www.project-moonshot.org Git - mech

P2P NFC: Static handover with NFC Tag on client

This adds a new P2P Invitation mechanism to invite a P2P Device with an
NFC Tag to an already operating group when the GO with NFC Device reads
the NFC Tag. The P2P Device with the NFC Tag will then accept invitation
and connect to the group automatically using its OOB Device Password.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

P2P NFC: Enable own NFC Tag on GO Registrar

When "P2P_SET nfc_tag 1" is used to enable the own NFC Tag for P2P, also
enable it for any running GO interface.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

P2P NFC: Add GO info into handover message when in client role

P2P Group ID can optionally be included in the connection handover
messages when acting as a P2P Client in a group. Add this information
and show it in the P2P-NFC-PEER-CLIENT event message.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

P2P NFC: Optimize join-a-group operation based on NFC information

When the NFC connection handover message received from a peer indicates
that the peer is operating as a GO on a specific channel, use that
information to avoid having to go through full scan. In addition, skip
the separate join-a-group scan since we already know the operating
channel, GO P2P Device Address, and SSID.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

P2P NFC: Copy DH parameters to a separate group interface

The DH public and private key needs to be copied for the separate group
interface if that is used for a P2P group.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

WPS NFC: Update DH keys for ER operations

Since wpa_s->conf->wps_nfc_dh_* parameters can be set in number of code
paths, update the wps_context copy of the DH keys even if no new keys
were generated for the request. This tries to avoid some cases where
public key hash may not have matched the public key used in the ER
operation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

WPS NFC: Use pubkey mismatch config error from Enrollee

This was already done for Registrar, but the Enrollee case did not
set config error properly if Registrar public key did not match the
hash received during NFC connection handover.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

P2P NFC: Add processing of P2P client while NFC handover case

Instead of automatically triggering a connection, provide an indication
of one of the devices being a P2P client to upper layers to allow user
to determine what to do next.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

P2P NFC: Do not try to join peer if both devices are already GO

Send a P2P-NFC-BOTH-GO event to upper layers to determine what to
do in case both devices going through NFC connection handover are
already operating as a GO.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

P2P: Add test option to disable IP address assignment request

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

P2P: Add support for IP address assignment in 4-way handshake

This new mechanism allows P2P Client to request an IPv4 address from the
GO as part of the 4-way handshake to avoid use of DHCP exchange after
4-way handshake. If the new mechanism is used, the assigned IP address
is shown in the P2P-GROUP-STARTED event on the client side with
following new parameters: ip_addr, ip_mask, go_ip_addr. The assigned IP
address is included in the AP-STA-CONNECTED event on the GO side as a
new ip_addr parameter. The IP address is valid for the duration of the
association.

The IP address pool for this new mechanism is configured as global
wpa_supplicant configuration file parameters ip_addr_go, ip_addr_mask,
ip_addr_star, ip_addr_end. For example:

ip_addr_go=192.168.42.1
ip_addr_mask=255.255.255.0
ip_addr_start=192.168.42.2
ip_addr_end=192.168.42.100

DHCP mechanism is expected to be enabled at the same time to support P2P
Devices that do not use the new mechanism. The easiest way of managing
the IP addresses is by splitting the IP address range into two parts and
assign a separate range for wpa_supplicant and DHCP server.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

P2P NFC: Optimize GO Negotiation retries

When NFC connection handover is used to trigger GO Negotiation, the
channel used for the GO Negotiation frames is already known. As such,
there is no need to use the Listen operations to find the peer.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

P2P NFC: Add NFC tag enabling for static handover

The device with the NFC Tag can be configured to enable NFC to be used
with "P2P_SET nfc_tag 1" and "P2P_LISTEN" commands to allow static
handover to be used.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

P2P NFC: Report handover select from tag for static handover

WPS_NFC_TAG_READ can be used to report static connection handover where
the connection handover select message was read from an NFC tag.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

P2P NFC: Report connection handover as trigger for P2P

"NFC_REPORT_HANDOVER {INIT,RESP} P2P <req> <sel>" can now be used to
report completed NFC negotiated connection handover in which the P2P
alternative carrier was selected.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

P2P NFC: Build connection handover messages

"NFC_GET_HANDOVER_{REQ,SEL} NDEF P2P-CR" can now be used to build P2P
alternative carrier record for NFC connection handover request/select
messages.

Static connection handover case can be enabled by configuring the DH
parameters (either with wps_nfc_* configuration parameters or with
WPS_NFC_TOKEN command at run time. The NFC Tag contents can be generated
with "NFC_GET_HANDOVER_SEL NDEF P2P-CR-TAG" after having configured
Listen channel (p2p_listen_reg_class/p2p_listen_channel).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

P2P NFC: Define WPS_NFC config method

This will be used to track NFC as config method in P2P operations.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

P2P NFC: Allow separate WPS/P2P IES to be parsed

This will be needed for processing the NFC connection handover messages
for P2P.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

P2P NFC: Pass OOB Dev Password through P2P parser

This will be needed for processing the NFC connection handover messages
for P2P.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

P2P NFC: Pass OOB Device Password ID to P2P

GO Negotiation needs to know which OOB Device Password ID is assigned
for the peer when NFC is used as the trigger.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

P2P NFC: Add WPS attribute building for P2P NFC

These functions can be used to build the WPS attributes for P2P NFC
connection handover messages.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

P2P NFC: Add NDEF helpers for P2P connection handover messages

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

P2P NFC: Add OOB GO Negotiation Channel attribute

Add definition and helper functions for the new OOB GO Negotiation
Channel attribute.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

WPS NFC: Allow BSSID and channel to be included in handover select

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

NFC: Update WPS ER to use the new connection handover design

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

WPS NFC: Add support for wpa_supplicant AP/GO mode to use handover

New functionality is needed for this with the update NFC connection
handover design that depends on the AP side using the public key hash
from the handover request.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

WPS NFC: Process new style handover select

The new WPS connection handover select includes Registrar public key
hash instead of credential. Use the new information to start
abbreviated WPS handshake instead of configuring a new network directly
from the old Credential-from-NFC design.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

WPS NFC: New style connection handover select from AP/Registrar

The contents of the WPS connection handover select message was modified
to include the Registrar public key hash instead of the credential.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

WPS NFC: Add AP mode connection handover report

The new NFC connection handover design requires the AP/Registrar to
process the connection handover request message received from the
Enrollee. Add control interface commands for handling this.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

WPS NFC: Build new style carrier record for connection handover request

It is more useful to be able to build a single NFC carrier record
instead of the full connection handover request message to allow
external components to decide whether to negotiate which alternative
carrier is used. This updates the carrier record contents to the new
design to include Enrollee public key hash and provides this as a
carrier record instead of full message. An external program is expected
to be used to build the full NFC connection handover message with
potentially other alternative carrier records included.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

WPS NFC: Split DH key generation to a separate function

This allows DH key generation to be shared for other purposes than just
the case of OOB Device Password building. In addition, force the DH
public key buffer to be full 192 octets with zero padding to avoid
issues with the buffer being used in messages sent to a peer device.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

WPS NFC: Update NFC connection handover design

The new Device Password ID 7 is used to indicate that NFC connection
handover is used with DH public key hash from both devices being
exchanged over the NFC connection handover messages. This allows an
abbreviated M1-M2 handshake to be used since Device Password does not
need to be used when DH is authenticated with the out-of-band
information (validation of the public key against the hash).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

WPS NFC: Use abbreviated handshake if both PK hashes delivered OOB

When both the Registrar and Enrollee public key hashes are delivered
out-of-band (in NFC connection handover), use abbreviated WPS handshake
(skip M3-M8).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

WPS: Preparations for allowing SSID filtering for provisioning step

If the SSID of the WPS AP is known, it should be possible to limit AP
selection based on this when searching for an active WPS AP. This commit
adds a mechanism to specify SSID for this type of uses.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

WPS NFC: Validate peer public key hash on Enrollee

Since the Enrollee can now get the public key hash from the Registrar,
there is need to validate this during the WPS protocol run.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

WPS NFC: Send M2D with config error 20 on pkhash mismatch

Instead of terminating the WPS protocol immediately, go through an M2D
exchange to notify Enrollee of the public key hash mismatch.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

WPS: Remove Version attribute from NFC messages

This old Version attribute is not really needed anymore for these use
cases with the assumption that there are no existing WPS+NFC
deployments. It was removed from the WSC specification, so make the
implementation match that change.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

WPS: Add builder functions for AP Channel and RF Bands attributes

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

P2P: Make group operating channel available

Provide local GO channel to the P2P module so that it can be used in
messages that indicate the current operating channel.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

P2P: Split add-group-info into a helper function

This functionality is needed for other messages, too, so split the group
info building code into a separate helper function.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

P2P: Apply unsafe frequency rules to available channels

This adds a QCA vendor specific nl80211 event to allow the driver to
indicate a list of frequency ranges that should be avoided due to
interference or possible known co-existance constraints. Such
frequencies are marked as not allowed for P2P use to force groups to be
formed on different channels.

If a P2P GO is operating on a channel that the driver recommended not to
use, a notification about this is sent on the control interface and
upper layer code may decide to tear down the group and optionally
restart it on another channel. As a TODO item, this could also be changed
to use CSA to avoid removing the group.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

Add a header file defining QCA OUI and vendor extensions

This file is used as a registry of identifier assignments from the
Qualcomm Atheros OUI 00:13:74 for purposes other than MAC address
assignment. One of the first uses will be for nl80211 vendor
commands/events which is reason for the preparation change in
driver_nl80211.c

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

Increase global ctrl_iface buffer to same size as per-interface

Since the global ctrl_iface can be used with IFNAME= prefix to send
commands to be processed by per-interface code, it should have the same
(well, close to same since the prefix takes some space) limits on
command length as the per-interface ctrl_iface. Increase the buffer from
256 to 4096 to achieve this.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

tests: Verify GAS/ANQP use during PMF association

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

GAS client: Use Protected Dual of Public Action frames with PMF

When GAS is used with PMF negotiated, Protected Dual of Public Action
frames are expected to be used instead of Public Action frames, i.e.,
the GAS/ANQP frames are expected to be encrypted. Conver Public Action
GAS queries to use Dual of Public Action frame if PMF has been
negotiated with the AP to which the frame is being sent.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

GAS server: Add support for Protected Dual of Public Action frames

When GAS is used with PMF negotiated, Protected Dual of Public Action
frames are expected to be used instead of Public Action frames, i.e.,
the GAS/ANQP frames are expected to be encrypted. Add support for this
different category of Action frames being used for GAS. The payload
after the Category field is identical, so the only change is in using
the Category field based on what was received in the request frames. For
backwards compatibility, do not enforce protected dual to be used on the
AP side, i.e., follow what the station does.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

Add definitions for Protected Dual of Public Action frames

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

hostapd: Fix PMF robust Action frame processing rules

Due to misplaced parenthesis, unprotected not-Robust Action frames
(e.g., Public Action frames) were dropped in handle_assoc() when such
frames were received during an association that had negotiated use of
PMF. This is not correct since only unprotected Robust Action frames
were supposed to be handled in this way.

This would have broken any Public Action frame use during PMF
association, but such frames were not really supposed to be used
currently (ANQP as the only possible use case should really use
protected dual option in such case).

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

Clear more configuration parameters to default on FLUSH

This makes it more convenient for test scripts to change parameters for
a specific test case without having to separately clear them between
each test case.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

wpa_supplicant: Schedule PNO on completion of ongoing sched_scan

When start PNO request comes from control interface, wpa_supplicant
should wait until ongoing sched_scan (triggered by wpa_supplicant)
gets cancelled. Issuing cancel sched_scan and start PNO scan
one after another from pno_start() would lead wpa_supplicant to clear
wps->sched_scanning flag while getting sched_scan stopped event
from driver for cancel sched_scan request. In fact, PNO scan will
be in progress in driver and wpa_s->sched_scanning will not be set
in such cases.

In addition to this change, RSSI threshold limit is passed as part of
start sched_scan request. This was previously set only in pno_start(),
but the same parameter should be available for generic sched_scan calls
as well and this can now be reached through the new PNO start sequence.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

nl80211: Fix sizeof check in vendor command/event handling

Fix sizeof in a validity comparison of nl80211_vendor_cmd_info size. The
incorrect version happened to work on 64-bit builds due the structure
being eight octets, but this was incorrect and would not used with
32-bit builds.

Signed-hostap: Max Stepanov <Max.Stepanov@intel.com>

hostapd: Fix segmentation fault when calling hostapd_cli all_sta

While iterating over the stations hostapd_ctrl_iface_sta_mib()
might be called with sta == NULL. Fix this.

Signed-hostap: Ilan Peer <ilan.peer@intel.com>

wpa_supplicant: Fix seg fault in wpas_ctrl_radio_work_flush() in error case

Verify wpa_s->radio pointer before accessing it. If interface addition
fails, this could get called before wpa_s->radio has been set.

The segmentation fault details:

Program received signal SIGSEGV, Segmentation fault.
0x00000000004b9591 in wpas_ctrl_radio_work_flush (wpa_s=0x77fff0) at ctrl_iface.c:5754
5754 dl_list_for_each_safe(work, tmp, &wpa_s->radio->work,

Call stack:
0  wpas_ctrl_radio_work_flush (wpa_s=0x77fff0) at ctrl_iface.c:5754
1  wpa_supplicant_deinit_iface (wpa_s=0x77fff0, notify=0, terminate=0) at wpa_supplicant.c:3619
2  wpa_supplicant_add_iface (global=0x75db10, iface=0x7fffffffe270) at wpa_supplicant.c:3691
3  wpas_p2p_add_p2pdev_interface (wpa_s=0x75dd20) at p2p_supplicant.c:3700
4  main (argc=<optimized out>, argv=<optimized out>) at main.c:317

Function:
5750 void wpas_ctrl_radio_work_flush(struct wpa_supplicant *wpa_s)
5751 {
5752 struct wpa_radio_work *work, *tmp;
5753
5754 dl_list_for_each_safe(work, tmp, &wpa_s->radio->work,
5755       struct wpa_radio_work, list) {
5756 struct wpa_external_work *ework;
5757
5758 if (os_strncmp(work->type, "ext:", 4) != 0)

Root cause:
(gdb) p wpa_s->radio
$1 = (struct wpa_radio *) 0x0

Signed-hostap: Max Stepanov <Max.Stepanov@intel.com>

P2P: Clone dtim_period to a new interface

Cloning dtim_period is needed for P2P GO.

Signed-hostap: David Spinadel <david.spinadel@intel.com>

Update copyright years in the manpages

Signed-hostap: Jouni Malinen <j@w1.fi>

Sync manpages and command-line options

Signed-hostap: Dan Williams <dcbw@redhat.com>

Add manpage for eapol_test

Signed-hostap: Dan Williams <dcbw@redhat.com>

wpa_supplicant: Fix usage text based on build options

Signed-hostap: Dan Williams <dcbw@redhat.com>

P2P: Reduce peer expiration age to 60 sec and allow customization

The new default value (from 300 to 60 seconds) makes the internal P2P
peer list somewhat faster to react to peers becoming unreachable while
still maintaining entries for some time to avoid them disappearing
during user interaction (e.g., selecting a peer for a connection or
entering a PIN).

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>

Skip normal scan when PNO is already in progress

Scan request failures are observed in wpa_supplicant debug log when
Android framework starts PNO scan in driver via ctrl interface command
'set pno 1' and wpa_supplicant also tries to issue a scan request after
PNO has started in the driver.

Some drivers may reject a normal scan request when PNO is already in
progress. wpa_supplicant should consider PNO status before issuing start
scan request to the driver. Otherwise, wpa_supplicant will get failures
from driver for the scan request and it will end up rescheduling scan
request in periodic interval and get a start scan request failure for
each attempt.

In order to avoid unnecessary scan attempt when PNO scan is already
running, PNO status is checked before issuing scan request to driver.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

P2P: Extend the listen time based on the active concurrent session

A P2P Device while in the Listen state waiting to respond for the
obtained group negotiation request shall give a fair chance for other
concurrent sessions to use the shared radio by inducing an idle time
between the successive listen states. However, if there are no
concurrent operations, this idle time can be reduced.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

tests: Verify peer discovery in no-Probe Request case

Verify that PD Request followed by GO Negotiation Request is enough to
learn the Listen frequency of the peer.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

P2P: Allow GO Negotiation Request to update peer entry after PD

Previously, GO Negotiation Request frame was used to update a peer entry
if only a Probe Request from that peer had been received. However, it
would be possible, even if unlikely, for a peer to be discovered based
on receiving Provision Discovery Request frame from it and no Probe
Request frame. In such a case, the Listen frequency of the peer would
not be known and group formation could not be (re-)initialized with that
peer. Fix this by allowing the GO Negotiation Request frame to update
peer entry if the current peer entry does not include Listen or
Operating frequency.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

hwsim tests: vm: add optional time-warp

To test the code under the influence of time jumps, add the option
(--timewarp) to the VM tests to reset the clock all the time, which
makes the wall clock time jump speed up 20x, causing gettimeofday()
to be unreliable for timeout calculations.

Signed-hostap: Johannes Berg <johannes.berg@intel.com>

P2P: Add missing direct global ctrl_iface commands for P2P

It should be noted that these commands are not exclusively used for P2P
or in the global context, so use of these commands through the global
control interface for operations that are specific to a single interface
have undefined behavior and that behavior may change in the future. As
such, these are recommend only for operations that are in the global
context (e.g., for P2P management).

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>

P2P: Use GO's operating channel to optimize scan during join

Use P2P GO's operating channel information, if known, to do a single
channel scan during the join operation.

Signed-hostap: Jithu Jance <jithu@broadcom.com>

P2P: Don't expire the peer, if GO Negotiation is in progress

This adds one more case of active P2P peer detection so that
p2p_expire_peers() cannot hit a case where a GO Negotiation peer would
be removed.

Signed-hostap: Jithu Jance <jithu@broadcom.com>

Use minimal scan delay upon EVENT_INTERFACE_ADDED

This patch resets the static interface_count to zero in case of
wpa_supplicant_driver_init() call for wpa_s which is in
INTERFACE_DISABLED state. This interface_count is used for the delay of
the scan which is now minimal for dynamically added interfaces. This may
collide with a scan for another interface, but the same is true for any
chosen delay in this scenario. Also the state change to DISCONNECTED is
moved to wpa_supplicant_driver_init() so it will move from
INTERFACE_DISABLED to INACTIVE when there are no enabled networks.

Tested-by: Hante Meuleman <meuleman@broadcom.com>
Signed-off-by: Arend van Spriel <arend@broadcom.com>

Reset normal_scans counter upon entering INTERFACE_DISABLED state

Depending on the implementation, the scheduled scan may not give results
quickly when in DISCONNECTED state. This patch resets
wpa_s::normal_scans upon entering to the INTERFACE_DISABLED state so a
normal scan is assured upon going to DISCONNECTED state after the
interface has been re-enabled. This mainly solves a long reconnect time
observed upon repeated kernel driver reloads, i.e., third reload
resulted in a scheduled scan.

Reviewed-by: Hante Meuleman <meuleman@broadcom.com>
Signed-hostap: Arend van Spriel <arend@broadcom.com>

tests: Add some delay before wlantest operations

Since wlantest is a separate process that is not synchronized with rest
of the test components, there can be some latency in it having the STA
entries and counters updated. There is a race condition between this
happening and then test script clearing or fetching data. Make this race
condition less likely to cause bogus test failures by adding some wait
between these operations.

Signed-hostap: Jouni Malinen <j@w1.fi>

tests: Run dump_monitor() again if scan was pending

In addition to running the FLUSH command again, the pending monitor
interface events need be cleared in case the driver was running a scan
when reset() is called. This avoids issues, e.g., with discovery_dev_id
failing due to an unexpected P2P-DEVICE-FOUND event that was generated
by the pending scan operation that had not yet complete when the first
dump_monitor() call in reset() happened.

Signed-hostap: Jouni Malinen <j@w1.fi>

nl80211: Pass station supported channel and oper class info

Pass station supported channel and operating class information to kernel
for TDLS peers.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>x

TDLS: Pass peer's Supported channel and oper class info during sta_add

The information of the peer's supported channel and operating class
is required for the driver to do TDLS off channel operations with a
compatible peer. Pass this information to the driver when the peer
station is getting added.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

hostapd: DFS setup seg0 correctly for HT40-

Fix seg0 calculation for HT40+/HT40-.

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>

hostapd: DFS/CSA check if CSA in progress

Check if CSA is already in progress, before triggering a new channel
switch.

Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>

Android: Remove hostapd dump_file functionality

Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>

hwsim tests: vm: read a config file from $HOME

The vm-config in the subdirectory is less useful as it
will get removed by "git clean" and similar, so read a
config file from ~/.wpas-vm-config in addition.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>

hwsim tests: add a hwsim controller module

The controller module allows adding/destroying radios on the fly
with the recent hwsim changes.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>

P2P: Limit join-a-group scans based on SSID from invitation

If we already know the SSID of the P2P group we are trying to join, use
that SSID to limit scan responses and BSS selection since we do not
really look for any other network in this case. In addition, this can
fix cases where the peer has just changed its SSID (e.g., started a new
group) and there may be multiple BSS entries for the same BSSID.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

tests: Double the connection timeout for EAP cases

It looks like slow virtual machines may have issues to complete some EAP
authentication cases (e.g., EAP-EKE in ap_ft_eap) within the 10 second
timeout under load. Double the timeout to avoid incorrect test failures.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

tests: Clear data from ongoing scan on reset()

It was possible for the previous test case to leave unexpected BSS or
P2P peer table entries if a scan was in progress when the FLUSH command
was used. This could result in test failures, e.g., when running
discovery_dev_type_go followed by discovery_group_client where a P2P
peer was discovered on another channel at the end of the former test
case from a scan that was running durign the FLUSH operation that was
supposed to remove all P2P peers. This could result in
discovery_group_client failing due to dev[2] trying to send the
discoverability frame on incorrect channel (the one learned in the
previous test case) since discover_peer() skipped a new device
discovery. Fix this by running FLUSH operation again if a pending scan
operation is detected during the first FLUSH operation.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>

Flush secondary device types on FLUSH command

This makes it possible to clear previously configured secondary device
types.

Signed-hostap: Jouni Malinen <j@w1.fi>

tests: P2P device discovery filtering on Device ID and Device Type

Signed-hostap: Jouni Malinen <j@w1.fi>

P2P: Allow requested device type to be specified with p2p_find

This allows filtering of P2P peers that reply to the device discovery
Probe Request frames.

Signed-hostap: Jouni Malinen <j@w1.fi>

tests: EAP-TLS with OCSP

Signed-hostap: Jouni Malinen <j@w1.fi>

tests: PKCS#12 use for EAP-TLS

Signed-hostap: Jouni Malinen <j@w1.fi>

tests: CA certificate in DER format

Signed-hostap: Jouni Malinen <j@w1.fi>

tests: Server certificate trust based on hash value

Signed-hostap: Jouni Malinen <j@w1.fi>

tests: subject_match and altsubject_match

Signed-hostap: Jouni Malinen <j@w1.fi>

Clear configuration blobs on FLUSH command

All te network blocks and credentials were already cleared, but
configurations blobs should also be cleared here, e.g., to get
more consistent behavior test cases using EAP-FAST PACs.

Signed-hostap: Jouni Malinen <j@w1.fi>

tests: EAP-FAST

Signed-hostap: Jouni Malinen <j@w1.fi>

Skip network disabling on expected EAP failure

Some EAP methods can go through a step that is expected to fail and as
such, should not trigger temporary network disabling when processing
EAP-Failure or deauthentication. EAP-WSC for WPS was already handled as
a special case, but similar behavior is needed for EAP-FAST with
unauthenticated provisioning.

Signed-hostap: Jouni Malinen <j@w1.fi>

EAP-FAST peer: Make debug clearer on missing pac_file configuration

EAP-FAST requires pac_file to be configured, so make it clearer from the
debug output if missing configuration parameter was the reason for
EAP-FAST initialization failing.

Signed-hostap: Jouni Malinen <j@w1.fi>

tests: Verify all implemented EAP-pwd groups

Signed-hostap: Jouni Malinen <j@w1.fi>

tests: Include vendor extension in WPS M1

Signed-hostap: Jouni Malinen <j@w1.fi>

tests: WPS AP using fragmented WPS IE

Signed-hostap: Jouni Malinen <j@w1.fi>

tests: WPS 2.0 AP rejecting WEP configuration

Signed-hostap: Jouni Malinen <j@w1.fi>

tests: External password storage

Signed-hostap: Jouni Malinen <j@w1.fi>

EXT PW: Fix hash return in password fetching

The hash return buffer was previously left uninitialized in case
externally stored password ("password=ext:...") was used. This could
result in MSCHAPv2 failure if that uninitialized memory happened to be
something else than zero.

Signed-hostap: Jouni Malinen <j@w1.fi>

hostapd: Skip full AP configuration validation on SET command

It is possible for the configuration to be temporarily invalid when
adding a new AP through SET commands followed by ENABLE. Avoid this
issue by using less strict validation on SET commands and perform full
configuration validation only on ENABLE. Use cases with configuration
file maintain their previous behavior, i.e., full validation after the
file has been read.

Signed-hostap: Jouni Malinen <j@w1.fi>