Commit graph

330 commits

Author SHA1 Message Date
Jouni Malinen
625f202a74 SAE: Allow enabled groups to be configured
hostapd.conf sae_groups parameter can now be used to limit the set of
groups that the AP allows for SAE. Similarly, sae_groups parameter is
wpa_supplicant.conf can be used to set the preferred order of groups. By
default, all implemented groups are enabled.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
cd9c2714e7 SAE: Add support for ECC group 21 (521-bit random ECP group)
In addition to the trivial change in adding the new group ientifier,
this required changes to KDF and random number generation to support
cases where the length of the prime in bits is not a multiple of eight.
The binary presentation of the value needs to be shifted so that the
unused most significant bits are the zero padding rather than the extra
bits in the end of the array.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
bf14657b9f SAE: Add support for additional ECC groups
In addition to the mandatory group 19 (256-bit random ECP group) add
support for groups 20 (384-bit), 25 (192-bit), and 26 (224-bit).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
cbf9f4c642 SAE: Fix PWE loop termination on excessive iterations
The counter>200 check needs to be done before the continue-on-not-found
case to be effective in stopping this loop.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
d5f5fa86e4 SAE: Set pwd-value length based on prime length
The buffer is set based on maximum group prime length, but pwd-value
needs to be correct length for the negotiated group.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
a55f2eef71 SAE: Use EC group context to get the group prime
Do not use the hardcoded group19_prime buffer for this to allow group
negotiation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
09200a1166 SAE: Use EC group context for peer-commit-scalar validation
Do not use the hardcoded group19_order/group19_prime buffers for this to
allow group negotiation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
c5eb5b1999 SAE: Use EC group context for random number generation
Do not use the hardcoded group19_order/group19_prime buffers for this to
allow group negotiation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
ce46ec8df0 SAE: Store the group order in EC context data
This makes the SAE implementation a bit simpler by not having to build
the bignum for group order during execution.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
4925b303db SAE: Use defines for key lengths
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
7babd2539c SAE: Add a define for maximum supported prime length
This can be used to increase buffer sizes when adding support for new
groups.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
12e06dc228 SAE: Use sae->prime_len instead of hardcoded 32
This is needed to allow multiple groups to be supported.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
19a5bd0a25 SAE: Use the EC context from struct sae_data
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
a46d72d7d7 SAE: Maintain EC group context in struct sae_data
This can be used to share same EC group context through the SAE
exchange.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
aadabe7045 SAE: Use crypto wrappers instead of direct OpenSSL calls
This makes the SAE implementation independent of the crypto/bignum
library.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
d136c376f2 SAE: Add support for Anti-Clogging mechanism
hostapd can now be configured to use anti-clogging mechanism based on
the new sae_anti_clogging_threshold parameter (which is
dot11RSNASAEAntiCloggingThreshold in the standard). The token is
generated using a temporary key and the peer station's MAC address.
wpa_supplicant will re-try SAE authentication with the token included if
commit message is rejected with a token request.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
4838ff3ef4 SAE: Do not allow re-use of peer-scalar in a new protocol instance
IEEE Std 802.11-2012, 11.3.8.6.1: If there is a protocol instance for
the peer and it is in Authenticated state, the new Commit Message
shall be dropped if the peer-scalar is identical to the one used in
the existing protocol instance.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
dd43026a19 SAE: Rename state variables to match IEEE 802.11 standard
The enum values for struct sae_data::state now match the protocol
instance states as defined in IEEE Std 802.11-2012, 11.3.8.2.2

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
f2e9818f73 SAE: Add processing of the confirm message
This adds validation of the received confirm messages for SAE.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
fb8fcc2950 SAE: Add generation of the confirm message fields
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
146f6c9a00 SAE: Add processing of the commit message
This adds validation of the received commit messages and key derivation
for SAE.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
8e31e9550a SAE: Add generation of the commit message fields
This adds derivation of PWE and the needed commit values so that the
full SAE commit message can be built.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
98efcc4176 SAE: Use a shared data structure for AP and station
This makes it easier to share common functions for both roles.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Johannes Berg
fa4763369a hostapd: Allow configuring driver to VHT
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-01-12 17:51:52 +02:00
Jouni Malinen
7ab5441262 The hostap.git master branch is now used for 2.1 development
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:10 +02:00
Jouni Malinen
22760dd947 Prepare for hostapd/wpa_supplicant v2.0 release
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:42:53 +02:00
Jouni Malinen
2049a875bc WNM: Additional BSS Transition Management capability
Add some more functionality for BSS Transition Management:
- advertise support for BSS Transition Management in extended
  capabilities element
- add hostapd.conf parameter bss_transition=1 for enabling support
  for BSS Transition Management
- add "hostapd_cli disassoc_imminent <STA> <num TBTTs>" for sending
  disassociation imminent notifications for testing purposes
- wpa_supplicant: trigger a new scan to find another BSS if the
  current AP indicates disassociation imminent (TODO: the old AP needs
  to be marked to use lower priority to avoid re-selecting it)

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-22 20:27:30 +02:00
Vladimir Kondratiev
7829894c21 Introduce 60 GHz band
Basic support for the 60 GHz band. Neither P2P nor WPS are yet taken
care off. Allows to start AP with very simple config:

network={
        ssid="test"
        mode=2
        frequency=60480
        key_mgmt=NONE
}

Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-18 11:50:35 +02:00
Jouni Malinen
0a66ce3c49 WNM: Add support for SSID List element matching
This allows Probe Request frame processing to compare the configured
SSID to the SSID List element in addition to the SSID element.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-16 21:22:24 +02:00
Jouni Malinen
df80a0ccff WNM: Use defined macros for WNM-Sleep Mode Action Type values
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-16 12:57:38 +02:00
Jouni Malinen
62d4980331 Allow PMF to be enabled by default
Previously, PMF (protected management frames, IEEE 802.11w) could be
enabled only with a per-network parameter (ieee80211w). The new global
parameter (pmf) can now be used to change the default behavior to be PMF
enabled (pmf=1) or required (pmf=2) for network blocks that do not
override this with the ieee80211w parameter.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-24 22:21:29 +02:00
Johannes Berg
202d97d477 hostapd: Add VHT PHY selector if VHT is required
If VHT is required, add the VHT PHY selector to
the (extended) supported rates IE.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2012-11-24 17:27:16 +02:00
Jouni Malinen
369c8d7bcd Reserve AKM and cipher suite values
These values are used with WAPI and CCX and reserving the definitions
here reduces the number of merge conflicts with repositories that
include these functions.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-30 20:26:55 +03:00
Jouni Malinen
c10347f246 Add initial parts for SAE
This introduces new AKM for SAE and FT-SAE and adds the initial parts
for going through the SAE Authentication frame exchange. The actual SAE
algorithm and new fields in Authentication frames are not yet included
in this commit and will be added separately. This version is able to
complete a dummy authentication with the correct authentication
algorithm and transaction values to allow cfg80211/mac80211 drivers to
be tested (all the missing parts can be handled with
hostapd/wpa_supplicant changes).

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-30 19:51:07 +03:00
Jouni Malinen
c3550295fb Move WPA cipher information into a shared location
Try to share most of the cipher information like key and RSC lengths and
suite selector conversions, etc. in wpa_common.c to avoid having similar
code throughout the WPA implementation for handling cipher specific
behavior.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-30 11:53:54 +03:00
Jouni Malinen
347d6a5b76 WFD: Add support for sending Wi-Fi Display service discovery requests
wpa_cli p2p_serv_disc_req command can now be used to request WSD
request to be sent to specified or all peers who support WSD.

format: wifi-display <list of roles> <list of subelements>
examples:
p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [source] 2,3,4,5
p2p_serv_disc_req 02:01:02:03:04:05 wifi-display [pri-sink] 3
p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [sec-source] 2
p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [source+sink] 2,3,4,5
p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [source][pri-sink] 2,3,4,5

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-29 19:51:29 +03:00
Jouni Malinen
337c781f9c WFD: Add wfd_subelems hexdump in BSS ctrl_iface command output
This makes it easier to parse the WFD subelements from scan results.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-29 19:51:29 +03:00
Jouni Malinen
9675ce354a WFD: Add Wi-Fi Display support
This commit adds control interface commands and internal storage of
Wi-Fi Display related configuration. In addition, WFD IE is now added
to various P2P frames, Probe Request/Response, and (Re)Association
Request/Response frames. WFD subelements from peers are stored in the
P2P peer table.

Following control interface commands are now available:
SET wifi_display <0/1>
GET wifi_display
WFD_SUBELEM_SET <subelem> [hexdump of length+body]
WFD_SUBELEM_GET <subelem>

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-29 19:51:29 +03:00
Jouni Malinen
eb7719ff22 Add support for using GCMP cipher from IEEE 802.11ad
This allows both hostapd and wpa_supplicant to be used to derive and
configure keys for GCMP. This is quite similar to CCMP key
configuration, but a different cipher suite and somewhat different rules
are used in cipher selection. It should be noted that GCMP is not
included in default parameters at least for now, so explicit
pairwise/group configuration is needed to enable it. This may change in
the future to allow GCMP to be selected automatically in cases where
CCMP could have been used.

This commit does not included changes to WPS or P2P to allow GCMP to be
used.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-29 11:52:15 +03:00
Jouni Malinen
b1f122964e Add generic GAS request mechanism
The new gas_request and gas_response_get commands can be used to request
arbitary GAS queries to be performed. These can be used with ANQP or
with other (including vendor specific) advertisement protocols.

gas_request <BSSID> <AdvProtoID> [Query]
gas_response_get <addr> <dialog token> [offset,length]

For example, ANQP query for Capability list in interactive wpa_cli
session:

> gas_request 02:00:00:00:01:00 00 000102000101
<3>GAS-RESPONSE-INFO addr=02:00:00:00:01:00 dialog_token=0
status_code=0 resp_len=32
> gas_response_get 02:00:00:00:01:00 00
01011c00010102010501070108010c01dddd0c00506f9a110200020304050607
> gas_response_get 02:00:00:00:01:00 00 0,10
01011c00010102010501
> gas_response_get 02:00:00:00:01:00 00 10,10
070108010c01dddd0c00
> gas_response_get 02:00:00:00:01:00 00 20,10
506f9a11020002030405
> gas_response_get 02:00:00:00:01:00 00 30,2
0607

It should be noted that the maximum length of the response buffer is
currently 4096 bytes which allows about 2000 bytes of the response data
to be fetched with a single gas_response_get command. If the response is
longer, it can be fetched in pieces as shown in the example above.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-27 18:13:10 +03:00
Jouni Malinen
00e5e3d509 Disable network block temporarily on authentication failures
If 4-way handshake fails due to likely PSK failure or if EAP
authentication fails, disable the network block temporarily. Use longer
duration if multiple consecutive failures are seen.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-26 23:35:07 +03:00
Jouni Malinen
6e6909a97e FIPS: Remove MD5 from the CONFIG_FIPS=y build
When CONFIG_FIPS=y is used, do not include MD5 in the build and disable
EAPOL-Key frames that use MD5 (WPA/TKIP and dynamic WEP with IEEE
802.1X).

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 20:03:17 +03:00
Yoni Divinsky
eda070f14f Move WMM AC parameter parser into a common file
This allows the same implementation to be used for wpa_supplicant, too.

Signed-hostap: Yoni Divinsky <yoni.divinsky@ti.com>
2012-08-12 11:33:00 +03:00
Mahesh Palivela
74b95d1dc0 VHT: Include VHT capabilities and operation elements in parsing
Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
2012-08-10 19:39:43 +03:00
Jouni Malinen
70a26e708c Share a single definition of EAPOL-Key structure for WEP keys
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-07 21:27:01 +03:00
Janusz Dziedzic
4307bb8c85 wpa_cli: Print nice prompt when using remote UDP
When CONFIG_CTRL_IFACE=udp-remote is used, print user frendly PS in
wpa_cli. E.g.,
localhost/wlan0>
192.168.1.1/p2p-wlan-0-0>

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2012-08-05 20:50:17 +03:00
Janusz Dziedzic
d302edd3c4 wpa_cli: Add support for remote access
wpa_cli can be used now as a client for remote access to ctrl_interface
of wpa_supplicant when UDP and remote options are used.

You can simply run:
wpa_cli -i <hostname>:[port]
wpa_cli -i <IP>:[port]

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2012-08-05 20:09:22 +03:00
Janusz Dziedzic
afadf423db wpa_supplicant: Add optional remote access for ctrl_iface
Add new option for ctrl iface: CONFIG_CTRL_IFACE=udp-remote. This
enables remote access to control interface via UDP port(s). This should
be used for testing purpose only since there is no authentication or
access control on the commands.

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2012-08-05 20:01:07 +03:00
Ben Greear
4fdc8def88 Make UNIX socket non-blocking for ctrl_iface
This keeps wpa_cli from hanging forever if the other end of the socket
dies.

Signed-hostap: Ben Greear <greearb@candelatech.com>
2012-08-04 20:34:27 +03:00
Mahesh Palivela
efe45d1471 hostapd: Initial IEEE 802.11ac (VHT) definitions
Add IEEE 802.11ac definitions for config, IEEE structures, constants.

Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
2012-06-30 13:52:13 +03:00
Jouni Malinen
b6668734ab WNM: Add advertisement of BSS max idle period
If WNM is enabled for the build (CONFIG_WNM=y), add BSS max idle period
information to the (Re)Association Response frame from the AP and parse
this information on the station. For SME-in-wpa_supplicant case, add a
timer to handle periodic transmission of the keep-alive frame. The
actual request for the driver to transmit a frame is not yet
implemented.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-27 17:35:00 -07:00
Jouni Malinen
64855b9682 HS 2.0: Indicate Hotspot 2.0 in BSS table and status
If the AP indicates support for Hotspot 2.0, show this in the
ctrl_iface commands for BSS table and status.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-08 23:30:23 +03:00
Jouni Malinen
0b12e96187 HS 2.0: Parse Hotspot 2.0 IE from IE list
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-08 23:30:10 +03:00
Jay Katabathuni
c8a7f9a7b8 HS 2.0: Define Hotspot 2.0 OUI types and subtype values
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-08 23:29:25 +03:00
Xi Chen
f2e03085d7 WNM: Define IEEE 802.11v WNM-Sleep elements
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-03 18:08:19 +03:00
Rajkumar Manoharan
73cdd917a3 Define 20/40 BSS Coexistence elements
This patch defines 20/40 BSS Intolerant Channel Report element
(IEEE 802.11-2012 8.4.2.60) and 20/40 BSS Coexistence element
(IEEE 802.11-2012 8.4.2.62).

Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-03 15:55:35 +03:00
Deepthi Gowri
f65a239ba4 P2P: Add provision discovery failure event
Add provisional discovery failure ctrl_iface event
(P2P-PROV-DISC-FAILURE) to indicate to the application layer in case of
PD failure.

Signed-off-by: Deepthi Gowri <deepthi@codeaurora.org>
2012-04-17 19:44:13 +03:00
Dmitry Shmidt
5f97dd1c57 Add MASK=0xH option for the ctrl_iface BSS command
This optional parameter to the BSS command can be used to select which
fields are included in the output to avoid having to parse through
unneeded information and to reduce the buffer size.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2012-04-07 12:50:25 +03:00
Jouni Malinen
0f3d578efc Remove the GPL notification from files contributed by Jouni Malinen
Remove the GPL notification text from the files that were
initially contributed by myself.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 19:39:36 +02:00
Jouni Malinen
e22d4d957b Remove the GPL notification from files contributed by Atheros
Remove the GPL notification text from files that were initially
contributed by Atheros Communications or Qualcomm Atheros.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 19:39:36 +02:00
Ben Greear
80e8a5eef1 Support HT capability overrides
This allows HT capabilities overrides on kernels that
support these features.

MCS Rates can be disabled to force to slower speeds when using HT.
Rates cannot be forced higher.

HT can be disabled, forcing an 802.11a/b/g/n station to act like
an 802.11a/b/g station.

HT40 can be disabled.

MAX A-MSDU can be disabled.
A-MPDU Factor and A-MPDU Density can be modified.

Please note that these are suggestions to the kernel. Only mac80211
drivers will work at all. The A-MPDU Factor can only be decreased and
the A-MPDU Density can only be increased currently.

Signed-hostap: Ben Greear <greearb@candelatech.com>
2012-01-29 21:01:31 +02:00
Jithu Jance
8aebb0e471 P2P: Notify upper framework on stopping the p2p_find(SEARCH)
This patch notifies the upper framework that an on-going discovery has
been stopped. This is useful in cases where a p2p_find with a timeout
value initiated by the upper framework has been finished or when the
framework initiated "p2p_find" is stopped by a "p2p_connect".

Signed-hostap: Jithu Jance <jithu@broadcom.com>
2012-01-22 17:20:53 +02:00
Jason Young
5d06163714 AP: Pass station's WMM configuration to driver wrappers
This updates a previous patch did more or less the same thing by
providing the qosinfo as a single variable to the driver wrappers.

Signed-hostap: Jason Young <jason.young@dspg.com>
2011-12-17 12:38:06 +02:00
Jouni Malinen
0bf927a03e Use wpa_key_mgmt_*() helpers
This cleans up the source code and makes it less likely that new AKM
addition misses some needed changes in the future.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-24 22:47:46 +02:00
Jouni Malinen
a40e9d3e3d Remove incorrect le16 type cast
HT_INFO_OPERATION_MODE_OP_MODE_MASK is used with variables in host
byte order, so it should not be claimed as le16.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-18 21:39:10 +02:00
Jouni Malinen
e9447a94c0 Use a single define for maximum number of EAP methods
This cleans up the code a bit by not having to deal with theoretical
possibility of maximum number of EAP methods to be different between
various components in hostapd.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-17 20:06:33 +02:00
Jouni Malinen
75b51fde2d Update version number to 2.0-devel
hostap.git is now a development branch for 2.0 with 1.x releases
having been forked to hostap-1.git.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-03 12:19:44 +02:00
Dan Williams
81c57e221d Add wpa_supplicant_ctrl_req_from_string()
Converts from a string to a control request enum when input
from a control interface is received. Will be used by a
subsequent patch.

Signed-off-by: Dan Williams <dcbw@redhat.com>
2011-10-30 12:04:24 +02:00
Dan Williams
9ef1aaae24 Use an enum for EAP SM requests
Control requests will be extended for non-EAP uses later, so it makes
sense to have them be generic. Furthermore, having them defined as an
enum is easier for processing internally, and more generic for control
interfaces that may not use field names. The public ctrl_req_type /
field_name conversion function will be used later by the D-Bus control
interface too.

Signed-off-by: Dan Williams <dcbw@redhat.com>
2011-10-30 12:04:24 +02:00
Jithu Jance
3074d8f12d P2P: Notify device expiry via P2P-DEVICE-LOST event
This patch will notify applications listening over control socket about
the device expiry [from p2p peer list].
2011-10-28 22:13:18 +03:00
Arik Nemtsov
4d0d6b37f9 TDLS: Process discovery requests and send discovery responses
When a discovery request is received, add the peer to the TDLS peer
cache and send a response containing minimal data. Mandatory IEs in
the discovery response frame will be filled out by the driver.

Signed-off-by: Arik Nemtsov <arik@wizery.com>
Cc: Kalyan C Gaddam <chakkal@iit.edu>
2011-10-23 22:18:27 +03:00
Jouni Malinen
538958ae9c Interworking: Add Interworking element to IE parser 2011-10-21 12:43:24 +03:00
Johannes Berg
9236ba4cb5 Move get_hdr_bssid() to make it easier to share for other uses 2011-10-20 21:50:23 +03:00
Dmitry Shmidt
ed3eecd786 Android: Add wpa_ctrl_cleanup()
This function can be used to clean up local UNIX domain socket files
that may be left over from clients that were previously connected to
wpa_supplicant. At least for now, this is only available for Android
builds.
2011-10-18 17:27:53 +03:00
Jouni Malinen
39b97072b2 Add support for Time Advertisement
This adds preliminary support for IEEE 802.11v Time Advertisement
mechanism with UTC TSF offset.
2011-10-18 00:24:16 +03:00
Jouni Malinen
4b2a77aba2 Interworking: Add support for configuring Roaming Consortium List 2011-10-17 23:55:50 +03:00
Jouni Malinen
73c41a8fab Interworking: Parse NAI Realms and match against home realm 2011-10-16 23:55:34 +03:00
Jouni Malinen
b02fe7ff32 Interworking: Add commands for network selection
This adds the basic mechanism for running through network selection:
scan, ANQP fetch, network selection, and connection. Actual rules for
network selection and the creation of the network block are still
missing, but will be added in separate commits.
2011-10-16 23:55:34 +03:00
Jouni Malinen
69fbdfe48d GAS: Export gas_build_initial_resp()
This is needed for some GAS error response messages where the ANQP
Advertisement Protocol element is not used.
2011-10-16 23:55:34 +03:00
Jouni Malinen
696be77eee Define new IEEE 802.11u status codes 2011-10-16 23:55:34 +03:00
Jouni Malinen
71269b3708 WNM: Add BSS Transition Management Request for ESS Disassoc Imminent
"hostapd_cli ess_disassoc (STA addr) (URL)" can now be used to send
an ESS Dissassociation Imminent notification to the STA. This event
is shown in wpa_supplicant ctrl_iface monitors (e.g., wpa_cli):
"WNM: ESS Disassociation Imminent - session_info_url=http://example.com/session/"
2011-10-16 23:55:34 +03:00
Jouni Malinen
46ee0427b1 IEEE 802.11u: Allow Interworking and HESSID to be configured
The new wpa_supplicant.conf file global parameters interworking and
hessid can be used to configure wpa_supplicant to include
Interworking element in Probe Request frames.
2011-10-16 23:55:34 +03:00
Jouni Malinen
b83e3e93c8 IEEE 802.11u: Add configuration and advertisement for Interworking 2011-10-16 23:55:34 +03:00
Jouni Malinen
0c840c33f7 Move GAS/ANQP build routines to a separate file from P2P
GAS/ANQP is a generic protocol and in no way specific to P2P, so move
routines used to build GAS/ANQP frames to a separate file that can be
shared for other uses than just P2P service discovery.
2011-09-29 22:18:46 +03:00
Jouni Malinen
daa30c23aa Rename and fix ANQP definitions to match IEEE Std 802.11u-2011 2011-09-26 11:51:58 +03:00
Pavel Roskin
ffbf1eaa26 Fix typos found by codespell
Signed-off-by: Pavel Roskin <proski@gnu.org>
2011-09-22 00:43:59 +03:00
Jouni Malinen
6554237f38 FT: Share IE parser implementation for Authenticator and Supplicant
These are almost identical, so there is no point in using separate
implementations.
2011-07-16 11:13:39 +03:00
Jouni Malinen
03d3f28a69 Fix wpa_key_mgmt_*() helper functions to handle multiple bits
These can be used in some cases with a bitfield having multiple
AKMs enabled (e.g., WPA-PSK and WPA-PSK-SHA256). Address those
cases by checking whether any of the matching AKM are included.
2011-04-08 19:11:54 +03:00
Jouni Malinen
cd9fc7869a hostapd: Add testing mode for RSN element extensions
CFLAGS += -DCONFIG_RSN_TESTING in .config and rsn_testing=1 in
hostapd.conf can now be used to enable a testing mode that adds
extensions to RSN element. This can be used to check whether
station implementations are incompatible with future extensions
to the RSN element.
2011-03-21 13:59:05 +02:00
Dmitry Shmidt
c6a3a11048 Check select() return value in wpa_ctrl_request()
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2011-03-15 15:54:21 +02:00
Ganesh Prasadh
281ff0aa76 TDLS: Add initial support for TDLS (IEEE Std 802.11z-2010) 2011-03-06 14:53:49 +02:00
Jouni Malinen
73304dbf65 Allow client control socket location to be overridden
Build options can now be used to replace the location of client
sockets for UNIX domain socket control interface:

CFLAGS += -DCONFIG_CTRL_IFACE_CLIENT_DIR=\"/tmp\"
CFLAGS += -DCONFIG_CTRL_IFACE_CLIENT_PREFIX=\"wpa_ctrl_\"
2011-02-27 18:35:33 +02:00
Dmitry Shmidt
b3f3865e0e Use Android reserved namespace for control interface
On Android, use a special reserved namespace for the UNIX domain
socket.
2011-02-27 18:19:17 +02:00
Dmitry Shmidt
1480633f96 Use longer timeout in wpa_ctrl_request()
Wait longer for control interface response from wpa_supplicant to
avoid issues with some drivers that have long blocking operations.
2011-02-27 17:08:15 +02:00
Dmitry Shmidt
36fde1e79c Make wpa_ctrl_close() handle unopened connection 2011-02-27 17:07:07 +02:00
Dmitry Shmidt
4e2ead7a72 Add wpa_supplicant state change event for Android network manager
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2011-02-26 13:20:16 +02:00
Jouni Malinen
2944824315 hostapd: Add require_ht configuration parameter
This can be used to configure hostapd to reject association with
any station that does not support HT PHY.
2011-02-09 15:08:47 +02:00
Jouni Malinen
1161ff1ef5 hostapd: Allow TDLS use to be prohibited in the BSS
tdls_prohibit=1 and tdls_prohibit_chan_switch=1 and now be used to
disable use of TDLS or TDLS channel switching in the BSS using
extended cabilities IE as defined in IEEE 802.11z.
2011-01-28 19:21:59 +02:00
Jouni Malinen
bc8318acbc WPA: Add more info for EAPOL-Key Nonce/MIC debugging 2011-01-15 16:57:08 +02:00
Jouni Malinen
f981eabcf0 WPS: Add option to disable open networks by default
CONFIG_WPS_REG_DISABLE_OPEN=y can be used to configure wpa_supplicant
to disable open networks by default when wps_reg command is used to
learn the current AP settings. When this is enabled, there will be a
WPS-OPEN-NETWORK ctrl_iface event and the user will need to explicitly
enable the network (e.g., with "select_network <id>") to connect to
the open network.
2010-12-30 12:28:13 +02:00
Johannes Berg
0d7e5a3a29 Allow AP mode to disconnect STAs based on low ACK condition
The nl80211 driver can report low ACK condition (in fact it reports
complete loss right now only). Use that, along with a config option, to
disconnect stations when the data connection is not working properly,
e.g., due to the STA having went outside the range of the AP. This is
disabled by default and can be enabled with disassoc_low_ack=1 in
hostapd or wpa_supplicant configuration file.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2010-12-28 17:15:01 +02:00
Jouni Malinen
b39f58347d wlantest: Add support for decrypting TDLS frames
Derive TPK based on TDLS TPK Handshake and decrypt frames on the
direct link with TPK-TK.
2010-12-13 11:20:55 +02:00
Jouni Malinen
f3b87561d7 Share WPA IE parser function for RSN authenticator/supplicant
There is no point in maintaining two almost identical versions
of this parser. Move WPA IE parser into wpa_common.c similarly
to what was already the case with RSN IE parse.
2010-11-12 21:52:14 +02:00
Jouni Malinen
43882f1efc Allow TSN AP to be selected when configured for WEP
Commit d8d940b746 introduced a regression
that prevented TSN APs from being used with WEP since the AP was
rejected if it advertised WPA or RSN IE when we were configured to use
WEP. Resolve this by checking whether the AP is advertising a TSN, i.e.,
whether the AP allows WEP to be used as a group cipher. If so, allow
the AP to be selected if we are configured to use static WEP or
IEEE 802.1X (non-WPA).

It should be noted that this is still somewhat more restricted in AP
selection than earlier wpa_supplicant branches (0.7.x or older) that
ignore the WPA/RSN IE completely when configured for non-WPA.
2010-11-08 21:14:32 +02:00
Jouni Malinen
a149fcc77d wlantest: Add preliminary version of IEEE 802.11 protocol testing tool
This tool can be used to capture IEEE 802.11 frames either from a
monitor interface for realtime capturing or from pcap files for
offline analysis. This version is only adding basic infrastructure for
going through the frames and parsing their headers.
2010-11-07 23:29:00 +02:00
Jouni Malinen
ea78c315a2 Add ctrl_interface event for association rejected 2010-10-27 20:28:16 +03:00
Jouni Malinen
3e7533b399 WPS ER: Show SetSelectedRegistrar events as ctrl_iface events
This makes it easier to figure out if something goes wrong in
preparing the AP for enrolling a station.
2010-10-25 21:29:22 +03:00
Jouni Malinen
b74c19faf5 P2P: Fix a typo in P2P manager definition 2010-10-08 18:15:38 +03:00
Jouni Malinen
bf0ed63f3f Allow a postfix to be defined for the version number
A separate build number (etc.) version number postfix can now be
added to the build without having to modify source code files by
defining VERSION_STR_POSTFIX. This can be done, e.g., by adding
following line to .config:

CFLAGS += -DVERSION_STR_POSTFIX=\"-foo\"
2010-10-07 10:51:04 +03:00
Jouni Malinen
72044390f3 P2P: Add support for cross connection
If enabled, cross connection allows GO to forward IPv4 packets
using masquerading NAT from the P2P clients in the group to an
uplink WLAN connection. This is disabled by default and can be
enabled with "wpa_cli p2p_set cross_connect 1" on the P2P device
interface.
2010-09-09 07:17:20 -07:00
Jouni Malinen
6c6915f3db P2P: Add defined values for P2P Manageability Bitmap 2010-09-09 07:17:20 -07:00
Jouni Malinen
bf608cad56 P2P: Rename SD info not available define to match with spec change 2010-09-09 07:17:19 -07:00
Jouni Malinen
b22128efdc P2P: Add initial version of P2P Module 2010-09-09 07:17:17 -07:00
Jouni Malinen
75bde05d53 P2P: Add driver operations for P2P use 2010-09-09 07:17:16 -07:00
Jouni Malinen
91a9464528 Make IEEE 802.11 IE parser aware of P2P IE
This does not handle fragmented IEs and is only used to check quickly
whether the IE blob includes any P2P IE(s).
2010-09-09 07:17:16 -07:00
Jouni Malinen
dd6cc5a20c P2P: Wi-Fi Direct frame format definitions 2010-09-09 07:17:16 -07:00
Jouni Malinen
31fcea931d WPS 2.0: Add support for AuthorizedMACs attribute
Advertize list of authorized enrollee MAC addresses in Beacon and
Probe Response frames and use these when selecting the AP. In order
to provide the list, the enrollee MAC address should be specified
whenever adding a new PIN. In addition, add UUID-R into
SetSelectedRegistrar action to make it potentially easier for an AP
to figure out which ER sent the action should there be multiple ERs
using the same IP address.
2010-09-09 06:07:47 -07:00
Masashi Honma
60da5e0f3f Solaris: Add support for wired IEEE 802.1X client
This patch adds support for wired IEEE 802.1X client on the Solaris.

I have tested with these:
OS : OpenSolaris 2009.06
EAP : EAP-MD5
Switch : Cisco Catalyst 2950
2010-08-28 11:40:07 +03:00
Jouni Malinen
5a1cc30f1a WPS: Add support for dynamic AP PIN management
A new hostapd_cli command, wps_ap_pin, can now be used to manage
AP PIN at runtime. This can be used to generate a random AP PIN and
to only enable the AP PIN for short period (e.g., based on user
action on the AP device). Use of random AP PIN that is only enabled
for short duration is highly recommended to avoid security issues
with a static AP PIN.
2010-08-24 16:35:37 +03:00
Jouni Malinen
944814106e WPS: Do not disable AP PIN permanently, only slow down attacks
As a compromise between usability and security, do not disable
AP PIN permanently based on failed PIN validations. Instead, go to
AP Setup Locked state for increasing amount of time between each
failure to slow down brute force attacks against the AP PIN.

This avoids problems with some external Registrars that may try
to use the same PIN multiple times without user input. Now, the
user will still be able to fix the PIN and try again later while
a real attack is delayed enough to make it impractical.
2010-08-24 15:24:05 +03:00
Jouni Malinen
b3b2da770e Define Public Action and Vendor-specific Public Action frames 2010-07-17 20:22:40 -07:00
Jouni Malinen
950388f745 IEEE 802.11u GAS defines 2010-07-17 20:21:39 -07:00
Jouni Malinen
2d8bf73298 Add new debug message level for excessive information
Some frequent debug prints are of limited use and make debug output
difficult to read. Make them use a new debug level so that -dd
provides more readable output (-ddd can now be used to enable
the excessive debug prints).
2010-07-05 12:21:48 -07:00
Jouni Malinen
15dbf1291a WPS ER: Add ctrl_iface event for learned AP settings 2010-05-27 15:24:45 +03:00
Jouni Malinen
8401a6b028 Add Linux rfkill support
Add a new wpa_supplicant state: interface disabled. This can be used
to allow wpa_supplicant to be running with the network interface even
when the driver does not actually allow any radio operations (e.g.,
due to rfkill).

Allow driver_nl80211.c and driver_wext.c to start while rfkill is in
blocked state (i.e., when ifconfig up fails) and process rfkill
events to block/unblock WLAN.
2010-05-23 10:27:32 +03:00
Jouni Malinen
fb2ab5dd6a hostap.git is now 0.8.x development tree
0.7.x for branched into hostap-07.git for stable releases.
2010-04-18 21:01:00 +03:00
Jouni Malinen
be48214d2b Preparations for 0.7.2 release 2010-04-18 18:02:34 +03:00
Jouni Malinen
7992b07f6a Remove unnecessary SUBDIRS loops from src/*/Makefile
There are no subdirectories in any of these directories or plans
for adding ones. As such, there is no point in running the loop
that does not do anything and can cause problems with some shells.
2010-04-17 17:10:31 +03:00
Jouni Malinen
d3ccead325 Make wpa_compare_rsn_ie() handle missing IEs 2010-04-10 16:47:29 +03:00
Jouni Malinen
26e23750b9 FT: Fix FT 4-Way Handshake to include PMKR1Name in messages 2 and 3
IEEE Std 802.11r-2008, 11A.4.2 describes FT initial mobility domain
association in an RSN to include PMKR1Name in the PMKID-List field
in RSN IE in messages 2/4 and 3/4. This makes the RSN IE not be
bitwise identical with the values used in Beacon, Probe Response,
(Re)association Request frames.

The previous versions of wpa_supplicant and hostapd did not add the
PMKR1Name value in EAPOL-Key frame and did not accept it if added
(due to bitwise comparison of RSN IEs). This commit fixes the
implementation to be compliant with the standard by adding the
PMKR1Name value into EAPOL-Key messages during FT 4-Way Handshake and
by verifying that the received value matches with the value derived
locally.

This breaks interoperability with previous wpa_supplicant/hostapd
versions.
2010-04-07 21:04:13 +03:00
Marcin Marzec
f400f4f34b Fix typo in WPA_AUTH_ALG_FT definition
This was not supposed to have duplicate value with WPA_AUTH_ALG_LEAP.
The previous version was unable to set FT as the authentication
algorithm with nl80211.
2010-03-07 21:02:55 +02:00
Jouni Malinen
00468b4650 Add TLS client events, server probing, and srv cert matching
This allows external programs (e.g., UI) to get more information
about server certificate chain used during TLS handshake. This can
be used both to automatically probe the authentication server to
figure out most likely network configuration and to get information
about reasons for failed authentications.

The follow new control interface events are used for this:
CTRL-EVENT-EAP-PEER-CERT
CTRL-EVENT-EAP-TLS-CERT-ERROR

In addition, there is now an option for matching the server certificate
instead of the full certificate chain for cases where a trusted CA is
not configured or even known. This can be used, e.g., by first probing
the network and learning the server certificate hash based on the new
events and then adding a network configuration with the server
certificate hash after user have accepted it. Future connections will
then be allowed as long as the same server certificate is used.

Authentication server probing can be done, e.g., with following
configuration options:
    eap=TTLS PEAP TLS
    identity=""
    ca_cert="probe://"

Example set of control events for this:
CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=US/ST=California/L=San Francisco/CN=Server/emailAddress=server@kir.nu' hash=5a1bc1296205e6fdbe3979728efe3920798885c1c4590b5f90f43222d239ca6a
CTRL-EVENT-EAP-TLS-CERT-ERROR reason=8 depth=0 subject='/C=US/ST=California/L=San Francisco/CN=Server/emailAddress=server@kir.nu' err='Server certificate chain probe'
CTRL-EVENT-EAP-FAILURE EAP authentication failed

Server certificate matching is configured with ca_cert, e.g.:
    ca_cert="hash://server/sha256/5a1bc1296205e6fdbe3979728efe3920798885c1c4590b5f90f43222d239ca6a"

This functionality is currently available only with OpenSSL. Other
TLS libraries (including internal implementation) may be added in
the future.
2010-02-13 11:14:23 +02:00
Jouni Malinen
7796f20edc Add new ctrl_iface event for EAP methods proposed by the server
This makes it easier for external programs to probe EAP server
preferences and potentially automatically detect which method
could be used.
2010-02-11 19:48:36 +02:00
Jouni Malinen
dff0f701d0 Preparations for v0.7.1 release 2010-01-16 19:04:38 +02:00
Jouni Malinen
b590812e8f Add preliminary documentation for ctrl_iface events 2010-01-15 19:24:08 +02:00
Jouni Malinen
abd9fafab6 Standardize on a single definition of auth_alg bitfield values 2010-01-03 21:14:40 +02:00
Jouni Malinen
70f8cc8ec8 Share the same enum for MFP configuration
The three existing enums were already depending on using the same
values in couple of places and it is just simpler to standardize on
one of these to avoid need for mapping between different enums for
the exact same thing.
2010-01-03 21:02:51 +02:00
Jouni Malinen
e049867788 More Doxygen documentation for the driver interface 2010-01-03 20:49:48 +02:00
Jouni Malinen
245519e0cd Replace wpa_supplicant_sta_rx() call with driver event
Get rid of wpa_supplicant_sta_rx() and add a new driver event that is
marked to be used only with driver_test.c. In addition, remove this
functionality from privsep wrapper. This is only use for client mode
MLME testing with driver_test.c.
2010-01-03 11:50:26 +02:00
Jouni Malinen
c2f5126941 WPS: Add Enrollee-seen event message and wpa_gui-qt4 Peers entry
This can be used to show active Enrollees in AP mode to make it
easier to provision a new device.
2009-12-28 16:24:04 +02:00
Jouni Malinen
f0d126d339 Add ctrl_iface events for BSS added/removed 2009-12-28 00:42:51 +02:00
Jouni Malinen
719347511a Get rid of unnecessary typedefs for enums. 2009-12-26 10:35:08 +02:00
Jouni Malinen
ba091c06c5 Mark ieee802_11_parse_elems() input and parsed elems const
In addition, re-order IE pointers and u8 length so that the shorter
length fields are together to allow compiler to optimize structure size.
2009-12-13 23:11:11 +02:00
Jouni Malinen
6fe8296197 Move vendor-specific IE type defines away from driver.h
These are generic IEEE 802.11 defines and do not really need to be in
the driver interface specific header file.
2009-12-10 12:27:46 +02:00
Jouni Malinen
03da66bd59 Remove src/crypto from default include path
In addition, start ordering header file includes to be in more
consistent order: system header files, src/utils, src/*, same
directory as the *.c file.
2009-11-29 23:04:43 +02:00
Jouni Malinen
90973fb2fd Remove src/common from default header file path
This makes it clearer which files are including header from src/common.
Some of these cases should probably be cleaned up in the future not to
do that.

In addition, src/common/nl80211_copy.h and wireless_copy.h were moved
into src/drivers since they are only used by driver wrappers and do not
need to live in src/common.
2009-11-29 17:51:55 +02:00
Jouni Malinen
fc4e2d9501 HT: Remove unneeded struct ht_cap_ie wrapper
It is simpler to just use the HT Capabilities IE payload structure
as-is.
2009-11-29 13:04:21 +02:00
Jouni Malinen
3a328c8133 Remove unused/unneeded IEEE 802.11n definitions 2009-11-29 12:43:23 +02:00
Jouni Malinen
a49148fd55 Rename HT Capabilities IE fields to match with IEEE Std 802.11n-2009 2009-11-29 12:02:29 +02:00
Jouni Malinen
4a867032ae Remove deprecated driver_ops handlers
This gets rid of previously deprecated driver_ops handlers set_wpa,
set_drop_unencrypted, set_auth_alg, set_mode. The same functionality
can be achieved by using the init/deinit/associate handlers.
2009-11-23 20:22:38 +02:00