Cumulative patch from commit 3f56a2b7460a57a2b68b48b936be134bf04aa36d (DO NOT MERGE)
3f56a2b Ignore pmf=1 default if driver does not support PMF
fa38860 nl80211: Fix build with libnl 1.1
937403b Update copyright notices for the new year 2015
399e613 Add Suite B AKMs to key_mgmt capability list
5e3b519 Add Suite B 192-bit AKM
97ae35a Add HMAC-SHA384
98cd3d1 Preparations for variable length KCK and KEK
30bff1d Extend AES-CMAC routines to support 256-bit keys
86f9b1c nl80211: Fix default group key management index configuration
b5f045d Show supported group_mgmt capabilities
893e152 Interworking: More debug messages
f45bae5 Interworking: Add logging to track nai_realm_find_eap failures
5a5aab7 Interworking: Remove unnecessary NULL check
400de9b hostapd: Debug messages for dodgy RADIUS servers
ad905e4 wpa_gui: Sort frequency and signal numerically in the scan results dialog
c35e35e Add passive_scan configuration parameter
bff162a P2P: Fix NULL pointer dereference with SD query cancellation
630b323 nl80211: Increase netlink receive buffer size
Change-Id: I32d4bd934ad76e24c646e9925bb839b1ba2a148e
Signed-off-by: Dmitry Shmidt <dimitrysh@google.com>
diff --git a/wpa_supplicant/Android.mk b/wpa_supplicant/Android.mk
index 512918b..96a969e 100644
--- a/wpa_supplicant/Android.mk
+++ b/wpa_supplicant/Android.mk
@@ -189,6 +189,11 @@
NEED_AES_OMAC1=y
endif
+ifdef CONFIG_SUITEB192
+L_CFLAGS += -DCONFIG_SUITEB192
+NEED_SHA384=y
+endif
+
ifdef CONFIG_IEEE80211W
L_CFLAGS += -DCONFIG_IEEE80211W
NEED_SHA256=y
@@ -1237,6 +1242,9 @@
endif
OBJS += $(SHA256OBJS)
endif
+ifdef NEED_SHA384
+L_CFLAGS += -DCONFIG_SHA384
+endif
ifdef NEED_DH_GROUPS
OBJS += src/crypto/dh_groups.c
diff --git a/wpa_supplicant/Makefile b/wpa_supplicant/Makefile
index 9e1ffc8..21486c4 100644
--- a/wpa_supplicant/Makefile
+++ b/wpa_supplicant/Makefile
@@ -192,6 +192,11 @@
NEED_AES_OMAC1=y
endif
+ifdef CONFIG_SUITEB192
+CFLAGS += -DCONFIG_SUITEB192
+NEED_SHA384=y
+endif
+
ifdef CONFIG_IEEE80211W
CFLAGS += -DCONFIG_IEEE80211W
NEED_SHA256=y
@@ -1250,6 +1255,9 @@
endif
OBJS += $(SHA256OBJS)
endif
+ifdef NEED_SHA384
+CFLAGS += -DCONFIG_SHA384
+endif
ifdef NEED_DH_GROUPS
OBJS += ../src/crypto/dh_groups.o
diff --git a/wpa_supplicant/README b/wpa_supplicant/README
index 653848e..f9c65d2 100644
--- a/wpa_supplicant/README
+++ b/wpa_supplicant/README
@@ -1,7 +1,7 @@
WPA Supplicant
==============
-Copyright (c) 2003-2014, Jouni Malinen <j@w1.fi> and contributors
+Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi> and contributors
All Rights Reserved.
This program is licensed under the BSD license (the one with
diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
index 5d7a063..1ffc2dc 100644
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
@@ -1,6 +1,6 @@
/*
* WPA Supplicant / Configuration parser and common functions
- * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -678,8 +678,14 @@
else if (os_strcmp(start, "OSEN") == 0)
val |= WPA_KEY_MGMT_OSEN;
#endif /* CONFIG_HS20 */
+#ifdef CONFIG_SUITEB
else if (os_strcmp(start, "WPA-EAP-SUITE-B") == 0)
val |= WPA_KEY_MGMT_IEEE8021X_SUITE_B;
+#endif /* CONFIG_SUITEB */
+#ifdef CONFIG_SUITEB192
+ else if (os_strcmp(start, "WPA-EAP-SUITE-B-192") == 0)
+ val |= WPA_KEY_MGMT_IEEE8021X_SUITE_B_192;
+#endif /* CONFIG_SUITEB192 */
else {
wpa_printf(MSG_ERROR, "Line %d: invalid key_mgmt '%s'",
line, start);
@@ -856,6 +862,7 @@
}
#endif /* CONFIG_HS20 */
+#ifdef CONFIG_SUITEB
if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B) {
ret = os_snprintf(pos, end - pos, "%sWPA-EAP-SUITE-B",
pos == buf ? "" : " ");
@@ -865,6 +872,19 @@
}
pos += ret;
}
+#endif /* CONFIG_SUITEB */
+
+#ifdef CONFIG_SUITEB192
+ if (ssid->key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
+ ret = os_snprintf(pos, end - pos, "%sWPA-EAP-SUITE-B-192",
+ pos == buf ? "" : " ");
+ if (os_snprintf_error(end - pos, ret)) {
+ end[-1] = '\0';
+ return buf;
+ }
+ pos += ret;
+ }
+#endif /* CONFIG_SUITEB192 */
if (pos == buf) {
os_free(buf);
@@ -4129,6 +4149,7 @@
{ INT(rand_addr_lifetime), 0 },
{ INT(preassoc_mac_addr), 0 },
{ INT(key_mgmt_offload), 0},
+ { INT(passive_scan), 0 },
};
#undef FUNC
diff --git a/wpa_supplicant/config.h b/wpa_supplicant/config.h
index eeb4ba7..6adf1eb 100644
--- a/wpa_supplicant/config.h
+++ b/wpa_supplicant/config.h
@@ -1137,6 +1137,18 @@
* By default: 300 seconds.
*/
int mesh_max_inactivity;
+
+ /**
+ * passive_scan - Whether to force passive scan for network connection
+ *
+ * This parameter can be used to force only passive scanning to be used
+ * for network connection cases. It should be noted that this will slow
+ * down scan operations and reduce likelihood of finding the AP. In
+ * addition, some use cases will override this due to functional
+ * requirements, e.g., for finding an AP that uses hidden SSID
+ * (scan_ssid=1) or P2P device discovery.
+ */
+ int passive_scan;
};
diff --git a/wpa_supplicant/config_file.c b/wpa_supplicant/config_file.c
index 9c9685a..33af428 100644
--- a/wpa_supplicant/config_file.c
+++ b/wpa_supplicant/config_file.c
@@ -1227,6 +1227,9 @@
if (config->mesh_max_inactivity != DEFAULT_MESH_MAX_INACTIVITY)
fprintf(f, "mesh_max_inactivity=%d\n",
config->mesh_max_inactivity);
+
+ if (config->passive_scan)
+ fprintf(f, "cert_in_cb=%d\n", config->passive_scan);
}
#endif /* CONFIG_NO_CONFIG_WRITE */
diff --git a/wpa_supplicant/ctrl_iface.c b/wpa_supplicant/ctrl_iface.c
index 8e71727..caa480c 100644
--- a/wpa_supplicant/ctrl_iface.c
+++ b/wpa_supplicant/ctrl_iface.c
@@ -1,6 +1,6 @@
/*
* WPA Supplicant / Control interface (shared code for all backends)
- * Copyright (c) 2004-2014, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -2323,6 +2323,7 @@
}
#endif /* CONFIG_IEEE80211W */
+#ifdef CONFIG_SUITEB
if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B) {
ret = os_snprintf(pos, end - pos, "%sEAP-SUITE-B",
pos == start ? "" : "+");
@@ -2330,6 +2331,17 @@
return pos;
pos += ret;
}
+#endif /* CONFIG_SUITEB */
+
+#ifdef CONFIG_SUITEB192
+ if (data.key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
+ ret = os_snprintf(pos, end - pos, "%sEAP-SUITE-B-192",
+ pos == start ? "" : "+");
+ if (os_snprintf_error(end - pos, ret))
+ return pos;
+ pos += ret;
+ }
+#endif /* CONFIG_SUITEB192 */
pos = wpa_supplicant_cipher_txt(pos, end, data.pairwise_cipher);
@@ -3333,6 +3345,13 @@
{ WPA_DRIVER_CAPA_ENC_WEP40, "WEP40", 1 }
};
+static const struct cipher_info ciphers_group_mgmt[] = {
+ { WPA_DRIVER_CAPA_ENC_BIP, "AES-128-CMAC", 1 },
+ { WPA_DRIVER_CAPA_ENC_BIP_GMAC_128, "BIP-GMAC-128", 1 },
+ { WPA_DRIVER_CAPA_ENC_BIP_GMAC_256, "BIP-GMAC-256", 1 },
+ { WPA_DRIVER_CAPA_ENC_BIP_CMAC_256, "BIP-CMAC-256", 1 },
+};
+
static int ctrl_iface_get_capability_pairwise(int res, char *strict,
struct wpa_driver_capa *capa,
@@ -3406,6 +3425,35 @@
}
+static int ctrl_iface_get_capability_group_mgmt(int res, char *strict,
+ struct wpa_driver_capa *capa,
+ char *buf, size_t buflen)
+{
+ int ret;
+ char *pos, *end;
+ unsigned int i;
+
+ pos = buf;
+ end = pos + buflen;
+
+ if (res < 0)
+ return 0;
+
+ for (i = 0; i < ARRAY_SIZE(ciphers_group_mgmt); i++) {
+ if (capa->enc & ciphers_group_mgmt[i].capa) {
+ ret = os_snprintf(pos, end - pos, "%s%s",
+ pos == buf ? "" : " ",
+ ciphers_group_mgmt[i].name);
+ if (os_snprintf_error(end - pos, ret))
+ return pos - buf;
+ pos += ret;
+ }
+ }
+
+ return pos - buf;
+}
+
+
static int ctrl_iface_get_capability_key_mgmt(int res, char *strict,
struct wpa_driver_capa *capa,
char *buf, size_t buflen)
@@ -3455,6 +3503,23 @@
pos += ret;
}
+#ifdef CONFIG_SUITEB
+ if (capa->key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_SUITE_B) {
+ ret = os_snprintf(pos, end - pos, " WPA-EAP-SUITE-B");
+ if (os_snprintf_error(end - pos, ret))
+ return pos - buf;
+ pos += ret;
+ }
+#endif /* CONFIG_SUITEB */
+#ifdef CONFIG_SUITEB192
+ if (capa->key_mgmt & WPA_DRIVER_CAPA_KEY_MGMT_SUITE_B_192) {
+ ret = os_snprintf(pos, end - pos, " WPA-EAP-SUITE-B-192");
+ if (os_snprintf_error(end - pos, ret))
+ return pos - buf;
+ pos += ret;
+ }
+#endif /* CONFIG_SUITEB192 */
+
return pos - buf;
}
@@ -3755,6 +3820,10 @@
return ctrl_iface_get_capability_group(res, strict, &capa,
buf, buflen);
+ if (os_strcmp(field, "group_mgmt") == 0)
+ return ctrl_iface_get_capability_group_mgmt(res, strict, &capa,
+ buf, buflen);
+
if (os_strcmp(field, "key_mgmt") == 0)
return ctrl_iface_get_capability_key_mgmt(res, strict, &capa,
buf, buflen);
diff --git a/wpa_supplicant/dbus/dbus_new_handlers.c b/wpa_supplicant/dbus/dbus_new_handlers.c
index 0b02920..e7c2dd8 100644
--- a/wpa_supplicant/dbus/dbus_new_handlers.c
+++ b/wpa_supplicant/dbus/dbus_new_handlers.c
@@ -2,7 +2,7 @@
* WPA Supplicant / dbus-based control interface
* Copyright (c) 2006, Dan Williams <dcbw@redhat.com> and Red Hat, Inc.
* Copyright (c) 2009-2010, Witold Sowa <witold.sowa@gmail.com>
- * Copyright (c) 2009, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2009-2015, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -3590,7 +3590,7 @@
DBusMessageIter iter_dict, variant_iter;
const char *group;
const char *pairwise[5]; /* max 5 pairwise ciphers is supported */
- const char *key_mgmt[8]; /* max 8 key managements may be supported */
+ const char *key_mgmt[9]; /* max 9 key managements may be supported */
int n;
if (!dbus_message_iter_open_container(iter, DBUS_TYPE_VARIANT,
@@ -3614,8 +3614,14 @@
key_mgmt[n++] = "wpa-ft-eap";
if (ie_data->key_mgmt & WPA_KEY_MGMT_IEEE8021X_SHA256)
key_mgmt[n++] = "wpa-eap-sha256";
+#ifdef CONFIG_SUITEB
if (ie_data->key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B)
key_mgmt[n++] = "wpa-eap-suite-b";
+#endif /* CONFIG_SUITEB */
+#ifdef CONFIG_SUITEB192
+ if (ie_data->key_mgmt & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
+ key_mgmt[n++] = "wpa-eap-suite-b-192";
+#endif /* CONFIG_SUITEB192 */
if (ie_data->key_mgmt & WPA_KEY_MGMT_NONE)
key_mgmt[n++] = "wpa-none";
diff --git a/wpa_supplicant/doc/docbook/eapol_test.sgml b/wpa_supplicant/doc/docbook/eapol_test.sgml
index fec174b..e9af6d9 100644
--- a/wpa_supplicant/doc/docbook/eapol_test.sgml
+++ b/wpa_supplicant/doc/docbook/eapol_test.sgml
@@ -194,7 +194,7 @@
</refsect1>
<refsect1>
<title>Legal</title>
- <para>wpa_supplicant is copyright (c) 2003-2014,
+ <para>wpa_supplicant is copyright (c) 2003-2015,
Jouni Malinen <email>j@w1.fi</email> and
contributors.
All Rights Reserved.</para>
diff --git a/wpa_supplicant/doc/docbook/wpa_background.sgml b/wpa_supplicant/doc/docbook/wpa_background.sgml
index 860b5a0..afb8c3b 100644
--- a/wpa_supplicant/doc/docbook/wpa_background.sgml
+++ b/wpa_supplicant/doc/docbook/wpa_background.sgml
@@ -90,7 +90,7 @@
<refsect1>
<title>Legal</title>
- <para>wpa_supplicant is copyright (c) 2003-2014,
+ <para>wpa_supplicant is copyright (c) 2003-2015,
Jouni Malinen <email>j@w1.fi</email> and
contributors.
All Rights Reserved.</para>
diff --git a/wpa_supplicant/doc/docbook/wpa_cli.sgml b/wpa_supplicant/doc/docbook/wpa_cli.sgml
index 142e1ab..47947c1 100644
--- a/wpa_supplicant/doc/docbook/wpa_cli.sgml
+++ b/wpa_supplicant/doc/docbook/wpa_cli.sgml
@@ -345,7 +345,7 @@
</refsect1>
<refsect1>
<title>Legal</title>
- <para>wpa_supplicant is copyright (c) 2003-2014,
+ <para>wpa_supplicant is copyright (c) 2003-2015,
Jouni Malinen <email>j@w1.fi</email> and
contributors.
All Rights Reserved.</para>
diff --git a/wpa_supplicant/doc/docbook/wpa_gui.sgml b/wpa_supplicant/doc/docbook/wpa_gui.sgml
index f6ef8f1..84766db 100644
--- a/wpa_supplicant/doc/docbook/wpa_gui.sgml
+++ b/wpa_supplicant/doc/docbook/wpa_gui.sgml
@@ -74,7 +74,7 @@
</refsect1>
<refsect1>
<title>Legal</title>
- <para>wpa_supplicant is copyright (c) 2003-2014,
+ <para>wpa_supplicant is copyright (c) 2003-2015,
Jouni Malinen <email>j@w1.fi</email> and
contributors.
All Rights Reserved.</para>
diff --git a/wpa_supplicant/doc/docbook/wpa_passphrase.sgml b/wpa_supplicant/doc/docbook/wpa_passphrase.sgml
index 3b4360b..b381e40 100644
--- a/wpa_supplicant/doc/docbook/wpa_passphrase.sgml
+++ b/wpa_supplicant/doc/docbook/wpa_passphrase.sgml
@@ -62,7 +62,7 @@
</refsect1>
<refsect1>
<title>Legal</title>
- <para>wpa_supplicant is copyright (c) 2003-2014,
+ <para>wpa_supplicant is copyright (c) 2003-2015,
Jouni Malinen <email>j@w1.fi</email> and
contributors.
All Rights Reserved.</para>
diff --git a/wpa_supplicant/doc/docbook/wpa_priv.sgml b/wpa_supplicant/doc/docbook/wpa_priv.sgml
index 9c114cc..d13a5db 100644
--- a/wpa_supplicant/doc/docbook/wpa_priv.sgml
+++ b/wpa_supplicant/doc/docbook/wpa_priv.sgml
@@ -137,7 +137,7 @@
</refsect1>
<refsect1>
<title>Legal</title>
- <para>wpa_supplicant is copyright (c) 2003-2014,
+ <para>wpa_supplicant is copyright (c) 2003-2015,
Jouni Malinen <email>j@w1.fi</email> and
contributors.
All Rights Reserved.</para>
diff --git a/wpa_supplicant/doc/docbook/wpa_supplicant.sgml b/wpa_supplicant/doc/docbook/wpa_supplicant.sgml
index e7bf4e0..46c21b5 100644
--- a/wpa_supplicant/doc/docbook/wpa_supplicant.sgml
+++ b/wpa_supplicant/doc/docbook/wpa_supplicant.sgml
@@ -736,7 +736,7 @@
</refsect1>
<refsect1>
<title>Legal</title>
- <para>wpa_supplicant is copyright (c) 2003-2014,
+ <para>wpa_supplicant is copyright (c) 2003-2015,
Jouni Malinen <email>j@w1.fi</email> and
contributors.
All Rights Reserved.</para>
diff --git a/wpa_supplicant/driver_i.h b/wpa_supplicant/driver_i.h
index 9debcf8..65b430d 100644
--- a/wpa_supplicant/driver_i.h
+++ b/wpa_supplicant/driver_i.h
@@ -1,6 +1,6 @@
/*
* wpa_supplicant - Internal driver interface wrappers
- * Copyright (c) 2003-2009, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -569,12 +569,14 @@
#endif /* ANDROID */
static inline void wpa_drv_set_rekey_info(struct wpa_supplicant *wpa_s,
- const u8 *kek, const u8 *kck,
+ const u8 *kek, size_t kek_len,
+ const u8 *kck, size_t kck_len,
const u8 *replay_ctr)
{
if (!wpa_s->driver->set_rekey_info)
return;
- wpa_s->driver->set_rekey_info(wpa_s->drv_priv, kek, kck, replay_ctr);
+ wpa_s->driver->set_rekey_info(wpa_s->drv_priv, kek, kek_len,
+ kck, kck_len, replay_ctr);
}
static inline int wpa_drv_radio_disable(struct wpa_supplicant *wpa_s,
diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index a89ab29..f1f8864 100644
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -1,6 +1,6 @@
/*
* WPA Supplicant - Driver event processing
- * Copyright (c) 2003-2014, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -476,8 +476,7 @@
#ifdef CONFIG_IEEE80211W
if (!(ie.capabilities & WPA_CAPABILITY_MFPC) &&
- (ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
- wpa_s->conf->pmf : ssid->ieee80211w) ==
+ wpas_get_ssid_pmf(wpa_s, ssid) ==
MGMT_FRAME_PROTECTION_REQUIRED) {
wpa_dbg(wpa_s, MSG_DEBUG, " skip RSN IE - no mgmt "
"frame protection");
@@ -2996,7 +2995,9 @@
}
wpa_sm_set_rx_replay_ctr(wpa_s->wpa, data->assoc_info.key_replay_ctr);
wpa_sm_set_ptk_kck_kek(wpa_s->wpa, data->assoc_info.ptk_kck,
- data->assoc_info.ptk_kek);
+ data->assoc_info.ptk_kck_len,
+ data->assoc_info.ptk_kek,
+ data->assoc_info.ptk_kek_len);
}
diff --git a/wpa_supplicant/interworking.c b/wpa_supplicant/interworking.c
index 3e919bd..5ea046f 100644
--- a/wpa_supplicant/interworking.c
+++ b/wpa_supplicant/interworking.c
@@ -587,56 +587,69 @@
}
-static int nai_realm_cred_username(struct nai_realm_eap *eap)
+static int nai_realm_cred_username(struct wpa_supplicant *wpa_s,
+ struct nai_realm_eap *eap)
{
- if (eap_get_name(EAP_VENDOR_IETF, eap->method) == NULL)
+ if (eap_get_name(EAP_VENDOR_IETF, eap->method) == NULL) {
+ wpa_msg(wpa_s, MSG_DEBUG,
+ "nai-realm-cred-username: EAP method not supported: %d",
+ eap->method);
return 0; /* method not supported */
+ }
if (eap->method != EAP_TYPE_TTLS && eap->method != EAP_TYPE_PEAP &&
eap->method != EAP_TYPE_FAST) {
/* Only tunneled methods with username/password supported */
+ wpa_msg(wpa_s, MSG_DEBUG,
+ "nai-realm-cred-username: Method: %d is not TTLS, PEAP, or FAST",
+ eap->method);
return 0;
}
if (eap->method == EAP_TYPE_PEAP || eap->method == EAP_TYPE_FAST) {
if (eap->inner_method &&
- eap_get_name(EAP_VENDOR_IETF, eap->inner_method) == NULL)
+ eap_get_name(EAP_VENDOR_IETF, eap->inner_method) == NULL) {
+ wpa_msg(wpa_s, MSG_DEBUG,
+ "nai-realm-cred-username: PEAP/FAST: Inner method not supported: %d",
+ eap->inner_method);
return 0;
+ }
if (!eap->inner_method &&
- eap_get_name(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2) == NULL)
+ eap_get_name(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2) == NULL) {
+ wpa_msg(wpa_s, MSG_DEBUG,
+ "nai-realm-cred-username: MSCHAPv2 not supported");
return 0;
+ }
}
if (eap->method == EAP_TYPE_TTLS) {
if (eap->inner_method == 0 && eap->inner_non_eap == 0)
return 1; /* Assume TTLS/MSCHAPv2 is used */
if (eap->inner_method &&
- eap_get_name(EAP_VENDOR_IETF, eap->inner_method) == NULL)
+ eap_get_name(EAP_VENDOR_IETF, eap->inner_method) == NULL) {
+ wpa_msg(wpa_s, MSG_DEBUG,
+ "nai-realm-cred-username: TTLS, but inner not supported: %d",
+ eap->inner_method);
return 0;
+ }
if (eap->inner_non_eap &&
eap->inner_non_eap != NAI_REALM_INNER_NON_EAP_PAP &&
eap->inner_non_eap != NAI_REALM_INNER_NON_EAP_CHAP &&
eap->inner_non_eap != NAI_REALM_INNER_NON_EAP_MSCHAP &&
- eap->inner_non_eap != NAI_REALM_INNER_NON_EAP_MSCHAPV2)
+ eap->inner_non_eap != NAI_REALM_INNER_NON_EAP_MSCHAPV2) {
+ wpa_msg(wpa_s, MSG_DEBUG,
+ "nai-realm-cred-username: TTLS, inner-non-eap not supported: %d",
+ eap->inner_non_eap);
return 0;
+ }
}
if (eap->inner_method &&
eap->inner_method != EAP_TYPE_GTC &&
- eap->inner_method != EAP_TYPE_MSCHAPV2)
- return 0;
-
- return 1;
-}
-
-
-static int nai_realm_cred_cert(struct nai_realm_eap *eap)
-{
- if (eap_get_name(EAP_VENDOR_IETF, eap->method) == NULL)
- return 0; /* method not supported */
-
- if (eap->method != EAP_TYPE_TLS) {
- /* Only EAP-TLS supported for credential authentication */
+ eap->inner_method != EAP_TYPE_MSCHAPV2) {
+ wpa_msg(wpa_s, MSG_DEBUG,
+ "nai-realm-cred-username: inner-method not GTC or MSCHAPv2: %d",
+ eap->inner_method);
return 0;
}
@@ -644,27 +657,55 @@
}
-static struct nai_realm_eap * nai_realm_find_eap(struct wpa_cred *cred,
+static int nai_realm_cred_cert(struct wpa_supplicant *wpa_s,
+ struct nai_realm_eap *eap)
+{
+ if (eap_get_name(EAP_VENDOR_IETF, eap->method) == NULL) {
+ wpa_msg(wpa_s, MSG_DEBUG,
+ "nai-realm-cred-cert: Method not supported: %d",
+ eap->method);
+ return 0; /* method not supported */
+ }
+
+ if (eap->method != EAP_TYPE_TLS) {
+ /* Only EAP-TLS supported for credential authentication */
+ wpa_msg(wpa_s, MSG_DEBUG,
+ "nai-realm-cred-cert: Method not TLS: %d",
+ eap->method);
+ return 0;
+ }
+
+ return 1;
+}
+
+
+static struct nai_realm_eap * nai_realm_find_eap(struct wpa_supplicant *wpa_s,
+ struct wpa_cred *cred,
struct nai_realm *realm)
{
u8 e;
- if (cred == NULL ||
- cred->username == NULL ||
+ if (cred->username == NULL ||
cred->username[0] == '\0' ||
((cred->password == NULL ||
cred->password[0] == '\0') &&
(cred->private_key == NULL ||
- cred->private_key[0] == '\0')))
+ cred->private_key[0] == '\0'))) {
+ wpa_msg(wpa_s, MSG_DEBUG,
+ "nai-realm-find-eap: incomplete cred info: username: %s password: %s private_key: %s",
+ cred->username ? cred->username : "NULL",
+ cred->password ? cred->password : "NULL",
+ cred->private_key ? cred->private_key : "NULL");
return NULL;
+ }
for (e = 0; e < realm->eap_count; e++) {
struct nai_realm_eap *eap = &realm->eap[e];
if (cred->password && cred->password[0] &&
- nai_realm_cred_username(eap))
+ nai_realm_cred_username(wpa_s, eap))
return eap;
if (cred->private_key && cred->private_key[0] &&
- nai_realm_cred_cert(eap))
+ nai_realm_cred_cert(wpa_s, eap))
return eap;
}
@@ -1644,7 +1685,7 @@
for (i = 0; i < count; i++) {
if (!nai_realm_match(&realm[i], cred->realm))
continue;
- eap = nai_realm_find_eap(cred, &realm[i]);
+ eap = nai_realm_find_eap(wpa_s, cred, &realm[i]);
if (eap)
break;
}
@@ -1813,22 +1854,29 @@
int ret;
int is_excluded = 0;
- if (bss->anqp == NULL || bss->anqp->anqp_3gpp == NULL)
+ if (bss->anqp == NULL || bss->anqp->anqp_3gpp == NULL) {
+ wpa_msg(wpa_s, MSG_DEBUG,
+ "interworking-avail-3gpp: not avail, anqp: %p anqp_3gpp: %p",
+ bss->anqp, bss->anqp ? bss->anqp->anqp_3gpp : NULL);
return NULL;
+ }
#ifdef CONFIG_EAP_PROXY
if (!wpa_s->imsi[0]) {
size_t len;
- wpa_printf(MSG_DEBUG, "Interworking: IMSI not available - try to read again through eap_proxy");
+ wpa_msg(wpa_s, MSG_DEBUG,
+ "Interworking: IMSI not available - try to read again through eap_proxy");
wpa_s->mnc_len = eapol_sm_get_eap_proxy_imsi(wpa_s->eapol,
wpa_s->imsi,
&len);
if (wpa_s->mnc_len > 0) {
wpa_s->imsi[len] = '\0';
- wpa_printf(MSG_DEBUG, "eap_proxy: IMSI %s (MNC length %d)",
- wpa_s->imsi, wpa_s->mnc_len);
+ wpa_msg(wpa_s, MSG_DEBUG,
+ "eap_proxy: IMSI %s (MNC length %d)",
+ wpa_s->imsi, wpa_s->mnc_len);
} else {
- wpa_printf(MSG_DEBUG, "eap_proxy: IMSI not available");
+ wpa_msg(wpa_s, MSG_DEBUG,
+ "eap_proxy: IMSI not available");
}
}
#endif /* CONFIG_EAP_PROXY */
@@ -1950,7 +1998,7 @@
for (i = 0; i < count; i++) {
if (!nai_realm_match(&realm[i], cred->realm))
continue;
- if (nai_realm_find_eap(cred, &realm[i])) {
+ if (nai_realm_find_eap(wpa_s, cred, &realm[i])) {
if (cred_no_required_oi_match(cred, bss))
continue;
if (!ignore_bw &&
diff --git a/wpa_supplicant/p2p_supplicant.c b/wpa_supplicant/p2p_supplicant.c
index 4364a06..65c1b48 100644
--- a/wpa_supplicant/p2p_supplicant.c
+++ b/wpa_supplicant/p2p_supplicant.c
@@ -1546,6 +1546,7 @@
d->dtim_period = s->dtim_period;
d->disassoc_low_ack = s->disassoc_low_ack;
d->disable_scan_offload = s->disable_scan_offload;
+ d->passive_scan = s->passive_scan;
if (s->wps_nfc_dh_privkey && s->wps_nfc_dh_pubkey) {
d->wps_nfc_dh_privkey = wpabuf_dup(s->wps_nfc_dh_privkey);
diff --git a/wpa_supplicant/scan.c b/wpa_supplicant/scan.c
index 08af9fb..0653cc2 100644
--- a/wpa_supplicant/scan.c
+++ b/wpa_supplicant/scan.c
@@ -724,7 +724,7 @@
#ifdef CONFIG_P2P
if ((wpa_s->p2p_in_provisioning || wpa_s->show_group_started) &&
- wpa_s->go_params) {
+ wpa_s->go_params && !wpa_s->conf->passive_scan) {
wpa_printf(MSG_DEBUG, "P2P: Use specific SSID for scan during P2P group formation (p2p_in_provisioning=%d show_group_started=%d)",
wpa_s->p2p_in_provisioning,
wpa_s->show_group_started);
@@ -878,6 +878,9 @@
} else if (wpa_s->last_scan_req == MANUAL_SCAN_REQ &&
wpa_s->manual_scan_passive && params.num_ssids == 0) {
wpa_dbg(wpa_s, MSG_DEBUG, "Use passive scan based on manual request");
+ } else if (wpa_s->conf->passive_scan) {
+ wpa_dbg(wpa_s, MSG_DEBUG,
+ "Use passive scan based on configuration");
} else {
wpa_s->prev_scan_ssid = WILDCARD_SSID_SCAN;
params.num_ssids++;
diff --git a/wpa_supplicant/sme.c b/wpa_supplicant/sme.c
index d34668a..c2b0990 100644
--- a/wpa_supplicant/sme.c
+++ b/wpa_supplicant/sme.c
@@ -384,8 +384,7 @@
#endif /* CONFIG_IEEE80211R */
#ifdef CONFIG_IEEE80211W
- wpa_s->sme.mfp = ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
- wpa_s->conf->pmf : ssid->ieee80211w;
+ wpa_s->sme.mfp = wpas_get_ssid_pmf(wpa_s, ssid);
if (wpa_s->sme.mfp != NO_MGMT_FRAME_PROTECTION) {
const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
struct wpa_ie_data _ie;
@@ -1547,9 +1546,7 @@
if (wpa_s->wpa_state != WPA_COMPLETED)
return;
ssid = wpa_s->current_ssid;
- if (ssid == NULL ||
- (ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
- wpa_s->conf->pmf : ssid->ieee80211w) == NO_MGMT_FRAME_PROTECTION)
+ if (wpas_get_ssid_pmf(wpa_s, ssid) == NO_MGMT_FRAME_PROTECTION)
return;
if (os_memcmp(sa, wpa_s->bssid, ETH_ALEN) != 0)
return;
diff --git a/wpa_supplicant/wpa_cli.c b/wpa_supplicant/wpa_cli.c
index 79619f2..911effe 100644
--- a/wpa_supplicant/wpa_cli.c
+++ b/wpa_supplicant/wpa_cli.c
@@ -1,6 +1,6 @@
/*
* WPA Supplicant - command line interface for wpa_supplicant daemon
- * Copyright (c) 2004-2013, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -28,7 +28,7 @@
static const char *wpa_cli_version =
"wpa_cli v" VERSION_STR "\n"
-"Copyright (c) 2004-2014, Jouni Malinen <j@w1.fi> and contributors";
+"Copyright (c) 2004-2015, Jouni Malinen <j@w1.fi> and contributors";
static const char *wpa_cli_license =
diff --git a/wpa_supplicant/wpa_gui-qt4/scanresults.cpp b/wpa_supplicant/wpa_gui-qt4/scanresults.cpp
index 063347e..ae0c240 100644
--- a/wpa_supplicant/wpa_gui-qt4/scanresults.cpp
+++ b/wpa_supplicant/wpa_gui-qt4/scanresults.cpp
@@ -12,6 +12,7 @@
#include "signalbar.h"
#include "wpagui.h"
#include "networkconfig.h"
+#include "scanresultsitem.h"
ScanResults::ScanResults(QWidget *parent, const char *, bool, Qt::WFlags)
@@ -95,7 +96,7 @@
ssid = (*it).mid(pos);
}
- QTreeWidgetItem *item = new QTreeWidgetItem(scanResultsWidget);
+ ScanResultsItem *item = new ScanResultsItem(scanResultsWidget);
if (item) {
item->setText(0, ssid);
item->setText(1, bssid);
diff --git a/wpa_supplicant/wpa_gui-qt4/scanresultsitem.cpp b/wpa_supplicant/wpa_gui-qt4/scanresultsitem.cpp
new file mode 100644
index 0000000..9cd937c
--- /dev/null
+++ b/wpa_supplicant/wpa_gui-qt4/scanresultsitem.cpp
@@ -0,0 +1,18 @@
+/*
+ * wpa_gui - ScanResultsItem class
+ * Copyright (c) 2015, Adrian Nowicki <adinowicki@gmail.com>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#include "scanresultsitem.h"
+
+bool ScanResultsItem::operator< (const QTreeWidgetItem &other) const
+{
+ int sortCol = treeWidget()->sortColumn();
+ if (sortCol == 2 || sortCol == 3) {
+ return text(sortCol).toInt() < other.text(sortCol).toInt();
+ }
+ return text(sortCol) < other.text(sortCol);
+}
diff --git a/wpa_supplicant/wpa_gui-qt4/scanresultsitem.h b/wpa_supplicant/wpa_gui-qt4/scanresultsitem.h
new file mode 100644
index 0000000..835b7c0
--- /dev/null
+++ b/wpa_supplicant/wpa_gui-qt4/scanresultsitem.h
@@ -0,0 +1,21 @@
+/*
+ * wpa_gui - ScanResultsItem class
+ * Copyright (c) 2015, Adrian Nowicki <adinowicki@gmail.com>
+ *
+ * This software may be distributed under the terms of the BSD license.
+ * See README for more details.
+ */
+
+#ifndef SCANRESULTSITEM_H
+#define SCANRESULTSITEM_H
+
+#include <QtGui>
+
+class ScanResultsItem : public QTreeWidgetItem
+{
+public:
+ ScanResultsItem(QTreeWidget *tree) : QTreeWidgetItem(tree) {}
+ bool operator< (const QTreeWidgetItem &other) const;
+};
+
+#endif /* SCANRESULTSITEM_H */
diff --git a/wpa_supplicant/wpa_gui-qt4/wpa_gui.pro b/wpa_supplicant/wpa_gui-qt4/wpa_gui.pro
index 3c81929..69bc0f6 100644
--- a/wpa_supplicant/wpa_gui-qt4/wpa_gui.pro
+++ b/wpa_supplicant/wpa_gui-qt4/wpa_gui.pro
@@ -34,6 +34,7 @@
wpagui.h \
eventhistory.h \
scanresults.h \
+ scanresultsitem.h \
signalbar.h \
userdatarequest.h \
networkconfig.h \
@@ -45,6 +46,7 @@
wpagui.cpp \
eventhistory.cpp \
scanresults.cpp \
+ scanresultsitem.cpp \
signalbar.cpp \
userdatarequest.cpp \
networkconfig.cpp \
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 47243a3..434847d 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -1,6 +1,6 @@
/*
* WPA Supplicant
- * Copyright (c) 2003-2014, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -57,7 +57,7 @@
const char *wpa_supplicant_version =
"wpa_supplicant v" VERSION_STR "\n"
-"Copyright (c) 2003-2014, Jouni Malinen <j@w1.fi> and contributors";
+"Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi> and contributors";
const char *wpa_supplicant_license =
"This software may be distributed under the terms of the BSD license.\n"
@@ -962,9 +962,7 @@
#ifdef CONFIG_IEEE80211W
if (!(ie->capabilities & WPA_CAPABILITY_MFPC) &&
- (ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
- wpa_s->conf->pmf : ssid->ieee80211w) ==
- MGMT_FRAME_PROTECTION_REQUIRED) {
+ wpas_get_ssid_pmf(wpa_s, ssid) == MGMT_FRAME_PROTECTION_REQUIRED) {
wpa_msg(wpa_s, MSG_INFO, "WPA: Driver associated with an AP "
"that does not support management frame protection - "
"reject");
@@ -1138,10 +1136,18 @@
sel &= ~(WPA_KEY_MGMT_SAE | WPA_KEY_MGMT_FT_SAE);
#endif /* CONFIG_SAE */
if (0) {
+#ifdef CONFIG_SUITEB192
+ } else if (sel & WPA_KEY_MGMT_IEEE8021X_SUITE_B_192) {
+ wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B_192;
+ wpa_dbg(wpa_s, MSG_DEBUG,
+ "WPA: using KEY_MGMT 802.1X with Suite B (192-bit)");
+#endif /* CONFIG_SUITEB192 */
+#ifdef CONFIG_SUITEB
} else if (sel & WPA_KEY_MGMT_IEEE8021X_SUITE_B) {
wpa_s->key_mgmt = WPA_KEY_MGMT_IEEE8021X_SUITE_B;
wpa_dbg(wpa_s, MSG_DEBUG,
"WPA: using KEY_MGMT 802.1X with Suite B");
+#endif /* CONFIG_SUITEB */
#ifdef CONFIG_IEEE80211R
} else if (sel & WPA_KEY_MGMT_FT_IEEE8021X) {
wpa_s->key_mgmt = WPA_KEY_MGMT_FT_IEEE8021X;
@@ -1195,8 +1201,7 @@
#ifdef CONFIG_IEEE80211W
sel = ie.mgmt_group_cipher;
- if ((ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
- wpa_s->conf->pmf : ssid->ieee80211w) == NO_MGMT_FRAME_PROTECTION ||
+ if (wpas_get_ssid_pmf(wpa_s, ssid) == NO_MGMT_FRAME_PROTECTION ||
!(ie.capabilities & WPA_CAPABILITY_MFPC))
sel = 0;
if (sel & WPA_CIPHER_AES_128_CMAC) {
@@ -1222,8 +1227,7 @@
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MGMT_GROUP,
wpa_s->mgmt_group_cipher);
wpa_sm_set_param(wpa_s->wpa, WPA_PARAM_MFP,
- (ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
- wpa_s->conf->pmf : ssid->ieee80211w));
+ wpas_get_ssid_pmf(wpa_s, ssid));
#endif /* CONFIG_IEEE80211W */
if (wpa_sm_set_assoc_wpa_ie_default(wpa_s->wpa, wpa_ie, wpa_ie_len)) {
@@ -2143,7 +2147,8 @@
if (wpa_s->conf->key_mgmt_offload) {
if (params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X ||
params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SHA256 ||
- params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B)
+ params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B ||
+ params.key_mgmt_suite == WPA_KEY_MGMT_IEEE8021X_SUITE_B_192)
params.req_key_mgmt_offload =
ssid->proactive_key_caching < 0 ?
wpa_s->conf->okc : ssid->proactive_key_caching;
@@ -2160,9 +2165,7 @@
params.drop_unencrypted = use_crypt;
#ifdef CONFIG_IEEE80211W
- params.mgmt_frame_protection =
- ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT ?
- wpa_s->conf->pmf : ssid->ieee80211w;
+ params.mgmt_frame_protection = wpas_get_ssid_pmf(wpa_s, ssid);
if (params.mgmt_frame_protection != NO_MGMT_FRAME_PROTECTION && bss) {
const u8 *rsn = wpa_bss_get_ie(bss, WLAN_EID_RSN);
struct wpa_ie_data ie;
@@ -4889,6 +4892,30 @@
}
+int wpas_get_ssid_pmf(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid)
+{
+#ifdef CONFIG_IEEE80211W
+ if (ssid == NULL || ssid->ieee80211w == MGMT_FRAME_PROTECTION_DEFAULT) {
+ if (wpa_s->conf->pmf == MGMT_FRAME_PROTECTION_OPTIONAL &&
+ !(wpa_s->drv_enc & WPA_DRIVER_CAPA_ENC_BIP)) {
+ /*
+ * Driver does not support BIP -- ignore pmf=1 default
+ * since the connection with PMF would fail and the
+ * configuration does not require PMF to be enabled.
+ */
+ return NO_MGMT_FRAME_PROTECTION;
+ }
+
+ return wpa_s->conf->pmf;
+ }
+
+ return ssid->ieee80211w;
+#else /* CONFIG_IEEE80211W */
+ return NO_MGMT_FRAME_PROTECTION;
+#endif /* CONFIG_IEEE80211W */
+}
+
+
int wpas_is_p2p_prioritized(struct wpa_supplicant *wpa_s)
{
if (wpa_s->global->conc_pref == WPA_CONC_PREF_P2P)
diff --git a/wpa_supplicant/wpa_supplicant_i.h b/wpa_supplicant/wpa_supplicant_i.h
index d1938fa..7d22000 100644
--- a/wpa_supplicant/wpa_supplicant_i.h
+++ b/wpa_supplicant/wpa_supplicant_i.h
@@ -1113,6 +1113,7 @@
}
int wpas_network_disabled(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid);
+int wpas_get_ssid_pmf(struct wpa_supplicant *wpa_s, struct wpa_ssid *ssid);
int wpas_init_ext_pw(struct wpa_supplicant *wpa_s);
diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c
index 8387043..99e7351 100644
--- a/wpa_supplicant/wpas_glue.c
+++ b/wpa_supplicant/wpas_glue.c
@@ -1,6 +1,6 @@
/*
* WPA Supplicant - Glue code to setup EAPOL and RSN modules
- * Copyright (c) 2003-2012, Jouni Malinen <j@w1.fi>
+ * Copyright (c) 2003-2015, Jouni Malinen <j@w1.fi>
*
* This software may be distributed under the terms of the BSD license.
* See README for more details.
@@ -968,13 +968,14 @@
#ifndef CONFIG_NO_WPA
-static void wpa_supplicant_set_rekey_offload(void *ctx, const u8 *kek,
- const u8 *kck,
+static void wpa_supplicant_set_rekey_offload(void *ctx,
+ const u8 *kek, size_t kek_len,
+ const u8 *kck, size_t kck_len,
const u8 *replay_ctr)
{
struct wpa_supplicant *wpa_s = ctx;
- wpa_drv_set_rekey_info(wpa_s, kek, kck, replay_ctr);
+ wpa_drv_set_rekey_info(wpa_s, kek, kek_len, kck, kck_len, replay_ctr);
}
#endif /* CONFIG_NO_WPA */