Commit graph

540 commits

Author SHA1 Message Date
Jouni Malinen
c02f35fb59 WPS: Clean up indentation level (CID 68109)
The implementation here was doing what it was supposed to, but the code
was indented in a way that made it quite confusing in the context of a
single line if statement body.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-12 19:45:31 +03:00
Jouni Malinen
86388afa56 WPS: Check for theoretical gmtime() failure
In theory, gmtime() could return NULL if the year value would not fit
into an integer. However, that cannot really happen with the current
time() value in practice. Anyway, clean up static analyzer reports by
checking for this corner case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-07 17:39:51 +03:00
Jouni Malinen
d75a5ae018 WPS ER: Fix UDN parser to handle missing field
Must check that UDN was present before trying to parse it. Avoid a NULL
pointer dereference by checking the result before using os_strstr() when
parsing device description from an AP.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-07 17:35:22 +03:00
Jouni Malinen
0bceb8d6f4 Make dl_list_first() and dl_list_last() uses easier for static analyzers
The previous check for dl_list_len() or having an entry from the list is
sufficient, but some static analyzers cannot figure out that
dl_list_first() and dl_list_last() will return non-NULL in this type of
cases. Avoid invalid reports by explicitly checking for NULL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Jouni Malinen
5f693cb1b6 WPS HTTP: Remove unused assignment
bbp is not used in the code path that skips trailers.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Jouni Malinen
27b418715f WPS: Print setsockopt() failure in debug log
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-28 16:54:09 +03:00
Jouni Malinen
dc39004318 WPS: Remove unused WEP related functionality
Now that WPS 2.0 support is enabled unconditionally, WEP and Shared auth
type are not allowed. This made some of the older code unused and that
can now be removed to clean up the implementation. There is still one
place where WEP is allowed for testing purposes: wpa_supplicant as
Registrar trying to configure an AP to use WEP. That is now only allowed
in CONFIG_TESTING_OPTIONS=y builds, though.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-06 12:31:45 +03:00
Jouni Malinen
c201f93a9e WPS: Enable WSC 2.0 support unconditionally
There is not much point in building devices with WPS 1.0 only supported
nowadays. As such, there is not sufficient justification for maintaining
extra complexity for the CONFIG_WPS2 build option either. Remove this by
enabling WSC 2.0 support unconditionally.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-25 18:33:21 +02:00
Jouni Malinen
f19e370e15 WPS: Do not advertise WPA/WPA2-Enterprise Auth Type Flags
While the device itself may support WPA/WPA2-Enterprise, enrollment of
credentials for EAP authentication is not supported through WPS. As
such, there is no need to claim support for these capabilities within
WPS information.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-20 15:13:48 +02:00
Jouni Malinen
fdb45355d4 WPS: Extend per-station PSK to support ER case as well
When wpa_psk_file is used instead of wpa_psk/wpa_passphrase, each WPS
Enrollee was given a unique PSK. This did not work for the
station-as-Registrar case where ER would learn the current AP settings
instead of enrolling itself (i.e., when using the AP PIN instead of
station PIN). That case can be covered with a similar design, so
generate a per-device PSK when building M7 as an AP in wpa_psk_file
configuration.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-13 18:22:25 +02:00
Rahul Jain
8714caa1c2 WPS: Parse Registrar Configuration Methods
This new subelement was added into the WFA Vendor Extension.

Signed-off-by: Rahul Jain <rahul.jain@samsung.com>
2014-03-05 23:26:16 +02:00
Jouni Malinen
3b6170b78d WPS: Remove duplicate variable setting
There is no need to use a for loop here since the h variable is
set identically at the beginning of the body anyway.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 17:15:12 +02:00
Jouni Malinen
bd27b1360f Make code path easier for static analyzers
record->type == NULL case was handled through the record->type_length
comparison. While this was correct, it is a bit difficult for static
analyzers to understand, so add an extra check for NULL to avoid false
reports on this.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 17:15:11 +02:00
Jouni Malinen
329039869a WPS: Fix UNSUBSCRIBE error returns if NT or CALLBACK header is used
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-22 18:58:33 +02:00
Jouni Malinen
f34df28e93 WPS: Fix UNSUBSCRIBE to return 412 if no SID match found
UPnP-arch-DeviceArchitecture describe ErrorCode 412 to be used for the
case where no un-epxired subscription matches. This used to return 200
which is not strictly speaking correct even though it is unlikely to
cause any problems.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-22 18:58:33 +02:00
Jouni Malinen
80f256a568 WPS: Remove unnecessary filename NULL check
The caller of the GET parser is checking this already and the GET case
was the only one that ended up doing the duplicated validation step.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-22 14:07:23 +02:00
Jouni Malinen
3cdcb3a4b3 tests: Add module tests for WPS attribute parsing
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-21 13:41:30 +02:00
Jouni Malinen
da179bd0e1 WPS: Fix parsing of 0-length WFA vendor extension subelement
The previous parser would have skipped a WFA vendor extension attribute
that includes only a single zero-length subelement. No such subelement
has been defined so far, so this does not really affect any
functionality, but better make the parser address this correctly should
such an element ever be added.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-21 13:08:08 +02:00
Jouni Malinen
8c18fcc237 WPS: Add more debug information to M7 AP Settings
This allows the AP Settings data to be included in debug log
(only with -K on command line).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-07 19:33:47 +02:00
Jouni Malinen
d7a15d5953 WPS: Indicate current AP settings in M7 in unconfigurated state
Previously, unconfigured state was forcing the best supported
authentication and encryption state to be shown in WPS messages,
including AP Settings in M7 in case the AP acts as an Enrollee. This is
not really correct for the AP Settings case, so change that one to
indicate the currently configured state.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-07 19:33:19 +02:00
Jouni Malinen
0b5ff2ae12 WPS: Remove unused Credential AP Channel processing
Commit bd3a373767 added a mechanism to use
AP Channel attribute from within a Credential attribute to optimize
scans. However, this design is not actually used with the WPS NFC use
cases. With configuration token, the AP Channel attribute is in the same
container with the Credential attribute (and that was also handled in
the previous implementation). With connection handover, AP Channel
information is outside the Credential attribute as well.

Simplify implementation by removing the AP Channel within Credential
case. This allows wpas_wps_use_cred() to get the AP Channel from the
container instead of having to find this during credential iteration.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-04 13:23:35 +02:00
Jouni Malinen
1536cb5756 WPS: Remove unused 802.1X attribute parsing and processing
This is not really used in practice and there is no need to maintain
unsed code that would only print debug log entries.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-02-04 13:23:35 +02:00
Jouni Malinen
91226e0d12 WPS: Add testing option to corrupt public key hash
If CONFIG_WPS_TESTING=y is enabled in build configuration, the new
wps_corrupt_pkhash parameter (similar to wps_testing_dummy_cred) can be
used to request public key hash to be corrupted in all generated OOB
Device Password attributes. This can be used for testing purposes to
validate public key hash validation steps.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:31 +02:00
Jouni Malinen
d2f18378e1 WPS NFC: Add BSSID and AP channel info to Configuration Token
This information can help the Enrollee to find the AP more quickly with
an optimized scan.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:31 +02:00
Jouni Malinen
75dbf98157 WPS-STRICT: Update valid Device Password ID and Config Error range
Accept the new values defined for WPS NFC.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:31 +02:00
Jouni Malinen
dd87677115 P2P NFC: Enable own NFC Tag on GO Registrar
When "P2P_SET nfc_tag 1" is used to enable the own NFC Tag for P2P, also
enable it for any running GO interface.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
ac08752d28 WPS NFC: Use pubkey mismatch config error from Enrollee
This was already done for Registrar, but the Enrollee case did not
set config error properly if Registrar public key did not match the
hash received during NFC connection handover.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
db6ae69e6b P2P NFC: Report connection handover as trigger for P2P
"NFC_REPORT_HANDOVER {INIT,RESP} P2P <req> <sel>" can now be used to
report completed NFC negotiated connection handover in which the P2P
alternative carrier was selected.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:56 +02:00
Jouni Malinen
5154689468 P2P NFC: Add WPS attribute building for P2P NFC
These functions can be used to build the WPS attributes for P2P NFC
connection handover messages.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
01afd8dbd7 P2P NFC: Add NDEF helpers for P2P connection handover messages
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
14d8645f63 WPS NFC: Allow BSSID and channel to be included in handover select
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
50d1f8901c NFC: Update WPS ER to use the new connection handover design
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
41f9ffb635 WPS NFC: Build new style carrier record for connection handover request
It is more useful to be able to build a single NFC carrier record
instead of the full connection handover request message to allow
external components to decide whether to negotiate which alternative
carrier is used. This updates the carrier record contents to the new
design to include Enrollee public key hash and provides this as a
carrier record instead of full message. An external program is expected
to be used to build the full NFC connection handover message with
potentially other alternative carrier records included.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
3f1639da57 WPS NFC: Split DH key generation to a separate function
This allows DH key generation to be shared for other purposes than just
the case of OOB Device Password building. In addition, force the DH
public key buffer to be full 192 octets with zero padding to avoid
issues with the buffer being used in messages sent to a peer device.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
975491793b WPS NFC: Update NFC connection handover design
The new Device Password ID 7 is used to indicate that NFC connection
handover is used with DH public key hash from both devices being
exchanged over the NFC connection handover messages. This allows an
abbreviated M1-M2 handshake to be used since Device Password does not
need to be used when DH is authenticated with the out-of-band
information (validation of the public key against the hash).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
34b6795015 WPS NFC: Use abbreviated handshake if both PK hashes delivered OOB
When both the Registrar and Enrollee public key hashes are delivered
out-of-band (in NFC connection handover), use abbreviated WPS handshake
(skip M3-M8).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
5f4545573f WPS NFC: Validate peer public key hash on Enrollee
Since the Enrollee can now get the public key hash from the Registrar,
there is need to validate this during the WPS protocol run.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
ff40cd6dd1 WPS NFC: Send M2D with config error 20 on pkhash mismatch
Instead of terminating the WPS protocol immediately, go through an M2D
exchange to notify Enrollee of the public key hash mismatch.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
e435417eef WPS: Remove Version attribute from NFC messages
This old Version attribute is not really needed anymore for these use
cases with the assumption that there are no existing WPS+NFC
deployments. It was removed from the WSC specification, so make the
implementation match that change.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
72403ecef7 WPS: Add builder functions for AP Channel and RF Bands attributes
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
ea6fc58ccf WPS: Convert printf() debug print to use wpa_printf()
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
67807132cf WPS: Remove unused send_wpabuf()
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:33 +02:00
Jouni Malinen
75d1d0f7b6 WPS: Allow testing mode to disable 2.0 functionality
Previously, wps_version_number was used only to test extensibility to
newer version numbers, but it can also be used to enable testing of
older versions (1.0), e.g., to avoid hitting some 2.0 specific
validation steps.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:32 +02:00
Jouni Malinen
f7e2542f28 Remove unused wps_device_data_dup()
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:32 +02:00
Jouni Malinen
c89d9dba9c Remove unnecessary extra tracking of eloop registration
It is fine to try to cancel a registration that does not exist, so there
is no need to have the duplicated checks for eloop timeout and socket
registration.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:32 +02:00
Jouni Malinen
c86bf160a7 Replace unnecessary hex_value() with hex2byte()
There is no need to maintain two functions for doing
the same type of hex-to-binary conversion.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:32 +02:00
Jouni Malinen
c9629476f3 WPS ER: Fix deinit timeout handling with delayed/failing unsubscribe
The five second timeout to call wps_er_deinit_finish() could potentially
be left behind when removing the ER data based on some other event. This
could result in double-freeing of wps_er context killing the process,
e.g., if the WPS ER functionality is stopped while in the process of
unsubscribing from an AP and then restarted.

In addition, AP entries could still be present in the
er->ap_unsubscribing list when the deinit timeout hits. These entries
would still maintain HTTP context pointing to the ER which would be
freed here and as such, the following HTTP client callback could refer
to freed memory and kill the process. Fix this by freeing AP entries
from ap_unsubscribing list when ER is deinitialized from timeout even if
such AP entries have not completed unsubscription from UPnP events.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-12-26 20:50:28 +02:00
Johannes Berg
196a217403 WPS_UPNP: Use monotonic time for event debouncing
The event debouncing isn't very accurate (since it doesn't
take sub-second resolution into account), but it should use
monotonic time anyway since it doesn't care about the wall
clock.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:57:10 +02:00
Johannes Berg
864c9afa6d wps_registrar: Use monotonic time for PBC workaround
The PBC ignore-start workaround just needs to check whether
the time is within 5 seconds, so should use monotonic time.

While at it, add a few more ifdefs to clearly separate the
code and variables needed.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:54:40 +02:00
Johannes Berg
61e98e9cf7 wps_registrar: Use monotonic time for PBC session timeout
PBC sessions are just time-stamped when activated, and
eventually time out, so should use monotonic time.

While at it, make the code use os_reltime_expired().

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:52:49 +02:00
Johannes Berg
3647e5a7cb wps_registrar: Use monotonic time for PIN timeout
If the PIN expires, then a timeout is given, so that monotonic
time should be used.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:51:41 +02:00
Jouni Malinen
7feff06567 Add CONFIG_CODE_COVERAGE=y option for gcov
This can be used to measure code coverage from test scripts.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-24 19:16:12 +02:00
Jouni Malinen
b6881b5218 WPS NFC: Add more debug for NFC Password Token matching
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-07 13:48:49 +02:00
Jouni Malinen
67a88a747c WPS NFC: Add debug log entry on OOB Dev Pw attribute addition
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-07 13:48:42 +02:00
Jouni Malinen
3318376101 Add explicit buffer length checks for p2p_build_wps_ie()
Even though the length of this buffer is based only on locally
configured information, it is cleaner to include explicit buffer room
validation steps when adding the attributes into the buffer.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-26 15:55:46 +03:00
Jouni Malinen
e88060e1a7 HTTP server: Allow TCP socket to be reused
This makes it easier to handle cases where the application is restarted
and the previously used local TCP port may not have been fully cleared
in the network stack.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-10-18 14:13:45 +03:00
Jouni Malinen
d047ae6278 WPS: Ignore PBC-to-PIN change from M1 to M2 as a workaround
Some APs may incorrectly change Device Password ID from PBC in M1 to
Default PIN in M2 even when they are ready to continue with PBC. This
behavior used to work with earlier implementation in wpa_supplicant, but
commit b4a17a6ea7 started validating this
as part of a change that is needed to support NFC configuration method.

While this kind of AP behavior is against the WSC specification and
there could be potential use cases for moving from PBC to PIN, e.g., in
case of PBC session overlap, it is justifiable to work around this issue
to avoid interoperability issues with deployed APs. There are no known
implementations of PBC-to-PIN change from M1 to M2, so this should not
reduce available functionality in practice.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-09-14 12:02:33 -07:00
Jouni Malinen
52177fbb70 P2P: Store P2P Device Address in per-device PSK records
This makes the P2P Device Address of the Enrollee available with the PSK
records to allow P2P Device Address instead of P2P Interface Address to
be used for finding the correct PSK.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-01 10:47:34 +03:00
Jouni Malinen
05766ed8de P2P: Allow per-device PSK to be assigned
"wpa_cli p2p_set per_sta_psk <0/1>" can now be used to disable/enable
use of per-device PSKs in P2P groups. This is disabled by default.
When enabled, a default passphrase is still generated by the GO for
legacy stations, but all P2P and non-P2P devices using WPS will get
a unique PSK.

This gives more protection for the P2P group by preventing clients from
being able to derive the unicast keys used by other clients. This is
also a step towards allowing specific clients to be removed from a group
reliably without having to tear down the full group to do so.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-09-01 10:14:29 +03:00
David Spinadel
239abaf2ab WPS: Set currently used RF band in RF Bands attribute
According to WSC specification (Ver 2.0.2, section 8.3), RF Bands
attribute should be set to the specific RF band used for the current
message. Add an option to set wanted band in wps_build_rf_bands() and
add a callback to get the current band from wpa_supplicant and hostapd.

Signed-hostap: David Spinadel <david.spinadel@intel.com>
2013-08-25 10:55:53 +03:00
Jeffin Mammen
e96872a4f2 WPS: Track peer MAC address from the last operations
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-23 17:48:59 +03:00
Jeffin Mammen
61b6520e16 WPS: Track result of the latest WPS operation
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-23 17:48:20 +03:00
Jeffin Mammen
50396e29da WPS: Add PBC mode activated/disabled events
This makes it easier to track PBC state on the registrar.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-23 16:52:48 +03:00
Jouni Malinen
961750c1e8 WPS: Share a common function for error strings
This makes it easier to maintain the list of WPS_EI_* error values and
matching strings.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-08-23 16:32:34 +03:00
Jouni Malinen
eb7ddbf108 WPS: Stop SSDP service before freeing the pending entries
This avoids debug warnings about freeing referenced memory.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-07-11 17:03:50 +03:00
Jouni Malinen
9b1693a162 WPS: Allow Device Password Id changes between PIN methods
Commit b4a17a6ea7 added support for the
WPS Registrar to change the Device Password based on WSC specification
design. However, this added validation for Registrar behavior which
resulted in preventing a common P2P use case from working. Relax the
validation rules for builds with P2P enabled to allow the Enrollee (P2P
client) accepting M1/M2 changes in Device Password Id between Default
and Registrar-specified PIN.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-28 00:35:47 +03:00
Jouni Malinen
11e5a49c28 WPS: Do not use void* in arithmetic
This is a C compiler extension and not needed, so replace with standard
compliant way of calculating the pointer.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-04 20:19:45 +03:00
Jouni Malinen
c64686229f WPS ER: Allow UPnP interface to be forced
"WPS_ER_START ifname=<interace>" can now be used to force a specific
interface to be used for UPnP operations. This is especially useful for
automated test cases where the lo interface can now be used easily to
perform ER operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-28 21:56:24 +03:00
Jouni Malinen
5e24dc8a4b Add dup_binstr() to help common binary string tasks
There are quite a few places in the current implementation where a nul
terminated string is generated from binary data. Add a helper function
to simplify the code a bit.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-27 23:44:59 +03:00
Jouni Malinen
fe904963d0 WPS: Fix AP auto configuration on config token generation
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-27 22:14:56 +03:00
Jouni Malinen
8f7a6dd7d0 WPS NFC: Allow Device Password ID override for selected registrar
When a specific out-of-band Device Password is enabled, it can be useful
to be able to advertise that in the selected registrar information.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-27 22:14:31 +03:00
Jouni Malinen
aaecb69d87 WPS: Use generic MAC Address attribute builder
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-27 22:13:36 +03:00
Jouni Malinen
88c8bf311e WPS NFC: Allow configuration token to be built from network block
"WPS_NFC_CONFIG_TOKEN <WPS/NDEF> <network id>" can now be used to build
an NFC configuration token from a locally configured network.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-01 21:28:57 +03:00
Jouni Malinen
e205401c72 WPS ER: Allow Enrollee to be specified with MAC address
wps_er_pbc and wps_er_pin can now be used with both the UUID and MAC
Address of the Enrollee.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-01 20:52:44 +03:00
Jouni Malinen
59307b3007 WPS ER: Allow AP to be specified with BSSID
This extends the WPS ER commands that previously accepted only UUID as
an identifier for an AP to use either UUID or BSSID for this.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-01 20:32:09 +03:00
Jouni Malinen
49e160a58d WPS: Fix use of pre-configured DH keys with multiple operations
wps_build_public_key() takes the dh_ctx into use and another attempt to
use the same DH keys fails with wps->dh_ctx being set to NULL. Avoid
this by using the DH parameters only if dh_ctx is valid. This fixes
cases where a use of local pre-configured DH keys followed by an
operating using peer DH keys would faild due to unexpected attempt to
use local keys again.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-01 19:30:34 +03:00
Jouni Malinen
5c9d63d46f WPS: Be more careful with pre-configured DH parameters
Make the implementation more robust against error cases with
pre-configured DH parameters.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-01 19:27:32 +03:00
Jouni Malinen
d8ed3a075a WPS: Fix OOB Device Password use in PSK1,PSK1 derivation
WSC specification 2.0 section 7.4 describes OOB password to be expressed
in ASCII format (upper case hexdump) instead of raw binary.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-24 10:57:49 +02:00
Jouni Malinen
042ec551d4 WPS: Use pre-configured NFC password token instead of overriding it
"WPS_NFC_TOKEN <WPS/NDEF>" used to generate a new NFC password token
regardless of whether there was a pre-configured token in the
configuration. Change this to use the pre-configured value, if
available, instead. This allows the same command to be used to write the
password token to an NFC tag more conveniently.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-15 11:24:29 +02:00
Jouni Malinen
b4a17a6ea7 WPS: Allow Device Password to be changed from M1 to M2
Registrar is allowed to propose another Device Password ID in M2. Make
Enrollee validate Device Password ID in M2 to check if this happened.
This commit adds support for changing from NFC password token to default
PIN for the case where the AP is the Enrollee and has both the NFC
password token and AP PIN enabled at the same time.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-14 20:41:14 +02:00
Jouni Malinen
bbaaaee171 WPS: Fetch only the carrier record from wpa_supplicant for NFC
Since there could be multiple carrier records, it is cleaner to build
only the WPS carrier record instead of full NFC connection handover
request within wpa_supplicant.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-02-10 18:19:59 +02:00
Jouni Malinen
9904ff876a WPS: Add RF bands attribute conditionally to Probe Response frame
WSC IE in Beacon and Probe Response frames should behave consistently
as far as the RF Bands attribute is concerned. Use the same dualband
condition for adding this into Probe Response frames since the value
is not really needed if the AP is not a dualband AP.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-17 16:08:23 +02:00
Jouni Malinen
1a2d22a242 Remove unneeded header file inclusion
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-25 17:06:38 +02:00
Jouni Malinen
6366a17ce3 WPS: Add a workaround for PBC session overlap detection
Some deployed station implementations implement WPS incorrectly and
end up causing PBC session overlap issues by indicating active PBC
mode in a scan after the WPS provisioning step. Work around this by
ignoring active PBC indication in a Probe Request from a station that
completed PBC provisioning during the last five seconds.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-15 19:59:04 +02:00
Jouni Malinen
207fb86411 WPS: Remove deprecated UFD config method and OOB ctrl_iface
The UFD (USB flash drive) configuration method was deprecated in WSC
2.0. Since this is not known to be used, remove the UFD implementation
from hostapd and wpa_supplicant to allow the WPS implementation to be
cleaned up. This removes the now unused OOB operations and ctrl_iface
commands that had already been deprecated by the new NFC operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-11 13:01:06 +02:00
Jouni Malinen
b363121a20 WPS: Reject invalid credential more cleanly
If WPS Registrar tries to provision a WPA/WPA2-Personal network without
including a valid Network Key, the network block cannot be used to
connect to the network. Reject such credential without adding the
network block. This makes wpa_supplicant send WSC_NACK as a response to
the invalid Credential and stop the provisioning process immediately
rather than only after trying unsuccessfully to connect to the network.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-01 16:30:35 +02:00
Jouni Malinen
9f36eac6e5 WPS: Remove old OOB NFC interface
The old WPS interface for using NFC has no known deployments and even
the binary libraries referenced here are not easily available anymore.
Since the new interface for using NFC with WPS covers the same
functionality, remove the old implementation to clean up WPS
implementation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-10-28 18:20:03 +02:00
Jouni Malinen
bd3a373767 WPS: Use AP Channel attribute in credential to speed up scan
When WPS is used with NFC connection handover, the AP may indicate its
operating channel within the credential information. Use this
informatiom, if present, to speed up the scan process.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-10-28 18:02:04 +02:00
Jouni Malinen
e65552ddf2 WPS: Add preliminary NFC connection handover support for Enrollee
This commit adds new wpa_supplicant ctrl_iface commands to allow
external programs to go through NFC connection handover mechanism
with wpa_supplicant taking care of the WPS processing. This version
includes only the case where wpa_supplicant is operating as a
station/Enrollee.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-10-28 17:39:46 +02:00
Jouni Malinen
3a643324c6 WPS: Limit number of active wildcard PINs to one
Previously, WPS Registrar allowed multiple wildcard PINs to be
configured. This can get confusing since these PINs get assigned to any
Enrollee that does not have a specific PIN and as such, cannot really be
used with different PIN values in reasonable ways. To avoid confusion
with multiple enabled PINs, invalidate any previously configured
wildcard PIN whenever adding a new one.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-10 17:38:06 +03:00
Jouni Malinen
315dbfb11e WPS: Fix a potential memory leak on wps_init() error path
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-02 16:51:27 +03:00
Jouni Malinen
f9f0526bcd WPS: Maintain more AP state during WPS PIN iteration
Maintain state of WPS APs during iteration to find the correct AP for
WPS PIN operation when no specific BSSID is specified. This information
can be used for optimizing the order in which the APs are tried. This
commit is only adding the collection of the information and more
detailed debug information to make debug logs more helpful in figuring
out how the AP selection order could be improved.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-27 13:48:11 +03:00
Eyal Shapira
b4e9e2659b WPS: Fix nonce comparisons
Multiple memcmps of nonces were actually comparing only the first byte
instead of all 16 bytes. [Bug 462]

Signed-hostap: Eyal Shapira <eyal@wizery.com>
intended-for: hostap-1
2012-08-13 19:50:33 +03:00
Jouni Malinen
a5ed45586c WPS SSDP: Fix socket leaks on error paths
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-07-07 13:01:45 +03:00
Jouni Malinen
19991e5fb2 WPS UDF: Fix fd leak on error path
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-07-07 13:00:00 +03:00
Jouni Malinen
dcc3305701 Move p2p_connect PIN format validation into a separate function
This functionality could be shared for other commands, too, so move
it to a common function. In addition, implement the validation in a
bit more strict way to avoid accepting values like '-123' as a valid
PIN.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-30 21:27:32 +03:00
Jouni Malinen
bfc62fe133 WPS: Share a single function for generating NFS password tokens
There is no need for both hostapd and wpa_supplicant to have their
own functions for this.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 21:01:37 +03:00
Jouni Malinen
ffdaa05a6b WPS: Add support for NCF password token from AP
The new hostapd ctrl_iface command WPS_NFC_TOKEN can now be used to
manage AP-as-Enrollee operations with NFC password token. WPS/NDEF
parameters to this command can be used to generate a new NFC password
token. enable/disable parameters can be used to enable/disable use of
NFC password token (instead of AP PIN) for external Registrars.

A preconfigured NFS password token can be used by providing its
parameters with new hostapd.conf fields wps_nfc_dev_pw_id,
wps_nfc_dh_pubkey, wps_nfc_dh_privkey, and wps_nfc_dev_pw. This use
will also depend on WPS_NFC_TOKEN enable/disable commands, i.e., the
configured NFS password token is disabled by default.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 19:43:29 +03:00
Jouni Malinen
1cea09a9e2 WPS ER: Add support for building NFC configuration token
WPS_ER_NFC_CONFIG_TOKEN command can now be used to build a NFC
configuration token based on AP Settings learnt with WPS_ER_LEARN
or set with WPS_ER_CONFIG.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 16:35:51 +03:00
Jouni Malinen
d7645d239d WPS: Add support for NFC configuration token from external program
The new wpa_supplicant ctrl_iface command WPS_NFC_TAG_READ can now be
used to process NFC tags read by external programs to initiate
wpa_supplicant to use NFC Configuration Token to create a new network.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 13:59:29 +03:00
Jouni Malinen
3cf7a59d4f WPS: Add new mechanism for generation NFC configuration token
The new hostapd ctrl_iface command WPS_NFC_CONFIG_TOKEN can now be used
to fetch payload for an NFC configuration token so that an external
program can be used to write this on an NFC tag.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 13:25:48 +03:00
Jouni Malinen
0e3c16546b WPS: Use separate list of NFC Password Tokens in the Registrar
This adds a cleaner mechanism for handling NFC Password Tokens in the
WPS Registrar. There could be more than one active NFC Password Token in
use and as such, a list of tokens needs to be maintained. The old
WPS_OOB interface is still using the old mechanism that supports only a
single active NFC Password Token.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 22:15:55 +03:00
Jouni Malinen
bb45b6d79a WPS: Add new mechanism for communicating NFC tag read events
hostapd ctrl_iface can now be used to deliver payload from read
operation of an NFC tag. This allows operations without having to have
low-level NFC code within hostapd. For now, the new wps_nfc_tag_read
command can be used with NFC password tokens for the case where the AP
has an NFC device that is used to read an NFC tag from the station
Enrollee.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:13 +03:00
Jouni Malinen
3f2c8ba6d3 WPS: Add new mechanism for NFC config method using password token
Instead of requiring low-level access to an NFC device and synchronous
operations, the new WPS_NFC_TOKEN and WPS_NFC ctrl_iface commands can be
used to build a NFC password token and initiate WPS protocol run using
that token (or pre-configured values) as separate commands. The
WPS_NFC_TOKEN output can be written to a NFC tag using an external
program, i.e., wpa_supplicant does not need to have low-level code for
NFC operations for this.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
6b5a0c9466 WPS: Move attribute parser definitions into a new header file
This allows wps/wps_attr_parse.h to be included into files outside
src/wps.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
78e625f79a WPS: Split wps_build_oob_dev_password() into parts
This allows sharing of a function to build the attribute without
changing the OOB parameters.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
8a13732f83 NDEF: Mark input data const when it is not modified
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
2f425090fb WPS: Allow NDEF functions to be used from outside src/wps
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
e524ebe387 NDEF: Skip unnecessary wpabuf to ptr/len conversion
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
4e0131d351 WPS: Add support for OOB dev password lengths 16..31
Previously, only the maximum length 32 octets for OOB device password
was accepted. Since the specification allows a shorter password to be
used with limited OOB mechanism (e.g., small NFC tag), we should accept
lengths 16..32.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
582143e544 WPS: Fix potential memory leak with NFC password token
The old stored public key hash needs to be freed before replacing
the pointer with the new value.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
7be6dc2e96 WPS: Fix NFC password token building with WPS 2.0
The earlier WPS 2.0 changes did not increase the wpabuf size when
adding a new attribute to the NFC password token. This could result
in aborting the application on wpabuf overflow if NFC out-of-band
mechanism is used with WPS 2.0 enabled.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-06-27 21:21:11 +03:00
Yoni Divinsky
9148ae58d0 hostapd: Fix PBC config method of WSC IE in Beacon/Probe Response
In AP which supports WPSv2 with only virtual push button, when PBC is
called, the WSC IE should include Selected Registrar Configuration
Methods attribute with the bit of the physical push button not set.

Signed-hostap: Yoni Divinsky <yoni.divinsky@ti.com>
2012-06-25 12:20:37 +03:00
Anirban Sirkhell
71dd3b78f9 WPS: Allow vendor specific attribute to be added into M1
wps_vendor_ext_m1 configuration parameter can now be used to add a
vendor specific attribute into the WPS M1 message, e.g., for
Windows Vertical Pairing.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-04-04 00:08:57 +03:00
Masashi Honma
e4e3131d68 WPS: Select the BSD license terms as the only license alternative
I changed license terms which I can change.
(email of Mon, 5 Mar 2012 22:59:02 +0900 to hostap@lists.shmoo.com)
2012-03-05 17:15:47 +02:00
Jouni Malinen
1affa36cb5 WPS: Invalidate wildcard PIN on other radios after successful use
If a wildcard PIN is used on any of the radios that hostapd is
controlling, invalidate the matching PIN on all the other radios
to avoid multiple uses of the same PIN.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-29 20:42:48 +02:00
Jouni Malinen
360182ed7c P2P: Advertise immediate availability of WPS credential
Use Device Password ID in WSC IE of Probe Request and Probe Response
frames to advertise immediate availability of WPS credentials per P2P
specification sections 3.1.2.1.1 (Listen State), 3.1.2.1.2 (Scan Phase),
and 3.1.2.1.3 (Find Phase).

For now, the Device Password ID is set only for the case where we are
active GO Negotiation with a specific peer. In practice, this means that
the Probe Response frames during pending GO Negotiation (whenever in
Listen state) indicate availability of the credential.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-27 23:14:35 +02:00
Jouni Malinen
974c56ac24 WPS UPnP: Clean up URL parser
Remove unnecessary second copy of the URL and too long memory
allocation. In addition, avoid use of strcpy() to keep static analyzers
happier.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-19 13:19:34 +02:00
Jouni Malinen
ff22d1e10e WPS: Fix clearing of SetSelectedRegistrar with multiple interfaces
The SetSelectedRegistrar timeout was registered for each registrar
instance, but the only context pointer (struct subscription *) was
shared with each registrar which resulted in the timeout getting
cancelled for some of the registrar instances before the selected
registrar (ER) information was cleared.

In addition, when an ER unsubscribed from receiving events, the
selected registrar information got cleared only from a single
registrar.

Fix these issues by registering a pointer to the registrar
instance in the timeout and by iterating over all UPnP interfaces
when removing a subscription.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-13 23:02:57 +02:00
Jouni Malinen
0f3d578efc Remove the GPL notification from files contributed by Jouni Malinen
Remove the GPL notification text from the files that were
initially contributed by myself.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 19:39:36 +02:00
Jouni Malinen
e22d4d957b Remove the GPL notification from files contributed by Atheros
Remove the GPL notification text from files that were initially
contributed by Atheros Communications or Qualcomm Atheros.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 19:39:36 +02:00
Ganesh Prasadh
84751b98c1 WPS: Allow wildcard UUID PIN to be used twice
Previously, PINs that are added with a wildcard UUID were allowed to
be used only by a single Enrollee. However, there may be more than one
Enrollee trying to connect when an AP indicates that active Registrar
is present. As a minimal workaround, allow two Enrollees to try to use
the wildcard PIN. More complete extension could use timeout and allow
larger set of Enrollees to try to connect (while still keeping in mind
PIN disabling requirement after 10 failed attempts).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-02-08 12:37:57 +02:00
Jouni Malinen
32cdcf15b2 WPS: Disable AP PIN after 10 consecutive failures
While the exponential increase in the lockout period provides an
efficient mitigation mechanism against brute force attacks, this
additional trigger to enter indefinite lockout period (cleared by
restarting hostapd) will limit attacks even further by giving maximum of
10 attempts (without authorized user action) even in a very long term
attack.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-01-30 17:36:14 +02:00
Jouni Malinen
ce7b56afab WPS: Fix an interoperability issue with mixed mode and AP Settings
It looks like Windows 7 WPS implementation does not like multiple
Authentication/Encryption Type bits to be set in M7 AP Settings
attributes, i.e., it refused to add a network profile if the AP
was configured for WPA/WPA2 mixed mode and AP PIN was used to
enroll the network.

Leave only a single bit set in the Authentication/Encryption Type
attributes in M7 when the AP is acting as an Enrollee to avoid this
issue.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-01-27 22:32:15 +02:00
Spencer Chang
62a8ea7d01 WPS: Cancel previous registered wps_registrar_pbc_timeout
Since wps_registrar_pbc_timeout is called to stop PBC, previously
registered wps_registrar_pbc_timeout must be canceled when canceling
the WPS operation.

Signed-off-by: Spencer Chang <jungwalk@gmail.com>
2011-12-29 21:32:06 +02:00
Vitaly Wool
c3daaf3325 Skip WPS PBC overlap detection if P2P address is the same
WPS overlap detection can detect false overlap if a P2P peer
changes UUID while authentication is ongoing. Changing UUID
is of course wrong but this is what some popular devices do
so we need to work around it in order to keep compatibility
with these devices. There already is a mechanism in WPS
registrar to skip overlap detection if P2P addresses of two
sessions match but it wasn't really triggered because the
address wasn't filled in in the caller function.

Let's fill in this address and also clean up WPS PBC sessions
on WSC process completion if UUID was changed.

Signed-hostap: Vitaly Wool<vitalywool@gmail.com>
2011-12-11 12:03:18 +02:00
Subrat Dash
910b482d9b WPS: Fix stopping of active WPS operation on dual concurrent AP
When hostapd controls multiple radios, WPS operations are started on
all interfaces. However, when the provisioning run had been completed
successfully, actiove WPS mode was stopped only a single interface. Fix
this to iterate through all interfaces so that this is handled
consistently with the starting of WPS operation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2011-11-30 16:48:14 +02:00
Jouni Malinen
d6d731b848 WPS ER: Fix segfault in some selected registrar change cases
Commit 628d54639a introduced number
of new WPS related ctrl_iface messages to hostapd. Some of these
were for ER events which do not make any sense to hostapd that
cannot operate as an ER. The WPS_EV_ER_SET_SELECTED_REGISTRAR one
from wps_registrar_sel_registrar_changed_event() was especially
problematic since it can cause wpa_supplicant ER code segfault due
to missing event data.

Revert all the ER specific changes from commit
628d54639a to get rid of the segfault
and undesired extra code in hostapd.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2011-11-30 14:44:23 +02:00
Jouni Malinen
e159cc5e9b Use NULL instead of 0 for pointers
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-18 22:07:30 +02:00
Jouni Malinen
68a0f6d768 WPS: Use strdup to initialize dev_password for PBC
Some static analyzers complain about memset with '0' value. This was
used correctly here, but since use of strdup is about as good an option,
use that to silence the invalid warnings.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-17 19:58:33 +02:00
Jouni Malinen
a17539ebcd Remove unnecessary include file inclusion
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-13 22:13:04 +02:00
Olivier Sobrie
6f75536fc9 WPS: Send the credential when learning AP params in registrar role
When the supplicant acts as a registrar to learn the access point
parameters send the credentials to the wpa_cli interface after
receiving the 7th message. This is needed for proper behavior with
wps_cred_processing set to 1 or 2.

Without this patch, after the 7th message you got the WPS-CRED-RECEIVED
notification without the credentials. This was because the cred_attr and
cred_attr_len were not filled in in the wps structure.

Signed-off-by: Olivier Sobrie <olivier@sobrie.be>
2011-10-30 22:10:40 +02:00
Jouni Malinen
46eeedac61 Remove unused variables 2011-10-23 12:42:55 +03:00
Andrii Bordunov
d01b205378 Remove unused variable and function 2011-10-22 21:59:17 +03:00
Zhi Chen
56aa082a1d WPS: Send AP Settings as a wrapped Credential attribute to ctrl_iface
Wrap self-generated WPS credential for new AP settings and send that to
control interface to provide the needed information in
WPS-NEW-AP-SETTINGS for external processing.
2011-09-30 22:26:37 +03:00
Pavel Roskin
ffbf1eaa26 Fix typos found by codespell
Signed-off-by: Pavel Roskin <proski@gnu.org>
2011-09-22 00:43:59 +03:00
Jouni Malinen
531e420dd7 Remove time.h include from utils/includes.h
os_*() wrappers should be used instead of functions from time.h.
Removing the header from includes.h enforces this. os_unix.c can
include this its uses are valid wrapper calls. wps_upnp.c uses
gmtime() for which there is no os_*() wrapper available yet, so
allow it to use time.h, too. Similarly, allow dump_state.c to
use time.h for ctime().
2011-09-12 22:19:26 +03:00
Bharat Chakravarty
a9355fac5f WPS: Set Probe Request config methods based on configuration
Instead of hardcoding the Config Methods attribute value in Probe
Request frames, set this based on the configured parameter
config_methods to allow correct set of methods to be advertised.
2011-09-01 15:24:45 +03:00
Jouni Malinen
ae9c400358 WPS ER: Fix UPnP XML Device Description parser to find correct device
The device description file may include multiple devices. Improve the
simplistic parser by first trying to find the WFADevice:1 device before
fetching the device parameters. While this is still far from complete
XML parsing, this should address the most common root device
specifications.
2011-08-31 13:56:03 +03:00
Jouni Malinen
17f6b90056 WPS: Wait for EAPOL-Start unless WPS 2.0 station as workaround
Extend the code that waits for the station to send EAPOL-Start before
initiating EAPOL authenticator operations to cover the case where the
station includes WPS IE in (Re)Association Request frame if that IE
does not include support for WPS 2.0. While this should not really
be needed, this may help with some deployed WPS 1.0 stations that do
not support EAPOL operations correctly and may get confused of the
EAP-Request/Identity packets that would show up twice if EAPOL-Start
is transmitted.
2011-08-28 19:16:59 +03:00
Jouni Malinen
167dc97501 WPS: Fix M2/M2D Config Methods to include PushButton even if PBC not in use
The Config Methods attribute in M2 and M2D messages is supposed to
indicate which configuration methods are supported by the Registrar. As
such, it should not depend on whether PBC mode is currently active or
not. That will only affect the Selected Registrar Config Methods and
Device Password ID attributes.
2011-08-11 17:03:57 +03:00
Jouni Malinen
59639fa112 WPS: Fix default virt/phy pushbutton config method setting
Instead of always adding PHY PushButton config method, only add this
if neither virtual nor physical push button is advertised.
2011-08-11 16:51:40 +03:00
Anish Nataraj
628d54639a Dispatch more WPS events through hostapd ctrl_iface 2011-08-04 16:56:41 +03:00
Jouni Malinen
fa5165586f WPS: Add a workaround for Windows 7 capability discovery for PBC
Windows 7 uses incorrect way of figuring out AP's WPS capabilities by
acting as a Registrar and using M1 from the AP. The config methods
attribute in that message is supposed to indicate only the configuration
method supported by the AP in Enrollee role, i.e., to add an external
Registrar. For that case, PBC shall not be used and as such, the
PushButton config method is removed from M1 by default. If pbc_in_m1=1
is included in the configuration file, the PushButton config method is
left in M1 (if included in config_methods parameter) to allow Windows 7
to use PBC instead of PIN (e.g., from a label in the AP).
2011-05-17 19:53:02 +03:00
Jouni Malinen
c8d88a145b WPS: Fix off-by-one check in vendor extension parsing 2011-04-14 20:02:31 +03:00
Jean-Michel Bachot
046ef4aa67 P2P: Add option for requested device type in P2P search/scan
With this, p2p_find can be extended to find certain requested device
types.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-03-19 12:57:46 +02:00
Jean-Michel Bachot
6f2c060711 P2P: Keep track of peer WPS vendor extensions
Make the P2P code keep track of WPS vendor extensions received from
peers so they can be exposed via DBus later.

Signed-off-by: Jean-Michel Bachot <jean-michelx.bachot@linux.intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-03-19 12:22:21 +02:00
Jean-Michel Bachot
4028a7fd43 WPS: Add support for adding WPS Vendor Extensions
This adds the ability to add WPS vendor extensions to an AP (or GO).
They will be added to the WSC IE(s) in Beacon and Probe Response frames.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-03-19 12:22:16 +02:00
Jouni Malinen
f3cb52fb90 WPS: Move P2P extension generation for WSC IE in Beacon frames
This cleans up debug log by keeping the WSC IE attributes for Beacon
frames before starting to build the Probe Response frame.
2011-03-19 12:22:09 +02:00
Jouni Malinen
f2b3c6bc9c WPS: Add more debug information to PBC session overlap check 2011-03-17 18:04:56 +02:00