Commit Graph

434 Commits

Author SHA1 Message Date
Jouni Malinen
629c56d70a SAE: Store rand value as bignum instead of octet string
This avoids unnecessary bignum initialization steps during the SAE
exchange.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
bf4f5d6570 SAE: Add support for FFC groups that do not use a safe prime
This allows DH groups 22, 23, 24 to be used with SAE.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
fbfb0e65bf SAE: Add support for FFC groups
This allows FFC groups to be used with SAE. Though, these groups are not
included in the default sae_groups value based on what is available
since the FFC groups have the additional requirement of using a safe
prime with the current implementation (or specification of the group
order).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
388f535461 SAE: Maintain bignum of group order and prime in context data
This simplifies operations by not having to create bignum instances
multiple times during SAE exchange.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:54 +02:00
Jouni Malinen
625f202a74 SAE: Allow enabled groups to be configured
hostapd.conf sae_groups parameter can now be used to limit the set of
groups that the AP allows for SAE. Similarly, sae_groups parameter is
wpa_supplicant.conf can be used to set the preferred order of groups. By
default, all implemented groups are enabled.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
cd9c2714e7 SAE: Add support for ECC group 21 (521-bit random ECP group)
In addition to the trivial change in adding the new group ientifier,
this required changes to KDF and random number generation to support
cases where the length of the prime in bits is not a multiple of eight.
The binary presentation of the value needs to be shifted so that the
unused most significant bits are the zero padding rather than the extra
bits in the end of the array.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
bf14657b9f SAE: Add support for additional ECC groups
In addition to the mandatory group 19 (256-bit random ECP group) add
support for groups 20 (384-bit), 25 (192-bit), and 26 (224-bit).

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
cbf9f4c642 SAE: Fix PWE loop termination on excessive iterations
The counter>200 check needs to be done before the continue-on-not-found
case to be effective in stopping this loop.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
d5f5fa86e4 SAE: Set pwd-value length based on prime length
The buffer is set based on maximum group prime length, but pwd-value
needs to be correct length for the negotiated group.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
a55f2eef71 SAE: Use EC group context to get the group prime
Do not use the hardcoded group19_prime buffer for this to allow group
negotiation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
09200a1166 SAE: Use EC group context for peer-commit-scalar validation
Do not use the hardcoded group19_order/group19_prime buffers for this to
allow group negotiation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
c5eb5b1999 SAE: Use EC group context for random number generation
Do not use the hardcoded group19_order/group19_prime buffers for this to
allow group negotiation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
ce46ec8df0 SAE: Store the group order in EC context data
This makes the SAE implementation a bit simpler by not having to build
the bignum for group order during execution.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
4925b303db SAE: Use defines for key lengths
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
7babd2539c SAE: Add a define for maximum supported prime length
This can be used to increase buffer sizes when adding support for new
groups.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
12e06dc228 SAE: Use sae->prime_len instead of hardcoded 32
This is needed to allow multiple groups to be supported.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
19a5bd0a25 SAE: Use the EC context from struct sae_data
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:53 +02:00
Jouni Malinen
a46d72d7d7 SAE: Maintain EC group context in struct sae_data
This can be used to share same EC group context through the SAE
exchange.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
aadabe7045 SAE: Use crypto wrappers instead of direct OpenSSL calls
This makes the SAE implementation independent of the crypto/bignum
library.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
d136c376f2 SAE: Add support for Anti-Clogging mechanism
hostapd can now be configured to use anti-clogging mechanism based on
the new sae_anti_clogging_threshold parameter (which is
dot11RSNASAEAntiCloggingThreshold in the standard). The token is
generated using a temporary key and the peer station's MAC address.
wpa_supplicant will re-try SAE authentication with the token included if
commit message is rejected with a token request.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
4838ff3ef4 SAE: Do not allow re-use of peer-scalar in a new protocol instance
IEEE Std 802.11-2012, 11.3.8.6.1: If there is a protocol instance for
the peer and it is in Authenticated state, the new Commit Message
shall be dropped if the peer-scalar is identical to the one used in
the existing protocol instance.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
dd43026a19 SAE: Rename state variables to match IEEE 802.11 standard
The enum values for struct sae_data::state now match the protocol
instance states as defined in IEEE Std 802.11-2012, 11.3.8.2.2

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
f2e9818f73 SAE: Add processing of the confirm message
This adds validation of the received confirm messages for SAE.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
fb8fcc2950 SAE: Add generation of the confirm message fields
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
146f6c9a00 SAE: Add processing of the commit message
This adds validation of the received commit messages and key derivation
for SAE.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
8e31e9550a SAE: Add generation of the commit message fields
This adds derivation of PWE and the needed commit values so that the
full SAE commit message can be built.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Jouni Malinen
98efcc4176 SAE: Use a shared data structure for AP and station
This makes it easier to share common functions for both roles.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:52 +02:00
Johannes Berg
fa4763369a hostapd: Allow configuring driver to VHT
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2013-01-12 17:51:52 +02:00
Jouni Malinen
7ab5441262 The hostap.git master branch is now used for 2.1 development
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:51:10 +02:00
Jouni Malinen
22760dd947 Prepare for hostapd/wpa_supplicant v2.0 release
Signed-hostap: Jouni Malinen <j@w1.fi>
2013-01-12 17:42:53 +02:00
Jouni Malinen
2049a875bc WNM: Additional BSS Transition Management capability
Add some more functionality for BSS Transition Management:
- advertise support for BSS Transition Management in extended
  capabilities element
- add hostapd.conf parameter bss_transition=1 for enabling support
  for BSS Transition Management
- add "hostapd_cli disassoc_imminent <STA> <num TBTTs>" for sending
  disassociation imminent notifications for testing purposes
- wpa_supplicant: trigger a new scan to find another BSS if the
  current AP indicates disassociation imminent (TODO: the old AP needs
  to be marked to use lower priority to avoid re-selecting it)

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-22 20:27:30 +02:00
Vladimir Kondratiev
7829894c21 Introduce 60 GHz band
Basic support for the 60 GHz band. Neither P2P nor WPS are yet taken
care off. Allows to start AP with very simple config:

network={
        ssid="test"
        mode=2
        frequency=60480
        key_mgmt=NONE
}

Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-12-18 11:50:35 +02:00
Jouni Malinen
0a66ce3c49 WNM: Add support for SSID List element matching
This allows Probe Request frame processing to compare the configured
SSID to the SSID List element in addition to the SSID element.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-16 21:22:24 +02:00
Jouni Malinen
df80a0ccff WNM: Use defined macros for WNM-Sleep Mode Action Type values
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-12-16 12:57:38 +02:00
Jouni Malinen
62d4980331 Allow PMF to be enabled by default
Previously, PMF (protected management frames, IEEE 802.11w) could be
enabled only with a per-network parameter (ieee80211w). The new global
parameter (pmf) can now be used to change the default behavior to be PMF
enabled (pmf=1) or required (pmf=2) for network blocks that do not
override this with the ieee80211w parameter.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-24 22:21:29 +02:00
Johannes Berg
202d97d477 hostapd: Add VHT PHY selector if VHT is required
If VHT is required, add the VHT PHY selector to
the (extended) supported rates IE.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2012-11-24 17:27:16 +02:00
Jouni Malinen
369c8d7bcd Reserve AKM and cipher suite values
These values are used with WAPI and CCX and reserving the definitions
here reduces the number of merge conflicts with repositories that
include these functions.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-30 20:26:55 +03:00
Jouni Malinen
c10347f246 Add initial parts for SAE
This introduces new AKM for SAE and FT-SAE and adds the initial parts
for going through the SAE Authentication frame exchange. The actual SAE
algorithm and new fields in Authentication frames are not yet included
in this commit and will be added separately. This version is able to
complete a dummy authentication with the correct authentication
algorithm and transaction values to allow cfg80211/mac80211 drivers to
be tested (all the missing parts can be handled with
hostapd/wpa_supplicant changes).

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-30 19:51:07 +03:00
Jouni Malinen
c3550295fb Move WPA cipher information into a shared location
Try to share most of the cipher information like key and RSC lengths and
suite selector conversions, etc. in wpa_common.c to avoid having similar
code throughout the WPA implementation for handling cipher specific
behavior.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-30 11:53:54 +03:00
Jouni Malinen
347d6a5b76 WFD: Add support for sending Wi-Fi Display service discovery requests
wpa_cli p2p_serv_disc_req command can now be used to request WSD
request to be sent to specified or all peers who support WSD.

format: wifi-display <list of roles> <list of subelements>
examples:
p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [source] 2,3,4,5
p2p_serv_disc_req 02:01:02:03:04:05 wifi-display [pri-sink] 3
p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [sec-source] 2
p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [source+sink] 2,3,4,5
p2p_serv_disc_req 00:00:00:00:00:00 wifi-display [source][pri-sink] 2,3,4,5

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-29 19:51:29 +03:00
Jouni Malinen
337c781f9c WFD: Add wfd_subelems hexdump in BSS ctrl_iface command output
This makes it easier to parse the WFD subelements from scan results.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-29 19:51:29 +03:00
Jouni Malinen
9675ce354a WFD: Add Wi-Fi Display support
This commit adds control interface commands and internal storage of
Wi-Fi Display related configuration. In addition, WFD IE is now added
to various P2P frames, Probe Request/Response, and (Re)Association
Request/Response frames. WFD subelements from peers are stored in the
P2P peer table.

Following control interface commands are now available:
SET wifi_display <0/1>
GET wifi_display
WFD_SUBELEM_SET <subelem> [hexdump of length+body]
WFD_SUBELEM_GET <subelem>

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-29 19:51:29 +03:00
Jouni Malinen
eb7719ff22 Add support for using GCMP cipher from IEEE 802.11ad
This allows both hostapd and wpa_supplicant to be used to derive and
configure keys for GCMP. This is quite similar to CCMP key
configuration, but a different cipher suite and somewhat different rules
are used in cipher selection. It should be noted that GCMP is not
included in default parameters at least for now, so explicit
pairwise/group configuration is needed to enable it. This may change in
the future to allow GCMP to be selected automatically in cases where
CCMP could have been used.

This commit does not included changes to WPS or P2P to allow GCMP to be
used.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-29 11:52:15 +03:00
Jouni Malinen
b1f122964e Add generic GAS request mechanism
The new gas_request and gas_response_get commands can be used to request
arbitary GAS queries to be performed. These can be used with ANQP or
with other (including vendor specific) advertisement protocols.

gas_request <BSSID> <AdvProtoID> [Query]
gas_response_get <addr> <dialog token> [offset,length]

For example, ANQP query for Capability list in interactive wpa_cli
session:

> gas_request 02:00:00:00:01:00 00 000102000101
<3>GAS-RESPONSE-INFO addr=02:00:00:00:01:00 dialog_token=0
status_code=0 resp_len=32
> gas_response_get 02:00:00:00:01:00 00
01011c00010102010501070108010c01dddd0c00506f9a110200020304050607
> gas_response_get 02:00:00:00:01:00 00 0,10
01011c00010102010501
> gas_response_get 02:00:00:00:01:00 00 10,10
070108010c01dddd0c00
> gas_response_get 02:00:00:00:01:00 00 20,10
506f9a11020002030405
> gas_response_get 02:00:00:00:01:00 00 30,2
0607

It should be noted that the maximum length of the response buffer is
currently 4096 bytes which allows about 2000 bytes of the response data
to be fetched with a single gas_response_get command. If the response is
longer, it can be fetched in pieces as shown in the example above.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-27 18:13:10 +03:00
Jouni Malinen
00e5e3d509 Disable network block temporarily on authentication failures
If 4-way handshake fails due to likely PSK failure or if EAP
authentication fails, disable the network block temporarily. Use longer
duration if multiple consecutive failures are seen.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-26 23:35:07 +03:00
Jouni Malinen
6e6909a97e FIPS: Remove MD5 from the CONFIG_FIPS=y build
When CONFIG_FIPS=y is used, do not include MD5 in the build and disable
EAPOL-Key frames that use MD5 (WPA/TKIP and dynamic WEP with IEEE
802.1X).

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-16 20:03:17 +03:00
Yoni Divinsky
eda070f14f Move WMM AC parameter parser into a common file
This allows the same implementation to be used for wpa_supplicant, too.

Signed-hostap: Yoni Divinsky <yoni.divinsky@ti.com>
2012-08-12 11:33:00 +03:00
Mahesh Palivela
74b95d1dc0 VHT: Include VHT capabilities and operation elements in parsing
Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
2012-08-10 19:39:43 +03:00
Jouni Malinen
70a26e708c Share a single definition of EAPOL-Key structure for WEP keys
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-07 21:27:01 +03:00
Janusz Dziedzic
4307bb8c85 wpa_cli: Print nice prompt when using remote UDP
When CONFIG_CTRL_IFACE=udp-remote is used, print user frendly PS in
wpa_cli. E.g.,
localhost/wlan0>
192.168.1.1/p2p-wlan-0-0>

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2012-08-05 20:50:17 +03:00
Janusz Dziedzic
d302edd3c4 wpa_cli: Add support for remote access
wpa_cli can be used now as a client for remote access to ctrl_interface
of wpa_supplicant when UDP and remote options are used.

You can simply run:
wpa_cli -i <hostname>:[port]
wpa_cli -i <IP>:[port]

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2012-08-05 20:09:22 +03:00
Janusz Dziedzic
afadf423db wpa_supplicant: Add optional remote access for ctrl_iface
Add new option for ctrl iface: CONFIG_CTRL_IFACE=udp-remote. This
enables remote access to control interface via UDP port(s). This should
be used for testing purpose only since there is no authentication or
access control on the commands.

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2012-08-05 20:01:07 +03:00
Ben Greear
4fdc8def88 Make UNIX socket non-blocking for ctrl_iface
This keeps wpa_cli from hanging forever if the other end of the socket
dies.

Signed-hostap: Ben Greear <greearb@candelatech.com>
2012-08-04 20:34:27 +03:00
Mahesh Palivela
efe45d1471 hostapd: Initial IEEE 802.11ac (VHT) definitions
Add IEEE 802.11ac definitions for config, IEEE structures, constants.

Signed-hostap: Mahesh Palivela <maheshp@posedge.com>
2012-06-30 13:52:13 +03:00
Jouni Malinen
b6668734ab WNM: Add advertisement of BSS max idle period
If WNM is enabled for the build (CONFIG_WNM=y), add BSS max idle period
information to the (Re)Association Response frame from the AP and parse
this information on the station. For SME-in-wpa_supplicant case, add a
timer to handle periodic transmission of the keep-alive frame. The
actual request for the driver to transmit a frame is not yet
implemented.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-05-27 17:35:00 -07:00
Jouni Malinen
64855b9682 HS 2.0: Indicate Hotspot 2.0 in BSS table and status
If the AP indicates support for Hotspot 2.0, show this in the
ctrl_iface commands for BSS table and status.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-08 23:30:23 +03:00
Jouni Malinen
0b12e96187 HS 2.0: Parse Hotspot 2.0 IE from IE list
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-08 23:30:10 +03:00
Jay Katabathuni
c8a7f9a7b8 HS 2.0: Define Hotspot 2.0 OUI types and subtype values
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-08 23:29:25 +03:00
Xi Chen
f2e03085d7 WNM: Define IEEE 802.11v WNM-Sleep elements
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-03 18:08:19 +03:00
Rajkumar Manoharan
73cdd917a3 Define 20/40 BSS Coexistence elements
This patch defines 20/40 BSS Intolerant Channel Report element
(IEEE 802.11-2012 8.4.2.60) and 20/40 BSS Coexistence element
(IEEE 802.11-2012 8.4.2.62).

Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-05-03 15:55:35 +03:00
Deepthi Gowri
f65a239ba4 P2P: Add provision discovery failure event
Add provisional discovery failure ctrl_iface event
(P2P-PROV-DISC-FAILURE) to indicate to the application layer in case of
PD failure.

Signed-off-by: Deepthi Gowri <deepthi@codeaurora.org>
2012-04-17 19:44:13 +03:00
Dmitry Shmidt
5f97dd1c57 Add MASK=0xH option for the ctrl_iface BSS command
This optional parameter to the BSS command can be used to select which
fields are included in the output to avoid having to parse through
unneeded information and to reduce the buffer size.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2012-04-07 12:50:25 +03:00
Jouni Malinen
0f3d578efc Remove the GPL notification from files contributed by Jouni Malinen
Remove the GPL notification text from the files that were
initially contributed by myself.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 19:39:36 +02:00
Jouni Malinen
e22d4d957b Remove the GPL notification from files contributed by Atheros
Remove the GPL notification text from files that were initially
contributed by Atheros Communications or Qualcomm Atheros.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 19:39:36 +02:00
Ben Greear
80e8a5eef1 Support HT capability overrides
This allows HT capabilities overrides on kernels that
support these features.

MCS Rates can be disabled to force to slower speeds when using HT.
Rates cannot be forced higher.

HT can be disabled, forcing an 802.11a/b/g/n station to act like
an 802.11a/b/g station.

HT40 can be disabled.

MAX A-MSDU can be disabled.
A-MPDU Factor and A-MPDU Density can be modified.

Please note that these are suggestions to the kernel. Only mac80211
drivers will work at all. The A-MPDU Factor can only be decreased and
the A-MPDU Density can only be increased currently.

Signed-hostap: Ben Greear <greearb@candelatech.com>
2012-01-29 21:01:31 +02:00
Jithu Jance
8aebb0e471 P2P: Notify upper framework on stopping the p2p_find(SEARCH)
This patch notifies the upper framework that an on-going discovery has
been stopped. This is useful in cases where a p2p_find with a timeout
value initiated by the upper framework has been finished or when the
framework initiated "p2p_find" is stopped by a "p2p_connect".

Signed-hostap: Jithu Jance <jithu@broadcom.com>
2012-01-22 17:20:53 +02:00
Jason Young
5d06163714 AP: Pass station's WMM configuration to driver wrappers
This updates a previous patch did more or less the same thing by
providing the qosinfo as a single variable to the driver wrappers.

Signed-hostap: Jason Young <jason.young@dspg.com>
2011-12-17 12:38:06 +02:00
Jouni Malinen
0bf927a03e Use wpa_key_mgmt_*() helpers
This cleans up the source code and makes it less likely that new AKM
addition misses some needed changes in the future.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-24 22:47:46 +02:00
Jouni Malinen
a40e9d3e3d Remove incorrect le16 type cast
HT_INFO_OPERATION_MODE_OP_MODE_MASK is used with variables in host
byte order, so it should not be claimed as le16.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-18 21:39:10 +02:00
Jouni Malinen
e9447a94c0 Use a single define for maximum number of EAP methods
This cleans up the code a bit by not having to deal with theoretical
possibility of maximum number of EAP methods to be different between
various components in hostapd.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-17 20:06:33 +02:00
Jouni Malinen
75b51fde2d Update version number to 2.0-devel
hostap.git is now a development branch for 2.0 with 1.x releases
having been forked to hostap-1.git.

Signed-hostap: Jouni Malinen <j@w1.fi>
2011-11-03 12:19:44 +02:00
Dan Williams
81c57e221d Add wpa_supplicant_ctrl_req_from_string()
Converts from a string to a control request enum when input
from a control interface is received. Will be used by a
subsequent patch.

Signed-off-by: Dan Williams <dcbw@redhat.com>
2011-10-30 12:04:24 +02:00
Dan Williams
9ef1aaae24 Use an enum for EAP SM requests
Control requests will be extended for non-EAP uses later, so it makes
sense to have them be generic. Furthermore, having them defined as an
enum is easier for processing internally, and more generic for control
interfaces that may not use field names. The public ctrl_req_type /
field_name conversion function will be used later by the D-Bus control
interface too.

Signed-off-by: Dan Williams <dcbw@redhat.com>
2011-10-30 12:04:24 +02:00
Jithu Jance
3074d8f12d P2P: Notify device expiry via P2P-DEVICE-LOST event
This patch will notify applications listening over control socket about
the device expiry [from p2p peer list].
2011-10-28 22:13:18 +03:00
Arik Nemtsov
4d0d6b37f9 TDLS: Process discovery requests and send discovery responses
When a discovery request is received, add the peer to the TDLS peer
cache and send a response containing minimal data. Mandatory IEs in
the discovery response frame will be filled out by the driver.

Signed-off-by: Arik Nemtsov <arik@wizery.com>
Cc: Kalyan C Gaddam <chakkal@iit.edu>
2011-10-23 22:18:27 +03:00
Jouni Malinen
538958ae9c Interworking: Add Interworking element to IE parser 2011-10-21 12:43:24 +03:00
Johannes Berg
9236ba4cb5 Move get_hdr_bssid() to make it easier to share for other uses 2011-10-20 21:50:23 +03:00
Dmitry Shmidt
ed3eecd786 Android: Add wpa_ctrl_cleanup()
This function can be used to clean up local UNIX domain socket files
that may be left over from clients that were previously connected to
wpa_supplicant. At least for now, this is only available for Android
builds.
2011-10-18 17:27:53 +03:00
Jouni Malinen
39b97072b2 Add support for Time Advertisement
This adds preliminary support for IEEE 802.11v Time Advertisement
mechanism with UTC TSF offset.
2011-10-18 00:24:16 +03:00
Jouni Malinen
4b2a77aba2 Interworking: Add support for configuring Roaming Consortium List 2011-10-17 23:55:50 +03:00
Jouni Malinen
73c41a8fab Interworking: Parse NAI Realms and match against home realm 2011-10-16 23:55:34 +03:00
Jouni Malinen
b02fe7ff32 Interworking: Add commands for network selection
This adds the basic mechanism for running through network selection:
scan, ANQP fetch, network selection, and connection. Actual rules for
network selection and the creation of the network block are still
missing, but will be added in separate commits.
2011-10-16 23:55:34 +03:00
Jouni Malinen
69fbdfe48d GAS: Export gas_build_initial_resp()
This is needed for some GAS error response messages where the ANQP
Advertisement Protocol element is not used.
2011-10-16 23:55:34 +03:00
Jouni Malinen
696be77eee Define new IEEE 802.11u status codes 2011-10-16 23:55:34 +03:00
Jouni Malinen
71269b3708 WNM: Add BSS Transition Management Request for ESS Disassoc Imminent
"hostapd_cli ess_disassoc (STA addr) (URL)" can now be used to send
an ESS Dissassociation Imminent notification to the STA. This event
is shown in wpa_supplicant ctrl_iface monitors (e.g., wpa_cli):
"WNM: ESS Disassociation Imminent - session_info_url=http://example.com/session/"
2011-10-16 23:55:34 +03:00
Jouni Malinen
46ee0427b1 IEEE 802.11u: Allow Interworking and HESSID to be configured
The new wpa_supplicant.conf file global parameters interworking and
hessid can be used to configure wpa_supplicant to include
Interworking element in Probe Request frames.
2011-10-16 23:55:34 +03:00
Jouni Malinen
b83e3e93c8 IEEE 802.11u: Add configuration and advertisement for Interworking 2011-10-16 23:55:34 +03:00
Jouni Malinen
0c840c33f7 Move GAS/ANQP build routines to a separate file from P2P
GAS/ANQP is a generic protocol and in no way specific to P2P, so move
routines used to build GAS/ANQP frames to a separate file that can be
shared for other uses than just P2P service discovery.
2011-09-29 22:18:46 +03:00
Jouni Malinen
daa30c23aa Rename and fix ANQP definitions to match IEEE Std 802.11u-2011 2011-09-26 11:51:58 +03:00
Pavel Roskin
ffbf1eaa26 Fix typos found by codespell
Signed-off-by: Pavel Roskin <proski@gnu.org>
2011-09-22 00:43:59 +03:00
Jouni Malinen
6554237f38 FT: Share IE parser implementation for Authenticator and Supplicant
These are almost identical, so there is no point in using separate
implementations.
2011-07-16 11:13:39 +03:00
Jouni Malinen
03d3f28a69 Fix wpa_key_mgmt_*() helper functions to handle multiple bits
These can be used in some cases with a bitfield having multiple
AKMs enabled (e.g., WPA-PSK and WPA-PSK-SHA256). Address those
cases by checking whether any of the matching AKM are included.
2011-04-08 19:11:54 +03:00
Jouni Malinen
cd9fc7869a hostapd: Add testing mode for RSN element extensions
CFLAGS += -DCONFIG_RSN_TESTING in .config and rsn_testing=1 in
hostapd.conf can now be used to enable a testing mode that adds
extensions to RSN element. This can be used to check whether
station implementations are incompatible with future extensions
to the RSN element.
2011-03-21 13:59:05 +02:00
Dmitry Shmidt
c6a3a11048 Check select() return value in wpa_ctrl_request()
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2011-03-15 15:54:21 +02:00
Ganesh Prasadh
281ff0aa76 TDLS: Add initial support for TDLS (IEEE Std 802.11z-2010) 2011-03-06 14:53:49 +02:00
Jouni Malinen
73304dbf65 Allow client control socket location to be overridden
Build options can now be used to replace the location of client
sockets for UNIX domain socket control interface:

CFLAGS += -DCONFIG_CTRL_IFACE_CLIENT_DIR=\"/tmp\"
CFLAGS += -DCONFIG_CTRL_IFACE_CLIENT_PREFIX=\"wpa_ctrl_\"
2011-02-27 18:35:33 +02:00
Dmitry Shmidt
b3f3865e0e Use Android reserved namespace for control interface
On Android, use a special reserved namespace for the UNIX domain
socket.
2011-02-27 18:19:17 +02:00
Dmitry Shmidt
1480633f96 Use longer timeout in wpa_ctrl_request()
Wait longer for control interface response from wpa_supplicant to
avoid issues with some drivers that have long blocking operations.
2011-02-27 17:08:15 +02:00
Dmitry Shmidt
36fde1e79c Make wpa_ctrl_close() handle unopened connection 2011-02-27 17:07:07 +02:00
Dmitry Shmidt
4e2ead7a72 Add wpa_supplicant state change event for Android network manager
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2011-02-26 13:20:16 +02:00
Jouni Malinen
2944824315 hostapd: Add require_ht configuration parameter
This can be used to configure hostapd to reject association with
any station that does not support HT PHY.
2011-02-09 15:08:47 +02:00
Jouni Malinen
1161ff1ef5 hostapd: Allow TDLS use to be prohibited in the BSS
tdls_prohibit=1 and tdls_prohibit_chan_switch=1 and now be used to
disable use of TDLS or TDLS channel switching in the BSS using
extended cabilities IE as defined in IEEE 802.11z.
2011-01-28 19:21:59 +02:00
Jouni Malinen
bc8318acbc WPA: Add more info for EAPOL-Key Nonce/MIC debugging 2011-01-15 16:57:08 +02:00
Jouni Malinen
f981eabcf0 WPS: Add option to disable open networks by default
CONFIG_WPS_REG_DISABLE_OPEN=y can be used to configure wpa_supplicant
to disable open networks by default when wps_reg command is used to
learn the current AP settings. When this is enabled, there will be a
WPS-OPEN-NETWORK ctrl_iface event and the user will need to explicitly
enable the network (e.g., with "select_network <id>") to connect to
the open network.
2010-12-30 12:28:13 +02:00
Johannes Berg
0d7e5a3a29 Allow AP mode to disconnect STAs based on low ACK condition
The nl80211 driver can report low ACK condition (in fact it reports
complete loss right now only). Use that, along with a config option, to
disconnect stations when the data connection is not working properly,
e.g., due to the STA having went outside the range of the AP. This is
disabled by default and can be enabled with disassoc_low_ack=1 in
hostapd or wpa_supplicant configuration file.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2010-12-28 17:15:01 +02:00
Jouni Malinen
b39f58347d wlantest: Add support for decrypting TDLS frames
Derive TPK based on TDLS TPK Handshake and decrypt frames on the
direct link with TPK-TK.
2010-12-13 11:20:55 +02:00
Jouni Malinen
f3b87561d7 Share WPA IE parser function for RSN authenticator/supplicant
There is no point in maintaining two almost identical versions
of this parser. Move WPA IE parser into wpa_common.c similarly
to what was already the case with RSN IE parse.
2010-11-12 21:52:14 +02:00
Jouni Malinen
43882f1efc Allow TSN AP to be selected when configured for WEP
Commit d8d940b746 introduced a regression
that prevented TSN APs from being used with WEP since the AP was
rejected if it advertised WPA or RSN IE when we were configured to use
WEP. Resolve this by checking whether the AP is advertising a TSN, i.e.,
whether the AP allows WEP to be used as a group cipher. If so, allow
the AP to be selected if we are configured to use static WEP or
IEEE 802.1X (non-WPA).

It should be noted that this is still somewhat more restricted in AP
selection than earlier wpa_supplicant branches (0.7.x or older) that
ignore the WPA/RSN IE completely when configured for non-WPA.
2010-11-08 21:14:32 +02:00
Jouni Malinen
a149fcc77d wlantest: Add preliminary version of IEEE 802.11 protocol testing tool
This tool can be used to capture IEEE 802.11 frames either from a
monitor interface for realtime capturing or from pcap files for
offline analysis. This version is only adding basic infrastructure for
going through the frames and parsing their headers.
2010-11-07 23:29:00 +02:00
Jouni Malinen
ea78c315a2 Add ctrl_interface event for association rejected 2010-10-27 20:28:16 +03:00
Jouni Malinen
3e7533b399 WPS ER: Show SetSelectedRegistrar events as ctrl_iface events
This makes it easier to figure out if something goes wrong in
preparing the AP for enrolling a station.
2010-10-25 21:29:22 +03:00
Jouni Malinen
b74c19faf5 P2P: Fix a typo in P2P manager definition 2010-10-08 18:15:38 +03:00
Jouni Malinen
bf0ed63f3f Allow a postfix to be defined for the version number
A separate build number (etc.) version number postfix can now be
added to the build without having to modify source code files by
defining VERSION_STR_POSTFIX. This can be done, e.g., by adding
following line to .config:

CFLAGS += -DVERSION_STR_POSTFIX=\"-foo\"
2010-10-07 10:51:04 +03:00
Jouni Malinen
72044390f3 P2P: Add support for cross connection
If enabled, cross connection allows GO to forward IPv4 packets
using masquerading NAT from the P2P clients in the group to an
uplink WLAN connection. This is disabled by default and can be
enabled with "wpa_cli p2p_set cross_connect 1" on the P2P device
interface.
2010-09-09 07:17:20 -07:00
Jouni Malinen
6c6915f3db P2P: Add defined values for P2P Manageability Bitmap 2010-09-09 07:17:20 -07:00
Jouni Malinen
bf608cad56 P2P: Rename SD info not available define to match with spec change 2010-09-09 07:17:19 -07:00
Jouni Malinen
b22128efdc P2P: Add initial version of P2P Module 2010-09-09 07:17:17 -07:00
Jouni Malinen
75bde05d53 P2P: Add driver operations for P2P use 2010-09-09 07:17:16 -07:00
Jouni Malinen
91a9464528 Make IEEE 802.11 IE parser aware of P2P IE
This does not handle fragmented IEs and is only used to check quickly
whether the IE blob includes any P2P IE(s).
2010-09-09 07:17:16 -07:00
Jouni Malinen
dd6cc5a20c P2P: Wi-Fi Direct frame format definitions 2010-09-09 07:17:16 -07:00
Jouni Malinen
31fcea931d WPS 2.0: Add support for AuthorizedMACs attribute
Advertize list of authorized enrollee MAC addresses in Beacon and
Probe Response frames and use these when selecting the AP. In order
to provide the list, the enrollee MAC address should be specified
whenever adding a new PIN. In addition, add UUID-R into
SetSelectedRegistrar action to make it potentially easier for an AP
to figure out which ER sent the action should there be multiple ERs
using the same IP address.
2010-09-09 06:07:47 -07:00
Masashi Honma
60da5e0f3f Solaris: Add support for wired IEEE 802.1X client
This patch adds support for wired IEEE 802.1X client on the Solaris.

I have tested with these:
OS : OpenSolaris 2009.06
EAP : EAP-MD5
Switch : Cisco Catalyst 2950
2010-08-28 11:40:07 +03:00
Jouni Malinen
5a1cc30f1a WPS: Add support for dynamic AP PIN management
A new hostapd_cli command, wps_ap_pin, can now be used to manage
AP PIN at runtime. This can be used to generate a random AP PIN and
to only enable the AP PIN for short period (e.g., based on user
action on the AP device). Use of random AP PIN that is only enabled
for short duration is highly recommended to avoid security issues
with a static AP PIN.
2010-08-24 16:35:37 +03:00
Jouni Malinen
944814106e WPS: Do not disable AP PIN permanently, only slow down attacks
As a compromise between usability and security, do not disable
AP PIN permanently based on failed PIN validations. Instead, go to
AP Setup Locked state for increasing amount of time between each
failure to slow down brute force attacks against the AP PIN.

This avoids problems with some external Registrars that may try
to use the same PIN multiple times without user input. Now, the
user will still be able to fix the PIN and try again later while
a real attack is delayed enough to make it impractical.
2010-08-24 15:24:05 +03:00
Jouni Malinen
b3b2da770e Define Public Action and Vendor-specific Public Action frames 2010-07-17 20:22:40 -07:00
Jouni Malinen
950388f745 IEEE 802.11u GAS defines 2010-07-17 20:21:39 -07:00
Jouni Malinen
2d8bf73298 Add new debug message level for excessive information
Some frequent debug prints are of limited use and make debug output
difficult to read. Make them use a new debug level so that -dd
provides more readable output (-ddd can now be used to enable
the excessive debug prints).
2010-07-05 12:21:48 -07:00
Jouni Malinen
15dbf1291a WPS ER: Add ctrl_iface event for learned AP settings 2010-05-27 15:24:45 +03:00
Jouni Malinen
8401a6b028 Add Linux rfkill support
Add a new wpa_supplicant state: interface disabled. This can be used
to allow wpa_supplicant to be running with the network interface even
when the driver does not actually allow any radio operations (e.g.,
due to rfkill).

Allow driver_nl80211.c and driver_wext.c to start while rfkill is in
blocked state (i.e., when ifconfig up fails) and process rfkill
events to block/unblock WLAN.
2010-05-23 10:27:32 +03:00
Jouni Malinen
fb2ab5dd6a hostap.git is now 0.8.x development tree
0.7.x for branched into hostap-07.git for stable releases.
2010-04-18 21:01:00 +03:00
Jouni Malinen
be48214d2b Preparations for 0.7.2 release 2010-04-18 18:02:34 +03:00
Jouni Malinen
7992b07f6a Remove unnecessary SUBDIRS loops from src/*/Makefile
There are no subdirectories in any of these directories or plans
for adding ones. As such, there is no point in running the loop
that does not do anything and can cause problems with some shells.
2010-04-17 17:10:31 +03:00
Jouni Malinen
d3ccead325 Make wpa_compare_rsn_ie() handle missing IEs 2010-04-10 16:47:29 +03:00
Jouni Malinen
26e23750b9 FT: Fix FT 4-Way Handshake to include PMKR1Name in messages 2 and 3
IEEE Std 802.11r-2008, 11A.4.2 describes FT initial mobility domain
association in an RSN to include PMKR1Name in the PMKID-List field
in RSN IE in messages 2/4 and 3/4. This makes the RSN IE not be
bitwise identical with the values used in Beacon, Probe Response,
(Re)association Request frames.

The previous versions of wpa_supplicant and hostapd did not add the
PMKR1Name value in EAPOL-Key frame and did not accept it if added
(due to bitwise comparison of RSN IEs). This commit fixes the
implementation to be compliant with the standard by adding the
PMKR1Name value into EAPOL-Key messages during FT 4-Way Handshake and
by verifying that the received value matches with the value derived
locally.

This breaks interoperability with previous wpa_supplicant/hostapd
versions.
2010-04-07 21:04:13 +03:00
Marcin Marzec
f400f4f34b Fix typo in WPA_AUTH_ALG_FT definition
This was not supposed to have duplicate value with WPA_AUTH_ALG_LEAP.
The previous version was unable to set FT as the authentication
algorithm with nl80211.
2010-03-07 21:02:55 +02:00
Jouni Malinen
00468b4650 Add TLS client events, server probing, and srv cert matching
This allows external programs (e.g., UI) to get more information
about server certificate chain used during TLS handshake. This can
be used both to automatically probe the authentication server to
figure out most likely network configuration and to get information
about reasons for failed authentications.

The follow new control interface events are used for this:
CTRL-EVENT-EAP-PEER-CERT
CTRL-EVENT-EAP-TLS-CERT-ERROR

In addition, there is now an option for matching the server certificate
instead of the full certificate chain for cases where a trusted CA is
not configured or even known. This can be used, e.g., by first probing
the network and learning the server certificate hash based on the new
events and then adding a network configuration with the server
certificate hash after user have accepted it. Future connections will
then be allowed as long as the same server certificate is used.

Authentication server probing can be done, e.g., with following
configuration options:
    eap=TTLS PEAP TLS
    identity=""
    ca_cert="probe://"

Example set of control events for this:
CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=US/ST=California/L=San Francisco/CN=Server/emailAddress=server@kir.nu' hash=5a1bc1296205e6fdbe3979728efe3920798885c1c4590b5f90f43222d239ca6a
CTRL-EVENT-EAP-TLS-CERT-ERROR reason=8 depth=0 subject='/C=US/ST=California/L=San Francisco/CN=Server/emailAddress=server@kir.nu' err='Server certificate chain probe'
CTRL-EVENT-EAP-FAILURE EAP authentication failed

Server certificate matching is configured with ca_cert, e.g.:
    ca_cert="hash://server/sha256/5a1bc1296205e6fdbe3979728efe3920798885c1c4590b5f90f43222d239ca6a"

This functionality is currently available only with OpenSSL. Other
TLS libraries (including internal implementation) may be added in
the future.
2010-02-13 11:14:23 +02:00
Jouni Malinen
7796f20edc Add new ctrl_iface event for EAP methods proposed by the server
This makes it easier for external programs to probe EAP server
preferences and potentially automatically detect which method
could be used.
2010-02-11 19:48:36 +02:00
Jouni Malinen
dff0f701d0 Preparations for v0.7.1 release 2010-01-16 19:04:38 +02:00
Jouni Malinen
b590812e8f Add preliminary documentation for ctrl_iface events 2010-01-15 19:24:08 +02:00
Jouni Malinen
abd9fafab6 Standardize on a single definition of auth_alg bitfield values 2010-01-03 21:14:40 +02:00
Jouni Malinen
70f8cc8ec8 Share the same enum for MFP configuration
The three existing enums were already depending on using the same
values in couple of places and it is just simpler to standardize on
one of these to avoid need for mapping between different enums for
the exact same thing.
2010-01-03 21:02:51 +02:00
Jouni Malinen
e049867788 More Doxygen documentation for the driver interface 2010-01-03 20:49:48 +02:00
Jouni Malinen
245519e0cd Replace wpa_supplicant_sta_rx() call with driver event
Get rid of wpa_supplicant_sta_rx() and add a new driver event that is
marked to be used only with driver_test.c. In addition, remove this
functionality from privsep wrapper. This is only use for client mode
MLME testing with driver_test.c.
2010-01-03 11:50:26 +02:00
Jouni Malinen
c2f5126941 WPS: Add Enrollee-seen event message and wpa_gui-qt4 Peers entry
This can be used to show active Enrollees in AP mode to make it
easier to provision a new device.
2009-12-28 16:24:04 +02:00
Jouni Malinen
f0d126d339 Add ctrl_iface events for BSS added/removed 2009-12-28 00:42:51 +02:00
Jouni Malinen
719347511a Get rid of unnecessary typedefs for enums. 2009-12-26 10:35:08 +02:00
Jouni Malinen
ba091c06c5 Mark ieee802_11_parse_elems() input and parsed elems const
In addition, re-order IE pointers and u8 length so that the shorter
length fields are together to allow compiler to optimize structure size.
2009-12-13 23:11:11 +02:00
Jouni Malinen
6fe8296197 Move vendor-specific IE type defines away from driver.h
These are generic IEEE 802.11 defines and do not really need to be in
the driver interface specific header file.
2009-12-10 12:27:46 +02:00
Jouni Malinen
03da66bd59 Remove src/crypto from default include path
In addition, start ordering header file includes to be in more
consistent order: system header files, src/utils, src/*, same
directory as the *.c file.
2009-11-29 23:04:43 +02:00
Jouni Malinen
90973fb2fd Remove src/common from default header file path
This makes it clearer which files are including header from src/common.
Some of these cases should probably be cleaned up in the future not to
do that.

In addition, src/common/nl80211_copy.h and wireless_copy.h were moved
into src/drivers since they are only used by driver wrappers and do not
need to live in src/common.
2009-11-29 17:51:55 +02:00
Jouni Malinen
fc4e2d9501 HT: Remove unneeded struct ht_cap_ie wrapper
It is simpler to just use the HT Capabilities IE payload structure
as-is.
2009-11-29 13:04:21 +02:00
Jouni Malinen
3a328c8133 Remove unused/unneeded IEEE 802.11n definitions 2009-11-29 12:43:23 +02:00
Jouni Malinen
a49148fd55 Rename HT Capabilities IE fields to match with IEEE Std 802.11n-2009 2009-11-29 12:02:29 +02:00
Jouni Malinen
4a867032ae Remove deprecated driver_ops handlers
This gets rid of previously deprecated driver_ops handlers set_wpa,
set_drop_unencrypted, set_auth_alg, set_mode. The same functionality
can be achieved by using the init/deinit/associate handlers.
2009-11-23 20:22:38 +02:00
Jouni Malinen
d994a9b54e Move definitions away from hostapd_defs.h
Clean up definitions to reduce need to include header files from the
hostapd directory into files under the src subdirectories.
2009-11-23 16:14:39 +02:00
Jouni Malinen
b78bc3a37e WPS ER: Add ctrl_iface notifications for AP/Enrollee add/remove 2009-11-15 12:07:27 +02:00
Jouni Malinen
43fb529750 Add AP mode WPA status into ctrl_iface 2009-10-16 18:35:45 +03:00
Jouni Malinen
20bd9547a1 Add ctrl_iface events for AP mode STA connect/disconnect
These are used to notify ctrl_iface monitors when a STA completes
connection (the port becomes authorized) and when a STA disconnects.
2009-10-16 17:51:49 +03:00
Jouni Malinen
b3ad11bb80 nl80211: Add parsing of NL80211_BSS_SEEN_MS_AGO into scan results 2009-10-01 17:53:22 +03:00
Jouni Malinen
abad3ccb1e Convert WPS IE concat routine to a generic helper
This may also be needed in wpa_supplicant and potentially for other
IE types, too.
2009-09-11 16:36:59 +03:00
Zhu Yi
8d6ca17813 nl80211: Use defines for cipher suite selectors 2009-09-03 20:21:18 +03:00
Jouni Malinen
9932c17fc8 Sync with linux/nl80211.h from wireless-testing.git 2009-08-18 11:33:40 +03:00
Jouni Malinen
04b6b3ed51 Verify that EAPOL-Key MIC generation succeeds
This can now fail, e.g., if trying to use TKIP in FIPS mode.
2009-08-16 22:35:15 +03:00
Jouni Malinen
064bb8232c Add root .gitignore file to cleanup ignore lists
This removes need for local configuration to ignore *.o and *~
and allows the src/*/.gitignore files to be removed (subdirectories
will inherit the rules from the root .gitignore).
2009-06-29 21:47:19 +03:00
Jouni Malinen
a652fc1a24 Sync with linux/nl80211.h from wireless-testing.git 2009-05-14 21:51:59 +03:00
Jouni Malinen
e572fa331c nl80211: Add MFP flag configuration for station mode
This fixes IEEE 802.11w use with driver_nl80211.c in station mode.
2009-05-12 11:55:18 +03:00
Jouni Malinen
c4e281fd91 Drop unprotected Robust Action frames from MFP STAs
These frames are delivered through mac80211 monitor interface, so we
need to filter them out in hostapd.
2009-05-08 12:51:28 +03:00
Jouni Malinen
4209a95df5 Update SA Query transaction id length based on IEEE 802.11w/D8.0
IEEE 802.11w/D8.0 changed the length of the SA Query transaction
identifier from 16 to 2 octets.
2009-05-06 18:57:17 +03:00
Jouni Malinen
da1fb17ca7 Add handling of SME auth/assoc timeout events
This allows wpa_supplicant to start searching for other APs (or re-try)
if the MLME times out.
2009-04-24 00:08:24 +03:00
Jouni Malinen
5645fbdc85 nl80211: Sync with linux/nl80211.h from wireless-testing.git
Note: This changes values for existing NL80211_ATTR_MAX_SCAN_IE_LEN
and NL80211_ATTR_KEY_TYPE (for some reason, they ended up getting
swapped in wireless-testing.git) and as such, could break Michael
MIC  error reporting (well, at least partially).
2009-04-21 17:54:50 +03:00
Jouni Malinen
ac184de0ec Sync linux/nl80211.h with wireless-testing.git
This adds support for Michael MIC failure events and info on maximum
supported scan IE length.
2009-04-09 16:39:24 +03:00
Jouni Malinen
c51218372f Merge wpa_supplicant and hostapd driver wrapper implementations
This commit merges the driver_ops structures and implementations from
hostapd/driver*.[ch] into src/drivers. This is only an initial step and
there is room for number of cleanups to share code between the hostapd
and wpa_supplicant parts of the wrappers to avoid unnecessary source
code duplication.
2009-04-09 13:40:12 +03:00
Jouni Malinen
6caf9ca68c Share same hw_feature definitions between hostapd and wpa_supplicant 2009-04-03 19:04:20 +03:00
Jouni Malinen
c746331b52 Allow hostapd/config.h and wpa_supplicant/config_ssid.h coexist
Move the shared IEEE 802.11w enum definition into src/common/defs.h to
avoid redefinition when both configuration structures are included into
the same file.
2009-03-26 16:06:15 +02:00
Jouni Malinen
c2a0407851 Add SME support (separate authentication and association)
This can be used, e.g., with mac80211-based Linux drivers with
nl80211. This allows over-the-air FT protocol to be used (IEEE
802.11r).

Since the nl80211 interface needed for this is very recent (added
today  into wireless-testing.git), driver_nl80211.c has backwards
compatibility code that uses WEXT for association if the kernel does
not support the new commands. This compatibility code can be
disabled by defining NO_WEXT_COMPAT. That code will also be removed
at  some point to clean up driver_nl80211.c.
2009-03-20 22:26:41 +02:00
Jouni Malinen
b21fab69fd Update linux/nl80211.h copy based on wireless-testing.git 2009-03-20 21:28:34 +02:00
Jouni Malinen
86f4deb635 FT: Fix status code values to match with IEEE 802.11r-2007
It looks like couple of status code values were changed during the
802.11r draft process and these were not updated in source code yet.
2009-03-09 22:28:30 +02:00
Jouni Malinen
f238cf9f42 FT: Add RIC Request processing and RIC Response generation
hostapd will now go through the RIC Request and process each RDIE. Only
WMM TSPEC requests are currently supported; all other request
descriptors will be declined.

RIC Response is written by hostapd and verified by wpa_supplicant (MIC
validation). wpa_supplicant does not yet have code to notify the driver
about the resource request results.
2009-03-09 22:25:58 +02:00
Jouni Malinen
babfbf15cc FT: Add RIC Request generation and validation (but not processing)
This adds first part of FT resource request as part of Reassocition
Request frame (i.e., FT Protocol, not FT Resource Request Protocol).
wpa_supplicant can generate a test resource request when driver_test.c
is used with internal MLME code and hostapd can verify the FTIE MIC
properly with the included RIC Request.

The actual RIC Request IEs are not processed yet and hostapd does not
yet reply with RIC Response (nor would wpa_supplicant be able to
validate the FTIE MIC for a frame with RIC Response).
2009-03-09 20:45:17 +02:00
Jouni Malinen
ed843aaa33 WMM-AC: Fix hostapd processing of ADDTS Request and add test code
Calculate the estimated medium time using integer variables since there
is no real need to use floating point arithmetics here. In addition,
make sure there is no division by zero regardless of how invalid the
request from the station is. Reject invalid parameters and refuse
requests that would take most of the bandwidth by themselves.

Add test code into wpa_supplicant mlme.c to allow WMM-AC negotiation to
be tested with driver_test.
2009-03-06 20:15:00 +02:00
Jouni Malinen
3ae0800c5f WMM cleanup (WME -> WMM rename, comments, etc.)
This updates the terminogy to match with the final WMM specification. In
addition, some of the WMM TSPEC structure fields were in incorrect order
and used without byte order swapping. Those are also taken care of this
cleanup patch.
2009-03-04 12:33:24 +02:00
Jouni Malinen
a20088e576 Allow SHA256-based key handshake to be used without 802.11r
Previously, both CONFIG_IEEE80211W=y and CONFIG_IEEE80211R=y were needed
to enable SHA256-based key handshake (WPA-PSK-SHA256 and
WPA-EAP-SHA256). This can now be done with just CONFIG_IEEE80211W=y.
2009-02-19 19:49:34 +02:00
Jouni Malinen
878ad127ba Sync nl80211_copy.h with wireless-testing linux/nl80211.h 2009-02-18 11:28:55 +02:00
Daniel Mierswa
d94d4bafbb Improved 'make install' (use BINDIR/LIBDIR, install shared objects) 2009-02-15 14:22:50 +02:00
Daniel Mierswa
6301cc5d38 Allow the privsep driver to pass the set_country to the real driver 2009-02-15 14:13:27 +02:00
Jouni Malinen
b938903e41 Sync nl80211.h with the current wireless-testing version 2009-02-12 14:46:26 +02:00
Jouni Malinen
96c7c3072d Fix privsep build with CONFIG_CLIENT_MLME=y
Add wpa_supplicant_sta_free_hw_features() and wpa_supplicant_sta_rx()
for driver wrappers in wpa_priv.
2009-02-07 10:30:32 +02:00
Jouni Malinen
6e488ff03c Remove orphaned wpa_cli control socket on EADDRINUSE
If the bind() on /tmp/wpa_ctrl_<pid>_<in-proc-counter> fails with
EADDRINUSE, there is an existing socket file with the name we are trying
to create. Since getpid() is unique, there cannot be another process
using that socket and we can just unlink the file and try again. This
can speed up client connection if wpa_cli is killed without allowing it
to clean up the socket file. [Bug 288]
2009-01-31 22:22:09 +02:00
Jouni Malinen
3b2cf800af WPS: Lock AP Setup on multiple AP PIN validation failures
If a Registrar tries to configure the AP, but fails to validate the
device password (AP PIN), lock the AP setup after four failures. This
protects the AP PIN against brute force guessing attacks.
2009-01-23 21:57:43 +02:00
Jouni Malinen
a609915233 Allow WPS APs for PIN enrollment even without Selected Registrar
Some WPS APs do not set Selected Registrar attribute to 1 properly when
using an external Registrar. Allow such an AP to be selected for PIN
registration after couple of scan runs that do not find APs marked with
Selected Registrar = 1. This allows wpa_supplicant to iterate through
all APs that advertise WPS support without delaying connection with
implementations that set Selected Registrar = 1 properly.
2009-01-23 13:10:58 +02:00
Jouni Malinen
aabe26a136 WPS: Added option to disable AP auto-config on first registration
This operation can now be moved into an external program by configuring
hostapd with wps_cred_processing=1 and skip_cred_build=1. A new
ctrl_iface message (WPS-REG-SUCCESS <Enrollee MAC addr> <UUID-E>) will
be used to notify external programs of each successful registration and
that can be used as a tricker to move from unconfigured to configured
state.
2009-01-21 13:48:10 +02:00
Jouni Malinen
790ccdb2b3 Changed the version to 0.7.0 since development branch is now 0.7.x 2009-01-20 21:16:29 +02:00
Jouni Malinen
b0e8a05a1e Sync nl80211_copy.h with wireless-testing.git linux/nl80211.h 2009-01-20 13:56:58 +02:00
Jouni Malinen
adddffd129 Fixed MFP Association Comeback mechanism to use Timeout Interval IE
The separate Association Comeback Time IE was removed from IEEE 802.11w
and the Timeout Interval IE (from IEEE 802.11r) is used instead. The
editing on this is still somewhat incomplete in IEEE 802.11w/D7.0, but
still, the use of Timeout Interval IE is the expected mechanism.
2009-01-19 18:42:10 +02:00
Jouni Malinen
13268290b6 Moved rsn_pmkid() into shared code to avoid duplication 2009-01-14 21:31:47 +02:00
Jouni Malinen
1c6e69ccda Moved documentation from developer.txt into source code files
Use Doxygen comments for functions to replace the old text file that was
not up-to-date anymore.
2009-01-08 16:33:00 +02:00
Jouni Malinen
6f78f2fb3b Preparations for 0.6.7 release 2009-01-06 20:11:15 +02:00
Jouni Malinen
e834272f73 Include pending MFP defines in nl80211_copy.h
This can be used to get rid of the extra cpp define since we have our
local copy of wireless.h and nl80211.h.
2008-12-31 18:10:14 +02:00
Jouni Malinen
c2fef14520 Sync nl80211.h copy with the current kernel version 2008-12-31 18:00:07 +02:00
Jouni Malinen
ac43f1fa39 Renamed nl80211 HT channel parameters to match with kernel 2008-12-31 17:59:13 +02:00
Jouni Malinen
c3469d1534 MFP: Fix SA Query Action Category
IEEE 802.11w/D7.0 incorrectly changed the Action Category from 8 to 7
when renaming Ping to SA Query. Category 7 is reserved for HT (IEEE
802.11n) and IEEE 802.11w will need to continue to use the category 8
that was allocated for it.
2008-12-31 17:52:05 +02:00
Jouni Malinen
93b76319f1 Renamed Ping procedure into SA Query procedure per 802.11w/D7.0
This commit changes just the name and Action category per D7.0. The
retransmit/timeout processing in the AP is not yet updated with the
changes in D7.0.
2008-12-26 11:46:21 +02:00
Jouni Malinen
9a9876bf9c Fixed the MFP Status/Reason Code values per 802.11w/D7.0 2008-12-26 11:29:17 +02:00
Jouni Malinen
ad5302a1ca WPS: Added event callback for successfully completed registration 2008-12-19 22:34:18 +02:00
Jouni Malinen
469fc3a41f WPS: Added callback for failure-after-M2/M2D
This callback is now used to stop wpa_supplicant from trying to continue
using parameters (most likely, device password) that do not work in a
loop. In addition, wpa_gui can now notify user of failed registration.
2008-12-19 22:19:41 +02:00
Jouni Malinen
4b68290e77 WPS: Added event callback and M2D notification
The event callback will be used for various event messages and the M2D
notification is the first such message. It is used to notify wpa_gui
about Registrar not yet knowing the device password (PIN).
2008-12-18 21:58:42 +02:00
Jouni Malinen
ff8a53a8d7 Use a fixed wps_msg prefix with WPS creds notification 2008-12-15 22:32:45 +02:00
Jouni Malinen
a524f05eb3 WPS: Added control interface notification for available WPS APs
Whenever new scan results include WPS AP(s) and the client is not
associated, send a notification message to control interface monitors.
This makes it easier for GUIs to notify the user about possible WPS
availability without having to go through the scan results.
2008-12-15 20:09:57 +02:00
Jouni Malinen
7e45830ab7 nl80211: Include copy of linux/nl80211.h with hostapd/wpa_supplicant
This makes it easier to build the packages and allows all new features
to be built into the binary regardless of which kernel is currently
used.
2008-12-08 11:04:13 +02:00
Jouni Malinen
15828ba820 Made 802.11 management frame IE parser aware of vendor HT Capab IE
This IE is not (at least yet) actually used for anything, but parsing it
cleans up verbose debug log a bit since thie previously unknown, but
commonly used, vendor IE was being reported as unknown.
2008-12-04 13:42:33 +02:00
Jouni Malinen
a8d8410e1f Added support for configuring secondary channel offset for HT40 2008-11-24 16:33:45 +02:00
Jouni Malinen
fc14f56759 Added IEEE 802.11n HT capability configuration (ht_capab) 2008-11-24 15:44:25 +02:00
Jouni Malinen
ba4dc6be9e Updated HT Capabilities Info field names to match with 802.11n/D7.0 2008-11-24 15:08:02 +02:00
Jouni Malinen
ad08c3633c Added preliminary Wi-Fi Protected Setup (WPS) implementation
This adds WPS support for both hostapd and wpa_supplicant. Both programs
can be configured to act as WPS Enrollee and Registrar. Both PBC and PIN
methods are supported.

Currently, hostapd has more complete configuration option for WPS
parameters and wpa_supplicant configuration style will likely change in
the future. External Registrars are not yet supported in hostapd or
wpa_supplicant. While wpa_supplicant has initial support for acting as
an Registrar to configure an AP, this is still using number of hardcoded
parameters which will need to be made configurable for proper operation.
2008-11-23 19:34:26 +02:00
Jouni Malinen
4dcfc4a5ae Preparations for 0.6.6 release 2008-11-23 17:00:52 +02:00
Jouni Malinen
988ab690ac Preparations for 0.6.5 release 2008-11-01 17:20:25 +02:00
Jouni Malinen
1add3c3387 Use the common ieee802_11_parse_elems() implementations for mlme.c 2008-10-29 21:57:01 +02:00
Jouni Malinen
cb7b04c8c9 Moved ieee802_11_parse_elems() into common code 2008-10-29 21:48:14 +02:00
Jouni Malinen
38fa763405 Added set_mode() handler for privsep 2008-09-29 17:09:26 +03:00
Jouni Malinen
565861976d Added support for using SHA256-based stronger key derivation for WPA2
IEEE 802.11w/D6.0 defines new AKMPs to indicate SHA256-based algorithms for
key derivation (and AES-CMAC for EAPOL-Key MIC). Add support for using new
AKMPs and clean up AKMP processing with helper functions in defs.h.
2008-08-31 22:57:28 +03:00
Jouni Malinen
c2a714088d Moved WMM action category definition into ieee802_11_defs.h 2008-08-31 11:06:58 +03:00
Jouni Malinen
5d22a1d5aa IEEE 802.11w: Added association ping
This updates management frame protection to use the assocition ping process
from the latest draft (D6.0) to protect against unauthenticated
authenticate or (re)associate frames dropping association.
2008-08-31 11:04:47 +03:00
Jouni Malinen
0b60b0aaad Updated MFP defines based on IEEE 802.11w/D6.0 and use new MFPC/MFPR
This adds most of the new frame format and identifier definitions from IEEE
802.11w/D6.0. In addition, the RSN IE capability field values for MFP is
replaced with the new two-bit version with MFPC (capable) and MFPR
(required) processing.
2008-08-30 14:59:39 +03:00
Jouni Malinen
f40b972690 HT: Removed unused definitions 2008-08-22 21:07:07 +03:00
Tomas Winkler
71b6ae1425 Add Intel copyright for files with 802.11n Intel changes
Signed-off-by: Tomas Winkler <tomas.winkler@intel.com>
2008-08-22 09:15:05 +03:00
Jouni Malinen
de9289c8e9 Add preliminary IEEE 802.11n support into hostapd
This commit brings in cleaned up version of IEEE 802.11n implementation
from Intel (1). The Intel tarball includes number of other changes, too,
and only the changes specific to IEEE 802.11n are brought in here. In
addition, this does not include all the changes (e.g., some of the
configuration parameters are still missing and driver wrapper changes for
mac80211 were not included).

(1)
http://www.kernel.org/pub/linux/kernel/people/chuyee/wireless/iwl4965_ap/hostap_0_6_0_intel_0.0.13.1.tgz
2008-08-21 18:18:38 +03:00
Jouni Malinen
c1e033b0bb IEEE Std 802.11r-2008 has been released, so update references 2008-08-15 11:25:24 +03:00
Jouni Malinen
d48ae45b73 Preparations for 0.6.4 release 2008-08-10 20:33:12 +03:00
Jouni Malinen
f0732adfe0 WEXT: IEEE 802.11w/MFP configuration
Added configuration of MFP related parameters with WEXT. The changes to
linux/wireless.h have not yet been applied to the Linux kernel tree, so the
code using them is still open to changes and is ifdef'ed out if
CONFIG_IEEE80211W is not set.
2008-06-18 11:13:33 +03:00
Masakazu Mokuno
e0f775b2a4 Add the flags for the drivers which do 4-way handshake
Add the new flags which are supposed to be included in Linux 2.6.27
for the drivers which want to do 4-way handshake and to know PMK.

Signed-off-by: Masakazu Mokuno <mokuno@sm.sony.co.jp>
2008-06-18 11:03:18 +03:00
Jouni Malinen
4fba48a5a7 Silence compiler warnings about out of array bounds indexes
struct wpa_ie_hdr had separate fields for 24-bit OUI and 8-bit oui_type
for WPA/RSN selectors. {WPA,RSN}_SELECTOR_{GET,PUT} access these four
octets through oui and the "out-of-bounds" access for the fourth octet is
actually reading/writing oui_type. This works fine, but some tools complain
about the array bounds "failure". Since oui_type is never accessed
separately, the simplest fix is to just combine these into a single 4-octet
field.
2008-06-05 17:50:53 +03:00
Jouni Malinen
ccfab35a6a Silence gcc 4.3.0 warnings about invalid array indexes 2008-03-12 09:33:18 +02:00
Jouni Malinen
b0194fe07e Added max_listen_interval configuration option
This allows associations to be denied if the STA tries to use too large
listen interval. The default value is 65535 which matches with the field
size limits.
2008-02-27 17:54:06 -08:00
Jouni Malinen
6fc6879bd5 Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00