Commit graph

2608 commits

Author SHA1 Message Date
Jouni Malinen
1f1b5b31d7 WPS NFC: Clean up nfcpy script no-wait operations
This allows the scripts to terminate at proper point with --no-wait.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 22:08:13 +02:00
Jouni Malinen
79ede5a7e6 WPS NFC: Validate ctrl_iface response before decoding it
If the operation fails for any reason ("FAIL" response), it is cleaner
to return error clearly instead of hitting an exception in the hex
decoder.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 22:08:13 +02:00
Jouni Malinen
ab1db08c05 WPS NFC: Use argparse in the nfcpy scripts
This cleans up command line parsing and simplifies the commands.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 22:08:13 +02:00
Jouni Malinen
6f8fa6e552 WPS NFC: Update wps-nfc.py and wps-ap-nfc.py to use new nfcpy API
This moves many of the peer discovery operations into the core nfcpy.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 22:08:13 +02:00
Jouni Malinen
b56f6c8869 P2P NFC: Add support for freq option in NFC ctrl_iface commands
This can be used to force an operating channel for P2P group formation
triggered by NFC operations.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:31 +02:00
Jouni Malinen
91a65018d8 WPS NFC: Use BSSID and AP Channel from handover select
These optional attributes, if present, can be used to speed up the
initial connection by using a single channel scan.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:31 +02:00
Jouni Malinen
91226e0d12 WPS: Add testing option to corrupt public key hash
If CONFIG_WPS_TESTING=y is enabled in build configuration, the new
wps_corrupt_pkhash parameter (similar to wps_testing_dummy_cred) can be
used to request public key hash to be corrupted in all generated OOB
Device Password attributes. This can be used for testing purposes to
validate public key hash validation steps.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:31 +02:00
Jouni Malinen
73127764fe WPS NFC: add more debug prints for connection handover report
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:31 +02:00
Jouni Malinen
5cd4f66095 WPS NFC: Use AP Channel information from credential container
This allows NFC Configuration Token to indicate the current AP operating
channel, so that a single channel scan can be used to speed up the
initial connection.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:31 +02:00
Jouni Malinen
5cd4740580 P2P NFC: WPA state machine config with driver-based BSS selection
wpa_s->current_bss was updated too late for the
wpa_supplicant_rsn_supp_set_config() call within
wpa_supplicant_select_config(). Re-order code so that current_bss gets
updated between current_ssid update and this call to set the WPA state
machine configuration, so that the new code that determines whether the
current GO support the new IP address assignment mechanism works.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:31 +02:00
Jouni Malinen
8e9f53c367 P2P NFC: Static handover with NFC Tag on client
This adds a new P2P Invitation mechanism to invite a P2P Device with an
NFC Tag to an already operating group when the GO with NFC Device reads
the NFC Tag. The P2P Device with the NFC Tag will then accept invitation
and connect to the group automatically using its OOB Device Password.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
dd87677115 P2P NFC: Enable own NFC Tag on GO Registrar
When "P2P_SET nfc_tag 1" is used to enable the own NFC Tag for P2P, also
enable it for any running GO interface.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
abe44e3ca2 P2P NFC: Add GO info into handover message when in client role
P2P Group ID can optionally be included in the connection handover
messages when acting as a P2P Client in a group. Add this information
and show it in the P2P-NFC-PEER-CLIENT event message.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
23318bea94 P2P NFC: Optimize join-a-group operation based on NFC information
When the NFC connection handover message received from a peer indicates
that the peer is operating as a GO on a specific channel, use that
information to avoid having to go through full scan. In addition, skip
the separate join-a-group scan since we already know the operating
channel, GO P2P Device Address, and SSID.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
86e320819c P2P NFC: Copy DH parameters to a separate group interface
The DH public and private key needs to be copied for the separate group
interface if that is used for a P2P group.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
d4b4d7fe3c WPS NFC: Update DH keys for ER operations
Since wpa_s->conf->wps_nfc_dh_* parameters can be set in number of code
paths, update the wps_context copy of the DH keys even if no new keys
were generated for the request. This tries to avoid some cases where
public key hash may not have matched the public key used in the ER
operation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
59b45d1afe P2P NFC: Add processing of P2P client while NFC handover case
Instead of automatically triggering a connection, provide an indication
of one of the devices being a P2P client to upper layers to allow user
to determine what to do next.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
74df9ecd4a P2P NFC: Do not try to join peer if both devices are already GO
Send a P2P-NFC-BOTH-GO event to upper layers to determine what to
do in case both devices going through NFC connection handover are
already operating as a GO.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
201b0f5fa6 P2P: Add test option to disable IP address assignment request
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:30 +02:00
Jouni Malinen
25ef8529c1 P2P: Add support for IP address assignment in 4-way handshake
This new mechanism allows P2P Client to request an IPv4 address from the
GO as part of the 4-way handshake to avoid use of DHCP exchange after
4-way handshake. If the new mechanism is used, the assigned IP address
is shown in the P2P-GROUP-STARTED event on the client side with
following new parameters: ip_addr, ip_mask, go_ip_addr. The assigned IP
address is included in the AP-STA-CONNECTED event on the GO side as a
new ip_addr parameter. The IP address is valid for the duration of the
association.

The IP address pool for this new mechanism is configured as global
wpa_supplicant configuration file parameters ip_addr_go, ip_addr_mask,
ip_addr_star, ip_addr_end. For example:

ip_addr_go=192.168.42.1
ip_addr_mask=255.255.255.0
ip_addr_start=192.168.42.2
ip_addr_end=192.168.42.100

DHCP mechanism is expected to be enabled at the same time to support P2P
Devices that do not use the new mechanism. The easiest way of managing
the IP addresses is by splitting the IP address range into two parts and
assign a separate range for wpa_supplicant and DHCP server.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:44:26 +02:00
Jouni Malinen
c4f87a701b P2P NFC: Add NFC tag enabling for static handover
The device with the NFC Tag can be configured to enable NFC to be used
with "P2P_SET nfc_tag 1" and "P2P_LISTEN" commands to allow static
handover to be used.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:56 +02:00
Jouni Malinen
dd37a93884 P2P NFC: Report handover select from tag for static handover
WPS_NFC_TAG_READ can be used to report static connection handover where
the connection handover select message was read from an NFC tag.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:56 +02:00
Jouni Malinen
db6ae69e6b P2P NFC: Report connection handover as trigger for P2P
"NFC_REPORT_HANDOVER {INIT,RESP} P2P <req> <sel>" can now be used to
report completed NFC negotiated connection handover in which the P2P
alternative carrier was selected.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:56 +02:00
Jouni Malinen
9358878055 P2P NFC: Build connection handover messages
"NFC_GET_HANDOVER_{REQ,SEL} NDEF P2P-CR" can now be used to build P2P
alternative carrier record for NFC connection handover request/select
messages.

Static connection handover case can be enabled by configuring the DH
parameters (either with wps_nfc_* configuration parameters or with
WPS_NFC_TOKEN command at run time. The NFC Tag contents can be generated
with "NFC_GET_HANDOVER_SEL NDEF P2P-CR-TAG" after having configured
Listen channel (p2p_listen_reg_class/p2p_listen_channel).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:56 +02:00
Jouni Malinen
ab9e34426f P2P NFC: Pass OOB Device Password ID to P2P
GO Negotiation needs to know which OOB Device Password ID is assigned
for the peer when NFC is used as the trigger.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:56 +02:00
Jouni Malinen
50d1f8901c NFC: Update WPS ER to use the new connection handover design
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
d95079361b WPS NFC: Add support for wpa_supplicant AP/GO mode to use handover
New functionality is needed for this with the update NFC connection
handover design that depends on the AP side using the public key hash
from the handover request.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
fa4c2988ae WPS NFC: Process new style handover select
The new WPS connection handover select includes Registrar public key
hash instead of credential. Use the new information to start
abbreviated WPS handshake instead of configuring a new network directly
from the old Credential-from-NFC design.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
41f9ffb635 WPS NFC: Build new style carrier record for connection handover request
It is more useful to be able to build a single NFC carrier record
instead of the full connection handover request message to allow
external components to decide whether to negotiate which alternative
carrier is used. This updates the carrier record contents to the new
design to include Enrollee public key hash and provides this as a
carrier record instead of full message. An external program is expected
to be used to build the full NFC connection handover message with
potentially other alternative carrier records included.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
57630e658b WPS: Preparations for allowing SSID filtering for provisioning step
If the SSID of the WPS AP is known, it should be possible to limit AP
selection based on this when searching for an active WPS AP. This commit
adds a mechanism to specify SSID for this type of uses.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
5f4545573f WPS NFC: Validate peer public key hash on Enrollee
Since the Enrollee can now get the public key hash from the Registrar,
there is need to validate this during the WPS protocol run.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Jouni Malinen
ea43ad960b P2P: Make group operating channel available
Provide local GO channel to the P2P module so that it can be used in
messages that indicate the current operating channel.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 21:10:55 +02:00
Arif Hussain
253f2e3795 P2P: Apply unsafe frequency rules to available channels
This adds a QCA vendor specific nl80211 event to allow the driver to
indicate a list of frequency ranges that should be avoided due to
interference or possible known co-existance constraints. Such
frequencies are marked as not allowed for P2P use to force groups to be
formed on different channels.

If a P2P GO is operating on a channel that the driver recommended not to
use, a notification about this is sent on the control interface and
upper layer code may decide to tear down the group and optionally
restart it on another channel. As a TODO item, this could also be changed
to use CSA to avoid removing the group.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-27 11:49:05 +02:00
Jouni Malinen
8615bdfac9 Increase global ctrl_iface buffer to same size as per-interface
Since the global ctrl_iface can be used with IFNAME= prefix to send
commands to be processed by per-interface code, it should have the same
(well, close to same since the prefix takes some space) limits on
command length as the per-interface ctrl_iface. Increase the buffer from
256 to 4096 to achieve this.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-23 16:57:15 +02:00
Jouni Malinen
c5a64e2d51 GAS client: Use Protected Dual of Public Action frames with PMF
When GAS is used with PMF negotiated, Protected Dual of Public Action
frames are expected to be used instead of Public Action frames, i.e.,
the GAS/ANQP frames are expected to be encrypted. Conver Public Action
GAS queries to use Dual of Public Action frame if PMF has been
negotiated with the AP to which the frame is being sent.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-23 11:50:28 +02:00
Jouni Malinen
5ce00d09c0 GAS server: Add support for Protected Dual of Public Action frames
When GAS is used with PMF negotiated, Protected Dual of Public Action
frames are expected to be used instead of Public Action frames, i.e.,
the GAS/ANQP frames are expected to be encrypted. Add support for this
different category of Action frames being used for GAS. The payload
after the Category field is identical, so the only change is in using
the Category field based on what was received in the request frames. For
backwards compatibility, do not enforce protected dual to be used on the
AP side, i.e., follow what the station does.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-23 11:19:55 +02:00
Jouni Malinen
ea6e040c30 Clear more configuration parameters to default on FLUSH
This makes it more convenient for test scripts to change parameters for
a specific test case without having to separately clear them between
each test case.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-23 10:21:49 +02:00
Raja Mani
cf70d2981d wpa_supplicant: Schedule PNO on completion of ongoing sched_scan
When start PNO request comes from control interface, wpa_supplicant
should wait until ongoing sched_scan (triggered by wpa_supplicant)
gets cancelled. Issuing cancel sched_scan and start PNO scan
one after another from pno_start() would lead wpa_supplicant to clear
wps->sched_scanning flag while getting sched_scan stopped event
from driver for cancel sched_scan request. In fact, PNO scan will
be in progress in driver and wpa_s->sched_scanning will not be set
in such cases.

In addition to this change, RSSI threshold limit is passed as part of
start sched_scan request. This was previously set only in pno_start(),
but the same parameter should be available for generic sched_scan calls
as well and this can now be reached through the new PNO start sequence.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-22 19:41:45 +02:00
Max Stepanov
a6cff8bfa8 wpa_supplicant: Fix seg fault in wpas_ctrl_radio_work_flush() in error case
Verify wpa_s->radio pointer before accessing it. If interface addition
fails, this could get called before wpa_s->radio has been set.

The segmentation fault details:

Program received signal SIGSEGV, Segmentation fault.
0x00000000004b9591 in wpas_ctrl_radio_work_flush (wpa_s=0x77fff0) at ctrl_iface.c:5754
5754		dl_list_for_each_safe(work, tmp, &wpa_s->radio->work,

Call stack:
0  wpas_ctrl_radio_work_flush (wpa_s=0x77fff0) at ctrl_iface.c:5754
1  wpa_supplicant_deinit_iface (wpa_s=0x77fff0, notify=0, terminate=0) at wpa_supplicant.c:3619
2  wpa_supplicant_add_iface (global=0x75db10, iface=0x7fffffffe270) at wpa_supplicant.c:3691
3  wpas_p2p_add_p2pdev_interface (wpa_s=0x75dd20) at p2p_supplicant.c:3700
4  main (argc=<optimized out>, argv=<optimized out>) at main.c:317

Function:
5750	void wpas_ctrl_radio_work_flush(struct wpa_supplicant *wpa_s)
5751	{
5752		struct wpa_radio_work *work, *tmp;
5753
5754		dl_list_for_each_safe(work, tmp, &wpa_s->radio->work,
5755				      struct wpa_radio_work, list) {
5756			struct wpa_external_work *ework;
5757
5758			if (os_strncmp(work->type, "ext:", 4) != 0)

Root cause:
(gdb) p wpa_s->radio
$1 = (struct wpa_radio *) 0x0

Signed-hostap: Max Stepanov <Max.Stepanov@intel.com>
2014-01-22 19:25:22 +02:00
David Spinadel
f62a3c2fce P2P: Clone dtim_period to a new interface
Cloning dtim_period is needed for P2P GO.

Signed-hostap: David Spinadel <david.spinadel@intel.com>
2014-01-22 19:24:41 +02:00
Jouni Malinen
88a0bcab6b Update copyright years in the manpages
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-21 16:33:25 +02:00
Dan Winship
32185f541c Sync manpages and command-line options
Signed-hostap: Dan Williams <dcbw@redhat.com>
2014-01-21 16:31:50 +02:00
Dan Williams
b948e78b46 Add manpage for eapol_test
Signed-hostap: Dan Williams <dcbw@redhat.com>
2014-01-21 16:30:46 +02:00
Dan Williams
36bd29ee5e wpa_supplicant: Fix usage text based on build options
Signed-hostap: Dan Williams <dcbw@redhat.com>
2014-01-21 16:28:31 +02:00
Raja Mani
dd271857a5 Skip normal scan when PNO is already in progress
Scan request failures are observed in wpa_supplicant debug log when
Android framework starts PNO scan in driver via ctrl interface command
'set pno 1' and wpa_supplicant also tries to issue a scan request after
PNO has started in the driver.

Some drivers may reject a normal scan request when PNO is already in
progress. wpa_supplicant should consider PNO status before issuing start
scan request to the driver. Otherwise, wpa_supplicant will get failures
from driver for the scan request and it will end up rescheduling scan
request in periodic interval and get a start scan request failure for
each attempt.

In order to avoid unnecessary scan attempt when PNO scan is already
running, PNO status is checked before issuing scan request to driver.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-21 16:19:49 +02:00
Rashmi Ramanna
a2d6365760 P2P: Extend the listen time based on the active concurrent session
A P2P Device while in the Listen state waiting to respond for the
obtained group negotiation request shall give a fair chance for other
concurrent sessions to use the shared radio by inducing an idle time
between the successive listen states. However, if there are no
concurrent operations, this idle time can be reduced.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-20 22:55:09 +02:00
Dmitry Shmidt
443427e4ed P2P: Add missing direct global ctrl_iface commands for P2P
It should be noted that these commands are not exclusively used for P2P
or in the global context, so use of these commands through the global
control interface for operations that are specific to a single interface
have undefined behavior and that behavior may change in the future. As
such, these are recommend only for operations that are in the global
context (e.g., for P2P management).

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-01-17 11:58:36 +02:00
Jithu Jance
37b4198af4 P2P: Use GO's operating channel to optimize scan during join
Use P2P GO's operating channel information, if known, to do a single
channel scan during the join operation.

Signed-hostap: Jithu Jance <jithu@broadcom.com>
2014-01-17 11:57:07 +02:00
Arend van Spriel
a0e9d89203 Use minimal scan delay upon EVENT_INTERFACE_ADDED
This patch resets the static interface_count to zero in case of
wpa_supplicant_driver_init() call for wpa_s which is in
INTERFACE_DISABLED state. This interface_count is used for the delay of
the scan which is now minimal for dynamically added interfaces. This may
collide with a scan for another interface, but the same is true for any
chosen delay in this scenario. Also the state change to DISCONNECTED is
moved to wpa_supplicant_driver_init() so it will move from
INTERFACE_DISABLED to INACTIVE when there are no enabled networks.

Tested-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>
2014-01-17 11:50:31 +02:00
Arend van Spriel
5ddd07cb37 Reset normal_scans counter upon entering INTERFACE_DISABLED state
Depending on the implementation, the scheduled scan may not give results
quickly when in DISCONNECTED state. This patch resets
wpa_s::normal_scans upon entering to the INTERFACE_DISABLED state so a
normal scan is assured upon going to DISCONNECTED state after the
interface has been re-enabled. This mainly solves a long reconnect time
observed upon repeated kernel driver reloads, i.e., third reload
resulted in a scheduled scan.

Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Signed-hostap: Arend van Spriel <arend@broadcom.com>
2014-01-17 11:48:17 +02:00
Sunil Dutt
3ed97271ba TDLS: Pass peer's Supported channel and oper class info during sta_add
The information of the peer's supported channel and operating class
is required for the driver to do TDLS off channel operations with a
compatible peer. Pass this information to the driver when the peer
station is getting added.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-14 17:24:33 +02:00
Jouni Malinen
c48414af8f P2P: Limit join-a-group scans based on SSID from invitation
If we already know the SSID of the P2P group we are trying to join, use
that SSID to limit scan responses and BSS selection since we do not
really look for any other network in this case. In addition, this can
fix cases where the peer has just changed its SSID (e.g., started a new
group) and there may be multiple BSS entries for the same BSSID.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-01-13 21:39:06 +02:00
Jouni Malinen
78f0c933e0 Flush secondary device types on FLUSH command
This makes it possible to clear previously configured secondary device
types.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 22:27:30 +02:00
Jouni Malinen
2b384109f2 P2P: Allow requested device type to be specified with p2p_find
This allows filtering of P2P peers that reply to the device discovery
Probe Request frames.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 20:01:19 +02:00
Jouni Malinen
d9bb2821e7 Clear configuration blobs on FLUSH command
All te network blocks and credentials were already cleared, but
configurations blobs should also be cleared here, e.g., to get
more consistent behavior test cases using EAP-FAST PACs.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 16:42:15 +02:00
Jouni Malinen
c60ba9f7ab Skip network disabling on expected EAP failure
Some EAP methods can go through a step that is expected to fail and as
such, should not trigger temporary network disabling when processing
EAP-Failure or deauthentication. EAP-WSC for WPS was already handled as
a special case, but similar behavior is needed for EAP-FAST with
unauthenticated provisioning.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-08 16:42:15 +02:00
Ben Greear
3043b4f455 nl80211: Document how to configure for libnl 2.0 and 3.2
Reported-by: Xose Vazquez Perez <xose.vazquez@gmail.com>

Signed-hostap: Ben Greear <greearb@candelatech.com>
2014-01-07 15:35:14 +02:00
Jouni Malinen
95fb2db242 P2P: Reject group formation on WPS provisioning failure
There is no need to wait for the 15 second group formation timeout to
clear the state if WPS failure is detected during P2P group formation.
Allow the WPS exchange steps (WSC_NACK and EAP-Failure) to be completed
and remove the group to get rid of the extra wait.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:12 +02:00
Jouni Malinen
6fc61e180e Fix TX status processing during AP mode shutdown in wpa_supplicant
A TX status event could be received after the AP interface has already
been deinitialized. This needs to check for NULL pointer before trying
to indicate the event to AP functions.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:12 +02:00
Jouni Malinen
b6a9590b34 Interworking: Keep up to two pending GAS_REQUEST responses
Previously, only the last response data was kept in memory. This
increases that to hold up to two last responses to allow some more
parallel operations to be requested. In addition, the response data is
now freed as soon as the external program has fetched it.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:12 +02:00
Jouni Malinen
090b8e3d14 Update copyright notices for the new year 2014
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:12 +02:00
Jouni Malinen
356d1488c4 Interworking: Add optional freq argument to INTERWORKING_SELECT
This can be used to limit which channels are scanned using the specified
list of frequency ranges in the same format that the SCAN command uses.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
a09ffd5f2f Fix req_scan-deplete-timeout and update eloop API for this
Commit e2f5a9889a was supposed to prevent
new scan request from pushing out the old one. However, it did not
really do that since eloop_deplete_timeout() returned 0 both for the
case where the old timeout existed (and was sooner) and if the old
timeout did not exist. It returned 1 only for the case where an old
timeout did exist and was larger than the new requested value. That case
used to result in wpa_supplicant_req_scan() rescheduling the timeout,
but hew code in eloop_deplete_timeout() did the exact same thing and as
such, did not really change anything apart from the debug log message.

Extend the eloop_deplete_timeout() (and eloop_replenish_timeout() for
that matter since it is very similar) to return three different values
based on whether the timeout existed or not and if yes, whether it was
modified. This allows wpa_supplicant_req_scan() to schedule a new
timeout only in the case there was no old timeout.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
083916c022 P2P: Clear p2p_disabled and p2p_per_sta_psk on FLUSH command
The control interface FLUSH command now includes clearing of
"P2P_SET disabled 1" and "P2P_SET per_sta_psk 1".

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
3f45fc403f P2P: Clear services on FLUSH command
The control interface FLUSH command now includes the step executed by
the P2P_SERVICE_FLUSH command.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
1f965e622a Allow external programs to request wpa_radio work items
The new control interface command RADIO_WORK can be used by external
programs to request radio allocation slots from wpa_supplicant if
exclusive radio control is needed, e.g., for offchannel operations. If
such operations are done directly to the driver, wpa_supplicant may not
have enough information to avoid conflicting operations. This new
command can be used to provide enough information and radio scheduling
to avoid issues with such cases.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
6428d0a71f Do not start wpa_radio work during externally triggered scan
If an external program triggers a scan, wpa_supplicant does not have a
wpa_radio work item for this operation to protect against other
offchannel operations. This can result in operations failing, so try to
avoid damage by not starting any new wpa_radio work items during a scan
that was started by another process.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:10 +02:00
Jouni Malinen
6470f471e4 Remove unneeded scan delay on connection-in-progress
This type of protection against concurrent connection and scan
operations is now enforced through the wpa_radio work mechanism, so this
separate protection mechanism is not needed anymore.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:09 +02:00
Jouni Malinen
4bb232153f Remove unneeded GAS query delay on connection-in-progress
This type of protection against concurrent connection and offchannel GAS
operations is now enforced through the wpa_radio work mechanism, so this
separate protection mechanism is not needed anymore.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:09 +02:00
Jouni Malinen
6ac4b15ef8 Use wpa_radio work for connection
This protects against conflicting offchannel operations during
connection (authentication, association, EAP exchanges, 4-way
handshake).

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:09 +02:00
Jouni Malinen
b9e6d7001d Use radio work for GAS requests
Avoid concurrent GAS operations with any other exclusive use of the
radio by using the radio work queuing mechanism. This replaces some of
the earlier constraints on concurrent operations with the more generic
wpa_radio work concept.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:09 +02:00
Jouni Malinen
e05e130837 P2P: Use radio work to protect offchannel Action frame exchanges
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 10:45:09 +02:00
Jouni Malinen
e1d1c8e223 Use radio work for P2P Listen requests
Avoid concurrent P2P Listen operations with any other exclusive use of
the radio by using the radio work queuing mechanism. This removes some
of the earlier workarounds that postponed scans depending on other
operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-07 09:45:32 +02:00
Jouni Malinen
1b5d4714dd Use radio work for P2P scan requests
Avoid concurrent P2P scan requests with any other exclusive use of the
radio by using the radio work queuing mechanism. This removes some of
the earlier workarounds that postponed scans depending on other
operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:39:25 +02:00
Jouni Malinen
d12a51b5d2 Use radio work for scan requests
Avoid concurrent scan requests by using the radio work queuing
mechanism.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:37:50 +02:00
Jouni Malinen
b1ae396f59 Add framework for exclusive radio operations
The new radio work item concept can be used to request time for an
operation that requires exclusive radio control, e.g., a scan. Once the
radio is available, the registered callback function will be called.
radio_work_done() must be called once the exclusive radio operation has
been completed, so that the radio is freed for other operations. The
special case of deinit=1 is used to free the context data during
interface removal. That does not allow the callback function to start
the radio operation, i.e., it needs to free the allocated resources
and return.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:37:03 +02:00
Jouni Malinen
dd43aaa509 Add helper functions for cloning and freeing scan parameters
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:35:52 +02:00
Jouni Malinen
06f9acce18 Ignore externally triggered scan results with scan_res_handler
wpa_s->scan_res_handler is set only for cases where a scan operation is
requested for a specific purpose. As such, this callback should only be
called when a scan result from a scan that was triggered by
wpa_supplicant is processed.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:34:17 +02:00
Jouni Malinen
c9b5559737 Clean up ctrl_iface debug prints for monitor events
Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:34:09 +02:00
Jouni Malinen
d31b5ac778 Use cleaner debug print for ctrl_iface commands with private info
Convert this to a text string instead of ASCII hexdump to make the
debug log more convenient to use.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:33:50 +02:00
Jouni Malinen
9595151f3f Remove duplicated RX ctrl_iface hexdump
The newer wpa_dbg() print includes the same information in a more
convenient form, so remove the duplicate RX ctrl_iface hexdump in the
cases where there is no key material in the control interface commands
(the possible-key-material case is still using wpa_hexdump_ascii_key).

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-05 22:33:18 +02:00
Jouni Malinen
9b850799c1 Fix scan-cache-clearing operation to avoid unnecessary cases
wpa_drv_scan() success case was supposed to clear
wpa_s->clear_driver_scan_cache, not params->only_new_results (which
would do nothing here).

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-03 08:55:51 +02:00
Jouni Malinen
2f30cac36f Avoid unnecessary key clearing operations
Track set_key operations per-key index and clear keys on disconnection
only if the key was set (or may have been set which is the case for the
first operation after wpa_supplicant start).

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-02 23:49:38 +02:00
Jouni Malinen
949938aadf Ask driver to report only new scan results if requested
If the BSS table within wpa_supplicant is flushed, request the driver to
flush its own scan result table during the next scan. This can avoid
unexpected old BSS entries showing up after BSS_FLUSH or FLUSH command
in cases where the driver may maintain its internal cache of scan
results (e.g., cfg80211 BSS table persists at least for 15 seconds).

In addition to doing this automatically on BSS_FLUSH/FLUSH, a new SCAN
command argument, only_new=1, can be used to request a manual scan
request to do same. Though, it should be noted that this maintains the
BSS table within wpa_supplicant. BSS_FLUSH followed by SCAN command can
be used to clear all BSS entries from both the driver and
wpa_supplicant.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-02 23:03:31 +02:00
Jouni Malinen
101bdc2e8c Remove forgotten notes about already removed driver wrappers
These old driver wrappers have been removed quite some time ago, but
some of the build configuration notes were still describing how they
are configured.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-02 10:23:30 +02:00
Jouni Malinen
70067530b6 Update EAP-FAST note regarding OpenSSL support
This is now supported in the current OpenSSL version.

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-02 10:13:11 +02:00
Jouni Malinen
5890fa81d8 WPS: Fix clear-from-timeout handling to avoid race condition
The 100 ms timeout to clear WPS state after EAP-Failure has been
received worked otherwise fine, but it opened a race condition on
another WPS operation starting within that wait. If that happens, the
timeout will cancel that new operation unexpectedly. Fix this by
cancelling the timeout from wpas_clear_wps().

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-01 22:00:09 +02:00
Jouni Malinen
c64e3a08a9 P2P: Send received Presence Response information to ctrl_iface monitors
The P2P_PRESENCE_REQ command did not give any easily available
indication of the response received from the GO. Make this more useful
by providing such response (if received) as a ctrl_iface monitor event
(P2P-PRESENCE-RESPONSE).

Signed-hostap: Jouni Malinen <j@w1.fi>
2014-01-01 18:44:44 +02:00
Jouni Malinen
c5838683a8 Mark wpas_wps_er_nfc_handover_sel() static
This is not used outside wps_supplicant.c.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 19:37:15 +02:00
Jouni Malinen
0187c41d88 Declare wpa_debug_* variables in src/utils/wpa_debug.h
These were somewhat more hidden to avoid direct use, but there are now
numerous places where these are needed and more justification to make
the extern int declarations available from wpa_debug.h. In addition,
this avoids some warnings from sparse.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 19:29:52 +02:00
Jouni Malinen
fcc61230d1 Declare wpa_drivers in src/drivers/driver.h
This avoids some warnings from sparse.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 19:19:37 +02:00
Jouni Malinen
0d79b50ae7 Clear EAPOL Logoff state on FLUSH command
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 19:03:39 +02:00
Jouni Malinen
4848a38d85 Get rid of duplicated cipher suite and AKM definitions
WPA_CIPHER_* and CIPHER_* are used for the exact same set of cipher
suites with the main difference being that the WPA_CIPHER_* version is
suitable to be used as a bitfield. Similarly, WPA_KEY_MGMT_* and
KEY_MGMT_* have similar design for AKMs. There is no need to maintain
two separate copies of the definitions since the bitfield compatible
version can be used for both needs. Get rid of the CIPHER_* and
KEY_MGMT_* versions to clean up the implementation by getting rid of
unnecessary mapping functions.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-31 09:16:27 +02:00
Jouni Malinen
ef93abded7 WPS: Clean up UUID debug print
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-30 23:35:48 +02:00
Jouni Malinen
03ed332407 Interworking: Allow cred blocks not to be saved to a file
The new cred block parameter 'temporary' can be used to indicate that a
cred block is not to be saved to wpa_supplicant configuration file
(e.g., "SET_CRED 0 temporary 1"). This is similar to the concept of
temporary network blocks and allows cred blocks to be managed outside
the wpa_supplicant config file when other parameters are still saved to
the file written by wpa_supplicant.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-30 15:43:55 +02:00
Jouni Malinen
04f7ecc686 Reset WPA parameters to default values on FLUSH command
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 19:25:05 +02:00
Jouni Malinen
152cff6ba6 P2P: Remove WPA_DRIVER_FLAGS_P2P_MGMT option
The option of handling upper layer P2P management operations within the
driver/firmware was originally planned to be used with wpa_supplicant,
but this has not really happened and there is no clear sign of this
being needed in the near term either. This functionality has not been
completed and it is certainly not being kept up-to-date or tested. As
such, it is best to remove it for now and if this or something similar
is needed in the future, it can be brought back once a clear need for it
has been demonstrated first.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 18:20:47 +02:00
Jouni Malinen
538d6f4b54 WPS: Use shorter scan interval during pre-provisioning search
Previously, the shorter scan interval was already in use for the
connection following the provisioning step, but same optimization can
also be used for the pre-provisioning scan.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 18:02:05 +02:00
Jouni Malinen
3187fd900d WPS: Replace wpas_wps_in_progress with identical wpas_wps_searching
There is no point in maintaining two different functions that do
practically the same check of WPS state.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 17:59:12 +02:00
Jouni Malinen
dbfb8e82ff Remove unnecessary EVENT_RX_ACTION
This driver event was used separately for some Action frames, but all
the driver wrappers converted to this from information that would have
been enough to indicate an EVENT_RX_MGMT event. In addition, the
received event was then converted back to a full IEEE 802.11 management
frame for processing in most cases. This is unnecessary complexity, so
get rid of the extra path and use EVENT_RX_MGMT for Action frames as
well as other management frame subtypes.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-12-29 17:18:17 +02:00