Commit graph

5997 commits

Author SHA1 Message Date
Dedy Lansky
53d171440f AP: Check ACL upon association request for 802.11ad
With device_ap_sme disabled, ACL was checked upon authentication
request. In 802.11ad there is no authentication phase so need to check
ACL upon association.

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
2017-01-30 22:22:40 +02:00
Daniel Kim
4cc61c3866 GAS: Set temporary session timeout bigger than gas_comeback_delay
Previously, the temporary STA session timeout was set to 5 seconds. If
gas_comeback_delay is configured to be longer than 5 seconds, GAS
Comeback Response frame can't include queried information as all pending
data has already been cleared due to session timeout. This commit
resolves the issue by setting session timeout to be larger than
gas_comeback_delay.

Signed-off-by: Daniel Kim <kimdan@qca.qualcomm.com>
2017-01-30 13:25:48 +02:00
Sunil Dutt
a9491695b3 QCA vendor command to set/get NUD statistics
This commit introduces QCA vendor commands and the corresponding
attributes to set/get NUD (Network Unreachability Detection) statistics.
The set NUD statistics configures the requisite parameters to the host
driver and thereby triggers the start/stop of collection of statistics.
The get stats fetches the statistics collected in the host driver.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-01-30 01:54:30 +02:00
Sunil Dutt
f593b6c11d nl80211: Do not reset vendor_scan_cookie after scan timeout
If vendor_scan_cookie is set to 0 after the scan_abort due to the scan
timeout ends in a cookie mismatch when processing the following
QCA_NL80211_VENDOR_SUBCMD_SCAN_DONE indication. This ends up considering
the scan results as being for an external scan and thus the current
ongoing scan is not removed from the radio_work. Hence, do not reset
this vendor_scan_cookie after the scan abort so that the scan completion
event gets processed properly and vendor_scan_cookie gets cleared at
that point.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-01-30 01:54:30 +02:00
Paul Stewart
6d08f23f0a OpenSSL/BoringSSL: Read certificate chain from client_cert on Android
If the keychain holds additional certificates other than the end
certificate, read them into the certificate chain.

Signed-off-by: Paul Stewart <pstew@google.com>
2017-01-30 01:54:30 +02:00
Wojciech Dubowik
cc3dae85bd hostapd: Add possibility to send debug messages to syslog
We can only send module specific messages to syslog and not debug
messages printed with wpa_printf. Add an extra command line parameter
'-s' to allow it. The feature is enabled with compile flag
CONFIG_DEBUG_SYSLOG as for wpa_supplicant and behaves in the same manner
as the wpa_supplicant -s command line argument.

Signed-off-by: Wojciech Dubowik <Wojciech.Dubowik@neratec.com>
2017-01-30 00:57:13 +02:00
Jouni Malinen
968dce9b13 FST: Silence compiler warning on WPA_ASSERT
This was triggering a sign-compare warning.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-29 18:45:29 +02:00
Jouni Malinen
17e20b1e2b FST: Remove a bogus WPA_ASSERT()
own_addr is not defined here, so no idea what this WPA_ASSERT() was
trying to check.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-29 18:44:36 +02:00
Johannes Berg
cef8fac04b wpa_auth: Make struct wpa_auth_callbacks const
Instead of copying the struct wpa_auth_callbacks, just keep a pointer to
it, keep the context pointer separate, and let the user just provide a
static const structure. This reduces the attack surface of heap
overwrites, since the function pointers move elsewhere.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-01-29 18:41:26 +02:00
Johannes Berg
30eddf3529 Fix or supress various sparse warnings
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2017-01-29 18:33:10 +02:00
Masashi Honma
9eb5757a86 Define helper function set_disable_ht40()
This functionality can be used outside wpa_set_disable_ht40(), so move
the generic part to a helper function.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-01-29 18:04:21 +02:00
Masashi Honma
7813b7c34d nl80211: Fix a memory leak on deinit with HT enabled mesh
Commit a70cd0db87 ('nl80211: Don't
register for Beacon frames for IEEE 802.11ad AP') could cause a trailing
memory leak on IEEE 802.11n enabled mesh. This commit fixes the issue.

-----------------
ELOOP: remaining socket: sock=12 eloop_data=0xba8260 user_data=0xbb3d90 handler=0x4aeb90
WPA_TRACE: eloop unregistered socket handler: 0x4aeb90
     nl80211_recv_beacons() ../src/drivers/driver_nl80211.c:625
WPA_TRACE: eloop sock - START
[0]: ./hostap/wpa_supplicant/wpa_supplicant() [0x431f2a]
     eloop_sock_table_add_sock() ../src/utils/eloop.c:360
[1]: ./hostap/wpa_supplicant/wpa_supplicant() [0x4b0e49]
     nl80211_register_eloop_read() ../src/drivers/driver_nl80211.c:153
[2]: ./hostap/wpa_supplicant/wpa_supplicant() [0x4bacf0]
     dl_list_add() src/utils/list.h:30
     nl80211_get_wiphy_data_ap() ../src/drivers/driver_nl80211.c:728
     wpa_driver_nl80211_set_ap() ../src/drivers/driver_nl80211.c:3786
[3]: ./hostap/wpa_supplicant/wpa_supplicant(ieee802_11_set_beacon+0x150) [0x469700]
     ieee802_11_set_beacon() ../src/ap/beacon.c:1349
[4]: ./hostap/wpa_supplicant/wpa_supplicant(ieee802_11_set_beacons+0x45) [0x469805]
     ieee802_11_set_beacons() ../src/ap/beacon.c:1368
[5]: ./hostap/wpa_supplicant/wpa_supplicant() [0x437559]
     mesh_mpm_add_peer() mesh_mpm.c:688
[6]: ./hostap/wpa_supplicant/wpa_supplicant(wpa_mesh_new_mesh_peer+0x42) [0x439182]
     wpa_mesh_new_mesh_peer() mesh_mpm.c:737
[7]: ./hostap/wpa_supplicant/wpa_supplicant(wpa_mesh_notify_peer+0x80) [0x436460]
     wpa_mesh_notify_peer() mesh.c:347
[8]: ./hostap/wpa_supplicant/wpa_supplicant(wpa_supplicant_event+0xc7a) [0x4a69ba]
     wpa_supplicant_event() events.c:4312
[9]: ./hostap/wpa_supplicant/wpa_supplicant(process_global_event+0xaf0) [0x4c2d40]
     nl80211_new_peer_candidate() ../src/drivers/driver_nl80211_event.c:1247
     do_process_drv_event() ../src/drivers/driver_nl80211_event.c:2322
     process_global_event() ../src/drivers/driver_nl80211_event.c:2360
[10]: /lib/x86_64-linux-gnu/libnl-3.so.200(nl_recvmsgs_report+0x3dc) [0x7f937176873c]
[11]: /lib/x86_64-linux-gnu/libnl-3.so.200(nl_recvmsgs+0x9) [0x7f9371768ba9]
[12]: ./hostap/wpa_supplicant/wpa_supplicant() [0x4aeb58]
     wpa_driver_nl80211_event_receive() ../src/drivers/driver_nl80211.c:1457
[13]: ./hostap/wpa_supplicant/wpa_supplicant() [0x43242e]
     eloop_sock_table_dispatch() ../src/utils/eloop.c:598
[14]: ./hostap/wpa_supplicant/wpa_supplicant(eloop_run+0x22e) [0x432e0e]
     eloop_sock_table_dispatch() ../src/utils/eloop.c:589
     eloop_run() ../src/utils/eloop.c:1219
[15]: ./hostap/wpa_supplicant/wpa_supplicant(wpa_supplicant_run+0x77) [0x49e327]
     wpa_supplicant_run() wpa_supplicant.c:5608
WPA_TRACE: eloop sock - END
MEMLEAK[0xba81b0]: len 72
WPA_TRACE: memleak - START
[0]: ./hostap/wpa_supplicant/wpa_supplicant(os_malloc+0x57) [0x430d67]
     os_malloc() ../src/utils/os_unix.c:690
[1]: ./hostap/wpa_supplicant/wpa_supplicant(os_zalloc+0xe) [0x430fce]
     os_zalloc() ../src/utils/os_unix.c:749
[2]: ./hostap/wpa_supplicant/wpa_supplicant() [0x4babaa]
     nl80211_get_wiphy_data_ap() ../src/drivers/driver_nl80211.c:692
     wpa_driver_nl80211_set_ap() ../src/drivers/driver_nl80211.c:3786
[3]: ./hostap/wpa_supplicant/wpa_supplicant(ieee802_11_set_beacon+0x150) [0x469700]
     ieee802_11_set_beacon() ../src/ap/beacon.c:1349
[4]: ./hostap/wpa_supplicant/wpa_supplicant(ieee802_11_set_beacons+0x45) [0x469805]
     ieee802_11_set_beacons() ../src/ap/beacon.c:1368
[5]: ./hostap/wpa_supplicant/wpa_supplicant() [0x437559]
     mesh_mpm_add_peer() mesh_mpm.c:688
[6]: ./hostap/wpa_supplicant/wpa_supplicant(wpa_mesh_new_mesh_peer+0x42) [0x439182]
     wpa_mesh_new_mesh_peer() mesh_mpm.c:737
[7]: ./hostap/wpa_supplicant/wpa_supplicant(wpa_mesh_notify_peer+0x80) [0x436460]
     wpa_mesh_notify_peer() mesh.c:347
[8]: ./hostap/wpa_supplicant/wpa_supplicant(wpa_supplicant_event+0xc7a) [0x4a69ba]
     wpa_supplicant_event() events.c:4312
[9]: ./hostap/wpa_supplicant/wpa_supplicant(process_global_event+0xaf0) [0x4c2d40]
     nl80211_new_peer_candidate() ../src/drivers/driver_nl80211_event.c:1247
     do_process_drv_event() ../src/drivers/driver_nl80211_event.c:2322
     process_global_event() ../src/drivers/driver_nl80211_event.c:2360
[10]: /lib/x86_64-linux-gnu/libnl-3.so.200(nl_recvmsgs_report+0x3dc) [0x7f937176873c]
[11]: /lib/x86_64-linux-gnu/libnl-3.so.200(nl_recvmsgs+0x9) [0x7f9371768ba9]
[12]: ./hostap/wpa_supplicant/wpa_supplicant() [0x4aeb58]
     wpa_driver_nl80211_event_receive() ../src/drivers/driver_nl80211.c:1457
[13]: ./hostap/wpa_supplicant/wpa_supplicant() [0x43242e]
     eloop_sock_table_dispatch() ../src/utils/eloop.c:598
[14]: ./hostap/wpa_supplicant/wpa_supplicant(eloop_run+0x22e) [0x432e0e]
     eloop_sock_table_dispatch() ../src/utils/eloop.c:589
     eloop_run() ../src/utils/eloop.c:1219
[15]: ./hostap/wpa_supplicant/wpa_supplicant(wpa_supplicant_run+0x77) [0x49e327]
     wpa_supplicant_run() wpa_supplicant.c:5608
WPA_TRACE: memleak - END
MEMLEAK: total 72 bytes
-----------------

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-01-29 17:55:10 +02:00
Jouni Malinen
5208160b4b FILS: Parse received FILS HLP requests
This adds parsing of received FILS HLP requests from (Re)Association
Request frames. The reassembled requests are verified to be in valid
format and are printed in debug output. However, actual processing or
forwarding of the packets is not yet implemented, i.e., the vendor
specific frame filtering logic is for now practically dropping all HLP
requests.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-01-29 14:32:17 +02:00
Jouni Malinen
5732b770f4 FILS: Allow FILS HLP requests to be added
The new wpa_supplicant control interface commands FILS_HLP_REQ_FLUSH and
FILS_HLP_REQ_ADD can now be used to request FILS HLP requests to be
added to the (Re)Association Request frame whenever FILS authentication
is used.

FILS_HLP_REQ_ADD parameters use the following format:
<destination MAC address> <hexdump of payload starting from ethertype>

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-01-29 14:32:17 +02:00
Jouni Malinen
a1aa2aebc2 Remove unused WLAN_CIPHER_SUITE_* definitions
This gets rid of an unnecessary duplication of the definitions since all
the code has now been moved to using the earlier RSN_CIPHER_SUITE_*
definitions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-28 14:05:44 +02:00
Jouni Malinen
a042e39acf nl80211: Use RSN_CIPHER_SUITE_* instead of WLAN_CIPHER_SUITE_*
This is a step towards getting rid of the unnecessary duplication of
definitions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-28 14:04:44 +02:00
Jouni Malinen
2373a31170 Define all RSN_CIPHER_SUITE_* values
This adds the cipher suite selector values for ciphers that are not
really used with RSN, but are needed to be able to replace
WLAN_CIPHER_SUITE_* definitions with RSN_CIPHER_SUITE_*.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-28 14:03:34 +02:00
Jouni Malinen
89ba101e14 Remove unused WLAN_AKM_SUITE_* definitions
This gets rid of an unnecessary duplication of the definitions since all
the code has now been moved to using the earlier RSN_AUTH_KEY_MGMT_*
definitions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-28 12:36:13 +02:00
Jouni Malinen
bf9f8a0525 Use RSN_AUTH_KEY_MGMT_* instead of WLAN_AKM_SUITE_* for wpa_akm_to_suite()
This is a step towards getting rid of the unnecessary duplication of
definitions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-28 12:34:49 +02:00
Jouni Malinen
3aa24db953 nl80211: Use RSN_AUTH_KEY_MGMT_* instead of WLAN_AKM_SUITE_*
This is a step towards getting rid of the unnecessary duplication of
definitions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-28 12:27:48 +02:00
Jouni Malinen
a1343fa6ba Remove unnecessary ifdef from RSN_AUTH_KEY_MGMT_* definitions
These FT AKM suite selectors might be needed in code even if
CONFIG_IEEE80211R is not defined.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-28 12:26:25 +02:00
Jouni Malinen
510fc2dfc9 Fix AKM suite selectors for FILS and Suite B
IEEE 802.11 standard defines the suite selectors in <OUI>:<subtype>
format where OUI uses hexadecimal format and subtype decimal format.
These WLAN_AKM_SUITE_* definitions ended up getting written incorrectly
by interpretting the decimal part as hexadecimal and as such, by having
an incorrect value. However, the older RSN_AUTH_KEY_MGMT_* values were
defined with correct values and those definitions were used in most
locations.

This commit fixes the AKM suite selector values in RADIUS WLAN-AKM-Suite
attribute for FILS and Suite B. In addition, the AKM values used in
nl80211 driver configuration (NL80211_ATTR_AKM_SUITES) are fixed for the
Suite B cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-01-27 23:13:10 +02:00
Sunil Dutt
d7d0f909f1 QCA vendor command to carry the reason for power save failure
This commit defines a QCA vendor command
QCA_NL80211_VENDOR_SUBCMD_CHIP_PWRSAVE_FAILURE that carries required
information leading to the power save failure. This will be an event
from the host driver.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-01-23 18:47:16 +02:00
Purushottam Kushwaha
4c4070005a QCA vendor command to enable host driver offload ACS to user space
This commit introduces the QCA vendor command and the attributes which
facilitate the host driver to use an external user space entity for
performing automatic channel selection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-01-23 06:32:59 +02:00
Masashi Honma
4d77d80edd mesh: Add MESH_PMKSA_GET/ADD commands
These commnds are mesh version of PMKSA_GET/ADD commands. So the usage
and security risk is similar to them. Refer to
commit 3459381dd2 ('External persistent
storage for PMKSA cache entries') also.

The MESH_PMKSA_GET command requires peer MAC address or "any" as an
argument and outputs appropriate stored PMKSA cache. And the
MESH_PMKSA_ADD command receives an output of MESH_PMKSA_GET and re-store
the PMKSA cache into wpa_supplicant. By using re-stored PMKSA cache,
wpa_supplicant can skip commit message creation which can use
significant CPU resources.

The output of the MESH_PMKSA_GET command uses the following format:
<BSSID> <PMKID> <PMK> <expiration in seconds>

The example of MESH_PMKSA_ADD command is this.
MESH_PMKSA_ADD 02:00:00:00:03:00 231dc1c9fa2eed0354ea49e8ff2cc2dc cb0f6c9cab358a8146488566ca155421ab4f3ea4a6de2120050c149b797018fe 42930
MESH_PMKSA_ADD 02:00:00:00:04:00 d7e595916611640d3e4e8eac02909c3c eb414a33c74831275f25c2357b3c12e3d8bd2f2aab6cf781d6ade706be71321a 43180

This functionality is disabled by default and can be enabled with
CONFIG_PMKSA_CACHE_EXTERNAL=y build configuration option.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2017-01-14 18:07:46 +02:00
Jouni Malinen
fa67debf4c Fix duplicate Reassociation Request frame dropping
Relational operators (==) have higher precedence than the ternary
conditional in C. The last_subtype check for association/reassociation
was broken due to incorrect assumption about the precedence. Fix this by
adding parenthesis around the ternary conditional.

The previous implementation worked for Association Request frames by
accident since WLAN_FC_STYPE_ASSOC_REQ happens to have value 0 and when
the last receive frame was an Association Request frame, the
sta->last_subtype == reassoc check was true and non-zero
WLAN_FC_STYPE_REASSOC_REQ was interpreted as true. However, this was
broken for Reassociation Request frame. reassoc == 1 in that case could
have matched received Association Response frame (subtype == 1), but
those are not received in AP mode and as such, this did not break other
behavior apart from not being able to drop duplicated Reassociation
Request frames.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-01-14 01:04:31 +02:00
Slava Monich
6ff92677a1 wext: Cancel send_rfkill timeout in deinit
Signed-off-by: Slava Monich <slava.monich@jolla.com>
2017-01-14 00:07:45 +02:00
Jouni Malinen
fcd3d6ce32 FILS: Fix PMK and PMKID derivation from ERP
This adds helper functions for deriving PMK and PMKID from ERP exchange
in FILS shared key authentication as defined in IEEE Std 802.11ai-2016,
12.12.2.5.2 (PMKSA key derivation with FILS authentication). These
functions is used to fix PMK and PMKID derivation which were previously
using the rMSK directly as PMK instead of following the FILS protocol to
derive PMK with HMAC from nonces and rMSK.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-01-13 21:07:40 +02:00
Jouni Malinen
ef495c78dd OpenSSL: Implement sha384_vector()
This was forgotten from the addition of SHA384 support and is now needed
for FILS.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-01-13 21:05:19 +02:00
Dedy Lansky
a70cd0db87 nl80211: Don't register for Beacon frames for IEEE 802.11ad AP
Beacon frames are not supported in IEEE 802.11ad network (DMG-beacons
used instead). To allow hostapd to manage IEEE 802.11ad AP with
device_ap_sme disabled, skip nl80211_register_beacons() for IEEE
802.11ad AP.

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
2017-01-13 15:58:01 +02:00
Jouni Malinen
a2aa21a3bf Assign additional vendor specific elements for early HE testing
These elements can be used for pre-standard publication testing of HE
before P802.11ax draft assigns the element ID extension. The payload of
these vendor specific elements is defined by the latest P802.11ax draft.
Please note that the draft is still work in progress and the element
payload is subject to change.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-01-13 15:05:26 +02:00
Jouni Malinen
c85dfc6f84 nl80211: Set NL80211_ATTR_IFACE_SOCKET_OWNER for connect and associate
This allows kernel to force disconnection if something kills the
wpa_supplicant process in a manner that does not allow proper cleanup to
be performed. The association is not supposed to be allowed to continue
after process has ended since there are number of operations that
wpa_supplicant may need to do during the association.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-01-13 15:05:26 +02:00
Jouni Malinen
d07f450da9 Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2017-01-06.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-13 15:05:26 +02:00
Jouni Malinen
b2442f2568 nl80211: Debug prints for TDLS_OPER command and result
Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-08 17:12:24 +02:00
Jouni Malinen
0f9b4a0f1d bgscan: Deliver beacon loss event to bgscan modules
This adds a call to the notify_beacon_loss() callback functions when
beacon loss is detected. In addition, a new CTRL-EVENT-BEACON-LOSS event
is made available through the wpa_supplicant control interface.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-08 12:17:58 +02:00
Jouni Malinen
688556722c nl80211: More complete processing of connection quality monitor events
This adds processing of beacon loss events and generation of an internal
EVENT_BEACON_LOSS event based on them for wpa_supplicant processing. In
addition, number of consecutively lost (not acknowledged) packets is now
reported and TXE events are noted in the debug log.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-08 12:11:14 +02:00
Jouni Malinen
167f78a5e8 Send BEACON-REQ-TX-STATUS event only for beacon reports
Check the action TX status callback contents more thoroughly and report
the BEACON-REQ-TX-STATUS event only if the Measurement Type indicates
beacon report.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-07 22:23:13 +02:00
Jouni Malinen
5de6823f7a tests: TEST_FAIL() support for os_get_random()
This allows more testing for rarely executed error paths.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-07 22:15:41 +02:00
Jouni Malinen
e4ec6bbfd8 nl80211: Register for Link Measurement Report frames in AP mode
This is needed to be able to get the response to a link measurement
request.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-07 18:46:10 +02:00
Dedy Lansky
05e5e615e6 AP: Skip authentication/deauthentication phase for DMG/IEEE 802.11ad
Authentication and Deauthentication frames are not used in DMG/IEEE
802.11ad networks. For DMG/IEEE 802.11ad the following was implemented:
Upon receiving association request, allocate the sta object and
initialize it as if authentication took place. Upon receiving
disassociation, deallocate the sta object.
ap_sta_disassociate/ap_sta_deauthenticate/ap_sta_disconnect all use
disassociation instead of deauthentication. In driver_nl80211,
i802_sta_deauth() is routed to i802_sta_disassoc().

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
2017-01-05 17:28:23 +02:00
Dedy Lansky
0c4b9025c1 AP: Do not look for supported rates in DMG/IEEE 802.11ad
Supported Rates element is not present in DMG/IEEE 802.11ad frames. Make
copy_supp_rates() immediately return with success if hardware mode is
IEEE 802.11ad.

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
2017-01-05 17:05:00 +02:00
Andrei Otcheretianski
517b5f928f nl80211: Zero num_modes if nl80211_get_hw_feature_data() fails
It was possible that nl80211_get_hw_feature_data() function would return
NULL when num_modes is not set to zero. This might result in a later crash
when accessing hw.modes. This may be reproduced with hwsim oom tests, for
example, dbus_connect_oom.
Fix that by zeroing num_modes if NULL is returned.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2017-01-05 16:22:53 +02:00
Kanchanapally, Vidyullatha
39c5da3284 nl80211: Use correct attribute for scan flags in vendor scan
This fixes the netlink attribute identifier for the scan flags when
using QCA_NL80211_VENDOR_SUBCMD_TRIGGER_SCAN.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2017-01-05 15:49:15 +02:00
Jouni Malinen
ec45927b8a Report received beacon report with BEACON-RESP-RX event
The new hostapd control interface event "BEACON-RESP-RX <STA address>
<dialog token> <report mode> <beacon report>" is now used to report
received beacon reports as a reponse to the REQ_BEACON operation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-03 16:02:58 +02:00
Jouni Malinen
f3383366aa Report beacon request TX status as control interface event
The new BEACON-REQ-TX-STATUS control interface event is now used to
report whether a beacon request (from REQ_BEACON command) was delivered
successfully. This event has the following parameters: <STA address>
<dialog token> <ack=0/1>.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-03 16:02:58 +02:00
Jouni Malinen
90d9d7c32a Beacon request through hostapd control interface
The new control interface command "REQ_BEACON <STA addr>
[req_mode=<mode>] <beacon request>" can now be used to request hostapd
to transmit a measurement request to request a beacon report from an
associated STA. This command returns the assigned dialog token (1-255)
or FAIL on failure.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-03 16:02:58 +02:00
Jouni Malinen
f56877414c Do not add own BSS in neighbor report with invalid op_class/channel
Verify that ieee80211_freq_to_channel_ext() succeeds before adding the
own BSS in the neighbor report.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-03 15:18:30 +02:00
Jouni Malinen
aeff0645d2 FILS: Fix FILS Realm Information ANQP-element construction
The loop to add hash values was supposed to be limited to at most 10000
values, but the count variable was not being decremented in the loop.
Fix this by decrementing counting for each iteration. This fixes
ANQP-element format in the unlikely case of there being more than 10000
configuration realms.

Signed-off-by: Jouni Malinen <j@w1.fi>
2017-01-03 15:18:30 +02:00
Avraham Stern
b3060bf99f common: Add helper function to convert RSSI to RCPI
This conversion will be done several times in the code, so add a helper
function that does this conversion.

Signed-off-by: Avrahams Stern <avraham.stern@intel.com>
2017-01-03 15:18:29 +02:00
Avraham Stern
c9ff8e5f6e common: Add function to get an operating class by its number and country
Add a function to get operating class definition (including bandwidth,
channel numbers, etc.) from the operating class number and country.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2017-01-03 15:18:29 +02:00
Avraham Stern
e4f1d879cd common: Add non-global to global operating classes conversion
Add helper function that converts non-global operating classes to global
operating classes according to IEEE Std 802.11-2016, Annex E.

Signed-off-by: Avrahams Stern <avraham.stern@intel.com>
2017-01-03 15:18:29 +02:00
Avraham Stern
96a5f14ee4 nl80211: Add support for additional scan parameters for beacon report
Add support for:
 1. Setting scan dwell time
 2. Parsing scan start TSF and beacon received TSF reported
    by the driver
 3. Setting driver capabilities for the above

These capabilities are needed for Beacon Report radio measurement.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2017-01-03 15:18:29 +02:00
Avraham Stern
c16b9f8d33 driver: Add scan support to beacon report
Add the following parameters to scan request:
 1. Dwell time on each channel.
 2. Whether the specified dwell time is mandatory.

In addition, add to scan results info the time that the scan actually
started, and to each scan result the time the beacon/probe was received,
both in terms of TSF of the BSS that the interface that requested the
scan is connected to (if available).

Add flags to indicate whether the driver supports dwell time
configuration and scan information reporting.

This scan configuration and information is required to support beacon
report radio measurement.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2017-01-03 15:18:29 +02:00
Avraham Stern
d1c74f8c98 Add RRM definitions for beacon report measurement
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2017-01-03 15:18:29 +02:00
Andrei Otcheretianski
bbad185c13 P2P: Fix compilation warning in p2p_add_device()
The address of msg.device_name array is obviously always true, and some
compilers even warn about it.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2016-12-30 00:49:24 +02:00
Jouni Malinen
2977f5193a GAS: Remove unnecessarily duplicate gas_frag_limit configuration
The actual BSS configuration parameter can be updated with the SET
control interface command, so there is no need to maintain a separate
per-BSS parameter and a separate control interface handling for this.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-30 00:23:10 +02:00
Jouni Malinen
1940559ea4 FT: Drop FT Action frames if ft_over_ds=0
Previously, the hostapd ft_over_ds parameter was used to only advertise
whether FT-over-DS is enabled in MDE and leave it to the stations to
follow that advertisement. This commit extends this to explicitly reject
(silently drop) FT Action frames if a station does not follow the
advertised capabilities.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-29 01:13:59 +02:00
Jouni Malinen
78022c8366 Fix memory leak on hostapd eap_user_file parsing error paths
Need to free all the pending completed EAP users if a parsing error
prevents the file from being used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-28 14:47:00 +02:00
Jouni Malinen
95de34a10a Remove trailing whitespace
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-28 14:31:42 +02:00
Jouni Malinen
3567730589 RADIUS server: Increase maximum number of sessions
It was possible to hit the previously used maximum of 100 active session
in some hwsim test case sequences like this one: eap_proto_pwd_errors
eap_proto_ikev2_errors eap_proto_sim_errors. This happened due to the
large number of RADIUS authentication iterations in short period of
time, i.e., within the 10 second timeout for expiring completed
sessions.

Increase RADIUS_MAX_SESSION from 100 to 1000 and also reduce the timeout
on expiring completed sessions from 10 to 5 seconds.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-27 12:14:48 +02:00
Jouni Malinen
9266d00bf9 hostapd: Reject invalid macaddr_acl value
Previously, this was noted in error log, but the invalid value was
stored in the configuration without rejecting it.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-27 11:43:13 +02:00
Jouni Malinen
1dfd25a68a Fix hostapd SIGHUP processing before interface is enabled
It was possible to try to do driver operations before the driver
interface had been initialized when processing a SIGHUP signal. This
would result in NULL pointer dereference. Fix this by skipping the steps
when SIGHUP is issued before the interface is enabled.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-27 11:16:51 +02:00
Jouni Malinen
34e29dfd4b Remove unnecessary NULL check from hostapd_config_read_wpa_psk() call
This function is already checking the fname argument against NULL, so
use that check on its own instead of duplicating the check in the only
caller.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-26 17:42:41 +02:00
Jouni Malinen
946315f172 tests: More ieee802_11_vendor_ie_concat() coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-26 14:44:44 +02:00
Jouni Malinen
901e6fabcb tests: More ieee802_11_parse_elems() coverage for new elements
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-26 14:30:50 +02:00
Badrish Adiga H R
65dfa87286 mka: Make MKA actor priority configurable
This adds a new wpa_supplicant network profile parameter
mka_priority=0..255 to set the priority of the MKA Actor.

Signed-off-by: Badrish Adiga H R <badrish.adigahr@gmail.com>
2016-12-25 11:41:46 +02:00
Joel Cunningham
04f02faac4 Fix wpa_cipher_to_alg() return type
wpa_cipher_to_alg() returns enumerated values from enum wpa_alg and all
uses of the return value treat it as enum wpa_alg (by either assigning
it to a variable of type enum wpa_alg or passing to a function that
expects enum wpa_alg).

This commit updates the return value to match the expected usage
(enum  wpa_alg) rather than int. This ensures the return value is
of the proper type and eliminates the following compiler warnings:

ARM RVCT (2.2):
  'Warning: #188-D: enumerated type mixed with another type'

Signed-off-by: Joel Cunningham <joel.cunningham@me.com>
2016-12-21 12:48:16 +02:00
Jouni Malinen
d7f12e4eb9 OpenSSL: Make sure local certificate auto chaining is enabled
Number of deployed use cases assume the default OpenSSL behavior of auto
chaining the local certificate is in use. BoringSSL removed this
functionality by default, so we need to restore it here to avoid
breaking existing use cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-21 12:23:15 +02:00
Jouni Malinen
4be02b71bb OpenSSL: Remove SSL_{CTX_,}_clear_options ifdefs
This simplifies the implementation since the SSL_clear_options() and
SSL_CTX_clear_options() are available in all supported versions of
OpenSSL. These were previously needed with older (now obsolete) versions
of OpenSSL, but the ifdefs were missed when removing the more explicit
version macro based backwards compatibility sections.

In practice, this reverts commit
d53d2596e4.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-21 12:06:21 +02:00
Jouni Malinen
7655bd7388 P2P: Do not use wait_time for SD Response TX without fragmentation
The full SD Response frame is not going to be followed by another Action
frame from the peer, so remove the 200 ms wait time from the offchannel
TX command in that case. This avoids leaving a 200 ms lock on the radio
to remain on the channel unnecessarily.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-21 00:18:03 +02:00
Jouni Malinen
1f0fdaf0e4 Fix race condition between AssocResp callback and 4addr event
It is apparently possible for the NL80211_CMD_UNEXPECTED_4ADDR_FRAME
event to be delivered to hostapd before the NL80211_CMD_FRAME_TX_STATUS
event for (Re)Association Response frame. This resulted in the 4-address
WDS mode not getting enabled for a STA. This could occur in particular
when operating under heavy load and the STA is reconnecting to the same
AP in a sequence where Deauthentication frame is followed immediately by
Authentication frame and the driver event processing gets delayed due to
removal of the previous netdev taking time in the middle of this
sequence.

Fix this by recording a pending item for 4-address WDS enabling if the
NL80211_CMD_UNEXPECTED_4ADDR_FRAME event would have been dropped due to
incompleted association and then process this pending item if the TX
status for the (Re)Association Response frame is received and it shows
that the frame was acknowledged.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-20 01:30:09 +02:00
Purushottam Kushwaha
a6f3761f7d eap_proxy: Add support for SIM state change indication from eap_proxy
This registers a new callback to indicate change in SIM state. This
helps to do some clean up (more specifically pmksa_flush) based on the
state change of the SIM. Without this, the reconnection using the cached
PMKSA could happen though the SIM is changed.

Currently eap_proxy_sim_state corresponds to only SIM_STATE_ERROR. This
can be further extended.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-19 22:21:07 +02:00
Jouni Malinen
79a54ab9f6 eap_proxy: Fix eap_proxy_init() prototype to use const eapol_cb
The eapol_cb structure was made const and that change resulted in a
compilation warning/error if CONFIG_EAP_PROXY=<name> is enabled in the
wpa_supplicant build configuration. Fix this by updating the function
prototype to match the change.

Note: This results in a change needed to external eap_proxy_*.c
implementations to match the change.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-19 22:14:07 +02:00
Jouni Malinen
e414f4f021 PeerKey: Fix STK 4-way handshake regression
Commit c93b7e1888 ('RSN: Check result of
EAPOL-Key frame send request') forgot to update two PeerKey users of
EAPOL-Key TX functions. That resulted in STK handshake failing since
message 2/4 and 4/4 TX calls were assumed to have failed when the return
value was changed from 0 to a positive value for success case. This
resulted in not updating nonce information properly and hitting
following error when processing STK 4-way handshake message 3/4:

RSN: INonce from message 1 of STK 4-Way Handshake differs from 3 of STK
4-Way Handshake - drop packet (src=<addr>)

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-18 19:56:05 +02:00
Jouni Malinen
28fb9bb195 PeerKey: Fix EAPOL-Key processing
Commit 6d014ffc6e ('Make struct
wpa_eapol_key easier to use with variable length MIC') forgot to update
number of EAPOL-Key processing steps for SMK and STK exchanges and broke
PeerKey. Fix this by updating the Key Data field pointers to match the
new style with variable length Key MIC field.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-18 19:07:29 +02:00
Badrish Adiga H R
7508c2ad99 PAE: Make KaY specific details available via control interface
Add KaY details to the STATUS command output.

Signed-off-by: Badrish Adiga H R <badrish.adigahr@hpe.com>
2016-12-18 17:47:05 +02:00
Jouni Malinen
b54f43390e FILS: Make FILS Indication element information available in BSS output
This extends wpa_supplicant BSS command to parse FILS Indication
element.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-18 11:41:59 +02:00
Jouni Malinen
8183aee6cc FILS: Add support for building FILS Realm Information ANQP-element
This allows full list of hashed realm names to be fetched from hostapd.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-18 11:41:59 +02:00
Jouni Malinen
26bf70e3d2 FILS: Separate FILS realm configuration from ERP domain
The new hostapd configuration parameter fils_realm=<realm> can now be
used to configure one or more FILS realms to advertise for ERP domains
when using FILS. This replaces the use of erp_domain=<domain> parameter
for the FILS use case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-17 22:08:23 +02:00
Jouni Malinen
42b847ac1e FILS: Fix hashed realm name derivation
P802.11ai/D7.0 changed from CRC32 to SHA256 as the hash algorithm for
the FILS realm name. Update the implementation to match that change.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-17 22:07:57 +02:00
Jouni Malinen
29062f2932 Update various definitions based on IEEE Std 802.11-2016
This updates definitions for Status Codes, Reason Codes,
Information Element IDs, Action frame categories, Public Action
codes, Protected Dual of Public Action codes, Advertisement
Protocol ID, and ANQP info IDs based on IEEE Std 802.11-2016.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-17 12:27:49 +02:00
Felix Fietkau
0babae87ad Fix wpa_supplicant build error with IEEE8021X_EAPOL unset
Add missing inline stubs for newly added functions.

Fixes: 3459381dd2 ("External persistent storage for PMKSA cache entries")
Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-12-14 16:37:03 +02:00
Jouni Malinen
19810d29bc Make Beacon IEs available in wpa_supplicant BSS command
This makes both the Probe Response and Beacon frame IEs available to
upper layers if scan results include both IE sets. When the BSS command
mask includes WPA_BSS_MASK_BEACON_IE, a new beacon_ie=<hexdump> entry
will be included in output if the BSS entry has two separate sets of IEs
(ie=<hexdump> showing the Probe Response frame contents and
beacon_ie=<hexdump> the Beacon rame contents).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-13 20:07:52 +02:00
Jouni Malinen
cebda0e3e5 Make debug print clearer for AP/mesh mode secondary channel issues
If the secondary channel was not found at all, no debug print was shown
to indicate that the channel was rejected due to that problem. Print a
clearer message indicating which channel was behind the reason to reject
channel configuration as unsuitable for AP mode.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-13 15:09:15 +02:00
Jouni Malinen
3459381dd2 External persistent storage for PMKSA cache entries
This adds new wpa_supplicant control interface commands PMKSA_GET and
PMKSA_ADD that can be used to store PMKSA cache entries in an external
persistent storage when terminating a wpa_supplicant process and then
restore those entries when starting a new process. The previously added
PMKSA-CACHE-ADDED/REMOVED events can be used to help in synchronizing
the external storage with the memory-only volatile storage within
wpa_supplicant.

"PMKSA_GET <network_id>" fetches all stored PMKSA cache entries bound to
a specific network profile. The network_id of the current profile is
available with the STATUS command (id=<network_id). In addition, the
network_id is included in the PMKSA-CACHE-ADDED/REMOVED events. The
output of the PMKSA_GET command uses the following format:

<BSSID> <PMKID> <PMK> <reauth_time in seconds> <expiration in seconds>
<akmp> <opportunistic>

For example:

02:00:00:00:03:00 113b8b5dc8eda16594e8274df4caa3d4 355e98681d09e0b69d3a342f96998aa765d10c4459ac592459b5efc6b563eff6 30240 43200 1 0
02:00:00:00:04:00 bbdac8607aaaac28e16aacc9152ffe23 e3dd6adc390e685985e5f40e6fe72df846a0acadc59ba15c208d9cb41732a663 30240 43200 1 0

The PMKSA_GET command uses the following format:

<network_id> <BSSID> <PMKID> <PMK> <reauth_time in seconds> <expiration
in seconds> <akmp> <opportunistic>

(i.e., "PMKSA_ADD <network_id> " prefix followed by a line of PMKSA_GET
output data; however, the reauth_time and expiration values need to be
updated by decrementing them by number of seconds between the PMKSA_GET
and PMKSA_ADD commands)

For example:

PMKSA_ADD 0 02:00:00:00:03:00 113b8b5dc8eda16594e8274df4caa3d4 355e98681d09e0b69d3a342f96998aa765d10c4459ac592459b5efc6b563eff6 30140 43100 1 0
PMKSA_ADD 0 02:00:00:00:04:00 bbdac8607aaaac28e16aacc9152ffe23 e3dd6adc390e685985e5f40e6fe72df846a0acadc59ba15c208d9cb41732a663 30140 43100 1 0

This functionality is disabled be default and can be enabled with
CONFIG_PMKSA_CACHE_EXTERNAL=y build configuration option. It should be
noted that this allows any process that has access to the wpa_supplicant
control interface to use PMKSA_ADD command to fetch keying material
(PMK), so this is for environments in which the control interface access
is restricted.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-12 23:47:04 +02:00
Jouni Malinen
c579312736 Add PMKSA-CACHE-ADDED/REMOVED events to wpa_supplicant
These allow external program to monitor PMKSA cache updates in
preparation to enable external persistent storage of PMKSA cache.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-12 21:00:43 +02:00
Daisuke Niwa
655dc4a432 Send "TERMINATING" event from hostapd
hostapd didn't send "TERMINATING" event when stopped by
SIGTERM. Android handles this event to stop monitor thread.

This commit adds "TERMINATING" event same as with wpa_supplicant.

Signed-off-by: Tomoharu Hatano <tomoharu.hatano@sonymobile.com>
2016-12-12 20:32:28 +02:00
Sunil Dutt
62cd9d7926 nl80211: Specify the BSSID in the QCA vendor scan
This allows the vendor scan to be optimized when a response is needed
only from a single, known BSS.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-11 21:36:16 +02:00
Sunil Dutt
444930e5b6 Define an attribute to do a specific BSSID QCA vendor scan
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-11 21:36:13 +02:00
Sunil Dutt
cea761472a Add QCA vendor command definitions for IDs 61-73
This commit documents the QCA vendor commands 61-73 and the
corresponding definitions of the attributes. This set of commands were
previously reserved for QCA without documentation here.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-11 21:32:20 +02:00
Sunil Dutt
cb0cc6efa6 Define QCA Beacon miss threshold attributes for 2.4 and 5 GHz bands
These thresholds values indicate how many Beacon frames can be missed
before before disconnecting from the AP.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-11 21:11:41 +02:00
Jouni Malinen
c313c8a5d8 Fix QCA vendor command values for SAR power limits
Commit c79238b6a4 ('Define a QCA vendor
command to configure SAR Power limits') had a mismatch between the enum
qca_vendor_attr_sar_limits_selections documentations and actual values.
The BDF SAR profiles are 0-based, so rename the enum values and reorder
the values keep the actual values more convenient. While this changes
values over the interface, this is justifiable since the new command was
introduced only recently and it had not been released in any driver.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-11 21:08:25 +02:00
Mayank Haarit
0a6c9dc700 P2P: Send P2P-DEVICE-FOUND event on peer changing device name
This is to handle the case when peer changes device name and same needs
to be updated to upper layers by P2P-DEVICE-FOUND event. It is similar
to the case when a peer changes wfd_subelems and P2P-DEVICE-FOUND event
goes to upper layers.

Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
Signed-off-by: Avichal Agarwal <avichal.a@samsung.com>
2016-12-11 12:45:08 +02:00
Mayank Haarit
9a431d4932 WFD: Clear wfd_subelems when P2P peer stops sending them
When a peer device stops sending wfd_subelems, wpa_supplicant should
remove dev->info.wfd_subelems from peer's properties. Previously,
wpa_supplicant left the previously learned dev->info.wfd_subelems in
place whenever the new message did not include wfd_subelems.

In addition to fixing the clearing of the old wfd_subelems, this
resolves another issue. As "wfd_changed" variable becomes true even when
peer stops sending wfd_subelems and dev->info.wfd_subelems has an old
value, a new P2P-DEVICE-FOUND event notification was sent again and
again to upper layers whenever a new discovery response was received
from the peer that previously advertised WFD subelements.

Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
2016-12-11 12:45:08 +02:00
Jouni Malinen
71ac934530 Make update_idx available in BSS control interface command
This can be used to perform more accurate tests on BSS entry updates.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-10 17:03:24 +02:00
Jouni Malinen
49aa88bb5e P2P: Clear PEER_WAITING_RESPONSE on GO Negotiation success
Previously, this flag was cleared only in case of failed GO Negotiation.
That could leave the flag set for a peer and if a new group formation
was performed with the same peer before the entry expired, there was
increased risk of getting stuck in a state where neither peer replied to
a GO Negotiation Request frame if a GO Negotiation Response frame with
Status 1 was dropped.

The error sequence could happen in the go_neg_with_bss_connected test
case when timing was suitable to make the second GO negotiation drop a
pending TX Action frame if the GO Negotiation Response with Status 1 was
scheduled for transmission during a P2P scan and P2P_CONNECT was issued
before that scan got aborted.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-10 00:16:33 +02:00
Jeff Johnson
c79238b6a4 Define a QCA vendor command to configure SAR Power limits
There is a regulatory requirement for Specific Absorption Rate (SAR)
whereby the device transmit power is reduced when it is determined that
the device is in close proximity to the body. Implement a vendor command
interface to allow a userspace entity to dynamically control the SAR
power limits.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-08 18:56:02 +02:00
Jouni Malinen
0f5eb69f85 Use eloop timeout for post-EAP-Failure wait before disconnection
Previously, os_sleep() was used to block the hostapd (or wpa_supplicant
AP/P2P GO mode) processing between sending out EAP-Failure and
disconnecting the STA. This is not ideal for couple of reasons: it
blocks all other parallel operations in the process and it leaves a
window during which the station might deauthenticate and the AP would
have no option for reacting to that before forcing out its own
Deauthentication frame which could go out after the STA has already
started new connection attempt.

Improve this design by scheduling an eloop timeout of 10 ms instead of
the os_sleep() call and perform the delayed operations from the eloop
callback function. This eloop timeout is cancelled if the STA
disconnects or initiates a new connection attempt before the 10 ms time
is reached. This gets rid of the confusing extra Deauthentication frame
in cases where the STA reacts to EAP-Failure by an immediate
deauthentication.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-08 18:56:02 +02:00
Ningyuan Wang
ed0a4ddc22 nl80211: Update drv->ssid on connect/associate event based on BSS data
On a connect nl80211 event, wpa_supplicant uses
wpa_driver_nl80211_get_ssid() to fetch the current associated SSID to
compare to existing configurations. However,
wpa_driver_nl80211_get_ssid() uses drv->ssid, which is a cached value.
It is set when we explicitly initial a connect request using
wpa_supplicant. If the association was initiated outside of
wpa_supplicant, we need another way to populate drv->ssid. This commit
sets drv->ssid based on cfg80211 BSS information on connect/associate
nl80211 events.

Signed-off-by: Ningyuan Wang <nywang@google.com>
2016-12-05 12:08:46 +02:00
Jouni Malinen
9f346fadc8 nl80211: Fix scan_state update in no pending scan state
Commit adcd7c4b0b ('nl80211: Support
vendor scan together with normal scan') made the drv->scan_state updates
for NL80211_CMD_NEW_SCAN_RESULTS and NL80211_CMD_SCAN_ABORTED
conditional on drv->last_scan_cmd being NL80211_CMD_TRIGGER_SCAN. This
missed the part about the possibility of last_scan_cmd == 0 and an
externally started cfg80211 scan is ending. This could leave
drv->scan_state into SCAN_STARTED state even after the scan was
completed. Consequently, hwsim test cases could get stuck in reset()
handler waiting for scan to terminate.

Fix this by updating drv->scan_state also in drv->last_scan_cmd == 0
case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-05 11:48:26 +02:00
Michael Braun
34f7c699a6 Add multicast to unicast support
This adds support for nl80211 NL80211_CMD_SET_MULTICAST_TO_UNICAST
command.

By setting the new hostapd configuration option multicast_to_unicast=1,
hostapd configures this AP to perform multicast to unicast conversion.

When enabled, all multicast packets with ethertype ARP, IPv4, or IPv6
(possibly within an 802.1Q header) will be sent out to each station once
with the destination (multicast) MAC address replaced by the station's
MAC address. Note that this may break certain expectations of the
receiver, e.g., the ability to drop unicast IP packets encapsulated in
multicast L2 frames, or the ability to not send destination unreachable
messages in such cases.

This also does not implement Directed Multicast Service (DMS).

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-12-04 21:00:06 +02:00
Jouni Malinen
5f2c0a22a9 Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2016-12-02.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-04 20:50:07 +02:00
Sam Tannous
08032c7418 Remove inactivity timeout for wired interfaces
We should unconditionally remove inactivity timers for wired network
cases. This commit checks for this after a new station association:

   hapd->iface->drv_flags & WPA_DRIVER_FLAGS_WIRED

and then cancels the timeout and does not register a new one.

It prints out a debug message like this:

1476740180.276286: IEEE 802.1X: 00:02:00:00:00:07 CTRL_DIR entering
state FORCE_BOTH
1476740180.276295: hostapd_new_assoc_sta: canceled wired ap_handle_timer
timeout for 00:02:00:00:00:07

This was tested on a debian jessie amd64 system with a configured 120
second inactivity timer and the session did not timeout.

Signed-off-by: Sam Tannous <stannous@cumulusnetworks.com>
2016-12-04 20:38:45 +02:00
Jouni Malinen
a1fce3911f nl80211: Optimize memory use in nl80211_get_assoc_freq()
Do not use the generic bss_info_handler() design to fetch all scan
results into temporary memory buffer. Instead, use a separate BSS info
handler that fetches the requested information without fully parsing the
BSS entries and without allocating any memory for collecting all the
results.

This is also simplifying bss_info_handler() and nl80211_parse_bss_info()
design by getting rid of the special case that was used only for
nl80211_get_assoc_freq() and not normal scan result fetching.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-03 22:37:41 +02:00
Jouni Malinen
da2c284169 nl80211: Reduce nl80211_dump_scan() memory need
Instead of fetching all scan results to a temporary buffer, debug print
scan result dump directly from the message handler function one BSS at a
time.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-03 22:14:04 +02:00
Jouni Malinen
b72a01bc5a nl80211: Split bss_info_handler() into a separate parser function
This allows a single scan result to be parsed at a time. This is a step
towards optimizing scan result fetching without having to allocate
memory for all entries at the same time.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-03 19:36:24 +02:00
Jouni Malinen
cfadab269f nl80211: Move duplicate scan result removal to bss.c
The way the removal of duplicated (one per frequency) BSS entries in the
cfg80211 scan results were removed in driver_nl80211_scan.c
bss_info_handler() depended on having the full scan results available to
allow iteration through the other entries. This is problematic for the
goal of being able to optimize memory allocations for scan result
fetching in a manner that would not build the full result buffer in
memory.

Move this duplicate removal into bss.c since it has sufficient
information available for doing the same determination of which one of
two BSS entries is more current.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-03 19:26:47 +02:00
Jouni Malinen
2a1cf26ecf nl80211: Add more debug details to duplicate scan entry removal
This makes it easier to understand which cfg80211 entry got removed as
obsolete duplicate.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-03 18:59:32 +02:00
Jouni Malinen
865081c307 privsep: Support frequency list for scan requests
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-03 18:27:16 +02:00
Jouni Malinen
da818ee5e9 privsep: Support multiple scan SSIDs
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-03 18:17:28 +02:00
Jouni Malinen
002b504d19 privsep: Coding style cleanup for struct definitions
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-03 18:06:03 +02:00
Jouni Malinen
d3c43e5855 privsep: Fix scan result fetching with Beacon frame IEs
wpa_priv did not yet support Beacon frame IEs (res->beacon_ie_len) which
resulted in invalid scan data being accepted in driver_privsep.c. Add
support for res->beacon_ie_len and also fix the validation step to take
this new variable length field into account.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-12-03 18:02:49 +02:00
Jouni Malinen
c8fef7869d nl80211: Split nl80211_check_bss_status() into a separate function
This allows a single scan result to be checked at a time. This is a step
towards optimizing scan result fetching without having to allocate
memory for all entries at the same time.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-02 20:54:49 +02:00
Jouni Malinen
e35e137298 nl80211: Separate channel noise fetch from scan result processing
This untangles the NL80211_CMD_GET_SURVEY handler loop from
NL80211_CMD_GET_SCAN processing so that the per-channel noise
information can be fetched with a common function to a local data
structure that can then be easily used to update individual scan results
(a single BSS) instead of having to go through a full set of scan
results. This is a step towards optimizing scan result fetching without
having to allocate memory for all entries at the same time.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-02 20:48:43 +02:00
Jouni Malinen
cb2b666670 Fix 4addr reassociation-without-deauthentication on AP
Data connection was lost if a station reassociated without the STA entry
being cleaned up on the AP side. Fix this by moving reconfiguration of
the STA WDS parameters in association response callback to happen only
after the STA flags have been updated to associated stated.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-12-02 12:51:16 +02:00
Jouni Malinen
8c0ed37b64 wired: Mark some common helper functions static
These are used only within driver_wired_common.c now at the end of the
refactoring changes, so there is no need to make these helper functions
available outside driver_wired_common.c.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-11-30 20:08:39 +02:00
Sabrina Dubroca
f014d9dbf0 macsec_linux: Add a driver for macsec on Linux kernels
This uses libnl3 to communicate with the macsec module available on
Linux. A recent enough version of libnl is needed for the macsec.h file
(which is not yet available in a formal libnl release at the time of
this commit).

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-11-30 20:08:36 +02:00
Sabrina Dubroca
8618313b6e drivers: Move driver_wired_get_ssid() to a common file
This continues refactoring of the common parts of wired drivers code
into a shared file, so that they can be reused by other drivers.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-11-30 19:33:43 +02:00
Sabrina Dubroca
d27c42baea drivers: Move driver_wired_get_bssid() to a common file
This continues refactoring of the common parts of wired drivers code
into a shared file, so that they can be reused by other drivers.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-11-30 19:33:43 +02:00
Sabrina Dubroca
9281e5c5ce drivers: Move driver_wired_get_capa() to a common file
This continues refactoring of the common parts of wired drivers code
into a shared file, so that they can be reused by other drivers.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-11-30 19:33:43 +02:00
Sabrina Dubroca
ec9cfb96c2 drivers: Move driver_wired_deinit_common() to a common file
This continues refactoring of the common parts of wired drivers code
into a shared file, so that they can be reused by other drivers.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-11-30 19:33:43 +02:00
Sabrina Dubroca
ed5ae61193 drivers: Move driver_wired_init_common() to a common file
This continues refactoring of the common parts of wired drivers code
into a shared file, so that they can be reused by other drivers.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-11-30 19:33:43 +02:00
Sabrina Dubroca
5a55ec38ed drivers: Move driver_wired_get_ifstatus() to a common file
This continues refactoring of the common parts of wired drivers code
into a shared file, so that they can be reused by other drivers.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-11-30 19:33:43 +02:00
Sabrina Dubroca
d718a5d975 drivers: Move driver_wired_set_ifflags() to a common file
This continues refactoring of the common parts of wired drivers code
into a shared file, so that they can be reused by other drivers.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-11-30 19:33:43 +02:00
Sabrina Dubroca
567b7d4ec2 drivers: Move driver_wired_get_ifflags() to a common file
This continues refactoring of the common parts of wired drivers code
into a shared file, so that they can be reused by other drivers.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-11-30 19:33:43 +02:00
Sabrina Dubroca
693124a1e4 drivers: Move driver_wired_multi() to a common file
This continues refactoring of the common parts of wired drivers code
into a shared file, so that they can be reused by other drivers.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-11-30 19:33:43 +02:00
Sabrina Dubroca
b0906ef770 drivers: Move wired_multicast_membership() to a common file
This continues refactoring of the common parts of wired drivers code
into a shared file, so that they can be reused by other drivers.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-11-30 19:33:43 +02:00
Sabrina Dubroca
0abc8d10cc drivers: Move common definitions for wired drivers out
Refactor the common parts of wired drivers code into a shared file, so
that they can be reused by other drivers. The macsec_qca driver already
contains a lot of code duplication from the wired driver, and the
macsec_linux driver would do the same. A structure to hold data common
to all wired drivers is added and used in all these drivers.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-11-30 19:33:43 +02:00
Sunil Dutt
eeb34a432e nl80211: Enhance abort scan to also abort the vendor scan
This commit enhances the abort scan implementation to also abort the
vendor scan, if one was used to trigger the scan.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-11-30 19:33:39 +02:00
Sunil Dutt
1a793f5c2b Define a QCA vendor command to abort vendor scan
The new QCA_NL80211_VENDOR_SUBCMD_ABORT_SCAN command can be used to
abort an ongoing scan that was started with
QCA_NL80211_VENDOR_SUBCMD_TRIGGER_SCAN.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-11-30 17:11:01 +02:00
Jouni Malinen
2ab09656ae AP: Do not drop STA entry if PMF is used with full AP client state
This fixes a regression from commit
bb598c3bdd ('AP: Add support for full
station state'). That commit added code to remove and re-add the kernel
STA entry when processing Authentication frames with a driver that
advertises support for full AP client state. That resulted in bypassing
PMF protections for unprotected Authentication frames with such drivers
since the TK was lost in this operation.

It is simplest to skip the STA entry clearing in this type of case
completely to leave the TK in place and to process the new
authentication exchange otherwise normally. This matches the behavior
used with the drivers that do not implement full AP client state.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-11-29 16:26:00 +02:00
Will Glynn
209dad066e FT: Explicitly check for MDE not present in non-FT association
IEEE Std 802.11-2012, 12.4.2 states that if an MDE is present in an
(Re)Association Request frame but the RSNE uses a non-FT AKM suite, the
AP shall reject the association using status code 43 ("Invalid AKMP").

wpa_validate_wpa_ie() now explicitly checks for this condition to meet
this requirement instead of simply ignoring the MDE based on non-FT AKM.

Signed-off-by: Will Glynn <will@willglynn.com>
2016-11-26 11:39:44 +02:00
Purushottam Kushwaha
d4f3003c56 nl80211: Configure Beacon frame TX rate if driver advertises support
If the driver advertises support for setting Beacon frame data rate,
allow the user to configure this rate as part of starting the AP. Only
one Beacon frame TX rate is allowed.

Drivers advertising such support should set corresponding flag via the
NL80211_ATTR_EXT_FEATURES attribute.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-11-26 00:36:27 +02:00
Purushottam Kushwaha
29483a5678 Add support for user configurable Beacon frame data rate for AP mode
Allow configuration of Beacon frame TX rate from hostapd.conf with
"beacon_rate=xx" option. The following format is used to set
legacy/HT/VHT beacon rates:

Legacy (CCK/OFDM rates):
	beacon_rate=<legacy rate in 100 kbps>
HT:
	beacon_rate=ht:<HT MCS>
VHT:
	beacon_rate=vht:<VHT MCS>

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-11-25 23:12:30 +02:00
Sabrina Dubroca
e0d9fd344d wpa_supplicant: Allow configuring the MACsec port for MKA
Previously, wpa_supplicant only supported hardcoded port == 1 in the
SCI, but users may want to choose a different port.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-11-20 00:35:31 +02:00
Sabrina Dubroca
1d3d0666a6 mka: Add enable_encrypt op and call it from CP state machine
This allows MKA to turn encryption on/off down to the driver.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-11-20 00:35:23 +02:00
Sabrina Dubroca
7b4d546e3d wpa_supplicant: Add macsec_integ_only setting for MKA
So that the user can turn encryption on (MACsec provides
confidentiality+integrity) or off (MACsec provides integrity only). This
commit adds the configuration parameter while the actual behavior change
to disable encryption in the driver is handled in the following commit.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-11-20 00:35:16 +02:00
Sabrina Dubroca
008e224dbb mka: Disable peer detection timeout for PSK mode
The first peer may take a long time to come up. In PSK mode we are
basically in a p2p system, and we cannot know when a peer will join the
key exchange. Wait indefinitely, and let the administrator decide if
they want to abort.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-11-20 00:35:11 +02:00
Joel Cunningham
7824bf77d6 nl80211: Fix get_inact_sec() returning -1 on failure
This commit fixes the nl80211 driver call get_inact_sec() to return -1
when STA inactivity time retrieval fails in i802_read_sta_data().

This was intended to be handled by initalizing the inactive_msec member
to -1 but i802_read_sta_data() assumes the data parameter is
uninitialized and memsets the entire structure, neutralizing the attempt
to distinguish between no value (-1) and a time value of 0.

This is fixed by now requiring i802_read_sta_data() callers to
initialize the data structure first (allowing get_inact_sec() to use
-1). This is a safe change because it does not change any driver API
behavior and only affects one other static function in driver_nl80211.c

Signed-off-by: Joel Cunningham <joel.cunningham@me.com>
2016-11-19 17:39:23 +02:00
Sabrina Dubroca
088d53dd15 mka: Fix getting capabilities from the driver
In commit a25e4efc9e ('mka: Add driver op
to get macsec capabilities') I added some code to check the driver's
capabilities. This commit has two problems:
 - wrong enum type set in kay->macsec_confidentiality
 - ignores that drivers could report MACSEC_CAP_NOT_IMPLEMENTED, in
   which case the MKA would claim that MACsec is supported.

Fix this by interpreting MACSEC_CAP_NOT_IMPLEMENTED in the same way as a
DO_NOT_SECURE policy, and set the correct value in
kay->macsec_confidentiality.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-11-19 17:29:54 +02:00
Peng Xu
5e785a6792 Reserve QCA vendor specific nl80211 command 144
This is reserved for QCA use.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-11-17 16:00:59 +02:00
Jouni Malinen
4051dd8667 GAS: Add Capability List ANQP-element support for Info ID 270, 280..299
This extends the anqp_elem configuration parameter support for new Info
IDs (270 (TDLS Capability) was previously missed from the list of
defined values, 280 has already been assigned in REVmc/D8.0; 281..299
are yet to be assigned). No additional source code changes are needed to
allow hostapd to advertise support for these if the ANQP-element value
is set with the anqp_elem parameter.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-11-17 16:00:25 +02:00
Jouni Malinen
d50f518e95 Fix libap.a build
Add the new defines and files to allow src/ap/libap.a to be build with
all the needed functions.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-11-16 13:26:23 +02:00
Ilan Peer
4ec1fd8e42 FT: Differentiate between FT for station and for AP in build
Previously, CONFIG_IEEE80211R enabled build that supports FT for both
station mode and AP mode. However, in most wpa_supplicant cases only
station mode FT is required and there is no need for AP mode FT.

Add support to differentiate between station mode FT and AP mode FT in
wpa_supplicant builds by adding CONFIG_IEEE80211R_AP that should be used
when AP mode FT support is required in addition to station mode FT. This
allows binary size to be reduced for builds that require only the
station side FT functionality.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2016-10-29 22:14:54 +03:00
Beni Lev
f0259c3f68 hostapd: Fix own wide bandwidth subelement generation (neighbor report)
The Channel Center Frequency Segment subfields use the channel index
instead of frequency in MHz.

Signed-off-by: Beni Lev <beni.lev@intel.com>
Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-10-29 22:03:43 +03:00
Ilan Peer
0a63635ed0 AP: Use valid status code in wpa_ft_send_rrb_auth_resp()
The return value from this function may be used in an outgoing message,
so use a valid status code instead of -1.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2016-10-29 22:02:14 +03:00
Avraham Stern
e4b48b7b0f Extend ieee80211_freq_to_channel_ext() to cover channels 52-64
Add frequency to channel conversion for the 5 GHz channels 52-64.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-10-29 21:51:04 +03:00
David Spinadel
451a27b1ad hostapd: Add a configuration to set an AP as stationary
Add a configuration option in hostapd.conf and in neighbor report that
sets an AP as stationary. To enable this option on the current AP set
the config option stationary_ap to 1. To set a neighbor entry to be
marked as stationary add the word stat to the SET_NEIGHBOR command. This
option tells hostapd to send LCI data even if it is older than requested
by max age subelement in RRM request.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-10-29 19:16:47 +03:00
Ilan Peer
f5ec346902 hostapd: Fix adding neighbor entry
It is possible that a LCI or location civic configuration buffer
is valid but contains no data. In such a case do not add the LCI
and location civic information to the entry in the neighbor
data base.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2016-10-29 19:10:17 +03:00
Sabrina Dubroca
99b82bf537 mka: Implement reference counting on data_key
struct data_key already had a 'user' field for reference counting, but
it was basically unused.

Add an ieee802_1x_kay_use_data_key() function to take a reference on a
key, and use ieee802_1x_kay_deinit_data_key() to release the reference.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-10-29 11:38:57 +03:00
Sabrina Dubroca
23c3528a84 mka: Add support for removing SAs
So that the core can notify drivers that need to perform some operations
when an SA is deleted.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-10-29 11:35:38 +03:00
Sabrina Dubroca
6b6175b788 mka: Sync structs definitions with IEEE Std 802.1X-2010
Document some data structures from IEEE Std 802.1X-2010, and add the
(not used yet) struct ieee802_1x_mka_dist_cak_body.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-10-29 11:28:29 +03:00
Sabrina Dubroca
6f551abdfc mka: Remove "channel" hacks from the stack and the macsec_qca driver
This is specific to the macsec_qca driver. The core implementation
shouldn't care about this, and only deal with the complete secure
channel, and pass this down to the driver.

Drivers that have such limitations should take care of these in their
->create functions and throw an error.

Since the core MKA no longer saves the channel number, the macsec_qca
driver must be able to recover it. Add a map (which is just an array
since it's quite short) to match SCIs to channel numbers, and lookup
functions that will be called in every place where functions would get
the channel from the core code. Getting an available channel should be
part of channel creation, instead of being a preparation step.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-10-29 11:24:08 +03:00
Sergei Sinyak
7d8f795003 Fix typo in DigestAlgorithn
Replace n with m in DigestAlgorithn, i.e., DigestAlgorithm.

Signed-off-by: Sergei Sinyak <serega.belarus@gmail.com>
2016-10-29 11:14:09 +03:00
Filip Matusiak
59d7cff7e3 AP: Disable VHT in TKIP-only configuration
This has already been done for WEP, but there's same constraint for not
allowing VTH rates in case of TKIP.

Signed-off-by: Filip Matusiak <filip.matusiak@tieto.com>
2016-10-29 00:55:49 +03:00
Avrahams Stern
78a3b23060 P2P: Clear old P2PS provision data
Receiving a provision discovery request for an ASP service that
has auto accept set to false should result in a provision discovery
response with the status field set to "currently unavailable".
Having stale P2PS provision data, results in sending a response with
the status set to success because it is mistakenly referred to as the
follow-on provision discovery request.

Fix that by clearing stale P2PS provision data in the following cases:
 1. When provision discovery is complete
 2. When ASP services are flushed (in which case old ASP provisioning
    is no longer valid).

Signed-off-by: Avrahams Stern <avraham.stern@intel.com>
2016-10-29 00:55:49 +03:00
Arik Nemtsov
f69939ede8 P2P: Clear listen state during PD-in-FIND
drv->in_listen should be cleared whenever the state timeout is cleared,
if they were set together. If the flag is not cleared, the
p2p_listen_end() called during cancel-remain-on-channel will not restart
the search, relying on the state timeout function to do it. Use the
p2p_stop_listen_for_freq() function to clear the listen state properly.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2016-10-29 00:55:49 +03:00
Arik Nemtsov
4cc0f909b2 P2P: Clear P2PS provision state on P2P flush
Otherwise, if a P2PS provision is incomplete before the flush, it can
cause incorrect provision responses to be sent out.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2016-10-29 00:55:49 +03:00
Kevin Mahoney
a818425d1c hostapd: Added signal level to STA tracking
Add signal level information to the station tracking information. Also
make it available via the "TRACK_STA_LIST" control command.

Signed-off-by: Kevin Mahoney <k.mahoney@cablelabs.com>
2016-10-29 00:55:49 +03:00
Cedric Izoard
8c889222bc TDLS: Fix checks on prohibit bits
ext_capab/ext_capab_len do not include ID and Length so no extra +2
offset should be used. This fixes a regression from commit
faf427645a ('TDLS: Use proper IE parsing
routine for non-EAPOL-Key cases') that replaced the IE parser without
noticing the difference in the pointer offset.

Signed-off-by: Flavia Vanetti <flavia.vanetti@ceva-dsp.com>
2016-10-29 00:24:12 +03:00
Peng Xu
c2ad5b9218 nl80211: Update channel information after channel switch notification
When channel switch happens, driver wrapper's internal channel
information needs to be updated so that the new frequency will be used
in operations using drv->assoc_freq. Previously, only bss->freq was
updated and the new frequency was also indicated in the EVENT_CH_SWITCH
event. This could potentially leave out couple of cases that use
drv->assoc_freq at least as a fallback mechanism for getting the current
operating frequency.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-28 23:58:23 +03:00
Nishant Chaprana
5f99d96287 Removed redundant NULL check for sta in hostapd_event_sta_low_ack()
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
2016-10-28 19:06:20 +03:00
Nishant Chaprana
230b2b2c3d Removed redundant NULL check for b in wpabuf_concat()
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
2016-10-28 19:05:08 +03:00
Maneesh Jain
641c73f84f driver.h: Fix a typo in a comment
Signed-off-by: Maneesh Jain <maneesh.jain@samsung.com>
2016-10-28 19:01:50 +03:00
Sunil Dutt
2e4e4fb71c nl80211: Allow TDLS trigger modes to be configured to the host driver
This commit adds a control interface command to configure the TDLS
trigger mode to the host driver. This TDLS mode is configured through
the "SET tdls_trigger_control" control interface command.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-27 23:22:33 +03:00
Sunil Dutt
14cd203fff QCA vendor command to configure the TDLS behavior in the host driver
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-27 23:12:25 +03:00
lifeng
a18563d428 Extend QCA vendor attribute link layer statistics attribute
This adds new statistics attributes to support channel hopping feature.

Signed-off-by: Li Feng <lifeng@qti.qualcomm.com>
2016-10-27 22:05:59 +03:00
lifeng
95f3703ae1 Add more QCA vendor attribute definitions into qca-vendor.h
These attributes were previously maintained elsewhere. This commit moves
them to follow the standard assignment process through the qca-vendor.h
file in hostap.git.

Signed-off-by: Li Feng <lifeng@qti.qualcomm.com>
2016-10-27 22:03:33 +03:00
lifeng
87416eaf64 QCA vendor attribute to report frame aggregation failure
Add a new vendor attribute config to set the reorder blocksize and
timeout in 4 ACs, and then report the frame aggregation failure
statistics in QCA_NL80211_VENDOR_SUBCMD_STATS_EXT command. In addition,
fix the spelling of the enum value for this subcommand.

Signed-off-by: Li Feng <lifeng@qti.qualcomm.com>
2016-10-27 21:46:04 +03:00
Jouni Malinen
befdb2dc8d nl80211: Check driver FILS capability
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-27 16:06:06 +03:00
Jouni Malinen
40a4572738 nl80211: FILS KEK and nonces for NL80211_CMD_ASSOCIATE
This sends the FILS KEK and AAD context (nonces) to the driver with the
NL80211_CMD_ASSOCIATE messages when using FILS.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-27 15:02:08 +03:00
Jouni Malinen
d8f9342d03 nl80211: Add support for setting FILS authentication algorithm
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-27 15:02:08 +03:00
Jouni Malinen
e76e950eac Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2016-10-27.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-10-27 15:02:08 +03:00
Jouni Malinen
2a0b86d319 Note set_key(WPA_ALG_NONE) failure in debug log
This makes wpa_remove_ptk() call to wpa_auth_set_key() more consistent
with all the other calls that verify the return value to keep static
analyzers happier.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-26 00:41:04 +03:00
Jouni Malinen
061dac1d3c FILS: Claim FILS capability only if driver supports it
"GET_CAPABILITY fils" used to return "FILS" based on wpa_supplicant
configuration. This can be made more useful by checking both for
wpa_supplicant and driver support for FILS.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-26 00:41:04 +03:00
Jouni Malinen
ff338fab92 FILS: Setup EAPOL state machines properly after FILS association (AP)
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-26 00:41:04 +03:00
Jouni Malinen
da24c5aa1c FILS: Set TK after association (AP)
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-26 00:41:04 +03:00
Jouni Malinen
07e0117d21 FILS: Mark connection fully authorized after FILS Association (AP)
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-26 00:20:04 +03:00
Jouni Malinen
706df4291b FILS: Association Response processing (STA)
Decrypt the AES-SIV protected elements and verify Key-Auth. Parse and
configure keys to the driver.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-26 00:20:04 +03:00
Jouni Malinen
e73ffa0925 FILS: Add Association Response frame elements and encrypt them (AP)
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-25 20:42:52 +03:00
Jouni Malinen
78815f3dde FILS: Decrypt Association Request elements and check Key-Auth (AP)
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-25 20:42:52 +03:00
Jouni Malinen
86cd6928e0 FILS: Add elements to FILS Association Request frame
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-25 20:01:06 +03:00
Jouni Malinen
ac56c39532 driver: Add option to pass FILS KEK/AAD to the driver for association
This allows the FILS KEK and AAD data (nonces) to be configured to the
driver for association so that the driver can encrypt the
(Re)Association Request frame and decrypt the (Re)Association Response
frame.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-24 23:07:56 +03:00
Jouni Malinen
a660993772 FILS: Authentication frame processing (STA)
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-22 23:28:36 +03:00
Jouni Malinen
c4fd6d8aa8 FILS: Process FILS Authentication frame (AP)
This implements processing of FILS Authentication frame for FILS shared
key authentication with ERP and PMKSA caching.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-22 23:27:01 +03:00
Jouni Malinen
ffb62f2272 FILS: Add a helper function for status code conversion
This will allow the existing code to be reused for FILS needs.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-22 23:27:01 +03:00
Jouni Malinen
c1bd4bac5f FILS: Extend wpa_auth_pmksa_get() to support PMKID matching
This is needed for FILS processing to enable PMKSA caching.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-22 23:13:17 +03:00
Jouni Malinen
c30bd28b14 FILS: Export IEEE 802.1X helper functions
ieee802_1x_encapsulate_radius() and ieee802_1x_alloc_eapol_sm() need to
be called from FILS processing.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-22 23:13:17 +03:00
Jouni Malinen
a6228b8ed6 ERP: Update client identity based on EAP-Initiate/Re-auth
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-22 23:13:17 +03:00
Jouni Malinen
f00b9b8864 FILS: Try to use FILS authentication if PMKSA or ERP entry is available
If a PMKSA cache entry for the target AP is available, try to use FILS
with PMKSA caching.

If an ERP key for the target AP is available, try to use FILS with
EAP-Initiate/Re-auth added as Wrapper Data element.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-22 23:13:17 +03:00
Jouni Malinen
0866ed004d WPA: Add debug print for not-update-own-IEs case
This makes it easier to understand debug logs related to own WPA/RSN IE
selection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-22 22:55:27 +03:00
Jouni Malinen
14de9e31c4 FILS: Include wpa_insert_pmkid() in non-FT builds
This function is needed for FILS as well as FT.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-22 22:55:27 +03:00
Jouni Malinen
de57d87353 ERP: Make eap_peer_finish() callable
This is needed for FILS to process EAP-Finish/Re-auth.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-22 18:26:00 +03:00
Jouni Malinen
c28767e11c ERP: Make eap_peer_erp_reauth_start() available
This needs to be callable through the EAPOL supplicant wrappers to allow
FILS implementation to use ERP.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-22 18:25:50 +03:00
Jouni Malinen
5b092fb63f nl80211: Make full (Re)Association Response frame available
This is needed for FILS processing since AAD includes data before the
first element.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-22 18:12:11 +03:00
Jouni Malinen
2aa1e48a45 FILS: Do not clear PTK on FILS Auth/Assoc (AP)
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-22 18:11:14 +03:00
Jouni Malinen
a852ab4c72 FILS: Key-Auth derivation function for FILS SK
This implements Key-Auth derivation for (Re)Association Request frames
(see P802.11ai/D11.0 12.12.2.6.2) and (Re)Association Response frames
(see P802.11ai/D11.0 12.12.2.6.3).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-22 17:51:43 +03:00
Jouni Malinen
c089bc5725 FILS: PMK-to-PTK key derivation for FILS authentication
This is the PTKSA key derivation used as part of the FILS authentication
exchange. See P802.11ai/D11.0 12.12.2.5.3.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-22 17:51:43 +03:00
Jouni Malinen
ce16c489d8 Rename sae_data to more generic auth_data
This makes it cleaner for the FILS implementation to use the same design
for setting Authentication frame elements as was already done with SAE.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-22 17:51:43 +03:00
Lior David
6eb1a569ca Add QCA vendor command/attr for low level DMG(11ad) RF sector control
Add operations to allow low level control over RF sectors in QCA DMG
(11ad) chipsets. Operations include getting/setting the configuration of
a specific sector, as well as getting/setting the selected sector which
the HW uses to communicate with a specific station.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-10-17 11:43:57 +03:00
Jouni Malinen
bf07e05349 ERP: Do not pass full EAP header to eap_peer_erp_reauth_start()
That function does not need the full EAP header -- it only needs to know
which EAP identifier to use in the message. Make this usable for cases
where the previous EAP message may not exist (FILS).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:47 +03:00
Jouni Malinen
2449791b8e FILS: Update EAPOL-Key Descriptor Version RX rules (AP)
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:47 +03:00
Jouni Malinen
16eb485806 FILS: Handle Group Key msg 1/2 without MIC when using AEAD cipher (STA)
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:47 +03:00
Jouni Malinen
75c8563e05 FILS: Perform AEAD processing after PTK has been confirmed
This covers EAPOL-Key frames other than 2/4 that needed special handling
to confirm PTK.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:47 +03:00
Jouni Malinen
0ab1dd0106 FILS: Use AEAD cipher to check received EAPOL-Key frames (STA)
This changes 4-way handshake authenticator processing to decrypt the
EAPOL-Key frames using an AEAD cipher (AES-SIV with FILS AKMs) before
processing the Key Data field. This replaces Key MIC validation for the
cases where AEAD cipher is used.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:47 +03:00
Jouni Malinen
b729fd8df9 FILS: Use AEAD cipher to protect EAPOL-Key frames (AP)
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:47 +03:00
Jouni Malinen
3b5b7aa8fb FILS: Use AEAD cipher to check received EAPOL-Key frames (AP)
This changes 4-way handshake authenticator processing to decrypt the
EAPOL-Key frames using an AEAD cipher (AES-SIV with FILS AKMs) before
processing the Key Data field. This replaces Key MIC validation for the
cases where AEAD cipher is used. This needs to move the EAPOL-Key msg
2/4 RSN element processing to happen only after the PTK has been derived
and validated. That is done for all AKMs to avoid extra complexity with
having to maintain two code paths for this.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:47 +03:00
Jouni Malinen
2022f1d08d FILS: Use AEAD cipher to protect EAPOL-Key frames (STA)
This modifies wpa_eapol_key_send() to use AEAD cipher (AES-SIV for FILS
AKMs) to provide both integrity protection for the EAPOL-Key frame and
encryption for the Key Data field. It should be noted that this starts
encrypting the Key Data field in EAPOL-Key message 2/4 while it remains
unencrypted (but integrity protected) in non-FILS cases. Similarly, the
empty Key Data field in EAPOL-Key message 4/4 gets encrypted for AEAD
cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:47 +03:00
Jouni Malinen
1049af7e03 RSN: Pass full PTK to wpa_eapol_key_send() instead of KCK only
This will be needed to be able to implement AEAD cipher support from
FILS that will need to use KEK to protect the frame.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:47 +03:00
Jouni Malinen
b986648389 FILS: Update EAPOL-Key RX rules for FILS (AP)
Key Descriptor Version 0 is used with FILS and Key Info MIC field is set
to 0 with AEAD ciphers.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:47 +03:00
Jouni Malinen
352caf006a FILS: Update EAPOL-Key descriptor version rules for RX (STA)
FILS AKM uses Key Descriptor version 0 and AEAD cipher.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:47 +03:00
Jouni Malinen
36a50fd4e8 FILS: Set EAPOL-Key Key Descriptor Version to 0 with FILS AKMs (AP)
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:46 +03:00
Jouni Malinen
4a26ccdae6 FILS: Set EAPOL-Key Key Info MIC=0 when using AEAD cipher (supplicant)
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:46 +03:00
Jouni Malinen
f5ff8ae6a7 FILS: Do not add Key MIC field in supplicant when using AEAD cipher
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:46 +03:00
Jouni Malinen
dc5bad48af RSN authenticator: Add more debug print details on EAPOL-Key RX
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:46 +03:00
Jouni Malinen
6d014ffc6e Make struct wpa_eapol_key easier to use with variable length MIC
Suite B 192-bit addition from IEEE Std 802.11ac-2013 replaced the
previous fixed length Key MIC field with a variable length field. That
change was addressed with an addition of a new struct defined for the
second MIC length. This is not really scalable and with FILS coming up
with a zero-length MIC case for AEAD, a more thorough change to support
variable length MIC is needed.

Remove the Key MIC and Key Data Length fields from the struct
wpa_eapol_key and find their location based on the MIC length
information (which is determined by the AKMP). This change allows the
separate struct wpa_eapol_key_192 to be removed since struct
wpa_eapol_key will now include only the fixed length fields that are
shared with all EAPOL-Key cases in IEEE Std 802.11.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:46 +03:00
Jouni Malinen
94f66e8a26 FILS: Advertise ERP domain in FILS Indication element
Calculate the hashed realm from hostapd erp_domain configuration
parameter and add this to the FILS Indication element when ERP is
enabled.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:46 +03:00
Jouni Malinen
c30ed45f45 FILS: Allow hostapd to select FILS AKM for connection
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:46 +03:00
Jouni Malinen
f55acd909e FILS: Set FILS Capability bit in management frames from AP
If FILS is enabled, indicate that in Beacon, Probe Response, and
(Re)Association Response frames in the Extended Capabilities element.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:46 +03:00
Jouni Malinen
198a942c83 FILS: Add FILS Indication element to Beacon and Probe Response frames
If FILS is enabled, indicate that in AP Beacon/Probe Response frames.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:46 +03:00
Jouni Malinen
903ecbe8da FILS: Add hostapd configuration options
This adds CONFIG_FILS=y build configuration option and new key
management options for FILS authentication.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 21:11:27 +03:00
Jouni Malinen
274d8b776f FILS: Add definitions for new frames and values
This adds definitions for various management frame elements and values
from P802.11ai/D11.0.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 20:46:36 +03:00
Jouni Malinen
94318a0d30 FILS: Add AKM definitions
This adds definitions for the new AKM suite values from P802.11ai/D11.0.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 20:46:36 +03:00
Jouni Malinen
1d29163035 FILS: Add new information elements
This adds definitions for new information elements from P802.11ai/D11.0
and parsing of these IEs.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 20:46:33 +03:00
Jouni Malinen
325a85be36 Extend AES-SIV implementation to support different key lengths
The previous implementation was hardcoded to use 128-bit AES key
(AEAD_AES_SIV_CMAC_256). Extend this by allowing AEAD_AES_SIV_CMAC_384
and AEAD_AES_SIV_CMAC_512 with 192-bit and 256-bit AES keys.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-10 19:40:59 +03:00
Jouni Malinen
e2991ee580 Move CRC-32 routine from wlantest to src/utils
This allows the CRC-32 routine to be shared for other purposes in
addition to the WEP/TKIP/FCS within wlantest.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-10-09 17:13:23 +03:00
Michael Braun
96590564d6 FT: Allow PMK-R0 and PMK-R1 for FT-PSK to be generated locally
Station should be able to connect initially without ft_pmk_cache filled,
so the target AP has the PSK available and thus the same information as
the origin AP. Therefore neither caching nor communication between the
APs with respect to PMK-R0 or PMK-R1 or VLANs is required if the target
AP derives the required PMKs locally.

This patch introduces the generation of the required PMKs locally for
FT-PSK. Additionally, PMK-R0 is not stored (and thus pushed) for FT-PSK.

So for FT-PSK networks, no configuration of inter-AP communication is
needed anymore when using ft_psk_generate_local=1 configuration. The
default behavior (ft_psk_generate_local=0) remains to use the pull/push
protocol.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-10-09 11:57:56 +03:00
Sabrina Dubroca
a25e4efc9e mka: Add driver op to get macsec capabilities
This also implements the macsec_get_capability for the macsec_qca
driver to maintain the existing behavior.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-10-09 11:30:48 +03:00
Jouni Malinen
53b2555f67 EAP-pwd: Validate Prep field in EAP-pwd-ID/Response
RFC 5931 Section 2.8.5.1 does not list the Prep field as something that
the server validates to match the Request. However, the supplicant side
has to use the same pre-processing mechanism for the password for the
authentication to work, so we may as well as enforce this field to match
the requested value now that wpa_supplicant implementation is fixed to
copy the value from the request.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-10-08 19:43:36 +03:00
Brian Candler
2875e32333 EAP-pwd: Fix Prep in EAP-pwd-ID/Response when EAP_PWD_PREP_MS is used
Fix the pre-processing field in the response when EAP_PWD_PREP_MS is
being used. This fixes interoperability with EAP-pwd servers that
validate the Prep field in EAP-pwd-ID/Response when the RFC2759
(PasswordHashHash) pre-processing is used.

Signed-off-by: Brian Candler <B.Candler@pobox.com>
2016-10-08 19:43:09 +03:00
Sabrina Dubroca
5f5ca28414 mka: Pass full structures down to macsec drivers' receive SC ops
Clean up the driver interface by passing pointers to struct receive_sc
down the stack to the {create,delete}_recevie_sc() ops, instead of
passing the individual properties of the SC.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-10-08 00:45:19 +03:00
Sabrina Dubroca
8ebfc7c2ba mka: Pass full structures down to macsec drivers' transmit SC ops
Clean up the driver interface by passing pointers to struct transmit_sc
down the stack to the {create,delete}_transmit_sc() ops, instead of
passing the individual arguments.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-10-08 00:45:03 +03:00
Julian Ospald
b70d508c50 LibreSSL: Fix compatibility for EAP-FAST
This basically just follows commit
587b0457e0 ('LibreSSL: Fix build with
LibreSSL') with the same pattern, which was missed here.

Signed-off-by: Julian Ospald <hasufell@hasufell.de>
2016-10-08 00:36:18 +03:00
Christian Neukirchen
df426738fb LibreSSL: Fix TLS initialization/deinitialization
Due to a missing guard for old OpenSSL code, SSL_library_init() was not
called, which is required for LibreSSL. Likewise for cleanup.

Signed-off-by: Christian Neukirchen <chneukirchen@gmail.com>
2016-10-08 00:27:56 +03:00
Christian Neukirchen
0d42179e12 LibreSSL: Fix dh5 code
Add LibreSSL check to old OpenSSL #ifdef guard as DH_{get0,set0}_key()
is not implemented in LibreSSL.

Signed-off-by: Christian Neukirchen <chneukirchen@gmail.com>
2016-10-08 00:26:18 +03:00
Lior David
32d08d5bf6 Add QCA vendor attributes for measurement frequency for FTM/AOA
Add attributes for specifing the frequency where FTM/AOA measurement is
done over the air. This allows the user space framework to maintain its
own cache of peers without depending on the kernel scan results cache,
or perform scans less often (since entries in the kernel scan results
cache expire quickly). The change is backward compatible. If the
frequency attribute is not specified, the kernel scan results cache will
be queried, like done today.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-10-04 23:44:18 +03:00
Sabrina Dubroca
cecdecdbe8 mka: Pass full structures down to macsec drivers' receive SA ops
Clean up the driver interface by passing pointers to struct receive_sa
down the stack to the {create,enable,disable}_receive_sa() ops, instead
of passing the individual properties of the SA.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-10-03 13:26:26 +03:00
Sabrina Dubroca
909c1b9835 mka: Pass full structures down to macsec drivers' transmit SA ops
Clean up the driver interface by passing pointers to struct transmit_sa
down the stack to the {create,enable,disable}_transmit_sa ops, instead
of passing the individual properties of the SA.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-10-03 13:17:21 +03:00
Sabrina Dubroca
7fa5eff8ab mka: Pass full structures down to macsec drivers' packet number ops
Clean up the driver interface by passing pointers to structs transmit_sa
and receive_sa down the stack to get_receive_lowest_pn(),
get_transmit_next_pn(), and set_transmit_next_pn() ops, instead of
passing the individual arguments.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-10-03 12:54:08 +03:00
Sabrina Dubroca
f75f6e2b03 mka: Move structs {transmit,receive}_{sa,sc} to a common header
These structs will be passed down to macsec drivers in a coming patch to
make the driver interface cleaner, so they need to be shared between the
core MKA implementation and the drivers.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-10-03 12:50:07 +03:00
Jouni Malinen
98529f3857 The master branch is now used for v2.7 development
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-10-02 22:27:26 +03:00
Jouni Malinen
2462f347bc Change version number to v2.6 for the release
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-10-02 21:51:11 +03:00
Nishant Chaprana
746e5c2565 Fix spelling mistakes in number of comments
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
2016-09-30 22:45:03 +03:00
Sunil Dutt
8b6688847e Add explicit enum values for QCA vendor config attributes
This makes it easier to copy a subset of definitions without
accidentally getting mismatching values.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-09-30 22:45:03 +03:00
vamsi krishna
8f47917493 MBO: Add support to send ANQP request to get cellular preference
This extends ANQP_GET command to support querying MBO cellular
preference also. The cellular preference can be requested along with
neigbor report by appending mbo:1 to the command arguments.

For example:
ANQP_GET <bssid> 272,mbo:1

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-09-30 22:45:03 +03:00
lifeng
8b7c5b8941 QCA vendor command for antenna diversity feature
The user space app use QCA_NL80211_VENDOR_SUBCMD_GET_CHAIN_RSSI cmd to
get the corresponding antenna rssi value for the specific chain. And the
associcated attributes are added to configure the antenna diversity and
related selftest.

Signed-off-by: Li Feng <lifeng@qti.qualcomm.com>
2016-09-26 23:46:59 +03:00
vamsi krishna
64c92c0757 MBO: Do not parse reason_detail in non_pref_chan attr (AP)
The reason detail field was removed from non_pref_chan attr in MBO
v0.0_r25 draft. Don't parse for this element to be compliant with the
latest drafr.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-09-25 17:31:26 +03:00
vamsi krishna
2800ec85d2 MBO: Add QCA vendor option to configure driver to ignore assoc disallow
MBO capable APs can set association disallowed in the Beacon/Probe
Response frames. For testing purposes, the STA needs to be configured to
not ignore the association disallowed set by APs and continue to connect
to such AP like non-MBO enabled STA. Add a QCA vendor attribute for
QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION vendor sub command to
configure the driver to ignore association disallowed functionality.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-09-25 17:31:26 +03:00
Zhang Qian
320caeab29 Add attributes for QCA_NL80211_VENDOR_SUBCMD_LL_STATS_EXT
More attributes are added for QCA_NL80211_VENDOR_SUBCMD_LL_STATS_EXT
1. Peer signal stats;
2. Peer TX stats;
3. Peer RX stats

Signed-off-by: Zhang Qian <zhangq@qti.qualcomm.com>
2016-09-23 21:13:58 +03:00
Jouni Malinen
ef24ad3ec5 nl80211: Remove unnecessary duplication from nl80211_set_param()
There is no need to find bss->drv separately for each parameter, so do
this once at the beginning of the function.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-09-23 17:36:55 +03:00
Mikael Kanstrup
4d584d8c2b nl80211: Add driver parameter force_bss_selection
Add driver parameter command to force capability flag
WPA_DRIVER_FLAGS_BSS_SELECTION even if driver states otherwise. This is
mainly for testing purposes.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2016-09-23 17:36:55 +03:00
Ilan Peer
dc2744f922 P2P: Fix common frequencies calculation for a group
Ignore group members for which there is no supported channels
information when calculating common group frequencies.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2016-09-22 23:48:14 +03:00
Srinivas Dasari
0d7eba5417 Define a QCA vendor command to validate encryption engine
This command carries 802.11 header and payload along with key (TK) and
PN for encryption/decryption purpose. Firmware/driver encrypts/decrypts
the given data and sends to userspace as a response to the command. User
space component can validate the data received from the driver to unit
test the hardware's encryption engine.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-09-22 20:30:05 +03:00
Denton Gentry
442819406c taxonomy: Store Probe Request frames in hostapd_sta_info
A weakness in the initial client taxonomy mechanism is from storing both
the Probe and Associate in struct sta_info. struct sta_info is created
after a client associates (or starts authentication frame exchange),
which means that any Probe Request frames sent prior to association are
not retained. The Associate Request frame has to be seen, and then
another Probe Request frame after association, before we have a
signature for the client.

Most clients send lots of Probe Request frames (lots and lots and lots
of Probes, actually), but a few do not. ChromeOS is notably sparing in
sending Probe Request frames, it can take a long time before a signature
for a ChromeOS device is available.

Store the most recent Probe Request frame in struct hostapd_sta_info
tracking list. When a struct sta_info is created, move the Probe Request
frame information from struct hostapd_sta_info to struct sta_info.

Signed-off-by: dgentry@google.com (Denton Gentry)
Signed-off-by: denny@geekhold.com (Denton Gentry)
Signed-off-by: rofrankel@google.com (Richard Frankel)
Signed-off-by: richard@frankel.tv (Richard Frankel)
2016-09-22 00:45:24 +03:00
Denton Gentry
04059ab844 Passive Client Taxonomy
Implement the signature mechanism described in the paper
"Passive Taxonomy of Wifi Clients using MLME Frame Contents"
published by Denton Gentry and Avery Pennarun.

http://research.google.com/pubs/pub45429.html
https://arxiv.org/abs/1608.01725

This involves:
1. Add a CONFIG_TAXONOMY compile option. Enabling taxonomy incurs
   a memory overhead of up to several kilobytes per associated
   station.
2. If enabled, store the Probe Request and (Re)Associate Request frame in
   struct sta_info.
3. Implement code to extract the ID of each Information Element,
   plus selected fields and bitmasks from certain IEs, into a
   descriptive text string. This is done in a new source file,
   src/ap/taxonomy.c.
4. Implement a "signature qq:rr:ss:tt:uu:vv" command
   in hostapd_cli to retrieve the signature.

Signatures take the form of a text string. For example, a signature
for the Nexus 5X is:
  wifi4|probe:0,1,127,45,191,htcap:01ef,htagg:03,htmcs:0000ffff,vhtcap:338061b2,
  vhtrxmcs:030cfffa,vhttxmcs:030cfffa,extcap:00000a0201000040|assoc:0,1,48,45,
  221(0050f2,2),191,127,htcap:01ef,htagg:03,htmcs:0000ffff,vhtcap:339071b2,
  vhtrxmcs:030cfffa,vhttxmcs:030cfffa,extcap:0000000000000040

Signed-off-by: dgentry@google.com (Denton Gentry)
Signed-off-by: denny@geekhold.com (Denton Gentry)
Signed-off-by: rofrankel@google.com (Richard Frankel)
Signed-off-by: richard@frankel.tv (Richard Frankel)
2016-09-22 00:45:24 +03:00
Jouni Malinen
5e993390f6 Initialize iface->sta_seen on allocation
Previously, struct hostapd_iface sta_seen list head was initialized only
when completing interface setup. This left a window for operation that
could potentially iterate through the list before the list head has been
initialized. While the existing code checked iface->num_sta_seen to
avoid this case, it is much cleaner to initialize the list when struct
hostapd_iface is allocated to avoid any accidental missing of the extra
checks before list iteration.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-09-22 00:45:24 +03:00
Nick Lowe
81258efacb Remove unused generation of Request Authenticator in Account-Request
Do not generate an unused and invalid Request Authenticator (random
value) when constructing Accounting-Request packets. The correct Request
Authenticator is calculated subsequently in radius_msg_finish_acct()
using MD5(msg + shared secret).

Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
2016-09-22 00:34:19 +03:00
Rafał Miłecki
ea19b39f60 Revert "nl80211: Remove duplicated check in nl80211_setup_ap()"
This reverts commit 647862eb60.

The second check of device_ap_sme looks like duplicated, but it isn't
actually. The trick is nl80211_create_monitor_interface may change that
variable value and the second evaluation may give a different result.

This definitely isn't a very clear code, but that change caused a
regression for drivers that:
1) Don't report NL80211_ATTR_DEVICE_AP_SME
2) Don't support monitor mode
3) Don't support subscribing for PROBE_REQ and/or ACTION frames
like brcmfmac. With such drivers hostapd doesn't start anymore.

Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
2016-09-17 20:08:24 +03:00
Jouni Malinen
205d2d1ff5 Fix typos in wpa_supplicant configuration parameter documentation
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-09-10 21:09:52 +03:00
Sunil Dutt
660103eca9 nl80211: Use the monitor interface only without device_ap_sme support
The places using drv->use_monitor were already skipping creation of the
monitor interface if drv->device_ap_sme == 0. This means that the
monitor interface operations would not have worked anyway and it is safe
to set drv->use_monitor to zero for all such cases. This fixes an issue
with management frame subscription not happening properly for the case
where the AP SME is in the driver and the driver supports monitor
interfaces (for other purposes).

This commit also removes the check for monitor support and the
previously used workaround that cleared drv->use_monitor in
drv->device_ap_sme == 1 case if monitor interface was not supported
since that condition cannot occur anymore.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-09-08 23:19:07 +03:00
Dedy Lansky
c7f9d44825 FST: Fix search for peer's "other" connection
Upon receiving FST Setup Request from some peer on some interface,
search is made to see if same peer is connected on other interface with
specific band_id. With multiple peers, bug in
fst_group_does_iface_appear_in_other_mbies() caused wrong peer address
to be returned sometimes.

Fix this with a modified, simplified search algorithm of peer's "other"
connection.

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
2016-09-08 11:17:45 +03:00
Lior David
a62dea4156 Fix mistakes in definition of QCA vendor commands for indoor location
Fix some mistakes in the previous commit for adding QCA vendor commands
for indoor location.

Note: The renamed enum value does not change the ABI, but the addition
of QCA_WLAN_VENDOR_ATTR_FTM_MEAS_INVALID in the beginning of enum
qca_wlan_vendor_attr_ftm_meas does renumber
QCA_WLAN_VENDOR_ATTR_FTM_MEAS_* values. The previous values were
committed yesterday and have not been used in any released code yet, so
this is a justifiable quick fix.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-09-06 23:38:47 +03:00
Joel Cunningham
711e3cab07 Handle NULL return from os_zalloc() in sta_track_add()
This adds handling for a memory allocation failure in sta_track_add().

Signed-off-by: Joel Cunningham <joel.cunningham@me.com>
2016-09-06 18:58:08 +03:00
Lior David
fcd85d9a3f Add QCA vendor commands/attributes for indoor location
Assign QCA vendor specific commands, attributes, and events for
supporting indoor location features.

These features include:

1. Fine timing measurement (FTM) - allows measurement of distance
between two stations. Based on IEEE P802.11-REVmc/D7.0, 11.24.6 FTM is
performed between two stations: one is an initiator, typically a client
that wants to measure distance to another AP, and one is a responder,
typically an AP which responds to measurement requests from other
clients. The responder can be configured to report its location, either
in absolute coordinates (LCI) or free-form description (LCR).

2. Angle of arrival (AOA) - allows measurement of azimuth and elevation
between two stations.

The above features can be combined to allow a station to get an accurate
indoor location.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-09-05 21:59:18 +03:00
Lior David
faecb39236 hostapd: Allow FTM functionality to be published
Add configuration options that control publishing of fine timing
measurement (FTM) responder and initiator functionality via bits 70, 71
of Extended Capabilities element. Typically, FTM functionality is
controlled by a location framework outside hostapd. When framework is
activated, it will use hostapd to configure the AP to publish the FTM
functionality. See IEEE P802.11-REVmc/D7.0, 9.4.2.27.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-09-05 21:23:07 +03:00
Tamizh chelvam
fc72a48a63 hostapd: Use stations nsts capability in (Re)Association Response frame
Some deployed stations incorrectly consider nsts capability in
(Re)Association Response frame as required capability instead of maximum
capability and if it is greater than station's capability then beamform
will not happen in uplink traffic.

This commit adds support for an optional workaround to use station's
nsts capability in (Re)Association Response frame if the station's nsts
is less than AP by using the use_sta_nsts=1 configuration parameter.
This configuration is introduced in this commit and it is disabled by
default.

Signed-off-by: Tamizh chelvam <c_traja@qti.qualcomm.com>
2016-09-05 21:14:40 +03:00
Zhang Qian
22950d0568 QCA vendor subcommand for LL_STATS extension
Some user space monitor wants to offload link layer statistics to
firmware. A new command QCA_NL80211_VENDOR_SUBCMD_LL_STATS_EXT and
associcated attributes are added. The monitor will use this new command
to configure monitoring paramters and get link layer statistics.
Attributes added in this change:
1. Parameters for FW to trigger the statistics report
2. Peer STA power state
3. TX failure statistics

Signed-off-by: Zhang Qian <zhangq@qti.qualcomm.com>
2016-09-05 20:50:10 +03:00
Sabrina Dubroca
7dcec24881 mka: Clean up key allocation
Assign cs in ieee802_1x_mka_decode_dist_sak_body and reuse it.

Cleanup of key allocation: ieee802_1x_kay_generate_new_sak() and
ieee802_1x_mka_decode_dist_sak_body() both allocate a struct key_conf,
fill it, and ask ieee802_1x_kay_init_data_key() to allocate and set up a
struct data_key. They also allocate multiple key buffers and copy the
same data around. Stop moving data from buffer to buffer, and just
allocate what we really need.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-28 22:24:33 +03:00
Sabrina Dubroca
95e9460d6a mka: Get rid of struct ieee802_1x_cp_conf
Instead of copying from kay to a temporary struct, and then from the
struct to the sm, just copy from kay to cp.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-28 21:56:17 +03:00
Sabrina Dubroca
07a6bfe1d2 mka: Store cipher suite ID in a u64 instead of u8 pointer
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-28 21:55:54 +03:00
Jouni Malinen
535a8b8712 mka: Make csindex unsigned
This avoids unnecessary typecasting while still being able to compare
the value to CS_TABLE_SIZE without compiler warnings.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-08-28 21:48:45 +03:00
Sabrina Dubroca
343eb3b036 mka: Reorganize live peer creation and key server election
This modifies ieee802_1x_kay_decode_mkpdu() check for peer including me
in its peer list.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-28 21:41:21 +03:00
Sabrina Dubroca
34dbe90ac5 mka: Share a single delete mka implementation
Share mka deletion implementation in ieee802_1x_participant_timer() for
the cak_life and mka_life expiration cases.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-28 21:31:28 +03:00
Sabrina Dubroca
0dabf79b5d mka: Introduce compare_priorities()
This takes care of priority comparison followed by MAC address
comparison if the priorities are identical.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-28 21:27:05 +03:00
Sabrina Dubroca
53080f770c mka: Clean up ieee802_1x_kay_mkpdu_sanity_check()
This drops one indentation level and makes the code a bit more readable.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-28 21:19:37 +03:00
Sabrina Dubroca
05283e7a6f mka: Simplify ieee802_1x_mka_dist_sak_body_present()
No need for an if statement to figure out Boolean return value.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-28 21:17:43 +03:00
Sabrina Dubroca
87b19c8d88 mka: Replace participant->kay with a local kay variable
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-28 21:17:36 +03:00
Sabrina Dubroca
f9ea083be3 mka: Fix typos in grammar in variable names and comments
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-28 20:59:58 +03:00
Sabrina Dubroca
921171f51c mka: Use named initializers for mka_body_handler[]
Also move the struct definition to be next to this array definition.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-28 20:57:23 +03:00
Sabrina Dubroca
86bef17c94 mka: Remove unused enum mka_created_mode values
DISTRIBUTED and CACHED were not used anywhere.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-28 20:56:44 +03:00
Sabrina Dubroca
ec958aee32 mka: Remove cs_len argument from the set_current_cipher_suite functions
This is a known constant value (CS_ID_LEN, i.e., the length of the EUI64
identifier) and does not need to be provided separately in these
function calls.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-28 20:55:34 +03:00
Sabrina Dubroca
46bbda2b83 mka: Clean up ieee802_1x_mka_decode_potential_peer_body()
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-28 20:50:49 +03:00
Sabrina Dubroca
cf375eb2da mka: Simplify ieee802_1x_mka_encode_icv_body() memory copying
There is no need to maintain two os_memcpy() calls to cover different
cmac lengths.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-28 20:47:25 +03:00
Sabrina Dubroca
8b4a148842 mka: Simplify ieee802_1x_mka_sak_use_body_present()
to_use_sak is a Boolean variable, so there is no need for an if
statement to figure out whether to return TRUE or FALSE.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-28 20:46:19 +03:00
Sabrina Dubroca
b3df7836e8 mka: Reorganize loops in number of KaY functions
Use for loop to remove unnecessary goto use and similar cleanup to
simplify the loops in ieee802_1x_mka_i_in_peerlist(),
ieee802_1x_mka_decode_live_peer_body(), and
ieee802_1x_kay_decode_mkpdu().

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-28 20:44:04 +03:00
Sabrina Dubroca
de7f5337f4 mka: Remove unused body_peer incrementation
Each loop iteration resets body_peer in the beginning, so there is no
need to increment this pointer in the end.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-28 20:35:45 +03:00
Sabrina Dubroca
2b13bcad70 mka: Add reset_participant_mi() helper
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-28 20:34:56 +03:00
Sabrina Dubroca
3ceb458254 mka: Clean up printf formats
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-28 20:31:10 +03:00
Sabrina Dubroca
8fab9e1cae mka: Use named initializers for static structs
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-28 20:30:48 +03:00
Sabrina Dubroca
d4f668fded mka: Add MKA_ALIGN_LENGTH macro
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-28 20:29:20 +03:00
Sabrina Dubroca
1de7a9f882 mka: Add helper functions for dumping and creating peer
This allows more code reuse for creating live/potential peer and dumping
peer entries.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-28 19:49:58 +03:00
Sabrina Dubroca
d9639d1a4e mka: Clean up ieee802_1x_kay_get_cipher_suite() lookup function
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-28 19:49:57 +03:00
Sabrina Dubroca
7c547cff6b mka: Refactor the get_*_peer() functions
Add ieee802_1x_kay_get_potential_peer() similarly to the previously used
ieee802_1x_kay_get_live_peer() and use these helper functions more
consistently to avoid multiple implementations of peer lookups.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-28 19:49:57 +03:00
Sabrina Dubroca
515bc1aec1 mka: Fix a typo in mka_body_handler (mak to mka)
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-28 19:49:57 +03:00
Sabrina Dubroca
a33e3c3214 mka: Add a helper function, sci_equal(), for sci comparison
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-28 19:49:57 +03:00
Sabrina Dubroca
cefeb8e382 mka: Use less bitfields in the IEEE 802.1X-2010 structs
This splits the u32 bitfields into u8 variables and using bitfields only
for the cases where under 8-bit fields are used.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-28 19:49:57 +03:00
Sabrina Dubroca
2e9448989f mka: Fix a typo in macsec_capbility
Spell "capability" correctly in the variable name.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-28 19:29:15 +03:00
Jouni Malinen
f2f8616e80 Initialize hapd->nr_db in hostapd_alloc_bss_data()
Previously, this was initialized in hostapd_setup_bss() which made it
possible for a REMOVE_NEIGHBOR control interface command to be issued
prior to the list head pointers having been set. That resulted in a NULL
pointer dereference. Fix this by initializing the list head at the time
the data structure gets allocated.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-08-22 17:44:05 +03:00
Jouni Malinen
1f3b8b4edb Check for driver initialization before doing driver operations
Number of hostapd control interface commands (e.g., STATUS-DRIVER) could
result in NULL pointer dereference when issued on not yet enabled BSS.
Fix this by checking that the driver interface has been initialized
before calling the driver_ops function.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-08-19 16:08:00 +03:00
Eduardo Abinader
833d0d45e8 radius: Sanity check for NULL pointer segfault
When the RADIUS client has not yet been fully enabled, MIB command was
segfaulting hostapd.

Signed-off-by: Eduardo Abinader <eduardoabinader@gmail.com>
2016-08-19 12:16:20 +03:00
Masashi Honma
052b8d38c5 mesh: Report HT operation mode to kernel
Report HT operation mode to kernel to broadcast correct IE in beacon
(for example HT operation IE).

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-08-18 20:46:15 +03:00
Masashi Honma
2bd6217173 mesh: Use WPA_DRIVER_MESH_CONF_FLAG_* as modification flag
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-08-18 20:40:13 +03:00
Masashi Honma
4ffb3f870d mesh: Do NL80211_MESHCONF_* setting in single function
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-08-18 20:37:38 +03:00
Masashi Honma
a1431ef8df mesh: Move max_peer_links parameter to appropriate struct
Accoding to the comment of struct wpa_driver_mesh_bss_params, the
max_peer_links parameter should be under that struct.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-08-18 20:33:39 +03:00
Petko Bordjukov
72a652d785 IAPP: Set SO_REUSEADDR on listening socket
Make it possible for several instances of hostapd to listen on the same
network interface.

Signed-off-by: Petko Bordjukov <bordjukov@gmail.com>
2016-08-18 20:01:48 +03:00
Johannes Berg
81372e347a ap: Use is_multicast_ether_addr() more
Various checks should use is_multicast_ether_addr() instead
of hardcoding the equivalent, change it.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2016-08-17 13:43:31 +03:00
Eduardo Abinader
647862eb60 nl80211: Remove duplicated check in nl80211_setup_ap()
Just removing a duplicated condition.

Signed-off-by: Eduardo Abinader <eduardoabinader@gmail.com>
2016-08-17 13:42:11 +03:00
Johannes Berg
e3429c0b15 nl80211: Fix control port protocol no-encrypt setting
Previously, driver_nl80211 sets NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT in
AP mode, to get EAPOL frames out unencrypted when using IEEE 802.1X/WEP.
However, due to the way nl80211/cfg80211 is implemented, this attribute
is ignored by the kernel if NL80211_ATTR_CONTROL_PORT_ETHERTYPE isn't
specified as well. Fix this by including
NL80211_ATTR_CONTROL_PORT_ETHERTYPE set to ETH_P_PAE. This can be done
unconditionally, since the kernel will allow ETH_P_PAE to be set even
when the driver didn't advertise support for arbitrary ethertypes.

Additionally, the params->pairwise_ciphers appear to not be set at
this point, so relax the check and allow them to be zero.

In client mode, this whole thing was missing, so add it. Again, the
pairwise suite can be WPA_CIPHER_NONE, so allow that case as well.

This fixed IEEE 802.1X/WEP EAP reauthentication and rekeying to use
unencrypted EAPOL frames which is the de facto way of implementing this
in wireless networks.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2016-08-17 13:40:40 +03:00
David Benjamin
478441bf81 OpenSSL: Fix OpenSSL 1.1.0 compatibility functions
To be consistent with OpenSSL 1.1.0, the free functions should
internally check for NULL. EVP_MD_CTX_free also was missing an
EVP_MD_CTX_cleanup, so this leaked a little.

OpenSSL 1.1.0 also has given get_rfc3526_prime_1536 a better namespace
with get_rfc3526_prime_1536 as a compatibility-only name. Use that
instead in 1.1.0.

Signed-off-by: David Benjamin <davidben@google.com>
2016-08-13 21:07:05 +03:00
Felix Fietkau
4fe726e2d7 nl80211: Do not switch interface to station mode when using mesh
This fixes issues with adding mesh interfaces to a bridge.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
2016-08-13 10:44:11 +03:00
Nick Lowe
8468189e90 Do not include NAS-Port attribute with AID 0
Do not include a NAS-Port attribute in Access-Request and
Accounting-Request packets where the Association ID (AID) is 0, i.e.,
not yet assigned or known.

Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
2016-08-13 10:28:01 +03:00
Manish Shukla
86a318f34a atheros: Accept Public Action frames sent to Wildcard BSSID
Previously, the check for mgmt->bssid matching own address (= BSSID)
ended up rejecting the case where Public Action frames are using
Wildcard BSSID in the Address 3 field. This could result in GAS queries
being dropped. Fix this by allowing both the own address (= AP BSSID)
and Wildcard BSSID in Action frame Address 3 field.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-08-11 16:08:30 +03:00
Yingying Tang
6fe3b9d451 QCA vendor command to get hardware capabilities
This commit introduces a new vendor sub command
QCA_NL80211_VENDOR_SUBCMD_GET_HW_CAPABILITY and the associated
attributes to get Wi-Fi hardware capabilities.

Signed-off-by: Yingying Tang <yintang@qti.qualcomm.com>
2016-08-10 16:49:46 +03:00
Sunil Dutt
dc24a3616a Define an attribute QCA_WLAN_VENDOR_ATTR_CONFIG_QPOWER
This can be used to enable/disable QPOWER.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-08-09 19:23:25 +03:00
Nick Lowe
42d30e9ea0 Add a require_message_authenticator configuration option
This can be used to mandate the presence of the Message-Authenticator
attribute on CoA/Disconnect-Request packets.

Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
2016-08-08 00:36:17 +03:00
Jouke Witteveen
715ad3386e roboswitch: Add support for BCM63xx
These devices do not properly identify themselves.

Signed-off-by: Jouke Witteveen <j.witteveen@gmail.com>
2016-08-08 00:25:31 +03:00
Rahul Bedarkar
a2072a29b9 utils: os_unix: Use access() for checking file existence
Trying to open file for checking file existence seems to be too much.
Instead use access system call which is meant for the same.

Signed-off-by: Rahul Bedarkar <rahulbedarkar89@gmail.com>
2016-08-08 00:24:07 +03:00
Sabrina Dubroca
cfe0a0194b mka: Fix use after free
We must cancel the timer when we delete an MKA instance.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-07 11:44:04 +03:00
Sabrina Dubroca
d68b73cfa5 mka: Add check for body length when decoding peers
The standard says that the body length must be a multiple of 16B.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-07 11:42:37 +03:00
Sabrina Dubroca
ad19e71e68 mka: Avoid reading past the end of mka_body_handler
body_type, used to index in mka_body_handler, can be any u8 value, but
we have only ARRAY_SIZE(mka_body_handler) elements.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-07 11:42:19 +03:00
Jouni Malinen
65b47738e8 mka: Return u8 from get_mka_param_body_type()
This uses a more accurate variable type for body_type and makes it
cleaner to compare this to other unsigned values.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-08-07 11:42:03 +03:00
Sabrina Dubroca
ac285c007c mka: Add error handling around ieee802_1x_kay_move_live_peer()
ieee802_1x_kay_move_live_peer() can fail. In that case, we should not
proceed.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-07 11:36:17 +03:00
Sabrina Dubroca
90bff0e2aa mka: Avoid inconsistent state in ieee802_1x_kay_move_live_peer()
If the memory allocation in ieee802_1x_kay_init_receive_sc() fails, we
end up in an inconsistent state where the peer is moved to the live
peers list and its sci is setup, but we don't have an rxsc.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-07 11:34:50 +03:00
Sabrina Dubroca
12447457bf mka: Fix length when encoding SAK-use
The room we actually use is length. This could also mess up the
receiver, since it will advance by the actual length (as indicated by
the parameter body's length), which could differ from the offset at
which we stored the next item.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-07 11:32:23 +03:00
Sabrina Dubroca
71dc78904f mka: Fix memory leak in ieee802_1x_kay_create_live_peer() error path
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-07 11:31:41 +03:00
Sabrina Dubroca
099613e415 mka: Fix multiple key server election bugs
1. The comparison between SCI's of two servers with identical priority
   is broken, and would always return TRUE. Just use os_memcmp(), which
   provides the ordering we need.

2. If no peer can be key server but this instance can, then become the
   key server.

3. The ordering of blocks between peer as key server and ourself as key
   server overwrites settings. Simple reordering fixes this.

4. Default to being the key server, so that we advertise our ability in
   the MKPDUs we send. That's the only way peers can know we can be key
   server. Cleared automatically as soon as we find a better peer.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-07 11:31:17 +03:00
Arran Cudbard-Bell
b84ce655d3 Link to, and adjust types for, the PCSC framework included with OSX
Signed-off-by: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
2016-08-07 11:20:33 +03:00
Johannes Berg
842c5af5d3 ap: Use is_broadcast_ether_addr()
There's no need to have a separate variable and open-code a more
complicated version of this, just use is_broadcast_ether_addr().

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2016-08-06 16:51:48 +03:00
Jouni Malinen
ac81b3948b cli: Share a common tokenize_cmd() implementation
wpa_cli and hostapd_cli had identical copies of this function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-08-06 12:46:39 +03:00
Jouni Malinen
980afcce53 cli: Share a common write_cmd() implementation
wpa_cli and hostapd_cli had identical copies of this function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-08-06 12:41:56 +03:00
Jouni Malinen
fcc84b48b2 cli: Share a common get_cmd_arg_num() implementation
wpa_cli and hostapd_cli had identical copies of this function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-08-06 12:39:56 +03:00
Jouni Malinen
e55df99ee6 Share a single str_starts() implementation
No need to define this as a static function in multiple files.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-08-06 12:38:21 +03:00
Mikael Kanstrup
23c130e9b7 Use a common license string for hostapd_cli and wpa_cli
Move the license strings for hostapd_cli and wpa_cli to common.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2016-08-06 12:34:25 +03:00
Mikael Kanstrup
977c0796f9 Move parts of wpa_cli to a new common file
In preparation for adding further command completion support
to hostapd_cli move some cli related utility functions out of
wpa_cli into a new common cli file.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2016-08-06 12:25:58 +03:00
Sunil Dutt
fed802c2e8 Define an attribute QCA_WLAN_VENDOR_ATTR_CONFIG_IFINDEX
This can be used to set the configuration parameters per netdev (instead
of wiphy).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-08-04 21:50:26 +03:00
Sunil Dutt
14b7612447 Define vendor command to support IE based access control
This commit defines QCA vendor subcommand and attributes for IE based
access control, i.e., the specific configured IE (full IE) is matched
with the frames originated by the Wi-Fi STA / AP to accept or deny the
connection. A specific IE can either be a whitelist or blacklist.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-08-04 21:50:22 +03:00
Vikram Kandukuri
4ac75cd01a QCA vendor command to configure GPIO pins
This commit introduces a new vendor sub command
QCA_NL80211_VENDOR_SUBCMD_GPIO_CONFIG_COMMAND and associated
attributes to configure GPIO pins.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-08-03 16:46:30 +03:00
Vikram Kandukuri
babf0ce0d2 Assign QCA vendor attributes for generic commands
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-08-03 16:44:07 +03:00
vamsi krishna
cc9985d1b1 Set default scan IEs to the driver (QCA vendor extension)
This makes wpa_supplicant set default scan IEs to the driver (if the
vendor command is supported). The driver can use these IEs in the scan
requests initiated by the driver itself. Also the driver can merge these
IEs into further scan requests that it receives, in case if the scan
request doesn't carry any of the IEs sent in this command.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-08-02 21:21:52 +03:00
Jouni Malinen
4f910f38e5 Fix a typo in QCA vendor attribution documentation
The previously used subcommand names in the comment did not match the
ones defined above.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-08-02 21:11:25 +03:00
vamsi krishna
ab21863108 Define QCA vendor config attribute to set default scan IEs to the driver
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-08-02 21:11:05 +03:00
Jouni Malinen
5a5638a3bf Show disabled HT/VHT properly in AP mode STATUS command
Previously, HT/VHT state was shown in STATUS based on the configuration
parameter instead of the runtime operational parameters. This could
result in claiming HT/VHT to be enabled even when it was forced to be
disabled due to an incompatible configuration. Clear HT/VHT information
in the STATUS output if HT/VHT has been disabled.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-08-02 17:41:01 +03:00
Wu Gao
551817a582 AP: Disable VHT in WEP configuration
This was already done for HT, but VHT has the same constraint on not
allowing WEP.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-08-02 17:31:48 +03:00
Chaitanya T K
f5728d0a82 nl80211: Fix segfault when params->freq is NULL for AP mode start
If params->freq is NULL here, it leads to a segfault. Do not initialize
bss->bandwidth if params->freq is NULL.

Signed-off-by: Chaitanya T K <Chaitanya.Mgit@gmail.com>
2016-07-23 22:06:10 +03:00
Masashi Honma
3388e7b96f mesh: Remove HT IEs if HT is disabled
Previously, HT capability IE and HT information IE were included in
Beacon and Mesh Peering Open/Confirm frames even if HT is disabled with
disable_ht=1. This patch removes these.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-07-23 22:04:16 +03:00
Masashi Honma
4ac2ea5738 mesh: Make DTIM period configurable
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-07-23 21:58:04 +03:00
Nishant Chaprana
0f282c76ee P2Ps: Clear existing value when peer stops sending adv_service_instance
If a peer stops sending adv_service_instance, we should clear the
existing dev->info.p2ps_instance.

This commit fixes the following scenario:

When peer device stops sending adv_service_instance, wpa_supplicant did
not remove old dev->info.p2ps_instance from device's property. This
variable should be updated as per peer behavior and should be cleared
when peer stops sending this information.

Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
2016-07-23 20:55:52 +03:00
Erik Ljungberg
4d7aab78bd Make driver flags available through control interface
This shows the current set of driver flags in wpa_cli and hostapd_cli.

Signed-off-by: Erik Ljungberg <erik.ljungberg@sonymobile.com>
2016-07-23 20:46:20 +03:00
MAYANK HAARIT
77d468e4db P2P: Cleanup by removing unnecessary os_free() call from p2p_deinit()
Remove the unnecessary os_free() call from p2p_deinit() since
p2p_flush() called just above this takes care of freeing
p2p->after_scan_tx and the second call here ends up being no-op
os_free(NULL) in practice.

Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
2016-07-23 20:35:56 +03:00
Masashi Honma
e347cafe57 mesh: Report mesh peer AID to kernel
Previously, mesh power management functionality works only with kernel
MPM. Because user space MPM did not report mesh peer AID to kernel,
the kernel could not identify the bit in TIM element. So this patch
reports mesh peer AID to kernel.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-07-23 20:26:26 +03:00