Commit Graph

5416 Commits

Author SHA1 Message Date
Jouni Malinen
3e624369cb tests: Mark some module test arrays static
These are not used outside the source code file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-23 18:11:35 +03:00
Jouni Malinen
fad6485c56 radiotap: Silence sparse warnings about byte order swapping
These little endian fields were not marked properly and the type case in
the get_unaligned_* helper macros were causing warnings from sparse.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-23 18:08:11 +03:00
Jouni Malinen
94c4d78ef1 FST: Make fst_action_names static
This is not used outside this file.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-23 17:48:48 +03:00
Jouni Malinen
82c734c28c FST: Fix byte order of couple of fields on big endian hosts
Couple of fsts_id and llt fields were not properly swapped from host
byte order to little endian byte order used in the frames. Fix this and
use the le32 type to make this more consistent and verifiable with
sparse.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-23 17:46:40 +03:00
Jouni Malinen
3787c91da0 OpenSSL: Pull in header files to check function prototypes
Since crypto_openssl.c is now implementing couple of functions
internally, pull in the relevant header files md5.h and aes_wrap.h to
make sure the function declaration are consistent.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-23 13:35:26 +03:00
Jouni Malinen
6013bbe04f TDLS: Declare tdls_testing as extern in a header file
This gets rid of a sparse warning with CONFIG_TDLS_TESTING builds.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-23 13:31:04 +03:00
Jouni Malinen
0e672b89e7 trace: Define externs in a header file
This gets rid of some unnecessary strace warnings from test builds.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-23 13:28:54 +03:00
Jouni Malinen
6527b52ead Undefine __bitwise before defining it for sparse
This gets rid of a compiler warning due to a bit different construction
in linux/types.h.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-23 13:23:46 +03:00
Jouni Malinen
468b7b12a6 Fix hostapd_sta_add() call to use NULL as the pointer instead of 0
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-23 13:14:17 +03:00
Cedric Izoard
04c18fa04b curl: Don't free memory for subjectAltName before calling callback
Freeing memory for subjectAltName in parse_cert(), will give cert_cb
pointers to freed memory zone that may already been overwritten. Memory
for subjectAltName is released in parse_cert_free().

Signed-off-by: Cedric Izoard <cedric.izoard@ceva-dsp.com>
2016-06-19 22:11:36 +03:00
Masashi Honma
d70a8ab1e3 mesh: Ignore crowded peer
The "Accepting Additional Mesh Peerings bit == 0" means the peer cannot
accept any more peers, so suppress attempt to open a connection to such
a peer.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-06-19 20:18:09 +03:00
Jouni Malinen
3b6deac0e7 mesh: Avoid use of hardcoded cipher
This moves pairwise, group, and management group ciphers to various mesh
data structures to avoid having to hardcode cipher in number of places
through the code. While CCMP and BIP are still the hardcoded ciphers,
these are now set only in one location.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-19 20:18:09 +03:00
Jouni Malinen
f868d5607d mesh: Clean up AMPE element encoding and parsing
The AMPE element includes number of optional and variable length fields
and those cannot really be represented by a fixed struct
ieee80211_ampe_ie. Remove the optional fields from the struct and
build/parse these fields separately.

This is also adding support for IGTKdata that was completely missing
from the previous implementation. In addition, Key RSC for MGTK is now
filled in and used when configuring the RX MGTK for a peer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-19 20:18:09 +03:00
Jouni Malinen
4367eec439 mesh: Do not use RX MGTK as RX IGTK
The previous implementation was incorrect in forcing the MGTK to be used
as the IGTK as well. Define new variable for storing IGTK and use that,
if set, to configure IGTK to the driver. This commit does not yet fix
AMPE element parsing to fill in this information.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-19 20:18:09 +03:00
Jouni Malinen
a4eec3c230 mesh: Use variable length MGTK for RX
This extends the data structures to allow variable length MGTK to be
stored for RX. This is needed as an initial step towards supporting
different cipher suites.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-19 20:18:09 +03:00
Jouni Malinen
b02f4d058c mesh: Add variable length MTK support
This is needed as a part in enabling support for different pairwise
ciphers in mesh.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-19 20:18:09 +03:00
Jouni Malinen
18aca1a07d mesh: Use ieee80211w profile parameter
This is initial step in fixing issues in how PMF configuration for RSN
mesh was handled. PMF is an optional capability for mesh and it needs to
be configured consistently in both hostapd structures (to get proper
RSNE) and key configuration (not included in this commit).

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-18 15:52:54 +03:00
Jouni Malinen
b8b499e4a4 mesh: Use WPA_NONCE_LEN macro
No need to use the magic value 32 here since there is a generic define
for the RSN-related nonce values.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-18 15:52:54 +03:00
Sunil Dutt
bb4e19e3f4 hostapd: Skip hostapd ACL check for drivers supporting ACL offload
Commit 0603bcb7fe ('hostapd: Process MAC
ACLs on a station association event (SME in driver)') processes MAC ACL
on a station association event for drivers which use AP SME offload but
does not consider the scenario where the drivers offload ACL. This can
result in station disconnection, though the driver accepts the
connection. Address this by avoiding the hostapd ACL check for the
drivers offloading MAC ACL.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-17 20:45:35 +03:00
Sunil Dutt
d1296da643 Reserve QCA vendor specific nl80211 command 121
This is reserved for QCA use.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-17 00:10:16 +03:00
Sunil Dutt
52a6c9c9e8 Add a QCA vendor command to configure AP parameters
This commit also introduces a new attribute MANDATORY_FREQUENCY_LIST
which aims for AP operation in a channel that ensures best concurrency
sessions.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-16 18:38:16 +03:00
Jouni Malinen
cc27c8e680 hostapd: Fix early init failure path
eloop deinit calls could trigger segmentation fault if the early error
path is hit before eloop_init() gets called.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-13 00:37:23 +03:00
Jouni Malinen
976dfb3237 FST: Make fst_global_deinit() more robust
Verify that fst_global_init() has been called before deinitializing the
global FST context. This makes it a bit easier to handle failure paths
from initialization.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-13 00:37:14 +03:00
Masashi Honma
7a69fad7ad mesh: Sync max peer links with kernel
Set max peer links to kernel even when wpa_supplicant MPM is used. This
sets the correct value for the "Accepting Additional Mesh Peerings bit"
in "Mesh Capability field" in "Mesh Configuration element" in the Beacon
frame.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-06-12 21:49:05 +03:00
David Woodhouse
c3d7fb7e27 OpenSSL: Initialise PKCS#11 engine even if found with ENGINE_by_id()
Recent versions of engine_pkcs11 are set up to be autoloaded on demand
with ENGINE_by_id() because they don't need explicit configuration.

But if we *do* want to explicitly configure them with a PKCS#11 module
path, we should still do so.

We can't tell whether it was already initialised, but it's harmless to
repeat the MODULE_PATH command if it was.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
Tested-by: Michael Schaller <misch@google.com>
2016-06-11 12:21:08 +03:00
Paul Stewart
fdc1188a85 nl80211: Fix use-after-free in qca_nl80211_get_features()
Any data accessible from nla_data() is freed before the
send_and_recv_msgs() function returns, therefore we need to allocate
space for info.flags ourselves.

Signed-off-by: Paul Stewart <pstew@google.com>
2016-06-11 12:12:23 +03:00
Jouni Malinen
8359472589 hostapd Make GAS Address3 field selection behavior configurable
gas_address3=1 can now be used to force hostapd to use the IEEE 802.11
standards compliant Address 3 field value (Wildcard BSSID when not
associated) even if the GAS request uses non-compliant address (AP
BSSID).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-10 22:13:37 +03:00
Jouni Malinen
6996ff7b6d hostapd: Fix Public Action frame TX status processing for wildcard BSSID
Previously all TX status events with wildcard BSSID were ignored. This
did not allow Public Action frame TX status to be processed with the
corrected wildcard BSSID use. Fix this to be allowed. In practice, this
affects only test cases since Action frame TX status was not used for
anything else.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-10 21:44:49 +03:00
Jouni Malinen
78a3632765 hostapd: Fix Public Action frame addressing (BSSID field)
IEEE Std 802.11-2012, 10.19 (Public Action frame addressing) specifies
that the wildcard BSSID value is used in Public Action frames that are
transmitted to a STA that is not a member of the same BSS. hostapd used
to use the actual BSSID value for all such frames regardless of whether
the destination STA is a member of the BSS.

Fix this by using the wildcard BSSID in cases the destination STA is not
a member of the BSS. Leave group addressed case as-is (i.e., the actual
BSSID), since both values are accepted. No such frames are currently
used, though.

This version is still using the AP BSSID value in the Address 3 field
for GAS response frames when replying to a GAS request with AP BSSID
instead of Wildcard BSSID. This is left as a workaround to avoid
interoperability issues with deployed STA implementations that are still
using the non-compliant address and that might be unable to process the
standard compliant case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-10 21:44:49 +03:00
Jouni Malinen
a5a187b0f4 nl80211: Add TEST_FAIL() to command generation and set_mode
This makes it easier to test error paths for failing driver command
cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-05 00:13:32 +03:00
Jouni Malinen
92a515b869 nl80211: Update drv->assoc_freq on mesh join
This is needed to provide the correct frequency in SIGNAL_POLL command.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-04 21:30:18 +03:00
Kanchanapally, Vidyullatha
cc9a2575ca nl80211: Use extended capabilities per interface type
This adds the necessary changes to support extraction and use of the
extended capabilities specified per interface type (a recent
cfg80211/nl80211 extension). If that information is available,
per-interface values will be used to override the global per-radio
value.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-31 21:35:54 +03:00
Jouni Malinen
c6edea0df6 Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2016-05-31.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-05-31 18:49:05 +03:00
Jouni Malinen
9a5160f5fb Report connection timeouts in CTRL-EVENT-ASSOC-REJECT
Add a new "timeout" argument to the event message if the nl80211 message
indicates that the connection failure is not due to an explicit AP
rejection message. This makes it easier for external programs to figure
out why the connection failed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-31 00:11:42 +03:00
Jouni Malinen
dad0129227 mesh: Support simple SAE group negotiation case
This allows the simplest case of SAE group negotiation to occur by
selecting the next available group if the peer STA indicates the
previous one was not supported. This is not yet sufficient to cover all
cases, e.g., when both STAs need to change their groups, but at least
some cases are no covered.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-30 21:14:08 +03:00
Jouni Malinen
9c10be3f71 mesh: Fix error path handling in init OOM cases
hostapd deinit functions were not ready to handle a case where the data
structures were not fully initialized. Make these more robust to allow
wpa_supplicant mesh implementation to use the current deinit design in
OOM error cases without causing NULL pointer dereferences.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-05-30 01:05:16 +03:00
David Benjamin
1cece2fafb OpenSSL: Comment out tls_connection_get_eap_fast_key without EAP-FAST
This avoids internal access of structs and also removes the dependency
on the reimplemented TLS PRF functions when EAP-FAST support is not
enabled. Notably, BoringSSL doesn't support EAP-FAST, so there is no
need to access its internals with openssl_get_keyblock_size().

Signed-Off-By: David Benjamin <davidben@google.com>
2016-05-23 21:22:33 +03:00
David Benjamin
7358170787 TLS: Split tls_connection_prf() into two functions
Most protocols extracting keys from TLS use RFC 5705 exporters which is
commonly implemented in TLS libraries. This is the mechanism used by
EAP-TLS. (EAP-TLS actually predates RFC 5705, but RFC 5705 was defined
to be compatible with it.)

EAP-FAST, however, uses a legacy mechanism. It reuses the TLS internal
key block derivation and derives key material after the key block. This
is uncommon and a misuse of TLS internals, so not all TLS libraries
support this. Instead, we reimplement the PRF for the OpenSSL backend
and don't support it at all in the GnuTLS one.

Since these two are very different operations, split
tls_connection_prf() in two. tls_connection_export_key() implements the
standard RFC 5705 mechanism that we expect most TLS libraries to
support. tls_connection_get_eap_fast_key() implements the
EAP-FAST-specific legacy mechanism which may not be implemented on all
backends but is only used by EAP-FAST.

Signed-Off-By: David Benjamin <davidben@google.com>
2016-05-23 20:40:12 +03:00
David Benjamin
f150db6c83 OpenSSL: Remove two more accesses of ssl_ctx->cert_store
Commit 68ae4773a4 ('OpenSSL: Use library
wrapper functions to access cert store') fixed most of these, but missed
a few.

Signed-Off-By: David Benjamin <davidben@google.com>
2016-05-23 19:08:40 +03:00
Jouni Malinen
9ce3e61091 nl80211: Add TEST_FAIL() to nl80211_set_mac_addr()
This makes it easier to test some error paths in wpa_supplicant.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-05-22 18:08:55 +03:00
Kanchanapally, Vidyullatha
4d916ed6c5 nl80211: Register for only for specific Action frames in AP mode
This makes changes such that hostapd (and wpa_supplicant AP mode)
registers to kernel for specific Action frames instead of generically
registering for all Action frames. This makes it easier for other
programs to register for some Action frames that hostapd does not handle
today without having to somehow coordinate directly with hostapd.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-21 00:07:42 +03:00
Purushottam Kushwaha
467fc149d3 P2PS: Correct config_methods for different P2P cases
Add P2PS config flag only when config_methods are set. This restores the
pre-P2PS behavioer for the cases where Display or Keypad config method
is specified for a peer (i.e., do not add the new P2PS method in that
case).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-19 19:16:10 +03:00
Jouni Malinen
9d136b00ac EAP-SAKE: Do not debug print result if eap_sake_compute_mic() fails
This gets rid of a valgrind warning on uninitialized memory read in the
eap_proto_sake_errors test case where the result was used after the
failed eap_sake_compute_mic() call.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-16 22:26:37 +03:00
Jouni Malinen
0884633577 EAP-PAX: Do not debug print result if eap_pax_mac() fails
This gets rid of a valgrind warning on uninitialized memory read in the
eap_proto_pax_errors test case where the result was used after the
failed eap_pax_mac() call.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-16 22:25:25 +03:00
Jouni Malinen
92abe3782f EAP-FAST: Check sha1_t_prf() result in eap_fast_get_cmk()
This gets rid of a valgrind warning on uninitialized memory read in the
eap_proto_fast_errors test case where the result was used after the
failed sha1_t_prf() call.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-16 22:24:01 +03:00
Jouni Malinen
636a23881b WPS: Check sha256_vector() result in wps_build_oob_dev_pw()
This gets rid of a valgrind warning on uninitialized memory read in the
wpas_ctrl_error test case where the result was used after the failed
sha256_vector() call.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-16 21:06:44 +03:00
Jouni Malinen
2c3d95c7e0 Check md5_vector() result in decrypt_ms_key()
This gets rid of a valgrind warning on uninitialized memory read in the
hostapd_oom_wpa2_eap_connect test case where the result is used after
failed md5_vector() call.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-16 20:08:53 +03:00
Jouni Malinen
38eee0f599 Check hmac_md5() result in radius_msg_verify_msg_auth()
This gets rid of a valgrind warning on uninitialized memory read in the
hostapd_oom_wpa2_eap_connect test case where memcmp is used after failed
hmac_md5() call.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-16 20:07:58 +03:00
Jouni Malinen
05dad946b3 Check md5_vector() result in radius_msg_verify()
This gets rid of a valgrind warning on uninitialized memory read in the
hostapd_oom_wpa2_eap test case where memcmp is used after failed
md5_vector() call.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-16 20:07:53 +03:00
Jouni Malinen
aae125e2cf WPS: Fix debug prints in wps_derive_psk() error case
Check for hmac_sha256() failures and exit from wps_derive_psk() without
printing out the derived keys if anything fails. This removes a valgrind
warning on uninitialized value when running the ap_wps_m3_oom test case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-16 19:35:03 +03:00
SiWon Kang
7a1887faec wpa_cli: Add backspace key process for some terminal
In some terminal, verified with gtkterm and teraterm, backspace key is
not properly processed. For instance, type 'abc', 3 times of backspace
key press then '123' shows the result of 'abc123' instead of '123'. To
fix this, add a routine to process '\b' character input when using
edit_simple.c instead of edit.c (i.e., without CONFIG_WPA_CLI_EDIT=y).

Signed-off-by: Siwon Kang <kkangshawn@gmail.com>
2016-05-13 18:48:45 +03:00
Johannes Berg
d58b60da87 drivers: Add NEED_RADIOTAP
If there's ever a driver that, like nl80211, requires radiotap,
we need to have a NEED_RADIOTAP variable to avoid trying to link
the radiotap helpers twice. Introduce that.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
2016-05-13 18:29:01 +03:00
Jouni Malinen
6a9681e90c OpenSSL: Make dh5_init() match the generic implementation
Commit 4104267e81 ('Fix memory leak on NFC
DH generation error path') modified the generic (non-OpenSSL)
implementation of dh5_init() to free the previously assigned public key,
if any. However, that commit did not modify the OpenSSL specific version
of this function. Add the same change there to maintain consistent
behavior between these two implementations of the same function.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-13 18:25:57 +03:00
Rujun Wang
46bac6520d WPS: Fix segmentation fault in new DH key derivation
Commit 4104267e81 ('Fix memory leak on NFC
DH generation error path') modified dh5_init() behavior in the
non-OpenSSL implementation to free the public key (if any was previously
set). However, this did not update one of the callers to make sure the
publ argument in the call is initialized. This could result in trying to
free invalid pointer and segmentation fault when hostapd or
wpa_supplicant was built against some other crypto library than OpenSSL.

Signed-off-by: Rujun Wang <chinawrj@gmail.com>
2016-05-13 18:25:47 +03:00
David Benjamin
e4471338c6 OpenSSL: BoringSSL has SSL_get_client_random(), etc.
BoringSSL added OpenSSL 1.1.0's SSL_get_client_random() and friends in
working towards opaquifying the SSL struct. But it, for the moment,
still looks more like 1.0.2 than 1.1.0 and advertises
OPENSSL_VERSION_NUMBER as such. This means that there is no need to
define those in BoringSSL and defining them causes conflicts. (C does
not like having static and non-static functions with the same name.)

As requested, this is conditioned on defined(BORINGSSL_API_VERSION) so
wpa_supplicant may continue to support older BoringSSLs for a time.
(BoringSSL revisions without the accessors predate BoringSSL maintaining
a BORINGSSL_API_VERSION.)

Also add a missing opensslv.h include. tls_openssl.c is sensitive to
OPENSSL_VERSION_NUMBER, so it should include the header directly rather
than rely on another header to do so.

Signed-off-by: David Benjamin <davidben@google.com>
2016-05-10 19:36:46 +03:00
Paul Stewart
0fe5a23424 Remove newlines from wpa_supplicant config network output
Spurious newlines output while writing the config file can corrupt the
wpa_supplicant configuration. Avoid writing these for the network block
parameters. This is a generic filter that cover cases that may not have
been explicitly addressed with a more specific commit to avoid control
characters in the psk parameter.

Signed-off-by: Paul Stewart <pstew@google.com>
2016-05-02 11:08:25 +03:00
Jouni Malinen
ecbb0b3dc1 WPS: Reject a Credential with invalid passphrase
WPA/WPA2-Personal passphrase is not allowed to include control
characters. Reject a Credential received from a WPS Registrar both as
STA (Credential) and AP (AP Settings) if the credential is for WPAPSK or
WPA2PSK authentication type and includes an invalid passphrase.

This fixes an issue where hostapd or wpa_supplicant could have updated
the configuration file PSK/passphrase parameter with arbitrary data from
an external device (Registrar) that may not be fully trusted. Should
such data include a newline character, the resulting configuration file
could become invalid and fail to be parsed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-02 11:08:25 +03:00
Rafał Miłecki
f4830bed66 nl80211: Try running without mgmt frame subscription (driver AP SME)
One of supported code paths already allows this scenario. It is used if
driver doesn't report NL80211_ATTR_DEVICE_AP_SME and doesn't support
monitor interface. In such situation:
1) We don't quit if subscribing for WLAN_FC_STYPE_PROBE_REQ fails
2) We don't try subscribing for WLAN_FC_STYPE_ACTION
3) We fallback to AP SME mode after failing to create monitor interface
4) We don't quit if subscribing for WLAN_FC_STYPE_PROBE_REQ fails
Above scenario is used, e.g., with brcmfmac. As you can see - thanks to
events provided by cfg80211 - it's not really required to receive Probe
Request or action frames.

However, the previous implementation did not allow using hostapd with
drivers that:
1) Report NL80211_ATTR_DEVICE_AP_SME
2) Don't support subscribing for PROBE_REQ and/or ACTION frames
In case of using such a driver hostapd will cancel setup after failing
to subscribe for WLAN_FC_STYPE_ACTION. I noticed it after setting flag
WIPHY_FLAG_HAVE_AP_SME in brcmfmac driver for my experiments.

This patch allows working with such drivers with just a small warning
printed as debug message.

Signed-off-by: Rafał Miłecki <zajec5@gmail.com>
2016-04-28 20:47:12 +03:00
Jouni Malinen
60d9f67c68 WPS: Explicitly clear wpabuf memory with key information
This reduces duration that private keying material might remain in the
process memory by clearing wpabuf data used in WPS operations when there
is possibility of the buffer including keys or related material.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-04-28 20:32:15 +03:00
Bala Krishna Bhamidipati
a911227061 Add assocresp_elements parameter for hostapd
This new parameter allows hostapd to add Vendor Specific elements into
(Re)Association Response frames similarly to the way vendor_elements
parameter can be used for Beacon and Probe Response frames.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-04-20 13:12:50 +03:00
Jouni Malinen
49fe2ada20 OpenSSL: Support OpenSSL 1.1.0 DH opacity
The OpenSSL 1.1.0 Beta 2 release made DH opaque and that broke
compilation of crypto_openssl.c. Fix this by using the new accessor
functions when building against OpenSSL 1.1.0 or newer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-04-20 01:20:00 +03:00
Günther Kelleter
b92d2a57ef FT: Fix RRB for FT over-the-air case
Commit 66d464067d ('FT: Register RRB
l2_packet only if FT-over-DS is enabled') disabled RRB l2_packet socket
if ft_over_ds is disabled, but this socket is required for FT
over-the-air, too (FT key distribution). Enable the socket regardless of
ft_over_ds setting if FT is enabled.

Signed-off-by: Günther Kelleter <guenther.kelleter@devolo.de>
2016-04-19 00:57:17 +03:00
Sunil Dutt
ac7aea862f Assign QCA vendor command/attributes for set/get wifi configuration
This adds QCA_NL80211_VENDOR_SUBCMD_SET_WIFI_CONFIGURATION and
QCA_NL80211_VENDOR_SUBCMD_GET_WIFI_CONFIGURATION and the attributes used
with these commands.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-04-19 00:49:33 +03:00
Purushottam Kushwaha
57b38882e5 P2P: Add P2P_GROUP_MEMBER command to fetch client interface address
This allows local GO to fetch the P2P Interface Address of a P2P Client
in the group based on the P2P Device Address for the client. This
command should be sent only on a group interface (the same peer may be
in multiple concurrent groups).

Usage:
P2P_GROUP_MEMBER <P2P Device Address>

Output:
<P2P Interface Address>

Signed-off-by: Purushottam Kushwaha <pkushwah@qti.qualcomm.com>
2016-04-19 00:41:16 +03:00
Lior David
0ee8925098 P2P: Trigger event when invitation is accepted
Trigger an event when wpa_supplicant accepts an invitation to re-invoke
a persistent group. Previously wpa_supplicant entered group formation
without triggering any specific events and it could confuse clients,
especially when operating with a driver that does not support
concurrency between P2P and infrastructure connection.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-04-18 16:57:05 +03:00
Jouni Malinen
bd86ea0808 nl80211: Get rid of unused assignment warning
The os_snprintf() call here cannot really fail in practice, but since
its result was stored into the local variable and not checked, static
analyzers could warn about the unused assignment. Clean this up by
checking the return value.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-04-17 18:43:30 +03:00
Roy Marples
18ae3a675c bsd: Set level correctly for non FreeBSD systems
Only FreeBSD treats rssi as dBm, other BSD have no special meaning to
rssi.

Signed-off-by: Roy Marples <roy@marples.name>
2016-04-17 18:34:22 +03:00
Beni Lev
b5d172e578 nl80211: Add support for global RRM flag
Set the global RRM flag if global RRM is supported by the device. Also,
allow RRM in (Re)Association Request frame if the global RRM flag is
set.

Signed-off-by: Beni Lev <beni.lev@intel.com>
2016-04-17 12:41:44 +03:00
Beni Lev
a7f0bb7000 driver: Add global RRM support flag
This flag indicates that RRM can be used in (Re)Association Request
frames, without supporting quiet period.

Signed-off-by: Beni Lev <beni.lev@intel.com>
2016-04-17 12:37:08 +03:00
David Spinadel
864b95225c nl80211: Register to receive Radio Measurement Request frames
Register to receive Radio Measurement Request frames since LCI request
is supported by wpa_supplicant.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-17 12:32:14 +03:00
David Spinadel
220754c553 hostapd: Add FTM range request
Add FTM range request via RRM. The AP sends Radio measurement request
with FTM range request as a request for the receiving STA to send FTM
requests to the given list of APs. The neighbor report part of the
request is taken from the neighbor database.

The control interface command is:

REQ_RANGE <dst addr> <rand_int> <min_ap> <responder> [<responder>..]

dst addr: MAC address of an associated STA
rand_int: Randomization Interval (0..65535) in TUs
min_ap: Minimum AP Count (1..15); minimum number of requested FTM ranges
	between the associated STA and the listed APs
responder: List of BSSIDs for neighboring APs for which a measurement
	is requested

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-17 12:29:12 +03:00
David Spinadel
f4f185a224 hostapd: Add LCI request
Add a hostapd control interface command REQ_LCI to request LCI from an
associated station using radio measurement.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-17 12:29:12 +03:00
David Spinadel
629e1804da hostapd: Save RM enabled capability of station
Save RM enabled capability element of an associating station if radio
measurement is supported in its capability field.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-17 12:29:12 +03:00
David Spinadel
2572df34b2 hostapd: Handle Neighbor Report Request frame
Process Neighbor Report Request frame and send Neighbor Report Response
frame based on the configured neighbor report data.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-17 12:29:07 +03:00
David Spinadel
061269b316 hostapd: Add own neighbor report data to neighbor database
Add own neighbor report data to neighbor database based on local LCI and
location civic data.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-16 21:05:40 +03:00
David Spinadel
9b4b226426 hostapd: Add a database of neighboring APs
Add a configurable neighbor database that includes the content of
Nighbor Report element, LCI and Location Civic subelements and SSID.

All parameters for a neighbor must be updated at once; Neighbor Report
element and SSID are mandatory, LCI and civic are optional. The age of
LCI is set to the time of neighbor update.

The control interface API is:
SET_NEIGHBOR <BSSID> <ssid=SSID> <nr=data> [lci=<data>] [civic=<data>]

To delete a neighbor use:
REMOVE_NEIGHBOR <BSSID> <SSID>

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-16 21:05:40 +03:00
David Spinadel
010182120d hostapd: Extend the configuration of RRM capabilities
Extend the radio_measurements parameter to save all the supported
RRM capabilities as it's used in RM enabled capabilities element.

Make this parameter not directly configurable via config file (though,
keep the radio_measurements parameter for some time for backwards
compatibility). Instead, add a configuration option to enable neighbor
report via radio measurements. Other features can be added later as
well.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-16 21:05:39 +03:00
David Spinadel
624b8a061f utils: Add ssid_parse() function
Add a function that parses SSID in text or hex format. In case of the
text format, the SSID is enclosed in double quotes. In case of the hex
format, the SSID must include only hex digits and not be enclosed in
double quotes. The input string may include other arguments after the
SSID.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-16 21:05:37 +03:00
David Spinadel
e4fbc8d423 Add measurement and neighbor report definitions
Add measurement report definitions from Table 9-81 in IEEE
P802.11-REVmc/D5.0 "Measurement type definition for measurement
requests".

Add measurement report definitions from IEEE Std 802.11-2012 Table 8-71
"Location subject definition".

Add neighbor report bandwidth subelement definition from IEEE
P802.11-REVmc/D5.0 MC Table 9-150 - "Optional subelement IDs
neighbor report"

Add neighbor report channel width definition from IEEE
P802.11-REVmc/D5.0, Table 9-152 - "HT/VHT Operation Information
subfields".

Add definitions for neighbor report BSSID info from IEEE
P802.11-REVmc/D5.0, 9.4.2.37 Neighbor Report element.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-09 11:45:42 +03:00
David Spinadel
9d955f751e utils: Rename hostapd_parse_bin to wpabuf_parse_bin and move it
Make the function available as part of the wpabuf API.
Use this renamed function where possible.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-09 11:23:36 +03:00
David Spinadel
74e982d8d7 hostapd: Set LCI and Location Civic information in configuration
Enable configuration of LCI and location civic information in
hostapd.conf.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-09 11:18:55 +03:00
Jouni Malinen
1854eeca19 Add POLL_STA command to check connectivity in AP mode
The hostapd "POLL_STA <addr>" control interface command can be used to
check whether an associated station ACKs a QoS Data frame. The received
ACK for such a frame is reported as an event message ("AP-STA-POLL-OK
<addr>").

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-04-09 00:30:49 +03:00
Jouni Malinen
3dbfb28cfe Allow AP to disconnect STA without sending Deauth/Disassoc frame
The optional tx=0 parameter can be added to the hostapd
DEAUTHENTICATE/DISASSOCIATE command to request disconnection without
transmitting the Deauthentication/Disassociation frame to the STA.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-04-09 00:30:49 +03:00
Jouni Malinen
de92314033 Add inactive_msec into STA output
This allows external programs to fetch the driver inactivity value for a
specific STA ("STA <addr>" hostapd control interface command).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-04-09 00:30:49 +03:00
Jouni Malinen
61c101186a Extend VENDOR_ELEM parameters to cover non-P2P Probe Request frame
The new VENDOR_ELEM value 14 can now be used to add a vendor element
into Probe Request frames used by non-P2P active scans.

For example:
VENDOR_ELEM_ADD 14 dd05001122330a
and to clear that:
VENDOR_ELEM_REMOVE 14 *

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-04-09 00:30:49 +03:00
Ilan Peer
6922d440de nl80211: Implement configure_data_frame_filters() callback
Implement configure_data_frame_filters() callback by using
the net-sysfs interfaces (if these are available).

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2016-04-08 15:21:18 +03:00
Matti Gottlieb
e42adb9a75 driver: Add a packet filtering function declaration
Add a new function declaration that will allow wpa_supplicant to request
the driver to configure data frame filters for specific cases.

Add definitions that will allow frame filtering for stations as
required by Hotspot 2.0:

1. Gratuitous ARP
2. Unsolicited NA
3. Unicast IP packets encrypted with GTK

Signed-off-by: Matti Gottlieb <matti.gottlieb@intel.com>
2016-04-08 13:13:55 +03:00
Ayala Beker
ae33239c55 AP: Pass station P2P PS capabilities info during station add/set
If a legacy client with no P2P PS support is trying to connect to
a P2P GO, the driver should know that, and change its PS behavior
accordingly.

Add a parameter to hostapd_sta_add_params() indicating if P2P PS is
supported by the station and pass this parameter to kernel with nl80211
driver when the station is added/set.

Signed-off-by: Ayala Beker <ayala.beker@intel.com>
2016-04-08 13:02:49 +03:00
Jouni Malinen
7405bb06ca Sync with mac80211-next.git include/uapi/linux/nl80211.h
This brings in nl80211 definitions as of 2016-04-06.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-04-08 13:02:49 +03:00
Ayala Beker
e52a698907 RADIUS: Fix a possible memory leak on an error path
Fix a possible memory leak in radius_msg_add_mppe_keys() if
os_get_random() fails.

Signed-off-by: Ayala Beker <ayala.beker@intel.com>
2016-04-08 11:40:20 +03:00
Ayala Beker
f1863f2b82 RADIUS: Fix possible memory leak when parsing per-STA passphrase
Fix a possible memory leak in decode_tunnel_passwords() if an invalid
passphrase is received from the RADIUS server.

Signed-off-by: Ayala Beker <ayala.beker@intel.com>
2016-04-08 11:19:40 +03:00
Jouni Malinen
3433721c5f P2P: Continue p2p_find after sending non-success Invitation Response
This was previously handled for the case where the non-success
Invitation Response frame was sent out during the Listen phase. However,
in the case the Action frame TX ended up getting scheduled when the
Search phase scan had already started (e.g., due to the driver reporting
Invitation Request RX late enough for the Listen-to-Search transition
having already started), the postponed Action frame TX status processing
did not cover the specific case of non-success Invitation Response. This
could result in the p2p_find operation getting stopped (stuck in SEARCH
state) unexpectedly.

Fix this by calling p2p_check_after_scan_tx_continuation() from
Invitation Response TX callback handler if the invitation was rejected.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-04-07 21:05:28 +03:00
Manikandan Mohan
85c0f01dd8 Add QCA nl80211 vendor commands for TSF and WISA Feature
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-04-05 19:31:09 +03:00
Jouni Malinen
00e2eb3b7c RSN: Set EAPOL-Key Request Secure bit to 1 if PTK is set
The Secure bit in the Key Information field of EAPOL-Key frames is
supposed to be set to 1 when there is a security association. This was
done for other frames, but not for the EAPOL-Key Request frame where
supplicant is requesting a new PTK to be derived (either due to Michael
MIC failure report Error=1 or for other reasons with Error=0). In
practice, EAPOL-Key Request frame is only sent when there is a PTK in
place, so all such frames should have Secure=1.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-04-05 18:36:28 +03:00
Jouni Malinen
5914ebf584 Remove struct ieee80211_mgmt::u.probe_req
This struct in the union is empty, but the design of using a zero-length
u8 array here is not fully compatible with C++ and can result in
undesired compiler warnings. This struct is not used anymore, so it can
be removed from the struct ieee80211_mgmt definition to complete the
changes started in commit d447cd596f
('Updates for stricter automatic memcpy bounds checking').

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-04-02 16:55:02 +03:00
Jouni Malinen
094e949265 atheros: Do not use struct ieee80211_mgmt::u.probe_req
This struct in the union is empty, but the design of using a zero-length
u8 array here is not fully compatible with C++ and can result in
undesired compiler warnings. Since there are no non-IE fields in the
Probe Request frames, get the location of the variable length IEs simply
by using the pointer to the frame header and the known header length.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-04-02 16:55:02 +03:00
Jouni Malinen
e1b99620c9 AP: Do not use struct ieee80211_mgmt::u.probe_req
This struct in the union is empty, but the design of using a zero-length
u8 array here is not fully compatible with C++ and can result in
undesired compiler warnings. Since there are no non-IE fields in the
Probe Request frames, get the location of the variable length IEs simply
by using the pointer to the frame header and the known header length.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-04-02 16:55:01 +03:00
Sunil Dutt
f933216141 Revert "Assign QCA vendor command and attribute for Tx/Rx aggregation"
This reverts commit 4ca16b5fd7.
Configuration for this will be done using a previously assigned more
generic command. This new command
QCA_NL80211_VENDOR_SUBCMD_SET_TXRX_AGGREGATION has not been used in any
driver version and won't be used, so the assigned command id can be
freed for future use.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-31 16:27:24 +03:00
Jouni Malinen
f73b167c69 tests: Add TEST_FAIL() calls into OpenSSL bignum operations
This makes it easier to test error paths in bignum operations in SAE.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-28 01:10:31 +03:00
Jouni Malinen
bde9a4e3de Comment out UDP/UNIX socket code from common ctrl_iface based on build
These were unreachable cases in the switch statements based on how the
build was configured.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-28 00:17:45 +03:00
Jouni Malinen
0741c481ee SAE: Check SHA256-PRF operation result
While this is mostly theoretical, check explicitly that SHA256
operations in sha256_prf*() succeed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-27 21:44:49 +03:00
Jouni Malinen
ea86a34667 SAE: Remove dead code in FFC pwd-value derivation
The local bits variable is set to prime_len * 8 and consequently bits %
8 cannot be anything else than 0.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-27 21:28:45 +03:00
Jouni Malinen
87faf1f22c nl80211: Fix libnl-tiny build with CONFIG_LIBNL20=y
libnl-tiny does not use the separate nl-genl library.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-26 12:02:34 +02:00
Jouni Malinen
6d07e76020 wlantest: Use local ETH_P_IP define instead of linux/if_ether.h
There is no strong need for pulling in linux/if_ether.h here since all
that is needed if ETH_P_IP and we already cover multiple other ETH_P_*
values in utils/common.h.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-26 11:35:30 +02:00
Jouni Malinen
795abc8e0a Drop USE_KERNEL_HEADERS define
This was only used for providing an option to use linux/if_packet.h
instgead of netpacket/packet.h in src/ap/iapp.c. However,
netpacket/packet.h is nowadays commonly available and hostapd already
depends on it through src/l2_packet/l2_packet_linux.c, so there is no
need to continue to provide this option for the kernel header.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-26 11:29:53 +02:00
Jouni Malinen
9b7cd5788a Use a separate header file for Linux bridge interface definitions
This moves the BRCTL_* defines from vlan_full.c to linux_bridge.h to
clean up header inclusion.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-26 11:27:18 +02:00
Jouni Malinen
c815fab83a Use own header file for defining Linux VLAN kernel interface
This gets rid of need to include linux/if_vlan.h and additional defines
in vlan_ioctl.c to avoid issues with missing definitions in libc
headers.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-26 11:24:38 +02:00
Jörg Krause
81606ab73b vlan: Fix musl libc conflict with Linux kernel headers
Due to both <netinet/in.h> (in "utils/includes.h") and <linux/in6.h> (in
<linux/if_bridge.h>) being included, the in6_addr is being redefined:
once from the C library headers and once from the Linux kernel headers.
This causes some build failures with for example the musl C library:

In file included from /usr/include/linux/if_bridge.h:18,
                 from ../src/ap/vlan_init.c:17:
/usr/include/linux/in6.h:32: error: redefinition of 'struct in6_addr'
/usr/include/linux/in6.h:49: error: redefinition of 'struct sockaddr_in6'
/usr/include/linux/in6.h:59: error: redefinition of 'struct ipv6_mreq'

Mixing C library and Linux kernel headers is a bit problematic [1] and
should be avoided if possible [2]. In order to fix this, define just the
macros needed from <linux/if_bridge.h> as done in Busybox for the brctl
applet [3].

[1] https://sourceware.org/bugzilla/show_bug.cgi?id=15850
[2] http://www.openwall.com/lists/musl/2015/10/06/1
[3] https://git.busybox.net/busybox/commit/?id=5fa6d1a632505789409a2ba6cf8e112529f9db18

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
2016-03-26 11:02:16 +02:00
Jouni Malinen
e86859929f vlan: Move if_nametoindex() use out of vlan_init.c
With this, vlan_init.c does not need any special header files anymore
and vlan_ifconfig.c does not need hostapd-specific header files that
might conflict with net/if.h on NetBSD.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-25 18:00:44 +02:00
Jouni Malinen
7c03c08229 vlan: Move ifconfig helpers to a separate file
This removes final ioctl() use within vlan_init.c.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-25 17:56:07 +02:00
Jouni Malinen
59d6390440 vlan: Move CONFIG_FULL_DYNAMIC_VLAN functionality into a separate file
This cleans up vlan_init.c by removing number of C pre-processor
dependencies.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-25 17:55:40 +02:00
Jouni Malinen
0fe28ddf17 vlan: Remove unnecessary header includes from netlink implementation
The implementation in vlan_util.c does not use many of the header files
that were pulled in.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-25 17:27:16 +02:00
Jouni Malinen
84d6755108 vlan: Clean up netlink vs. ioctl API implementation
Move the ioctl-based VLAN implementation to a separate file to avoid
need for conditional blocks within vlan_ioctl.c. This removes the
internal CONFIG_VLAN_NETLINK define, i.e., this is now used only in
build configuration (.config) to select whether to include the
vlan_util.c (netlink) or vlan_ioctl.c (ioctl) implementation of the
functions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-25 17:24:20 +02:00
Jörg Krause
cb38bc886e vlan: Fix musl build error
caddr_t is legacy BSD and should be avoided [1]. While glibc may still
use __caddr_t as the type, Linux kernel does not (it is "void __user *
ifru_data").

This fixes compile errors with the musl libc:

../src/ap/vlan_init.c: In function 'br_delif':
../src/ap/vlan_init.c:218:18: error: '__caddr_t' undeclared (first use in this function)
  ifr.ifr_data = (__caddr_t) args;

[1] http://stackoverflow.com/questions/6381526/what-is-the-significance-of-caddr-t-and-when-is-it-used

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
2016-03-25 16:57:05 +02:00
Jouni Malinen
1126c0787d nl80211: Ignore deauth/disassoc event during Connect reassociation
cfg80211 reports a deauth/disassoc event when internally clearing
connection with the previous BSS. Ignore that event to allow the new
connect command to complete.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-24 22:35:10 +02:00
Jouni Malinen
00c3c4ac9b nl80211: Add NL80211_ATTR_PREV_BSSID with Connect command
This makes it easier for drivers that use the Connect command instead of
separate Auth+Assoc commands to determine when to use reassociation
instead of association. Matching changes are still needed in cfg80211 to
allow this parameter to be used, but it is safe for wpa_supplicant to
start including this attribute now since it will be ignored by older
cfg80211 versions.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-24 22:35:10 +02:00
Jouni Malinen
8854f90bad mesh: Simplify wpa_auth_pmksa_set_to_sm()
pmksa->pmk or pmksa->pmkid cannot be NULL since they are arrays. Remove
the unnecessary NULL checks and use the provided pmksa pointer directly
to simplify the implementation. (CID 138519)

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-22 20:38:44 +02:00
Jouni Malinen
32d4fe9549 privsep: Fix a compiler warning on unsigned/signed comparison
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-22 17:41:37 +02:00
Roy Marples
45e3fc72c6 Find correct driver for interface additions/removals
Interface additions/removals are not guaranteed to be for the driver
listening to the kernel events. As such, send the events to
wpa_supplicant_event_global() which can then pick the correct interface
registered with wpa_supplicant to send the event to.

Signed-off-by: Roy Marples <roy@marples.name>
2016-03-22 17:41:37 +02:00
Jouni Malinen
90377029c6 wpa_supplicant: Fix CONFIG_IBSS_RSN=y build without CONFIG_AP=y
Commit 1889af2e0f ('VLAN: Separate station
grouping and uplink configuration') added an ap_sta_set_vlan() function
that gets called from pmksa_cache_auth.c. This broke CONFIG_IBSS_RSN=y
build if src/ap/sta_info.c did not get included in the build, i.e., if
CONFIG_AP=y was not set.

Fix this by making the ap_sta_set_vlan() call conditional on
CONFIG_NO_VLAN being undefined and define this for CONFIG_IBSS_RSN=y
builds. This is fine for wpa_supplicant since CONFIG_AP=y case was
already defining this. For hostapd, this function call is not needed for
CONFIG_NO_VLAN case either.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-21 21:12:20 +02:00
Masashi Honma
9f2cf23e2e mesh: Add support for PMKSA caching
This patch add functionality of mesh SAE PMKSA caching. If the local STA
already has peer's PMKSA entry in the cache, skip SAE authentication and
start AMPE with the cached value.

If the peer does not support PMKSA caching or does not have the local
STA's PMKSA entry in the cache, AMPE will fail and the PMKSA cache entry
of the peer will be removed. Then STA retries with ordinary SAE
authentication.

If the peer does not support PMKSA caching and the local STA uses
no_auto_peer=1, the local STA can not retry SAE authentication because
NEW_PEER_CANDIDATE event cannot start SAE authentication when
no_auto_peer=1. So this patch extends MESH_PEER_ADD command to use
duration(sec). Throughout the duration, the local STA can start SAE
authentication triggered by NEW_PEER_CANDIDATE even though
no_auto_peer=1.

This commit requires commit 70c93963ed
('SAE: Fix PMKID calculation for PMKSA cache'). Without that commit,
chosen PMK comparison will fail.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-03-20 17:56:38 +02:00
Masashi Honma
4c522c7798 PMKSA: Flush AP/mesh PMKSA cache by PMKSA_FLUSH command
This extends the wpa_supplicant PMKSA_FLUSH control interface command to
allow the PMKSA list from the authenticator side to be flushed for AP
and mesh mode. In addition, this adds a hostapd PMKSA_FLUSH control
interface command to flush the PMKSA entries.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-03-20 17:37:53 +02:00
Masashi Honma
b8daac18a4 PMKSA: Show AP/mesh PMKSA list in PMKSA command
This extends the wpa_supplicant PMKSA control interface command to allow
the PMKSA list from the authenticator side to be listed for AP and mesh
mode. In addition, this adds a hostapd PMKSA control interface command
to show the same list for the AP case.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-03-20 17:37:53 +02:00
Jouni Malinen
f7648c8679 P2P: Advertise IP Address Allocation only if it is enabled on GO
This group capability bit was previously added unconditionally which
could result in the P2P Client assuming the functionality is available
even though the GO would always reject the request (not reply to it with
an assigned IP address) during the 4-way handshake.

Fix this by advertising the capability only if the GO configuration
allow IP address assignment to be completed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-20 17:37:53 +02:00
Roy Marples
7f46ad9ee5 BSD: Only down the interface once we are sure we can work with it
Signed-off-by: Roy Marples <roy@marples.name>
2016-03-20 11:24:30 +02:00
Jouni Malinen
29eddc3d8c nl80211: Fix error path in if_indices_reason reallocation
Commit 732b1d20ec ('nl80211: Clean up
ifidx properly if interface in a bridge is removed') added
drv->if_indices_reason array similarly to the previously used
drv->if_indices. However, it had a copy-paste error here on the error
path where a reallocation failure after at least one successful
reallocation would result in the drv->if_indices being overridden
instead of restoring drv->if_indices_reason to the old value. Fix this
by setting the correct variable on the error path. (CID 138514)

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-18 16:25:35 +02:00
Jouni Malinen
ee298f1b1f nl80211: Do not add NL80211_ATTR_SMPS_MODE attribute if HT is disabled
SMPS mode is applicable only for HT and including an attribute to
configure it when HT is disabled could result in the AP start operation
failing. Fix this by adding the attribute only in cases where HT is
enabled.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-18 16:16:40 +02:00
Sunil Dutt
4ca16b5fd7 Assign QCA vendor command and attribute for Tx/Rx aggregation
Assign nl80211 vendor command
QCA_NL80211_VENDOR_SUBCMD_SET_TXRX_AGGREGATION and corresponding
attributes.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-17 20:53:25 +02:00
Jouni Malinen
64ce5905f8 libxml2: Check for xmlDocDumpFormatMemory() error case
Since this function needs to allocate memory, it might fail. Check that
the returned memory pointer is not NULL before trying to parse the
output.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-16 21:49:28 +02:00
Jouni Malinen
8b827c342f BoringSSL: Keep static analyzers happier with X509_get0_pubkey_bitstr()
While this function could return NULL if the parameter issued to it were
NULL, that does not really happen here. Anyway, since this can result in
a warning from a static analyzer that does can see the return NULL
without fully understanding what it means here, check the return value
explicitly against NULL to avoid false warnings.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-16 21:34:01 +02:00
Dedy Lansky
f2d6c17aa0 nl80211: Support network hierarchy of a master interface under bridge
Since commit cb05808c46 ('nl80211: Generic
Linux master interface support for hostapd'), hostapd is listening for
EAPOL frames on any master which the interface is enslaved under.

This commit allows hostapd to support network hierarchy in which the
interface is enslaved under some master which in turn is enslaved under
a bridge.

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
2016-03-09 21:03:41 +02:00
Jouni Malinen
f85399f396 Reserve QCA vendor specific nl80211 commands 116..118
These are reserved for QCA use.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-08 23:08:45 +02:00
Zefir Kurtisi
3bd58861ae hostapd: Handle running out of DFS channels
In scenarios where only DFS channels are available (e.g., outdoor,
special country codes), hostapd must be able to handle situations
where all are unavailable.

The two possibilities to get there are
1) while operating on the last available DFS channel a radar is
   detected
2) hostapd is started while all channels are unavailable

In both cases, hostapd instead of terminating should better
wait for the NOPs to pass and re-try operation after the CAC.

This patch provides that feature by using the condition
(iface->state == HAPD_IFACE_DFS && !iface->cac_started)
as NOP mode signature to retry operation from within
hostapd_dfs_nop_finished().

Signed-off-by: Zefir Kurtisi <zefir.kurtisi@neratec.com>
2016-03-08 12:16:37 +02:00
Dedy Lansky
cc1af6faed FST: Fix session setup failure with peer without MB IE
Upon receiving FST setup request on old band, the peer is searched on
new band. The assumption is that MB IE from this peer on new band
previously received either in assoc event or in FST setup request.

There are cases in which above assumption doesn't work, peer is not
found and session setup fails. For example:
- STA connects over 11ac. Due to driver limitation, MB IE is not included
in assoc event
- STA connects over 11ad. MB IE included in assoc event.
- FST session established on 11ac band, with AP as initiator. i.e. FST
setup request sent in AP=>STA direction. STA searches for peer's (AP)
MB IE on 11ad band which exists.
- FST switch occur
- FST session established on 11ad band, with STA as initiator. i.e. FST
setup request sent in STA=>AP direction. AP searches for peer's (STA)
MB IE on 11ac band which are absent.

For fixing the above, consider also peers without MB IE as candidates in
the search algorithm.

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
2016-03-07 18:04:47 +02:00
Lior David
e4a1469cec P2P: Adjust service discovery maximum fragment size for 60 GHz
In the 60 GHz band, service discovery management frames are sent over
the control PHY and have a smaller maximum frame size (IEEE Std
802.11ad-2012, 21.4.3.2). Fix the code to use sufficiently small
fragment size when operating in the 60 GHz band.

The 60 GHz fragment size (928) is derived from the maximum frame size
for control PHY (1023) and subtracting 48 bytes of header size, and some
spare so we do not reach frames with the absolute maximum size.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-03-07 13:47:01 +02:00
Eliad Peller
6448e06415 hostapd: Allow use of driver-generated interface addresses
Add a new 'use_driver_iface_addr' configuration parameter to allow use
of the default interface address generated by the driver on interface
creation. This can be useful when specific MAC addresses were allocated
to the device and we want to use them for multi-BSS operation.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2016-03-06 20:00:40 +02:00
Eliad Peller
f2accfe708 AP: Save EAPOL received before Association Response ACK
There is a race condition in which AP might receive the EAPOL-Start
frame (from the just-associated station) before the TX completion of the
Association Response frame. This in turn will cause the EAPOL-Start
frame to get dropped, and potentially failing the connection.

Solve this by saving EAPOL frames from authenticated-but-not-associated
stations, and handling them during the Association Response frame TX
completion processing.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2016-03-06 17:08:12 +02:00
Janusz Dziedzic
56885eecf4 hostapd: Add UDP support for ctrl_iface
Add UDP support for ctrl_iface:

New config option could be set:
CONFIG_CTRL_IFACE=udp
CONFIG_CTRL_IFACE=udp-remote
CONFIG_CTRL_IFACE=udp6
CONFIG_CTRL_IFACE=udp6-remote

And hostapd_cli usage:
hostapd_cli -i localhost:8877

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:44:37 +02:00
Janusz Dziedzic
acf57fae76 ctrl_iface_common: Use sockaddr_storage instead of sockaddr_un
This is a step towards allowing UDP sockets to be used with the common
implementation.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:15:05 +02:00
Janusz Dziedzic
89b781bc89 hostapd: Use common functions for ctrl_iface
Use the common functions, structures when UNIX socket ctrl_iface used.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:15:05 +02:00
Janusz Dziedzic
ca974ae53f Add common ctrl_iface files
This is preparation for sharing a single implementation for ctrl_iface
functionality in wpa_supplicant and hostapd.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:15:05 +02:00
Avichal Agarwal
35986959d9 P2P: Update peer WFD IE from PD Response and GO Negotiation Response
Update the peer WFD IE information based on WFD elements received in
Provision Discovery Response and GO Negotiation Response frames.

Signed-off-by: Avichal Agarwal <avichal.a@samsung.com>
Signed-off-by: Kyeong-Chae Lim <kcya.lim@samsung.com>
2016-03-05 10:02:59 +02:00
Ilan Peer
12c1fdf19a P2P: Update peer listen channel from Probe Request frames
In case a Probe Request frame is received from a known peer P2P Device,
update the listen channel based on the P2P attributes in the Probe
Request frame. This can be useful for cases where the peer P2P Device
changed its listen channel, and the local P2P device is about to start a
GO Negotiation or invitation signaling with the peer.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2016-03-03 17:10:26 +02:00
Ayala Beker
7441698fcf nl80211: Abort an ongoing scan upon scan timeout indication
Currently, when scan is stuck in the kernel/driver/fw,
the nl80211 driver tries to recover by faking a SCAN_RESULTS flow.
However, the scan is still stuck in the kernel/driver/fw.

To avoid that stuck request, abort it upon scan timeout.

Signed-off-by: Ayala Beker <ayala.beker@intel.com>
2016-03-03 17:10:26 +02:00
Ilan Peer
b8f02d8baf EAP-PWD peer: Fix possible memory leak on error path
Fix possible memory leak in eap_pwd_perform_commit_exchange().

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2016-03-03 16:28:41 +02:00
Eliad Peller
4a6e9e5599 Fix CONFIG_WPA_TRACE=y compilation without CONFIG_WPA_TRACE_BFD=y
syms is defined only for WPA_TRACE_BFD:

../src/utils/trace.c: In function ‘wpa_trace_deinit’:
../src/utils/trace.c:372:7: error: ‘syms’ undeclared (first use in this function)
  free(syms);
       ^
../src/utils/trace.c:372:7: note: each undeclared identifier is reported only once for each function it appears in
make: *** [../src/utils/trace.o] Error 1
make: *** Waiting for unfinished jobs....

Add appropriate #ifdef.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2016-03-03 16:23:23 +02:00
Lior David
c58eed6dc7 P2P: Add Dev Info attribute to Probe Request frames in 60 GHz
When building P2P IE for Probe Request frames in P2P scan, add the
device information attribute if the 60 GHz band is included in the scan,
since this is required by the P2P specification.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-03-03 15:13:56 +02:00
Lior David
2b6e9f91df wpa_supplicant: Expose wpas_get_bands() and related API
Expose the functions wpas_get_bands() and wpas_freq_to_band() and the
enum wpa_radio_work_band, since they will be needed outside
wpa_supplicant.c.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-03-03 15:10:50 +02:00
Dedy Lansky
0147afa9df FST: Enlarge State Transition Timeout (STT)
STT guards the exchange of FST Action frames with the peer station.
It was observed that sometimes Action frames sending is delayed at
driver/FW layers for few hundreds millisec.

Enlarge the STT to overcome such cases.

Signed-off-by: Dedy Lansky <qca_dlansky@qca.qualcomm.com>
2016-03-03 13:50:03 +02:00
Peng Xu
e1d00d47c7 Add error handling for offloaded ACS with vendor command failures
In case vendor ACS command returns invalid channel or hardware mode,
complete the interface setup with an error code instead of simply
return, so that hostapd can properly clean up the interface setup.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-03 12:19:43 +02:00