Commit graph

8099 commits

Author SHA1 Message Date
Jouni Malinen
dcc3305701 Move p2p_connect PIN format validation into a separate function
This functionality could be shared for other commands, too, so move
it to a common function. In addition, implement the validation in a
bit more strict way to avoid accepting values like '-123' as a valid
PIN.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-30 21:27:32 +03:00
Masashi Honma
36ebf7a1b2 P2P: Add error message for invalid PIN
Reject invalid PIN value in p2p_connect command. Before this, typos
like "pbd" as the third parameter could have resulted in OK return
value since this parameter was interpreted as the PIN.

Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
2012-06-30 21:19:12 +03:00
Jouni Malinen
10ac7ddf33 Do not share special scan results with virtual interfaces
When a special scan_res_handler is used the scan parameters may not have
been suitable for other purposes (e.g., during a p2p_find operation). As
such, do not indicate such scan results to other virtual interfaces
using the same radio.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-30 20:30:40 +03:00
Jouni Malinen
3df2f4fe99 P2P: Remove unused P2P_SCAN_SPECIFIC
This is not used anymore after the commit
e6ecfc4fd3.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-30 20:20:29 +03:00
Johannes Berg
e6ecfc4fd3 P2P: Remove GO neg/invite special cases from search
There are separate states for these, so we can't really get into this
situation unless somebody tries to do multiple things at the same
time. p2p_connect stops find and CONNECT state is used to probe the peer
on its Listen channel with GO Negotiation Request frames. Similarly,
p2p_invite() stops find and INVITE state is used to probe the peer on
its Listen channel with Invitation Request frames. The older mechanism
of using Search state functionality to find the peer can be removed.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2012-06-30 20:18:07 +03:00
Jouni Malinen
d001defeec Update license notification in files initially contributed by Sam
This updates these files to use the license notification that uses only
the BSD license. The changes were acknowledged by email (Sam Leffler
<sam@errno.com>, Sat, 30 Jun 2012 07:57:53 -0700).

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-30 19:36:04 +03:00
Gary Morain
0bb1e425b5 Export disconnect reason code to dbus
In the properties changed signal, added a new property
"DisconnectReason", which carries the IEEE 802.11 reason code of the
most recent disassociation or deauthentication event. The reason code is
negative if it is locally generated. The property is sent to the DBUS
immediately so as to prevent it from being coalesced with other
disconnect events.

Signed-off-by: Gary Morain <gmorain@chromium.org>
2012-06-30 16:43:50 +03:00
Jouni Malinen
8350d0afd8 EAP-pwd: Avoid double-frees on some error paths
At least some error paths (e.g., hitting the limit on hunt-and-peck
iterations) could have resulted in double-freeing of some memory
allocations. Avoid this by setting the pointers to NULL after they have
been freed instead of trying to free the data structure in a location
where some external references cannot be cleared. [Bug 453]

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-30 16:16:32 +03:00
Jouni Malinen
0f27f15911 EAP-pwd: Increase maximum number of hunting-and-pecking iterations
The previously used limit (10) is too small for practical purposes since
it can result in about 1 out of 1000 authentication attempts failing.
Increase the limit to 30 to avoid such issues. [Bug 453]

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-06-30 16:12:41 +03:00
Mahesh Palivela
532b16c7a9 hostapd: Add IEEE 802.11ac VHT IEs into Beacon/Probe Response
IEEE 802.11ac VHT changes to include VHT IEs in Beacon and Probe
Response frames.

Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
2012-06-30 13:57:52 +03:00
Mahesh Palivela
efe45d1471 hostapd: Initial IEEE 802.11ac (VHT) definitions
Add IEEE 802.11ac definitions for config, IEEE structures, constants.

Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
2012-06-30 13:52:13 +03:00
Michael Naumov
acc5f4ec60 P2P: Add dbus python scripts to perform p2p_find and p2p_connect
Two DBUS scripts using python glib are added to perform p2p_find and
p2p_connect operations respectively. p2p_connect script just performs
the traditional connect to create a new p2p group. Additional updates
will be required to perform join, auth etc. al.

Signed-hostap: Michael Naumov <michael.naumov@intel.com>
Signed-hostap: Nirav Shah <nirav.j2.shah@intel.com>
2012-06-30 13:11:26 +03:00
Jouni Malinen
51ca03f470 WPS: Document NFC use cases with password/config token
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 21:28:49 +03:00
Jouni Malinen
bfc62fe133 WPS: Share a single function for generating NFS password tokens
There is no need for both hostapd and wpa_supplicant to have their
own functions for this.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 21:01:37 +03:00
Jouni Malinen
40a5e3bfde WPS: Add a standalone tool for building NFC password tokens
nfc_pw_token can be used to build random NFC password token for WPS.
This tool prints out the wpa_supplicant.conf (or hostapd.conf)
parameters and the hexdump of the WPS password token (with and without
NDEF encapsulation) so that it can be written to a NFC tag with an
external program.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 21:01:37 +03:00
Jouni Malinen
72df0cd28c WPS: Use random_get_bytes() for NFC password id
os_random() may not be seeded properly, so use stronger mechanism for
generating the password id for NFC password tokens.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 20:40:16 +03:00
Jouni Malinen
ffdaa05a6b WPS: Add support for NCF password token from AP
The new hostapd ctrl_iface command WPS_NFC_TOKEN can now be used to
manage AP-as-Enrollee operations with NFC password token. WPS/NDEF
parameters to this command can be used to generate a new NFC password
token. enable/disable parameters can be used to enable/disable use of
NFC password token (instead of AP PIN) for external Registrars.

A preconfigured NFS password token can be used by providing its
parameters with new hostapd.conf fields wps_nfc_dev_pw_id,
wps_nfc_dh_pubkey, wps_nfc_dh_privkey, and wps_nfc_dev_pw. This use
will also depend on WPS_NFC_TOKEN enable/disable commands, i.e., the
configured NFS password token is disabled by default.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 19:43:29 +03:00
Jouni Malinen
e484e927a6 WPS: Allow NFC password token from AP to be used with wps_reg
The AP PIN on wps_reg command can now be replaced with special value
"nfc-pw" to use device password from a NFC password token from the AP.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 19:41:26 +03:00
Jouni Malinen
e6ea2a451c WPS ER: Add support for using NFC password token from an Enrollee
WPS_NFC_TAG_READ ctrl_iface command can now be used to add NFC password
tokens to ER.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 17:34:46 +03:00
Jouni Malinen
1cea09a9e2 WPS ER: Add support for building NFC configuration token
WPS_ER_NFC_CONFIG_TOKEN command can now be used to build a NFC
configuration token based on AP Settings learnt with WPS_ER_LEARN
or set with WPS_ER_CONFIG.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 16:35:51 +03:00
Jouni Malinen
71892384da WPS: Fix ifdef use for the new NFC mechanism in wpa_supplicant
Use CONFIG_WPS_NFC instead of CONFIG_WPS_OOB for the NFC specific
new ctrl_iface commands.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 14:07:22 +03:00
Jouni Malinen
d7645d239d WPS: Add support for NFC configuration token from external program
The new wpa_supplicant ctrl_iface command WPS_NFC_TAG_READ can now be
used to process NFC tags read by external programs to initiate
wpa_supplicant to use NFC Configuration Token to create a new network.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 13:59:29 +03:00
Jouni Malinen
3cf7a59d4f WPS: Add new mechanism for generation NFC configuration token
The new hostapd ctrl_iface command WPS_NFC_CONFIG_TOKEN can now be used
to fetch payload for an NFC configuration token so that an external
program can be used to write this on an NFC tag.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 13:25:48 +03:00
Jouni Malinen
5bb7ae1f0c WPS: Fix error case in NFC password token generation
Need to verify that wps_build_nfc_pw_token() returned a valid buffer
before trying to encapsulate it for NDEF.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 13:23:58 +03:00
Jouni Malinen
0e3c16546b WPS: Use separate list of NFC Password Tokens in the Registrar
This adds a cleaner mechanism for handling NFC Password Tokens in the
WPS Registrar. There could be more than one active NFC Password Token in
use and as such, a list of tokens needs to be maintained. The old
WPS_OOB interface is still using the old mechanism that supports only a
single active NFC Password Token.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 22:15:55 +03:00
Jouni Malinen
bb45b6d79a WPS: Add new mechanism for communicating NFC tag read events
hostapd ctrl_iface can now be used to deliver payload from read
operation of an NFC tag. This allows operations without having to have
low-level NFC code within hostapd. For now, the new wps_nfc_tag_read
command can be used with NFC password tokens for the case where the AP
has an NFC device that is used to read an NFC tag from the station
Enrollee.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:13 +03:00
Jouni Malinen
3f2c8ba6d3 WPS: Add new mechanism for NFC config method using password token
Instead of requiring low-level access to an NFC device and synchronous
operations, the new WPS_NFC_TOKEN and WPS_NFC ctrl_iface commands can be
used to build a NFC password token and initiate WPS protocol run using
that token (or pre-configured values) as separate commands. The
WPS_NFC_TOKEN output can be written to a NFC tag using an external
program, i.e., wpa_supplicant does not need to have low-level code for
NFC operations for this.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
6b5a0c9466 WPS: Move attribute parser definitions into a new header file
This allows wps/wps_attr_parse.h to be included into files outside
src/wps.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
78e625f79a WPS: Split wps_build_oob_dev_password() into parts
This allows sharing of a function to build the attribute without
changing the OOB parameters.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
8a13732f83 NDEF: Mark input data const when it is not modified
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
2f425090fb WPS: Allow NDEF functions to be used from outside src/wps
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
e524ebe387 NDEF: Skip unnecessary wpabuf to ptr/len conversion
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
a0d0c560c3 Add dh5_init_fixed() to allow fixed DH parameters to be used
This allows pre-configured private and public key to be used when
initializing DH for group 5.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
0965813640 WPS: Fix OOB Device Password use for EAP-WSC peer
The OOB Device Password is passed in as a hexdump of the real Device
Password (16..32 octets of arbitrary binary data). The hexdump needs to
be converted to binary form before passing it for WPS processing.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
4e0131d351 WPS: Add support for OOB dev password lengths 16..31
Previously, only the maximum length 32 octets for OOB device password
was accepted. Since the specification allows a shorter password to be
used with limited OOB mechanism (e.g., small NFC tag), we should accept
lengths 16..32.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
582143e544 WPS: Fix potential memory leak with NFC password token
The old stored public key hash needs to be freed before replacing
the pointer with the new value.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
7be6dc2e96 WPS: Fix NFC password token building with WPS 2.0
The earlier WPS 2.0 changes did not increase the wpabuf size when
adding a new attribute to the NFC password token. This could result
in aborting the application on wpabuf overflow if NFC out-of-band
mechanism is used with WPS 2.0 enabled.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-06-27 21:21:11 +03:00
Jouni Malinen
99f0032409 Allow autoscan parameters to be changed in SCANNING state
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-26 20:11:25 +03:00
Jouni Malinen
c3d1223848 Reinitialize autoscan on explicit reassocciate/reconnect command
This clears the exponential scan interval back to the base value
when a reconnection is requested explicitly.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-26 20:05:51 +03:00
Jouni Malinen
d7ded75832 Cancel pending scan request on DISCONNECT command
Previously, a pending scan request could be left running when processing
DISCONNECT command from control interface. This can result in unexpected
scan, so cancel the request to avoid this.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-26 19:57:03 +03:00
Jouni Malinen
992189991c Start autoscan for first connection attempt
Use wpa_supplicant_set_state() to initialize state to DISCONNECT so that
autoscan gets initialized properly. This needs a change in
autoscan_init() to avoid extra scan request that would postpone the
first scan request when an interface is added.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-26 19:52:46 +03:00
Jouni Malinen
460b36d0c0 Fix autoscan exponential to limit interval in all cases
The first time the limit is exceeded could result in using larger
value - avoid that by limiting the interval also in that case.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-26 19:51:06 +03:00
Jouni Malinen
ccea4eb3e8 Fix autoscan exponential to start with the base value
Initial implementation used base^2 as the starting value.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-26 19:47:25 +03:00
Jouni Malinen
1aea2ca325 Write autoscan parameter to config file on updates
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-26 19:43:05 +03:00
Tomasz Bursztyka
e3659c89d2 Add a simple periodic autoscan module
This module will sets a fixed scanning interval. Thus, the parameter to
this module is following this format: <fixed interval>

Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2012-06-26 19:28:21 +03:00
Tomasz Bursztyka
c0fba2b38d Add autoscan module named exponential
This module will compute the interval on a base exponential. Thus,
params to this module are following this format: <base>:<limit>

Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2012-06-26 19:22:56 +03:00
Tomasz Bursztyka
2bdd834257 Add autoscan command into wpa_cli
Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2012-06-26 19:11:17 +03:00
Tomasz Bursztyka
bc5d330ae0 Add ctrl iface command for autoscan
Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2012-06-26 19:09:47 +03:00
Tomasz Bursztyka
67892d5c0d D-Bus: Add AutoScan interface method to set/unset autoscan parameters
Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2012-06-26 19:05:09 +03:00
Tomasz Bursztyka
7c865c6853 Add automatic scanning support
Like bgscan, autoscan is an optional module based feature to automate
scanning but while disconnected or inactive.

Instead of requesting directly a scan, it only sets the scan_interval
and the sched_scan_interval. So, if the driver supports sched_scan,
autoscan will be able to tweak its interval. Otherwise, the tweaked
scan_interval will be used. If scan parameters needs to be tweaked, an
autoscan_params pointer in wpa_s will provide those. So req_scan /
req_sched_scan will not set the scan parameters as they usually do, but
instead will use this pointer.

Modules will not have to request a scan directly, like bgscan does.
Instead, it will need to return the interval it wants after each
notification.

Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2012-06-26 18:55:41 +03:00