Commit graph

2310 commits

Author SHA1 Message Date
Jouni Malinen
59307b3007 WPS ER: Allow AP to be specified with BSSID
This extends the WPS ER commands that previously accepted only UUID as
an identifier for an AP to use either UUID or BSSID for this.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-01 20:32:09 +03:00
Jouni Malinen
5c9d63d46f WPS: Be more careful with pre-configured DH parameters
Make the implementation more robust against error cases with
pre-configured DH parameters.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-01 19:27:32 +03:00
Jouni Malinen
17b8995cf5 Interworking: Try to use same BSS entry for storing GAS results
There may be cases where multiple BSS entries for a single BSSID are in
the table. This is mostly in automated test cases due to the AP
configuration changes, but something similar could potentially happen as
a corner case in more realistic networks, too, e.g., when an AP changes
its operating channel. Make network selection more robust by trying to
find the exact BSS entry instead of any BSS entry with a matching BSSID
when storing GAS/ANQP response.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-01 11:44:04 +03:00
Jouni Malinen
3db5439a5f Optimize Extended Capabilities element to be of minimal length
Leave out zero octets from the end of the element.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-31 21:58:17 +03:00
Johannes Berg
8cd6b7bce8 hostapd/wpa_s: Use driver's extended capabilities
Some extended capabilities (I'm currently interested in "Operating Mode
Notification" for VHT) are implemented by the kernel driver and exported
in nl80211. Use these in hostapd/wpa_supplicant.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-03-31 21:51:44 +03:00
Jouni Malinen
acb546436a Add ctrl_iface command FLUSH for clearing wpa_supplicant state
This is mainly for testing purposes where it is convenient to have an
easy way of getting wpa_supplicant state cleared between test cases.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-31 20:31:07 +03:00
Masashi Honma
97236cee6a WPS: Skip rescanning after provisioning if AP was configured
If WPS provisioning step is completed with an AP that is in WPS
configured state, we can skip a second scan after the provisioning step
since the AP is unlikely to change its configuration in such a case.
This can speed up WPS connection a bit by removing an unneeded scan.

Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
2013-03-31 20:06:42 +03:00
Jouni Malinen
4342326fc7 Add ignore_old_scan_res configuration parameter
This can be used to configure wpa_supplicant to ignore old scan results
from the driver cache in cases where such results were not updated after
the scan trigger from wpa_supplicant. This can be useful in some cases
where the driver may cache information for a significant time and the AP
configuration is changing. Many such cases are for testing scripts, but
this could potentially be useful for some WPS use cases, too.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-31 18:05:42 +03:00
Jouni Malinen
9599ccc2dd WPS: Clear after_wps on new WPS connection
The after_wps counter could have potentially be left in its old non-zero
value in some WPS sequences which could result in a single-channel scan
being used based on obsolete information. Clear after_wps in
wpas_wps_reassoc() to make sure this does not happen.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-31 18:05:42 +03:00
Jouni Malinen
702621e6dd WPS: Use latest updated BSS entry if multiple BSSID matches found
If the AP (P2P GO) has changes its channel of SSID recently, the BSS
table may have multiple entries for a BSSID. Select the one which was
most recently updated for WPS/P2P operations in such case to increase
the likelihood of using current information.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-31 18:05:42 +03:00
Jouni Malinen
2f9b66d3ab Extend ROAM command to handle multiple SSIDs per BSS
Select the BSS entry based on BSSID,SSID pairs instead of just BSSID to
avoid selecting an unexpected SSID for the ROAM command.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-30 11:49:05 +02:00
Jouni Malinen
ef8151ac57 P2P: Write p2p_ignore_shared_freq to configuration file on updates
Commit b277a2bebc added a new global
configuration parameter, but forgot to update configuration file saving
to store this.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-26 22:24:41 +02:00
Jouni Malinen
18a2eaabe3 Add ap_vendor_elements for wpa_supplicant AP/P2P GO mode
This new parameter allows wpa_supplicant AP mode operations to use
similar design to the vendor_elements parameter in hostapd to add
vendor_elements into Beacon/Probe Response IE parameters.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-21 15:52:41 +02:00
Jouni Malinen
407be00b6c P2P: Postpone P2P scan only if station mode scan is pending
sta_scan_pending was supposed to be accurate enough for determining
whether a P2P scan needs to be postponed. However, it has turned out
that there were cases where sta_scan_pending was not cleared properly.
While the known cases have now been addressed, it is possible that some
other cases may still exist. To avoid issues with P2P operationg getting
stuck, verify more carefully that there is a real pending station mode
scan (either in progress or scheduled to be requested).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-18 17:32:31 +02:00
Jouni Malinen
cfd31b5026 Use special scan result processing steps only on requesting interface
Scan result events are shared between all virtual interfaces sharing the
same radio. However, some of the steps are not really appropriate on
virtual interfaces that did not issue the scan request. Fix this by
making these steps conditional on the scan results being processed on
the interface that requested them.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-18 17:32:31 +02:00
Jouni Malinen
b1cd021e29 P2P: Re-start P2P operation if station mode scanning is stopped
There were couple of code paths that could end up stopping station mode
scanning without clearing sta_scan_pending. This could result in P2P
search getting stuck waiting for completion of station mode scan which
would never show up. Fix this by calling wpas_p2p_continue_after_scan()
in cases where station mode scans are stopped. This allows
sta_scan_pending to be cleared and P2P search operation continued.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-18 17:32:31 +02:00
Jouni Malinen
f85f545e71 P2P: Use common function for re-starting P2P scan after station scan
Make the implementation more consistent and cleaner by using a single
function for addressing all the cases where completion of a station mode
scan operation allows a P2P operation (search) to be re-started.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-18 17:32:31 +02:00
Jouni Malinen
095da179de Android: Enable WNM in the build
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-17 20:19:44 +02:00
Jouni Malinen
ce9283a401 Android: Use CONFIG_WNM mode consistently
Replace CONFIG_IEEE80211V with CONFIG_WNM to get more consistent build
options for WNM-Sleep Mode operations. This is similar to the Makefile
change in commit ad3872a372.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-17 20:13:46 +02:00
Jouni Malinen
69586aa312 Android: Fix CONFIG_WNM use in Android.mk
This code was within ifdef CONFIG_AP and did not get included unless
AP mode support was also enabled. This is similar to the Makefile
change in commit 2dfb9a447c.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-17 20:10:44 +02:00
Jouni Malinen
3b335329b9 Android: Update Android.mk based on Makefile changes
This brings the Android makefiles a bit closer to the Makefile changes
that had been missed in the past.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-17 20:08:23 +02:00
Jouni Malinen
c3aa4da94d Convert WPS NFC python scripts from using wpactrl to wpaspy
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-16 21:47:10 +02:00
Partha Narasimhan
b2a12c4f93 wpa_supplicant: Fix lookup of cached PMKSA
This fixes the lookup of a usable PMKSA entry in the cache. Using
wpa_s->current_ssid often returns nothing when a usable PMKSA exists in
the cache since wpa_s->current_ssid does not necessarily point to the
correct network entry at this point in time (prior to association).

Signed-hostap: Partha Narasimhan <parthan@gmail.com>
2013-03-16 12:45:31 +02:00
Bruno Randolf
65d52fc103 Add capability flag for IBSS and add get_capability modes
Add a driver capability flag for drivers which support IBSS mode and set
it for nl80211 drivers which have set the NL80211_IFTYPE_ADHOC.

Add a new option "modes" to "get_capability" which will return "AP" and
"IBSS" if the corresponding capability flags are set.

The idea is that this can be used for UIs to find out if the driver
supports IBSS mode.

Signed-hostap: Bruno Randolf <br1@einfach.org>
2013-03-16 12:42:15 +02:00
Jouni Malinen
21f01a8e3d Fix build with CONFIG_NO_CONFIG_BLOBS
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-16 12:20:21 +02:00
Solomon Peachy
7d37a357fa Fix build without CONFIG_CTRL_IFACE or CONFIG_NO_STDOUT_DEBUG
Signed-off-by: Solomon Peachy <pizza@shaftnet.org>
2013-03-16 12:07:18 +02:00
Jouni Malinen
dbca75f82a P2P: Remove persistent group peer if it rejects invitation
If a peer replies to persistent group invitation with status code 8
(unknown group), remove the peer from the p2p_client_list if we are the
GO or remove the persistent group if we are the P2P client since it
looks like that the peer has dropped persistent group credentials and
the provisioning step needs to be executed again.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-15 16:43:06 +02:00
Jouni Malinen
b277a2bebc P2P: Allow shared interface channel preference to be ignored
p2p_ignore_shared_freq=1 in the configuration file (or "SET
p2p_ignore_shared_freq 1" on control interface) can now be used to
configure wpa_supplicant to ignore the preference on shared operating
channel when the driver support multi-channel concurrency. The default
behavior is to try to start any new P2P group on an operating channel
that is already in use on another virtual interface to avoid extra cost
from hopping between multiple channels. If this new parameter is set to
1, such preference is not used and instead, the channel for the new P2P
group is selected based on other preferences while ignoring operating
channels of any concurrent connection.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-14 16:32:35 +02:00
Jouni Malinen
6cb27aa85f P2P: Fix shared frequency preference for concurrent operations
Commit 50285f5ca8 changed number of rules
in channel selection and among other things, it broke the design where
the currently used operating channel on a virtual interface that is
shared by the same radio is preferred to avoid costs related to
multi-channel concurrency. Fix this regression by making the P2P module
aware of the shared channel and using that preference as the highest
priority when re-selecting the channel during negotiation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-14 16:26:55 +02:00
Jouni Malinen
a70a52c316 P2P: Allow all channels for multi-channel concurrency (no negotiation)
Commit 79879f4ae8 enabled all channels to
be used when negotiating channel with a driver that supports
multi-channel concurrency. Extend that to cover cases where the channel
is not being negotiated (e.g., p2p_group_add to start a GO).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-14 15:38:11 +02:00
Jouni Malinen
b6714ca1bb Fix compiler warning when CONFIG_IEEE80211R is not included
Commit 6a1ce39599 moved the bssid
variable declaration to be outside CONFIG_IEEE80211R block and
triggered a compiler warning about unused variable.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-13 12:40:57 +02:00
Jouni Malinen
94d7acf3df WPS NFC: Fix build without CONFIG_WPS_ER
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-13 00:02:52 +02:00
Deepthi Gowri
ee9a95c34e Android: Enable IEEE 802.11r in wpa_supplicant builds
Signed-off-by: Deepthi Gowri <deepthi@codeaurora.org>
2013-03-12 20:09:41 +02:00
Deepthi Gowri
6a1ce39599 FT: Add support for IEEE 802.11r with driver-based SME
Add NL80211_CMD_UPDATE_FT_IES to support update of FT IEs to the
WLAN driver. Add NL80211_CMD_FT_EVENT to send FT event from the
WLAN driver. This will carry the target AP's MAC address along
with the relevant Information Elements. This event is used to
report received FT IEs (MDIE, FTIE, RSN IE, TIE, RICIE).

Signed-off-by: Deepthi Gowri <deepthi@codeaurora.org>
2013-03-12 20:08:53 +02:00
Vivek Natarajan
c9c77083b3 P2P: Clear p2p_in_provisioning flag on group removal
Commit 77dfafd07d cancels group formation
timeout on group removal case but failed to reset the
p2p_in_provisioning flag. This can lead to repeated p2p_find failures if
the group gets removed before completion of the WPS provisioning step
(e.g., GO tears down the group). Fix this by clearing
p2p_pin_provisioning when cancelling group formation.

Signed-hostap: Vivek Natarajan <nataraja@qca.qualcomm.com>
2013-03-11 20:47:24 +02:00
Chet Lanctot
9210bea172 Android: Enable IEEE 802.11w support in the build
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-11 13:52:13 +02:00
Chet Lanctot
3ee9ade6cf Allow SME SA Query to be used by all drivers
The unprotected disconnection events were previously processed only for
drivers that used the wpa_supplicant SME implementation (separate
authentication and association commands). However, this can be useful
for drivers that use the connect API, so remove the limitation and allow
the same IEEE 802.11w SA Query mechanism to be used even without full
use of the wpa_supplicant SME.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-11 13:49:40 +02:00
Jouni Malinen
5139008b51 Android: Sync makefile changes for HT/VHT overrides
CONFIG_HT_OVERRIDES and CONFIG_VHT_OVERRIDES were already mentioned in
android.config, but Android.mk did not yet know about them.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-10 18:05:40 +02:00
Johannes Berg
e9ee8dc394 wpa_supplicant: Support VHT capability overrides
Add support for VHT capability overrides to allow testing connections
with a subset of the VHT capabilities that are actually supported by
the device. The only thing that isn't currently supported (by mac80211
and this code) is the RX/TX highest rate field.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-03-10 18:04:39 +02:00
Johannes Berg
eae3a584f5 wpa_supplicant: Parse int values in different bases and reject invalid
Instead of using atoi(), use strtol() which allows checking if
the configuration values are valid integers and can understand
more than just decimal (also hexadecimal and octal). This not
only allows specifying some fields in hex (which can be useful)
but also rejecting invalid configurations, e.g.,
        disassoc_low_ack=27 * 2
which was previously read as just 27.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-03-10 17:55:24 +02:00
David Spinadel
725fc39e07 wpa_supplicant: Reschedule sched scan after network change
Stop sched scan, if running, after any disabling or removing of
a network, and request a new scan if needed.

Signed-hostap: David Spinadel <david.spinadel@intel.com>
2013-03-10 17:51:13 +02:00
Jouni Malinen
14f7907890 Remove unnecessary local variable
The ssid parameter (if NULL) can be used for the loop, too, to make the
code look a bit prettier.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-03-10 17:45:15 +02:00
David Spinadel
dca1a51149 wpa_supplicant: Handle enabling of one or all networks equally
Move enabling a network to a separate function. Try to reconnect if not
associated to an AP. Abort scheduled scan in any case of a new scan.

Signed-hostap: David Spinadel <david.spinadel@intel.com>
2013-03-10 17:43:00 +02:00
David Spinadel
7ed52f678b wpa_supplicant: Save prev_sched_ssid only if needed
If the whole ssid list was scanned, don't save the prev scheduled ssid
since we are going to start from beginning. Thos avoids starting sched
scan from prev_sched_ssid after scanning the full list, in case of
adding a network to ssid during scheduled scan.

Signed-hostap: David Spinadel <david.spinadel@intel.com>
2013-03-10 17:32:03 +02:00
David Spinadel
a09fc1ccf8 wpa_supplicant: Do not allow too short sched scan
In case that the ssid list is longer than max number of ssids,
ths scheduled scan aborted after timeout and rescheduled again
with shorter timeout and longer interval. In case that the timeout
is shorter than the interval, only one scan iteration will
be run. In this case, go back to the initial values.

Signed-hostap: David Spinadel <david.spinadel@intel.com>
2013-03-10 17:27:48 +02:00
Jouni Malinen
77e4e85321 P2P: Mark peer authorized for persistent group invitation
When p2p_invite persistent=<id> is used to request a persistent group to
be re-invoked, the peer may reply with status=1 (info not yet available)
if upper layer processing of the invitiation is requested. The peer is
ten expected to start another invitation exchanged within 120 seconds if
the user authorizes the connection. Allow this process to be used more
easily by automatically authorizing the peer that we tried to invite to
use this second invitation sequence even if persistent_reconnect=0.

For this mechanism to work, the device that starts the invitation needs
to start listen mode to be able to receive the invitation request from
the peer. At least for now, this is not done automatically, but future
changes could potentially enable this automatically at least if there
are no concurrent operations in progress.

Example sequence on the initiator:

cmd: P2P_INVITE persistent=1 peer=<addr>
event: P2P-INVITATION-RESULT status=1
cmd: P2P_LISTEN 120
wait for peer to start another invitiation round.. group will be
re-invoked automatically

On the peer (with persistent_reconnect=0):

event: P2P-INVITATION-RECEIVED sa=<addr> persistent=1 [freq=<MHz>]
wait for user approval
cmd: P2P_INVITE persistent=1 peer=<addr>
group will be re-invoked automatically

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-01 21:32:33 +02:00
Jouni Malinen
cd1e2309a2 P2P: Indicate frequency for upper layer invitation processing
When a device that is a GO in a persistent group receives an Invitation
Request from a P2P client and persistent_reconnect=0, upper layer is
notified of this with P2P-INVITATION-RECEIVED event. The upper layer is
supposed to run another invitation exchange is this case, but if that
does not happen and the GO is started without successful (status=0)
invitation exchange, the operating channel for the group may end up
getting set in a way that the P2P client is not able to support. Provide
optional freq parameter in the P2P-INVITATION-RECEIVED event on the GO
side. If this parameter is received and the upper layer decides to issue
P2P_GROUP_ADD command, that command should include this freq parameter
to make sure the operating channel gets selected from the set that the
peer can support.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-01 21:27:31 +02:00
Jouni Malinen
18206e02c5 Allow wpa_supplicant AP mode to configure Beacon interval
beacon_int (in TU) can now be used to configure Beacon interval for AP
mode operations (including P2P GO) in wpa_supplicant. This can be set
either in a network block or as a global parameter in the configuration
file (or with "SET beacon_int <value>" control interface command) to
apply for all networks that do not include the beacon_int parameter to
override the default.

In addition, this commits extends the dtim_period parameter to be
available as a global parameter to set the default value. dtim_period is
now stored in the configuration file, too, if it was set.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-01 20:50:08 +02:00
Jouni Malinen
5473362458 P2P: Use peer's channel list to limit GO freq on invitation
Peer device includes its list of allowed operating channels in the
Invitation Response frame. When we are becoming the GO, use that list
from the peer to filter out acceptable channels to avoid selecting a
channel that the peer is unable to use.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-01 20:01:01 +02:00
Jouni Malinen
f5877af01e P2P: Allow P2P client to specify preferred group channel
When re-invoking a persistent group in P2P client role, the new
pref=<MHz> parameter can now be used with the p2p_invite command to
indicate a preferred operating frequency. Unlike the older freq=<MHz>
parameter, this leaves GO an option to select another channel (from our
supported channels) if the GO cannot accept the channel.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-01 19:40:54 +02:00
Jouni Malinen
5de4b72177 P2P: Use shared function for setting up frequencies
p2p_connect() and p2p_invite() cases used more or less identical
implementatin. Use a shared function to avoid duplicated code.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-01 18:40:39 +02:00
Deepthi Gowri
79879f4ae8 P2P: Allow all channels in case of multi channel concurrency
If multi channel concurrency is supported, we have to populate the
p2p_channels with list of channels that we support. Use the same design
that was previously added for GO Negotiation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-03-01 18:40:39 +02:00
Jouni Malinen
ff48691368 Avoid partial BSS entries in control interface
Most of the print_bss_info() cases were already returning zero lenth to
avoid returning partial returns to the BSS commands, but the HS 2.0 and
Wi-Fi Display entries behaved differently. Make those consistent with
rest of the items.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-28 18:49:33 +02:00
Dmitry Shmidt
cfd42c94ee Mark last BSS entry by #### instead of ====
This allows ctrl_iface users to iterate through the BSS entries by
fetching multiple BSS entries with "BSS RANGE=N-" without having to use
one extra round to get empty return value as the indication of the last
entry having been found.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-02-28 18:46:06 +02:00
Dmitry Shmidt
c667342933 Add WPA_BSS_MASK_DELIM flag to BSS command
This flag will add ==== delimiter between to separate bss results.
Unlike the other BSS command MASK values, this delimiter is not
included by default to avoid issues with existing users of the BSS
command.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-02-28 18:43:05 +02:00
Masashi Honma
5e24beae02 Use scan results for reconnection
This patch uses existing scan results for fast connection on REASSOCIATE
and RECONNECT commands.

Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
2013-02-28 16:34:08 +02:00
Masashi Honma
ad5dda8222 Interworking: Remove unused variable warnings
This patch removes these warnings.

interworking.c: In function 'interworking_credentials_available_3gpp':
interworking.c:1330:6: warning: unused variable 'ret' [-Wunused-variable]
interworking.c:1329:19: warning: unused variable 'cred' [-Wunused-variable]

Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
2013-02-28 16:34:06 +02:00
Jouni Malinen
aec309c407 wpa_cli: Increase receive buffer from 2048 to 4096 bytes
wpa_supplicant uses 4096 byte buffer for control interface responses, so
wpa_cli should do the same to avoid truncating responses unnecessarily.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-27 15:59:55 +02:00
Sunil Dutt
f8361e3d68 TDLS: Pass peer's VHT Capability information during sta_add
The information of the peer's VHT capability is required for the
driver to establish a TDLS link in VHT mode with a compatible peer.
Pass this information to the driver when the peer station is
getting added.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-25 10:31:50 +02:00
Jouni Malinen
f23ce1f032 WPS: Add AP mode NFC connection handover with wpa_supplicant/nfcpy
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-24 10:57:06 +02:00
Jouni Malinen
f3f2ba2e6e WPS NFC: Add connection handover support for ER
wpa_supplicant can now generate the WPS carrier record for connection
handover response when acting as an ER. The AP whose configuration is
provided in this way is identified with an UUID as an argument to
wps-nfc.py.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-24 10:56:29 +02:00
Jouni Malinen
c39fdb8529 WPS: Add wps-er-config command for writing config token from ER
UUID of the AP is specified on the command line to select which
configuration is used.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-24 10:54:18 +02:00
Jouni Malinen
b618a469c4 Interworking: Select highest priority cred if multiple matches
Previously, the credential to use for a connection with a specific BSS
was picked arbitrary based on first found match of each matching
mechanism. While the credential priorities were used elsewhere, this did
not take into account that different mechanisms could find multiple
matching credentials. As such, the highest priority credential was not
always used in case more than one credential matched with the selected
BSS. Fix this by checking credential priorities again during connection
request.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-16 19:57:35 +02:00
Jouni Malinen
87470ea298 WPS: Fix build without CONFIG_WPS_NFC
Commit bbf41865c9 added calls to functions
that are only defined if CONFIG_WPS_NFC=y. Protect those calls properly
to avoid build issues.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-15 17:09:24 +02:00
Jouni Malinen
5ab9a6a53e WPS: Add support for NFC handover select generation with wpa_supplicant
When wpa_supplicant is controlling an AP mode interface, it can generate
the alternative carrier record for NFC connection handover select
message similarly to the way this is done in hostapd.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-15 12:34:55 +02:00
Jouni Malinen
7bfe27778b WPS: Update NFC connection handover documentation
The last couple of changes to the control interface commands for NFC
connection handover had not yet been documented.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-15 11:51:28 +02:00
Jouni Malinen
bbf41865c9 WPS: Add support for config token generation with wpa_supplicant
When wpa_supplicant is controlling an AP mode interface, it can generate
the NFC configuration token similarly to the way this is done in
hostapd.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-15 11:47:52 +02:00
Jouni Malinen
23ffcaf172 WPS: Allow password token to be written with nfcpy
This adds write-password option for the nfcpy example script for
wpa_supplicant to match hostapd wps-ap-nfc.py functionality.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-15 11:34:13 +02:00
Jouni Malinen
042ec551d4 WPS: Use pre-configured NFC password token instead of overriding it
"WPS_NFC_TOKEN <WPS/NDEF>" used to generate a new NFC password token
regardless of whether there was a pre-configured token in the
configuration. Change this to use the pre-configured value, if
available, instead. This allows the same command to be used to write the
password token to an NFC tag more conveniently.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-15 11:24:29 +02:00
Sunil Dutt
d16531c40c TDLS: Pass peer's Capability and Ext Capability info during sta_add
The contents of the peer's capability and extended capability
information is required for the driver to perform TDLS P-UAPSD and Off
Channel operations. Pass this information to the driver when the peer
station is getting added.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-14 21:02:34 +02:00
Sunil Dutt
189206dddb Android: Enable TDLS support in the build
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-14 21:01:54 +02:00
Sunil Dutt
ff4178d57c TDLS: Pass peer's HT Capability and QOS information during sta_add
The information of the peer's HT capability and the QOS information is
required for the driver to perform TDLS operations. Pass this
information to the driver when the peer station is getting added.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-14 21:01:50 +02:00
Jouni Malinen
b8df43dec6 TDLS: Fix add/set STA operation
Commit a9a1d0f08a added vht_capabilities
to struct hostapd_sta_add_params but forgot to update
wpa_supplicant_tdls_peer_addset() to initialize the variable to NULL.
This could result in uninitialized pointer being used in
driver_nl80211.c when adding a TDLS peer entry. Fix this by clearing the
hostapd_sta_add_params with memset.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-14 21:01:07 +02:00
Sunil Dutt
7b44ff2c21 TDLS: Tear down peers when disconnecting from the AP
A TDLS Teardown frame with Reason Code 3 (Deauthenticated because
sending STA is leaving (or has left) IBSS or ESS) shall be transmitted
to all TDLS peer STAs (via the AP or via the direct path) prior to
transmitting a Disassociation frame or a Deauthentication frame to the
AP.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-13 01:19:44 +02:00
Jouni Malinen
c5f10e804a Use more accurate timestamps for scan results
For various P2P use cases, it is useful to have more accurate timestamp
for the peer information update. This commit improves scan result
handling by using a single timestamp that is taken immediately after
fetching the results from the driver and then using that value to
calculate the time when the driver last updated the BSS entry. In
addition, more debug information is added for P2P peer updates to be
able to clearly see how old information is being used here.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-12 19:14:32 +02:00
Jouni Malinen
e47588279a WPS: Report NFC connection handover completion differently
Instead of reporting only one connection handover message, report
completion of NFC connection handover with carrier record from both the
request and select messages.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-11 18:43:46 +02:00
Jouni Malinen
ec01d5f6b0 P2P: Avoid concurrent scans during all steps of group formation
Previously, only some P2P states were considered to postpone concurrent
station mode scans during group formation. Especially the WPS
provisioning step was skipped due to issues to scans run on the P2P
client interface (see commit fc6997b345).
This is not ideal since a concurrent scan can slow down group formation
considerably and potentially make it time out. Enforce p2p-in-progress
through all steps of group formation on another interface to address
this.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-11 12:21:03 +02:00
Jouni Malinen
77dfafd07d P2P: Cancel group formation timeout on group removal (on client)
Group formation timeout is normally canceled when 4-way handshake is
completed (WPA_COMPLETED -> wpas_p2p_completed). However, it is possible
for the GO to stop the group before this happens (i.e., send
Deauthentication frame with reason code 3 before 4-way handshake is
completed). This resulted in the group getting removed, but the group
formation timeout left behind. The unexpected timeout may then result in
undesired termination of the following operation. Fix this by canceling
the group formation timeout in wpas_p2p_group_delete() similarly to how
group idle timeout was canceled there.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-10 23:36:52 +02:00
Jouni Malinen
bd692a8b0e WPS: Change listen time to match nfcpy default (250 ms)
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-02-10 18:49:20 +02:00
Jouni Malinen
b8dbc5d689 WPS: Report only the carrier record from NFC to wpa_supplicant
Since there could be multiple carrier records, it is cleaner to report
only the WPS carrier record instead of full NFC connection handover
select to wpa_supplicant.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-02-10 18:42:43 +02:00
Jouni Malinen
bbaaaee171 WPS: Fetch only the carrier record from wpa_supplicant for NFC
Since there could be multiple carrier records, it is cleaner to build
only the WPS carrier record instead of full NFC connection handover
request within wpa_supplicant.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-02-10 18:19:59 +02:00
Jouni Malinen
cf78e2acc8 WPS: Clean up debug prints with nfcpy
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-02-10 16:27:59 +02:00
Jouni Malinen
8414860422 WPS: Remove 0.5 sec extra wait from NFC handover with nfcpy
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-02-10 16:27:14 +02:00
Jouni Malinen
dc6bda1123 WPS: Use alternating poll/listen for NFC peer discovery with nfcpy
This is needed to find the NFC peer to avoid cases where both devices
could be using the same operation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-02-10 16:25:20 +02:00
Jouni Malinen
8140ae969b WPS: Configure logging to show nfcpy log message
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-02-10 16:20:25 +02:00
Peter Wu
a24a5ccb28 dbus: Add missing signal description for WPS (7)
Commit caff399250 added a property named
"WPS" to the dbus interface. It did not add the new
WPAS_DBUS_BSS_PROP_WPS property to the function responsible for marking
changed properties though. This cause the following messages to be
printed repeatedly to syslog:

    dbus: wpas_dbus_bss_signal_prop_changed: Unknown Property value 7

Signed-hostap: Peter Wu <lekensteyn@gmail.com>
2013-02-09 12:13:54 +02:00
Jouni Malinen
62cab3b737 eap_proxy: Add a dummy implementation for compilation testing
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-08 11:54:05 +02:00
Deepthi Gowri
bd3ca9d0bf Android: Enable EAP-AKA support in the build
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-08 11:54:03 +02:00
Deepthi Gowri
45f4a97a3a eap_proxy: Add mechanism for allowing EAP methods to be offloaded
In addition to the offload mechanism, the Android configuration and
makefiles are extended to allow this to be configured for the build by
dropping in platform specific configuration files and makefile without
having to modify any existing files.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-08 11:54:01 +02:00
Dmitry Shmidt
66fe0f703c Add 'SCAN TYPE=ONLY' functionality
Usual manual scan request may cause reassociation due to several
reasons. New command is intended to perform pure scan without taking any
automatic action based on the results.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2013-02-07 18:09:50 +02:00
Vladimir Kondratiev
ff3ad3c531 Capability matching for 60 GHz band
On the DMG (60 GHz) band, capability bits defined differently from
non-DMG ones. Adjust capability matching to cover both cases.

Also, for non-DMG bands, check ESS bit is set.

Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
2013-02-07 16:20:18 +02:00
Raja Mani
3140803b6d nl80211: Add ctrl_iface message for AP mode connection rejection
When AP mode operation reject the client, nl80211 layer advertises the
connect failed event with the reason for failures (for example, max
client reached, etc.) using NL80211_CMD_CONN_FAILED.

This patch adds some debug messages whenever such an event is received
from the nl80211 layer and also the same event is posted to the upper
layer via wpa_msg().

Signed-off-by: Raja Mani <rmani@qca.qualcomm.com>
2013-02-07 15:24:53 +02:00
Jouni Malinen
409ca9a84d P2P: Allow local configuration to use 5 GHz band 40 MHz channels
These channels were already enabled for P2P use, but the local
configuration parameter was not allowed to use the operating class in
which the 40 MHz channels are specified.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-07 12:51:17 +02:00
Amar Singhal
9f42d49c55 Fix BSS RANGE command for no exact id match cases
The RANGE=N1-N2 command did not return any entries in some cases where
N1 does not match with any BSS entry. Fix this by allow entries to be
fetched even without knowing the exact id values.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-07 12:27:52 +02:00
Amar Singhal
cc03d0fef3 Add "BSS LAST ..." command
Add the "BSS LAST ..." command. This command helps in fetching the scan
entries iteratively from FIRST entry to LAST entry by ID.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-06 00:31:34 +02:00
Amar Singhal
f330b4b44b Fix the "BSS FIRST.." command
The "BSS FIRST.." command fails when additional parameters (e.g., MASK)
is used since the string comparsion does not take into account the
number of characters. Fix by comparing only 5 characters as in other
commands.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-06 00:28:48 +02:00
Jouni Malinen
5ebe8c8179 HS 2.0: Fix IE buffer length for extra scan IEs
The HS 2.0 Indication element is 7 (not 6) octets. The previous
implementation could result in wpabuf validation code stopping the
program if HS 2.0 was enabled without Interworking or P2P (which would
have created a large enough buffer to avoid hitting this) being enable.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-05 17:40:09 +02:00
Sunil Dutt
3887878e53 TDLS: Remove link, if any, on an implicit set up request
If an implicit TDLS set up request is obtained on an existing link or an
to be established link, the previous link was not removed. This commit
disables the existing link on a new set up request. Also,
wpa_tdls_reneg() function was invoking wpa_tdls_start() on an already
existing peer for the case of internal setup, which is incorrect. Thus
the invocation of wpa_tdls_start() is removed in wpa_tdls_reneg() and
also this function is renamed to wps_tdls_remove() as it does not
renegotiation rather shall remove the link (if any) for the case of
external setup.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-05 13:27:56 +02:00
Jouni Malinen
2b79164f12 P2P: Fix P2P-GROUP-STARTED event for p2p_connect-join
Commit 50178335bf introduced a regression
for P2P-GROUP-STARTED event indication during p2p_connect-join when
using a separate P2P group interface. wpa_s->global->p2p_group_formation
was already set in that case to point to the group interface and this
commit changed this to point to incorrect interface. Fix this by setting
p2p_group_formation here only in case a separate group interface is not
used.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-02-04 15:52:53 +02:00
Jaewan Kim
391f492532 wpa_supplicant: Fix access to the freed memory when removing all networks
Commit 59ff6653aa fixed this issue for
'removing a network', and we also need to take care of 'removing all
networks'.

Signed-hostap: Jaewan Kim <jaewan at google.com>
2013-02-03 21:22:59 +02:00
Jouni Malinen
d6bbcce411 Make wpas_select_network_from_last_scan() static
Addition of wpa_supplicant_fast_associate() made it unnecessary to call
wpas_select_network_from_last_scan() directly from other files.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-02-03 21:13:07 +02:00
Paul Stewart
cecdddc184 wpa_supplicant: Implement fast-associate on SelectNetwork
If scan results are available when we perform a SelectNetwork, use
them to make an associate decision.  This can save an entire scan
interval-worth of time in situations where something external to
wpa_supplicant (like a connection manager) has just previously
requested a scan before calling SelectNetwork.

Signed-hostap: Paul Stewart <pstew@chromium.org>
2013-02-03 21:08:31 +02:00
Pontus Fuchs
9e737f08d4 Update scan interval gracefully
When the scan interval is changed the new interval is effective
after the old interval timer fires off one last time. This can cause
an unacceptable long delay when updating the interval.

Change this behaviour to use MIN(left of old interval, new interval)
for the scan interval following the interval change.

Signed-hostap: Pontus Fuchs <pontus.fuchs@gmail.com>
2013-02-03 18:14:05 +02:00
Sunil Dutt
f2e698de7e TDLS: Disable the link also on driver request for teardown
The link was not disabled for the case of implicit trigger from the
driver unlike in the case of explicit trigger fromc ctrl_iface. Make the
tear down sequences match in these cases by adding the TDLS_DISABLE_LINK
tdls_oper to the driver when processing the TDLS_REQUEST_TEARDOWN event.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-01-22 14:09:54 +02:00
Jouni Malinen
dc013f1e37 eapol_test: Remove unnecessary header file inclusion
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-01-15 12:03:29 +02:00
Jouni Malinen
90d215b264 Fix wpa_priv build
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-13 19:06:53 +02:00
Jouni Malinen
a13e1cc345 Fix EAP-pwd server file name for wpa_supplicant AP builds
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-13 19:06:53 +02:00
Jouni Malinen
2ee1594da9 Updated test_wpa to use new header file for WPA authenticator
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-13 19:06:53 +02:00
Jouni Malinen
62769a88db Move cipher to enum wpa_cipher conversion into wpa_common.c
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-13 18:02:20 +02:00
Jouni Malinen
cf830c1c54 Use a helper function for selection group cipher for AP mode
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-13 17:41:40 +02:00
Jouni Malinen
0282a8c46a Use helper function for writing cipher suite names
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-13 17:31:36 +02:00
Jouni Malinen
031453265f Define allowed pairwise/group cipher suites in a header file
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-13 17:10:38 +02:00
Jouni Malinen
a39c78be41 Use a common function for parsing cipher suites
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-13 17:06:22 +02:00
Jouni Malinen
edbd2a191e Move cipher suite selection into common helper functions
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-13 16:58:54 +02:00
Jouni Malinen
9aadb8774e P2P: Add some more details on Service Query TLV format
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-13 13:43:54 +02:00
Paul Stewart
93c7e332c2 wpa_supplicant: Add more DBus EAP status
Signal the start of EAP authentication as well as when additional
credentials are required to complete.

Signed-hostap: Paul Stewart <pstew@chromium.org>
2013-01-12 19:51:18 +02:00
Jouni Malinen
67bc1375eb Update ChangeLog files to match current implementation
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 18:04:19 +02:00
Jouni Malinen
b4fd3613d3 SAE: Free temporary buffers when moving to Accepted state
Most of the variables are not needed anymore once the SAE instance
has entered Accepted state. Free these to save memory.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
4ef34a9960 SAE: Remove duplicated SAE field debug dumps
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
fbfb0e65bf SAE: Add support for FFC groups
This allows FFC groups to be used with SAE. Though, these groups are not
included in the default sae_groups value based on what is available
since the FFC groups have the additional requirement of using a safe
prime with the current implementation (or specification of the group
order).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
cbf61176ed Add more debug info if wpa_supplicant_set_suites() fails
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
9c75e9fb81 WPS: Verify wpa_config_set() return value more consistently
Even though this command is very unlikely to fail, in theory, it could
and the WPS connection would fail in such a case. Return more clearer
failure indication in such a case without even trying to start
reassociation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
4954c859ea SAE: Indicate used group in ctrl_iface STATUS
The new "sae_group=<id>" line will be included in the ctrl_iface STATUS
output if SAE was used for the association.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
625f202a74 SAE: Allow enabled groups to be configured
hostapd.conf sae_groups parameter can now be used to limit the set of
groups that the AP allows for SAE. Similarly, sae_groups parameter is
wpa_supplicant.conf can be used to set the preferred order of groups. By
default, all implemented groups are enabled.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
e056f93e60 Update copyright notices to include year 2013
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
a46d72d7d7 SAE: Maintain EC group context in struct sae_data
This can be used to share same EC group context through the SAE
exchange.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
aadabe7045 SAE: Use crypto wrappers instead of direct OpenSSL calls
This makes the SAE implementation independent of the crypto/bignum
library.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
d136c376f2 SAE: Add support for Anti-Clogging mechanism
hostapd can now be configured to use anti-clogging mechanism based on
the new sae_anti_clogging_threshold parameter (which is
dot11RSNASAEAntiCloggingThreshold in the standard). The token is
generated using a temporary key and the peer station's MAC address.
wpa_supplicant will re-try SAE authentication with the token included if
commit message is rejected with a token request.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
dd43026a19 SAE: Rename state variables to match IEEE 802.11 standard
The enum values for struct sae_data::state now match the protocol
instance states as defined in IEEE Std 802.11-2012, 11.3.8.2.2

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
47b55a3ef5 SAE: Use PMK in 4-way handshake
Use the PMK that is derived as part of the SAE authentication in the
4-way handshake instead of the PSK.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
f2e9818f73 SAE: Add processing of the confirm message
This adds validation of the received confirm messages for SAE.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
fb8fcc2950 SAE: Add generation of the confirm message fields
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
146f6c9a00 SAE: Add processing of the commit message
This adds validation of the received commit messages and key derivation
for SAE.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
8e31e9550a SAE: Add generation of the commit message fields
This adds derivation of PWE and the needed commit values so that the
full SAE commit message can be built.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
98efcc4176 SAE: Use a shared data structure for AP and station
This makes it easier to share common functions for both roles.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
22760dd947 Prepare for hostapd/wpa_supplicant v2.0 release
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:42:53 +02:00
Jouni Malinen
d03f1e5d63 eapol_test: Allow full RADIUS attribute length to be used
The -N and -C command line parameters can be used to add arbitrary
RADIUS attributes to the messages. However, these were truncated to
about 128 bytes when the actually message was constructed. Fix this by
using larger buffers to allow the maximum attribute length (253 octets
of payload) to be used. [Bug 458]

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 12:39:27 +02:00
Jouni Malinen
42ad72029f eapol_test: Fix extra RADIUS attribute allocation
The sizeof(ptr) use here was not correct and resulted in too small
memory block getting allocated for the -N command line argument.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 12:32:43 +02:00
Janusz Dziedzic
bca06366a9 wpa_supplicant: Save frequency configuration parameter
In case of wpa_supplicant IBSS and AP modes after we will call wpa_cli
save command we should also save configured frequency. In other case
after wpa_supplicant restart we have frequency = 0 and AP start will
fail.

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2013-01-12 10:23:45 +02:00
Jouni Malinen
190e39d9cb Interworking: Do not schedule new scan if process is terminating
The GAS query compilation callback may happen after the wpa_supplicant
process has been requested to terminate. Avoid scheduling a new eloop
timeout for a scan in such a case.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-01-07 18:44:46 +02:00
Jouni Malinen
569d43c7ae Interworking: Do not share ANQP info if none was received
Verify that the other BSS has actually received some valid ANQP
information before sharing the results from it. This fixes potential
issues with cases where some of the APs with the same HESSID has invalid
ANQP configuration.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-01-07 18:41:51 +02:00
Jouni Malinen
d1ec319f12 Interworking: Continue ANQP fetch after TX failure
If the driver rejected any of the offchannel Action frame TX requests,
the previous implementation terminated ANQP fetch process. While the
driver should not really reject the request normally, it is possible
that a request gets rejected for some reason. Allow the fetch process to
continue with the next AP in such case to avoid breaking networking
selection. This could result, e.g., in auto_interworking=1 process
failing to connect if any the driver rejects requests to any of the APs
in the scan result even if some other APs provided suitable information.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2013-01-07 18:38:09 +02:00
Jouni Malinen
2cd6af9c93 Update ChangeLog files to match the current implementation
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-28 17:01:32 +02:00
Jouni Malinen
e4296380e0 Remove unused wpa_scan_get_vendor_ie_multi_beacon()
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-27 12:31:06 +02:00
Jouni Malinen
2c09af3068 Add Doxygen documentation for functionality related to scanning
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-27 12:29:05 +02:00
Jouni Malinen
2474ce4542 Document bgscan configuration options
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-25 20:43:07 +02:00
Jouni Malinen
1cfc678723 Remove reassociated_connection variable
This was used to select between "(auth)" and "(reauth)" in
CTRL-EVENT-CONNECTED events. However, the variable was not cleared
anywhere else apart from the AP deinit case. As such, it did not really
provide correct information and is not really of much use even with
proper clearing added. As such, it is cleaner to just get rid of this
altogether.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-25 19:51:04 +02:00
Jouni Malinen
6350a148c4 P2P: Be more careful with wpa_config_update_psk() call
Commit bb4d4deb4b introduced a code path
that could potentially end up calling wpa_config_update_psk() with NULL
passphrase. While that may not happen in practice, it is better to make
sure it doesn't happen since that function will dereference the
passphrase pointer unconditionally.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-25 19:35:15 +02:00
Masashi Honma
bb4d4deb4b P2P: Allow PSK to be used instead of passphrase for persistent GO
This continues optimizations for use of CPU heavy pbkdf2_sha1() in GO
setup after the earlier commit 30c371e8a5
by allowing PSK to be used instead of passphrase when creating
persistent group information manually for the GO.

It should be noted that this would not meet the requirements in the P2P
specification (GO shall maintain the passphrase), so this should be used
only when there is no need to allow manual configuration of legacy STAs
using the passphrase.

Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
2012-12-25 14:15:07 +02:00
Pandiyarajan Pitchaimuthu
602c6b8340 Android: Stop/restart supplicant scan on PNO start/stop
Cancel the existing supplicant scan and start a new supplicant
scan on PNO start and stop respectively. This makes sure that
supplicant scan is in progress when the device resumes.

Signed-off-by: Pandiyarajan Pitchaimuthu <c_ppitch@qca.qualcomm.com>
2012-12-25 13:54:21 +02:00
Yoni Divinsky
3dfd0484fc P2P: Consider age for the P2P scan results
cfg80211 caches the scan results according the channel number. Due to
the 15 sec aging this might cause the user mode to see more than one
scan result with the same BSSID, e.g. - one scan result for the
P2P Device and one for the P2P GO (once it's enabled).

Fix this by updating the device entry only if the new peer entry is
newer than the one previously stored.

Signed-off-by: Yoni Divinsky <yoni.divinsky@ti.com>
Signed-off-by: Victor Goldenshtein <victorg@ti.com>
Signed-off-by: Igal Chernobelsky <igalc@ti.com>
Signed-hostap: Arik Nemtsov <arik@wizery.com>
2012-12-25 11:22:42 +02:00
Eliad Peller
d125df25e4 ctrl_iface: Check for ongoing sched_scan on SCAN command
The first "if" in the SCAN command handling didn't check properly for
sched_scan, causing the sched_scan and scan to run concurrently, instead
of cancelling the ongoing sched scan (which is handled by the "else if"
later).

Signed-hostap: Eliad Peller <eliad@wizery.com>
2012-12-23 12:52:40 +02:00
Jouni Malinen
2049a875bc WNM: Additional BSS Transition Management capability
Add some more functionality for BSS Transition Management:
- advertise support for BSS Transition Management in extended
  capabilities element
- add hostapd.conf parameter bss_transition=1 for enabling support
  for BSS Transition Management
- add "hostapd_cli disassoc_imminent <STA> <num TBTTs>" for sending
  disassociation imminent notifications for testing purposes
- wpa_supplicant: trigger a new scan to find another BSS if the
  current AP indicates disassociation imminent (TODO: the old AP needs
  to be marked to use lower priority to avoid re-selecting it)

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-22 20:27:30 +02:00
Jouni Malinen
03e47c9c3a Share a single function for building extended capabilities element
This makes it easier to update extended capabilities for all uses
within wpa_supplicant.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-22 19:17:15 +02:00
Masashi Honma
ed2e61fe91 WPS_NFC: Fix typos in comments
Signed-hostap: Masashi Honma <masashi.honma@gmail.com>
2012-12-22 15:25:51 +02:00
Jouni Malinen
27c77751f7 WNM: Fix BSS Transition Management Request processing
The WNM-Sleep Mode handler took over WNM Action frame processing without
addressing the previously implemented WNM handler. Fix this by moving
the BSs Transition Management processing into wnm_sta.c to share a
single handler function for WNM Action frames.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-22 12:02:15 +02:00
Jouni Malinen
a38fdf1c69 Document gas_query.c functions
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-22 11:59:26 +02:00
Jouni Malinen
2f3101d8df Move some P2P offchannel operations to offchannel.c
There is no need for p2p_supplicant.c to access wpa_s->pending_action_tx
so move these references to offchannel.c to get a bit cleaner interface
between the components.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-22 11:22:12 +02:00
Jouni Malinen
b4419c62ad Document offchannel Action frame TX functions
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-22 11:06:56 +02:00
Jouni Malinen
3ab35a6603 Extend EAPOL frames processing workaround for roaming cases
Commit 1ff733383f added a mechanism to
work around issues due to association events and EAPOL RX events being
getting reordered. However, this applied only for the case where
wpa_supplicant is not in associated state. The same issue can happen in
roaming case with drivers that perform BSS selection internally (or in
firmware). Handle that case similarly by delaying received EAPOL frame
processing if the source address of the EAPOL frame does not match the
current BSSID.

Since wired IEEE 802.1X do not have BSSID, make this additional
workaround conditional on BSSID match having been observed during the
previous association.

This fixes issues where the initial EAPOL frame after reassociation was
either dropped (e.g., due to replay counter not increasing) or replied
to with incorrect destination address (the BSSID of the old AP). This
can result in significantly more robust roaming behavior with drivers
that do not use wpa_supplicant for BSS selection.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-21 21:35:35 +02:00
Jouni Malinen
318e772ad1 WPS: Update configuration file after re-enabling networks
Network blocks are disabled during a WPS provisioning step and 10
seconds after this to allow the newly provisioned network to be
selected. The disabled=1 flag gets written to the configuration file
when the credential is added since it happens during this process.
Update the file again after the networks have been re-enabled to avoid
leaving the configuration file into state that is not consistent with
the running configuration.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-21 20:11:26 +02:00
Sunil Dutt
6fbcbc07e4 WPS: Optimize post-WPS scan even if EAP-Failure is not received
Commit 17a4734dc4 shall optimize the
post-WPS scan based on the channel used during the provisioning only
when the EAP-Failure frame is received. In cases where the EAP-Failure
frame is missed, this optimization shall not happen resulting in the
scan in all the channels thus consuming more time for the connection.
This commit enhances this by storing the requisite information after
the M8 frame is received.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-21 15:30:39 +02:00
Jouni Malinen
2ec535fd37 WNM: Add option to disable keep-alive frames for testing purposes
"wpa_cli set no_keep_alive 1/0" can now be used to disable/enable
keep alive frames to enable testing.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-18 16:57:52 +02:00
Jouni Malinen
41014724e2 Fix CONFIG_NO_WPA build with TLS
The SHA1 and MD5 functions need to be included in builds that use TLS
even if WPA support is removed.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-18 15:16:00 +02:00
Jouni Malinen
77d7b090e0 Remove compiler warning on CONFIG_NO_WPA build
wpa_supplicant_set_rekey_offload() is used only if CONFIG_NO_WPA is not
defined.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-18 15:14:54 +02:00
Ben Greear
c8d22af88f wpa_supplicant: Document HT capability overrides
Signed-off-by: Ben Greear <greearb@candelatech.com>
2012-12-18 14:49:35 +02:00
Ben Greear
a90497f85f wpa_supplicant: Allow user to disable short guard interval (SGI)
Requires Linux kernel patch to make the SGI-20 properly disabled. SGI-40
will already work since Linux 3.4 or so.

Signed-hostap: Ben Greear <greearb@candelatech.com>
Signed-off-by: Ben Greear <greearb@candelatech.com>
2012-12-18 14:45:09 +02:00
Vladimir Kondratiev
7829894c21 Introduce 60 GHz band
Basic support for the 60 GHz band. Neither P2P nor WPS are yet taken
care off. Allows to start AP with very simple config:

network={
        ssid="test"
        mode=2
        frequency=60480
        key_mgmt=NONE
}

Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-18 11:50:35 +02:00
Jouni Malinen
058da39cc9 P2P: Add more complete description of p2p_cancel
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-18 11:13:51 +02:00
Jouni Malinen
50178335bf P2P: Allow p2p_cancel to be used to stop p2p_connect-join operation
p2p_cancel did not properly cancel a pending p2p_connect-join operation.
Address the different steps in that process: initial scan, Provision
Discovery exchange before connection, and WPS provisioning step
(including the scans before WPS).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-18 10:39:34 +02:00
Jouni Malinen
03c961e542 Interworking: Default to EAP-MSCHAPv2 with EAP-PEAP
If the NAI Realm list indicates that EAP-PEAP is used, use EAP-MSCHAPv2
as the Phase 2 method by default if the NAI Realm list does not specify
the tunneled method.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-17 23:27:15 +02:00
Jouni Malinen
953d25ca5f HS 2.0: Fix sp_type check in ctrl_iface status command
Commit e99b4f3a14 added functionality to
check whether the current association is with the home SP. This commit
did not take into account that the domain name ANQP information could be
NULL and that could result to a NULL pointer dereference. Fix that by
validation that domain_names != NULL before calling
domain_name_list_contains().

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-17 12:12:13 +02:00
Jouni Malinen
5d247692f6 Fix wpa_supplicant CONFIG_AP=y build with WNM enabled
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-16 19:31:36 +02:00
Jouni Malinen
14df897c7a WNM: Fix memory leak on error path
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-16 19:31:25 +02:00
Jouni Malinen
ad3872a372 WNM: Use CONFIG_WNM more consistently
Replace CONFIG_IEEE80211V with CONFIG_WNM to get more consistent build
options for WNM-Sleep Mode operations. Previously it was possible to
define CONFIG_IEEE80211V without CONFIG_WNM which would break the build.
In addition, IEEE 802.11v has been merged into IEEE Std 802.11-2012 and
WNM is a better term to use for this new functionality anyway.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-16 18:22:54 +02:00
Jouni Malinen
74b4a3606d WNM: Split WNM-Sleep Mode Response processing into separate functions
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-16 13:05:19 +02:00
Jouni Malinen
df80a0ccff WNM: Use defined macros for WNM-Sleep Mode Action Type values
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-16 12:57:38 +02:00
Jouni Malinen
0a47a6a747 WNM: Remove unnecessary extra indentation level
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-16 12:51:02 +02:00
Jouni Malinen
68db9ab047 WNM: Fix GTK/IGTK parsing for WNM-Sleep Mode Response frame
These fields do not use AES keywrap. Instead, they are protected with
management frame protection (and not included if PMF is disabled).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-16 12:48:34 +02:00
Jouni Malinen
e6955ba9f9 WNM: Add WNM-Sleep Mode into Extended Capabilities element
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-16 12:45:59 +02:00
Jouni Malinen
62f6fbb480 WNM: Accept GTK update version of WNM-Sleep Response status
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-16 12:33:55 +02:00
Jouni Malinen
e0c54a159b WNM: Use Dialog Token value 1 in WNM-Sleep Mode Request
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-16 12:32:53 +02:00
Jouni Malinen
cd0ef65784 WNM: Add option for passing TFS request from external programs
The optional tfs_req=<hex dump> parameter can be added for the wnm_sleep
command to specify the TFS request element to use in the WNM-Sleep Mode
Request frame.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-16 12:31:16 +02:00
Jouni Malinen
61c54976f5 WNM: Remove unnecessary path component from includes
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-16 12:29:44 +02:00
Jouni Malinen
e9199e3149 WNM: Add ctrl_iface command for sending WNM-Sleep Mode Request
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-16 12:29:10 +02:00
Jouni Malinen
2dfb9a447c WNM: Fix CONFIG_WNM use in Makefile
This code was within ifdef CONFIG_AP and did not get included unless
AP mode support was also enabled.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-16 12:28:19 +02:00
Jouni Malinen
9af431035f WNM: Remove unused variable
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-16 12:27:38 +02:00
Jouni Malinen
dbea8ac7ab Interworking: Allow SSID-based network exclusion for credentials
The new excluded_ssid parameter within a cred block can be used to
excluded networks from matching with credentials.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-16 12:01:50 +02:00
Jouni Malinen
9aae09f196 Interworking: Fix cred saving
Number of cred block fields were not saved when wpa_supplicant is
writing the configuration file.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-16 12:00:52 +02:00
Jouni Malinen
2047e596ec Interworking: Default to TTLS/MSCHAPv2 for NAI Realm list matching
If the AP does not advertize EAP parameters, default to TTLS/MSCHAPv2
when using username/password credentials.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-16 12:00:06 +02:00
Jouni Malinen
f5f37d3a4f Fix REAUTHENTICATE command after PMKSA caching
The current PMKSA cache entry needs to be clear to allow EAPOL
reauthentication to be started in case this association used PMKSA
caching.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-25 22:05:32 +02:00
Jouni Malinen
1a2d22a242 Remove unneeded header file inclusion
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-25 17:06:38 +02:00
Jouni Malinen
9796a86c23 Use a shared function for requesting a new connection
Both the ctrl_iface and D-Bus interface use similar functionality to
request a new connection. Combine these to a single function to avoid
need to maintain duplicated implementation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-25 16:30:30 +02:00
Jouni Malinen
c27a94f765 Remove unused function prototype
This function was not added, so the prototype should not have been here
either.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-25 16:27:19 +02:00
Jouni Malinen
f1a5263389 Maintain maximum blacklist count over list clear operations
wpas_connection_failed() uses the blacklist count to figure out a
suitable time to wait for the next scan. This mechanism did not work
properly in cases where the temporary blacklist gets cleared due to no
other BSSes being available. Address this by maintaining an additional
count of blacklisting values over wpa_blacklist_clear() calls. In
addition, add one more step in the count to timeout mapping to go to 10
second interval if more than four failures are seen.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-25 16:20:44 +02:00
Jouni Malinen
4115303bbe Document wpa_s->scan_req
Use an enum with documented values to make it easier to understand how
wpa_s->scan_req is used.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-25 15:55:32 +02:00
Jouni Malinen
215ae884d6 Mark sme_send_authentication() static
This function is not used outside sme.c.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-25 15:47:43 +02:00
Jouni Malinen
5cc7032239 P2P: Avoid multi-channel scans when they are not needed
If the driver does not support multi-channel concurrency and a virtual
interface that shares the same radio with the current interface is
operating there may not be need to scan other channels apart from the
current operating channel on the other virtual interface. Filter out
other channels in case we are trying to find a connection for a station
interface when we are not configured to prefer station connection and a
concurrent operation is already in process.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-25 12:47:43 +02:00
Jouni Malinen
3c8e4ec012 Interworking: Enable key_mgmt WPA-EAP-SHA256 if PMF is enabled
If the global pmf=1/2 parameter is used to enable PMF for Interworking
networks, add WPA-EAP-SHA256 to the temporary network block to allow
connection to PMF required APs.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-24 22:31:17 +02:00
Jouni Malinen
62d4980331 Allow PMF to be enabled by default
Previously, PMF (protected management frames, IEEE 802.11w) could be
enabled only with a per-network parameter (ieee80211w). The new global
parameter (pmf) can now be used to change the default behavior to be PMF
enabled (pmf=1) or required (pmf=2) for network blocks that do not
override this with the ieee80211w parameter.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-24 22:21:29 +02:00
Amitkumar Karwar
368b1957a6 Allow OBSS scan and 20/40 coex reports to non-SME drivers
We enable this feature for non-SME drivers as well if
they explicitly indicate need for it.

Signed-off-by: Amitkumar Karwar <akarwar@marvell.com>
Signed-off-by: Bing Zhao <bzhao@marvell.com>
2012-11-24 18:08:48 +02:00
Robert Shade
bff954e9a2 Verify that the selected BSS has a better signal level before roaming
This prevents situations like the following where we roam to a
lesser quality BSS just because the signal level delta is over our
threshold.

wlan0: Considering within-ESS reassociation
wlan0: Current BSS: 00:24:6c:74:0a:40 level=-51
wlan0: Selected BSS: 00:24:6c:74:0a:e0 level=-64
wlan0: Request association: reassociate: 0  selected: 00:24:6c:74:0a:e0
    bssid: 00:24:6c:74:0a:40  pending: 00:00:00:00:00:00  wpa_state: COMPLETED

Signed-hostap: Robert Shade <robert.shade@gmail.com>
2012-11-24 17:17:50 +02:00
Jouni Malinen
e99b4f3a14 HS 2.0: Add Home SP FQDN and roaming/home to status command
This allows the ctrl_iface STATUS information to be used to determine
which Home SP credential (domain in the cred block) was used and whether
the network is operated by the home SP.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-24 12:24:40 +02:00
Jouni Malinen
9afe52eb92 HS 2.0: Add REMOVE_CRED sp_fqdn=<FQDN> command
This allows credential entries to be removed based on SP FQDN without
having to iterate through the configured entries from an external
program to figure out which credentials should be removed for a specific
SP.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-24 12:24:37 +02:00
Jouni Malinen
736d4f2d77 HS 2.0: Remove temporary network block on cred block removal
If the credential that was used to create a temporary HS 2.0 network
block is removed, remove the network block, too.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-24 12:24:34 +02:00
Jouni Malinen
d49ea68284 Android: Force group access to ctrl_iface directory
wpa_supplicant is started from /init.*.rc on Android and that seems
to be using umask 0077 which would leave the control interface
directory without group access. This breaks things since Wi-Fi
framework assumes that this directory can be accessed by other
applications in the wifi group. Fix this by adding group access even
if umask value would prevent this.

In most cases, this issue was not hit since the control interface
directory is normally created by that same init.*.rc file with suitable
mode and wpa_supplicant is killed in the way that does not allow it to
remove the file. However, if wpa_supplicant is allowed stop cleanly, it
will remove the directory and the next start could result with the Wi-Fi
framework not being able to use Wi-Fi (and GUI not showing Wi-Fi getting
enabled).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-23 17:06:36 +02:00
Sunil Dutt
6b947db103 P2P: Remove PD-before-join-timeout mechanism
The PD Request retry limit can be used to achieve the same behavior,
so drop this duplicated timeout mechanism and control the timeout
based on MAX_PROV_DISC_REQ_RETRIES.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-23 01:15:51 +02:00
Jouni Malinen
175171ac6c P2P: Retry PD Request in join-a-running-group case
The GO may be in sleep when we send a PD Request frame to indicate that
we are about to join a running group. Previously, this frame was not
retried more than normal low level retries. This can result in the GO
not getting the frame especially in cases where concurrent multi-channel
operations or aggressive sleep schedule is used since most drivers do
not yet synchronize with the GO's NoA before association.

Increase the likelihood of the GO receiving the PD Request frame by
retransmitting it similarly to the PD-for-GO-Negotiation case. Start
the actual join operation only after these retries have failed to get
an acknowledgment from the GO to give the connection attempt a chance
to succeed if the driver implements better NoA synchronization for it.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-23 00:53:42 +02:00
Sunil Dutt
6752716663 P2P: Set user_initiated_pd separately from the join parameter
p2p_prov_disc_req() used the join parameter to figure out whether the PD
request was a user initiated or not. This does not cover all use cases
of PD, so add a separate parameter to allow caller to indicate whether
the user requested the operation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-23 00:48:58 +02:00
Jouni Malinen
16e38f2e34 Android: Fix AP builds to include the new eap_user_db.c
This is needed to fix the builds after commit
ee431d77a5.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-21 17:55:36 +02:00
Vladimir Kondratiev
9c6f8cb9c8 Fix wpa_supplicant compilation after adding eap_user database
Commit ee431d77a5 broke wpa_supplicant
compilation:

../src/ap/ieee802_1x.o: In function `ieee802_1x_get_eap_user':
/../src/ap/ieee802_1x.c:1689: undefined reference to `hostapd_get_eap_user'
collect2: error: ld returned 1 exit status
make: *** [wpa_supplicant] Error 1

Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
2012-11-21 17:49:47 +02:00
Jouni Malinen
af1dff8c9f wpa_cli: Accept more arguments for set_network
Some network parameters, e.g., auth_alg and eap use a space separated
list of values without quotation marks. To allow these to be entered
from the interactive mode, change set_network command to allow more than
three arguments.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-19 14:04:42 +02:00
Jouni Malinen
1ae1570b5f Update ChangeLog files to match the current implementation
This commit adds description of the main changes from the forking of
hostap-1.git for 1.x releases to the current master branch snapshot.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-18 21:30:38 +02:00
Jouni Malinen
1ce0aa044c Remove unused disassociate() driver_ops
Commits 07783eaaa0 and
3da372fae8 removed the only users of the
disassociate() driver operation, so these driver wrapper functions can
also be removed now.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-15 00:06:12 +02:00
Jouni Malinen
d2901915e7 Fix forgotten no-CONFIG_WPS=y wrapper
Commit 620c783753 modified
wpas_wps_ssid_wildcard_ok() prototype, but forgot to update the
non-WPS-build wrapper. Fix that to match with the new bss parameter
type and remove the now unused declaration of wpa_scan_res.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-14 13:05:53 +02:00
Jouni Malinen
6e2020210a Allow OKC to be enabled by default
Previously, OKC (opportunistic key caching, a.k.a. proactive key
caching) could be enabled only with a per-network parameter
(proactive_key_caching). The new global parameter (okc) can now be used
to change the default behavior to be OKC enabled (okc=1) for network
blocks that do not override this with the proactive_key_caching
parameter.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-12 20:07:53 +02:00
Jouni Malinen
8713a2e6ff P2P: Avoid extra group interface creation on GO reinvocation
If separate group interfaces are used, the pending group interface got
removed unnecessarily when stopping find operations when accepting an
invitation to reinvoke the group in GO role. This resulted in the group
interfaces getting created twice. Avoid this unnecessary extra operation
by skipping removal of the pending interface in the reinvocation
sequence.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-11 20:45:27 +02:00
Pawel Kulakowski
548f100384 bgscan_learn: Prevent infinite busy looping
In highly congested network (BSSes almost on every channel
within ESS) we have hit a bug when wpa_supplicant become
completly irresponsive, infinite looping on while loop.

When probe_idx was equal 0 and we are not able to probe
new frequency, following condition were never fulfilled:
"if (!in_array(freqs, data->supp_freqs[idx]))"

Signed-hostap: Pawel Kulakowski <pawel.kulakowski@tieto.com>
2012-11-11 16:26:36 +02:00
Robert Shade
99276998fa dbus: Do not quote scan_freq and freq_list
scan_freq and freq_list are not parsed by wpa_config_parse_freqs if
quoted.

Signed-hostap: Robert Shade <robert.shade@gmail.com>
2012-11-11 16:21:16 +02:00
Jouni Malinen
c7deed7401 Fix a typo in a comment
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-11 16:09:36 +02:00
Jouni Malinen
207fb86411 WPS: Remove deprecated UFD config method and OOB ctrl_iface
The UFD (USB flash drive) configuration method was deprecated in WSC
2.0. Since this is not known to be used, remove the UFD implementation
from hostapd and wpa_supplicant to allow the WPS implementation to be
cleaned up. This removes the now unused OOB operations and ctrl_iface
commands that had already been deprecated by the new NFC operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-11 13:01:06 +02:00
Masashi Honma
30c371e8a5 P2P: Reduce redundant PSK generation for GO
The PSK generation done by pbkdf2_sha1() is one of the longest CPU time
users according to our profiling from boot to GO started.

So I have reduced some steps.

I could boot a GO by this command sequence.
-------------
add_net
set_network 0 ssid '"DIRECT-XX"'
set_network 0 psk
'"123456789012345678901234567890123456789012345678901234567890123"'
set_network 0 proto RSN
set_network 0 key_mgmt WPA-PSK
set_network 0 pairwise CCMP
set_network 0 auth_alg OPEN
set_network 0 mode 3
set_network 0 disabled 2
p2p_group_add persistent=0 freq=2412
-------------

By this sequence, pbkdf2_sha1() was called three times and the function
calculates the same value each time. Reduce number of calls to
pbkdf2_sha1() from 3 to 1 by caching the previous result.

Signed-hostap: Masashi Honma <masashi.honma at gmail.com>
2012-11-11 11:39:24 +02:00
Paul Stewart
45ac5793fc new_dbus_handlers: Clear errno
There are a few instances where dbus handlers test the value
of errno to test whether strtoul completes successfully.
Since strtoul does not clear errno, and there's no strong
reason to suspect that errno is already clear, it is safer
to clear it right before calling strtoul.  Also, any failure
in strtoul (setting errno non-zero) should be considered a
failure.

While testing using dbus-send, I found that a malformed
network path can cause a crash due to net_id being left
NULL.  We should test for this before calling strtoul
on it.

Tested with:

dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
    /fi/w1/wpa_supplicant1/Interfaces/0 \
    org.freedesktop.DBus.Properties.Get \
    string:fi.w1.wpa_supplicant1.Interface string:Networks
dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
   /fi/w1/wpa_supplicant1/Interfaces/0 \
   fi.w1.wpa_supplicant1.Interface.RemoveNetwork \
   objpath:/fi/w1/wpa_supplicant1/Interfaces/0/Networks/0
dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
   /fi/w1/wpa_supplicant1/Interfaces/0 \
   fi.w1.wpa_supplicant1.Interface.RemoveNetwork \
   objpath:/fi/w1/wpa_supplicant1/Interfaces/0/Networks/0
dbus-send --system --dest=fi.w1.wpa_supplicant1 --print-reply \
   /fi/w1/wpa_supplicant1/Interfaces/0 \
   fi.w1.wpa_supplicant1.Interface.RemoveNetwork \
   objpath:/fi/w1/wpa_supplicant1/Interfaces/0

Signed-hostap: Paul Stewart <pstew@chromium.org>
intended-for: hostap-1
2012-11-11 11:18:31 +02:00
Jouni Malinen
1e8a6e7553 Remove unused wpa_supplicant_disassociate()
This function is now unused after the last couple of commits that
removed the last uses, so remove this to keep code simpler since all
places that disassociate, can use deauthentication instead.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-05 17:05:37 +02:00
Jouni Malinen
07783eaaa0 Use deauthentication instead of disassociation if not associated
cfg80211/mac80211 may reject disassociation command if association has
not yet been formed. Use deauthentication in cases where it is possible
that we are associating at the moment the command is issued.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-05 16:58:00 +02:00
Jouni Malinen
42d235477f Use wpa_drv_{disassociate,deauthenticate} while waiting for connection
wpa_supplicant_{disassociate,deauthenticate}() need to inform the driver
about decision to disconnect even if this happens during the time when
the driver is still trying to complete association. During that time,
wpa_s->bssid is not set, so the code in these functions needs to figure
out the correct BSSID based on that field or wpa_s->pending_bssid. In
addition, it is possible that the BSSID is not even known at
wpa_supplicant at this point in time when using drivers that perform BSS
selection internally. In those cases, the disconnect command needs to be
sent to the driver without the BSSID.

This fixes issues where the driver (or cfg80211 in particular) may be
left in mismatching state with wpa_supplicant when disconnection (e.g.,
due to a ctrl_iface command) happens between connection request and
association event.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-05 16:57:57 +02:00
Jouni Malinen
e50d01b4f1 WPS: Add support for NFC connection handover with nfcpy
This helper script can now handle both reading of a NFC tag and
initiation of NFC connection handover if a peer NFC device is touched.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-04 16:04:42 +02:00
Jouni Malinen
dab710c4d0 WPS: Move NFC tag processing into a separate function
This makes it cleaner to add processing of other NFC operations to the
python script.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-04 15:56:46 +02:00
Jouni Malinen
ec4f5a37b8 WPS: Move wpactrl setup into a separate function
This makes it easier to share this functionality for new NFC use cases.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-04 15:53:33 +02:00
Jouni Malinen
d4f612b7dd WPS: Add an example python script for NFC operations
wps-nfc.py uses nfcpy and python-wpactrl to provide NFC tag information
to wpa_supplicant for WPS operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-03 22:43:15 +02:00
Sven Neumann
caff399250 dbus: Add getter for WPS properties
Add "WPS" property to the DBus interface that allows to
identify the active WPS method of a BSS.

Signed-hostap: Sven Neumann <s.neumann@raumfeld.com>
2012-11-03 18:38:51 +02:00
Jouni Malinen
10737aba22 Handle assoc reject events without wpa_supplicant SME
If the driver indicates the association (or authentication) was
rejected, wpa_supplicant should handle this connection failure similarly
to other cases. Previously, this was only handled with drivers that use
wpa_supplicant SME.

In case of cfg80211-based drivers, a rejected association was actually
already handled since cfg80211 generates a deauthentication event after
indicating connection failure. However, rejected authentication resulted
in wpa_supplicant waiting for authentication timeout to expire which is
unnecessary long wait.

Fix this by calling wpas_connection_failed() to use the common mechanism
to reschedule a new connection attempt with the previously attempted
BSSID blacklisted.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-03 13:50:17 +02:00
Sasha Levitskiy
5ff2c7faed Add parameter checking and error reporting to wpa_blacklist API
Signed-off-by: Sasha Levitskiy <sanek@google.com>
2012-11-01 20:41:27 +02:00
Jouni Malinen
b363121a20 WPS: Reject invalid credential more cleanly
If WPS Registrar tries to provision a WPA/WPA2-Personal network without
including a valid Network Key, the network block cannot be used to
connect to the network. Reject such credential without adding the
network block. This makes wpa_supplicant send WSC_NACK as a response to
the invalid Credential and stop the provisioning process immediately
rather than only after trying unsuccessfully to connect to the network.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-01 16:30:35 +02:00
Jouni Malinen
8c9ad085e9 P2P: Relax Bonjour SD query matching
The DNS Name is allowed to use or not use domain name compression. To
handle both cases, check human readable DNS Name match if binary
matching does not show a hit.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-31 18:25:30 +02:00
Jouni Malinen
560f8bda8c P2P: Support multiple P2P SD Bonjour services with same key
There may be multiple Bonjour PTR matches for the same key, so extend
the P2P SD code for this to allow such entries to be added (i.e., do not
override previously added value, but add a new one). Similarly, return
multiple matches (one per Service TLV) for a query if it happens to
match more than a single configured Bonjour service.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-31 13:01:43 +02:00
Jouni Malinen
96beff11d1 P2P: Allow discoverable interval for p2p_find to be configured
The new P2P_SET parameter disc_int can now be used to configure
discoverable interval for p2p_find operations. The format of the command
for setting the values is "P2P_SET disc_int <minDiscoverableInterval>
<maxDiscoverableInterval> <max TUs for discoverable interval>". The
first two parameters are given in units of 100 TUs (102.4 ms). The third
parameter can be used to further limit the interval into a specific TU
amount. If it is set to -1, no such additional limitation is enforced.
It should be noted that the P2P specification describes the random
Listen state interval to be in units of 100 TUs, so setting the max TU
value to anything else than -1 is not compliant with the specification
and should not be used in normal cases. The default parameters can be
set with "P2P_SET disc_int 1 3 -1".

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-30 15:12:04 +02:00
Jouni Malinen
23270cd8f5 Restore wpa_s->scan_req if scan trigger fails
If the driver rejects the scan request while handling an external
requested scan (e.g., SCAN command on ctrl_iface), wpa_s->scan_req gets
cleared in wpa_supplicant_scan(). This can results in issues when the
scheduled re-try of the scan in one seconds trigger another call to this
function. If ap_scan==2 mode is used, this would result in new
association attempt instead of a new scan. Avoid this by restoring value
of wpa_s->scan_req in case the scan trigger fails and a new scan attempt
is scheduled.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-30 12:27:05 +02:00
Jouni Malinen
340f1c48f7 P2P: Clear pending_pd_before_join on PD timeout
wpas_p2p_pd_before_join_timeout() needs to clear the
pending_pd_before_join flag to match other uses of this flag prior to
calling wpas_p2p_join_start(). Without this, the flag could be left set
which can cause following P2P operations to behave in unexpected ways.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-29 16:25:02 +02:00
Jouni Malinen
d76cd41a3a P2P: Allow separate P2P group interface use to be disabled
The new p2p_no_group_iface=1 configuration parameter can now be used to
disable the default behavior of adding a separate interface for the P2P
group when driver support for concurrent interfaces is available.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-29 15:02:30 +02:00
Jouni Malinen
5fbddfdcf1 P2P: Fix default p2p_group_idle timeout for P2P client role
Commit 0d30cc240f forced
wpa_s->current_ssid to be cleared in wpa_supplicant_mark_disassoc()
which gets called from wpa_supplicant_event_disassoc(). This breaks the
P2P group idle mechanism for the case where p2p_group_idle is not set
(i.e., is the default 0) since wpas_p2p_group_idle_timeout() ignores the
timeout in that case if the interface is not recognized as a client
interface (which was based on wpa_s->current_ssid being set).

Fix this by making wpas_p2p_is_client() default to client case if
wpa_s->current_ssid is NULL. This is much more likely case since the P2P
GO mode operation would not really clear the pointer without explicit
request to disconnect.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-10-28 21:37:15 +02:00
Jouni Malinen
9f36eac6e5 WPS: Remove old OOB NFC interface
The old WPS interface for using NFC has no known deployments and even
the binary libraries referenced here are not easily available anymore.
Since the new interface for using NFC with WPS covers the same
functionality, remove the old implementation to clean up WPS
implementation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-10-28 18:20:03 +02:00
Jouni Malinen
bd3a373767 WPS: Use AP Channel attribute in credential to speed up scan
When WPS is used with NFC connection handover, the AP may indicate its
operating channel within the credential information. Use this
informatiom, if present, to speed up the scan process.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-10-28 18:02:04 +02:00
Jouni Malinen
e65552ddf2 WPS: Add preliminary NFC connection handover support for Enrollee
This commit adds new wpa_supplicant ctrl_iface commands to allow
external programs to go through NFC connection handover mechanism
with wpa_supplicant taking care of the WPS processing. This version
includes only the case where wpa_supplicant is operating as a
station/Enrollee.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-10-28 17:39:46 +02:00
Jouni Malinen
04a3e69dd1 P2P: Allow all channels with multi-channel concurrency
If the driver indicates support for multi-channel concurrency, change
the p2p_connect behavior to not force the current operating channel, but
instead, just mark it as preferred for GO Negotiation. This change
applies only for the case when the freq parameter is not used with the
p2p_connect command.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-26 18:10:46 +03:00
Jouni Malinen
f3989ced4f P2P: Add secondary device types into p2p_peer output
This allows the P2P_PEER command to be used to fetch the list of
secondary device types that each P2P peer has advertised.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-25 09:16:27 +03:00
Jouni Malinen
13ece96f70 P2P: Improve robustness against lost ctrl::ack frames
P2P includes two use cases where one of the devices is going to start a
group and likely change channels immediately after processing a frame.
This operation may be fast enough to make the device leave the current
channel before the peer has completed layer 2 retransmission of the
frame in case the ctrl::ack frame was lost. This can result in the peer
not getting TX status success notification.

For GO Negotiation Confirm frame, p2p_go_neg_conf_cb() has a workaround
that ignores the TX status failure and will continue with the group
formation with the assumption that the peer actually received the frame
even though we did not receive ctrl::ack. For Invitation Response frame
to re-invoke a persistent group, no such workaround is used in
p2p_invitation_resp_cb(). Consequently, TX status failure due to lost
ctrl::ack frame results in one of the peers not starting the group.

Increase the likelihood of layer 2 retransmission getting acknowledged
and ctrl::ack being received by waiting a short duration after having
processed the GO Negotiation Confirm and Invitation Response frames for
the re-invocation case. For the former, use 20 ms wait since this case
has been worked around in deployed devices. For the latter, use 50 ms
wait to get even higher likelihood of getting ctrl::ack through since
deployed devices (and the current wpa_supplicant implementation) do not
have a workaround to ignore TX status failure.

20 ms is long enough to include at least couple of retries and that
should increase likelihood of getting ctrl::ack through quite a bit. The
longer 50 ms wait is likely to include full set of layer 2 retries.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-13 17:33:16 +03:00
Jouni Malinen
c423708f02 WPS: Allow PIN timeout to be specified with wpa_supplicant AP/GO
Extend the wpa_cli wps_pin command to support specification of the PIN
expiration time in seconds similarly to hostapd_cli wps_pin command when
using wpa_supplicant for AP mode (including P2P GO).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-10 17:22:35 +03:00
Jouni Malinen
7a808c7eb7 P2P: Allow P2P functionality to be disabled per interface
By default, P2P is enabled globally for all virtual interfaces and this
makes wpa_supplicant include WSC and P2P IEs in Probe Request frames for
all scans even if this is for a non-P2P station connection to speed up
device discovery. If an interface is dedicated for non-P2P station mode
operations, it is now possible to disable addition of WSC and P2P IEs
into Probe Request frames with a per-interface p2p_disabled parameter.
This can be set either in the configuration file (p2p_disabled=1) or at
run time ("wpa_cli -i wlan0 set p2p_disabled 1"). Unlike the previous
mechanism ("wpa_cli p2p_set disabled 1"), the new parameter changes the
behavior only for the specified interface while other interfaces
continue to follow the global P2P enabled/disabled state.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-10 13:08:23 +03:00
Jouni Malinen
d86a33853e Do not clear PMKSA cache on all network block parameter changes
The bssid and priority parameters in a network block do not have any
effect on the validity of a PMKSA cache entry, so avoid flushing the
PMKSA cache when only these parameters are changed. This is mainly
to allow forced roaming or network selection changes without causing
a disconnection if the changes are done during RSN association that
used EAP.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-09 13:06:37 +03:00