Lines Matching refs:wpa_s
42 static void sme_stop_sa_query(struct wpa_supplicant *wpa_s);
58 static int sme_set_sae_group(struct wpa_supplicant *wpa_s, bool external)
60 int *groups = wpa_s->conf->sae_groups;
67 if (!index_within_array(groups, wpa_s->sme.sae_group_index))
71 int group = groups[wpa_s->sme.sae_group_index];
74 if (!int_array_includes(wpa_s->sme.sae_rejected_groups,
76 sae_set_group(&wpa_s->sme.sae, group) == 0) {
77 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Selected SAE group %d",
78 wpa_s->sme.sae.group);
79 wpa_s->sme.sae.akmp = external ?
80 wpa_s->sme.ext_auth_key_mgmt : wpa_s->key_mgmt;
83 wpa_s->sme.sae_group_index++;
90 static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
105 int key_mgmt = external ? wpa_s->sme.ext_auth_key_mgmt :
106 wpa_s->key_mgmt;
115 if (wpa_s->sae_commit_override) {
117 buf = wpabuf_alloc(4 + wpabuf_len(wpa_s->sae_commit_override));
124 wpabuf_put_buf(buf, wpa_s->sae_commit_override);
132 wpa_dbg(wpa_s, MSG_INFO,
140 wpa_dbg(wpa_s, MSG_INFO,
146 struct wpabuf *pw = ext_password_get(wpa_s->ext_pw,
150 wpa_msg(wpa_s, MSG_INFO,
157 wpa_dbg(wpa_s, MSG_INFO,
170 if (reuse && wpa_s->sme.sae.tmp &&
171 ether_addr_equal(addr, wpa_s->sme.sae.tmp->bssid)) {
174 use_pt = wpa_s->sme.sae.h2e;
175 use_pk = wpa_s->sme.sae.pk;
178 if (sme_set_sae_group(wpa_s, external) < 0) {
183 bss = wpa_bss_get_bssid_latest(wpa_s, bssid);
187 wpa_supplicant_update_scan_results(wpa_s, bssid);
188 bss = wpa_bss_get_bssid_latest(wpa_s, bssid);
199 wpa_s->conf->sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK)
202 wpa_s->conf->sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK)
205 wpa_s->conf->sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK)
225 if (use_pt || wpa_s->conf->sae_pwe == SAE_PWE_HASH_TO_ELEMENT ||
226 wpa_s->conf->sae_pwe == SAE_PWE_BOTH) {
229 if ((wpa_s->conf->sae_pwe == SAE_PWE_HASH_TO_ELEMENT ||
232 wpa_s->conf->sae_pwe != SAE_PWE_FORCE_HUNT_AND_PECK &&
241 wpa_s_setup_sae_pt(wpa_s->conf, ssid, true);
243 sae_prepare_commit_pt(&wpa_s->sme.sae, ssid->pt,
244 wpa_s->own_addr, addr,
245 wpa_s->sme.sae_rejected_groups, NULL) < 0)
248 sae_prepare_commit(wpa_s->own_addr, addr,
250 &wpa_s->sme.sae) < 0) {
254 if (wpa_s->sme.sae.tmp) {
255 os_memcpy(wpa_s->sme.sae.tmp->bssid, addr, ETH_ALEN);
257 wpa_s->sme.sae.pk = 1;
259 os_memcpy(wpa_s->sme.sae.tmp->own_addr, wpa_s->own_addr,
261 os_memcpy(wpa_s->sme.sae.tmp->peer_addr, addr, ETH_ALEN);
262 sae_pk_set_password(&wpa_s->sme.sae, password);
267 len = wpa_s->sme.sae_token ? 3 + wpabuf_len(wpa_s->sme.sae_token) : 0;
282 if (sae_write_commit(&wpa_s->sme.sae, buf, wpa_s->sme.sae_token,
301 static struct wpabuf * sme_auth_build_sae_confirm(struct wpa_supplicant *wpa_s,
314 sae_write_confirm(&wpa_s->sme.sae, buf);
324 * @wpa_s: Pointer to wpa_supplicant data
327 static void sme_auth_handle_rrm(struct wpa_supplicant *wpa_s,
334 wpa_s->rrm.rrm_used = 0;
338 wpa_s->drv_rrm_flags);
346 if (!((wpa_s->drv_rrm_flags &
348 (wpa_s->drv_rrm_flags & WPA_DRIVER_FLAGS_QUIET)) &&
349 !(wpa_s->drv_rrm_flags & WPA_DRIVER_FLAGS_SUPPORT_RRM)) {
355 if (sizeof(wpa_s->sme.assoc_req_ie) <
356 wpa_s->sme.assoc_req_ie_len + rrm_ie_len + 2) {
363 pos = wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len;
369 if (wpa_s->drv_rrm_flags & WPA_DRIVER_FLAGS_TX_POWER_INSERTION)
376 if (wpa_s->lci)
379 wpa_s->sme.assoc_req_ie_len += rrm_ie_len + 2;
380 wpa_s->rrm.rrm_used = 1;
384 static void wpas_ml_handle_removed_links(struct wpa_supplicant *wpa_s,
387 u16 removed_links = wpa_bss_parse_reconf_ml_element(wpa_s, bss);
389 wpa_s->valid_links &= ~removed_links;
394 static struct wpa_bss * wpas_ml_connect_pref(struct wpa_supplicant *wpa_s,
402 wpa_s->valid_links,
403 wpa_s->conf->mld_connect_band_pref,
404 MAC2STR(wpa_s->conf->mld_connect_bssid_pref));
407 if (!(wpa_s->valid_links & (wpa_s->valid_links - 1)))
410 if (!is_zero_ether_addr(wpa_s->conf->mld_connect_bssid_pref)) {
411 for_each_link(wpa_s->valid_links, i) {
412 if (wpa_s->mlo_assoc_link_id == i)
416 wpa_s->links[i].bssid,
417 wpa_s->conf->mld_connect_bssid_pref))
422 if (wpa_s->conf->mld_connect_band_pref == MLD_CONNECT_BAND_PREF_AUTO)
425 switch (wpa_s->conf->mld_connect_band_pref) {
442 for_each_link(wpa_s->valid_links, i) {
443 if (wpa_s->mlo_assoc_link_id == i)
446 if (wpa_s->links[i].freq >= low && wpa_s->links[i].freq <= high)
458 MAC2STR(wpa_s->links[wpa_s->mlo_assoc_link_id].bssid),
459 MAC2STR(wpa_s->links[i].bssid));
463 bss = wpa_bss_get(wpa_s, wpa_s->links[i].bssid, ssid->ssid,
466 bss = wpa_bss_get_bssid(wpa_s, wpa_s->links[i].bssid);
467 wpa_s->mlo_assoc_link_id = i;
474 static int wpas_sme_ml_auth(struct wpa_supplicant *wpa_s,
482 if (!wpa_s->valid_links)
510 if (!ether_addr_equal(wpa_s->ap_mld_addr, mld_addr)) {
512 MACSTR ")", MAC2STR(wpa_s->ap_mld_addr));
520 static void wpas_sme_set_mlo_links(struct wpa_supplicant *wpa_s,
525 wpa_s->valid_links = 0;
526 wpa_s->mlo_assoc_link_id = bss->mld_link_id;
531 wpa_s->valid_links |= BIT(i);
532 os_memcpy(wpa_s->links[i].bssid, bssid, ETH_ALEN);
533 wpa_s->links[i].freq = bss->mld_links[i].freq;
534 wpa_s->links[i].disabled = bss->mld_links[i].disabled;
537 wpa_s->links[i].bss = bss;
539 wpa_s->links[i].bss = wpa_bss_get(wpa_s, bssid,
543 wpa_s->links[i].bss = wpa_bss_get_bssid(wpa_s, bssid);
548 static void sme_send_authentication(struct wpa_supplicant *wpa_s,
573 wpa_msg(wpa_s, MSG_ERROR, "SME: No scan result available for "
575 wpas_connect_work_done(wpa_s);
581 if ((wpa_s->drv_flags2 & WPA_DRIVER_FLAGS2_MLO) &&
582 !wpa_bss_parse_basic_ml_element(wpa_s, bss, wpa_s->ap_mld_addr,
586 wpas_sme_set_mlo_links(wpa_s, bss, ssid);
589 bss = wpas_ml_connect_pref(wpa_s, bss, ssid);
591 if (wpa_s->conf->mld_force_single_link) {
593 wpa_s->valid_links = BIT(wpa_s->mlo_assoc_link_id);
597 params.mld_link_id = wpa_s->mlo_assoc_link_id;
598 params.ap_mld_addr = wpa_s->ap_mld_addr;
599 wpas_ml_handle_removed_links(wpa_s, bss);
602 skip_auth = wpa_s->conf->reassoc_same_bss_optim &&
603 wpa_s->reassoc_same_bss;
604 wpa_s->current_bss = bss;
606 wpa_s->reassociate = 0;
614 if (wpa_s->sme.ssid_len != params.ssid_len ||
615 os_memcmp(wpa_s->sme.ssid, params.ssid, params.ssid_len) != 0)
616 wpa_s->sme.prev_bssid_set = 0;
618 wpa_s->sme.freq = params.freq;
619 os_memcpy(wpa_s->sme.ssid, params.ssid, params.ssid_len);
620 wpa_s->sme.ssid_len = params.ssid_len;
633 wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x",
637 wpa_dbg(wpa_s, MSG_DEBUG, "Overriding auth_alg selection: "
641 wpa_s->sme.sae_pmksa_caching = 0;
648 wpa_dbg(wpa_s, MSG_DEBUG,
654 wpa_dbg(wpa_s, MSG_DEBUG, "Prefer DPP over SAE when both are enabled");
658 if (wpas_is_sae_avoided(wpa_s, ssid, &ied)) {
659 wpa_dbg(wpa_s, MSG_DEBUG,
662 wpa_dbg(wpa_s, MSG_DEBUG, "Using SAE auth_alg");
666 wpa_dbg(wpa_s, MSG_DEBUG,
692 wpa_s->conf->okc :
699 if (pmksa_cache_set_current(wpa_s->wpa, NULL,
702 wpa_s->current_ssid,
705 eapol_sm_notify_pmkid_attempt(wpa_s->eapol);
706 wpa_s->sme.assoc_req_ie_len = sizeof(wpa_s->sme.assoc_req_ie);
707 if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
708 wpa_s->sme.assoc_req_ie,
709 &wpa_s->sme.assoc_req_ie_len,
711 wpa_msg(wpa_s, MSG_WARNING, "SME: Failed to set WPA "
713 wpas_connect_work_done(wpa_s);
720 wpa_s->sme.assoc_req_ie_len = sizeof(wpa_s->sme.assoc_req_ie);
721 if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
722 wpa_s->sme.assoc_req_ie,
723 &wpa_s->sme.assoc_req_ie_len,
725 wpa_msg(wpa_s, MSG_WARNING, "SME: Failed to set WPA "
727 wpas_connect_work_done(wpa_s);
738 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
739 wpa_s->sme.assoc_req_ie_len = 0;
741 wpa_s->sme.assoc_req_ie_len = sizeof(wpa_s->sme.assoc_req_ie);
742 if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
743 wpa_s->sme.assoc_req_ie,
744 &wpa_s->sme.assoc_req_ie_len,
746 wpa_msg(wpa_s, MSG_WARNING, "SME: Failed to set WPA "
749 wpas_connect_work_done(wpa_s);
757 sizeof(wpa_s->sme.assoc_req_ie)) {
758 wpa_s->sme.assoc_req_ie_len = wpabuf_len(wps_ie);
759 os_memcpy(wpa_s->sme.assoc_req_ie, wpabuf_head(wps_ie),
760 wpa_s->sme.assoc_req_ie_len);
762 wpa_s->sme.assoc_req_ie_len = 0;
764 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
767 wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
768 wpa_s->sme.assoc_req_ie_len = 0;
778 if (wpa_s->wpa_proto == WPA_PROTO_WPA) {
779 wpa_ie = os_memdup(wpa_s->sme.assoc_req_ie,
780 wpa_s->sme.assoc_req_ie_len);
782 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Storing WPA IE");
784 wpa_ie_len = wpa_s->sme.assoc_req_ie_len;
785 wpa_s->sme.assoc_req_ie_len = 0;
787 wpa_msg(wpa_s, MSG_WARNING, "WPA: Failed copy WPA IE");
788 wpas_connect_work_done(wpa_s);
797 wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
799 !wpa_key_mgmt_ft(wpa_s->key_mgmt)))
803 wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
807 wpa_dbg(wpa_s, MSG_DEBUG, "SME: FT mobility domain %02x%02x",
811 if (wpa_s->sme.assoc_req_ie_len + 5 <
812 sizeof(wpa_s->sme.assoc_req_ie)) {
814 u8 *pos = wpa_s->sme.assoc_req_ie +
815 wpa_s->sme.assoc_req_ie_len;
822 wpa_s->sme.assoc_req_ie_len += 5;
825 if (wpa_s->sme.prev_bssid_set && wpa_s->sme.ft_used &&
826 os_memcmp(md, wpa_s->sme.mobility_domain, 2) == 0 &&
827 wpa_sm_has_ft_keys(wpa_s->wpa, md)) {
828 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Trying to use FT "
831 params.ie = wpa_s->sme.ft_ies;
832 params.ie_len = wpa_s->sme.ft_ies_len;
837 wpa_s->sme.mfp = wpas_get_ssid_pmf(wpa_s, ssid);
838 if (wpa_s->sme.mfp != NO_MGMT_FRAME_PROTECTION) {
844 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Selected AP supports "
846 wpa_s->sme.mfp = MGMT_FRAME_PROTECTION_REQUIRED;
851 if (wpa_s->global->p2p) {
855 pos = wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len;
856 len = sizeof(wpa_s->sme.assoc_req_ie) -
857 wpa_s->sme.assoc_req_ie_len;
858 res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len,
861 wpa_s->sme.assoc_req_ie_len += res;
866 if (wpa_s->fst_ies) {
867 int fst_ies_len = wpabuf_len(wpa_s->fst_ies);
869 if (wpa_s->sme.assoc_req_ie_len + fst_ies_len <=
870 sizeof(wpa_s->sme.assoc_req_ie)) {
871 os_memcpy(wpa_s->sme.assoc_req_ie +
872 wpa_s->sme.assoc_req_ie_len,
873 wpabuf_head(wpa_s->fst_ies),
875 wpa_s->sme.assoc_req_ie_len += fst_ies_len;
880 sme_auth_handle_rrm(wpa_s, bss);
883 wpa_s->sme.assoc_req_ie_len += wpas_supp_op_class_ie(
884 wpa_s, ssid, bss,
885 wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len,
886 sizeof(wpa_s->sme.assoc_req_ie) - wpa_s->sme.assoc_req_ie_len);
890 wpa_drv_get_ext_capa(wpa_s, WPA_IF_P2P_CLIENT);
892 wpa_drv_get_ext_capa(wpa_s, WPA_IF_STATION);
894 ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab,
897 u8 *pos = wpa_s->sme.assoc_req_ie;
898 if (wpa_s->sme.assoc_req_ie_len > 0 && pos[0] == WLAN_EID_RSN)
901 wpa_s->sme.assoc_req_ie_len -
902 (pos - wpa_s->sme.assoc_req_ie));
903 wpa_s->sme.assoc_req_ie_len += ext_capab_len;
907 if (ssid->max_idle && wpa_s->sme.assoc_req_ie_len + 5 <=
908 sizeof(wpa_s->sme.assoc_req_ie)) {
909 u8 *pos = wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len;
916 wpa_s->sme.assoc_req_ie_len += 5;
920 if (wpa_s->rsnxe_override_assoc &&
921 wpabuf_len(wpa_s->rsnxe_override_assoc) <=
922 sizeof(wpa_s->sme.assoc_req_ie) - wpa_s->sme.assoc_req_ie_len) {
924 os_memcpy(wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len,
925 wpabuf_head(wpa_s->rsnxe_override_assoc),
926 wpabuf_len(wpa_s->rsnxe_override_assoc));
927 wpa_s->sme.assoc_req_ie_len +=
928 wpabuf_len(wpa_s->rsnxe_override_assoc);
931 if (wpa_s->rsnxe_len > 0 &&
932 wpa_s->rsnxe_len <=
933 sizeof(wpa_s->sme.assoc_req_ie) - wpa_s->sme.assoc_req_ie_len &&
935 os_memcpy(wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len,
936 wpa_s->rsnxe, wpa_s->rsnxe_len);
937 wpa_s->sme.assoc_req_ie_len += wpa_s->rsnxe_len;
941 if (is_hs20_network(wpa_s, ssid, bss)) {
946 int pps_mo_id = hs20_get_pps_mo_id(wpa_s, ssid);
952 len = sizeof(wpa_s->sme.assoc_req_ie) -
953 wpa_s->sme.assoc_req_ie_len;
955 os_memcpy(wpa_s->sme.assoc_req_ie +
956 wpa_s->sme.assoc_req_ie_len,
958 wpa_s->sme.assoc_req_ie_len += wpabuf_len(hs20);
968 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Reinsert WPA IE");
970 len = sizeof(wpa_s->sme.assoc_req_ie) -
971 wpa_s->sme.assoc_req_ie_len;
974 os_memcpy(wpa_s->sme.assoc_req_ie +
975 wpa_s->sme.assoc_req_ie_len,
977 wpa_s->sme.assoc_req_ie_len += wpa_ie_len;
979 wpa_dbg(wpa_s, MSG_DEBUG, "WPA: Failed to add WPA IE");
985 if (wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ]) {
986 struct wpabuf *buf = wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ];
989 len = sizeof(wpa_s->sme.assoc_req_ie) -
990 wpa_s->sme.assoc_req_ie_len;
992 os_memcpy(wpa_s->sme.assoc_req_ie +
993 wpa_s->sme.assoc_req_ie_len,
995 wpa_s->sme.assoc_req_ie_len += wpabuf_len(buf);
1001 if (!wpa_s->disable_mbo_oce && mbo_ie) {
1004 len = wpas_mbo_ie(wpa_s, wpa_s->sme.assoc_req_ie +
1005 wpa_s->sme.assoc_req_ie_len,
1006 sizeof(wpa_s->sme.assoc_req_ie) -
1007 wpa_s->sme.assoc_req_ie_len,
1011 wpa_s->sme.assoc_req_ie_len += len;
1017 pmksa_cache_set_current(wpa_s->wpa, NULL,
1022 wpa_key_mgmt_sae(wpa_s->key_mgmt) ?
1023 wpa_s->key_mgmt :
1025 wpa_dbg(wpa_s, MSG_DEBUG,
1027 wpa_sm_set_pmk_from_pmksa(wpa_s->wpa);
1029 wpa_s->sme.sae_pmksa_caching = 1;
1034 resp = sme_auth_build_sae_commit(wpa_s, ssid,
1042 resp = sme_auth_build_sae_confirm(wpa_s, 0);
1044 wpas_connection_failed(wpa_s, bss->bssid, NULL);
1049 wpa_s->sme.sae.state = start ? SAE_COMMITTED : SAE_CONFIRMED;
1053 bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
1054 os_memset(wpa_s->bssid, 0, ETH_ALEN);
1055 os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
1057 wpas_notify_bssid_changed(wpa_s);
1059 old_ssid = wpa_s->current_ssid;
1060 wpa_s->current_ssid = ssid;
1061 wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
1062 wpa_sm_set_ssid(wpa_s->wpa, bss->ssid, bss->ssid_len);
1063 wpa_supplicant_initiate_eapol(wpa_s);
1105 if (wpa_s->last_con_fail_realm &&
1106 eapol_sm_get_erp_info(wpa_s->eapol, &ssid->eap,
1110 realm && realm_len == wpa_s->last_con_fail_realm_len &&
1111 os_memcmp(realm, wpa_s->last_con_fail_realm,
1118 if (pmksa_cache_set_current(wpa_s->wpa, NULL,
1126 resp = fils_build_auth(wpa_s->wpa, ssid->fils_dh_group, md);
1142 wpa_s->sme.auth_alg = auth_alg;
1148 wpa_supplicant_cancel_sched_scan(wpa_s);
1149 wpa_supplicant_cancel_scan(wpa_s);
1151 wpa_msg(wpa_s, MSG_INFO, "SME: Trying to authenticate with " MACSTR
1155 eapol_sm_notify_portValid(wpa_s->eapol, false);
1156 wpa_clear_keys(wpa_s, bss->bssid);
1157 wpa_supplicant_set_state(wpa_s, WPA_AUTHENTICATING);
1158 if (old_ssid != wpa_s->current_ssid)
1159 wpas_notify_network_changed(wpa_s);
1162 hs20_configure_frame_filters(wpa_s);
1171 if (wpa_s->num_multichan_concurrent < 2) {
1173 num = get_shared_radio_freqs(wpa_s, &freq, 1, false);
1178 if (wpas_p2p_handle_frequency_conflicts(wpa_s,
1181 wpas_connection_failed(wpa_s, bss->bssid, NULL);
1182 wpa_supplicant_mark_disassoc(wpa_s);
1184 wpas_connect_work_done(wpa_s);
1192 wpa_msg(wpa_s, MSG_DEBUG,
1195 sme_associate(wpa_s, ssid->mode, bss->bssid, WLAN_AUTH_OPEN);
1200 wpa_s->sme.auth_alg = params.auth_alg;
1201 if (wpa_drv_authenticate(wpa_s, ¶ms) < 0) {
1202 wpa_msg(wpa_s, MSG_INFO, "SME: Authentication request to the "
1204 wpas_connection_failed(wpa_s, bss->bssid, NULL);
1205 wpa_supplicant_mark_disassoc(wpa_s);
1207 wpas_connect_work_done(wpa_s);
1211 eloop_register_timeout(SME_AUTH_TIMEOUT, 0, sme_auth_timer, wpa_s,
1226 struct wpa_supplicant *wpa_s = work->wpa_s;
1228 wpa_s->roam_in_progress = false;
1230 wpa_s->bss_trans_mgmt_in_progress = false;
1235 wpa_s->connect_work = NULL;
1241 wpa_s->connect_work = work;
1244 !wpas_valid_bss_ssid(wpa_s, cwork->bss, cwork->ssid) ||
1245 wpas_network_disabled(wpa_s, cwork->ssid)) {
1246 wpa_dbg(wpa_s, MSG_DEBUG, "SME: BSS/SSID entry for authentication not valid anymore - drop connection attempt");
1247 wpas_connect_work_done(wpa_s);
1253 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
1254 wpa_sm_set_assoc_rsnxe(wpa_s->wpa, NULL, 0);
1255 wpa_s->rsnxe_len = 0;
1257 sme_send_authentication(wpa_s, cwork->bss, cwork->ssid, 1);
1258 wpas_notify_auth_changed(wpa_s);
1262 void sme_authenticate(struct wpa_supplicant *wpa_s,
1269 if (wpa_s->connect_work) {
1270 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Reject sme_authenticate() call since connect_work exist");
1274 if (wpa_s->roam_in_progress) {
1275 wpa_dbg(wpa_s, MSG_DEBUG,
1280 if (wpa_s->bss_trans_mgmt_in_progress) {
1281 wpa_dbg(wpa_s, MSG_DEBUG,
1286 if (radio_work_pending(wpa_s, "sme-connect")) {
1292 wpa_dbg(wpa_s, MSG_DEBUG,
1294 radio_remove_works(wpa_s, "sme-connect", 0);
1297 wpas_abort_ongoing_scan(wpa_s);
1307 wpa_s->sme.sae.state = SAE_NOTHING;
1308 wpa_s->sme.sae.send_confirm = 0;
1309 wpa_s->sme.sae_group_index = 0;
1312 if (radio_add_work(wpa_s, bss->freq, "sme-connect", 1,
1369 static int sme_external_auth_send_sae_commit(struct wpa_supplicant *wpa_s,
1378 resp = sme_auth_build_sae_commit(wpa_s, ssid, bssid,
1379 wpa_s->sme.ext_ml_auth ?
1380 wpa_s->sme.ext_auth_ap_mld_addr : NULL,
1387 wpa_s->sme.sae.state = SAE_COMMITTED;
1389 (wpa_s->sme.ext_ml_auth ? WPA_AUTH_FRAME_ML_IE_LEN :
1396 wpa_s->sme.seq_num++;
1403 sme_external_auth_build_buf(buf, resp, wpa_s->own_addr,
1404 wpa_s->sme.ext_ml_auth ?
1405 wpa_s->sme.ext_auth_ap_mld_addr : bssid, 1,
1406 wpa_s->sme.seq_num, status,
1407 wpa_s->sme.ext_ml_auth ?
1408 wpa_s->own_addr : NULL);
1409 wpa_drv_send_mlme(wpa_s, wpabuf_head(buf), wpabuf_len(buf), 1, 0, 0);
1417 static void sme_send_external_auth_status(struct wpa_supplicant *wpa_s,
1422 wpa_s->sme.ext_auth_wpa_ssid = NULL;
1425 params.ssid = wpa_s->sme.ext_auth_ssid;
1426 params.ssid_len = wpa_s->sme.ext_auth_ssid_len;
1427 params.bssid = wpa_s->sme.ext_auth_bssid;
1428 if (wpa_s->conf->sae_pmkid_in_assoc && status == WLAN_STATUS_SUCCESS)
1429 params.pmkid = wpa_s->sme.sae.pmkid;
1430 wpa_drv_send_external_auth_status(wpa_s, ¶ms);
1434 static int sme_handle_external_auth_start(struct wpa_supplicant *wpa_s,
1441 wpa_s->sme.ext_auth_wpa_ssid = NULL;
1443 for (ssid = wpa_s->conf->ssid; ssid; ssid = ssid->next) {
1444 if (!wpas_network_disabled(wpa_s, ssid) &&
1449 wpa_s_setup_sae_pt(wpa_s->conf, ssid, false);
1450 wpa_s->sme.ext_auth_wpa_ssid = ssid;
1455 sme_external_auth_send_sae_commit(wpa_s, data->external_auth.bssid,
1463 static void sme_external_auth_send_sae_confirm(struct wpa_supplicant *wpa_s,
1468 resp = sme_auth_build_sae_confirm(wpa_s, 1);
1474 wpa_s->sme.sae.state = SAE_CONFIRMED;
1476 (wpa_s->sme.ext_ml_auth ? WPA_AUTH_FRAME_ML_IE_LEN :
1483 wpa_s->sme.seq_num++;
1484 sme_external_auth_build_buf(buf, resp, wpa_s->own_addr,
1485 da, 2, wpa_s->sme.seq_num,
1487 wpa_s->sme.ext_ml_auth ?
1488 wpa_s->own_addr : NULL);
1490 wpa_drv_send_mlme(wpa_s, wpabuf_head(buf), wpabuf_len(buf), 1, 0, 0);
1496 static bool is_sae_key_mgmt_suite(struct wpa_supplicant *wpa_s, u32 suite)
1507 * the actual AKM from wpa_s->key_mgmt. */
1508 wpa_s->sme.ext_auth_key_mgmt = wpa_s->key_mgmt;
1513 wpa_s->sme.ext_auth_key_mgmt = WPA_KEY_MGMT_SAE;
1515 wpa_s->sme.ext_auth_key_mgmt = WPA_KEY_MGMT_FT_SAE;
1517 wpa_s->sme.ext_auth_key_mgmt = WPA_KEY_MGMT_SAE_EXT_KEY;
1519 wpa_s->sme.ext_auth_key_mgmt = WPA_KEY_MGMT_FT_SAE_EXT_KEY;
1527 void sme_external_auth_trigger(struct wpa_supplicant *wpa_s,
1530 if (!is_sae_key_mgmt_suite(wpa_s, data->external_auth.key_mgmt_suite))
1536 os_memcpy(wpa_s->sme.ext_auth_bssid, data->external_auth.bssid,
1538 os_memcpy(wpa_s->sme.ext_auth_ssid, data->external_auth.ssid,
1540 wpa_s->sme.ext_auth_ssid_len = data->external_auth.ssid_len;
1542 wpa_s->sme.ext_ml_auth = true;
1543 os_memcpy(wpa_s->sme.ext_auth_ap_mld_addr,
1546 wpa_s->sme.ext_ml_auth = false;
1548 wpa_s->sme.seq_num = 0;
1549 wpa_s->sme.sae.state = SAE_NOTHING;
1550 wpa_s->sme.sae.send_confirm = 0;
1551 wpa_s->sme.sae_group_index = 0;
1552 if (sme_handle_external_auth_start(wpa_s, data) < 0)
1553 sme_send_external_auth_status(wpa_s,
1557 sme_send_external_auth_status(wpa_s,
1563 static int sme_sae_is_group_enabled(struct wpa_supplicant *wpa_s, int group)
1565 int *groups = wpa_s->conf->sae_groups;
1581 static int sme_check_sae_rejected_groups(struct wpa_supplicant *wpa_s,
1605 enabled = sme_sae_is_group_enabled(wpa_s, group);
1616 static int sme_external_ml_auth(struct wpa_supplicant *wpa_s,
1649 if (!ether_addr_equal(wpa_s->sme.ext_auth_ap_mld_addr, mld_addr)) {
1652 MAC2STR(wpa_s->sme.ext_auth_ap_mld_addr));
1660 static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
1666 wpa_dbg(wpa_s, MSG_DEBUG, "SME: SAE authentication transaction %u "
1671 wpa_s->sme.sae.state == SAE_COMMITTED &&
1672 ((external && wpa_s->sme.ext_auth_wpa_ssid) ||
1673 (!external && wpa_s->current_bss && wpa_s->current_ssid))) {
1680 groups = wpa_s->conf->sae_groups;
1687 wpa_dbg(wpa_s, MSG_DEBUG,
1692 wpa_dbg(wpa_s, MSG_DEBUG,
1695 if (sae_group_allowed(&wpa_s->sme.sae, groups, group) !=
1697 wpa_dbg(wpa_s, MSG_ERROR,
1702 wpabuf_free(wpa_s->sme.sae_token);
1705 h2e = wpa_s->sme.sae.h2e;
1710 wpa_dbg(wpa_s, MSG_DEBUG,
1720 wpa_dbg(wpa_s, MSG_DEBUG,
1729 wpa_s->sme.sae_token = wpabuf_alloc_copy(token_pos, token_len);
1730 if (!wpa_s->sme.sae_token) {
1731 wpa_dbg(wpa_s, MSG_ERROR,
1737 wpa_s->sme.sae_token);
1739 sme_send_authentication(wpa_s, wpa_s->current_bss,
1740 wpa_s->current_ssid, 2);
1742 if (wpa_s->sme.ext_ml_auth &&
1743 sme_external_ml_auth(wpa_s, data, len, *ie_offset,
1748 wpa_s, wpa_s->sme.ext_auth_bssid,
1749 wpa_s->sme.ext_auth_wpa_ssid);
1756 wpa_s->sme.sae.state == SAE_COMMITTED &&
1757 ((external && wpa_s->sme.ext_auth_wpa_ssid) ||
1758 (!external && wpa_s->current_bss && wpa_s->current_ssid))) {
1759 wpa_dbg(wpa_s, MSG_DEBUG, "SME: SAE group not supported");
1760 int_array_add_unique(&wpa_s->sme.sae_rejected_groups,
1761 wpa_s->sme.sae.group);
1762 wpa_s->sme.sae_group_index++;
1763 if (sme_set_sae_group(wpa_s, external) < 0)
1765 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Try next enabled SAE group");
1767 sme_send_authentication(wpa_s, wpa_s->current_bss,
1768 wpa_s->current_ssid, 1);
1770 if (wpa_s->sme.ext_ml_auth &&
1771 sme_external_ml_auth(wpa_s, data, len, *ie_offset,
1776 wpa_s, wpa_s->sme.ext_auth_bssid,
1777 wpa_s->sme.ext_auth_wpa_ssid);
1784 const u8 *bssid = sa ? sa : wpa_s->pending_bssid;
1786 wpa_msg(wpa_s, MSG_INFO,
1795 const u8 *bssid = sa ? sa : wpa_s->pending_bssid;
1797 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_AUTH_REJECT MACSTR
1807 groups = wpa_s->conf->sae_groups;
1809 wpa_dbg(wpa_s, MSG_DEBUG, "SME SAE commit");
1810 if ((external && !wpa_s->sme.ext_auth_wpa_ssid) ||
1812 (!wpa_s->current_bss || !wpa_s->current_ssid)))
1814 if (wpa_s->sme.sae.state != SAE_COMMITTED) {
1819 if (wpa_s->sme.sae.h2e && status_code == WLAN_STATUS_SUCCESS) {
1824 if ((!wpa_s->sme.sae.h2e || wpa_s->sme.sae.pk) &&
1830 if (!wpa_s->sme.sae.pk &&
1839 res = sae_parse_commit(&wpa_s->sme.sae, data, len, NULL, NULL,
1852 if (wpa_s->sme.sae.tmp &&
1854 wpa_s,
1855 wpa_s->sme.sae.tmp->peer_rejected_groups))
1858 if (sae_process_commit(&wpa_s->sme.sae) < 0) {
1864 wpabuf_free(wpa_s->sme.sae_token);
1865 wpa_s->sme.sae_token = NULL;
1867 sme_send_authentication(wpa_s, wpa_s->current_bss,
1868 wpa_s->current_ssid, 0);
1870 if (wpa_s->sme.ext_ml_auth &&
1871 sme_external_ml_auth(wpa_s, data, len, *ie_offset,
1875 sme_external_auth_send_sae_confirm(wpa_s, sa);
1881 wpa_dbg(wpa_s, MSG_DEBUG, "SME SAE confirm");
1882 if (wpa_s->sme.sae.state != SAE_CONFIRMED)
1884 if (sae_check_confirm(&wpa_s->sme.sae, data, len,
1887 if (external && wpa_s->sme.ext_ml_auth &&
1888 sme_external_ml_auth(wpa_s, data, len, *ie_offset,
1892 wpa_s->sme.sae.state = SAE_ACCEPTED;
1893 sae_clear_temp_data(&wpa_s->sme.sae);
1894 wpa_s_clear_sae_rejected(wpa_s);
1898 sme_send_external_auth_status(wpa_s,
1909 static int sme_sae_set_pmk(struct wpa_supplicant *wpa_s, const u8 *bssid)
1913 wpa_sm_set_pmk(wpa_s->wpa, wpa_s->sme.sae.pmk, wpa_s->sme.sae.pmk_len,
1914 wpa_s->sme.sae.pmkid, bssid);
1915 if (wpa_s->conf->sae_pmkid_in_assoc) {
1920 if (wpa_s->sme.assoc_req_ie_len + 2 + PMKID_LEN >
1921 sizeof(wpa_s->sme.assoc_req_ie)) {
1922 wpa_msg(wpa_s, MSG_WARNING,
1926 if (wpa_insert_pmkid(wpa_s->sme.assoc_req_ie,
1927 &wpa_s->sme.assoc_req_ie_len,
1928 wpa_s->sme.sae.pmkid, true) < 0)
1932 wpa_s->sme.assoc_req_ie,
1933 wpa_s->sme.assoc_req_ie_len);
1940 void sme_external_auth_mgmt_rx(struct wpa_supplicant *wpa_s,
1951 sme_send_external_auth_status(wpa_s,
1961 wpa_s, le_to_host16(header->u.auth.auth_transaction),
1968 wpa_s,
1977 if (sme_sae_set_pmk(wpa_s,
1978 wpa_s->sme.ext_ml_auth ?
1979 wpa_s->sme.ext_auth_ap_mld_addr :
1980 wpa_s->sme.ext_auth_bssid) < 0)
1988 void sme_event_auth(struct wpa_supplicant *wpa_s, union wpa_event_data *data)
1990 struct wpa_ssid *ssid = wpa_s->current_ssid;
1994 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Ignore authentication event "
1999 if (wpa_s->wpa_state != WPA_AUTHENTICATING) {
2000 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Ignore authentication event "
2005 if (!ether_addr_equal(wpa_s->pending_bssid, data->auth.peer) &&
2006 !(wpa_s->valid_links &&
2007 ether_addr_equal(wpa_s->ap_mld_addr, data->auth.peer))) {
2008 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Ignore authentication with "
2014 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Authentication response: peer=" MACSTR
2021 eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL);
2025 const u8 *addr = wpa_s->pending_bssid;
2028 res = sme_sae_auth(wpa_s, data->auth.auth_transaction,
2033 wpas_connection_failed(wpa_s, wpa_s->pending_bssid,
2035 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
2037 if (wpa_s->sme.sae_rejected_groups &&
2041 wpa_s_clear_sae_rejected(wpa_s);
2047 if (wpa_s->valid_links)
2048 addr = wpa_s->ap_mld_addr;
2050 if (sme_sae_set_pmk(wpa_s, addr) < 0)
2066 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_AUTH_REJECT MACSTR
2075 if (wpa_s->sme.auth_alg == WPA_AUTH_ALG_FILS ||
2076 wpa_s->sme.auth_alg == WPA_AUTH_ALG_FILS_SK_PFS)
2077 fils_connection_failure(wpa_s);
2082 wpa_s->sme.auth_alg == data->auth.auth_type ||
2083 wpa_s->current_ssid->auth_alg == WPA_AUTH_ALG_LEAP) {
2084 wpas_connection_failed(wpa_s, wpa_s->pending_bssid,
2086 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
2090 wpas_connect_work_done(wpa_s);
2094 wpa_s->current_ssid->auth_alg = WPA_AUTH_ALG_SHARED;
2096 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Trying SHARED auth");
2097 wpa_supplicant_associate(wpa_s, wpa_s->current_bss,
2098 wpa_s->current_ssid);
2102 wpa_s->current_ssid->auth_alg = WPA_AUTH_ALG_LEAP;
2104 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Trying LEAP auth");
2105 wpa_supplicant_associate(wpa_s, wpa_s->current_bss,
2106 wpa_s->current_ssid);
2119 if (wpa_s->ric_ies) {
2120 ric_ies = wpabuf_head(wpa_s->ric_ies);
2121 ric_ies_len = wpabuf_len(wpa_s->ric_ies);
2123 if (wpa_ft_process_response(wpa_s->wpa, data->auth.ies,
2127 wpa_dbg(wpa_s, MSG_DEBUG,
2129 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DISCONNECTED "bssid="
2132 MAC2STR(wpa_s->pending_bssid),
2134 wpas_connection_failed(wpa_s, wpa_s->pending_bssid,
2136 wpa_supplicant_mark_disassoc(wpa_s);
2147 expect_auth_type = wpa_s->sme.auth_alg ==
2151 wpa_dbg(wpa_s, MSG_DEBUG,
2154 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DISCONNECTED "bssid="
2157 MAC2STR(wpa_s->pending_bssid),
2159 wpas_connection_failed(wpa_s, wpa_s->pending_bssid,
2161 wpa_supplicant_mark_disassoc(wpa_s);
2165 if (fils_process_auth(wpa_s->wpa, wpa_s->pending_bssid,
2167 wpa_dbg(wpa_s, MSG_DEBUG,
2169 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DISCONNECTED "bssid="
2172 MAC2STR(wpa_s->pending_bssid),
2174 wpas_connection_failed(wpa_s, wpa_s->pending_bssid,
2176 wpa_supplicant_mark_disassoc(wpa_s);
2185 wpas_sme_ml_auth(wpa_s, data, ie_offset) < 0) {
2186 wpa_dbg(wpa_s, MSG_DEBUG,
2188 wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DISCONNECTED "bssid=" MACSTR
2190 MAC2STR(wpa_s->pending_bssid),
2192 wpas_connection_failed(wpa_s, wpa_s->pending_bssid, NULL);
2193 wpa_supplicant_deauthenticate(wpa_s,
2197 wpas_reset_mlo_info(wpa_s);
2201 sme_associate(wpa_s, ssid->mode, data->auth.peer,
2222 void sme_associate(struct wpa_supplicant *wpa_s, enum wpas_mode mode,
2227 struct wpa_ssid *ssid = wpa_s->current_ssid;
2243 wpa_s->sme.assoc_auth_type = auth_type;
2255 dl_list_for_each(req, &wpa_s->fils_hlp_req, struct fils_hlp_req,
2262 wpabuf_put_data(hlp[num_hlp], wpa_s->own_addr,
2272 buf = fils_build_assoc_req(wpa_s->wpa, ¶ms.fils_kek,
2282 wpa_s->sme.assoc_req_ie,
2283 wpa_s->sme.assoc_req_ie_len);
2285 if (wpa_key_mgmt_ft(wpa_s->key_mgmt)) {
2289 remove_ie(wpa_s->sme.assoc_req_ie,
2290 &wpa_s->sme.assoc_req_ie_len,
2294 wpa_s->sme.assoc_req_ie,
2295 wpa_s->sme.assoc_req_ie_len);
2296 remove_ie(wpa_s->sme.assoc_req_ie,
2297 &wpa_s->sme.assoc_req_ie_len,
2301 wpa_s->sme.assoc_req_ie,
2302 wpa_s->sme.assoc_req_ie_len);
2305 /* TODO: Make wpa_s->sme.assoc_req_ie use dynamic allocation */
2306 if (wpa_s->sme.assoc_req_ie_len + wpabuf_len(buf) >
2307 sizeof(wpa_s->sme.assoc_req_ie)) {
2313 os_memcpy(wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len,
2315 wpa_s->sme.assoc_req_ie_len += wpabuf_len(buf);
2318 wpa_s->sme.assoc_req_ie,
2319 wpa_s->sme.assoc_req_ie_len);
2330 if (get_ie_ext(wpa_s->sme.assoc_req_ie, wpa_s->sme.assoc_req_ie_len,
2336 wpa_s->key_mgmt == WPA_KEY_MGMT_OWE) {
2342 } else if (wpa_s->assoc_status_code ==
2344 if (wpa_s->last_owe_group == 19)
2346 else if (wpa_s->last_owe_group == 20)
2354 wpa_s->last_owe_group = group;
2356 owe_ie = owe_build_assoc_req(wpa_s->wpa, group);
2362 if (wpa_s->sme.assoc_req_ie_len + wpabuf_len(owe_ie) >
2363 sizeof(wpa_s->sme.assoc_req_ie)) {
2369 os_memcpy(wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len,
2371 wpa_s->sme.assoc_req_ie_len += wpabuf_len(owe_ie);
2377 if (DPP_VERSION > 1 && wpa_s->key_mgmt == WPA_KEY_MGMT_DPP && ssid &&
2382 pmksa = pmksa_cache_get_current(wpa_s->wpa);
2386 dpp_pfs_free(wpa_s->dpp_pfs);
2387 wpa_s->dpp_pfs = dpp_pfs_init(ssid->dpp_netaccesskey,
2389 if (!wpa_s->dpp_pfs) {
2394 if (wpa_s->sme.assoc_req_ie_len +
2395 wpabuf_len(wpa_s->dpp_pfs->ie) >
2396 sizeof(wpa_s->sme.assoc_req_ie)) {
2399 dpp_pfs_free(wpa_s->dpp_pfs);
2400 wpa_s->dpp_pfs = NULL;
2403 os_memcpy(wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len,
2404 wpabuf_head(wpa_s->dpp_pfs->ie),
2405 wpabuf_len(wpa_s->dpp_pfs->ie));
2406 wpa_s->sme.assoc_req_ie_len += wpabuf_len(wpa_s->dpp_pfs->ie);
2412 wpa_s->mscs_setup_done = false;
2413 if (wpa_bss_ext_capab(wpa_s->current_bss, WLAN_EXT_CAPAB_MSCS) &&
2414 wpa_s->robust_av.valid_config) {
2423 wpa_s->robust_av.frame_classifier_len;
2431 wpa_ie_len = &wpa_s->sme.assoc_req_ie_len;
2432 max_ie_len = sizeof(wpa_s->sme.assoc_req_ie);
2433 wpas_populate_mscs_descriptor_ie(&wpa_s->robust_av, mscs_ie);
2437 os_memcpy(wpa_s->sme.assoc_req_ie + *wpa_ie_len,
2455 wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len,
2456 sizeof(wpa_s->sme.assoc_req_ie) -
2457 wpa_s->sme.assoc_req_ie_len,
2464 wpa_s->sme.assoc_req_ie_len += multi_ap_ie_len;
2468 params.ssid = wpa_s->sme.ssid;
2469 params.ssid_len = wpa_s->sme.ssid_len;
2470 params.freq.freq = wpa_s->sme.freq;
2472 params.wpa_ie = wpa_s->sme.assoc_req_ie_len ?
2473 wpa_s->sme.assoc_req_ie : NULL;
2474 params.wpa_ie_len = wpa_s->sme.assoc_req_ie_len;
2477 params.pairwise_suite = wpa_s->pairwise_cipher;
2478 params.group_suite = wpa_s->group_cipher;
2479 params.mgmt_group_suite = wpa_s->mgmt_group_cipher;
2480 params.key_mgmt_suite = wpa_s->key_mgmt;
2481 params.wpa_proto = wpa_s->wpa_proto;
2487 wpa_supplicant_apply_ht_overrides(wpa_s, ssid, ¶ms);
2494 wpa_supplicant_apply_vht_overrides(wpa_s, ssid, ¶ms);
2497 wpa_supplicant_apply_he_overrides(wpa_s, ssid, ¶ms);
2499 wpa_supplicant_apply_eht_overrides(wpa_s, ssid, ¶ms);
2501 if (auth_type == WLAN_AUTH_FT && wpa_s->sme.ft_ies &&
2502 get_ie(wpa_s->sme.ft_ies, wpa_s->sme.ft_ies_len,
2512 params.wpa_ie = wpa_s->sme.ft_ies;
2513 params.wpa_ie_len = wpa_s->sme.ft_ies_len;
2514 } else if (auth_type == WLAN_AUTH_FT && wpa_s->sme.ft_ies) {
2521 remove_ie(wpa_s->sme.assoc_req_ie,
2522 &wpa_s->sme.assoc_req_ie_len,
2524 remove_ie(wpa_s->sme.assoc_req_ie,
2525 &wpa_s->sme.assoc_req_ie_len,
2527 remove_ie(wpa_s->sme.assoc_req_ie,
2528 &wpa_s->sme.assoc_req_ie_len,
2530 rm_en = get_ie(wpa_s->sme.assoc_req_ie,
2531 wpa_s->sme.assoc_req_ie_len,
2539 remove_ie(wpa_s->sme.assoc_req_ie,
2540 &wpa_s->sme.assoc_req_ie_len,
2545 wpa_s->sme.assoc_req_ie,
2546 wpa_s->sme.assoc_req_ie_len);
2547 if (wpa_s->sme.assoc_req_ie_len + wpa_s->sme.ft_ies_len +
2548 rm_en_len > sizeof(wpa_s->sme.assoc_req_ie)) {
2555 os_memmove(wpa_s->sme.assoc_req_ie + wpa_s->sme.ft_ies_len +
2557 wpa_s->sme.assoc_req_ie,
2558 wpa_s->sme.assoc_req_ie_len);
2559 pos = wpa_s->sme.ft_ies;
2560 end = pos + wpa_s->sme.ft_ies_len;
2561 wpos = wpa_s->sme.assoc_req_ie;
2573 wpa_s->sme.assoc_req_ie_len += wpa_s->sme.ft_ies_len +
2575 params.wpa_ie = wpa_s->sme.assoc_req_ie;
2576 params.wpa_ie_len = wpa_s->sme.assoc_req_ie_len;
2583 params.mgmt_frame_protection = wpa_s->sme.mfp;
2584 params.rrm_used = wpa_s->rrm.rrm_used;
2585 if (wpa_s->sme.prev_bssid_set)
2586 params.prev_bssid = wpa_s->sme.prev_bssid;
2588 wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
2593 wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
2598 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Could not parse own IEs?!");
2603 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, elems.rsn_ie - 2,
2607 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, elems.wpa_ie - 2,
2611 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, elems.osen - 2,
2614 wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
2616 wpa_sm_set_assoc_rsnxe(wpa_s->wpa, elems.rsnxe - 2,
2619 wpa_sm_set_assoc_rsnxe(wpa_s->wpa, NULL, 0);
2623 if (wpa_s->p2pdev->set_sta_uapsd)
2624 params.uapsd = wpa_s->p2pdev->sta_uapsd;
2628 if (wpa_s->valid_links) {
2633 wpa_s->mlo_assoc_link_id, wpa_s->valid_links);
2635 params.mld_params.mld_addr = wpa_s->ap_mld_addr;
2636 params.mld_params.valid_links = wpa_s->valid_links;
2637 params.mld_params.assoc_link_id = wpa_s->mlo_assoc_link_id;
2638 for_each_link(wpa_s->valid_links, i) {
2640 wpa_s->links[i].bssid;
2642 wpa_s->links[i].freq;
2644 wpa_s->links[i].disabled;
2648 i, wpa_s->links[i].freq,
2649 wpa_s->links[i].disabled,
2650 MAC2STR(wpa_s->links[i].bssid));
2654 if (wpa_drv_associate(wpa_s, ¶ms) < 0) {
2658 wpa_msg(wpa_s, MSG_INFO, "SME: Association request to the "
2663 if (!(wpa_s->valid_links & BIT(i)) ||
2664 wpa_s->mlo_assoc_link_id == i ||
2668 wpa_bssid_ignore_add(wpa_s, wpa_s->links[i].bssid);
2674 wpa_drv_deauthenticate(wpa_s, wpa_s->ap_mld_addr,
2676 wpas_connect_work_done(wpa_s);
2677 wpa_supplicant_mark_disassoc(wpa_s);
2678 wpas_request_connection(wpa_s);
2680 wpas_connection_failed(wpa_s, wpa_s->pending_bssid,
2682 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
2683 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
2688 eloop_register_timeout(SME_ASSOC_TIMEOUT, 0, sme_assoc_timer, wpa_s,
2692 wpabuf_free(wpa_s->last_assoc_req_wpa_ie);
2693 wpa_s->last_assoc_req_wpa_ie = NULL;
2695 wpa_s->last_assoc_req_wpa_ie =
2701 int sme_update_ft_ies(struct wpa_supplicant *wpa_s, const u8 *md,
2705 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Remove mobility domain");
2706 os_free(wpa_s->sme.ft_ies);
2707 wpa_s->sme.ft_ies = NULL;
2708 wpa_s->sme.ft_ies_len = 0;
2709 wpa_s->sme.ft_used = 0;
2713 os_memcpy(wpa_s->sme.mobility_domain, md, MOBILITY_DOMAIN_ID_LEN);
2715 os_free(wpa_s->sme.ft_ies);
2716 wpa_s->sme.ft_ies = os_memdup(ies, ies_len);
2717 if (wpa_s->sme.ft_ies == NULL)
2719 wpa_s->sme.ft_ies_len = ies_len;
2724 static void sme_deauth(struct wpa_supplicant *wpa_s, const u8 **link_bssids)
2729 bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
2731 if (wpa_s->valid_links)
2732 bssid = wpa_s->ap_mld_addr;
2734 bssid = wpa_s->pending_bssid;
2736 if (wpa_drv_deauthenticate(wpa_s, bssid,
2738 wpa_msg(wpa_s, MSG_INFO, "SME: Deauth request to the driver "
2741 wpa_s->sme.prev_bssid_set = 0;
2743 wpas_connection_failed(wpa_s, wpa_s->pending_bssid, link_bssids);
2744 wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
2745 os_memset(wpa_s->bssid, 0, ETH_ALEN);
2746 os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
2748 wpas_notify_bssid_changed(wpa_s);
2754 struct wpa_supplicant *wpa_s = eloop_ctx;
2756 if (!wpa_s->current_bss || !wpa_s->current_ssid) {
2757 wpa_msg(wpa_s, MSG_DEBUG,
2762 wpa_msg(wpa_s, MSG_DEBUG,
2765 MAC2STR(wpa_s->current_bss->bssid),
2766 wpa_s->current_ssid->mode,
2767 wpa_s->sme.assoc_auth_type);
2771 sme_associate(wpa_s, wpa_s->current_ssid->mode,
2772 wpa_s->current_bss->bssid,
2773 wpa_s->sme.assoc_auth_type);
2777 static bool sme_try_assoc_comeback(struct wpa_supplicant *wpa_s,
2786 if (wpa_s->test_assoc_comeback_type != -1)
2787 type = wpa_s->test_assoc_comeback_type;
2793 wpa_msg(wpa_s, MSG_INFO,
2799 wpa_msg(wpa_s, MSG_INFO,
2805 wpa_msg(wpa_s, MSG_INFO,
2814 wpa_msg(wpa_s, MSG_DEBUG,
2819 wpa_msg(wpa_s, MSG_DEBUG, "SME: Association comeback interval: %u TUs",
2824 sme_assoc_comeback_timer, wpa_s, NULL);
2829 void sme_event_assoc_reject(struct wpa_supplicant *wpa_s,
2835 if (wpa_s->valid_links)
2836 bssid = wpa_s->ap_mld_addr;
2838 bssid = wpa_s->pending_bssid;
2840 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Association with " MACSTR " failed: "
2841 "status code %d", MAC2STR(wpa_s->pending_bssid),
2844 eloop_cancel_timeout(sme_assoc_timer, wpa_s, NULL);
2845 eloop_cancel_timeout(sme_assoc_comeback_timer, wpa_s, NULL);
2853 wpa_msg(wpa_s, MSG_DEBUG,
2856 if (sme_try_assoc_comeback(wpa_s, data)) {
2863 if (wpa_s->sme.sae_pmksa_caching && wpa_s->current_ssid &&
2864 wpa_key_mgmt_sae(wpa_s->current_ssid->key_mgmt)) {
2865 wpa_dbg(wpa_s, MSG_DEBUG,
2867 wpa_sm_aborted_cached(wpa_s->wpa);
2868 wpa_sm_pmksa_cache_flush(wpa_s->wpa, wpa_s->current_ssid);
2869 if (wpa_s->current_bss) {
2870 struct wpa_bss *bss = wpa_s->current_bss;
2871 struct wpa_ssid *ssid = wpa_s->current_ssid;
2873 wpa_drv_deauthenticate(wpa_s, bssid,
2875 wpas_connect_work_done(wpa_s);
2876 wpa_supplicant_mark_disassoc(wpa_s);
2877 wpa_supplicant_connect(wpa_s, bss, ssid);
2884 if (wpa_s->current_ssid &&
2885 wpa_s->current_ssid->key_mgmt == WPA_KEY_MGMT_DPP &&
2890 pmksa = pmksa_cache_get_current(wpa_s->wpa);
2892 wpa_dbg(wpa_s, MSG_DEBUG,
2894 wpa_sm_pmksa_cache_remove(wpa_s->wpa, pmksa);
2896 wpa_sm_aborted_cached(wpa_s->wpa);
2897 if (wpa_s->current_bss) {
2898 struct wpa_bss *bss = wpa_s->current_bss;
2899 struct wpa_ssid *ssid = wpa_s->current_ssid;
2901 wpa_dbg(wpa_s, MSG_DEBUG,
2903 wpas_connect_work_done(wpa_s);
2904 wpa_supplicant_mark_disassoc(wpa_s);
2905 wpa_supplicant_connect(wpa_s, bss, ssid);
2918 sme_deauth(wpa_s, link_bssids);
2922 void sme_event_auth_timed_out(struct wpa_supplicant *wpa_s,
2925 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Authentication timed out");
2926 wpas_connection_failed(wpa_s, wpa_s->pending_bssid, NULL);
2927 wpa_supplicant_mark_disassoc(wpa_s);
2931 void sme_event_assoc_timed_out(struct wpa_supplicant *wpa_s,
2934 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Association timed out");
2935 wpas_connection_failed(wpa_s, wpa_s->pending_bssid, NULL);
2936 wpa_supplicant_mark_disassoc(wpa_s);
2940 void sme_event_disassoc(struct wpa_supplicant *wpa_s,
2943 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Disassociation event received");
2944 if (wpa_s->sme.prev_bssid_set) {
2951 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Deauthenticate to clear "
2953 wpa_drv_deauthenticate(wpa_s, wpa_s->sme.prev_bssid,
2961 struct wpa_supplicant *wpa_s = eloop_ctx;
2962 if (wpa_s->wpa_state == WPA_AUTHENTICATING) {
2963 wpa_msg(wpa_s, MSG_DEBUG, "SME: Authentication timeout");
2964 sme_deauth(wpa_s, NULL);
2971 struct wpa_supplicant *wpa_s = eloop_ctx;
2972 if (wpa_s->wpa_state == WPA_ASSOCIATING) {
2973 wpa_msg(wpa_s, MSG_DEBUG, "SME: Association timeout");
2974 sme_deauth(wpa_s, NULL);
2979 void sme_state_changed(struct wpa_supplicant *wpa_s)
2982 if (wpa_s->wpa_state != WPA_ASSOCIATING) {
2983 eloop_cancel_timeout(sme_assoc_timer, wpa_s, NULL);
2984 eloop_cancel_timeout(sme_assoc_comeback_timer, wpa_s, NULL);
2986 if (wpa_s->wpa_state != WPA_AUTHENTICATING)
2987 eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL);
2991 void sme_clear_on_disassoc(struct wpa_supplicant *wpa_s)
2993 wpa_s->sme.prev_bssid_set = 0;
2995 wpabuf_free(wpa_s->sme.sae_token);
2996 wpa_s->sme.sae_token = NULL;
2997 sae_clear_data(&wpa_s->sme.sae);
3000 if (wpa_s->sme.ft_ies || wpa_s->sme.ft_used)
3001 sme_update_ft_ies(wpa_s, NULL, NULL, 0);
3003 sme_stop_sa_query(wpa_s);
3007 void sme_deinit(struct wpa_supplicant *wpa_s)
3009 sme_clear_on_disassoc(wpa_s);
3011 os_free(wpa_s->sme.sae_rejected_groups);
3012 wpa_s->sme.sae_rejected_groups = NULL;
3015 eloop_cancel_timeout(sme_assoc_timer, wpa_s, NULL);
3016 eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL);
3017 eloop_cancel_timeout(sme_obss_scan_timeout, wpa_s, NULL);
3018 eloop_cancel_timeout(sme_assoc_comeback_timer, wpa_s, NULL);
3022 static void sme_send_2040_bss_coex(struct wpa_supplicant *wpa_s,
3032 MAC2STR(wpa_s->bssid), num_channels, num_intol);
3061 if (wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
3062 wpa_s->own_addr, wpa_s->bssid,
3064 wpa_msg(wpa_s, MSG_INFO,
3072 int sme_proc_obss_scan(struct wpa_supplicant *wpa_s)
3080 if (!wpa_s->sme.sched_obss_scan)
3083 wpa_s->sme.sched_obss_scan = 0;
3084 if (!wpa_s->current_bss || wpa_s->wpa_state != WPA_COMPLETED)
3100 ie = wpa_bss_get_ie(wpa_s->current_bss, WLAN_EID_COUNTRY);
3106 dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
3136 sme_send_2040_bss_coex(wpa_s, chan_list, num_channels, num_intol);
3141 static void wpa_obss_scan_freqs_list(struct wpa_supplicant *wpa_s,
3149 mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes,
3157 if (wpa_s->sme.ht_sec_chan == HT_SEC_CHAN_UNKNOWN &&
3158 wpa_s->current_bss) {
3161 ie = wpa_bss_get_ie(wpa_s->current_bss, WLAN_EID_HT_OPERATION);
3167 wpa_s->sme.ht_sec_chan = HT_SEC_CHAN_ABOVE;
3169 wpa_s->sme.ht_sec_chan = HT_SEC_CHAN_BELOW;
3173 start = wpa_s->assoc_freq - 10;
3174 end = wpa_s->assoc_freq + 10;
3175 switch (wpa_s->sme.ht_sec_chan) {
3178 if (wpa_s->assoc_freq <= 2452)
3181 if (wpa_s->assoc_freq >= 2432)
3193 wpa_s->assoc_freq, start, end);
3213 struct wpa_supplicant *wpa_s = eloop_ctx;
3216 if (!wpa_s->current_bss) {
3222 wpa_obss_scan_freqs_list(wpa_s, ¶ms);
3226 if (wpa_supplicant_trigger_scan(wpa_s, ¶ms, true, false))
3229 wpa_s->sme.sched_obss_scan = 1;
3232 eloop_register_timeout(wpa_s->sme.obss_scan_int, 0,
3233 sme_obss_scan_timeout, wpa_s, NULL);
3237 void sme_sched_obss_scan(struct wpa_supplicant *wpa_s, int enable)
3240 struct wpa_bss *bss = wpa_s->current_bss;
3241 struct wpa_ssid *ssid = wpa_s->current_ssid;
3245 eloop_cancel_timeout(sme_obss_scan_timeout, wpa_s, NULL);
3246 wpa_s->sme.sched_obss_scan = 0;
3247 wpa_s->sme.ht_sec_chan = HT_SEC_CHAN_UNKNOWN;
3255 if (!((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) ||
3256 (wpa_s->drv_flags & WPA_DRIVER_FLAGS_OBSS_SCAN)) ||
3266 if (!wpa_s->hw.modes)
3270 for (i = 0; i < wpa_s->hw.num_modes; i++) {
3271 hw_mode = &wpa_s->hw.modes[i];
3277 if (i == wpa_s->hw.num_modes || !hw_mode ||
3285 ie = wpa_bss_get_ie(wpa_s->current_bss, WLAN_EID_HT_CAP);
3290 ie = wpa_bss_get_ie(wpa_s->current_bss,
3295 wpa_s->sme.obss_scan_int = WPA_GET_LE16(ie + 6);
3296 if (wpa_s->sme.obss_scan_int < 10) {
3299 wpa_s->sme.obss_scan_int);
3300 wpa_s->sme.obss_scan_int = 10;
3303 wpa_s->sme.obss_scan_int);
3304 eloop_register_timeout(wpa_s->sme.obss_scan_int, 0,
3305 sme_obss_scan_timeout, wpa_s, NULL);
3313 static int sme_check_sa_query_timeout(struct wpa_supplicant *wpa_s)
3318 os_reltime_sub(&now, &wpa_s->sme.sa_query_start, &passed);
3321 wpa_dbg(wpa_s, MSG_DEBUG, "SME: SA Query timed out");
3322 sme_stop_sa_query(wpa_s);
3324 wpa_s, WLAN_REASON_PREV_AUTH_NOT_VALID);
3332 static void sme_send_sa_query_req(struct wpa_supplicant *wpa_s,
3338 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Sending SA Query Request to "
3339 MACSTR, MAC2STR(wpa_s->bssid));
3347 wpa_s->wpa)) {
3350 if (wpa_drv_channel_info(wpa_s, &ci) != 0) {
3357 if (wpa_s->oci_freq_override_saquery_req) {
3361 wpa_s->oci_freq_override_saquery_req);
3362 ci.frequency = wpa_s->oci_freq_override_saquery_req;
3373 if (wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
3374 wpa_s->own_addr, wpa_s->bssid,
3376 wpa_msg(wpa_s, MSG_INFO, "SME: Failed to send SA Query "
3383 struct wpa_supplicant *wpa_s = eloop_ctx;
3387 if (wpa_s->sme.sa_query_count > 0 &&
3388 sme_check_sa_query_timeout(wpa_s))
3391 nbuf = os_realloc_array(wpa_s->sme.sa_query_trans_id,
3392 wpa_s->sme.sa_query_count + 1,
3395 sme_stop_sa_query(wpa_s);
3398 if (wpa_s->sme.sa_query_count == 0) {
3400 os_get_reltime(&wpa_s->sme.sa_query_start);
3402 trans_id = nbuf + wpa_s->sme.sa_query_count * WLAN_SA_QUERY_TR_ID_LEN;
3403 wpa_s->sme.sa_query_trans_id = nbuf;
3404 wpa_s->sme.sa_query_count++;
3408 sme_stop_sa_query(wpa_s);
3415 eloop_register_timeout(sec, usec, sme_sa_query_timer, wpa_s, NULL);
3417 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Association SA Query attempt %d",
3418 wpa_s->sme.sa_query_count);
3420 sme_send_sa_query_req(wpa_s, trans_id);
3424 static void sme_start_sa_query(struct wpa_supplicant *wpa_s)
3426 sme_sa_query_timer(wpa_s, NULL);
3430 static void sme_stop_sa_query(struct wpa_supplicant *wpa_s)
3432 if (wpa_s->sme.sa_query_trans_id)
3433 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Stop SA Query");
3434 eloop_cancel_timeout(sme_sa_query_timer, wpa_s, NULL);
3435 os_free(wpa_s->sme.sa_query_trans_id);
3436 wpa_s->sme.sa_query_trans_id = NULL;
3437 wpa_s->sme.sa_query_count = 0;
3441 void sme_event_unprot_disconnect(struct wpa_supplicant *wpa_s, const u8 *sa,
3447 if (wpa_s->wpa_state != WPA_COMPLETED)
3449 ssid = wpa_s->current_ssid;
3450 if (wpas_get_ssid_pmf(wpa_s, ssid) == NO_MGMT_FRAME_PROTECTION)
3452 if (!ether_addr_equal(sa, wpa_s->bssid))
3457 if (wpa_s->sme.sa_query_count > 0)
3460 if (wpa_s->disable_sa_query)
3465 if (wpa_s->sme.last_unprot_disconnect.sec &&
3466 !os_reltime_expired(&now, &wpa_s->sme.last_unprot_disconnect, 10))
3468 wpa_s->sme.last_unprot_disconnect = now;
3470 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Unprotected disconnect dropped - "
3472 sme_start_sa_query(wpa_s);
3476 void sme_event_ch_switch(struct wpa_supplicant *wpa_s)
3481 if (wpa_s->wpa_state != WPA_COMPLETED ||
3482 !wpa_sm_ocv_enabled(wpa_s->wpa))
3485 wpa_dbg(wpa_s, MSG_DEBUG,
3487 sme_stop_sa_query(wpa_s);
3492 eloop_register_timeout(0, usec, sme_sa_query_timer, wpa_s, NULL);
3496 static void sme_process_sa_query_request(struct wpa_supplicant *wpa_s,
3503 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Sending SA Query Response to "
3504 MACSTR, MAC2STR(wpa_s->bssid));
3511 if (wpa_sm_ocv_enabled(wpa_s->wpa)) {
3514 if (wpa_drv_channel_info(wpa_s, &ci) != 0) {
3521 if (wpa_s->oci_freq_override_saquery_resp) {
3525 wpa_s->oci_freq_override_saquery_resp);
3526 ci.frequency = wpa_s->oci_freq_override_saquery_resp;
3537 if (wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
3538 wpa_s->own_addr, wpa_s->bssid,
3540 wpa_msg(wpa_s, MSG_INFO,
3545 static void sme_process_sa_query_response(struct wpa_supplicant *wpa_s,
3551 if (!wpa_s->sme.sa_query_trans_id)
3554 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Received SA Query response from "
3557 if (!ether_addr_equal(sa, wpa_s->bssid))
3560 for (i = 0; i < wpa_s->sme.sa_query_count; i++) {
3561 if (os_memcmp(wpa_s->sme.sa_query_trans_id +
3567 if (i >= wpa_s->sme.sa_query_count) {
3568 wpa_dbg(wpa_s, MSG_DEBUG, "SME: No matching SA Query "
3573 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Reply to pending SA Query received "
3575 sme_stop_sa_query(wpa_s);
3579 void sme_sa_query_rx(struct wpa_supplicant *wpa_s, const u8 *da, const u8 *sa,
3591 wpa_dbg(wpa_s, MSG_DEBUG, "SME: Received SA Query frame from "
3595 if (wpa_sm_ocv_enabled(wpa_s->wpa)) {
3607 if (wpa_drv_channel_info(wpa_s, &ci) != 0) {
3616 wpa_msg(wpa_s, MSG_INFO, OCV_FAILURE "addr=" MACSTR
3626 sme_process_sa_query_request(wpa_s, sa, data, len);
3628 sme_process_sa_query_response(wpa_s, sa, data, len);
Indexes created Sun Apr 12 00:22:20 UTC 2026