Commit graph

3460 commits

Author SHA1 Message Date
Jouni Malinen
16bc3b8935 OpenSSL: Add SHA256 support in openssl_tls_prf() for TLSv1.2
This is needed when enabling TLSv1.2 support for EAP-FAST since the
SSL_export_keying_material() call does not support the needed parameters
for TLS PRF and the external-to-OpenSSL PRF needs to be used instead.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-28 21:00:17 +03:00
Max Stepanov
88f3d7c980 P2PS: Add feature capability to PD events
Report the feature capability on P2PS-PROV-START and P2PS-PROV-DONE
ctrl-iface events. A feature capability value is specified as
'feature_cap=<hex>' event parameter, where <val> is a hexadecimal
string of feature capability bytes in a PD Response frame.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-27 00:47:19 +03:00
Max Stepanov
0670de74ae P2PS: Add CPT parameter to P2PS_PROVISION and P2PS_PROVISION_RESP
Add a parameter allowing to specify a value of Coordination
Protocol Transport to P2PS_PROVISION and P2PS_PROVISION_RESP commands.

Extend the p2ps_provision structure to contain cpt_priority and
cpt_mask properties and initialize them on a P2PS PD request command.

The format of the parameter:
    cpt=<cpt>[:cpt]

where <cpt> is CPT name e.g. UDP or MAC. The CPT names are listed
according to their preferences to be used for a specific P2PS session.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-27 00:47:19 +03:00
Max Stepanov
e2b7fbf2fb P2PS: Add CPT parameter to P2P_SERVICE_ADD asp command
Add Coordination Transport Protocol parameter to P2P_SERVICE_ADD
asp command.

Extend p2ps_advertisement structure to contain CPT priorities
and a supported CPT bitmask.

The format of the new parameter:
    cpt=<cpt>[:<cpt>]

where <cpt> is a name of the Coordination Protocol Transport.
This implementation supports two CPT names: UDP and MAC.
The order of specified CPTs defines their priorities where
the first one has the highest priority.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-27 00:47:19 +03:00
Jouni Malinen
5dbd3bf915 FST: Avoid memory leak on double FST-ATTACH
Do not allow wpa_s->fst to be replaced when processing FST-ATTACH
command for an interface that has already been attached.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-26 18:12:09 +03:00
Jouni Malinen
b525cbab86 wpa_cli: Skip action script execution when eloop termination is pending
Try to exit more quickly by avoiding execution of the action script for
any pending events if the process is requested to be killed. This may
help in avoiding hitting the two second SIGALRM workaround in eloop in
case some of the action scripts block for long period of time.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-22 17:10:32 +03:00
Jouni Malinen
df4cea898c FST: Include fst/fst.h explicitly into wpa_supplicant/ctrl_iface.c
This header file is needed to get struct fst_iface_cfg and struct
fst_wpa_obj defined. While it does currently get pulled in through
ap/hostapd.h and ap/ap_config.h, a more explicit inclusion may be a
cleaner option for future.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-21 13:15:24 +03:00
Jouni Malinen
3188aabaf1 Add shared periodic cleanup function for AP mode
This new mechanism can be used to combine multiple periodic AP
(including P2P GO) task into a single eloop timeout to minimize number
of wakeups for the process. hostapd gets its own periodic caller and
wpa_supplicant uses the previously added timer to trigger these calls.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-20 13:33:30 +03:00
Jouni Malinen
8c0d0ff22e Use a single cleanup timer per wpa_supplicant process
Previously, one timeout per process (by default every 30 seconds) was
used P2P peer expiration and another per-interface timeout (every 10
seconds) was used to expire BSS entries. Merge these to a single
per-process timeout that triggers every 10 seconds to minimize number of
process wakeups due to periodic operations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-20 13:28:12 +03:00
Jouni Malinen
a0f04da517 FST: Mark get_mb_ie() return value const
The caller is not expected to free or modify the value since this is
returning a reference to a buffer maintained by the upper layer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-18 17:23:55 +03:00
Jouni Malinen
b7a07937ee FST: Show FST IE update details in debug log
This makes it more convenient to debug FST IE updates.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-17 16:29:20 +03:00
Anton Nayshtut
daae49955f Add global wpa_supplicant DUP_NETWORK command
This command allows network variables to be copied from one network to
another when the networks belong to different radios. This is similar to
the per-interface DUP_NETWORK command. On the global control interface,
the command syntax is as follows:

DUP_NETWORK <src ifname> <dst ifname> <src network id> <dst network id> <variable name>

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:16 +03:00
Anton Nayshtut
a8dab08a28 FST: Testing support
This patch introduces infrastructure needed for FST module tests.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:16 +03:00
Anton Nayshtut
79c7b36d12 FST: wpa_supplicant build rules
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
3794af2dc1 FST: wpa_supplicant control interface
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
9fbfd1b0d4 FST: Send FST Action frame for processing (wpa_supplicant)
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
b36a3a65aa FST: Integration into wpa_supplicant
This commit integrates the FST into the wpa_supplicant.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
55de4d4ba3 FST: wpa_supplicant [FST] flag for BSS in scan results
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
76ca15b7db FST: wpa_supplicant configuration parameters
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
ee1e3f57b5 hostapd: Global control interface notifications
This commit implements hostapd global control interface notifications
infrastructure. hostapd global control interface clients issue
ATTACH/DETACH commands to register and deregister with hostapd
correspondingly - the same way as for any other hostapd/wpa_supplicant
control interface.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 12:33:29 +03:00
Jouni Malinen
5650d379a3 OpenSSL: Add option to disable use of TLSv1.0
The new phase1 config parameter value tls_disable_tlsv1_0=1 can now be
used to disable use of TLSv1.0 for a network configuration. This can be
used to force a newer TLS version to be used. For example,
phase1="tls_disable_tlsv1_0=1 tls_disable_tlsv1_1=1" would indicate that
only TLS v1.2 is accepted.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-08 19:27:57 +03:00
Hahn, Maital
aa517ae227 wpa_supplicant: Fix a typo in wpa_scan_result_compar()
A typo in wpa_scan_result_compar() caused wrong scan results sorting
(and wrong roaming decision). This fixes a copy-paste regression
introduced by commit a1b790eb9d ('Select
AP based on estimated maximum throughput').

Signed-off-by: Maital Hahn <maitalm@ti.com>
2015-07-08 16:52:42 +03:00
Andrei Otcheretianski
5cc6ec0f68 P2PS: Set intended interface address correctly for new group
If a device may be an explicit GO, it adds the GO details in the PD
Request. First, we try to reuse an active GO. If it is not present, we
try to reuse a non-active persistent group. In the latter case, if a
dedicated P2P interface is needed, the intended address should be that
of the pending interface. However, the wpas_get_go_info() provided the
ssid->bssid address, which is the address of the P2P device. This might
result in an incorrect intended interface attribute in the PD Request in
case a separate group interface is used.

Fix this by setting group_iface variable to true only if a dedicated
interface should be used and set the attribute accordingly.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-07 20:57:07 +03:00
Andrei Otcheretianski
1f14e2bf92 P2PS: Add PD Response validation
Validate the PD Response frame contents more thoroughly when it is used
for P2PS.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-07 20:52:38 +03:00
Andrei Otcheretianski
1f1a08b4cc P2PS: Add intended iface address during PD for persistent group
When persistent group is used and the peer is GO in this group,
intended interface attribute should be added to PD request/response.
Not doing so violates the spec.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-07 20:41:19 +03:00
Andrei Otcheretianski
23bb9828a3 P2PS: Fix P2PS-PROV-DONE event on GO
If after P2PS PD the device should become a GO it sends P2PS-PROV-DONE
event which contains the GO interface name. If the GO isn't running yet
the device may use pending interface name. However, when the GO is
started, pending interface name will be removed.

Fix the GO interface name in P2PS-PROV-DONE event by copying the
interface name instead of saving the pointer.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-07 20:34:14 +03:00
Andrei Otcheretianski
a698d6c85f P2PS: Use wpas_p2p_create_iface() to check if dedicated iface is needed
Call wpas_p2p_create_iface() instead of just checking p2p_no_group_iface
config value. Not doing so, resulted in an incorrect behavior when the
driver sets WPA_DRIVER_FLAGS_DEDICATED_P2P_DEVICE flag.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-07 20:30:12 +03:00
Jouni Malinen
66f1e078e7 DATA_TEST_TX: Avoid ubsan warning on 0x80<<24 not fitting in int
Use unsigned constant instead of signed to avoid warning with the LSB
being set in an int.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
75352270fa Avoid misaligned IPv4 header accesses in DATA_TEST_* commands
The IPv4 header after the Ethernet header is not 32-bit aligned and the
previous version ended up accessing 32-bit members at misaligned
addresses.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
96e8c13da7 D-Bus: Fix dont_quote const declaration
Commit 38279bdb35 ('D-Bus: Coding style
cleanup') handled the dbus_new_handlers.c change properly, but misplaced
the second 'const' in dbus_old_handlers.c in a way that resulted in
duplicated const rather than marking the actual value const.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
2da525651d Add backtrace-based error path testing mechanism
The new TEST_FAIL and GET_FAIL control interface commands can be used
similarly to the earlier TEST_ALLOC_FAIL/GET_ALLOC_FAIL design. The new
version is more generic framework allowing any function to be annotated
for failure testing with the TEST_FAIL() macro. This mechanism is only
available in builds with CONFIG_WPA_TRACE_BFD=y and
CONFIG_TESTING_OPTIONS=y. For other builds, the TEST_FAIL() macro is
defined to return 0 to allow the compiler to remove the test code from
normal production builds.

As the first test site, allow os_get_random() to be marked for failing
based on call backtrace.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-29 23:23:56 +03:00
Jouni Malinen
55413ce072 P2P: Do not allow 40 MHz co-ex PRI/SEC switch to force MCC
Do not allow 40 MHz co-ex PRI/SEC switch to force us to change our PRI
channel if we have an existing connection on the selected PRI channel
since doing multi-channel concurrency is likely to cause more harm than
using different PRI/SEC selection in environment with multiple BSSes on
these two channels with mixed 20 MHz or PRI channel selection.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-28 18:14:58 +03:00
Stepanov, Max
a9ea609ce8 P2PS: Fix p2p_find last parameter handling
In p2p_find command line processing a loop searching for multiple
'seek=' parameters modifies cmd buffer adding '\0' terminators.
The 'freq=' parameter is handled after that and can be
lost if a 'freq=' follows 'seek=' in a command line.
Fix it by moving a handling of 'freq=' parameter to be processed
before 'seek=' handling loop.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
2015-06-27 23:49:15 +03:00
Dmitry Shmidt
4f39908b60 Send CTRL-EVENT-NETWORK-NOT-FOUND if no suitable network was found
This provides more information to upper layer programs on what happens
with connection attempts in cases where the enabled networks are not
found in scan results.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2015-06-27 11:08:08 +03:00
Purushottam Kushwaha
123df27eae D-Bus: Fix typos in debug print
Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com>
2015-06-26 23:01:37 +03:00
Kevin Cernekee
a1407217b1 Android: Rename ANDROID_P2P_STUB to ANDROID_LIB_STUB
If BOARD_HOSTAPD_PRIVATE_LIB is not used on an Android build, we will
need to replace both the p2p functions *and* wpa_driver_nl80211_driver_cmd
in order to successfully link.  Let's make the name more generic so it is
more obvious what it is used for.

Suggested-by: Dmitry Shmidt <dimitrysh@google.com>
Signed-off-by: Kevin Cernekee <cernekee@google.com>
2015-06-26 22:46:16 +03:00
Maneesh Jain
2ba4de37cb D-Bus: Add documentation for wpas_dbus_signal_peer_groups_changed()
This is needed to add this function into Doxygen documentation.

Signed-off-by: Maneesh Jain <maneesh.jain@samsung.com>
2015-06-26 22:44:41 +03:00
Maneesh Jain
e48b5e24a7 D-Bus: Fix typo in dbus signal function documentation
Signed-off-by: Maneesh Jain <maneesh.jain@samsung.com>
2015-06-26 22:44:41 +03:00
Maneesh Jain
09d5048b76 D-Bus: Add function documentation for wpas_dbus_unregister_interface()
This is needed to add this function into Doxygen documentation.

Signed-off-by: Maneesh Jain <maneesh.jain@samsung.com>
2015-06-26 22:44:41 +03:00
Maneesh Jain
adfbbd2b48 D-Bus: Add function documentation for wpas_dbus_register_interface()
This is needed to add this function into Doxygen documentation.

Signed-off-by: Maneesh Jain <maneesh.jain@samsung.com>
2015-06-26 22:44:41 +03:00
Maneesh Jain
c5967f027a D-Bus: Fix wpas_dbus_signal_p2p_invitation_result() documentation
Signed-off-by: Maneesh Jain <maneesh.jain@samsung.com>
2015-06-26 22:44:41 +03:00
Jouni Malinen
6a58444d27 SAE: Verify that own/peer commit-scalar and COMMIT-ELEMENT are different
This check explicitly for reflection attack and stops authentication
immediately if that is detected instead of continuing to the following
4-way handshake that would fail due to the attacker not knowing the key
from the SAE exchange.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 23:10:36 +03:00
Jouni Malinen
8e2a3a4c21 dbus: Do not initialize variable twice
There is no point in initializing 'success' to FALSE when the actual
value is set just below this.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 21:16:35 +03:00
Jouni Malinen
c1a14ef42f Do not check unsigned size is less than zero
The variables here are unsigned and as such, cannot have a negative
value. Use == 0 instead of <= 0 to make this cleaner.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 21:16:15 +03:00
Jouni Malinen
f6332b0be1 wpa_gui: Initialize WpaGuiApp::w in the constructor
This gets rid of a static analyzer warning. The actual value for
WpaGuiApp::w will be set after the constructor has returned, so this
value was not really used uninitialized.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 20:23:31 +03:00
Jouni Malinen
91b7a5e146 Use unsigned/signed printf format more consistently
These configuration parameters did not use matching printf format string
parameters (signed vs. unsigned). While these configuratin values are,
in practice, small unsigned integers, the implementation should use
matching types to write these.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 20:08:00 +03:00
Jouni Malinen
04e6c4cc50 Fix SAE group selection in an error case
The sae_groups parameter is zero terminated array, not -1 terminated, so
must check the value against <= 0 to break out from the loop.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-20 23:29:57 +03:00
Jouni Malinen
ce8963fc9f Remove WEP40/WEP104 cipher suite support for WPA/WPA2
As far as IEEE 802.11 standard is concerned, WEP is deprecated, but at
least in theory, allowed as a group cipher. This option is unlikely to
be deployed anywhere and to clean up the implementation, we might as
well remove all support for this combination.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-20 23:04:31 +03:00
Jouni Malinen
ee140ef98f FT: Stop association attempt if Auth response processing fails (SME)
Call the FT processing function directly instead of going through
wpa_supplicant_event() to process FT Authentication frame in SME case.
This allows parsing error to be used to trigger immediate failure for
the connection instead of trying to proceed to reassociation step that
cannot succeed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-20 17:36:58 +03:00
Ilan Peer
f43c1ae798 P2P: Handle P2P Device dedicated interface parent removal
In case of a network interface removal, check if the interface
was also the parent interface of the P2P Device dedicated interface.
If this is the case, then stop the P2P Device functionality, and
remove the P2P Device dedicated interface.

In case that the interface is added again and P2P Device
functionality can be enabled again, add a new P2P Device dedicated
interface and allow further P2P Device functionality.

In case that the P2P Device dedicated interface is re-created, the
original P2P Device configuration file is needed, so store it in
the global params (instead in the wpa_interface configuration).

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-06-19 16:22:26 +03:00