Antonio reported that RSN IBSS failed to work.
We traced it down to a GTK failure, and he then
bisected it to commit bdffdc5ddb:
"AP: Reorder WPA/Beacon initialization".
The reason this commit broke it is that the state
machine's GInit variable is never set to false as
wpa_init_keys() never gets called, and thus new
keys are generated every time the state machine
executes.
Fix this by calling wpa_init_keys() when the new
group has been initialised.
Reported-by: Antonio Quartulli <ordex@autistici.org>
Tested-by: Antonio Quartulli <ordex@autistici.org>
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Previously, the WPS scans could have been done in associated state if we
happened to be associated when the request to use WPS was received. This
can slow down scanning and end up in unexpected state if no WPS
association is tried. Avoid these issues by disconnecting when WPS
search is started.
Signed-hostap: Jouni Malinen <j@w1.fi>
Convert core wpa_supplicant code to use u64 instead of void * for the
P2P service discovery reference. Use uintptr_t in type casts in
p2p_supplicant.c to handle the conversion without warnings.
Note: This needs to be revisited for 128-bit CPU where sizeof(void *)
could be larger than sizeof(u64).
Signed-hostap: Jouni Malinen <j@w1.fi>
Some debug messages used incorrect name for Provision Discovery.
Replace "Provisioning Discovery" with "Provision Discovery".
Signed-hostap: Jouni Malinen <j@w1.fi>
WPS overlap detection can detect false overlap if a P2P peer
changes UUID while authentication is ongoing. Changing UUID
is of course wrong but this is what some popular devices do
so we need to work around it in order to keep compatibility
with these devices. There already is a mechanism in WPS
registrar to skip overlap detection if P2P addresses of two
sessions match but it wasn't really triggered because the
address wasn't filled in in the caller function.
Let's fill in this address and also clean up WPS PBC sessions
on WSC process completion if UUID was changed.
Signed-hostap: Vitaly Wool<vitalywool@gmail.com>
If a P2P group network block is removed for any reason (e.g., wps_cancel
command) while the interface is in group formation, remove the group
formation timeout and indicate failure immediately. Previously, this
type of operations could end up leaving the timeout running and result
in somewhat unexpected group formation failure events later.
Signed-hostap: Jouni Malinen <j@w1.fi>
If Provision Discovery Request is sent for GO role (i.e., P2P Group ID
attribute is included), add the group interface name to the control
interface event on the GO. This makes it easier to figure out which
ctrl_iface needs to be used for wps_pbc/wps_pin command to authorize
the joining P2P client.
Signed-hostap: Jouni Malinen <j@w1.fi>
If p2p_prov_disc join command is used prior to p2p_connect join,
skip the duplicated provision discovery exchange.
Signed-hostap: Jithu Jance <jithu@broadcom.com>
This can be used to request Provision Discovery Request to be sent
for the purpose of joining a running group, e.g., to request the GO
to display a PIN that we can then use with p2p_connect join command.
Signed-hostap: Jithu Jance <jithu@broadcom.com>
P2P use cases do not allow use of Label config method and the earlier
code for this has already been removed, but this documentation was not
updated at the same time.
Signed-hostap: Jouni Malinen <j@w1.fi>
The wpa_state needs to be dropped back to DISCONNECTED to allow scan
results to trigger a new authentication attempt.
Signed-hostap: Jouni Malinen <j@w1.fi>
If the AP disconnects us with a reason code that indicates that it has
dropped the association, but could allow us to connect again, try to
reconnect to the same BSS without going through the full scan. This can
save quite a bit of time in some common use cases, e.g., when inactivity
timeout is used on the AP (and especially, when waking up from suspend
which has likely triggered some timeout on the AP).
Signed-hostap: Jouni Malinen <j@w1.fi>
The wpa_state needs to be dropped back to DISCONNECTED to allow scan
results to trigger a new authentication attempt. In addition, we can use
wpas_connection_failed() instead of requesting a scan after a fixed time
to make this error case more consistent with other similar error paths
in sme.c.
Signed-hostap: Jouni Malinen <j@w1.fi>
This allows the MAC address of the interface to be changed when the
interface is set down even if the interface does not get completed
removed and re-added.
Signed-hostap: Jouni Malinen <j@w1.fi>
I have a test case where I remove and insert another network adapter
between two connections to AP. The interface get the same interface name
but switches macadresses between the connections. When running WPA2 I
got a failure in EAPOL negotiation and found out that the reason for
this was that the supplicant did not update the MAC address in the
correct place.
This script shows some minimal WPS user interface requirements for
mobile AP support with wpa_supplicant.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
"wpa_cli status wps" can now be used to fetch the WPA2-Personal
passphrase from AP mode operation with wpa_supplicant to make it
easier to meet WPS requirements for legacy STA support.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
When using wpa_supplicant AP mode, WPS support is enabled by default for
WPA/WPA2-Personal. Change this to enforce the WPS2 rules on not allowing
WPS to be used with WPA/TKIP-only configuration (i.e., at minimum, mixed
mode with WPA/TKIP and WPA2/CCMP has to be used for WPS to be enabled).
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
A disconnection event from the driver may end up getting delivered at a
time when wpa_supplicant is not even trying to connect (e.g., during a
scan that was already started after WPS provisioning step). In such a
case, there is not much point calling wpas_connection_failed() and
skipping this avoids confusing attempts of re-starting scanning while
the previous scan is still in progress.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The show_group_started variable could be left to 1 based on an earlier
failed attempt to start P2P client operation. This can result in
unexpected P2P-GROUP-STARTED event when a GO is started without group
formation (e.g., re-invoke a persistent group or start an autonomous
GO). Avoid this by explicitly clearing show_group_start when setting up
the GO.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Set the HT capabilities of a P2P GO according to the wiphy supported
ones. Mask-in a white-list of HT capabilities that won't cause problems
for non-supporting stations.
Signed-hostap: Arik Nemtsov <arik@wizery.com>
Trying to run sched_scan round every two seconds by defaults sounds way
too frequent since dualband cards are unlikely to be able to complete
the full scan cycle in two seconds. For now, set the hardcoded value to
10 seconds to make this somewhat more reasonable.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
When normal scan can speed up operations, use that for the first three
scan runs before starting the sched_scan to allow user space sleep more.
We do this only if the normal scan has functionality that is suitable
for this or if the sched_scan does not have better support for multiple
SSIDs.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, only networks with scan_ssid=1 were included in sched_scan.
This needs to behave similarly to the normal scan where broadcast SSID
is used to find networks that are not scanned for with a specific SSID.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Instead of including only a single SSID in the sched_scan request if
the driver does not support match sets, just drop the SSID filter and
configure more SSIDs up to the sched_scan limit.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
"SET pno <1/0>" ctrl_iface command can now be used to start/stop PNO
with sched_scan driver commands. This will request offloading of
scanning to find any of the enabled networks in the configuration.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
The filter_ssids pointer needs to be set to NULL if no SSID filters
are set to avoid filtering out all scan results.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This allows the internal TLS implementation to be built for TLS v1.2
support. In addition to the build option, this changes the TLS PRF
based on the negotiated version number. Though, this commit does not
yet complete support for TLS v1.2.
Signed-hostap: Jouni Malinen <j@w1.fi>
Send the connection events from P2P group to both the group interface
and parent interface ctrl_ifaces to make it easier for external monitor
programs to see these events without having to listen to all group
interfaces when virtual group interfaces are used.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
The previous implementation was trying to add the first SSID
to a zero-length array. Avoid this with an explicit validation
of the array length.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This cleans up the source code and makes it less likely that new AKM
addition misses some needed changes in the future.
Signed-hostap: Jouni Malinen <j@w1.fi>
wpa_supplicant is going to reject a configuration file that uses
WPA/WPA2-Personal (the default key_mgmt), but does not define
passphrase/PSK. Refuse to save such a configuration to avoid getting
stuck with a configuration that wpa_supplicant will reject.
Signed-hostap: Jouni Malinen <j@w1.fi>
This is the default value if device_type is not set, so do not
write it to the wpa_supplicant configuration file when saving
updated configuration.
Signed-hostap: Jouni Malinen <j@w1.fi>