Jouni Malinen [Sun, 4 Dec 2011 19:04:24 +0000 (21:04 +0200)]
SME: Fix processing of Authentication request failure
The wpa_state needs to be dropped back to DISCONNECTED to allow scan
results to trigger a new authentication attempt. In addition, we can use
wpas_connection_failed() instead of requesting a scan after a fixed time
to make this error case more consistent with other similar error paths
in sme.c.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 4 Dec 2011 15:21:22 +0000 (17:21 +0200)]
EAP-AKA peer: Keep pseudonym identity across EAP exchanges
This updates EAP-AKA peer implementation with the changes that previous
commits did for EAP-SIM.
Signed-hostap: Jouni Malinen <j@w1.fi>
Simon Baatz [Sun, 4 Dec 2011 15:17:21 +0000 (17:17 +0200)]
EAP-SIM peer: Only log the identities that we actually forget
[Bug 425]
Simon Baatz [Sun, 4 Dec 2011 15:15:16 +0000 (17:15 +0200)]
EAP-SIM: Keep pseudonym identity
The pseudonym is a temporary identity, but is no one-time identifier (like
the fast re-authentication identity). Thus, do not forget it if the server
does not include it in every challenge. There are servers that include the
pseudonym identity only at full-auth. [Bug 424]
Jouni Malinen [Sun, 4 Dec 2011 15:06:35 +0000 (17:06 +0200)]
Use explicit type casting to avoid sign extensions
Make sure sign extension does not end up getting used here by
explicitly type casting the variables to correct size.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 4 Dec 2011 14:59:16 +0000 (16:59 +0200)]
Check nt_password_hash() return code
While this is unlikely to fail in practice, better be more consistent
in validating nt_password_hash() result.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 4 Dec 2011 14:40:06 +0000 (16:40 +0200)]
Check wpa_supplicant_parse_ies() return value more consistently
Reject messages that fail to be parsed instead of trying to use
partially parsed information.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 4 Dec 2011 11:12:30 +0000 (13:12 +0200)]
Fix basic_rates copying
Commit
e5693c4775bae65faa960f80889f98b0a6cb2e1c used incorrect
sizeof to copy the basic rates.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 4 Dec 2011 10:46:01 +0000 (12:46 +0200)]
Fix no-NEED_AP_MLME build
Commit
34445d12eeb2eea53f50e5021e260dc0d07cbbbd forgot to convert
the hostapd_prepare_rates() inline wrapper for builds that do not
define NEED_AP_MLME.
Signed-hostap: Jouni Malinen <j@w1.fi>
Arik Nemtsov [Sun, 4 Dec 2011 10:10:11 +0000 (12:10 +0200)]
Allow Action frames with unknown BSSID in GO mode
P2P invitation responses are transmitted with the BSSID set to the peer
address. Pass these action frames up to allow the GO to receive the
Invitation Response (and avoid sending the Invitation Request multiple
times).
Signed-off-by: Arik Nemtsov <arik@wizery.com>
Johannes Berg [Sat, 3 Dec 2011 18:46:12 +0000 (20:46 +0200)]
nl80211: Do not encrypt IEEE 802.1X WEP EAPOL
Set the NL80211_ATTR_CONTROL_PORT_NO_ENCRYPT flag for nl80211 to tell
drivers (mac80211) to not encrypt the EAPOL frames for WEP IEEE 802.1X.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Sat, 3 Dec 2011 18:14:53 +0000 (20:14 +0200)]
nl80211: Allocate nl CB for BSS RX
In preparation for things that receive on a BSS-specific handle,
allocate a CB for it and hook it up to receive functions.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Sat, 3 Dec 2011 18:10:44 +0000 (20:10 +0200)]
nl80211: Rename process_event
The next patch will add process_bss_event, rename process_event to
process_drv_event to differentiate between them.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Sat, 3 Dec 2011 18:07:54 +0000 (20:07 +0200)]
nl80211: Pass cb to eloop function
By passing the nl_cb as the context to the eloop function we can
(in the next patch) use the same eloop function for BSS events.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Sat, 3 Dec 2011 18:00:11 +0000 (20:00 +0200)]
nl80211: Use one CB for driver event RX
There's no need to clone the CB all the time
and then assign it, just use a constant one.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Sat, 3 Dec 2011 17:55:22 +0000 (19:55 +0200)]
nl80211: Store frequency in bss struct
Storing the frequency in the bss struct allows using it for frame
commands in AP mode and not relying on the driver struct as much, which
is good for hostapd mode.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Sat, 3 Dec 2011 17:47:01 +0000 (19:47 +0200)]
nl80211: Move AP SME setup to mode change
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Sat, 3 Dec 2011 17:32:23 +0000 (19:32 +0200)]
nl80211: Use socket error queue for EAPOL TX status
This will allow getting TX status for EAPOL frames
sent as data frames if the driver supports it.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Jouni Malinen [Sat, 3 Dec 2011 15:37:48 +0000 (17:37 +0200)]
EAP server: Force identity request after INITIALIZE for passthrough
Previously, sm->start_reauth was set to TRUE in SUCCESS2 state to force
reauthentication to start with EAP identity request. This works fine for
the case of EAP success through the AAA passthrough authentication, but
is not enough to handle passthrough authentication failure. sm->identity
is set in that case and getDecision would return PASSTHROUGH instead of
CONTINUE (to Identity method).
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 3 Dec 2011 11:20:40 +0000 (13:20 +0200)]
Update internal MAC address on EVENT_INTERFACE_ENABLED events
This allows the MAC address of the interface to be changed when the
interface is set down even if the interface does not get completed
removed and re-added.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 3 Dec 2011 11:18:57 +0000 (13:18 +0200)]
nl80211: Ignore interface up event if interface is down
The RTM_NEWLINK even can have IFF_UP flag even if the interface is
down. Do not generate EVENT_INTERFACE_ENABLED event based on such a
message.
Signed-hostap: Jouni Malinen <j@w1.fi>
Johan Hedlund [Sat, 3 Dec 2011 11:02:57 +0000 (13:02 +0200)]
Update RSN supplicant MAC address on driver reinitialization
I have a test case where I remove and insert another network adapter
between two connections to AP. The interface get the same interface name
but switches macadresses between the connections. When running WPA2 I
got a failure in EAPOL negotiation and found out that the reason for
this was that the supplicant did not update the MAC address in the
correct place.
Jouni Malinen [Sat, 3 Dec 2011 10:47:34 +0000 (12:47 +0200)]
nl80211: Use binary hexdump for scan IEs instead of text
The IEs are binary data, so there is not much point in trying
to show them as ASCII data in debug prints.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 3 Dec 2011 10:20:17 +0000 (12:20 +0200)]
Convert hostapd_prepare_rates() to use struct hostapd_iface
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 3 Dec 2011 10:16:03 +0000 (12:16 +0200)]
Merge set_rate_sets() driver_ops into set_ap()
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 3 Dec 2011 09:57:13 +0000 (11:57 +0200)]
Remove unused parameters from set_rate_sets()
Only setting of the basic rate set was supported, so remove the
unused parameters.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 3 Dec 2011 09:46:47 +0000 (11:46 +0200)]
hostapd: Show driver event names in debug log
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 3 Dec 2011 09:43:18 +0000 (11:43 +0200)]
nl80211: Merge ap_isolate configuration into nl80211_set_bss()
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sat, 3 Dec 2011 09:38:51 +0000 (11:38 +0200)]
Fix a typo in a comment
Signed-hostap: Jouni Malinen <j@w1.fi>
Szymon Bigos [Fri, 2 Dec 2011 21:04:39 +0000 (23:04 +0200)]
Fix generated WPS PIN values to use zero-padding
The dynamically generated PINs are supposed to have 8 digits, but
some PIN generatation cases were not zero-padding these properly.
Jouni Malinen [Thu, 1 Dec 2011 20:14:07 +0000 (22:14 +0200)]
Add example WPS AP mode UI for wpa_supplicant
This script shows some minimal WPS user interface requirements for
mobile AP support with wpa_supplicant.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 1 Dec 2011 20:12:03 +0000 (22:12 +0200)]
wpa_supplicant AP: Allows passphrase to be fetched
"wpa_cli status wps" can now be used to fetch the WPA2-Personal
passphrase from AP mode operation with wpa_supplicant to make it
easier to meet WPS requirements for legacy STA support.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 1 Dec 2011 19:46:19 +0000 (21:46 +0200)]
WPS: Disable WPS(v2) in WPA/TKIP-only configuration
When using wpa_supplicant AP mode, WPS support is enabled by default for
WPA/WPA2-Personal. Change this to enforce the WPS2 rules on not allowing
WPS to be used with WPA/TKIP-only configuration (i.e., at minimum, mixed
mode with WPA/TKIP and WPA2/CCMP has to be used for WPS to be enabled).
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 1 Dec 2011 16:22:56 +0000 (18:22 +0200)]
Call wpas_connection_failed() only if actually trying to connect
A disconnection event from the driver may end up getting delivered at a
time when wpa_supplicant is not even trying to connect (e.g., during a
scan that was already started after WPS provisioning step). In such a
case, there is not much point calling wpas_connection_failed() and
skipping this avoids confusing attempts of re-starting scanning while
the previous scan is still in progress.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 1 Dec 2011 16:22:10 +0000 (18:22 +0200)]
Make reconnect-on-disassoc debug prints somewhat more helpful
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 1 Dec 2011 08:46:06 +0000 (10:46 +0200)]
P2P: Clear show_group_started on GO start
The show_group_started variable could be left to 1 based on an earlier
failed attempt to start P2P client operation. This can result in
unexpected P2P-GROUP-STARTED event when a GO is started without group
formation (e.g., re-invoke a persistent group or start an autonomous
GO). Avoid this by explicitly clearing show_group_start when setting up
the GO.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Bharat Chakravarty [Wed, 30 Nov 2011 15:44:43 +0000 (17:44 +0200)]
WPS: Allow RF Bands value to be overridden
A new hostapd.conf parameter, wps_rf_bands, can now be used to fix the
RF Bands value in cases where hw_mode is not set or when operating a
dual band dual concurrent AP.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Subrat Dash [Wed, 30 Nov 2011 14:48:14 +0000 (16:48 +0200)]
WPS: Fix stopping of active WPS operation on dual concurrent AP
When hostapd controls multiple radios, WPS operations are started on
all interfaces. However, when the provisioning run had been completed
successfully, actiove WPS mode was stopped only a single interface. Fix
this to iterate through all interfaces so that this is handled
consistently with the starting of WPS operation.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Wed, 30 Nov 2011 12:44:23 +0000 (14:44 +0200)]
WPS ER: Fix segfault in some selected registrar change cases
Commit
628d54639a90f779fd5c98c31e049638de56b17e introduced number
of new WPS related ctrl_iface messages to hostapd. Some of these
were for ER events which do not make any sense to hostapd that
cannot operate as an ER. The WPS_EV_ER_SET_SELECTED_REGISTRAR one
from wps_registrar_sel_registrar_changed_event() was especially
problematic since it can cause wpa_supplicant ER code segfault due
to missing event data.
Revert all the ER specific changes from commit
628d54639a90f779fd5c98c31e049638de56b17e to get rid of the segfault
and undesired extra code in hostapd.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Arik Nemtsov [Tue, 29 Nov 2011 21:45:07 +0000 (23:45 +0200)]
Set ht_capab from based on driver capabilities when in P2P GO mode
Set the HT capabilities of a P2P GO according to the wiphy supported
ones. Mask-in a white-list of HT capabilities that won't cause problems
for non-supporting stations.
Signed-hostap: Arik Nemtsov <arik@wizery.com>
Jouni Malinen [Tue, 29 Nov 2011 18:05:58 +0000 (20:05 +0200)]
Increase min sched_scan interval from 2 to 10 seconds
Trying to run sched_scan round every two seconds by defaults sounds way
too frequent since dualband cards are unlikely to be able to complete
the full scan cycle in two seconds. For now, set the hardcoded value to
10 seconds to make this somewhat more reasonable.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Dmitry Shmidt [Wed, 23 Nov 2011 14:29:28 +0000 (16:29 +0200)]
Android: nl80211: Add Android specific PNO configuration
This is based on the Android driver_cmd changes that are converted to
use the sched_scan/stop_sched_scan driver_ops for the case where the
driver does not support the new nl80211 commands.
Change-Id: Iaedc340f84650af422bd2ea57d2a8b0a9d4a5330
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Dmitry Shmidt [Fri, 25 Nov 2011 19:49:03 +0000 (21:49 +0200)]
Android: wext: Add sched_scan functions for PNO
(jm: This is based on the Android change that used driver_cmd. The same
implementation is used for the actual driver interface, but the commands
are now accessed through sched_scan/stop_sched_scan driver_ops instead
of driver_cmd)
Dmitry Shmidt [Fri, 25 Nov 2011 19:08:52 +0000 (21:08 +0200)]
Android: wext: Add driver state events
Dmitry Shmidt [Tue, 29 Nov 2011 10:56:32 +0000 (12:56 +0200)]
Fix pno_start() to initialize SSID list properly
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Jouni Malinen [Mon, 28 Nov 2011 16:36:36 +0000 (18:36 +0200)]
Use normal scan before sched_scan if that can speed up connection
When normal scan can speed up operations, use that for the first three
scan runs before starting the sched_scan to allow user space sleep more.
We do this only if the normal scan has functionality that is suitable
for this or if the sched_scan does not have better support for multiple
SSIDs.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 28 Nov 2011 16:12:38 +0000 (18:12 +0200)]
Add broadcast SSID for sched_scan for scan_ssid=0 networks
Previously, only networks with scan_ssid=1 were included in sched_scan.
This needs to behave similarly to the normal scan where broadcast SSID
is used to find networks that are not scanned for with a specific SSID.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 28 Nov 2011 16:09:37 +0000 (18:09 +0200)]
Use common code for disabled network case in sched_scan
There is no need to implement two copies of the iteration code here.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 28 Nov 2011 15:52:36 +0000 (17:52 +0200)]
Drop sched_scan filter if not enough match sets supported
Instead of including only a single SSID in the sched_scan request if
the driver does not support match sets, just drop the SSID filter and
configure more SSIDs up to the sched_scan limit.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 28 Nov 2011 15:52:02 +0000 (17:52 +0200)]
Make sched_scan debug clearer on timeout use
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 28 Nov 2011 14:35:30 +0000 (16:35 +0200)]
Stop sched_scan on DISCONNECT command
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 28 Nov 2011 14:32:44 +0000 (16:32 +0200)]
Add preferred network offload (PNO) functionality
"SET pno <1/0>" ctrl_iface command can now be used to start/stop PNO
with sched_scan driver commands. This will request offloading of
scanning to find any of the enabled networks in the configuration.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Mon, 28 Nov 2011 13:19:41 +0000 (15:19 +0200)]
Fix sched_scan filter_ssids setting for no filters case
The filter_ssids pointer needs to be set to NULL if no SSID filters
are set to avoid filtering out all scan results.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Sun, 27 Nov 2011 21:00:37 +0000 (23:00 +0200)]
Interworking: Verify that BSS information includes SSID
Better make sure that the SSID is available before dereferencing
the pointer to the SSID element.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 27 Nov 2011 20:45:01 +0000 (22:45 +0200)]
EAP-AKA: Use strdup instead of strlen + malloc + memcpy
While the copy is not used as a null terminated string, this can prevent
some static analyzers from complaining about non-issue.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 27 Nov 2011 20:43:21 +0000 (22:43 +0200)]
EAP-PEAP: Remove unused hdr assignment
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 27 Nov 2011 20:41:38 +0000 (22:41 +0200)]
EAP-PSK: Fix memory leak on error path
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 27 Nov 2011 20:33:54 +0000 (22:33 +0200)]
TLS: Add support for SHA256-based cipher suites from RFC 5246
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 27 Nov 2011 20:17:41 +0000 (22:17 +0200)]
wpa_passphrase: Include SHA256 objects to fix some build combinations
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 27 Nov 2011 20:13:52 +0000 (22:13 +0200)]
TLS: Update file headers to include TLS v1.2 support
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 27 Nov 2011 19:58:52 +0000 (21:58 +0200)]
Include TLS v1.1 and v1.2 support in library build
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 27 Nov 2011 19:58:27 +0000 (21:58 +0200)]
TLS: Allow TLS v1.2 to be negotiated
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 27 Nov 2011 19:56:26 +0000 (21:56 +0200)]
TLS: Add TLS v1.2 style CertificateVerify functionality
Add support for generating and verifying RFC 3447 RSASSA-PKCS1-v1_5
style DigestInfo for TLS v1.2 CertificateVerify. For now, this is
hardcoded to only support SHA256-based digest.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 27 Nov 2011 19:54:15 +0000 (21:54 +0200)]
TLS: Add SHA256-based verify_data derivation for TLS v1.2
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 27 Nov 2011 19:48:34 +0000 (21:48 +0200)]
TLS: Maintain SHA256-based hash values for TLS v1.2
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 27 Nov 2011 19:45:07 +0000 (21:45 +0200)]
TLS: Add build configuration for TLS v1.2 support
This allows the internal TLS implementation to be built for TLS v1.2
support. In addition to the build option, this changes the TLS PRF
based on the negotiated version number. Though, this commit does not
yet complete support for TLS v1.2.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 27 Nov 2011 19:38:25 +0000 (21:38 +0200)]
TLS: Assume explicit IV for TLS v1.1 and newer
This is needed to allow TLS v1.2 to be supported.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 27 Nov 2011 19:36:56 +0000 (21:36 +0200)]
TLS: Increase maximum MAC key from 20 to 32 octets
This is in prepartion of adding support for SHA256-based operations
with TLS v1.2.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 27 Nov 2011 19:35:11 +0000 (21:35 +0200)]
TLS: Pass version to tls_prf() in preparation for new PRFs
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 27 Nov 2011 19:27:01 +0000 (21:27 +0200)]
Rename tls_prf() to tls_prf_sha1_md5()
Prepare for multiple TLS PRF functions by renaming the SHA1+MD5 based
TLS PRF function to more specific name and add tls_prf() within the
internal TLS implementation as a wrapper for this for now.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 27 Nov 2011 19:20:18 +0000 (21:20 +0200)]
TLS: Add helper functions for version number handling
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 27 Nov 2011 19:07:44 +0000 (21:07 +0200)]
Add implementation of TLS v1.2 PRF (P_SHA256)
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 27 Nov 2011 19:05:10 +0000 (21:05 +0200)]
hostapd: Define CONFIG_SHA256 for SHA256 builds
wpa_supplicant was already doing this and hostapd will need to define
this for future additions.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 27 Nov 2011 19:00:59 +0000 (21:00 +0200)]
Add SHA256-hash functions to generic crypto_hash_* functions
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 27 Nov 2011 16:33:11 +0000 (18:33 +0200)]
test-https: Fix memory leaks in TLS processing
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 27 Nov 2011 11:21:36 +0000 (13:21 +0200)]
TLS: Add a debug information on unsupported private key format
Provide easier to understand reason for failure to use the old
OpenSSL encrypted private key format.
Signed-hostap: Jouni Malinen <j@w1.fi>
Dmitry Shmidt [Tue, 23 Aug 2011 19:30:30 +0000 (12:30 -0700)]
wpa_cli: Add action script call on P2P-GO-NEG-FAILURE events
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Jouni Malinen [Tue, 15 Nov 2011 18:10:23 +0000 (20:10 +0200)]
wext: Define some new values if linux/wireless.h is too old
IW_ENCODE_ALG_PMK and IW_ENC_CAPA_4WAY_HANDSHAKE are not defined in the
Android tree, so add compatibility defines for these.
Signed-hostap: Jouni Malinen <j@w1.fi>
Dmitry Shmidt [Thu, 21 Jul 2011 22:19:46 +0000 (15:19 -0700)]
P2P: Send STA connected/disconnected events to parent ctrl_iface
Send the connection events from P2P group to both the group interface
and parent interface ctrl_ifaces to make it easier for external monitor
programs to see these events without having to listen to all group
interfaces when virtual group interfaces are used.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Jouni Malinen [Fri, 25 Nov 2011 16:12:04 +0000 (18:12 +0200)]
Fix sched_scan filter setting for max_match_sets == 0
The previous implementation was trying to add the first SSID
to a zero-length array. Avoid this with an explicit validation
of the array length.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 25 Nov 2011 15:46:00 +0000 (17:46 +0200)]
nl80211: Do not set sched_scan filter if driver does not support it
cfg80211 will reject the NL80211_CMD_START_SCHED_SCAN if too many
match sets are requested. To avoid being completely unable to start
any scheduled scans, skip setting these filters if the driver did
not advertise support for large enough number of match sets.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Fri, 25 Nov 2011 11:11:22 +0000 (13:11 +0200)]
nl80211: Implement set_p2p_powersave for legacy_ps changes
This adds initial implementation of set_p2p_powersave to allow legacy PS
mode to be configured. P2P PS parameters are not yet supported.
Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
Jouni Malinen [Thu, 24 Nov 2011 20:46:14 +0000 (22:46 +0200)]
Use wpa_key_mgmt_*() helpers
This cleans up the source code and makes it less likely that new AKM
addition misses some needed changes in the future.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 24 Nov 2011 20:30:15 +0000 (22:30 +0200)]
Do not save an invalid network block in wpa_supplicant.conf
wpa_supplicant is going to reject a configuration file that uses
WPA/WPA2-Personal (the default key_mgmt), but does not define
passphrase/PSK. Refuse to save such a configuration to avoid getting
stuck with a configuration that wpa_supplicant will reject.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 24 Nov 2011 20:22:16 +0000 (22:22 +0200)]
Do not write all zeros device_type
This is the default value if device_type is not set, so do not
write it to the wpa_supplicant configuration file when saving
updated configuration.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Thu, 24 Nov 2011 20:05:33 +0000 (22:05 +0200)]
WPS: Include WSC IE in (Re)Association Response for maybe-WPS case
If the station is indicating use of WPS, WSC IE should be added into the
(Re)Association Response frame. This is clear for the case when WSC IE
was included in the (Re)Association Request frame. However, even the
WLAN_STA_MAYBE_WPS case may actually indicate use of WPS. Assume that to
be the case when WPA/WPA2 is enabled (i.e., when the STA does not
include WPA/RSN/WSC IE while AP has WPA/RSN enabled).
Signed-hostap: Jouni Malinen <j@w1.fi>
Dmitry Shmidt [Tue, 19 Apr 2011 23:42:47 +0000 (16:42 -0700)]
Add 'get country' command
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
David Spinadel [Thu, 24 Nov 2011 19:19:52 +0000 (21:19 +0200)]
wpa_cli: Correct return value of wpa_cli_cmd_p2p_peers
Signed-off-by: David Spinadel <david.spinadel@intel.com>
Jouni Malinen [Thu, 24 Nov 2011 18:54:20 +0000 (20:54 +0200)]
Add test program for RC4 (test vectors from RFC 6229)
Signed-hostap: Jouni Malinen <j@w1.fi>
Dmitry Shmidt [Wed, 23 Nov 2011 15:58:44 +0000 (17:58 +0200)]
Android: Move WPA_BUILD check in Android.mk
This is part of commit
e61a2d6db6113da5fad91660764afdb0596dbc46 from
Android wpa_supplicant_8.git.
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
Jeff Brown [Wed, 23 Nov 2011 15:56:41 +0000 (17:56 +0200)]
Android: Remove the simulator target from all makefiles
This is commit
bbda627478b0e9a312fea4662cd7cd8d6bdf82bf from
Android wpa_supplicant_8.git.
Jouni Malinen [Sun, 20 Nov 2011 10:53:29 +0000 (12:53 +0200)]
Move wpa_sm_remove_pmkid() call to PMKSA cache entry freeing
This makes it clearer that the PMKSA caching entry gets removed from
the driver regardless of how the internal entry from wpa_supplicant
gets cleared. In practice, this call was skipped only for the case
when the entry for the current AP was being updated, so the previous
version was likely to work with all drivers. Anyway, it is cleaner
to explicitly remove the old entry even in that case before the new
entry gets added.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 20 Nov 2011 10:42:47 +0000 (12:42 +0200)]
Fix wired EAPOL authenticator
Commit
940a0ce9702095bb079bd97857a2605516f83157 moved the STA associated
check from driver_*.c into ieee802_1x_receive(), but failed to take into
account that wired networks and driver_wired.c do not mark the STA entry
associated. Fix this by skipping the check if the driver wrapper is
using a wired network.
Signed-hostap: Jouni Malinen <j@w1.fi>
Jouni Malinen [Sun, 20 Nov 2011 10:19:28 +0000 (12:19 +0200)]
Avoid possible compiler warning in os_gmtime()
Use time_t instead of os_time_t variable with the gmtime() call to
avoid possible compiler warnings.
Signed-hostap: Jouni Malinen <j@w1.fi>
Kel Modderman [Sat, 19 Nov 2011 18:10:37 +0000 (20:10 +0200)]
wpa_gui-qt4: Improve scan results signal display
Display signal strength in dBm with visual indicator in the form of a
bar for scan results displayed by wpa_gui-qt4. Any signal > -35dBm is
treated as full signal bar, signals between range of -95<->-35dBm are
displayed linearly. Convert WEXT signal level value to scale that
nl80211 typically reports in dBm. The condition which differentiates
8-bit WEXT dBm and regular dBm is probably fragile, but there is
currently no way to know what the driver is going to report for signal
strength.
Signed-off-by: Kel Modderman <kel@otaku42.de>
Johannes Berg [Sat, 19 Nov 2011 17:56:34 +0000 (19:56 +0200)]
nl80211: Set offchannel-OK selectively
It's not really valid to send off-channel in all cases,
so pass whether it should be allowed or not and don't
set it in the AP case.
Also, to get the right ifindex for hostapd, pass a bss
pointer instead of the drv pointer.
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Johannes Berg [Sat, 19 Nov 2011 17:48:49 +0000 (19:48 +0200)]
nl80211: Move preq NL handle into BSS
Signed-hostap: Johannes Berg <johannes.berg@intel.com>
Jouni Malinen [Sat, 19 Nov 2011 17:32:05 +0000 (19:32 +0200)]
nl80211: Add no_ack support for NL80211_CMD_FRAME
This is needed to allow no-ACK operation with Probe Response frames
in P2P Listen state.
Signed-hostap: Jouni Malinen <j@w1.fi>
Helmut Schaa [Sat, 19 Nov 2011 17:22:13 +0000 (19:22 +0200)]
nl80211: Implement noack policy for send_mlme
Signed-hostap: Helmut Schaa <helmut.schaa@googlemail.com>
Jouni Malinen [Sat, 19 Nov 2011 17:15:10 +0000 (19:15 +0200)]
P2P: Send Listen state Probe Response frames without retries
Use the no-ACK send_mlme request to transmit Probe Response frames
in P2P Listen state. This reduces number of unnecessary transmissions
if the peer device has already moved away from the channel. It will most
likely go through Search state multiple times anyway, so even if the
response were to be lost, a new retry will happen at higher layer.
Signed-hostap: Jouni Malinen <j@w1.fi>