Commit Graph

4393 Commits

Author SHA1 Message Date
Sabrina Dubroca
07a6bfe1d2 mka: Store cipher suite ID in a u64 instead of u8 pointer
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-28 21:55:54 +03:00
Sabrina Dubroca
ec958aee32 mka: Remove cs_len argument from the set_current_cipher_suite functions
This is a known constant value (CS_ID_LEN, i.e., the length of the EUI64
identifier) and does not need to be provided separately in these
function calls.

Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
2016-08-28 20:55:34 +03:00
Jouni Malinen
f2f8616e80 Initialize hapd->nr_db in hostapd_alloc_bss_data()
Previously, this was initialized in hostapd_setup_bss() which made it
possible for a REMOVE_NEIGHBOR control interface command to be issued
prior to the list head pointers having been set. That resulted in a NULL
pointer dereference. Fix this by initializing the list head at the time
the data structure gets allocated.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-08-22 17:44:05 +03:00
Roshan Pius
d015bb05df Move network add/remove operations to a common function
All the 3 control interfaces: socket based, dbus & binder needs to
perform the same sequence of steps for network add/remove. So, move
these to a common utility method in |wpa_supplicant.c| instead of
duplicating the code everywhere.

Signed-off-by: Roshan Pius <rpius@google.com>
2016-08-18 20:46:18 +03:00
Masashi Honma
052b8d38c5 mesh: Report HT operation mode to kernel
Report HT operation mode to kernel to broadcast correct IE in beacon
(for example HT operation IE).

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-08-18 20:46:15 +03:00
Masashi Honma
2bd6217173 mesh: Use WPA_DRIVER_MESH_CONF_FLAG_* as modification flag
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-08-18 20:40:13 +03:00
Masashi Honma
a1431ef8df mesh: Move max_peer_links parameter to appropriate struct
Accoding to the comment of struct wpa_driver_mesh_bss_params, the
max_peer_links parameter should be under that struct.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-08-18 20:33:39 +03:00
Masashi Honma
ecba4509d9 mesh: Simplify HT40 check code
The ht40 variable can only have values -1 or 1 here, so need to try to
address ht40 == 0 case.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-08-18 10:46:39 +03:00
Masashi Honma
05aed438cd mesh: Set correct secondary channel offset if HT40 is disabled
Previously, secondary channel offset could be non zero even though
disable_ht40=1. This patch fixes it.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-08-18 10:43:19 +03:00
Jouni Malinen
b97a541087 IBSS: Fix a memory leak on RSN error path
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-08-13 21:29:53 +03:00
Roshan Pius
5f040be4ff Move disconnect command handling to a common place
Move out the disconnect command handling from |ctrl_iface.c| to
|wpa_supplicant.c| so that it can be reused across the different
control interfaces (socket, dbus & binder).

Signed-off-by: Roshan Pius <rpius@google.com>
2016-08-13 21:11:04 +03:00
Jouni Malinen
6c33ca9f95 Add group_rekey parameter for IBSS
The new network profile parameter group_rekey can now be used to specify
the group rekeying internal in seconds for IBSS.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-08-13 16:29:01 +03:00
Jouni Malinen
e07adb7faa Fix EAP state machine reset with offloaded roaming and authorization
If the driver indicates a roamed event with already completed
authorization, altAccept = TRUE could have resulted in the EAP state
machine ending up in the FAILURE state from the INITIALIZE state. This
is not correct behavior and similar cases were already addressed for FT
and WPA-PSK. Fix the offloaded roamed+authorized (EAP/PMKSA caching)
case by doing similar changes to EAPOL/EAP state variable updates during
association event handling.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-08-11 16:05:45 +03:00
Roshan Pius
a1979469fd binder: Clang format the source code
Add a ".clang-format" file which is pretty close to the rest of
wpa_supplicant code base and reformat the binder codebase.

Signed-off-by: Roshan Pius <rpius@google.com>
2016-08-07 11:21:45 +03:00
Roshan Pius
fe1d0771f7 binder: Expose an aidl interface module
Restructure the binder related makefile sections to expose a separate
|libwpa_binder_interface| which can be imported by clients/tests.

While there,
Change the name of the binder service to the name used in the selinux
permissions.

Signed-off-by: Roshan Pius <rpius@google.com>
2016-08-07 11:21:28 +03:00
Arran Cudbard-Bell
b84ce655d3 Link to, and adjust types for, the PCSC framework included with OSX
Signed-off-by: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
2016-08-07 11:20:33 +03:00
Jouni Malinen
ac81b3948b cli: Share a common tokenize_cmd() implementation
wpa_cli and hostapd_cli had identical copies of this function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-08-06 12:46:39 +03:00
Jouni Malinen
a6d56a3965 wpa_cli: Replace str_match() with common str_starts()
str_match() was identical in behavior to str_starts().

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-08-06 12:44:51 +03:00
Jouni Malinen
980afcce53 cli: Share a common write_cmd() implementation
wpa_cli and hostapd_cli had identical copies of this function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-08-06 12:41:56 +03:00
Jouni Malinen
fcc84b48b2 cli: Share a common get_cmd_arg_num() implementation
wpa_cli and hostapd_cli had identical copies of this function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-08-06 12:39:56 +03:00
Jouni Malinen
e55df99ee6 Share a single str_starts() implementation
No need to define this as a static function in multiple files.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-08-06 12:38:21 +03:00
Mikael Kanstrup
23c130e9b7 Use a common license string for hostapd_cli and wpa_cli
Move the license strings for hostapd_cli and wpa_cli to common.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2016-08-06 12:34:25 +03:00
Mikael Kanstrup
977c0796f9 Move parts of wpa_cli to a new common file
In preparation for adding further command completion support
to hostapd_cli move some cli related utility functions out of
wpa_cli into a new common cli file.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2016-08-06 12:25:58 +03:00
Mikael Kanstrup
003fe581a3 wpa_cli: Implement completion routine for get_capability
Add command completion routine for get_capability command.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2016-08-06 11:18:04 +03:00
Jouni Malinen
112fdee738 P2P: Fix D-Bus persistent parameter in group started event
wpas_p2p_persistent_group() returns non-zero for persistent groups. This
value happens to be 2 instead of 1 due to the
P2P_GROUP_CAPAB_PERSISTENT_GROUP value. This ended up with D-Bus code
trying to encode 2 as a DBUS_TYPE_BOOLEAN value which results in an
assert from the library. Fix this by modifying
wpas_p2p_persistent_group() to return 0 or 1 instead of 0 or an
arbitrary non-zero.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-08-02 23:47:38 +03:00
vamsi krishna
cc9985d1b1 Set default scan IEs to the driver (QCA vendor extension)
This makes wpa_supplicant set default scan IEs to the driver (if the
vendor command is supported). The driver can use these IEs in the scan
requests initiated by the driver itself. Also the driver can merge these
IEs into further scan requests that it receives, in case if the scan
request doesn't carry any of the IEs sent in this command.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-08-02 21:21:52 +03:00
Masashi Honma
3388e7b96f mesh: Remove HT IEs if HT is disabled
Previously, HT capability IE and HT information IE were included in
Beacon and Mesh Peering Open/Confirm frames even if HT is disabled with
disable_ht=1. This patch removes these.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-07-23 22:04:16 +03:00
Masashi Honma
4ac2ea5738 mesh: Make DTIM period configurable
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-07-23 21:58:04 +03:00
Masashi Honma
fac72f93dd mesh: Stop joining to different frequency network
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-07-23 21:57:15 +03:00
Masashi Honma
7035162311 mesh: Join an existing MBSS instead of creating a new one
If scan results show a matching existing MBSS, join it instead of
creating a new MBSS.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-07-23 21:57:11 +03:00
Erik Ljungberg
4d7aab78bd Make driver flags available through control interface
This shows the current set of driver flags in wpa_cli and hostapd_cli.

Signed-off-by: Erik Ljungberg <erik.ljungberg@sonymobile.com>
2016-07-23 20:46:20 +03:00
Masashi Honma
e347cafe57 mesh: Report mesh peer AID to kernel
Previously, mesh power management functionality works only with kernel
MPM. Because user space MPM did not report mesh peer AID to kernel,
the kernel could not identify the bit in TIM element. So this patch
reports mesh peer AID to kernel.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-07-23 20:26:26 +03:00
Jouni Malinen
34a5014507 MBO: Remove unused assignment
The local found variable is not used in this case. Commit
653d227e9f ('MBO: Improve supported
operating class generation') introduced this variable and unnecessarily
set it here. Remove the write-only assignment to silence static
analyzers.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-07-18 23:41:19 +03:00
Jouni Malinen
f8608fab85 SME: Fix SA Query local failure handling
If no new sme_sa_query_timer() callback is scheculed,
sme_stop_sa_query() needs to be called to allow new SA Query operations
to be started after the failure.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-07-18 00:57:34 +03:00
Jouni Malinen
ab6ab07ad1 Clear wpa_s->sme.last_unprot_disconnect.sec on FLUSH command
This is needed for hwsim test cases to allow multiple STA-initiated SA
Query operations in short amount of time.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-07-18 00:56:53 +03:00
Jouni Malinen
9636b07ae2 HS 2.0: Add an event message to note failed OSU provider write
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-07-17 11:08:02 +03:00
Jouni Malinen
dd20eabd16 HS 2.0: Add optional no-scan parameter to FETCH_OSU
This is mainly for testing purposes to allow multiple FETCH_OSU ANQP
operations to be ran without having to wait for full scan between each
query.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-07-12 23:13:09 +03:00
Jouni Malinen
f465c32dc2 Interworking: Define control interface message prefixes in wpa_ctrl.h
These control interface event message are used by external programs, so
define them a bit more formally in the header file.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-07-11 21:56:56 +03:00
Jouni Malinen
99a9423c7b HS 2.0: Make hs20_build_anqp_req() static
This function is not used outside hs20_supplicant.c.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-07-11 21:56:56 +03:00
Jouni Malinen
75b2a87952 HS 2.0: Fix hs20_get_icon() error path
If base64_encode() fails (e.g., due to memory allocation failure), the
return value needs to be checked against NULL before using the (not
really) returned length value. The error path here ended up reading
uninitialized variable.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-07-04 19:35:18 +03:00
Jouni Malinen
0da9869b02 Interworking: Remove unused allow_excluded from interworking_connect()
This argument was set to a hardcoded value 1 and as such, the other
cases were not reachable.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-07-04 17:49:57 +03:00
Jouni Malinen
8329ad4d06 Fix wpa_config_get_all() error path
The previous version did not really work at all and it ended up crashing
if the os_strdup(field->name) call failed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-07-04 17:49:15 +03:00
Jouni Malinen
f7c04e50bd Interworking: Combine identical error returns into a single one
There is no need to maintain separate "return -1;" for each of the
wpa_config_set() calls that cannot really fail in practice.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-07-03 22:37:01 +03:00
Peng Xu
a6f5b1937a P2P: Allow P2P listen being offloaded to the driver/firmware
This allows P2P Listen to be offloaded to device to enhance power
saving.

To start P2P listen offload, from wpa_cli interface, issue the command:
	p2p_lo_start <freq> <period> <interval> <count>

To stop P2P listen offload, issue the command:
	p2p_lo_stop

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-07-03 22:36:58 +03:00
Roshan Pius
ef60f643ec Do not exceed scan ssid max size advertised by driver
Previously, wpa_set_scan_ssids() fully exhausted
wpa_driver_scan_params.ssid list when hidden network IDs are provided
via the control interface. This results in us exceeding the max size for
the list advertised by the driver when we add the "wildcard" scan SSID
entry. So, ensure that we leave space for one more scan SSID entry in
the list when we exit out of wpa_set_scan_ssids().

Signed-off-by: Roshan Pius <rpius@google.com>
2016-07-03 19:13:42 +03:00
Jouni Malinen
653d227e9f MBO: Improve supported operating class generation
Previously, 2.4 GHz operating class 81 was not added for US due to not
all of the channels (1-13 in this operating class) being supported.
Still, this operating class is the main operating class in the global
table for 2.4 GHz and it is the only option for indicating support for
the 2.4 GHz band channels in US.

Change the supported operating class building rules to include all
operating classes for which at least one channel is enabled. In
addition, fix the 80, 80+80, and 160 MHz channel checks (checking the
center frequency channel was failing since it is not a valid 20 MHz
channel).

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-07-01 01:13:54 +03:00
Jouni Malinen
8bd90996f9 mesh: Add debug prints on my/peer lid mismatches
This makes it easier to figure out why a received mesh peering frame
could end up getting dropped.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-29 01:22:13 +03:00
Jouni Malinen
78ac368574 mesh: Add MPM FSM transitions from ESTAB to HOLDING for {OPN,CNF}_RJCT
These events were missing from the MPM FSM state transition table.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-28 23:30:40 +03:00
Jouni Malinen
02022564a0 mesh: Update MPM FSM events to match the standard
{OPN,CNF,CLS}_IGNR events were removed during P802.11s draft development
process. Replace these with not generating a MPM FSM event. In addition,
add the standard REQ_RJCT event and option to pass in a specific reason
code to mesh_mpm_fsm().

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-28 23:20:39 +03:00
Jouni Malinen
d02e549831 mesh: Rename MPM FSM states to match the standard
During the P802.11s draft development, there were separate LISTEN and
IDLE states. However, the current IEEE 802.11 standards uses only the
IDLE state while the implementation called this LISTEN. Rename the state
in the implementation to match the one used in the standard to avoid
confusion. In addition, rename OPEN_{SENT,RCVD} to OPN_{SNT,RCVD} to
match the exact spelling of these states in the standard.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-28 22:53:05 +03:00
Jouni Malinen
1f2f3f1c4a mesh: Indicate OPN_RJCT event if AES-SIV decrypt fails
REVmc/D6.0 14.5.5.2.2 (Processing Mesh Peering Open frames for AMPE)
mandates the OPN_RJCT event to be invoked if AES-SIV decryption for
received Mesh Peering Open frame fails. This allows a Mesh Peering Close
frame to be sent in such a case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-28 22:45:41 +03:00
Jouni Malinen
e8afaad7fd mesh: Write close reason from Mesh Peering Close to debug log
This makes it a bit easier to understand the debug log entries related
to tearing down a mesh connection.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-28 22:44:28 +03:00
Jouni Malinen
ee0ad453d5 mesh: Remove GTKdata and IGTKdata from Mesh Peering Confirm/Close
These optional fields are supposed to be included in the Authenticated
Mesh Peering Exchange element only in Mesh Peering Open frames.
Previously, these were incorrectly included in Mesh Peering
Confirm/Close frames and also required to be present in all these
frames.

While this commit changes the receive processing to ignore the
unexpected extra fields, it should be noted that the previous
implementation required the fields to be present and as such, the fixed
implementation is not compatible with it for secure mesh.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-28 22:23:42 +03:00
Jouni Malinen
37fd0be2d3 Add CTRL-EVENT-CHANNEL-SWITCH event to indicate channel changes
This provides information of the channel switch to wpa_supplicant
control interface monitors.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-27 21:10:35 +03:00
Jouni Malinen
1574fa1c6c GAS: Fix double-free on an error path
If radio_add_work() fails, gas_query_req() ended up freeing the query
payload and returning an error. This resulted in also the caller trying
to free the query payload. Fix this by not freeing the buffer within
gas_query_req() in error case to be consistent with the other error
cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-27 18:34:39 +03:00
Jouni Malinen
d6e93d3e09 GAS: Remove unused gas_query_cancel()
This function was added with the initial GAS implementation, but there
was no user for it at the time and no clear use now either, so remove
the unused function and the related GAS query reason code.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-27 18:34:38 +03:00
Jouni Malinen
ae2b4827cc GAS: Check protected/unprotected drop after action code check
Apply the GAS specific rule of using Protected Dual of Public Action
frame only after having checked that the action code indicates this to
be a GAS response. Previously, non-GAS Public Action frames could have
been incorrectly dropped because of this check if received during an
association with PMF enabled.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-27 18:32:26 +03:00
Jouni Malinen
9c21b2bf45 GAS: Report GAS-QUERY-DONE event on initial req TX failure
The GAS-QUERY-DONE event with result=INTERNAL_ERROR was reported on most
other error cases, but the failure triggered by not being able to
transmit a GAS Initial Request stopped the query silently. Make this
more consistent with other error cases by reporting the same event.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-27 16:30:08 +03:00
Jouni Malinen
fc1e2c0d91 D-Bus: Make the CurrentAuthMode property getter more robust
Now that mesh sets wpa_s->wpa_state = WPA_COMPLETED, it looks like this
getter can get called with wpa_s->current_ssid = NULL. That could result
in NULL pointer dereference, so need to protect that specific case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-24 23:49:08 +03:00
Nishant Chaprana
82b9ec3125 D-Bus: Add DeviceFoundProperties signal for discovered peers
This signal sends the peer properties to applications for discovered
peers. The signature of this event is "oa{sv}". This event is needed
because the current DeviceFound signal provides only the peer object
path. If there are many peers in range there will be many DeviceFound
signals and for each DeviceFound signal, applications would need to use
GetAll to fetch peer properties. Doing this many times would create
extra load over application as well as over wpa_supplicant, so it is
better to send peer properties in the event so that applications can
extract found peer information without extra steps.

The existing DeviceFound signal is left as-is to avoid changing its
signature.

The issue is not applicable to the control interface because the
P2P-DEVICE-FOUND event includes peer info in it, but over D-Bus
interface DeviceFound provides only the peer object.

Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
2016-06-24 19:02:58 +03:00
Maital Hahn
4976618c76 mesh: Mark wpa_state COMPLETED when mesh join has been performed
In mesh interface, the wpa_supplicant state was either
DISCONNECT/SCANNING in non-secured connection or AUTHENTICATING in
secured connection. The latter prevented the scan. Update the
wpa_supplicant state in mesh to be COMPLETED upon initialization. This
is similar to the P2P GO case.

Signed-off-by: Maital Hahn <maitalm@ti.com>
2016-06-24 19:02:58 +03:00
Lior David
b94fff1d93 wpa_supplicant: Configurable EAP fragment size in AP mode
In wpa_supplicant AP mode, allow configuration of the EAP fragment size
using the fragment_size member of network block (wpa_ssid), similar to
the fragment_size in hostapd configuration. bss->fragment_size default
value of 0 is treated specially in some EAP code paths (such as MTU
initialization in eap_pwd_init). In order to preserve the existing
behavior, bss->fragment_size will only be set if the network block
specified a value different from the default which is
DEFAULT_FRAGMENT_SIZE(1398) bytes.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-06-24 19:02:58 +03:00
Jouni Malinen
ce256b4a49 PAE: Use sci->port more consistently
This is now annotated as be16, so use it as such in all cases instead of
first storing host byte order value and then swapping that to big endian
in other instances of the same structure. This gets rid of number of
sparse warnings.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-24 19:02:58 +03:00
Jouni Malinen
affdd33591 Move extern declarations for autoscan modules into a header file
This gets rid of number of sparse warnings and also allows the
compatibility of the declarations to be verified.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-24 19:02:58 +03:00
Jouni Malinen
9eece21357 Move extern declarations for bgscan modules into a header file
This gets rid of number of sparse warnings and also allows the
compatibility of the declarations to be verified.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-24 19:02:58 +03:00
Jouni Malinen
50a17a76e1 tests: Declare module test functions in a header file
This gets rid of number of warnings from sparse.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-23 18:26:09 +03:00
Jouni Malinen
0dbe22be3d Mark wpas_data_test_rx() static
This is not called from outside ctrl_iface.c.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-23 13:43:20 +03:00
Jouni Malinen
4d8d710f0b Fix byte order for CONFIG_VHT_OVERRIDES parameters
The VHT parameters were not swapped properly on big endian systems.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-23 13:41:18 +03:00
Jouni Malinen
39cdd3a0f9 FST: Mark wpa_supplicant callback functions get_peer_{first,next} static
These are used only through function pointers, so no need to keep the
functions non-static.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-23 13:32:29 +03:00
Jouni Malinen
6013bbe04f TDLS: Declare tdls_testing as extern in a header file
This gets rid of a sparse warning with CONFIG_TDLS_TESTING builds.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-23 13:31:04 +03:00
Jouni Malinen
0e672b89e7 trace: Define externs in a header file
This gets rid of some unnecessary strace warnings from test builds.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-23 13:28:54 +03:00
Jouni Malinen
0558bec1fd MBO: Mark verify_channel() static
This function is not used outside mbo.c.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-23 13:13:54 +03:00
Jouni Malinen
9e080bf343 WNM: Use NULL instead of 0 as the pointer return value
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-23 13:11:01 +03:00
Jonathan Afek
3b208346ec ctrl_iface: BSS command to skip info items if parsing fails
In some cases parsing of the mesh scan info for a BSS or the P2P scan
info can fail. One reason can be that the Beacon/Probe Response frame
contained malformed length vendor IEs which are not parsed when adding
to the BSS table. Instead of skipping the whole BSS of the BSS command,
just skip the part that failed to parse.

Signed-off-by: Jonathan Afek <jonathanx.afek@intel.com>
2016-06-19 23:48:07 +03:00
Masashi Honma
5a8e48fdb3 mesh: Use MESH_CAP_* macros for mesh capability
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-06-19 20:18:09 +03:00
Masashi Honma
d70a8ab1e3 mesh: Ignore crowded peer
The "Accepting Additional Mesh Peerings bit == 0" means the peer cannot
accept any more peers, so suppress attempt to open a connection to such
a peer.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-06-19 20:18:09 +03:00
Jouni Malinen
a151b0e37d mesh: Select pairwise and group cipher based on network profile
This allows the previously hardcoded CCMP cipher to be replaced in the
network profile for mesh.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-19 20:18:09 +03:00
Jouni Malinen
3b6deac0e7 mesh: Avoid use of hardcoded cipher
This moves pairwise, group, and management group ciphers to various mesh
data structures to avoid having to hardcode cipher in number of places
through the code. While CCMP and BIP are still the hardcoded ciphers,
these are now set only in one location.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-19 20:18:09 +03:00
Jouni Malinen
f868d5607d mesh: Clean up AMPE element encoding and parsing
The AMPE element includes number of optional and variable length fields
and those cannot really be represented by a fixed struct
ieee80211_ampe_ie. Remove the optional fields from the struct and
build/parse these fields separately.

This is also adding support for IGTKdata that was completely missing
from the previous implementation. In addition, Key RSC for MGTK is now
filled in and used when configuring the RX MGTK for a peer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-19 20:18:09 +03:00
Jouni Malinen
4367eec439 mesh: Do not use RX MGTK as RX IGTK
The previous implementation was incorrect in forcing the MGTK to be used
as the IGTK as well. Define new variable for storing IGTK and use that,
if set, to configure IGTK to the driver. This commit does not yet fix
AMPE element parsing to fill in this information.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-19 20:18:09 +03:00
Jouni Malinen
a4eec3c230 mesh: Use variable length MGTK for RX
This extends the data structures to allow variable length MGTK to be
stored for RX. This is needed as an initial step towards supporting
different cipher suites.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-19 20:18:09 +03:00
Jouni Malinen
fccba2c946 mesh: Generate a separate TX IGTK if PMF is enabled
Previous implementation was incorrectly using MGTK also as the IGTK and
doing this regardless of whether PMF was enabled. IGTK needs to be a
independent key and this commit does that at the local TX side.

The current AMPE element construction and parsing is quite broken, so
this does not get add the IGTKdata field there.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-19 20:18:09 +03:00
Jouni Malinen
696f792320 mesh: Support variable length TX MGTK
This is an initial step in supporting multiple cipher suites.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-19 20:18:09 +03:00
Jouni Malinen
b02f4d058c mesh: Add variable length MTK support
This is needed as a part in enabling support for different pairwise
ciphers in mesh.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-19 20:18:09 +03:00
Jouni Malinen
846201dff7 mesh: Coding style cleanup for MTK derivation
Clean up the mesh_rsn_derive_mtk() function by using proper macros and
pointer to the location within the context block.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-19 20:18:02 +03:00
Jouni Malinen
0f76d8249c mesh: Fix MTK derivation to use AKM suite selector
mesh_rsn_derive_mtk() was hardcoded to use GCMP (even though CCMP was
hardcoded elsewhere) cipher suite selector instead of the selected AKM
suite selector. This resulted in incorrect MTK getting derived. Fix this
by used the SAE AKM suite selector in the input to the KDF.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-18 15:53:26 +03:00
Jouni Malinen
f5ba6923d0 mesh: Coding style cleanup for AEK derivation
Clean up the mesh_rsn_derive_aek() function by using proper macros and
pointer to the location within the context block.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-18 15:53:22 +03:00
Jouni Malinen
a59c5e9235 mesh: Fix AEK derivation to use AKM suite selector
mesh_rsn_derive_aek() was hardcoded to use GCMP (even though CCMP was
hardcoded elsewhere) cipher suite selector instead of the selected AKM
suite selector. This resulted in incorrect AEK getting derived. Fix this
by used the SAE AKM suite selector in the input to the KDF.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-18 15:53:22 +03:00
Jouni Malinen
18aca1a07d mesh: Use ieee80211w profile parameter
This is initial step in fixing issues in how PMF configuration for RSN
mesh was handled. PMF is an optional capability for mesh and it needs to
be configured consistently in both hostapd structures (to get proper
RSNE) and key configuration (not included in this commit).

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-18 15:52:54 +03:00
Jouni Malinen
b8b499e4a4 mesh: Use WPA_NONCE_LEN macro
No need to use the magic value 32 here since there is a generic define
for the RSN-related nonce values.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-18 15:52:54 +03:00
vamsi krishna
00ec535060 WPS: Fix memory leak with wps_ie in wpa_bss_is_wps_candidate()
Fix possible memory leak in case if WPS is not enabled on the interface
for connection. This path was missed in commit
fae7b37260 ('WPS: Do not expire probable
BSSes for WPS connection').

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-17 12:39:14 +03:00
vamsi krishna
fae7b37260 WPS: Do not expire probable BSSes for WPS connection
When the BSS count reaches max_bss_count, the oldest BSS will be removed
in order to accommodate a new BSS. Exclude WPS enabled BSSes when going
through a WPS connection so that a possible WPS candidate will not be
lost.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-17 00:01:08 +03:00
David Woodhouse
f7cb6e9f24 Update PKCS#11 references in template wpa_supplicant.conf
Ditch the legacy syntax and manual engine mangling and just give an
example using simple PKCS#11 URIs that'll work with both GnuTLS and
OpenSSL.

Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
2016-06-11 12:21:47 +03:00
Jouni Malinen
c86bef2913 wpa_supplicant: Make GAS Address3 field selection behavior configurable
IEEE Std 802.11-2012, 10.19 (Public Action frame addressing) specifies
that the wildcard BSSID value is used in Public Action frames that are
transmitted to a STA that is not a member of the same BSS.
wpa_supplicant used to use the actual BSSID value for all such frames
regardless of whether the destination STA is a member of the BSS.

P2P does not follow this rule, so P2P Public Action frame construction
must not be changed. However, the cases using GAS/ANQP for non-P2P
purposes should follow the standard requirements.

Unfortunately, there are deployed AP implementations that do not reply
to a GAS request sent using the wildcard BSSID value. The previously
used behavior (Address3 = AP BSSID even when not associated) continues
to be the default, but the IEEE 802.11 standard compliant addressing
behavior can now be configured with gas_address3=1.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-06-10 21:44:49 +03:00
Jouni Malinen
ee854ff679 mesh: Remove extra newline from the end of an error message
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-04 22:00:30 +03:00
Jouni Malinen
331f07742f mesh: Allow 160 MHz channel to be configured
This allows minimal testing with 160 MHz channel with country code ZA
that happens to be the only one with a non-DFS 160 MHz frequency. DFS
with mesh is not yet supported.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-04 21:30:51 +03:00
Jouni Malinen
d2cc8bbbf6 mesh: Remove unreachable code
ssid->frequency cannot be 0 in wpa_supplicant_mesh_init() since
wpas_supplicant_join_mesh() rejects such a configuration.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-06-04 20:59:25 +03:00
Kanchanapally, Vidyullatha
cc9a2575ca nl80211: Use extended capabilities per interface type
This adds the necessary changes to support extraction and use of the
extended capabilities specified per interface type (a recent
cfg80211/nl80211 extension). If that information is available,
per-interface values will be used to override the global per-radio
value.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-31 21:35:54 +03:00
Jouni Malinen
9a5160f5fb Report connection timeouts in CTRL-EVENT-ASSOC-REJECT
Add a new "timeout" argument to the event message if the nl80211 message
indicates that the connection failure is not due to an explicit AP
rejection message. This makes it easier for external programs to figure
out why the connection failed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-31 00:11:42 +03:00
Jouni Malinen
b4c738ec86 mesh: Fix error path handling for RSN (MGTK init)
wpa_deinit() got called twice if the random_get_bytes() fails to
generate the MGTK. This resulted in double-freeing the rsn->auth
pointer. Fix this by allowing mesh_rsn_auth_init() handle freeing for
all error cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-30 20:15:16 +03:00
Jouni Malinen
f4b4ddfdd9 D-Bus: Remove unused wpas_dbus_signal_p2p_group_started() parameter
The ssid pointer was not used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-05-30 17:56:41 +03:00
Nishant Chaprana
4fe50bbc8e D-Bus: Indicate whether created group is persistent or not
This adds an extra parameter in GroupStarted signal to indicate whether
the created group is Persistent or not. It is similar to the
[PERSISTENT] tag which comes in P2P-GROUP-STARTED over the control
interface.

Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
2016-05-30 17:56:16 +03:00
Jouni Malinen
62fc8e6a40 mesh: Fix MESH_INTERFACE_ADD error path cleanup
If wpa_supplicant_add_iface() fails, we need to remove the added netdev,
not the existing wpa_s instance.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-05-30 01:49:22 +03:00
Jouni Malinen
7012e2589f Remove dead code from wpas_sched_scan_plans_set()
scan_plan->interval was checked against 0 twice; the latter case cannot
happen.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-05-28 22:54:00 +03:00
Jouni Malinen
8e909fa92e Improve reattach scan OOM failure handling
Instead of reporting the memory allocation failure and stopping, run the
scan even if the frequency list cannot be created due to allocation
failure. This allows the wpa_s->reattach flag to be cleared and the scan
to be completed even if it takes a bit longer time due to all channels
getting scanned.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-05-28 22:47:31 +03:00
Jouni Malinen
f37d8a4da4 Indicate scan failure event on parameter cloning failure
This is more consistent with the radio_add_work() error case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-05-28 22:36:52 +03:00
Jörg Krause
8960afa4bf wpa_cli: Run action file in case of an AP event
Run the action script in case of AP events "AP-ENABLED" and
"AP-DISABLED".

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
2016-05-23 21:22:36 +03:00
Jouni Malinen
6dc3206ef0 scan: Fix a memory leak on an error path
If preassoc_mac_addr is used and updating the MAC address fails in
wpas_trigger_scan_cb(), the cloned scan parameters were leaked. Fix that
and also send a CTRL-EVENT-SCAN-FAILED event in this and another error
case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-05-23 18:29:55 +03:00
Jouni Malinen
88802405f3 scan: Clean up code a bit - phase1 is used in all WPS cases
There is no need to have a separate if statement to skip the cases where
phase1 is not set. Just check it with the strstr comparison since this
case is not really used in practice.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-05-22 17:44:28 +03:00
Jouni Malinen
e1ae2876d5 scan: Clean up code a bit - ssid cannot be NULL here
wpa_s->current_ssid is set to a non-NULL ssid pointer value here, so
there is no need for the extra if statement.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-05-22 16:23:28 +03:00
Jouni Malinen
a1703947b1 Update ChangeLog files for v2.6
This adds a summary of changes since the v2.5 release.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-05-21 20:26:56 +03:00
Lior David
a26c9c2e71 Fix sending non-Public Action frames over P2P Device interface
The P2P Device interface can only send Public Action frames. Non-Public
Action frames must be sent over a group interface. The previous
implementation sometimes tried to send non-Public Action frames such as
GO Discoverability over the P2P Device interface, however, the source
address of the frame was set to the group interface address so the code
in offchannel.c knew to select the correct interface for the TX.

The check breaks when the P2P Device and group interfaces have the same
MAC address. In this case the frame will be sent over the P2P Device
interface and the send will fail.

Fix this problem in two places:
1. In offchannel, route non-Public Action frames to the GO
   interface when the above conditions are met.
2. When a TX_STATUS event arrives on such routed frame, it will
   arrive on the GO interface but it must be handled by the P2P Device
   interface since it has the relevant state logic.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-05-21 00:17:45 +03:00
Purushottam Kushwaha
31d7fb14af P2PS: Allow P2P_CONNECT command for P2PS connection with/without PIN
This allows using P2PS config method with or without PIN for connection.
wpa_supplicant should internally handle the default PIN "12345670" and
shall also allow connection irrespective of PIN used in P2P_CONNECT.

For example,
 1. P2P_CONNECT 02:2a:fb:22:22:33 p2ps
 2. P2P_CONNECT 02:2a:fb:22:22:33 xxxxxxxx p2ps
Where the second one is maintained for backwards compatibility.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-19 19:16:26 +03:00
Jouni Malinen
7d1007a674 Fix external radio work debug printing on removal
work->type was pointing to the allocated work->ctx buffer and the debug
print in radio_work_free() ended up using freed memory if a started
external radio work was removed as part of FLUSH command operations. Fix
this by updating work->type to point to a constant string in case the
dynamic version gets freed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-16 19:04:54 +03:00
Lior David
b6317b417f wpa_supplicant: Add wps_disabled parameter to network block
Add a new parameter wps_disabled to network block (wpa_ssid). This
parameter allows WPS functionality to be disabled in AP mode.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-05-14 19:43:30 +03:00
Jouni Malinen
23d71a0286 Set wpa_psk_set in wpa_supplicant AP mode is PSK is available
While this is unlikely to make any practical difference, it is better to
keep consistent with hostapd configuration parser.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-05-14 19:43:30 +03:00
Jouni Malinen
6641954321 Fix AP mode key_mgmt configuration in wpa_supplicant default case
If the network profile key_mgmt parameter was not set, wpa_supplicant
defaulted to enabling both WPA-PSK and WPA-EAP. This is not correct for
AP mode operations, so remove WPA-EAP in such a case to fix WPA-PSK
without explicit key_mgmt parameter.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-05-14 19:43:30 +03:00
Jouni Malinen
ad6cee3fa0 P2P: Do not enable P2P group processing for non-P2P AP mode
wpa_supplicant was starting P2P group processing for all AP mode
interfaces in CONFIG_P2P=y builds. This is unnecessary and such
operations should be enabled only for actual GO interfaces.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-05-14 19:43:30 +03:00
Ilan Peer
3b11ad34eb Send CTRL-EVENT-REGDOM-CHANGE event on the parent interface
The NL80211_CMD_WIPHY_REG_CHANGE can be handled by any of the
interfaces that are currently controlled by the wpa_supplicant.
However, some applications expect the REGDOM_CHANGE event to be
sent on the control interface of the initially added interface
(and do not expect the event on any of child interfaces).

To resolve this, when processing NL80211_CMD_WIPHY_REG_CHANGE,
find the highest parent in the chain, and use its control interface
to emit the CTRL-EVENT-REGDOM-CHANGE event.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2016-05-14 17:19:02 +03:00
Jouni Malinen
4de70e2330 Add MGMT_RX_PROCESS test command for wpa_supplicant
This makes it easier to write hwsim test cases to verify management
frame processing sequences with dropped or modified frames. When
ext_mgmt_frame_handling is used, this new command can be used to request
wpa_supplicant to process a received a management frame, e.g., based on
information reported in the MGMT-RX events.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-13 20:54:51 +03:00
Peter Oh
f42c3ceb94 mesh: Calculate MTK before sending it to MAC in case Open is dropped
IEEE Std 802.11-2012 13.5.6.3 State transitions require an action
sending SETKEYS primitive to MAC when OPN_ACPT event occurs in CNF_RCVD
state in case of AMPE is used, but since MTK calculation is missed in
this condition, all zero valued key are passed to MAC and cause unicast
packet decryption error. This could happen if the first transmission of
plink Open frame is dropped and Confirm frame is processed first
followed by retransmitted Open frame.

Fix this by calculating the MTK also in this sequence of unexpected
messages.

Signed-off-by: Peter Oh <poh@qca.qualcomm.com>
2016-05-13 20:54:51 +03:00
Peter Oh
baa1213649 mesh: Add missing action to cancel timer
IEEE Std 802.11-2012 Table 13-2, MPM finite state machine requires to
clear retryTimer when CNF_ACPT event occurs in OPN_SNT state which is
missing, so add it to comply with the standard.

This was found while debugging an MTK issue and this commit fixes a
potential issue that mesh sends invalid event (PLINK_OPEN) which will
lead another invalid timer register such as MeshConfirm Timer. This
behaviour might lead to undefined mesh state.

Signed-off-by: Peter Oh <poh@qca.qualcomm.com>
2016-05-13 19:57:15 +03:00
Saurav Babu
e8a1b6b8e9 D-Bus: Check driver capability for IBSS in Modes property of Capabilities
Instead of hardcoding "ad-hoc" in the array of supported capabilities,
add this only if the driver indicates support for IBSS.

Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
2016-05-13 18:53:04 +03:00
Johannes Berg
3dd0e9e4e4 wpa_supplicant: Fix CONFIG_AP build without CTRL_IFACE
wpas_ap_pmksa_cache_list() and wpas_ap_pmksa_cache_flush() should be
under the #ifdef since they're only called for the control iface and
use functionality that otherwise isn't available.

Signed-off-by: Johannes Berg <johannes@sipsolutions.net>
2016-05-13 18:31:01 +03:00
Sunil Dutt
03626e9157 Skip connection attempt for non-RSN networks if PMF is set to required
Since ieee80211w=2 is an explicit configuration to wpa_supplicant, the
connection attempt for such non-PMF (non-RSN) capable networks should be
skipped.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-05 21:09:08 +03:00
Jouni Malinen
22950049e4 Ignore pmf=1/2 parameter for non-RSN networks
PMF is available only with RSN and pmf=2 could have prevented open
network connections. Change the global wpa_supplicant pmf parameter to
be interpreted as applying only to RSN cases to allow it to be used with
open networks.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-05 21:09:08 +03:00
Jouni Malinen
2a3f56502b Reject SET commands with newline characters in the string values
Many of the global configuration parameters are written as strings
without filtering and if there is an embedded newline character in the
value, unexpected configuration file data might be written.

This fixes an issue where wpa_supplicant could have updated the
configuration file global parameter with arbitrary data from the control
interface or D-Bus interface. While those interfaces are supposed to be
accessible only for trusted users/applications, it may be possible that
an untrusted user has access to a management software component that
does not validate the value of a parameter before passing it to
wpa_supplicant.

This could allow such an untrusted user to inject almost arbitrary data
into the configuration file. Such configuration file could result in
wpa_supplicant trying to load a library (e.g., opensc_engine_path,
pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user
controlled location when starting again. This would allow code from that
library to be executed under the wpa_supplicant process privileges.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-02 11:08:25 +03:00
Jouni Malinen
b166cd84a7 Reject SET_CRED commands with newline characters in the string values
Most of the cred block parameters are written as strings without
filtering and if there is an embedded newline character in the value,
unexpected configuration file data might be written.

This fixes an issue where wpa_supplicant could have updated the
configuration file cred parameter with arbitrary data from the control
interface or D-Bus interface. While those interfaces are supposed to be
accessible only for trusted users/applications, it may be possible that
an untrusted user has access to a management software component that
does not validate the credential value before passing it to
wpa_supplicant.

This could allow such an untrusted user to inject almost arbitrary data
into the configuration file. Such configuration file could result in
wpa_supplicant trying to load a library (e.g., opensc_engine_path,
pkcs11_engine_path, pkcs11_module_path, load_dynamic_eap) from user
controlled location when starting again. This would allow code from that
library to be executed under the wpa_supplicant process privileges.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-02 11:08:25 +03:00
Paul Stewart
0fe5a23424 Remove newlines from wpa_supplicant config network output
Spurious newlines output while writing the config file can corrupt the
wpa_supplicant configuration. Avoid writing these for the network block
parameters. This is a generic filter that cover cases that may not have
been explicitly addressed with a more specific commit to avoid control
characters in the psk parameter.

Signed-off-by: Paul Stewart <pstew@google.com>
2016-05-02 11:08:25 +03:00
Jouni Malinen
73e4abb24a Reject psk parameter set with invalid passphrase character
WPA/WPA2-Personal passphrase is not allowed to include control
characters. Reject a passphrase configuration attempt if that passphrase
includes an invalid passphrase.

This fixes an issue where wpa_supplicant could have updated the
configuration file psk parameter with arbitrary data from the control
interface or D-Bus interface. While those interfaces are supposed to be
accessible only for trusted users/applications, it may be possible that
an untrusted user has access to a management software component that
does not validate the passphrase value before passing it to
wpa_supplicant.

This could allow such an untrusted user to inject up to 63 characters of
almost arbitrary data into the configuration file. Such configuration
file could result in wpa_supplicant trying to load a library (e.g.,
opensc_engine_path, pkcs11_engine_path, pkcs11_module_path,
load_dynamic_eap) from user controlled location when starting again.
This would allow code from that library to be executed under the
wpa_supplicant process privileges.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-05-02 11:08:25 +03:00
Dmitry Shmidt
df5bde83da Android: Remove EAP-FAST option
Current BoringSSL version is not suitable for EAP-FAST.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2016-04-28 20:43:43 +03:00
Andrei Otcheretianski
9b377be037 P2P: Copy config from p2pdev when not using dedicated group interface
When the P2P Device interface is used and an existing interface is used
for P2P GO/Client, the P2P Device configuration was not cloned to the
configuration of the existing interface. Thus, configuration parameters
such as idle_group_time, etc., were not propagated to the P2P GO/Client
interface.

Handle this by copying all configuration parameters of the P2P device
interface to the reused interface, with the following exceptions:

1. Copy the NFC key data only if it was not set in the configuration
   file.
2. The WPS string fields are set only if they were not previously set
   in the configuration of the destination interface (based on the
   assumption that these fields should be identical among all
   interfaces).

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2016-04-25 00:10:49 +03:00
Andrei Otcheretianski
3c88d26941 P2P: Fix wpas_p2p_nfc_auth_join()
Use the p2pdev pointer instead of the parent pointer to comply with the
flows when a dedicated P2P Device interface is used and
p2p_no_group_iface == 1 (in which case the parent of the reused
interface isn't necessary the same as p2pdev).

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2016-04-25 00:10:10 +03:00
Kanchanapally, Vidyullatha
2f195639ec WNM: Fetch scan results before checking transition candidates
On receiving a WNM BSS Transition Management Request frame with a
candidate list, fetch the latest scan results from the kernel to see if
there are any recent scan results for the candidates and initiate a
connection if found. This helps to avoid triggering a new scan in cases
where a scan initiated by something else (e.g., an internal beacon
measurement report functionality in a driver) has processed Beacon or
Probe Response frames without wpa_supplicant having received a
notification of such an update yet.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-04-23 17:12:16 +03:00
Marcin Niestroj
9e5a5de55a systemd: Update service files according to D-Bus interface version
systemd service files were supplied with old D-Bus bus name. After
service activation systemd was waiting for appearance of specified bus
name to consider it started successfully. However, if wpa_supplicant was
compiled only with the new D-Bus interface name, systemd didn't notice
configured (old) D-Bus bus name appearance. In the end, service was
considered malfunctioning and it was deactivated.

Update systemd service BusName property according to supported D-Bus
interface version.

Signed-off-by: Marcin Niestroj <m.niestroj@grinn-global.com>
2016-04-19 00:55:17 +03:00
Purushottam Kushwaha
57b38882e5 P2P: Add P2P_GROUP_MEMBER command to fetch client interface address
This allows local GO to fetch the P2P Interface Address of a P2P Client
in the group based on the P2P Device Address for the client. This
command should be sent only on a group interface (the same peer may be
in multiple concurrent groups).

Usage:
P2P_GROUP_MEMBER <P2P Device Address>

Output:
<P2P Interface Address>

Signed-off-by: Purushottam Kushwaha <pkushwah@qti.qualcomm.com>
2016-04-19 00:41:16 +03:00
Lior David
0ee8925098 P2P: Trigger event when invitation is accepted
Trigger an event when wpa_supplicant accepts an invitation to re-invoke
a persistent group. Previously wpa_supplicant entered group formation
without triggering any specific events and it could confuse clients,
especially when operating with a driver that does not support
concurrency between P2P and infrastructure connection.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-04-18 16:57:05 +03:00
Ilan Peer
cf667c66ac RRM: Modify the processing of a received neighbor report
Parse a received neighbor report and report for each neighbor report the
data received for it:

RRM-NEIGHBOR-REP-RECEIVED bssid=<BSSID> info=0x<hex> op_class=<class> chan=<chan> [lci=hex] [civic=hex]

Note that this modifies the previous format that originally reported
only the length of the received frame.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2016-04-17 17:45:14 +03:00
Beni Lev
00ed0aa2dd SME: Add support for global RRM flag
Add RRM to SME authentication/association if the global RRM flag is set.

Signed-off-by: Beni Lev <beni.lev@intel.com>
2016-04-17 12:43:57 +03:00
David Spinadel
4a742011ab wpa_supplicant: Handle LCI request
Handle radio measurement request that contains LCI request. Send
measurement report based on a configurable LCI report element. The LCI
report element is configured over the control interface with

SET lci <hexdump of the element>

and cleared with

SET lci ""

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-17 12:29:12 +03:00
David Spinadel
2572df34b2 hostapd: Handle Neighbor Report Request frame
Process Neighbor Report Request frame and send Neighbor Report Response
frame based on the configured neighbor report data.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-17 12:29:07 +03:00
David Spinadel
9b4b226426 hostapd: Add a database of neighboring APs
Add a configurable neighbor database that includes the content of
Nighbor Report element, LCI and Location Civic subelements and SSID.

All parameters for a neighbor must be updated at once; Neighbor Report
element and SSID are mandatory, LCI and civic are optional. The age of
LCI is set to the time of neighbor update.

The control interface API is:
SET_NEIGHBOR <BSSID> <ssid=SSID> <nr=data> [lci=<data>] [civic=<data>]

To delete a neighbor use:
REMOVE_NEIGHBOR <BSSID> <SSID>

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-16 21:05:40 +03:00
Jouni Malinen
6a4f0ed788 Fix spelling of "neighbor" in a function name
The missing letter 'h' made it more difficult to find this function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-04-16 21:05:39 +03:00
David Spinadel
d41a5352fe wpa_supplicant: Add LCI and civic request to Neighbor Report Request
Add an option to request LCI and Location Civic Measurement in Neighbor
Report Request frame, as described in IEEE P802.11-REVmc/D5.0, 9.6.7.6.

Note: This changes the encoding format of the NEIGHBOR_REP_REQUEST
ssid=<val> parameter. This used to be parsed as raw SSID data which is
problematic for accepting additional parameters. The new encoding allows
either a string within double-quotation marks or a hexdump of the raw
SSID.

Thew new format:
NEIGHBOR_REP_REQUEST [ssid=<SSID>] [lci] [civic]

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-16 21:05:39 +03:00
David Spinadel
624b8a061f utils: Add ssid_parse() function
Add a function that parses SSID in text or hex format. In case of the
text format, the SSID is enclosed in double quotes. In case of the hex
format, the SSID must include only hex digits and not be enclosed in
double quotes. The input string may include other arguments after the
SSID.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-16 21:05:37 +03:00
David Spinadel
9d955f751e utils: Rename hostapd_parse_bin to wpabuf_parse_bin and move it
Make the function available as part of the wpabuf API.
Use this renamed function where possible.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-04-09 11:23:36 +03:00
Jouni Malinen
61c101186a Extend VENDOR_ELEM parameters to cover non-P2P Probe Request frame
The new VENDOR_ELEM value 14 can now be used to add a vendor element
into Probe Request frames used by non-P2P active scans.

For example:
VENDOR_ELEM_ADD 14 dd05001122330a
and to clear that:
VENDOR_ELEM_REMOVE 14 *

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-04-09 00:30:49 +03:00
Matti Gottlieb
ece4ac5f4e HS 2.0: Add support for configuring frame filters
When a station starts an association to a Hotspot 2.0 network, request
the driver to do the following, based on the BSS capabilities:

1. Enable gratuitous ARP filtering
2. Enable unsolicited Neighbor Advertisement filtering
3. Enable unicast IP packet encrypted with GTK filtering if
   DGAF disabled bit is zero

Clear the filter configuration when the station interface is
disassociated.

Signed-off-by: Matti Gottlieb <matti.gottlieb@intel.com>
2016-04-08 15:21:18 +03:00
Matti Gottlieb
e42adb9a75 driver: Add a packet filtering function declaration
Add a new function declaration that will allow wpa_supplicant to request
the driver to configure data frame filters for specific cases.

Add definitions that will allow frame filtering for stations as
required by Hotspot 2.0:

1. Gratuitous ARP
2. Unsolicited NA
3. Unicast IP packets encrypted with GTK

Signed-off-by: Matti Gottlieb <matti.gottlieb@intel.com>
2016-04-08 13:13:55 +03:00
Lior David
90f14962ec wpa_supplicant: "don't care" value for pbss in ssid structure
Add a new value 2 to the pbss parameter of wpa_ssid structure, which
means "don't care". This value is used in infrastructure mode to request
connection to either AP or PCP, whichever is available in the scan
results. The value is also used in regular WPS (not P2P group formation)
to make WPS work with devices running as either AP or PCP.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-04-08 12:56:34 +03:00
Jouni Malinen
0f34665774 Mark wpa_supplicant_{start,stop}_sched_scan() static
With the only callers in wpas_{start,stop}_pno() moved into scan.c,
there is no need to call these helper functions from outside scan.c
anymore.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-04-07 11:45:01 +03:00
Hu Wang
3560b32ca3 Fix race condition with PNO stop followed immediately by PNO start
Commit dd271857a5 ('Skip normal scan when
PNO is already in progress') fixed issues with normal scans getting
rejected by the driver when PNO scan is already running. The part about
skipping such a scan request is fine, but the part about clearing
wpa_s->pno back to 0 in EVENT_SCHED_SCAN_STOPPED handler is problematic.

If PNO is stopped ("SET pno 0") and then restarted ("SET pno 1")
immediately, it is possible for the EVENT_SCHED_SCAN_STOPPED event from
the stopping part to be received only after the new PNO instance has
been started. This would have resulted in clearing wpa_s->pno and the
driver and wpa_supplicant getting out of sync. This would then prevent
PNO from being stopped with "SET pno 0" (that fails if wpa_s->pno == 0).

Fix this race condition by reverting the wpa_s->pno = 0 addition from
the EVENT_SCHED_SCAN_STOPPED handler.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-04-06 11:14:34 +03:00
Dmitry Shmidt
f89c32e63f Android: Fix max number of sched scan SSIDs based on driver capability
This adds use of the driver capability (instead of hardcoded
WPAS_MAX_SCAN_SSIDS) in wpas_start_pno() similarly to what was already
done in wpa_supplicant_req_sched_scan().

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2016-04-02 17:35:28 +03:00
Roshan Pius
f1a5a34d8e binder: Implement interface add/remove methods
This commit implements the methods defined in Supplicant service:
1. CreateInterface
2. RemoveInterface
3. GetInterface

The binder service returns the corresponding iface binder object
references which can be used by clients to control a specific
interface.

Signed-off-by: Roshan Pius <rpius@google.com>
2016-04-02 17:35:28 +03:00
Roshan Pius
7b4bbb9f94 binder: Add binder skeletal code for Android
Create the skeletal binder interface for wpa_supplicant. The interface
hierarchy is based off the existing dbus
interface(https://w1.fi/wpa_supplicant/devel/dbus.html).

Since we use libbinder, the binder interface codebase needs to be
written in C++ and can only be compiled on Android platform for now.

The aidl files define binder RPC interfaces. The Android build system
generates the corresponding C++ interface classes which needs to be
implemented by the server process.

The clients can obtain a reference to the binder service (root object)
using:
android::String16 service_name("fi.w1.wpa_supplicant");
android::sp<android::IBinder> binder =
  android::defaultServiceManager()->getService(service_name);

Once a reference to the root object is retrieved, the clients can
obtain references to other RPC objects using that root object methods.

Signed-off-by: Roshan Pius <rpius@google.com>
2016-04-02 17:35:26 +03:00
Jouni Malinen
c01120a05f wpa_supplicant: Do not use struct ieee80211_mgmt::u.probe_req
This struct in the union is empty, but the design of using a zero-length
u8 array here is not fully compatible with C++ and can result in
undesired compiler warnings. Since there are no non-IE fields in the
Probe Request frames, get the location of the variable length IEs simply
by using the pointer to the frame header and the known header length.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-04-02 16:55:02 +03:00
Bala Krishna Bhamidipati
5cd317d381 Do not clear PMKSA entry or EAP session cache if config does not change
This avoids unnecessary flushing of the PMKSA cache entry and EAP
session data when processing SET_NETWORK commands that set a network
profile parameter to the same value that the parameter already has.

Introduce a new wpa_config_set() and wpa_config_set_quoted() return
value (==1) signifying that the new value being set for the
corresponding field equals to the already configured one so that the
caller can determine that nothing changed in the profile.

For now, this does not cover all the network profile parameters, but
number of the most commonly used parameters are included to cover the
Android use cases where the framework may have issued SET_NETWORK
commands that would have unnecessarily prevented use of PMKSA caching or
EAP fast reauthentication.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-31 17:18:51 +03:00
Jouni Malinen
a6fbff2049 Fix CONFIG_CTRL_IFACE=udp6/udp6-remote builds
wpa_supplicant_global_ctrl_iface_receive() did not handle the from
address properly for the IPv6 case. This was broken by commit
d60886cdaf ('wpa_supplicant: Add monitor
support for global UDP ctrl_iface').

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-28 00:16:52 +03:00
Jouni Malinen
31afdd2274 Use TIOCOUTQ instead of SIOCOUTQ to avoid need for linux/sockios.h
All that the kernel header was doing here is defining SIOCOUTQ to be
TIOCOUTQ. Instead of pulling in the header, we might as well use
TIOCOUTQ directly.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-26 11:40:35 +02:00
Lior David
f347429cf1 P2P: Fix persistent group for 60 GHz networks
Fix two problems with storage of 60 GHz P2P persistent groups:
1. pbss flag was not stored in the network block.
2. When recreating the persistent group from storage,
in addition to the missing pbss flag, the pairwise_cipher and
group_cipher were initialized to CCMP which does not work
in 60 GHz since the default in 60 GHz should be GCMP.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-03-25 18:40:56 +02:00
Jouni Malinen
954e10e483 Make it a bit easier to roam from 2.4 GHz to 5 GHz within ESS
The initial connection to an ESS was already explicitly increasing the
likelihood of picking a 5 GHz BSS. While the throughput estimation is
likely to do same for the roaming decision, it might be possible that
that does not cover all cases. Add couple of dB extra preference for 5
GHz in case the roaming decision falls back to comparing signal levels.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-25 12:12:48 +02:00
Jouni Malinen
585141bb30 Fix a typo in a comment
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-25 12:12:48 +02:00
Jouni Malinen
6a5ee810a3 Include previous BSSID in connection request to indicate reassociation
This allows the SME-in-the-driver case to get similar information about
reassociation that was already available for the SME-in-wpa_supplicant
case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-24 22:35:10 +02:00
Jouni Malinen
cbc3d6fe65 WNM: Verify BSS TM target match against the current network profile
Reject a BSS transition management candidate if it does not match the
current network profile, e.g., due to incompatible security parameters.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-24 12:11:55 +02:00
Roy Marples
2e997eece5 Add interface matching support with -M, guarded by CONFIG_MATCH_IFACE
The new wpa_supplicant command line argument -M can be used to describe
matching rules with a wildcard interface name (e.g., "wlan*").

This is very useful for systems without udev (Linux) or devd (FreeBSD).

Signed-off-by: Roy Marples <roy@marples.name>
2016-03-22 17:41:37 +02:00
Roy Marples
45e3fc72c6 Find correct driver for interface additions/removals
Interface additions/removals are not guaranteed to be for the driver
listening to the kernel events. As such, send the events to
wpa_supplicant_event_global() which can then pick the correct interface
registered with wpa_supplicant to send the event to.

Signed-off-by: Roy Marples <roy@marples.name>
2016-03-22 17:41:37 +02:00
Jouni Malinen
90377029c6 wpa_supplicant: Fix CONFIG_IBSS_RSN=y build without CONFIG_AP=y
Commit 1889af2e0f ('VLAN: Separate station
grouping and uplink configuration') added an ap_sta_set_vlan() function
that gets called from pmksa_cache_auth.c. This broke CONFIG_IBSS_RSN=y
build if src/ap/sta_info.c did not get included in the build, i.e., if
CONFIG_AP=y was not set.

Fix this by making the ap_sta_set_vlan() call conditional on
CONFIG_NO_VLAN being undefined and define this for CONFIG_IBSS_RSN=y
builds. This is fine for wpa_supplicant since CONFIG_AP=y case was
already defining this. For hostapd, this function call is not needed for
CONFIG_NO_VLAN case either.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-21 21:12:20 +02:00
Janusz Dziedzic
5ae65de0b7 wpa_supplicant: Fix p2p_group_add when UDP-based ctrl_iface is used
While p2p_group_add ctrl_interface name could be derived from the main
interface (simple p2p_group_add command), we failed to bind the same UDP
port. Fix this problem and also update the correct ctrl_interface name
(port decrement).

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-20 21:41:40 +02:00
Jouni Malinen
e567c582a7 Fix nfc_pw_token build with CONFIG_FST=y
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-20 20:18:55 +02:00
Masashi Honma
d774c46aae mesh: Use appropriate BLOCKED state duration
Previously, BLOCKED state duration slightly increased up to 3600. Though
the BLOCKED state could be canceled by ap_handle_timer(). Because the
timer timeouts in ap_max_inactivity(default=300sec) and remove STA
objects (the object retains BLOCKED state).

This patch re-designs my commit bf51f4f82b
('mesh: Fix remaining BLOCKED state after SAE auth failure') to replace
mesh_auth_block_duration by ap_max_inactivity and remove incremental
duration.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-03-20 18:24:29 +02:00
Masashi Honma
9f2cf23e2e mesh: Add support for PMKSA caching
This patch add functionality of mesh SAE PMKSA caching. If the local STA
already has peer's PMKSA entry in the cache, skip SAE authentication and
start AMPE with the cached value.

If the peer does not support PMKSA caching or does not have the local
STA's PMKSA entry in the cache, AMPE will fail and the PMKSA cache entry
of the peer will be removed. Then STA retries with ordinary SAE
authentication.

If the peer does not support PMKSA caching and the local STA uses
no_auto_peer=1, the local STA can not retry SAE authentication because
NEW_PEER_CANDIDATE event cannot start SAE authentication when
no_auto_peer=1. So this patch extends MESH_PEER_ADD command to use
duration(sec). Throughout the duration, the local STA can start SAE
authentication triggered by NEW_PEER_CANDIDATE even though
no_auto_peer=1.

This commit requires commit 70c93963ed
('SAE: Fix PMKID calculation for PMKSA cache'). Without that commit,
chosen PMK comparison will fail.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-03-20 17:56:38 +02:00
Masashi Honma
4c522c7798 PMKSA: Flush AP/mesh PMKSA cache by PMKSA_FLUSH command
This extends the wpa_supplicant PMKSA_FLUSH control interface command to
allow the PMKSA list from the authenticator side to be flushed for AP
and mesh mode. In addition, this adds a hostapd PMKSA_FLUSH control
interface command to flush the PMKSA entries.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-03-20 17:37:53 +02:00
Masashi Honma
b8daac18a4 PMKSA: Show AP/mesh PMKSA list in PMKSA command
This extends the wpa_supplicant PMKSA control interface command to allow
the PMKSA list from the authenticator side to be listed for AP and mesh
mode. In addition, this adds a hostapd PMKSA control interface command
to show the same list for the AP case.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-03-20 17:37:53 +02:00
Masashi Honma
2604edbfbd mesh: Add MESH_PEER_ADD command
This allows a mesh peer connection to be initiated manually in
no_auto_peer mesh networks.

Signed-off-by: Natsuki Itaya <Natsuki.Itaya@jp.sony.com>
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-03-20 17:37:53 +02:00
Masashi Honma
e174ef341b mesh: Add MESH_PEER_REMOVE command
This command allows the specified mesh peer to be disconnected.

Signed-off-by: Natsuki Itaya <Natsuki.Itaya@jp.sony.com>
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-03-20 17:37:53 +02:00
Jouni Malinen
f7648c8679 P2P: Advertise IP Address Allocation only if it is enabled on GO
This group capability bit was previously added unconditionally which
could result in the P2P Client assuming the functionality is available
even though the GO would always reject the request (not reply to it with
an assigned IP address) during the 4-way handshake.

Fix this by advertising the capability only if the GO configuration
allow IP address assignment to be completed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-03-20 17:37:53 +02:00
Daisuke Niwa
192964ddc3 Handle OSEN IE in Assoc Request info if req_ies exists
The 4-way handshake fails with the error "WPA: No wpa_ie set - cannot
generate msg 2/4" while connecting to OSEN network with drivers that
indicate used Association Request frame elements because OSEN IE is not
handled in wpa_supplicant_event_associnfo() if data->assoc_info.req_ies
is not NULL.

Signed-off-by: Daichi Ueura <daichi.ueura@sonymobile.com>
2016-03-20 11:17:39 +02:00
Jouni Malinen
c3dc68e844 Do not invalidate EAP session cache on all network block parameter changes
The bssid and priority parameters in a network block do not have any
effect on the validity of an EAP session entry, so avoid flushing the
cached session when only these parameters are changed. This is mainly to
allow forced roaming or network selection changes without causing fast
reauthentication to be disabled if the changes are done during RSN
association that used EAP.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-16 19:44:32 +02:00
Jouni Malinen
c6c29be1bd Interworking: Add credential realm to EAP-TLS identity
If the configured credential includes a username without '@' (i.e., no
realm) in it and a realm, combine these to form the EAP-Request/Identity
value as "<username>@<realm>" for EAP-TLS. This was already done for
EAP-TTLS as part of the anonymous NAI conversion, but EAP-TLS could have
ended up using a username without any realm information which would be
unlikely to work properly with roaming cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-11 21:06:15 +02:00
Lior David
dfe0745c9a P2P: Add optional op_class argument to P2P_SET listen_channel
The existing implementation in p2p_ctrl_set used a hard-coded operating
class 81 which is only suitable for the social channels in the 2.4 GHz
band, and will not work for the social channel in the 60 GHz band.
Extend this by adding an optional op_class argument to P2P_SET
listen_channel. If not specified, use the default value of 81 to match
existing behavior.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-03-07 13:51:01 +02:00
Naveen Singh
c7fb678f31 D-Bus: Add association response status code property for failure cases
(Re)Association Response frame with status code other than 0 is now
notified over DBUS as a part of PropertiesChanged signal. This can be
used by application in case AP is denying association with status code
17 (band steering) so that it does not interfere in the BSSID selection
logic of wpa_supplicant.

Signed-off-by: Naveen Singh <nasingh@google.com>
2016-03-06 20:44:51 +02:00
Janusz Dziedzic
56e2fc2c31 wpa_supplicant: Add ctrl parameter to INTERFACES command
"INTERFACES ctrl" can now be used to fetch a list of network interfaces
and their control interfaces, e.g., to fetch the UDP port information
for the control interface.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:44:49 +02:00
Janusz Dziedzic
acf57fae76 ctrl_iface_common: Use sockaddr_storage instead of sockaddr_un
This is a step towards allowing UDP sockets to be used with the common
implementation.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:15:05 +02:00
Janusz Dziedzic
1a2124c650 wpa_supplicant: Use common functions for ctrl_iface
Use the common functions, structures when UNIX socket ctrl_iface used.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 17:15:05 +02:00
Janusz Dziedzic
d60886cdaf wpa_supplicant: Add monitor support for global UDP ctrl_iface
Add monitor support (ATTACH/DETACH) for the global ctrl_iface when using
the UDP backend.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 10:46:13 +02:00
Janusz Dziedzic
f0e5d3b5c6 wpa_supplicant: Share attach/detach/send UDP ctrl_iface functions
Extend the previously per-interface UDP ctrl_iface functions
(attach/detach/send) to support operations on the global interface as
well.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 10:21:18 +02:00
Janusz Dziedzic
db7fb435f3 wpa_supplicant: Allow UDP ctrl_iface configuration to set the UDP port
This allows the UDP port to be set for the per-interface and global
control interfaces. The format is: udp:<port_no>

For example:
wpa_supplicant -Dnl80211 -ddt -g udp:9888

And in the configuration file:
ctrl_interface=udp:9877

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2016-03-05 10:15:57 +02:00
Eliad Peller
c69ef1d2da P2P: Respect p2p_ignore_shared_freq on p2p_group_add
Make sure wpas_p2p_init_go_params() respects the p2p_ignore_shared_freq
configuration option. Choose currently used frequencies only if this
option is not set, or if there are no unused channels left.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2016-03-04 21:17:32 +02:00
Eliad Peller
4115b0524b P2P: Fix shared freq print in wpas_p2p_init_go_params()
"freq" contains the forced frequency, not the selected one. Print the
correct freq instead.

Signed-off-by: Eliad Peller <eliad@wizery.com>
2016-03-04 21:16:00 +02:00
Ben Rosenfeld
a805731086 P2P: Abort ongoing scan when p2p_find is stopped
When p2p_find is stopped, send request to the driver
in order to cancel an ongoing scan if there is one.

Signed-off-by: Ben Rosenfeld <ben.rosenfeld@intel.com>
2016-03-03 17:10:26 +02:00
Ilan Peer
1446afc865 wpa_supplicant: Handle EVENT_SCAN_RESULTS when an interface is disabled
An interface can be disabled while it has an ongoing scan request.
In such a case, when the scan results notification is received,
it was being ignored (as the interface is already disabled) so the
scan state was not cleared. This can cause undetermined behavior
for the next scan request.

To handle this, clear the scan state when EVENT_SCAN_RESULTS is
received and the interface is disabled.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2016-03-03 17:10:26 +02:00
Avraham Stern
d14e63a2aa WNM: Do not scan based on malformed BSS Transition Management Request
Verify that when the Candidate List Included bit is set in a BSS
Transition Management Request frame, the candidate list actually
includes at least one candidate. If no candidates are included, reject
the request without scanning.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-03-03 17:10:25 +02:00
Avraham Stern
f420577f3c WNM: Fix candidates count in BSS Transition Management Request
In BSS Transition Management Request frame, it is possible that vendor
specific IEs are included after the candidate list. In this case the
candidates count was incremented for each IE although the candidate list
is already over which could result in adding all zeros candidates into
the neighbor list.

Fix that by incrementing the candidates count only for neighbor report
elements.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-03-03 17:09:26 +02:00
Ilan Peer
3c58df7ae7 wpa_cli: Support running action script on global control interface
In case wpa_cli is started with an option to execute an action script,
but no interface is specified, wpa_cli might crash in wpa_cli_exec() if
arg1 == NULL. Fix this be setting arg1 = "global".

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2016-03-03 16:30:28 +02:00
Adam Langley
8f38eed628 Android: Remove superfluous OpenSSL include paths
The libcrypto and libssl modules (and their respective static and host
versions) use LOCAL_EXPORT_C_INCLUDE_DIRS thus just including the module
is sufficient.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2016-03-03 16:27:10 +02:00
Daichi Ueura
cbf8d181c3 HS 2.0R2: Clear fetch_anqp_in_progress if fopen fails
Clear wpa_s->fetch_anqp_in_progress when osu-providers.txt can't be
opened. An issue happens, for instance, when wpa_supplicant doesn't
have correct access permission to the directory specified by osu_dir.
If hs20_osu_fetch_done method returns without clearing the flag,
'FETCH_OSU' command will never work correctly.

Signed-off-by: Daichi Ueura <daichi.ueura@sonymobile.com>
2016-03-03 16:25:49 +02:00
Jouni Malinen
2bf9a53a8b Add EAP-AKA' and EAP-pwd to wpa_supplicant README
The EAP methods were missing from the lists.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-03 16:19:55 +02:00
Jouni Malinen
4196c08e8b Update notes about OpenSSL versions
Obsolete OpenSSL versions 0.9.* are not supported anymore.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-03 16:17:34 +02:00
Jouni Malinen
5d7b1a3c82 Fix some typos in wpa_supplicant README files
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-03 16:15:46 +02:00
Nishant Chaprana
4194fee565 README-P2P: Fix a typo
Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
2016-03-03 16:00:34 +02:00
Lior David
c58eed6dc7 P2P: Add Dev Info attribute to Probe Request frames in 60 GHz
When building P2P IE for Probe Request frames in P2P scan, add the
device information attribute if the 60 GHz band is included in the scan,
since this is required by the P2P specification.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-03-03 15:13:56 +02:00
Lior David
2b6e9f91df wpa_supplicant: Expose wpas_get_bands() and related API
Expose the functions wpas_get_bands() and wpas_freq_to_band() and the
enum wpa_radio_work_band, since they will be needed outside
wpa_supplicant.c.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-03-03 15:10:50 +02:00
Lior David
94ad3c3389 P2P: Change order of P2P IE and frequencies set up
When setting up parameters for P2P scan, calculate the frequencies
for the scan before calculating the scan IE. This is because
the scan IE calculation may need information about the scan
frequencies in use.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-03-03 15:03:46 +02:00
Jouni Malinen
bef5e9a862 Fix scan rescheduling from wpas_stop_pno to check postponed case
Commit 02e122a995 ('Reschedule scan from
wpas_stop_pno if it was postponed') uses wpa_s->scanning as the only
condition for automatically starting a postponed scan request from
EVENT_SCHED_SCAN_STOPPED event handler. However, wpa_s->scanning may be
set for sched_scan and as such, this can result in unexpected extra
scans without there having been any real postponed request.

Make this more accurate by verifying that there really is a pending
request for a scan before speeding up its start.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-03-03 11:04:38 +02:00
Lior David
96a26ab744 P2P: Support dedicated P2P_DEVICE without separate group interface
Add support for drivers with dedicated P2P_DEVICE interface, but without
group interface concurrency (only a single netdev is used). With such
devices, wpa_supplicant tried to use the p2p_dev interface instead of
the group interface and most P2P operations failed. Extend
wpa_supplicant to use the primary interface instead of a separate group
interface in such cases.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-02-27 19:37:19 +02:00
Lior David
ba307f8528 P2P: Add a separate pointer to the P2P Device instance
In many places in the code there was a reference to wpa_s->parent to get
from group interface to p2p_dev interface. These places can break if
P2P_DEVICE interface would need to be used with the primary interface as
the group interface, since the parent of the primary interface points to
itself and not the p2p_dev interface.

Fix this by adding a separate "p2pdev" pointer to wpa_supplicant,
it will be the same as parent pointer in most cases but whenever
the primary interface is used as a group interface, change it to
point to the correct p2p_dev interface.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-02-27 19:37:19 +02:00
Jouni Malinen
e04019737e GAS client: Make PMF check on RX more consistent
Use the SA field instead of BSSID in the received Action frame to
determine whether PMF has been negotiated with the transmitter. While
these fields are supposed to be same for Public Action frames from an
AP, it would be possible that a frame is received with different values.
The following operations in gas_query_rx() use SA, so do the same for
the PMF check.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-27 19:37:19 +02:00
Jouni Malinen
0645492e7c WNM: Optimize a single BSS transition management candidate scan
If the BSS Transition Management Request frame includes only a single
candidate and we need to scan for the BSS to get up-to-date information,
use a scan for the known BSSID instead of wildcard BSSID. In addition,
set the SSID in the scan if it is known based on old scan results in the
BSS table. This removes unnecessary Probe Response frames when we are
interested in results from only a single BSS.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-26 17:19:20 +02:00
Jouni Malinen
eb20cea590 nl80211: Add an option to specify the BSSID to scan for
This allows scans to be optimized when a response is needed only from a
single, known BSS.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-26 17:19:20 +02:00
Jouni Malinen
940491ce08 MBO: Mandate use of PMF for WPA2+MBO association (STA)
If WPA2 is used, MBO AP must enable PMF. Refuse to select a BSS that has
MBO and WPA2 enabled without PMF.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-22 19:53:05 +02:00
Jouni Malinen
6332aaf3b2 MBO: Track STA cellular data capability from association request
This makes hostapd parse the MBO attribute in (Re)Association Request
frame and track the cellular data capability (mbo_cell_capa=<val> in STA
control interface command).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-22 19:53:05 +02:00
Jouni Malinen
d010048cf7 MBO: Expire non-matching bss_tmp_disallowed entries as part of check
This makes wpa_is_bss_tmp_disallowed() expire old entries from the
bss_tmp_disallowed list even if they do not match the BSSID that is
being searched for. This allows the list to be kept at shorter length to
speed up operations and minimize memory use in cases where the
previously disabled BSS is not in radio range anymore.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-02-22 19:53:04 +02:00
Avraham Stern
016082e9e6 MBO: Send WNM-Notification when cellular capabilities change
Send a WNM-Notification to the associated AP to indicate changes in
cellular data capabilities.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-02-22 19:53:04 +02:00
Avraham Stern
c484b19882 Move Hotspot 2.0 element in (Re)Association Request frames
According to IEEE Std 802.11-2012, Table 8-22, vendor specific elements
must follow all other elements, so Hotspot 2.0 element which is actually
a vendor specific element must come after all other elements.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-02-22 19:53:04 +02:00
Avraham Stern
a0c38e5dd7 Re-order elements in (Re)Association Request frames
According to IEEE Std 802.11-2012, Table 8-22, RM Enabled Capabilities
element must come before the Extended Capabilities element.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-02-22 19:53:04 +02:00
Avraham Stern
9a493fab73 WNM: Add candidate list to BSS transition query
Add an option to configure a candidate list to BSS transition query
("list" as the second argument to WNM_BSS_QUERY). The candidate list is
built from the available scan results. If no updated scan results (< 10
sec) are available, the command fails.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-02-22 19:53:04 +02:00
Avraham Stern
84d1c0fd5a WNM: Add candidate list to BSS transition response
Add the transition candidate list to BSS Transition Management Response
frame. The candidates preference is set using the regular wpa_supplicant
BSS selection logic. If the BSS transition request is rejected and
updated scan results are not available, the list is not added.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-02-22 19:53:04 +02:00
Avraham Stern
c8082d2b6a MBO: Add MBO IE to BSS Transition Management Response frame
When rejecting a BSS Transition Management Request frame, add MBO IE to
the BSS Transition Management Response frame to specify the transition
rejection reason.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-02-22 19:53:04 +02:00
Avraham Stern
dd5999084e MBO: Parse MBO IE in BSS Transition Management Request frames
Add parsing of MBO IE in BSS Transition Management Request frames. If
the MBO IE includes the association retry delay attribute, do not try to
reconnect to the current BSS until the delay time is over.

If the MBO IE includes the cellular data connection preference attribute
or the transition rejection reason attribute, send a message to upper
layers with the data.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-02-22 19:53:04 +02:00
Avraham Stern
5e57ba2505 MBO: Add Supported Operating Classes element to Association Request
Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-02-22 19:53:04 +02:00
Avraham Stern
7d46f586de MBO: Add global operating class definitions
Add definitions for global operating classes. These definitions will be
used to construct supported operating classes information element.

The operating classes definitions used locally for P2P module will be
removed and included in the general operating classes definitions.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-02-22 19:53:04 +02:00
David Spinadel
cb06cf3456 MBO: Prevent association to APs that explicitly disallow this
Prevent association to MBO APs that have association disallowed
attribute in MBO IE in Beacon or Probe Response frames.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-02-22 19:53:04 +02:00
David Spinadel
c5d193d7b3 MBO: Add cellular capability to MBO IE
Add cellular capability attribute to MBO IE and add MBO IE with cellular
capabilities to Probe Request frames. By default, cellular capability
value is set to Not Cellular capable (3).

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-02-22 19:53:04 +02:00
David Spinadel
2d5b8614b7 MBO: Send MBO WNM-Notification Request frames to notify changes
Send a WNM-Notification Request frame with Non-preferred Channel Report
subelement if the non-preferred channels list changes during an
association.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-02-22 19:53:04 +02:00
David Spinadel
92c6e2e3a9 MBO: Implement MBO non-preferred channel report in Association Request
Add MBO IE with non-preferred channels to (Re)Association Request
frames.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-02-22 19:53:04 +02:00
David Spinadel
facf2c728a MBO: Add non-preferred channel configuration in wpa_supplicant
Add non-preferred channel configuration to wpa_config for MBO.

Signed-off-by: David Spinadel <david.spinadel@intel.com>
2016-02-21 17:55:16 +02:00
Avraham Stern
231b04b6cb utils: Share a single helper function to get IE by ID
Add a helper function to find a certain IE inside IEs buffer by ID and
use this function in several places that implemented similar
functionality locally.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-02-21 17:14:56 +02:00
Avraham Stern
ea69d9737c wpa_supplicant: Share a single get_mode() implementation
There is no need to duplicate this helper function in multiple files.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-02-21 17:14:51 +02:00
Nick Lowe
98a516eae8 WPS: Use only os_get_random() for PIN generation
Remove the fallback dependency on os_random() when generating a WPS pin.
This is exceptionally unlikely to ever be called as the call to
os_get_random() is unlikely to fail. The intention is to facilitate
future removal of os_random() as it uses a low quality PRNG.

Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
2016-02-19 18:44:40 +02:00
Nick Lowe
8c676b5056 Add RADIUS Service-Type attribute with a value of Framed
This seems to be the common value used by APs and also mentioned in RFC
3580.

Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
2016-02-19 18:44:39 +02:00
Masashi Honma
70c93963ed SAE: Fix PMKID calculation for PMKSA cache
The SAE PMKID is calculated with IEEE Std 802.11-2012 11.3.5.4, but the
PMKID was re-calculated with 11.6.1.3 and saved into PMKSA cache. Fix
this to save the PMKID calculated with 11.3.5.4 into the PMKSA cache.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2016-02-18 21:07:47 +02:00
Roy Marples
640b0b933a ctype functions require an unsigned char
Ensure that characters are represented as unsigned char when using
isblank() and isspace(). These function take in a "int c" argument, but
it needs to be unsigned for the cases where EOF is not indicated.

Signed-off-by: Roy Marples <roy@marples.name>
2016-02-18 17:39:00 +02:00
Roy Marples
634e2e29d6 Add CONFIG_ELOOP_KQUEUE to defconfig
Signed-off-by: Roy Marples <roy@marples.name>
2016-02-18 17:02:13 +02:00
Michael Braun
ba91e92023 wpa_supplicant: Parse ifname argument from DATA_TEST_CONFIG
This is required to test tagged VLANs.

Signed-off-by: Michael Braun <michael-dev@fami-braun.de>
2016-02-17 11:46:13 +02:00
Jouni Malinen
ddd0032e03 wpa_cli: Clean up logical operation
While '!func() == 0' here resulted in correct behavior, it is not clear
and clang is starting to warn about this (-Wlogical-not-parentheses).
Use 'func()' instead as the condition to clear this.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-16 15:52:08 +02:00
Lior David
b907491281 wpa_supplicant: Basic support for PBSS/PCP
PBSS (Personal Basic Service Set) is a new BSS type for DMG
networks. It is similar to infrastructure BSS, having an AP-like
entity called PCP (PBSS Control Point), but it has few differences.
PBSS support is mandatory for IEEE 802.11ad devices.

Add a new "pbss" argument to network block. The argument is used
in the following scenarios:
1. When network has mode=2 (AP), when pbss flag is set will start
as a PCP instead of an AP.
2. When network has mode=0 (station), when pbss flag is set will
connect to PCP instead of AP.

The function wpa_scan_res_match() was modified to match BSS according to
the pbss flag in the network block (wpa_ssid structure). When pbss flag
is set it will match only PCPs, and when it is clear it will match only
APs.

Signed-off-by: Lior David <qca_liord@qca.qualcomm.com>
2016-02-08 22:23:56 +02:00
Roy Marples
f9982b3212 Implement kqueue(2) support via CONFIG_ELOOP_KQUEUE
NOTE: kqueue has to be closed and re-build after forking. epoll *should*
do the same, but it seems that wpa_supplicant doesn't need it at least.

I have re-worked a little bit of the epoll code (moved into a similar
kqueue function) so it's trivial to requeue epoll if needed in the
future.

Signed-off-by: Roy Marples <roy@marples.name>
2016-02-07 18:09:19 +02:00
Roy Marples
2e69bdd16a eloop: Add eloop_sock_requeue()
This function can be used to re-build eloop socket tables after forking
for eloop implementations that need this.

Signed-off-by: Roy Marples <roy@marples.name>
2016-02-07 12:38:04 +02:00
Lubomir Rintel
df9e2c2a55 D-Bus: Don't do <deny send_interface="..." /> in dbus service file
It does more than intended; apart from denying messages to that
particular interface it also denies all messages non-qualified with an
interface globally. This blocks messages completely unrelated to
wpa_supplicant, such as NetworkManager communication with the VPN
plugins.

From the dbus-daemon manual:

  Be careful with send_interface/receive_interface, because the
  interface field in messages is optional. In particular, do NOT
  specify <deny send_interface="org.foo.Bar"/>! This will cause
  no-interface messages to be blocked for all services, which is almost
  certainly not what you intended. Always use rules of the form: <deny
  send_interface="org.foo.Bar" send_destination="org.foo.Service"/>

We can just safely remove those rules, since we're sufficiently
protected by the send_destination matches and method calls are
disallowed by default anyway.

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2016-02-07 11:55:09 +02:00
Srinivasa Duvvuri
9684c7567e mesh: Fix peer link counting when a mesh peer reconnects
When a mesh point reconnects by starting from Authentication frame
sequence, the plink count was not decremented from its last connection.
This resulted in leaking peer link count and causing wpa_supplicant to
reject the connection after max_peer_links (default: 99) reconnects.

This was reproduced by pre-configuring 2 mesh points with mesh
credentials. Boot both mesh points and make sure they connect to each
other. Then in a loop reboot one of the mesh points after it
successfully connects while leaving the other mesh point up and running.
After 99 iterations the supplicant on mesh point that is not rebooting
will reject the connection request from the other mesh point.

Fix this by decrementing num_plinks when freeing a STA entry that is
still in PLINK_ESTAB state.

Signed-off-by: Srinivasa Duvvuri <sduvvuri@chromium.org>
2016-02-06 21:22:29 +02:00
Avraham Stern
83fe38b011 P2P: Fall back to no VHT when starting AP/P2P GO
In cases where the bandwidth is not set when starting an AP/P2P GO,
the code tries to use 160 MHz or 80 MHz channels. As a result, the
AP/P2P GO configuration is set to use these channel widths even if
they are not available, which may results in failing to start the
AP/P2P GO.

Fix this by changing the AP/P2P GO configuration not to use VHT channels
when they are not available. In this case the AP/P2P GO will use a 40
MHz channel, if available, or a 20 MHz channel, if this is the maximum
available width.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2016-02-06 18:23:33 +02:00
Nick Lowe
2cbc6ffb3a RADIUS: Redesign Request Authenticator generation
Simplify and make properly random the generation of the Request
Authenticator.

Signed-off-by: Nick Lowe <nick.lowe@lugatech.com>
2016-02-06 17:19:35 +02:00
Roy Marples
a3cc64f3d2 Remove -w support from wpa_supplicant README
wpa_supplicant dropped the -w option long long time ago..

Signed-off-by: Roy Marples <roy@marples.name>
2016-02-06 00:31:26 +02:00
John Ernberg
f91e11f465 D-Bus: Fix p2p interface capability message
If the config file for the interface says "p2p_disabled=1", don't report
p2p capabilities on this interface. This helps programs like Connman to
not enable p2p when it's been disabled in wpa_supplicant.

Signed-off-by: John Ernberg <john.ernberg@actia.se>
2016-02-05 18:09:38 +02:00
Jouni Malinen
80ce804e88 WNM: Workaround for broken AP operating class behavior
Some APs do not advertise operating classes correctly for BSS Transition
Management. Try to determine the most likely operating frequency based
on the channel number (1..14 --> 2.4 GHz; 36..169 --> 5 GHz) if invalid
op_class == 0 is received in a BSS Transition Management Request. This
speeds up the following operating by avoiding a full scan due to an
unknown channel.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-02-05 17:06:06 +02:00
Purushottam Kushwaha
17d32eb3d3 Allow re-write of ip_addr* configurations to conf file.
This patch keeps ip_addr* configuration in conf file while
 updating supplicant conf file either internally by supplicant or
 due to save_config command.

Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com>
Signed-off-by: Avichal Agarwal <avichal.a@samsung.com>
2016-01-15 20:23:25 +02:00
Purushottam Kushwaha
bcce934755 dbus: Restrict DeviceName size to 32 characters in setter
The maximum WPS Device Name length is 32 characters and that limit was
already enforced for the control interface and configuration files.

Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com>
2016-01-15 20:16:13 +02:00
Roy Marples
7c70fe2c6e Sort options and reduce printf calls in wpa_supplicant usage text
Signed-off-by: Roy Marples <roy@marples.name>
2016-01-15 20:11:54 +02:00
Jouni Malinen
1d20c66e45 P2P: Clear groups first on FLUSH command
This is needed to get proper P2P group removal processing for some test
cases. discovery_group_client followed by nfc_p2p_client was able to hit
a case where the P2P group idle timeout survived to the next group
instance because of the FLUSH command not clearing the group and this
timeout properly.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-06 18:49:15 +02:00
Jouni Malinen
27446e471c mesh: Do not force another peering exchange on driver event
If the local driver indicated a peer candidate event when the peer had
already initiated peering exchange in open mesh case, we used to force a
new exchange to be started instead of allowing the previously started
exchange to complete. This is not desirable, so make this initiation of
the new exchange conditional on there not being an already started (or
successfully completed) exchange.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-06 17:50:15 +02:00
Jouni Malinen
cc64fe7b9e mesh: Do not clear link state on driver event if exchange was started
If the local driver event for a new peer candidate arrived only after
the peer had already initiated the peering exchange, we used to clear
the link state. This resulted in the already completed (or in progress)
exchange getting abandoned and a new exchange initiated. This is not
desirable since the already started (or even completed) exchange can be
used. Clear the link state only when adding the new STA entry for the
first time, i.e., use the same !sta->my_lid condition in handling the
driver event similarly to how the peer initiated cases were already
handled.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-06 17:50:15 +02:00
Jouni Malinen
b5f5c32412 mesh: Add some more details to MPM debug messages
This makes it easier to follow the debug log when trying to figure out
issues with mesh peering exchange.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-06 17:50:15 +02:00
Jouni Malinen
6174de663c mesh: Connection and group started/removed events into debug log
The messages were sent out with wpa_msg_ctrl() so they were not visible
in the debug log. However, these would be quite helpful strings to
search for in the debug log, so change these messages to use wpa_msg().

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-06 13:13:13 +02:00
Jouni Malinen
e9ccfc38fd Clear wpa_supplicant state to DISCONNECTED on FLUSH command
It was possible for the FLUSH command to trigger auto connect mechanism
to schedule a new scan in 100 ms. This is not desired since all the
network profiles will be removed immediately and the scan or an attempt
to reconnect would not be of any benefit here. Such a scan in 100 ms can
cause issues for cases where multiple test sequences are run back to
back, so prevent this by clearing wpa_supplicant state to DISCONNECTED
(which avoids scheduling of the 100 ms scan trigger on disconnection) if
the state was AUTHENTICATING or higher when the FLUSH command was
issued.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-04 23:37:43 +02:00
Jouni Malinen
aeb408fff1 HS 2.0: Add some documentation for OSEN and network block use
This adds notes on how wpa_supplicant can be configured for OSEN for a
link-layer protected online signup connection and how network profiles
can be set for a Hotspot 2.0 data connection when using external
Interworking network selection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2016-01-04 21:34:39 +02:00
Jouni Malinen
15c5606758 Update copyright notices for the new year 2016
Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-01 13:42:04 +02:00
Jouni Malinen
6e379c6c16 WPS: Testing mechanism to force auth/encr type flags
The new wps_force_{auth,encr}_types parameters can be used in test build
(CONFIG_WPS_TESTING) to force wpa_supplicant to use the specified value
in the Authentication/Encryption Type flags attribute. This can be used
to test AP behavior on various error cases for which there are
workarounds to cover deployed device behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2016-01-01 13:42:04 +02:00
Jouni Malinen
944f693591 P2P: Stop offchannel TX wait on P2P_STOP_FIND/P2P_LISTEN
Previously it was possible for the pending Action frame TX to be
cleared, but the offchannel TX operation being left in wait state in the
kernel. This would delay start of the next operation (e.g., that listen
operation requested by P2P_LISTEN) until the wait time for the
previously pending Action frame had expired.

Optimize this by explicitly stopping any pending offchannel Action frame
TX when clearing the internal offchannel TX state in
wpas_p2p_clear_pending_action_tx().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-31 00:03:21 +02:00
Jouni Malinen
8edd9f1058 P2P: Add an option to specify group SSID in P2P_CONNECT join case
The new optional ssid=<hexdump> argument to P2P_CONNECT can be used to
make P2P Client operations during join-an-existing-group more robust by
filtering out scan results based on the SSID in addition to the P2P
Device/Interface Address. This can help if the same MAC address has been
used in multiple groups recently and the cached scan results may still
include an older BSS.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-30 19:12:38 +02:00
Jouni Malinen
70e0cb33f2 P2P: Provide group SSID, if specified, to P2P Client join step
At least one of the wpas_p2p_connect() callers (NFC join case) already
had access to the Group SSID. Pass that information through
wpas_p2p_connect() to wpas_p2p_join() so that the join operation can
filter out incorrect groups more easily.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-30 19:08:51 +02:00
Jouni Malinen
438be60153 P2P: Do not accept any GO BSS entry if SSID is specified for join
Accept only a BSS entry matching the SSID when trying to find the
operating channel of a GO during join operation for which the SSID was
already specified. Previously, it could have been possible to pick an
incorrect BSS entry if the new GO was not found in the latest scan and
there was an older cached scan entry for the same BSSID.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-30 19:06:19 +02:00
Jouni Malinen
35510d530a P2P: Use join SSID in the skip-PD cases
It was already possible to limit join operation to accept only a
specific SSID. However, this constraint was not used when starting a P2P
Client interface as a WPS Enrollee without going through a Provision
Discovery exchange.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-30 19:04:43 +02:00
Jouni Malinen
8b8d4f4eb4 P2P: Do not accept any BSS entry for join if SSID is already known
Use wpa_bss_get() with the specific Group SSID instead of
wpa_bss_get_bssid_latest() if the SSID is already known. This makes the
P2P join operations more robust in case the frequency of the group was
not yet known and the same P2P Interface Address may have been used in
multiple group instances with an older group entry still present in the
cached scan results.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-30 19:02:33 +02:00
Jouni Malinen
b875276c4d P2P: Use group SSID, if known, for join operation even if no BSS entry
This allows the cases where a specific group SSID is known to filter out
groups on the P2P Client even if the specific BSS entry for the target
group is not yet available.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-30 19:00:56 +02:00
Jouni Malinen
aa256cb399 P2PS: Add group SSID, if known, to the P2PS-PROV-DONE event
The new optional group_ssid=<hexdump> argument in the P2PS-PROV-DONE
event can be used to help in identifying the exact group if there have
been multiple groups with the same P2P Interface Address in short period
of time.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-30 18:59:03 +02:00
Jouni Malinen
c2ed779748 mesh: Document Mesh Peering Management element structure in more detail
Provide details on the pointers to the subfields and rename "pmk" to
"chosen_pmk" and use SAE_PMKID_LEN macro with it to make the code more
readable.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-28 17:21:08 +02:00
Bob Copeland
b2817cd5c2 mesh: Check PMKID in AMPE Action frames
From IEEE Std 802.11-2012 13.3.5:

   If the incoming Mesh Peering Management frame is for AMPE and the
   Chosen PMK from the received frame contains a PMKID that does not
   identify a valid mesh PMKSA, the frame shall be silently discarded.

We were not checking the PMKID previously, and we also weren't parsing
it correctly, so fix both.

Signed-off-by: Bob Copeland <me@bobcopeland.com>
2015-12-28 17:21:08 +02:00
Bob Copeland
6c33eed3ee mesh: Fix PMKID to match the standard
IEEE Std 802.11-2012 11.3.5.4 specifies the PMKID for SAE-derived keys
as:

   L((commit-scalar + peer-commit-scalar) mod r, 0, 128)

This is already calculated in the SAE code when the PMK is derived, but
not saved anywhere. Later, when generating the PMKID for plink action
frames, the definition for PMKID from 11.6.1.3 is incorrectly used.
Correct this by saving the PMKID when the key is generated and use it
subsequently.

Signed-off-by: Bob Copeland <me@bobcopeland.com>
2015-12-28 17:21:08 +02:00
Ilan Peer
ede7770180 wpa_supplicant: Do not wait for monitor on P2P Device interface
External programs are not aware of the creation of a
dedicated P2P Device interface, so it does not make sense
to wait for a monitor to connect on such an interface.

Fix this by not waiting on a dedicated P2P Device interface
for monitor to attach.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-12-28 17:21:08 +02:00
Ilan Peer
1c94570f1b Do not wait for monitor to attach if no control interface
In case an interface has started without a control interface
initialized, skip waiting for monitor to attach at the start of
wpa_supplicant (-W).

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-12-28 17:21:08 +02:00
Jouni Malinen
f98674aa37 Clone default LIBS value to LIBS_* for other tools
If LIBS is set with some global build system defaults, clone those for
LIBS_c, LIBS_h, LIBS_n, and LIBS_p to cover wpa_cli, wpa_passphrase,
hostapd_cli, hlr_auc_gw, and nt_password_hash as well.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-28 17:21:08 +02:00
Jouni Malinen
7d2f67433d Add "GET_CAPABILITY acs" to allow ACS build option to be detected
This allows upper layer software to check whether wpa_supplicant can use
ACS for AP mode.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-24 22:24:05 +02:00
Tomasz Bursztyka
d99097177a wpa_supplicant: Enable Automatic Channel Selection support for AP mode
Since hostapd supports ACS now, let's enable its support in
wpa_supplicant as well when starting AP mode.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
[u.oelmann@pengutronix.de: rebased series from hostap_2_1~944 to master]
[u.oelmann@pengutronix.de: adjusted added text in defconfig]
Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
2015-12-24 22:24:05 +02:00
Tomasz Bursztyka
96bc508684 Handle survey event properly in wpa_supplicant
Let's reuse hostapd code for such handling. This will be useful to get
ACS support into wpa_supplicant where this one needs to handle the
survey event so it fills in the result ACS subsystem will require.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
[u.oelmann@pengutronix.de: rebased series from hostap_2_1~944 to master]
Signed-off-by: Ulrich Ölmann <u.oelmann@pengutronix.de>
2015-12-24 21:35:54 +02:00
Jouni Malinen
662512e027 P2PS: Remove dead code
Commit f8a80e39b3 ('P2PS: Change
connection capability handling') added the identical P2PS_SETUP_CLIENT
check into two places within p2ps_group_capability(). However, only the
first one of these can be reached. In the second case, role can only
have values 0 or P2PS_SETUP_NEW and as such, the P2PS_SETUP_CLIENT case
is not possible. It looks like the first part of the commit is
sufficient, so remove the dead code added by the second part.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-24 19:16:15 +02:00
Jouni Malinen
d6b536f7e5 Add ocsp=3 configuration parameter for multi-OCSP
ocsp=3 extends ocsp=2 by require all not-trusted certificates in the
server certificate chain to receive a good OCSP status. This requires
support for ocsp_multi (RFC 6961). This commit is only adding the
configuration value, but all the currently included TLS library wrappers
are rejecting this as unsupported for now.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-24 00:54:30 +02:00
Jouni Malinen
0ab0de88e8 Document previously missing key_mgmt values
Number of key_mgmt options were missing from the documentation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-21 17:45:57 +02:00
Jouni Malinen
c24f8e8e75 GAS: Do not cancel initial offchannel wait with comeback delay 1
The minimum comeback delay 1 is used to indicate that fragmentation is
needed instead of indicating that the response is going to be available
only after some time. Do not cancel offchannel wait for this case
between the initial and comeback exchanges to avoid delaying the full
operation unnecessarily.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 21:07:33 +02:00
Jouni Malinen
364282c8c9 GAS: Retry full GAS query if comeback response is not received
It is possible for a comeback response to get lost especially when going
through a large GAS exchange fragmented to multiple frames in an
environment with interference or other traffic. Make this less likely to
fail the full exchange by trying full GAS query again and using longer
wait time on the GAS comeback exchanges.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 21:07:33 +02:00
Matti Gottlieb
8fb718a748 GAS: Shorten the duration of the wait for GAS comeback response
When exchanging GAS frames with the AP, the initial response from the AP
may take a while to come, since the AP may need to fetch the info from a
server. The next fragments/comeback response frames should take much
less time since the AP already has all of the info, so the wait time
for these frames can be reduced.

In addition, some drivers, e.g., mac80211, try to combine ROC based flows,
to improve medium utilization. For example, if the requested ROC fits
entirely in a previous requested ROC they can be combined. Thus, reducing
the wait time for the next frames can improve medium utilization.

Shorten the duration of GAS comeback to improve medium utilization and
overall GAS exchange times.

Signed-off-by: Matti Gottlieb <matti.gottlieb@intel.com>
2015-12-20 19:42:12 +02:00
Jouni Malinen
c012567df6 GAS: Clear offchannel_tx_started when ending remain-on-channel
Commit 2c0d0ae370 ('GAS: End
remain-on-channel due to delayed GAS comeback request') started ending
the remain-on-channel operation between the initial request and the
following comeback request. However, it did not check or update the
offchannel_tx_started variable. While this alone would not necessarily
be problematic, this makes it more difficult to optimize wait time for
offchannel TX operations, so make sure the internal tracking variable
gets updated.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 19:40:01 +02:00
Jouni Malinen
e7160bd8fe Drop any pending EAPOL RX frame when starting a new connection
Such a pending frame cannot be valid anymore, so drop it instead of
risking of using an unexpected EAPOL frame after association if a
previous association received one at the end and the new association can
happen within 100 ms.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-20 17:25:41 +02:00
Jouni Malinen
61f25f80b4 HS 2.0: Remove duplicate icon entries
Only one of the icon entries with a matching BSSID and file name can be
fetched from wpa_supplicant and as such, there is no need to maintain
the old data if it was not explicitly deleted before running a new fetch
for the same BSSID and icon. Remove older duplicated entries whenever
completing a pending icon fetch to optimize memory use.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-19 18:53:27 +02:00
Jouni Malinen
ca9968a012 HS 2.0: Convert icon storage to use dl_list
This simplifies the list operations quite a bit.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-19 18:49:57 +02:00
Jan Nordqvist
8dd5c1b4e9 HS 2.0: Add a command to retrieve icon with in-memory storage
This adds a new command based Hotspot 2.0 icon retrieval option.

In short, here is the new command sequence:
1. REQ_HS20_ICON <bssid> <file-name>
2. event: RX-HS20-ICON <bssid> <file-name> <size>
3. GET_HS20_ICON <bssid> <file-name> <offset> <size>
   (if needed, repeat with larger offset values until full icon is
   fetched)
5. DEL_HS20_ICON <bssid> <file-name>

REQ_HS20_ICON is a new command that is analogous to HS20_ICON_REQUEST
with the slight difference that an entry to store the icon in memory is
prepared. The RX-HS20-ICON event has been augmented with BSSID,
file-name and size, and GET_HS20_ICON is used to retrieve a chunk of up
to <size> bytes of icon data at offset <offset>. Each chunk is returned
as a base64 encoded fragment, preceded by "HS20-ICON-DATA", BSSID, and
file-name as well as the starting offset of the data.

If there is no entry prepared for the icon when the ANQP result comes
back, hs20_process_icon_binary_file falls back to legacy behavior.

Finally the DEL_HS20_ICON command deletes (all) icons associated with
BSSID and file-name (there could be several if retries are used and they
have different dialog tokens).

Signed-off-by: Jan Nordqvist <jannq@google.com>
2015-12-19 18:34:01 +02:00
Dmitry Shmidt
96e8d831a5 wpa_supplicant: Add SIGNAL_MONITOR command
SIGNAL_MONITOR THRESHOLD=DD HYSTERESIS=DD command will request signal
strength monitoring events based on there having been requested amount
of drop in the signal strength. The threshold value is the RSSI
threshold in dBm for the event to be sent. 0 threshold can be used to
disable monitoring. The hysteresis value is RSSI hysteresis in dB to
specify the minimum amount of change before a consecutive event is
reported.

With nl80211 driver interface, these values map to the
NL80211_CMD_SET_CQM command with NL80211_ATTR_CQM_RSSI_THOLD and
NL80211_ATTR_CQM_RSSI_HYST attributes to the driver.

This command cannot be used when bgscan module is in use since that
depends on being able to control the connection monitoring parameters.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2015-12-18 21:02:37 +02:00
Matti Gottlieb
2c0d0ae370 GAS: End remain-on-channel due to delayed GAS comeback request
During the sequence of exchanging GAS frames with the AP, the AP can
request to come back in X amount of time and resend the GAS request.

Previously, wpa_supplicant did not terminate the remain-on-channel
session, but rather waited until the requested comeback delay had
expired, and then tried to send the GAS frame (potentially to save the
time that is required to schedule a new remain on channel flow).

This might cause unnecessary idle time (can be close to 1000 ms) in
which the device might be off-channel. Ending the current
remain-on-channel session and then rescheduling makes better usage of
the time in this case.

End remain-on-channel session due to receiving a delayed GAS comeback
request from the AP.

Signed-off-by: Matti Gottlieb <matti.gottlieb@intel.com>
2015-12-18 20:32:53 +02:00
Eliad Peller
685ea2f60c wpa_cli: Send ALL_STA command to the correct interface
wpa_ctrl_command_sta(), called by the "ALL_STA" handler, didn't consider
ifname_prefix, resulting in various commands being sent to the global
control interface, rather than the specified interface when IFNAME=
prefix was used.

This in turn caused the unexpected "UNKNOWN COMMAND" result be
considered as valid station, resulting in infinite loop while trying to
get all stations.

Fix it by considering ifname_prefix, similarly to _wpa_ctrl_command().

Signed-off-by: Eliad Peller <eliadx.peller@intel.com>
2015-12-18 00:24:52 +02:00
Ayala Beker
0e6a2cf282 Disconnect before trying to switch to a different network
Previously, when wpa_supplicant received bgscan results with a preferred
network, it connected to that network without disconnecting from the
previous one. This might result in an inconsistent state of upper
layers.

Fix this by disconnecting from the current AP before connecting to the
new one when the network profile changes and there is an existing
connection.

Signed-off-by: Ayala Beker <ayala.beker@intel.com>
2015-12-18 00:24:52 +02:00
Arik Nemtsov
706e11a485 Avoid network selection from scan during connection
If scan results arrive during the connection process, the network
selection function was called, interrupting the current connection.
While a regular scan is mutually exclusive with connection establishment
via the nature of radio work, there's no such protection for scheduled
scan. Prevent network selection while a connection is in progress.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2015-12-18 00:24:52 +02:00
Ayala Beker
1b3dd69d93 P2P: Fix possible NULL pointer dereference
Fix wpas_p2p_invite() to call p2p_set_own_pref_freq_list() after the
NULL check, to avoid NULL pointer dereference if P2P initialization were
to have failed or P2P module getting deinitialized.

Signed-off-by: Ayala Beker <ayala.beker@intel.com>
2015-12-18 00:24:51 +02:00
Jouni Malinen
d06a35052f mesh: Fix VHT Operation information in peering messages
The full VHT channel information was not set in the hostapd data
structures which resulted in incorrect information (all zeros) being
used when building the VHT Operation element for peering messages while
the actual driver mode was set with the full details. We did not seem to
use the VHT information from peering messages, so this does not change
behavior with another wpa_supplicant-based mesh implementation. Anyway,
these elements should match the ones used in Beacon frames.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-17 21:20:02 +02:00
Jouni Malinen
d560288a44 TLS: Parse CertificateStatus message
This allows the internal TLS client implementation to accept
CertificateStatus message from the server when trying to use OCSP
stapling. The actual OCSPResponse is not yet processed in this commit,
but the CertificateStatus message is accepted to allow the TLS handshake
to continue.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-14 15:49:01 +02:00
Jouni Malinen
3c108b7573 EAP peer: External server certificate chain validation
This adds support for optional functionality to validate server
certificate chain in TLS-based EAP methods in an external program.
wpa_supplicant control interface is used to indicate when such
validation is needed and what the result of the external validation is.

This external validation can extend or replace the internal validation.
When ca_cert or ca_path parameter is set, the internal validation is
used. If these parameters are omitted, only the external validation is
used. It needs to be understood that leaving those parameters out will
disable most of the validation steps done with the TLS library and that
configuration is not really recommend.

By default, the external validation is not used. It can be enabled by
addingtls_ext_cert_check=1 into the network profile phase1 parameter.
When enabled, external validation is required through the CTRL-REQ/RSP
mechanism similarly to other EAP authentication parameters through the
control interface.

The request to perform external validation is indicated by the following
event:
CTRL-REQ-EXT_CERT_CHECK-<id>:External server certificate validation needed for SSID <ssid>

Before that event, the server certificate chain is provided with the
CTRL-EVENT-EAP-PEER-CERT events that include the cert=<hexdump>
parameter. depth=# indicates which certificate is in question (0 for the
server certificate, 1 for its issues, and so on).

The result of the external validation is provided with the following
command:
CTRL-RSP-EXT_CERT_CHECK-<id>:<good|bad>

It should be noted that this is currently enabled only for OpenSSL (and
BoringSSL/LibreSSL). Due to the constraints in the library API, the
validation result from external processing cannot be reported cleanly
with TLS alert. In other words, if the external validation reject the
server certificate chain, the pending TLS handshake is terminated
without sending more messages to the server.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-12 18:24:27 +02:00
Jouni Malinen
651c6a84af Add TEST_ASSOC_IE for WPA/RSN IE testing on AP side
The new wpa_supplicant control interface command "TEST_ASSOC_IE
<hexdump>" can now be used to override the WPA/RSN IE for Association
Request frame and following 4-way handshake to allow protocol testing of
AP side processing of WPA/RSN IE.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-06 19:33:16 +02:00
Jouni Malinen
58059e6c0c FST: Print debug entry on MB IE update based on EVENT_AUTH
This is more consistent with all the other callers of
wpas_fst_update_mbie().

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-06 12:53:24 +02:00
Avichal Agarwal
af041f997d dbus: Add support for vendor specific elements
The new methods are
1. VendorElemAdd "i" "ay" i=integer ay=array of bytes
2. VendorElemGet "i" i=integer (output array of bytes)
3. VendorElemRem "i" "ay" i=integer ay=array of bytes

These provide functionality similar to the control interface commands
VENDOR_ELEM_ADD, VENDOR_ELEM_GET, and VENDOR_ELEM_REMOVE.

Signed-off-by: Avichal Agarwal <avichal.a@samsung.com>
Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com>
Signed-off-by: Kyeong-Chae Lim <kcya.lim@samsung.com>
Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
Signed-off-by: Dilshad Ahmad <dilshad.a@samsung.com>
[VendorElemGet to return array of bytes instead of string; cleanup]
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-12-06 12:50:13 +02:00
Jouni Malinen
bf3214b593 P2P: Fix re-invoked client interface completion on data connection
This was already working for the case where a separate group interface
is used due to the recent commit
328f49acfe ('P2P: Complete group formation
on client data connection'). However, the case of no separate group
interface was used did not clear the interface state properly on data
connection. Fix this by setting the group formation information in
wpas_start_p2p_client().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-04 23:11:10 +02:00
Jouni Malinen
63502c64e1 P2P: Fix P2P_CANCEL for p2p_in_invitation case
Commit f05cee9714 ('P2P: Clear
p2p_in_invitation on cancel') added a wpas_p2p_cancel() case to call
wpas_p2p_group_formation_failed() if wpa_s->p2p_in_invitation is set.
This is done in a loop going through wpa_s->next pointers. However, the
call here can result in removing the interface and freeing wpa_s. The
following attempt to read wpa_s->next is from freed memory and that can
result in process termination when using a separate P2P group interface
and issuing P2P_CANCEL on a group that was started through re-invocation
of a persistent group.

The recent commit 328f49acfe ('P2P:
Complete group formation on client data connection') "fixed" this by
accident since wpa_s->p2p_in_invitation gets cleared in the sequence
that could hit this issue and this results in P2P_CANCEL getting
rejected. However, the real bug here is in the loop that continues after
possible wpa_s instance deletion. Fix that by breaking out of the loop.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-04 22:49:59 +02:00
Jouni Malinen
213e158ca8 BoringSSL: Move OCSP implementation into a separate file
This makes it easier to share the OCSP implementation needed for
BoringSSL outside tls_openssl.c. For now, this is mainly for
http_curl.c.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-12-04 20:08:31 +02:00
Jouni Malinen
328f49acfe P2P: Complete group formation on client data connection
This was already the case in the GO role where the first client
connection is waited before marking
wpa_s->p2p_go_group_formation_completed = 1 and clearing
wpa_s->global->p2p_group_formation. However, in the P2P Client role,
that was done already at the completion of the WPS exchange. This can be
problematic since group formation timeout may still try to clear the
group and with wpa_s->global->p2p_group_formation == NULL, the correct
group interface may not be found.

Fix this by postponing clearing of wpa_s->global->p2p_group_formation on
the P2P Client side until the data connection has been completed and
group is declared started.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-30 21:35:16 +02:00
Jouni Malinen
bea48f7784 Allow sched_scan_plans to be updated at runtime
This allows the control interface SET command to be used to update the
sched_scan_plans parameter at runtime. In addition, an empty string can
be used to clear the previously configured plan.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-30 14:03:28 +02:00
Avraham Stern
32c02261dd Add support for configuring scheduled scan plans
Add the option to configure scheduled scan plans in the config file.
Each scan plan specifies the interval between scans and the number
of scan iterations. The last plan will run infinitely and thus
specifies only the interval between scan iterations.

usage:
sched_scan_plans=<interval:iterations> <interval2:iterations2> ... <interval>

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2015-11-30 14:03:28 +02:00
Avraham Stern
09ea4309b6 nl80211: Add support for multiple scan plans for scheduled scan
Add 'scan plans' to driver scan parameters for scheduled scan.
Each 'scan plan' specifies the number of iterations to run the scan
request and the interval between iterations. When a scan plan
finishes (i.e., it was run for the specified number of iterations),
the next scan plan is executed. The last scan plan will run
infinitely.

The maximum number of supported scan plans, the maximum number of
iterations for a single scan plan and the maximum scan interval
are advertised by the driver.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2015-11-30 14:03:28 +02:00
Jouni Malinen
dd895e9964 P2P: Make p2p_go_configured() more robust against unexpected calls
A hwsim test sequence was able to hit a SIGSEGV in
p2p_go_save_group_common_freqs() called by p2p_go_configured() callback
in a case where a non-P2P AP mode operation is started in wpa_supplicant
(wpas_ap_wep test case). This callback should not have happened for
non-P2P case and the debug logs did not make it clear how this could
happen. In addition, it is unclear how this could be reproduced.

To avoid this type of issues, clear the wpa_s->ap_configured_cb pointer
as soon as the first call to the function happens. In addition, verify
that wpa_s->go_params is available before processing the GO configured
callback.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-30 01:25:24 +02:00
Pali Rohár
6bb6a9ce29 Add SHA384 and SHA512 implementations from LibTomCrypt library
These will be used with the internal TLS implementation to extend hash
algorithm support for new certificates and TLS v1.2.

Signed-off-by: Pali Rohár <pali.rohar@gmail.com>
2015-11-29 18:19:32 +02:00
Jouni Malinen
53401e919e Abort ongoing scans on FLUSH command
This may speed up some hwsim test case sequencies by avoiding a wait for
a scan at the end of a test case to complete.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-27 01:09:42 +02:00
Jouni Malinen
2ea2166d5a Add control interface command for aborting an ongoing scan
The new ABORT_SCAN command can be used to request an ongoing scan to be
aborted.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-26 19:44:14 +02:00
Kanchanapally, Vidyullatha
4ead7cfd5d Abort an ongoing scan before connect
Connect radio work is sometimes delayed for a considerable duration if
there is an ongoing scan radio work. To avoid these delays abort the
ongoing scan on that interface before queuing a connect request. Upon a
scan done indication from the driver, connect radio work will be
scheduled.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-26 19:44:14 +02:00
Kanchanapally, Vidyullatha
4f30addb38 nl80211: Add support for aborting an ongoing scan
This adds the driver interface commands for issuing a request to abort
an ongoing scan operation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-26 19:44:14 +02:00
Jouni Malinen
0530eb1086 mesh: Clear wpa_s cipher selection on starting mesh
This is needed to avoid hitting WEP/TKIP detection in
ibss_mesh_setup_freq() if the previous connection used WEP or TKIP.
Previously, that could have resulted in VHT and HT getting disabled for
the mesh connection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-26 18:47:40 +02:00
Ahmad Kholaif
0f29bc68d1 IBSS/mesh: Add support for VHT80P80 configuration
A new network profile configuration parameter max_oper_chwidth=3 can be
used to specify preference to enable 80+80 MHz VHT channel for IBSS. If
that is set, the first 80 MHz segment is specified based on the
frequency parameter in the network profile and the second segment is
selected automatically (which will practically be limited to a single
possibility due to DFS requirements in most countries).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-26 17:47:15 +02:00
Ahmad Kholaif
c27f4c9006 P2P: Add support for VHT 80+80 MHz and 160 MHz
The new max_oper_chwidth and freq2 arguments to P2P_CONNECT, P2P_INVITE,
and P2P_GROUP_ADD control interface commands can be used to request
larger VHT operating channel bandwidth to be used than the previously
used maximum 80 MHz.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-25 19:01:20 +02:00
Ahmad Kholaif
bee5d8e067 nl80211: Add VHT 160 MHz channel flags
This extends the previous design that covered only the VHT 80 MHz cases
for VHT channel flags. New functions are introduced to allow 160 MHz
bandwidth cases to determine the center channel and check availability
of a 160 MHz channel.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-25 19:01:14 +02:00
Ahmad Kholaif
5e1da9c8fd P2P: Define operating classes for VHT 80+80 and 160
This adds definitions for the global operating classes 129 and 130 for
VHT 80+80 MHz and 160 MHz use cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-25 19:01:10 +02:00
Dedy Lansky
ea7081185e FST: Improve parsing of Multiband IEs
Previously, MB IEs were parsed only from association event. Try to get
MB IEs from other management frames like Probe Response frames. The MB
IEs from the association event may not be up-to-date and in some cases
may actually be missing and updating the information based on other
frames can improve robustness of FST exchanges.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-25 17:33:31 +02:00
Jouni Malinen
39c3c9b7dc Remove wpa_supplicant/tests
There was only a single file remaining in this directory. All the other
old test functionality has been moved under the top level tests
directory. Move the remaining file to the wpa_supplicant directory to
get rid of the subdirectory.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-24 00:00:21 +02:00
Jouni Malinen
1fff13a9cb tests: Move EAP-SIM PRF module test into the hwsim framework
The old wpa_supplicant/Makefile target test-eap_sim_common did not work
anymore and anyway, this test is better placed in the newer hwsim
framework to make sure the test case gets executed automatically.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-24 00:00:21 +02:00
Jouni Malinen
9b635d0bde Remove link_test and test_wpa
These wpa_supplicant test programs have not been maintained for years
and it would take significant effort to get these into working state.
Since there does not seem to be any real need for these based on lack of
maintenance, it is easier to just drop these tools for now.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-24 00:00:21 +02:00
Jouni Malinen
9e68742ef1 Fix CONFIG_NO_WPA=y build
Number of places were calling functions that are not included in
CONFIG_NO_WPA=y build anymore. Comment out such calls. In addition, pull
in SHA1 and MD5 for config_internal.c, if needed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-23 23:34:52 +02:00
Jouni Malinen
eb926f1257 Comment out wpas_reenabled_network_time with CONFIG_NO_SCAN_PROCESSING
This removes a compiler warning about unused function.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-23 23:33:55 +02:00
Ilan Peer
ed7820b484 P2P: Add a testing option to force P2P GO CSA
Add a testing option to force a P2P GO CSA on successful
invitation to join an active P2P GO.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-11-22 21:49:19 +02:00
Ilan Peer
6cbbae2cf8 P2P: Set p2p_go_wait_client in invitation_result() cb
When an invitation to join an existing group is accepted by the
peer device, set p2p_go_wait_client to the current time so
that wpas_p2p_in_progress() would return != 0, thus preventing
P2P CSA, scanning etc., that would interfere with the peer
device connection.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-11-22 21:46:43 +02:00
Avraham Stern
cadffacb3f wpa_cli: Add an option to set created interface type
Add an option to set the interface type when creating
a driver interface.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2015-11-22 17:50:05 +02:00
Avraham Stern
0f039e3432 Add an option to create interface of a certain type with INTERFACE_ADD
Some drivers do not support having two station interfaces, so the fact
that wpa_supplicant always creates a new interface in station mode, even
if it will be used as another type of interface, may prevent
wpa_supplicant from creating new interfaces. Allow setting the interface
type when a new interface is created so that interfaces of supported
types can be created.

Currently supported types are station ("sta") and AP ("ap"). If the
interface type is not specified, a station interface will be created.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2015-11-22 17:46:54 +02:00
Avraham Stern
d8a3b66d7f driver: Make setting up AP optional when creating AP interface
When an AP interface it created, it is also setup and subscribes
for management frames etc. However, when the interface is added by
wpa_supplicant, setting up for AP operations is redundant because
it will be done by wpa_supplicant on wpa_drv_init() when setting
the interface mode to AP.

In addition, it may cause wpa_supplicant to fail initializing the
interface as it will try to subscribe for management frames on this
interface but the interface is already registered.

Change this, so when adding an AP interface, make setting up the AP
optional, and use it only when the interface is added by hostapd but not
when it is added by wpa_supplicant.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2015-11-22 17:42:59 +02:00
Avraham Stern
2c51c0bd83 P2P: Clear send action work without waiting on find/stop/listen
When clearing pending TX action to start a new P2P operation like
P2P_FIND or P2P_LISTEN, wpas_p2p_action_tx_clear() was used to clear
the send action work. However, in cases where the action work has wait
time, it is not cleared immediately but only after the wait time ends.
This may cause delay in starting the P2P operation.

Fix that by always clearing the send action work immediately on these
P2P commands that result in immediate P2P state change and practically
stopping a previous operation, if one was pending.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2015-11-21 18:53:22 +02:00
Ravi Joshi
f32227ed9e Add QCA vendor attribute and event to indicate subnet change status
This allows offloaded roaming to inform user space of the change in IP
subnet post roaming. The device may have roamed to a network which is in
a different subnet which will result in IP connectivity loss. Indicating
the change in subnet enables the user space to refresh the IP address or
to perform IP subnet validation if unknown status is indicated.

The driver indication is reported with a new event from wpa_supplicant
in the following format:
CTRL-EVENT-SUBNET-STATUS-UPDATE status=<0/1/2>
where
0 = unknown
1 = IP subnet unchanged (can continue to use the old IP address)
2 = IP subnet changed (need to get a new IP address)

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-20 11:03:06 +02:00
Jouni Malinen
d38c7be0f0 Skip SELECT_NETWORK steps only if already connected or connecting
Commit 2a6f78fbbe ('Do not re-associate on
SELECT_NETWORK to current network') started skipping all SELECT_NETWORK
connection steps if the selected network had already been selected
previously. This happened regardless of whether the connection was
already established. This is not necessarily desirable for all cases
where there is no immediate action to even try to connect (e.g., long
wait for the next scan).

Speed this up by allowing the SELECT_NETWORK operation to get started if
there is no connection or ongoing connection attempt with the selected
network.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-20 00:45:40 +02:00
Peter Oh
a65efbfb24 Add VHT support for Mesh
Mesh Points themselves have capability to support VHT as long as
hardware supports it. However, supporting VHT in mesh mode was disabled
because no one had clearly tested and confirmed its functionality. Since
VHT80 has now been verified to work with ath10k QCA988X driver and
mac80211_hwsim, enable VHT support in mesh mode.

Signed-off-by: Peter Oh <poh@qca.qualcomm.com>
2015-11-19 11:37:41 +02:00
Peter Oh
a73c984261 Set WMM flag to Mesh STA by default
Set WLAN_STA_WMM flag to Mesh STA by default since Mesh STAs are QoS
STAs. Mesh STA's HT capabilities won't be parsed properly without the
flag.

Signed-off-by: Peter Oh <poh@qca.qualcomm.com>
2015-11-19 11:37:17 +02:00
Sunil Dutt
5e238cc682 WPS: Reconnect for a failed data connection when STA_AUTOCONNECT is 0
If "STA_AUTOCONNECT 0" has been used to disable automatic connection on
disconnection event and the driver indicates a failure for the data
connection after successful WPS handshake, it is possible to hit a case
where wpa_s->disconnected is set to 1 and further attempts to connect
shall stop.

While "STA_AUTOCONNECT 0" is used to disable automatic reconnection
attempts in general, this specific WPS case can benefit from trying
again even with that configuration for a short period of time. Extend
the wpa_supplicant re-enable-networks-after-WPS 10 second timeout to
apply for ignoring disabled STA_AUTOCONNECT immediately after a WPS
provisioning step.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-11-17 19:50:34 +02:00
MAYANK HAARIT
442cc8cc41 dbus: Fix memory leak in sending InvitationReceived signal
Free the message after message send in
wpas_dbus_signal_p2p_invitation_received() to avoid leaking memory.

Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
Signed-off-by: Avichal Agarwal <avichal.a@samsung.com>
2015-11-17 17:20:03 +02:00
Samuel Tan
07e3653922 dbus: Do not use pointer arithmetic with a void pointer
This failed to compile on x86 gcc due to pointer arithmetic on a void
pointer.

Signed-off-by: Samuel Tan <samueltan@google.com>
2015-11-15 19:34:51 +02:00
Samuel Tan
3b49719130 Android: Use libdbus rather than dbus-1
The upstream wpa_supplicant uses the dbus-1 library when it is compiled
with D-Bus support. In Android, we imported the D-Bus shared libraries
under the name "libdbus", so use this shared library instead of dbus-1
when compiling wpa_supplicant with D-Bus support.

Signed-off-by: Samuel Tan <samueltan@google.com>
2015-11-15 19:26:49 +02:00
Ben Greear
5b75ecead3 Document passive_scan option for wpa_supplicant.conf
This should save the next person to need this behavior some time.

Signed-off-by: Ben Greear <greearb@candelatech.com>
2015-11-15 19:25:05 +02:00
Purushottam Kushwaha
2d0fe6bc4e dbus: Add SaveConfig to update configuration file
This is similar to SAVE_CONFIG on control interface, which allow users
to update the configuration file.

Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com>
Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
2015-11-15 19:04:15 +02:00
Purushottam Kushwaha
fb7e7daeff dbus: Fix a copy-paste error in debug print
Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
2015-11-15 18:53:51 +02:00
Jouni Malinen
03ed0a5239 WNM: Ignore WNM-Sleep Mode Response if WNM-Sleep Mode has not been used
The AP is not expected to send out a WNM-Sleep Mode Response frame
without the STA trying to use WNM-Sleep Mode. Drop such unexpected
responses to reduce unnecessary processing of the frame.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-10 18:40:54 +02:00
Jouni Malinen
2cb28a4c75 WNM: Ignore Key Data in WNM Sleep Mode Response frame if no PMF in use
WNM Sleep Mode Response frame is used to update GTK/IGTK only if PMF is
enabled. Verify that PMF is in use before using this field on station
side to avoid accepting unauthenticated key updates. (CVE-2015-5310)

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-10 18:40:54 +02:00
Max Stepanov
73ed03f333 wpa_supplicant: Add GTK RSC relaxation workaround
Some APs may send RSC octets in EAPOL-Key message 3 of 4-Way Handshake
or in EAPOL-Key message 1 of Group Key Handshake in the opposite byte
order (or by some other corrupted way). Thus, after a successful
EAPOL-Key exchange the TSC values of received multicast packets, such as
DHCP, don't match the RSC one and as a result these packets are dropped
on replay attack TSC verification. An example of such AP is Sapido
RB-1732.

Work around this by setting RSC octets to 0 on GTK installation if the
AP RSC value is identified as a potentially having the byte order issue.
This may open a short window during which older (but valid)
group-addressed frames could be replayed. However, the local receive
counter will be updated on the first received group-addressed frame and
the workaround is enabled only if the common invalid cases are detected,
so this workaround is acceptable as not decreasing security
significantly. The wpa_rsc_relaxation global configuration property
allows the GTK RSC workaround to be disabled if it's not needed.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
2015-11-01 21:00:22 +02:00
Jouni Malinen
ea6030c77f Restore previous wpa_state in scan-only result handler
The SCAN TYPE=ONLY results do not trigger a connection operation
automatically. As such, there was no explicit operation that would
change wpa_state after such a scan-only operation and WPA_SCANNING state
could have been left in effect until the next operation is triggered by
an external command. This is not desirable, so restore the wpa_state
that was in use when the scan was started in case WPA_SCANNING state is
still set when the scan operation completes.

This was triggered by the following mac80211_hwsim test sequence:
dbus_wps_oom scan_trigger_failure

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-01 20:26:35 +02:00
Jouni Malinen
1e74ae4de9 WNM: Clear BSS TM data if already associated with preferred candidate
Previously, wnm_deallocate_memory() was called only if we decided to
move to another BSS at the completion of an accepted BSS Transition
Management Request. This resulted in the candidate information being
left in effect for the following scan operation if we were already
associated with the preferred candidate. This could result in unexpected
behavior in the following connection attempt.

Fix this by clearing the candidate information even if we do not need to
roam to another BSS.

This was triggered with mac80211_hwsim test cases in this sequence:
wnm_bss_tm ap_track_sta_force_2ghz

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-01 20:09:11 +02:00
Jouni Malinen
a34eace204 dbus: Remove unused dict helper functions
There are no callers for these helper functions.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-11-01 00:16:57 +02:00
Purushottam Kushwaha
cdcb2d0e7f wpa_cli: Add support for vendor_elem_* commands
Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com>
Signed-off-by: Avichal Agarwal <avichal.a@samsung.com>
Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
2015-10-31 21:56:59 +02:00
Jouni Malinen
1f1e619282 Add test programs for checking libwpa_client linking
libwpa_test1 and libwpa_test2 targets can now be used to check
libwpa_client linking for static and shared library cases respectively.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-31 21:56:59 +02:00
Jörg Krause
736b7cb2da wpa_supplicant/Makefile: Fix libwpa_client build
Building libwpa_client requires src/utils/common.c for bin_clear_free()
else loading the library fails with:

Error relocating /usr/lib/libwpa_client.so: bin_clear_free: symbol not found

Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>
2015-10-31 19:15:37 +02:00
Dan Williams
e50c50d5a0 dbus: Expose interface globals via D-Bus properties
All interface globals are now exposed as D-Bus properties of type
string, and parsed via the normal interface global parsing functions.

Signed-off-by: Dan Williams <dcbw@redhat.com>
2015-10-28 23:41:32 +02:00
Dan Williams
1aa0fb77ea dbus: Pass property description to getters/setters
We'll use it later for global interface properties.

Signed-off-by: Dan Williams <dcbw@redhat.com>
2015-10-28 23:40:49 +02:00
Jouni Malinen
8f3ea3175f tests: Fix build without CONFIG_ERP=y
hmac_sha256_kdf() got pulled in only if CONFIG_ERP=y is set. Fix
test_sha256() by making the test case conditional on the function being
present.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-26 00:42:14 +02:00
Lubomir Rintel
1248e58492 wpa_supplicant: Reopen debug log file upon receipt of SIGHUP signal
This is useful for logrotate to be able to rotate the file even if the
control interface is not enabled (e.g., when using DBus).

Signed-off-by: Lubomir Rintel <lkundrak@v3.sk>
2015-10-25 20:45:02 +02:00
Mohammed Shafi Shajakhan
67deaa582d l2_packet: Add build option to disable Linux packet socket workaround
Linux packet socket workaround(*) has an impact in performance when the
workaround socket needs to be kept open to receive EAPOL frames. While
this is normally avoided with a kernel that has the issue addressed by
closing the workaround packet socket when detecting a frame through the
main socket, it is possible for that mechanism to not be sufficient,
e.g., when an open network connection (no EAPOL frames) is used.

Add a build option (CONFIG_NO_LINUX_PACKET_SOCKET_WAR=y) to disable the
workaround. This build option is disabled by default and can be enabled
explicitly on distributions which have an older kernel or a fix for the
kernel regression.

Also remove the unused variable num_rx.

(*) Linux kernel commit 576eb62598f10c8c7fd75703fe89010cdcfff596
('bridge: respect RFC2863 operational state') from 2012 introduced a
regression for using wpa_supplicant with EAPOL frames and a station
interface in a bridge.

Signed-off-by: Mohammed Shafi Shajakhan <mohammed@qti.qualcomm.com>
2015-10-25 19:56:53 +02:00
Jouni Malinen
fa46426725 RSN: Do not try to connect if PMF disabled and AP requires it
Instead of trying to associate in configuration that is known to result
in the AP rejecting the association, reject the BSS candidate based on
the MFPR=1 RSN capability when STA configuration has PMF disabled.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-25 19:37:17 +02:00
Jouni Malinen
8acbe7f2a4 WNM: Verify WNM Sleep Mode element length
This element is required to have at least four octets of actual payload.
This was not previously verified before use and the extra buffer data
after the IE might have been used instead if a received WNM-Sleep Mode
Response frame was invalid.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-25 19:37:17 +02:00
Jouni Malinen
dacd789f6d WNM: Mark set TFS buffer const
This moves the type cast needed for the current driver interface to
ieee802_11_set_tfs_ie() to allow the WNM-Sleep parsing routines to use
const pointers.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-25 19:37:17 +02:00
Jouni Malinen
f758ae7665 P2P SD: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-25 15:34:59 +02:00
Jouni Malinen
619fdfacc4 HS 2.0: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-25 15:34:59 +02:00
Jouni Malinen
904e977bc7 Avoid undefined behavior in pointer arithmetic in scan result IE parsing
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-25 15:34:59 +02:00
Jouni Malinen
bdce45b83e WNM: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-25 15:34:59 +02:00
Jouni Malinen
1f32a23962 Avoid undefined behavior in pointer arithmetic in BSS IE parsing
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-24 21:43:54 +03:00
Jouni Malinen
67fea55ca2 Interworking: Avoid undefined behavior in pointer arithmetic
Reorder terms in a way that no invalid pointers are generated with
pos+len operations. end-pos is always defined (with a valid pos pointer)
while pos+len could end up pointing beyond the end pointer which would
be undefined behavior.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-24 21:43:54 +03:00
Jouni Malinen
ca33a5e895 Add "git describe" based version string postfix
If hostapd or wpa_supplicant is built from a git repository, add a
VERSION_STR postfix from the current git branch state. This is from "git
describe --dirty=+". VERSION_STR will thus look something like
"2.6-devel-hostap_2_5-132-g4363c0d+" for development builds from a
modified repository.

This behavior is enabled automatically if a build within git repository
is detected (based on ../.git existing). This can be disabled with
CONFIG_NO_GITVER=y in wpa_supplicant/.config and hostapd/.config.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-16 22:20:55 +03:00
Jouni Malinen
4363c0d6f5 eapol_test: Add -v for displaying version information
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-16 22:00:11 +03:00
Avraham Stern
932267ad67 P2P: Add P2P_ASSOC_RESP to P2P vendor elements
Vendor specific IEs added to frame type P2P_ASSOC_RESP are saved in
the interface context, but as they are added as part of the P2P IEs,
they need to be saved in the global P2P context.

Fix this by directing vendor specific IEs added to P2P_ASSOC_RESP
frame type to the P2P context.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2015-10-16 20:47:41 +03:00
Jouni Malinen
e699a7a9b3 P2P: Add more debug prints for Action frame TX clearing steps
This makes it easier to analyze debug logs for issues related to
multiple pending Action TX frames.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-15 21:20:22 +03:00
Avraham Stern
1a21fd37f9 Do not expire scan results based on aborted scan
Do not expire scan results entries based on scan results from a scan
that was aborted. The aborted scan did not scan all the requested
channels or SSIDs, so the fact that a BSS is missing from the scan
results does not mean it is not available.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2015-10-14 21:12:28 +03:00
Avraham Stern
0aed3f5a80 P2P: Set CTWindow only for P2P GO
CTWindow was set for all AP interfaces if the driver supports it and
this parameter is set in wpa_supplicant configuration. This results in
failing to start an AP that is not a P2P GO as this setting is rejected
by the driver.

Fix that by setting the CTWindow only for P2P GO interface.

Signed-off-by: Avraham Stern <avraham.stern@intel.com>
2015-10-14 21:09:41 +03:00
Ningyuan Wang
c143c3b72a D-Bus: Add a dbus handler for expected disconnection
Add a global D-Bus handler ExpectDisconnect for setting
wpa_s->own_disconnect_req flag. This flag will prevent wpa_supplicant
from adding blacklists and requesting incomplete scan upon the incoming
disconnection. This is mainly meant for a case where suspend/resume is
used and some external component knows about that and can provide the
information to wpa_supplicant before the disconnection happens.

Signed-off-by: Ningyuan Wang <nywang@google.com>
2015-10-12 18:03:11 +03:00
Jouni Malinen
a8412ec9d0 Clear own_disconnect_req on new connection attempt
It was possible for wpa_s->own_disconnect_req to be left set to 1 from a
disconnection attempt from a prior connection. This could then prevent
proper connection failure processing with the new connection in
wpas_connection_failed(). This was triggered by the following hwsim test
case sequence: wpas_mesh_secure sae_no_ffc_by_default. In this sequence,
the SAE failure due to unsupported group did not result in proper
wpas_connection_failed() processing and retry.

Fix this by clearing wpa_s->own_disconnect_req in
wpa_supplicant_associate() before starting a new connection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-12 14:24:06 +03:00
Max Stepanov
cd571e14dd P2PS: Fix persistent group reporting in wpas_p2ps_prov_complete()
When one peer doesn't include a persistent group info in PD Request
the other peer shouldn't report a persistent group usage with this
peer even if such a persistent group exists locally. This condition
could be violated in the previous implementation.

In case a local persistent group exists and the
wpas_p2ps_prov_complete() function is called with persist_ssid parameter
set to NULL, wpa_supplicant reported P2PS-PROV-DONE with persist=<idx>
instead of conncap=<role> parameter.

This happened because the wpas_p2p_get_persistent() function was called
without verification whether the persist_ssid was set to NULL. In this
case the wpas_p2p_get_persistent() returns the first existing persistent
group matching the P2P Device Address without verifying the group's
SSID. After that the group ID is used as persist=<idx> parameter of
P2PS-PROV-DONE event.

Fix the issue by adding persist_ssid and persist_ssid_size verification
as a condition for the wpas_p2p_get_persistent() call.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
2015-10-11 21:42:03 +03:00
Ilan Peer
8bb8e6edb8 P2PS: Indicate the chosen operating frequency
On successful P2P PD, report the chosen frequency in case the local
device is going to be the P2P GO, so in can later be used to instantiate
the new P2P GO, etc.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-10-11 21:42:03 +03:00
Ilan Peer
ebd32943cb P2PS: Add channel policy to PD Request
Add operating channel selection and channel list processing similar to
that done when building GO Negotiation Request, i.e., consider the
currently used channels, configured channels, etc.

P2PS introduces a flow where a responder needs to provide channel data
without being previously aware of the current constraints, i.e., the
channels currently in use by other interfaces. To handle this, extend
the get_group_capability() callback to also handle channel selection
aspects of group capabilities.

In case there is an active P2P GO that is going to be used for the P2PS
PD, force its current operating frequency in the PD attributes.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-10-11 21:42:03 +03:00
Ilan Peer
f8a80e39b3 P2PS: Change connection capability handling
Change the connection capability handling so that in case there are no
active roles, the peer has an active GO, and the advertisement supports
operation as a client, the returned connection capability is set to
client.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-10-07 17:07:21 +03:00
Ilan Peer
ab804bcb6f P2PS: Re-factor p2ps_group_capability()
The code was iterating all the interfaces, and for each interface
iterated all the network blocks to count active P2P GO and P2P Client
interfaces.

Change the code to reuse wpas_p2p_get_go_group() to get a P2P GO
interface and add wpas_p2p_get_cli_group() and use it to find a
P2P Client interface, and use these objects when evaluating the
group capability.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-10-07 17:07:21 +03:00
Ilan Peer
8d5e73290f P2PS: Re-factor wpas_p2p_get_go_group() and wpas_p2p_group_go_ssid()
Re-factor wpas_p2p_get_go_group() to:

1. Skip the dedicated P2P Device management interface if it is used.
2. Instead of iterating all the interface configured networks,
   only access the current_ssid pointer to check if the current
   interface is acting as a persistent P2P GO.

To avoid code duplication, also re-factor wpas_p2p_group_go_ssid()
to call wpas_p2p_get_go_group().

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-10-07 17:07:21 +03:00
Jouni Malinen
876e74aa5f Interworking: Fix wpa_supplicant build without CONFIG_HS20=y
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-07 17:07:21 +03:00
Jouni Malinen
8c4a1026b8 Interworking: Support unknown ANQP-elements in BSS table
This allows wpa_supplicant to expose internally unknown ANQP-elements in
the BSS command. For example, "ANQP_GET <BSSID> 265" can be used to
fetch the AP Geospatial Location ANQP-element and if the AP has this
information, the "BSS <BSSID>" command will include the response as
"anqp[265]=<hexdump>".

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-07 17:07:21 +03:00
Adam Langley
aeeb0bca71 Android: Fix keystore-backed keys with BoringSSL
The switch to BoringSSL broke keystore-backed keys because
wpa_supplicant was using the dynamic ENGINE loading to load
the keystore module.
The ENGINE-like functionality in BoringSSL is much simpler
and this change should enable it.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2015-10-06 23:10:17 +03:00
Bob Copeland
681753f23c mesh: Generate proper AID for peer
IEEE Std 802.11-2012 13.3.1 states that the AID should be generated on
the local node for each peer. Previously, we were using the peer link ID
(generated by the peer) which may not be unique among all peers. Correct
this by reusing the AP AID generation code.

Signed-off-by: Bob Copeland <me@bobcopeland.com>
2015-10-06 01:27:29 +03:00
Jouni Malinen
12ea4cff6b Add forgotten list entry removal for control interface deinit
dl_list_del() must be called before freeing the list entries. Neither of
these cases caused problems because the full list data structure was
freed, but still, it is better to do this properly.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-04 18:52:38 +03:00
Jouni Malinen
3fdaaa8fc4 Throttle control interface event message bursts
Some operations like a new scan result processing can result in large
number of wpa_supplicant control interface messages being generated.
Especially with multiple control interface monitors, this could result
in hitting the output queue length maximum and event messages getting
dropped. In worst case, that could even result in hitting ten
consecutive sendto() errors which could result in an attached monitor
socket getting detached.

Avoid this type of issues by throttling monitor event transmission based
on the output queue length. If more than half of the maximum send buffer
is used, postpone sending of following event messages until the pending
output queue has dropped below the limit.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-04 18:52:15 +03:00
Jouni Malinen
a530fe778b Add wpa_supplicant EVENT_TEST control interface command
This testing command makes it easier to debug bursts of event message.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-10-04 11:45:13 +03:00
Luciano Coelho
7d82170aba Set channel and operating class in hostapd_fill_csa_settings()
The CSA channel and operating class values need to be set for all types
of channel switch (i.e., either if it's triggered by the control
interfaces or due to the GO-follows-STA flow). To do so, move the code
that sets them from the GO-follows-STA flow to the more generic
hostapd_fill_csa_settings() function.

Signed-off-by: Luciano Coelho <luciano.coelho@intel.com>
2015-10-03 21:26:23 +03:00
Andrei Otcheretianski
2d3943ce5b nl80211: Specify CSA offsets in send_mlme() driver op
Some management frames contain CSA counters which should be updated by
kernel. Change driver op send_mlme() allowing to send a frame,
specifying an array of offsets to the CSA counters which should be
updated. For example, CSA offsets parameters should be specified when
sending Probe Response frames during CSA period.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2015-10-03 21:07:35 +03:00
Ilan Peer
61f121d925 Handle channel switch notification for other interface types
Channel switch notification was handled only for AP/GO interfaces. As
the notification can be sent on other interface types as well, extend
the handling to handle other interface types.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-10-03 21:01:49 +03:00
Andrei Otcheretianski
98b0508121 P2P: Implement P2P_GO_FREQ_MOVE_SCM_ECSA policy
Add new GO frequency move policy. The P2P_GO_FREQ_MOVE_SCM_ECSA prefers
SCM if all the clients advertise eCSA support and the candidate
frequency is one of the group common frequencies.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2015-10-03 20:30:40 +03:00
Andrei Otcheretianski
3bafb0d842 P2P: Trigger channel selection correctly during CSA
Do not consider moving GOs to a new channel if one of them is in the
middle of CSA. In addition, call wpas_p2p_update_channel_list() after
EVENT_CH_SWITCH is handled.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2015-10-03 20:22:09 +03:00
Ilan Peer
23dcb302eb P2P: Relax wpas_p2p_init_go_params() for P2P GO CSA
wpas_p2p_move_go_csa() uses wpas_p2p_init_p2p_params() to select the
frequency to move to. However, it is possible that all the channels are
already used, so the selection of a new frequency would fail, although
the frequency used by the P2P GO should not be considered as used if it
is the only one using it.

To overcome this, allow the frequency selection to continue even if all
the frequencies are in use, but the frequency used by the P2P GO is not
used by any station interface.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-10-03 20:16:51 +03:00
Andrei Otcheretianski
73afc20d40 P2P: Implement wpas_p2p_move_go_csa()
Use channel switch mechanism to move a P2P GO to a new channel,
when required. In order to be able to reconfigure the GO channel,
split wpa_supplicant_conf_ap() function, so the frequency
configuration part can be reused to find additional CSA settings.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2015-10-03 20:10:37 +03:00
David du Colombier
33bce0e732 wpa_cli: Fix static linking with readline
The readline library depends on ncurses, so it should be set before
ncurses on the linker command line to be able to be statically linked
successfully.

Signed-off-by: David du Colombier <0intro@gmail.com>
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
2015-10-01 20:49:54 +03:00
Jouni Malinen
b658547dd5 nl80211: Add build option for QCA vendor extensions
This allows the binary sizes to be reduced if no support for nl80211
vendor extensions are needed.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-01 12:45:27 +03:00
Kanchanapally, Vidyullatha
e903d32d41 Parallelize distinct radio work operations
This commit contains the necessary changes to parallelize
distinct radio work operations which are different in type and
the band used, only when the underlying driver is capable of
supporting such simultaneous offchannel operations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-01 01:41:46 +03:00
Kanchanapally, Vidyullatha
adcd7c4b0b nl80211: Support vendor scan together with normal scan
Allow wpa_supplicant to use vendor scan (if supported by the driver)
together with the normal nl80211 scan and handling external scan events.
Since this results in possibility of concurrent scan operations, some of
the operations related to scan results need to check more carefully when
an event is relevant for a specific interface.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-10-01 01:41:46 +03:00
Jouni Malinen
49c36b708e Add ChangeLog entries for v2.5
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-27 22:02:05 +03:00
Maneesh Jain
be5ab8d4ab D-Bus: Add InvitationReceived Signal
This is equivalent to the P2P_EVENT_INVITATION_RECEIVED signal on the
control interface. It can be used to sent the Invitation Received signal
to applications written using D-Bus.

Signed-off-by: Maneesh Jain <maneesh.jain@samsung.com>
2015-09-27 15:55:11 +03:00
Saurav Babu
0a7b2a02eb D-Bus: Add Signal to notify WPS PBC Overlap event
Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
2015-09-27 12:52:34 +03:00
Saurav Babu
893e2cf961 D-Bus: Add signal to notify WPS timeout event
Signed-off-by: Saurav Babu <saurav.babu@samsung.com>
2015-09-27 12:47:47 +03:00
Andrei Otcheretianski
55b4cc6dd7 wpa_supplicant: Fix channel switch notification with VHT
Fix a bug in wpas_ap_ch_switch() function, which didn't pass VHT
frequencies correctly to hostapd_event_ch_switch().

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2015-09-25 21:09:58 +03:00
Andrei Otcheretianski
d7ded54774 Update wpa_s->current_ssid->frequency on CS event
Update wpa_s->current_ssid->frequency when EVENT_CH_SWITCH is received.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2015-09-25 21:07:01 +03:00
Andrei Otcheretianski
22264b3c61 Fix get_shared_radio_freqs_data() used-by flags setting
Fix an iteration bug in get_shared_radio_freqs_data when building
freqs_data array. Only the last used-by flag was maintained instead of
making this a bitfield of all found uses.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2015-09-25 21:02:55 +03:00
Masashi Honma
241c33335b mesh: Add support for scanning only the current frequency
This patch enables scan_cur_freq=1 on VIF based mesh network.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2015-09-25 20:59:32 +03:00
Nishant Chaprana
fd7d3c495e D-BUS: dev_passwd_id should be "q" because it uses DBUS_TYPE_UINT16
This corrects the type of dev_passwd_id in GONegotiationRequest event.
This field is packed as DBUS_TYPE_UINT16 but in
wpas_dbus_interface_signals it was "i" which is DBUS_TYPE_INT32.

Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
2015-09-25 20:54:11 +03:00
Jouni Malinen
de78844b33 Fix EAP-EKE peer build rules
NEED_AES_CBC is needed for EAP-EKE builds.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-25 19:43:44 +03:00
Alan T. DeKok
939471b9eb Linker changes for building eapol_test on OS X
Signed-off-by: Alan DeKok <aland@freeradius.org>
2015-09-25 19:32:14 +03:00
Sunil Dutt
c9cfa6a9af Android: Avoid same per-iface and global ctrl socket
Android platform assigns the same socket id if the socket identifier in
conf->ctrl_interface and global->params.ctrl_interface (parameter for
android_get_control_socket) point to the same Android specific control
socket. This ends up having two eloop socket handlers registered for the
same file descriptor and thus, two attempt to receive and process each
command. This can result in unexpected failure, e.g., the prefix IFNAME=
for any command is valid for global socket handler, but results in
UNKNOWN COMMAND response from the per-interface ctrl socket handler).

Since it might be possible to end up with this type of invalid
configuration in OTA upgrade, compare the socket identifiers and do not
open the ctrl socket on the respective interface if both point to same.
This allows the Wi-Fi framework to use the global control interface.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-09-24 13:10:10 +03:00
Jouni Malinen
5a1d9d1a8e Avoid reconnection on ENABLE_NETWORK if already connected
This was already the case for most command sequences, but it was
possible for wpa_s->reassociate to be set to 1 when CTRL-RSP-* commands
were used to set identity, password, or passphrase for EAP
authentication. In such cases, ENABLE_NETWORK issued after the
connection was completed could result in a new connection attempt
(likely reconnection back to the same BSS).

Fix this by checking whether an actual connection is already present
even if wpa_s->reassociate is set when processing the ENABLE_NETWORK
command.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-09-22 11:55:54 +03:00
Sunil Dutt
ce7d0eb184 Update AP WPA/RSN IE on all associations if driver can select BSS
It is possible for driver-based BSS selection to end up reassociating
back to the current AP. If wpa_supplicant preferred another BSS, it
would have updated the internal knowledge of the AP's WPA/RSN IE when
requesting a new connection. In the special case of existing association
and new association being with the same BSS that is different from the
wpa_supplicant preference, association event processing skipped the
WPA/RSN IE update. This could result in the following 4-way handshake
getting rejected due to incorrectly detected mismatch with AP's RSN/WPA
IE between Beacon/Probe Response frame and EAPOL-Key msg 3/4.

Fix this by updating the AP WPA/RSN IE on all association events when
driver-based BSS selection is used regardless of whether the BSSID
changes. This could also cover a theoretical case of the AP changing its
RSN/WPA IE at the very moment we try to reassociate back to the same
BSS.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-09-17 17:40:40 +07:00
Jouni Malinen
43fa110b0b Drop some control interface debug print verbosity for send operations
These prints were at DEBUG level (-d), but they can be very frequent, so
drop them to MSGDUMP (-dd). This allows the prints to be suppressed in
common debugging cases while still leaving them easily enablable to
debug control interface issues without having to enable excessive
debugging.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-09-10 11:19:44 +03:00
Jouni Malinen
8db9a79d41 Reduce debug verbosity for read-only control interface commands
Commands like BSS and GET_NETWORK are used in some cases very frequently
and those can increase the amount of debug information from
wpa_supplicant without significant benefit. These were logged at the
DEBUG level (-d). Move logging of such read-only commands (i.e., no new
wpa_supplicant operation is started based on it) to EXCESSIVE level
(-ddd) which was already used for the PING command.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-09-10 11:17:19 +03:00
Nishant Chaprana
2a95fac944 P2P: Add D-Bus signal GroupFormationFailure
This is similar to the control interface event
P2P-GROUP-FORMATION-FAILURE.

Signed-off-by: Nishant Chaprana <n.chaprana@samsung.com>
2015-09-05 23:01:20 +03:00
Jouni Malinen
6f416c7867 RSN IBSS: Fix segfault on error path
If wpa_init() fails, wpa_deinit(NULL) must not be called to avoid
hitting a NULL pointer dereference.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-05 21:35:16 +03:00
Masashi Honma
449d63d6b7 mesh: Fix memory leak on error path
Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2015-09-05 21:31:25 +03:00
Masashi Honma
a5d2bf2473 mesh: Fix segfault on error path
When wpa_init() in __mesh_rsn_auth_init() failed, empty rsn->auth caused
segmentation fault due to NULL pointer dereference when wpa_deinit() was
called. Fix this by checking the pointer before executing deinit steps.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2015-09-05 21:31:25 +03:00
Masashi Honma
f029c44cf2 mesh: Add RSN IE to Mesh Peering Open/Confirm frames
The RSN IE is required by IEEE Std 802.11-2012 on SAE use case:
Table 8-262 Mesh Peering Open frame Action field format
Table 8-263 Mesh Peering Confirm frame Action field format

Add the RSN IE to these frames.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2015-09-05 21:19:25 +03:00
Masashi Honma
8a51dcbc2f mesh: Rename IE field to clarify its use
This is used only for RSNE.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2015-09-05 21:15:53 +03:00
Jouni Malinen
dcc8bc82e0 Add BSS operating frequency to more debug messages
This makes it easier to analyze debug logs when figuring out channel
related issues.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-05 20:40:44 +03:00
Jouni Malinen
c4f0c4d67d wpa_gui: Increase control interface message buffer for LIST_NETWORKS
Double the buffer length from 2048 to 4096 to match the length used
currently in wpa_supplicant. This allows wpa_gui to retrieve information
for more networks than previously.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-05 19:28:56 +03:00
Jouni Malinen
ec4387f9c9 Indicate CTRL-EVENT-AUTH-REJECT event on authentication rejection
This allows control interface monitors to get more detailed information
in cases where wpa_supplicant-based SME receives an Authentication frame
with non-zero status code.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-05 19:11:02 +03:00
Jouni Malinen
6ebe816be0 wpa_priv: Add authentication command and event
These are needed to work with nl80211 driver interface.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-05 13:21:17 +03:00
Jouni Malinen
06f52b12f9 wpa_priv: Add support for EVENT_SCAN_STARTED
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-05 12:39:11 +03:00
Jouni Malinen
d01136a06e wpa_priv: Print unsupported driver event name in debug log
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-05 12:35:59 +03:00
Jouni Malinen
c968f2d56c wpa_priv: Clear extended_capa pointers
For now, there is no support for passing extended_capa pointers through
the driver_privsep.c interface from wpa_priv. Avoid leaving bogus
pointers by explicitly clearing these on both wpa_priv and
wpa_supplicant sides.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-05 12:32:58 +03:00
Jouni Malinen
20396ab8e4 wpa_priv: Add support for global driver interface context
This is needed with driver_nl80211.c to be able to use the newer
wpa_driver_ops::init2() alternative.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-05 12:03:18 +03:00
Jouni Malinen
85f4381e14 wpa_priv: allow l2_packet to be opened for ethertype 0x890d
This is needed to initialize TDLS functionality.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-05 11:54:06 +03:00
Jouni Malinen
bd1f06aaa8 wpa_priv: Add -c argument to usage text
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-05 11:44:34 +03:00
Jouni Malinen
ebf05623c4 wpa_priv: Fix early exit path
eloop_destroy() cannot be called before eloop_init() have been called
successfully.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-05 11:41:49 +03:00
Jouni Malinen
8406cd3515 Make it clearer that ap_scan=2 mode should not be used with nl80211
Add more details into configuration comments and a runtime info message
if ap_scan=2 is used with the nl80211 driver interface.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-09-05 01:04:29 +03:00
Manikandan Mohan
4ae7120919 Allow wpa_cli/hostapd_cli client socket directory to be specified
This adds a new helper function wpa_ctrl_open2() that can be used
instead of wpa_ctrl_open() to override the default client socket
directory. Add optional -s<directory path> argument to hostapd_cli and
wpa_cli to allow the client socket directory to be specified.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-09-01 11:17:43 +03:00
Jouni Malinen
fc078be2dd Allow BSS to return information for AP that uses an invalid WSC IE
Previously, the BSS command returned an error if the WSC IE(s) in scan
results could not be parsed. This may be not ideal for all cases, to
instead of rejecting the command completely, return all other
information apart from the WPS information in such a case.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-30 00:01:48 +03:00
MAYANK HAARIT
80bb38742c dbus: Fix a typo in function comment
Signed-off-by: Mayank Haarit <mayank.h@samsung.com>
Signed-off-by: Dilshad Ahmad <dilshad.a@samsung.com>
2015-08-28 00:23:23 +03:00
Jiří Klimeš
98da137545 dbus: Do not quote scan_freq and freq_list in dbus_old_handlers.c
scan_freq and freq_list are not parsed correctly by
wpa_config_parse_int_array() if quoted.

Patch for dbus_old_handlers.c, the same change as done by Robert Shade
<robert.shade@gmail.com> for dbus_new_handlers.c in commit
99276998fa ('dbus: Do not quote scan_freq
and freq_list').

Signed-off-by: Jiří Klimeš <jklimes@redhat.com>
2015-08-28 00:13:26 +03:00
Jouni Malinen
d9c807cab1 Fix key derivation for Suite B 192-bit AKM to use SHA384
While the EAPOL-Key MIC derivation was already changed from SHA256 to
SHA384 for the Suite B 192-bit AKM, KDF had not been updated similarly.
Fix this by using HMAC-SHA384 instead of HMAC-SHA256 when deriving PTK
from PMK when using the Suite B 192-bit AKM.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-27 20:42:14 +03:00
Mitchell Wills
a218e1ded4 Make sure configuration is saved to storage device
Config file is written to a temp file and then it is renamed to the
original config file. However, it is possible that the rename operation
will be commited to storage while file data will be still in cache
causing original config file to be empty or partially written in case of
a system reboot without a clean shutdown. Make this less likely to occur
by forcing the data to be written to the storage device before renaming
the file.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2015-08-27 18:06:05 +03:00
Jingxiang Ge
3008d0a6b8 Do not mark BSS entry in use if SSID has changed
This allows a BSS entry to be expired if the AP has changed its SSID
while maintaining the same BSSID and we are associated with the BSS.
Previously, the same BSSID was enough to mark all BSS entries from the
BSSID as in use regardless of the SSID and as such, they could remain in
the wpa_supplicant BSS table indefinitely as long as the association
remaining.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-26 16:46:28 +03:00
Jouni Malinen
137b293963 Remove unnecessary NULL check from LOG_LEVEL handler
cmd cannot be NULL here, so there is no need to check it before calling
os_strlen().

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-22 00:22:12 +03:00
Jouni Malinen
941cd3ec70 P2P: Request fresh scan results after GO Negotiation
The P2P group is not yet operating when going through GO Negotiation
exchange. Previously, an old cached scan result could be used to skip
the scan immediately after the GO Negotiation. While this is quite
unlikely to happen in practice, we can easily force a scan here now with
the generic scan_min_time mechanism. Do that to avoid any corner cases
that a previous instance of the group could have if found in cached scan
results.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-22 00:22:12 +03:00
Jouni Malinen
dfaf11d648 P2P: Require fresh scan results for persistent group re-invocation
The P2P group is not yet operating when going through invitation
exchange for re-invocation. Previously, an old cached scan result could
be used to skip the scan immediately after the invitation exchange.
While this may result in the fastest possible connection, it does have
some issues with cases where the GO takes some time to start up. It
would also be at least theoretically possible for some of the BSS
parameters to be different, so having a fresh scan result from the new
GO instance may be desired in any case.

Add a mechanism to skip scan results that have been last updated before
a specific point in time and as the first user for this mechanism,
require chan results to be more recent than the invitation message
exchange for the P2P Client role in persistent group re-invocation case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-22 00:22:12 +03:00
Jouni Malinen
8493fe3457 eapol_test: Add an example controller script for RADIUS testing
This new script can be used as an example of load testing for RADIUS
authentication servers. It can control multiple eapol_test processes
over the control interface to run EAP-TLS authentication. As an example,
the following commands would run eight instances of eapol_test
concurrently:

for i in 0 1 2 3 4 5 6 7; do
    ./eapol_test -T /tmp/eapol_test -i $i > eapol_test.log$i &
done

time ./eapol_test.py --ctrl /tmp/eapol_test --num 8 --iter 100
0: PASS 100
1: PASS 100
2: PASS 100
3: PASS 100
4: PASS 100
5: PASS 100
6: PASS 100
7: PASS 100

real	0m0.339s

time ./eapol_test.py --ctrl /tmp/eapol_test --num 8 --iter 100 --no-fast-reauth
0: PASS 100
1: PASS 100
2: PASS 100
3: PASS 100
4: PASS 100
5: PASS 100
6: PASS 100
7: PASS 100

real	0m1.876s

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-22 00:22:09 +03:00
Jouni Malinen
048d084d45 eapol_test: Add a new operation mode for control interface use
The -T<ctrl_iface> command line argument can now be used to start
eapol_test in mode where the configuration file is not needed and the
authentication operations are started through the control interface.
Network profile is also managed through the control interface in this
case. This can be used to provide more control for scripted RADIUS
authentication server testing.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-21 00:48:29 +03:00
Jouni Malinen
3b3677b3bc eapol_test: Allow interface name to be specified
The new -i<ifname> command line argument can be used to specify the name
of the interface to use. This is mainly to allow unique control
interface names to be defined without having to use multiple
directories.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-20 23:13:33 +03:00
Jouni Malinen
812f28b79c BoringSSL: Allow internal AES key wrap to be used with "OpenSSL" build
It looks like BoringSSL has removed the AES_wrap_key(), AES_unwrap_key()
API. This broke wpa_supplicant/hostapd build since those functions from
OpenSSL were used to replace the internal AES key wrap implementation.
Add a new build configuration option
(CONFIG_OPENSSL_INTERNAL_AES_WRAP=y) to allow the internal
implementation to be used with CONFIG_OPENSSL=y build to allow build
against the latest BoringSSL version.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-18 01:56:02 +03:00
Jouni Malinen
35d403096e Set NORMAL_SCAN_REQ on SELECT_NETWORK/ENABLE_NETWORK
wpa_s->scan_req needs to be set in these cases to get correct scanning
behavior. This is mainly needed for starting of AP mode operation
immediately in ap_scan=2 case.

This fixes an issue that was found with mac80211_hwsim test cases in the
following sequence: dbus_autoscan dbus_ap_scan_2_ap_mode_scan

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-17 00:18:32 +03:00
Andrei Otcheretianski
d494ca0be4 P2PS: Consider WPS P2PS method when joining a group
If P2PS PD concludes to use default P2PS method wpas_p2p_scan_res_join()
ignores this value and tries to perform a redundant legacy PD.
Fix this by considering WPS_P2PS method too.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-08-14 23:56:12 +03:00
Mike Gilbert
cda3a40fce systemd: Order wpa_supplicant before network.target
Ordering the units before network.target causes them to be stopped
after network.target on shutdown. This ensures that any network
filesystems will be unmounted before wpa_supplicant is killed.

Adding Wants=network.target ensures that network.target will be included
in the active dependency graph. This is typical of units which are
involved in networking setup functions.

Signed-off-by: Mike Gilbert <floppym@gentoo.org>
2015-08-14 23:16:14 +03:00
Jouni Malinen
2e95cfc188 Add debug prints for wpa_supplicant ctrl_iface socket send operations
This makes it easier to track the output queue state on a control
interface socket and determine what could be causing issues with running
out of space in the buffer.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-14 21:18:43 +03:00
Mahesh A Saptasagar
0d0f7ecbb1 Do not stop ongoing PNO sched_scan on association/disconnection
PNO was stopped by the wpa_supplicant during the connection attempts or
while handling disassociation indication. External entities, mainly, the
Android Wi-Fi framework, does not expects PNO to be stopped by other
modules. Hence, do not stop the sched_scan in these scenarios if it is
triggered externally for PNO.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-13 21:10:16 +03:00
Jouni Malinen
0a34b62be9 Do not allow ap_scan=2 scan processing to stop AP mode operation
wpa_supplicant_assoc_try() would result in the currently operating AP to
get stopped if wpa_supplicant_scan() ends up getting triggered without
MANUAL_SCAN_REQ while operating an AP. With ap_scan=2, this could
resulted in unintentional stopping of AP mode operations, so check
explicitly for that case and skip the wpa_supplicant_assoc_try() call if
needed to avoid this.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-11 21:46:38 +03:00
Jouni Malinen
1fbff0b5c4 D-Bus: Set last_scan_req to MANUAL_SCAN_REQ on Scan() trigger paths
The D-Bus Scan() handler was setting wpa_s->scan_req = MANUAL_SCAN_REQ
on the code path that used wpa_supplicant_req_scan(). However, it did
not do anything similar for the cases where
wpa_supplicant_trigger_scan() is called directly. This could result in
unexpected wpa_s->last_scan_req value and incorrect behavior especially
when using ap_scan=2 and running a scan while operating in AP mode. Fix
this by explicitly setting wpa_s->last_scan_req = MANUAL_SCAN_REQ when
using wpa_supplicant_trigger_scan() from the Scan() handler.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-11 21:44:31 +03:00
Ahmad Kholaif
fbcddaed9a P2P: Support driver preferred freq list for invitation case
When using P2P invitation to re-invoke a persistent P2P group without
specifying the operating channel, query the driver for the preferred
frequency list, and use it to select the operating channel of the group.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-11 19:04:45 +03:00
Hu Wang
6108536d7d Drop connection attempt if network is disabled before radio work starts
With the radio work design, it is possible for a network entry to get
disabled (e.g., DISABLE_NETWORK <id>) during the time the connect or
sme-connect radio work waits to start. Previously, only the validity of
the BSS entry and BSSID/SSID was verified when starting the actual
connection step. Add call to wpas_network_disabled() to those checks to
catch the case where the network profile is disabled.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-10 22:16:19 +03:00
Ahmad Kholaif
8e84921efe P2P: Support driver preferred freq list for Autonomous GO case
When starting an autonomous GO without specifying the operating channel,
query the driver for the preferred frequency list, and use it to select
the operating channel of the GO (if supported).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-10 21:27:42 +03:00
Andrei Otcheretianski
b9da88d6c1 P2PS: Authorize any peer for P2PS method if interface address not known
When P2PS PD with default P2PS method is done, the peer that becomes GO
should authorize the client. However, P2PS specification doesn't require
the client to include its intended interface address in PD
Request/Response. As a result, the P2P Client's interface address may not
be known and any address may need to be authorized.

Previously, client's P2P Device Address was used for authorization,
which is not correct when a dedicated interface is used for P2P Client.
This is not resulting in a connection failure, however it causes a
significant delay (until WPS_PIN_TIME_IGNORE_SEL_REG elapses). Fix this
by authorizing the intended interface address, if known; or any address,
if not known.

Signed-off-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
2015-08-06 20:45:15 +03:00
Jouni Malinen
2a098e3668 P2PS: Clean up intended interface address passing to p2ps_prov_complete
Use NULL to indicate if the address is not available instead of fixed
00:00:00:00:00:00. wpas_p2ps_prov_complete() already had code for
converting NULL to that all zeros address for event messages.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-06 20:45:15 +03:00
Max Stepanov
93f22b4583 P2PS: Fix PD PIN event notifications
Change P2PS P2P-PROV-SHOW-PIN/P2P-PROV-ENTER-PIN event notifications
on PD Request/Response handling to meet required P2PS behavior.

The new implemented scheme:
1. For a legacy P2P provision discovery the event behavior remains
   without changes
2. P2PS PD, advertiser method: DISPLAY, autoaccept: TRUE:
   Advertiser: SHOW-PIN on PD request replied with a status SUCCESS
   Seeker: ENTER-PIN on PD response received with a status SUCCESS
3. P2PS PD, advertiser method: DISPLAY, autoaccept: FALSE:
   Advertiser: SHOW-PIN on PD request replied with a status
     INFO_CURRENTLY_UNAVAILABLE
   Seeker: ENTER-PIN on Follow-on PD request with a status
     SUCCESS_DEFERRED
4. P2PS PD, advertiser method: KEYPAD, autoaccept: TRUE/FALSE:
   Advertiser: ENTER-PIN on PD request replied with a status
     INFO_CURRENTLY_UNAVAILABLE
   Seeker: SHOW-PIN on PD response received with a status
     INFO_CURRENTLY_UNAVAILABLE

This change in behavior breaks the existing test cases
p2ps_connect_keypad_method_nonautoaccept and
p2ps_connect_display_method_nonautoaccept. Those will be fixed in a
followup commit.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-08-06 13:56:01 +03:00
Ilan Peer
85e152b646 P2P: Fix P2P_FLUSH clearing of p2p_go_avoid_freq
P2P_FLUSH command did not cleanly clear the p2p_go_avoid_freq data
structure, and left it in an inconsistent state, where the range field
was NULL but the num field was not 0. This would have resulted in an
invalid memory access in freq_range_list_includes().

Fix this.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-08-04 18:59:59 +03:00
Ilan Peer
3a8f008a24 P2P: Do not perform P2P GO CS in some cases
A P2P GO channel switch should not be triggered in all cases that
require channel list update. Specifically, a P2P GO CS should not
be triggered in case that the P2P GO state changed or in case that
that the P2P GO has just completed a CS.

To fix this, add reason code to wpas_p2p_channel_list_update() and
trigger CS flow only for the relevant cases.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-08-04 18:34:47 +03:00
Ilan Peer
dae4c82c95 P2P: Disallow GO CS immediately after GO Negotiation or invitation
A newly created GO might move to another channel before the client was
able to connect to it. This creates a situation where the client
searches the GO on the channel agreed upon during GO Negotiation or
invitation signaling, while the GO is on another channel. This in turn
might lead to delayed connection or connection failure and group
removal.

Fix this by disallowing a GO CS as long as there is some activity that
should delay the switch. If a GO move is not allowed, set a timeout to
re-attempt the move.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-08-04 16:14:30 +03:00
Ilan Peer
c2675c87c3 P2P: Consider channel optimizations for additional cases
Re-factor the code, so channel optimizations would be also triggered
upon the following changes: channel updates from the kernel,
disallow_freq interface, etc.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-08-04 16:09:21 +03:00
Arik Nemtsov
0f4bccdbbe Refactor channel list update event in wpa_supplicant
Update hardware features for all interfaces inside the loop, don't treat
the calling wpa_s instance specially. Perform the P2P channel list
updates after the hardware features are updated. This will prevent P2P
from relying on stale information.

Signed-off-by: Arik Nemtsov <arikx.nemtsov@intel.com>
2015-08-04 16:04:52 +03:00
Ilan Peer
b130812100 P2P: Modify wpas_p2p_init_go_params()
Not all paths in wpas_p2p_init_go_params() verified that the candidate
frequency can be used for GO purposes. Fix this, and in addition
re-factor the code to put better emphasis on the frequency selection
priorities.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-08-04 00:38:54 +03:00
Ilan Peer
a7160f7ede P2P: Remove GO handling in avoid frequency event
Remove the code that considers removing GOs from their current
channel due to frequency interference, as this is already handled
as part of the P2P channels update.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-08-04 00:32:36 +03:00
Ilan Peer
e280110d17 P2P: Move a GO to a frequency that is also supported by the client
A P2P GO interface that was instantiated after a GO Negotiation or
Invitation holds the intersection of frequencies between the GO and the
client. In case the GO is going to move to another frequency, allow it
to move only to a frequency that is also supported by the client.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-08-04 00:27:13 +03:00
Ilan Peer
5e1f480500 P2P: Add a function to compute the group common freqs
Add a function to compute the group common frequencies, and
use it to update the group_common_frequencies as part of the
channel switch flows.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-08-04 00:18:51 +03:00
Ilan Peer
1a471ff081 P2P: Move a GO from its operating frequency
Upon any change in the currently used channels evaluate if a GO should
move to a different operating frequency, where the possible scenarios:

1. The frequency that the GO is currently using is no longer valid,
   due to regulatory reasons, and thus the GO must be moved to some
   other frequency.
2. Due to Multi Concurrent Channel (MCC) policy considerations, it would
   be preferable, based on configuration settings, to prefer Same
   Channel Mode (SCM) over concurrent operation in multiple channels.
   The supported policies:

   - prefer SCM: prefer moving the GO to a frequency used by some other
     interface.
   - prefer SCM if Peer supports: prefer moving the GO to a frequency
     used by some other station interface iff the other station
     interface is using a frequency that is common between the local and
     the peer device (based on the GO Negotiation/Invitation signaling).
   - Stay on the current frequency.

Currently, the GO transition to another frequency is handled by a
complete tear down and re-setup of the GO. Still need to add CSA flow to
the considerations.

Signed-off-by: Ilan Peer <ilan.peer@intel.com>
2015-08-04 00:14:41 +03:00
Jouni Malinen
ab62f96f55 Move debug level string conversion functions to wpa_debug.c
This makes it possible to use these helper functions from hostapd as
well as the current use in wpa_supplicant.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-03 17:44:55 +03:00
Jouni Malinen
84bcb4e7a9 FST: Mark fst_ies buffer const
This buffer is owned by the FST module, so mark it const in the
set_ies() callback to make it clearer which component is responsible for
modifying and freeing this.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-08-03 17:40:30 +03:00
Daichi Ueura
2665c26f91 Android: Handle STATUS-NO_EVENTS command in wpa_cli
NO_EVENTS parameter was added to STATUS command by commit
a6ab82d7b4 ('Android: Add NO_EVENTS
parameter to status command'). This patch adds handling of the new
parameter in wpa_cli so that "status no_events" can be used to specify
this parameter.

Signed-off-by: Daichi Ueura <daichi.ueura@sonymobile.com>
2015-08-02 21:37:10 +03:00
Daichi Ueura
884c649e26 Android: Make wpa_cli work on wifi.interface without extra params
Currently wpa_cli connects to global control interface if -i/-p
parameters are not specified. wpa_cli on global control interface
is not useful since the prefix like "IFNAME=wlan0 " needs to be
added to some commands like "IFNAME=wlan0 scan". And, specifying
-i/-p parameters every time is annoying. To improve efficiency of
debugging, this patch enables to make wpa_cli work without extra
parameters.

If you still want to connect to global control interface,
the following command can be used instead:

 $ wpa_cli -g@android:wpa_wlan0 (or -gwlan0)

Signed-off-by: Daichi Ueura <daichi.ueura@sonymobile.com>
2015-08-02 21:37:10 +03:00
Masashi Honma
ecd40fef74 mesh: Fix mesh SAE auth on low spec devices
The mesh SAE auth often fails with master branch. By bisect I found
commit eb5fee0bf5 ('SAE: Add side-channel
protection to PWE derivation with ECC') causes this issue. This does not
mean the commit has a bug. This is just a CPU resource issue.

After the commit, sae_derive_pwe_ecc() spends 101(msec) on my PC (Intel
Atom N270 1.6GHz). But dot11RSNASAERetransPeriod is 40(msec). So
auth_sae_retransmit_timer() is always called and it can causes
continuous frame exchanges. Before the commit, it was 23(msec).

On the IEEE 802.11 spec, the default value of dot11RSNASAERetransPeriod
is defined as 40(msec). But it looks short because generally mesh
functionality will be used on low spec devices. Indeed Raspberry Pi B+
(ARM ARM1176JZF-S 700MHz) requires 287(msec) for new
sae_derive_pwe_ecc().

So this patch makes the default to 1000(msec) and makes it configurable.

This issue does not occur on infrastructure SAE because the
dot11RSNASAERetransPeriod is not used on it.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2015-08-02 21:37:10 +03:00
Michael Olbrich
be11a59486 P2P: Cancel group formation when deleting a group during group formation
Otherwise P2P remains in provisioning state and continues to skip
extended listening forever.

Signed-off-by: Michael Olbrich <m.olbrich@pengutronix.de>
2015-08-02 21:37:09 +03:00
Purushottam Kushwaha
86e2dcf5a6 P2P: Fix update of listen_reg_class and listen_channel
Allow proper update for listen_reg_class and listen_channel with
changed_parameters [CFG_CHANGED_P2P_LISTEN_CHANNEL] configuration for
command received through ctrl_interface. Without this, "set
p2p_listen_channel" and "set p2p_listen_reg_class" do not update the
listen channel. The D-Bus version was already setting these flags.

Signed-off-by: Purushottam Kushwaha <p.kushwaha@samsung.com>
2015-08-02 21:37:09 +03:00
Jouni Malinen
9f59fe8dc8 P2P: Do not clear wpa_s->go_dev_addr before group removal
This variable is needed to figure out whether a wpa_supplicant interface
is for a P2P group that is (or was) connected to a specific GO. The
previous implementation was able to find such a case only when there was
an association with the GO. However, this may be needed even if there is
a temporary disconnection from the GO. Keep the GO device address
information over such temporary disconnections and only remove it on
group termination. This fixes an issue with D-Bus Peer PropertiesChanged
signals for the Groups property in case a P2P group gets removed due to
group idle timeout instead of explicit group termination command (local
request) or GO notification.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 21:37:09 +03:00
Gautam
d4e597959c P2P: Fix P2P configuration file name
The P2P configuration file is wrongly set as STA configuration file,
even though a separate configuration file is mentioned with '-m' option.
Add initialization and deallocation of global.params->conf_p2p_dev to
fix this.

Signed-off-by: Gautam <gautams@broadcom.com>
2015-08-02 21:37:09 +03:00
Jouni Malinen
7cb53ded11 Add build option to remove all internal RC4 uses
The new CONFIG_NO_RC4=y build option can be used to remove all internal
hostapd and wpa_supplicant uses of RC4. It should be noted that external
uses (e.g., within a TLS library) do not get disabled when doing this.

This removes capability of supporting WPA/TKIP, dynamic WEP keys with
IEEE 802.1X, WEP shared key authentication, and MSCHAPv2 password
changes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
1e4f7bf5d0 Add 'GET_CAPABILITY fips' to enable runtime check for CONFIG_FIPS=y
This can be used to check whether the running wpa_supplicant version was
built with CONFIG_FIPS=y.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-02 16:52:56 +03:00
Jouni Malinen
835c89a16b EAP-TTLS: Disable CHAP, MSCHAP, and MSCHAPV2 in CONFIG_FIPS=y builds
FIPS builds do not include support for MD4/MD5, so disable
EAP-TTLS/CHAP, MSCHAP, and MSCHAPV2 when CONFIG_FIPS=y is used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-01 21:07:44 +03:00
Jouni Malinen
276a3c44dd OpenSSL: Implement aes_wrap/aes_unwrap through EVP for CONFIG_FIPS=y
The OpenSSL internal AES_wrap_key() and AES_unwrap_key() functions are
unfortunately not available in FIPS mode. Trying to use them results in
"aes_misc.c(83): OpenSSL internal error, assertion failed: Low level API
call to cipher AES forbidden in FIPS mode!" and process termination.
Work around this by reverting commit
f19c907822 ('OpenSSL: Implement aes_wrap()
and aes_unwrap()') changes for CONFIG_FIPS=y case. In practice, this
ends up using the internal AES key wrap/unwrap implementation through
the OpenSSL EVP API which is available in FIPS mode. When CONFIG_FIPS=y
is not used, the OpenSSL AES_wrap_key()/AES_unwrap_key() API continues
to be used to minimize code size.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-08-01 16:56:59 +03:00
Ahmad Kholaif
fc71f7d99d P2P: Expose driver preferred frequency list fetch to P2P
This adds a callback function that can be used from the P2P module to
request the current preferred list of operating channels from the
driver.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-30 22:13:48 +03:00
Ahmad Kholaif
370017d968 P2P: Use preferred frequency list from the local driver
If the driver supports the preferred frequency list extension, use this
information from the driver when no explicitly configured preference
list (p2p_pref_chan) is present for P2P operating channel selection.
This commit adds this for GO Negotiation and Invitation use cases.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-30 22:13:48 +03:00
Jouni Malinen
34c5267bbc Return error from wpa_drv_get_pref_freq_list() if no driver support
Commit 983422088f ('nl80211: Add means to
query preferred channels') return success if no driver wrapper callback
was provided for fetching the preferred channel list. That is
problematic since the *num argument is not updated and uninitialized
freq_list could end up getting used with arbitrary frequency values. Fix
this by returning error in case the values were not available due to
driver wrapper not implementing the function. This matches the style
used in the driver_nl80211.c implementation for the case where the
driver does not support such fetch operation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-30 22:13:47 +03:00
Ahmad Kholaif
983422088f nl80211: Add means to query preferred channels
Extend the QCA vendor specific nl80211 interface to query the preferred
frequency list from driver and add a new wpa_cli command to query this
information.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-29 19:46:31 +03:00
Ahmad Kholaif
7c813acf9c P2P: Inform driver of the operating channel following group formation
Upon GO Negotiation completion, if the remote peer becomes GO, send a
hint event over QCA vendor specific interface to inform the driver of
the likely operating channel of the P2P GO.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-29 19:10:16 +03:00
Srinivas Dasari
844dfeb804 QCA vendor command support to set band to driver
Add vendor command to pass SET setband command to the driver and read
the updated channel list from driver when this notification succeeds.
This allows the driver to update its internal channel lists based on
setband configuration.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-28 21:00:18 +03:00
Jouni Malinen
16bc3b8935 OpenSSL: Add SHA256 support in openssl_tls_prf() for TLSv1.2
This is needed when enabling TLSv1.2 support for EAP-FAST since the
SSL_export_keying_material() call does not support the needed parameters
for TLS PRF and the external-to-OpenSSL PRF needs to be used instead.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-28 21:00:17 +03:00
Max Stepanov
88f3d7c980 P2PS: Add feature capability to PD events
Report the feature capability on P2PS-PROV-START and P2PS-PROV-DONE
ctrl-iface events. A feature capability value is specified as
'feature_cap=<hex>' event parameter, where <val> is a hexadecimal
string of feature capability bytes in a PD Response frame.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-27 00:47:19 +03:00
Max Stepanov
0670de74ae P2PS: Add CPT parameter to P2PS_PROVISION and P2PS_PROVISION_RESP
Add a parameter allowing to specify a value of Coordination
Protocol Transport to P2PS_PROVISION and P2PS_PROVISION_RESP commands.

Extend the p2ps_provision structure to contain cpt_priority and
cpt_mask properties and initialize them on a P2PS PD request command.

The format of the parameter:
    cpt=<cpt>[:cpt]

where <cpt> is CPT name e.g. UDP or MAC. The CPT names are listed
according to their preferences to be used for a specific P2PS session.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-27 00:47:19 +03:00
Max Stepanov
e2b7fbf2fb P2PS: Add CPT parameter to P2P_SERVICE_ADD asp command
Add Coordination Transport Protocol parameter to P2P_SERVICE_ADD
asp command.

Extend p2ps_advertisement structure to contain CPT priorities
and a supported CPT bitmask.

The format of the new parameter:
    cpt=<cpt>[:<cpt>]

where <cpt> is a name of the Coordination Protocol Transport.
This implementation supports two CPT names: UDP and MAC.
The order of specified CPTs defines their priorities where
the first one has the highest priority.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-27 00:47:19 +03:00
Jouni Malinen
5dbd3bf915 FST: Avoid memory leak on double FST-ATTACH
Do not allow wpa_s->fst to be replaced when processing FST-ATTACH
command for an interface that has already been attached.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-26 18:12:09 +03:00
Jouni Malinen
b525cbab86 wpa_cli: Skip action script execution when eloop termination is pending
Try to exit more quickly by avoiding execution of the action script for
any pending events if the process is requested to be killed. This may
help in avoiding hitting the two second SIGALRM workaround in eloop in
case some of the action scripts block for long period of time.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-22 17:10:32 +03:00
Jouni Malinen
df4cea898c FST: Include fst/fst.h explicitly into wpa_supplicant/ctrl_iface.c
This header file is needed to get struct fst_iface_cfg and struct
fst_wpa_obj defined. While it does currently get pulled in through
ap/hostapd.h and ap/ap_config.h, a more explicit inclusion may be a
cleaner option for future.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-21 13:15:24 +03:00
Jouni Malinen
3188aabaf1 Add shared periodic cleanup function for AP mode
This new mechanism can be used to combine multiple periodic AP
(including P2P GO) task into a single eloop timeout to minimize number
of wakeups for the process. hostapd gets its own periodic caller and
wpa_supplicant uses the previously added timer to trigger these calls.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-20 13:33:30 +03:00
Jouni Malinen
8c0d0ff22e Use a single cleanup timer per wpa_supplicant process
Previously, one timeout per process (by default every 30 seconds) was
used P2P peer expiration and another per-interface timeout (every 10
seconds) was used to expire BSS entries. Merge these to a single
per-process timeout that triggers every 10 seconds to minimize number of
process wakeups due to periodic operations.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-20 13:28:12 +03:00
Jouni Malinen
a0f04da517 FST: Mark get_mb_ie() return value const
The caller is not expected to free or modify the value since this is
returning a reference to a buffer maintained by the upper layer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-18 17:23:55 +03:00
Jouni Malinen
b7a07937ee FST: Show FST IE update details in debug log
This makes it more convenient to debug FST IE updates.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-17 16:29:20 +03:00
Anton Nayshtut
daae49955f Add global wpa_supplicant DUP_NETWORK command
This command allows network variables to be copied from one network to
another when the networks belong to different radios. This is similar to
the per-interface DUP_NETWORK command. On the global control interface,
the command syntax is as follows:

DUP_NETWORK <src ifname> <dst ifname> <src network id> <dst network id> <variable name>

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:16 +03:00
Anton Nayshtut
a8dab08a28 FST: Testing support
This patch introduces infrastructure needed for FST module tests.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:16 +03:00
Anton Nayshtut
79c7b36d12 FST: wpa_supplicant build rules
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
3794af2dc1 FST: wpa_supplicant control interface
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
9fbfd1b0d4 FST: Send FST Action frame for processing (wpa_supplicant)
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
b36a3a65aa FST: Integration into wpa_supplicant
This commit integrates the FST into the wpa_supplicant.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00