Commit Graph

8074 Commits

Author SHA1 Message Date
Jouni Malinen
71f1d1e54d hostapd: Fix memory leak on dynamic add-BSS error path
If "ADD bss_config=" command failed in driver_init() or
hostapd_setup_interface(), some of the allocated resources were not
freed properly.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 17:42:23 +02:00
Jouni Malinen
3f63614f18 nl80211: Clean up nl80211_scan_common() to use nl80211_cmd_msg()
This helper function had not used the nl80211_set_iface_id() helper, but
there is no reason why it couldn't re-use the same helper as other
places using nl80211_cmd_msg().

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 17:18:51 +02:00
Jouni Malinen
95376e1a99 nl80211: Use nl80211_iface_msg() helper
Use the helper function to replace places that use nlmsg_alloc(),
nl80211_cmd(), and ifindex.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 17:18:51 +02:00
Jouni Malinen
13f83980f0 nl80211: Use nl80211_bss_msg() helper
Use the helper function to replace places that use nlmsg_alloc(),
nl80211_cmd(), and either bss->ifindex or if_nametoindex(bss->ifname).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 17:18:46 +02:00
Jouni Malinen
a3249fdfb8 nl80211: Use nl80211_cmd_msg() for P2P Device operations
bss->wdev_id_set is set for the non-detdev P2P Device, so
nl80211_cmd_msg() can be used as-is for these cases as well.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 17:17:19 +02:00
Jouni Malinen
9725b78421 nl80211: Use nl80211_drv_msg() helper
Use the helper function to replace places that use nlmsg_alloc(),
nl80211_cmd(), and drv->ifindex.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 17:17:12 +02:00
Jouni Malinen
350acc354d nl80211: Move nl80211_set_iface_id() next its only remaining user
This function was in a bit strange location between struct family_data
and family_handler() definitions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 16:41:26 +02:00
Jouni Malinen
56f77852e5 nl80211: Use the new nl80211_cmd_msg() helper
This removes duplicated code for building nl80211 commands for a BSS.
This commit handles the functions that were already using
nl80211_set_iface_id().

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 16:41:25 +02:00
Jouni Malinen
07c7757cb1 nl80211: Add nl80211_*_msg() helpers
These new functions can be used to both allocate and build a header for
most nl80211 commands.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 16:41:01 +02:00
Jouni Malinen
a862e4a38f nl80211: Continue getting rid of NLA_PUT* macro use
This gets rid of more NLA_PUT* macro uses in nl80211 to reduce the
number of functions that depend on the hidden behavior of jumping to the
nla_put_failure label.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 12:50:15 +02:00
Jouni Malinen
9589a91e0e nl80211: Get rid of NLA_PUT* macro use in capability checking
This gets rid of NLA_PUT* macro use in checking nl80211 capabilities to
reduce the number of functions that depend on the hidden behavior of
jumping to the nla_put_failure label.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 12:18:38 +02:00
Jouni Malinen
f27f1644a8 PCSC: Make AID copying easier for static analyzers
Use a separate pointer and length field instead of trying to copy from a
struct field that has only part of the full buffer available.
(CID 68115)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 12:16:32 +02:00
Jouni Malinen
c397eff828 Make GTK length validation easier to analyze
Bounds checking for gd->gtk_len in wpa_supplicant_check_group_cipher()
was apparently too complex for some static analyzers. Use a local
variable and a more explicit validation step to avoid false report.
(CID 62864)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 12:16:32 +02:00
Jouni Malinen
369d07afc1 FT: Make aes_wrap() call easier to analyze
Using aes_wrap() to initialize a data structure seemed to be too much
for some static analyzers to understand. Make it obvious that the target
is not just the single struct member. (CID 68111)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 12:16:32 +02:00
Jouni Malinen
7696760388 FT: Make aes_unwrap() calls easier to analyze
Using aes_unwrap() to initialize a data structure seemed to be too much
for some static analyzers to understand. Make it obvious that the target
is initialized and that the target is not just the single struct member.
In addition, clean up the design to avoid removal of const with a
typecast. (CID 68112, CID 68134, CID 68135, CID 68136)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 12:16:32 +02:00
Jouni Malinen
a6306bcc92 P2P: Split p2p_channels_union() into two functions
The separate p2p_channels_union_inplace() makes the function easier for
static analyzers to see that the result buffer is always initialized.
(CID 74494)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 12:16:32 +02:00
Jouni Malinen
2f816c212c tests: Optimize FT test cases
Use single channel scan instead of full scan to save time. In addition,
use EAP-GPSK which takes significantly less CPU that EAP-EKE with
default parameters.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-05 17:12:30 +02:00
Jouni Malinen
c337d07a1b tests: FT_DS with unknown target
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-05 17:05:46 +02:00
Jouni Malinen
7fd5fd03ac tests: TDLS teardown using wildcard address
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-05 16:56:14 +02:00
Jouni Malinen
e61f90875b tests: Disabling WNM keep-alive and hostapd doing client poll
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-05 16:51:21 +02:00
Jouni Malinen
19ef208640 tests: wpa_supplicant ctrl_iface SET operations
This adds more test coverage for wpa_supplicant SET ctrl_iface command.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-05 16:29:08 +02:00
Jouni Malinen
556408940e tests: SET disallow_aps in P2P GO mode
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-05 16:21:10 +02:00
Jouni Malinen
c1e33588b8 tests: Optimize WFD connect_cli() calls
There is no need to run full scan in these test cases, so use single
channel scan to save time.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-05 15:47:21 +02:00
Jouni Malinen
f8fee78879 tests: WFD_SUBELEM_SET/GET with all parameter
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-05 15:47:20 +02:00
Jouni Malinen
bc0ba01d70 WFD: Allow WFD_SUBELEM_SET/GET all to be used with full IE buffer
This extends the previously used WFD_SUBELEM_SET/GET <subelem id> design
to allow special "all" value to be used as an id to indicate that all
WFD subelements are to be set/get. This uses similar interface as was
previously added over D-Bus.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-05 15:22:33 +02:00
Jouni Malinen
ceb767d501 tests: More coverage for WMM-AC
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-05 14:08:24 +02:00
Jouni Malinen
f80936094e WMM-AC: Use DEBUG verbosity for ignoring Action frame messages
There is no point in flooding the log with WARNING or ERROR level
messages if WMM-AC related Action frames are ignored in cases where they
were not expected. In addition, WARNING/ERROR should not really be used
in cases an invalid frame is dropped especially if this is not related
to a security setup since external devices could otherwise generate log
entries.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-05 13:17:57 +02:00
Jouni Malinen
5085ffb8f8 hostapd: Fix HT40 determination for ACS offload
Commit 16689c7cfc ('hostapd: Allow ACS to
be offloaded to the driver') used incorrect operator to determine
whether HT40 was configured. Fix that to mask the ht_capab bit
correctly. (CID 77286)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-05 01:08:40 +02:00
Jouni Malinen
0570a3ea7d HS 2.0: Clarify OSU Provider list length validation
The previous version was somewhat too complex for some static analyzers.
Use local variables for the extracted length fields and explicitly
compare these against the remaining buffer length. (CID 68121)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-05 00:56:05 +02:00
Jouni Malinen
56b352ec58 ERP: Avoid a static analyzer warning on uninitialized emsk_len
This was not really a real issue since bin_clear_free() would not use
the emsk_len argument when emsk is NULL as it would be on the path where
emsk_len has not been initilized. Anyway, it is better to get rid of the
warning.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-05 00:33:31 +02:00
Jouni Malinen
ebdfdf1b9c eap_example: Get rid of a compiler warning
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-04 12:38:06 +02:00
Jouni Malinen
acc9a635c8 tests: EAP Re-authentication Protocol (ERP)
This tests RP EAP-Initiate/Re-auth-Start transmission, ERP key
derivation, and EAP-Initiate/Re-auth + EAP-Finish/Re-auth exchange and
rMSK derivation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-04 12:16:29 +02:00
Jouni Malinen
65d9a5e254 ERP: Add wpa_supplicant ERP_FLUSH ctrl_iface command
This can be used to flush all the ERP keys.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-04 12:16:29 +02:00
Jouni Malinen
02a8d45ace ERP: Add support for ERP on EAP peer
Derive rRK and rIK on EAP peer if ERP is enabled. The new wpa_supplicant
network configuration parameter erp=1 can now be used to configure the
EAP peer to derive EMSK, rRK, and rIK at the successful completion of an
EAP authentication method. This functionality is not included in the
default build and can be enabled with CONFIG_ERP=y.

If EAP authenticator indicates support for re-authentication protocol,
initiate this with EAP-Initiate/Re-auth and complete protocol when
receiving EAP-Finish/Re-auth.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-04 12:16:29 +02:00
Jouni Malinen
d3bddd8b84 ERP: Add support for ERP on EAP server and authenticator
Derive rRK and rIK on EAP server if ERP is enabled and use these keys to
allow EAP re-authentication to be used and to derive rMSK.

The new hostapd configuration parameter eap_server_erp=1 can now be used
to configure the integrated EAP server to derive EMSK, rRK, and rIK at
the successful completion of an EAP authentication method. This
functionality is not included in the default build and can be enabled
with CONFIG_ERP=y.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-04 12:16:27 +02:00
Jouni Malinen
e2ee327b19 ERP: Add TV/TLV parser
This is needed for ERP implementation on both the server/authenticator
and peer side.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-04 12:08:59 +02:00
Jouni Malinen
0087061de7 ERP: Add HMAC-SHA256 KDF (RFC 5295)
This is needed for ERP key derivation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-04 12:08:59 +02:00
Jouni Malinen
2a5156a66c ERP: Add optional EAP-Initiate/Re-auth-Start transmission
hostapd can now be configured to transmit EAP-Initiate/Re-auth-Start
before EAP-Request/Identity to try to initiate ERP. This is disabled by
default and can be enabled with erp_send_reauth_start=1 and optional
erp_reauth_start_domain=<domain>.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-04 12:08:56 +02:00
Jouni Malinen
19e2b3b6ba ERP: Add defines for EAP Re-Authentication Protocol
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-04 00:58:14 +02:00
Jithu Jance
0d4e3d1d13 nl80211: Ignore Connect failure for the previous association
Suppose there are two APs (AP1 & AP2) and user attempted to connect to
AP2 before the previous connection with AP1 could succeed. Now, if the
connection event comes for the older AP with failed status, we should
just ignore it as the wpa_supplicant state has moved to "ASSOCIATING"
with the new AP (AP2).

This is a similar to the case where a disconnection event is ignored for
a case where local disconnect request can cause the extra event to show
up during the next association process following that command.

Signed-off-by: Jithu Jance <jithu@broadcom.com>
2014-12-04 00:34:08 +02:00
Peng Xu
16689c7cfc hostapd: Allow ACS to be offloaded to the driver
Using QCA vendor command, allow ACS function to be offloaded to the
driver. Once channels are selected, hostapd is notified to perform OBSS
operation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-03 22:31:53 +02:00
Dmitry Shmidt
f34891a3af Return only full network line in list_networks
It makes more sense to truncate at line boundary especially with the new
LAST_ID parameter.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2014-12-03 22:31:53 +02:00
Jouni Malinen
8201054da6 tests: Huge number of network blocks and LIST_NETWORKS LAST_ID
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-02 23:47:34 +02:00
Vinit Deshpande
90903a77ef List all networks despite message limit of 4096 bytes
This change creates 'LIST_NETWORK LAST_ID=x' form to allow
retrieval of all networks saved in the system. Without this form,
only first few (whatever fills in first 4096 bytes) can be
retrieved.

Signed-off-by: Vinit Deshpande <vinitd@google.com>
2014-12-02 23:47:27 +02:00
Jouni Malinen
994d6f4629 Add a name for an assigned QCA nl80211 vendor subcmd
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-02 23:36:12 +02:00
Jouni Malinen
44177b69e8 Allow a BSS entry with all-zeros BSSID to expire
wpa_bss_in_use() used to determine that a BSS with BSSID of
00:00:00:00:00:00 is in use in almost every case since either
wpa_s->bssid or wpa_s->pending_bssid was likely to be cleared. This
could result in a corner case of a BSS entry remaining in the BSS table
indefinitely if one was added there with a (likely bogus) address of
00:00:00:00:00:00. Fix this by ignore wpa_s->bssid and
wpa_s->pending_bssid if the BSSID in the BSS table entry is
00:00:00:00:00:00.

In theory, that address is a valid BSSID, but it is unlikely to be used
in any production AP, so the potential expiration of a BSS entry with
that address during a connection attempt would not be a concern
(especially when a new scan would be enough to recover from that).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-02 19:46:58 +02:00
Jouni Malinen
e48635cfb0 Rename QCA nl80211 vendor subcmds to match AOSP names
This makes the enum vendor_subcmds definitions more consistent with the
names used in Android.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-02 16:20:35 +02:00
Vivek Natarajan
b685e2aab7 atheros: Cleanup atheros_raw_receive to process all management frames
Signed-off-by: Vivek Natarajan <nataraja@qti.qualcomm.com>
2014-12-02 16:20:35 +02:00
Jouni Malinen
c7f35a9e96 tests: Make scan_for_auth more robust
It was apparently possible for this test case not to do what it was
supposed to do, i.e., get nl80211 Authenticate command failing due to
cfg80211 BS entry missing. With the external radio work blocking fixed,
this can be cleaned up by explicitly waiting for the scan event. In
addition, a less used channel can be selected to avoid finding other BSS
entries.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-01 20:17:08 +02:00
Jouni Malinen
e374522827 Do not start new radio work on scan completion during ext work
Externally triggered scan could result in a new radio work item getting
started even when external radio work was in progress. Delay such start
until the external work is completed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-01 20:17:08 +02:00