Commit Graph

544 Commits

Author SHA1 Message Date
Max Stepanov
e2b7fbf2fb P2PS: Add CPT parameter to P2P_SERVICE_ADD asp command
Add Coordination Transport Protocol parameter to P2P_SERVICE_ADD
asp command.

Extend p2ps_advertisement structure to contain CPT priorities
and a supported CPT bitmask.

The format of the new parameter:
    cpt=<cpt>[:<cpt>]

where <cpt> is a name of the Coordination Protocol Transport.
This implementation supports two CPT names: UDP and MAC.
The order of specified CPTs defines their priorities where
the first one has the highest priority.

Signed-off-by: Max Stepanov <Max.Stepanov@intel.com>
Reviewed-by: Andrei Otcheretianski <andrei.otcheretianski@intel.com>
Reviewed-by: Ilan Peer <ilan.peer@intel.com>
2015-07-27 00:47:19 +03:00
Ahmad Kholaif
6b0ceee929 Add QCA vendor definitions for multi-port concurrency
Introduce definitions for QCA vendor specific subcommands and attributes
to support multiport concurrency.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-22 11:50:01 +03:00
Ravi Joshi
d71bdfbd83 Add QCA vendor command for updating gateway parameters
Add vendor command for updating gateway parameters to the driver.

Signed-off-by: Ravi Joshi <ravij@qca.qualcomm.com>
2015-07-21 13:20:08 +03:00
Jouni Malinen
9721b083f4 FST: Remove the IE header len/size macros
These are confusing when the style used with the couple of FST IE checks
differs from the rest of hostapd/wpa_supplicant implementation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-17 19:06:48 +03:00
Anton Nayshtut
3794af2dc1 FST: wpa_supplicant control interface
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
659a1605d8 Parsing of multi band element
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
717333f4e4 FST: Add the Fast Session Transfer (FST) module
Fast Session Transfer (FST) is the transfer of a session from a channel
to another channel in a different frequency band. The term "session"
refers to non-physical layer state information kept by a pair of
stations (STAs) that communicate directly (i.e., excludes forwarding).

The FST is implemented in accordance with IEEE Std 802.11ad-2012.

Definitions

 * FST interface - an interface for which FST functionality is enabled
 * FST group - a bunch of FST interfaces representing single
		multi-band STA
 * FST peer - a multi-band capable STA connected
 * FST module - multi-band operation functionality implemented in
		accordance with IEEE Std 802.11ad-2012 (see 10.32
		Multi-band operation) as a part of hostapd/wpa_supplicant
 * FST manager - an external application that implements custom FST
		related logic, using the FST module's interfaces
		accessible via CLI or D-Bus

This commit introduces only the FST module. Integration of the FST
module into the hostapd/wpa_supplicant and corresponding CLI/D-Bus
interfaces and FST related tests are covered in separate commits.

FST manager application is out of scope of these commits.

As FST aggregates a few interfaces into FST group, the FST module uses
global CLI for both commands and notifications. It also exposes
alternative non-interface based D-Bus subtree for this purposes.

Configuration and Initialization

 * FST functionality can enabled by compilation flag (CONFIG_FST)
 * hostapd/wpa_supplicant controlling multiple interfaces are used for
   FST
 * once enabled by compilation, the FST can be enabled for specific
   interfaces in the configuration files
 * FST interfaces are aggregated in FST groups (fst_group_id config file
   entry), where each FST group:
   - represents one multi-band device
   - should have two or more FST interfaces in it
 * priority (fst_priority config file entry) must be configured for each
   FST interface. FST interface with higher priority is the interface FST
   will always try to switch to. Thus, for example, for the maximal
   throughput, it should be the fastest FST interface in the FST setup.
 * default Link Loss Timeout (LLT) value can be configured for each FST
   interface (fst_llt config file entry). It represents LLT to be used
   by FST when this interface is active.
 * FST interfaces advertise the Multi-band capability by including the
   Multi-band element in the corresponding frames

FST CLI commands:

 * fst list_groups - list FST groups configured.
 * fst list_ifaces - list FST interfaces which belong to specific group
 * fst iface_peers - list Multi-Band STAs connected to specific interface
 * fst list_sessions - list existing FST sessions
 * fst session_get - get FST session info
 * fst session_add - create FST session object
 * fst session_set - set FST session parameters (old_iface, new_iface,
                     peer_addr, llt)
 * fst session_initiate - initiate FST setup
 * fst session_respond - respond to FST setup establishemnt attempt by
                         counterpart
 * fst session_transfer - initiate FST switch
 * fst session_teardown - tear down FST Setup but leave the session object
			  for reuse
 * fst session_remove - remove FST session object

FST CLI notifications:
  * FST-EVENT-PEER - peer state changed (CONNECT/DISCONNECT)
  * FST-EVENT-SESSION - FST session level notification with following
                        sub-events:
     - EVENT_FST_SESSION_STATE - FST session state changed
     - EVENT_FST_ESTABLISHED - previously initiated FST session became
                               established
     - EVENT_FST_SETUP - new FST session object created due to FST session
                         negotiation attempt by counterpart

All the FST CLI commands and notifications are also implemented on D-Bus
for wpa_supplicant.

IEEE 802.11 standard compliance

FST module implements FST setup statemachine in compliance with IEEE
802.11ad (P802.11-REVmc/D3.3), as it described in 10.32 Multi-band
operation (see also Figure 10-34 - States of the FST setup protocol).

Thus, for example, the FST module initiates FST switch automatically
when FST setup becomes established with LLT=0 in accordance with
10.32.2.2 Transitioning between states.

At the moment, FST module only supports non-transparent STA-based FST
(see 10.32.1 General).

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 18:26:15 +03:00
Anton Nayshtut
290078a734 Add IEEE 802.11ad element descriptions
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-07-16 12:33:29 +03:00
Jouni Malinen
05a90d78dc FT: Allow CCMP-256 and GCMP-256 as group ciphers
The FT-specific check for valid group cipher in wpa_ft_gen_req_ies() was
not up-to-date with the current list of supported ciphers. Fix this by
using a generic function to determine validity of the cipher. In
practice, this adds support for using CCMP-256 and GCMP-256 as the group
cipher with FT.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-07-07 16:25:06 +03:00
Jouni Malinen
359636170f hw_features: Merge similar return case in check_40mhz_2g4()
There is no need to have separate return statements for these corner
cases that are unlikely to be hit in practice.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-29 23:23:56 +03:00
Jouni Malinen
6c7314917b AP: Increase maximum value accepted for cwmin/cwmax
The cwmin/cwmax parameters were limited more than is needed. Allow the
full range (0..15 for wmm_ac_??_{cwmin,cwmax} and 1..32767 for
tx_queue_data?_{cwmin,cwmax}) to be used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-27 23:34:49 +03:00
Jouni Malinen
575e4f5d49 SAE: Reject FFC commit-element with value p-1
The current P802.11 description of SAE uses "1 < element < p" as the
required range. However, this is not correct and does not match the
Dragonfly description of "1 < element < p-1". SAE definition will need
to change here. Update the implementation to reject p-1 based on the
correct rule here.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-27 21:20:14 +03:00
Jouni Malinen
0c2b3f6541 SAE: Reject commit-scalar value 1
IEEE Std 802.11-2012 description of SAE does not require this, i.e., it
describes the requirement as 0 < scalar < r for processing the Commit
message. However, this is not correct and will be changes to 1 < scalar
< r to match the Dragonfly description so that a trivial secret case
will be avoided explicitly.

This is not much of an issue for the locally generated commit-scalar
since it would be very unlikely to get the value of 1. For Commit
message processing, a peer with knowledge of the password could
potentially force the exchange to expose key material without this
check.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-27 12:41:40 +03:00
Dmitry Shmidt
4f39908b60 Send CTRL-EVENT-NETWORK-NOT-FOUND if no suitable network was found
This provides more information to upper layer programs on what happens
with connection attempts in cases where the enabled networks are not
found in scan results.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2015-06-27 11:08:08 +03:00
Jouni Malinen
bbb50086e3 SAE: Use random "password" in extra hunting-and-pecking loops
If PWE is discovered before the minimum number of loops (k) is reached,
the extra iterations use a random "password" to further obfuscate the
cost of discovering PWE.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-26 22:41:51 +03:00
Jouni Malinen
eb5fee0bf5 SAE: Add side-channel protection to PWE derivation with ECC
This replaces the earlier IEEE Std 802.11-2012 algorithm with the design
from P802.11-REVmc/D4.0. Things brings in a blinding technique for
determining whether the pwd-seed results in a suitable PWE value.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-26 22:41:51 +03:00
Jouni Malinen
4584b66eae SAE: Increase security parameter k to 40 based on Dragonfly recommendation
draft-irtf-cfrg-dragonfly recommends implementation to set the security
parameter, k, to a value of at least 40. This will make PWE generation
take significantly more resources, but makes it more likely to hide
timing differences due to different number of loops needed to find a
suitable PWE.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-25 20:53:37 +03:00
Jouni Malinen
fdd731bd4a SAE: Fix PWE generation to use minimum loop count (k) properly
The implementation did not match the comment, i.e., only k-1 rounds were
required instead of k.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-25 20:53:37 +03:00
Jouni Malinen
8ec33326c1 SAE: Merge sae_derive_commit() error case return statements
These error cases have the exact same outcome, so a single return
statement can be used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 23:10:36 +03:00
Jouni Malinen
d93abd4a97 SAE: Merge sae_get_rand() error case return statements
These error cases have the exact same outcome, so a single return
statement can be used.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 23:10:36 +03:00
Jouni Malinen
6a58444d27 SAE: Verify that own/peer commit-scalar and COMMIT-ELEMENT are different
This check explicitly for reflection attack and stops authentication
immediately if that is detected instead of continuing to the following
4-way handshake that would fail due to the attacker not knowing the key
from the SAE exchange.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 23:10:36 +03:00
Jouni Malinen
5ed6519625 hw_features: Merge similar return cases
There is no need to have separate return statements for these corner
cases that are unlikely to be hit in practice.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-23 11:24:52 +03:00
Jouni Malinen
4e37dd6c60 SAE: Simplify sae_prepare_commit() error path
There is no need to keep separate "return -1" statements for these error
cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-22 00:38:02 +03:00
Jouni Malinen
efd5d26d33 Remove unnecessary wpa_ie_len check from wpa_parse_wpa_ie_wpa()
There is no need to have a separate "fail silently" case for wpa_ie_len
== 0. That condition does not seem to be reachable and even if it were,
the following "ie len too short" case will result in the exact same
return value.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-20 23:04:31 +03:00
Jouni Malinen
ce8963fc9f Remove WEP40/WEP104 cipher suite support for WPA/WPA2
As far as IEEE 802.11 standard is concerned, WEP is deprecated, but at
least in theory, allowed as a group cipher. This option is unlikely to
be deployed anywhere and to clean up the implementation, we might as
well remove all support for this combination.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-20 23:04:31 +03:00
Jouni Malinen
1887be4fa7 Make check_20mhz_bss() static
This is not used outside this file anymore, so there is no need to
export the symbol either.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-20 16:05:54 +03:00
Jouni Malinen
a9a4841010 Remove duplicated country code from operating class lists
CA country code was included mistakenly (copy-paste..) in cn_op_class_cc
while it was supposed to be included only in us_op_class_cc. In
practice, this did not result in incorrect operation due to the
us_op_class_cc list being checked first. Anyway, better fix
cn_op_class_cc to avoid confusion here.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-14 17:40:10 +03:00
Jouni Malinen
bbd0bf811e tests: Additional ieee802_11_parse_elems() module test coverage
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-14 16:47:29 +03:00
Jouni Malinen
41ecd3778d tests: Module test for gas.c corner cases in gas_anqp_set_len()
This increases code coverage for gas.c testing to cover areas that
cannot be reached with pure hwsim test cases.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-06-14 16:27:21 +03:00
Amr BEN ABDESSALEM
0c9fb14ec4 P2P: Add Operating class 125 for P2P supported channels
Add operating class 125 (channels 149..169) to the list of P2P supported
channels. This allows the 5 GHz channels 161 and 169 to be used for P2P
GO when those channels are allowed for AP mode in the current regulatory
domain.

Signed-off-by: Amr BEN ABDESSALEM <amrx.ben.abdessalem@intel.com>
2015-06-12 20:39:49 +03:00
Peng Xu
3784c0589e Extend hw_mode to support any band for offloaded ACS case
When device supports dual band operations with offloaded ACS, hw_mode
can now be set to any band (hw_mode=any) in order to allow ACS to select
the best channel from any band. After a channel is selected, the hw_mode
is updated for hostapd.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-05-27 12:17:57 +03:00
Sunil Dutt
279724d835 Add QCA vendor subcmd for Link Property Query
Link Property query vendor command shall facilitate the information
of the Wi-Fi link. MAC address of the Wi-Fi peer is given as an input
for querying the link properties.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-05-07 18:53:23 +03:00
Mikael Kanstrup
8b423edbd3 Declare all read only data structures as const
By analysing objdump output some read only structures were found in
.data section. To help compiler further optimize code declare these
as const.

Signed-off-by: Mikael Kanstrup <mikael.kanstrup@sonymobile.com>
2015-04-25 17:33:06 +03:00
Jouni Malinen
f4b64c603e Simplify VHT Operation element parsing
Check the element length in the parser and remove the length field from
struct ieee802_11_elems since the element is of fixed length.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-04-22 22:05:12 +03:00
Jouni Malinen
d6fefd64d2 Simplify HT Operation element parsing
Check the element length in the parser and remove the length field from
struct ieee802_11_elems since the element is of fixed length.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-04-22 22:05:11 +03:00
Jouni Malinen
40baac0e43 Simplify VHT Capabilities element parsing
Check the element length in the parser and remove the length field from
struct ieee802_11_elems since the element is of fixed length.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-04-22 22:05:11 +03:00
Jouni Malinen
baae4cb9b4 Simplify HT Capabilities element parsing
Check the element length in the parser and remove the length field from
struct ieee802_11_elems since the element is of fixed length.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-04-22 22:05:11 +03:00
Jouni Malinen
b39a05913a Simplify Timeout Interval element parsing
Remove the length field from struct ieee802_11_elems since the only
allowed element length is five and that is checked by the parser.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-04-22 22:05:11 +03:00
Jouni Malinen
e8997b9407 Simplify ERP element parsing
Check the element length in the parser and remove the length field from
struct ieee802_11_elems since the only allowed element length is one.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-04-22 22:05:11 +03:00
Jouni Malinen
f87c99c787 Simplify DSSS Parameter Set element parsing
Check the element length in the parser and remove the length field from
struct ieee802_11_elems since the only allowed element length is one.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-04-22 22:05:11 +03:00
Jouni Malinen
ae7a42bde2 FT: Check FT, MD, and Timeout Interval length in the parser
All the existing users of these elements were already validating the
element length. However, it is clearer to validate this already at the
parser for extra layer of protection for any future changes.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-04-22 22:05:11 +03:00
Jouni Malinen
a65d7495b5 tests: Add p2p-fuzzer
This program can be used to run fuzzing tests for areas related to P2P
message parsing and processing. p2p-fuzzer allows data files to be used
to inject Probe Response and Action frames for processing by the P2P
module.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-04-22 11:44:19 +03:00
Jouni Malinen
6fb761c690 Replace WPA_MAX_SSID_LEN with SSID_MAX_LEN
This makes the source code more consistent.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-04-22 11:44:18 +03:00
Jouni Malinen
d9d1b9527a Use SSID_MAX_LEN define instead of value 32 when comparing SSID length
This makes the implementation easier to understand.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-04-22 11:44:18 +03:00
Jouni Malinen
05e46a944a Ignore too long SSID element value in parser
The SSID element is defined to have a valid length range of 0-32. While
this length was supposed to validated by the users of the element
parser, there are not really any valid cases where the maximum length of
32 octet SSID would be exceeded and as such, the parser itself can
enforce the limit as an additional protection.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-04-22 11:44:18 +03:00
Jouni Malinen
90758f09ec Mark QCA vendor command id 53 reserved, but not used anymore
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-04-22 11:21:18 +03:00
Jouni Malinen
7f90a234b6 Add QCA vendor subcmd for OCB
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-04-22 01:05:52 +03:00
Nick Kralevich
d447cd596f Updates for stricter automatic memcpy bounds checking
Both Android's libc and glibc support _FORTIFY_SOURCE, a compiler
and libc feature which inserts automatic bounds checking into
common C functions such as memcpy() and strcpy(). If a buffer
overflow occurs when calling a hardened libc function, the
automatic bounds checking will safely shutdown the program and
prevent memory corruption.

Android is experimenting with _FORTIFY_SOURCE=3, a new fortify
level which enhances memcpy() to prevent overflowing an element
of a struct. Under the enhancements, code such as

  struct foo {
    char empty[0];
    char one[1];
    char a[10];
    char b[10];
  };

  int main() {
    foo myfoo;
    int n = atoi("11");
    memcpy(myfoo.a, "01234567890123456789", n);
    return 0;
  }

will cleanly crash when the memcpy() call is made.

Fixup hostap code to support the new level. Specifically:

* Fixup sha1_transform so it works with the enhanced bounds checking.
The old memcpy() code was attempting to write to context.h0, but that
structure element is too small and the write was extending (by design)
into h1, h2, h3, and h4. Use explicit assignments instead of
overflowing the struct element.

* Modify most of the structures in ieee802_11_defs.h to use ISO C99
flexible array members (https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html)
instead of a zero length array. Zero length arrays have zero length,
and any attempt to call memcpy() on such elements will always overflow.
Flexible array members have no such limitation. The only element not
adjusted is probe_req, since doing so will generate a compile time error,
and it's not obvious to me how to fix it.

Signed-off-by: Nick Kralevich <nnk@google.com>
2015-04-13 14:01:40 +03:00
Mark Salyzyn
0144ecb8c8 Android: wpa_ctrl missing include for sys/stat.h
wpa_ctrl.c gets sys/stat.h inherited from
private/android_filesystem_config.h it should
not rely on this in the future. The intent is
to move fs_config function into libcutils and
thus deprecate any need for sys/stat.h in this
include file.

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
2015-04-03 10:47:36 +03:00
Jouni Malinen
a52410c29f Allow PSK/passphrase to be set only when needed
The new network profile parameter mem_only_psk=1 can be used to specify
that the PSK/passphrase for that network is requested over the control
interface (ctrl_iface or D-Bus) similarly to the EAP network parameter
requests. The PSK/passphrase can then be configured temporarily in a way
that prevents it from getting stored to the configuration file.

For example:

Event:
CTRL-REQ-PSK_PASSPHRASE-0:PSK or passphrase needed for SSID test-wpa2-psk

Response:
CTRL-RSP-PSK_PASSPHRASE-0:"qwertyuiop"

Note: The response value uses the same encoding as the psk network
profile parameter, i.e., passphrase is within double quotation marks.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-28 11:05:13 +02:00
Ben Greear
0f8385e6fa Show OSEN key management properly in scan results
Old code defaulted to WEP for an AP advertising OSEN. Show as OSEN
instead. Re-use most of the RSN parsing logic since all but the header
is the same.

Example output:

[root@ath9k-f lanforge]# ./local/bin/wpa_cli -i sta0 scan_results
bssid / frequency / signal level / flags / ssid
00:0e:8e:6f:40:49	2462	-23	[OSEN-OSEN-CCMP][ESS]	ben-138

Signed-off-by: Ben Greear <greearb@candelatech.com>
2015-03-25 16:04:03 +02:00
Manikandan Mohan
857d94225a Extend offloaded ACS QCA vendor command to support VHT
Update ACS driver offload feature for VHT configuration. In addition,
this allows the chanlist parameter to be used to specify which channels
are included as options for the offloaded ACS case.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-03-23 12:18:05 +02:00
Jouni Malinen
2c50246078 Add a AP mode event message for possible PSK/passphrase mismatch
If the AP/Authenticator receives an EAPOL-Key msg 2/4 for an association
that negotiated use of PSK and the EAPOL-Key MIC does not match, it is
likely that the station is trying to use incorrect PSK/passphrase.
Report this with "AP-STA-POSSIBLE-PSK-MISMATCH <STA addr>" control
interface event.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-03-19 13:14:21 +02:00
Peter Oh
6128a90979 hostapd: Add channel 140 to allowed HT40 channel pairs
Channel 140 is needed as allowed HT40 channel pair to use
channel 144 introduced in 802.11ac for VHT40 and VHT80.

Signed-off-by: Peter Oh <poh@qca.qualcomm.com>
2015-03-16 12:03:36 +02:00
Jouni Malinen
8b949804b3 FT: Avoid unnecessary allocation for MIC calculation
Use the vector version of omac1_aes_128() to avoid unnecessary memory
allocation for each FTIE MIC calculation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-15 20:18:14 +02:00
Jouni Malinen
18da814be7 The master branch is now used for v2.5 development
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-15 19:38:15 +02:00
Jouni Malinen
bc04db9b06 Change version information for the 2.4 release
Signed-off-by: Jouni Malinen <j@w1.fi>
2015-03-15 19:30:39 +02:00
Sunil Dutt
b2329e4ad5 Add QCA vendor subcmd for Data Offload
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-03-07 19:19:30 +02:00
Jouni Malinen
f2f65dd685 Reserve QCA vendor specific nl80211 commands 61..90
These are reserved for QCA use.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-03-06 15:46:49 +02:00
Ahmad Kholaif
c13578c339 DFS offload: Add main DFS handler for offloaded case
Add handling logic for DFS offloaded case, and add a helper function
that takes the frequency (MHz) as a param and returns 1 if given channel
requires DFS, or 0 otherwise.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-03-05 17:21:30 +02:00
Jouni Malinen
1d747e2a98 Add snr and est_throughput to the BSS entries
These values were previously used only for sorting the scan results, but
it may be useful to provide access to the used values through the BSS
entries.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-22 11:09:54 +02:00
Janusz Dziedzic
ada157f3b0 Make hostapd_set_freq_params() common
Now this function can also be used from wpa_supplicant.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2015-02-21 16:07:53 +02:00
Ahmad Kholaif
480994dafb nl80211: Allocate QCA vendor subcmds for DFS radar detected and CAC events
When DFS offloading capability is supported by the driver, the driver
should use these events to indicate when a radar pattern has been
detected, channel availability check (CAC) has been completed, aborted
or finished after the non-occupancy period is over on a DFS channel.

Also, add a new driver.h event to be used by NL80211 to indicate CAC
Started event on a DFS channel.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-11 16:51:33 +02:00
Ahmad Kholaif
e0761c5b4a nl80211: Allocate QCA vendor subcmd for DFS CAC Start event
When DFS offloading capability is supported by the driver, the driver
should use this event to indicate when channel availability check (CAC)
is started on a DFS channel.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-09 18:48:36 +02:00
Jouni Malinen
1db718b3ce nl80211: Test vendor command and event
This adds testing code (for CONFIG_TESTING_OPTIONS=y builds only) to
send an nl80211 vendor command and report a test vendor event in case
the driver supports this.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-09 18:07:29 +02:00
Jouni Malinen
6b00512164 P2P: Add event messages for P2P_CONNECT-fallback-to-GO-Neg
This makes it easier for upper layer programs to follow progress of
P2P_CONNECT-auto operation.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-02-08 13:35:48 +02:00
Masashi Honma
79ddb2062e mesh: Add a monitor event on SAE authentication getting blocked
Send MESH-SAE-AUTH-BLOCKED event if SAE authentication is blocked. The
BLOCK state will finish when a new peer notification event is sent for
the same MAC address.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2015-02-07 22:33:23 +02:00
Masashi Honma
dd2cbafc89 mesh: Add a monitor event for SAE authentication failure
SAE authentication fails likely with wrong password. This commit adds a
notification of the failure to the upper application (UI) so that the
application can notify suspection of a wrong password to the user. The
control interface monitor even for this is "MESH-SAE-AUTH-FAILURE
addr=<peer>".

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2015-02-07 22:23:34 +02:00
Krishna Vamsi
5fefce2747 P2PS: Callback to send P2PS provisioning events
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-03 01:35:07 +02:00
Krishna Vamsi
d4b43b5886 P2PS: Add support to send ASP-RESP events
Send P2P-SERV-ASP-RESP events upon receiving GAS responses with
ASP services.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-03 01:35:06 +02:00
Brian Gix
b9348be18e P2PS: Add new P2P identifier assignments from P2P spec v1.5
These will be used for P2P Services.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-02-02 14:09:19 +02:00
Jouni Malinen
5e3b5197cc Add Suite B 192-bit AKM
WPA-EAP-SUITE-B-192 can now be used to select 192-bit level Suite B into
use as the key management method.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-27 01:43:52 +02:00
Jouni Malinen
98cd3d1c3b Preparations for variable length KCK and KEK
This modifies struct wpa_ptk to allow the length of KCK and KEK to be
stored. This is needed to allow longer keys to be used, e.g., with
Suite B 192-bit level.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-27 01:26:49 +02:00
ASHUTOSH NARAYAN
fb09ed3389 Interworking: Notify the ANQP parsing status
The ANQP verification/parsing is done only after the GAS_DONE indication
is sent over the control interface. This means that in case the ANQP
parsing fails there is no indication to the upper layers. Add an
ANQP-QUERY-DONE event that reports the status of the ANQP parsing.

Signed-off-by: ASHUTOSH NARAYAN <ashutoshx.narayan@intel.com>
2015-01-20 02:26:21 +02:00
Jouni Malinen
d07d3fbda2 Add peer certificate alt subject name information to EAP events
A new "CTRL-EVENT-EAP-PEER-ALT depth=<i> <alt name>" event is now used
to provide information about server certificate chain alternative
subject names for upper layers, e.g., to make it easier to configure
constraints on the server certificate. For example:
CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:server.example.com

Currently, this includes DNS, EMAIL, and URI components from the
certificates. Similar information is priovided to D-Bus Certification
signal in the new altsubject argument which is a string array of these
items.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-14 15:45:18 +02:00
Jouni Malinen
d29fa3a767 Extend VENDOR_ELEM parameters to cover non-P2P Association Request
The new VENDOR_ELEM value 13 can now be used to add a vendor element
into all (Re)Association Request frames, not just for P2P use cases like
the previous item was for.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2015-01-14 01:12:56 +02:00
Yanbo Li
e7d0e97bdb hostapd: Add vendor specific VHT extension for the 2.4 GHz band
This allows vendor specific information element to be used to advertise
support for VHT on 2.4 GHz band. In practice, this is used to enable use
of 256 QAM rates (VHT-MCS 8 and 9) on 2.4 GHz band.

This functionality is disabled by default, but can be enabled with
vendor_vht=1 parameter in hostapd.conf if the driver advertises support
for VHT on either 2.4 or 5 GHz bands.

Signed-off-by: Yanbo Li <yanbol@qti.qualcomm.com>
2015-01-14 00:59:22 +02:00
Jouni Malinen
6dfc55723d Remove mesh_ht_mode network block parameter
There should not be a mesh-specific mechanism for setting up channel
parameters since that will just result in duplicated code. IBSS, mesh,
and AP mode can use the same data structures and parameters for setting
up such parameters.

Signed-off-by: Jouni Malinen <j@w1.fi>
2015-01-10 17:35:53 +02:00
Janusz Dziedzic
a828f626af Make check_40mhz_2g4 common
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2015-01-10 17:35:53 +02:00
Janusz Dziedzic
fdd989d17a Make check_20mhz_bss common
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2015-01-10 17:35:53 +02:00
Janusz Dziedzic
0e550fe496 Make check_40mhz_5g common
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2015-01-10 17:35:53 +02:00
Janusz Dziedzic
6d5d098f77 Make get_pri_sec_chan() common
Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2015-01-10 17:35:53 +02:00
Janusz Dziedzic
514427437a Introduce common allowed_ht40_channel_pair()
This can be used from hostapd/wpa_supplicant.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2015-01-10 17:35:53 +02:00
Janusz Dziedzic
269dfe232b Introduce common hw features
Introduce wpa_supplicant/hostapd hw features.

Signed-off-by: Janusz Dziedzic <janusz.dziedzic@tieto.com>
2015-01-10 17:35:53 +02:00
Bob Copeland
f3b8ad4d78 SAE: Implement retransmission timer
Add the t0 retransmission timer as specified by IEEE Std 802.11-2012,
11.3.8.4. This makes SAE much more likely to succeed in the case of lost
frames.

Signed-off-by: Bob Copeland <me@bobcopeland.com>
2015-01-10 17:35:52 +02:00
Jouni Malinen
4e70bbf1c6 SAE: Clear keys from memory on disassociation
There is no need to keep temporary keys in memory beyond the end of the
association, so explicitly clear any SAE buffers that can contain keys
as soon as such keys are not needed.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-29 20:00:02 +02:00
Jouni Malinen
36f0cf3774 privsep: Fix compilation due to associate() parameter updates
struct wpa_driver_associate_params moved to using struct
hostapd_freq_params instead of just frequency. Need to update wpa_priv
to do same.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-25 16:37:12 +02:00
Jouni Malinen
9ae52e7034 Clean up VHT configuration validation
There is no need to use runtime call to find_first_bit() to determine
shift amount for a constant integer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-14 19:00:38 +02:00
Jouni Malinen
b0f33467a5 Clean up VHT override max A-MPDU override calculation
There is no need to use runtime call to find_first_bit() to determine
shift amount for a constant integer.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-14 18:48:59 +02:00
Jouni Malinen
72c5c289fb Add text names for number of the key_mgmt values
This completes STATUS command key_mgmt output for the missing values,
like SAE.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-12 13:40:07 +02:00
Chet Lanctot
15badebd47 nl80211: Add QCA vendor specific query of device/driver features
This commit introduces a QCA vendor command that allows interrogation of
the vendor-specific features supported by the device/driver. Currently
the only defined feature is the ability to offload key management.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-09 21:08:21 +02:00
Jouni Malinen
1f102d3bb0 Check os_snprintf() result more consistently - manual
This converts os_snprintf() result validation cases to use
os_snprintf_error() for cases that were note covered by spatch and
semantic patches.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
d85e1fc8a5 Check os_snprintf() result more consistently - automatic 1
This converts os_snprintf() result validation cases to use
os_snprintf_error() where the exact rule used in os_snprintf_error() was
used. These changes were done automatically with spatch using the
following semantic patch:

@@
identifier E1;
expression E2,E3,E4,E5,E6;
statement S1;
@@

(
  E1 = os_snprintf(E2, E3, ...);
|
  int E1 = os_snprintf(E2, E3, ...);
|
  if (E5)
	E1 = os_snprintf(E2, E3, ...);
  else
	E1 = os_snprintf(E2, E3, ...);
|
  if (E5)
	E1 = os_snprintf(E2, E3, ...);
  else if (E6)
	E1 = os_snprintf(E2, E3, ...);
  else
	E1 = 0;
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	return -1;
  }
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else if (E6) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	return -1;
  }
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	E1 = os_snprintf(E2, E3, ...);
  }
)
? os_free(E4);
- if (E1 < 0 || \( E1 >= E3 \| (size_t) E1 >= E3 \| (unsigned int) E1 >= E3 \| E1 >= (int) E3 \))
+ if (os_snprintf_error(E3, E1))
(
  S1
|
{ ... }
)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
89b48f7b95 Use os_zalloc() instead of os_malloc() and os_memset()
Automatically updated with spatch and the following semantic patch:

@@
expression X;
expression E1;
statement S;
@@

- X = os_malloc(E1);
+ X = os_zalloc(E1);
(
  if (X == NULL) {
	...
  }
- os_memset(X, 0, E1);
|
  if (X == NULL)
	S
- os_memset(X, 0, E1);
)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Peng Xu
16689c7cfc hostapd: Allow ACS to be offloaded to the driver
Using QCA vendor command, allow ACS function to be offloaded to the
driver. Once channels are selected, hostapd is notified to perform OBSS
operation.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-03 22:31:53 +02:00
Jouni Malinen
994d6f4629 Add a name for an assigned QCA nl80211 vendor subcmd
Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-02 23:36:12 +02:00
Jouni Malinen
e48635cfb0 Rename QCA nl80211 vendor subcmds to match AOSP names
This makes the enum vendor_subcmds definitions more consistent with the
names used in Android.

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>
2014-12-02 16:20:35 +02:00
Masashi Honma
a959a3b69d SAE: Fix Anti-Clogging Token request frame format
This commit inserts Finite Cyclic Group to Anti-Clogging Token request
frame because IEEE Std 802.11-2012, Table 8-29 says "Finite Cyclic Group
is present if Status is zero or 76".

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-11-25 16:08:53 +02:00
Masashi Honma
872b754512 mesh: Fix SAE anti-clogging functionality for mesh
The mesh anti-clogging functionality is implemented partially. This
patch fixes to parse anti-clogging request frame and use anti-clogging
token.

Signed-off-by: Masashi Honma <masashi.honma@gmail.com>
2014-11-25 15:33:04 +02:00
Jouni Malinen
649c0a6974 WPA: Use more explicit WPA/RSN selector count validation
Some static analyzers had problems understanding "left < count * len"
(CID 62855, CID 62856), so convert this to equivalent "count > left /
len" (len here is fixed to 4, so this can be done efficiently).

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-11-23 21:08:13 +02:00