Commit graph

161 commits

Author SHA1 Message Date
Jouni Malinen
75fa7d19a4 TDLS: Fix key configuration with current mac80211
A kernel commit ("mac80211: fix FT roaming") started validating that the
STA entry is marked associated when adding a key. While this is needed
to fix some FT use cases with hardware crypto, it has a side effect of
breaking TDLS key configuration. Work around this by trying to
re-configure the key for the direct link after the STA entry has been
set with all information. In addition, try to tear down the link if
anything goes wrong in key configuration (if both attempts fail) or
enabling the link in the driver.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-03 18:39:10 +03:00
Sunil Dutt
9f890c982a TDLS: Support both external and internal setup in disabling link
Enhance TDLS Setup Request processing to support both external and
internal TDLS setup for the case where concurrent TDLS initialization
results in the TDLS Setup Request from the peer getting accepted.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-28 15:05:10 +02:00
Jouni Malinen
864fe3a47c TDLS: Fix TDLS Setup Request processing in existing-peer cases
wpa_tdls_peer_free() ended up getting called after some of the
parameters from the TDLS Setup Request frame were copied into the struct
wpa_tdls_peer information. This could result in continuing with cleared
information in case the new exchange was the one that is used in
concurrent initialization case or if this is to re-negotiated an
existing TDLS link. The driver would not be provided with all the peer
capabilities correctly in such case.

Fix this by moving the existing_peer check to happen before the
information from the TDLS Setup Request frame is copied.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-28 12:38:24 +02:00
Jouni Malinen
1d43e28a59 TDLS: Fix TPK M2 processing in concurrent initiation case
If we accept the peer TPK M1 after having sent our TPK M1, we need to
reject TPK M2 from the peer to avoid going through two TDLS setup
exchanges.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-27 14:29:01 +02:00
Sunil Dutt
4561526f83 TDLS: Disable link to existing peer with lower address
If the previously started setup is terminated in case both peers
initiate TDLS link at more or less the same time, disable the old link
to allow the dummy station entry to be deleted from cfg80211 so that a
new entry can be added for the setup direction that will be allowed to
proceed.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-14 13:48:36 +02:00
Deepthi Gowri
6a1ce39599 FT: Add support for IEEE 802.11r with driver-based SME
Add NL80211_CMD_UPDATE_FT_IES to support update of FT IEs to the
WLAN driver. Add NL80211_CMD_FT_EVENT to send FT event from the
WLAN driver. This will carry the target AP's MAC address along
with the relevant Information Elements. This event is used to
report received FT IEs (MDIE, FTIE, RSN IE, TIE, RICIE).

Signed-off-by: Deepthi Gowri <deepthi@codeaurora.org>
2013-03-12 20:08:53 +02:00
Sunil Dutt
f8361e3d68 TDLS: Pass peer's VHT Capability information during sta_add
The information of the peer's VHT capability is required for the
driver to establish a TDLS link in VHT mode with a compatible peer.
Pass this information to the driver when the peer station is
getting added.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-25 10:31:50 +02:00
Sunil Dutt
d16531c40c TDLS: Pass peer's Capability and Ext Capability info during sta_add
The contents of the peer's capability and extended capability
information is required for the driver to perform TDLS P-UAPSD and Off
Channel operations. Pass this information to the driver when the peer
station is getting added.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-14 21:02:34 +02:00
Sunil Dutt
ff4178d57c TDLS: Pass peer's HT Capability and QOS information during sta_add
The information of the peer's HT capability and the QOS information is
required for the driver to perform TDLS operations. Pass this
information to the driver when the peer station is getting added.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-14 21:01:50 +02:00
Sunil Dutt
7b44ff2c21 TDLS: Tear down peers when disconnecting from the AP
A TDLS Teardown frame with Reason Code 3 (Deauthenticated because
sending STA is leaving (or has left) IBSS or ESS) shall be transmitted
to all TDLS peer STAs (via the AP or via the direct path) prior to
transmitting a Disassociation frame or a Deauthentication frame to the
AP.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-13 01:19:44 +02:00
Sunil Dutt
0cb12963b6 TDLS: Fix MIC calculation for teardown frame to depend on reason code
The reason code used for calculating the MIC should correspond to the
reason code with which the teardown frame is sent, as the receiver shall
use the one obtained in the frame for validating the MIC.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-05 13:36:36 +02:00
Sunil Dutt
3887878e53 TDLS: Remove link, if any, on an implicit set up request
If an implicit TDLS set up request is obtained on an existing link or an
to be established link, the previous link was not removed. This commit
disables the existing link on a new set up request. Also,
wpa_tdls_reneg() function was invoking wpa_tdls_start() on an already
existing peer for the case of internal setup, which is incorrect. Thus
the invocation of wpa_tdls_start() is removed in wpa_tdls_reneg() and
also this function is renamed to wps_tdls_remove() as it does not
renegotiation rather shall remove the link (if any) for the case of
external setup.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-05 13:27:56 +02:00
Jouni Malinen
283a26f358 TDLS: Move existing-entry check into wpa_tdls_add_peer()
There is no need to have this check copied to each caller since this
needs to be done for every case when a new peer is being added.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-05 13:16:35 +02:00
Sunil Dutt
cd22fbf85c TDLS: Use existing peer entry if available when processing discovery
Peer entries were getting added on every discover request from the peer,
thus resulting in multiple entries with the same MAC address. Ensures
that a check is done for the presence of the peer entry and reuse the
existing entry instead of adding a new one.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-05 13:10:34 +02:00
Jouni Malinen
3e72dace29 Fix compilation with PMKSA caching support disabled
Commit 6aaac006af modified the
pmksa_cache_init() prototype, but forgot to update the empty wrapper
function which is used when PMKSA caching is not included in the build.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-02-03 16:23:13 +02:00
Jouni Malinen
edbd2a191e Move cipher suite selection into common helper functions
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-13 16:58:54 +02:00
Jouni Malinen
de61795e7c TDLS: Use merge_byte_arrays() helper
This makes implementation simpler and easier for static analyzers to
understand.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
ad3872a372 WNM: Use CONFIG_WNM more consistently
Replace CONFIG_IEEE80211V with CONFIG_WNM to get more consistent build
options for WNM-Sleep Mode operations. Previously it was possible to
define CONFIG_IEEE80211V without CONFIG_WNM which would break the build.
In addition, IEEE 802.11v has been merged into IEEE Std 802.11-2012 and
WNM is a better term to use for this new functionality anyway.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-16 18:22:54 +02:00
Jouni Malinen
68db9ab047 WNM: Fix GTK/IGTK parsing for WNM-Sleep Mode Response frame
These fields do not use AES keywrap. Instead, they are protected with
management frame protection (and not included if PMF is disabled).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-16 12:48:34 +02:00
Dan Williams
0639970d89 PMKSA: Clear current cache entry on disassociation
Signed-hostap: Dan Williams <dcbw@redhat.com>
2012-11-25 21:53:55 +02:00
Dan Williams
6aaac006af PMKSA: Make deauthentication due to cache entry removal more granular
Expiry can always trigger a deauthentication, but otherwise,
deauthentication should only happen when the *current* cache entry is
removed and not being replaced. It should not happen when the current
PMK just happens to match the PMK of the entry being removed, since
multiple entries can have the same PMK when OKC is used and these
entries are often removed at different times.

This fixes an issue where eviction of the oldest inactive entry due to
adding a newer entry to a full cache caused a deauthentication when the
entry being removed had the same PMK as the current entry.

Signed-hostap: Dan Williams <dcbw@redhat.com>
2012-11-25 21:39:19 +02:00
Jouni Malinen
13e1d2e292 Indicate if PMF was negotiated for the connection
Add pmf=1/2 to wpa_supplicant STATUS command output to indicate that PMF
was negotiated for the connect (1 = optional in this BSS, 2 = required
in this BSS).

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-24 22:45:17 +02:00
Jouni Malinen
1e8a6e7553 Remove unused wpa_supplicant_disassociate()
This function is now unused after the last couple of commits that
removed the last uses, so remove this to keep code simpler since all
places that disassociate, can use deauthentication instead.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-05 17:05:37 +02:00
Jouni Malinen
3da372fae8 Use deauthentication instead of disassociation on RSN element mismatch
Even though the standard currently describes disassociation to be used
for RSN element mismatch between Beacon/Probe Response frames and
EAPOL-Key msg 3/4, this is unnecessary difference from other cases that
deauthenticate. In addition, there is no point in leaving the 802.11
Authentication in place in this case. To keep things simpler, use
deauthentication here to get rid of the only use of
wpa_sm_disassociate().

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-05 17:01:07 +02:00
Jouni Malinen
369c8d7bcd Reserve AKM and cipher suite values
These values are used with WAPI and CCX and reserving the definitions
here reduces the number of merge conflicts with repositories that
include these functions.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-30 20:26:55 +03:00
Jouni Malinen
c10347f246 Add initial parts for SAE
This introduces new AKM for SAE and FT-SAE and adds the initial parts
for going through the SAE Authentication frame exchange. The actual SAE
algorithm and new fields in Authentication frames are not yet included
in this commit and will be added separately. This version is able to
complete a dummy authentication with the correct authentication
algorithm and transaction values to allow cfg80211/mac80211 drivers to
be tested (all the missing parts can be handled with
hostapd/wpa_supplicant changes).

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-30 19:51:07 +03:00
Jouni Malinen
c3550295fb Move WPA cipher information into a shared location
Try to share most of the cipher information like key and RSC lengths and
suite selector conversions, etc. in wpa_common.c to avoid having similar
code throughout the WPA implementation for handling cipher specific
behavior.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-30 11:53:54 +03:00
Jouni Malinen
eb7719ff22 Add support for using GCMP cipher from IEEE 802.11ad
This allows both hostapd and wpa_supplicant to be used to derive and
configure keys for GCMP. This is quite similar to CCMP key
configuration, but a different cipher suite and somewhat different rules
are used in cipher selection. It should be noted that GCMP is not
included in default parameters at least for now, so explicit
pairwise/group configuration is needed to enable it. This may change in
the future to allow GCMP to be selected automatically in cases where
CCMP could have been used.

This commit does not included changes to WPS or P2P to allow GCMP to be
used.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-29 11:52:15 +03:00
Jouni Malinen
a7f10d65f4 PMKSA: Set cur_pmksa pointer during initial association
cur_pmksa was left to NULL during the initial association. This can
result in unexpected behavior, e.g., in expiring PMKSA cache entries
since the current entry is not locked in that case. Fix this by updated
cur_pmksa when adding the initial PMKSA entry during msg 1/4 processing.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-08-10 18:05:03 +03:00
Dan Williams
0e502f97c5 PMKSA: Do not evict active cache entry when adding new ones
If the PMKSA cache is full (i.e., 32 candidates have been seen in scan
results and have not yet expired) then any additional entries can
potentially evict the current/active entry (if it is the oldest entry),
which triggers a pointless local deauthentication. The supplicant
shouldn't replace the current/active entry if it is still valid, but
instead the oldest entry that is *not* the current/active one.

Signed-hostap: Dan Williams <dcbw@redhat.com>
intended-for: hostap-1
2012-08-10 17:55:17 +03:00
Xi Chen
75cad1a0d4 WNM: Add WNM-Sleep Mode for station mode
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-01 13:21:27 +03:00
Subrat Dash
0e28de0d2b TDLS: Add support for TDLS frame RX with bridge interfaces
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-03-30 11:12:33 +03:00
Jouni Malinen
0f3d578efc Remove the GPL notification from files contributed by Jouni Malinen
Remove the GPL notification text from the files that were
initially contributed by myself.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 19:39:36 +02:00
Jouni Malinen
e22d4d957b Remove the GPL notification from files contributed by Atheros
Remove the GPL notification text from files that were initially
contributed by Atheros Communications or Qualcomm Atheros.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 19:39:36 +02:00
Antonio Quartulli
78debc7529 Fix pmksa_cache_get() arguments in !IEEE80211_X_EAPOL builds
In case of !defined(IEEE8021X_EAPOL) the definition of the stub
pmksa_cache_get() in rsn_supp/pmksa_cache.h is not correct. This patch
adds the missing argument to the function definition to fix a
regression from commit 96efeeb66b.

Signed-hostap: Antonio Quartulli <ordex@autistici.org>
2012-02-11 10:45:24 +02:00
Jouni Malinen
96efeeb66b Use PMKSA cache entries with only a single network context
When looking for PMKSA cache entries to use with a new association, only
accept entries created with the same network block that was used to
create the cache entry.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-04 12:32:35 +02:00
Jouni Malinen
d627a9395d Check wpa_supplicant_parse_ies() return value more consistently
Reject messages that fail to be parsed instead of trying to use
partially parsed information.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-04 16:40:06 +02:00
Jouni Malinen
1323ee314e Move wpa_sm_remove_pmkid() call to PMKSA cache entry freeing
This makes it clearer that the PMKSA caching entry gets removed from
the driver regardless of how the internal entry from wpa_supplicant
gets cleared. In practice, this call was skipped only for the case
when the entry for the current AP was being updated, so the previous
version was likely to work with all drivers. Anyway, it is cleaner
to explicitly remove the old entry even in that case before the new
entry gets added.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-20 12:53:29 +02:00
Jouni Malinen
a17539ebcd Remove unnecessary include file inclusion
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-13 22:13:04 +02:00
Jouni Malinen
08f6ab76a5 TDLS: Do not clear peer data too early for teardown
TPK will be needed to be able to generate FTIE MIC for the
teardown message, so maintain peer data for a bit longer in
case the teardown FTIE request comes back from the driver.
2011-10-27 23:15:46 +03:00
Jouni Malinen
c581201493 TDLS: Disable link on various error cases
This is needed to be able to return back to AP path on error cases.
2011-10-27 23:13:54 +03:00
Jouni Malinen
db9af0da70 TDLS: Disable previous link to fix renegotiation 2011-10-27 23:13:14 +03:00
Jouni Malinen
da30c93ab1 TDLS: Fix concurrent initialization test code
Must not use data from peer TDLS Setup Request if the concurrent
initialization from us is supposed to be the one that gets completed.
2011-10-27 23:12:08 +03:00
Jouni Malinen
ca03378b27 TDLS: Fix teardown on renegotiation
Need to disable the link when receiving TDLS Setup Request from a
peer with which a direct link has already been set up.
2011-10-27 23:10:21 +03:00
Jouni Malinen
5c1c940f1d TDLS: Fix long frame test for teardown 2011-10-27 23:09:23 +03:00
Arik Nemtsov
ccc12d7841 TDLS: Make use of wpa_tdls_add_peer to avoid code duplication
Use the wpa_tdls_add_peer function to allocate TDLS peer structures.

Signed-off-by: Arik Nemtsov <arik@wizery.com>
Cc: Kalyan C Gaddam <chakkal@iit.edu>
2011-10-23 22:20:58 +03:00
Arik Nemtsov
2d565a61f2 TDLS: Support mgmt-frame Tx for ctrl-iface operations
Use capability information to decide whether to perform a given TDLS
operation internally or through mgmt-frame Tx.

Signed-off-by: Arik Nemtsov <arik@wizery.com>
Cc: Kalyan C Gaddam <chakkal@iit.edu>
2011-10-23 22:20:43 +03:00
Arik Nemtsov
45b722f150 TDLS: Add peer as a STA during link setup
Before commencing setup, add a new STA entry to the driver representing
the peer. Later during setup, update the STA entry using information
received from the peer.

Extend sta_add() callback for adding/modifying a TDLS peer entry and
connect it to the TDLS state machine. Implement this callback for the
nl80211 driver and send peer information to kernel.

Mark TDLS peer entries with a new flag and translate it to a
corresponding nl80211 flag in the nl80211 driver.

In addition, correct TDLS related documentation in the wpa_driver_ops
structure.

Signed-off-by: Arik Nemtsov <arik@wizery.com>
Cc: Kalyan C Gaddam <chakkal@iit.edu>
2011-10-23 22:19:35 +03:00
Arik Nemtsov
979bcccf64 TDLS: Collect peer capabilities and supp-rates during link setup
Record the capabilities and supported rates of the TDLS peer during
link setup. These are given in the IEs passed in Setup Request and
Setup Response frames.

Signed-off-by: Arik Nemtsov <arik@wizery.com>
Cc: Kalyan C Gaddam <chakkal@iit.edu>
2011-10-23 22:19:13 +03:00
Arik Nemtsov
8f15f711c5 TDLS: Implement low-ack event for lost TDLS peers
Disable the direct connection when a TDLS peer stops responding
to packets, as indicated by the "LOW ACK" event coming from a driver.

Signed-off-by: Arik Nemtsov <arik@wizery.com>
Cc: Kalyan C Gaddam <chakkal@iit.edu>
2011-10-23 22:19:08 +03:00