Commit graph

2805 commits

Author SHA1 Message Date
Jouni Malinen
5e24dc8a4b Add dup_binstr() to help common binary string tasks
There are quite a few places in the current implementation where a nul
terminated string is generated from binary data. Add a helper function
to simplify the code a bit.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-27 23:44:59 +03:00
Jouni Malinen
2c48211c49 FT RRB: Validate os_malloc() return value before using it
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-27 23:05:15 +03:00
Michael Braun
7ca902b53e Make vlan_file optional if dynamic_vlan is used
My APs generate their configuration on their own using a different
number of (vlan-enabled) bss. Currently, all my vlan_file files consist
of a single line: the wildcard line. Configuration file generation would
be easier, if the hostapd configuration file would not depend on those
simple vlan_file files.

This patch removes the need for those one-line files by using the
<device>.<vlan> naming scheme if no vlan_file is given (or that file is
empty). This should not break any existing setup, as using dynamic_vlan
with no vlan configured does not make sense anyway.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2013-04-27 22:53:34 +03:00
Jouni Malinen
bdb112d35f Add bitfield routines
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-27 22:16:40 +03:00
Jouni Malinen
fe904963d0 WPS: Fix AP auto configuration on config token generation
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-27 22:14:56 +03:00
Jouni Malinen
8f7a6dd7d0 WPS NFC: Allow Device Password ID override for selected registrar
When a specific out-of-band Device Password is enabled, it can be useful
to be able to advertise that in the selected registrar information.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-27 22:14:31 +03:00
Jouni Malinen
aaecb69d87 WPS: Use generic MAC Address attribute builder
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-27 22:13:36 +03:00
Jouni Malinen
9ccd916504 P2P: Clean up channel--frequency conversion functions
All P2P use cases are required to use the global operating table and
there is no need to need to try to maintain some backwards compatibility
with country code -specific values. Clean up the implementation by
removing the unnecessary country parameter.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-27 22:12:13 +03:00
Jouni Malinen
e864c0aefe Use a common frequency to channel conversion function
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-27 22:11:51 +03:00
Deepthi Gowri
02db75b6c2 FT: Reset FT flag upon STA deauthentication
Reset ft_completed if STA receives deauthentication
between FT reassoc success and the subsequent initial
mobility authentication and association.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-26 17:56:24 +03:00
Jouni Malinen
7800d45c71 P2P: Set P2P_DEV_PEER_WAITING_RESPONSE from TX status callback
Commit fb8984fd6f added a mechanism to
skip the Listen state when the peer is expected to be waiting for us to
initiate a new GO Negotiation. However, this flag was set when building
the GO Negotiation Response frame with status 1 regardless of whether we
managed to send that frame or peer receive it. This could result in GO
Negotiation failures in cases where the peer did not receive the
response and Listen channels of the devices were different. Fix this by
setting the flag only after TX status indicating success has been
received.

This fixes frequent failures shown for the test_grpform_pbc hwsim test
case.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-26 12:57:52 +03:00
Shijie Zhang
d78d3c6190 EAP peer: Add check before calling getSessionId method
We should not call getSessionID method if it's not provided. This fixes
a regression from commit 950c563076 where
EAP methods that did not implement getSessionId resulted in NULL pointer
dereference when deriving the key.

Signed-off-by: Shijie Zhang <shijiez@qca.qualcomm.com>
2013-04-26 12:30:01 +03:00
Jouni Malinen
97279d8d1a nl80211: Drop frame events that are for foreign address
This avoids duplicate processing of events when multiple BSSes are
configured.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-24 01:02:01 +03:00
Jouni Malinen
cc2ada868e nl80211: Reduce debug on Probe Request frames
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-24 01:01:21 +03:00
Jouni Malinen
63a965c313 P2P: Fix after_scan_tx processing during ongoing operations
When Action frame TX is postponed until a pending p2p_scan completes,
there may be additional operations that need to be continued after the
postponed Action frame TX operation completes. Fix this by starting
pending operation (if any) from TX status event for after_scan_tx
frames.

This fixes common errors seen with the test_discovery hwsim test case.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-23 21:15:54 +03:00
Paul Stewart
754632c965 dbus_new: Add EAP logon/logoff
Add "EAPLogoff" and "EAPLogon" interface DBus commands which
parallel the "logoff" and "logon" wpa_ctrl commands which terminate
and restart EAP authentication.  Slightly enhance the "logon" case
by expiring any running "startWhile" timer.

Signed-hostap: Paul Stewart <pstew@chromium.org>
2013-04-23 17:57:55 +03:00
Johannes Berg
c2aff6b1d1 hostapd: Add some testing options
In order to test clients in scenarios where APs may (randomly)
drop certain management frames, introduce some testing options
into the hostapd configuration that can make it ignore certain
frames. For now, these are probe requests, authentication and
(re)association frames.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-04-23 17:51:28 +03:00
Dmitry Shmidt
e6304cad47 wpa_supplicant: Add option -I for additional config file
This option can be used only for global parameters that are not going
to be changed from settings.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Signed-off-by: Iliyan Malchev <malchev@google.com>
2013-04-23 17:38:57 +03:00
Johannes Berg
adc96dc2ad nl80211: Fix nla_nest_start conversion
Dmitry reported that the kernel could no longer parse the
scheduled scan attributes correctly after my patch to use
nla_nest_start/nla_nest_end. The reason is that the wrong
attribute is closed I accidentally made it close the full
scan config instead of just the SSID match set.

Reported-by: Dmitry Shmidt <dimitrysh@google.com>
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-04-23 17:19:20 +03:00
Chris Hessing
c7a39ba4e1 Provide TLS alerts to CLI/UI over control interface
Harmonize EAP status events over control interface to provide same
functionality as existing D-Bus callback.

Signed-hostap: Chris Hessing <chris.hessing@cloudpath.net>
2013-04-23 16:46:02 +03:00
Jouni Malinen
75fa7d19a4 TDLS: Fix key configuration with current mac80211
A kernel commit ("mac80211: fix FT roaming") started validating that the
STA entry is marked associated when adding a key. While this is needed
to fix some FT use cases with hardware crypto, it has a side effect of
breaking TDLS key configuration. Work around this by trying to
re-configure the key for the direct link after the STA entry has been
set with all information. In addition, try to tear down the link if
anything goes wrong in key configuration (if both attempts fail) or
enabling the link in the driver.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-03 18:39:10 +03:00
Jouni Malinen
88c8bf311e WPS NFC: Allow configuration token to be built from network block
"WPS_NFC_CONFIG_TOKEN <WPS/NDEF> <network id>" can now be used to build
an NFC configuration token from a locally configured network.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-01 21:28:57 +03:00
Jouni Malinen
e205401c72 WPS ER: Allow Enrollee to be specified with MAC address
wps_er_pbc and wps_er_pin can now be used with both the UUID and MAC
Address of the Enrollee.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-01 20:52:44 +03:00
Jouni Malinen
59307b3007 WPS ER: Allow AP to be specified with BSSID
This extends the WPS ER commands that previously accepted only UUID as
an identifier for an AP to use either UUID or BSSID for this.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-01 20:32:09 +03:00
Jouni Malinen
49e160a58d WPS: Fix use of pre-configured DH keys with multiple operations
wps_build_public_key() takes the dh_ctx into use and another attempt to
use the same DH keys fails with wps->dh_ctx being set to NULL. Avoid
this by using the DH parameters only if dh_ctx is valid. This fixes
cases where a use of local pre-configured DH keys followed by an
operating using peer DH keys would faild due to unexpected attempt to
use local keys again.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-01 19:30:34 +03:00
Jouni Malinen
5c9d63d46f WPS: Be more careful with pre-configured DH parameters
Make the implementation more robust against error cases with
pre-configured DH parameters.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-01 19:27:32 +03:00
Jouni Malinen
3db5439a5f Optimize Extended Capabilities element to be of minimal length
Leave out zero octets from the end of the element.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-31 21:58:17 +03:00
Johannes Berg
8cd6b7bce8 hostapd/wpa_s: Use driver's extended capabilities
Some extended capabilities (I'm currently interested in "Operating Mode
Notification" for VHT) are implemented by the kernel driver and exported
in nl80211. Use these in hostapd/wpa_supplicant.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-03-31 21:51:44 +03:00
Jouni Malinen
ab547b5857 WPS: Add more helpful debug for invalid WPS_REG command parsing
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-31 12:34:35 +03:00
Jouni Malinen
a679c0f284 WPS: Allow hostapd process to control independent WPS interfaces
The new wps_independent=1 configuration parameter can be used to remove
interfaces from the shared hostapd process WPS control (i.e., to apply
WPS operations only to a subset of interfaces instead of all).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-31 12:34:35 +03:00
Jouni Malinen
ccdff94035 WPS AP: Add support for reconfiguration with in-memory config
This allows WPS to update AP configuration in the case no hostapd
configuration file is used (i.e., dynamic configuration through the
control interface).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-31 12:34:35 +03:00
Johannes Berg
8970bae806 nl80211: Use nla_nest_start/end instead of nla_put_nested
Instead of allocating a new message and then moving that into
the message being built, use nla_nest_start() and put the data
into the message directly.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-03-30 20:37:44 +02:00
Chaitanya TK
558d69e3ba P2P: Omit P2P Group Info in case of no connected peers
As per P2P specification v1.2: "The P2P Group Info attribute shall be
omitted if there are zero connected P2P Clients."

Do not add the attribute if there are not connected peers.

Signed-hostap: Chaitanya T K <chaitanya.mgit@gmail.com>
2013-03-30 20:08:42 +02:00
Michael Braun
65a32cdbcb AP: Fix infinite loop in WPA state machine when out of random bytes
When the OS is out of random bytes in SM_STATE(WPA_PTK, AUTHENTICATION2)
in ap/wpa_auth.c, hostapd sends the sm to state DISCONNECT without
clearing ReAuthenticationRequest, resulting in an infinite loop.
Clearing sm->ReAuthenticationRequest using gdb fixes the running hostapd
instance for me. Also sm->Disconnect = TRUE should be used instead of
wpa_sta_disconnect() to make sure that the incomplete ANonce does not
get used.

Fix this issue by resetting sm->ReAuthenticationRequest even if the STA
gets disconnected and use sm->Disconnect instead of
wpa_sta_disconnect().

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
2013-03-30 19:53:22 +02:00
Jouni Malinen
a5f61b2b87 Fix OLBC non-HT AP detection to check channel
A non-HT capable AP on any channel could have triggered us to enable
protection regardless of own operating channel if the driver delivered
Beacon frames from other channels. The channel detection in ap_list is
not exactly ideal, but most cases can be handled by checking ap->channel
against the currently configured channel (or secondary channel in case
of HT40).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-30 18:05:18 +02:00
Jouni Malinen
69554d78f6 ap_list: Remove unused functions
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-30 17:06:50 +02:00
Jouni Malinen
08c99cafd2 ap_list: Remove unused iteration list pointers
This iter_next/iter_prev pointers were not really used for anything, so
get rid of the unnecessary complexity in the AP list maintenance.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-30 17:06:27 +02:00
Jouni Malinen
6b16917f39 ap_list: Remove unused fields
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-30 16:58:58 +02:00
Jouni Malinen
66f1f751d2 P2P: Fix provision discovery response handling in some cases
Commit 6b56cc2d97 added a possible call to
p2p_reset_pending_pd() prior to checking config_methods match between
our request and peer response. That reset call could clear
dev->req_config_methods and as such, result in unexpected
P2P-PROV-DISC-FAILURE report here even in cases where the peer accepts
the provision discovery. Fix this by using a local copy of the
req_config_methods variable.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-30 16:10:43 +02:00
Jouni Malinen
187f87f04c hostapd: Allow ctrl_iface group to be specified on command line
The new -G<group> command line argument can now be used to set the group
for the control interfaces to enable cases where hostapd is used without
a configuration file and the controlling program is not running with
root user privileges.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-29 17:09:31 +02:00
Sunil Dutt
9f890c982a TDLS: Support both external and internal setup in disabling link
Enhance TDLS Setup Request processing to support both external and
internal TDLS setup for the case where concurrent TDLS initialization
results in the TDLS Setup Request from the peer getting accepted.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-28 15:05:10 +02:00
Jouni Malinen
864fe3a47c TDLS: Fix TDLS Setup Request processing in existing-peer cases
wpa_tdls_peer_free() ended up getting called after some of the
parameters from the TDLS Setup Request frame were copied into the struct
wpa_tdls_peer information. This could result in continuing with cleared
information in case the new exchange was the one that is used in
concurrent initialization case or if this is to re-negotiated an
existing TDLS link. The driver would not be provided with all the peer
capabilities correctly in such case.

Fix this by moving the existing_peer check to happen before the
information from the TDLS Setup Request frame is copied.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-28 12:38:24 +02:00
Jouni Malinen
1d43e28a59 TDLS: Fix TPK M2 processing in concurrent initiation case
If we accept the peer TPK M1 after having sent our TPK M1, we need to
reject TPK M2 from the peer to avoid going through two TDLS setup
exchanges.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-27 14:29:01 +02:00
Vivek Natarajan
8047f70e03 P2P: Ignore Tx acknowledgment status for Invitation Response
In some cases where the ack for Invitation response is lost,
the device is stuck in invited state but the peer device starts
GO. In line with the implementation of Negotiation Confirm,
assume invitation response was actually received by the peer
even though ack was not reported.

Signed-hostap: Vivek Natarajan <nataraja@qca.qualcomm.com>
2013-03-26 00:28:56 +02:00
Jouni Malinen
b084df8b81 Add vendor_elements into Beacon/Probe Response IE parameters
Commit b52f084cfa introduced a mechanism
for adding arbitrary vendor-specific elements into the Beacon and Probe
Response frames. However, this information was not added to the separate
buffers used for specifying Beacon and Probe Response IEs for drivers
that build the frames internally. Add vendor_elements to these values,
too, to support such drivers in addition to drivers that use the full
Beacon tail/head buffers.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-21 15:41:27 +02:00
Jouni Malinen
b92e08fc72 nl80211: Add debug prints for set_ap parameters
This makes it easier to see how exactly the driver is configured for AP
mode operations.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-21 15:40:25 +02:00
Johannes Berg
c30a4ab045 nl80211: Fix mode settings with split wiphy dump
When the wiphy information is split, there's no guarantee that the
channels are processed before the bitrates; in fact, with the current
kernel it happens the other way around. Therefore, the mode information
isn't set up correctly and there's no 11g mode.

Fix this by doing the 11b/11g determination as part of the
postprocessing.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-03-19 02:01:46 +02:00
Jouni Malinen
52728dcd25 P2P: Stop P2P_PD_DURING_FIND wait on PD Response RX
Previously, P2P_PD_DURING_FIND state was scheduled for 200 ms and the
P2P state was not change until that timeout regardless of whether the PD
Response for recieved or not. There is no need to wait for that timeout
if the response is received, so allow the next operation to be performed
immediately after the response has been processed.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-18 20:31:47 +02:00
Jouni Malinen
565110cd55 nl80211: Include interface name in more debug prints
This makes it easier to understand how scan operations and events occur
when multiple interfaces is being controlled by a single wpa_supplicant
process.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-18 16:05:24 +02:00
Bruno Randolf
65d52fc103 Add capability flag for IBSS and add get_capability modes
Add a driver capability flag for drivers which support IBSS mode and set
it for nl80211 drivers which have set the NL80211_IFTYPE_ADHOC.

Add a new option "modes" to "get_capability" which will return "AP" and
"IBSS" if the corresponding capability flags are set.

The idea is that this can be used for UIs to find out if the driver
supports IBSS mode.

Signed-hostap: Bruno Randolf <br1@einfach.org>
2013-03-16 12:42:15 +02:00
Felix Fietkau
ba873c1284 hostapd: Fix client reassociation after disconnect due to ACK failure
Clear WLAN_STA_ASSOC_REQ_OK, otherwise no Class 3 frame will be sent to
the disconnected STA in response to data frames.

Signed-hostap: Felix Fietkau <nbd@openwrt.org>
2013-03-16 12:35:49 +02:00
Jouni Malinen
526b3a12f1 libtommath: Avoid a compiler warning on unused variable
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-16 12:03:37 +02:00
Solomon Peachy
de718493b4 libtommath: Condition fast_s_mp_mul_digs() on LTM_FAST
This function uses ~1.7kB of stack, and since there's a slower
alternative, wrap it with LTM_FAST.

Signed-off-by: Solomon Peachy <pizza@shaftnet.org>
2013-03-16 12:01:03 +02:00
Jouni Malinen
dbca75f82a P2P: Remove persistent group peer if it rejects invitation
If a peer replies to persistent group invitation with status code 8
(unknown group), remove the peer from the p2p_client_list if we are the
GO or remove the persistent group if we are the P2P client since it
looks like that the peer has dropped persistent group credentials and
the provisioning step needs to be executed again.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-15 16:43:06 +02:00
Jouni Malinen
6cb27aa85f P2P: Fix shared frequency preference for concurrent operations
Commit 50285f5ca8 changed number of rules
in channel selection and among other things, it broke the design where
the currently used operating channel on a virtual interface that is
shared by the same radio is preferred to avoid costs related to
multi-channel concurrency. Fix this regression by making the P2P module
aware of the shared channel and using that preference as the highest
priority when re-selecting the channel during negotiation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-14 16:26:55 +02:00
Jouni Malinen
62e10e6e3d P2P: Use best-overall channel in p2p_reselect_channel()
Commit 50285f5ca8 ended up forcing channel
re-selection in number of cases where the peer would actually have
accepted our initial preference. Fix the parts related to best channel
information by using best_freq_overall as the highest priority and by
skipping the band changes if the peer supports the channel that we
picked since these were based on the assumption that
p2p_reselect_channel() is called only if the peer could not accept our
initial choice which is not the case anymore.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-14 16:05:47 +02:00
Sunil Dutt
4561526f83 TDLS: Disable link to existing peer with lower address
If the previously started setup is terminated in case both peers
initiate TDLS link at more or less the same time, disable the old link
to allow the dummy station entry to be deleted from cfg80211 so that a
new entry can be added for the setup direction that will be allowed to
proceed.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-14 13:48:36 +02:00
Deepthi Gowri
6a1ce39599 FT: Add support for IEEE 802.11r with driver-based SME
Add NL80211_CMD_UPDATE_FT_IES to support update of FT IEs to the
WLAN driver. Add NL80211_CMD_FT_EVENT to send FT event from the
WLAN driver. This will carry the target AP's MAC address along
with the relevant Information Elements. This event is used to
report received FT IEs (MDIE, FTIE, RSN IE, TIE, RICIE).

Signed-off-by: Deepthi Gowri <deepthi@codeaurora.org>
2013-03-12 20:08:53 +02:00
Jouni Malinen
f46fc73a3f P2P: Add a peer entry based on Association Request frame
It is possible for a P2P client to connect to an operating group without
exchanging any Probe Request/Response frames that would allow the GO to
discover the peer. To make sure there is a P2P peer entry at the GO, try
to add the peer information based on P2P IE in (Re)Association Request
frame.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-12 13:04:33 +02:00
Johannes Berg
e9ee8dc394 wpa_supplicant: Support VHT capability overrides
Add support for VHT capability overrides to allow testing connections
with a subset of the VHT capabilities that are actually supported by
the device. The only thing that isn't currently supported (by mac80211
and this code) is the RX/TX highest rate field.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-03-10 18:04:39 +02:00
Jouni Malinen
214a77b016 nl80211: Use helper function for phy_info_freqs()
This allows one level of indentation to be removed by using a helper
function to process each frequency.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-10 16:44:23 +02:00
Jouni Malinen
e62a1d43f9 nl80211: Split phy_info_band() into smaller helper functions
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-10 16:35:23 +02:00
Jouni Malinen
3cfcad1bb1 nl80211: Use helper function for phy_info_handler()
This allows one level of indentation to be removed by using a helper
function to process each wiphy band.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-10 16:17:18 +02:00
Jouni Malinen
5f43910727 nl80211: Split wiphy_info_handler() into smaller helper functions
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-10 16:05:55 +02:00
Dennis H Jensen
4324555222 nl80211: Support splitting wiphy information in dumps
This implements support for the new NL80211_ATTR_SPLIT_WIPHY_DUMP in
nl80211 to handle wiphy information that cannot fit in one message.

Reviewed-by: Johannes Berg <johannes@sipsolutions.net>
Signed-hostap: Dennis H Jensen <dennis.h.jensen@siemens.com>
2013-03-10 13:22:43 +02:00
Jouni Malinen
3b365d4e9a Synchronize with wireless-testing.git include/uapi/linux/nl80211.h
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-10 13:06:31 +02:00
Jouni Malinen
bb0122f3e8 SAE: Add forgotten commit element validation step for FFC groups
The peer commit element needs to be validated to pass one of the steps
listed in IEEE 802.11, 11.3.5.4:
scalar-op(r, ELEMENT) = 1 modulo p

Similar step was present for ECC groups, but was missing for FFC groups.
This is needed to avoid dictionary attacks.

Thanks to Michael Roßberg and Sascha Grau for reporting this.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-10 11:45:55 +02:00
Jouni Malinen
0bb229a6e8 SAE: Move commit element validation steps into single location
It is clearer to keep all the validation steps described in IEEE 802.11
11.3.5.4 in a single location instead of splitting this between the
parsing and processing functions.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-10 11:26:22 +02:00
Jouni Malinen
5473362458 P2P: Use peer's channel list to limit GO freq on invitation
Peer device includes its list of allowed operating channels in the
Invitation Response frame. When we are becoming the GO, use that list
from the peer to filter out acceptable channels to avoid selecting a
channel that the peer is unable to use.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-01 20:01:01 +02:00
Jouni Malinen
f5877af01e P2P: Allow P2P client to specify preferred group channel
When re-invoking a persistent group in P2P client role, the new
pref=<MHz> parameter can now be used with the p2p_invite command to
indicate a preferred operating frequency. Unlike the older freq=<MHz>
parameter, this leaves GO an option to select another channel (from our
supported channels) if the GO cannot accept the channel.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-01 19:40:54 +02:00
Deepthi Gowri
79879f4ae8 P2P: Allow all channels in case of multi channel concurrency
If multi channel concurrency is supported, we have to populate the
p2p_channels with list of channels that we support. Use the same design
that was previously added for GO Negotiation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-01 18:40:39 +02:00
Johannes Berg
851b73eb28 hostapd: Make VHT IE struct more expressive
The VHT IE struct just has an opaque 8-byte array for the MCS
set, make it more expressive by explicitly naming the pieces.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-03-01 18:24:57 +02:00
Jouni Malinen
3a2a7c3da6 P2P: Fix regression in GO Negotiation
Commit fb8984fd6f cleared wps_method to
WPS_NOT_READY in p2p_stop_find_for_freq() as an attempt to clear
authorization when a group formation is cancelled. However, this code
path is hit also in cases where the user did not actually cancel
anything (e.g., from p2p_process_go_neg_req()). As such, it is not fine
to clear wps_method here even if it could be proper for some cases. For
now, revert that part to avoid regressions and consider clearing
wps_method on cancel separately.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-01 11:53:46 +02:00
Jouni Malinen
fb8984fd6f P2P: Skip Listen phase when peer is expected to be waiting
In case we have replied to a peer's GO Negotiation Request frame with a
GO Negotiation Response frame using status code
info-currently-unavailable (1), the peer is likely going to wait for us
to initiate GO Negotiation on its Listen channel. We were previously
using alternativing send-GO-Neg-Req and Listen phase when providing that
response after the user had authorized the connection. However, the
Listen phase here is unnecessary in this case and will make the
connection take longer time to go through. Skip the Listen phase and
make the wait-for-GO-Neg-Resp timeout random between 100 and 200 ms to
avoid getting in sync with the peer. In practice, this will make us
retry GO Negotiation Request frames more frequently and remain on the
peer's Listen channel for most of the time when initiating GO
Negotiation after status=1 response.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-28 22:35:11 +02:00
Jouni Malinen
8e4839cefa P2P: Increase GO Negotiation timeouts
There may be environments in which large number of devices are operating
on the social channels. In such cases, it is possible for the Action
frame TX operation wait for quite long time before being able to get the
frame out. To avoid triggering GO Negotiation failures, increase the
timeouts for GO Neg Req (with TX ACK) and GO Neg Resp (with or without
TX ACK as long as status=0) to 500 ms.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-28 22:15:46 +02:00
Jouni Malinen
316a9e4d30 nl80211: Add debug print for cancel-frame-wait command
This makes it easier to interpret the logs for offloaded TX frame
operations.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-28 22:09:32 +02:00
Dmitry Shmidt
c667342933 Add WPA_BSS_MASK_DELIM flag to BSS command
This flag will add ==== delimiter between to separate bss results.
Unlike the other BSS command MASK values, this delimiter is not
included by default to avoid issues with existing users of the BSS
command.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-02-28 18:43:05 +02:00
Felix Fietkau
c3e3a5b90c nl80211: Fix WDS STA handling with multiple BSS interfaces
The MAC address of the AP VLAN needs to be the same as the BSS that the
STA belongs to.

Signed-hostap: Felix Fietkau <nbd@openwrt.org>
2013-02-28 16:55:13 +02:00
Jouni Malinen
8cee87ab13 P2P: Only schedule a single p2p_go_neg_start timeout at a time
It is possible for the driver to indicate multiple Probe Request frames
that would be processed in a single loop. If those frames happen to be
from a peer which with we are trying to start GO Negotiation, multiple
timeouts to start GO Negotiation (p2p_go_neg_start) could end up being
scheduled. This would result in confusing burst of multiple GO
Negotiation Request frames being sent once the RX loop finally
concludes. Avoid this by scheduling only a single eloop timeout to
trigger GO Negotiation regardless of how many Probe Request frames from
the peer is received. In addition, make sure this timeout gets canceled
in p2p_deinit().

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-26 18:07:17 +02:00
Jouni Malinen
c03e2113b6 P2P: Do not start new GO Neg on Probe Req when waiting for Confirm
If we have already sent out GO Negotiation Response and are waiting for
the peer to reply with GO Negotiation Confirm, there is no point in
re-starting GO Negotiation based on Probe Request frame from the peer.
Doing that would just result in confusing GO Negotiation exchange with
multiple sessions running at the same time.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-26 18:02:51 +02:00
Jouni Malinen
4284a0b1b0 P2P: Fail GO Negotiation on missing Group ID
The device that is selected as the GO shall incode P2P Group ID
attribute in GO Negotiation Response/Confirm message. Previously we did
not reject a message without that attribute since it was possible to
continue operations even without knowing the SSID. However, this can
potentially result in confusing results since missing P2P Group ID
attribute can be a sign of conflicting GO role determination (both
devices assuming the peer is the GO). To get clearer end result for the
GO Negotiation, reject this as a fatal error. In addition, stop GO
Negotiation if GO Negotiation Confirm indicates non-zero status since
that is also a fatal error.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-26 17:27:17 +02:00
Jouni Malinen
003c45804f P2P: Assign GO tie breaker bit at the same time with dialog token
Commit 624b4d5a64 changed GO Negotiation
to use the same Dialog Token value for all retransmissions of the GO
Negotiation Request within the same session. However, it did leave the
tie breaker bit changing for each frame. While this should not have
caused issues for most cases, it looks like there are possible sequences
where the peer may end up replying to two GO Negotiation Request frames
with different tie breaker values. If in such a case the different GO
Negotiation Response frames are used at each device, GO role
determination may result in conflicting results when same GO intent is
used.

Fix this by assigning the tie breaker value at the same time with the
dialog token (i.e., when processing the p2p_connect command instead of
for each transmitted GO Negotiation Request frame) to avoid issues with
GO selection.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-26 16:56:48 +02:00
Sunil Dutt
f8361e3d68 TDLS: Pass peer's VHT Capability information during sta_add
The information of the peer's VHT capability is required for the
driver to establish a TDLS link in VHT mode with a compatible peer.
Pass this information to the driver when the peer station is
getting added.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-25 10:31:50 +02:00
Jouni Malinen
d8ed3a075a WPS: Fix OOB Device Password use in PSK1,PSK1 derivation
WSC specification 2.0 section 7.4 describes OOB password to be expressed
in ASCII format (upper case hexdump) instead of raw binary.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-24 10:57:49 +02:00
Jouni Malinen
8dabf4bb46 GAS server: Fix a regression in GAS server callback
Commit 2d9ffe1e85 broke GAS server
callback for receiving Public Action frames. The incorrect context
pointer was used in the public_action_cb2 case. Fix this to use the
correct context pointer.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-02-16 19:15:05 +02:00
Srinivasan B
bdaf17489a hostapd: Fix Max SP Length derivation from QoS Info
Hostapd provides QoS info of the STA (Service Period & AC mask) to the
kernel during wpa_driver_nl80211_sta_add call. Bit 5 and Bit 6 of QoS
info represents the Max SP length. Fix an issue in the code to fetch the
Max SP by shifting right the QoS info by value WMM_QOSINFO_STA_SP_SHIFT.
(operator ">" is replaced with ">>" operator).

Signed-off-by: Srinivasan <srinivasanb@posedge.com>
2013-02-16 11:15:13 +02:00
Sunil Dutt
122d16f25d nl80211: Configure STA Capabilities and Extended Capabilities
These are needed to allow drivers to implement all TDLS functionality
properly.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-15 23:45:48 +02:00
Jouni Malinen
542e7c406d Synchronize with wireless-testing.git include/uapi/linux/nl80211.h
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-02-15 23:45:02 +02:00
Jouni Malinen
042ec551d4 WPS: Use pre-configured NFC password token instead of overriding it
"WPS_NFC_TOKEN <WPS/NDEF>" used to generate a new NFC password token
regardless of whether there was a pre-configured token in the
configuration. Change this to use the pre-configured value, if
available, instead. This allows the same command to be used to write the
password token to an NFC tag more conveniently.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-15 11:24:29 +02:00
Sunil Dutt
d16531c40c TDLS: Pass peer's Capability and Ext Capability info during sta_add
The contents of the peer's capability and extended capability
information is required for the driver to perform TDLS P-UAPSD and Off
Channel operations. Pass this information to the driver when the peer
station is getting added.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-14 21:02:34 +02:00
Sunil Dutt
ff4178d57c TDLS: Pass peer's HT Capability and QOS information during sta_add
The information of the peer's HT capability and the QOS information is
required for the driver to perform TDLS operations. Pass this
information to the driver when the peer station is getting added.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-14 21:01:50 +02:00
Jouni Malinen
e4dea253b7 nl80211: Add debug prints for STA add/set operations
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-14 21:01:19 +02:00
Jouni Malinen
cd8db7c3ba Synchronize with wireless-testing.git include/uapi/linux/nl80211.h
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-02-14 21:00:56 +02:00
Jouni Malinen
b4a17a6ea7 WPS: Allow Device Password to be changed from M1 to M2
Registrar is allowed to propose another Device Password ID in M2. Make
Enrollee validate Device Password ID in M2 to check if this happened.
This commit adds support for changing from NFC password token to default
PIN for the case where the AP is the Enrollee and has both the NFC
password token and AP PIN enabled at the same time.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-14 20:41:14 +02:00
Jouni Malinen
38a5ad6728 WPS: Fix wps_reg nfc-pw option
Commit ffdaa05a6b added support for using
NFC password token from an AP. However, it had a bug that prevented the
wpa_supplicant wps_reg command from being used with "nfc-pw" as the PIN
value. Fix string comparison to handle this correctly.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-14 19:44:54 +02:00
Sunil Dutt
7b44ff2c21 TDLS: Tear down peers when disconnecting from the AP
A TDLS Teardown frame with Reason Code 3 (Deauthenticated because
sending STA is leaving (or has left) IBSS or ESS) shall be transmitted
to all TDLS peer STAs (via the AP or via the direct path) prior to
transmitting a Disassociation frame or a Deauthentication frame to the
AP.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-13 01:19:44 +02:00
Jouni Malinen
a5b5e830a0 P2P: Do not use old scan result data for peer discovery
The driver may have cached (e.g., in cfg80211 BSS table) the scan
results for relatively long time. To avoid reporting stale information,
update P2P peers only based on results that have based on frames
received after the last p2p_find operation was started.

This helps especially in detecting when a previously operating GO stops
the group since the BSS entry for that could live for 30 seconds in the
cfg80211 cache. Running p2p_flush followed by p2p_find will now allow
wpa_supplicant to not add a P2P peer entry for that GO if the group had
been terminated just before that p2p_flush command. Previously, that GO
could have been indicated as a newly found device for up to 30 seconds
after it had stopped the group.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-12 19:25:18 +02:00
Jouni Malinen
c5f10e804a Use more accurate timestamps for scan results
For various P2P use cases, it is useful to have more accurate timestamp
for the peer information update. This commit improves scan result
handling by using a single timestamp that is taken immediately after
fetching the results from the driver and then using that value to
calculate the time when the driver last updated the BSS entry. In
addition, more debug information is added for P2P peer updates to be
able to clearly see how old information is being used here.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-12 19:14:32 +02:00
Jouni Malinen
8b2b2a70ef P2P: Postpone P2P-DEVICE-FOUND if config_methods not known
If we discover a P2P peer based on a Beacon frame from the GO role, we
do not get information about the supported configuration methods. This
can result in issues if the P2P managing entity above wpa_supplicant is
not prepared to handling config_methods=0x0. To avoid this, postpone
reporting of the P2P-DEVICE-FOUND event when this happens on one of the
social channels. It would be good to be able to this on all channels,
but that could result in issues of never indicating the event for a peer
that is operating a GO on a channel that requires passive scanning.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-12 18:24:56 +02:00
Jouni Malinen
954ee628ee P2P: Do not allow peer update to clear config_methods
It could be possible for the scan results to include two entries for a
peer, one from the Listen state and the second one from the GO role. The
latter could be based on a Beason frame. If that happens and the entry
from GO is processed last, the P2P peer config_methods value could
potentially get cleared since Beacon frames do not include this
information in either WPS or P2P element. Avoid this by allowing the
config_methods value for P2P peers to be updated only if the new value
is non-zero.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-12 18:14:48 +02:00