]> git.ipfire.org Git - thirdparty/hostap.git/log
thirdparty/hostap.git
13 years agoSME: Fix re-try after auth/assoc timeout/failure
Jouni Malinen [Thu, 25 Nov 2010 20:00:04 +0000 (22:00 +0200)] 
SME: Fix re-try after auth/assoc timeout/failure

There were various issues in how the SME (i.e., nl80211-based driver
interface) handled various authentication and association timeouts and
failures. Authentication failure was not handled at all (wpa_supplicant
just stopped trying to connect completely), authentication timeout
resulted in blacklisting not working in the expected way (i.e., the same
BSS could be selected continuously), and association cases had similar
problems.

Use a common function to handle all these cases and fix the blacklist
operation. Use smaller delay before trying to scan again during the
initial cycle through the available APs to speed up connection. Add
a special case for another-BSS-in-the-same-ESS being present to
speed up recovery from networks with multiple APs doing load balancing
in various odd ways that are deployed out there.

13 years agoP2P: Fix Action frame sending after disconnection
Jouni Malinen [Thu, 25 Nov 2010 14:04:07 +0000 (16:04 +0200)] 
P2P: Fix Action frame sending after disconnection

assoc_freq needs to be cleared when an interface gets disconnected.
This fixes an issue where P2P Action frame transmission may fail
because of missing remain-on-channel operation when using the same
interface for group operations (or non-P2P connections) and P2P
management operations.

13 years agoP2P: Add p2p_unauthorize command
Sudhakar Swaminathan [Thu, 25 Nov 2010 11:09:50 +0000 (13:09 +0200)] 
P2P: Add p2p_unauthorize command

This can be used to remove authorization from a previous p2p_connect
commands that has not yet resulted in completed GO Negotiation.

13 years agoConvert most commonly used drv ops to real function calls
Jouni Malinen [Wed, 24 Nov 2010 15:01:21 +0000 (17:01 +0200)] 
Convert most commonly used drv ops to real function calls

Getting rid of these inline functions seems to reduce the code size
quite a bit, so convert the most commonly used hostapd driver ops to
function calls.

13 years agoFix CONFIG_AP=y build without CONFIG_P2P=y
Jouni Malinen [Wed, 24 Nov 2010 14:55:17 +0000 (16:55 +0200)] 
Fix CONFIG_AP=y build without CONFIG_P2P=y

13 years agoFix wpa_supplicant AP mode build after hostapd changes
Jouni Malinen [Wed, 24 Nov 2010 14:52:04 +0000 (16:52 +0200)] 
Fix wpa_supplicant AP mode build after hostapd changes

13 years agoGet rid of struct hostapd_driver_ops abstraction
Jouni Malinen [Wed, 24 Nov 2010 14:50:06 +0000 (16:50 +0200)] 
Get rid of struct hostapd_driver_ops abstraction

This is not needed anymore and just makes things more difficult
to understand, so move the remaining function pointers to direct
function calls and get rid of the struct hostapd_driver_ops.

13 years agohostapd_driver_ops reduction
Jouni Malinen [Wed, 24 Nov 2010 14:34:49 +0000 (16:34 +0200)] 
hostapd_driver_ops reduction

send_eapol, set_key, read_sta_data, sta_clear_stats,
set_radius_acl_auth, set_radius_acl_expire, and set_beacon
to use inline functions instead of extra abstraction.

13 years agohostapd_driver_ops reduction
Jouni Malinen [Wed, 24 Nov 2010 13:36:02 +0000 (15:36 +0200)] 
hostapd_driver_ops reduction

set_sta_vlan, get_inact_sec, sta_deauth, sta_disassoc, and sta_remove
to use inline functions instead of extra abstraction.

13 years agohostapd_driver_ops reduction: set_countermeasures
Jouni Malinen [Wed, 24 Nov 2010 13:26:44 +0000 (15:26 +0200)] 
hostapd_driver_ops reduction: set_countermeasures

13 years agohostapd: Start removing struct hostapd_driver_ops abstraction
Jouni Malinen [Wed, 24 Nov 2010 13:19:50 +0000 (15:19 +0200)] 
hostapd: Start removing struct hostapd_driver_ops abstraction

Commit bf65bc638fe438b96f2986580ad167d5e276ef4c started the path to
add this new abstraction for driver operations in AP mode to allow
wpa_supplicant to control AP mode operations. At that point, the
extra abstraction was needed, but it is not needed anymore since
hostapd and wpa_supplicant share the same struct wpa_driver_ops.

Start removing the unneeded abstraction by converting
send_mgmt_frame() to an inline function, hostapd_drv_send_mlme().
This is similar to the design that is used in wpa_supplicant and
that was used in hostapd in the past (hostapd_send_mgmt_frame()
inline function).

13 years agol2_packet: Use wpa_printf() instead of perror()
Jouni Malinen [Wed, 24 Nov 2010 13:00:22 +0000 (15:00 +0200)] 
l2_packet: Use wpa_printf() instead of perror()

13 years agonl80211: Fix send commands to return 0 on success
Jouni Malinen [Wed, 24 Nov 2010 12:58:58 +0000 (14:58 +0200)] 
nl80211: Fix send commands to return 0 on success

driver.h defines these functions to return 0 on success, not
number of bytes transmitted. Most callers are checking "< 0" for
error condition, but not all. Address this by following the driver
API specification on 0 meaning success.

13 years agoP2P: Fix RX ack status on Action frames sent via interface in GO mode
Albert Liu [Wed, 24 Nov 2010 12:25:33 +0000 (14:25 +0200)] 
P2P: Fix RX ack status on Action frames sent via interface in GO mode

The wpa_supplicant_event() EVENT_TX_STATUS ack field needs to be
converted to use wpas_send_action_tx_status()
enum p2p_send_action_result in this case, too, to avoid getting
incorrect TX status for P2P processing.

13 years agohostapd: Verify availability of random data when using WPA/WPA2
Jouni Malinen [Wed, 24 Nov 2010 11:08:03 +0000 (13:08 +0200)] 
hostapd: Verify availability of random data when using WPA/WPA2

On Linux, verify that the kernel entropy pool is capable of providing
strong random data before allowing WPA/WPA2 connection to be
established. If 20 bytes of data cannot be read from /dev/random,
force first two 4-way handshakes to fail while collecting entropy
into the internal pool in hostapd. After that, give up on /dev/random
and allow the AP to function based on the combination of /dev/urandom
and whatever data has been collected into the internal entropy pool.

13 years agoFix memory leak on EAPOL Authenticator error path
Masashi Honma [Tue, 23 Nov 2010 23:42:50 +0000 (01:42 +0200)] 
Fix memory leak on EAPOL Authenticator error path

wlan0: RADIUS No authentication server configured
MEMLEAK[0x999feb8]: len 1040
WPA_TRACE: memleak - START
[3]: ./hostapd(radius_msg_new+0x33) [0x8074f43]
     radius_msg_new() ../src/radius/radius.c:117
[4]: ./hostapd() [0x806095e]
     ieee802_1x_encapsulate_radius() ../src/ap/ieee802_1x.c:439
     ieee802_1x_aaa_send() ../src/ap/ieee802_1x.c:1496

For example, this error occured when I used WPS hostapd without
"eap_server=1" definition in configuration file.

13 years agoMaintain internal entropy pool for augmenting random number generation
Jouni Malinen [Tue, 23 Nov 2010 23:29:40 +0000 (01:29 +0200)] 
Maintain internal entropy pool for augmenting random number generation

By default, make hostapd and wpa_supplicant maintain an internal
entropy pool that is fed with following information:

hostapd:
- Probe Request frames (timing, RSSI)
- Association events (timing)
- SNonce from Supplicants

wpa_supplicant:
- Scan results (timing, signal/noise)
- Association events (timing)

The internal pool is used to augment the random numbers generated
with the OS mechanism (os_get_random()). While the internal
implementation is not expected to be very strong due to limited
amount of generic (non-platform specific) information to feed the
pool, this may strengthen key derivation on some devices that are
not configured to provide strong random numbers through
os_get_random() (e.g., /dev/urandom on Linux/BSD).

This new mechanism is not supposed to replace proper OS provided
random number generation mechanism. The OS mechanism needs to be
initialized properly (e.g., hw random number generator,
maintaining entropy pool over reboots, etc.) for any of the
security assumptions to hold.

If the os_get_random() is known to provide strong ramdom data (e.g., on
Linux/BSD, the board in question is known to have reliable source of
random data from /dev/urandom), the internal hostapd random pool can be
disabled. This will save some in binary size and CPU use. However, this
should only be considered for builds that are known to be used on
devices that meet the requirements described above. The internal pool
is disabled by adding CONFIG_NO_RANDOM_POOL=y to the .config file.

13 years agoFix hlr_auc_gw build with CONFIG_WPA_TRACE=y
Jouni Malinen [Tue, 23 Nov 2010 23:10:48 +0000 (01:10 +0200)] 
Fix hlr_auc_gw build with CONFIG_WPA_TRACE=y

13 years agoAnnotate places depending on strong random numbers
Jouni Malinen [Tue, 23 Nov 2010 23:05:20 +0000 (01:05 +0200)] 
Annotate places depending on strong random numbers

This commit adds a new wrapper, random_get_bytes(), that is currently
defined to use os_get_random() as is. The places using
random_get_bytes() depend on the returned value being strong random
number, i.e., something that is infeasible for external device to
figure out. These values are used either directly as a key or as
nonces/challenges that are used as input for key derivation or
authentication.

The remaining direct uses of os_get_random() do not need as strong
random numbers to function correctly.

13 years agoRe-initialize GMK and Key Counter on first station connection
Jouni Malinen [Tue, 23 Nov 2010 22:52:46 +0000 (00:52 +0200)] 
Re-initialize GMK and Key Counter on first station connection

This adds more time for the system entropy pool to be filled before
requesting random data for generating the WPA/WPA2 encryption keys.
This can be helpful especially on embedded devices that do not have
hardware random number generator and may lack good sources of
randomness especially early in the bootup sequence when hostapd is
likely to be started.

GMK and Key Counter are still initialized once in the beginning to
match the RSN Authenticator state machine behavior and to make sure
that the driver does not transmit broadcast frames unencrypted.
However, both GMK (and GTK derived from it) and Key Counter will be
re-initialized when the first station connects and is about to
enter 4-way handshake.

13 years agowlantest: Update STA State based on broadcast Deauth/Disassoc
Jouni Malinen [Tue, 23 Nov 2010 12:37:21 +0000 (14:37 +0200)] 
wlantest: Update STA State based on broadcast Deauth/Disassoc

13 years agowlantest: Implement IEEE 802.11 duplicate detection
Jouni Malinen [Tue, 23 Nov 2010 12:27:28 +0000 (14:27 +0200)] 
wlantest: Implement IEEE 802.11 duplicate detection

This cleans up debug logs by avoiding incorrect entries on TKIP/CCMP
replays and some state changes.

13 years agowlantest: Show broadcast Deauth/Disassoc info in debug
Jouni Malinen [Tue, 23 Nov 2010 11:16:23 +0000 (13:16 +0200)] 
wlantest: Show broadcast Deauth/Disassoc info in debug

13 years agowlantest: Check STA State when validating need for CCMP for mgmt
Jouni Malinen [Tue, 23 Nov 2010 11:15:25 +0000 (13:15 +0200)] 
wlantest: Check STA State when validating need for CCMP for mgmt

If the STA is in State 1 or 2, Deauth/Disassoc frames are not
protected, so no need to complain about them being sent without CCMP.

13 years agoReport errors from key derivation/configuration
Jouni Malinen [Mon, 22 Nov 2010 23:05:26 +0000 (01:05 +0200)] 
Report errors from key derivation/configuration

Eventually, these should be acted on, so at least get the return
values passed one layer up.

13 years agoMix in more data to GTK/IGTK derivation
Jouni Malinen [Mon, 22 Nov 2010 22:57:14 +0000 (00:57 +0200)] 
Mix in more data to GTK/IGTK derivation

The example GMK-to-GTK derivation described in the IEEE 802.11 standard
is marked informative and there is no protocol reason for following it
since this derivation is done only on the AP/Authenticator and does not
need to match with the Supplicant. Mix in more data into the derivation
process to get more separation from GMK.

13 years agowlantest: Add per-BSS counters for BIP deauth/disassoc
Jouni Malinen [Sun, 21 Nov 2010 19:50:28 +0000 (21:50 +0200)] 
wlantest: Add per-BSS counters for BIP deauth/disassoc

13 years agowlantest: Add per-STA counter for (Re)AssocResp comeback frames
Jouni Malinen [Sun, 21 Nov 2010 19:24:20 +0000 (21:24 +0200)] 
wlantest: Add per-STA counter for (Re)AssocResp comeback frames

13 years agowlantest: Use helper functions to parse BSS/STA parameters
Jouni Malinen [Sun, 21 Nov 2010 16:18:01 +0000 (18:18 +0200)] 
wlantest: Use helper functions to parse BSS/STA parameters

13 years agowlantest: Add functionality for fetching STA/BSS information
Jouni Malinen [Sun, 21 Nov 2010 16:01:18 +0000 (18:01 +0200)] 
wlantest: Add functionality for fetching STA/BSS information

13 years agowlantest: Derive PMK to existing BSSes when a new passphrase is added
Jouni Malinen [Sun, 21 Nov 2010 11:19:43 +0000 (13:19 +0200)] 
wlantest: Derive PMK to existing BSSes when a new passphrase is added

13 years agowlantest: Fix CCMP header generation to include reserved field
Jouni Malinen [Sun, 21 Nov 2010 11:18:57 +0000 (13:18 +0200)] 
wlantest: Fix CCMP header generation to include reserved field

13 years agowlantest: Add more debugging details for PMK selection
Jouni Malinen [Sun, 21 Nov 2010 11:18:02 +0000 (13:18 +0200)] 
wlantest: Add more debugging details for PMK selection

13 years agowlantest: Show encrypted version on injected frame in debug
Jouni Malinen [Sun, 21 Nov 2010 11:17:35 +0000 (13:17 +0200)] 
wlantest: Show encrypted version on injected frame in debug

13 years agoInclude own MAC address in status info even in non-P2P builds
Jouni Malinen [Sun, 21 Nov 2010 10:35:49 +0000 (12:35 +0200)] 
Include own MAC address in status info even in non-P2P builds

13 years agowlantest: Add history file for wlantest_cli
Jouni Malinen [Sun, 21 Nov 2010 10:09:27 +0000 (12:09 +0200)] 
wlantest: Add history file for wlantest_cli

13 years agoedit: Clear edit line on deinit
Jouni Malinen [Sun, 21 Nov 2010 10:07:29 +0000 (12:07 +0200)] 
edit: Clear edit line on deinit

13 years agoedit: Limit maximum number of history entries to 100
Jouni Malinen [Sun, 21 Nov 2010 10:04:44 +0000 (12:04 +0200)] 
edit: Limit maximum number of history entries to 100

13 years agoedit: Implement history file read/write
Jouni Malinen [Sun, 21 Nov 2010 10:01:50 +0000 (12:01 +0200)] 
edit: Implement history file read/write

13 years agoedit: Fix history prev selection
Jouni Malinen [Sun, 21 Nov 2010 09:49:36 +0000 (11:49 +0200)] 
edit: Fix history prev selection

13 years agoedit: Move history save file specification to caller
Jouni Malinen [Sun, 21 Nov 2010 09:43:09 +0000 (11:43 +0200)] 
edit: Move history save file specification to caller

13 years agoedit: Use struct dl_list for history buffer
Jouni Malinen [Sun, 21 Nov 2010 09:25:34 +0000 (11:25 +0200)] 
edit: Use struct dl_list for history buffer

13 years agoedit: Fix delete_word when not in the end of line
Jouni Malinen [Sat, 20 Nov 2010 21:05:12 +0000 (23:05 +0200)] 
edit: Fix delete_word when not in the end of line

13 years agowlantest: Parse ICMP echo packet and record STA ping success
Jouni Malinen [Sat, 20 Nov 2010 20:34:42 +0000 (22:34 +0200)] 
wlantest: Parse ICMP echo packet and record STA ping success

13 years agowlantest: Ignore built files in git status
Jouni Malinen [Sat, 20 Nov 2010 19:43:49 +0000 (21:43 +0200)] 
wlantest: Ignore built files in git status

13 years agowlantest: Move RX EAPOL processing into its own file
Jouni Malinen [Sat, 20 Nov 2010 19:40:04 +0000 (21:40 +0200)] 
wlantest: Move RX EAPOL processing into its own file

13 years agoedit: Add history buffer search
Jouni Malinen [Sat, 20 Nov 2010 15:55:35 +0000 (17:55 +0200)] 
edit: Add history buffer search

Ctrl-R can now be used to start history search mode.

13 years agoedit: Clean up escape code parser
Jouni Malinen [Sat, 20 Nov 2010 14:59:55 +0000 (16:59 +0200)] 
edit: Clean up escape code parser

13 years agoedit: Split escape code parsing into a separate function
Jouni Malinen [Sat, 20 Nov 2010 13:55:51 +0000 (15:55 +0200)] 
edit: Split escape code parsing into a separate function

This makes edit_read_char() simpler and easier to extend since it
does not need to know anything about the escape codes anymore.

13 years agowlantest: Use proper cmd length in fetching STA list
Jouni Malinen [Sat, 20 Nov 2010 10:43:16 +0000 (12:43 +0200)] 
wlantest: Use proper cmd length in fetching STA list

13 years agoedit: Sort completion list
Jouni Malinen [Sat, 20 Nov 2010 10:41:15 +0000 (12:41 +0200)] 
edit: Sort completion list

13 years agowlantest: Add pre-command completion functions
Jouni Malinen [Sat, 20 Nov 2010 10:35:11 +0000 (12:35 +0200)] 
wlantest: Add pre-command completion functions

This allows the parameters to each command to be completed.

13 years agoedit: Really fix the completion of last character
Jouni Malinen [Sat, 20 Nov 2010 10:27:06 +0000 (12:27 +0200)] 
edit: Really fix the completion of last character

The previous commit broke completion in various places. The proper
way of handling the completion of full word is to verify whether
there are more than one possible match at that point.

13 years agoedit: Fix completion at the last character
Jouni Malinen [Sat, 20 Nov 2010 09:59:04 +0000 (11:59 +0200)] 
edit: Fix completion at the last character

Completion needs to be done even if the full word has been entered.
In addition, fix the space-after-full-word to properly allocate room
for the extra character when completion is used in the middle of the
string.

13 years agoedit: Fix delete word to update current position
Jouni Malinen [Sat, 20 Nov 2010 09:48:00 +0000 (11:48 +0200)] 
edit: Fix delete word to update current position

13 years agoedit: Fix completion of arguments other than the first one
Jouni Malinen [Sat, 20 Nov 2010 09:45:42 +0000 (11:45 +0200)] 
edit: Fix completion of arguments other than the first one

13 years agoedit: Fix Home/End escape codes
Jouni Malinen [Sat, 20 Nov 2010 09:20:48 +0000 (11:20 +0200)] 
edit: Fix Home/End escape codes

13 years agowlantest: Add interactive mode to wlantest_cli
Jouni Malinen [Sat, 20 Nov 2010 08:48:32 +0000 (10:48 +0200)] 
wlantest: Add interactive mode to wlantest_cli

13 years agoedit: Add string completion support on tab
Jouni Malinen [Fri, 19 Nov 2010 22:42:02 +0000 (00:42 +0200)] 
edit: Add string completion support on tab

13 years agowlantest: Do not add new BSS/STA entries based on ctrl commands
Jouni Malinen [Fri, 19 Nov 2010 20:00:10 +0000 (22:00 +0200)] 
wlantest: Do not add new BSS/STA entries based on ctrl commands

Introduce bss_find()/sta_find() as an alternative bss_get()/sta_get()
command that do not allocate new BSS/STA entry if no existing entry
is found.

13 years agowlantest: Add add_passphrase command
Jouni Malinen [Fri, 19 Nov 2010 17:31:55 +0000 (19:31 +0200)] 
wlantest: Add add_passphrase command

This can be used to add a new known passphrase without having to
restart wlantest.

13 years agowlantest: Add command for fetching wlantest version
Jouni Malinen [Fri, 19 Nov 2010 15:45:19 +0000 (17:45 +0200)] 
wlantest: Add command for fetching wlantest version

13 years agowlantest: Add support for injecting (Re)Association Request frames
Jouni Malinen [Fri, 19 Nov 2010 15:09:02 +0000 (17:09 +0200)] 
wlantest: Add support for injecting (Re)Association Request frames

13 years agowlantest: Add support for protecting injected broadcast frames
Jouni Malinen [Fri, 19 Nov 2010 14:48:33 +0000 (16:48 +0200)] 
wlantest: Add support for protecting injected broadcast frames

13 years agowlantest: Add support for injecting Deauth/Disassoc frames
Jouni Malinen [Fri, 19 Nov 2010 14:22:44 +0000 (16:22 +0200)] 
wlantest: Add support for injecting Deauth/Disassoc frames

13 years agowlantest: Update SA Query trans id based on injected frame
Jouni Malinen [Fri, 19 Nov 2010 14:12:46 +0000 (16:12 +0200)] 
wlantest: Update SA Query trans id based on injected frame

This allows the SA Query transaction id matching code to be used
to verify that a valid response is received for the injected
request.

13 years agowlantest: Add support for CCMP protection for injected frames
Jouni Malinen [Fri, 19 Nov 2010 14:09:19 +0000 (16:09 +0200)] 
wlantest: Add support for CCMP protection for injected frames

13 years agoP2P: Add some initial documentation for P2P use
Jouni Malinen [Fri, 19 Nov 2010 11:24:45 +0000 (13:24 +0200)] 
P2P: Add some initial documentation for P2P use

13 years agoP2P: Accept invitations to already running persistent group
Jouni Malinen [Fri, 19 Nov 2010 10:58:31 +0000 (12:58 +0200)] 
P2P: Accept invitations to already running persistent group

We can automatically accept invitations that are for a persistent
group that is already running. There is no need to confirm this
separately or preparare a new group interface.

13 years agoP2P: Stop p2p_find/p2p_listen when Invitation is accepted
Jouni Malinen [Fri, 19 Nov 2010 10:58:03 +0000 (12:58 +0200)] 
P2P: Stop p2p_find/p2p_listen when Invitation is accepted

When an Invitation to reinvoke a persistent group is accepted,
we need to make sure that any pending p2p_find or p2p_listen
operation gets stopped to avoid consuming all radio resources
doing device discovery while the group is being set up.

13 years agoP2P: Do not start multiple copies of same persistent group
Jouni Malinen [Fri, 19 Nov 2010 10:57:36 +0000 (12:57 +0200)] 
P2P: Do not start multiple copies of same persistent group

When running p2p_group_add persistent=<id>, verify whether the
requested group is already running and if so, do not try to
start another copy of it.

13 years agowlantest: Add preliminary infrastructure for injecting frames
Jouni Malinen [Thu, 18 Nov 2010 22:35:13 +0000 (00:35 +0200)] 
wlantest: Add preliminary infrastructure for injecting frames

This adds new commands for wlantest_cli to request wlantest to
inject frames. This version can only send out Authentication
frames and unprotected SA Query Request frames, but there is
now place to add more frames and encryption with future commits.

13 years agowlantest: Add BSS/STA statistics counters
Jouni Malinen [Thu, 18 Nov 2010 17:05:29 +0000 (19:05 +0200)] 
wlantest: Add BSS/STA statistics counters

These counters can be cleared and queried from external programs to
script various testing tasks.

13 years agowlantest: Add flush command for dropping all BSS data
Jouni Malinen [Thu, 18 Nov 2010 15:36:08 +0000 (17:36 +0200)] 
wlantest: Add flush command for dropping all BSS data

13 years agowlantest: Add list_bss and list_sta commands
Jouni Malinen [Thu, 18 Nov 2010 15:17:18 +0000 (17:17 +0200)] 
wlantest: Add list_bss and list_sta commands

These can be used to list the current BSS and STA information
maintained in wlantest.

13 years agowlantest: Fix wlantest_cli dependency to include wlantest library
Jouni Malinen [Thu, 18 Nov 2010 14:27:25 +0000 (16:27 +0200)] 
wlantest: Fix wlantest_cli dependency to include wlantest library

13 years agoP2P: Indicate WPS events from AP mode only during group formation
Jouni Malinen [Thu, 18 Nov 2010 10:42:02 +0000 (12:42 +0200)] 
P2P: Indicate WPS events from AP mode only during group formation

The duplicated WPS event in the parent interface should only be used
during P2P group formation, i.e., when the WPS operation was actually
started using the parent interface. When authorizing a client to
connect to an already running group, the WPS command is issued on
the group interface and there is no need to duplicate the event to
the parent interface.

13 years agoP2P: Make sure wpa_s->global->p2p_group_formation gets cleared
Jouni Malinen [Thu, 18 Nov 2010 10:41:27 +0000 (12:41 +0200)] 
P2P: Make sure wpa_s->global->p2p_group_formation gets cleared

This pointer is now used in number of places to check whether an
interface is in P2P Group Formation, so we better make sure it gets
cleared when group formation has been completed. This was done in
only some of the cases.

13 years agoWPS: Add special AP Setup Locked mode to allow read only ER
Jouni Malinen [Wed, 17 Nov 2010 14:48:39 +0000 (16:48 +0200)] 
WPS: Add special AP Setup Locked mode to allow read only ER

ap_setup_locked=2 can now be used to enable a special mode where
WPS ER can learn the current AP settings, but cannot change then.
In other words, the protocol is allowed to continue past M2, but
is stopped at M7 when AP is in this mode. WPS IE does not
advertise AP Setup Locked in this case to avoid interoperability
issues.

In wpa_supplicant, use ap_setup_locked=2 by default. Since the AP PIN
is disabled by default, this does not enable any new functionality
automatically. To allow the read-only ER to go through the protocol,
wps_ap_pin command needs to be used to enable the AP PIN.

13 years agoWPS: Add wps_ap_pin ctrl_iface command for wpa_supplicant AP mode
Jouni Malinen [Wed, 17 Nov 2010 14:46:55 +0000 (16:46 +0200)] 
WPS: Add wps_ap_pin ctrl_iface command for wpa_supplicant AP mode

This can be used to control the AP PIN in wpa_supplicant AP mode
in the same way as the identical command in hostapd ctrl_iface.

13 years agoP2P: Fix invitation-to-running-group handling
Jouni Malinen [Tue, 16 Nov 2010 13:22:06 +0000 (15:22 +0200)] 
P2P: Fix invitation-to-running-group handling

The pending_invite_ssid_id of -1 (running group, not persistent) was
being stored incorrectly in the group interface, not device interface
(i.e., parent of the group interface) and consequently, the incorrect
information was used when processing the Invitation Response.

If there was a persistent group credentials stored with network id
0, those were used instead to try to set up a persistent group
instead of using the already running group.

13 years agoP2P: Update pending join interface address during scans
Albert Liu [Mon, 15 Nov 2010 14:16:39 +0000 (16:16 +0200)] 
P2P: Update pending join interface address during scans

Since the P2P peer entry may not have been available at the time the
join request was issued, we need to allow the P2P Interface Address
to be updated during join-scans when the P2P peer entry for the GO
may be added.

13 years agoP2P: Allow multiple scan runs to find GO for p2p_connect join
Jouni Malinen [Mon, 15 Nov 2010 14:15:38 +0000 (16:15 +0200)] 
P2P: Allow multiple scan runs to find GO for p2p_connect join

If the GO is not found, we cannot send Provisioning Discovery Request
frame and cannot really connect anyway. Since the Provisioning
Discovery is a mandatory part, it is better to continue join-scan
until the GO is found instead of moving to the next step where
normal connection scan is used (PD would not be used from there).

Use a limit of 10 scan attempts for p2p_connect join to avoid getting
in infinite loop trying to join. If the GO is not found with those
scans, indicate failure (P2P-GROUP-FORMATION-FAILURE) and stop the
join attempt.

13 years agoMove wpa_cli readline integration into src/utils/edit_readline.c
Jouni Malinen [Sun, 14 Nov 2010 20:37:43 +0000 (22:37 +0200)] 
Move wpa_cli readline integration into src/utils/edit_readline.c

All three line editing options are now located in src/utils/edit*.c
and provide the same API to allow easy build time selection.

13 years agowpa_cli: Use edit API as a wrapper for optional readline
Jouni Malinen [Sun, 14 Nov 2010 19:19:35 +0000 (21:19 +0200)] 
wpa_cli: Use edit API as a wrapper for optional readline

13 years agoedit: Redraw input line on ^L
Jouni Malinen [Sun, 14 Nov 2010 19:03:24 +0000 (21:03 +0200)] 
edit: Redraw input line on ^L

13 years agoMove command line editing routines into src/utils/edit*.[ch]
Jouni Malinen [Sun, 14 Nov 2010 18:59:29 +0000 (20:59 +0200)] 
Move command line editing routines into src/utils/edit*.[ch]

This allows the same routines to be shared with other programs
since these are not really specific to wpa_cli.

13 years agowpa_cli: Add internal line edit implementation
Jouni Malinen [Sun, 14 Nov 2010 17:15:23 +0000 (19:15 +0200)] 
wpa_cli: Add internal line edit implementation

CONFIG_WPA_CLI_EDIT=y can now be used to build wpa_cli with internal
implementation of line editing and history support. This can be used
as a replacement for CONFIG_READLINE=y.

13 years agowpa_cli: Replace CONFIG_WPA_CLI_FORK design with eloop
Jouni Malinen [Sun, 14 Nov 2010 11:16:51 +0000 (13:16 +0200)] 
wpa_cli: Replace CONFIG_WPA_CLI_FORK design with eloop

Instead of using a separate process to receive and print event
messages, use a single-process design with eloop to simply
wpa_cli and interaction with readline.

13 years agowpa_cli: Split wpa_cli_interactive() into two versions
Jouni Malinen [Sun, 14 Nov 2010 09:30:19 +0000 (11:30 +0200)] 
wpa_cli: Split wpa_cli_interactive() into two versions

Instead of multiple #ifdef blocks for readline within the function,
use two copies of the functions, one for readline, one without any
readline functionality.

13 years agowlantest: Add control interface and wlantest_cli
Jouni Malinen [Sat, 13 Nov 2010 16:38:19 +0000 (18:38 +0200)] 
wlantest: Add control interface and wlantest_cli

This can be used to manage wlantest operation during run time.

13 years agowlantest: Validate EAPOL-Key reserved fields
Jouni Malinen [Sat, 13 Nov 2010 12:09:40 +0000 (14:09 +0200)] 
wlantest: Validate EAPOL-Key reserved fields

In addition, this handles WPA difference in Key Info for Secure
bit in msg 3/4 and 4/4 (not set, since GTK is not yet available).

13 years agowlantest: Add debug print for ignored group addressed Action frames
Jouni Malinen [Sat, 13 Nov 2010 11:18:09 +0000 (13:18 +0200)] 
wlantest: Add debug print for ignored group addressed Action frames

13 years agowlantest: Validate MMIE KeyID reserved bits
Jouni Malinen [Sat, 13 Nov 2010 11:14:09 +0000 (13:14 +0200)] 
wlantest: Validate MMIE KeyID reserved bits

13 years agowlantest: Validate reserved bits in TKIP/CCMP header
Jouni Malinen [Sat, 13 Nov 2010 11:03:21 +0000 (13:03 +0200)] 
wlantest: Validate reserved bits in TKIP/CCMP header

13 years agowlantest: Verify that TKIP/CCMP frames set ExtIV=1
Jouni Malinen [Sat, 13 Nov 2010 10:54:07 +0000 (12:54 +0200)] 
wlantest: Verify that TKIP/CCMP frames set ExtIV=1

13 years agowlantest: Implement TKIP replay detection
Jouni Malinen [Sat, 13 Nov 2010 10:40:36 +0000 (12:40 +0200)] 
wlantest: Implement TKIP replay detection

13 years agowlantest: Add support for WPA key handshakes
Jouni Malinen [Sat, 13 Nov 2010 09:59:43 +0000 (11:59 +0200)] 
wlantest: Add support for WPA key handshakes

The Key Data field is handled differently in msg 3/4 and 1/2 in WPA,
so add separate code for processing non-RSN case.

13 years agowlantest: Add support for TKIP decryption
Jouni Malinen [Sat, 13 Nov 2010 09:36:37 +0000 (11:36 +0200)] 
wlantest: Add support for TKIP decryption

13 years agowlantest: Use negotiated AKM/cipher to select PMK-to-PTK parameters
Jouni Malinen [Fri, 12 Nov 2010 21:33:42 +0000 (23:33 +0200)] 
wlantest: Use negotiated AKM/cipher to select PMK-to-PTK parameters