Commit graph

7964 commits

Author SHA1 Message Date
Jouni Malinen
369c8d7bcd Reserve AKM and cipher suite values
These values are used with WAPI and CCX and reserving the definitions
here reduces the number of merge conflicts with repositories that
include these functions.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-30 20:26:55 +03:00
Jouni Malinen
c10347f246 Add initial parts for SAE
This introduces new AKM for SAE and FT-SAE and adds the initial parts
for going through the SAE Authentication frame exchange. The actual SAE
algorithm and new fields in Authentication frames are not yet included
in this commit and will be added separately. This version is able to
complete a dummy authentication with the correct authentication
algorithm and transaction values to allow cfg80211/mac80211 drivers to
be tested (all the missing parts can be handled with
hostapd/wpa_supplicant changes).

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-30 19:51:07 +03:00
Jouni Malinen
905029097c Sync with linux/nl80211.h in wireless-testing.git
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-30 10:49:46 +03:00
Dan Williams
1634ac0654 dbus: Add global capabilities property
Otherwise it's difficult to determine if the supplicant was built with
CONFIG_AP, CONFIG_IBSS_RSN, CONFIG_P2P, etc. CONFIG_AP and CONFIG_P2P
can be inferred from the introspection data of the Interface object,
but CONFIG_IBSS_RSN does not change the introspection data at all and
thus it's impossible to determine whether the supplicant supports it
without knowing its compile-time options.

Signed-hostap: Dan Williams <dcbw@redhat.com>
intended-for: hostap-1
2012-09-29 19:06:30 +03:00
Mykyta Iziumtsev
817762d9c4 nl80211: Don't send BSSID with disconnect command
NL80211_CMD_DISCONNECT doesn't need BSSID, because cfg80211
uses locally saved value.

Signed-hostap: Mykyta Iziumtsev <mykyta.iziumtsev@gmail.com>
2012-09-29 19:01:50 +03:00
Jouni Malinen
30b8038921 P2P: Fix p2p_cancel processing during group formation
The wpa_s->p2p_in_provisioning flag did not get cleared in some cases
where p2p_cancel command is used to stop group formation. This can result
in some operations (like p2p_find) failing afterwards. Fix this by using
wpas_group_formation_completed() when processing p2p_cancel for a group
that has not yet completed group formation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-28 22:01:48 +03:00
Jouni Malinen
93face0e06 Interworking: Support Android JB keystore with EAP-TLS
If the keystore:// prefix is used in the private_key entry, convert that
to the OpenSSL engine style configuration used for Android JB keystore.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-28 17:12:27 +03:00
Jouni Malinen
fa5c5b43e4 Interworking: Fix failed GAS query processing
The pending GAS entry must be removed from the list when it is removed.
This fixes an issue with potential segfault due to freed memory being
accessed if the driver fails to accept a GAS query.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-28 17:09:15 +03:00
Jouni Malinen
6407f4132f Add disallow_aps parameter to disallow BSSIDs/SSIDs
External programs can use this new parameter to prevent wpa_supplicant
from connecting to a list of BSSIDs and/or SSIDs. The disallowed BSSes
will still be visible in scan results and it is possible to run ANQP
operations with them, but BSS selection for connection will skip any
BSS that matches an entry in the disallowed list.

The new parameter can be set with the control interface SET command
using following syntax:

SET disallow_aps <disallow_list>
disallow_list ::= <ssid_spec> | <bssid_spec> | <disallow_list> | “”
SSID_SPEC ::= ssid <SSID_HEX>
BSSID_SPEC ::= bssid <BSSID_HEX>

For example:
wpa_cli set disallow_list "ssid 74657374 bssid 001122334455 ssid 68656c6c6f"
wpa_cli set disallow_list
(the empty value removes all entries)

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-27 17:36:59 +03:00
Raja Mani
39b1572c41 Include connected time in AP mode STA-* commands
This allows hostapd_cli and wpa_cli all_sta command to be used to
display connected time (in seconds) of each station in AP mode.

Signed-hostap: Raja Mani <rmani@qca.qualcomm.com>
2012-09-26 13:52:19 +03:00
Jouni Malinen
213c1fa84d P2P: Fix ignoring of PD Response due to dialog token mismatch
Commit 6b56cc2d97 added clearing of the
p2p->pending_action_state too early in this function. This should not
be done if we are going to silently ignore the frame due to dialog
token mismatch. Fix this by moving the code around to check the dialog
token first.

This issue resulted in PD Request retries getting stopped too early if
the peer is sending out an unexpected PD Response (e.g., because of it
being excessively slow with the response so that the response is
received only after the next TX attempt with a new dialog token).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-25 21:41:52 +03:00
Jouni Malinen
83218d20dd P2P: Clear sta_scan_pending on group removal
It is possible for the P2P client group to be removed while waiting for
a pending scan operation (e.g., when p2p_group_idle timeout hits after
getting disconnected from the GO with something else than
Deauthentication with reason code 3). If this happens with a P2P
interface that is used both for P2P Device and group roles, scan state
could get stuck while waiting for the next scan to complete since no
more station (P2P client) mode scans are scheduled. Fix this by clearing
sta_scan_pending when removing the temporary group network block.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-25 02:55:20 +03:00
Jouni Malinen
2cd0758441 P2P: Allow peer to propose channel in invitation process
Make Invitation process for re-invoking a persistent group behave
similarly to GO Negotiation as far as channel negotiation is concerned.
The Operating Channel value (if present) is used as a starting point if
the local device does not have a forced operating channel (e.g., due to
concurrent use). Channel lists from devices are then compared to check
that the selected channel is in the intersection. If not, channel is
selected based on GO Negotiation channel rules (best channel preferences
etc.). Invitation Request is rejected if no common channel can be
selected.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-24 22:15:58 +03:00
Jouni Malinen
7759fba1c2 P2P: Show own channel list in debug log
This makes it easier to debug channel negotiation mechanisms.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-24 22:14:50 +03:00
Jouni Malinen
4c490780e2 P2P: Fix pending-sta-scan processing for concurrent operation cases
If two P2P_FIND commands and a station mode SCAN command are issued in a
sequence with the second P2P_FIND and SCAN commands started before the
initial scan from the first P2P_FIND command has completed,
sta_scan_pending may be left set without an automatic way of getting it
cleared. This can get P2P search stuck if no further station mode scan
operations are run.

Fix this by clearing the sta_scan_pending flag whenever station mode scans
are stopped due to no enabled networks resulting in INACTIVE mode getting
entered. In addition, avoid setting sta_scan_pending flag when a special
scan_res_handler is set so that this does not get enabled on the P2P
Device interface during a P2P search operation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-24 13:46:27 +03:00
Jouni Malinen
ac06fb12f5 P2P: Add more debug prints for GO start routines
This makes it easier to debug issues in starting GO mode.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-24 01:05:51 +03:00
Jouni Malinen
d4534bde9c Add debug print for no-enabled-networks case
If there are any disabled networks, show a debug print with the count
of those networks when no enabled networks are found. This can be
helpful in trying to figure out why scans are being skipped.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-24 01:04:00 +03:00
Jouni Malinen
b470b2bf37 Print control interface commands in easier format
The ASCII hexdump is somewhat difficult to search for (especially on
Android builds), so make the debug log easier to parse by printing the
full control interface command as a text string. In addition, use
wpa_dbg() to get the interface name printed so that multi-interface
cases can be debugged.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-24 01:01:26 +03:00
Jouni Malinen
c244dd2ec0 P2P: Fix PSK configuration for GO network
Setting just ssid->passphrase is not enough to complete the network
block for the GO entry. Also the PSK needs to be derived so that the
network is considered enabled by wpas_network_disabled(). The previous
version worked as long as something else allowed the scan request to be
performed (this is needed even though the actual scan is skipped when
starting GO).

The first GO start was allowed because wpa_s->scan_req is initialized to
1 in wpa_supplicant_alloc(). However, other attempts may fail if
wpa_s->scan_req is cleared. This failure shows up as "No enabled
networkas - do not scan" in debug log followed by state change to
INACTIVE when trying to start GO.

Fix this by deriving PSK from the passphrase for GO mode.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-24 00:56:57 +03:00
Jouni Malinen
0c802384a7 P2P: Fix p2p_group_idle in no-group-interface P2P client case
Commit 30ee769235 started skipping P2P
group removal if wpa_s->current_ssid is not set and commit
0d30cc240f started clearing
wpa_s->current_ssid on disconnection. This combination broke
p2p_group_idle timeout on P2P client interface in a case where no
separate P2P group interface is used and when the disconnection is
triggered by something else than an explicit indication of GO
terminating the group.

Fix this by relaxing network block matching rules when figuring out
whether any of the configured network blocks could be in P2P use. The
p2p_group flag alone should be enough for this since temporary P2P group
network blocks are removed once the P2P group is terminated.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-23 20:28:03 +03:00
Dan Williams
8c981d179b wpa_supplicant: Set state to DISCONNECTED on AP creation errors
If the AP creation failed (missing freq= or driver error) the supplicant
would previously stay in SCANNING state forever. Instead, it should
handle the error a bit better and drop back to DISCONNECTED so clients
know something went wrong.

Signed-hostap: Dan Williams <dcbw@redhat.com>
intended-for: hostap-1
2012-09-23 13:55:58 +03:00
Felix Fietkau
73a3c6ffca nl80211: Use the monitor interface if socket tx status is not supported
Fixes hostapd on recent compat-wireless builds with older kernels.

Signed-hostap: Felix Fietkau <nbd@openwrt.org>
2012-09-23 13:28:31 +03:00
Felix Fietkau
9974381109 hostapd: Add check for the wds sta flag before creating 4addr VLANs
Signed-hostap: Felix Fietkau <nbd@openwrt.org>
2012-09-23 13:25:49 +03:00
Felix Fietkau
22b42372d0 hostapd: Clear WLAN_STA_ASSOC_REQ_OK if sending the assoc response failed
As long as WLAN_STA_ASSOC_REQ_OK is set in sta->flags, Class 3 frames do
not trigger a disassoc/deauth. If it is still set even after the assoc
response tx has already failed, it may take somewhat longer for clients
to realize that the connection wasn't fully established.

Signed-hostap: Felix Fietkau <nbd@openwrt.org>
2012-09-23 13:23:16 +03:00
Mykyta Iziumtsev
dd31eb79a2 P2P: Remove channel 14 from supported P2P channels
Channel 14 is available only in Japan and is DSSS-only according to
IEEE 802.11-2012 19.4.3 and MIC Equipment Ordinance (EO)
for Regulating Radio Equipment article 49.20.

At the same time, P2P should avoid using DSSS modulation in normal
operation according to P2P specification v1.2 2.4.1.

Signed-hostap: Mykyta Iziumtsev <mykyta.iziumtsev@gmail.com>
intended-for: hostap-1
2012-09-23 12:49:52 +03:00
Felix Fietkau
92d521d89c hostapd: Send EAPOL frames from the VO queue if WMM is active
This avoids extra latency caused by establishing an aggregation session
and makes the initial connection attempt more reliable

Signed-hostap: Felix Fietkau <nbd@openwrt.org>
2012-09-15 22:40:00 -07:00
Felix Fietkau
c34e618d47 hostapd: Fix WDS VLAN bridge handling
This patch fixes an issue where removing a WDS VLAN interface also
removed the main AP interface from the same bridge.

Signed-hostap: Felix Fietkau <nbd@openwrt.org>
2012-09-15 22:38:14 -07:00
Jouni Malinen
ce6ce7fb13 hostapd: Fix CONFIG_INTERWORKING=y build without CONFIG_HS20=y
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-15 22:37:27 -07:00
Jouni Malinen
54c61e6e08 P2P: Fix p2p_ctrl_invite_persistent() to parse peer parameter
Commit 4d32c0c44d added another use for the
local pos variable and that broke the mechanism used to determine wheter
the peer address was provided. Fix this by using a separate pointer to the
peer address.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-15 22:21:46 -07:00
Masashi Honma
6df865face Remove unused function warning in WPS NFC case
When I use CONFIG_WPS_NFC=y a warning appears.

wps_supplicant.c:1872:12: warning: 'wpas_wps_add_nfc_password_token'
defined but not used [-Wunused-function]

This patch removes this warning.

Signed-hostap: Masashi Honma <masashi.honma at gmail.com>
2012-09-15 22:02:09 -07:00
Jouni Malinen
0dd5431312 Do not inform other virtual interfaces of scan results in all cases
If a connection operation is started on an interface based on scan
results, other virtual interfaces should not be information about the
results to avoid potential concurrent operations during the association
steps. Since the sibling notification of scan results received was added
as an optimization, skipping it for this type of cases is the simplest
way of avoiding unnecessary concurrent operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-13 18:07:02 -07:00
Jouni Malinen
ab03f6da7a P2P: Schedule new scan if P2P operation delays scan
This makes sure that the interrupted station mode scan can be completed
after the P2P operations have had their chance of using the radio.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-13 18:05:55 -07:00
Jouni Malinen
58d3760e7e P2P: Check all interfaces for pending scan for p2p_scan failures
Driver could reject the new scan based on any virtual interface
running a concurrent scan. As such, mark the pending scan callback
for P2P based on any interfaces instead of just the one used for
the p2p_scan operation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-13 18:03:14 -07:00
Jouni Malinen
e665ca9a8d P2P: Move p2p_cb_on_scan_complete to global context
Since we have a global P2P module, the flag to trigger scan completion
events to it needs to be in similar context. The previous design
maintained this separately for each virtual interface and if P2P module
did not run its scan operation on the virtual interface that completed
the scan, P2P module would not be allowed to restart operations
properly.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-13 17:58:22 -07:00
Jouni Malinen
762b99db7a Fix last_scan_res update existing BSS entry is update
The BSS pointer may change if the entry needs to be reallocated
and the new pointer has to be added to the last_scan_res array
to avoid using pointers to freed memory.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-10 12:36:55 +02:00
Jouni Malinen
e88f0901eb wlantest: Add BIP-GMAC-128/256 test vectors
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-09 19:04:53 +03:00
Jouni Malinen
7d19d3e9db wlantest: Add CCMP-256 test vector
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-09 18:38:18 +03:00
Jouni Malinen
4bf3910574 Move AES-CCM implementation into src/crypto
This is a generic AES CCM implementation that can be used for other
purposes than just implementing CCMP, so it fits better in a separate
file in src/crypto.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-09 18:07:19 +03:00
Jouni Malinen
05d6054cec wlantest: Move generic AES-CCM into separate functions
This part of the implementation is not specific to CCMP and could be
used for other purposes, too.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-09 18:03:31 +03:00
Jouni Malinen
071c6164ab Enable 256-bit key AES in internal TLS implementation
Now that the internal AES implementation supports 256-bit keys, enable
use of the TLS cipher suites that use AES-256 regardless of which crypto
implementation is used.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-09 14:16:05 +03:00
Jouni Malinen
802bc4211b Fix AES block size handling for internal cipher
AES uses the same 128-bit block size with 128, 192, 256 bit keys, so use
the fixed block size definition instead of trying to dynamically set the
block size based on key length. This fixes use of 192-bit and 256-bit
AES keys with crypto_cipher_*() API when using the internal AES
implementation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-09 14:12:59 +03:00
Jouni Malinen
f173295600 wlantest: Add GCMP-256 test vector
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-09 14:01:22 +03:00
Jouni Malinen
f90a4542b4 Share common GCM-AE and GCM-AD functionality
These operations are almost identical, so use common functions to
share the same implementation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-09 13:54:33 +03:00
Jouni Malinen
77b2c81275 Add aes_gmac() as a wrapper for AES GMAC operations using GCM
This is otherwise identical to aes_gcm_ae() but does not use the
plain/crypt pointers since no data is encrypted.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-09 13:37:50 +03:00
Jouni Malinen
d140db6adf Add support for using 192-bit and 256-bit keys with AES-GCM
This adds 192-bit and 256-bit key support to the internal AES
implementation and extends the AES-GCM functions to accept key length to
enable longer AES key use.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-09 13:30:51 +03:00
Jouni Malinen
af0963fab4 Support arbitrary IV length with AES-GCM
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-09 00:49:54 +03:00
Jouni Malinen
c2372d7cf0 Add AES-GCM test vectors from gcm-spec.pdf
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-09 00:25:54 +03:00
Jouni Malinen
1cd7a5032a Move AES-GCM implementation into src/crypto
This is a generic AES GCM and GMAC implementation that can be used for
other purposes than just implementing GCMP, so it fits better in a
separate file in src/crypto.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-08 23:48:08 +03:00
Jouni Malinen
be87d3c345 wlantest: Allow GHASH update calls to avoid extra allocation
There is no need to allocate a temporary buffer and build GHASH input
data into it. Instead, ghash() is trivial to split into update part that
can be called separately for each segment.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-08 23:40:06 +03:00
Jouni Malinen
b4a5fcb286 wlantest: Remove CCMP specific AAD handling from GCMP
GCMP encodes length of AAD differently, so remove the unnecessary
code that got copied from the CCMP implementation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-08 22:10:05 +03:00