Commit graph

232 commits

Author SHA1 Message Date
Hu Wang
6108536d7d Drop connection attempt if network is disabled before radio work starts
With the radio work design, it is possible for a network entry to get
disabled (e.g., DISABLE_NETWORK <id>) during the time the connect or
sme-connect radio work waits to start. Previously, only the validity of
the BSS entry and BSSID/SSID was verified when starting the actual
connection step. Add call to wpas_network_disabled() to those checks to
catch the case where the network profile is disabled.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-10 22:16:19 +03:00
Anton Nayshtut
b36a3a65aa FST: Integration into wpa_supplicant
This commit integrates the FST into the wpa_supplicant.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Jouni Malinen
6a58444d27 SAE: Verify that own/peer commit-scalar and COMMIT-ELEMENT are different
This check explicitly for reflection attack and stops authentication
immediately if that is detected instead of continuing to the following
4-way handshake that would fail due to the attacker not knowing the key
from the SAE exchange.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 23:10:36 +03:00
Jouni Malinen
04e6c4cc50 Fix SAE group selection in an error case
The sae_groups parameter is zero terminated array, not -1 terminated, so
must check the value against <= 0 to break out from the loop.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-20 23:29:57 +03:00
Jouni Malinen
ee140ef98f FT: Stop association attempt if Auth response processing fails (SME)
Call the FT processing function directly instead of going through
wpa_supplicant_event() to process FT Authentication frame in SME case.
This allows parsing error to be used to trigger immediate failure for
the connection instead of trying to proceed to reassociation step that
cannot succeed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-20 17:36:58 +03:00
Jouni Malinen
59b416c733 Add optional reassoc-to-same-BSS optimization
The new reassoc_same_bss_optim=1 configuration parameter can now be used
to request wpa_supplicant to bypass the unnecessary Authentication frame
exchange when reassociating back to the same BSS with which the device
is already associated. This functionality is disabled by default since
it may cause undesired interoperability issues with some APs.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-19 16:35:39 +02:00
Jouni Malinen
ba4226130e Simplify eapol_sm_notify_pmkid_attempt()
Drop the unneeded 'attempt' argument. This was originally used for
indicating an aborted PMKID caching attempt, but a fix in 2006 removed
the only such user and since that time, only attempt == 1 has been used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-28 13:09:31 +02:00
Jouni Malinen
3f56a2b746 Ignore pmf=1 default if driver does not support PMF
Connection with a PMF enabled AP will fail if we try to negotiate PMF
while the local driver does not support this. Since pmf=1 does not
require PMF for a successful connection, it can be ignored in such a
case to avoid connectivity issues with invalid configuration. This makes
it somewhat easier to allow upper layer programs to use pmf=1 default
regardless of driver capabilities.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-27 12:38:52 +02:00
Jouni Malinen
d29fa3a767 Extend VENDOR_ELEM parameters to cover non-P2P Association Request
The new VENDOR_ELEM value 13 can now be used to add a vendor element
into all (Re)Association Request frames, not just for P2P use cases like
the previous item was for.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-14 01:12:56 +02:00
Jouni Malinen
4e70bbf1c6 SAE: Clear keys from memory on disassociation
There is no need to keep temporary keys in memory beyond the end of the
association, so explicitly clear any SAE buffers that can contain keys
as soon as such keys are not needed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 20:00:02 +02:00
Jouni Malinen
d97a3c4885 SME: Optimize OBSS scanning
Include only the potentially affected channel range in OBSS scans to
reduce the amount of offchannel time needed for scanning when requested
by the AP.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-22 22:07:03 +02:00
Jouni Malinen
267ac3bcd6 Add more debug prints for WPA/RSN selection issues for connection
ap_ft_sae test case managed to hit a somewhat unclear error case which
resulted in "WPA: Failed to select WPA/RSN" print and not enough
information to figure out what exactly had went wrong.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-22 13:49:52 +02:00
Jouni Malinen
81648d0041 SAE: Report connection failure if SME cannot build auth frame
Instead of just stopping connection process and network discovery,
report SAE failures to build Authentication frames (e.g., due to missing
password) as a connection failure to get the normal retry mechanism into
use.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-14 16:48:38 +02:00
Masashi Honma
a959a3b69d SAE: Fix Anti-Clogging Token request frame format
This commit inserts Finite Cyclic Group to Anti-Clogging Token request
frame because IEEE Std 802.11-2012, Table 8-29 says "Finite Cyclic Group
is present if Status is zero or 76".

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-11-25 16:08:53 +02:00
Jouni Malinen
849367afe9 SME: Fix a sign-compare warning
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-25 01:07:16 +02:00
Andrei Otcheretianski
70d1e72849 wpa_supplicant: Handle link measurement requests
Send link measurement response when a request is received. Advertise
only RCPI, computing it from the RSSI of the request. The TX power field
is left to be filled by the driver. All other fields are not published.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2014-11-22 21:45:07 +02:00
Assaf Krauss
b361d580ec SME: Add RRM support to association request
In case the AP we are associating with advertises support for RRM,
advertise our own RRM support in the (Re)Association Request frame. This
is done by adding an RRM Capabilities IE. The underlying driver is
expected to further add a Power Capabilities IE to the request, and set
the Radio Measurement flag in the Capability Info field. At this point
the RRM Capabilities IE advertises no measurement support.

Signed-off-by: Assaf Krauss <assaf.krauss@intel.com>
2014-11-22 21:13:45 +02:00
Jouni Malinen
a7f5271d52 Update pending connect radio work BSS pointer on scan update
It is possible for scan result processing or BSS entry removal to occur
while there is a pending connect or sme-connect radio work with a
previously selected BSS entry. The BSS pointer was previously verified
to be valid, i.e., still point to a BSS entry, at the time the actual
connection operation is started. However, that BSS entry could have
changed to point to another BSS if the old BSS entry was either removed
or reallocated and a new BSS entry was added at the same location in
memory. This could result in the connection attempt failing to configure
parameters properly due to different BSS information (e.g., different
BSSID).

Fix this by updated the pending connect radio work data on BSS entry
updates similarly to how the last_scan_res array was updated. If the
selected BSS entry is removed, this will still result in a failed
connection, but reallocated BSS entry is now followed properly and used
when the connection work starts.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-10-28 00:43:58 +02:00
Jouni Malinen
bc26ac50dd SAE: Add support for PMKSA caching on the station side
This makes wpa_supplicant SME create PMKSA cache entries from SAE
authentication and try to use PMKSA caching if an entry is found for the
AP. If the AP rejects the attempt, fall back to SAE authentication is
used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-18 13:02:02 +03:00
Janusz Dziedzic
4ec68377ef wpa_supplicant: Use hostapd_freq_params in assoc_params
Use hostapd_freq_params instead of simple frequency parameter for driver
commands. This is preparation for IBSS configuration to allow use of
HT/VHT in IBSS.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2014-10-04 18:43:42 +03:00
Jouni Malinen
cb5ef952c8 SME: Verify that os_get_random() succeeds for SA Query
Be more consistent on checking os_get_random() return value (CID 72706).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-09-07 18:27:42 +03:00
Jouni Malinen
745ef18478 HS 2.0: Verify assoc_req_ie buffer size for indication elements
While the buffer is expected to be large enough for all the IEs, it is
better to check for this explicitly when adding the HS 2.0 Indication
element. (CID 68601)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-07-02 12:38:48 +03:00
Johannes Berg
57a8f8af38 nl80211: Use low-priority scan for OBSS scan
Some drivers may support low-priority scans, if they do then
use that for OBSS scanning.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2014-06-22 00:47:06 +03:00
Jouni Malinen
3302b7c29f Rate limit SA Query procedure initiation on unprotected disconnect
There is no need to trigger new SA Query procedure to check the state of
the connection immediately after having performed such a check. Limit
the impact of burst of unprotected Deauth/Disassoc frames by starting a
new SA Query procedure only once at least 10 seconds has passed from the
previous SA Query that was triggered by reception of an unprotected
disconnection. The first SA Query procedure for each association does
not follow this rule to avoid issues with test cases that expect to see
an SA Query every time.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-06-19 20:56:32 +03:00
Jouni Malinen
0bbaa9b93f Validate driver extended capabilities length against buffer length
Prepare for new extended capabilities bits by checking that the local
buffer is large enough to contain all the bits the driver requests. The
existing buffers are large enough to include anything defined until now,
but it would be possible to add more definitions in the future, so
increase them a bit as well to make this more future proof.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-06-07 16:35:30 +03:00
Ilan Peer
d0df643735 wpa_supplicant: Call frequency conflict handling during auth
Previously, the frequency conflict was handled only during the
association flow. However, some drivers, e.g., mac80211 based
drivers, will fail an authentication request in case that there
are no available channels for use (as they might be used by
other interfaces), and thus the frequency conflict resolution
is never called.

Fix this by calling frequency conflict resolution during
authentication (SME-in-wpa_supplicant) as well.

In addition, get the shared radio frequency from the wpa_s context in
both the SME-in-driver and SME-in-wpa_supplicant cases and not from the
driver.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-04-24 12:15:32 +03:00
Ilan Peer
f1c4dbf5cd wpa_supplicant: Remove pending sme-connect radio work
If a new connection is attempted while there is a pending sme-connection
radio work, cancel the pending radio work and continue with the new
connection attempt. This is preferable over rejecting the new work and
continuing with the pending one, as it is possible that the previous
work is no longer valid.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-03-27 16:45:25 +02:00
Jouni Malinen
163f801ef2 nl80211: Indicate HS 2.0 OSEN AKM in connect/associate command
This allows drivers that build the WPA/RSN IEs internally to use similar
design for building the OSEN IE.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-25 18:33:21 +02:00
Jouni Malinen
31ded52e70 SME: Add more debug prints for OBSS scans and 20/40 MHz co-ex report
This makes it easier to debug wpa_supplicant behavior when reporting
20/40 MHz co-ex information based on OBSS scans.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-23 23:56:50 +02:00
Jouni Malinen
7f8eb34dee SME: Fix OBSS scan result processing for 20/40 MHz co-ex report
The 40 MHz intolerant bit needs to be checked before skipping the BSS
based on the channel already being in the lost (which could have
happened due to another BSS that does not indicate 40 MHz intolerant).
This fixed the 20/40 MHz co-ex report to indicate 20 MHz request
properly if there are both 40 MHz tolerant and intolerant BSSes on the
same channel.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-23 23:54:50 +02:00
Jouni Malinen
df0f01d91f HS 2.0R2: Add OSEN client implementation
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
f9cd147d6b HS 2.0R2: Update Indication element to Release 2
The HS 2.0 Indication element from wpa_supplicant now includes the
release number field and wpa_supplicant shows the release number of the
AP in STATUS command (hs20=1 replaced with hs20=<release>).

The new update_identifier field in the cred block can now be used to
configure the PPS MO ID so that wpa_supplicant adds it to the Indication
element in Association Request frames.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:22 +02:00
Jouni Malinen
f0e30c8410 Do not start another connect work while one is pending
It was possible for the connect or sme-connect radio work to get
re-scheduled while an earlier request was still pending, e.g.,
select_network is issued at the moment a scan radio work is in progress
and the old scan results are recent enough for starting the connection.
This could result in unexpected attempt to re-associate immediately
after completing the first connection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-24 15:22:35 +02:00
Andrei Otcheretianski
b3253ebb73 wpa_supplicant: Complete radio works on disable event
While testing rfkill blocking of a scanning interface, it
was seen that the ongoing scan never completes. This happens
since EVENT_SCAN_RESULTS is discarded on a disabled interface.

Fix this and also other possible radio work completion issues
by removing all the radio works (including started) of the
disabled interface.

To be able to remove already started radio works, make their
callbacks be reentrant with deinit flag (when the work
is started), so each radio work should be able to handle
its own termination.

Signed-hostap: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2014-02-16 00:06:23 +02:00
Jouni Malinen
d950477913 Fix authentication algorithm negotiation in SME code
Commit 6ac4b15ef8 (wpa_radio work for
connection) caused a regression for cases where multiple auth_alg values
are set in a network block and wpa_supplicant-based SME is supposed to
iterate through them. The connection radio work was not terminated when
receiving authentication failure and this resulted in the following
authentication attempt failing.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-02-03 19:34:33 +02:00
Jouni Malinen
6ac4b15ef8 Use wpa_radio work for connection
This protects against conflicting offchannel operations during
connection (authentication, association, EAP exchanges, 4-way
handshake).

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:09 +02:00
Jouni Malinen
4848a38d85 Get rid of duplicated cipher suite and AKM definitions
WPA_CIPHER_* and CIPHER_* are used for the exact same set of cipher
suites with the main difference being that the WPA_CIPHER_* version is
suitable to be used as a bitfield. Similarly, WPA_KEY_MGMT_* and
KEY_MGMT_* have similar design for AKMs. There is no need to maintain
two separate copies of the definitions since the bitfield compatible
version can be used for both needs. Get rid of the CIPHER_* and
KEY_MGMT_* versions to clean up the implementation by getting rid of
unnecessary mapping functions.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 09:16:27 +02:00
Johannes Berg
46b8d4c004 wpa_supplicant: Use monotonic time for SA query timeout
The SA query timeout is just a regular timeout (currently
hard-coded to 1000 TU), so use monotonic time for it.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:17:25 +02:00
Jouni Malinen
18ca733248 SAE: Fix group selection
Number of regressions had shown up in wpa_supplicant implementation of
SAE group selection due to different integer array termination (-1 in
hostapd, 0 in wpa_supplicant) being used for SAE groups. The
default_groups list did not seem to use any explicit termination value.
In addition, the sae_group_index was not cleared back to 0 properly
whenever a new SAE session was started.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-02 18:07:49 +02:00
Jouni Malinen
d7df0fa727 Clean up wpa_supplicant_event() with deauth/disassoc helper functions
wpa_supplicant_event() has grown overly large, so it is useful to split
it into smaller pieces.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-07-21 16:40:40 +03:00
Jouni Malinen
55a2df4389 HS 2.0: Include HS 2.0 Indication element only for HS 2.0 association
The Hotspot 2.0 specification seems to mandate this element to be
included in all (Re)Association Request frames if the station is Hotspot
2.0 capable. However, that results in conflicts with other requirements
like no TKIP use when this element is present. The design is really
supposed to include the indication element only for Hotspot 2.0
associations regardless of what the current specification implies.
Remove the HS 2.0 Indication element from (Re)Association Request frame
whenever the connection is not for Hotspot 2.0 purposes.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-05-05 16:29:21 +03:00
Jouni Malinen
e864c0aefe Use a common frequency to channel conversion function
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-27 22:11:51 +03:00
Chet Lanctot
3ee9ade6cf Allow SME SA Query to be used by all drivers
The unprotected disconnection events were previously processed only for
drivers that used the wpa_supplicant SME implementation (separate
authentication and association commands). However, this can be useful
for drivers that use the connect API, so remove the limitation and allow
the same IEEE 802.11w SA Query mechanism to be used even without full
use of the wpa_supplicant SME.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-11 13:49:40 +02:00
Johannes Berg
e9ee8dc394 wpa_supplicant: Support VHT capability overrides
Add support for VHT capability overrides to allow testing connections
with a subset of the VHT capabilities that are actually supported by
the device. The only thing that isn't currently supported (by mac80211
and this code) is the RX/TX highest rate field.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-03-10 18:04:39 +02:00
Jouni Malinen
62769a88db Move cipher to enum wpa_cipher conversion into wpa_common.c
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-13 18:02:20 +02:00
Jouni Malinen
b4fd3613d3 SAE: Free temporary buffers when moving to Accepted state
Most of the variables are not needed anymore once the SAE instance
has entered Accepted state. Free these to save memory.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
4ef34a9960 SAE: Remove duplicated SAE field debug dumps
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
625f202a74 SAE: Allow enabled groups to be configured
hostapd.conf sae_groups parameter can now be used to limit the set of
groups that the AP allows for SAE. Similarly, sae_groups parameter is
wpa_supplicant.conf can be used to set the preferred order of groups. By
default, all implemented groups are enabled.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
a46d72d7d7 SAE: Maintain EC group context in struct sae_data
This can be used to share same EC group context through the SAE
exchange.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
d136c376f2 SAE: Add support for Anti-Clogging mechanism
hostapd can now be configured to use anti-clogging mechanism based on
the new sae_anti_clogging_threshold parameter (which is
dot11RSNASAEAntiCloggingThreshold in the standard). The token is
generated using a temporary key and the peer station's MAC address.
wpa_supplicant will re-try SAE authentication with the token included if
commit message is rejected with a token request.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
dd43026a19 SAE: Rename state variables to match IEEE 802.11 standard
The enum values for struct sae_data::state now match the protocol
instance states as defined in IEEE Std 802.11-2012, 11.3.8.2.2

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
47b55a3ef5 SAE: Use PMK in 4-way handshake
Use the PMK that is derived as part of the SAE authentication in the
4-way handshake instead of the PSK.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
f2e9818f73 SAE: Add processing of the confirm message
This adds validation of the received confirm messages for SAE.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
fb8fcc2950 SAE: Add generation of the confirm message fields
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
146f6c9a00 SAE: Add processing of the commit message
This adds validation of the received commit messages and key derivation
for SAE.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
8e31e9550a SAE: Add generation of the commit message fields
This adds derivation of PWE and the needed commit values so that the
full SAE commit message can be built.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
98efcc4176 SAE: Use a shared data structure for AP and station
This makes it easier to share common functions for both roles.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
03e47c9c3a Share a single function for building extended capabilities element
This makes it easier to update extended capabilities for all uses
within wpa_supplicant.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-22 19:17:15 +02:00
Jouni Malinen
e6955ba9f9 WNM: Add WNM-Sleep Mode into Extended Capabilities element
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-16 12:45:59 +02:00
Jouni Malinen
215ae884d6 Mark sme_send_authentication() static
This function is not used outside sme.c.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-25 15:47:43 +02:00
Jouni Malinen
62d4980331 Allow PMF to be enabled by default
Previously, PMF (protected management frames, IEEE 802.11w) could be
enabled only with a per-network parameter (ieee80211w). The new global
parameter (pmf) can now be used to change the default behavior to be PMF
enabled (pmf=1) or required (pmf=2) for network blocks that do not
override this with the ieee80211w parameter.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-24 22:21:29 +02:00
Amitkumar Karwar
368b1957a6 Allow OBSS scan and 20/40 coex reports to non-SME drivers
We enable this feature for non-SME drivers as well if
they explicitly indicate need for it.

Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
2012-11-24 18:08:48 +02:00
Jouni Malinen
6e2020210a Allow OKC to be enabled by default
Previously, OKC (opportunistic key caching, a.k.a. proactive key
caching) could be enabled only with a per-network parameter
(proactive_key_caching). The new global parameter (okc) can now be used
to change the default behavior to be OKC enabled (okc=1) for network
blocks that do not override this with the proactive_key_caching
parameter.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-12 20:07:53 +02:00
Jouni Malinen
21af6d15a8 SAE: Add Finite Cyclic Group negotiation and Send-Confirm
This replaces the previously used bogus test data in SAE messages with
the first real field. The actual SAE authentication mechanism is still
missing and the Scaler, Element, and Confirm fields are not included.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-10-06 19:30:54 +03:00
Jouni Malinen
c10347f246 Add initial parts for SAE
This introduces new AKM for SAE and FT-SAE and adds the initial parts
for going through the SAE Authentication frame exchange. The actual SAE
algorithm and new fields in Authentication frames are not yet included
in this commit and will be added separately. This version is able to
complete a dummy authentication with the correct authentication
algorithm and transaction values to allow cfg80211/mac80211 drivers to
be tested (all the missing parts can be handled with
hostapd/wpa_supplicant changes).

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-30 19:51:07 +03:00
Jouni Malinen
a3f7e5186b Allow non-WPA IEEE 802.1X to be select even if WPA is also enabled
If key_mgmt was set to allow both WPA and non-WPA IEEE 802.1X (i.e., to
IEEE8021X WPA-EAP), non-WPA IEEE 802.1X was rejected while preparing
association parameters. Allow this special case to be handled by
selecting non-WPA case if the scan results for the AP do not include
either WPA or RSN elements.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-15 19:34:04 +03:00
Jouni Malinen
067ffa2696 Convert os_realloc() for an array to use os_realloc_array()
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-13 21:21:23 +03:00
Jouni Malinen
f9884c096a Convert os_zalloc() for an array to use os_calloc()
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-13 20:44:21 +03:00
Arik Nemtsov
b6871ebb17 SME: Correctly check mode HT caps for enabling OBSS scan
Don't assume the 11g mode is always first in the list of mode (sometimes
it isn't). Traverse the array of modes and check the HT40 capability is
turned on for 11g.

Signed-hostap: Arik Nemtsov <arik@wizery.com>
2012-08-11 17:08:54 +03:00
Jouni Malinen
c1c023429b Set state to DISCONNECTED on auth/assoc failures
Some of the authentication/association failure paths left wpa_state to
its previous value. This can result in unexpected behavior when
wpa_supplicant tries to find an AP to connect to since the uncleared
state can result the in the selected BSS being ignored if it is same as
the previously used BSS. This could happen, e.g., when wpa_supplicant
SME was used and the AP rejected authentication. Fix this by explicitly
setting state to DISCONNECTED on auth/assoc failures that did not yet do
this.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-06-25 14:23:25 +03:00
Jouni Malinen
cb4183249f HS 2.0: Add HS 2.0 Indication element into (Re)Association Request
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-08 23:30:04 +03:00
Jouni Malinen
6434ad09d6 Scan only 2.4 GHz band for OBSS scans
Since we are reporting 20/40 BSS coex information only for 2.4 GHz band,
there is no need to run the full scan on dualband cards.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-03 15:55:42 +03:00
Rajkumar Manoharan
c3701c66a5 Add handling of OBSS scan requests and 20/40 BSS coex reports
Add support for HT STA to report 40 MHz intolerance to the associated AP.
A HT station generates a report (20/40 BSS coexistence) of channel list
if it finds a non-HT capable AP or a HT AP which prohibits 40 MHz
transmission (i.e., 40 MHz intolerant bit is set in HT capabilities IE)
from the scan results.

Parse the OBSS scan parameter from Beacon or Probe Response frames and
schedule periodic scan to generate 20/40 coexistence channel report if
requested to do so. This patch decodes Scan Interval alone from the OBSS
Scan Parameters element and triggers scan on timeout.

Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-03 15:55:38 +03:00
Bala Shanmugam
1f6c0ab872 Allow background scan period to be configured
A network block specific background scan period can now be configured
for drivers that implement internal background scan mechanism for
roaming and BSS selection.

Signed-hostap: Bala Shanmugam <bkamatch@qca.qualcomm.com>
2012-03-30 15:20:35 +03:00
Jouni Malinen
0f3d578efc Remove the GPL notification from files contributed by Jouni Malinen
Remove the GPL notification text from the files that were
initially contributed by myself.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 19:39:36 +02:00
Ben Greear
80e8a5eef1 Support HT capability overrides
This allows HT capabilities overrides on kernels that
support these features.

MCS Rates can be disabled to force to slower speeds when using HT.
Rates cannot be forced higher.

HT can be disabled, forcing an 802.11a/b/g/n station to act like
an 802.11a/b/g station.

HT40 can be disabled.

MAX A-MSDU can be disabled.
A-MPDU Factor and A-MPDU Density can be modified.

Please note that these are suggestions to the kernel. Only mac80211
drivers will work at all. The A-MPDU Factor can only be decreased and
the A-MPDU Density can only be increased currently.

Signed-hostap: Ben Greear <greearb@candelatech.com>
2012-01-29 21:01:31 +02:00
Eyal Shapira
1193dc8fd7 SME: Fix processing of Authentication timeout and failure
current_bss and pending_bssid weren't cleaned up so BSS
kept appearing in the scan results even when it was actually gone.
Use wpa_supplicant_mark_disassoc() to cleanup the wpa_s context
instead of just dropping wpa_state back to DISCONNECTED.

Reported-by: Vishal Mahaveer <vishalm@ti.com>
Signed-hostap: Eyal Shapira <eyal@wizery.com>
2012-01-29 17:44:31 +02:00
Jouni Malinen
14115a1089 SME: Fix processing of Authentication timeout
The wpa_state needs to be dropped back to DISCONNECTED to allow scan
results to trigger a new authentication attempt.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-04 22:27:48 +02:00
Jouni Malinen
ed57c5907e SME: Fix processing of Authentication request failure
The wpa_state needs to be dropped back to DISCONNECTED to allow scan
results to trigger a new authentication attempt. In addition, we can use
wpas_connection_failed() instead of requesting a scan after a fixed time
to make this error case more consistent with other similar error paths
in sme.c.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-12-04 21:04:24 +02:00
Jouni Malinen
0bf927a03e Use wpa_key_mgmt_*() helpers
This cleans up the source code and makes it less likely that new AKM
addition misses some needed changes in the future.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-24 22:47:46 +02:00
Jouni Malinen
19df9b0761 Mark local functions static
These functions are not used outside the file in which they are defined.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-18 21:53:36 +02:00
Jouni Malinen
a17539ebcd Remove unnecessary include file inclusion
Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-13 22:13:04 +02:00
Jouni Malinen
b106173a82 Add no_cck parameter for send_action() driver_ops
This can be used to apply the no-CCK rule conditionally depending on
which frame is being sent. The no-CCK rule applies only for P2P
management frames while SA Query and FT use cases do not have similar
restrictions.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-10-29 21:49:46 +03:00
Jouni Malinen
17fbb751e1 Remove user space client MLME
This code was used only with driver_test.c to allow MLME operations
in hostapd to be tested without having to use a real radio. There
are no plans on extending this to any other use than testing and
mac80211_hwsim has now obsoled the need for this type of testing.
As such, we can drop this code from wpa_supplicant to clean up the
implementation of unnecessary complexity.
2011-10-22 22:45:38 +03:00
Jouni Malinen
92cbcf9128 Add Extended Capability element to AssocReq for Interworking
If Interworking is enabled, add Extended Capability element to
(Re)Association Request frames to indicate support for Interworking.
2011-10-16 23:55:34 +03:00
Luciano Coelho
a4cba8f1e2 Use sched_scan in driver init
This patch uses sched_scan, if available, when the driver is
initialized. It also adds a couple of cancel operations where
appropriate.

Signed-off-by: Luciano Coelho <coelho@ti.com>
2011-10-15 18:53:13 +03:00
Jouni Malinen
64fa840a97 nl80211: Fix WPA_VERSIONS attribute for Connect command
The previous code was trying to figure out which WPA version is
used based on the extra IEs requested for Association Request. That
did not work properly in cases where non-WPA networks are used with
some extra IEs. Fix this by using more robust mechanism for passing
the WPA versions from core wpa_supplicant to the driver_ops
associate().
2011-09-02 20:40:23 +03:00
Jouni Malinen
ffad885837 P2P: Set p2p auth/assoc parameter based on connection type
Fix the previous code that was hardcoding the p2p parameter based
on the driver P2P capability regardless of whether the connection
was really used for P2P or not.
2011-07-17 20:52:49 +03:00
Eliad Peller
2f4f73b154 nl80211: Change vif type to P2P_CLI upon P2P authentication
Currently, wpa_driver_nl80211_authenticate() changes the interface type
to station. However, in case of P2P, we need to change the interface
type to P2P_CLI.

Add p2p field to the authentication params, and consider it for choosing
the correct interface type.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2011-07-17 20:25:58 +03:00
Ben Greear
e29853bbff SME: Add timers for authentication and asscoiation
mac80211 authentication or association operation may get stuck for some
reasons, so wpa_supplicant better use an internal timer to recover from
this.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2011-02-24 16:59:46 +02:00
Ben Greear
f049052b9e Use wpa_msg() instead of wpa_printf()
This converts number of debugging messages to use wpa_msg() in order
to allow the interface name to be shown with the messages.

A new function, wpa_dbg(), is introduced to allow
CONFIG_NO_STDOUT_DEBUG=y builds to remove the debug strings. This is
otherwise identical with wpa_msg(), but it gets compiled out if stdout
debugging is disabled.
2011-02-10 20:14:46 +02:00
Johannes Berg
190b9062b2 P2P: Add option for offloading off-channel TX to the driver
With the new kernel functionality coming to Linux to allow off-channel
TX, we can take advantage of that in the P2P code that currently uses
remain-on-channel. If a driver advertises support for it, it will be
asked to handle off-channel TX by itself.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2010-12-29 13:59:17 +02:00
Jouni Malinen
7d878ca769 Use SA Query procedure to recovery from AP/STA state mismatch
If a station received unprotected Deauthentication or Disassociation
frame with reason code 6 or 7 from the current AP, there may be a
mismatch in association state between the AP and STA. Verify whether
this is the case by using SA Query procedure. If not response is
received from the AP, deauthenticate.

This implementation is only for user space SME with
driver_nl80211.c.
2010-12-19 11:58:00 +02:00
Jouni Malinen
aca0160548 nl80211: Set cipher suites when using user space SME
Previously, pairwise and group cipher suites were configured only
when kernel SME (nl80211 connect API) was used. However, mac80211
needs this information even in the user space SME case for one
thing: to disable HT when TKIP/WEP is used. Add
NL80211_ATTR_CIPHER_SUITES_PAIRWISE to fix this special case with
user space SME. This allows mac80211 to disable HT properly when
the AP is configured with configuration that is not allowed.
2010-12-13 21:08:53 +02:00
Jouni Malinen
e5ad96b745 SME: Optimize recovery from assocication command failures
mac80211 can indicate this mainly because of channel selection
conflicts with other vifs. If there is another BSS on another
channel, we should try to connect to it instead.
2010-11-26 17:37:22 +02:00
Jouni Malinen
0fb337c121 Extend load balancing optimization in BSS blacklisting
Move the previously SME specific optimization code into generic
function that can be used from non-SME code, too, and use it to
handle disconnection events. In other words, allow disconnection
event to trigger similar optimized scanning case to handle a
common load balancing mechanism. If there is another BSS in the
same ESS when we receive a disconnection event, scan only the
known frequencies of such other BSSes on the next attempt to
speed up recovery.
2010-11-26 11:36:03 +02:00
Jouni Malinen
f47d639d49 SME: Optimize recovery from common load balancing mechanisms
When authentication or association fails when trying to connect to
a BSS in an ESS that has multiple BSSes based on previous scans,
limit the first recovery scan to only the known channels that has
been seen previously. This speeds up recovery in some of the most
commonly used load balancing mechanisms in enterprise WLAN
networks.
2010-11-25 22:51:56 +02:00
Jouni Malinen
7e6646c794 SME: Fix re-try after auth/assoc timeout/failure
There were various issues in how the SME (i.e., nl80211-based driver
interface) handled various authentication and association timeouts and
failures. Authentication failure was not handled at all (wpa_supplicant
just stopped trying to connect completely), authentication timeout
resulted in blacklisting not working in the expected way (i.e., the same
BSS could be selected continuously), and association cases had similar
problems.

Use a common function to handle all these cases and fix the blacklist
operation. Use smaller delay before trying to scan again during the
initial cycle through the available APs to speed up connection. Add
a special case for another-BSS-in-the-same-ESS being present to
speed up recovery from networks with multiple APs doing load balancing
in various odd ways that are deployed out there.
2010-11-25 22:00:04 +02:00
Jouni Malinen
eea2fd9eff P2P: Add mechanism for configuring UAPSD parameters for group
This is needed to be able to change parameters for dynamically
created interfaces between the creation of the interface and
association/start AP commands.

Following ctrl_interface commands can now be used:

P2P_SET client_apsd disable
- disable configuration (i.e., use driver default) in client mode

P2P_SET client_apsd <BE>,<BK>,<VI>,<VO>;<max SP Length>
- enable UASPD with specific trigger configuration (0/1) per AC
  (max SP Length is currently ignored)

P2P_SET go_apsd disable
- disable configuration (i.e., use driver default) in AP mode

P2P_SET go_apsd <0/1>
- disable/enable APSD in AP mode
2010-09-09 07:17:21 -07:00
Jouni Malinen
4c08c0bd57 P2P: Include P2P IE in (Re)AssocReq to infra AP if it uses P2P IE
While this is not strictly speaking required by the P2P specification
for a not-P2P Managed Device, this can provide useful information for
the P2P manager AP and may be needed to pass certification tests.
2010-09-09 07:17:20 -07:00
Jouni Malinen
5f3a6aa0a4 P2P: Add P2P IE into (Re)Association Request frames 2010-09-09 07:17:17 -07:00
Jouni Malinen
6e3f4b89ea P2P: Let the driver wrapper know if association is for P2P group 2010-09-09 07:17:17 -07:00
Samuel Ortiz
7e26053a2c sme: Check for prev_bssid from sme_event_disassoc
wpa_s->bssid is already cleared by mark_disassoc() when we're getting the
disassociation event for the case where wpa_supplicant requested
disassociation. wpa_s->sme.prev_bssid holds the BSSID we need to check
for, so use that instead.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2010-08-18 21:23:26 +03:00
Samuel Ortiz
cb1583f64b sme: Try all authentication algorithms when the first one fails
When passing several authentication algorithms through auth_alg, we
should try all of them when the first one fails. The wext driver goes
through the connect nl80211 command and the retries are then handled by
the kernel. The nl80211 doesn't and we have to handle that from
userspace.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2010-08-17 16:39:33 +03:00
Jouni Malinen
6e3f7173f1 SME: Retry scan after authentication failure
This is needed to avoid getting stuck if driver fails authentication
request for some reason.
2010-07-17 20:27:19 -07:00
Jouni Malinen
9efc3f2a4b SME: Handle association without own extra IEs
Need to check for this before calling ieee802_11_parse_elems().
2010-04-11 12:19:02 +03:00
Jouni Malinen
0d7b44099f SME: Do not try to use FT over-the-air if PTK is not available 2010-04-10 22:39:49 +03:00
Jouni Malinen
e7846b6859 FT: Clean up wpa_sm_set_ft_params() by using common parse
Instead of parsing the IEs in the callers, use the already existing
parser in wpa_ft.c to handle MDIE and FTIE from initial MD association
response. In addition, this provides more complete access to association
response IEs to FT code which will be needed to fix FT 4-way handshake
message 2/4.
2010-04-10 11:36:35 +03:00
Jouni Malinen
f4ec630d1b FT: Set FT Capability and Policy properly in MDIE during initial MD assoc
This field needs to be copied from the scan results for the AP
per IEEE Std 802.11r-2008, 11A.4.2.
2010-04-09 16:41:57 +03:00
Jouni Malinen
76b7981d07 FT: Copy FT Capability and Policy to MDIE from target AP
This sets the FT Capability and Policy field in the MDIE to the values
received from the target AP (if available). This fixes the MDIE contents
during FT Protocol, but the correct value may not yet be used in initial
mobility domain association.
2010-04-09 16:26:20 +03:00
Jouni Malinen
d9a27b0455 Fix SME to update WPA/RSN IE for rsn_supp module based on AssocReq
When using wpa_supplicant SME (i.e., using nl80211), the rsn_supp
module was not informed of the WPA/RSN IE that was used in
(Re)Association Request frame. This broke roaming between APs that
use different security policy (e.g., changing between WPA/TKIP and
WPA2/CCMP APs) or when using PMKSA caching.
2010-04-07 10:31:06 +03:00
Jouni Malinen
62c72d7299 FT: Process reassoc resp FT IEs when using wpa_supplicant SME 2010-03-13 21:13:18 +02:00
Jouni Malinen
71024cb255 FT: Request reassociation after successful FT Action frame exchange 2010-03-13 17:14:41 +02:00
Jouni Malinen
b85e772449 SME: Request a new scan if SME association command fails
This handles some error cases without getting stuck waiting for new
events from the driver if association command fails for any reason.
2010-01-24 18:09:36 -08:00
Jouni Malinen
f337f0e950 Remove unnecessary bss != NULL checks from sme_authenticate()
This is already verified in the beginning of the function, so no need
to repeat that multiple times.
2010-01-10 21:31:54 +02:00
Jouni Malinen
abd9fafab6 Standardize on a single definition of auth_alg bitfield values 2010-01-03 21:14:40 +02:00
Jouni Malinen
70f8cc8ec8 Share the same enum for MFP configuration
The three existing enums were already depending on using the same
values in couple of places and it is just simpler to standardize on
one of these to avoid need for mapping between different enums for
the exact same thing.
2010-01-03 21:02:51 +02:00
Jouni Malinen
9ba9fa07cc Move wpa_supplicant specific scan code away from src/drivers
This fits better in wpa_supplicant/scan.c. Couple of remaining
scan_helpers.c functions are currently used in driver wrappers,
but they can likely be removed in the future.
2010-01-03 18:48:11 +02:00
Jouni Malinen
fdbe50ed98 Fix CONFIG_AP=y build after driver API changes 2010-01-03 13:05:54 +02:00
Jouni Malinen
8f770587d9 Maintain a pointer to the current BSS table entry 2010-01-02 16:59:19 +02:00
Jouni Malinen
6fa81a3b3f Use BSS table entry instead of raw scan result for connection 2010-01-02 16:16:02 +02:00
Jouni Malinen
a84ed99ee4 SME: Deauthenticate to clear state after disassociation events
cfg80211/mac80211 can get into somewhat confused state if the AP only
disassociates us and leaves us in authenticated state. For now, force
the state to be cleared with deauthentication to avoid confusing errors
if we try to associate with the AP again. This gets rid of 30 second
delay (scan timeout) in cases where only a disassociation frame is
received from the AP.
2009-12-02 17:26:28 +02:00
Jouni Malinen
3acb50056c Remove src/rsn_supp from default header path 2009-11-29 18:28:08 +02:00
Jouni Malinen
90973fb2fd Remove src/common from default header file path
This makes it clearer which files are including header from src/common.
Some of these cases should probably be cleaned up in the future not to
do that.

In addition, src/common/nl80211_copy.h and wireless_copy.h were moved
into src/drivers since they are only used by driver wrappers and do not
need to live in src/common.
2009-11-29 17:51:55 +02:00
Jouni Malinen
62fa124ce2 nl80211/SME: Use reassociation when roaming within the ESS 2009-11-17 19:25:05 +02:00
Jouni Malinen
76d11d3f42 SME: Improve processing of association rejection
Force deauthentication from the AP to clear mac80211 state (it would get
stuck with future scans if the AP is left in authenticated, but not
associated, state).

Add blacklist entry for the AP to allow other APs with worse signal
strength to be tried (e.g., when APs are trying to do load balancing
with status code 17). Reduce wait for the next scan to speed up
connection in cases where there could be other APs that could accept
association, but which show worse signal strength.
2009-10-31 23:21:43 +02:00
Jouni Malinen
8bac466b00 Add wpa_supplicant notification calls
This introduces a new mechanism for collecting notification calls into
a single place (notify.c). As a result of this, most of the
wpa_supplicant code does not need to know about dbus (etc. mechanisms
that could use the notifications). Some empty placeholder functions are
also added in preparation of new dbus code that needs more event
notifications.
2009-09-13 20:53:32 +03:00
Jouni Malinen
da1fb17ca7 Add handling of SME auth/assoc timeout events
This allows wpa_supplicant to start searching for other APs (or re-try)
if the MLME times out.
2009-04-24 00:08:24 +03:00
Jouni Malinen
a0b2f99bd7 nl80211: Fix static WEP key configuration when using SME
Need to set WEP keys before requesting authentication in order to get
Shared Key authentication working. Previously, the WEP keys were not set
at all when using SME in wpa_supplicant.
2009-04-04 16:58:16 +03:00
Jouni Malinen
efa4607800 SME: Add processing for rejected associations 2009-04-01 17:10:36 +03:00
Jouni Malinen
2d5b792d2b Add preliminary hostapd data structure initialization for AP mode
wpa_supplicant can now initialize hostapd data structures when mode=2 is
used to set up an AP. The hostapd configuration is not yet set based on
wpa_supplicant network configuration block. In addition, the glue code
for hostapd driver_ops needs number of functions that will be needed for
AP functionality.
2009-03-26 20:37:05 +02:00
Jouni Malinen
c2a0407851 Add SME support (separate authentication and association)
This can be used, e.g., with mac80211-based Linux drivers with
nl80211. This allows over-the-air FT protocol to be used (IEEE
802.11r).

Since the nl80211 interface needed for this is very recent (added
today  into wireless-testing.git), driver_nl80211.c has backwards
compatibility code that uses WEXT for association if the kernel does
not support the new commands. This compatibility code can be
disabled by defining NO_WEXT_COMPAT. That code will also be removed
at  some point to clean up driver_nl80211.c.
2009-03-20 22:26:41 +02:00