Commit graph

1450 commits

Author SHA1 Message Date
Jouni Malinen
3237bfb1a3 WPS: Fix strict validation of encrypted data for WSC 2.0-only case
Need to figure out whether the message is from a WSC 2.0 -based
device based on the unencrypted attributes, not the contents of the
encrypted data since the Version2 subelement is only included in the
unencrypted area.
2010-09-22 19:17:13 -07:00
Jouni Malinen
70153d385c hostapd: Add virt/phy flag for Display/PushButton if needed (WPS 2.0)
This seems to be the easiest way of making sure the Config Methods
value is compliant with the WSC 2.0 specification without having
to modify the configuration file. However, this will only add the
virtual flag, so the configuration files should really be updated
to specify values that match the AP design.
2010-09-22 17:45:43 -07:00
Jouni Malinen
370cb2a9ce WPS: Making some parsing messages use excessive debug level
This makes it easier to read -dd debug logs in environments that
have multiple WPS or P2P devices.
2010-09-22 11:39:58 -07:00
Jouni Malinen
82fb18472e WPS: Fix strict validation of (Re)Association Response
This frame is supposed to include Response Type, not Request Type
attribute.
2010-09-22 11:13:18 -07:00
Jouni Malinen
0e2e565a44 WPS 2.0: Provide (Re)Association Response WPS IE to driver
WPS 2.0 mandates the AP to include WPS IE in (Re)Association Response
if the matching (Re)Association Request included WPS IE. Provide the
needed WPS IE information to the driver_ops API for drivers that
process association frames internally.

Note: This modifies the driver_ops API by adding a new argument to
set_ap_wps_ie().
2010-09-22 10:46:44 -07:00
Jouni Malinen
baf7081ccd WPS: Add MAC address to validation error message for Probe Request
This makes it easier to figure out which device is sending invalid
Probe Request frames.
2010-09-22 10:07:20 -07:00
Jouni Malinen
b4e34f2fdf WPS: Make testing operations configurable at runtime
Instead of build time options (CONFIG_WPS_TESTING_EXTRA_CRED and
CONFIG_WPS_EXTENSIBILITY_TESTING), use a single build option
(CONFIG_WPS_TESTING) and runtime configuration of which testing
operations are enabled. This allows a single binary to be used
for various tests.

The runtime configuration can be done through control interface
with wpa_cli/hostapd_cli commands:
Enable extensibility tests:
set wps_version_number 0x57
Disable extensibility tests (WPS2 build):
set wps_version_number 0x20
Enable extra credential tests:
set wps_testing_dummy_cred 1
Disable extra credential tests:
set wps_testing_dummy_cred 0
2010-09-21 19:51:23 -07:00
Jouni Malinen
ab98525399 WPS 2.0: Fix AuthorizedMACs check to accept wildcard address
We need to accept both our own address and the ff:ff:ff:ff:ff:ff
as an indication of the AP having authorized us.
2010-09-21 19:36:44 -07:00
Jouni Malinen
252d7db297 P2P: Fill in default Config Methods in Invitation Request
If the peer is not authorized for GO Negotiation, wps_method is not
actually set. In that case, it is better to fill in our default
config methods rather than end up leaving the field to be zero.
2010-09-21 18:26:01 -07:00
Jouni Malinen
3379a3a795 WPS: Fix Beacon WPS IE on concurrent dualband AP in PBC mode
The Beacon frame must include UUID-E and RF Bands attributes when
in active PBC mode to allow stations to figure out that two BSSes in
PBC mode is not a PBC session overlap.
2010-09-20 15:32:29 -07:00
Jouni Malinen
ff28ccafd5 WPS: Add BSSID to strict validation error messages
This makes it easier to figure out which AP is sending invalid
Beacon or Probe Response frames.
2010-09-20 14:54:22 -07:00
Jouni Malinen
e0369e3664 WPS: Use same UUID in multi-interface case
When generating the UUID based on MAC address, share the same UUID
with all interfaces. This fixes a potential issue with concurrent
dualband APs where the UUID needs to be same for PBC to work properly.
2010-09-20 14:28:43 -07:00
Jouni Malinen
e64e3d245e WPS: Fix CONFIG_WPS_OOB build
The Version2 attribute was previous changed to a subelement and
the OOB code was missed during the change.
2010-09-19 17:18:43 -07:00
Jouni Malinen
3d32c6517d EAP-pwd: Fix couple of memory leaks 2010-09-14 22:16:17 -10:00
Jouni Malinen
d52be1db76 EAP-pwd: Move bnctx into per-protocol instance structure
This avoids double frees of bnctx and related crashes.
2010-09-14 22:04:09 -10:00
Dan Harkins
df684d82ff EAP-pwd: Add support for EAP-pwd server and peer functionality
This adds an initial EAP-pwd (RFC 5931) implementation. For now,
this requires OpenSSL.
2010-09-14 21:51:40 -10:00
Sudhakar Swaminathan
0f66abd25b P2P: Add option for disabling intra BSS distribution
p2p_intra_bss configuration parameter can now be used to
disable/enable intra BSS distribution (bridging of frames between
the clients in a group).
2010-09-10 10:30:26 -07:00
Ardong Chen
2049af2bd5 P2P: Fix invitation_received callback to use NULL bssid (if not known)
Previously, the storage buffer for the Group BSSID was returned
regardless of whether it was included in the invitation or not.
2010-09-10 10:30:26 -07:00
Jouni Malinen
e2197af1b2 P2P: Make sure parsed Device Name gets null terminated
If the msg->device_name buffer is filled from two different sources,
the copy from the P2P Device Info attribute needs to make sure that
the values gets null terminated to match the length of the correct
string should the other place use another string (which is not really
allowed by the spec, but could happen).
2010-09-10 10:30:26 -07:00
Jouni Malinen
ae3e342108 P2P: Add peer timeout into group formation 15 second timeout
This adds some more time for WPS provisioning step in case the peer
takes long time to start group interface operations.
2010-09-10 10:30:25 -07:00
Ardong Chen
2f9929ffcc WPS: Allow pending WPS operation to be cancelled
A new ctrl_interface command, WPS_CANCEL, can now be used to cancel
a pending or ongoing WPS operation. For now, this is only available
with wpa_supplicant (either in station or AP mode). Similar
functionality should be added for hostapd, too.
2010-09-10 10:30:25 -07:00
Jouni Malinen
fbe7027239 P2P: Provide local event on GO Neg Req rejection
If an authorized (p2p_connect used locally) GO Negotiation is
rejected when receiving GO Negotiation Request from the peer,
indicate the failure with a ctrl_interface P2P-GO-NEG-FAILURE
event. Previously, this event was only shown on the peer (i.e.,
the device receiving the GO Negotiation Response with non-zero
Status code).
2010-09-10 10:30:25 -07:00
Ardong Chen
ffe98dfb88 P2P: Process Invitation Request from previously unknown peer
Since this message now includes P2P Device Info attribute, it is
reasonable to learn the peer data and process the message instead of
rejecting the message.
2010-09-10 10:30:25 -07:00
Ardong Chen
17bef1e97a P2P: Add peer entry based on Provision Discovery Request
Add (or complete Probe Request only) P2P peer entry when receiving
Provision Discovery Request from a previously unknown peer. This is
especially of use for a GO when a P2P client is requesting to join
a running group.
2010-09-10 10:30:25 -07:00
Jouni Malinen
812bf56ab1 Fix build without CONFIG_P2P=y 2010-09-09 07:20:28 -07:00
Jouni Malinen
e9a7ae41fa P2P: Use SSID from GO Negotiation to limit WPS provisioning step
In order to avoid picking incorrect SSID from old scan results, use
SSID from GO Negotiation to select the AP.
2010-09-09 07:17:23 -07:00
Jouni Malinen
f8d0131a11 P2P: Use operating frequency from peer table as backup for join
The scan operation before Provision Discovery Request may not include
the GO. However, we are likely to have the GO in our P2P peer table,
so use that information to figure out the operating channel if BSS
table entry is not available.
2010-09-09 07:17:23 -07:00
Jouni Malinen
f7a6905735 P2P: Add a workaround for Extended Listen Timing getting stuck
This should not really happen, but it looks like the Listen command
may fail is something else (e.g., a scan) was running at an
inconvenient time. As a workaround, allow new Extended Listen
operation to be started if this state is detected.
2010-09-09 07:17:23 -07:00
Jouni Malinen
6125c661d5 P2P: Fix cross connection allowed parser to use correct field
The previous version had a bug that could result in NULL pointer
dereference if the P2P IE included Manageability attribute, but no
Capability attribute.
2010-09-09 07:17:22 -07:00
Jouni Malinen
5548ddc217 P2P: Allow P2P IE without Device Info in (Re)Assoc Req
This can happen, e.g., when a P2P client connects to a P2P group
using the infrastructure WLAN interface instead of P2P group
interface. In that case, the P2P client may behave as if the GO
would be a P2P Manager WLAN AP.
2010-09-09 07:17:21 -07:00
Jouni Malinen
b6c79a998f Add test command for disabling/enabling A-MPDU aggregation
ctrl_iface command "SET ampdu <0/1>" can now be used to
disable/enable A-MPDU aggregation.
2010-09-09 07:17:21 -07:00
Jouni Malinen
0cc8be3e45 P2P: Fix code order to avoid potential NULL pointer dereference 2010-09-09 07:17:21 -07:00
Jouni Malinen
c4ea4c5c90 P2P: Allow driver wrapper to indicate how many stations are supported
This can be used to limit the number of clients allowed to connect
to the group on the GO.
2010-09-09 07:17:21 -07:00
Jouni Malinen
eea2fd9eff P2P: Add mechanism for configuring UAPSD parameters for group
This is needed to be able to change parameters for dynamically
created interfaces between the creation of the interface and
association/start AP commands.

Following ctrl_interface commands can now be used:

P2P_SET client_apsd disable
- disable configuration (i.e., use driver default) in client mode

P2P_SET client_apsd <BE>,<BK>,<VI>,<VO>;<max SP Length>
- enable UASPD with specific trigger configuration (0/1) per AC
  (max SP Length is currently ignored)

P2P_SET go_apsd disable
- disable configuration (i.e., use driver default) in AP mode

P2P_SET go_apsd <0/1>
- disable/enable APSD in AP mode
2010-09-09 07:17:21 -07:00
Jouni Malinen
2f837b41dc P2P: Fix build after WSC 2.0 change to use WFA vendor extension 2010-09-09 07:17:21 -07:00
Jouni Malinen
2d509b39b1 WPS: Fix ER PBC overlap detection build with P2P changes 2010-09-09 07:17:21 -07:00
Jouni Malinen
5ded7d3eb8 P2P: Fix GAS fragmentation to match with IEEE 802.11u
P2P specification v1.15 fixed the description of the GAS fragmentation
to not duplicate NQP Query Response Field header in all fragments. This
change makes the fragmentation match with the description in IEEE
802.11u. The change is not backwards compatible with previous P2P
specification versions as far as fragmented SD responses are concerned.
2010-09-09 07:17:21 -07:00
Jouni Malinen
3dfda83d9c P2P: Add Device Password ID to GO Neg Request RX event
This event indicates the Device Password ID that the peer tried
to use in GO Negotiation. For example:
P2P-GO-NEG-REQUEST 02:40:61:c2:f3:b7 dev_passwd_id=4
2010-09-09 07:17:20 -07:00
Jouni Malinen
4147a2cc64 P2P: Fix p2p_connect join with interface address
Need to fetch P2P Device Address from the peers table in case the
p2p_connect join command uses interface address.
2010-09-09 07:17:20 -07:00
Jouni Malinen
72044390f3 P2P: Add support for cross connection
If enabled, cross connection allows GO to forward IPv4 packets
using masquerading NAT from the P2P clients in the group to an
uplink WLAN connection. This is disabled by default and can be
enabled with "wpa_cli p2p_set cross_connect 1" on the P2P device
interface.
2010-09-09 07:17:20 -07:00
Jouni Malinen
6c6915f3db P2P: Add defined values for P2P Manageability Bitmap 2010-09-09 07:17:20 -07:00
Jouni Malinen
0af196088c P2P: Fix device discoverability to not wait before sending GO Neg Req
When we receive Device Discoverability Response, we need to initiate
new GO Negotiation as quickly as possible to avoid the target client
from going back to sleep. Make sure we do not end up in
P2P_CONNECT_LISTEN state (short Listen mode) in this case.
2010-09-09 07:17:20 -07:00
Jouni Malinen
aefb53bd5d P2P: Disable periodic NoA when non-P2P STA is connected
For now, this applies to the test command that can be used to set
periodic NoA (p2p_set noa). The value are stored and periodic NoA
is enabled whenever there are no non-P2P STAs connected to the GO.
2010-09-09 07:17:20 -07:00
Jouni Malinen
4c08c0bd57 P2P: Include P2P IE in (Re)AssocReq to infra AP if it uses P2P IE
While this is not strictly speaking required by the P2P specification
for a not-P2P Managed Device, this can provide useful information for
the P2P manager AP and may be needed to pass certification tests.
2010-09-09 07:17:20 -07:00
Jouni Malinen
5be5305b7e P2P: Include Extended Listen Timing attribute in (Re)AssocReq
If extended listen timing is enabled, it should be advertised in
(Re)Association Request frames sent to GOs.
2010-09-09 07:17:20 -07:00
Jouni Malinen
04d8dad5c7 P2P: Wait on operating channel between invitation requests
If running in active GO mode to invite a device to join the group,
wait on operating channel instead of listen channel.
2010-09-09 07:17:20 -07:00
Jouni Malinen
d9d6a58c8f P2P: Fix invitation to active group to use correct operating channel
Invitation Request must use the current operating frequency of the
group, not the default operating channel.
2010-09-09 07:17:20 -07:00
Jouni Malinen
48e4377093 P2P: Fix WSC IE not to include two Device Name attrs with WPS 2.0 is used 2010-09-09 07:17:20 -07:00
Jouni Malinen
d5b20a73b2 P2P: Fix channel forcing for p2p_connect auth 2010-09-09 07:17:19 -07:00
Jouni Malinen
18eff3a3a7 P2P: Use 0-timeout when inviting to running group as client 2010-09-09 07:17:19 -07:00
Jouni Malinen
952f119242 P2P: Add Device Info attribute to Invitation Request
This was added as a mandatory attribute in one of the recent spec
updates.
2010-09-09 07:17:19 -07:00
Jouni Malinen
55a625799f P2P: Add Group Info attr into Probe Response in GO without clients
While there is no real value in this, the spec seems to mark this
attribute as mandatory from GO, so better included it regardless
of whether we have clients or not (the attribute is empty in case
no clients are connected).
2010-09-09 07:17:19 -07:00
Jouni Malinen
80c9582a5f P2P: Add test command for filtering which peers are discovered
"wpa_cli p2p_set peer_filter <MAC address>" can now be used to
only allow a single P2P Device (based on P2P Device Address) to be
discovered for testing. Setting the address to 00:00:00:00:00:00
disables the filter.
2010-09-09 07:17:19 -07:00
Jouni Malinen
9e00ea1aa3 P2P: Fix country string mismatch validation off-by-one offset
0x04 was being checked from incorrect location when skipping country
code validation.
2010-09-09 07:17:19 -07:00
Jouni Malinen
18708aadfc P2P: Initial support for SD fragmentation (GAS Comeback Request/Response) 2010-09-09 07:17:19 -07:00
Jouni Malinen
bf608cad56 P2P: Rename SD info not available define to match with spec change 2010-09-09 07:17:19 -07:00
Jouni Malinen
3c5126a41f P2P: Set Device Password ID in WPS M1/M2 per new rules
If the P2P client (WPS Enrollee) uses a PIN from the GO (Registrar),
Device Password ID in M1 & M2 is set to Registrar-specified.
2010-09-09 07:17:19 -07:00
Jouni Malinen
c381508d88 P2P: Implement power save configuration
wpa_cli p2p_set ps <0/1/2>
wpa_cli p2p_set oppps <0/1>
wpa_cli p2p_set ctwindow <0..> msec
2010-09-09 07:17:19 -07:00
Jouni Malinen
40c03fd40b P2P: Handle p2p_scan tracking in SEARCH state
Previously, only the initial p2p_scan was used to delay starting new
P2P operations. However, this should have applied to the SEARCH state
scans, too.
2010-09-09 07:17:18 -07:00
Jouni Malinen
962473c136 P2P: Add preliminary P2P Manager AP support for hostapd 2010-09-09 07:17:18 -07:00
Jouni Malinen
ef7963917c P2P: Add group notification from (re)association request 2010-09-09 07:17:18 -07:00
Jouni Malinen
f684e608af P2P: Use PSK format in WPS Credential 2010-09-09 07:17:17 -07:00
Jouni Malinen
8ccbe415ba P2P: Add group notifications 2010-09-09 07:17:17 -07:00
Jouni Malinen
e44f8bf20a P2P: Add P2P configuration and callbacks in hostapd code 2010-09-09 07:17:17 -07:00
Jouni Malinen
b22128efdc P2P: Add initial version of P2P Module 2010-09-09 07:17:17 -07:00
Jouni Malinen
c2af2afb3b P2P: Preparations for adding P2P IE into Beacon/Probe Response frames 2010-09-09 07:17:17 -07:00
Jouni Malinen
b305c684b8 P2P: Save a copy of P2P IE(s) data from (Re)Association Request 2010-09-09 07:17:17 -07:00
Jouni Malinen
046b26a24e nl80211: Add P2P operations 2010-09-09 07:17:17 -07:00
Jouni Malinen
2883205ec8 driver_test: Add functionality for allowing P2P testing 2010-09-09 07:17:17 -07:00
Jouni Malinen
75bde05d53 P2P: Add driver operations for P2P use 2010-09-09 07:17:16 -07:00
Jouni Malinen
62281bc690 P2P: Do no process Probe Request with P2P wildcard SSID in WPS
The Probe Request frames used in P2P Device Discovery should not be
processed by the WPS implementation.
2010-09-09 07:17:16 -07:00
Jouni Malinen
935a948f97 P2P: Enable use of WPS Requested Device Type without WPS 2.0 2010-09-09 07:17:16 -07:00
Jouni Malinen
63675def6e P2P: Add Device Name into WPS IE in Probe Request frames 2010-09-09 07:17:16 -07:00
Jouni Malinen
91a9464528 Make IEEE 802.11 IE parser aware of P2P IE
This does not handle fragmented IEs and is only used to check quickly
whether the IE blob includes any P2P IE(s).
2010-09-09 07:17:16 -07:00
Jouni Malinen
dd6cc5a20c P2P: Wi-Fi Direct frame format definitions 2010-09-09 07:17:16 -07:00
Jouni Malinen
fdc9eeb175 WPS 2.0: Convert new attributes into WFA vendor extension
The WSC 2.0 specification moved to use another design for the new
attributes to avoid backwards compatibility issues with some
deployed implementations.
2010-09-09 06:07:49 -07:00
Jouni Malinen
ac4dcaf7bf WPS 2.0: Fix strict mode validation of UPnP MAC Address format
This was supposed to only reject the message from WPS 2.0 ER, not from
WPS 1.0 ER.
2010-09-09 06:07:49 -07:00
Jouni Malinen
42f50264c0 WPS: Make fragment size configurable for EAP-WSC peer
"wpa_cli set wps_fragment_size <val>" can now be used to configure the
fragment size limit for EAP-WSC.
2010-09-09 06:07:49 -07:00
Jouni Malinen
ecece754db WPS: Add more debug prints for authorized MACs operations 2010-09-09 06:07:49 -07:00
Jouni Malinen
498cdee0c7 WPS ER: Use PBC overlap detection
ER should follow same rules as internal Registrar in an AP for
session overlap detection.
2010-09-09 06:07:49 -07:00
Jouni Malinen
6a4477236e WPS 2.0: Only reject Probe Request frames from WPS 2.0 devices 2010-09-09 06:07:49 -07:00
Jouni Malinen
e69b86b71d WPS 2.0: By default, use strict validation reject only with WPS 2.0 2010-09-09 06:07:49 -07:00
Jouni Malinen
5fabd9fefb WPS: Fix strict validation to mandate Network Index attribute
While this attribute is is now deprecated, it is still required
for backwards compatibility. Better check this if strict validation
is enabled.
2010-09-09 06:07:49 -07:00
Jouni Malinen
e6e25d37a3 WPS 2.0: Use strict validation of NewWLANEventMAC only with WPS 2.0
This avoids some testing issues with WPS 1.0 implementations while
maintaining strict validation for WPS 2.0 implementations.
2010-09-09 06:07:49 -07:00
Jouni Malinen
b68ccf4048 WPS ER: Do not use SetSelectedRegistrar when learning/configuring AP 2010-09-09 06:07:49 -07:00
Jouni Malinen
ad4741183f WPS 2.0: Make sure PHY/VIRT flag gets set for PBC 2010-09-09 06:07:48 -07:00
Jouni Malinen
168f840169 WPS 2.0: Add strict validation of SetSelectedRegistrar attributes 2010-09-09 06:07:48 -07:00
Jouni Malinen
545ee4fd3d WPS 2.0: Add wildcard AuthorizedMACs if Enrollee address is not known 2010-09-09 06:07:48 -07:00
Jouni Malinen
53587ec183 WPS 2.0: Make WSC 2.0 support to be build option (CONFIG_WPS2)
For now, the default build will only include WSC 1.0 support.
CONFIG_WPS2=y can be used to add support for WSC 2.0.
2010-09-09 06:07:48 -07:00
Jouni Malinen
c15a854aec WPS 2.0: Add tool for testing protocol extensibility
This is disabled by default and can be enabled by defining
CONFIG_WPS_EXTENSIBILITY_TESTING.
2010-09-09 06:07:48 -07:00
Jouni Malinen
4a34969824 WPS: Add a test mechanism for adding an extra credential into M8
This can be used to build a test version of ER that adds an extra
Credential attribute into M8.
2010-09-09 06:07:48 -07:00
Jouni Malinen
54f489be45 WPS 2.0: Validate WPS attributes in management frames and WSC messages
If CONFIG_WPS_STRICT is set, validate WPS IE(s) in management frames and
reject the frames if any of the mandatory attributes is missing or if an
included attribute uses an invalid value. In addition, verify that all
mandatory attributes are included and have valid values in the WSC
messages.
2010-09-09 06:07:48 -07:00
Jouni Malinen
00ae50bc87 atheros: Use larger buffer for WSC IE changes
This resolves issues in updating Beacon/Probe Response frame IEs
in a case where the value may be long enough to get fragmented
into multiple IEs.
2010-09-09 06:07:48 -07:00
Jouni Malinen
ed1c1ebfb4 WPS 2.0: Ignore WEP Credentials as station Enrollee
Ignore Credential if it is for a WEP network. Reject the message if
no valid Credential is found.
2010-09-09 06:07:48 -07:00
Jouni Malinen
6be2d7f826 WPS 2.0: Enforce new security policy of received AP Settings
When receiving new AP Settings from ER, reject WEP configuration
and upgrade WPA-Personal/TKIP only to mixed mode (i.e., add
WPA2-Personal/CCMP).
2010-09-09 06:07:48 -07:00
Jouni Malinen
6b633b4da7 WPS 2.0: Fix Probe Request WPS IE building to be able to fragment data
If all the device information attributes use their maximum lengths,
a single WPS IE is not enough to fit in all the data and as such,
we must be able to fragment the data. In addition, the wpabuf needs
to be allocated larger to fit in maximum data.
2010-09-09 06:07:47 -07:00
Jouni Malinen
dcc4d8be75 WPS 2.0: Disable WPS workarounds if CONFIG_WPS_STRICT is defined 2010-09-09 06:07:47 -07:00
Jouni Malinen
5314d652d4 WPS 2.0: Modify empty-string workaround to meet 2.0 rules
Instead of using 0x00 as the extra character, use space (' ') to
avoid failing tests that verify that the variable length string
attributes are not null terminated. In addition, this workaround
can now be disabled by defining CONFIG_WPS_STRICT for the build.
This can be done by adding following line to .config:
CFLAGS += -DCONFIG_WPS_STRICT

However, it should be noted that such a build may not interoperate
with some deployed WPS 1.0 -based implementations and as such, is
mainly designed for testing.
2010-09-09 06:07:47 -07:00
Jouni Malinen
6a857074f4 WPS 2.0: Add virtual/physical display and pushbutton config methods 2010-09-09 06:07:47 -07:00
Jouni Malinen
662bd57522 WPS 2.0: Add device attributes into Probe Request
Add Manufacturer, Model Name, Model Number, and Device Name attributes
into the WSC IE in the Probe Request frames.
2010-09-09 06:07:47 -07:00
Jouni Malinen
cfe1c3f1ef WPS 2.0: Add Request to Enroll attribute into Probe Request
Whenever wpa_supplication is using Request Type Enrollee, it is trying
to enroll into a network. Indicate this with the explicit inclusion of
Request to Enroll attribute with value TRUE.
2010-09-09 06:07:47 -07:00
Jouni Malinen
31fcea931d WPS 2.0: Add support for AuthorizedMACs attribute
Advertize list of authorized enrollee MAC addresses in Beacon and
Probe Response frames and use these when selecting the AP. In order
to provide the list, the enrollee MAC address should be specified
whenever adding a new PIN. In addition, add UUID-R into
SetSelectedRegistrar action to make it potentially easier for an AP
to figure out which ER sent the action should there be multiple ERs
using the same IP address.
2010-09-09 06:07:47 -07:00
Jouni Malinen
f439079e93 WPS 2.0: Add new attributes and update version negotiation
This adds definitions and parsing of the new attributes that were added
in WPS 2.0. In addition, the version negotiation is updated to use the
new mechanism, i.e., accept everything received and use the new Version2
attribute in transmitted messages.
2010-09-09 06:07:47 -07:00
Jouni Malinen
a0fad21014 Indicate Barker Preamble Mode in ERP IE also based on local configuration
While this is not strictly speaking required based on dynamic
configuration (i.e., dot11ShortPreambleOptionImplemented is static
value based on implementation, not runtime configuration), it is better
to follow local configuration parameter for short preamble in addition
to the associated station capabilities.
2010-09-05 13:11:42 +03:00
Jouni Malinen
702934a163 atheros: Fix driver deinit function to be run
hostapd uses hapd_deinit(), not deinit() wpa_driver_ops.
2010-09-05 13:04:03 +03:00
Jouni Malinen
4a46e82fb4 atheros: Deinit l2_packet sock_xmit on error path 2010-09-05 13:03:26 +03:00
Jouni Malinen
8421e95c71 Fix segfault in hostapd_eid_ht_capabilities() with some drivers
This function is not really needed in case of drivers that build the
HT IEs internally. However, since this can get called if ieee80211n=1
is set in hostapd.conf, we better not segfault even if the driver
does not provide hw info (hapd->iface->current_mode == NULL).
2010-09-05 12:47:16 +03:00
Jouni Malinen
0caf077bc1 WPS: Fix hostapd build without CONFIG_WPS_UPNP
Commit 5a1cc30f1a added code that was
assuming CONFIG_WPS_UPNP is enabled whenever CONFIG_WPS is. Fix this
by making the UPnP calls conditional on CONFIG_WPS_UPNP define.
2010-09-05 12:34:04 +03:00
Jouni Malinen
cce1f698e5 WPS: Use more defensive design to avoid theoretical NULL deref
Prior to commit 6195adda9b the sm->user
dereference did not exist here. While this is in practice non-NULL,
better use more defensive construction here to avoid NULL pointer
dereference should this ever change.
2010-09-04 21:37:36 +03:00
Jouni Malinen
0c80427d77 NDIS: Fix association for WPS provisioning with protected AP
Some NDIS drivers require a workaround to allow them to associate
with a WPS AP that is already using protection (Privacy field = 1).
Let driver_ndis.c know if the AP is already using Privacy and if so,
configure a dummy WEP key to force the driver to associate.
2010-09-04 13:56:12 +03:00
Jouni Malinen
f4e5fd948a l2_packet_ndis: Fix overlapped write not to corrupt stack
When using overlapped write, we must have the provided memory
areas available during the operation and cannot just use stack
unless we wait for the completion within the function. In the case
of TX here, we can easily wait for the completion since it is likely
to happen immediately. In addition, this provides more reliable
success/failure return value for l2_packet_send(). [Bug 328]
2010-09-02 13:23:14 +03:00
Helmut Schaa
36af1c7d31 hostapd: enable STBC only for STBC capable STAs
hostapd simply used its own STBC configuration in the STA's HT caps. This
resulted in TX STBC being used for STAs not supporting RX STBC, which in
turn resulted in the STA not receiving anything.

Fix this by handling the STBC flags in the same way mac80211 does. Mask
out RX STBC if we don't support TX STBC and vice versa.

Tested only with the nl80211 driver and a STBC incapable STA.

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
2010-08-28 12:25:44 +03:00
Masashi Honma
60da5e0f3f Solaris: Add support for wired IEEE 802.1X client
This patch adds support for wired IEEE 802.1X client on the Solaris.

I have tested with these:
OS : OpenSolaris 2009.06
EAP : EAP-MD5
Switch : Cisco Catalyst 2950
2010-08-28 11:40:07 +03:00
Jouni Malinen
60a972a68d Add current signal strength into signal quality change events 2010-08-27 16:58:06 +03:00
Masashi Honma
9c77ad1889 trace: Fix void pointer arithmetic
The arithmetic on void pointer exists in trace routine. On GNU C, it
works because void pointer size is 1, but not all compilers behave like
this. So this patch specifies the size of the pointer.
2010-08-26 18:35:55 +03:00
Jouni Malinen
31fa4c6d98 Remove unused ieee802_11_send_deauth() 2010-08-25 21:18:54 +03:00
Jouni Malinen
ef546700e2 WPS: Optimize M2 processing in AP Setup Locked case
There is no need to process the public key and generate keys if
the AP is going to reject this M2 anyway. This limits effect of
potential CPU DoS attacks in cases where AP PIN is disabled.
2010-08-24 16:42:26 +03:00
Jouni Malinen
5a1cc30f1a WPS: Add support for dynamic AP PIN management
A new hostapd_cli command, wps_ap_pin, can now be used to manage
AP PIN at runtime. This can be used to generate a random AP PIN and
to only enable the AP PIN for short period (e.g., based on user
action on the AP device). Use of random AP PIN that is only enabled
for short duration is highly recommended to avoid security issues
with a static AP PIN.
2010-08-24 16:35:37 +03:00
Jouni Malinen
944814106e WPS: Do not disable AP PIN permanently, only slow down attacks
As a compromise between usability and security, do not disable
AP PIN permanently based on failed PIN validations. Instead, go to
AP Setup Locked state for increasing amount of time between each
failure to slow down brute force attacks against the AP PIN.

This avoids problems with some external Registrars that may try
to use the same PIN multiple times without user input. Now, the
user will still be able to fix the PIN and try again later while
a real attack is delayed enough to make it impractical.
2010-08-24 15:24:05 +03:00
Jouni Malinen
035cc69d98 WPS: Use WSC_NACK if no device password is known on M2 RX
This can happen on the AP if the AP PIN is not configured and
the client tries to go through the protocol instead of just using
Registrar mode to receive M1 from the AP. It is cleaner to send
out the WSC_NACK instead of just stopping the protocol.
2010-08-24 12:56:11 +03:00
Jouni Malinen
8cbd92ee29 EAP-FAST server: Add I-ID into PAC-Info
This indicates that the peer identity is associated with the
credential and will be required to match with the identity used
during authentication when the PAC is used (RFC 5422, 4.2.4).
2010-08-19 21:16:19 +03:00
Jouni Malinen
2e75a2b3a6 Add more debug info on deauth/disassoc events and commands 2010-08-17 21:04:38 +03:00
Jouni Malinen
43dd46b3bc Fix memory leak in AP WEP key configuration 2010-08-17 21:04:07 +03:00
Samuel Ortiz
cb1583f64b sme: Try all authentication algorithms when the first one fails
When passing several authentication algorithms through auth_alg, we
should try all of them when the first one fails. The wext driver goes
through the connect nl80211 command and the retries are then handled by
the kernel. The nl80211 doesn't and we have to handle that from
userspace.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2010-08-17 16:39:33 +03:00
Paul Stewart
cb30b297bd nl80211: Ignore "DEAUTH" messages from APs we are not associated to
DEAUTH messages can come from a number of different sources. The one
that's hurting us currently is DEAUTH netlink messages coming to us
from compat-wireless in response to local_state_change DEAUTH messages
we sent as a part of cleaning up state in driver_nl80211's
clear_state_mismatch() function. However, DEAUTH messages can come
from a variety of unwanted sources, including directed denial-of-service
attacks (although MAC verification doesn't place that high a barrier),
so this validation is actually generically useful, I think.

The downside to this method is that without a kernel based approach
"iw dev wlan0 link" no longer works correctly after clear_state_mismatch()
is done.  This will be pursued with the kernel folks.
2010-08-16 21:27:26 +03:00
Daniel Gryniewicz
6c78ae1443 Fix RSN preauth candidate list clearing to avoid segfaults
Commit c5b26e33c1 broke the processing
of the candidate list entries when an old entry was either removed or
reused. The entry needs to be removed from the list to avoid leaving
pointers to freed memory.

http://bugs.gentoo.org/show_bug.cgi?id=330085
http://w1.fi/bugz/show_bug.cgi?id=372
2010-08-14 19:01:14 +03:00
Johannes Berg
ba2d0d7d68 nl80211: Don't pass ctx to wpa_driver_nl80211_init_nl
Currently, we don't use the sock_ctx that we get passed by eloop, so
don't assign it.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2010-08-11 18:33:24 +03:00
Johannes Berg
f48ffe4364 nl80211: Remove unused pending_send_action
This variable is assigned only once and never tested, so basically
unused.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2010-08-11 18:33:02 +03:00
Jouni Malinen
92afbe9d63 WPS: Make DH debug prints easier to understand 2010-08-11 18:02:39 +03:00
Jouni Malinen
15ed5535ad nl80211: Show remain-on-channel duration in debug output 2010-08-11 18:02:19 +03:00
Jouni Malinen
26af9dcaef nl80211: Try mode changes multiple times to avoid some races
cfg80211/mac80211 seems to be unwilling to change interface mode in
some cases. Make these less likely to cause problems by trying the
changes up to 10 times with 100 msec intervals.
2010-08-11 18:01:37 +03:00
Jouni Malinen
6195adda9b WPS: Allow AP to start in Enrollee mode without AP PIN for probing
In theory, this should not really be needed, but Windows 7 uses
Registrar mode to probe AP's WPS capabilities before trying to use
Enrollee and fails if the AP does not allow that probing to happen.
This allows the AP to start as an Enrollee and send M1, but refuse
to continue beyond that (M3 will not be sent if AP PIN is not known).
2010-07-26 18:12:08 -07:00
Jouni Malinen
67ccef7e6c FT: Send RRB data directly when managed by same hostapd process
This makes it easier (and a bit faster) to handle multiple local
radios with FT. There is no need to depend on l2_packet in that
case since the frame can be delivered as a direct function call.
2010-07-25 20:30:12 -07:00
Jouni Malinen
08b19cb404 WPS: Limit WPS ER event_id < 2^31 bits to avoid issues with atoi()
Previously, large event_id values (> 2^31) resulted in integer
overflow that would make ER drop all events from the AP.
2010-07-20 22:56:58 -07:00
Jouni Malinen
7f6ec672ea EAP server: Add support for configuring fragment size 2010-07-20 22:56:10 -07:00
Jouni Malinen
f3a3e6987e WPS: Allow fragment size to be configured 2010-07-20 22:55:39 -07:00
Jouni Malinen
4e22adb4d1 WPS: Move from WLAN_STA_MAYBE_WPS to WLAN_STA_WPS based on EAP messages
If the station does not include WSC IE in Association Request, it
is marked with WLAN_STA_MAYBE_WPS flag. We can update that to
WLAN_STA_WPS if the station uses either of the WPS identity strings.
This enables some workarounds for WPS stations.
2010-07-18 16:10:08 -07:00
Jouni Malinen
9301f6515e WPS: Reduce client timeout with EAP-WSC to avoid long wait
This works around issues with EAP-Failure getting lost for some reason.
Instead of waiting up to 60 seconds on a timeout, 30 second timeout is
now used and whenever the provisioning step has been completed (either
successfully or unsuccessfully), this timeout is reduced to 2 seconds.
2010-07-18 16:09:30 -07:00
Jouni Malinen
3239706303 WPS: Force disconnection after provisioning step
This works around some problems where the station is unable to disconnect
for some reason (e.g., if EAP-Failure gets dropped).
2010-07-18 16:08:52 -07:00
Jouni Malinen
c01106f3e8 WPS: Add more debug info for DH keys 2010-07-17 20:23:55 -07:00
Jouni Malinen
b3b2da770e Define Public Action and Vendor-specific Public Action frames 2010-07-17 20:22:40 -07:00
Jouni Malinen
950388f745 IEEE 802.11u GAS defines 2010-07-17 20:21:39 -07:00
Jouni Malinen
4796272f5f nl80211: show TX status (ack) in debug log 2010-07-17 20:17:43 -07:00
Jouni Malinen
e9501a07c6 FT: Fix RRB messages to use correct endianness
The pairwise cipher field is supposed to be little endian, but the
message building functions did not swap the bytes on big endian
hosts while the message processing functions did. Fix this by using
little endian byte order in both places.
2010-07-17 17:48:32 -07:00
Jouni Malinen
2f1ce78bf7 WPS: Add a workaround for OS X 10.6.3 and .4 (use PSK, not passphrase)
It looks like 10.6.3 and 10.6.4 do not like to receive Network Key
with WPA passphrase while PSK format still works. Use peer information
from M1 to figure out whether the Enrollee is likely to be OS X and
if so, force PSK format to be used for Network Key.
2010-07-05 15:37:47 -07:00
Jouni Malinen
612e9160e2 WPS: Add a workaround for parsing M1 from OS X 10.6
It looks like Mac OS X adds unexpected 0x00 padding to the end of M1.
Skip that padding to avoid interop issues.
2010-07-05 13:04:54 -07:00
Jouni Malinen
2d8bf73298 Add new debug message level for excessive information
Some frequent debug prints are of limited use and make debug output
difficult to read. Make them use a new debug level so that -dd
provides more readable output (-ddd can now be used to enable
the excessive debug prints).
2010-07-05 12:21:48 -07:00
Jouni Malinen
cc91e07e57 OpenSSL: Fix public key length in DH group 5 operations
The length of the prime was used incorrectly and this resulted
in WPS DH operation failing whenever the public key ended up having
leading zeros (i.e., about every 1/256th time).
2010-06-26 21:03:25 -07:00
Jouni Malinen
41e650ae5c WPS: Use different scan result sorting rules when doing WPS provisioning
The AP configuration may change after provisioning, so it is better
not to use the current security policy to prioritize results. Instead,
use WPS Selected Registrar attribute as the main sorting key and use
signal strength next without considering security policy or rate sets.
The non-WPS provisioning case remains as-is, i.e., this change applies
only when trying to find an AP for WPS provisioning.
2010-06-11 13:50:13 -07:00
Jouni Malinen
9abe9b2c35 WPS: Add workaround for missing Network Key attribute
Some deployed implementations do not include the mandatory Network
Key attribute when a WPS Credential is for an open network. Allow
this to improve interoperability since the actual key value is not
really needed for open networks.
2010-06-11 11:29:10 -07:00
Jouni Malinen
9776475fb9 WPS: Do not proxy Probe Request frames to foreign SSIDs to Registrars
We must only indicate stations that are either probing the wildcard SSID
or our own SSID.
2010-06-10 22:36:34 -07:00
Jouni Malinen
a63063b4f6 rfkill: Use rtnetlink ifup/ifdown events
Replace use of rfkill block event with rtnetlink ifdown. This makes
the design more robust since the rfkill event could have been for
another interface while the rtnetlink events are already filtered
based of ifindex. In addition, the new design handles other than
rfkill-triggered ifdown/ifup events, too. rfkill unblocked event
is still needed to try to set the interface back up. If the unblock
was for another interface, ifup will fail and the driver state is
not changed.
2010-05-31 18:52:17 +03:00
Jouni Malinen
84b2f9909f Fix driver operation order in configuration reloading
Some of the driver wrappers need to get set_ieee8021x() call before
they can configure keys. Reorder the operations in the reloading
of configuration case to match with that expectation.
2010-05-29 22:27:27 +03:00
Jouni Malinen
7f5957abcf eloop: Fix crash on signal handler cancelling next timeout
It is possible that the timeout pointer becomes invalid in one of the
signal handlers, so we need to reload the pointer after those.
2010-05-28 22:18:28 +03:00
Jouni Malinen
8b0ea5a07e atheros: Fix WPA/802.1X disabling to clear Privacy flag
Setting IEEE80211_PARAM_AUTHMODE to IEEE80211_AUTH_AUTO ends up enabling
Privacy mode in the driver. We need to clear that to allow hostapd to be
reconfigured into open mode.
2010-05-28 21:51:31 +03:00
Jouni Malinen
7d6640a62c WPS ER: Add command for configuring an AP
wps_er_config can now be used to configure an AP. It is similar to
wps_er_learn, but instead of only learning the current AP settings,
it continues to send M8 with the new settings for the AP.
2010-05-28 00:01:48 +03:00
Jouni Malinen
15dbf1291a WPS ER: Add ctrl_iface event for learned AP settings 2010-05-27 15:24:45 +03:00
Jouni Malinen
0848668513 WPS ER: Allow AP filtering based on IP address
wps_er_start command now takes an optional parameter that can be used
to configure a filter to only allow UPnP SSDP messages from the
specified IP address. In practice, this limits the WPS ER operations
to a single AP and filters out all other devices in the network.
2010-05-27 15:23:55 +03:00
Jouni Malinen
826fe5fec3 WPS ER: Fix Credential to use correct Enrollee MAC Address
When starting the protocol run with an Enrollee, clone the AP Settings
and replace the AP MAC Address with the Enrollee MAC Address so that the
correct value is then used in the Credential attribute in M8.
2010-05-27 15:22:44 +03:00
Jouni Malinen
ed7a09f914 Add WPS IE into (Re)Association Response frame if WPS is used
If the associating station indicates that it is intents to use WPS
by including WPS IE in (Re)Association Request frame, include WPS IE
in (Re)Association Response frame.
2010-05-26 18:46:08 +03:00
Jouni Malinen
16e46ec043 Reassemble WPS IE(s) in (Re)Association Request if needed
Use a function that will take care of possible (though, very unlikely)
fragmentation of WPS TLVs in (Re)Association Request frames.
2010-05-26 18:17:13 +03:00
Jouni Malinen
99e437ad52 Fix WPS attribute parser to use correct pointer for Response Type 2010-05-26 17:12:30 +03:00
Jouni Malinen
32b752ef8f Internal TLS: Fix X.509 name handling to use sequency of attributes
There may be more than one attribute of same type (e.g., multiple DC
attributes), so the code needs to be able to handle that. Replace the
fixed structure with an array of attributes.
2010-05-25 20:55:29 +03:00
Jouni Malinen
969b403fa7 Internal TLS: Add domainComponent parser for X.509 names 2010-05-25 19:43:21 +03:00
Jouni Malinen
5216938960 Fix memory leak on rfkill init error path 2010-05-25 12:06:25 +03:00
Jouni Malinen
8c0ef18199 Fix a typo in unused attribute name 2010-05-25 09:57:22 +03:00
Masashi Honma
6db1602d5b bsd: Use set_freq() API for AP mode wpa_supplicant
Previous version driver_bsd.c switches the channel in
wpa_driver_bsd_associate(). This patch changes it to use set_freq().
I have tested this patch on FreeBSD 8.0/NetBSD 5.0.2 with hostapd,
wpa_supplicant(AP) and wpa_supplicant(STA).
2010-05-23 12:20:33 +03:00
Jouni Malinen
8401a6b028 Add Linux rfkill support
Add a new wpa_supplicant state: interface disabled. This can be used
to allow wpa_supplicant to be running with the network interface even
when the driver does not actually allow any radio operations (e.g.,
due to rfkill).

Allow driver_nl80211.c and driver_wext.c to start while rfkill is in
blocked state (i.e., when ifconfig up fails) and process rfkill
events to block/unblock WLAN.
2010-05-23 10:27:32 +03:00
Andriy Tkachuk
6deb41e73f Update WPS IE on hostapd reconfiguration
This is needed to handle cases where WPS state may have changed and
hostapd is reloading its configuration.
2010-05-02 11:21:19 +03:00
Jouni Malinen
1bc774a12a hostapd: Reorder some IEs to get closer to IEEE 802.11 standard
Vendor-specific IEs are supposed to be in the end of the frame, so move
WMM into the end of Beacon, Probe Response, and (Re)Association Response
frames. In addition, move HT IEs to be later in (Re)Association
Response to match the correct order.

hostapd_eid_wpa() adds multiple IEs and the end result may not always be
correct. If WPA is enabled, WPA IE (vendor-specific) gets added in the
middle of the frame and not in the end. This would require a larger
change to spliut the IEs from WPA module into separate locations when
constructing Beacon and Probe Response frames. This is not yet addressed.
2010-05-02 10:53:01 +03:00
Jouni Malinen
b4a1256d36 Fix fallback from failed PMKSA caching into full EAP authentication
Commit 83935317a7 added forced
disconnection in case of 4-way handshake failures. However, it should
not have changed the case where the supplicant is requesting fallback
to full EAP authentication if the PMKID in EAPOL-Key message 1/4 is
not know. This case needs to send an EAPOL-Start frame instead of
EAPOL-Key message 2/4.

This works around a problem with APs that try to force PMKSA caching
even when the client does not include PMKID in (re)association request
frame to request it. [Bug 355]
2010-05-01 17:35:28 +03:00
Jouni Malinen
439d4bf960 Fix EAPOL_SM_USES_WPA flag to be set correctly
Commit c02d52b405 removed direct calls
to the WPA authenticator, but the change here was incorrect.
EAPOL_SM_USES_WPA was supposed to be set based on sta->wpa_sm being
set, i.e., no need to check for PMKSA entries for that.

While this could potentially change EAPOL Key TX state machine behavior,
no clear problems have been identified so far. Anyway, better fix this
to get the correct flags set for EAPOL authenticator state machine.
2010-05-01 17:12:59 +03:00
Jouni Malinen
3ab72b626b Fix WPA state machine initialization on WPA_REAUTH if needed
When using WPS, we may end up here if the STA manages to re-associate
without the previous STA entry getting removed. Consequently, we need to
make sure that the WPA state machines gets initialized properly at this
point.
2010-04-23 16:49:50 +03:00
Jouni Malinen
fb2ab5dd6a hostap.git is now 0.8.x development tree
0.7.x for branched into hostap-07.git for stable releases.
2010-04-18 21:01:00 +03:00
Jouni Malinen
be48214d2b Preparations for 0.7.2 release 2010-04-18 18:02:34 +03:00
Jouni Malinen
e4cbe058d6 TNC: Add more debug infor to EAP-TNC server state changes 2010-04-18 12:24:02 +03:00
Jouni Malinen
11804a4ebc TNC: Fix EAP-TNC fragmentation of the last message
62477841a1 tried to address fragmentation
issues, but it did not address the case where the final EAP-TNC
message gets fragmented. Move the state update to the correct place
to address this case, too.
2010-04-18 12:21:56 +03:00
Jouni Malinen
5febb0d272 TNCS: Fix uninit in error case to not double free IMVs 2010-04-18 11:10:46 +03:00
Jouni Malinen
e0f412b927 atheros: Restore ATH_WPS_IE definition and comment 2010-04-17 21:47:13 +03:00
Jouni Malinen
9b74812032 atheros: Add more robust and complete debug info for ioctl failures 2010-04-17 21:45:34 +03:00
Jouni Malinen
a317d8520e atheros: Update to build with the current driver version 2010-04-17 21:04:26 +03:00
Jouni Malinen
2de5a860a3 Fix build without CONFIG_FULL_DYNAMIC_VLAN 2010-04-17 21:01:35 +03:00
Jouni Malinen
7992b07f6a Remove unnecessary SUBDIRS loops from src/*/Makefile
There are no subdirectories in any of these directories or plans
for adding ones. As such, there is no point in running the loop
that does not do anything and can cause problems with some shells.
2010-04-17 17:10:31 +03:00
Jouni Malinen
e34ce1683c VLAN: Reorder init to get same behavior for all VLAN interfaces
Both the wildcard VLAN entry and the statically configured VLAN
interfaces should behave in the same way. Initializing the
full dynamic VLAN code before adding the statically configured VLAN
interfaces allows the same processing to be applied to both statically
and dynamically added VLAN interface (i.e., also the statically
configured ones will be added to a bridge).
2010-04-17 09:48:27 +03:00
Jouni Malinen
0249c988bb VLAN: Set statically configured VLAN interfaces up
This is needed to be able to bind stations to them with mac80211.
2010-04-17 09:45:18 +03:00
Jouni Malinen
37eb8da957 nl80211: Fix wpa_supplicant build 2010-04-16 14:13:27 +03:00
Jouni Malinen
b9c3e576cb VLAN: Fix bridge interface clean up for no tagged_interface case 2010-04-16 01:13:46 +03:00
M. Braun
20e2cb0ae0 VLAN: Decrease bridge forwarding delay to avoid EAPOL timeouts 2010-04-16 00:48:32 +03:00
M. Braun
0ab7a701ab nl80211: Fix initial add_ifidx() realloc to not forget values
We need to make a copy of the old entries the first time the
if_indices buffer gets allocated.
2010-04-16 00:39:59 +03:00
M. Braun
97cfcf6482 nl80211: Add bridge interfaces to own ifindex list automatically
Whenever our own interface is added to a bridge, add that bridge
into the list of own interfaces.
2010-04-16 00:36:33 +03:00
M. Braun
37ba0928d5 VLAN: Set dynamic VLAN up to fix STA bind and key setup 2010-04-15 23:54:41 +03:00
Jouni Malinen
cd1d72c1d0 nl80211: Add more debug info on NL80211_ATTR_STA_VLAN failures 2010-04-15 23:46:49 +03:00
Jouni Malinen
4254100d6c Stop processing if STA VLAN bind fails 2010-04-15 23:44:10 +03:00
Jouni Malinen
91faf6b948 VLAN: Clean up debug code and error messages 2010-04-15 20:35:51 +03:00
Jouni Malinen
c47cf42e4b WPS: Fix association when both WPS and WPA/RSN IE are included
The WPS IE was overriding the WPA/RSN IE in driver based MLME case
(hostapd_notif_assoc), but the MLME code here was not using WPS IE
correctly, i.e., it allowed the WPA/RSN IE override the operation.
2010-04-15 12:55:34 +03:00
Jouni Malinen
843123590a Fix hostapd build without WPS 2010-04-12 15:15:17 +03:00
Jouni Malinen
0cb445a472 Fix internal DH implementation not to pad shared key
The returned buffer length was hardcoded to be the prime length
which resulted in shorter results being padded in the end. However,
the results from DH code are supposed to be unpadded (and when used
with WPS, the padding is done in WPS code and it is added to the
beginning of the buffer). This fixes WPS key derivation errors
in about 1/256 of runs ("WPS: Incorrect Authenticator") when using
the internal crypto code.
2010-04-12 12:25:21 +03:00
Jouni Malinen
0544b24248 Add BSSID and reason code (if available) to disconnect event
This adds more details into the CTRL-EVENT-DISCONNECTED event to
make it easier to figure out which network was disconnected in some
race conditions and to what could have been the reason for
disconnection. The reason code is currently only available with
the nl80211 driver wrapper.
2010-04-11 21:25:15 +03:00
Jouni Malinen
e3802622db nl80211: Define set_freq for wpa_supplicant, too 2010-04-11 20:36:16 +03:00
Jouni Malinen
c706d5aa17 Add wpa_supplicant AP mode events for Public Action frames 2010-04-11 20:33:33 +03:00
Jouni Malinen
195420b8d1 Add WPS Registrar success callback 2010-04-11 20:21:08 +03:00
Jouni Malinen
b3db190fa2 Started to make set_ap_wps_ie() capable of adding multiple IEs
This mechanism can be used to add various IEs to Beacon and Probe
Response frames and it should be made clear that it is not reserved
only for WPS IE.
2010-04-11 20:16:43 +03:00
Jouni Malinen
087f0254d7 FT: Fix wpa_sm_set_ft_params wrapper for non-FT build 2010-04-11 19:49:32 +03:00
Jouni Malinen
814782b9fe Allow driver wrappers to indicate maximum remain-on-channel duration 2010-04-11 19:42:37 +03:00
Jouni Malinen
de12717a56 nl80211: Fix key configuration in wpa_supplicant AP mode 2010-04-11 19:35:24 +03:00
Jouni Malinen
bc19f67240 nl80211: Remove forgotten Action frame registration example 2010-04-11 19:32:07 +03:00
Jouni Malinen
f3585c8a85 Simplify driver_ops for virtual interface add/remove
There is no absolute requirement for separating address allocation
into separate functions, so simplify the driver wrapper interface
to use just if_add and if_remove instead of adding the new
alloc_interface_addr() and release_interface_addr() functions.

if_add() can now indicate if the driver forced a different interface
name or address on the virtual interface.
2010-04-11 19:23:09 +03:00
Jouni Malinen
addb584881 EAP-MD5: Use conditional success decision
The server may still reject authentication at this point, so better
use conditional success decision. This allows the potentially
following EAP-Failure message to be processed properly. [Bug 354]
2010-04-11 13:43:17 +03:00
Jouni Malinen
f8bf142175 nl80211: Fix memory leak on send_action error path 2010-04-11 12:29:16 +03:00
Jouni Malinen
8d6399e455 Use unsigned bitfield for 1-bit values 2010-04-11 12:27:13 +03:00
Jouni Malinen
e6ecca7737 Fix wpa_sm_has_ptk() no-WPA wrapper location 2010-04-11 11:39:14 +03:00
Yogesh Ashok Powar
721abef9b3 Allow advertising of U-APSD functionality in Beacon
hostapd does not implement UAPSD functionality. However, if U-APSD
functionality is implemented outside hostapd, add support to advertise
the functionality in beacon.

Signed-off-by: yogeshp@marvell.com
2010-04-11 11:32:15 +03:00
Jouni Malinen
0f857f43df FT: Validate MDIE and FTIE in FT 4-way handshake message 2/4 2010-04-10 22:40:35 +03:00
Jouni Malinen
0d7b44099f SME: Do not try to use FT over-the-air if PTK is not available 2010-04-10 22:39:49 +03:00
Jouni Malinen
3b4f6dac19 FT: Verify that MDIE and FTIE matches between AssocResp and EAPOL-Key 3/4 2010-04-10 22:06:13 +03:00
Jouni Malinen
5af8187e11 Split EAPOL-Key msg 3/4 Key Data validation into helper functions 2010-04-10 21:55:29 +03:00
Jouni Malinen
86dfabb809 FT: Add FTIE, TIE[ReassocDeadline], TIE[KeyLifetime] to EAPOL-Key 3/4
These are mandatory IEs to be included in the FT 4-Way Handshake
Message 3.
2010-04-10 21:42:54 +03:00
Jouni Malinen
48de343cd4 Add more verbose debugging for EAPOL-Key Key Data field IEs/KDEs 2010-04-10 21:42:01 +03:00
Jouni Malinen
55046414b1 FT: Copy MDIE and FTIE from (Re)Association Response into EAPOL-Key 2/4
IEEE Std 802.11r-2008 requires that the message 2 includes FTIE and
MDIE from the AP's (Re)Association Response frame in the Key Data
field.
2010-04-10 16:48:40 +03:00
Jouni Malinen
d3ccead325 Make wpa_compare_rsn_ie() handle missing IEs 2010-04-10 16:47:29 +03:00
Jouni Malinen
1566ec4685 Parse EAPOL-Key msg 2/4 Key Data IEs/KDEs before checking RSN/WPA IE
This is needed to avoid incorrect validation errors on RSN/WPA IE
when using FT since there may be more than a single IE in the
Key Data field.
2010-04-10 16:46:17 +03:00
Jouni Malinen
e7846b6859 FT: Clean up wpa_sm_set_ft_params() by using common parse
Instead of parsing the IEs in the callers, use the already existing
parser in wpa_ft.c to handle MDIE and FTIE from initial MD association
response. In addition, this provides more complete access to association
response IEs to FT code which will be needed to fix FT 4-way handshake
message 2/4.
2010-04-10 11:36:35 +03:00
Jouni Malinen
0ae145cde8 FT: Validate FTIE fields in Reassociation Request
ANonce, SNonce, R0KH-ID, and R1KH-ID must match with the values
used in the previous FT authentication sequence message per
IEEE Std 802.11r-2008, 11A.8.4.
2010-04-09 17:14:27 +03:00
Jouni Malinen
8aaf894de2 FT: Validate protect IE count in FTIE MIC Control 2010-04-09 17:08:16 +03:00
Jouni Malinen
148fb67d5e FT: Validate SNonce and ANonce values during FT Protocol in supplicant 2010-04-09 17:02:13 +03:00
Jouni Malinen
f4ec630d1b FT: Set FT Capability and Policy properly in MDIE during initial MD assoc
This field needs to be copied from the scan results for the AP
per IEEE Std 802.11r-2008, 11A.4.2.
2010-04-09 16:41:57 +03:00
Jouni Malinen
76b7981d07 FT: Copy FT Capability and Policy to MDIE from target AP
This sets the FT Capability and Policy field in the MDIE to the values
received from the target AP (if available). This fixes the MDIE contents
during FT Protocol, but the correct value may not yet be used in initial
mobility domain association.
2010-04-09 16:26:20 +03:00
Jouni Malinen
3db6531436 FT: Add R1KH-ID into FT auth seq 3rd message (Reassoc Req)
This is a mandatory subelement per IEEE Std 802.11r-2008, 11A.8.4.
2010-04-09 16:08:50 +03:00
Jouni Malinen
6e80516ab9 FT: Fix Reassociation Response in FT Protocol to include ANonce/SNonce
These values are required to be included in the frame per
IEEE Std 802.11r-2008, 11A.8.5.
2010-04-09 13:36:06 +03:00
Jouni Malinen
1f6e69e07b FT: Do not add MIC to FTIE during initial MD association
We do not have any keys set at this point so there is no point in
adding the MIC. In addition, IEEE Std 802.11r-2008, 11A.4.2
describes this frame to have MIC IE count of 0 and MIC of 0.
2010-04-09 13:30:49 +03:00
Jouni Malinen
6de513fcd3 Fix compiler warning on non-802.11r build 2010-04-08 12:25:19 +03:00
Jouni Malinen
7733991281 nl80211: Start using NL80211_ATTR_LOCAL_STATE_CHANGE
This removes transmission of some unnecessary Deauthentication
frames in cases where we only need to clear the local state. In
addition, this resolves issues for 802.11r FT-over-DS by allowing
authentication state to be set locally even when no actual
Authentication frame is to be transmitted.
2010-04-08 11:31:37 +03:00
Jouni Malinen
27cf8871ad Sync with wireless-testing.git include/linux/nl80211.h
This adds NL80211_ATTR_LOCAL_STATE_CHANGE.
2010-04-08 11:29:54 +03:00
Jouni Malinen
39eb4d0877 FT: Fix GTK subelement format in FTIE
The Key Info field was changed from 1-octet field to 2-octet field
in 802.11r/D7.0, but that had not been updated in the implementation.
2010-04-07 23:57:39 +03:00
Jouni Malinen
26e23750b9 FT: Fix FT 4-Way Handshake to include PMKR1Name in messages 2 and 3
IEEE Std 802.11r-2008, 11A.4.2 describes FT initial mobility domain
association in an RSN to include PMKR1Name in the PMKID-List field
in RSN IE in messages 2/4 and 3/4. This makes the RSN IE not be
bitwise identical with the values used in Beacon, Probe Response,
(Re)association Request frames.

The previous versions of wpa_supplicant and hostapd did not add the
PMKR1Name value in EAPOL-Key frame and did not accept it if added
(due to bitwise comparison of RSN IEs). This commit fixes the
implementation to be compliant with the standard by adding the
PMKR1Name value into EAPOL-Key messages during FT 4-Way Handshake and
by verifying that the received value matches with the value derived
locally.

This breaks interoperability with previous wpa_supplicant/hostapd
versions.
2010-04-07 21:04:13 +03:00
Jouni Malinen
738a1cb286 FT: Do not include RSN IE in (Re)Assoc Resp during initial MD association
RSN IE is only supposed to be included in Reassociation Response frames
and only when they are part of a fast BSS transition.
2010-04-07 17:27:46 +03:00
Gregory Detal
bb437f282b AP: Add wpa_msg() events for EAP server state machine 2010-04-07 11:13:14 +03:00
Jouni Malinen
68532a9ceb Avoid hostapd segfault on invalid driver association event
Running hostapd and wpa_supplicant on the same interface at the same
time is not expected to work, but it should not cause hostapd to crash.
Ignore station mode association events (no addr field) to avoid this.
2010-04-07 10:01:49 +03:00
Andriy Tkachuk
99f4ae67b7 Fix WPA/RSN IE update on reconfig with set_generic_elem()
IF WPA/RSN parameters were changed or WPA/RSN was disabled, the
WPA/RSN IE in Beacon/Probe Response frames was only update with
set_beacon(). We need to do this with set_generic_elem(), too, to
work with all driver wrappers.
2010-04-06 20:44:26 +03:00
Jouni Malinen
643743e215 WPS: Fix WPS IE update in Beacon frames for nl80211
Call ieee802_11_set_beacon() in addition to set_ap_wps_ie() when
processing WPS IE updates. This is needed with drivers that use
set_beacon() instead of set_ap_wps_ie() (i.e., nl80211).
2010-04-06 18:04:30 +03:00
Jouni Malinen
2c59362905 WPS: Add a workaround for incorrect NewWLANEventMAC format
Some ER implementation (e.g., some versions of Intel PROSet) seem to
use incorrect format for WLANEventMAC variable in PutWLANResponse.
Work around this by allowing various MAC address formats to be used
in this variable (debug message will be shown if the colon-deliminated
format specified in WFA WLANConfig 1.0 is not used).
2010-04-06 10:38:37 +03:00
Jouni Malinen
448a0a19d7 Add a more flexible version of hwaddr_aton: hwaddr_aton2()
This version of the MAC address parser allows number of different
string formats for the address (e.g., 00:11:22:33:44:55, 0011.2233.4455,
001122334455, 00-11-22-33-44-55). It returns the number of characters
used from the input string in case of success.
2010-04-06 10:37:13 +03:00
Jouni Malinen
81a658d754 FT: Re-set PTK on reassociation
It turns out that this is needed for both FT-over-DS and FT-over-air
when using mac80211, so it looks easiest to just unconditionally
re-configure the keys after reassociation when FT is used.
2010-04-04 09:34:14 +03:00
Jouni Malinen
2220821113 FT: Use bridge interface (if set) for RRB connection
This fixes receiving of RRB messages between FT APs
2010-04-04 09:31:13 +03:00
Jouni Malinen
21c9b6903e FT: Set WLAN_AUTH_FT auth_alg on FT-over-DS case
This is needed to allow reassociation processing to skip 4-way handshake
when FT-over-DS is used with an AP that has a previous association state
with the STA.
2010-04-04 09:17:57 +03:00
Jouni Malinen
d8ad6cb966 FT: Force key configuration after association in FT-over-DS
This seems to be needed at least with mac80211 when a STA is using
FT-over-DS to reassociate back to the AP when the AP still has the
previous association state.
2010-04-04 09:16:11 +03:00
Jouni Malinen
9a3cb18d74 Add AP-STA-DISCONNECT event for driver-based MLME 2010-04-04 08:14:22 +03:00
Jouni Malinen
c41a1095b5 Allow hostapd_notif_assoc() to be called with all IEs
This makes the call simpler for driver wrappers since there is no need
to parse the IEs anymore before indicating association. In addition,
this allows association processing to be extended to use other IEs
in the future.
2010-04-04 08:14:18 +03:00
Jouni Malinen
0823031750 Fix Windows compilation issues with AP mode code 2010-04-04 08:14:14 +03:00
Jouni Malinen
ade07077ec Add address to hostapd_logger output in wpa_supplicant as AP case 2010-04-04 08:14:09 +03:00