wpa_supplicant: Update to Version 0.8.27 from BRCM
- Fix crash during TRUE pbc overlap
- Fix p2p_stop_find event
- Avoid race condition in GO-NEG process if both peers enter
p2p_connect at the same time
- Retry assoc immediately on ASSOC-REJECT. Previously assoc was
retried on authentication timeout (which occurs after 10secs).
Now on assoc reject, we cancel the auth timer and then initiate
a assoc scan.
Jouni Malinen [Fri, 1 Nov 2013 10:52:17 +0000 (12:52 +0200)]
AOSP: Leftover edits from old commit
This came in as a part of the following AOSP commit. The actual
change was since then removed, but the remaining code was not
restored to match the upstream version. This should be reverted.
- Add 'conc_priority' command
- Fix handling a single channel concurrency case: If conc_priority
is not set, advertise the frequency conflict to the framework and
disable the new connection attempted
- When P2P Interface gets removed due to single channel frequency
conflict, show GROUP_REMOVE reason=FREQ_CONFLICT
- Fix sched scan processing
Dongles can be slow to respond and a quick turn around time on packets does
Allow for upto 350ms on retry attempts for provision discovery, negotiation
This will catch slow responses within the first attempt and prevent any kind
with sequence number handling
Author: Jouni Malinen <jouni@qca.qualcomm.com>
Date: Sat Feb 16 19:54:09 2013 +0200
Interworking: Select highest priority cred if multiple matches
Interworking: Select highest priority cred if multiple matches
GAS server: Fix a regression in GAS server callback
hostapd: Fix Max SP Length derivation from QoS Info
nl80211: Configure STA Capabilities and Extended Capabilities
Synchronize with wireless-testing.git include/uapi/linux/nl80211.h
WPS: Fix build without CONFIG_WPS_NFC
WPS: Add support for NFC handover select generation with wpa_supplicant
WPS: Update NFC connection handover documentation
WPS: Add support for config token generation with wpa_supplicant
WPS: Allow password token to be written with nfcpy
WPS: Use pre-configured NFC password token instead of overriding it
TDLS: Pass peer's Capability and Ext Capability info during sta_add
TDLS: Pass peer's HT Capability and QOS information during sta_add
nl80211: Add debug prints for STA add/set operations
TDLS: Fix add/set STA operation
Synchronize with wireless-testing.git include/uapi/linux/nl80211.h
WPS: Allow Device Password to be changed from M1 to M2
WPS: Fix wps_reg nfc-pw option
TDLS: Tear down peers when disconnecting from the AP
P2P: Do not use old scan result data for peer discovery
Use more accurate timestamps for scan results
P2P: Postpone P2P-DEVICE-FOUND if config_methods not known
P2P: Do not allow peer update to clear config_methods
WPS: Report NFC connection handover completion differently
P2P: Avoid concurrent scans during all steps of group formation
P2P: Cancel group formation timeout on group removal (on client)
WPS: Change listen time to match nfcpy default (250 ms)
WPS: Report only the carrier record from NFC to wpa_supplicant
WPS: Fetch only the carrier record from wpa_supplicant for NFC
WPS: Update nfcpy script to support AP mode NFC connection handover
WPS: Add command for fetching carrier record for NFC handover
WPS: Clean up debug prints with nfcpy
WPS: Remove 0.5 sec extra wait from NFC handover with nfcpy
WPS: Use alternating poll/listen for NFC peer discovery with nfcpy
WPS: Configure logging to show nfcpy log message
WPS: Add an example python script for NFC operations with hostapd
hostapd: Do not change HT40 capability due to OBSS scan
dbus: Add missing signal description for WPS (7)
EAP peer: Add Session-Id derivation to more EAP methods
EAP peer: Add Session-Id derivation
EAP-IKEV2 server: Fix invalid memory freeing operation
eap_proxy: Add a dummy implementation for compilation testing
eap_proxy: Add mechanism for allowing EAP methods to be offloaded
Android: Allow setgroups to be overridden from build configuration
P2P: Send p2p_stop_find event on failure to start pending p2p_find
P2P: Fix GO Probe Response IEs when Wi-Fi Display is enabled
Capability matching for 60 GHz band
nl80211: Add ctrl_iface message for AP mode connection rejection
P2P: Allow local configuration to use 5 GHz band 40 MHz channels
Fix BSS RANGE command for no exact id match cases
Sync with main tree commit b8349523e460493fa0b4de36c689595109e45e91
Author: Neeraj Kumar Garg <neerajkg@broadcom.com>
Date: Tue Dec 27 23:21:45 2011 +0200
P2P: Reject p2p_group_add if forced frequency is not acceptable
Sync with main tree commit b8349523e460493fa0b4de36c689595109e45e91
Author: Neeraj Kumar Garg <neerajkg@broadcom.com>
Date: Tue Dec 27 23:21:45 2011 +0200
P2P: Reject p2p_group_add if forced frequency is not acceptable
Sync with main tree commit b8349523e460493fa0b4de36c689595109e45e91
Author: Neeraj Kumar Garg <neerajkg@broadcom.com>
Date: Tue Dec 27 23:21:45 2011 +0200
P2P: Reject p2p_group_add if forced frequency is not acceptable
b2b688d P2P: Fix crash when failed to create GO interface 6197169 WPS NFC: Fix build without CONFIG_AP=y e1ae5d7 SAE: Fix build without CONFIG_AP=y 813e7b3 P2P: Remove group from timeout on PSK failure 5bf9a6c P2P: Add event messages for possible PSK failures on P2P groups eac8dab P2P: Document per-client keys and p2p_remove_client 43c693c P2P: Do not store duplicate PSK entries for the same device f2c5660 P2P: Add a command for removing a client from all groups 01a57fe P2P: Maintain list of per-client PSKs for persistent groups 759fd76 P2P: Select PSK based on Device Address instead of Interface Address 94ddef3 P2P: Make peer's P2P Device Address available to authenticator 52177fb P2P: Store P2P Device Address in per-device PSK records 05766ed P2P: Allow per-device PSK to be assigned 698e921 wpa_cli: Add tab completion for p2p_set field values 0b5fb86 P2P: Stop listen state when listen-only duration is over 02a3e5c wpa_cli: Allow first DISCONNECTED event to be reported cdf8bfa Disallow WEP configuration in WPA network 731ef43 D-Bus: Fix per-iface object unregistration on not existing objects 447969e D-Bus: Do not send network notification for all P2P groups eb32460 Fix switching from EAP-SIM to EAP-AKA/AKA' f2b3f4d P2P: Allow P2P functionality to be disabled per interface 50f4f2a hostapd: Add Automatic Channel Selection (ACS) support 43ee470 P2P: Immediate group removal in GC in case of deauthentication fcf2052 Fix MNC length for Swisscom SIM cards
WFD: Add preliminary WSD request processing and response
This commit does not yet address support for different device roles,
i.e., the same set of subelements are returned regardless of which
role was indicated in the request.
Kenny Root [Wed, 26 Jun 2013 21:57:31 +0000 (14:57 -0700)]
Remove obsolete keystore path
It's not possible to get a raw private key from keystore anymore, so
this would fail every time anyway. Remove it so it doesn't confuse
anyone that looks at this code.
Kenny Root [Wed, 21 Mar 2012 00:00:47 +0000 (17:00 -0700)]
Use keystore ENGINE for private key operations
The new keystore ENGINE is usable to perform private key operations when
we can't get the actual private key data. This is the case when hardware
crypto is enabled: the private key never leaves the hardware.
Subsequently, we need to be able to talk to OpenSSL ENGINEs that aren't
PKCS#11 or OpenSC. This just changes a few #define variables to allow us
to talk to our keystore engine without having one of those enabled and
without using a PIN.
wpa_supplicant: Update to Version 0.8.27 from BRCM
- Fix crash during TRUE pbc overlap
- Fix p2p_stop_find event
- Avoid race condition in GO-NEG process if both peers enter
p2p_connect at the same time
- Retry assoc immediately on ASSOC-REJECT. Previously assoc was
retried on authentication timeout (which occurs after 10secs).
Now on assoc reject, we cancel the auth timer and then initiate
a assoc scan.
- Allow AP_SME support
- Do not send disassoc after EAP failure since AP_SME is enabled
and del_station will be called
- Allow group idle timeout to run during WPS disconnect
wpa_supplicant crashes if driver configuration for AP mode interface
configuration fails after group negotiation. This is because of a
regression from commit 1075b2957169d8f9d6dddd7679339c751dc9515b that
ends up freeing the wpa_s instance from within
wpa_supplicant_create_ap() without the caller knowing.
Fix this by using an eloop timeout to free remove the P2P group so that
wpa_supplicant_create_ap() and especially wpa_supplicant_associate()
callers do not need to know about interface getting possibly removed. In
addition, move the P2P specific code into p2p_supplicant.c where it
really belongs. This allows the already existing group formation timeout
to be used by reducing the timeout to zero.
tests: Check wpa_supplicant connection after reset
Some test runs have resulted in wpa_supplicant being unresponsive or
very slow on the control interface. Check for that type of issues as
part of the reset sequence that is done between each test case.
Avoid potential issues with removing a P2P group on PSK failure directly
from the wpa_supplicant_event() call since the caller (in driver_*.c)
may not be prepared for the interface disappearing at that point in
time.
P2P: Add event messages for possible PSK failures on P2P groups
It is possible for the GO of a persistent group to change the PSK or
remove a client when per-client PSKs are used and this can happen
without the SSID changing (i.e., the group is still valid, but just not
for a specific client). If the client side of such persistent group ends
up trying to use an invalidated persistent group information, the
connection will fail in 4-way handshake. A new WPS provisioning step is
needed to recover from this.
Detect this type of case based on two 4-way handshake failures when
acting as a P2P client in a persistent group. A new
"P2P-PERSISTENT-PSK-FAIL id=<persistent group id>" event is used to
indicate when this happens. This makes it easier for upper layers to
remove the persistent group information with "REMOVE_NETWORK <persistent
group id>" if desired (e.g., based on user confirmation).
In addition to indicating the error cases for persistent groups, all
this type of PSK failures end up in the client removing the group with
the new reason=PSK_FAILURE information in the P2P-GROUP-REMOVED event.
P2P: Add a command for removing a client from all groups
The new control interface command P2P_REMOVE_CLIENT <P2P Device
Address|iface=Address> can now be used to remove the specified client
from all groups (ongoing and persistent) in which the local device is a
GO. This will remove any per-client PSK entries and deauthenticate the
device.
P2P: Maintain list of per-client PSKs for persistent groups
Record all generated per-client PSKs in the persistent group network
block and configure these for the GO Authenticator whenever re-starting
the persistent group. This completes per-client PSK support for
persistent groups.
P2P: Select PSK based on Device Address instead of Interface Address
When using per-device PSKs, select the PSK based on the P2P Device
Address of the connecting client if that client is a P2P Device. This
allows the P2P Interface Address to be changed between P2P group
connections which may happen especially when using persistent groups.
P2P: Store P2P Device Address in per-device PSK records
This makes the P2P Device Address of the Enrollee available with the PSK
records to allow P2P Device Address instead of P2P Interface Address to
be used for finding the correct PSK.
"wpa_cli p2p_set per_sta_psk <0/1>" can now be used to disable/enable
use of per-device PSKs in P2P groups. This is disabled by default.
When enabled, a default passphrase is still generated by the GO for
legacy stations, but all P2P and non-P2P devices using WPS will get
a unique PSK.
This gives more protection for the P2P group by preventing clients from
being able to derive the unicast keys used by other clients. This is
also a step towards allowing specific clients to be removed from a group
reliably without having to tear down the full group to do so.
P2P: Stop listen state when listen-only duration is over
Even after listen duration is over, P2P module remained in
P2P_LISTEN_ONLY state, which is blocking station mode scans. Fix this by
stopping P2P listen explicitly to update p2p_state to IDLE when listen
duration expires.
Jouni Malinen [Sat, 31 Aug 2013 14:59:16 +0000 (17:59 +0300)]
tests: Make test_autogo validate group removal event on client
Use test_autogo to verify that P2P client is able to notice explicit
group session termination message from the GO. This would have caught
the regression in processing P2P deauthentication notifications.
Jouni Malinen [Sat, 31 Aug 2013 14:27:20 +0000 (17:27 +0300)]
wpa_cli: Allow first DISCONNECTED event to be reported
wpa_cli filters out extra DISCONNECTED events from action scripts. This
ended up filtering out the first real DISCONNECT event in case wpa_cli
was started when wpa_supplicant was in connected state. Change wpa_cli
to allow the first disconnection event to be reported to the action
script in such case.
Jouni Malinen [Sat, 31 Aug 2013 14:18:45 +0000 (17:18 +0300)]
Disallow WEP configuration in WPA network
Some drivers fail to work if WEP keys are configured in a WPA network.
To avoid potentially confusing error cases, reject hostapd configuration
that enables WPA and includes parameters that would imply that WEP keys
would be set.
Jouni Malinen [Sat, 31 Aug 2013 13:44:42 +0000 (16:44 +0300)]
D-Bus: Do not send network notification for all P2P groups
Previously, network added event was skipping during group formation.
However, this did not necessarily catch all cases of temporary P2P
network blocks. Check ssid->p2p_group to make this behavior more
consistent by avoiding all P2P groups.
Sreenath Sharma [Sat, 31 Aug 2013 08:59:05 +0000 (11:59 +0300)]
P2P: Allow P2P functionality to be disabled per interface
By default, P2P is initialized for all driver interfaces and this makes
P2P getting initialized for non-P2P station interface if the supplicant
is started first on this interface. If an interface is dedicated for
non-P2P station mode, it is now possible to disable P2P initialization
by adding 'p2p_disabled=1' in the configuration file of non-P2P station
interface, irrespective of the order in which supplicant is started.
Jouni Malinen [Sat, 31 Aug 2013 08:54:23 +0000 (11:54 +0300)]
tests: Use longer timeout in test_ap_wps_er_add_enrollee
This is another one of the test cases that can time out frequently
under valgrind during WPS exchange. Increase the timeout to make
false error reports less likely to occur.
Sreenath Sharma [Sat, 31 Aug 2013 08:11:41 +0000 (11:11 +0300)]
P2P: Immediate group removal in GC in case of deauthentication
Right now in case of deauthentication from GO, immediate group removal will
happen in GC only if the deauthentication packet has a valid IE. However,
the IE in deauthentication packet is mandated only for managed P2P group.
So in normal P2P group the group removal is delayed and will happen later
only in group idle timeout.
This fixes a regression from commit d7df0fa727a2a79d7b22df6c68961220349ab2e3 that changed the previous check
for data->deauth_info != NULL to data->deauth_info->ie != NULL.
Swisscom SIM cards do not include MNC length within EF_AD, and end up
using incorrect MNC length based on the 3-digit default. Hardcode MNC
length of 2 for Switzerland, in the same manner as it was done for
Finland.
Signed-hostap: Andrejs Cainikovs <andrejs.cainikovs@sonymobile.com>
Jouni Malinen [Sat, 31 Aug 2013 07:45:03 +0000 (10:45 +0300)]
tests: Increase WPS timeout to 30 seconds
Number of crypto operations seem to take very long time in the valgrind
tests (about five seconds for public key generation for M1 and M2 on a
virtual server) and this is enough to push the test runs to hit the
timeout frequently even when there is no real error. Make this less
frequent by increasing WPS test case timeout from 15 to 30 seconds to
avoid issues based on the test scripts.
Jouni Malinen [Sat, 31 Aug 2013 07:33:44 +0000 (10:33 +0300)]
tests: Increase P2P group formation timeout to 20 seconds
Number of crypto operations seem to take very long time in the valgrind
tests (about five seconds for passphrase to PSK mapping and for public
key generation for M1 and M2 on a virtual server) and this is enough to
push the test runs to hit the timeout frequently even when there is no
real error. Make this less frequent by increasing group formation
timeout from 15 to 20 seconds to avoid issues based on the test scripts
(15 + config time seconds timeout in the protocol may still kick in,
though).
Jouni Malinen [Tue, 27 Aug 2013 13:26:33 +0000 (16:26 +0300)]
IBSS RSN: Add a timeout for Authentication frame exchange
It is possible for the peer device not to support Authentication frame
exchange even though this would be required functionality in the
standard. Furthermore, either Authentication frame may be lost. To
recover from cases where Authentication frame sequence 2 is not
received, start EAPOL Authenticator from one second timeout.
Jouni Malinen [Tue, 27 Aug 2013 13:01:04 +0000 (16:01 +0300)]
tests: Wait for hostapd/wpa_supplicant to reply at start (concurrent)
Instead of waiting for a fixed duration, poll hostapd/wpa_supplicant
through the control interface until they are ready to reply in order to
avoid starting test case execution too early. This is like commit b76579e0c09a1a763b70d63613377b407cbc405f but for the concurrent P2P test
cases that were forgotten from that commit.
Jouni Malinen [Tue, 27 Aug 2013 09:23:10 +0000 (12:23 +0300)]
P2P: Postpone concurrent scans when waiting for first client as GO
Previously, concurrent station mode scans were postponed during an
ongoing P2P group formation up to the point of completed WPS
provisioning step. This would allow a scan to be started before the P2P
client has completed association for the data connection if a scan
request were timed to hit the window between the provisioning step and
the following association. Avoid this by extending P2P-in-progress state
to continue until the first data connection has been completed as part
of group formation. Use a ten second timeout for this to avoid leaving
scans disabled indefinitely if the client fails to connect completely.
Jouni Malinen [Tue, 27 Aug 2013 00:11:02 +0000 (03:11 +0300)]
tests: Detect BSSID mismatch in test_ibss_rsn
It looks like mac80211 does not always manage to join the same IBSS and
this can result in test_ibss_rsn failures. Detect this case and try to
get the IBSSes to merge by running a scan prior to continuing with the
test case.
Jouni Malinen [Mon, 26 Aug 2013 23:54:35 +0000 (02:54 +0300)]
IBSS RSN: Work around Data RX vs. Authentication RX race condition
It is possible for the driver to report EAPOL frame RX before
Authentication frame RX even if the frames arrived in the opposite
order. This can result in issues in cases where both IBSS peers initiate
Authentication frame exchange at about the same time and one of the
EAPOL sessions is started before processing Authentication frame seq=1
RX. Work around this by not re-initializing EAPOL state on
Authentication (SEQ=1) RX if own Authentication frame was transmitted
within last 500 ms.
Jouni Malinen [Mon, 26 Aug 2013 23:00:39 +0000 (02:00 +0300)]
tests: Wait for all 4-way handshake pairs in test_ibss_rsn
The handshake between STA2 and STA1 was not tracked previously. For
completeness, include that in the list of handshakes that are explicitly
waited for to complete prior to starting the connectivity tests. Since
all key setup should be done at this point, remove the extra wait before
the last connectivity test between STA1 and STA2.
It looks like there may not be enough time to complete this test case in
15 seconds under valgrind on a virtual host every time, so increase the
timeout to 30 seconds to get more consistent test results.
Jouni Malinen [Mon, 26 Aug 2013 13:47:15 +0000 (16:47 +0300)]
tests: Wait for hostapd/wpa_supplicant to reply at start
Instead of waiting for a fixed duration, poll hostapd/wpa_supplicant
through the control interface until they are ready to reply in order to
avoid starting test case execution too early.
Jouni Malinen [Mon, 26 Aug 2013 13:38:13 +0000 (16:38 +0300)]
tests: Kill hostapd/wpa_supplicant more forcefully if needed
Try to make sure new testing can be started by forcing
hostapd/wpa_supplicant to be killed with SIGKILL if needed. In addition,
wait a bit longer when killing the processes to avoid issues with the
next test run starting before the old one has been fully terminated.
Jouni Malinen [Mon, 26 Aug 2013 11:16:31 +0000 (14:16 +0300)]
P2P: Update peer operating channel from GO Negotiation Confirm
If the device that sends the GO Negotiation Confirm becomes the GO, it
may change its operating channel preference between GO Negotiation
Request and Confirm messages based on the channel list received from us.
Previously, the peer operating channel preference was not updated in
such a case and this could result in the initial scans after GO
Negotiation using incorrect operating channel and as such, extra delay
in the connection process. Fix this by updating the operating channel
information from GO Negotiation Confirm in cases where the peer becomes
the GO.
Jouni Malinen [Mon, 26 Aug 2013 11:10:23 +0000 (14:10 +0300)]
P2P: Use the first pref_chan entry as operating channel preference
If there are no higher priority preference for the operating channel,
use the first pref_chan entry as the operating channel preference over
the pre-configured channel which is not really a good indication of
preference. This changes the behavior for GO Negotiation Request frame
operating channel preference value in cases where p2p_pref_chan list is
set.
Jouni Malinen [Mon, 26 Aug 2013 10:35:44 +0000 (13:35 +0300)]
P2P: Add GO negotiation results into the P2P-GO-NEG-SUCCESS event
This provides status information about the negotiated group to
wpa_supplicant control interface monitors during group formation in a
form that is easier to use than having to fetch the information
separately.
Jouni Malinen [Mon, 26 Aug 2013 08:46:21 +0000 (11:46 +0300)]
Replace perror() with wpa_printf(strerror) in ctrl_iface calls
This replaces number of perror() calls with wpa_printf() to get the
error messages embedded within rest of the debug messages in the same
stream instead of pushing these to stderr which may get directed to
another location.
Jouni Malinen [Mon, 26 Aug 2013 08:28:32 +0000 (11:28 +0300)]
tests: Stop valgrind.bin regardless of which option is started
The previous design of having to provide valgrind parameter to
stop-wifi.sh did not work since the new test setup may no match the
previous one. Instead of trying to figure out what needs to be stopped
based on previous run, stop all wpa_supplicant/hostapd processes running
under valgrind unconditionally to avoid cases where new set of processes
cannot be started due to existing processed.
Jouni Malinen [Sun, 25 Aug 2013 20:10:37 +0000 (23:10 +0300)]
tests: Use more enforced order for the RSN IBSS steps
test_ibss_rsn has been failing pretty frequently due to various issues
in getting all connections up. Try to address this initially by avoiding
concurrent operations and explicitly waiting for 4-way handshake
completion before testing data connection. Once this test case is
workign more robustly, a more difficult case with concurrent operations
can be added as a separate test case.
Jouni Malinen [Sun, 25 Aug 2013 17:53:58 +0000 (20:53 +0300)]
Add STATUS command to global control interface
This provides global status information that is applicable to all
interfaces (e.g., P2P state). In addition, ifname/address pairs are
listed to get information of all the interfaces that are currently
managed through this wpa_supplicant instance.
Jouni Malinen [Sun, 25 Aug 2013 17:35:19 +0000 (20:35 +0300)]
Add SET command for global control interface
This allows global parameters to be set through the global control
interface without having to use IFNAME prefix. For now, this covers
only the wifi_display parameter.
Jouni Malinen [Sun, 25 Aug 2013 16:46:57 +0000 (19:46 +0300)]
Clear EAPOL supplicant configuration info on current_ssid changes
There were some code paths that allowed obsolete configuration data
pointer to be maintained within EAPOL supplicant in case a network was
removed while not connection to it (i.e., wpa_s->current_ssid not
pointing to the network that was removed). This could result in use of
freed memory, e.g., from eap_sm_notify_ctrl_attached() when a new
control interface connected prior to the EAPOL supplicant configuration
pointer got updated.
projects / thirdparty / hostap.git / log
