Commit graph

2593 commits

Author SHA1 Message Date
Jouni Malinen
66562e9c75 Use cached driver capabilities instead of new fetch for each operation
There is no need to repeat the driver capability fetch for each
operation since we already cache driver flags in wpa_s->drv_flags.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-07 17:36:40 +03:00
Sheng Fang
4aa8186806 Add a configration parameter for sched_scan interval
The new sched_scan_interval parameter can be used to set the default
sched_scan interval, e.g., for power saving purposes.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-07 12:41:14 +03:00
Jouni Malinen
f11b72c3e9 TDLS: Move AID=1 workaround into driver_nl80211.c
The use of AID=1 for the nl80211 dummy STA case is specific to the
driver (cfg80211), so better move this into the driver wrapper instead
of generic TDLS implementation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-06 15:57:03 +03:00
Sunil Dutt
785336998d TDLS: Pass peer's AID information to kernel
The information of the peer's AID is required for the driver to
construct partial AID in VHT PPDU's. Pass this information to the driver
during add/set station operations (well, as soon as the information is
available, i.e., with set station operation currently).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-05-06 15:47:44 +03:00
Jouni Malinen
55a2df4389 HS 2.0: Include HS 2.0 Indication element only for HS 2.0 association
The Hotspot 2.0 specification seems to mandate this element to be
included in all (Re)Association Request frames if the station is Hotspot
2.0 capable. However, that results in conflicts with other requirements
like no TKIP use when this element is present. The design is really
supposed to include the indication element only for Hotspot 2.0
associations regardless of what the current specification implies.
Remove the HS 2.0 Indication element from (Re)Association Request frame
whenever the connection is not for Hotspot 2.0 purposes.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-05 16:29:21 +03:00
Jouni Malinen
9be371437e wpa_cli: Fetch the current BSSID list when starting interactive mode
This makes tab completion work better in cases where wpa_cli is started
after wpa_supplicant has already discovered BSSes.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-05 12:38:55 +03:00
Jouni Malinen
69aa33411e wpa_cli: Add BSSID tab completion for set bssid_filter
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-05 12:20:35 +03:00
Jouni Malinen
215658726f wpa_cli: Replace set command help with completion routine
The old help text did not include most of the parameters and as such,
was not really helpful. Replace it with tab completion function that
includes more or less all available parameters.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-05 12:18:43 +03:00
Jouni Malinen
f1fb042cec wpa_cli: Allow space in the set command value
Previously, interactive mode could not be used to enter space-separated
lists with the set command. This removes that restriction and allows
such commands to be encoded properly.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-05 11:53:20 +03:00
Ben Greear
f5ffc348dc wpa_supplicant: Allow global scan frequencies configuration
This allows one to limit the channels that wpa_supplicant will
scan. This is a useful addition to the freq_list configurable
in the network {} section.

Signed-hostap: Ben Greear <greearb@candelatech.com>
2013-05-05 11:46:54 +03:00
Jouni Malinen
abfc3ad9af Synchronize build config comments for wpa_supplicant
This updates number of comments in android.config to match the latest
version in defconfig and adds some of the entries that were previously
present only in android.config into defconfig.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-04 20:19:50 +03:00
Jouni Malinen
a01e10da68 Android: Enable WPS ER and NFC support in the build
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-04 20:19:47 +03:00
Jouni Malinen
0f105f9e5f HS 2.0: Move Probe Request Indication IE addition to proper place
This needs to be in wpa_supplicant_extra_ies() to get consistent
behavior for both scan and sched_scan cases.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-04 11:57:56 +03:00
Ilan Peer
41b1a76a96 P2P: Clone beacon_int when initializing new group interface
Signed-hostap: Ilan Peer <ilan.peer@intel.com>
2013-05-04 11:25:29 +03:00
Vinayak Kamath
741ed9fc25 WPS: Remove duplicate networks after WPS
Each attempt to connect to the same network using WPS would result
in the duplicate configuration getting added. Avoid such redundant
additions by comparing the network configuration with an already
existing one and remove the older network if the new credential
provisioned through WPS is identical.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-30 13:35:50 +03:00
Jouni Malinen
b57b560034 wpa_supplicant: Default to nl80211 instead of wext
nl80211 has obsoleted WEXT as the preferred kernel interface for
controlling wireless drivers. Update wpa_supplicant driver interface
list order so that nl80211 gets used first if both nl80211 and wext
interfaces are included in the build. In addition, update README to
reflect the fact that WEXT is obsolete.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-29 16:55:44 +03:00
Jouni Malinen
a8a7890d7c Clear extra_blacklist_count on FLUSH command
This is needed to avoid old blacklist failure counts from being valid
after state flush.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-28 22:35:15 +03:00
Jouni Malinen
5e24dc8a4b Add dup_binstr() to help common binary string tasks
There are quite a few places in the current implementation where a nul
terminated string is generated from binary data. Add a helper function
to simplify the code a bit.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-27 23:44:59 +03:00
Jouni Malinen
04382f7d6f NFC: Add no waiting and no multiple operations options for scripts
The nfcpy script used to be run in a way that left them running for
multiple operations. This is not desired for some use cases, so provide
options to request only a single operation to be performed.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-27 22:15:23 +03:00
Jouni Malinen
28fcfb67c0 NFC: Increase wpa_cli command buffer size
NFC connection handover messages may be longer than 100 octets, so
increase wpa_cli buffer size to allow longer messages to be reported.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-27 22:14:45 +03:00
Jouni Malinen
e864c0aefe Use a common frequency to channel conversion function
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-27 22:11:51 +03:00
Deepthi Gowri
02db75b6c2 FT: Reset FT flag upon STA deauthentication
Reset ft_completed if STA receives deauthentication
between FT reassoc success and the subsequent initial
mobility authentication and association.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-26 17:56:24 +03:00
Jouni Malinen
dd57970477 Disable network temporarily on repeated connection failures
Previously, only explicit indications of authentication failures were
used to disable a network block temporarily. Extend this to use multiple
failed connection attempts as a sign of a possible authentication or
authorization failure to reduce the frequency of connection attempts
with a network that does not seem to allow connection.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-04-25 17:28:50 +03:00
Jouni Malinen
06b7f58def RSN: Update preauth scan results only based on new scan results
The fast-connect optimization to skip a new scan did not update how the
RSN preauthentication callback is used. There is no point in trying to
add preauthentication candidates from cases where scan was skipped, so
skip this call, too, in such cases.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-23 18:24:00 +03:00
Jouni Malinen
18e00b5e4d Move wpa_s freeing into wpa_supplicant_deinit_iface()
All wpa_supplicant_deinit_iface() callers ended up freeing wpa_s
immediately after this call. Move os_free(wpa_s) into the deinit
function to share the same call and make the deinit sequence clearer.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-23 18:07:41 +03:00
Paul Stewart
754632c965 dbus_new: Add EAP logon/logoff
Add "EAPLogoff" and "EAPLogon" interface DBus commands which
parallel the "logoff" and "logon" wpa_ctrl commands which terminate
and restart EAP authentication.  Slightly enhance the "logon" case
by expiring any running "startWhile" timer.

Signed-hostap: Paul Stewart <pstew@chromium.org>
2013-04-23 17:57:55 +03:00
Dmitry Shmidt
e6304cad47 wpa_supplicant: Add option -I for additional config file
This option can be used only for global parameters that are not going
to be changed from settings.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Signed-off-by: Iliyan Malchev <malchev@google.com>
2013-04-23 17:38:57 +03:00
Bruno Randolf
060605226f wpa_supplicant: Add get_capability freq
Add "get_capability freq" command to print a more verbose list of
channels and frequencies in MHz. The tag "NO_IBSS" is added, if IBSS
mode is not allowed on a channel. This allows userspace programs to get
the frequencies and limitations associated with each channel.

This extends the information already provided in "get_capability
channels" but a new interface is chosen because of backwards
compatibility considerations.

Signed-hostap: Bruno Randolf <br1@einfach.org>
2013-04-23 16:55:54 +03:00
Chris Hessing
c7a39ba4e1 Provide TLS alerts to CLI/UI over control interface
Harmonize EAP status events over control interface to provide same
functionality as existing D-Bus callback.

Signed-hostap: Chris Hessing <chris.hessing@cloudpath.net>
2013-04-23 16:46:02 +03:00
Jouni Malinen
2a07a276ec P2P: Increase GTK rekeying period to 24 hours
Strong ciphers do not need frequent rekeying, so increase the default
GTK rekeying period to 24 hours.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-23 14:11:10 +03:00
Jouni Malinen
88c8bf311e WPS NFC: Allow configuration token to be built from network block
"WPS_NFC_CONFIG_TOKEN <WPS/NDEF> <network id>" can now be used to build
an NFC configuration token from a locally configured network.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-01 21:28:57 +03:00
Jouni Malinen
e205401c72 WPS ER: Allow Enrollee to be specified with MAC address
wps_er_pbc and wps_er_pin can now be used with both the UUID and MAC
Address of the Enrollee.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-01 20:52:44 +03:00
Jouni Malinen
c44a19c1f9 WPS ER: Document additional NFC command for ER operations
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-01 20:36:15 +03:00
Jouni Malinen
59307b3007 WPS ER: Allow AP to be specified with BSSID
This extends the WPS ER commands that previously accepted only UUID as
an identifier for an AP to use either UUID or BSSID for this.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-01 20:32:09 +03:00
Jouni Malinen
5c9d63d46f WPS: Be more careful with pre-configured DH parameters
Make the implementation more robust against error cases with
pre-configured DH parameters.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-01 19:27:32 +03:00
Jouni Malinen
17b8995cf5 Interworking: Try to use same BSS entry for storing GAS results
There may be cases where multiple BSS entries for a single BSSID are in
the table. This is mostly in automated test cases due to the AP
configuration changes, but something similar could potentially happen as
a corner case in more realistic networks, too, e.g., when an AP changes
its operating channel. Make network selection more robust by trying to
find the exact BSS entry instead of any BSS entry with a matching BSSID
when storing GAS/ANQP response.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-01 11:44:04 +03:00
Jouni Malinen
3db5439a5f Optimize Extended Capabilities element to be of minimal length
Leave out zero octets from the end of the element.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-31 21:58:17 +03:00
Johannes Berg
8cd6b7bce8 hostapd/wpa_s: Use driver's extended capabilities
Some extended capabilities (I'm currently interested in "Operating Mode
Notification" for VHT) are implemented by the kernel driver and exported
in nl80211. Use these in hostapd/wpa_supplicant.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-03-31 21:51:44 +03:00
Jouni Malinen
acb546436a Add ctrl_iface command FLUSH for clearing wpa_supplicant state
This is mainly for testing purposes where it is convenient to have an
easy way of getting wpa_supplicant state cleared between test cases.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-31 20:31:07 +03:00
Masashi Honma
97236cee6a WPS: Skip rescanning after provisioning if AP was configured
If WPS provisioning step is completed with an AP that is in WPS
configured state, we can skip a second scan after the provisioning step
since the AP is unlikely to change its configuration in such a case.
This can speed up WPS connection a bit by removing an unneeded scan.

Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
2013-03-31 20:06:42 +03:00
Jouni Malinen
4342326fc7 Add ignore_old_scan_res configuration parameter
This can be used to configure wpa_supplicant to ignore old scan results
from the driver cache in cases where such results were not updated after
the scan trigger from wpa_supplicant. This can be useful in some cases
where the driver may cache information for a significant time and the AP
configuration is changing. Many such cases are for testing scripts, but
this could potentially be useful for some WPS use cases, too.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-31 18:05:42 +03:00
Jouni Malinen
9599ccc2dd WPS: Clear after_wps on new WPS connection
The after_wps counter could have potentially be left in its old non-zero
value in some WPS sequences which could result in a single-channel scan
being used based on obsolete information. Clear after_wps in
wpas_wps_reassoc() to make sure this does not happen.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-31 18:05:42 +03:00
Jouni Malinen
702621e6dd WPS: Use latest updated BSS entry if multiple BSSID matches found
If the AP (P2P GO) has changes its channel of SSID recently, the BSS
table may have multiple entries for a BSSID. Select the one which was
most recently updated for WPS/P2P operations in such case to increase
the likelihood of using current information.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-31 18:05:42 +03:00
Jouni Malinen
2f9b66d3ab Extend ROAM command to handle multiple SSIDs per BSS
Select the BSS entry based on BSSID,SSID pairs instead of just BSSID to
avoid selecting an unexpected SSID for the ROAM command.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-30 11:49:05 +02:00
Jouni Malinen
ef8151ac57 P2P: Write p2p_ignore_shared_freq to configuration file on updates
Commit b277a2bebc added a new global
configuration parameter, but forgot to update configuration file saving
to store this.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-26 22:24:41 +02:00
Jouni Malinen
18a2eaabe3 Add ap_vendor_elements for wpa_supplicant AP/P2P GO mode
This new parameter allows wpa_supplicant AP mode operations to use
similar design to the vendor_elements parameter in hostapd to add
vendor_elements into Beacon/Probe Response IE parameters.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-21 15:52:41 +02:00
Jouni Malinen
407be00b6c P2P: Postpone P2P scan only if station mode scan is pending
sta_scan_pending was supposed to be accurate enough for determining
whether a P2P scan needs to be postponed. However, it has turned out
that there were cases where sta_scan_pending was not cleared properly.
While the known cases have now been addressed, it is possible that some
other cases may still exist. To avoid issues with P2P operationg getting
stuck, verify more carefully that there is a real pending station mode
scan (either in progress or scheduled to be requested).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-18 17:32:31 +02:00
Jouni Malinen
cfd31b5026 Use special scan result processing steps only on requesting interface
Scan result events are shared between all virtual interfaces sharing the
same radio. However, some of the steps are not really appropriate on
virtual interfaces that did not issue the scan request. Fix this by
making these steps conditional on the scan results being processed on
the interface that requested them.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-18 17:32:31 +02:00
Jouni Malinen
b1cd021e29 P2P: Re-start P2P operation if station mode scanning is stopped
There were couple of code paths that could end up stopping station mode
scanning without clearing sta_scan_pending. This could result in P2P
search getting stuck waiting for completion of station mode scan which
would never show up. Fix this by calling wpas_p2p_continue_after_scan()
in cases where station mode scans are stopped. This allows
sta_scan_pending to be cleared and P2P search operation continued.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-18 17:32:31 +02:00
Jouni Malinen
f85f545e71 P2P: Use common function for re-starting P2P scan after station scan
Make the implementation more consistent and cleaner by using a single
function for addressing all the cases where completion of a station mode
scan operation allows a P2P operation (search) to be re-started.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-18 17:32:31 +02:00
Jouni Malinen
095da179de Android: Enable WNM in the build
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-17 20:19:44 +02:00
Jouni Malinen
ce9283a401 Android: Use CONFIG_WNM mode consistently
Replace CONFIG_IEEE80211V with CONFIG_WNM to get more consistent build
options for WNM-Sleep Mode operations. This is similar to the Makefile
change in commit ad3872a372.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-17 20:13:46 +02:00
Jouni Malinen
69586aa312 Android: Fix CONFIG_WNM use in Android.mk
This code was within ifdef CONFIG_AP and did not get included unless
AP mode support was also enabled. This is similar to the Makefile
change in commit 2dfb9a447c.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-17 20:10:44 +02:00
Jouni Malinen
3b335329b9 Android: Update Android.mk based on Makefile changes
This brings the Android makefiles a bit closer to the Makefile changes
that had been missed in the past.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-17 20:08:23 +02:00
Jouni Malinen
c3aa4da94d Convert WPS NFC python scripts from using wpactrl to wpaspy
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-16 21:47:10 +02:00
Partha Narasimhan
b2a12c4f93 wpa_supplicant: Fix lookup of cached PMKSA
This fixes the lookup of a usable PMKSA entry in the cache. Using
wpa_s->current_ssid often returns nothing when a usable PMKSA exists in
the cache since wpa_s->current_ssid does not necessarily point to the
correct network entry at this point in time (prior to association).

Signed-hostap: Partha Narasimhan <parthan@gmail.com>
2013-03-16 12:45:31 +02:00
Bruno Randolf
65d52fc103 Add capability flag for IBSS and add get_capability modes
Add a driver capability flag for drivers which support IBSS mode and set
it for nl80211 drivers which have set the NL80211_IFTYPE_ADHOC.

Add a new option "modes" to "get_capability" which will return "AP" and
"IBSS" if the corresponding capability flags are set.

The idea is that this can be used for UIs to find out if the driver
supports IBSS mode.

Signed-hostap: Bruno Randolf <br1@einfach.org>
2013-03-16 12:42:15 +02:00
Jouni Malinen
21f01a8e3d Fix build with CONFIG_NO_CONFIG_BLOBS
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-16 12:20:21 +02:00
Solomon Peachy
7d37a357fa Fix build without CONFIG_CTRL_IFACE or CONFIG_NO_STDOUT_DEBUG
Signed-off-by: Solomon Peachy <pizza@shaftnet.org>
2013-03-16 12:07:18 +02:00
Jouni Malinen
dbca75f82a P2P: Remove persistent group peer if it rejects invitation
If a peer replies to persistent group invitation with status code 8
(unknown group), remove the peer from the p2p_client_list if we are the
GO or remove the persistent group if we are the P2P client since it
looks like that the peer has dropped persistent group credentials and
the provisioning step needs to be executed again.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-15 16:43:06 +02:00
Jouni Malinen
b277a2bebc P2P: Allow shared interface channel preference to be ignored
p2p_ignore_shared_freq=1 in the configuration file (or "SET
p2p_ignore_shared_freq 1" on control interface) can now be used to
configure wpa_supplicant to ignore the preference on shared operating
channel when the driver support multi-channel concurrency. The default
behavior is to try to start any new P2P group on an operating channel
that is already in use on another virtual interface to avoid extra cost
from hopping between multiple channels. If this new parameter is set to
1, such preference is not used and instead, the channel for the new P2P
group is selected based on other preferences while ignoring operating
channels of any concurrent connection.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-14 16:32:35 +02:00
Jouni Malinen
6cb27aa85f P2P: Fix shared frequency preference for concurrent operations
Commit 50285f5ca8 changed number of rules
in channel selection and among other things, it broke the design where
the currently used operating channel on a virtual interface that is
shared by the same radio is preferred to avoid costs related to
multi-channel concurrency. Fix this regression by making the P2P module
aware of the shared channel and using that preference as the highest
priority when re-selecting the channel during negotiation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-14 16:26:55 +02:00
Jouni Malinen
a70a52c316 P2P: Allow all channels for multi-channel concurrency (no negotiation)
Commit 79879f4ae8 enabled all channels to
be used when negotiating channel with a driver that supports
multi-channel concurrency. Extend that to cover cases where the channel
is not being negotiated (e.g., p2p_group_add to start a GO).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-14 15:38:11 +02:00
Jouni Malinen
b6714ca1bb Fix compiler warning when CONFIG_IEEE80211R is not included
Commit 6a1ce39599 moved the bssid
variable declaration to be outside CONFIG_IEEE80211R block and
triggered a compiler warning about unused variable.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-13 12:40:57 +02:00
Jouni Malinen
94d7acf3df WPS NFC: Fix build without CONFIG_WPS_ER
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-13 00:02:52 +02:00
Deepthi Gowri
ee9a95c34e Android: Enable IEEE 802.11r in wpa_supplicant builds
Signed-off-by: Deepthi Gowri <deepthi@codeaurora.org>
2013-03-12 20:09:41 +02:00
Deepthi Gowri
6a1ce39599 FT: Add support for IEEE 802.11r with driver-based SME
Add NL80211_CMD_UPDATE_FT_IES to support update of FT IEs to the
WLAN driver. Add NL80211_CMD_FT_EVENT to send FT event from the
WLAN driver. This will carry the target AP's MAC address along
with the relevant Information Elements. This event is used to
report received FT IEs (MDIE, FTIE, RSN IE, TIE, RICIE).

Signed-off-by: Deepthi Gowri <deepthi@codeaurora.org>
2013-03-12 20:08:53 +02:00
Vivek Natarajan
c9c77083b3 P2P: Clear p2p_in_provisioning flag on group removal
Commit 77dfafd07d cancels group formation
timeout on group removal case but failed to reset the
p2p_in_provisioning flag. This can lead to repeated p2p_find failures if
the group gets removed before completion of the WPS provisioning step
(e.g., GO tears down the group). Fix this by clearing
p2p_pin_provisioning when cancelling group formation.

Signed-hostap: Vivek Natarajan <nataraja@qca.qualcomm.com>
2013-03-11 20:47:24 +02:00
Chet Lanctot
9210bea172 Android: Enable IEEE 802.11w support in the build
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-11 13:52:13 +02:00
Chet Lanctot
3ee9ade6cf Allow SME SA Query to be used by all drivers
The unprotected disconnection events were previously processed only for
drivers that used the wpa_supplicant SME implementation (separate
authentication and association commands). However, this can be useful
for drivers that use the connect API, so remove the limitation and allow
the same IEEE 802.11w SA Query mechanism to be used even without full
use of the wpa_supplicant SME.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-11 13:49:40 +02:00
Jouni Malinen
5139008b51 Android: Sync makefile changes for HT/VHT overrides
CONFIG_HT_OVERRIDES and CONFIG_VHT_OVERRIDES were already mentioned in
android.config, but Android.mk did not yet know about them.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-10 18:05:40 +02:00
Johannes Berg
e9ee8dc394 wpa_supplicant: Support VHT capability overrides
Add support for VHT capability overrides to allow testing connections
with a subset of the VHT capabilities that are actually supported by
the device. The only thing that isn't currently supported (by mac80211
and this code) is the RX/TX highest rate field.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-03-10 18:04:39 +02:00
Johannes Berg
eae3a584f5 wpa_supplicant: Parse int values in different bases and reject invalid
Instead of using atoi(), use strtol() which allows checking if
the configuration values are valid integers and can understand
more than just decimal (also hexadecimal and octal). This not
only allows specifying some fields in hex (which can be useful)
but also rejecting invalid configurations, e.g.,
        disassoc_low_ack=27 * 2
which was previously read as just 27.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-03-10 17:55:24 +02:00
David Spinadel
725fc39e07 wpa_supplicant: Reschedule sched scan after network change
Stop sched scan, if running, after any disabling or removing of
a network, and request a new scan if needed.

Signed-hostap: David Spinadel <david.spinadel@intel.com>
2013-03-10 17:51:13 +02:00
Jouni Malinen
14f7907890 Remove unnecessary local variable
The ssid parameter (if NULL) can be used for the loop, too, to make the
code look a bit prettier.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-10 17:45:15 +02:00
David Spinadel
dca1a51149 wpa_supplicant: Handle enabling of one or all networks equally
Move enabling a network to a separate function. Try to reconnect if not
associated to an AP. Abort scheduled scan in any case of a new scan.

Signed-hostap: David Spinadel <david.spinadel@intel.com>
2013-03-10 17:43:00 +02:00
David Spinadel
7ed52f678b wpa_supplicant: Save prev_sched_ssid only if needed
If the whole ssid list was scanned, don't save the prev scheduled ssid
since we are going to start from beginning. Thos avoids starting sched
scan from prev_sched_ssid after scanning the full list, in case of
adding a network to ssid during scheduled scan.

Signed-hostap: David Spinadel <david.spinadel@intel.com>
2013-03-10 17:32:03 +02:00
David Spinadel
a09fc1ccf8 wpa_supplicant: Do not allow too short sched scan
In case that the ssid list is longer than max number of ssids,
ths scheduled scan aborted after timeout and rescheduled again
with shorter timeout and longer interval. In case that the timeout
is shorter than the interval, only one scan iteration will
be run. In this case, go back to the initial values.

Signed-hostap: David Spinadel <david.spinadel@intel.com>
2013-03-10 17:27:48 +02:00
Jouni Malinen
77e4e85321 P2P: Mark peer authorized for persistent group invitation
When p2p_invite persistent=<id> is used to request a persistent group to
be re-invoked, the peer may reply with status=1 (info not yet available)
if upper layer processing of the invitiation is requested. The peer is
ten expected to start another invitation exchanged within 120 seconds if
the user authorizes the connection. Allow this process to be used more
easily by automatically authorizing the peer that we tried to invite to
use this second invitation sequence even if persistent_reconnect=0.

For this mechanism to work, the device that starts the invitation needs
to start listen mode to be able to receive the invitation request from
the peer. At least for now, this is not done automatically, but future
changes could potentially enable this automatically at least if there
are no concurrent operations in progress.

Example sequence on the initiator:

cmd: P2P_INVITE persistent=1 peer=<addr>
event: P2P-INVITATION-RESULT status=1
cmd: P2P_LISTEN 120
wait for peer to start another invitiation round.. group will be
re-invoked automatically

On the peer (with persistent_reconnect=0):

event: P2P-INVITATION-RECEIVED sa=<addr> persistent=1 [freq=<MHz>]
wait for user approval
cmd: P2P_INVITE persistent=1 peer=<addr>
group will be re-invoked automatically

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-01 21:32:33 +02:00
Jouni Malinen
cd1e2309a2 P2P: Indicate frequency for upper layer invitation processing
When a device that is a GO in a persistent group receives an Invitation
Request from a P2P client and persistent_reconnect=0, upper layer is
notified of this with P2P-INVITATION-RECEIVED event. The upper layer is
supposed to run another invitation exchange is this case, but if that
does not happen and the GO is started without successful (status=0)
invitation exchange, the operating channel for the group may end up
getting set in a way that the P2P client is not able to support. Provide
optional freq parameter in the P2P-INVITATION-RECEIVED event on the GO
side. If this parameter is received and the upper layer decides to issue
P2P_GROUP_ADD command, that command should include this freq parameter
to make sure the operating channel gets selected from the set that the
peer can support.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-01 21:27:31 +02:00
Jouni Malinen
18206e02c5 Allow wpa_supplicant AP mode to configure Beacon interval
beacon_int (in TU) can now be used to configure Beacon interval for AP
mode operations (including P2P GO) in wpa_supplicant. This can be set
either in a network block or as a global parameter in the configuration
file (or with "SET beacon_int <value>" control interface command) to
apply for all networks that do not include the beacon_int parameter to
override the default.

In addition, this commits extends the dtim_period parameter to be
available as a global parameter to set the default value. dtim_period is
now stored in the configuration file, too, if it was set.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-01 20:50:08 +02:00
Jouni Malinen
5473362458 P2P: Use peer's channel list to limit GO freq on invitation
Peer device includes its list of allowed operating channels in the
Invitation Response frame. When we are becoming the GO, use that list
from the peer to filter out acceptable channels to avoid selecting a
channel that the peer is unable to use.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-01 20:01:01 +02:00
Jouni Malinen
f5877af01e P2P: Allow P2P client to specify preferred group channel
When re-invoking a persistent group in P2P client role, the new
pref=<MHz> parameter can now be used with the p2p_invite command to
indicate a preferred operating frequency. Unlike the older freq=<MHz>
parameter, this leaves GO an option to select another channel (from our
supported channels) if the GO cannot accept the channel.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-01 19:40:54 +02:00
Jouni Malinen
5de4b72177 P2P: Use shared function for setting up frequencies
p2p_connect() and p2p_invite() cases used more or less identical
implementatin. Use a shared function to avoid duplicated code.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-01 18:40:39 +02:00
Deepthi Gowri
79879f4ae8 P2P: Allow all channels in case of multi channel concurrency
If multi channel concurrency is supported, we have to populate the
p2p_channels with list of channels that we support. Use the same design
that was previously added for GO Negotiation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-01 18:40:39 +02:00
Jouni Malinen
ff48691368 Avoid partial BSS entries in control interface
Most of the print_bss_info() cases were already returning zero lenth to
avoid returning partial returns to the BSS commands, but the HS 2.0 and
Wi-Fi Display entries behaved differently. Make those consistent with
rest of the items.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-28 18:49:33 +02:00
Dmitry Shmidt
cfd42c94ee Mark last BSS entry by #### instead of ====
This allows ctrl_iface users to iterate through the BSS entries by
fetching multiple BSS entries with "BSS RANGE=N-" without having to use
one extra round to get empty return value as the indication of the last
entry having been found.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-02-28 18:46:06 +02:00
Dmitry Shmidt
c667342933 Add WPA_BSS_MASK_DELIM flag to BSS command
This flag will add ==== delimiter between to separate bss results.
Unlike the other BSS command MASK values, this delimiter is not
included by default to avoid issues with existing users of the BSS
command.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-02-28 18:43:05 +02:00
Masashi Honma
5e24beae02 Use scan results for reconnection
This patch uses existing scan results for fast connection on REASSOCIATE
and RECONNECT commands.

Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
2013-02-28 16:34:08 +02:00
Masashi Honma
ad5dda8222 Interworking: Remove unused variable warnings
This patch removes these warnings.

interworking.c: In function 'interworking_credentials_available_3gpp':
interworking.c:1330:6: warning: unused variable 'ret' [-Wunused-variable]
interworking.c:1329:19: warning: unused variable 'cred' [-Wunused-variable]

Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
2013-02-28 16:34:06 +02:00
Jouni Malinen
aec309c407 wpa_cli: Increase receive buffer from 2048 to 4096 bytes
wpa_supplicant uses 4096 byte buffer for control interface responses, so
wpa_cli should do the same to avoid truncating responses unnecessarily.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-27 15:59:55 +02:00
Sunil Dutt
f8361e3d68 TDLS: Pass peer's VHT Capability information during sta_add
The information of the peer's VHT capability is required for the
driver to establish a TDLS link in VHT mode with a compatible peer.
Pass this information to the driver when the peer station is
getting added.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-25 10:31:50 +02:00
Jouni Malinen
f23ce1f032 WPS: Add AP mode NFC connection handover with wpa_supplicant/nfcpy
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-24 10:57:06 +02:00
Jouni Malinen
f3f2ba2e6e WPS NFC: Add connection handover support for ER
wpa_supplicant can now generate the WPS carrier record for connection
handover response when acting as an ER. The AP whose configuration is
provided in this way is identified with an UUID as an argument to
wps-nfc.py.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-24 10:56:29 +02:00
Jouni Malinen
c39fdb8529 WPS: Add wps-er-config command for writing config token from ER
UUID of the AP is specified on the command line to select which
configuration is used.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-24 10:54:18 +02:00
Jouni Malinen
b618a469c4 Interworking: Select highest priority cred if multiple matches
Previously, the credential to use for a connection with a specific BSS
was picked arbitrary based on first found match of each matching
mechanism. While the credential priorities were used elsewhere, this did
not take into account that different mechanisms could find multiple
matching credentials. As such, the highest priority credential was not
always used in case more than one credential matched with the selected
BSS. Fix this by checking credential priorities again during connection
request.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-16 19:57:35 +02:00
Jouni Malinen
87470ea298 WPS: Fix build without CONFIG_WPS_NFC
Commit bbf41865c9 added calls to functions
that are only defined if CONFIG_WPS_NFC=y. Protect those calls properly
to avoid build issues.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-15 17:09:24 +02:00
Jouni Malinen
5ab9a6a53e WPS: Add support for NFC handover select generation with wpa_supplicant
When wpa_supplicant is controlling an AP mode interface, it can generate
the alternative carrier record for NFC connection handover select
message similarly to the way this is done in hostapd.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-15 12:34:55 +02:00
Jouni Malinen
7bfe27778b WPS: Update NFC connection handover documentation
The last couple of changes to the control interface commands for NFC
connection handover had not yet been documented.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-15 11:51:28 +02:00
Jouni Malinen
bbf41865c9 WPS: Add support for config token generation with wpa_supplicant
When wpa_supplicant is controlling an AP mode interface, it can generate
the NFC configuration token similarly to the way this is done in
hostapd.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-15 11:47:52 +02:00
Jouni Malinen
23ffcaf172 WPS: Allow password token to be written with nfcpy
This adds write-password option for the nfcpy example script for
wpa_supplicant to match hostapd wps-ap-nfc.py functionality.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-15 11:34:13 +02:00
Jouni Malinen
042ec551d4 WPS: Use pre-configured NFC password token instead of overriding it
"WPS_NFC_TOKEN <WPS/NDEF>" used to generate a new NFC password token
regardless of whether there was a pre-configured token in the
configuration. Change this to use the pre-configured value, if
available, instead. This allows the same command to be used to write the
password token to an NFC tag more conveniently.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-15 11:24:29 +02:00
Sunil Dutt
d16531c40c TDLS: Pass peer's Capability and Ext Capability info during sta_add
The contents of the peer's capability and extended capability
information is required for the driver to perform TDLS P-UAPSD and Off
Channel operations. Pass this information to the driver when the peer
station is getting added.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-14 21:02:34 +02:00
Sunil Dutt
189206dddb Android: Enable TDLS support in the build
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-14 21:01:54 +02:00
Sunil Dutt
ff4178d57c TDLS: Pass peer's HT Capability and QOS information during sta_add
The information of the peer's HT capability and the QOS information is
required for the driver to perform TDLS operations. Pass this
information to the driver when the peer station is getting added.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-14 21:01:50 +02:00
Jouni Malinen
b8df43dec6 TDLS: Fix add/set STA operation
Commit a9a1d0f08a added vht_capabilities
to struct hostapd_sta_add_params but forgot to update
wpa_supplicant_tdls_peer_addset() to initialize the variable to NULL.
This could result in uninitialized pointer being used in
driver_nl80211.c when adding a TDLS peer entry. Fix this by clearing the
hostapd_sta_add_params with memset.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-14 21:01:07 +02:00
Sunil Dutt
7b44ff2c21 TDLS: Tear down peers when disconnecting from the AP
A TDLS Teardown frame with Reason Code 3 (Deauthenticated because
sending STA is leaving (or has left) IBSS or ESS) shall be transmitted
to all TDLS peer STAs (via the AP or via the direct path) prior to
transmitting a Disassociation frame or a Deauthentication frame to the
AP.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-13 01:19:44 +02:00
Jouni Malinen
c5f10e804a Use more accurate timestamps for scan results
For various P2P use cases, it is useful to have more accurate timestamp
for the peer information update. This commit improves scan result
handling by using a single timestamp that is taken immediately after
fetching the results from the driver and then using that value to
calculate the time when the driver last updated the BSS entry. In
addition, more debug information is added for P2P peer updates to be
able to clearly see how old information is being used here.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-12 19:14:32 +02:00
Jouni Malinen
e47588279a WPS: Report NFC connection handover completion differently
Instead of reporting only one connection handover message, report
completion of NFC connection handover with carrier record from both the
request and select messages.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-11 18:43:46 +02:00
Jouni Malinen
ec01d5f6b0 P2P: Avoid concurrent scans during all steps of group formation
Previously, only some P2P states were considered to postpone concurrent
station mode scans during group formation. Especially the WPS
provisioning step was skipped due to issues to scans run on the P2P
client interface (see commit fc6997b345).
This is not ideal since a concurrent scan can slow down group formation
considerably and potentially make it time out. Enforce p2p-in-progress
through all steps of group formation on another interface to address
this.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-11 12:21:03 +02:00
Jouni Malinen
77dfafd07d P2P: Cancel group formation timeout on group removal (on client)
Group formation timeout is normally canceled when 4-way handshake is
completed (WPA_COMPLETED -> wpas_p2p_completed). However, it is possible
for the GO to stop the group before this happens (i.e., send
Deauthentication frame with reason code 3 before 4-way handshake is
completed). This resulted in the group getting removed, but the group
formation timeout left behind. The unexpected timeout may then result in
undesired termination of the following operation. Fix this by canceling
the group formation timeout in wpas_p2p_group_delete() similarly to how
group idle timeout was canceled there.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-10 23:36:52 +02:00
Jouni Malinen
bd692a8b0e WPS: Change listen time to match nfcpy default (250 ms)
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-02-10 18:49:20 +02:00
Jouni Malinen
b8dbc5d689 WPS: Report only the carrier record from NFC to wpa_supplicant
Since there could be multiple carrier records, it is cleaner to report
only the WPS carrier record instead of full NFC connection handover
select to wpa_supplicant.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-02-10 18:42:43 +02:00
Jouni Malinen
bbaaaee171 WPS: Fetch only the carrier record from wpa_supplicant for NFC
Since there could be multiple carrier records, it is cleaner to build
only the WPS carrier record instead of full NFC connection handover
request within wpa_supplicant.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-02-10 18:19:59 +02:00
Jouni Malinen
cf78e2acc8 WPS: Clean up debug prints with nfcpy
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-02-10 16:27:59 +02:00
Jouni Malinen
8414860422 WPS: Remove 0.5 sec extra wait from NFC handover with nfcpy
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-02-10 16:27:14 +02:00
Jouni Malinen
dc6bda1123 WPS: Use alternating poll/listen for NFC peer discovery with nfcpy
This is needed to find the NFC peer to avoid cases where both devices
could be using the same operation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-02-10 16:25:20 +02:00
Jouni Malinen
8140ae969b WPS: Configure logging to show nfcpy log message
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-02-10 16:20:25 +02:00
Peter Wu
a24a5ccb28 dbus: Add missing signal description for WPS (7)
Commit caff399250 added a property named
"WPS" to the dbus interface. It did not add the new
WPAS_DBUS_BSS_PROP_WPS property to the function responsible for marking
changed properties though. This cause the following messages to be
printed repeatedly to syslog:

    dbus: wpas_dbus_bss_signal_prop_changed: Unknown Property value 7

Signed-hostap: Peter Wu <lekensteyn@gmail.com>
2013-02-09 12:13:54 +02:00
Jouni Malinen
62cab3b737 eap_proxy: Add a dummy implementation for compilation testing
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-08 11:54:05 +02:00
Deepthi Gowri
bd3ca9d0bf Android: Enable EAP-AKA support in the build
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-08 11:54:03 +02:00
Deepthi Gowri
45f4a97a3a eap_proxy: Add mechanism for allowing EAP methods to be offloaded
In addition to the offload mechanism, the Android configuration and
makefiles are extended to allow this to be configured for the build by
dropping in platform specific configuration files and makefile without
having to modify any existing files.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-08 11:54:01 +02:00
Dmitry Shmidt
66fe0f703c Add 'SCAN TYPE=ONLY' functionality
Usual manual scan request may cause reassociation due to several
reasons. New command is intended to perform pure scan without taking any
automatic action based on the results.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-02-07 18:09:50 +02:00
Vladimir Kondratiev
ff3ad3c531 Capability matching for 60 GHz band
On the DMG (60 GHz) band, capability bits defined differently from
non-DMG ones. Adjust capability matching to cover both cases.

Also, for non-DMG bands, check ESS bit is set.

Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
2013-02-07 16:20:18 +02:00
Raja Mani
3140803b6d nl80211: Add ctrl_iface message for AP mode connection rejection
When AP mode operation reject the client, nl80211 layer advertises the
connect failed event with the reason for failures (for example, max
client reached, etc.) using NL80211_CMD_CONN_FAILED.

This patch adds some debug messages whenever such an event is received
from the nl80211 layer and also the same event is posted to the upper
layer via wpa_msg().

Signed-off-by: Raja Mani <rmani@qca.qualcomm.com>
2013-02-07 15:24:53 +02:00
Jouni Malinen
409ca9a84d P2P: Allow local configuration to use 5 GHz band 40 MHz channels
These channels were already enabled for P2P use, but the local
configuration parameter was not allowed to use the operating class in
which the 40 MHz channels are specified.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-07 12:51:17 +02:00
Amar Singhal
9f42d49c55 Fix BSS RANGE command for no exact id match cases
The RANGE=N1-N2 command did not return any entries in some cases where
N1 does not match with any BSS entry. Fix this by allow entries to be
fetched even without knowing the exact id values.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-07 12:27:52 +02:00
Amar Singhal
cc03d0fef3 Add "BSS LAST ..." command
Add the "BSS LAST ..." command. This command helps in fetching the scan
entries iteratively from FIRST entry to LAST entry by ID.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-06 00:31:34 +02:00
Amar Singhal
f330b4b44b Fix the "BSS FIRST.." command
The "BSS FIRST.." command fails when additional parameters (e.g., MASK)
is used since the string comparsion does not take into account the
number of characters. Fix by comparing only 5 characters as in other
commands.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-06 00:28:48 +02:00
Jouni Malinen
5ebe8c8179 HS 2.0: Fix IE buffer length for extra scan IEs
The HS 2.0 Indication element is 7 (not 6) octets. The previous
implementation could result in wpabuf validation code stopping the
program if HS 2.0 was enabled without Interworking or P2P (which would
have created a large enough buffer to avoid hitting this) being enable.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-05 17:40:09 +02:00
Sunil Dutt
3887878e53 TDLS: Remove link, if any, on an implicit set up request
If an implicit TDLS set up request is obtained on an existing link or an
to be established link, the previous link was not removed. This commit
disables the existing link on a new set up request. Also,
wpa_tdls_reneg() function was invoking wpa_tdls_start() on an already
existing peer for the case of internal setup, which is incorrect. Thus
the invocation of wpa_tdls_start() is removed in wpa_tdls_reneg() and
also this function is renamed to wps_tdls_remove() as it does not
renegotiation rather shall remove the link (if any) for the case of
external setup.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-05 13:27:56 +02:00
Jouni Malinen
2b79164f12 P2P: Fix P2P-GROUP-STARTED event for p2p_connect-join
Commit 50178335bf introduced a regression
for P2P-GROUP-STARTED event indication during p2p_connect-join when
using a separate P2P group interface. wpa_s->global->p2p_group_formation
was already set in that case to point to the group interface and this
commit changed this to point to incorrect interface. Fix this by setting
p2p_group_formation here only in case a separate group interface is not
used.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-04 15:52:53 +02:00
Jaewan Kim
391f492532 wpa_supplicant: Fix access to the freed memory when removing all networks
Commit 59ff6653aa fixed this issue for
'removing a network', and we also need to take care of 'removing all
networks'.

Signed-hostap: Jaewan Kim <jaewan at google.com>
2013-02-03 21:22:59 +02:00
Jouni Malinen
d6bbcce411 Make wpas_select_network_from_last_scan() static
Addition of wpa_supplicant_fast_associate() made it unnecessary to call
wpas_select_network_from_last_scan() directly from other files.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-02-03 21:13:07 +02:00
Paul Stewart
cecdddc184 wpa_supplicant: Implement fast-associate on SelectNetwork
If scan results are available when we perform a SelectNetwork, use
them to make an associate decision.  This can save an entire scan
interval-worth of time in situations where something external to
wpa_supplicant (like a connection manager) has just previously
requested a scan before calling SelectNetwork.

Signed-hostap: Paul Stewart <pstew@chromium.org>
2013-02-03 21:08:31 +02:00
Pontus Fuchs
9e737f08d4 Update scan interval gracefully
When the scan interval is changed the new interval is effective
after the old interval timer fires off one last time. This can cause
an unacceptable long delay when updating the interval.

Change this behaviour to use MIN(left of old interval, new interval)
for the scan interval following the interval change.

Signed-hostap: Pontus Fuchs <pontus.fuchs@gmail.com>
2013-02-03 18:14:05 +02:00
Sunil Dutt
f2e698de7e TDLS: Disable the link also on driver request for teardown
The link was not disabled for the case of implicit trigger from the
driver unlike in the case of explicit trigger fromc ctrl_iface. Make the
tear down sequences match in these cases by adding the TDLS_DISABLE_LINK
tdls_oper to the driver when processing the TDLS_REQUEST_TEARDOWN event.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-01-22 14:09:54 +02:00
Jouni Malinen
dc013f1e37 eapol_test: Remove unnecessary header file inclusion
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-01-15 12:03:29 +02:00
Jouni Malinen
90d215b264 Fix wpa_priv build
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-13 19:06:53 +02:00
Jouni Malinen
a13e1cc345 Fix EAP-pwd server file name for wpa_supplicant AP builds
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-13 19:06:53 +02:00
Jouni Malinen
2ee1594da9 Updated test_wpa to use new header file for WPA authenticator
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-13 19:06:53 +02:00
Jouni Malinen
62769a88db Move cipher to enum wpa_cipher conversion into wpa_common.c
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-13 18:02:20 +02:00
Jouni Malinen
cf830c1c54 Use a helper function for selection group cipher for AP mode
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-13 17:41:40 +02:00
Jouni Malinen
0282a8c46a Use helper function for writing cipher suite names
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-13 17:31:36 +02:00
Jouni Malinen
031453265f Define allowed pairwise/group cipher suites in a header file
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-13 17:10:38 +02:00
Jouni Malinen
a39c78be41 Use a common function for parsing cipher suites
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-13 17:06:22 +02:00
Jouni Malinen
edbd2a191e Move cipher suite selection into common helper functions
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-13 16:58:54 +02:00
Jouni Malinen
9aadb8774e P2P: Add some more details on Service Query TLV format
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-13 13:43:54 +02:00
Paul Stewart
93c7e332c2 wpa_supplicant: Add more DBus EAP status
Signal the start of EAP authentication as well as when additional
credentials are required to complete.

Signed-hostap: Paul Stewart <pstew@chromium.org>
2013-01-12 19:51:18 +02:00
Jouni Malinen
67bc1375eb Update ChangeLog files to match current implementation
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 18:04:19 +02:00
Jouni Malinen
b4fd3613d3 SAE: Free temporary buffers when moving to Accepted state
Most of the variables are not needed anymore once the SAE instance
has entered Accepted state. Free these to save memory.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
4ef34a9960 SAE: Remove duplicated SAE field debug dumps
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
fbfb0e65bf SAE: Add support for FFC groups
This allows FFC groups to be used with SAE. Though, these groups are not
included in the default sae_groups value based on what is available
since the FFC groups have the additional requirement of using a safe
prime with the current implementation (or specification of the group
order).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
cbf61176ed Add more debug info if wpa_supplicant_set_suites() fails
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
9c75e9fb81 WPS: Verify wpa_config_set() return value more consistently
Even though this command is very unlikely to fail, in theory, it could
and the WPS connection would fail in such a case. Return more clearer
failure indication in such a case without even trying to start
reassociation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
4954c859ea SAE: Indicate used group in ctrl_iface STATUS
The new "sae_group=<id>" line will be included in the ctrl_iface STATUS
output if SAE was used for the association.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
625f202a74 SAE: Allow enabled groups to be configured
hostapd.conf sae_groups parameter can now be used to limit the set of
groups that the AP allows for SAE. Similarly, sae_groups parameter is
wpa_supplicant.conf can be used to set the preferred order of groups. By
default, all implemented groups are enabled.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
e056f93e60 Update copyright notices to include year 2013
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
a46d72d7d7 SAE: Maintain EC group context in struct sae_data
This can be used to share same EC group context through the SAE
exchange.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
aadabe7045 SAE: Use crypto wrappers instead of direct OpenSSL calls
This makes the SAE implementation independent of the crypto/bignum
library.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
d136c376f2 SAE: Add support for Anti-Clogging mechanism
hostapd can now be configured to use anti-clogging mechanism based on
the new sae_anti_clogging_threshold parameter (which is
dot11RSNASAEAntiCloggingThreshold in the standard). The token is
generated using a temporary key and the peer station's MAC address.
wpa_supplicant will re-try SAE authentication with the token included if
commit message is rejected with a token request.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
dd43026a19 SAE: Rename state variables to match IEEE 802.11 standard
The enum values for struct sae_data::state now match the protocol
instance states as defined in IEEE Std 802.11-2012, 11.3.8.2.2

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
47b55a3ef5 SAE: Use PMK in 4-way handshake
Use the PMK that is derived as part of the SAE authentication in the
4-way handshake instead of the PSK.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
f2e9818f73 SAE: Add processing of the confirm message
This adds validation of the received confirm messages for SAE.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
fb8fcc2950 SAE: Add generation of the confirm message fields
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
146f6c9a00 SAE: Add processing of the commit message
This adds validation of the received commit messages and key derivation
for SAE.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
8e31e9550a SAE: Add generation of the commit message fields
This adds derivation of PWE and the needed commit values so that the
full SAE commit message can be built.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
98efcc4176 SAE: Use a shared data structure for AP and station
This makes it easier to share common functions for both roles.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
22760dd947 Prepare for hostapd/wpa_supplicant v2.0 release
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:42:53 +02:00
Jouni Malinen
d03f1e5d63 eapol_test: Allow full RADIUS attribute length to be used
The -N and -C command line parameters can be used to add arbitrary
RADIUS attributes to the messages. However, these were truncated to
about 128 bytes when the actually message was constructed. Fix this by
using larger buffers to allow the maximum attribute length (253 octets
of payload) to be used. [Bug 458]

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 12:39:27 +02:00
Jouni Malinen
42ad72029f eapol_test: Fix extra RADIUS attribute allocation
The sizeof(ptr) use here was not correct and resulted in too small
memory block getting allocated for the -N command line argument.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 12:32:43 +02:00
Janusz Dziedzic
bca06366a9 wpa_supplicant: Save frequency configuration parameter
In case of wpa_supplicant IBSS and AP modes after we will call wpa_cli
save command we should also save configured frequency. In other case
after wpa_supplicant restart we have frequency = 0 and AP start will
fail.

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2013-01-12 10:23:45 +02:00
Jouni Malinen
190e39d9cb Interworking: Do not schedule new scan if process is terminating
The GAS query compilation callback may happen after the wpa_supplicant
process has been requested to terminate. Avoid scheduling a new eloop
timeout for a scan in such a case.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-01-07 18:44:46 +02:00
Jouni Malinen
569d43c7ae Interworking: Do not share ANQP info if none was received
Verify that the other BSS has actually received some valid ANQP
information before sharing the results from it. This fixes potential
issues with cases where some of the APs with the same HESSID has invalid
ANQP configuration.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-01-07 18:41:51 +02:00
Jouni Malinen
d1ec319f12 Interworking: Continue ANQP fetch after TX failure
If the driver rejected any of the offchannel Action frame TX requests,
the previous implementation terminated ANQP fetch process. While the
driver should not really reject the request normally, it is possible
that a request gets rejected for some reason. Allow the fetch process to
continue with the next AP in such case to avoid breaking networking
selection. This could result, e.g., in auto_interworking=1 process
failing to connect if any the driver rejects requests to any of the APs
in the scan result even if some other APs provided suitable information.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-01-07 18:38:09 +02:00
Jouni Malinen
2cd6af9c93 Update ChangeLog files to match the current implementation
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-28 17:01:32 +02:00
Jouni Malinen
e4296380e0 Remove unused wpa_scan_get_vendor_ie_multi_beacon()
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-27 12:31:06 +02:00
Jouni Malinen
2c09af3068 Add Doxygen documentation for functionality related to scanning
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-27 12:29:05 +02:00
Jouni Malinen
2474ce4542 Document bgscan configuration options
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-25 20:43:07 +02:00
Jouni Malinen
1cfc678723 Remove reassociated_connection variable
This was used to select between "(auth)" and "(reauth)" in
CTRL-EVENT-CONNECTED events. However, the variable was not cleared
anywhere else apart from the AP deinit case. As such, it did not really
provide correct information and is not really of much use even with
proper clearing added. As such, it is cleaner to just get rid of this
altogether.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-25 19:51:04 +02:00
Jouni Malinen
6350a148c4 P2P: Be more careful with wpa_config_update_psk() call
Commit bb4d4deb4b introduced a code path
that could potentially end up calling wpa_config_update_psk() with NULL
passphrase. While that may not happen in practice, it is better to make
sure it doesn't happen since that function will dereference the
passphrase pointer unconditionally.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-25 19:35:15 +02:00
Masashi Honma
bb4d4deb4b P2P: Allow PSK to be used instead of passphrase for persistent GO
This continues optimizations for use of CPU heavy pbkdf2_sha1() in GO
setup after the earlier commit 30c371e8a5
by allowing PSK to be used instead of passphrase when creating
persistent group information manually for the GO.

It should be noted that this would not meet the requirements in the P2P
specification (GO shall maintain the passphrase), so this should be used
only when there is no need to allow manual configuration of legacy STAs
using the passphrase.

Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
2012-12-25 14:15:07 +02:00
Pandiyarajan Pitchaimuthu
602c6b8340 Android: Stop/restart supplicant scan on PNO start/stop
Cancel the existing supplicant scan and start a new supplicant
scan on PNO start and stop respectively. This makes sure that
supplicant scan is in progress when the device resumes.

Signed-off-by: Pandiyarajan Pitchaimuthu <c_ppitch@qca.qualcomm.com>
2012-12-25 13:54:21 +02:00
Yoni Divinsky
3dfd0484fc P2P: Consider age for the P2P scan results
cfg80211 caches the scan results according the channel number. Due to
the 15 sec aging this might cause the user mode to see more than one
scan result with the same BSSID, e.g. - one scan result for the
P2P Device and one for the P2P GO (once it's enabled).

Fix this by updating the device entry only if the new peer entry is
newer than the one previously stored.

Signed-off-by: Yoni Divinsky <yoni.divinsky@ti.com>
Signed-off-by: Victor Goldenshtein <victorg@ti.com>
Signed-off-by: Igal Chernobelsky <igalc@ti.com>
Signed-hostap: Arik Nemtsov <arik@wizery.com>
2012-12-25 11:22:42 +02:00
Eliad Peller
d125df25e4 ctrl_iface: Check for ongoing sched_scan on SCAN command
The first "if" in the SCAN command handling didn't check properly for
sched_scan, causing the sched_scan and scan to run concurrently, instead
of cancelling the ongoing sched scan (which is handled by the "else if"
later).

Signed-hostap: Eliad Peller <eliad@wizery.com>
2012-12-23 12:52:40 +02:00
Jouni Malinen
2049a875bc WNM: Additional BSS Transition Management capability
Add some more functionality for BSS Transition Management:
- advertise support for BSS Transition Management in extended
  capabilities element
- add hostapd.conf parameter bss_transition=1 for enabling support
  for BSS Transition Management
- add "hostapd_cli disassoc_imminent <STA> <num TBTTs>" for sending
  disassociation imminent notifications for testing purposes
- wpa_supplicant: trigger a new scan to find another BSS if the
  current AP indicates disassociation imminent (TODO: the old AP needs
  to be marked to use lower priority to avoid re-selecting it)

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-22 20:27:30 +02:00
Jouni Malinen
03e47c9c3a Share a single function for building extended capabilities element
This makes it easier to update extended capabilities for all uses
within wpa_supplicant.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-22 19:17:15 +02:00
Masashi Honma
ed2e61fe91 WPS_NFC: Fix typos in comments
Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
2012-12-22 15:25:51 +02:00
Jouni Malinen
27c77751f7 WNM: Fix BSS Transition Management Request processing
The WNM-Sleep Mode handler took over WNM Action frame processing without
addressing the previously implemented WNM handler. Fix this by moving
the BSs Transition Management processing into wnm_sta.c to share a
single handler function for WNM Action frames.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-22 12:02:15 +02:00
Jouni Malinen
a38fdf1c69 Document gas_query.c functions
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-22 11:59:26 +02:00
Jouni Malinen
2f3101d8df Move some P2P offchannel operations to offchannel.c
There is no need for p2p_supplicant.c to access wpa_s->pending_action_tx
so move these references to offchannel.c to get a bit cleaner interface
between the components.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-22 11:22:12 +02:00
Jouni Malinen
b4419c62ad Document offchannel Action frame TX functions
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-22 11:06:56 +02:00
Jouni Malinen
3ab35a6603 Extend EAPOL frames processing workaround for roaming cases
Commit 1ff733383f added a mechanism to
work around issues due to association events and EAPOL RX events being
getting reordered. However, this applied only for the case where
wpa_supplicant is not in associated state. The same issue can happen in
roaming case with drivers that perform BSS selection internally (or in
firmware). Handle that case similarly by delaying received EAPOL frame
processing if the source address of the EAPOL frame does not match the
current BSSID.

Since wired IEEE 802.1X do not have BSSID, make this additional
workaround conditional on BSSID match having been observed during the
previous association.

This fixes issues where the initial EAPOL frame after reassociation was
either dropped (e.g., due to replay counter not increasing) or replied
to with incorrect destination address (the BSSID of the old AP). This
can result in significantly more robust roaming behavior with drivers
that do not use wpa_supplicant for BSS selection.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-21 21:35:35 +02:00
Jouni Malinen
318e772ad1 WPS: Update configuration file after re-enabling networks
Network blocks are disabled during a WPS provisioning step and 10
seconds after this to allow the newly provisioned network to be
selected. The disabled=1 flag gets written to the configuration file
when the credential is added since it happens during this process.
Update the file again after the networks have been re-enabled to avoid
leaving the configuration file into state that is not consistent with
the running configuration.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-21 20:11:26 +02:00
Sunil Dutt
6fbcbc07e4 WPS: Optimize post-WPS scan even if EAP-Failure is not received
Commit 17a4734dc4 shall optimize the
post-WPS scan based on the channel used during the provisioning only
when the EAP-Failure frame is received. In cases where the EAP-Failure
frame is missed, this optimization shall not happen resulting in the
scan in all the channels thus consuming more time for the connection.
This commit enhances this by storing the requisite information after
the M8 frame is received.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-21 15:30:39 +02:00
Jouni Malinen
2ec535fd37 WNM: Add option to disable keep-alive frames for testing purposes
"wpa_cli set no_keep_alive 1/0" can now be used to disable/enable
keep alive frames to enable testing.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-18 16:57:52 +02:00
Jouni Malinen
41014724e2 Fix CONFIG_NO_WPA build with TLS
The SHA1 and MD5 functions need to be included in builds that use TLS
even if WPA support is removed.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-18 15:16:00 +02:00
Jouni Malinen
77d7b090e0 Remove compiler warning on CONFIG_NO_WPA build
wpa_supplicant_set_rekey_offload() is used only if CONFIG_NO_WPA is not
defined.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-18 15:14:54 +02:00
Ben Greear
c8d22af88f wpa_supplicant: Document HT capability overrides
Signed-off-by: Ben Greear <greearb@candelatech.com>
2012-12-18 14:49:35 +02:00
Ben Greear
a90497f85f wpa_supplicant: Allow user to disable short guard interval (SGI)
Requires Linux kernel patch to make the SGI-20 properly disabled. SGI-40
will already work since Linux 3.4 or so.

Signed-hostap: Ben Greear <greearb@candelatech.com>
Signed-off-by: Ben Greear <greearb@candelatech.com>
2012-12-18 14:45:09 +02:00
Vladimir Kondratiev
7829894c21 Introduce 60 GHz band
Basic support for the 60 GHz band. Neither P2P nor WPS are yet taken
care off. Allows to start AP with very simple config:

network={
        ssid="test"
        mode=2
        frequency=60480
        key_mgmt=NONE
}

Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-18 11:50:35 +02:00
Jouni Malinen
058da39cc9 P2P: Add more complete description of p2p_cancel
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-18 11:13:51 +02:00
Jouni Malinen
50178335bf P2P: Allow p2p_cancel to be used to stop p2p_connect-join operation
p2p_cancel did not properly cancel a pending p2p_connect-join operation.
Address the different steps in that process: initial scan, Provision
Discovery exchange before connection, and WPS provisioning step
(including the scans before WPS).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-18 10:39:34 +02:00
Jouni Malinen
03c961e542 Interworking: Default to EAP-MSCHAPv2 with EAP-PEAP
If the NAI Realm list indicates that EAP-PEAP is used, use EAP-MSCHAPv2
as the Phase 2 method by default if the NAI Realm list does not specify
the tunneled method.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-17 23:27:15 +02:00
Jouni Malinen
953d25ca5f HS 2.0: Fix sp_type check in ctrl_iface status command
Commit e99b4f3a14 added functionality to
check whether the current association is with the home SP. This commit
did not take into account that the domain name ANQP information could be
NULL and that could result to a NULL pointer dereference. Fix that by
validation that domain_names != NULL before calling
domain_name_list_contains().

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-17 12:12:13 +02:00
Jouni Malinen
5d247692f6 Fix wpa_supplicant CONFIG_AP=y build with WNM enabled
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-16 19:31:36 +02:00
Jouni Malinen
14df897c7a WNM: Fix memory leak on error path
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-16 19:31:25 +02:00
Jouni Malinen
ad3872a372 WNM: Use CONFIG_WNM more consistently
Replace CONFIG_IEEE80211V with CONFIG_WNM to get more consistent build
options for WNM-Sleep Mode operations. Previously it was possible to
define CONFIG_IEEE80211V without CONFIG_WNM which would break the build.
In addition, IEEE 802.11v has been merged into IEEE Std 802.11-2012 and
WNM is a better term to use for this new functionality anyway.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-16 18:22:54 +02:00
Jouni Malinen
74b4a3606d WNM: Split WNM-Sleep Mode Response processing into separate functions
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-16 13:05:19 +02:00
Jouni Malinen
df80a0ccff WNM: Use defined macros for WNM-Sleep Mode Action Type values
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-16 12:57:38 +02:00
Jouni Malinen
0a47a6a747 WNM: Remove unnecessary extra indentation level
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-16 12:51:02 +02:00
Jouni Malinen
68db9ab047 WNM: Fix GTK/IGTK parsing for WNM-Sleep Mode Response frame
These fields do not use AES keywrap. Instead, they are protected with
management frame protection (and not included if PMF is disabled).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-16 12:48:34 +02:00
Jouni Malinen
e6955ba9f9 WNM: Add WNM-Sleep Mode into Extended Capabilities element
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-16 12:45:59 +02:00
Jouni Malinen
62f6fbb480 WNM: Accept GTK update version of WNM-Sleep Response status
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-16 12:33:55 +02:00
Jouni Malinen
e0c54a159b WNM: Use Dialog Token value 1 in WNM-Sleep Mode Request
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-16 12:32:53 +02:00
Jouni Malinen
cd0ef65784 WNM: Add option for passing TFS request from external programs
The optional tfs_req=<hex dump> parameter can be added for the wnm_sleep
command to specify the TFS request element to use in the WNM-Sleep Mode
Request frame.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-16 12:31:16 +02:00
Jouni Malinen
61c54976f5 WNM: Remove unnecessary path component from includes
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-16 12:29:44 +02:00
Jouni Malinen
e9199e3149 WNM: Add ctrl_iface command for sending WNM-Sleep Mode Request
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-16 12:29:10 +02:00
Jouni Malinen
2dfb9a447c WNM: Fix CONFIG_WNM use in Makefile
This code was within ifdef CONFIG_AP and did not get included unless
AP mode support was also enabled.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-16 12:28:19 +02:00
Jouni Malinen
9af431035f WNM: Remove unused variable
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-16 12:27:38 +02:00
Jouni Malinen
dbea8ac7ab Interworking: Allow SSID-based network exclusion for credentials
The new excluded_ssid parameter within a cred block can be used to
excluded networks from matching with credentials.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-16 12:01:50 +02:00
Jouni Malinen
9aae09f196 Interworking: Fix cred saving
Number of cred block fields were not saved when wpa_supplicant is
writing the configuration file.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-16 12:00:52 +02:00
Jouni Malinen
2047e596ec Interworking: Default to TTLS/MSCHAPv2 for NAI Realm list matching
If the AP does not advertize EAP parameters, default to TTLS/MSCHAPv2
when using username/password credentials.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-16 12:00:06 +02:00
Jouni Malinen
f5f37d3a4f Fix REAUTHENTICATE command after PMKSA caching
The current PMKSA cache entry needs to be clear to allow EAPOL
reauthentication to be started in case this association used PMKSA
caching.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-25 22:05:32 +02:00
Jouni Malinen
1a2d22a242 Remove unneeded header file inclusion
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-25 17:06:38 +02:00
Jouni Malinen
9796a86c23 Use a shared function for requesting a new connection
Both the ctrl_iface and D-Bus interface use similar functionality to
request a new connection. Combine these to a single function to avoid
need to maintain duplicated implementation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-25 16:30:30 +02:00
Jouni Malinen
c27a94f765 Remove unused function prototype
This function was not added, so the prototype should not have been here
either.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-25 16:27:19 +02:00
Jouni Malinen
f1a5263389 Maintain maximum blacklist count over list clear operations
wpas_connection_failed() uses the blacklist count to figure out a
suitable time to wait for the next scan. This mechanism did not work
properly in cases where the temporary blacklist gets cleared due to no
other BSSes being available. Address this by maintaining an additional
count of blacklisting values over wpa_blacklist_clear() calls. In
addition, add one more step in the count to timeout mapping to go to 10
second interval if more than four failures are seen.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-25 16:20:44 +02:00
Jouni Malinen
4115303bbe Document wpa_s->scan_req
Use an enum with documented values to make it easier to understand how
wpa_s->scan_req is used.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-25 15:55:32 +02:00
Jouni Malinen
215ae884d6 Mark sme_send_authentication() static
This function is not used outside sme.c.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-25 15:47:43 +02:00
Jouni Malinen
5cc7032239 P2P: Avoid multi-channel scans when they are not needed
If the driver does not support multi-channel concurrency and a virtual
interface that shares the same radio with the current interface is
operating there may not be need to scan other channels apart from the
current operating channel on the other virtual interface. Filter out
other channels in case we are trying to find a connection for a station
interface when we are not configured to prefer station connection and a
concurrent operation is already in process.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-25 12:47:43 +02:00
Jouni Malinen
3c8e4ec012 Interworking: Enable key_mgmt WPA-EAP-SHA256 if PMF is enabled
If the global pmf=1/2 parameter is used to enable PMF for Interworking
networks, add WPA-EAP-SHA256 to the temporary network block to allow
connection to PMF required APs.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-24 22:31:17 +02:00
Jouni Malinen
62d4980331 Allow PMF to be enabled by default
Previously, PMF (protected management frames, IEEE 802.11w) could be
enabled only with a per-network parameter (ieee80211w). The new global
parameter (pmf) can now be used to change the default behavior to be PMF
enabled (pmf=1) or required (pmf=2) for network blocks that do not
override this with the ieee80211w parameter.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-24 22:21:29 +02:00
Amitkumar Karwar
368b1957a6 Allow OBSS scan and 20/40 coex reports to non-SME drivers
We enable this feature for non-SME drivers as well if
they explicitly indicate need for it.

Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
2012-11-24 18:08:48 +02:00
Robert Shade
bff954e9a2 Verify that the selected BSS has a better signal level before roaming
This prevents situations like the following where we roam to a
lesser quality BSS just because the signal level delta is over our
threshold.

wlan0: Considering within-ESS reassociation
wlan0: Current BSS: 00:24:6c:74:0a:40 level=-51
wlan0: Selected BSS: 00:24:6c:74:0a:e0 level=-64
wlan0: Request association: reassociate: 0  selected: 00:24:6c:74:0a:e0
    bssid: 00:24:6c:74:0a:40  pending: 00:00:00:00:00:00  wpa_state: COMPLETED

Signed-hostap: Robert Shade <robert.shade@gmail.com>
2012-11-24 17:17:50 +02:00
Jouni Malinen
e99b4f3a14 HS 2.0: Add Home SP FQDN and roaming/home to status command
This allows the ctrl_iface STATUS information to be used to determine
which Home SP credential (domain in the cred block) was used and whether
the network is operated by the home SP.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-24 12:24:40 +02:00
Jouni Malinen
9afe52eb92 HS 2.0: Add REMOVE_CRED sp_fqdn=<FQDN> command
This allows credential entries to be removed based on SP FQDN without
having to iterate through the configured entries from an external
program to figure out which credentials should be removed for a specific
SP.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-24 12:24:37 +02:00
Jouni Malinen
736d4f2d77 HS 2.0: Remove temporary network block on cred block removal
If the credential that was used to create a temporary HS 2.0 network
block is removed, remove the network block, too.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-24 12:24:34 +02:00
Jouni Malinen
d49ea68284 Android: Force group access to ctrl_iface directory
wpa_supplicant is started from /init.*.rc on Android and that seems
to be using umask 0077 which would leave the control interface
directory without group access. This breaks things since Wi-Fi
framework assumes that this directory can be accessed by other
applications in the wifi group. Fix this by adding group access even
if umask value would prevent this.

In most cases, this issue was not hit since the control interface
directory is normally created by that same init.*.rc file with suitable
mode and wpa_supplicant is killed in the way that does not allow it to
remove the file. However, if wpa_supplicant is allowed stop cleanly, it
will remove the directory and the next start could result with the Wi-Fi
framework not being able to use Wi-Fi (and GUI not showing Wi-Fi getting
enabled).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-23 17:06:36 +02:00
Sunil Dutt
6b947db103 P2P: Remove PD-before-join-timeout mechanism
The PD Request retry limit can be used to achieve the same behavior,
so drop this duplicated timeout mechanism and control the timeout
based on MAX_PROV_DISC_REQ_RETRIES.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-23 01:15:51 +02:00
Jouni Malinen
175171ac6c P2P: Retry PD Request in join-a-running-group case
The GO may be in sleep when we send a PD Request frame to indicate that
we are about to join a running group. Previously, this frame was not
retried more than normal low level retries. This can result in the GO
not getting the frame especially in cases where concurrent multi-channel
operations or aggressive sleep schedule is used since most drivers do
not yet synchronize with the GO's NoA before association.

Increase the likelihood of the GO receiving the PD Request frame by
retransmitting it similarly to the PD-for-GO-Negotiation case. Start
the actual join operation only after these retries have failed to get
an acknowledgment from the GO to give the connection attempt a chance
to succeed if the driver implements better NoA synchronization for it.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-23 00:53:42 +02:00
Sunil Dutt
6752716663 P2P: Set user_initiated_pd separately from the join parameter
p2p_prov_disc_req() used the join parameter to figure out whether the PD
request was a user initiated or not. This does not cover all use cases
of PD, so add a separate parameter to allow caller to indicate whether
the user requested the operation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-23 00:48:58 +02:00
Jouni Malinen
16e38f2e34 Android: Fix AP builds to include the new eap_user_db.c
This is needed to fix the builds after commit
ee431d77a5.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-21 17:55:36 +02:00
Vladimir Kondratiev
9c6f8cb9c8 Fix wpa_supplicant compilation after adding eap_user database
Commit ee431d77a5 broke wpa_supplicant
compilation:

../src/ap/ieee802_1x.o: In function `ieee802_1x_get_eap_user':
/../src/ap/ieee802_1x.c:1689: undefined reference to `hostapd_get_eap_user'
collect2: error: ld returned 1 exit status
make: *** [wpa_supplicant] Error 1

Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
2012-11-21 17:49:47 +02:00
Jouni Malinen
af1dff8c9f wpa_cli: Accept more arguments for set_network
Some network parameters, e.g., auth_alg and eap use a space separated
list of values without quotation marks. To allow these to be entered
from the interactive mode, change set_network command to allow more than
three arguments.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-19 14:04:42 +02:00
Jouni Malinen
1ae1570b5f Update ChangeLog files to match the current implementation
This commit adds description of the main changes from the forking of
hostap-1.git for 1.x releases to the current master branch snapshot.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-18 21:30:38 +02:00
Jouni Malinen
1ce0aa044c Remove unused disassociate() driver_ops
Commits 07783eaaa0 and
3da372fae8 removed the only users of the
disassociate() driver operation, so these driver wrapper functions can
also be removed now.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-15 00:06:12 +02:00
Jouni Malinen
d2901915e7 Fix forgotten no-CONFIG_WPS=y wrapper
Commit 620c783753 modified
wpas_wps_ssid_wildcard_ok() prototype, but forgot to update the
non-WPS-build wrapper. Fix that to match with the new bss parameter
type and remove the now unused declaration of wpa_scan_res.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-14 13:05:53 +02:00
Jouni Malinen
6e2020210a Allow OKC to be enabled by default
Previously, OKC (opportunistic key caching, a.k.a. proactive key
caching) could be enabled only with a per-network parameter
(proactive_key_caching). The new global parameter (okc) can now be used
to change the default behavior to be OKC enabled (okc=1) for network
blocks that do not override this with the proactive_key_caching
parameter.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-12 20:07:53 +02:00
Jouni Malinen
8713a2e6ff P2P: Avoid extra group interface creation on GO reinvocation
If separate group interfaces are used, the pending group interface got
removed unnecessarily when stopping find operations when accepting an
invitation to reinvoke the group in GO role. This resulted in the group
interfaces getting created twice. Avoid this unnecessary extra operation
by skipping removal of the pending interface in the reinvocation
sequence.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-11 20:45:27 +02:00
Pawel Kulakowski
548f100384 bgscan_learn: Prevent infinite busy looping
In highly congested network (BSSes almost on every channel
within ESS) we have hit a bug when wpa_supplicant become
completly irresponsive, infinite looping on while loop.

When probe_idx was equal 0 and we are not able to probe
new frequency, following condition were never fulfilled:
"if (!in_array(freqs, data->supp_freqs[idx]))"

Signed-hostap: Pawel Kulakowski <pawel.kulakowski@tieto.com>
2012-11-11 16:26:36 +02:00
Robert Shade
99276998fa dbus: Do not quote scan_freq and freq_list
scan_freq and freq_list are not parsed by wpa_config_parse_freqs if
quoted.

Signed-hostap: Robert Shade <robert.shade@gmail.com>
2012-11-11 16:21:16 +02:00
Jouni Malinen
c7deed7401 Fix a typo in a comment
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-11 16:09:36 +02:00
Jouni Malinen
207fb86411 WPS: Remove deprecated UFD config method and OOB ctrl_iface
The UFD (USB flash drive) configuration method was deprecated in WSC
2.0. Since this is not known to be used, remove the UFD implementation
from hostapd and wpa_supplicant to allow the WPS implementation to be
cleaned up. This removes the now unused OOB operations and ctrl_iface
commands that had already been deprecated by the new NFC operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-11 13:01:06 +02:00
Masashi Honma
30c371e8a5 P2P: Reduce redundant PSK generation for GO
The PSK generation done by pbkdf2_sha1() is one of the longest CPU time
users according to our profiling from boot to GO started.

So I have reduced some steps.

I could boot a GO by this command sequence.
-------------
add_net
set_network 0 ssid '"DIRECT-XX"'
set_network 0 psk
'"123456789012345678901234567890123456789012345678901234567890123"'
set_network 0 proto RSN
set_network 0 key_mgmt WPA-PSK
set_network 0 pairwise CCMP
set_network 0 auth_alg OPEN
set_network 0 mode 3
set_network 0 disabled 2
p2p_group_add persistent=0 freq=2412
-------------

By this sequence, pbkdf2_sha1() was called three times and the function
calculates the same value each time. Reduce number of calls to
pbkdf2_sha1() from 3 to 1 by caching the previous result.

Signed-hostap: Masashi Honma <masashi.honma at gmail.com>
2012-11-11 11:39:24 +02:00
Paul Stewart
45ac5793fc new_dbus_handlers: Clear errno
There are a few instances where dbus handlers test the value
of errno to test whether strtoul completes successfully.
Since strtoul does not clear errno, and there's no strong
reason to suspect that errno is already clear, it is safer
to clear it right before calling strtoul.  Also, any failure
in strtoul (setting errno non-zero) should be considered a
failure.

While testing using dbus-send, I found that a malformed
network path can cause a crash due to net_id being left
NULL.  We should test for this before calling strtoul
on it.

Tested with:

dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
    /fi/w1/wpa_supplicant1/Interfaces/0 \
    org.freedesktop.DBus.Properties.Get \
    string:fi.w1.wpa_supplicant1.Interface string:Networks
dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
   /fi/w1/wpa_supplicant1/Interfaces/0 \
   fi.w1.wpa_supplicant1.Interface.RemoveNetwork \
   objpath:/fi/w1/wpa_supplicant1/Interfaces/0/Networks/0
dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
   /fi/w1/wpa_supplicant1/Interfaces/0 \
   fi.w1.wpa_supplicant1.Interface.RemoveNetwork \
   objpath:/fi/w1/wpa_supplicant1/Interfaces/0/Networks/0
dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
   /fi/w1/wpa_supplicant1/Interfaces/0 \
   fi.w1.wpa_supplicant1.Interface.RemoveNetwork \
   objpath:/fi/w1/wpa_supplicant1/Interfaces/0

Signed-hostap: Paul Stewart <pstew@chromium.org>
intended-for: hostap-1
2012-11-11 11:18:31 +02:00
Jouni Malinen
1e8a6e7553 Remove unused wpa_supplicant_disassociate()
This function is now unused after the last couple of commits that
removed the last uses, so remove this to keep code simpler since all
places that disassociate, can use deauthentication instead.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-05 17:05:37 +02:00
Jouni Malinen
07783eaaa0 Use deauthentication instead of disassociation if not associated
cfg80211/mac80211 may reject disassociation command if association has
not yet been formed. Use deauthentication in cases where it is possible
that we are associating at the moment the command is issued.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-05 16:58:00 +02:00
Jouni Malinen
42d235477f Use wpa_drv_{disassociate,deauthenticate} while waiting for connection
wpa_supplicant_{disassociate,deauthenticate}() need to inform the driver
about decision to disconnect even if this happens during the time when
the driver is still trying to complete association. During that time,
wpa_s->bssid is not set, so the code in these functions needs to figure
out the correct BSSID based on that field or wpa_s->pending_bssid. In
addition, it is possible that the BSSID is not even known at
wpa_supplicant at this point in time when using drivers that perform BSS
selection internally. In those cases, the disconnect command needs to be
sent to the driver without the BSSID.

This fixes issues where the driver (or cfg80211 in particular) may be
left in mismatching state with wpa_supplicant when disconnection (e.g.,
due to a ctrl_iface command) happens between connection request and
association event.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-05 16:57:57 +02:00
Jouni Malinen
e50d01b4f1 WPS: Add support for NFC connection handover with nfcpy
This helper script can now handle both reading of a NFC tag and
initiation of NFC connection handover if a peer NFC device is touched.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-04 16:04:42 +02:00
Jouni Malinen
dab710c4d0 WPS: Move NFC tag processing into a separate function
This makes it cleaner to add processing of other NFC operations to the
python script.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-04 15:56:46 +02:00
Jouni Malinen
ec4f5a37b8 WPS: Move wpactrl setup into a separate function
This makes it easier to share this functionality for new NFC use cases.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-04 15:53:33 +02:00
Jouni Malinen
d4f612b7dd WPS: Add an example python script for NFC operations
wps-nfc.py uses nfcpy and python-wpactrl to provide NFC tag information
to wpa_supplicant for WPS operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-03 22:43:15 +02:00
Sven Neumann
caff399250 dbus: Add getter for WPS properties
Add "WPS" property to the DBus interface that allows to
identify the active WPS method of a BSS.

Signed-hostap: Sven Neumann <s.neumann@raumfeld.com>
2012-11-03 18:38:51 +02:00
Jouni Malinen
10737aba22 Handle assoc reject events without wpa_supplicant SME
If the driver indicates the association (or authentication) was
rejected, wpa_supplicant should handle this connection failure similarly
to other cases. Previously, this was only handled with drivers that use
wpa_supplicant SME.

In case of cfg80211-based drivers, a rejected association was actually
already handled since cfg80211 generates a deauthentication event after
indicating connection failure. However, rejected authentication resulted
in wpa_supplicant waiting for authentication timeout to expire which is
unnecessary long wait.

Fix this by calling wpas_connection_failed() to use the common mechanism
to reschedule a new connection attempt with the previously attempted
BSSID blacklisted.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-03 13:50:17 +02:00
Sasha Levitskiy
5ff2c7faed Add parameter checking and error reporting to wpa_blacklist API
Signed-off-by: Sasha Levitskiy <sanek@google.com>
2012-11-01 20:41:27 +02:00
Jouni Malinen
b363121a20 WPS: Reject invalid credential more cleanly
If WPS Registrar tries to provision a WPA/WPA2-Personal network without
including a valid Network Key, the network block cannot be used to
connect to the network. Reject such credential without adding the
network block. This makes wpa_supplicant send WSC_NACK as a response to
the invalid Credential and stop the provisioning process immediately
rather than only after trying unsuccessfully to connect to the network.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-01 16:30:35 +02:00
Jouni Malinen
8c9ad085e9 P2P: Relax Bonjour SD query matching
The DNS Name is allowed to use or not use domain name compression. To
handle both cases, check human readable DNS Name match if binary
matching does not show a hit.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-31 18:25:30 +02:00
Jouni Malinen
560f8bda8c P2P: Support multiple P2P SD Bonjour services with same key
There may be multiple Bonjour PTR matches for the same key, so extend
the P2P SD code for this to allow such entries to be added (i.e., do not
override previously added value, but add a new one). Similarly, return
multiple matches (one per Service TLV) for a query if it happens to
match more than a single configured Bonjour service.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-31 13:01:43 +02:00
Jouni Malinen
96beff11d1 P2P: Allow discoverable interval for p2p_find to be configured
The new P2P_SET parameter disc_int can now be used to configure
discoverable interval for p2p_find operations. The format of the command
for setting the values is "P2P_SET disc_int <minDiscoverableInterval>
<maxDiscoverableInterval> <max TUs for discoverable interval>". The
first two parameters are given in units of 100 TUs (102.4 ms). The third
parameter can be used to further limit the interval into a specific TU
amount. If it is set to -1, no such additional limitation is enforced.
It should be noted that the P2P specification describes the random
Listen state interval to be in units of 100 TUs, so setting the max TU
value to anything else than -1 is not compliant with the specification
and should not be used in normal cases. The default parameters can be
set with "P2P_SET disc_int 1 3 -1".

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-30 15:12:04 +02:00
Jouni Malinen
23270cd8f5 Restore wpa_s->scan_req if scan trigger fails
If the driver rejects the scan request while handling an external
requested scan (e.g., SCAN command on ctrl_iface), wpa_s->scan_req gets
cleared in wpa_supplicant_scan(). This can results in issues when the
scheduled re-try of the scan in one seconds trigger another call to this
function. If ap_scan==2 mode is used, this would result in new
association attempt instead of a new scan. Avoid this by restoring value
of wpa_s->scan_req in case the scan trigger fails and a new scan attempt
is scheduled.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-30 12:27:05 +02:00
Jouni Malinen
340f1c48f7 P2P: Clear pending_pd_before_join on PD timeout
wpas_p2p_pd_before_join_timeout() needs to clear the
pending_pd_before_join flag to match other uses of this flag prior to
calling wpas_p2p_join_start(). Without this, the flag could be left set
which can cause following P2P operations to behave in unexpected ways.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-29 16:25:02 +02:00
Jouni Malinen
d76cd41a3a P2P: Allow separate P2P group interface use to be disabled
The new p2p_no_group_iface=1 configuration parameter can now be used to
disable the default behavior of adding a separate interface for the P2P
group when driver support for concurrent interfaces is available.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-29 15:02:30 +02:00
Jouni Malinen
5fbddfdcf1 P2P: Fix default p2p_group_idle timeout for P2P client role
Commit 0d30cc240f forced
wpa_s->current_ssid to be cleared in wpa_supplicant_mark_disassoc()
which gets called from wpa_supplicant_event_disassoc(). This breaks the
P2P group idle mechanism for the case where p2p_group_idle is not set
(i.e., is the default 0) since wpas_p2p_group_idle_timeout() ignores the
timeout in that case if the interface is not recognized as a client
interface (which was based on wpa_s->current_ssid being set).

Fix this by making wpas_p2p_is_client() default to client case if
wpa_s->current_ssid is NULL. This is much more likely case since the P2P
GO mode operation would not really clear the pointer without explicit
request to disconnect.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-10-28 21:37:15 +02:00
Jouni Malinen
9f36eac6e5 WPS: Remove old OOB NFC interface
The old WPS interface for using NFC has no known deployments and even
the binary libraries referenced here are not easily available anymore.
Since the new interface for using NFC with WPS covers the same
functionality, remove the old implementation to clean up WPS
implementation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-10-28 18:20:03 +02:00
Jouni Malinen
bd3a373767 WPS: Use AP Channel attribute in credential to speed up scan
When WPS is used with NFC connection handover, the AP may indicate its
operating channel within the credential information. Use this
informatiom, if present, to speed up the scan process.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-10-28 18:02:04 +02:00
Jouni Malinen
e65552ddf2 WPS: Add preliminary NFC connection handover support for Enrollee
This commit adds new wpa_supplicant ctrl_iface commands to allow
external programs to go through NFC connection handover mechanism
with wpa_supplicant taking care of the WPS processing. This version
includes only the case where wpa_supplicant is operating as a
station/Enrollee.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-10-28 17:39:46 +02:00
Jouni Malinen
04a3e69dd1 P2P: Allow all channels with multi-channel concurrency
If the driver indicates support for multi-channel concurrency, change
the p2p_connect behavior to not force the current operating channel, but
instead, just mark it as preferred for GO Negotiation. This change
applies only for the case when the freq parameter is not used with the
p2p_connect command.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-26 18:10:46 +03:00
Jouni Malinen
f3989ced4f P2P: Add secondary device types into p2p_peer output
This allows the P2P_PEER command to be used to fetch the list of
secondary device types that each P2P peer has advertised.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-25 09:16:27 +03:00
Jouni Malinen
13ece96f70 P2P: Improve robustness against lost ctrl::ack frames
P2P includes two use cases where one of the devices is going to start a
group and likely change channels immediately after processing a frame.
This operation may be fast enough to make the device leave the current
channel before the peer has completed layer 2 retransmission of the
frame in case the ctrl::ack frame was lost. This can result in the peer
not getting TX status success notification.

For GO Negotiation Confirm frame, p2p_go_neg_conf_cb() has a workaround
that ignores the TX status failure and will continue with the group
formation with the assumption that the peer actually received the frame
even though we did not receive ctrl::ack. For Invitation Response frame
to re-invoke a persistent group, no such workaround is used in
p2p_invitation_resp_cb(). Consequently, TX status failure due to lost
ctrl::ack frame results in one of the peers not starting the group.

Increase the likelihood of layer 2 retransmission getting acknowledged
and ctrl::ack being received by waiting a short duration after having
processed the GO Negotiation Confirm and Invitation Response frames for
the re-invocation case. For the former, use 20 ms wait since this case
has been worked around in deployed devices. For the latter, use 50 ms
wait to get even higher likelihood of getting ctrl::ack through since
deployed devices (and the current wpa_supplicant implementation) do not
have a workaround to ignore TX status failure.

20 ms is long enough to include at least couple of retries and that
should increase likelihood of getting ctrl::ack through quite a bit. The
longer 50 ms wait is likely to include full set of layer 2 retries.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-13 17:33:16 +03:00
Jouni Malinen
c423708f02 WPS: Allow PIN timeout to be specified with wpa_supplicant AP/GO
Extend the wpa_cli wps_pin command to support specification of the PIN
expiration time in seconds similarly to hostapd_cli wps_pin command when
using wpa_supplicant for AP mode (including P2P GO).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-10 17:22:35 +03:00
Jouni Malinen
7a808c7eb7 P2P: Allow P2P functionality to be disabled per interface
By default, P2P is enabled globally for all virtual interfaces and this
makes wpa_supplicant include WSC and P2P IEs in Probe Request frames for
all scans even if this is for a non-P2P station connection to speed up
device discovery. If an interface is dedicated for non-P2P station mode
operations, it is now possible to disable addition of WSC and P2P IEs
into Probe Request frames with a per-interface p2p_disabled parameter.
This can be set either in the configuration file (p2p_disabled=1) or at
run time ("wpa_cli -i wlan0 set p2p_disabled 1"). Unlike the previous
mechanism ("wpa_cli p2p_set disabled 1"), the new parameter changes the
behavior only for the specified interface while other interfaces
continue to follow the global P2P enabled/disabled state.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-10 13:08:23 +03:00
Jouni Malinen
d86a33853e Do not clear PMKSA cache on all network block parameter changes
The bssid and priority parameters in a network block do not have any
effect on the validity of a PMKSA cache entry, so avoid flushing the
PMKSA cache when only these parameters are changed. This is mainly
to allow forced roaming or network selection changes without causing
a disconnection if the changes are done during RSN association that
used EAP.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-09 13:06:37 +03:00
Jouni Malinen
c9a8221800 Filter out unlikely "pre-shared key may be incorrect" messages
Add a function to filter out known cases of disconnection during 4-way
handshake that are caused by something else than mismatch in PSK. This
commit adds the case where the local end determines a mismatch in
WPA/RSN element between Beacon/Probe Response frames and EAPOL-Key msg
3/4.

This can avoid some potentially confusing "WPA: 4-Way Handshake failed -
pre-shared key may be incorrect" ctrl_iface messages.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-08 17:49:54 +03:00
Jouni Malinen
21af6d15a8 SAE: Add Finite Cyclic Group negotiation and Send-Confirm
This replaces the previously used bogus test data in SAE messages with
the first real field. The actual SAE authentication mechanism is still
missing and the Scaler, Element, and Confirm fields are not included.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-10-06 19:30:54 +03:00
Jouni Malinen
6d22a377bd P2P: Fix network removal on P2P connect to select correct block
If wpa_s->current_ssid is not set (e.g., after disconnection that
did not result in immediate group removal), an incorrect group could
have been removed since the network block iteration here could select
the network block that is used to store persistent group credentials.
Fix this by verifying that disabled != 2 to avoid picking the network
block that could not have been the temporary P2P group.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-05 20:37:49 +03:00
Sunil Dutt
ec947ffcd8 WPS: Reenable the networks disabled during wpa_wpas_reassoc
During the association for the WPS handshake all the other configured
networks are disabled. This patch makes wpa_supplicant reenable the
disabled networks after the success/failure of the WPS handshake.

Signed-hostap: Sunil Dutt Undekari <duttus@codeaurora.org>
2012-10-04 21:11:04 +03:00
Jouni Malinen
485e3a9228 Interworking: Unshare ANQP results on explicit ANQP requests
When ANQP_GET or HS20_ANQP_GET is used to request ANQP information,
unshare the ANQP information (i.e., create a per-BSS copy of it) to
make sure the information from the specified BSS is available in case
the APs provide different information within HESSID.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-03 14:17:41 +03:00
Jouni Malinen
2edcd5046a HS 2.0: Include parsed WAN Metrics in RX-HS20-ANQP event
This adds parsed version of WAN Metrics information to the control
event message as follows:

RX-HS20-ANQP 02:00:00:00:01:00 WAN Metrics 01:8000:1000:80:240:3000

format: <WAN Info>:<DL Speed>:<UL Speed>:<DL Load>:<UL Load>:<LMD>
WAN Info: B0-B1: Link Status, B2: Symmetric Link, B3: At Capabity
   (encoded as two hex digits)
Downlink Speed: Estimate of WAN backhaul link current downlink speed in kbps;
	1..4294967295; 0 = unknown
Uplink Speed: Estimate of WAN backhaul link current uplink speed in kbps
	1..4294967295; 0 = unknown
Downlink Load: Current load of downlink WAN connection (scaled to 255 = 100%)
Uplink Load: Current load of uplink WAN connection (scaled to 255 = 100%)
Load Measurement Duration: Duration for measuring downlink/uplink load in
tenths of a second (1..65535); 0 if load cannot be determined

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-03 13:58:56 +03:00
Jouni Malinen
3385647da9 Fix build without CONFIG_WPS=y
Commit 620c783753 modified
wpas_wps_ssid_bss_match() prototype but forgot to update the non-WPS
wrapper inline function. Fix that to match with the new bss parameter
type.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-01 16:07:07 +03:00
Arik Nemtsov
a93a15bbfd P2P: Add a conf parameter to start a GO as HT40 if allowed
When specified in the conf file this parameter will make all invocations
of p2p_group_add, p2p_connect, and p2p_invite behave as if "ht40" has
been specified on the command line. This shouldn't do harm since
regulatory constraints and driver capabilities are consulted anyway
before starting HT40 mode.

Signed-hostap: Arik Nemtsov <arik@wizery.com>
2012-09-30 20:35:51 +03:00
Jouni Malinen
c10347f246 Add initial parts for SAE
This introduces new AKM for SAE and FT-SAE and adds the initial parts
for going through the SAE Authentication frame exchange. The actual SAE
algorithm and new fields in Authentication frames are not yet included
in this commit and will be added separately. This version is able to
complete a dummy authentication with the correct authentication
algorithm and transaction values to allow cfg80211/mac80211 drivers to
be tested (all the missing parts can be handled with
hostapd/wpa_supplicant changes).

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-30 19:51:07 +03:00
Dan Williams
1634ac0654 dbus: Add global capabilities property
Otherwise it's difficult to determine if the supplicant was built with
CONFIG_AP, CONFIG_IBSS_RSN, CONFIG_P2P, etc. CONFIG_AP and CONFIG_P2P
can be inferred from the introspection data of the Interface object,
but CONFIG_IBSS_RSN does not change the introspection data at all and
thus it's impossible to determine whether the supplicant supports it
without knowing its compile-time options.

Signed-hostap: Dan Williams <dcbw@redhat.com>
intended-for: hostap-1
2012-09-29 19:06:30 +03:00
Jouni Malinen
30b8038921 P2P: Fix p2p_cancel processing during group formation
The wpa_s->p2p_in_provisioning flag did not get cleared in some cases
where p2p_cancel command is used to stop group formation. This can result
in some operations (like p2p_find) failing afterwards. Fix this by using
wpas_group_formation_completed() when processing p2p_cancel for a group
that has not yet completed group formation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-28 22:01:48 +03:00
Jouni Malinen
93face0e06 Interworking: Support Android JB keystore with EAP-TLS
If the keystore:// prefix is used in the private_key entry, convert that
to the OpenSSL engine style configuration used for Android JB keystore.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-28 17:12:27 +03:00
Jouni Malinen
fa5c5b43e4 Interworking: Fix failed GAS query processing
The pending GAS entry must be removed from the list when it is removed.
This fixes an issue with potential segfault due to freed memory being
accessed if the driver fails to accept a GAS query.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-28 17:09:15 +03:00
Jouni Malinen
6407f4132f Add disallow_aps parameter to disallow BSSIDs/SSIDs
External programs can use this new parameter to prevent wpa_supplicant
from connecting to a list of BSSIDs and/or SSIDs. The disallowed BSSes
will still be visible in scan results and it is possible to run ANQP
operations with them, but BSS selection for connection will skip any
BSS that matches an entry in the disallowed list.

The new parameter can be set with the control interface SET command
using following syntax:

SET disallow_aps <disallow_list>
disallow_list ::= <ssid_spec> | <bssid_spec> | <disallow_list> | “”
SSID_SPEC ::= ssid <SSID_HEX>
BSSID_SPEC ::= bssid <BSSID_HEX>

For example:
wpa_cli set disallow_list "ssid 74657374 bssid 001122334455 ssid 68656c6c6f"
wpa_cli set disallow_list
(the empty value removes all entries)

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-27 17:36:59 +03:00
Jouni Malinen
83218d20dd P2P: Clear sta_scan_pending on group removal
It is possible for the P2P client group to be removed while waiting for
a pending scan operation (e.g., when p2p_group_idle timeout hits after
getting disconnected from the GO with something else than
Deauthentication with reason code 3). If this happens with a P2P
interface that is used both for P2P Device and group roles, scan state
could get stuck while waiting for the next scan to complete since no
more station (P2P client) mode scans are scheduled. Fix this by clearing
sta_scan_pending when removing the temporary group network block.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-25 02:55:20 +03:00
Jouni Malinen
2cd0758441 P2P: Allow peer to propose channel in invitation process
Make Invitation process for re-invoking a persistent group behave
similarly to GO Negotiation as far as channel negotiation is concerned.
The Operating Channel value (if present) is used as a starting point if
the local device does not have a forced operating channel (e.g., due to
concurrent use). Channel lists from devices are then compared to check
that the selected channel is in the intersection. If not, channel is
selected based on GO Negotiation channel rules (best channel preferences
etc.). Invitation Request is rejected if no common channel can be
selected.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-24 22:15:58 +03:00
Jouni Malinen
4c490780e2 P2P: Fix pending-sta-scan processing for concurrent operation cases
If two P2P_FIND commands and a station mode SCAN command are issued in a
sequence with the second P2P_FIND and SCAN commands started before the
initial scan from the first P2P_FIND command has completed,
sta_scan_pending may be left set without an automatic way of getting it
cleared. This can get P2P search stuck if no further station mode scan
operations are run.

Fix this by clearing the sta_scan_pending flag whenever station mode scans
are stopped due to no enabled networks resulting in INACTIVE mode getting
entered. In addition, avoid setting sta_scan_pending flag when a special
scan_res_handler is set so that this does not get enabled on the P2P
Device interface during a P2P search operation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-24 13:46:27 +03:00
Jouni Malinen
ac06fb12f5 P2P: Add more debug prints for GO start routines
This makes it easier to debug issues in starting GO mode.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-24 01:05:51 +03:00
Jouni Malinen
d4534bde9c Add debug print for no-enabled-networks case
If there are any disabled networks, show a debug print with the count
of those networks when no enabled networks are found. This can be
helpful in trying to figure out why scans are being skipped.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-24 01:04:00 +03:00
Jouni Malinen
b470b2bf37 Print control interface commands in easier format
The ASCII hexdump is somewhat difficult to search for (especially on
Android builds), so make the debug log easier to parse by printing the
full control interface command as a text string. In addition, use
wpa_dbg() to get the interface name printed so that multi-interface
cases can be debugged.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-24 01:01:26 +03:00
Jouni Malinen
c244dd2ec0 P2P: Fix PSK configuration for GO network
Setting just ssid->passphrase is not enough to complete the network
block for the GO entry. Also the PSK needs to be derived so that the
network is considered enabled by wpas_network_disabled(). The previous
version worked as long as something else allowed the scan request to be
performed (this is needed even though the actual scan is skipped when
starting GO).

The first GO start was allowed because wpa_s->scan_req is initialized to
1 in wpa_supplicant_alloc(). However, other attempts may fail if
wpa_s->scan_req is cleared. This failure shows up as "No enabled
networkas - do not scan" in debug log followed by state change to
INACTIVE when trying to start GO.

Fix this by deriving PSK from the passphrase for GO mode.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-24 00:56:57 +03:00
Jouni Malinen
0c802384a7 P2P: Fix p2p_group_idle in no-group-interface P2P client case
Commit 30ee769235 started skipping P2P
group removal if wpa_s->current_ssid is not set and commit
0d30cc240f started clearing
wpa_s->current_ssid on disconnection. This combination broke
p2p_group_idle timeout on P2P client interface in a case where no
separate P2P group interface is used and when the disconnection is
triggered by something else than an explicit indication of GO
terminating the group.

Fix this by relaxing network block matching rules when figuring out
whether any of the configured network blocks could be in P2P use. The
p2p_group flag alone should be enough for this since temporary P2P group
network blocks are removed once the P2P group is terminated.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-23 20:28:03 +03:00
Dan Williams
8c981d179b wpa_supplicant: Set state to DISCONNECTED on AP creation errors
If the AP creation failed (missing freq= or driver error) the supplicant
would previously stay in SCANNING state forever. Instead, it should
handle the error a bit better and drop back to DISCONNECTED so clients
know something went wrong.

Signed-hostap: Dan Williams <dcbw@redhat.com>
intended-for: hostap-1
2012-09-23 13:55:58 +03:00
Mykyta Iziumtsev
dd31eb79a2 P2P: Remove channel 14 from supported P2P channels
Channel 14 is available only in Japan and is DSSS-only according to
IEEE 802.11-2012 19.4.3 and MIC Equipment Ordinance (EO)
for Regulating Radio Equipment article 49.20.

At the same time, P2P should avoid using DSSS modulation in normal
operation according to P2P specification v1.2 2.4.1.

Signed-hostap: Mykyta Iziumtsev <mykyta.iziumtsev@gmail.com>
intended-for: hostap-1
2012-09-23 12:49:52 +03:00
Jouni Malinen
54c61e6e08 P2P: Fix p2p_ctrl_invite_persistent() to parse peer parameter
Commit 4d32c0c44d added another use for the
local pos variable and that broke the mechanism used to determine wheter
the peer address was provided. Fix this by using a separate pointer to the
peer address.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-15 22:21:46 -07:00
Masashi Honma
6df865face Remove unused function warning in WPS NFC case
When I use CONFIG_WPS_NFC=y a warning appears.

wps_supplicant.c:1872:12: warning: 'wpas_wps_add_nfc_password_token'
defined but not used [-Wunused-function]

This patch removes this warning.

Signed-hostap: Masashi Honma <masashi.honma at gmail.com>
2012-09-15 22:02:09 -07:00
Jouni Malinen
0dd5431312 Do not inform other virtual interfaces of scan results in all cases
If a connection operation is started on an interface based on scan
results, other virtual interfaces should not be information about the
results to avoid potential concurrent operations during the association
steps. Since the sibling notification of scan results received was added
as an optimization, skipping it for this type of cases is the simplest
way of avoiding unnecessary concurrent operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-13 18:07:02 -07:00
Jouni Malinen
ab03f6da7a P2P: Schedule new scan if P2P operation delays scan
This makes sure that the interrupted station mode scan can be completed
after the P2P operations have had their chance of using the radio.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-13 18:05:55 -07:00
Jouni Malinen
58d3760e7e P2P: Check all interfaces for pending scan for p2p_scan failures
Driver could reject the new scan based on any virtual interface
running a concurrent scan. As such, mark the pending scan callback
for P2P based on any interfaces instead of just the one used for
the p2p_scan operation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-13 18:03:14 -07:00
Jouni Malinen
e665ca9a8d P2P: Move p2p_cb_on_scan_complete to global context
Since we have a global P2P module, the flag to trigger scan completion
events to it needs to be in similar context. The previous design
maintained this separately for each virtual interface and if P2P module
did not run its scan operation on the virtual interface that completed
the scan, P2P module would not be allowed to restart operations
properly.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-13 17:58:22 -07:00
Jouni Malinen
762b99db7a Fix last_scan_res update existing BSS entry is update
The BSS pointer may change if the entry needs to be reallocated
and the new pointer has to be added to the last_scan_res array
to avoid using pointers to freed memory.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-10 12:36:55 +02:00
Yuhao Zheng
dc7785f845 wpa_supplicant: Add PKTCNT_POLL command to get TX/RX packet counters
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2012-09-05 17:02:02 +03:00
Jouni Malinen
53c9fc1df6 Interworking: Share ANQP data within homogenous ESS
If two BSS entries have the same HESSID and SSID, share the fetched ANQP
information between these BSS entries to save memory and GAS/ANQP
operations.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-04 17:22:42 +03:00
Jouni Malinen
c739d7e968 Interworking: Store HESSID in BSS entry
This makes it more convenient to match BSS entries that belong to the
same homogenous ESS.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-04 17:08:58 +03:00
Jouni Malinen
7e414b21c2 Interworking: Allow EAP-SIM/AKA/AKA' override in cred block
The eap parameter in the cred block can now be used to override
automatic EAP-SIM/AKA/AKA' selection.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-04 16:50:52 +03:00
Jouni Malinen
476aed355a Interworking: Move BSS ANQP information into separate struct
This is an initial step in allowing the ANQP responses to be shared
among multiple BSSes if the BSSes are determined to be operating under
identical configuration.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-04 16:22:35 +03:00
Deepthi Gowri
59ff6653aa Fix REMOVE_NETWORK to not run operations with invalid current_ssid
If the REMOVE_NETWORK command is used to delete the currently connected
network, some operations were run between removing the network and
clearing of wpa_s->current_ssid. This left wpa_s->current_ssid pointing
to freed memory and should any operation end up using it before the
pointer gets cleared, freed memory could be references. Avoid this by
removing the network only after having completed the operations that
clear wpa_s->current_ssid.

Signed-hostap: Deepthi Gowri <deepthi@codeaurora.org>
intended-for: hostap-1
2012-09-03 11:55:38 +03:00
Jouni Malinen
7ff833674b Interworking: Fetch only the needed ANQP information
Use configured credentials to figure out which ANQP information needs to
be fetched and only fetch those when using Interworking network
selection. The fetch_anqp command is still fetching all ANQP
information.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-02 21:05:54 +03:00
Jouni Malinen
a594e2a9ab Interworking: Skip extra scan after network auto-select
If the scan results from before ANQP fetch are fresh (less than five
seconds old), do not run a new scan when selecting the BSS after having
used Interworking network selection.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-02 20:18:48 +03:00
Jouni Malinen
620c783753 Use BSS entries instead of scan results for BSS selection
This allows the BSS selection functions to be called without having the
scan result data structure. This can be used to skip extra scans in
cases where previous results can be considered fresh.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-02 19:56:57 +03:00
Jouni Malinen
cf8baca6a5 BSS: Add wpa_bss_get_vendor_ie_multi_beacon()
This can be used to fetch vendor IEs from Beacon frames.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-02 19:54:42 +03:00
Jouni Malinen
a297201df1 Maintain list of BSS entries in last scan result order
This allows last results to be used even after they have been freed
since the information is copied to the BSS entries anyway and this new
array provides the order in which scan results were processed.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-02 19:53:15 +03:00
Jouni Malinen
20ed5e40ba Use BSS table instead of scan results in need-to-roam determination
The same information is available in the BSS table, so we can reduce the
need for using the raw scan results in wpa_supplicant_need_to_roam().

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-02 17:39:35 +03:00
Jouni Malinen
e026159a8e EAP-SIM/AKA: Store pseudonym identity in configuration
Use the anonymous_identity field to store EAP-SIM/AKA pseudonym identity
so that this can be maintained between EAP sessions (e.g., after
wpa_supplicant restart) even if fast re-authentication data was cleared.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-02 13:04:18 +03:00
Jouni Malinen
bcdf2096bd SME: Fix disconnec-while-authenticating
Commit 0d30cc240f forced
wpa_s->current_ssid to be cleared in wpa_supplicant_mark_disassoc()
which gets called from wpa_supplicant_event_disassoc(). This broke SME
disassoc-while-authenticating workaround for cfg80211. Fix this by
restoring wpa_s->current_ssid in case SME authentication is in progress.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-01 17:20:27 +03:00
Jouni Malinen
0aadd5682f Fix disconnection event processing
Commit 0d30cc240f forced
wpa_s->current_ssid and wpa_s->key_mgmt to be cleared in
wpa_supplicant_mark_disassoc() which gets called from
wpa_supplicant_event_disassoc(). This broke IEEE 802.1X authentication
failure processing and P2P deauthentication notification (group
termination).

Fix this by splitting wpa_supplicant_event_disassoc() into two parts and
make wpas_p2p_deauth_notif() indicate whether the interface was removed.
If so, the last part of disassocition event processing is skipped. Since
the wpa_supplicant_mark_disassoc() call is in the second part, the above
mentioned issues are resolved. In addition, this cleans up the P2P group
interface removal case by not trying to use fast reconnection mechanism
just before the interface gets removed.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-31 22:04:41 +03:00
Jouni Malinen
6f1ca696c7 P2P: Do not fail p2p_group_remove just based on current_ssid
The wpa_s->current_ssid pointer may get cleared, e.g., when
disconnected. Commit 30ee769235 made
wpas_p2p_group_delete() exit early before removing a P2P interface in
this type of case. That can cause number of issues from p2p_group_remove
command failing to busy loop when terminating wpa_supplicant if there is
a P2P group interface in client mode and that interface happens to be in
disconnected state. Fix these issues by allowing wpas_p2p_group_delete()
remove the P2P group interface regardless of whether wpa_s->currnt_ssid
is set.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-31 21:35:32 +03:00
Jouni Malinen
4d32c0c44d P2P: Allow p2p_invite-persistent to specify channel for GO
The freq and ht40 parameters can now be used with the p2p_invite
command when reinvoking a persistent group as the GO.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-31 21:20:51 +03:00
Jouni Malinen
55d834e172 Android: Add Wi-Fi Display into the makefile
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-31 18:34:32 +03:00
Jouni Malinen
43323e43d3 Android: Include Hotspot 2.0 support in the default build
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-31 18:34:30 +03:00
Jouni Malinen
50cfe0e1cb Android: Add new keystore include path for JB
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-31 18:34:27 +03:00
Jouni Malinen
7b1aa4fe30 Move variable declaration into the beginning of function
The variables used within the #ifndef block here needs to be defined in
the beginning of the function to avoid issues with some compilers.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-30 00:37:59 +03:00
Jouni Malinen
1f3a3ec4a4 Interworking: Fix build without CONFIG_PCSC=y
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-30 00:35:53 +03:00
Jouni Malinen
6ffdc2f7bd WFD: Add preliminary WSD request processing and response
This commit does not yet address support for different device roles,
i.e., the same set of subelements are returned regardless of which
role was indicated in the request.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-29 19:51:29 +03:00
Jouni Malinen
347d6a5b76 WFD: Add support for sending Wi-Fi Display service discovery requests
wpa_cli p2p_serv_disc_req command can now be used to request WSD
request to be sent to specified or all peers who support WSD.

format: wifi-display <list of roles> <list of subelements>
examples:
p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [source] 2,3,4,5
p2p_serv_disc_req 02:01:02:03:04:05 wifi-display [pri-sink] 3
p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [sec-source] 2
p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [source+sink] 2,3,4,5
p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [source][pri-sink] 2,3,4,5

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-29 19:51:29 +03:00
Jouni Malinen
337c781f9c WFD: Add wfd_subelems hexdump in BSS ctrl_iface command output
This makes it easier to parse the WFD subelements from scan results.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-29 19:51:29 +03:00
Jouni Malinen
9675ce354a WFD: Add Wi-Fi Display support
This commit adds control interface commands and internal storage of
Wi-Fi Display related configuration. In addition, WFD IE is now added
to various P2P frames, Probe Request/Response, and (Re)Association
Request/Response frames. WFD subelements from peers are stored in the
P2P peer table.

Following control interface commands are now available:
SET wifi_display <0/1>
GET wifi_display
WFD_SUBELEM_SET <subelem> [hexdump of length+body]
WFD_SUBELEM_GET <subelem>

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-29 19:51:29 +03:00
Jouni Malinen
eb7719ff22 Add support for using GCMP cipher from IEEE 802.11ad
This allows both hostapd and wpa_supplicant to be used to derive and
configure keys for GCMP. This is quite similar to CCMP key
configuration, but a different cipher suite and somewhat different rules
are used in cipher selection. It should be noted that GCMP is not
included in default parameters at least for now, so explicit
pairwise/group configuration is needed to enable it. This may change in
the future to allow GCMP to be selected automatically in cases where
CCMP could have been used.

This commit does not included changes to WPS or P2P to allow GCMP to be
used.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-29 11:52:15 +03:00
Jouni Malinen
01335e2c8d wpa_cli: Add tab completion for p2p_find
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-28 17:38:53 +03:00
Jouni Malinen
e4f6873cce wpa_cli: Fix tab completion
Commit b49039bda9 redesigned tab
completion, but added the new call to completion functions into wrong
location. This needs to be done within the loop to find the correct
completion function.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-28 17:25:09 +03:00
Jouni Malinen
4d5bda5fca Interworking: Add optional use of network selection on normal scans
auto_interworking=1 configuration parameter can be used to request
wpa_supplicant to use Interworking network selection automatically as a
part of the normal (non-Interworking) network selection if the scan
results do not match with enabled networks. This makes scanning work
similarly to the "interworking_select auto" command.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-28 16:14:13 +03:00
Jouni Malinen
b1f122964e Add generic GAS request mechanism
The new gas_request and gas_response_get commands can be used to request
arbitary GAS queries to be performed. These can be used with ANQP or
with other (including vendor specific) advertisement protocols.

gas_request <BSSID> <AdvProtoID> [Query]
gas_response_get <addr> <dialog token> [offset,length]

For example, ANQP query for Capability list in interactive wpa_cli
session:

> gas_request 02:00:00:00:01:00 00 000102000101
<3>GAS-RESPONSE-INFO addr=02:00:00:00:01:00 dialog_token=0
status_code=0 resp_len=32
> gas_response_get 02:00:00:00:01:00 00
01011c00010102010501070108010c01dddd0c00506f9a110200020304050607
> gas_response_get 02:00:00:00:01:00 00 0,10
01011c00010102010501
> gas_response_get 02:00:00:00:01:00 00 10,10
070108010c01dddd0c00
> gas_response_get 02:00:00:00:01:00 00 20,10
506f9a11020002030405
> gas_response_get 02:00:00:00:01:00 00 30,2
0607

It should be noted that the maximum length of the response buffer is
currently 4096 bytes which allows about 2000 bytes of the response data
to be fetched with a single gas_response_get command. If the response is
longer, it can be fetched in pieces as shown in the example above.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-27 18:13:10 +03:00
Jouni Malinen
a462036a47 WPS: Allow AP that becomes active be tried immediately
Clear the possible blacklisting of a WPS AP during WPS PIN iteration if
the AP moves to selected registrar TRUE state or if it adds our MAC
address to the list of authorized MACs.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-27 13:51:35 +03:00
Jouni Malinen
f9f0526bcd WPS: Maintain more AP state during WPS PIN iteration
Maintain state of WPS APs during iteration to find the correct AP for
WPS PIN operation when no specific BSSID is specified. This information
can be used for optimizing the order in which the APs are tried. This
commit is only adding the collection of the information and more
detailed debug information to make debug logs more helpful in figuring
out how the AP selection order could be improved.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-27 13:48:11 +03:00
Jouni Malinen
0d30cc240f Clear current_ssid and key_mgmt when disconnected
This makes wpa_supplicant state somewhat cleaner since the information
from previously used connection is not maintained after getting
disconnected.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-26 23:35:08 +03:00
Jouni Malinen
00e5e3d509 Disable network block temporarily on authentication failures
If 4-way handshake fails due to likely PSK failure or if EAP
authentication fails, disable the network block temporarily. Use longer
duration if multiple consecutive failures are seen.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-26 23:35:07 +03:00
Jouni Malinen
2af4d404a8 wpa_cli: Add optional argument for the help command
"help <cmd>" can now be used to print the usage text for the
specified command (or set of commands matching the prefix).

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-26 23:35:07 +03:00
Jouni Malinen
b49039bda9 wpa_cli: Add tab completion function into the command table
Instead of using a separate list of commands, use the main command table
to assign tab completion functions. In addition, use the existing BSS
and P2P peer completions functions with the commands that use BSSID or
P2P Device address the first argument.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-26 23:35:07 +03:00
Jouni Malinen
632c9458c4 Interworking: Fix home SP check with real SIM card
The NAI building routine assumed that the credential included the IMSI,
but that is not the case when using a real SIM card. Build the NAI based
on the IMSI read for the card in such a case.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-26 23:35:04 +03:00
Jouni Malinen
8f23401281 Interworking: Fix PLMN matching with multiple entries
The pos variable was not advanced when comparing PLMN entries in
3GPP Cellular Network information and as such, only the first
entry was really used.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-08-26 20:37:11 +03:00
Jouni Malinen
27b80b5b4c wpa_cli: Add a 'raw' command for sending unprocessed data
This can be used to test new control interface commands and to use
commands that may not yet be supported by wpa_cli.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-25 13:33:29 +03:00
Dmitry Shmidt
39ee845f92 wpa_supplicant: Add bss_flush command to invalidate scan results
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2012-08-25 10:23:22 +03:00
Jouni Malinen
bf428a739c P2P: Fix memory leak with driver-based P2P management
If the P2P management operations are handled within the driver, the
P2P service entries were not freed when terminating wpa_supplicant.
Fix this by calling wpas_p2p_service_flush() even if the P2P module
within wpa_supplicant has not been initialized.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-24 20:45:22 +03:00
Jouni Malinen
b4a5dfa95d P2P: Limit maximum number of stored P2P clients to 100
This limits the maximum size of the p2p_client_list parameter that
is maintained at the GO for a persistent group. In other words, only
the 100 most recently seen P2P clients are kept in the list.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1
2012-08-24 00:25:14 +03:00
Jouni Malinen
223167956c Improve p2p_client_list updates in configuration file
This list can get truncated due to too many addresses getting added.
Reorder the entries in a way that allows the most recently added values
to be maintained in the list and use better debug/error messages when
parsing the value.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1
2012-08-24 00:25:14 +03:00
Jouni Malinen
d42bc5e178 Handle long configuration file lines more gracefully
Skip the end of long configuration lines that get truncated in
wpa_config_get_line(). Without this, the rest of the file was being
parsed as another line and that resulted in an unexpected error
message (wrong line number and wrong starting point).

In addition, increase the read buffer for network blocks from 256
to 2000 since p2p_client_list parameter can have long values. These
were supposed to truncated cleanly, but the unexpected processing of
the end of the file (which is now fixed in this commit) could cause
configuration file to be rejected.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1
2012-08-23 23:52:45 +03:00
Jouni Malinen
cc8c7b8840 P2P: Remove unnecessary call in resuming p2p_find
Commit 99fcd40409 added a call to update
search delay after failed authentication attempt. This change was
supposed to be only in p2p_supplicant.c for the successful case. The
extra call does not really do anything, but it's good to remove it to
avoid any confusion in the future.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-23 20:28:04 +03:00
Jouni Malinen
99fcd40409 P2P: Allow scan operations during p2p_find
Previously, all station mode scan operations were either skipped or
delayed while any P2P operation was in progress. To make concurrent
operations easier to use, reduce this limitation by allowing a scan
operation to be completed in the middle of a p2p_find. In addition,
allow station mode association to be completed. When the station mode
operation is run to its completion (scan results not acted on,
connection to an AP completed, connection failed), resume the p2p_find
operation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-23 19:42:53 +03:00
Jouni Malinen
05a77b3b46 P2P: Use 500 ms search delay by default during concurrent operations
If the p2p_find command is used without the delay parameter, a 500 ms
default search delay will now be used when any interface using the same
radio is in an concurrent operation. "p2p_find delay=0" can be used to
enforce the old behavior in such a case if needed.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-23 18:34:57 +03:00
Jouni Malinen
37448ede31 P2P: Add option for adding extra delay to p2p_find
A new optional delay=<search delay in milliseconds> parameter can now be
used with p2p_find command to request an extra delay between search
iterations. This can be used, e.g., to make p2p_find friendlier to
concurrent operations by avoiding it from taking 100% of the radio
resources.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-23 18:20:58 +03:00
Jouni Malinen
065d2895b4 Add UNAUTH-TLS vendor specific EAP type
This EAP type uses a vendor specific expanded EAP header to encapsulate
EAP-TLS with a configuration where the EAP server does not authenticate
the EAP peer. In other words, this method includes only server
authentication. The peer is configured with only the ca_cert parameter
(similarly to other TLS-based EAP methods). This method can be used for
cases where the network provides free access to anyone, but use of RSN
with a securely derived unique PMK for each station is desired.

The expanded EAP header uses the hostapd/wpa_supplicant vendor
code 39068 and vendor type 1 to identify the UNAUTH-TLS method.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-22 22:34:11 +03:00
Jouni Malinen
a8a3868ddd HS 2.0: Add preliminary documentation for Hotspot 2.0
This describes wpa_supplicant functionality for Interworking
(probe request parameters, network selection) and Hotspot 2.0.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-21 21:32:31 +03:00
Jouni Malinen
a120c3fad6 WPS: Remove unused credential handlers for 802.1X
The WPA_AUTH_WPA and WPA_AUTH_WPA2 cases have already been rejected in
this function when execution comes here. In theory, support for
WPA-Enterprise could be added, but since that has not happened over the
years, there is no good reason to keep this dead code here.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-19 19:10:40 +03:00
Jouni Malinen
392824ef10 Clean up the closed stdin/stdout/stderr workaround to close sockets
Close the workaround sockets when wpa_supplicant exists to avoid
hitting resource leak warnings.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-19 18:01:04 +03:00
Jouni Malinen
44ec48ebfd FIPS: Remove md5-non-fips.c
Commit c9e08af24f removed the only user of
the special case MD5 use that would be allowed in FIPS mode in
tls_prf_sha1_md5(). Commit 271dbf1594
removed the file from the build, but left the implementation into the
repository. To clean things up even further, remove this functionality
completely since it is not expected to be needed for FIPS mode anymore.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-19 16:53:15 +03:00
Jouni Malinen
63e5caaa6f Interworking: Do not match credentials without WPA2-Enterprise
Since we currently support only HS 2.0 networks with Interworking
network selection, do not indicate credential match unless the
network uses WPA2-Enterprise.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-19 12:55:12 +03:00
Jouni Malinen
8601b50312 Interworking: Enforce WPA2-Enterprise/CCMP
Since we currently support only HS 2.0 networks with Interworking
network selection, enforce that WPA2-Enterprise/CCMP is used on the
AP instead of allowing any WPA-Enterprise combination.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-19 12:55:12 +03:00
Jouni Malinen
4ed34f5acd HS 2.0: Do not indicate HS 2.0 status without WPA2-Enterprise
Hotspot 2.0 allows only WPA2-Enterprise to be used, so other types of
networks must not be indicated as Hotspot 2.0 networks even if they
(incorrectly) advertise HS 2.0 support.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-19 12:54:48 +03:00
Jouni Malinen
2b95f57ba5 Interworking: Do not reconnect without "auto" parameter
When there was no credential match, but an enabled network block matched
with a scan result, wpa_supplicant reconnected at the end of
interworking_select command even if "auto" parameter was not used. Fix
this by running the reconnect only if requested to automatically select
a network.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-19 12:26:21 +03:00
Jouni Malinen
9af7361b3f Document TLS options in phase1/phase2
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-17 22:27:29 +03:00
Yoni Divinsky
6409b7a715 Supply the connection scan results to bgscan after init
If bgscan is enabled, then bgscan is initiated after the connection,
with no bss scan result information. Since a scan was performed prior to
the connection, the information exists and can be used to initialize the
bgscan's cache.

Signed-hostap: Yoni Divinsky <yoni.divinsky@ti.com>
2012-08-17 20:53:44 +03:00
Jouni Malinen
26a379224c OpenSSL: Implement SHA256 HMAC functions using HMAC API
Use the OpenSSL HMAC implementation instead of the internal sha256.c
implementation of HMAC with SHA256.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 22:34:35 +03:00
Jouni Malinen
ab637dcb37 Move SHA256-based PRF function into a separate C file
This makes it easier to conditionally build in SHA256 functions based
on which TLS/crypto library is used.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 22:24:11 +03:00
Jouni Malinen
0b5e98557e FIPS: Use OpenSSL CMAC implementation instead of aes-omac1.c
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 22:19:53 +03:00
Jouni Malinen
982bafedaf FIPS: Mix in OpenSSL RAND_bytes() into random_get_bytes()
Make sure that the OpenSSL DRBG gets used when generating
random numbers in FIPS mode.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 21:49:41 +03:00
Jouni Malinen
030d062fac OpenSSL: Implement SHA1 HMAC functions using HMAC API
Use the OpenSSL HMAC implementation instead of the internal sha1.c
implementation of HMAC with SHA1.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 20:38:25 +03:00
Jouni Malinen
d6150094e0 Move SHA1-based PRF function into a separate C file
This makes it easier to conditionally build in SHA1 functions based
on which TLS/crypto library is used.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 20:26:16 +03:00
Jouni Malinen
e40c86ad27 OpenSSL: Use library function for PBKDF2 passphrase-to-PSK
Use the OpenSSL PKCS5_PBKDF2_HMAC_SHA1() function instead of the
internal implementation in sha1-pbkdf2.c.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 20:26:16 +03:00
Jouni Malinen
6e6909a97e FIPS: Remove MD5 from the CONFIG_FIPS=y build
When CONFIG_FIPS=y is used, do not include MD5 in the build and disable
EAPOL-Key frames that use MD5 (WPA/TKIP and dynamic WEP with IEEE
802.1X).

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 20:03:17 +03:00
Jouni Malinen
271dbf1594 FIPS: Do not build md5-non-fips.o unless really needed
This is not needed anymore when using OpenSSL keying exporter
functionality for PRF.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 19:58:15 +03:00
Jouni Malinen
c9e08af24f Do not export TLS keys in FIPS mode
Only allow the TLS library keying material exporter functionality to be
used for MSK derivation with TLS-based EAP methods to avoid exporting
internal TLS keys from the library.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 19:38:15 +03:00
Jouni Malinen
411f567050 Allow libdl to be linked in after OpenSSL
OpenSSL-based builds may need libdl in the linker line after the OpenSSL
library. CONFIG_TLS_ADD_DL=y can now be used to force that if needed.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 19:34:38 +03:00
Jouni Malinen
e001191837 Add "make fips" for wpa_supplicant builds with OpenSSL
This can be used for convenience to build wpa_supplicant with OpenSSL
FIPS object module. CONFIG_FIPS=y is expected to be used in
wpa_supplicant/.config when using this option.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 17:53:05 +03:00
Jouni Malinen
4f219667d7 P2P: Use larger GO config timeout if HT40 is used
Increase GO config timeout if HT40 is used since it takes some time
to scan channels for coex purposes before the BSS can be started.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-15 23:19:11 +03:00
Rajkumar Manoharan
e2308e4b45 P2P: Add optional "ht40" argument for p2p_connect
This can be used to start negotiated GO in 40 MHz channel width
in 5GHz band.

Signed-hostap: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
2012-08-15 23:07:44 +03:00
Rajkumar Manoharan
7aeac98509 P2P: Enable 40 MHz support for autonomous P2P group addition
Add optional "ht40" argument for p2p_group_add command to enable 40 MHz
in 5GHz band. This configures the secondary channel, when HT support is
enabled and if the HW supports 40 MHz channel width.

Signed-hostap: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
2012-08-15 22:53:01 +03:00
Rajkumar Manoharan
931228aa10 P2P: Move channel validation into a separate function
Signed-hostap: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
2012-08-15 22:44:34 +03:00
Jouni Malinen
87c7ba8423 wpa_cli: Use helper functions to implement commands
This simplifies wpa_cli implementation greatly and also reduces
the binary size by one third or so.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-15 22:40:07 +03:00
Jouni Malinen
0076869c62 wpa_cli: Add helper functions for building and executing commands
These helper functions can be used to implement most of the common
wpa_cli commands to simplify the implementation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-15 22:08:21 +03:00
Jouni Malinen
a3f7e5186b Allow non-WPA IEEE 802.1X to be select even if WPA is also enabled
If key_mgmt was set to allow both WPA and non-WPA IEEE 802.1X (i.e., to
IEEE8021X WPA-EAP), non-WPA IEEE 802.1X was rejected while preparing
association parameters. Allow this special case to be handled by
selecting non-WPA case if the scan results for the AP do not include
either WPA or RSN elements.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-15 19:34:04 +03:00
Eyal Shapira
a13e07ec4d Fix adding extra IEs in sched scan
Refactoring done in commit 46ee0427b1
(IEEE 802.11u: Allow Interworking and HESSID to be configured)
broke adding extra IEs in sched scan. The IEs stopped being added
to the scan params within wpa_supplicant_extra_ies() but no code
was added to add them in wpa_supplicant_req_sched_scan().
Fix this and remove unused params arg in wpa_supplicant_extra_ies().

Signed-hostap: Eyal Shapira <eyal@wizery.com>
intended-for: hostap-1
2012-08-13 21:48:55 +03:00
Jouni Malinen
1f52c2f7b5 GAS: Fix reporting of GAS query timeouts
GAS_QUERY_TIMEOUT value was used for two different things - enum for
status callback and #define for internal eloop timeout). The latter
overwrites the former and as such, the timeout reported ended up going
out with value 5 which matches with GAS_QUERY_CANCELLED instead of
GAS_QUERY_TIMEOUT. This value was not used in existing code, so this
should not modify the current behavior. Anyway, the correct reason for
the failure should be reported. Rename the internal #define for the
timeout period to avoid the name conflict. [Bug 463]

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-13 21:33:00 +03:00
Jouni Malinen
067ffa2696 Convert os_realloc() for an array to use os_realloc_array()
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-13 21:21:23 +03:00
Jouni Malinen
f9884c096a Convert os_zalloc() for an array to use os_calloc()
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-13 20:44:21 +03:00
Jouni Malinen
78372bda68 Fix memcmp use in a test program
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-13 19:57:57 +03:00
Jouni Malinen
623ecdd5a2 Remove default ACM=1 from AC_VO and AC_VI
There is no need to mandate admission control (ACM=1) by default, so
clear that flag in the case the configuration file does not specify
wmm_ac_{vo,vi}_acm value. This gets closer to the values mentioned
in the sample hostapd.conf file and reduces the need to specify WMM
parameters in the configuration file for most common use cases.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-12 11:36:45 +03:00
Yoni Divinsky
c26effe15f wpa_supplicant AP/P2P: Enable WMM param configuration
In case of P2P GO and AP mode, wpa_supplicant uses the default hostapd
parameters for WMM. In the default parameters the ACM bit for video and
voice are set to 1, meaning, P2P devices and stations which are
connected to the GO cannot pass voice or video data packets. Allow this
to be changed through wpa_supplicant configuration file with wmm_ac_*
parameters.

Signed-hostap: Yoni Divinsky <yoni.divinsky@ti.com>
2012-08-12 11:34:07 +03:00
Jouni Malinen
e485286c67 Remove unnecessary bssid_changed check
The os_memcmp of bssid and wpa_s->bssid cannot return 0 in this
code path since identical os_memcmp was already done above.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-11 17:54:43 +03:00
Masashi Honma
0a0c38f63d Do not proceed with association if get_bssid() returns failure
This is the normal flow for association:

wpa_supplicant <--(EVENT_ASSOC event )--  device driver
wpa_supplicant  --( get_bssid()      )--> device driver
wpa_supplicant <--( return BSSID     )--  device driver

However, a device driver could return EINVAL for get_bssid() because it
recognizes it has already been disconnected. When the wpa_supplicant
received EINVAL, the bssid field could be used uninitialized in the
following flow:

wpa_supplicant <--(EVENT_ASSOC event )--  device driver
                                          device driver (receive deauth)
wpa_supplicant  --( get_bssid()      )--> device driver
wpa_supplicant <--( return EINVAL    )--  device driver

Prevent this by requiring the get_bssid() call to succeed when
processing association events.
2012-08-11 17:46:58 +03:00
Arik Nemtsov
b6871ebb17 SME: Correctly check mode HT caps for enabling OBSS scan
Don't assume the 11g mode is always first in the list of mode (sometimes
it isn't). Traverse the array of modes and check the HT40 capability is
turned on for 11g.

Signed-hostap: Arik Nemtsov <arik@wizery.com>
2012-08-11 17:08:54 +03:00
Jouni Malinen
8dba4aef11 P2P: Move group removal reason to a function parameter
wpa_s->removal_reason was set only when calling wpas_p2p_group_delete()
and while couple of call places did not set this, it should really be
set in each case. As such, it works better as a function parameter than
a variable in struct wpa_supplicant.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-11 12:41:31 +03:00
Michael Naumov
30ee769235 P2P: p2p_group_remove should fail on non-P2P interface
p2p_group_remove should only attempt to remove P2P group
interfaces and fail on non-P2P group interfaces.

Signed-hostap: Michael Naumov <michael.naumov@intel.com>
Signed-hostap: Nirav Shah <nirav.j2.shah@intel.com>
2012-08-11 12:06:23 +03:00
Eyal Shapira
462a7439e1 Add p2p_go_max_inactivity config option
This enables setting a different max inactivity timeout for P2P GO.
This timeout is used to detect inactive clients. In some scenarios
it may be useful to have control over this and set a shorter timeout
than the default 300s. For example when running STA and P2P GO interfaces
concurrently, the STA interface may perform scans which may cause the
GO to miss a disassoc / deauth frames from a client and keep assuming
that the client is connected until the inactivity detection kicks in.
300 secs is a bit too long for such scenarios and creates a bad user
experience.

Signed-hostap: Eyal Shapira <eyal@wizery.com>
2012-08-10 16:28:38 +03:00
Paul Stewart
6ed3117561 wpa_supplicant: Add DBus "Reassociate" command
Create a DBus command to reassociate, similar to the
ctrl-interface "reassociate" command.

Signed-hostap: Paul Stewart <pstew@chromium.org>
2012-08-09 13:54:36 +03:00
Jouni Malinen
e100828b76 Return wpabuf from radius_msg_get_eap()
This simplifies the implementation by using the buffer type to which the
returned data will be converted anyway. This avoids one memory
allocation for each processed RADIUS message.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-07 18:14:42 +03:00
Jouni Malinen
e122bb70b8 hostapd: Add alternative format for configuring SSID
The new ssid2 parameter can be used as an alternative mechanism for
configuring SSID for hostapd. It uses the same formats that
wpa_supplicant uses in the configuration file for strings.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-07 16:27:40 +03:00
Jouni Malinen
b87d70c88a Make wpa_config_parse_string() a shared function
This will be used in future hostapd configuration parser changes.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-07 16:13:51 +03:00
Jouni Malinen
986de33d5c Convert remaining SSID routines from char* to u8*
This makes it more explicit that the SSID is not a null terminated
C string.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-07 16:07:25 +03:00
Jouni Malinen
5c4b93d72e Add support for using printf-escaped strings in configuration
P"<escaped string>" can now be used as an alternative method for
specifying non-ASCII strings (including control characters). For
example, ssid=P"abc\x00test".

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-07 13:50:39 +03:00
Jouni Malinen
059d3a9075 wpa_cli: Handle wpa_supplicant termination more cleanly
Process CTRL-EVENT-TERMINATING in wpa_cli interactive mode and close
ctrl_iface connection without trying to detach the monitor interface
when this happens. This avoids a timeout on the DETACH command. In
addition, print out connection lost/re-established messages without
overriding the edit line.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-05 22:27:52 +03:00
Jouni Malinen
8e897ae37b wpa_cli: Go through ifname determination on connection retries
This is needed to allow the default behavior (pick first interface) to
be used in cases where wpa_supplicant is not available when wpa_cli is
started in interactive mode.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-05 22:04:22 +03:00
Jouni Malinen
db3a03222e wpa_cli: Fix an issue in the cleanup of udp-remote commits
wpa_ctrl_get_remote_ifname() is defined only for UDP ctrl_iface socket,
so this call needs to be made conditional on build parameters.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-05 21:54:56 +03:00
Jouni Malinen
4be9f27595 wpa_cli: Use eloop during connection attempts in interactive mode
This changes the call flow to allow full eloop operations to be used
while waiting for wpa_cli to establish a connection to wpa_supplicant in
the beginning of an interactive session. This allows the cleanup steps
to be more consistent and avoid debugging issues due to unfreed memory
or other resources if wpa_cli is killed with Ctrl-c.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-05 21:47:18 +03:00
Jouni Malinen
d62aaa7de1 wpa_cli: Fix resource leak on attach failures in interactive mode
When starting interactive mode, wpa_cli is trying to attach the
monitor connection. If that fails, the operation is retried, but
this was done without freeing all the resources that could have
been allocated (mainly, the command connection).

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-05 20:58:44 +03:00
Janusz Dziedzic
4307bb8c85 wpa_cli: Print nice prompt when using remote UDP
When CONFIG_CTRL_IFACE=udp-remote is used, print user frendly PS in
wpa_cli. E.g.,
localhost/wlan0>
192.168.1.1/p2p-wlan-0-0>

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2012-08-05 20:50:17 +03:00
Janusz Dziedzic
2d2398a11f edit: Add support for setting prompt string
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2012-08-05 20:46:34 +03:00
Janusz Dziedzic
0eed2a8d11 wpa_cli: Add IFNAME command
This command will return wpa_s->ifname that can be used for a nice
prompt in wpa_cli.

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2012-08-05 20:12:16 +03:00
Janusz Dziedzic
afadf423db wpa_supplicant: Add optional remote access for ctrl_iface
Add new option for ctrl iface: CONFIG_CTRL_IFACE=udp-remote. This
enables remote access to control interface via UDP port(s). This should
be used for testing purpose only since there is no authentication or
access control on the commands.

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2012-08-05 20:01:07 +03:00
Fernando Herrera
c10fe8c1df D-Bus: Fix wpas_dbus_getter_bss_expire_count
bss_expire_count getter was getting a wrong value. Fix it to return
bss_expiration_scan_count.

intended-for: hostap-1
2012-08-05 00:43:19 +03:00
Michael Naumov
a5195e56e8 D-Bus: Remove network_object dictionary entry from signal GroupStarted
The network_object path should be returned by the NetworkAdded signal
and not by the GroupStarted Signal. Starting a Group does not
necessarily validate the network object.

Signed-hostap: Michael Naumov <michael.naumov@intel.com>
Signed-hostap: Nirav Shah <nirav.j2.shah@intel.com>
intended-for: hostap-1
2012-08-05 00:26:36 +03:00
Michael Naumov
2ce7033678 P2P: Add D-Bus python script to perform Disconnect
D-Bus script using python glib is added to perform Disconnect on an
interface.

Signed-hostap: Michael Naumov <michael.naumov@intel.com>
Signed-hostap: Nirav Shah <nirav.j2.shah@intel.com>
2012-08-05 00:24:40 +03:00
Michael Naumov
008d824f20 P2P: Add D-Bus python script to perform p2p_invite
D-Bus script using python glib is added to perform p2p_invite on a group
interface to invite a peer.

Signed-hostap: Michael Naumov <michael.naumov@intel.com>
Signed-hostap: Nirav Shah <nirav.j2.shah@intel.com>
2012-08-05 00:20:48 +03:00
Dmitry Shmidt
35aa088a32 Add 'get_capability channels' command for ctrl_iface
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2012-08-04 21:17:04 +03:00
Ben Greear
481cac211e Add some debug info for config file error cases
It didn't always spit out useful stuff when reading config failed.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2012-08-04 20:38:50 +03:00
Ben Greear
4fdc8def88 Make UNIX socket non-blocking for ctrl_iface
This keeps wpa_cli from hanging forever if the other end of the socket
dies.

Signed-hostap: Ben Greear <greearb@candelatech.com>
2012-08-04 20:34:27 +03:00
jim1_lin
c8b245b6a4 WPS: Update dev.config_methods in wps_update_config
dev.config_methods was not updated when wps_update_config was called.
This could lead to mismatching config methods between Probe Request and
M1 packets. Add missing part for it.
2012-08-04 20:14:59 +03:00
Paul Stewart
21270bb4b3 Fix a couple memory leaks
Found using valgrind.

Signed-hostap: Paul Stewart <pstew@chromium.org>
2012-08-04 20:10:08 +03:00
Jouni Malinen
02af9c90fb EXT PW: Allow Interwork cred block to use external storage for password
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-03 22:15:42 +03:00
Jouni Malinen
0ebb23e340 EXT PW: Add support for password parameter from external storage
This allows the password parameter for EAP methods to be fetched
from an external storage.

Following example can be used for developer testing:

ext_password_backend=test:pw1=password|pw2=testing

network={
    key_mgmt=WPA-EAP
    eap=TTLS
    identity="user"
    password=ext:pw1
    ca_cert="ca.pem"
    phase2="auth=PAP"
}

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-03 22:15:42 +03:00
Jouni Malinen
9173b16fd1 EXT PW: Add support for psk parameter from external storage
This allows wpa_supplicant configuration file to be created without
the PSK/passphrase value included in the file when a backend for
external password storage is available.

Following example can be used for developer testing:

ext_password_backend=test:psk1=12345678
network={
    ssid="test-psk"
    key_mgmt=WPA-PSK
    psk=ext:psk1
}

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-03 22:15:42 +03:00
Jouni Malinen
306ae22556 EXT PW: Add framework for supporting external password storage
This new mechanism can be used to make wpa_supplicant using external
storage (e.g., key store in the operating system) for passwords,
passphrases, and PSKs. This commit is only adding the framework part
needed to support this, i.e., no actual configuration parameter can
yet use this new mechanism. In addition, only a simple test backend
is added to allow developer testing of the functionality.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-03 22:15:42 +03:00
Jouni Malinen
2518aad3e8 Move PSK/passphrase configuration check into use time from parsing
Instead of rejecting network blocks without PSK/passphrase at the time
the configuration file is read, allow such configuration to be loaded
and only behave as if the network block with missing PSK/passphrase is
disabled.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-03 22:15:42 +03:00
Jouni Malinen
1ecd2ada33 Interworking: Set key_mgmt parameter for the temporary network block
Previously, this was left to the default (WPA-EAP WPA-PSK) value which
could potentially result in unexpected behavior if an AP were to enable
both WPA2-Enterprise and WPA2-Personal in the same BSS. While this is
not really that likely for APs supporting Interworking, it is good to
get the PSK option removed to avoid any issues with missing
passphrase/PSK configuration parameter.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-03 22:15:42 +03:00
Jouni Malinen
955567bc09 Interworking: Add support for using Roaming Consortium OI for matching
Each cred block can now be matched based on Roaming Consortium OI as an
alternative mechanism to using NAI Realm information. This may be
optimized for efficiency in the future since Roaming Consortium
information is available in scan results without having to go through
ANQP queries. In addition, this is easier to support in case there is a
large number of realms that can be used for authentication.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-02 18:48:31 +03:00
Jouni Malinen
8ca93c59e0 Interworking: Allow pre-configuration of EAP parameters
The new cred block parameters eap, phase1, and phase2 can be used to
select which EAP method is used with network selection instead of using
the value specified in ANQP information (e.g., NAI Realm).

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-02 18:40:45 +03:00
Jouni Malinen
d5b5d801e8 Interworking: Move EAP parameter setting into a separate function
This makes it easier to share the common code with other credential
matching cases in the future.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-02 18:35:18 +03:00
Xi Chen
75cad1a0d4 WNM: Add WNM-Sleep Mode for station mode
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-01 13:21:27 +03:00
Xi Chen
a884be9da1 WNM: Add placeholders for WNM driver commands and events
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-01 13:21:20 +03:00
Jay Katabathuni
19a8ad9944 HS 2.0: Add Hotspot 2.0 Indication for AP
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-07-30 18:23:38 +03:00
Thomas Pedersen
bf8d6d2430 nl80211: Support setting sched scan RSSI threshold
Allow the user to configure an RSSI threshold in dBm below which the
nl80211 driver won't report scan results. Currently only supported
during scheduled (PNO) scans.

Signed-off-by: Thomas Pedersen <c_tpeder@qca.qualcomm.com>
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-07-25 16:56:43 +03:00
Jouni Malinen
cae2119c86 P2P: Leave forced BSSID parameter for P2P group
P2P group is only going to use a single GO, so we can leave the fixed
BSSID parameter set for the actual data connection in addition to the
initial WPS provisionign step. This can speed up operations with drivers
that select BSS internally by allowing them to skip an extra scan when
the BSSID and frequency of the GO is already known.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-07-25 16:18:12 +03:00
Michael Naumov
b682d6a73d P2P: Add D-Bus python scripts to perform additional commands
Four D-Bus scripts using python glib are added to perform the following
operations: p2p_flush, p2p_group_add, p2p_listen and p2p_stop_find.

Signed-hostap: Michael Naumov <michael.naumov@intel.com>
Signed-hostap: Nirav Shah <nirav.j2.shah@intel.com>
2012-07-04 21:07:53 +03:00
Cyril Brulebois
46d69fa5c6 wpa_gui: Fix compilation with gcc/g++ 4.7
Signed-off-by: Stefan Lippers-Hollmann <s.l-h@gmx.de>
intended-for: hostap-1
2012-07-04 21:01:04 +03:00
Jouni Malinen
b9b12d02f0 autoscan: Fix potential freeing of uninitialized pointer
Commit 7c865c6853 introduced a code
path that can skip extra_ie initialization in wpa_supplicant_scan().
This could result in semi-random crashes when using the autoscan
mechanism. Fix this by initializing extra_ie to NULL.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-07-03 20:54:40 +03:00
Jouni Malinen
be1514a3e9 Update license notification in signalbar implementation
This updates the license notification to use only the BSD license. The
changes were acknowledged by email (Kel Modderman <kel@otaku42.de>,
Mon, 2 Jul 2012 20:02:37 +1000).

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-07-02 20:48:24 +03:00
Jouni Malinen
17096391c5 wpa_gui: Update licence notification text in wpa_gui
The Help|About message box was still referring to the old license
alternatives.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-07-02 12:11:01 +03:00
Jouni Malinen
c5a3cebfc8 Update license notification in D-Bus interface files
This updates these files to use the license notification that uses only
the BSD license. The changes were acknowledged by email (Dan Williams
<dcbw@redhat.com>, Sun, 01 Jul 2012 15:53:36 -0500).

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-07-02 12:04:38 +03:00
Jouni Malinen
dcc3305701 Move p2p_connect PIN format validation into a separate function
This functionality could be shared for other commands, too, so move
it to a common function. In addition, implement the validation in a
bit more strict way to avoid accepting values like '-123' as a valid
PIN.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-30 21:27:32 +03:00
Masashi Honma
36ebf7a1b2 P2P: Add error message for invalid PIN
Reject invalid PIN value in p2p_connect command. Before this, typos
like "pbd" as the third parameter could have resulted in OK return
value since this parameter was interpreted as the PIN.

Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
2012-06-30 21:19:12 +03:00
Jouni Malinen
10ac7ddf33 Do not share special scan results with virtual interfaces
When a special scan_res_handler is used the scan parameters may not have
been suitable for other purposes (e.g., during a p2p_find operation). As
such, do not indicate such scan results to other virtual interfaces
using the same radio.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-30 20:30:40 +03:00
Jouni Malinen
3df2f4fe99 P2P: Remove unused P2P_SCAN_SPECIFIC
This is not used anymore after the commit
e6ecfc4fd3.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-30 20:20:29 +03:00
Gary Morain
0bb1e425b5 Export disconnect reason code to dbus
In the properties changed signal, added a new property
"DisconnectReason", which carries the IEEE 802.11 reason code of the
most recent disassociation or deauthentication event. The reason code is
negative if it is locally generated. The property is sent to the DBUS
immediately so as to prevent it from being coalesced with other
disconnect events.

Signed-off-by: Gary Morain <gmorain@chromium.org>
2012-06-30 16:43:50 +03:00
Michael Naumov
acc5f4ec60 P2P: Add dbus python scripts to perform p2p_find and p2p_connect
Two DBUS scripts using python glib are added to perform p2p_find and
p2p_connect operations respectively. p2p_connect script just performs
the traditional connect to create a new p2p group. Additional updates
will be required to perform join, auth etc. al.

Signed-hostap: Michael Naumov <michael.naumov@intel.com>
Signed-hostap: Nirav Shah <nirav.j2.shah@intel.com>
2012-06-30 13:11:26 +03:00
Jouni Malinen
51ca03f470 WPS: Document NFC use cases with password/config token
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 21:28:49 +03:00
Jouni Malinen
bfc62fe133 WPS: Share a single function for generating NFS password tokens
There is no need for both hostapd and wpa_supplicant to have their
own functions for this.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 21:01:37 +03:00
Jouni Malinen
40a5e3bfde WPS: Add a standalone tool for building NFC password tokens
nfc_pw_token can be used to build random NFC password token for WPS.
This tool prints out the wpa_supplicant.conf (or hostapd.conf)
parameters and the hexdump of the WPS password token (with and without
NDEF encapsulation) so that it can be written to a NFC tag with an
external program.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 21:01:37 +03:00
Jouni Malinen
72df0cd28c WPS: Use random_get_bytes() for NFC password id
os_random() may not be seeded properly, so use stronger mechanism for
generating the password id for NFC password tokens.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 20:40:16 +03:00
Jouni Malinen
e484e927a6 WPS: Allow NFC password token from AP to be used with wps_reg
The AP PIN on wps_reg command can now be replaced with special value
"nfc-pw" to use device password from a NFC password token from the AP.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 19:41:26 +03:00
Jouni Malinen
e6ea2a451c WPS ER: Add support for using NFC password token from an Enrollee
WPS_NFC_TAG_READ ctrl_iface command can now be used to add NFC password
tokens to ER.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 17:34:46 +03:00
Jouni Malinen
1cea09a9e2 WPS ER: Add support for building NFC configuration token
WPS_ER_NFC_CONFIG_TOKEN command can now be used to build a NFC
configuration token based on AP Settings learnt with WPS_ER_LEARN
or set with WPS_ER_CONFIG.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 16:35:51 +03:00
Jouni Malinen
71892384da WPS: Fix ifdef use for the new NFC mechanism in wpa_supplicant
Use CONFIG_WPS_NFC instead of CONFIG_WPS_OOB for the NFC specific
new ctrl_iface commands.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 14:07:22 +03:00
Jouni Malinen
d7645d239d WPS: Add support for NFC configuration token from external program
The new wpa_supplicant ctrl_iface command WPS_NFC_TAG_READ can now be
used to process NFC tags read by external programs to initiate
wpa_supplicant to use NFC Configuration Token to create a new network.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 13:59:29 +03:00
Jouni Malinen
5bb7ae1f0c WPS: Fix error case in NFC password token generation
Need to verify that wps_build_nfc_pw_token() returned a valid buffer
before trying to encapsulate it for NDEF.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 13:23:58 +03:00
Jouni Malinen
3f2c8ba6d3 WPS: Add new mechanism for NFC config method using password token
Instead of requiring low-level access to an NFC device and synchronous
operations, the new WPS_NFC_TOKEN and WPS_NFC ctrl_iface commands can be
used to build a NFC password token and initiate WPS protocol run using
that token (or pre-configured values) as separate commands. The
WPS_NFC_TOKEN output can be written to a NFC tag using an external
program, i.e., wpa_supplicant does not need to have low-level code for
NFC operations for this.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
99f0032409 Allow autoscan parameters to be changed in SCANNING state
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-26 20:11:25 +03:00
Jouni Malinen
c3d1223848 Reinitialize autoscan on explicit reassocciate/reconnect command
This clears the exponential scan interval back to the base value
when a reconnection is requested explicitly.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-26 20:05:51 +03:00
Jouni Malinen
d7ded75832 Cancel pending scan request on DISCONNECT command
Previously, a pending scan request could be left running when processing
DISCONNECT command from control interface. This can result in unexpected
scan, so cancel the request to avoid this.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-26 19:57:03 +03:00
Jouni Malinen
992189991c Start autoscan for first connection attempt
Use wpa_supplicant_set_state() to initialize state to DISCONNECT so that
autoscan gets initialized properly. This needs a change in
autoscan_init() to avoid extra scan request that would postpone the
first scan request when an interface is added.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-26 19:52:46 +03:00
Jouni Malinen
460b36d0c0 Fix autoscan exponential to limit interval in all cases
The first time the limit is exceeded could result in using larger
value - avoid that by limiting the interval also in that case.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-26 19:51:06 +03:00
Jouni Malinen
ccea4eb3e8 Fix autoscan exponential to start with the base value
Initial implementation used base^2 as the starting value.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-26 19:47:25 +03:00
Jouni Malinen
1aea2ca325 Write autoscan parameter to config file on updates
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-26 19:43:05 +03:00
Tomasz Bursztyka
e3659c89d2 Add a simple periodic autoscan module
This module will sets a fixed scanning interval. Thus, the parameter to
this module is following this format: <fixed interval>

Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2012-06-26 19:28:21 +03:00
Tomasz Bursztyka
c0fba2b38d Add autoscan module named exponential
This module will compute the interval on a base exponential. Thus,
params to this module are following this format: <base>:<limit>

Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2012-06-26 19:22:56 +03:00
Tomasz Bursztyka
2bdd834257 Add autoscan command into wpa_cli
Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2012-06-26 19:11:17 +03:00
Tomasz Bursztyka
bc5d330ae0 Add ctrl iface command for autoscan
Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2012-06-26 19:09:47 +03:00
Tomasz Bursztyka
67892d5c0d D-Bus: Add AutoScan interface method to set/unset autoscan parameters
Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2012-06-26 19:05:09 +03:00
Tomasz Bursztyka
7c865c6853 Add automatic scanning support
Like bgscan, autoscan is an optional module based feature to automate
scanning but while disconnected or inactive.

Instead of requesting directly a scan, it only sets the scan_interval
and the sched_scan_interval. So, if the driver supports sched_scan,
autoscan will be able to tweak its interval. Otherwise, the tweaked
scan_interval will be used. If scan parameters needs to be tweaked, an
autoscan_params pointer in wpa_s will provide those. So req_scan /
req_sched_scan will not set the scan parameters as they usually do, but
instead will use this pointer.

Modules will not have to request a scan directly, like bgscan does.
Instead, it will need to return the interval it wants after each
notification.

Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2012-06-26 18:55:41 +03:00
Tomasz Bursztyka
b0786fba71 Add autoscan parameters support in config file
Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2012-06-26 18:09:57 +03:00
Thomas Pedersen
1b487b8b1e nl80211: Handle CH_SWITCH event
Some drivers may independently decide to switch channels. Handle this by
updating the hostapd and wpa_supplicant AP and GO configuration.

Signed-hostap: Thomas Pedersen <c_tpeder@qca.qualcomm.com>
2012-06-25 14:45:14 +03:00
Jouni Malinen
c1c023429b Set state to DISCONNECTED on auth/assoc failures
Some of the authentication/association failure paths left wpa_state to
its previous value. This can result in unexpected behavior when
wpa_supplicant tries to find an AP to connect to since the uncleared
state can result the in the selected BSS being ignored if it is same as
the previously used BSS. This could happen, e.g., when wpa_supplicant
SME was used and the AP rejected authentication. Fix this by explicitly
setting state to DISCONNECTED on auth/assoc failures that did not yet do
this.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-06-25 14:23:25 +03:00
Sunil Dutt Undekari
5bda43cdee P2P: Reject p2p_find when in provisioning
A p2p_find during provisioning shall not allow the enrollee to
pick the network, hence disable p2p_find during provisioning.

Signed-hostap: Sunil Dutt Undekari <duttus@codeaurora.org>
2012-06-25 14:05:49 +03:00
Jouni Malinen
ef3e60bf22 Describe CONFIG_AP=y and CONFIG_P2P=y in defconfig
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-24 01:07:15 +03:00
Jouni Malinen
781d8e0f2b Fix a typo
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-24 00:59:06 +03:00
Aarthi Thiruvengadam
c66cf68d5c P2P: Fix fallback to GO Negotiation to avoid PD-before-join timeout
The wpas_p2p_pd_before_join_timeout could be left behind if the PD
Request in p2p_connect-auto case does not succeed. This timeout can
result in unexpected operations since it could trigger join operation
while going through GO Negotiation. Fix this by canceling the timeout
when falling back to GO Negotiation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-06-20 21:38:31 +03:00
Jithu Jance
ef35f5a0fd P2P: Add driver op for requesting GO/AP channel switch
Signed-hostap: Jithu Jance <jithu@broadcom.com>
2012-06-10 20:54:31 +03:00
Jithu Jance
b9cfc09a81 P2P: Add preference setting for concurrent use cases
Add an additional parameter to prioritize either sta or p2p connection
to resolve conflicts arising during single channel concurrency.

Signed-hostap: Jithu Jance <jithu@broadcom.com>
2012-06-10 20:53:09 +03:00
Jouni Malinen
a0227929dc P2P: Do not use reassociation after getting disassociated
This avoids issues with some APs rejecting a reassociation if the
station is not currently associated as reported by Yossi Wortzel.
The change is based on a patch from Arik Nemtsov.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-10 19:51:36 +03:00
Jouni Malinen
73ccd08378 P2P: Fix group formation timeout on GO during WPS step
Commit 361cdf3400 changed the way the
group formation timeout is used on P2P client. However, it resulted in
clearing the timeout on the GO when the GO started beaconing. This is
not correct since the timeout is supposed to be maintained until at
least the completion of the WPS provisioning step. Fix this regression
by clearing the timeout here only in the case we are not GO in group
formation phase.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-06-08 18:22:03 +03:00
Jouni Malinen
476dea24ff WPS: Cancel WPS operation also in DISCONNECTED state
It is possible for wpa_state to be WPA_DISCONNECTED when a new scan is
scheduled to be started in the future. If wpas_wps_cancel() gets called
(e.g., through control interface wps_cancel or a P2P group removal)
while in that state, the WPS operation (scan request and special network
block) were not removed. Fix this by clearing the WPS operations both in
WPA_SCANNING and WPA_DISCONNECTED states.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1
2012-06-06 22:07:11 +03:00
Jouni Malinen
5b37633364 P2P: Fix scan_res_handler setting for p2p_scan
The previous version set scan_res_handler unconditionally and then
cleared it if scan request failed. This can result in incorrect clearing
of the handler to NULL for a previously started scan that has not yet
completed. This can make p2p_find command fail to use the
start-after-scan-completion mechanism in some cases. Fix this by setting
scan_res_handler properly after having verified that the driver command
for starting the scan was successful.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
intended-for: hostap-1
2012-06-06 17:07:46 +03:00
Sunil Dutt Undekari
84286a227b P2P: Improve p2p_prov_disc-auto robustness
Perform addition additional scan runs on the operating channel of the GO
(if known from previous scan results) and fall back to initiate the PD
for GO Negotiation if these additional scans do not detect the peer as
GO.

Signed-hostap: Sunil Dutt Undekari <duttus@codeaurora.org>
2012-06-06 15:46:05 +03:00
Nirav Shah
ad85320234 P2P: Fix P2P Group Formation timeout registration (use parent iface)
Commit 361cdf3400 extended the use of
group formation timeout for the way handshake, but the registration was
done on the group_interface while the cancellation was done on the
parent interface. Fix the registration to set the eloop timeout on
parent to address potential issues when using a separate group
interface.

Signed-hostap: Nirav Shah <nirav.j2.shah@intel.com>
2012-06-04 21:58:34 +03:00
Paul Stewart
a6b71f726a bss: Don't remove a BSS that is in use
When looking for a BSS to eject due to too many entries, never
pick one that is in use.  Otherwise, we run the risk of having
pointers to freed data.

Signed-hostap: Paul Stewart <pstew@chromium.org>
2012-06-04 21:52:08 +03:00
Paul Stewart
dd7fec1f29 wpa_supplicant: Report EAP connection progress to DBus
Send an "EAP" signal via the new DBus interface under various
conditions during EAP authentication:

  - During method selection (ACK and NAK)
  - During certificate verification
  - While sending and receiving TLS alert messages
  - EAP success and failure messages

This provides DBus callers a number of new tools:

  - The ability to probe an AP for available EAP methods
    (given an identity).
  - The ability to identify why the remote certificate was
    not verified.
  - The ability to identify why the remote peer refused
    a TLS connection.

Signed-hostap: Paul Stewart <pstew@chromium.org>
2012-06-04 21:10:01 +03:00
Etay Luz
fdfb1c8bcf wpa_supplicant: Support dtim_period configuration for AP mode
Signed-off-by: Etay Luz <eluz@qca.qualcomm.com>
2012-06-04 17:52:37 +03:00
Jouni Malinen
f5d4dd5ad4 WNM: Send empty IPv4 packet as keep-alive for now
Use an empty IPv4 packet as the keep-alive packet for WNM BSS max idle
period mechanism. This is not really the best possible frame to use for
this, but for now, it can do until a more suitable frame is figured out
for this (e.g., special LLC header to indicate link test purposes).

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-28 14:36:23 -07:00
Jouni Malinen
597c7a8dd8 WNM: Fix build without CONFIG_SME=y
Commit b6668734ab missed #ifdef CONFIG_SME
protection around wpa_s->sme access.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-27 18:17:41 -07:00