Commit graph

1878 commits

Author SHA1 Message Date
Jouni Malinen
53c9fc1df6 Interworking: Share ANQP data within homogenous ESS
If two BSS entries have the same HESSID and SSID, share the fetched ANQP
information between these BSS entries to save memory and GAS/ANQP
operations.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-04 17:22:42 +03:00
Jouni Malinen
c739d7e968 Interworking: Store HESSID in BSS entry
This makes it more convenient to match BSS entries that belong to the
same homogenous ESS.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-04 17:08:58 +03:00
Jouni Malinen
7e414b21c2 Interworking: Allow EAP-SIM/AKA/AKA' override in cred block
The eap parameter in the cred block can now be used to override
automatic EAP-SIM/AKA/AKA' selection.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-04 16:50:52 +03:00
Jouni Malinen
476aed355a Interworking: Move BSS ANQP information into separate struct
This is an initial step in allowing the ANQP responses to be shared
among multiple BSSes if the BSSes are determined to be operating under
identical configuration.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-04 16:22:35 +03:00
Deepthi Gowri
59ff6653aa Fix REMOVE_NETWORK to not run operations with invalid current_ssid
If the REMOVE_NETWORK command is used to delete the currently connected
network, some operations were run between removing the network and
clearing of wpa_s->current_ssid. This left wpa_s->current_ssid pointing
to freed memory and should any operation end up using it before the
pointer gets cleared, freed memory could be references. Avoid this by
removing the network only after having completed the operations that
clear wpa_s->current_ssid.

Signed-hostap: Deepthi Gowri <deepthi@codeaurora.org>
intended-for: hostap-1
2012-09-03 11:55:38 +03:00
Jouni Malinen
7ff833674b Interworking: Fetch only the needed ANQP information
Use configured credentials to figure out which ANQP information needs to
be fetched and only fetch those when using Interworking network
selection. The fetch_anqp command is still fetching all ANQP
information.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-02 21:05:54 +03:00
Jouni Malinen
a594e2a9ab Interworking: Skip extra scan after network auto-select
If the scan results from before ANQP fetch are fresh (less than five
seconds old), do not run a new scan when selecting the BSS after having
used Interworking network selection.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-02 20:18:48 +03:00
Jouni Malinen
620c783753 Use BSS entries instead of scan results for BSS selection
This allows the BSS selection functions to be called without having the
scan result data structure. This can be used to skip extra scans in
cases where previous results can be considered fresh.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-02 19:56:57 +03:00
Jouni Malinen
cf8baca6a5 BSS: Add wpa_bss_get_vendor_ie_multi_beacon()
This can be used to fetch vendor IEs from Beacon frames.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-02 19:54:42 +03:00
Jouni Malinen
a297201df1 Maintain list of BSS entries in last scan result order
This allows last results to be used even after they have been freed
since the information is copied to the BSS entries anyway and this new
array provides the order in which scan results were processed.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-02 19:53:15 +03:00
Jouni Malinen
20ed5e40ba Use BSS table instead of scan results in need-to-roam determination
The same information is available in the BSS table, so we can reduce the
need for using the raw scan results in wpa_supplicant_need_to_roam().

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-02 17:39:35 +03:00
Jouni Malinen
e026159a8e EAP-SIM/AKA: Store pseudonym identity in configuration
Use the anonymous_identity field to store EAP-SIM/AKA pseudonym identity
so that this can be maintained between EAP sessions (e.g., after
wpa_supplicant restart) even if fast re-authentication data was cleared.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-02 13:04:18 +03:00
Jouni Malinen
bcdf2096bd SME: Fix disconnec-while-authenticating
Commit 0d30cc240f forced
wpa_s->current_ssid to be cleared in wpa_supplicant_mark_disassoc()
which gets called from wpa_supplicant_event_disassoc(). This broke SME
disassoc-while-authenticating workaround for cfg80211. Fix this by
restoring wpa_s->current_ssid in case SME authentication is in progress.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-01 17:20:27 +03:00
Jouni Malinen
0aadd5682f Fix disconnection event processing
Commit 0d30cc240f forced
wpa_s->current_ssid and wpa_s->key_mgmt to be cleared in
wpa_supplicant_mark_disassoc() which gets called from
wpa_supplicant_event_disassoc(). This broke IEEE 802.1X authentication
failure processing and P2P deauthentication notification (group
termination).

Fix this by splitting wpa_supplicant_event_disassoc() into two parts and
make wpas_p2p_deauth_notif() indicate whether the interface was removed.
If so, the last part of disassocition event processing is skipped. Since
the wpa_supplicant_mark_disassoc() call is in the second part, the above
mentioned issues are resolved. In addition, this cleans up the P2P group
interface removal case by not trying to use fast reconnection mechanism
just before the interface gets removed.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-31 22:04:41 +03:00
Jouni Malinen
6f1ca696c7 P2P: Do not fail p2p_group_remove just based on current_ssid
The wpa_s->current_ssid pointer may get cleared, e.g., when
disconnected. Commit 30ee769235 made
wpas_p2p_group_delete() exit early before removing a P2P interface in
this type of case. That can cause number of issues from p2p_group_remove
command failing to busy loop when terminating wpa_supplicant if there is
a P2P group interface in client mode and that interface happens to be in
disconnected state. Fix these issues by allowing wpas_p2p_group_delete()
remove the P2P group interface regardless of whether wpa_s->currnt_ssid
is set.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-31 21:35:32 +03:00
Jouni Malinen
4d32c0c44d P2P: Allow p2p_invite-persistent to specify channel for GO
The freq and ht40 parameters can now be used with the p2p_invite
command when reinvoking a persistent group as the GO.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-31 21:20:51 +03:00
Jouni Malinen
55d834e172 Android: Add Wi-Fi Display into the makefile
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-31 18:34:32 +03:00
Jouni Malinen
43323e43d3 Android: Include Hotspot 2.0 support in the default build
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-31 18:34:30 +03:00
Jouni Malinen
50cfe0e1cb Android: Add new keystore include path for JB
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-31 18:34:27 +03:00
Jouni Malinen
7b1aa4fe30 Move variable declaration into the beginning of function
The variables used within the #ifndef block here needs to be defined in
the beginning of the function to avoid issues with some compilers.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-30 00:37:59 +03:00
Jouni Malinen
1f3a3ec4a4 Interworking: Fix build without CONFIG_PCSC=y
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-30 00:35:53 +03:00
Jouni Malinen
6ffdc2f7bd WFD: Add preliminary WSD request processing and response
This commit does not yet address support for different device roles,
i.e., the same set of subelements are returned regardless of which
role was indicated in the request.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-29 19:51:29 +03:00
Jouni Malinen
347d6a5b76 WFD: Add support for sending Wi-Fi Display service discovery requests
wpa_cli p2p_serv_disc_req command can now be used to request WSD
request to be sent to specified or all peers who support WSD.

format: wifi-display <list of roles> <list of subelements>
examples:
p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [source] 2,3,4,5
p2p_serv_disc_req 02:01:02:03:04:05 wifi-display [pri-sink] 3
p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [sec-source] 2
p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [source+sink] 2,3,4,5
p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [source][pri-sink] 2,3,4,5

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-29 19:51:29 +03:00
Jouni Malinen
337c781f9c WFD: Add wfd_subelems hexdump in BSS ctrl_iface command output
This makes it easier to parse the WFD subelements from scan results.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-29 19:51:29 +03:00
Jouni Malinen
9675ce354a WFD: Add Wi-Fi Display support
This commit adds control interface commands and internal storage of
Wi-Fi Display related configuration. In addition, WFD IE is now added
to various P2P frames, Probe Request/Response, and (Re)Association
Request/Response frames. WFD subelements from peers are stored in the
P2P peer table.

Following control interface commands are now available:
SET wifi_display <0/1>
GET wifi_display
WFD_SUBELEM_SET <subelem> [hexdump of length+body]
WFD_SUBELEM_GET <subelem>

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-29 19:51:29 +03:00
Jouni Malinen
eb7719ff22 Add support for using GCMP cipher from IEEE 802.11ad
This allows both hostapd and wpa_supplicant to be used to derive and
configure keys for GCMP. This is quite similar to CCMP key
configuration, but a different cipher suite and somewhat different rules
are used in cipher selection. It should be noted that GCMP is not
included in default parameters at least for now, so explicit
pairwise/group configuration is needed to enable it. This may change in
the future to allow GCMP to be selected automatically in cases where
CCMP could have been used.

This commit does not included changes to WPS or P2P to allow GCMP to be
used.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-29 11:52:15 +03:00
Jouni Malinen
01335e2c8d wpa_cli: Add tab completion for p2p_find
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-28 17:38:53 +03:00
Jouni Malinen
e4f6873cce wpa_cli: Fix tab completion
Commit b49039bda9 redesigned tab
completion, but added the new call to completion functions into wrong
location. This needs to be done within the loop to find the correct
completion function.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-28 17:25:09 +03:00
Jouni Malinen
4d5bda5fca Interworking: Add optional use of network selection on normal scans
auto_interworking=1 configuration parameter can be used to request
wpa_supplicant to use Interworking network selection automatically as a
part of the normal (non-Interworking) network selection if the scan
results do not match with enabled networks. This makes scanning work
similarly to the "interworking_select auto" command.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-28 16:14:13 +03:00
Jouni Malinen
b1f122964e Add generic GAS request mechanism
The new gas_request and gas_response_get commands can be used to request
arbitary GAS queries to be performed. These can be used with ANQP or
with other (including vendor specific) advertisement protocols.

gas_request <BSSID> <AdvProtoID> [Query]
gas_response_get <addr> <dialog token> [offset,length]

For example, ANQP query for Capability list in interactive wpa_cli
session:

> gas_request 02:00:00:00:01:00 00 000102000101
<3>GAS-RESPONSE-INFO addr=02:00:00:00:01:00 dialog_token=0
status_code=0 resp_len=32
> gas_response_get 02:00:00:00:01:00 00
01011c00010102010501070108010c01dddd0c00506f9a110200020304050607
> gas_response_get 02:00:00:00:01:00 00 0,10
01011c00010102010501
> gas_response_get 02:00:00:00:01:00 00 10,10
070108010c01dddd0c00
> gas_response_get 02:00:00:00:01:00 00 20,10
506f9a11020002030405
> gas_response_get 02:00:00:00:01:00 00 30,2
0607

It should be noted that the maximum length of the response buffer is
currently 4096 bytes which allows about 2000 bytes of the response data
to be fetched with a single gas_response_get command. If the response is
longer, it can be fetched in pieces as shown in the example above.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-27 18:13:10 +03:00
Jouni Malinen
a462036a47 WPS: Allow AP that becomes active be tried immediately
Clear the possible blacklisting of a WPS AP during WPS PIN iteration if
the AP moves to selected registrar TRUE state or if it adds our MAC
address to the list of authorized MACs.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-27 13:51:35 +03:00
Jouni Malinen
f9f0526bcd WPS: Maintain more AP state during WPS PIN iteration
Maintain state of WPS APs during iteration to find the correct AP for
WPS PIN operation when no specific BSSID is specified. This information
can be used for optimizing the order in which the APs are tried. This
commit is only adding the collection of the information and more
detailed debug information to make debug logs more helpful in figuring
out how the AP selection order could be improved.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-27 13:48:11 +03:00
Jouni Malinen
0d30cc240f Clear current_ssid and key_mgmt when disconnected
This makes wpa_supplicant state somewhat cleaner since the information
from previously used connection is not maintained after getting
disconnected.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-26 23:35:08 +03:00
Jouni Malinen
00e5e3d509 Disable network block temporarily on authentication failures
If 4-way handshake fails due to likely PSK failure or if EAP
authentication fails, disable the network block temporarily. Use longer
duration if multiple consecutive failures are seen.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-26 23:35:07 +03:00
Jouni Malinen
2af4d404a8 wpa_cli: Add optional argument for the help command
"help <cmd>" can now be used to print the usage text for the
specified command (or set of commands matching the prefix).

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-26 23:35:07 +03:00
Jouni Malinen
b49039bda9 wpa_cli: Add tab completion function into the command table
Instead of using a separate list of commands, use the main command table
to assign tab completion functions. In addition, use the existing BSS
and P2P peer completions functions with the commands that use BSSID or
P2P Device address the first argument.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-26 23:35:07 +03:00
Jouni Malinen
632c9458c4 Interworking: Fix home SP check with real SIM card
The NAI building routine assumed that the credential included the IMSI,
but that is not the case when using a real SIM card. Build the NAI based
on the IMSI read for the card in such a case.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-26 23:35:04 +03:00
Jouni Malinen
8f23401281 Interworking: Fix PLMN matching with multiple entries
The pos variable was not advanced when comparing PLMN entries in
3GPP Cellular Network information and as such, only the first
entry was really used.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-08-26 20:37:11 +03:00
Jouni Malinen
27b80b5b4c wpa_cli: Add a 'raw' command for sending unprocessed data
This can be used to test new control interface commands and to use
commands that may not yet be supported by wpa_cli.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-25 13:33:29 +03:00
Dmitry Shmidt
39ee845f92 wpa_supplicant: Add bss_flush command to invalidate scan results
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2012-08-25 10:23:22 +03:00
Jouni Malinen
bf428a739c P2P: Fix memory leak with driver-based P2P management
If the P2P management operations are handled within the driver, the
P2P service entries were not freed when terminating wpa_supplicant.
Fix this by calling wpas_p2p_service_flush() even if the P2P module
within wpa_supplicant has not been initialized.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-24 20:45:22 +03:00
Jouni Malinen
b4a5dfa95d P2P: Limit maximum number of stored P2P clients to 100
This limits the maximum size of the p2p_client_list parameter that
is maintained at the GO for a persistent group. In other words, only
the 100 most recently seen P2P clients are kept in the list.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1
2012-08-24 00:25:14 +03:00
Jouni Malinen
223167956c Improve p2p_client_list updates in configuration file
This list can get truncated due to too many addresses getting added.
Reorder the entries in a way that allows the most recently added values
to be maintained in the list and use better debug/error messages when
parsing the value.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1
2012-08-24 00:25:14 +03:00
Jouni Malinen
d42bc5e178 Handle long configuration file lines more gracefully
Skip the end of long configuration lines that get truncated in
wpa_config_get_line(). Without this, the rest of the file was being
parsed as another line and that resulted in an unexpected error
message (wrong line number and wrong starting point).

In addition, increase the read buffer for network blocks from 256
to 2000 since p2p_client_list parameter can have long values. These
were supposed to truncated cleanly, but the unexpected processing of
the end of the file (which is now fixed in this commit) could cause
configuration file to be rejected.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1
2012-08-23 23:52:45 +03:00
Jouni Malinen
cc8c7b8840 P2P: Remove unnecessary call in resuming p2p_find
Commit 99fcd40409 added a call to update
search delay after failed authentication attempt. This change was
supposed to be only in p2p_supplicant.c for the successful case. The
extra call does not really do anything, but it's good to remove it to
avoid any confusion in the future.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-23 20:28:04 +03:00
Jouni Malinen
99fcd40409 P2P: Allow scan operations during p2p_find
Previously, all station mode scan operations were either skipped or
delayed while any P2P operation was in progress. To make concurrent
operations easier to use, reduce this limitation by allowing a scan
operation to be completed in the middle of a p2p_find. In addition,
allow station mode association to be completed. When the station mode
operation is run to its completion (scan results not acted on,
connection to an AP completed, connection failed), resume the p2p_find
operation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-23 19:42:53 +03:00
Jouni Malinen
05a77b3b46 P2P: Use 500 ms search delay by default during concurrent operations
If the p2p_find command is used without the delay parameter, a 500 ms
default search delay will now be used when any interface using the same
radio is in an concurrent operation. "p2p_find delay=0" can be used to
enforce the old behavior in such a case if needed.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-23 18:34:57 +03:00
Jouni Malinen
37448ede31 P2P: Add option for adding extra delay to p2p_find
A new optional delay=<search delay in milliseconds> parameter can now be
used with p2p_find command to request an extra delay between search
iterations. This can be used, e.g., to make p2p_find friendlier to
concurrent operations by avoiding it from taking 100% of the radio
resources.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-23 18:20:58 +03:00
Jouni Malinen
065d2895b4 Add UNAUTH-TLS vendor specific EAP type
This EAP type uses a vendor specific expanded EAP header to encapsulate
EAP-TLS with a configuration where the EAP server does not authenticate
the EAP peer. In other words, this method includes only server
authentication. The peer is configured with only the ca_cert parameter
(similarly to other TLS-based EAP methods). This method can be used for
cases where the network provides free access to anyone, but use of RSN
with a securely derived unique PMK for each station is desired.

The expanded EAP header uses the hostapd/wpa_supplicant vendor
code 39068 and vendor type 1 to identify the UNAUTH-TLS method.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-22 22:34:11 +03:00
Jouni Malinen
a8a3868ddd HS 2.0: Add preliminary documentation for Hotspot 2.0
This describes wpa_supplicant functionality for Interworking
(probe request parameters, network selection) and Hotspot 2.0.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-21 21:32:31 +03:00
Jouni Malinen
a120c3fad6 WPS: Remove unused credential handlers for 802.1X
The WPA_AUTH_WPA and WPA_AUTH_WPA2 cases have already been rejected in
this function when execution comes here. In theory, support for
WPA-Enterprise could be added, but since that has not happened over the
years, there is no good reason to keep this dead code here.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-19 19:10:40 +03:00
Jouni Malinen
392824ef10 Clean up the closed stdin/stdout/stderr workaround to close sockets
Close the workaround sockets when wpa_supplicant exists to avoid
hitting resource leak warnings.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-19 18:01:04 +03:00
Jouni Malinen
44ec48ebfd FIPS: Remove md5-non-fips.c
Commit c9e08af24f removed the only user of
the special case MD5 use that would be allowed in FIPS mode in
tls_prf_sha1_md5(). Commit 271dbf1594
removed the file from the build, but left the implementation into the
repository. To clean things up even further, remove this functionality
completely since it is not expected to be needed for FIPS mode anymore.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-19 16:53:15 +03:00
Jouni Malinen
63e5caaa6f Interworking: Do not match credentials without WPA2-Enterprise
Since we currently support only HS 2.0 networks with Interworking
network selection, do not indicate credential match unless the
network uses WPA2-Enterprise.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-19 12:55:12 +03:00
Jouni Malinen
8601b50312 Interworking: Enforce WPA2-Enterprise/CCMP
Since we currently support only HS 2.0 networks with Interworking
network selection, enforce that WPA2-Enterprise/CCMP is used on the
AP instead of allowing any WPA-Enterprise combination.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-19 12:55:12 +03:00
Jouni Malinen
4ed34f5acd HS 2.0: Do not indicate HS 2.0 status without WPA2-Enterprise
Hotspot 2.0 allows only WPA2-Enterprise to be used, so other types of
networks must not be indicated as Hotspot 2.0 networks even if they
(incorrectly) advertise HS 2.0 support.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-19 12:54:48 +03:00
Jouni Malinen
2b95f57ba5 Interworking: Do not reconnect without "auto" parameter
When there was no credential match, but an enabled network block matched
with a scan result, wpa_supplicant reconnected at the end of
interworking_select command even if "auto" parameter was not used. Fix
this by running the reconnect only if requested to automatically select
a network.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-19 12:26:21 +03:00
Jouni Malinen
9af7361b3f Document TLS options in phase1/phase2
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-17 22:27:29 +03:00
Yoni Divinsky
6409b7a715 Supply the connection scan results to bgscan after init
If bgscan is enabled, then bgscan is initiated after the connection,
with no bss scan result information. Since a scan was performed prior to
the connection, the information exists and can be used to initialize the
bgscan's cache.

Signed-hostap: Yoni Divinsky <yoni.divinsky@ti.com>
2012-08-17 20:53:44 +03:00
Jouni Malinen
26a379224c OpenSSL: Implement SHA256 HMAC functions using HMAC API
Use the OpenSSL HMAC implementation instead of the internal sha256.c
implementation of HMAC with SHA256.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 22:34:35 +03:00
Jouni Malinen
ab637dcb37 Move SHA256-based PRF function into a separate C file
This makes it easier to conditionally build in SHA256 functions based
on which TLS/crypto library is used.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 22:24:11 +03:00
Jouni Malinen
0b5e98557e FIPS: Use OpenSSL CMAC implementation instead of aes-omac1.c
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 22:19:53 +03:00
Jouni Malinen
982bafedaf FIPS: Mix in OpenSSL RAND_bytes() into random_get_bytes()
Make sure that the OpenSSL DRBG gets used when generating
random numbers in FIPS mode.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 21:49:41 +03:00
Jouni Malinen
030d062fac OpenSSL: Implement SHA1 HMAC functions using HMAC API
Use the OpenSSL HMAC implementation instead of the internal sha1.c
implementation of HMAC with SHA1.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 20:38:25 +03:00
Jouni Malinen
d6150094e0 Move SHA1-based PRF function into a separate C file
This makes it easier to conditionally build in SHA1 functions based
on which TLS/crypto library is used.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 20:26:16 +03:00
Jouni Malinen
e40c86ad27 OpenSSL: Use library function for PBKDF2 passphrase-to-PSK
Use the OpenSSL PKCS5_PBKDF2_HMAC_SHA1() function instead of the
internal implementation in sha1-pbkdf2.c.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 20:26:16 +03:00
Jouni Malinen
6e6909a97e FIPS: Remove MD5 from the CONFIG_FIPS=y build
When CONFIG_FIPS=y is used, do not include MD5 in the build and disable
EAPOL-Key frames that use MD5 (WPA/TKIP and dynamic WEP with IEEE
802.1X).

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 20:03:17 +03:00
Jouni Malinen
271dbf1594 FIPS: Do not build md5-non-fips.o unless really needed
This is not needed anymore when using OpenSSL keying exporter
functionality for PRF.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 19:58:15 +03:00
Jouni Malinen
c9e08af24f Do not export TLS keys in FIPS mode
Only allow the TLS library keying material exporter functionality to be
used for MSK derivation with TLS-based EAP methods to avoid exporting
internal TLS keys from the library.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 19:38:15 +03:00
Jouni Malinen
411f567050 Allow libdl to be linked in after OpenSSL
OpenSSL-based builds may need libdl in the linker line after the OpenSSL
library. CONFIG_TLS_ADD_DL=y can now be used to force that if needed.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 19:34:38 +03:00
Jouni Malinen
e001191837 Add "make fips" for wpa_supplicant builds with OpenSSL
This can be used for convenience to build wpa_supplicant with OpenSSL
FIPS object module. CONFIG_FIPS=y is expected to be used in
wpa_supplicant/.config when using this option.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 17:53:05 +03:00
Jouni Malinen
4f219667d7 P2P: Use larger GO config timeout if HT40 is used
Increase GO config timeout if HT40 is used since it takes some time
to scan channels for coex purposes before the BSS can be started.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-15 23:19:11 +03:00
Rajkumar Manoharan
e2308e4b45 P2P: Add optional "ht40" argument for p2p_connect
This can be used to start negotiated GO in 40 MHz channel width
in 5GHz band.

Signed-hostap: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
2012-08-15 23:07:44 +03:00
Rajkumar Manoharan
7aeac98509 P2P: Enable 40 MHz support for autonomous P2P group addition
Add optional "ht40" argument for p2p_group_add command to enable 40 MHz
in 5GHz band. This configures the secondary channel, when HT support is
enabled and if the HW supports 40 MHz channel width.

Signed-hostap: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
2012-08-15 22:53:01 +03:00
Rajkumar Manoharan
931228aa10 P2P: Move channel validation into a separate function
Signed-hostap: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
2012-08-15 22:44:34 +03:00
Jouni Malinen
87c7ba8423 wpa_cli: Use helper functions to implement commands
This simplifies wpa_cli implementation greatly and also reduces
the binary size by one third or so.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-15 22:40:07 +03:00
Jouni Malinen
0076869c62 wpa_cli: Add helper functions for building and executing commands
These helper functions can be used to implement most of the common
wpa_cli commands to simplify the implementation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-15 22:08:21 +03:00
Jouni Malinen
a3f7e5186b Allow non-WPA IEEE 802.1X to be select even if WPA is also enabled
If key_mgmt was set to allow both WPA and non-WPA IEEE 802.1X (i.e., to
IEEE8021X WPA-EAP), non-WPA IEEE 802.1X was rejected while preparing
association parameters. Allow this special case to be handled by
selecting non-WPA case if the scan results for the AP do not include
either WPA or RSN elements.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-15 19:34:04 +03:00
Eyal Shapira
a13e07ec4d Fix adding extra IEs in sched scan
Refactoring done in commit 46ee0427b1
(IEEE 802.11u: Allow Interworking and HESSID to be configured)
broke adding extra IEs in sched scan. The IEs stopped being added
to the scan params within wpa_supplicant_extra_ies() but no code
was added to add them in wpa_supplicant_req_sched_scan().
Fix this and remove unused params arg in wpa_supplicant_extra_ies().

Signed-hostap: Eyal Shapira <eyal@wizery.com>
intended-for: hostap-1
2012-08-13 21:48:55 +03:00
Jouni Malinen
1f52c2f7b5 GAS: Fix reporting of GAS query timeouts
GAS_QUERY_TIMEOUT value was used for two different things - enum for
status callback and #define for internal eloop timeout). The latter
overwrites the former and as such, the timeout reported ended up going
out with value 5 which matches with GAS_QUERY_CANCELLED instead of
GAS_QUERY_TIMEOUT. This value was not used in existing code, so this
should not modify the current behavior. Anyway, the correct reason for
the failure should be reported. Rename the internal #define for the
timeout period to avoid the name conflict. [Bug 463]

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-13 21:33:00 +03:00
Jouni Malinen
067ffa2696 Convert os_realloc() for an array to use os_realloc_array()
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-13 21:21:23 +03:00
Jouni Malinen
f9884c096a Convert os_zalloc() for an array to use os_calloc()
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-13 20:44:21 +03:00
Jouni Malinen
78372bda68 Fix memcmp use in a test program
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-13 19:57:57 +03:00
Jouni Malinen
623ecdd5a2 Remove default ACM=1 from AC_VO and AC_VI
There is no need to mandate admission control (ACM=1) by default, so
clear that flag in the case the configuration file does not specify
wmm_ac_{vo,vi}_acm value. This gets closer to the values mentioned
in the sample hostapd.conf file and reduces the need to specify WMM
parameters in the configuration file for most common use cases.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-12 11:36:45 +03:00
Yoni Divinsky
c26effe15f wpa_supplicant AP/P2P: Enable WMM param configuration
In case of P2P GO and AP mode, wpa_supplicant uses the default hostapd
parameters for WMM. In the default parameters the ACM bit for video and
voice are set to 1, meaning, P2P devices and stations which are
connected to the GO cannot pass voice or video data packets. Allow this
to be changed through wpa_supplicant configuration file with wmm_ac_*
parameters.

Signed-hostap: Yoni Divinsky <yoni.divinsky@ti.com>
2012-08-12 11:34:07 +03:00
Jouni Malinen
e485286c67 Remove unnecessary bssid_changed check
The os_memcmp of bssid and wpa_s->bssid cannot return 0 in this
code path since identical os_memcmp was already done above.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-11 17:54:43 +03:00
Masashi Honma
0a0c38f63d Do not proceed with association if get_bssid() returns failure
This is the normal flow for association:

wpa_supplicant <--(EVENT_ASSOC event )--  device driver
wpa_supplicant  --( get_bssid()      )--> device driver
wpa_supplicant <--( return BSSID     )--  device driver

However, a device driver could return EINVAL for get_bssid() because it
recognizes it has already been disconnected. When the wpa_supplicant
received EINVAL, the bssid field could be used uninitialized in the
following flow:

wpa_supplicant <--(EVENT_ASSOC event )--  device driver
                                          device driver (receive deauth)
wpa_supplicant  --( get_bssid()      )--> device driver
wpa_supplicant <--( return EINVAL    )--  device driver

Prevent this by requiring the get_bssid() call to succeed when
processing association events.
2012-08-11 17:46:58 +03:00
Arik Nemtsov
b6871ebb17 SME: Correctly check mode HT caps for enabling OBSS scan
Don't assume the 11g mode is always first in the list of mode (sometimes
it isn't). Traverse the array of modes and check the HT40 capability is
turned on for 11g.

Signed-hostap: Arik Nemtsov <arik@wizery.com>
2012-08-11 17:08:54 +03:00
Jouni Malinen
8dba4aef11 P2P: Move group removal reason to a function parameter
wpa_s->removal_reason was set only when calling wpas_p2p_group_delete()
and while couple of call places did not set this, it should really be
set in each case. As such, it works better as a function parameter than
a variable in struct wpa_supplicant.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-11 12:41:31 +03:00
Michael Naumov
30ee769235 P2P: p2p_group_remove should fail on non-P2P interface
p2p_group_remove should only attempt to remove P2P group
interfaces and fail on non-P2P group interfaces.

Signed-hostap: Michael Naumov <michael.naumov@intel.com>
Signed-hostap: Nirav Shah <nirav.j2.shah@intel.com>
2012-08-11 12:06:23 +03:00
Eyal Shapira
462a7439e1 Add p2p_go_max_inactivity config option
This enables setting a different max inactivity timeout for P2P GO.
This timeout is used to detect inactive clients. In some scenarios
it may be useful to have control over this and set a shorter timeout
than the default 300s. For example when running STA and P2P GO interfaces
concurrently, the STA interface may perform scans which may cause the
GO to miss a disassoc / deauth frames from a client and keep assuming
that the client is connected until the inactivity detection kicks in.
300 secs is a bit too long for such scenarios and creates a bad user
experience.

Signed-hostap: Eyal Shapira <eyal@wizery.com>
2012-08-10 16:28:38 +03:00
Paul Stewart
6ed3117561 wpa_supplicant: Add DBus "Reassociate" command
Create a DBus command to reassociate, similar to the
ctrl-interface "reassociate" command.

Signed-hostap: Paul Stewart <pstew@chromium.org>
2012-08-09 13:54:36 +03:00
Jouni Malinen
e100828b76 Return wpabuf from radius_msg_get_eap()
This simplifies the implementation by using the buffer type to which the
returned data will be converted anyway. This avoids one memory
allocation for each processed RADIUS message.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-07 18:14:42 +03:00
Jouni Malinen
e122bb70b8 hostapd: Add alternative format for configuring SSID
The new ssid2 parameter can be used as an alternative mechanism for
configuring SSID for hostapd. It uses the same formats that
wpa_supplicant uses in the configuration file for strings.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-07 16:27:40 +03:00
Jouni Malinen
b87d70c88a Make wpa_config_parse_string() a shared function
This will be used in future hostapd configuration parser changes.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-07 16:13:51 +03:00
Jouni Malinen
986de33d5c Convert remaining SSID routines from char* to u8*
This makes it more explicit that the SSID is not a null terminated
C string.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-07 16:07:25 +03:00
Jouni Malinen
5c4b93d72e Add support for using printf-escaped strings in configuration
P"<escaped string>" can now be used as an alternative method for
specifying non-ASCII strings (including control characters). For
example, ssid=P"abc\x00test".

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-07 13:50:39 +03:00
Jouni Malinen
059d3a9075 wpa_cli: Handle wpa_supplicant termination more cleanly
Process CTRL-EVENT-TERMINATING in wpa_cli interactive mode and close
ctrl_iface connection without trying to detach the monitor interface
when this happens. This avoids a timeout on the DETACH command. In
addition, print out connection lost/re-established messages without
overriding the edit line.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-05 22:27:52 +03:00
Jouni Malinen
8e897ae37b wpa_cli: Go through ifname determination on connection retries
This is needed to allow the default behavior (pick first interface) to
be used in cases where wpa_supplicant is not available when wpa_cli is
started in interactive mode.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-05 22:04:22 +03:00
Jouni Malinen
db3a03222e wpa_cli: Fix an issue in the cleanup of udp-remote commits
wpa_ctrl_get_remote_ifname() is defined only for UDP ctrl_iface socket,
so this call needs to be made conditional on build parameters.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-05 21:54:56 +03:00