This version can generate CCMP and TKIP test vectors that match with
the IEEE Std 802.11-2012, Annex M.6.3 and M.6.4.
Signed-hostap: Jouni Malinen <j@w1.fi>
The conf doesn't contain any basic rates in some cases. Most notably,
when starting a P2P GO in 5 GHz. Use the iface rates which are
initialized in hostapd_prepare_rates() to the conf rates or set to
default values if no conf values exist. This fixes a bug introduced in
commit e5693c4775.
Signed-hostap: Arik Nemtsov <arik@wizery.com>
Commit e5693c4775 added a copy of the
determined basic rate set into struct hostapd_iface, but did not
actually copy the terminating -1 value. This could be problematic if
something were to actually try to use this list since would be no way to
know what is the last entry in the list. Fix this by copying the
terminating value.
Signed-hostap: Jouni Malinen <j@w1.fi>
This driver_op can now be used in station mode, too, to fetch
information about the connection with the AP, so allow this to be used
even if wpa_supplicant is built without AP mode support.
Signed-hostap: Jouni Malinen <j@w1.fi>
The group matching should be done by comparing the P2P Interface Address
(which the group_bssid here is) to the group's BSSID and not the group
ID (which uses P2P Device Address and would have also needed the SSID).
Though, it should be noted that this case cannot really happen since a
GO in an active group would never be invited to join another group in
its GO role (i.e., if it receives an Invitation Request, it will reply
in P2P Device role). As such, this fix does not really change any
observable behavior, but anyway, it is good to keep the implementation
here consistent with the Invitation Request case.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
When building the Invitation Request for WFD use cases, match the BSSID,
i.e., P2P Interface Address, of the group on the GO to avoid using
information from another group should the device be operating multiple
concurrent groups as GO.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
If two BSS entries have the same HESSID and SSID, share the fetched ANQP
information between these BSS entries to save memory and GAS/ANQP
operations.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The eap parameter in the cred block can now be used to override
automatic EAP-SIM/AKA/AKA' selection.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This is an initial step in allowing the ANQP responses to be shared
among multiple BSSes if the BSSes are determined to be operating under
identical configuration.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
If the REMOVE_NETWORK command is used to delete the currently connected
network, some operations were run between removing the network and
clearing of wpa_s->current_ssid. This left wpa_s->current_ssid pointing
to freed memory and should any operation end up using it before the
pointer gets cleared, freed memory could be references. Avoid this by
removing the network only after having completed the operations that
clear wpa_s->current_ssid.
Signed-hostap: Deepthi Gowri <deepthi@codeaurora.org>
intended-for: hostap-1
Use configured credentials to figure out which ANQP information needs to
be fetched and only fetch those when using Interworking network
selection. The fetch_anqp command is still fetching all ANQP
information.
Signed-hostap: Jouni Malinen <j@w1.fi>
If the scan results from before ANQP fetch are fresh (less than five
seconds old), do not run a new scan when selecting the BSS after having
used Interworking network selection.
Signed-hostap: Jouni Malinen <j@w1.fi>
This allows the BSS selection functions to be called without having the
scan result data structure. This can be used to skip extra scans in
cases where previous results can be considered fresh.
Signed-hostap: Jouni Malinen <j@w1.fi>
This allows last results to be used even after they have been freed
since the information is copied to the BSS entries anyway and this new
array provides the order in which scan results were processed.
Signed-hostap: Jouni Malinen <j@w1.fi>
The same information is available in the BSS table, so we can reduce the
need for using the raw scan results in wpa_supplicant_need_to_roam().
Signed-hostap: Jouni Malinen <j@w1.fi>
Use the anonymous_identity field to store EAP-SIM/AKA pseudonym identity
so that this can be maintained between EAP sessions (e.g., after
wpa_supplicant restart) even if fast re-authentication data was cleared.
Signed-hostap: Jouni Malinen <j@w1.fi>
The EAP-SIM/AKA code is already validating the prefix and the following
lookup would not find matches if the prefix is incorrect, so there is no
need for the extra checks here.
Signed-hostap: Jouni Malinen <j@w1.fi>
If EAP-Response/Identity includes a known pseudonym or re-auth username,
skip the AKA/Identity exchange since we already know the permanent
username of the peer.
Signed-hostap: Jouni Malinen <j@w1.fi>
RFC 4186, chapter 6.3.3 mandates that EAP-Failure is used only after
Client-Error and Notification messages. Convert the direct jumps to the
FAILURE state with a notification round before sending out EAP-Failure.
Signed-hostap: Jouni Malinen <j@w1.fi>
The AT_NONCE_S value needs to be used in AT_MAC calculation for
SIM/Re-authentication response even if re-authentication is rejected
with AT_COUNTER_TOO_SMALL.
Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
If the peer rejects re-authentication with AT_COUNTER_TOO_SMALL, fall
back to full authentication to allow the authentication session to be
completed.
Signed-hostap: Jouni Malinen <j@w1.fi>
These fields are used only as the search key, so the value is already
known and does not need to be copied from the database.
Signed-hostap: Jouni Malinen <j@w1.fi>
Store permanent username (i.e., including prefix character) instead of
IMSI in the SQLite DB. Convert the string to a string since the EAP-AKA
prefix can start with zero. This cleans up the field names since the
value was already with the prefix included instead of just IMSI. In
addition, this explicitly removes some theoretical cases where the
different identity types could have been mixed.
Signed-hostap: Jouni Malinen <j@w1.fi>
Since the EAP-SIM/AKA identities are ASCII strings, there is no need to
use more complex way for storing and passing them. In addition, be more
strict about enforcing username (i.e., no realm part) to be used in the
EAP-SIM DB API. Similarly, require specific username type instead of any
of the types to be used as the key in the pseudonym and reauth
operations. This allows simpler lookup operations to be used.
Signed-hostap: Jouni Malinen <j@w1.fi>
Since we always request an identity in the request, the response
has to include AT_IDENTITY. This allows the AKA/Identity response
processing to be simplified a bit.
Signed-hostap: Jouni Malinen <j@w1.fi>
There is no need to use eap_sim_db_identity_known() here since a new
AKA/Identity message is built only if the identity in the previous
response was not recognized. The first round is always used to request
AT_ANY_ID_REQ to meet the RFC 4187 recommendation on EAP method specific
identity request.
Signed-hostap: Jouni Malinen <j@w1.fi>
Since we always request an identity in the request, the response
has to include AT_IDENTITY. This allows the SIM/Start response
processing to be simplified a bit.
Signed-hostap: Jouni Malinen <j@w1.fi>
There is no need to use eap_sim_db_identity_known() here since a new
SIM/Start message is built only if the identity in the previous response
was not recognized. The first round will always request AT_ANY_ID_REQ to
meet the RFC 4186 recommendation on EAP method specific identity request
being used.
Signed-hostap: Jouni Malinen <j@w1.fi>
The reauth_id prefix can be used to determine which AKA version is used,
so there is no need to store the aka_prime information in a separate
field.
Signed-hostap: Jouni Malinen <j@w1.fi>
Commit 0d30cc240f forced
wpa_s->current_ssid to be cleared in wpa_supplicant_mark_disassoc()
which gets called from wpa_supplicant_event_disassoc(). This broke SME
disassoc-while-authenticating workaround for cfg80211. Fix this by
restoring wpa_s->current_ssid in case SME authentication is in progress.
Signed-hostap: Jouni Malinen <j@w1.fi>
Commit 0d30cc240f forced
wpa_s->current_ssid and wpa_s->key_mgmt to be cleared in
wpa_supplicant_mark_disassoc() which gets called from
wpa_supplicant_event_disassoc(). This broke IEEE 802.1X authentication
failure processing and P2P deauthentication notification (group
termination).
Fix this by splitting wpa_supplicant_event_disassoc() into two parts and
make wpas_p2p_deauth_notif() indicate whether the interface was removed.
If so, the last part of disassocition event processing is skipped. Since
the wpa_supplicant_mark_disassoc() call is in the second part, the above
mentioned issues are resolved. In addition, this cleans up the P2P group
interface removal case by not trying to use fast reconnection mechanism
just before the interface gets removed.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>