Commit Graph

1670 Commits

Author SHA1 Message Date
Jouni Malinen
49a191a142 EAP: Add "expanded" EAP type to get_name functions 2011-08-28 19:23:16 +03:00
Jouni Malinen
17f6b90056 WPS: Wait for EAPOL-Start unless WPS 2.0 station as workaround
Extend the code that waits for the station to send EAPOL-Start before
initiating EAPOL authenticator operations to cover the case where the
station includes WPS IE in (Re)Association Request frame if that IE
does not include support for WPS 2.0. While this should not really
be needed, this may help with some deployed WPS 1.0 stations that do
not support EAPOL operations correctly and may get confused of the
EAP-Request/Identity packets that would show up twice if EAPOL-Start
is transmitted.
2011-08-28 19:16:59 +03:00
Jouni Malinen
fb91db5639 Provide extra IEs for AP mode management frames with set_ap
Drivers that build Beacon, Probe Response, and (Re)Association
Response frames can use this information to and WPS and P2P IE
when needed.
2011-08-26 21:14:25 +03:00
Jouni Malinen
97a7a0b504 Add support for setting SSID hiding mode through set_ap() 2011-08-26 21:12:47 +03:00
Jouni Malinen
b11d1d6439 Add crypto parameters to set_ap() command separately
This helps drivers that build the Beacon and Probe Response frames
internally.
2011-08-26 21:11:42 +03:00
Jouni Malinen
d8cc23a438 Sync with include/linux/nl80211.h in wireless-testing.git 2011-08-26 21:09:08 +03:00
Jouni Malinen
9ca47fff8c WPS: Drop responses from ER to a STA that is not in WPS protocol
If an ER tries to send a message to a STA that is not in the middle
of WPS protocol, do not try to deliver that. This can help with issues
where an ER takes long time to reply to M1 and another Registrar has
already completed negotiation.
2011-08-12 11:58:32 +03:00
Jouni Malinen
de6e463f57 Make sure that EAP callbacks are not done if state machine has been removed
It is possible to get a response for a pending EAP callback after the
EAP state machine has already completed its work or has timed out. For
those cases, make sure that the callback function is not delivered since
it could result in NULL pointer dereferences.
2011-08-12 11:56:44 +03:00
Jouni Malinen
167dc97501 WPS: Fix M2/M2D Config Methods to include PushButton even if PBC not in use
The Config Methods attribute in M2 and M2D messages is supposed to
indicate which configuration methods are supported by the Registrar. As
such, it should not depend on whether PBC mode is currently active or
not. That will only affect the Selected Registrar Config Methods and
Device Password ID attributes.
2011-08-11 17:03:57 +03:00
Jouni Malinen
59639fa112 WPS: Fix default virt/phy pushbutton config method setting
Instead of always adding PHY PushButton config method, only add this
if neither virtual nor physical push button is advertised.
2011-08-11 16:51:40 +03:00
Jouni Malinen
ccb941e6da Add SSID as a separate item in AP mode Beacon setup
This makes it easier for drivers that need the SSID to get it from the
Beacon setup operation without having to parse the Beacon IEs.
2011-08-10 13:29:32 +03:00
Jouni Malinen
19c3b56685 Replace set_beacon() driver op with set_ap()
This change is a first step in better supporting different driver
architectures for AP mode operations with nl80211. This commit in
itself does not add new functionality, but it makes it easier to add
new AP mode parameters to address needs of drivers that have more of
the MLME/SME in firmware or kernel.
2011-08-10 13:22:37 +03:00
Jouni Malinen
5fb1a23252 nl80211: Fix hostapd build 2011-08-09 23:32:26 +03:00
Jouni Malinen
bdffdc5ddb AP: Reorder WPA/Beacon initialization
Split WPA initialization into two parts so that the Beacon frames can be
configured fully before the initial keys (GTK/IGTK) are configured. This
makes it easier for drivers that depend on the AP security mode being
fully set before the keys are configured.
2011-08-09 14:56:16 +03:00
Jouni Malinen
bc45d4279f WPS: Do not update Beacon IEs before initial IE set
This avoids a request to the driver to first start beaconing before
the WPA/RSN IE has been generated and then immediately changing the
beacon IEs once the WPA/RSN IE is ready.
2011-08-09 14:40:06 +03:00
Jouni Malinen
f10bfc9adb nl80211: Add l2_packet for AP mode EAPOL TX without monitor iface
This can be used with drivers that do not support monitor interface
when transmitting EAPOL frames in AP mode.
2011-08-09 14:04:53 +03:00
Jouni Malinen
9db931ed6d nl80211: Do not include NL80211_ATTR_DURATION in TX frame if zero
When offloading of the offchannel TX wait is not used, it is better to
not include NL80211_ATTR_DURATION to avoid confusing nl80211/cfg80211.
2011-08-09 14:01:31 +03:00
Jouni Malinen
a381f2a286 nl80211: Fix connect command to not claim WPA if WPS is used
Such using params->wpa_ie to figure out whether the connection is for
WPA/WPA2 is not correct since that buffer is used also to add WPS IE. In
case of WPS, do not add NL80211_ATTR_WPA_VERSIONS to avoid confusing
drivers.
2011-08-09 13:59:43 +03:00
Jouni Malinen
a05225c819 nl80211: Add more debug information on frame TX command failures 2011-08-09 13:59:12 +03:00
Jouni Malinen
2e92310217 random: Check fwrite return value to avoid warnings
Some compilers complain about fwrite calls if the return value is
not checked, so check the value even if it does not really make
much of a difference in this particular case.
2011-08-06 21:16:31 +03:00
Jouni Malinen
6921f1f386 TLS: Reorder certificates if needed when reading them
The internal TLS implementation assumes that the certificate chain
is ordered by issuer certificate following the certificate that it
signed. Add the certificates to the chain in suitable order when
loading multiple certificates.
2011-08-04 22:39:03 +03:00
Anish Nataraj
628d54639a Dispatch more WPS events through hostapd ctrl_iface 2011-08-04 16:56:41 +03:00
Jouni Malinen
70dbe3b6d7 P2P: Fix 802.11b-only rate validation for Probe Request frames
Commit e1d526293b added code for verifying
whether the receive Probe Request frame was indicating support for only
802.11b rates, but it missed the for loop for the extended supported
rates element. Add that to fix the validation code for cases where
non-802.11b rates are in the extended supported rates element.
2011-08-02 11:18:03 +03:00
Jouni Malinen
93ac240496 Clarify hostapd error message on unsupported hw_mode value 2011-07-31 00:51:34 +03:00
Pavel Roskin
e783c9b0e5 madwifi: Implement set_freq for hostapd, adjust hostapd.conf
Signed-off-by: Pavel Roskin <proski@gnu.org>
2011-07-29 20:51:55 +03:00
Pavel Roskin
374038fbde hostap: Remove unused variable in handle_frame()
Signed-off-by: Pavel Roskin <proski@gnu.org>
2011-07-29 20:51:55 +03:00
Pavel Roskin
f11634bf5d hostap: Add channel selection support in hostapd
Signed-off-by: Pavel Roskin <proski@gnu.org>
2011-07-29 20:51:50 +03:00
Dmitry Shmidt
a79d5479df Increase maximum number of SSIDs per scan with ProbeReq to 10 2011-07-19 08:55:46 +03:00
Eliad Peller
2f4f73b154 nl80211: Change vif type to P2P_CLI upon P2P authentication
Currently, wpa_driver_nl80211_authenticate() changes the interface type
to station. However, in case of P2P, we need to change the interface
type to P2P_CLI.

Add p2p field to the authentication params, and consider it for choosing
the correct interface type.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2011-07-17 20:25:58 +03:00
Eliad Peller
b1f625e0d8 nl80211: Consider P2P when changing vif type
Commit 9f51b11395 added support for P2P
interfaces when adding a new interface. However, it didn't handle the
case in which the same interface is being used and its type is being
changed. Add support for this case.

Consequently, when doing "ap_scan_as_station" we now need to save the
actual AP interface type (AP/P2P GO) in order to restore it properly.
For that, change ap_scan_as_station type from int to nl80211_iftype, and
set it to NL80211_IFTYPE_UNSPECIFED when not used.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2011-07-17 20:22:11 +03:00
Jouni Malinen
ff6a158b40 nl80211: Do not re-set iftype when initializing added interface
There is no need to force the interface into station mode when
wpa_supplicant adds a new interface (e.g., P2P group) with the correct
iftype.
2011-07-17 20:03:25 +03:00
Jouni Malinen
a1922f934d nl80211: Add more debug info for iftype changes 2011-07-17 19:47:41 +03:00
Jouni Malinen
7d9c369827 nl80211: Ignore ifdown event if mode change triggered it
When driver_nl80211.c has to set the netdev down to change iftype, an
RTM_NEWLINK event is generated. Do not generate
EVENT_INTERFACE_DISABLED event based on that.
2011-07-17 13:56:34 +03:00
Jouni Malinen
6554237f38 FT: Share IE parser implementation for Authenticator and Supplicant
These are almost identical, so there is no point in using separate
implementations.
2011-07-16 11:13:39 +03:00
Jouni Malinen
c3c828ebfd FT: Fix FT IE parser to not count TIE as protected IE 2011-07-16 11:05:28 +03:00
Hong Wu
c284b46141 FT: Fix the calculation of MIC Control field in FTIE
Reassociation Request/Response frame validation need to count all IEs in
the RIC. In addition, TIE is not protected, so it should not be included
in the count.

Signed-off-by: Hong Wu <hong.wu@dspg.com>
2011-07-16 10:57:17 +03:00
Jouni Malinen
e1d526293b P2P: Do not reply to Probe Request frame indicating only 802.11b rates
Per P2P specification 2.4.1, P2P Device shall shall not respond to
Probe Request frames that indicate support for only 802.11b rates.
2011-07-15 21:49:50 +03:00
Jouni Malinen
97c5b3c45b P2P: Check Device ID match in Probe Request frames in Listen state
Do not reply to Probe Request frames that include a Device ID that
does not match with our own P2P Device Address.
2011-07-15 20:48:06 +03:00
Jouni Malinen
04a85e4401 P2P: Filter Probe Request frames based on DA and BSSID in Listen state
Only accept Probe Request frames that have a Wildcard BSSID and a
destination address that matches with our P2P Device Address or is the
broadcast address per P2P specification 3.1.2.1.1.
2011-07-15 20:28:46 +03:00
Jouni Malinen
15f0961447 Check random_get_bytes() result before writing entropy file 2011-07-15 17:17:48 +03:00
Jouni Malinen
40eebf2353 MD5: Fix clearing of temporary stack memory to use correct length
sizeof of the structure instead of the pointer was supposed to be used
here. Fix this to clear the full structure at the end of MD5Final().
2011-07-15 13:42:06 +03:00
Johannes Berg
f67eeb5c32 nl80211: fix interface address assignment
When a new interface is created and already has a separate MAC address
assigned by the kernel, then we need to use that address, not just when
we've created a locally administered address.

This fixes use_p2p_group_interface=1 for iwlagn as it already makes
mac80211 assign an address for a second interface since the hardware has
two addresses assigned.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-07-15 12:05:19 +03:00
Johannes Berg
b14a210ce2 nl80211: Support GTK rekey offload
Add support to wpa_supplicant for device-based GTK rekeying. In order to
support that, pass the KEK, KCK, and replay counter to the driver, and
handle rekey events that update the latter.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2011-07-12 21:22:51 +03:00
Jouni Malinen
7aec3776b9 Sync with linux/nl80211.h from wireless-testing.git 2011-07-12 20:53:32 +03:00
Arik Nemtsov
95ab606345 nl80211: Send STA flags to kernel on station addition
Send STA flags to kernel when adding a new station. This ensures
stations are added with up to date flags by kernel drivers.

Signed-off-by: Arik Nemtsov <arik@wizery.com>
2011-07-12 20:28:31 +03:00
Arik Nemtsov
d83ab1fe37 hostapd: Set STA flags when adding a new station
When adding a new station, set the STA flags as part of the sta_add()
command. This ensures the flags are up to date when the station is added
by lower level drivers.

Signed-off-by: Arik Nemtsov <arik@wizery.com>
2011-07-12 20:26:52 +03:00
Hong Wu
715ed737dc FT: Disable PMKSA cache for FT-IEEE8021X
wpa_supplicant uses XXKEY instead of PMK to derive PMK-R0 and PMK-R1 for
FT-IEEE8021X key mgmt.

Signed-off-by: Hong Wu <hong.wu@dspg.com>
2011-07-05 20:49:51 +03:00
Jouni Malinen
cb465555d4 Allow PMKSA caching to be disabled on Authenticator
A new hostapd configuration parameter, disable_pmksa_caching=1, can now
be used to disable PMKSA caching on the Authenticator. This forces the
stations to complete EAP authentication on every association when WPA2
is being used.
2011-07-05 17:13:04 +03:00
Jouni Malinen
4f525d8e5b Move peer certificate wpa_msg() calls to notify.c
This type of wpa_supplicant specific message construction does not need
to be at the EAP implementation, so better move it up to notify.c.
2011-07-05 12:40:37 +03:00
Michael Chang
ade74830b4 Add dbus signal for information about server certification
In general, this patch attemps to extend commit
00468b4650 with dbus support.

This can be used by dbus client to implement subject match text
entry with preset value probed from server. This preset value, if
user accepts it, is remembered and passed to subject_match config
for any future authentication.

Signed-off-by: Michael Chang <mchang@novell.com>
2011-07-05 12:22:32 +03:00