;
1538 	}
1539 #endif /* CONFIG_EXT_PASSWORD */
1540 
1541 	return -1;
1542 }
1543 
1544 
wpas_update_allowed_key_mgmt(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)1545 static void wpas_update_allowed_key_mgmt(struct wpa_supplicant *wpa_s,
1546 					 struct wpa_ssid *ssid)
1547 {
1548 	int akm_count = wpa_s->max_num_akms;
1549 	u8 capab = 0;
1550 
1551 	if (akm_count < 2)
1552 		return;
1553 
1554 	akm_count--;
1555 	wpa_s->allowed_key_mgmts = 0;
1556 	switch (wpa_s->key_mgmt) {
1557 	case WPA_KEY_MGMT_PSK:
1558 		if (ssid->key_mgmt & WPA_KEY_MGMT_SAE) {
1559 			akm_count--;
1560 			wpa_s->allowed_key_mgmts |= WPA_KEY_MGMT_SAE;
1561 		}
1562 		if (!akm_count)
1563 			break;
1564 		if (ssid->key_mgmt & WPA_KEY_MGMT_SAE_EXT_KEY) {
1565 			akm_count--;
1566 			wpa_s->allowed_key_mgmts |= WPA_KEY_MGMT_SAE_EXT_KEY;
1567 		}
1568 		if (!akm_count)
1569 			break;
1570 		if (ssid->key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
1571 			wpa_s->allowed_key_mgmts |=
1572 				WPA_KEY_MGMT_PSK_SHA256;
1573 		break;
1574 	case WPA_KEY_MGMT_PSK_SHA256:
1575 		if (ssid->key_mgmt & WPA_KEY_MGMT_SAE) {
1576 			akm_count--;
1577 			wpa_s->allowed_key_mgmts |= WPA_KEY_MGMT_SAE;
1578 		}
1579 		if (!akm_count)
1580 			break;
1581 		if (ssid->key_mgmt & WPA_KEY_MGMT_SAE_EXT_KEY) {
1582 			akm_count--;
1583 			wpa_s->allowed_key_mgmts |= WPA_KEY_MGMT_SAE_EXT_KEY;
1584 		}
1585 		if (!akm_count)
1586 			break;
1587 		if (ssid->key_mgmt & WPA_KEY_MGMT_PSK)
1588 			wpa_s->allowed_key_mgmts |= WPA_KEY_MGMT_PSK;
1589 		break;
1590 	case WPA_KEY_MGMT_SAE:
1591 		if (ssid->key_mgmt & WPA_KEY_MGMT_PSK) {
1592 			akm_count--;
1593 			wpa_s->allowed_key_mgmts |= WPA_KEY_MGMT_PSK;
1594 		}
1595 		if (!akm_count)
1596 			break;
1597 		if (ssid->key_mgmt & WPA_KEY_MGMT_SAE_EXT_KEY) {
1598 			akm_count--;
1599 			wpa_s->allowed_key_mgmts |= WPA_KEY_MGMT_SAE_EXT_KEY;
1600 		}
1601 		if (!akm_count)
1602 			break;
1603 		if (ssid->key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
1604 			wpa_s->allowed_key_mgmts |=
1605 				WPA_KEY_MGMT_PSK_SHA256;
1606 		break;
1607 	case WPA_KEY_MGMT_SAE_EXT_KEY:
1608 		if (ssid->key_mgmt & WPA_KEY_MGMT_SAE) {
1609 			akm_count--;
1610 			wpa_s->allowed_key_mgmts |= WPA_KEY_MGMT_SAE;
1611 		}
1612 		if (!akm_count)
1613 			break;
1614 		if (ssid->key_mgmt & WPA_KEY_MGMT_PSK) {
1615 			akm_count--;
1616 			wpa_s->allowed_key_mgmts |= WPA_KEY_MGMT_PSK;
1617 		}
1618 		if (!akm_count)
1619 			break;
1620 		if (ssid->key_mgmt & WPA_KEY_MGMT_PSK_SHA256)
1621 			wpa_s->allowed_key_mgmts |=
1622 				WPA_KEY_MGMT_PSK_SHA256;
1623 		break;
1624 	default:
1625 		return;
1626 	}
1627 
1628 	if (wpa_s->conf->sae_pwe != SAE_PWE_HUNT_AND_PECK &&
1629 	    wpa_s->conf->sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK)
1630 		capab |= BIT(WLAN_RSNX_CAPAB_SAE_H2E);
1631 #ifdef CONFIG_SAE_PK
1632 	if (ssid->sae_pk)
1633 		capab |= BIT(WLAN_RSNX_CAPAB_SAE_PK);
1634 #endif /* CONFIG_SAE_PK */
1635 
1636 	if (!((wpa_s->allowed_key_mgmts &
1637 	       (WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_SAE_EXT_KEY)) && capab))
1638 		return;
1639 
1640 	if (!wpa_s->rsnxe_len) {
1641 		wpa_s->rsnxe_len = 3;
1642 		wpa_s->rsnxe[0] = WLAN_EID_RSNX;
1643 		wpa_s->rsnxe[1] = 1;
1644 		wpa_s->rsnxe[2] = 0;
1645 	}
1646 
1647 	wpa_s->rsnxe[2] |= capab;
1648 }
1649 
1650 /**
1651  * wpa_supplicant_set_suites - Set authentication and encryption parameters
1652  * @wpa_s: Pointer to wpa_supplicant data
1653  * @bss: Scan results for the selected BSS, or %NULL if not available
1654  * @ssid: Configuration data for the selected network
1655  * @wpa_ie: Buffer for the WPA/RSN IE
1656  * @wpa_ie_len: Maximum wpa_ie buffer size on input. This is changed to be the
1657  * used buffer length in case the functions returns success.
1658  * @skip_default_rsne: Whether to skip setting of the default RSNE/RSNXE
1659  * Returns: 0 on success or -1 on failure
1660  *
1661  * This function is used to configure authentication and encryption parameters
1662  * based on the network configuration and scan result for the selected BSS (if
1663  * available).
1664  */
wpa_supplicant_set_suites(struct wpa_supplicant * wpa_s,struct wpa_bss * bss,struct wpa_ssid * ssid,u8 * wpa_ie,size_t * wpa_ie_len,bool skip_default_rsne)1665 int wpa_supplicant_set_suites(struct wpa_supplicant *wpa_s,
1666 			      struct wpa_bss *bss, struct wpa_ssid *ssid,
1667 			      u8 *wpa_ie, size_t *wpa_ie_len,
1668 			      bool skip_default_rsne)
1669 {
1670 	struct wpa_ie_data ie;
1671 	int sel, proto;
1672 	enum sae_pwe sae_pwe;
1673 	const u8 *bss_wpa, *bss_rsn, *bss_rsnx, *bss_osen;
1674 	bool wmm;
1675 
1676 	if (bss) {
1677 		bss_wpa = wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE);
1678 		bss_rsn = wpa_bss_get_rsne(wpa_s, bss, ssid, false);
1679 		bss_rsnx = wpa_bss_get_rsnxe(wpa_s, bss, ssid, false);
1680 		bss_osen = wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE);
1681 	} else {
1682 		bss_wpa = bss_rsn = bss_rsnx = bss_osen = NULL;
1683 	}
1684 
1685 	if (bss_rsn && (ssid->proto & WPA_PROTO_RSN) &&
1686 	    wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
1687 	    matching_ciphers(ssid, &ie, bss->freq) &&
1688 	    (ie.key_mgmt & ssid->key_mgmt)) {
1689 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using IEEE 802.11i/D9.0");
1690 		proto = WPA_PROTO_RSN;
1691 	} else if (bss_wpa && (ssid->proto & WPA_PROTO_WPA) &&
1692 		   wpa_parse_wpa_ie(bss_wpa, 2 + bss_wpa[1], &ie) == 0 &&
1693 		   (ie.group_cipher & ssid->group_cipher) &&
1694 		   (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1695 		   (ie.key_mgmt & ssid->key_mgmt)) {
1696 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using IEEE 802.11i/D3.0");
1697 		proto = WPA_PROTO_WPA;
1698 #ifdef CONFIG_HS20
1699 	} else if (bss_osen && (ssid->proto & WPA_PROTO_OSEN) &&
1700 		   wpa_parse_wpa_ie(bss_osen, 2 + bss_osen[1], &ie) == 0 &&
1701 		   (ie.group_cipher & ssid->group_cipher) &&
1702 		   (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1703 		   (ie.key_mgmt & ssid->key_mgmt)) {
1704 		wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: using OSEN");
1705 		proto = WPA_PROTO_OSEN;
1706 	} else if (bss_rsn && (ssid->proto & WPA_PROTO_OSEN) &&
1707 	    wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie) == 0 &&
1708 	    (ie.group_cipher & ssid->group_cipher) &&
1709 	    (ie.pairwise_cipher & ssid->pairwise_cipher) &&
1710 	    (ie.key_mgmt & ssid->key_mgmt)) {
1711 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using OSEN (within RSN)");
1712 		proto = WPA_PROTO_RSN;
1713 #endif /* CONFIG_HS20 */
1714 	} else if (bss) {
1715 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select WPA/RSN");
1716 		wpa_dbg(wpa_s, MSG_DEBUG,
1717 			"WPA: ssid proto=0x%x pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1718 			ssid->proto, ssid->pairwise_cipher, ssid->group_cipher,
1719 			ssid->key_mgmt);
1720 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: BSS " MACSTR " ssid='%s'%s%s%s",
1721 			MAC2STR(bss->bssid),
1722 			wpa_ssid_txt(bss->ssid, bss->ssid_len),
1723 			bss_wpa ? " WPA" : "",
1724 			bss_rsn ? " RSN" : "",
1725 			bss_osen ? " OSEN" : "");
1726 		if (bss_rsn) {
1727 			wpa_hexdump(MSG_DEBUG, "RSN", bss_rsn, 2 + bss_rsn[1]);
1728 			if (wpa_parse_wpa_ie(bss_rsn, 2 + bss_rsn[1], &ie)) {
1729 				wpa_dbg(wpa_s, MSG_DEBUG,
1730 					"Could not parse RSN element");
1731 			} else {
1732 				wpa_dbg(wpa_s, MSG_DEBUG,
1733 					"RSN: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1734 					ie.pairwise_cipher, ie.group_cipher,
1735 					ie.key_mgmt);
1736 			}
1737 		}
1738 		if (bss_wpa) {
1739 			wpa_hexdump(MSG_DEBUG, "WPA", bss_wpa, 2 + bss_wpa[1]);
1740 			if (wpa_parse_wpa_ie(bss_wpa, 2 + bss_wpa[1], &ie)) {
1741 				wpa_dbg(wpa_s, MSG_DEBUG,
1742 					"Could not parse WPA element");
1743 			} else {
1744 				wpa_dbg(wpa_s, MSG_DEBUG,
1745 					"WPA: pairwise_cipher=0x%x group_cipher=0x%x key_mgmt=0x%x",
1746 					ie.pairwise_cipher, ie.group_cipher,
1747 					ie.key_mgmt);
1748 			}
1749 		}
1750 		return -1;
1751 	} else {
1752 		if (ssid->proto & WPA_PROTO_OSEN)
1753 			proto = WPA_PROTO_OSEN;
1754 		else if (ssid->proto & WPA_PROTO_RSN)
1755 			proto = WPA_PROTO_RSN;
1756 		else
1757 			proto = WPA_PROTO_WPA;
1758 		if (wpa_supplicant_suites_from_ai(wpa_s, ssid, &ie) < 0) {
1759 			os_memset(&ie, 0, sizeof(ie));
1760 			ie.group_cipher = ssid->group_cipher;
1761 			ie.pairwise_cipher = ssid->pairwise_cipher;
1762 			ie.key_mgmt = ssid->key_mgmt;
1763 			ie.mgmt_group_cipher = 0;
1764 			if (ssid->ieee80211w != NO_MGMT_FRAME_PROTECTION) {
1765 				if (ssid->group_mgmt_cipher &
1766 				    WPA_CIPHER_BIP_GMAC_256)
1767 					ie.mgmt_group_cipher =
1768 						WPA_CIPHER_BIP_GMAC_256;
1769 				else if (ssid->group_mgmt_cipher &
1770 					 WPA_CIPHER_BIP_CMAC_256)
1771 					ie.mgmt_group_cipher =
1772 						WPA_CIPHER_BIP_CMAC_256;
1773 				else if (ssid->group_mgmt_cipher &
1774 					 WPA_CIPHER_BIP_GMAC_128)
1775 					ie.mgmt_group_cipher =
1776 						WPA_CIPHER_BIP_GMAC_128;
1777 				else
1778 					ie.mgmt_group_cipher =
1779 						WPA_CIPHER_AES_128_CMAC;
1780 			}
1781 #ifdef CONFIG_OWE
1782 			if ((ssid->key_mgmt & WPA_KEY_MGMT_OWE) &&
1783 			    !ssid->owe_only &&
1784 			    !bss_wpa && !bss_rsn && !bss_osen) {
1785 				wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
1786 				wpa_s->wpa_proto = 0;
1787 				*wpa_ie_len = 0;
1788 				return 0;
1789 			}
1790 #endif /* CONFIG_OWE */
1791 			wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Set cipher suites "
1792 				"based on configuration");
1793 		} else
1794 			proto = ie.proto;
1795 	}
1796 
1797 	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected cipher suites: group %d "
1798 		"pairwise %d key_mgmt %d proto %d",
1799 		ie.group_cipher, ie.pairwise_cipher, ie.key_mgmt, proto);
1800 	if (ssid->ieee80211w) {
1801 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected mgmt group cipher %d",
1802 			ie.mgmt_group_cipher);
1803 	}
1804 
1805 	wpa_s->wpa_proto = proto;
1806 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PROTO, proto);
1807 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_ENABLED,
1808 			 !!(ssid->proto & (WPA_PROTO_RSN | WPA_PROTO_OSEN)));
1809 
1810 	if (bss || !wpa_s->ap_ies_from_associnfo) {
1811 		const u8 *rsnoe = NULL, *rsno2e = NULL, *rsnxoe = NULL;
1812 
1813 		if (bss) {
1814 			bss_rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
1815 			bss_rsnx = wpa_bss_get_ie(bss, WLAN_EID_RSNX);
1816 			rsnoe = wpa_bss_get_vendor_ie(
1817 				bss, RSNE_OVERRIDE_IE_VENDOR_TYPE);
1818 			rsno2e = wpa_bss_get_vendor_ie(
1819 				bss, RSNE_OVERRIDE_2_IE_VENDOR_TYPE);
1820 			rsnxoe = wpa_bss_get_vendor_ie(
1821 				bss, RSNXE_OVERRIDE_IE_VENDOR_TYPE);
1822 		}
1823 
1824 		if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, bss_wpa,
1825 					 bss_wpa ? 2 + bss_wpa[1] : 0) ||
1826 		    wpa_sm_set_ap_rsn_ie(wpa_s->wpa, bss_rsn,
1827 					 bss_rsn ? 2 + bss_rsn[1] : 0) ||
1828 		    wpa_sm_set_ap_rsnxe(wpa_s->wpa, bss_rsnx,
1829 					bss_rsnx ? 2 + bss_rsnx[1] : 0) ||
1830 		    wpa_sm_set_ap_rsne_override(wpa_s->wpa, rsnoe,
1831 						rsnoe ? 2 + rsnoe[1] : 0) ||
1832 		    wpa_sm_set_ap_rsne_override_2(wpa_s->wpa, rsno2e,
1833 						  rsno2e ? 2 + rsno2e[1] : 0) ||
1834 		    wpa_sm_set_ap_rsnxe_override(wpa_s->wpa, rsnxoe,
1835 						 rsnxoe ? 2 + rsnxoe[1] : 0))
1836 			return -1;
1837 	}
1838 
1839 #ifdef CONFIG_NO_WPA
1840 	wpa_s->group_cipher = WPA_CIPHER_NONE;
1841 	wpa_s->pairwise_cipher = WPA_CIPHER_NONE;
1842 #else /* CONFIG_NO_WPA */
1843 	sel = ie.group_cipher & ssid->group_cipher;
1844 	wpa_dbg(wpa_s, MSG_DEBUG,
1845 		"WPA: AP group 0x%x network profile group 0x%x; available group 0x%x",
1846 		ie.group_cipher, ssid->group_cipher, sel);
1847 	wpa_s->group_cipher = wpa_pick_group_cipher(sel);
1848 	if (wpa_s->group_cipher < 0) {
1849 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select group "
1850 			"cipher");
1851 		return -1;
1852 	}
1853 	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using GTK %s",
1854 		wpa_cipher_txt(wpa_s->group_cipher));
1855 
1856 	sel = ie.pairwise_cipher & ssid->pairwise_cipher;
1857 	wpa_dbg(wpa_s, MSG_DEBUG,
1858 		"WPA: AP pairwise 0x%x network profile pairwise 0x%x; available pairwise 0x%x",
1859 		ie.pairwise_cipher, ssid->pairwise_cipher, sel);
1860 	wpa_s->pairwise_cipher = wpa_pick_pairwise_cipher(sel, 1);
1861 	if (wpa_s->pairwise_cipher < 0) {
1862 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select pairwise "
1863 			"cipher");
1864 		return -1;
1865 	}
1866 	wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using PTK %s",
1867 		wpa_cipher_txt(wpa_s->pairwise_cipher));
1868 #endif /* CONFIG_NO_WPA */
1869 
1870 	sel = ie.key_mgmt & ssid->key_mgmt;
1871 #ifdef CONFIG_SAE
1872 	if ((!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAE) &&
1873 	     !(wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_SAE_OFFLOAD_STA)) ||
1874 	    wpas_is_sae_avoided(wpa_s, ssid, &ie))
1875 		sel &= ~(WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_SAE_EXT_KEY |
1876 			 WPA_KEY_MGMT_FT_SAE | WPA_KEY_MGMT_FT_SAE_EXT_KEY);
1877 #endif /* CONFIG_SAE */
1878 #ifdef CONFIG_IEEE80211R
1879 	if (!(wpa_s->drv_flags & (WPA_DRIVER_FLAGS_SME |
1880 				  WPA_DRIVER_FLAGS_UPDATE_FT_IES)))
1881 		sel &= ~WPA_KEY_MGMT_FT;
1882 #endif /* CONFIG_IEEE80211R */
1883 	wpa_dbg(wpa_s, MSG_DEBUG,
1884 		"WPA: AP key_mgmt 0x%x network profile key_mgmt 0x%x; available key_mgmt 0x%x",
1885 		ie.key_mgmt, ssid->key_mgmt, sel);
1886 	if (0) {
1887 #ifdef CONFIG_IEEE80211R
1888 #ifdef CONFIG_SHA384
1889 	} else if ((sel & WPA_KEY_MGMT_FT_IEEE8021X_SHA384) &&
1890 		   os_strcmp(wpa_supplicant_get_eap_mode(wpa_s), "LEAP") != 0) {
1891 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X_SHA384;
1892 		wpa_dbg(wpa_s, MSG_DEBUG,
1893 			"WPA: using KEY_MGMT FT/802.1X-SHA384");
1894 		if (!ssid->ft_eap_pmksa_caching &&
1895 		    pmksa_cache_get_current(wpa_s->wpa)) {
1896 			/* PMKSA caching with FT may have interoperability
1897 			 * issues, so disable that case by default for now. */
1898 			wpa_dbg(wpa_s, MSG_DEBUG,
1899 				"WPA: Disable PMKSA caching for FT/802.1X connection");
1900 			pmksa_cache_clear_current(wpa_s->wpa);
1901 		}
1902 #endif /* CONFIG_SHA384 */
1903 #endif /* CONFIG_IEEE80211R */
1904 #ifdef CONFIG_SUITEB192
1905 	} else if (sel & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
1906 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B_192;
1907 		wpa_dbg(wpa_s, MSG_DEBUG,
1908 			"WPA: using KEY_MGMT 802.1X with Suite B (192-bit)");
1909 #endif /* CONFIG_SUITEB192 */
1910 #ifdef CONFIG_SUITEB
1911 	} else if (sel & WPA_KEY_MGMT_IEEE8021X_SUITE_B) {
1912 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B;
1913 		wpa_dbg(wpa_s, MSG_DEBUG,
1914 			"WPA: using KEY_MGMT 802.1X with Suite B");
1915 #endif /* CONFIG_SUITEB */
1916 #ifdef CONFIG_SHA384
1917 	} else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA384) {
1918 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA384;
1919 		wpa_dbg(wpa_s, MSG_DEBUG,
1920 			"WPA: using KEY_MGMT 802.1X with SHA384");
1921 #endif /* CONFIG_SHA384 */
1922 #ifdef CONFIG_FILS
1923 #ifdef CONFIG_IEEE80211R
1924 	} else if (sel & WPA_KEY_MGMT_FT_FILS_SHA384) {
1925 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA384;
1926 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA384");
1927 #endif /* CONFIG_IEEE80211R */
1928 	} else if (sel & WPA_KEY_MGMT_FILS_SHA384) {
1929 		wpa_s->key_mgmt = WPA_KEY_MGMT_FILS_SHA384;
1930 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FILS-SHA384");
1931 #ifdef CONFIG_IEEE80211R
1932 	} else if (sel & WPA_KEY_MGMT_FT_FILS_SHA256) {
1933 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_FILS_SHA256;
1934 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT-FILS-SHA256");
1935 #endif /* CONFIG_IEEE80211R */
1936 	} else if (sel & WPA_KEY_MGMT_FILS_SHA256) {
1937 		wpa_s->key_mgmt = WPA_KEY_MGMT_FILS_SHA256;
1938 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FILS-SHA256");
1939 #endif /* CONFIG_FILS */
1940 #ifdef CONFIG_IEEE80211R
1941 	} else if ((sel & WPA_KEY_MGMT_FT_IEEE8021X) &&
1942 		   os_strcmp(wpa_supplicant_get_eap_mode(wpa_s), "LEAP") != 0) {
1943 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
1944 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/802.1X");
1945 		if (!ssid->ft_eap_pmksa_caching &&
1946 		    pmksa_cache_get_current(wpa_s->wpa)) {
1947 			/* PMKSA caching with FT may have interoperability
1948 			 * issues, so disable that case by default for now. */
1949 			wpa_dbg(wpa_s, MSG_DEBUG,
1950 				"WPA: Disable PMKSA caching for FT/802.1X connection");
1951 			pmksa_cache_clear_current(wpa_s->wpa);
1952 		}
1953 #endif /* CONFIG_IEEE80211R */
1954 #ifdef CONFIG_DPP
1955 	} else if (sel & WPA_KEY_MGMT_DPP) {
1956 		wpa_s->key_mgmt = WPA_KEY_MGMT_DPP;
1957 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT DPP");
1958 #endif /* CONFIG_DPP */
1959 #ifdef CONFIG_SAE
1960 	} else if (sel & WPA_KEY_MGMT_FT_SAE_EXT_KEY) {
1961 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_SAE_EXT_KEY;
1962 		wpa_dbg(wpa_s, MSG_DEBUG,
1963 			"RSN: using KEY_MGMT FT/SAE (ext key)");
1964 	} else if (sel & WPA_KEY_MGMT_SAE_EXT_KEY) {
1965 		wpa_s->key_mgmt = WPA_KEY_MGMT_SAE_EXT_KEY;
1966 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT SAE (ext key)");
1967 	} else if (sel & WPA_KEY_MGMT_FT_SAE) {
1968 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_SAE;
1969 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT FT/SAE");
1970 	} else if (sel & WPA_KEY_MGMT_SAE) {
1971 		wpa_s->key_mgmt = WPA_KEY_MGMT_SAE;
1972 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT SAE");
1973 #endif /* CONFIG_SAE */
1974 #ifdef CONFIG_IEEE80211R
1975 	} else if (sel & WPA_KEY_MGMT_FT_PSK) {
1976 		wpa_s->key_mgmt = WPA_KEY_MGMT_FT_PSK;
1977 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT FT/PSK");
1978 #endif /* CONFIG_IEEE80211R */
1979 	} else if (sel & WPA_KEY_MGMT_IEEE8021X_SHA256) {
1980 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SHA256;
1981 		wpa_dbg(wpa_s, MSG_DEBUG,
1982 			"WPA: using KEY_MGMT 802.1X with SHA256");
1983 	} else if (sel & WPA_KEY_MGMT_PSK_SHA256) {
1984 		wpa_s->key_mgmt = WPA_KEY_MGMT_PSK_SHA256;
1985 		wpa_dbg(wpa_s, MSG_DEBUG,
1986 			"WPA: using KEY_MGMT PSK with SHA256");
1987 	} else if (sel & WPA_KEY_MGMT_IEEE8021X) {
1988 		wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X;
1989 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT 802.1X");
1990 	} else if (sel & WPA_KEY_MGMT_PSK) {
1991 		wpa_s->key_mgmt = WPA_KEY_MGMT_PSK;
1992 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-PSK");
1993 	} else if (sel & WPA_KEY_MGMT_WPA_NONE) {
1994 		wpa_s->key_mgmt = WPA_KEY_MGMT_WPA_NONE;
1995 		wpa_dbg(wpa_s, MSG_DEBUG, "WPA: using KEY_MGMT WPA-NONE");
1996 #ifdef CONFIG_HS20
1997 	} else if (sel & WPA_KEY_MGMT_OSEN) {
1998 		wpa_s->key_mgmt = WPA_KEY_MGMT_OSEN;
1999 		wpa_dbg(wpa_s, MSG_DEBUG, "HS 2.0: using KEY_MGMT OSEN");
2000 #endif /* CONFIG_HS20 */
2001 #ifdef CONFIG_OWE
2002 	} else if (sel & WPA_KEY_MGMT_OWE) {
2003 		wpa_s->key_mgmt = WPA_KEY_MGMT_OWE;
2004 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: using KEY_MGMT OWE");
2005 #endif /* CONFIG_OWE */
2006 	} else {
2007 		wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to select "
2008 			"authenticated key management type");
2009 		return -1;
2010 	}
2011 
2012 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_KEY_MGMT, wpa_s->key_mgmt);
2013 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_PAIRWISE,
2014 			 wpa_s->pairwise_cipher);
2015 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_GROUP, wpa_s->group_cipher);
2016 
2017 	if (!(ie.capabilities & WPA_CAPABILITY_MFPC) &&
2018 	    (wpas_get_ssid_pmf(wpa_s, ssid) == MGMT_FRAME_PROTECTION_REQUIRED ||
2019 	     (bss && is_6ghz_freq(bss->freq)))) {
2020 		wpa_msg(wpa_s, MSG_INFO,
2021 			"RSN: Management frame protection required but the selected AP does not enable it");
2022 		return -1;
2023 	}
2024 
2025 	wpas_set_mgmt_group_cipher(wpa_s, ssid, &ie);
2026 #ifdef CONFIG_OCV
2027 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) ||
2028 	    (wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_OCV))
2029 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCV, ssid->ocv);
2030 #endif /* CONFIG_OCV */
2031 	sae_pwe = wpa_s->conf->sae_pwe;
2032 	if ((ssid->sae_password_id ||
2033 	     wpa_key_mgmt_sae_ext_key(wpa_s->key_mgmt)) &&
2034 	    sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK)
2035 		sae_pwe = SAE_PWE_HASH_TO_ELEMENT;
2036 	if (bss && is_6ghz_freq(bss->freq) &&
2037 	    sae_pwe == SAE_PWE_HUNT_AND_PECK) {
2038 		wpa_dbg(wpa_s, MSG_DEBUG,
2039 			"RSN: Enable SAE hash-to-element mode for 6 GHz BSS");
2040 		sae_pwe = SAE_PWE_BOTH;
2041 	}
2042 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_SAE_PWE, sae_pwe);
2043 #ifdef CONFIG_SAE_PK
2044 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_SAE_PK,
2045 			 wpa_key_mgmt_sae(ssid->key_mgmt) &&
2046 			 ssid->sae_pk != SAE_PK_MODE_DISABLED &&
2047 			 ((ssid->sae_password &&
2048 			   sae_pk_valid_password(ssid->sae_password)) ||
2049 			  (!ssid->sae_password && ssid->passphrase &&
2050 			   sae_pk_valid_password(ssid->passphrase))));
2051 #endif /* CONFIG_SAE_PK */
2052 	if (bss && is_6ghz_freq(bss->freq) &&
2053 	    wpas_get_ssid_pmf(wpa_s, ssid) != MGMT_FRAME_PROTECTION_REQUIRED) {
2054 		wpa_dbg(wpa_s, MSG_DEBUG, "RSN: Force MFPR=1 on 6 GHz");
2055 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP,
2056 				 MGMT_FRAME_PROTECTION_REQUIRED);
2057 	}
2058 #ifdef CONFIG_TESTING_OPTIONS
2059 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_FT_RSNXE_USED,
2060 			 wpa_s->ft_rsnxe_used);
2061 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCI_FREQ_EAPOL,
2062 			 wpa_s->oci_freq_override_eapol);
2063 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCI_FREQ_EAPOL_G2,
2064 			 wpa_s->oci_freq_override_eapol_g2);
2065 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCI_FREQ_FT_ASSOC,
2066 			 wpa_s->oci_freq_override_ft_assoc);
2067 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_OCI_FREQ_FILS_ASSOC,
2068 			 wpa_s->oci_freq_override_fils_assoc);
2069 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_DISABLE_EAPOL_G2_TX,
2070 			 wpa_s->disable_eapol_g2_tx);
2071 #endif /* CONFIG_TESTING_OPTIONS */
2072 
2073 	/* Extended Key ID is only supported in infrastructure BSS so far */
2074 	if (ssid->mode == WPAS_MODE_INFRA && wpa_s->conf->extended_key_id &&
2075 	    (ssid->proto & WPA_PROTO_RSN) &&
2076 	    ssid->pairwise_cipher & (WPA_CIPHER_CCMP | WPA_CIPHER_CCMP_256 |
2077 				     WPA_CIPHER_GCMP | WPA_CIPHER_GCMP_256) &&
2078 	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_EXTENDED_KEY_ID)) {
2079 		int use_ext_key_id = 0;
2080 
2081 		wpa_msg(wpa_s, MSG_DEBUG,
2082 			"WPA: Enable Extended Key ID support");
2083 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_EXT_KEY_ID,
2084 				 wpa_s->conf->extended_key_id);
2085 		if (bss_rsn &&
2086 		    wpa_s->conf->extended_key_id &&
2087 		    wpa_s->pairwise_cipher != WPA_CIPHER_TKIP &&
2088 		    (ie.capabilities & WPA_CAPABILITY_EXT_KEY_ID_FOR_UNICAST))
2089 			use_ext_key_id = 1;
2090 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_USE_EXT_KEY_ID,
2091 				 use_ext_key_id);
2092 	} else {
2093 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_EXT_KEY_ID, 0);
2094 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_USE_EXT_KEY_ID, 0);
2095 	}
2096 
2097 	/* Mark WMM enabled for any HT/VHT/HE/EHT association to get more
2098 	 * appropriate advertisement of the supported number of PTKSA receive
2099 	 * counters. In theory, this could be based on a driver capability, but
2100 	 * in practice all cases using WMM support at least eight replay
2101 	 * counters, so use a hardcoded value for now since there is no explicit
2102 	 * driver capability indication for this.
2103 	 *
2104 	 * In addition, claim WMM to be enabled if the AP supports it since it
2105 	 * is far more likely for any current device to support WMM. */
2106 	wmm = wpa_s->connection_set &&
2107 		(wpa_s->connection_ht || wpa_s->connection_vht ||
2108 		 wpa_s->connection_he || wpa_s->connection_eht);
2109 	if (!wmm && bss)
2110 		wmm = !!wpa_bss_get_vendor_ie(bss, WMM_IE_VENDOR_TYPE);
2111 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_WMM_ENABLED, wmm);
2112 
2113 	if (ssid->ssid_protection && proto == WPA_PROTO_RSN) {
2114 		bool ssid_prot;
2115 
2116 		/* Enable SSID protection based on the AP advertising support
2117 		 * for it to avoid potential interoperability issues with
2118 		 * incorrect AP behavior if we were to send an "unexpected"
2119 		 * RSNXE with multiple octets of payload. */
2120 		ssid_prot = ieee802_11_rsnx_capab(
2121 			bss_rsnx, WLAN_RSNX_CAPAB_SSID_PROTECTION);
2122 		if (!skip_default_rsne)
2123 			wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_SSID_PROTECTION,
2124 					 proto == WPA_PROTO_RSN && ssid_prot);
2125 	} else {
2126 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_SSID_PROTECTION, false);
2127 	}
2128 
2129 	if (!skip_default_rsne) {
2130 		if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie,
2131 						    wpa_ie_len)) {
2132 			wpa_msg(wpa_s, MSG_WARNING,
2133 				"RSN: Failed to generate RSNE/WPA IE");
2134 			return -1;
2135 		}
2136 
2137 		wpa_s->rsnxe_len = sizeof(wpa_s->rsnxe);
2138 		if (wpa_sm_set_assoc_rsnxe_default(wpa_s->wpa, wpa_s->rsnxe,
2139 						   &wpa_s->rsnxe_len)) {
2140 			wpa_msg(wpa_s, MSG_WARNING,
2141 				"RSN: Failed to generate RSNXE");
2142 			return -1;
2143 		}
2144 	}
2145 
2146 	if (0) {
2147 #ifdef CONFIG_DPP
2148 	} else if (wpa_s->key_mgmt == WPA_KEY_MGMT_DPP) {
2149 		/* Use PMK from DPP network introduction (PMKSA entry) */
2150 		wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
2151 #ifdef CONFIG_DPP2
2152 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_DPP_PFS, ssid->dpp_pfs);
2153 #endif /* CONFIG_DPP2 */
2154 #endif /* CONFIG_DPP */
2155 	} else if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt)) {
2156 		int psk_set = 0;
2157 
2158 		if (wpa_key_mgmt_wpa_psk_no_sae(ssid->key_mgmt)) {
2159 			u8 psk[PMK_LEN];
2160 
2161 			if (wpa_supplicant_get_psk(wpa_s, bss, ssid,
2162 						   psk) == 0) {
2163 				wpa_sm_set_pmk(wpa_s->wpa, psk, PMK_LEN, NULL,
2164 					       NULL);
2165 				psk_set = 1;
2166 			}
2167 			forced_memzero(psk, sizeof(psk));
2168 		}
2169 
2170 		if (wpa_key_mgmt_sae(ssid->key_mgmt) &&
2171 		    (ssid->sae_password || ssid->passphrase || ssid->ext_psk))
2172 			psk_set = 1;
2173 
2174 		if (!psk_set) {
2175 			wpa_msg(wpa_s, MSG_INFO,
2176 				"No PSK available for association");
2177 			wpas_auth_failed(wpa_s, "NO_PSK_AVAILABLE", NULL);
2178 			return -1;
2179 		}
2180 #ifdef CONFIG_OWE
2181 	} else if (wpa_s->key_mgmt == WPA_KEY_MGMT_OWE) {
2182 		/* OWE Diffie-Hellman exchange in (Re)Association
2183 		 * Request/Response frames set the PMK, so do not override it
2184 		 * here. */
2185 #endif /* CONFIG_OWE */
2186 	} else
2187 		wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
2188 
2189 	if (ssid->mode != WPAS_MODE_IBSS &&
2190 	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED) &&
2191 	    (ssid->wpa_deny_ptk0_rekey == PTK0_REKEY_ALLOW_NEVER ||
2192 	     (ssid->wpa_deny_ptk0_rekey == PTK0_REKEY_ALLOW_LOCAL_OK &&
2193 	      !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SAFE_PTK0_REKEYS)))) {
2194 		wpa_msg(wpa_s, MSG_INFO,
2195 			"Disable PTK0 rekey support - replaced with reconnect");
2196 		wpa_s->deny_ptk0_rekey = 1;
2197 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_DENY_PTK0_REKEY, 1);
2198 	} else {
2199 		wpa_s->deny_ptk0_rekey = 0;
2200 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_DENY_PTK0_REKEY, 0);
2201 	}
2202 
2203 	if (wpa_key_mgmt_cross_akm(wpa_s->key_mgmt) &&
2204 	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME))
2205 		wpas_update_allowed_key_mgmt(wpa_s, ssid);
2206 
2207 	return 0;
2208 }
2209 
2210 
wpas_ext_capab_byte(struct wpa_supplicant * wpa_s,u8 * pos,int idx,struct wpa_bss * bss)2211 static void wpas_ext_capab_byte(struct wpa_supplicant *wpa_s, u8 *pos, int idx,
2212 				struct wpa_bss *bss)
2213 {
2214 #ifndef CONFIG_NO_ROBUST_AV
2215 	bool scs = true, mscs = true;
2216 #endif /* CONFIG_NO_ROBUST_AV */
2217 
2218 	*pos = 0x00;
2219 
2220 	switch (idx) {
2221 	case 0: /* Bits 0-7 */
2222 		break;
2223 	case 1: /* Bits 8-15 */
2224 		if (wpa_s->conf->coloc_intf_reporting) {
2225 			/* Bit 13 - Collocated Interference Reporting */
2226 			*pos |= 0x20;
2227 		}
2228 		break;
2229 	case 2: /* Bits 16-23 */
2230 #ifdef CONFIG_WNM
2231 		*pos |= 0x02; /* Bit 17 - WNM-Sleep Mode */
2232 		if ((wpas_driver_bss_selection(wpa_s) ||
2233 		     !wpa_s->disable_mbo_oce) &&
2234 		    !wpa_s->conf->disable_btm)
2235 			*pos |= 0x08; /* Bit 19 - BSS Transition */
2236 #endif /* CONFIG_WNM */
2237 		break;
2238 	case 3: /* Bits 24-31 */
2239 #ifdef CONFIG_WNM
2240 		*pos |= 0x02; /* Bit 25 - SSID List */
2241 #endif /* CONFIG_WNM */
2242 #ifdef CONFIG_INTERWORKING
2243 		if (wpa_s->conf->interworking)
2244 			*pos |= 0x80; /* Bit 31 - Interworking */
2245 #endif /* CONFIG_INTERWORKING */
2246 		break;
2247 	case 4: /* Bits 32-39 */
2248 #ifdef CONFIG_INTERWORKING
2249 		if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_QOS_MAPPING)
2250 			*pos |= 0x01; /* Bit 32 - QoS Map */
2251 #endif /* CONFIG_INTERWORKING */
2252 		break;
2253 	case 5: /* Bits 40-47 */
2254 #ifdef CONFIG_HS20
2255 		if (wpa_s->conf->hs20)
2256 			*pos |= 0x40; /* Bit 46 - WNM-Notification */
2257 #endif /* CONFIG_HS20 */
2258 #ifdef CONFIG_MBO
2259 		*pos |= 0x40; /* Bit 46 - WNM-Notification */
2260 #endif /* CONFIG_MBO */
2261 		break;
2262 	case 6: /* Bits 48-55 */
2263 #ifndef CONFIG_NO_ROBUST_AV
2264 #ifdef CONFIG_TESTING_OPTIONS
2265 		if (wpa_s->disable_scs_support)
2266 			scs = false;
2267 #endif /* CONFIG_TESTING_OPTIONS */
2268 		if (bss && !wpa_bss_ext_capab(bss, WLAN_EXT_CAPAB_SCS)) {
2269 			/* Drop own SCS capability indication since the AP does
2270 			 * not support it. This is needed to avoid
2271 			 * interoperability issues with APs that get confused
2272 			 * with Extended Capabilities element. */
2273 			scs = false;
2274 		}
2275 		if (scs)
2276 			*pos |= 0x40; /* Bit 54 - SCS */
2277 #endif /* CONFIG_NO_ROBUST_AV */
2278 		break;
2279 	case 7: /* Bits 56-63 */
2280 		break;
2281 	case 8: /* Bits 64-71 */
2282 		if (wpa_s->conf->ftm_responder)
2283 			*pos |= 0x40; /* Bit 70 - FTM responder */
2284 		if (wpa_s->conf->ftm_initiator)
2285 			*pos |= 0x80; /* Bit 71 - FTM initiator */
2286 		break;
2287 	case 9: /* Bits 72-79 */
2288 #ifdef CONFIG_FILS
2289 		if (!wpa_s->disable_fils)
2290 			*pos |= 0x01;
2291 #endif /* CONFIG_FILS */
2292 		break;
2293 	case 10: /* Bits 80-87 */
2294 #ifndef CONFIG_NO_ROBUST_AV
2295 #ifdef CONFIG_TESTING_OPTIONS
2296 		if (wpa_s->disable_mscs_support)
2297 			mscs = false;
2298 #endif /* CONFIG_TESTING_OPTIONS */
2299 		if (bss && !wpa_bss_ext_capab(bss, WLAN_EXT_CAPAB_MSCS)) {
2300 			/* Drop own MSCS capability indication since the AP does
2301 			 * not support it. This is needed to avoid
2302 			 * interoperability issues with APs that get confused
2303 			 * with Extended Capabilities element. */
2304 			mscs = false;
2305 		}
2306 		if (mscs)
2307 			*pos |= 0x20; /* Bit 85 - Mirrored SCS */
2308 #endif /* CONFIG_NO_ROBUST_AV */
2309 		break;
2310 	}
2311 }
2312 
2313 
wpas_build_ext_capab(struct wpa_supplicant * wpa_s,u8 * buf,size_t buflen,struct wpa_bss * bss)2314 int wpas_build_ext_capab(struct wpa_supplicant *wpa_s, u8 *buf,
2315 			  size_t buflen, struct wpa_bss *bss)
2316 {
2317 	u8 *pos = buf;
2318 	u8 len = 11, i;
2319 
2320 	if (len < wpa_s->extended_capa_len)
2321 		len = wpa_s->extended_capa_len;
2322 	if (buflen < (size_t) len + 2) {
2323 		wpa_printf(MSG_INFO,
2324 			   "Not enough room for building extended capabilities element");
2325 		return -1;
2326 	}
2327 
2328 	*pos++ = WLAN_EID_EXT_CAPAB;
2329 	*pos++ = len;
2330 	for (i = 0; i < len; i++, pos++) {
2331 		wpas_ext_capab_byte(wpa_s, pos, i, bss);
2332 
2333 		if (i < wpa_s->extended_capa_len) {
2334 			*pos &= ~wpa_s->extended_capa_mask[i];
2335 			*pos |= wpa_s->extended_capa[i];
2336 		}
2337 	}
2338 
2339 	while (len > 0 && buf[1 + len] == 0) {
2340 		len--;
2341 		buf[1] = len;
2342 	}
2343 	if (len == 0)
2344 		return 0;
2345 
2346 	return 2 + len;
2347 }
2348 
2349 
wpas_valid_bss(struct wpa_supplicant * wpa_s,struct wpa_bss * test_bss)2350 static int wpas_valid_bss(struct wpa_supplicant *wpa_s,
2351 			  struct wpa_bss *test_bss)
2352 {
2353 	struct wpa_bss *bss;
2354 
2355 	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
2356 		if (bss == test_bss)
2357 			return 1;
2358 	}
2359 
2360 	return 0;
2361 }
2362 
2363 
wpas_valid_ssid(struct wpa_supplicant * wpa_s,struct wpa_ssid * test_ssid)2364 static int wpas_valid_ssid(struct wpa_supplicant *wpa_s,
2365 			   struct wpa_ssid *test_ssid)
2366 {
2367 	struct wpa_ssid *ssid;
2368 
2369 	for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
2370 		if (ssid == test_ssid)
2371 			return 1;
2372 	}
2373 
2374 	return 0;
2375 }
2376 
2377 
wpas_valid_bss_ssid(struct wpa_supplicant * wpa_s,struct wpa_bss * test_bss,struct wpa_ssid * test_ssid)2378 int wpas_valid_bss_ssid(struct wpa_supplicant *wpa_s, struct wpa_bss *test_bss,
2379 			struct wpa_ssid *test_ssid)
2380 {
2381 	if (test_bss && !wpas_valid_bss(wpa_s, test_bss))
2382 		return 0;
2383 
2384 	return test_ssid == NULL || wpas_valid_ssid(wpa_s, test_ssid);
2385 }
2386 
2387 
wpas_connect_work_free(struct wpa_connect_work * cwork)2388 void wpas_connect_work_free(struct wpa_connect_work *cwork)
2389 {
2390 	if (cwork == NULL)
2391 		return;
2392 	os_free(cwork);
2393 }
2394 
2395 
wpas_connect_work_done(struct wpa_supplicant * wpa_s)2396 void wpas_connect_work_done(struct wpa_supplicant *wpa_s)
2397 {
2398 	struct wpa_connect_work *cwork;
2399 	struct wpa_radio_work *work = wpa_s->connect_work;
2400 
2401 	if (!work)
2402 		return;
2403 
2404 	wpa_s->connect_work = NULL;
2405 	cwork = work->ctx;
2406 	work->ctx = NULL;
2407 	wpas_connect_work_free(cwork);
2408 	radio_work_done(work);
2409 }
2410 
2411 
wpas_update_random_addr(struct wpa_supplicant * wpa_s,enum wpas_mac_addr_style style,struct wpa_ssid * ssid)2412 int wpas_update_random_addr(struct wpa_supplicant *wpa_s,
2413 			    enum wpas_mac_addr_style style,
2414 			    struct wpa_ssid *ssid)
2415 {
2416 	struct os_reltime now;
2417 	u8 addr[ETH_ALEN];
2418 
2419 	os_get_reltime(&now);
2420 	/* Random addresses are valid within a given ESS so check
2421 	 * expiration/value only when continuing to use the same ESS. */
2422 	if (wpa_s->last_mac_addr_style == style && wpa_s->reassoc_same_ess) {
2423 		if (style == WPAS_MAC_ADDR_STYLE_DEDICATED_PER_ESS) {
2424 			/* Pregenerated addresses do not expire but their value
2425 			 * might have changed, so let's check that. */
2426 			if (ether_addr_equal(wpa_s->own_addr, ssid->mac_value))
2427 				return 0;
2428 		} else if ((wpa_s->last_mac_addr_change.sec != 0 ||
2429 			    wpa_s->last_mac_addr_change.usec != 0) &&
2430 			   !os_reltime_expired(
2431 				   &now,
2432 				   &wpa_s->last_mac_addr_change,
2433 				   wpa_s->conf->rand_addr_lifetime)) {
2434 			wpa_msg(wpa_s, MSG_DEBUG,
2435 				"Previously selected random MAC address has not yet expired");
2436 			return 0;
2437 		}
2438 	}
2439 
2440 	switch (style) {
2441 	case WPAS_MAC_ADDR_STYLE_RANDOM:
2442 		if (random_mac_addr(addr) < 0)
2443 			return -1;
2444 		break;
2445 	case WPAS_MAC_ADDR_STYLE_RANDOM_SAME_OUI:
2446 		os_memcpy(addr, wpa_s->perm_addr, ETH_ALEN);
2447 		if (random_mac_addr_keep_oui(addr) < 0)
2448 			return -1;
2449 		break;
2450 	case WPAS_MAC_ADDR_STYLE_DEDICATED_PER_ESS:
2451 		if (!ssid) {
2452 			wpa_msg(wpa_s, MSG_INFO,
2453 				"Invalid 'ssid' for address policy 3");
2454 			return -1;
2455 		}
2456 		os_memcpy(addr, ssid->mac_value, ETH_ALEN);
2457 		break;
2458 	default:
2459 		return -1;
2460 	}
2461 
2462 	if (wpa_drv_set_mac_addr(wpa_s, addr) < 0) {
2463 		wpa_msg(wpa_s, MSG_INFO,
2464 			"Failed to set random MAC address");
2465 		return -1;
2466 	}
2467 
2468 	os_get_reltime(&wpa_s->last_mac_addr_change);
2469 	wpa_s->mac_addr_changed = 1;
2470 	wpa_s->last_mac_addr_style = style;
2471 
2472 	if (wpa_supplicant_update_mac_addr(wpa_s) < 0) {
2473 		wpa_msg(wpa_s, MSG_INFO,
2474 			"Could not update MAC address information");
2475 		return -1;
2476 	}
2477 
2478 	wpa_msg(wpa_s, MSG_DEBUG, "Using random MAC address " MACSTR,
2479 		MAC2STR(addr));
2480 
2481 	return 1;
2482 }
2483 
2484 
wpas_update_random_addr_disassoc(struct wpa_supplicant * wpa_s)2485 int wpas_update_random_addr_disassoc(struct wpa_supplicant *wpa_s)
2486 {
2487 	if (wpa_s->wpa_state >= WPA_AUTHENTICATING ||
2488 	    !wpa_s->conf->preassoc_mac_addr)
2489 		return 0;
2490 
2491 	return wpas_update_random_addr(wpa_s, wpa_s->conf->preassoc_mac_addr,
2492 				       NULL);}
2493 
2494 
wpa_s_setup_sae_pt(struct wpa_config * conf,struct wpa_ssid * ssid,bool force)2495 void wpa_s_setup_sae_pt(struct wpa_config *conf, struct wpa_ssid *ssid,
2496 				  bool force)
2497 {
2498 #ifdef CONFIG_SAE
2499 	int *groups = conf->sae_groups;
2500 	int default_groups[] = { 19, 20, 21, 0 };
2501 	const char *password;
2502 
2503 	if (!groups || groups[0] <= 0)
2504 		groups = default_groups;
2505 
2506 	password = ssid->sae_password;
2507 	if (!password)
2508 		password = ssid->passphrase;
2509 
2510 	if (!password ||
2511 	    (conf->sae_pwe == 0 && !ssid->sae_password_id &&
2512 	     !sae_pk_valid_password(password)) ||
2513 	    conf->sae_pwe == 3) {
2514 		/* PT derivation not needed */
2515 		sae_deinit_pt(ssid->pt);
2516 		ssid->pt = NULL;
2517 		return;
2518 	}
2519 
2520 	if (ssid->pt)
2521 		return; /* PT already derived */
2522 	ssid->pt = sae_derive_pt(groups, ssid->ssid, ssid->ssid_len,
2523 				 (const u8 *) password, os_strlen(password),
2524 				 ssid->sae_password_id);
2525 #endif /* CONFIG_SAE */
2526 }
2527 
2528 
wpa_s_clear_sae_rejected(struct wpa_supplicant * wpa_s)2529 void wpa_s_clear_sae_rejected(struct wpa_supplicant *wpa_s)
2530 {
2531 #if defined(CONFIG_SAE) && defined(CONFIG_SME)
2532 	os_free(wpa_s->sme.sae_rejected_groups);
2533 	wpa_s->sme.sae_rejected_groups = NULL;
2534 #ifdef CONFIG_TESTING_OPTIONS
2535 	if (wpa_s->extra_sae_rejected_groups) {
2536 		int i, *groups = wpa_s->extra_sae_rejected_groups;
2537 
2538 		for (i = 0; groups[i]; i++) {
2539 			wpa_printf(MSG_DEBUG,
2540 				   "TESTING: Indicate rejection of an extra SAE group %d",
2541 				   groups[i]);
2542 			int_array_add_unique(&wpa_s->sme.sae_rejected_groups,
2543 					     groups[i]);
2544 		}
2545 	}
2546 #endif /* CONFIG_TESTING_OPTIONS */
2547 #endif /* CONFIG_SAE && CONFIG_SME */
2548 }
2549 
2550 
wpas_restore_permanent_mac_addr(struct wpa_supplicant * wpa_s)2551 int wpas_restore_permanent_mac_addr(struct wpa_supplicant *wpa_s)
2552 {
2553 	if (wpa_drv_set_mac_addr(wpa_s, NULL) < 0) {
2554 		wpa_msg(wpa_s, MSG_INFO,
2555 			"Could not restore permanent MAC address");
2556 		return -1;
2557 	}
2558 	wpa_s->mac_addr_changed = 0;
2559 	if (wpa_supplicant_update_mac_addr(wpa_s) < 0) {
2560 		wpa_msg(wpa_s, MSG_INFO,
2561 			"Could not update MAC address information");
2562 		return -1;
2563 	}
2564 	wpa_msg(wpa_s, MSG_DEBUG, "Using permanent MAC address");
2565 	return 0;
2566 }
2567 
2568 
2569 static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit);
2570 
2571 /**
2572  * wpa_supplicant_associate - Request association
2573  * @wpa_s: Pointer to wpa_supplicant data
2574  * @bss: Scan results for the selected BSS, or %NULL if not available
2575  * @ssid: Configuration data for the selected network
2576  *
2577  * This function is used to request %wpa_supplicant to associate with a BSS.
2578  */
wpa_supplicant_associate(struct wpa_supplicant * wpa_s,struct wpa_bss * bss,struct wpa_ssid * ssid)2579 void wpa_supplicant_associate(struct wpa_supplicant *wpa_s,
2580 			      struct wpa_bss *bss, struct wpa_ssid *ssid)
2581 {
2582 	struct wpa_connect_work *cwork;
2583 	int rand_style;
2584 
2585 	wpa_s->own_disconnect_req = 0;
2586 	wpa_s->own_reconnect_req = 0;
2587 
2588 	/*
2589 	 * If we are starting a new connection, any previously pending EAPOL
2590 	 * RX cannot be valid anymore.
2591 	 */
2592 	wpabuf_free(wpa_s->pending_eapol_rx);
2593 	wpa_s->pending_eapol_rx = NULL;
2594 
2595 	if (ssid->mac_addr == -1)
2596 		rand_style = wpa_s->conf->mac_addr;
2597 	else
2598 		rand_style = ssid->mac_addr;
2599 
2600 	wpa_s->multi_ap_ie = 0;
2601 #ifndef CONFIG_NO_WMM_AC
2602 	wmm_ac_clear_saved_tspecs(wpa_s);
2603 #endif /* ! CONFIG_NO_WMM_AC */
2604 	wpa_s->reassoc_same_bss = 0;
2605 	wpa_s->reassoc_same_ess = 0;
2606 #ifdef CONFIG_TESTING_OPTIONS
2607 	wpa_s->testing_resend_assoc = 0;
2608 #endif /* CONFIG_TESTING_OPTIONS */
2609 
2610 	if (wpa_s->last_ssid == ssid) {
2611 		wpa_dbg(wpa_s, MSG_DEBUG, "Re-association to the same ESS");
2612 		wpa_s->reassoc_same_ess = 1;
2613 		if (wpa_s->current_bss && wpa_s->current_bss == bss) {
2614 #ifndef CONFIG_NO_WMM_AC
2615 			wmm_ac_save_tspecs(wpa_s);
2616 #endif /* ! CONFIG_NO_WMM_AC */
2617 			wpa_s->reassoc_same_bss = 1;
2618 		} else if (wpa_s->current_bss && wpa_s->current_bss != bss) {
2619 			os_get_reltime(&wpa_s->roam_start);
2620 		}
2621 	} else {
2622 #ifdef CONFIG_SAE
2623 		wpa_s_clear_sae_rejected(wpa_s);
2624 #endif /* CONFIG_SAE */
2625 	}
2626 #ifdef CONFIG_SAE
2627 	wpa_s_setup_sae_pt(wpa_s->conf, ssid, false);
2628 #endif /* CONFIG_SAE */
2629 
2630 	if (rand_style > WPAS_MAC_ADDR_STYLE_PERMANENT) {
2631 		int status = wpas_update_random_addr(wpa_s, rand_style, ssid);
2632 
2633 		if (status < 0)
2634 			return;
2635 		if (rand_style != WPAS_MAC_ADDR_STYLE_DEDICATED_PER_ESS &&
2636 		    status > 0) /* MAC changed */
2637 			wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
2638 	} else if (rand_style == WPAS_MAC_ADDR_STYLE_PERMANENT &&
2639 		   wpa_s->mac_addr_changed) {
2640 		if (wpas_restore_permanent_mac_addr(wpa_s) < 0)
2641 			return;
2642 	}
2643 	wpa_s->last_ssid = ssid;
2644 
2645 #ifdef CONFIG_IBSS_RSN
2646 	ibss_rsn_deinit(wpa_s->ibss_rsn);
2647 	wpa_s->ibss_rsn = NULL;
2648 #else /* CONFIG_IBSS_RSN */
2649 	if (ssid->mode == WPAS_MODE_IBSS &&
2650 	    !(ssid->key_mgmt & (WPA_KEY_MGMT_NONE | WPA_KEY_MGMT_WPA_NONE))) {
2651 		wpa_msg(wpa_s, MSG_INFO,
2652 			"IBSS RSN not supported in the build");
2653 		return;
2654 	}
2655 #endif /* CONFIG_IBSS_RSN */
2656 
2657 	if (ssid->mode == WPAS_MODE_AP || ssid->mode == WPAS_MODE_P2P_GO ||
2658 	    ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION) {
2659 #ifdef CONFIG_AP
2660 		if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_AP)) {
2661 			wpa_msg(wpa_s, MSG_INFO, "Driver does not support AP "
2662 				"mode");
2663 			return;
2664 		}
2665 		if (wpa_supplicant_create_ap(wpa_s, ssid) < 0) {
2666 			wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
2667 			if (ssid->mode == WPAS_MODE_P2P_GROUP_FORMATION)
2668 				wpas_p2p_ap_setup_failed(wpa_s);
2669 			return;
2670 		}
2671 		wpa_s->current_bss = bss;
2672 #else /* CONFIG_AP */
2673 		wpa_msg(wpa_s, MSG_ERROR, "AP mode support not included in "
2674 			"the build");
2675 #endif /* CONFIG_AP */
2676 		return;
2677 	}
2678 
2679 	if (ssid->mode == WPAS_MODE_MESH) {
2680 #ifdef CONFIG_MESH
2681 		if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_MESH)) {
2682 			wpa_msg(wpa_s, MSG_INFO,
2683 				"Driver does not support mesh mode");
2684 			return;
2685 		}
2686 		if (bss)
2687 			ssid->frequency = bss->freq;
2688 		if (wpa_supplicant_join_mesh(wpa_s, ssid) < 0) {
2689 			wpa_msg(wpa_s, MSG_ERROR, "Could not join mesh");
2690 			return;
2691 		}
2692 		wpa_s->current_bss = bss;
2693 #else /* CONFIG_MESH */
2694 		wpa_msg(wpa_s, MSG_ERROR,
2695 			"mesh mode support not included in the build");
2696 #endif /* CONFIG_MESH */
2697 		return;
2698 	}
2699 
2700 	/*
2701 	 * Set WPA state machine configuration to match the selected network now
2702 	 * so that the information is available before wpas_start_assoc_cb()
2703 	 * gets called. This is needed at least for RSN pre-authentication where
2704 	 * candidate APs are added to a list based on scan result processing
2705 	 * before completion of the first association.
2706 	 */
2707 	wpa_supplicant_rsn_supp_set_config(wpa_s, ssid);
2708 
2709 #ifdef CONFIG_DPP
2710 	if (wpas_dpp_check_connect(wpa_s, ssid, bss) != 0)
2711 		return;
2712 #endif /* CONFIG_DPP */
2713 
2714 #ifdef CONFIG_TDLS
2715 	if (bss)
2716 		wpa_tdls_ap_ies(wpa_s->wpa, wpa_bss_ie_ptr(bss), bss->ie_len);
2717 #endif /* CONFIG_TDLS */
2718 
2719 #ifdef CONFIG_MBO
2720 	wpas_mbo_check_pmf(wpa_s, bss, ssid);
2721 #endif /* CONFIG_MBO */
2722 
2723 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
2724 	    ssid->mode == WPAS_MODE_INFRA) {
2725 		sme_authenticate(wpa_s, bss, ssid);
2726 		return;
2727 	}
2728 
2729 	if (wpa_s->connect_work) {
2730 		wpa_dbg(wpa_s, MSG_DEBUG, "Reject wpa_supplicant_associate() call since connect_work exist");
2731 		return;
2732 	}
2733 
2734 	if (radio_work_pending(wpa_s, "connect")) {
2735 		wpa_dbg(wpa_s, MSG_DEBUG, "Reject wpa_supplicant_associate() call since pending work exist");
2736 		return;
2737 	}
2738 
2739 #ifdef CONFIG_SME
2740 	if (ssid->mode == WPAS_MODE_IBSS || ssid->mode == WPAS_MODE_MESH) {
2741 		/* Clear possibly set auth_alg, if any, from last attempt. */
2742 		wpa_s->sme.auth_alg = WPA_AUTH_ALG_OPEN;
2743 	}
2744 #endif /* CONFIG_SME */
2745 
2746 	wpas_abort_ongoing_scan(wpa_s);
2747 
2748 	cwork = os_zalloc(sizeof(*cwork));
2749 	if (cwork == NULL)
2750 		return;
2751 
2752 	cwork->bss = bss;
2753 	cwork->ssid = ssid;
2754 
2755 	if (radio_add_work(wpa_s, bss ? bss->freq : 0, "connect", 1,
2756 			   wpas_start_assoc_cb, cwork) < 0) {
2757 		os_free(cwork);
2758 	}
2759 }
2760 
2761 
bss_is_ibss(struct wpa_bss * bss)2762 static int bss_is_ibss(struct wpa_bss *bss)
2763 {
2764 	return (bss->caps & (IEEE80211_CAP_ESS | IEEE80211_CAP_IBSS)) ==
2765 		IEEE80211_CAP_IBSS;
2766 }
2767 
2768 
drv_supports_vht(struct wpa_supplicant * wpa_s,const struct wpa_ssid * ssid)2769 static int drv_supports_vht(struct wpa_supplicant *wpa_s,
2770 			    const struct wpa_ssid *ssid)
2771 {
2772 	enum hostapd_hw_mode hw_mode;
2773 	struct hostapd_hw_modes *mode = NULL;
2774 	u8 channel;
2775 	int i;
2776 
2777 	hw_mode = ieee80211_freq_to_chan(ssid->frequency, &channel);
2778 	if (hw_mode == NUM_HOSTAPD_MODES)
2779 		return 0;
2780 	for (i = 0; wpa_s->hw.modes && i < wpa_s->hw.num_modes; i++) {
2781 		if (wpa_s->hw.modes[i].mode == hw_mode) {
2782 			mode = &wpa_s->hw.modes[i];
2783 			break;
2784 		}
2785 	}
2786 
2787 	if (!mode)
2788 		return 0;
2789 
2790 	return mode->vht_capab != 0;
2791 }
2792 
2793 
ibss_mesh_is_80mhz_avail(int channel,struct hostapd_hw_modes * mode)2794 static bool ibss_mesh_is_80mhz_avail(int channel, struct hostapd_hw_modes *mode)
2795 {
2796 	int i;
2797 
2798 	for (i = channel; i < channel + 16; i += 4) {
2799 		struct hostapd_channel_data *chan;
2800 
2801 		chan = hw_get_channel_chan(mode, i, NULL);
2802 		if (!chan ||
2803 		    chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
2804 			return false;
2805 	}
2806 
2807 	return true;
2808 }
2809 
2810 
ibss_mesh_setup_freq(struct wpa_supplicant * wpa_s,const struct wpa_ssid * ssid,struct hostapd_freq_params * freq)2811 void ibss_mesh_setup_freq(struct wpa_supplicant *wpa_s,
2812 			  const struct wpa_ssid *ssid,
2813 			  struct hostapd_freq_params *freq)
2814 {
2815 	int ieee80211_mode = wpas_mode_to_ieee80211_mode(ssid->mode);
2816 	enum hostapd_hw_mode hw_mode;
2817 	struct hostapd_hw_modes *mode = NULL;
2818 	int ht40plus[] = { 36, 44, 52, 60, 100, 108, 116, 124, 132, 149, 157,
2819 			   184, 192 };
2820 	int bw80[] = { 5180, 5260, 5500, 5580, 5660, 5745, 5955,
2821 		       6035, 6115, 6195, 6275, 6355, 6435, 6515,
2822 		       6595, 6675, 6755, 6835, 6915, 6995 };
2823 	int bw160[] = { 5955, 6115, 6275, 6435, 6595, 6755, 6915 };
2824 	struct hostapd_channel_data *pri_chan = NULL, *sec_chan = NULL;
2825 	u8 channel;
2826 	int i, chan_idx, ht40 = -1, res, obss_scan = 1;
2827 	unsigned int j, k;
2828 	struct hostapd_freq_params vht_freq;
2829 	int chwidth, seg0, seg1;
2830 	u32 vht_caps = 0;
2831 	bool is_24ghz, is_6ghz;
2832 
2833 	freq->freq = ssid->frequency;
2834 
2835 	for (j = 0; j < wpa_s->last_scan_res_used; j++) {
2836 		struct wpa_bss *bss = wpa_s->last_scan_res[j];
2837 
2838 		if (ssid->mode != WPAS_MODE_IBSS)
2839 			break;
2840 
2841 		/* Don't adjust control freq in case of fixed_freq */
2842 		if (ssid->fixed_freq)
2843 			break;
2844 
2845 		if (!bss_is_ibss(bss))
2846 			continue;
2847 
2848 		if (ssid->ssid_len == bss->ssid_len &&
2849 		    os_memcmp(ssid->ssid, bss->ssid, bss->ssid_len) == 0) {
2850 			wpa_printf(MSG_DEBUG,
2851 				   "IBSS already found in scan results, adjust control freq: %d",
2852 				   bss->freq);
2853 			freq->freq = bss->freq;
2854 			obss_scan = 0;
2855 			break;
2856 		}
2857 	}
2858 
2859 	/* For IBSS check HT_IBSS flag */
2860 	if (ssid->mode == WPAS_MODE_IBSS &&
2861 	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_HT_IBSS))
2862 		return;
2863 
2864 	if (wpa_s->group_cipher == WPA_CIPHER_WEP40 ||
2865 	    wpa_s->group_cipher == WPA_CIPHER_WEP104 ||
2866 	    wpa_s->pairwise_cipher == WPA_CIPHER_TKIP) {
2867 		wpa_printf(MSG_DEBUG,
2868 			   "IBSS: WEP/TKIP detected, do not try to enable HT");
2869 		return;
2870 	}
2871 
2872 	hw_mode = ieee80211_freq_to_chan(freq->freq, &channel);
2873 	for (i = 0; wpa_s->hw.modes && i < wpa_s->hw.num_modes; i++) {
2874 		if (wpa_s->hw.modes[i].mode == hw_mode) {
2875 			mode = &wpa_s->hw.modes[i];
2876 			break;
2877 		}
2878 	}
2879 
2880 	if (!mode)
2881 		return;
2882 
2883 	freq->channel = channel;
2884 
2885 	is_24ghz = hw_mode == HOSTAPD_MODE_IEEE80211G ||
2886 		hw_mode == HOSTAPD_MODE_IEEE80211B;
2887 
2888 	/* HT/VHT and corresponding overrides are not applicable to 6 GHz.
2889 	 * However, HE is mandatory for 6 GHz.
2890 	 */
2891 	is_6ghz = is_6ghz_freq(freq->freq);
2892 	if (is_6ghz)
2893 		goto skip_to_6ghz;
2894 
2895 #ifdef CONFIG_HT_OVERRIDES
2896 	if (ssid->disable_ht) {
2897 		freq->ht_enabled = 0;
2898 		return;
2899 	}
2900 #endif /* CONFIG_HT_OVERRIDES */
2901 
2902 	freq->ht_enabled = ht_supported(mode);
2903 	if (!freq->ht_enabled)
2904 		return;
2905 
2906 	/* Allow HE on 2.4 GHz without VHT: see nl80211_put_freq_params() */
2907 	if (is_24ghz)
2908 		freq->he_enabled = mode->he_capab[ieee80211_mode].he_supported;
2909 #ifdef CONFIG_HE_OVERRIDES
2910 	if (is_24ghz && ssid->disable_he)
2911 		freq->he_enabled = 0;
2912 #endif /* CONFIG_HE_OVERRIDES */
2913 
2914 	/* Setup higher BW only for 5 GHz */
2915 	if (mode->mode != HOSTAPD_MODE_IEEE80211A)
2916 		return;
2917 
2918 	for (chan_idx = 0; chan_idx < mode->num_channels; chan_idx++) {
2919 		pri_chan = &mode->channels[chan_idx];
2920 		if (pri_chan->chan == channel)
2921 			break;
2922 		pri_chan = NULL;
2923 	}
2924 	if (!pri_chan)
2925 		return;
2926 
2927 	/* Check primary channel flags */
2928 	if (pri_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
2929 		return;
2930 
2931 	freq->channel = pri_chan->chan;
2932 
2933 #ifdef CONFIG_HT_OVERRIDES
2934 	if (ssid->disable_ht40) {
2935 #ifdef CONFIG_VHT_OVERRIDES
2936 		if (ssid->disable_vht)
2937 			return;
2938 #endif /* CONFIG_VHT_OVERRIDES */
2939 		goto skip_ht40;
2940 	}
2941 #endif /* CONFIG_HT_OVERRIDES */
2942 
2943 	/* Check/setup HT40+/HT40- */
2944 	for (j = 0; j < ARRAY_SIZE(ht40plus); j++) {
2945 		if (ht40plus[j] == channel) {
2946 			ht40 = 1;
2947 			break;
2948 		}
2949 	}
2950 
2951 	/* Find secondary channel */
2952 	for (i = 0; i < mode->num_channels; i++) {
2953 		sec_chan = &mode->channels[i];
2954 		if (sec_chan->chan == channel + ht40 * 4)
2955 			break;
2956 		sec_chan = NULL;
2957 	}
2958 	if (!sec_chan)
2959 		return;
2960 
2961 	/* Check secondary channel flags */
2962 	if (sec_chan->flag & (HOSTAPD_CHAN_DISABLED | HOSTAPD_CHAN_NO_IR))
2963 		return;
2964 
2965 	if (ht40 == -1) {
2966 		if (!(pri_chan->flag & HOSTAPD_CHAN_HT40MINUS))
2967 			return;
2968 	} else {
2969 		if (!(pri_chan->flag & HOSTAPD_CHAN_HT40PLUS))
2970 			return;
2971 	}
2972 	freq->sec_channel_offset = ht40;
2973 
2974 	if (obss_scan) {
2975 		struct wpa_scan_results *scan_res;
2976 
2977 		scan_res = wpa_supplicant_get_scan_results(wpa_s, NULL, 0,
2978 								NULL);
2979 		if (scan_res == NULL) {
2980 			/* Back to HT20 */
2981 			freq->sec_channel_offset = 0;
2982 			return;
2983 		}
2984 
2985 		res = check_40mhz_5g(scan_res, pri_chan, sec_chan);
2986 		switch (res) {
2987 		case 0:
2988 			/* Back to HT20 */
2989 			freq->sec_channel_offset = 0;
2990 			break;
2991 		case 1:
2992 			/* Configuration allowed */
2993 			break;
2994 		case 2:
2995 			/* Switch pri/sec channels */
2996 			freq->freq = hw_get_freq(mode, sec_chan->chan);
2997 			freq->sec_channel_offset = -freq->sec_channel_offset;
2998 			freq->channel = sec_chan->chan;
2999 			break;
3000 		default:
3001 			freq->sec_channel_offset = 0;
3002 			break;
3003 		}
3004 
3005 		wpa_scan_results_free(scan_res);
3006 	}
3007 
3008 #ifdef CONFIG_HT_OVERRIDES
3009 skip_ht40:
3010 #endif /* CONFIG_HT_OVERRIDES */
3011 	wpa_printf(MSG_DEBUG,
3012 		   "IBSS/mesh: setup freq channel %d, sec_channel_offset %d",
3013 		   freq->channel, freq->sec_channel_offset);
3014 
3015 	if (!drv_supports_vht(wpa_s, ssid))
3016 		return;
3017 
3018 	/* For IBSS check VHT_IBSS flag */
3019 	if (ssid->mode == WPAS_MODE_IBSS &&
3020 	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_VHT_IBSS))
3021 		return;
3022 
3023 #ifdef CONFIG_VHT_OVERRIDES
3024 	if (ssid->disable_vht) {
3025 		freq->vht_enabled = 0;
3026 		return;
3027 	}
3028 #endif /* CONFIG_VHT_OVERRIDES */
3029 
3030 skip_to_6ghz:
3031 	vht_freq = *freq;
3032 
3033 	/* 6 GHz does not have VHT enabled, so allow that exception here. */
3034 	vht_freq.vht_enabled = vht_supported(mode);
3035 	if (!vht_freq.vht_enabled && !is_6ghz)
3036 		return;
3037 
3038 	/* Enable HE with VHT for 5 GHz */
3039 	freq->he_enabled = mode->he_capab[ieee80211_mode].he_supported;
3040 
3041 	/* setup center_freq1, bandwidth */
3042 	for (j = 0; j < ARRAY_SIZE(bw80); j++) {
3043 		if (freq->freq >= bw80[j] &&
3044 		    freq->freq < bw80[j] + 80)
3045 			break;
3046 	}
3047 
3048 	if (j == ARRAY_SIZE(bw80) ||
3049 	    ieee80211_freq_to_chan(bw80[j], &channel) == NUM_HOSTAPD_MODES)
3050 		return;
3051 
3052 	/* Back to HT configuration if channel not usable */
3053 	if (!ibss_mesh_is_80mhz_avail(channel, mode))
3054 		return;
3055 
3056 	chwidth = CHANWIDTH_80MHZ;
3057 	seg0 = channel + 6;
3058 	seg1 = 0;
3059 
3060 	if ((mode->he_capab[ieee80211_mode].phy_cap[
3061 		     HE_PHYCAP_CHANNEL_WIDTH_SET_IDX] &
3062 	     HE_PHYCAP_CHANNEL_WIDTH_SET_160MHZ_IN_5G) && is_6ghz) {
3063 		/* In 160 MHz, the initial four 20 MHz channels were validated
3064 		 * above; check the remaining four 20 MHz channels for the total
3065 		 * of 160 MHz bandwidth.
3066 		 */
3067 		if (!ibss_mesh_is_80mhz_avail(channel + 16, mode))
3068 			return;
3069 
3070 		for (j = 0; j < ARRAY_SIZE(bw160); j++) {
3071 			if (freq->freq == bw160[j]) {
3072 				chwidth = CHANWIDTH_160MHZ;
3073 				seg0 = channel + 14;
3074 				break;
3075 			}
3076 		}
3077 	}
3078 
3079 	if (ssid->max_oper_chwidth == CHANWIDTH_80P80MHZ) {
3080 		/* setup center_freq2, bandwidth */
3081 		for (k = 0; k < ARRAY_SIZE(bw80); k++) {
3082 			/* Only accept 80 MHz segments separated by a gap */
3083 			if (j == k || abs(bw80[j] - bw80[k]) == 80)
3084 				continue;
3085 
3086 			if (ieee80211_freq_to_chan(bw80[k], &channel) ==
3087 			    NUM_HOSTAPD_MODES)
3088 				return;
3089 
3090 			for (i = channel; i < channel + 16; i += 4) {
3091 				struct hostapd_channel_data *chan;
3092 
3093 				chan = hw_get_channel_chan(mode, i, NULL);
3094 				if (!chan)
3095 					continue;
3096 
3097 				if (chan->flag & (HOSTAPD_CHAN_DISABLED |
3098 						  HOSTAPD_CHAN_NO_IR |
3099 						  HOSTAPD_CHAN_RADAR))
3100 					continue;
3101 
3102 				/* Found a suitable second segment for 80+80 */
3103 				chwidth = CHANWIDTH_80P80MHZ;
3104 				if (!is_6ghz)
3105 					vht_caps |=
3106 						VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ;
3107 				seg1 = channel + 6;
3108 			}
3109 
3110 			if (chwidth == CHANWIDTH_80P80MHZ)
3111 				break;
3112 		}
3113 	} else if (ssid->max_oper_chwidth == CHANWIDTH_160MHZ) {
3114 		if (freq->freq == 5180) {
3115 			chwidth = CHANWIDTH_160MHZ;
3116 			vht_caps |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
3117 			seg0 = 50;
3118 		} else if (freq->freq == 5520) {
3119 			chwidth = CHANWIDTH_160MHZ;
3120 			vht_caps |= VHT_CAP_SUPP_CHAN_WIDTH_160MHZ;
3121 			seg0 = 114;
3122 		}
3123 	} else if (ssid->max_oper_chwidth == CHANWIDTH_USE_HT) {
3124 		chwidth = CHANWIDTH_USE_HT;
3125 		seg0 = channel + 2;
3126 #ifdef CONFIG_HT_OVERRIDES
3127 		if (ssid->disable_ht40)
3128 			seg0 = 0;
3129 #endif /* CONFIG_HT_OVERRIDES */
3130 	}
3131 
3132 #ifdef CONFIG_HE_OVERRIDES
3133 	if (ssid->disable_he) {
3134 		vht_freq.he_enabled = 0;
3135 		freq->he_enabled = 0;
3136 	}
3137 #endif /* CONFIG_HE_OVERRIDES */
3138 	if (hostapd_set_freq_params(&vht_freq, mode->mode, freq->freq,
3139 				    freq->channel, ssid->enable_edmg,
3140 				    ssid->edmg_channel, freq->ht_enabled,
3141 				    vht_freq.vht_enabled, freq->he_enabled,
3142 					freq->eht_enabled,
3143 				    freq->sec_channel_offset,
3144 				    chwidth, seg0, seg1, vht_caps,
3145 				    &mode->he_capab[ieee80211_mode],
3146 					&mode->eht_capab[ieee80211_mode], 0) != 0)
3147 		return;
3148 
3149 	*freq = vht_freq;
3150 
3151 	wpa_printf(MSG_DEBUG, "IBSS: VHT setup freq cf1 %d, cf2 %d, bw %d",
3152 		   freq->center_freq1, freq->center_freq2, freq->bandwidth);
3153 }
3154 
3155 
3156 #ifdef CONFIG_FILS
wpas_add_fils_hlp_req(struct wpa_supplicant * wpa_s,u8 * ie_buf,size_t ie_buf_len)3157 static size_t wpas_add_fils_hlp_req(struct wpa_supplicant *wpa_s, u8 *ie_buf,
3158 				    size_t ie_buf_len)
3159 {
3160 	struct fils_hlp_req *req;
3161 	size_t rem_len, hdr_len, hlp_len, len, ie_len = 0;
3162 	const u8 *pos;
3163 	u8 *buf = ie_buf;
3164 
3165 	dl_list_for_each(req, &wpa_s->fils_hlp_req, struct fils_hlp_req,
3166 			 list) {
3167 		rem_len = ie_buf_len - ie_len;
3168 		pos = wpabuf_head(req->pkt);
3169 		hdr_len = 1 + 2 * ETH_ALEN + 6;
3170 		hlp_len = wpabuf_len(req->pkt);
3171 
3172 		if (rem_len < 2 + hdr_len + hlp_len) {
3173 			wpa_printf(MSG_ERROR,
3174 				   "FILS: Cannot fit HLP - rem_len=%lu to_fill=%lu",
3175 				   (unsigned long) rem_len,
3176 				   (unsigned long) (2 + hdr_len + hlp_len));
3177 			break;
3178 		}
3179 
3180 		len = (hdr_len + hlp_len) > 255 ? 255 : hdr_len + hlp_len;
3181 		/* Element ID */
3182 		*buf++ = WLAN_EID_EXTENSION;
3183 		/* Length */
3184 		*buf++ = len;
3185 		/* Element ID Extension */
3186 		*buf++ = WLAN_EID_EXT_FILS_HLP_CONTAINER;
3187 		/* Destination MAC address */
3188 		os_memcpy(buf, req->dst, ETH_ALEN);
3189 		buf += ETH_ALEN;
3190 		/* Source MAC address */
3191 		os_memcpy(buf, wpa_s->own_addr, ETH_ALEN);
3192 		buf += ETH_ALEN;
3193 		/* LLC/SNAP Header */
3194 		os_memcpy(buf, "\xaa\xaa\x03\x00\x00\x00", 6);
3195 		buf += 6;
3196 		/* HLP Packet */
3197 		os_memcpy(buf, pos, len - hdr_len);
3198 		buf += len - hdr_len;
3199 		pos += len - hdr_len;
3200 
3201 		hlp_len -= len - hdr_len;
3202 		ie_len += 2 + len;
3203 		rem_len -= 2 + len;
3204 
3205 		while (hlp_len) {
3206 			len = (hlp_len > 255) ? 255 : hlp_len;
3207 			if (rem_len < 2 + len)
3208 				break;
3209 			*buf++ = WLAN_EID_FRAGMENT;
3210 			*buf++ = len;
3211 			os_memcpy(buf, pos, len);
3212 			buf += len;
3213 			pos += len;
3214 
3215 			hlp_len -= len;
3216 			ie_len += 2 + len;
3217 			rem_len -= 2 + len;
3218 		}
3219 	}
3220 
3221 	return ie_len;
3222 }
3223 
3224 
wpa_is_fils_supported(struct wpa_supplicant * wpa_s)3225 int wpa_is_fils_supported(struct wpa_supplicant *wpa_s)
3226 {
3227 	return (((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
3228 		 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SUPPORT_FILS)) ||
3229 		(!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
3230 		 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD)));
3231 }
3232 
3233 
wpa_is_fils_sk_pfs_supported(struct wpa_supplicant * wpa_s)3234 int wpa_is_fils_sk_pfs_supported(struct wpa_supplicant *wpa_s)
3235 {
3236 #ifdef CONFIG_FILS_SK_PFS
3237 	return (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) &&
3238 		(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SUPPORT_FILS);
3239 #else /* CONFIG_FILS_SK_PFS */
3240 	return 0;
3241 #endif /* CONFIG_FILS_SK_PFS */
3242 }
3243 
3244 #endif /* CONFIG_FILS */
3245 
wpa_is_non_eht_scs_traffic_desc_supported(struct wpa_bss * bss)3246 bool wpa_is_non_eht_scs_traffic_desc_supported(struct wpa_bss *bss)
3247 {
3248 	const u8 *wfa_capa;
3249 
3250 	if (!bss)
3251 		return false;
3252 
3253 	/* Get WFA capability from Beacon or Probe Response frame elements */
3254 	wfa_capa = wpa_bss_get_vendor_ie(bss, WFA_CAPA_IE_VENDOR_TYPE);
3255 	if (!wfa_capa)
3256 		wfa_capa = wpa_bss_get_vendor_ie_beacon(
3257 			bss, WFA_CAPA_IE_VENDOR_TYPE);
3258 
3259 	if (!wfa_capa || wfa_capa[1] < 6 || wfa_capa[6] < 1 ||
3260 	    !(wfa_capa[7] & WFA_CAPA_QM_NON_EHT_SCS_TRAFFIC_DESC)) {
3261 		/* AP does not enable QM non EHT traffic description policy */
3262 		return false;
3263 	}
3264 
3265 	return true;
3266 }
3267 
wpas_populate_wfa_capa(struct wpa_supplicant * wpa_s,struct wpa_bss * bss,u8 * wpa_ie,size_t wpa_ie_len,size_t max_wpa_ie_len)3268 static int wpas_populate_wfa_capa(struct wpa_supplicant *wpa_s,
3269 				  struct wpa_bss *bss,
3270 				  u8 *wpa_ie, size_t wpa_ie_len,
3271 				  size_t max_wpa_ie_len)
3272 {
3273 	struct wpabuf *wfa_ie = NULL;
3274 	u8 wfa_capa[1];
3275 	size_t wfa_ie_len, buf_len;
3276 
3277 	os_memset(wfa_capa, 0, sizeof(wfa_capa));
3278 #ifdef CONFIG_ROBUST_AV
3279 	if (wpa_s->enable_dscp_policy_capa)
3280 		wfa_capa[0] |= WFA_CAPA_QM_DSCP_POLICY;
3281 #endif /* CONFIG_ROBUST_AV */
3282 
3283 	if (wpa_is_non_eht_scs_traffic_desc_supported(bss))
3284 		wfa_capa[0] |= WFA_CAPA_QM_NON_EHT_SCS_TRAFFIC_DESC;
3285 
3286 	if (!wfa_capa[0])
3287 		return wpa_ie_len;
3288 
3289 	/* Wi-Fi Alliance element */
3290 	buf_len = 1 +	/* Element ID */
3291 		  1 +	/* Length */
3292 		  3 +	/* OUI */
3293 		  1 +	/* OUI Type */
3294 		  1 +	/* Capabilities Length */
3295 		  sizeof(wfa_capa);	/* Capabilities */
3296 	wfa_ie = wpabuf_alloc(buf_len);
3297 	if (!wfa_ie)
3298 		return wpa_ie_len;
3299 
3300 	wpabuf_put_u8(wfa_ie, WLAN_EID_VENDOR_SPECIFIC);
3301 	wpabuf_put_u8(wfa_ie, buf_len - 2);
3302 	wpabuf_put_be24(wfa_ie, OUI_WFA);
3303 	wpabuf_put_u8(wfa_ie, WFA_CAPA_OUI_TYPE);
3304 	wpabuf_put_u8(wfa_ie, sizeof(wfa_capa));
3305 	wpabuf_put_data(wfa_ie, wfa_capa, sizeof(wfa_capa));
3306 
3307 	wfa_ie_len = wpabuf_len(wfa_ie);
3308 	if (wpa_ie_len + wfa_ie_len <= max_wpa_ie_len) {
3309 		wpa_hexdump_buf(MSG_MSGDUMP, "WFA Capabilities element",
3310 				wfa_ie);
3311 		os_memcpy(wpa_ie + wpa_ie_len, wpabuf_head(wfa_ie),
3312 			  wfa_ie_len);
3313 		wpa_ie_len += wfa_ie_len;
3314 	}
3315 
3316 	wpabuf_free(wfa_ie);
3317 	return wpa_ie_len;
3318 }
3319 
3320 
wpas_populate_assoc_ies(struct wpa_supplicant * wpa_s,struct wpa_bss * bss,struct wpa_ssid * ssid,struct wpa_driver_associate_params * params,enum wpa_drv_update_connect_params_mask * mask)3321 static u8 * wpas_populate_assoc_ies(
3322 	struct wpa_supplicant *wpa_s,
3323 	struct wpa_bss *bss, struct wpa_ssid *ssid,
3324 	struct wpa_driver_associate_params *params,
3325 	enum wpa_drv_update_connect_params_mask *mask)
3326 {
3327 	u8 *wpa_ie;
3328 	size_t max_wpa_ie_len = 500;
3329 	size_t wpa_ie_len;
3330 	int algs = WPA_AUTH_ALG_OPEN;
3331 #ifdef CONFIG_MBO
3332 	const u8 *mbo_ie;
3333 #endif
3334 #if defined(CONFIG_SAE) || defined(CONFIG_FILS)
3335 	int pmksa_cached = 0;
3336 #endif /* CONFIG_SAE || CONFIG_FILS */
3337 #ifdef CONFIG_FILS
3338 	const u8 *realm, *username, *rrk;
3339 	size_t realm_len, username_len, rrk_len;
3340 	u16 next_seq_num;
3341 	struct fils_hlp_req *req;
3342 
3343 	dl_list_for_each(req, &wpa_s->fils_hlp_req, struct fils_hlp_req,
3344 			 list) {
3345 		max_wpa_ie_len += 3 + 2 * ETH_ALEN + 6 + wpabuf_len(req->pkt) +
3346 				  2 + 2 * wpabuf_len(req->pkt) / 255;
3347 	}
3348 #endif /* CONFIG_FILS */
3349 
3350 	wpa_ie = os_malloc(max_wpa_ie_len);
3351 	if (!wpa_ie) {
3352 		wpa_printf(MSG_ERROR,
3353 			   "Failed to allocate connect IE buffer for %lu bytes",
3354 			   (unsigned long) max_wpa_ie_len);
3355 		return NULL;
3356 	}
3357 
3358 	if (bss && (wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
3359 		    wpa_bss_get_rsne(wpa_s, bss, ssid, false)) &&
3360 	    wpa_key_mgmt_wpa(ssid->key_mgmt)) {
3361 		int try_opportunistic;
3362 		const u8 *cache_id = NULL;
3363 
3364 		try_opportunistic = (ssid->proactive_key_caching < 0 ?
3365 				     wpa_s->conf->okc :
3366 				     ssid->proactive_key_caching) &&
3367 			(ssid->proto & WPA_PROTO_RSN);
3368 #ifdef CONFIG_FILS
3369 		if (wpa_key_mgmt_fils(ssid->key_mgmt))
3370 			cache_id = wpa_bss_get_fils_cache_id(bss);
3371 #endif /* CONFIG_FILS */
3372 		if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
3373 					    ssid, try_opportunistic,
3374 					    cache_id, 0, false) == 0) {
3375 			eapol_sm_notify_pmkid_attempt(wpa_s->eapol);
3376 #if defined(CONFIG_SAE) || defined(CONFIG_FILS)
3377 			pmksa_cached = 1;
3378 #endif /* CONFIG_SAE || CONFIG_FILS */
3379 		}
3380 		wpa_ie_len = max_wpa_ie_len;
3381 		if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
3382 					      wpa_ie, &wpa_ie_len, false)) {
3383 			wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
3384 				"key management and encryption suites");
3385 			os_free(wpa_ie);
3386 			return NULL;
3387 		}
3388 #ifdef CONFIG_HS20
3389 	} else if (bss && wpa_bss_get_vendor_ie(bss, OSEN_IE_VENDOR_TYPE) &&
3390 		   (ssid->key_mgmt & WPA_KEY_MGMT_OSEN)) {
3391 		/* No PMKSA caching, but otherwise similar to RSN/WPA */
3392 		wpa_ie_len = max_wpa_ie_len;
3393 		if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
3394 					      wpa_ie, &wpa_ie_len, false)) {
3395 			wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
3396 				"key management and encryption suites");
3397 			os_free(wpa_ie);
3398 			return NULL;
3399 		}
3400 #endif /* CONFIG_HS20 */
3401 	} else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && bss &&
3402 		   wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) {
3403 		/*
3404 		 * Both WPA and non-WPA IEEE 802.1X enabled in configuration -
3405 		 * use non-WPA since the scan results did not indicate that the
3406 		 * AP is using WPA or WPA2.
3407 		 */
3408 		wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
3409 		wpa_ie_len = 0;
3410 		wpa_s->wpa_proto = 0;
3411 	} else if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) {
3412 		wpa_ie_len = max_wpa_ie_len;
3413 		if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
3414 					      wpa_ie, &wpa_ie_len, false)) {
3415 			wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed to set WPA "
3416 				"key management and encryption suites (no "
3417 				"scan results)");
3418 			os_free(wpa_ie);
3419 			return NULL;
3420 		}
3421 #ifdef CONFIG_WPS
3422 	} else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
3423 		struct wpabuf *wps_ie;
3424 		wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
3425 		if (wps_ie && wpabuf_len(wps_ie) <= max_wpa_ie_len) {
3426 			wpa_ie_len = wpabuf_len(wps_ie);
3427 			os_memcpy(wpa_ie, wpabuf_head(wps_ie), wpa_ie_len);
3428 		} else
3429 			wpa_ie_len = 0;
3430 		wpabuf_free(wps_ie);
3431 		wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
3432 		if (!bss || (bss->caps & IEEE80211_CAP_PRIVACY))
3433 			params->wps = WPS_MODE_PRIVACY;
3434 		else
3435 			params->wps = WPS_MODE_OPEN;
3436 		wpa_s->wpa_proto = 0;
3437 #endif /* CONFIG_WPS */
3438 	} else {
3439 		wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
3440 		wpa_ie_len = 0;
3441 		wpa_s->wpa_proto = 0;
3442 	}
3443 
3444 #ifdef IEEE8021X_EAPOL
3445 	if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
3446 		if (ssid->leap) {
3447 			if (ssid->non_leap == 0)
3448 				algs = WPA_AUTH_ALG_LEAP;
3449 			else
3450 				algs |= WPA_AUTH_ALG_LEAP;
3451 		}
3452 	}
3453 
3454 #ifdef CONFIG_FILS
3455 	/* Clear FILS association */
3456 	wpa_sm_set_reset_fils_completed(wpa_s->wpa, 0);
3457 
3458 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD) &&
3459 	    ssid->eap.erp && wpa_key_mgmt_fils(wpa_s->key_mgmt) &&
3460 	    eapol_sm_get_erp_info(wpa_s->eapol, &ssid->eap, &username,
3461 				  &username_len, &realm, &realm_len,
3462 				  &next_seq_num, &rrk, &rrk_len) == 0 &&
3463 	    (!wpa_s->last_con_fail_realm ||
3464 	     wpa_s->last_con_fail_realm_len != realm_len ||
3465 	     os_memcmp(wpa_s->last_con_fail_realm, realm, realm_len) != 0)) {
3466 		algs = WPA_AUTH_ALG_FILS;
3467 		params->fils_erp_username = username;
3468 		params->fils_erp_username_len = username_len;
3469 		params->fils_erp_realm = realm;
3470 		params->fils_erp_realm_len = realm_len;
3471 		params->fils_erp_next_seq_num = next_seq_num;
3472 		params->fils_erp_rrk = rrk;
3473 		params->fils_erp_rrk_len = rrk_len;
3474 
3475 		if (mask)
3476 			*mask |= WPA_DRV_UPDATE_FILS_ERP_INFO;
3477 	} else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_FILS_SK_OFFLOAD) &&
3478 		   ssid->eap.erp && wpa_key_mgmt_fils(wpa_s->key_mgmt) &&
3479 		   pmksa_cached) {
3480 		algs = WPA_AUTH_ALG_FILS;
3481 	}
3482 #endif /* CONFIG_FILS */
3483 #endif /* IEEE8021X_EAPOL */
3484 #ifdef CONFIG_SAE
3485 	if (wpa_s->key_mgmt & (WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE))
3486 		algs = WPA_AUTH_ALG_SAE;
3487 #endif /* CONFIG_SAE */
3488 
3489 	wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x", algs);
3490 	if (ssid->auth_alg) {
3491 		algs = ssid->auth_alg;
3492 		wpa_dbg(wpa_s, MSG_DEBUG,
3493 			"Overriding auth_alg selection: 0x%x", algs);
3494 	}
3495 
3496 #ifdef CONFIG_SAE
3497 	if (pmksa_cached && algs == WPA_AUTH_ALG_SAE) {
3498 		wpa_dbg(wpa_s, MSG_DEBUG,
3499 			"SAE: Use WPA_AUTH_ALG_OPEN for PMKSA caching attempt");
3500 		algs = WPA_AUTH_ALG_OPEN;
3501 	}
3502 #endif /* CONFIG_SAE */
3503 
3504 #ifdef CONFIG_P2P
3505 	if (wpa_s->global->p2p) {
3506 		u8 *pos;
3507 		size_t len;
3508 		int res;
3509 		pos = wpa_ie + wpa_ie_len;
3510 		len = max_wpa_ie_len - wpa_ie_len;
3511 		res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len,
3512 					    ssid->p2p_group);
3513 		if (res >= 0)
3514 			wpa_ie_len += res;
3515 	}
3516 
3517 	wpa_s->cross_connect_disallowed = 0;
3518 	if (bss) {
3519 		struct wpabuf *p2p;
3520 		p2p = wpa_bss_get_vendor_ie_multi(bss, P2P_IE_VENDOR_TYPE);
3521 		if (p2p) {
3522 			wpa_s->cross_connect_disallowed =
3523 				p2p_get_cross_connect_disallowed(p2p);
3524 			wpabuf_free(p2p);
3525 			wpa_dbg(wpa_s, MSG_DEBUG, "P2P: WLAN AP %s cross "
3526 				"connection",
3527 				wpa_s->cross_connect_disallowed ?
3528 				"disallows" : "allows");
3529 		}
3530 	}
3531 
3532 	os_memset(wpa_s->p2p_ip_addr_info, 0, sizeof(wpa_s->p2p_ip_addr_info));
3533 #endif /* CONFIG_P2P */
3534 
3535 #ifndef CONFIG_NO_RRM
3536 	if (bss) {
3537 		wpa_ie_len += wpas_supp_op_class_ie(wpa_s, ssid, bss,
3538 						    wpa_ie + wpa_ie_len,
3539 						    max_wpa_ie_len -
3540 						    wpa_ie_len);
3541 	}
3542 #endif /* ! CONFIG_NO_RRM */
3543 	/*
3544 	 * Workaround: Add Extended Capabilities element only if the AP
3545 	 * included this element in Beacon/Probe Response frames. Some older
3546 	 * APs seem to have interoperability issues if this element is
3547 	 * included, so while the standard may require us to include the
3548 	 * element in all cases, it is justifiable to skip it to avoid
3549 	 * interoperability issues.
3550 	 */
3551 	if (ssid->p2p_group)
3552 		wpa_drv_get_ext_capa(wpa_s, WPA_IF_P2P_CLIENT);
3553 	else
3554 		wpa_drv_get_ext_capa(wpa_s, WPA_IF_STATION);
3555 
3556 	if (!bss || wpa_bss_get_ie(bss, WLAN_EID_EXT_CAPAB)) {
3557 		u8 ext_capab[18];
3558 		int ext_capab_len;
3559 		ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab,
3560 						     sizeof(ext_capab), bss);
3561 		if (ext_capab_len > 0 &&
3562 		    wpa_ie_len + ext_capab_len <= max_wpa_ie_len) {
3563 			u8 *pos = wpa_ie;
3564 			if (wpa_ie_len > 0 && pos[0] == WLAN_EID_RSN)
3565 				pos += 2 + pos[1];
3566 			os_memmove(pos + ext_capab_len, pos,
3567 				   wpa_ie_len - (pos - wpa_ie));
3568 			wpa_ie_len += ext_capab_len;
3569 			os_memcpy(pos, ext_capab, ext_capab_len);
3570 		}
3571 	}
3572 
3573 #ifdef CONFIG_HS20
3574 	if (is_hs20_network(wpa_s, ssid, bss)) {
3575 		struct wpabuf *hs20;
3576 
3577 		hs20 = wpabuf_alloc(20 + MAX_ROAMING_CONS_OI_LEN);
3578 		if (hs20) {
3579 			int pps_mo_id = hs20_get_pps_mo_id(wpa_s, ssid);
3580 			size_t len;
3581 
3582 			wpas_hs20_add_indication(hs20, pps_mo_id,
3583 						 get_hs20_version(bss));
3584 			wpas_hs20_add_roam_cons_sel(hs20, ssid);
3585 			len = max_wpa_ie_len - wpa_ie_len;
3586 			if (wpabuf_len(hs20) <= len) {
3587 				os_memcpy(wpa_ie + wpa_ie_len,
3588 					  wpabuf_head(hs20), wpabuf_len(hs20));
3589 				wpa_ie_len += wpabuf_len(hs20);
3590 			}
3591 			wpabuf_free(hs20);
3592 
3593 			hs20_configure_frame_filters(wpa_s);
3594 		}
3595 	}
3596 #endif /* CONFIG_HS20 */
3597 
3598 	if (wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ]) {
3599 		struct wpabuf *buf = wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ];
3600 		size_t len;
3601 
3602 		len = max_wpa_ie_len - wpa_ie_len;
3603 		if (wpabuf_len(buf) <= len) {
3604 			os_memcpy(wpa_ie + wpa_ie_len,
3605 				  wpabuf_head(buf), wpabuf_len(buf));
3606 			wpa_ie_len += wpabuf_len(buf);
3607 		}
3608 	}
3609 
3610 #ifdef CONFIG_FST
3611 	if (wpa_s->fst_ies) {
3612 		int fst_ies_len = wpabuf_len(wpa_s->fst_ies);
3613 
3614 		if (wpa_ie_len + fst_ies_len <= max_wpa_ie_len) {
3615 			os_memcpy(wpa_ie + wpa_ie_len,
3616 				  wpabuf_head(wpa_s->fst_ies), fst_ies_len);
3617 			wpa_ie_len += fst_ies_len;
3618 		}
3619 	}
3620 #endif /* CONFIG_FST */
3621 
3622 #ifdef CONFIG_MBO
3623 	mbo_ie = bss ? wpa_bss_get_vendor_ie(bss, MBO_IE_VENDOR_TYPE) : NULL;
3624 	if (!wpa_s->disable_mbo_oce && mbo_ie) {
3625 		int len;
3626 
3627 		len = wpas_mbo_ie(wpa_s, wpa_ie + wpa_ie_len,
3628 				  max_wpa_ie_len - wpa_ie_len,
3629 				  !!mbo_attr_from_mbo_ie(mbo_ie,
3630 							 OCE_ATTR_ID_CAPA_IND));
3631 		if (len >= 0)
3632 			wpa_ie_len += len;
3633 	}
3634 #endif /* CONFIG_MBO */
3635 
3636 #ifdef CONFIG_FILS
3637 	if (algs == WPA_AUTH_ALG_FILS) {
3638 		size_t len;
3639 
3640 		len = wpas_add_fils_hlp_req(wpa_s, wpa_ie + wpa_ie_len,
3641 					    max_wpa_ie_len - wpa_ie_len);
3642 		wpa_ie_len += len;
3643 	}
3644 #endif /* CONFIG_FILS */
3645 
3646 #ifdef CONFIG_OWE
3647 #ifdef CONFIG_TESTING_OPTIONS
3648 	if (get_ie_ext(wpa_ie, wpa_ie_len, WLAN_EID_EXT_OWE_DH_PARAM)) {
3649 		wpa_printf(MSG_INFO, "TESTING: Override OWE DH element");
3650 	} else
3651 #endif /* CONFIG_TESTING_OPTIONS */
3652 	if (algs == WPA_AUTH_ALG_OPEN &&
3653 	    ssid->key_mgmt == WPA_KEY_MGMT_OWE) {
3654 		struct wpabuf *owe_ie;
3655 		u16 group;
3656 
3657 		if (ssid->owe_group) {
3658 			group = ssid->owe_group;
3659 		} else if (wpa_s->assoc_status_code ==
3660 			   WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED) {
3661 			if (wpa_s->last_owe_group == 19)
3662 				group = 20;
3663 			else if (wpa_s->last_owe_group == 20)
3664 				group = 21;
3665 			else
3666 				group = OWE_DH_GROUP;
3667 		} else {
3668 			group = OWE_DH_GROUP;
3669 		}
3670 
3671 		wpa_s->last_owe_group = group;
3672 		wpa_printf(MSG_DEBUG, "OWE: Try to use group %u", group);
3673 		owe_ie = owe_build_assoc_req(wpa_s->wpa, group);
3674 		if (owe_ie &&
3675 		    wpabuf_len(owe_ie) <= max_wpa_ie_len - wpa_ie_len) {
3676 			os_memcpy(wpa_ie + wpa_ie_len,
3677 				  wpabuf_head(owe_ie), wpabuf_len(owe_ie));
3678 			wpa_ie_len += wpabuf_len(owe_ie);
3679 		}
3680 		wpabuf_free(owe_ie);
3681 	}
3682 #endif /* CONFIG_OWE */
3683 
3684 #ifdef CONFIG_DPP2
3685 	if (DPP_VERSION > 1 &&
3686 	    wpa_sm_get_key_mgmt(wpa_s->wpa) == WPA_KEY_MGMT_DPP &&
3687 	    ssid->dpp_netaccesskey &&
3688 	    ssid->dpp_pfs != 2 && !ssid->dpp_pfs_fallback) {
3689 		struct rsn_pmksa_cache_entry *pmksa;
3690 
3691 		pmksa = pmksa_cache_get_current(wpa_s->wpa);
3692 		if (!pmksa || !pmksa->dpp_pfs)
3693 			goto pfs_fail;
3694 
3695 		dpp_pfs_free(wpa_s->dpp_pfs);
3696 		wpa_s->dpp_pfs = dpp_pfs_init(ssid->dpp_netaccesskey,
3697 					      ssid->dpp_netaccesskey_len);
3698 		if (!wpa_s->dpp_pfs) {
3699 			wpa_printf(MSG_DEBUG, "DPP: Could not initialize PFS");
3700 			/* Try to continue without PFS */
3701 			goto pfs_fail;
3702 		}
3703 		if (wpabuf_len(wpa_s->dpp_pfs->ie) <=
3704 		    max_wpa_ie_len - wpa_ie_len) {
3705 			os_memcpy(wpa_ie + wpa_ie_len,
3706 				  wpabuf_head(wpa_s->dpp_pfs->ie),
3707 				  wpabuf_len(wpa_s->dpp_pfs->ie));
3708 			wpa_ie_len += wpabuf_len(wpa_s->dpp_pfs->ie);
3709 		}
3710 	}
3711 pfs_fail:
3712 #endif /* CONFIG_DPP2 */
3713 
3714 #ifdef CONFIG_IEEE80211R
3715 	/*
3716 	 * Add MDIE under these conditions: the network profile allows FT,
3717 	 * the AP supports FT, and the mobility domain ID matches.
3718 	 */
3719 	if (bss && wpa_key_mgmt_ft(wpa_sm_get_key_mgmt(wpa_s->wpa))) {
3720 		const u8 *mdie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
3721 
3722 		if (mdie && mdie[1] >= MOBILITY_DOMAIN_ID_LEN) {
3723 			size_t len = 0;
3724 			const u8 *md = mdie + 2;
3725 			const u8 *wpa_md = wpa_sm_get_ft_md(wpa_s->wpa);
3726 
3727 			if (os_memcmp(md, wpa_md,
3728 				      MOBILITY_DOMAIN_ID_LEN) == 0) {
3729 				/* Add mobility domain IE */
3730 				len = wpa_ft_add_mdie(
3731 					wpa_s->wpa, wpa_ie + wpa_ie_len,
3732 					max_wpa_ie_len - wpa_ie_len, mdie);
3733 				wpa_ie_len += len;
3734 			}
3735 #ifdef CONFIG_SME
3736 			if (len > 0 && wpa_s->sme.ft_used &&
3737 			    wpa_sm_has_ft_keys(wpa_s->wpa, md)) {
3738 				wpa_dbg(wpa_s, MSG_DEBUG,
3739 					"SME: Trying to use FT over-the-air");
3740 				algs |= WPA_AUTH_ALG_FT;
3741 			}
3742 #endif /* CONFIG_SME */
3743 		}
3744 	}
3745 #endif /* CONFIG_IEEE80211R */
3746 
3747 #ifdef CONFIG_TESTING_OPTIONS
3748 	if (wpa_s->rsnxe_override_assoc &&
3749 	    wpabuf_len(wpa_s->rsnxe_override_assoc) <=
3750 	    max_wpa_ie_len - wpa_ie_len) {
3751 		wpa_printf(MSG_DEBUG, "TESTING: RSNXE AssocReq override");
3752 		os_memcpy(wpa_ie + wpa_ie_len,
3753 			  wpabuf_head(wpa_s->rsnxe_override_assoc),
3754 			  wpabuf_len(wpa_s->rsnxe_override_assoc));
3755 		wpa_ie_len += wpabuf_len(wpa_s->rsnxe_override_assoc);
3756 	} else
3757 #endif /* CONFIG_TESTING_OPTIONS */
3758 	if (wpa_s->rsnxe_len > 0 &&
3759 	    wpa_s->rsnxe_len <= max_wpa_ie_len - wpa_ie_len) {
3760 		os_memcpy(wpa_ie + wpa_ie_len, wpa_s->rsnxe, wpa_s->rsnxe_len);
3761 		wpa_ie_len += wpa_s->rsnxe_len;
3762 	}
3763 
3764 #ifdef CONFIG_TESTING_OPTIONS
3765 	if (wpa_s->disable_mscs_support)
3766 		goto mscs_end;
3767 #endif /* CONFIG_TESTING_OPTIONS */
3768 #ifndef CONFIG_NO_RRM
3769 	if (wpa_bss_ext_capab(bss, WLAN_EXT_CAPAB_MSCS) &&
3770 	    wpa_s->robust_av.valid_config) {
3771 		struct wpabuf *mscs_ie;
3772 		size_t mscs_ie_len, buf_len;
3773 
3774 		buf_len = 3 +	/* MSCS descriptor IE header */
3775 			  1 +	/* Request type */
3776 			  2 +	/* User priority control */
3777 			  4 +	/* Stream timeout */
3778 			  3 +	/* TCLAS Mask IE header */
3779 			  wpa_s->robust_av.frame_classifier_len;
3780 		mscs_ie = wpabuf_alloc(buf_len);
3781 		if (!mscs_ie) {
3782 			wpa_printf(MSG_INFO,
3783 				   "MSCS: Failed to allocate MSCS IE");
3784 			goto mscs_end;
3785 		}
3786 
3787 		wpas_populate_mscs_descriptor_ie(&wpa_s->robust_av, mscs_ie);
3788 		if ((wpa_ie_len + wpabuf_len(mscs_ie)) <= max_wpa_ie_len) {
3789 			wpa_hexdump_buf(MSG_MSGDUMP, "MSCS IE", mscs_ie);
3790 			mscs_ie_len = wpabuf_len(mscs_ie);
3791 			os_memcpy(wpa_ie + wpa_ie_len, wpabuf_head(mscs_ie),
3792 				  mscs_ie_len);
3793 			wpa_ie_len += mscs_ie_len;
3794 		}
3795 
3796 		wpabuf_free(mscs_ie);
3797 	}
3798 mscs_end:
3799 #endif /* ! CONFIG_NO_RRM */
3800 	wpa_ie_len = wpas_populate_wfa_capa(wpa_s, bss, wpa_ie, wpa_ie_len,
3801 					    max_wpa_ie_len);
3802 
3803 	if (ssid->multi_ap_backhaul_sta) {
3804 		size_t multi_ap_ie_len;
3805 		struct multi_ap_params multi_ap = { 0 };
3806 
3807 		multi_ap.capability = MULTI_AP_BACKHAUL_STA;
3808 		multi_ap.profile = ssid->multi_ap_profile;
3809 
3810 		multi_ap_ie_len = add_multi_ap_ie(wpa_ie + wpa_ie_len,
3811 						  max_wpa_ie_len - wpa_ie_len,
3812 						  &multi_ap);
3813 		if (multi_ap_ie_len == 0) {
3814 			wpa_printf(MSG_ERROR,
3815 				   "Multi-AP: Failed to build Multi-AP IE");
3816 			os_free(wpa_ie);
3817 			return NULL;
3818 		}
3819 		wpa_ie_len += multi_ap_ie_len;
3820 	}
3821 
3822 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_OVERRIDE_SUPPORT,
3823 			 wpas_rsn_overriding(wpa_s, ssid));
3824 	wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_OVERRIDE,
3825 			 RSN_OVERRIDE_NOT_USED);
3826 	if (wpas_rsn_overriding(wpa_s, ssid) &&
3827 	    wpas_ap_supports_rsn_overriding(wpa_s, bss) &&
3828 	    wpa_ie_len + 2 + 4 + 1 <= max_wpa_ie_len) {
3829 		u8 *pos = wpa_ie + wpa_ie_len, *start = pos;
3830 		const u8 *ie;
3831 		enum rsn_selection_variant variant = RSN_SELECTION_RSNE;
3832 
3833 		wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_RSN_OVERRIDE,
3834 				 RSN_OVERRIDE_RSNE);
3835 		ie = wpa_bss_get_rsne(wpa_s, bss, ssid, wpa_s->valid_links);
3836 		if (ie && ie[0] == WLAN_EID_VENDOR_SPECIFIC && ie[1] >= 4) {
3837 			u32 type;
3838 
3839 			type = WPA_GET_BE32(&ie[2]);
3840 			if (type == RSNE_OVERRIDE_IE_VENDOR_TYPE) {
3841 				variant = RSN_SELECTION_RSNE_OVERRIDE;
3842 				wpa_sm_set_param(wpa_s->wpa,
3843 						 WPA_PARAM_RSN_OVERRIDE,
3844 						 RSN_OVERRIDE_RSNE_OVERRIDE);
3845 			} else if (type == RSNE_OVERRIDE_2_IE_VENDOR_TYPE) {
3846 				variant = RSN_SELECTION_RSNE_OVERRIDE_2;
3847 				wpa_sm_set_param(wpa_s->wpa,
3848 						 WPA_PARAM_RSN_OVERRIDE,
3849 						 RSN_OVERRIDE_RSNE_OVERRIDE_2);
3850 			}
3851 		}
3852 
3853 		/* Indicate which RSNE variant was used */
3854 		*pos++ = WLAN_EID_VENDOR_SPECIFIC;
3855 		*pos++ = 4 + 1;
3856 		WPA_PUT_BE32(pos, RSN_SELECTION_IE_VENDOR_TYPE);
3857 		pos += 4;
3858 		*pos++ = variant;
3859 		wpa_hexdump(MSG_MSGDUMP, "RSN Selection", start, pos - start);
3860 		wpa_ie_len += pos - start;
3861 	}
3862 
3863 	params->rsn_overriding = wpas_rsn_overriding(wpa_s, ssid);
3864 	params->wpa_ie = wpa_ie;
3865 	params->wpa_ie_len = wpa_ie_len;
3866 	params->auth_alg = algs;
3867 	if (mask)
3868 		*mask |= WPA_DRV_UPDATE_ASSOC_IES | WPA_DRV_UPDATE_AUTH_TYPE;
3869 
3870 	return wpa_ie;
3871 }
3872 
3873 
3874 #ifdef CONFIG_OWE
wpas_update_owe_connect_params(struct wpa_supplicant * wpa_s)3875 static void wpas_update_owe_connect_params(struct wpa_supplicant *wpa_s)
3876 {
3877 	struct wpa_driver_associate_params params;
3878 	u8 *wpa_ie;
3879 
3880 	os_memset(¶ms, 0, sizeof(params));
3881 	wpa_ie = wpas_populate_assoc_ies(wpa_s, wpa_s->current_bss,
3882 					 wpa_s->current_ssid, ¶ms, NULL);
3883 	if (!wpa_ie)
3884 		return;
3885 
3886 	wpa_drv_update_connect_params(wpa_s, ¶ms, WPA_DRV_UPDATE_ASSOC_IES);
3887 	os_free(wpa_ie);
3888 }
3889 #endif /* CONFIG_OWE */
3890 
3891 
3892 #if defined(CONFIG_FILS) && defined(IEEE8021X_EAPOL)
wpas_update_fils_connect_params(struct wpa_supplicant * wpa_s)3893 static void wpas_update_fils_connect_params(struct wpa_supplicant *wpa_s)
3894 {
3895 	struct wpa_driver_associate_params params;
3896 	enum wpa_drv_update_connect_params_mask mask = 0;
3897 	u8 *wpa_ie;
3898 
3899 	if (wpa_s->auth_alg != WPA_AUTH_ALG_OPEN)
3900 		return; /* nothing to do */
3901 
3902 	os_memset(¶ms, 0, sizeof(params));
3903 	wpa_ie = wpas_populate_assoc_ies(wpa_s, wpa_s->current_bss,
3904 					 wpa_s->current_ssid, ¶ms, &mask);
3905 	if (!wpa_ie)
3906 		return;
3907 
3908 	if (params.auth_alg == WPA_AUTH_ALG_FILS) {
3909 		wpa_s->auth_alg = params.auth_alg;
3910 		wpa_drv_update_connect_params(wpa_s, ¶ms, mask);
3911 	}
3912 
3913 	os_free(wpa_ie);
3914 }
3915 #endif /* CONFIG_FILS && IEEE8021X_EAPOL */
3916 
3917 
wpa_ie_get_edmg_oper_chans(const u8 * edmg_ie)3918 static u8 wpa_ie_get_edmg_oper_chans(const u8 *edmg_ie)
3919 {
3920 	if (!edmg_ie || edmg_ie[1] < 6)
3921 		return 0;
3922 	return edmg_ie[EDMG_BSS_OPERATING_CHANNELS_OFFSET];
3923 }
3924 
3925 
wpa_ie_get_edmg_oper_chan_width(const u8 * edmg_ie)3926 static u8 wpa_ie_get_edmg_oper_chan_width(const u8 *edmg_ie)
3927 {
3928 	if (!edmg_ie || edmg_ie[1] < 6)
3929 		return 0;
3930 	return edmg_ie[EDMG_OPERATING_CHANNEL_WIDTH_OFFSET];
3931 }
3932 
3933 
3934 /* Returns the intersection of two EDMG configurations.
3935  * Note: The current implementation is limited to CB2 only (CB1 included),
3936  * i.e., the implementation supports up to 2 contiguous channels.
3937  * For supporting non-contiguous (aggregated) channels and for supporting
3938  * CB3 and above, this function will need to be extended.
3939  */
3940 static struct ieee80211_edmg_config
get_edmg_intersection(struct ieee80211_edmg_config a,struct ieee80211_edmg_config b,u8 primary_channel)3941 get_edmg_intersection(struct ieee80211_edmg_config a,
3942 		      struct ieee80211_edmg_config b,
3943 		      u8 primary_channel)
3944 {
3945 	struct ieee80211_edmg_config result;
3946 	int i, contiguous = 0;
3947 	int max_contiguous = 0;
3948 
3949 	result.channels = b.channels & a.channels;
3950 	if (!result.channels) {
3951 		wpa_printf(MSG_DEBUG,
3952 			   "EDMG not possible: cannot intersect channels 0x%x and 0x%x",
3953 			   a.channels, b.channels);
3954 		goto fail;
3955 	}
3956 
3957 	if (!(result.channels & BIT(primary_channel - 1))) {
3958 		wpa_printf(MSG_DEBUG,
3959 			   "EDMG not possible: the primary channel %d is not one of the intersected channels 0x%x",
3960 			   primary_channel, result.channels);
3961 		goto fail;
3962 	}
3963 
3964 	/* Find max contiguous channels */
3965 	for (i = 0; i < 6; i++) {
3966 		if (result.channels & BIT(i))
3967 			contiguous++;
3968 		else
3969 			contiguous = 0;
3970 
3971 		if (contiguous > max_contiguous)
3972 			max_contiguous = contiguous;
3973 	}
3974 
3975 	/* Assuming AP and STA supports ONLY contiguous channels,
3976 	 * bw configuration can have value between 4-7.
3977 	 */
3978 	if ((b.bw_config < a.bw_config))
3979 		result.bw_config = b.bw_config;
3980 	else
3981 		result.bw_config = a.bw_config;
3982 
3983 	if ((max_contiguous >= 2 && result.bw_config < EDMG_BW_CONFIG_5) ||
3984 	    (max_contiguous >= 1 && result.bw_config < EDMG_BW_CONFIG_4)) {
3985 		wpa_printf(MSG_DEBUG,
3986 			   "EDMG not possible: not enough contiguous channels %d for supporting CB1 or CB2",
3987 			   max_contiguous);
3988 		goto fail;
3989 	}
3990 
3991 	return result;
3992 
3993 fail:
3994 	result.channels = 0;
3995 	result.bw_config = 0;
3996 	return result;
3997 }
3998 
3999 
4000 static struct ieee80211_edmg_config
get_supported_edmg(struct wpa_supplicant * wpa_s,struct hostapd_freq_params * freq,struct ieee80211_edmg_config request_edmg)4001 get_supported_edmg(struct wpa_supplicant *wpa_s,
4002 		   struct hostapd_freq_params *freq,
4003 		   struct ieee80211_edmg_config request_edmg)
4004 {
4005 	enum hostapd_hw_mode hw_mode;
4006 	struct hostapd_hw_modes *mode = NULL;
4007 	u8 primary_channel;
4008 
4009 	if (!wpa_s->hw.modes)
4010 		goto fail;
4011 
4012 	hw_mode = ieee80211_freq_to_chan(freq->freq, &primary_channel);
4013 	if (hw_mode == NUM_HOSTAPD_MODES)
4014 		goto fail;
4015 
4016 	mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes, hw_mode, false);
4017 	if (!mode)
4018 		goto fail;
4019 
4020 	return get_edmg_intersection(mode->edmg, request_edmg, primary_channel);
4021 
4022 fail:
4023 	request_edmg.channels = 0;
4024 	request_edmg.bw_config = 0;
4025 	return request_edmg;
4026 }
4027 
4028 
4029 #ifdef CONFIG_MBO
wpas_update_mbo_connect_params(struct wpa_supplicant * wpa_s)4030 void wpas_update_mbo_connect_params(struct wpa_supplicant *wpa_s)
4031 {
4032 	struct wpa_driver_associate_params params;
4033 	u8 *wpa_ie;
4034 
4035 	/*
4036 	 * Update MBO connect params only in case of change of MBO attributes
4037 	 * when connected, if the AP support MBO.
4038 	 */
4039 
4040 	if (wpa_s->wpa_state != WPA_COMPLETED || !wpa_s->current_ssid ||
4041 	    !wpa_s->current_bss ||
4042 	    !wpa_bss_get_vendor_ie(wpa_s->current_bss, MBO_IE_VENDOR_TYPE))
4043 		return;
4044 
4045 	os_memset(¶ms, 0, sizeof(params));
4046 	wpa_ie = wpas_populate_assoc_ies(wpa_s, wpa_s->current_bss,
4047 					 wpa_s->current_ssid, ¶ms, NULL);
4048 	if (!wpa_ie)
4049 		return;
4050 
4051 	wpa_drv_update_connect_params(wpa_s, ¶ms, WPA_DRV_UPDATE_ASSOC_IES);
4052 	os_free(wpa_ie);
4053 }
4054 #endif /* CONFIG_MBO */
4055 
4056 
wpas_start_assoc_cb(struct wpa_radio_work * work,int deinit)4057 static void wpas_start_assoc_cb(struct wpa_radio_work *work, int deinit)
4058 {
4059 	struct wpa_connect_work *cwork = work->ctx;
4060 	struct wpa_bss *bss = cwork->bss;
4061 	struct wpa_ssid *ssid = cwork->ssid;
4062 	struct wpa_supplicant *wpa_s = work->wpa_s;
4063 	u8 *wpa_ie;
4064 	const u8 *edmg_ie_oper;
4065 	int use_crypt, ret, bssid_changed;
4066 	unsigned int cipher_pairwise, cipher_group, cipher_group_mgmt;
4067 	struct wpa_driver_associate_params params;
4068 #if defined(CONFIG_WEP) || defined(IEEE8021X_EAPOL)
4069 	int wep_keys_set = 0;
4070 #endif /* CONFIG_WEP || IEEE8021X_EAPOL */
4071 	int assoc_failed = 0;
4072 	struct wpa_ssid *old_ssid;
4073 	u8 prev_bssid[ETH_ALEN];
4074 #ifdef CONFIG_HT_OVERRIDES
4075 	struct ieee80211_ht_capabilities htcaps;
4076 	struct ieee80211_ht_capabilities htcaps_mask;
4077 #endif /* CONFIG_HT_OVERRIDES */
4078 #ifdef CONFIG_VHT_OVERRIDES
4079        struct ieee80211_vht_capabilities vhtcaps;
4080        struct ieee80211_vht_capabilities vhtcaps_mask;
4081 #endif /* CONFIG_VHT_OVERRIDES */
4082 
4083 	wpa_s->roam_in_progress = false;
4084 #ifdef CONFIG_WNM
4085 	wpa_s->bss_trans_mgmt_in_progress = false;
4086 #endif /* CONFIG_WNM */
4087 
4088 	if (deinit) {
4089 		if (work->started) {
4090 			wpa_s->connect_work = NULL;
4091 
4092 			/* cancel possible auth. timeout */
4093 			eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s,
4094 					     NULL);
4095 		}
4096 		wpas_connect_work_free(cwork);
4097 		return;
4098 	}
4099 
4100 	wpa_s->connect_work = work;
4101 
4102 	if (cwork->bss_removed || !wpas_valid_bss_ssid(wpa_s, bss, ssid) ||
4103 	    wpas_network_disabled(wpa_s, ssid)) {
4104 		wpa_dbg(wpa_s, MSG_DEBUG, "BSS/SSID entry for association not valid anymore - drop connection attempt");
4105 		wpas_connect_work_done(wpa_s);
4106 		return;
4107 	}
4108 
4109 	os_memcpy(prev_bssid, wpa_s->bssid, ETH_ALEN);
4110 	os_memset(¶ms, 0, sizeof(params));
4111 	wpa_s->reassociate = 0;
4112 	wpa_s->eap_expected_failure = 0;
4113 
4114 	/* Starting new association, so clear the possibly used WPA IE from the
4115 	 * previous association. */
4116 	wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
4117 	wpa_sm_set_assoc_rsnxe(wpa_s->wpa, NULL, 0);
4118 	wpa_s->rsnxe_len = 0;
4119 #ifdef CONFIG_ROBUST_AV
4120 	wpa_s->mscs_setup_done = false;
4121 #endif /* CONFIG_ROBUST_AV */
4122 
4123 	wpa_ie = wpas_populate_assoc_ies(wpa_s, bss, ssid, ¶ms, NULL);
4124 	if (!wpa_ie) {
4125 		wpas_connect_work_done(wpa_s);
4126 		return;
4127 	}
4128 
4129 	if (bss &&
4130 	    (!wpas_driver_bss_selection(wpa_s) || wpas_wps_searching(wpa_s))) {
4131 #ifdef CONFIG_IEEE80211R
4132 		const u8 *ie, *md = NULL;
4133 #endif /* CONFIG_IEEE80211R */
4134 		wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
4135 			" (SSID='%s' freq=%d MHz)", MAC2STR(bss->bssid),
4136 			wpa_ssid_txt(bss->ssid, bss->ssid_len), bss->freq);
4137 		bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
4138 		os_memset(wpa_s->bssid, 0, ETH_ALEN);
4139 		os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
4140 		if (bssid_changed)
4141 			wpas_notify_bssid_changed(wpa_s);
4142 #ifdef CONFIG_IEEE80211R
4143 		ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
4144 		if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
4145 			md = ie + 2;
4146 		wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
4147 		if (md) {
4148 			/* Prepare for the next transition */
4149 			wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
4150 		}
4151 #endif /* CONFIG_IEEE80211R */
4152 #ifdef CONFIG_WPS
4153 	} else if ((ssid->ssid == NULL || ssid->ssid_len == 0) &&
4154 		   wpa_s->conf->ap_scan == 2 &&
4155 		   (ssid->key_mgmt & WPA_KEY_MGMT_WPS)) {
4156 		/* Use ap_scan==1 style network selection to find the network
4157 		 */
4158 		wpas_connect_work_done(wpa_s);
4159 		wpa_s->scan_req = MANUAL_SCAN_REQ;
4160 		wpa_s->reassociate = 1;
4161 		wpa_supplicant_req_scan(wpa_s, 0, 0);
4162 		os_free(wpa_ie);
4163 		return;
4164 #endif /* CONFIG_WPS */
4165 	} else {
4166 		wpa_msg(wpa_s, MSG_INFO, "Trying to associate with SSID '%s'",
4167 			wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
4168 		if (bss)
4169 			os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
4170 		else
4171 			os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
4172 	}
4173 	if (!wpa_s->pno)
4174 		wpa_supplicant_cancel_sched_scan(wpa_s);
4175 
4176 	wpa_supplicant_cancel_scan(wpa_s);
4177 
4178 	wpa_clear_keys(wpa_s, bss ? bss->bssid : NULL);
4179 	use_crypt = 1;
4180 	cipher_pairwise = wpa_s->pairwise_cipher;
4181 	cipher_group = wpa_s->group_cipher;
4182 	cipher_group_mgmt = wpa_s->mgmt_group_cipher;
4183 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE ||
4184 	    wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
4185 		if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE)
4186 			use_crypt = 0;
4187 #ifdef CONFIG_WEP
4188 		if (wpa_set_wep_keys(wpa_s, ssid)) {
4189 			use_crypt = 1;
4190 			wep_keys_set = 1;
4191 		}
4192 #endif /* CONFIG_WEP */
4193 	}
4194 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPS)
4195 		use_crypt = 0;
4196 
4197 #ifdef IEEE8021X_EAPOL
4198 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
4199 		if ((ssid->eapol_flags &
4200 		     (EAPOL_FLAG_REQUIRE_KEY_UNICAST |
4201 		      EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) == 0 &&
4202 		    !wep_keys_set) {
4203 			use_crypt = 0;
4204 		} else {
4205 			/* Assume that dynamic WEP-104 keys will be used and
4206 			 * set cipher suites in order for drivers to expect
4207 			 * encryption. */
4208 			cipher_pairwise = cipher_group = WPA_CIPHER_WEP104;
4209 		}
4210 	}
4211 #endif /* IEEE8021X_EAPOL */
4212 
4213 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
4214 		/* Set the key before (and later after) association */
4215 		wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
4216 	}
4217 
4218 	wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
4219 	if (bss) {
4220 		params.ssid = bss->ssid;
4221 		params.ssid_len = bss->ssid_len;
4222 		if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set ||
4223 		    wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
4224 			wpa_printf(MSG_DEBUG, "Limit connection to BSSID "
4225 				   MACSTR " freq=%u MHz based on scan results "
4226 				   "(bssid_set=%d wps=%d)",
4227 				   MAC2STR(bss->bssid), bss->freq,
4228 				   ssid->bssid_set,
4229 				   wpa_s->key_mgmt == WPA_KEY_MGMT_WPS);
4230 			params.bssid = bss->bssid;
4231 			params.freq.freq = bss->freq;
4232 		}
4233 		params.bssid_hint = bss->bssid;
4234 		params.freq_hint = bss->freq;
4235 		params.pbss = bss_is_pbss(bss);
4236 	} else {
4237 		if (ssid->bssid_hint_set)
4238 			params.bssid_hint = ssid->bssid_hint;
4239 
4240 		params.ssid = ssid->ssid;
4241 		params.ssid_len = ssid->ssid_len;
4242 		params.pbss = (ssid->pbss != 2) ? ssid->pbss : 0;
4243 	}
4244 
4245 	if (ssid->mode == WPAS_MODE_IBSS && ssid->bssid_set &&
4246 	    wpa_s->conf->ap_scan == 2) {
4247 		params.bssid = ssid->bssid;
4248 		params.fixed_bssid = 1;
4249 	}
4250 
4251 	/* Initial frequency for IBSS/mesh */
4252 	if ((ssid->mode == WPAS_MODE_IBSS || ssid->mode == WPAS_MODE_MESH) &&
4253 	    ssid->frequency > 0 && params.freq.freq == 0)
4254 		ibss_mesh_setup_freq(wpa_s, ssid, ¶ms.freq);
4255 
4256 	if (ssid->mode == WPAS_MODE_IBSS) {
4257 		params.fixed_freq = ssid->fixed_freq;
4258 		if (ssid->beacon_int)
4259 			params.beacon_int = ssid->beacon_int;
4260 		else
4261 			params.beacon_int = wpa_s->conf->beacon_int;
4262 	}
4263 
4264 	if (bss && ssid->enable_edmg)
4265 		edmg_ie_oper = wpa_bss_get_ie_ext(bss,
4266 						  WLAN_EID_EXT_EDMG_OPERATION);
4267 	else
4268 		edmg_ie_oper = NULL;
4269 
4270 	if (edmg_ie_oper) {
4271 		params.freq.edmg.channels =
4272 			wpa_ie_get_edmg_oper_chans(edmg_ie_oper);
4273 		params.freq.edmg.bw_config =
4274 			wpa_ie_get_edmg_oper_chan_width(edmg_ie_oper);
4275 		wpa_printf(MSG_DEBUG,
4276 			   "AP supports EDMG channels 0x%x, bw_config %d",
4277 			   params.freq.edmg.channels,
4278 			   params.freq.edmg.bw_config);
4279 
4280 		/* User may ask for specific EDMG channel for EDMG connection
4281 		 * (must be supported by AP)
4282 		 */
4283 		if (ssid->edmg_channel) {
4284 			struct ieee80211_edmg_config configured_edmg;
4285 			enum hostapd_hw_mode hw_mode;
4286 			u8 primary_channel;
4287 
4288 			hw_mode = ieee80211_freq_to_chan(bss->freq,
4289 							 &primary_channel);
4290 			if (hw_mode == NUM_HOSTAPD_MODES)
4291 				goto edmg_fail;
4292 
4293 			hostapd_encode_edmg_chan(ssid->enable_edmg,
4294 						 ssid->edmg_channel,
4295 						 primary_channel,
4296 						 &configured_edmg);
4297 
4298 			if (ieee802_edmg_is_allowed(params.freq.edmg,
4299 						    configured_edmg)) {
4300 				params.freq.edmg = configured_edmg;
4301 				wpa_printf(MSG_DEBUG,
4302 					   "Use EDMG channel %d for connection",
4303 					   ssid->edmg_channel);
4304 			} else {
4305 			edmg_fail:
4306 				params.freq.edmg.channels = 0;
4307 				params.freq.edmg.bw_config = 0;
4308 				wpa_printf(MSG_WARNING,
4309 					   "EDMG channel %d not supported by AP, fallback to DMG",
4310 					   ssid->edmg_channel);
4311 			}
4312 		}
4313 
4314 		if (params.freq.edmg.channels) {
4315 			wpa_printf(MSG_DEBUG,
4316 				   "EDMG before: channels 0x%x, bw_config %d",
4317 				   params.freq.edmg.channels,
4318 				   params.freq.edmg.bw_config);
4319 			params.freq.edmg = get_supported_edmg(wpa_s,
4320 							      ¶ms.freq,
4321 							      params.freq.edmg);
4322 			wpa_printf(MSG_DEBUG,
4323 				   "EDMG after: channels 0x%x, bw_config %d",
4324 				   params.freq.edmg.channels,
4325 				   params.freq.edmg.bw_config);
4326 		}
4327 	}
4328 
4329 	params.pairwise_suite = cipher_pairwise;
4330 	params.group_suite = cipher_group;
4331 	params.mgmt_group_suite = cipher_group_mgmt;
4332 	params.key_mgmt_suite = wpa_s->key_mgmt;
4333 	params.wpa_proto = wpa_s->wpa_proto;
4334 	wpa_s->auth_alg = params.auth_alg;
4335 	params.mode = ssid->mode;
4336 	params.bg_scan_period = ssid->bg_scan_period;
4337 #ifdef CONFIG_WEP
4338 	{
4339 		int i;
4340 
4341 		for (i = 0; i < NUM_WEP_KEYS; i++) {
4342 			if (ssid->wep_key_len[i])
4343 				params.wep_key[i] = ssid->wep_key[i];
4344 			params.wep_key_len[i] = ssid->wep_key_len[i];
4345 		}
4346 		params.wep_tx_keyidx = ssid->wep_tx_keyidx;
4347 	}
4348 #endif /* CONFIG_WEP */
4349 
4350 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) &&
4351 	    (params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
4352 	     params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK)) {
4353 		params.passphrase = ssid->passphrase;
4354 		if (ssid->psk_set)
4355 			params.psk = ssid->psk;
4356 	}
4357 
4358 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_8021X) &&
4359 	    (params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
4360 	     params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
4361 	     params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
4362 	     params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192))
4363 		params.req_handshake_offload = 1;
4364 
4365 	if (wpa_s->conf->key_mgmt_offload) {
4366 		if (params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
4367 		    params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
4368 		    params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
4369 		    params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
4370 			params.req_key_mgmt_offload =
4371 				ssid->proactive_key_caching < 0 ?
4372 				wpa_s->conf->okc : ssid->proactive_key_caching;
4373 		else
4374 			params.req_key_mgmt_offload = 1;
4375 
4376 		if ((params.key_mgmt_suite == WPA_KEY_MGMT_PSK ||
4377 		     params.key_mgmt_suite == WPA_KEY_MGMT_PSK_SHA256 ||
4378 		     params.key_mgmt_suite == WPA_KEY_MGMT_FT_PSK) &&
4379 		    ssid->psk_set)
4380 			params.psk = ssid->psk;
4381 	}
4382 
4383 	params.drop_unencrypted = use_crypt;
4384 
4385 	params.mgmt_frame_protection = wpas_get_ssid_pmf(wpa_s, ssid);
4386 	if (params.mgmt_frame_protection != NO_MGMT_FRAME_PROTECTION && bss) {
4387 		const u8 *rsn = wpa_bss_get_rsne(wpa_s, bss, ssid, false);
4388 		struct wpa_ie_data ie;
4389 		if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ie) == 0 &&
4390 		    ie.capabilities &
4391 		    (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
4392 			wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Selected AP supports "
4393 				"MFP: require MFP");
4394 			params.mgmt_frame_protection =
4395 				MGMT_FRAME_PROTECTION_REQUIRED;
4396 #ifdef CONFIG_OWE
4397 		} else if (!rsn && (ssid->key_mgmt & WPA_KEY_MGMT_OWE) &&
4398 			   !ssid->owe_only) {
4399 			params.mgmt_frame_protection = NO_MGMT_FRAME_PROTECTION;
4400 #endif /* CONFIG_OWE */
4401 		}
4402 	}
4403 
4404 	params.p2p = ssid->p2p_group;
4405 
4406 	if (wpa_s->p2pdev->set_sta_uapsd)
4407 		params.uapsd = wpa_s->p2pdev->sta_uapsd;
4408 	else
4409 		params.uapsd = -1;
4410 
4411 #ifdef CONFIG_HT_OVERRIDES
4412 	os_memset(&htcaps, 0, sizeof(htcaps));
4413 	os_memset(&htcaps_mask, 0, sizeof(htcaps_mask));
4414 	params.htcaps = (u8 *) &htcaps;
4415 	params.htcaps_mask = (u8 *) &htcaps_mask;
4416 	wpa_supplicant_apply_ht_overrides(wpa_s, ssid, ¶ms);
4417 #endif /* CONFIG_HT_OVERRIDES */
4418 #ifdef CONFIG_VHT_OVERRIDES
4419 	os_memset(&vhtcaps, 0, sizeof(vhtcaps));
4420 	os_memset(&vhtcaps_mask, 0, sizeof(vhtcaps_mask));
4421 	params.vhtcaps = &vhtcaps;
4422 	params.vhtcaps_mask = &vhtcaps_mask;
4423 	wpa_supplicant_apply_vht_overrides(wpa_s, ssid, ¶ms);
4424 #endif /* CONFIG_VHT_OVERRIDES */
4425 #ifdef CONFIG_HE_OVERRIDES
4426 	wpa_supplicant_apply_he_overrides(wpa_s, ssid, ¶ms);
4427 #endif /* CONFIG_HE_OVERRIDES */
4428 
4429 #ifdef CONFIG_P2P
4430 	/*
4431 	 * If multi-channel concurrency is not supported, check for any
4432 	 * frequency conflict. In case of any frequency conflict, remove the
4433 	 * least prioritized connection.
4434 	 */
4435 	if (wpa_s->num_multichan_concurrent < 2) {
4436 		int freq, num;
4437 		num = get_shared_radio_freqs(wpa_s, &freq, 1, false);
4438 		if (num > 0 && freq > 0 && freq != params.freq.freq) {
4439 			wpa_printf(MSG_DEBUG,
4440 				   "Assoc conflicting freq found (%d != %d)",
4441 				   freq, params.freq.freq);
4442 			if (wpas_p2p_handle_frequency_conflicts(
4443 				    wpa_s, params.freq.freq, ssid) < 0) {
4444 				wpas_connect_work_done(wpa_s);
4445 				os_free(wpa_ie);
4446 				return;
4447 			}
4448 		}
4449 	}
4450 #endif /* CONFIG_P2P */
4451 
4452 	if (wpa_s->reassoc_same_ess && !is_zero_ether_addr(prev_bssid) &&
4453 	    wpa_s->current_ssid)
4454 		params.prev_bssid = prev_bssid;
4455 
4456 #ifdef CONFIG_SAE
4457 	params.sae_pwe = wpa_s->conf->sae_pwe;
4458 #endif /* CONFIG_SAE */
4459 
4460 	params.bss_max_idle_period = CONFIG_BSS_MAX_IDLE_TIME;
4461 	ret = wpa_drv_associate(wpa_s, ¶ms);
4462 	os_free(wpa_ie);
4463 	if (ret < 0) {
4464 		wpa_msg(wpa_s, MSG_INFO, "Association request to the driver "
4465 			"failed");
4466 		if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_VALID_ERROR_CODES) {
4467 			/*
4468 			 * The driver is known to mean what is saying, so we
4469 			 * can stop right here; the association will not
4470 			 * succeed.
4471 			 */
4472 			wpas_connection_failed(wpa_s, wpa_s->pending_bssid,
4473 							NULL);
4474 			wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
4475 			os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
4476 			return;
4477 		}
4478 		/* try to continue anyway; new association will be tried again
4479 		 * after timeout */
4480 		assoc_failed = 1;
4481 	}
4482 
4483 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) {
4484 		/* Set the key after the association just in case association
4485 		 * cleared the previously configured key. */
4486 		wpa_supplicant_set_wpa_none_key(wpa_s, ssid);
4487 		/* No need to timeout authentication since there is no key
4488 		 * management. */
4489 		wpa_supplicant_cancel_auth_timeout(wpa_s);
4490 		wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
4491 #ifdef CONFIG_IBSS_RSN
4492 	} else if (ssid->mode == WPAS_MODE_IBSS &&
4493 		   wpa_s->key_mgmt != WPA_KEY_MGMT_NONE &&
4494 		   wpa_s->key_mgmt != WPA_KEY_MGMT_WPA_NONE) {
4495 		/*
4496 		 * RSN IBSS authentication is per-STA and we can disable the
4497 		 * per-BSSID authentication.
4498 		 */
4499 		wpa_supplicant_cancel_auth_timeout(wpa_s);
4500 #endif /* CONFIG_IBSS_RSN */
4501 	} else {
4502 		/* Timeout for IEEE 802.11 authentication and association */
4503 		int timeout = 60;
4504 
4505 		if (assoc_failed) {
4506 			/* give IBSS a bit more time */
4507 			timeout = ssid->mode == WPAS_MODE_IBSS ? 10 : 5;
4508 		} else if (wpa_s->conf->ap_scan == 1) {
4509 			/* give IBSS a bit more time */
4510 			timeout = ssid->mode == WPAS_MODE_IBSS ? 20 : 10;
4511 		}
4512 		wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
4513 	}
4514 
4515 #ifdef CONFIG_WEP
4516 	if (wep_keys_set &&
4517 	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SET_KEYS_AFTER_ASSOC)) {
4518 		/* Set static WEP keys again */
4519 		wpa_set_wep_keys(wpa_s, ssid);
4520 	}
4521 #endif /* CONFIG_WEP */
4522 
4523 	if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) {
4524 		/*
4525 		 * Do not allow EAP session resumption between different
4526 		 * network configurations.
4527 		 */
4528 		eapol_sm_invalidate_cached_session(wpa_s->eapol);
4529 	}
4530 	old_ssid = wpa_s->current_ssid;
4531 	wpa_s->current_ssid = ssid;
4532 
4533 	if (!wpas_driver_bss_selection(wpa_s) || ssid->bssid_set) {
4534 		wpa_s->current_bss = bss;
4535 #ifdef CONFIG_HS20
4536 		hs20_configure_frame_filters(wpa_s);
4537 #endif /* CONFIG_HS20 */
4538 	}
4539 
4540 	wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
4541 	if (bss)
4542 		wpa_sm_set_ssid(wpa_s->wpa, bss->ssid, bss->ssid_len);
4543 	wpa_supplicant_initiate_eapol(wpa_s);
4544 	if (old_ssid != wpa_s->current_ssid)
4545 		wpas_notify_network_changed(wpa_s);
4546 }
4547 
4548 
wpa_supplicant_clear_connection(struct wpa_supplicant * wpa_s,const u8 * addr)4549 static void wpa_supplicant_clear_connection(struct wpa_supplicant *wpa_s,
4550 					    const u8 *addr)
4551 {
4552 	struct wpa_ssid *old_ssid;
4553 
4554 	wpas_connect_work_done(wpa_s);
4555 	wpa_clear_keys(wpa_s, addr);
4556 	old_ssid = wpa_s->current_ssid;
4557 	wpa_supplicant_mark_disassoc(wpa_s);
4558 	wpa_sm_set_config(wpa_s->wpa, NULL);
4559 	eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
4560 	if (old_ssid != wpa_s->current_ssid)
4561 		wpas_notify_network_changed(wpa_s);
4562 
4563 #ifdef CONFIG_ROBUST_AV
4564 	wpas_scs_deinit(wpa_s);
4565 	wpas_dscp_deinit(wpa_s);
4566 #endif /* CONFIG_ROBUST_AV */
4567 	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
4568 }
4569 
4570 
4571 /**
4572  * wpa_supplicant_deauthenticate - Deauthenticate the current connection
4573  * @wpa_s: Pointer to wpa_supplicant data
4574  * @reason_code: IEEE 802.11 reason code for the deauthenticate frame
4575  *
4576  * This function is used to request %wpa_supplicant to deauthenticate from the
4577  * current AP.
4578  */
wpa_supplicant_deauthenticate(struct wpa_supplicant * wpa_s,u16 reason_code)4579 void wpa_supplicant_deauthenticate(struct wpa_supplicant *wpa_s,
4580 				   u16 reason_code)
4581 {
4582 	u8 *addr = NULL;
4583 	union wpa_event_data event;
4584 	int zero_addr = 0;
4585 
4586 	wpa_dbg(wpa_s, MSG_DEBUG, "Request to deauthenticate - bssid=" MACSTR
4587 		" pending_bssid=" MACSTR " reason=%d (%s) state=%s",
4588 		MAC2STR(wpa_s->bssid), MAC2STR(wpa_s->pending_bssid),
4589 		reason_code, reason2str(reason_code),
4590 		wpa_supplicant_state_txt(wpa_s->wpa_state));
4591 
4592 	if (!is_zero_ether_addr(wpa_s->pending_bssid) &&
4593 	    (wpa_s->wpa_state == WPA_AUTHENTICATING ||
4594 	     wpa_s->wpa_state == WPA_ASSOCIATING))
4595 		addr = wpa_s->pending_bssid;
4596 	else if (!is_zero_ether_addr(wpa_s->bssid))
4597 		addr = wpa_s->bssid;
4598 	else if (wpa_s->wpa_state == WPA_ASSOCIATING) {
4599 		/*
4600 		 * When using driver-based BSS selection, we may not know the
4601 		 * BSSID with which we are currently trying to associate. We
4602 		 * need to notify the driver of this disconnection even in such
4603 		 * a case, so use the all zeros address here.
4604 		 */
4605 		addr = wpa_s->bssid;
4606 		zero_addr = 1;
4607 	}
4608 
4609 	if (wpa_s->enabled_4addr_mode && wpa_drv_set_4addr_mode(wpa_s, 0) == 0)
4610 		wpa_s->enabled_4addr_mode = 0;
4611 
4612 #ifdef CONFIG_TDLS
4613 	wpa_tdls_teardown_peers(wpa_s->wpa);
4614 #endif /* CONFIG_TDLS */
4615 
4616 #ifdef CONFIG_MESH
4617 	if (wpa_s->ifmsh) {
4618 		struct mesh_conf *mconf;
4619 
4620 		mconf = wpa_s->ifmsh->mconf;
4621 		wpa_msg(wpa_s, MSG_INFO, MESH_GROUP_REMOVED "%s",
4622 			wpa_s->ifname);
4623 		wpas_notify_mesh_group_removed(wpa_s, mconf->meshid,
4624 					       mconf->meshid_len, reason_code);
4625 		wpa_supplicant_leave_mesh(wpa_s, true);
4626 	}
4627 #endif /* CONFIG_MESH */
4628 
4629 	if (addr) {
4630 		wpa_drv_deauthenticate(wpa_s, addr, reason_code);
4631 		os_memset(&event, 0, sizeof(event));
4632 		event.deauth_info.reason_code = reason_code;
4633 		event.deauth_info.locally_generated = 1;
4634 		wpa_supplicant_event(wpa_s, EVENT_DEAUTH, &event);
4635 		if (zero_addr)
4636 			addr = NULL;
4637 	}
4638 
4639 	wpa_supplicant_clear_connection(wpa_s, addr);
4640 }
4641 
4642 
wpa_supplicant_reconnect(struct wpa_supplicant * wpa_s)4643 void wpa_supplicant_reconnect(struct wpa_supplicant *wpa_s)
4644 {
4645 	wpa_s->own_reconnect_req = 1;
4646 	wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_UNSPECIFIED);
4647 
4648 }
4649 
4650 
wpa_supplicant_enable_one_network(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)4651 static void wpa_supplicant_enable_one_network(struct wpa_supplicant *wpa_s,
4652 					      struct wpa_ssid *ssid)
4653 {
4654 	if (!ssid || !ssid->disabled || ssid->disabled == 2)
4655 		return;
4656 
4657 	ssid->disabled = 0;
4658 	ssid->owe_transition_bss_select_count = 0;
4659 	wpas_clear_temp_disabled(wpa_s, ssid, 1);
4660 	wpas_notify_network_enabled_changed(wpa_s, ssid);
4661 
4662 	/*
4663 	 * Try to reassociate since there is no current configuration and a new
4664 	 * network was made available.
4665 	 */
4666 	if (!wpa_s->current_ssid && !wpa_s->disconnected)
4667 		wpa_s->reassociate = 1;
4668 }
4669 
4670 
4671 /**
4672  * wpa_supplicant_add_network - Add a new network
4673  * @wpa_s: wpa_supplicant structure for a network interface
4674  * Returns: The new network configuration or %NULL if operation failed
4675  *
4676  * This function performs the following operations:
4677  * 1. Adds a new network.
4678  * 2. Send network addition notification.
4679  * 3. Marks the network disabled.
4680  * 4. Set network default parameters.
4681  */
wpa_supplicant_add_network(struct wpa_supplicant * wpa_s)4682 struct wpa_ssid * wpa_supplicant_add_network(struct wpa_supplicant *wpa_s)
4683 {
4684 	struct wpa_ssid *ssid;
4685 
4686 	ssid = wpa_config_add_network(wpa_s->conf);
4687 	if (!ssid)
4688 		return NULL;
4689 	wpas_notify_network_added(wpa_s, ssid);
4690 	ssid->disabled = 1;
4691 	wpa_config_set_network_defaults(ssid);
4692 
4693 	return ssid;
4694 }
4695 
4696 
4697 /**
4698  * wpa_supplicant_remove_network - Remove a configured network based on id
4699  * @wpa_s: wpa_supplicant structure for a network interface
4700  * @id: Unique network id to search for
4701  * Returns: 0 on success, or -1 if the network was not found, -2 if the network
4702  * could not be removed
4703  *
4704  * This function performs the following operations:
4705  * 1. Removes the network.
4706  * 2. Send network removal notification.
4707  * 3. Update internal state machines.
4708  * 4. Stop any running sched scans.
4709  */
wpa_supplicant_remove_network(struct wpa_supplicant * wpa_s,int id)4710 int wpa_supplicant_remove_network(struct wpa_supplicant *wpa_s, int id)
4711 {
4712 	struct wpa_ssid *ssid, *prev = wpa_s->current_ssid;
4713 	int was_disabled;
4714 
4715 	ssid = wpa_config_get_network(wpa_s->conf, id);
4716 	if (!ssid)
4717 		return -1;
4718 	wpas_notify_network_removed(wpa_s, ssid);
4719 
4720 	if (ssid == prev || !prev) {
4721 #ifdef CONFIG_SME
4722 		wpa_s->sme.prev_bssid_set = 0;
4723 #endif /* CONFIG_SME */
4724 		/*
4725 		 * Invalidate the EAP session cache if the current or
4726 		 * previously used network is removed.
4727 		 */
4728 		eapol_sm_invalidate_cached_session(wpa_s->eapol);
4729 	}
4730 
4731 	if (ssid == prev) {
4732 		wpa_sm_set_config(wpa_s->wpa, NULL);
4733 		eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
4734 
4735 		if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
4736 			wpa_s->own_disconnect_req = 1;
4737 		wpa_supplicant_deauthenticate(wpa_s,
4738 					      WLAN_REASON_DEAUTH_LEAVING);
4739 	}
4740 
4741 	was_disabled = ssid->disabled;
4742 
4743 	if (wpa_config_remove_network(wpa_s->conf, id) < 0)
4744 		return -2;
4745 
4746 	if (!was_disabled && wpa_s->sched_scanning) {
4747 		wpa_printf(MSG_DEBUG,
4748 			   "Stop ongoing sched_scan to remove network from filters");
4749 		wpa_supplicant_cancel_sched_scan(wpa_s);
4750 		wpa_supplicant_req_scan(wpa_s, 0, 0);
4751 	}
4752 
4753 	return 0;
4754 }
4755 
4756 
4757 /**
4758  * wpa_supplicant_remove_all_networks - Remove all configured networks
4759  * @wpa_s: wpa_supplicant structure for a network interface
4760  * Returns: 0 on success (errors are currently ignored)
4761  *
4762  * This function performs the following operations:
4763  * 1. Remove all networks.
4764  * 2. Send network removal notifications.
4765  * 3. Update internal state machines.
4766  * 4. Stop any running sched scans.
4767  */
wpa_supplicant_remove_all_networks(struct wpa_supplicant * wpa_s)4768 int wpa_supplicant_remove_all_networks(struct wpa_supplicant *wpa_s)
4769 {
4770 	struct wpa_ssid *ssid;
4771 
4772 	if (wpa_s->sched_scanning)
4773 		wpa_supplicant_cancel_sched_scan(wpa_s);
4774 
4775 	eapol_sm_invalidate_cached_session(wpa_s->eapol);
4776 	if (wpa_s->current_ssid) {
4777 #ifdef CONFIG_SME
4778 		wpa_s->sme.prev_bssid_set = 0;
4779 #endif /* CONFIG_SME */
4780 		wpa_sm_set_config(wpa_s->wpa, NULL);
4781 		eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
4782 		if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
4783 			wpa_s->own_disconnect_req = 1;
4784 		wpa_supplicant_deauthenticate(
4785 			wpa_s, WLAN_REASON_DEAUTH_LEAVING);
4786 	}
4787 	ssid = wpa_s->conf->ssid;
4788 	while (ssid) {
4789 		struct wpa_ssid *remove_ssid = ssid;
4790 		int id;
4791 
4792 		id = ssid->id;
4793 		ssid = ssid->next;
4794 		wpas_notify_network_removed(wpa_s, remove_ssid);
4795 		wpa_config_remove_network(wpa_s->conf, id);
4796 	}
4797 	return 0;
4798 }
4799 
4800 
4801 /**
4802  * wpa_supplicant_enable_network - Mark a configured network as enabled
4803  * @wpa_s: wpa_supplicant structure for a network interface
4804  * @ssid: wpa_ssid structure for a configured network or %NULL
4805  *
4806  * Enables the specified network or all networks if no network specified.
4807  */
wpa_supplicant_enable_network(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)4808 void wpa_supplicant_enable_network(struct wpa_supplicant *wpa_s,
4809 				   struct wpa_ssid *ssid)
4810 {
4811 	if (ssid == NULL) {
4812 		for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
4813 			wpa_supplicant_enable_one_network(wpa_s, ssid);
4814 	} else
4815 		wpa_supplicant_enable_one_network(wpa_s, ssid);
4816 
4817 	if (wpa_s->reassociate && !wpa_s->disconnected &&
4818 	    (!wpa_s->current_ssid ||
4819 	     wpa_s->wpa_state == WPA_DISCONNECTED ||
4820 	     wpa_s->wpa_state == WPA_SCANNING)) {
4821 		if (wpa_s->sched_scanning) {
4822 			wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan to add "
4823 				   "new network to scan filters");
4824 			wpa_supplicant_cancel_sched_scan(wpa_s);
4825 		}
4826 
4827 		if (wpa_supplicant_fast_associate(wpa_s) != 1) {
4828 			wpa_s->scan_req = NORMAL_SCAN_REQ;
4829 			wpa_supplicant_req_scan(wpa_s, 0, 0);
4830 		}
4831 	}
4832 }
4833 
4834 
4835 /**
4836  * wpa_supplicant_disable_network - Mark a configured network as disabled
4837  * @wpa_s: wpa_supplicant structure for a network interface
4838  * @ssid: wpa_ssid structure for a configured network or %NULL
4839  *
4840  * Disables the specified network or all networks if no network specified.
4841  */
wpa_supplicant_disable_network(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)4842 void wpa_supplicant_disable_network(struct wpa_supplicant *wpa_s,
4843 				    struct wpa_ssid *ssid)
4844 {
4845 	struct wpa_ssid *other_ssid;
4846 	int was_disabled;
4847 
4848 	if (ssid == NULL) {
4849 		if (wpa_s->sched_scanning)
4850 			wpa_supplicant_cancel_sched_scan(wpa_s);
4851 
4852 		for (other_ssid = wpa_s->conf->ssid; other_ssid;
4853 		     other_ssid = other_ssid->next) {
4854 			was_disabled = other_ssid->disabled;
4855 			if (was_disabled == 2)
4856 				continue; /* do not change persistent P2P group
4857 					   * data */
4858 
4859 			other_ssid->disabled = 1;
4860 
4861 			if (was_disabled != other_ssid->disabled)
4862 				wpas_notify_network_enabled_changed(
4863 					wpa_s, other_ssid);
4864 		}
4865 		if (wpa_s->current_ssid) {
4866 			if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
4867 				wpa_s->own_disconnect_req = 1;
4868 			wpa_supplicant_deauthenticate(
4869 				wpa_s, WLAN_REASON_DEAUTH_LEAVING);
4870 		}
4871 	} else if (ssid->disabled != 2) {
4872 		if (ssid == wpa_s->current_ssid) {
4873 			if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
4874 				wpa_s->own_disconnect_req = 1;
4875 			wpa_supplicant_deauthenticate(
4876 				wpa_s, WLAN_REASON_DEAUTH_LEAVING);
4877 		}
4878 
4879 		was_disabled = ssid->disabled;
4880 
4881 		ssid->disabled = 1;
4882 
4883 		if (was_disabled != ssid->disabled) {
4884 			wpas_notify_network_enabled_changed(wpa_s, ssid);
4885 			if (wpa_s->sched_scanning) {
4886 				wpa_printf(MSG_DEBUG, "Stop ongoing sched_scan "
4887 					   "to remove network from filters");
4888 				wpa_supplicant_cancel_sched_scan(wpa_s);
4889 				wpa_supplicant_req_scan(wpa_s, 0, 0);
4890 			}
4891 		}
4892 	}
4893 }
4894 
4895 
4896 /**
4897  * wpa_supplicant_select_network - Attempt association with a network
4898  * @wpa_s: wpa_supplicant structure for a network interface
4899  * @ssid: wpa_ssid structure for a configured network or %NULL for any network
4900  */
wpa_supplicant_select_network(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)4901 void wpa_supplicant_select_network(struct wpa_supplicant *wpa_s,
4902 				   struct wpa_ssid *ssid)
4903 {
4904 
4905 	struct wpa_ssid *other_ssid;
4906 	int disconnected = 0;
4907 
4908 	if (ssid && ssid != wpa_s->current_ssid && wpa_s->current_ssid) {
4909 		if (wpa_s->wpa_state >= WPA_AUTHENTICATING)
4910 			wpa_s->own_disconnect_req = 1;
4911 		wpa_supplicant_deauthenticate(
4912 			wpa_s, WLAN_REASON_DEAUTH_LEAVING);
4913 		disconnected = 1;
4914 	}
4915 
4916 	if (ssid)
4917 		wpas_clear_temp_disabled(wpa_s, ssid, 1);
4918 
4919 	/*
4920 	 * Mark all other networks disabled or mark all networks enabled if no
4921 	 * network specified.
4922 	 */
4923 	for (other_ssid = wpa_s->conf->ssid; other_ssid;
4924 	     other_ssid = other_ssid->next) {
4925 		int was_disabled = other_ssid->disabled;
4926 		if (was_disabled == 2)
4927 			continue; /* do not change persistent P2P group data */
4928 
4929 		other_ssid->disabled = ssid ? (ssid->id != other_ssid->id) : 0;
4930 		if (was_disabled && !other_ssid->disabled)
4931 			wpas_clear_temp_disabled(wpa_s, other_ssid, 0);
4932 
4933 		if (was_disabled != other_ssid->disabled)
4934 			wpas_notify_network_enabled_changed(wpa_s, other_ssid);
4935 	}
4936 
4937 	if (ssid && ssid == wpa_s->current_ssid && wpa_s->current_ssid &&
4938 	    wpa_s->wpa_state >= WPA_AUTHENTICATING) {
4939 		/* We are already associated with the selected network */
4940 		wpa_printf(MSG_DEBUG, "Already associated with the "
4941 			   "selected network - do nothing");
4942 		return;
4943 	}
4944 
4945 	if (ssid) {
4946 		wpa_s->current_ssid = ssid;
4947 		eapol_sm_notify_config(wpa_s->eapol, NULL, NULL);
4948 		wpa_s->connect_without_scan =
4949 			(ssid->mode == WPAS_MODE_MESH) ? ssid : NULL;
4950 
4951 		/*
4952 		 * Don't optimize next scan freqs since a new ESS has been
4953 		 * selected.
4954 		 */
4955 		os_free(wpa_s->next_scan_freqs);
4956 		wpa_s->next_scan_freqs = NULL;
4957 	} else {
4958 		wpa_s->connect_without_scan = NULL;
4959 	}
4960 
4961 	wpa_s->disconnected = 0;
4962 	wpa_s->reassociate = 1;
4963 	wpa_s_clear_sae_rejected(wpa_s);
4964 	wpa_s->last_owe_group = 0;
4965 	if (ssid) {
4966 		ssid->owe_transition_bss_select_count = 0;
4967 		wpa_s_setup_sae_pt(wpa_s->conf, ssid, false);
4968 	}
4969 
4970 	if (wpa_s->connect_without_scan ||
4971 	    wpa_supplicant_fast_associate(wpa_s) != 1) {
4972 		wpa_s->scan_req = NORMAL_SCAN_REQ;
4973 		wpas_scan_reset_sched_scan(wpa_s);
4974 		wpa_supplicant_req_scan(wpa_s, 0, disconnected ? 100000 : 0);
4975 	}
4976 
4977 	if (ssid)
4978 		wpas_notify_network_selected(wpa_s, ssid);
4979 }
4980 
4981 
4982 /**
4983  * wpas_remove_cred - Remove the specified credential and all the network
4984  * entries created based on the removed credential
4985  * @wpa_s: wpa_supplicant structure for a network interface
4986  * @cred: The credential to remove
4987  * Returns: 0 on success, -1 on failure
4988  */
wpas_remove_cred(struct wpa_supplicant * wpa_s,struct wpa_cred * cred)4989 int wpas_remove_cred(struct wpa_supplicant *wpa_s, struct wpa_cred *cred)
4990 {
4991 	struct wpa_ssid *ssid, *next;
4992 	int id;
4993 
4994 	if (!cred) {
4995 		wpa_printf(MSG_DEBUG, "Could not find cred");
4996 		return -1;
4997 	}
4998 
4999 	id = cred->id;
5000 	if (wpa_config_remove_cred(wpa_s->conf, id) < 0) {
5001 		wpa_printf(MSG_DEBUG, "Could not find cred %d", id);
5002 		return -1;
5003 	}
5004 
5005 	wpa_msg(wpa_s, MSG_INFO, CRED_REMOVED "%d", id);
5006 
5007 	/* Remove any network entry created based on the removed credential */
5008 	ssid = wpa_s->conf->ssid;
5009 	while (ssid) {
5010 		next = ssid->next;
5011 
5012 		if (ssid->parent_cred == cred) {
5013 			wpa_printf(MSG_DEBUG,
5014 				   "Remove network id %d since it used the removed credential",
5015 				   ssid->id);
5016 			if (wpa_supplicant_remove_network(wpa_s, ssid->id) ==
5017 			    -1) {
5018 				wpa_printf(MSG_DEBUG,
5019 					   "Could not find network id=%d",
5020 					   ssid->id);
5021 			}
5022 		}
5023 
5024 		ssid = next;
5025 	}
5026 
5027 	return 0;
5028 }
5029 
5030 
5031 /**
5032  * wpas_remove_cred - Remove all the Interworking credentials
5033  * @wpa_s: wpa_supplicant structure for a network interface
5034  * Returns: 0 on success, -1 on failure
5035  */
wpas_remove_all_creds(struct wpa_supplicant * wpa_s)5036 int wpas_remove_all_creds(struct wpa_supplicant *wpa_s)
5037 {
5038 	int res, ret = 0;
5039 	struct wpa_cred *cred, *prev;
5040 
5041 	cred = wpa_s->conf->cred;
5042 	while (cred) {
5043 		prev = cred;
5044 		cred = cred->next;
5045 		res = wpas_remove_cred(wpa_s, prev);
5046 		if (res < 0) {
5047 			wpa_printf(MSG_DEBUG,
5048 				   "Removal of all credentials failed - failed to remove credential id=%d",
5049 				   prev->id);
5050 			ret = -1;
5051 		}
5052 	}
5053 
5054 	return ret;
5055 }
5056 
5057 
5058 /**
5059  * wpas_set_pkcs11_engine_and_module_path - Set PKCS #11 engine and module path
5060  * @wpa_s: wpa_supplicant structure for a network interface
5061  * @pkcs11_engine_path: PKCS #11 engine path or NULL
5062  * @pkcs11_module_path: PKCS #11 module path or NULL
5063  * Returns: 0 on success; -1 on failure
5064  *
5065  * Sets the PKCS #11 engine and module path. Both have to be NULL or a valid
5066  * path. If resetting the EAPOL state machine with the new PKCS #11 engine and
5067  * module path fails the paths will be reset to the default value (NULL).
5068  */
wpas_set_pkcs11_engine_and_module_path(struct wpa_supplicant * wpa_s,const char * pkcs11_engine_path,const char * pkcs11_module_path)5069 int wpas_set_pkcs11_engine_and_module_path(struct wpa_supplicant *wpa_s,
5070 					   const char *pkcs11_engine_path,
5071 					   const char *pkcs11_module_path)
5072 {
5073 	char *pkcs11_engine_path_copy = NULL;
5074 	char *pkcs11_module_path_copy = NULL;
5075 
5076 	if (pkcs11_engine_path != NULL) {
5077 		pkcs11_engine_path_copy = os_strdup(pkcs11_engine_path);
5078 		if (pkcs11_engine_path_copy == NULL)
5079 			return -1;
5080 	}
5081 	if (pkcs11_module_path != NULL) {
5082 		pkcs11_module_path_copy = os_strdup(pkcs11_module_path);
5083 		if (pkcs11_module_path_copy == NULL) {
5084 			os_free(pkcs11_engine_path_copy);
5085 			return -1;
5086 		}
5087 	}
5088 
5089 	os_free(wpa_s->conf->pkcs11_engine_path);
5090 	os_free(wpa_s->conf->pkcs11_module_path);
5091 	wpa_s->conf->pkcs11_engine_path = pkcs11_engine_path_copy;
5092 	wpa_s->conf->pkcs11_module_path = pkcs11_module_path_copy;
5093 
5094 	wpa_sm_set_eapol(wpa_s->wpa, NULL);
5095 	eapol_sm_deinit(wpa_s->eapol);
5096 	wpa_s->eapol = NULL;
5097 	if (wpa_supplicant_init_eapol(wpa_s)) {
5098 		/* Error -> Reset paths to the default value (NULL) once. */
5099 		if (pkcs11_engine_path != NULL && pkcs11_module_path != NULL)
5100 			wpas_set_pkcs11_engine_and_module_path(wpa_s, NULL,
5101 							       NULL);
5102 
5103 		return -1;
5104 	}
5105 	wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
5106 
5107 	return 0;
5108 }
5109 
5110 
5111 /**
5112  * wpa_supplicant_set_ap_scan - Set AP scan mode for interface
5113  * @wpa_s: wpa_supplicant structure for a network interface
5114  * @ap_scan: AP scan mode
5115  * Returns: 0 if succeed or -1 if ap_scan has an invalid value
5116  *
5117  */
wpa_supplicant_set_ap_scan(struct wpa_supplicant * wpa_s,int ap_scan)5118 int wpa_supplicant_set_ap_scan(struct wpa_supplicant *wpa_s, int ap_scan)
5119 {
5120 
5121 	int old_ap_scan;
5122 
5123 	if (ap_scan < 0 || ap_scan > 2)
5124 		return -1;
5125 
5126 	if (ap_scan == 2 && os_strcmp(wpa_s->driver->name, "nl80211") == 0) {
5127 		wpa_printf(MSG_INFO,
5128 			   "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
5129 	}
5130 
5131 #ifdef ANDROID
5132 	if (ap_scan == 2 && ap_scan != wpa_s->conf->ap_scan &&
5133 	    wpa_s->wpa_state >= WPA_ASSOCIATING &&
5134 	    wpa_s->wpa_state < WPA_COMPLETED) {
5135 		wpa_printf(MSG_ERROR, "ap_scan = %d (%d) rejected while "
5136 			   "associating", wpa_s->conf->ap_scan, ap_scan);
5137 		return 0;
5138 	}
5139 #endif /* ANDROID */
5140 
5141 	old_ap_scan = wpa_s->conf->ap_scan;
5142 	wpa_s->conf->ap_scan = ap_scan;
5143 
5144 	if (old_ap_scan != wpa_s->conf->ap_scan)
5145 		wpas_notify_ap_scan_changed(wpa_s);
5146 
5147 	return 0;
5148 }
5149 
5150 
5151 /**
5152  * wpa_supplicant_set_bss_expiration_age - Set BSS entry expiration age
5153  * @wpa_s: wpa_supplicant structure for a network interface
5154  * @expire_age: Expiration age in seconds
5155  * Returns: 0 if succeed or -1 if expire_age has an invalid value
5156  *
5157  */
wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant * wpa_s,unsigned int bss_expire_age)5158 int wpa_supplicant_set_bss_expiration_age(struct wpa_supplicant *wpa_s,
5159 					  unsigned int bss_expire_age)
5160 {
5161 	if (bss_expire_age < 10) {
5162 		wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration age %u",
5163 			bss_expire_age);
5164 		return -1;
5165 	}
5166 	wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration age: %d sec",
5167 		bss_expire_age);
5168 	wpa_s->conf->bss_expiration_age = bss_expire_age;
5169 
5170 	return 0;
5171 }
5172 
5173 
5174 /**
5175  * wpa_supplicant_set_bss_expiration_count - Set BSS entry expiration scan count
5176  * @wpa_s: wpa_supplicant structure for a network interface
5177  * @expire_count: number of scans after which an unseen BSS is reclaimed
5178  * Returns: 0 if succeed or -1 if expire_count has an invalid value
5179  *
5180  */
wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant * wpa_s,unsigned int bss_expire_count)5181 int wpa_supplicant_set_bss_expiration_count(struct wpa_supplicant *wpa_s,
5182 					    unsigned int bss_expire_count)
5183 {
5184 	if (bss_expire_count < 1) {
5185 		wpa_msg(wpa_s, MSG_ERROR, "Invalid bss expiration count %u",
5186 			bss_expire_count);
5187 		return -1;
5188 	}
5189 	wpa_msg(wpa_s, MSG_DEBUG, "Setting bss expiration scan count: %u",
5190 		bss_expire_count);
5191 	wpa_s->conf->bss_expiration_scan_count = bss_expire_count;
5192 
5193 	return 0;
5194 }
5195 
5196 
5197 /**
5198  * wpa_supplicant_set_scan_interval - Set scan interval
5199  * @wpa_s: wpa_supplicant structure for a network interface
5200  * @scan_interval: scan interval in seconds
5201  * Returns: 0 if succeed or -1 if scan_interval has an invalid value
5202  *
5203  */
wpa_supplicant_set_scan_interval(struct wpa_supplicant * wpa_s,int scan_interval)5204 int wpa_supplicant_set_scan_interval(struct wpa_supplicant *wpa_s,
5205 				     int scan_interval)
5206 {
5207 	if (scan_interval < 0) {
5208 		wpa_msg(wpa_s, MSG_ERROR, "Invalid scan interval %d",
5209 			scan_interval);
5210 		return -1;
5211 	}
5212 	wpa_msg(wpa_s, MSG_DEBUG, "Setting scan interval: %d sec",
5213 		scan_interval);
5214 	wpa_supplicant_update_scan_int(wpa_s, scan_interval);
5215 
5216 	return 0;
5217 }
5218 
5219 
5220 /**
5221  * wpa_supplicant_set_debug_params - Set global debug params
5222  * @global: wpa_global structure
5223  * @debug_level: debug level
5224  * @debug_timestamp: determines if show timestamp in debug data
5225  * @debug_show_keys: determines if show keys in debug data
5226  * Returns: 0 if succeed or -1 if debug_level has wrong value
5227  */
wpa_supplicant_set_debug_params(struct wpa_global * global,int debug_level,int debug_timestamp,int debug_show_keys)5228 int wpa_supplicant_set_debug_params(struct wpa_global *global, int debug_level,
5229 				    int debug_timestamp, int debug_show_keys)
5230 {
5231 
5232 	int old_level, old_timestamp, old_show_keys;
5233 
5234 	/* check for allowed debuglevels */
5235 	if (debug_level != MSG_EXCESSIVE &&
5236 	    debug_level != MSG_MSGDUMP &&
5237 	    debug_level != MSG_DEBUG &&
5238 	    debug_level != MSG_INFO &&
5239 	    debug_level != MSG_WARNING &&
5240 	    debug_level != MSG_ERROR)
5241 		return -1;
5242 
5243 	old_level = wpa_debug_level;
5244 	old_timestamp = wpa_debug_timestamp;
5245 	old_show_keys = wpa_debug_show_keys;
5246 
5247 	wpa_debug_level = debug_level;
5248 	wpa_debug_timestamp = debug_timestamp ? 1 : 0;
5249 	wpa_debug_show_keys = debug_show_keys ? 1 : 0;
5250 
5251 	if (wpa_debug_level != old_level)
5252 		wpas_notify_debug_level_changed(global);
5253 	if (wpa_debug_timestamp != old_timestamp)
5254 		wpas_notify_debug_timestamp_changed(global);
5255 	if (wpa_debug_show_keys != old_show_keys)
5256 		wpas_notify_debug_show_keys_changed(global);
5257 
5258 	return 0;
5259 }
5260 
5261 
5262 #ifdef CONFIG_OWE
owe_trans_ssid_match(struct wpa_supplicant * wpa_s,const u8 * bssid,const u8 * entry_ssid,size_t entry_ssid_len)5263 static int owe_trans_ssid_match(struct wpa_supplicant *wpa_s, const u8 *bssid,
5264 				const u8 *entry_ssid, size_t entry_ssid_len)
5265 {
5266 	const u8 *owe, *pos, *end;
5267 	u8 ssid_len;
5268 	struct wpa_bss *bss;
5269 
5270 	/* Check network profile SSID aganst the SSID in the
5271 	 * OWE Transition Mode element. */
5272 
5273 	bss = wpa_bss_get_bssid_latest(wpa_s, bssid);
5274 	if (!bss)
5275 		return 0;
5276 
5277 	owe = wpa_bss_get_vendor_ie(bss, OWE_IE_VENDOR_TYPE);
5278 	if (!owe)
5279 		return 0;
5280 
5281 	pos = owe + 6;
5282 	end = owe + 2 + owe[1];
5283 
5284 	if (end - pos < ETH_ALEN + 1)
5285 		return 0;
5286 	pos += ETH_ALEN;
5287 	ssid_len = *pos++;
5288 	if (end - pos < ssid_len || ssid_len > SSID_MAX_LEN)
5289 		return 0;
5290 
5291 	return entry_ssid_len == ssid_len &&
5292 		os_memcmp(pos, entry_ssid, ssid_len) == 0;
5293 }
5294 #endif /* CONFIG_OWE */
5295 
5296 
5297 /**
5298  * wpa_supplicant_get_ssid - Get a pointer to the current network structure
5299  * @wpa_s: Pointer to wpa_supplicant data
5300  * Returns: A pointer to the current network structure or %NULL on failure
5301  */
wpa_supplicant_get_ssid(struct wpa_supplicant * wpa_s)5302 struct wpa_ssid * wpa_supplicant_get_ssid(struct wpa_supplicant *wpa_s)
5303 {
5304 	struct wpa_ssid *entry;
5305 	u8 ssid[SSID_MAX_LEN];
5306 	int res;
5307 	size_t ssid_len;
5308 	u8 bssid[ETH_ALEN];
5309 	int wired;
5310 
5311 	res = wpa_drv_get_ssid(wpa_s, ssid);
5312 	if (res < 0) {
5313 		wpa_msg(wpa_s, MSG_WARNING, "Could not read SSID from "
5314 			"driver");
5315 		return NULL;
5316 	}
5317 	ssid_len = res;
5318 
5319 	if (wpa_drv_get_bssid(wpa_s, bssid) < 0) {
5320 		wpa_msg(wpa_s, MSG_WARNING, "Could not read BSSID from "
5321 			"driver");
5322 		return NULL;
5323 	}
5324 
5325 	wired = wpa_s->conf->ap_scan == 0 &&
5326 		(wpa_s->drv_flags & WPA_DRIVER_FLAGS_WIRED);
5327 
5328 	entry = wpa_s->conf->ssid;
5329 	while (entry) {
5330 		if (!wpas_network_disabled(wpa_s, entry) &&
5331 		    ((ssid_len == entry->ssid_len &&
5332 		      (!entry->ssid ||
5333 		       os_memcmp(ssid, entry->ssid, ssid_len) == 0)) ||
5334 		     wired) &&
5335 		    (!entry->bssid_set ||
5336 		     os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
5337 			return entry;
5338 #ifdef CONFIG_WPS
5339 		if (!wpas_network_disabled(wpa_s, entry) &&
5340 		    (entry->key_mgmt & WPA_KEY_MGMT_WPS) &&
5341 		    (entry->ssid == NULL || entry->ssid_len == 0) &&
5342 		    (!entry->bssid_set ||
5343 		     os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
5344 			return entry;
5345 #endif /* CONFIG_WPS */
5346 
5347 #ifdef CONFIG_OWE
5348 		if (!wpas_network_disabled(wpa_s, entry) &&
5349 		    owe_trans_ssid_match(wpa_s, bssid, entry->ssid,
5350 		    entry->ssid_len) &&
5351 		    (!entry->bssid_set ||
5352 		     os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0))
5353 			return entry;
5354 #endif /* CONFIG_OWE */
5355 
5356 		if (!wpas_network_disabled(wpa_s, entry) && entry->bssid_set &&
5357 		    entry->ssid_len == 0 &&
5358 		    os_memcmp(bssid, entry->bssid, ETH_ALEN) == 0)
5359 			return entry;
5360 
5361 		entry = entry->next;
5362 	}
5363 
5364 	return NULL;
5365 }
5366 
5367 
select_driver(struct wpa_supplicant * wpa_s,int i)5368 static int select_driver(struct wpa_supplicant *wpa_s, int i)
5369 {
5370 	struct wpa_global *global = wpa_s->global;
5371 
5372 	if (wpa_drivers[i]->global_init && global->drv_priv[i] == NULL) {
5373 		global->drv_priv[i] = wpa_drivers[i]->global_init(global);
5374 		if (global->drv_priv[i] == NULL) {
5375 			wpa_printf(MSG_ERROR, "Failed to initialize driver "
5376 				   "'%s'", wpa_drivers[i]->name);
5377 			return -1;
5378 		}
5379 	}
5380 
5381 	wpa_s->driver = wpa_drivers[i];
5382 	wpa_s->global_drv_priv = global->drv_priv[i];
5383 
5384 	return 0;
5385 }
5386 
5387 
wpa_supplicant_set_driver(struct wpa_supplicant * wpa_s,const char * name)5388 static int wpa_supplicant_set_driver(struct wpa_supplicant *wpa_s,
5389 				     const char *name)
5390 {
5391 	int i;
5392 	size_t len;
5393 	const char *pos, *driver = name;
5394 
5395 	if (wpa_s == NULL)
5396 		return -1;
5397 
5398 	if (wpa_drivers[0] == NULL) {
5399 		wpa_msg(wpa_s, MSG_ERROR, "No driver interfaces build into "
5400 			"wpa_supplicant");
5401 		return -1;
5402 	}
5403 
5404 	if (name == NULL) {
5405 		/* Default to first successful driver in the list */
5406 		for (i = 0; wpa_drivers[i]; i++) {
5407 			if (select_driver(wpa_s, i) == 0)
5408 				return 0;
5409 		}
5410 		/* Drivers have each reported failure, so no wpa_msg() here. */
5411 		return -1;
5412 	}
5413 
5414 	do {
5415 		pos = os_strchr(driver, ',');
5416 		if (pos)
5417 			len = pos - driver;
5418 		else
5419 			len = os_strlen(driver);
5420 
5421 		for (i = 0; wpa_drivers[i]; i++) {
5422 			if (os_strlen(wpa_drivers[i]->name) == len &&
5423 			    os_strncmp(driver, wpa_drivers[i]->name, len) ==
5424 			    0) {
5425 				/* First driver that succeeds wins */
5426 				if (select_driver(wpa_s, i) == 0)
5427 					return 0;
5428 			}
5429 		}
5430 
5431 		driver = pos + 1;
5432 	} while (pos);
5433 
5434 	wpa_msg(wpa_s, MSG_ERROR, "Unsupported driver '%s'", name);
5435 	return -1;
5436 }
5437 
5438 
5439 /**
5440  * wpa_supplicant_rx_eapol - Deliver a received EAPOL frame to wpa_supplicant
5441  * @ctx: Context pointer (wpa_s); this is the ctx variable registered
5442  *	with struct wpa_driver_ops::init()
5443  * @src_addr: Source address of the EAPOL frame
5444  * @buf: EAPOL data starting from the EAPOL header (i.e., no Ethernet header)
5445  * @len: Length of the EAPOL data
5446  * @encrypted: Whether the frame was encrypted
5447  *
5448  * This function is called for each received EAPOL frame. Most driver
5449  * interfaces rely on more generic OS mechanism for receiving frames through
5450  * l2_packet, but if such a mechanism is not available, the driver wrapper may
5451  * take care of received EAPOL frames and deliver them to the core supplicant
5452  * code by calling this function.
5453  */
wpa_supplicant_rx_eapol(void * ctx,const u8 * src_addr,const u8 * buf,size_t len,enum frame_encryption encrypted)5454 void wpa_supplicant_rx_eapol(void *ctx, const u8 *src_addr,
5455 			     const u8 *buf, size_t len,
5456 				 enum frame_encryption encrypted)
5457 {
5458 	struct wpa_supplicant *wpa_s = ctx;
5459 
5460 	wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR, MAC2STR(src_addr));
5461 	wpa_hexdump(MSG_MSGDUMP, "RX EAPOL", buf, len);
5462 
5463 	if (wpa_s->own_disconnect_req) {
5464 		wpa_printf(MSG_DEBUG,
5465 			   "Drop received EAPOL frame as we are disconnecting");
5466 		return;
5467 	}
5468 
5469 #ifdef CONFIG_TESTING_OPTIONS
5470 	wpa_msg_ctrl(wpa_s, MSG_INFO, "EAPOL-RX " MACSTR " %zu",
5471 		     MAC2STR(src_addr), len);
5472 	if (wpa_s->ignore_auth_resp) {
5473 		wpa_printf(MSG_INFO, "RX EAPOL - ignore_auth_resp active!");
5474 		return;
5475 	}
5476 #endif /* CONFIG_TESTING_OPTIONS */
5477 
5478 	if (wpa_s->wpa_state < WPA_ASSOCIATED ||
5479 	    (wpa_s->last_eapol_matches_bssid &&
5480 #ifdef CONFIG_AP
5481 	     !wpa_s->ap_iface &&
5482 #endif /* CONFIG_AP */
5483 	     os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) != 0)) {
5484 		/*
5485 		 * There is possible race condition between receiving the
5486 		 * association event and the EAPOL frame since they are coming
5487 		 * through different paths from the driver. In order to avoid
5488 		 * issues in trying to process the EAPOL frame before receiving
5489 		 * association information, lets queue it for processing until
5490 		 * the association event is received. This may also be needed in
5491 		 * driver-based roaming case, so also use src_addr != BSSID as a
5492 		 * trigger if we have previously confirmed that the
5493 		 * Authenticator uses BSSID as the src_addr (which is not the
5494 		 * case with wired IEEE 802.1X).
5495 		 */
5496 		wpa_dbg(wpa_s, MSG_DEBUG, "Not associated - Delay processing "
5497 			"of received EAPOL frame (state=%s bssid=" MACSTR ")",
5498 			wpa_supplicant_state_txt(wpa_s->wpa_state),
5499 			MAC2STR(wpa_s->bssid));
5500 		wpabuf_free(wpa_s->pending_eapol_rx);
5501 		wpa_s->pending_eapol_rx = wpabuf_alloc_copy(buf, len);
5502 		if (wpa_s->pending_eapol_rx) {
5503 			os_get_reltime(&wpa_s->pending_eapol_rx_time);
5504 			os_memcpy(wpa_s->pending_eapol_rx_src, src_addr,
5505 				  ETH_ALEN);
5506 		}
5507 		return;
5508 	}
5509 
5510 	wpa_s->last_eapol_matches_bssid =
5511 		os_memcmp(src_addr, wpa_s->bssid, ETH_ALEN) == 0;
5512 
5513 #ifdef CONFIG_AP
5514 	if (wpa_s->ap_iface) {
5515 		wpa_supplicant_ap_rx_eapol(wpa_s, src_addr, buf, len,
5516 					   encrypted);
5517 		return;
5518 	}
5519 #endif /* CONFIG_AP */
5520 
5521 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
5522 		wpa_dbg(wpa_s, MSG_DEBUG, "Ignored received EAPOL frame since "
5523 			"no key management is configured");
5524 		return;
5525 	}
5526 
5527 	if (wpa_s->eapol_received == 0 &&
5528 	    (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK) ||
5529 	     !wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
5530 	     wpa_s->wpa_state != WPA_COMPLETED) &&
5531 	    (wpa_s->current_ssid == NULL ||
5532 	     wpa_s->current_ssid->mode != WPAS_MODE_IBSS)) {
5533 		/* Timeout for completing IEEE 802.1X and WPA authentication */
5534 		int timeout = 10;
5535 
5536 		if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) ||
5537 		    wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA ||
5538 		    wpa_s->key_mgmt == WPA_KEY_MGMT_WPS) {
5539 			/* Use longer timeout for IEEE 802.1X/EAP */
5540 			timeout = 70;
5541 		}
5542 
5543 #ifdef CONFIG_WPS
5544 		if (wpa_s->current_ssid && wpa_s->current_bss &&
5545 		    (wpa_s->current_ssid->key_mgmt & WPA_KEY_MGMT_WPS) &&
5546 		    eap_is_wps_pin_enrollee(&wpa_s->current_ssid->eap)) {
5547 			/*
5548 			 * Use shorter timeout if going through WPS AP iteration
5549 			 * for PIN config method with an AP that does not
5550 			 * advertise Selected Registrar.
5551 			 */
5552 			struct wpabuf *wps_ie;
5553 
5554 			wps_ie = wpa_bss_get_vendor_ie_multi(
5555 				wpa_s->current_bss, WPS_IE_VENDOR_TYPE);
5556 			if (wps_ie &&
5557 			    !wps_is_addr_authorized(wps_ie, wpa_s->own_addr, 1))
5558 				timeout = 10;
5559 			wpabuf_free(wps_ie);
5560 		}
5561 #endif /* CONFIG_WPS */
5562 
5563 		wpa_supplicant_req_auth_timeout(wpa_s, timeout, 0);
5564 	}
5565 	wpa_s->eapol_received++;
5566 
5567 	if (wpa_s->countermeasures) {
5568 		wpa_msg(wpa_s, MSG_INFO, "WPA: Countermeasures - dropped "
5569 			"EAPOL packet");
5570 		return;
5571 	}
5572 
5573 #ifdef CONFIG_IBSS_RSN
5574 	if (wpa_s->current_ssid &&
5575 	    wpa_s->current_ssid->mode == WPAS_MODE_IBSS) {
5576 		ibss_rsn_rx_eapol(wpa_s->ibss_rsn, src_addr, buf, len);
5577 		return;
5578 	}
5579 #endif /* CONFIG_IBSS_RSN */
5580 
5581 	/* Source address of the incoming EAPOL frame could be compared to the
5582 	 * current BSSID. However, it is possible that a centralized
5583 	 * Authenticator could be using another MAC address than the BSSID of
5584 	 * an AP, so just allow any address to be used for now. The replies are
5585 	 * still sent to the current BSSID (if available), though. */
5586 
5587 	os_memcpy(wpa_s->last_eapol_src, src_addr, ETH_ALEN);
5588 	if (!wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) &&
5589 	    wpa_s->key_mgmt != WPA_KEY_MGMT_OWE &&
5590 	    wpa_s->key_mgmt != WPA_KEY_MGMT_DPP &&
5591 	    eapol_sm_rx_eapol(wpa_s->eapol, src_addr, buf, len,
5592 				  encrypted)> 0)
5593 		return;
5594 	wpa_drv_poll(wpa_s);
5595 	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE_PSK))
5596 		wpa_sm_rx_eapol(wpa_s->wpa, src_addr, buf, len, encrypted);
5597 	else if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
5598 		/*
5599 		 * Set portValid = true here since we are going to skip 4-way
5600 		 * handshake processing which would normally set portValid. We
5601 		 * need this to allow the EAPOL state machines to be completed
5602 		 * without going through EAPOL-Key handshake.
5603 		 */
5604 		eapol_sm_notify_portValid(wpa_s->eapol, true);
5605 	}
5606 }
5607 
wpa_supplicant_rx_eapol_cb(void * ctx,const u8 * src_addr,const u8 * buf,size_t len)5608 static void wpa_supplicant_rx_eapol_cb(void *ctx, const u8 *src_addr,
5609 				       const u8 *buf, size_t len)
5610 {
5611 	wpa_supplicant_rx_eapol(ctx, src_addr, buf, len,
5612 				FRAME_ENCRYPTION_UNKNOWN);
5613 }
5614 
wpas_eapol_needs_l2_packet(struct wpa_supplicant * wpa_s)5615 static int wpas_eapol_needs_l2_packet(struct wpa_supplicant *wpa_s)
5616 {
5617 	return !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_CONTROL_PORT) ||
5618 		!(wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_CONTROL_PORT_RX);
5619 }
5620 
5621 
wpa_supplicant_update_mac_addr(struct wpa_supplicant * wpa_s)5622 int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s)
5623 {
5624 	if ((!wpa_s->p2p_mgmt ||
5625 	     !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)) &&
5626 	    !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_P2P_DEDICATED_INTERFACE)) {
5627 		l2_packet_deinit(wpa_s->l2);
5628 		wpa_s->l2 = l2_packet_init(wpa_s->ifname,
5629 					   wpa_drv_get_mac_addr(wpa_s),
5630 					   ETH_P_EAPOL,
5631 					   wpas_eapol_needs_l2_packet(wpa_s) ?
5632 					   wpa_supplicant_rx_eapol_cb : NULL,
5633 					   wpa_s, 0);
5634 		if (wpa_s->l2 == NULL)
5635 			return -1;
5636 
5637 		if (l2_packet_set_packet_filter(wpa_s->l2,
5638 						L2_PACKET_FILTER_PKTTYPE))
5639 			wpa_dbg(wpa_s, MSG_DEBUG,
5640 				"Failed to attach pkt_type filter");
5641 
5642 		if (l2_packet_get_own_addr(wpa_s->l2, wpa_s->own_addr)) {
5643 			wpa_msg(wpa_s, MSG_ERROR,
5644 				"Failed to get own L2 address");
5645 			return -1;
5646 		}
5647 	} else {
5648 		const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
5649 		if (addr)
5650 			os_memcpy(wpa_s->own_addr, addr, ETH_ALEN);
5651 	}
5652 
5653 	wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
5654 	wpas_wps_update_mac_addr(wpa_s);
5655 
5656 #ifdef CONFIG_FST
5657 	if (wpa_s->fst)
5658 		fst_update_mac_addr(wpa_s->fst, wpa_s->own_addr);
5659 #endif /* CONFIG_FST */
5660 
5661 	return 0;
5662 }
5663 
5664 
wpa_supplicant_rx_eapol_bridge(void * ctx,const u8 * src_addr,const u8 * buf,size_t len)5665 static void wpa_supplicant_rx_eapol_bridge(void *ctx, const u8 *src_addr,
5666 					   const u8 *buf, size_t len)
5667 {
5668 	struct wpa_supplicant *wpa_s = ctx;
5669 	const struct l2_ethhdr *eth;
5670 
5671 	if (len < sizeof(*eth))
5672 		return;
5673 	eth = (const struct l2_ethhdr *) buf;
5674 
5675 	if (os_memcmp(eth->h_dest, wpa_s->own_addr, ETH_ALEN) != 0 &&
5676 	    !(eth->h_dest[0] & 0x01)) {
5677 		wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
5678 			" (bridge - not for this interface - ignore)",
5679 			MAC2STR(src_addr), MAC2STR(eth->h_dest));
5680 		return;
5681 	}
5682 
5683 	wpa_dbg(wpa_s, MSG_DEBUG, "RX EAPOL from " MACSTR " to " MACSTR
5684 		" (bridge)", MAC2STR(src_addr), MAC2STR(eth->h_dest));
5685 	wpa_supplicant_rx_eapol(wpa_s, src_addr, buf + sizeof(*eth),
5686 				len - sizeof(*eth), FRAME_ENCRYPTION_UNKNOWN);
5687 }
5688 
5689 
wpa_supplicant_update_bridge_ifname(struct wpa_supplicant * wpa_s,const char * bridge_ifname)5690 int wpa_supplicant_update_bridge_ifname(struct wpa_supplicant *wpa_s,
5691 					const char *bridge_ifname)
5692 {
5693 	if (wpa_s->wpa_state > WPA_SCANNING)
5694 		return -EBUSY;
5695 
5696 	if (bridge_ifname &&
5697 	    os_strlen(bridge_ifname) >= sizeof(wpa_s->bridge_ifname))
5698 		return -EINVAL;
5699 
5700 	if (!bridge_ifname)
5701 		bridge_ifname = "";
5702 
5703 	if (os_strcmp(wpa_s->bridge_ifname, bridge_ifname) == 0)
5704 		return 0;
5705 
5706 	if (wpa_s->l2_br) {
5707 		l2_packet_deinit(wpa_s->l2_br);
5708 		wpa_s->l2_br = NULL;
5709 	}
5710 
5711 	os_strlcpy(wpa_s->bridge_ifname, bridge_ifname,
5712 		   sizeof(wpa_s->bridge_ifname));
5713 
5714 	if (wpa_s->bridge_ifname[0]) {
5715 		wpa_dbg(wpa_s, MSG_DEBUG,
5716 			"Receiving packets from bridge interface '%s'",
5717 			wpa_s->bridge_ifname);
5718 		wpa_s->l2_br = l2_packet_init_bridge(
5719 			wpa_s->bridge_ifname, wpa_s->ifname, wpa_s->own_addr,
5720 			ETH_P_EAPOL, wpa_supplicant_rx_eapol_bridge, wpa_s, 1);
5721 		if (!wpa_s->l2_br) {
5722 			wpa_msg(wpa_s, MSG_ERROR,
5723 				"Failed to open l2_packet connection for the bridge interface '%s'",
5724 				wpa_s->bridge_ifname);
5725 			goto fail;
5726 		}
5727 	}
5728 
5729 #ifdef CONFIG_TDLS
5730 	if (!wpa_s->p2p_mgmt && wpa_tdls_init(wpa_s->wpa))
5731 		goto fail;
5732 #endif /* CONFIG_TDLS */
5733 
5734 	return 0;
5735 fail:
5736 	wpa_s->bridge_ifname[0] = 0;
5737 	if (wpa_s->l2_br) {
5738 		l2_packet_deinit(wpa_s->l2_br);
5739 		wpa_s->l2_br = NULL;
5740 	}
5741 #ifdef CONFIG_TDLS
5742 	if (!wpa_s->p2p_mgmt)
5743 		wpa_tdls_init(wpa_s->wpa);
5744 #endif /* CONFIG_TDLS */
5745 	return -EIO;
5746 }
5747 
5748 
5749 /**
5750  * wpa_supplicant_driver_init - Initialize driver interface parameters
5751  * @wpa_s: Pointer to wpa_supplicant data
5752  * Returns: 0 on success, -1 on failure
5753  *
5754  * This function is called to initialize driver interface parameters.
5755  * wpa_drv_init() must have been called before this function to initialize the
5756  * driver interface.
5757  */
wpa_supplicant_driver_init(struct wpa_supplicant * wpa_s)5758 int wpa_supplicant_driver_init(struct wpa_supplicant *wpa_s)
5759 {
5760 	static int interface_count = 0;
5761 
5762 	if (wpa_supplicant_update_mac_addr(wpa_s) < 0)
5763 		return -1;
5764 
5765 	wpa_dbg(wpa_s, MSG_DEBUG, "Own MAC address: " MACSTR,
5766 		MAC2STR(wpa_s->own_addr));
5767 	os_memcpy(wpa_s->perm_addr, wpa_s->own_addr, ETH_ALEN);
5768 	wpa_sm_set_own_addr(wpa_s->wpa, wpa_s->own_addr);
5769 
5770 	if (wpa_s->bridge_ifname[0] && wpas_eapol_needs_l2_packet(wpa_s)) {
5771 		wpa_dbg(wpa_s, MSG_DEBUG, "Receiving packets from bridge "
5772 			"interface '%s'", wpa_s->bridge_ifname);
5773 		wpa_s->l2_br = l2_packet_init_bridge(
5774 			wpa_s->bridge_ifname, wpa_s->ifname, wpa_s->own_addr,
5775 			ETH_P_EAPOL, wpa_supplicant_rx_eapol_bridge, wpa_s, 1);
5776 		if (wpa_s->l2_br == NULL) {
5777 			wpa_msg(wpa_s, MSG_ERROR, "Failed to open l2_packet "
5778 				"connection for the bridge interface '%s'",
5779 				wpa_s->bridge_ifname);
5780 			return -1;
5781 		}
5782 	}
5783 
5784 	if (wpa_s->conf->ap_scan == 2 &&
5785 	    os_strcmp(wpa_s->driver->name, "nl80211") == 0) {
5786 		wpa_printf(MSG_INFO,
5787 			   "Note: nl80211 driver interface is not designed to be used with ap_scan=2; this can result in connection failures");
5788 	}
5789 
5790 	wpa_clear_keys(wpa_s, NULL);
5791 
5792 	/* Make sure that TKIP countermeasures are not left enabled (could
5793 	 * happen if wpa_supplicant is killed during countermeasures. */
5794 	wpa_drv_set_countermeasures(wpa_s, 0);
5795 
5796 	wpa_dbg(wpa_s, MSG_DEBUG, "RSN: flushing PMKID list in the driver");
5797 	wpa_drv_flush_pmkid(wpa_s);
5798 
5799 	wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
5800 	wpa_s->prev_scan_wildcard = 0;
5801 
5802 	if (wpa_supplicant_enabled_networks(wpa_s)) {
5803 		if (wpa_s->wpa_state == WPA_INTERFACE_DISABLED) {
5804 			wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
5805 			interface_count = 0;
5806 		}
5807 #ifndef ANDROID
5808 		if (!wpa_s->p2p_mgmt &&
5809 		    wpa_supplicant_delayed_sched_scan(wpa_s,
5810 						      interface_count % 3,
5811 						      100000))
5812 			wpa_supplicant_req_scan(wpa_s, interface_count % 3,
5813 						100000);
5814 #endif /* ANDROID */
5815 		interface_count++;
5816 	} else
5817 		wpa_supplicant_set_state(wpa_s, WPA_INACTIVE);
5818 
5819 	return 0;
5820 }
5821 
5822 
wpa_supplicant_daemon(const char * pid_file)5823 static int wpa_supplicant_daemon(const char *pid_file)
5824 {
5825 	wpa_printf(MSG_DEBUG, "Daemonize..");
5826 	return os_daemonize(pid_file);
5827 }
5828 
5829 
5830 static struct wpa_supplicant *
wpa_supplicant_alloc(struct wpa_supplicant * parent)5831 wpa_supplicant_alloc(struct wpa_supplicant *parent)
5832 {
5833 	struct wpa_supplicant *wpa_s;
5834 
5835 	wpa_s = os_zalloc(sizeof(*wpa_s));
5836 	if (wpa_s == NULL)
5837 		return NULL;
5838 	wpa_s->scan_req = INITIAL_SCAN_REQ;
5839 	wpa_s->scan_interval = 5;
5840 	wpa_s->new_connection = 1;
5841 	wpa_s->parent = parent ? parent : wpa_s;
5842 	wpa_s->p2pdev = wpa_s->parent;
5843 	wpa_s->sched_scanning = 0;
5844 	wpa_s->setband_mask = WPA_SETBAND_AUTO;
5845 
5846 	dl_list_init(&wpa_s->bss_tmp_disallowed);
5847 	dl_list_init(&wpa_s->fils_hlp_req);
5848 #ifdef CONFIG_TESTING_OPTIONS
5849 	dl_list_init(&wpa_s->drv_signal_override);
5850 #endif /* CONFIG_TESTING_OPTIONS */
5851 #ifdef CONFIG_ROBUST_AV
5852 	dl_list_init(&wpa_s->active_scs_ids);
5853 #endif /* CONFIG_ROBUST_AV */
5854 
5855 	return wpa_s;
5856 }
5857 
5858 
5859 #ifdef CONFIG_HT_OVERRIDES
5860 
wpa_set_htcap_mcs(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,const char * ht_mcs)5861 static int wpa_set_htcap_mcs(struct wpa_supplicant *wpa_s,
5862 			     struct ieee80211_ht_capabilities *htcaps,
5863 			     struct ieee80211_ht_capabilities *htcaps_mask,
5864 			     const char *ht_mcs)
5865 {
5866 	/* parse ht_mcs into hex array */
5867 	int i;
5868 	const char *tmp = ht_mcs;
5869 	char *end = NULL;
5870 
5871 	/* If ht_mcs is null, do not set anything */
5872 	if (!ht_mcs)
5873 		return 0;
5874 
5875 	/* This is what we are setting in the kernel */
5876 	os_memset(&htcaps->supported_mcs_set, 0, IEEE80211_HT_MCS_MASK_LEN);
5877 
5878 	wpa_msg(wpa_s, MSG_DEBUG, "set_htcap, ht_mcs -:%s:-", ht_mcs);
5879 
5880 	for (i = 0; i < IEEE80211_HT_MCS_MASK_LEN; i++) {
5881 		long v;
5882 
5883 		errno = 0;
5884 		v = strtol(tmp, &end, 16);
5885 
5886 		if (errno == 0) {
5887 			wpa_msg(wpa_s, MSG_DEBUG,
5888 				"htcap value[%i]: %ld end: %p  tmp: %p",
5889 				i, v, end, tmp);
5890 			if (end == tmp)
5891 				break;
5892 
5893 			htcaps->supported_mcs_set[i] = v;
5894 			tmp = end;
5895 		} else {
5896 			wpa_msg(wpa_s, MSG_ERROR,
5897 				"Failed to parse ht-mcs: %s, error: %s\n",
5898 				ht_mcs, strerror(errno));
5899 			return -1;
5900 		}
5901 	}
5902 
5903 	/*
5904 	 * If we were able to parse any values, then set mask for the MCS set.
5905 	 */
5906 	if (i) {
5907 		os_memset(&htcaps_mask->supported_mcs_set, 0xff,
5908 			  IEEE80211_HT_MCS_MASK_LEN - 1);
5909 		/* skip the 3 reserved bits */
5910 		htcaps_mask->supported_mcs_set[IEEE80211_HT_MCS_MASK_LEN - 1] =
5911 			0x1f;
5912 	}
5913 
5914 	return 0;
5915 }
5916 
5917 
wpa_disable_max_amsdu(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int disabled)5918 static int wpa_disable_max_amsdu(struct wpa_supplicant *wpa_s,
5919 				 struct ieee80211_ht_capabilities *htcaps,
5920 				 struct ieee80211_ht_capabilities *htcaps_mask,
5921 				 int disabled)
5922 {
5923 	le16 msk;
5924 
5925 	if (disabled == -1)
5926 		return 0;
5927 
5928 	wpa_msg(wpa_s, MSG_DEBUG, "set_disable_max_amsdu: %d", disabled);
5929 
5930 	msk = host_to_le16(HT_CAP_INFO_MAX_AMSDU_SIZE);
5931 	htcaps_mask->ht_capabilities_info |= msk;
5932 	if (disabled)
5933 		htcaps->ht_capabilities_info &= msk;
5934 	else
5935 		htcaps->ht_capabilities_info |= msk;
5936 
5937 	return 0;
5938 }
5939 
5940 
wpa_set_ampdu_factor(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int factor)5941 static int wpa_set_ampdu_factor(struct wpa_supplicant *wpa_s,
5942 				struct ieee80211_ht_capabilities *htcaps,
5943 				struct ieee80211_ht_capabilities *htcaps_mask,
5944 				int factor)
5945 {
5946 	if (factor == -1)
5947 		return 0;
5948 
5949 	wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_factor: %d", factor);
5950 
5951 	if (factor < 0 || factor > 3) {
5952 		wpa_msg(wpa_s, MSG_ERROR, "ampdu_factor: %d out of range. "
5953 			"Must be 0-3 or -1", factor);
5954 		return -EINVAL;
5955 	}
5956 
5957 	htcaps_mask->a_mpdu_params |= 0x3; /* 2 bits for factor */
5958 	htcaps->a_mpdu_params &= ~0x3;
5959 	htcaps->a_mpdu_params |= factor & 0x3;
5960 
5961 	return 0;
5962 }
5963 
5964 
wpa_set_ampdu_density(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int density)5965 static int wpa_set_ampdu_density(struct wpa_supplicant *wpa_s,
5966 				 struct ieee80211_ht_capabilities *htcaps,
5967 				 struct ieee80211_ht_capabilities *htcaps_mask,
5968 				 int density)
5969 {
5970 	if (density == -1)
5971 		return 0;
5972 
5973 	wpa_msg(wpa_s, MSG_DEBUG, "set_ampdu_density: %d", density);
5974 
5975 	if (density < 0 || density > 7) {
5976 		wpa_msg(wpa_s, MSG_ERROR,
5977 			"ampdu_density: %d out of range. Must be 0-7 or -1.",
5978 			density);
5979 		return -EINVAL;
5980 	}
5981 
5982 	htcaps_mask->a_mpdu_params |= 0x1C;
5983 	htcaps->a_mpdu_params &= ~(0x1C);
5984 	htcaps->a_mpdu_params |= (density << 2) & 0x1C;
5985 
5986 	return 0;
5987 }
5988 
5989 
wpa_set_disable_ht40(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int disabled)5990 static int wpa_set_disable_ht40(struct wpa_supplicant *wpa_s,
5991 				struct ieee80211_ht_capabilities *htcaps,
5992 				struct ieee80211_ht_capabilities *htcaps_mask,
5993 				int disabled)
5994 {
5995 	if (disabled)
5996 		wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ht40: %d", disabled);
5997 
5998 	set_disable_ht40(htcaps, disabled);
5999 	set_disable_ht40(htcaps_mask, 0);
6000 
6001 	return 0;
6002 }
6003 
6004 
wpa_set_disable_sgi(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int disabled)6005 static int wpa_set_disable_sgi(struct wpa_supplicant *wpa_s,
6006 			       struct ieee80211_ht_capabilities *htcaps,
6007 			       struct ieee80211_ht_capabilities *htcaps_mask,
6008 			       int disabled)
6009 {
6010 	/* Masking these out disables SGI */
6011 	le16 msk = host_to_le16(HT_CAP_INFO_SHORT_GI20MHZ |
6012 				HT_CAP_INFO_SHORT_GI40MHZ);
6013 
6014 	if (disabled)
6015 		wpa_msg(wpa_s, MSG_DEBUG, "set_disable_sgi: %d", disabled);
6016 
6017 	if (disabled)
6018 		htcaps->ht_capabilities_info &= ~msk;
6019 	else
6020 		htcaps->ht_capabilities_info |= msk;
6021 
6022 	htcaps_mask->ht_capabilities_info |= msk;
6023 
6024 	return 0;
6025 }
6026 
6027 
wpa_set_disable_ldpc(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int disabled)6028 static int wpa_set_disable_ldpc(struct wpa_supplicant *wpa_s,
6029 			       struct ieee80211_ht_capabilities *htcaps,
6030 			       struct ieee80211_ht_capabilities *htcaps_mask,
6031 			       int disabled)
6032 {
6033 	/* Masking these out disables LDPC */
6034 	le16 msk = host_to_le16(HT_CAP_INFO_LDPC_CODING_CAP);
6035 
6036 	if (disabled)
6037 		wpa_msg(wpa_s, MSG_DEBUG, "set_disable_ldpc: %d", disabled);
6038 
6039 	if (disabled)
6040 		htcaps->ht_capabilities_info &= ~msk;
6041 	else
6042 		htcaps->ht_capabilities_info |= msk;
6043 
6044 	htcaps_mask->ht_capabilities_info |= msk;
6045 
6046 	return 0;
6047 }
6048 
6049 
wpa_set_tx_stbc(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int tx_stbc)6050 static int wpa_set_tx_stbc(struct wpa_supplicant *wpa_s,
6051 			   struct ieee80211_ht_capabilities *htcaps,
6052 			   struct ieee80211_ht_capabilities *htcaps_mask,
6053 			   int tx_stbc)
6054 {
6055 	le16 msk = host_to_le16(HT_CAP_INFO_TX_STBC);
6056 
6057 	if (tx_stbc == -1)
6058 		return 0;
6059 
6060 	wpa_msg(wpa_s, MSG_DEBUG, "set_tx_stbc: %d", tx_stbc);
6061 
6062 	if (tx_stbc < 0 || tx_stbc > 1) {
6063 		wpa_msg(wpa_s, MSG_ERROR,
6064 			"tx_stbc: %d out of range. Must be 0-1 or -1", tx_stbc);
6065 		return -EINVAL;
6066 	}
6067 
6068 	htcaps_mask->ht_capabilities_info |= msk;
6069 	htcaps->ht_capabilities_info &= ~msk;
6070 	htcaps->ht_capabilities_info |= (tx_stbc << 7) & msk;
6071 
6072 	return 0;
6073 }
6074 
6075 
wpa_set_rx_stbc(struct wpa_supplicant * wpa_s,struct ieee80211_ht_capabilities * htcaps,struct ieee80211_ht_capabilities * htcaps_mask,int rx_stbc)6076 static int wpa_set_rx_stbc(struct wpa_supplicant *wpa_s,
6077 			   struct ieee80211_ht_capabilities *htcaps,
6078 			   struct ieee80211_ht_capabilities *htcaps_mask,
6079 			   int rx_stbc)
6080 {
6081 	le16 msk = host_to_le16(HT_CAP_INFO_RX_STBC_MASK);
6082 
6083 	if (rx_stbc == -1)
6084 		return 0;
6085 
6086 	wpa_msg(wpa_s, MSG_DEBUG, "set_rx_stbc: %d", rx_stbc);
6087 
6088 	if (rx_stbc < 0 || rx_stbc > 3) {
6089 		wpa_msg(wpa_s, MSG_ERROR,
6090 			"rx_stbc: %d out of range. Must be 0-3 or -1", rx_stbc);
6091 		return -EINVAL;
6092 	}
6093 
6094 	htcaps_mask->ht_capabilities_info |= msk;
6095 	htcaps->ht_capabilities_info &= ~msk;
6096 	htcaps->ht_capabilities_info |= (rx_stbc << 8) & msk;
6097 
6098 	return 0;
6099 }
6100 
6101 
wpa_supplicant_apply_ht_overrides(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,struct wpa_driver_associate_params * params)6102 void wpa_supplicant_apply_ht_overrides(
6103 	struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
6104 	struct wpa_driver_associate_params *params)
6105 {
6106 	struct ieee80211_ht_capabilities *htcaps;
6107 	struct ieee80211_ht_capabilities *htcaps_mask;
6108 
6109 	if (!ssid)
6110 		return;
6111 
6112 	params->disable_ht = ssid->disable_ht;
6113 	if (!params->htcaps || !params->htcaps_mask)
6114 		return;
6115 
6116 	htcaps = (struct ieee80211_ht_capabilities *) params->htcaps;
6117 	htcaps_mask = (struct ieee80211_ht_capabilities *) params->htcaps_mask;
6118 	wpa_set_htcap_mcs(wpa_s, htcaps, htcaps_mask, ssid->ht_mcs);
6119 	wpa_disable_max_amsdu(wpa_s, htcaps, htcaps_mask,
6120 			      ssid->disable_max_amsdu);
6121 	wpa_set_ampdu_factor(wpa_s, htcaps, htcaps_mask, ssid->ampdu_factor);
6122 	wpa_set_ampdu_density(wpa_s, htcaps, htcaps_mask, ssid->ampdu_density);
6123 	wpa_set_disable_ht40(wpa_s, htcaps, htcaps_mask, ssid->disable_ht40);
6124 	wpa_set_disable_sgi(wpa_s, htcaps, htcaps_mask, ssid->disable_sgi);
6125 	wpa_set_disable_ldpc(wpa_s, htcaps, htcaps_mask, ssid->disable_ldpc);
6126 	wpa_set_rx_stbc(wpa_s, htcaps, htcaps_mask, ssid->rx_stbc);
6127 	wpa_set_tx_stbc(wpa_s, htcaps, htcaps_mask, ssid->tx_stbc);
6128 
6129 	if (ssid->ht40_intolerant) {
6130 		le16 bit = host_to_le16(HT_CAP_INFO_40MHZ_INTOLERANT);
6131 		htcaps->ht_capabilities_info |= bit;
6132 		htcaps_mask->ht_capabilities_info |= bit;
6133 	}
6134 }
6135 
6136 #endif /* CONFIG_HT_OVERRIDES */
6137 
6138 
6139 #ifdef CONFIG_VHT_OVERRIDES
wpa_supplicant_apply_vht_overrides(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,struct wpa_driver_associate_params * params)6140 void wpa_supplicant_apply_vht_overrides(
6141 	struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
6142 	struct wpa_driver_associate_params *params)
6143 {
6144 	struct ieee80211_vht_capabilities *vhtcaps;
6145 	struct ieee80211_vht_capabilities *vhtcaps_mask;
6146 
6147 	if (!ssid)
6148 		return;
6149 
6150 	params->disable_vht = ssid->disable_vht;
6151 
6152 	vhtcaps = (void *) params->vhtcaps;
6153 	vhtcaps_mask = (void *) params->vhtcaps_mask;
6154 
6155 	if (!vhtcaps || !vhtcaps_mask)
6156 		return;
6157 
6158 	vhtcaps->vht_capabilities_info = host_to_le32(ssid->vht_capa);
6159 	vhtcaps_mask->vht_capabilities_info = host_to_le32(ssid->vht_capa_mask);
6160 
6161 #ifdef CONFIG_HT_OVERRIDES
6162 	if (ssid->disable_sgi) {
6163 		vhtcaps_mask->vht_capabilities_info |= (VHT_CAP_SHORT_GI_80 |
6164 							VHT_CAP_SHORT_GI_160);
6165 		vhtcaps->vht_capabilities_info &= ~(VHT_CAP_SHORT_GI_80 |
6166 						    VHT_CAP_SHORT_GI_160);
6167 		wpa_msg(wpa_s, MSG_DEBUG,
6168 			"disable-sgi override specified, vht-caps: 0x%x",
6169 			vhtcaps->vht_capabilities_info);
6170 	}
6171 
6172 	/* if max ampdu is <= 3, we have to make the HT cap the same */
6173 	if (ssid->vht_capa_mask & VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX) {
6174 		int max_ampdu;
6175 
6176 		max_ampdu = (ssid->vht_capa &
6177 			     VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX) >>
6178 			VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MAX_SHIFT;
6179 
6180 		max_ampdu = max_ampdu < 3 ? max_ampdu : 3;
6181 		wpa_set_ampdu_factor(wpa_s,
6182 				     (void *) params->htcaps,
6183 				     (void *) params->htcaps_mask,
6184 				     max_ampdu);
6185 	}
6186 #endif /* CONFIG_HT_OVERRIDES */
6187 
6188 #define OVERRIDE_MCS(i)							\
6189 	if (ssid->vht_tx_mcs_nss_ ##i >= 0) {				\
6190 		vhtcaps_mask->vht_supported_mcs_set.tx_map |=		\
6191 			host_to_le16(3 << 2 * (i - 1));			\
6192 		vhtcaps->vht_supported_mcs_set.tx_map |=		\
6193 			host_to_le16(ssid->vht_tx_mcs_nss_ ##i <<	\
6194 				     2 * (i - 1));			\
6195 	}								\
6196 	if (ssid->vht_rx_mcs_nss_ ##i >= 0) {				\
6197 		vhtcaps_mask->vht_supported_mcs_set.rx_map |=		\
6198 			host_to_le16(3 << 2 * (i - 1));			\
6199 		vhtcaps->vht_supported_mcs_set.rx_map |=		\
6200 			host_to_le16(ssid->vht_rx_mcs_nss_ ##i <<	\
6201 				     2 * (i - 1));			\
6202 	}
6203 
6204 	OVERRIDE_MCS(1);
6205 	OVERRIDE_MCS(2);
6206 	OVERRIDE_MCS(3);
6207 	OVERRIDE_MCS(4);
6208 	OVERRIDE_MCS(5);
6209 	OVERRIDE_MCS(6);
6210 	OVERRIDE_MCS(7);
6211 	OVERRIDE_MCS(8);
6212 }
6213 #endif /* CONFIG_VHT_OVERRIDES */
6214 
6215 
6216 #ifdef CONFIG_HE_OVERRIDES
wpa_supplicant_apply_he_overrides(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,struct wpa_driver_associate_params * params)6217 void wpa_supplicant_apply_he_overrides(
6218 	struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
6219 	struct wpa_driver_associate_params *params)
6220 {
6221 	if (!ssid)
6222 		return;
6223 
6224 	params->disable_he = ssid->disable_he;
6225 }
6226 #endif /* CONFIG_HE_OVERRIDES */
6227 
wpa_supplicant_apply_eht_overrides(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,struct wpa_driver_associate_params * params)6228 void wpa_supplicant_apply_eht_overrides(
6229 	struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid,
6230 	struct wpa_driver_associate_params *params)
6231 {
6232 	if (!ssid)
6233 		return;
6234 
6235 	params->disable_eht = ssid->disable_eht;
6236 }
6237 
pcsc_reader_init(struct wpa_supplicant * wpa_s)6238 static int pcsc_reader_init(struct wpa_supplicant *wpa_s)
6239 {
6240 #ifdef PCSC_FUNCS
6241 	size_t len;
6242 
6243 	if (!wpa_s->conf->pcsc_reader)
6244 		return 0;
6245 
6246 	wpa_s->scard = scard_init(wpa_s->conf->pcsc_reader);
6247 	if (!wpa_s->scard)
6248 		return 1;
6249 
6250 	if (wpa_s->conf->pcsc_pin &&
6251 	    scard_set_pin(wpa_s->scard, wpa_s->conf->pcsc_pin) < 0) {
6252 		scard_deinit(wpa_s->scard);
6253 		wpa_s->scard = NULL;
6254 		wpa_msg(wpa_s, MSG_ERROR, "PC/SC PIN validation failed");
6255 		return -1;
6256 	}
6257 
6258 	len = sizeof(wpa_s->imsi) - 1;
6259 	if (scard_get_imsi(wpa_s->scard, wpa_s->imsi, &len)) {
6260 		scard_deinit(wpa_s->scard);
6261 		wpa_s->scard = NULL;
6262 		wpa_msg(wpa_s, MSG_ERROR, "Could not read IMSI");
6263 		return -1;
6264 	}
6265 	wpa_s->imsi[len] = '\0';
6266 
6267 	wpa_s->mnc_len = scard_get_mnc_len(wpa_s->scard);
6268 
6269 	wpa_printf(MSG_DEBUG, "SCARD: IMSI %s (MNC length %d)",
6270 		   wpa_s->imsi, wpa_s->mnc_len);
6271 
6272 	wpa_sm_set_scard_ctx(wpa_s->wpa, wpa_s->scard);
6273 	eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard);
6274 #endif /* PCSC_FUNCS */
6275 
6276 	return 0;
6277 }
6278 
6279 
wpas_init_ext_pw(struct wpa_supplicant * wpa_s)6280 int wpas_init_ext_pw(struct wpa_supplicant *wpa_s)
6281 {
6282 	char *val, *pos;
6283 
6284 	ext_password_deinit(wpa_s->ext_pw);
6285 	wpa_s->ext_pw = NULL;
6286 	eapol_sm_set_ext_pw_ctx(wpa_s->eapol, NULL);
6287 
6288 	if (!wpa_s->conf->ext_password_backend)
6289 		return 0;
6290 
6291 	val = os_strdup(wpa_s->conf->ext_password_backend);
6292 	if (val == NULL)
6293 		return -1;
6294 	pos = os_strchr(val, ':');
6295 	if (pos)
6296 		*pos++ = '\0';
6297 
6298 	wpa_printf(MSG_DEBUG, "EXT PW: Initialize backend '%s'", val);
6299 
6300 	wpa_s->ext_pw = ext_password_init(val, pos);
6301 	os_free(val);
6302 	if (wpa_s->ext_pw == NULL) {
6303 		wpa_printf(MSG_DEBUG, "EXT PW: Failed to initialize backend");
6304 		return -1;
6305 	}
6306 	eapol_sm_set_ext_pw_ctx(wpa_s->eapol, wpa_s->ext_pw);
6307 
6308 	return 0;
6309 }
6310 
6311 
6312 #ifdef CONFIG_FST
6313 
wpas_fst_get_bssid_cb(void * ctx)6314 static const u8 * wpas_fst_get_bssid_cb(void *ctx)
6315 {
6316 	struct wpa_supplicant *wpa_s = ctx;
6317 
6318 	return (is_zero_ether_addr(wpa_s->bssid) ||
6319 		wpa_s->wpa_state != WPA_COMPLETED) ? NULL : wpa_s->bssid;
6320 }
6321 
6322 
wpas_fst_get_channel_info_cb(void * ctx,enum hostapd_hw_mode * hw_mode,u8 * channel)6323 static void wpas_fst_get_channel_info_cb(void *ctx,
6324 					 enum hostapd_hw_mode *hw_mode,
6325 					 u8 *channel)
6326 {
6327 	struct wpa_supplicant *wpa_s = ctx;
6328 
6329 	if (wpa_s->current_bss) {
6330 		*hw_mode = ieee80211_freq_to_chan(wpa_s->current_bss->freq,
6331 						  channel);
6332 	} else if (wpa_s->hw.num_modes) {
6333 		*hw_mode = wpa_s->hw.modes[0].mode;
6334 	} else {
6335 		WPA_ASSERT(0);
6336 		*hw_mode = 0;
6337 	}
6338 }
6339 
6340 
wpas_fst_get_hw_modes(void * ctx,struct hostapd_hw_modes ** modes)6341 static int wpas_fst_get_hw_modes(void *ctx, struct hostapd_hw_modes **modes)
6342 {
6343 	struct wpa_supplicant *wpa_s = ctx;
6344 
6345 	*modes = wpa_s->hw.modes;
6346 	return wpa_s->hw.num_modes;
6347 }
6348 
6349 
wpas_fst_set_ies_cb(void * ctx,const struct wpabuf * fst_ies)6350 static void wpas_fst_set_ies_cb(void *ctx, const struct wpabuf *fst_ies)
6351 {
6352 	struct wpa_supplicant *wpa_s = ctx;
6353 
6354 	wpa_hexdump_buf(MSG_DEBUG, "FST: Set IEs", fst_ies);
6355 	wpa_s->fst_ies = fst_ies;
6356 }
6357 
6358 
wpas_fst_send_action_cb(void * ctx,const u8 * da,struct wpabuf * data)6359 static int wpas_fst_send_action_cb(void *ctx, const u8 *da, struct wpabuf *data)
6360 {
6361 	struct wpa_supplicant *wpa_s = ctx;
6362 
6363 	if (os_memcmp(wpa_s->bssid, da, ETH_ALEN) != 0) {
6364 		wpa_printf(MSG_INFO, "FST:%s:bssid=" MACSTR " != da=" MACSTR,
6365 			   __func__, MAC2STR(wpa_s->bssid), MAC2STR(da));
6366 		return -1;
6367 	}
6368 	return wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
6369 				   wpa_s->own_addr, wpa_s->bssid,
6370 				   wpabuf_head(data), wpabuf_len(data),
6371 				   0);
6372 }
6373 
6374 
wpas_fst_get_mb_ie_cb(void * ctx,const u8 * addr)6375 static const struct wpabuf * wpas_fst_get_mb_ie_cb(void *ctx, const u8 *addr)
6376 {
6377 	struct wpa_supplicant *wpa_s = ctx;
6378 
6379 	WPA_ASSERT(os_memcmp(wpa_s->bssid, addr, ETH_ALEN) == 0);
6380 	return wpa_s->received_mb_ies;
6381 }
6382 
6383 
wpas_fst_update_mb_ie_cb(void * ctx,const u8 * addr,const u8 * buf,size_t size)6384 static void wpas_fst_update_mb_ie_cb(void *ctx, const u8 *addr,
6385 				     const u8 *buf, size_t size)
6386 {
6387 	struct wpa_supplicant *wpa_s = ctx;
6388 	struct mb_ies_info info;
6389 
6390 	WPA_ASSERT(os_memcmp(wpa_s->bssid, addr, ETH_ALEN) == 0);
6391 
6392 	if (!mb_ies_info_by_ies(&info, buf, size)) {
6393 		wpabuf_free(wpa_s->received_mb_ies);
6394 		wpa_s->received_mb_ies = mb_ies_by_info(&info);
6395 	}
6396 }
6397 
6398 
wpas_fst_get_peer_first(void * ctx,struct fst_get_peer_ctx ** get_ctx,bool mb_only)6399 static const u8 * wpas_fst_get_peer_first(void *ctx,
6400 					  struct fst_get_peer_ctx **get_ctx,
6401 					  bool mb_only)
6402 {
6403 	struct wpa_supplicant *wpa_s = ctx;
6404 
6405 	*get_ctx = NULL;
6406 	if (!is_zero_ether_addr(wpa_s->bssid))
6407 		return (wpa_s->received_mb_ies || !mb_only) ?
6408 			wpa_s->bssid : NULL;
6409 	return NULL;
6410 }
6411 
6412 
wpas_fst_get_peer_next(void * ctx,struct fst_get_peer_ctx ** get_ctx,bool mb_only)6413 static const u8 * wpas_fst_get_peer_next(void *ctx,
6414 					 struct fst_get_peer_ctx **get_ctx,
6415 					 bool mb_only)
6416 {
6417 	return NULL;
6418 }
6419 
fst_wpa_supplicant_fill_iface_obj(struct wpa_supplicant * wpa_s,struct fst_wpa_obj * iface_obj)6420 void fst_wpa_supplicant_fill_iface_obj(struct wpa_supplicant *wpa_s,
6421 				       struct fst_wpa_obj *iface_obj)
6422 {
6423 	iface_obj->ctx              = wpa_s;
6424 	iface_obj->get_bssid        = wpas_fst_get_bssid_cb;
6425 	iface_obj->get_channel_info = wpas_fst_get_channel_info_cb;
6426 	iface_obj->get_hw_modes     = wpas_fst_get_hw_modes;
6427 	iface_obj->set_ies          = wpas_fst_set_ies_cb;
6428 	iface_obj->send_action      = wpas_fst_send_action_cb;
6429 	iface_obj->get_mb_ie        = wpas_fst_get_mb_ie_cb;
6430 	iface_obj->update_mb_ie     = wpas_fst_update_mb_ie_cb;
6431 	iface_obj->get_peer_first   = wpas_fst_get_peer_first;
6432 	iface_obj->get_peer_next    = wpas_fst_get_peer_next;
6433 }
6434 #endif /* CONFIG_FST */
6435 
wpas_set_wowlan_triggers(struct wpa_supplicant * wpa_s,const struct wpa_driver_capa * capa)6436 static int wpas_set_wowlan_triggers(struct wpa_supplicant *wpa_s,
6437 				    const struct wpa_driver_capa *capa)
6438 {
6439 	struct wowlan_triggers *triggers;
6440 	int ret = 0;
6441 
6442 	if (!wpa_s->conf->wowlan_triggers)
6443 		return 0;
6444 
6445 	triggers = wpa_get_wowlan_triggers(wpa_s->conf->wowlan_triggers, capa);
6446 	if (triggers) {
6447 		ret = wpa_drv_wowlan(wpa_s, triggers);
6448 		os_free(triggers);
6449 	}
6450 	return ret;
6451 }
6452 
6453 
wpas_freq_to_band(int freq)6454 enum wpa_radio_work_band wpas_freq_to_band(int freq)
6455 {
6456 	if (freq < 3000)
6457 		return BAND_2_4_GHZ;
6458 	if (freq > 50000)
6459 		return BAND_60_GHZ;
6460 	return BAND_5_GHZ;
6461 }
6462 
6463 
wpas_get_bands(struct wpa_supplicant * wpa_s,const int * freqs)6464 unsigned int wpas_get_bands(struct wpa_supplicant *wpa_s, const int *freqs)
6465 {
6466 	int i;
6467 	unsigned int band = 0;
6468 
6469 	if (freqs) {
6470 		/* freqs are specified for the radio work */
6471 		for (i = 0; freqs[i]; i++)
6472 			band |= wpas_freq_to_band(freqs[i]);
6473 	} else {
6474 		/*
6475 		 * freqs are not specified, implies all
6476 		 * the supported freqs by HW
6477 		 */
6478 		for (i = 0; i < wpa_s->hw.num_modes; i++) {
6479 			if (wpa_s->hw.modes[i].num_channels != 0) {
6480 				if (wpa_s->hw.modes[i].mode ==
6481 				    HOSTAPD_MODE_IEEE80211B ||
6482 				    wpa_s->hw.modes[i].mode ==
6483 				    HOSTAPD_MODE_IEEE80211G)
6484 					band |= BAND_2_4_GHZ;
6485 				else if (wpa_s->hw.modes[i].mode ==
6486 					 HOSTAPD_MODE_IEEE80211A)
6487 					band |= BAND_5_GHZ;
6488 				else if (wpa_s->hw.modes[i].mode ==
6489 					 HOSTAPD_MODE_IEEE80211AD)
6490 					band |= BAND_60_GHZ;
6491 				else if (wpa_s->hw.modes[i].mode ==
6492 					 HOSTAPD_MODE_IEEE80211ANY)
6493 					band = BAND_2_4_GHZ | BAND_5_GHZ |
6494 						BAND_60_GHZ;
6495 			}
6496 		}
6497 	}
6498 
6499 	return band;
6500 }
6501 
6502 
radio_add_interface(struct wpa_supplicant * wpa_s,const char * rn)6503 static struct wpa_radio * radio_add_interface(struct wpa_supplicant *wpa_s,
6504 					      const char *rn)
6505 {
6506 	struct wpa_supplicant *iface = wpa_s->global->ifaces;
6507 	struct wpa_radio *radio;
6508 
6509 	while (rn && iface) {
6510 		radio = iface->radio;
6511 		if (radio && os_strcmp(rn, radio->name) == 0) {
6512 			wpa_printf(MSG_DEBUG, "Add interface %s to existing radio %s",
6513 				   wpa_s->ifname, rn);
6514 			dl_list_add(&radio->ifaces, &wpa_s->radio_list);
6515 			return radio;
6516 		}
6517 
6518 		iface = iface->next;
6519 	}
6520 
6521 	wpa_printf(MSG_DEBUG, "Add interface %s to a new radio %s",
6522 		   wpa_s->ifname, rn ? rn : "N/A");
6523 	radio = os_zalloc(sizeof(*radio));
6524 	if (radio == NULL)
6525 		return NULL;
6526 
6527 	if (rn)
6528 		os_strlcpy(radio->name, rn, sizeof(radio->name));
6529 	dl_list_init(&radio->ifaces);
6530 	dl_list_init(&radio->work);
6531 	dl_list_add(&radio->ifaces, &wpa_s->radio_list);
6532 
6533 	return radio;
6534 }
6535 
6536 
radio_work_free(struct wpa_radio_work * work)6537 static void radio_work_free(struct wpa_radio_work *work)
6538 {
6539 	if (work->wpa_s->scan_work == work) {
6540 		/* This should not really happen. */
6541 		wpa_dbg(work->wpa_s, MSG_INFO, "Freeing radio work '%s'@%p (started=%d) that is marked as scan_work",
6542 			work->type, work, work->started);
6543 		work->wpa_s->scan_work = NULL;
6544 	}
6545 
6546 #ifdef CONFIG_P2P
6547 	if (work->wpa_s->p2p_scan_work == work) {
6548 		/* This should not really happen. */
6549 		wpa_dbg(work->wpa_s, MSG_INFO, "Freeing radio work '%s'@%p (started=%d) that is marked as p2p_scan_work",
6550 			work->type, work, work->started);
6551 		work->wpa_s->p2p_scan_work = NULL;
6552 	}
6553 #endif /* CONFIG_P2P */
6554 
6555 	if (work->started) {
6556 		work->wpa_s->radio->num_active_works--;
6557 		wpa_dbg(work->wpa_s, MSG_DEBUG,
6558 			"radio_work_free('%s'@%p): num_active_works --> %u",
6559 			work->type, work,
6560 			work->wpa_s->radio->num_active_works);
6561 	}
6562 
6563 	dl_list_del(&work->list);
6564 	os_free(work);
6565 }
6566 
6567 
radio_work_is_connect(struct wpa_radio_work * work)6568 static int radio_work_is_connect(struct wpa_radio_work *work)
6569 {
6570 	return os_strcmp(work->type, "sme-connect") == 0 ||
6571 		os_strcmp(work->type, "connect") == 0;
6572 }
6573 
6574 
radio_work_is_scan(struct wpa_radio_work * work)6575 static int radio_work_is_scan(struct wpa_radio_work *work)
6576 {
6577 	return os_strcmp(work->type, "scan") == 0 ||
6578 		os_strcmp(work->type, "p2p-scan") == 0;
6579 }
6580 
6581 
radio_work_get_next_work(struct wpa_radio * radio)6582 static struct wpa_radio_work * radio_work_get_next_work(struct wpa_radio *radio)
6583 {
6584 	struct wpa_radio_work *active_work = NULL;
6585 	struct wpa_radio_work *tmp;
6586 
6587 	/* Get the active work to know the type and band. */
6588 	dl_list_for_each(tmp, &radio->work, struct wpa_radio_work, list) {
6589 		if (tmp->started) {
6590 			active_work = tmp;
6591 			break;
6592 		}
6593 	}
6594 
6595 	if (!active_work) {
6596 		/* No active work, start one */
6597 		radio->num_active_works = 0;
6598 		dl_list_for_each(tmp, &radio->work, struct wpa_radio_work,
6599 				 list) {
6600 			if (os_strcmp(tmp->type, "scan") == 0 &&
6601 			    external_scan_running(radio) &&
6602 			    (((struct wpa_driver_scan_params *)
6603 			      tmp->ctx)->only_new_results ||
6604 			     tmp->wpa_s->clear_driver_scan_cache))
6605 				continue;
6606 			return tmp;
6607 		}
6608 		return NULL;
6609 	}
6610 
6611 	if (radio_work_is_connect(active_work)) {
6612 		/*
6613 		 * If the active work is either connect or sme-connect,
6614 		 * do not parallelize them with other radio works.
6615 		 */
6616 		wpa_dbg(active_work->wpa_s, MSG_DEBUG,
6617 			"Do not parallelize radio work with %s",
6618 			active_work->type);
6619 		return NULL;
6620 	}
6621 
6622 	dl_list_for_each(tmp, &radio->work, struct wpa_radio_work, list) {
6623 		if (tmp->started)
6624 			continue;
6625 
6626 		/*
6627 		 * If connect or sme-connect are enqueued, parallelize only
6628 		 * those operations ahead of them in the queue.
6629 		 */
6630 		if (radio_work_is_connect(tmp))
6631 			break;
6632 
6633 		/* Serialize parallel scan and p2p_scan operations on the same
6634 		 * interface since the driver_nl80211 mechanism for tracking
6635 		 * scan cookies does not yet have support for this. */
6636 		if (active_work->wpa_s == tmp->wpa_s &&
6637 		    radio_work_is_scan(active_work) &&
6638 		    radio_work_is_scan(tmp)) {
6639 			wpa_dbg(active_work->wpa_s, MSG_DEBUG,
6640 				"Do not start work '%s' when another work '%s' is already scheduled",
6641 				tmp->type, active_work->type);
6642 			continue;
6643 		}
6644 		/*
6645 		 * Check that the radio works are distinct and
6646 		 * on different bands.
6647 		 */
6648 		if (os_strcmp(active_work->type, tmp->type) != 0 &&
6649 		    (active_work->bands != tmp->bands)) {
6650 			/*
6651 			 * If a scan has to be scheduled through nl80211 scan
6652 			 * interface and if an external scan is already running,
6653 			 * do not schedule the scan since it is likely to get
6654 			 * rejected by kernel.
6655 			 */
6656 			if (os_strcmp(tmp->type, "scan") == 0 &&
6657 			    external_scan_running(radio) &&
6658 			    (((struct wpa_driver_scan_params *)
6659 			      tmp->ctx)->only_new_results ||
6660 			     tmp->wpa_s->clear_driver_scan_cache))
6661 				continue;
6662 
6663 			wpa_dbg(active_work->wpa_s, MSG_DEBUG,
6664 				"active_work:%s new_work:%s",
6665 				active_work->type, tmp->type);
6666 			return tmp;
6667 		}
6668 	}
6669 
6670 	/* Did not find a radio work to schedule in parallel. */
6671 	return NULL;
6672 }
6673 
6674 
radio_start_next_work(void * eloop_ctx,void * timeout_ctx)6675 static void radio_start_next_work(void *eloop_ctx, void *timeout_ctx)
6676 {
6677 	struct wpa_radio *radio = eloop_ctx;
6678 	struct wpa_radio_work *work;
6679 	struct os_reltime now, diff;
6680 	struct wpa_supplicant *wpa_s;
6681 
6682 	work = dl_list_first(&radio->work, struct wpa_radio_work, list);
6683 	if (work == NULL) {
6684 		radio->num_active_works = 0;
6685 		return;
6686 	}
6687 
6688 	wpa_s = dl_list_first(&radio->ifaces, struct wpa_supplicant,
6689 			      radio_list);
6690 
6691 	if (!(wpa_s &&
6692 	      wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS)) {
6693 		if (work->started)
6694 			return; /* already started and still in progress */
6695 
6696 		if (wpa_s && external_scan_running(wpa_s->radio)) {
6697 			wpa_printf(MSG_DEBUG, "Delay radio work start until externally triggered scan completes");
6698 			return;
6699 		}
6700 	} else {
6701 		work = NULL;
6702 		if (radio->num_active_works < MAX_ACTIVE_WORKS) {
6703 			/* get the work to schedule next */
6704 			work = radio_work_get_next_work(radio);
6705 		}
6706 		if (!work)
6707 			return;
6708 	}
6709 
6710 	wpa_s = work->wpa_s;
6711 	os_get_reltime(&now);
6712 	os_reltime_sub(&now, &work->time, &diff);
6713 	wpa_dbg(wpa_s, MSG_DEBUG,
6714 		"Starting radio work '%s'@%p after %ld.%06ld second wait",
6715 		work->type, work, diff.sec, diff.usec);
6716 	work->started = 1;
6717 	work->time = now;
6718 	radio->num_active_works++;
6719 
6720 	work->cb(work, 0);
6721 
6722 	if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS) &&
6723 	    radio->num_active_works < MAX_ACTIVE_WORKS)
6724 		radio_work_check_next(wpa_s);
6725 }
6726 
6727 
6728 /*
6729  * This function removes both started and pending radio works running on
6730  * the provided interface's radio.
6731  * Prior to the removal of the radio work, its callback (cb) is called with
6732  * deinit set to be 1. Each work's callback is responsible for clearing its
6733  * internal data and restoring to a correct state.
6734  * @wpa_s: wpa_supplicant data
6735  * @type: type of works to be removed
6736  * @remove_all: 1 to remove all the works on this radio, 0 to remove only
6737  * this interface's works.
6738  */
radio_remove_works(struct wpa_supplicant * wpa_s,const char * type,int remove_all)6739 void radio_remove_works(struct wpa_supplicant *wpa_s,
6740 			const char *type, int remove_all)
6741 {
6742 	struct wpa_radio_work *work, *tmp;
6743 	struct wpa_radio *radio = wpa_s->radio;
6744 
6745 	dl_list_for_each_safe(work, tmp, &radio->work, struct wpa_radio_work,
6746 			      list) {
6747 		if (type && os_strcmp(type, work->type) != 0)
6748 			continue;
6749 
6750 		/* skip other ifaces' works */
6751 		if (!remove_all && work->wpa_s != wpa_s)
6752 			continue;
6753 
6754 		wpa_dbg(wpa_s, MSG_DEBUG, "Remove radio work '%s'@%p%s",
6755 			work->type, work, work->started ? " (started)" : "");
6756 		work->cb(work, 1);
6757 		radio_work_free(work);
6758 	}
6759 
6760 	/* in case we removed the started work */
6761 	radio_work_check_next(wpa_s);
6762 }
6763 
6764 
radio_remove_pending_work(struct wpa_supplicant * wpa_s,void * ctx)6765 void radio_remove_pending_work(struct wpa_supplicant *wpa_s, void *ctx)
6766 {
6767 	struct wpa_radio_work *work;
6768 	struct wpa_radio *radio = wpa_s->radio;
6769 
6770 	dl_list_for_each(work, &radio->work, struct wpa_radio_work, list) {
6771 		if (work->ctx != ctx)
6772 			continue;
6773 		wpa_dbg(wpa_s, MSG_DEBUG, "Free pending radio work '%s'@%p%s",
6774 			work->type, work, work->started ? " (started)" : "");
6775 		radio_work_free(work);
6776 		break;
6777 	}
6778 }
6779 
6780 
radio_remove_interface(struct wpa_supplicant * wpa_s)6781 static void radio_remove_interface(struct wpa_supplicant *wpa_s)
6782 {
6783 	struct wpa_radio *radio = wpa_s->radio;
6784 
6785 	if (!radio)
6786 		return;
6787 
6788 	wpa_printf(MSG_DEBUG, "Remove interface %s from radio %s",
6789 		   wpa_s->ifname, radio->name);
6790 	dl_list_del(&wpa_s->radio_list);
6791 	radio_remove_works(wpa_s, NULL, 0);
6792 	/* If the interface that triggered the external scan was removed, the
6793 	 * external scan is no longer running. */
6794 	if (wpa_s == radio->external_scan_req_interface)
6795 		radio->external_scan_req_interface = NULL;
6796 	wpa_s->radio = NULL;
6797 	if (!dl_list_empty(&radio->ifaces))
6798 		return; /* Interfaces remain for this radio */
6799 
6800 	wpa_printf(MSG_DEBUG, "Remove radio %s", radio->name);
6801 	eloop_cancel_timeout(radio_start_next_work, radio, NULL);
6802 	os_free(radio);
6803 }
6804 
6805 
radio_work_check_next(struct wpa_supplicant * wpa_s)6806 void radio_work_check_next(struct wpa_supplicant *wpa_s)
6807 {
6808 	struct wpa_radio *radio = wpa_s->radio;
6809 
6810 	if (dl_list_empty(&radio->work))
6811 		return;
6812 	if (wpa_s->ext_work_in_progress) {
6813 		wpa_printf(MSG_DEBUG,
6814 			   "External radio work in progress - delay start of pending item");
6815 		return;
6816 	}
6817 	eloop_cancel_timeout(radio_start_next_work, radio, NULL);
6818 	eloop_register_timeout(0, 0, radio_start_next_work, radio, NULL);
6819 }
6820 
6821 
6822 /**
6823  * radio_add_work - Add a radio work item
6824  * @wpa_s: Pointer to wpa_supplicant data
6825  * @freq: Frequency of the offchannel operation in MHz or 0
6826  * @type: Unique identifier for each type of work
6827  * @next: Force as the next work to be executed
6828  * @cb: Callback function for indicating when radio is available
6829  * @ctx: Context pointer for the work (work->ctx in cb())
6830  * Returns: 0 on success, -1 on failure
6831  *
6832  * This function is used to request time for an operation that requires
6833  * exclusive radio control. Once the radio is available, the registered callback
6834  * function will be called. radio_work_done() must be called once the exclusive
6835  * radio operation has been completed, so that the radio is freed for other
6836  * operations. The special case of deinit=1 is used to free the context data
6837  * during interface removal. That does not allow the callback function to start
6838  * the radio operation, i.e., it must free any resources allocated for the radio
6839  * work and return.
6840  *
6841  * The @freq parameter can be used to indicate a single channel on which the
6842  * offchannel operation will occur. This may allow multiple radio work
6843  * operations to be performed in parallel if they apply for the same channel.
6844  * Setting this to 0 indicates that the work item may use multiple channels or
6845  * requires exclusive control of the radio.
6846  */
radio_add_work(struct wpa_supplicant * wpa_s,unsigned int freq,const char * type,int next,void (* cb)(struct wpa_radio_work * work,int deinit),void * ctx)6847 int radio_add_work(struct wpa_supplicant *wpa_s, unsigned int freq,
6848 		   const char *type, int next,
6849 		   void (*cb)(struct wpa_radio_work *work, int deinit),
6850 		   void *ctx)
6851 {
6852 	struct wpa_radio *radio = wpa_s->radio;
6853 	struct wpa_radio_work *work;
6854 	int was_empty;
6855 
6856 	work = os_zalloc(sizeof(*work));
6857 	if (work == NULL)
6858 		return -1;
6859 	wpa_dbg(wpa_s, MSG_DEBUG, "Add radio work '%s'@%p", type, work);
6860 	os_get_reltime(&work->time);
6861 	work->freq = freq;
6862 	work->type = type;
6863 	work->wpa_s = wpa_s;
6864 	work->cb = cb;
6865 	work->ctx = ctx;
6866 
6867 	if (freq)
6868 		work->bands = wpas_freq_to_band(freq);
6869 	else if (os_strcmp(type, "scan") == 0 ||
6870 		 os_strcmp(type, "p2p-scan") == 0)
6871 		work->bands = wpas_get_bands(wpa_s,
6872 					     ((struct wpa_driver_scan_params *)
6873 					      ctx)->freqs);
6874 	else
6875 		work->bands = wpas_get_bands(wpa_s, NULL);
6876 
6877 	was_empty = dl_list_empty(&wpa_s->radio->work);
6878 	if (next)
6879 		dl_list_add(&wpa_s->radio->work, &work->list);
6880 	else
6881 		dl_list_add_tail(&wpa_s->radio->work, &work->list);
6882 	if (was_empty) {
6883 		wpa_dbg(wpa_s, MSG_DEBUG, "First radio work item in the queue - schedule start immediately");
6884 		radio_work_check_next(wpa_s);
6885 	} else if ((wpa_s->drv_flags & WPA_DRIVER_FLAGS_OFFCHANNEL_SIMULTANEOUS)
6886 		   && radio->num_active_works < MAX_ACTIVE_WORKS) {
6887 		wpa_dbg(wpa_s, MSG_DEBUG,
6888 			"Try to schedule a radio work (num_active_works=%u)",
6889 			radio->num_active_works);
6890 		radio_work_check_next(wpa_s);
6891 	}
6892 
6893 	return 0;
6894 }
6895 
6896 
6897 /**
6898  * radio_work_done - Indicate that a radio work item has been completed
6899  * @work: Completed work
6900  *
6901  * This function is called once the callback function registered with
6902  * radio_add_work() has completed its work.
6903  */
radio_work_done(struct wpa_radio_work * work)6904 void radio_work_done(struct wpa_radio_work *work)
6905 {
6906 	struct wpa_supplicant *wpa_s = work->wpa_s;
6907 	struct os_reltime now, diff;
6908 	unsigned int started = work->started;
6909 
6910 	os_get_reltime(&now);
6911 	os_reltime_sub(&now, &work->time, &diff);
6912 	wpa_dbg(wpa_s, MSG_DEBUG, "Radio work '%s'@%p %s in %ld.%06ld seconds",
6913 		work->type, work, started ? "done" : "canceled",
6914 		diff.sec, diff.usec);
6915 	radio_work_free(work);
6916 	if (started)
6917 		radio_work_check_next(wpa_s);
6918 }
6919 
6920 
6921 struct wpa_radio_work *
radio_work_pending(struct wpa_supplicant * wpa_s,const char * type)6922 radio_work_pending(struct wpa_supplicant *wpa_s, const char *type)
6923 {
6924 	struct wpa_radio_work *work;
6925 	struct wpa_radio *radio = wpa_s->radio;
6926 
6927 	dl_list_for_each(work, &radio->work, struct wpa_radio_work, list) {
6928 		if (work->wpa_s == wpa_s && os_strcmp(work->type, type) == 0)
6929 			return work;
6930 	}
6931 
6932 	return NULL;
6933 }
6934 
6935 
wpas_init_driver(struct wpa_supplicant * wpa_s,const struct wpa_interface * iface)6936 static int wpas_init_driver(struct wpa_supplicant *wpa_s,
6937 			    const struct wpa_interface *iface)
6938 {
6939 	const char *ifname, *driver, *rn;
6940 
6941 	driver = iface->driver;
6942 next_driver:
6943 	if (wpa_supplicant_set_driver(wpa_s, driver) < 0)
6944 		return -1;
6945 
6946 	wpa_s->drv_priv = wpa_drv_init(wpa_s, wpa_s->ifname);
6947 	if (wpa_s->drv_priv == NULL) {
6948 		const char *pos;
6949 		int level = MSG_ERROR;
6950 
6951 		pos = driver ? os_strchr(driver, ',') : NULL;
6952 		if (pos) {
6953 			wpa_dbg(wpa_s, MSG_DEBUG, "Failed to initialize "
6954 				"driver interface - try next driver wrapper");
6955 			driver = pos + 1;
6956 			goto next_driver;
6957 		}
6958 
6959 #ifdef CONFIG_MATCH_IFACE
6960 		if (wpa_s->matched == WPA_IFACE_MATCHED_NULL)
6961 			level = MSG_DEBUG;
6962 #endif /* CONFIG_MATCH_IFACE */
6963 		wpa_msg(wpa_s, level, "Failed to initialize driver interface");
6964 		return -1;
6965 	}
6966 	if (wpa_drv_set_param(wpa_s, wpa_s->conf->driver_param) < 0) {
6967 		wpa_msg(wpa_s, MSG_ERROR, "Driver interface rejected "
6968 			"driver_param '%s'", wpa_s->conf->driver_param);
6969 		return -1;
6970 	}
6971 
6972 	ifname = wpa_drv_get_ifname(wpa_s);
6973 	if (ifname && os_strcmp(ifname, wpa_s->ifname) != 0) {
6974 		wpa_dbg(wpa_s, MSG_DEBUG, "Driver interface replaced "
6975 			"interface name with '%s'", ifname);
6976 		os_strlcpy(wpa_s->ifname, ifname, sizeof(wpa_s->ifname));
6977 	}
6978 
6979 	rn = wpa_driver_get_radio_name(wpa_s);
6980 	if (rn && rn[0] == '\0')
6981 		rn = NULL;
6982 
6983 	wpa_s->radio = radio_add_interface(wpa_s, rn);
6984 	if (wpa_s->radio == NULL)
6985 		return -1;
6986 
6987 	return 0;
6988 }
6989 
6990 
6991 #ifdef CONFIG_GAS_SERVER
6992 
wpas_gas_server_tx_status(struct wpa_supplicant * wpa_s,unsigned int freq,const u8 * dst,const u8 * src,const u8 * bssid,const u8 * data,size_t data_len,enum offchannel_send_action_result result)6993 static void wpas_gas_server_tx_status(struct wpa_supplicant *wpa_s,
6994 				      unsigned int freq, const u8 *dst,
6995 				      const u8 *src, const u8 *bssid,
6996 				      const u8 *data, size_t data_len,
6997 				      enum offchannel_send_action_result result)
6998 {
6999 	wpa_printf(MSG_DEBUG, "GAS: TX status: freq=%u dst=" MACSTR
7000 		   " result=%s",
7001 		   freq, MAC2STR(dst),
7002 		   result == OFFCHANNEL_SEND_ACTION_SUCCESS ? "SUCCESS" :
7003 		   (result == OFFCHANNEL_SEND_ACTION_NO_ACK ? "no-ACK" :
7004 		    "FAILED"));
7005 	gas_server_tx_status(wpa_s->gas_server, dst, data, data_len,
7006 			     result == OFFCHANNEL_SEND_ACTION_SUCCESS);
7007 }
7008 
7009 
wpas_gas_server_tx(void * ctx,int freq,const u8 * da,struct wpabuf * buf,unsigned int wait_time)7010 static void wpas_gas_server_tx(void *ctx, int freq, const u8 *da,
7011 			       struct wpabuf *buf, unsigned int wait_time)
7012 {
7013 	struct wpa_supplicant *wpa_s = ctx;
7014 	const u8 broadcast[ETH_ALEN] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff };
7015 
7016 	if (wait_time > wpa_s->max_remain_on_chan)
7017 		wait_time = wpa_s->max_remain_on_chan;
7018 
7019 	offchannel_send_action(wpa_s, freq, da, wpa_s->own_addr, broadcast,
7020 			       wpabuf_head(buf), wpabuf_len(buf),
7021 			       wait_time, wpas_gas_server_tx_status, 0);
7022 }
7023 
7024 #endif /* CONFIG_GAS_SERVER */
7025 
wpa_supplicant_init_iface(struct wpa_supplicant * wpa_s,const struct wpa_interface * iface)7026 static int wpa_supplicant_init_iface(struct wpa_supplicant *wpa_s,
7027 				     const struct wpa_interface *iface)
7028 {
7029 	struct wpa_driver_capa capa;
7030 	int capa_res;
7031 	u8 dfs_domain;
7032 
7033 	wpa_printf(MSG_DEBUG, "Initializing interface '%s' conf '%s' driver "
7034 		   "'%s' ctrl_interface '%s' bridge '%s'", iface->ifname,
7035 		   iface->confname ? iface->confname : "N/A",
7036 		   iface->driver ? iface->driver : "default",
7037 		   iface->ctrl_interface ? iface->ctrl_interface : "N/A",
7038 		   iface->bridge_ifname ? iface->bridge_ifname : "N/A");
7039 
7040 	if (iface->confname) {
7041 #ifdef CONFIG_BACKEND_FILE
7042 		wpa_s->confname = os_rel2abs_path(iface->confname);
7043 		if (wpa_s->confname == NULL) {
7044 			wpa_printf(MSG_ERROR, "Failed to get absolute path "
7045 				   "for configuration file '%s'.",
7046 				   iface->confname);
7047 			return -1;
7048 		}
7049 		wpa_printf(MSG_DEBUG, "Configuration file '%s' -> '%s'",
7050 			   iface->confname, wpa_s->confname);
7051 #else /* CONFIG_BACKEND_FILE */
7052 		wpa_s->confname = os_strdup(iface->confname);
7053 #endif /* CONFIG_BACKEND_FILE */
7054 		wpa_s->conf = wpa_config_read(wpa_s->confname, NULL, false);
7055 		if (wpa_s->conf == NULL) {
7056 			wpa_printf(MSG_ERROR, "Failed to read or parse "
7057 				   "configuration '%s'.", wpa_s->confname);
7058 			return -1;
7059 		}
7060 		wpa_s->confanother = os_rel2abs_path(iface->confanother);
7061 		if (wpa_s->confanother &&
7062 		    !wpa_config_read(wpa_s->confanother, wpa_s->conf, true)) {
7063 			wpa_printf(MSG_ERROR,
7064 				   "Failed to read or parse configuration '%s'.",
7065 				   wpa_s->confanother);
7066 			return -1;
7067 		}
7068 
7069 		/*
7070 		 * Override ctrl_interface and driver_param if set on command
7071 		 * line.
7072 		 */
7073 		if (iface->ctrl_interface) {
7074 			os_free(wpa_s->conf->ctrl_interface);
7075 			wpa_s->conf->ctrl_interface =
7076 				os_strdup(iface->ctrl_interface);
7077 		}
7078 
7079 		if (iface->driver_param) {
7080 			os_free(wpa_s->conf->driver_param);
7081 			wpa_s->conf->driver_param =
7082 				os_strdup(iface->driver_param);
7083 		}
7084 
7085 		if (iface->p2p_mgmt && !iface->ctrl_interface) {
7086 			os_free(wpa_s->conf->ctrl_interface);
7087 			wpa_s->conf->ctrl_interface = NULL;
7088 		}
7089 	} else
7090 		wpa_s->conf = wpa_config_alloc_empty(iface->ctrl_interface,
7091 						     iface->driver_param);
7092 
7093 	if (wpa_s->conf == NULL) {
7094 		wpa_printf(MSG_ERROR, "\nNo configuration found.");
7095 		return -1;
7096 	}
7097 
7098 	if (iface->ifname == NULL) {
7099 		wpa_printf(MSG_ERROR, "\nInterface name is required.");
7100 		return -1;
7101 	}
7102 	if (os_strlen(iface->ifname) >= sizeof(wpa_s->ifname)) {
7103 		wpa_printf(MSG_ERROR, "\nToo long interface name '%s'.",
7104 			   iface->ifname);
7105 		return -1;
7106 	}
7107 	os_strlcpy(wpa_s->ifname, iface->ifname, sizeof(wpa_s->ifname));
7108 #ifdef CONFIG_MATCH_IFACE
7109 	wpa_s->matched = iface->matched;
7110 #endif /* CONFIG_MATCH_IFACE */
7111 
7112 	if (iface->bridge_ifname) {
7113 		if (os_strlen(iface->bridge_ifname) >=
7114 		    sizeof(wpa_s->bridge_ifname)) {
7115 			wpa_printf(MSG_ERROR, "\nToo long bridge interface "
7116 				   "name '%s'.", iface->bridge_ifname);
7117 			return -1;
7118 		}
7119 		os_strlcpy(wpa_s->bridge_ifname, iface->bridge_ifname,
7120 			   sizeof(wpa_s->bridge_ifname));
7121 	}
7122 
7123 	/* RSNA Supplicant Key Management - INITIALIZE */
7124 	eapol_sm_notify_portEnabled(wpa_s->eapol, false);
7125 	eapol_sm_notify_portValid(wpa_s->eapol, false);
7126 
7127 	/* Initialize driver interface and register driver event handler before
7128 	 * L2 receive handler so that association events are processed before
7129 	 * EAPOL-Key packets if both become available for the same select()
7130 	 * call. */
7131 	if (wpas_init_driver(wpa_s, iface) < 0)
7132 		return -1;
7133 
7134 	if (wpa_supplicant_init_wpa(wpa_s) < 0)
7135 		return -1;
7136 
7137 	wpa_sm_set_ifname(wpa_s->wpa, wpa_s->ifname,
7138 			  wpa_s->bridge_ifname[0] ? wpa_s->bridge_ifname :
7139 			  NULL);
7140 	wpa_sm_set_fast_reauth(wpa_s->wpa, wpa_s->conf->fast_reauth);
7141 
7142 	if (wpa_s->conf->dot11RSNAConfigPMKLifetime &&
7143 	    wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_LIFETIME,
7144 			     wpa_s->conf->dot11RSNAConfigPMKLifetime)) {
7145 		wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
7146 			"dot11RSNAConfigPMKLifetime");
7147 		return -1;
7148 	}
7149 
7150 	if (wpa_s->conf->dot11RSNAConfigPMKReauthThreshold &&
7151 	    wpa_sm_set_param(wpa_s->wpa, RSNA_PMK_REAUTH_THRESHOLD,
7152 			     wpa_s->conf->dot11RSNAConfigPMKReauthThreshold)) {
7153 		wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
7154 			"dot11RSNAConfigPMKReauthThreshold");
7155 		return -1;
7156 	}
7157 
7158 	if (wpa_s->conf->dot11RSNAConfigSATimeout &&
7159 	    wpa_sm_set_param(wpa_s->wpa, RSNA_SA_TIMEOUT,
7160 			     wpa_s->conf->dot11RSNAConfigSATimeout)) {
7161 		wpa_msg(wpa_s, MSG_ERROR, "Invalid WPA parameter value for "
7162 			"dot11RSNAConfigSATimeout");
7163 		return -1;
7164 	}
7165 
7166 	wpa_s->hw.modes = wpa_drv_get_hw_feature_data(wpa_s,
7167 						      &wpa_s->hw.num_modes,
7168 						      &wpa_s->hw.flags,
7169 						      &dfs_domain);
7170 	if (wpa_s->hw.modes) {
7171 		u16 i;
7172 
7173 		for (i = 0; i < wpa_s->hw.num_modes; i++) {
7174 			if (wpa_s->hw.modes[i].vht_capab) {
7175 				wpa_s->hw_capab = CAPAB_VHT;
7176 				break;
7177 			}
7178 
7179 			if (wpa_s->hw.modes[i].ht_capab &
7180 			    HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET)
7181 				wpa_s->hw_capab = CAPAB_HT40;
7182 			else if (wpa_s->hw.modes[i].ht_capab &&
7183 				 wpa_s->hw_capab == CAPAB_NO_HT_VHT)
7184 				wpa_s->hw_capab = CAPAB_HT;
7185 		}
7186 	}
7187 
7188 	capa_res = wpa_drv_get_capa(wpa_s, &capa);
7189 	if (capa_res == 0) {
7190 		wpa_s->drv_capa_known = 1;
7191 		wpa_s->drv_flags = capa.flags;
7192 		wpa_s->drv_flags2 = capa.flags2;
7193 		wpa_s->drv_enc = capa.enc;
7194 		wpa_s->drv_key_mgmt = capa.key_mgmt;
7195 		wpa_s->drv_rrm_flags = capa.rrm_flags;
7196 		wpa_s->probe_resp_offloads = capa.probe_resp_offloads;
7197 		wpa_s->max_scan_ssids = capa.max_scan_ssids;
7198 		wpa_s->max_sched_scan_ssids = capa.max_sched_scan_ssids;
7199 		wpa_s->max_sched_scan_plans = capa.max_sched_scan_plans;
7200 		wpa_s->max_sched_scan_plan_interval =
7201 			capa.max_sched_scan_plan_interval;
7202 		wpa_s->max_sched_scan_plan_iterations =
7203 			capa.max_sched_scan_plan_iterations;
7204 		wpa_s->sched_scan_supported = capa.sched_scan_supported;
7205 		wpa_s->max_match_sets = capa.max_match_sets;
7206 		wpa_s->max_remain_on_chan = capa.max_remain_on_chan;
7207 		wpa_s->max_stations = capa.max_stations;
7208 		wpa_s->extended_capa = capa.extended_capa;
7209 		wpa_s->extended_capa_mask = capa.extended_capa_mask;
7210 		wpa_s->extended_capa_len = capa.extended_capa_len;
7211 		wpa_s->num_multichan_concurrent =
7212 			capa.num_multichan_concurrent;
7213 #ifndef CONFIG_NO_WMM_AC
7214 		wpa_s->wmm_ac_supported = capa.wmm_ac_supported;
7215 #endif /* ! CONFIG_NO_WMM_AC */
7216 
7217 		if (capa.mac_addr_rand_scan_supported)
7218 			wpa_s->mac_addr_rand_supported |= MAC_ADDR_RAND_SCAN;
7219 		if (wpa_s->sched_scan_supported &&
7220 		    capa.mac_addr_rand_sched_scan_supported)
7221 			wpa_s->mac_addr_rand_supported |=
7222 				(MAC_ADDR_RAND_SCHED_SCAN | MAC_ADDR_RAND_PNO);
7223 
7224 		wpa_drv_get_ext_capa(wpa_s, WPA_IF_STATION);
7225 		if (wpa_s->extended_capa &&
7226 		    wpa_s->extended_capa_len >= 3 &&
7227 		    wpa_s->extended_capa[2] & 0x40)
7228 			wpa_s->multi_bss_support = 1;
7229 	}
7230 	if (wpa_s->max_remain_on_chan == 0)
7231 		wpa_s->max_remain_on_chan = 1000;
7232 
7233 	/*
7234 	 * Only take p2p_mgmt parameters when P2P Device is supported.
7235 	 * Doing it here as it determines whether l2_packet_init() will be done
7236 	 * during wpa_supplicant_driver_init().
7237 	 */
7238 	if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE)
7239 		wpa_s->p2p_mgmt = iface->p2p_mgmt;
7240 
7241 	if (wpa_s->num_multichan_concurrent == 0)
7242 		wpa_s->num_multichan_concurrent = 1;
7243 
7244 	if (wpa_supplicant_driver_init(wpa_s) < 0)
7245 		return -1;
7246 
7247 #ifdef CONFIG_TDLS
7248 	if (!iface->p2p_mgmt && wpa_tdls_init(wpa_s->wpa))
7249 		return -1;
7250 #endif /* CONFIG_TDLS */
7251 
7252 	if (wpa_s->conf->country[0] && wpa_s->conf->country[1] &&
7253 	    wpa_drv_set_country(wpa_s, wpa_s->conf->country)) {
7254 		wpa_dbg(wpa_s, MSG_DEBUG, "Failed to set country");
7255 		return -1;
7256 	}
7257 
7258 #ifdef CONFIG_FST
7259 	if (wpa_s->conf->fst_group_id) {
7260 		struct fst_iface_cfg cfg;
7261 		struct fst_wpa_obj iface_obj;
7262 
7263 		fst_wpa_supplicant_fill_iface_obj(wpa_s, &iface_obj);
7264 		os_strlcpy(cfg.group_id, wpa_s->conf->fst_group_id,
7265 			   sizeof(cfg.group_id));
7266 		cfg.priority = wpa_s->conf->fst_priority;
7267 		cfg.llt = wpa_s->conf->fst_llt;
7268 
7269 		wpa_s->fst = fst_attach(wpa_s->ifname, wpa_s->own_addr,
7270 					&iface_obj, &cfg);
7271 		if (!wpa_s->fst) {
7272 			wpa_msg(wpa_s, MSG_ERROR,
7273 				"FST: Cannot attach iface %s to group %s",
7274 				wpa_s->ifname, cfg.group_id);
7275 			return -1;
7276 		}
7277 	}
7278 #endif /* CONFIG_FST */
7279 
7280 	if (wpas_wps_init(wpa_s))
7281 		return -1;
7282 
7283 #ifdef CONFIG_GAS_SERVER
7284 	wpa_s->gas_server = gas_server_init(wpa_s, wpas_gas_server_tx);
7285 	if (!wpa_s->gas_server) {
7286 		wpa_printf(MSG_ERROR, "Failed to initialize GAS server");
7287 		return -1;
7288 	}
7289 #endif /* CONFIG_GAS_SERVER */
7290 
7291 #ifdef CONFIG_DPP
7292 	if (wpas_dpp_init(wpa_s) < 0)
7293 		return -1;
7294 #endif /* CONFIG_DPP */
7295 
7296 	if (wpa_supplicant_init_eapol(wpa_s) < 0)
7297 		return -1;
7298 	wpa_sm_set_eapol(wpa_s->wpa, wpa_s->eapol);
7299 
7300 	wpa_s->ctrl_iface = wpa_supplicant_ctrl_iface_init(wpa_s);
7301 	if (wpa_s->ctrl_iface == NULL) {
7302 		wpa_printf(MSG_ERROR,
7303 			   "Failed to initialize control interface '%s'.\n"
7304 			   "You may have another wpa_supplicant process "
7305 			   "already running or the file was\n"
7306 			   "left by an unclean termination of wpa_supplicant "
7307 			   "in which case you will need\n"
7308 			   "to manually remove this file before starting "
7309 			   "wpa_supplicant again.\n",
7310 			   wpa_s->conf->ctrl_interface);
7311 		return -1;
7312 	}
7313 
7314 	wpa_s->gas = gas_query_init(wpa_s);
7315 	if (wpa_s->gas == NULL) {
7316 		wpa_printf(MSG_ERROR, "Failed to initialize GAS query");
7317 		return -1;
7318 	}
7319 
7320 	if ((!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) ||
7321 	     wpa_s->p2p_mgmt) &&
7322 	    wpas_p2p_init(wpa_s->global, wpa_s) < 0) {
7323 		wpa_msg(wpa_s, MSG_ERROR, "Failed to init P2P");
7324 		return -1;
7325 	}
7326 
7327 	if (wpa_bss_init(wpa_s) < 0)
7328 		return -1;
7329 
7330 #ifdef CONFIG_PMKSA_CACHE_EXTERNAL
7331 #ifdef CONFIG_MESH
7332 	dl_list_init(&wpa_s->mesh_external_pmksa_cache);
7333 #endif /* CONFIG_MESH */
7334 #endif /* CONFIG_PMKSA_CACHE_EXTERNAL */
7335 
7336 	/*
7337 	 * Set Wake-on-WLAN triggers, if configured.
7338 	 * Note: We don't restore/remove the triggers on shutdown (it doesn't
7339 	 * have effect anyway when the interface is down).
7340 	 */
7341 	if (capa_res == 0 && wpas_set_wowlan_triggers(wpa_s, &capa) < 0)
7342 		return -1;
7343 
7344 #ifdef CONFIG_EAP_PROXY
7345 {
7346 	size_t len;
7347 	wpa_s->mnc_len = eapol_sm_get_eap_proxy_imsi(wpa_s->eapol, -1,
7348 						     wpa_s->imsi, &len);
7349 	if (wpa_s->mnc_len > 0) {
7350 		wpa_s->imsi[len] = '\0';
7351 		wpa_printf(MSG_DEBUG, "eap_proxy: IMSI %s (MNC length %d)",
7352 			   wpa_s->imsi, wpa_s->mnc_len);
7353 	} else {
7354 		wpa_printf(MSG_DEBUG, "eap_proxy: IMSI not available");
7355 	}
7356 }
7357 #endif /* CONFIG_EAP_PROXY */
7358 
7359 	if (pcsc_reader_init(wpa_s) < 0)
7360 		return -1;
7361 
7362 	if (wpas_init_ext_pw(wpa_s) < 0)
7363 		return -1;
7364 
7365 #ifndef CONFIG_NO_RRM
7366 	wpas_rrm_reset(wpa_s);
7367 #endif /* ! CONFIG_NO_RRM */
7368 
7369 	wpas_sched_scan_plans_set(wpa_s, wpa_s->conf->sched_scan_plans);
7370 
7371 #ifdef CONFIG_HS20
7372 	hs20_init(wpa_s);
7373 #endif /* CONFIG_HS20 */
7374 #ifdef CONFIG_MBO
7375 	if (!wpa_s->disable_mbo_oce && wpa_s->conf->oce) {
7376 		if ((wpa_s->conf->oce & OCE_STA) &&
7377 		    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_OCE_STA))
7378 			wpa_s->enable_oce = OCE_STA;
7379 		if ((wpa_s->conf->oce & OCE_STA_CFON) &&
7380 		    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_OCE_STA_CFON)) {
7381 			/* TODO: Need to add STA-CFON support */
7382 			wpa_printf(MSG_ERROR,
7383 				   "OCE STA-CFON feature is not yet supported");
7384 		}
7385 	}
7386 	wpas_mbo_update_non_pref_chan(wpa_s, wpa_s->conf->non_pref_chan);
7387 #endif /* CONFIG_MBO */
7388 
7389 	wpa_supplicant_set_default_scan_ies(wpa_s);
7390 
7391 	return 0;
7392 }
7393 
7394 
wpa_supplicant_deinit_iface(struct wpa_supplicant * wpa_s,int notify,int terminate)7395 static void wpa_supplicant_deinit_iface(struct wpa_supplicant *wpa_s,
7396 					int notify, int terminate)
7397 {
7398 	struct wpa_global *global = wpa_s->global;
7399 	struct wpa_supplicant *iface, *prev;
7400 
7401 	if (wpa_s == wpa_s->parent)
7402 		wpas_p2p_group_remove(wpa_s, "*");
7403 
7404 	iface = global->ifaces;
7405 	while (iface) {
7406 		if (iface->p2pdev == wpa_s)
7407 			iface->p2pdev = iface->parent;
7408 		if (iface == wpa_s || iface->parent != wpa_s) {
7409 			iface = iface->next;
7410 			continue;
7411 		}
7412 		wpa_printf(MSG_DEBUG,
7413 			   "Remove remaining child interface %s from parent %s",
7414 			   iface->ifname, wpa_s->ifname);
7415 		prev = iface;
7416 		iface = iface->next;
7417 		wpa_supplicant_remove_iface(global, prev, terminate);
7418 	}
7419 
7420 	wpa_s->disconnected = 1;
7421 	if (wpa_s->drv_priv) {
7422 		/*
7423 		 * Don't deauthenticate if WoWLAN is enable and not explicitly
7424 		 * been configured to disconnect.
7425 		 */
7426 		if (!wpa_drv_get_wowlan(wpa_s) ||
7427 		    wpa_s->conf->wowlan_disconnect_on_deinit) {
7428 			wpa_supplicant_deauthenticate(
7429 				wpa_s, WLAN_REASON_DEAUTH_LEAVING);
7430 
7431 			wpa_drv_set_countermeasures(wpa_s, 0);
7432 			wpa_clear_keys(wpa_s, NULL);
7433 		} else {
7434 			wpa_msg(wpa_s, MSG_INFO,
7435 				"Do not deauthenticate as part of interface deinit since WoWLAN is enabled");
7436 		}
7437 	}
7438 
7439 	wpa_supplicant_cleanup(wpa_s);
7440 	wpas_p2p_deinit_iface(wpa_s);
7441 
7442 	wpas_ctrl_radio_work_flush(wpa_s);
7443 	radio_remove_interface(wpa_s);
7444 
7445 #ifdef CONFIG_FST
7446 	if (wpa_s->fst) {
7447 		fst_detach(wpa_s->fst);
7448 		wpa_s->fst = NULL;
7449 	}
7450 	if (wpa_s->received_mb_ies) {
7451 		wpabuf_free(wpa_s->received_mb_ies);
7452 		wpa_s->received_mb_ies = NULL;
7453 	}
7454 #endif /* CONFIG_FST */
7455 
7456 	if (wpa_s->drv_priv)
7457 		wpa_drv_deinit(wpa_s);
7458 
7459 	if (notify)
7460 		wpas_notify_iface_removed(wpa_s);
7461 
7462 	if (terminate)
7463 		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TERMINATING);
7464 
7465 	wpa_supplicant_ctrl_iface_deinit(wpa_s, wpa_s->ctrl_iface);
7466 	wpa_s->ctrl_iface = NULL;
7467 
7468 #ifdef CONFIG_MESH
7469 	if (wpa_s->ifmsh) {
7470 		wpa_supplicant_mesh_iface_deinit(wpa_s, wpa_s->ifmsh, true);
7471 		wpa_s->ifmsh = NULL;
7472 	}
7473 #endif /* CONFIG_MESH */
7474 
7475 	if (wpa_s->conf != NULL) {
7476 		wpa_config_free(wpa_s->conf);
7477 		wpa_s->conf = NULL;
7478 	}
7479 
7480 	os_free(wpa_s->ssids_from_scan_req);
7481 	os_free(wpa_s->last_scan_freqs);
7482 
7483 	os_free(wpa_s);
7484 }
7485 
7486 
7487 #ifdef CONFIG_MATCH_IFACE
7488 
7489 /**
7490  * wpa_supplicant_match_iface - Match an interface description to a name
7491  * @global: Pointer to global data from wpa_supplicant_init()
7492  * @ifname: Name of the interface to match
7493  * Returns: Pointer to the created interface description or %NULL on failure
7494  */
wpa_supplicant_match_iface(struct wpa_global * global,const char * ifname)7495 struct wpa_interface * wpa_supplicant_match_iface(struct wpa_global *global,
7496 						  const char *ifname)
7497 {
7498 	int i;
7499 	struct wpa_interface *iface, *miface;
7500 
7501 	for (i = 0; i < global->params.match_iface_count; i++) {
7502 		miface = &global->params.match_ifaces[i];
7503 		if (!miface->ifname ||
7504 		    fnmatch(miface->ifname, ifname, 0) == 0) {
7505 			iface = os_zalloc(sizeof(*iface));
7506 			if (!iface)
7507 				return NULL;
7508 			*iface = *miface;
7509 			if (!miface->ifname)
7510 				iface->matched = WPA_IFACE_MATCHED_NULL;
7511 			else
7512 				iface->matched = WPA_IFACE_MATCHED;
7513 			iface->ifname = ifname;
7514 			return iface;
7515 		}
7516 	}
7517 
7518 	return NULL;
7519 }
7520 
7521 
7522 /**
7523  * wpa_supplicant_match_existing - Match existing interfaces
7524  * @global: Pointer to global data from wpa_supplicant_init()
7525  * Returns: 0 on success, -1 on failure
7526  */
wpa_supplicant_match_existing(struct wpa_global * global)7527 static int wpa_supplicant_match_existing(struct wpa_global *global)
7528 {
7529 	struct if_nameindex *ifi, *ifp;
7530 	struct wpa_supplicant *wpa_s;
7531 	struct wpa_interface *iface;
7532 
7533 	ifp = if_nameindex();
7534 	if (!ifp) {
7535 		wpa_printf(MSG_ERROR, "if_nameindex: %s", strerror(errno));
7536 		return -1;
7537 	}
7538 
7539 	for (ifi = ifp; ifi->if_name; ifi++) {
7540 		wpa_s = wpa_supplicant_get_iface(global, ifi->if_name);
7541 		if (wpa_s)
7542 			continue;
7543 		iface = wpa_supplicant_match_iface(global, ifi->if_name);
7544 		if (iface) {
7545 			wpa_supplicant_add_iface(global, iface, NULL);
7546 			os_free(iface);
7547 		}
7548 	}
7549 
7550 	if_freenameindex(ifp);
7551 	return 0;
7552 }
7553 
7554 #endif /* CONFIG_MATCH_IFACE */
7555 
7556 
7557 /**
7558  * wpa_supplicant_add_iface - Add a new network interface
7559  * @global: Pointer to global data from wpa_supplicant_init()
7560  * @iface: Interface configuration options
7561  * @parent: Parent interface or %NULL to assign new interface as parent
7562  * Returns: Pointer to the created interface or %NULL on failure
7563  *
7564  * This function is used to add new network interfaces for %wpa_supplicant.
7565  * This can be called before wpa_supplicant_run() to add interfaces before the
7566  * main event loop has been started. In addition, new interfaces can be added
7567  * dynamically while %wpa_supplicant is already running. This could happen,
7568  * e.g., when a hotplug network adapter is inserted.
7569  */
wpa_supplicant_add_iface(struct wpa_global * global,struct wpa_interface * iface,struct wpa_supplicant * parent)7570 struct wpa_supplicant * wpa_supplicant_add_iface(struct wpa_global *global,
7571 						 struct wpa_interface *iface,
7572 						 struct wpa_supplicant *parent)
7573 {
7574 	struct wpa_supplicant *wpa_s;
7575 	struct wpa_interface t_iface;
7576 	struct wpa_ssid *ssid;
7577 
7578 	if (global == NULL || iface == NULL)
7579 		return NULL;
7580 
7581 	wpa_s = wpa_supplicant_alloc(parent);
7582 	if (wpa_s == NULL)
7583 		return NULL;
7584 
7585 	wpa_s->global = global;
7586 
7587 	t_iface = *iface;
7588 	if (global->params.override_driver) {
7589 		wpa_printf(MSG_DEBUG, "Override interface parameter: driver "
7590 			   "('%s' -> '%s')",
7591 			   iface->driver, global->params.override_driver);
7592 		t_iface.driver = global->params.override_driver;
7593 	}
7594 	if (global->params.override_ctrl_interface) {
7595 		wpa_printf(MSG_DEBUG, "Override interface parameter: "
7596 			   "ctrl_interface ('%s' -> '%s')",
7597 			   iface->ctrl_interface,
7598 			   global->params.override_ctrl_interface);
7599 		t_iface.ctrl_interface =
7600 			global->params.override_ctrl_interface;
7601 	}
7602 	if (wpa_supplicant_init_iface(wpa_s, &t_iface)) {
7603 		wpa_printf(MSG_DEBUG, "Failed to add interface %s",
7604 			   iface->ifname);
7605 		wpa_supplicant_deinit_iface(wpa_s, 0, 0);
7606 		return NULL;
7607 	}
7608 
7609 	if (iface->p2p_mgmt == 0) {
7610 		/* Notify the control interfaces about new iface */
7611 		if (wpas_notify_iface_added(wpa_s)) {
7612 			wpa_supplicant_deinit_iface(wpa_s, 1, 0);
7613 			return NULL;
7614 		}
7615 
7616 		for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next)
7617 			wpas_notify_network_added(wpa_s, ssid);
7618 	}
7619 
7620 	wpa_s->next = global->ifaces;
7621 	global->ifaces = wpa_s;
7622 
7623 	wpa_dbg(wpa_s, MSG_DEBUG, "Added interface %s", wpa_s->ifname);
7624 	wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
7625 
7626 #ifdef CONFIG_P2P
7627 	if (wpa_s->global->p2p == NULL &&
7628 	    !wpa_s->global->p2p_disabled && !wpa_s->conf->p2p_disabled &&
7629 	    (wpa_s->drv_flags & WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE) &&
7630 	    wpas_p2p_add_p2pdev_interface(
7631 		    wpa_s, wpa_s->global->params.conf_p2p_dev) < 0) {
7632 		wpa_printf(MSG_INFO,
7633 			   "P2P: Failed to enable P2P Device interface");
7634 		/* Try to continue without. P2P will be disabled. */
7635 	}
7636 #endif /* CONFIG_P2P */
7637 
7638 	return wpa_s;
7639 }
7640 
7641 
7642 /**
7643  * wpa_supplicant_remove_iface - Remove a network interface
7644  * @global: Pointer to global data from wpa_supplicant_init()
7645  * @wpa_s: Pointer to the network interface to be removed
7646  * Returns: 0 if interface was removed, -1 if interface was not found
7647  *
7648  * This function can be used to dynamically remove network interfaces from
7649  * %wpa_supplicant, e.g., when a hotplug network adapter is ejected. In
7650  * addition, this function is used to remove all remaining interfaces when
7651  * %wpa_supplicant is terminated.
7652  */
wpa_supplicant_remove_iface(struct wpa_global * global,struct wpa_supplicant * wpa_s,int terminate)7653 int wpa_supplicant_remove_iface(struct wpa_global *global,
7654 				struct wpa_supplicant *wpa_s,
7655 				int terminate)
7656 {
7657 	struct wpa_supplicant *prev;
7658 #ifdef CONFIG_MESH
7659 	unsigned int mesh_if_created = wpa_s->mesh_if_created;
7660 	char *ifname = NULL;
7661 	struct wpa_supplicant *parent = wpa_s->parent;
7662 #endif /* CONFIG_MESH */
7663 
7664 	/* Remove interface from the global list of interfaces */
7665 	prev = global->ifaces;
7666 	if (prev == wpa_s) {
7667 		global->ifaces = wpa_s->next;
7668 	} else {
7669 		while (prev && prev->next != wpa_s)
7670 			prev = prev->next;
7671 		if (prev == NULL)
7672 			return -1;
7673 		prev->next = wpa_s->next;
7674 	}
7675 
7676 	wpa_dbg(wpa_s, MSG_DEBUG, "Removing interface %s", wpa_s->ifname);
7677 
7678 #ifdef CONFIG_MESH
7679 	if (mesh_if_created) {
7680 		ifname = os_strdup(wpa_s->ifname);
7681 		if (ifname == NULL) {
7682 			wpa_dbg(wpa_s, MSG_ERROR,
7683 				"mesh: Failed to malloc ifname");
7684 			return -1;
7685 		}
7686 	}
7687 #endif /* CONFIG_MESH */
7688 
7689 	if (global->p2p_group_formation == wpa_s)
7690 		global->p2p_group_formation = NULL;
7691 	if (global->p2p_invite_group == wpa_s)
7692 		global->p2p_invite_group = NULL;
7693 	wpa_supplicant_deinit_iface(wpa_s, 1, terminate);
7694 
7695 #ifdef CONFIG_MESH
7696 	if (mesh_if_created) {
7697 		wpa_drv_if_remove(parent, WPA_IF_MESH, ifname);
7698 		os_free(ifname);
7699 	}
7700 #endif /* CONFIG_MESH */
7701 
7702 	return 0;
7703 }
7704 
7705 
7706 /**
7707  * wpa_supplicant_get_eap_mode - Get the current EAP mode
7708  * @wpa_s: Pointer to the network interface
7709  * Returns: Pointer to the eap mode or the string "UNKNOWN" if not found
7710  */
wpa_supplicant_get_eap_mode(struct wpa_supplicant * wpa_s)7711 const char * wpa_supplicant_get_eap_mode(struct wpa_supplicant *wpa_s)
7712 {
7713 	const char *eapol_method;
7714 
7715         if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt) == 0 &&
7716             wpa_s->key_mgmt != WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
7717 		return "NO-EAP";
7718 	}
7719 
7720 	eapol_method = eapol_sm_get_method_name(wpa_s->eapol);
7721 	if (eapol_method == NULL)
7722 		return "UNKNOWN-EAP";
7723 
7724 	return eapol_method;
7725 }
7726 
7727 
7728 /**
7729  * wpa_supplicant_get_iface - Get a new network interface
7730  * @global: Pointer to global data from wpa_supplicant_init()
7731  * @ifname: Interface name
7732  * Returns: Pointer to the interface or %NULL if not found
7733  */
wpa_supplicant_get_iface(struct wpa_global * global,const char * ifname)7734 struct wpa_supplicant * wpa_supplicant_get_iface(struct wpa_global *global,
7735 						 const char *ifname)
7736 {
7737 	struct wpa_supplicant *wpa_s;
7738 
7739 	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
7740 		if (os_strcmp(wpa_s->ifname, ifname) == 0)
7741 			return wpa_s;
7742 	}
7743 	return NULL;
7744 }
7745 
7746 
7747 #ifndef CONFIG_NO_WPA_MSG
wpa_supplicant_msg_ifname_cb(void * ctx)7748 static const char * wpa_supplicant_msg_ifname_cb(void *ctx)
7749 {
7750 	struct wpa_supplicant *wpa_s = ctx;
7751 	if (wpa_s == NULL)
7752 		return NULL;
7753 	return wpa_s->ifname;
7754 }
7755 #endif /* CONFIG_NO_WPA_MSG */
7756 
7757 
7758 #ifndef WPA_SUPPLICANT_CLEANUP_INTERVAL
7759 #define WPA_SUPPLICANT_CLEANUP_INTERVAL 10
7760 #endif /* WPA_SUPPLICANT_CLEANUP_INTERVAL */
7761 
7762 /* Periodic cleanup tasks */
wpas_periodic(void * eloop_ctx,void * timeout_ctx)7763 static void wpas_periodic(void *eloop_ctx, void *timeout_ctx)
7764 {
7765 	struct wpa_global *global = eloop_ctx;
7766 	struct wpa_supplicant *wpa_s;
7767 
7768 	eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL, 0,
7769 			       wpas_periodic, global, NULL);
7770 
7771 #ifdef CONFIG_P2P
7772 	if (global->p2p)
7773 		p2p_expire_peers(global->p2p);
7774 #endif /* CONFIG_P2P */
7775 
7776 	for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next) {
7777 		wpa_bss_flush_by_age(wpa_s, wpa_s->conf->bss_expiration_age);
7778 #ifdef CONFIG_AP
7779 		ap_periodic(wpa_s);
7780 #endif /* CONFIG_AP */
7781 	}
7782 }
7783 
7784 
7785 /**
7786  * wpa_supplicant_init - Initialize %wpa_supplicant
7787  * @params: Parameters for %wpa_supplicant
7788  * Returns: Pointer to global %wpa_supplicant data, or %NULL on failure
7789  *
7790  * This function is used to initialize %wpa_supplicant. After successful
7791  * initialization, the returned data pointer can be used to add and remove
7792  * network interfaces, and eventually, to deinitialize %wpa_supplicant.
7793  */
wpa_supplicant_init(struct wpa_params * params)7794 struct wpa_global * wpa_supplicant_init(struct wpa_params *params)
7795 {
7796 	struct wpa_global *global;
7797 	int ret, i;
7798 
7799 	if (params == NULL)
7800 		return NULL;
7801 
7802 #ifdef CONFIG_DRIVER_NDIS
7803 	{
7804 		void driver_ndis_init_ops(void);
7805 		driver_ndis_init_ops();
7806 	}
7807 #endif /* CONFIG_DRIVER_NDIS */
7808 
7809 #ifndef CONFIG_NO_WPA_MSG
7810 	wpa_msg_register_ifname_cb(wpa_supplicant_msg_ifname_cb);
7811 #endif /* CONFIG_NO_WPA_MSG */
7812 
7813 	if (params->wpa_debug_file_path)
7814 		wpa_debug_open_file(params->wpa_debug_file_path);
7815 	if (!params->wpa_debug_file_path && !params->wpa_debug_syslog)
7816 		wpa_debug_setup_stdout();
7817 	if (params->wpa_debug_syslog)
7818 		wpa_debug_open_syslog();
7819 	if (params->wpa_debug_tracing) {
7820 		ret = wpa_debug_open_linux_tracing();
7821 		if (ret) {
7822 			wpa_printf(MSG_ERROR,
7823 				   "Failed to enable trace logging");
7824 			return NULL;
7825 		}
7826 	}
7827 
7828 	ret = eap_register_methods();
7829 	if (ret) {
7830 		wpa_printf(MSG_ERROR, "Failed to register EAP methods");
7831 		if (ret == -2)
7832 			wpa_printf(MSG_ERROR, "Two or more EAP methods used "
7833 				   "the same EAP type.");
7834 		return NULL;
7835 	}
7836 
7837 	global = os_zalloc(sizeof(*global));
7838 	if (global == NULL)
7839 		return NULL;
7840 	dl_list_init(&global->p2p_srv_bonjour);
7841 	dl_list_init(&global->p2p_srv_upnp);
7842 	global->params.daemonize = params->daemonize;
7843 	global->params.wait_for_monitor = params->wait_for_monitor;
7844 	global->params.dbus_ctrl_interface = params->dbus_ctrl_interface;
7845 	if (params->pid_file)
7846 		global->params.pid_file = os_strdup(params->pid_file);
7847 	if (params->ctrl_interface)
7848 		global->params.ctrl_interface =
7849 			os_strdup(params->ctrl_interface);
7850 	if (params->ctrl_interface_group)
7851 		global->params.ctrl_interface_group =
7852 			os_strdup(params->ctrl_interface_group);
7853 	if (params->override_driver)
7854 		global->params.override_driver =
7855 			os_strdup(params->override_driver);
7856 	if (params->override_ctrl_interface)
7857 		global->params.override_ctrl_interface =
7858 			os_strdup(params->override_ctrl_interface);
7859 #ifdef CONFIG_MATCH_IFACE
7860 	global->params.match_iface_count = params->match_iface_count;
7861 	if (params->match_iface_count) {
7862 		global->params.match_ifaces =
7863 			os_calloc(params->match_iface_count,
7864 				  sizeof(struct wpa_interface));
7865 		os_memcpy(global->params.match_ifaces,
7866 			  params->match_ifaces,
7867 			  params->match_iface_count *
7868 			  sizeof(struct wpa_interface));
7869 	}
7870 #endif /* CONFIG_MATCH_IFACE */
7871 #ifdef CONFIG_P2P
7872 	if (params->conf_p2p_dev)
7873 		global->params.conf_p2p_dev =
7874 			os_strdup(params->conf_p2p_dev);
7875 #endif /* CONFIG_P2P */
7876 	wpa_debug_level = global->params.wpa_debug_level =
7877 		params->wpa_debug_level;
7878 	wpa_debug_show_keys = global->params.wpa_debug_show_keys =
7879 		params->wpa_debug_show_keys;
7880 	wpa_debug_timestamp = global->params.wpa_debug_timestamp =
7881 		params->wpa_debug_timestamp;
7882 
7883 	wpa_printf(MSG_DEBUG, "wpa_supplicant v%s", VERSION_STR);
7884 
7885 	if (eloop_init()) {
7886 		wpa_printf(MSG_ERROR, "Failed to initialize event loop");
7887 		wpa_supplicant_deinit(global);
7888 		return NULL;
7889 	}
7890 
7891 	random_init(params->entropy_file);
7892 
7893 	global->ctrl_iface = wpa_supplicant_global_ctrl_iface_init(global);
7894 	if (global->ctrl_iface == NULL) {
7895 		wpa_supplicant_deinit(global);
7896 		return NULL;
7897 	}
7898 
7899 	if (wpas_notify_supplicant_initialized(global)) {
7900 		wpa_supplicant_deinit(global);
7901 		return NULL;
7902 	}
7903 
7904 	for (i = 0; wpa_drivers[i]; i++)
7905 		global->drv_count++;
7906 	if (global->drv_count == 0) {
7907 		wpa_printf(MSG_ERROR, "No drivers enabled");
7908 		wpa_supplicant_deinit(global);
7909 		return NULL;
7910 	}
7911 	global->drv_priv = os_calloc(global->drv_count, sizeof(void *));
7912 	if (global->drv_priv == NULL) {
7913 		wpa_supplicant_deinit(global);
7914 		return NULL;
7915 	}
7916 
7917 #ifdef CONFIG_WIFI_DISPLAY
7918 	if (wifi_display_init(global) < 0) {
7919 		wpa_printf(MSG_ERROR, "Failed to initialize Wi-Fi Display");
7920 		wpa_supplicant_deinit(global);
7921 		return NULL;
7922 	}
7923 #endif /* CONFIG_WIFI_DISPLAY */
7924 
7925 	eloop_register_timeout(WPA_SUPPLICANT_CLEANUP_INTERVAL, 0,
7926 			       wpas_periodic, global, NULL);
7927 
7928 	return global;
7929 }
7930 
7931 
7932 /**
7933  * wpa_supplicant_run - Run the %wpa_supplicant main event loop
7934  * @global: Pointer to global data from wpa_supplicant_init()
7935  * Returns: 0 after successful event loop run, -1 on failure
7936  *
7937  * This function starts the main event loop and continues running as long as
7938  * there are any remaining events. In most cases, this function is running as
7939  * long as the %wpa_supplicant process in still in use.
7940  */
wpa_supplicant_run(struct wpa_global * global)7941 int wpa_supplicant_run(struct wpa_global *global)
7942 {
7943 	struct wpa_supplicant *wpa_s;
7944 
7945 	if (global->params.daemonize &&
7946 	    (wpa_supplicant_daemon(global->params.pid_file) ||
7947 	     eloop_sock_requeue()))
7948 		return -1;
7949 
7950 #ifdef CONFIG_MATCH_IFACE
7951 	if (wpa_supplicant_match_existing(global))
7952 		return -1;
7953 #endif
7954 
7955 	if (global->params.wait_for_monitor) {
7956 		for (wpa_s = global->ifaces; wpa_s; wpa_s = wpa_s->next)
7957 			if (wpa_s->ctrl_iface && !wpa_s->p2p_mgmt)
7958 				wpa_supplicant_ctrl_iface_wait(
7959 					wpa_s->ctrl_iface);
7960 	}
7961 
7962 	eloop_register_signal_terminate(wpa_supplicant_terminate, global);
7963 	eloop_register_signal_reconfig(wpa_supplicant_reconfig, global);
7964 
7965 	eloop_run();
7966 
7967 	return 0;
7968 }
7969 
7970 
7971 /**
7972  * wpa_supplicant_deinit - Deinitialize %wpa_supplicant
7973  * @global: Pointer to global data from wpa_supplicant_init()
7974  *
7975  * This function is called to deinitialize %wpa_supplicant and to free all
7976  * allocated resources. Remaining network interfaces will also be removed.
7977  */
wpa_supplicant_deinit(struct wpa_global * global)7978 void wpa_supplicant_deinit(struct wpa_global *global)
7979 {
7980 	int i;
7981 
7982 	if (global == NULL)
7983 		return;
7984 
7985 	eloop_cancel_timeout(wpas_periodic, global, NULL);
7986 
7987 #ifdef CONFIG_WIFI_DISPLAY
7988 	wifi_display_deinit(global);
7989 #endif /* CONFIG_WIFI_DISPLAY */
7990 
7991 	while (global->ifaces)
7992 		wpa_supplicant_remove_iface(global, global->ifaces, 1);
7993 
7994 	if (global->ctrl_iface)
7995 		wpa_supplicant_global_ctrl_iface_deinit(global->ctrl_iface);
7996 
7997 	wpas_notify_supplicant_deinitialized(global);
7998 
7999 	eap_peer_unregister_methods();
8000 #ifdef CONFIG_AP
8001 	eap_server_unregister_methods();
8002 #endif /* CONFIG_AP */
8003 
8004 	for (i = 0; wpa_drivers[i] && global->drv_priv; i++) {
8005 		if (!global->drv_priv[i])
8006 			continue;
8007 		wpa_drivers[i]->global_deinit(global->drv_priv[i]);
8008 	}
8009 	os_free(global->drv_priv);
8010 
8011 	random_deinit();
8012 
8013 	eloop_destroy();
8014 
8015 	if (global->params.pid_file) {
8016 		os_daemonize_terminate(global->params.pid_file);
8017 		os_free(global->params.pid_file);
8018 	}
8019 	os_free(global->params.ctrl_interface);
8020 	os_free(global->params.ctrl_interface_group);
8021 	os_free(global->params.override_driver);
8022 	os_free(global->params.override_ctrl_interface);
8023 #ifdef CONFIG_MATCH_IFACE
8024 	os_free(global->params.match_ifaces);
8025 #endif /* CONFIG_MATCH_IFACE */
8026 #ifdef CONFIG_P2P
8027 	os_free(global->params.conf_p2p_dev);
8028 #endif /* CONFIG_P2P */
8029 
8030 	os_free(global->p2p_disallow_freq.range);
8031 	os_free(global->p2p_go_avoid_freq.range);
8032 	os_free(global->add_psk);
8033 
8034 	os_free(global);
8035 	wpa_debug_close_syslog();
8036 	wpa_debug_close_file();
8037 	wpa_debug_close_linux_tracing();
8038 }
8039 
8040 
wpa_supplicant_update_config(struct wpa_supplicant * wpa_s)8041 void wpa_supplicant_update_config(struct wpa_supplicant *wpa_s)
8042 {
8043 	if ((wpa_s->conf->changed_parameters & CFG_CHANGED_COUNTRY) &&
8044 	    wpa_s->conf->country[0] && wpa_s->conf->country[1]) {
8045 		char country[3];
8046 		country[0] = wpa_s->conf->country[0];
8047 		country[1] = wpa_s->conf->country[1];
8048 		country[2] = '\0';
8049 		if (wpa_drv_set_country(wpa_s, country) < 0) {
8050 			wpa_printf(MSG_ERROR, "Failed to set country code "
8051 				   "'%s'", country);
8052 		}
8053 	}
8054 
8055 	if (wpa_s->conf->changed_parameters & CFG_CHANGED_EXT_PW_BACKEND)
8056 		wpas_init_ext_pw(wpa_s);
8057 
8058 	if (wpa_s->conf->changed_parameters & CFG_CHANGED_SCHED_SCAN_PLANS)
8059 		wpas_sched_scan_plans_set(wpa_s, wpa_s->conf->sched_scan_plans);
8060 
8061 	if (wpa_s->conf->changed_parameters & CFG_CHANGED_WOWLAN_TRIGGERS) {
8062 		struct wpa_driver_capa capa;
8063 		int res = wpa_drv_get_capa(wpa_s, &capa);
8064 
8065 		if (res == 0 && wpas_set_wowlan_triggers(wpa_s, &capa) < 0)
8066 			wpa_printf(MSG_ERROR,
8067 				   "Failed to update wowlan_triggers to '%s'",
8068 				   wpa_s->conf->wowlan_triggers);
8069 	}
8070 
8071 	if (wpa_s->conf->changed_parameters & CFG_CHANGED_DISABLE_BTM)
8072 		wpa_supplicant_set_default_scan_ies(wpa_s);
8073 
8074 #ifdef CONFIG_BGSCAN
8075 	/*
8076 	 * We default to global bgscan parameters only when per-network bgscan
8077 	 * parameters aren't set. Only bother resetting bgscan parameters if
8078 	 * this is the case.
8079 	 */
8080 	if ((wpa_s->conf->changed_parameters & CFG_CHANGED_BGSCAN) &&
8081 	    wpa_s->current_ssid && !wpa_s->current_ssid->bgscan &&
8082 	    wpa_s->wpa_state == WPA_COMPLETED)
8083 		wpa_supplicant_reset_bgscan(wpa_s);
8084 #endif /* CONFIG_BGSCAN */
8085 
8086 #ifdef CONFIG_WPS
8087 	wpas_wps_update_config(wpa_s);
8088 #endif /* CONFIG_WPS */
8089 	wpas_p2p_update_config(wpa_s);
8090 	wpa_s->conf->changed_parameters = 0;
8091 }
8092 
8093 
add_freq(int * freqs,int * num_freqs,int freq)8094 void add_freq(int *freqs, int *num_freqs, int freq)
8095 {
8096 	int i;
8097 
8098 	for (i = 0; i < *num_freqs; i++) {
8099 		if (freqs[i] == freq)
8100 			return;
8101 	}
8102 
8103 	freqs[*num_freqs] = freq;
8104 	(*num_freqs)++;
8105 }
8106 
8107 
get_bss_freqs_in_ess(struct wpa_supplicant * wpa_s)8108 static int * get_bss_freqs_in_ess(struct wpa_supplicant *wpa_s)
8109 {
8110 	struct wpa_bss *bss, *cbss;
8111 	const int max_freqs = 10;
8112 	int *freqs;
8113 	int num_freqs = 0;
8114 
8115 	freqs = os_calloc(max_freqs + 1, sizeof(int));
8116 	if (freqs == NULL)
8117 		return NULL;
8118 
8119 	cbss = wpa_s->current_bss;
8120 
8121 	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
8122 		if (bss == cbss)
8123 			continue;
8124 		if (bss->ssid_len == cbss->ssid_len &&
8125 		    os_memcmp(bss->ssid, cbss->ssid, bss->ssid_len) == 0 &&
8126 		    !wpa_bssid_ignore_is_listed(wpa_s, bss->bssid)) {
8127 			add_freq(freqs, &num_freqs, bss->freq);
8128 			if (num_freqs == max_freqs)
8129 				break;
8130 		}
8131 	}
8132 
8133 	if (num_freqs == 0) {
8134 		os_free(freqs);
8135 		freqs = NULL;
8136 	}
8137 
8138 	return freqs;
8139 }
8140 
8141 
wpas_connection_failed(struct wpa_supplicant * wpa_s,const u8 * bssid,const u8 ** link_bssids)8142 void wpas_connection_failed(struct wpa_supplicant *wpa_s, const u8 *bssid,
8143 		                    const u8 **link_bssids)
8144 {
8145 	int timeout;
8146 	int count;
8147 	int *freqs = NULL;
8148 
8149 	wpas_connect_work_done(wpa_s);
8150 
8151 	/*
8152 	 * Remove possible authentication timeout since the connection failed.
8153 	 */
8154 	eloop_cancel_timeout(wpa_supplicant_timeout, wpa_s, NULL);
8155 
8156 	/*
8157 	 * There is no point in ignoring the AP temporarily if this event is
8158 	 * generated based on local request to disconnect.
8159 	 */
8160 	if (wpa_s->own_disconnect_req || wpa_s->own_reconnect_req) {
8161 		wpa_s->own_disconnect_req = 0;
8162 		wpa_dbg(wpa_s, MSG_DEBUG,
8163 			"Ignore connection failure due to local request to disconnect");
8164 		return;
8165 	}
8166 	if (wpa_s->disconnected) {
8167 		wpa_dbg(wpa_s, MSG_DEBUG, "Ignore connection failure "
8168 			"indication since interface has been put into "
8169 			"disconnected state");
8170 		return;
8171 	}
8172 
8173 	/*
8174 	 * Add the failed BSSID into the ignore list and speed up next scan
8175 	 * attempt if there could be other APs that could accept association.
8176 	 */
8177 	count = wpa_bssid_ignore_add(wpa_s, bssid);
8178 	if (count == 1 && wpa_s->current_bss) {
8179 		/*
8180 		 * This BSS was not in the ignore list before. If there is
8181 		 * another BSS available for the same ESS, we should try that
8182 		 * next. Otherwise, we may as well try this one once more
8183 		 * before allowing other, likely worse, ESSes to be considered.
8184 		 */
8185 		freqs = get_bss_freqs_in_ess(wpa_s);
8186 		if (freqs) {
8187 			wpa_dbg(wpa_s, MSG_DEBUG, "Another BSS in this ESS "
8188 				"has been seen; try it next");
8189 			wpa_bssid_ignore_add(wpa_s, bssid);
8190 			/*
8191 			 * On the next scan, go through only the known channels
8192 			 * used in this ESS based on previous scans to speed up
8193 			 * common load balancing use case.
8194 			 */
8195 			os_free(wpa_s->next_scan_freqs);
8196 			wpa_s->next_scan_freqs = freqs;
8197 		}
8198 	}
8199 
8200 	wpa_s->consecutive_conn_failures++;
8201 
8202 	if (wpa_s->consecutive_conn_failures > 3 && wpa_s->current_ssid) {
8203 		wpa_printf(MSG_DEBUG, "Continuous association failures - "
8204 			   "consider temporary network disabling");
8205 		wpas_auth_failed(wpa_s, "CONN_FAILED", bssid);
8206 	}
8207 	/*
8208 	 * Multiple consecutive connection failures mean that other APs are
8209 	 * either not available or have already been tried, so we can start
8210 	 * increasing the delay here to avoid constant scanning.
8211 	 */
8212 	switch (wpa_s->consecutive_conn_failures) {
8213 	case 1:
8214 		timeout = 100;
8215 		break;
8216 	case 2:
8217 		timeout = 500;
8218 		break;
8219 	case 3:
8220 		timeout = 1000;
8221 		break;
8222 	case 4:
8223 		timeout = 5000;
8224 		break;
8225 	default:
8226 		timeout = 10000;
8227 		break;
8228 	}
8229 
8230 	wpa_dbg(wpa_s, MSG_DEBUG,
8231 		"Consecutive connection failures: %d --> request scan in %d ms",
8232 		wpa_s->consecutive_conn_failures, timeout);
8233 
8234 	/*
8235 	 * TODO: if more than one possible AP is available in scan results,
8236 	 * could try the other ones before requesting a new scan.
8237 	 */
8238 
8239 	/* speed up the connection attempt with normal scan */
8240 	wpa_s->normal_scans = 0;
8241 	wpa_supplicant_req_scan(wpa_s, timeout / 1000,
8242 				1000 * (timeout % 1000));
8243 }
8244 
8245 
8246 #ifdef CONFIG_FILS
8247 
fils_pmksa_cache_flush(struct wpa_supplicant * wpa_s)8248 void fils_pmksa_cache_flush(struct wpa_supplicant *wpa_s)
8249 {
8250 	struct wpa_ssid *ssid = wpa_s->current_ssid;
8251 	const u8 *realm, *username, *rrk;
8252 	size_t realm_len, username_len, rrk_len;
8253 	u16 next_seq_num;
8254 
8255 	/* Clear the PMKSA cache entry if FILS authentication was rejected.
8256 	 * Check for ERP keys existing to limit when this can be done since
8257 	 * the rejection response is not protected and such triggers should
8258 	 * really not allow internal state to be modified unless required to
8259 	 * avoid significant issues in functionality. In addition, drop
8260 	 * externally configure PMKSA entries even without ERP keys since it
8261 	 * is possible for an external component to add PMKSA entries for FILS
8262 	 * authentication without restoring previously generated ERP keys.
8263 	 *
8264 	 * In this case, this is needed to allow recovery from cases where the
8265 	 * AP or authentication server has dropped PMKSAs and ERP keys. */
8266 	if (!ssid || !ssid->eap.erp || !wpa_key_mgmt_fils(ssid->key_mgmt))
8267 		return;
8268 
8269 	if (eapol_sm_get_erp_info(wpa_s->eapol, &ssid->eap,
8270 				  &username, &username_len,
8271 				  &realm, &realm_len, &next_seq_num,
8272 				  &rrk, &rrk_len) != 0 ||
8273 	    !realm) {
8274 		wpa_dbg(wpa_s, MSG_DEBUG,
8275 			"FILS: Drop external PMKSA cache entry");
8276 		wpa_sm_aborted_external_cached(wpa_s->wpa);
8277 		wpa_sm_external_pmksa_cache_flush(wpa_s->wpa, ssid);
8278 		return;
8279 	}
8280 
8281 	wpa_dbg(wpa_s, MSG_DEBUG, "FILS: Drop PMKSA cache entry");
8282 	wpa_sm_aborted_cached(wpa_s->wpa);
8283 	wpa_sm_pmksa_cache_flush(wpa_s->wpa, ssid);
8284 }
8285 
8286 
fils_connection_failure(struct wpa_supplicant * wpa_s)8287 void fils_connection_failure(struct wpa_supplicant *wpa_s)
8288 {
8289 	struct wpa_ssid *ssid = wpa_s->current_ssid;
8290 	const u8 *realm, *username, *rrk;
8291 	size_t realm_len, username_len, rrk_len;
8292 	u16 next_seq_num;
8293 
8294 	if (!ssid || !ssid->eap.erp || !wpa_key_mgmt_fils(ssid->key_mgmt) ||
8295 	    eapol_sm_get_erp_info(wpa_s->eapol, &ssid->eap,
8296 				  &username, &username_len,
8297 				  &realm, &realm_len, &next_seq_num,
8298 				  &rrk, &rrk_len) != 0 ||
8299 	    !realm)
8300 		return;
8301 
8302 	wpa_hexdump_ascii(MSG_DEBUG,
8303 			  "FILS: Store last connection failure realm",
8304 			  realm, realm_len);
8305 	os_free(wpa_s->last_con_fail_realm);
8306 	wpa_s->last_con_fail_realm = os_malloc(realm_len);
8307 	if (wpa_s->last_con_fail_realm) {
8308 		wpa_s->last_con_fail_realm_len = realm_len;
8309 		os_memcpy(wpa_s->last_con_fail_realm, realm, realm_len);
8310 	}
8311 }
8312 #endif /* CONFIG_FILS */
8313 
8314 
wpas_driver_bss_selection(struct wpa_supplicant * wpa_s)8315 int wpas_driver_bss_selection(struct wpa_supplicant *wpa_s)
8316 {
8317 	return wpa_s->conf->ap_scan == 2 ||
8318 		(wpa_s->drv_flags & WPA_DRIVER_FLAGS_BSS_SELECTION);
8319 }
8320 
8321 
wpas_driver_rsn_override(struct wpa_supplicant * wpa_s)8322 static bool wpas_driver_rsn_override(struct wpa_supplicant *wpa_s)
8323 {
8324 	return !!(wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_RSN_OVERRIDE_STA);
8325 }
8326 
8327 
wpas_rsn_overriding(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)8328 bool wpas_rsn_overriding(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
8329 {
8330 	enum wpas_rsn_overriding rsno;
8331 
8332 	if (ssid && ssid->rsn_overriding != RSN_OVERRIDING_NOT_SET)
8333 		rsno = ssid->rsn_overriding;
8334 	else
8335 		rsno = wpa_s->conf->rsn_overriding;
8336 
8337 	if (rsno == RSN_OVERRIDING_DISABLED)
8338 		return false;
8339 
8340 	if (rsno == RSN_OVERRIDING_ENABLED)
8341 		return true;
8342 
8343 	if (!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) ||
8344 	    wpas_driver_bss_selection(wpa_s))
8345 		return wpas_driver_rsn_override(wpa_s);
8346 
8347 	return true;
8348 }
8349 
8350 
8351 #if defined(CONFIG_CTRL_IFACE) || defined(CONFIG_CTRL_IFACE_DBUS_NEW)
wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,const char * field,const char * value)8352 int wpa_supplicant_ctrl_iface_ctrl_rsp_handle(struct wpa_supplicant *wpa_s,
8353 					      struct wpa_ssid *ssid,
8354 					      const char *field,
8355 					      const char *value)
8356 {
8357 #ifdef IEEE8021X_EAPOL
8358 	struct eap_peer_config *eap = &ssid->eap;
8359 
8360 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: response handle field=%s", field);
8361 	wpa_hexdump_ascii_key(MSG_DEBUG, "CTRL_IFACE: response value",
8362 			      (const u8 *) value, os_strlen(value));
8363 
8364 	switch (wpa_supplicant_ctrl_req_from_string(field)) {
8365 	case WPA_CTRL_REQ_EAP_IDENTITY:
8366 		os_free(eap->identity);
8367 		eap->identity = (u8 *) os_strdup(value);
8368 		eap->identity_len = os_strlen(value);
8369 		eap->pending_req_identity = 0;
8370 		if (ssid == wpa_s->current_ssid)
8371 			wpa_s->reassociate = 1;
8372 		break;
8373 	case WPA_CTRL_REQ_EAP_PASSWORD:
8374 		bin_clear_free(eap->password, eap->password_len);
8375 		eap->password = (u8 *) os_strdup(value);
8376 		eap->password_len = os_strlen(value);
8377 		eap->pending_req_password = 0;
8378 		if (ssid == wpa_s->current_ssid)
8379 			wpa_s->reassociate = 1;
8380 		break;
8381 	case WPA_CTRL_REQ_EAP_NEW_PASSWORD:
8382 		bin_clear_free(eap->new_password, eap->new_password_len);
8383 		eap->new_password = (u8 *) os_strdup(value);
8384 		eap->new_password_len = os_strlen(value);
8385 		eap->pending_req_new_password = 0;
8386 		if (ssid == wpa_s->current_ssid)
8387 			wpa_s->reassociate = 1;
8388 		break;
8389 	case WPA_CTRL_REQ_EAP_PIN:
8390 		str_clear_free(eap->cert.pin);
8391 		eap->cert.pin = os_strdup(value);
8392 		eap->pending_req_pin = 0;
8393 		if (ssid == wpa_s->current_ssid)
8394 			wpa_s->reassociate = 1;
8395 		break;
8396 	case WPA_CTRL_REQ_EAP_OTP:
8397 		bin_clear_free(eap->otp, eap->otp_len);
8398 		eap->otp = (u8 *) os_strdup(value);
8399 		eap->otp_len = os_strlen(value);
8400 		os_free(eap->pending_req_otp);
8401 		eap->pending_req_otp = NULL;
8402 		eap->pending_req_otp_len = 0;
8403 		break;
8404 	case WPA_CTRL_REQ_EAP_PASSPHRASE:
8405 		str_clear_free(eap->cert.private_key_passwd);
8406 		eap->cert.private_key_passwd = os_strdup(value);
8407 		eap->pending_req_passphrase = 0;
8408 		if (ssid == wpa_s->current_ssid)
8409 			wpa_s->reassociate = 1;
8410 		break;
8411 	case WPA_CTRL_REQ_SIM:
8412 		str_clear_free(eap->external_sim_resp);
8413 		eap->external_sim_resp = os_strdup(value);
8414 		eap->pending_req_sim = 0;
8415 		break;
8416 	case WPA_CTRL_REQ_PSK_PASSPHRASE:
8417 		if (wpa_config_set(ssid, "psk", value, 0) < 0)
8418 			return -1;
8419 		ssid->mem_only_psk = 1;
8420 		if (ssid->passphrase)
8421 			wpa_config_update_psk(ssid);
8422 		if (wpa_s->wpa_state == WPA_SCANNING && !wpa_s->scanning)
8423 			wpa_supplicant_req_scan(wpa_s, 0, 0);
8424 		break;
8425 	case WPA_CTRL_REQ_EXT_CERT_CHECK:
8426 		if (eap->pending_ext_cert_check != PENDING_CHECK)
8427 			return -1;
8428 		if (os_strcmp(value, "good") == 0)
8429 			eap->pending_ext_cert_check = EXT_CERT_CHECK_GOOD;
8430 		else if (os_strcmp(value, "bad") == 0)
8431 			eap->pending_ext_cert_check = EXT_CERT_CHECK_BAD;
8432 		else
8433 			return -1;
8434 		break;
8435 	default:
8436 		wpa_printf(MSG_DEBUG, "CTRL_IFACE: Unknown field '%s'", field);
8437 		return -1;
8438 	}
8439 
8440 	return 0;
8441 #else /* IEEE8021X_EAPOL */
8442 	wpa_printf(MSG_DEBUG, "CTRL_IFACE: IEEE 802.1X not included");
8443 	return -1;
8444 #endif /* IEEE8021X_EAPOL */
8445 }
8446 #endif /* CONFIG_CTRL_IFACE || CONFIG_CTRL_IFACE_DBUS_NEW */
8447 
8448 
wpas_network_disabled(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)8449 int wpas_network_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
8450 {
8451 #ifdef CONFIG_WEP
8452 	int i;
8453 	unsigned int drv_enc;
8454 #endif /* CONFIG_WEP */
8455 
8456 	if (wpa_s->p2p_mgmt)
8457 		return 1; /* no normal network profiles on p2p_mgmt interface */
8458 
8459 	if (ssid == NULL)
8460 		return 1;
8461 
8462 	if (ssid->disabled)
8463 		return 1;
8464 
8465 #ifdef CONFIG_WEP
8466 	if (wpa_s->drv_capa_known)
8467 		drv_enc = wpa_s->drv_enc;
8468 	else
8469 		drv_enc = (unsigned int) -1;
8470 
8471 	for (i = 0; i < NUM_WEP_KEYS; i++) {
8472 		size_t len = ssid->wep_key_len[i];
8473 		if (len == 0)
8474 			continue;
8475 		if (len == 5 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP40))
8476 			continue;
8477 		if (len == 13 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP104))
8478 			continue;
8479 		if (len == 16 && (drv_enc & WPA_DRIVER_CAPA_ENC_WEP128))
8480 			continue;
8481 		return 1; /* invalid WEP key */
8482 	}
8483 #endif /* CONFIG_WEP */
8484 
8485 	if (wpa_key_mgmt_wpa_psk(ssid->key_mgmt) && !ssid->psk_set &&
8486 	    (!ssid->passphrase || ssid->ssid_len != 0) && !ssid->ext_psk &&
8487 	    !(wpa_key_mgmt_sae(ssid->key_mgmt) && ssid->sae_password) &&
8488 	    !ssid->mem_only_psk)
8489 		return 1;
8490 
8491 	return 0;
8492 }
8493 
8494 
wpas_get_ssid_pmf(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid)8495 int wpas_get_ssid_pmf(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
8496 {
8497 	if (ssid == NULL || ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT) {
8498 		if (wpa_s->conf->pmf == MGMT_FRAME_PROTECTION_OPTIONAL &&
8499 		    !(wpa_s->drv_enc & WPA_DRIVER_CAPA_ENC_BIP)) {
8500 			/*
8501 			 * Driver does not support BIP -- ignore pmf=1 default
8502 			 * since the connection with PMF would fail and the
8503 			 * configuration does not require PMF to be enabled.
8504 			 */
8505 			return NO_MGMT_FRAME_PROTECTION;
8506 		}
8507 
8508 		if (ssid &&
8509 		    (ssid->key_mgmt &
8510 		     ~(WPA_KEY_MGMT_NONE | WPA_KEY_MGMT_WPS |
8511 		       WPA_KEY_MGMT_IEEE8021X_NO_WPA)) == 0) {
8512 			/*
8513 			 * Do not use the default PMF value for non-RSN networks
8514 			 * since PMF is available only with RSN and pmf=2
8515 			 * configuration would otherwise prevent connections to
8516 			 * all open networks.
8517 			 */
8518 			return NO_MGMT_FRAME_PROTECTION;
8519 		}
8520 
8521 		return wpa_s->conf->pmf;
8522 	}
8523 
8524 	return ssid->ieee80211w;
8525 }
8526 
8527 #ifdef CONFIG_SAE
wpas_is_sae_avoided(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,const struct wpa_ie_data * ie)8528 bool wpas_is_sae_avoided(struct wpa_supplicant *wpa_s,
8529 			 struct wpa_ssid *ssid,
8530 			 const struct wpa_ie_data *ie)
8531 {
8532 	return wpa_s->conf->sae_check_mfp &&
8533 		(!(ie->capabilities &
8534 		   (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) ||
8535 		 wpas_get_ssid_pmf(wpa_s, ssid) == NO_MGMT_FRAME_PROTECTION);
8536 }
8537 #endif /* CONFIG_SAE */
8538 
pmf_in_use(struct wpa_supplicant * wpa_s,const u8 * addr)8539 int pmf_in_use(struct wpa_supplicant *wpa_s, const u8 *addr)
8540 {
8541 	if (wpa_s->current_ssid == NULL ||
8542 	    wpa_s->wpa_state < WPA_4WAY_HANDSHAKE ||
8543 	    os_memcmp(addr, wpa_s->bssid, ETH_ALEN) != 0)
8544 		return 0;
8545 	return wpa_sm_pmf_enabled(wpa_s->wpa);
8546 }
8547 
8548 
wpas_is_p2p_prioritized(struct wpa_supplicant * wpa_s)8549 int wpas_is_p2p_prioritized(struct wpa_supplicant *wpa_s)
8550 {
8551 	if (wpa_s->global->conc_pref == WPA_CONC_PREF_P2P)
8552 		return 1;
8553 	if (wpa_s->global->conc_pref == WPA_CONC_PREF_STA)
8554 		return 0;
8555 	return -1;
8556 }
8557 
8558 
wpas_auth_failed(struct wpa_supplicant * wpa_s,char * reason,const u8 * bssid)8559 void wpas_auth_failed(struct wpa_supplicant *wpa_s, char *reason,
8560 		              const u8 *bssid)
8561 {
8562 	struct wpa_ssid *ssid = wpa_s->current_ssid;
8563 	int dur;
8564 	struct os_reltime now;
8565 
8566 	if (ssid == NULL) {
8567 		wpa_printf(MSG_DEBUG, "Authentication failure but no known "
8568 			   "SSID block");
8569 		return;
8570 	}
8571 
8572 	if (ssid->key_mgmt == WPA_KEY_MGMT_WPS)
8573 		return;
8574 
8575 	ssid->auth_failures++;
8576 
8577 #ifdef CONFIG_P2P
8578 	if (ssid->p2p_group &&
8579 	    (wpa_s->p2p_in_provisioning || wpa_s->show_group_started)) {
8580 		/*
8581 		 * Skip the wait time since there is a short timeout on the
8582 		 * connection to a P2P group.
8583 		 */
8584 		return;
8585 	}
8586 #endif /* CONFIG_P2P */
8587 
8588 	if (ssid->auth_failures > 50)
8589 		dur = 300;
8590 	else if (ssid->auth_failures > 10)
8591 		dur = 120;
8592 	else if (ssid->auth_failures > 5)
8593 		dur = 90;
8594 	else if (ssid->auth_failures > 3)
8595 		dur = 60;
8596 	else if (ssid->auth_failures > 2)
8597 		dur = 30;
8598 	else if (ssid->auth_failures > 1)
8599 		dur = 20;
8600 	else
8601 		dur = 10;
8602 
8603 	if (ssid->auth_failures > 1 &&
8604 	    wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt))
8605 		dur += os_random() % (ssid->auth_failures * 10);
8606 
8607 	os_get_reltime(&now);
8608 	if (now.sec + dur <= ssid->disabled_until.sec)
8609 		return;
8610 
8611 	ssid->disabled_until.sec = now.sec + dur;
8612 
8613 	wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_TEMP_DISABLED
8614 		"id=%d ssid=\"%s\" auth_failures=%u duration=%d reason=%s",
8615 		ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len),
8616 		ssid->auth_failures, dur, reason);
8617 }
8618 
8619 
wpas_clear_temp_disabled(struct wpa_supplicant * wpa_s,struct wpa_ssid * ssid,int clear_failures)8620 void wpas_clear_temp_disabled(struct wpa_supplicant *wpa_s,
8621 			      struct wpa_ssid *ssid, int clear_failures)
8622 {
8623 	if (ssid == NULL)
8624 		return;
8625 
8626 	if (ssid->disabled_until.sec) {
8627 		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_REENABLED
8628 			"id=%d ssid=\"%s\"",
8629 			ssid->id, wpa_ssid_txt(ssid->ssid, ssid->ssid_len));
8630 	}
8631 	ssid->disabled_until.sec = 0;
8632 	ssid->disabled_until.usec = 0;
8633 	if (clear_failures)
8634 		ssid->auth_failures = 0;
8635 }
8636 
8637 
disallowed_bssid(struct wpa_supplicant * wpa_s,const u8 * bssid)8638 int disallowed_bssid(struct wpa_supplicant *wpa_s, const u8 *bssid)
8639 {
8640 	size_t i;
8641 
8642 	if (wpa_s->disallow_aps_bssid == NULL)
8643 		return 0;
8644 
8645 	for (i = 0; i < wpa_s->disallow_aps_bssid_count; i++) {
8646 		if (os_memcmp(wpa_s->disallow_aps_bssid + i * ETH_ALEN,
8647 			      bssid, ETH_ALEN) == 0)
8648 			return 1;
8649 	}
8650 
8651 	return 0;
8652 }
8653 
8654 
disallowed_ssid(struct wpa_supplicant * wpa_s,const u8 * ssid,size_t ssid_len)8655 int disallowed_ssid(struct wpa_supplicant *wpa_s, const u8 *ssid,
8656 		    size_t ssid_len)
8657 {
8658 	size_t i;
8659 
8660 	if (wpa_s->disallow_aps_ssid == NULL || ssid == NULL)
8661 		return 0;
8662 
8663 	for (i = 0; i < wpa_s->disallow_aps_ssid_count; i++) {
8664 		struct wpa_ssid_value *s = &wpa_s->disallow_aps_ssid[i];
8665 		if (ssid_len == s->ssid_len &&
8666 		    os_memcmp(ssid, s->ssid, ssid_len) == 0)
8667 			return 1;
8668 	}
8669 
8670 	return 0;
8671 }
8672 
8673 
8674 /**
8675  * wpas_request_connection - Request a new connection
8676  * @wpa_s: Pointer to the network interface
8677  *
8678  * This function is used to request a new connection to be found. It will mark
8679  * the interface to allow reassociation and request a new scan to find a
8680  * suitable network to connect to.
8681  */
wpas_request_connection(struct wpa_supplicant * wpa_s)8682 void wpas_request_connection(struct wpa_supplicant *wpa_s)
8683 {
8684 	wpa_s->normal_scans = 0;
8685 	wpa_s->scan_req = NORMAL_SCAN_REQ;
8686 	wpa_supplicant_reinit_autoscan(wpa_s);
8687 	wpa_s->disconnected = 0;
8688 	wpa_s->reassociate = 1;
8689 	wpa_s->last_owe_group = 0;
8690 
8691 	if (wpa_supplicant_fast_associate(wpa_s) != 1)
8692 		wpa_supplicant_req_scan(wpa_s, 0, 0);
8693 	else
8694 		wpa_s->reattach = 0;
8695 }
8696 
8697 
8698 /**
8699  * wpas_request_disconnection - Request disconnection
8700  * @wpa_s: Pointer to the network interface
8701  *
8702  * This function is used to request disconnection from the currently connected
8703  * network. This will stop any ongoing scans and initiate deauthentication.
8704  */
wpas_request_disconnection(struct wpa_supplicant * wpa_s)8705 void wpas_request_disconnection(struct wpa_supplicant *wpa_s)
8706 {
8707 #ifdef CONFIG_SME
8708 	wpa_s->sme.prev_bssid_set = 0;
8709 #endif /* CONFIG_SME */
8710 	wpa_s->reassociate = 0;
8711 	wpa_s->disconnected = 1;
8712 	wpa_supplicant_cancel_sched_scan(wpa_s);
8713 	wpa_supplicant_cancel_scan(wpa_s);
8714 	wpas_abort_ongoing_scan(wpa_s);
8715 	wpa_supplicant_deauthenticate(wpa_s, WLAN_REASON_DEAUTH_LEAVING);
8716 	eloop_cancel_timeout(wpas_network_reenabled, wpa_s, NULL);
8717 	radio_remove_works(wpa_s, "connect", 0);
8718 	radio_remove_works(wpa_s, "sme-connect", 0);
8719 	wpa_s->roam_in_progress = false;
8720 #ifdef CONFIG_WNM
8721 	wpa_s->bss_trans_mgmt_in_progress = false;
8722 #endif /* CONFIG_WNM */
8723 }
8724 
8725 
dump_freq_data(struct wpa_supplicant * wpa_s,const char * title,struct wpa_used_freq_data * freqs_data,unsigned int len)8726 void dump_freq_data(struct wpa_supplicant *wpa_s, const char *title,
8727 		    struct wpa_used_freq_data *freqs_data,
8728 		    unsigned int len)
8729 {
8730 	unsigned int i;
8731 
8732 	wpa_dbg(wpa_s, MSG_DEBUG, "Shared frequencies (len=%u): %s",
8733 		len, title);
8734 	for (i = 0; i < len; i++) {
8735 #if CONFIG_WIFI_NM_WPA_SUPPLICANT_DEBUG_LEVEL <= MSG_DEBUG
8736 		struct wpa_used_freq_data *cur = &freqs_data[i];
8737 		wpa_dbg(wpa_s, MSG_DEBUG, "freq[%u]: %d, flags=0x%X",
8738 			i, cur->freq, cur->flags);
8739 #endif /* CONFIG_WIFI_NM_WPA_SUPPLICANT_DEBUG_LEVEL <= MSG_DEBUG */
8740 	}
8741 }
8742 
8743 
8744 /*
8745  * Find the operating frequencies of any of the virtual interfaces that
8746  * are using the same radio as the current interface, and in addition, get
8747  * information about the interface types that are using the frequency.
8748  */
get_shared_radio_freqs_data(struct wpa_supplicant * wpa_s,struct wpa_used_freq_data * freqs_data,unsigned int len,bool exclude_current)8749 int get_shared_radio_freqs_data(struct wpa_supplicant *wpa_s,
8750 				struct wpa_used_freq_data *freqs_data,
8751 				unsigned int len, bool exclude_current)
8752 {
8753 	struct wpa_supplicant *ifs;
8754 	u8 bssid[ETH_ALEN];
8755 	int freq;
8756 	unsigned int idx = 0, i;
8757 
8758 	wpa_dbg(wpa_s, MSG_DEBUG,
8759 		"Determining shared radio frequencies (max len %u)", len);
8760 	os_memset(freqs_data, 0, sizeof(struct wpa_used_freq_data) * len);
8761 
8762 	dl_list_for_each(ifs, &wpa_s->radio->ifaces, struct wpa_supplicant,
8763 			 radio_list) {
8764 		if (idx == len)
8765 			break;
8766 
8767 		if (ifs->current_ssid == NULL || ifs->assoc_freq == 0)
8768 			continue;
8769 
8770 		if (ifs->current_ssid->mode == WPAS_MODE_AP ||
8771 		    ifs->current_ssid->mode == WPAS_MODE_P2P_GO ||
8772 		    ifs->current_ssid->mode == WPAS_MODE_MESH)
8773 			freq = ifs->current_ssid->frequency;
8774 		else if (wpa_drv_get_bssid(ifs, bssid) == 0)
8775 			freq = ifs->assoc_freq;
8776 		else
8777 			continue;
8778 
8779 		/* Hold only distinct freqs */
8780 		for (i = 0; i < idx; i++)
8781 			if (freqs_data[i].freq == freq)
8782 				break;
8783 
8784 		if (i == idx)
8785 			freqs_data[idx++].freq = freq;
8786 
8787 		if (ifs->current_ssid->mode == WPAS_MODE_INFRA) {
8788 			freqs_data[i].flags |= ifs->current_ssid->p2p_group ?
8789 				WPA_FREQ_USED_BY_P2P_CLIENT :
8790 				WPA_FREQ_USED_BY_INFRA_STATION;
8791 		}
8792 	}
8793 
8794 #ifndef __ZEPHYR__
8795 	dump_freq_data(wpa_s, "completed iteration", freqs_data, idx);
8796 #endif /* __ZEPHYR__ */
8797 	return idx;
8798 }
8799 
8800 
8801 /*
8802  * Find the operating frequencies of any of the virtual interfaces that
8803  * are using the same radio as the current interface.
8804  */
get_shared_radio_freqs(struct wpa_supplicant * wpa_s,int * freq_array,unsigned int len,bool exclude_current)8805 int get_shared_radio_freqs(struct wpa_supplicant *wpa_s,
8806 			   int *freq_array, unsigned int len,
8807 			   bool exclude_current)
8808 {
8809 	struct wpa_used_freq_data *freqs_data;
8810 	int num, i;
8811 
8812 	os_memset(freq_array, 0, sizeof(int) * len);
8813 
8814 	freqs_data = os_calloc(len, sizeof(struct wpa_used_freq_data));
8815 	if (!freqs_data)
8816 		return -1;
8817 
8818 	num = get_shared_radio_freqs_data(wpa_s, freqs_data, len,
8819 					  exclude_current);
8820 	for (i = 0; i < num; i++)
8821 		freq_array[i] = freqs_data[i].freq;
8822 
8823 	os_free(freqs_data);
8824 
8825 	return num;
8826 }
8827 
8828 
8829 struct wpa_supplicant *
wpas_vendor_elem(struct wpa_supplicant * wpa_s,enum wpa_vendor_elem_frame frame)8830 wpas_vendor_elem(struct wpa_supplicant *wpa_s, enum wpa_vendor_elem_frame frame)
8831 {
8832 	switch (frame) {
8833 #ifdef CONFIG_P2P
8834 	case VENDOR_ELEM_PROBE_REQ_P2P:
8835 	case VENDOR_ELEM_PROBE_RESP_P2P:
8836 	case VENDOR_ELEM_PROBE_RESP_P2P_GO:
8837 	case VENDOR_ELEM_BEACON_P2P_GO:
8838 	case VENDOR_ELEM_P2P_PD_REQ:
8839 	case VENDOR_ELEM_P2P_PD_RESP:
8840 	case VENDOR_ELEM_P2P_GO_NEG_REQ:
8841 	case VENDOR_ELEM_P2P_GO_NEG_RESP:
8842 	case VENDOR_ELEM_P2P_GO_NEG_CONF:
8843 	case VENDOR_ELEM_P2P_INV_REQ:
8844 	case VENDOR_ELEM_P2P_INV_RESP:
8845 	case VENDOR_ELEM_P2P_ASSOC_REQ:
8846 	case VENDOR_ELEM_P2P_ASSOC_RESP:
8847 		return wpa_s->p2pdev;
8848 #endif /* CONFIG_P2P */
8849 	default:
8850 		return wpa_s;
8851 	}
8852 }
8853 
8854 
wpas_vendor_elem_update(struct wpa_supplicant * wpa_s)8855 void wpas_vendor_elem_update(struct wpa_supplicant *wpa_s)
8856 {
8857 	unsigned int i;
8858 	char buf[30];
8859 
8860 	wpa_printf(MSG_DEBUG, "Update vendor elements");
8861 
8862 	for (i = 0; i < NUM_VENDOR_ELEM_FRAMES; i++) {
8863 		if (wpa_s->vendor_elem[i]) {
8864 			int res;
8865 
8866 			res = os_snprintf(buf, sizeof(buf), "frame[%u]", i);
8867 			if (!os_snprintf_error(sizeof(buf), res)) {
8868 				wpa_hexdump_buf(MSG_DEBUG, buf,
8869 						wpa_s->vendor_elem[i]);
8870 			}
8871 		}
8872 	}
8873 
8874 #ifdef CONFIG_P2P
8875 	if (wpa_s->parent == wpa_s &&
8876 	    wpa_s->global->p2p &&
8877 	    !wpa_s->global->p2p_disabled)
8878 		p2p_set_vendor_elems(wpa_s->global->p2p, wpa_s->vendor_elem);
8879 #endif /* CONFIG_P2P */
8880 }
8881 
8882 
wpas_vendor_elem_remove(struct wpa_supplicant * wpa_s,int frame,const u8 * elem,size_t len)8883 int wpas_vendor_elem_remove(struct wpa_supplicant *wpa_s, int frame,
8884 			    const u8 *elem, size_t len)
8885 {
8886 	u8 *ie, *end;
8887 
8888 	ie = wpabuf_mhead_u8(wpa_s->vendor_elem[frame]);
8889 	end = ie + wpabuf_len(wpa_s->vendor_elem[frame]);
8890 
8891 	for (; ie + 1 < end; ie += 2 + ie[1]) {
8892 		if (ie + len > end)
8893 			break;
8894 		if (os_memcmp(ie, elem, len) != 0)
8895 			continue;
8896 
8897 		if (wpabuf_len(wpa_s->vendor_elem[frame]) == len) {
8898 			wpabuf_free(wpa_s->vendor_elem[frame]);
8899 			wpa_s->vendor_elem[frame] = NULL;
8900 		} else {
8901 			os_memmove(ie, ie + len, end - (ie + len));
8902 			wpa_s->vendor_elem[frame]->used -= len;
8903 		}
8904 		wpas_vendor_elem_update(wpa_s);
8905 		return 0;
8906 	}
8907 
8908 	return -1;
8909 }
8910 
8911 
get_mode(struct hostapd_hw_modes * modes,u16 num_modes,enum hostapd_hw_mode mode,bool is_6ghz)8912 struct hostapd_hw_modes * get_mode(struct hostapd_hw_modes *modes,
8913 				   u16 num_modes, enum hostapd_hw_mode mode,
8914 				   bool is_6ghz)
8915 {
8916 	u16 i;
8917 
8918 	if (!modes)
8919 		return NULL;
8920 
8921 	for (i = 0; i < num_modes; i++) {
8922 		if (modes[i].mode != mode ||
8923 		    !modes[i].num_channels || !modes[i].channels)
8924 			continue;
8925 		if ((!is_6ghz && !is_6ghz_freq(modes[i].channels[0].freq)) ||
8926 		    (is_6ghz && is_6ghz_freq(modes[i].channels[0].freq)))
8927 			return &modes[i];
8928 	}
8929 
8930 	return NULL;
8931 }
8932 
8933 
get_mode_with_freq(struct hostapd_hw_modes * modes,u16 num_modes,int freq)8934 struct hostapd_hw_modes * get_mode_with_freq(struct hostapd_hw_modes *modes,
8935 					     u16 num_modes, int freq)
8936 {
8937 	int i, j;
8938 
8939 	for (i = 0; i < num_modes; i++) {
8940 		for (j = 0; j < modes[i].num_channels; j++) {
8941 			if (freq == modes[i].channels[j].freq)
8942 				return &modes[i];
8943 		}
8944 	}
8945 
8946 	return NULL;
8947 }
8948 
8949 
8950 static struct
wpas_get_disallowed_bss(struct wpa_supplicant * wpa_s,const u8 * bssid)8951 wpa_bss_tmp_disallowed * wpas_get_disallowed_bss(struct wpa_supplicant *wpa_s,
8952 						 const u8 *bssid)
8953 {
8954 	struct wpa_bss_tmp_disallowed *bss;
8955 
8956 	dl_list_for_each(bss, &wpa_s->bss_tmp_disallowed,
8957 			 struct wpa_bss_tmp_disallowed, list) {
8958 		if (os_memcmp(bssid, bss->bssid, ETH_ALEN) == 0)
8959 			return bss;
8960 	}
8961 
8962 	return NULL;
8963 }
8964 
8965 
wpa_set_driver_tmp_disallow_list(struct wpa_supplicant * wpa_s)8966 static int wpa_set_driver_tmp_disallow_list(struct wpa_supplicant *wpa_s)
8967 {
8968 	struct wpa_bss_tmp_disallowed *tmp;
8969 	unsigned int num_bssid = 0;
8970 	u8 *bssids;
8971 	int ret;
8972 
8973 	bssids = os_malloc(dl_list_len(&wpa_s->bss_tmp_disallowed) * ETH_ALEN);
8974 	if (!bssids)
8975 		return -1;
8976 	dl_list_for_each(tmp, &wpa_s->bss_tmp_disallowed,
8977 			 struct wpa_bss_tmp_disallowed, list) {
8978 		os_memcpy(&bssids[num_bssid * ETH_ALEN], tmp->bssid,
8979 			  ETH_ALEN);
8980 		num_bssid++;
8981 	}
8982 	ret = wpa_drv_set_bssid_tmp_disallow(wpa_s, num_bssid, bssids);
8983 	os_free(bssids);
8984 	return ret;
8985 }
8986 
8987 
wpa_bss_tmp_disallow_timeout(void * eloop_ctx,void * timeout_ctx)8988 static void wpa_bss_tmp_disallow_timeout(void *eloop_ctx, void *timeout_ctx)
8989 {
8990 	struct wpa_supplicant *wpa_s = eloop_ctx;
8991 	struct wpa_bss_tmp_disallowed *tmp, *bss = timeout_ctx;
8992 
8993 	/* Make sure the bss is not already freed */
8994 	dl_list_for_each(tmp, &wpa_s->bss_tmp_disallowed,
8995 			 struct wpa_bss_tmp_disallowed, list) {
8996 		if (bss == tmp) {
8997 			remove_bss_tmp_disallowed_entry(wpa_s, tmp);
8998 			wpa_set_driver_tmp_disallow_list(wpa_s);
8999 			break;
9000 		}
9001 	}
9002 }
9003 
9004 
wpa_bss_tmp_disallow(struct wpa_supplicant * wpa_s,const u8 * bssid,unsigned int sec,int rssi_threshold)9005 void wpa_bss_tmp_disallow(struct wpa_supplicant *wpa_s, const u8 *bssid,
9006 			  unsigned int sec, int rssi_threshold)
9007 {
9008 	struct wpa_bss_tmp_disallowed *bss;
9009 
9010 	bss = wpas_get_disallowed_bss(wpa_s, bssid);
9011 	if (bss) {
9012 		eloop_cancel_timeout(wpa_bss_tmp_disallow_timeout, wpa_s, bss);
9013 		goto finish;
9014 	}
9015 
9016 	bss = os_malloc(sizeof(*bss));
9017 	if (!bss) {
9018 		wpa_printf(MSG_DEBUG,
9019 			   "Failed to allocate memory for temp disallow BSS");
9020 		return;
9021 	}
9022 
9023 	os_memcpy(bss->bssid, bssid, ETH_ALEN);
9024 	dl_list_add(&wpa_s->bss_tmp_disallowed, &bss->list);
9025 	wpa_set_driver_tmp_disallow_list(wpa_s);
9026 
9027 finish:
9028 	bss->rssi_threshold = rssi_threshold;
9029 	eloop_register_timeout(sec, 0, wpa_bss_tmp_disallow_timeout,
9030 			       wpa_s, bss);
9031 }
9032 
9033 
wpa_is_bss_tmp_disallowed(struct wpa_supplicant * wpa_s,struct wpa_bss * bss)9034 int wpa_is_bss_tmp_disallowed(struct wpa_supplicant *wpa_s,
9035 			      struct wpa_bss *bss)
9036 {
9037 	struct wpa_bss_tmp_disallowed *disallowed = NULL, *tmp, *prev;
9038 
9039 	dl_list_for_each_safe(tmp, prev, &wpa_s->bss_tmp_disallowed,
9040 			 struct wpa_bss_tmp_disallowed, list) {
9041 		if (os_memcmp(bss->bssid, tmp->bssid, ETH_ALEN) == 0) {
9042 			disallowed = tmp;
9043 			break;
9044 		}
9045 	}
9046 	if (!disallowed)
9047 		return 0;
9048 
9049 	if (disallowed->rssi_threshold != 0 &&
9050 	    bss->level > disallowed->rssi_threshold) {
9051 		remove_bss_tmp_disallowed_entry(wpa_s, disallowed);
9052 		wpa_set_driver_tmp_disallow_list(wpa_s);
9053 		return 0;
9054 	}
9055 
9056 	return 1;
9057 }
9058 
9059 
wpas_enable_mac_addr_randomization(struct wpa_supplicant * wpa_s,unsigned int type,const u8 * addr,const u8 * mask)9060 int wpas_enable_mac_addr_randomization(struct wpa_supplicant *wpa_s,
9061 				       unsigned int type, const u8 *addr,
9062 				       const u8 *mask)
9063 {
9064 	if ((addr && !mask) || (!addr && mask)) {
9065 		wpa_printf(MSG_INFO,
9066 			   "MAC_ADDR_RAND_SCAN invalid addr/mask combination");
9067 		return -1;
9068 	}
9069 
9070 	if (addr && mask && (!(mask[0] & 0x01) || (addr[0] & 0x01))) {
9071 		wpa_printf(MSG_INFO,
9072 			   "MAC_ADDR_RAND_SCAN cannot allow multicast address");
9073 		return -1;
9074 	}
9075 
9076 	if (type & MAC_ADDR_RAND_SCAN) {
9077 		if (wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_SCAN,
9078 						addr, mask))
9079 			return -1;
9080 	}
9081 
9082 	if (type & MAC_ADDR_RAND_SCHED_SCAN) {
9083 		if (wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_SCHED_SCAN,
9084 						addr, mask))
9085 			return -1;
9086 
9087 		if (wpa_s->sched_scanning && !wpa_s->pno)
9088 			wpas_scan_restart_sched_scan(wpa_s);
9089 	}
9090 
9091 	if (type & MAC_ADDR_RAND_PNO) {
9092 		if (wpas_mac_addr_rand_scan_set(wpa_s, MAC_ADDR_RAND_PNO,
9093 						addr, mask))
9094 			return -1;
9095 
9096 		if (wpa_s->pno) {
9097 			wpas_stop_pno(wpa_s);
9098 			wpas_start_pno(wpa_s);
9099 		}
9100 	}
9101 
9102 	return 0;
9103 }
9104 
9105 
wpas_disable_mac_addr_randomization(struct wpa_supplicant * wpa_s,unsigned int type)9106 int wpas_disable_mac_addr_randomization(struct wpa_supplicant *wpa_s,
9107 					unsigned int type)
9108 {
9109 	wpas_mac_addr_rand_scan_clear(wpa_s, type);
9110 	if (wpa_s->pno) {
9111 		if (type & MAC_ADDR_RAND_PNO) {
9112 			wpas_stop_pno(wpa_s);
9113 			wpas_start_pno(wpa_s);
9114 		}
9115 	} else if (wpa_s->sched_scanning && (type & MAC_ADDR_RAND_SCHED_SCAN)) {
9116 		wpas_scan_restart_sched_scan(wpa_s);
9117 	}
9118 
9119 	return 0;
9120 }
9121 
wpa_drv_get_conn_info(struct wpa_supplicant * wpa_s,struct wpa_conn_info * ci)9122 int wpa_drv_get_conn_info(struct wpa_supplicant *wpa_s, struct wpa_conn_info *ci)
9123 {
9124 	int res;
9125 
9126 	if (!wpa_s->driver->get_conn_info)
9127 		return -1;
9128 
9129 	res = wpa_s->driver->get_conn_info(wpa_s->drv_priv, ci);
9130 
9131 	return res;
9132 }
9133 
wpa_drv_signal_poll(struct wpa_supplicant * wpa_s,struct wpa_signal_info * si)9134 int wpa_drv_signal_poll(struct wpa_supplicant *wpa_s,
9135 			struct wpa_signal_info *si)
9136 {
9137 	int res;
9138 
9139 	if (!wpa_s->driver->signal_poll)
9140 		return -1;
9141 
9142 	res = wpa_s->driver->signal_poll(wpa_s->drv_priv, si);
9143 
9144 #ifdef CONFIG_TESTING_OPTIONS
9145 	if (res == 0) {
9146 		struct driver_signal_override *dso;
9147 
9148 		dl_list_for_each(dso, &wpa_s->drv_signal_override,
9149 				 struct driver_signal_override, list) {
9150 			if (os_memcmp(wpa_s->bssid, dso->bssid,
9151 				      ETH_ALEN) != 0)
9152 				continue;
9153 			wpa_printf(MSG_DEBUG,
9154 				   "Override driver signal_poll information: current_signal: %d->%d avg_signal: %d->%d avg_beacon_signal: %d->%d current_noise: %d->%d",
9155 				   si->current_signal,
9156 				   dso->si_current_signal,
9157 				   si->avg_signal,
9158 				   dso->si_avg_signal,
9159 				   si->avg_beacon_signal,
9160 				   dso->si_avg_beacon_signal,
9161 				   si->current_noise,
9162 				   dso->si_current_noise);
9163 			si->current_signal = dso->si_current_signal;
9164 			si->avg_signal = dso->si_avg_signal;
9165 			si->avg_beacon_signal = dso->si_avg_beacon_signal;
9166 			si->current_noise = dso->si_current_noise;
9167 			break;
9168 		}
9169 	}
9170 #endif /* CONFIG_TESTING_OPTIONS */
9171 
9172 	return res;
9173 }
9174 
9175 struct wpa_scan_results *
wpa_drv_get_scan_results(struct wpa_supplicant * wpa_s,const u8 * bssid)9176 wpa_drv_get_scan_results(struct wpa_supplicant *wpa_s, const u8 *bssid)
9177 {
9178 	struct wpa_scan_results *scan_res;
9179 #ifdef CONFIG_TESTING_OPTIONS
9180 	size_t idx;
9181 #endif /* CONFIG_TESTING_OPTIONS */
9182 
9183 	if (wpa_s->driver->get_scan_results)
9184 		scan_res = wpa_s->driver->get_scan_results(wpa_s->drv_priv,
9185 							   bssid);
9186 	else if (wpa_s->driver->get_scan_results2)
9187 		scan_res = wpa_s->driver->get_scan_results2(wpa_s->drv_priv);
9188 	else
9189 		return NULL;
9190 
9191 
9192 #ifdef CONFIG_TESTING_OPTIONS
9193 	for (idx = 0; scan_res && idx < scan_res->num; idx++) {
9194 		struct driver_signal_override *dso;
9195 		struct wpa_scan_res *res = scan_res->res[idx];
9196 
9197 		dl_list_for_each(dso, &wpa_s->drv_signal_override,
9198 				 struct driver_signal_override, list) {
9199 			if (!ether_addr_equal(res->bssid, dso->bssid))
9200 				continue;
9201 			wpa_printf(MSG_DEBUG,
9202 				   "Override driver scan signal level %d->%d for "
9203 				   MACSTR,
9204 				   res->level, dso->scan_level,
9205 				   MAC2STR(res->bssid));
9206 			res->flags |= WPA_SCAN_QUAL_INVALID;
9207 			if (dso->scan_level < 0)
9208 				res->flags |= WPA_SCAN_LEVEL_DBM;
9209 			else
9210 				res->flags &= ~WPA_SCAN_LEVEL_DBM;
9211 			res->level = dso->scan_level;
9212 			break;
9213 		}
9214 	}
9215 #endif /* CONFIG_TESTING_OPTIONS */
9216 
9217 	return scan_res;
9218 }
9219 
9220 
wpas_ap_link_address(struct wpa_supplicant * wpa_s,const u8 * addr)9221 bool wpas_ap_link_address(struct wpa_supplicant *wpa_s, const u8 *addr)
9222 {
9223 	int i;
9224 
9225 	if (!wpa_s->valid_links)
9226 		return false;
9227 
9228 	for_each_link(wpa_s->valid_links, i) {
9229 		if (ether_addr_equal(wpa_s->links[i].bssid, addr))
9230 			return true;
9231 	}
9232 
9233 	return false;
9234 }
9235 
9236 
wpa_drv_send_action(struct wpa_supplicant * wpa_s,unsigned int freq,unsigned int wait,const u8 * dst,const u8 * src,const u8 * bssid,const u8 * data,size_t data_len,int no_cck)9237 int wpa_drv_send_action(struct wpa_supplicant *wpa_s, unsigned int freq,
9238 			unsigned int wait, const u8 *dst, const u8 *src,
9239 			const u8 *bssid, const u8 *data, size_t data_len,
9240 			int no_cck)
9241 {
9242 	if (!wpa_s->driver->send_action)
9243 		return -1;
9244 
9245 	if (data_len > 0 && data[0] != WLAN_ACTION_PUBLIC) {
9246 		if (wpas_ap_link_address(wpa_s, dst))
9247 			dst = wpa_s->ap_mld_addr;
9248 
9249 		if (wpas_ap_link_address(wpa_s, bssid))
9250 			bssid = wpa_s->ap_mld_addr;
9251 	}
9252 
9253 	return wpa_s->driver->send_action(wpa_s->drv_priv, freq, wait, dst, src,
9254 					  bssid, data, data_len, no_cck);
9255 }
9256 
9257 
wpas_is_6ghz_supported(struct wpa_supplicant * wpa_s,bool only_enabled)9258 bool wpas_is_6ghz_supported(struct wpa_supplicant *wpa_s, bool only_enabled)
9259 {
9260 	struct hostapd_channel_data *chnl;
9261 	int i, j;
9262 
9263 	for (i = 0; i < wpa_s->hw.num_modes; i++) {
9264 		if (wpa_s->hw.modes[i].mode == HOSTAPD_MODE_IEEE80211A) {
9265 			chnl = wpa_s->hw.modes[i].channels;
9266 			for (j = 0; j < wpa_s->hw.modes[i].num_channels; j++) {
9267 				if (only_enabled &&
9268 				    (chnl[j].flag & HOSTAPD_CHAN_DISABLED))
9269 					continue;
9270 				if (is_6ghz_freq(chnl[j].freq))
9271 					return true;
9272 			}
9273 		}
9274 	}
9275 
9276 	return false;
9277 }
9278 
9279 
wpas_ap_supports_rsn_overriding(struct wpa_supplicant * wpa_s,struct wpa_bss * bss)9280 bool wpas_ap_supports_rsn_overriding(struct wpa_supplicant *wpa_s,
9281 				     struct wpa_bss *bss)
9282 {
9283 	int i;
9284 
9285 	if (!bss)
9286 		return false;
9287 	if (wpa_bss_get_vendor_ie(bss, RSNE_OVERRIDE_IE_VENDOR_TYPE) ||
9288 	    wpa_bss_get_vendor_ie(bss, RSNE_OVERRIDE_2_IE_VENDOR_TYPE))
9289 		return true;
9290 
9291 	if (!wpa_s->valid_links)
9292 		return false;
9293 
9294 	for (i = 0; i < MAX_NUM_MLD_LINKS; i++) {
9295 		if (!(wpa_s->valid_links & BIT(i)))
9296 			continue;
9297 		if (wpa_s->links[i].bss &&
9298 		    (wpa_bss_get_vendor_ie(wpa_s->links[i].bss,
9299 					   RSNE_OVERRIDE_IE_VENDOR_TYPE) ||
9300 		     wpa_bss_get_vendor_ie(wpa_s->links[i].bss,
9301 					   RSNE_OVERRIDE_2_IE_VENDOR_TYPE)))
9302 			return true;
9303 	}
9304 
9305 	return false;
9306 }
9307 
9308 
wpas_ap_supports_rsn_overriding_2(struct wpa_supplicant * wpa_s,struct wpa_bss * bss)9309 bool wpas_ap_supports_rsn_overriding_2(struct wpa_supplicant *wpa_s,
9310 				       struct wpa_bss *bss)
9311 {
9312 	int i;
9313 
9314 	if (!bss)
9315 		return false;
9316 	if (wpa_bss_get_vendor_ie(bss, RSNE_OVERRIDE_2_IE_VENDOR_TYPE))
9317 		return true;
9318 
9319 	if (!wpa_s->valid_links)
9320 		return false;
9321 
9322 	for (i = 0; i < MAX_NUM_MLD_LINKS; i++) {
9323 		if (!(wpa_s->valid_links & BIT(i)))
9324 			continue;
9325 		if (wpa_s->links[i].bss &&
9326 		    wpa_bss_get_vendor_ie(wpa_s->links[i].bss,
9327 					  RSNE_OVERRIDE_2_IE_VENDOR_TYPE))
9328 			return true;
9329 	}
9330 
9331 	return false;
9332 }
9333