1 /* 2 * WPA Supplicant - Driver event processing 3 * Copyright (c) 2003-2008, Jouni Malinen <j@w1.fi> 4 * 5 * This program is free software; you can redistribute it and/or modify 6 * it under the terms of the GNU General Public License version 2 as 7 * published by the Free Software Foundation. 8 * 9 * Alternatively, this software may be distributed under the terms of BSD 10 * license. 11 * 12 * See README and COPYING for more details. 13 */ 14 15 #include "includes.h" 16 17 #include "common.h" 18 #include "eapol_supp/eapol_supp_sm.h" 19 #include "wpa.h" 20 #include "eloop.h" 21 #include "drivers/driver.h" 22 #include "config.h" 23 #include "l2_packet/l2_packet.h" 24 #include "wpa_supplicant_i.h" 25 #include "pcsc_funcs.h" 26 #include "preauth.h" 27 #include "pmksa_cache.h" 28 #include "wpa_ctrl.h" 29 #include "eap_peer/eap.h" 30 #include "ctrl_iface_dbus.h" 31 #include "ieee802_11_defs.h" 32 #include "blacklist.h" 33 #include "wpas_glue.h" 34 #include "wps_supplicant.h" 35 36 37 static int wpa_supplicant_select_config(struct wpa_supplicant *wpa_s) 38 { 39 struct wpa_ssid *ssid; 40 41 if (wpa_s->conf->ap_scan == 1 && wpa_s->current_ssid) 42 return 0; 43 44 wpa_printf(MSG_DEBUG, "Select network based on association " 45 "information"); 46 ssid = wpa_supplicant_get_ssid(wpa_s); 47 if (ssid == NULL) { 48 wpa_printf(MSG_INFO, "No network configuration found for the " 49 "current AP"); 50 return -1; 51 } 52 53 if (ssid->disabled) { 54 wpa_printf(MSG_DEBUG, "Selected network is disabled"); 55 return -1; 56 } 57 58 wpa_printf(MSG_DEBUG, "Network configuration found for the current " 59 "AP"); 60 if (ssid->key_mgmt & (WPA_KEY_MGMT_PSK | WPA_KEY_MGMT_IEEE8021X | 61 WPA_KEY_MGMT_WPA_NONE | 62 WPA_KEY_MGMT_FT_PSK | WPA_KEY_MGMT_FT_IEEE8021X | 63 WPA_KEY_MGMT_PSK_SHA256 | 64 WPA_KEY_MGMT_IEEE8021X_SHA256)) { 65 u8 wpa_ie[80]; 66 size_t wpa_ie_len = sizeof(wpa_ie); 67 wpa_supplicant_set_suites(wpa_s, NULL, ssid, 68 wpa_ie, &wpa_ie_len); 69 } else { 70 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid); 71 } 72 73 if (wpa_s->current_ssid && wpa_s->current_ssid != ssid) 74 eapol_sm_invalidate_cached_session(wpa_s->eapol); 75 wpa_s->current_ssid = ssid; 76 wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid); 77 wpa_supplicant_initiate_eapol(wpa_s); 78 79 return 0; 80 } 81 82 83 static void wpa_supplicant_stop_countermeasures(void *eloop_ctx, 84 void *sock_ctx) 85 { 86 struct wpa_supplicant *wpa_s = eloop_ctx; 87 88 if (wpa_s->countermeasures) { 89 wpa_s->countermeasures = 0; 90 wpa_drv_set_countermeasures(wpa_s, 0); 91 wpa_msg(wpa_s, MSG_INFO, "WPA: TKIP countermeasures stopped"); 92 wpa_supplicant_req_scan(wpa_s, 0, 0); 93 } 94 } 95 96 97 void wpa_supplicant_mark_disassoc(struct wpa_supplicant *wpa_s) 98 { 99 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED); 100 os_memset(wpa_s->bssid, 0, ETH_ALEN); 101 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN); 102 eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE); 103 eapol_sm_notify_portValid(wpa_s->eapol, FALSE); 104 if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) 105 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE); 106 wpa_s->ap_ies_from_associnfo = 0; 107 } 108 109 110 static void wpa_find_assoc_pmkid(struct wpa_supplicant *wpa_s) 111 { 112 struct wpa_ie_data ie; 113 int pmksa_set = -1; 114 size_t i; 115 116 if (wpa_sm_parse_own_wpa_ie(wpa_s->wpa, &ie) < 0 || 117 ie.pmkid == NULL) 118 return; 119 120 for (i = 0; i < ie.num_pmkid; i++) { 121 pmksa_set = pmksa_cache_set_current(wpa_s->wpa, 122 ie.pmkid + i * PMKID_LEN, 123 NULL, NULL, 0); 124 if (pmksa_set == 0) { 125 eapol_sm_notify_pmkid_attempt(wpa_s->eapol, 1); 126 break; 127 } 128 } 129 130 wpa_printf(MSG_DEBUG, "RSN: PMKID from assoc IE %sfound from PMKSA " 131 "cache", pmksa_set == 0 ? "" : "not "); 132 } 133 134 135 static void wpa_supplicant_event_pmkid_candidate(struct wpa_supplicant *wpa_s, 136 union wpa_event_data *data) 137 { 138 if (data == NULL) { 139 wpa_printf(MSG_DEBUG, "RSN: No data in PMKID candidate event"); 140 return; 141 } 142 wpa_printf(MSG_DEBUG, "RSN: PMKID candidate event - bssid=" MACSTR 143 " index=%d preauth=%d", 144 MAC2STR(data->pmkid_candidate.bssid), 145 data->pmkid_candidate.index, 146 data->pmkid_candidate.preauth); 147 148 pmksa_candidate_add(wpa_s->wpa, data->pmkid_candidate.bssid, 149 data->pmkid_candidate.index, 150 data->pmkid_candidate.preauth); 151 } 152 153 154 static int wpa_supplicant_dynamic_keys(struct wpa_supplicant *wpa_s) 155 { 156 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE || 157 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) 158 return 0; 159 160 #ifdef IEEE8021X_EAPOL 161 if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA && 162 wpa_s->current_ssid && 163 !(wpa_s->current_ssid->eapol_flags & 164 (EAPOL_FLAG_REQUIRE_KEY_UNICAST | 165 EAPOL_FLAG_REQUIRE_KEY_BROADCAST))) { 166 /* IEEE 802.1X, but not using dynamic WEP keys (i.e., either 167 * plaintext or static WEP keys). */ 168 return 0; 169 } 170 #endif /* IEEE8021X_EAPOL */ 171 172 return 1; 173 } 174 175 176 /** 177 * wpa_supplicant_scard_init - Initialize SIM/USIM access with PC/SC 178 * @wpa_s: pointer to wpa_supplicant data 179 * @ssid: Configuration data for the network 180 * Returns: 0 on success, -1 on failure 181 * 182 * This function is called when starting authentication with a network that is 183 * configured to use PC/SC for SIM/USIM access (EAP-SIM or EAP-AKA). 184 */ 185 int wpa_supplicant_scard_init(struct wpa_supplicant *wpa_s, 186 struct wpa_ssid *ssid) 187 { 188 #ifdef IEEE8021X_EAPOL 189 int aka = 0, sim = 0, type; 190 191 if (ssid->eap.pcsc == NULL || wpa_s->scard != NULL) 192 return 0; 193 194 if (ssid->eap.eap_methods == NULL) { 195 sim = 1; 196 aka = 1; 197 } else { 198 struct eap_method_type *eap = ssid->eap.eap_methods; 199 while (eap->vendor != EAP_VENDOR_IETF || 200 eap->method != EAP_TYPE_NONE) { 201 if (eap->vendor == EAP_VENDOR_IETF) { 202 if (eap->method == EAP_TYPE_SIM) 203 sim = 1; 204 else if (eap->method == EAP_TYPE_AKA) 205 aka = 1; 206 } 207 eap++; 208 } 209 } 210 211 if (eap_peer_get_eap_method(EAP_VENDOR_IETF, EAP_TYPE_SIM) == NULL) 212 sim = 0; 213 if (eap_peer_get_eap_method(EAP_VENDOR_IETF, EAP_TYPE_AKA) == NULL) 214 aka = 0; 215 216 if (!sim && !aka) { 217 wpa_printf(MSG_DEBUG, "Selected network is configured to use " 218 "SIM, but neither EAP-SIM nor EAP-AKA are enabled"); 219 return 0; 220 } 221 222 wpa_printf(MSG_DEBUG, "Selected network is configured to use SIM " 223 "(sim=%d aka=%d) - initialize PCSC", sim, aka); 224 if (sim && aka) 225 type = SCARD_TRY_BOTH; 226 else if (aka) 227 type = SCARD_USIM_ONLY; 228 else 229 type = SCARD_GSM_SIM_ONLY; 230 231 wpa_s->scard = scard_init(type); 232 if (wpa_s->scard == NULL) { 233 wpa_printf(MSG_WARNING, "Failed to initialize SIM " 234 "(pcsc-lite)"); 235 return -1; 236 } 237 wpa_sm_set_scard_ctx(wpa_s->wpa, wpa_s->scard); 238 eapol_sm_register_scard_ctx(wpa_s->eapol, wpa_s->scard); 239 #endif /* IEEE8021X_EAPOL */ 240 241 return 0; 242 } 243 244 245 #ifndef CONFIG_NO_SCAN_PROCESSING 246 static int wpa_supplicant_match_privacy(struct wpa_scan_res *bss, 247 struct wpa_ssid *ssid) 248 { 249 int i, privacy = 0; 250 251 if (ssid->mixed_cell) 252 return 1; 253 254 for (i = 0; i < NUM_WEP_KEYS; i++) { 255 if (ssid->wep_key_len[i]) { 256 privacy = 1; 257 break; 258 } 259 } 260 #ifdef IEEE8021X_EAPOL 261 if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) && 262 ssid->eapol_flags & (EAPOL_FLAG_REQUIRE_KEY_UNICAST | 263 EAPOL_FLAG_REQUIRE_KEY_BROADCAST)) 264 privacy = 1; 265 #endif /* IEEE8021X_EAPOL */ 266 267 if (bss->caps & IEEE80211_CAP_PRIVACY) 268 return privacy; 269 return !privacy; 270 } 271 272 273 static int wpa_supplicant_ssid_bss_match(struct wpa_supplicant *wpa_s, 274 struct wpa_ssid *ssid, 275 struct wpa_scan_res *bss) 276 { 277 struct wpa_ie_data ie; 278 int proto_match = 0; 279 const u8 *rsn_ie, *wpa_ie; 280 int ret; 281 282 ret = wpas_wps_ssid_bss_match(wpa_s, ssid, bss); 283 if (ret >= 0) 284 return ret; 285 286 rsn_ie = wpa_scan_get_ie(bss, WLAN_EID_RSN); 287 while ((ssid->proto & WPA_PROTO_RSN) && rsn_ie) { 288 proto_match++; 289 290 if (wpa_parse_wpa_ie(rsn_ie, 2 + rsn_ie[1], &ie)) { 291 wpa_printf(MSG_DEBUG, " skip RSN IE - parse failed"); 292 break; 293 } 294 if (!(ie.proto & ssid->proto)) { 295 wpa_printf(MSG_DEBUG, " skip RSN IE - proto " 296 "mismatch"); 297 break; 298 } 299 300 if (!(ie.pairwise_cipher & ssid->pairwise_cipher)) { 301 wpa_printf(MSG_DEBUG, " skip RSN IE - PTK cipher " 302 "mismatch"); 303 break; 304 } 305 306 if (!(ie.group_cipher & ssid->group_cipher)) { 307 wpa_printf(MSG_DEBUG, " skip RSN IE - GTK cipher " 308 "mismatch"); 309 break; 310 } 311 312 if (!(ie.key_mgmt & ssid->key_mgmt)) { 313 wpa_printf(MSG_DEBUG, " skip RSN IE - key mgmt " 314 "mismatch"); 315 break; 316 } 317 318 #ifdef CONFIG_IEEE80211W 319 if (!(ie.capabilities & WPA_CAPABILITY_MFPC) && 320 ssid->ieee80211w == IEEE80211W_REQUIRED) { 321 wpa_printf(MSG_DEBUG, " skip RSN IE - no mgmt frame " 322 "protection"); 323 break; 324 } 325 #endif /* CONFIG_IEEE80211W */ 326 327 wpa_printf(MSG_DEBUG, " selected based on RSN IE"); 328 return 1; 329 } 330 331 wpa_ie = wpa_scan_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE); 332 while ((ssid->proto & WPA_PROTO_WPA) && wpa_ie) { 333 proto_match++; 334 335 if (wpa_parse_wpa_ie(wpa_ie, 2 + wpa_ie[1], &ie)) { 336 wpa_printf(MSG_DEBUG, " skip WPA IE - parse failed"); 337 break; 338 } 339 if (!(ie.proto & ssid->proto)) { 340 wpa_printf(MSG_DEBUG, " skip WPA IE - proto " 341 "mismatch"); 342 break; 343 } 344 345 if (!(ie.pairwise_cipher & ssid->pairwise_cipher)) { 346 wpa_printf(MSG_DEBUG, " skip WPA IE - PTK cipher " 347 "mismatch"); 348 break; 349 } 350 351 if (!(ie.group_cipher & ssid->group_cipher)) { 352 wpa_printf(MSG_DEBUG, " skip WPA IE - GTK cipher " 353 "mismatch"); 354 break; 355 } 356 357 if (!(ie.key_mgmt & ssid->key_mgmt)) { 358 wpa_printf(MSG_DEBUG, " skip WPA IE - key mgmt " 359 "mismatch"); 360 break; 361 } 362 363 wpa_printf(MSG_DEBUG, " selected based on WPA IE"); 364 return 1; 365 } 366 367 if (proto_match == 0) 368 wpa_printf(MSG_DEBUG, " skip - no WPA/RSN proto match"); 369 370 return 0; 371 } 372 373 374 static struct wpa_scan_res * 375 wpa_supplicant_select_bss_wpa(struct wpa_supplicant *wpa_s, 376 struct wpa_ssid *group, 377 struct wpa_ssid **selected_ssid) 378 { 379 struct wpa_ssid *ssid; 380 struct wpa_scan_res *bss; 381 size_t i; 382 struct wpa_blacklist *e; 383 const u8 *ie; 384 385 wpa_printf(MSG_DEBUG, "Try to find WPA-enabled AP"); 386 for (i = 0; i < wpa_s->scan_res->num; i++) { 387 const u8 *ssid_; 388 u8 wpa_ie_len, rsn_ie_len, ssid_len; 389 bss = wpa_s->scan_res->res[i]; 390 391 ie = wpa_scan_get_ie(bss, WLAN_EID_SSID); 392 ssid_ = ie ? ie + 2 : (u8 *) ""; 393 ssid_len = ie ? ie[1] : 0; 394 395 ie = wpa_scan_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE); 396 wpa_ie_len = ie ? ie[1] : 0; 397 398 ie = wpa_scan_get_ie(bss, WLAN_EID_RSN); 399 rsn_ie_len = ie ? ie[1] : 0; 400 401 wpa_printf(MSG_DEBUG, "%d: " MACSTR " ssid='%s' " 402 "wpa_ie_len=%u rsn_ie_len=%u caps=0x%x", 403 (int) i, MAC2STR(bss->bssid), 404 wpa_ssid_txt(ssid_, ssid_len), 405 wpa_ie_len, rsn_ie_len, bss->caps); 406 407 e = wpa_blacklist_get(wpa_s, bss->bssid); 408 if (e && e->count > 1) { 409 wpa_printf(MSG_DEBUG, " skip - blacklisted"); 410 continue; 411 } 412 413 if (wpa_ie_len == 0 && rsn_ie_len == 0) { 414 wpa_printf(MSG_DEBUG, " skip - no WPA/RSN IE"); 415 continue; 416 } 417 418 for (ssid = group; ssid; ssid = ssid->pnext) { 419 int check_ssid = 1; 420 421 if (ssid->disabled) { 422 wpa_printf(MSG_DEBUG, " skip - disabled"); 423 continue; 424 } 425 426 #ifdef CONFIG_WPS 427 if (ssid->ssid_len == 0 && 428 wpas_wps_ssid_wildcard_ok(wpa_s, ssid, bss)) 429 check_ssid = 0; 430 #endif /* CONFIG_WPS */ 431 432 if (check_ssid && 433 (ssid_len != ssid->ssid_len || 434 os_memcmp(ssid_, ssid->ssid, ssid_len) != 0)) { 435 wpa_printf(MSG_DEBUG, " skip - " 436 "SSID mismatch"); 437 continue; 438 } 439 440 if (ssid->bssid_set && 441 os_memcmp(bss->bssid, ssid->bssid, ETH_ALEN) != 0) 442 { 443 wpa_printf(MSG_DEBUG, " skip - " 444 "BSSID mismatch"); 445 continue; 446 } 447 448 if (!wpa_supplicant_ssid_bss_match(wpa_s, ssid, bss)) 449 continue; 450 451 wpa_printf(MSG_DEBUG, " selected WPA AP " 452 MACSTR " ssid='%s'", 453 MAC2STR(bss->bssid), 454 wpa_ssid_txt(ssid_, ssid_len)); 455 *selected_ssid = ssid; 456 return bss; 457 } 458 } 459 460 return NULL; 461 } 462 463 464 static struct wpa_scan_res * 465 wpa_supplicant_select_bss_non_wpa(struct wpa_supplicant *wpa_s, 466 struct wpa_ssid *group, 467 struct wpa_ssid **selected_ssid) 468 { 469 struct wpa_ssid *ssid; 470 struct wpa_scan_res *bss; 471 size_t i; 472 struct wpa_blacklist *e; 473 const u8 *ie; 474 475 wpa_printf(MSG_DEBUG, "Try to find non-WPA AP"); 476 for (i = 0; i < wpa_s->scan_res->num; i++) { 477 const u8 *ssid_; 478 u8 wpa_ie_len, rsn_ie_len, ssid_len; 479 bss = wpa_s->scan_res->res[i]; 480 481 ie = wpa_scan_get_ie(bss, WLAN_EID_SSID); 482 ssid_ = ie ? ie + 2 : (u8 *) ""; 483 ssid_len = ie ? ie[1] : 0; 484 485 ie = wpa_scan_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE); 486 wpa_ie_len = ie ? ie[1] : 0; 487 488 ie = wpa_scan_get_ie(bss, WLAN_EID_RSN); 489 rsn_ie_len = ie ? ie[1] : 0; 490 491 wpa_printf(MSG_DEBUG, "%d: " MACSTR " ssid='%s' " 492 "wpa_ie_len=%u rsn_ie_len=%u caps=0x%x", 493 (int) i, MAC2STR(bss->bssid), 494 wpa_ssid_txt(ssid_, ssid_len), 495 wpa_ie_len, rsn_ie_len, bss->caps); 496 497 e = wpa_blacklist_get(wpa_s, bss->bssid); 498 if (e && e->count > 1) { 499 wpa_printf(MSG_DEBUG, " skip - blacklisted"); 500 continue; 501 } 502 503 for (ssid = group; ssid; ssid = ssid->pnext) { 504 int check_ssid = ssid->ssid_len != 0; 505 506 if (ssid->disabled) { 507 wpa_printf(MSG_DEBUG, " skip - disabled"); 508 continue; 509 } 510 511 #ifdef CONFIG_WPS 512 if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) { 513 /* Only allow wildcard SSID match if an AP 514 * advertises active WPS operation that matches 515 * with our mode. */ 516 check_ssid = 1; 517 if (ssid->ssid_len == 0 && 518 wpas_wps_ssid_wildcard_ok(wpa_s, ssid, 519 bss)) 520 check_ssid = 0; 521 } 522 #endif /* CONFIG_WPS */ 523 524 if (check_ssid && 525 (ssid_len != ssid->ssid_len || 526 os_memcmp(ssid_, ssid->ssid, ssid_len) != 0)) { 527 wpa_printf(MSG_DEBUG, " skip - " 528 "SSID mismatch"); 529 continue; 530 } 531 532 if (ssid->bssid_set && 533 os_memcmp(bss->bssid, ssid->bssid, ETH_ALEN) != 0) 534 { 535 wpa_printf(MSG_DEBUG, " skip - " 536 "BSSID mismatch"); 537 continue; 538 } 539 540 if (!(ssid->key_mgmt & WPA_KEY_MGMT_NONE) && 541 !(ssid->key_mgmt & WPA_KEY_MGMT_WPS) && 542 !(ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA)) 543 { 544 wpa_printf(MSG_DEBUG, " skip - " 545 "non-WPA network not allowed"); 546 continue; 547 } 548 549 if ((ssid->key_mgmt & 550 (WPA_KEY_MGMT_IEEE8021X | WPA_KEY_MGMT_PSK | 551 WPA_KEY_MGMT_FT_IEEE8021X | WPA_KEY_MGMT_FT_PSK | 552 WPA_KEY_MGMT_IEEE8021X_SHA256 | 553 WPA_KEY_MGMT_PSK_SHA256)) && 554 (wpa_ie_len != 0 || rsn_ie_len != 0)) { 555 wpa_printf(MSG_DEBUG, " skip - " 556 "WPA network"); 557 continue; 558 } 559 560 if (!wpa_supplicant_match_privacy(bss, ssid)) { 561 wpa_printf(MSG_DEBUG, " skip - " 562 "privacy mismatch"); 563 continue; 564 } 565 566 if (bss->caps & IEEE80211_CAP_IBSS) { 567 wpa_printf(MSG_DEBUG, " skip - " 568 "IBSS (adhoc) network"); 569 continue; 570 } 571 572 wpa_printf(MSG_DEBUG, " selected non-WPA AP " 573 MACSTR " ssid='%s'", 574 MAC2STR(bss->bssid), 575 wpa_ssid_txt(ssid_, ssid_len)); 576 *selected_ssid = ssid; 577 return bss; 578 } 579 } 580 581 return NULL; 582 } 583 584 585 static struct wpa_scan_res * 586 wpa_supplicant_select_bss(struct wpa_supplicant *wpa_s, struct wpa_ssid *group, 587 struct wpa_ssid **selected_ssid) 588 { 589 struct wpa_scan_res *selected; 590 591 wpa_printf(MSG_DEBUG, "Selecting BSS from priority group %d", 592 group->priority); 593 594 /* First, try to find WPA-enabled AP */ 595 selected = wpa_supplicant_select_bss_wpa(wpa_s, group, selected_ssid); 596 if (selected) 597 return selected; 598 599 /* If no WPA-enabled AP found, try to find non-WPA AP, if configuration 600 * allows this. */ 601 return wpa_supplicant_select_bss_non_wpa(wpa_s, group, selected_ssid); 602 } 603 604 605 static void wpa_supplicant_event_scan_results(struct wpa_supplicant *wpa_s) 606 { 607 int prio, timeout; 608 struct wpa_scan_res *selected = NULL; 609 struct wpa_ssid *ssid = NULL; 610 611 if (wpa_supplicant_get_scan_results(wpa_s) < 0) { 612 if (wpa_s->conf->ap_scan == 2) 613 return; 614 wpa_printf(MSG_DEBUG, "Failed to get scan results - try " 615 "scanning again"); 616 timeout = 1; 617 goto req_scan; 618 } 619 620 /* 621 * Don't post the results if this was the initial cached 622 * and there were no results. 623 */ 624 if (wpa_s->scan_res_tried == 1 && wpa_s->conf->ap_scan == 1 && 625 wpa_s->scan_res->num == 0) { 626 wpa_msg(wpa_s, MSG_DEBUG, "Cached scan results are " 627 "empty - not posting"); 628 } else { 629 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_SCAN_RESULTS); 630 wpa_supplicant_dbus_notify_scan_results(wpa_s); 631 wpas_wps_notify_scan_results(wpa_s); 632 } 633 634 if ((wpa_s->conf->ap_scan == 2 && !wpas_wps_searching(wpa_s)) || 635 wpa_s->disconnected) 636 return; 637 638 while (selected == NULL) { 639 for (prio = 0; prio < wpa_s->conf->num_prio; prio++) { 640 selected = wpa_supplicant_select_bss( 641 wpa_s, wpa_s->conf->pssid[prio], &ssid); 642 if (selected) 643 break; 644 } 645 646 if (selected == NULL && wpa_s->blacklist) { 647 wpa_printf(MSG_DEBUG, "No APs found - clear blacklist " 648 "and try again"); 649 wpa_blacklist_clear(wpa_s); 650 wpa_s->blacklist_cleared++; 651 } else if (selected == NULL) { 652 break; 653 } 654 } 655 656 if (selected) { 657 if (wpas_wps_scan_pbc_overlap(wpa_s, selected, ssid)) { 658 wpa_msg(wpa_s, MSG_INFO, WPS_EVENT_OVERLAP 659 "PBC session overlap"); 660 timeout = 10; 661 goto req_scan; 662 } 663 664 /* Do not trigger new association unless the BSSID has changed 665 * or if reassociation is requested. If we are in process of 666 * associating with the selected BSSID, do not trigger new 667 * attempt. */ 668 if (wpa_s->reassociate || 669 (os_memcmp(selected->bssid, wpa_s->bssid, ETH_ALEN) != 0 && 670 (wpa_s->wpa_state != WPA_ASSOCIATING || 671 os_memcmp(selected->bssid, wpa_s->pending_bssid, 672 ETH_ALEN) != 0))) { 673 if (wpa_supplicant_scard_init(wpa_s, ssid)) { 674 wpa_supplicant_req_scan(wpa_s, 10, 0); 675 return; 676 } 677 wpa_supplicant_associate(wpa_s, selected, ssid); 678 } else { 679 wpa_printf(MSG_DEBUG, "Already associated with the " 680 "selected AP."); 681 } 682 rsn_preauth_scan_results(wpa_s->wpa, wpa_s->scan_res); 683 } else { 684 wpa_printf(MSG_DEBUG, "No suitable AP found."); 685 timeout = 5; 686 goto req_scan; 687 } 688 689 return; 690 691 req_scan: 692 if (wpa_s->scan_res_tried == 1 && wpa_s->conf->ap_scan == 1) { 693 /* 694 * Quick recovery if the initial scan results were not 695 * complete when fetched before the first scan request. 696 */ 697 wpa_s->scan_res_tried++; 698 timeout = 0; 699 } 700 wpa_supplicant_req_scan(wpa_s, timeout, 0); 701 } 702 #endif /* CONFIG_NO_SCAN_PROCESSING */ 703 704 705 static void wpa_supplicant_event_associnfo(struct wpa_supplicant *wpa_s, 706 union wpa_event_data *data) 707 { 708 int l, len, found = 0, wpa_found, rsn_found; 709 u8 *p; 710 711 wpa_printf(MSG_DEBUG, "Association info event"); 712 if (data->assoc_info.req_ies) 713 wpa_hexdump(MSG_DEBUG, "req_ies", data->assoc_info.req_ies, 714 data->assoc_info.req_ies_len); 715 if (data->assoc_info.resp_ies) 716 wpa_hexdump(MSG_DEBUG, "resp_ies", data->assoc_info.resp_ies, 717 data->assoc_info.resp_ies_len); 718 if (data->assoc_info.beacon_ies) 719 wpa_hexdump(MSG_DEBUG, "beacon_ies", 720 data->assoc_info.beacon_ies, 721 data->assoc_info.beacon_ies_len); 722 723 p = data->assoc_info.req_ies; 724 l = data->assoc_info.req_ies_len; 725 726 /* Go through the IEs and make a copy of the WPA/RSN IE, if present. */ 727 while (p && l >= 2) { 728 len = p[1] + 2; 729 if (len > l) { 730 wpa_hexdump(MSG_DEBUG, "Truncated IE in assoc_info", 731 p, l); 732 break; 733 } 734 if ((p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 6 && 735 (os_memcmp(&p[2], "\x00\x50\xF2\x01\x01\x00", 6) == 0)) || 736 (p[0] == WLAN_EID_RSN && p[1] >= 2)) { 737 if (wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, p, len)) 738 break; 739 found = 1; 740 wpa_find_assoc_pmkid(wpa_s); 741 break; 742 } 743 l -= len; 744 p += len; 745 } 746 if (!found && data->assoc_info.req_ies) 747 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0); 748 749 /* WPA/RSN IE from Beacon/ProbeResp */ 750 p = data->assoc_info.beacon_ies; 751 l = data->assoc_info.beacon_ies_len; 752 753 /* Go through the IEs and make a copy of the WPA/RSN IEs, if present. 754 */ 755 wpa_found = rsn_found = 0; 756 while (p && l >= 2) { 757 len = p[1] + 2; 758 if (len > l) { 759 wpa_hexdump(MSG_DEBUG, "Truncated IE in beacon_ies", 760 p, l); 761 break; 762 } 763 if (!wpa_found && 764 p[0] == WLAN_EID_VENDOR_SPECIFIC && p[1] >= 6 && 765 os_memcmp(&p[2], "\x00\x50\xF2\x01\x01\x00", 6) == 0) { 766 wpa_found = 1; 767 wpa_sm_set_ap_wpa_ie(wpa_s->wpa, p, len); 768 } 769 770 if (!rsn_found && 771 p[0] == WLAN_EID_RSN && p[1] >= 2) { 772 rsn_found = 1; 773 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, p, len); 774 } 775 776 l -= len; 777 p += len; 778 } 779 780 if (!wpa_found && data->assoc_info.beacon_ies) 781 wpa_sm_set_ap_wpa_ie(wpa_s->wpa, NULL, 0); 782 if (!rsn_found && data->assoc_info.beacon_ies) 783 wpa_sm_set_ap_rsn_ie(wpa_s->wpa, NULL, 0); 784 if (wpa_found || rsn_found) 785 wpa_s->ap_ies_from_associnfo = 1; 786 } 787 788 789 static void wpa_supplicant_event_assoc(struct wpa_supplicant *wpa_s, 790 union wpa_event_data *data) 791 { 792 u8 bssid[ETH_ALEN]; 793 int ft_completed = wpa_ft_is_completed(wpa_s->wpa); 794 795 if (data) 796 wpa_supplicant_event_associnfo(wpa_s, data); 797 798 wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATED); 799 if (wpa_s->use_client_mlme) 800 os_memcpy(bssid, wpa_s->bssid, ETH_ALEN); 801 if (wpa_s->use_client_mlme || 802 (wpa_drv_get_bssid(wpa_s, bssid) >= 0 && 803 os_memcmp(bssid, wpa_s->bssid, ETH_ALEN) != 0)) { 804 wpa_msg(wpa_s, MSG_DEBUG, "Associated to a new BSS: BSSID=" 805 MACSTR, MAC2STR(bssid)); 806 os_memcpy(wpa_s->bssid, bssid, ETH_ALEN); 807 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN); 808 if (wpa_supplicant_dynamic_keys(wpa_s) && !ft_completed) { 809 wpa_clear_keys(wpa_s, bssid); 810 } 811 if (wpa_supplicant_select_config(wpa_s) < 0) { 812 wpa_supplicant_disassociate( 813 wpa_s, WLAN_REASON_DEAUTH_LEAVING); 814 return; 815 } 816 } 817 818 wpa_msg(wpa_s, MSG_INFO, "Associated with " MACSTR, MAC2STR(bssid)); 819 if (wpa_s->current_ssid) { 820 /* When using scanning (ap_scan=1), SIM PC/SC interface can be 821 * initialized before association, but for other modes, 822 * initialize PC/SC here, if the current configuration needs 823 * smartcard or SIM/USIM. */ 824 wpa_supplicant_scard_init(wpa_s, wpa_s->current_ssid); 825 } 826 wpa_sm_notify_assoc(wpa_s->wpa, bssid); 827 l2_packet_notify_auth_start(wpa_s->l2); 828 829 /* 830 * Set portEnabled first to FALSE in order to get EAP state machine out 831 * of the SUCCESS state and eapSuccess cleared. Without this, EAPOL PAE 832 * state machine may transit to AUTHENTICATING state based on obsolete 833 * eapSuccess and then trigger BE_AUTH to SUCCESS and PAE to 834 * AUTHENTICATED without ever giving chance to EAP state machine to 835 * reset the state. 836 */ 837 if (!ft_completed) { 838 eapol_sm_notify_portEnabled(wpa_s->eapol, FALSE); 839 eapol_sm_notify_portValid(wpa_s->eapol, FALSE); 840 } 841 if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) || ft_completed) 842 eapol_sm_notify_eap_success(wpa_s->eapol, FALSE); 843 /* 802.1X::portControl = Auto */ 844 eapol_sm_notify_portEnabled(wpa_s->eapol, TRUE); 845 wpa_s->eapol_received = 0; 846 if (wpa_s->key_mgmt == WPA_KEY_MGMT_NONE || 847 wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) { 848 wpa_supplicant_cancel_auth_timeout(wpa_s); 849 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED); 850 } else if (!ft_completed) { 851 /* Timeout for receiving the first EAPOL packet */ 852 wpa_supplicant_req_auth_timeout(wpa_s, 10, 0); 853 } 854 wpa_supplicant_cancel_scan(wpa_s); 855 856 if (wpa_s->driver_4way_handshake && 857 wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) { 858 /* 859 * We are done; the driver will take care of RSN 4-way 860 * handshake. 861 */ 862 wpa_supplicant_cancel_auth_timeout(wpa_s); 863 wpa_supplicant_set_state(wpa_s, WPA_COMPLETED); 864 eapol_sm_notify_portValid(wpa_s->eapol, TRUE); 865 eapol_sm_notify_eap_success(wpa_s->eapol, TRUE); 866 } 867 } 868 869 870 static void wpa_supplicant_event_disassoc(struct wpa_supplicant *wpa_s) 871 { 872 const u8 *bssid; 873 874 if (wpa_s->key_mgmt == WPA_KEY_MGMT_WPA_NONE) { 875 /* 876 * At least Host AP driver and a Prism3 card seemed to be 877 * generating streams of disconnected events when configuring 878 * IBSS for WPA-None. Ignore them for now. 879 */ 880 wpa_printf(MSG_DEBUG, "Disconnect event - ignore in " 881 "IBSS/WPA-None mode"); 882 return; 883 } 884 885 if (wpa_s->wpa_state == WPA_4WAY_HANDSHAKE && 886 wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt)) { 887 wpa_msg(wpa_s, MSG_INFO, "WPA: 4-Way Handshake failed - " 888 "pre-shared key may be incorrect"); 889 } 890 if (wpa_s->wpa_state >= WPA_ASSOCIATED) 891 wpa_supplicant_req_scan(wpa_s, 0, 100000); 892 bssid = wpa_s->bssid; 893 if (is_zero_ether_addr(bssid)) 894 bssid = wpa_s->pending_bssid; 895 wpa_blacklist_add(wpa_s, bssid); 896 wpa_sm_notify_disassoc(wpa_s->wpa); 897 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DISCONNECTED "- Disconnect event - " 898 "remove keys"); 899 if (wpa_supplicant_dynamic_keys(wpa_s)) { 900 wpa_s->keys_cleared = 0; 901 wpa_clear_keys(wpa_s, wpa_s->bssid); 902 } 903 wpa_supplicant_mark_disassoc(wpa_s); 904 } 905 906 907 #ifdef CONFIG_DELAYED_MIC_ERROR_REPORT 908 static void wpa_supplicant_delayed_mic_error_report(void *eloop_ctx, 909 void *sock_ctx) 910 { 911 struct wpa_supplicant *wpa_s = eloop_ctx; 912 913 if (!wpa_s->pending_mic_error_report) 914 return; 915 916 wpa_printf(MSG_DEBUG, "WPA: Sending pending MIC error report"); 917 wpa_sm_key_request(wpa_s->wpa, 1, wpa_s->pending_mic_error_pairwise); 918 wpa_s->pending_mic_error_report = 0; 919 } 920 #endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */ 921 922 923 static void 924 wpa_supplicant_event_michael_mic_failure(struct wpa_supplicant *wpa_s, 925 union wpa_event_data *data) 926 { 927 int pairwise; 928 struct os_time t; 929 930 wpa_msg(wpa_s, MSG_WARNING, "Michael MIC failure detected"); 931 pairwise = (data && data->michael_mic_failure.unicast); 932 os_get_time(&t); 933 if ((wpa_s->last_michael_mic_error && 934 t.sec - wpa_s->last_michael_mic_error <= 60) || 935 wpa_s->pending_mic_error_report) { 936 if (wpa_s->pending_mic_error_report) { 937 /* 938 * Send the pending MIC error report immediately since 939 * we are going to start countermeasures and AP better 940 * do the same. 941 */ 942 wpa_sm_key_request(wpa_s->wpa, 1, 943 wpa_s->pending_mic_error_pairwise); 944 } 945 946 /* Send the new MIC error report immediately since we are going 947 * to start countermeasures and AP better do the same. 948 */ 949 wpa_sm_key_request(wpa_s->wpa, 1, pairwise); 950 951 /* initialize countermeasures */ 952 wpa_s->countermeasures = 1; 953 wpa_msg(wpa_s, MSG_WARNING, "TKIP countermeasures started"); 954 955 /* 956 * Need to wait for completion of request frame. We do not get 957 * any callback for the message completion, so just wait a 958 * short while and hope for the best. */ 959 os_sleep(0, 10000); 960 961 wpa_drv_set_countermeasures(wpa_s, 1); 962 wpa_supplicant_deauthenticate(wpa_s, 963 WLAN_REASON_MICHAEL_MIC_FAILURE); 964 eloop_cancel_timeout(wpa_supplicant_stop_countermeasures, 965 wpa_s, NULL); 966 eloop_register_timeout(60, 0, 967 wpa_supplicant_stop_countermeasures, 968 wpa_s, NULL); 969 /* TODO: mark the AP rejected for 60 second. STA is 970 * allowed to associate with another AP.. */ 971 } else { 972 #ifdef CONFIG_DELAYED_MIC_ERROR_REPORT 973 if (wpa_s->mic_errors_seen) { 974 /* 975 * Reduce the effectiveness of Michael MIC error 976 * reports as a means for attacking against TKIP if 977 * more than one MIC failure is noticed with the same 978 * PTK. We delay the transmission of the reports by a 979 * random time between 0 and 60 seconds in order to 980 * force the attacker wait 60 seconds before getting 981 * the information on whether a frame resulted in a MIC 982 * failure. 983 */ 984 u8 rval[4]; 985 int sec; 986 987 if (os_get_random(rval, sizeof(rval)) < 0) 988 sec = os_random() % 60; 989 else 990 sec = WPA_GET_BE32(rval) % 60; 991 wpa_printf(MSG_DEBUG, "WPA: Delay MIC error report %d " 992 "seconds", sec); 993 wpa_s->pending_mic_error_report = 1; 994 wpa_s->pending_mic_error_pairwise = pairwise; 995 eloop_cancel_timeout( 996 wpa_supplicant_delayed_mic_error_report, 997 wpa_s, NULL); 998 eloop_register_timeout( 999 sec, os_random() % 1000000, 1000 wpa_supplicant_delayed_mic_error_report, 1001 wpa_s, NULL); 1002 } else { 1003 wpa_sm_key_request(wpa_s->wpa, 1, pairwise); 1004 } 1005 #else /* CONFIG_DELAYED_MIC_ERROR_REPORT */ 1006 wpa_sm_key_request(wpa_s->wpa, 1, pairwise); 1007 #endif /* CONFIG_DELAYED_MIC_ERROR_REPORT */ 1008 } 1009 wpa_s->last_michael_mic_error = t.sec; 1010 wpa_s->mic_errors_seen++; 1011 } 1012 1013 1014 #ifdef CONFIG_TERMINATE_ONLASTIF 1015 static int any_interfaces(struct wpa_supplicant *head) 1016 { 1017 struct wpa_supplicant *wpa_s; 1018 1019 for (wpa_s = head; wpa_s != NULL; wpa_s = wpa_s->next) 1020 if (!wpa_s->interface_removed) 1021 return 1; 1022 return 0; 1023 } 1024 #endif /* CONFIG_TERMINATE_ONLASTIF */ 1025 1026 static void 1027 wpa_supplicant_event_interface_status(struct wpa_supplicant *wpa_s, 1028 union wpa_event_data *data) 1029 { 1030 if (os_strcmp(wpa_s->ifname, data->interface_status.ifname) != 0) 1031 return; 1032 1033 switch (data->interface_status.ievent) { 1034 case EVENT_INTERFACE_ADDED: 1035 if (!wpa_s->interface_removed) 1036 break; 1037 wpa_s->interface_removed = 0; 1038 wpa_printf(MSG_DEBUG, "Configured interface was added."); 1039 if (wpa_supplicant_driver_init(wpa_s) < 0) { 1040 wpa_printf(MSG_INFO, "Failed to initialize the driver " 1041 "after interface was added."); 1042 } 1043 break; 1044 case EVENT_INTERFACE_REMOVED: 1045 wpa_printf(MSG_DEBUG, "Configured interface was removed."); 1046 wpa_s->interface_removed = 1; 1047 wpa_supplicant_mark_disassoc(wpa_s); 1048 l2_packet_deinit(wpa_s->l2); 1049 wpa_s->l2 = NULL; 1050 #ifdef CONFIG_TERMINATE_ONLASTIF 1051 /* check if last interface */ 1052 if (!any_interfaces(wpa_s->global->ifaces)) 1053 eloop_terminate(); 1054 #endif /* CONFIG_TERMINATE_ONLASTIF */ 1055 break; 1056 } 1057 } 1058 1059 1060 #ifdef CONFIG_PEERKEY 1061 static void 1062 wpa_supplicant_event_stkstart(struct wpa_supplicant *wpa_s, 1063 union wpa_event_data *data) 1064 { 1065 if (data == NULL) 1066 return; 1067 wpa_sm_stkstart(wpa_s->wpa, data->stkstart.peer); 1068 } 1069 #endif /* CONFIG_PEERKEY */ 1070 1071 1072 #ifdef CONFIG_IEEE80211R 1073 static void 1074 wpa_supplicant_event_ft_response(struct wpa_supplicant *wpa_s, 1075 union wpa_event_data *data) 1076 { 1077 if (data == NULL) 1078 return; 1079 1080 if (wpa_ft_process_response(wpa_s->wpa, data->ft_ies.ies, 1081 data->ft_ies.ies_len, 1082 data->ft_ies.ft_action, 1083 data->ft_ies.target_ap) < 0) { 1084 /* TODO: prevent MLME/driver from trying to associate? */ 1085 } 1086 } 1087 #endif /* CONFIG_IEEE80211R */ 1088 1089 1090 void wpa_supplicant_event(void *ctx, wpa_event_type event, 1091 union wpa_event_data *data) 1092 { 1093 struct wpa_supplicant *wpa_s = ctx; 1094 1095 switch (event) { 1096 case EVENT_ASSOC: 1097 wpa_supplicant_event_assoc(wpa_s, data); 1098 break; 1099 case EVENT_DISASSOC: 1100 wpa_supplicant_event_disassoc(wpa_s); 1101 break; 1102 case EVENT_MICHAEL_MIC_FAILURE: 1103 wpa_supplicant_event_michael_mic_failure(wpa_s, data); 1104 break; 1105 #ifndef CONFIG_NO_SCAN_PROCESSING 1106 case EVENT_SCAN_RESULTS: 1107 wpa_supplicant_event_scan_results(wpa_s); 1108 break; 1109 #endif /* CONFIG_NO_SCAN_PROCESSING */ 1110 case EVENT_ASSOCINFO: 1111 wpa_supplicant_event_associnfo(wpa_s, data); 1112 break; 1113 case EVENT_INTERFACE_STATUS: 1114 wpa_supplicant_event_interface_status(wpa_s, data); 1115 break; 1116 case EVENT_PMKID_CANDIDATE: 1117 wpa_supplicant_event_pmkid_candidate(wpa_s, data); 1118 break; 1119 #ifdef CONFIG_PEERKEY 1120 case EVENT_STKSTART: 1121 wpa_supplicant_event_stkstart(wpa_s, data); 1122 break; 1123 #endif /* CONFIG_PEERKEY */ 1124 #ifdef CONFIG_IEEE80211R 1125 case EVENT_FT_RESPONSE: 1126 wpa_supplicant_event_ft_response(wpa_s, data); 1127 break; 1128 #endif /* CONFIG_IEEE80211R */ 1129 default: 1130 wpa_printf(MSG_INFO, "Unknown event %d", event); 1131 break; 1132 } 1133 } 1134