Commit graph

1630 commits

Author SHA1 Message Date
Jouni Malinen
40eebf2353 MD5: Fix clearing of temporary stack memory to use correct length
sizeof of the structure instead of the pointer was supposed to be used
here. Fix this to clear the full structure at the end of MD5Final().
2011-07-15 13:42:06 +03:00
Johannes Berg
f67eeb5c32 nl80211: fix interface address assignment
When a new interface is created and already has a separate MAC address
assigned by the kernel, then we need to use that address, not just when
we've created a locally administered address.

This fixes use_p2p_group_interface=1 for iwlagn as it already makes
mac80211 assign an address for a second interface since the hardware has
two addresses assigned.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-07-15 12:05:19 +03:00
Johannes Berg
b14a210ce2 nl80211: Support GTK rekey offload
Add support to wpa_supplicant for device-based GTK rekeying. In order to
support that, pass the KEK, KCK, and replay counter to the driver, and
handle rekey events that update the latter.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-07-12 21:22:51 +03:00
Jouni Malinen
7aec3776b9 Sync with linux/nl80211.h from wireless-testing.git 2011-07-12 20:53:32 +03:00
Arik Nemtsov
95ab606345 nl80211: Send STA flags to kernel on station addition
Send STA flags to kernel when adding a new station. This ensures
stations are added with up to date flags by kernel drivers.

Signed-off-by: Arik Nemtsov <arik@wizery.com>
2011-07-12 20:28:31 +03:00
Arik Nemtsov
d83ab1fe37 hostapd: Set STA flags when adding a new station
When adding a new station, set the STA flags as part of the sta_add()
command. This ensures the flags are up to date when the station is added
by lower level drivers.

Signed-off-by: Arik Nemtsov <arik@wizery.com>
2011-07-12 20:26:52 +03:00
Hong Wu
715ed737dc FT: Disable PMKSA cache for FT-IEEE8021X
wpa_supplicant uses XXKEY instead of PMK to derive PMK-R0 and PMK-R1 for
FT-IEEE8021X key mgmt.

Signed-off-by: Hong Wu <hong.wu@dspg.com>
2011-07-05 20:49:51 +03:00
Jouni Malinen
cb465555d4 Allow PMKSA caching to be disabled on Authenticator
A new hostapd configuration parameter, disable_pmksa_caching=1, can now
be used to disable PMKSA caching on the Authenticator. This forces the
stations to complete EAP authentication on every association when WPA2
is being used.
2011-07-05 17:13:04 +03:00
Jouni Malinen
4f525d8e5b Move peer certificate wpa_msg() calls to notify.c
This type of wpa_supplicant specific message construction does not need
to be at the EAP implementation, so better move it up to notify.c.
2011-07-05 12:40:37 +03:00
Michael Chang
ade74830b4 Add dbus signal for information about server certification
In general, this patch attemps to extend commit
00468b4650 with dbus support.

This can be used by dbus client to implement subject match text
entry with preset value probed from server. This preset value, if
user accepts it, is remembered and passed to subject_match config
for any future authentication.

Signed-off-by: Michael Chang <mchang@novell.com>
2011-07-05 12:22:32 +03:00
Yogesh Ashok Powar
a3e685a04b hostapd: Clear keys configured when hostapd reloads configuration
Data path is broken when hostapd reloads its configuration
disabling the security which was previously enabled (WEP/WPA),
using kill -1, as old keys were not cleared.

The patch clears the keys configured when hostapd reloads
its configuration.

Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
2011-07-05 11:39:26 +03:00
Jouni Malinen
235279e777 TLS: Add support for tls_disable_time_checks=1 in client mode
This phase1 parameter for TLS-based EAP methods was already supported
with GnuTLS and this commit extends that support for OpenSSL and the
internal TLS implementation.
2011-07-05 11:29:42 +03:00
Angie Chinchilla
f5fc603251 P2P: Only call dev_lost() for devices that have been dev_found()
Fix a bug with the current dev_found()/dev_lost() usage. Previously
in p2p_device_free() dev_lost() was invoked for devices that had
not been dev_found(). This caused dbus related msgs to stderr like:
"Attempted to unregister path (path[0] = fi path[1] = w1) which isn't
registered"

Signed-off-by: Angie Chinchilla <angie.v.chinchilla@intel.com>
2011-07-04 20:30:16 +03:00
Jouni Malinen
5f310a9e24 nl80211: Process association/disassociation events in AP mode
This allows non-mac80211 drivers that implement AP mode SME/MLME
in firmware or driver to notify hostapd/wpa_supplicant of AP mode
association events.
2011-07-01 18:44:09 +03:00
Jouni Malinen
866af8b6bd nl80211: Allow AP mode to be started without monitor interface
This is in preparation for supporting AP mode with SME/MLME in the
driver/firmware.
2011-06-28 21:59:44 +03:00
Baruch Siach
567afddb69 atheros: Fix glibc 'invalid pointer' error when WPA_TRACE is enabled
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
2011-06-25 15:41:46 +03:00
Jayant Sane
2463ba70e2 P2P: Update listen and operating channel from P2P D-Bus
Some P2PDevice properties were not updated in p2p->cfg structure:
reg_class, channel, op_reg_class, and op_channel. Hence, update p2p->cfg
parameters through p2p core calls in wpas_p2p_update_config().

Signed-off-by: Jean-Michel.Bachot <jean-michelx.bachot@intel.com>
Signed-off-by: Jayant Sane <jayant.sane@intel.com>
2011-06-25 12:08:43 +03:00
Jayant Sane
6402fc438b P2P: Show P2P peer signal level in D-Bus P2P device properties
Move level parameter from p2p_device to p2p_device_info in order to
expose this information and modify D-Bus P2P handler to return this new
parameter through the P2P device properties.

Signed-off-by: Fabien Marotte <fabienx.marotte@intel.com>
Signed-off-by: Jayant Sane <jayant.sane@intel.com>
2011-06-23 21:29:10 +03:00
Helmut Schaa
d4744189b7 hostapd: Don't mask out non-symmetric STA HT caps
Previously hostapd just masked the STAs HT caps with its own. However,
some HT caps are not symmetric and as such need to be handled
different.

hostapd shouldn't overwrite the STAs SMPS mode as otherwise the driver
cannot know it has to use RTS/CTS to wake the receiver from dynamic
SMPS for MCS rates > 7.

hostapd shouldn't mask the RX and TX STBC caps with it's own. They are
already handled in a special case below.

Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
2011-06-23 20:18:21 +03:00
Jouni Malinen
56234ee168 Add a copyright and license statement for a radiotap header file
This file is a part of the radiotap parser that Andy Green agreed to
relicense under the BSD license (per email, 11 Aug 2007 07:42:05
+0100). The copyright/license statement was updated in radiotap.c,
but this radiotap_iter.h file was forgotten at that point.
2011-06-23 16:39:26 +03:00
Zhu Yi
c3b0a1c8ad bsd: Fix set_key() sequence number endian issue
In set_key handler, the seq[8] is in little endian order defined by
WPA. BSD kernel uses a u_int64_t value ik_keyrsc to represent it
internally. The kernel expects the native endian order for the value.
Thus, we need to detect the endian order and swap bytes when
necessary.
2011-06-23 15:47:21 +03:00
Jouni Malinen
7cc7307d90 Fix hostapd build without NEED_AP_MLME=y 2011-06-22 21:45:14 +03:00
Jouni Malinen
9e2704c3a2 Add EVENT_RX_ACTION handler for hostapd
This fixes an issue with SA Query Response frames not being processed
anymore after wpa_supplicant started registering a handler for those.
This handler registration is in generic driver_nl80211.c code, so
hostapd uses it, too.
2011-06-21 20:55:46 +03:00
Jouni Malinen
55e632df72 Remove a compiler warning on uninitialized variable
This is not really ever used, but better keep the compiler output
cleaner.
2011-06-21 20:54:17 +03:00
Jouni Malinen
a6efc65ddb nl80211: Add support for driver-based PMKSA cache
Implement PMKSA cache operations add, remove, and flush using nl80211
commands NL80211_CMD_{SET,DEL,FLUSH}_PMKSA to support PMKSA caching
with drivers that select the AP and generate the RSN IE internally.
2011-06-20 10:17:33 +03:00
Jayant Sane
349b213cc8 P2P: Add callback for provision discovery failure
When provision discovery fails, this new callback will be called
so P2P users can react to the failure.

Signed-off-by: Jayant Sane <jayant.sane@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-06-12 14:26:22 -07:00
Jayant Sane
6b56cc2d97 P2P: Retry provision discovery requests in IDLE state
Since the peer may not be in Listen state when the provision discovery
request is sent, try to send the request again number of times when in
IDLE state. This was already done when p2p_find is in progress, but this
commit adds retries to the case where no other P2P operations are in
progress.

Signed-off-by: Jayant Sane <jayant.sane@intel.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-06-12 14:20:39 -07:00
Jouni Malinen
6b98a33c86 Fix a compiler warning on WPS-AP-without-UPnP builds 2011-05-31 20:11:25 +03:00
Jouni Malinen
38e24575c1 random: Add support for maintaining internal entropy store over restarts
This can be used to avoid rejection of first two 4-way handshakes every
time hostapd (or wpa_supplicant in AP/IBSS mode) is restarted. A new
command line parameter, -e, can now be used to specify an entropy file
that will be used to maintain the needed state.
2011-05-31 20:07:11 +03:00
Jouni Malinen
f07ead6af9 nl80211: Re-order functions to group AP/hostapd specific code
Get rid of separate ifdef/endif blocks for AP specific and hostapd
specific code, i.e., only have one main block of code for each case.
2011-05-27 19:02:04 +03:00
Jouni Malinen
f7b3920c90 nl80211: Enable more AP callbacks for non-hostapd AP mode
Some of these are required for proper functionality (like
get_seqnum); others may not be needed yet, but including them
allows some extra ifdef/endif blocks to be removed.
2011-05-27 18:54:36 +03:00
Eliad Peller
257da77362 nl80211: Implement set_rate_sets for non-hostapd AP case
.set_rate_sets is not defined for non-hostapd, which prevents
configuring basic_rates when working as P2P GO.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2011-05-27 18:41:46 +03:00
Ken Zhu
41fd1d9e9a atheros: Fix auth_alg configuration for static WEP
When IEEE 802.1X is not enabled, driver_atheros.c needs to know how
to set authentication algorithms for static WEP.
2011-05-20 18:27:53 +03:00
Vinay Adella
86795546f7 WPS UPnP: Fix UPnP initialization for non-bridge case with some drivers
If the driver wrapper is setting up the interface up only at commit(),
UPnP initialization fails. Fix that by moving UPnP setup to happen after
the driver commit() call.
2011-05-19 12:55:47 +03:00
Jouni Malinen
fa5165586f WPS: Add a workaround for Windows 7 capability discovery for PBC
Windows 7 uses incorrect way of figuring out AP's WPS capabilities by
acting as a Registrar and using M1 from the AP. The config methods
attribute in that message is supposed to indicate only the configuration
method supported by the AP in Enrollee role, i.e., to add an external
Registrar. For that case, PBC shall not be used and as such, the
PushButton config method is removed from M1 by default. If pbc_in_m1=1
is included in the configuration file, the PushButton config method is
left in M1 (if included in config_methods parameter) to allow Windows 7
to use PBC instead of PIN (e.g., from a label in the AP).
2011-05-17 19:53:02 +03:00
Ben Greear
60eda5e47d Better messages when channel cannot be used in AP mode
Log messages letting user know that the channel cannot
be used because it is flagged unusable.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2011-05-16 22:01:11 +03:00
Jouni Malinen
46957a9b2d nl80211: Filter out duplicated BSS table entries from scan results
cfg80211 maintains separate BSS table entries for APs if the same
BSSID,SSID pair is seen on multiple channels. wpa_supplicant does
not use frequency as a separate key in the BSS table, so filter out
duplicated entries. Prefer associated BSS entry in such a case in
order to get the correct frequency into the BSS table.
2011-05-16 19:18:42 +03:00
Jouni Malinen
f5a8d42229 nl80211: Fetch assoc_freq from scan table for connect event
When kernel-based SME is used, use the scan table to find a BSS entry
for the associated AP when processing connected event.
2011-05-16 18:35:42 +03:00
Jouni Malinen
b8281964af Add workaround for race condition with AssocResp TX status
It may take some time for the TX status to be delivered for a
(Re)Association Response frame and if any Data frames are received
during that time, they may end up getting dropped as Class 3 frames in
not-associated state. This results in a Disassociation frame being sent
to the station and it assuming that the association has been lost.

Work around the issue by remembering that the (Re)Association Request
has already been accepted and skip the Deauth/Disassoc sending because
of the possible Class 3 frames before the TX status callback is
received.
2011-04-15 19:26:28 +03:00
Yi Zhu
ca79385ab5 bsd: Add support for setting HT values in IFM_MMASK 2011-04-14 22:22:24 +03:00
Jouni Malinen
fe655a8402 Add sanity checks for fseek and ftell return values
In theory, these calls could fail, but it is not really likely to
happen in practice in the use case here. Anyway, check that they do
not return an error before accepting the length of the file.
2011-04-14 20:22:21 +03:00
Jouni Malinen
c8d88a145b WPS: Fix off-by-one check in vendor extension parsing 2011-04-14 20:02:31 +03:00
Jouni Malinen
35530d1472 driver_test: Check set_ssid len before trying to hexdump the SSID 2011-04-14 19:52:26 +03:00
Jouni Malinen
6e432d3f10 WPS: Use strict validation of (Re)AssocReq only if IEs are known 2011-04-14 02:58:35 +03:00
Jouni Malinen
0bdaa741cd OpenSSL: Use consistent SSL_get_app_data validation in tls_verify_cb
The returned value cannot really be NULL, but better keep this
function consistent on whether the returned value is checked or not.
2011-04-14 02:50:52 +03:00
Jouni Malinen
066608f3ff Avoid theoretical NULL pointer dereference during TLS reassemble
This function does not get called with in_data == NULL in practice, but
it seems to be at least partly prepared for that case, so better make it
consistent by handling the NULL value throughout the function.
2011-04-14 02:45:14 +03:00
Jouni Malinen
b211f3eb71 Add sanity checks to EVENT_RX_PROBE_REQ event data
Both the SA and IEs from the received Probe Request frames must be
included and the Probe Request RX callback functions may assume that
these are not NULL.
2011-04-14 02:39:25 +03:00
Jouni Malinen
2a522e7192 Avoid theoretical NULL pointer dereference from debug code
The change to use wpa_dbg() in wpa_sm_parse_own_wpa_ie() could result
in a NULL pointer dereference if the function were called when WPA
state machine has not been initialized. While this cannot really
happen in practice, it is better to be prepared for that since that
was the case before the wpa_dbg() change.
2011-04-14 02:32:07 +03:00
Jouni Malinen
74727a7b32 Use type cast to get rid of implicit sign extension
The size_t value here can be 64-bit and result in implicit sign
extension. In this particular case, that gets masked out by
host_to_be32(), so there is no practical difference, but it is better
to get rid of the 64-bit variable explicitly.
2011-04-14 01:27:38 +03:00
Jouni Malinen
f8b5f7dc6b TNC: Fix TNC_{TNCC,TNCS}_ReportMessageTypes copy type
The supportedTypes parameter is a list of TNC_MessageType values
and the buffer to be copied should use size of TNC_MessageType, not
TNC_MessageTypeList. In practice, these are of same length on most
platforms, so this is not a critical issue, but anyway, the correct
type should be used.
2011-04-13 23:10:21 +03:00