Commit Graph

2510 Commits

Author SHA1 Message Date
Johannes Berg
3117ad4283 hostapd: Add second VHT frequency segment config
Add the configuration option vht_oper_centr_freq_seg1_idx
for the second segment of an 80+80 MHz channel and use it
when building the VHT operation IE.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2012-11-24 18:02:29 +02:00
Johannes Berg
202d97d477 hostapd: Add VHT PHY selector if VHT is required
If VHT is required, add the VHT PHY selector to
the (extended) supported rates IE.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>
2012-11-24 17:27:16 +02:00
Pontus Fuchs
fb660a9431 Do not double free cfg struct if netlink_init() fails
If netlink_init() fails on socket create or bind the cfg struct
provided as parameter is freed by netlink_init(). Callers of
netlink_init() also free this struct on their error paths leading
to double free.

Signed-hostap: Pontus Fuchs <pontus.fuchs@gmail.com>
2012-11-24 16:47:20 +02:00
Jouni Malinen
f403dcd648 HS 2.0: Maintain a copy of HS 2.0 Indication from Association Request
This allows the AP to figure out whether a station is a HS 2.0 STA
during the association and access any information that the STA may have
included in this element.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-24 12:24:31 +02:00
Sunil Dutt
ffa45a1343 P2P: Increase the maximum number of PD Request retries
Change the maximum retry limit from 10 to 120 to match the behavior
used with GO Negotiation Request frames when trying to start GO
Negotiation with a peer that does not acknowledge frames (e.g., due
to being in sleep or on another channel most of the time).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-23 01:15:51 +02:00
Jouni Malinen
175171ac6c P2P: Retry PD Request in join-a-running-group case
The GO may be in sleep when we send a PD Request frame to indicate that
we are about to join a running group. Previously, this frame was not
retried more than normal low level retries. This can result in the GO
not getting the frame especially in cases where concurrent multi-channel
operations or aggressive sleep schedule is used since most drivers do
not yet synchronize with the GO's NoA before association.

Increase the likelihood of the GO receiving the PD Request frame by
retransmitting it similarly to the PD-for-GO-Negotiation case. Start
the actual join operation only after these retries have failed to get
an acknowledgment from the GO to give the connection attempt a chance
to succeed if the driver implements better NoA synchronization for it.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-23 00:53:42 +02:00
Sunil Dutt
6752716663 P2P: Set user_initiated_pd separately from the join parameter
p2p_prov_disc_req() used the join parameter to figure out whether the PD
request was a user initiated or not. This does not cover all use cases
of PD, so add a separate parameter to allow caller to indicate whether
the user requested the operation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-23 00:48:58 +02:00
Jouni Malinen
ee431d77a5 Add preliminary support for using SQLite for eap_user database
CONFIG_SQLITE=y option can now be used to allow the eap_user_file text
file to be replaced with a SQLite database
(eap_user_file=sqlite:/path/to/sqlite.db). hostapd.eap_user_sqlite
shows an example of how the database tables can be created for this
purpose. This commit does not yet include full functionality of the
text file format, but at least basic EAP-TTLS/MSCHAPv2 style
authentication mechanisms with plaintext passwords can be used for
tests.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-21 00:47:47 +02:00
Jouni Malinen
6201b052c8 nl80211: Add support for TDLS request event from the driver
The NL80211_CMD_TDLS_OPER command can be used as an event based on a
recent cfg80211 commit, so add code to map that to internal
wpa_supplicant event to request TDLS link setup/teardown.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-19 17:00:07 +02:00
Jouni Malinen
c772d054c2 hostapd: Fix a regression in TKIP countermeasures processing
Commit 296a34f0c1 changed hostapd to
remove the internal STA entry at the beginning of TKIP countermeasures.
However, this did not take into account the case where this is triggered
by an EAPOL-Key error report from a station. In such a case, WPA
authenticator state machine may continue processing after having
processed the error report. This could result in use of freed memory.
Fix this by stopping WPA processing if the STA entry got removed.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-18 13:06:03 +02:00
Jouni Malinen
6366a17ce3 WPS: Add a workaround for PBC session overlap detection
Some deployed station implementations implement WPS incorrectly and
end up causing PBC session overlap issues by indicating active PBC
mode in a scan after the WPS provisioning step. Work around this by
ignoring active PBC indication in a Probe Request from a station that
completed PBC provisioning during the last five seconds.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-15 19:59:04 +02:00
Jouni Malinen
1ce0aa044c Remove unused disassociate() driver_ops
Commits 07783eaaa0 and
3da372fae8 removed the only users of the
disassociate() driver operation, so these driver wrapper functions can
also be removed now.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-15 00:06:12 +02:00
Jouni Malinen
0779c227af Hide strict-aliasing warning with gcc 4.7
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-11 20:29:20 +02:00
Jouni Malinen
9d7a63dc20 nl80211: Avoid strict-aliasing warning with gcc 4.7
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-11 20:28:27 +02:00
Christopher Wiley
a8c5b43ad3 nl80211: Roam correctly through cfg80211 without SME
Change the nl80211 driver in wpa_supplicant to correctly handle
connecting to a new AP through cfg80211 without SME capability. As
before, the driver will disconnect from the previously associated AP,
but now we attempt to immediately connect to our intended AP. This
prevents us from blacklisting the AP we were trying to connect to
because of a semantic mismatch between cfg80211 and wpa_supplicant. The
disconnect/connect patch generates a local disconnect nl80211 event
which we discard because we're already correctly tracking the pending
association request.

In detail:

cfg80211 does not support connecting to a new BSS while already
connected to another BSS, if the underlying driver doesn't support
separate authenticate and associate commands. wpa_supplicant is written
to expect that this is a supported operation, except for a little error
handling that disconnects from the current BSS when roaming fails and
relies on autoconnect logic to reconnect later. However, this failure to
connect is incorrectly attributed to the new AP we attempted to
associate with, rather than a local condition in cfg80211.

The combined effect of these two conditions is that full-mac drivers
accessible through cfg80211 but without SME capability take a long time
to roam across BSS's because wpa_supplicant will:
1) Fail to associate for local reasons
2) Disconnect and return that the association request failed
3) Blacklist the association target (incorrectly)
4) Do a scan
5) Pick a less desirable AP to associate with

Signed-hostap: Christoper Wiley <wiley@chromium.org>
2012-11-11 16:15:29 +02:00
Baruch Siach
b49019dd3d atheros: Remove redundant l2_packet_get_own_addr call
Commit deca6eff74 added a redundant call
to l2_packet_get_own_addr. Use the information we already have in
atheros_init.

Signed-hostap: Baruch Siach <baruch@tkos.co.il>
2012-11-11 16:07:28 +02:00
Jouni Malinen
58fd49c05d EAP-SIM/AKA server: Fix memory leak in error path
If identity round limit is reached, EAP-SIM/AKA session is terminated.
This needs to free the allocated message.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-11 13:15:49 +02:00
Jouni Malinen
8cd93a01a9 Check hapd_iface more consistently in hostapd_disable_iface()
There is no point in the hapd_iface == NULL validate after this pointer
has been dereferences, so move the code dereferencing hapd_iface after
the check.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-11 13:11:15 +02:00
Jouni Malinen
207fb86411 WPS: Remove deprecated UFD config method and OOB ctrl_iface
The UFD (USB flash drive) configuration method was deprecated in WSC
2.0. Since this is not known to be used, remove the UFD implementation
from hostapd and wpa_supplicant to allow the WPS implementation to be
cleaned up. This removes the now unused OOB operations and ctrl_iface
commands that had already been deprecated by the new NFC operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-11 13:01:06 +02:00
Masashi Honma
30c371e8a5 P2P: Reduce redundant PSK generation for GO
The PSK generation done by pbkdf2_sha1() is one of the longest CPU time
users according to our profiling from boot to GO started.

So I have reduced some steps.

I could boot a GO by this command sequence.
-------------
add_net
set_network 0 ssid '"DIRECT-XX"'
set_network 0 psk
'"123456789012345678901234567890123456789012345678901234567890123"'
set_network 0 proto RSN
set_network 0 key_mgmt WPA-PSK
set_network 0 pairwise CCMP
set_network 0 auth_alg OPEN
set_network 0 mode 3
set_network 0 disabled 2
p2p_group_add persistent=0 freq=2412
-------------

By this sequence, pbkdf2_sha1() was called three times and the function
calculates the same value each time. Reduce number of calls to
pbkdf2_sha1() from 3 to 1 by caching the previous result.

Signed-hostap: Masashi Honma <masashi.honma at gmail.com>
2012-11-11 11:39:24 +02:00
Jouni Malinen
1e8a6e7553 Remove unused wpa_supplicant_disassociate()
This function is now unused after the last couple of commits that
removed the last uses, so remove this to keep code simpler since all
places that disassociate, can use deauthentication instead.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-05 17:05:37 +02:00
Jouni Malinen
3da372fae8 Use deauthentication instead of disassociation on RSN element mismatch
Even though the standard currently describes disassociation to be used
for RSN element mismatch between Beacon/Probe Response frames and
EAPOL-Key msg 3/4, this is unnecessary difference from other cases that
deauthenticate. In addition, there is no point in leaving the 802.11
Authentication in place in this case. To keep things simpler, use
deauthentication here to get rid of the only use of
wpa_sm_disassociate().

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-05 17:01:07 +02:00
Jouni Malinen
7d81932d27 nl80211: Make debug log more readable for driver events
Print the full name of the nl80211 event message in the debug log to
make it easier to parse the debug log.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-11-03 13:54:43 +02:00
Jouni Malinen
b363121a20 WPS: Reject invalid credential more cleanly
If WPS Registrar tries to provision a WPA/WPA2-Personal network without
including a valid Network Key, the network block cannot be used to
connect to the network. Reject such credential without adding the
network block. This makes wpa_supplicant send WSC_NACK as a response to
the invalid Credential and stop the provisioning process immediately
rather than only after trying unsuccessfully to connect to the network.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-11-01 16:30:35 +02:00
Jouni Malinen
96beff11d1 P2P: Allow discoverable interval for p2p_find to be configured
The new P2P_SET parameter disc_int can now be used to configure
discoverable interval for p2p_find operations. The format of the command
for setting the values is "P2P_SET disc_int <minDiscoverableInterval>
<maxDiscoverableInterval> <max TUs for discoverable interval>". The
first two parameters are given in units of 100 TUs (102.4 ms). The third
parameter can be used to further limit the interval into a specific TU
amount. If it is set to -1, no such additional limitation is enforced.
It should be noted that the P2P specification describes the random
Listen state interval to be in units of 100 TUs, so setting the max TU
value to anything else than -1 is not compliant with the specification
and should not be used in normal cases. The default parameters can be
set with "P2P_SET disc_int 1 3 -1".

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-30 15:12:04 +02:00
Jouni Malinen
9f36eac6e5 WPS: Remove old OOB NFC interface
The old WPS interface for using NFC has no known deployments and even
the binary libraries referenced here are not easily available anymore.
Since the new interface for using NFC with WPS covers the same
functionality, remove the old implementation to clean up WPS
implementation.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-10-28 18:20:03 +02:00
Jouni Malinen
bd3a373767 WPS: Use AP Channel attribute in credential to speed up scan
When WPS is used with NFC connection handover, the AP may indicate its
operating channel within the credential information. Use this
informatiom, if present, to speed up the scan process.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-10-28 18:02:04 +02:00
Jouni Malinen
e65552ddf2 WPS: Add preliminary NFC connection handover support for Enrollee
This commit adds new wpa_supplicant ctrl_iface commands to allow
external programs to go through NFC connection handover mechanism
with wpa_supplicant taking care of the WPS processing. This version
includes only the case where wpa_supplicant is operating as a
station/Enrollee.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-10-28 17:39:46 +02:00
Jouni Malinen
86cf382b80 Fix EAPOL supplicant port authorization with PMKSA caching
The previous eapol_sm_notify_cached() implementation forced the port
to be authorized when receiving EAPOL-Key msg 1/4 that included a
matching PMKID in cases when PMKSA caching is used. This is too early
since the port should really be authorized only after the PTK has been
configured which is the case when PMKSA caching is not used.

Fix this by using the EAPOL supplicant PAE state machine to go through
the AUTHENTICATING and AUTHENTICATED states instead of forcing a jump
to AUTHENTICATED without performing full state machine steps. This can
be achieved simply by marking eapSuccess TRUE at least with the current
version of EAP and EAPOL state machines (the earlier commits in this
function seemed to indicate that this may have not been that easy in
the older versions due to the hacks needed here).

This addresses an issue with nl80211-based driver interface when the
driver depends on the STA Authorized flag being used to prevent
unprotected frames from being accepted (both TX and RX) prior to PTK
configuration.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-10-27 11:52:43 +03:00
Jouni Malinen
04a3e69dd1 P2P: Allow all channels with multi-channel concurrency
If the driver indicates support for multi-channel concurrency, change
the p2p_connect behavior to not force the current operating channel, but
instead, just mark it as preferred for GO Negotiation. This change
applies only for the case when the freq parameter is not used with the
p2p_connect command.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-26 18:10:46 +03:00
David Bird
f826635c2d Fix EAPOL processing when STA switches between multi-BSSes
There was an issue with EAPOL frame exchanges in a multi-BSS
configuration when a station switches between the BSSes controlled by
the same hostapd process. When processing the EAPOL packet, the array of
virtual APs (iface->bss) is searched looking for the station that sent
the packet in order to identify which signal context should be used
during processing. The first match of the station in its list gets used
in the ieee802_1x_receive() function. However, even after a station has
disassociated, it remains in the list of stations pending an inactivity
timeout. This leads to the wrong hapd context (one where the station had
already disassociated) being used in some cases (if the current/active
bss entry appears in the list after one where the station has just
disassociated from) for EAPOL processing.

Fix this by checking the WLAN_STA_ASSOC flag before assuming the right
hapd context was found for the given station.

Signed-hostap: David Bird <dbird@powercloudsystems.com>
intended-for: hostap-1
2012-10-25 09:20:15 +03:00
Jouni Malinen
569fed9045 nl80211: Add support for SAE operations
This uses the recent cfg80211 changes to allow SAE authentication to be
implemented with the nl80211 driver interface.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-10-24 09:10:42 +03:00
Jouni Malinen
516059c753 Sync with linux/nl80211.h in wireless-testing.git
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-10-24 09:08:38 +03:00
Jouni Malinen
13ece96f70 P2P: Improve robustness against lost ctrl::ack frames
P2P includes two use cases where one of the devices is going to start a
group and likely change channels immediately after processing a frame.
This operation may be fast enough to make the device leave the current
channel before the peer has completed layer 2 retransmission of the
frame in case the ctrl::ack frame was lost. This can result in the peer
not getting TX status success notification.

For GO Negotiation Confirm frame, p2p_go_neg_conf_cb() has a workaround
that ignores the TX status failure and will continue with the group
formation with the assumption that the peer actually received the frame
even though we did not receive ctrl::ack. For Invitation Response frame
to re-invoke a persistent group, no such workaround is used in
p2p_invitation_resp_cb(). Consequently, TX status failure due to lost
ctrl::ack frame results in one of the peers not starting the group.

Increase the likelihood of layer 2 retransmission getting acknowledged
and ctrl::ack being received by waiting a short duration after having
processed the GO Negotiation Confirm and Invitation Response frames for
the re-invocation case. For the former, use 20 ms wait since this case
has been worked around in deployed devices. For the latter, use 50 ms
wait to get even higher likelihood of getting ctrl::ack through since
deployed devices (and the current wpa_supplicant implementation) do not
have a workaround to ignore TX status failure.

20 ms is long enough to include at least couple of retries and that
should increase likelihood of getting ctrl::ack through quite a bit. The
longer 50 ms wait is likely to include full set of layer 2 retries.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-13 17:33:16 +03:00
Jouni Malinen
ed61d2a5f9 Fix regression in LEAP
Commit 458cb30191 broke LEAP since it
rejects EAP-Success packet that is used within LEAP and this frame does
not have a payload. Fix LEAP by relaxing the generic EAP packet
validation if LEAP has been negotiated.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-11 21:50:57 +03:00
Jouni Malinen
3a643324c6 WPS: Limit number of active wildcard PINs to one
Previously, WPS Registrar allowed multiple wildcard PINs to be
configured. This can get confusing since these PINs get assigned to any
Enrollee that does not have a specific PIN and as such, cannot really be
used with different PIN values in reasonable ways. To avoid confusion
with multiple enabled PINs, invalidate any previously configured
wildcard PIN whenever adding a new one.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-10 17:38:06 +03:00
Jouni Malinen
458cb30191 EAP-TLS: Add extra validation for TLS Message Length
While the existing code already addresses TLS Message Length validation
for both EAP-TLS peer and server side, this adds explicit checks and
rejection of invalid messages in the functions handling reassembly. This
does not change externally observable behavior in case of EAP server.
For EAP peer, this starts rejecting invalid messages instead of
addressing them by reallocating the buffer (i.e., ignoring TLS Message
Length in practice).

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-10-07 20:18:10 +03:00
Jouni Malinen
586c446e0f EAP-TLS server: Fix TLS Message Length validation
EAP-TLS/PEAP/TTLS/FAST server implementation did not validate TLS
Message Length value properly and could end up trying to store more
information into the message buffer than the allocated size if the first
fragment is longer than the indicated size. This could result in hostapd
process terminating in wpabuf length validation. Fix this by rejecting
messages that have invalid TLS Message Length value.

This would affect cases that use the internal EAP authentication server
in hostapd either directly with IEEE 802.1X or when using hostapd as a
RADIUS authentication server and when receiving an incorrectly
constructed EAP-TLS message. Cases where hostapd uses an external
authentication are not affected.

Thanks to Timo Warns for finding and reporting this issue.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-10-07 20:06:29 +03:00
Jouni Malinen
21af6d15a8 SAE: Add Finite Cyclic Group negotiation and Send-Confirm
This replaces the previously used bogus test data in SAE messages with
the first real field. The actual SAE authentication mechanism is still
missing and the Scaler, Element, and Confirm fields are not included.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-10-06 19:30:54 +03:00
Vladimir Kondratiev
c097652828 60 GHz: Fix error while processing scan results
Channel frequency for 60 GHz band do not fit into 'short int', as was
used. Expand it to 'int'

Signed-off-by: Vladimir Kondratiev <qca_vkondrat@qca.qualcomm.com>
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-04 16:32:23 +03:00
Jouni Malinen
315dbfb11e WPS: Fix a potential memory leak on wps_init() error path
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-10-02 16:51:27 +03:00
Jouni Malinen
369c8d7bcd Reserve AKM and cipher suite values
These values are used with WAPI and CCX and reserving the definitions
here reduces the number of merge conflicts with repositories that
include these functions.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-30 20:26:55 +03:00
Jouni Malinen
c10347f246 Add initial parts for SAE
This introduces new AKM for SAE and FT-SAE and adds the initial parts
for going through the SAE Authentication frame exchange. The actual SAE
algorithm and new fields in Authentication frames are not yet included
in this commit and will be added separately. This version is able to
complete a dummy authentication with the correct authentication
algorithm and transaction values to allow cfg80211/mac80211 drivers to
be tested (all the missing parts can be handled with
hostapd/wpa_supplicant changes).

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-30 19:51:07 +03:00
Jouni Malinen
905029097c Sync with linux/nl80211.h in wireless-testing.git
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-30 10:49:46 +03:00
Mykyta Iziumtsev
817762d9c4 nl80211: Don't send BSSID with disconnect command
NL80211_CMD_DISCONNECT doesn't need BSSID, because cfg80211
uses locally saved value.

Signed-hostap: Mykyta Iziumtsev <mykyta.iziumtsev@gmail.com>
2012-09-29 19:01:50 +03:00
Raja Mani
39b1572c41 Include connected time in AP mode STA-* commands
This allows hostapd_cli and wpa_cli all_sta command to be used to
display connected time (in seconds) of each station in AP mode.

Signed-hostap: Raja Mani <rmani@qca.qualcomm.com>
2012-09-26 13:52:19 +03:00
Jouni Malinen
213c1fa84d P2P: Fix ignoring of PD Response due to dialog token mismatch
Commit 6b56cc2d97 added clearing of the
p2p->pending_action_state too early in this function. This should not
be done if we are going to silently ignore the frame due to dialog
token mismatch. Fix this by moving the code around to check the dialog
token first.

This issue resulted in PD Request retries getting stopped too early if
the peer is sending out an unexpected PD Response (e.g., because of it
being excessively slow with the response so that the response is
received only after the next TX attempt with a new dialog token).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-25 21:41:52 +03:00
Jouni Malinen
2cd0758441 P2P: Allow peer to propose channel in invitation process
Make Invitation process for re-invoking a persistent group behave
similarly to GO Negotiation as far as channel negotiation is concerned.
The Operating Channel value (if present) is used as a starting point if
the local device does not have a forced operating channel (e.g., due to
concurrent use). Channel lists from devices are then compared to check
that the selected channel is in the intersection. If not, channel is
selected based on GO Negotiation channel rules (best channel preferences
etc.). Invitation Request is rejected if no common channel can be
selected.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-24 22:15:58 +03:00
Jouni Malinen
7759fba1c2 P2P: Show own channel list in debug log
This makes it easier to debug channel negotiation mechanisms.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-09-24 22:14:50 +03:00
Felix Fietkau
73a3c6ffca nl80211: Use the monitor interface if socket tx status is not supported
Fixes hostapd on recent compat-wireless builds with older kernels.

Signed-hostap: Felix Fietkau <nbd@openwrt.org>
2012-09-23 13:28:31 +03:00