xref: /freebsd/contrib/wpa/src/ap/ap_config.c (revision 9bc300465e48e19d794d88d0c158a2adb92c7197)
1 /*
2  * hostapd / Configuration helper functions
3  * Copyright (c) 2003-2024, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #include "utils/includes.h"
10 
11 #include "utils/common.h"
12 #include "crypto/sha1.h"
13 #include "crypto/tls.h"
14 #include "radius/radius_client.h"
15 #include "common/ieee802_11_defs.h"
16 #include "common/ieee802_1x_defs.h"
17 #include "common/eapol_common.h"
18 #include "common/dhcp.h"
19 #include "common/sae.h"
20 #include "eap_common/eap_wsc_common.h"
21 #include "eap_server/eap.h"
22 #include "wpa_auth.h"
23 #include "sta_info.h"
24 #include "airtime_policy.h"
25 #include "ap_config.h"
26 
27 
28 static void hostapd_config_free_vlan(struct hostapd_bss_config *bss)
29 {
30 	struct hostapd_vlan *vlan, *prev;
31 
32 	vlan = bss->vlan;
33 	prev = NULL;
34 	while (vlan) {
35 		prev = vlan;
36 		vlan = vlan->next;
37 		os_free(prev);
38 	}
39 
40 	bss->vlan = NULL;
41 }
42 
43 
44 #ifndef DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES
45 #define DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES 0
46 #endif /* DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES */
47 
48 void hostapd_config_defaults_bss(struct hostapd_bss_config *bss)
49 {
50 	dl_list_init(&bss->anqp_elem);
51 
52 	bss->logger_syslog_level = HOSTAPD_LEVEL_INFO;
53 	bss->logger_stdout_level = HOSTAPD_LEVEL_INFO;
54 	bss->logger_syslog = (unsigned int) -1;
55 	bss->logger_stdout = (unsigned int) -1;
56 
57 #ifdef CONFIG_WEP
58 	bss->auth_algs = WPA_AUTH_ALG_OPEN | WPA_AUTH_ALG_SHARED;
59 
60 	bss->wep_rekeying_period = 300;
61 	/* use key0 in individual key and key1 in broadcast key */
62 	bss->broadcast_key_idx_min = 1;
63 	bss->broadcast_key_idx_max = 2;
64 #else /* CONFIG_WEP */
65 	bss->auth_algs = WPA_AUTH_ALG_OPEN;
66 #endif /* CONFIG_WEP */
67 	bss->eap_reauth_period = 3600;
68 
69 	bss->wpa_group_rekey = 600;
70 	bss->wpa_gmk_rekey = 86400;
71 	bss->wpa_deny_ptk0_rekey = PTK0_REKEY_ALLOW_ALWAYS;
72 	bss->wpa_group_update_count = 4;
73 	bss->wpa_pairwise_update_count = 4;
74 	bss->wpa_disable_eapol_key_retries =
75 		DEFAULT_WPA_DISABLE_EAPOL_KEY_RETRIES;
76 	bss->wpa_key_mgmt = WPA_KEY_MGMT_PSK;
77 #ifdef CONFIG_NO_TKIP
78 	bss->wpa_pairwise = WPA_CIPHER_CCMP;
79 	bss->wpa_group = WPA_CIPHER_CCMP;
80 #else /* CONFIG_NO_TKIP */
81 	bss->wpa_pairwise = WPA_CIPHER_TKIP;
82 	bss->wpa_group = WPA_CIPHER_TKIP;
83 #endif /* CONFIG_NO_TKIP */
84 	bss->rsn_pairwise = 0;
85 
86 	bss->max_num_sta = MAX_STA_COUNT;
87 
88 	bss->dtim_period = 2;
89 
90 	bss->radius_server_auth_port = 1812;
91 	bss->eap_sim_db_timeout = 1;
92 	bss->eap_sim_id = 3;
93 	bss->eap_sim_aka_fast_reauth_limit = 1000;
94 	bss->ap_max_inactivity = AP_MAX_INACTIVITY;
95 	bss->bss_max_idle = 1;
96 	bss->eapol_version = EAPOL_VERSION;
97 
98 	bss->max_listen_interval = 65535;
99 
100 	bss->pwd_group = 19; /* ECC: GF(p=256) */
101 
102 	bss->assoc_sa_query_max_timeout = 1000;
103 	bss->assoc_sa_query_retry_timeout = 201;
104 	bss->group_mgmt_cipher = WPA_CIPHER_AES_128_CMAC;
105 #ifdef EAP_SERVER_FAST
106 	 /* both anonymous and authenticated provisioning */
107 	bss->eap_fast_prov = 3;
108 	bss->pac_key_lifetime = 7 * 24 * 60 * 60;
109 	bss->pac_key_refresh_time = 1 * 24 * 60 * 60;
110 #endif /* EAP_SERVER_FAST */
111 
112 	/* Set to -1 as defaults depends on HT in setup */
113 	bss->wmm_enabled = -1;
114 
115 #ifdef CONFIG_IEEE80211R_AP
116 	bss->ft_over_ds = 1;
117 	bss->rkh_pos_timeout = 86400;
118 	bss->rkh_neg_timeout = 60;
119 	bss->rkh_pull_timeout = 1000;
120 	bss->rkh_pull_retries = 4;
121 	bss->r0_key_lifetime = 1209600;
122 #endif /* CONFIG_IEEE80211R_AP */
123 
124 	bss->radius_das_time_window = 300;
125 	bss->radius_require_message_authenticator = 1;
126 
127 	bss->anti_clogging_threshold = 5;
128 	bss->sae_sync = 3;
129 
130 	bss->gas_frag_limit = 1400;
131 
132 #ifdef CONFIG_FILS
133 	dl_list_init(&bss->fils_realms);
134 	bss->fils_hlp_wait_time = 30;
135 	bss->dhcp_server_port = DHCP_SERVER_PORT;
136 	bss->dhcp_relay_port = DHCP_SERVER_PORT;
137 	bss->fils_discovery_min_int = 20;
138 #endif /* CONFIG_FILS */
139 
140 	bss->broadcast_deauth = 1;
141 
142 #ifdef CONFIG_MBO
143 	bss->mbo_cell_data_conn_pref = -1;
144 #endif /* CONFIG_MBO */
145 
146 	/* Disable TLS v1.3 by default for now to avoid interoperability issue.
147 	 * This can be enabled by default once the implementation has been fully
148 	 * completed and tested with other implementations. */
149 	bss->tls_flags = TLS_CONN_DISABLE_TLSv1_3;
150 
151 	bss->max_auth_rounds = 100;
152 	bss->max_auth_rounds_short = 50;
153 
154 	bss->send_probe_response = 1;
155 
156 #ifdef CONFIG_HS20
157 	bss->hs20_release = (HS20_VERSION >> 4) + 1;
158 #endif /* CONFIG_HS20 */
159 
160 #ifdef CONFIG_MACSEC
161 	bss->mka_priority = DEFAULT_PRIO_NOT_KEY_SERVER;
162 	bss->macsec_port = 1;
163 #endif /* CONFIG_MACSEC */
164 
165 	/* Default to strict CRL checking. */
166 	bss->check_crl_strict = 1;
167 
168 	bss->multi_ap_profile = MULTI_AP_PROFILE_2;
169 
170 #ifdef CONFIG_TESTING_OPTIONS
171 	bss->sae_commit_status = -1;
172 	bss->test_assoc_comeback_type = -1;
173 #endif /* CONFIG_TESTING_OPTIONS */
174 
175 #ifdef CONFIG_PASN
176 	/* comeback after 10 TUs */
177 	bss->pasn_comeback_after = 10;
178 	bss->pasn_noauth = 1;
179 #endif /* CONFIG_PASN */
180 }
181 
182 
183 struct hostapd_config * hostapd_config_defaults(void)
184 {
185 #define ecw2cw(ecw) ((1 << (ecw)) - 1)
186 
187 	struct hostapd_config *conf;
188 	struct hostapd_bss_config *bss;
189 	const int aCWmin = 4, aCWmax = 10;
190 	const struct hostapd_wmm_ac_params ac_bk =
191 		{ aCWmin, aCWmax, 7, 0, 0 }; /* background traffic */
192 	const struct hostapd_wmm_ac_params ac_be =
193 		{ aCWmin, aCWmax, 3, 0, 0 }; /* best effort traffic */
194 	const struct hostapd_wmm_ac_params ac_vi = /* video traffic */
195 		{ aCWmin - 1, aCWmin, 2, 3008 / 32, 0 };
196 	const struct hostapd_wmm_ac_params ac_vo = /* voice traffic */
197 		{ aCWmin - 2, aCWmin - 1, 2, 1504 / 32, 0 };
198 	const struct hostapd_tx_queue_params txq_bk =
199 		{ 7, ecw2cw(aCWmin), ecw2cw(aCWmax), 0 };
200 	const struct hostapd_tx_queue_params txq_be =
201 		{ 3, ecw2cw(aCWmin), 4 * (ecw2cw(aCWmin) + 1) - 1, 0};
202 	const struct hostapd_tx_queue_params txq_vi =
203 		{ 1, (ecw2cw(aCWmin) + 1) / 2 - 1, ecw2cw(aCWmin), 30};
204 	const struct hostapd_tx_queue_params txq_vo =
205 		{ 1, (ecw2cw(aCWmin) + 1) / 4 - 1,
206 		  (ecw2cw(aCWmin) + 1) / 2 - 1, 15};
207 
208 #undef ecw2cw
209 
210 	conf = os_zalloc(sizeof(*conf));
211 	bss = os_zalloc(sizeof(*bss));
212 	if (conf == NULL || bss == NULL) {
213 		wpa_printf(MSG_ERROR, "Failed to allocate memory for "
214 			   "configuration data.");
215 		os_free(conf);
216 		os_free(bss);
217 		return NULL;
218 	}
219 	conf->bss = os_calloc(1, sizeof(struct hostapd_bss_config *));
220 	if (conf->bss == NULL) {
221 		os_free(conf);
222 		os_free(bss);
223 		return NULL;
224 	}
225 	conf->bss[0] = bss;
226 
227 	bss->radius = os_zalloc(sizeof(*bss->radius));
228 	if (bss->radius == NULL) {
229 		os_free(conf->bss);
230 		os_free(conf);
231 		os_free(bss);
232 		return NULL;
233 	}
234 
235 	hostapd_config_defaults_bss(bss);
236 
237 	conf->num_bss = 1;
238 
239 	conf->beacon_int = 100;
240 	conf->rts_threshold = -2; /* use driver default: 2347 */
241 	conf->fragm_threshold = -2; /* user driver default: 2346 */
242 	/* Set to invalid value means do not add Power Constraint IE */
243 	conf->local_pwr_constraint = -1;
244 
245 	conf->wmm_ac_params[0] = ac_be;
246 	conf->wmm_ac_params[1] = ac_bk;
247 	conf->wmm_ac_params[2] = ac_vi;
248 	conf->wmm_ac_params[3] = ac_vo;
249 
250 	conf->tx_queue[0] = txq_vo;
251 	conf->tx_queue[1] = txq_vi;
252 	conf->tx_queue[2] = txq_be;
253 	conf->tx_queue[3] = txq_bk;
254 
255 	conf->ht_capab = HT_CAP_INFO_SMPS_DISABLED;
256 
257 	conf->ap_table_max_size = 255;
258 	conf->ap_table_expiration_time = 60;
259 	conf->track_sta_max_age = 180;
260 
261 #ifdef CONFIG_TESTING_OPTIONS
262 	conf->ignore_probe_probability = 0.0;
263 	conf->ignore_auth_probability = 0.0;
264 	conf->ignore_assoc_probability = 0.0;
265 	conf->ignore_reassoc_probability = 0.0;
266 	conf->corrupt_gtk_rekey_mic_probability = 0.0;
267 	conf->ecsa_ie_only = 0;
268 #endif /* CONFIG_TESTING_OPTIONS */
269 
270 	conf->acs = 0;
271 	conf->acs_ch_list.num = 0;
272 #ifdef CONFIG_ACS
273 	conf->acs_num_scans = 5;
274 #endif /* CONFIG_ACS */
275 
276 #ifdef CONFIG_IEEE80211AX
277 	conf->he_op.he_rts_threshold = HE_OPERATION_RTS_THRESHOLD_MASK >>
278 		HE_OPERATION_RTS_THRESHOLD_OFFSET;
279 	/* Set default basic MCS/NSS set to single stream MCS 0-7 */
280 	conf->he_op.he_basic_mcs_nss_set = 0xfffc;
281 	conf->he_op.he_bss_color_disabled = 1;
282 	conf->he_op.he_bss_color_partial = 0;
283 	conf->he_op.he_bss_color = os_random() % 63 + 1;
284 	conf->he_op.he_twt_responder = 1;
285 	conf->he_6ghz_max_mpdu = 2;
286 	conf->he_6ghz_max_ampdu_len_exp = 7;
287 	conf->he_6ghz_rx_ant_pat = 1;
288 	conf->he_6ghz_tx_ant_pat = 1;
289 	conf->he_6ghz_reg_pwr_type = HE_REG_INFO_6GHZ_AP_TYPE_VLP;
290 	conf->reg_def_cli_eirp_psd = -1;
291 	conf->reg_sub_cli_eirp_psd = -1;
292 	conf->reg_def_cli_eirp = -1;
293 #endif /* CONFIG_IEEE80211AX */
294 
295 	/* The third octet of the country string uses an ASCII space character
296 	 * by default to indicate that the regulations encompass all
297 	 * environments for the current frequency band in the country. */
298 	conf->country[2] = ' ';
299 
300 	conf->rssi_reject_assoc_rssi = 0;
301 	conf->rssi_reject_assoc_timeout = 30;
302 
303 #ifdef CONFIG_AIRTIME_POLICY
304 	conf->airtime_update_interval = AIRTIME_DEFAULT_UPDATE_INTERVAL;
305 #endif /* CONFIG_AIRTIME_POLICY */
306 
307 	hostapd_set_and_check_bw320_offset(conf, 0);
308 
309 	return conf;
310 }
311 
312 
313 int hostapd_mac_comp(const void *a, const void *b)
314 {
315 	return os_memcmp(a, b, sizeof(macaddr));
316 }
317 
318 
319 static int hostapd_config_read_wpa_psk(const char *fname,
320 				       struct hostapd_ssid *ssid)
321 {
322 	FILE *f;
323 	char buf[128], *pos;
324 	const char *keyid;
325 	char *context;
326 	char *context2;
327 	char *token;
328 	char *name;
329 	char *value;
330 	int line = 0, ret = 0, len, ok;
331 	u8 addr[ETH_ALEN];
332 	struct hostapd_wpa_psk *psk;
333 
334 	if (!fname)
335 		return 0;
336 
337 	f = fopen(fname, "r");
338 	if (!f) {
339 		wpa_printf(MSG_ERROR, "WPA PSK file '%s' not found.", fname);
340 		return -1;
341 	}
342 
343 	while (fgets(buf, sizeof(buf), f)) {
344 		int vlan_id = 0;
345 		int wps = 0;
346 
347 		line++;
348 
349 		if (buf[0] == '#')
350 			continue;
351 		pos = buf;
352 		while (*pos != '\0') {
353 			if (*pos == '\n') {
354 				*pos = '\0';
355 				break;
356 			}
357 			pos++;
358 		}
359 		if (buf[0] == '\0')
360 			continue;
361 
362 		context = NULL;
363 		keyid = NULL;
364 		while ((token = str_token(buf, " ", &context))) {
365 			if (!os_strchr(token, '='))
366 				break;
367 			context2 = NULL;
368 			name = str_token(token, "=", &context2);
369 			if (!name)
370 				break;
371 			value = str_token(token, "", &context2);
372 			if (!value)
373 				value = "";
374 			if (!os_strcmp(name, "keyid")) {
375 				keyid = value;
376 			} else if (!os_strcmp(name, "wps")) {
377 				wps = atoi(value);
378 			} else if (!os_strcmp(name, "vlanid")) {
379 				vlan_id = atoi(value);
380 			} else {
381 				wpa_printf(MSG_ERROR,
382 					   "Unrecognized '%s=%s' on line %d in '%s'",
383 					   name, value, line, fname);
384 				ret = -1;
385 				break;
386 			}
387 		}
388 
389 		if (ret == -1)
390 			break;
391 
392 		if (!token)
393 			token = "";
394 		if (hwaddr_aton(token, addr)) {
395 			wpa_printf(MSG_ERROR,
396 				   "Invalid MAC address '%s' on line %d in '%s'",
397 				   token, line, fname);
398 			ret = -1;
399 			break;
400 		}
401 
402 		psk = os_zalloc(sizeof(*psk));
403 		if (psk == NULL) {
404 			wpa_printf(MSG_ERROR, "WPA PSK allocation failed");
405 			ret = -1;
406 			break;
407 		}
408 		psk->vlan_id = vlan_id;
409 		if (is_zero_ether_addr(addr))
410 			psk->group = 1;
411 		else
412 			os_memcpy(psk->addr, addr, ETH_ALEN);
413 
414 		pos = str_token(buf, "", &context);
415 		if (!pos) {
416 			wpa_printf(MSG_ERROR, "No PSK on line %d in '%s'",
417 				   line, fname);
418 			os_free(psk);
419 			ret = -1;
420 			break;
421 		}
422 
423 		ok = 0;
424 		len = os_strlen(pos);
425 		if (len == 2 * PMK_LEN &&
426 		    hexstr2bin(pos, psk->psk, PMK_LEN) == 0)
427 			ok = 1;
428 		else if (len >= 8 && len < 64 &&
429 			 pbkdf2_sha1(pos, ssid->ssid, ssid->ssid_len,
430 				     4096, psk->psk, PMK_LEN) == 0)
431 			ok = 1;
432 		if (!ok) {
433 			wpa_printf(MSG_ERROR,
434 				   "Invalid PSK '%s' on line %d in '%s'",
435 				   pos, line, fname);
436 			os_free(psk);
437 			ret = -1;
438 			break;
439 		}
440 
441 		if (keyid) {
442 			len = os_strlcpy(psk->keyid, keyid, sizeof(psk->keyid));
443 			if ((size_t) len >= sizeof(psk->keyid)) {
444 				wpa_printf(MSG_ERROR,
445 					   "PSK keyid too long on line %d in '%s'",
446 					   line, fname);
447 				os_free(psk);
448 				ret = -1;
449 				break;
450 			}
451 		}
452 
453 		psk->wps = wps;
454 
455 		psk->next = ssid->wpa_psk;
456 		ssid->wpa_psk = psk;
457 	}
458 
459 	fclose(f);
460 
461 	return ret;
462 }
463 
464 
465 static int hostapd_derive_psk(struct hostapd_ssid *ssid)
466 {
467 	ssid->wpa_psk = os_zalloc(sizeof(struct hostapd_wpa_psk));
468 	if (ssid->wpa_psk == NULL) {
469 		wpa_printf(MSG_ERROR, "Unable to alloc space for PSK");
470 		return -1;
471 	}
472 	wpa_hexdump_ascii(MSG_DEBUG, "SSID",
473 			  (u8 *) ssid->ssid, ssid->ssid_len);
474 	wpa_hexdump_ascii_key(MSG_DEBUG, "PSK (ASCII passphrase)",
475 			      (u8 *) ssid->wpa_passphrase,
476 			      os_strlen(ssid->wpa_passphrase));
477 	if (pbkdf2_sha1(ssid->wpa_passphrase,
478 			ssid->ssid, ssid->ssid_len,
479 			4096, ssid->wpa_psk->psk, PMK_LEN) != 0) {
480 		wpa_printf(MSG_ERROR, "Error in pbkdf2_sha1()");
481 		return -1;
482 	}
483 	wpa_hexdump_key(MSG_DEBUG, "PSK (from passphrase)",
484 			ssid->wpa_psk->psk, PMK_LEN);
485 	return 0;
486 }
487 
488 
489 int hostapd_setup_sae_pt(struct hostapd_bss_config *conf)
490 {
491 #ifdef CONFIG_SAE
492 	struct hostapd_ssid *ssid = &conf->ssid;
493 	struct sae_password_entry *pw;
494 
495 	if ((conf->sae_pwe == SAE_PWE_HUNT_AND_PECK &&
496 	     !hostapd_sae_pw_id_in_use(conf) &&
497 	     !wpa_key_mgmt_sae_ext_key(conf->wpa_key_mgmt) &&
498 	     !hostapd_sae_pk_in_use(conf)) ||
499 	    conf->sae_pwe == SAE_PWE_FORCE_HUNT_AND_PECK ||
500 	    !wpa_key_mgmt_sae(conf->wpa_key_mgmt))
501 		return 0; /* PT not needed */
502 
503 	sae_deinit_pt(ssid->pt);
504 	ssid->pt = NULL;
505 	if (ssid->wpa_passphrase) {
506 		ssid->pt = sae_derive_pt(conf->sae_groups, ssid->ssid,
507 					 ssid->ssid_len,
508 					 (const u8 *) ssid->wpa_passphrase,
509 					 os_strlen(ssid->wpa_passphrase),
510 					 NULL);
511 		if (!ssid->pt)
512 			return -1;
513 	}
514 
515 	for (pw = conf->sae_passwords; pw; pw = pw->next) {
516 		sae_deinit_pt(pw->pt);
517 		pw->pt = sae_derive_pt(conf->sae_groups, ssid->ssid,
518 				       ssid->ssid_len,
519 				       (const u8 *) pw->password,
520 				       os_strlen(pw->password),
521 				       pw->identifier);
522 		if (!pw->pt)
523 			return -1;
524 	}
525 #endif /* CONFIG_SAE */
526 
527 	return 0;
528 }
529 
530 
531 int hostapd_setup_wpa_psk(struct hostapd_bss_config *conf)
532 {
533 	struct hostapd_ssid *ssid = &conf->ssid;
534 
535 	if (hostapd_setup_sae_pt(conf) < 0)
536 		return -1;
537 
538 	if (ssid->wpa_passphrase != NULL) {
539 		if (ssid->wpa_psk != NULL) {
540 			wpa_printf(MSG_DEBUG, "Using pre-configured WPA PSK "
541 				   "instead of passphrase");
542 		} else {
543 			wpa_printf(MSG_DEBUG, "Deriving WPA PSK based on "
544 				   "passphrase");
545 			if (hostapd_derive_psk(ssid) < 0)
546 				return -1;
547 		}
548 		ssid->wpa_psk->group = 1;
549 	}
550 
551 	return hostapd_config_read_wpa_psk(ssid->wpa_psk_file, &conf->ssid);
552 }
553 
554 
555 static void hostapd_config_free_radius(struct hostapd_radius_server *servers,
556 				       int num_servers)
557 {
558 	int i;
559 
560 	for (i = 0; i < num_servers; i++) {
561 		os_free(servers[i].shared_secret);
562 		os_free(servers[i].ca_cert);
563 		os_free(servers[i].client_cert);
564 		os_free(servers[i].private_key);
565 		os_free(servers[i].private_key_passwd);
566 	}
567 	os_free(servers);
568 }
569 
570 
571 struct hostapd_radius_attr *
572 hostapd_config_get_radius_attr(struct hostapd_radius_attr *attr, u8 type)
573 {
574 	for (; attr; attr = attr->next) {
575 		if (attr->type == type)
576 			return attr;
577 	}
578 	return NULL;
579 }
580 
581 
582 struct hostapd_radius_attr * hostapd_parse_radius_attr(const char *value)
583 {
584 	const char *pos;
585 	char syntax;
586 	struct hostapd_radius_attr *attr;
587 	size_t len;
588 
589 	attr = os_zalloc(sizeof(*attr));
590 	if (!attr)
591 		return NULL;
592 
593 	attr->type = atoi(value);
594 
595 	pos = os_strchr(value, ':');
596 	if (!pos) {
597 		attr->val = wpabuf_alloc(1);
598 		if (!attr->val) {
599 			os_free(attr);
600 			return NULL;
601 		}
602 		wpabuf_put_u8(attr->val, 0);
603 		return attr;
604 	}
605 
606 	pos++;
607 	if (pos[0] == '\0' || pos[1] != ':') {
608 		os_free(attr);
609 		return NULL;
610 	}
611 	syntax = *pos++;
612 	pos++;
613 
614 	switch (syntax) {
615 	case 's':
616 		attr->val = wpabuf_alloc_copy(pos, os_strlen(pos));
617 		break;
618 	case 'x':
619 		len = os_strlen(pos);
620 		if (len & 1)
621 			break;
622 		len /= 2;
623 		attr->val = wpabuf_alloc(len);
624 		if (!attr->val)
625 			break;
626 		if (hexstr2bin(pos, wpabuf_put(attr->val, len), len) < 0) {
627 			wpabuf_free(attr->val);
628 			os_free(attr);
629 			return NULL;
630 		}
631 		break;
632 	case 'd':
633 		attr->val = wpabuf_alloc(4);
634 		if (attr->val)
635 			wpabuf_put_be32(attr->val, atoi(pos));
636 		break;
637 	default:
638 		os_free(attr);
639 		return NULL;
640 	}
641 
642 	if (!attr->val) {
643 		os_free(attr);
644 		return NULL;
645 	}
646 
647 	return attr;
648 }
649 
650 
651 void hostapd_config_free_radius_attr(struct hostapd_radius_attr *attr)
652 {
653 	struct hostapd_radius_attr *prev;
654 
655 	while (attr) {
656 		prev = attr;
657 		attr = attr->next;
658 		wpabuf_free(prev->val);
659 		os_free(prev);
660 	}
661 }
662 
663 
664 void hostapd_config_free_eap_user(struct hostapd_eap_user *user)
665 {
666 	hostapd_config_free_radius_attr(user->accept_attr);
667 	os_free(user->identity);
668 	bin_clear_free(user->password, user->password_len);
669 	bin_clear_free(user->salt, user->salt_len);
670 	os_free(user);
671 }
672 
673 
674 void hostapd_config_free_eap_users(struct hostapd_eap_user *user)
675 {
676 	struct hostapd_eap_user *prev_user;
677 
678 	while (user) {
679 		prev_user = user;
680 		user = user->next;
681 		hostapd_config_free_eap_user(prev_user);
682 	}
683 }
684 
685 
686 #ifdef CONFIG_WEP
687 static void hostapd_config_free_wep(struct hostapd_wep_keys *keys)
688 {
689 	int i;
690 	for (i = 0; i < NUM_WEP_KEYS; i++) {
691 		bin_clear_free(keys->key[i], keys->len[i]);
692 		keys->key[i] = NULL;
693 	}
694 }
695 #endif /* CONFIG_WEP */
696 
697 
698 void hostapd_config_clear_wpa_psk(struct hostapd_wpa_psk **l)
699 {
700 	struct hostapd_wpa_psk *psk, *tmp;
701 
702 	for (psk = *l; psk;) {
703 		tmp = psk;
704 		psk = psk->next;
705 		bin_clear_free(tmp, sizeof(*tmp));
706 	}
707 	*l = NULL;
708 }
709 
710 
711 #ifdef CONFIG_IEEE80211R_AP
712 
713 void hostapd_config_clear_rxkhs(struct hostapd_bss_config *conf)
714 {
715 	struct ft_remote_r0kh *r0kh, *r0kh_prev;
716 	struct ft_remote_r1kh *r1kh, *r1kh_prev;
717 
718 	r0kh = conf->r0kh_list;
719 	conf->r0kh_list = NULL;
720 	while (r0kh) {
721 		r0kh_prev = r0kh;
722 		r0kh = r0kh->next;
723 		os_free(r0kh_prev);
724 	}
725 
726 	r1kh = conf->r1kh_list;
727 	conf->r1kh_list = NULL;
728 	while (r1kh) {
729 		r1kh_prev = r1kh;
730 		r1kh = r1kh->next;
731 		os_free(r1kh_prev);
732 	}
733 }
734 
735 #endif /* CONFIG_IEEE80211R_AP */
736 
737 
738 static void hostapd_config_free_anqp_elem(struct hostapd_bss_config *conf)
739 {
740 	struct anqp_element *elem;
741 
742 	while ((elem = dl_list_first(&conf->anqp_elem, struct anqp_element,
743 				     list))) {
744 		dl_list_del(&elem->list);
745 		wpabuf_free(elem->payload);
746 		os_free(elem);
747 	}
748 }
749 
750 
751 static void hostapd_config_free_fils_realms(struct hostapd_bss_config *conf)
752 {
753 #ifdef CONFIG_FILS
754 	struct fils_realm *realm;
755 
756 	while ((realm = dl_list_first(&conf->fils_realms, struct fils_realm,
757 				      list))) {
758 		dl_list_del(&realm->list);
759 		os_free(realm);
760 	}
761 #endif /* CONFIG_FILS */
762 }
763 
764 
765 static void hostapd_config_free_sae_passwords(struct hostapd_bss_config *conf)
766 {
767 	struct sae_password_entry *pw, *tmp;
768 
769 	pw = conf->sae_passwords;
770 	conf->sae_passwords = NULL;
771 	while (pw) {
772 		tmp = pw;
773 		pw = pw->next;
774 		str_clear_free(tmp->password);
775 		os_free(tmp->identifier);
776 #ifdef CONFIG_SAE
777 		sae_deinit_pt(tmp->pt);
778 #endif /* CONFIG_SAE */
779 #ifdef CONFIG_SAE_PK
780 		sae_deinit_pk(tmp->pk);
781 #endif /* CONFIG_SAE_PK */
782 		os_free(tmp);
783 	}
784 }
785 
786 
787 #ifdef CONFIG_DPP2
788 static void hostapd_dpp_controller_conf_free(struct dpp_controller_conf *conf)
789 {
790 	struct dpp_controller_conf *prev;
791 
792 	while (conf) {
793 		prev = conf;
794 		conf = conf->next;
795 		os_free(prev);
796 	}
797 }
798 #endif /* CONFIG_DPP2 */
799 
800 
801 void hostapd_config_free_bss(struct hostapd_bss_config *conf)
802 {
803 #if defined(CONFIG_WPS) || defined(CONFIG_HS20)
804 	size_t i;
805 #endif
806 
807 	if (conf == NULL)
808 		return;
809 
810 	hostapd_config_clear_wpa_psk(&conf->ssid.wpa_psk);
811 
812 	str_clear_free(conf->ssid.wpa_passphrase);
813 	os_free(conf->ssid.wpa_psk_file);
814 #ifdef CONFIG_WEP
815 	hostapd_config_free_wep(&conf->ssid.wep);
816 #endif /* CONFIG_WEP */
817 #ifdef CONFIG_FULL_DYNAMIC_VLAN
818 	os_free(conf->ssid.vlan_tagged_interface);
819 #endif /* CONFIG_FULL_DYNAMIC_VLAN */
820 #ifdef CONFIG_SAE
821 	sae_deinit_pt(conf->ssid.pt);
822 #endif /* CONFIG_SAE */
823 
824 	hostapd_config_free_eap_users(conf->eap_user);
825 	os_free(conf->eap_user_sqlite);
826 
827 	os_free(conf->eap_req_id_text);
828 	os_free(conf->erp_domain);
829 	os_free(conf->accept_mac);
830 	os_free(conf->deny_mac);
831 	os_free(conf->nas_identifier);
832 	if (conf->radius) {
833 		hostapd_config_free_radius(conf->radius->auth_servers,
834 					   conf->radius->num_auth_servers);
835 		hostapd_config_free_radius(conf->radius->acct_servers,
836 					   conf->radius->num_acct_servers);
837 		os_free(conf->radius->force_client_dev);
838 	}
839 	hostapd_config_free_radius_attr(conf->radius_auth_req_attr);
840 	hostapd_config_free_radius_attr(conf->radius_acct_req_attr);
841 	os_free(conf->radius_req_attr_sqlite);
842 	os_free(conf->rsn_preauth_interfaces);
843 	os_free(conf->ctrl_interface);
844 	os_free(conf->config_id);
845 	os_free(conf->ca_cert);
846 	os_free(conf->server_cert);
847 	os_free(conf->server_cert2);
848 	os_free(conf->private_key);
849 	os_free(conf->private_key2);
850 	os_free(conf->private_key_passwd);
851 	os_free(conf->private_key_passwd2);
852 	os_free(conf->check_cert_subject);
853 	os_free(conf->ocsp_stapling_response);
854 	os_free(conf->ocsp_stapling_response_multi);
855 	os_free(conf->dh_file);
856 	os_free(conf->openssl_ciphers);
857 	os_free(conf->openssl_ecdh_curves);
858 	os_free(conf->pac_opaque_encr_key);
859 	os_free(conf->eap_fast_a_id);
860 	os_free(conf->eap_fast_a_id_info);
861 	os_free(conf->eap_sim_db);
862 	os_free(conf->imsi_privacy_key);
863 	os_free(conf->radius_server_clients);
864 	os_free(conf->radius);
865 	os_free(conf->radius_das_shared_secret);
866 	hostapd_config_free_vlan(conf);
867 	os_free(conf->time_zone);
868 
869 #ifdef CONFIG_IEEE80211R_AP
870 	hostapd_config_clear_rxkhs(conf);
871 	os_free(conf->rxkh_file);
872 	conf->rxkh_file = NULL;
873 #endif /* CONFIG_IEEE80211R_AP */
874 
875 #ifdef CONFIG_WPS
876 	os_free(conf->wps_pin_requests);
877 	os_free(conf->device_name);
878 	os_free(conf->manufacturer);
879 	os_free(conf->model_name);
880 	os_free(conf->model_number);
881 	os_free(conf->serial_number);
882 	os_free(conf->config_methods);
883 	os_free(conf->ap_pin);
884 	os_free(conf->extra_cred);
885 	os_free(conf->ap_settings);
886 	hostapd_config_clear_wpa_psk(&conf->multi_ap_backhaul_ssid.wpa_psk);
887 	str_clear_free(conf->multi_ap_backhaul_ssid.wpa_passphrase);
888 	os_free(conf->upnp_iface);
889 	os_free(conf->friendly_name);
890 	os_free(conf->manufacturer_url);
891 	os_free(conf->model_description);
892 	os_free(conf->model_url);
893 	os_free(conf->upc);
894 	for (i = 0; i < MAX_WPS_VENDOR_EXTENSIONS; i++)
895 		wpabuf_free(conf->wps_vendor_ext[i]);
896 	wpabuf_free(conf->wps_application_ext);
897 	wpabuf_free(conf->wps_nfc_dh_pubkey);
898 	wpabuf_free(conf->wps_nfc_dh_privkey);
899 	wpabuf_free(conf->wps_nfc_dev_pw);
900 #endif /* CONFIG_WPS */
901 
902 	os_free(conf->roaming_consortium);
903 	os_free(conf->venue_name);
904 	os_free(conf->venue_url);
905 	os_free(conf->nai_realm_data);
906 	os_free(conf->network_auth_type);
907 	os_free(conf->anqp_3gpp_cell_net);
908 	os_free(conf->domain_name);
909 	hostapd_config_free_anqp_elem(conf);
910 
911 #ifdef CONFIG_RADIUS_TEST
912 	os_free(conf->dump_msk_file);
913 #endif /* CONFIG_RADIUS_TEST */
914 
915 #ifdef CONFIG_HS20
916 	os_free(conf->hs20_oper_friendly_name);
917 	os_free(conf->hs20_wan_metrics);
918 	os_free(conf->hs20_connection_capability);
919 	os_free(conf->hs20_operating_class);
920 	os_free(conf->hs20_icons);
921 	if (conf->hs20_osu_providers) {
922 		for (i = 0; i < conf->hs20_osu_providers_count; i++) {
923 			struct hs20_osu_provider *p;
924 			size_t j;
925 			p = &conf->hs20_osu_providers[i];
926 			os_free(p->friendly_name);
927 			os_free(p->server_uri);
928 			os_free(p->method_list);
929 			for (j = 0; j < p->icons_count; j++)
930 				os_free(p->icons[j]);
931 			os_free(p->icons);
932 			os_free(p->osu_nai);
933 			os_free(p->osu_nai2);
934 			os_free(p->service_desc);
935 		}
936 		os_free(conf->hs20_osu_providers);
937 	}
938 	if (conf->hs20_operator_icon) {
939 		for (i = 0; i < conf->hs20_operator_icon_count; i++)
940 			os_free(conf->hs20_operator_icon[i]);
941 		os_free(conf->hs20_operator_icon);
942 	}
943 	os_free(conf->subscr_remediation_url);
944 	os_free(conf->hs20_sim_provisioning_url);
945 	os_free(conf->t_c_filename);
946 	os_free(conf->t_c_server_url);
947 #endif /* CONFIG_HS20 */
948 
949 	wpabuf_free(conf->vendor_elements);
950 	wpabuf_free(conf->assocresp_elements);
951 
952 	os_free(conf->sae_groups);
953 #ifdef CONFIG_OWE
954 	os_free(conf->owe_groups);
955 #endif /* CONFIG_OWE */
956 
957 	os_free(conf->wowlan_triggers);
958 
959 	os_free(conf->server_id);
960 
961 #ifdef CONFIG_TESTING_OPTIONS
962 	wpabuf_free(conf->own_ie_override);
963 	wpabuf_free(conf->sae_commit_override);
964 	wpabuf_free(conf->rsne_override_eapol);
965 	wpabuf_free(conf->rsnxe_override_eapol);
966 	wpabuf_free(conf->rsne_override_ft);
967 	wpabuf_free(conf->rsnxe_override_ft);
968 	wpabuf_free(conf->gtk_rsc_override);
969 	wpabuf_free(conf->igtk_rsc_override);
970 	wpabuf_free(conf->eapol_m1_elements);
971 	wpabuf_free(conf->eapol_m3_elements);
972 	wpabuf_free(conf->presp_elements);
973 #endif /* CONFIG_TESTING_OPTIONS */
974 
975 	os_free(conf->no_probe_resp_if_seen_on);
976 	os_free(conf->no_auth_if_seen_on);
977 
978 	hostapd_config_free_fils_realms(conf);
979 
980 #ifdef CONFIG_DPP
981 	os_free(conf->dpp_name);
982 	os_free(conf->dpp_mud_url);
983 	os_free(conf->dpp_extra_conf_req_name);
984 	os_free(conf->dpp_extra_conf_req_value);
985 	os_free(conf->dpp_connector);
986 	wpabuf_free(conf->dpp_netaccesskey);
987 	wpabuf_free(conf->dpp_csign);
988 #ifdef CONFIG_DPP2
989 	hostapd_dpp_controller_conf_free(conf->dpp_controller);
990 #endif /* CONFIG_DPP2 */
991 #endif /* CONFIG_DPP */
992 
993 	hostapd_config_free_sae_passwords(conf);
994 
995 #ifdef CONFIG_AIRTIME_POLICY
996 	{
997 		struct airtime_sta_weight *wt, *wt_prev;
998 
999 		wt = conf->airtime_weight_list;
1000 		conf->airtime_weight_list = NULL;
1001 		while (wt) {
1002 			wt_prev = wt;
1003 			wt = wt->next;
1004 			os_free(wt_prev);
1005 		}
1006 	}
1007 #endif /* CONFIG_AIRTIME_POLICY */
1008 
1009 #ifdef CONFIG_PASN
1010 	os_free(conf->pasn_groups);
1011 #endif /* CONFIG_PASN */
1012 
1013 	os_free(conf);
1014 }
1015 
1016 
1017 /**
1018  * hostapd_config_free - Free hostapd configuration
1019  * @conf: Configuration data from hostapd_config_read().
1020  */
1021 void hostapd_config_free(struct hostapd_config *conf)
1022 {
1023 	size_t i;
1024 
1025 	if (conf == NULL)
1026 		return;
1027 
1028 	for (i = 0; i < conf->num_bss; i++)
1029 		hostapd_config_free_bss(conf->bss[i]);
1030 	os_free(conf->bss);
1031 	os_free(conf->supported_rates);
1032 	os_free(conf->basic_rates);
1033 	os_free(conf->acs_ch_list.range);
1034 	os_free(conf->acs_freq_list.range);
1035 	os_free(conf->driver_params);
1036 #ifdef CONFIG_ACS
1037 	os_free(conf->acs_chan_bias);
1038 #endif /* CONFIG_ACS */
1039 	wpabuf_free(conf->lci);
1040 	wpabuf_free(conf->civic);
1041 
1042 	os_free(conf);
1043 }
1044 
1045 
1046 /**
1047  * hostapd_maclist_found - Find a MAC address from a list
1048  * @list: MAC address list
1049  * @num_entries: Number of addresses in the list
1050  * @addr: Address to search for
1051  * @vlan_id: Buffer for returning VLAN ID or %NULL if not needed
1052  * Returns: 1 if address is in the list or 0 if not.
1053  *
1054  * Perform a binary search for given MAC address from a pre-sorted list.
1055  */
1056 int hostapd_maclist_found(struct mac_acl_entry *list, int num_entries,
1057 			  const u8 *addr, struct vlan_description *vlan_id)
1058 {
1059 	int start, end, middle, res;
1060 
1061 	start = 0;
1062 	end = num_entries - 1;
1063 
1064 	while (start <= end) {
1065 		middle = (start + end) / 2;
1066 		res = os_memcmp(list[middle].addr, addr, ETH_ALEN);
1067 		if (res == 0) {
1068 			if (vlan_id)
1069 				*vlan_id = list[middle].vlan_id;
1070 			return 1;
1071 		}
1072 		if (res < 0)
1073 			start = middle + 1;
1074 		else
1075 			end = middle - 1;
1076 	}
1077 
1078 	return 0;
1079 }
1080 
1081 
1082 int hostapd_rate_found(int *list, int rate)
1083 {
1084 	int i;
1085 
1086 	if (list == NULL)
1087 		return 0;
1088 
1089 	for (i = 0; list[i] >= 0; i++)
1090 		if (list[i] == rate)
1091 			return 1;
1092 
1093 	return 0;
1094 }
1095 
1096 
1097 int hostapd_vlan_valid(struct hostapd_vlan *vlan,
1098 		       struct vlan_description *vlan_desc)
1099 {
1100 	struct hostapd_vlan *v = vlan;
1101 	int i;
1102 
1103 	if (!vlan_desc->notempty || vlan_desc->untagged < 0 ||
1104 	    vlan_desc->untagged > MAX_VLAN_ID)
1105 		return 0;
1106 	for (i = 0; i < MAX_NUM_TAGGED_VLAN; i++) {
1107 		if (vlan_desc->tagged[i] < 0 ||
1108 		    vlan_desc->tagged[i] > MAX_VLAN_ID)
1109 			return 0;
1110 	}
1111 	if (!vlan_desc->untagged && !vlan_desc->tagged[0])
1112 		return 0;
1113 
1114 	while (v) {
1115 		if (!vlan_compare(&v->vlan_desc, vlan_desc) ||
1116 		    v->vlan_id == VLAN_ID_WILDCARD)
1117 			return 1;
1118 		v = v->next;
1119 	}
1120 	return 0;
1121 }
1122 
1123 
1124 const char * hostapd_get_vlan_id_ifname(struct hostapd_vlan *vlan, int vlan_id)
1125 {
1126 	struct hostapd_vlan *v = vlan;
1127 	while (v) {
1128 		if (v->vlan_id == vlan_id)
1129 			return v->ifname;
1130 		v = v->next;
1131 	}
1132 	return NULL;
1133 }
1134 
1135 
1136 const u8 * hostapd_get_psk(const struct hostapd_bss_config *conf,
1137 			   const u8 *addr, const u8 *p2p_dev_addr,
1138 			   const u8 *prev_psk, int *vlan_id)
1139 {
1140 	struct hostapd_wpa_psk *psk;
1141 	int next_ok = prev_psk == NULL;
1142 
1143 	if (vlan_id)
1144 		*vlan_id = 0;
1145 
1146 	if (p2p_dev_addr && !is_zero_ether_addr(p2p_dev_addr)) {
1147 		wpa_printf(MSG_DEBUG, "Searching a PSK for " MACSTR
1148 			   " p2p_dev_addr=" MACSTR " prev_psk=%p",
1149 			   MAC2STR(addr), MAC2STR(p2p_dev_addr), prev_psk);
1150 		addr = NULL; /* Use P2P Device Address for matching */
1151 	} else {
1152 		wpa_printf(MSG_DEBUG, "Searching a PSK for " MACSTR
1153 			   " prev_psk=%p",
1154 			   MAC2STR(addr), prev_psk);
1155 	}
1156 
1157 	for (psk = conf->ssid.wpa_psk; psk != NULL; psk = psk->next) {
1158 		if (next_ok &&
1159 		    (psk->group ||
1160 		     (addr && ether_addr_equal(psk->addr, addr)) ||
1161 		     (!addr && p2p_dev_addr &&
1162 		      ether_addr_equal(psk->p2p_dev_addr, p2p_dev_addr)))) {
1163 			if (vlan_id)
1164 				*vlan_id = psk->vlan_id;
1165 			return psk->psk;
1166 		}
1167 
1168 		if (psk->psk == prev_psk)
1169 			next_ok = 1;
1170 	}
1171 
1172 	return NULL;
1173 }
1174 
1175 
1176 #ifdef CONFIG_SAE_PK
1177 static bool hostapd_sae_pk_password_without_pk(struct hostapd_bss_config *bss)
1178 {
1179 	struct sae_password_entry *pw;
1180 	bool res = false;
1181 
1182 	if (bss->ssid.wpa_passphrase &&
1183 #ifdef CONFIG_TESTING_OPTIONS
1184 	    !bss->sae_pk_password_check_skip &&
1185 #endif /* CONFIG_TESTING_OPTIONS */
1186 	    sae_pk_valid_password(bss->ssid.wpa_passphrase))
1187 		res = true;
1188 
1189 	for (pw = bss->sae_passwords; pw; pw = pw->next) {
1190 		if (!pw->pk &&
1191 #ifdef CONFIG_TESTING_OPTIONS
1192 		    !bss->sae_pk_password_check_skip &&
1193 #endif /* CONFIG_TESTING_OPTIONS */
1194 		    sae_pk_valid_password(pw->password))
1195 			return true;
1196 
1197 		if (bss->ssid.wpa_passphrase && res && pw->pk &&
1198 		    os_strcmp(bss->ssid.wpa_passphrase, pw->password) == 0)
1199 			res = false;
1200 	}
1201 
1202 	return res;
1203 }
1204 #endif /* CONFIG_SAE_PK */
1205 
1206 
1207 static bool hostapd_config_check_bss_6g(struct hostapd_bss_config *bss)
1208 {
1209 	if (bss->wpa != WPA_PROTO_RSN) {
1210 		wpa_printf(MSG_ERROR,
1211 			   "Pre-RSNA security methods are not allowed in 6 GHz");
1212 		return false;
1213 	}
1214 
1215 	if (bss->ieee80211w != MGMT_FRAME_PROTECTION_REQUIRED) {
1216 		wpa_printf(MSG_ERROR,
1217 			   "Management frame protection is required in 6 GHz");
1218 		return false;
1219 	}
1220 
1221 	if (bss->wpa_key_mgmt & (WPA_KEY_MGMT_PSK |
1222 				 WPA_KEY_MGMT_FT_PSK |
1223 				 WPA_KEY_MGMT_PSK_SHA256)) {
1224 		wpa_printf(MSG_ERROR, "Invalid AKM suite for 6 GHz");
1225 		return false;
1226 	}
1227 
1228 	if (bss->rsn_pairwise & (WPA_CIPHER_WEP40 |
1229 				 WPA_CIPHER_WEP104 |
1230 				 WPA_CIPHER_TKIP)) {
1231 		wpa_printf(MSG_ERROR,
1232 			   "Invalid pairwise cipher suite for 6 GHz");
1233 		return false;
1234 	}
1235 
1236 	if (bss->wpa_group & (WPA_CIPHER_WEP40 |
1237 			      WPA_CIPHER_WEP104 |
1238 			      WPA_CIPHER_TKIP)) {
1239 		wpa_printf(MSG_ERROR, "Invalid group cipher suite for 6 GHz");
1240 		return false;
1241 	}
1242 
1243 #ifdef CONFIG_SAE
1244 	if (wpa_key_mgmt_sae(bss->wpa_key_mgmt) &&
1245 	    bss->sae_pwe == SAE_PWE_HUNT_AND_PECK) {
1246 		wpa_printf(MSG_INFO, "SAE: Enabling SAE H2E on 6 GHz");
1247 		bss->sae_pwe = SAE_PWE_BOTH;
1248 	}
1249 #endif /* CONFIG_SAE */
1250 
1251 	return true;
1252 }
1253 
1254 
1255 static int hostapd_config_check_bss(struct hostapd_bss_config *bss,
1256 				    struct hostapd_config *conf,
1257 				    int full_config)
1258 {
1259 	if (full_config && is_6ghz_op_class(conf->op_class) &&
1260 	    !hostapd_config_check_bss_6g(bss))
1261 		return -1;
1262 
1263 	if (full_config && bss->ieee802_1x && !bss->eap_server &&
1264 	    !bss->radius->auth_servers) {
1265 		wpa_printf(MSG_ERROR, "Invalid IEEE 802.1X configuration (no "
1266 			   "EAP authenticator configured).");
1267 		return -1;
1268 	}
1269 
1270 #ifdef CONFIG_WEP
1271 	if (bss->wpa) {
1272 		int wep, i;
1273 
1274 		wep = bss->default_wep_key_len > 0 ||
1275 		       bss->individual_wep_key_len > 0;
1276 		for (i = 0; i < NUM_WEP_KEYS; i++) {
1277 			if (bss->ssid.wep.keys_set) {
1278 				wep = 1;
1279 				break;
1280 			}
1281 		}
1282 
1283 		if (wep) {
1284 			wpa_printf(MSG_ERROR, "WEP configuration in a WPA network is not supported");
1285 			return -1;
1286 		}
1287 	}
1288 #endif /* CONFIG_WEP */
1289 
1290 	if (full_config && bss->wpa &&
1291 	    bss->wpa_psk_radius != PSK_RADIUS_IGNORED &&
1292 	    bss->wpa_psk_radius != PSK_RADIUS_DURING_4WAY_HS &&
1293 	    bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH) {
1294 		wpa_printf(MSG_ERROR, "WPA-PSK using RADIUS enabled, but no "
1295 			   "RADIUS checking (macaddr_acl=2) enabled.");
1296 		return -1;
1297 	}
1298 
1299 	if (full_config && bss->wpa &&
1300 	    wpa_key_mgmt_wpa_psk_no_sae(bss->wpa_key_mgmt) &&
1301 	    bss->ssid.wpa_psk == NULL && bss->ssid.wpa_passphrase == NULL &&
1302 	    bss->ssid.wpa_psk_file == NULL &&
1303 	    bss->wpa_psk_radius != PSK_RADIUS_DURING_4WAY_HS &&
1304 	    (bss->wpa_psk_radius != PSK_RADIUS_REQUIRED ||
1305 	     bss->macaddr_acl != USE_EXTERNAL_RADIUS_AUTH)) {
1306 		wpa_printf(MSG_ERROR, "WPA-PSK enabled, but PSK or passphrase "
1307 			   "is not configured.");
1308 		return -1;
1309 	}
1310 
1311 	if (full_config && !is_zero_ether_addr(bss->bssid)) {
1312 		size_t i;
1313 
1314 		for (i = 0; i < conf->num_bss; i++) {
1315 			if (conf->bss[i] != bss &&
1316 			    (hostapd_mac_comp(conf->bss[i]->bssid,
1317 					      bss->bssid) == 0)) {
1318 				wpa_printf(MSG_ERROR, "Duplicate BSSID " MACSTR
1319 					   " on interface '%s' and '%s'.",
1320 					   MAC2STR(bss->bssid),
1321 					   conf->bss[i]->iface, bss->iface);
1322 				return -1;
1323 			}
1324 		}
1325 	}
1326 
1327 #ifdef CONFIG_IEEE80211R_AP
1328 	if (full_config && wpa_key_mgmt_ft(bss->wpa_key_mgmt) &&
1329 	    (bss->nas_identifier == NULL ||
1330 	     os_strlen(bss->nas_identifier) < 1 ||
1331 	     os_strlen(bss->nas_identifier) > FT_R0KH_ID_MAX_LEN)) {
1332 		wpa_printf(MSG_ERROR, "FT (IEEE 802.11r) requires "
1333 			   "nas_identifier to be configured as a 1..48 octet "
1334 			   "string");
1335 		return -1;
1336 	}
1337 #endif /* CONFIG_IEEE80211R_AP */
1338 
1339 	if (full_config && conf->ieee80211n &&
1340 	    conf->hw_mode == HOSTAPD_MODE_IEEE80211B) {
1341 		bss->disable_11n = true;
1342 		wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) in 11b mode is not "
1343 			   "allowed, disabling HT capabilities");
1344 	}
1345 
1346 #ifdef CONFIG_WEP
1347 	if (full_config && conf->ieee80211n &&
1348 	    bss->ssid.security_policy == SECURITY_STATIC_WEP) {
1349 		bss->disable_11n = true;
1350 		wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) with WEP is not "
1351 			   "allowed, disabling HT capabilities");
1352 	}
1353 #endif /* CONFIG_WEP */
1354 
1355 	if (full_config && conf->ieee80211n && bss->wpa &&
1356 	    !(bss->wpa_pairwise & WPA_CIPHER_CCMP) &&
1357 	    !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
1358 				   WPA_CIPHER_CCMP_256 | WPA_CIPHER_GCMP_256)))
1359 	{
1360 		bss->disable_11n = true;
1361 		wpa_printf(MSG_ERROR, "HT (IEEE 802.11n) with WPA/WPA2 "
1362 			   "requires CCMP/GCMP to be enabled, disabling HT "
1363 			   "capabilities");
1364 	}
1365 
1366 #ifdef CONFIG_IEEE80211AC
1367 #ifdef CONFIG_WEP
1368 	if (full_config && conf->ieee80211ac &&
1369 	    bss->ssid.security_policy == SECURITY_STATIC_WEP) {
1370 		bss->disable_11ac = true;
1371 		wpa_printf(MSG_ERROR,
1372 			   "VHT (IEEE 802.11ac) with WEP is not allowed, disabling VHT capabilities");
1373 	}
1374 #endif /* CONFIG_WEP */
1375 
1376 	if (full_config && conf->ieee80211ac && bss->wpa &&
1377 	    !(bss->wpa_pairwise & WPA_CIPHER_CCMP) &&
1378 	    !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
1379 				   WPA_CIPHER_CCMP_256 | WPA_CIPHER_GCMP_256)))
1380 	{
1381 		bss->disable_11ac = true;
1382 		wpa_printf(MSG_ERROR,
1383 			   "VHT (IEEE 802.11ac) with WPA/WPA2 requires CCMP/GCMP to be enabled, disabling VHT capabilities");
1384 	}
1385 #endif /* CONFIG_IEEE80211AC */
1386 
1387 #ifdef CONFIG_IEEE80211AX
1388 #ifdef CONFIG_WEP
1389 	if (full_config && conf->ieee80211ax &&
1390 	    bss->ssid.security_policy == SECURITY_STATIC_WEP) {
1391 		bss->disable_11ax = true;
1392 		wpa_printf(MSG_ERROR,
1393 			   "HE (IEEE 802.11ax) with WEP is not allowed, disabling HE capabilities");
1394 	}
1395 #endif /* CONFIG_WEP */
1396 
1397 	if (full_config && conf->ieee80211ax && bss->wpa &&
1398 	    !(bss->wpa_pairwise & WPA_CIPHER_CCMP) &&
1399 	    !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
1400 				   WPA_CIPHER_CCMP_256 | WPA_CIPHER_GCMP_256)))
1401 	{
1402 		bss->disable_11ax = true;
1403 		wpa_printf(MSG_ERROR,
1404 			   "HE (IEEE 802.11ax) with WPA/WPA2 requires CCMP/GCMP to be enabled, disabling HE capabilities");
1405 	}
1406 #endif /* CONFIG_IEEE80211AX */
1407 
1408 #ifdef CONFIG_WPS
1409 	if (full_config && bss->wps_state && bss->ignore_broadcast_ssid) {
1410 		wpa_printf(MSG_INFO, "WPS: ignore_broadcast_ssid "
1411 			   "configuration forced WPS to be disabled");
1412 		bss->wps_state = 0;
1413 	}
1414 
1415 #ifdef CONFIG_WEP
1416 	if (full_config && bss->wps_state &&
1417 	    bss->ssid.wep.keys_set && bss->wpa == 0) {
1418 		wpa_printf(MSG_INFO, "WPS: WEP configuration forced WPS to be "
1419 			   "disabled");
1420 		bss->wps_state = 0;
1421 	}
1422 #endif /* CONFIG_WEP */
1423 
1424 	if (full_config && bss->wps_state && bss->wpa &&
1425 	    (!(bss->wpa & 2) ||
1426 	     !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
1427 				    WPA_CIPHER_CCMP_256 |
1428 				    WPA_CIPHER_GCMP_256)))) {
1429 		wpa_printf(MSG_INFO, "WPS: WPA/TKIP configuration without "
1430 			   "WPA2/CCMP/GCMP forced WPS to be disabled");
1431 		bss->wps_state = 0;
1432 	}
1433 #endif /* CONFIG_WPS */
1434 
1435 #ifdef CONFIG_HS20
1436 	if (full_config && bss->hs20 &&
1437 	    (!(bss->wpa & 2) ||
1438 	     !(bss->rsn_pairwise & (WPA_CIPHER_CCMP | WPA_CIPHER_GCMP |
1439 				    WPA_CIPHER_CCMP_256 |
1440 				    WPA_CIPHER_GCMP_256)))) {
1441 		wpa_printf(MSG_ERROR, "HS 2.0: WPA2-Enterprise/CCMP "
1442 			   "configuration is required for Hotspot 2.0 "
1443 			   "functionality");
1444 		return -1;
1445 	}
1446 #endif /* CONFIG_HS20 */
1447 
1448 #ifdef CONFIG_MBO
1449 	if (full_config && bss->mbo_enabled && (bss->wpa & 2) &&
1450 	    bss->ieee80211w == NO_MGMT_FRAME_PROTECTION) {
1451 		wpa_printf(MSG_ERROR,
1452 			   "MBO: PMF needs to be enabled whenever using WPA2 with MBO");
1453 		return -1;
1454 	}
1455 #endif /* CONFIG_MBO */
1456 
1457 #ifdef CONFIG_OCV
1458 	if (full_config && bss->ieee80211w == NO_MGMT_FRAME_PROTECTION &&
1459 	    bss->ocv) {
1460 		wpa_printf(MSG_ERROR,
1461 			   "OCV: PMF needs to be enabled whenever using OCV");
1462 		return -1;
1463 	}
1464 #endif /* CONFIG_OCV */
1465 
1466 #ifdef CONFIG_SAE_PK
1467 	if (full_config && hostapd_sae_pk_in_use(bss) &&
1468 	    hostapd_sae_pk_password_without_pk(bss)) {
1469 		wpa_printf(MSG_ERROR,
1470 			   "SAE-PK: SAE password uses SAE-PK style, but does not have PK configured");
1471 		return -1;
1472 	}
1473 #endif /* CONFIG_SAE_PK */
1474 
1475 #ifdef CONFIG_FILS
1476 	if (full_config && bss->fils_discovery_max_int &&
1477 	    (!conf->ieee80211ax || bss->disable_11ax)) {
1478 		wpa_printf(MSG_ERROR,
1479 			   "Currently IEEE 802.11ax support is mandatory to enable FILS discovery transmission.");
1480 		return -1;
1481 	}
1482 
1483 	if (full_config && bss->fils_discovery_max_int &&
1484 	    bss->unsol_bcast_probe_resp_interval) {
1485 		wpa_printf(MSG_ERROR,
1486 			   "Cannot enable both FILS discovery and unsolicited broadcast Probe Response at the same time");
1487 		return -1;
1488 	}
1489 #endif /* CONFIG_FILS */
1490 
1491 #ifdef CONFIG_IEEE80211BE
1492 	if (full_config && !bss->disable_11be && bss->disable_11ax) {
1493 		bss->disable_11be = true;
1494 		wpa_printf(MSG_INFO,
1495 			   "Disabling IEEE 802.11be as IEEE 802.11ax is disabled for this BSS");
1496 	}
1497 #endif /* CONFIG_IEEE80211BE */
1498 
1499 	if (full_config && bss->ignore_broadcast_ssid && conf->mbssid) {
1500 		wpa_printf(MSG_ERROR,
1501 			   "Hidden SSID is not suppored when MBSSID is enabled");
1502 		return -1;
1503 	}
1504 
1505 	return 0;
1506 }
1507 
1508 
1509 static int hostapd_config_check_cw(struct hostapd_config *conf, int queue)
1510 {
1511 	int tx_cwmin = conf->tx_queue[queue].cwmin;
1512 	int tx_cwmax = conf->tx_queue[queue].cwmax;
1513 	int ac_cwmin = conf->wmm_ac_params[queue].cwmin;
1514 	int ac_cwmax = conf->wmm_ac_params[queue].cwmax;
1515 
1516 	if (tx_cwmin > tx_cwmax) {
1517 		wpa_printf(MSG_ERROR,
1518 			   "Invalid TX queue cwMin/cwMax values. cwMin(%d) greater than cwMax(%d)",
1519 			   tx_cwmin, tx_cwmax);
1520 		return -1;
1521 	}
1522 	if (ac_cwmin > ac_cwmax) {
1523 		wpa_printf(MSG_ERROR,
1524 			   "Invalid WMM AC cwMin/cwMax values. cwMin(%d) greater than cwMax(%d)",
1525 			   ac_cwmin, ac_cwmax);
1526 		return -1;
1527 	}
1528 	return 0;
1529 }
1530 
1531 
1532 int hostapd_config_check(struct hostapd_config *conf, int full_config)
1533 {
1534 	size_t i;
1535 
1536 	if (full_config && is_6ghz_op_class(conf->op_class) &&
1537 	    !conf->hw_mode_set) {
1538 		/* Use the appropriate hw_mode value automatically when the
1539 		 * op_class parameter has been set, but hw_mode was not. */
1540 		conf->hw_mode = HOSTAPD_MODE_IEEE80211A;
1541 	}
1542 
1543 	if (full_config && conf->ieee80211d &&
1544 	    (!conf->country[0] || !conf->country[1])) {
1545 		wpa_printf(MSG_ERROR, "Cannot enable IEEE 802.11d without "
1546 			   "setting the country_code");
1547 		return -1;
1548 	}
1549 
1550 	if (full_config && conf->ieee80211h && !conf->ieee80211d) {
1551 		wpa_printf(MSG_ERROR, "Cannot enable IEEE 802.11h without "
1552 			   "IEEE 802.11d enabled");
1553 		return -1;
1554 	}
1555 
1556 	if (full_config && conf->local_pwr_constraint != -1 &&
1557 	    !conf->ieee80211d) {
1558 		wpa_printf(MSG_ERROR, "Cannot add Power Constraint element without Country element");
1559 		return -1;
1560 	}
1561 
1562 	if (full_config && conf->spectrum_mgmt_required &&
1563 	    conf->local_pwr_constraint == -1) {
1564 		wpa_printf(MSG_ERROR, "Cannot set Spectrum Management bit without Country and Power Constraint elements");
1565 		return -1;
1566 	}
1567 
1568 #ifdef CONFIG_AIRTIME_POLICY
1569 	if (full_config && conf->airtime_mode > AIRTIME_MODE_STATIC &&
1570 	    !conf->airtime_update_interval) {
1571 		wpa_printf(MSG_ERROR, "Airtime update interval cannot be zero");
1572 		return -1;
1573 	}
1574 #endif /* CONFIG_AIRTIME_POLICY */
1575 	for (i = 0; i < NUM_TX_QUEUES; i++) {
1576 		if (hostapd_config_check_cw(conf, i))
1577 			return -1;
1578 	}
1579 
1580 #ifdef CONFIG_IEEE80211BE
1581 	if (full_config && conf->ieee80211be && !conf->ieee80211ax) {
1582 		wpa_printf(MSG_ERROR,
1583 			   "Cannot set ieee80211be without ieee80211ax");
1584 		return -1;
1585 	}
1586 
1587 	if (full_config)
1588 		hostapd_set_and_check_bw320_offset(conf,
1589 						   conf->eht_bw320_offset);
1590 #endif /* CONFIG_IEEE80211BE */
1591 
1592 	if (full_config && conf->mbssid && !conf->ieee80211ax) {
1593 		wpa_printf(MSG_ERROR,
1594 			   "Cannot enable multiple BSSID support without ieee80211ax");
1595 		return -1;
1596 	}
1597 
1598 	for (i = 0; i < conf->num_bss; i++) {
1599 		if (hostapd_config_check_bss(conf->bss[i], conf, full_config))
1600 			return -1;
1601 	}
1602 
1603 	return 0;
1604 }
1605 
1606 
1607 void hostapd_set_security_params(struct hostapd_bss_config *bss,
1608 				 int full_config)
1609 {
1610 #ifdef CONFIG_WEP
1611 	if (bss->individual_wep_key_len == 0) {
1612 		/* individual keys are not use; can use key idx0 for
1613 		 * broadcast keys */
1614 		bss->broadcast_key_idx_min = 0;
1615 	}
1616 #endif /* CONFIG_WEP */
1617 
1618 	if ((bss->wpa & 2) && bss->rsn_pairwise == 0)
1619 		bss->rsn_pairwise = bss->wpa_pairwise;
1620 	if (bss->group_cipher)
1621 		bss->wpa_group = bss->group_cipher;
1622 	else
1623 		bss->wpa_group = wpa_select_ap_group_cipher(bss->wpa,
1624 							    bss->wpa_pairwise,
1625 							    bss->rsn_pairwise);
1626 	if (!bss->wpa_group_rekey_set)
1627 		bss->wpa_group_rekey = bss->wpa_group == WPA_CIPHER_TKIP ?
1628 			600 : 86400;
1629 
1630 	if (full_config) {
1631 		bss->radius->auth_server = bss->radius->auth_servers;
1632 		bss->radius->acct_server = bss->radius->acct_servers;
1633 	}
1634 
1635 	if (bss->wpa && bss->ieee802_1x) {
1636 		bss->ssid.security_policy = SECURITY_WPA;
1637 	} else if (bss->wpa) {
1638 		bss->ssid.security_policy = SECURITY_WPA_PSK;
1639 	} else if (bss->ieee802_1x) {
1640 		int cipher = WPA_CIPHER_NONE;
1641 		bss->ssid.security_policy = SECURITY_IEEE_802_1X;
1642 #ifdef CONFIG_WEP
1643 		bss->ssid.wep.default_len = bss->default_wep_key_len;
1644 		if (full_config && bss->default_wep_key_len) {
1645 			cipher = bss->default_wep_key_len >= 13 ?
1646 				WPA_CIPHER_WEP104 : WPA_CIPHER_WEP40;
1647 		} else if (full_config && bss->ssid.wep.keys_set) {
1648 			if (bss->ssid.wep.len[0] >= 13)
1649 				cipher = WPA_CIPHER_WEP104;
1650 			else
1651 				cipher = WPA_CIPHER_WEP40;
1652 		}
1653 #endif /* CONFIG_WEP */
1654 		bss->wpa_group = cipher;
1655 		bss->wpa_pairwise = cipher;
1656 		bss->rsn_pairwise = cipher;
1657 		if (full_config)
1658 			bss->wpa_key_mgmt = WPA_KEY_MGMT_IEEE8021X_NO_WPA;
1659 #ifdef CONFIG_WEP
1660 	} else if (bss->ssid.wep.keys_set) {
1661 		int cipher = WPA_CIPHER_WEP40;
1662 		if (bss->ssid.wep.len[0] >= 13)
1663 			cipher = WPA_CIPHER_WEP104;
1664 		bss->ssid.security_policy = SECURITY_STATIC_WEP;
1665 		bss->wpa_group = cipher;
1666 		bss->wpa_pairwise = cipher;
1667 		bss->rsn_pairwise = cipher;
1668 		if (full_config)
1669 			bss->wpa_key_mgmt = WPA_KEY_MGMT_NONE;
1670 #endif /* CONFIG_WEP */
1671 	} else if (bss->osen) {
1672 		bss->ssid.security_policy = SECURITY_OSEN;
1673 		bss->wpa_group = WPA_CIPHER_CCMP;
1674 		bss->wpa_pairwise = 0;
1675 		bss->rsn_pairwise = WPA_CIPHER_CCMP;
1676 	} else {
1677 		bss->ssid.security_policy = SECURITY_PLAINTEXT;
1678 		if (full_config) {
1679 			bss->wpa_group = WPA_CIPHER_NONE;
1680 			bss->wpa_pairwise = WPA_CIPHER_NONE;
1681 			bss->rsn_pairwise = WPA_CIPHER_NONE;
1682 			bss->wpa_key_mgmt = WPA_KEY_MGMT_NONE;
1683 		}
1684 	}
1685 }
1686 
1687 
1688 int hostapd_sae_pw_id_in_use(struct hostapd_bss_config *conf)
1689 {
1690 	int with_id = 0, without_id = 0;
1691 	struct sae_password_entry *pw;
1692 
1693 	if (conf->ssid.wpa_passphrase)
1694 		without_id = 1;
1695 
1696 	for (pw = conf->sae_passwords; pw; pw = pw->next) {
1697 		if (pw->identifier)
1698 			with_id = 1;
1699 		else
1700 			without_id = 1;
1701 		if (with_id && without_id)
1702 			break;
1703 	}
1704 
1705 	if (with_id && !without_id)
1706 		return 2;
1707 	return with_id;
1708 }
1709 
1710 
1711 bool hostapd_sae_pk_in_use(struct hostapd_bss_config *conf)
1712 {
1713 #ifdef CONFIG_SAE_PK
1714 	struct sae_password_entry *pw;
1715 
1716 	for (pw = conf->sae_passwords; pw; pw = pw->next) {
1717 		if (pw->pk)
1718 			return true;
1719 	}
1720 #endif /* CONFIG_SAE_PK */
1721 
1722 	return false;
1723 }
1724 
1725 
1726 #ifdef CONFIG_SAE_PK
1727 bool hostapd_sae_pk_exclusively(struct hostapd_bss_config *conf)
1728 {
1729 	bool with_pk = false;
1730 	struct sae_password_entry *pw;
1731 
1732 	if (conf->ssid.wpa_passphrase)
1733 		return false;
1734 
1735 	for (pw = conf->sae_passwords; pw; pw = pw->next) {
1736 		if (!pw->pk)
1737 			return false;
1738 		with_pk = true;
1739 	}
1740 
1741 	return with_pk;
1742 }
1743 #endif /* CONFIG_SAE_PK */
1744 
1745 
1746 int hostapd_acl_comp(const void *a, const void *b)
1747 {
1748 	const struct mac_acl_entry *aa = a;
1749 	const struct mac_acl_entry *bb = b;
1750 	return os_memcmp(aa->addr, bb->addr, sizeof(macaddr));
1751 }
1752 
1753 
1754 int hostapd_add_acl_maclist(struct mac_acl_entry **acl, int *num,
1755 			    int vlan_id, const u8 *addr)
1756 {
1757 	struct mac_acl_entry *newacl;
1758 
1759 	newacl = os_realloc_array(*acl, *num + 1, sizeof(**acl));
1760 	if (!newacl) {
1761 		wpa_printf(MSG_ERROR, "MAC list reallocation failed");
1762 		return -1;
1763 	}
1764 
1765 	*acl = newacl;
1766 	os_memcpy((*acl)[*num].addr, addr, ETH_ALEN);
1767 	os_memset(&(*acl)[*num].vlan_id, 0, sizeof((*acl)[*num].vlan_id));
1768 	(*acl)[*num].vlan_id.untagged = vlan_id;
1769 	(*acl)[*num].vlan_id.notempty = !!vlan_id;
1770 	(*num)++;
1771 
1772 	return 0;
1773 }
1774 
1775 
1776 void hostapd_remove_acl_mac(struct mac_acl_entry **acl, int *num,
1777 			    const u8 *addr)
1778 {
1779 	int i = 0;
1780 
1781 	while (i < *num) {
1782 		if (ether_addr_equal((*acl)[i].addr, addr)) {
1783 			os_remove_in_array(*acl, *num, sizeof(**acl), i);
1784 			(*num)--;
1785 		} else {
1786 			i++;
1787 		}
1788 	}
1789 }
1790