Commit graph

3983 commits

Author SHA1 Message Date
Jouni Malinen
ffdaa05a6b WPS: Add support for NCF password token from AP
The new hostapd ctrl_iface command WPS_NFC_TOKEN can now be used to
manage AP-as-Enrollee operations with NFC password token. WPS/NDEF
parameters to this command can be used to generate a new NFC password
token. enable/disable parameters can be used to enable/disable use of
NFC password token (instead of AP PIN) for external Registrars.

A preconfigured NFS password token can be used by providing its
parameters with new hostapd.conf fields wps_nfc_dev_pw_id,
wps_nfc_dh_pubkey, wps_nfc_dh_privkey, and wps_nfc_dev_pw. This use
will also depend on WPS_NFC_TOKEN enable/disable commands, i.e., the
configured NFS password token is disabled by default.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 19:43:29 +03:00
Jouni Malinen
e484e927a6 WPS: Allow NFC password token from AP to be used with wps_reg
The AP PIN on wps_reg command can now be replaced with special value
"nfc-pw" to use device password from a NFC password token from the AP.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 19:41:26 +03:00
Jouni Malinen
e6ea2a451c WPS ER: Add support for using NFC password token from an Enrollee
WPS_NFC_TAG_READ ctrl_iface command can now be used to add NFC password
tokens to ER.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 17:34:46 +03:00
Jouni Malinen
1cea09a9e2 WPS ER: Add support for building NFC configuration token
WPS_ER_NFC_CONFIG_TOKEN command can now be used to build a NFC
configuration token based on AP Settings learnt with WPS_ER_LEARN
or set with WPS_ER_CONFIG.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 16:35:51 +03:00
Jouni Malinen
71892384da WPS: Fix ifdef use for the new NFC mechanism in wpa_supplicant
Use CONFIG_WPS_NFC instead of CONFIG_WPS_OOB for the NFC specific
new ctrl_iface commands.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 14:07:22 +03:00
Jouni Malinen
d7645d239d WPS: Add support for NFC configuration token from external program
The new wpa_supplicant ctrl_iface command WPS_NFC_TAG_READ can now be
used to process NFC tags read by external programs to initiate
wpa_supplicant to use NFC Configuration Token to create a new network.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 13:59:29 +03:00
Jouni Malinen
3cf7a59d4f WPS: Add new mechanism for generation NFC configuration token
The new hostapd ctrl_iface command WPS_NFC_CONFIG_TOKEN can now be used
to fetch payload for an NFC configuration token so that an external
program can be used to write this on an NFC tag.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 13:25:48 +03:00
Jouni Malinen
5bb7ae1f0c WPS: Fix error case in NFC password token generation
Need to verify that wps_build_nfc_pw_token() returned a valid buffer
before trying to encapsulate it for NDEF.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-28 13:23:58 +03:00
Jouni Malinen
0e3c16546b WPS: Use separate list of NFC Password Tokens in the Registrar
This adds a cleaner mechanism for handling NFC Password Tokens in the
WPS Registrar. There could be more than one active NFC Password Token in
use and as such, a list of tokens needs to be maintained. The old
WPS_OOB interface is still using the old mechanism that supports only a
single active NFC Password Token.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 22:15:55 +03:00
Jouni Malinen
bb45b6d79a WPS: Add new mechanism for communicating NFC tag read events
hostapd ctrl_iface can now be used to deliver payload from read
operation of an NFC tag. This allows operations without having to have
low-level NFC code within hostapd. For now, the new wps_nfc_tag_read
command can be used with NFC password tokens for the case where the AP
has an NFC device that is used to read an NFC tag from the station
Enrollee.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:13 +03:00
Jouni Malinen
3f2c8ba6d3 WPS: Add new mechanism for NFC config method using password token
Instead of requiring low-level access to an NFC device and synchronous
operations, the new WPS_NFC_TOKEN and WPS_NFC ctrl_iface commands can be
used to build a NFC password token and initiate WPS protocol run using
that token (or pre-configured values) as separate commands. The
WPS_NFC_TOKEN output can be written to a NFC tag using an external
program, i.e., wpa_supplicant does not need to have low-level code for
NFC operations for this.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
6b5a0c9466 WPS: Move attribute parser definitions into a new header file
This allows wps/wps_attr_parse.h to be included into files outside
src/wps.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
78e625f79a WPS: Split wps_build_oob_dev_password() into parts
This allows sharing of a function to build the attribute without
changing the OOB parameters.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
8a13732f83 NDEF: Mark input data const when it is not modified
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
2f425090fb WPS: Allow NDEF functions to be used from outside src/wps
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
e524ebe387 NDEF: Skip unnecessary wpabuf to ptr/len conversion
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
a0d0c560c3 Add dh5_init_fixed() to allow fixed DH parameters to be used
This allows pre-configured private and public key to be used when
initializing DH for group 5.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
0965813640 WPS: Fix OOB Device Password use for EAP-WSC peer
The OOB Device Password is passed in as a hexdump of the real Device
Password (16..32 octets of arbitrary binary data). The hexdump needs to
be converted to binary form before passing it for WPS processing.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
4e0131d351 WPS: Add support for OOB dev password lengths 16..31
Previously, only the maximum length 32 octets for OOB device password
was accepted. Since the specification allows a shorter password to be
used with limited OOB mechanism (e.g., small NFC tag), we should accept
lengths 16..32.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
582143e544 WPS: Fix potential memory leak with NFC password token
The old stored public key hash needs to be freed before replacing
the pointer with the new value.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-27 21:22:12 +03:00
Jouni Malinen
7be6dc2e96 WPS: Fix NFC password token building with WPS 2.0
The earlier WPS 2.0 changes did not increase the wpabuf size when
adding a new attribute to the NFC password token. This could result
in aborting the application on wpabuf overflow if NFC out-of-band
mechanism is used with WPS 2.0 enabled.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-06-27 21:21:11 +03:00
Jouni Malinen
99f0032409 Allow autoscan parameters to be changed in SCANNING state
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-26 20:11:25 +03:00
Jouni Malinen
c3d1223848 Reinitialize autoscan on explicit reassocciate/reconnect command
This clears the exponential scan interval back to the base value
when a reconnection is requested explicitly.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-26 20:05:51 +03:00
Jouni Malinen
d7ded75832 Cancel pending scan request on DISCONNECT command
Previously, a pending scan request could be left running when processing
DISCONNECT command from control interface. This can result in unexpected
scan, so cancel the request to avoid this.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-26 19:57:03 +03:00
Jouni Malinen
992189991c Start autoscan for first connection attempt
Use wpa_supplicant_set_state() to initialize state to DISCONNECT so that
autoscan gets initialized properly. This needs a change in
autoscan_init() to avoid extra scan request that would postpone the
first scan request when an interface is added.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-26 19:52:46 +03:00
Jouni Malinen
460b36d0c0 Fix autoscan exponential to limit interval in all cases
The first time the limit is exceeded could result in using larger
value - avoid that by limiting the interval also in that case.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-26 19:51:06 +03:00
Jouni Malinen
ccea4eb3e8 Fix autoscan exponential to start with the base value
Initial implementation used base^2 as the starting value.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-26 19:47:25 +03:00
Jouni Malinen
1aea2ca325 Write autoscan parameter to config file on updates
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-26 19:43:05 +03:00
Tomasz Bursztyka
e3659c89d2 Add a simple periodic autoscan module
This module will sets a fixed scanning interval. Thus, the parameter to
this module is following this format: <fixed interval>

Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2012-06-26 19:28:21 +03:00
Tomasz Bursztyka
c0fba2b38d Add autoscan module named exponential
This module will compute the interval on a base exponential. Thus,
params to this module are following this format: <base>:<limit>

Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2012-06-26 19:22:56 +03:00
Tomasz Bursztyka
2bdd834257 Add autoscan command into wpa_cli
Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2012-06-26 19:11:17 +03:00
Tomasz Bursztyka
bc5d330ae0 Add ctrl iface command for autoscan
Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2012-06-26 19:09:47 +03:00
Tomasz Bursztyka
67892d5c0d D-Bus: Add AutoScan interface method to set/unset autoscan parameters
Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2012-06-26 19:05:09 +03:00
Tomasz Bursztyka
7c865c6853 Add automatic scanning support
Like bgscan, autoscan is an optional module based feature to automate
scanning but while disconnected or inactive.

Instead of requesting directly a scan, it only sets the scan_interval
and the sched_scan_interval. So, if the driver supports sched_scan,
autoscan will be able to tweak its interval. Otherwise, the tweaked
scan_interval will be used. If scan parameters needs to be tweaked, an
autoscan_params pointer in wpa_s will provide those. So req_scan /
req_sched_scan will not set the scan parameters as they usually do, but
instead will use this pointer.

Modules will not have to request a scan directly, like bgscan does.
Instead, it will need to return the interval it wants after each
notification.

Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2012-06-26 18:55:41 +03:00
Tomasz Bursztyka
b0786fba71 Add autoscan parameters support in config file
Signed-hostap: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
2012-06-26 18:09:57 +03:00
Thomas Pedersen
1b487b8b1e nl80211: Handle CH_SWITCH event
Some drivers may independently decide to switch channels. Handle this by
updating the hostapd and wpa_supplicant AP and GO configuration.

Signed-hostap: Thomas Pedersen <c_tpeder@qca.qualcomm.com>
2012-06-25 14:45:14 +03:00
Jouni Malinen
e7381b8473 Sync with include/linux/nl80211.h from wireless-testing.git
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-25 14:34:22 +03:00
Jouni Malinen
c1c023429b Set state to DISCONNECTED on auth/assoc failures
Some of the authentication/association failure paths left wpa_state to
its previous value. This can result in unexpected behavior when
wpa_supplicant tries to find an AP to connect to since the uncleared
state can result the in the selected BSS being ignored if it is same as
the previously used BSS. This could happen, e.g., when wpa_supplicant
SME was used and the AP rejected authentication. Fix this by explicitly
setting state to DISCONNECTED on auth/assoc failures that did not yet do
this.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-06-25 14:23:25 +03:00
Sunil Dutt Undekari
5bda43cdee P2P: Reject p2p_find when in provisioning
A p2p_find during provisioning shall not allow the enrollee to
pick the network, hence disable p2p_find during provisioning.

Signed-hostap: Sunil Dutt Undekari <duttus@codeaurora.org>
2012-06-25 14:05:49 +03:00
Jouni Malinen
296a34f0c1 Remove STA entry from AP when starting TKIP countermeasures
Previously, the STA entry was removed only from the driver and the STA
entry within hostapd was just marked disassociated. However, this left
the WPA authenticator state machine with an entry and the session was
not terminated properly. In addition, the STA entry could have remaining
indefinitely if the STA did not reconnect after TKIP countermeasures.
Fix this by removing the STA entry from hostapd instead of just leaving
it disassociated.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-25 13:53:24 +03:00
Yoni Divinsky
9148ae58d0 hostapd: Fix PBC config method of WSC IE in Beacon/Probe Response
In AP which supports WPSv2 with only virtual push button, when PBC is
called, the WSC IE should include Selected Registrar Configuration
Methods attribute with the bit of the physical push button not set.

Signed-hostap: Yoni Divinsky <yoni.divinsky@ti.com>
2012-06-25 12:20:37 +03:00
Ben Greear
f115560c21 eloop/poll: Handle POLLER | POLLHUP in read logic
Without this, we can get into a tight loop because the
code in general doesn't add eloop exception handlers,
so socket reporting the POLLERR would never be read.

With this change, any socket with POLLERR or POLLHUP
asserted will be handled by the read logic.

Signed-hostap: Ben Greear <greearb@candelatech.com>
2012-06-24 13:19:34 +03:00
Jouni Malinen
ef3e60bf22 Describe CONFIG_AP=y and CONFIG_P2P=y in defconfig
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-24 01:07:15 +03:00
Jouni Malinen
781d8e0f2b Fix a typo
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-24 00:59:06 +03:00
Johannes Berg
cad0f50e02 nl80211: Simplify cbmsg buffer
The control message received from the kernel needs some space, but
there's no need for the strange typing that breaks clang compilation.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2012-06-23 20:37:09 +03:00
Jouni Malinen
ecabb132b9 atheros: Remove unused variables
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-23 20:34:29 +03:00
Baruch Siach
e2e984ea06 atheros: Fix build when WPS and IEEE80211R are both disabled
Signed-hostap: Baruch Siach <baruch@tkos.co.il>
2012-06-23 20:33:50 +03:00
Aarthi Thiruvengadam
c66cf68d5c P2P: Fix fallback to GO Negotiation to avoid PD-before-join timeout
The wpas_p2p_pd_before_join_timeout could be left behind if the PD
Request in p2p_connect-auto case does not succeed. This timeout can
result in unexpected operations since it could trigger join operation
while going through GO Negotiation. Fix this by canceling the timeout
when falling back to GO Negotiation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-06-20 21:38:31 +03:00
Jouni Malinen
182748e4fb Copy Chargeable-User-Identity in PMKSA caching case
Maintain a copy of Chargeable-User-Identity in the PMKSA cache to allow
it to be included in accounting messages even if full authentication was
not completed.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-17 19:51:57 +03:00
Jouni Malinen
302fc0a3c7 RADIUS DAS: Support Chargeable-User-Identity with Disconnect-Request
Chargeable-User-Identity can now be used in Disconnect-Request to
identify the station to be disconnected.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-06-17 19:44:46 +03:00