Commit graph

1171 commits

Author SHA1 Message Date
Eliad Peller
6448e06415 hostapd: Allow use of driver-generated interface addresses
Add a new 'use_driver_iface_addr' configuration parameter to allow use
of the default interface address generated by the driver on interface
creation. This can be useful when specific MAC addresses were allocated
to the device and we want to use them for multi-BSS operation.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2016-03-06 20:00:40 +02:00
Janusz Dziedzic
3e67171846 hostapd: Add global TERMINATE command
This will terminate the hostapd process.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:44:50 +02:00
Janusz Dziedzic
618f5d01b0 hostapd: Add INTERFACES ctrl_iface command
Return a list of the available interfaces (the main BSS) and optionally
with ctrl_iface when the optional "ctrl" parameter is included. This is
useful when using UDP ctrl_iface and add interfaces using the ADD
command. After that we need to know which UDP port was assigned for the
control interface for the added interface.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:44:50 +02:00
Janusz Dziedzic
180e5b96c3 hostapd: Update ctrl_interface for UDP to include the selected port
Set up the real ctrl_interface for UDP after having selected the port.
This is in format: udp:<port_no>. This is needed to get accurate
interface <-> udp_port mapping.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:44:49 +02:00
Janusz Dziedzic
b9066c638a hostapd: Allow UDP ctrl_iface configuration to set the UDP port
This allows the UDP port to be set for the per-interface and global
control interfaces. The format is: udp:<port_no>

For example:
hostapd -ddt -g udp:8888

And in the configuration file:
ctrl_interface=udp:8877

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:44:43 +02:00
Janusz Dziedzic
56885eecf4 hostapd: Add UDP support for ctrl_iface
Add UDP support for ctrl_iface:

New config option could be set:
CONFIG_CTRL_IFACE=udp
CONFIG_CTRL_IFACE=udp-remote
CONFIG_CTRL_IFACE=udp6
CONFIG_CTRL_IFACE=udp6-remote

And hostapd_cli usage:
hostapd_cli -i localhost:8877

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:44:37 +02:00
Janusz Dziedzic
acf57fae76 ctrl_iface_common: Use sockaddr_storage instead of sockaddr_un
This is a step towards allowing UDP sockets to be used with the common
implementation.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:15:05 +02:00
Janusz Dziedzic
89b781bc89 hostapd: Use common functions for ctrl_iface
Use the common functions, structures when UNIX socket ctrl_iface used.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:15:05 +02:00
Adam Langley
8f38eed628 Android: Remove superfluous OpenSSL include paths
The libcrypto and libssl modules (and their respective static and host
versions) use LOCAL_EXPORT_C_INCLUDE_DIRS thus just including the module
is sufficient.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2016-03-03 16:27:10 +02:00
Jouni Malinen
251953bcb6 Document nas_identifier requirements for RADIUS accounting
nas_identifier needs to be set to a unique value for RADIUS accounting
to work properly. This needs to be unique for each BSS.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-28 21:19:14 +02:00
Michael Braun
d48d1b88d0 FT: Use BSSID as r1_key_holder if no value is configured
r1_key_holder is an identifier that was always set to zero if unless
configured before.

See 11.6.1.7.4 of IEEE Std 802.11-2012 which reads
 "R1KH-ID is a MAC address of the holder of the PMK-R1 in the
  Authenticator of the AP"
See 12.2.2 of IEEE Std 802.11-2012 which reads
 "Each R0KH-ID and R1KH-ID is assumed to be expressed as a unique
  identifier within the mobility domain."
 "The R1KH-ID shall be set to a MAC address of the physical entity
  that stores the PMK-R1 ..."

Defaulting this to BSSID is a more reasonable value since we have not
rejected the missing r1_key_holder as invalid configuration.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-02-28 17:56:42 +02:00
Dedy Lansky
12605642b3 hostapd_cli: Add support for RAW command
Same as for wpa_cli, RAW command is a passthrough to hostapd control
interface.

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
2016-02-22 19:53:05 +02:00
Jouni Malinen
6332aaf3b2 MBO: Track STA cellular data capability from association request
This makes hostapd parse the MBO attribute in (Re)Association Request
frame and track the cellular data capability (mbo_cell_capa=<val> in STA
control interface command).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-22 19:53:05 +02:00
Avraham Stern
c0e2a172a7 hostapd: Add MBO IE to BSS Transition Management Request frame
Add an option to add MBO IE to BSS Transition Management Request frame.
The MBO IE includes the transition reason code, cellular data connection
preference, and, if the disassoc imminent bit is set, it may also
include re-association retry delay. Otherwise, the re-association retry
delay should be set to zero.

The additional BSS_TM_REQ argument uses the following format:
mbo=<reason>:<reassoc delay>:<cell pref>
reason: 0-9
reassoc delay: 0-65535 (seconds; 0 = disabled)
cell pref: 0, 1, 255

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-02-22 19:53:04 +02:00
Avraham Stern
fb9a1c3e28 hostapd: Add MBO IE to Beacon, Probe Response, Association Response
Add MBO IE with AP capability attribute to Beacon, Probe Response, and
(Re)Association Response frames to indicate the AP supports MBO.

Add option to add Association Disallowed attribute to Beacon, Probe
Response, and (Re)Association Response frames. Usage:

SET mbo_assoc_disallow <reason code>

Valid reason code values are between 1-5. Setting the reason code to
0 will remove the Association Disallowed attribute from the MBO IE
and will allow new associations.

MBO functionality is enabled by setting "mbo=1" in the config file.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-02-22 19:53:04 +02:00
Roy Marples
640b0b933a ctype functions require an unsigned char
Ensure that characters are represented as unsigned char when using
isblank() and isspace(). These function take in a "int c" argument, but
it needs to be unsigned for the cases where EOF is not indicated.

Signed-off-by: Roy Marples <roy@marples.name>
2016-02-18 17:39:00 +02:00
Roy Marples
634e2e29d6 Add CONFIG_ELOOP_KQUEUE to defconfig
Signed-off-by: Roy Marples <roy@marples.name>
2016-02-18 17:02:13 +02:00
Michael Braun
8be640b780 VLAN: Add per-STA vif option
This allows the stations to be assigned to their own vif. It does not
need dynamic_vlan to be set. Make hostapd call ap_sta_set_vlan even if
!vlan_desc.notempty, so vlan_id can be assigned regardless.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-02-17 11:46:13 +02:00
Michael Braun
1889af2e0f VLAN: Separate station grouping and uplink configuration
Separate uplink configuration (IEEE 802.1q VID) and grouping of stations
into AP_VLAN interfaces.

The int vlan_id will continue to identify the AP_VLAN interface the
station should be assigned to. Each AP_VLAN interface corresponds to an
instance of struct hostapd_vlan that is uniquely identified by int
vlan_id within an BSS.

New: Each station and struct hostapd_vlan holds a struct
vlan_description vlan_desc member that describes the uplink
configuration requested. Currently this is just an int untagged IEEE
802.1q VID, but can be extended to tagged VLANs and other settings
easily.

When the station was about to be assigned its vlan_id, vlan_desc and
vlan_id will now be set simultaneously by ap_sta_set_vlan(). So
sta->vlan_id can still be tested for whether the station needs to be
moved to an AP_VLAN interface.

To ease addition of tagged VLAN support, a member notempty is added to
struct vlan_description. Is is set to 1 if an untagged or tagged VLAN
assignment is requested and needs to be validated. The inverted form
allows os_zalloc() to initialize an empty description.

Though not depended on by the code, vlan_id assignment ensures:
  * vlan_id = 0 will continue to mean no AP_VLAN interface
  * vlan_id < 4096 will continue to mean vlan_id = untagged vlan id
    with no per_sta_vif and no extra tagged vlan.
  * vlan_id > 4096 will be used for per_sta_vif and/or tagged vlans.

This way struct wpa_group and drivers API do not need to be changed in
order to implement tagged VLANs or per_sta_vif support.

DYNAMIC_VLAN_* will refer to (struct vlan_description).notempty only,
thus grouping of the stations for per_sta_vif can be used with
DYNAMIC_VLAN_DISABLED, but not with CONFIG_NO_VLAN, as struct
hostapd_vlan is still used to manage AP_VLAN interfaces.

MAX_VLAN_ID will be checked in hostapd_vlan_valid and during setup of
VLAN interfaces and refer to IEEE 802.1q VID. VLAN_ID_WILDCARD will
continue to refer to int vlan_id.

Renaming vlan_id to vlan_desc when type changed from int to struct
vlan_description was avoided when vlan_id was also used in a way that
did not depend on its type (for example, when passed to another
function).

Output of "VLAN ID %d" continues to refer to int vlan_id, while "VLAN
%d" will refer to untagged IEEE 802.1q VID.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-02-17 11:46:11 +02:00
Roy Marples
f9982b3212 Implement kqueue(2) support via CONFIG_ELOOP_KQUEUE
NOTE: kqueue has to be closed and re-build after forking. epoll *should*
do the same, but it seems that wpa_supplicant doesn't need it at least.

I have re-worked a little bit of the epoll code (moved into a similar
kqueue function) so it's trivial to requeue epoll if needed in the
future.

Signed-off-by: Roy Marples <roy@marples.name>
2016-02-07 18:09:19 +02:00
Roy Marples
2e69bdd16a eloop: Add eloop_sock_requeue()
This function can be used to re-build eloop socket tables after forking
for eloop implementations that need this.

Signed-off-by: Roy Marples <roy@marples.name>
2016-02-07 12:38:04 +02:00
Jouni Malinen
2da4a56f22 Add more hostapd.conf documentation for hw_mode with HT/VHT
Try to make it more obvious that hw_mode=a needs to be used with HT and
VHT when using the 5 GHz band.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-06 12:50:56 +02:00
Jouni Malinen
15c5606758 Update copyright notices for the new year 2016
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-01 13:42:04 +02:00
Jouni Malinen
f98674aa37 Clone default LIBS value to LIBS_* for other tools
If LIBS is set with some global build system defaults, clone those for
LIBS_c, LIBS_h, LIBS_n, and LIBS_p to cover wpa_cli, wpa_passphrase,
hostapd_cli, hlr_auc_gw, and nt_password_hash as well.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-28 17:21:08 +02:00
Jouni Malinen
5addb0df59 Server configuration for OCSP stapling with ocsp_multi (RFC 6961)
This adds a new hostapd configuration parameter
ocsp_stapling_response_multi that can be used similarly to the existing
ocsp_stapling_response, but for the purpose of providing multiple cached
OCSP responses. This commit adds only the configuration parameter, but
does not yet add support for this mechanism with any of the supported
TLS implementations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-22 19:42:07 +02:00
Jouni Malinen
0fc5707dde hlr_auc_gw: Simplify string parsers with str_token()
The helper function allows these string parsers to be made much simpler.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-18 20:13:39 +02:00
Jouni Malinen
d67e63d5a0 hlr_auc_gw: Fix a typo in an error message
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-18 19:56:21 +02:00
Jouni Malinen
59e71209f5 hlr_auc_gw: Remove unnecessary assignment
The pos variable is not used after the final parsed item, so no need to
set it here.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-18 19:55:01 +02:00
Matt Woods
7b991b47eb Use proper build config for parsing proxy_arp
In the definition of struct hostapd_bss_config, proxy_arp isn't affected
by the macro CONFIG_HS20. In addition, proxy_arp is not described in the
section of Hotspot 2.0 in the file hostapd.conf. The item proxy_arp
should be decided its action area by the macro CONFIG_PROXYARP which is
used to select whether the needed function gets included in the build.

Signed-off-by: Matt Woods <matt.woods@aliyun.com>
2015-12-05 21:03:00 +02:00
Jouni Malinen
213e158ca8 BoringSSL: Move OCSP implementation into a separate file
This makes it easier to share the OCSP implementation needed for
BoringSSL outside tls_openssl.c. For now, this is mainly for
http_curl.c.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-04 20:08:31 +02:00
Pali Rohár
6bb6a9ce29 Add SHA384 and SHA512 implementations from LibTomCrypt library
These will be used with the internal TLS implementation to extend hash
algorithm support for new certificates and TLS v1.2.

Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
2015-11-29 18:19:32 +02:00
Frederic Leroy
7b0f5500b0 eap_sim_db: Implement eap_sim_db_expire_pending()
Expire pending DB request for EAP-SIM/AKA/AKA'. Timeout defaults to 1
second and is user configurable in hostapd.conf (eap_sim_db_timeout).

Signed-off-by: Frederic Leroy <frederic.leroy@b-com.com>
2015-10-31 16:28:16 +02:00
Matthias May
95be79f1f8 Allow -1 as value to disable frag_threshold
To be consistent with the internal representation of how to disable
framentation, allow -1 as a value to disable it in configuration.

Signed-off-by: Matthias May <matthias.may@neratec.com>
2015-10-28 20:53:15 +02:00
Matthias May
bc50bb0ada Extend the range of values for the RTS threshold
Since we have HT rates the maximum framesize is no longer 2346. The
usual maximum size of an A-MPDU is 65535. To disable RTS, the value -1
is already internally used. Allow it in the configuration parameter.

Signed-off-by: Matthias May <matthias.may@neratec.com>
2015-10-28 20:53:15 +02:00
Srinivasa Duvvuri
053693d266 hostapd: Add feature to start all interfaces at the same time in sync
When multiple interfaces across mutiple radios are started using a
single instance of hostapd, they all come up at different times
depending upon how long the ACS and HT scan take on each radio. This
will result in stations (that already have the AP profile) associating
with the first interfaces that comes up. For example in a dual band
radio case (2G and 5G) with ACS enabled, 2G always comes up first
because the ACS scan takes less time on 2G and this results in all
stations associating with the 2G interface first.

This feature brings up all the interfaces at the same time. The list of
interfaces specified via hostapd.conf files on the command line are all
marked as sync interfaces. All the interfaces are synchronized in
hostapd_setup_interface_complete().

This feature is turned on with '-S' commmand line option.

Signed-off-by: Srinivasa Duvvuri <sduvvuri@chromium.org>
2015-10-28 19:47:17 +02:00
Jouni Malinen
9b7a1bd7ed Option to reduce Probe Response frame responses during max STA
The new hostapd configuration parameter no_probe_resp_if_max_sta=1 can
be used to request hostapd not to reply to broadcast Probe Request
frames from unassociated STA if there is no room for additional stations
(max_num_sta). This can be used to discourage a STA from trying to
associate with this AP if the association would be rejected due to
maximum STA limit.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-17 19:30:49 +03:00
Jouni Malinen
ca33a5e895 Add "git describe" based version string postfix
If hostapd or wpa_supplicant is built from a git repository, add a
VERSION_STR postfix from the current git branch state. This is from "git
describe --dirty=+". VERSION_STR will thus look something like
"2.6-devel-hostap_2_5-132-g4363c0d+" for development builds from a
modified repository.

This behavior is enabled automatically if a build within git repository
is detected (based on ../.git existing). This can be disabled with
CONFIG_NO_GITVER=y in wpa_supplicant/.config and hostapd/.config.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-16 22:20:55 +03:00
Jouni Malinen
ef50e41028 Increase the maximum hostapd.conf line length to 4096 bytes
It was already possible to use longer values through the control
interface SET command, but the configuration file parser was still
limited to 512 byte lines. Increase this to 4096 bytes since some of the
configuration parameters (e.g., anqp_elem) can be longer.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-08 12:10:24 +03:00
Jouni Malinen
695dbbea88 Interworking: Add support for configuring arbitrary ANQP-elements
The new hostapd configuration parameter anqp_elem can now be used to
configure arbitrary ANQP-elements for the GAS/ANQP server. In addition
to supporting new elements, this can be used to override previously
supported elements if some special values are needed (mainly for testing
purposes).

The parameter uses following format:
anqp_elem=<InfoID>:<hexdump of payload>

For example, AP Geospatial Location ANQP-element with unknown location:
anqp_elem=265:0000
and AP Civic Location ANQP-element with unknown location:
anqp_elem=266:000000

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-07 17:07:21 +03:00
Maneesh Jain
234a17cc13 Fix couple of typos in hostapd.conf file
Signed-off-by: Maneesh Jain <maneesh.jain@samsung.com>
2015-10-06 23:10:17 +03:00
Johannes Berg
2b6e121676 hostapd: Add testing option to use only ECSA
Some APs don't include a CSA IE when an ECSA IE is generated,
and mac80211 used to fail following their channel switch. Add
a testing option to hostapd to allow reproducing the behavior.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2015-10-03 21:37:17 +03:00
Jouni Malinen
b658547dd5 nl80211: Add build option for QCA vendor extensions
This allows the binary sizes to be reduced if no support for nl80211
vendor extensions are needed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-01 12:45:27 +03:00
Jouni Malinen
49c36b708e Add ChangeLog entries for v2.5
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-27 22:02:05 +03:00
Jouni Malinen
0e2412d086 Add option to reject authentication on 2.4 GHz from dualband STA
The new no_auth_if_seen_on=<ifname> parameter can now be used to
configure hostapd to reject authentication from a station that was seen
on another radio.

This can be used with enabled track_sta_max_num configuration on another
interface controlled by the same hostapd process to reject
authentication attempts from a station that has been detected to be
capable of operating on another band, e.g., to try to reduce likelihood
of the station selecting a 2.4 GHz BSS when the AP operates both a 2.4
GHz and 5 GHz BSS concurrently.

Note: Enabling this can cause connectivity issues and increase latency for
connecting with the AP.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-05 19:11:02 +03:00
Jouni Malinen
964f64e2ee Add option to ignore Probe Request frames on 2.4 GHz from dualband STA
The new no_probe_resp_if_seen_on=<ifname> parameter can now be used to
configure hostapd to not reply to group-addressed Probe Request from a
station that was seen on another radio.

This can be used with enabled track_sta_max_num configuration on another
interface controlled by the same hostapd process to restrict Probe
Request frame handling from replying to group-addressed Probe Request
frames from a station that has been detected to be capable of operating
on another band, e.g., to try to reduce likelihood of the station
selecting a 2.4 GHz BSS when the AP operates both a 2.4 GHz and 5 GHz
BSS concurrently.

Note: Enabling this can cause connectivity issues and increase latency
for discovering the AP.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-05 17:53:15 +03:00
Jouni Malinen
a65a9b8d67 hostapd: Add mechanism to track unconnected stations
hostapd can now be configured to track unconnected stations based on
Probe Request frames seen from them. This can be used, e.g., to detect
dualband capable station before they have associated. Such information
could then be used to provide guidance on which colocated BSS to use in
case of a dualband AP that operates concurrently on multiple bands under
the control of a single hostapd process.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-05 17:11:11 +03:00
Manikandan Mohan
4ae7120919 Allow wpa_cli/hostapd_cli client socket directory to be specified
This adds a new helper function wpa_ctrl_open2() that can be used
instead of wpa_ctrl_open() to override the default client socket
directory. Add optional -s<directory path> argument to hostapd_cli and
wpa_cli to allow the client socket directory to be specified.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-09-01 11:17:43 +03:00
Jouni Malinen
d9c807cab1 Fix key derivation for Suite B 192-bit AKM to use SHA384
While the EAPOL-Key MIC derivation was already changed from SHA256 to
SHA384 for the Suite B 192-bit AKM, KDF had not been updated similarly.
Fix this by using HMAC-SHA384 instead of HMAC-SHA256 when deriving PTK
from PMK when using the Suite B 192-bit AKM.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-27 20:42:14 +03:00
Jouni Malinen
681e199dfb EAP server: Add tls_session_lifetime configuration
This new hostapd configuration parameter can be used to enable TLS
session resumption. This commit adds the configuration parameter through
the configuration system and RADIUS/EAPOL/EAP server components. The
actual changes to enable session caching will be addressed in followup
commits.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-24 02:29:30 +03:00
Jouni Malinen
137b293963 Remove unnecessary NULL check from LOG_LEVEL handler
cmd cannot be NULL here, so there is no need to check it before calling
os_strlen().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-22 00:22:12 +03:00
Jouni Malinen
bc02843e75 hostapd: Add testing option to override own WPA/RSN IE(s)
This allows the new own_ie_override=<hexdump> configuration parameter to
be used to replace the normally generated WPA/RSN IE(s) for testing
purposes in CONFIG_TESTING_OPTIONS=y builds.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-08 18:18:03 +03:00
Srinivas Dasari
5c4f0511a2 hostapd: Add support to configure debug log level at runtime
Add support to read/configure log_level using hostapd control interface
LOG_LEVEL command similarly to what was already supported in
wpa_supplicant.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-03 17:50:09 +03:00
Jouni Malinen
7cb53ded11 Add build option to remove all internal RC4 uses
The new CONFIG_NO_RC4=y build option can be used to remove all internal
hostapd and wpa_supplicant uses of RC4. It should be noted that external
uses (e.g., within a TLS library) do not get disabled when doing this.

This removes capability of supporting WPA/TKIP, dynamic WEP keys with
IEEE 802.1X, WEP shared key authentication, and MSCHAPv2 password
changes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
6ee66b4251 OpenSSL: Add CONFIG_TLS_ADD_DL=y build option for hostapd
This behaves similarly to the same option in wpa_supplicant, i.e., adds
-ldl when linking in libcrypto from OpenSSL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-28 21:00:18 +03:00
Jouni Malinen
16bc3b8935 OpenSSL: Add SHA256 support in openssl_tls_prf() for TLSv1.2
This is needed when enabling TLSv1.2 support for EAP-FAST since the
SSL_export_keying_material() call does not support the needed parameters
for TLS PRF and the external-to-OpenSSL PRF needs to be used instead.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-28 21:00:17 +03:00
Jouni Malinen
ff7a4bd13f FST: Do not replace previous attachment
hapd->iface->fst must not be overridden if it is already pointing to FST
instance. Without this, duplicated FST-ATTACH could result in memory
leak and process termination.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-25 19:52:27 +03:00
Jouni Malinen
ceb8a79c33 FST: Use -EINVAL instead of EINVAL as return value
This is more consistent with other error cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-25 19:50:43 +03:00
Jouni Malinen
de01710b08 hostapd: Add build options for selecting eloop type
This adds CONFIG_ELOOP_POLL=y and CONFIG_ELOOP_EPOLL=y options to
hostapd build options similarly to how these were implemented for
wpa_supplicant.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-23 18:48:41 +03:00
Jouni Malinen
63e169e149 hostapd: Mark config parameter name const
The functions parsing configuration parameters do not modify the name of
the parameter, so mark that function argument constant. In theory, the
value should also be const, but at least for now, number of the parser
functions end up modifying this to simplify parsing.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-21 13:56:19 +03:00
Anton Nayshtut
748febf344 hostapd: Add DUP_NETWORK global control interface command
This adds a new global control interface command DUP_NETWORK with the
following syntax:

DUP_NETWORK src_ifname dst_ifname param

The currently supported parameters:
  wpa
  wpa_key_mgmt
  wpa_pairwise
  rsn_pairwise
  wpa_passphrase
  wpa_psk

The specified configuration parameter is copied from the source
interface to the destination interface. The main use for this is to
allow cloning of security configuration without having to expose the
keys from the hostapd process.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-21 13:42:16 +03:00
Anton Nayshtut
c497a024a2 hostapd: Introduce hostapd_ctrl_iface_get_key_mgmt()
This function will be used in DUP_NETWORK command implementation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-21 13:33:21 +03:00
Anton Nayshtut
b328145296 hostapd: Introduce hostapd_interfaces_get_hapd()
This function will be used in DUP_NETWORK command implementation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-21 13:24:36 +03:00
Jouni Malinen
3188aabaf1 Add shared periodic cleanup function for AP mode
This new mechanism can be used to combine multiple periodic AP
(including P2P GO) task into a single eloop timeout to minimize number
of wakeups for the process. hostapd gets its own periodic caller and
wpa_supplicant uses the previously added timer to trigger these calls.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-20 13:33:30 +03:00
Jouni Malinen
3dfaedb433 hlr_auc_gw: Hide a bogus static analyzer warning
For some reason, snprintf() was not seen as sufficient to remove
potentially tainted string from fgets() before passing this to rename().
This does not make much sense, but anyway, try to get rid of the warning
by using a separate buffer for the internally written file names.
(CID 72690)

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-18 22:55:02 +03:00
Mohammed Shafi Shajakhan
de7581ef68 hostapd: Add current wpa parameter into GET_CONFIG output
This can be used, e.g., by an action script to update new WPS
settings for the AP.

Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qti.qualcomm.com>
2015-07-18 00:17:34 +03:00
Mohammed Shafi Shajakhan
b8e5426dad hostapd_cli: Allow PID file to be specified
This can help when running multiple hostapd_cli instances
per interface and need to kill them correspondingly.

Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qti.qualcomm.com>
2015-07-18 00:15:36 +03:00
Vivek Natarajan
442ffc51ac hostapd: Extend the sounding and BF steering capabilities
Depending on the number of antennas, the txbf sounding
and steering capabilites need to be extended.

Signed-off-by: Vivek Natarajan <nataraja@qti.qualcomm.com>
2015-07-17 23:58:15 +03:00
Jouni Malinen
780753fab2 FST: Clear hostapd fst_ies on FST-DETACH to avoid use of freed memory
This is needed in the corner case of FST-DETACH being used without
stopping the AP instance.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-17 16:29:20 +03:00
Jouni Malinen
898a9790ad Document hostapd ft_over_ds configuration parameter
This had been forgotten from hostapd.conf.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-17 11:16:15 +03:00
Anton Nayshtut
6990d41a74 hostapd: Add global to local control interface redirection
This patch implements global to local control interface redirection in
the same way as it's done for wpa_supplicant. Any global control
interface command beginning with "IFNAME=..." will be routed to the
corresponding local control interface handler.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 20:21:18 +03:00
Anton Nayshtut
585478e2b9 hostapd: Add hostapd_ctrl_iface_receive_process()
The newly introduced function will be used in followup commits to handle
requests redirected from the global control interface.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 20:21:00 +03:00
Anton Nayshtut
a8dab08a28 FST: Testing support
This patch introduces infrastructure needed for FST module tests.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:16 +03:00
Anton Nayshtut
ee03910777 FST: Add hostapd_cli fst command
This can be used to issue FST-MANAGER control interface commands.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
8cf53ec9f7 FST: Add build rules for hostapd
This patch integrates the FST into the hostapd.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
8e9a8b0f8c FST: hostapd control interface
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
6959145b86 FST: Integration into hostapd
This commit integrates the FST into the hostapd.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
104bef453b FST: hostapd configuration parameters
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
ee1e3f57b5 hostapd: Global control interface notifications
This commit implements hostapd global control interface notifications
infrastructure. hostapd global control interface clients issue
ATTACH/DETACH commands to register and deregister with hostapd
correspondingly - the same way as for any other hostapd/wpa_supplicant
control interface.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 12:33:29 +03:00
Jouni Malinen
3722c0f4aa Add EAPOL_SET hostapd command to configure EAPOL parameters
This new control interface command "EAPOL_REAUTH <MAC address>
<parameter> <value>" can be used to implement the IEEE 802.1X PAE
Set Authenticator Configuration operation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-12 11:34:18 +03:00
Jouni Malinen
cfb5c08f21 Add EAPOL_REAUTH hostapd command to trigger EAPOL reauthentication
This new control interface command "EAPOL_REAUTH <MAC address>" can be
used to implement the IEEE 802.1X PAE Reauthenticate operation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-12 11:33:33 +03:00
Jouni Malinen
66f1e078e7 DATA_TEST_TX: Avoid ubsan warning on 0x80<<24 not fitting in int
Use unsigned constant instead of signed to avoid warning with the LSB
being set in an int.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
75352270fa Avoid misaligned IPv4 header accesses in DATA_TEST_* commands
The IPv4 header after the Ethernet header is not 32-bit aligned and the
previous version ended up accessing 32-bit members at misaligned
addresses.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
2da525651d Add backtrace-based error path testing mechanism
The new TEST_FAIL and GET_FAIL control interface commands can be used
similarly to the earlier TEST_ALLOC_FAIL/GET_ALLOC_FAIL design. The new
version is more generic framework allowing any function to be annotated
for failure testing with the TEST_FAIL() macro. This mechanism is only
available in builds with CONFIG_WPA_TRACE_BFD=y and
CONFIG_TESTING_OPTIONS=y. For other builds, the TEST_FAIL() macro is
defined to return 0 to allow the compiler to remove the test code from
normal production builds.

As the first test site, allow os_get_random() to be marked for failing
based on call backtrace.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-29 23:23:56 +03:00
Jouni Malinen
6c7314917b AP: Increase maximum value accepted for cwmin/cwmax
The cwmin/cwmax parameters were limited more than is needed. Allow the
full range (0..15 for wmm_ac_??_{cwmin,cwmax} and 1..32767 for
tx_queue_data?_{cwmin,cwmax}) to be used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-27 23:34:49 +03:00
Kevin Cernekee
a1407217b1 Android: Rename ANDROID_P2P_STUB to ANDROID_LIB_STUB
If BOARD_HOSTAPD_PRIVATE_LIB is not used on an Android build, we will
need to replace both the p2p functions *and* wpa_driver_nl80211_driver_cmd
in order to successfully link.  Let's make the name more generic so it is
more obvious what it is used for.

Suggested-by: Dmitry Shmidt <dimitrysh@google.com>
Signed-off-by: Kevin Cernekee <cernekee@google.com>
2015-06-26 22:46:16 +03:00
Jouni Malinen
b4c0f58452 Clear allocated debug message buffers explicitly
When hostapd or wpa_supplicant is run in debug more with key material
prints allowed (-K on the command line), it is possible for passwords
and keying material to show up in debug prints. Since some of the debug
cases end up allocating a temporary buffer from the heap for processing
purposes, a copy of such password may remain in heap. Clear these
temporary buffers explicitly to avoid causing issues for hwsim test
cases that verify contents of memory against unexpected keys.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-06-17 16:30:34 +03:00
Jouni Malinen
995a3a06f4 Document the wpa_msg_cb "global" parameter
Instead of an int variable with magic values 0, 1, 2, use an enum that
gives clearer meaning to the values now that the original boolean type
global argument is not really a boolean anymore.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-06-10 16:02:00 +03:00
Jouni Malinen
ee120ff381 Remove [MU-BEAMFORMEE] option from hostapd vht_capab parameter
The standard hardcodes the MU Beamformee Capable subfield is hardcoded
to 0 when transmitting by an AP, so there is no need to provide a
configuration parameter for setting this to one.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-06-10 13:41:54 +03:00
Jouni Malinen
c5ee4dd9d9 Fix spelling of initialize in a comment and an error message
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-06-10 12:02:46 +03:00
Peng Xu
3784c0589e Extend hw_mode to support any band for offloaded ACS case
When device supports dual band operations with offloaded ACS, hw_mode
can now be set to any band (hw_mode=any) in order to allow ACS to select
the best channel from any band. After a channel is selected, the hw_mode
is updated for hostapd.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-05-27 12:17:57 +03:00
Jouni Malinen
7f2f3a67d2 Increase DH key size in the hostapd.conf example
OpenSSL is moving to use 2048-bit DH key size as the default with
dhparam. Increase the value in the hostapd.conf to match that to reduce
likelihood of ending up using a shorter key.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-05-24 10:47:21 +03:00
Hamad Kadmany
01a025937c WPS: Add support for 60 GHz band
Handling of WPS RF band for 60 GHz was missing. Add it in all relevant
places and also map "AES" as the cipher to GCMP instead of CCMP when
operating on the 60 GHz band.

Signed-off-by: Hamad Kadmany <qca_hkadmany@qca.qualcomm.com>
2015-04-28 00:22:16 +03:00
Jouni Malinen
4a7ce98469 Make IPv6 NA multicast-to-unicast conversion configurable
This can be used with Proxy ARP to allow multicast NAs to be forwarded
to associated STAs using link layer unicast delivery. This used to be
hardcoded to be enabled, but it is now disabled by default and can be
enabled with na_mcast_to_ucast=1. This functionality may not be desired
in all networks and most cases work without it, so the new
default-to-disabled is more appropriate.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-04-27 12:30:09 +03:00
Mikael Kanstrup
8b423edbd3 Declare all read only data structures as const
By analysing objdump output some read only structures were found in
.data section. To help compiler further optimize code declare these
as const.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2015-04-25 17:33:06 +03:00
Jouni Malinen
81847c22ba Replace HOSTAPD_MAX_SSID_LEN with SSID_MAX_LEN
This makes source code more consistent.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-04-22 11:44:18 +03:00
Jouni Malinen
d9d1b9527a Use SSID_MAX_LEN define instead of value 32 when comparing SSID length
This makes the implementation easier to understand.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-04-22 11:44:18 +03:00
Jouni Malinen
cc6f24380c Add WPS_DEV_NAME_MAX_LEN define and use it when comparing length
This make code easier to understand.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-04-22 11:44:18 +03:00
Jouni Malinen
6812782462 hlr_auc_gw: Allow Milenage RES length to be reduced
Some USIM use shorter RES length than the 64-bit default from Milenage.
Such cases did not interoperate with the hlr_auc_gw implementation. Make
it possible to configure the RES length 4..8 octets, i.e., 32 to 64
bits) to support such USIM.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-04-03 12:44:03 +03:00
Eliad Peller
154a1d5f7f hostapd: Fix some compilation errors
If NEED_AP_MLME=y is not defined, compilation might
fail under some configurations:

src/ap/drv_callbacks.c:594:2: warning: implicit declaration of
function ‘hostapd_acs_completed’ [-Wimplicit-function-declaration]

src/ap/sta_info.c:253: undefined reference to `sae_clear_retransmit_timer'

Fix these errors by adding the missing hostapd_acs_completed() stub,
and defining NEED_AP_MLME in case of CONFIG_SAE.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2015-03-29 20:51:14 +03:00
Jouni Malinen
65a7b21f5e OpenSSL: Implement AES-128 CBC using EVP API
This replaces the internal CBC mode implementation in
aes_128_cbc_encrypt() and aes_128_cbc_decrypt() with the OpenSSL
implementation for CONFIG_TLS=openssl builds.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-29 20:30:58 +03:00