Commit graph

4402 commits

Author SHA1 Message Date
Sunil Dutt
e47abdb9db TDLS: Decline Setup Request with status code 37 if BSSID does not match
TDLS Setup Request frame has to be rejected with status code 37 ("The
request has been declined"), if the BSSID in the received Link
Identifier does not match the current BSSID per IEEE Std 802.11-2012,
10.22.4 ('TDLS direct-link establishment') step (b). The previously used
status code 7 ('Not in same BSS') is described to used only when
processing TPK Handshake Message 2 in TDLS Setup Response frame.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-02 18:06:58 +03:00
Mahesh A Saptasagar
ce2002acca TDLS: Add RSN and Timeout interval IEs in TDLS Discovery Response frame
If RSN is enabled, add RSN and Timeout interval elements in TDLS
Discovery Response frames.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-02 17:11:42 +03:00
Jouni Malinen
f2e9083549 nl80211: Add more RTM_NEWLINK/DELLINK debug messages
This makes it easier to figure out what operations are generating each
RTM_DELLINK message.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-01 16:18:01 +03:00
Jouni Malinen
728ff2f469 nl80211: Fix RTM_DELLINK processing for bridge events
When a netdev is removed from a bridge, RTM_DELLINK message is received
with ifname (IFLA_IFNAME) pointing to the main netdev event though that
netdev is not deleted. This was causing issues with P2P GO interface
getting disabled when the netdev was removed from a bridge. Fix this by
filtering RTM_DELLINK events that are related to the bridge when
indicating interface status changes.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-01 16:14:07 +03:00
Jouni Malinen
04a258e7c5 hostapd: Check that EVENT_ASSOC data is present before using it
While hostapd should not really receive the EVENT_ASSOC message for
IBSS, driver_nl80211.c could potentially generate that if something
external forces the interface into IBSS mode and the IBSS case does not
provide the struct assoc_info data. Avoid the potential NULL pointer
dereference by explicitly verifying for the event data to be present.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-08-26 17:23:02 +03:00
Avinash Patil
b8d87ed296 nl80211: Disable Probe Request reporting for static AP during deinit
Disable Probe Request reporting for statically created AP interfaces
during de-initialization. We will enable it again while starting AP
operations.

Signed-off-by: Avinash Patil <avinashapatil@gmail.com>
2014-08-10 11:22:30 +03:00
Avinash Patil
bf144cf649 nl80211: Do not change iftype for static AP interface
Some devices have limitations which do not allow changing virtual
interface mode from AP to station or vice versa. To work around this,
check if such AP interface is not dynamic. If such an interface is
enumarated, just set ifmode to AP and avoid setting nlmode to default
station mode on deinit.

Signed-off-by: Avinash Patil <avinashapatil@gmail.com>
2014-08-10 11:19:11 +03:00
Jean-Marie Lemetayer
61157afb1c wext: Add signal_poll callback
Add a basic implementation of a signal_poll callback for wext drivers.

Signed-off-by: Jean-Marie Lemetayer <jeanmarie.lemetayer@gmail.com>
2014-08-10 11:07:05 +03:00
Jouni Malinen
6c460eaf7e Add RSN cipher/AKM suite attributes into RADIUS messages
This adds hostapd support for the new WLAN-Pairwise-Cipher,
WLAN-Group-Cipher, WLAN-AKM-Suite, and WLAN-Group-Mgmt-Pairwise-Cipher
attributes defined in RFC 7268. These attributes are added to RADIUS
messages when the station negotiates use of WPA/RSN.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-31 19:55:29 +03:00
Jouni Malinen
cdffd72173 Add WLAN-HESSID into RADIUS messages
This adds hostapd support for the new WLAN-HESSID attribute defined in
RFC 7268. This attribute contains the HESSID and it is added whenever
Interworking is enabled and HESSID is configured.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-31 19:55:29 +03:00
Jouni Malinen
69002fb0a8 Add Mobility-Domain-Id into RADIUS messages
This adds hostapd support for the new Mobility-Domain-Id attribute
defined in RFC 7268. This attribute contains the mobility domain id and
it is added whenever the station negotiates use of FT.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-31 19:55:29 +03:00
Elliott Hughes
ec5357323c Android: Always #include <sys/...>, not <linux/...>
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-07-31 16:59:23 +03:00
Jouni Malinen
e8c08c9a36 EAP-FAST server: Fix potential read-after-buffer (by one byte)
The special PAC_OPAQUE_TYPE_PAD case did not skip incrementing of the
pos pointer and could result in one octet read-after-buffer when parsing
the PAC-Opaque data.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-26 21:14:05 +03:00
Jouni Malinen
27a725cf74 EAP: Do not allow fast session resumption with different network block
This forces EAP peer implementation to drop any possible fast resumption
data if the network block for the current connection is not the same as
the one used for the previous one. This allows different network blocks
to be used with non-matching parameters to enforce different rules even
if the same authentication server is used. For example, this allows
different CA trust rules to be enforced with different ca_cert
parameters which can prevent EAP-TTLS Phase 2 from being used based on
TLS session resumption.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-26 19:39:13 +03:00
Jouni Malinen
905c7223b1 Add wpa_msg_global_ctrl()
This is similar to wpa_msg_global() in the same way as wpa_msg_ctrl() is
to wpa_msg(). In other words, wpa_msg_global_ctrl() is used to send
global control interface events without printing them into the debug
log.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-26 13:04:03 +03:00
Jouni Malinen
1f1fe195cd EAP-pwd: Clear identity string and temporary buffer explicitly
Use an explicit memset call to clear any configuration parameter and
dynamic data that contains private information like keys or identity.
This brings in an additional layer of protection by reducing the length
of time this type of private data is kept in memory.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-24 20:12:57 +03:00
Florent Daigniere
f119d66942 EAP-pwd: Verify BN_rand_range return code
This makes the EAP-pwd server and peer implementations more robust
should OpenSSL fail to derive random number for some reason. While this
is unlikely to happen in practice, the implementation better be prepared
for this should something unexpected ever happen. See
http://jbp.io/2014/01/16/openssl-rand-api/#review-of-randbytes-callers
for more details.

Signed-off-by: Florent Daigniere <nextgens@freenetproject.org>
2014-07-24 19:42:44 +03:00
Florent Daigniere
5197f0335c EAP-pwd: Use os_memcmp_const() for hash comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Florent Daigniere <nextgens@freenetproject.org>
2014-07-24 19:39:44 +03:00
Florent Daigniere
26c10f797c OpenSSL: Use EC_POINT_clear_free instead of EC_POINT_free
This changes OpenSSL calls to explicitly clear the EC_POINT memory
allocations when freeing them. This adds an extra layer of security by
avoiding leaving potentially private keys into local memory after they
are not needed anymore. While some of these variables are not really
private (e.g., they are sent in clear anyway), the extra cost of
clearing them is not significant and it is simpler to just clear these
explicitly rather than review each possible code path to confirm where
this does not help.

Signed-off-by: Florent Daigniere <nextgens@freenetproject.org>
2014-07-24 19:35:07 +03:00
Florent Daigniere
3248071dc3 OpenSSL: Use BN_clear_free instead of BN_free
This changes OpenSSL calls to explicitly clear the bignum memory
allocations when freeing them. This adds an extra layer of security by
avoiding leaving potentially private keys into local memory after they
are not needed anymore. While some of these variables are not really
private (e.g., they are sent in clear anyway), the extra cost of
clearing them is not significant and it is simpler to just clear these
explicitly rather than review each possible code path to confirm where
this does not help.

Signed-off-by: Florent Daigniere <nextgens@freenetproject.org>
2014-07-24 19:28:39 +03:00
Dmitry Shmidt
870dfe9932 EAP-TTLS: Remove FreeRADIUS workaround for EAP-TTLS/MSCHAPv2
FreeRADIUS releases before 1.1.4 did not send MS-CHAP2-Success in
EAP-TTLS/MSCHAPv2. A wpa_supplicant workaround for that was added in
2005 and it has been enabled by default to avoid interoperability
issues. This could be disabled with all other EAP workarounds
(eap_workaround=0). However, that will disable some workarounds that are
still needed with number of authentication servers.

Old FreeRADIUS versions should not be in use anymore, so it makes sense
to remove this EAP-TTLS/MSCHAPv2 workaround completely to get more
complete validation of server behavior. This allows MSCHAPv2 to verify
that the server knows the password instead of relying only on the TLS
certificate validation.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-07-20 10:20:24 +03:00
Cedric IZOARD
6d00ab0430 nl80211: Ensure nl_preq unregistration on driver deinit
When driver interface is destroyed (via wpa_driver_nl80211_deinit) the
"preq" nl socket isn't always deleted but the callback struct associated
is. After the interface is destroyed we may still get event on the
socket but as the callback has been freed this will cause wpa_supplicant
to crash.

This patch ensures that the "preq" socket is destroyed when destroying
the interface.

Signed-off-by: Cedric IZOARD <cedricx.izoard@intel.com>
2014-07-08 16:01:43 +03:00
Jouni Malinen
71a0e395b9 P2P: Make unrecognized vendor elements available in P2P_PEER
This allows external programs to use vendor specific information from
P2P peers without wpa_supplicant having to be able to parse and
understand all such vendor specific elements.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-07-08 15:57:30 +03:00
Jouni Malinen
86bd36f0d5 Add generic mechanism for adding vendor elements into frames
This adds following new control interface commands to allow arbitrary
vendor elements to be added into number of frames:

VENDOR_ELEM_ADD <frame id> <hexdump of elem(s)>
VENDOR_ELEM_GET <frame id>
VENDOR_ELEM_REMOVE <frame id> <hexdump of elem(s)>
VENDOR_ELEM_REMOVE <frame id> *

The following frames are supported in this commit (additional frames can
be added in the future):

0 = Probe Request frame in P2P device discovery
1 = Probe Response frame from P2P Device role
2 = Probe Response frame from P2P GO
3 = Beacon frame from P2P GO
4 = PD Req
5 = PD Resp
6 = GO Neg Req
7 = GO Neg Resp
8 = GO Neg Conf
9 = Invitation Request
10 = Invitation Response
11 = P2P Association Request
12 = P2P Association Response

One or more vendor element can be added/removed with the commands. The
hexdump of the element(s) needs to contain the full element (id, len,
payload) and the buffer needs to pass IE parsing requirements to be
accepted.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-07-07 12:25:09 +03:00
Jouni Malinen
c0e46bb7d4 DFS: Remove dead assignment
set_dfs_state() return value is not currently checked anywhere, so
remove the dead assignment to avoid static analyzer complaints.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-03 00:51:47 +03:00
Jouni Malinen
18389abcca WPS: Clear keys/PINs explicitly
Use an explicit memset call to clear any configuration parameter and
dynamic data that contains private information like keys or identity.
This brings in an additional layer of protection by reducing the length
of time this type of private data is kept in memory.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:52:08 +03:00
Jouni Malinen
b7175b4d02 Clear hostapd configuration keys explicitly
Use an explicit memset call to clear any hostapd configuration parameter
that contains private information like keys or identity. This brings in
an additional layer of protection by reducing the length of time this
type of private data is kept in memory.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
d1ecca6c15 HS 2.0 R2: Clear hs20-osu-client configuration keys explicitly
Use an explicit memset call to clear any hs20-osu-client configuration
parameter that contains private information like keys or identity. This
brings in an additional layer of protection by reducing the length of
time this type of private data is kept in memory.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
0a13e06bdb EAP server: Clear keying material on deinit
Reduce the amount of time keying material (MSK, EMSK, temporary private
data) remains in memory in EAP methods. This provides additional
protection should there be any issues that could expose process memory
to external observers.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
f534ee0804 EAP peer: Clear keying material on deinit
Reduce the amount of time keying material (MSK, EMSK, temporary private
data) remains in memory in EAP methods. This provides additional
protection should there be any issues that could expose process memory
to external observers.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
19c48da06b Clear wpa_supplicant configuration keys explicitly
Use an explicit memset call to clear any wpa_supplicant configuration
parameter that contains private information like keys or identity. This
brings in an additional layer of protection by reducing the length of
time this type of private data is kept in memory.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
28bfa29117 EAP-AKA: Remove unnecessary dead increment
The pos pointer is not used after this now nor in future plans, so no
need to increment the value. This remove a static analyzer warning about
dead increment.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
62493dff1b EAP-GPSK: Avoid dead increment by checking pos pointer
Instead of using the pre-calculated length of the buffer, determine the
length of used data based on the pos pointer. This avoids a static
analyzer warning about dead increment.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
164a453f9b FT: Debug print extra response data
This shows any extra data from FT response and also avoids a static
analyzer warning on dead increment.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
70bfc77161 PCSC: Debug print extra response data
This shows any extra data from USIM response and also avoids a static
analyzer warning on dead increment.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
0233dcac5b SAE: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
34ef46ce54 WEP shared key: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
3e4b77c9bd EAP-GTC: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
a6eae3f7a1 EAP-MSCHAPv2: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Jouni Malinen
30411b351c EAP-TTLS: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:47 +03:00
Jouni Malinen
a564d9ca36 EAP-MD5: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:47 +03:00
Jouni Malinen
4685482552 EAP-PSK: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:47 +03:00
Jouni Malinen
cba0f8698b EAP-PEAP: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:47 +03:00
Jouni Malinen
7b1e745870 EAP-LEAP: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:47 +03:00
Jouni Malinen
8f92826b15 EAP-GPSK: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:47 +03:00
Jouni Malinen
e1550d4be8 EAP-PAX: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:47 +03:00
Jouni Malinen
c434503f5e EAP-FAST: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:47 +03:00
Jouni Malinen
dddf7bbd4e EAP-EKE: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:47 +03:00
Jouni Malinen
dfb5608139 EAP-SAKE: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:47 +03:00
Jouni Malinen
05c79d6acd EAP-SIM/AKA: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:47 +03:00
Jouni Malinen
675ddad1c2 EAP-IKEv2: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:47 +03:00
Jouni Malinen
2049a3c874 TLS: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:47 +03:00
Jouni Malinen
a79aea531e Milenage: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:47 +03:00
Jouni Malinen
05f916eeed AES-GCM: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:47 +03:00
Jouni Malinen
87a5c93bec AES-CCM: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:47 +03:00
Jouni Malinen
7c24f53c88 EAPOL supplicant: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:47 +03:00
Jouni Malinen
870834a19b RSN authenticator: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:47 +03:00
Jouni Malinen
0d15b69f0a RSN supplicant: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:47 +03:00
Jouni Malinen
72619ce61b MACsec: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:47 +03:00
Jouni Malinen
c2371953f8 RADIUS: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:47 +03:00
Jouni Malinen
ce9c9bcc38 WPS: Use os_memcmp_const() for hash/password comparisons
This makes the implementation less likely to provide useful timing
information to potential attackers from comparisons of information
received from a remote device and private material known only by the
authorized devices.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:47 +03:00
Jouni Malinen
afc3c8b07f Add constant time memory comparison function os_memcmp_const
This function is meant for comparing passwords or hash values where
difference in execution time could provide external observer information
about the location of the difference in the memory buffers. The return
value does not behave like os_memcmp(), i.e., os_memcmp_const() cannot
be used to sort items into a defined order. Unlike os_memcmp(),
execution time of os_memcmp_const() does not depend on the contents of
the compared memory buffers, but only on the total compared length.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:47 +03:00
Jouni Malinen
ee352f1e5a EAP-pwd: Add explicit total length limit
Instead of using implicit limit based on 16-bit unsigned integer having
a maximum value of 65535, limit the maximum length of a fragmented
EAP-pwd message explicitly to 15000 bytes. None of the supported groups
use longer messages, so it is fine to reject any longer message without
even trying to reassemble it. This will hopefully also help in reducing
false warnings from static analyzers (CID 68124).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:47 +03:00
Jouni Malinen
b2b8a4cb10 EAP-SIM/AKA: Pass EAP type as argument to eap_sim_msg_finish()
This makes it easier for static analyzers to figure out which code paths
are possible within eap_sim_msg_finish() for EAP-SIM. This will
hopefully avoid some false warnings (CID 68110, CID 68113, CID 68114).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:47 +03:00
Jouni Malinen
f107d00cf6 PeerKey: Clean up EAPOL-Key Key Data processing
This extends the earlier commit e6270129f6
('Clean up EAPOL-Key Key Data processing') design to be used with
PeerKey EAPOL-key processing as well. This avoids false warnings from
static analyzer (CID 62860, CID 62861, CID 62862).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:46 +03:00
Tomasz Bursztyka
36716eef89 P2P: Add a utility function to run a method on every known peer
This will be useful in wpa_supplicant part to signal if a peer got its
group changed.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-06-29 17:27:27 +03:00
Tomasz Bursztyka
bf035663c9 dbus: Remove GroupMember object type and use Peer instead
GroupMember is unusable in itself and all the necessary informations are
stored in Peer objects, thus replace the use of GroupMember by Peer.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-06-29 17:19:12 +03:00
Tomasz Bursztyka
c6386e5c71 P2P Add a utility to run a callback on all available groups
This will be useful in wpa_supplicant to match group's SSIDs against a
specific one.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-06-29 16:56:57 +03:00
Tomasz Bursztyka
8e76f48abd P2P: Add a utility function to get the group configuration
This will be useful for finding the interface related to this group
after formation based on the group SSID.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2014-06-29 16:52:06 +03:00
Jouni Malinen
37d8a27401 TDLS: Clean up add/set peer operations
Use a helper function to avoid multiple copies of the same long list of
argument parameters to wpa_sm_tdls_peer_addset() from the peer entry.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-29 13:44:15 +03:00
Arik Nemtsov
bcd2baa0fa TDLS: Tear down connection on malformed Setup Confirm
Otherwise the peer will erroneously assume we have a working direct
link.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2014-06-29 13:44:14 +03:00
Arik Nemtsov
81905409b5 TDLS: Abort local setup when failing to add STA
The driver might not always be able to add the new station. Abort the
setup when this happens.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2014-06-29 13:44:14 +03:00
Arik Nemtsov
1dce7a216f TDLS: Update peer STA as soon as full peer info is available
Update the peer STA with full info sending TDLS Setup Response/Confirm
frames instead of after the full setup exchange. This makes it easier
for some drivers to properly negotiate QoS and HT information on the
direct link.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2014-06-29 13:44:14 +03:00
Arik Nemtsov
819c943a3b TDLS: Remove peer from global peer-list on free
There is no need to keep the peer entry in memory after the link has
been removed.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
Tested-by: Ilan Peer <ilan.peer@intel.com>
2014-06-29 13:44:14 +03:00
Michal Kazior
5841958f26 hostapd: Use channel switch fallback on error
It's worth giving a try to fallback to re-starting BSSes at least once
hoping it works out instead of just leaving BSSes disabled.

Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
2014-06-28 11:13:11 +03:00
Michal Kazior
8974620e3e hostapd: Perform multi-BSS CSA for DFS properly
Currently hostapd data structures aren't ready for multi-channel BSSes,
so make DFS work now at least with single-channel multi-BSS channel
switching.

Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
2014-06-28 11:08:16 +03:00
Michal Kazior
6782b6846b hostapd: Move CSA parameters to hostapd_data
This prepares CSA structure and logic in hostapd for multi-BSS channel
switching.

Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
2014-06-28 11:02:39 +03:00
Christopher Wiley
3c5d34e30b Change channel before IBSS associations
Fix a bug where changing the mode of the interface to IBSS
fails because the interface is sitting on a channel where IBSS is
disallowed because of a previous association.

Signed-off-by: Christopher Wiley <wiley@chromium.org>
2014-06-28 10:46:33 +03:00
Christopher Wiley
ebffdbc493 nl80211: Refactor mode switch logic
In preparation for another wrinkle around switching into IBSS mode,
refactor existing mode switch logic for simplicity at the expense
of some brevity.

Signed-off-by: Christopher Wiley <wiley@chromium.org>
2014-06-28 10:42:05 +03:00
Pontus Fuchs
f95a4524c2 nl80211: Improve debug output by printing SA and DA in frames
Signed-off-by: Pontus Fuchs <pontus.fuchs@gmail.com>
2014-06-22 00:54:06 +03:00
Pontus Fuchs
dedfa440ed Print frame type name in debug output
"stype=4" becomes "stype=4 (WLAN_FC_STYPE_PROBE_REQ)" etc.

Signed-off-by: Pontus Fuchs <pontus.fuchs@gmail.com>
2014-06-22 00:51:39 +03:00
Johannes Berg
57a8f8af38 nl80211: Use low-priority scan for OBSS scan
Some drivers may support low-priority scans, if they do then
use that for OBSS scanning.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2014-06-22 00:47:06 +03:00
Jouni Malinen
1b928f96b6 P2P: Allow passphrase length to be configured
Previously, eight character random passphrase was generated
automatically for P2P GO. The new p2p_passphrase_len parameter can be
used to increase this length to generate a stronger passphrase for cases
where practicality of manual configuration of legacy devices is not a
concern.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-22 00:15:53 +03:00
Jouni Malinen
f3c6b230dd EAP-SIM': Fix AT_KDF parser to avoid infinite loop
Hitting maximum number of AT_KDF attributes could result in an infinite
loop due to the attribute parser not incrementing the current position
properly when skipping the extra KDF.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-21 12:20:52 +03:00
Jouni Malinen
79122f9f9c EAP-SIM/AKA: Remove unused RESULT_FAILURE state
This was not set anywhere, so remove the unnecessary code trying to
handle the unused state.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-21 00:26:29 +03:00
Jouni Malinen
4075e2fe77 EAP-GPSK: Clean up CSuite_List length validation (CID 62854)
Use a local variable and size_t in length comparison to make this easier
for static analyzers to understand. In addition, set the return list and
list_len values at the end of the function, i.e., only in success case.
These do not change the actual behavior of the only caller for this
function, but clarifies what the helper function is doing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-18 17:14:59 +03:00
Jouni Malinen
2dbc959699 EAP-FAST: Clean up TLV length validation (CID 62853)
Use size_t instead of int for storing and comparing the TLV length
against the remaining buffer length to make this easier for static
analyzers to understand.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-18 16:45:03 +03:00
Jouni Malinen
35cbadbb14 VHT: Remove useless validation code from Operating Mode Notification
This was added by commit 8a45811638
('hostapd: Add Operating Mode Notification support'), but the validation
steps cannot be true either for the channel width (which is a two-bit
subfield that cannot encode more than the list four values) or Rx NSS
(which cannot encode a value larger 7). Furthermore, the VHT_CHANWIDTH_*
defines do not match the definition of the Channel Width subfield
values.

Since this check cannot ever match, it is better to remove it to make
the code easier to understand and to avoid getting complaints about dead
code from static analyzers.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-18 00:45:48 +03:00
Arik Nemtsov
bed7eb6808 TDLS: Do not bail when failing to process IEs in Discovery Request
Some APs (Cisco) may tack on a weird IE to the end of a TDLS Discovery
Request packet. This needn't fail the response, since the required IEs
are verified separately.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2014-06-17 17:08:42 +03:00
Arik Nemtsov
7e0f4f470a TDLS: Do not reject TPK M3 when failing to process IEs
Some APs (Cisco) may tack on a weird IE to the end of the TDLS confirm
packet, which can fail negotiation. As an interoperability workaround,
ignore IE parser failures and reject the frame only if any of the
mandatory IEs are not included.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2014-06-17 17:05:23 +03:00
Jouni Malinen
7efc7f66b1 TDLS: Fix TPK M1 error case (CID 68214)
Commit 342bce63cd introduced a possibility
of a NULL pointer dereference on the error path if a new peer entry
fails to get added (i.e., memory allocation failure). Fix that by
skipping the wpa_tdls_peer_free() call if necessary.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-17 01:57:35 +03:00
Jithu Jance
d1bb7aeda4 nl80211: Fix non-hostapd interface addition to not call add_ifidx()
Commit b36935be1a ('nl80211: Fix EAPOL
frames not being delivered') and commit
147848ec4d ('nl80211: Do not add all
virtual interfaces to drv->if_indices') were not fully in sync and it
was possible for some non-hostapd use cases to end up adding undesired
ifindexes into the list of interfaces from which events and EAPOL frames
are processed on the parent interface. This could result, e.g., in P2P
Device management interface on getting unexpected events, including
RTM_NEWLINK event that could end up getting interpreted as an
indication of the interface being down and unavailable.

Make both add_ifidx() calls use the same criteria for adding interfaces
to the local list. This is not really a complete solution, but it is
good enough for now to fix the most visible side effects of this issue.

Signed-off-by: Jithu Jance <jithu@broadcom.com>
2014-06-17 01:35:07 +03:00
Arik Nemtsov
342bce63cd TDLS: Bail on STA add failure in tpk_m1 processing
The driver might not be able to add the TDLS STA. Fail if this happens.
Also fix the error path to always reset the TDLS peer data.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2014-06-16 23:36:42 +03:00
Arik Nemtsov
947f900fb8 TDLS: Handle unreachable link teardown for external setup
If a link is unreachable, the specification mandates we should send a
teardown packet via the AP with a specific teardown reason. Force this
by first disabling the link and only then sending the teardown packet
for the LOW_ACK event.

Rename the TDLS LOW_ACK event handler to better reflect its purpose.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2014-06-16 23:34:06 +03:00
Amarnath Hullur Subramanyam
cf1600ace4 hostapd: Configure driver ACL even if MAC address list is empty
Earlier commit related to MAC address based access control list
offloaded to the driver was not sending ACL configuration to the driver
if the MAC address list was empty. Remove this check as empty access
control list is a valid use case and sending ACL parameters should not
be dependent on whether the list is empty.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-06-16 16:22:36 +03:00
Ilan Peer
e3bd6e9dc0 P2P: Use another interface operating channel as listen channel
Performing a P2P Device flow such as p2p_listen or
p2p_find, can degrade the performance of an active interface
connection, if the listen frequency is different than the
frequency used by that interface.

To reduce the effect of P2P Device flows on other interfaces,
try changing the listen channel of the P2P Device to match the
operating channel of one of the other active interfaces. This change
will be possible only in case that the listen channel is not forced
externally, and will be delayed to a point where the P2P Device
state machine is idle.

The optimization can be configured in the configuration file and
is disabled by default.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-06-15 00:46:11 +03:00
Ilan Peer
751b00ba28 P2P: Modify p2p_get_pref_freq
In p2p_get_pref_freq, if the channels argument is NULL, select a
preferred channel that is also one of the P2P Device configured
channels.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-06-15 00:21:41 +03:00
Jouni Malinen
e6270129f6 Clean up EAPOL-Key Key Data processing
Use a single location in wpa_sm_rx_eapol() for preparing the pointer to
the Key Data field and to its validated length instead of fetching that
information in number of processing functions separately.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-14 19:02:46 +03:00
Jouni Malinen
d56d7e56e3 Clean up EAPOL-Key processing
Re-order wpa_sm_rx_eapol() to first go through all EAPOL (802.1X) header
validation steps using the original message buffer and re-allocate and
copy the frame only if this is a valid EAPOL frame that contains an
EAPOL-Key. This makes the implementation easier to understand and saves
unnecessary memory allocations and copying should other types of EAPOL
frames get here.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-14 18:31:14 +03:00
Jouni Malinen
8605eabd54 EAP-EKE: Fix typos in debug message
These error messages had an incorrect frame name (likely copy-pasted
from the commit message handler) and couple of typos.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-14 17:26:52 +03:00
Jouni Malinen
ac79fcfa76 wext: Verify set_ssid results consistently (CID 62842)
Note in debug log if SSID clearing to stop pending cfg80211 association
attempts fail.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-14 12:32:53 +03:00
Jouni Malinen
305000e160 WPS: Check wps_build_wfa_ext() return value consistently (CID 68104)
While this call cannot really fail, check the return value to be more
consistent with all the other wps_build_wfa_ext() calls.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-14 12:32:52 +03:00
Jouni Malinen
2485835ba3 EAP-MSCHAPv2: Check hash function results more consistently (CID 68105)
While the hash functions would be very unlikely to fail in practice,
they do have option of returning an error. Check that return value more
consistently.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-14 12:32:45 +03:00
Jouni Malinen
b7c61c9d4e Fix validation of EAPOL-Key length with AES key wrap (CID 62859)
The additional eight octet field was removed from keydatalen without
proper validation of the Key Data Length field. It would have been
possible for an invalid EAPOL-Key frame to be processed in a way that
ends up reading beyond the buffer. In theory, this could have also
resulted in writing beyond the EAPOL-Key frame buffer, but that is
unlikely to be feasible due to the AES key wrap validation step on
arbitrary memory contents.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-14 00:20:04 +03:00
Jouni Malinen
6590b6400f EAP-TNC: Limit maximum message buffer to 75000 bytes (CID 62873)
Since there is a limit on the EAP exchange due to maximum number of
roundtrips, there is no point in allowing excessively large buffers to
be allocated based on what the peer device claims the total message to
be. Instead, reject the message if it would not be possible to receive
it in full anyway.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 16:03:45 +03:00
Jouni Malinen
da995b2e11 WNM: Use cleaner way of generating pointer to a field (CID 68099)
The Action code field is in a fixed location, so the IEEE80211_HDRLEN
can be used here to clean up bounds checking to avoid false reports from
static analyzer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:27:15 +03:00
Jouni Malinen
062833c67c GAS server: Fix request frame length validation (CID 68098)
There seemed to be an off-by-one error in the validation of GAS request
frames. If a Public Action frame without the Action code field would
have reached this function, the length could have been passed as
(size_t) -1 which would likely have resulted in a crash due to reading
beyond the buffer. However, it looks like such frame would not be
delivered to hostapd at least with mac80211-based drivers. Anyway, this
function better be more careful with length validation should some other
driver end up reporting invalid Action frames.

In addition, the Action code field is in a fixed location, so the
IEEE80211_HDRLEN can be used here to clean up bounds checking to avoid
false reports from static analyzer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:27:15 +03:00
Jouni Malinen
5ce3ae4c8f HT: Use cleaner way of generating pointer to a field (CID 68097)
The Action code field is in a fixed location, so the IEEE80211_HDRLEN
can be used here to clean up bounds checking to avoid false reports from
static analyzer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-13 00:27:15 +03:00
Jouni Malinen
c02f35fb59 WPS: Clean up indentation level (CID 68109)
The implementation here was doing what it was supposed to, but the code
was indented in a way that made it quite confusing in the context of a
single line if statement body.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-12 19:45:31 +03:00
Philippe De Swert
68e2b8882a TNC: Fix minor memory leak (CID 62848)
In tncc_read_config(), the memory allocted for the config
did not get freed if an error occured.

Signed-off-by: Philippe De Swert <philippe.deswert@jollamobile.com>
2014-06-12 19:44:58 +03:00
Jouni Malinen
a0ab408d3b P2P: Fix SD and DevDisc to limit maximum wait time per driver support
The driver may reject offchannel TX operation if the requested wait time
is longer than what the driver indicates as the maximum
remain-on-channel time. Two of the P2P action frame cases used long
enough wait times (1000 ms for DevDisc and 5000 ms for SD) that could go
beyond the limit with some drivers. Fix these to limit the maximum wait
to what the driver indicates as supported.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-06-12 10:49:19 +03:00
Ashok Kumar Ponnaiah
3dacd3ece7 atheros: Add support for new GCMP/CCMP/CMAC/GMAC cipher suites
Extend the set of supported cipher suites to include CCMP-256, GCMP,
GCMP-256, CMAC-256, GMAC, and GMAC-256 when ATH_GCM_SUPPORT=y is set in
the build configuration.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-06-09 19:21:48 +03:00
Jouni Malinen
737754dc2b EAP-IKEv2: Remove obsolete ccns.pl project workarounds
It does not look like there is going to be any additional use for this
old build option that could be used to build the EAP-IKEv2 peer
implementation in a way that interoperates with the eap-ikev2.ccns.pl
project. Remove the workarounds that matches incorrect implementation in
that project to clean up implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-08 12:28:36 +03:00
Jouni Malinen
aa6bf6dabc eap_proxy: Check sm != NULL more consistently
While it does not look like that eapol_sm_get_key() would ever be called
with sm == NULL, the current implementation is inconsistent on whether
that is allowed or not. Check sm != NULL consistently to avoid warnings
from static analyzers.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-07 19:26:41 +03:00
Jouni Malinen
4f4d51e059 TDLS: Add extra validation step for responder RSN IE length
The following kde.rsn_ie_len != peer->rsnie_i_len was already taking
care of enforcing the length to be within the target buffer length.
Anyway, this explicit check makes this clearer and matches the design in
TPK M1 processing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-07 19:21:48 +03:00
Jouni Malinen
1fde15a20a GAS server: Explicitly check that home realm is available
This makes the code easier to understand for static analyzers to avoid
false reports.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-07 19:05:33 +03:00
Jouni Malinen
aff0bee78a GAS server: Remove unused function parameter
This parameter was not used at all, so just remove the argument instead
of passing NULL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-07 19:04:17 +03:00
Jouni Malinen
86388afa56 WPS: Check for theoretical gmtime() failure
In theory, gmtime() could return NULL if the year value would not fit
into an integer. However, that cannot really happen with the current
time() value in practice. Anyway, clean up static analyzer reports by
checking for this corner case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-07 17:39:51 +03:00
Jouni Malinen
d75a5ae018 WPS ER: Fix UDN parser to handle missing field
Must check that UDN was present before trying to parse it. Avoid a NULL
pointer dereference by checking the result before using os_strstr() when
parsing device description from an AP.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-07 17:35:22 +03:00
Jouni Malinen
bc32bb70d7 Make a code path easier for static analyzers to understand
prev cannot be NULL here in the hostapd_eid_country_add() call since
prev is set whenever start becomes non-NULL. That seems to be a bit too
difficult for some static analyzers, so check the prev pointer
explicitly to avoid false warnings.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-07 15:37:31 +03:00
Jouni Malinen
2a57c33e25 Reserve QCA vendor specific nl80211 commands 20..33
These are reserved for QCA use.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-06-05 17:03:17 +03:00
Amar Singhal
84df167554 nl80211: Add vendor attribute for interface index
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-06-05 16:57:52 +03:00
Jouni Malinen
9949483c2f The master branch is now used for v2.3 development
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-05 00:51:02 +03:00
Jouni Malinen
b63b9a7bc9 Change version information for the 2.2 release
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-04 16:09:59 +03:00
Darshan Paranji Sri
95b6bca66d Add rsn_pairwise bits to set_ieee8021x() driver_ops
This fixes an issue where a driver using the deprecated set_ieee8021x()
callback did not include rsn_pairwise bits in the driver configuration
even if mixed WPA+WPA2 configuration was used. This could result, e.g.,
in CCMP not being enabled properly when wpa_pairwise=TKIP and
rsn_pairwise=CCMP was used in the configuration. Fix this by using
bitwise OR of the wpa_pairwise and rsn_pairwise values to allow the
driver to enable all pairwise ciphers.

In addition, make the newer set_ap() driver_ops use the same bitwise OR
design instead of picking between rsn_pairwise and wpa_pairwise. This
makes the code paths consistent and can also fix issues with mixed mode
configuration with set_ap().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-06-03 13:59:22 +03:00
Jouni Malinen
95f6f6a49d RADIUS/EAP server: Use longer username buffer to avoid truncation
If the peer provides a username with large part of it being non-ASCII
characters, the previously used buffers may not have been long enough to
include the full string in debug logs and database search due to forced
truncation of the string by printf_encode(). Avoid this by increasing
the buffer sizes to fit in the maximum result.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-06-02 17:36:51 +03:00
Jouni Malinen
ee54e4010e tests: printf_encode unit test for bounds checking
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-06-02 17:36:51 +03:00
Stuart Henderson
5dff6dff63 Fix off-by-one bounds checking in printf_encode()
The off-by-one error in printf_encode() bounds checking could have
allowed buffer overflow with 0x00 being written to the memory position
following the last octet of the target buffer. Since this output is used
as \0-terminated string, the following operation would likely read past
the buffer as well. Either of these operations can result in the process
dying either due to buffer overflow protection or by a read from
unallowed address.

This has been seen to cause wpa_supplicant crash on OpenBSD when control
interface client attaches (debug print shows the client socket address).
Similarly, it may be possible to trigger the issue in RADIUS/EAP server
implementation within hostapd with a suitable constructed user name.

Signed-off-by: Stuart Henderson <sthen@openbsd.org>
2014-06-02 17:36:18 +03:00
Ashok Kumar Ponnaiah
801e117376 Fix validation of RSN EAPOL-Key version for GCMP with PMF
If PMF was enabled, the validation step for EAPOL-Key descriptor version
ended up rejecting the message if GCMP had been negotiated as the
pairwise cipher. Fix this by making the GCMP check skipped similarly to
the CCMP case if a SHA256-based AKM is used.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-06-02 17:03:33 +03:00
Jouni Malinen
3d4d2348c0 FT: Fix GTK rekeying after FT protocol
Move to PTKINITDONE state and mark PTK valid after successful completion
of FT protocol. This allows the AP/Authenticator to start GTK rekeying
when FT protocol is used. Previously, the station using FT protocol did
not get the new GTK which would break delivery of group addressed
frames.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-01 13:21:40 +03:00
Jithu Jance
d3d048310c nl80211: Work around error case prints for nl_recvmsgs on Android
I got the below prints on a particular Android platform:

I/wpa_supplicant( 2637): nl80211: send_and_recv->nl_recvmsgs failed: 20
I/wpa_supplicant( 2637): nl80211: send_and_recv->nl_recvmsgs failed: 20

In JellyBean libnl_2 code, I see that the nl_recvmsgs returns postive values
too. In some cases, nl_recvmgs return the output of nl_recv function. nl_recv
function can return Number of bytes read, 0 or a negative error code.

Looks like this positive return value for nl_recvmsgs may be specific to
Android. While this is not how the API is supposed to work, this does no
harm with upstream libnl which returns only 0 or -1 from the function.

Signed-off-by: Jithu Jance <jithu@broadcom.com>
2014-06-01 11:25:02 +03:00
Jouni Malinen
8a387a269d P2P NFC: Fix use of freed memory
The dev_found() callback from NFC connection handover message processing
ended up using the p2p_dev_addr pointer that points to the parsed
message. However, that parsed data was freed just before the call. Fix
this by reordering the calls.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-31 23:10:33 +03:00
Jouni Malinen
13c330385a SAE: Fix memory leak in random number generation
If the randomly generated bignum does not meet the validation steps, the
iteration loop in sae_get_rand() did not free the data properly. Fix the
memory leak by freeing the temporary bignum before starting the next
attempt at generating the value.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-31 22:24:31 +03:00
Jouni Malinen
d92bdf9602 hostapd: Make sure hapd->drv_priv gets cleared on driver deinit
Couple of code paths in hostapd.c could have left hapd->drv_priv
pointing to memory that was freed in driver_nl80211.c when a secondary
BSS interface is removed. This could result in use of freed memory and
segfault when the next driver operation (likely during interface
deinit/removal). Fix this by clearing hapd->drv_priv when there is
reason to believe that the old value is not valid within the driver
wrapper anymore.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-31 17:11:04 +03:00
Jouni Malinen
438e13339d hostapd: Use helper function to avoid duplicate deinit calls
These three calls were used already in three different paths. Use a
helper function to avoid adding even more copies of this.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-31 15:57:36 +03:00
Michal Kazior
ac1a224092 hostapd: Clean up if interface setup fails
If for some reason interface setup fails mid-way when setting up
multi-BSS AP it was possible to get segmentation fault because driver
was not properly cleaned up.

One possible trigger, when using nl80211 driver, was udev renaming an
interface created by hostapd causing, e.g., linux_set_iface_flags() to
fail.

Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
2014-05-31 15:53:56 +03:00
Michal Kazior
81c4fca100 hostapd: Reset hapd->interface_add properly
This variable is updated when calling hostapd_if_add(), so it makes
sense to do the same thing when calling hostapd_if_remove().

Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
2014-05-31 15:49:38 +03:00
Michal Kazior
3fbd036ea9 hostapd: Prevent double interface disabling from segfaulting
Performing, e.g. `wpa_cli -p /var/run/hostapd raw DISABLE` twice led to
hostapd segmentation fault if multiple BSSes were configured. Fix this
by checking if there is anything to disable at all before trying.

Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
2014-05-31 15:46:45 +03:00
Michal Kazior
ea39367c1b nl80211: Fix wpa_driver_nl80211_if_add() failure paths
Make sure to not remove interfaces that were not created by
hostapd/wpa_supplicant. This was already done on number of the error
paths, but not all.

Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
2014-05-31 13:43:27 +03:00
Jouni Malinen
b523973611 RADIUS client: Trigger failover more quickly if socket is not valid
It is possible for the connect() call to fail (e.g., due to unreachable
network based on local routing table), so the current auth/acct_sock may
be left to -1. Use that as an addition trigger to allow server failover
operation to be performed more quickly if it is known that the
retransmission attempt will not succeed anyway.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-30 20:52:08 +03:00
Jouni Malinen
09844c0984 RADIUS client: Do not flush pending messages if server did not change
The re-open socket to the current RADIUS server code path did not work
in the expected way here. The pending authentication messages do not
need to be flushed in that case and neither should the retransmission
parameters be cleared. Fix this by performing these operations only if
the server did actually change as a part of a failover operation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-30 20:46:20 +03:00
Jouni Malinen
5d67bf1566 hostapd: Fix configuration of multiple RADIUS servers with SET
The current RADIUS server pointer was updated after each SET command
which broke parsing of multiple RADIUS servers over the control
interface. Fix this by doing the final RADIUS server pointer updates
only once the full configuration is available.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-30 20:40:11 +03:00
Jouni Malinen
70d4084885 RADIUS client: Fix socket close/re-open on server change
Both IPv4 and IPv6 sockets were not closed consistently in the paths
that tried to change RADIUS servers. This could result in leaking
sockets and leaving behind registered eloop events to freed memory on
interface removal.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-30 18:09:42 +03:00
Jerry Yang
d045cc8e4c RADIUS client: Fix crash issue in radius_client_timer()
While iterating through RADIUS messages in radius_client_timer(), one
message entry may get flushed by "radius_client_retransmit -->
radius_client_handle_send_error --> radius_client_init_auth -->
radius_change_server --> radius_client_flush". This could result in
freed memory being accessed afterwards.

Signed-off-by: Jerry Yang <xyang@sonicwall.com>
2014-05-30 18:08:59 +03:00
Jouni Malinen
c1fb75a6e2 RADIUS client: Handle ENETUNREACH similarly to other failure cases
This is one more possible send() error that should trigger RADIUS server
change if multiple servers are configured.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-30 18:08:54 +03:00
Jouni Malinen
9ed4076673 RADIUS client: Do not try to send message without socket
It is possible for the RADIUS authentication/accounting socket to not be
open even if partial RADIUS server configuration has been done through
the control interface SET commands. Previously, this resulted in send()
attempt using fd=-1 which fails with bad file descriptor. Clean this up
by logging this as a missing configuration instead of trying to send the
message when that is known to fail.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-30 18:08:37 +03:00
Jouni Malinen
114153b975 P2P: Debug print channel lists for invitation processing
This makes invitation process more consistent with GO Negotiation as far
as the debug log entries are concerned and the resulting log is more
helpful for understanding channel selection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-29 16:46:28 +03:00
Jouni Malinen
4eb3b76b0f OpenSSL: Fix OCSP certificate debug print to use wpa_printf
Instead of using X509_print_fp() to print directly to stdout, print the
certificate dump to a memory BIO and use wpa_printf() to get this into
the debug log. This allows redirection of debug log to work better and
avoids undesired stdout prints when debugging is not enabled.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-29 15:37:18 +03:00
Jouni Malinen
f6fb1926bb HS 2.0R2: Fix subscr_remediation_method for RADIUS server
This configuration parameter was not used at all in the RADIUS server
implementation and instead, hard coded 0 was sent.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-28 00:56:13 +03:00
Jouni Malinen
2d2dd488be tests: Add module tests for src/common
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-28 00:56:13 +03:00
Jouni Malinen
74879f320d Remove extra newline from a debug print
"Unknown WFA information element ignored" debug message had an extra
newline at the end.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-27 23:39:46 +03:00
Jouni Malinen
147848ec4d nl80211: Do not add all virtual interfaces to drv->if_indices
Commit 04eff7d5ba or something around that
timeframe may have caused a regression on how drv->if_indices gets used
with wpa_supplicant. Most (curretly likely all) wpa_supplicant virtual
interface use cases should not actually use this. This could result in
issues with P2P group interfaces delivering events to incorrect
interface (parent rather than the group interface). The previous commit
removed some of the issues, but more complete fix is to undo some of
those merged hostapd/wpa_supplicant operations.

Filter add_ifidx() uses based on hostapd vs. wpa_supplicant and iftype
to get closer to the earlier wpa_supplicant behavior for the driver
events from virtual interfaces.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-27 18:47:41 +03:00
Jouni Malinen
de88430311 nl80211: Fix del_ifidx() with mixed parent interface cases
It is possible for a virtual interface to be added and removed by
different parent interfaces. This can happen, e.g., with P2P group
interfaces if the P2P parent interface does not happen to be the first
entry in the wpa_supplicant global interface list. That first entry is
used to remove the group interface while the addition would have
happened with the dedicated P2P management interface.

This can result in the interface that added a new virtual interface
getting stuck with an obsolete ifindex value in the drv->if_indeces list
and as such, deliver some extra events to incorrect destination wpa_s
instance. In particular, this can result in INTERFACE_DISABLED event
from deletion of a P2P group interface getting delivered incorrectly to
the parent wpa_s instance which would disable that interface even though
the interface remains in enabled state.

Fix this by clearing the removed interface from all if_indeces lists
instead of just the one that was used to delete the interface. This is
the simplest approach since the ifindex is unique and there is no need
to track which interface added the new virtual interface to always hit
the same one when removing the interface.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-27 18:16:58 +03:00
Jouni Malinen
f347935f0d tests: Unit tests for WPA_TRACE
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-27 00:03:06 +03:00
Jouni Malinen
a3fe74bde1 tests: Add unit tests for ext_password
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 23:57:32 +03:00
Boris Sorochkin
f7454c97df P2P: Add 60 GHz in channel to frequency conversion
Add regulatory classes for the 60GHz band.

Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-off-by: Boris Sorochkin <qca_bsoroc@qca.qualcomm.com>
2014-05-26 23:35:52 +03:00
Jouni Malinen
fc3f1d1b4d Remove unused hostapd_ip_diff()
There are no users of this function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:44 +03:00
Jouni Malinen
3eb744a35a tests: int_array unit tests
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:44 +03:00
Jouni Malinen
8b0980af50 tests: Move bitfield unit tests into wpa_supplicant module test
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:44 +03:00
Jouni Malinen
8860e0f47c tests: Add printf encoding/decoding module tests
This replaces tests/test-printf.c.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:44 +03:00
Jouni Malinen
d73c7b9626 GAS: Send error response if no room for pending dialog context
Instead of silently dropping the response that requires fragmentation,
send an error response to the station to make it aware that no full
response will be available.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-26 17:21:43 +03:00
Jouni Malinen
2396f02a43 Reserve QCA vendor specific nl80211 commands 14..19
These are reserved for QCA use.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-22 16:29:48 +03:00
Jithu Jance
5661bd0f70 P2P: Avoid resetting pending_listen_freq if p2p_listen is pending
If p2p_listen is called while previous listen command's
remain_on_channel event is pending, the p2p_listen would fail
and it used to clear pending_listen_freq. Now when the remain-
on-channel event comes from the driver, the pending_listen_freq
doesn't match and gets ignored. This was leading to a case
where listen state was getting stuck (in case of WAIT_PEER_CONNECT
state).

Signed-off-by: Jithu Jance <jithu@broadcom.com>
2014-05-22 16:29:36 +03:00
Jithu Jance
8802326ff9 nl80211: Indicate SHA256-based AKM suites in CONNECT/ASSOCIATE
Previously, the NL80211_ATTR_AKM_SUITES was skipped if either of these
SHA256-based AKMs was negotiated.

Signed-off-by: Jithu Jance <jithu@broadcom.com>
2014-05-21 23:48:00 +03:00
Jouni Malinen
54ac6ff8c4 PKCS 1: Add function for checking v1.5 RSA signature
This could be used as a step towards replacing more specific functions
used in X.509 and TLS processing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-20 19:52:18 +03:00
Jouni Malinen
d3811845f3 RSA: Add OID definitions and helper function for hash algorithms
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-19 23:27:30 +03:00
Jouni Malinen
ab6d047405 Add function for building RSA public key from n and e parameters
This is similar to the existing functionality that parsed ASN.1-encoded
RSA public key by generating a similar public key instance from already
parsed n and e parameters.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-19 23:27:30 +03:00
Jouni Malinen
6c5be116dd PKCS #1: Enforce minimum padding for decryption in internal TLS
Follow the PKCS #1 v1.5, 8.1 constraint of at least eight octets long PS
for the case where the internal TLS implementation decrypts PKCS #1
formatted data. Similar limit was already in place for signature
validation, but not for this decryption routine.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-19 23:27:30 +03:00
Jouni Malinen
e6d83cc7ba PKCS #1: Allow only BT=01 for signature in internal TLS
Based on PKCS #1, v1.5, 10.1.3, the block type shall be 01 for a
signature. This avoids a potential attack vector for internal TLS/X.509
implementation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-19 23:27:30 +03:00
Jouni Malinen
9c29d48725 X.509: Fix internal TLS/X.509 validation of PKCS#1 signature
Verify that there is no extra data after the hash field. This is needed
to avoid potential attacks using additional data to construct a value
that passes the RSA operation and allows the hash value to be forged.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-19 23:27:30 +03:00
Jouni Malinen
dbd1e184e3 tests: TNC testing
This implements minimal IMC and IMV to allow TNC testing with PEAP (SoH)
and TTLS/FAST with EAP-TNC.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-17 20:05:55 +03:00
Jouni Malinen
10b58b5029 TNC: Allow TNC to be enabled dynamically
Previously, hostapd had to be started with at least one of the
configuration files enabling TNC for TNC to be usable. Change this to
allow TNC to be enabled when the first interface with TNC enabled gets
added during runtime.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-17 20:05:55 +03:00
Jouni Malinen
0a626a5060 TNC: Move common definitions into a shared header file
No need to duplicate these in multiple places.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-17 20:05:55 +03:00
Jouni Malinen
4075e4e862 TNC: Allow tnc_config file path to be replaced
This is for enabling easier testing of TNCS/TNCC functionality as part
of the test scripts without having to use the fixed /etc/tnc_config
location that could be used by the main system and would require changes
within /etc.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-17 20:05:55 +03:00
Masashi Honma
f0356ec85c eloop: Add epoll option for better performance
This patch adds epoll option for the eloop implementation. This can be
selected with the CONFIG_ELOOP_EPOLL=y build option.

[merit]
See Table1.

Table1. comparison table
+--------+--------+-----------+------------+-------------+
|        | add fd | remove fd | prepare fd | dispatch fd |
+--------+--------+-----------+------------+-------------+
| select | O(1)   | O(1)      | O(N)       | O(N)        |
+--------+--------+-----------+------------+-------------+
| poll   | O(1)   | O(1)      | O(N)       | O(N)        |
+--------+--------+-----------+------------+-------------+
| epoll  | O(1)   | O(1)      | 0          | O(M)        |
+--------+--------+-----------+------------+-------------+
"add fd" is addition of fd by eloop_sock_table_add_sock().
"remove fd" is removal of fd by eloop_sock_table_remove_sock().
"prepare fd" is preparation of fds before wait in eloop_run().
"dispatch fd" is dispatchment of fds by eloop_sock_table_dispatch().
"N" is all watching fds.
"M" is fds which could be dispatched after waiting.

As shown in Table1, epoll option has better performance on "prepare fd" column.
Because select/poll option requires setting fds before every select()/poll().
But epoll_wait() doesn't need it.

And epoll option has also better performance on "dispatch fd" column.
Because select/poll option needs to check all registered fds to find out
dispatchable fds. But epoll option doesn't require checking all registered fds.
Because epoll_wait() returns dispatchable fd set.

So epoll option is effective for GO/AP functionality.

[demerit]
The epoll option requires additional heap memory. In case of P2P GO, it is
about 8K bytes.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-05-16 18:25:51 +03:00
Masashi Honma
da96a6f793 eloop: Separate event loop select/poll implementation
This allows yet another eloop.c option to be added.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-05-16 18:23:09 +03:00
Jouni Malinen
5cd0e228ac P2P: Iterate through full pref_chan list in search of a valid channel
p2p_get_pref_freq() went through the full list only if the channels
arguments was provided. If no channel list contraint was in place, the
first pref_chan item was picked regardless of whether it is valid
channel and as such, a later valid entry could have been ignored. Allow
this to loop through all the entries until a valid channel is found or
the end of the pref_chan list is reached. As an extra bonus, this
simplifies the p2p_get_pref_freq() implementation quite a bit.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-16 16:49:17 +03:00
Rajkumar Manoharan
f41d55da02 hostapd: Check for overlapping 20 MHz BSS before starting 20/40 MHz BSS
Before starting a 20/40 MHz BSS on the 2.4 GHz band, a 40-MHz-capable HT
AP is required by the rules defined in IEEE Std 802.11-2012 10.15.5 to
examine the channels of the current operational regulatory domain to
determine whether the operation of a 20/40 MHz BSS might unfairly
interfere with the operation of existing 20 MHz BSSs. The AP (or some of
its associated HT STAs) is required to scan all of the channels of the
current regulatory domain in order to ascertain the operating channels
of any existing 20 MHz BSSs and 20/40 MHz BSSs. (IEEE 802.11-2012 S.5.2
Establishing a 20/40 MHz BSS).

Add the check for an overlapping 20 MHz BSS to the initial AP scan for
the P == OT_i case in 10.15.3.2.

Signed-off-by: Rajkumar Manoharan <rmanohar@qti.qualcomm.com>
2014-05-16 01:14:01 +03:00
Simon Baatz
c70c37500b SCARD: Fix GSM authentication on USIM
scard_gsm_auth() used SIM_CMD_GET_RESPONSE for both SIM and USIM. Convert
the command into USIM_CMD_GET_RESPONSE for USIM.

Since commit eb32460029 ("Fix switching from EAP-SIM to EAP-AKA/AKA'")
EAP-SIM is using the USIM if available. This triggers a probably ancient
bug in scard_gsm_auth(), which results in sending the wrong get response
command to the USIM. Thus, EAP-SIM stopped to work after this change on
USIMs that expect the proper command.

Signed-off-by: Simon Baatz <gmbnomis@gmail.com>
2014-05-16 01:01:25 +03:00
Petar Koretic
c78c6b73fa WPS: Fix return value when context is not valid
If WPS isn't enabled, hostapd_cli returns 'OK' even though WPS doesn't
get activated because WPS context is not valid:

$ hostapd_cli wps_pbc
Selected interface 'wlan0'
OK

$ hostapd_cli wps_cancel
Selected interface 'wlan0'
OK

Fix this by returning appropriate error when WPS fails to activate:

$ hostapd_cli wps_pbc
Selected interface 'wlan0'
FAIL

$ hostapd_cli wps_cancel
Selected interface 'wlan0'
FAIL

Signed-off-by: Petar Koretic <petar.koretic@sartura.hr>
CC: Luka Perkov <luka.perkov@sartura.hr>
2014-05-16 00:58:48 +03:00
Rashmi Ramanna
388444e8d6 P2P: Modify the timeout for GO Negotiation on no concurrent session
Peer should handle a GO Negotiation exchange correctly when the
responding device does not have WSC credentials available at the
time of receiving the GO Negotiation Request. WSC Credentials
(e.g., Pushbutton) can be entered within the 120 second timeout.

Presently, if concurrent session is not active, the peer would wait for
GO Negotiation Request frame from the other device for approximately one
minute due to the earlier optimization change in commit
a2d6365760. To meet the two minute
requirement, replace this design based on number of iterations with a
more appropriate wait for the required number of seconds.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-15 23:57:00 +03:00
Jouni Malinen
7e68be38e4 P2P: Refrain from performing extended listen during PD
Extend the previous commit 0f1034e388 to
skip extended listen also based on ongoing provision discovery operation
(which does not show up as a separate P2P module state and as such, was
not coveraged by the previous commit).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-15 22:19:37 +03:00
Jouni Malinen
c7caac56b7 nl80211: Fix send_frame freq for IBSS
bss->freq was not updated for IBSS, so whatever old value was stored
from a previous AP mode operation could end up having been used as the
channel when trying to send Authentication frames in an RSN IBSS. This
resulted in the frame not sent (cfg80211 rejects it) and potentially not
being able to re-establish connection due to 4-way handshake failing
with replay counter mismatches. Fix this by learning the operating
channel of the IBSS both when join event is received and when a
management frame is being transmitted since the IBSS may have changed
channels due to merges.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-15 16:56:49 +03:00
Jouni Malinen
f4626235de EAP-pwd server: Allow fragment_size to be configured
Previously, the fragment_size parameter was ignored and the default
value of 1020 was hardcoded.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-11 22:47:25 +03:00
Jouni Malinen
c876dcd70f EAP-IKEv2: Allow frag ack without integrity checksum
RFC 5106 is not exactly clear on the requirements for the "no data"
packet that is used to acknowledge a fragmented message. Allow it to be
processed without the integrity checksum data field since it is possible
to interpret the RFC as this not being included. This fixes reassembly
of fragmented frames after keys have been derived.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-11 22:47:25 +03:00
Jouni Malinen
0f73c642cc EAP-pwd: Fix processing of group setup failure
If invalid group was negotiated, compute_password_element() left some of
the data->grp pointer uninitialized and this could result in
segmentation fault when deinitializing the EAP method. Fix this by
explicitly clearing all the pointer with eap_zalloc(). In addition,
speed up EAP failure reporting in this type of error case by indicating
that the EAP method execution cannot continue anymore on the peer side
instead of waiting for a timeout.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-11 21:24:05 +03:00
Jouni Malinen
13e2574f7d EAP-pwd peer: Export Session-Id through getSessionId callback
EAP-pwd was already deriving the EAP Session-Id, but it was not yet
exposed through the EAP method API.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-11 21:22:55 +03:00
Jouni Malinen
251c53e084 RADIUS: Define EAP-Key-Name
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-11 21:10:03 +03:00
Jouni Malinen
04cad507e1 EAP-SIM peer: Fix counter-too-small message building
The extra data (nonce_s) used in this message was pointing to the
parsed, decrypted data and that buffer was previously freed just before
building the new message. This resulted in use of freed data and
possibly incorrect extra data value that caused the authentication
attempt to fail. Fix this by reordering the code to free the decrypted
data only after the new message has been generated. This was already the
case for EAP-AKA/AKA', but somehow missing from EAP-SIM.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-11 17:57:28 +03:00
Jouni Malinen
144f10446a X.509: Fix v3 parsing with issuerUniqueID/subjectUniqueID present
The current position pointer was not updated when issuerUniqueID or
subjectUniqueID were present. This could result in extensions being
ignored.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-05-10 13:13:47 +03:00
Sunil Dutt
0f1034e388 P2P: Refrain from performing extended listen during P2P connection
Do not perform extended listen period operations when either a P2P
connection is in progress. This makes the connection more robust should
an extended listen timer trigger during such an operation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:42:44 +03:00
Hu Wang
8d0dd4eebc Add macsec_qca driver wrapper
This is based on driver_wired.c and provides driver interface for the
QCA MACsec driver.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:42:44 +03:00
Hu Wang
887d9d01ab MACsec: Add PAE implementation
This adds initial implementation of IEEE Std 802.1X-2010 PAE for MACsec.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:42:44 +03:00
Hu Wang
7baec808ef MACsec: Add driver_ops
This defines new driver_ops to be used with MACsec.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:05:28 +03:00
Hu Wang
4e9528cce3 MACsec: Add common IEEE 802.1X definitions
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:05:28 +03:00
Hu Wang
3bcfab8794 MACsec: Add define for EAPOL type MKA
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:05:28 +03:00
Hu Wang
0836c04b30 MACsec: Allow EAPOL version 3 to be configured
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:05:28 +03:00
Hu Wang
49be483b28 Add function to fetch EAP Session-Id from EAPOL supplicant
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 20:05:28 +03:00
Chandrasekaran, Manishekar
ea40a575ae nl80211: Use max associated STAs information in AP mode
Propagate max associated STAs in AP mode advertised by the driver to
core wpa_supplicant implemantion. This allows wpa_supplicant to update
the P2P GO group limit information automatically without having to
configure this limit manually. The information (if available) is also
used in the generic AP implementation to control maximum number of STA
entries.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-05-09 17:12:19 +03:00
Eliad Peller
e4fa8b120b wpa_supplicant: Add Wake-on-WLAN configuration support
Add a new wowlan_triggers option to wpa_supplicant.conf. The triggers in
this key will be used to configure the kernel wowlan configuration.

For now, support only simple flags. More complex triggers can be added
later on.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2014-04-29 18:59:12 +03:00
Dmitry Shmidt
959214b260 Android: Use extended P2P functionality (ANDROID_P2P) for all vendors
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-04-29 18:59:12 +03:00
Arik Nemtsov
9a41232165 TDLS: Fully tear down existing link before setup
Disabling the link only clears the local state. The remote peer will
still think we are connected and disallow the setup.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2014-04-29 18:59:12 +03:00
Arik Nemtsov
c04b4651f7 TDLS: Disable links during AP deauth in external flow
When de-authenticating from the AP, disable each TDLS link after
sending the teardown packet. Postpone the reset of the peer state
data until after the link disable request.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2014-04-29 18:59:12 +03:00
Jouni Malinen
b19719aa77 TDLS: Make wpa_tdls_send_teardown() static
This function was not used anywhere outside tdls.c.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-29 18:59:12 +03:00
Ilan Peer
52f5877afa nl80211: Take ownership of dynamically added interfaces
Indicate to cfg80211 that interfaces created by the wpa_supplicant
or hostapd are owned by them, and that in case that the socket that
created them closes, these interfaces should be removed.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-04-29 18:59:12 +03:00
Eduardo Abinader
e390df0553 nl80211: Cancel rfkill timeout on deinit
Got segfault, when freeing drv and there exists registered timeout for
blocked rfkill. This patch adds cancel timeout to avoid this.

Signed-off-by: Eduardo Abinader <eduardo.abinader@openbossa.org>
2014-04-29 17:55:27 +03:00
Pradeep Reddy POTTETI
bb24229b26 TDLS: Pass peer's capability info to the driver in open mode
Commit 96ecea5eb1 did not consider
to pass the VHT/HT/WMM capabilities of the peer for BSS with
open mode.
Address this issue by passing the capabilities irrespective of
the security mode.

Signed-off-by: Pradeep Reddy POTTETI <c_ppotte@qti.qualcomm.com>
2014-04-29 17:08:13 +03:00
Jouni Malinen
c0333c8dd5 Check rx_mgmt::frame more consistently against NULL
If a driver wrapper misbehaves and does not indicate a frame body in the
event, core hostapd code should handle this consistently since that case
was already checked for in one location.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Jouni Malinen
d6c6b1fb9d Make sta NULL-check easier for static analyzers
sta == NULL check is already done above based on category !=
WLAN_ACTION_PUBLIC, but that seems to be too complex for some static
analyzers, so avoid invalid reports by explicitly checking for this
again in the WLAN_ACTION_FT case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Jouni Malinen
0bceb8d6f4 Make dl_list_first() and dl_list_last() uses easier for static analyzers
The previous check for dl_list_len() or having an entry from the list is
sufficient, but some static analyzers cannot figure out that
dl_list_first() and dl_list_last() will return non-NULL in this type of
cases. Avoid invalid reports by explicitly checking for NULL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Jouni Malinen
5f693cb1b6 WPS HTTP: Remove unused assignment
bbp is not used in the code path that skips trailers.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Jouni Malinen
ee4fefc015 Remove duplicated variable zeroing
It's enough to do this once as part of the for loop.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Jouni Malinen
4a9d0ebe4a Make PMKID check easier for static analyzers
Checking sm->pmksa is sufficient here, but that seems to be too
difficult for static analyzers to follow, so avoid false reports by
explicitly checking pmkid as well.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Jouni Malinen
06df2aa60a Remove floating constant suffix 'd' from test coee
clang scan-build does not seem to like the 'd' suffix on floating
constants and ends up reporting analyzer failures. Since this suffix
does not seem to be needed, get rid of it to clear such warnings.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:10 +03:00
Jouni Malinen
d06e9ac5f5 P2P: Verify operating channel validity for NFC connection handover
p2p_freq_to_channel() could return an error if the GO or P2P Client
operating channel is not valid. Check for this before generating the NFC
handover message.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-29 12:52:10 +03:00
Jouni Malinen
13a524a30d nl80211: Remove unnecessary wpa_driver_nl80211_set_freq() wrapper
This is not of any real use anymore with nl80211_set_channel() taking
care of channel setting operation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-29 12:52:10 +03:00
Peng Xu
e87ef7517e nl80211: Add support for changing AP mode channel bandwidth
Configure driver with the new channel parameters (mainly, HT 20/40 MHz
bandwidth changes) as part of set_ap().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-29 12:52:09 +03:00
Jouni Malinen
30575183f6 Sync with mac80211-next.git nl80211.h
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-29 12:52:09 +03:00
Peng Xu
5f0bca77a8 Retry initial 20/40 MHz co-ex scan if the driver is busy
This makes the initial OBSS scans in AP mode before starting 40 MHz BSS
more robust. In addition, HT20 can be used as a backup option if none of
the scans succeed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-29 12:52:09 +03:00
Peng Xu
587d60d2b7 Add AP mode support for HT 20/40 co-ex Action frame
If a 2.4 GHz band AP receives a 20/40 Coexistence management frame from
a connected station with 20/40 BSS Intolerant Channel Report element
containing the channel list in which any legacy AP are detected or AP
with 40 MHz intolerant bit set in HT Cap IE is detected in the affected
range of the BSS, the BSS will be moved from 40 to 20 MHz channel width.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-29 12:52:09 +03:00
Peng Xu
9c47f6a2a6 hostapd: Extend support for HT 20/40 coexistence feature
Extend the minimal HT 20/40 co-ex support to include dynamic changes
during the lifetime of the BSS. If any STA connects to a 2.4 GHz AP with
40 MHz intolerant bit set then the AP will switch to 20 MHz operating
mode.

If for a period of time specified by OBSS delay factor and OBSS scan
interval AP does not have any information about 40 MHz intolerant STAs,
the BSS is switched from HT20 to HT40 mode.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-29 12:52:09 +03:00
Peng Xu
196c9c7cd2 Make channel parameters available in set_ap() driver operation
This provides information to allow the driver to be configured for
updated channel parameters, e.g., when dynamically changing HT20/HT40
bandwidth.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-29 12:16:51 +03:00
Jouni Malinen
27b418715f WPS: Print setsockopt() failure in debug log
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-28 16:54:09 +03:00
Jouni Malinen
52cb20730a trace: Replace demangle.h with internal defines
It looks like the demangle.h from binutils-dev is not installed that
commonly anymore. Since we need only two defines from that file, replace
the header file with those defines to make it easier to build with
WPA_TRACE_BFD=y.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-25 19:27:48 +03:00
Jouni Malinen
0e80ea2c70 nl80211: Fix some coding style issues
Some trailing whitespace and spaces for indentation were present in the
driver wrapper and header files.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-25 19:27:07 +03:00
Jouni Malinen
a26582cb98 Make qca-vendor.h independent of other header files
Move the definitions that depended in common.h into a separate header
file so that qca-vendor.h can be copied and used as-is in other
projects.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-25 11:41:36 +03:00
Amar Singhal
4a64d5a9db nl80211: Allocate QCA vendor subcmd for extended statistics
This allocates a QCA vendor subcmd for extended statistics
functionality and also an attribute for delivering the payload
for extended statistics.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-25 11:36:11 +03:00
Ilan Peer
dcdce14741 radiotap: Fix compilation for systems without le16toh/le32toh
These functions are not standard and do not exist in all systems, e.g.,
variants of Android. Instead use the macros defined in common.h.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-04-24 12:15:32 +03:00
Maxime Bizon
2aa82e52da Interworking: Don't filter probe requests when interworking is disabled
With hidden SSID (ignore_broadcast_ssid), an IOS device trying to
connect to the AP will send a probe request with ANT == 2. If
interworking support is just compiled (not enabled), we will drop the
probe request since default ANT is 0.

Check that interworking is enabled before filtering based on ANT or
HESSID to match the behavior of code without CONFIG_INTERWORKING.

Signed-off-by: Maxime Bizon <mbizon@freebox.fr>
2014-04-24 12:15:32 +03:00
Naresh Jayaram
13f6a07efc Add SIM identifier to the network profile and cred block
This allows the specific SIM to be identified for authentication
purposes in multi-SIM devices. This SIM number represents the index of
the SIM slot. This SIM number shall be used for the authentication using
the respective SIM for the Wi-Fi connection to the corresponding
network.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-24 12:15:32 +03:00
Marek Puzyniak
8a0f3bf613 AP: Fix checking if DFS is required
Sometimes function hostapd_is_dfs_required() returns -1 which indicates
that it was not possible to check if DFS was required. This happens for
channels from the 2.4 GHz band where DFS checking should not happen.
This can be fixed by returning DFS-not-required for mode different from
IEEE80211A and when DFS support is not available (ieee80211h not set).

Signed-off-by: Marek Puzyniak <marek.puzyniak@tieto.com>
2014-04-17 17:12:52 +03:00
Jouni Malinen
6d99bd8076 nl80211: Debug print HT/VHT capability override information
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-17 17:11:11 +03:00
Jouni Malinen
d2c33b91ad Reduce the amount of time PTK/TPTK/GTK is kept in memory
Some of the buffers used to keep a copy of PTK/TPTK/GTK in the
supplicant implementation maintained a copy of the keys longer than
necessary. Clear these buffers to zero when the key is not needed
anymore to minimize the amount of time key material is kept in memory.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-16 01:29:27 +03:00
Jouni Malinen
e47ee249bc l2_packet: Fix l2_packet_none (hostapd default)
The sample code here ended up trying to register an eloop socket with fd
== -1. This was not really ever supposed to be used, but it is now also
hitting an assert in eloop. Skip the unnecessary
eloop_register_read_sock() to avoid this.

This was causing issues for hostapd since CONFIG_L2_PACKET is not set by
default. If CONFIG_RSN_PREAUTH=y was not used for CONFIG_L2_PACKET was
not set in .config explicitly, the defaul use of l2_packet_none.c ended
up hitting the newly added assert() in eloop.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-14 23:04:55 +03:00
Johannes Berg
30476e4fe7 wlantest: Tag and ignore generated packets
Rather than ignoring packets with a minimal 8-byte radiotap
header, which may occur elsewhere, tag generated (decrypted)
packets with an empty vendor namespace tag and ignore those.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2014-04-13 23:54:25 +03:00
Johannes Berg
bacb984b2d radiotap: Update radiotap parser to library version
Update the radiotap parser to the latest version of the
http://git.sipsolutions.net/radiotap.git/ library to get
parsing for vendor namespaces.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2014-04-13 23:49:59 +03:00
Jouni Malinen
142817b2f9 Add a wpa_supplicant ctrl_iface event for regdom changes
CTRL-EVENT-REGDOM-CHANGE event provides an external notification of
regulatory domain (and any driver channel list) changes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-13 16:32:38 +03:00
Jouni Malinen
d6a36f3956 nl80211: Mask out deauth even after own deauth request
This was already done for the disconnect event, but
SME-in-wpa_supplicant case needs to do same with the deauth event to
avoid getting extra events during WPS disconnect-and-reconnect sequence.
This can speed up WPS processing by removing unnecessary failures or
retries due to the extra event being processed during the next
association attempt.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-13 11:39:49 +03:00
Jouni Malinen
0cd860284c Add CTRL-EVENT-SIGNAL-CHANGE for bgscan signal update events
This allows external programs to monitor driver signal change events
through wpa_supplicant when bgscan is used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-13 10:26:52 +03:00
Felix Fietkau
83c4cb5217 nl80211: Handle multiple interface combinations for P2P
The first combination may allow single-channel concurrency for
P2P + managed, but there may be others that allow multi-channel
concurrency. Parse all of them to find the maximum number of channels.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2014-04-11 19:22:00 +03:00
Nirav Shah
0e0e1e564f P2P: Add retry mechanism for GO Negotiation Confirmation
wpa_supplicant now retries for P2P_GO_NEG_CNF_MAX_RETRY_COUNT times if
it doesn't receive acknowledgement for GO Negotiation Confirmation
frame. Currently, P2P_GO_NEG_CNF_MAX_RETRY_COUNT is set to 1.

While this is not strictly speaking following the P2P specification,
this can improve robustness of GO Negotiation in environments with
interference and also with peer devices that do not behave properly
(e.g., by not remaining awake on the negotiation channel through the
full GO Negotiation).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-11 11:57:05 +03:00
Abhishek Singh
9392c9be7a nl80211: Use LEAVE_IBSS with driver-based-SME
NL80211_CMD_LEAVE_IBSS was used only with wpa_supplicant-based SME.
Extend this to drivers that implement SME internally.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-10 19:51:51 +03:00
Jouni Malinen
bb52293e71 OpenSSL: Detect and prevent TLS heartbeat attack
Some OpenSSL versions have vulnerability in TLS heartbeat request
processing. Check the processed message to determine if the attack has
been used and if so, do not send the response to the peer. This does not
prevent the buffer read overflow within OpenSSL, but this prevents the
attacker from receiving the information.

This change is an additional layer of protection if some yet to be
identified paths were to expose this OpenSSL vulnerability. However, the
way OpenSSL is used for EAP-TLS/TTLS/PEAP/FAST in hostapd/wpa_supplicant
was already rejecting the messages before the response goes out and as
such, this additional change is unlikely to be needed to avoid the
issue.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-09 14:58:48 +03:00
Jouni Malinen
1aa6f953bb WNM: Fix neighbor report subelement parser
Only the Neighbor Report element should be included here, so verify that
the element id matches. In addition, verify that each subelement has
valid length before using the data.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-08 01:01:55 +03:00
Jouni Malinen
5583b8d1eb Document and rename HT Capability/Operation fields
This makes the definitions match the terminology used in IEEE Std
802.11-2012 and makes it easier to understand how the HT Operation
element subfields are used.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-07 22:45:11 +03:00
Jouni Malinen
1dde5b5cdd Remove PSMP option from ht_capab
This was used to fill in the "PSMP support" subfield that was defined
during P802.11n development. However, this subfield was marked reserved
in the published IEEE Std 802.11n-2009 and it is not supported by
current drivers that use hostapd for SME either. As such, there is not
much point in maintaining this field as ht_capab parameter within
hostapd either.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-07 22:02:14 +03:00
Amarnath Hullur Subramanyam
4a16a0bd55 nl80211: Add QCA vendor subcmd for NAN
QCA vendor extension is used for NAN functionality. This defines the
subcommand and attribute to address this.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-07 17:13:08 +03:00
Jouni Malinen
dc39004318 WPS: Remove unused WEP related functionality
Now that WPS 2.0 support is enabled unconditionally, WEP and Shared auth
type are not allowed. This made some of the older code unused and that
can now be removed to clean up the implementation. There is still one
place where WEP is allowed for testing purposes: wpa_supplicant as
Registrar trying to configure an AP to use WEP. That is now only allowed
in CONFIG_TESTING_OPTIONS=y builds, though.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-06 12:31:45 +03:00
Jouni Malinen
9437c2d0ea EAP-pwd peer: Fix fragmentation of PWD-Confirm-Resp
This is somewhat of a corner case since there is no real point in using
so short a fragmentation threshold that it would result in this message
getting fragmented. Anyway, it is better be complete and support this
case as well.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-06 00:51:00 +03:00
Jouni Malinen
48f668eecf EAP-pwd: Fix memory leak on error path with fragmentation
If fragmentation is used, the temporary inbuf/outbuf could have been
leaked in error cases (e.g., reaching maximum number of roundtrips).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-06 00:34:30 +03:00
Jouni Malinen
9ff4de6de4 Move DROP_SA command to be within ifdef CONFIG_TESTING_OPTIONS
This is a test command and has no use in production builds.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-05 23:59:31 +03:00
Jouni Malinen
e1a273a61d Remove used KDE addition code from EAPOL-Key msg 4/4
EAPOL-Key msg 4/4 has no specified KDE use, so remove the unused code to
simplify the implementation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-05 23:30:16 +03:00
Jouni Malinen
76d3fb1eeb Remove unused wpa_sm_get_param() function
This function was not used anywhere and was not up-to-date with
full tet of parameters.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-05 20:42:12 +03:00
Jouni Malinen
ed429931a0 TDLS: Add test mode for MIC failure testing
"SET tdls_testing 0x800" can be used to enable a special test mode that
forces the FTIE MIC in TDLS setup messages to be incorrect.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-04-05 20:42:12 +03:00
Jouni Malinen
1619e9d512 Interworking: Add ctrl_iface events on cred block modifications
Following events are now sent to ctrl_iface monitors to indicate if
credential blocks have been added, modified, or removed:

CRED-ADDED <id>
CRED-MODIFIED <id> <field>
CRED-REMOVE <id>

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-04-04 19:10:47 +03:00
Jouni Malinen
21611ea9fd edit: Increase buffer size to 4096 bytes
wpa_supplicant and wpa_cli had already moved to allowing up to 4096 byte
buffer size to be used for control interface commands. This was limited
by the line edit buffer in interactive mode. Increase that limit to
match the other buffers to avoid artificially truncating long commands.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-31 12:30:50 +03:00
Jouni Malinen
1e03c6cb7d XML: Remove forgotten, unused definition of debug_print_func
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-31 12:25:13 +03:00
Jouni Malinen
8943cc998a RADIUS server: Add support for MAC ACL
"user" MACACL "password" style lines in the eap_user file can now be
used to configured user entries for RADIUS-based MAC ACL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-29 19:31:56 +02:00
Jouni Malinen
dc87541e1e Clean up debug print for PSK file search
p2p_dev_addr was not NULL, so the all zeros case was printed as well.
Clean this up by printing p2p_dev_addr in debug prints only if it is a
real P2P Device Address.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-29 09:50:51 +02:00
Janusz Dziedzic
bbbacbf2f8 DFS: Print CAC info in ctrl_iface STATUS command
Print CAC time and CAC left time in control interface STATUS command.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2014-03-28 23:02:45 +02:00
Maxime Bizon
5c9da160a5 nl80211: Set all BSS interfaces down when tearing down AP in MBSS mode
If the interface was not added by hostapd, it could have been left up
when disabling the AP.

Signed-off-by: Maxime Bizon <mbizon@freebox.fr>
2014-03-27 16:45:25 +02:00
Avraham Stern
3ae8b7b7a2 hostapd: Add vendor command support
Add support of vendor command to hostapd ctrl_iface.
Vendor command's format:
VENDOR <vendor id> <sub command id> [<hex formatted data>]

The 3rd argument will be converted to binary data and then passed as
argument to the sub command.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2014-03-27 15:28:44 +02:00
Pawel Kulakowski
74a1319e50 Fix issue with incorrect secondary_channel in HT40/HT80
When primary and secondary channel were switched and config was
reloaded, secondary channel was incorrectly overwritten.

Proceed as for other settings that should not be changed and don't
allow to overwrite.

Signed-off-by: Pawel Kulakowski <pawel.kulakowski@tieto.com>
2014-03-27 15:22:39 +02:00
Sunil Dutt
96ecea5eb1 Pass TDLS peer capability information in tdls_mgmt
While framing the TDLS Setup Confirmation frame, the driver needs to
know if the TDLS peer is VHT/HT/WMM capable and thus shall construct the
VHT/HT operation / WMM parameter elements accordingly. Supplicant
determines if the TDLS peer is VHT/HT/WMM capable based on the presence
of the respective IEs in the received TDLS Setup Response frame.

The host driver should not need to parse the received TDLS Response
frame and thus, should be able to rely on the supplicant to indicate
the capability of the peer through additional flags while transmitting
the TDLS Setup Confirmation frame through tdls_mgmt operations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-27 15:18:48 +02:00
Jouni Malinen
78cd7e69de Sync with wireless-testing.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2014-03-25.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-27 14:50:39 +02:00
Maxime Bizon
b36935be1a nl80211: Fix EAPOL frames not being delivered
When hostapd choose to reuse an existing interface, it does not add it
to the set of interfaces from which we accept EAPOL packets.

Make sure we always add it to that set.

Signed-off-by: Maxime Bizon <mbizon@freebox.fr>
2014-03-26 16:37:42 +02:00
Jouni Malinen
6997f8baab nl80211: Set interface address even if using old interface
If an existing interface is allowed to be used, its address better be
updated to match the requested one.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-26 16:33:03 +02:00
Jouni Malinen
9b4d9c8bbc nl80211: Print if_indices list in debug log
This makes it easier to debug dynamic interface addition/removal.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-26 00:42:24 +02:00
Maxime Bizon
762c41ae99 eloop: Add assert() on negative fd when using select() code path
Signed-off-by: Maxime Bizon <mbizon@freebox.fr>
2014-03-26 00:17:07 +02:00
Jouni Malinen
163f801ef2 nl80211: Indicate HS 2.0 OSEN AKM in connect/associate command
This allows drivers that build the WPA/RSN IEs internally to use similar
design for building the OSEN IE.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-25 18:33:21 +02:00
Jouni Malinen
c201f93a9e WPS: Enable WSC 2.0 support unconditionally
There is not much point in building devices with WPS 1.0 only supported
nowadays. As such, there is not sufficient justification for maintaining
extra complexity for the CONFIG_WPS2 build option either. Remove this by
enabling WSC 2.0 support unconditionally.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-25 18:33:21 +02:00
Rashmi Ramanna
41d5ce9e0b P2P: Optimize scan for GO during persistent group invocation
Scan for GO on the negotiated operating channel for few iterations
before searching on all the supported channels during persistent group
reinvocation. In addition, use the already known SSID of the group in
the scans. These optimizations reduce group formation time.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-25 15:38:33 +02:00
Jouni Malinen
4d1e38be9e ACS: Fix number of error path issues
Especially when multiple BSSes are used with ACS, number of the error
paths were not cleaning up driver initialization properly. This could
result in using freed memory and crashing the process if ACS failed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-25 13:12:29 +02:00
Jouni Malinen
692ec3058b FT: Add support for postponing FT response
If the PMK-R1 needs to be pulled for the R0KH, the previous
implementation ended up rejecting the over-the-air authentication and
over-the-DS action frame unnecessarily while waiting for the RRB
response. Improve this by postponing the Authentication/Action frame
response until the pull response is received.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-23 18:31:06 +02:00
Jouni Malinen
6ace13a9e5 P2P: Clean up channel selection code to use helper functions
This moves some of the p2p_prepare_channel_best() functionality into
separate helper functions to make the implementation easier to read.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-23 11:01:59 +02:00
Jouni Malinen
70c35233ae WPS: Comment out unused AP WEP config write with WPS 2.0
The main WPS code rejects WEP parameters, so this code is not used and
can be commented out from WPS 2.0 builds. This is similar to the earlier
commit that commented out in-memory update.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-22 23:31:39 +02:00
Arif Hussain
c3ba70f4d0 P2P: Update op_reg_class in random social channel case
Commit 94b84bc725 missed one path where
p2p->op_reg_class should have been updated. Set this to 81 during
operating channel selection from 2.4 GHz.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-22 22:44:53 +02:00
Amar Singhal
70634eec0c hostapd: Check driver DFS offload capability for channel disablement
If the driver supports full offloading of DFS operations, do not disable
a channel marked for radar detection. The driver will handle the needed
operations for such channels.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-22 21:31:15 +02:00
Amar Singhal
65d645ce43 nl80211: Fetch DFS offload capability from driver
This uses a QCA vendor extension to determine if the driver supports
fully offloaded DFS operations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-22 21:20:32 +02:00
Jouni Malinen
a500f3102f WPS: Comment out unused AP WEP config update with WPS 2.0
The main WPS code rejects WEP parameters, so this code is not used and
can be commented out from WPS 2.0 builds.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-22 19:22:10 +02:00
Jouni Malinen
1d4fe3bcbc Remove unnecessary parameter validation
This is dead code since this helper function is always called with
non-NULL pointer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-22 16:25:28 +02:00
Arif Hussain
94b84bc725 P2P: Avoid unsafe pre-configured channel as channel preference
Do not select pre-configured channel as operating channel preference if
it is unavailable maybe due to interference or possible known
co-existence constraints, and try to select random available channel.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-22 10:20:08 +02:00
Pawel Kulakowski
513dcec656 Don't overwrite channel on hostapd config reload
There was possibility that the current channel in Beacon information
element was incorrectly set. This problem was easily observed when
primary and secondary channel were switched and then some of hostapd
settings (for example password) were changed using WPS External
Registrar. This caused hostapd_reload_config() function overwrite the
current channel information from config file.

This patch prevents this situation and does not allow to overwrite
channel and some other settings when config is reloaded.

Signed-off-by: Pawel Kulakowski <pawel.kulakowski@tieto.com>
2014-03-21 23:30:57 +02:00
Jouni Malinen
20ff2642e1 WPS: Clear WPS data on init failure
It was possible for hapd->wps_beacon_ie and hapd->wps_probe_resp_ie to
be set if WPS initialization in hostapd failed after having set these
parameters (e.g., during UPnP configuration). In addition, many of the
other WPS configuration parameters that were allocated during the first
part of the initialization were not properly freed on error paths.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-21 13:23:23 +02:00
Jouni Malinen
f19e370e15 WPS: Do not advertise WPA/WPA2-Enterprise Auth Type Flags
While the device itself may support WPA/WPA2-Enterprise, enrollment of
credentials for EAP authentication is not supported through WPS. As
such, there is no need to claim support for these capabilities within
WPS information.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-20 15:13:48 +02:00
Jouni Malinen
1b5df9e591 nl80211: Do not indicate scan started event on scan_for_auth
The scan_for_auth workaround for cfg80211 missing a BSS entry for the
target BSS during authentication uses a single channel scan controlled
within driver_nl80211.c. This operation does not indicate
EVENT_SCAN_RESULTS to the upper layer code. However, it did report
EVENT_SCAN_STARTED and this resulted in the radio work protection code
assuming that an external program triggered a scan, but that scan never
completed. This resulted in all new radio work items getting stuck
waiting for this scan to complete.

Fix this by handling the scan_for_auth situation consistently within
driver_nl80211.c by filtering both the EVENT_SCAN_STARTED and
EVENT_SCAN_RESULTS.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-18 22:48:44 +02:00
Jouni Malinen
4d65deda7f HS 2.0R2: Clean up debug from libcurl
Do not truncate CURLINFO entries on first linefeed to get full IN/OUT
headers and data into debug log. Use wpa_hexdump_ascii() if any
non-displayable characters are included. Remove the separate header/data
debug dumps since all that information is now available from the debug
callback.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-18 00:39:35 +02:00
Jouni Malinen
f4e3860f8a Fix AP mode default TXOP Limit values for AC_VI and AC_VO
These were previous set to 3.0 and 1.5 ms which ended up using values 93
and 46 in 36 usec inits. However, the default values for these are
actually defined as 3.008 ms and 1.504 ms (94/47) and those values are
also listed in the hostapd.conf example.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-17 18:48:40 +02:00
Jouni Malinen
47bd94a09f TLS testing: Add new test cases for RSA-DHE primes
test-tls-4: Short 511-bit RSA-DHE prime
test-tls-5: Short 767-bit RSA-DHE prime
test-tls-6: Bogus RSA-DHE "prime" 15
test-tls-7: Very short 58-bit RSA-DHE prime in a long container
test-tls-8: Non-prime as RSA-DHE prime

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-16 12:43:49 +02:00
Jouni Malinen
f5bbb2f284 TLS client: Reject RSA-DHE prime if it shorter than 768 bits
Such short primes cannot really be considered secure enough for
authentication purposes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-16 12:43:37 +02:00
Jouni Malinen
817742f5aa TLS testing: Fix test_flags check for ApplData report
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-16 10:59:17 +02:00
Michal Kazior
c3722e1241 ACS: Fix VHT20
The center segment0 calculation for VHT20 ACS was incorrect. This caused
ACS to fail with: "Could not set channel for kernel driver".

Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
2014-03-15 19:04:31 +02:00
Jouni Malinen
49b74430d9 Fix HT40 co-ex scan for some pri/sec channel switches
Secondary channel was compared incorrectly (-4/4 vs. actual channel
number) which broke matching neighboring 40 MHz BSSes and only the
no-beacons-on-secondary-channel rule was applied in practice. Once
sec_chan was fixed, this triggered another issue in this function where
both rules to switch pri/sec channels could end up getting applied in a
way that effectively canceled the switch.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-15 19:04:31 +02:00
Jouni Malinen
5bdac4abce Remove unused STA entry information
previous_ap and last_assoc_req were not really used for anything
meaninful, so get rid of them to reduce the size of per-STA memory
allocation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-15 09:57:10 +02:00
Jouni Malinen
c9d9ee94e5 Fix hostapd_add_iface error path to deinit partially initialized BSS
It was possible for the control interface and some of the BSS setup to
be left partially initialized in failure cases while the BSS structures
were still freed. Fix this by properly cleaning up anything that may
have passed initialization successfully before freeing memory.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-14 21:58:46 +02:00
Jouni Malinen
8dd9f9cdde Allow management group cipher to be configured
This allows hostapd to set a different management group cipher than the
previously hardcoded default BIP (AES-128-CMAC). The new configuration
file parameter group_mgmt_cipher can be set to BIP-GMAC-128,
BIP-GMAC-256, or BIP-CMAC-256 to select one of the ciphers defined in
IEEE Std 802.11ac-2013.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-14 21:58:45 +02:00
Paul Stewart
db63757dbc hostapd: Supply default parameters for OBSS scan
For some client OBSS implementations that are performed in
firmware, all OBSS parameters need to be set to valid values.
Do this, as well as supplying the "20/40 Coex Mgmt Support"
flag in the extended capabilities IE.

Signed-hostap: Paul Stewart <pstew@chromium.org>
2014-03-14 21:49:08 +02:00
Johannes Berg
67e1a402df hostapd: For VHT 20/40, allow center segment 0 to be zero
The 802.11ac amendment specifies that that the center segment 0 field
is reserved, so it should be zero. Hostapd previously required it to
be set, which is likely a good idea for interoperability, but allow it
to be unset. However, don't allow it to be set to a random value, only
allow zero and the correct channel.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2014-03-14 17:07:17 +02:00
Jouni Malinen
d0bf06f2d9 GAS server: Remove incomplete remote ANQP processing
Some of the remote ANQP server concepts were introduces into gas_serv.c,
but these were not completed. Remote the unused implementation for now.
It can be added back if support for remote ANQP server is added at some
point.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-13 21:12:39 +02:00
Jouni Malinen
fdb45355d4 WPS: Extend per-station PSK to support ER case as well
When wpa_psk_file is used instead of wpa_psk/wpa_passphrase, each WPS
Enrollee was given a unique PSK. This did not work for the
station-as-Registrar case where ER would learn the current AP settings
instead of enrolling itself (i.e., when using the AP PIN instead of
station PIN). That case can be covered with a similar design, so
generate a per-device PSK when building M7 as an AP in wpa_psk_file
configuration.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-13 18:22:25 +02:00
Jouni Malinen
ce6b9cd482 Allow reason code to be specified for DEAUTH/DISASSOC test frame
hostapd DEAUTHENTICATE and DISASSOCIATE control interface commands
accepted both a test=<0/1> and reason=<val> parameters, but these were
not supported in the same command as a combination. Move the code around
a bit to allow that as well since it can be helpful for automated test
scripts.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-13 01:26:09 +02:00
Sunil Dutt
dda8be7114 TDLS: Use QoS info from WMM IE obtained in TDLS frames
TDLS Setup Request/Response frames from the peers include the WMM IE,
hence parse the same and consider the QoS Info from the WMM IE. The
qos_info obtained in the WMM IE overwrites the one obtained through
WLAN_EID_QOS attribute.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-12 22:39:11 +02:00
Sunil Dutt Undekari
3a8ec7382e P2P: Report dev_found event (if not yet done) from GO Neg Req RX
p2p_find removes P2P_DEV_REPORTED flag from every existing P2P peer
entry. Thus, if a GO Negotiation Request frame is received before the
peer is re-discovered based on Probe Response frame, report
P2P-DEVICE-FOUND indication prior to the P2P-GO-NEG-REQUEST similarly to
how this is done the first time the peer is found.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-12 22:39:11 +02:00
Jouni Malinen
0f23a5e7d6 Mark AP disabled if initialization steps fail
Previously, some of the last initialization steps could fail without
clearly marking the interface disabled. For example, configuring the
channel to the driver could fail, but hostapd would not clearly identify
as the interface not being in functional state apart from not moving it
to the ENABLED state. Send an AP-DISABLED event and mark interface state
DISABLED if such a setup operation fails.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-12 13:55:05 +02:00
Jouni Malinen
39b420f7b1 HS 2.0R2: Add parse_cert command for debugging purposes
This hs20-osu-client client command can be used to parse a DER encoded
X.509v3 certificate with the logotype extensions and
id-wfa-hotspot-friendlyName values shown in detail.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-12 01:09:22 +02:00
Jouni Malinen
d2bb2b4681 Add os_file_exists()
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-12 01:09:22 +02:00
Jouni Malinen
1cb3eda954 HS 2.0R2: Add wrapper functions for libcurl
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-12 01:09:22 +02:00
Jouni Malinen
2cb8f96789 HS 2.0R2: Add wrapper functions for libxml2
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-12 01:09:22 +02:00
Jouni Malinen
da4ec2c71a HS 2.0R2: Add wrapper for system browser
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-12 01:09:22 +02:00
Jouni Malinen
db3ca20ec8 HS 2.0R2: Add wrapper for wpadebug browser on Android
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-12 01:09:21 +02:00
Jouni Malinen
2a10e57201 HS 2.0R2: Add wrapper for Android browser for user interaction
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-12 01:09:21 +02:00
Jouni Malinen
d0b79d74b6 HS 2.0R2: Add wrapper functions for WebKit
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-12 01:09:21 +02:00
Jouni Malinen
91728f2f12 Add wpa_ctrl helper functions for upper level functionality
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-12 01:09:21 +02:00
Jouni Malinen
e8d70a739b nl80211: Hide deauth event due to forced deauth-during-auth
If NL80211_CMD_AUTHENTICATE fails due to exiting authentication, forced
deauthentication is used to clear cfg80211 start and a new
authentication command is retried. This resulted in an extra
disconnection event getting delivered to the core wpa_supplicant code
and that could end up confusing state there, e.g., by clearing
connection parameters like wpa_s->key_mgmt and preventing the following
association from reaching proper COMPLETED state with open networks.

Fix this by hiding the unnecessary disconnection event when using the
deauth-for-auth workaround.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-11 20:02:23 +02:00
Ben Greear
7450c1287d DFS: Add extra debugging messages
This might help someone realize why their hostapd config isn't working
properly.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2014-03-11 19:26:48 +02:00
Moshe Benji
8c06db703d nl80211: Fix P2P Device handling when starting with RF-kill blocked
On RF-kill, we should not request the kernel to start a P2P device. In
addition, we should call i802_set_iface_flags() both for a P2P Device
interface and any other interface instead of calling a dedicated
function for each.

Signed-off-by: Moshe Benji <Moshe.Benji@intel.com>
2014-03-11 19:22:03 +02:00
Simon Wunderlich
1d91f504e4 hostapd: Process management frames only once per BSS
At least in nl80211, broadcast management frames like Probe Request
frames, may be processed multiple times per BSS if multi-BSS is active
and NL80211_CMD_FRAME event is used to deliver them. In the case of
Probe Request frames, hostapd will create multiple redundant Probe
Response frames which are problematic when many BSS are on one channel.

This problem is caused by driver_nl80211 generating an event for
wpa_supplicant_event() for each BSS, and hostapd_mgmt_rx() calls
ieee802_11_mgmt() for each BSS, too.

Fix this by processing broadcast events only for the BSS the driver
intended to. The behavior is not changed for drivers not setting a BSS.

Signed-hostap: Simon Wunderlich <simon@open-mesh.com>
2014-03-11 19:07:25 +02:00
Simon Wunderlich
e070051207 hostapd: Allow to switch to usable DFS channels
If channels are "available", change to "usable" DFS channels as a
fallback, too. This requires CAC, but it is still better to do that
instead of stopping service completely.

Signed-hostap: Simon Wunderlich <sw@simonwunderlich.de>
2014-03-11 19:04:15 +02:00
Simon Wunderlich
01b99998bd hostapd: Allow to switch to DFS channels if available
If DFS channels are marked as "available", an AP can switch to them
immediately without performing CAC. Therefore, the channel selection
function should consider these channels even though these are radar
channels.

Signed-hostap: Simon Wunderlich <sw@simonwunderlich.de>
2014-03-11 19:01:44 +02:00
Simon Wunderlich
70ee1be248 hostapd: Add config option chanlist for DFS channels
Different channels allow different transmission power, at least in ETSI
countries. Also, ETSI requires a "channel plan" for DFS operation, and
channels should be randomly choosen from these channels.

Add a channel list configuration option for users to add channels
hostapd may pick from.

Signed-hostap: Simon Wunderlich <sw@simonwunderlich.de>
2014-03-11 18:59:40 +02:00
Jouni Malinen
09eef142ea Use internal FIPS 186-2 PRF if needed
Previously, EAP-SIM/AKA/AKA' did not work with number of crypto
libraries (GnuTLS, CryptoAPI, NSS) since the required FIPS 186-2 PRF
function was not implemented. This resulted in somewhat confusing error
messages since the placeholder functions were silently returning an
error. Fix this by using the internal implementation of FIP 186-2 PRF
(including internal SHA-1 implementation) with crypto libraries that do
not implement this in case EAP-SIM/AKA/AKA' is included in the build.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-11 16:44:22 +02:00
Jouni Malinen
3b9c5176d1 Fix PTK derivation for CCMP-256 and GCMP-256
Incorrect PTK length was used in PMK-to-PTK derivation and the Michael
MIC TX/RX key swapping code was incorrectly executed for these ciphers
on supplicant side.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-11 15:00:09 +02:00
Jouni Malinen
e6ef73f188 nl80211: Add debug print of KEY_DATA and KEY_SEQ
While these were already available from elsewhere in the debug log, it
is convenient to have the values also available at the location where
the actual nl80211 command is issued.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-11 14:59:15 +02:00
Jouni Malinen
b465f5d3a1 Remove unused hostapd_wep_key_cmp()
The only user was removed five years ago in commit
fb6d357532.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-10 10:27:58 +02:00
Jouni Malinen
390b92913a TLS testing: Allow hostapd to be used as a TLS testing tool
The internal TLS server implementation and RADIUS server implementation
in hostapd can be configured to allow EAP clients to be tested to
perform TLS validation steps correctly. This functionality is not
included in the default build; CONFIG_TESTING_OPTIONS=y in
hostapd/.config can be used to enable this.

When enabled, the RADIUS server will configure special TLS test modes
based on the received User-Name attribute value in this format:
<user>@test-tls-<id>.<rest-of-realm>. For example,
anonymous@test-tls-1.example.com. When this special format is used, TLS
test modes are enabled. For other cases, the RADIUS server works
normally.

The following TLS test cases are enabled in this commit:
1 - break verify_data in the server Finished message
2 - break signed_params hash in ServerKeyExchange
3 - break Signature in ServerKeyExchange

Correctly behaving TLS client must abort connection if any of these
failures is detected and as such, shall not transmit continue the
session.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-09 18:47:09 +02:00
Jouni Malinen
994afe3390 RADIUS server: Allow TLS implementation add log entries
This allows the internal TLS implementation to write log entries to the
same authlog with rest of the RADIUS server and EAP server
functionality.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-09 18:21:13 +02:00
Jouni Malinen
01f7fe10ef RADIUS server: Allow EAP methods to log into SQLite DB
This extends RADIUS server logging capabilities to allow EAP server
methods to add log entries.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-09 18:21:13 +02:00
Jouni Malinen
8a57da7e28 RADIUS server: Add option for storing log information to SQLite DB
If eap_user_file is configured to point to an SQLite database, RADIUS
server code can use that database for log information.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-09 18:21:13 +02:00
Jouni Malinen
f3ef7a2640 TLS client: Send decrypt_error on verify_data validation error
Previously, this was silently dropped which left the connection waiting
for timeout. decrypt_error alert can be used here to avoid that.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-09 18:21:13 +02:00
Jouni Malinen
129b9b991a TLS: Share a helper function for verifying Signature
This same design is used in both the server and the client roles in the
internal TLS implementation. Instead of duplicated implementation, use a
helper function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-09 17:11:58 +02:00
Jouni Malinen
6531963584 TLS: Use a helper function for calculating ServerKeyExchange hash
Instead of separate server and client side implementations, use a common
set of helper functions for calculating the ServerParams hash for
ServerKeyExchange.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-09 16:26:27 +02:00
Jouni Malinen
65074a2a7c TLS: Add support for DHE-RSA cipher suites
This extends the internal TLS implementation to support DHE-RSA
cipher suites in both server and client roles.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-09 15:43:50 +02:00
Jouni Malinen
41ebfe97ec TLS server: Enable SHA256-based cipher suites
The SHA256-based RSA-AES-128/256 cipher suites were already implemented
and enabled for the internal TLS client, but they had not been enabled
for the server.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-09 11:57:05 +02:00
Jouni Malinen
ec33bc67f8 Enable RADIUS message dumps with excessive debug verbosity
Previously, this was enabled only at msgdump verbosity level, but any
level that is more verbose than it should also be included.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-08 11:35:08 +02:00
Jouni Malinen
226e3579f9 Revert "bridge: Track inter-BSS usage"
This reverts commit 4345fe963e. That
introduced number of memory leaks and since the rest of the VLAN changes
did not yet go in, it is easier to revert this for now and bring back
the changes after fixes if there is sufficient interest for them in the
future.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-08 11:35:08 +02:00
Jouni Malinen
d0ee16edc8 Allow arbitrary RADIUS attributes to be added into Access-Accept
This extends the design already available for Access-Request packets to
the RADIUS server and Access-Accept messages. Each user entry can be
configured to add arbitrary RADIUS attributes.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-08 11:35:08 +02:00
Jouni Malinen
0ac3876627 Fix PMF protect disconnection on session timeout
Request the driver to send a Deauthentication frame before doing
any other disconnection steps on the session timeout path. This is
needed when PMF is negotiated for the association since the driver
will need to find the STA entry and the PTK for it to be able to
protect the robust Deauthentication frame.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-07 23:24:54 +02:00
Pawel Kulakowski
185677b74c Disable interface if ACS fails
In case of Automatic Channel Selection (ACS) failure, we do not have a
real fallback path. Interface still remains in ACS state. To reflect we
did not succeed with ACS, simply disable the interface and indicate this
to user/upper layer entity so that a suitable recovery or error
notification can be performed.

Signed-off-by: Pawel Kulakowski <pawel.kulakowski@tieto.com>
2014-03-06 23:12:33 +02:00
Jouni Malinen
8f05577d11 Configure beacon interval for IBSS command
wpa_supplicant already allowed beacon interval to be configured for AP
mode operations, but this was not passed to the driver for IBSS even
though the same parameter can used for that case. Add this for the
nl80211 driver interface to allow beacon interval to be controlled for
IBSS as well.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-06 23:09:20 +02:00
Jouni Malinen
95faa36ad9 HS 2.0R2: Check for OSEN when determining whether to authorize STA
handle_assoc_cb() got this addition, but the check in
hostapd_new_assoc_sta() was not modified to be aware of the OSEN special
case for EAPOL state machines to be used for marking a STA authorized.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-06 22:48:37 +02:00
Sunil Dutt Undekari
113318ad57 Set the station to authorized on assoc event for open authentication
This was done in handle_assoc_cb() in ieee802_11.c for drivers that use
hostapd SME/MLME. However, drivers that include SME/MLME implementation
do not use that function and the STA flag needs to be set when
processing the association notification. This is needed to get the STA
entry into showing the proper authorized state and to get the
AP-STA-CONNECTED/DISCONNECTED events on the control interface.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-06 22:45:15 +02:00
Bartosz Markowski
905828fea4 hostapd: Fix vht_capab 'Maximum A-MPDU Length Exponent' handling
As per IEEE Std 802.11ac-2013, 'Maximum A-MPDU Length Exponent' field
value is in the range of 0 to 7. Previous implementation assumed EXP0 to
be the maximum length (bits 23, 24 and 25 set) what is incorrect.

This patch adds options to set it up within the 0 to 7 range.

Signed-off-by: Bartosz Markowski <bartosz.markowski@tieto.com>
2014-03-06 00:09:37 +02:00
Michal Kazior
89de64c5c0 ACS: Fix VHT80 segment picking
For example, the previous implementation considered [44, 48, 52, 56] to
be a valid VHT80 channel -- which it is not. This resulted in, e.g.,
failure to start CAC when channels on overlapped segments included DFS
channels.

Add a check similar to the HT40 one to prevent that. The check is
performed this way as the ACS implementation assumes the primary channel
to be the first channel in a given segment.

Signed-off-by: Michal Kazior <michal.kazior@tieto.com>
2014-03-06 00:01:29 +02:00
Janusz Dziedzic
1f37483416 DFS: Print error in case CAC fails
Previously, we printed this message as a debug one, which was confusing
in case verbose debug messages were disabled. User could think CAC
started but never ended. Add more parameterss to DFS_EVENT_CAC_START, so
external programs can more easily check what was wrong in case of
errors.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2014-03-05 23:59:04 +02:00
Moshe Benji
354c903f8e AP/GO interface teardown optimization
This commit adds an option to optimize AP teardown by leaving the
deletion of keys (including group keys) and stations to the driver.

This optimization option should be used if the driver supports stations
and keys removal when stopping an AP.

For example, the optimization option will always be used for cfg80211
drivers since cfg80211 shall always remove stations and keys when
stopping an AP (in order to support cases where the AP is disabled
without the knowledge of wpa_supplicant/hostapd).

Signed-off-by: Moshe Benji <moshe.benji@intel.com>
2014-03-05 23:57:02 +02:00
Rahul Jain
8bc4372f37 Use P2P_IE_VENDOR_TYPE more consistently
Previously, both this and combination of OUI_WFA and P2P_OUI_TYPE were
used. Using the full 32-bit value as a single operation saves a bit in
code size, so start moving towards using it more consistently when
writing or finding the P2P vendor specific element.

Signed-off-by: Rahul Jain <rahul.jain@samsung.com>
2014-03-05 23:36:54 +02:00
Rahul Jain
8714caa1c2 WPS: Parse Registrar Configuration Methods
This new subelement was added into the WFA Vendor Extension.

Signed-off-by: Rahul Jain <rahul.jain@samsung.com>
2014-03-05 23:26:16 +02:00
Jouni Malinen
6b9f7af651 nl80211: Extend the new vendor command for testing nl80211
CONFIG_TESTING_OPTIONS=y build of wpa_supplicant now allows arbitrary
cfg80211 commands to be performed through the new VENDOR ctrl_iface
command by using a special vendor_id ffffffff. The command identifier
(NL80211_CMD_*) is encoded as the subcmd and the attributes in the
hexformatted data area. Response attributes are returned as a hexdump.

For example, this shows a NL80211_CMD_FRAME and a response (cookie
attribute) on a little endian host:

wpa_cli -i wlan0 vendor ffffffff 59 080003004d0000000800260085090000....
0c00580000d7868c0388ffff

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-05 17:19:58 +02:00
Andrei Otcheretianski
819f096f5b nl80211: Fix RTM event handling for dynamic interfaces
When an interface is disabled through rtm event, wpa_supplicant's
EVENT_INTERFACE_DISABLED is generated, which in turn, may
completely destroy wpa_driver_nl80211_data struct (drv). This
scenario happens now when P2P GO interface is disabled. Since this
struct may be used later in this function it causes segmentation fault.

Fix it by trying to find drv again in the interface list after
wpa_supplicant's event handling.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2014-03-04 22:30:48 +02:00
Beni Lev
adef89480d nl80211: Add vendor command support
Add a callback to the driver interface that allows vendor specific
commands to be sent. In addition, a control interface command is added
to expose this new interface outside wpa_supplicant:

Vendor command's format:
VENDOR <vendor id> <sub command id> [<hex formatted data>]

The 3rd argument will be converted to binary data and then passed as
argument to the sub command.

This interface is driver independent, but for now, this is only
implemented for the nl80211 driver interface using the cfg80211 vendor
commands.

Signed-off-by: Beni Lev <beni.lev@intel.com>
2014-03-04 22:24:20 +02:00
Felix Fietkau
d0595b25b4 nl80211: Fix tearing down WDS STA interfaces
wpa_driver_nl80211_if_remove() checks bss->if_added before deleting an
interface, which is 0 for the first BSS. The only part of
wpa_driver_nl80211_if_remove() that should get called for WDS STA
interfaces is the call to nl80211_remove_iface(), which can be pulled in
here directly.

Signed-off-by: Felix Fietkau <nbd@openwrt.org>
2014-03-04 20:13:01 +02:00
Jouni Malinen
5f7e1c06cd Redirect more frames with ext_mgmt_frame_handling=1
This allows Action frames from not-associated stations to be processed
by external test tools.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 17:15:12 +02:00
Jouni Malinen
7738163951 RADIUS server: Copy IPv4 address only when IPv6 is not used
The local addr variable is valid only when !ipv6, so there is no point
in copying it for the IPv6 case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 17:15:12 +02:00
Jouni Malinen
3b6170b78d WPS: Remove duplicate variable setting
There is no need to use a for loop here since the h variable is
set identically at the beginning of the body anyway.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 17:15:12 +02:00
Jouni Malinen
78789d95b4 Remove unnecessary variable initialization
The following if statements set the new_op_mode value in all cases,
so there is no need to initialize this to 0 first. This removes a
static analyzer warning.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 17:15:12 +02:00
Jouni Malinen
e997bc75dd Remove a static analyzer warning about unused variable write
The pos variable was not used between its first and second assignment.
Clean this up by using the pos variables instead of the buf (start of
the buffer).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 17:15:12 +02:00
Jouni Malinen
8a4ce28000 WPA: Clean up cipher suite counting in write routines
There is no need to maintain a separate counter for this in addition to
the pointer to the current location. In addition, this gets rid of
warnings about unused variable write.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 17:15:12 +02:00
Jouni Malinen
749fa140ff Debug print trailing WPA/RSN IE bytes, if any
This silences a never-used analyzer warning in addition to making the
debug log entry somewhat more useful.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 17:15:12 +02:00
Jouni Malinen
a5802c0620 OpenSSL: Avoid never-used analyzer warning
Use #ifdef blocks more cleanly to avoid unnecessary never-used
assignment of a variable.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 17:15:12 +02:00
Jouni Malinen
7b6e81575f Clean up hostapd add_iface error path operations
If hapd_iface->bss[i] == NULL, this could have resulted in NULL pointer
dereference in the debug print. Avoid this by skipping the message in
case of NULL pointer. In addition, clear iface->bss[i] to NULL for
additional robustness even though this array gets freed immediately.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 17:15:12 +02:00
Jouni Malinen
3ff8073db7 EAP-FAST: Use clear eap_get_config() result validation
This was previously checked through the eap_peer_tls_ssl_init() call
which made it difficult for static analyzers. Add an explicit check for
config == NULL into the beginnign of eap_fast_init() since this will
always result in initialization failing anyway.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 17:15:12 +02:00
Jouni Malinen
a8716d13bf roboswitch: Verify that register read succeeds before comparing result
If wpa_driver_roboswitch_read() fails before such comparison, the values
that are being compared are not initialized properly and as such, there
is not much point in comparing them either.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 17:15:12 +02:00
Jouni Malinen
3d91a0470f DFS: Make sure center frequency is always initialized for VHT
This seemed to be fine on most code paths, but the code was complex
enough to make the analysis difficult (and a bit too much for static
analyzers). There is no harm in forcing these parameters to be
initialized, so do that to make sure they cannot be left uninitialized.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 17:15:12 +02:00
Jouni Malinen
fa0a9f536c trace: Fix memory use on no-function name path
bfd_demangle() call could be skipped if data.function == NULL. Make sure
the already freed aname pointer cannot be used again in such a case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 17:15:12 +02:00
Jouni Malinen
d12eb581f9 test: Use more consistent NULL checking for associate ssid parameter
This was checked once against NULL, but not on the following uses.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 17:15:11 +02:00
Jouni Malinen
bd27b1360f Make code path easier for static analyzers
record->type == NULL case was handled through the record->type_length
comparison. While this was correct, it is a bit difficult for static
analyzers to understand, so add an extra check for NULL to avoid false
reports on this.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 17:15:11 +02:00
Jouni Malinen
64abb725ba nl80211: Allow old r-o-c offchannel TX to be tested
no_offchannel_tx=1 driver parameter can now be used to force the older
remain-on-channel -based offchannel TX design to be used with
mac80211_hwsim. This can be used to increase test coverage with the
hwsim test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 10:35:34 +02:00
Jouni Malinen
fa72a880ed P2P: Fix validation on Invitation Request error path
It was possible for the error path to try to use P2P Group ID attribute
even if one was not included in the message. This could result in
dereferencing a NULL pointer, so re-check the pointer before copying the
data.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 10:35:33 +02:00
Jouni Malinen
ca412c7a38 Remove unreachable return statement
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 10:35:33 +02:00
Jouni Malinen
2af4d87fc3 GAS: Fix additional comeback delay with status code 95
The special case of non-zero status code used in a GAS Comeback Response
frame to indicate that additional delay is needed before the response is
available was not working properly. This case needs to allow the status
code check to be bypassed for the comeback case prior to having received
any response data.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-01 17:06:20 +02:00
Jouni Malinen
b908c50a81 Clear hostapd bss entry to NULL on add-interface-failure
It looks like leaving behind the freed pointed at the end of the array
could end up in a crash triggered by double free in some cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-01 00:38:04 +02:00
Kyeyoon Park
0052ce499a atheros: Add support for OSEN
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-01 00:38:04 +02:00
Jouni Malinen
c5c2d942c5 P2P: Cancel offchannel TX wait on PD Response TX status
PD Response is sent out using a 200 ms offchannel wait, but that wait
was not cancelled on TX status report. This could result in offchannel
operation being left waiting unnecessarily long. Fix this by making the
P2P_NO_PENDING_ACTION case in Action TX callback cancel the wait if a
pending wait is marked (and mark this for PD Response).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-27 16:38:27 +02:00
Sunil Dutt Undekari
1578796a31 TDLS: Work around interop issues with supported operating class
It looks like some deployed devices may send an invalid supported
operating class element (length = 0) in TDLS Setup messages. With
cfg80211, this results in the NL80211_CMD_SET_STATION command failing
due to an invalid argument (cfg80211 mandates supported operating
classes information to have a length of 2..253 octets).

Work around this interop issue by ignoring the Supported Operating Class
element if it has invalid length.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-27 16:38:14 +02:00
Jouni Malinen
b61e70c4f3 HS 2.0R2: Add WFA server-only EAP-TLS server method
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:25 +02:00
Jouni Malinen
8d2a9921af HS 2.0R2: RADIUS server support to request Subscr Remediation
The new hostapd.conf parameter subscr_remediation_url can be used to
define the URL of the Subscription Remediation Server that will be added
in a WFA VSA to Access-Accept message if the SQLite user database
indicates that the user need subscription remediation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:25 +02:00
Jouni Malinen
ae6d15c722 HS 2.0R2 AP: Add OSU Providers list ANQP element
hostapd can now be configured to advertise OSU Providers with the
new osu_* confgiuration parameters.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:25 +02:00
Jouni Malinen
f7bd7a01a8 HS 2.0R2 AP: Add Icon Request and Icon binary File ANQP elements
hostapd can now be configured to provide access for icon files
(hs20_icon config file parameter) for OSU. The hs20_icon data contains
additional meta data about the icon that is not yet used, but it will be
needed for the OSU Providers list ANQP element.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:25 +02:00
Jouni Malinen
97596f8ed4 HS 2.0R2 AP: Add support for Session Info URL RADIUS AVP
If the authentication server includes the WFA HS 2.0 Session Info URL
AVP in Access-Accept, schedule ESS Disassociation Imminent frame to be
transmitted specified warning time prior to session timeout.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
8e1146d9da HS 2.0R2 AP: Add support for deauthentication request
If the RADIUS server includes deauthentication request in Access-Accept,
send a WNM-Notification frame to the station after 4-way handshake and
disconnect the station after configurable timeout.

A new control interface command, WNM_DEAUTH_REQ, is added for testing
purposes to allow the notification frame to sent based on local request.
This case does not disconnect the station automatically, i.e., a
separate control interface command would be needed for that.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
a14896e8bb HS 2.0R2 AP: Add OSEN implementation
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
6ca0853d18 HS 2.0R2 AP: Use Subscr Remediation request from RADIUS server
If the RADIUS server includes the WFA RADIUS VSA in Access-Accept to
indicate need for subscription remediation, copy the server URL from
the message and send it to the station after successfully completed
4-way handshake (i.e., after PTK is set to allow PMF to work) in a
WNM-Notification.

AP must not allow PMKSA caching to be used after subscription
remediation association, so do not add the PMKSA cache entry whenever
the authentication server is indicating need for subscription
remediation. This allows station reassociation to use EAP authentication
to move to non-remediation connection.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
7bc9c25d1f HS 2.0R2 AP: Add STA's Hotspot 2.0 Release Number into Access-Request
If the station indicated support for Hotspot 2.0, send its release
number and PPS MO ID in Access-Request messages using the WFA RADIUS
VSA.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
76579ec75f HS 2.0R2 AP: Add AP Hotspot 2.0 Release Number as WFA RADIUS VSA
The Access-Request frames are used to inform the RADIUS server about the
Hotspot 2.0 release number supported by the AP.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
0dd100fb40 HS 2.0R2 AP: Add definition and helper function for WFA RADIUS VSA
These changes make it easier to add WFA vendor specific attributes
to RADIUS messages.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
3fb17a9530 HS 2.0R2 AP: Add WNM-Notification Request for Subscription Remediation
Subscription remediation notification can now be sent from hostapd with:
hostapd_cli hs20_wnm_notif 02:00:00:00:00:00 http://example.com/foo/

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
d5d24784e6 HS 2.0R2 AP: Update HS 2.0 Indication element to Release 2
The HS 2.0 Indication element from hostapd now includes the release
number field and the new ANQP Domain ID field. This ID can be configured
with anqp_domain_id parameter in hostapd.conf.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
76a55a8e12 HS 2.0R2: Add more debug to network selection
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
28f2a7c407 HS 2.0R2: Allow excluded network to be selected based on user override
Move excluded SSID filtering step to the end of credential validation
process and return list of BSSes that would otherwise have matching
credentials, but have an excluded SSID. Automatic network selection will
not select such a network, but interworking_connect command can be used
to pick excluded networks.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
8e5fdfabf6 HS 2.0R2: Add WFA server-only EAP-TLS peer method
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
df0f01d91f HS 2.0R2: Add OSEN client implementation
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
a5d75636f9 HS 2.0R2: Add common OSEN definitions
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
1d2215fc67 HS 2.0R2: Add OSU Providers list ANQP element
wpa_supplicant can now request OSU Providers list with "hs20_anqp_get
<BSSID> 8".

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
184e110caf HS 2.0R2: Add Icon Request and Icon binary File ANQP elements
wpa_supplicant can request OSU icon data with "hs20_icon_request <BSSID>
<icon filename>". This transmits an Icon Request ANQP element and
processes the response in Icon Binary File ANQP elements.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
7ef6947993 HS 2.0R2: Add STA support for Deauthentication Request notification
If requested, disable the network based on the HS 2.0 deauthentication
request.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
95a3ea9426 HS 2.0R2: Add WNM-Notification Request for Subscription Remediation
Subscription remediation notification WNM-Notification Request is now
shown in the following way in wpa_supplicant control interface:
<3>HS20-SUBSCRIPTION-REMEDIATION http://example.com/foo/

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
f9cd147d6b HS 2.0R2: Update Indication element to Release 2
The HS 2.0 Indication element from wpa_supplicant now includes the
release number field and wpa_supplicant shows the release number of the
AP in STATUS command (hs20=1 replaced with hs20=<release>).

The new update_identifier field in the cred block can now be used to
configure the PPS MO ID so that wpa_supplicant adds it to the Indication
element in Association Request frames.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:22 +02:00
Jouni Malinen
ae6f927258 nl80211: Add driver capability for GTK_NOT_USED
Many drivers support operation without GTK configured, but most (if any)
today do not advertise this. Handle this by skipping GTK cipher suite
configuration if the driver did not advertise support in order to work
around cfg80211 validation steps.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:22 +02:00
Jouni Malinen
8c9cb81fb7 DFS: Fix coding style (missing whitespace)
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-25 16:47:22 +02:00
Janusz Dziedzic
4f1e01b8e3 DFS: Add VHT160 available channels
Add VHT160 available channels we can choose from when having detected a
radar event.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2014-02-25 16:46:17 +02:00
Janusz Dziedzic
b8058a69b0 hostapd: DFS allow mixed channels
Allow mixed DFS and non-DFS channels, e.g., VHT160 on channels 36-64.
This is useful for testing VHT160 with mac80211_hwsim.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2014-02-25 16:45:11 +02:00
Janusz Dziedzic
4db216fcf7 wpa_supplicant: Add support for IPv6 with UDP ctrl_iface
Add IPv6 support when using udp/udp-remote control interface using the
following new build configuration options:

CONFIG_CTRL_IFACE=udp6
CONFIG_CTRL_IFACE=udp6-remote

This is useful for testing, while we don't need to assign IPv4 address
(static or using DHCP) and can just use auto configured IPv6 addresses
(link local, which is based on the MAC address). Also add scope id
support for link local case.

For example,
./wpa_cli
./wpa_cli -i ::1,9877
./wpa_cli -i fe80::203:7fff:fe05:69%wlan0,9877

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2014-02-25 16:43:01 +02:00
Emanuel Taube
064eb057ca Add os_remove_in_array()
This can be used to remove members from an array.

Signed-off-by: Emanuel Taube <emanuel.taube@gmail.com>
2014-02-25 16:10:29 +02:00
Jouni Malinen
c1151e47d5 Force OFDM/HT/VHT to be disabled on channel 14
The regulatory rules in Japan do not allow OFDM to be used on channel
14. While this was to some extend assumed to be enforced by drivers
(many of which apparently don't), it is safer to make hostapd enforce
this by disabling any OFDM-related functionality. This tries to avoid
backwards compatibility issues by downgrading the mode rather than
rejecting the invalid configuration.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-25 13:55:10 +02:00
Jouni Malinen
bfb79dde63 nl80211: Show regulatory rule flags in debug output
These can be useful in understanding why some channels are disabled.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-25 13:55:07 +02:00
Chaitanya T K
3d7ad2f681 hostapd: Configure spectrum management capability
Add configuration of Spectrum Management subfield in the Capability
Information of Beacon, Probe Response, and Association Response frames.
Spectrum Management bit is set when directly requested by new
configuration option spectrum_mgmt_required=1 or when AP is running on
DFS channels. In the future, also TPC shall require this bit to be set.

Signed-hostap: Srinivasan <srinivasanb@posedge.com>
Signed-hostap: Chaitanya T K <chaitanyatk@posedge.com>
Signed-hostap: Marek Puzyniak <marek.puzyniak@tieto.com>
2014-02-25 00:54:59 +02:00
Srinivasan B
e0392f825d hostapd: Add Power Constraint element
Add Power Constraint information element to Beacon and Probe Response
frames when hostapd is configured on 5 GHz band and Country information
element is also added. According to IEEE Std 802.11-2012 a STA shall
determine a local maximum transmit power for the current channel based
on information derived from Country and Power Constraint elements.

In order to add Power Constraint element ieee80211d option need to be
enabled and new local_pwr_constraint config option need to be set to
unsigned value in units of decibels. For now this value is statically
configured but the future goal is to implement dynamic TPC algorithm
to control local power constraint.

Signed-hostap: Srinivasan <srinivasanb@posedge.com>
Signed-hostap: Chaitanya T K <chaitanyatk@posedge.com>
Signed-hostap: Marek Puzyniak <marek.puzyniak@tieto.com>
2014-02-24 23:51:23 +02:00
Stefan Lippers-Hollmann
891330fda9 Fix spelling s/algorith/algorithm/
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
2014-02-24 23:40:01 +02:00
Jouni Malinen
329039869a WPS: Fix UNSUBSCRIBE error returns if NT or CALLBACK header is used
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-22 18:58:33 +02:00
Jouni Malinen
f34df28e93 WPS: Fix UNSUBSCRIBE to return 412 if no SID match found
UPnP-arch-DeviceArchitecture describe ErrorCode 412 to be used for the
case where no un-epxired subscription matches. This used to return 200
which is not strictly speaking correct even though it is unlikely to
cause any problems.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-22 18:58:33 +02:00
Jouni Malinen
80f256a568 WPS: Remove unnecessary filename NULL check
The caller of the GET parser is checking this already and the GET case
was the only one that ended up doing the duplicated validation step.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-22 14:07:23 +02:00
Rahul Jain
aef5047acc P2P: Fix missing eloop_cancel_timeout in invitation trigger
When a Probe Request frame from an invitation peer is received, a timer
is schedule to start invitation. However, this could have been scheduled
multiple times (once per Probe Request frame) which is undesirable since
only a single invitation should be initiated.

Signed-off-by: Rahul Jain <rahul.jain@samsung.com>
2014-02-21 13:54:09 +02:00
Jouni Malinen
3cdcb3a4b3 tests: Add module tests for WPS attribute parsing
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-21 13:41:30 +02:00
Jouni Malinen
da179bd0e1 WPS: Fix parsing of 0-length WFA vendor extension subelement
The previous parser would have skipped a WFA vendor extension attribute
that includes only a single zero-length subelement. No such subelement
has been defined so far, so this does not really affect any
functionality, but better make the parser address this correctly should
such an element ever be added.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-21 13:08:08 +02:00
Jouni Malinen
211d7ab3d8 P2P: Add even more debug prints for Probe Request in non-Listen state
It looks like discovery_dev_id test case can still fail and based on the
previously added debug prints, this is happening since the P2P module
believes it is not in Listen state even when a P2P_LISTEN was issued.
p2p_listen_cb() did not get called on remain-on-channel event for some
reason, so lets add more debug to find out why this can happen.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-20 16:59:29 +02:00
Anders Kaseorg
9e38836427 wpa_debug: Remove 2048 byte message length limit
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2014-02-20 16:32:26 +02:00
Jithu Jance
f667e031c9 P2P: Address few issues seen with P2P SD
Suppose we have multiple peers and we have peers advertising SD
capability, but no services registered for advertising. In this case,
even if there are multiple broadcast queries set, we might end up
sending only the lastly added broadcast query to the same device (since
SD_INFO won't get set for the first broadcast query). Add support for
multiple wildcard queries to be tracked to enable this type of use
case.

Some times it is seen that before advancing to next device in the list,
the scan results come and update SD_SCHEDULE flag. This will result in
sending the already sent query to the same device without giving chance
to other devices. This issue again is seen with peer devices advertising
SD capability without any services registered.

Signed-off-by: Jithu Jance <jithu@broadcom.com>
2014-02-20 16:32:12 +02:00
Dmitry Shmidt
e9a6f18385 TLS: Add tls_disable_tlsv1_1 and tls_disable_tlsv1_2 phase1 params
These can be used to disable TLSv1.1 and TLSv1.2 as a workaround for AAA
servers that have issues interoperating with newer TLS versions.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-02-20 15:28:57 +02:00
Jouni Malinen
cb10c7d12d RADIUS DAS: Add support for NAS identification attributes
This allows NAS-IP-Address, NAS-Identifier, and NAS-IPv6-Address to be
included in the Disconnect-Request packets.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-20 13:55:36 +02:00
Jouni Malinen
0d7c5e1dfc RADIUS DAS: Remove PMKSA entry on Disconnect-Request
When a station is disconnected based on Disconnect-Request, it is better
to force the station to go through full EAP authentication if it tries
to reconnect.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-20 13:26:22 +02:00
Jouni Malinen
d87a6acdf5 WPS: Fix STA state validation when processing PutWLANResponse
It is possible for an ER to send an unexpected PutWLANResponse action
when the destination STA is in disassociated, but not fully
deauthenticated state. sta->eapol_sm can be NULL in such state and as
such, it would be possible to hit a NULL pointer dereference in the
eapol_auth_eap_pending_cb() call at the end of the
hostapd_wps_probe_req_rx() when trying to proxy the WPS message to the
station. Fix this by validating that sta->eapol_sm is set before
processing the message.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-19 23:51:55 +02:00
Jouni Malinen
b62d5b5450 Revert "OpenSSL: Do not accept SSL Client certificate for server"
This reverts commit 51e3eafb68. There are
too many deployed AAA servers that include both id-kp-clientAuth and
id-kp-serverAuth EKUs for this change to be acceptable as a generic rule
for AAA authentication server validation. OpenSSL enforces the policy of
not connecting if only id-kp-clientAuth is included. If a valid EKU is
listed with it, the connection needs to be accepted.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-19 13:22:49 +02:00
Jouni Malinen
a5527a49e8 P2P: Add more debug prints for Probe Request processing
It can be helpful to see from the debug log why the P2P Device role did
not reply to a Probe Request frame.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-17 11:43:53 +02:00
Jouni Malinen
38ecb06e16 Convert RADIUS debug dumps to use wpa_printf()
This allows the debug dumps of RADIUS messages to be captured through
normal wpa_printf() mechanisms.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-15 21:39:31 +02:00
Jouni Malinen
a0ac572611 EAP-SIM DB: Remove client socket file on connect() error
If the connection from hostapd authentication server to hlr_auc_gw fails
due to hlr_auc_gw not running yet, the local socket file was left
behind. Delete the socket file on connect() failure path.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-15 21:39:31 +02:00
Jouni Malinen
a1dd890a85 RADIUS: Add minimal accounting server support
This can be used to test RADIUS Accounting in hostapd.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-15 16:26:48 +02:00
Jouni Malinen
22dd2d7a98 Fix MSCHAP UTF-8 to UCS-2 conversion for three-byte encoding
This fixes issues in using a password that includes a UTF-8 character
with three-byte encoding with EAP methods that use NtPasswordHash
(anything using MSCHAPv2 or LEAP).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-15 12:06:35 +02:00
Jouni Malinen
a9b08adacf Remove unused crypto_bignum_rshift()
Commit bf4f5d6570 removed the only user of
this function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-15 11:31:20 +02:00
Ilan Peer
be24917df6 nl80211: Use nl80211_set_iface_id() to get hw features data
Use nl80211_set_iface_id() in wpa_driver_nl80211_get_hw_feature_data(),
as otherwise the function fails for a P2P Device interface (which does
not have a netdev associated with it).

Signed-hostap: Ilan Peer <ilan.peer@intel.com>
2014-02-14 19:30:27 +02:00
Marek Kwaczynski
8a45811638 hostapd: Add Operating Mode Notification support
Handle Operating Mode Notification received in (Re)Association Request
frames.

Signed-hostap: Marek Kwaczynski <marek.kwaczynski@tieto.com>
2014-02-14 19:30:05 +02:00
Eytan Lifshitz
6ceb95c950 Avoid NULL dereference in ieee802_1x_get_mib_sta() printf
In function ieee802_1x_get_mib_sta(), eap_server_get_name() may return
NULL, and it could be dereferenced immidiately by os_snprintf() (if the
snprintf implementation does not handle NULL pointer).

Signed-hostap: Eytan Lifshitz <eytan.lifshitz@intel.com>
2014-02-13 15:58:21 +02:00
Eytan Lifshitz
97efe70b60 wpa_supplicant: Fix NULL dereference in tls_verify_cb()
In function tls_verify_cb(), X509_STORE_CTX_get_current_cert() may
return NULL, and it will be dereferenced by X509_get_subject_name().

Signed-hostap: Eytan Lifshitz <eytan.lifshitz@intel.com>
2014-02-13 15:58:21 +02:00
Eytan Lifshitz
c0c11afaf1 wpa_supplicant: Fix NULL dereference in eap_fast_parse_end()
In eap_fast_parse_end(), pos might be NULL if the line doesn't
contain '='.

Signed-hostap: Eytan Lifshitz <eytan.lifshitz@intel.com>
2014-02-13 15:58:21 +02:00
Eytan Lifshitz
93a1caece0 Remove unnecessary NULL check
In send_assoc_resp(), sta was checked for NULL, although it can't be
NULL.

Signed-hostap: Eytan Lifshitz <eytan.lifshitz@intel.com>
2014-02-13 15:58:17 +02:00
Max Stepanov
5479ff906c DFS: Avoid compiler warnings in src/ap/dfs.c
Initialize variables explicitly to avoid [-Wmaybeuninitialized] compiler
warning in hostapd_handle_dfs() and
hostapd_dfs_start_channel_switch_cac() functions.

Signed-hostap: Max Stepanov <Max.Stepanov@intel.com>
2014-02-13 15:44:37 +02:00
Dmitry Shmidt
7ac7fd43aa Add bssid/freq hint for driver-based BSS selection
This uses the new nl80211 attributes to allow the connect command to
provide bssid and freq hints to the driver without limiting roaming to
the specific BSS/frequency. This can be used by drivers that perform
internal BSS selection (WPA_DRIVER_FLAGS_BSS_SELECTION) as a candidate
for initial association.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-02-13 15:14:18 +02:00
Jouni Malinen
56ec49c540 Sync with wireless-testing.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2014-02-12.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-02-13 14:35:01 +02:00
Jouni Malinen
b64afe22aa Fix SAE state validation on AP
Confirm-before-commit validation step allowed execution to continue on
error case. This could result in segfault in sae_check_confirm() if the
temporary SAE data was not available (as it would not be, e.g., in case
of an extra SAE confirm message being received after successful
exchange). Fix this by stopping SAE processing immediately after
detecting unexpected state for confirm message. In addition, make the
public sae.c functions verify sae->tmp before dereferencing it to make
this type of bugs less likely to result in critical issues.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-12 17:46:33 +02:00
Jouni Malinen
825fb6b20b P2P: Do not indicate P2P_FIND failure if p2p_scan is in progress
It was possible to FAIL return for a P2P_FIND command that was issued
while an already started P2P_FIND operation was in the scan phase. This
can be confusing for upper layer software, so hide the failure report
from the ctrl_iface response. The previously started scan will continue
the find operation after this.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-11 12:29:39 +02:00
Jouni Malinen
8c18fcc237 WPS: Add more debug information to M7 AP Settings
This allows the AP Settings data to be included in debug log
(only with -K on command line).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-07 19:33:47 +02:00
Jouni Malinen
d7a15d5953 WPS: Indicate current AP settings in M7 in unconfigurated state
Previously, unconfigured state was forcing the best supported
authentication and encryption state to be shown in WPS messages,
including AP Settings in M7 in case the AP acts as an Enrollee. This is
not really correct for the AP Settings case, so change that one to
indicate the currently configured state.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-07 19:33:19 +02:00
Jouni Malinen
d55fc03ef6 P2P: Handle unexpected GO Neg Req reject message more cleanly
The mechanism of using Status attribute in GO Negotiation Request was
used in some early specification drafts, but it is not compliant with
the current P2P specification where GO Negotiation Request is used only
for the purpose of initiating a new GO Negotiation. However, some
deployed devices use it to indicate rejection of GO Negotiation in a
case where they have sent out GO Negotiation Response with status 1. The
P2P specification explicitly disallows this.

To avoid unnecessary interoperability issues and extra frames, mark the
pending negotiation as failed and do not reply to this GO Negotiation
Request frame. Previously, GO Negotiation Response frame with status=4
was sent back as an indication of the GO Negotiation Request frame being
invalid. This response is not sent anymore and the status code for the
P2P-GO-NEG-FAILURE event is changed from 4 (invalid parameters) to 11
(rejected by user) for this specific workaround case.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-07 16:26:59 +02:00
Jouni Malinen
334ec001bb Fix Beacon RX before AP setup completion
It is possible for the driver to report Beacon RX prior to hostapd
having completed AP mode setup, e.g., when changing country code. Beacon
frame processing for OLBC was not prepared for this and could trigger
segfault due to NULL pointer dereference. Fix this by ignoring the
Beacon frames received prior to completing interface setup when
determining OLBC updates.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-02-06 15:22:06 +02:00
Yun Park
72e7fb3fd9 nl80211: Fix regression in returning to AP mode after scan
Commit b1f625e0d8 extended
ap_scan_as_station to be able to distinguish between AP and P2P GO
iftypes. However, it did this in a way that completely lost the original
mode because drv->nlmode had already been replaced with the station
mode. Fix this by storing the correct old mode.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-05 22:53:59 +02:00
Jouni Malinen
a05e236b11 P2P: Do not re-start invitation on Probe Req RX if already ack'ed
If the peer device has already acknowledge receipt of the Invitation
Request frame, it is better not to re-start invitation by sending
another Invitation Request. This should not be needed since the peer
already has received the Invitation Request frame and sending the second
round in this type of sequence can cause issues with nl80211 offloaded
offchannel TX operations since driver_nl80211.c will lose the cookie
value for the first pending Action frame and may not be able to cancel
offchannel wait for it properly. this has been seen to trigger a failure
in the p2p_go_invite_auth test case with the scan failing due to GO
sending out Probe Response frame on incorrect channel (the channel used
in that not-cancelled Action TX).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-04 17:16:32 +02:00
Jouni Malinen
e8a1572532 The hostap.git master branch is now used for 2.2 development
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-02-04 16:10:44 +02:00
Jouni Malinen
0b5ff2ae12 WPS: Remove unused Credential AP Channel processing
Commit bd3a373767 added a mechanism to use
AP Channel attribute from within a Credential attribute to optimize
scans. However, this design is not actually used with the WPS NFC use
cases. With configuration token, the AP Channel attribute is in the same
container with the Credential attribute (and that was also handled in
the previous implementation). With connection handover, AP Channel
information is outside the Credential attribute as well.

Simplify implementation by removing the AP Channel within Credential
case. This allows wpas_wps_use_cred() to get the AP Channel from the
container instead of having to find this during credential iteration.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-04 13:23:35 +02:00
Jouni Malinen
1536cb5756 WPS: Remove unused 802.1X attribute parsing and processing
This is not really used in practice and there is no need to maintain
unsed code that would only print debug log entries.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-02-04 13:23:35 +02:00
Jouni Malinen
b37d582eaf Replace ieee802_11_print_ssid() with wpa_ssid_txt()
There is no need to maintain two different functions for printing out
ASCII text version of SSID.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-02-04 13:23:35 +02:00
Jouni Malinen
93ee3022dc Change version information for the 2.1 release
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-02-04 13:23:35 +02:00
Jouni Malinen
8597ebdbd4 Fix hostapd segfault on beacon hint event
Commit 795baf773f ('hostapd: Filter
channel list updated events after country code change') uses the
EVENT_CHANNEL_LIST_CHANGED data pointer, but it updated only one of the
callers to provide that data. NL80211_CMD_REG_BEACON_HINT event was
still sending the event without the initiator data and resulted in NULL
pointer dereference, e.g., if a scan was run while hostapd was running
and the driver was in world roaming state and enabled a channel for
active scans.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-03 19:34:59 +02:00
Masashi Honma
c69ed4dd49 bsd: Fix hostapd compiler warning
The hostapd compilation displays a below warning On NetBSD 6.1.2.

../src/drivers/driver_bsd.c:72:1: warning: 'get80211opmode' defined but not used

This patch solves it and moves other functions to appropriate position to
reduce #ifdef.

Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
2014-02-03 19:34:49 +02:00
Janusz Dziedzic
1412beeee9 nl80211: Show DFS region info in debug messages
Print DFS region info, if provided, when printing regulatory
information.

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2014-01-30 14:10:25 +02:00
Janusz Dziedzic
fd92413417 hostapd: Increase timeout for channel list update to 5 seconds
Before this patch, 1 second timeout was used for regulatory updates. In
some cases, specially when we reload driver modules on some slower
platforms this could take more than 1 second (about 2 seconds). This is
important specially for DFS case, where we have to have correct DFS
region before we will start CAC. In other case (unknown DFS region), CAC
will fail. 5 seconds should be enough for all cases.

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2014-01-30 14:05:14 +02:00
Johannes Berg
ff5e1d14af nl80211: Treat RSSI as part of each sched scan matchset
The original RSSI filter semantics for scheduled scan were
really confusing - a separate matchset was created, but it
wasn't actually treated as a separate matchset in the kernel
but rather used as the global RSSI value. The RSSI matchset
thus behaved like an RSSI filter outside of the matchsets,
being ANDed rather than ORed (as normal between matchsets.)

To make this less confusing, I changed the kernel API a bit
to actually treat the RSSI inside each matchset properly,
but keeping it compatible with the old approach by using a
matchset with only an RSSI value as the default for all the
other matchsets, and adding it as a separate matchset only
if it's the only one.

The proper way for wpa_supplicant to do this then would be
to add the RSSI to each SSID matchset, and only add another
matchset without SSID if there's none with.

However, to keep compatibility with older kernels, always
keep the non-SSID matchset and only add the RSSI to all the
other matchsets. This gets close to the desired behaviour,
the only difference would be that we shouldn't add the RSSI
matchset if there are others, but stays compatible with old
and new kernels, as new ones ignore the RSSI-only matchset
if there are others and those others have an RSSI.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2014-01-30 14:03:53 +02:00
Eytan Lifshitz
04c366cb1d Fix memory leaks and wrong memory access
1. In wpa_config_process_bgscan() fix memory leak after
   calling wpa_config_parse_string()
2. In hostapd_config_defaults(), on failure to allocate bss->radius,
   conf->bss was not freed.
3. In p2p_deauth_nofif(), memory allocated in p2p_parse_ies() was not
   freed in case of NULL minor_reason_code.
4. In p2p_disassoc_nofif(), memory allocated in p2p_parse_ies() was
   not freed in case of NULL minor_reason_code.
5. In p2p_process_go_neg_conf(), memory allocated was not freed in
   case that the P2P Device interface was not waiting for a
   GO Negotiation Confirm.
6. In wpa_set_pkcs11_engine_and_module_path(), the wrong pointer was
   checked.

Signed-hostap: Eytan Lifshitz <eytan.lifshitz@intel.com>
2014-01-30 14:01:31 +02:00
Michal Kazior
4b0f2282cb nl80211: Fix channel switching with VHT80
It is possible for channel switch notification to be missing channel
type attribute. This is true at least for VHT80. This led to
iface->conf->secondary_channel being set to 0. This in turn made
subsequent DFS-triggered CSA to fail due to invalid frequency
parameters.

Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
2014-01-30 13:58:48 +02:00
Shital Jaju
e28f39b7e9 nl80211: Verify that ifindex attribute is included in survey
This checks if the NL80211_ATTR_IFINDEX attribute is present before
trying to get the value of interface index.

Signed-hostap: Shital Jaju <shitalj@broadcom.com>
2014-01-30 13:44:07 +02:00
Jouni Malinen
91226e0d12 WPS: Add testing option to corrupt public key hash
If CONFIG_WPS_TESTING=y is enabled in build configuration, the new
wps_corrupt_pkhash parameter (similar to wps_testing_dummy_cred) can be
used to request public key hash to be corrupted in all generated OOB
Device Password attributes. This can be used for testing purposes to
validate public key hash validation steps.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:31 +02:00
Jouni Malinen
d2f18378e1 WPS NFC: Add BSSID and AP channel info to Configuration Token
This information can help the Enrollee to find the AP more quickly with
an optimized scan.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:31 +02:00
Jouni Malinen
75dbf98157 WPS-STRICT: Update valid Device Password ID and Config Error range
Accept the new values defined for WPS NFC.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:31 +02:00
Jouni Malinen
8e9f53c367 P2P NFC: Static handover with NFC Tag on client
This adds a new P2P Invitation mechanism to invite a P2P Device with an
NFC Tag to an already operating group when the GO with NFC Device reads
the NFC Tag. The P2P Device with the NFC Tag will then accept invitation
and connect to the group automatically using its OOB Device Password.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
dd87677115 P2P NFC: Enable own NFC Tag on GO Registrar
When "P2P_SET nfc_tag 1" is used to enable the own NFC Tag for P2P, also
enable it for any running GO interface.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
abe44e3ca2 P2P NFC: Add GO info into handover message when in client role
P2P Group ID can optionally be included in the connection handover
messages when acting as a P2P Client in a group. Add this information
and show it in the P2P-NFC-PEER-CLIENT event message.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
23318bea94 P2P NFC: Optimize join-a-group operation based on NFC information
When the NFC connection handover message received from a peer indicates
that the peer is operating as a GO on a specific channel, use that
information to avoid having to go through full scan. In addition, skip
the separate join-a-group scan since we already know the operating
channel, GO P2P Device Address, and SSID.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
ac08752d28 WPS NFC: Use pubkey mismatch config error from Enrollee
This was already done for Registrar, but the Enrollee case did not
set config error properly if Registrar public key did not match the
hash received during NFC connection handover.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
59b45d1afe P2P NFC: Add processing of P2P client while NFC handover case
Instead of automatically triggering a connection, provide an indication
of one of the devices being a P2P client to upper layers to allow user
to determine what to do next.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
74df9ecd4a P2P NFC: Do not try to join peer if both devices are already GO
Send a P2P-NFC-BOTH-GO event to upper layers to determine what to
do in case both devices going through NFC connection handover are
already operating as a GO.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
25ef8529c1 P2P: Add support for IP address assignment in 4-way handshake
This new mechanism allows P2P Client to request an IPv4 address from the
GO as part of the 4-way handshake to avoid use of DHCP exchange after
4-way handshake. If the new mechanism is used, the assigned IP address
is shown in the P2P-GROUP-STARTED event on the client side with
following new parameters: ip_addr, ip_mask, go_ip_addr. The assigned IP
address is included in the AP-STA-CONNECTED event on the GO side as a
new ip_addr parameter. The IP address is valid for the duration of the
association.

The IP address pool for this new mechanism is configured as global
wpa_supplicant configuration file parameters ip_addr_go, ip_addr_mask,
ip_addr_star, ip_addr_end. For example:

ip_addr_go=192.168.42.1
ip_addr_mask=255.255.255.0
ip_addr_start=192.168.42.2
ip_addr_end=192.168.42.100

DHCP mechanism is expected to be enabled at the same time to support P2P
Devices that do not use the new mechanism. The easiest way of managing
the IP addresses is by splitting the IP address range into two parts and
assign a separate range for wpa_supplicant and DHCP server.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:26 +02:00
Jouni Malinen
fdd48ff6e0 P2P NFC: Optimize GO Negotiation retries
When NFC connection handover is used to trigger GO Negotiation, the
channel used for the GO Negotiation frames is already known. As such,
there is no need to use the Listen operations to find the peer.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:56 +02:00
Jouni Malinen
c4f87a701b P2P NFC: Add NFC tag enabling for static handover
The device with the NFC Tag can be configured to enable NFC to be used
with "P2P_SET nfc_tag 1" and "P2P_LISTEN" commands to allow static
handover to be used.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:56 +02:00
Jouni Malinen
db6ae69e6b P2P NFC: Report connection handover as trigger for P2P
"NFC_REPORT_HANDOVER {INIT,RESP} P2P <req> <sel>" can now be used to
report completed NFC negotiated connection handover in which the P2P
alternative carrier was selected.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:56 +02:00
Jouni Malinen
9358878055 P2P NFC: Build connection handover messages
"NFC_GET_HANDOVER_{REQ,SEL} NDEF P2P-CR" can now be used to build P2P
alternative carrier record for NFC connection handover request/select
messages.

Static connection handover case can be enabled by configuring the DH
parameters (either with wps_nfc_* configuration parameters or with
WPS_NFC_TOKEN command at run time. The NFC Tag contents can be generated
with "NFC_GET_HANDOVER_SEL NDEF P2P-CR-TAG" after having configured
Listen channel (p2p_listen_reg_class/p2p_listen_channel).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:56 +02:00
Jouni Malinen
c00ab85f7e P2P NFC: Define WPS_NFC config method
This will be used to track NFC as config method in P2P operations.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:56 +02:00
Jouni Malinen
0deab087cd P2P NFC: Allow separate WPS/P2P IES to be parsed
This will be needed for processing the NFC connection handover messages
for P2P.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:56 +02:00
Jouni Malinen
fca9958607 P2P NFC: Pass OOB Dev Password through P2P parser
This will be needed for processing the NFC connection handover messages
for P2P.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:56 +02:00
Jouni Malinen
ab9e34426f P2P NFC: Pass OOB Device Password ID to P2P
GO Negotiation needs to know which OOB Device Password ID is assigned
for the peer when NFC is used as the trigger.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:56 +02:00
Jouni Malinen
5154689468 P2P NFC: Add WPS attribute building for P2P NFC
These functions can be used to build the WPS attributes for P2P NFC
connection handover messages.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
01afd8dbd7 P2P NFC: Add NDEF helpers for P2P connection handover messages
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
9e323a24cd P2P NFC: Add OOB GO Negotiation Channel attribute
Add definition and helper functions for the new OOB GO Negotiation
Channel attribute.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
14d8645f63 WPS NFC: Allow BSSID and channel to be included in handover select
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
50d1f8901c NFC: Update WPS ER to use the new connection handover design
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
fa4c2988ae WPS NFC: Process new style handover select
The new WPS connection handover select includes Registrar public key
hash instead of credential. Use the new information to start
abbreviated WPS handshake instead of configuring a new network directly
from the old Credential-from-NFC design.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
068cdb1d98 WPS NFC: New style connection handover select from AP/Registrar
The contents of the WPS connection handover select message was modified
to include the Registrar public key hash instead of the credential.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
3189ca055d WPS NFC: Add AP mode connection handover report
The new NFC connection handover design requires the AP/Registrar to
process the connection handover request message received from the
Enrollee. Add control interface commands for handling this.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
41f9ffb635 WPS NFC: Build new style carrier record for connection handover request
It is more useful to be able to build a single NFC carrier record
instead of the full connection handover request message to allow
external components to decide whether to negotiate which alternative
carrier is used. This updates the carrier record contents to the new
design to include Enrollee public key hash and provides this as a
carrier record instead of full message. An external program is expected
to be used to build the full NFC connection handover message with
potentially other alternative carrier records included.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
3f1639da57 WPS NFC: Split DH key generation to a separate function
This allows DH key generation to be shared for other purposes than just
the case of OOB Device Password building. In addition, force the DH
public key buffer to be full 192 octets with zero padding to avoid
issues with the buffer being used in messages sent to a peer device.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
975491793b WPS NFC: Update NFC connection handover design
The new Device Password ID 7 is used to indicate that NFC connection
handover is used with DH public key hash from both devices being
exchanged over the NFC connection handover messages. This allows an
abbreviated M1-M2 handshake to be used since Device Password does not
need to be used when DH is authenticated with the out-of-band
information (validation of the public key against the hash).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
34b6795015 WPS NFC: Use abbreviated handshake if both PK hashes delivered OOB
When both the Registrar and Enrollee public key hashes are delivered
out-of-band (in NFC connection handover), use abbreviated WPS handshake
(skip M3-M8).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
5f4545573f WPS NFC: Validate peer public key hash on Enrollee
Since the Enrollee can now get the public key hash from the Registrar,
there is need to validate this during the WPS protocol run.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
ff40cd6dd1 WPS NFC: Send M2D with config error 20 on pkhash mismatch
Instead of terminating the WPS protocol immediately, go through an M2D
exchange to notify Enrollee of the public key hash mismatch.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
e435417eef WPS: Remove Version attribute from NFC messages
This old Version attribute is not really needed anymore for these use
cases with the assumption that there are no existing WPS+NFC
deployments. It was removed from the WSC specification, so make the
implementation match that change.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
72403ecef7 WPS: Add builder functions for AP Channel and RF Bands attributes
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
ea43ad960b P2P: Make group operating channel available
Provide local GO channel to the P2P module so that it can be used in
messages that indicate the current operating channel.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
9f7cd9ae8a P2P: Split add-group-info into a helper function
This functionality is needed for other messages, too, so split the group
info building code into a separate helper function.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Arif Hussain
253f2e3795 P2P: Apply unsafe frequency rules to available channels
This adds a QCA vendor specific nl80211 event to allow the driver to
indicate a list of frequency ranges that should be avoided due to
interference or possible known co-existance constraints. Such
frequencies are marked as not allowed for P2P use to force groups to be
formed on different channels.

If a P2P GO is operating on a channel that the driver recommended not to
use, a notification about this is sent on the control interface and
upper layer code may decide to tear down the group and optionally
restart it on another channel. As a TODO item, this could also be changed
to use CSA to avoid removing the group.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 11:49:05 +02:00
Jouni Malinen
1682c62360 Add a header file defining QCA OUI and vendor extensions
This file is used as a registry of identifier assignments from the
Qualcomm Atheros OUI 00:13:74 for purposes other than MAC address
assignment. One of the first uses will be for nl80211 vendor
commands/events which is reason for the preparation change in
driver_nl80211.c

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-24 15:58:00 +02:00
Jouni Malinen
c5a64e2d51 GAS client: Use Protected Dual of Public Action frames with PMF
When GAS is used with PMF negotiated, Protected Dual of Public Action
frames are expected to be used instead of Public Action frames, i.e.,
the GAS/ANQP frames are expected to be encrypted. Conver Public Action
GAS queries to use Dual of Public Action frame if PMF has been
negotiated with the AP to which the frame is being sent.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-23 11:50:28 +02:00
Jouni Malinen
5ce00d09c0 GAS server: Add support for Protected Dual of Public Action frames
When GAS is used with PMF negotiated, Protected Dual of Public Action
frames are expected to be used instead of Public Action frames, i.e.,
the GAS/ANQP frames are expected to be encrypted. Add support for this
different category of Action frames being used for GAS. The payload
after the Category field is identical, so the only change is in using
the Category field based on what was received in the request frames. For
backwards compatibility, do not enforce protected dual to be used on the
AP side, i.e., follow what the station does.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-23 11:19:55 +02:00
Jouni Malinen
e24fe94126 Add definitions for Protected Dual of Public Action frames
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-23 11:19:55 +02:00
Jouni Malinen
7b2c42f8b9 hostapd: Fix PMF robust Action frame processing rules
Due to misplaced parenthesis, unprotected not-Robust Action frames
(e.g., Public Action frames) were dropped in handle_assoc() when such
frames were received during an association that had negotiated use of
PMF. This is not correct since only unprotected Robust Action frames
were supposed to be handled in this way.

This would have broken any Public Action frame use during PMF
association, but such frames were not really supposed to be used
currently (ANQP as the only possible use case should really use
protected dual option in such case).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-23 10:24:21 +02:00
Max Stepanov
080cc445df nl80211: Fix sizeof check in vendor command/event handling
Fix sizeof in a validity comparison of nl80211_vendor_cmd_info size. The
incorrect version happened to work on 64-bit builds due the structure
being eight octets, but this was incorrect and would not used with
32-bit builds.

Signed-hostap: Max Stepanov <Max.Stepanov@intel.com>
2014-01-22 19:30:20 +02:00
Ilan Peer
a487b35572 hostapd: Fix segmentation fault when calling hostapd_cli all_sta
While iterating over the stations hostapd_ctrl_iface_sta_mib()
might be called with sta == NULL. Fix this.

Signed-hostap: Ilan Peer <ilan.peer@intel.com>
2014-01-22 19:28:57 +02:00
Dmitry Shmidt
dcdd3838ef P2P: Reduce peer expiration age to 60 sec and allow customization
The new default value (from 300 to 60 seconds) makes the internal P2P
peer list somewhat faster to react to peers becoming unreachable while
still maintaining entries for some time to avoid them disappearing
during user interaction (e.g., selecting a peer for a connection or
entering a PIN).

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-01-21 16:24:40 +02:00
Rashmi Ramanna
a2d6365760 P2P: Extend the listen time based on the active concurrent session
A P2P Device while in the Listen state waiting to respond for the
obtained group negotiation request shall give a fair chance for other
concurrent sessions to use the shared radio by inducing an idle time
between the successive listen states. However, if there are no
concurrent operations, this idle time can be reduced.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-20 22:55:09 +02:00
Po-Lun Lai
3eaaca1a0b P2P: Allow GO Negotiation Request to update peer entry after PD
Previously, GO Negotiation Request frame was used to update a peer entry
if only a Probe Request from that peer had been received. However, it
would be possible, even if unlikely, for a peer to be discovered based
on receiving Provision Discovery Request frame from it and no Probe
Request frame. In such a case, the Listen frequency of the peer would
not be known and group formation could not be (re-)initialized with that
peer. Fix this by allowing the GO Negotiation Request frame to update
peer entry if the current peer entry does not include Listen or
Operating frequency.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-17 19:35:03 +02:00
Jithu Jance
a691d99ff5 P2P: Don't expire the peer, if GO Negotiation is in progress
This adds one more case of active P2P peer detection so that
p2p_expire_peers() cannot hit a case where a GO Negotiation peer would
be removed.

Signed-hostap: Jithu Jance <jithu@broadcom.com>
2014-01-17 11:53:33 +02:00
Sunil Dutt
efc64886b8 nl80211: Pass station supported channel and oper class info
Pass station supported channel and operating class information to kernel
for TDLS peers.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>x
2014-01-14 17:24:33 +02:00
Sunil Dutt
3ed97271ba TDLS: Pass peer's Supported channel and oper class info during sta_add
The information of the peer's supported channel and operating class
is required for the driver to do TDLS off channel operations with a
compatible peer. Pass this information to the driver when the peer
station is getting added.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-14 17:24:33 +02:00
Janusz Dziedzic
eed65aad14 hostapd: DFS setup seg0 correctly for HT40-
Fix seg0 calculation for HT40+/HT40-.

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2014-01-14 17:14:13 +02:00
Janusz Dziedzic
25592b236b hostapd: DFS/CSA check if CSA in progress
Check if CSA is already in progress, before triggering a new channel
switch.

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2014-01-14 17:13:50 +02:00
Jouni Malinen
c60ba9f7ab Skip network disabling on expected EAP failure
Some EAP methods can go through a step that is expected to fail and as
such, should not trigger temporary network disabling when processing
EAP-Failure or deauthentication. EAP-WSC for WPS was already handled as
a special case, but similar behavior is needed for EAP-FAST with
unauthenticated provisioning.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 16:42:15 +02:00
Jouni Malinen
7185e16a91 EAP-FAST peer: Make debug clearer on missing pac_file configuration
EAP-FAST requires pac_file to be configured, so make it clearer from the
debug output if missing configuration parameter was the reason for
EAP-FAST initialization failing.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 10:25:58 +02:00
Jouni Malinen
7b88b64cd3 EXT PW: Fix hash return in password fetching
The hash return buffer was previously left uninitialized in case
externally stored password ("password=ext:...") was used. This could
result in MSCHAPv2 failure if that uninitialized memory happened to be
something else than zero.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 22:32:12 +02:00
Jouni Malinen
08081ad8ef hostapd: Skip full AP configuration validation on SET command
It is possible for the configuration to be temporarily invalid when
adding a new AP through SET commands followed by ENABLE. Avoid this
issue by using less strict validation on SET commands and perform full
configuration validation only on ENABLE. Use cases with configuration
file maintain their previous behavior, i.e., full validation after the
file has been read.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 20:23:56 +02:00
Arik Nemtsov
1785d2e912 P2P: Wait on GO Negotiation Confirm transmit
This reverts commit 792c8877c3
('P2P: Send GO Negotiation Confirm without wait').

Some drivers rely on the wait period for sending packets on the
off-channel. If the wait value is small, there's a race condition where
the driver ROC might complete before the packet was sent out. This
doesn't impede other drivers, as the wait is cancelled when a
Tx-completion arrives from the remote peer.

Signed-hostap: Arik Nemtsov <arik@wizery.com>
2014-01-07 16:28:44 +02:00
Eyal Shapira
472fa2168a P2P: Cancel action frame offchan wait after recv GO Neg Conf
The missing call to scan_action_done() may keep us off-channel for 250
ms following sending GO Negotiation Response. In case the operating
channel is different from this channel and we're GO, a race could lead
to start beaconing while off-channel. This could potentially cause the
Beacon frames to go out on incorrect channel with some drivers.

Signed-hostap: Eyal Shapira <eyal@wizery.com>
2014-01-07 16:12:03 +02:00
Jouni Malinen
bfdc2a3172 bsd: Fix NULL pointer dereference on error path
The error path in bsd_init() on struct bsd_driver_data allocation was
jumping to location where drv is dereferenced. That will crash and it is
easier to just return from the function since no cleanup steps are
needed in this case.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 15:58:01 +02:00
Masashi Honma
38bbd06ecf bsd: Prepare event buffer on init process
Currently these three steps runs for each event.
1. get buffer size via system
2. allocate a memory for event
3. free the memory

The wpa_supplicant receives 4 events from boot to be connected.
So this patch prepare the event buffer at the init process.

I have tested wpa_supplicant on NetBSD 6.1.2.
But I could not tested hostapd because I do not have AP enabled device.

Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
2014-01-07 15:56:06 +02:00
Jouni Malinen
90a545ccba nl80211: Clean up netlink parsing and debug prints
This makes the RTM_NEWLINK, RTM_DELLINK, and operstate debug messages
easier to understand.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:12 +02:00
Andrei Otcheretianski
991aa9c73f nl80211: Move CS supported flag to wpa_driver_capa
Replace channel_switch_supported flag of the
wpa_driver_nl80211_data by WPA_DRIVER_FLAGS_AP_CSA inside
wpa_driver_capa.flags. It makes more sense and also can
be accessed by wpa_supplicant.

Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2014-01-07 10:45:12 +02:00
Jouni Malinen
f0cbb986ff Add DRIVER-STATUS command for hostapd
This is just like the same command in wpa_supplicant, i.e., "hostapd_cli
status driver" can be used to fetch information about the driver status
and capabilities.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:12 +02:00
Jouni Malinen
188ebcd07b EAP-IKEv2 peer: Fix a memory leak in notify round
The plaintext notification needs to be freed after encryption.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
a190189d22 Remove PEAPv2 support
PEAPv2 implementation was not fully completed and there does not seem to
be any deployments of PEAPv2 nor any clear sign of such showing up in
the future either. As such, there is not much point in maintaining this
implementation in hostapd/wpa_supplicant.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
16a19ddae8 EAP-pwd peer: Allow fragmentation limit to be configured
The standard fragment_size network parameter can now be used to
configure EAP-pwd fragmentation limit instead of always using the
hardcoded value of 1020.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
60bf585cce EAP-IKEv2 peer: Allow fragmentation limit to be configured
The standard fragment_size network parameter can now be used to
configure EAP-IKEv2 fragmentation limit instead of always using the
hardcoded value of 1400.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
ea6fc58ccf WPS: Convert printf() debug print to use wpa_printf()
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
c4b8c71ba4 EAP-GPSK: Report CSuite negotiation failure properly
Setting methodState = DONE for the case where GPSK-1 is found to be
invalid or incompatible allows EAP state machine to proceed to FAILURE
state instead of remaining stuck until AP times out the connection.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
5a0f596b7b EAP-GPSK: Allow forced algorithm selection to be configured
phase1 parameter 'cipher' can now be used to specify which algorithm
proposal is selected, e.g., with phase1="cipher=1" selecting AES-based
design and cipher=2 SHA256-based. This is mainly for testing purposes,
but can also be used to enforce stronger algorithms to be used.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
5f01c3c84a EAP peer: Improve failure reporting from METHOD with no eapRespData
One of the RFC 4137 state transitions (METHOD -> FAILURE) had been
forgotten and this could result in EAP peer method processing not
reporting failure immediately and instead, remain stuck waiting for the
connection to time out. Fix this by adding the methodState == DONE &&
decision == FAIL case to allow immediate reporting of failures.

The condition from RFC 4137 as-is would cause problems for number of the
existing EAP method implementations since they use that in places where
the final message before EAP-Failure should really be sent to the EAP
server (e.g., WSC_Done in EAP-WSC). Address this by includng eapRespData
== NULL as an additional constraint for entering FAILURE state directly
from METHOD.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:11 +02:00
Jouni Malinen
a09ffd5f2f Fix req_scan-deplete-timeout and update eloop API for this
Commit e2f5a9889a was supposed to prevent
new scan request from pushing out the old one. However, it did not
really do that since eloop_deplete_timeout() returned 0 both for the
case where the old timeout existed (and was sooner) and if the old
timeout did not exist. It returned 1 only for the case where an old
timeout did exist and was larger than the new requested value. That case
used to result in wpa_supplicant_req_scan() rescheduling the timeout,
but hew code in eloop_deplete_timeout() did the exact same thing and as
such, did not really change anything apart from the debug log message.

Extend the eloop_deplete_timeout() (and eloop_replenish_timeout() for
that matter since it is very similar) to return three different values
based on whether the timeout existed or not and if yes, whether it was
modified. This allows wpa_supplicant_req_scan() to schedule a new
timeout only in the case there was no old timeout.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
1f965e622a Allow external programs to request wpa_radio work items
The new control interface command RADIO_WORK can be used by external
programs to request radio allocation slots from wpa_supplicant if
exclusive radio control is needed, e.g., for offchannel operations. If
such operations are done directly to the driver, wpa_supplicant may not
have enough information to avoid conflicting operations. This new
command can be used to provide enough information and radio scheduling
to avoid issues with such cases.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
e05e130837 P2P: Use radio work to protect offchannel Action frame exchanges
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:09 +02:00
Jouni Malinen
1b5d4714dd Use radio work for P2P scan requests
Avoid concurrent P2P scan requests with any other exclusive use of the
radio by using the radio work queuing mechanism. This removes some of
the earlier workarounds that postponed scans depending on other
operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:39:25 +02:00
Jouni Malinen
dd43aaa509 Add helper functions for cloning and freeing scan parameters
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:35:52 +02:00
Jouni Malinen
466bcf99c3 Remove some unnecessary EAPOL port (un)authorized callbacks
If the port status did not change or would not need to get an update
after portEnabled changes, there is no need to try to set the driver to
use the same value it is already using based on the previous state.
Remove such calls to reduce number of operations during reassociation.
In addition, this cleans up the debug log by removing unnecessary
duplicated entries.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-02 23:49:38 +02:00
Jouni Malinen
949938aadf Ask driver to report only new scan results if requested
If the BSS table within wpa_supplicant is flushed, request the driver to
flush its own scan result table during the next scan. This can avoid
unexpected old BSS entries showing up after BSS_FLUSH or FLUSH command
in cases where the driver may maintain its internal cache of scan
results (e.g., cfg80211 BSS table persists at least for 15 seconds).

In addition to doing this automatically on BSS_FLUSH/FLUSH, a new SCAN
command argument, only_new=1, can be used to request a manual scan
request to do same. Though, it should be noted that this maintains the
BSS table within wpa_supplicant. BSS_FLUSH followed by SCAN command can
be used to clear all BSS entries from both the driver and
wpa_supplicant.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-02 23:03:31 +02:00
Jouni Malinen
a1a31b6c3f Remove hostapd dump_file functionality
This debugging mechanism has now been deprecated by the control
interface commands that can be used to fetch same internal information
from hostapd in a more convenient way. Leave the empty USR1 signal
handler and configuration file parameter for backwards compatibility.
They can be removed in future versions of hostapd.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-02 18:15:07 +02:00
Jouni Malinen
ea23df652a Make EAPOL dump data available through ctrl_iface STA command
The per-STA/Supplicant state information from the EAPOL authenticator
is now available through "STA <MAC Address> eapol" command.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-02 17:49:48 +02:00
Jouni Malinen
96ea74b866 Convert EAPOL authenticator dump into easier to parse format
Use name=value entries one per each line and rename the state
entries to have unique names.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-02 17:37:21 +02:00
Jouni Malinen
f538be3e82 Add more STA information into the ctrl_iface STA command
This adds TX/RX statistics and information about association into the
per-STA data that is available through the hostapd control interface. In
addition, information about the EAP method is now included with the IEEE
802.1X data.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-02 16:58:14 +02:00
Jouni Malinen
101bdc2e8c Remove forgotten notes about already removed driver wrappers
These old driver wrappers have been removed quite some time ago, but
some of the build configuration notes were still describing how they
are configured.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-02 10:23:30 +02:00
Jouni Malinen
17b79e65a9 nl80211: Initial support for vendor commands and events
Print into the debug log the list of vendor commands and events that the
driver supports. In addition, add a generic handler for vendor events.
This can be extended for each vendor/subcmd.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-01 23:47:35 +02:00
Jouni Malinen
c64e3a08a9 P2P: Send received Presence Response information to ctrl_iface monitors
The P2P_PRESENCE_REQ command did not give any easily available
indication of the response received from the GO. Make this more useful
by providing such response (if received) as a ctrl_iface monitor event
(P2P-PRESENCE-RESPONSE).

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-01 18:44:44 +02:00
Jouni Malinen
f7fb676633 ACS: Mark acs_fail() static
This function is not used outside acs.c.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 22:30:49 +02:00
Jouni Malinen
3cf06c9e2c OpenSSL: Include sha1/sha256 header files to verify declarations
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 19:58:16 +02:00
Jouni Malinen
5ace51a48a WNM: Clean up le16 variable use to avoid sparse warnings
intval is marked le16 and should be used through proper byte order
conversion functions even if it ended up getting set correctly due to
the two operations cancelling each other.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 19:41:47 +02:00
Jouni Malinen
8cf1e68c02 Move declaration of hostapd_acs_completed() into correct header file
This function is in hw_features.c and as such, should be declared in
hw_features.h.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 19:34:43 +02:00
Jouni Malinen
0187c41d88 Declare wpa_debug_* variables in src/utils/wpa_debug.h
These were somewhat more hidden to avoid direct use, but there are now
numerous places where these are needed and more justification to make
the extern int declarations available from wpa_debug.h. In addition,
this avoids some warnings from sparse.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 19:29:52 +02:00
Jouni Malinen
fcc61230d1 Declare wpa_drivers in src/drivers/driver.h
This avoids some warnings from sparse.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 19:19:37 +02:00
Jouni Malinen
327b01d3d7 nl80211: Add driver param for forcing monitor and connect APIs
use_monitor=1 and force_connect_cmd=1 driver parameters can now be used
to force older monitor interface design and the connect API (SME in
driver) to increase hwsim testing coverage.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 15:45:18 +02:00
Jouni Malinen
6f06766e71 nl80211: Fix nl_mgmt handling in partial error case
If Action frame registration in nl80211_mgmt_subscribe_non_ap() failed
for any frame type, the previous implementation skipped
nl80211_mgmt_handle_register_eloop() call. This is not desirable since
none of the Action frame types could be received and even worse, the
following nl80211_destroy_eloop_handle() call for nl_mgmt would likely
result in crashing the process due to the ELOOP_SOCKET_INVALID XOR
operation. This could be triggered at least in a P2P group interface
startup failure case.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 15:45:18 +02:00
Jouni Malinen
4ea6a47133 nl80211: Prefer newer scan result over older during duplicate removal
Previously, it was possible for bss_info_handler() to end up dropping a
newer scan result entry if there were two entries with the same BSSID
and SSID (i.e., only frequency was different) and we were not associated
with either. This could happen, e.g., in some P2P use cases where device
discovery may happen on different channels. Fix this by checking the age
of the scan entries as well to prefer the most recent response.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 15:45:18 +02:00
Jouni Malinen
2eef5177ad nl80211: Report set_supp_port failures in debug log
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 09:16:27 +02:00
Jouni Malinen
a0bdd1916f nl80211: Share a helper function for connect and associate commands
Most of the attributes to these commands are identical and there is no
need to maintain two copies of the same functionality.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 09:16:27 +02:00
Jouni Malinen
e00d546ca3 Remove unnecessary build #ifdef from definitions
This type of definition by itself does not change the binary at all.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 09:16:27 +02:00
Jouni Malinen
4848a38d85 Get rid of duplicated cipher suite and AKM definitions
WPA_CIPHER_* and CIPHER_* are used for the exact same set of cipher
suites with the main difference being that the WPA_CIPHER_* version is
suitable to be used as a bitfield. Similarly, WPA_KEY_MGMT_* and
KEY_MGMT_* have similar design for AKMs. There is no need to maintain
two separate copies of the definitions since the bitfield compatible
version can be used for both needs. Get rid of the CIPHER_* and
KEY_MGMT_* versions to clean up the implementation by getting rid of
unnecessary mapping functions.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 09:16:27 +02:00
Jouni Malinen
de4ed4a89b nl80211: Use helper functions for cipher suite mapping
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 09:16:27 +02:00
Jouni Malinen
a565084f96 nl80211: Set control port for NL80211_CMD_COMMAND
NL80211_ATTR_CONTROL_PORT was previously set only for
NL80211_CMD_ASSOCIATE, but it should also be set when using
NL80211_CMD_COMMAND (driver-based SME) even though none of the current
non-mac80211 drivers use this.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 09:15:49 +02:00
Jouni Malinen
35f3d3ed5f nl80211: Clean up regulatory rule debug prints
Combine maximum bandwidth and EIRP into a single debug print.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-30 23:35:48 +02:00
Jouni Malinen
880de8851e nl80211: Print frame registration match on same debug line
This makes debug log a bit more readable.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-30 23:35:48 +02:00
Jouni Malinen
152cff6ba6 P2P: Remove WPA_DRIVER_FLAGS_P2P_MGMT option
The option of handling upper layer P2P management operations within the
driver/firmware was originally planned to be used with wpa_supplicant,
but this has not really happened and there is no clear sign of this
being needed in the near term either. This functionality has not been
completed and it is certainly not being kept up-to-date or tested. As
such, it is best to remove it for now and if this or something similar
is needed in the future, it can be brought back once a clear need for it
has been demonstrated first.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 18:20:47 +02:00
Jouni Malinen
4414d9ee95 SAE: Fix ECC element y coordinate validation step
prime_len was added to the start pointer twice and because of this, the
actual y coordinate was not verified to be valid. This could also result
in reading beyond the buffer in some cases.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 17:18:17 +02:00
Jouni Malinen
069fb4712b EAP-EKE: Allow forced algorithm selection to be configured
phase1 parameters dhgroup, encr, prf, and mac can now be used to specify
which algorithm proposal is selected, e.g., with phase1="dhgroup=3
encr=1 prf=1 mac=1" selecting the mandatory-to-implement case. This is
mainly for testing purposes, but can also be used to enforce stronger
algorithms to be used.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 17:18:17 +02:00
Jouni Malinen
3a88914d8e Remove unused information element parsing data
These information elements are not really used anywhere in hostapd or
wpa_supplicant nor is there any plan to use them. As such, there is no
need to keep the code here either, so save couple of bytes here.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 17:18:17 +02:00
Jouni Malinen
dbfb8e82ff Remove unnecessary EVENT_RX_ACTION
This driver event was used separately for some Action frames, but all
the driver wrappers converted to this from information that would have
been enough to indicate an EVENT_RX_MGMT event. In addition, the
received event was then converted back to a full IEEE 802.11 management
frame for processing in most cases. This is unnecessary complexity, so
get rid of the extra path and use EVENT_RX_MGMT for Action frames as
well as other management frame subtypes.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 17:18:17 +02:00
Jouni Malinen
1450e1e319 Define __maybe_unused
This can be used to silence compiler warnings in cases where #ifdef
blocks can leave some variables or functions unused and there is no
cleaner way of avoiding the warnings.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 13:38:27 +02:00
Jouni Malinen
912b34f000 Do not process Action frames twice in hostapd SME/MLME
Commit 88b32a99d3 added support for using
some Action frame processing in hostapd for drivers that handle most of
SME/MLME internally (it added FT, this has since be extended for SA
Query and WNM). However, this was added in a way that ended up getting
both the hostapd_rx_action() and hostapd_action_rx() called for Action
frames. This could result in an attempt to process FT, SA Query, and WNM
Action frames twice.

There is need for more significant cleanup in Action frame processing in
hostapd depending on the driver type, but as a simple step to avoid
issues, skip the hostapd_action_rx() call if hostapd_rx_action()
processed the frame.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 11:25:59 +02:00
Jouni Malinen
006309b546 Fix whitespace style
Commit 88b32a99d3 added couple of lines
with incorrect indentation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 11:25:59 +02:00
Jouni Malinen
67807132cf WPS: Remove unused send_wpabuf()
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:33 +02:00
Jouni Malinen
0e22b8dd4c WPS: Make sure reconfiguration timeout is not left behind on deinit
Even though this is a short timeout, it is at least theoretically
possible for the interface to be removed while waiting for
reconfiguration to start. Avoid issues with this by cancelling the
timeout on any WPS interface deinit. In theory, this should be postponed
until interface removal, but that does not fit very nicely to the
current wps_hostapd.c style.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:32 +02:00
Jouni Malinen
75d1d0f7b6 WPS: Allow testing mode to disable 2.0 functionality
Previously, wps_version_number was used only to test extensibility to
newer version numbers, but it can also be used to enable testing of
older versions (1.0), e.g., to avoid hitting some 2.0 specific
validation steps.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:32 +02:00
Jouni Malinen
f7e2542f28 Remove unused wps_device_data_dup()
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:32 +02:00
Jouni Malinen
c89d9dba9c Remove unnecessary extra tracking of eloop registration
It is fine to try to cancel a registration that does not exist, so there
is no need to have the duplicated checks for eloop timeout and socket
registration.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:32 +02:00
Jouni Malinen
c86bf160a7 Replace unnecessary hex_value() with hex2byte()
There is no need to maintain two functions for doing
the same type of hex-to-binary conversion.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:32 +02:00
Jouni Malinen
aa189ac9dd Enable FT with SAE
It was already possible to configure hostapd and wpa_supplicant to use
FT-SAE for the key management, but number of places were missing proper
AKM checks to allow FT to be used with the new AKM.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:31 +02:00
Jouni Malinen
2d2ecf51aa nl80211: Fix protected Action frame reporting for AP mode
Action frame RX report through EVENT_RX_ACTION did not indicate whether
the frame was protected or not even though that information is available
in mlme_event_mgmt(). hostapd_rx_action() has a workaround for setting
the protected flag for SA Query frames, but that did not apply for other
frames, like FT Action. This broke FT-over-DS when PMF is enabled with
newer kernel versions (i.e., the ones that do not use monitor interface
for receiving management frames).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 10:00:31 +02:00
Jouni Malinen
db76aa64f1 Fix PeerKey 4-way handshake
The earlier changes to buffer EAPOL frames when not associated to avoid
race conditions (especially commit
3ab35a6603 but maybe something even before
that) broke PeerKey 4-way handshake. Fix this by using a separate check
before the race condition workaround to process PeerKey 4-way handshake
EAPOL-Key messages differently.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-28 16:32:54 +02:00
Jouni Malinen
773272989a Fix PeerKey deinit behavior
PeerKey entries need to be removed on disassociation and this needs to
be done in a way that cancels the possibly pending eloop timeout.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-28 16:32:54 +02:00
Jouni Malinen
8d321a7d4c WNM: Move disassociation imminent sending to wnm_ap.c
This gets all WNM BSS Transition Management frame building and sending
within hostapd into the same location.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 19:57:47 +02:00
Jouni Malinen
b76f4c2763 hostapd: Make STA flags available through ctrl_iface STA command
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 19:35:12 +02:00
Jouni Malinen
aa03dbd517 Remove IEEE80211_REQUIRE_AUTH_ACK
This is not really needed for anything and the standard does not require
such validation step to be made for Authentication frame transmission.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 19:35:12 +02:00
Jouni Malinen
121f2ab49a Remove unused STA flags
These three flags were only displayed, but never set or used for
anything else.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 19:35:12 +02:00
Jouni Malinen
3578e665bf WNM: Add STA flag to indicate the current WNM-Sleep-Mode state
This can be useful for displaying the current STA state and also for
determining whether some operations are likely to fail or need
additional delay.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 19:35:12 +02:00
Jouni Malinen
477689788c WNM: Fix AP processing without wnm_oper driver callback
hostapd_drv_wnm_oper() needs to indicate an error if the driver callback
function is not implemented. Without this, the buf_len argument could
have been left uninitialized which could result in crashing the process.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 18:48:04 +02:00
Jouni Malinen
2025cad9b8 WNM: Move ESS Disassoc Imminent sending to a helper function
This makes it easier to trigger the ESS Disassociation Imminent
operation from different sources.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-12-27 18:48:04 +02:00
Jouni Malinen
28ab64af9b WNM: Minimal processing of BSS Transition Management Query/Response
This adds first steps at processing a BSS Transition Management Query on
the AP side. Mainly, the message is parsed and printed out in the debug
log and a minimal BSS Transition Management Request frame is sent as a
response. BSS Transition Management Response frame is also parsed and
details printed out in the debug log.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-27 18:11:07 +02:00
Jouni Malinen
629edfef81 WNM: Fix Sleep Mode AP processing in open network
The previous version could end up calling WPA authenticator routines
even though the authenticator had not been initialized and this could
result in NULL pointer dereference.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-26 22:26:05 +02:00
Jouni Malinen
dff1e2856d Initial handling of GTK-not-used cipher suite
This prepares wpa_supplicant for accepting cases where the AP does not
use group addressed frames.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-12-26 22:26:05 +02:00
Jouni Malinen
51e3eafb68 OpenSSL: Do not accept SSL Client certificate for server
If the extended key usage of the AAA server certificate indicates
that the certificate is for client use, reject the TLS handshake.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-12-26 22:26:05 +02:00
Jouni Malinen
6bf61fb288 OpenSSL: Use certificates from TLS authentication in OCSP stapling
OCSP response may not include all the needed CA certificates, so use the
ones received during TLS handshake.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-12-26 20:50:28 +02:00
Jouni Malinen
c9629476f3 WPS ER: Fix deinit timeout handling with delayed/failing unsubscribe
The five second timeout to call wps_er_deinit_finish() could potentially
be left behind when removing the ER data based on some other event. This
could result in double-freeing of wps_er context killing the process,
e.g., if the WPS ER functionality is stopped while in the process of
unsubscribing from an AP and then restarted.

In addition, AP entries could still be present in the
er->ap_unsubscribing list when the deinit timeout hits. These entries
would still maintain HTTP context pointing to the ER which would be
freed here and as such, the following HTTP client callback could refer
to freed memory and kill the process. Fix this by freeing AP entries
from ap_unsubscribing list when ER is deinitialized from timeout even if
such AP entries have not completed unsubscription from UPnP events.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-12-26 20:50:28 +02:00
Jouni Malinen
7b75c30109 WPS: Reschedule AP configuration reload on EAP completion
Reduce race condition of the station trying to reconnect immediately
after AP reconfiguration through WPS by rescheduling the reload
timeout to happen after EAP completion rather than the originally
scheduled 100 ms after new configuration became known.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-12-26 20:50:28 +02:00
Jouni Malinen
a5f40eff18 Track whether scan was started by us or an external program
This can be used to improve scan behavior in cases external programs
request scans directly from the driver.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-26 18:27:48 +02:00
Jouni Malinen
18ae237783 Fix comment format
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-26 18:27:48 +02:00
Jouni Malinen
3ae3ec2727 nl80211: Add scanned frequencies/SSIDs into debug log
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-26 18:27:48 +02:00
Jouni Malinen
6ffa1687ee Add GAS-QUERY-START and GAS-QUERY-DONE event messages
External programs can use these new control interface events to better
track progress of GAS operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-26 16:55:45 +02:00
Jouni Malinen
93827f456a hostapd: Allow external management frame processing or testing
This enables more convenient protocol testing of station side
functionality in various error cases and unexpected sequences without
having to implement each test scenario within hostapd.
ext_mgmt_frame_handle parameter can be set to 1 to move all management
frame processing into an external program through control interface
events (MGMT-RX and MGMT-TX-STATUS) and command (MGMT_TX).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-26 16:55:45 +02:00
Jouni Malinen
98eda9c26d Move int_array helpfer functions to utils/common.c
These can be useful outside scan.c, so make them available.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-26 13:37:06 +02:00
Jouni Malinen
bee25cc932 nl80211: Fetch cipher capabilities from the driver
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-25 11:07:58 +02:00
Jouni Malinen
35c200624e Convert wpa_hexdump functions to use void pointer instead of u8 *
This removes need for ugly typecasts for some debug prints.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-24 23:12:37 +02:00
Jouni Malinen
5f9c134ab4 Remove obsolete license notifications
These files have been distributed only under the BSD license option
since February 2012. Clarify the license statements in the files to
match that to avoid confusion.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-24 22:59:52 +02:00
Jouni Malinen
bd1e328047 Android: Remove old WEXT extensions
Android has moved to nl80211, so no need to maintain these old WEXT
extensions in wpa_supplicant.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-24 22:52:18 +02:00
Jouni Malinen
bad5cdf491 Verify that beacon setup succeeds before proceeding
There is no point in starting the AP operations unless
the driver can be successfully configured to beacon.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-24 22:46:20 +02:00
Jouni Malinen
7d7f7be2e5 Verify group key configuration for WPA group
If configuration of the group key to the driver fails, move the WPA
group into failed state and indication group setup error to avoid cases
where AP could look like it is working even through the keys are not set
correctly.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-24 22:38:16 +02:00
Jouni Malinen
30675c3416 Add definitions for new cipher suites from IEEE Std 802.11ac-2013
This adds initial parts for supporting the new GCMP-256, CCMP-256,
BIP-GMAC-128, BIP-GMAC-256, and BIP-CMAC-256 cipher suites.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-24 22:21:04 +02:00
Jouni Malinen
13b24a766f VHT: Use status code 104 to indicate VHT required
IEEE Std 802.11ac-2013 defines a status code for this, so use that
instead of the unspecified reason.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-24 21:19:45 +02:00
Andrei Otcheretianski
76aab0305c Add secondary channel IE for CSA
If secondary channel is provided for CSA, advertise it in the Secondary
Channel Offset element in Beacon and Probe Response frames.

Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2013-12-24 08:27:28 +02:00
Andrei Otcheretianski
8f4713c5c9 Store entire CS freq_params and not only freq
When CSA flow starts, store the entire struct hostapd_freq_params and
not only CS frequency as it was before. The additional freq_params are
required to advertise CS supplementary IEs such as secondary channel,
wide bandwidth CS, etc.

Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2013-12-24 08:23:40 +02:00
Andrei Otcheretianski
13daed58c7 Include driver.h in hostapd.h
This allows use of structs (and not only pointers) defined in drivers.h.
Remove also some not needed forward declarations and redundant includes.

Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2013-12-24 08:22:37 +02:00
Johannes Berg
196a217403 WPS_UPNP: Use monotonic time for event debouncing
The event debouncing isn't very accurate (since it doesn't
take sub-second resolution into account), but it should use
monotonic time anyway since it doesn't care about the wall
clock.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:57:10 +02:00
Johannes Berg
864c9afa6d wps_registrar: Use monotonic time for PBC workaround
The PBC ignore-start workaround just needs to check whether
the time is within 5 seconds, so should use monotonic time.

While at it, add a few more ifdefs to clearly separate the
code and variables needed.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:54:40 +02:00
Johannes Berg
61e98e9cf7 wps_registrar: Use monotonic time for PBC session timeout
PBC sessions are just time-stamped when activated, and
eventually time out, so should use monotonic time.

While at it, make the code use os_reltime_expired().

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:52:49 +02:00
Johannes Berg
3647e5a7cb wps_registrar: Use monotonic time for PIN timeout
If the PIN expires, then a timeout is given, so that monotonic
time should be used.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:51:41 +02:00
Johannes Berg
36186188ec rsn_supp: Use monotonic time for PMKSA cache expiry
Since this is just for relative timeouts, it should use
monotonic time.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:50:26 +02:00
Johannes Berg
e05f0605bf rsn_supp: Do not track expiration time
The eloop already tracks the expiration/lifetime, and the expiration
isn't really used, so remove it. It should otherwise have used monotonic
time, but since it's not actually used, we can remove it instead.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:33:25 +02:00
Johannes Berg
587071765d RADIUS server: Use monotonic time
The RADIUS server needs to calculate uptime, which is relative
and thus should use monotonic time.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:32:16 +02:00
Johannes Berg
40128043ca RADIUS client: Use monotonic time
Since the RADIUS client cares about relative time (retry timeout)
only, it should use monotonic time.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:30:45 +02:00
Johannes Berg
acb69cec6f wpa_supplicant: Use monotonic time for RX/BSS times
The BSS table, scan timeout, and related functionality should use
monotonic time since they care about relative values (age) only.
Unfortunately, these are all connected, so the patch can't be split
further. Another problem with this is that it changes the driver wrapper
API. Though, it seems only the test driver is using this.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:27:02 +02:00
Johannes Berg
f073fdee7b EAP server: Remove SIM-DB pending timestamp
This should probably have used monotonic time for entry timestamps, but
as those aren't used at all right now, so just remove them entirely.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:15:49 +02:00
Johannes Berg
636e19a53d wpa_ctrl: Use monotonic time for request retry loop
The request retry loop only retries for 5 seconds, so any time
jumps would probably not affect it much, but it should be using
monotonic time nonetheless since it only cares about duration.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:14:50 +02:00
Johannes Berg
7ffe7d222a AP: Use monotonic time for MMIC failure/TKIP countermeasures
Wall time jumps shouldn't affect MMIC failure/TKIP countermeasures,
so use monotonic time. Change the michael_mic_failure variable to
struct os_reltime for type-safety.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:13:34 +02:00
Johannes Berg
dd4e32bae4 AP: Use monotonic time for PMKSA cache
Since the PMKSA cache only uses relative time, use the monotonic time
functions instead of wall time to be correct when the clock jumps.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:01:07 +02:00
Johannes Berg
0fc545aee5 AP: Use monotonic time for STA accounting
For type-safety, make sta->acct_session_start a struct os_reltime
and then use monotonic time for accounting. For RADIUS reporting,
continue to use wall clock time as specified by RFC 2869, but for
the session time use monotonic time.

Interestingly, RFC 2869 doesn't specify a timezone, so the value
is somewhat arbitrary.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-24 06:57:53 +02:00
Jouni Malinen
429dd9aff1 Advertise QoS Map support based on driver capability
Do not assume the driver supports QoS Mapping, but instead, advertise
support for this only if CONFIG_INTERWORKING is defined and driver
indicates support for configuring QoS Map.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-12-23 11:05:20 +02:00
Kyeyoon Park
049105b486 nl80211: Add support for QoS Map configuration
This allows nl80211-based drivers to configure QoS Mapping in both AP
and station modes.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-12-23 10:44:59 +02:00
Jouni Malinen
74ddd64b26 nl80211: Sync with mac80211-next.git
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-23 10:44:54 +02:00
Jouni Malinen
9fcd300db6 nl80211: Sync with wireless-testing.git
The driver_nl80211.c changes are needed to avoid compiler warnings
with two frequency attributes pointing to the same value.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-23 10:44:48 +02:00
Marek Kwaczynski
493ba877c3 hostapd: Clear interface_added flag on error path
If more BSSes are added in config file than are supported by the driver,
segmentation fault can appear. For this case, the interface_added flag
needs to be cleared if adding a new BSS fails.

Signed-hostap: Marek Kwaczynski <marek.kwaczynski@tieto.com>
2013-12-14 21:13:52 -08:00
Janusz Dziedzic
f7154ceef7 DFS: Use channel switch when radar is detected
Until now DFS was simply restarting the AP when radar was detected. Now
CSA is used to perform smooth switch to the new channel. Stations not
supporting CSA will behave as before.

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
2013-12-07 20:50:15 -08:00
Janusz Dziedzic
6c6c58d157 hostapd: Make hostapd_set_freq_params() public
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2013-12-07 20:50:15 -08:00
Michal Kazior
b72f949b07 DFS: Allow skipping radar channels
This is needed for AP CSA. Since CSA must happen immediately after radar
is detected there's no time to perform CAC. Thus, radar channels must be
disabled when looking for a new channel to escape to after a radar is
detected.

Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
2013-12-07 20:50:15 -08:00
Janusz Dziedzic
8d1fdde7f0 nl80211/hostapd: Extend channel switch notify handling
Adds support for VHT by parsing bandwidth and center_freq{1,2}.

Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2013-12-07 20:50:15 -08:00
Johannes Berg
10e694a618 AP: Use monotonic clock for SA query timeout
The usual, any timeouts should be using monotonic time.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-07 20:50:15 -08:00
Johannes Berg
af5389610b Use monotonic clock for RADIUS cache timeouts
Use monotonic clock for both cache and query timeouts.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-07 20:50:15 -08:00
Johannes Berg
fe52c210cf Use monotonic clock for last_sae_token_key_update
Just the usual, with a new function os_reltime_initialized()
thrown in that checks whether time has ever been retrieved
(time can't be completely zero).

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-07 20:50:15 -08:00
Johannes Berg
100298e896 AP: Use monotonic time for AP list
Use the new monotonic time to keep track of when an AP
entry expires.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-07 20:50:15 -08:00
Johannes Berg
e5c9e401a4 OS utils: Add os_reltime_expired()
This helper functions checks whether a given entry has expired,
given the last active timestamp, the current time, and a timeout.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2013-12-07 20:50:14 -08:00
Johannes Berg
b3493fa110 AP: Use monotonic time for STA connected time
Connected time is relative, so should be using monotonic time
rather than time of day.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-07 20:50:14 -08:00
Johannes Berg
ed0ebee14f OS utils: Provide os_reltime_age()
This function calculates and returns the time passed since
a given timestamp.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-12-07 18:55:58 -08:00
Jithu Jance
8567866d75 P2P: Handle frequency conflict in single channel concurrency case
Based on priority, remove the connection with least priority whenever
a frequency conflict is detected.

Signed-hostap: Jithu Jance <jithu@broadcom.com>
2013-12-07 18:55:58 -08:00
Masashi Honma
e706d2d30d bsd: Fix compilation error for NetBSD
Commit 5dd82c634c causes compilation error
on NetBSD 6.1.2. Fix compilation with #ifdef blocks.

Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
2013-12-07 17:46:41 -08:00
Jouni Malinen
7feff06567 Add CONFIG_CODE_COVERAGE=y option for gcov
This can be used to measure code coverage from test scripts.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-24 19:16:12 +02:00
Jouni Malinen
d9c753b4f5 EAP server: Handle EAP method initialization failures more cleanly
Allow another EAP method to be tried if one of the enabled methods
fails. If all the remaining methods fail, reject connection by adding a
new METHOD_REQUEST -> FAILURE transition. Previously, this case resulted
in the state machine trying to send a message when none was available
and then waiting for a following event until timeout.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-24 18:26:05 +02:00
Jouni Malinen
59d343858d EAP server: Initialize TLS context based on private_key
It is possible for the authentication server to be configured with a
PKCS #12 file that includes a private key, a server certificate, and a
CA certificate. This combination could result in server_cert and ca_cert
parameters not being present and that should still result in TLS context
getting initialized.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-24 18:08:45 +02:00
Jouni Malinen
6b417a1b77 Reject TLS-based EAP server method if TLS context not initialized
It was possible to configure hostapd in a way that could try to
initialize a TLS-based EAP method even when TLS library context was not
initialized (e.g., due to not configuring server or CA certificate).
Such a case could potentially result in NULL pointer dereference in the
TLS library, so check for this condition and reject EAP method
initialization.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-24 18:01:12 +02:00
Jouni Malinen
158b090cda nl80211: Fix regression in P2P group interface removal
Commit 390e489c0d extended hostapd BSS
interface removal capabilities. However, it ended up causing a
regression in wpa_supplicant P2P group interface handling. That P2P
group interface is removed through another driver_nl80211.c BSS context
and as such, the bss->added_if is not set. Fix this by verifying whether
the request is for another ifindex and if so, removing the interface
even if added_if is not marked.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-24 12:41:32 +02:00
Mohammed Shafi Shajakhan
336167c80e AP: Fix inactivity STA timer trigger for driver offload case
Some non-mac80211 drivers, such as ath6kl, support STA inactivity timer
in firmware and may not provide connected stations' idle time to the
userspace. If the driver indicates support for offloaded operation, do
not start the inactivity timer in the hostapd.

Signed-hostap: Mohammed Shafi Shajakhan <mohammed@qca.qualcomm.com>
2013-11-24 12:01:55 +02:00
Janusz Dziedzic
80ed037f00 Clear beacon_data before usage
struct beacon_data contains a lot of pointers. Make sure it gets cleared
to zero if hostapd_build_beacon_data() gets called from a path that does
not clear the structure first.

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2013-11-22 23:21:43 +02:00
Dmitry Shmidt
982189632f Android: Revert static field back to send_and_recv_msgs()
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-11-22 23:12:40 +02:00
Jouni Malinen
5e2c3490d5 Android: Add driver_cmd for arbitrary driver commands
This is a mechanism used in Android to extend driver interface in vendor
specific ways. This is included only for the purpose of Android
compatibility. Proper interface commands should be used for any new
functionality.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-22 20:23:08 +02:00
Jouni Malinen
0de3803610 Android: Add P2P/WPS wrappers for private lib
Android uses a vendor specific library for implementing couple of driver
interface functions. Add the wrapper code to allow that mechanism to be
used.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-22 20:23:03 +02:00
Dmitry Shmidt
7b74c0acfb Android: Clean entire socket directory
Despite interface (and group) related sockets are not used
for control, they are created and may be left.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-11-22 18:03:24 +02:00
Marek Kwaczynski
92ecda40e0 hostapd: Set proper VHT capabilities
Set VHT capabilities defined in config file instead only supported
by the driver.

Signed-hostap: Marek Kwaczynski <marek.kwaczynski@tieto.com>
2013-11-22 18:03:04 +02:00
Marek Kwaczynski
77a3e796e1 hostapd: Fix set beacon in multiple BSSID scenario
Check if the BSS interface has started before setting beacon.
Lack of this condition can cause segmantation fault.

Signed-hostap: Marek Kwaczynski <marek.kwaczynski@tieto.com>
2013-11-22 18:02:56 +02:00
Sunil Dutt
179fc5527d TDLS: Do not reenable TDLS link on retransmitted setup frame
A reenable of the TDLS link while the host driver is already processing
the same (due to the retransmitted M2/M3 frames) might result in a
failed TDLS setup handshake due to some host driver's implementation.
Thus, issue enable link only when the peer's TDLS status signifies no
prior link (tpk_success=0).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-22 17:47:09 +02:00
Jouni Malinen
cc14091eab VHT: Fix memory leak in STA entry
Commit de3cdf354a adding copying of the
STA's VHT capabilities into the STA entry on the AP. This was done in
allocated memory, but that new memory allocation was not freed anywhere.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-22 17:46:22 +02:00
Johannes Berg
594516b4c2 Use monotonic clock for relative time for eloop if available
Relative time shouldn't be calculated based on gettimeofday
because that clock can jump (e.g., when the time is adjusted
by the system administrator.)

On systems where that is available, use CLOCK_BOOTTIME (on
fairly recent Linux systems, this clock takes into account
the time spend suspended) or CLOCK_MONOTONIC (on Linux and
some POSIX systems, this clock is just freely running with
no adjustments.)

Reported-by: Holger Schurig <holgerschurig@gmail.com>
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-11-20 23:52:56 +02:00
Jouni Malinen
461e3ebe43 Fix and work around some MinGW compilation issues
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-20 23:12:33 +02:00
Jouni Malinen
81cbc046fe Fix compiler warning for OpenSSL without HAVE_OCSP
Commit 080585c01a added ssl_ctx outside
ifdef HAVE_OCSP block that was the only user for this.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-20 23:12:33 +02:00
Michal Kazior
68d628accd hostapd: Fix interface enabling/disabling and DFS
The 'started' state was tracked incorrectly. It also broke DFS
as it was using hostapd_enable/disable_iface() functions.

Signed-hostap: Michal Kazior <michal.kazior@tieto.com>
2013-11-20 22:29:35 +02:00
Jouni Malinen
0004374025 P2P: Prefer U-NII-3 over U-NII-1 during channel selection
Some devices disable use of U-NII-1 (channels 36-48) for P2P due to it
being indoor use only in number of locations. If U-NII-3 (channels
149-161) is available, try to pick a channel from that range first
during random channel selection to reduce likelihood of interoperability
issues.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-19 13:04:21 +02:00
Jouni Malinen
384bdd021b P2P: Prefer VHT channels for initial pick
If there are no other preferences from local configuration or driver,
prefer a random VHT channel instead of falling back to the fixed
pre-configured channel or 5 GHz/HT40 channel preference.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-18 17:58:14 +02:00
Jouni Malinen
a30d50b324 P2P: Prefer HT40 channels for initial pick
If there are no other preferences from local configuration or driver,
prefer a random HT40 channel instead of falling back to the fixed
pre-configured channel or 5 GHz channel preference.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-18 17:57:07 +02:00
Jouni Malinen
f24071076d P2P: Prefer 5 GHz channels for initial pick
If there are no other preferences from local configuration or driver,
prefer a random 5 GHz channel instead of falling back to the fixed
pre-configured channel (which is selected by default to be 1, 6, or 11).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-18 17:55:04 +02:00
Jouni Malinen
b2d4aaa2c7 P2P: Select VHT channel at random instead of using the first entry
Use the new p2p_channel_select() function to select a VHT channel
at random when no other preferences are in effect.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-18 17:51:27 +02:00
Jouni Malinen
ee8f6ea0ca P2P: Select HT40 channel at random instead of using the first entry
Use the new p2p_channel_select() function to select an HT40 channel
at random when no other preferences are in effect.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-18 17:50:55 +02:00
Jouni Malinen
5576663fba P2P: Move random channel selection into a helper function
The new p2p_channel_select() function can be re-used to implement
random channel selection from a set of operating classes in all
places that need such functonality.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-18 17:50:21 +02:00
Jouni Malinen
d33fef57a4 wlantest: Add support for log output into a file
This allows wlantest debug log output to be directed to a file so that
RELOG command can be used to rotate files more easily than stdout.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-17 21:40:17 +02:00
Andrei Otcheretianski
334bf36ac5 Add chan_switch to ctrl interface of wpa_supplicant and hostapd
Add chan_switch to the control interface of wpa_supplicant and hostapd,
and also to wpa_cli and hostapd_cli.

Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2013-11-17 17:12:58 +02:00
Andrei Otcheretianski
bf281c129f Add AP channel switch mechanism
Build CSA settings and call the driver to perform the switch. Construct
Beacon, Probe Response, and (Re)Association Response frames both for CSA
period and for the new channel. These frames are built based on the
current configuration. Add CSA IE in Beacon and Probe Response frames.

Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2013-11-17 17:12:58 +02:00
Andrei Otcheretianski
e44a384b68 Move AP parameter filling into a helper function
Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2013-11-17 17:12:58 +02:00
Andrei Otcheretianski
1c4ffa8746 nl80211: Add channel switch implementation
Implement nl80211 switch_channel() operation.
Publish flags indicating kernel support for channel switch.

Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2013-11-17 17:12:49 +02:00
Andrei Otcheretianski
dcca2219ae wpa_supplicant: Update channel switch driver interface
Add csa_settings struct which holds parameters for CSA. Change driver
interface for switch_channel(), so that it will receive this struct and
not only the new frequency as it was before. This allows wpa_supplicant
to provide all the required parameters (beacons, proberesp, assocresp,
CSA IE) which are required by cfg80211 implementation.

Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2013-11-17 16:48:33 +02:00
Jouni Malinen
e1925bde36 eloop: Remove eloop_none.c
This was supposed to be a minimal sample of eloop wrapper, but it is
unclear whether this is of that much use and the file has not been kept
up-to-date. Remove this file to reduce maintenance effort. The other
eloop*.c files can be used as a starting point if something new is
needed.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-17 16:48:20 +02:00
Jouni Malinen
3505743395 Sync with wireless-testing.git include/uapi/linux/nl80211.h
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-17 16:48:03 +02:00
Masashi Honma
22cf7d7324 SCARD: Clean up SIM/USIM selection
Commit eb32460029 left an unneeded
sim_type argument to scard_init(). Remove that unnecessary argument to
clean up the implementation.

Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
2013-11-17 16:47:38 +02:00
Paul Stewart
cea97a04f9 dbus_new: Add DBus TDLS methods
Add DBus methods for TDLS operations similar to those available
for the control interface. This includes Discover, Setup, and
Teardown commands. While here, add a method to query the TDLS
link status and add a DBus method for it.

Tested with CONFIG_TDLS enabled, on a TDLS-enabled host and
peer capable of TDLS:

    dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
        /fi/w1/wpa_supplicant1/Interfaces/0 \
        fi.w1.wpa_supplicant1.Interface.TDLSStatus string:<peer-mac-address>

    yields: string "peer does not exist"

    dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
        /fi/w1/wpa_supplicant1/Interfaces/0 \
        fi.w1.wpa_supplicant1.Interface.TDLSDiscover string:<peer-mac-address>

    yields no error

    dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
        /fi/w1/wpa_supplicant1/Interfaces/0 \
        fi.w1.wpa_supplicant1.Interface.TDLSSetup string:<peer-mac-address>

    yields no error

    dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
        /fi/w1/wpa_supplicant1/Interfaces/0 \
        fi.w1.wpa_supplicant1.Interface.TDLSStatus string:<peer-mac-address>

    yields: string "connected" after TDLS completes

    dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
        /fi/w1/wpa_supplicant1/Interfaces/0 \
        fi.w1.wpa_supplicant1.Interface.TDLSTeardown string:<peer-mac-address>

    yields no error

    dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
        /fi/w1/wpa_supplicant1/Interfaces/0 \
        fi.w1.wpa_supplicant1.Interface.TDLSStatus string:<peer-mac-address>

    yields: string "peer not connected"

Signed-hostap: Paul Stewart <pstew@chromium.org>
2013-11-17 16:47:32 +02:00
Dmitry Shmidt
e2f5a9889a Deplete scan request if new time is less than remaining
This avoids pushing out previous scheduled scan requests based on new
events.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-11-17 16:46:58 +02:00
Vinay Krishna Eranna
dcd25d4c3b P2P: Use negotiated channel from invitation for persistent GO
During persistent group re-invocation, GO may end up using a different
channel as the operation channel compared to what was indicated in the
invitation frames. This may break the connection if the peer device ends
up scanning the GO only on the channel from the invitation frame. Fix
this by using the negotiated channel (if available) on the GO as the
operating channel instead of the channel that was provided in the
p2p_invite command to start negotiation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-16 18:05:28 +02:00
Abhishek Singh
795baf773f hostapd: Filter channel list updated events after country code change
We were not filtering the EVENT_CHANNEL_LIST_CHANGED events based on the
regulatory hint initiator. So wait for EVENT_CHANNEL_LIST_CHANGED event
after our own change was triggered even when regulatory hint initiator
was the driver. This could result in the wait for the channel list to be
updated to be terminated before the real change has occurred and as
such, old channel list remaining in use when configuring
hostapd/wpa_supplicant country parameter. Fix this by filtering the
hints according to the initiator and only regulatory hints initiated by
user will be used to stop the wait.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-15 02:59:55 +02:00
Jouni Malinen
146fa9b38f nl80211: Do not force interface down on deinit
If wpa_supplicant or hostapd was started with the interface
already up, do not force interface down on deinit.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-09 18:05:54 +02:00
Jouni Malinen
49b4b2058b nl80211: Do not for station mode on hostapd deinit
If hostapd was started with the interface already in AP mode, leave the
interface in AP mode on deinit instead of unconditionally forcing it to
station mode.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-09 17:29:32 +02:00
Jouni Malinen
04eff7d5ba nl80211: Remove build time condition on HOSTAPD define
It is common to build wpa_supplicant with AP mode support and it is
justifiable to clean up driver_nl80211.c by removing the conditional
build blocks based on hostapd vs. wpa_supplicant builds.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-09 17:22:49 +02:00
Jouni Malinen
0d547d5ff8 nl80211: Share more code between hostapd and wpa_supplicant
This gets rid of some ifdef HOSTAPD constructs and shares more
of the initialization code between hostapd and wpa_supplicant.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-09 17:09:02 +02:00
Jouni Malinen
7b7de4cf94 nl80211: Remove read-only last_freq/last_freq_ht
These variables were originally used in hostapd to clear HT channel
information when exiting. However, that functionality was lost with
commit f019981aee when moving to a common
code for setting the channel. Taken into account that no one seems to
have missed this functionality over the last four years, it seems safe
to drop this rather than try to fix the old hostapd behavior.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-09 17:02:05 +02:00
Kenny Root
1d415f1fcc Android: Switch keystore to binder
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-11-08 11:46:53 +02:00
Kenny Root
6dfdb80959 Android: Remove obsolete keystore path
It's not possible to get a raw private key from keystore anymore, so
this would fail every time anyway. Remove it so it doesn't confuse
anyone that looks at this code.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-11-08 11:37:48 +02:00
Kenny Root
1176ab6dd4 Android: Use keystore ENGINE for private key operations
The new keystore ENGINE is usable to perform private key operations when
we can't get the actual private key data. This is the case when hardware
crypto is enabled: the private key never leaves the hardware.

Subsequently, we need to be able to talk to OpenSSL ENGINEs that aren't
PKCS#11 or OpenSC. This just changes a few #define variables to allow us
to talk to our keystore engine without having one of those enabled and
without using a PIN.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-11-08 11:36:39 +02:00
Nick Kralevich
6dc94a635c Android: Use correct header file path for capability.h
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-11-08 11:36:14 +02:00
Kyeyoon Park
91f9e6078f GAS: Replenish AP station session timer to 5 seconds
If remaining AP session timeout is less than 5 seconds
for an existing station, replenish the timeout to 5 seconds.
This allows stations to be able to recycle a dialog token
value beyond 5 seconds for GAS exchange.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-08 00:22:32 +02:00
Kyeyoon Park
e5e74e5500 eloop: Add support for replenishing a registered timeout
eloop_replenish_timeout() finds a registered matching
<handler,eloop_data,user_data> timeout. If found, replenishes
the timeout if remaining time is less than the requested time.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-08 00:22:32 +02:00
Jouni Malinen
1c6edec60c nl80211: Work around nl_socket_set_nonblocking on Android
system/core/libnl_2 does not include nl_socket_set_nonblocking(), so
need to implement that to fix the build.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-07 17:10:34 +02:00
Paul Stewart
c101bb9d23 hostapd: Add option to send OBSS scan params
Add a parameter to send the overlapping BSS scan parameter
information element. This will require clients to perform
background scans to check for neigbors overlapping this
HT40 BSS. Since the implementation is incomplete it should
only be used for testing.

Signed-hostap: Paul Stewart <pstew@chromium.org>
2013-11-07 14:05:41 +02:00
Jouni Malinen
83eefb40b5 P2P: Add debug print of P2P Group ID SSID
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-07 13:48:53 +02:00
Jouni Malinen
b6881b5218 WPS NFC: Add more debug for NFC Password Token matching
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-07 13:48:49 +02:00
Jouni Malinen
67a88a747c WPS NFC: Add debug log entry on OOB Dev Pw attribute addition
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-07 13:48:42 +02:00
Jouni Malinen
d28f4e44f1 Interworking: Do not reconnect if already connected
If we are already connected to the selected AP with a network block
that was created based on the selected credential, do not force a
reconnection or network block update.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-07 00:12:30 +02:00
Jouni Malinen
5e1a4565f8 hostapd: Do not start secondary BSS unless interface is enabled
It is possible for additional BSSs to be added while the primary
interface is still in the process of determining channel parameters (HT
co-ex scan, ACS, DFS). Do not enable secondary interfaces in such state
immediately, but instead, wait for the pending operation on the primary
interface to complete. Once that's done, the added extra BSSs will also
be enabled in hostapd_setup_interface_complete().

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-06 15:41:05 +02:00
Jouni Malinen
36501a22a4 hostapd: Verify hostapd_setup_bss calls
Reject multiple calls to hostapd_setup_bss() for any specific interface.
hostapd_cleanup() must have been called first before trying to restart a
BSS.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-11-06 15:41:05 +02:00