Commit graph

2660 commits

Author SHA1 Message Date
Jouni Malinen
6829da39e6 Fix external radio_work deinit path
The radio_work type was stored within the dynamically allocated
wpa_radio_work buffer and that buffer ended up getting freed before the
final use of the type string within radio_work_done(). This resulted in
freed memory being used for a debug print. Avoid this by freeing the
wpa_external_work instance after having completed radio_work_done() for
the related work.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-14 21:58:46 +02:00
Jouni Malinen
8dd9f9cdde Allow management group cipher to be configured
This allows hostapd to set a different management group cipher than the
previously hardcoded default BIP (AES-128-CMAC). The new configuration
file parameter group_mgmt_cipher can be set to BIP-GMAC-128,
BIP-GMAC-256, or BIP-CMAC-256 to select one of the ciphers defined in
IEEE Std 802.11ac-2013.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-14 21:58:45 +02:00
Manish Bansal
67d39cfb32 P2P: Do not create another group interface on NFC Token enable
If a group interface is present and the command was issued on the group
interface, enable the token for that interface instead of creating a new
one.

Signed-off-by: Manish <manish.bansal@broadcom.com>
2014-03-14 21:58:45 +02:00
Paul Stewart
6aa1cd4e06 wpa_supplicant: Apply VHT_OVERRIDES to wpas_start_assoc_cb()
A previous patch "Support VHT capability overrides" missed one
place where HT overrides were being applied and where it would
also be useful to apply VHT overrides.

Signed-hostap: Paul Stewart <pstew@chromium.org>
2014-03-14 21:50:58 +02:00
Dmitry Shmidt
6e9375e4e1 TDLS: Add get_capability tdls command
Command returns info in format: UNSUPPORTED/INTERNAL/EXTERNAL

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-03-14 21:40:57 +02:00
Jouni Malinen
9a1a538fa5 wpa_supplicant AP: Allow PMF to be enabled with ieee80211w
The ieee80211w parameter was not previously copied to the hostapd BSS
structure from wpa_supplicant configuration, so PMF was practically
disabled. Allow it to be configured through the wpa_supplicant network
configuration block.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-13 18:22:25 +02:00
Jouni Malinen
daa70bdf68 Fix CONFIG_NO_SCAN_PROCESSING=y build
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-12 22:39:11 +02:00
Peter Qiu
0f44ec8eba Add a reattach command for fast reassociate-back-to-same-BSS
Add "reattach" command to perform single-channel single-ssid scan
instead of full scan when trying to reconnect to the currently
"connected" network (assuming old scan results are not current enough to
skip the scan completely). This allows the scan result to come back in
much faster time. In ath9k, the scan took around 12 seconds with full
background scan, and only 0.1 second with the single-channel single-ssid
scan. Thus, take much less time for the client to re-establish
connection with the currently "connected" network.

Signed-hostap: Peter Qiu <zqiu@chromium.org>
2014-03-11 19:38:01 +02:00
Ben Greear
5d0d72a3e5 wpa_supplicant: Put upper bound on initial scan time delay
This makes stations associate much faster when using lots of stations.
In addition, this avoids delaying the initial scan continuously for
dynamic interface removal/addition cases.

Signed-hostap: Ben Greear <greearb@candelatech.com>
2014-03-11 19:23:17 +02:00
Alexander Bondar
5e3ddf4d23 PNO: Change sched_scan_stopped event to handle pending PNO properly
When a sched_scan_stopped event is received and there is a pending PNO,
it used regular scheduled scan parameters instead of PNO specific
parameters. Change it by calling wpas_start_pno().

Signed-off-by: Alexander Bondar <alexander.bondar@intel.com>
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-03-11 19:15:48 +02:00
Alexander Bondar
737e7a08b0 PNO: Move and rename pno_start()/pno_stop()
Move pno_start() and pno_stop() to scan.c as a more relevant location
and rename them to wpas_start_pno()/wpas_stop_pno().

Signed-off-by: Alexander Bondar <alexander.bondar@intel.com>
Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2014-03-11 19:12:57 +02:00
Jouni Malinen
09eef142ea Use internal FIPS 186-2 PRF if needed
Previously, EAP-SIM/AKA/AKA' did not work with number of crypto
libraries (GnuTLS, CryptoAPI, NSS) since the required FIPS 186-2 PRF
function was not implemented. This resulted in somewhat confusing error
messages since the placeholder functions were silently returning an
error. Fix this by using the internal implementation of FIP 186-2 PRF
(including internal SHA-1 implementation) with crypto libraries that do
not implement this in case EAP-SIM/AKA/AKA' is included in the build.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-11 16:44:22 +02:00
Jouni Malinen
60b893dfb3 wpa_supplicant: Allow external management frame processing for testing
This enables more convenient protocol testing of AP and P2P
functionality in various error cases and unexpected sequences without
having to implement each test scenario within wpa_supplicant.
ext_mgmt_frame_handle parameter can be set to 1 to move all management
frame processing into an external program through control interface
events (MGMT-RX and MGMT-TX-STATUS) and command (MGMT_TX). This is
similar to the test interface that was added to hostapd previously, but
allows more control on offchannel operations and more direct integration
with the internal P2P module.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-08 20:21:21 +02:00
Ilan Peer
c16a7590cf wpa_supplicant: Add a configuration file for the P2P_DEVICE parameters
Add an option to specify a configuration file that can be used to hold
the P2P_DEVICE configuration parameters. If this option is not used, the
P2P_DEVICE configuration parameters will be read from interface
configuration file.

Note that it is advised to use this option in some cases such as:

If a P2P_DEVICE is supported by the driver, the wpa_supplicant creates a
dedicated P2P Device interface, where the configuration file used for
the main interface is used. As a consequence, if the configuration file
includes network definition etc., the wpa_supplicant will try to perform
station specific flows on the P2P Device interface which will fail.

If a P2P_DEVICE is supported by the driver and update_config is used,
the P2P Device configuration data will override the main interface
configuration data.

Signed-hostap: Ilan Peer <ilan.peer@intel.com>
2014-03-07 00:11:04 +02:00
Jouni Malinen
8f05577d11 Configure beacon interval for IBSS command
wpa_supplicant already allowed beacon interval to be configured for AP
mode operations, but this was not passed to the driver for IBSS even
though the same parameter can used for that case. Add this for the
nl80211 driver interface to allow beacon interval to be controlled for
IBSS as well.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-03-06 23:09:20 +02:00
Moshe Benji
354c903f8e AP/GO interface teardown optimization
This commit adds an option to optimize AP teardown by leaving the
deletion of keys (including group keys) and stations to the driver.

This optimization option should be used if the driver supports stations
and keys removal when stopping an AP.

For example, the optimization option will always be used for cfg80211
drivers since cfg80211 shall always remove stations and keys when
stopping an AP (in order to support cases where the AP is disabled
without the knowledge of wpa_supplicant/hostapd).

Signed-off-by: Moshe Benji <moshe.benji@intel.com>
2014-03-05 23:57:02 +02:00
Eliad Peller
3a94adbf42 P2P: Do not start scan for P2P Device interfaces at driver init
wpa_supplicant started delayed sched scan also on P2P Device interfaces,
resulting in erroneous scans and connection attempts. Skip that on
driver init when the interface is dedicated only for P2P management
purposes.

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2014-03-04 22:34:00 +02:00
David Spinadel
aa10983004 P2P: Do not initialize bgscan on P2P interfaces
As a P2P group has a unique SSID and one security domain, it does
not make sense to enable background scanning for roaming purposes.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2014-03-04 22:32:24 +02:00
Alexander Bondar
54ac5aa271 config: Add bgscan option when saving global configuration
Signed-off-by: Alexander Bondar <alexander.bondar@intel.com>
2014-03-04 22:27:39 +02:00
David Spinadel
268043d55f bgscan: Do not initialize bgscan if disabled by user
Do not initialize bgscan if the user explicitly set bgscan to an empty
string. Without this patch wpa_supplicant tries to initialize bgscan to
the first option if the string is empty.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2014-03-04 22:26:19 +02:00
Beni Lev
adef89480d nl80211: Add vendor command support
Add a callback to the driver interface that allows vendor specific
commands to be sent. In addition, a control interface command is added
to expose this new interface outside wpa_supplicant:

Vendor command's format:
VENDOR <vendor id> <sub command id> [<hex formatted data>]

The 3rd argument will be converted to binary data and then passed as
argument to the sub command.

This interface is driver independent, but for now, this is only
implemented for the nl80211 driver interface using the cfg80211 vendor
commands.

Signed-off-by: Beni Lev <beni.lev@intel.com>
2014-03-04 22:24:20 +02:00
Jouni Malinen
508e24c20b dbus: Clean up error reporting for TDLS peer address parsing
Passing a pointer to an error reply message is not very robust since
memory allocation could fail even for that error message. Instead, use a
separate error value as the return value from get_peer_hwaddr_helper()
and return a pointer to the error message through a pointer-to-pointer
so that the error case will always be clear.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 17:15:12 +02:00
Jouni Malinen
a7c37d92d2 dbus: Remove duplicated variable assignment
This gets rid of a static analyzer warning.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 17:15:12 +02:00
Jouni Malinen
ea3b8c1d2d Do not use a separate variable for tracking first entry in a list
The pos pointer can be compared to the start of the buffer pointer to
determine whether the entry is the first one in the list. This gets rid
of some static analyzer warnings about unused variable writes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 17:15:12 +02:00
Jouni Malinen
6ed626df40 Remove unused gid_str pointer update
The group name is not used on these paths, so just remove it from the
directory name without updating gid_str to point to the unused group
name.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 17:15:12 +02:00
Jouni Malinen
67adcd266c WNM: Check wpa_s->current_bss more consistently
The scan result comparison routine would not make much sense without
current BSS level known, so return from the function without going
through the iteration that could have dereferenced the pointer if
wpa_s->current_bss == NULL.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-02 17:15:12 +02:00
Jouni Malinen
2af4d87fc3 GAS: Fix additional comeback delay with status code 95
The special case of non-zero status code used in a GAS Comeback Response
frame to indicate that additional delay is needed before the response is
available was not working properly. This case needs to allow the status
code check to be bypassed for the comeback case prior to having received
any response data.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-01 17:06:20 +02:00
Jouni Malinen
07d462c7b7 Interworking: Remove unused password setting for SIM credential
The simulated SIM/USIM case uses a separate milenage cred parameter, so
this cred password parameter was unused for this credential type.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-01 17:06:20 +02:00
Jouni Malinen
3141b82c16 Add OSEN to proto config field writer
This was forgotten from the OSEN addition where it was parsed, but not
written to a network block.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-03-01 10:49:18 +02:00
Jouni Malinen
06c7b7f0b5 HS 2.0R2: Fix temporary network disabling in Deauth Req case
Commits 7ef6947993 and
533536d82a added this temporarily
disabling case, but those commits were merged in without having been
converted to the new os_reltime design used for ssid->disabled_until.
Consequently, they ended up disabling the network for 44 years or so too
long time (depending on what values the relative timestamp had
accummulated so far). Fix this by using relative timestamps
consistently.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-28 00:29:34 +02:00
Jouni Malinen
b7fb98f072 Interworking: Fix already-connected check to verify network priority
Commit d28f4e44f1 optimized Interworking
network selection in a case where the operation is run while already
connected to the selected network by skipping the reconnection. However,
this did not take into account that a higher priority network may have
shown up in the new scan results.

Fix this by checking whether network selection based on the latest scan
results (the ones from the interworking_select operation) would result
in a network with higher priority being selected. If so, skip the
optimization and force normal network connection (which will select this
newly found higher priority network). This fixes cases where a
non-Hotspot 2.0 network with higher priority (e.g., home network) shows
up while connected to a Hotspot 2.0 network with lower priority.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-27 14:06:23 +02:00
Jouni Malinen
7c373ac267 Interworking: Fix last-network preference to not override priority
Commit 3d910ef497 tried to make
last-network selection behave more consistently with Interworking
network selection preferences. However, it did not take into account
that other network block may have higher priority. In such cases, the
last added network from Interworking network selection should actually
not be selected for the next connection. Fix this by limiting the
last-network preference to work only within a priority class.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-27 13:47:23 +02:00
Jouni Malinen
f54e92433e HS 2.0R2: Fix req_conn_capab example
Protocol field needs to be separated properly from te port number list.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-27 00:43:58 +02:00
Jouni Malinen
a6739e191e HS 2.0R2: Try to scan multiple times for OSU providers
Scan operation is not that reliable, so try couple of times if no
OSU provider matches are found during fetch_osu command.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
cf6d08a63f Interworking: Add OCSP parameter to the cred block
This new parameter can be used to configure credentials to mandate use
of OCSP stapling for AAA server authentication.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
6402f2fe40 Interworking: Add more debug info on roaming partner preferences
This can be useful in debugging selection of roaming partner preference.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
74794891c7 Interworking: Add sp_priority cred parameter
This new priority parameter can be used to specify priorities between
credentials provisioned by the same SP. cred->priority is checked first
and if it is same and the provisioning_sp parameter matches, the new
sp_priority is used to order the credentials. It should be noted that
the order of priorities is different (higher 'priority' value indicates
higher priority of the credential, while higher 'sp_priority' indicates
lower priority of the credential).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
751ac99768 Interworking: Use a helper function to compare cred priority
This makes it easier to extend credential priority comparison beyond a
single priority variable.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
aff419f56a Interworking: Remove separate credential priority tracking
There is no need to keep the separate local variable for tracking the
highest selected priority since we track a pointer to the selected
credential with that information.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
533536d82a HS 2.0R2: Disable full ESS for as a workaround for per-BSS issues
For now, disable full ESS since some drivers may not support disabling
per BSS.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
8a77f1be86 HS 2.0R2: Slow down connection attempts on EAP failures
This is needed to limit the number of consecutive authentication
attempts to no more than 10 within a 10-minute interval to avoid
unnecessary load on the authentication server. In addition, use a random
component in the delay to avoid multiple stations hitting the same
timing in case of simultaneous disconnection from the network.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:24 +02:00
Jouni Malinen
76a55a8e12 HS 2.0R2: Add more debug to network selection
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
8b4b9fb384 HS 2.0R2: Fix bandwidth policy BSS selection
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
28f2a7c407 HS 2.0R2: Allow excluded network to be selected based on user override
Move excluded SSID filtering step to the end of credential validation
process and return list of BSSes that would otherwise have matching
credentials, but have an excluded SSID. Automatic network selection will
not select such a network, but interworking_connect command can be used
to pick excluded networks.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
33fb8c526c HS 2.0R2: Add support for Policy/RequiredProtoPortTuple
The new credential parameter req_conn_capab can be used to specify
restrictions on roaming networks providing connectivity for a set of
protocols/ports.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
a45b2dc5dc HS 2.0R2: Add support for Policy/MaximumBSSLoadValue
The new credential parameter max_bss_load can be used to specify
restrictions on BSS Load in the home network.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
4cad9df15a HS 2.0R2: Add support for Policy/MinBackhaulThreshold
The new credential parameters min_{dl,ul}_bandwidth_{home,roaming} can
be used to specify restrictions on available backhaul bandwidth.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
aa26ba68b4 HS 2.0R2: Add tracking of provisioning SP
The new provisioning_sp cred field can now be used to track which SP
provisioned the credential. This makes it easier to find the matching
PPS MO from the management tree (./Wi-Fi/<provisioning_sp>).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
8e5fdfabf6 HS 2.0R2: Add WFA server-only EAP-TLS peer method
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00
Jouni Malinen
df0f01d91f HS 2.0R2: Add OSEN client implementation
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2014-02-26 01:24:23 +02:00