1 /* 2 * hostapd / WPA authenticator glue code 3 * Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi> 4 * 5 * This software may be distributed under the terms of the BSD license. 6 * See README for more details. 7 */ 8 9 #include "utils/includes.h" 10 11 #include "utils/common.h" 12 #include "utils/eloop.h" 13 #include "utils/list.h" 14 #include "common/ieee802_11_defs.h" 15 #include "common/sae.h" 16 #include "common/wpa_ctrl.h" 17 #include "crypto/sha1.h" 18 #include "eapol_auth/eapol_auth_sm.h" 19 #include "eapol_auth/eapol_auth_sm_i.h" 20 #include "eap_server/eap.h" 21 #include "l2_packet/l2_packet.h" 22 #include "eth_p_oui.h" 23 #include "hostapd.h" 24 #include "ieee802_1x.h" 25 #include "preauth_auth.h" 26 #include "sta_info.h" 27 #include "tkip_countermeasures.h" 28 #include "ap_drv_ops.h" 29 #include "ap_config.h" 30 #include "pmksa_cache_auth.h" 31 #include "wpa_auth.h" 32 #include "wpa_auth_glue.h" 33 34 35 static void hostapd_wpa_auth_conf(struct hostapd_bss_config *conf, 36 struct hostapd_config *iconf, 37 struct wpa_auth_config *wconf) 38 { 39 os_memset(wconf, 0, sizeof(*wconf)); 40 wconf->wpa = conf->wpa; 41 wconf->wpa_key_mgmt = conf->wpa_key_mgmt; 42 wconf->wpa_pairwise = conf->wpa_pairwise; 43 wconf->wpa_group = conf->wpa_group; 44 wconf->wpa_group_rekey = conf->wpa_group_rekey; 45 wconf->wpa_strict_rekey = conf->wpa_strict_rekey; 46 wconf->wpa_gmk_rekey = conf->wpa_gmk_rekey; 47 wconf->wpa_ptk_rekey = conf->wpa_ptk_rekey; 48 wconf->wpa_group_update_count = conf->wpa_group_update_count; 49 wconf->wpa_disable_eapol_key_retries = 50 conf->wpa_disable_eapol_key_retries; 51 wconf->wpa_pairwise_update_count = conf->wpa_pairwise_update_count; 52 wconf->rsn_pairwise = conf->rsn_pairwise; 53 wconf->rsn_preauth = conf->rsn_preauth; 54 wconf->eapol_version = conf->eapol_version; 55 wconf->wmm_enabled = conf->wmm_enabled; 56 wconf->wmm_uapsd = conf->wmm_uapsd; 57 wconf->disable_pmksa_caching = conf->disable_pmksa_caching; 58 wconf->okc = conf->okc; 59 #ifdef CONFIG_IEEE80211W 60 wconf->ieee80211w = conf->ieee80211w; 61 wconf->group_mgmt_cipher = conf->group_mgmt_cipher; 62 wconf->sae_require_mfp = conf->sae_require_mfp; 63 #endif /* CONFIG_IEEE80211W */ 64 #ifdef CONFIG_IEEE80211R_AP 65 wconf->ssid_len = conf->ssid.ssid_len; 66 if (wconf->ssid_len > SSID_MAX_LEN) 67 wconf->ssid_len = SSID_MAX_LEN; 68 os_memcpy(wconf->ssid, conf->ssid.ssid, wconf->ssid_len); 69 os_memcpy(wconf->mobility_domain, conf->mobility_domain, 70 MOBILITY_DOMAIN_ID_LEN); 71 if (conf->nas_identifier && 72 os_strlen(conf->nas_identifier) <= FT_R0KH_ID_MAX_LEN) { 73 wconf->r0_key_holder_len = os_strlen(conf->nas_identifier); 74 os_memcpy(wconf->r0_key_holder, conf->nas_identifier, 75 wconf->r0_key_holder_len); 76 } 77 os_memcpy(wconf->r1_key_holder, conf->r1_key_holder, FT_R1KH_ID_LEN); 78 wconf->r0_key_lifetime = conf->r0_key_lifetime; 79 wconf->r1_max_key_lifetime = conf->r1_max_key_lifetime; 80 wconf->reassociation_deadline = conf->reassociation_deadline; 81 wconf->rkh_pos_timeout = conf->rkh_pos_timeout; 82 wconf->rkh_neg_timeout = conf->rkh_neg_timeout; 83 wconf->rkh_pull_timeout = conf->rkh_pull_timeout; 84 wconf->rkh_pull_retries = conf->rkh_pull_retries; 85 wconf->r0kh_list = &conf->r0kh_list; 86 wconf->r1kh_list = &conf->r1kh_list; 87 wconf->pmk_r1_push = conf->pmk_r1_push; 88 wconf->ft_over_ds = conf->ft_over_ds; 89 wconf->ft_psk_generate_local = conf->ft_psk_generate_local; 90 #endif /* CONFIG_IEEE80211R_AP */ 91 #ifdef CONFIG_HS20 92 wconf->disable_gtk = conf->disable_dgaf; 93 if (conf->osen) { 94 wconf->disable_gtk = 1; 95 wconf->wpa = WPA_PROTO_OSEN; 96 wconf->wpa_key_mgmt = WPA_KEY_MGMT_OSEN; 97 wconf->wpa_pairwise = 0; 98 wconf->wpa_group = WPA_CIPHER_CCMP; 99 wconf->rsn_pairwise = WPA_CIPHER_CCMP; 100 wconf->rsn_preauth = 0; 101 wconf->disable_pmksa_caching = 1; 102 #ifdef CONFIG_IEEE80211W 103 wconf->ieee80211w = 1; 104 #endif /* CONFIG_IEEE80211W */ 105 } 106 #endif /* CONFIG_HS20 */ 107 #ifdef CONFIG_TESTING_OPTIONS 108 wconf->corrupt_gtk_rekey_mic_probability = 109 iconf->corrupt_gtk_rekey_mic_probability; 110 if (conf->own_ie_override && 111 wpabuf_len(conf->own_ie_override) <= MAX_OWN_IE_OVERRIDE) { 112 wconf->own_ie_override_len = wpabuf_len(conf->own_ie_override); 113 os_memcpy(wconf->own_ie_override, 114 wpabuf_head(conf->own_ie_override), 115 wconf->own_ie_override_len); 116 } 117 #endif /* CONFIG_TESTING_OPTIONS */ 118 #ifdef CONFIG_P2P 119 os_memcpy(wconf->ip_addr_go, conf->ip_addr_go, 4); 120 os_memcpy(wconf->ip_addr_mask, conf->ip_addr_mask, 4); 121 os_memcpy(wconf->ip_addr_start, conf->ip_addr_start, 4); 122 os_memcpy(wconf->ip_addr_end, conf->ip_addr_end, 4); 123 #endif /* CONFIG_P2P */ 124 #ifdef CONFIG_FILS 125 wconf->fils_cache_id_set = conf->fils_cache_id_set; 126 os_memcpy(wconf->fils_cache_id, conf->fils_cache_id, 127 FILS_CACHE_ID_LEN); 128 #endif /* CONFIG_FILS */ 129 } 130 131 132 static void hostapd_wpa_auth_logger(void *ctx, const u8 *addr, 133 logger_level level, const char *txt) 134 { 135 #ifndef CONFIG_NO_HOSTAPD_LOGGER 136 struct hostapd_data *hapd = ctx; 137 int hlevel; 138 139 switch (level) { 140 case LOGGER_WARNING: 141 hlevel = HOSTAPD_LEVEL_WARNING; 142 break; 143 case LOGGER_INFO: 144 hlevel = HOSTAPD_LEVEL_INFO; 145 break; 146 case LOGGER_DEBUG: 147 default: 148 hlevel = HOSTAPD_LEVEL_DEBUG; 149 break; 150 } 151 152 hostapd_logger(hapd, addr, HOSTAPD_MODULE_WPA, hlevel, "%s", txt); 153 #endif /* CONFIG_NO_HOSTAPD_LOGGER */ 154 } 155 156 157 static void hostapd_wpa_auth_disconnect(void *ctx, const u8 *addr, 158 u16 reason) 159 { 160 struct hostapd_data *hapd = ctx; 161 wpa_printf(MSG_DEBUG, "%s: WPA authenticator requests disconnect: " 162 "STA " MACSTR " reason %d", 163 __func__, MAC2STR(addr), reason); 164 ap_sta_disconnect(hapd, NULL, addr, reason); 165 } 166 167 168 static int hostapd_wpa_auth_mic_failure_report(void *ctx, const u8 *addr) 169 { 170 struct hostapd_data *hapd = ctx; 171 return michael_mic_failure(hapd, addr, 0); 172 } 173 174 175 static void hostapd_wpa_auth_psk_failure_report(void *ctx, const u8 *addr) 176 { 177 struct hostapd_data *hapd = ctx; 178 wpa_msg(hapd->msg_ctx, MSG_INFO, AP_STA_POSSIBLE_PSK_MISMATCH MACSTR, 179 MAC2STR(addr)); 180 } 181 182 183 static void hostapd_wpa_auth_set_eapol(void *ctx, const u8 *addr, 184 wpa_eapol_variable var, int value) 185 { 186 struct hostapd_data *hapd = ctx; 187 struct sta_info *sta = ap_get_sta(hapd, addr); 188 if (sta == NULL) 189 return; 190 switch (var) { 191 case WPA_EAPOL_portEnabled: 192 ieee802_1x_notify_port_enabled(sta->eapol_sm, value); 193 break; 194 case WPA_EAPOL_portValid: 195 ieee802_1x_notify_port_valid(sta->eapol_sm, value); 196 break; 197 case WPA_EAPOL_authorized: 198 ieee802_1x_set_sta_authorized(hapd, sta, value); 199 break; 200 case WPA_EAPOL_portControl_Auto: 201 if (sta->eapol_sm) 202 sta->eapol_sm->portControl = Auto; 203 break; 204 case WPA_EAPOL_keyRun: 205 if (sta->eapol_sm) 206 sta->eapol_sm->keyRun = value ? TRUE : FALSE; 207 break; 208 case WPA_EAPOL_keyAvailable: 209 if (sta->eapol_sm) 210 sta->eapol_sm->eap_if->eapKeyAvailable = 211 value ? TRUE : FALSE; 212 break; 213 case WPA_EAPOL_keyDone: 214 if (sta->eapol_sm) 215 sta->eapol_sm->keyDone = value ? TRUE : FALSE; 216 break; 217 case WPA_EAPOL_inc_EapolFramesTx: 218 if (sta->eapol_sm) 219 sta->eapol_sm->dot1xAuthEapolFramesTx++; 220 break; 221 } 222 } 223 224 225 static int hostapd_wpa_auth_get_eapol(void *ctx, const u8 *addr, 226 wpa_eapol_variable var) 227 { 228 struct hostapd_data *hapd = ctx; 229 struct sta_info *sta = ap_get_sta(hapd, addr); 230 if (sta == NULL || sta->eapol_sm == NULL) 231 return -1; 232 switch (var) { 233 case WPA_EAPOL_keyRun: 234 return sta->eapol_sm->keyRun; 235 case WPA_EAPOL_keyAvailable: 236 return sta->eapol_sm->eap_if->eapKeyAvailable; 237 default: 238 return -1; 239 } 240 } 241 242 243 static const u8 * hostapd_wpa_auth_get_psk(void *ctx, const u8 *addr, 244 const u8 *p2p_dev_addr, 245 const u8 *prev_psk, size_t *psk_len) 246 { 247 struct hostapd_data *hapd = ctx; 248 struct sta_info *sta = ap_get_sta(hapd, addr); 249 const u8 *psk; 250 251 if (psk_len) 252 *psk_len = PMK_LEN; 253 254 #ifdef CONFIG_SAE 255 if (sta && sta->auth_alg == WLAN_AUTH_SAE) { 256 if (!sta->sae || prev_psk) 257 return NULL; 258 return sta->sae->pmk; 259 } 260 if (sta && wpa_auth_uses_sae(sta->wpa_sm)) { 261 wpa_printf(MSG_DEBUG, 262 "No PSK for STA trying to use SAE with PMKSA caching"); 263 return NULL; 264 } 265 #endif /* CONFIG_SAE */ 266 267 #ifdef CONFIG_OWE 268 if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) && 269 sta && sta->owe_pmk) { 270 if (psk_len) 271 *psk_len = sta->owe_pmk_len; 272 return sta->owe_pmk; 273 } 274 if ((hapd->conf->wpa_key_mgmt & WPA_KEY_MGMT_OWE) && sta) { 275 struct rsn_pmksa_cache_entry *sa; 276 277 sa = wpa_auth_sta_get_pmksa(sta->wpa_sm); 278 if (sa && sa->akmp == WPA_KEY_MGMT_OWE) { 279 if (psk_len) 280 *psk_len = sa->pmk_len; 281 return sa->pmk; 282 } 283 } 284 #endif /* CONFIG_OWE */ 285 286 psk = hostapd_get_psk(hapd->conf, addr, p2p_dev_addr, prev_psk); 287 /* 288 * This is about to iterate over all psks, prev_psk gives the last 289 * returned psk which should not be returned again. 290 * logic list (all hostapd_get_psk; all sta->psk) 291 */ 292 if (sta && sta->psk && !psk) { 293 struct hostapd_sta_wpa_psk_short *pos; 294 psk = sta->psk->psk; 295 for (pos = sta->psk; pos; pos = pos->next) { 296 if (pos->is_passphrase) { 297 pbkdf2_sha1(pos->passphrase, 298 hapd->conf->ssid.ssid, 299 hapd->conf->ssid.ssid_len, 4096, 300 pos->psk, PMK_LEN); 301 pos->is_passphrase = 0; 302 } 303 if (pos->psk == prev_psk) { 304 psk = pos->next ? pos->next->psk : NULL; 305 break; 306 } 307 } 308 } 309 return psk; 310 } 311 312 313 static int hostapd_wpa_auth_get_msk(void *ctx, const u8 *addr, u8 *msk, 314 size_t *len) 315 { 316 struct hostapd_data *hapd = ctx; 317 const u8 *key; 318 size_t keylen; 319 struct sta_info *sta; 320 321 sta = ap_get_sta(hapd, addr); 322 if (sta == NULL) { 323 wpa_printf(MSG_DEBUG, "AUTH_GET_MSK: Cannot find STA"); 324 return -1; 325 } 326 327 key = ieee802_1x_get_key(sta->eapol_sm, &keylen); 328 if (key == NULL) { 329 wpa_printf(MSG_DEBUG, "AUTH_GET_MSK: Key is null, eapol_sm: %p", 330 sta->eapol_sm); 331 return -1; 332 } 333 334 if (keylen > *len) 335 keylen = *len; 336 os_memcpy(msk, key, keylen); 337 *len = keylen; 338 339 return 0; 340 } 341 342 343 static int hostapd_wpa_auth_set_key(void *ctx, int vlan_id, enum wpa_alg alg, 344 const u8 *addr, int idx, u8 *key, 345 size_t key_len) 346 { 347 struct hostapd_data *hapd = ctx; 348 const char *ifname = hapd->conf->iface; 349 350 if (vlan_id > 0) { 351 ifname = hostapd_get_vlan_id_ifname(hapd->conf->vlan, vlan_id); 352 if (ifname == NULL) 353 return -1; 354 } 355 356 #ifdef CONFIG_TESTING_OPTIONS 357 if (addr && !is_broadcast_ether_addr(addr)) { 358 struct sta_info *sta; 359 360 sta = ap_get_sta(hapd, addr); 361 if (sta) { 362 sta->last_tk_alg = alg; 363 sta->last_tk_key_idx = idx; 364 if (key) 365 os_memcpy(sta->last_tk, key, key_len); 366 sta->last_tk_len = key_len; 367 } 368 #ifdef CONFIG_IEEE80211W 369 } else if (alg == WPA_ALG_IGTK || 370 alg == WPA_ALG_BIP_GMAC_128 || 371 alg == WPA_ALG_BIP_GMAC_256 || 372 alg == WPA_ALG_BIP_CMAC_256) { 373 hapd->last_igtk_alg = alg; 374 hapd->last_igtk_key_idx = idx; 375 if (key) 376 os_memcpy(hapd->last_igtk, key, key_len); 377 hapd->last_igtk_len = key_len; 378 #endif /* CONFIG_IEEE80211W */ 379 } else { 380 hapd->last_gtk_alg = alg; 381 hapd->last_gtk_key_idx = idx; 382 if (key) 383 os_memcpy(hapd->last_gtk, key, key_len); 384 hapd->last_gtk_len = key_len; 385 } 386 #endif /* CONFIG_TESTING_OPTIONS */ 387 return hostapd_drv_set_key(ifname, hapd, alg, addr, idx, 1, NULL, 0, 388 key, key_len); 389 } 390 391 392 static int hostapd_wpa_auth_get_seqnum(void *ctx, const u8 *addr, int idx, 393 u8 *seq) 394 { 395 struct hostapd_data *hapd = ctx; 396 return hostapd_get_seqnum(hapd->conf->iface, hapd, addr, idx, seq); 397 } 398 399 400 static int hostapd_wpa_auth_send_eapol(void *ctx, const u8 *addr, 401 const u8 *data, size_t data_len, 402 int encrypt) 403 { 404 struct hostapd_data *hapd = ctx; 405 struct sta_info *sta; 406 u32 flags = 0; 407 408 #ifdef CONFIG_TESTING_OPTIONS 409 if (hapd->ext_eapol_frame_io) { 410 size_t hex_len = 2 * data_len + 1; 411 char *hex = os_malloc(hex_len); 412 413 if (hex == NULL) 414 return -1; 415 wpa_snprintf_hex(hex, hex_len, data, data_len); 416 wpa_msg(hapd->msg_ctx, MSG_INFO, "EAPOL-TX " MACSTR " %s", 417 MAC2STR(addr), hex); 418 os_free(hex); 419 return 0; 420 } 421 #endif /* CONFIG_TESTING_OPTIONS */ 422 423 sta = ap_get_sta(hapd, addr); 424 if (sta) 425 flags = hostapd_sta_flags_to_drv(sta->flags); 426 427 return hostapd_drv_hapd_send_eapol(hapd, addr, data, data_len, 428 encrypt, flags); 429 } 430 431 432 static int hostapd_wpa_auth_for_each_sta( 433 void *ctx, int (*cb)(struct wpa_state_machine *sm, void *ctx), 434 void *cb_ctx) 435 { 436 struct hostapd_data *hapd = ctx; 437 struct sta_info *sta; 438 439 for (sta = hapd->sta_list; sta; sta = sta->next) { 440 if (sta->wpa_sm && cb(sta->wpa_sm, cb_ctx)) 441 return 1; 442 } 443 return 0; 444 } 445 446 447 struct wpa_auth_iface_iter_data { 448 int (*cb)(struct wpa_authenticator *sm, void *ctx); 449 void *cb_ctx; 450 }; 451 452 static int wpa_auth_iface_iter(struct hostapd_iface *iface, void *ctx) 453 { 454 struct wpa_auth_iface_iter_data *data = ctx; 455 size_t i; 456 for (i = 0; i < iface->num_bss; i++) { 457 if (iface->bss[i]->wpa_auth && 458 data->cb(iface->bss[i]->wpa_auth, data->cb_ctx)) 459 return 1; 460 } 461 return 0; 462 } 463 464 465 static int hostapd_wpa_auth_for_each_auth( 466 void *ctx, int (*cb)(struct wpa_authenticator *sm, void *ctx), 467 void *cb_ctx) 468 { 469 struct hostapd_data *hapd = ctx; 470 struct wpa_auth_iface_iter_data data; 471 if (hapd->iface->interfaces == NULL || 472 hapd->iface->interfaces->for_each_interface == NULL) 473 return -1; 474 data.cb = cb; 475 data.cb_ctx = cb_ctx; 476 return hapd->iface->interfaces->for_each_interface( 477 hapd->iface->interfaces, wpa_auth_iface_iter, &data); 478 } 479 480 481 #ifdef CONFIG_IEEE80211R_AP 482 483 struct wpa_ft_rrb_rx_later_data { 484 struct dl_list list; 485 u8 addr[ETH_ALEN]; 486 size_t data_len; 487 /* followed by data_len octets of data */ 488 }; 489 490 static void hostapd_wpa_ft_rrb_rx_later(void *eloop_ctx, void *timeout_ctx) 491 { 492 struct hostapd_data *hapd = eloop_ctx; 493 struct wpa_ft_rrb_rx_later_data *data, *n; 494 495 dl_list_for_each_safe(data, n, &hapd->l2_queue, 496 struct wpa_ft_rrb_rx_later_data, list) { 497 if (hapd->wpa_auth) { 498 wpa_ft_rrb_rx(hapd->wpa_auth, data->addr, 499 (const u8 *) (data + 1), 500 data->data_len); 501 } 502 dl_list_del(&data->list); 503 os_free(data); 504 } 505 } 506 507 508 struct wpa_auth_ft_iface_iter_data { 509 struct hostapd_data *src_hapd; 510 const u8 *dst; 511 const u8 *data; 512 size_t data_len; 513 }; 514 515 516 static int hostapd_wpa_auth_ft_iter(struct hostapd_iface *iface, void *ctx) 517 { 518 struct wpa_auth_ft_iface_iter_data *idata = ctx; 519 struct wpa_ft_rrb_rx_later_data *data; 520 struct hostapd_data *hapd; 521 size_t j; 522 523 for (j = 0; j < iface->num_bss; j++) { 524 hapd = iface->bss[j]; 525 if (hapd == idata->src_hapd || 526 !hapd->wpa_auth || 527 os_memcmp(hapd->own_addr, idata->dst, ETH_ALEN) != 0) 528 continue; 529 530 wpa_printf(MSG_DEBUG, 531 "FT: Send RRB data directly to locally managed BSS " 532 MACSTR "@%s -> " MACSTR "@%s", 533 MAC2STR(idata->src_hapd->own_addr), 534 idata->src_hapd->conf->iface, 535 MAC2STR(hapd->own_addr), hapd->conf->iface); 536 537 /* Defer wpa_ft_rrb_rx() until next eloop step as this is 538 * when it would be triggered when reading from a socket. 539 * This avoids 540 * hapd0:send -> hapd1:recv -> hapd1:send -> hapd0:recv, 541 * that is calling hapd0:recv handler from within 542 * hapd0:send directly. 543 */ 544 data = os_zalloc(sizeof(*data) + idata->data_len); 545 if (!data) 546 return 1; 547 548 os_memcpy(data->addr, idata->src_hapd->own_addr, ETH_ALEN); 549 os_memcpy(data + 1, idata->data, idata->data_len); 550 data->data_len = idata->data_len; 551 552 dl_list_add(&hapd->l2_queue, &data->list); 553 554 if (!eloop_is_timeout_registered(hostapd_wpa_ft_rrb_rx_later, 555 hapd, NULL)) 556 eloop_register_timeout(0, 0, 557 hostapd_wpa_ft_rrb_rx_later, 558 hapd, NULL); 559 560 return 1; 561 } 562 563 return 0; 564 } 565 566 #endif /* CONFIG_IEEE80211R_AP */ 567 568 569 static int hostapd_wpa_auth_send_ether(void *ctx, const u8 *dst, u16 proto, 570 const u8 *data, size_t data_len) 571 { 572 struct hostapd_data *hapd = ctx; 573 struct l2_ethhdr *buf; 574 int ret; 575 576 #ifdef CONFIG_TESTING_OPTIONS 577 if (hapd->ext_eapol_frame_io && proto == ETH_P_EAPOL) { 578 size_t hex_len = 2 * data_len + 1; 579 char *hex = os_malloc(hex_len); 580 581 if (hex == NULL) 582 return -1; 583 wpa_snprintf_hex(hex, hex_len, data, data_len); 584 wpa_msg(hapd->msg_ctx, MSG_INFO, "EAPOL-TX " MACSTR " %s", 585 MAC2STR(dst), hex); 586 os_free(hex); 587 return 0; 588 } 589 #endif /* CONFIG_TESTING_OPTIONS */ 590 591 #ifdef CONFIG_IEEE80211R_AP 592 if (proto == ETH_P_RRB && hapd->iface->interfaces && 593 hapd->iface->interfaces->for_each_interface) { 594 int res; 595 struct wpa_auth_ft_iface_iter_data idata; 596 idata.src_hapd = hapd; 597 idata.dst = dst; 598 idata.data = data; 599 idata.data_len = data_len; 600 res = hapd->iface->interfaces->for_each_interface( 601 hapd->iface->interfaces, hostapd_wpa_auth_ft_iter, 602 &idata); 603 if (res == 1) 604 return data_len; 605 } 606 #endif /* CONFIG_IEEE80211R_AP */ 607 608 if (hapd->driver && hapd->driver->send_ether) 609 return hapd->driver->send_ether(hapd->drv_priv, dst, 610 hapd->own_addr, proto, 611 data, data_len); 612 if (hapd->l2 == NULL) 613 return -1; 614 615 buf = os_malloc(sizeof(*buf) + data_len); 616 if (buf == NULL) 617 return -1; 618 os_memcpy(buf->h_dest, dst, ETH_ALEN); 619 os_memcpy(buf->h_source, hapd->own_addr, ETH_ALEN); 620 buf->h_proto = host_to_be16(proto); 621 os_memcpy(buf + 1, data, data_len); 622 ret = l2_packet_send(hapd->l2, dst, proto, (u8 *) buf, 623 sizeof(*buf) + data_len); 624 os_free(buf); 625 return ret; 626 } 627 628 629 #ifdef CONFIG_ETH_P_OUI 630 static struct eth_p_oui_ctx * hostapd_wpa_get_oui(struct hostapd_data *hapd, 631 u8 oui_suffix) 632 { 633 switch (oui_suffix) { 634 #ifdef CONFIG_IEEE80211R_AP 635 case FT_PACKET_R0KH_R1KH_PULL: 636 return hapd->oui_pull; 637 case FT_PACKET_R0KH_R1KH_RESP: 638 return hapd->oui_resp; 639 case FT_PACKET_R0KH_R1KH_PUSH: 640 return hapd->oui_push; 641 case FT_PACKET_R0KH_R1KH_SEQ_REQ: 642 return hapd->oui_sreq; 643 case FT_PACKET_R0KH_R1KH_SEQ_RESP: 644 return hapd->oui_sresp; 645 #endif /* CONFIG_IEEE80211R_AP */ 646 default: 647 return NULL; 648 } 649 } 650 #endif /* CONFIG_ETH_P_OUI */ 651 652 653 #ifdef CONFIG_IEEE80211R_AP 654 655 struct oui_deliver_later_data { 656 struct dl_list list; 657 u8 src_addr[ETH_ALEN]; 658 u8 dst_addr[ETH_ALEN]; 659 size_t data_len; 660 u8 oui_suffix; 661 /* followed by data_len octets of data */ 662 }; 663 664 static void hostapd_oui_deliver_later(void *eloop_ctx, void *timeout_ctx) 665 { 666 struct hostapd_data *hapd = eloop_ctx; 667 struct oui_deliver_later_data *data, *n; 668 struct eth_p_oui_ctx *oui_ctx; 669 670 dl_list_for_each_safe(data, n, &hapd->l2_oui_queue, 671 struct oui_deliver_later_data, list) { 672 oui_ctx = hostapd_wpa_get_oui(hapd, data->oui_suffix); 673 if (hapd->wpa_auth && oui_ctx) { 674 eth_p_oui_deliver(oui_ctx, data->src_addr, 675 data->dst_addr, 676 (const u8 *) (data + 1), 677 data->data_len); 678 } 679 dl_list_del(&data->list); 680 os_free(data); 681 } 682 } 683 684 685 struct wpa_auth_oui_iface_iter_data { 686 struct hostapd_data *src_hapd; 687 const u8 *dst_addr; 688 const u8 *data; 689 size_t data_len; 690 u8 oui_suffix; 691 }; 692 693 static int hostapd_wpa_auth_oui_iter(struct hostapd_iface *iface, void *ctx) 694 { 695 struct wpa_auth_oui_iface_iter_data *idata = ctx; 696 struct oui_deliver_later_data *data; 697 struct hostapd_data *hapd; 698 size_t j; 699 700 for (j = 0; j < iface->num_bss; j++) { 701 hapd = iface->bss[j]; 702 if (hapd == idata->src_hapd) 703 continue; 704 if (!is_multicast_ether_addr(idata->dst_addr) && 705 os_memcmp(hapd->own_addr, idata->dst_addr, ETH_ALEN) != 0) 706 continue; 707 708 /* defer eth_p_oui_deliver until next eloop step as this is 709 * when it would be triggerd from reading from sock 710 * This avoids 711 * hapd0:send -> hapd1:recv -> hapd1:send -> hapd0:recv, 712 * that is calling hapd0:recv handler from within 713 * hapd0:send directly. 714 */ 715 data = os_zalloc(sizeof(*data) + idata->data_len); 716 if (!data) 717 return 1; 718 719 os_memcpy(data->src_addr, idata->src_hapd->own_addr, ETH_ALEN); 720 os_memcpy(data->dst_addr, idata->dst_addr, ETH_ALEN); 721 os_memcpy(data + 1, idata->data, idata->data_len); 722 data->data_len = idata->data_len; 723 data->oui_suffix = idata->oui_suffix; 724 725 dl_list_add(&hapd->l2_oui_queue, &data->list); 726 727 if (!eloop_is_timeout_registered(hostapd_oui_deliver_later, 728 hapd, NULL)) 729 eloop_register_timeout(0, 0, 730 hostapd_oui_deliver_later, 731 hapd, NULL); 732 733 return 1; 734 } 735 736 return 0; 737 } 738 739 #endif /* CONFIG_IEEE80211R_AP */ 740 741 742 static int hostapd_wpa_auth_send_oui(void *ctx, const u8 *dst, u8 oui_suffix, 743 const u8 *data, size_t data_len) 744 { 745 #ifdef CONFIG_ETH_P_OUI 746 struct hostapd_data *hapd = ctx; 747 struct eth_p_oui_ctx *oui_ctx; 748 749 #ifdef CONFIG_IEEE80211R_AP 750 if (hapd->iface->interfaces && 751 hapd->iface->interfaces->for_each_interface) { 752 struct wpa_auth_oui_iface_iter_data idata; 753 int res; 754 755 idata.src_hapd = hapd; 756 idata.dst_addr = dst; 757 idata.data = data; 758 idata.data_len = data_len; 759 idata.oui_suffix = oui_suffix; 760 res = hapd->iface->interfaces->for_each_interface( 761 hapd->iface->interfaces, hostapd_wpa_auth_oui_iter, 762 &idata); 763 if (res == 1) 764 return data_len; 765 } 766 #endif /* CONFIG_IEEE80211R_AP */ 767 768 oui_ctx = hostapd_wpa_get_oui(hapd, oui_suffix); 769 if (!oui_ctx) 770 return -1; 771 772 return eth_p_oui_send(oui_ctx, hapd->own_addr, dst, data, data_len); 773 #else /* CONFIG_ETH_P_OUI */ 774 return -1; 775 #endif /* CONFIG_ETH_P_OUI */ 776 } 777 778 779 #ifdef CONFIG_IEEE80211R_AP 780 781 static int hostapd_wpa_auth_send_ft_action(void *ctx, const u8 *dst, 782 const u8 *data, size_t data_len) 783 { 784 struct hostapd_data *hapd = ctx; 785 int res; 786 struct ieee80211_mgmt *m; 787 size_t mlen; 788 struct sta_info *sta; 789 790 sta = ap_get_sta(hapd, dst); 791 if (sta == NULL || sta->wpa_sm == NULL) 792 return -1; 793 794 m = os_zalloc(sizeof(*m) + data_len); 795 if (m == NULL) 796 return -1; 797 mlen = ((u8 *) &m->u - (u8 *) m) + data_len; 798 m->frame_control = IEEE80211_FC(WLAN_FC_TYPE_MGMT, 799 WLAN_FC_STYPE_ACTION); 800 os_memcpy(m->da, dst, ETH_ALEN); 801 os_memcpy(m->sa, hapd->own_addr, ETH_ALEN); 802 os_memcpy(m->bssid, hapd->own_addr, ETH_ALEN); 803 os_memcpy(&m->u, data, data_len); 804 805 res = hostapd_drv_send_mlme(hapd, (u8 *) m, mlen, 0); 806 os_free(m); 807 return res; 808 } 809 810 811 static struct wpa_state_machine * 812 hostapd_wpa_auth_add_sta(void *ctx, const u8 *sta_addr) 813 { 814 struct hostapd_data *hapd = ctx; 815 struct sta_info *sta; 816 817 if (hostapd_add_sta_node(hapd, sta_addr, WLAN_AUTH_FT) < 0) 818 return NULL; 819 820 sta = ap_sta_add(hapd, sta_addr); 821 if (sta == NULL) 822 return NULL; 823 if (sta->wpa_sm) { 824 sta->auth_alg = WLAN_AUTH_FT; 825 return sta->wpa_sm; 826 } 827 828 sta->wpa_sm = wpa_auth_sta_init(hapd->wpa_auth, sta->addr, NULL); 829 if (sta->wpa_sm == NULL) { 830 ap_free_sta(hapd, sta); 831 return NULL; 832 } 833 sta->auth_alg = WLAN_AUTH_FT; 834 835 return sta->wpa_sm; 836 } 837 838 839 static int hostapd_wpa_auth_set_vlan(void *ctx, const u8 *sta_addr, 840 struct vlan_description *vlan) 841 { 842 struct hostapd_data *hapd = ctx; 843 struct sta_info *sta; 844 845 sta = ap_get_sta(hapd, sta_addr); 846 if (!sta || !sta->wpa_sm) 847 return -1; 848 849 if (vlan->notempty && 850 !hostapd_vlan_valid(hapd->conf->vlan, vlan)) { 851 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 852 HOSTAPD_LEVEL_INFO, 853 "Invalid VLAN %d%s received from FT", 854 vlan->untagged, vlan->tagged[0] ? "+" : ""); 855 return -1; 856 } 857 858 if (ap_sta_set_vlan(hapd, sta, vlan) < 0) 859 return -1; 860 /* Configure wpa_group for GTK but ignore error due to driver not 861 * knowing this STA. */ 862 ap_sta_bind_vlan(hapd, sta); 863 864 if (sta->vlan_id) 865 hostapd_logger(hapd, sta->addr, HOSTAPD_MODULE_IEEE80211, 866 HOSTAPD_LEVEL_INFO, "VLAN ID %d", sta->vlan_id); 867 868 return 0; 869 } 870 871 872 static int hostapd_wpa_auth_get_vlan(void *ctx, const u8 *sta_addr, 873 struct vlan_description *vlan) 874 { 875 struct hostapd_data *hapd = ctx; 876 struct sta_info *sta; 877 878 sta = ap_get_sta(hapd, sta_addr); 879 if (!sta) 880 return -1; 881 882 if (sta->vlan_desc) 883 *vlan = *sta->vlan_desc; 884 else 885 os_memset(vlan, 0, sizeof(*vlan)); 886 887 return 0; 888 } 889 890 891 static int 892 hostapd_wpa_auth_set_identity(void *ctx, const u8 *sta_addr, 893 const u8 *identity, size_t identity_len) 894 { 895 struct hostapd_data *hapd = ctx; 896 struct sta_info *sta; 897 898 sta = ap_get_sta(hapd, sta_addr); 899 if (!sta) 900 return -1; 901 902 os_free(sta->identity); 903 sta->identity = NULL; 904 905 if (sta->eapol_sm) { 906 os_free(sta->eapol_sm->identity); 907 sta->eapol_sm->identity = NULL; 908 sta->eapol_sm->identity_len = 0; 909 } 910 911 if (!identity_len) 912 return 0; 913 914 /* sta->identity is NULL terminated */ 915 sta->identity = os_zalloc(identity_len + 1); 916 if (!sta->identity) 917 return -1; 918 os_memcpy(sta->identity, identity, identity_len); 919 920 if (sta->eapol_sm) { 921 sta->eapol_sm->identity = os_zalloc(identity_len); 922 if (!sta->eapol_sm->identity) 923 return -1; 924 os_memcpy(sta->eapol_sm->identity, identity, identity_len); 925 sta->eapol_sm->identity_len = identity_len; 926 } 927 928 return 0; 929 } 930 931 932 static size_t 933 hostapd_wpa_auth_get_identity(void *ctx, const u8 *sta_addr, const u8 **buf) 934 { 935 struct hostapd_data *hapd = ctx; 936 struct sta_info *sta; 937 size_t len; 938 char *identity; 939 940 sta = ap_get_sta(hapd, sta_addr); 941 if (!sta) 942 return 0; 943 944 *buf = ieee802_1x_get_identity(sta->eapol_sm, &len); 945 if (*buf && len) 946 return len; 947 948 if (!sta->identity) { 949 *buf = NULL; 950 return 0; 951 } 952 953 identity = sta->identity; 954 len = os_strlen(identity); 955 *buf = (u8 *) identity; 956 957 return len; 958 } 959 960 961 static int 962 hostapd_wpa_auth_set_radius_cui(void *ctx, const u8 *sta_addr, 963 const u8 *radius_cui, size_t radius_cui_len) 964 { 965 struct hostapd_data *hapd = ctx; 966 struct sta_info *sta; 967 968 sta = ap_get_sta(hapd, sta_addr); 969 if (!sta) 970 return -1; 971 972 os_free(sta->radius_cui); 973 sta->radius_cui = NULL; 974 975 if (sta->eapol_sm) { 976 wpabuf_free(sta->eapol_sm->radius_cui); 977 sta->eapol_sm->radius_cui = NULL; 978 } 979 980 if (!radius_cui) 981 return 0; 982 983 /* sta->radius_cui is NULL terminated */ 984 sta->radius_cui = os_zalloc(radius_cui_len + 1); 985 if (!sta->radius_cui) 986 return -1; 987 os_memcpy(sta->radius_cui, radius_cui, radius_cui_len); 988 989 if (sta->eapol_sm) { 990 sta->eapol_sm->radius_cui = wpabuf_alloc_copy(radius_cui, 991 radius_cui_len); 992 if (!sta->eapol_sm->radius_cui) 993 return -1; 994 } 995 996 return 0; 997 } 998 999 1000 static size_t 1001 hostapd_wpa_auth_get_radius_cui(void *ctx, const u8 *sta_addr, const u8 **buf) 1002 { 1003 struct hostapd_data *hapd = ctx; 1004 struct sta_info *sta; 1005 struct wpabuf *b; 1006 size_t len; 1007 char *radius_cui; 1008 1009 sta = ap_get_sta(hapd, sta_addr); 1010 if (!sta) 1011 return 0; 1012 1013 b = ieee802_1x_get_radius_cui(sta->eapol_sm); 1014 if (b) { 1015 len = wpabuf_len(b); 1016 *buf = wpabuf_head(b); 1017 return len; 1018 } 1019 1020 if (!sta->radius_cui) { 1021 *buf = NULL; 1022 return 0; 1023 } 1024 1025 radius_cui = sta->radius_cui; 1026 len = os_strlen(radius_cui); 1027 *buf = (u8 *) radius_cui; 1028 1029 return len; 1030 } 1031 1032 1033 static void hostapd_wpa_auth_set_session_timeout(void *ctx, const u8 *sta_addr, 1034 int session_timeout) 1035 { 1036 struct hostapd_data *hapd = ctx; 1037 struct sta_info *sta; 1038 1039 sta = ap_get_sta(hapd, sta_addr); 1040 if (!sta) 1041 return; 1042 1043 if (session_timeout) { 1044 os_get_reltime(&sta->session_timeout); 1045 sta->session_timeout.sec += session_timeout; 1046 sta->session_timeout_set = 1; 1047 ap_sta_session_timeout(hapd, sta, session_timeout); 1048 } else { 1049 sta->session_timeout_set = 0; 1050 ap_sta_no_session_timeout(hapd, sta); 1051 } 1052 } 1053 1054 1055 static int hostapd_wpa_auth_get_session_timeout(void *ctx, const u8 *sta_addr) 1056 { 1057 struct hostapd_data *hapd = ctx; 1058 struct sta_info *sta; 1059 struct os_reltime now, remaining; 1060 1061 sta = ap_get_sta(hapd, sta_addr); 1062 if (!sta || !sta->session_timeout_set) 1063 return 0; 1064 1065 os_get_reltime(&now); 1066 if (os_reltime_before(&sta->session_timeout, &now)) { 1067 /* already expired, return >0 as timeout was set */ 1068 return 1; 1069 } 1070 1071 os_reltime_sub(&sta->session_timeout, &now, &remaining); 1072 1073 return (remaining.sec > 0) ? remaining.sec : 1; 1074 } 1075 1076 1077 static void hostapd_rrb_receive(void *ctx, const u8 *src_addr, const u8 *buf, 1078 size_t len) 1079 { 1080 struct hostapd_data *hapd = ctx; 1081 struct l2_ethhdr *ethhdr; 1082 if (len < sizeof(*ethhdr)) 1083 return; 1084 ethhdr = (struct l2_ethhdr *) buf; 1085 wpa_printf(MSG_DEBUG, "FT: RRB received packet " MACSTR " -> " 1086 MACSTR, MAC2STR(ethhdr->h_source), MAC2STR(ethhdr->h_dest)); 1087 if (!is_multicast_ether_addr(ethhdr->h_dest) && 1088 os_memcmp(hapd->own_addr, ethhdr->h_dest, ETH_ALEN) != 0) 1089 return; 1090 wpa_ft_rrb_rx(hapd->wpa_auth, ethhdr->h_source, buf + sizeof(*ethhdr), 1091 len - sizeof(*ethhdr)); 1092 } 1093 1094 1095 static void hostapd_rrb_oui_receive(void *ctx, const u8 *src_addr, 1096 const u8 *dst_addr, u8 oui_suffix, 1097 const u8 *buf, size_t len) 1098 { 1099 struct hostapd_data *hapd = ctx; 1100 1101 wpa_printf(MSG_DEBUG, "FT: RRB received packet " MACSTR " -> " 1102 MACSTR, MAC2STR(src_addr), MAC2STR(dst_addr)); 1103 if (!is_multicast_ether_addr(dst_addr) && 1104 os_memcmp(hapd->own_addr, dst_addr, ETH_ALEN) != 0) 1105 return; 1106 wpa_ft_rrb_oui_rx(hapd->wpa_auth, src_addr, dst_addr, oui_suffix, buf, 1107 len); 1108 } 1109 1110 1111 static int hostapd_wpa_auth_add_tspec(void *ctx, const u8 *sta_addr, 1112 u8 *tspec_ie, size_t tspec_ielen) 1113 { 1114 struct hostapd_data *hapd = ctx; 1115 return hostapd_add_tspec(hapd, sta_addr, tspec_ie, tspec_ielen); 1116 } 1117 1118 1119 1120 static int hostapd_wpa_register_ft_oui(struct hostapd_data *hapd, 1121 const char *ft_iface) 1122 { 1123 hapd->oui_pull = eth_p_oui_register(hapd, ft_iface, 1124 FT_PACKET_R0KH_R1KH_PULL, 1125 hostapd_rrb_oui_receive, hapd); 1126 if (!hapd->oui_pull) 1127 return -1; 1128 1129 hapd->oui_resp = eth_p_oui_register(hapd, ft_iface, 1130 FT_PACKET_R0KH_R1KH_RESP, 1131 hostapd_rrb_oui_receive, hapd); 1132 if (!hapd->oui_resp) 1133 return -1; 1134 1135 hapd->oui_push = eth_p_oui_register(hapd, ft_iface, 1136 FT_PACKET_R0KH_R1KH_PUSH, 1137 hostapd_rrb_oui_receive, hapd); 1138 if (!hapd->oui_push) 1139 return -1; 1140 1141 hapd->oui_sreq = eth_p_oui_register(hapd, ft_iface, 1142 FT_PACKET_R0KH_R1KH_SEQ_REQ, 1143 hostapd_rrb_oui_receive, hapd); 1144 if (!hapd->oui_sreq) 1145 return -1; 1146 1147 hapd->oui_sresp = eth_p_oui_register(hapd, ft_iface, 1148 FT_PACKET_R0KH_R1KH_SEQ_RESP, 1149 hostapd_rrb_oui_receive, hapd); 1150 if (!hapd->oui_sresp) 1151 return -1; 1152 1153 return 0; 1154 } 1155 1156 1157 static void hostapd_wpa_unregister_ft_oui(struct hostapd_data *hapd) 1158 { 1159 eth_p_oui_unregister(hapd->oui_pull); 1160 hapd->oui_pull = NULL; 1161 eth_p_oui_unregister(hapd->oui_resp); 1162 hapd->oui_resp = NULL; 1163 eth_p_oui_unregister(hapd->oui_push); 1164 hapd->oui_push = NULL; 1165 eth_p_oui_unregister(hapd->oui_sreq); 1166 hapd->oui_sreq = NULL; 1167 eth_p_oui_unregister(hapd->oui_sresp); 1168 hapd->oui_sresp = NULL; 1169 } 1170 #endif /* CONFIG_IEEE80211R_AP */ 1171 1172 1173 int hostapd_setup_wpa(struct hostapd_data *hapd) 1174 { 1175 struct wpa_auth_config _conf; 1176 static const struct wpa_auth_callbacks cb = { 1177 .logger = hostapd_wpa_auth_logger, 1178 .disconnect = hostapd_wpa_auth_disconnect, 1179 .mic_failure_report = hostapd_wpa_auth_mic_failure_report, 1180 .psk_failure_report = hostapd_wpa_auth_psk_failure_report, 1181 .set_eapol = hostapd_wpa_auth_set_eapol, 1182 .get_eapol = hostapd_wpa_auth_get_eapol, 1183 .get_psk = hostapd_wpa_auth_get_psk, 1184 .get_msk = hostapd_wpa_auth_get_msk, 1185 .set_key = hostapd_wpa_auth_set_key, 1186 .get_seqnum = hostapd_wpa_auth_get_seqnum, 1187 .send_eapol = hostapd_wpa_auth_send_eapol, 1188 .for_each_sta = hostapd_wpa_auth_for_each_sta, 1189 .for_each_auth = hostapd_wpa_auth_for_each_auth, 1190 .send_ether = hostapd_wpa_auth_send_ether, 1191 .send_oui = hostapd_wpa_auth_send_oui, 1192 #ifdef CONFIG_IEEE80211R_AP 1193 .send_ft_action = hostapd_wpa_auth_send_ft_action, 1194 .add_sta = hostapd_wpa_auth_add_sta, 1195 .add_tspec = hostapd_wpa_auth_add_tspec, 1196 .set_vlan = hostapd_wpa_auth_set_vlan, 1197 .get_vlan = hostapd_wpa_auth_get_vlan, 1198 .set_identity = hostapd_wpa_auth_set_identity, 1199 .get_identity = hostapd_wpa_auth_get_identity, 1200 .set_radius_cui = hostapd_wpa_auth_set_radius_cui, 1201 .get_radius_cui = hostapd_wpa_auth_get_radius_cui, 1202 .set_session_timeout = hostapd_wpa_auth_set_session_timeout, 1203 .get_session_timeout = hostapd_wpa_auth_get_session_timeout, 1204 #endif /* CONFIG_IEEE80211R_AP */ 1205 }; 1206 const u8 *wpa_ie; 1207 size_t wpa_ie_len; 1208 1209 hostapd_wpa_auth_conf(hapd->conf, hapd->iconf, &_conf); 1210 if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_EAPOL_TX_STATUS) 1211 _conf.tx_status = 1; 1212 if (hapd->iface->drv_flags & WPA_DRIVER_FLAGS_AP_MLME) 1213 _conf.ap_mlme = 1; 1214 hapd->wpa_auth = wpa_init(hapd->own_addr, &_conf, &cb, hapd); 1215 if (hapd->wpa_auth == NULL) { 1216 wpa_printf(MSG_ERROR, "WPA initialization failed."); 1217 return -1; 1218 } 1219 1220 if (hostapd_set_privacy(hapd, 1)) { 1221 wpa_printf(MSG_ERROR, "Could not set PrivacyInvoked " 1222 "for interface %s", hapd->conf->iface); 1223 return -1; 1224 } 1225 1226 wpa_ie = wpa_auth_get_wpa_ie(hapd->wpa_auth, &wpa_ie_len); 1227 if (hostapd_set_generic_elem(hapd, wpa_ie, wpa_ie_len)) { 1228 wpa_printf(MSG_ERROR, "Failed to configure WPA IE for " 1229 "the kernel driver."); 1230 return -1; 1231 } 1232 1233 if (rsn_preauth_iface_init(hapd)) { 1234 wpa_printf(MSG_ERROR, "Initialization of RSN " 1235 "pre-authentication failed."); 1236 return -1; 1237 } 1238 1239 #ifdef CONFIG_IEEE80211R_AP 1240 if (!hostapd_drv_none(hapd) && 1241 wpa_key_mgmt_ft(hapd->conf->wpa_key_mgmt)) { 1242 const char *ft_iface; 1243 1244 ft_iface = hapd->conf->bridge[0] ? hapd->conf->bridge : 1245 hapd->conf->iface; 1246 hapd->l2 = l2_packet_init(ft_iface, NULL, ETH_P_RRB, 1247 hostapd_rrb_receive, hapd, 1); 1248 if (hapd->l2 == NULL && 1249 (hapd->driver == NULL || 1250 hapd->driver->send_ether == NULL)) { 1251 wpa_printf(MSG_ERROR, "Failed to open l2_packet " 1252 "interface"); 1253 return -1; 1254 } 1255 1256 if (hostapd_wpa_register_ft_oui(hapd, ft_iface)) { 1257 wpa_printf(MSG_ERROR, 1258 "Failed to open ETH_P_OUI interface"); 1259 return -1; 1260 } 1261 } 1262 #endif /* CONFIG_IEEE80211R_AP */ 1263 1264 return 0; 1265 1266 } 1267 1268 1269 void hostapd_reconfig_wpa(struct hostapd_data *hapd) 1270 { 1271 struct wpa_auth_config wpa_auth_conf; 1272 hostapd_wpa_auth_conf(hapd->conf, hapd->iconf, &wpa_auth_conf); 1273 wpa_reconfig(hapd->wpa_auth, &wpa_auth_conf); 1274 } 1275 1276 1277 void hostapd_deinit_wpa(struct hostapd_data *hapd) 1278 { 1279 ieee80211_tkip_countermeasures_deinit(hapd); 1280 rsn_preauth_iface_deinit(hapd); 1281 if (hapd->wpa_auth) { 1282 wpa_deinit(hapd->wpa_auth); 1283 hapd->wpa_auth = NULL; 1284 1285 if (hapd->drv_priv && hostapd_set_privacy(hapd, 0)) { 1286 wpa_printf(MSG_DEBUG, "Could not disable " 1287 "PrivacyInvoked for interface %s", 1288 hapd->conf->iface); 1289 } 1290 1291 if (hapd->drv_priv && 1292 hostapd_set_generic_elem(hapd, (u8 *) "", 0)) { 1293 wpa_printf(MSG_DEBUG, "Could not remove generic " 1294 "information element from interface %s", 1295 hapd->conf->iface); 1296 } 1297 } 1298 ieee802_1x_deinit(hapd); 1299 1300 #ifdef CONFIG_IEEE80211R_AP 1301 eloop_cancel_timeout(hostapd_wpa_ft_rrb_rx_later, hapd, ELOOP_ALL_CTX); 1302 hostapd_wpa_ft_rrb_rx_later(hapd, NULL); /* flush without delivering */ 1303 eloop_cancel_timeout(hostapd_oui_deliver_later, hapd, ELOOP_ALL_CTX); 1304 hostapd_oui_deliver_later(hapd, NULL); /* flush without delivering */ 1305 l2_packet_deinit(hapd->l2); 1306 hapd->l2 = NULL; 1307 hostapd_wpa_unregister_ft_oui(hapd); 1308 #endif /* CONFIG_IEEE80211R_AP */ 1309 } 1310