jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
hostap/wpa_supplicant/wpas_glue.c

1093 lines
28 KiB
C
Raw Normal View History

Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
/*
* WPA Supplicant - Glue code to setup EAPOL and RSN modules
Preparations for variable length KCK and KEK This modifies struct wpa_ptk to allow the length of KCK and KEK to be stored. This is needed to allow longer keys to be used, e.g., with Suite B 192-bit level. Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-25 15:49:18 +01:00
* Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi>
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
*
Remove the GPL notification from files contributed by Jouni Malinen Remove the GPL notification text from the files that were initially contributed by myself. Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 15:46:35 +01:00
* This software may be distributed under the terms of the BSD license.
* See README for more details.
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
*/
#include "includes.h"
#include "common.h"
#include "eapol_supp/eapol_supp_sm.h"
Remove src/rsn_supp from default header path
2009-11-29 17:28:08 +01:00
#include "rsn_supp/wpa.h"
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
#include "eloop.h"
#include "config.h"
#include "l2_packet/l2_packet.h"
Remove src/common from default header file path This makes it clearer which files are including header from src/common. Some of these cases should probably be cleaned up in the future not to do that. In addition, src/common/nl80211_copy.h and wireless_copy.h were moved into src/drivers since they are only used by driver wrappers and do not need to live in src/common.
2009-11-29 16:51:55 +01:00
#include "common/wpa_common.h"
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
#include "wpa_supplicant_i.h"
Add preliminary hostapd data structure initialization for AP mode wpa_supplicant can now initialize hostapd data structures when mode=2 is used to set up an AP. The hostapd configuration is not yet set based on wpa_supplicant network configuration block. In addition, the glue code for hostapd driver_ops needs number of functions that will be needed for AP functionality.
2009-03-26 19:37:05 +01:00
#include "driver_i.h"
Remove src/rsn_supp from default header path
2009-11-29 17:28:08 +01:00
#include "rsn_supp/pmksa_cache.h"
Add SME support (separate authentication and association) This can be used, e.g., with mac80211-based Linux drivers with nl80211. This allows over-the-air FT protocol to be used (IEEE 802.11r). Since the nl80211 interface needed for this is very recent (added today into wireless-testing.git), driver_nl80211.c has backwards compatibility code that uses WEXT for association if the kernel does not support the new commands. This compatibility code can be disabled by defining NO_WEXT_COMPAT. That code will also be removed at some point to clean up driver_nl80211.c.
2009-03-20 21:26:41 +01:00
#include "sme.h"
Remove src/common from default header file path This makes it clearer which files are including header from src/common. Some of these cases should probably be cleaned up in the future not to do that. In addition, src/common/nl80211_copy.h and wireless_copy.h were moved into src/drivers since they are only used by driver wrappers and do not need to live in src/common.
2009-11-29 16:51:55 +01:00
#include "common/ieee802_11_defs.h"
#include "common/wpa_ctrl.h"
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
#include "wpas_glue.h"
WPS: Move WPS glue code from wpas_glue.c to wps_supplicant.c This cleans up the internal interface between different modules and is the first step in getting wpa_supplicant design closer to hostapd as far as WPS is concerned.
2008-11-28 18:46:22 +01:00
#include "wps_supplicant.h"
Use BSS table for WPA get-Beacon-IEs operation
2010-01-02 14:26:50 +01:00
#include "bss.h"
Move wpa_supplicant specific scan code away from src/drivers This fits better in wpa_supplicant/scan.c. Couple of remaining scan_helpers.c functions are currently used in driver wrappers, but they can likely be removed in the future.
2010-01-03 17:48:11 +01:00
#include "scan.h"
Add dbus signal for information about server certification In general, this patch attemps to extend commit 00468b4650998144f794762206c695c962c54734 with dbus support. This can be used by dbus client to implement subject match text entry with preset value probed from server. This preset value, if user accepts it, is remembered and passed to subject_match config for any future authentication. Signed-off-by: Michael Chang <mchang@novell.com>
2011-07-05 11:22:32 +02:00
#include "notify.h"
MACsec: wpa_supplicant integration Add MACsec to the wpa_supplicant build system and configuration file. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-25 20:39:02 +01:00
#include "wpas_kay.h"
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
#ifndef CONFIG_NO_CONFIG_BLOBS
#if defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA)
static void wpa_supplicant_set_config_blob(void *ctx,
struct wpa_config_blob *blob)
{
struct wpa_supplicant *wpa_s = ctx;
wpa_config_set_blob(wpa_s->conf, blob);
Save config after blob updates from EAP (if update_config=1) This allows EAP-FAST PAC updates to be stored when using config blobs instead of external files.
2008-10-02 13:10:53 +02:00
if (wpa_s->conf->update_config) {
int ret = wpa_config_write(wpa_s->confname, wpa_s->conf);
if (ret) {
wpa_printf(MSG_DEBUG, "Failed to update config after "
"blob set");
}
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
}
static const struct wpa_config_blob *
wpa_supplicant_get_config_blob(void *ctx, const char *name)
{
struct wpa_supplicant *wpa_s = ctx;
return wpa_config_get_blob(wpa_s->conf, name);
}
#endif /* defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA) */
#endif /* CONFIG_NO_CONFIG_BLOBS */
#if defined(IEEE8021X_EAPOL) || !defined(CONFIG_NO_WPA)
static u8 * wpa_alloc_eapol(const struct wpa_supplicant *wpa_s, u8 type,
const void *data, u16 data_len,
size_t *msg_len, void **data_pos)
{
struct ieee802_1x_hdr *hdr;
*msg_len = sizeof(*hdr) + data_len;
hdr = os_malloc(*msg_len);
if (hdr == NULL)
return NULL;
hdr->version = wpa_s->conf->eapol_version;
hdr->type = type;
hdr->length = host_to_be16(data_len);
if (data)
os_memcpy(hdr + 1, data, data_len);
else
os_memset(hdr + 1, 0, data_len);
if (data_pos)
*data_pos = hdr + 1;
return (u8 *) hdr;
}
/**
* wpa_ether_send - Send Ethernet frame
* @wpa_s: Pointer to wpa_supplicant data
* @dest: Destination MAC address
* @proto: Ethertype in host byte order
* @buf: Frame payload starting from IEEE 802.1X header
* @len: Frame payload length
* Returns: >=0 on success, <0 on failure
*/
static int wpa_ether_send(struct wpa_supplicant *wpa_s, const u8 *dest,
u16 proto, const u8 *buf, size_t len)
{
Add external EAPOL transmission option for testing purposes The new ext_eapol_frame_io parameter can be used to configure hostapd and wpa_supplicant to use control interface for receiving and transmitting EAPOL frames. This makes it easier to implement automated test cases for protocol testing. This functionality is included only in CONFIG_TESTING_OPTIONS=y builds. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-10 17:01:15 +02:00
#ifdef CONFIG_TESTING_OPTIONS
if (wpa_s->ext_eapol_frame_io && proto == ETH_P_EAPOL) {
size_t hex_len = 2 * len + 1;
char *hex = os_malloc(hex_len);
if (hex == NULL)
return -1;
wpa_snprintf_hex(hex, hex_len, buf, len);
wpa_msg(wpa_s, MSG_INFO, "EAPOL-TX " MACSTR " %s",
MAC2STR(dest), hex);
os_free(hex);
return 0;
}
#endif /* CONFIG_TESTING_OPTIONS */
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
if (wpa_s->l2) {
return l2_packet_send(wpa_s->l2, dest, proto, buf, len);
}
Remove unused send_eapol() driver op The send_eapol() callback was used by driver_test.c, but with that removed, there is no remaining users of the alternative EAPOL frame transmitting mechanism in wpa_supplicant, i.e., all remaining driver interfaces use l2_packet instead. Remove the send_eapol() to get rid of unused code. Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-11 14:40:07 +01:00
return -1;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
}
#endif /* IEEE8021X_EAPOL || !CONFIG_NO_WPA */
#ifdef IEEE8021X_EAPOL
/**
* wpa_supplicant_eapol_send - Send IEEE 802.1X EAPOL packet to Authenticator
* @ctx: Pointer to wpa_supplicant data (wpa_s)
* @type: IEEE 802.1X packet type (IEEE802_1X_TYPE_*)
* @buf: EAPOL payload (after IEEE 802.1X header)
* @len: EAPOL payload length
* Returns: >=0 on success, <0 on failure
*
* This function adds Ethernet and IEEE 802.1X header and sends the EAPOL frame
* to the current Authenticator.
*/
static int wpa_supplicant_eapol_send(void *ctx, int type, const u8 *buf,
size_t len)
{
struct wpa_supplicant *wpa_s = ctx;
u8 *msg, *dst, bssid[ETH_ALEN];
size_t msglen;
int res;
/* TODO: could add l2_packet_sendmsg that allows fragments to avoid
* extra copy here */
Added support for using SHA256-based stronger key derivation for WPA2 IEEE 802.11w/D6.0 defines new AKMPs to indicate SHA256-based algorithms for key derivation (and AES-CMAC for EAPOL-Key MIC). Add support for using new AKMPs and clean up AKMP processing with helper functions in defs.h.
2008-08-31 21:57:28 +02:00
if (wpa_key_mgmt_wpa_psk(wpa_s->key_mgmt) ||
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
wpa_s->key_mgmt == WPA_KEY_MGMT_NONE) {
/* Current SSID is not using IEEE 802.1X/EAP, so drop possible
* EAPOL frames (mainly, EAPOL-Start) from EAPOL state
* machines. */
wpa_printf(MSG_DEBUG, "WPA: drop TX EAPOL in non-IEEE 802.1X "
"mode (type=%d len=%lu)", type,
(unsigned long) len);
return -1;
}
if (pmksa_cache_get_current(wpa_s->wpa) &&
type == IEEE802_1X_TYPE_EAPOL_START) {
Work around broken AP PMKSA caching implementation An interoperability issue with a deployed AP has been identified where the connection fails due to that AP failing to operate correctly if PMKID is included in the Association Request frame. To work around this, allow EAPOL-Start packet to be transmitted on startWhen reaching 0 even when trying to use PMKSA caching. In practice, this allows fallback to full EAP authentication if the AP/Authenticator takes more than 1-2 seconds to initiate 4-way handshake for PMKSA caching or full EAP authentication if there was no PMKSA cache match. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-09-08 16:18:01 +02:00
/*
* We were trying to use PMKSA caching and sending EAPOL-Start
* would abort that and trigger full EAPOL authentication.
* However, we've already waited for the AP/Authenticator to
* start 4-way handshake or EAP authentication, and apparently
* it has not done so since the startWhen timer has reached zero
* to get the state machine sending EAPOL-Start. This is not
* really supposed to happen, but an interoperability issue with
* a deployed AP has been identified where the connection fails
* due to that AP failing to operate correctly if PMKID is
* included in the Association Request frame. To work around
* this, assume PMKSA caching failed and try to initiate full
* EAP authentication.
*/
if (!wpa_s->current_ssid ||
wpa_s->current_ssid->eap_workaround) {
wpa_printf(MSG_DEBUG,
"RSN: Timeout on waiting for the AP to initiate 4-way handshake for PMKSA caching or EAP authentication - try to force it to start EAP authentication");
} else {
wpa_printf(MSG_DEBUG,
"RSN: PMKSA caching - do not send EAPOL-Start");
return -1;
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
}
Introduced new helper function is_zero_ether_addr() Use this inline function to replace os_memcmp(addr, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0.
2008-06-03 17:08:48 +02:00
if (is_zero_ether_addr(wpa_s->bssid)) {
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
wpa_printf(MSG_DEBUG, "BSSID not set when trying to send an "
"EAPOL frame");
if (wpa_drv_get_bssid(wpa_s, bssid) == 0 &&
Introduced new helper function is_zero_ether_addr() Use this inline function to replace os_memcmp(addr, "\x00\x00\x00\x00\x00\x00", ETH_ALEN) == 0.
2008-06-03 17:08:48 +02:00
!is_zero_ether_addr(bssid)) {
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
dst = bssid;
wpa_printf(MSG_DEBUG, "Using current BSSID " MACSTR
" from the driver as the EAPOL destination",
MAC2STR(dst));
} else {
dst = wpa_s->last_eapol_src;
wpa_printf(MSG_DEBUG, "Using the source address of the"
" last received EAPOL frame " MACSTR " as "
"the EAPOL destination",
MAC2STR(dst));
}
} else {
/* BSSID was already set (from (Re)Assoc event, so use it as
* the EAPOL destination. */
dst = wpa_s->bssid;
}
msg = wpa_alloc_eapol(wpa_s, type, buf, len, &msglen, NULL);
if (msg == NULL)
return -1;
wpa_printf(MSG_DEBUG, "TX EAPOL: dst=" MACSTR, MAC2STR(dst));
wpa_hexdump(MSG_MSGDUMP, "TX EAPOL", msg, msglen);
res = wpa_ether_send(wpa_s, dst, ETH_P_EAPOL, msg, msglen);
os_free(msg);
return res;
}
/**
* wpa_eapol_set_wep_key - set WEP key for the driver
* @ctx: Pointer to wpa_supplicant data (wpa_s)
* @unicast: 1 = individual unicast key, 0 = broadcast key
* @keyidx: WEP key index (0..3)
* @key: Pointer to key data
* @keylen: Key length in bytes
* Returns: 0 on success or < 0 on error.
*/
static int wpa_eapol_set_wep_key(void *ctx, int unicast, int keyidx,
const u8 *key, size_t keylen)
{
struct wpa_supplicant *wpa_s = ctx;
if (wpa_s->key_mgmt == WPA_KEY_MGMT_IEEE8021X_NO_WPA) {
int cipher = (keylen == 5) ? WPA_CIPHER_WEP40 :
WPA_CIPHER_WEP104;
if (unicast)
wpa_s->pairwise_cipher = cipher;
else
wpa_s->group_cipher = cipher;
}
return wpa_drv_set_key(wpa_s, WPA_ALG_WEP,
Use set_key addr to distinguish default and multicast keys Previously, both NULL and ff:ff:ff:ff:ff:ff addr were used in various places to indicate default/broadcast keys. Make this more consistent and useful by defining NULL to mean default key (i.e., used both for unicast and broadcast) and ff:ff:ff:ff:ff:ff to indicate broadcast key (i.e., used only with broadcast).
2011-01-09 18:44:28 +01:00
unicast ? wpa_s->bssid : NULL,
Use more consistent set_key seq value when nothing is being set Use NULL instead of (u8 *) "" as the seq value and make sure the driver wrapper implementations can handle NULL value. This was previously already done in number of places, but not everywhere.
2011-01-09 11:09:04 +01:00
keyidx, unicast, NULL, 0, key, keylen);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
}
static void wpa_supplicant_aborted_cached(void *ctx)
{
struct wpa_supplicant *wpa_s = ctx;
wpa_sm_aborted_cached(wpa_s->wpa);
}
Skip network disabling on expected EAP failure Some EAP methods can go through a step that is expected to fail and as such, should not trigger temporary network disabling when processing EAP-Failure or deauthentication. EAP-WSC for WPS was already handled as a special case, but similar behavior is needed for EAP-FAST with unauthenticated provisioning. Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 09:24:05 +01:00
static const char * result_str(enum eapol_supp_result result)
{
switch (result) {
case EAPOL_SUPP_RESULT_FAILURE:
return "FAILURE";
case EAPOL_SUPP_RESULT_SUCCESS:
return "SUCCESS";
case EAPOL_SUPP_RESULT_EXPECTED_FAILURE:
return "EXPECTED_FAILURE";
}
return "?";
}
static void wpa_supplicant_eapol_cb(struct eapol_sm *eapol,
enum eapol_supp_result result,
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
void *ctx)
{
struct wpa_supplicant *wpa_s = ctx;
int res, pmk_len;
u8 pmk[PMK_LEN];
Skip network disabling on expected EAP failure Some EAP methods can go through a step that is expected to fail and as such, should not trigger temporary network disabling when processing EAP-Failure or deauthentication. EAP-WSC for WPS was already handled as a special case, but similar behavior is needed for EAP-FAST with unauthenticated provisioning. Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 09:24:05 +01:00
wpa_printf(MSG_DEBUG, "EAPOL authentication completed - result=%s",
result_str(result));
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
WPS: Move WPS glue code from wpas_glue.c to wps_supplicant.c This cleans up the internal interface between different modules and is the first step in getting wpa_supplicant design closer to hostapd as far as WPS is concerned.
2008-11-28 18:46:22 +01:00
if (wpas_wps_eapol_cb(wpa_s) > 0)
Added preliminary Wi-Fi Protected Setup (WPS) implementation This adds WPS support for both hostapd and wpa_supplicant. Both programs can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN methods are supported. Currently, hostapd has more complete configuration option for WPS parameters and wpa_supplicant configuration style will likely change in the future. External Registrars are not yet supported in hostapd or wpa_supplicant. While wpa_supplicant has initial support for acting as an Registrar to configure an AP, this is still using number of hardcoded parameters which will need to be made configurable for proper operation.
2008-11-23 18:34:26 +01:00
return;
Skip network disabling on expected EAP failure Some EAP methods can go through a step that is expected to fail and as such, should not trigger temporary network disabling when processing EAP-Failure or deauthentication. EAP-WSC for WPS was already handled as a special case, but similar behavior is needed for EAP-FAST with unauthenticated provisioning. Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 09:24:05 +01:00
wpa_s->eap_expected_failure = result ==
EAPOL_SUPP_RESULT_EXPECTED_FAILURE;
if (result != EAPOL_SUPP_RESULT_SUCCESS) {
Register a quick auth timeout if EAPOL fails to avoid long waits This may be needed if the AP does not disconnect in case of EAP-FAST unauthenticated provisioning (EAP-Failure). Adding the local short timeout will speed up the process in such a case by reducing the wait (which can often be up to 60 seconds).
2008-10-02 16:27:24 +02:00
/*
* Make sure we do not get stuck here waiting for long EAPOL
* timeout if the AP does not disconnect in case of
* authentication failure.
*/
wpa_supplicant_req_auth_timeout(wpa_s, 2, 0);
MACsec: wpa_supplicant integration Add MACsec to the wpa_supplicant build system and configuration file. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-25 20:39:02 +01:00
} else {
ieee802_1x_notify_create_actor(wpa_s, wpa_s->last_eapol_src);
Register a quick auth timeout if EAPOL fails to avoid long waits This may be needed if the AP does not disconnect in case of EAP-FAST unauthenticated provisioning (EAP-Failure). Adding the local short timeout will speed up the process in such a case by reducing the wait (which can often be up to 60 seconds).
2008-10-02 16:27:24 +02:00
}
Skip network disabling on expected EAP failure Some EAP methods can go through a step that is expected to fail and as such, should not trigger temporary network disabling when processing EAP-Failure or deauthentication. EAP-WSC for WPS was already handled as a special case, but similar behavior is needed for EAP-FAST with unauthenticated provisioning. Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 09:24:05 +01:00
if (result != EAPOL_SUPP_RESULT_SUCCESS ||
!(wpa_s->drv_flags & WPA_DRIVER_FLAGS_4WAY_HANDSHAKE))
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
return;
Added support for using SHA256-based stronger key derivation for WPA2 IEEE 802.11w/D6.0 defines new AKMPs to indicate SHA256-based algorithms for key derivation (and AES-CMAC for EAPOL-Key MIC). Add support for using new AKMPs and clean up AKMP processing with helper functions in defs.h.
2008-08-31 21:57:28 +02:00
if (!wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt))
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
return;
wpa_printf(MSG_DEBUG, "Configure PMK for driver-based RSN 4-way "
"handshake");
pmk_len = PMK_LEN;
FT: Configure FT XXKey as PMK for driver-based 4-way handshake When using FT-EAP, the second half of MSK is used as the starting point for PMK key hierarchy. Configure that instead of the first half of MSK when using FT with driver-based 4-way handshake and FT protocol.
2011-01-31 23:06:13 +01:00
if (wpa_key_mgmt_ft(wpa_s->key_mgmt)) {
#ifdef CONFIG_IEEE80211R
u8 buf[2 * PMK_LEN];
wpa_printf(MSG_DEBUG, "RSN: Use FT XXKey as PMK for "
"driver-based 4-way hs and FT");
res = eapol_sm_get_key(eapol, buf, 2 * PMK_LEN);
if (res == 0) {
os_memcpy(pmk, buf + PMK_LEN, PMK_LEN);
os_memset(buf, 0, sizeof(buf));
}
#else /* CONFIG_IEEE80211R */
res = -1;
#endif /* CONFIG_IEEE80211R */
} else {
res = eapol_sm_get_key(eapol, pmk, PMK_LEN);
if (res) {
/*
* EAP-LEAP is an exception from other EAP methods: it
* uses only 16-byte PMK.
*/
res = eapol_sm_get_key(eapol, pmk, 16);
pmk_len = 16;
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
}
if (res) {
wpa_printf(MSG_DEBUG, "Failed to get PMK from EAPOL state "
"machines");
return;
}
FT: Configure FT XXKey as PMK for driver-based 4-way handshake When using FT-EAP, the second half of MSK is used as the starting point for PMK key hierarchy. Configure that instead of the first half of MSK when using FT with driver-based 4-way handshake and FT protocol.
2011-01-31 23:06:13 +01:00
wpa_hexdump_key(MSG_DEBUG, "RSN: Configure PMK for driver-based 4-way "
"handshake", pmk, pmk_len);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
if (wpa_drv_set_key(wpa_s, WPA_ALG_PMK, NULL, 0, 0, NULL, 0, pmk,
pmk_len)) {
wpa_printf(MSG_DEBUG, "Failed to set PMK to the driver");
}
wpa_supplicant_cancel_scan(wpa_s);
wpa_supplicant_cancel_auth_timeout(wpa_s);
wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
}
static void wpa_supplicant_notify_eapol_done(void *ctx)
{
struct wpa_supplicant *wpa_s = ctx;
wpa_msg(wpa_s, MSG_DEBUG, "WPA: EAPOL processing complete");
Added support for using SHA256-based stronger key derivation for WPA2 IEEE 802.11w/D6.0 defines new AKMPs to indicate SHA256-based algorithms for key derivation (and AES-CMAC for EAPOL-Key MIC). Add support for using new AKMPs and clean up AKMP processing with helper functions in defs.h.
2008-08-31 21:57:28 +02:00
if (wpa_key_mgmt_wpa_ieee8021x(wpa_s->key_mgmt)) {
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
wpa_supplicant_set_state(wpa_s, WPA_4WAY_HANDSHAKE);
} else {
wpa_supplicant_cancel_auth_timeout(wpa_s);
wpa_supplicant_set_state(wpa_s, WPA_COMPLETED);
}
}
#endif /* IEEE8021X_EAPOL */
#ifndef CONFIG_NO_WPA
static int wpa_get_beacon_ie(struct wpa_supplicant *wpa_s)
{
int ret = 0;
Use BSS table for WPA get-Beacon-IEs operation
2010-01-02 14:26:50 +01:00
struct wpa_bss *curr = NULL, *bss;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
struct wpa_ssid *ssid = wpa_s->current_ssid;
const u8 *ie;
Use BSS table for WPA get-Beacon-IEs operation
2010-01-02 14:26:50 +01:00
dl_list_for_each(bss, &wpa_s->bss, struct wpa_bss, list) {
if (os_memcmp(bss->bssid, wpa_s->bssid, ETH_ALEN) != 0)
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
continue;
if (ssid == NULL ||
Use BSS table for WPA get-Beacon-IEs operation
2010-01-02 14:26:50 +01:00
((bss->ssid_len == ssid->ssid_len &&
os_memcmp(bss->ssid, ssid->ssid, ssid->ssid_len) == 0) ||
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
ssid->ssid_len == 0)) {
Use BSS table for WPA get-Beacon-IEs operation
2010-01-02 14:26:50 +01:00
curr = bss;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
break;
}
}
if (curr) {
Use BSS table for WPA get-Beacon-IEs operation
2010-01-02 14:26:50 +01:00
ie = wpa_bss_get_vendor_ie(curr, WPA_IE_VENDOR_TYPE);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
if (wpa_sm_set_ap_wpa_ie(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0))
ret = -1;
Use BSS table for WPA get-Beacon-IEs operation
2010-01-02 14:26:50 +01:00
ie = wpa_bss_get_ie(curr, WLAN_EID_RSN);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
if (wpa_sm_set_ap_rsn_ie(wpa_s->wpa, ie, ie ? 2 + ie[1] : 0))
ret = -1;
} else {
ret = -1;
}
return ret;
}
static int wpa_supplicant_get_beacon_ie(void *ctx)
{
struct wpa_supplicant *wpa_s = ctx;
if (wpa_get_beacon_ie(wpa_s) == 0) {
return 0;
}
/* No WPA/RSN IE found in the cached scan results. Try to get updated
* scan results from the driver. */
Do not store raw scan results Use scan results to update the BSS table and to select the BSS for connection, but do not store the results for longer time.
2010-01-02 15:41:38 +01:00
if (wpa_supplicant_update_scan_results(wpa_s) < 0)
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
return -1;
return wpa_get_beacon_ie(wpa_s);
}
static u8 * _wpa_alloc_eapol(void *wpa_s, u8 type,
const void *data, u16 data_len,
size_t *msg_len, void **data_pos)
{
return wpa_alloc_eapol(wpa_s, type, data, data_len, msg_len, data_pos);
}
static int _wpa_ether_send(void *wpa_s, const u8 *dest, u16 proto,
const u8 *buf, size_t len)
{
return wpa_ether_send(wpa_s, dest, proto, buf, len);
}
static void _wpa_supplicant_cancel_auth_timeout(void *wpa_s)
{
wpa_supplicant_cancel_auth_timeout(wpa_s);
}
Get rid of unnecessary typedefs for enums.
2009-12-26 09:35:08 +01:00
static void _wpa_supplicant_set_state(void *wpa_s, enum wpa_states state)
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
{
wpa_supplicant_set_state(wpa_s, state);
}
/**
* wpa_supplicant_get_state - Get the connection state
* @wpa_s: Pointer to wpa_supplicant data
* Returns: The current connection state (WPA_*)
*/
Get rid of unnecessary typedefs for enums.
2009-12-26 09:35:08 +01:00
static enum wpa_states wpa_supplicant_get_state(struct wpa_supplicant *wpa_s)
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
{
return wpa_s->wpa_state;
}
Get rid of unnecessary typedefs for enums.
2009-12-26 09:35:08 +01:00
static enum wpa_states _wpa_supplicant_get_state(void *wpa_s)
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
{
return wpa_supplicant_get_state(wpa_s);
}
static void _wpa_supplicant_deauthenticate(void *wpa_s, int reason_code)
{
wpa_supplicant_deauthenticate(wpa_s, reason_code);
Fixed race condition between disassociation event and group key handshake This avoids getting stuck in state where wpa_supplicant has canceled scans, but the driver is actually in disassociated state. The previously used code that controlled scan timeout from WPA module is not really needed anymore (and has not been needed for past four years since authentication timeout was separated from scan request timeout), so this can simply be removed to resolved the race condition. As an extra bonus, this simplifies the interface to WPA module. [Bug 261]
2008-06-09 15:26:47 +02:00
/* Schedule a scan to make sure we continue looking for networks */
Disconnect if 4-way handshake processing fails There is no point in trying to continue if a 4-way handshake frame is discarded or if PTK/GTK/IGTK configuration fails. Force the client to disconnect in such a case to avoid confusing user by claiming the connection was successfully completed.
2009-04-20 10:35:21 +02:00
wpa_supplicant_req_scan(wpa_s, 5, 0);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
}
static void * wpa_supplicant_get_network_ctx(void *wpa_s)
{
return wpa_supplicant_get_ssid(wpa_s);
}
static int wpa_supplicant_get_bssid(void *ctx, u8 *bssid)
{
struct wpa_supplicant *wpa_s = ctx;
return wpa_drv_get_bssid(wpa_s, bssid);
}
Get rid of unnecessary typedefs for enums.
2009-12-26 09:35:08 +01:00
static int wpa_supplicant_set_key(void *_wpa_s, enum wpa_alg alg,
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
const u8 *addr, int key_idx, int set_tx,
const u8 *seq, size_t seq_len,
const u8 *key, size_t key_len)
{
Added an optional mitigation mechanism for certain attacks against TKIP by delaying Michael MIC error reports by a random amount of time between 0 and 60 seconds if multiple Michael MIC failures are detected with the same PTK (i.e., the Authenticator does not rekey PTK on first failure report). This is disabled by default and can be enabled with a build option CONFIG_DELAYED_MIC_ERROR_REPORT=y in .config. This may help in making a chopchop attack take much longer time by forcing the attacker to wait 60 seconds before knowing whether a modified frame resulted in a MIC failure.
2008-11-08 03:43:12 +01:00
struct wpa_supplicant *wpa_s = _wpa_s;
if (alg == WPA_ALG_TKIP && key_idx == 0 && key_len == 32) {
/* Clear the MIC error counter when setting a new PTK. */
wpa_s->mic_errors_seen = 0;
}
Add test code for fetching the last configured GTK This can be useful for some test cases, so allow wpa_supplicant to be built with special test functionality to expose the current (last configured) GTK. This is disabled by default and can be enabled by adding following line into .config: CFLAGS += -DCONFIG_TESTING_GET_GTK The GTK can then be fetched with "wpa_cli get gtk". Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2011-10-28 13:39:44 +02:00
#ifdef CONFIG_TESTING_GET_GTK
if (key_idx > 0 && addr && is_broadcast_ether_addr(addr) &&
alg != WPA_ALG_NONE && key_len <= sizeof(wpa_s->last_gtk)) {
os_memcpy(wpa_s->last_gtk, key, key_len);
wpa_s->last_gtk_len = key_len;
}
#endif /* CONFIG_TESTING_GET_GTK */
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
return wpa_drv_set_key(wpa_s, alg, addr, key_idx, set_tx, seq, seq_len,
key, key_len);
}
static int wpa_supplicant_mlme_setprotection(void *wpa_s, const u8 *addr,
int protection_type,
int key_type)
{
return wpa_drv_mlme_setprotection(wpa_s, addr, protection_type,
key_type);
}
static int wpa_supplicant_add_pmkid(void *wpa_s,
const u8 *bssid, const u8 *pmkid)
{
return wpa_drv_add_pmkid(wpa_s, bssid, pmkid);
}
static int wpa_supplicant_remove_pmkid(void *wpa_s,
const u8 *bssid, const u8 *pmkid)
{
return wpa_drv_remove_pmkid(wpa_s, bssid, pmkid);
}
#ifdef CONFIG_IEEE80211R
static int wpa_supplicant_update_ft_ies(void *ctx, const u8 *md,
const u8 *ies, size_t ies_len)
{
struct wpa_supplicant *wpa_s = ctx;
Add SME support (separate authentication and association) This can be used, e.g., with mac80211-based Linux drivers with nl80211. This allows over-the-air FT protocol to be used (IEEE 802.11r). Since the nl80211 interface needed for this is very recent (added today into wireless-testing.git), driver_nl80211.c has backwards compatibility code that uses WEXT for association if the kernel does not support the new commands. This compatibility code can be disabled by defining NO_WEXT_COMPAT. That code will also be removed at some point to clean up driver_nl80211.c.
2009-03-20 21:26:41 +01:00
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_SME)
return sme_update_ft_ies(wpa_s, md, ies, ies_len);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
return wpa_drv_update_ft_ies(wpa_s, md, ies, ies_len);
}
static int wpa_supplicant_send_ft_action(void *ctx, u8 action,
const u8 *target_ap,
const u8 *ies, size_t ies_len)
{
struct wpa_supplicant *wpa_s = ctx;
Replace send_ft_action() driver_op with send_action() This reduced number of unnecessarily duplicated driver interface callback functions for sending Action frames by using the more generic send_action() instead of FT specific send_ft_action(). Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 17:13:29 +01:00
int ret;
u8 *data, *pos;
size_t data_len;
if (action != 1) {
wpa_printf(MSG_ERROR, "Unsupported send_ft_action action %d",
action);
return -1;
}
/*
* Action frame payload:
* Category[1] = 6 (Fast BSS Transition)
* Action[1] = 1 (Fast BSS Transition Request)
* STA Address
* Target AP Address
* FT IEs
*/
data_len = 2 + 2 * ETH_ALEN + ies_len;
data = os_malloc(data_len);
if (data == NULL)
return -1;
pos = data;
*pos++ = 0x06; /* FT Action category */
*pos++ = action;
os_memcpy(pos, wpa_s->own_addr, ETH_ALEN);
pos += ETH_ALEN;
os_memcpy(pos, target_ap, ETH_ALEN);
pos += ETH_ALEN;
os_memcpy(pos, ies, ies_len);
ret = wpa_drv_send_action(wpa_s, wpa_s->assoc_freq, 0,
wpa_s->bssid, wpa_s->own_addr, wpa_s->bssid,
data, data_len, 0);
os_free(data);
return ret;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
}
FT: Add driver op for marking a STA authenticated This can be used with FT-over-DS where FT Action frame exchange triggers transition to State 2 (authenticated) without Authentication frame exchange.
2010-03-13 17:28:15 +01:00
static int wpa_supplicant_mark_authenticated(void *ctx, const u8 *target_ap)
{
struct wpa_supplicant *wpa_s = ctx;
struct wpa_driver_auth_params params;
struct wpa_bss *bss;
bss = wpa_bss_get_bssid(wpa_s, target_ap);
if (bss == NULL)
return -1;
os_memset(&params, 0, sizeof(params));
params.bssid = target_ap;
params.freq = bss->freq;
params.ssid = bss->ssid;
params.ssid_len = bss->ssid_len;
params.auth_alg = WPA_AUTH_ALG_FT;
params.local_state_change = 1;
return wpa_drv_authenticate(wpa_s, &params);
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
#endif /* CONFIG_IEEE80211R */
TDLS: Add initial support for TDLS (IEEE Std 802.11z-2010)
2010-10-07 09:26:56 +02:00
#ifdef CONFIG_TDLS
TDLS: Get TDLS related capabilities from driver Put glue code in place to propagate TDLS related driver capabilities to the TDLS state machine. If the driver doesn't support capabilities, assume TDLS is supported internally. When TDLS is explicitly not supported, disable all user facing TDLS operations. Signed-off-by: Arik Nemtsov <arik@wizery.com> Cc: Kalyan C Gaddam <chakkal@iit.edu>
2011-09-26 12:55:25 +02:00
static int wpa_supplicant_tdls_get_capa(void *ctx, int *tdls_supported,
TDLS: Add channel-switch capability flag Propagate a driver TDLS channel-switch support bit from nl80211 to TDLS code. Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2014-12-29 04:44:37 +01:00
int *tdls_ext_setup,
int *tdls_chan_switch)
TDLS: Get TDLS related capabilities from driver Put glue code in place to propagate TDLS related driver capabilities to the TDLS state machine. If the driver doesn't support capabilities, assume TDLS is supported internally. When TDLS is explicitly not supported, disable all user facing TDLS operations. Signed-off-by: Arik Nemtsov <arik@wizery.com> Cc: Kalyan C Gaddam <chakkal@iit.edu>
2011-09-26 12:55:25 +02:00
{
struct wpa_supplicant *wpa_s = ctx;
*tdls_supported = 0;
*tdls_ext_setup = 0;
TDLS: Add channel-switch capability flag Propagate a driver TDLS channel-switch support bit from nl80211 to TDLS code. Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2014-12-29 04:44:37 +01:00
*tdls_chan_switch = 0;
TDLS: Get TDLS related capabilities from driver Put glue code in place to propagate TDLS related driver capabilities to the TDLS state machine. If the driver doesn't support capabilities, assume TDLS is supported internally. When TDLS is explicitly not supported, disable all user facing TDLS operations. Signed-off-by: Arik Nemtsov <arik@wizery.com> Cc: Kalyan C Gaddam <chakkal@iit.edu>
2011-09-26 12:55:25 +02:00
if (!wpa_s->drv_capa_known)
return -1;
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_TDLS_SUPPORT)
*tdls_supported = 1;
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_TDLS_EXTERNAL_SETUP)
*tdls_ext_setup = 1;
TDLS: Add channel-switch capability flag Propagate a driver TDLS channel-switch support bit from nl80211 to TDLS code. Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2014-12-29 04:44:37 +01:00
if (wpa_s->drv_flags & WPA_DRIVER_FLAGS_TDLS_CHANNEL_SWITCH)
*tdls_chan_switch = 1;
TDLS: Get TDLS related capabilities from driver Put glue code in place to propagate TDLS related driver capabilities to the TDLS state machine. If the driver doesn't support capabilities, assume TDLS is supported internally. When TDLS is explicitly not supported, disable all user facing TDLS operations. Signed-off-by: Arik Nemtsov <arik@wizery.com> Cc: Kalyan C Gaddam <chakkal@iit.edu>
2011-09-26 12:55:25 +02:00
return 0;
}
TDLS: Add initial support for TDLS (IEEE Std 802.11z-2010)
2010-10-07 09:26:56 +02:00
static int wpa_supplicant_send_tdls_mgmt(void *ctx, const u8 *dst,
u8 action_code, u8 dialog_token,
Pass TDLS peer capability information in tdls_mgmt While framing the TDLS Setup Confirmation frame, the driver needs to know if the TDLS peer is VHT/HT/WMM capable and thus shall construct the VHT/HT operation / WMM parameter elements accordingly. Supplicant determines if the TDLS peer is VHT/HT/WMM capable based on the presence of the respective IEs in the received TDLS Setup Response frame. The host driver should not need to parse the received TDLS Response frame and thus, should be able to rely on the supplicant to indicate the capability of the peer through additional flags while transmitting the TDLS Setup Confirmation frame through tdls_mgmt operations. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-26 17:04:50 +01:00
u16 status_code, u32 peer_capab,
TDLS: Set the initiator during tdls_mgmt operations Some drivers need to know the initiator of a TDLS connection in order to generate a correct TDLS mgmt packet. It is used to determine the link identifier IE. Pass this information to the driver. Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2014-09-29 20:47:51 +02:00
int initiator, const u8 *buf,
size_t len)
TDLS: Add initial support for TDLS (IEEE Std 802.11z-2010)
2010-10-07 09:26:56 +02:00
{
struct wpa_supplicant *wpa_s = ctx;
return wpa_drv_send_tdls_mgmt(wpa_s, dst, action_code, dialog_token,
TDLS: Set the initiator during tdls_mgmt operations Some drivers need to know the initiator of a TDLS connection in order to generate a correct TDLS mgmt packet. It is used to determine the link identifier IE. Pass this information to the driver. Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2014-09-29 20:47:51 +02:00
status_code, peer_capab, initiator, buf,
len);
TDLS: Add initial support for TDLS (IEEE Std 802.11z-2010)
2010-10-07 09:26:56 +02:00
}
static int wpa_supplicant_tdls_oper(void *ctx, int oper, const u8 *peer)
{
struct wpa_supplicant *wpa_s = ctx;
return wpa_drv_tdls_oper(wpa_s, oper, peer);
}
TDLS: Add peer as a STA during link setup Before commencing setup, add a new STA entry to the driver representing the peer. Later during setup, update the STA entry using information received from the peer. Extend sta_add() callback for adding/modifying a TDLS peer entry and connect it to the TDLS state machine. Implement this callback for the nl80211 driver and send peer information to kernel. Mark TDLS peer entries with a new flag and translate it to a corresponding nl80211 flag in the nl80211 driver. In addition, correct TDLS related documentation in the wpa_driver_ops structure. Signed-off-by: Arik Nemtsov <arik@wizery.com> Cc: Kalyan C Gaddam <chakkal@iit.edu>
2011-10-23 13:02:57 +02:00
static int wpa_supplicant_tdls_peer_addset(
TDLS: Pass peer's AID information to kernel The information of the peer's AID is required for the driver to construct partial AID in VHT PPDU's. Pass this information to the driver during add/set station operations (well, as soon as the information is available, i.e., with set station operation currently). Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-06 14:47:44 +02:00
void *ctx, const u8 *peer, int add, u16 aid, u16 capability,
TDLS: Pass peer's HT Capability and QOS information during sta_add The information of the peer's HT capability and the QOS information is required for the driver to perform TDLS operations. Pass this information to the driver when the peer station is getting added. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-05 15:41:01 +01:00
const u8 *supp_rates, size_t supp_rates_len,
const struct ieee80211_ht_capabilities *ht_capab,
TDLS: Pass peer's VHT Capability information during sta_add The information of the peer's VHT capability is required for the driver to establish a TDLS link in VHT mode with a compatible peer. Pass this information to the driver when the peer station is getting added. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-25 09:31:50 +01:00
const struct ieee80211_vht_capabilities *vht_capab,
TDLS: Use WMM IE for propagating peer WMM capability Relying on qos qosinfo is not enough, as it can be 0 for WMM enabled peers that don't support U-APSD. Further, some peers don't even contain this IE (Google Nexus 5), but do contain the WMM IE during setup. Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2014-09-29 20:47:53 +02:00
u8 qosinfo, int wmm, const u8 *ext_capab, size_t ext_capab_len,
TDLS: Pass peer's Supported channel and oper class info during sta_add The information of the peer's supported channel and operating class is required for the driver to do TDLS off channel operations with a compatible peer. Pass this information to the driver when the peer station is getting added. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-06 14:06:13 +01:00
const u8 *supp_channels, size_t supp_channels_len,
const u8 *supp_oper_classes, size_t supp_oper_classes_len)
TDLS: Add peer as a STA during link setup Before commencing setup, add a new STA entry to the driver representing the peer. Later during setup, update the STA entry using information received from the peer. Extend sta_add() callback for adding/modifying a TDLS peer entry and connect it to the TDLS state machine. Implement this callback for the nl80211 driver and send peer information to kernel. Mark TDLS peer entries with a new flag and translate it to a corresponding nl80211 flag in the nl80211 driver. In addition, correct TDLS related documentation in the wpa_driver_ops structure. Signed-off-by: Arik Nemtsov <arik@wizery.com> Cc: Kalyan C Gaddam <chakkal@iit.edu>
2011-10-23 13:02:57 +02:00
{
struct wpa_supplicant *wpa_s = ctx;
struct hostapd_sta_add_params params;
TDLS: Fix add/set STA operation Commit a9a1d0f08aaf7c96f40def0d7966399b89b2a7c0 added vht_capabilities to struct hostapd_sta_add_params but forgot to update wpa_supplicant_tdls_peer_addset() to initialize the variable to NULL. This could result in uninitialized pointer being used in driver_nl80211.c when adding a TDLS peer entry. Fix this by clearing the hostapd_sta_add_params with memset. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-14 17:23:33 +01:00
os_memset(&params, 0, sizeof(params));
TDLS: Add peer as a STA during link setup Before commencing setup, add a new STA entry to the driver representing the peer. Later during setup, update the STA entry using information received from the peer. Extend sta_add() callback for adding/modifying a TDLS peer entry and connect it to the TDLS state machine. Implement this callback for the nl80211 driver and send peer information to kernel. Mark TDLS peer entries with a new flag and translate it to a corresponding nl80211 flag in the nl80211 driver. In addition, correct TDLS related documentation in the wpa_driver_ops structure. Signed-off-by: Arik Nemtsov <arik@wizery.com> Cc: Kalyan C Gaddam <chakkal@iit.edu>
2011-10-23 13:02:57 +02:00
params.addr = peer;
TDLS: Move AID=1 workaround into driver_nl80211.c The use of AID=1 for the nl80211 dummy STA case is specific to the driver (cfg80211), so better move this into the driver wrapper instead of generic TDLS implementation. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-06 14:57:03 +02:00
params.aid = aid;
TDLS: Add peer as a STA during link setup Before commencing setup, add a new STA entry to the driver representing the peer. Later during setup, update the STA entry using information received from the peer. Extend sta_add() callback for adding/modifying a TDLS peer entry and connect it to the TDLS state machine. Implement this callback for the nl80211 driver and send peer information to kernel. Mark TDLS peer entries with a new flag and translate it to a corresponding nl80211 flag in the nl80211 driver. In addition, correct TDLS related documentation in the wpa_driver_ops structure. Signed-off-by: Arik Nemtsov <arik@wizery.com> Cc: Kalyan C Gaddam <chakkal@iit.edu>
2011-10-23 13:02:57 +02:00
params.capability = capability;
params.flags = WPA_STA_TDLS_PEER | WPA_STA_AUTHORIZED;
TDLS: Pass peer's HT Capability and QOS information during sta_add The information of the peer's HT capability and the QOS information is required for the driver to perform TDLS operations. Pass this information to the driver when the peer station is getting added. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-05 15:41:01 +01:00
/*
TDLS: Use WMM IE for propagating peer WMM capability Relying on qos qosinfo is not enough, as it can be 0 for WMM enabled peers that don't support U-APSD. Further, some peers don't even contain this IE (Google Nexus 5), but do contain the WMM IE during setup. Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2014-09-29 20:47:53 +02:00
* Don't rely only on qosinfo for WMM capability. It may be 0 even when
* present. Allow the WMM IE to also indicate QoS support.
TDLS: Pass peer's HT Capability and QOS information during sta_add The information of the peer's HT capability and the QOS information is required for the driver to perform TDLS operations. Pass this information to the driver when the peer station is getting added. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-05 15:41:01 +01:00
*/
TDLS: Use WMM IE for propagating peer WMM capability Relying on qos qosinfo is not enough, as it can be 0 for WMM enabled peers that don't support U-APSD. Further, some peers don't even contain this IE (Google Nexus 5), but do contain the WMM IE during setup. Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2014-09-29 20:47:53 +02:00
if (wmm || qosinfo)
TDLS: Pass peer's HT Capability and QOS information during sta_add The information of the peer's HT capability and the QOS information is required for the driver to perform TDLS operations. Pass this information to the driver when the peer station is getting added. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-05 15:41:01 +01:00
params.flags |= WPA_STA_WMM;
params.ht_capabilities = ht_capab;
TDLS: Pass peer's VHT Capability information during sta_add The information of the peer's VHT capability is required for the driver to establish a TDLS link in VHT mode with a compatible peer. Pass this information to the driver when the peer station is getting added. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-25 09:31:50 +01:00
params.vht_capabilities = vht_capab;
TDLS: Pass peer's HT Capability and QOS information during sta_add The information of the peer's HT capability and the QOS information is required for the driver to perform TDLS operations. Pass this information to the driver when the peer station is getting added. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-05 15:41:01 +01:00
params.qosinfo = qosinfo;
TDLS: Add peer as a STA during link setup Before commencing setup, add a new STA entry to the driver representing the peer. Later during setup, update the STA entry using information received from the peer. Extend sta_add() callback for adding/modifying a TDLS peer entry and connect it to the TDLS state machine. Implement this callback for the nl80211 driver and send peer information to kernel. Mark TDLS peer entries with a new flag and translate it to a corresponding nl80211 flag in the nl80211 driver. In addition, correct TDLS related documentation in the wpa_driver_ops structure. Signed-off-by: Arik Nemtsov <arik@wizery.com> Cc: Kalyan C Gaddam <chakkal@iit.edu>
2011-10-23 13:02:57 +02:00
params.listen_interval = 0;
params.supp_rates = supp_rates;
params.supp_rates_len = supp_rates_len;
params.set = !add;
TDLS: Pass peer's Capability and Ext Capability info during sta_add The contents of the peer's capability and extended capability information is required for the driver to perform TDLS P-UAPSD and Off Channel operations. Pass this information to the driver when the peer station is getting added. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-05 15:50:36 +01:00
params.ext_capab = ext_capab;
params.ext_capab_len = ext_capab_len;
TDLS: Pass peer's Supported channel and oper class info during sta_add The information of the peer's supported channel and operating class is required for the driver to do TDLS off channel operations with a compatible peer. Pass this information to the driver when the peer station is getting added. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-06 14:06:13 +01:00
params.supp_channels = supp_channels;
params.supp_channels_len = supp_channels_len;
params.supp_oper_classes = supp_oper_classes;
params.supp_oper_classes_len = supp_oper_classes_len;
TDLS: Add peer as a STA during link setup Before commencing setup, add a new STA entry to the driver representing the peer. Later during setup, update the STA entry using information received from the peer. Extend sta_add() callback for adding/modifying a TDLS peer entry and connect it to the TDLS state machine. Implement this callback for the nl80211 driver and send peer information to kernel. Mark TDLS peer entries with a new flag and translate it to a corresponding nl80211 flag in the nl80211 driver. In addition, correct TDLS related documentation in the wpa_driver_ops structure. Signed-off-by: Arik Nemtsov <arik@wizery.com> Cc: Kalyan C Gaddam <chakkal@iit.edu>
2011-10-23 13:02:57 +02:00
return wpa_drv_sta_add(wpa_s, &params);
}
TDLS: Propagate enable/disable channel-switch commands to driver The supplicant code does not try to control the actual channel of the radio at any point. It simply passes the target peer and channel parameters to the driver. It's the driver's responsibility to periodically initiate TDLS channel-switch operations when TDLS channel-switching is enabled. Allow enable/disable operations to be invoked via the control interface. Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2014-12-29 06:20:51 +01:00
static int wpa_supplicant_tdls_enable_channel_switch(
void *ctx, const u8 *addr, u8 oper_class,
const struct hostapd_freq_params *params)
{
struct wpa_supplicant *wpa_s = ctx;
return wpa_drv_tdls_enable_channel_switch(wpa_s, addr, oper_class,
params);
}
static int wpa_supplicant_tdls_disable_channel_switch(void *ctx, const u8 *addr)
{
struct wpa_supplicant *wpa_s = ctx;
return wpa_drv_tdls_disable_channel_switch(wpa_s, addr);
}
TDLS: Add initial support for TDLS (IEEE Std 802.11z-2010)
2010-10-07 09:26:56 +02:00
#endif /* CONFIG_TDLS */
Remove compiler warnings if TDLS is enabled without WPA2 Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-06-07 19:04:12 +02:00
#endif /* CONFIG_NO_WPA */
TDLS: Add initial support for TDLS (IEEE Std 802.11z-2010)
2010-10-07 09:26:56 +02:00
Add wpa_supplicant_ctrl_req_from_string() Converts from a string to a control request enum when input from a control interface is received. Will be used by a subsequent patch. Signed-off-by: Dan Williams <dcbw@redhat.com>
2011-10-24 18:04:40 +02:00
enum wpa_ctrl_req_type wpa_supplicant_ctrl_req_from_string(const char *field)
{
if (os_strcmp(field, "IDENTITY") == 0)
return WPA_CTRL_REQ_EAP_IDENTITY;
else if (os_strcmp(field, "PASSWORD") == 0)
return WPA_CTRL_REQ_EAP_PASSWORD;
else if (os_strcmp(field, "NEW_PASSWORD") == 0)
return WPA_CTRL_REQ_EAP_NEW_PASSWORD;
else if (os_strcmp(field, "PIN") == 0)
return WPA_CTRL_REQ_EAP_PIN;
else if (os_strcmp(field, "OTP") == 0)
return WPA_CTRL_REQ_EAP_OTP;
else if (os_strcmp(field, "PASSPHRASE") == 0)
return WPA_CTRL_REQ_EAP_PASSPHRASE;
EAP peer: Add framework for external SIM/USIM processing The new configuration parameter external_sim=<0/1> can now be used to configure wpa_supplicant to use external SIM/USIM processing (e.g., GSM authentication for EAP-SIM or UMTS authentication for EAP-AKA). The requests and responses for such operations are sent over the ctrl_iface CTRL-REQ-SIM and CTRL-RSP-SIM commands similarly to the existing password query mechanism. Changes to the EAP methods to use this new mechanism will be added in separate commits. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-19 16:32:05 +02:00
else if (os_strcmp(field, "SIM") == 0)
return WPA_CTRL_REQ_SIM;
Add wpa_supplicant_ctrl_req_from_string() Converts from a string to a control request enum when input from a control interface is received. Will be used by a subsequent patch. Signed-off-by: Dan Williams <dcbw@redhat.com>
2011-10-24 18:04:40 +02:00
return WPA_CTRL_REQ_UNKNOWN;
}
Use an enum for EAP SM requests Control requests will be extended for non-EAP uses later, so it makes sense to have them be generic. Furthermore, having them defined as an enum is easier for processing internally, and more generic for control interfaces that may not use field names. The public ctrl_req_type / field_name conversion function will be used later by the D-Bus control interface too. Signed-off-by: Dan Williams <dcbw@redhat.com>
2011-10-24 18:00:19 +02:00
const char * wpa_supplicant_ctrl_req_to_string(enum wpa_ctrl_req_type field,
const char *default_txt,
const char **txt)
{
const char *ret = NULL;
*txt = default_txt;
switch (field) {
case WPA_CTRL_REQ_EAP_IDENTITY:
*txt = "Identity";
ret = "IDENTITY";
break;
case WPA_CTRL_REQ_EAP_PASSWORD:
*txt = "Password";
ret = "PASSWORD";
break;
case WPA_CTRL_REQ_EAP_NEW_PASSWORD:
*txt = "New Password";
ret = "NEW_PASSWORD";
break;
case WPA_CTRL_REQ_EAP_PIN:
*txt = "PIN";
ret = "PIN";
break;
case WPA_CTRL_REQ_EAP_OTP:
ret = "OTP";
break;
case WPA_CTRL_REQ_EAP_PASSPHRASE:
*txt = "Private key passphrase";
ret = "PASSPHRASE";
break;
EAP peer: Add framework for external SIM/USIM processing The new configuration parameter external_sim=<0/1> can now be used to configure wpa_supplicant to use external SIM/USIM processing (e.g., GSM authentication for EAP-SIM or UMTS authentication for EAP-AKA). The requests and responses for such operations are sent over the ctrl_iface CTRL-REQ-SIM and CTRL-RSP-SIM commands similarly to the existing password query mechanism. Changes to the EAP methods to use this new mechanism will be added in separate commits. Signed-hostap: Jouni Malinen <j@w1.fi>
2013-10-19 16:32:05 +02:00
case WPA_CTRL_REQ_SIM:
ret = "SIM";
break;
Use an enum for EAP SM requests Control requests will be extended for non-EAP uses later, so it makes sense to have them be generic. Furthermore, having them defined as an enum is easier for processing internally, and more generic for control interfaces that may not use field names. The public ctrl_req_type / field_name conversion function will be used later by the D-Bus control interface too. Signed-off-by: Dan Williams <dcbw@redhat.com>
2011-10-24 18:00:19 +02:00
default:
break;
}
/* txt needs to be something */
if (*txt == NULL) {
wpa_printf(MSG_WARNING, "No message for request %d", field);
ret = NULL;
}
return ret;
}
Comment out unused functions if IEEE8021X_EAPOL is not defined
2009-05-29 21:35:31 +02:00
#ifdef IEEE8021X_EAPOL
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
#if defined(CONFIG_CTRL_IFACE) || !defined(CONFIG_NO_STDOUT_DEBUG)
Use an enum for EAP SM requests Control requests will be extended for non-EAP uses later, so it makes sense to have them be generic. Furthermore, having them defined as an enum is easier for processing internally, and more generic for control interfaces that may not use field names. The public ctrl_req_type / field_name conversion function will be used later by the D-Bus control interface too. Signed-off-by: Dan Williams <dcbw@redhat.com>
2011-10-24 18:00:19 +02:00
static void wpa_supplicant_eap_param_needed(void *ctx,
enum wpa_ctrl_req_type field,
const char *default_txt)
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
{
struct wpa_supplicant *wpa_s = ctx;
struct wpa_ssid *ssid = wpa_s->current_ssid;
Use an enum for EAP SM requests Control requests will be extended for non-EAP uses later, so it makes sense to have them be generic. Furthermore, having them defined as an enum is easier for processing internally, and more generic for control interfaces that may not use field names. The public ctrl_req_type / field_name conversion function will be used later by the D-Bus control interface too. Signed-off-by: Dan Williams <dcbw@redhat.com>
2011-10-24 18:00:19 +02:00
const char *field_name, *txt = NULL;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
char *buf;
size_t buflen;
int len;
if (ssid == NULL)
return;
dbus: Implement EAP SM control request signals Add a D-Bus signal for EAP SM requests. This signal is emitted on the Interface object so that clients only have to listen to one object for requests rather than to all network objects. This signal is analogous to the socket control interface's CTRL-REQ- request. Signed-off-by: Dan Williams <dcbw@redhat.com>
2011-10-24 18:03:04 +02:00
wpas_notify_network_request(wpa_s, ssid, field, default_txt);
Use an enum for EAP SM requests Control requests will be extended for non-EAP uses later, so it makes sense to have them be generic. Furthermore, having them defined as an enum is easier for processing internally, and more generic for control interfaces that may not use field names. The public ctrl_req_type / field_name conversion function will be used later by the D-Bus control interface too. Signed-off-by: Dan Williams <dcbw@redhat.com>
2011-10-24 18:00:19 +02:00
field_name = wpa_supplicant_ctrl_req_to_string(field, default_txt,
&txt);
if (field_name == NULL) {
wpa_printf(MSG_WARNING, "Unhandled EAP param %d needed",
field);
return;
}
wpa_supplicant: Add more DBus EAP status Signal the start of EAP authentication as well as when additional credentials are required to complete. Signed-hostap: Paul Stewart <pstew@chromium.org>
2013-01-12 18:51:18 +01:00
wpas_notify_eap_status(wpa_s, "eap parameter needed", field_name);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
buflen = 100 + os_strlen(txt) + ssid->ssid_len;
buf = os_malloc(buflen);
if (buf == NULL)
return;
len = os_snprintf(buf, buflen,
WPA_CTRL_REQ "%s-%d:%s needed for SSID ",
Use an enum for EAP SM requests Control requests will be extended for non-EAP uses later, so it makes sense to have them be generic. Furthermore, having them defined as an enum is easier for processing internally, and more generic for control interfaces that may not use field names. The public ctrl_req_type / field_name conversion function will be used later by the D-Bus control interface too. Signed-off-by: Dan Williams <dcbw@redhat.com>
2011-10-24 18:00:19 +02:00
field_name, ssid->id, txt);
Check os_snprintf() result more consistently - automatic 1 This converts os_snprintf() result validation cases to use os_snprintf_error() where the exact rule used in os_snprintf_error() was used. These changes were done automatically with spatch using the following semantic patch: @@ identifier E1; expression E2,E3,E4,E5,E6; statement S1; @@ ( E1 = os_snprintf(E2, E3, ...); | int E1 = os_snprintf(E2, E3, ...); | if (E5) E1 = os_snprintf(E2, E3, ...); else E1 = os_snprintf(E2, E3, ...); | if (E5) E1 = os_snprintf(E2, E3, ...); else if (E6) E1 = os_snprintf(E2, E3, ...); else E1 = 0; | if (E5) { ... E1 = os_snprintf(E2, E3, ...); } else { ... return -1; } | if (E5) { ... E1 = os_snprintf(E2, E3, ...); } else if (E6) { ... E1 = os_snprintf(E2, E3, ...); } else { ... return -1; } | if (E5) { ... E1 = os_snprintf(E2, E3, ...); } else { ... E1 = os_snprintf(E2, E3, ...); } ) ? os_free(E4); - if (E1 < 0 || \( E1 >= E3 \| (size_t) E1 >= E3 \| (unsigned int) E1 >= E3 \| E1 >= (int) E3 \)) + if (os_snprintf_error(E3, E1)) ( S1 | { ... } ) Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 10:15:51 +01:00
if (os_snprintf_error(buflen, len)) {
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
os_free(buf);
return;
}
if (ssid->ssid && buflen > len + ssid->ssid_len) {
os_memcpy(buf + len, ssid->ssid, ssid->ssid_len);
len += ssid->ssid_len;
buf[len] = '\0';
}
buf[buflen - 1] = '\0';
wpa_msg(wpa_s, MSG_INFO, "%s", buf);
os_free(buf);
}
#else /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
#define wpa_supplicant_eap_param_needed NULL
#endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
Add new wpa_supplicant driver op for setting 802.1X port status This can be used with drivers that implement PAE to control whether normal data frames (non-EAPOL) are allowed.
2009-04-22 15:01:37 +02:00
static void wpa_supplicant_port_cb(void *ctx, int authorized)
{
struct wpa_supplicant *wpa_s = ctx;
Fix wpa_supplicant AP mode to ignore EAPOL Supplicant port callback This is needed to avoid setting EAPOL PAE port status incorrectly when using wpa_supplicant to control AP mode operations.
2010-07-18 05:25:41 +02:00
#ifdef CONFIG_AP
if (wpa_s->ap_iface) {
wpa_printf(MSG_DEBUG, "AP mode active - skip EAPOL Supplicant "
"port status: %s",
authorized ? "Authorized" : "Unauthorized");
return;
}
#endif /* CONFIG_AP */
Add new wpa_supplicant driver op for setting 802.1X port status This can be used with drivers that implement PAE to control whether normal data frames (non-EAPOL) are allowed.
2009-04-22 15:01:37 +02:00
wpa_printf(MSG_DEBUG, "EAPOL: Supplicant port status: %s",
authorized ? "Authorized" : "Unauthorized");
wpa_drv_set_supp_port(wpa_s, authorized);
}
Add dbus signal for information about server certification In general, this patch attemps to extend commit 00468b4650998144f794762206c695c962c54734 with dbus support. This can be used by dbus client to implement subject match text entry with preset value probed from server. This preset value, if user accepts it, is remembered and passed to subject_match config for any future authentication. Signed-off-by: Michael Chang <mchang@novell.com>
2011-07-05 11:22:32 +02:00
static void wpa_supplicant_cert_cb(void *ctx, int depth, const char *subject,
Add peer certificate alt subject name information to EAP events A new "CTRL-EVENT-EAP-PEER-ALT depth=<i> <alt name>" event is now used to provide information about server certificate chain alternative subject names for upper layers, e.g., to make it easier to configure constraints on the server certificate. For example: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:server.example.com Currently, this includes DNS, EMAIL, and URI components from the certificates. Similar information is priovided to D-Bus Certification signal in the new altsubject argument which is a string array of these items. Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-14 12:29:40 +01:00
const char *altsubject[], int num_altsubject,
Add dbus signal for information about server certification In general, this patch attemps to extend commit 00468b4650998144f794762206c695c962c54734 with dbus support. This can be used by dbus client to implement subject match text entry with preset value probed from server. This preset value, if user accepts it, is remembered and passed to subject_match config for any future authentication. Signed-off-by: Michael Chang <mchang@novell.com>
2011-07-05 11:22:32 +02:00
const char *cert_hash,
const struct wpabuf *cert)
{
struct wpa_supplicant *wpa_s = ctx;
Add peer certificate alt subject name information to EAP events A new "CTRL-EVENT-EAP-PEER-ALT depth=<i> <alt name>" event is now used to provide information about server certificate chain alternative subject names for upper layers, e.g., to make it easier to configure constraints on the server certificate. For example: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:server.example.com Currently, this includes DNS, EMAIL, and URI components from the certificates. Similar information is priovided to D-Bus Certification signal in the new altsubject argument which is a string array of these items. Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-14 12:29:40 +01:00
wpas_notify_certification(wpa_s, depth, subject, altsubject,
num_altsubject, cert_hash, cert);
Add dbus signal for information about server certification In general, this patch attemps to extend commit 00468b4650998144f794762206c695c962c54734 with dbus support. This can be used by dbus client to implement subject match text entry with preset value probed from server. This preset value, if user accepts it, is remembered and passed to subject_match config for any future authentication. Signed-off-by: Michael Chang <mchang@novell.com>
2011-07-05 11:22:32 +02:00
}
wpa_supplicant: Report EAP connection progress to DBus Send an "EAP" signal via the new DBus interface under various conditions during EAP authentication: - During method selection (ACK and NAK) - During certificate verification - While sending and receiving TLS alert messages - EAP success and failure messages This provides DBus callers a number of new tools: - The ability to probe an AP for available EAP methods (given an identity). - The ability to identify why the remote certificate was not verified. - The ability to identify why the remote peer refused a TLS connection. Signed-hostap: Paul Stewart <pstew@chromium.org>
2012-06-04 20:10:01 +02:00
static void wpa_supplicant_status_cb(void *ctx, const char *status,
const char *parameter)
{
struct wpa_supplicant *wpa_s = ctx;
wpas_notify_eap_status(wpa_s, status, parameter);
}
EAP-SIM/AKA: Store pseudonym identity in configuration Use the anonymous_identity field to store EAP-SIM/AKA pseudonym identity so that this can be maintained between EAP sessions (e.g., after wpa_supplicant restart) even if fast re-authentication data was cleared. Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-02 12:04:18 +02:00
static void wpa_supplicant_set_anon_id(void *ctx, const u8 *id, size_t len)
{
struct wpa_supplicant *wpa_s = ctx;
char *str;
int res;
wpa_hexdump_ascii(MSG_DEBUG, "EAP method updated anonymous_identity",
id, len);
if (wpa_s->current_ssid == NULL)
return;
if (id == NULL) {
if (wpa_config_set(wpa_s->current_ssid, "anonymous_identity",
"NULL", 0) < 0)
return;
} else {
str = os_malloc(len * 2 + 1);
if (str == NULL)
return;
wpa_snprintf_hex(str, len * 2 + 1, id, len);
res = wpa_config_set(wpa_s->current_ssid, "anonymous_identity",
str, 0);
os_free(str);
if (res < 0)
return;
}
if (wpa_s->conf->update_config) {
res = wpa_config_write(wpa_s->confname, wpa_s->conf);
if (res) {
wpa_printf(MSG_DEBUG, "Failed to update config after "
"anonymous_id update");
}
}
}
Comment out unused functions if IEEE8021X_EAPOL is not defined
2009-05-29 21:35:31 +02:00
#endif /* IEEE8021X_EAPOL */
Add new wpa_supplicant driver op for setting 802.1X port status This can be used with drivers that implement PAE to control whether normal data frames (non-EAPOL) are allowed.
2009-04-22 15:01:37 +02:00
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
int wpa_supplicant_init_eapol(struct wpa_supplicant *wpa_s)
{
#ifdef IEEE8021X_EAPOL
struct eapol_ctx *ctx;
ctx = os_zalloc(sizeof(*ctx));
if (ctx == NULL) {
wpa_printf(MSG_ERROR, "Failed to allocate EAPOL context.");
return -1;
}
ctx->ctx = wpa_s;
ctx->msg_ctx = wpa_s;
ctx->eapol_send_ctx = wpa_s;
ctx->preauth = 0;
ctx->eapol_done_cb = wpa_supplicant_notify_eapol_done;
ctx->eapol_send = wpa_supplicant_eapol_send;
ctx->set_wep_key = wpa_eapol_set_wep_key;
Fix build with CONFIG_NO_CONFIG_BLOBS Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-16 11:20:21 +01:00
#ifndef CONFIG_NO_CONFIG_BLOBS
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
ctx->set_config_blob = wpa_supplicant_set_config_blob;
ctx->get_config_blob = wpa_supplicant_get_config_blob;
Fix build with CONFIG_NO_CONFIG_BLOBS Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-16 11:20:21 +01:00
#endif /* CONFIG_NO_CONFIG_BLOBS */
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
ctx->aborted_cached = wpa_supplicant_aborted_cached;
ctx->opensc_engine_path = wpa_s->conf->opensc_engine_path;
ctx->pkcs11_engine_path = wpa_s->conf->pkcs11_engine_path;
ctx->pkcs11_module_path = wpa_s->conf->pkcs11_module_path;
wpa_supplicant: Allow OpenSSL cipherlist string to be configured The new openssl_cipher configuration parameter can be used to select which TLS cipher suites are enabled for TLS-based EAP methods when OpenSSL is used as the TLS library. This parameter can be used both as a global parameter to set the default for all network blocks and as a network block parameter to override the default for each network profile. Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-12 10:53:51 +02:00
ctx->openssl_ciphers = wpa_s->conf->openssl_ciphers;
WPS: Moved wps_context initialization into wps_supplicant.c The wps_context data is now managed at wpa_supplicant, not EAP-WSC. This makes wpa_supplicant design for WPS match with hostapd one and also makes it easier configure whatever parameters and callbacks are needed for WPS.
2008-11-28 19:32:13 +01:00
ctx->wps = wpa_s->wps;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
ctx->eap_param_needed = wpa_supplicant_eap_param_needed;
Add new wpa_supplicant driver op for setting 802.1X port status This can be used with drivers that implement PAE to control whether normal data frames (non-EAPOL) are allowed.
2009-04-22 15:01:37 +02:00
ctx->port_cb = wpa_supplicant_port_cb;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
ctx->cb = wpa_supplicant_eapol_cb;
Add dbus signal for information about server certification In general, this patch attemps to extend commit 00468b4650998144f794762206c695c962c54734 with dbus support. This can be used by dbus client to implement subject match text entry with preset value probed from server. This preset value, if user accepts it, is remembered and passed to subject_match config for any future authentication. Signed-off-by: Michael Chang <mchang@novell.com>
2011-07-05 11:22:32 +02:00
ctx->cert_cb = wpa_supplicant_cert_cb;
Include peer certificate always in EAP events This makes it easier for upper layer applications to get information regarding the server certificate without having to use a special certificate probing connection. This provides both the SHA256 hash of the certificate (to be used with ca_cert="hash://server/sha256/<hash>", if desired) and the full DER encoded X.509 certificate so that upper layer applications can parse and display the certificate easily or extract fields from it for purposes like configuring an altsubject_match or domain_suffix_match. The old behavior can be configured by adding cert_in_cb=0 to wpa_supplicant configuration file. Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-14 11:14:31 +01:00
ctx->cert_in_cb = wpa_s->conf->cert_in_cb;
wpa_supplicant: Report EAP connection progress to DBus Send an "EAP" signal via the new DBus interface under various conditions during EAP authentication: - During method selection (ACK and NAK) - During certificate verification - While sending and receiving TLS alert messages - EAP success and failure messages This provides DBus callers a number of new tools: - The ability to probe an AP for available EAP methods (given an identity). - The ability to identify why the remote certificate was not verified. - The ability to identify why the remote peer refused a TLS connection. Signed-hostap: Paul Stewart <pstew@chromium.org>
2012-06-04 20:10:01 +02:00
ctx->status_cb = wpa_supplicant_status_cb;
EAP-SIM/AKA: Store pseudonym identity in configuration Use the anonymous_identity field to store EAP-SIM/AKA pseudonym identity so that this can be maintained between EAP sessions (e.g., after wpa_supplicant restart) even if fast re-authentication data was cleared. Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-02 12:04:18 +02:00
ctx->set_anon_id = wpa_supplicant_set_anon_id;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
ctx->cb_ctx = wpa_s;
wpa_s->eapol = eapol_sm_init(ctx);
if (wpa_s->eapol == NULL) {
os_free(ctx);
wpa_printf(MSG_ERROR, "Failed to initialize EAPOL state "
"machines.");
return -1;
}
#endif /* IEEE8021X_EAPOL */
return 0;
}
Remove compiler warning on CONFIG_NO_WPA build wpa_supplicant_set_rekey_offload() is used only if CONFIG_NO_WPA is not defined. Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-18 14:14:54 +01:00
#ifndef CONFIG_NO_WPA
Preparations for variable length KCK and KEK This modifies struct wpa_ptk to allow the length of KCK and KEK to be stored. This is needed to allow longer keys to be used, e.g., with Suite B 192-bit level. Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-25 15:49:18 +01:00
static void wpa_supplicant_set_rekey_offload(void *ctx,
const u8 *kek, size_t kek_len,
const u8 *kck, size_t kck_len,
nl80211: Support GTK rekey offload Add support to wpa_supplicant for device-based GTK rekeying. In order to support that, pass the KEK, KCK, and replay counter to the driver, and handle rekey events that update the latter. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-07-12 20:22:51 +02:00
const u8 *replay_ctr)
{
struct wpa_supplicant *wpa_s = ctx;
Preparations for variable length KCK and KEK This modifies struct wpa_ptk to allow the length of KCK and KEK to be stored. This is needed to allow longer keys to be used, e.g., with Suite B 192-bit level. Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-25 15:49:18 +01:00
wpa_drv_set_rekey_info(wpa_s, kek, kek_len, kck, kck_len, replay_ctr);
nl80211: Support GTK rekey offload Add support to wpa_supplicant for device-based GTK rekeying. In order to support that, pass the KEK, KCK, and replay counter to the driver, and handle rekey events that update the latter. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-07-12 20:22:51 +02:00
}
Remove compiler warning on CONFIG_NO_WPA build wpa_supplicant_set_rekey_offload() is used only if CONFIG_NO_WPA is not defined. Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-18 14:14:54 +01:00
#endif /* CONFIG_NO_WPA */
nl80211: Support GTK rekey offload Add support to wpa_supplicant for device-based GTK rekeying. In order to support that, pass the KEK, KCK, and replay counter to the driver, and handle rekey events that update the latter. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-07-12 20:22:51 +02:00
Add support for offloading key management operations to the driver This commit introduces a QCA vendor command and event to provide an option to use extended versions of the nl80211 connect/roam operations in a way that allows drivers to offload key management operations to the driver/firmware. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-23 17:21:49 +02:00
static int wpa_supplicant_key_mgmt_set_pmk(void *ctx, const u8 *pmk,
size_t pmk_len)
{
struct wpa_supplicant *wpa_s = ctx;
if (wpa_s->conf->key_mgmt_offload)
return wpa_drv_set_key(wpa_s, WPA_ALG_PMK, NULL, 0, 0,
NULL, 0, pmk, pmk_len);
else
return 0;
}
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
int wpa_supplicant_init_wpa(struct wpa_supplicant *wpa_s)
{
#ifndef CONFIG_NO_WPA
struct wpa_sm_ctx *ctx;
ctx = os_zalloc(sizeof(*ctx));
if (ctx == NULL) {
wpa_printf(MSG_ERROR, "Failed to allocate WPA context.");
return -1;
}
ctx->ctx = wpa_s;
Added a separate ctx pointer for wpa_msg() calls in WPA supp This is needed to allow IBSS RSN to use per-peer context while maintaining support for wpa_msg() calls to get *wpa_s as the pointer.
2009-01-17 16:54:40 +01:00
ctx->msg_ctx = wpa_s;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
ctx->set_state = _wpa_supplicant_set_state;
ctx->get_state = _wpa_supplicant_get_state;
ctx->deauthenticate = _wpa_supplicant_deauthenticate;
ctx->set_key = wpa_supplicant_set_key;
ctx->get_network_ctx = wpa_supplicant_get_network_ctx;
ctx->get_bssid = wpa_supplicant_get_bssid;
ctx->ether_send = _wpa_ether_send;
ctx->get_beacon_ie = wpa_supplicant_get_beacon_ie;
ctx->alloc_eapol = _wpa_alloc_eapol;
ctx->cancel_auth_timeout = _wpa_supplicant_cancel_auth_timeout;
ctx->add_pmkid = wpa_supplicant_add_pmkid;
ctx->remove_pmkid = wpa_supplicant_remove_pmkid;
#ifndef CONFIG_NO_CONFIG_BLOBS
ctx->set_config_blob = wpa_supplicant_set_config_blob;
ctx->get_config_blob = wpa_supplicant_get_config_blob;
#endif /* CONFIG_NO_CONFIG_BLOBS */
ctx->mlme_setprotection = wpa_supplicant_mlme_setprotection;
#ifdef CONFIG_IEEE80211R
ctx->update_ft_ies = wpa_supplicant_update_ft_ies;
ctx->send_ft_action = wpa_supplicant_send_ft_action;
FT: Add driver op for marking a STA authenticated This can be used with FT-over-DS where FT Action frame exchange triggers transition to State 2 (authenticated) without Authentication frame exchange.
2010-03-13 17:28:15 +01:00
ctx->mark_authenticated = wpa_supplicant_mark_authenticated;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
#endif /* CONFIG_IEEE80211R */
TDLS: Add initial support for TDLS (IEEE Std 802.11z-2010)
2010-10-07 09:26:56 +02:00
#ifdef CONFIG_TDLS
TDLS: Get TDLS related capabilities from driver Put glue code in place to propagate TDLS related driver capabilities to the TDLS state machine. If the driver doesn't support capabilities, assume TDLS is supported internally. When TDLS is explicitly not supported, disable all user facing TDLS operations. Signed-off-by: Arik Nemtsov <arik@wizery.com> Cc: Kalyan C Gaddam <chakkal@iit.edu>
2011-09-26 12:55:25 +02:00
ctx->tdls_get_capa = wpa_supplicant_tdls_get_capa;
TDLS: Add initial support for TDLS (IEEE Std 802.11z-2010)
2010-10-07 09:26:56 +02:00
ctx->send_tdls_mgmt = wpa_supplicant_send_tdls_mgmt;
ctx->tdls_oper = wpa_supplicant_tdls_oper;
TDLS: Add peer as a STA during link setup Before commencing setup, add a new STA entry to the driver representing the peer. Later during setup, update the STA entry using information received from the peer. Extend sta_add() callback for adding/modifying a TDLS peer entry and connect it to the TDLS state machine. Implement this callback for the nl80211 driver and send peer information to kernel. Mark TDLS peer entries with a new flag and translate it to a corresponding nl80211 flag in the nl80211 driver. In addition, correct TDLS related documentation in the wpa_driver_ops structure. Signed-off-by: Arik Nemtsov <arik@wizery.com> Cc: Kalyan C Gaddam <chakkal@iit.edu>
2011-10-23 13:02:57 +02:00
ctx->tdls_peer_addset = wpa_supplicant_tdls_peer_addset;
TDLS: Propagate enable/disable channel-switch commands to driver The supplicant code does not try to control the actual channel of the radio at any point. It simply passes the target peer and channel parameters to the driver. It's the driver's responsibility to periodically initiate TDLS channel-switch operations when TDLS channel-switching is enabled. Allow enable/disable operations to be invoked via the control interface. Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2014-12-29 06:20:51 +01:00
ctx->tdls_enable_channel_switch =
wpa_supplicant_tdls_enable_channel_switch;
ctx->tdls_disable_channel_switch =
wpa_supplicant_tdls_disable_channel_switch;
TDLS: Add initial support for TDLS (IEEE Std 802.11z-2010)
2010-10-07 09:26:56 +02:00
#endif /* CONFIG_TDLS */
nl80211: Support GTK rekey offload Add support to wpa_supplicant for device-based GTK rekeying. In order to support that, pass the KEK, KCK, and replay counter to the driver, and handle rekey events that update the latter. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-07-12 20:22:51 +02:00
ctx->set_rekey_offload = wpa_supplicant_set_rekey_offload;
Add support for offloading key management operations to the driver This commit introduces a QCA vendor command and event to provide an option to use extended versions of the nl80211 connect/roam operations in a way that allows drivers to offload key management operations to the driver/firmware. Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-23 17:21:49 +02:00
ctx->key_mgmt_set_pmk = wpa_supplicant_key_mgmt_set_pmk;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
wpa_s->wpa = wpa_sm_init(ctx);
if (wpa_s->wpa == NULL) {
wpa_printf(MSG_ERROR, "Failed to initialize WPA state "
"machine");
Fix memory leak on wpa_supplicant_init_wpa() error path If wpa_sm_init() fails, the context data needs to be freed in the caller. Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-06 22:01:00 +01:00
os_free(ctx);
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
return -1;
}
#endif /* CONFIG_NO_WPA */
return 0;
}
void wpa_supplicant_rsn_supp_set_config(struct wpa_supplicant *wpa_s,
struct wpa_ssid *ssid)
{
struct rsn_supp_config conf;
if (ssid) {
os_memset(&conf, 0, sizeof(conf));
Make proactive key caching working again Function 'wpa_sm_set_config' used the argument 'config' as the network context which is a pointer to a local variable of the function 'wpa_supplicant_rsn_supp_set_config'. This is one reason why no proactive key was generated. This network context never matched with the network context saved in the pmksa cache entries. The structure 'rsn_supp_config' has already a member 'network_ctx' which is now filled in by this patch with 'ssid'. Signed-off-by: Michael Bernhard <michael.bernhard@bfh.ch>
2008-07-06 09:50:53 +02:00
conf.network_ctx = ssid;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
conf.peerkey_enabled = ssid->peerkey;
conf.allowed_pairwise_cipher = ssid->pairwise_cipher;
Fix compilation without IEEE8021X_EAPOL defined
2008-04-28 16:06:43 +02:00
#ifdef IEEE8021X_EAPOL
Allow OKC to be enabled by default Previously, OKC (opportunistic key caching, a.k.a. proactive key caching) could be enabled only with a per-network parameter (proactive_key_caching). The new global parameter (okc) can now be used to change the default behavior to be OKC enabled (okc=1) for network blocks that do not override this with the proactive_key_caching parameter. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-12 19:07:53 +01:00
conf.proactive_key_caching = ssid->proactive_key_caching < 0 ?
wpa_s->conf->okc : ssid->proactive_key_caching;
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
conf.eap_workaround = ssid->eap_workaround;
conf.eap_conf_ctx = &ssid->eap;
Fix compilation without IEEE8021X_EAPOL defined
2008-04-28 16:06:43 +02:00
#endif /* IEEE8021X_EAPOL */
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
conf.ssid = ssid->ssid;
conf.ssid_len = ssid->ssid_len;
Added support for enforcing frequent PTK rekeying Added a new configuration option, wpa_ptk_rekey, that can be used to enforce frequent PTK rekeying, e.g., to mitigate some attacks against TKIP deficiencies. This can be set either by the Authenticator (to initiate periodic 4-way handshake to rekey PTK) or by the Supplicant (to request Authenticator to rekey PTK). With both wpa_ptk_rekey and wpa_group_rekey (in hostapd) set to 600, TKIP keys will not be used for more than 10 minutes which may make some attacks against TKIP more difficult to implement.
2008-11-06 18:57:21 +01:00
conf.wpa_ptk_rekey = ssid->wpa_ptk_rekey;
P2P: Add support for IP address assignment in 4-way handshake This new mechanism allows P2P Client to request an IPv4 address from the GO as part of the 4-way handshake to avoid use of DHCP exchange after 4-way handshake. If the new mechanism is used, the assigned IP address is shown in the P2P-GROUP-STARTED event on the client side with following new parameters: ip_addr, ip_mask, go_ip_addr. The assigned IP address is included in the AP-STA-CONNECTED event on the GO side as a new ip_addr parameter. The IP address is valid for the duration of the association. The IP address pool for this new mechanism is configured as global wpa_supplicant configuration file parameters ip_addr_go, ip_addr_mask, ip_addr_star, ip_addr_end. For example: ip_addr_go=192.168.42.1 ip_addr_mask=255.255.255.0 ip_addr_start=192.168.42.2 ip_addr_end=192.168.42.100 DHCP mechanism is expected to be enabled at the same time to support P2P Devices that do not use the new mechanism. The easiest way of managing the IP addresses is by splitting the IP address range into two parts and assign a separate range for wpa_supplicant and DHCP server. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-16 18:13:31 +01:00
#ifdef CONFIG_P2P
P2P: Add test option to disable IP address assignment request Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-04 18:09:10 +02:00
if (ssid->p2p_group && wpa_s->current_bss &&
!wpa_s->p2p_disable_ip_addr_req) {
P2P: Add support for IP address assignment in 4-way handshake This new mechanism allows P2P Client to request an IPv4 address from the GO as part of the 4-way handshake to avoid use of DHCP exchange after 4-way handshake. If the new mechanism is used, the assigned IP address is shown in the P2P-GROUP-STARTED event on the client side with following new parameters: ip_addr, ip_mask, go_ip_addr. The assigned IP address is included in the AP-STA-CONNECTED event on the GO side as a new ip_addr parameter. The IP address is valid for the duration of the association. The IP address pool for this new mechanism is configured as global wpa_supplicant configuration file parameters ip_addr_go, ip_addr_mask, ip_addr_star, ip_addr_end. For example: ip_addr_go=192.168.42.1 ip_addr_mask=255.255.255.0 ip_addr_start=192.168.42.2 ip_addr_end=192.168.42.100 DHCP mechanism is expected to be enabled at the same time to support P2P Devices that do not use the new mechanism. The easiest way of managing the IP addresses is by splitting the IP address range into two parts and assign a separate range for wpa_supplicant and DHCP server. Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-16 18:13:31 +01:00
struct wpabuf *p2p;
p2p = wpa_bss_get_vendor_ie_multi(wpa_s->current_bss,
P2P_IE_VENDOR_TYPE);
if (p2p) {
u8 group_capab;
group_capab = p2p_get_group_capab(p2p);
if (group_capab &
P2P_GROUP_CAPAB_IP_ADDR_ALLOCATION)
conf.p2p = 1;
wpabuf_free(p2p);
}
}
#endif /* CONFIG_P2P */
Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release
2008-02-28 02:34:43 +01:00
}
wpa_sm_set_config(wpa_s->wpa, ssid ? &conf : NULL);
}
Reference in a new issue Copy permalink