sme.c revision d80a401aed31d06f261efd19223cf55d1a2a8228
1/*
2 * wpa_supplicant - SME
3 * Copyright (c) 2009-2014, Jouni Malinen <j@w1.fi>
4 *
5 * This software may be distributed under the terms of the BSD license.
6 * See README for more details.
7 */
8
9#include "includes.h"
10
11#include "common.h"
12#include "utils/eloop.h"
13#include "common/ieee802_11_defs.h"
14#include "common/ieee802_11_common.h"
15#include "eapol_supp/eapol_supp_sm.h"
16#include "common/wpa_common.h"
17#include "common/sae.h"
18#include "rsn_supp/wpa.h"
19#include "rsn_supp/pmksa_cache.h"
20#include "config.h"
21#include "wpa_supplicant_i.h"
22#include "driver_i.h"
23#include "wpas_glue.h"
24#include "wps_supplicant.h"
25#include "p2p_supplicant.h"
26#include "notify.h"
27#include "bss.h"
28#include "scan.h"
29#include "sme.h"
30#include "hs20_supplicant.h"
31
32#define SME_AUTH_TIMEOUT 5
33#define SME_ASSOC_TIMEOUT 5
34
35static void sme_auth_timer(void *eloop_ctx, void *timeout_ctx);
36static void sme_assoc_timer(void *eloop_ctx, void *timeout_ctx);
37static void sme_obss_scan_timeout(void *eloop_ctx, void *timeout_ctx);
38#ifdef CONFIG_IEEE80211W
39static void sme_stop_sa_query(struct wpa_supplicant *wpa_s);
40#endif /* CONFIG_IEEE80211W */
41
42
43#ifdef CONFIG_SAE
44
45static int index_within_array(const int *array, int idx)
46{
47	int i;
48	for (i = 0; i < idx; i++) {
49		if (array[i] <= 0)
50			return 0;
51	}
52	return 1;
53}
54
55
56static int sme_set_sae_group(struct wpa_supplicant *wpa_s)
57{
58	int *groups = wpa_s->conf->sae_groups;
59	int default_groups[] = { 19, 20, 21, 25, 26, 0 };
60
61	if (!groups || groups[0] <= 0)
62		groups = default_groups;
63
64	/* Configuration may have changed, so validate current index */
65	if (!index_within_array(groups, wpa_s->sme.sae_group_index))
66		return -1;
67
68	for (;;) {
69		int group = groups[wpa_s->sme.sae_group_index];
70		if (group <= 0)
71			break;
72		if (sae_set_group(&wpa_s->sme.sae, group) == 0) {
73			wpa_dbg(wpa_s, MSG_DEBUG, "SME: Selected SAE group %d",
74				wpa_s->sme.sae.group);
75		       return 0;
76		}
77		wpa_s->sme.sae_group_index++;
78	}
79
80	return -1;
81}
82
83
84static struct wpabuf * sme_auth_build_sae_commit(struct wpa_supplicant *wpa_s,
85						 struct wpa_ssid *ssid,
86						 const u8 *bssid)
87{
88	struct wpabuf *buf;
89	size_t len;
90
91	if (ssid->passphrase == NULL) {
92		wpa_printf(MSG_DEBUG, "SAE: No password available");
93		return NULL;
94	}
95
96	if (sme_set_sae_group(wpa_s) < 0) {
97		wpa_printf(MSG_DEBUG, "SAE: Failed to select group");
98		return NULL;
99	}
100
101	if (sae_prepare_commit(wpa_s->own_addr, bssid,
102			       (u8 *) ssid->passphrase,
103			       os_strlen(ssid->passphrase),
104			       &wpa_s->sme.sae) < 0) {
105		wpa_printf(MSG_DEBUG, "SAE: Could not pick PWE");
106		return NULL;
107	}
108
109	len = wpa_s->sme.sae_token ? wpabuf_len(wpa_s->sme.sae_token) : 0;
110	buf = wpabuf_alloc(4 + SAE_COMMIT_MAX_LEN + len);
111	if (buf == NULL)
112		return NULL;
113
114	wpabuf_put_le16(buf, 1); /* Transaction seq# */
115	wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS);
116	sae_write_commit(&wpa_s->sme.sae, buf, wpa_s->sme.sae_token);
117
118	return buf;
119}
120
121
122static struct wpabuf * sme_auth_build_sae_confirm(struct wpa_supplicant *wpa_s)
123{
124	struct wpabuf *buf;
125
126	buf = wpabuf_alloc(4 + SAE_CONFIRM_MAX_LEN);
127	if (buf == NULL)
128		return NULL;
129
130	wpabuf_put_le16(buf, 2); /* Transaction seq# */
131	wpabuf_put_le16(buf, WLAN_STATUS_SUCCESS);
132	sae_write_confirm(&wpa_s->sme.sae, buf);
133
134	return buf;
135}
136
137#endif /* CONFIG_SAE */
138
139
140/**
141 * sme_auth_handle_rrm - Handle RRM aspects of current authentication attempt
142 * @wpa_s: Pointer to wpa_supplicant data
143 * @bss: Pointer to the bss which is the target of authentication attempt
144 */
145static void sme_auth_handle_rrm(struct wpa_supplicant *wpa_s,
146				struct wpa_bss *bss)
147{
148	const u8 rrm_ie_len = 5;
149	u8 *pos;
150	const u8 *rrm_ie;
151
152	wpa_s->rrm.rrm_used = 0;
153
154	wpa_printf(MSG_DEBUG,
155		   "RRM: Determining whether RRM can be used - device support: 0x%x",
156		   wpa_s->drv_rrm_flags);
157
158	rrm_ie = wpa_bss_get_ie(bss, WLAN_EID_RRM_ENABLED_CAPABILITIES);
159	if (!rrm_ie || !(bss->caps & IEEE80211_CAP_RRM)) {
160		wpa_printf(MSG_DEBUG, "RRM: No RRM in network");
161		return;
162	}
163
164	if (!(wpa_s->drv_rrm_flags &
165	      WPA_DRIVER_FLAGS_DS_PARAM_SET_IE_IN_PROBES) ||
166	    !(wpa_s->drv_rrm_flags & WPA_DRIVER_FLAGS_QUIET)) {
167		wpa_printf(MSG_DEBUG,
168			   "RRM: Insufficient RRM support in driver - do not use RRM");
169		return;
170	}
171
172	if (sizeof(wpa_s->sme.assoc_req_ie) <
173	    wpa_s->sme.assoc_req_ie_len + rrm_ie_len + 2) {
174		wpa_printf(MSG_INFO,
175			   "RRM: Unable to use RRM, no room for RRM IE");
176		return;
177	}
178
179	wpa_printf(MSG_DEBUG, "RRM: Adding RRM IE to Association Request");
180	pos = wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len;
181	os_memset(pos, 0, 2 + rrm_ie_len);
182	*pos++ = WLAN_EID_RRM_ENABLED_CAPABILITIES;
183	*pos++ = rrm_ie_len;
184
185	/* Set supported capabilites flags */
186	if (wpa_s->drv_rrm_flags & WPA_DRIVER_FLAGS_TX_POWER_INSERTION)
187		*pos |= WLAN_RRM_CAPS_LINK_MEASUREMENT;
188
189	wpa_s->sme.assoc_req_ie_len += rrm_ie_len + 2;
190	wpa_s->rrm.rrm_used = 1;
191}
192
193
194static void sme_send_authentication(struct wpa_supplicant *wpa_s,
195				    struct wpa_bss *bss, struct wpa_ssid *ssid,
196				    int start)
197{
198	struct wpa_driver_auth_params params;
199	struct wpa_ssid *old_ssid;
200#ifdef CONFIG_IEEE80211R
201	const u8 *ie;
202#endif /* CONFIG_IEEE80211R */
203#ifdef CONFIG_IEEE80211R
204	const u8 *md = NULL;
205#endif /* CONFIG_IEEE80211R */
206	int i, bssid_changed;
207	struct wpabuf *resp = NULL;
208	u8 ext_capab[18];
209	int ext_capab_len;
210	int skip_auth;
211
212	if (bss == NULL) {
213		wpa_msg(wpa_s, MSG_ERROR, "SME: No scan result available for "
214			"the network");
215		wpas_connect_work_done(wpa_s);
216		return;
217	}
218
219	skip_auth = wpa_s->conf->reassoc_same_bss_optim &&
220		wpa_s->reassoc_same_bss;
221	wpa_s->current_bss = bss;
222
223	os_memset(&params, 0, sizeof(params));
224	wpa_s->reassociate = 0;
225
226	params.freq = bss->freq;
227	params.bssid = bss->bssid;
228	params.ssid = bss->ssid;
229	params.ssid_len = bss->ssid_len;
230	params.p2p = ssid->p2p_group;
231
232	if (wpa_s->sme.ssid_len != params.ssid_len ||
233	    os_memcmp(wpa_s->sme.ssid, params.ssid, params.ssid_len) != 0)
234		wpa_s->sme.prev_bssid_set = 0;
235
236	wpa_s->sme.freq = params.freq;
237	os_memcpy(wpa_s->sme.ssid, params.ssid, params.ssid_len);
238	wpa_s->sme.ssid_len = params.ssid_len;
239
240	params.auth_alg = WPA_AUTH_ALG_OPEN;
241#ifdef IEEE8021X_EAPOL
242	if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
243		if (ssid->leap) {
244			if (ssid->non_leap == 0)
245				params.auth_alg = WPA_AUTH_ALG_LEAP;
246			else
247				params.auth_alg |= WPA_AUTH_ALG_LEAP;
248		}
249	}
250#endif /* IEEE8021X_EAPOL */
251	wpa_dbg(wpa_s, MSG_DEBUG, "Automatic auth_alg selection: 0x%x",
252		params.auth_alg);
253	if (ssid->auth_alg) {
254		params.auth_alg = ssid->auth_alg;
255		wpa_dbg(wpa_s, MSG_DEBUG, "Overriding auth_alg selection: "
256			"0x%x", params.auth_alg);
257	}
258#ifdef CONFIG_SAE
259	wpa_s->sme.sae_pmksa_caching = 0;
260	if (wpa_key_mgmt_sae(ssid->key_mgmt)) {
261		const u8 *rsn;
262		struct wpa_ie_data ied;
263
264		rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
265		if (!rsn) {
266			wpa_dbg(wpa_s, MSG_DEBUG,
267				"SAE enabled, but target BSS does not advertise RSN");
268		} else if (wpa_parse_wpa_ie(rsn, 2 + rsn[1], &ied) == 0 &&
269			   wpa_key_mgmt_sae(ied.key_mgmt)) {
270			wpa_dbg(wpa_s, MSG_DEBUG, "Using SAE auth_alg");
271			params.auth_alg = WPA_AUTH_ALG_SAE;
272		} else {
273			wpa_dbg(wpa_s, MSG_DEBUG,
274				"SAE enabled, but target BSS does not advertise SAE AKM for RSN");
275		}
276	}
277#endif /* CONFIG_SAE */
278
279	for (i = 0; i < NUM_WEP_KEYS; i++) {
280		if (ssid->wep_key_len[i])
281			params.wep_key[i] = ssid->wep_key[i];
282		params.wep_key_len[i] = ssid->wep_key_len[i];
283	}
284	params.wep_tx_keyidx = ssid->wep_tx_keyidx;
285
286	bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
287	os_memset(wpa_s->bssid, 0, ETH_ALEN);
288	os_memcpy(wpa_s->pending_bssid, bss->bssid, ETH_ALEN);
289	if (bssid_changed)
290		wpas_notify_bssid_changed(wpa_s);
291
292	if ((wpa_bss_get_vendor_ie(bss, WPA_IE_VENDOR_TYPE) ||
293	     wpa_bss_get_ie(bss, WLAN_EID_RSN)) &&
294	    wpa_key_mgmt_wpa(ssid->key_mgmt)) {
295		int try_opportunistic;
296		try_opportunistic = (ssid->proactive_key_caching < 0 ?
297				     wpa_s->conf->okc :
298				     ssid->proactive_key_caching) &&
299			(ssid->proto & WPA_PROTO_RSN);
300		if (pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid,
301					    wpa_s->current_ssid,
302					    try_opportunistic) == 0)
303			eapol_sm_notify_pmkid_attempt(wpa_s->eapol);
304		wpa_s->sme.assoc_req_ie_len = sizeof(wpa_s->sme.assoc_req_ie);
305		if (wpa_supplicant_set_suites(wpa_s, bss, ssid,
306					      wpa_s->sme.assoc_req_ie,
307					      &wpa_s->sme.assoc_req_ie_len)) {
308			wpa_msg(wpa_s, MSG_WARNING, "SME: Failed to set WPA "
309				"key management and encryption suites");
310			wpas_connect_work_done(wpa_s);
311			return;
312		}
313	} else if ((ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_NO_WPA) &&
314		   wpa_key_mgmt_wpa_ieee8021x(ssid->key_mgmt)) {
315		/*
316		 * Both WPA and non-WPA IEEE 802.1X enabled in configuration -
317		 * use non-WPA since the scan results did not indicate that the
318		 * AP is using WPA or WPA2.
319		 */
320		wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
321		wpa_s->sme.assoc_req_ie_len = 0;
322	} else if (wpa_key_mgmt_wpa_any(ssid->key_mgmt)) {
323		wpa_s->sme.assoc_req_ie_len = sizeof(wpa_s->sme.assoc_req_ie);
324		if (wpa_supplicant_set_suites(wpa_s, NULL, ssid,
325					      wpa_s->sme.assoc_req_ie,
326					      &wpa_s->sme.assoc_req_ie_len)) {
327			wpa_msg(wpa_s, MSG_WARNING, "SME: Failed to set WPA "
328				"key management and encryption suites (no "
329				"scan results)");
330			wpas_connect_work_done(wpa_s);
331			return;
332		}
333#ifdef CONFIG_WPS
334	} else if (ssid->key_mgmt & WPA_KEY_MGMT_WPS) {
335		struct wpabuf *wps_ie;
336		wps_ie = wps_build_assoc_req_ie(wpas_wps_get_req_type(ssid));
337		if (wps_ie && wpabuf_len(wps_ie) <=
338		    sizeof(wpa_s->sme.assoc_req_ie)) {
339			wpa_s->sme.assoc_req_ie_len = wpabuf_len(wps_ie);
340			os_memcpy(wpa_s->sme.assoc_req_ie, wpabuf_head(wps_ie),
341				  wpa_s->sme.assoc_req_ie_len);
342		} else
343			wpa_s->sme.assoc_req_ie_len = 0;
344		wpabuf_free(wps_ie);
345		wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
346#endif /* CONFIG_WPS */
347	} else {
348		wpa_supplicant_set_non_wpa_policy(wpa_s, ssid);
349		wpa_s->sme.assoc_req_ie_len = 0;
350	}
351
352#ifdef CONFIG_IEEE80211R
353	ie = wpa_bss_get_ie(bss, WLAN_EID_MOBILITY_DOMAIN);
354	if (ie && ie[1] >= MOBILITY_DOMAIN_ID_LEN)
355		md = ie + 2;
356	wpa_sm_set_ft_params(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0);
357	if (md) {
358		/* Prepare for the next transition */
359		wpa_ft_prepare_auth_request(wpa_s->wpa, ie);
360	}
361
362	if (md && wpa_key_mgmt_ft(ssid->key_mgmt)) {
363		if (wpa_s->sme.assoc_req_ie_len + 5 <
364		    sizeof(wpa_s->sme.assoc_req_ie)) {
365			struct rsn_mdie *mdie;
366			u8 *pos = wpa_s->sme.assoc_req_ie +
367				wpa_s->sme.assoc_req_ie_len;
368			*pos++ = WLAN_EID_MOBILITY_DOMAIN;
369			*pos++ = sizeof(*mdie);
370			mdie = (struct rsn_mdie *) pos;
371			os_memcpy(mdie->mobility_domain, md,
372				  MOBILITY_DOMAIN_ID_LEN);
373			mdie->ft_capab = md[MOBILITY_DOMAIN_ID_LEN];
374			wpa_s->sme.assoc_req_ie_len += 5;
375		}
376
377		if (wpa_s->sme.ft_used &&
378		    os_memcmp(md, wpa_s->sme.mobility_domain, 2) == 0 &&
379		    wpa_sm_has_ptk(wpa_s->wpa)) {
380			wpa_dbg(wpa_s, MSG_DEBUG, "SME: Trying to use FT "
381				"over-the-air");
382			params.auth_alg = WPA_AUTH_ALG_FT;
383			params.ie = wpa_s->sme.ft_ies;
384			params.ie_len = wpa_s->sme.ft_ies_len;
385		}
386	}
387#endif /* CONFIG_IEEE80211R */
388
389#ifdef CONFIG_IEEE80211W
390	wpa_s->sme.mfp = wpas_get_ssid_pmf(wpa_s, ssid);
391	if (wpa_s->sme.mfp != NO_MGMT_FRAME_PROTECTION) {
392		const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
393		struct wpa_ie_data _ie;
394		if (rsn && wpa_parse_wpa_ie(rsn, 2 + rsn[1], &_ie) == 0 &&
395		    _ie.capabilities &
396		    (WPA_CAPABILITY_MFPC | WPA_CAPABILITY_MFPR)) {
397			wpa_dbg(wpa_s, MSG_DEBUG, "SME: Selected AP supports "
398				"MFP: require MFP");
399			wpa_s->sme.mfp = MGMT_FRAME_PROTECTION_REQUIRED;
400		}
401	}
402#endif /* CONFIG_IEEE80211W */
403
404#ifdef CONFIG_P2P
405	if (wpa_s->global->p2p) {
406		u8 *pos;
407		size_t len;
408		int res;
409		pos = wpa_s->sme.assoc_req_ie + wpa_s->sme.assoc_req_ie_len;
410		len = sizeof(wpa_s->sme.assoc_req_ie) -
411			wpa_s->sme.assoc_req_ie_len;
412		res = wpas_p2p_assoc_req_ie(wpa_s, bss, pos, len,
413					    ssid->p2p_group);
414		if (res >= 0)
415			wpa_s->sme.assoc_req_ie_len += res;
416	}
417#endif /* CONFIG_P2P */
418
419#ifdef CONFIG_HS20
420	if (is_hs20_network(wpa_s, ssid, bss)) {
421		struct wpabuf *hs20;
422		hs20 = wpabuf_alloc(20);
423		if (hs20) {
424			int pps_mo_id = hs20_get_pps_mo_id(wpa_s, ssid);
425			size_t len;
426
427			wpas_hs20_add_indication(hs20, pps_mo_id);
428			len = sizeof(wpa_s->sme.assoc_req_ie) -
429				wpa_s->sme.assoc_req_ie_len;
430			if (wpabuf_len(hs20) <= len) {
431				os_memcpy(wpa_s->sme.assoc_req_ie +
432					  wpa_s->sme.assoc_req_ie_len,
433					  wpabuf_head(hs20), wpabuf_len(hs20));
434				wpa_s->sme.assoc_req_ie_len += wpabuf_len(hs20);
435			}
436			wpabuf_free(hs20);
437		}
438	}
439#endif /* CONFIG_HS20 */
440
441#ifdef CONFIG_FST
442	if (wpa_s->fst_ies) {
443		int fst_ies_len = wpabuf_len(wpa_s->fst_ies);
444
445		if (wpa_s->sme.assoc_req_ie_len + fst_ies_len <=
446		    sizeof(wpa_s->sme.assoc_req_ie)) {
447			os_memcpy(wpa_s->sme.assoc_req_ie +
448				  wpa_s->sme.assoc_req_ie_len,
449				  wpabuf_head(wpa_s->fst_ies),
450				  fst_ies_len);
451			wpa_s->sme.assoc_req_ie_len += fst_ies_len;
452		}
453	}
454#endif /* CONFIG_FST */
455
456	ext_capab_len = wpas_build_ext_capab(wpa_s, ext_capab,
457					     sizeof(ext_capab));
458	if (ext_capab_len > 0) {
459		u8 *pos = wpa_s->sme.assoc_req_ie;
460		if (wpa_s->sme.assoc_req_ie_len > 0 && pos[0] == WLAN_EID_RSN)
461			pos += 2 + pos[1];
462		os_memmove(pos + ext_capab_len, pos,
463			   wpa_s->sme.assoc_req_ie_len -
464			   (pos - wpa_s->sme.assoc_req_ie));
465		wpa_s->sme.assoc_req_ie_len += ext_capab_len;
466		os_memcpy(pos, ext_capab, ext_capab_len);
467	}
468
469	if (wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ]) {
470		struct wpabuf *buf = wpa_s->vendor_elem[VENDOR_ELEM_ASSOC_REQ];
471		size_t len;
472
473		len = sizeof(wpa_s->sme.assoc_req_ie) -
474			wpa_s->sme.assoc_req_ie_len;
475		if (wpabuf_len(buf) <= len) {
476			os_memcpy(wpa_s->sme.assoc_req_ie +
477				  wpa_s->sme.assoc_req_ie_len,
478				  wpabuf_head(buf), wpabuf_len(buf));
479			wpa_s->sme.assoc_req_ie_len += wpabuf_len(buf);
480		}
481	}
482
483	sme_auth_handle_rrm(wpa_s, bss);
484
485#ifdef CONFIG_SAE
486	if (!skip_auth && params.auth_alg == WPA_AUTH_ALG_SAE &&
487	    pmksa_cache_set_current(wpa_s->wpa, NULL, bss->bssid, ssid, 0) == 0)
488	{
489		wpa_dbg(wpa_s, MSG_DEBUG,
490			"PMKSA cache entry found - try to use PMKSA caching instead of new SAE authentication");
491		params.auth_alg = WPA_AUTH_ALG_OPEN;
492		wpa_s->sme.sae_pmksa_caching = 1;
493	}
494
495	if (!skip_auth && params.auth_alg == WPA_AUTH_ALG_SAE) {
496		if (start)
497			resp = sme_auth_build_sae_commit(wpa_s, ssid,
498							 bss->bssid);
499		else
500			resp = sme_auth_build_sae_confirm(wpa_s);
501		if (resp == NULL) {
502			wpas_connection_failed(wpa_s, bss->bssid);
503			return;
504		}
505		params.sae_data = wpabuf_head(resp);
506		params.sae_data_len = wpabuf_len(resp);
507		wpa_s->sme.sae.state = start ? SAE_COMMITTED : SAE_CONFIRMED;
508	}
509#endif /* CONFIG_SAE */
510
511	wpa_supplicant_cancel_sched_scan(wpa_s);
512	wpa_supplicant_cancel_scan(wpa_s);
513
514	wpa_msg(wpa_s, MSG_INFO, "SME: Trying to authenticate with " MACSTR
515		" (SSID='%s' freq=%d MHz)", MAC2STR(params.bssid),
516		wpa_ssid_txt(params.ssid, params.ssid_len), params.freq);
517
518	wpa_clear_keys(wpa_s, bss->bssid);
519	wpa_supplicant_set_state(wpa_s, WPA_AUTHENTICATING);
520	old_ssid = wpa_s->current_ssid;
521	wpa_s->current_ssid = ssid;
522	wpa_supplicant_rsn_supp_set_config(wpa_s, wpa_s->current_ssid);
523	wpa_supplicant_initiate_eapol(wpa_s);
524	if (old_ssid != wpa_s->current_ssid)
525		wpas_notify_network_changed(wpa_s);
526
527#ifdef CONFIG_P2P
528	/*
529	 * If multi-channel concurrency is not supported, check for any
530	 * frequency conflict. In case of any frequency conflict, remove the
531	 * least prioritized connection.
532	 */
533	if (wpa_s->num_multichan_concurrent < 2) {
534		int freq, num;
535		num = get_shared_radio_freqs(wpa_s, &freq, 1);
536		if (num > 0 && freq > 0 && freq != params.freq) {
537			wpa_printf(MSG_DEBUG,
538				   "Conflicting frequency found (%d != %d)",
539				   freq, params.freq);
540			if (wpas_p2p_handle_frequency_conflicts(wpa_s,
541								params.freq,
542								ssid) < 0) {
543				wpas_connection_failed(wpa_s, bss->bssid);
544				wpa_supplicant_mark_disassoc(wpa_s);
545				wpabuf_free(resp);
546				wpas_connect_work_done(wpa_s);
547				return;
548			}
549		}
550	}
551#endif /* CONFIG_P2P */
552
553	if (skip_auth) {
554		wpa_msg(wpa_s, MSG_DEBUG,
555			"SME: Skip authentication step on reassoc-to-same-BSS");
556		wpabuf_free(resp);
557		sme_associate(wpa_s, ssid->mode, bss->bssid, WLAN_AUTH_OPEN);
558		return;
559	}
560
561
562	wpa_s->sme.auth_alg = params.auth_alg;
563	if (wpa_drv_authenticate(wpa_s, &params) < 0) {
564		wpa_msg(wpa_s, MSG_INFO, "SME: Authentication request to the "
565			"driver failed");
566		wpas_connection_failed(wpa_s, bss->bssid);
567		wpa_supplicant_mark_disassoc(wpa_s);
568		wpabuf_free(resp);
569		wpas_connect_work_done(wpa_s);
570		return;
571	}
572
573	eloop_register_timeout(SME_AUTH_TIMEOUT, 0, sme_auth_timer, wpa_s,
574			       NULL);
575
576	/*
577	 * Association will be started based on the authentication event from
578	 * the driver.
579	 */
580
581	wpabuf_free(resp);
582}
583
584
585static void sme_auth_start_cb(struct wpa_radio_work *work, int deinit)
586{
587	struct wpa_connect_work *cwork = work->ctx;
588	struct wpa_supplicant *wpa_s = work->wpa_s;
589
590	if (deinit) {
591		if (work->started)
592			wpa_s->connect_work = NULL;
593
594		wpas_connect_work_free(cwork);
595		return;
596	}
597
598	wpa_s->connect_work = work;
599
600	if (cwork->bss_removed ||
601	    !wpas_valid_bss_ssid(wpa_s, cwork->bss, cwork->ssid) ||
602	    wpas_network_disabled(wpa_s, cwork->ssid)) {
603		wpa_dbg(wpa_s, MSG_DEBUG, "SME: BSS/SSID entry for authentication not valid anymore - drop connection attempt");
604		wpas_connect_work_done(wpa_s);
605		return;
606	}
607
608	sme_send_authentication(wpa_s, cwork->bss, cwork->ssid, 1);
609}
610
611
612void sme_authenticate(struct wpa_supplicant *wpa_s,
613		      struct wpa_bss *bss, struct wpa_ssid *ssid)
614{
615	struct wpa_connect_work *cwork;
616
617	if (bss == NULL || ssid == NULL)
618		return;
619	if (wpa_s->connect_work) {
620		wpa_dbg(wpa_s, MSG_DEBUG, "SME: Reject sme_authenticate() call since connect_work exist");
621		return;
622	}
623
624	if (radio_work_pending(wpa_s, "sme-connect")) {
625		/*
626		 * The previous sme-connect work might no longer be valid due to
627		 * the fact that the BSS list was updated. In addition, it makes
628		 * sense to adhere to the 'newer' decision.
629		 */
630		wpa_dbg(wpa_s, MSG_DEBUG,
631			"SME: Remove previous pending sme-connect");
632		radio_remove_works(wpa_s, "sme-connect", 0);
633	}
634
635	cwork = os_zalloc(sizeof(*cwork));
636	if (cwork == NULL)
637		return;
638	cwork->bss = bss;
639	cwork->ssid = ssid;
640	cwork->sme = 1;
641
642#ifdef CONFIG_SAE
643	wpa_s->sme.sae.state = SAE_NOTHING;
644	wpa_s->sme.sae.send_confirm = 0;
645	wpa_s->sme.sae_group_index = 0;
646#endif /* CONFIG_SAE */
647
648	if (radio_add_work(wpa_s, bss->freq, "sme-connect", 1,
649			   sme_auth_start_cb, cwork) < 0)
650		wpas_connect_work_free(cwork);
651}
652
653
654#ifdef CONFIG_SAE
655
656static int sme_sae_auth(struct wpa_supplicant *wpa_s, u16 auth_transaction,
657			u16 status_code, const u8 *data, size_t len)
658{
659	int *groups;
660
661	wpa_dbg(wpa_s, MSG_DEBUG, "SME: SAE authentication transaction %u "
662		"status code %u", auth_transaction, status_code);
663
664	if (auth_transaction == 1 &&
665	    status_code == WLAN_STATUS_ANTI_CLOGGING_TOKEN_REQ &&
666	    wpa_s->sme.sae.state == SAE_COMMITTED &&
667	    wpa_s->current_bss && wpa_s->current_ssid) {
668		int default_groups[] = { 19, 20, 21, 25, 26, 0 };
669		u16 group;
670
671		groups = wpa_s->conf->sae_groups;
672		if (!groups || groups[0] <= 0)
673			groups = default_groups;
674
675		if (len < sizeof(le16)) {
676			wpa_dbg(wpa_s, MSG_DEBUG,
677				"SME: Too short SAE anti-clogging token request");
678			return -1;
679		}
680		group = WPA_GET_LE16(data);
681		wpa_dbg(wpa_s, MSG_DEBUG,
682			"SME: SAE anti-clogging token requested (group %u)",
683			group);
684		if (sae_group_allowed(&wpa_s->sme.sae, groups, group) !=
685		    WLAN_STATUS_SUCCESS) {
686			wpa_dbg(wpa_s, MSG_ERROR,
687				"SME: SAE group %u of anti-clogging request is invalid",
688				group);
689			return -1;
690		}
691		wpabuf_free(wpa_s->sme.sae_token);
692		wpa_s->sme.sae_token = wpabuf_alloc_copy(data + sizeof(le16),
693							 len - sizeof(le16));
694		sme_send_authentication(wpa_s, wpa_s->current_bss,
695					wpa_s->current_ssid, 1);
696		return 0;
697	}
698
699	if (auth_transaction == 1 &&
700	    status_code == WLAN_STATUS_FINITE_CYCLIC_GROUP_NOT_SUPPORTED &&
701	    wpa_s->sme.sae.state == SAE_COMMITTED &&
702	    wpa_s->current_bss && wpa_s->current_ssid) {
703		wpa_dbg(wpa_s, MSG_DEBUG, "SME: SAE group not supported");
704		wpa_s->sme.sae_group_index++;
705		if (sme_set_sae_group(wpa_s) < 0)
706			return -1; /* no other groups enabled */
707		wpa_dbg(wpa_s, MSG_DEBUG, "SME: Try next enabled SAE group");
708		sme_send_authentication(wpa_s, wpa_s->current_bss,
709					wpa_s->current_ssid, 1);
710		return 0;
711	}
712
713	if (status_code != WLAN_STATUS_SUCCESS)
714		return -1;
715
716	if (auth_transaction == 1) {
717		u16 res;
718
719		groups = wpa_s->conf->sae_groups;
720
721		wpa_dbg(wpa_s, MSG_DEBUG, "SME SAE commit");
722		if (wpa_s->current_bss == NULL ||
723		    wpa_s->current_ssid == NULL)
724			return -1;
725		if (wpa_s->sme.sae.state != SAE_COMMITTED)
726			return -1;
727		if (groups && groups[0] <= 0)
728			groups = NULL;
729		res = sae_parse_commit(&wpa_s->sme.sae, data, len, NULL, NULL,
730				       groups);
731		if (res == SAE_SILENTLY_DISCARD) {
732			wpa_printf(MSG_DEBUG,
733				   "SAE: Drop commit message due to reflection attack");
734			return 0;
735		}
736		if (res != WLAN_STATUS_SUCCESS)
737			return -1;
738
739		if (sae_process_commit(&wpa_s->sme.sae) < 0) {
740			wpa_printf(MSG_DEBUG, "SAE: Failed to process peer "
741				   "commit");
742			return -1;
743		}
744
745		wpabuf_free(wpa_s->sme.sae_token);
746		wpa_s->sme.sae_token = NULL;
747		sme_send_authentication(wpa_s, wpa_s->current_bss,
748					wpa_s->current_ssid, 0);
749		return 0;
750	} else if (auth_transaction == 2) {
751		wpa_dbg(wpa_s, MSG_DEBUG, "SME SAE confirm");
752		if (wpa_s->sme.sae.state != SAE_CONFIRMED)
753			return -1;
754		if (sae_check_confirm(&wpa_s->sme.sae, data, len) < 0)
755			return -1;
756		wpa_s->sme.sae.state = SAE_ACCEPTED;
757		sae_clear_temp_data(&wpa_s->sme.sae);
758		return 1;
759	}
760
761	return -1;
762}
763#endif /* CONFIG_SAE */
764
765
766void sme_event_auth(struct wpa_supplicant *wpa_s, union wpa_event_data *data)
767{
768	struct wpa_ssid *ssid = wpa_s->current_ssid;
769
770	if (ssid == NULL) {
771		wpa_dbg(wpa_s, MSG_DEBUG, "SME: Ignore authentication event "
772			"when network is not selected");
773		return;
774	}
775
776	if (wpa_s->wpa_state != WPA_AUTHENTICATING) {
777		wpa_dbg(wpa_s, MSG_DEBUG, "SME: Ignore authentication event "
778			"when not in authenticating state");
779		return;
780	}
781
782	if (os_memcmp(wpa_s->pending_bssid, data->auth.peer, ETH_ALEN) != 0) {
783		wpa_dbg(wpa_s, MSG_DEBUG, "SME: Ignore authentication with "
784			"unexpected peer " MACSTR,
785			MAC2STR(data->auth.peer));
786		return;
787	}
788
789	wpa_dbg(wpa_s, MSG_DEBUG, "SME: Authentication response: peer=" MACSTR
790		" auth_type=%d auth_transaction=%d status_code=%d",
791		MAC2STR(data->auth.peer), data->auth.auth_type,
792		data->auth.auth_transaction, data->auth.status_code);
793	wpa_hexdump(MSG_MSGDUMP, "SME: Authentication response IEs",
794		    data->auth.ies, data->auth.ies_len);
795
796	eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL);
797
798#ifdef CONFIG_SAE
799	if (data->auth.auth_type == WLAN_AUTH_SAE) {
800		int res;
801		res = sme_sae_auth(wpa_s, data->auth.auth_transaction,
802				   data->auth.status_code, data->auth.ies,
803				   data->auth.ies_len);
804		if (res < 0) {
805			wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
806			wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
807
808		}
809		if (res != 1)
810			return;
811
812		wpa_printf(MSG_DEBUG, "SME: SAE completed - setting PMK for "
813			   "4-way handshake");
814		wpa_sm_set_pmk(wpa_s->wpa, wpa_s->sme.sae.pmk, PMK_LEN,
815			       wpa_s->pending_bssid);
816	}
817#endif /* CONFIG_SAE */
818
819	if (data->auth.status_code != WLAN_STATUS_SUCCESS) {
820		char *ie_txt = NULL;
821
822		if (data->auth.ies && data->auth.ies_len) {
823			size_t buflen = 2 * data->auth.ies_len + 1;
824			ie_txt = os_malloc(buflen);
825			if (ie_txt) {
826				wpa_snprintf_hex(ie_txt, buflen, data->auth.ies,
827						 data->auth.ies_len);
828			}
829		}
830		wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_AUTH_REJECT MACSTR
831			" auth_type=%u auth_transaction=%u status_code=%u ie=%s",
832			MAC2STR(data->auth.peer), data->auth.auth_type,
833			data->auth.auth_transaction, data->auth.status_code,
834			ie_txt);
835		os_free(ie_txt);
836
837		if (data->auth.status_code !=
838		    WLAN_STATUS_NOT_SUPPORTED_AUTH_ALG ||
839		    wpa_s->sme.auth_alg == data->auth.auth_type ||
840		    wpa_s->current_ssid->auth_alg == WPA_AUTH_ALG_LEAP) {
841			wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
842			wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
843			return;
844		}
845
846		wpas_connect_work_done(wpa_s);
847
848		switch (data->auth.auth_type) {
849		case WLAN_AUTH_OPEN:
850			wpa_s->current_ssid->auth_alg = WPA_AUTH_ALG_SHARED;
851
852			wpa_dbg(wpa_s, MSG_DEBUG, "SME: Trying SHARED auth");
853			wpa_supplicant_associate(wpa_s, wpa_s->current_bss,
854						 wpa_s->current_ssid);
855			return;
856
857		case WLAN_AUTH_SHARED_KEY:
858			wpa_s->current_ssid->auth_alg = WPA_AUTH_ALG_LEAP;
859
860			wpa_dbg(wpa_s, MSG_DEBUG, "SME: Trying LEAP auth");
861			wpa_supplicant_associate(wpa_s, wpa_s->current_bss,
862						 wpa_s->current_ssid);
863			return;
864
865		default:
866			return;
867		}
868	}
869
870#ifdef CONFIG_IEEE80211R
871	if (data->auth.auth_type == WLAN_AUTH_FT) {
872		if (wpa_ft_process_response(wpa_s->wpa, data->auth.ies,
873					    data->auth.ies_len, 0,
874					    data->auth.peer, NULL, 0) < 0) {
875			wpa_dbg(wpa_s, MSG_DEBUG,
876				"SME: FT Authentication response processing failed");
877			wpa_msg(wpa_s, MSG_INFO, WPA_EVENT_DISCONNECTED "bssid="
878				MACSTR
879				" reason=%d locally_generated=1",
880				MAC2STR(wpa_s->pending_bssid),
881				WLAN_REASON_DEAUTH_LEAVING);
882			wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
883			wpa_supplicant_mark_disassoc(wpa_s);
884			return;
885		}
886	}
887#endif /* CONFIG_IEEE80211R */
888
889	sme_associate(wpa_s, ssid->mode, data->auth.peer,
890		      data->auth.auth_type);
891}
892
893
894void sme_associate(struct wpa_supplicant *wpa_s, enum wpas_mode mode,
895		   const u8 *bssid, u16 auth_type)
896{
897	struct wpa_driver_associate_params params;
898	struct ieee802_11_elems elems;
899#ifdef CONFIG_HT_OVERRIDES
900	struct ieee80211_ht_capabilities htcaps;
901	struct ieee80211_ht_capabilities htcaps_mask;
902#endif /* CONFIG_HT_OVERRIDES */
903#ifdef CONFIG_VHT_OVERRIDES
904	struct ieee80211_vht_capabilities vhtcaps;
905	struct ieee80211_vht_capabilities vhtcaps_mask;
906#endif /* CONFIG_VHT_OVERRIDES */
907
908	os_memset(&params, 0, sizeof(params));
909	params.bssid = bssid;
910	params.ssid = wpa_s->sme.ssid;
911	params.ssid_len = wpa_s->sme.ssid_len;
912	params.freq.freq = wpa_s->sme.freq;
913	params.bg_scan_period = wpa_s->current_ssid ?
914		wpa_s->current_ssid->bg_scan_period : -1;
915	params.wpa_ie = wpa_s->sme.assoc_req_ie_len ?
916		wpa_s->sme.assoc_req_ie : NULL;
917	params.wpa_ie_len = wpa_s->sme.assoc_req_ie_len;
918	params.pairwise_suite = wpa_s->pairwise_cipher;
919	params.group_suite = wpa_s->group_cipher;
920	params.key_mgmt_suite = wpa_s->key_mgmt;
921	params.wpa_proto = wpa_s->wpa_proto;
922#ifdef CONFIG_HT_OVERRIDES
923	os_memset(&htcaps, 0, sizeof(htcaps));
924	os_memset(&htcaps_mask, 0, sizeof(htcaps_mask));
925	params.htcaps = (u8 *) &htcaps;
926	params.htcaps_mask = (u8 *) &htcaps_mask;
927	wpa_supplicant_apply_ht_overrides(wpa_s, wpa_s->current_ssid, &params);
928#endif /* CONFIG_HT_OVERRIDES */
929#ifdef CONFIG_VHT_OVERRIDES
930	os_memset(&vhtcaps, 0, sizeof(vhtcaps));
931	os_memset(&vhtcaps_mask, 0, sizeof(vhtcaps_mask));
932	params.vhtcaps = &vhtcaps;
933	params.vhtcaps_mask = &vhtcaps_mask;
934	wpa_supplicant_apply_vht_overrides(wpa_s, wpa_s->current_ssid, &params);
935#endif /* CONFIG_VHT_OVERRIDES */
936#ifdef CONFIG_IEEE80211R
937	if (auth_type == WLAN_AUTH_FT && wpa_s->sme.ft_ies) {
938		params.wpa_ie = wpa_s->sme.ft_ies;
939		params.wpa_ie_len = wpa_s->sme.ft_ies_len;
940	}
941#endif /* CONFIG_IEEE80211R */
942	params.mode = mode;
943	params.mgmt_frame_protection = wpa_s->sme.mfp;
944	params.rrm_used = wpa_s->rrm.rrm_used;
945	if (wpa_s->sme.prev_bssid_set)
946		params.prev_bssid = wpa_s->sme.prev_bssid;
947
948	wpa_msg(wpa_s, MSG_INFO, "Trying to associate with " MACSTR
949		" (SSID='%s' freq=%d MHz)", MAC2STR(params.bssid),
950		params.ssid ? wpa_ssid_txt(params.ssid, params.ssid_len) : "",
951		params.freq.freq);
952
953	wpa_supplicant_set_state(wpa_s, WPA_ASSOCIATING);
954
955	if (params.wpa_ie == NULL ||
956	    ieee802_11_parse_elems(params.wpa_ie, params.wpa_ie_len, &elems, 0)
957	    < 0) {
958		wpa_dbg(wpa_s, MSG_DEBUG, "SME: Could not parse own IEs?!");
959		os_memset(&elems, 0, sizeof(elems));
960	}
961	if (elems.rsn_ie) {
962		params.wpa_proto = WPA_PROTO_RSN;
963		wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, elems.rsn_ie - 2,
964					elems.rsn_ie_len + 2);
965	} else if (elems.wpa_ie) {
966		params.wpa_proto = WPA_PROTO_WPA;
967		wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, elems.wpa_ie - 2,
968					elems.wpa_ie_len + 2);
969	} else if (elems.osen) {
970		params.wpa_proto = WPA_PROTO_OSEN;
971		wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, elems.osen - 2,
972					elems.osen_len + 2);
973	} else
974		wpa_sm_set_assoc_wpa_ie(wpa_s->wpa, NULL, 0);
975	if (wpa_s->current_ssid && wpa_s->current_ssid->p2p_group)
976		params.p2p = 1;
977
978	if (wpa_s->parent->set_sta_uapsd)
979		params.uapsd = wpa_s->parent->sta_uapsd;
980	else
981		params.uapsd = -1;
982
983	if (wpa_drv_associate(wpa_s, &params) < 0) {
984		wpa_msg(wpa_s, MSG_INFO, "SME: Association request to the "
985			"driver failed");
986		wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
987		wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
988		os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
989		return;
990	}
991
992	eloop_register_timeout(SME_ASSOC_TIMEOUT, 0, sme_assoc_timer, wpa_s,
993			       NULL);
994}
995
996
997int sme_update_ft_ies(struct wpa_supplicant *wpa_s, const u8 *md,
998		      const u8 *ies, size_t ies_len)
999{
1000	if (md == NULL || ies == NULL) {
1001		wpa_dbg(wpa_s, MSG_DEBUG, "SME: Remove mobility domain");
1002		os_free(wpa_s->sme.ft_ies);
1003		wpa_s->sme.ft_ies = NULL;
1004		wpa_s->sme.ft_ies_len = 0;
1005		wpa_s->sme.ft_used = 0;
1006		return 0;
1007	}
1008
1009	os_memcpy(wpa_s->sme.mobility_domain, md, MOBILITY_DOMAIN_ID_LEN);
1010	wpa_hexdump(MSG_DEBUG, "SME: FT IEs", ies, ies_len);
1011	os_free(wpa_s->sme.ft_ies);
1012	wpa_s->sme.ft_ies = os_malloc(ies_len);
1013	if (wpa_s->sme.ft_ies == NULL)
1014		return -1;
1015	os_memcpy(wpa_s->sme.ft_ies, ies, ies_len);
1016	wpa_s->sme.ft_ies_len = ies_len;
1017	return 0;
1018}
1019
1020
1021static void sme_deauth(struct wpa_supplicant *wpa_s)
1022{
1023	int bssid_changed;
1024
1025	bssid_changed = !is_zero_ether_addr(wpa_s->bssid);
1026
1027	if (wpa_drv_deauthenticate(wpa_s, wpa_s->pending_bssid,
1028				   WLAN_REASON_DEAUTH_LEAVING) < 0) {
1029		wpa_msg(wpa_s, MSG_INFO, "SME: Deauth request to the driver "
1030			"failed");
1031	}
1032	wpa_s->sme.prev_bssid_set = 0;
1033
1034	wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
1035	wpa_supplicant_set_state(wpa_s, WPA_DISCONNECTED);
1036	os_memset(wpa_s->bssid, 0, ETH_ALEN);
1037	os_memset(wpa_s->pending_bssid, 0, ETH_ALEN);
1038	if (bssid_changed)
1039		wpas_notify_bssid_changed(wpa_s);
1040}
1041
1042
1043void sme_event_assoc_reject(struct wpa_supplicant *wpa_s,
1044			    union wpa_event_data *data)
1045{
1046	wpa_dbg(wpa_s, MSG_DEBUG, "SME: Association with " MACSTR " failed: "
1047		"status code %d", MAC2STR(wpa_s->pending_bssid),
1048		data->assoc_reject.status_code);
1049
1050	eloop_cancel_timeout(sme_assoc_timer, wpa_s, NULL);
1051
1052#ifdef CONFIG_SAE
1053	if (wpa_s->sme.sae_pmksa_caching && wpa_s->current_ssid &&
1054	    wpa_key_mgmt_sae(wpa_s->current_ssid->key_mgmt)) {
1055		wpa_dbg(wpa_s, MSG_DEBUG,
1056			"PMKSA caching attempt rejected - drop PMKSA cache entry and fall back to SAE authentication");
1057		wpa_sm_aborted_cached(wpa_s->wpa);
1058		wpa_sm_pmksa_cache_flush(wpa_s->wpa, wpa_s->current_ssid);
1059		if (wpa_s->current_bss) {
1060			struct wpa_bss *bss = wpa_s->current_bss;
1061			struct wpa_ssid *ssid = wpa_s->current_ssid;
1062
1063			wpa_drv_deauthenticate(wpa_s, wpa_s->pending_bssid,
1064					       WLAN_REASON_DEAUTH_LEAVING);
1065			wpas_connect_work_done(wpa_s);
1066			wpa_supplicant_mark_disassoc(wpa_s);
1067			wpa_supplicant_connect(wpa_s, bss, ssid);
1068			return;
1069		}
1070	}
1071#endif /* CONFIG_SAE */
1072
1073	/*
1074	 * For now, unconditionally terminate the previous authentication. In
1075	 * theory, this should not be needed, but mac80211 gets quite confused
1076	 * if the authentication is left pending.. Some roaming cases might
1077	 * benefit from using the previous authentication, so this could be
1078	 * optimized in the future.
1079	 */
1080	sme_deauth(wpa_s);
1081}
1082
1083
1084void sme_event_auth_timed_out(struct wpa_supplicant *wpa_s,
1085			      union wpa_event_data *data)
1086{
1087	wpa_dbg(wpa_s, MSG_DEBUG, "SME: Authentication timed out");
1088	wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
1089	wpa_supplicant_mark_disassoc(wpa_s);
1090}
1091
1092
1093void sme_event_assoc_timed_out(struct wpa_supplicant *wpa_s,
1094			       union wpa_event_data *data)
1095{
1096	wpa_dbg(wpa_s, MSG_DEBUG, "SME: Association timed out");
1097	wpas_connection_failed(wpa_s, wpa_s->pending_bssid);
1098	wpa_supplicant_mark_disassoc(wpa_s);
1099}
1100
1101
1102void sme_event_disassoc(struct wpa_supplicant *wpa_s,
1103			struct disassoc_info *info)
1104{
1105	wpa_dbg(wpa_s, MSG_DEBUG, "SME: Disassociation event received");
1106	if (wpa_s->sme.prev_bssid_set) {
1107		/*
1108		 * cfg80211/mac80211 can get into somewhat confused state if
1109		 * the AP only disassociates us and leaves us in authenticated
1110		 * state. For now, force the state to be cleared to avoid
1111		 * confusing errors if we try to associate with the AP again.
1112		 */
1113		wpa_dbg(wpa_s, MSG_DEBUG, "SME: Deauthenticate to clear "
1114			"driver state");
1115		wpa_drv_deauthenticate(wpa_s, wpa_s->sme.prev_bssid,
1116				       WLAN_REASON_DEAUTH_LEAVING);
1117	}
1118}
1119
1120
1121static void sme_auth_timer(void *eloop_ctx, void *timeout_ctx)
1122{
1123	struct wpa_supplicant *wpa_s = eloop_ctx;
1124	if (wpa_s->wpa_state == WPA_AUTHENTICATING) {
1125		wpa_msg(wpa_s, MSG_DEBUG, "SME: Authentication timeout");
1126		sme_deauth(wpa_s);
1127	}
1128}
1129
1130
1131static void sme_assoc_timer(void *eloop_ctx, void *timeout_ctx)
1132{
1133	struct wpa_supplicant *wpa_s = eloop_ctx;
1134	if (wpa_s->wpa_state == WPA_ASSOCIATING) {
1135		wpa_msg(wpa_s, MSG_DEBUG, "SME: Association timeout");
1136		sme_deauth(wpa_s);
1137	}
1138}
1139
1140
1141void sme_state_changed(struct wpa_supplicant *wpa_s)
1142{
1143	/* Make sure timers are cleaned up appropriately. */
1144	if (wpa_s->wpa_state != WPA_ASSOCIATING)
1145		eloop_cancel_timeout(sme_assoc_timer, wpa_s, NULL);
1146	if (wpa_s->wpa_state != WPA_AUTHENTICATING)
1147		eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL);
1148}
1149
1150
1151void sme_disassoc_while_authenticating(struct wpa_supplicant *wpa_s,
1152				       const u8 *prev_pending_bssid)
1153{
1154	/*
1155	 * mac80211-workaround to force deauth on failed auth cmd,
1156	 * requires us to remain in authenticating state to allow the
1157	 * second authentication attempt to be continued properly.
1158	 */
1159	wpa_dbg(wpa_s, MSG_DEBUG, "SME: Allow pending authentication "
1160		"to proceed after disconnection event");
1161	wpa_supplicant_set_state(wpa_s, WPA_AUTHENTICATING);
1162	os_memcpy(wpa_s->pending_bssid, prev_pending_bssid, ETH_ALEN);
1163
1164	/*
1165	 * Re-arm authentication timer in case auth fails for whatever reason.
1166	 */
1167	eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL);
1168	eloop_register_timeout(SME_AUTH_TIMEOUT, 0, sme_auth_timer, wpa_s,
1169			       NULL);
1170}
1171
1172
1173void sme_clear_on_disassoc(struct wpa_supplicant *wpa_s)
1174{
1175	wpa_s->sme.prev_bssid_set = 0;
1176#ifdef CONFIG_SAE
1177	wpabuf_free(wpa_s->sme.sae_token);
1178	wpa_s->sme.sae_token = NULL;
1179	sae_clear_data(&wpa_s->sme.sae);
1180#endif /* CONFIG_SAE */
1181#ifdef CONFIG_IEEE80211R
1182	if (wpa_s->sme.ft_ies)
1183		sme_update_ft_ies(wpa_s, NULL, NULL, 0);
1184#endif /* CONFIG_IEEE80211R */
1185}
1186
1187
1188void sme_deinit(struct wpa_supplicant *wpa_s)
1189{
1190	os_free(wpa_s->sme.ft_ies);
1191	wpa_s->sme.ft_ies = NULL;
1192	wpa_s->sme.ft_ies_len = 0;
1193#ifdef CONFIG_IEEE80211W
1194	sme_stop_sa_query(wpa_s);
1195#endif /* CONFIG_IEEE80211W */
1196	sme_clear_on_disassoc(wpa_s);
1197
1198	eloop_cancel_timeout(sme_assoc_timer, wpa_s, NULL);
1199	eloop_cancel_timeout(sme_auth_timer, wpa_s, NULL);
1200	eloop_cancel_timeout(sme_obss_scan_timeout, wpa_s, NULL);
1201}
1202
1203
1204static void sme_send_2040_bss_coex(struct wpa_supplicant *wpa_s,
1205				   const u8 *chan_list, u8 num_channels,
1206				   u8 num_intol)
1207{
1208	struct ieee80211_2040_bss_coex_ie *bc_ie;
1209	struct ieee80211_2040_intol_chan_report *ic_report;
1210	struct wpabuf *buf;
1211
1212	wpa_printf(MSG_DEBUG, "SME: Send 20/40 BSS Coexistence to " MACSTR
1213		   " (num_channels=%u num_intol=%u)",
1214		   MAC2STR(wpa_s->bssid), num_channels, num_intol);
1215	wpa_hexdump(MSG_DEBUG, "SME: 20/40 BSS Intolerant Channels",
1216		    chan_list, num_channels);
1217
1218	buf = wpabuf_alloc(2 + /* action.category + action_code */
1219			   sizeof(struct ieee80211_2040_bss_coex_ie) +
1220			   sizeof(struct ieee80211_2040_intol_chan_report) +
1221			   num_channels);
1222	if (buf == NULL)
1223		return;
1224
1225	wpabuf_put_u8(buf, WLAN_ACTION_PUBLIC);
1226	wpabuf_put_u8(buf, WLAN_PA_20_40_BSS_COEX);
1227
1228	bc_ie = wpabuf_put(buf, sizeof(*bc_ie));
1229	bc_ie->element_id = WLAN_EID_20_40_BSS_COEXISTENCE;
1230	bc_ie->length = 1;
1231	if (num_intol)
1232		bc_ie->coex_param |= WLAN_20_40_BSS_COEX_20MHZ_WIDTH_REQ;
1233
1234	if (num_channels > 0) {
1235		ic_report = wpabuf_put(buf, sizeof(*ic_report));
1236		ic_report->element_id = WLAN_EID_20_40_BSS_INTOLERANT;
1237		ic_report->length = num_channels + 1;
1238		ic_report->op_class = 0;
1239		os_memcpy(wpabuf_put(buf, num_channels), chan_list,
1240			  num_channels);
1241	}
1242
1243	if (wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
1244				wpa_s->own_addr, wpa_s->bssid,
1245				wpabuf_head(buf), wpabuf_len(buf), 0) < 0) {
1246		wpa_msg(wpa_s, MSG_INFO,
1247			"SME: Failed to send 20/40 BSS Coexistence frame");
1248	}
1249
1250	wpabuf_free(buf);
1251}
1252
1253
1254int sme_proc_obss_scan(struct wpa_supplicant *wpa_s)
1255{
1256	struct wpa_bss *bss;
1257	const u8 *ie;
1258	u16 ht_cap;
1259	u8 chan_list[P2P_MAX_CHANNELS], channel;
1260	u8 num_channels = 0, num_intol = 0, i;
1261
1262	if (!wpa_s->sme.sched_obss_scan)
1263		return 0;
1264
1265	wpa_s->sme.sched_obss_scan = 0;
1266	if (!wpa_s->current_bss || wpa_s->wpa_state != WPA_COMPLETED)
1267		return 1;
1268
1269	/*
1270	 * Check whether AP uses regulatory triplet or channel triplet in
1271	 * country info. Right now the operating class of the BSS channel
1272	 * width trigger event is "unknown" (IEEE Std 802.11-2012 10.15.12),
1273	 * based on the assumption that operating class triplet is not used in
1274	 * beacon frame. If the First Channel Number/Operating Extension
1275	 * Identifier octet has a positive integer value of 201 or greater,
1276	 * then its operating class triplet.
1277	 *
1278	 * TODO: If Supported Operating Classes element is present in beacon
1279	 * frame, have to lookup operating class in Annex E and fill them in
1280	 * 2040 coex frame.
1281	 */
1282	ie = wpa_bss_get_ie(wpa_s->current_bss, WLAN_EID_COUNTRY);
1283	if (ie && (ie[1] >= 6) && (ie[5] >= 201))
1284		return 1;
1285
1286	os_memset(chan_list, 0, sizeof(chan_list));
1287
1288	dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
1289		/* Skip other band bss */
1290		enum hostapd_hw_mode mode;
1291		mode = ieee80211_freq_to_chan(bss->freq, &channel);
1292		if (mode != HOSTAPD_MODE_IEEE80211G &&
1293		    mode != HOSTAPD_MODE_IEEE80211B)
1294			continue;
1295
1296		ie = wpa_bss_get_ie(bss, WLAN_EID_HT_CAP);
1297		ht_cap = (ie && (ie[1] == 26)) ? WPA_GET_LE16(ie + 2) : 0;
1298		wpa_printf(MSG_DEBUG, "SME OBSS scan BSS " MACSTR
1299			   " freq=%u chan=%u ht_cap=0x%x",
1300			   MAC2STR(bss->bssid), bss->freq, channel, ht_cap);
1301
1302		if (!ht_cap || (ht_cap & HT_CAP_INFO_40MHZ_INTOLERANT)) {
1303			if (ht_cap & HT_CAP_INFO_40MHZ_INTOLERANT)
1304				num_intol++;
1305
1306			/* Check whether the channel is already considered */
1307			for (i = 0; i < num_channels; i++) {
1308				if (channel == chan_list[i])
1309					break;
1310			}
1311			if (i != num_channels)
1312				continue;
1313
1314			chan_list[num_channels++] = channel;
1315		}
1316	}
1317
1318	sme_send_2040_bss_coex(wpa_s, chan_list, num_channels, num_intol);
1319	return 1;
1320}
1321
1322
1323static struct hostapd_hw_modes * get_mode(struct hostapd_hw_modes *modes,
1324					  u16 num_modes,
1325					  enum hostapd_hw_mode mode)
1326{
1327	u16 i;
1328
1329	for (i = 0; i < num_modes; i++) {
1330		if (modes[i].mode == mode)
1331			return &modes[i];
1332	}
1333
1334	return NULL;
1335}
1336
1337
1338static void wpa_obss_scan_freqs_list(struct wpa_supplicant *wpa_s,
1339				     struct wpa_driver_scan_params *params)
1340{
1341	/* Include only affected channels */
1342	struct hostapd_hw_modes *mode;
1343	int count, i;
1344	int start, end;
1345
1346	mode = get_mode(wpa_s->hw.modes, wpa_s->hw.num_modes,
1347			HOSTAPD_MODE_IEEE80211G);
1348	if (mode == NULL) {
1349		/* No channels supported in this band - use empty list */
1350		params->freqs = os_zalloc(sizeof(int));
1351		return;
1352	}
1353
1354	if (wpa_s->sme.ht_sec_chan == HT_SEC_CHAN_UNKNOWN &&
1355	    wpa_s->current_bss) {
1356		const u8 *ie;
1357
1358		ie = wpa_bss_get_ie(wpa_s->current_bss, WLAN_EID_HT_OPERATION);
1359		if (ie && ie[1] >= 2) {
1360			u8 o;
1361
1362			o = ie[3] & HT_INFO_HT_PARAM_SECONDARY_CHNL_OFF_MASK;
1363			if (o == HT_INFO_HT_PARAM_SECONDARY_CHNL_ABOVE)
1364				wpa_s->sme.ht_sec_chan = HT_SEC_CHAN_ABOVE;
1365			else if (o == HT_INFO_HT_PARAM_SECONDARY_CHNL_BELOW)
1366				wpa_s->sme.ht_sec_chan = HT_SEC_CHAN_BELOW;
1367		}
1368	}
1369
1370	start = wpa_s->assoc_freq - 10;
1371	end = wpa_s->assoc_freq + 10;
1372	switch (wpa_s->sme.ht_sec_chan) {
1373	case HT_SEC_CHAN_UNKNOWN:
1374		/* HT40+ possible on channels 1..9 */
1375		if (wpa_s->assoc_freq <= 2452)
1376			start -= 20;
1377		/* HT40- possible on channels 5-13 */
1378		if (wpa_s->assoc_freq >= 2432)
1379			end += 20;
1380		break;
1381	case HT_SEC_CHAN_ABOVE:
1382		end += 20;
1383		break;
1384	case HT_SEC_CHAN_BELOW:
1385		start -= 20;
1386		break;
1387	}
1388	wpa_printf(MSG_DEBUG,
1389		   "OBSS: assoc_freq %d possible affected range %d-%d",
1390		   wpa_s->assoc_freq, start, end);
1391
1392	params->freqs = os_calloc(mode->num_channels + 1, sizeof(int));
1393	if (params->freqs == NULL)
1394		return;
1395	for (count = 0, i = 0; i < mode->num_channels; i++) {
1396		int freq;
1397
1398		if (mode->channels[i].flag & HOSTAPD_CHAN_DISABLED)
1399			continue;
1400		freq = mode->channels[i].freq;
1401		if (freq - 10 >= end || freq + 10 <= start)
1402			continue; /* not affected */
1403		params->freqs[count++] = freq;
1404	}
1405}
1406
1407
1408static void sme_obss_scan_timeout(void *eloop_ctx, void *timeout_ctx)
1409{
1410	struct wpa_supplicant *wpa_s = eloop_ctx;
1411	struct wpa_driver_scan_params params;
1412
1413	if (!wpa_s->current_bss) {
1414		wpa_printf(MSG_DEBUG, "SME OBSS: Ignore scan request");
1415		return;
1416	}
1417
1418	os_memset(&params, 0, sizeof(params));
1419	wpa_obss_scan_freqs_list(wpa_s, &params);
1420	params.low_priority = 1;
1421	wpa_printf(MSG_DEBUG, "SME OBSS: Request an OBSS scan");
1422
1423	if (wpa_supplicant_trigger_scan(wpa_s, &params))
1424		wpa_printf(MSG_DEBUG, "SME OBSS: Failed to trigger scan");
1425	else
1426		wpa_s->sme.sched_obss_scan = 1;
1427	os_free(params.freqs);
1428
1429	eloop_register_timeout(wpa_s->sme.obss_scan_int, 0,
1430			       sme_obss_scan_timeout, wpa_s, NULL);
1431}
1432
1433
1434void sme_sched_obss_scan(struct wpa_supplicant *wpa_s, int enable)
1435{
1436	const u8 *ie;
1437	struct wpa_bss *bss = wpa_s->current_bss;
1438	struct wpa_ssid *ssid = wpa_s->current_ssid;
1439	struct hostapd_hw_modes *hw_mode = NULL;
1440	int i;
1441
1442	eloop_cancel_timeout(sme_obss_scan_timeout, wpa_s, NULL);
1443	wpa_s->sme.sched_obss_scan = 0;
1444	wpa_s->sme.ht_sec_chan = HT_SEC_CHAN_UNKNOWN;
1445	if (!enable)
1446		return;
1447
1448	/*
1449	 * Schedule OBSS scan if driver is using station SME in wpa_supplicant
1450	 * or it expects OBSS scan to be performed by wpa_supplicant.
1451	 */
1452	if (!((wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME) ||
1453	      (wpa_s->drv_flags & WPA_DRIVER_FLAGS_OBSS_SCAN)) ||
1454	    ssid == NULL || ssid->mode != IEEE80211_MODE_INFRA)
1455		return;
1456
1457	if (!wpa_s->hw.modes)
1458		return;
1459
1460	/* only HT caps in 11g mode are relevant */
1461	for (i = 0; i < wpa_s->hw.num_modes; i++) {
1462		hw_mode = &wpa_s->hw.modes[i];
1463		if (hw_mode->mode == HOSTAPD_MODE_IEEE80211G)
1464			break;
1465	}
1466
1467	/* Driver does not support HT40 for 11g or doesn't have 11g. */
1468	if (i == wpa_s->hw.num_modes || !hw_mode ||
1469	    !(hw_mode->ht_capab & HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET))
1470		return;
1471
1472	if (bss == NULL || bss->freq < 2400 || bss->freq > 2500)
1473		return; /* Not associated on 2.4 GHz band */
1474
1475	/* Check whether AP supports HT40 */
1476	ie = wpa_bss_get_ie(wpa_s->current_bss, WLAN_EID_HT_CAP);
1477	if (!ie || ie[1] < 2 ||
1478	    !(WPA_GET_LE16(ie + 2) & HT_CAP_INFO_SUPP_CHANNEL_WIDTH_SET))
1479		return; /* AP does not support HT40 */
1480
1481	ie = wpa_bss_get_ie(wpa_s->current_bss,
1482			    WLAN_EID_OVERLAPPING_BSS_SCAN_PARAMS);
1483	if (!ie || ie[1] < 14)
1484		return; /* AP does not request OBSS scans */
1485
1486	wpa_s->sme.obss_scan_int = WPA_GET_LE16(ie + 6);
1487	if (wpa_s->sme.obss_scan_int < 10) {
1488		wpa_printf(MSG_DEBUG, "SME: Invalid OBSS Scan Interval %u "
1489			   "replaced with the minimum 10 sec",
1490			   wpa_s->sme.obss_scan_int);
1491		wpa_s->sme.obss_scan_int = 10;
1492	}
1493	wpa_printf(MSG_DEBUG, "SME: OBSS Scan Interval %u sec",
1494		   wpa_s->sme.obss_scan_int);
1495	eloop_register_timeout(wpa_s->sme.obss_scan_int, 0,
1496			       sme_obss_scan_timeout, wpa_s, NULL);
1497}
1498
1499
1500#ifdef CONFIG_IEEE80211W
1501
1502static const unsigned int sa_query_max_timeout = 1000;
1503static const unsigned int sa_query_retry_timeout = 201;
1504
1505static int sme_check_sa_query_timeout(struct wpa_supplicant *wpa_s)
1506{
1507	u32 tu;
1508	struct os_reltime now, passed;
1509	os_get_reltime(&now);
1510	os_reltime_sub(&now, &wpa_s->sme.sa_query_start, &passed);
1511	tu = (passed.sec * 1000000 + passed.usec) / 1024;
1512	if (sa_query_max_timeout < tu) {
1513		wpa_dbg(wpa_s, MSG_DEBUG, "SME: SA Query timed out");
1514		sme_stop_sa_query(wpa_s);
1515		wpa_supplicant_deauthenticate(
1516			wpa_s, WLAN_REASON_PREV_AUTH_NOT_VALID);
1517		return 1;
1518	}
1519
1520	return 0;
1521}
1522
1523
1524static void sme_send_sa_query_req(struct wpa_supplicant *wpa_s,
1525				  const u8 *trans_id)
1526{
1527	u8 req[2 + WLAN_SA_QUERY_TR_ID_LEN];
1528	wpa_dbg(wpa_s, MSG_DEBUG, "SME: Sending SA Query Request to "
1529		MACSTR, MAC2STR(wpa_s->bssid));
1530	wpa_hexdump(MSG_DEBUG, "SME: SA Query Transaction ID",
1531		    trans_id, WLAN_SA_QUERY_TR_ID_LEN);
1532	req[0] = WLAN_ACTION_SA_QUERY;
1533	req[1] = WLAN_SA_QUERY_REQUEST;
1534	os_memcpy(req + 2, trans_id, WLAN_SA_QUERY_TR_ID_LEN);
1535	if (wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0, wpa_s->bssid,
1536				wpa_s->own_addr, wpa_s->bssid,
1537				req, sizeof(req), 0) < 0)
1538		wpa_msg(wpa_s, MSG_INFO, "SME: Failed to send SA Query "
1539			"Request");
1540}
1541
1542
1543static void sme_sa_query_timer(void *eloop_ctx, void *timeout_ctx)
1544{
1545	struct wpa_supplicant *wpa_s = eloop_ctx;
1546	unsigned int timeout, sec, usec;
1547	u8 *trans_id, *nbuf;
1548
1549	if (wpa_s->sme.sa_query_count > 0 &&
1550	    sme_check_sa_query_timeout(wpa_s))
1551		return;
1552
1553	nbuf = os_realloc_array(wpa_s->sme.sa_query_trans_id,
1554				wpa_s->sme.sa_query_count + 1,
1555				WLAN_SA_QUERY_TR_ID_LEN);
1556	if (nbuf == NULL)
1557		return;
1558	if (wpa_s->sme.sa_query_count == 0) {
1559		/* Starting a new SA Query procedure */
1560		os_get_reltime(&wpa_s->sme.sa_query_start);
1561	}
1562	trans_id = nbuf + wpa_s->sme.sa_query_count * WLAN_SA_QUERY_TR_ID_LEN;
1563	wpa_s->sme.sa_query_trans_id = nbuf;
1564	wpa_s->sme.sa_query_count++;
1565
1566	if (os_get_random(trans_id, WLAN_SA_QUERY_TR_ID_LEN) < 0) {
1567		wpa_printf(MSG_DEBUG, "Could not generate SA Query ID");
1568		return;
1569	}
1570
1571	timeout = sa_query_retry_timeout;
1572	sec = ((timeout / 1000) * 1024) / 1000;
1573	usec = (timeout % 1000) * 1024;
1574	eloop_register_timeout(sec, usec, sme_sa_query_timer, wpa_s, NULL);
1575
1576	wpa_dbg(wpa_s, MSG_DEBUG, "SME: Association SA Query attempt %d",
1577		wpa_s->sme.sa_query_count);
1578
1579	sme_send_sa_query_req(wpa_s, trans_id);
1580}
1581
1582
1583static void sme_start_sa_query(struct wpa_supplicant *wpa_s)
1584{
1585	sme_sa_query_timer(wpa_s, NULL);
1586}
1587
1588
1589static void sme_stop_sa_query(struct wpa_supplicant *wpa_s)
1590{
1591	eloop_cancel_timeout(sme_sa_query_timer, wpa_s, NULL);
1592	os_free(wpa_s->sme.sa_query_trans_id);
1593	wpa_s->sme.sa_query_trans_id = NULL;
1594	wpa_s->sme.sa_query_count = 0;
1595}
1596
1597
1598void sme_event_unprot_disconnect(struct wpa_supplicant *wpa_s, const u8 *sa,
1599				 const u8 *da, u16 reason_code)
1600{
1601	struct wpa_ssid *ssid;
1602	struct os_reltime now;
1603
1604	if (wpa_s->wpa_state != WPA_COMPLETED)
1605		return;
1606	ssid = wpa_s->current_ssid;
1607	if (wpas_get_ssid_pmf(wpa_s, ssid) == NO_MGMT_FRAME_PROTECTION)
1608		return;
1609	if (os_memcmp(sa, wpa_s->bssid, ETH_ALEN) != 0)
1610		return;
1611	if (reason_code != WLAN_REASON_CLASS2_FRAME_FROM_NONAUTH_STA &&
1612	    reason_code != WLAN_REASON_CLASS3_FRAME_FROM_NONASSOC_STA)
1613		return;
1614	if (wpa_s->sme.sa_query_count > 0)
1615		return;
1616
1617	os_get_reltime(&now);
1618	if (wpa_s->sme.last_unprot_disconnect.sec &&
1619	    !os_reltime_expired(&now, &wpa_s->sme.last_unprot_disconnect, 10))
1620		return; /* limit SA Query procedure frequency */
1621	wpa_s->sme.last_unprot_disconnect = now;
1622
1623	wpa_dbg(wpa_s, MSG_DEBUG, "SME: Unprotected disconnect dropped - "
1624		"possible AP/STA state mismatch - trigger SA Query");
1625	sme_start_sa_query(wpa_s);
1626}
1627
1628
1629void sme_sa_query_rx(struct wpa_supplicant *wpa_s, const u8 *sa,
1630		     const u8 *data, size_t len)
1631{
1632	int i;
1633
1634	if (wpa_s->sme.sa_query_trans_id == NULL ||
1635	    len < 1 + WLAN_SA_QUERY_TR_ID_LEN ||
1636	    data[0] != WLAN_SA_QUERY_RESPONSE)
1637		return;
1638	wpa_dbg(wpa_s, MSG_DEBUG, "SME: Received SA Query response from "
1639		MACSTR " (trans_id %02x%02x)", MAC2STR(sa), data[1], data[2]);
1640
1641	if (os_memcmp(sa, wpa_s->bssid, ETH_ALEN) != 0)
1642		return;
1643
1644	for (i = 0; i < wpa_s->sme.sa_query_count; i++) {
1645		if (os_memcmp(wpa_s->sme.sa_query_trans_id +
1646			      i * WLAN_SA_QUERY_TR_ID_LEN,
1647			      data + 1, WLAN_SA_QUERY_TR_ID_LEN) == 0)
1648			break;
1649	}
1650
1651	if (i >= wpa_s->sme.sa_query_count) {
1652		wpa_dbg(wpa_s, MSG_DEBUG, "SME: No matching SA Query "
1653			"transaction identifier found");
1654		return;
1655	}
1656
1657	wpa_dbg(wpa_s, MSG_DEBUG, "SME: Reply to pending SA Query received "
1658		"from " MACSTR, MAC2STR(sa));
1659	sme_stop_sa_query(wpa_s);
1660}
1661
1662#endif /* CONFIG_IEEE80211W */
1663