xref: /freebsd/contrib/wpa/wpa_supplicant/wpas_glue.c (revision cc16dea626cf2fc80cde667ac4798065108e596c)
1 /*
2  * WPA Supplicant - Glue code to setup EAPOL and RSN modules
3  * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi>
4  *
5  * This software may be distributed under the terms of the BSD license.
6  * See README for more details.
7  */
8 
9 #include "includes.h"
10 
11 #include "common.h"
12 #include "eapol_supp/eapol_supp_sm.h"
13 #include "rsn_supp/wpa.h"
14 #include "eloop.h"
15 #include "config.h"
16 #include "l2_packet/l2_packet.h"
17 #include "common/wpa_common.h"
18 #include "wpa_supplicant_i.h"
19 #include "driver_i.h"
20 #include "rsn_supp/pmksa_cache.h"
21 #include "sme.h"
22 #include "common/ieee802_11_defs.h"
23 #include "common/wpa_ctrl.h"
24 #include "wpas_glue.h"
25 #include "wps_supplicant.h"
26 #include "bss.h"
27 #include "scan.h"
28 #include "notify.h"
29 
30 
31 #ifndef CONFIG_NO_CONFIG_BLOBS
32 #if defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA)
33 static void wpa_supplicant_set_config_blob(void *ctx,
34 					   struct wpa_config_blob *blob)
35 {
36 	struct wpa_supplicant *wpa_s = ctx;
37 	wpa_config_set_blob(wpa_s->conf, blob);
38 	if (wpa_s->conf->update_config) {
39 		int ret = wpa_config_write(wpa_s->confname, wpa_s->conf);
40 		if (ret) {
41 			wpa_printf(MSG_DEBUG, "Failed to update config after "
42 				   "blob set");
43 		}
44 	}
45 }
46 
47 
48 static const struct wpa_config_blob *
49 wpa_supplicant_get_config_blob(void *ctx, const char *name)
50 {
51 	struct wpa_supplicant *wpa_s = ctx;
52 	return wpa_config_get_blob(wpa_s->conf, name);
53 }
54 #endif /* defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA) */
55 #endif /* CONFIG_NO_CONFIG_BLOBS */
56 
57 
58 #if defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA)
59 static u8 * wpa_alloc_eapol(const struct wpa_supplicant *wpa_s, u8 type,
60 			    const void *data, u16 data_len,
61 			    size_t *msg_len, void **data_pos)
62 {
63 	struct ieee802_1x_hdr *hdr;
64 
65 	*msg_len = sizeof(*hdr) + data_len;
66 	hdr = os_malloc(*msg_len);
67 	if (hdr == NULL)
68 		return NULL;
69 
70 	hdr->version = wpa_s->conf->eapol_version;
71 	hdr->type = type;
72 	hdr->length = host_to_be16(data_len);
73 
74 	if (data)
75 		os_memcpy(hdr + 1, data, data_len);
76 	else
77 		os_memset(hdr + 1, 0, data_len);
78 
79 	if (data_pos)
80 		*data_pos = hdr + 1;
81 
82 	return (u8 *) hdr;
83 }
84 
85 
86 /**
87  * wpa_ether_send - Send Ethernet frame
88  * @wpa_s: Pointer to wpa_supplicant data
89  * @dest: Destination MAC address
90  * @proto: Ethertype in host byte order
91  * @buf: Frame payload starting from IEEE 802.1X header
92  * @len: Frame payload length
93  * Returns: >=0 on success, <0 on failure
94  */
95 static int wpa_ether_send(struct wpa_supplicant *wpa_s, const u8 *dest,
96 			  u16 proto, const u8 *buf, size_t len)
97 {
98 	if (wpa_s->l2) {
99 		return l2_packet_send(wpa_s->l2, dest, proto, buf, len);
100 	}
101 
102 	return wpa_drv_send_eapol(wpa_s, dest, proto, buf, len);
103 }
104 #endif /* IEEE8021X_EAPOL || !CONFIG_NO_WPA */
105 
106 
107 #ifdef IEEE8021X_EAPOL
108 
109 /**
110  * wpa_supplicant_eapol_send - Send IEEE 802.1X EAPOL packet to Authenticator
111  * @ctx: Pointer to wpa_supplicant data (wpa_s)
112  * @type: IEEE 802.1X packet type (IEEE802_1X_TYPE_*)
113  * @buf: EAPOL payload (after IEEE 802.1X header)
114  * @len: EAPOL payload length
115  * Returns: >=0 on success, <0 on failure
116  *
117  * This function adds Ethernet and IEEE 802.1X header and sends the EAPOL frame
118  * to the current Authenticator.
119  */
120 static int wpa_supplicant_eapol_send(void *ctx, int type, const u8 *buf,
121 				     size_t len)
122 {
123 	struct wpa_supplicant *wpa_s = ctx;
124 	u8 *msg, *dst, bssid[ETH_ALEN];
125 	size_t msglen;
126 	int res;
127 
128 	/* TODO: could add l2_packet_sendmsg that allows fragments to avoid
129 	 * extra copy here */
130 
131 	if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
132 	    wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
133 		/* Current SSID is not using IEEE 802.1X/EAP, so drop possible
134 		 * EAPOL frames (mainly, EAPOL-Start) from EAPOL state
135 		 * machines. */
136 		wpa_printf(MSG_DEBUG, "WPA: drop TX EAPOL in non-IEEE 802.1X "
137 			   "mode (type=%d len=%lu)", type,
138 			   (unsigned long) len);
139 		return -1;
140 	}
141 
142 	if (pmksa_cache_get_current(wpa_s->wpa) &&
143 	    type == IEEE802_1X_TYPE_EAPOL_START) {
144 		/* Trying to use PMKSA caching - do not send EAPOL-Start frames
145 		 * since they will trigger full EAPOL authentication. */
146 		wpa_printf(MSG_DEBUG, "RSN: PMKSA caching - do not send "
147 			   "EAPOL-Start");
148 		return -1;
149 	}
150 
151 	if (is_zero_ether_addr(wpa_s->bssid)) {
152 		wpa_printf(MSG_DEBUG, "BSSID not set when trying to send an "
153 			   "EAPOL frame");
154 		if (wpa_drv_get_bssid(wpa_s, bssid) == 0 &&
155 		    !is_zero_ether_addr(bssid)) {
156 			dst = bssid;
157 			wpa_printf(MSG_DEBUG, "Using current BSSID " MACSTR
158 				   " from the driver as the EAPOL destination",
159 				   MAC2STR(dst));
160 		} else {
161 			dst = wpa_s->last_eapol_src;
162 			wpa_printf(MSG_DEBUG, "Using the source address of the"
163 				   " last received EAPOL frame " MACSTR " as "
164 				   "the EAPOL destination",
165 				   MAC2STR(dst));
166 		}
167 	} else {
168 		/* BSSID was already set (from (Re)Assoc event, so use it as
169 		 * the EAPOL destination. */
170 		dst = wpa_s->bssid;
171 	}
172 
173 	msg = wpa_alloc_eapol(wpa_s, type, buf, len, &msglen, NULL);
174 	if (msg == NULL)
175 		return -1;
176 
177 	wpa_printf(MSG_DEBUG, "TX EAPOL: dst=" MACSTR, MAC2STR(dst));
178 	wpa_hexdump(MSG_MSGDUMP, "TX EAPOL", msg, msglen);
179 	res = wpa_ether_send(wpa_s, dst, ETH_P_EAPOL, msg, msglen);
180 	os_free(msg);
181 	return res;
182 }
183 
184 
185 /**
186  * wpa_eapol_set_wep_key - set WEP key for the driver
187  * @ctx: Pointer to wpa_supplicant data (wpa_s)
188  * @unicast: 1 = individual unicast key, 0 = broadcast key
189  * @keyidx: WEP key index (0..3)
190  * @key: Pointer to key data
191  * @keylen: Key length in bytes
192  * Returns: 0 on success or < 0 on error.
193  */
194 static int wpa_eapol_set_wep_key(void *ctx, int unicast, int keyidx,
195 				 const u8 *key, size_t keylen)
196 {
197 	struct wpa_supplicant *wpa_s = ctx;
198 	if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
199 		int cipher = (keylen == 5) ? WPA_CIPHER_WEP40 :
200 			WPA_CIPHER_WEP104;
201 		if (unicast)
202 			wpa_s->pairwise_cipher = cipher;
203 		else
204 			wpa_s->group_cipher = cipher;
205 	}
206 	return wpa_drv_set_key(wpa_s, WPA_ALG_WEP,
207 			       unicast ? wpa_s->bssid : NULL,
208 			       keyidx, unicast, NULL, 0, key, keylen);
209 }
210 
211 
212 static void wpa_supplicant_aborted_cached(void *ctx)
213 {
214 	struct wpa_supplicant *wpa_s = ctx;
215 	wpa_sm_aborted_cached(wpa_s->wpa);
216 }
217 
218 
219 static void wpa_supplicant_eapol_cb(struct eapol_sm *eapol, int success,
220 				    void *ctx)
221 {
222 	struct wpa_supplicant *wpa_s = ctx;
223 	int res, pmk_len;
224 	u8 pmk[PMK_LEN];
225 
226 	wpa_printf(MSG_DEBUG, "EAPOL authentication completed %ssuccessfully",
227 		   success ? "" : "un");
228 
229 	if (wpas_wps_eapol_cb(wpa_s) > 0)
230 		return;
231 
232 	if (!success) {
233 		/*
234 		 * Make sure we do not get stuck here waiting for long EAPOL
235 		 * timeout if the AP does not disconnect in case of
236 		 * authentication failure.
237 		 */
238 		wpa_supplicant_req_auth_timeout(wpa_s, 2, 0);
239 	}
240 
241 	if (!success || !(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
242 		return;
243 
244 	if (!wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt))
245 		return;
246 
247 	wpa_printf(MSG_DEBUG, "Configure PMK for driver-based RSN 4-way "
248 		   "handshake");
249 
250 	pmk_len = PMK_LEN;
251 	if (wpa_key_mgmt_ft(wpa_s->key_mgmt)) {
252 #ifdef CONFIG_IEEE80211R
253 		u8 buf[2 * PMK_LEN];
254 		wpa_printf(MSG_DEBUG, "RSN: Use FT XXKey as PMK for "
255 			   "driver-based 4-way hs and FT");
256 		res = eapol_sm_get_key(eapol, buf, 2 * PMK_LEN);
257 		if (res == 0) {
258 			os_memcpy(pmk, buf + PMK_LEN, PMK_LEN);
259 			os_memset(buf, 0, sizeof(buf));
260 		}
261 #else /* CONFIG_IEEE80211R */
262 		res = -1;
263 #endif /* CONFIG_IEEE80211R */
264 	} else {
265 		res = eapol_sm_get_key(eapol, pmk, PMK_LEN);
266 		if (res) {
267 			/*
268 			 * EAP-LEAP is an exception from other EAP methods: it
269 			 * uses only 16-byte PMK.
270 			 */
271 			res = eapol_sm_get_key(eapol, pmk, 16);
272 			pmk_len = 16;
273 		}
274 	}
275 
276 	if (res) {
277 		wpa_printf(MSG_DEBUG, "Failed to get PMK from EAPOL state "
278 			   "machines");
279 		return;
280 	}
281 
282 	wpa_hexdump_key(MSG_DEBUG, "RSN: Configure PMK for driver-based 4-way "
283 			"handshake", pmk, pmk_len);
284 
285 	if (wpa_drv_set_key(wpa_s, WPA_ALG_PMK, NULL, 0, 0, NULL, 0, pmk,
286 			    pmk_len)) {
287 		wpa_printf(MSG_DEBUG, "Failed to set PMK to the driver");
288 	}
289 
290 	wpa_supplicant_cancel_scan(wpa_s);
291 	wpa_supplicant_cancel_auth_timeout(wpa_s);
292 	wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
293 
294 }
295 
296 
297 static void wpa_supplicant_notify_eapol_done(void *ctx)
298 {
299 	struct wpa_supplicant *wpa_s = ctx;
300 	wpa_msg(wpa_s, MSG_DEBUG, "WPA: EAPOL processing complete");
301 	if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
302 		wpa_supplicant_set_state(wpa_s, WPA_4WAY_HANDSHAKE);
303 	} else {
304 		wpa_supplicant_cancel_auth_timeout(wpa_s);
305 		wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
306 	}
307 }
308 
309 #endif /* IEEE8021X_EAPOL */
310 
311 
312 #ifndef CONFIG_NO_WPA
313 
314 static int wpa_get_beacon_ie(struct wpa_supplicant *wpa_s)
315 {
316 	int ret = 0;
317 	struct wpa_bss *curr = NULL, *bss;
318 	struct wpa_ssid *ssid = wpa_s->current_ssid;
319 	const u8 *ie;
320 
321 	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
322 		if (os_memcmp(bss->bssid, wpa_s->bssid, ETH_ALEN) != 0)
323 			continue;
324 		if (ssid == NULL ||
325 		    ((bss->ssid_len == ssid->ssid_len &&
326 		      os_memcmp(bss->ssid, ssid->ssid, ssid->ssid_len) == 0) ||
327 		     ssid->ssid_len == 0)) {
328 			curr = bss;
329 			break;
330 		}
331 	}
332 
333 	if (curr) {
334 		ie = wpa_bss_get_vendor_ie(curr, WPA_IE_VENDOR_TYPE);
335 		if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0))
336 			ret = -1;
337 
338 		ie = wpa_bss_get_ie(curr, WLAN_EID_RSN);
339 		if (wpa_sm_set_ap_rsn_ie(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0))
340 			ret = -1;
341 	} else {
342 		ret = -1;
343 	}
344 
345 	return ret;
346 }
347 
348 
349 static int wpa_supplicant_get_beacon_ie(void *ctx)
350 {
351 	struct wpa_supplicant *wpa_s = ctx;
352 	if (wpa_get_beacon_ie(wpa_s) == 0) {
353 		return 0;
354 	}
355 
356 	/* No WPA/RSN IE found in the cached scan results. Try to get updated
357 	 * scan results from the driver. */
358 	if (wpa_supplicant_update_scan_results(wpa_s) < 0)
359 		return -1;
360 
361 	return wpa_get_beacon_ie(wpa_s);
362 }
363 
364 
365 static u8 * _wpa_alloc_eapol(void *wpa_s, u8 type,
366 			     const void *data, u16 data_len,
367 			     size_t *msg_len, void **data_pos)
368 {
369 	return wpa_alloc_eapol(wpa_s, type, data, data_len, msg_len, data_pos);
370 }
371 
372 
373 static int _wpa_ether_send(void *wpa_s, const u8 *dest, u16 proto,
374 			   const u8 *buf, size_t len)
375 {
376 	return wpa_ether_send(wpa_s, dest, proto, buf, len);
377 }
378 
379 
380 static void _wpa_supplicant_cancel_auth_timeout(void *wpa_s)
381 {
382 	wpa_supplicant_cancel_auth_timeout(wpa_s);
383 }
384 
385 
386 static void _wpa_supplicant_set_state(void *wpa_s, enum wpa_states state)
387 {
388 	wpa_supplicant_set_state(wpa_s, state);
389 }
390 
391 
392 /**
393  * wpa_supplicant_get_state - Get the connection state
394  * @wpa_s: Pointer to wpa_supplicant data
395  * Returns: The current connection state (WPA_*)
396  */
397 static enum wpa_states wpa_supplicant_get_state(struct wpa_supplicant *wpa_s)
398 {
399 	return wpa_s->wpa_state;
400 }
401 
402 
403 static enum wpa_states _wpa_supplicant_get_state(void *wpa_s)
404 {
405 	return wpa_supplicant_get_state(wpa_s);
406 }
407 
408 
409 static void _wpa_supplicant_deauthenticate(void *wpa_s, int reason_code)
410 {
411 	wpa_supplicant_deauthenticate(wpa_s, reason_code);
412 	/* Schedule a scan to make sure we continue looking for networks */
413 	wpa_supplicant_req_scan(wpa_s, 5, 0);
414 }
415 
416 
417 static void * wpa_supplicant_get_network_ctx(void *wpa_s)
418 {
419 	return wpa_supplicant_get_ssid(wpa_s);
420 }
421 
422 
423 static int wpa_supplicant_get_bssid(void *ctx, u8 *bssid)
424 {
425 	struct wpa_supplicant *wpa_s = ctx;
426 	return wpa_drv_get_bssid(wpa_s, bssid);
427 }
428 
429 
430 static int wpa_supplicant_set_key(void *_wpa_s, enum wpa_alg alg,
431 				  const u8 *addr, int key_idx, int set_tx,
432 				  const u8 *seq, size_t seq_len,
433 				  const u8 *key, size_t key_len)
434 {
435 	struct wpa_supplicant *wpa_s = _wpa_s;
436 	if (alg == WPA_ALG_TKIP && key_idx == 0 && key_len == 32) {
437 		/* Clear the MIC error counter when setting a new PTK. */
438 		wpa_s->mic_errors_seen = 0;
439 	}
440 	return wpa_drv_set_key(wpa_s, alg, addr, key_idx, set_tx, seq, seq_len,
441 			       key, key_len);
442 }
443 
444 
445 static int wpa_supplicant_mlme_setprotection(void *wpa_s, const u8 *addr,
446 					     int protection_type,
447 					     int key_type)
448 {
449 	return wpa_drv_mlme_setprotection(wpa_s, addr, protection_type,
450 					  key_type);
451 }
452 
453 
454 static int wpa_supplicant_add_pmkid(void *wpa_s,
455 				    const u8 *bssid, const u8 *pmkid)
456 {
457 	return wpa_drv_add_pmkid(wpa_s, bssid, pmkid);
458 }
459 
460 
461 static int wpa_supplicant_remove_pmkid(void *wpa_s,
462 				       const u8 *bssid, const u8 *pmkid)
463 {
464 	return wpa_drv_remove_pmkid(wpa_s, bssid, pmkid);
465 }
466 
467 
468 #ifdef CONFIG_IEEE80211R
469 static int wpa_supplicant_update_ft_ies(void *ctx, const u8 *md,
470 					const u8 *ies, size_t ies_len)
471 {
472 	struct wpa_supplicant *wpa_s = ctx;
473 	if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)
474 		return sme_update_ft_ies(wpa_s, md, ies, ies_len);
475 	return wpa_drv_update_ft_ies(wpa_s, md, ies, ies_len);
476 }
477 
478 
479 static int wpa_supplicant_send_ft_action(void *ctx, u8 action,
480 					 const u8 *target_ap,
481 					 const u8 *ies, size_t ies_len)
482 {
483 	struct wpa_supplicant *wpa_s = ctx;
484 	return wpa_drv_send_ft_action(wpa_s, action, target_ap, ies, ies_len);
485 }
486 
487 
488 static int wpa_supplicant_mark_authenticated(void *ctx, const u8 *target_ap)
489 {
490 	struct wpa_supplicant *wpa_s = ctx;
491 	struct wpa_driver_auth_params params;
492 	struct wpa_bss *bss;
493 
494 	bss = wpa_bss_get_bssid(wpa_s, target_ap);
495 	if (bss == NULL)
496 		return -1;
497 
498 	os_memset(&params, 0, sizeof(params));
499 	params.bssid = target_ap;
500 	params.freq = bss->freq;
501 	params.ssid = bss->ssid;
502 	params.ssid_len = bss->ssid_len;
503 	params.auth_alg = WPA_AUTH_ALG_FT;
504 	params.local_state_change = 1;
505 	return wpa_drv_authenticate(wpa_s, &params);
506 }
507 #endif /* CONFIG_IEEE80211R */
508 
509 #endif /* CONFIG_NO_WPA */
510 
511 
512 #ifdef CONFIG_TDLS
513 
514 static int wpa_supplicant_tdls_get_capa(void *ctx, int *tdls_supported,
515 					int *tdls_ext_setup)
516 {
517 	struct wpa_supplicant *wpa_s = ctx;
518 
519 	*tdls_supported = 0;
520 	*tdls_ext_setup = 0;
521 
522 	if (!wpa_s->drv_capa_known)
523 		return -1;
524 
525 	if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)
526 		*tdls_supported = 1;
527 
528 	if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_TDLS_EXTERNAL_SETUP)
529 		*tdls_ext_setup = 1;
530 
531 	return 0;
532 }
533 
534 
535 static int wpa_supplicant_send_tdls_mgmt(void *ctx, const u8 *dst,
536 					 u8 action_code, u8 dialog_token,
537 					 u16 status_code, const u8 *buf,
538 					 size_t len)
539 {
540 	struct wpa_supplicant *wpa_s = ctx;
541 	return wpa_drv_send_tdls_mgmt(wpa_s, dst, action_code, dialog_token,
542 				      status_code, buf, len);
543 }
544 
545 
546 static int wpa_supplicant_tdls_oper(void *ctx, int oper, const u8 *peer)
547 {
548 	struct wpa_supplicant *wpa_s = ctx;
549 	return wpa_drv_tdls_oper(wpa_s, oper, peer);
550 }
551 
552 
553 static int wpa_supplicant_tdls_peer_addset(
554 	void *ctx, const u8 *peer, int add, u16 capability,
555 	const u8 *supp_rates, size_t supp_rates_len)
556 {
557 	struct wpa_supplicant *wpa_s = ctx;
558 	struct hostapd_sta_add_params params;
559 
560 	params.addr = peer;
561 	params.aid = 1;
562 	params.capability = capability;
563 	params.flags = WPA_STA_TDLS_PEER | WPA_STA_AUTHORIZED;
564 	params.ht_capabilities = NULL;
565 	params.listen_interval = 0;
566 	params.supp_rates = supp_rates;
567 	params.supp_rates_len = supp_rates_len;
568 	params.set = !add;
569 
570 	return wpa_drv_sta_add(wpa_s, &params);
571 }
572 
573 #endif /* CONFIG_TDLS */
574 
575 
576 enum wpa_ctrl_req_type wpa_supplicant_ctrl_req_from_string(const char *field)
577 {
578 	if (os_strcmp(field, "IDENTITY") == 0)
579 		return WPA_CTRL_REQ_EAP_IDENTITY;
580 	else if (os_strcmp(field, "PASSWORD") == 0)
581 		return WPA_CTRL_REQ_EAP_PASSWORD;
582 	else if (os_strcmp(field, "NEW_PASSWORD") == 0)
583 		return WPA_CTRL_REQ_EAP_NEW_PASSWORD;
584 	else if (os_strcmp(field, "PIN") == 0)
585 		return WPA_CTRL_REQ_EAP_PIN;
586 	else if (os_strcmp(field, "OTP") == 0)
587 		return WPA_CTRL_REQ_EAP_OTP;
588 	else if (os_strcmp(field, "PASSPHRASE") == 0)
589 		return WPA_CTRL_REQ_EAP_PASSPHRASE;
590 	return WPA_CTRL_REQ_UNKNOWN;
591 }
592 
593 
594 const char * wpa_supplicant_ctrl_req_to_string(enum wpa_ctrl_req_type field,
595 					       const char *default_txt,
596 					       const char **txt)
597 {
598 	const char *ret = NULL;
599 
600 	*txt = default_txt;
601 
602 	switch (field) {
603 	case WPA_CTRL_REQ_EAP_IDENTITY:
604 		*txt = "Identity";
605 		ret = "IDENTITY";
606 		break;
607 	case WPA_CTRL_REQ_EAP_PASSWORD:
608 		*txt = "Password";
609 		ret = "PASSWORD";
610 		break;
611 	case WPA_CTRL_REQ_EAP_NEW_PASSWORD:
612 		*txt = "New Password";
613 		ret = "NEW_PASSWORD";
614 		break;
615 	case WPA_CTRL_REQ_EAP_PIN:
616 		*txt = "PIN";
617 		ret = "PIN";
618 		break;
619 	case WPA_CTRL_REQ_EAP_OTP:
620 		ret = "OTP";
621 		break;
622 	case WPA_CTRL_REQ_EAP_PASSPHRASE:
623 		*txt = "Private key passphrase";
624 		ret = "PASSPHRASE";
625 		break;
626 	default:
627 		break;
628 	}
629 
630 	/* txt needs to be something */
631 	if (*txt == NULL) {
632 		wpa_printf(MSG_WARNING, "No message for request %d", field);
633 		ret = NULL;
634 	}
635 
636 	return ret;
637 }
638 
639 #ifdef IEEE8021X_EAPOL
640 #if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
641 static void wpa_supplicant_eap_param_needed(void *ctx,
642 					    enum wpa_ctrl_req_type field,
643 					    const char *default_txt)
644 {
645 	struct wpa_supplicant *wpa_s = ctx;
646 	struct wpa_ssid *ssid = wpa_s->current_ssid;
647 	const char *field_name, *txt = NULL;
648 	char *buf;
649 	size_t buflen;
650 	int len;
651 
652 	if (ssid == NULL)
653 		return;
654 
655 	wpas_notify_network_request(wpa_s, ssid, field, default_txt);
656 
657 	field_name = wpa_supplicant_ctrl_req_to_string(field, default_txt,
658 						       &txt);
659 	if (field_name == NULL) {
660 		wpa_printf(MSG_WARNING, "Unhandled EAP param %d needed",
661 			   field);
662 		return;
663 	}
664 
665 	buflen = 100 + os_strlen(txt) + ssid->ssid_len;
666 	buf = os_malloc(buflen);
667 	if (buf == NULL)
668 		return;
669 	len = os_snprintf(buf, buflen,
670 			  WPA_CTRL_REQ "%s-%d:%s needed for SSID ",
671 			  field_name, ssid->id, txt);
672 	if (len < 0 || (size_t) len >= buflen) {
673 		os_free(buf);
674 		return;
675 	}
676 	if (ssid->ssid && buflen > len + ssid->ssid_len) {
677 		os_memcpy(buf + len, ssid->ssid, ssid->ssid_len);
678 		len += ssid->ssid_len;
679 		buf[len] = '\0';
680 	}
681 	buf[buflen - 1] = '\0';
682 	wpa_msg(wpa_s, MSG_INFO, "%s", buf);
683 	os_free(buf);
684 }
685 #else /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
686 #define wpa_supplicant_eap_param_needed NULL
687 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
688 
689 
690 static void wpa_supplicant_port_cb(void *ctx, int authorized)
691 {
692 	struct wpa_supplicant *wpa_s = ctx;
693 #ifdef CONFIG_AP
694 	if (wpa_s->ap_iface) {
695 		wpa_printf(MSG_DEBUG, "AP mode active - skip EAPOL Supplicant "
696 			   "port status: %s",
697 			   authorized ? "Authorized" : "Unauthorized");
698 		return;
699 	}
700 #endif /* CONFIG_AP */
701 	wpa_printf(MSG_DEBUG, "EAPOL: Supplicant port status: %s",
702 		   authorized ? "Authorized" : "Unauthorized");
703 	wpa_drv_set_supp_port(wpa_s, authorized);
704 }
705 
706 
707 static void wpa_supplicant_cert_cb(void *ctx, int depth, const char *subject,
708 				   const char *cert_hash,
709 				   const struct wpabuf *cert)
710 {
711 	struct wpa_supplicant *wpa_s = ctx;
712 
713 	wpas_notify_certification(wpa_s, depth, subject, cert_hash, cert);
714 }
715 
716 
717 static void wpa_supplicant_status_cb(void *ctx, const char *status,
718 				     const char *parameter)
719 {
720 	struct wpa_supplicant *wpa_s = ctx;
721 
722 	wpas_notify_eap_status(wpa_s, status, parameter);
723 }
724 
725 
726 static void wpa_supplicant_set_anon_id(void *ctx, const u8 *id, size_t len)
727 {
728 	struct wpa_supplicant *wpa_s = ctx;
729 	char *str;
730 	int res;
731 
732 	wpa_hexdump_ascii(MSG_DEBUG, "EAP method updated anonymous_identity",
733 			  id, len);
734 
735 	if (wpa_s->current_ssid == NULL)
736 		return;
737 
738 	if (id == NULL) {
739 		if (wpa_config_set(wpa_s->current_ssid, "anonymous_identity",
740 				   "NULL", 0) < 0)
741 			return;
742 	} else {
743 		str = os_malloc(len * 2 + 1);
744 		if (str == NULL)
745 			return;
746 		wpa_snprintf_hex(str, len * 2 + 1, id, len);
747 		res = wpa_config_set(wpa_s->current_ssid, "anonymous_identity",
748 				     str, 0);
749 		os_free(str);
750 		if (res < 0)
751 			return;
752 	}
753 
754 	if (wpa_s->conf->update_config) {
755 		res = wpa_config_write(wpa_s->confname, wpa_s->conf);
756 		if (res) {
757 			wpa_printf(MSG_DEBUG, "Failed to update config after "
758 				   "anonymous_id update");
759 		}
760 	}
761 }
762 #endif /* IEEE8021X_EAPOL */
763 
764 
765 int wpa_supplicant_init_eapol(struct wpa_supplicant *wpa_s)
766 {
767 #ifdef IEEE8021X_EAPOL
768 	struct eapol_ctx *ctx;
769 	ctx = os_zalloc(sizeof(*ctx));
770 	if (ctx == NULL) {
771 		wpa_printf(MSG_ERROR, "Failed to allocate EAPOL context.");
772 		return -1;
773 	}
774 
775 	ctx->ctx = wpa_s;
776 	ctx->msg_ctx = wpa_s;
777 	ctx->eapol_send_ctx = wpa_s;
778 	ctx->preauth = 0;
779 	ctx->eapol_done_cb = wpa_supplicant_notify_eapol_done;
780 	ctx->eapol_send = wpa_supplicant_eapol_send;
781 	ctx->set_wep_key = wpa_eapol_set_wep_key;
782 	ctx->set_config_blob = wpa_supplicant_set_config_blob;
783 	ctx->get_config_blob = wpa_supplicant_get_config_blob;
784 	ctx->aborted_cached = wpa_supplicant_aborted_cached;
785 	ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path;
786 	ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path;
787 	ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path;
788 	ctx->wps = wpa_s->wps;
789 	ctx->eap_param_needed = wpa_supplicant_eap_param_needed;
790 	ctx->port_cb = wpa_supplicant_port_cb;
791 	ctx->cb = wpa_supplicant_eapol_cb;
792 	ctx->cert_cb = wpa_supplicant_cert_cb;
793 	ctx->status_cb = wpa_supplicant_status_cb;
794 	ctx->set_anon_id = wpa_supplicant_set_anon_id;
795 	ctx->cb_ctx = wpa_s;
796 	wpa_s->eapol = eapol_sm_init(ctx);
797 	if (wpa_s->eapol == NULL) {
798 		os_free(ctx);
799 		wpa_printf(MSG_ERROR, "Failed to initialize EAPOL state "
800 			   "machines.");
801 		return -1;
802 	}
803 #endif /* IEEE8021X_EAPOL */
804 
805 	return 0;
806 }
807 
808 
809 #ifndef CONFIG_NO_WPA
810 static void wpa_supplicant_set_rekey_offload(void *ctx, const u8 *kek,
811 					     const u8 *kck,
812 					     const u8 *replay_ctr)
813 {
814 	struct wpa_supplicant *wpa_s = ctx;
815 
816 	wpa_drv_set_rekey_info(wpa_s, kek, kck, replay_ctr);
817 }
818 #endif /* CONFIG_NO_WPA */
819 
820 
821 int wpa_supplicant_init_wpa(struct wpa_supplicant *wpa_s)
822 {
823 #ifndef CONFIG_NO_WPA
824 	struct wpa_sm_ctx *ctx;
825 	ctx = os_zalloc(sizeof(*ctx));
826 	if (ctx == NULL) {
827 		wpa_printf(MSG_ERROR, "Failed to allocate WPA context.");
828 		return -1;
829 	}
830 
831 	ctx->ctx = wpa_s;
832 	ctx->msg_ctx = wpa_s;
833 	ctx->set_state = _wpa_supplicant_set_state;
834 	ctx->get_state = _wpa_supplicant_get_state;
835 	ctx->deauthenticate = _wpa_supplicant_deauthenticate;
836 	ctx->set_key = wpa_supplicant_set_key;
837 	ctx->get_network_ctx = wpa_supplicant_get_network_ctx;
838 	ctx->get_bssid = wpa_supplicant_get_bssid;
839 	ctx->ether_send = _wpa_ether_send;
840 	ctx->get_beacon_ie = wpa_supplicant_get_beacon_ie;
841 	ctx->alloc_eapol = _wpa_alloc_eapol;
842 	ctx->cancel_auth_timeout = _wpa_supplicant_cancel_auth_timeout;
843 	ctx->add_pmkid = wpa_supplicant_add_pmkid;
844 	ctx->remove_pmkid = wpa_supplicant_remove_pmkid;
845 #ifndef CONFIG_NO_CONFIG_BLOBS
846 	ctx->set_config_blob = wpa_supplicant_set_config_blob;
847 	ctx->get_config_blob = wpa_supplicant_get_config_blob;
848 #endif /* CONFIG_NO_CONFIG_BLOBS */
849 	ctx->mlme_setprotection = wpa_supplicant_mlme_setprotection;
850 #ifdef CONFIG_IEEE80211R
851 	ctx->update_ft_ies = wpa_supplicant_update_ft_ies;
852 	ctx->send_ft_action = wpa_supplicant_send_ft_action;
853 	ctx->mark_authenticated = wpa_supplicant_mark_authenticated;
854 #endif /* CONFIG_IEEE80211R */
855 #ifdef CONFIG_TDLS
856 	ctx->tdls_get_capa = wpa_supplicant_tdls_get_capa;
857 	ctx->send_tdls_mgmt = wpa_supplicant_send_tdls_mgmt;
858 	ctx->tdls_oper = wpa_supplicant_tdls_oper;
859 	ctx->tdls_peer_addset = wpa_supplicant_tdls_peer_addset;
860 #endif /* CONFIG_TDLS */
861 	ctx->set_rekey_offload = wpa_supplicant_set_rekey_offload;
862 
863 	wpa_s->wpa = wpa_sm_init(ctx);
864 	if (wpa_s->wpa == NULL) {
865 		wpa_printf(MSG_ERROR, "Failed to initialize WPA state "
866 			   "machine");
867 		return -1;
868 	}
869 #endif /* CONFIG_NO_WPA */
870 
871 	return 0;
872 }
873 
874 
875 void wpa_supplicant_rsn_supp_set_config(struct wpa_supplicant *wpa_s,
876 					struct wpa_ssid *ssid)
877 {
878 	struct rsn_supp_config conf;
879 	if (ssid) {
880 		os_memset(&conf, 0, sizeof(conf));
881 		conf.network_ctx = ssid;
882 		conf.peerkey_enabled = ssid->peerkey;
883 		conf.allowed_pairwise_cipher = ssid->pairwise_cipher;
884 #ifdef IEEE8021X_EAPOL
885 		conf.proactive_key_caching = ssid->proactive_key_caching < 0 ?
886 			wpa_s->conf->okc : ssid->proactive_key_caching;
887 		conf.eap_workaround = ssid->eap_workaround;
888 		conf.eap_conf_ctx = &ssid->eap;
889 #endif /* IEEE8021X_EAPOL */
890 		conf.ssid = ssid->ssid;
891 		conf.ssid_len = ssid->ssid_len;
892 		conf.wpa_ptk_rekey = ssid->wpa_ptk_rekey;
893 	}
894 	wpa_sm_set_config(wpa_s->wpa, ssid ? &conf : NULL);
895 }
896