Since wps_registrar_pbc_timeout is called to stop PBC, previously
registered wps_registrar_pbc_timeout must be canceled when canceling
the WPS operation.
Signed-off-by: Spencer Chang <jungwalk@gmail.com>
The offchanok parameter is hardcoded to one in number of paths and that
added NL80211_ATTR_OFFCHANNEL_TX_OK attribute to NL80211_CMD_FRAME
unconditional. cfg80211 rejects this with EINVAL if the driver does not
indicate support for offchannel TX. Fix this by not requesting
offchannel TX depending on driver capabilities. Remain-on-channel
operation was used for those cases anyway, so the additional attribute
was not really needed for these in the first place.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
When nl80211_setup_ap() has enabled Probe Request reporting, this must
not be disabled when P2P Listen state is stopped to avoid breaking AP
mode operations. This could happen, e.g., if a Probe Request frame was
received from a P2P device that the we are trying to invite to our group
(i.e., when operating in GO role). p2p_probe_req_rx() calls
p2p_invite_start() in this case and that ends up calling
p2p->cfg->stop_listen() which calls probe_req_report() driver op.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
hostapd uses the poll method to check if the station is alive
after the station has been inactive for ap_max_inactivity seconds.
Make the poll mechanism configurable so that user can choose to
disconnect idle clients.
This can be especially useful when some devices/firmwares have
restrictions on the number of clients that can connect to the AP
and that limit is smaller than the total number of stations trying
to use the AP.
Signed-off-by: Yogesh Ashok Powar <yogeshp@marvell.com>
Signed-off-by: Nishant Sarmukadam <nishants@marvell.com>
The 100 ms timeout on retransmitting group key message can be too short
for stations that are in power save mode or if there is a large number
of association stations. While the retransmission of the EAPOL-Key frame
should allow this to be recovered from, it is useful to avoid
unnecessary frames to save soem CPU and power.
Signed-hostap: Jouni Malinen <j@w1.fi>
Drivers that use device SME in AP mode may still need to be
subscribed for Action frame RX when monitor interface is not used.
This fixes number of P2P GO operations with ath6kl.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Poll command may be enough for mac80211 to figure out whether monitor
interface is to be used, but this change did not take into account
non-mac80211 drivers that support AP mode without monitor interface.
For example, ath6kl needs to get use_monitor disabled.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Add a new persistent group network block field, p2p_client_list, to
maintain a list of P2P Clients that have connected to a persistent
group. This allows GO of a persistent group to figure out more easily
whether re-invocation of a persistent group can be used with a specific
peer device.
Signed-hostap: Jouni Malinen <j@w1.fi>
The P2P module provides access to public peer data in struct
p2p_peer_info. Use this to build the P2P_PEER information in
ctrl_iface.c instead of providing such text format data from the P2P
module.
The internal data that was previously built in p2p_get_peer_info() as
part of the text format peer data is now available through a separate
p2p_get_peer_info_txt() function. This is still included in P2P_PEER
output to maintain backwards compatibility with external programs that
could have started to use this. However, it should be noted that this
data is not really supposed to be used for anything else apart from
debugging purposes and its format is subject to change.
Signed-hostap: Jouni Malinen <j@w1.fi>
p2p_get_peer_info() was used in multiple places just to check whether a
specific peer is known. This was not the designed use for the function,
so introduce a simpler function for that purpose to make it obvious that
the p2p_get_peer_info() function is actually used only in ctrl_iface.c.
Signed-hostap: Jouni Malinen <j@w1.fi>
If p2p_listen is issued during a p2p_scan, a pending after-scan operation
is scheduled. However, since there is support for only a single pending
operation, this was able to override a previously scheduled pending
connect command. This can break some command sequences, so give higher
priority to pending connect operation.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Android ICS system/core/libnl_2 has very limited genl_ctrl_resolve()
implementation that cannot handle names other than nlctrl. Work
around that by implementing more complete genl_ctrl_resolve()
functionality within driver_nl80211.c for Android builds.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This event can be very frequent in AP mode when Beacon frames from
neighboring BSSes are delivered to user space. Drop the debug
message priority from DEBUG to EXCESSIVE for Beacon frames.
Signed-hostap: Jouni Malinen <j@w1.fi>
I needed this patch to compile against the latest
libnl code. I added this to my config file:
CONFIG_LIBNL32=y
Signed-hostap: Ben Greear <greearb@candelatech.com>
When waiting for go_neg frame from the peer in WAIT_PEER_CONNECT state,
I have observed that sometimes it takes 20 to 30 secs for successful GO
negotiation. I also found out that it is because of 1 second idle time,
in WAIT_PEER_CONNECT state. While it is good to have 1 second idle time
[for doing power-save or doing some other legacy STA Scan or some other
useful stuff], this makes GO Negotiation process slow.
We wait for 1 second idle and then listen for a random time between
100(min)-300(max) ms. Assume P1 is in WAIT_PEER_CONNECT state and P2 is
the one which is now to send go_neg frame. If P2 sends GO Negotiation
frame just at the boundary of 300 ms of P1 and assume that P2 takes
close to 600-800 ms for one iteration of sending go_neg request (one
iteration is GO Negotiation Request frame time + dwell time +
listen_time), P2 needs to transmit at least 16-18 Action frames for
hitting the listen time of P1.
Following patch reduces the idle time to 500 ms. Alternatively we can
increase the listen time interval to 500 ms just for WAIT_PEER_CONNECT
state.
Provision discovery from a known peer should actually check for
dev->flags & P2P_DEV_PROBE_REQ_ONLY. This is creating an issue of
updating the listen frequency of peer with the PD request frame
frequency. PD request frame will be sent by the peer on our local listen
frequency. This patch fixes that error. Suggested check has already been
implemented in the invitation req receive path.
The Provision Discovery Request needs to be sent on the operating
channel of the GO and as such, the frequency from the BSS table
(scan results) need to override the frequency in the P2P peer
table that could be based on the Listen channel of the GO.
Signed-hostap: Jouni Malinen <j@w1.fi>
The GO negotiation response is very cryptic at the moment. For a success
message we only know on which interface the negotiation succeeded, not
which peer. For a failure we know the interface also and a status code
(number).
It will be very useful for clients to know upon receipt of such a message
which peer the negotiation occurred with.
Now that the peer information is available and the API is changed
already, the function composing the D-Bus message might as well include
all GO negotiation information. This is done with a dict to make things
easier on clients if this result information changes down the line.
Signed-hostap: Reinette Chatre <reinette.chatre@intel.com>
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
When the station is connected to P2P GO after calling p2p_find command
the device sees itself. It is related to lack of filtering itself from
clients connected to P2P GO.
Step by step:
1. dev1: p2p_group_add
2. dev2: p2p_connect <MAC1> pbc join
3. dev1: wps_pbc
4. dev2: p2p_find
Skip P2P client information for our own device from a GO with which
we are connected.
It looks like some USIM cards respond with 0x67 (Wrong length) instead
of 0x6c to 00 b2 01 04 ff. This was getting rejected in
scard_get_record_len(). ETSI TS 102 221 is not very clear on this
detail, but it looks fine to accept the 0x67 error value, too, to learn
the record length.
Signed-hostap: Jouni Malinen <j@w1.fi>
Return 1/0 instead 0/-1 to indicate valid/invalid element so that
the if statement makes more sense with !wmm_valid().
Signed-hostap: Jouni Malinen <j@w1.fi>
This updates a previous patch did more or less the same thing by
providing the qosinfo as a single variable to the driver wrappers.
Signed-hostap: Jason Young <jason.young@dspg.com>
Add uapsd_queues and max_sp fields to sta_info struct,
and pass them to the sta_add callback.
These values are determined by the WMM IE in the (Re)Association Request.
Signed-off-by: Eliad Peller <eliad@wizery.com>
Check whether the driver advertises support for U-APSD
in AP mode, and evaluate wmm_uapsd only in this case.
Signed-off-by: Eliad Peller <eliad@wizery.com>
The wpa_hexdump_ascii() call did not get converted properly and this
was missed becaused of it getting defined out from the build. Anyway,
this better use the correct variable names should that debug print
ever be enabled for Android.
Signed-hostap: Jouni Malinen <j@w1.fi>
A Pending Provision Discovery Request was sent in SEARCH phase after a
previous provision discovery timeout. Fix this by resetting the config
method of P2P device in the pending PD reset function. This avoids the
sending of a pending Provision Discovery Request during the next P2P
search.
Signed-off-by: Jean-Michel.Bachot <jean-michelx.bachot@intel.com>
Some debug messages used incorrect name for Provision Discovery.
Replace "Provisioning Discovery" with "Provision Discovery".
Signed-hostap: Jouni Malinen <j@w1.fi>
It is safer to assume that the driver could be using NoA and reject
any Presence Request unless we are sure that noa NoA is in use.
Signed-hostap: Jouni Malinen <j@w1.fi>
This allows per-device PSK to be configured for WPA-Personal using a
RADIUS authentication server. This uses RADIUS-based MAC address ACL
(macaddr_acl=2), i.e., Access-Request uses the MAC address of the
station as the User-Name and User-Password. The WPA passphrase is
returned in Tunnel-Password attribute in Access-Accept. This
functionality can be enabled with the new hostapd.conf parameter,
wpa_psk_radius.
Signed-hostap: Michael Braun <michael-dev@fami-braun.de>
WPS overlap detection can detect false overlap if a P2P peer
changes UUID while authentication is ongoing. Changing UUID
is of course wrong but this is what some popular devices do
so we need to work around it in order to keep compatibility
with these devices. There already is a mechanism in WPS
registrar to skip overlap detection if P2P addresses of two
sessions match but it wasn't really triggered because the
address wasn't filled in in the caller function.
Let's fill in this address and also clean up WPS PBC sessions
on WSC process completion if UUID was changed.
Signed-hostap: Vitaly Wool<vitalywool@gmail.com>
Pass the raw Probe Response template to kernel via netlink using the
set_ap() driver callback. The data is sent as one of the Beacon
attributes.
Signed-hostap: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Configure a Probe Response template for drivers that support it. The
template is updated when the Beacon template is updated.
The Probe Response template is propagated to the driver via the set_ap()
callback.
Signed-hostap: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Arik Nemtsov <arik@wizery.com>
This is needed for Probe Response template, so move the code into a
separate function that can be shared.
Signed-hostap: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Translate nl80211 flags to wpa_supplicant flags for Probe Response
offload support. The existence of the nl80211 PROBE_RESP_OFFLOAD_SUPPORT
attribute means Probe Response offload is supported. The value of the
attribute is a bitmap of supported protocols.
Signed-hostap: Arik Nemtsov <arik@wizery.com>
Signed-off-by: Arik Nemtsov <arik@wizery.com>
This previously helped when debugging some auth issues when hitting the
AP with 128 association attempts all at once.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Append "p2p_dev_addr" parameter to AP-STA-DISCONNECTED event for P2P
connections. In addition, for AP-STA-CONNECTED event during P2P
connection, the "dev_addr=" print is replaced with "p2p_dev_addr=" to
be more consistent with other events.
Signed-hostap: Jithu Jance <jithu@broadcom.com>
Storing the address in the BSS instead of the DRV struct makes it usable
for hostapd and thus gets rid of the linux_get_ifhwaddr() call when
receiving a spurious frame.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Testing code can now be enabled in the hostapd RADIUS server to dump
each derived MSK into a text file (e.g., to be used as an input to
wlantest). This functionality is not included in the default build
and can be enabled by adding the following line to hostapd/.config:
CFLAGS += -DCONFIG_RADIUS_TEST
The MSK dump file is specified with dump_msk_file parameter in
hostapd.conf (path to the dump file). If this variable is not set,
MSK dump mechanism is not enabled at run time.
Signed-hostap: Jouni Malinen <j@w1.fi>
If Provision Discovery Request is sent for GO role (i.e., P2P Group ID
attribute is included), add the group interface name to the control
interface event on the GO. This makes it easier to figure out which
ctrl_iface needs to be used for wps_pbc/wps_pin command to authorize
the joining P2P client.
Signed-hostap: Jouni Malinen <j@w1.fi>
If p2p_prov_disc join command is used prior to p2p_connect join,
skip the duplicated provision discovery exchange.
Signed-hostap: Jithu Jance <jithu@broadcom.com>
This can be used to request Provision Discovery Request to be sent
for the purpose of joining a running group, e.g., to request the GO
to display a PIN that we can then use with p2p_connect join command.
Signed-hostap: Jithu Jance <jithu@broadcom.com>
Since the nl_cache is not used anymore, there is no need for maintaining
the struct nl80211_handles wrapper for struct nl_handle. Clean this up
by using nl_handle directly.
Signed-hostap: Jouni Malinen <j@w1.fi>
This is a rewrite of Ben Greear's patch, making the
nl80211 code use just a single multicast event socket.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
When running AP mode, we need to receive beacons over overlapping BSSes
to handle protection. Use the new nl80211 command for this. As the
command works per wiphy (and we don't want to receive the Beacon frames
multiple times) add an abstraction that keeps track of per-wiphy data.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
These events are necessary to send deauth frames to
stations sending spurious data frames. Subscribe to
them on the per-BSS event socket.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
To achieve this, multiple things are needed:
1) since hostapd needs to handle *all* action frames,
make the normal registration only when in a non-AP
mode, to be able to do this use the new socket
2) store the frequency in each BSS to be able to give
the right frequency to nl80211's mgmt-tx operation
3) make TX status processing reject non-matched cookie
only in non-AP mode
The whole thing depends on having station-poll support
in the kernel. That's currently a good indicator since
the kernel patches are added together.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Fix start of reauthentication after failed authentication with
passthrough (external AAA server) to use internal EAP Identity method.
Signed-hostap: Jouni Malinen <j@w1.fi>
This reverts commit 204dd3f420.
start_reauth was not supposed to be used in this way and setting it
to TRUE in INITIALIZE breaks internal EAP server.
Signed-hostap: Jouni Malinen <j@w1.fi>
When using authentication retry within driver_nl80211.c, a failure on the
second attempt has to be indicated with a driver event since the return
code from wpa_driver_nl80211_authenticate() is not actually delivered to
the core code in that case.
Signed-hostap: Jouni Malinen <j@w1.fi>
cfg80211 rejects NL80211_CMD_AUTHENTICATE with ENOENT if the BSS entry
for the target BSS is not available. This can happen if the cfg80211
entry has expired before wpa_supplicant entry (e.g., during a suspend).
To recover from this quickly, run a single channel scan to get the
cfg80211 entry back and then retry authentication command again. This
is handled within driver_nl80211.c to keep the core wpa_supplicant
implementation cleaner.
Signed-hostap: Jouni Malinen <j@w1.fi>
The pseudonym is a temporary identity, but is no one-time identifier (like
the fast re-authentication identity). Thus, do not forget it if the server
does not include it in every challenge. There are servers that include the
pseudonym identity only at full-auth. [Bug 424]
Make sure sign extension does not end up getting used here by
explicitly type casting the variables to correct size.
Signed-hostap: Jouni Malinen <j@w1.fi>
Commit 34445d12ee forgot to convert
the hostapd_prepare_rates() inline wrapper for builds that do not
define NEED_AP_MLME.
Signed-hostap: Jouni Malinen <j@w1.fi>
P2P invitation responses are transmitted with the BSSID set to the peer
address. Pass these action frames up to allow the GO to receive the
Invitation Response (and avoid sending the Invitation Request multiple
times).
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Set the NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT flag for nl80211 to tell
drivers (mac80211) to not encrypt the EAPOL frames for WEP IEEE 802.1X.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
In preparation for things that receive on a BSS-specific handle,
allocate a CB for it and hook it up to receive functions.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
The next patch will add process_bss_event, rename process_event to
process_drv_event to differentiate between them.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
By passing the nl_cb as the context to the eloop function we can
(in the next patch) use the same eloop function for BSS events.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Storing the frequency in the bss struct allows using it for frame
commands in AP mode and not relying on the driver struct as much, which
is good for hostapd mode.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
This will allow getting TX status for EAPOL frames
sent as data frames if the driver supports it.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Previously, sm->start_reauth was set to TRUE in SUCCESS2 state to force
reauthentication to start with EAP identity request. This works fine for
the case of EAP success through the AAA passthrough authentication, but
is not enough to handle passthrough authentication failure. sm->identity
is set in that case and getDecision would return PASSTHROUGH instead of
CONTINUE (to Identity method).
Signed-hostap: Jouni Malinen <j@w1.fi>
The RTM_NEWLINK even can have IFF_UP flag even if the interface is
down. Do not generate EVENT_INTERFACE_ENABLED event based on such a
message.
Signed-hostap: Jouni Malinen <j@w1.fi>
A new hostapd.conf parameter, wps_rf_bands, can now be used to fix the
RF Bands value in cases where hw_mode is not set or when operating a
dual band dual concurrent AP.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
When hostapd controls multiple radios, WPS operations are started on
all interfaces. However, when the provisioning run had been completed
successfully, actiove WPS mode was stopped only a single interface. Fix
this to iterate through all interfaces so that this is handled
consistently with the starting of WPS operation.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Commit 628d54639a introduced number
of new WPS related ctrl_iface messages to hostapd. Some of these
were for ER events which do not make any sense to hostapd that
cannot operate as an ER. The WPS_EV_ER_SET_SELECTED_REGISTRAR one
from wps_registrar_sel_registrar_changed_event() was especially
problematic since it can cause wpa_supplicant ER code segfault due
to missing event data.
Revert all the ER specific changes from commit
628d54639a to get rid of the segfault
and undesired extra code in hostapd.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This is based on the Android driver_cmd changes that are converted to
use the sched_scan/stop_sched_scan driver_ops for the case where the
driver does not support the new nl80211 commands.
Change-Id: Iaedc340f84650af422bd2ea57d2a8b0a9d4a5330
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
(jm: This is based on the Android change that used driver_cmd. The same
implementation is used for the actual driver interface, but the commands
are now accessed through sched_scan/stop_sched_scan driver_ops instead
of driver_cmd)
While the copy is not used as a null terminated string, this can prevent
some static analyzers from complaining about non-issue.
Signed-hostap: Jouni Malinen <j@w1.fi>
Add support for generating and verifying RFC 3447 RSASSA-PKCS1-v1_5
style DigestInfo for TLS v1.2 CertificateVerify. For now, this is
hardcoded to only support SHA256-based digest.
Signed-hostap: Jouni Malinen <j@w1.fi>
This allows the internal TLS implementation to be built for TLS v1.2
support. In addition to the build option, this changes the TLS PRF
based on the negotiated version number. Though, this commit does not
yet complete support for TLS v1.2.
Signed-hostap: Jouni Malinen <j@w1.fi>
Prepare for multiple TLS PRF functions by renaming the SHA1+MD5 based
TLS PRF function to more specific name and add tls_prf() within the
internal TLS implementation as a wrapper for this for now.
Signed-hostap: Jouni Malinen <j@w1.fi>
IW_ENCODE_ALG_PMK and IW_ENC_CAPA_4WAY_HANDSHAKE are not defined in the
Android tree, so add compatibility defines for these.
Signed-hostap: Jouni Malinen <j@w1.fi>
Send the connection events from P2P group to both the group interface
and parent interface ctrl_ifaces to make it easier for external monitor
programs to see these events without having to listen to all group
interfaces when virtual group interfaces are used.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
cfg80211 will reject the NL80211_CMD_START_SCHED_SCAN if too many
match sets are requested. To avoid being completely unable to start
any scheduled scans, skip setting these filters if the driver did
not advertise support for large enough number of match sets.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This adds initial implementation of set_p2p_powersave to allow legacy PS
mode to be configured. P2P PS parameters are not yet supported.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This cleans up the source code and makes it less likely that new AKM
addition misses some needed changes in the future.
Signed-hostap: Jouni Malinen <j@w1.fi>
If the station is indicating use of WPS, WSC IE should be added into the
(Re)Association Response frame. This is clear for the case when WSC IE
was included in the (Re)Association Request frame. However, even the
WLAN_STA_MAYBE_WPS case may actually indicate use of WPS. Assume that to
be the case when WPA/WPA2 is enabled (i.e., when the STA does not
include WPA/RSN/WSC IE while AP has WPA/RSN enabled).
Signed-hostap: Jouni Malinen <j@w1.fi>
This makes it clearer that the PMKSA caching entry gets removed from
the driver regardless of how the internal entry from wpa_supplicant
gets cleared. In practice, this call was skipped only for the case
when the entry for the current AP was being updated, so the previous
version was likely to work with all drivers. Anyway, it is cleaner
to explicitly remove the old entry even in that case before the new
entry gets added.
Signed-hostap: Jouni Malinen <j@w1.fi>
Commit 940a0ce970 moved the STA associated
check from driver_*.c into ieee802_1x_receive(), but failed to take into
account that wired networks and driver_wired.c do not mark the STA entry
associated. Fix this by skipping the check if the driver wrapper is
using a wired network.
Signed-hostap: Jouni Malinen <j@w1.fi>
It's not really valid to send off-channel in all cases,
so pass whether it should be allowed or not and don't
set it in the AP case.
Also, to get the right ifindex for hostapd, pass a bss
pointer instead of the drv pointer.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Some client implementations only wait a few ms after sending a probe
request while scanning. Since probe responses are always sent at a low
rate this can eat quite some airtime and it might be impossible to get
the frame out before the client leaves the channel again. If the client
leaves before all probe reponses where acked this can cause the probe
reponse to be retried quite often consuming even more airtime.
Hence, add a new noack flag to the driver's send_mlme callback that
allows hostapd to request whether the driver should expect an ACK for
this frame or not.
Use the new noack-policy only for broadcast probe requests that contain
a wildcard SSID.
Signed-hostap: Helmut Schaa <helmut.schaa@googlemail.com>
In some situations it might be benefical to send a unicast frame without
the need for getting it ACKed (probe responses for example). In order to
achieve this add a new noack parameter to the drivers send_mlme callback
that can be used to advise the driver to not wait for an ACK for this
frame.
Signed-hostap: Helmut Schaa <helmut.schaa@googlemail.com>
This structure was not really used for anything apart from figuring out
length of the EAP-pwd header (and even that in a way that would not work
with fragmentation). Since the bitfields in the structure could have
been problematic depending on target endianness, remove this unnecessary
structure.
Signed-hostap: Jouni Malinen <j@w1.fi>
Another niceness of OpenSSL is that if the high-order bit of a 521-bit
big num is not set then BN_bn2bin() will just return 65 bytes instead of
66 bytes with the 1st (big endian, after all) being all zero. When this
happens the wrong number of octets are mixed into function H(). So
there's a whole bunch of "offset" computations and BN_bn2bin() dumps the
big number into a buffer + offset. That should be obvious in the patch
too.
The previous EAP-pwd KDF implemented has an issue with group 21, that is
an elliptic curve group based on a 521 bit prime. 521 is not an even
multiple of 8, and therein lies the problem.
OpenSSL's BN library interprets a string of bits as in big-endian format
so all the calls of BN_bin2bn() will take the binary blob of bits and
turn it into a big number in big-endian format. In the EAP-pwd KDF, I am
stretching the key to "primebitlen". When that is not an even multiple
of 8 I have to mask off the excess. But I was masking off the excess
bits in the 1st octet (big endian after all) but that isn't right. The
KDF produces a string of endian-less bits. The 521st bit is the first
bit in the last octet, not the 7th bit in the first octet. So that has
been fixed and you can see in the attached diff what I'm doing.
If the kernel supports this, don't use manual null
data frame transmissions. This is one thing to get
rid of cooked monitor interfaces.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
The non-monitor TX currently uses a normal L2 abstraction
socket, but that will also receive frames we don't want,
so use a plain socket that isn't bound for RX. This might
be possible using the L2 abstraction, but we need a plain
socket later for getting TX status events here.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
This changes the auto-detection of whether or not the device contains
the AP SME away from monitor interface addition failing to the explicit
attribute in nl80211. Keep the old auto-detection for a little while so
that ath6kl isn't broken right away.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
The new event can be used when EAPOL TX status can't be reported as a
complete 802.11 frame but is instead reported as just the EAPOL data as
originally passed to hapd_send_eapol().
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Currently OpenSSL implementation of TLS in hostapd loads only top
certificate in server certificate file. Change this to try to the
whole chain first and only if that fails, revert to old behavior.
Signed-off-by: Maciej Szmigiero <mhej@o2.pl>
This patch implements shared_freq handler for driver_nl80211.c. If a
"p2p_group_add" happens after legacy STA association, then this patch
will help to start the GO on the same frequency. This is useful when
supplicant is started on multiple interface running over a singly "PHY"
and the station interface is not used for the P2P device operations.
For example, wpa_supplicant -iwlan0 .. -N -iwlan1 ... and wlan0 is used
for station connection and wlan1 as the P2P device interface.
Signed-hostap: Jithu Jance <jithu@broadcom.com>
Without this, it is impossible to tell exactly which
MLME code returned the error.
Also, convert to wpa_dbg so that we get device names
in the messages.
Signed-hostap: Ben Greear <greearb@candelatech.com>
When GO negotation fails the WPS method is currently not cleared, which
can result in GO negotiation being resumed when a GO negotiation request
frame is received from the peer. That is unexpected as locally we
already gave up.
This manifests itself in getting
1319574733.955685: wlan0: P2P-GO-NEG-FAILURE status=-1
1319574733.955723: P2P: Removing pending group interface p2p-wlan0-0
...
1319574736.648378: wlan0: P2P: Starting GO Negotiation with previously
authorized peer
...
1319574736.650115: wlan0: P2P: Sending GO Negotiation Response
...
1319574736.988038: wlan0: P2P-GO-NEG-SUCCESS
1319574736.988233: P2P: No pending group interface
1319574736.988268: P2P: Create a new interface p2p-wlan0-1 for the group
Clear the WPS method to avoid this situation. I wasn't
able to test this though, but given the log I can only
assume this is how the situation happened.
Reported-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
If P2P device expires while a GO Negotiation is in progress, currently
p2p->go_neg_peer is cleared without indicating GO Nego failure. This
will result in pending group interfaces to be left over. This patch will
indicate GO Negotiation failure and will remove any pending group
interfaces.
This patch addresses a corner case in GO-Negotiation case. Consider the
scenario where two devices A and B are in discovery stage and Device B
vanishes [moves out of range] when a connect is issued on the Device A.
Then Device A keeps on retrying the GO Negotiation Request till the
retry limit is reached. On reaching retry limit, the pending group
interface is removed. But suppose if the peer entry in the device list
expires before the retry limit is reached, then pending group interface
was not removed.
Signed-off-by: Jithu Jance <jithu@broadcom.com>
Invalid use of memcpy instead of memcmp in comparison resulted in the
GO interface address getting set incorrectly if the GO did not show up
in scan results anymore.
Signed-hostap: Jouni Malinen <j@w1.fi>
trace.h may end up including system header files that define offsetof,
so include the compatibility definition from list.h only after this.
Signed-hostap: Jouni Malinen <j@w1.fi>
HT_INFO_OPERATION_MODE_OP_MODE_MASK is used with variables in host
byte order, so it should not be claimed as le16.
Signed-hostap: Jouni Malinen <j@w1.fi>
This is a workaround for Windows 7 supplicant rejecting WPA msg 3/4
in case it used Secure=1 in msg 2/4. This can happen, e.g., when
rekeying PTK after EAPOL-Key Error Request (Michael MIC failure)
from the supplicant.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
This cleans up the code a bit by not having to deal with theoretical
possibility of maximum number of EAP methods to be different between
various components in hostapd.
Signed-hostap: Jouni Malinen <j@w1.fi>
Some static analyzers complain about memset with '0' value. This was
used correctly here, but since use of strdup is about as good an option,
use that to silence the invalid warnings.
Signed-hostap: Jouni Malinen <j@w1.fi>
This avoid incorrect errors from some static analyzers that do not like
memmove with pointers just after the end of a buffer even if the number
of bytes to move is zero.
Signed-hostap: Jouni Malinen <j@w1.fi>
All we really need is the family ID, and we can
get that with genl_ctrl_resolve() and then don't
need to worry about family/cache objects.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
If a P2P client associates with the group while it is
already associated, two member entries may be added to
the group which also confuses num_members counting.
Deal with this by removing the existing entry first
before adding a new one.
I think the way Reinette ran into this was due to our
tx_sync implementation in iwlagn, mac80211 might have
queued two association frames thinking the first one
just failed, but both only went out after the sync was
really successful (which tx_sync doesn't wait for).
Reported-by: Reinette Chatre <reinette.chatre@intel.com>
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
The P2P_FIND command was failing if it was issued at the moment when
a scan operation was in progress. Avoid returning failure in this
case by scheduling the P2P find to start once the ongoing scan is
completed.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
WEXT is not really changing anymore and more or less all Linux
distros come with linux/wireless.h that is recent enough to
allow the driver wrappers to be build.
Signed-hostap: Jouni Malinen <j@w1.fi>
Commit c2ff13c533 broke this with a
copy-paste typo that ended up adding the Probe Request P2P IE into the
Beacon frame (i.e., Beacon frame had two P2P IEs while Probe Response
had none).
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Avoid zero-length memset at the end of the buffer. This is not really
needed, but it makes the code a bit easier for static analyzers.
Signed-hostap: Jouni Malinen <j@w1.fi>
Avoid zero-length memset at the end of the buffer. This is not really
needed, but it makes the code a bit easier for static analyzers.
Signed-hostap: Jouni Malinen <j@w1.fi>
Explicitly validate data_len so that static analyzers do not get
confused about the padlen validation. This is not really needed, but it
makes the code a bit easier for static analyzers.
Signed-hostap: Jouni Malinen <j@w1.fi>
Explicitly validate seed_len to skip memset call with zero length
of copied data at the end of the buffer. This is not really needed,
but it makes the code a bit easier for static analyzers.
Signed-hostap: Jouni Malinen <j@w1.fi>
data->phase2_method cannot really be NULL if
eap_fast_init_phase2_method() returns success, but this construction
seems to be too difficult for some static analyzers. While this change
is not really needed in practice, it makes it easier to go through
warnings from such analyzers.
Signed-hostap: Jouni Malinen <j@w1.fi>
hapd->time_adv cannot really be NULL if hostapd_update_time_adv()
returns success, but this construction seems to be too difficult
for some static analyzers. While this change is not really needed
in practice, it makes it easier to go through warnings from such
analyzers.
Signed-hostap: Jouni Malinen <j@w1.fi>
md->curlen cannot indicate full buffer size here since the buffered
data is processed whenever the full block size of data is available.
Avoid invalid warnings from static analyzers on memcpy() outside the
buffer length by verifying that curlen is smaller than block size.
Signed-hostap: Jouni Malinen <j@w1.fi>
This function can fail in theory since the SHA-1 functions are
allowed to return an error. While this does not really happen in
practice (we would not get this far if SHA-1 does not work), it is
cleaner to include the error handling here to keep static analyzers
happier. [Bug 421]
Signed-hostap: Jouni Malinen <j@w1.fi>
This has been obsoleted by the more generic Linux WEXT (driver_wext.c)
support. The hostap and madwifi driver wrappers can now be used only
with hostapd. The old station interface remains available in releases up
to 1.x.
Signed-hostap: Jouni Malinen <j@w1.fi>
The driver wrappers broadcom, iphone, osx, and ralink have not been
maintained for a while and it does not look like they will be in the
future either. As such, remove them from the development branch. The
previous versions will be included in older releases up to 1.x.
Signed-hostap: Jouni Malinen <j@w1.fi>
Reassemble partial TLS records to make the internal TLS client
implementation more convenient for stream sockets.
Signed-hostap: Jouni Malinen <j@w1.fi>
The padding validation was done on the last padding-length octets in the
buffer which misses the first padding octet (the last octet is the
padding length). Fix the starting offset for the comparison loop to get
the first octet verified. [Bug 420]
Signed-hostap: Jouni Malinen <j@w1.fi>
Return number of user input bytes from tlsv1_record_receive() to
move this detail into the proper record layer processing. In addition,
ignore unknown content types at record layer and allow processing to
continue after warning level TLS alerts to provide minimal workaround
for closure alerts.
Signed-hostap: Jouni Malinen <j@w1.fi>
Instead of trying to remember to add wpa_msg() calls for every possible
path where a STA becomes authorized or unauthorized, use
ap_sta_set_authorized() to send these events more consistently.
Signed-hostap: Jouni Malinen <j@w1.fi>
wpa_msg() has to use hapd->msg_ctx instead of hapd as the context
pointer to work properly in wpa_supplicant AP mode.
Signed-hostap: Jouni Malinen <j@w1.fi>
Currently, there is no events over the control interface
when a AP disconnects a station due to inactivity. With
this patch, an "AP-STA-DISCONNECTED" event will be sent.
Signed-hostap: Nicolas Cavallari <nicolas.cavallari@lri.fr>
Use a driver_ndis.c specific initialization function to fill in the
wpa_driver_ops information to make it easier to modify struct
wpa_driver_ops in the future. Being able to build driver_ndis.c
with MSVC was the only reason for having to maintain the same order
of function pointers in struct wpa_driver_ops and for having to
update driver_ndis.c for all changes in that structure.
Signed-hostap: Jouni Malinen <j@w1.fi>
The GTK is renewed in the hostapd after a MIC attack dissassociation
without informing the driver, causing decryption failures. This patch
sends the new GTK/IGTK to the driver after it is updated by the hostapd.
Signed-off-by: Yoni Divinsky <yoni.divinsky@ti.com>
When the supplicant acts as a registrar to learn the access point
parameters send the credentials to the wpa_cli interface after
receiving the 7th message. This is needed for proper behavior with
wps_cred_processing set to 1 or 2.
Without this patch, after the 7th message you got the WPS-CRED-RECEIVED
notification without the credentials. This was because the cred_attr and
cred_attr_len were not filled in in the wps structure.
Signed-off-by: Olivier Sobrie <olivier@sobrie.be>
In scan.c, merge a channel's noise value into the scan results. When
comparing scan results, compute the signal-to-noise ratio and use it
when available. Prefer a 5 GHz network if its SNR is really big (> 30)
or if its SNR is relatively close to the other network's.
Some stations have been reported to send EAPOL-Key Error Reports
indicating Michael MIC failures even when the cipher is not TKIP
(e.g., when the network is using only CCMP). Ignore such reports
to avoid starting TKIP countermeasures unnecessarily. This can
prevent certaint types of denial of service attacks by insiders,
but mostly this is to work around invalid station implementations.
Signed-hostap: Jouni Malinen <j@w1.fi>
The eloop timeout to stop TKIP countermeasures has to be canceled
on deinit path to avoid leaving bogus timeouts behind.
Signed-hostap: Jouni Malinen <j@w1.fi>
Converts from a string to a control request enum when input
from a control interface is received. Will be used by a
subsequent patch.
Signed-off-by: Dan Williams <dcbw@redhat.com>
Control requests will be extended for non-EAP uses later, so it makes
sense to have them be generic. Furthermore, having them defined as an
enum is easier for processing internally, and more generic for control
interfaces that may not use field names. The public ctrl_req_type /
field_name conversion function will be used later by the D-Bus control
interface too.
Signed-off-by: Dan Williams <dcbw@redhat.com>
Special processing is needed to handle EAP user request for
identity or password at the beginning of Phase 2 when the implicit
identity request is used. data->pending_phase2_req needs to be set
to an empty buffer in that case to avoid re-processing the previous
part of TLS negotiation when the user enters the needed information.
Signed-hostap: Jouni Malinen <j@w1.fi>
Instead of hardcoding IEEE 802.11b rates to be disabled whenever
P2P support is built in and supported by the driver, do this only
when an interface is set to P2P mode (both when adding a new
interface and when changing the interface mode). This re-enables
use of IEEE 802.11b APs with CONFIG_P2P=y builds.
Signed-hostap: Jouni Malinen <j@w1.fi>
This function was used unconditionally if wpa_supplicant build
includes CONFIG_P2P=y. Adding a separate driver_ops for such use
is not really useful since the driver wrappers can do the same
internally. Remove this driver_ops and move matching functionality
into driver_nl80211.c which was the only driver wrapper using
this driver_ops callback.
Signed-hostap: Jouni Malinen <j@w1.fi>
nl80211_disable_11b_rates() function was supposed to use the 'disabled'
parameter to figure out whether to disable or re-enable 802.11b rates.
In addition, the driver deinit path was now ending up re-disabling the
enabled rates at the end of the deinit operations when the interface
type was forced back to station. Both of these issues are now fixed
and the 2.4 GHz band TX rate index is cleared properly when
wpa_supplicant is stopped.
Signed-hostap: Jouni Malinen <j@w1.fi>
disable_11b_rates() is called on interface addition,
but not on interface type change, resulting in 11b rates
enabled on p2p interfaces.
Signed-off-by: Eliad Peller <eliad@wizery.com>
This can be used to apply the no-CCK rule conditionally depending on
which frame is being sent. The no-CCK rule applies only for P2P
management frames while SA Query and FT use cases do not have similar
restrictions.
Signed-hostap: Jouni Malinen <j@w1.fi>
Add a new attribute to specify whether to use CCK rate or not during
scan and sending management frames. This helps to send P2P probes
at non-CCK rate. This ensures that P2P probe request/response/action
frames are always sent at non-CCK rates.
Signed-off-by: Rajkumar Manoharan <rmanohar@qca.qualcomm.com>
This was included in the AP configuration parameters, but there has
been no way to set it to anything else than the default automatic
mode. Remove this parameter and just hardcode ERP determination to
follow the automatic mode.
The MS-CHAPv1 and MS-CHAPv2 RFCs specify that the password is a string
of "Unicode characters", which for Windows means UCS-2; thus the
password could be any even-length string of up to 512 bytes.
Instead of making the incompatible change of requiring the incoming
password to be UCS-2 encoded, assume the password is UTF-8 encoded and
convert it before using it in NtPasswordHash and
EncryptPwBlockWithPasswordHash.
Signed-off-by: Evan Broder <ebroder@mokafive.com>
The netlink event processing is delayed since they are only returned
after control returns to eloop. This can result in netlink down events
being processed at a point when the interface has is actually still
there (the first event on new interface is down) and that can result in
odd behavior especially when the resulting interface-disabled event is
delivered to AP mode interface with wpa_supplicant.
Work around this by filtering netlink down events if the matching
interface is up at the time the netlink event is processed. This fixes
an issue brought up by commit 36d84860bb.
hostapd_wpa_auth_conf() is called on uninitialized memory and the
conditional blocks in this function may leave some fields into
uninitialized state. This can result in unexpected behavior elsewhere
since some of the variables may be used without matching #ifdef
blocks. Fix this by zeroing the memory.
TPK will be needed to be able to generate FTIE MIC for the
teardown message, so maintain peer data for a bit longer in
case the teardown FTIE request comes back from the driver.
The Query Response Length Limit is not allowed to be zero when
this is sent by the AP. Use 0x7F to indicate that the limit is
based on maximum number of GAS fragments.
For P2P, the p2p_connect takes in device address argument to make a
connection. However the connected event AP-STA-CONNECTED comes with
interface address. The application listening on events would find it
difficult to map interface address to the p2p device address which is
provided for connection.
Append P2P Device Address to AP-STA-CONNECTED event for P2P Client
connection. This will help applications to easily map the P2P Interface
Address to P2P Device Address on CONNECTED event. For non-P2P case, it
will just print the usual STA MAC address alone.
Signed-off-by: Jithu Jance <jithu@broadcom.com>
The persistent_reconnect configuration parameter was used to decide
whether to accept invitation to re-establish a persistent group.
However, this was not being advertised in the Group Capability bitmap.
Add the Persistent Reconnect bit based on this configuration to GO
Negotiation frames and Beacon/Probe Response frames from the GO.
Use the wpa_tdls_add_peer function to allocate TDLS peer structures.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Cc: Kalyan C Gaddam <chakkal@iit.edu>
Use capability information to decide whether to perform a given TDLS
operation internally or through mgmt-frame Tx.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Cc: Kalyan C Gaddam <chakkal@iit.edu>
Before commencing setup, add a new STA entry to the driver representing
the peer. Later during setup, update the STA entry using information
received from the peer.
Extend sta_add() callback for adding/modifying a TDLS peer entry and
connect it to the TDLS state machine. Implement this callback for the
nl80211 driver and send peer information to kernel.
Mark TDLS peer entries with a new flag and translate it to a
corresponding nl80211 flag in the nl80211 driver.
In addition, correct TDLS related documentation in the wpa_driver_ops
structure.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Cc: Kalyan C Gaddam <chakkal@iit.edu>
Record the capabilities and supported rates of the TDLS peer during
link setup. These are given in the IEs passed in Setup Request and
Setup Response frames.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Cc: Kalyan C Gaddam <chakkal@iit.edu>
Disable the direct connection when a TDLS peer stops responding
to packets, as indicated by the "LOW ACK" event coming from a driver.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Cc: Kalyan C Gaddam <chakkal@iit.edu>
Allow sending a TDLS discovery request as a frame through the driver.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Cc: Kalyan C Gaddam <chakkal@iit.edu>
When a driver does not implement the TDLS_TEARDOWN operation internally,
send an explicit TDLS link teardown frame to the driver.
Change all teardown calls to use these calling semantics.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Cc: Kalyan C Gaddam <chakkal@iit.edu>
Register for the TDLS discovery response public action frame in nl80211.
Print out a debug message when a Discovery Resp frame is received and
validated.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Cc: Kalyan C Gaddam <chakkal@iit.edu>
When a discovery request is received, add the peer to the TDLS peer
cache and send a response containing minimal data. Mandatory IEs in
the discovery response frame will be filled out by the driver.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Cc: Kalyan C Gaddam <chakkal@iit.edu>
Put glue code in place to propagate TDLS related driver capabilities to
the TDLS state machine.
If the driver doesn't support capabilities, assume TDLS is supported
internally.
When TDLS is explicitly not supported, disable all user facing TDLS
operations.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Cc: Kalyan C Gaddam <chakkal@iit.edu>
Allow passing high-level TDLS commands and TDLS frames to kernel
via new nl80211 commands.
Propagate TDLS related nl80211 capability flags from kernel and add them
as driver capability flags.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Cc: Kalyan C Gaddam <chakkal@iit.edu>
A zero dialog-token is considered invalid by IEEE Std 802.11z-2010.
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Cc: Kalyan C Gaddam <chakkal@iit.edu>
This function is actually needed for quite a bit more than just
user space MLME implementation. The old comment here has not been
accurate for a long time, so get rid of it.
These driver_ops functions set_channel, set_ssid, set_bssid,
mlme_add_sta, and mlme_remove_sta were used with the user space
MLME implementation in wpa_supplicant. That was only for testing
purposes and was removed, but these driver_ops were forgotten.
Remove them now to remove confusing driver_ops definitions.
This code was used only with driver_test.c to allow MLME operations
in hostapd to be tested without having to use a real radio. There
are no plans on extending this to any other use than testing and
mac80211_hwsim has now obsoled the need for this type of testing.
As such, we can drop this code from wpa_supplicant to clean up the
implementation of unnecessary complexity.
Netlink sockets can be shared among all driver instances, saving lots
of sockets, spurious log messages, memory, and CPU usage when using
multiple interfaces in a single process.
This offloads the station polling to driver wrappers, which may offload
it again to the driver. The hostap driver wrapper uses "real" data
frames while nl80211 uses null data frames.
Also add a specific event to indicate that a poll was successful for
future use with the nl80211 driver.
Some dualband cards can use more than five seconds to run through
a full scan, so increase the timeout to avoid hitting the missing
scan completed event workaround.
This fixes an issue where WPS run leaves a small ClientTimeout
value (2) configured and the next EAPOL authentication is started
with that small value even for Identity exchange. This can cause
problems when an EAPOL packet gets dropped immediately after
association and a retry of that packet is needed (which may take
more than two seconds).
This function can be used to clean up local UNIX domain socket files
that may be left over from clients that were previously connected to
wpa_supplicant. At least for now, this is only available for Android
builds.
Remove the separate driver_ops functions set_cts_protect(),
set_preamble(), set_short_slot_time(), and set_ht_params(). These
belong into same set of operations as set_ap(), so there is no need
to maintain separate functions that just make the driver wrapper
more complex.
Since these have only been used with driver_nl80211.c, the driver_ops
can be removed immediately instead of maintaining backwards
compatibility period with the old functions.
The AP client isolation parameter is now available through set_ap().
driver_nl80211.c was the only driver wrapper using the set_intra_bss()
call in hostap.git, but some external trees may have used this. Once
those are cleared, the set_infra_bss() driver_ops can be removed
completely. The only remaining use case for it currently is in P2P
GO mode with wpa_supplicant.
AP mode operations were used for P2P device discovery Listen state
only during early experiments. This has now been cleaned up and
ieee802_11_set_beacon() is not called for P2P device discovery.
As such, this hack to skip Beacon configuration can be removed.
This is the first step in allowing SA Query mechanism in hostapd to be
used with drivers that implement authentication and association MLME/SME
(i.e., do not use ieee802_11.c).
This adds the basic mechanism for running through network selection:
scan, ANQP fetch, network selection, and connection. Actual rules for
network selection and the creation of the network block are still
missing, but will be added in separate commits.
"hostapd_cli ess_disassoc (STA addr) (URL)" can now be used to send
an ESS Dissassociation Imminent notification to the STA. This event
is shown in wpa_supplicant ctrl_iface monitors (e.g., wpa_cli):
"WNM: ESS Disassociation Imminent - session_info_url=http://example.com/session/"
The new wpa_supplicant.conf file global parameters interworking and
hessid can be used to configure wpa_supplicant to include
Interworking element in Probe Request frames.