In preparation for adding further command completion support
to hostapd_cli move some cli related utility functions out of
wpa_cli into a new common cli file.
Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
This commit defines QCA vendor subcommand and attributes for IE based
access control, i.e., the specific configured IE (full IE) is matched
with the frames originated by the Wi-Fi STA / AP to accept or deny the
connection. A specific IE can either be a whitelist or blacklist.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit introduces a new vendor sub command
QCA_NL80211_VENDOR_SUBCMD_GPIO_CONFIG_COMMAND and associated
attributes to configure GPIO pins.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This makes wpa_supplicant set default scan IEs to the driver (if the
vendor command is supported). The driver can use these IEs in the scan
requests initiated by the driver itself. Also the driver can merge these
IEs into further scan requests that it receives, in case if the scan
request doesn't carry any of the IEs sent in this command.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously, HT/VHT state was shown in STATUS based on the configuration
parameter instead of the runtime operational parameters. This could
result in claiming HT/VHT to be enabled even when it was forced to be
disabled due to an incompatible configuration. Clear HT/VHT information
in the STATUS output if HT/VHT has been disabled.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
If params->freq is NULL here, it leads to a segfault. Do not initialize
bss->bandwidth if params->freq is NULL.
Signed-off-by: Chaitanya T K <Chaitanya.Mgit@gmail.com>
Previously, HT capability IE and HT information IE were included in
Beacon and Mesh Peering Open/Confirm frames even if HT is disabled with
disable_ht=1. This patch removes these.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
If a peer stops sending adv_service_instance, we should clear the
existing dev->info.p2ps_instance.
This commit fixes the following scenario:
When peer device stops sending adv_service_instance, wpa_supplicant did
not remove old dev->info.p2ps_instance from device's property. This
variable should be updated as per peer behavior and should be cleared
when peer stops sending this information.
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
Remove the unnecessary os_free() call from p2p_deinit() since
p2p_flush() called just above this takes care of freeing
p2p->after_scan_tx and the second call here ends up being no-op
os_free(NULL) in practice.
Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
Previously, mesh power management functionality works only with kernel
MPM. Because user space MPM did not report mesh peer AID to kernel,
the kernel could not identify the bit in TIM element. So this patch
reports mesh peer AID to kernel.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This commit introduces a new vendor sub command
QCA_NL80211_VENDOR_SUBCMD_SAP_CONDITIONAL_CHAN_SWITCH and associated
attributes which aim to configure selected frequencies on which the AP
can conditionally switch onto for preferred operation.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 49fe2ada20 ('OpenSSL: Support
OpenSSL 1.1.0 DH opacity') started using the new accessor functions, but
used incorrect success check for the DH_set0_key() call. This resulted
in dh5_init_fixed() failures and double-free on error path if the build
was linked against OpenSSL 1.1.0. Fix this by checking DH_set0_key()
return value to be 1 for the success case.
Signed-off-by: Jouni Malinen <j@w1.fi>
These control interface event message are used by external programs, so
define them a bit more formally in the header file.
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows P2P Listen to be offloaded to device to enhance power
saving.
To start P2P listen offload, from wpa_cli interface, issue the command:
p2p_lo_start <freq> <period> <interval> <count>
To stop P2P listen offload, issue the command:
p2p_lo_stop
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Provides operating frequency in EVENT_ASSOC when IBSS is joined so that
wpa_s->assoc_freq can be updated when any IBSS network is joined.
Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
During the P802.11s draft development, there were separate LISTEN and
IDLE states. However, the current IEEE 802.11 standards uses only the
IDLE state while the implementation called this LISTEN. Rename the state
in the implementation to match the one used in the standard to avoid
confusion. In addition, rename OPEN_{SENT,RCVD} to OPN_{SNT,RCVD} to
match the exact spelling of these states in the standard.
Signed-off-by: Jouni Malinen <j@w1.fi>
OpenSSL 1.1.0 (master branch) apparently ended up modifying the API
after the beta 2 release that was supposed to complete the work. Mark
the variables const to fix the compilation with the modified OpenSSL
API.
Signed-off-by: Jouni Malinen <j@w1.fi>
These elements can be used for pre-standard publication testing of HE
before P802.11ax draft assigns the element ID. The payload of these
vendor specific elements is defined by the latest P802.11ax draft.
Please note that the draft is still work in progress and the element
payload is subject to change.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This is now annotated as be16, so use it as such in all cases instead of
first storing host byte order value and then swapping that to big endian
in other instances of the same structure. This gets rid of number of
sparse warnings.
Signed-off-by: Jouni Malinen <j@w1.fi>
driver_wired.c pulls in utils/common.h before net/if.h as a workaround
for NetBSD build. This results in IFNAMSIZ getting redefined and sparse
warning about this. Silence that warning by undefining the IFNAMSIZ
definition from common.h to allow the one from net/if.h being used. In
addition, remove duplicated inclusion of net/if.h.
Signed-off-by: Jouni Malinen <j@w1.fi>
This gets rid of a sparse warning and also allows the compatibility of
the declarations to be verified (a missing const declaration is fixed
here as well).
Signed-off-by: Jouni Malinen <j@w1.fi>
This gets rid of number of sparse warnings and also allows the
compatibility of the declarations to be verified (number of missing
const declarations are fixed here as well).
Signed-off-by: Jouni Malinen <j@w1.fi>
This allows the compiler to check that function prototypes match the
implementation. In addition, this gets rid of sparse warnings.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
These are called through function pointers, so no need to make the
function symbols directly available outside this file.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This converts some of the PAE code to use a design that gets rid
unnecessary warnings from sparse and allows more thorough validation of
byte order operations.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
These are called through function pointers, so no need to make the
function symbols directly available outside this file.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
These little endian fields were not marked properly and the type case in
the get_unaligned_* helper macros were causing warnings from sparse.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Couple of fsts_id and llt fields were not properly swapped from host
byte order to little endian byte order used in the frames. Fix this and
use the le32 type to make this more consistent and verifiable with
sparse.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Since crypto_openssl.c is now implementing couple of functions
internally, pull in the relevant header files md5.h and aes_wrap.h to
make sure the function declaration are consistent.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Freeing memory for subjectAltName in parse_cert(), will give cert_cb
pointers to freed memory zone that may already been overwritten. Memory
for subjectAltName is released in parse_cert_free().
Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
The "Accepting Additional Mesh Peerings bit == 0" means the peer cannot
accept any more peers, so suppress attempt to open a connection to such
a peer.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
This moves pairwise, group, and management group ciphers to various mesh
data structures to avoid having to hardcode cipher in number of places
through the code. While CCMP and BIP are still the hardcoded ciphers,
these are now set only in one location.
Signed-off-by: Jouni Malinen <j@w1.fi>
The AMPE element includes number of optional and variable length fields
and those cannot really be represented by a fixed struct
ieee80211_ampe_ie. Remove the optional fields from the struct and
build/parse these fields separately.
This is also adding support for IGTKdata that was completely missing
from the previous implementation. In addition, Key RSC for MGTK is now
filled in and used when configuring the RX MGTK for a peer.
Signed-off-by: Jouni Malinen <j@w1.fi>
The previous implementation was incorrect in forcing the MGTK to be used
as the IGTK as well. Define new variable for storing IGTK and use that,
if set, to configure IGTK to the driver. This commit does not yet fix
AMPE element parsing to fill in this information.
Signed-off-by: Jouni Malinen <j@w1.fi>
This extends the data structures to allow variable length MGTK to be
stored for RX. This is needed as an initial step towards supporting
different cipher suites.
Signed-off-by: Jouni Malinen <j@w1.fi>
This is initial step in fixing issues in how PMF configuration for RSN
mesh was handled. PMF is an optional capability for mesh and it needs to
be configured consistently in both hostapd structures (to get proper
RSNE) and key configuration (not included in this commit).
Signed-off-by: Jouni Malinen <j@w1.fi>
Commit 0603bcb7fe ('hostapd: Process MAC
ACLs on a station association event (SME in driver)') processes MAC ACL
on a station association event for drivers which use AP SME offload but
does not consider the scenario where the drivers offload ACL. This can
result in station disconnection, though the driver accepts the
connection. Address this by avoiding the hostapd ACL check for the
drivers offloading MAC ACL.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This commit also introduces a new attribute MANDATORY_FREQUENCY_LIST
which aims for AP operation in a channel that ensures best concurrency
sessions.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
eloop deinit calls could trigger segmentation fault if the early error
path is hit before eloop_init() gets called.
Signed-off-by: Jouni Malinen <j@w1.fi>
Verify that fst_global_init() has been called before deinitializing the
global FST context. This makes it a bit easier to handle failure paths
from initialization.
Signed-off-by: Jouni Malinen <j@w1.fi>
Set max peer links to kernel even when wpa_supplicant MPM is used. This
sets the correct value for the "Accepting Additional Mesh Peerings bit"
in "Mesh Capability field" in "Mesh Configuration element" in the Beacon
frame.
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
Recent versions of engine_pkcs11 are set up to be autoloaded on demand
with ENGINE_by_id() because they don't need explicit configuration.
But if we *do* want to explicitly configure them with a PKCS#11 module
path, we should still do so.
We can't tell whether it was already initialised, but it's harmless to
repeat the MODULE_PATH command if it was.
Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Tested-by: Michael Schaller <misch@google.com>
Any data accessible from nla_data() is freed before the
send_and_recv_msgs() function returns, therefore we need to allocate
space for info.flags ourselves.
Signed-off-by: Paul Stewart <pstew@google.com>
gas_address3=1 can now be used to force hostapd to use the IEEE 802.11
standards compliant Address 3 field value (Wildcard BSSID when not
associated) even if the GAS request uses non-compliant address (AP
BSSID).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Previously all TX status events with wildcard BSSID were ignored. This
did not allow Public Action frame TX status to be processed with the
corrected wildcard BSSID use. Fix this to be allowed. In practice, this
affects only test cases since Action frame TX status was not used for
anything else.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
IEEE Std 802.11-2012, 10.19 (Public Action frame addressing) specifies
that the wildcard BSSID value is used in Public Action frames that are
transmitted to a STA that is not a member of the same BSS. hostapd used
to use the actual BSSID value for all such frames regardless of whether
the destination STA is a member of the BSS.
Fix this by using the wildcard BSSID in cases the destination STA is not
a member of the BSS. Leave group addressed case as-is (i.e., the actual
BSSID), since both values are accepted. No such frames are currently
used, though.
This version is still using the AP BSSID value in the Address 3 field
for GAS response frames when replying to a GAS request with AP BSSID
instead of Wildcard BSSID. This is left as a workaround to avoid
interoperability issues with deployed STA implementations that are still
using the non-compliant address and that might be unable to process the
standard compliant case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This adds the necessary changes to support extraction and use of the
extended capabilities specified per interface type (a recent
cfg80211/nl80211 extension). If that information is available,
per-interface values will be used to override the global per-radio
value.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add a new "timeout" argument to the event message if the nl80211 message
indicates that the connection failure is not due to an explicit AP
rejection message. This makes it easier for external programs to figure
out why the connection failed.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This allows the simplest case of SAE group negotiation to occur by
selecting the next available group if the peer STA indicates the
previous one was not supported. This is not yet sufficient to cover all
cases, e.g., when both STAs need to change their groups, but at least
some cases are no covered.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
hostapd deinit functions were not ready to handle a case where the data
structures were not fully initialized. Make these more robust to allow
wpa_supplicant mesh implementation to use the current deinit design in
OOM error cases without causing NULL pointer dereferences.
Signed-off-by: Jouni Malinen <j@w1.fi>
This avoids internal access of structs and also removes the dependency
on the reimplemented TLS PRF functions when EAP-FAST support is not
enabled. Notably, BoringSSL doesn't support EAP-FAST, so there is no
need to access its internals with openssl_get_keyblock_size().
Signed-Off-By: David Benjamin <davidben@google.com>
Most protocols extracting keys from TLS use RFC 5705 exporters which is
commonly implemented in TLS libraries. This is the mechanism used by
EAP-TLS. (EAP-TLS actually predates RFC 5705, but RFC 5705 was defined
to be compatible with it.)
EAP-FAST, however, uses a legacy mechanism. It reuses the TLS internal
key block derivation and derives key material after the key block. This
is uncommon and a misuse of TLS internals, so not all TLS libraries
support this. Instead, we reimplement the PRF for the OpenSSL backend
and don't support it at all in the GnuTLS one.
Since these two are very different operations, split
tls_connection_prf() in two. tls_connection_export_key() implements the
standard RFC 5705 mechanism that we expect most TLS libraries to
support. tls_connection_get_eap_fast_key() implements the
EAP-FAST-specific legacy mechanism which may not be implemented on all
backends but is only used by EAP-FAST.
Signed-Off-By: David Benjamin <davidben@google.com>
Commit 68ae4773a4 ('OpenSSL: Use library
wrapper functions to access cert store') fixed most of these, but missed
a few.
Signed-Off-By: David Benjamin <davidben@google.com>
This makes changes such that hostapd (and wpa_supplicant AP mode)
registers to kernel for specific Action frames instead of generically
registering for all Action frames. This makes it easier for other
programs to register for some Action frames that hostapd does not handle
today without having to somehow coordinate directly with hostapd.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Add P2PS config flag only when config_methods are set. This restores the
pre-P2PS behavioer for the cases where Display or Keypad config method
is specified for a peer (i.e., do not add the new P2PS method in that
case).
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This gets rid of a valgrind warning on uninitialized memory read in the
eap_proto_sake_errors test case where the result was used after the
failed eap_sake_compute_mic() call.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This gets rid of a valgrind warning on uninitialized memory read in the
eap_proto_pax_errors test case where the result was used after the
failed eap_pax_mac() call.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This gets rid of a valgrind warning on uninitialized memory read in the
eap_proto_fast_errors test case where the result was used after the
failed sha1_t_prf() call.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This gets rid of a valgrind warning on uninitialized memory read in the
wpas_ctrl_error test case where the result was used after the failed
sha256_vector() call.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This gets rid of a valgrind warning on uninitialized memory read in the
hostapd_oom_wpa2_eap_connect test case where the result is used after
failed md5_vector() call.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This gets rid of a valgrind warning on uninitialized memory read in the
hostapd_oom_wpa2_eap_connect test case where memcmp is used after failed
hmac_md5() call.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
This gets rid of a valgrind warning on uninitialized memory read in the
hostapd_oom_wpa2_eap test case where memcmp is used after failed
md5_vector() call.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
Check for hmac_sha256() failures and exit from wps_derive_psk() without
printing out the derived keys if anything fails. This removes a valgrind
warning on uninitialized value when running the ap_wps_m3_oom test case.
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
