Ben Greear [Sun, 3 Feb 2013 11:51:54 +0000 (13:51 +0200)]
hostapd: Fix crash when scan fails
When scan failed, the wpa_driver_nl80211_scan method tried
to recursively call itself, but it passed in the wrong argument
for the void*, and so then it crashed accessing bad memory.
With this fix, hostapd still will not retry the scan later, but
at least it will exit cleanly and won't polute the file system
with core files.
Signed-off-by: Ben Greear <greearb@candelatech.com>
Sunil Dutt [Tue, 22 Jan 2013 12:09:54 +0000 (14:09 +0200)]
TDLS: Disable the link also on driver request for teardown
The link was not disabled for the case of implicit trigger from the
driver unlike in the case of explicit trigger fromc ctrl_iface. Make the
tear down sequences match in these cases by adding the TDLS_DISABLE_LINK
tdls_oper to the driver when processing the TDLS_REQUEST_TEARDOWN event.
Jouni Malinen [Thu, 17 Jan 2013 14:22:41 +0000 (16:22 +0200)]
wlantest: Add radiotap header when re-writing DLT_IEEE802_11 file
When using DLT_IEEE802_11 datalink type in a pcap file, wlantest will now
add a radiotap header to the re-written pcap file to make sure all frames
in the output file will include the radiotap header.
Jouni Malinen [Thu, 17 Jan 2013 10:55:30 +0000 (12:55 +0200)]
wlantest: Add -F option for assuming FCS is included
When using DLT_IEEE802_11 datalink type in a pcap file, wlantest can now
be instructed to assume there is an FCS included in the frame by adding
the new -F command line argument. This will make wlantest validate the
FCS and strip it from the frame before processing.
Pavan Kumar [Tue, 15 Jan 2013 09:52:20 +0000 (11:52 +0200)]
P2P: Send P2P-FIND-STOPPED event in the new continue-search states
The P2P-FIND-STOPPED event was sent only in the P2P_SEARCH state, but
this needs to be send also in the new continue-search-when-ready states
P2P_CONTINUE_SEARCH_WHEN_READY and P2P_SEARCH_WHEN_READY for consistent
behavior.
Jouni Malinen [Sat, 12 Jan 2013 07:54:54 +0000 (09:54 +0200)]
nl80211: Add MFP information for NL80211_CMD_CONNECT
This was previously included only with NL80211_CMD_ASSOCIATE, but the
information is as useful (if not even more useful) for
NL80211_CMD_CONNECT. It should be noted that cfg80211 does not yet use
this attribute with NL80211_CMD_CONNECT, but that can be added easily.
Sunil Dutt [Wed, 9 Jan 2013 14:05:18 +0000 (16:05 +0200)]
P2P: Use the same Dialog Token value for every GO Negotiation retry
Each GO Negotiation Request is (re)tried with an unique dialog token and
a GO Negotiation Response / Confirmation from the peer with a mismatched
dialog token is ignored which could result in a failure in this group
formation attempt. Thus, the P2P device would continue retrying the GO
Negotiation Request frames till the GO Negotiation Response frame with a
matching dialog token is received. To avoid the failures due to the
dialog token mismatch in retry cases if the peer is too slow to reply
within the timeout, the same dialog token value is used for every retry
in the same group formation handshake.
It should be noted that this can result in different contents of the GO
Negotiation Request frame being sent with the same dialog token value
since the tie breaker bit in GO Intent is still toggled for each
attempt. The specification is not very clear on what would be the
correct behavior here. Tie breaker bit is not updated on
"retransmissions", but that is more likely referring to the layer 2
retransmission and not the retry at higher layer using a new MMPDU.
Jouni Malinen [Sun, 6 Jan 2013 17:26:27 +0000 (19:26 +0200)]
SAE: Move temporary data into a separate data structure
This allows even more memory to be freed when the SAE instance enters
Accepted state. This leaves only the minimal needed memory allocated
during the association which is especially helpful for the AP
implementation where multiple stations may be associated concurrently.
Jouni Malinen [Sun, 6 Jan 2013 15:34:05 +0000 (17:34 +0200)]
SAE: Validate peer commit values as part of parsing the message
There is no need to postpone this validation step to a separate
processing operation for the commit message, so move the minimal
validation tasks into the parsing functions.
Jouni Malinen [Sun, 6 Jan 2013 11:22:44 +0000 (13:22 +0200)]
Add Diffie-Hellman group definitions for MODP groups in RFC 5114
The groups 22, 23, and 24 are not based on a safe prime and generate a
prime order subgroup. As such, struct dh_group is also extended to
include the order for previously defined groups (q=(p-1)/2 since these
were based on a safe prime).
Jouni Malinen [Sat, 5 Jan 2013 19:22:00 +0000 (21:22 +0200)]
SAE: Add support for FFC groups
This allows FFC groups to be used with SAE. Though, these groups are not
included in the default sae_groups value based on what is available
since the FFC groups have the additional requirement of using a safe
prime with the current implementation (or specification of the group
order).
Jouni Malinen [Fri, 4 Jan 2013 10:19:02 +0000 (12:19 +0200)]
Allow AP mode deauth/disassoc reason code to be overridden
The optional "reason=<reason code>" parameter to the ctrl_iface
deauthenticate and disassociate commands can now be used to change the
reason code used in the disconnection frame. This can be used, e.g., by
P2P GO to disconnect a single P2P client from the group by sending it an
indication of the group getting terminated (Deauthentication frame with
reason code 3). It needs to be noted that the peer device is still in
possession on the PSK, so it can still reconnect to the group after this
if it does not follow the group termination indication.
Jouni Malinen [Tue, 1 Jan 2013 18:35:10 +0000 (20:35 +0200)]
Extra validation to keep static analyzers happy
Use of two variables to track bounds checking seems to be a bit too much
for some static analyzers, so add an extra condition for buffer padding
to avoid incorrect warnings.
Jouni Malinen [Tue, 1 Jan 2013 18:30:17 +0000 (20:30 +0200)]
WPS: Verify wpa_config_set() return value more consistently
Even though this command is very unlikely to fail, in theory, it could
and the WPS connection would fail in such a case. Return more clearer
failure indication in such a case without even trying to start
reassociation.
Jouni Malinen [Tue, 1 Jan 2013 18:26:20 +0000 (20:26 +0200)]
Use more explicit way of copying pointer value to a buffer
The code initializing GMK Counter uses the group pointer value as extra
entropy and to distinguish different group instances. Some static
analyzers complain about the sizeof(pointer) with memcpy, so use a more
explicit type casting to make it more obvious what the code is doing.
Jouni Malinen [Tue, 1 Jan 2013 14:23:47 +0000 (16:23 +0200)]
SAE: Allow enabled groups to be configured
hostapd.conf sae_groups parameter can now be used to limit the set of
groups that the AP allows for SAE. Similarly, sae_groups parameter is
wpa_supplicant.conf can be used to set the preferred order of groups. By
default, all implemented groups are enabled.
Jouni Malinen [Tue, 1 Jan 2013 12:00:40 +0000 (14:00 +0200)]
SAE: Add support for ECC group 21 (521-bit random ECP group)
In addition to the trivial change in adding the new group ientifier,
this required changes to KDF and random number generation to support
cases where the length of the prime in bits is not a multiple of eight.
The binary presentation of the value needs to be shifted so that the
unused most significant bits are the zero padding rather than the extra
bits in the end of the array.
Jouni Malinen [Mon, 31 Dec 2012 14:58:36 +0000 (16:58 +0200)]
SAE: Add support for Anti-Clogging mechanism
hostapd can now be configured to use anti-clogging mechanism based on
the new sae_anti_clogging_threshold parameter (which is
dot11RSNASAEAntiCloggingThreshold in the standard). The token is
generated using a temporary key and the peer station's MAC address.
wpa_supplicant will re-try SAE authentication with the token included if
commit message is rejected with a token request.
Jouni Malinen [Mon, 31 Dec 2012 09:20:04 +0000 (11:20 +0200)]
SAE: Do not allow re-use of peer-scalar in a new protocol instance
IEEE Std 802.11-2012, 11.3.8.6.1: If there is a protocol instance for
the peer and it is in Authenticated state, the new Commit Message
shall be dropped if the peer-scalar is identical to the one used in
the existing protocol instance.
The PMKSA cache expiration timer was not actually ever initialized since
the only place for registering the timeout was in the timeout handler.
Fix this by initializing the timer whenever a new PMKSA cache entry is
added to the beginning of the list (i.e., when it was the first entry or
expires before the entry that was previously going to expire first).
[Bug 393]
Jouni Malinen [Sat, 12 Jan 2013 15:01:54 +0000 (17:01 +0200)]
Fix EAPOL frame sending to non-QoS STAs
Commit 4378fc14ebfb355705e7674bf347ea659bcd77bc started using QoS Data
frames for QoS STAs. It used the correct flags value for WPA/RSN
EAPOL-Key frames, but wrong flags for IEEE 802.1X EAPOL frames. The
WPA_STA_WMM value used in driver_nl80211.c happens to be identical to
WLAN_STA_ASSOC in sta->flags and this makes driver_nl80211.c try to use
QoS header for all STAs. Fix this by properly converting the flags from
WLAN_STA_* to WPA_STA_*. [Bug 426]
Jouni Malinen [Sat, 12 Jan 2013 10:39:27 +0000 (12:39 +0200)]
eapol_test: Allow full RADIUS attribute length to be used
The -N and -C command line parameters can be used to add arbitrary
RADIUS attributes to the messages. However, these were truncated to
about 128 bytes when the actually message was constructed. Fix this by
using larger buffers to allow the maximum attribute length (253 octets
of payload) to be used. [Bug 458]
Janusz Dziedzic [Sat, 12 Jan 2013 08:23:45 +0000 (10:23 +0200)]
wpa_supplicant: Save frequency configuration parameter
In case of wpa_supplicant IBSS and AP modes after we will call wpa_cli
save command we should also save configured frequency. In other case
after wpa_supplicant restart we have frequency = 0 and AP start will
fail.
Signed-hostap: Janusz Dziedzic <janusz.dziedzic@tieto.com>
Jouni Malinen [Tue, 8 Jan 2013 13:45:05 +0000 (15:45 +0200)]
EAP-AKA server: Fix fallback to full auth
Commit 68a41bbb44ac78087076ce65e6c1803d036bc4a2 broke fallback from
reauth id to fullauth id by not allowing a second AKA/Identity round to
be used after having received unrecognized reauth_id in the first round.
Fix this by allowing fullauth id to be requested in such a case.
Sunil Dutt [Tue, 8 Jan 2013 11:12:34 +0000 (13:12 +0200)]
P2P: Use the same Dialog Token value for every PD retry
Commit 175171ac6c3f2bb501897237d559de0fedfd992e ensured that the PD
requests are retried in join-a-running group case and the Enrollee is
started on either receiving the PD response or after the retries. Each
PD request is retried with an unique dialog token and a PD response from
the GO with a mismatched dialog token is ignored. Thus, the P2P client
would continue retrying the PD requests till the response with a
matching dialog token is obtained. This would result in the GO getting
multiple PD requests and a corresponding user notification (POP UP) in
implementations where each PD request results in a POP UP, resulting in
a bad user experience. To avoid such behavior, the same dialog token
value is used for every retry in the same PD exchange.
Jouni Malinen [Mon, 7 Jan 2013 22:34:08 +0000 (00:34 +0200)]
nl80211: Restore previous nlmode if set_freq for AP mode fails
wpa_driver_nl80211_ap() returned error if set_freq failed, but left the
previously set nlmode to GO/AP. While this should not be issue for most
purposes, it leaves the interface in somewhat unexpected state and could
potentially affect operations prior to next connection attempt. Address
this by restoring the previous nlmode if AP mode cannot be started for
some reason.
Jouni Malinen [Mon, 7 Jan 2013 16:44:46 +0000 (18:44 +0200)]
Interworking: Do not schedule new scan if process is terminating
The GAS query compilation callback may happen after the wpa_supplicant
process has been requested to terminate. Avoid scheduling a new eloop
timeout for a scan in such a case.
Jouni Malinen [Mon, 7 Jan 2013 16:41:51 +0000 (18:41 +0200)]
Interworking: Do not share ANQP info if none was received
Verify that the other BSS has actually received some valid ANQP
information before sharing the results from it. This fixes potential
issues with cases where some of the APs with the same HESSID has invalid
ANQP configuration.
Jouni Malinen [Mon, 7 Jan 2013 16:38:09 +0000 (18:38 +0200)]
Interworking: Continue ANQP fetch after TX failure
If the driver rejected any of the offchannel Action frame TX requests,
the previous implementation terminated ANQP fetch process. While the
driver should not really reject the request normally, it is possible
that a request gets rejected for some reason. Allow the fetch process to
continue with the next AP in such case to avoid breaking networking
selection. This could result, e.g., in auto_interworking=1 process
failing to connect if any the driver rejects requests to any of the APs
in the scan result even if some other APs provided suitable information.
projects / thirdparty / hostap.git / log
